41a36f3f164e562386b1fb978e281cf9ce01f2e6c93f5f44d3e371df7650a54d

Analysis

max time kernel
138s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41a36f3f164e562386b1fb978e281cf9ce01f2e6c93f5f44d3e371df7650a54d_NeikiAnalytics.exe
Size

320KB
MD5

ee7b9144764ad8f297a997692faff6d0
SHA1

f9010fc74b7d602a1f8c3c83dd5e181e24fdb5c0
SHA256

41a36f3f164e562386b1fb978e281cf9ce01f2e6c93f5f44d3e371df7650a54d
SHA512

8f75335ca35d25380f14d903a22eed1489d66a4fb6e0b57513340a5f7946579f8eece4fa43dd86cfe7915313560ece28a40e54fbb32a2430edc3e87047710688
SSDEEP

6144:7MAaYv2+++++++++++++++++++++++++++++++++M++X++++++++P+++n++Y+++F:7taYv2+++++++++++++++++++++++++1

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Clkndpag.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lmiciaaj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dejacond.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ecjhcg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Menjdbgj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nlaegk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ogcpjhoq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Boepel32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cknnpm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fkciihgg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Iejcji32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ocbddc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Icplcpgo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mlopkm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Boepel32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Fllpbldb.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jbeidl32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Klngdpdd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nilcjp32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pnakhkol.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eofbch32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jeaikh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dbaemi32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ehgqln32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Gdcdbl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hihbijhn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Adcmmeog.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ceaehfjj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ehgqln32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Meiaib32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pqknig32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ampkof32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cknnpm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Colffknh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Fkciihgg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ncdgcf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Neeqea32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cogmkl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Fdnjgmle.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nlaegk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Odmgcgbi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Belebq32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bldgdago.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bjddphlq.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Calhnpgn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fomhdg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fkmchi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Heapdjlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qgqeappe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Afhohlbj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bhkhibmc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jfcbjk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lbmhlihl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lmdina32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pjmehkqk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qgcbgo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ffimfqgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nilcjp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cmgjgcgo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dodbbdbb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Aelcfilb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bobcpmfc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Blbknaib.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gcimkc32.exe

Executes dropped EXE 64 IoCs

pid	Process
224	Ogcpjhoq.exe
2744	Obidhaog.exe
2496	Peimil32.exe
5040	Pkceffcd.exe
2760	Pnbbbabh.exe
3868	Pcagphom.exe
1368	Pkhoae32.exe
3604	Peqcjkfp.exe
1444	Qkmhlekj.exe
1964	Qbgqio32.exe
1908	Qchmagie.exe
1348	Qnnanphk.exe
4916	Alabgd32.exe
1496	Ahhblemi.exe
3904	Aelcfilb.exe
4228	Andgoobc.exe
2848	Alhhhcal.exe
2840	Adcmmeog.exe
840	Ajneip32.exe
4092	Bbgipldd.exe
1020	Bdhfhe32.exe
1920	Bnnjen32.exe
3800	Balfaiil.exe
3492	Blbknaib.exe
3356	Bblckl32.exe
1684	Bejogg32.exe
4612	Bhikcb32.exe
1028	Bldgdago.exe
2424	Bobcpmfc.exe
1768	Bbnpqk32.exe
2428	Bemlmgnp.exe
4828	Bhkhibmc.exe
5072	Blfdia32.exe
5004	Boepel32.exe
3048	Cbqlfkmi.exe
1972	Cacmah32.exe
4832	Cdainc32.exe
772	Chmeobkq.exe
2696	Cklaknjd.exe
4692	Cogmkl32.exe
3124	Cafigg32.exe
3676	Ceaehfjj.exe
2484	Chpada32.exe
1084	Clkndpag.exe
2912	Cknnpm32.exe
1776	Cojjqlpk.exe
4760	Cecbmf32.exe
2416	Cdfbibnb.exe
5036	Chbnia32.exe
1340	Ckpjfm32.exe
4824	Colffknh.exe
3872	Chdkoa32.exe
1752	Daaicfgd.exe
3088	Dkjmlk32.exe
3084	Dbaemi32.exe
1080	Deoaid32.exe
4908	Dohfbj32.exe
4112	Dafbne32.exe
4268	Deanodkh.exe
3992	Dllfkn32.exe
2776	Dojcgi32.exe
1696	Dhbgqohi.exe
1160	Dlncan32.exe
2988	Eolpmi32.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Kpgfooop.exe	Kmijbcpl.exe
File created	C:\Windows\SysWOW64\Pnbbbabh.exe	Pkceffcd.exe
File opened for modification	C:\Windows\SysWOW64\Peqcjkfp.exe	Pkhoae32.exe
File opened for modification	C:\Windows\SysWOW64\Oncofm32.exe	Ocnjidkf.exe
File opened for modification	C:\Windows\SysWOW64\Ogpmjb32.exe	Odapnf32.exe
File opened for modification	C:\Windows\SysWOW64\Qgcbgo32.exe	Qqijje32.exe
File created	C:\Windows\SysWOW64\Mbpfgbfp.dll	Afjlnk32.exe
File opened for modification	C:\Windows\SysWOW64\Boepel32.exe	Blfdia32.exe
File created	C:\Windows\SysWOW64\Fakdpb32.exe	Fomhdg32.exe
File created	C:\Windows\SysWOW64\Jlbgha32.exe	Jidklf32.exe
File opened for modification	C:\Windows\SysWOW64\Olmeci32.exe	Ogpmjb32.exe
File created	C:\Windows\SysWOW64\Megkhf32.dll	Bdhfhe32.exe
File created	C:\Windows\SysWOW64\Ihlnnp32.dll	Jlednamo.exe
File created	C:\Windows\SysWOW64\Pqpgdfnp.exe	Pnakhkol.exe
File created	C:\Windows\SysWOW64\Iihqganf.dll	Lenamdem.exe
File created	C:\Windows\SysWOW64\Ohbkfake.dll	Olfobjbg.exe
File created	C:\Windows\SysWOW64\Qfbgbeai.dll	Odapnf32.exe
File created	C:\Windows\SysWOW64\Dmjapi32.dll	Bffkij32.exe
File created	C:\Windows\SysWOW64\Jpcnha32.dll	Bjddphlq.exe
File created	C:\Windows\SysWOW64\Fnhfnh32.dll	Cdainc32.exe
File created	C:\Windows\SysWOW64\Chbnia32.exe	Cdfbibnb.exe
File created	C:\Windows\SysWOW64\Ffimfqgm.exe	Fkciihgg.exe
File created	C:\Windows\SysWOW64\Lhclbphg.dll	Fkciihgg.exe
File opened for modification	C:\Windows\SysWOW64\Banllbdn.exe	Bmbplc32.exe
File created	C:\Windows\SysWOW64\Pniggbmk.dll	Dlncan32.exe
File created	C:\Windows\SysWOW64\Bmpcfdmg.exe	Bnmcjg32.exe
File created	C:\Windows\SysWOW64\Kjiccacq.dll	Mgimcebb.exe
File created	C:\Windows\SysWOW64\Ckqfbfnl.dll	Bldgdago.exe
File created	C:\Windows\SysWOW64\Cknnpm32.exe	Clkndpag.exe
File opened for modification	C:\Windows\SysWOW64\Ehimanbq.exe	Eapedd32.exe
File opened for modification	C:\Windows\SysWOW64\Dmllipeg.exe	Dddhpjof.exe
File created	C:\Windows\SysWOW64\Npibja32.dll	Imfdff32.exe
File created	C:\Windows\SysWOW64\Adgbpc32.exe	Ampkof32.exe
File created	C:\Windows\SysWOW64\Hkfoeega.exe	Hihbijhn.exe
File created	C:\Windows\SysWOW64\Bhoilahe.dll	Jifhaenk.exe
File created	C:\Windows\SysWOW64\Pkfhoiaf.dll	Oncofm32.exe
File opened for modification	C:\Windows\SysWOW64\Dbaemi32.exe	Dkjmlk32.exe
File created	C:\Windows\SysWOW64\Pdifoehl.exe	Pmannhhj.exe
File created	C:\Windows\SysWOW64\Cdfbibnb.exe	Cecbmf32.exe
File opened for modification	C:\Windows\SysWOW64\Gbgdlq32.exe	Gdcdbl32.exe
File opened for modification	C:\Windows\SysWOW64\Kedoge32.exe	Kbfbkj32.exe
File created	C:\Windows\SysWOW64\Acbmpm32.dll	Eapedd32.exe
File created	C:\Windows\SysWOW64\Najmlf32.dll	Nnqbanmo.exe
File created	C:\Windows\SysWOW64\Jiglalpk.dll	Alhhhcal.exe
File created	C:\Windows\SysWOW64\Nlplhfon.dll	Kfmepi32.exe
File opened for modification	C:\Windows\SysWOW64\Bmpcfdmg.exe	Bnmcjg32.exe
File created	C:\Windows\SysWOW64\Alabgd32.exe	Qnnanphk.exe
File created	C:\Windows\SysWOW64\Fomhdg32.exe	Fdgdgnbm.exe
File opened for modification	C:\Windows\SysWOW64\Nljofl32.exe	Nilcjp32.exe
File created	C:\Windows\SysWOW64\Cihmlb32.dll	Njnpppkn.exe
File created	C:\Windows\SysWOW64\Ocbddc32.exe	Olhlhjpd.exe
File created	C:\Windows\SysWOW64\Oehldcbk.dll	Bblckl32.exe
File created	C:\Windows\SysWOW64\Eofbch32.exe	Ehljfnpn.exe
File created	C:\Windows\SysWOW64\Memcpg32.dll	Jidklf32.exe
File created	C:\Windows\SysWOW64\Odmkog32.dll	Eoaihhlp.exe
File opened for modification	C:\Windows\SysWOW64\Lepncd32.exe	Lbabgh32.exe
File opened for modification	C:\Windows\SysWOW64\Dddhpjof.exe	Dfpgffpm.exe
File created	C:\Windows\SysWOW64\Daaicfgd.exe	Chdkoa32.exe
File created	C:\Windows\SysWOW64\Hmabdibj.exe	Gdjjckag.exe
File opened for modification	C:\Windows\SysWOW64\Liddbc32.exe	Lffhfh32.exe
File opened for modification	C:\Windows\SysWOW64\Bfhhoi32.exe	Bcjlcn32.exe
File created	C:\Windows\SysWOW64\Andgoobc.exe	Aelcfilb.exe
File opened for modification	C:\Windows\SysWOW64\Cafigg32.exe	Cogmkl32.exe
File opened for modification	C:\Windows\SysWOW64\Dkjmlk32.exe	Daaicfgd.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8728	8648	WerFault.exe	368

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bblckl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cojjqlpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pnfeqknj.dll"	Gdeqhl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kgdphnlp.dll"	Heapdjlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jpcnha32.dll"	Bjddphlq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jocbigff.dll"	Pnakhkol.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fbegho32.dll"	Bemlmgnp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fdgdgnbm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ihlnnp32.dll"	Jlednamo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Mbfkbhpa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fjegoh32.dll"	Nlaegk32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pnakhkol.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Alabgd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bbnpqk32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bjfaeh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Mlhbal32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Olihhh32.dll"	Obidhaog.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Balfaiil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ainpbi32.dll"	Gmoeoidl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hkfoeega.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hkfoeega.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Icplcpgo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gdkkfn32.dll"	Lljfpnjg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Qbgqio32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hfqlnm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fdegandp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Chfgkj32.dll"	Nilcjp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kihgme32.dll"	Adcmmeog.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Memcpg32.dll"	Jidklf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bejogg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cdainc32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ocnjidkf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ffimfqgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Gcimkc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Njohbh32.dll"	Icgjmapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jcefno32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fllpbldb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jeaikh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ijnlbk32.dll"	Cecbmf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Eefhjc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mhkngh32.dll"	Klqcioba.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Megdccmb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Odapnf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bfdodjhm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Peqcjkfp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Paadbk32.dll"	Ffgqqaip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Chdkoa32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fomhdg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Gdjjckag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ijlbqboa.dll"	Hihbijhn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Olfobjbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bemlmgnp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Gdeqhl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hihbijhn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ghkebndc.dll"	Hcpclbfa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bhbopgfn.dll"	Nnlhfn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jfhlejnh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cdfbibnb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mcgdgamg.dll"	Colffknh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gjgfjhqm.dll"	Pdifoehl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qdchadai.dll"	Blbknaib.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lcnhho32.dll"	Odmgcgbi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bblckl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kdnidn32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 224	2264	41a36f3f164e562386b1fb978e281cf9ce01f2e6c93f5f44d3e371df7650a54d_NeikiAnalytics.exe	83
PID 2264 wrote to memory of 224	2264	41a36f3f164e562386b1fb978e281cf9ce01f2e6c93f5f44d3e371df7650a54d_NeikiAnalytics.exe	83
PID 2264 wrote to memory of 224	2264	41a36f3f164e562386b1fb978e281cf9ce01f2e6c93f5f44d3e371df7650a54d_NeikiAnalytics.exe	83
PID 224 wrote to memory of 2744	224	Ogcpjhoq.exe	84
PID 224 wrote to memory of 2744	224	Ogcpjhoq.exe	84
PID 224 wrote to memory of 2744	224	Ogcpjhoq.exe	84
PID 2744 wrote to memory of 2496	2744	Obidhaog.exe	85
PID 2744 wrote to memory of 2496	2744	Obidhaog.exe	85
PID 2744 wrote to memory of 2496	2744	Obidhaog.exe	85
PID 2496 wrote to memory of 5040	2496	Peimil32.exe	86
PID 2496 wrote to memory of 5040	2496	Peimil32.exe	86
PID 2496 wrote to memory of 5040	2496	Peimil32.exe	86
PID 5040 wrote to memory of 2760	5040	Pkceffcd.exe	87
PID 5040 wrote to memory of 2760	5040	Pkceffcd.exe	87
PID 5040 wrote to memory of 2760	5040	Pkceffcd.exe	87
PID 2760 wrote to memory of 3868	2760	Pnbbbabh.exe	88
PID 2760 wrote to memory of 3868	2760	Pnbbbabh.exe	88
PID 2760 wrote to memory of 3868	2760	Pnbbbabh.exe	88
PID 3868 wrote to memory of 1368	3868	Pcagphom.exe	89
PID 3868 wrote to memory of 1368	3868	Pcagphom.exe	89
PID 3868 wrote to memory of 1368	3868	Pcagphom.exe	89
PID 1368 wrote to memory of 3604	1368	Pkhoae32.exe	90
PID 1368 wrote to memory of 3604	1368	Pkhoae32.exe	90
PID 1368 wrote to memory of 3604	1368	Pkhoae32.exe	90
PID 3604 wrote to memory of 1444	3604	Peqcjkfp.exe	91
PID 3604 wrote to memory of 1444	3604	Peqcjkfp.exe	91
PID 3604 wrote to memory of 1444	3604	Peqcjkfp.exe	91
PID 1444 wrote to memory of 1964	1444	Qkmhlekj.exe	93
PID 1444 wrote to memory of 1964	1444	Qkmhlekj.exe	93
PID 1444 wrote to memory of 1964	1444	Qkmhlekj.exe	93
PID 1964 wrote to memory of 1908	1964	Qbgqio32.exe	94
PID 1964 wrote to memory of 1908	1964	Qbgqio32.exe	94
PID 1964 wrote to memory of 1908	1964	Qbgqio32.exe	94
PID 1908 wrote to memory of 1348	1908	Qchmagie.exe	95
PID 1908 wrote to memory of 1348	1908	Qchmagie.exe	95
PID 1908 wrote to memory of 1348	1908	Qchmagie.exe	95
PID 1348 wrote to memory of 4916	1348	Qnnanphk.exe	96
PID 1348 wrote to memory of 4916	1348	Qnnanphk.exe	96
PID 1348 wrote to memory of 4916	1348	Qnnanphk.exe	96
PID 4916 wrote to memory of 1496	4916	Alabgd32.exe	98
PID 4916 wrote to memory of 1496	4916	Alabgd32.exe	98
PID 4916 wrote to memory of 1496	4916	Alabgd32.exe	98
PID 1496 wrote to memory of 3904	1496	Ahhblemi.exe	99
PID 1496 wrote to memory of 3904	1496	Ahhblemi.exe	99
PID 1496 wrote to memory of 3904	1496	Ahhblemi.exe	99
PID 3904 wrote to memory of 4228	3904	Aelcfilb.exe	100
PID 3904 wrote to memory of 4228	3904	Aelcfilb.exe	100
PID 3904 wrote to memory of 4228	3904	Aelcfilb.exe	100
PID 4228 wrote to memory of 2848	4228	Andgoobc.exe	101
PID 4228 wrote to memory of 2848	4228	Andgoobc.exe	101
PID 4228 wrote to memory of 2848	4228	Andgoobc.exe	101
PID 2848 wrote to memory of 2840	2848	Alhhhcal.exe	103
PID 2848 wrote to memory of 2840	2848	Alhhhcal.exe	103
PID 2848 wrote to memory of 2840	2848	Alhhhcal.exe	103
PID 2840 wrote to memory of 840	2840	Adcmmeog.exe	104
PID 2840 wrote to memory of 840	2840	Adcmmeog.exe	104
PID 2840 wrote to memory of 840	2840	Adcmmeog.exe	104
PID 840 wrote to memory of 4092	840	Ajneip32.exe	105
PID 840 wrote to memory of 4092	840	Ajneip32.exe	105
PID 840 wrote to memory of 4092	840	Ajneip32.exe	105
PID 4092 wrote to memory of 1020	4092	Bbgipldd.exe	106
PID 4092 wrote to memory of 1020	4092	Bbgipldd.exe	106
PID 4092 wrote to memory of 1020	4092	Bbgipldd.exe	106
PID 1020 wrote to memory of 1920	1020	Bdhfhe32.exe	107

C:\Users\Admin\AppData\Local\Temp\41a36f3f164e562386b1fb978e281cf9ce01f2e6c93f5f44d3e371df7650a54d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\41a36f3f164e562386b1fb978e281cf9ce01f2e6c93f5f44d3e371df7650a54d_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\Ogcpjhoq.exe
  C:\Windows\system32\Ogcpjhoq.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:224
- - C:\Windows\SysWOW64\Obidhaog.exe
    C:\Windows\system32\Obidhaog.exe
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Windows\SysWOW64\Peimil32.exe
      C:\Windows\system32\Peimil32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Windows\SysWOW64\Pkceffcd.exe
        
        C:\Windows\system32\Pkceffcd.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:5040
      - C:\Windows\SysWOW64\Pnbbbabh.exe
        
        C:\Windows\system32\Pnbbbabh.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2760
        
        C:\Windows\SysWOW64\Pcagphom.exe
        
        C:\Windows\system32\Pcagphom.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3868
        
        C:\Windows\SysWOW64\Pkhoae32.exe
        
        C:\Windows\system32\Pkhoae32.exe
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1368
        
        C:\Windows\SysWOW64\Peqcjkfp.exe
        
        C:\Windows\system32\Peqcjkfp.exe
        9⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3604
        
        C:\Windows\SysWOW64\Qkmhlekj.exe
        
        C:\Windows\system32\Qkmhlekj.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1444
        
        C:\Windows\SysWOW64\Qbgqio32.exe
        
        C:\Windows\system32\Qbgqio32.exe
        11⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1964
        
        C:\Windows\SysWOW64\Qchmagie.exe
        
        C:\Windows\system32\Qchmagie.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Windows\SysWOW64\Qnnanphk.exe
        
        C:\Windows\system32\Qnnanphk.exe
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1348
        
        C:\Windows\SysWOW64\Alabgd32.exe
        
        C:\Windows\system32\Alabgd32.exe
        14⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4916
        
        C:\Windows\SysWOW64\Ahhblemi.exe
        
        C:\Windows\system32\Ahhblemi.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1496
        
        C:\Windows\SysWOW64\Aelcfilb.exe
        
        C:\Windows\system32\Aelcfilb.exe
        16⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3904
        
        C:\Windows\SysWOW64\Andgoobc.exe
        
        C:\Windows\system32\Andgoobc.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4228
        
        C:\Windows\SysWOW64\Alhhhcal.exe
        
        C:\Windows\system32\Alhhhcal.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2848
        
        C:\Windows\SysWOW64\Adcmmeog.exe
        
        C:\Windows\system32\Adcmmeog.exe
        19⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2840
        
        C:\Windows\SysWOW64\Ajneip32.exe
        
        C:\Windows\system32\Ajneip32.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:840
        
        C:\Windows\SysWOW64\Bbgipldd.exe
        
        C:\Windows\system32\Bbgipldd.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4092
        
        C:\Windows\SysWOW64\Bdhfhe32.exe
        
        C:\Windows\system32\Bdhfhe32.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1020
        
        C:\Windows\SysWOW64\Bnnjen32.exe
        
        C:\Windows\system32\Bnnjen32.exe
        23⤵
        Executes dropped EXE
        
        PID:1920
        
        C:\Windows\SysWOW64\Balfaiil.exe
        
        C:\Windows\system32\Balfaiil.exe
        24⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3800
        
        C:\Windows\SysWOW64\Blbknaib.exe
        
        C:\Windows\system32\Blbknaib.exe
        25⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:3492
        
        C:\Windows\SysWOW64\Bblckl32.exe
        
        C:\Windows\system32\Bblckl32.exe
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3356
        
        C:\Windows\SysWOW64\Bejogg32.exe
        
        C:\Windows\system32\Bejogg32.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1684
        
        C:\Windows\SysWOW64\Bhikcb32.exe
        
        C:\Windows\system32\Bhikcb32.exe
        28⤵
        Executes dropped EXE
        
        PID:4612
        
        C:\Windows\SysWOW64\Bldgdago.exe
        
        C:\Windows\system32\Bldgdago.exe
        29⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1028
        
        C:\Windows\SysWOW64\Bobcpmfc.exe
        
        C:\Windows\system32\Bobcpmfc.exe
        30⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\Bbnpqk32.exe
        
        C:\Windows\system32\Bbnpqk32.exe
        31⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1768
        
        C:\Windows\SysWOW64\Bemlmgnp.exe
        
        C:\Windows\system32\Bemlmgnp.exe
        32⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2428
        
        C:\Windows\SysWOW64\Bhkhibmc.exe
        
        C:\Windows\system32\Bhkhibmc.exe
        33⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4828
        
        C:\Windows\SysWOW64\Blfdia32.exe
        
        C:\Windows\system32\Blfdia32.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5072
        
        C:\Windows\SysWOW64\Boepel32.exe
        
        C:\Windows\system32\Boepel32.exe
        35⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5004
        
        C:\Windows\SysWOW64\Cbqlfkmi.exe
        
        C:\Windows\system32\Cbqlfkmi.exe
        36⤵
        Executes dropped EXE
        
        PID:3048
        
        C:\Windows\SysWOW64\Cacmah32.exe
        
        C:\Windows\system32\Cacmah32.exe
        37⤵
        Executes dropped EXE
        
        PID:1972
        
        C:\Windows\SysWOW64\Cdainc32.exe
        
        C:\Windows\system32\Cdainc32.exe
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4832
        
        C:\Windows\SysWOW64\Chmeobkq.exe
        
        C:\Windows\system32\Chmeobkq.exe
        39⤵
        Executes dropped EXE
        
        PID:772
        
        C:\Windows\SysWOW64\Cklaknjd.exe
        
        C:\Windows\system32\Cklaknjd.exe
        40⤵
        Executes dropped EXE
        
        PID:2696
        
        C:\Windows\SysWOW64\Cogmkl32.exe
        
        C:\Windows\system32\Cogmkl32.exe
        41⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4692
        
        C:\Windows\SysWOW64\Cafigg32.exe
        
        C:\Windows\system32\Cafigg32.exe
        42⤵
        Executes dropped EXE
        
        PID:3124
        
        C:\Windows\SysWOW64\Ceaehfjj.exe
        
        C:\Windows\system32\Ceaehfjj.exe
        43⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3676
        
        C:\Windows\SysWOW64\Chpada32.exe
        
        C:\Windows\system32\Chpada32.exe
        44⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Windows\SysWOW64\Clkndpag.exe
        
        C:\Windows\system32\Clkndpag.exe
        45⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1084
        
        C:\Windows\SysWOW64\Cknnpm32.exe
        
        C:\Windows\system32\Cknnpm32.exe
        46⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:2912
        
        C:\Windows\SysWOW64\Cojjqlpk.exe
        
        C:\Windows\system32\Cojjqlpk.exe
        47⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1776
        
        C:\Windows\SysWOW64\Cecbmf32.exe
        
        C:\Windows\system32\Cecbmf32.exe
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4760
        
        C:\Windows\SysWOW64\Cdfbibnb.exe
        
        C:\Windows\system32\Cdfbibnb.exe
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2416
        
        C:\Windows\SysWOW64\Chbnia32.exe
        
        C:\Windows\system32\Chbnia32.exe
        50⤵
        Executes dropped EXE
        
        PID:5036
        
        C:\Windows\SysWOW64\Ckpjfm32.exe
        
        C:\Windows\system32\Ckpjfm32.exe
        51⤵
        Executes dropped EXE
        
        PID:1340
        
        C:\Windows\SysWOW64\Colffknh.exe
        
        C:\Windows\system32\Colffknh.exe
        52⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:4824
        
        C:\Windows\SysWOW64\Chdkoa32.exe
        
        C:\Windows\system32\Chdkoa32.exe
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3872
        
        C:\Windows\SysWOW64\Daaicfgd.exe
        
        C:\Windows\system32\Daaicfgd.exe
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1752
        
        C:\Windows\SysWOW64\Dkjmlk32.exe
        
        C:\Windows\system32\Dkjmlk32.exe
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3088
        
        C:\Windows\SysWOW64\Dbaemi32.exe
        
        C:\Windows\system32\Dbaemi32.exe
        56⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3084
        
        C:\Windows\SysWOW64\Deoaid32.exe
        
        C:\Windows\system32\Deoaid32.exe
        57⤵
        Executes dropped EXE
        
        PID:1080
        
        C:\Windows\SysWOW64\Dohfbj32.exe
        
        C:\Windows\system32\Dohfbj32.exe
        58⤵
        Executes dropped EXE
        
        PID:4908
        
        C:\Windows\SysWOW64\Dafbne32.exe
        
        C:\Windows\system32\Dafbne32.exe
        59⤵
        Executes dropped EXE
        
        PID:4112
        
        C:\Windows\SysWOW64\Deanodkh.exe
        
        C:\Windows\system32\Deanodkh.exe
        60⤵
        Executes dropped EXE
        
        PID:4268
        
        C:\Windows\SysWOW64\Dllfkn32.exe
        
        C:\Windows\system32\Dllfkn32.exe
        61⤵
        Executes dropped EXE
        
        PID:3992
        
        C:\Windows\SysWOW64\Dojcgi32.exe
        
        C:\Windows\system32\Dojcgi32.exe
        62⤵
        Executes dropped EXE
        
        PID:2776
        
        C:\Windows\SysWOW64\Dhbgqohi.exe
        
        C:\Windows\system32\Dhbgqohi.exe
        63⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Windows\SysWOW64\Dlncan32.exe
        
        C:\Windows\system32\Dlncan32.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1160
        
        C:\Windows\SysWOW64\Eolpmi32.exe
        
        C:\Windows\system32\Eolpmi32.exe
        65⤵
        Executes dropped EXE
        
        PID:2988
        
        C:\Windows\SysWOW64\Eefhjc32.exe
        
        C:\Windows\system32\Eefhjc32.exe
        66⤵
        Modifies registry class
        
        PID:1500
        
        C:\Windows\SysWOW64\Ekcpbj32.exe
        
        C:\Windows\system32\Ekcpbj32.exe
        67⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\Ecjhcg32.exe
        
        C:\Windows\system32\Ecjhcg32.exe
        68⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2368
        
        C:\Windows\SysWOW64\Ehgqln32.exe
        
        C:\Windows\system32\Ehgqln32.exe
        69⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2820
        
        C:\Windows\SysWOW64\Eoaihhlp.exe
        
        C:\Windows\system32\Eoaihhlp.exe
        70⤵
        Drops file in System32 directory
        
        PID:3352
        
        C:\Windows\SysWOW64\Eapedd32.exe
        
        C:\Windows\system32\Eapedd32.exe
        71⤵
        Drops file in System32 directory
        
        PID:1044
        
        C:\Windows\SysWOW64\Ehimanbq.exe
        
        C:\Windows\system32\Ehimanbq.exe
        72⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\Eocenh32.exe
        
        C:\Windows\system32\Eocenh32.exe
        73⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\Ehljfnpn.exe
        
        C:\Windows\system32\Ehljfnpn.exe
        74⤵
        Drops file in System32 directory
        
        PID:920
        
        C:\Windows\SysWOW64\Eofbch32.exe
        
        C:\Windows\system32\Eofbch32.exe
        75⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4580
        
        C:\Windows\SysWOW64\Fkmchi32.exe
        
        C:\Windows\system32\Fkmchi32.exe
        76⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2588
        
        C:\Windows\SysWOW64\Fdegandp.exe
        
        C:\Windows\system32\Fdegandp.exe
        77⤵
        Modifies registry class
        
        PID:1212
        
        C:\Windows\SysWOW64\Fllpbldb.exe
        
        C:\Windows\system32\Fllpbldb.exe
        78⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:2872
        
        C:\Windows\SysWOW64\Faihkbci.exe
        
        C:\Windows\system32\Faihkbci.exe
        79⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\Fdgdgnbm.exe
        
        C:\Windows\system32\Fdgdgnbm.exe
        80⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4820
        
        C:\Windows\SysWOW64\Fomhdg32.exe
        
        C:\Windows\system32\Fomhdg32.exe
        81⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:2012
        
        C:\Windows\SysWOW64\Fakdpb32.exe
        
        C:\Windows\system32\Fakdpb32.exe
        82⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\Ffgqqaip.exe
        
        C:\Windows\system32\Ffgqqaip.exe
        83⤵
        Modifies registry class
        
        PID:2464
        
        C:\Windows\SysWOW64\Fkciihgg.exe
        
        C:\Windows\system32\Fkciihgg.exe
        84⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:1900
        
        C:\Windows\SysWOW64\Ffimfqgm.exe
        
        C:\Windows\system32\Ffimfqgm.exe
        85⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:4976
        
        C:\Windows\SysWOW64\Flceckoj.exe
        
        C:\Windows\system32\Flceckoj.exe
        86⤵
        
        PID:264
        
        C:\Windows\SysWOW64\Ffkjlp32.exe
        
        C:\Windows\system32\Ffkjlp32.exe
        87⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\Fdnjgmle.exe
        
        C:\Windows\system32\Fdnjgmle.exe
        88⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2552
        
        C:\Windows\SysWOW64\Glebhjlg.exe
        
        C:\Windows\system32\Glebhjlg.exe
        89⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\Gcojed32.exe
        
        C:\Windows\system32\Gcojed32.exe
        90⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\Ghlcnk32.exe
        
        C:\Windows\system32\Ghlcnk32.exe
        91⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\Gcagkdba.exe
        
        C:\Windows\system32\Gcagkdba.exe
        92⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\Gdcdbl32.exe
        
        C:\Windows\system32\Gdcdbl32.exe
        93⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5244
        
        C:\Windows\SysWOW64\Gbgdlq32.exe
        
        C:\Windows\system32\Gbgdlq32.exe
        94⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\Gdeqhl32.exe
        
        C:\Windows\system32\Gdeqhl32.exe
        95⤵
        Modifies registry class
        
        PID:5328
        
        C:\Windows\SysWOW64\Gokdeeec.exe
        
        C:\Windows\system32\Gokdeeec.exe
        96⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\Gmoeoidl.exe
        
        C:\Windows\system32\Gmoeoidl.exe
        97⤵
        Modifies registry class
        
        PID:5416
        
        C:\Windows\SysWOW64\Gomakdcp.exe
        
        C:\Windows\system32\Gomakdcp.exe
        98⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\Gcimkc32.exe
        
        C:\Windows\system32\Gcimkc32.exe
        99⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5492
        
        C:\Windows\SysWOW64\Gdjjckag.exe
        
        C:\Windows\system32\Gdjjckag.exe
        100⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5528
        
        C:\Windows\SysWOW64\Hmabdibj.exe
        
        C:\Windows\system32\Hmabdibj.exe
        101⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\Hkdbpe32.exe
        
        C:\Windows\system32\Hkdbpe32.exe
        102⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\Hihbijhn.exe
        
        C:\Windows\system32\Hihbijhn.exe
        103⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5648
        
        C:\Windows\SysWOW64\Hkfoeega.exe
        
        C:\Windows\system32\Hkfoeega.exe
        104⤵
        Modifies registry class
        
        PID:5684
        
        C:\Windows\SysWOW64\Hobkfd32.exe
        
        C:\Windows\system32\Hobkfd32.exe
        105⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\Hbpgbo32.exe
        
        C:\Windows\system32\Hbpgbo32.exe
        106⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\Hkikkeeo.exe
        
        C:\Windows\system32\Hkikkeeo.exe
        107⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\Hcpclbfa.exe
        
        C:\Windows\system32\Hcpclbfa.exe
        108⤵
        Modifies registry class
        
        PID:5836
        
        C:\Windows\SysWOW64\Heapdjlp.exe
        
        C:\Windows\system32\Heapdjlp.exe
        109⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5900
        
        C:\Windows\SysWOW64\Hcbpab32.exe
        
        C:\Windows\system32\Hcbpab32.exe
        110⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\Hfqlnm32.exe
        
        C:\Windows\system32\Hfqlnm32.exe
        111⤵
        Modifies registry class
        
        PID:5988
        
        C:\Windows\SysWOW64\Hmjdjgjo.exe
        
        C:\Windows\system32\Hmjdjgjo.exe
        112⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\Iiaephpc.exe
        
        C:\Windows\system32\Iiaephpc.exe
        113⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\Icgjmapi.exe
        
        C:\Windows\system32\Icgjmapi.exe
        114⤵
        Modifies registry class
        
        PID:5160
        
        C:\Windows\SysWOW64\Iehfdi32.exe
        
        C:\Windows\system32\Iehfdi32.exe
        115⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\Iblfnn32.exe
        
        C:\Windows\system32\Iblfnn32.exe
        116⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\Iejcji32.exe
        
        C:\Windows\system32\Iejcji32.exe
        117⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5520
        
        C:\Windows\SysWOW64\Ickchq32.exe
        
        C:\Windows\system32\Ickchq32.exe
        118⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\Iemppiab.exe
        
        C:\Windows\system32\Iemppiab.exe
        119⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\Imdgqfbd.exe
        
        C:\Windows\system32\Imdgqfbd.exe
        120⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\Ieolehop.exe
        
        C:\Windows\system32\Ieolehop.exe
        121⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\Imfdff32.exe
        
        C:\Windows\system32\Imfdff32.exe
        122⤵
        Drops file in System32 directory
        
        PID:5920
        
        C:\Windows\SysWOW64\Icplcpgo.exe
        
        C:\Windows\system32\Icplcpgo.exe
        123⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6036
        
        C:\Windows\SysWOW64\Ibcmom32.exe
        
        C:\Windows\system32\Ibcmom32.exe
        124⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\Jeaikh32.exe
        
        C:\Windows\system32\Jeaikh32.exe
        125⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5224
        
        C:\Windows\SysWOW64\Jlkagbej.exe
        
        C:\Windows\system32\Jlkagbej.exe
        126⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\Jbeidl32.exe
        
        C:\Windows\system32\Jbeidl32.exe
        127⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5548
        
        C:\Windows\SysWOW64\Jedeph32.exe
        
        C:\Windows\system32\Jedeph32.exe
        128⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\Jcefno32.exe
        
        C:\Windows\system32\Jcefno32.exe
        129⤵
        Modifies registry class
        
        PID:5824
        
        C:\Windows\SysWOW64\Jfcbjk32.exe
        
        C:\Windows\system32\Jfcbjk32.exe
        130⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5924
        
        C:\Windows\SysWOW64\Jianff32.exe
        
        C:\Windows\system32\Jianff32.exe
        131⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\Jplfcpin.exe
        
        C:\Windows\system32\Jplfcpin.exe
        132⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\Jfeopj32.exe
        
        C:\Windows\system32\Jfeopj32.exe
        133⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\Jidklf32.exe
        
        C:\Windows\system32\Jidklf32.exe
        134⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5888
        
        C:\Windows\SysWOW64\Jlbgha32.exe
        
        C:\Windows\system32\Jlbgha32.exe
        135⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\Jcioiood.exe
        
        C:\Windows\system32\Jcioiood.exe
        136⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\Jfhlejnh.exe
        
        C:\Windows\system32\Jfhlejnh.exe
        137⤵
        Modifies registry class
        
        PID:5756
        
        C:\Windows\SysWOW64\Jifhaenk.exe
        
        C:\Windows\system32\Jifhaenk.exe
        138⤵
        Drops file in System32 directory
        
        PID:5236
        
        C:\Windows\SysWOW64\Jlednamo.exe
        
        C:\Windows\system32\Jlednamo.exe
        139⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5864
        
        C:\Windows\SysWOW64\Jcllonma.exe
        
        C:\Windows\system32\Jcllonma.exe
        140⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\Kfjhkjle.exe
        
        C:\Windows\system32\Kfjhkjle.exe
        141⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\Klgqcqkl.exe
        
        C:\Windows\system32\Klgqcqkl.exe
        142⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\Kdnidn32.exe
        
        C:\Windows\system32\Kdnidn32.exe
        143⤵
        Modifies registry class
        
        PID:6196
        
        C:\Windows\SysWOW64\Kfmepi32.exe
        
        C:\Windows\system32\Kfmepi32.exe
        144⤵
        Drops file in System32 directory
        
        PID:6240
        
        C:\Windows\SysWOW64\Kdqejn32.exe
        
        C:\Windows\system32\Kdqejn32.exe
        145⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\Kebbafoj.exe
        
        C:\Windows\system32\Kebbafoj.exe
        146⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\Kmijbcpl.exe
        
        C:\Windows\system32\Kmijbcpl.exe
        147⤵
        Drops file in System32 directory
        
        PID:6364
        
        C:\Windows\SysWOW64\Kpgfooop.exe
        
        C:\Windows\system32\Kpgfooop.exe
        148⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\Kbfbkj32.exe
        
        C:\Windows\system32\Kbfbkj32.exe
        149⤵
        Drops file in System32 directory
        
        PID:6448
        
        C:\Windows\SysWOW64\Kedoge32.exe
        
        C:\Windows\system32\Kedoge32.exe
        150⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\Klngdpdd.exe
        
        C:\Windows\system32\Klngdpdd.exe
        151⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6528
        
        C:\Windows\SysWOW64\Kbhoqj32.exe
        
        C:\Windows\system32\Kbhoqj32.exe
        152⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\Kefkme32.exe
        
        C:\Windows\system32\Kefkme32.exe
        153⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\Klqcioba.exe
        
        C:\Windows\system32\Klqcioba.exe
        154⤵
        Modifies registry class
        
        PID:6664
        
        C:\Windows\SysWOW64\Kdgljmcd.exe
        
        C:\Windows\system32\Kdgljmcd.exe
        155⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\Lffhfh32.exe
        
        C:\Windows\system32\Lffhfh32.exe
        156⤵
        Drops file in System32 directory
        
        PID:6748
        
        C:\Windows\SysWOW64\Liddbc32.exe
        
        C:\Windows\system32\Liddbc32.exe
        157⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\Llcpoo32.exe
        
        C:\Windows\system32\Llcpoo32.exe
        158⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\Lbmhlihl.exe
        
        C:\Windows\system32\Lbmhlihl.exe
        159⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6884
        
        C:\Windows\SysWOW64\Ligqhc32.exe
        
        C:\Windows\system32\Ligqhc32.exe
        160⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\Llemdo32.exe
        
        C:\Windows\system32\Llemdo32.exe
        161⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\Ldleel32.exe
        
        C:\Windows\system32\Ldleel32.exe
        162⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\Lfkaag32.exe
        
        C:\Windows\system32\Lfkaag32.exe
        163⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\Lenamdem.exe
        
        C:\Windows\system32\Lenamdem.exe
        164⤵
        Drops file in System32 directory
        
        PID:7088
        
        C:\Windows\SysWOW64\Lmdina32.exe
        
        C:\Windows\system32\Lmdina32.exe
        165⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7136
        
        C:\Windows\SysWOW64\Lpcfkm32.exe
        
        C:\Windows\system32\Lpcfkm32.exe
        166⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\Lbabgh32.exe
        
        C:\Windows\system32\Lbabgh32.exe
        167⤵
        Drops file in System32 directory
        
        PID:6232
        
        C:\Windows\SysWOW64\Lepncd32.exe
        
        C:\Windows\system32\Lepncd32.exe
        168⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\Lljfpnjg.exe
        
        C:\Windows\system32\Lljfpnjg.exe
        169⤵
        Modifies registry class
        
        PID:6372
        
        C:\Windows\SysWOW64\Lmiciaaj.exe
        
        C:\Windows\system32\Lmiciaaj.exe
        170⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6444
        
        C:\Windows\SysWOW64\Lphoelqn.exe
        
        C:\Windows\system32\Lphoelqn.exe
        171⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\Mbfkbhpa.exe
        
        C:\Windows\system32\Mbfkbhpa.exe
        172⤵
        Modifies registry class
        
        PID:6560
        
        C:\Windows\SysWOW64\Mipcob32.exe
        
        C:\Windows\system32\Mipcob32.exe
        173⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\Mlopkm32.exe
        
        C:\Windows\system32\Mlopkm32.exe
        174⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6688
        
        C:\Windows\SysWOW64\Megdccmb.exe
        
        C:\Windows\system32\Megdccmb.exe
        175⤵
        Modifies registry class
        
        PID:6788
        
        C:\Windows\SysWOW64\Mmnldp32.exe
        
        C:\Windows\system32\Mmnldp32.exe
        176⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\Mplhql32.exe
        
        C:\Windows\system32\Mplhql32.exe
        177⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\Mckemg32.exe
        
        C:\Windows\system32\Mckemg32.exe
        178⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\Meiaib32.exe
        
        C:\Windows\system32\Meiaib32.exe
        179⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7072
        
        C:\Windows\SysWOW64\Mlcifmbl.exe
        
        C:\Windows\system32\Mlcifmbl.exe
        180⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\Mdjagjco.exe
        
        C:\Windows\system32\Mdjagjco.exe
        181⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\Mgimcebb.exe
        
        C:\Windows\system32\Mgimcebb.exe
        182⤵
        Drops file in System32 directory
        
        PID:6156
        
        C:\Windows\SysWOW64\Mlefklpj.exe
        
        C:\Windows\system32\Mlefklpj.exe
        183⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\Mdmnlj32.exe
        
        C:\Windows\system32\Mdmnlj32.exe
        184⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\Mcpnhfhf.exe
        
        C:\Windows\system32\Mcpnhfhf.exe
        185⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\Menjdbgj.exe
        
        C:\Windows\system32\Menjdbgj.exe
        186⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6832
        
        C:\Windows\SysWOW64\Mlhbal32.exe
        
        C:\Windows\system32\Mlhbal32.exe
        187⤵
        Modifies registry class
        
        PID:6904
        
        C:\Windows\SysWOW64\Ncbknfed.exe
        
        C:\Windows\system32\Ncbknfed.exe
        188⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\Nilcjp32.exe
        
        C:\Windows\system32\Nilcjp32.exe
        189⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:7124
        
        C:\Windows\SysWOW64\Nljofl32.exe
        
        C:\Windows\system32\Nljofl32.exe
        190⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\Ncdgcf32.exe
        
        C:\Windows\system32\Ncdgcf32.exe
        191⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6392
        
        C:\Windows\SysWOW64\Njnpppkn.exe
        
        C:\Windows\system32\Njnpppkn.exe
        192⤵
        Drops file in System32 directory
        
        PID:6572
        
        C:\Windows\SysWOW64\Ncfdie32.exe
        
        C:\Windows\system32\Ncfdie32.exe
        193⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\Neeqea32.exe
        
        C:\Windows\system32\Neeqea32.exe
        194⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6948
        
        C:\Windows\SysWOW64\Nnlhfn32.exe
        
        C:\Windows\system32\Nnlhfn32.exe
        195⤵
        Modifies registry class
        
        PID:7076
        
        C:\Windows\SysWOW64\Ndfqbhia.exe
        
        C:\Windows\system32\Ndfqbhia.exe
        196⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\Ngdmod32.exe
        
        C:\Windows\system32\Ngdmod32.exe
        197⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\Njciko32.exe
        
        C:\Windows\system32\Njciko32.exe
        198⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\Nlaegk32.exe
        
        C:\Windows\system32\Nlaegk32.exe
        199⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6380
        
        C:\Windows\SysWOW64\Ndhmhh32.exe
        
        C:\Windows\system32\Ndhmhh32.exe
        200⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\Nfjjppmm.exe
        
        C:\Windows\system32\Nfjjppmm.exe
        201⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\Nnqbanmo.exe
        
        C:\Windows\system32\Nnqbanmo.exe
        202⤵
        Drops file in System32 directory
        
        PID:6756
        
        C:\Windows\SysWOW64\Ocnjidkf.exe
        
        C:\Windows\system32\Ocnjidkf.exe
        203⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7180
        
        C:\Windows\SysWOW64\Oncofm32.exe
        
        C:\Windows\system32\Oncofm32.exe
        204⤵
        Drops file in System32 directory
        
        PID:7220
        
        C:\Windows\SysWOW64\Olfobjbg.exe
        
        C:\Windows\system32\Olfobjbg.exe
        205⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7264
        
        C:\Windows\SysWOW64\Odmgcgbi.exe
        
        C:\Windows\system32\Odmgcgbi.exe
        206⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7300
        
        C:\Windows\SysWOW64\Ogkcpbam.exe
        
        C:\Windows\system32\Ogkcpbam.exe
        207⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\Olhlhjpd.exe
        
        C:\Windows\system32\Olhlhjpd.exe
        208⤵
        Drops file in System32 directory
        
        PID:7376
        
        C:\Windows\SysWOW64\Ocbddc32.exe
        
        C:\Windows\system32\Ocbddc32.exe
        209⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7412
        
        C:\Windows\SysWOW64\Ofqpqo32.exe
        
        C:\Windows\system32\Ofqpqo32.exe
        210⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\Odapnf32.exe
        
        C:\Windows\system32\Odapnf32.exe
        211⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7492
        
        C:\Windows\SysWOW64\Ogpmjb32.exe
        
        C:\Windows\system32\Ogpmjb32.exe
        212⤵
        Drops file in System32 directory
        
        PID:7532
        
        C:\Windows\SysWOW64\Olmeci32.exe
        
        C:\Windows\system32\Olmeci32.exe
        213⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\Ofeilobp.exe
        
        C:\Windows\system32\Ofeilobp.exe
        214⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\Pqknig32.exe
        
        C:\Windows\system32\Pqknig32.exe
        215⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7672
        
        C:\Windows\SysWOW64\Pcijeb32.exe
        
        C:\Windows\system32\Pcijeb32.exe
        216⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\Pmannhhj.exe
        
        C:\Windows\system32\Pmannhhj.exe
        217⤵
        Drops file in System32 directory
        
        PID:7768
        
        C:\Windows\SysWOW64\Pdifoehl.exe
        
        C:\Windows\system32\Pdifoehl.exe
        218⤵
        Modifies registry class
        
        PID:7816
        
        C:\Windows\SysWOW64\Pnakhkol.exe
        
        C:\Windows\system32\Pnakhkol.exe
        219⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:7856
        
        C:\Windows\SysWOW64\Pqpgdfnp.exe
        
        C:\Windows\system32\Pqpgdfnp.exe
        220⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\Pdkcde32.exe
        
        C:\Windows\system32\Pdkcde32.exe
        221⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\Pjhlml32.exe
        
        C:\Windows\system32\Pjhlml32.exe
        222⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\Pdmpje32.exe
        
        C:\Windows\system32\Pdmpje32.exe
        223⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\Pgllfp32.exe
        
        C:\Windows\system32\Pgllfp32.exe
        224⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\Pmidog32.exe
        
        C:\Windows\system32\Pmidog32.exe
        225⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\Pqdqof32.exe
        
        C:\Windows\system32\Pqdqof32.exe
        226⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\Pjmehkqk.exe
        
        C:\Windows\system32\Pjmehkqk.exe
        227⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7176
        
        C:\Windows\SysWOW64\Qqfmde32.exe
        
        C:\Windows\system32\Qqfmde32.exe
        228⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\Qgqeappe.exe
        
        C:\Windows\system32\Qgqeappe.exe
        229⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7296
        
        C:\Windows\SysWOW64\Qqijje32.exe
        
        C:\Windows\system32\Qqijje32.exe
        230⤵
        Drops file in System32 directory
        
        PID:7420
        
        C:\Windows\SysWOW64\Qgcbgo32.exe
        
        C:\Windows\system32\Qgcbgo32.exe
        231⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7468
        
        C:\Windows\SysWOW64\Ampkof32.exe
        
        C:\Windows\system32\Ampkof32.exe
        232⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7528
        
        C:\Windows\SysWOW64\Adgbpc32.exe
        
        C:\Windows\system32\Adgbpc32.exe
        233⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\Afhohlbj.exe
        
        C:\Windows\system32\Afhohlbj.exe
        234⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:584
        
        C:\Windows\SysWOW64\Aeiofcji.exe
        
        C:\Windows\system32\Aeiofcji.exe
        235⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\Aclpap32.exe
        
        C:\Windows\system32\Aclpap32.exe
        236⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\Afjlnk32.exe
        
        C:\Windows\system32\Afjlnk32.exe
        237⤵
        Drops file in System32 directory
        
        PID:7708
        
        C:\Windows\SysWOW64\Amddjegd.exe
        
        C:\Windows\system32\Amddjegd.exe
        238⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\Agjhgngj.exe
        
        C:\Windows\system32\Agjhgngj.exe
        239⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\Aabmqd32.exe
        
        C:\Windows\system32\Aabmqd32.exe
        240⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\Ajkaii32.exe
        
        C:\Windows\system32\Ajkaii32.exe
        241⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\Bfabnjjp.exe
        
        C:\Windows\system32\Bfabnjjp.exe
        242⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\Bnhjohkb.exe
        
        C:\Windows\system32\Bnhjohkb.exe
        243⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\Bfdodjhm.exe
        
        C:\Windows\system32\Bfdodjhm.exe
        244⤵
        Modifies registry class
        
        PID:8136
        
        C:\Windows\SysWOW64\Baicac32.exe
        
        C:\Windows\system32\Baicac32.exe
        245⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\Bffkij32.exe
        
        C:\Windows\system32\Bffkij32.exe
        246⤵
        Drops file in System32 directory
        
        PID:7328
        
        C:\Windows\SysWOW64\Bnmcjg32.exe
        
        C:\Windows\system32\Bnmcjg32.exe
        247⤵
        Drops file in System32 directory
        
        PID:7476
        
        C:\Windows\SysWOW64\Bmpcfdmg.exe
        
        C:\Windows\system32\Bmpcfdmg.exe
        248⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\Balpgb32.exe
        
        C:\Windows\system32\Balpgb32.exe
        249⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\Bcjlcn32.exe
        
        C:\Windows\system32\Bcjlcn32.exe
        250⤵
        Drops file in System32 directory
        
        PID:7752
        
        C:\Windows\SysWOW64\Bfhhoi32.exe
        
        C:\Windows\system32\Bfhhoi32.exe
        251⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\Bjddphlq.exe
        
        C:\Windows\system32\Bjddphlq.exe
        252⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:7988
        
        C:\Windows\SysWOW64\Bmbplc32.exe
        
        C:\Windows\system32\Bmbplc32.exe
        253⤵
        Drops file in System32 directory
        
        PID:8076
        
        C:\Windows\SysWOW64\Banllbdn.exe
        
        C:\Windows\system32\Banllbdn.exe
        254⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\Beihma32.exe
        
        C:\Windows\system32\Beihma32.exe
        255⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\Bclhhnca.exe
        
        C:\Windows\system32\Bclhhnca.exe
        256⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\Bjfaeh32.exe
        
        C:\Windows\system32\Bjfaeh32.exe
        257⤵
        Modifies registry class
        
        PID:7828
        
        C:\Windows\SysWOW64\Belebq32.exe
        
        C:\Windows\system32\Belebq32.exe
        258⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8008
        
        C:\Windows\SysWOW64\Cmgjgcgo.exe
        
        C:\Windows\system32\Cmgjgcgo.exe
        259⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8176
        
        C:\Windows\SysWOW64\Cfpnph32.exe
        
        C:\Windows\system32\Cfpnph32.exe
        260⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\Cdcoim32.exe
        
        C:\Windows\system32\Cdcoim32.exe
        261⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\Cmlcbbcj.exe
        
        C:\Windows\system32\Cmlcbbcj.exe
        262⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\Chagok32.exe
        
        C:\Windows\system32\Chagok32.exe
        263⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\Cnkplejl.exe
        
        C:\Windows\system32\Cnkplejl.exe
        264⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\Cffdpghg.exe
        
        C:\Windows\system32\Cffdpghg.exe
        265⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\Cmqmma32.exe
        
        C:\Windows\system32\Cmqmma32.exe
        266⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\Calhnpgn.exe
        
        C:\Windows\system32\Calhnpgn.exe
        267⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8280
        
        C:\Windows\SysWOW64\Djdmffnn.exe
        
        C:\Windows\system32\Djdmffnn.exe
        268⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\Dejacond.exe
        
        C:\Windows\system32\Dejacond.exe
        269⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8356
        
        C:\Windows\SysWOW64\Dobfld32.exe
        
        C:\Windows\system32\Dobfld32.exe
        270⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\Ddonekbl.exe
        
        C:\Windows\system32\Ddonekbl.exe
        271⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\Dodbbdbb.exe
        
        C:\Windows\system32\Dodbbdbb.exe
        272⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8464
        
        C:\Windows\SysWOW64\Deokon32.exe
        
        C:\Windows\system32\Deokon32.exe
        273⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\Ddakjkqi.exe
        
        C:\Windows\system32\Ddakjkqi.exe
        274⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\Dfpgffpm.exe
        
        C:\Windows\system32\Dfpgffpm.exe
        275⤵
        Drops file in System32 directory
        
        PID:8572
        
        C:\Windows\SysWOW64\Dddhpjof.exe
        
        C:\Windows\system32\Dddhpjof.exe
        276⤵
        Drops file in System32 directory
        
        PID:8608
        
        C:\Windows\SysWOW64\Dmllipeg.exe
        
        C:\Windows\system32\Dmllipeg.exe
        277⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 212
        278⤵
        Program crash
        
        PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 8648 -ip 8648
1⤵
PID:8704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aabmqd32.exe

Filesize
320KB

MD5
59ef5058b1148f5b393139ac1faa6ef2

SHA1
d893c78ab6b694abba4da734fdae9730457dc101

SHA256
c1a75c65b0a24ab3baf2558e017d14efc5ee44bd13bfa4f40ae132626e8f2dc8

SHA512
33579ac25eeb0307dcefd3841b4c0a072021cac8feecb35370afab4c172251987adb3f696c6f2c92b6720d066922d7692a3ba200449c2d4dee29d9d7334e3c5d

Download Submit
C:\Windows\SysWOW64\Adcmmeog.exe

Filesize
320KB

MD5
82ad16be6c966bdee57617eca30b98f0

SHA1
8090b75b62324b6f394a79a044eaa6ea05100749

SHA256
f1ea1d0e61ff087cfac044cf3ecbd49d8c92cf2681bc56b70fcb72d03f584d0c

SHA512
859a1a9ebf13cf930a504bc08e794ebd7d5943e314a88535164fb48902562eb0ee81fa5cbfe70f010d609549d6669bbdcc4d5812ecf619b6411fe727377f4679

Download Submit
C:\Windows\SysWOW64\Adgbpc32.exe

Filesize
320KB

MD5
28247053170ef51d2f1d39d59a5309e1

SHA1
22ee560e750fced1764971bf45193561538319eb

SHA256
41b6c2dc9568f706ee7807a533338bbed637c7efcae817fdd170976e7c7995a4

SHA512
8dd131c28dd60babd100b1840f0eada49cdcf77b8c8ad2223a921227861c99ddc74b725b2c7841e8fab02dbde951304ed1ae8b2acb620efcec4bc560ff25c788

Download Submit
C:\Windows\SysWOW64\Aelcfilb.exe

Filesize
320KB

MD5
acb0d2361e86f92b2583ece05bf33e3f

SHA1
a81caae3749735bb3d218dbc842a76dbad6ca560

SHA256
bbc04f779eb16dbab2db03631ad5c320ec3ee0d829872f0ea8ccd78a92cfd893

SHA512
9e22db9d96361282e336e2acd2ca94bac4189c38a4c6f437da87efd8e46aeb6fb627fa4ef139a0933aab8d7adced61185bc0fde6b6b923044ff4111c406badd1

Download Submit
C:\Windows\SysWOW64\Ahhblemi.exe

Filesize
320KB

MD5
1d7f357f7b6fd7a9cbabec404a00a740

SHA1
50bb3bd238fda0b1041787295ccf583e3749a457

SHA256
94b7ec502a9b51701f5fe68c7e5e94768ddb59aa0b83cf4d1838017f49f93253

SHA512
cc605056525438d1d1219b7d4f46250181b5d8a0fa33fb89d0945f46981c7d65f1d9318cd7cda64b71f0c4466c40f56fee9fad60ba16dcef3956a66317b3899d

Download Submit
C:\Windows\SysWOW64\Ajneip32.exe

Filesize
320KB

MD5
85642a55791b6e9b5f3bbd4782dfc8e6

SHA1
baa181b9814203727a60e6086015e456023f726b

SHA256
94e067fb9c059c22753b46ff38ccff557a04c7b6acb466478681255df765f407

SHA512
5af6a8d5b6769df2e0081a4e78b263717af98622b4696f236c086fdb6e20f60f8f203a114e0fe3e5de72774d849af7e9b947c138766c82a171ff0bd6b9b15b7e

Download Submit
C:\Windows\SysWOW64\Alabgd32.exe

Filesize
320KB

MD5
dd3309ffee4984872466480d6b5a49e8

SHA1
1768c2a07e4f827cdd4f901ae2bcbafe6fdbebea

SHA256
f3a7d31d86bfc1720e4811563617ee24f2b74cb088bfe3096a51abbd3b2d3a19

SHA512
e502923727af5d293df90d4e651b566d0c5b5ece5eb9581ad972581cd5dc6b207709206b806e08eb75c801512c4eed92cdc185ee8133a90810132d7e5a53aed9

Download Submit
C:\Windows\SysWOW64\Alhhhcal.exe

Filesize
320KB

MD5
bd18fad7bc0aa639574549d89e7af385

SHA1
30191cf6e843a1e1125db1c63cbb2122c5508008

SHA256
5e25f19ed862f50bbf41907652077a2f3cde1a266b8431e561e225010267fcad

SHA512
2d691f596f74ad1d151c9c0511a9e1e0ceb5fc7d9e5f057789c4935c84db5b3c44b625ed35f1e84ccc2e17116f8ae8da6ff1537f46399dcd9d1d8c603d90ce26

Download Submit
C:\Windows\SysWOW64\Andgoobc.exe

Filesize
320KB

MD5
3e1792be86ab062b9b3a9cb664698157

SHA1
cf1a20d052297a7d19129f6a487f3c96a11fcc15

SHA256
0a09258884655576ca3193d643fc63a89b36dc15baa91889eefcb340ee56c121

SHA512
ca6475ace508ac6d019411caef270ef58444b0ff26af2021ec3c061c141adde1890b8c8489e7a766f68f48ba4a9d4fd77b0d131597e949e3d05e8ca5406b3643

Download Submit
C:\Windows\SysWOW64\Balfaiil.exe

Filesize
320KB

MD5
58add2b786c72ad6c024e098bd3ff11b

SHA1
dfff19e276207120d8153ff34177933985afe684

SHA256
7bd314717a03bed8130d3540e4a3dacb263eee715f3306006cdd0ca51cb6dedb

SHA512
cf707f0f761ab48e662f633b5c3891e33afa784c7f922b70447324e860b595ad543de358c9141d87e2bdd9cc149ed4ebd6e4326aabded1489312c49c5721e818

Download Submit
C:\Windows\SysWOW64\Bbgipldd.exe

Filesize
320KB

MD5
4bb4e947f39b3f7a8100a4b95341564f

SHA1
26b58686f2431e5b0385e6e204ebb112aa6e87d6

SHA256
129558dcb83c1d7dd3e6afbc0d6bf8ce0bd89241691450a6b3dbe8a234ff02f2

SHA512
8c132383a154ef67ca687f26ea4eae68bb382a6ac577f16786f841712f009f5cd8a430f0122778a38c152fef023bd870a75ffcdd3d7b526a723aac07fdeabc62

Download Submit
C:\Windows\SysWOW64\Bblckl32.exe

Filesize
320KB

MD5
9938c71cb53f95b99fca7c5a7c4d8a5c

SHA1
b4026ba9a4e84eedc57ef662842ddf47aa993f4a

SHA256
a717c4431fd6375c0eefd9712b1531b2fb6d9abe2c15072809d03d16a9ba4318

SHA512
c89bd01ff26fd2cfd6cf2aab0187ec0b5f130d8342c2557f61765aa3f2e5aa26c0a3383bcb0f3b2dc1b20ae24d907c02af9de0524f3c32e78a0e373adb9a44b8

Download Submit
C:\Windows\SysWOW64\Bbnpqk32.exe

Filesize
320KB

MD5
2396918d73e77411297fb3ae43e6158f

SHA1
58fffcf3b7584aa2f2a51de44db741189c6cb24b

SHA256
2f48e20c39ee0c389fcc43621267ba097d17d9780928b66437ae6fdfbd800b49

SHA512
258fe403b24fa359b29e4d8e19f2a2c529fc5805951071ed194ebb00b1745a61a05a0043d7aa4d71bb4676d0dc8c47d615a66e7e43b580c91226cea835775913

Download Submit
C:\Windows\SysWOW64\Bdhfhe32.exe

Filesize
320KB

MD5
06523032dd94689c24c0bf13f9cf3e13

SHA1
e2e326cbc1ec5eb1bc82c33dff4c9f117e2d8007

SHA256
30daab5a35d721954b93b340bac33d4fbe77302445e34fee41dac8d273774c90

SHA512
d84b572f11535e9064418626a6adec1dbc3379c3c2a426ca88780758d538f519df34e2ebc681b63b61febcdeb21fafbdc7e9f3b5a0273229031580e11285294b

Download Submit
C:\Windows\SysWOW64\Bejogg32.exe

Filesize
320KB

MD5
e7ba7ee9fb18089b71d167e8e8116bdc

SHA1
ddfd20da29ca38ebb30f0dbcae0a2b008679f2d5

SHA256
945966b1ccaaf03a4469d88e808d0207130aa90d837bd6238f404e4a8b250cbf

SHA512
2d1bf965b132af7e7c82e83ac0dd9cc133f0b19461668fda3def25c6f5ada766c48792ad8423769e5ef6e235aec889358f254eda79c81cad9afc3dd5913c45c6

Download Submit
C:\Windows\SysWOW64\Belebq32.exe

Filesize
320KB

MD5
1185e8371004d6b6e2e8b1d15a0bbe60

SHA1
9b59cae0d99a100533508f3cc7ec7fdc5b198607

SHA256
daea3cb18c74d1c2c150d25203a6f5377a4bf3f28ced6940ba0972b56e5eebeb

SHA512
23210cf94659ba3c6c22f9089688a394ceb54c0bc8b8cba1f053f14cba81178802803b1ae9568d1bfa03bf30c6c0ffa261f6cc2a2463feec95cbca3344003607

Download Submit
C:\Windows\SysWOW64\Bemlmgnp.exe

Filesize
320KB

MD5
49de0da3a89fe8c14080363e0e3a6022

SHA1
31b17bebe32535d3c7e66cf139dfde5113c44dcd

SHA256
268d11918c2391ffeebc2aaf4ced27221d69628ee149206bea9c066d34f5758b

SHA512
43b5196f657c6f96f6cba327730551f90f195f6a498131b18f152f4c5512c7b11d7a75dd15f65481bc8c98b33dd9bf4b3d09ca4fccfb17f1575ec81282da4f5d

Download Submit
C:\Windows\SysWOW64\Bfabnjjp.exe

Filesize
320KB

MD5
9eb80bbe69e90970aa341a87a0063572

SHA1
7679ad36b135e91613d1d93dd234a003ead6b29f

SHA256
848babe01331deeca7ab3d41fe573358637bb68221624f0edec1eb0a09fd7a23

SHA512
68b0a23ec45106e02014fec7f33885045d104c1137754a01d617580fb9f489f3c21b5815554e525787c6f548447d02a387abd692a0fe0b1a36565a45b70e40f7

Download Submit
C:\Windows\SysWOW64\Bhikcb32.exe

Filesize
320KB

MD5
c026ab05899676202901edde4531acb0

SHA1
58789e1fe7029a37fb6c3f3661919040be489206

SHA256
e9babaaf9f5c563b4a62a35f6cd82773e0fa1f366d3cb7e41fb0e52050f5bde1

SHA512
136e3245f892354d5e89e34d1c3e01dc9f2ce867b818fdb327f9aac281b95b75c63827aa54c0bc4c7f53f8eb6bfea4a86febd6c81c6de40d99f5dbf60c70086e

Download Submit
C:\Windows\SysWOW64\Bhkhibmc.exe

Filesize
320KB

MD5
8ca5b085b6806e2aca19dcc13e6761b9

SHA1
af0ce15d27122bd0aef4ae1782c23690775aabe3

SHA256
1033901542ab27284ee7fea8a28061904b9bed406bcf49e4a3a74e401e214fd6

SHA512
9e86a8740b0575d5bcc62422ce8da1befc368820c3cefd517343af6c85104c64e8aceea92d05c00dacf4a38dc076a39aa33fc34214cf2a7c96c8c52beb65e8cc

Download Submit
C:\Windows\SysWOW64\Blbknaib.exe

Filesize
320KB

MD5
13b7aeaff3e5ad563c8cabee131a1aaf

SHA1
e05f94e098eac105d4b7dc65fe3cc0fd64630fc3

SHA256
19448c376050262e9c57c4e27dde7478181d4f8f889aa3cb71ecc6c7a406c66f

SHA512
4f872913c8cf17d5b027674a50cbe04ac1433d7ddd707a926f55ebccabca1f4e48edb4e9f7fee683c1d1b529c92c6b4f412dedf8caf0a7aad5567646e5768c4f

Download Submit
C:\Windows\SysWOW64\Bldgdago.exe

Filesize
320KB

MD5
5ec10d09b638ff7574ca38471481eacf

SHA1
d64704aacc4ffcaefe5e4d77c7dc417cff20e19e

SHA256
1e383c872c49a7f59ac9082d09cff1d2563f4047cb39d14e899d03e262f4f1d7

SHA512
773cf65b5fae29fe4ba088d184e0e96d3801230a2856fa6693c5a70140d1c1e6d610dd64383495f61cc27f73793ef042bd82506b54de99b497ad5cc8bd73d0c4

Download Submit
C:\Windows\SysWOW64\Bnnjen32.exe

Filesize
320KB

MD5
c39dc908ab76f77c14dd54cabf3a02f3

SHA1
38e791a809ac7e8aab2f67c40c4550c0dd12c8e2

SHA256
2661aebaab046282a8d107ce152edd2d7b88dd460e819eda6fb5611ce1582c06

SHA512
6c8cae144eafc8039c9e503d8864620aa3f885d03b341e5e4c972bb6b0ec2751ef2c68dbf7f27661bacb510df9878dd1aee14d02e093d407aee30e87079d0b50

Download Submit
C:\Windows\SysWOW64\Bobcpmfc.exe

Filesize
320KB

MD5
19b091ad7edfb230d3d43b4c8e05f7fb

SHA1
1f98fbc40f1418e4178796efccf11132982d1e35

SHA256
ddb012cf3590703a9816cc6f4d9ad0a443db0317998295a6c72b4e808a483a90

SHA512
bdbb88f7d852d49cdf65d7a63129dfb66b8cfec1f81babbfc296598e8e678cfb3000f25a6185709475e2670ead0b422404f7e70d07c0b531b4a941c8117e65bf

Download Submit
C:\Windows\SysWOW64\Calhnpgn.exe

Filesize
320KB

MD5
762159d457b3011d1ac502b38d924045

SHA1
3354ab055c361c505b71dbd97a82065b15f0bf84

SHA256
b358b0c212e37d5821204ae7c709798e09a1079709f464c00d2fb37fba8e8382

SHA512
1dd99f5e7d36025af061d265aa9b95bc42a43aed884b820d8d7906a22aa4d062a0799dcde8a09563c5f42f39148870c3f62dce818de7cfa84b3f8533de90f9c3

Download Submit
C:\Windows\SysWOW64\Cdcoim32.exe

Filesize
320KB

MD5
80313cacee328abc8e8a1780f70e1697

SHA1
4773caf1ecc9c2afa5a84b2b155f010f9d67a3d2

SHA256
1713a4f6919437cda354a8a610d01896c4704a450efc389759ac478a299bd9c1

SHA512
e4735fc9cd4dc10c8f4420b9df480abc65a13e72ce06faa4894842a3fe17b0e5cec58133b6deef5ab1ee199a260501489a1a8423f3579416fae21cfc575ab5bc

Download Submit
C:\Windows\SysWOW64\Cmgjgcgo.exe

Filesize
320KB

MD5
8d7fa199df9e749c17c49491cea0549a

SHA1
04e5d3aa1f130dffcdbe348a62142f5f34bd7d1f

SHA256
8b1a74a9b3cd19f097bcebfa169ea72221febec7a1e9f648db7ae237be8da6f1

SHA512
8496e2f93160570877f8a3d34ccdd9e5ad0a5ae027164be3ab78c00f902cb9620f7c53607789778dddc05c28271db4c8f4e013e696b8e3937aa5b2e053122604

Download Submit
C:\Windows\SysWOW64\Ddonekbl.exe

Filesize
320KB

MD5
16a2ac2e81bd50b6e33ca74df96f1223

SHA1
9a2d43f0210d8a13802a8d7c1a53d32e273465ff

SHA256
de559bb4eabcfaaae19d6422c52005bcf3cc1da9787982d928addbf6e5a21609

SHA512
58d327a935d554aadd744ebb6510f6bea08e8a7c4ebf96b4c95890ced1dcf0d30faddf2f0fe0a90aa0723c04ca1ac1ef43e9e3ce2887a9d5fe7873a5053d4ddb

Download Submit
C:\Windows\SysWOW64\Dfpgffpm.exe

Filesize
320KB

MD5
53dfd87c1d8f13f1769c9d9006afd808

SHA1
08490f872e38207d0e42e3d2914e593d4b0872c3

SHA256
5149a2c522bb3e8d119d1efc7f4966825a1441354e092dd91f93a5edb49dc3f8

SHA512
4088e0f4d384c6789c277fc3bb939ddeb0029e730a76c78a7e2872fbb97f2465d2e9575e7134243bed4fc34048997cec171c8bc73370d739d2b360a65fc963ec

Download Submit
C:\Windows\SysWOW64\Ehljfnpn.exe

Filesize
320KB

MD5
3195cf66a552a28de5cc5196a9a555fa

SHA1
6c780996a051843fd229c9c93a31aeea0089940e

SHA256
e5f42c772a7f2954aac1dcfbc45b4c7f63ed0753b98df7bf7ba583af9c50578d

SHA512
ca1cbbda10dafbbb90f41f47e0273cecf99f666369d5a38aa8acb3e38778baed50d727c6a8aab51ab67779d0198f922cfcdef099157c4095b88ca129a54f4801

Download Submit
C:\Windows\SysWOW64\Flceckoj.exe

Filesize
320KB

MD5
7ad2650c8c3653e39be66441df6655df

SHA1
0768ed735914df394f52f93c21098016cfcc6978

SHA256
da94050b56804acb9ca3975c08da95d75895e7f6dee8761ee3c6d1a11361bc4d

SHA512
c3d9199a7744c6da334d0497d393bc2f6da11340a9674849feb55063be76a33c79e4863e1c2f532ff926b5f8b34d8269b05a8709133dd6d9d07b95e84cd71f86

Download Submit
C:\Windows\SysWOW64\Gcojed32.exe

Filesize
320KB

MD5
161864073ac4e00659641049eaf9c102

SHA1
4fa788f8c40f75195d40891d00b254b3b59b8066

SHA256
33b3712a2c7321471523dffdbd30716282db586a4190d136cd3e172314b79d41

SHA512
9f5e0b216071c28845be7609fd1fbbcbfd34cbc36c83ee06202e35b2ce204e352ebb13e0634d1da82b03a185fb36d397a2a3c9684eb31f079caa94a27b79315f

Download Submit
C:\Windows\SysWOW64\Gdcdbl32.exe

Filesize
320KB

MD5
67df1a777dddd4a42e375b4206405157

SHA1
2ddf89c26a91eb061d9ae8df026b021946081a06

SHA256
3a1eb3583ac7eca51616f696ba84634c60a035a126418b4be8ba2dfe63185e88

SHA512
f1a6300569c175dd05dcc918e130220a23f260b708b9f2677657007a1c87b1f7d2c3770a9c763871a9486c9f7a8eb1f6d79cb0af9a657d156d1c1e623657d5ef

Download Submit
C:\Windows\SysWOW64\Heapdjlp.exe

Filesize
320KB

MD5
6bda3793dd62d53ea9cb3b54b1a3485d

SHA1
bcfa7ea25ab058d587680417cbf30a3c4014bf87

SHA256
d53c356b598339088eeab447b119aa88b15b41a36df1cf5e42bb634884380c43

SHA512
744150a7214e9b81d2f05f5d064b3476195e1a778936dd7f444f88e3231b39f183cf1e5f2dd0c1a6a3d2d7a48b979b114d8c94f53a811aa49bb290b1e113589b

Download Submit
C:\Windows\SysWOW64\Jeaikh32.exe

Filesize
320KB

MD5
61f189c7a30f9850d8fea35aad4d3130

SHA1
294fb0c0c20a5bd54fde50ce79dba12a212bd805

SHA256
fcda08a32a01ab7d84eefe1236a7c523aa87be3df4860d495fbab09f0ba81bd3

SHA512
400c45f6c032b81426227cc43697483d2da891aabb8c106b162199b24eed3897e49e43fdec8d38109044ba6aff142fff51db41d0b7c4bf404fa18e3d94ada5fd

Download Submit
C:\Windows\SysWOW64\Jedeph32.exe

Filesize
320KB

MD5
b7c47b5c40b107cd0fe73dc9ebbd2522

SHA1
b34437848f3aa7bc9c0c15209278960e4efce171

SHA256
3455a454850f6a468bc25a46e699cbe151608da53c409a40de3f6d088c66d407

SHA512
dae17b68bef4fab951d29edc319b6120ba789080446e0105c5fc721bbc8681f59d8e3f8a40881b171b24589d385d834865fee7f6993017184083fa772b5d486d

Download Submit
C:\Windows\SysWOW64\Jlednamo.exe

Filesize
64KB

MD5
1f93241be76d67006565343f9597a259

SHA1
2d8091a6d4d808834b2092ac1ece2ef46588d088

SHA256
b9cab772ada05fc26512d3ef5bfc7923445f05e4e25ac8a4041559d9bbdaa2c6

SHA512
0d0c1fbaabd74c800ec71b53e6563b7227e94d9617781d0261dc5b52c4c85ac29161851c72677dfb18acba053e717bf8b34a95589486e4e1bfb17a7236773ab6

Download Submit
C:\Windows\SysWOW64\Jplfcpin.exe

Filesize
192KB

MD5
2482e55dad96d01796e787bf80122e80

SHA1
3888e1467380efacafa5073eb434d8e15adc4845

SHA256
66584c386f5a20889ea81c3d090411d04a7aa0ef506d689f6f0d22bc704ba5e6

SHA512
bb1ec8fd271d4888efd2460d43183256e5593768f60dc1b1fdbca3b6915ced22736ca1ee45c3c4dc161a7f0ccffb0287defcb2f9ad666e20fb221855fca364be

Download Submit
C:\Windows\SysWOW64\Kdqejn32.exe

Filesize
320KB

MD5
035bba32b9c4c00774dd316d6e8b8af7

SHA1
553bc4d85927bcf224c18a403a98f7fab1f2d4d5

SHA256
7348c0ae24e43ccfa499df9073651b926a6808654328d7024f0b50df1f5c06a6

SHA512
bc0d67fc77b0d0386b0e750bb3711bb2cbfd82e07fd8d9777f9a61ea6790f8632a450efd497a4bbc8e87bbb287f6ce55d0d04435e08f6cfaf81f4ce65396a996

Download Submit
C:\Windows\SysWOW64\Lmdina32.exe

Filesize
320KB

MD5
151d1973eb998db3508e9257061a9af0

SHA1
c3ba4d03990ccf37baedd0c22c970bb356fb5320

SHA256
22a6ab18528d6c18b26edb494a0133325518dee22e5f8abc5713ebcc40720727

SHA512
b580f1d4063eec3d9ea7bcb7060a7646d07a8ed42e2f4f17ebf0b0bee4b9f2140fafdc7301467057dce272b097d3ba1a92823ce320452b5e24b26b9b95f2eded

Download Submit
C:\Windows\SysWOW64\Ncbknfed.exe

Filesize
320KB

MD5
5e340a6151c15cddfcc37d80ed7c84fc

SHA1
a037ed18af4e37e7df2c5b961ee27a469521b803

SHA256
aefa75e37534da831f56dd9ca972481747c447f134eacb1abfc2214c3b33e278

SHA512
bebb3eff23c2c6fec95b14d962e47d204c9999884ee49d649f5398be785051f0cb0ae10f3e925b3bb26a4bd5f992810ec3b6e239af99b4ee2aebaf079cd5d80a

Download Submit
C:\Windows\SysWOW64\Obidhaog.exe

Filesize
320KB

MD5
d68d0ab2261ef8f39154ebf1011b9627

SHA1
17ee126e687560d8f20bcc16ff58e24233b87bb2

SHA256
1081efcc45d04acac59c8113e81cedada1c979e43c976f91e5c49bc78085fdec

SHA512
a5fa59b6f4c15b14c4bab4e0df72028843c4b84a97082320910ed4dc8281cc8b877ebefce0d6d1210c55f30008eca0f841b3508dfc1212c7f3411c20087bb706

Download Submit
C:\Windows\SysWOW64\Ogcpjhoq.exe

Filesize
320KB

MD5
a9955f7e6a670969956c4fbefb77ad4b

SHA1
8ac8cf08922f0e6738c81b63973f5388925e8f4e

SHA256
fc483f966343fb1a21ed8b158074893f4e015f34e0e27c9d0277622a00cb8379

SHA512
4d0c8de7df2c8cefd4c00dafc218280f2cab70afde8875d64d5d286e548e55ee360a01fc81250edb1fe732d5e8f0153ce3d22c7df2b44a6bc3c6c07b66b81666

Download Submit
C:\Windows\SysWOW64\Ogpmjb32.exe

Filesize
320KB

MD5
b668ae18605febaa429610fbf2d2518d

SHA1
cf16afb7e835dce66fb6b3c38df28450202c3ae4

SHA256
3ffa0c9991ea37a057664adf4060f95d09b2274cd713896cc91eb4a5de4c4462

SHA512
5cae10375ce8078febd0ac2cb6de913cbd02df2d4118a795378a37a051e8e6395658385ac698ea721354b381c4f4164d7a368fabbf7ff64e9db78dc3c63d0a69

Download Submit
C:\Windows\SysWOW64\Olfobjbg.exe

Filesize
320KB

MD5
365556eb55107aab1c0bfe20aea20a55

SHA1
6425170df94f4bac5027d03c78fdb2e6ae879452

SHA256
ffc7ec0a35170443e2c1b4487e8ea301a90f54bd0505fb6d9faed20823da66e3

SHA512
f656c8ebd6a80b4ea2310a7eb31eef86988f7970dcbe9d89d55e2a2fe19187c227cb76a79bc7600f8cdc4f2757bbfc3524b2a0a1d095bbf9c2b9f25139148c61

Download Submit
C:\Windows\SysWOW64\Olhlhjpd.exe

Filesize
320KB

MD5
efc235c7add287f077dc7fbcef514f1e

SHA1
bb609fbd325d246e4b1384239594b9b400953f0c

SHA256
83f17bb10df260201d77831aedd7071be3fe375c9dd67f73c41d14b6286e2d20

SHA512
9f7255151713843916ad18947c1f02c52ac1ea7dbbe7a7efab75fad50edef43dbb8d13cdbe853fcf8b21640eeda60fa949cfe57800dca502e188c102b9714ab4

Download Submit
C:\Windows\SysWOW64\Pcagphom.exe

Filesize
320KB

MD5
a4743835aa3a02ebfaceb57c10c1ebfe

SHA1
1e8c16e98daa1898253748958d95ec1229613792

SHA256
14ab137339f026c55834f834b7f554e9e8d82e114de6f264015924c2a2e346b4

SHA512
806469300970e855ecf555ef2c8ccc25067fe4f2441e8472715b3785a6c6505dcf9e38d06a92b2ddf0ace950f481cf2fd6bfac1bcf299f18a4b9112b8c976ef4

Download Submit
C:\Windows\SysWOW64\Pcijeb32.exe

Filesize
320KB

MD5
2cd4726195d182a2a32d5798cfc12735

SHA1
9285143b66e1e11469ffa6543276cd6621e394b1

SHA256
64ecb5d803c47461b63d9465f21afb68c5e10737f65a2431149cc4ce33114e01

SHA512
9c60edbb42a0a5106c93653ca8cc7539a12ff8da69d8f900b8f9fca0b86b8e334f272253cd9f4bd3763bd2c652f91deb362b42fdb657736c4e57a9773c76aa01

Download Submit
C:\Windows\SysWOW64\Pdifoehl.exe

Filesize
320KB

MD5
0a2182f0a08637d3f5043c3e1e6f12fe

SHA1
17fbb6707417832b553154ecf9b56d80d06ac6bd

SHA256
56875ccf1cd982b29bffc9c62cdc39936954a5e84117bea5faa8683914426c63

SHA512
7f70562c939dcde51a9e73ce8228d4959fabb582469f925421815ab726dd630c9bd53ff1240b228cbc937d02a7cdbdf9fb9d60c957fd9d7c3728704ea14b1808

Download Submit
C:\Windows\SysWOW64\Pdkcde32.exe

Filesize
320KB

MD5
b88a212de8c4f3a799900ede2ad7fe3c

SHA1
30c70e891950023138d7ef8268474856e183e48e

SHA256
8f48dfcb4f37156f2d590cec2adc8b5bdba69936d0eae3fdf911f4f0d51d32b4

SHA512
d061925a7fd7767965a81273e31517b61cd03025476719f015c384dacdd20e1126eb2f5a91c90fe9be9474652976e486e212b655526714c499343e72dce71e41

Download Submit
C:\Windows\SysWOW64\Peimil32.exe

Filesize
320KB

MD5
d88fdf6ca91fd38e5b2c66ecfd936639

SHA1
2d59d88edd9a069516715e7ba95ecc2244074f50

SHA256
7b948322a073e0fc663c3c543a831b7b3ccf61345a06d4e4f1e385fe02ce04b4

SHA512
c0ccfb7e239e91b0e6908b8206ddfa34f1a0fa15c4dee850ed38612d27a75bd2f4a0aaf6bda9c7913ed41e8afee69dae152ed6e04014ebad8d3f8a41cfc930c3

Download Submit
C:\Windows\SysWOW64\Peqcjkfp.exe

Filesize
320KB

MD5
2d668034f38f57a9204bd0d2192b9356

SHA1
0a258be81118440181b5d9e2c3c0cecf34f85715

SHA256
100f156b0726ff9b29f7bd570f375060c861bb79f5795105bb1d485e254478dd

SHA512
2f96af673f069a54d6939119bddcdc030c07211f9f98921af5ce05aea0314b36dcc72af139b1238f59869958758de7c2cab8619e442ce9eb5480b4812bd2722d

Download Submit
C:\Windows\SysWOW64\Pgllfp32.exe

Filesize
320KB

MD5
b2524c24d1f9f68e464a20f40498fe70

SHA1
05369603a5e3498476894684c323e4af5f788204

SHA256
ae8c93483f35aa9eb3aa1d386be46c930a6bb67eb478f8bb93ca9fdf46a0ff1f

SHA512
9c384f7e75d6fe1148fdbaa1bb0c14713d017ce363d39615f136b1e9870d071c89d19bd219bcd351a2f70bffc133451242f207974050f88448c463e8f49d1489

Download Submit
C:\Windows\SysWOW64\Pkceffcd.exe

Filesize
320KB

MD5
449339a39edb84ecbe076928858af33d

SHA1
f8a2d8fde831c41220eebfa1e2cb19b0a9509342

SHA256
5c54af911e00df230042a823b80e4878c8149d61445eb102a6268931a331b45e

SHA512
9b422aac4ea2496e6852cd426ba63d5731cd976b400c1ab664791c96eb23f1663497d1385b30e30ead56c01bbed1374a4ea2185f545c89761134b5328d2effff

Download Submit
C:\Windows\SysWOW64\Pkhoae32.exe

Filesize
320KB

MD5
50dc4689a6b3102868ffeb072b689618

SHA1
ef722569c3b207aeb8ec703587908641b308cb86

SHA256
2ad2d10f4a5403fade5537c4348b3ba4f3bedd38f2b1de7edd12bef3118617b6

SHA512
8aa7324ad5fb5c43738982f9bc3126419dc0bbd5751d0a013192ea4367fed15fba1f980e3e1dd578d107debef7cd6d8cbaea6bd46c176d50a5132294a26fe5ca

Download Submit
C:\Windows\SysWOW64\Pnbbbabh.exe

Filesize
320KB

MD5
86818d28bac6e9c53399e9668e790222

SHA1
6cfc44e4a55670f2fd6b851336dd228ea37e4919

SHA256
3d6be0778ff8dfd1cfb73c4879e445b8420ee702f8902eeb604fa33525ab4cd6

SHA512
72c8ea90e6dafe7d40cd37593883c22791e1cd907cd52b738ace65950218235d6c63f63586ab7742938ad2cabdf1d2138b05a3607e8189066517f40bf7019cb1

Download Submit
C:\Windows\SysWOW64\Qbgqio32.exe

Filesize
320KB

MD5
ca4095d309483404e055ba7b0b712eea

SHA1
2266406c4a0c1a34e7a966ccb0a928ceb652da22

SHA256
a78b5faaee4bf8b88e94612d25cc3f8294d75ac665bbc69683042bc4f75488d1

SHA512
31a96432f0b701d35f96d457b097b015db12dceecd2fc8f3b41aa77c14d65e37d308223b043e6a9df9a85326db81520fb5215541f7e430b4c344313e0d52158a

Download Submit
C:\Windows\SysWOW64\Qchmagie.exe

Filesize
320KB

MD5
6875d8be1b5b876f2d63fb2bfeaad250

SHA1
354cc5004705837a748e4a3407cfc28f4cf79b37

SHA256
0b9d314bd5b20e92330aa717ff64b2669bc93325e0033d8f5e9427468a214448

SHA512
75a84c05b231ffc87f76c2e684e8c5eed093f84f2bccdb12ac3ff45269a367831bfa6df931593bffb184e19b72427a17c9bc7264b226d9f35107f0e99bdc3108

Download Submit
C:\Windows\SysWOW64\Qgqeappe.exe

Filesize
320KB

MD5
89e719316b0f06b04d742f47e3eaf271

SHA1
9681bc2e4210b45bfe8a9d51de9e2bb3ff22e858

SHA256
b387cd52311f4c8907905a4e60e27eb2c48be830088c6952c12b0c092c6f58cb

SHA512
b55ce70613f20ff3123568f1189fe675af3ad6bee6e204848adab8829ce93ecfaa6dd02eb5c6cc78df9b17ae5cd928d36c8d0781bed48ffee82f6b3997fd0666

Download Submit
C:\Windows\SysWOW64\Qkmhlekj.exe

Filesize
320KB

MD5
d665a26c448b6f8b1b6db0767b6cf14d

SHA1
db9774a432949a9f5855f885394193f053cd13f0

SHA256
92ab6694a40f6d4ab072ce3628de4a875eb5fdcdaa0d411279ca822933dbd837

SHA512
5835a43b10b82e5043fd36577660a935b9ed9855042ea082df8ba3cdb957068648fe2838b680bb1ef35b80937ebe856a884b2f011db445da36495dbbe29c5366

Download Submit
C:\Windows\SysWOW64\Qnnanphk.exe

Filesize
320KB

MD5
4898694680480924d6e9735eb71c6fc6

SHA1
4f096f36979be4f59b892dd483b86976618d3d2c

SHA256
84378975b83e8ee8c1a2316b1fc02eb63de89854d50bd0fdcda07a5d8dca770b

SHA512
c2ca634fc421bed46632dcec80ae27181c264c0e48b0f6f873c4a3dafeaf65937336cce4733bbeacd5aef2776979048be0954be9dd2c0c09b73e94330fe2f60b

Download Submit
memory/224-684-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/224-8-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/840-151-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/920-479-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1020-171-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1028-346-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1044-461-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1044-2098-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1080-380-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1084-348-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1160-423-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1160-2112-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1212-497-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1348-749-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1348-94-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1368-56-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1368-727-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1444-72-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1444-736-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1496-110-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1500-431-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1656-504-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1684-344-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1752-363-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1900-534-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1908-743-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1908-87-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1920-179-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1952-437-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1964-742-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2012-525-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2264-0-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2264-681-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2368-443-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2416-351-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2464-528-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2484-347-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2496-697-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2496-28-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2552-557-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2588-491-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2696-2160-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2744-16-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2744-695-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2760-710-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2760-40-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2776-408-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2820-454-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2840-143-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2848-134-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2872-498-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2912-349-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2988-425-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3084-379-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3352-455-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3356-343-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3492-341-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3512-556-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3604-729-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3604-64-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3616-473-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3800-188-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3868-716-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3868-48-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3872-361-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3904-119-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3992-406-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4080-2076-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4080-527-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4092-158-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4112-2121-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4112-395-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4228-126-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4448-467-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4580-485-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4612-345-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4644-1959-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4692-2157-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4760-350-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4820-510-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4916-103-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4976-541-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5004-2169-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5040-703-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5040-32-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5124-572-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5200-579-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5244-585-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5284-717-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5288-591-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5328-601-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5364-603-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5452-618-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5520-730-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5528-630-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5564-631-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5608-637-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5616-2003-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5684-653-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5720-658-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5800-669-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5800-2025-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5836-671-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5900-683-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/5936-690-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/6136-704-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/6624-1934-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/6704-1870-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/6992-1844-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/7088-1912-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/7892-1750-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/8032-1759-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/8068-1792-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/8244-1735-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/8320-1733-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/8648-1724-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads