xmrig | 5386fda0e43398baca141ba69e6d2abe49d5cf155f7e4037f7931916aa713f07

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c6e92bda5320805d4b1626400c83c710.exe
Size

2.9MB
MD5

c6e92bda5320805d4b1626400c83c710
SHA1

a63422c5ef11d9be8b4e57faedd4a393dec28ba0
SHA256

5386fda0e43398baca141ba69e6d2abe49d5cf155f7e4037f7931916aa713f07
SHA512

f011df90e091bac50ba4de4c05987102df7f7db31304bb98921a7cc83583a9af9c8ba23b8fced8d87a6023a430bb96411821b7ec2b4d77be89a4d050f4688e86
SSDEEP

49152:N0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8DzB261u1uHYV8Klv:N0GnJMOWPClFdx6e0EALKWVTffZiPAcg

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4108-0-0x00007FF6045C0000-0x00007FF6049B5000-memory.dmp	xmrig
behavioral2/files/0x00090000000224ad-5.dat	xmrig
behavioral2/files/0x00090000000224ad-6.dat	xmrig
behavioral2/files/0x0006000000022e30-11.dat	xmrig
behavioral2/memory/5020-9-0x00007FF64A0F0000-0x00007FF64A4E5000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e30-12.dat	xmrig
behavioral2/files/0x0006000000022e31-16.dat	xmrig
behavioral2/files/0x0006000000022e32-23.dat	xmrig
behavioral2/files/0x0006000000022e32-24.dat	xmrig
behavioral2/memory/2348-27-0x00007FF7D9050000-0x00007FF7D9445000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e33-29.dat	xmrig
behavioral2/files/0x0006000000022e33-32.dat	xmrig
behavioral2/files/0x0006000000022e34-35.dat	xmrig
behavioral2/memory/4920-37-0x00007FF686B20000-0x00007FF686F15000-memory.dmp	xmrig
behavioral2/files/0x0007000000022e2c-42.dat	xmrig
behavioral2/files/0x0006000000022e35-47.dat	xmrig
behavioral2/files/0x0006000000022e35-45.dat	xmrig
behavioral2/memory/4732-49-0x00007FF67DE80000-0x00007FF67E275000-memory.dmp	xmrig
behavioral2/memory/404-50-0x00007FF694F20000-0x00007FF695315000-memory.dmp	xmrig
behavioral2/files/0x0007000000022e2c-40.dat	xmrig
behavioral2/memory/4564-38-0x00007FF7660F0000-0x00007FF7664E5000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e34-31.dat	xmrig
behavioral2/memory/4288-22-0x00007FF708E20000-0x00007FF709215000-memory.dmp	xmrig
behavioral2/memory/1528-14-0x00007FF66AFC0000-0x00007FF66B3B5000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e31-18.dat	xmrig
behavioral2/files/0x0006000000022e31-10.dat	xmrig
behavioral2/files/0x0006000000022e36-52.dat	xmrig
behavioral2/files/0x0006000000022e36-54.dat	xmrig
behavioral2/memory/4108-56-0x00007FF6045C0000-0x00007FF6049B5000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e39-60.dat	xmrig
behavioral2/files/0x0006000000022e3a-65.dat	xmrig
behavioral2/memory/4992-67-0x00007FF785C60000-0x00007FF786055000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e3a-70.dat	xmrig
behavioral2/memory/856-74-0x00007FF793730000-0x00007FF793B25000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e3e-77.dat	xmrig
behavioral2/files/0x0006000000022e3b-79.dat	xmrig
behavioral2/files/0x0006000000022e3e-81.dat	xmrig
behavioral2/files/0x0006000000022e3f-87.dat	xmrig
behavioral2/files/0x0006000000022e3f-86.dat	xmrig
behavioral2/memory/1788-84-0x00007FF7BBD50000-0x00007FF7BC145000-memory.dmp	xmrig
behavioral2/memory/4288-76-0x00007FF708E20000-0x00007FF709215000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e3b-72.dat	xmrig
behavioral2/memory/1528-68-0x00007FF66AFC0000-0x00007FF66B3B5000-memory.dmp	xmrig
behavioral2/memory/1624-63-0x00007FF69BBD0000-0x00007FF69BFC5000-memory.dmp	xmrig
behavioral2/memory/5020-57-0x00007FF64A0F0000-0x00007FF64A4E5000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e39-61.dat	xmrig
behavioral2/files/0x0006000000022e40-93.dat	xmrig
behavioral2/files/0x0006000000022e42-98.dat	xmrig
behavioral2/files/0x0006000000022e42-99.dat	xmrig
behavioral2/memory/2028-101-0x00007FF65F530000-0x00007FF65F925000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e40-92.dat	xmrig
behavioral2/files/0x0006000000022e43-104.dat	xmrig
behavioral2/memory/3292-105-0x00007FF70F440000-0x00007FF70F835000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e43-107.dat	xmrig
behavioral2/memory/4920-106-0x00007FF686B20000-0x00007FF686F15000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e44-111.dat	xmrig
behavioral2/files/0x0006000000022e44-113.dat	xmrig
behavioral2/memory/4592-109-0x00007FF727630000-0x00007FF727A25000-memory.dmp	xmrig
behavioral2/memory/1188-115-0x00007FF739D50000-0x00007FF73A145000-memory.dmp	xmrig
behavioral2/memory/4872-116-0x00007FF64AFC0000-0x00007FF64B3B5000-memory.dmp	xmrig
behavioral2/memory/2348-95-0x00007FF7D9050000-0x00007FF7D9445000-memory.dmp	xmrig
behavioral2/memory/3952-91-0x00007FF7E8020000-0x00007FF7E8415000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e45-119.dat	xmrig
behavioral2/files/0x0006000000022e47-127.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5020	smaGFkC.exe
1528	sDoBmpn.exe
4288	zJFndOj.exe
2348	RXfRkCk.exe
4920	PpSfTMe.exe
4564	eUsuqkJ.exe
4732	TIznBLH.exe
404	vALFvcz.exe
1624	eszeEzz.exe
4992	JFLJoeE.exe
856	AyLghcq.exe
1788	GDlNWuY.exe
3952	YCPQKud.exe
2028	jZBZXhO.exe
3292	UdoRDen.exe
4592	TLVghRh.exe
1188	YosdVwO.exe
4872	asktNIS.exe
3360	HJJWtKq.exe
3412	QyKgzGs.exe
612	hMDkVie.exe
4084	RFbEWRb.exe
3528	BqkBMRy.exe
416	RfTDnPE.exe
2412	OjLYAYD.exe
4448	bxjfsVP.exe
4964	VpfaLJy.exe
208	lIvZmxY.exe
4316	UuQBlcK.exe
1800	pNCDytR.exe
112	xXYQBsn.exe
2520	GNQdOkr.exe
2280	OuIkNkI.exe
3584	ZxOaIwp.exe
644	iXPVNmP.exe
1456	snXiEVm.exe
4320	VyALuxR.exe
2936	RwWuFWR.exe
4472	nqwnhpr.exe
1512	sNzJBWt.exe
3248	EBwEqMl.exe
388	PapcuKK.exe
4976	ngTjZAz.exe
1504	VFlbqFc.exe
4896	mblFerP.exe
3784	egGXepa.exe
3320	TGbvSuu.exe
2940	RhLeObh.exe
2948	VskJiux.exe
4860	hDzKpBp.exe
2788	IFpuJpn.exe
960	UItQsjh.exe
1368	wXbGupQ.exe
4952	gpzPtsE.exe
2700	ezkdOmo.exe
2292	SpFIvmy.exe
5028	bpYQNSV.exe
444	tApUmrp.exe
1180	AReezfS.exe
1620	DHHKVmc.exe
2792	DskvIKY.exe
2488	VHNpegn.exe
1020	odBPlUT.exe
1648	cyPwdea.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4108-0-0x00007FF6045C0000-0x00007FF6049B5000-memory.dmp	upx
behavioral2/files/0x00090000000224ad-5.dat	upx
behavioral2/files/0x00090000000224ad-6.dat	upx
behavioral2/files/0x0006000000022e30-11.dat	upx
behavioral2/memory/5020-9-0x00007FF64A0F0000-0x00007FF64A4E5000-memory.dmp	upx
behavioral2/files/0x0006000000022e30-12.dat	upx
behavioral2/files/0x0006000000022e31-16.dat	upx
behavioral2/files/0x0006000000022e32-23.dat	upx
behavioral2/files/0x0006000000022e32-24.dat	upx
behavioral2/memory/2348-27-0x00007FF7D9050000-0x00007FF7D9445000-memory.dmp	upx
behavioral2/files/0x0006000000022e33-29.dat	upx
behavioral2/files/0x0006000000022e33-32.dat	upx
behavioral2/files/0x0006000000022e34-35.dat	upx
behavioral2/memory/4920-37-0x00007FF686B20000-0x00007FF686F15000-memory.dmp	upx
behavioral2/files/0x0007000000022e2c-42.dat	upx
behavioral2/files/0x0006000000022e35-47.dat	upx
behavioral2/files/0x0006000000022e35-45.dat	upx
behavioral2/memory/4732-49-0x00007FF67DE80000-0x00007FF67E275000-memory.dmp	upx
behavioral2/memory/404-50-0x00007FF694F20000-0x00007FF695315000-memory.dmp	upx
behavioral2/files/0x0007000000022e2c-40.dat	upx
behavioral2/memory/4564-38-0x00007FF7660F0000-0x00007FF7664E5000-memory.dmp	upx
behavioral2/files/0x0006000000022e34-31.dat	upx
behavioral2/memory/4288-22-0x00007FF708E20000-0x00007FF709215000-memory.dmp	upx
behavioral2/memory/1528-14-0x00007FF66AFC0000-0x00007FF66B3B5000-memory.dmp	upx
behavioral2/files/0x0006000000022e31-18.dat	upx
behavioral2/files/0x0006000000022e31-10.dat	upx
behavioral2/files/0x0006000000022e36-52.dat	upx
behavioral2/files/0x0006000000022e36-54.dat	upx
behavioral2/memory/4108-56-0x00007FF6045C0000-0x00007FF6049B5000-memory.dmp	upx
behavioral2/files/0x0006000000022e39-60.dat	upx
behavioral2/files/0x0006000000022e3a-65.dat	upx
behavioral2/memory/4992-67-0x00007FF785C60000-0x00007FF786055000-memory.dmp	upx
behavioral2/files/0x0006000000022e3a-70.dat	upx
behavioral2/memory/856-74-0x00007FF793730000-0x00007FF793B25000-memory.dmp	upx
behavioral2/files/0x0006000000022e3e-77.dat	upx
behavioral2/files/0x0006000000022e3b-79.dat	upx
behavioral2/files/0x0006000000022e3e-81.dat	upx
behavioral2/files/0x0006000000022e3f-87.dat	upx
behavioral2/files/0x0006000000022e3f-86.dat	upx
behavioral2/memory/1788-84-0x00007FF7BBD50000-0x00007FF7BC145000-memory.dmp	upx
behavioral2/memory/4288-76-0x00007FF708E20000-0x00007FF709215000-memory.dmp	upx
behavioral2/files/0x0006000000022e3b-72.dat	upx
behavioral2/memory/1528-68-0x00007FF66AFC0000-0x00007FF66B3B5000-memory.dmp	upx
behavioral2/memory/1624-63-0x00007FF69BBD0000-0x00007FF69BFC5000-memory.dmp	upx
behavioral2/memory/5020-57-0x00007FF64A0F0000-0x00007FF64A4E5000-memory.dmp	upx
behavioral2/files/0x0006000000022e39-61.dat	upx
behavioral2/files/0x0006000000022e40-93.dat	upx
behavioral2/files/0x0006000000022e42-98.dat	upx
behavioral2/files/0x0006000000022e42-99.dat	upx
behavioral2/memory/2028-101-0x00007FF65F530000-0x00007FF65F925000-memory.dmp	upx
behavioral2/files/0x0006000000022e40-92.dat	upx
behavioral2/files/0x0006000000022e43-104.dat	upx
behavioral2/memory/3292-105-0x00007FF70F440000-0x00007FF70F835000-memory.dmp	upx
behavioral2/files/0x0006000000022e43-107.dat	upx
behavioral2/memory/4920-106-0x00007FF686B20000-0x00007FF686F15000-memory.dmp	upx
behavioral2/files/0x0006000000022e44-111.dat	upx
behavioral2/files/0x0006000000022e44-113.dat	upx
behavioral2/memory/4592-109-0x00007FF727630000-0x00007FF727A25000-memory.dmp	upx
behavioral2/memory/1188-115-0x00007FF739D50000-0x00007FF73A145000-memory.dmp	upx
behavioral2/memory/4872-116-0x00007FF64AFC0000-0x00007FF64B3B5000-memory.dmp	upx
behavioral2/memory/2348-95-0x00007FF7D9050000-0x00007FF7D9445000-memory.dmp	upx
behavioral2/memory/3952-91-0x00007FF7E8020000-0x00007FF7E8415000-memory.dmp	upx
behavioral2/files/0x0006000000022e45-119.dat	upx
behavioral2/files/0x0006000000022e47-127.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\zuktOAP.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\kIGfzSZ.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\galOpWU.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\eZgVtyi.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\gLnkUFt.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\pNCDytR.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\SrYraWj.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\sgZJNxH.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\DFeXjBy.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\xOIEcIR.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\HFLKFqo.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\YosdVwO.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\LioFwEr.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\RWwbJfV.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\odnITgg.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\PYMXNTg.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\fecqbou.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\pZCbbGr.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\KaeBaCL.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\WrWkExG.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\digIbwh.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\tApUmrp.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\DskvIKY.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\IjfSTor.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\xLvfZwu.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\wrbAhuN.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\smaGFkC.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\SpFIvmy.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\uVxBpwK.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\PPFBWcW.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\tDMojxS.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\LkVhPAn.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\swigbUI.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\xKLrrDt.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\HJJWtKq.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\ULbcEkR.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\tutoeqI.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\wIvRUXY.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\OZkcCVk.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\XPxDRhp.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\orARxSo.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\vALFvcz.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\BqkBMRy.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\xWtYJcx.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\yNkwoyr.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\eSNVaXE.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\PnNvtMl.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\gpzPtsE.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\saPUEWg.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\ePWSTBB.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\WhNNSZo.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\qoDmRKl.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\bMqxqLa.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\osPFsTJ.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\iVGlGpA.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\wxfGPUh.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\kCcqhPB.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\inyXtfA.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\PpSfTMe.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\eszeEzz.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\tfamAID.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\dlYhAkl.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\fTbfWSn.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe
File created	C:\Windows\System32\zIXOKSK.exe	NEAS.c6e92bda5320805d4b1626400c83c710.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	9068	dwm.exe
Token: SeChangeNotifyPrivilege	9068	dwm.exe
Token: 33	9068	dwm.exe
Token: SeIncBasePriorityPrivilege	9068	dwm.exe
Token: SeShutdownPrivilege	9068	dwm.exe
Token: SeCreatePagefilePrivilege	9068	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 5020	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	87
PID 4108 wrote to memory of 5020	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	87
PID 4108 wrote to memory of 1528	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	88
PID 4108 wrote to memory of 1528	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	88
PID 4108 wrote to memory of 4288	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	89
PID 4108 wrote to memory of 4288	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	89
PID 4108 wrote to memory of 2348	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	94
PID 4108 wrote to memory of 2348	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	94
PID 4108 wrote to memory of 4920	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	90
PID 4108 wrote to memory of 4920	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	90
PID 4108 wrote to memory of 4564	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	93
PID 4108 wrote to memory of 4564	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	93
PID 4108 wrote to memory of 4732	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	92
PID 4108 wrote to memory of 4732	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	92
PID 4108 wrote to memory of 404	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	91
PID 4108 wrote to memory of 404	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	91
PID 4108 wrote to memory of 1624	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	95
PID 4108 wrote to memory of 1624	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	95
PID 4108 wrote to memory of 4992	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	96
PID 4108 wrote to memory of 4992	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	96
PID 4108 wrote to memory of 856	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	97
PID 4108 wrote to memory of 856	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	97
PID 4108 wrote to memory of 1788	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	98
PID 4108 wrote to memory of 1788	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	98
PID 4108 wrote to memory of 3952	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	99
PID 4108 wrote to memory of 3952	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	99
PID 4108 wrote to memory of 2028	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	100
PID 4108 wrote to memory of 2028	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	100
PID 4108 wrote to memory of 3292	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	101
PID 4108 wrote to memory of 3292	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	101
PID 4108 wrote to memory of 4592	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	102
PID 4108 wrote to memory of 4592	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	102
PID 4108 wrote to memory of 1188	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	103
PID 4108 wrote to memory of 1188	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	103
PID 4108 wrote to memory of 4872	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	105
PID 4108 wrote to memory of 4872	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	105
PID 4108 wrote to memory of 3360	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	104
PID 4108 wrote to memory of 3360	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	104
PID 4108 wrote to memory of 3412	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	107
PID 4108 wrote to memory of 3412	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	107
PID 4108 wrote to memory of 612	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	108
PID 4108 wrote to memory of 612	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	108
PID 4108 wrote to memory of 4084	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	109
PID 4108 wrote to memory of 4084	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	109
PID 4108 wrote to memory of 3528	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	110
PID 4108 wrote to memory of 3528	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	110
PID 4108 wrote to memory of 416	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	111
PID 4108 wrote to memory of 416	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	111
PID 4108 wrote to memory of 2412	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	112
PID 4108 wrote to memory of 2412	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	112
PID 4108 wrote to memory of 4448	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	114
PID 4108 wrote to memory of 4448	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	114
PID 4108 wrote to memory of 4964	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	179
PID 4108 wrote to memory of 4964	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	179
PID 4108 wrote to memory of 208	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	115
PID 4108 wrote to memory of 208	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	115
PID 4108 wrote to memory of 4316	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	116
PID 4108 wrote to memory of 4316	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	116
PID 4108 wrote to memory of 1800	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	177
PID 4108 wrote to memory of 1800	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	177
PID 4108 wrote to memory of 112	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	117
PID 4108 wrote to memory of 112	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	117
PID 4108 wrote to memory of 2520	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	118
PID 4108 wrote to memory of 2520	4108	NEAS.c6e92bda5320805d4b1626400c83c710.exe	118

C:\Users\Admin\AppData\Local\Temp\NEAS.c6e92bda5320805d4b1626400c83c710.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c6e92bda5320805d4b1626400c83c710.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\System32\smaGFkC.exe
  C:\Windows\System32\smaGFkC.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System32\sDoBmpn.exe
  C:\Windows\System32\sDoBmpn.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System32\zJFndOj.exe
  C:\Windows\System32\zJFndOj.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System32\PpSfTMe.exe
  C:\Windows\System32\PpSfTMe.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System32\vALFvcz.exe
  C:\Windows\System32\vALFvcz.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System32\TIznBLH.exe
  C:\Windows\System32\TIznBLH.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System32\eUsuqkJ.exe
  C:\Windows\System32\eUsuqkJ.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System32\RXfRkCk.exe
  C:\Windows\System32\RXfRkCk.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System32\eszeEzz.exe
  C:\Windows\System32\eszeEzz.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System32\JFLJoeE.exe
  C:\Windows\System32\JFLJoeE.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System32\AyLghcq.exe
  C:\Windows\System32\AyLghcq.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System32\GDlNWuY.exe
  C:\Windows\System32\GDlNWuY.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System32\YCPQKud.exe
  C:\Windows\System32\YCPQKud.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System32\jZBZXhO.exe
  C:\Windows\System32\jZBZXhO.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System32\UdoRDen.exe
  C:\Windows\System32\UdoRDen.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System32\TLVghRh.exe
  C:\Windows\System32\TLVghRh.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System32\YosdVwO.exe
  C:\Windows\System32\YosdVwO.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System32\HJJWtKq.exe
  C:\Windows\System32\HJJWtKq.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System32\asktNIS.exe
  C:\Windows\System32\asktNIS.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\QyKgzGs.exe
  C:\Windows\System32\QyKgzGs.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System32\hMDkVie.exe
  C:\Windows\System32\hMDkVie.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System32\RFbEWRb.exe
  C:\Windows\System32\RFbEWRb.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System32\BqkBMRy.exe
  C:\Windows\System32\BqkBMRy.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System32\RfTDnPE.exe
  C:\Windows\System32\RfTDnPE.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System32\OjLYAYD.exe
  C:\Windows\System32\OjLYAYD.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System32\bxjfsVP.exe
  C:\Windows\System32\bxjfsVP.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System32\lIvZmxY.exe
  C:\Windows\System32\lIvZmxY.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System32\UuQBlcK.exe
  C:\Windows\System32\UuQBlcK.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System32\xXYQBsn.exe
  C:\Windows\System32\xXYQBsn.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System32\GNQdOkr.exe
  C:\Windows\System32\GNQdOkr.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System32\ZxOaIwp.exe
  C:\Windows\System32\ZxOaIwp.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System32\snXiEVm.exe
  C:\Windows\System32\snXiEVm.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System32\VyALuxR.exe
  C:\Windows\System32\VyALuxR.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System32\RwWuFWR.exe
  C:\Windows\System32\RwWuFWR.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System32\iXPVNmP.exe
  C:\Windows\System32\iXPVNmP.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System32\OuIkNkI.exe
  C:\Windows\System32\OuIkNkI.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System32\nqwnhpr.exe
  C:\Windows\System32\nqwnhpr.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System32\sNzJBWt.exe
  C:\Windows\System32\sNzJBWt.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System32\PapcuKK.exe
  C:\Windows\System32\PapcuKK.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System32\ngTjZAz.exe
  C:\Windows\System32\ngTjZAz.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System32\mblFerP.exe
  C:\Windows\System32\mblFerP.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System32\egGXepa.exe
  C:\Windows\System32\egGXepa.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System32\VskJiux.exe
  C:\Windows\System32\VskJiux.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System32\IFpuJpn.exe
  C:\Windows\System32\IFpuJpn.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System32\wXbGupQ.exe
  C:\Windows\System32\wXbGupQ.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System32\ezkdOmo.exe
  C:\Windows\System32\ezkdOmo.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System32\SpFIvmy.exe
  C:\Windows\System32\SpFIvmy.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System32\tApUmrp.exe
  C:\Windows\System32\tApUmrp.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System32\AReezfS.exe
  C:\Windows\System32\AReezfS.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System32\VHNpegn.exe
  C:\Windows\System32\VHNpegn.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System32\odBPlUT.exe
  C:\Windows\System32\odBPlUT.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System32\cyPwdea.exe
  C:\Windows\System32\cyPwdea.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System32\ULbcEkR.exe
  C:\Windows\System32\ULbcEkR.exe
  2⤵
  PID:2560
- C:\Windows\System32\BBHZPMp.exe
  C:\Windows\System32\BBHZPMp.exe
  2⤵
  PID:1172
- C:\Windows\System32\wdAIbbU.exe
  C:\Windows\System32\wdAIbbU.exe
  2⤵
  PID:5076
- C:\Windows\System32\tutoeqI.exe
  C:\Windows\System32\tutoeqI.exe
  2⤵
  PID:1192
- C:\Windows\System32\RXJdiab.exe
  C:\Windows\System32\RXJdiab.exe
  2⤵
  PID:4792
- C:\Windows\System32\fcSkUNa.exe
  C:\Windows\System32\fcSkUNa.exe
  2⤵
  PID:984
- C:\Windows\System32\SrYraWj.exe
  C:\Windows\System32\SrYraWj.exe
  2⤵
  PID:3504
- C:\Windows\System32\RqioLFH.exe
  C:\Windows\System32\RqioLFH.exe
  2⤵
  PID:4612
- C:\Windows\System32\EEUOghO.exe
  C:\Windows\System32\EEUOghO.exe
  2⤵
  PID:5000
- C:\Windows\System32\OyKIwXf.exe
  C:\Windows\System32\OyKIwXf.exe
  2⤵
  PID:5128
- C:\Windows\System32\BMwozvx.exe
  C:\Windows\System32\BMwozvx.exe
  2⤵
  PID:5180
- C:\Windows\System32\PGgftwe.exe
  C:\Windows\System32\PGgftwe.exe
  2⤵
  PID:5152
- C:\Windows\System32\enSPKWg.exe
  C:\Windows\System32\enSPKWg.exe
  2⤵
  PID:5208
- C:\Windows\System32\sKbjYTM.exe
  C:\Windows\System32\sKbjYTM.exe
  2⤵
  PID:5264
- C:\Windows\System32\CjPOFZZ.exe
  C:\Windows\System32\CjPOFZZ.exe
  2⤵
  PID:5292
- C:\Windows\System32\fGDTjZv.exe
  C:\Windows\System32\fGDTjZv.exe
  2⤵
  PID:5324
- C:\Windows\System32\bemzBlW.exe
  C:\Windows\System32\bemzBlW.exe
  2⤵
  PID:5352
- C:\Windows\System32\ZKpKtkK.exe
  C:\Windows\System32\ZKpKtkK.exe
  2⤵
  PID:5376
- C:\Windows\System32\RfmxwEi.exe
  C:\Windows\System32\RfmxwEi.exe
  2⤵
  PID:5404
- C:\Windows\System32\TFUxEGZ.exe
  C:\Windows\System32\TFUxEGZ.exe
  2⤵
  PID:5460
- C:\Windows\System32\DyVKspa.exe
  C:\Windows\System32\DyVKspa.exe
  2⤵
  PID:5432
- C:\Windows\System32\KViBMBt.exe
  C:\Windows\System32\KViBMBt.exe
  2⤵
  PID:5240
- C:\Windows\System32\wFxbBfp.exe
  C:\Windows\System32\wFxbBfp.exe
  2⤵
  PID:4868
- C:\Windows\System32\CMtweMd.exe
  C:\Windows\System32\CMtweMd.exe
  2⤵
  PID:4908
- C:\Windows\System32\gVEKInl.exe
  C:\Windows\System32\gVEKInl.exe
  2⤵
  PID:3796
- C:\Windows\System32\DskvIKY.exe
  C:\Windows\System32\DskvIKY.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System32\DHHKVmc.exe
  C:\Windows\System32\DHHKVmc.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\bpYQNSV.exe
  C:\Windows\System32\bpYQNSV.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\gpzPtsE.exe
  C:\Windows\System32\gpzPtsE.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\UItQsjh.exe
  C:\Windows\System32\UItQsjh.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System32\hDzKpBp.exe
  C:\Windows\System32\hDzKpBp.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System32\RhLeObh.exe
  C:\Windows\System32\RhLeObh.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System32\TGbvSuu.exe
  C:\Windows\System32\TGbvSuu.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System32\VFlbqFc.exe
  C:\Windows\System32\VFlbqFc.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System32\EBwEqMl.exe
  C:\Windows\System32\EBwEqMl.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System32\pNCDytR.exe
  C:\Windows\System32\pNCDytR.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System32\tkaRxqn.exe
  C:\Windows\System32\tkaRxqn.exe
  2⤵
  PID:5548
- C:\Windows\System32\VpfaLJy.exe
  C:\Windows\System32\VpfaLJy.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System32\axadCht.exe
  C:\Windows\System32\axadCht.exe
  2⤵
  PID:5576
- C:\Windows\System32\uxUlBOH.exe
  C:\Windows\System32\uxUlBOH.exe
  2⤵
  PID:5592
- C:\Windows\System32\eaksqtW.exe
  C:\Windows\System32\eaksqtW.exe
  2⤵
  PID:5660
- C:\Windows\System32\oDAghZe.exe
  C:\Windows\System32\oDAghZe.exe
  2⤵
  PID:5692
- C:\Windows\System32\LSWxZYa.exe
  C:\Windows\System32\LSWxZYa.exe
  2⤵
  PID:5764
- C:\Windows\System32\sgZJNxH.exe
  C:\Windows\System32\sgZJNxH.exe
  2⤵
  PID:5844
- C:\Windows\System32\rkqVKnV.exe
  C:\Windows\System32\rkqVKnV.exe
  2⤵
  PID:5864
- C:\Windows\System32\NdhVAaZ.exe
  C:\Windows\System32\NdhVAaZ.exe
  2⤵
  PID:5924
- C:\Windows\System32\sMUeAiQ.exe
  C:\Windows\System32\sMUeAiQ.exe
  2⤵
  PID:5904
- C:\Windows\System32\xWtYJcx.exe
  C:\Windows\System32\xWtYJcx.exe
  2⤵
  PID:6044
- C:\Windows\System32\JdYiGlh.exe
  C:\Windows\System32\JdYiGlh.exe
  2⤵
  PID:6092
- C:\Windows\System32\lrZISmn.exe
  C:\Windows\System32\lrZISmn.exe
  2⤵
  PID:4464
- C:\Windows\System32\YGoyrmV.exe
  C:\Windows\System32\YGoyrmV.exe
  2⤵
  PID:408
- C:\Windows\System32\TBnNUDG.exe
  C:\Windows\System32\TBnNUDG.exe
  2⤵
  PID:3816
- C:\Windows\System32\wIvRUXY.exe
  C:\Windows\System32\wIvRUXY.exe
  2⤵
  PID:5248
- C:\Windows\System32\WCizphG.exe
  C:\Windows\System32\WCizphG.exe
  2⤵
  PID:5192
- C:\Windows\System32\LXtsicE.exe
  C:\Windows\System32\LXtsicE.exe
  2⤵
  PID:4560
- C:\Windows\System32\iMTtUgK.exe
  C:\Windows\System32\iMTtUgK.exe
  2⤵
  PID:5400
- C:\Windows\System32\yNjVfjh.exe
  C:\Windows\System32\yNjVfjh.exe
  2⤵
  PID:3792
- C:\Windows\System32\ZMgKUDy.exe
  C:\Windows\System32\ZMgKUDy.exe
  2⤵
  PID:3992
- C:\Windows\System32\NGMhhUL.exe
  C:\Windows\System32\NGMhhUL.exe
  2⤵
  PID:1256
- C:\Windows\System32\AgpWVSt.exe
  C:\Windows\System32\AgpWVSt.exe
  2⤵
  PID:3084
- C:\Windows\System32\wGvVnsS.exe
  C:\Windows\System32\wGvVnsS.exe
  2⤵
  PID:3972
- C:\Windows\System32\ISVVTvO.exe
  C:\Windows\System32\ISVVTvO.exe
  2⤵
  PID:5680
- C:\Windows\System32\VdyXcvW.exe
  C:\Windows\System32\VdyXcvW.exe
  2⤵
  PID:5728
- C:\Windows\System32\DFeXjBy.exe
  C:\Windows\System32\DFeXjBy.exe
  2⤵
  PID:5836
- C:\Windows\System32\Bkrbfwy.exe
  C:\Windows\System32\Bkrbfwy.exe
  2⤵
  PID:5784
- C:\Windows\System32\lIvAHth.exe
  C:\Windows\System32\lIvAHth.exe
  2⤵
  PID:1632
- C:\Windows\System32\YKyDmZE.exe
  C:\Windows\System32\YKyDmZE.exe
  2⤵
  PID:6076
- C:\Windows\System32\SqJDLuk.exe
  C:\Windows\System32\SqJDLuk.exe
  2⤵
  PID:6108
- C:\Windows\System32\TPJbtQf.exe
  C:\Windows\System32\TPJbtQf.exe
  2⤵
  PID:2212
- C:\Windows\System32\fbwIdxy.exe
  C:\Windows\System32\fbwIdxy.exe
  2⤵
  PID:2312
- C:\Windows\System32\nOCmLWV.exe
  C:\Windows\System32\nOCmLWV.exe
  2⤵
  PID:5316
- C:\Windows\System32\UcoIkvs.exe
  C:\Windows\System32\UcoIkvs.exe
  2⤵
  PID:5444
- C:\Windows\System32\GMiwaTQ.exe
  C:\Windows\System32\GMiwaTQ.exe
  2⤵
  PID:5360
- C:\Windows\System32\inWEAAh.exe
  C:\Windows\System32\inWEAAh.exe
  2⤵
  PID:2464
- C:\Windows\System32\NRNWJNv.exe
  C:\Windows\System32\NRNWJNv.exe
  2⤵
  PID:5800
- C:\Windows\System32\zuktOAP.exe
  C:\Windows\System32\zuktOAP.exe
  2⤵
  PID:1548
- C:\Windows\System32\PYMXNTg.exe
  C:\Windows\System32\PYMXNTg.exe
  2⤵
  PID:4812
- C:\Windows\System32\mmULYmH.exe
  C:\Windows\System32\mmULYmH.exe
  2⤵
  PID:5224
- C:\Windows\System32\BcdXssm.exe
  C:\Windows\System32\BcdXssm.exe
  2⤵
  PID:2960
- C:\Windows\System32\GXVBedi.exe
  C:\Windows\System32\GXVBedi.exe
  2⤵
  PID:4016
- C:\Windows\System32\mRIlmDe.exe
  C:\Windows\System32\mRIlmDe.exe
  2⤵
  PID:5656
- C:\Windows\System32\xGFlaNk.exe
  C:\Windows\System32\xGFlaNk.exe
  2⤵
  PID:5852
- C:\Windows\System32\fecqbou.exe
  C:\Windows\System32\fecqbou.exe
  2⤵
  PID:4684
- C:\Windows\System32\mdcoWKB.exe
  C:\Windows\System32\mdcoWKB.exe
  2⤵
  PID:2568
- C:\Windows\System32\IjfSTor.exe
  C:\Windows\System32\IjfSTor.exe
  2⤵
  PID:3092
- C:\Windows\System32\bMqxqLa.exe
  C:\Windows\System32\bMqxqLa.exe
  2⤵
  PID:5508
- C:\Windows\System32\opiFKcV.exe
  C:\Windows\System32\opiFKcV.exe
  2⤵
  PID:5896
- C:\Windows\System32\GWoDnGZ.exe
  C:\Windows\System32\GWoDnGZ.exe
  2⤵
  PID:5544
- C:\Windows\System32\saPUEWg.exe
  C:\Windows\System32\saPUEWg.exe
  2⤵
  PID:1844
- C:\Windows\System32\NGNbryX.exe
  C:\Windows\System32\NGNbryX.exe
  2⤵
  PID:6156
- C:\Windows\System32\ayAlSKR.exe
  C:\Windows\System32\ayAlSKR.exe
  2⤵
  PID:6216
- C:\Windows\System32\osPFsTJ.exe
  C:\Windows\System32\osPFsTJ.exe
  2⤵
  PID:6196
- C:\Windows\System32\ScbREJt.exe
  C:\Windows\System32\ScbREJt.exe
  2⤵
  PID:6232
- C:\Windows\System32\VnsnWEE.exe
  C:\Windows\System32\VnsnWEE.exe
  2⤵
  PID:6256
- C:\Windows\System32\pZCbbGr.exe
  C:\Windows\System32\pZCbbGr.exe
  2⤵
  PID:6276
- C:\Windows\System32\tfamAID.exe
  C:\Windows\System32\tfamAID.exe
  2⤵
  PID:6304
- C:\Windows\System32\ryHKlTi.exe
  C:\Windows\System32\ryHKlTi.exe
  2⤵
  PID:6380
- C:\Windows\System32\ePWSTBB.exe
  C:\Windows\System32\ePWSTBB.exe
  2⤵
  PID:6360
- C:\Windows\System32\yNkwoyr.exe
  C:\Windows\System32\yNkwoyr.exe
  2⤵
  PID:6448
- C:\Windows\System32\lVRCkAk.exe
  C:\Windows\System32\lVRCkAk.exe
  2⤵
  PID:6480
- C:\Windows\System32\ztBpYUQ.exe
  C:\Windows\System32\ztBpYUQ.exe
  2⤵
  PID:6508
- C:\Windows\System32\MHNABVe.exe
  C:\Windows\System32\MHNABVe.exe
  2⤵
  PID:6528
- C:\Windows\System32\wAtMTAH.exe
  C:\Windows\System32\wAtMTAH.exe
  2⤵
  PID:6556
- C:\Windows\System32\wHtMgpv.exe
  C:\Windows\System32\wHtMgpv.exe
  2⤵
  PID:6588
- C:\Windows\System32\YCZjssG.exe
  C:\Windows\System32\YCZjssG.exe
  2⤵
  PID:6604
- C:\Windows\System32\xOIEcIR.exe
  C:\Windows\System32\xOIEcIR.exe
  2⤵
  PID:6628
- C:\Windows\System32\DqSCBQO.exe
  C:\Windows\System32\DqSCBQO.exe
  2⤵
  PID:6688
- C:\Windows\System32\savxSgS.exe
  C:\Windows\System32\savxSgS.exe
  2⤵
  PID:6668
- C:\Windows\System32\eAXloNQ.exe
  C:\Windows\System32\eAXloNQ.exe
  2⤵
  PID:6748
- C:\Windows\System32\gbTqCZJ.exe
  C:\Windows\System32\gbTqCZJ.exe
  2⤵
  PID:6776
- C:\Windows\System32\wXJtEDG.exe
  C:\Windows\System32\wXJtEDG.exe
  2⤵
  PID:6812
- C:\Windows\System32\EPjVOGx.exe
  C:\Windows\System32\EPjVOGx.exe
  2⤵
  PID:6840
- C:\Windows\System32\FPRmrbI.exe
  C:\Windows\System32\FPRmrbI.exe
  2⤵
  PID:6860
- C:\Windows\System32\wLtzvYf.exe
  C:\Windows\System32\wLtzvYf.exe
  2⤵
  PID:6924
- C:\Windows\System32\hORRPwO.exe
  C:\Windows\System32\hORRPwO.exe
  2⤵
  PID:6904
- C:\Windows\System32\mDDtECh.exe
  C:\Windows\System32\mDDtECh.exe
  2⤵
  PID:6880
- C:\Windows\System32\CQgxwuM.exe
  C:\Windows\System32\CQgxwuM.exe
  2⤵
  PID:6956
- C:\Windows\System32\HFLKFqo.exe
  C:\Windows\System32\HFLKFqo.exe
  2⤵
  PID:7008
- C:\Windows\System32\iVGlGpA.exe
  C:\Windows\System32\iVGlGpA.exe
  2⤵
  PID:6984
- C:\Windows\System32\lwJJWrC.exe
  C:\Windows\System32\lwJJWrC.exe
  2⤵
  PID:7056
- C:\Windows\System32\GvrZSoR.exe
  C:\Windows\System32\GvrZSoR.exe
  2⤵
  PID:7084
- C:\Windows\System32\eDNFEXF.exe
  C:\Windows\System32\eDNFEXF.exe
  2⤵
  PID:7132
- C:\Windows\System32\jmBfrZE.exe
  C:\Windows\System32\jmBfrZE.exe
  2⤵
  PID:7108
- C:\Windows\System32\MbYzVyk.exe
  C:\Windows\System32\MbYzVyk.exe
  2⤵
  PID:4884
- C:\Windows\System32\BdectGl.exe
  C:\Windows\System32\BdectGl.exe
  2⤵
  PID:6212
- C:\Windows\System32\gscxcXe.exe
  C:\Windows\System32\gscxcXe.exe
  2⤵
  PID:6252
- C:\Windows\System32\OhoMFOY.exe
  C:\Windows\System32\OhoMFOY.exe
  2⤵
  PID:6344
- C:\Windows\System32\becAOQZ.exe
  C:\Windows\System32\becAOQZ.exe
  2⤵
  PID:6372
- C:\Windows\System32\KaeBaCL.exe
  C:\Windows\System32\KaeBaCL.exe
  2⤵
  PID:6428
- C:\Windows\System32\cAWDYBs.exe
  C:\Windows\System32\cAWDYBs.exe
  2⤵
  PID:6548
- C:\Windows\System32\tLHryrO.exe
  C:\Windows\System32\tLHryrO.exe
  2⤵
  PID:6596
- C:\Windows\System32\vPbAaMG.exe
  C:\Windows\System32\vPbAaMG.exe
  2⤵
  PID:6740
- C:\Windows\System32\uVxBpwK.exe
  C:\Windows\System32\uVxBpwK.exe
  2⤵
  PID:6824
- C:\Windows\System32\GRVoqST.exe
  C:\Windows\System32\GRVoqST.exe
  2⤵
  PID:6800
- C:\Windows\System32\DgGNFbU.exe
  C:\Windows\System32\DgGNFbU.exe
  2⤵
  PID:6932
- C:\Windows\System32\jbdrAdc.exe
  C:\Windows\System32\jbdrAdc.exe
  2⤵
  PID:6876
- C:\Windows\System32\uiOBZeX.exe
  C:\Windows\System32\uiOBZeX.exe
  2⤵
  PID:6972
- C:\Windows\System32\admHrlD.exe
  C:\Windows\System32\admHrlD.exe
  2⤵
  PID:7080
- C:\Windows\System32\izBZKXa.exe
  C:\Windows\System32\izBZKXa.exe
  2⤵
  PID:6892
- C:\Windows\System32\RKGejPl.exe
  C:\Windows\System32\RKGejPl.exe
  2⤵
  PID:6036
- C:\Windows\System32\jblXbYK.exe
  C:\Windows\System32\jblXbYK.exe
  2⤵
  PID:6416
- C:\Windows\System32\kOZFLSs.exe
  C:\Windows\System32\kOZFLSs.exe
  2⤵
  PID:6460
- C:\Windows\System32\GMbKRBg.exe
  C:\Windows\System32\GMbKRBg.exe
  2⤵
  PID:6676
- C:\Windows\System32\mbvelsk.exe
  C:\Windows\System32\mbvelsk.exe
  2⤵
  PID:6896
- C:\Windows\System32\mljvlHH.exe
  C:\Windows\System32\mljvlHH.exe
  2⤵
  PID:6832
- C:\Windows\System32\vKaBKgW.exe
  C:\Windows\System32\vKaBKgW.exe
  2⤵
  PID:7104
- C:\Windows\System32\kvxpdzy.exe
  C:\Windows\System32\kvxpdzy.exe
  2⤵
  PID:7004
- C:\Windows\System32\OZkcCVk.exe
  C:\Windows\System32\OZkcCVk.exe
  2⤵
  PID:6240
- C:\Windows\System32\ZHJLeeI.exe
  C:\Windows\System32\ZHJLeeI.exe
  2⤵
  PID:6436
- C:\Windows\System32\dfmeiAh.exe
  C:\Windows\System32\dfmeiAh.exe
  2⤵
  PID:7140
- C:\Windows\System32\FxQJbnm.exe
  C:\Windows\System32\FxQJbnm.exe
  2⤵
  PID:7208
- C:\Windows\System32\KHtNdbe.exe
  C:\Windows\System32\KHtNdbe.exe
  2⤵
  PID:7184
- C:\Windows\System32\fiBoeWd.exe
  C:\Windows\System32\fiBoeWd.exe
  2⤵
  PID:6264
- C:\Windows\System32\WVsrwrt.exe
  C:\Windows\System32\WVsrwrt.exe
  2⤵
  PID:6992
- C:\Windows\System32\kIGfzSZ.exe
  C:\Windows\System32\kIGfzSZ.exe
  2⤵
  PID:628
- C:\Windows\System32\MyORMXF.exe
  C:\Windows\System32\MyORMXF.exe
  2⤵
  PID:5616
- C:\Windows\System32\EoXGHBe.exe
  C:\Windows\System32\EoXGHBe.exe
  2⤵
  PID:7296
- C:\Windows\System32\HveXVbg.exe
  C:\Windows\System32\HveXVbg.exe
  2⤵
  PID:7336
- C:\Windows\System32\ppGaLzv.exe
  C:\Windows\System32\ppGaLzv.exe
  2⤵
  PID:7416
- C:\Windows\System32\galOpWU.exe
  C:\Windows\System32\galOpWU.exe
  2⤵
  PID:7400
- C:\Windows\System32\wmfhTUd.exe
  C:\Windows\System32\wmfhTUd.exe
  2⤵
  PID:7380
- C:\Windows\System32\kmAUZpk.exe
  C:\Windows\System32\kmAUZpk.exe
  2⤵
  PID:7432
- C:\Windows\System32\dlYhAkl.exe
  C:\Windows\System32\dlYhAkl.exe
  2⤵
  PID:7476
- C:\Windows\System32\XPxDRhp.exe
  C:\Windows\System32\XPxDRhp.exe
  2⤵
  PID:7496
- C:\Windows\System32\wnRIxtA.exe
  C:\Windows\System32\wnRIxtA.exe
  2⤵
  PID:7516
- C:\Windows\System32\ihCnqyQ.exe
  C:\Windows\System32\ihCnqyQ.exe
  2⤵
  PID:7704
- C:\Windows\System32\ZSOxHPI.exe
  C:\Windows\System32\ZSOxHPI.exe
  2⤵
  PID:7720
- C:\Windows\System32\vqHbpot.exe
  C:\Windows\System32\vqHbpot.exe
  2⤵
  PID:7764
- C:\Windows\System32\FjtxjVt.exe
  C:\Windows\System32\FjtxjVt.exe
  2⤵
  PID:7740
- C:\Windows\System32\jgcPYnc.exe
  C:\Windows\System32\jgcPYnc.exe
  2⤵
  PID:7796
- C:\Windows\System32\zDLHTkT.exe
  C:\Windows\System32\zDLHTkT.exe
  2⤵
  PID:7820
- C:\Windows\System32\iHhvlcJ.exe
  C:\Windows\System32\iHhvlcJ.exe
  2⤵
  PID:7844
- C:\Windows\System32\UBzTyav.exe
  C:\Windows\System32\UBzTyav.exe
  2⤵
  PID:7900
- C:\Windows\System32\XANNDSX.exe
  C:\Windows\System32\XANNDSX.exe
  2⤵
  PID:7968
- C:\Windows\System32\IlLPGCd.exe
  C:\Windows\System32\IlLPGCd.exe
  2⤵
  PID:7944
- C:\Windows\System32\phIUvcC.exe
  C:\Windows\System32\phIUvcC.exe
  2⤵
  PID:8016
- C:\Windows\System32\hVPCTmr.exe
  C:\Windows\System32\hVPCTmr.exe
  2⤵
  PID:8044
- C:\Windows\System32\Guvkuap.exe
  C:\Windows\System32\Guvkuap.exe
  2⤵
  PID:8088
- C:\Windows\System32\lEusOxk.exe
  C:\Windows\System32\lEusOxk.exe
  2⤵
  PID:8108
- C:\Windows\System32\ZXwRVjN.exe
  C:\Windows\System32\ZXwRVjN.exe
  2⤵
  PID:8132
- C:\Windows\System32\dYJBfic.exe
  C:\Windows\System32\dYJBfic.exe
  2⤵
  PID:8176
- C:\Windows\System32\nOefRlA.exe
  C:\Windows\System32\nOefRlA.exe
  2⤵
  PID:7196
- C:\Windows\System32\WrWkExG.exe
  C:\Windows\System32\WrWkExG.exe
  2⤵
  PID:7260
- C:\Windows\System32\UWbcCVK.exe
  C:\Windows\System32\UWbcCVK.exe
  2⤵
  PID:3212
- C:\Windows\System32\CmpcJvH.exe
  C:\Windows\System32\CmpcJvH.exe
  2⤵
  PID:7392
- C:\Windows\System32\OgrGszh.exe
  C:\Windows\System32\OgrGszh.exe
  2⤵
  PID:7408
- C:\Windows\System32\UWYlTEA.exe
  C:\Windows\System32\UWYlTEA.exe
  2⤵
  PID:7456
- C:\Windows\System32\digIbwh.exe
  C:\Windows\System32\digIbwh.exe
  2⤵
  PID:7528
- C:\Windows\System32\LioFwEr.exe
  C:\Windows\System32\LioFwEr.exe
  2⤵
  PID:7504
- C:\Windows\System32\PPFBWcW.exe
  C:\Windows\System32\PPFBWcW.exe
  2⤵
  PID:7656
- C:\Windows\System32\bwbWMvt.exe
  C:\Windows\System32\bwbWMvt.exe
  2⤵
  PID:7732
- C:\Windows\System32\sulQSwM.exe
  C:\Windows\System32\sulQSwM.exe
  2⤵
  PID:7816
- C:\Windows\System32\rOPOKVg.exe
  C:\Windows\System32\rOPOKVg.exe
  2⤵
  PID:8004
- C:\Windows\System32\WhNNSZo.exe
  C:\Windows\System32\WhNNSZo.exe
  2⤵
  PID:7928
- C:\Windows\System32\NzzPHdH.exe
  C:\Windows\System32\NzzPHdH.exe
  2⤵
  PID:7884
- C:\Windows\System32\zfilKIq.exe
  C:\Windows\System32\zfilKIq.exe
  2⤵
  PID:8060
- C:\Windows\System32\odnITgg.exe
  C:\Windows\System32\odnITgg.exe
  2⤵
  PID:2192
- C:\Windows\System32\MDeKQKS.exe
  C:\Windows\System32\MDeKQKS.exe
  2⤵
  PID:6180
- C:\Windows\System32\nKQyjYu.exe
  C:\Windows\System32\nKQyjYu.exe
  2⤵
  PID:2444
- C:\Windows\System32\spuRhLj.exe
  C:\Windows\System32\spuRhLj.exe
  2⤵
  PID:7440
- C:\Windows\System32\AOVJBtb.exe
  C:\Windows\System32\AOVJBtb.exe
  2⤵
  PID:5792
- C:\Windows\System32\eSNVaXE.exe
  C:\Windows\System32\eSNVaXE.exe
  2⤵
  PID:7172
- C:\Windows\System32\iHEViLC.exe
  C:\Windows\System32\iHEViLC.exe
  2⤵
  PID:4488
- C:\Windows\System32\qJKhzAw.exe
  C:\Windows\System32\qJKhzAw.exe
  2⤵
  PID:7716
- C:\Windows\System32\kTOmLox.exe
  C:\Windows\System32\kTOmLox.exe
  2⤵
  PID:7684
- C:\Windows\System32\YWJsYIE.exe
  C:\Windows\System32\YWJsYIE.exe
  2⤵
  PID:7072
- C:\Windows\System32\RebQBVA.exe
  C:\Windows\System32\RebQBVA.exe
  2⤵
  PID:7540
- C:\Windows\System32\PTqqWEz.exe
  C:\Windows\System32\PTqqWEz.exe
  2⤵
  PID:6756
- C:\Windows\System32\fTbfWSn.exe
  C:\Windows\System32\fTbfWSn.exe
  2⤵
  PID:8104
- C:\Windows\System32\azkjzOI.exe
  C:\Windows\System32\azkjzOI.exe
  2⤵
  PID:7984
- C:\Windows\System32\WTLxRJg.exe
  C:\Windows\System32\WTLxRJg.exe
  2⤵
  PID:7680
- C:\Windows\System32\ALxaPbR.exe
  C:\Windows\System32\ALxaPbR.exe
  2⤵
  PID:8128
- C:\Windows\System32\iJORlqE.exe
  C:\Windows\System32\iJORlqE.exe
  2⤵
  PID:7700
- C:\Windows\System32\yTisQjK.exe
  C:\Windows\System32\yTisQjK.exe
  2⤵
  PID:7312
- C:\Windows\System32\BaPrteR.exe
  C:\Windows\System32\BaPrteR.exe
  2⤵
  PID:8200
- C:\Windows\System32\ayEHjFq.exe
  C:\Windows\System32\ayEHjFq.exe
  2⤵
  PID:8220
- C:\Windows\System32\VVoqqEE.exe
  C:\Windows\System32\VVoqqEE.exe
  2⤵
  PID:8236
- C:\Windows\System32\cRaQBhs.exe
  C:\Windows\System32\cRaQBhs.exe
  2⤵
  PID:8272
- C:\Windows\System32\BybEWHD.exe
  C:\Windows\System32\BybEWHD.exe
  2⤵
  PID:8316
- C:\Windows\System32\wxfGPUh.exe
  C:\Windows\System32\wxfGPUh.exe
  2⤵
  PID:8360
- C:\Windows\System32\tDMojxS.exe
  C:\Windows\System32\tDMojxS.exe
  2⤵
  PID:8340
- C:\Windows\System32\VTBjLzL.exe
  C:\Windows\System32\VTBjLzL.exe
  2⤵
  PID:8380
- C:\Windows\System32\RWwbJfV.exe
  C:\Windows\System32\RWwbJfV.exe
  2⤵
  PID:8444
- C:\Windows\System32\SePOzsq.exe
  C:\Windows\System32\SePOzsq.exe
  2⤵
  PID:8416
- C:\Windows\System32\jLXdkiA.exe
  C:\Windows\System32\jLXdkiA.exe
  2⤵
  PID:8516
- C:\Windows\System32\eZgVtyi.exe
  C:\Windows\System32\eZgVtyi.exe
  2⤵
  PID:8480
- C:\Windows\System32\rLAfBQt.exe
  C:\Windows\System32\rLAfBQt.exe
  2⤵
  PID:8400
- C:\Windows\System32\GheAJPl.exe
  C:\Windows\System32\GheAJPl.exe
  2⤵
  PID:8624
- C:\Windows\System32\kCcqhPB.exe
  C:\Windows\System32\kCcqhPB.exe
  2⤵
  PID:8644
- C:\Windows\System32\AzkHqQd.exe
  C:\Windows\System32\AzkHqQd.exe
  2⤵
  PID:8676
- C:\Windows\System32\uQYalNU.exe
  C:\Windows\System32\uQYalNU.exe
  2⤵
  PID:8704
- C:\Windows\System32\LkVhPAn.exe
  C:\Windows\System32\LkVhPAn.exe
  2⤵
  PID:8764
- C:\Windows\System32\llDUseU.exe
  C:\Windows\System32\llDUseU.exe
  2⤵
  PID:8796
- C:\Windows\System32\gLnkUFt.exe
  C:\Windows\System32\gLnkUFt.exe
  2⤵
  PID:8812
- C:\Windows\System32\siuIkUp.exe
  C:\Windows\System32\siuIkUp.exe
  2⤵
  PID:8840
- C:\Windows\System32\IpxViOS.exe
  C:\Windows\System32\IpxViOS.exe
  2⤵
  PID:8864
- C:\Windows\System32\cTkREtB.exe
  C:\Windows\System32\cTkREtB.exe
  2⤵
  PID:8912
- C:\Windows\System32\swigbUI.exe
  C:\Windows\System32\swigbUI.exe
  2⤵
  PID:8884
- C:\Windows\System32\WZPTwCC.exe
  C:\Windows\System32\WZPTwCC.exe
  2⤵
  PID:8932
- C:\Windows\System32\spnqkGd.exe
  C:\Windows\System32\spnqkGd.exe
  2⤵
  PID:8960
- C:\Windows\System32\inyXtfA.exe
  C:\Windows\System32\inyXtfA.exe
  2⤵
  PID:9044
- C:\Windows\System32\ECXWEiG.exe
  C:\Windows\System32\ECXWEiG.exe
  2⤵
  PID:9076
- C:\Windows\System32\zIXOKSK.exe
  C:\Windows\System32\zIXOKSK.exe
  2⤵
  PID:9104
- C:\Windows\System32\xLvfZwu.exe
  C:\Windows\System32\xLvfZwu.exe
  2⤵
  PID:9136
- C:\Windows\System32\JqAIPSQ.exe
  C:\Windows\System32\JqAIPSQ.exe
  2⤵
  PID:9180
- C:\Windows\System32\VbbhyeH.exe
  C:\Windows\System32\VbbhyeH.exe
  2⤵
  PID:9200
- C:\Windows\System32\cnpYtuo.exe
  C:\Windows\System32\cnpYtuo.exe
  2⤵
  PID:8140
- C:\Windows\System32\WvWqfHE.exe
  C:\Windows\System32\WvWqfHE.exe
  2⤵
  PID:8280
- C:\Windows\System32\rBZITzs.exe
  C:\Windows\System32\rBZITzs.exe
  2⤵
  PID:8356
- C:\Windows\System32\bTRucIm.exe
  C:\Windows\System32\bTRucIm.exe
  2⤵
  PID:8412
- C:\Windows\System32\ZbPmWOs.exe
  C:\Windows\System32\ZbPmWOs.exe
  2⤵
  PID:8468
- C:\Windows\System32\DYljVPY.exe
  C:\Windows\System32\DYljVPY.exe
  2⤵
  PID:8552
- C:\Windows\System32\WNFcIVe.exe
  C:\Windows\System32\WNFcIVe.exe
  2⤵
  PID:8596
- C:\Windows\System32\bpGCrvk.exe
  C:\Windows\System32\bpGCrvk.exe
  2⤵
  PID:2620
- C:\Windows\System32\wrbAhuN.exe
  C:\Windows\System32\wrbAhuN.exe
  2⤵
  PID:5052
- C:\Windows\System32\PnNvtMl.exe
  C:\Windows\System32\PnNvtMl.exe
  2⤵
  PID:1484
- C:\Windows\System32\YgSGStO.exe
  C:\Windows\System32\YgSGStO.exe
  2⤵
  PID:8712
- C:\Windows\System32\VpjZwUG.exe
  C:\Windows\System32\VpjZwUG.exe
  2⤵
  PID:3712
- C:\Windows\System32\kzaDKjE.exe
  C:\Windows\System32\kzaDKjE.exe
  2⤵
  PID:8792

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:9068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AyLghcq.exe

Filesize
2.9MB

MD5
b591d18e9387169eccb9d1be734a2d20

SHA1
ecf1eb00464cdebc4a56665250473813b69bdc03

SHA256
0431f540b8a5507b1fc1695c11a2ee600e2fce1eaaec158a05458c328ccc3541

SHA512
3c080793c6221f1abf20851c5de3462b1b7d0fd49a266633fbc47e9dd15cd7fd4a47370f3e2a56eb1d67d45e8e25d4b863188234e89ce32f779a1ca4a5b9c71b

Download Submit
C:\Windows\System32\AyLghcq.exe

Filesize
2.9MB

MD5
b591d18e9387169eccb9d1be734a2d20

SHA1
ecf1eb00464cdebc4a56665250473813b69bdc03

SHA256
0431f540b8a5507b1fc1695c11a2ee600e2fce1eaaec158a05458c328ccc3541

SHA512
3c080793c6221f1abf20851c5de3462b1b7d0fd49a266633fbc47e9dd15cd7fd4a47370f3e2a56eb1d67d45e8e25d4b863188234e89ce32f779a1ca4a5b9c71b

Download Submit
C:\Windows\System32\BqkBMRy.exe

Filesize
2.9MB

MD5
63a9fa7b6d334a6571d4398d14e1e961

SHA1
d57a392f0e959e03e6470c20922160de61797e8a

SHA256
b91971e43cffb4420cbfbdf0af167bb033fcd1769c17315e5789de93597cfc83

SHA512
907b9f90ae91e74e81f876aefc9666d1a66c3b132a3e7c3e60d3e4c8a199e12aad1638cc647e262d342ec0f238d23e064fe478cae18ad886795e1dbdea38e15b

Download Submit
C:\Windows\System32\BqkBMRy.exe

Filesize
2.9MB

MD5
63a9fa7b6d334a6571d4398d14e1e961

SHA1
d57a392f0e959e03e6470c20922160de61797e8a

SHA256
b91971e43cffb4420cbfbdf0af167bb033fcd1769c17315e5789de93597cfc83

SHA512
907b9f90ae91e74e81f876aefc9666d1a66c3b132a3e7c3e60d3e4c8a199e12aad1638cc647e262d342ec0f238d23e064fe478cae18ad886795e1dbdea38e15b

Download Submit
C:\Windows\System32\GDlNWuY.exe

Filesize
2.9MB

MD5
ba50b0202cb2a631557da90b6ae56c69

SHA1
69eef3a879eaa29746ec0c66b8f6e3a8dfeda852

SHA256
d383d235fa7df8bda736a7c504e078bfacd8f36dde4b0e583720288186c8034f

SHA512
d99d7dedf040f80866d54f79caed867c34b20d842e91a0b5106c29b33c415c565ce45df2c9353e1a42d7c26c9874afe4a88e9def3b31718ddad177b032d47fac

Download Submit
C:\Windows\System32\GDlNWuY.exe

Filesize
2.9MB

MD5
ba50b0202cb2a631557da90b6ae56c69

SHA1
69eef3a879eaa29746ec0c66b8f6e3a8dfeda852

SHA256
d383d235fa7df8bda736a7c504e078bfacd8f36dde4b0e583720288186c8034f

SHA512
d99d7dedf040f80866d54f79caed867c34b20d842e91a0b5106c29b33c415c565ce45df2c9353e1a42d7c26c9874afe4a88e9def3b31718ddad177b032d47fac

Download Submit
C:\Windows\System32\GNQdOkr.exe

Filesize
2.9MB

MD5
36f882d80d34e302fca26b5b9dba52d4

SHA1
603e4c2308d76ae17b8412bc72e710cbaad6062b

SHA256
e7936eebeb97f5ca4b16abb47bec5c5c751ef0f880a25f75fdb0d6f67b74a556

SHA512
21310072c435c36fe2b618d8a88ee4af38393a55936190b8bdebe6a5dfe1dc0d5a8d1fbaced37f4ea4f1565f28688c46e62dad23d2d66b9ff9c29510bb7d32f7

Download Submit
C:\Windows\System32\GNQdOkr.exe

Filesize
2.9MB

MD5
36f882d80d34e302fca26b5b9dba52d4

SHA1
603e4c2308d76ae17b8412bc72e710cbaad6062b

SHA256
e7936eebeb97f5ca4b16abb47bec5c5c751ef0f880a25f75fdb0d6f67b74a556

SHA512
21310072c435c36fe2b618d8a88ee4af38393a55936190b8bdebe6a5dfe1dc0d5a8d1fbaced37f4ea4f1565f28688c46e62dad23d2d66b9ff9c29510bb7d32f7

Download Submit
C:\Windows\System32\HJJWtKq.exe

Filesize
2.9MB

MD5
c668dfc2c0264f7792a9aa0c88b89527

SHA1
618ef5bd25097aec6196c39c2ab2e9528ec5e81f

SHA256
e2a745ff2e261e9b977aebc3c54dd35c5bf6f715f56c43850fc3389e7a0f9095

SHA512
7dcfd2a501a814f4cc562295b7df5cc9fa81100b4107f5065cb5b931d4e0db1a8f3a8799f64c7d2eb4ac742d0ff9e607f36e15509fdc6177bca7ccb98b11af08

Download Submit
C:\Windows\System32\HJJWtKq.exe

Filesize
2.9MB

MD5
c668dfc2c0264f7792a9aa0c88b89527

SHA1
618ef5bd25097aec6196c39c2ab2e9528ec5e81f

SHA256
e2a745ff2e261e9b977aebc3c54dd35c5bf6f715f56c43850fc3389e7a0f9095

SHA512
7dcfd2a501a814f4cc562295b7df5cc9fa81100b4107f5065cb5b931d4e0db1a8f3a8799f64c7d2eb4ac742d0ff9e607f36e15509fdc6177bca7ccb98b11af08

Download Submit
C:\Windows\System32\JFLJoeE.exe

Filesize
2.9MB

MD5
a95e66fd6f7b5dfd199427e3d8340af3

SHA1
7974dfc633fc0ff86dcbad7c6547f8c444f1f2fa

SHA256
8eed917ff84e419875aff8ec417ca632b64b86b938c8a7099f664246ca77debf

SHA512
77a191d54f778700c0f642989a42edb1ca28807bc2c7fb22b0dc78dfd20d7cf9e7bca4015734bb2f95ee29a2e8f9ac0075c07699a673127eb8ddc58bfcda37d6

Download Submit
C:\Windows\System32\JFLJoeE.exe

Filesize
2.9MB

MD5
a95e66fd6f7b5dfd199427e3d8340af3

SHA1
7974dfc633fc0ff86dcbad7c6547f8c444f1f2fa

SHA256
8eed917ff84e419875aff8ec417ca632b64b86b938c8a7099f664246ca77debf

SHA512
77a191d54f778700c0f642989a42edb1ca28807bc2c7fb22b0dc78dfd20d7cf9e7bca4015734bb2f95ee29a2e8f9ac0075c07699a673127eb8ddc58bfcda37d6

Download Submit
C:\Windows\System32\OjLYAYD.exe

Filesize
2.9MB

MD5
27ba36f1a51fc6448cddc397b3da094c

SHA1
cf004db9e4ed8ad331d883e3d7e89d424a37e90e

SHA256
1b6066e0e089f5aa96ce8242a69e205ee526a4b6095c5156048d57e8baf60a69

SHA512
84e675c1b86650635bed31ee5969cf7abef1fe1232d88f1e2fe056735046fffdf6776af257a6943a42127a68206ca8a6425820d51fdb2a8a317c5c6ad29d3bf5

Download Submit
C:\Windows\System32\OjLYAYD.exe

Filesize
2.9MB

MD5
27ba36f1a51fc6448cddc397b3da094c

SHA1
cf004db9e4ed8ad331d883e3d7e89d424a37e90e

SHA256
1b6066e0e089f5aa96ce8242a69e205ee526a4b6095c5156048d57e8baf60a69

SHA512
84e675c1b86650635bed31ee5969cf7abef1fe1232d88f1e2fe056735046fffdf6776af257a6943a42127a68206ca8a6425820d51fdb2a8a317c5c6ad29d3bf5

Download Submit
C:\Windows\System32\PpSfTMe.exe

Filesize
2.9MB

MD5
342136a94ad00b26b12988e1f71db1c1

SHA1
6e3ccbabf63fe34ea4610558e655141e53d3d1e6

SHA256
04138071f033b722f0e0d99bb135ffd993d54292c9fe4a69053b007d142d92b1

SHA512
4bfaf21a7336d3ba04098f041ac3f5e1510e153d0dd529bd0332fca8fc26e9ca442acb34cb66d5190e1f35fd80a911f08566d55beb4c9eef75cdd9927e1e2230

Download Submit
C:\Windows\System32\PpSfTMe.exe

Filesize
2.9MB

MD5
342136a94ad00b26b12988e1f71db1c1

SHA1
6e3ccbabf63fe34ea4610558e655141e53d3d1e6

SHA256
04138071f033b722f0e0d99bb135ffd993d54292c9fe4a69053b007d142d92b1

SHA512
4bfaf21a7336d3ba04098f041ac3f5e1510e153d0dd529bd0332fca8fc26e9ca442acb34cb66d5190e1f35fd80a911f08566d55beb4c9eef75cdd9927e1e2230

Download Submit
C:\Windows\System32\QyKgzGs.exe

Filesize
2.9MB

MD5
206160918d27ff7fa40d6ead5c3cb793

SHA1
cc92076432e3977b650cd4b42236bf47e94401b5

SHA256
878726d7f293f51cd9d4d6af9ed66cb9280b45e11181d82be30fa7b4176ff5b9

SHA512
c76ceefcdf6c6626073d85f3bdd8d88c0a1c935d4e1800185d2b9d4f6fbe26904d148f84ba19d53215be3aaff3e6739c9894920669cddc997517bfc1a21e246e

Download Submit
C:\Windows\System32\QyKgzGs.exe

Filesize
2.9MB

MD5
206160918d27ff7fa40d6ead5c3cb793

SHA1
cc92076432e3977b650cd4b42236bf47e94401b5

SHA256
878726d7f293f51cd9d4d6af9ed66cb9280b45e11181d82be30fa7b4176ff5b9

SHA512
c76ceefcdf6c6626073d85f3bdd8d88c0a1c935d4e1800185d2b9d4f6fbe26904d148f84ba19d53215be3aaff3e6739c9894920669cddc997517bfc1a21e246e

Download Submit
C:\Windows\System32\RFbEWRb.exe

Filesize
2.9MB

MD5
4522a2cb7a921c27eed82685322aa9f4

SHA1
173f4f95a7edde09713333e09bb215b8119b3f19

SHA256
3be69f6c95027f4914073654ec63ea2227e090bab16fb975c91ce93dc95769a5

SHA512
4b3842e71d627f70cb96268e44e7dcea1ad30e241cb41c050adb06c868715b438d0084f8e6898b1fb5b14893d344b44b4f6a1784ec074020b61e691d67cc0ce6

Download Submit
C:\Windows\System32\RFbEWRb.exe

Filesize
2.9MB

MD5
4522a2cb7a921c27eed82685322aa9f4

SHA1
173f4f95a7edde09713333e09bb215b8119b3f19

SHA256
3be69f6c95027f4914073654ec63ea2227e090bab16fb975c91ce93dc95769a5

SHA512
4b3842e71d627f70cb96268e44e7dcea1ad30e241cb41c050adb06c868715b438d0084f8e6898b1fb5b14893d344b44b4f6a1784ec074020b61e691d67cc0ce6

Download Submit
C:\Windows\System32\RXfRkCk.exe

Filesize
2.9MB

MD5
880a9b84336491a6b5009294ce519a71

SHA1
8e0555a0dc69563821dc7eb8084d31653bd53a4e

SHA256
e2dd168c4a6ce4afe2be1b0ffd06e1e3bbd9bdda7f4672930681587fa5e9db42

SHA512
a4b6c20ef589138dbd499cdc1c5b95819b836ea71ee78424b36a09d4762b4e460bf4df43ffd6e5033557bba7ac7ef01514546e4bafdcc2804ec339786dd12292

Download Submit
C:\Windows\System32\RXfRkCk.exe

Filesize
2.9MB

MD5
880a9b84336491a6b5009294ce519a71

SHA1
8e0555a0dc69563821dc7eb8084d31653bd53a4e

SHA256
e2dd168c4a6ce4afe2be1b0ffd06e1e3bbd9bdda7f4672930681587fa5e9db42

SHA512
a4b6c20ef589138dbd499cdc1c5b95819b836ea71ee78424b36a09d4762b4e460bf4df43ffd6e5033557bba7ac7ef01514546e4bafdcc2804ec339786dd12292

Download Submit
C:\Windows\System32\RfTDnPE.exe

Filesize
2.9MB

MD5
205d7032015a55c1bb1a2bc0d9c9edae

SHA1
a607e13aabc1af752fd5c041e709eb8ff5a35829

SHA256
591e6706e922fd7010625080fe2eb3d18a6532b778c3b1b36effc5cab9bf2e93

SHA512
f7bace3ba36174fa69f41bf516efabd1260c144fa0a1b3626d4e86ab27eda31fa5b2acbf4d38654a30a395df7876a379134a84c24860207a20d1c5194e1b91be

Download Submit
C:\Windows\System32\RfTDnPE.exe

Filesize
2.9MB

MD5
205d7032015a55c1bb1a2bc0d9c9edae

SHA1
a607e13aabc1af752fd5c041e709eb8ff5a35829

SHA256
591e6706e922fd7010625080fe2eb3d18a6532b778c3b1b36effc5cab9bf2e93

SHA512
f7bace3ba36174fa69f41bf516efabd1260c144fa0a1b3626d4e86ab27eda31fa5b2acbf4d38654a30a395df7876a379134a84c24860207a20d1c5194e1b91be

Download Submit
C:\Windows\System32\TIznBLH.exe

Filesize
2.9MB

MD5
498122eda6474e58c6b57c9677aaff9a

SHA1
c693664ef628b3124251e4f696c6844b451babcd

SHA256
da29f999a2c745afc623282950f36696a1aa96b910d9b8f6e937dbf709a6a99b

SHA512
77b8e7a69d7b802d4cbb0b3bde85dccdf6d9194c8836dc0c98657d31757125e3a45f06443a6e184935a3669d60a68474280c503177583da7df6525958663ff87

Download Submit
C:\Windows\System32\TIznBLH.exe

Filesize
2.9MB

MD5
498122eda6474e58c6b57c9677aaff9a

SHA1
c693664ef628b3124251e4f696c6844b451babcd

SHA256
da29f999a2c745afc623282950f36696a1aa96b910d9b8f6e937dbf709a6a99b

SHA512
77b8e7a69d7b802d4cbb0b3bde85dccdf6d9194c8836dc0c98657d31757125e3a45f06443a6e184935a3669d60a68474280c503177583da7df6525958663ff87

Download Submit
C:\Windows\System32\TLVghRh.exe

Filesize
2.9MB

MD5
4079a001331cbe9f3a149207a7171adb

SHA1
42ba1a5aee8b50e20f235c2abac68dcdb00aaa5c

SHA256
4ba4ac0b487081de3de58a6530bef0ec8eb2fabc855a30df31e0a1bc53cdcc0d

SHA512
71d1be8bc0d578051927600d834c2f4157ae21c649a68498327929ba6f78230dd04a7d2664c6ed7079ef4f601269ecc6334a93136d4001133597bf59354931bb

Download Submit
C:\Windows\System32\TLVghRh.exe

Filesize
2.9MB

MD5
4079a001331cbe9f3a149207a7171adb

SHA1
42ba1a5aee8b50e20f235c2abac68dcdb00aaa5c

SHA256
4ba4ac0b487081de3de58a6530bef0ec8eb2fabc855a30df31e0a1bc53cdcc0d

SHA512
71d1be8bc0d578051927600d834c2f4157ae21c649a68498327929ba6f78230dd04a7d2664c6ed7079ef4f601269ecc6334a93136d4001133597bf59354931bb

Download Submit
C:\Windows\System32\UdoRDen.exe

Filesize
2.9MB

MD5
375df35ee6a8a8c54141145e6f34a308

SHA1
ae7ffa2a4d2b21dac04cde0901c55f03d385d8fb

SHA256
f0658a7a9863c2ac6b825c5f48a7bcb970cfaece983863d5ac66029abf9cc710

SHA512
26c4d9f67596ef3432ba5db9a2633568f7ea00b3efb77259b4f2916117464ff76e5b295523a1010d7c98425e172874a65ceb02d12eace923ce897b9b813a81a6

Download Submit
C:\Windows\System32\UdoRDen.exe

Filesize
2.9MB

MD5
375df35ee6a8a8c54141145e6f34a308

SHA1
ae7ffa2a4d2b21dac04cde0901c55f03d385d8fb

SHA256
f0658a7a9863c2ac6b825c5f48a7bcb970cfaece983863d5ac66029abf9cc710

SHA512
26c4d9f67596ef3432ba5db9a2633568f7ea00b3efb77259b4f2916117464ff76e5b295523a1010d7c98425e172874a65ceb02d12eace923ce897b9b813a81a6

Download Submit
C:\Windows\System32\UuQBlcK.exe

Filesize
2.9MB

MD5
455923c73a2d111e3f331fa89d700a58

SHA1
3a008242185745b0b9c83eb4537974dd410d3e96

SHA256
144681efa095f2d8aca74c5b88e26fbc6f5621c5d71dcccdc530edfdb7451da0

SHA512
1033230a33e1e973fd4d976b90d56bf977839c24c84afe26749c77e37e2facd33a6f7cc861a434f2f7d597d804b08387a43a8544eb85e8c8b001550bad6b4ee1

Download Submit
C:\Windows\System32\UuQBlcK.exe

Filesize
2.9MB

MD5
455923c73a2d111e3f331fa89d700a58

SHA1
3a008242185745b0b9c83eb4537974dd410d3e96

SHA256
144681efa095f2d8aca74c5b88e26fbc6f5621c5d71dcccdc530edfdb7451da0

SHA512
1033230a33e1e973fd4d976b90d56bf977839c24c84afe26749c77e37e2facd33a6f7cc861a434f2f7d597d804b08387a43a8544eb85e8c8b001550bad6b4ee1

Download Submit
C:\Windows\System32\VpfaLJy.exe

Filesize
2.9MB

MD5
0a7cf69baa280404f586c6f910687ab0

SHA1
c412c663985ea3b8f9e1f94bcd03e54697d9ebd0

SHA256
2b9eb5fe48ba88acde6b603164e37fdc71d160209f7706bd5b40888978c3c52e

SHA512
ea7ed0be274cdc16727a3d76b1ea0065cac17b6da82a09419b74d1e65b0105f63f0375a50eceb440867c2884d5d73d12b6e73657801f22d08c928b66d4ba08e8

Download Submit
C:\Windows\System32\VpfaLJy.exe

Filesize
2.9MB

MD5
0a7cf69baa280404f586c6f910687ab0

SHA1
c412c663985ea3b8f9e1f94bcd03e54697d9ebd0

SHA256
2b9eb5fe48ba88acde6b603164e37fdc71d160209f7706bd5b40888978c3c52e

SHA512
ea7ed0be274cdc16727a3d76b1ea0065cac17b6da82a09419b74d1e65b0105f63f0375a50eceb440867c2884d5d73d12b6e73657801f22d08c928b66d4ba08e8

Download Submit
C:\Windows\System32\YCPQKud.exe

Filesize
2.9MB

MD5
bb4fcd473aba827455a2740785f5b2fd

SHA1
cfacca2fb83ed85d31ddd44ddf5b6411e102e5bc

SHA256
eba01b4b9a5b8899f6fea7b2b6e7b85250040282ab3362b9b2616b9d876cee3a

SHA512
11e26bf163147177ba30782f6b0d02410c6b8a272785070bcd597beda3ae3ac406c43be8cb9bed5e6c91614a9e798cb2a9b77dfc1607fcabe5b5dd30d8ad5821

Download Submit
C:\Windows\System32\YCPQKud.exe

Filesize
2.9MB

MD5
bb4fcd473aba827455a2740785f5b2fd

SHA1
cfacca2fb83ed85d31ddd44ddf5b6411e102e5bc

SHA256
eba01b4b9a5b8899f6fea7b2b6e7b85250040282ab3362b9b2616b9d876cee3a

SHA512
11e26bf163147177ba30782f6b0d02410c6b8a272785070bcd597beda3ae3ac406c43be8cb9bed5e6c91614a9e798cb2a9b77dfc1607fcabe5b5dd30d8ad5821

Download Submit
C:\Windows\System32\YosdVwO.exe

Filesize
2.9MB

MD5
670998e42b73c85b7b26bf5dd09df32c

SHA1
5f5de8d81184353dd9c189f727fdf7433cd22729

SHA256
e1d56c4beb2706e04671738f373254198abe6bc85d4c4b6064f7b34fa1dbfe91

SHA512
030a8cf320335005f036d3e8701c0460e1a515b7cb57b230ffd4b2869efa1c77e34b282840ef77de28fe98132a9d61a5e7ccdaad93854c5c57ab2ff9eab40bfd

Download Submit
C:\Windows\System32\YosdVwO.exe

Filesize
2.9MB

MD5
670998e42b73c85b7b26bf5dd09df32c

SHA1
5f5de8d81184353dd9c189f727fdf7433cd22729

SHA256
e1d56c4beb2706e04671738f373254198abe6bc85d4c4b6064f7b34fa1dbfe91

SHA512
030a8cf320335005f036d3e8701c0460e1a515b7cb57b230ffd4b2869efa1c77e34b282840ef77de28fe98132a9d61a5e7ccdaad93854c5c57ab2ff9eab40bfd

Download Submit
C:\Windows\System32\asktNIS.exe

Filesize
2.9MB

MD5
5c1f39159ca8f3d02f87a1cd64bba812

SHA1
0aa8ed34da45d559e9971da0e269c18531e6f70b

SHA256
4ed44ce06c2bbb80ce0bd682af415941043056225a95682870345fe6b60615f1

SHA512
6b08256330e0d866398062254952420c71f968c09f829049709cf4f2a5e9e3026fe9449cc56dff17f803f4a638c05ba77f4cd6d1d7980e7745668cbfcea9a3fd

Download Submit
C:\Windows\System32\asktNIS.exe

Filesize
2.9MB

MD5
5c1f39159ca8f3d02f87a1cd64bba812

SHA1
0aa8ed34da45d559e9971da0e269c18531e6f70b

SHA256
4ed44ce06c2bbb80ce0bd682af415941043056225a95682870345fe6b60615f1

SHA512
6b08256330e0d866398062254952420c71f968c09f829049709cf4f2a5e9e3026fe9449cc56dff17f803f4a638c05ba77f4cd6d1d7980e7745668cbfcea9a3fd

Download Submit
C:\Windows\System32\bxjfsVP.exe

Filesize
2.9MB

MD5
4c79eeb91a84da6371bfcc86afceadf4

SHA1
03df316b9776aec06bc11b484eb71cf9298448c6

SHA256
11f186b6da949b663bdb2edaf05ad6e6f7495b087d0a5884cb99037c2e425152

SHA512
e79689ef3769a8b574ad7d0a91813bd8ca408fd7dd8b1da09ca098430e1994ad5d4dc88da38011089e3fb2f1a9ecd3a0f27721df960300975c54c54eecbc563d

Download Submit
C:\Windows\System32\bxjfsVP.exe

Filesize
2.9MB

MD5
4c79eeb91a84da6371bfcc86afceadf4

SHA1
03df316b9776aec06bc11b484eb71cf9298448c6

SHA256
11f186b6da949b663bdb2edaf05ad6e6f7495b087d0a5884cb99037c2e425152

SHA512
e79689ef3769a8b574ad7d0a91813bd8ca408fd7dd8b1da09ca098430e1994ad5d4dc88da38011089e3fb2f1a9ecd3a0f27721df960300975c54c54eecbc563d

Download Submit
C:\Windows\System32\eUsuqkJ.exe

Filesize
2.9MB

MD5
b7b1d5b114abcee43745000e10814abb

SHA1
431c5d3cf703babac8109695dac7272a2ed5b68a

SHA256
be61b12977b9ec8a323bb844eef72b9a586c2a11b575b312d81f268847e27538

SHA512
9fd9e9f18887bc463cc1a92d142d09d22ee13715aa8ca1b169d9dcff7864377bece7802503b3c8b71d9ce5bd6f555b9b117487ec37bb84bfb72183c790511ba8

Download Submit
C:\Windows\System32\eUsuqkJ.exe

Filesize
2.9MB

MD5
b7b1d5b114abcee43745000e10814abb

SHA1
431c5d3cf703babac8109695dac7272a2ed5b68a

SHA256
be61b12977b9ec8a323bb844eef72b9a586c2a11b575b312d81f268847e27538

SHA512
9fd9e9f18887bc463cc1a92d142d09d22ee13715aa8ca1b169d9dcff7864377bece7802503b3c8b71d9ce5bd6f555b9b117487ec37bb84bfb72183c790511ba8

Download Submit
C:\Windows\System32\eszeEzz.exe

Filesize
2.9MB

MD5
2424067f1e3600f7572572768efaad6c

SHA1
b1744a48779b70ca9cab4057cdbf15be149e36d1

SHA256
1126f1b68bb8e845606d06da909ab855c6af21077bf0a37b65c0b9b038ccd18f

SHA512
21b6ccdfbbda6f1a5f67e2e2c14b1ed434f02244220202fc0dddb85dec14d2e502c8c8611a74a6174e42d89b2eac6e48bf1640470a312ff968f20e7cbc78b026

Download Submit
C:\Windows\System32\eszeEzz.exe

Filesize
2.9MB

MD5
2424067f1e3600f7572572768efaad6c

SHA1
b1744a48779b70ca9cab4057cdbf15be149e36d1

SHA256
1126f1b68bb8e845606d06da909ab855c6af21077bf0a37b65c0b9b038ccd18f

SHA512
21b6ccdfbbda6f1a5f67e2e2c14b1ed434f02244220202fc0dddb85dec14d2e502c8c8611a74a6174e42d89b2eac6e48bf1640470a312ff968f20e7cbc78b026

Download Submit
C:\Windows\System32\hMDkVie.exe

Filesize
2.9MB

MD5
f850228e2d468069579f61753a722497

SHA1
ae788c12ad410eb9c28f81002d2945a9944c856c

SHA256
d4cf9e2e0ad0bef14348ebd9d21a98213034bf583af17426dcaf85f03a8a6dc0

SHA512
7d4d9f8a5bfb8d18efa14e974bb13b35264320ef420af2a90579f6ca351dc4d9cfe139dcc86387fe0873e6264a677da63c99749879cb1c1d367ad77ab56e3f6f

Download Submit
C:\Windows\System32\hMDkVie.exe

Filesize
2.9MB

MD5
f850228e2d468069579f61753a722497

SHA1
ae788c12ad410eb9c28f81002d2945a9944c856c

SHA256
d4cf9e2e0ad0bef14348ebd9d21a98213034bf583af17426dcaf85f03a8a6dc0

SHA512
7d4d9f8a5bfb8d18efa14e974bb13b35264320ef420af2a90579f6ca351dc4d9cfe139dcc86387fe0873e6264a677da63c99749879cb1c1d367ad77ab56e3f6f

Download Submit
C:\Windows\System32\jZBZXhO.exe

Filesize
2.9MB

MD5
2897df67964655cf50c0ce007e987f1d

SHA1
062a77f2440ee795a437fea76a848157f6642521

SHA256
8847cea12cf675f6a4a49380349086ab1c05ebc6fe279fd22766e0dfd85c2346

SHA512
350ce5782b044761a43bb632e660bf68bff3881df93e65eb3d4a0eda1fbbb04d783bdb56aba3b1ac31176fccd515ee1b8e6d72a8eeb6c41bddf7dcb321dc793a

Download Submit
C:\Windows\System32\jZBZXhO.exe

Filesize
2.9MB

MD5
2897df67964655cf50c0ce007e987f1d

SHA1
062a77f2440ee795a437fea76a848157f6642521

SHA256
8847cea12cf675f6a4a49380349086ab1c05ebc6fe279fd22766e0dfd85c2346

SHA512
350ce5782b044761a43bb632e660bf68bff3881df93e65eb3d4a0eda1fbbb04d783bdb56aba3b1ac31176fccd515ee1b8e6d72a8eeb6c41bddf7dcb321dc793a

Download Submit
C:\Windows\System32\lIvZmxY.exe

Filesize
2.9MB

MD5
1fe297d2c9689997ee0c3cc92757c84a

SHA1
b27243792a883a4abc605ce0f58698d210054ae7

SHA256
16b9eed1fe38d6d4293376dbede698cfd740646189e6b925273fdda2578ad989

SHA512
6031a6c035845cd108d6dc4257cbee1dde9f5cedc82cc9f847790e8a4fae8faeb19d1d95c36c997833bdedab67d36f3643e7b96669595fc292b4cf4b8f4e6d7c

Download Submit
C:\Windows\System32\lIvZmxY.exe

Filesize
2.9MB

MD5
1fe297d2c9689997ee0c3cc92757c84a

SHA1
b27243792a883a4abc605ce0f58698d210054ae7

SHA256
16b9eed1fe38d6d4293376dbede698cfd740646189e6b925273fdda2578ad989

SHA512
6031a6c035845cd108d6dc4257cbee1dde9f5cedc82cc9f847790e8a4fae8faeb19d1d95c36c997833bdedab67d36f3643e7b96669595fc292b4cf4b8f4e6d7c

Download Submit
C:\Windows\System32\pNCDytR.exe

Filesize
2.9MB

MD5
df6eef13c08051a7a71ec1e68bdd3f69

SHA1
cdeaaf5d895f17deb4b1462ff629ce3ba1a2b03e

SHA256
1f9d2fb785f88a0f2c06096e6f3268e75a91547bc8a9e0ded67627866fd6cf8c

SHA512
28f093734d455618d4d6785fa6a624dd0b87241035e12033ef9a917b11d3e795efc84c521b2c1d18a5794b387a54759dbd444c8fb5e36260355512f980ab0825

Download Submit
C:\Windows\System32\pNCDytR.exe

Filesize
2.9MB

MD5
df6eef13c08051a7a71ec1e68bdd3f69

SHA1
cdeaaf5d895f17deb4b1462ff629ce3ba1a2b03e

SHA256
1f9d2fb785f88a0f2c06096e6f3268e75a91547bc8a9e0ded67627866fd6cf8c

SHA512
28f093734d455618d4d6785fa6a624dd0b87241035e12033ef9a917b11d3e795efc84c521b2c1d18a5794b387a54759dbd444c8fb5e36260355512f980ab0825

Download Submit
C:\Windows\System32\sDoBmpn.exe

Filesize
2.9MB

MD5
a0f6aaa2d7f5490950be21859161aec6

SHA1
0408671045780db90487aeaaec711a9befdb0460

SHA256
e662a31ef2f80f8407b6a63e03b3075965bb94c348a7f19f18be0c96e909a4ad

SHA512
d3d2ff801cb9b9cd0a37084dc02fb8194012721602e83227899f880e98732a06d587269c12c2cef8def8002529ca1813d51aae5d4ab8ab64c270b128875647ef

Download Submit
C:\Windows\System32\sDoBmpn.exe

Filesize
2.9MB

MD5
a0f6aaa2d7f5490950be21859161aec6

SHA1
0408671045780db90487aeaaec711a9befdb0460

SHA256
e662a31ef2f80f8407b6a63e03b3075965bb94c348a7f19f18be0c96e909a4ad

SHA512
d3d2ff801cb9b9cd0a37084dc02fb8194012721602e83227899f880e98732a06d587269c12c2cef8def8002529ca1813d51aae5d4ab8ab64c270b128875647ef

Download Submit
C:\Windows\System32\smaGFkC.exe

Filesize
2.9MB

MD5
0089421552a00d014b556c5e3655dd53

SHA1
c8c22eb9e6f82ce45286e8642b0306bdcdcbfb78

SHA256
efb2bbaf483593f43fec1b3991b3ba05408769375938eb575d1b31a6677b5559

SHA512
3631c566fccbce54608ace1ddb67c0428081d21362a63bdddf965fe4a909e742fb1186549df4052447de0346bafdce7249599489a0577f534a55b4a2f1d7329a

Download Submit
C:\Windows\System32\smaGFkC.exe

Filesize
2.9MB

MD5
0089421552a00d014b556c5e3655dd53

SHA1
c8c22eb9e6f82ce45286e8642b0306bdcdcbfb78

SHA256
efb2bbaf483593f43fec1b3991b3ba05408769375938eb575d1b31a6677b5559

SHA512
3631c566fccbce54608ace1ddb67c0428081d21362a63bdddf965fe4a909e742fb1186549df4052447de0346bafdce7249599489a0577f534a55b4a2f1d7329a

Download Submit
C:\Windows\System32\vALFvcz.exe

Filesize
2.9MB

MD5
b8326b455518b9f138c3aa1abb621843

SHA1
b747b5a1267340a502b1f4e048ac8858ba575870

SHA256
2e98e0d25cb3d0f9c2729e439665413a5b5ccc0dc1a00cc7eaec58c048718a72

SHA512
9fa13d07c48384ea0df21b6ead8c805417e4eca6643878bd65f12a43de63d8f7fa4d8f3b89d4049c9f8bf559c002a0133ce2681f0b0b2ae512baf090e8f55623

Download Submit
C:\Windows\System32\vALFvcz.exe

Filesize
2.9MB

MD5
b8326b455518b9f138c3aa1abb621843

SHA1
b747b5a1267340a502b1f4e048ac8858ba575870

SHA256
2e98e0d25cb3d0f9c2729e439665413a5b5ccc0dc1a00cc7eaec58c048718a72

SHA512
9fa13d07c48384ea0df21b6ead8c805417e4eca6643878bd65f12a43de63d8f7fa4d8f3b89d4049c9f8bf559c002a0133ce2681f0b0b2ae512baf090e8f55623

Download Submit
C:\Windows\System32\xXYQBsn.exe

Filesize
2.9MB

MD5
72f4cbd0547dc316582068c1fbc37f66

SHA1
69f954064dbb2aee1eade6c532099fad7d07ad47

SHA256
90e279a10b0586725f869e7d1bf05b27520e87e6a9939decd8b50009f63d3d89

SHA512
670e11615e15d763c7e105f8d9196affa1a0408aec939c9d5e33a6f789cf5baa7d2552a03f85a619e52b3e781b2b695a592232246b7ad0fcfcaefd8e0d169b5a

Download Submit
C:\Windows\System32\xXYQBsn.exe

Filesize
2.9MB

MD5
72f4cbd0547dc316582068c1fbc37f66

SHA1
69f954064dbb2aee1eade6c532099fad7d07ad47

SHA256
90e279a10b0586725f869e7d1bf05b27520e87e6a9939decd8b50009f63d3d89

SHA512
670e11615e15d763c7e105f8d9196affa1a0408aec939c9d5e33a6f789cf5baa7d2552a03f85a619e52b3e781b2b695a592232246b7ad0fcfcaefd8e0d169b5a

Download Submit
C:\Windows\System32\zJFndOj.exe

Filesize
2.9MB

MD5
337f504da8cf9f1296ffa962a7023db8

SHA1
bfbb869493fb91a718c74f79566d2e563c220e56

SHA256
e2d6c99361c0de11a1dacf7c6fcbe2ceb1bc471491574ed5955a92eb7c38cd3a

SHA512
763866e791799dadd4d7b726860c3161407964f3f63d12ceed6536d8020b0d7fcb25b776638c024f113ddde3eb9c357d3616a278a2c5103c3fbd044677cd1d95

Download Submit
C:\Windows\System32\zJFndOj.exe

Filesize
2.9MB

MD5
337f504da8cf9f1296ffa962a7023db8

SHA1
bfbb869493fb91a718c74f79566d2e563c220e56

SHA256
e2d6c99361c0de11a1dacf7c6fcbe2ceb1bc471491574ed5955a92eb7c38cd3a

SHA512
763866e791799dadd4d7b726860c3161407964f3f63d12ceed6536d8020b0d7fcb25b776638c024f113ddde3eb9c357d3616a278a2c5103c3fbd044677cd1d95

Download Submit
C:\Windows\System32\zJFndOj.exe

Filesize
2.9MB

MD5
337f504da8cf9f1296ffa962a7023db8

SHA1
bfbb869493fb91a718c74f79566d2e563c220e56

SHA256
e2d6c99361c0de11a1dacf7c6fcbe2ceb1bc471491574ed5955a92eb7c38cd3a

SHA512
763866e791799dadd4d7b726860c3161407964f3f63d12ceed6536d8020b0d7fcb25b776638c024f113ddde3eb9c357d3616a278a2c5103c3fbd044677cd1d95

Download Submit
memory/112-193-0x00007FF645500000-0x00007FF6458F5000-memory.dmp

Filesize
4.0MB

Download
memory/208-176-0x00007FF6245D0000-0x00007FF6249C5000-memory.dmp

Filesize
4.0MB

Download
memory/388-385-0x00007FF772CC0000-0x00007FF7730B5000-memory.dmp

Filesize
4.0MB

Download
memory/404-50-0x00007FF694F20000-0x00007FF695315000-memory.dmp

Filesize
4.0MB

Download
memory/416-146-0x00007FF796370000-0x00007FF796765000-memory.dmp

Filesize
4.0MB

Download
memory/612-160-0x00007FF638D30000-0x00007FF639125000-memory.dmp

Filesize
4.0MB

Download
memory/644-215-0x00007FF7C3300000-0x00007FF7C36F5000-memory.dmp

Filesize
4.0MB

Download
memory/856-182-0x00007FF793730000-0x00007FF793B25000-memory.dmp

Filesize
4.0MB

Download
memory/856-74-0x00007FF793730000-0x00007FF793B25000-memory.dmp

Filesize
4.0MB

Download
memory/960-413-0x00007FF60B940000-0x00007FF60BD35000-memory.dmp

Filesize
4.0MB

Download
memory/1188-115-0x00007FF739D50000-0x00007FF73A145000-memory.dmp

Filesize
4.0MB

Download
memory/1368-414-0x00007FF7000A0000-0x00007FF700495000-memory.dmp

Filesize
4.0MB

Download
memory/1456-219-0x00007FF75C4D0000-0x00007FF75C8C5000-memory.dmp

Filesize
4.0MB

Download
memory/1504-393-0x00007FF7A70A0000-0x00007FF7A7495000-memory.dmp

Filesize
4.0MB

Download
memory/1512-383-0x00007FF775DC0000-0x00007FF7761B5000-memory.dmp

Filesize
4.0MB

Download
memory/1528-14-0x00007FF66AFC0000-0x00007FF66B3B5000-memory.dmp

Filesize
4.0MB

Download
memory/1528-68-0x00007FF66AFC0000-0x00007FF66B3B5000-memory.dmp

Filesize
4.0MB

Download
memory/1624-63-0x00007FF69BBD0000-0x00007FF69BFC5000-memory.dmp

Filesize
4.0MB

Download
memory/1788-84-0x00007FF7BBD50000-0x00007FF7BC145000-memory.dmp

Filesize
4.0MB

Download
memory/1788-195-0x00007FF7BBD50000-0x00007FF7BC145000-memory.dmp

Filesize
4.0MB

Download
memory/1800-185-0x00007FF6578B0000-0x00007FF657CA5000-memory.dmp

Filesize
4.0MB

Download
memory/2028-101-0x00007FF65F530000-0x00007FF65F925000-memory.dmp

Filesize
4.0MB

Download
memory/2280-205-0x00007FF605C00000-0x00007FF605FF5000-memory.dmp

Filesize
4.0MB

Download
memory/2348-27-0x00007FF7D9050000-0x00007FF7D9445000-memory.dmp

Filesize
4.0MB

Download
memory/2348-95-0x00007FF7D9050000-0x00007FF7D9445000-memory.dmp

Filesize
4.0MB

Download
memory/2412-171-0x00007FF72B2D0000-0x00007FF72B6C5000-memory.dmp

Filesize
4.0MB

Download
memory/2520-207-0x00007FF726630000-0x00007FF726A25000-memory.dmp

Filesize
4.0MB

Download
memory/2788-411-0x00007FF6D9CE0000-0x00007FF6DA0D5000-memory.dmp

Filesize
4.0MB

Download
memory/2936-381-0x00007FF72D7D0000-0x00007FF72DBC5000-memory.dmp

Filesize
4.0MB

Download
memory/2940-402-0x00007FF710900000-0x00007FF710CF5000-memory.dmp

Filesize
4.0MB

Download
memory/2948-405-0x00007FF7875B0000-0x00007FF7879A5000-memory.dmp

Filesize
4.0MB

Download
memory/3248-384-0x00007FF73DD70000-0x00007FF73E165000-memory.dmp

Filesize
4.0MB

Download
memory/3292-105-0x00007FF70F440000-0x00007FF70F835000-memory.dmp

Filesize
4.0MB

Download
memory/3320-401-0x00007FF6EA430000-0x00007FF6EA825000-memory.dmp

Filesize
4.0MB

Download
memory/3360-131-0x00007FF7FAE20000-0x00007FF7FB215000-memory.dmp

Filesize
4.0MB

Download
memory/3412-157-0x00007FF615C70000-0x00007FF616065000-memory.dmp

Filesize
4.0MB

Download
memory/3528-164-0x00007FF79EA30000-0x00007FF79EE25000-memory.dmp

Filesize
4.0MB

Download
memory/3584-218-0x00007FF647020000-0x00007FF647415000-memory.dmp

Filesize
4.0MB

Download
memory/3784-398-0x00007FF66E010000-0x00007FF66E405000-memory.dmp

Filesize
4.0MB

Download
memory/3952-91-0x00007FF7E8020000-0x00007FF7E8415000-memory.dmp

Filesize
4.0MB

Download
memory/4084-379-0x00007FF673870000-0x00007FF673C65000-memory.dmp

Filesize
4.0MB

Download
memory/4084-142-0x00007FF673870000-0x00007FF673C65000-memory.dmp

Filesize
4.0MB

Download
memory/4108-56-0x00007FF6045C0000-0x00007FF6049B5000-memory.dmp

Filesize
4.0MB

Download
memory/4108-0-0x00007FF6045C0000-0x00007FF6049B5000-memory.dmp

Filesize
4.0MB

Download
memory/4108-1-0x000001AC9F0B0000-0x000001AC9F0C0000-memory.dmp

Filesize
64KB

Download
memory/4288-76-0x00007FF708E20000-0x00007FF709215000-memory.dmp

Filesize
4.0MB

Download
memory/4288-22-0x00007FF708E20000-0x00007FF709215000-memory.dmp

Filesize
4.0MB

Download
memory/4316-180-0x00007FF64E6B0000-0x00007FF64EAA5000-memory.dmp

Filesize
4.0MB

Download
memory/4320-221-0x00007FF62DCE0000-0x00007FF62E0D5000-memory.dmp

Filesize
4.0MB

Download
memory/4448-167-0x00007FF734730000-0x00007FF734B25000-memory.dmp

Filesize
4.0MB

Download
memory/4472-382-0x00007FF7D7850000-0x00007FF7D7C45000-memory.dmp

Filesize
4.0MB

Download
memory/4564-38-0x00007FF7660F0000-0x00007FF7664E5000-memory.dmp

Filesize
4.0MB

Download
memory/4564-124-0x00007FF7660F0000-0x00007FF7664E5000-memory.dmp

Filesize
4.0MB

Download
memory/4592-109-0x00007FF727630000-0x00007FF727A25000-memory.dmp

Filesize
4.0MB

Download
memory/4732-49-0x00007FF67DE80000-0x00007FF67E275000-memory.dmp

Filesize
4.0MB

Download
memory/4860-407-0x00007FF674170000-0x00007FF674565000-memory.dmp

Filesize
4.0MB

Download
memory/4872-116-0x00007FF64AFC0000-0x00007FF64B3B5000-memory.dmp

Filesize
4.0MB

Download
memory/4896-395-0x00007FF71E560000-0x00007FF71E955000-memory.dmp

Filesize
4.0MB

Download
memory/4920-106-0x00007FF686B20000-0x00007FF686F15000-memory.dmp

Filesize
4.0MB

Download
memory/4920-37-0x00007FF686B20000-0x00007FF686F15000-memory.dmp

Filesize
4.0MB

Download
memory/4964-173-0x00007FF7BC750000-0x00007FF7BCB45000-memory.dmp

Filesize
4.0MB

Download
memory/4976-386-0x00007FF7D4420000-0x00007FF7D4815000-memory.dmp

Filesize
4.0MB

Download
memory/4992-67-0x00007FF785C60000-0x00007FF786055000-memory.dmp

Filesize
4.0MB

Download
memory/5020-57-0x00007FF64A0F0000-0x00007FF64A4E5000-memory.dmp

Filesize
4.0MB

Download
memory/5020-9-0x00007FF64A0F0000-0x00007FF64A4E5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads