3d5d9f3cdddfa4630f5cf7c004109aeec755f46334a80e55b46e2c02d1e64e35

Analysis

max time kernel
51s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d5d9f3cdddfa4630f5cf7c004109aeec755f46334a80e55b46e2c02d1e64e35.exe
Size

194KB
MD5

e043acf88be2f6df42ef55156090eb1a
SHA1

672bd7eb4e499047aecbb4e33e7619ff78263042
SHA256

3d5d9f3cdddfa4630f5cf7c004109aeec755f46334a80e55b46e2c02d1e64e35
SHA512

6d92abfc59b35ae162d35221e1793836c92cf9c4c181a60202330b11c66cda82f96efd404c06399d985191a2d1903e29b2db76209c2d75f7cc9769c77b1552ab
SSDEEP

3072:RoJFchv+lrW1j28mMIM/kEmMIGumMIc/1GV:yFRW485/pbuh/UV

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cfbkeh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Odmgcgbi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qgcbgo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bganhm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cnicfe32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pfjcgn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pfaigm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qmkadgpo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Danecp32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ojgbfocc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bjddphlq.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bmbplc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cabfga32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Doilmc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aminee32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cffdpghg.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ambgef32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Danecp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pdifoehl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bjagjhnc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ddjejl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Olkhmi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ajanck32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bgehcmmm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dhmgki32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qnhahj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cmqmma32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ocbddc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bfkedibe.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cdhhdlid.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bjokdipf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ogbipa32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dfpgffpm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Olkhmi32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bfabnjjp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bgcknmop.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pnakhkol.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Oqfdnhfk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Aadifclh.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bcebhoii.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cjpckf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nggjdc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qdbiedpa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Deokon32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Oncofm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bgcknmop.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dfpgffpm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dkkcge32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Doilmc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pdkcde32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qgcbgo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Aqncedbp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bffkij32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bclhhnca.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cmnpgb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dddhpjof.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ogkcpbam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bganhm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cnffqf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cdcoim32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ocbddc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Beglgani.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cndikf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cenahpha.exe

Executes dropped EXE 64 IoCs

pid	Process
2072	Nggjdc32.exe
3176	Oponmilc.exe
5084	Odkjng32.exe
2484	Ogifjcdp.exe
1372	Ojgbfocc.exe
992	Oncofm32.exe
1000	Odmgcgbi.exe
2652	Ogkcpbam.exe
828	Ojjolnaq.exe
2216	Olhlhjpd.exe
2632	Opdghh32.exe
3876	Ocbddc32.exe
3140	Ojllan32.exe
4460	Olkhmi32.exe
4108	Oqfdnhfk.exe
4680	Ocdqjceo.exe
3188	Onjegled.exe
4012	Oddmdf32.exe
2408	Ogbipa32.exe
4612	Pnlaml32.exe
4320	Pmoahijl.exe
4580	Pdfjifjo.exe
2960	Pgefeajb.exe
436	Pnonbk32.exe
1300	Pdifoehl.exe
1608	Pfjcgn32.exe
4276	Pnakhkol.exe
2648	Pqpgdfnp.exe
2704	Pdkcde32.exe
4964	Pgioqq32.exe
3944	Pncgmkmj.exe
408	Pmfhig32.exe
2184	Pdmpje32.exe
2288	Pfolbmje.exe
2740	Pnfdcjkg.exe
1356	Pqdqof32.exe
1588	Pdpmpdbd.exe
4660	Pgnilpah.exe
3984	Pfaigm32.exe
3364	Qnhahj32.exe
4504	Qmkadgpo.exe
1816	Qdbiedpa.exe
1648	Qceiaa32.exe
624	Qfcfml32.exe
440	Qnjnnj32.exe
3892	Qmmnjfnl.exe
4448	Qcgffqei.exe
3108	Qgcbgo32.exe
1596	Ajanck32.exe
2304	Anmjcieo.exe
384	Adgbpc32.exe
3616	Acjclpcf.exe
3428	Ageolo32.exe
60	Ajckij32.exe
1828	Ambgef32.exe
1304	Aqncedbp.exe
3400	Aclpap32.exe
1744	Acqimo32.exe
5056	Aglemn32.exe
1880	Aminee32.exe
2520	Aadifclh.exe
3020	Aepefb32.exe
2996	Accfbokl.exe
4396	Bfabnjjp.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Ghngib32.dll	Pqpgdfnp.exe
File created	C:\Windows\SysWOW64\Gblnkg32.dll	Bmbplc32.exe
File created	C:\Windows\SysWOW64\Pgioqq32.exe	Pdkcde32.exe
File opened for modification	C:\Windows\SysWOW64\Bffkij32.exe	Bgcknmop.exe
File created	C:\Windows\SysWOW64\Lpggmhkg.dll	Cajlhqjp.exe
File created	C:\Windows\SysWOW64\Mjelcfha.dll	Delnin32.exe
File opened for modification	C:\Windows\SysWOW64\Ocbddc32.exe	Opdghh32.exe
File created	C:\Windows\SysWOW64\Olkhmi32.exe	Ojllan32.exe
File created	C:\Windows\SysWOW64\Blfiei32.dll	Pdmpje32.exe
File created	C:\Windows\SysWOW64\Hjjdjk32.dll	Beglgani.exe
File created	C:\Windows\SysWOW64\Ocbddc32.exe	Opdghh32.exe
File created	C:\Windows\SysWOW64\Bmbplc32.exe	Bjddphlq.exe
File created	C:\Windows\SysWOW64\Cjmgfgdf.exe	Cfbkeh32.exe
File created	C:\Windows\SysWOW64\Dmefhako.exe	Dobfld32.exe
File opened for modification	C:\Windows\SysWOW64\Ddakjkqi.exe	Deokon32.exe
File created	C:\Windows\SysWOW64\Kjpgii32.dll	Ogbipa32.exe
File created	C:\Windows\SysWOW64\Pgefeajb.exe	Pdfjifjo.exe
File created	C:\Windows\SysWOW64\Pfolbmje.exe	Pdmpje32.exe
File created	C:\Windows\SysWOW64\Ajanck32.exe	Qgcbgo32.exe
File created	C:\Windows\SysWOW64\Acjclpcf.exe	Adgbpc32.exe
File opened for modification	C:\Windows\SysWOW64\Aepefb32.exe	Aadifclh.exe
File created	C:\Windows\SysWOW64\Bjagjhnc.exe	Bffkij32.exe
File opened for modification	C:\Windows\SysWOW64\Beihma32.exe	Bmbplc32.exe
File created	C:\Windows\SysWOW64\Bfkedibe.exe	Bclhhnca.exe
File created	C:\Windows\SysWOW64\Eflgme32.dll	Bffkij32.exe
File opened for modification	C:\Windows\SysWOW64\Ddmaok32.exe	Dejacond.exe
File created	C:\Windows\SysWOW64\Jdipdgch.dll	Dmefhako.exe
File created	C:\Windows\SysWOW64\Chjaol32.exe	Bcoenmao.exe
File created	C:\Windows\SysWOW64\Cjinkg32.exe	Chjaol32.exe
File created	C:\Windows\SysWOW64\Efmolq32.dll	Acjclpcf.exe
File created	C:\Windows\SysWOW64\Cnffqf32.exe	Cjkjpgfi.exe
File created	C:\Windows\SysWOW64\Aclpap32.exe	Aqncedbp.exe
File opened for modification	C:\Windows\SysWOW64\Bcoenmao.exe	Bapiabak.exe
File created	C:\Windows\SysWOW64\Ffpmlcim.dll	Cjpckf32.exe
File created	C:\Windows\SysWOW64\Oncofm32.exe	Ojgbfocc.exe
File created	C:\Windows\SysWOW64\Pqpgdfnp.exe	Pnakhkol.exe
File created	C:\Windows\SysWOW64\Beglgani.exe	Bmpcfdmg.exe
File created	C:\Windows\SysWOW64\Ckmllpik.dll	Cjmgfgdf.exe
File created	C:\Windows\SysWOW64\Bobiobnp.dll	Dkkcge32.exe
File opened for modification	C:\Windows\SysWOW64\Bnkgeg32.exe	Bjokdipf.exe
File created	C:\Windows\SysWOW64\Dmgabj32.dll	Oqfdnhfk.exe
File opened for modification	C:\Windows\SysWOW64\Pmoahijl.exe	Pnlaml32.exe
File opened for modification	C:\Windows\SysWOW64\Bcjlcn32.exe	Beglgani.exe
File opened for modification	C:\Windows\SysWOW64\Cndikf32.exe	Cjinkg32.exe
File opened for modification	C:\Windows\SysWOW64\Ceqnmpfo.exe	Cmiflbel.exe
File created	C:\Windows\SysWOW64\Bmfpfmmm.dll	Ojjolnaq.exe
File opened for modification	C:\Windows\SysWOW64\Bagflcje.exe	Bnhjohkb.exe
File opened for modification	C:\Windows\SysWOW64\Bmbplc32.exe	Bjddphlq.exe
File created	C:\Windows\SysWOW64\Mkfdhbpg.dll	Bfkedibe.exe
File created	C:\Windows\SysWOW64\Clghpklj.dll	Cmnpgb32.exe
File opened for modification	C:\Windows\SysWOW64\Pqpgdfnp.exe	Pnakhkol.exe
File opened for modification	C:\Windows\SysWOW64\Ageolo32.exe	Acjclpcf.exe
File created	C:\Windows\SysWOW64\Pkejdahi.dll	Ambgef32.exe
File opened for modification	C:\Windows\SysWOW64\Oponmilc.exe	Nggjdc32.exe
File opened for modification	C:\Windows\SysWOW64\Opdghh32.exe	Olhlhjpd.exe
File opened for modification	C:\Windows\SysWOW64\Oddmdf32.exe	Onjegled.exe
File opened for modification	C:\Windows\SysWOW64\Acjclpcf.exe	Adgbpc32.exe
File opened for modification	C:\Windows\SysWOW64\Bfkedibe.exe	Bclhhnca.exe
File created	C:\Windows\SysWOW64\Ndkqipob.dll	Cndikf32.exe
File created	C:\Windows\SysWOW64\Hfanhp32.dll	Calhnpgn.exe
File created	C:\Windows\SysWOW64\Ogifjcdp.exe	Odkjng32.exe
File created	C:\Windows\SysWOW64\Onjegled.exe	Ocdqjceo.exe
File created	C:\Windows\SysWOW64\Adgbpc32.exe	Anmjcieo.exe
File created	C:\Windows\SysWOW64\Accfbokl.exe	Aepefb32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5512	3592	WerFault.exe	225

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bffkij32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cfbkeh32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Deokon32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ogbipa32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Pmoahijl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ddonekbl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bmpcfdmg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bfkedibe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gblnkg32.dll"	Bmbplc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Chjaol32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nedmmlba.dll"	Ceqnmpfo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cjbpaf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dknpmdfc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pfjcgn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Qmkadgpo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Qgcbgo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Beeppfin.dll"	Dfknkg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Agjbpg32.dll"	Ddjejl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Danecp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hpnkaj32.dll"	Danecp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dfdjmlhn.dll"	Ocbddc32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pqdqof32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dgbdlf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jijjfldq.dll"	Bjagjhnc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dfpgffpm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bfkedibe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ohmoom32.dll"	Dmjocp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kmfiloih.dll"	Aadifclh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Baicac32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Beihma32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kngpec32.dll"	Doilmc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ejfenk32.dll"	Pdfjifjo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Baacma32.dll"	Anmjcieo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hmcjlfqa.dll"	Adgbpc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Aqncedbp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gidbim32.dll"	Dobfld32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ojgbfocc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Deeiam32.dll"	Pgioqq32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Aepefb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dobfld32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Oddmdf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ambgef32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Efmolq32.dll"	Acjclpcf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dfpgffpm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Qnhahj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ajanck32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cmiflbel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Delnin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pdheac32.dll"	Dfnjafap.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Odkjng32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gqckln32.dll"	Oddmdf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bcjlcn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jcbdhp32.dll"	Dfpgffpm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Daekdooc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Aepefb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qopkop32.dll"	Bcebhoii.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dddhpjof.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dhocqigp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fjbnapki.dll"	Pgefeajb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cabfga32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dkifae32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kmdjdl32.dll"	Dhmgki32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cjinkg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mkijij32.dll"	Cabfga32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2072	2492	3d5d9f3cdddfa4630f5cf7c004109aeec755f46334a80e55b46e2c02d1e64e35.exe	81
PID 2492 wrote to memory of 2072	2492	3d5d9f3cdddfa4630f5cf7c004109aeec755f46334a80e55b46e2c02d1e64e35.exe	81
PID 2492 wrote to memory of 2072	2492	3d5d9f3cdddfa4630f5cf7c004109aeec755f46334a80e55b46e2c02d1e64e35.exe	81
PID 2072 wrote to memory of 3176	2072	Nggjdc32.exe	82
PID 2072 wrote to memory of 3176	2072	Nggjdc32.exe	82
PID 2072 wrote to memory of 3176	2072	Nggjdc32.exe	82
PID 3176 wrote to memory of 5084	3176	Oponmilc.exe	83
PID 3176 wrote to memory of 5084	3176	Oponmilc.exe	83
PID 3176 wrote to memory of 5084	3176	Oponmilc.exe	83
PID 5084 wrote to memory of 2484	5084	Odkjng32.exe	84
PID 5084 wrote to memory of 2484	5084	Odkjng32.exe	84
PID 5084 wrote to memory of 2484	5084	Odkjng32.exe	84
PID 2484 wrote to memory of 1372	2484	Ogifjcdp.exe	85
PID 2484 wrote to memory of 1372	2484	Ogifjcdp.exe	85
PID 2484 wrote to memory of 1372	2484	Ogifjcdp.exe	85
PID 1372 wrote to memory of 992	1372	Ojgbfocc.exe	86
PID 1372 wrote to memory of 992	1372	Ojgbfocc.exe	86
PID 1372 wrote to memory of 992	1372	Ojgbfocc.exe	86
PID 992 wrote to memory of 1000	992	Oncofm32.exe	87
PID 992 wrote to memory of 1000	992	Oncofm32.exe	87
PID 992 wrote to memory of 1000	992	Oncofm32.exe	87
PID 1000 wrote to memory of 2652	1000	Odmgcgbi.exe	88
PID 1000 wrote to memory of 2652	1000	Odmgcgbi.exe	88
PID 1000 wrote to memory of 2652	1000	Odmgcgbi.exe	88
PID 2652 wrote to memory of 828	2652	Ogkcpbam.exe	89
PID 2652 wrote to memory of 828	2652	Ogkcpbam.exe	89
PID 2652 wrote to memory of 828	2652	Ogkcpbam.exe	89
PID 828 wrote to memory of 2216	828	Ojjolnaq.exe	90
PID 828 wrote to memory of 2216	828	Ojjolnaq.exe	90
PID 828 wrote to memory of 2216	828	Ojjolnaq.exe	90
PID 2216 wrote to memory of 2632	2216	Olhlhjpd.exe	91
PID 2216 wrote to memory of 2632	2216	Olhlhjpd.exe	91
PID 2216 wrote to memory of 2632	2216	Olhlhjpd.exe	91
PID 2632 wrote to memory of 3876	2632	Opdghh32.exe	92
PID 2632 wrote to memory of 3876	2632	Opdghh32.exe	92
PID 2632 wrote to memory of 3876	2632	Opdghh32.exe	92
PID 3876 wrote to memory of 3140	3876	Ocbddc32.exe	93
PID 3876 wrote to memory of 3140	3876	Ocbddc32.exe	93
PID 3876 wrote to memory of 3140	3876	Ocbddc32.exe	93
PID 3140 wrote to memory of 4460	3140	Ojllan32.exe	94
PID 3140 wrote to memory of 4460	3140	Ojllan32.exe	94
PID 3140 wrote to memory of 4460	3140	Ojllan32.exe	94
PID 4460 wrote to memory of 4108	4460	Olkhmi32.exe	95
PID 4460 wrote to memory of 4108	4460	Olkhmi32.exe	95
PID 4460 wrote to memory of 4108	4460	Olkhmi32.exe	95
PID 4108 wrote to memory of 4680	4108	Oqfdnhfk.exe	96
PID 4108 wrote to memory of 4680	4108	Oqfdnhfk.exe	96
PID 4108 wrote to memory of 4680	4108	Oqfdnhfk.exe	96
PID 4680 wrote to memory of 3188	4680	Ocdqjceo.exe	97
PID 4680 wrote to memory of 3188	4680	Ocdqjceo.exe	97
PID 4680 wrote to memory of 3188	4680	Ocdqjceo.exe	97
PID 3188 wrote to memory of 4012	3188	Onjegled.exe	98
PID 3188 wrote to memory of 4012	3188	Onjegled.exe	98
PID 3188 wrote to memory of 4012	3188	Onjegled.exe	98
PID 4012 wrote to memory of 2408	4012	Oddmdf32.exe	99
PID 4012 wrote to memory of 2408	4012	Oddmdf32.exe	99
PID 4012 wrote to memory of 2408	4012	Oddmdf32.exe	99
PID 2408 wrote to memory of 4612	2408	Ogbipa32.exe	100
PID 2408 wrote to memory of 4612	2408	Ogbipa32.exe	100
PID 2408 wrote to memory of 4612	2408	Ogbipa32.exe	100
PID 4612 wrote to memory of 4320	4612	Pnlaml32.exe	101
PID 4612 wrote to memory of 4320	4612	Pnlaml32.exe	101
PID 4612 wrote to memory of 4320	4612	Pnlaml32.exe	101
PID 4320 wrote to memory of 4580	4320	Pmoahijl.exe	102

C:\Users\Admin\AppData\Local\Temp\3d5d9f3cdddfa4630f5cf7c004109aeec755f46334a80e55b46e2c02d1e64e35.exe
"C:\Users\Admin\AppData\Local\Temp\3d5d9f3cdddfa4630f5cf7c004109aeec755f46334a80e55b46e2c02d1e64e35.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\Nggjdc32.exe
  C:\Windows\system32\Nggjdc32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Windows\SysWOW64\Oponmilc.exe
    C:\Windows\system32\Oponmilc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3176
  - - C:\Windows\SysWOW64\Odkjng32.exe
      C:\Windows\system32\Odkjng32.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:5084
    - - C:\Windows\SysWOW64\Ogifjcdp.exe
        
        C:\Windows\system32\Ogifjcdp.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2484
      - C:\Windows\SysWOW64\Ojgbfocc.exe
        
        C:\Windows\system32\Ojgbfocc.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1372
        
        C:\Windows\SysWOW64\Oncofm32.exe
        
        C:\Windows\system32\Oncofm32.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:992
        
        C:\Windows\SysWOW64\Odmgcgbi.exe
        
        C:\Windows\system32\Odmgcgbi.exe
        8⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1000
        
        C:\Windows\SysWOW64\Ogkcpbam.exe
        
        C:\Windows\system32\Ogkcpbam.exe
        9⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2652
        
        C:\Windows\SysWOW64\Ojjolnaq.exe
        
        C:\Windows\system32\Ojjolnaq.exe
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:828
        
        C:\Windows\SysWOW64\Olhlhjpd.exe
        
        C:\Windows\system32\Olhlhjpd.exe
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2216
        
        C:\Windows\SysWOW64\Opdghh32.exe
        
        C:\Windows\system32\Opdghh32.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2632
        
        C:\Windows\SysWOW64\Ocbddc32.exe
        
        C:\Windows\system32\Ocbddc32.exe
        13⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3876
        
        C:\Windows\SysWOW64\Ojllan32.exe
        
        C:\Windows\system32\Ojllan32.exe
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3140
        
        C:\Windows\SysWOW64\Olkhmi32.exe
        
        C:\Windows\system32\Olkhmi32.exe
        15⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4460
        
        C:\Windows\SysWOW64\Oqfdnhfk.exe
        
        C:\Windows\system32\Oqfdnhfk.exe
        16⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4108
        
        C:\Windows\SysWOW64\Ocdqjceo.exe
        
        C:\Windows\system32\Ocdqjceo.exe
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4680
        
        C:\Windows\SysWOW64\Onjegled.exe
        
        C:\Windows\system32\Onjegled.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3188
        
        C:\Windows\SysWOW64\Oddmdf32.exe
        
        C:\Windows\system32\Oddmdf32.exe
        19⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4012
        
        C:\Windows\SysWOW64\Ogbipa32.exe
        
        C:\Windows\system32\Ogbipa32.exe
        20⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2408
        
        C:\Windows\SysWOW64\Pnlaml32.exe
        
        C:\Windows\system32\Pnlaml32.exe
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4612
        
        C:\Windows\SysWOW64\Pmoahijl.exe
        
        C:\Windows\system32\Pmoahijl.exe
        22⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4320
        
        C:\Windows\SysWOW64\Pdfjifjo.exe
        
        C:\Windows\system32\Pdfjifjo.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4580
        
        C:\Windows\SysWOW64\Pgefeajb.exe
        
        C:\Windows\system32\Pgefeajb.exe
        24⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2960
        
        C:\Windows\SysWOW64\Pnonbk32.exe
        
        C:\Windows\system32\Pnonbk32.exe
        25⤵
        Executes dropped EXE
        
        PID:436
        
        C:\Windows\SysWOW64\Pdifoehl.exe
        
        C:\Windows\system32\Pdifoehl.exe
        26⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1300
        
        C:\Windows\SysWOW64\Pfjcgn32.exe
        
        C:\Windows\system32\Pfjcgn32.exe
        27⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:1608
        
        C:\Windows\SysWOW64\Pnakhkol.exe
        
        C:\Windows\system32\Pnakhkol.exe
        28⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4276
        
        C:\Windows\SysWOW64\Pqpgdfnp.exe
        
        C:\Windows\system32\Pqpgdfnp.exe
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2648
        
        C:\Windows\SysWOW64\Pdkcde32.exe
        
        C:\Windows\system32\Pdkcde32.exe
        30⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2704
        
        C:\Windows\SysWOW64\Pgioqq32.exe
        
        C:\Windows\system32\Pgioqq32.exe
        31⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4964
        
        C:\Windows\SysWOW64\Pncgmkmj.exe
        
        C:\Windows\system32\Pncgmkmj.exe
        32⤵
        Executes dropped EXE
        
        PID:3944
        
        C:\Windows\SysWOW64\Pmfhig32.exe
        
        C:\Windows\system32\Pmfhig32.exe
        33⤵
        Executes dropped EXE
        
        PID:408
        
        C:\Windows\SysWOW64\Pdmpje32.exe
        
        C:\Windows\system32\Pdmpje32.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2184
        
        C:\Windows\SysWOW64\Pfolbmje.exe
        
        C:\Windows\system32\Pfolbmje.exe
        35⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Windows\SysWOW64\Pnfdcjkg.exe
        
        C:\Windows\system32\Pnfdcjkg.exe
        36⤵
        Executes dropped EXE
        
        PID:2740
        
        C:\Windows\SysWOW64\Pqdqof32.exe
        
        C:\Windows\system32\Pqdqof32.exe
        37⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1356
        
        C:\Windows\SysWOW64\Pdpmpdbd.exe
        
        C:\Windows\system32\Pdpmpdbd.exe
        38⤵
        Executes dropped EXE
        
        PID:1588
        
        C:\Windows\SysWOW64\Pgnilpah.exe
        
        C:\Windows\system32\Pgnilpah.exe
        39⤵
        Executes dropped EXE
        
        PID:4660
        
        C:\Windows\SysWOW64\Pfaigm32.exe
        
        C:\Windows\system32\Pfaigm32.exe
        40⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3984
        
        C:\Windows\SysWOW64\Qnhahj32.exe
        
        C:\Windows\system32\Qnhahj32.exe
        41⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:3364
        
        C:\Windows\SysWOW64\Qmkadgpo.exe
        
        C:\Windows\system32\Qmkadgpo.exe
        42⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:4504
        
        C:\Windows\SysWOW64\Qdbiedpa.exe
        
        C:\Windows\system32\Qdbiedpa.exe
        43⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1816
        
        C:\Windows\SysWOW64\Qceiaa32.exe
        
        C:\Windows\system32\Qceiaa32.exe
        44⤵
        Executes dropped EXE
        
        PID:1648
        
        C:\Windows\SysWOW64\Qfcfml32.exe
        
        C:\Windows\system32\Qfcfml32.exe
        45⤵
        Executes dropped EXE
        
        PID:624
        
        C:\Windows\SysWOW64\Qnjnnj32.exe
        
        C:\Windows\system32\Qnjnnj32.exe
        46⤵
        Executes dropped EXE
        
        PID:440
        
        C:\Windows\SysWOW64\Qmmnjfnl.exe
        
        C:\Windows\system32\Qmmnjfnl.exe
        47⤵
        Executes dropped EXE
        
        PID:3892
        
        C:\Windows\SysWOW64\Qcgffqei.exe
        
        C:\Windows\system32\Qcgffqei.exe
        48⤵
        Executes dropped EXE
        
        PID:4448
        
        C:\Windows\SysWOW64\Qgcbgo32.exe
        
        C:\Windows\system32\Qgcbgo32.exe
        49⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3108
        
        C:\Windows\SysWOW64\Ajanck32.exe
        
        C:\Windows\system32\Ajanck32.exe
        50⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:1596
        
        C:\Windows\SysWOW64\Anmjcieo.exe
        
        C:\Windows\system32\Anmjcieo.exe
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2304
        
        C:\Windows\SysWOW64\Adgbpc32.exe
        
        C:\Windows\system32\Adgbpc32.exe
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:384
        
        C:\Windows\SysWOW64\Acjclpcf.exe
        
        C:\Windows\system32\Acjclpcf.exe
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3616
        
        C:\Windows\SysWOW64\Ageolo32.exe
        
        C:\Windows\system32\Ageolo32.exe
        54⤵
        Executes dropped EXE
        
        PID:3428
        
        C:\Windows\SysWOW64\Ajckij32.exe
        
        C:\Windows\system32\Ajckij32.exe
        55⤵
        Executes dropped EXE
        
        PID:60
        
        C:\Windows\SysWOW64\Ambgef32.exe
        
        C:\Windows\system32\Ambgef32.exe
        56⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1828
        
        C:\Windows\SysWOW64\Aqncedbp.exe
        
        C:\Windows\system32\Aqncedbp.exe
        57⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1304
        
        C:\Windows\SysWOW64\Aclpap32.exe
        
        C:\Windows\system32\Aclpap32.exe
        58⤵
        Executes dropped EXE
        
        PID:3400
        
        C:\Windows\SysWOW64\Acqimo32.exe
        
        C:\Windows\system32\Acqimo32.exe
        59⤵
        Executes dropped EXE
        
        PID:1744
        
        C:\Windows\SysWOW64\Aglemn32.exe
        
        C:\Windows\system32\Aglemn32.exe
        60⤵
        Executes dropped EXE
        
        PID:5056
        
        C:\Windows\SysWOW64\Aminee32.exe
        
        C:\Windows\system32\Aminee32.exe
        61⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1880
        
        C:\Windows\SysWOW64\Aadifclh.exe
        
        C:\Windows\system32\Aadifclh.exe
        62⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2520
        
        C:\Windows\SysWOW64\Aepefb32.exe
        
        C:\Windows\system32\Aepefb32.exe
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3020
        
        C:\Windows\SysWOW64\Accfbokl.exe
        
        C:\Windows\system32\Accfbokl.exe
        64⤵
        Executes dropped EXE
        
        PID:2996
        
        C:\Windows\SysWOW64\Bfabnjjp.exe
        
        C:\Windows\system32\Bfabnjjp.exe
        65⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4396
        
        C:\Windows\SysWOW64\Bjmnoi32.exe
        
        C:\Windows\system32\Bjmnoi32.exe
        66⤵
        
        PID:548
        
        C:\Windows\SysWOW64\Bnhjohkb.exe
        
        C:\Windows\system32\Bnhjohkb.exe
        67⤵
        Drops file in System32 directory
        
        PID:1948
        
        C:\Windows\SysWOW64\Bagflcje.exe
        
        C:\Windows\system32\Bagflcje.exe
        68⤵
        
        PID:836
        
        C:\Windows\SysWOW64\Bcebhoii.exe
        
        C:\Windows\system32\Bcebhoii.exe
        69⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:3880
        
        C:\Windows\SysWOW64\Bganhm32.exe
        
        C:\Windows\system32\Bganhm32.exe
        70⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4820
        
        C:\Windows\SysWOW64\Bjokdipf.exe
        
        C:\Windows\system32\Bjokdipf.exe
        71⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:3396
        
        C:\Windows\SysWOW64\Bnkgeg32.exe
        
        C:\Windows\system32\Bnkgeg32.exe
        72⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\Baicac32.exe
        
        C:\Windows\system32\Baicac32.exe
        73⤵
        Modifies registry class
        
        PID:4432
        
        C:\Windows\SysWOW64\Beeoaapl.exe
        
        C:\Windows\system32\Beeoaapl.exe
        74⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\Bgcknmop.exe
        
        C:\Windows\system32\Bgcknmop.exe
        75⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:468
        
        C:\Windows\SysWOW64\Bffkij32.exe
        
        C:\Windows\system32\Bffkij32.exe
        76⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:1012
        
        C:\Windows\SysWOW64\Bjagjhnc.exe
        
        C:\Windows\system32\Bjagjhnc.exe
        77⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:2976
        
        C:\Windows\SysWOW64\Bmpcfdmg.exe
        
        C:\Windows\system32\Bmpcfdmg.exe
        78⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1488
        
        C:\Windows\SysWOW64\Beglgani.exe
        
        C:\Windows\system32\Beglgani.exe
        79⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:3852
        
        C:\Windows\SysWOW64\Bcjlcn32.exe
        
        C:\Windows\system32\Bcjlcn32.exe
        80⤵
        Modifies registry class
        
        PID:2188
        
        C:\Windows\SysWOW64\Bgehcmmm.exe
        
        C:\Windows\system32\Bgehcmmm.exe
        81⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2964
        
        C:\Windows\SysWOW64\Bjddphlq.exe
        
        C:\Windows\system32\Bjddphlq.exe
        82⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:1092
        
        C:\Windows\SysWOW64\Bmbplc32.exe
        
        C:\Windows\system32\Bmbplc32.exe
        83⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:2924
        
        C:\Windows\SysWOW64\Beihma32.exe
        
        C:\Windows\system32\Beihma32.exe
        84⤵
        Modifies registry class
        
        PID:4220
        
        C:\Windows\SysWOW64\Bclhhnca.exe
        
        C:\Windows\system32\Bclhhnca.exe
        85⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:4048
        
        C:\Windows\SysWOW64\Bfkedibe.exe
        
        C:\Windows\system32\Bfkedibe.exe
        86⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:1700
        
        C:\Windows\SysWOW64\Bnbmefbg.exe
        
        C:\Windows\system32\Bnbmefbg.exe
        87⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\Bapiabak.exe
        
        C:\Windows\system32\Bapiabak.exe
        88⤵
        Drops file in System32 directory
        
        PID:4316
        
        C:\Windows\SysWOW64\Bcoenmao.exe
        
        C:\Windows\system32\Bcoenmao.exe
        89⤵
        Drops file in System32 directory
        
        PID:2560
        
        C:\Windows\SysWOW64\Chjaol32.exe
        
        C:\Windows\system32\Chjaol32.exe
        90⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2588
        
        C:\Windows\SysWOW64\Cjinkg32.exe
        
        C:\Windows\system32\Cjinkg32.exe
        91⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1316
        
        C:\Windows\SysWOW64\Cndikf32.exe
        
        C:\Windows\system32\Cndikf32.exe
        92⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:1036
        
        C:\Windows\SysWOW64\Cabfga32.exe
        
        C:\Windows\system32\Cabfga32.exe
        93⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:3808
        
        C:\Windows\SysWOW64\Cenahpha.exe
        
        C:\Windows\system32\Cenahpha.exe
        94⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3940
        
        C:\Windows\SysWOW64\Cdabcm32.exe
        
        C:\Windows\system32\Cdabcm32.exe
        95⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\Cfpnph32.exe
        
        C:\Windows\system32\Cfpnph32.exe
        96⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\Cjkjpgfi.exe
        
        C:\Windows\system32\Cjkjpgfi.exe
        97⤵
        Drops file in System32 directory
        
        PID:2452
        
        C:\Windows\SysWOW64\Cnffqf32.exe
        
        C:\Windows\system32\Cnffqf32.exe
        98⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1436
        
        C:\Windows\SysWOW64\Cmiflbel.exe
        
        C:\Windows\system32\Cmiflbel.exe
        99⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:3304
        
        C:\Windows\SysWOW64\Ceqnmpfo.exe
        
        C:\Windows\system32\Ceqnmpfo.exe
        100⤵
        Modifies registry class
        
        PID:3068
        
        C:\Windows\SysWOW64\Cdcoim32.exe
        
        C:\Windows\system32\Cdcoim32.exe
        101⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2604
        
        C:\Windows\SysWOW64\Cfbkeh32.exe
        
        C:\Windows\system32\Cfbkeh32.exe
        102⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:4848
        
        C:\Windows\SysWOW64\Cjmgfgdf.exe
        
        C:\Windows\system32\Cjmgfgdf.exe
        103⤵
        Drops file in System32 directory
        
        PID:4592
        
        C:\Windows\SysWOW64\Cnicfe32.exe
        
        C:\Windows\system32\Cnicfe32.exe
        104⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5140
        
        C:\Windows\SysWOW64\Cagobalc.exe
        
        C:\Windows\system32\Cagobalc.exe
        105⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\Ceckcp32.exe
        
        C:\Windows\system32\Ceckcp32.exe
        106⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\Chagok32.exe
        
        C:\Windows\system32\Chagok32.exe
        107⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\Cfdhkhjj.exe
        
        C:\Windows\system32\Cfdhkhjj.exe
        108⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\Cjpckf32.exe
        
        C:\Windows\system32\Cjpckf32.exe
        109⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5352
        
        C:\Windows\SysWOW64\Cmnpgb32.exe
        
        C:\Windows\system32\Cmnpgb32.exe
        110⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5396
        
        C:\Windows\SysWOW64\Cajlhqjp.exe
        
        C:\Windows\system32\Cajlhqjp.exe
        111⤵
        Drops file in System32 directory
        
        PID:5436
        
        C:\Windows\SysWOW64\Cdhhdlid.exe
        
        C:\Windows\system32\Cdhhdlid.exe
        112⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5476
        
        C:\Windows\SysWOW64\Chcddk32.exe
        
        C:\Windows\system32\Chcddk32.exe
        113⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\Cffdpghg.exe
        
        C:\Windows\system32\Cffdpghg.exe
        114⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5564
        
        C:\Windows\SysWOW64\Cjbpaf32.exe
        
        C:\Windows\system32\Cjbpaf32.exe
        115⤵
        Modifies registry class
        
        PID:5604
        
        C:\Windows\SysWOW64\Cmqmma32.exe
        
        C:\Windows\system32\Cmqmma32.exe
        116⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5652
        
        C:\Windows\SysWOW64\Calhnpgn.exe
        
        C:\Windows\system32\Calhnpgn.exe
        117⤵
        Drops file in System32 directory
        
        PID:5692
        
        C:\Windows\SysWOW64\Ddjejl32.exe
        
        C:\Windows\system32\Ddjejl32.exe
        118⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5740
        
        C:\Windows\SysWOW64\Danecp32.exe
        
        C:\Windows\system32\Danecp32.exe
        119⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5776
        
        C:\Windows\SysWOW64\Dejacond.exe
        
        C:\Windows\system32\Dejacond.exe
        120⤵
        Drops file in System32 directory
        
        PID:5824
        
        C:\Windows\SysWOW64\Ddmaok32.exe
        
        C:\Windows\system32\Ddmaok32.exe
        121⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\Dfknkg32.exe
        
        C:\Windows\system32\Dfknkg32.exe
        122⤵
        Modifies registry class
        
        PID:5904
        
        C:\Windows\SysWOW64\Djgjlelk.exe
        
        C:\Windows\system32\Djgjlelk.exe
        123⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\Dobfld32.exe
        
        C:\Windows\system32\Dobfld32.exe
        124⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5984
        
        C:\Windows\SysWOW64\Dmefhako.exe
        
        C:\Windows\system32\Dmefhako.exe
        125⤵
        Drops file in System32 directory
        
        PID:6024
        
        C:\Windows\SysWOW64\Daqbip32.exe
        
        C:\Windows\system32\Daqbip32.exe
        126⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\Delnin32.exe
        
        C:\Windows\system32\Delnin32.exe
        127⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6104
        
        C:\Windows\SysWOW64\Ddonekbl.exe
        
        C:\Windows\system32\Ddonekbl.exe
        128⤵
        Modifies registry class
        
        PID:5136
        
        C:\Windows\SysWOW64\Dfnjafap.exe
        
        C:\Windows\system32\Dfnjafap.exe
        129⤵
        Modifies registry class
        
        PID:5204
        
        C:\Windows\SysWOW64\Dkifae32.exe
        
        C:\Windows\system32\Dkifae32.exe
        130⤵
        Modifies registry class
        
        PID:5256
        
        C:\Windows\SysWOW64\Dodbbdbb.exe
        
        C:\Windows\system32\Dodbbdbb.exe
        131⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\Dmgbnq32.exe
        
        C:\Windows\system32\Dmgbnq32.exe
        132⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\Deokon32.exe
        
        C:\Windows\system32\Deokon32.exe
        133⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5460
        
        C:\Windows\SysWOW64\Ddakjkqi.exe
        
        C:\Windows\system32\Ddakjkqi.exe
        134⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\Dhmgki32.exe
        
        C:\Windows\system32\Dhmgki32.exe
        135⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5596
        
        C:\Windows\SysWOW64\Dfpgffpm.exe
        
        C:\Windows\system32\Dfpgffpm.exe
        136⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5644
        
        C:\Windows\SysWOW64\Dkkcge32.exe
        
        C:\Windows\system32\Dkkcge32.exe
        137⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5708
        
        C:\Windows\SysWOW64\Dmjocp32.exe
        
        C:\Windows\system32\Dmjocp32.exe
        138⤵
        Modifies registry class
        
        PID:5760
        
        C:\Windows\SysWOW64\Daekdooc.exe
        
        C:\Windows\system32\Daekdooc.exe
        139⤵
        Modifies registry class
        
        PID:5816
        
        C:\Windows\SysWOW64\Deagdn32.exe
        
        C:\Windows\system32\Deagdn32.exe
        140⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\Dddhpjof.exe
        
        C:\Windows\system32\Dddhpjof.exe
        141⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5936
        
        C:\Windows\SysWOW64\Dhocqigp.exe
        
        C:\Windows\system32\Dhocqigp.exe
        142⤵
        Modifies registry class
        
        PID:5992
        
        C:\Windows\SysWOW64\Dgbdlf32.exe
        
        C:\Windows\system32\Dgbdlf32.exe
        143⤵
        Modifies registry class
        
        PID:6060
        
        C:\Windows\SysWOW64\Dknpmdfc.exe
        
        C:\Windows\system32\Dknpmdfc.exe
        144⤵
        Modifies registry class
        
        PID:6128
        
        C:\Windows\SysWOW64\Doilmc32.exe
        
        C:\Windows\system32\Doilmc32.exe
        145⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5196
        
        C:\Windows\SysWOW64\Dmllipeg.exe
        
        C:\Windows\system32\Dmllipeg.exe
        146⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        147⤵
        Program crash
        
        PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3592 -ip 3592
1⤵
PID:5444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aminee32.exe

Filesize
194KB

MD5
4f946d74b9722ff35c3162a997a991de

SHA1
67e004ac7b2e4ddc5be7f2711b5a5eabedfb03ec

SHA256
7a58e5dbf2fe657c1b09f311ff017647f28462e85d1df39bfb7df288e3d3b30c

SHA512
81e8a9643eaae71abfe21dc0cb88d84102d54c9f9b1f18fa78e6fe57bcb3c0ec5c03fd5b7fe54077c7725a1f6c15cd98387e9280977d21bf50755d4d36aa1277

Download Submit
C:\Windows\SysWOW64\Bcjlcn32.exe

Filesize
194KB

MD5
453a2d528c433dba52220ba201764bfe

SHA1
df0c9c873d7aea99dd81da8a3e15b3eef71bc37c

SHA256
a3b4fb54a2bd3d32a3426198b14518b3557752279adfc361ba0e21c0a6794ad6

SHA512
aee73d2e342c21d16684e3abc95597e35c6628cb70fcac305ddc695ab2d1adac267570b8b9e56e7dedb9dc81e5edb0976cc530dc3442fa9b0afc2b245e8a3847

Download Submit
C:\Windows\SysWOW64\Bclhhnca.exe

Filesize
194KB

MD5
6cc93ade595a65593fb5e35046a37a4d

SHA1
05e2e0abeef8e7a2add4b66622787e1c07acc6dd

SHA256
470bd441f9456973bc571c365c05b073ccbccd45d1c10013d7f4d9eb3e1ca5fe

SHA512
39651d5a80a9506e14761b29a7102159ff9be6f022254b34d334893a3691f9c9fa14eb5d47423bbb83b227cb8f04e9051682bc7c5b8f8eac37e557e14d2baabf

Download Submit
C:\Windows\SysWOW64\Bganhm32.exe

Filesize
194KB

MD5
d6a42f559e736bc9dc736ea1b0e2a1e4

SHA1
83fa1ed50f69c272362e80b748b262cf6f8d6eec

SHA256
9b337b5333510e50ab936952be1876feef48c86b6b5a6c7f3c35bd6c3b03297a

SHA512
37a771ffafec19608ec8b7e92e2ee2ecbf8a85d647af96ac4eb94d9e68b8aebafbcc427d8ee84c5908fde23d5b68b7a5e4c02e9598932524d1be0f7016ffe15a

Download Submit
C:\Windows\SysWOW64\Cdcoim32.exe

Filesize
194KB

MD5
e1b4a5022611bc58c7f578ccdd665b0d

SHA1
5289bca6c184c7e9811b724f4eee6e1cdf360668

SHA256
9366b37d1ef4c622a562bcdc80e8a53eb3037d5064e097881004fce93df356ac

SHA512
03571f0e4d64a12ac00737e09a157d6f017567800087b647c9e66330b98827d71ceeb2af88d8c285cacdc400b793f72c260d62a40f1082e600dd1659ab693795

Download Submit
C:\Windows\SysWOW64\Cenahpha.exe

Filesize
194KB

MD5
58f4d451f48b41364dc65e37d050cbab

SHA1
ed6a700178f94effc0c11483c82443624bdbf243

SHA256
0c35712d0cbfddd61d2f940f1d80cc64291d4023b873c6a07b51531314755b7a

SHA512
79eb35a0662acaa9ce03bf0f468e9ad571cfa35bc4b3d7ca782a7744c216e205b5b7b17aa9ff768a83bc95a14ab98832213c32a1fe57d646739a44b714dee834

Download Submit
C:\Windows\SysWOW64\Cfdhkhjj.exe

Filesize
194KB

MD5
9a3a3c75b8c61e860b354bc6494dc72a

SHA1
2298d40e888e67d070cca8225f3bc278b2132c54

SHA256
4ee3480e844d92436a88c512729ed697e027fdfc59b0e850b93ad14c10fac64a

SHA512
01fce4e83cc6ca18d1a0b2da119aa0abc1ced7cda0b08b507136e8216710873a37833048ad6b78735da55b3f3d769e89fe8f1e0160167044eb3bf534ad374c36

Download Submit
C:\Windows\SysWOW64\Chcddk32.exe

Filesize
194KB

MD5
8be2a3955d628226fab6911cc02df114

SHA1
d94819c8f9ceacfb9cbb5782d9f502b2d73b38bf

SHA256
799cc278c25e0ea830a3f67afa7c1cac52d013bf56057928dc353bab0dfd0325

SHA512
e39e11b8eb5e0a8ef060fddaf25a231d6584ac7fa0c3a3f738eaffd1984b037a88fd8c3a8354ec6e7b8b6cf852f8654437d5473e598c4f688e266dfb28f83ff3

Download Submit
C:\Windows\SysWOW64\Chjaol32.exe

Filesize
194KB

MD5
ebe1aafe910a6a339cdd69cced242c68

SHA1
5956305d8f62d501936257f2f5fed506b65ed94d

SHA256
72634dadf11177144da8b655f8b942ec09f782763bd81ca467c5f4cf937154bc

SHA512
8544f922a742e8e20deee838ad808ce4c891d6fc01cf6e3273e79b62c908c6f6766ae49218b84d98f0e2f8f5014fa1d753a64ea51d209da93da6bec9c7b9b6b9

Download Submit
C:\Windows\SysWOW64\Cjbpaf32.exe

Filesize
194KB

MD5
451646a54a75eb3e0e7472b3e57d3951

SHA1
4a25ecc21c5eb91cca44b1a6d58df2e083e66aa0

SHA256
f37c9c32c70920b6128b815448ecf3f124c91d6e64714d1e4a06f512021201b5

SHA512
6396e142798d862ce3fe2eb44a27466d403529f9305e67d47f8c8e453f8370d8065e4c11c0503db6c2318faaed2927963adcc88eb1c8b2b5e2636a336fca6a0d

Download Submit
C:\Windows\SysWOW64\Cjmgfgdf.exe

Filesize
194KB

MD5
9f177bdf6ad0ad5d8c99c55835cf57f7

SHA1
2a2213cd12e64b05c52959e069254111840f4d27

SHA256
150ded3d3f555608faaa18887397a1610f17820aa5b00ac6d52406b5873d5579

SHA512
8bfca082dc2f3f8eb645c9f784bf91d6d09abce745241f570624ee22fb5760003fc94f93aff47e639f7f3b0bfe41939ce1f38f2f55acabb17e5bd49ec10a5694

Download Submit
C:\Windows\SysWOW64\Cmnpgb32.exe

Filesize
194KB

MD5
9c100cf0b34ca54da60709cf38d69c8c

SHA1
ed8daec3ecc86474de70dfb8ec426bbdbaf3823e

SHA256
fe4d7d76453be50a6a65b524d6912084287c5d377426bae51ce09506d4a5f762

SHA512
70627311398d885da4c7bb424c623257b963a17531cf139bf8d15acee1302022d7af87f7119cc72cdcb0aac8e2c27547a9463bc299e64e5878c233ab1d993d7f

Download Submit
C:\Windows\SysWOW64\Daqbip32.exe

Filesize
194KB

MD5
b6ff1aea836c2cc04c4a441efb2da061

SHA1
c1a9cdabc5dd49f89e198df784fffa54dab25966

SHA256
3555534d9dc9e7c6dd01b225cb2ac28c0dfdad815ad4e683ee4c93b863276402

SHA512
8bcac69e25faeb27e8e2ccd3e73a678ba82ff2c46d397431d3d0ffff14eaa78e9cd2a6efc45590dfbe2f59a9edc1afa424d84a1a67a3b128273ac57af2ef0c7c

Download Submit
C:\Windows\SysWOW64\Dddhpjof.exe

Filesize
194KB

MD5
576d2c4e5ed1029bb1bda028572fc54f

SHA1
3f5a88c308327f7537ff9386e2651c721e5fa62b

SHA256
050fb84cbc4c21a50047d6bc1354eb70a16ad09d552aef3e0abb91ade8e4655c

SHA512
7caeb402507e418624e413273cae21581fe623cf0129f94687ff8529c7c1f3519516e8d0d1339bf90520f2a2cf6647ba8b62b4b378e57d24d783a39127b88fb4

Download Submit
C:\Windows\SysWOW64\Ddjejl32.exe

Filesize
194KB

MD5
f330e8693cec2bc2402e8d0425cf2009

SHA1
163c009a1ff59de3027fce00f3f685b6018b3dad

SHA256
400e9fa873a5498c54e7f47f97cf88ab8fb71b90f8aed121e5c872f472fa5d39

SHA512
249aa23564ffc1c648426ab3e301f7efd0ed523ca396ea9edd1a1c1f5a9c017eda51243bd1896d42fd66eeb882e82c66d4ee6cecf281c249da58ac0a0a4f0bf8

Download Submit
C:\Windows\SysWOW64\Dfnjafap.exe

Filesize
194KB

MD5
4bf89623d5af7952a5e24e836720afdd

SHA1
cc1f2098feb7c9fc5812ca2d1aeaf5d55f740488

SHA256
e1949f4a7656911ccc00bbc8a0ccc72e32b310f18c3000a0a74b84276caa7c26

SHA512
6025ae72533700725c8f088d5940bc851736b37b7a9b9957877b10fc7c7d8fafe13422583c18db09847964c63ce41ee616bce7a4d6e433bc5708777e0e51bb9d

Download Submit
C:\Windows\SysWOW64\Dfpgffpm.exe

Filesize
194KB

MD5
57f5e8f10472cbb2c73517083ad30e85

SHA1
d2562fd7ad7f80d856e97367b88c1bf7066d8691

SHA256
4160c5780b299439ebf74cb9f15848cd34793bcb4fee843579e55ab82f1d24c1

SHA512
700d6cec84ee72b6962a97a72ecb91e933d9c1412642adcb19edad644af72862cac6c1b050469cb5c8dcd76101922a72b3cffeff41ad15975f785af7a3fb7a2a

Download Submit
C:\Windows\SysWOW64\Dmgbnq32.exe

Filesize
194KB

MD5
ec48fec16b1c08ed48f7e545147a334e

SHA1
6c5a9fce6061704c646d15e731bd7ba6422af2af

SHA256
862e52ee3d399f9e8c6a60ae73ad160e10048f8a8f9b7d8268b48ef82bbcf9e5

SHA512
b363e16d80a23fbdf38d668632a884053f68ed401f38f2b8c19243773fe7ce51c3e9da6ed3e70e7315f74759a196c14e3f7ef6d3308096dd1513d7538d0d710b

Download Submit
C:\Windows\SysWOW64\Dmjocp32.exe

Filesize
194KB

MD5
e2efe7df8c865d16ea1d2b0dccfb9d5c

SHA1
0dbaea9f5dde9fbfe482f198c035a0074efd27ba

SHA256
048c6369f299025618a3775ec44626795bdcfd32d413235ddf15b511e177d24c

SHA512
2d75db3d3495559752ec001af15258aa91c854e64191fc476f9b0608efb175d63e8b04217de0e01b6fb97af9a1ef847b62f5c5a919c0a4b579f8f6b2468dd58a

Download Submit
C:\Windows\SysWOW64\Nggjdc32.exe

Filesize
194KB

MD5
b03fb7afd3ab27eaf2dbabeeb8a0df2d

SHA1
0a87491ad25f0efefc71e0a6e677151b79cb138c

SHA256
bd8568baed5c0988c86d18e9ffa3691065300a7fe04a6ba94ca3ae8f5cab97fa

SHA512
363e632d156c47a593aa698b1771960aee767697ef210f70c6cfca03f44bf9d764e36a4e71449a0fd4c8bd062e80e440d1840a08d11a38c2c92b081620d0963e

Download Submit
C:\Windows\SysWOW64\Ocbddc32.exe

Filesize
194KB

MD5
5dbb785ce0f4f1ad9f99f5e03c5cf588

SHA1
4597e93fd414e551cb4f3bae0caabb0c2e4b6941

SHA256
1715230fb5dbb132a0432b13c54566d11dd75e3df40cb106fd11647a5145743c

SHA512
3b1e22aa82c5b34be9d8bc63f346d9f7d882e25c4dd93d34e1c7d73415f40120fff9f6bdae7289f1cd44120fbd34b19932b4ca747fb6e8fda65d6b5078a53554

Download Submit
C:\Windows\SysWOW64\Ocdqjceo.exe

Filesize
194KB

MD5
2078993dc9e800f0904e44fe0f4b91be

SHA1
eca948c3369609f4434c28b5cbe809c3796c14e7

SHA256
d12155165e412c9162656cf6efab9a9c694ad35f26f2dfeff3ee143e73c3c0db

SHA512
b8a3d8f4cb419b07891ced8c1038371599993cc643ff1a969e19a4c339163754b90883294afa66672dbf72a529c24a686faac4c074ed6fa591f52255c1f6a71f

Download Submit
C:\Windows\SysWOW64\Oddmdf32.exe

Filesize
194KB

MD5
d1a2a74812ab4e7e5d82f6a67fa0d0b5

SHA1
606d9cbc9f92ceaf5802bb05864bb8cc4517500b

SHA256
66b390363d8f5927aec88aa798c8aaea4c76268db0f1ac042cda1afd9f6c77a0

SHA512
3c74fee37e29099e14acae420eda1f12f19eda6a1d76f30f546c1581eb4cebb964d1ba0e53067547bf17598b75fe736a8ca50c16ff6e6b2166fb79108e2f3351

Download Submit
C:\Windows\SysWOW64\Odkjng32.exe

Filesize
194KB

MD5
7341bd42ffcd3eb5defc4395784d19e5

SHA1
f87e5b063f9dbc2ed655f9ad85c878e945b4d234

SHA256
21c56dc7c883c775adcd1f5509c74e9d73d859ee4fe15541a85e1d6e87506e37

SHA512
27b0c1e9507821418bf183a28f429b5ccf07073a2409c7079457d6e84195b375bc543c709bf8fe862d492cac929d37ad095140b8bb3610f4966236a9865f5b46

Download Submit
C:\Windows\SysWOW64\Odmgcgbi.exe

Filesize
194KB

MD5
bee3d81f6aad2e8171231f8d68aa98dd

SHA1
8e4e23f5545cd4cc97eec422a1d4cec991d229d7

SHA256
02214a0d4e1b9580e5cc70c9a773a913302d59a029376a7e87599801e6f0fb3d

SHA512
597343fa15dc104f070133af11ebd6d985861e09b6fc962cdbb517c4e14aee44d6877ba9d78d1cbd76a654ff60e494965277a7a2853b156fa8f453dcd5fe18f9

Download Submit
C:\Windows\SysWOW64\Ogbipa32.exe

Filesize
194KB

MD5
2e8a3c4d6259747a0eb47448dabdd7b2

SHA1
4922b9be6b4175e51600730b033666f480c01972

SHA256
215a6289256ec23fa0f53f2110afc900abbff8e6682fdd559ac4944a6a71ee79

SHA512
77c1865ebfd57254d89e4192eb0d0eaeeb7562fa8077b0d5ac50ce34c9c2dba88e96c4f046d6200310ee40a833026c573f7c0f694c7ab0dcfa5b6f92a54cf636

Download Submit
C:\Windows\SysWOW64\Ogifjcdp.exe

Filesize
194KB

MD5
15a03f0866b40ce7c1e3a62de02854c2

SHA1
9763150a7e3ae21b92c44a8018aa62a2c4152677

SHA256
f46c4bd13a1e0e1af2f6122fc0d7a1a21af24733d36d25db48cb3d8f6cf7a65c

SHA512
9eaba38655eeb44b5c62b360949c7f8fee848ee23b42fc08228ea8ea6b34eb2e15d28b961442ad0d92ce92bc51d58c829e50791dc346883a3a043dcc618bd4ea

Download Submit
C:\Windows\SysWOW64\Ogkcpbam.exe

Filesize
194KB

MD5
50f19152eee60fcbd4c0982f680fe1fd

SHA1
bd028dd7f1743d6b3618dbe91ce625f420312580

SHA256
683df5417d2f7390a934b7238ac805fb2a1eb5a089f19448f83b05c5b6640df3

SHA512
54163c53e067869114146ce1516f01008175704678667e499472ce820eb6125142eed88588915c094c2dd182218a44de37e657a9bf4ef08f5884cd80474fd416

Download Submit
C:\Windows\SysWOW64\Ojjolnaq.exe

Filesize
194KB

MD5
7c8cf20d47c40666adc40ec879e6bed0

SHA1
225d942eb7357fe3232019dbdefbb91b04be6f83

SHA256
c4f39a744c14d6d35f66a2a5ed6585f4400cfda672e95dfa0a9317dafddd6d62

SHA512
3e03c66a135afa298b237b967d008a0144d8c6da81b93b32d57eb8098bc725f1b98b8589f2f128350e40d38bb35491018d60fc92424ea8f2ec75dbac4710bef8

Download Submit
C:\Windows\SysWOW64\Ojllan32.exe

Filesize
194KB

MD5
b9dd39919260510c74cb815f60a8856e

SHA1
73a2aa957a0de31d12c71f4885468a8de02345d7

SHA256
76aa058bf92f325b9c65e2105a41fc6cfa9bfd28c98e0df29124040e5f917b8d

SHA512
70e3c202689ec20a2b0dc3b2f1ccfa87145d940ea0c1ab88e08acb35575aff21ce1025c07fa08ec5e5e5c744094f892d4216660f21810285517f4f3a54070e3f

Download Submit
C:\Windows\SysWOW64\Olhlhjpd.exe

Filesize
194KB

MD5
27d04f9ef90d683f73341ff96f3dce97

SHA1
c7cf4bcb7873afe29394f79e6072723770980ba2

SHA256
e3738f336d8a99f4f4f64e41a31b9671b2819514f0434d5df3cfc0f3be292cc3

SHA512
a5a620a838aacac9bc5f5ad1cbf261411dfd383353d79f6a9af53017de61a0bb93acbf7718636499c3e6cbc8750d7638320909ee74e63528cb1ba3446c8c25ae

Download Submit
C:\Windows\SysWOW64\Olkhmi32.exe

Filesize
194KB

MD5
60adb276aee27fcfc4b39a580bcb449d

SHA1
f0dd3efd645678d314aa61221605c9edc17b203f

SHA256
fbb2adc736dbe7e06dfa092a2148a7eb8374e8e608f130dec4f3263a099d8cb3

SHA512
33f5a1560643e684dfaef4b084205b241acddbe4f727db33150198470a6e3d89445efc5965b06bd29aa26313625906ab9a58c208c0e70e638f24b358e3877a5f

Download Submit
C:\Windows\SysWOW64\Oncofm32.exe

Filesize
194KB

MD5
17bfa5e6993e0330f0a1a14ac45440ea

SHA1
e1888eecf8f96e843ae29a7aeeb2b3006f24dd03

SHA256
ca2a0e439aded4befd6777d8787b3a8e37cdadda7490ad0d8f5815ee81da12ae

SHA512
f18d83061a3e497208ce0f8978760a5436f8a2f253d981029480abbcb25c6ade8a29d799b2ea6a2e5a1a814b3a72d1132ea8652e6726237648e779d407ba0381

Download Submit
C:\Windows\SysWOW64\Oncofm32.exe

Filesize
194KB

MD5
8180f594669de062857623b88d9e8423

SHA1
5a67db44ac7918af575c94452a05e7c3a5847bf0

SHA256
f1f2e057dce61f4b1e6f4cc26296027d0b7ccdb984f3e4d90ded694bf28d9f7b

SHA512
975bca4ee2f42613127f0deb9b621072aa2125d5d50e89a0283c3158bf442a7804e6c95eba458aed354f85231b3e4ec77581f95c03af35723548f16b01f71cc8

Download Submit
C:\Windows\SysWOW64\Onjegled.exe

Filesize
194KB

MD5
26bdffc9b2970273baab01d21102a562

SHA1
ac7a1782d1634deb7f651cab3a55efbf4fed656a

SHA256
2944767bac827ab5350a4b8f6dca9b971d2ebf4d7bfcc0eeec2ed607b912b643

SHA512
bde4fd1b2015833a337f143083138876a13eeb3de0d61c69096217af0db49db9a5502e432dfd1552092a6b6970b6f6542c5f9659c5b7db48b30ed029f6880631

Download Submit
C:\Windows\SysWOW64\Opdghh32.exe

Filesize
194KB

MD5
60dddd4a37e1193f7fa4a0c8b3cf5eda

SHA1
3f455cf21475aae7559ffe771e8861e21f4f446c

SHA256
0c5311addea90b4abce3809cbbdd5b4f04d362d71ea7ee9fb86a9b4c2a5c7166

SHA512
0faec465b34133e9f52081657cb2e0d29ac9072f32bdb02ef709afb28dde36655c79664a16a18dbd91cb1fbe00b5935757b09d32a964775952b7fc2677cb5a66

Download Submit
C:\Windows\SysWOW64\Oponmilc.exe

Filesize
194KB

MD5
767d9df326db8b44821a7184ac1ca377

SHA1
0ad20d7f6bb4748e49f41d152d90ed55d75e38d6

SHA256
eb019cd319975671aff6993754dcbc471e15f7fb5cde202a89971c490514ed13

SHA512
797568a33bc4c93fb85eeb559f8eda8e77565666a2f571f92f5218b90bd85d1b9aafbf1d8bbc39bc2a87d9ddc3b4c6ac5ecd304429e529009713c6369e021d7a

Download Submit
C:\Windows\SysWOW64\Oqfdnhfk.exe

Filesize
194KB

MD5
e33c0f8ef58898d3629dae236072ff7d

SHA1
091f3d54420b8fc63dd39b2287ec0c61cb425a72

SHA256
d33845582bbb7fc5fc10040ad65e61e99ca2df968a0ef5bdde8252e0810cf363

SHA512
c3a384e8b93679a9f5c63477557a4d59b8abc745744c1ee4bb7ae1f9d8f41da9b3fd7e05fe7db0380388a30d1d3a6387ffc025c79aab082c73cc36a544190e80

Download Submit
C:\Windows\SysWOW64\Pdfjifjo.exe

Filesize
194KB

MD5
6fbc52b92d4ebd1c4f84bf7f86fb11f5

SHA1
ca9949502b4e517fdb164d865fc86530047c0520

SHA256
7fbe6be70f4707b5acbe5e0e1758654d6e0bf370ed19d41f5b80cad9fd07e1cb

SHA512
fc41509ff6312c097e978e16d8d25cf6e0eaf83688226a23c1bc7b40bf1402cb47ed7fd4bd1df31c0f392e26f55989005daf25b75db3fed842020a99bf581a90

Download Submit
C:\Windows\SysWOW64\Pdifoehl.exe

Filesize
194KB

MD5
86cf6b645609cff19868d7487d337a33

SHA1
b8119685e2adbd211ddf7ab375a59c4c0100b327

SHA256
948b4ffc4cc0e8881bdf39a7bdd6b71bd1b0f88a611f652d8c2ad24ae29e7918

SHA512
206a8682affdc8124f3ba5a57a088f60f013f0c8f83fd685e84db28442856faf90d84e3a402a22e96dfb3adeb398f7741673e4ad8690c8fb84b971258ccdfbdd

Download Submit
C:\Windows\SysWOW64\Pdkcde32.exe

Filesize
194KB

MD5
9d5587dc5005f1ddbe30909a42157bf8

SHA1
5ba2ce686f6cbc171caeb877fdd3f712c1653a50

SHA256
4dbdb0e478886b30ceb91fff3269bbd124c070ee0cf9c8b3d3796d0bc01119a8

SHA512
69c0bf8844eddf6adcd0c79546b967d1c4fed364444bc066de904d5b3219619e55d2ee9f769e284594c300176db7012478fe37cc8220889b0315e449d53ff134

Download Submit
C:\Windows\SysWOW64\Pdpmpdbd.exe

Filesize
194KB

MD5
516826e9e441efefc284023faa4a1d6b

SHA1
9dd14cfa0ad8bf75815f31bbb4a952232ee032cc

SHA256
07bc77dab56b1080d1077abba459b783f523bbfa961a64fce6f1f9494afbde64

SHA512
406caafd589866321e4c77d0ce5d41d49122027096c673a0bcb30783bbf763eb7bfa44deafc7461a968a698a35340d76c3a4773cc417be534b0598dcb74af1c5

Download Submit
C:\Windows\SysWOW64\Pfjcgn32.exe

Filesize
194KB

MD5
f83e055537fc4c966b78b57bec848ad4

SHA1
1da303eb2ee88469e93a6fcc4e53143a782206ca

SHA256
6595e92d9f620f3a057f41be11fffa775dbc0e5bfae05761be9cc560602686e4

SHA512
58e655b353dd23fb75c0d0c335aa202260e5b8c16c3a59dbe48ab1a2669c61c76067617753d28004dee4f4e254dba0f9a3b7476616718b98ec73f5d0b2340881

Download Submit
C:\Windows\SysWOW64\Pfolbmje.exe

Filesize
194KB

MD5
c639147a444e4203ed8ae1a5ae992ee1

SHA1
9476ac0a47b7c30c03e6795d5c944fe96fcf64d3

SHA256
731943afd7ca2f6a09bb8471503385cbbbed2971665ceba7aa29038035cb53ac

SHA512
1cbfc4b50fe790653386f565213cda62c2343f06f50a07029436159518a0f97c2d0409f6b1207cc7c16ad6f617a183bacb2a3b3eca9a6dd4ef7420002cbdc638

Download Submit
C:\Windows\SysWOW64\Pgefeajb.exe

Filesize
194KB

MD5
56f6568fa68a98c4f6316299ad4ce8e0

SHA1
87e3243e35217deae6744c21b350028cfe7e3240

SHA256
5624ac8783e174df554ece645f9df3b9e0928d7266e5232ab3d9174845606e2c

SHA512
a0d6d36ec39a504e6ce402836f9a98703be367d0c4d0ac8342be95a4f2987e52a1865fbd41dcbede598af2512b7475f25f38bcd911892dd02edee99dae46105e

Download Submit
C:\Windows\SysWOW64\Pgioqq32.exe

Filesize
194KB

MD5
f207dca5a1cc9139a132ff0f670816a5

SHA1
2cfd02b9ae0f64f5ef7ed060518858b3bcd7076c

SHA256
cefb252b13f40ed7e47436d2e979d99133e3bafa68cc5837049d9a846bff3be2

SHA512
9a1bb904aefc2f7724b90d5cdbfd20a3de5396167732a1282c7086685cc13d9df5833632e734dd37f8b1a6def403ee34e1f202fce82069ac15720f5e386e62fb

Download Submit
C:\Windows\SysWOW64\Pmfhig32.exe

Filesize
194KB

MD5
7dab199e7f09db121c628fff24c01de3

SHA1
7a3d471b9dd0324c9e92ac3d09b71ccbf9e5705c

SHA256
7fb638aa1f5c23c34a0b66b7e672b7d0ae93cb6d6ed86e1bbf1a7c8c03e2552e

SHA512
18f1db3da51428f31ae107b2acb5a0ca07a15c99061f8d3b8d143150eb67389486e15effedc2d96328762f4a289afc90f0016be5433f07b2ae64f9e62060e51e

Download Submit
C:\Windows\SysWOW64\Pmoahijl.exe

Filesize
194KB

MD5
dd69030e9c432999b68745b4173436ad

SHA1
9516bf3bf659908b0c18c96e475ced0bcf77f7a6

SHA256
c7573c17d8e3b5c7a60385fa04f0145d03efb171725c9dce8eb88de1e04f1251

SHA512
3a4cd62587f85b5d11461dc752be09ea399f5aa35833ac528a132cf7b9e40ce08cf0f19d27fb398a455334bef36cb63c1e3a3956e666bebd72d6c796b4c55db5

Download Submit
C:\Windows\SysWOW64\Pnakhkol.exe

Filesize
194KB

MD5
34e63246566538fdca7504682476287d

SHA1
1440f87d41d3625a8749ed3b99625f9dca56da4a

SHA256
25c5e83a0bf341f9d0ba5cd09f9341e2096e3256300dead8408b8beba5a34d45

SHA512
6be3e299660feb1bc6fcdafdfd588a61ae8a33a5a930da83049d54e54e7fbb0dad30ada75ead6556157daab0a27ed00e0e20e2e9c7b0b57dd8067558addcc3d7

Download Submit
C:\Windows\SysWOW64\Pncgmkmj.exe

Filesize
194KB

MD5
7f15795a88a5cf884969f8e2a859fe11

SHA1
5e00e29c6c14bd236004858dca2effc114793ee9

SHA256
337a24434384e882e25f76ba89b781970b4fe127f1139a9f38a6b36241e42d8b

SHA512
82adeb6b0771748666b633702b1a3fc624666935ed484d52421198c5e789e6180d44dfe9ebc53a0a058a53c984fe651a0956efd33b83733ac341f46f6bf77c17

Download Submit
C:\Windows\SysWOW64\Pnlaml32.exe

Filesize
194KB

MD5
49877eed397dc36a15ed7ff586a4057b

SHA1
6305533c9adfb4d884c522cebed580252cf6586e

SHA256
b53bdb17eb90fb7af509c021c9824e4f0e5f4d2e278ce139221d4d96e78be568

SHA512
deb1c0d8288b0629daa56fee7344c03f76409c4ba18ce38739289e656dc241548ee4ab6cbc8fb0d22965cf735ee3a46b9095af9836b5383a03edb1a76ef634dc

Download Submit
C:\Windows\SysWOW64\Pnonbk32.exe

Filesize
194KB

MD5
84a9a9320b9f0f0d9cef03618a0b048f

SHA1
5294ddd69cf72c95ac9fe03ec5e0debd553f97a0

SHA256
32b56f8bf16318fb4304370acfa6e8157a4cc810804b51b0eb721f6ec8319710

SHA512
cfb2f7d919b3a4784b734480a8ba5bdb918b5b4c71bc3ac15d4af31810cb4e75367ed650b1536c382fad0d9a706437eddb0a9ccbdb7f101bcfdac5509a5e27db

Download Submit
C:\Windows\SysWOW64\Pqpgdfnp.exe

Filesize
194KB

MD5
31fa4cc2dc6f908e3b09455ab8b38ebb

SHA1
5e3de8aa95012b0b60334a663404cb78544dc18b

SHA256
cb14a6db9b2c55124d63b74fb5e27fdf4d88f145071041f5de803a92f28a3a20

SHA512
6b39888343498e25884423207c09ffaf8909480187c3f14a6d40e55a3f6b46d300e74905741b25e411ad08000e11010f16902a7475dd6d8d0140508a34e47666

Download Submit
C:\Windows\SysWOW64\Qmmnjfnl.exe

Filesize
194KB

MD5
1a1544682ec6ac6c7f85d02e525baa43

SHA1
270c08a835306529762627f93c6c9a2d103b0841

SHA256
b1e2b33f519c6874e7e2d17c0f53972ca7c9f2ddb530081ae3b04a65a7682a6a

SHA512
3674276203a7ef6598701eb4e774f68718827f9e9a3eac54fa2db58225317d3a2d86d657afab6dace02b4343f3473e1216a49d151ff4c6c999623b68079e1908

Download Submit
memory/60-387-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/384-369-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/408-256-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/436-192-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/468-506-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/548-457-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/548-1125-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/624-332-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/828-606-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/828-72-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/836-466-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/992-48-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/992-586-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1000-588-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1000-56-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1012-516-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1036-1072-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1092-550-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1300-200-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1304-1143-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1304-399-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1316-609-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1356-1183-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1356-280-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1372-575-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1372-44-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1488-528-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1588-290-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1588-1180-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1596-362-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1608-208-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1648-322-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1700-580-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1744-1138-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1816-316-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1828-398-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1880-422-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1948-458-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2072-7-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2072-549-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2184-262-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2188-1096-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2188-540-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2216-79-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2216-608-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2288-268-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2304-363-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2408-151-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2408-1216-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2484-568-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2484-1245-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2484-32-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2492-542-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2492-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2520-428-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2560-596-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2604-1055-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2612-488-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2632-88-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2648-224-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2652-63-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2652-595-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2704-232-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2740-274-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2960-184-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2964-543-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2976-518-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2996-440-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3020-439-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3108-351-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3140-104-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3176-16-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3176-556-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3188-135-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3188-1221-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3304-1059-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3364-304-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3396-487-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3400-405-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3428-386-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3448-1083-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3592-965-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3616-375-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3852-530-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3876-96-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3880-475-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3892-339-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3944-1192-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3944-247-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3984-298-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4012-144-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4048-569-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4108-120-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4276-216-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4316-593-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4320-168-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4396-1126-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4396-446-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4432-498-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4448-349-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4460-111-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4504-1172-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4504-310-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4580-175-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4592-1050-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4612-159-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4612-1214-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4660-292-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4680-1223-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4680-128-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4820-476-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4848-1052-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4964-1194-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4964-240-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4988-500-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4988-1109-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5056-1137-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5056-416-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5084-566-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5084-1247-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5084-24-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5232-1045-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5344-995-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5392-992-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5396-1037-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5520-1028-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/5564-1029-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/6024-1007-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads