xmrig | c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
Size

1.0MB
MD5

6c4e2dcfe0d67e4f6645bced847eb68f
SHA1

6e23f83417d9a29aa4724e39ae97892f201d1bbf
SHA256

c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d
SHA512

a38f5b1a3ddc8bc07f7c513edc2ea603ce8b93b99c53cc4474de1fb88681b723a7c5bd73a03f8a6d45684bc2e9a8de3b504d51d0868854ce7c58547dae734fe6
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727HeoPO+XC7A9GaFs1XllvB5zJsaF:ROdWCCi7/rahOYilJ51su

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4672-0-0x00007FF60EEE0000-0x00007FF60F231000-memory.dmp	UPX
behavioral2/files/0x0007000000023201-7.dat	UPX
behavioral2/files/0x0007000000023201-12.dat	UPX
behavioral2/files/0x000a0000000231af-9.dat	UPX
behavioral2/files/0x000e000000023158-8.dat	UPX
behavioral2/files/0x000e000000023158-5.dat	UPX
behavioral2/files/0x0007000000023201-23.dat	UPX
behavioral2/files/0x0007000000023203-30.dat	UPX
behavioral2/files/0x0007000000023204-42.dat	UPX
behavioral2/files/0x0007000000023207-95.dat	UPX
behavioral2/files/0x0007000000023210-84.dat	UPX
behavioral2/files/0x0007000000023217-129.dat	UPX
behavioral2/files/0x0007000000023217-128.dat	UPX
behavioral2/files/0x0007000000023216-144.dat	UPX
behavioral2/files/0x0007000000023218-165.dat	UPX
behavioral2/files/0x000700000002321e-174.dat	UPX
behavioral2/memory/4720-195-0x00007FF7433C0000-0x00007FF743711000-memory.dmp	UPX
behavioral2/memory/3604-199-0x00007FF7C7CD0000-0x00007FF7C8021000-memory.dmp	UPX
behavioral2/memory/4724-207-0x00007FF6366C0000-0x00007FF636A11000-memory.dmp	UPX
behavioral2/memory/1076-219-0x00007FF7725F0000-0x00007FF772941000-memory.dmp	UPX
behavioral2/memory/1416-223-0x00007FF72DD30000-0x00007FF72E081000-memory.dmp	UPX
behavioral2/memory/3308-227-0x00007FF7FB6E0000-0x00007FF7FBA31000-memory.dmp	UPX
behavioral2/memory/1744-231-0x00007FF606010000-0x00007FF606361000-memory.dmp	UPX
behavioral2/memory/4480-241-0x00007FF7DD7B0000-0x00007FF7DDB01000-memory.dmp	UPX
behavioral2/memory/3524-249-0x00007FF6DD510000-0x00007FF6DD861000-memory.dmp	UPX
behavioral2/memory/2068-255-0x00007FF659790000-0x00007FF659AE1000-memory.dmp	UPX
behavioral2/memory/2360-261-0x00007FF74CE30000-0x00007FF74D181000-memory.dmp	UPX
behavioral2/memory/3544-273-0x00007FF786A80000-0x00007FF786DD1000-memory.dmp	UPX
behavioral2/memory/508-283-0x00007FF7C4A20000-0x00007FF7C4D71000-memory.dmp	UPX
behavioral2/memory/3200-291-0x00007FF70B590000-0x00007FF70B8E1000-memory.dmp	UPX
behavioral2/memory/4692-298-0x00007FF7E29A0000-0x00007FF7E2CF1000-memory.dmp	UPX
behavioral2/memory/3112-306-0x00007FF681F10000-0x00007FF682261000-memory.dmp	UPX
behavioral2/memory/412-311-0x00007FF76C1A0000-0x00007FF76C4F1000-memory.dmp	UPX
behavioral2/memory/4516-339-0x00007FF6A5410000-0x00007FF6A5761000-memory.dmp	UPX
behavioral2/memory/3748-346-0x00007FF655EB0000-0x00007FF656201000-memory.dmp	UPX
behavioral2/memory/348-373-0x00007FF659B80000-0x00007FF659ED1000-memory.dmp	UPX
behavioral2/memory/1608-380-0x00007FF6973F0000-0x00007FF697741000-memory.dmp	UPX
behavioral2/memory/3864-385-0x00007FF781220000-0x00007FF781571000-memory.dmp	UPX
behavioral2/memory/5064-397-0x00007FF7AF5B0000-0x00007FF7AF901000-memory.dmp	UPX
behavioral2/memory/1156-403-0x00007FF605550000-0x00007FF6058A1000-memory.dmp	UPX
behavioral2/memory/3700-411-0x00007FF6A9C00000-0x00007FF6A9F51000-memory.dmp	UPX
behavioral2/memory/1704-425-0x00007FF652630000-0x00007FF652981000-memory.dmp	UPX
behavioral2/memory/2696-455-0x00007FF705580000-0x00007FF7058D1000-memory.dmp	UPX
behavioral2/memory/3300-463-0x00007FF606330000-0x00007FF606681000-memory.dmp	UPX
behavioral2/memory/4048-482-0x00007FF786F30000-0x00007FF787281000-memory.dmp	UPX
behavioral2/memory/4892-477-0x00007FF7270F0000-0x00007FF727441000-memory.dmp	UPX
behavioral2/memory/4912-450-0x00007FF7FFA00000-0x00007FF7FFD51000-memory.dmp	UPX
behavioral2/memory/2096-433-0x00007FF7BFA90000-0x00007FF7BFDE1000-memory.dmp	UPX
behavioral2/memory/4776-406-0x00007FF61E700000-0x00007FF61EA51000-memory.dmp	UPX
behavioral2/memory/588-377-0x00007FF628F60000-0x00007FF6292B1000-memory.dmp	UPX
behavioral2/memory/4360-368-0x00007FF7DA130000-0x00007FF7DA481000-memory.dmp	UPX
behavioral2/memory/3324-358-0x00007FF6C48B0000-0x00007FF6C4C01000-memory.dmp	UPX
behavioral2/memory/4848-334-0x00007FF6258A0000-0x00007FF625BF1000-memory.dmp	UPX
behavioral2/memory/436-324-0x00007FF699A40000-0x00007FF699D91000-memory.dmp	UPX
behavioral2/memory/1916-287-0x00007FF6E08A0000-0x00007FF6E0BF1000-memory.dmp	UPX
behavioral2/memory/4036-265-0x00007FF7478F0000-0x00007FF747C41000-memory.dmp	UPX
behavioral2/memory/1844-264-0x00007FF638610000-0x00007FF638961000-memory.dmp	UPX
behavioral2/memory/932-263-0x00007FF655370000-0x00007FF6556C1000-memory.dmp	UPX
behavioral2/memory/5036-262-0x00007FF71A030000-0x00007FF71A381000-memory.dmp	UPX
behavioral2/memory/624-260-0x00007FF750A40000-0x00007FF750D91000-memory.dmp	UPX
behavioral2/memory/3692-259-0x00007FF759C90000-0x00007FF759FE1000-memory.dmp	UPX
behavioral2/memory/1808-238-0x00007FF77D580000-0x00007FF77D8D1000-memory.dmp	UPX
behavioral2/memory/5072-215-0x00007FF6F59C0000-0x00007FF6F5D11000-memory.dmp	UPX
behavioral2/memory/1360-211-0x00007FF708F00000-0x00007FF709251000-memory.dmp	UPX

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/4720-195-0x00007FF7433C0000-0x00007FF743711000-memory.dmp	xmrig
behavioral2/memory/3604-199-0x00007FF7C7CD0000-0x00007FF7C8021000-memory.dmp	xmrig
behavioral2/memory/4724-207-0x00007FF6366C0000-0x00007FF636A11000-memory.dmp	xmrig
behavioral2/memory/1076-219-0x00007FF7725F0000-0x00007FF772941000-memory.dmp	xmrig
behavioral2/memory/1416-223-0x00007FF72DD30000-0x00007FF72E081000-memory.dmp	xmrig
behavioral2/memory/3308-227-0x00007FF7FB6E0000-0x00007FF7FBA31000-memory.dmp	xmrig
behavioral2/memory/1744-231-0x00007FF606010000-0x00007FF606361000-memory.dmp	xmrig
behavioral2/memory/4480-241-0x00007FF7DD7B0000-0x00007FF7DDB01000-memory.dmp	xmrig
behavioral2/memory/3524-249-0x00007FF6DD510000-0x00007FF6DD861000-memory.dmp	xmrig
behavioral2/memory/2068-255-0x00007FF659790000-0x00007FF659AE1000-memory.dmp	xmrig
behavioral2/memory/3544-273-0x00007FF786A80000-0x00007FF786DD1000-memory.dmp	xmrig
behavioral2/memory/508-283-0x00007FF7C4A20000-0x00007FF7C4D71000-memory.dmp	xmrig
behavioral2/memory/3200-291-0x00007FF70B590000-0x00007FF70B8E1000-memory.dmp	xmrig
behavioral2/memory/4692-298-0x00007FF7E29A0000-0x00007FF7E2CF1000-memory.dmp	xmrig
behavioral2/memory/3112-306-0x00007FF681F10000-0x00007FF682261000-memory.dmp	xmrig
behavioral2/memory/412-311-0x00007FF76C1A0000-0x00007FF76C4F1000-memory.dmp	xmrig
behavioral2/memory/4516-339-0x00007FF6A5410000-0x00007FF6A5761000-memory.dmp	xmrig
behavioral2/memory/3748-346-0x00007FF655EB0000-0x00007FF656201000-memory.dmp	xmrig
behavioral2/memory/348-373-0x00007FF659B80000-0x00007FF659ED1000-memory.dmp	xmrig
behavioral2/memory/1608-380-0x00007FF6973F0000-0x00007FF697741000-memory.dmp	xmrig
behavioral2/memory/3864-385-0x00007FF781220000-0x00007FF781571000-memory.dmp	xmrig
behavioral2/memory/5064-397-0x00007FF7AF5B0000-0x00007FF7AF901000-memory.dmp	xmrig
behavioral2/memory/1156-403-0x00007FF605550000-0x00007FF6058A1000-memory.dmp	xmrig
behavioral2/memory/3700-411-0x00007FF6A9C00000-0x00007FF6A9F51000-memory.dmp	xmrig
behavioral2/memory/1704-425-0x00007FF652630000-0x00007FF652981000-memory.dmp	xmrig
behavioral2/memory/2696-455-0x00007FF705580000-0x00007FF7058D1000-memory.dmp	xmrig
behavioral2/memory/3300-463-0x00007FF606330000-0x00007FF606681000-memory.dmp	xmrig
behavioral2/memory/4048-482-0x00007FF786F30000-0x00007FF787281000-memory.dmp	xmrig
behavioral2/memory/4892-477-0x00007FF7270F0000-0x00007FF727441000-memory.dmp	xmrig
behavioral2/memory/4912-450-0x00007FF7FFA00000-0x00007FF7FFD51000-memory.dmp	xmrig
behavioral2/memory/2096-433-0x00007FF7BFA90000-0x00007FF7BFDE1000-memory.dmp	xmrig
behavioral2/memory/4776-406-0x00007FF61E700000-0x00007FF61EA51000-memory.dmp	xmrig
behavioral2/memory/588-377-0x00007FF628F60000-0x00007FF6292B1000-memory.dmp	xmrig
behavioral2/memory/4360-368-0x00007FF7DA130000-0x00007FF7DA481000-memory.dmp	xmrig
behavioral2/memory/3324-358-0x00007FF6C48B0000-0x00007FF6C4C01000-memory.dmp	xmrig
behavioral2/memory/4848-334-0x00007FF6258A0000-0x00007FF625BF1000-memory.dmp	xmrig
behavioral2/memory/436-324-0x00007FF699A40000-0x00007FF699D91000-memory.dmp	xmrig
behavioral2/memory/1916-287-0x00007FF6E08A0000-0x00007FF6E0BF1000-memory.dmp	xmrig
behavioral2/memory/4036-265-0x00007FF7478F0000-0x00007FF747C41000-memory.dmp	xmrig
behavioral2/memory/1844-264-0x00007FF638610000-0x00007FF638961000-memory.dmp	xmrig
behavioral2/memory/624-260-0x00007FF750A40000-0x00007FF750D91000-memory.dmp	xmrig
behavioral2/memory/1808-238-0x00007FF77D580000-0x00007FF77D8D1000-memory.dmp	xmrig
behavioral2/memory/5072-215-0x00007FF6F59C0000-0x00007FF6F5D11000-memory.dmp	xmrig
behavioral2/memory/1360-211-0x00007FF708F00000-0x00007FF709251000-memory.dmp	xmrig
behavioral2/memory/1144-203-0x00007FF7728B0000-0x00007FF772C01000-memory.dmp	xmrig
behavioral2/memory/2232-191-0x00007FF678300000-0x00007FF678651000-memory.dmp	xmrig
behavioral2/memory/2576-187-0x00007FF715C10000-0x00007FF715F61000-memory.dmp	xmrig
behavioral2/memory/5032-173-0x00007FF7B7CB0000-0x00007FF7B8001000-memory.dmp	xmrig
behavioral2/memory/1932-181-0x00007FF6687B0000-0x00007FF668B01000-memory.dmp	xmrig
behavioral2/memory/3564-162-0x00007FF66EA20000-0x00007FF66ED71000-memory.dmp	xmrig
behavioral2/memory/2100-142-0x00007FF6358C0000-0x00007FF635C11000-memory.dmp	xmrig
behavioral2/memory/3188-126-0x00007FF7AC7B0000-0x00007FF7ACB01000-memory.dmp	xmrig
behavioral2/memory/3060-94-0x00007FF7B8600000-0x00007FF7B8951000-memory.dmp	xmrig
behavioral2/memory/3664-81-0x00007FF762360000-0x00007FF7626B1000-memory.dmp	xmrig
behavioral2/memory/2016-40-0x00007FF738960000-0x00007FF738CB1000-memory.dmp	xmrig
behavioral2/memory/724-27-0x00007FF651E60000-0x00007FF6521B1000-memory.dmp	xmrig
behavioral2/memory/2300-21-0x00007FF645900000-0x00007FF645C51000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4820	thXIDxg.exe
2300	tDJPlfy.exe
724	wqVxGIu.exe
2016	xzUMOCf.exe
1844	NGskFqm.exe
4972	ewHJCna.exe
3664	jYPLxvP.exe
3060	cWVpwAp.exe
4036	OfopuvN.exe
3188	UBSVIhP.exe
2100	KoDmgTA.exe
3564	BoQuNfW.exe
5032	kOGIcJe.exe
1932	gxKPoyL.exe
2576	cISPTMA.exe
2232	aTKElsH.exe
3544	vSOSKcq.exe
4720	wwVsYCA.exe
3604	myZWgqs.exe
508	uzodIro.exe
1144	KiqAMVI.exe
4724	wXievJp.exe
1360	tsxHwoH.exe
5072	vsFored.exe
1916	qAyuAzH.exe
1076	VnJLTlD.exe
3200	BYMells.exe
1416	XatsGqJ.exe
3308	rsikRSx.exe
1744	rBAymWW.exe
1808	uFFcQmC.exe
4692	pNMWmpg.exe
4480	xYzBHmu.exe
3524	luOXBMx.exe
3112	rESkYSA.exe
2068	PCdHghj.exe
412	pRUHtws.exe
436	pnHyGlp.exe
4848	oHCsNAV.exe
4516	RmKEgYg.exe
3748	HvgGoZo.exe
3324	xgUZMHn.exe
4360	ieWkmPt.exe
348	LLfXkGl.exe
588	SDdAxPv.exe
1608	mvwWvco.exe
3864	dVkGGfq.exe
5064	lwDaxHh.exe
1156	vNGVLFS.exe
3692	PLceACE.exe
624	LMJQooA.exe
4776	BuzxPsv.exe
2360	IlfeCXI.exe
5036	SKCUffK.exe
3700	lkLtvFl.exe
932	dLcpvhs.exe
1704	oCiTPuk.exe
4796	areYAcT.exe
2096	dQWoEaN.exe
4912	mcMVaLG.exe
5048	qVLDqfZ.exe
548	eAkbPbw.exe
3436	WXysoYh.exe
3176	ixcyonw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4672-0-0x00007FF60EEE0000-0x00007FF60F231000-memory.dmp	upx
behavioral2/files/0x0007000000023201-7.dat	upx
behavioral2/files/0x0007000000023201-12.dat	upx
behavioral2/files/0x000a0000000231af-9.dat	upx
behavioral2/files/0x000e000000023158-8.dat	upx
behavioral2/files/0x000e000000023158-5.dat	upx
behavioral2/files/0x0007000000023201-23.dat	upx
behavioral2/files/0x0007000000023203-30.dat	upx
behavioral2/files/0x0007000000023204-42.dat	upx
behavioral2/files/0x0007000000023207-95.dat	upx
behavioral2/files/0x0007000000023210-84.dat	upx
behavioral2/files/0x0007000000023217-129.dat	upx
behavioral2/files/0x0007000000023217-128.dat	upx
behavioral2/files/0x0007000000023216-144.dat	upx
behavioral2/files/0x0007000000023218-165.dat	upx
behavioral2/files/0x000700000002321e-174.dat	upx
behavioral2/memory/4720-195-0x00007FF7433C0000-0x00007FF743711000-memory.dmp	upx
behavioral2/memory/3604-199-0x00007FF7C7CD0000-0x00007FF7C8021000-memory.dmp	upx
behavioral2/memory/4724-207-0x00007FF6366C0000-0x00007FF636A11000-memory.dmp	upx
behavioral2/memory/1076-219-0x00007FF7725F0000-0x00007FF772941000-memory.dmp	upx
behavioral2/memory/1416-223-0x00007FF72DD30000-0x00007FF72E081000-memory.dmp	upx
behavioral2/memory/3308-227-0x00007FF7FB6E0000-0x00007FF7FBA31000-memory.dmp	upx
behavioral2/memory/1744-231-0x00007FF606010000-0x00007FF606361000-memory.dmp	upx
behavioral2/memory/4480-241-0x00007FF7DD7B0000-0x00007FF7DDB01000-memory.dmp	upx
behavioral2/memory/3524-249-0x00007FF6DD510000-0x00007FF6DD861000-memory.dmp	upx
behavioral2/memory/2068-255-0x00007FF659790000-0x00007FF659AE1000-memory.dmp	upx
behavioral2/memory/2360-261-0x00007FF74CE30000-0x00007FF74D181000-memory.dmp	upx
behavioral2/memory/3544-273-0x00007FF786A80000-0x00007FF786DD1000-memory.dmp	upx
behavioral2/memory/508-283-0x00007FF7C4A20000-0x00007FF7C4D71000-memory.dmp	upx
behavioral2/memory/3200-291-0x00007FF70B590000-0x00007FF70B8E1000-memory.dmp	upx
behavioral2/memory/4692-298-0x00007FF7E29A0000-0x00007FF7E2CF1000-memory.dmp	upx
behavioral2/memory/3112-306-0x00007FF681F10000-0x00007FF682261000-memory.dmp	upx
behavioral2/memory/412-311-0x00007FF76C1A0000-0x00007FF76C4F1000-memory.dmp	upx
behavioral2/memory/4516-339-0x00007FF6A5410000-0x00007FF6A5761000-memory.dmp	upx
behavioral2/memory/3748-346-0x00007FF655EB0000-0x00007FF656201000-memory.dmp	upx
behavioral2/memory/348-373-0x00007FF659B80000-0x00007FF659ED1000-memory.dmp	upx
behavioral2/memory/1608-380-0x00007FF6973F0000-0x00007FF697741000-memory.dmp	upx
behavioral2/memory/3864-385-0x00007FF781220000-0x00007FF781571000-memory.dmp	upx
behavioral2/memory/5064-397-0x00007FF7AF5B0000-0x00007FF7AF901000-memory.dmp	upx
behavioral2/memory/1156-403-0x00007FF605550000-0x00007FF6058A1000-memory.dmp	upx
behavioral2/memory/3700-411-0x00007FF6A9C00000-0x00007FF6A9F51000-memory.dmp	upx
behavioral2/memory/1704-425-0x00007FF652630000-0x00007FF652981000-memory.dmp	upx
behavioral2/memory/2696-455-0x00007FF705580000-0x00007FF7058D1000-memory.dmp	upx
behavioral2/memory/3300-463-0x00007FF606330000-0x00007FF606681000-memory.dmp	upx
behavioral2/memory/4048-482-0x00007FF786F30000-0x00007FF787281000-memory.dmp	upx
behavioral2/memory/4892-477-0x00007FF7270F0000-0x00007FF727441000-memory.dmp	upx
behavioral2/memory/4912-450-0x00007FF7FFA00000-0x00007FF7FFD51000-memory.dmp	upx
behavioral2/memory/2096-433-0x00007FF7BFA90000-0x00007FF7BFDE1000-memory.dmp	upx
behavioral2/memory/4776-406-0x00007FF61E700000-0x00007FF61EA51000-memory.dmp	upx
behavioral2/memory/588-377-0x00007FF628F60000-0x00007FF6292B1000-memory.dmp	upx
behavioral2/memory/4360-368-0x00007FF7DA130000-0x00007FF7DA481000-memory.dmp	upx
behavioral2/memory/3324-358-0x00007FF6C48B0000-0x00007FF6C4C01000-memory.dmp	upx
behavioral2/memory/4848-334-0x00007FF6258A0000-0x00007FF625BF1000-memory.dmp	upx
behavioral2/memory/436-324-0x00007FF699A40000-0x00007FF699D91000-memory.dmp	upx
behavioral2/memory/1916-287-0x00007FF6E08A0000-0x00007FF6E0BF1000-memory.dmp	upx
behavioral2/memory/4036-265-0x00007FF7478F0000-0x00007FF747C41000-memory.dmp	upx
behavioral2/memory/1844-264-0x00007FF638610000-0x00007FF638961000-memory.dmp	upx
behavioral2/memory/932-263-0x00007FF655370000-0x00007FF6556C1000-memory.dmp	upx
behavioral2/memory/5036-262-0x00007FF71A030000-0x00007FF71A381000-memory.dmp	upx
behavioral2/memory/624-260-0x00007FF750A40000-0x00007FF750D91000-memory.dmp	upx
behavioral2/memory/3692-259-0x00007FF759C90000-0x00007FF759FE1000-memory.dmp	upx
behavioral2/memory/1808-238-0x00007FF77D580000-0x00007FF77D8D1000-memory.dmp	upx
behavioral2/memory/5072-215-0x00007FF6F59C0000-0x00007FF6F5D11000-memory.dmp	upx
behavioral2/memory/1360-211-0x00007FF708F00000-0x00007FF709251000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NxranNf.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\kPaJvCA.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\IKrivEF.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\RgeHKmM.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\YniYOrG.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\dQaRlSG.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\jaKBfXV.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\cWVpwAp.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\BoQuNfW.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\pddaWsr.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\ZEZKRUA.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\pwwKggI.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\VjlcWsQ.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\OgtrvIk.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\EyegRZB.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\eftRnYO.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\MDsOzZC.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\SDdAxPv.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\uuvbfvp.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\McRgwUo.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\iarxSKC.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\IcegnTe.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\aBzODBB.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\EpnypzM.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\gxKPoyL.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\PyJZnsx.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\yJmJKwn.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\iZiUnwb.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\RmKEgYg.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\vNGVLFS.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\TQHQbjL.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\DeSZBZT.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\fpNRGPX.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\kOSQtlL.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\fXNzHAU.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\ewHJCna.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\xYzBHmu.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\bHELIIU.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\xhMitAh.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\MucpxNd.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\XYvDhXH.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\StRZVxV.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\mblDRHj.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\Zeermcw.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\cqvtluu.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\dLcpvhs.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\yUzcNAN.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\ylTUWwA.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\yACgYqk.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\FpEoKKC.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\nUlMTzE.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\iJLLBjN.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\EzadSvK.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\OsudkHu.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\ofSStjM.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\tiJWGFT.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\moiVujl.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\tyuvZRQ.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\uMSnaCF.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\eAxjmRo.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\CbDeBpQ.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\oGCpdXD.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\ycTGUyl.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
File created	C:\Windows\System\LLfXkGl.exe	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2412	dwm.exe
Token: SeChangeNotifyPrivilege	2412	dwm.exe
Token: 33	2412	dwm.exe
Token: SeIncBasePriorityPrivilege	2412	dwm.exe
Token: SeShutdownPrivilege	2412	dwm.exe
Token: SeCreatePagefilePrivilege	2412	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 4820	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	88
PID 4672 wrote to memory of 4820	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	88
PID 4672 wrote to memory of 2300	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	89
PID 4672 wrote to memory of 2300	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	89
PID 4672 wrote to memory of 724	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	90
PID 4672 wrote to memory of 724	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	90
PID 4672 wrote to memory of 2016	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	91
PID 4672 wrote to memory of 2016	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	91
PID 4672 wrote to memory of 1844	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	92
PID 4672 wrote to memory of 1844	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	92
PID 4672 wrote to memory of 4972	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	93
PID 4672 wrote to memory of 4972	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	93
PID 4672 wrote to memory of 3664	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	94
PID 4672 wrote to memory of 3664	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	94
PID 4672 wrote to memory of 3060	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	95
PID 4672 wrote to memory of 3060	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	95
PID 4672 wrote to memory of 4036	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	96
PID 4672 wrote to memory of 4036	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	96
PID 4672 wrote to memory of 3188	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	97
PID 4672 wrote to memory of 3188	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	97
PID 4672 wrote to memory of 2100	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	98
PID 4672 wrote to memory of 2100	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	98
PID 4672 wrote to memory of 3564	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	99
PID 4672 wrote to memory of 3564	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	99
PID 4672 wrote to memory of 5032	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	100
PID 4672 wrote to memory of 5032	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	100
PID 4672 wrote to memory of 1932	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	101
PID 4672 wrote to memory of 1932	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	101
PID 4672 wrote to memory of 2576	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	102
PID 4672 wrote to memory of 2576	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	102
PID 4672 wrote to memory of 2232	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	103
PID 4672 wrote to memory of 2232	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	103
PID 4672 wrote to memory of 3544	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	104
PID 4672 wrote to memory of 3544	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	104
PID 4672 wrote to memory of 4720	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	105
PID 4672 wrote to memory of 4720	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	105
PID 4672 wrote to memory of 3604	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	106
PID 4672 wrote to memory of 3604	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	106
PID 4672 wrote to memory of 1144	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	107
PID 4672 wrote to memory of 1144	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	107
PID 4672 wrote to memory of 508	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	108
PID 4672 wrote to memory of 508	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	108
PID 4672 wrote to memory of 4724	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	109
PID 4672 wrote to memory of 4724	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	109
PID 4672 wrote to memory of 1360	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	110
PID 4672 wrote to memory of 1360	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	110
PID 4672 wrote to memory of 5072	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	111
PID 4672 wrote to memory of 5072	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	111
PID 4672 wrote to memory of 1916	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	112
PID 4672 wrote to memory of 1916	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	112
PID 4672 wrote to memory of 1076	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	113
PID 4672 wrote to memory of 1076	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	113
PID 4672 wrote to memory of 3200	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	114
PID 4672 wrote to memory of 3200	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	114
PID 4672 wrote to memory of 1416	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	115
PID 4672 wrote to memory of 1416	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	115
PID 4672 wrote to memory of 3308	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	116
PID 4672 wrote to memory of 3308	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	116
PID 4672 wrote to memory of 1744	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	117
PID 4672 wrote to memory of 1744	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	117
PID 4672 wrote to memory of 1808	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	118
PID 4672 wrote to memory of 1808	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	118
PID 4672 wrote to memory of 4692	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	119
PID 4672 wrote to memory of 4692	4672	c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe	119

C:\Users\Admin\AppData\Local\Temp\c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe
"C:\Users\Admin\AppData\Local\Temp\c1075e06e0e58d4f113c2b1038869cd2ccb0178be5a645463f6ad996666c7d8d.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\System\thXIDxg.exe
  C:\Windows\System\thXIDxg.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\tDJPlfy.exe
  C:\Windows\System\tDJPlfy.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\wqVxGIu.exe
  C:\Windows\System\wqVxGIu.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\xzUMOCf.exe
  C:\Windows\System\xzUMOCf.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\NGskFqm.exe
  C:\Windows\System\NGskFqm.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\ewHJCna.exe
  C:\Windows\System\ewHJCna.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\jYPLxvP.exe
  C:\Windows\System\jYPLxvP.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\cWVpwAp.exe
  C:\Windows\System\cWVpwAp.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\OfopuvN.exe
  C:\Windows\System\OfopuvN.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\UBSVIhP.exe
  C:\Windows\System\UBSVIhP.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\KoDmgTA.exe
  C:\Windows\System\KoDmgTA.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\BoQuNfW.exe
  C:\Windows\System\BoQuNfW.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\kOGIcJe.exe
  C:\Windows\System\kOGIcJe.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\gxKPoyL.exe
  C:\Windows\System\gxKPoyL.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\cISPTMA.exe
  C:\Windows\System\cISPTMA.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\aTKElsH.exe
  C:\Windows\System\aTKElsH.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\vSOSKcq.exe
  C:\Windows\System\vSOSKcq.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\wwVsYCA.exe
  C:\Windows\System\wwVsYCA.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\myZWgqs.exe
  C:\Windows\System\myZWgqs.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\KiqAMVI.exe
  C:\Windows\System\KiqAMVI.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\uzodIro.exe
  C:\Windows\System\uzodIro.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\wXievJp.exe
  C:\Windows\System\wXievJp.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\tsxHwoH.exe
  C:\Windows\System\tsxHwoH.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\vsFored.exe
  C:\Windows\System\vsFored.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\qAyuAzH.exe
  C:\Windows\System\qAyuAzH.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\VnJLTlD.exe
  C:\Windows\System\VnJLTlD.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\BYMells.exe
  C:\Windows\System\BYMells.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\XatsGqJ.exe
  C:\Windows\System\XatsGqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\rsikRSx.exe
  C:\Windows\System\rsikRSx.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\rBAymWW.exe
  C:\Windows\System\rBAymWW.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\uFFcQmC.exe
  C:\Windows\System\uFFcQmC.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\pNMWmpg.exe
  C:\Windows\System\pNMWmpg.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\xYzBHmu.exe
  C:\Windows\System\xYzBHmu.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\luOXBMx.exe
  C:\Windows\System\luOXBMx.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\rESkYSA.exe
  C:\Windows\System\rESkYSA.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\PCdHghj.exe
  C:\Windows\System\PCdHghj.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\pRUHtws.exe
  C:\Windows\System\pRUHtws.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\pnHyGlp.exe
  C:\Windows\System\pnHyGlp.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\oHCsNAV.exe
  C:\Windows\System\oHCsNAV.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\RmKEgYg.exe
  C:\Windows\System\RmKEgYg.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\HvgGoZo.exe
  C:\Windows\System\HvgGoZo.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\xgUZMHn.exe
  C:\Windows\System\xgUZMHn.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\ieWkmPt.exe
  C:\Windows\System\ieWkmPt.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\LLfXkGl.exe
  C:\Windows\System\LLfXkGl.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\SDdAxPv.exe
  C:\Windows\System\SDdAxPv.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\mvwWvco.exe
  C:\Windows\System\mvwWvco.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\dVkGGfq.exe
  C:\Windows\System\dVkGGfq.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\lwDaxHh.exe
  C:\Windows\System\lwDaxHh.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\vNGVLFS.exe
  C:\Windows\System\vNGVLFS.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\PLceACE.exe
  C:\Windows\System\PLceACE.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\LMJQooA.exe
  C:\Windows\System\LMJQooA.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\BuzxPsv.exe
  C:\Windows\System\BuzxPsv.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\IlfeCXI.exe
  C:\Windows\System\IlfeCXI.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\SKCUffK.exe
  C:\Windows\System\SKCUffK.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\lkLtvFl.exe
  C:\Windows\System\lkLtvFl.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\dLcpvhs.exe
  C:\Windows\System\dLcpvhs.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\oCiTPuk.exe
  C:\Windows\System\oCiTPuk.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\areYAcT.exe
  C:\Windows\System\areYAcT.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\dQWoEaN.exe
  C:\Windows\System\dQWoEaN.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\mcMVaLG.exe
  C:\Windows\System\mcMVaLG.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\qVLDqfZ.exe
  C:\Windows\System\qVLDqfZ.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\eAkbPbw.exe
  C:\Windows\System\eAkbPbw.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\WXysoYh.exe
  C:\Windows\System\WXysoYh.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\ixcyonw.exe
  C:\Windows\System\ixcyonw.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\itzaakh.exe
  C:\Windows\System\itzaakh.exe
  2⤵
  PID:2696
- C:\Windows\System\iJEVXXm.exe
  C:\Windows\System\iJEVXXm.exe
  2⤵
  PID:3300
- C:\Windows\System\PJjpFHg.exe
  C:\Windows\System\PJjpFHg.exe
  2⤵
  PID:4892
- C:\Windows\System\aNKaHIH.exe
  C:\Windows\System\aNKaHIH.exe
  2⤵
  PID:3144
- C:\Windows\System\uuvbfvp.exe
  C:\Windows\System\uuvbfvp.exe
  2⤵
  PID:4048
- C:\Windows\System\IKrivEF.exe
  C:\Windows\System\IKrivEF.exe
  2⤵
  PID:4600
- C:\Windows\System\tqpACwu.exe
  C:\Windows\System\tqpACwu.exe
  2⤵
  PID:4076
- C:\Windows\System\uMaODty.exe
  C:\Windows\System\uMaODty.exe
  2⤵
  PID:3348
- C:\Windows\System\bQuHFDx.exe
  C:\Windows\System\bQuHFDx.exe
  2⤵
  PID:3264
- C:\Windows\System\MzJVXpV.exe
  C:\Windows\System\MzJVXpV.exe
  2⤵
  PID:1340
- C:\Windows\System\XTOzllW.exe
  C:\Windows\System\XTOzllW.exe
  2⤵
  PID:2092
- C:\Windows\System\KXRHrpX.exe
  C:\Windows\System\KXRHrpX.exe
  2⤵
  PID:3180
- C:\Windows\System\OgtrvIk.exe
  C:\Windows\System\OgtrvIk.exe
  2⤵
  PID:740
- C:\Windows\System\djGasOc.exe
  C:\Windows\System\djGasOc.exe
  2⤵
  PID:3280
- C:\Windows\System\UpEuWvm.exe
  C:\Windows\System\UpEuWvm.exe
  2⤵
  PID:1400
- C:\Windows\System\HiCbEmd.exe
  C:\Windows\System\HiCbEmd.exe
  2⤵
  PID:5136
- C:\Windows\System\KdEpXIA.exe
  C:\Windows\System\KdEpXIA.exe
  2⤵
  PID:5204
- C:\Windows\System\mHNRlGr.exe
  C:\Windows\System\mHNRlGr.exe
  2⤵
  PID:5228
- C:\Windows\System\isvfQKL.exe
  C:\Windows\System\isvfQKL.exe
  2⤵
  PID:5244
- C:\Windows\System\DxPQxlk.exe
  C:\Windows\System\DxPQxlk.exe
  2⤵
  PID:5284
- C:\Windows\System\JzQNcmh.exe
  C:\Windows\System\JzQNcmh.exe
  2⤵
  PID:5340
- C:\Windows\System\ETfrSOJ.exe
  C:\Windows\System\ETfrSOJ.exe
  2⤵
  PID:5396
- C:\Windows\System\ayyBpfx.exe
  C:\Windows\System\ayyBpfx.exe
  2⤵
  PID:5412
- C:\Windows\System\riPclLQ.exe
  C:\Windows\System\riPclLQ.exe
  2⤵
  PID:5428
- C:\Windows\System\CJSfeYq.exe
  C:\Windows\System\CJSfeYq.exe
  2⤵
  PID:5448
- C:\Windows\System\YTLPJxs.exe
  C:\Windows\System\YTLPJxs.exe
  2⤵
  PID:5484
- C:\Windows\System\lhGySnN.exe
  C:\Windows\System\lhGySnN.exe
  2⤵
  PID:5532
- C:\Windows\System\UUEHctd.exe
  C:\Windows\System\UUEHctd.exe
  2⤵
  PID:5552
- C:\Windows\System\vYnyHsV.exe
  C:\Windows\System\vYnyHsV.exe
  2⤵
  PID:5580
- C:\Windows\System\KuTuFnu.exe
  C:\Windows\System\KuTuFnu.exe
  2⤵
  PID:5608
- C:\Windows\System\vVALieB.exe
  C:\Windows\System\vVALieB.exe
  2⤵
  PID:5628
- C:\Windows\System\MUInnCM.exe
  C:\Windows\System\MUInnCM.exe
  2⤵
  PID:5656
- C:\Windows\System\sQcjFNY.exe
  C:\Windows\System\sQcjFNY.exe
  2⤵
  PID:5684
- C:\Windows\System\wXSWbZM.exe
  C:\Windows\System\wXSWbZM.exe
  2⤵
  PID:5704
- C:\Windows\System\NeNcAit.exe
  C:\Windows\System\NeNcAit.exe
  2⤵
  PID:5736
- C:\Windows\System\pnfEDPI.exe
  C:\Windows\System\pnfEDPI.exe
  2⤵
  PID:5756
- C:\Windows\System\gOCwePf.exe
  C:\Windows\System\gOCwePf.exe
  2⤵
  PID:5784
- C:\Windows\System\dbLRtex.exe
  C:\Windows\System\dbLRtex.exe
  2⤵
  PID:5800
- C:\Windows\System\pefSbXI.exe
  C:\Windows\System\pefSbXI.exe
  2⤵
  PID:5820
- C:\Windows\System\ObEsvnL.exe
  C:\Windows\System\ObEsvnL.exe
  2⤵
  PID:5836
- C:\Windows\System\chRBoOw.exe
  C:\Windows\System\chRBoOw.exe
  2⤵
  PID:5908
- C:\Windows\System\uXObZht.exe
  C:\Windows\System\uXObZht.exe
  2⤵
  PID:5980
- C:\Windows\System\QaQHVzr.exe
  C:\Windows\System\QaQHVzr.exe
  2⤵
  PID:6000
- C:\Windows\System\dCSBadN.exe
  C:\Windows\System\dCSBadN.exe
  2⤵
  PID:6016
- C:\Windows\System\bpGvIjv.exe
  C:\Windows\System\bpGvIjv.exe
  2⤵
  PID:6044
- C:\Windows\System\mluirll.exe
  C:\Windows\System\mluirll.exe
  2⤵
  PID:6064
- C:\Windows\System\SJObkBw.exe
  C:\Windows\System\SJObkBw.exe
  2⤵
  PID:6080
- C:\Windows\System\DFrMeYk.exe
  C:\Windows\System\DFrMeYk.exe
  2⤵
  PID:6104
- C:\Windows\System\QnoHDVG.exe
  C:\Windows\System\QnoHDVG.exe
  2⤵
  PID:6124
- C:\Windows\System\BJegNKo.exe
  C:\Windows\System\BJegNKo.exe
  2⤵
  PID:1252
- C:\Windows\System\JVrxURR.exe
  C:\Windows\System\JVrxURR.exe
  2⤵
  PID:1012
- C:\Windows\System\jTFEioM.exe
  C:\Windows\System\jTFEioM.exe
  2⤵
  PID:5184
- C:\Windows\System\EyegRZB.exe
  C:\Windows\System\EyegRZB.exe
  2⤵
  PID:2836
- C:\Windows\System\kIDPdgI.exe
  C:\Windows\System\kIDPdgI.exe
  2⤵
  PID:5212
- C:\Windows\System\mPOcRpr.exe
  C:\Windows\System\mPOcRpr.exe
  2⤵
  PID:5216
- C:\Windows\System\oRoxJKl.exe
  C:\Windows\System\oRoxJKl.exe
  2⤵
  PID:5276
- C:\Windows\System\owBQKMv.exe
  C:\Windows\System\owBQKMv.exe
  2⤵
  PID:5300
- C:\Windows\System\XJfqMrY.exe
  C:\Windows\System\XJfqMrY.exe
  2⤵
  PID:5492
- C:\Windows\System\iebLLLn.exe
  C:\Windows\System\iebLLLn.exe
  2⤵
  PID:5748
- C:\Windows\System\HaxpMYJ.exe
  C:\Windows\System\HaxpMYJ.exe
  2⤵
  PID:5796
- C:\Windows\System\lgNskKD.exe
  C:\Windows\System\lgNskKD.exe
  2⤵
  PID:5776
- C:\Windows\System\WVkJHbj.exe
  C:\Windows\System\WVkJHbj.exe
  2⤵
  PID:5816
- C:\Windows\System\BtuWlfd.exe
  C:\Windows\System\BtuWlfd.exe
  2⤵
  PID:5948
- C:\Windows\System\uecuHOc.exe
  C:\Windows\System\uecuHOc.exe
  2⤵
  PID:6008
- C:\Windows\System\fTVXOac.exe
  C:\Windows\System\fTVXOac.exe
  2⤵
  PID:6120
- C:\Windows\System\kOSQtlL.exe
  C:\Windows\System\kOSQtlL.exe
  2⤵
  PID:6052
- C:\Windows\System\IzTRkXP.exe
  C:\Windows\System\IzTRkXP.exe
  2⤵
  PID:1352
- C:\Windows\System\StRZVxV.exe
  C:\Windows\System\StRZVxV.exe
  2⤵
  PID:4404
- C:\Windows\System\JRJiJRG.exe
  C:\Windows\System\JRJiJRG.exe
  2⤵
  PID:5380
- C:\Windows\System\qNrEJAu.exe
  C:\Windows\System\qNrEJAu.exe
  2⤵
  PID:5460
- C:\Windows\System\yuNSpwF.exe
  C:\Windows\System\yuNSpwF.exe
  2⤵
  PID:5668
- C:\Windows\System\RRtPSYr.exe
  C:\Windows\System\RRtPSYr.exe
  2⤵
  PID:5992
- C:\Windows\System\vnRAClw.exe
  C:\Windows\System\vnRAClw.exe
  2⤵
  PID:5568
- C:\Windows\System\acGQROI.exe
  C:\Windows\System\acGQROI.exe
  2⤵
  PID:6212
- C:\Windows\System\JQrDOTY.exe
  C:\Windows\System\JQrDOTY.exe
  2⤵
  PID:6276
- C:\Windows\System\HvmqKta.exe
  C:\Windows\System\HvmqKta.exe
  2⤵
  PID:6292
- C:\Windows\System\hOfZOMT.exe
  C:\Windows\System\hOfZOMT.exe
  2⤵
  PID:6312
- C:\Windows\System\JyzDFBs.exe
  C:\Windows\System\JyzDFBs.exe
  2⤵
  PID:6328
- C:\Windows\System\vAXiSdK.exe
  C:\Windows\System\vAXiSdK.exe
  2⤵
  PID:6348
- C:\Windows\System\achXamg.exe
  C:\Windows\System\achXamg.exe
  2⤵
  PID:6380
- C:\Windows\System\tlSDCTt.exe
  C:\Windows\System\tlSDCTt.exe
  2⤵
  PID:6400
- C:\Windows\System\vxFfmmq.exe
  C:\Windows\System\vxFfmmq.exe
  2⤵
  PID:6420
- C:\Windows\System\vNGnsru.exe
  C:\Windows\System\vNGnsru.exe
  2⤵
  PID:6452
- C:\Windows\System\XhFGjxu.exe
  C:\Windows\System\XhFGjxu.exe
  2⤵
  PID:6516
- C:\Windows\System\hOeSsjO.exe
  C:\Windows\System\hOeSsjO.exe
  2⤵
  PID:6544
- C:\Windows\System\TZdmnvN.exe
  C:\Windows\System\TZdmnvN.exe
  2⤵
  PID:6564
- C:\Windows\System\jRfVPNi.exe
  C:\Windows\System\jRfVPNi.exe
  2⤵
  PID:6580
- C:\Windows\System\JIhQHBY.exe
  C:\Windows\System\JIhQHBY.exe
  2⤵
  PID:6600
- C:\Windows\System\BTjhyMf.exe
  C:\Windows\System\BTjhyMf.exe
  2⤵
  PID:6616
- C:\Windows\System\emiCLql.exe
  C:\Windows\System\emiCLql.exe
  2⤵
  PID:6636
- C:\Windows\System\aUWvrGe.exe
  C:\Windows\System\aUWvrGe.exe
  2⤵
  PID:6688
- C:\Windows\System\UPDYTYf.exe
  C:\Windows\System\UPDYTYf.exe
  2⤵
  PID:6716
- C:\Windows\System\uGnrkQd.exe
  C:\Windows\System\uGnrkQd.exe
  2⤵
  PID:6740
- C:\Windows\System\JZtpmAZ.exe
  C:\Windows\System\JZtpmAZ.exe
  2⤵
  PID:6800
- C:\Windows\System\QeUYJhi.exe
  C:\Windows\System\QeUYJhi.exe
  2⤵
  PID:6816
- C:\Windows\System\YqwFEkI.exe
  C:\Windows\System\YqwFEkI.exe
  2⤵
  PID:6860
- C:\Windows\System\fMKzdDl.exe
  C:\Windows\System\fMKzdDl.exe
  2⤵
  PID:6928
- C:\Windows\System\hMRgVzX.exe
  C:\Windows\System\hMRgVzX.exe
  2⤵
  PID:6972
- C:\Windows\System\YkSkiCz.exe
  C:\Windows\System\YkSkiCz.exe
  2⤵
  PID:7024
- C:\Windows\System\fBGbYTT.exe
  C:\Windows\System\fBGbYTT.exe
  2⤵
  PID:7056
- C:\Windows\System\oXfZioM.exe
  C:\Windows\System\oXfZioM.exe
  2⤵
  PID:7088
- C:\Windows\System\UxQujFs.exe
  C:\Windows\System\UxQujFs.exe
  2⤵
  PID:7104
- C:\Windows\System\PyJZnsx.exe
  C:\Windows\System\PyJZnsx.exe
  2⤵
  PID:7136
- C:\Windows\System\IQVJKWz.exe
  C:\Windows\System\IQVJKWz.exe
  2⤵
  PID:7160
- C:\Windows\System\oounSWa.exe
  C:\Windows\System\oounSWa.exe
  2⤵
  PID:4112
- C:\Windows\System\RejBpFs.exe
  C:\Windows\System\RejBpFs.exe
  2⤵
  PID:5624
- C:\Windows\System\DhdhXRO.exe
  C:\Windows\System\DhdhXRO.exe
  2⤵
  PID:5988
- C:\Windows\System\GfiOzQY.exe
  C:\Windows\System\GfiOzQY.exe
  2⤵
  PID:5240
- C:\Windows\System\pORpvvM.exe
  C:\Windows\System\pORpvvM.exe
  2⤵
  PID:5944
- C:\Windows\System\yVxteGl.exe
  C:\Windows\System\yVxteGl.exe
  2⤵
  PID:6252
- C:\Windows\System\XSNfsPa.exe
  C:\Windows\System\XSNfsPa.exe
  2⤵
  PID:6244
- C:\Windows\System\LldhyOv.exe
  C:\Windows\System\LldhyOv.exe
  2⤵
  PID:6272
- C:\Windows\System\wJafxfE.exe
  C:\Windows\System\wJafxfE.exe
  2⤵
  PID:6368
- C:\Windows\System\EzadSvK.exe
  C:\Windows\System\EzadSvK.exe
  2⤵
  PID:6392
- C:\Windows\System\tCwaMKK.exe
  C:\Windows\System\tCwaMKK.exe
  2⤵
  PID:6440
- C:\Windows\System\dBXCcsr.exe
  C:\Windows\System\dBXCcsr.exe
  2⤵
  PID:6572
- C:\Windows\System\pCEzOga.exe
  C:\Windows\System\pCEzOga.exe
  2⤵
  PID:6468
- C:\Windows\System\hclthgk.exe
  C:\Windows\System\hclthgk.exe
  2⤵
  PID:1752
- C:\Windows\System\WWGlcVz.exe
  C:\Windows\System\WWGlcVz.exe
  2⤵
  PID:6612
- C:\Windows\System\tGiJGVD.exe
  C:\Windows\System\tGiJGVD.exe
  2⤵
  PID:6656
- C:\Windows\System\DmoIHOr.exe
  C:\Windows\System\DmoIHOr.exe
  2⤵
  PID:6752
- C:\Windows\System\FiGQQPb.exe
  C:\Windows\System\FiGQQPb.exe
  2⤵
  PID:6868
- C:\Windows\System\NbeaxEQ.exe
  C:\Windows\System\NbeaxEQ.exe
  2⤵
  PID:7052
- C:\Windows\System\DSbLgYW.exe
  C:\Windows\System\DSbLgYW.exe
  2⤵
  PID:7128
- C:\Windows\System\GiyKtOm.exe
  C:\Windows\System\GiyKtOm.exe
  2⤵
  PID:7144
- C:\Windows\System\hoixlpa.exe
  C:\Windows\System\hoixlpa.exe
  2⤵
  PID:5480
- C:\Windows\System\EtiCDiw.exe
  C:\Windows\System\EtiCDiw.exe
  2⤵
  PID:4536
- C:\Windows\System\XJjZNvg.exe
  C:\Windows\System\XJjZNvg.exe
  2⤵
  PID:3572
- C:\Windows\System\QGPiBUe.exe
  C:\Windows\System\QGPiBUe.exe
  2⤵
  PID:5828
- C:\Windows\System\PeeXnUg.exe
  C:\Windows\System\PeeXnUg.exe
  2⤵
  PID:6444
- C:\Windows\System\yJmJKwn.exe
  C:\Windows\System\yJmJKwn.exe
  2⤵
  PID:3976
- C:\Windows\System\JqEHppO.exe
  C:\Windows\System\JqEHppO.exe
  2⤵
  PID:6236
- C:\Windows\System\eftRnYO.exe
  C:\Windows\System\eftRnYO.exe
  2⤵
  PID:6396
- C:\Windows\System\bZcshDa.exe
  C:\Windows\System\bZcshDa.exe
  2⤵
  PID:6652
- C:\Windows\System\HjZXdzm.exe
  C:\Windows\System\HjZXdzm.exe
  2⤵
  PID:1720
- C:\Windows\System\GAfgdgR.exe
  C:\Windows\System\GAfgdgR.exe
  2⤵
  PID:3432
- C:\Windows\System\vzsDkbe.exe
  C:\Windows\System\vzsDkbe.exe
  2⤵
  PID:6608
- C:\Windows\System\iZiUnwb.exe
  C:\Windows\System\iZiUnwb.exe
  2⤵
  PID:1216
- C:\Windows\System\lZbsuHY.exe
  C:\Windows\System\lZbsuHY.exe
  2⤵
  PID:3836
- C:\Windows\System\woIUQhJ.exe
  C:\Windows\System\woIUQhJ.exe
  2⤵
  PID:7012
- C:\Windows\System\DGwQtZC.exe
  C:\Windows\System\DGwQtZC.exe
  2⤵
  PID:7076
- C:\Windows\System\JuUXEgH.exe
  C:\Windows\System\JuUXEgH.exe
  2⤵
  PID:6680
- C:\Windows\System\GruNJio.exe
  C:\Windows\System\GruNJio.exe
  2⤵
  PID:6764
- C:\Windows\System\nOabdSk.exe
  C:\Windows\System\nOabdSk.exe
  2⤵
  PID:7248
- C:\Windows\System\nCduvNV.exe
  C:\Windows\System\nCduvNV.exe
  2⤵
  PID:7268
- C:\Windows\System\BbLUyIB.exe
  C:\Windows\System\BbLUyIB.exe
  2⤵
  PID:7284
- C:\Windows\System\CVRwAeS.exe
  C:\Windows\System\CVRwAeS.exe
  2⤵
  PID:7300
- C:\Windows\System\mCzbEYf.exe
  C:\Windows\System\mCzbEYf.exe
  2⤵
  PID:7320
- C:\Windows\System\bHELIIU.exe
  C:\Windows\System\bHELIIU.exe
  2⤵
  PID:7340
- C:\Windows\System\qnLiCDP.exe
  C:\Windows\System\qnLiCDP.exe
  2⤵
  PID:7368
- C:\Windows\System\PBpzXeO.exe
  C:\Windows\System\PBpzXeO.exe
  2⤵
  PID:7384
- C:\Windows\System\RYcEUgM.exe
  C:\Windows\System\RYcEUgM.exe
  2⤵
  PID:7420
- C:\Windows\System\MmYFsvD.exe
  C:\Windows\System\MmYFsvD.exe
  2⤵
  PID:7484
- C:\Windows\System\ZEZKRUA.exe
  C:\Windows\System\ZEZKRUA.exe
  2⤵
  PID:7500
- C:\Windows\System\KXUsvyJ.exe
  C:\Windows\System\KXUsvyJ.exe
  2⤵
  PID:7524
- C:\Windows\System\HYbvbpg.exe
  C:\Windows\System\HYbvbpg.exe
  2⤵
  PID:7540
- C:\Windows\System\hfZVisK.exe
  C:\Windows\System\hfZVisK.exe
  2⤵
  PID:7560
- C:\Windows\System\cwRWYAa.exe
  C:\Windows\System\cwRWYAa.exe
  2⤵
  PID:7576
- C:\Windows\System\FQkQube.exe
  C:\Windows\System\FQkQube.exe
  2⤵
  PID:7592
- C:\Windows\System\GbyPcPN.exe
  C:\Windows\System\GbyPcPN.exe
  2⤵
  PID:7608
- C:\Windows\System\lNsASMM.exe
  C:\Windows\System\lNsASMM.exe
  2⤵
  PID:7628
- C:\Windows\System\rAnXmar.exe
  C:\Windows\System\rAnXmar.exe
  2⤵
  PID:7644
- C:\Windows\System\StrspIZ.exe
  C:\Windows\System\StrspIZ.exe
  2⤵
  PID:7748
- C:\Windows\System\IcegnTe.exe
  C:\Windows\System\IcegnTe.exe
  2⤵
  PID:7764
- C:\Windows\System\tqjipKd.exe
  C:\Windows\System\tqjipKd.exe
  2⤵
  PID:7800
- C:\Windows\System\rbRCSMV.exe
  C:\Windows\System\rbRCSMV.exe
  2⤵
  PID:7872
- C:\Windows\System\AkTnIpK.exe
  C:\Windows\System\AkTnIpK.exe
  2⤵
  PID:7888
- C:\Windows\System\YbZKMWb.exe
  C:\Windows\System\YbZKMWb.exe
  2⤵
  PID:7904
- C:\Windows\System\IgPnFFf.exe
  C:\Windows\System\IgPnFFf.exe
  2⤵
  PID:8008
- C:\Windows\System\BsmDECw.exe
  C:\Windows\System\BsmDECw.exe
  2⤵
  PID:8096
- C:\Windows\System\UYoUdfd.exe
  C:\Windows\System\UYoUdfd.exe
  2⤵
  PID:8136
- C:\Windows\System\qVSgpFR.exe
  C:\Windows\System\qVSgpFR.exe
  2⤵
  PID:8152
- C:\Windows\System\SufUNRB.exe
  C:\Windows\System\SufUNRB.exe
  2⤵
  PID:5444
- C:\Windows\System\CNJVpGP.exe
  C:\Windows\System\CNJVpGP.exe
  2⤵
  PID:6492
- C:\Windows\System\MgpgRMe.exe
  C:\Windows\System\MgpgRMe.exe
  2⤵
  PID:4876
- C:\Windows\System\hkZvCWz.exe
  C:\Windows\System\hkZvCWz.exe
  2⤵
  PID:6768
- C:\Windows\System\xpyeIlN.exe
  C:\Windows\System\xpyeIlN.exe
  2⤵
  PID:6944
- C:\Windows\System\RgeHKmM.exe
  C:\Windows\System\RgeHKmM.exe
  2⤵
  PID:1044
- C:\Windows\System\TlsfTJF.exe
  C:\Windows\System\TlsfTJF.exe
  2⤵
  PID:3040
- C:\Windows\System\SBFFbix.exe
  C:\Windows\System\SBFFbix.exe
  2⤵
  PID:7256
- C:\Windows\System\chFawsw.exe
  C:\Windows\System\chFawsw.exe
  2⤵
  PID:7348
- C:\Windows\System\CxvdSAf.exe
  C:\Windows\System\CxvdSAf.exe
  2⤵
  PID:4584
- C:\Windows\System\iXyZUDW.exe
  C:\Windows\System\iXyZUDW.exe
  2⤵
  PID:7536
- C:\Windows\System\PuzJMly.exe
  C:\Windows\System\PuzJMly.exe
  2⤵
  PID:7572
- C:\Windows\System\aWApVnb.exe
  C:\Windows\System\aWApVnb.exe
  2⤵
  PID:7616
- C:\Windows\System\tGoaPAl.exe
  C:\Windows\System\tGoaPAl.exe
  2⤵
  PID:7700
- C:\Windows\System\NfsFHbb.exe
  C:\Windows\System\NfsFHbb.exe
  2⤵
  PID:3916
- C:\Windows\System\mblDRHj.exe
  C:\Windows\System\mblDRHj.exe
  2⤵
  PID:7724
- C:\Windows\System\YniYOrG.exe
  C:\Windows\System\YniYOrG.exe
  2⤵
  PID:7676
- C:\Windows\System\fovLsbm.exe
  C:\Windows\System\fovLsbm.exe
  2⤵
  PID:7880
- C:\Windows\System\XdPdmrh.exe
  C:\Windows\System\XdPdmrh.exe
  2⤵
  PID:7972
- C:\Windows\System\ekkNDQp.exe
  C:\Windows\System\ekkNDQp.exe
  2⤵
  PID:8084
- C:\Windows\System\Ealnlgf.exe
  C:\Windows\System\Ealnlgf.exe
  2⤵
  PID:8004
- C:\Windows\System\teNVQHq.exe
  C:\Windows\System\teNVQHq.exe
  2⤵
  PID:8116
- C:\Windows\System\qBcVNyz.exe
  C:\Windows\System\qBcVNyz.exe
  2⤵
  PID:8160
- C:\Windows\System\RwUHCxm.exe
  C:\Windows\System\RwUHCxm.exe
  2⤵
  PID:8172
- C:\Windows\System\JwRIcNE.exe
  C:\Windows\System\JwRIcNE.exe
  2⤵
  PID:4428
- C:\Windows\System\MLObDtt.exe
  C:\Windows\System\MLObDtt.exe
  2⤵
  PID:2152
- C:\Windows\System\MpFqnGN.exe
  C:\Windows\System\MpFqnGN.exe
  2⤵
  PID:7196
- C:\Windows\System\pTYVfpo.exe
  C:\Windows\System\pTYVfpo.exe
  2⤵
  PID:7408
- C:\Windows\System\DEUUIYq.exe
  C:\Windows\System\DEUUIYq.exe
  2⤵
  PID:7452
- C:\Windows\System\flEcAzj.exe
  C:\Windows\System\flEcAzj.exe
  2⤵
  PID:7920
- C:\Windows\System\rxFZisb.exe
  C:\Windows\System\rxFZisb.exe
  2⤵
  PID:7952
- C:\Windows\System\AKbvvAd.exe
  C:\Windows\System\AKbvvAd.exe
  2⤵
  PID:7844
- C:\Windows\System\mSHTvvd.exe
  C:\Windows\System\mSHTvvd.exe
  2⤵
  PID:6340
- C:\Windows\System\oHeEJdR.exe
  C:\Windows\System\oHeEJdR.exe
  2⤵
  PID:8124
- C:\Windows\System\FIqyNzt.exe
  C:\Windows\System\FIqyNzt.exe
  2⤵
  PID:5712
- C:\Windows\System\Zeermcw.exe
  C:\Windows\System\Zeermcw.exe
  2⤵
  PID:7412
- C:\Windows\System\ZgJXZDj.exe
  C:\Windows\System\ZgJXZDj.exe
  2⤵
  PID:5528
- C:\Windows\System\RrDSaUd.exe
  C:\Windows\System\RrDSaUd.exe
  2⤵
  PID:7668
- C:\Windows\System\jwSGPZC.exe
  C:\Windows\System\jwSGPZC.exe
  2⤵
  PID:7740
- C:\Windows\System\dQaRlSG.exe
  C:\Windows\System\dQaRlSG.exe
  2⤵
  PID:8196
- C:\Windows\System\TQHQbjL.exe
  C:\Windows\System\TQHQbjL.exe
  2⤵
  PID:8216
- C:\Windows\System\xjKyauD.exe
  C:\Windows\System\xjKyauD.exe
  2⤵
  PID:8292
- C:\Windows\System\zfoXESU.exe
  C:\Windows\System\zfoXESU.exe
  2⤵
  PID:8312
- C:\Windows\System\yUzcNAN.exe
  C:\Windows\System\yUzcNAN.exe
  2⤵
  PID:8328
- C:\Windows\System\jGCTHWK.exe
  C:\Windows\System\jGCTHWK.exe
  2⤵
  PID:8376
- C:\Windows\System\CmOmqgb.exe
  C:\Windows\System\CmOmqgb.exe
  2⤵
  PID:8400
- C:\Windows\System\WlxlGTA.exe
  C:\Windows\System\WlxlGTA.exe
  2⤵
  PID:8452
- C:\Windows\System\fVYYSyT.exe
  C:\Windows\System\fVYYSyT.exe
  2⤵
  PID:8468
- C:\Windows\System\vgmnfug.exe
  C:\Windows\System\vgmnfug.exe
  2⤵
  PID:8488
- C:\Windows\System\mItpQMK.exe
  C:\Windows\System\mItpQMK.exe
  2⤵
  PID:8504
- C:\Windows\System\OvhFYAh.exe
  C:\Windows\System\OvhFYAh.exe
  2⤵
  PID:8544
- C:\Windows\System\OsudkHu.exe
  C:\Windows\System\OsudkHu.exe
  2⤵
  PID:8584
- C:\Windows\System\rofwZIy.exe
  C:\Windows\System\rofwZIy.exe
  2⤵
  PID:8600
- C:\Windows\System\sLrKcTL.exe
  C:\Windows\System\sLrKcTL.exe
  2⤵
  PID:8620
- C:\Windows\System\hFZQvGL.exe
  C:\Windows\System\hFZQvGL.exe
  2⤵
  PID:8640
- C:\Windows\System\WtCXjmr.exe
  C:\Windows\System\WtCXjmr.exe
  2⤵
  PID:8680
- C:\Windows\System\RtWHghT.exe
  C:\Windows\System\RtWHghT.exe
  2⤵
  PID:8700
- C:\Windows\System\xXHAOaS.exe
  C:\Windows\System\xXHAOaS.exe
  2⤵
  PID:8720
- C:\Windows\System\kyOfHNl.exe
  C:\Windows\System\kyOfHNl.exe
  2⤵
  PID:8736
- C:\Windows\System\ylTUWwA.exe
  C:\Windows\System\ylTUWwA.exe
  2⤵
  PID:8752
- C:\Windows\System\oudNmXn.exe
  C:\Windows\System\oudNmXn.exe
  2⤵
  PID:8768
- C:\Windows\System\biwJDLA.exe
  C:\Windows\System\biwJDLA.exe
  2⤵
  PID:8792
- C:\Windows\System\ihezrjp.exe
  C:\Windows\System\ihezrjp.exe
  2⤵
  PID:8808
- C:\Windows\System\GsHxJmJ.exe
  C:\Windows\System\GsHxJmJ.exe
  2⤵
  PID:8884
- C:\Windows\System\nyrLDoj.exe
  C:\Windows\System\nyrLDoj.exe
  2⤵
  PID:8904
- C:\Windows\System\VDFMvVo.exe
  C:\Windows\System\VDFMvVo.exe
  2⤵
  PID:8920
- C:\Windows\System\McRgwUo.exe
  C:\Windows\System\McRgwUo.exe
  2⤵
  PID:8940
- C:\Windows\System\omUZuyz.exe
  C:\Windows\System\omUZuyz.exe
  2⤵
  PID:8960
- C:\Windows\System\tiuGCCR.exe
  C:\Windows\System\tiuGCCR.exe
  2⤵
  PID:8980
- C:\Windows\System\koXRSeG.exe
  C:\Windows\System\koXRSeG.exe
  2⤵
  PID:9000
- C:\Windows\System\iwLgyFX.exe
  C:\Windows\System\iwLgyFX.exe
  2⤵
  PID:9096
- C:\Windows\System\PShjPEy.exe
  C:\Windows\System\PShjPEy.exe
  2⤵
  PID:9116
- C:\Windows\System\BksRlxz.exe
  C:\Windows\System\BksRlxz.exe
  2⤵
  PID:9132
- C:\Windows\System\erijdGF.exe
  C:\Windows\System\erijdGF.exe
  2⤵
  PID:9148
- C:\Windows\System\NxranNf.exe
  C:\Windows\System\NxranNf.exe
  2⤵
  PID:9164
- C:\Windows\System\rBnpVJt.exe
  C:\Windows\System\rBnpVJt.exe
  2⤵
  PID:9184
- C:\Windows\System\EvgcmHF.exe
  C:\Windows\System\EvgcmHF.exe
  2⤵
  PID:9200
- C:\Windows\System\DZIUuOA.exe
  C:\Windows\System\DZIUuOA.exe
  2⤵
  PID:7600
- C:\Windows\System\GbVEtPO.exe
  C:\Windows\System\GbVEtPO.exe
  2⤵
  PID:4792
- C:\Windows\System\pRohYuh.exe
  C:\Windows\System\pRohYuh.exe
  2⤵
  PID:8280
- C:\Windows\System\MDsOzZC.exe
  C:\Windows\System\MDsOzZC.exe
  2⤵
  PID:8324
- C:\Windows\System\lFOndza.exe
  C:\Windows\System\lFOndza.exe
  2⤵
  PID:8372
- C:\Windows\System\FPkJUgC.exe
  C:\Windows\System\FPkJUgC.exe
  2⤵
  PID:8440
- C:\Windows\System\bWIZhPD.exe
  C:\Windows\System\bWIZhPD.exe
  2⤵
  PID:8560
- C:\Windows\System\QLEdmEW.exe
  C:\Windows\System\QLEdmEW.exe
  2⤵
  PID:8632
- C:\Windows\System\EVaoJgt.exe
  C:\Windows\System\EVaoJgt.exe
  2⤵
  PID:8788
- C:\Windows\System\AUsdiRs.exe
  C:\Windows\System\AUsdiRs.exe
  2⤵
  PID:8896
- C:\Windows\System\LvIGZfU.exe
  C:\Windows\System\LvIGZfU.exe
  2⤵
  PID:8932
- C:\Windows\System\JYCLpmu.exe
  C:\Windows\System\JYCLpmu.exe
  2⤵
  PID:8892
- C:\Windows\System\QNEUnuP.exe
  C:\Windows\System\QNEUnuP.exe
  2⤵
  PID:9088
- C:\Windows\System\FkGTfPM.exe
  C:\Windows\System\FkGTfPM.exe
  2⤵
  PID:9140
- C:\Windows\System\adIiJTs.exe
  C:\Windows\System\adIiJTs.exe
  2⤵
  PID:7512
- C:\Windows\System\XyQrKjh.exe
  C:\Windows\System\XyQrKjh.exe
  2⤵
  PID:9108
- C:\Windows\System\aDdgRLn.exe
  C:\Windows\System\aDdgRLn.exe
  2⤵
  PID:9172
- C:\Windows\System\aYCmBeA.exe
  C:\Windows\System\aYCmBeA.exe
  2⤵
  PID:9208
- C:\Windows\System\ciSVbGR.exe
  C:\Windows\System\ciSVbGR.exe
  2⤵
  PID:8260
- C:\Windows\System\adpZwXK.exe
  C:\Windows\System\adpZwXK.exe
  2⤵
  PID:8028
- C:\Windows\System\TddcnJV.exe
  C:\Windows\System\TddcnJV.exe
  2⤵
  PID:8520
- C:\Windows\System\jaKBfXV.exe
  C:\Windows\System\jaKBfXV.exe
  2⤵
  PID:8616
- C:\Windows\System\heAvcTJ.exe
  C:\Windows\System\heAvcTJ.exe
  2⤵
  PID:8672
- C:\Windows\System\bTdLJjo.exe
  C:\Windows\System\bTdLJjo.exe
  2⤵
  PID:8764
- C:\Windows\System\OOqAaMC.exe
  C:\Windows\System\OOqAaMC.exe
  2⤵
  PID:8992
- C:\Windows\System\tyuvZRQ.exe
  C:\Windows\System\tyuvZRQ.exe
  2⤵
  PID:8364
- C:\Windows\System\ofSStjM.exe
  C:\Windows\System\ofSStjM.exe
  2⤵
  PID:8420
- C:\Windows\System\tEKtiHS.exe
  C:\Windows\System\tEKtiHS.exe
  2⤵
  PID:8532
- C:\Windows\System\fztXoIe.exe
  C:\Windows\System\fztXoIe.exe
  2⤵
  PID:9124
- C:\Windows\System\aBzODBB.exe
  C:\Windows\System\aBzODBB.exe
  2⤵
  PID:9080
- C:\Windows\System\FnIcqpj.exe
  C:\Windows\System\FnIcqpj.exe
  2⤵
  PID:9220
- C:\Windows\System\ublEgMY.exe
  C:\Windows\System\ublEgMY.exe
  2⤵
  PID:9240
- C:\Windows\System\ASqbDJe.exe
  C:\Windows\System\ASqbDJe.exe
  2⤵
  PID:9324
- C:\Windows\System\tiJWGFT.exe
  C:\Windows\System\tiJWGFT.exe
  2⤵
  PID:9352
- C:\Windows\System\uMSnaCF.exe
  C:\Windows\System\uMSnaCF.exe
  2⤵
  PID:9416
- C:\Windows\System\RfxhLUL.exe
  C:\Windows\System\RfxhLUL.exe
  2⤵
  PID:9440
- C:\Windows\System\wyWPGGd.exe
  C:\Windows\System\wyWPGGd.exe
  2⤵
  PID:9456
- C:\Windows\System\ikbpYQr.exe
  C:\Windows\System\ikbpYQr.exe
  2⤵
  PID:9472
- C:\Windows\System\fXNzHAU.exe
  C:\Windows\System\fXNzHAU.exe
  2⤵
  PID:9492
- C:\Windows\System\NPWytQz.exe
  C:\Windows\System\NPWytQz.exe
  2⤵
  PID:9556
- C:\Windows\System\RGyJUwk.exe
  C:\Windows\System\RGyJUwk.exe
  2⤵
  PID:9584
- C:\Windows\System\lwLlIKn.exe
  C:\Windows\System\lwLlIKn.exe
  2⤵
  PID:9604
- C:\Windows\System\eqvIVIz.exe
  C:\Windows\System\eqvIVIz.exe
  2⤵
  PID:9648
- C:\Windows\System\ZPLEfFF.exe
  C:\Windows\System\ZPLEfFF.exe
  2⤵
  PID:9668
- C:\Windows\System\AISXAnM.exe
  C:\Windows\System\AISXAnM.exe
  2⤵
  PID:9688
- C:\Windows\System\RyKdDcW.exe
  C:\Windows\System\RyKdDcW.exe
  2⤵
  PID:9704
- C:\Windows\System\ljjlgaq.exe
  C:\Windows\System\ljjlgaq.exe
  2⤵
  PID:9724
- C:\Windows\System\TcYdopx.exe
  C:\Windows\System\TcYdopx.exe
  2⤵
  PID:9744
- C:\Windows\System\PewvKOB.exe
  C:\Windows\System\PewvKOB.exe
  2⤵
  PID:9800
- C:\Windows\System\KePuoHC.exe
  C:\Windows\System\KePuoHC.exe
  2⤵
  PID:9820
- C:\Windows\System\eAxjmRo.exe
  C:\Windows\System\eAxjmRo.exe
  2⤵
  PID:9856
- C:\Windows\System\zATikMe.exe
  C:\Windows\System\zATikMe.exe
  2⤵
  PID:9900
- C:\Windows\System\EuKpyfj.exe
  C:\Windows\System\EuKpyfj.exe
  2⤵
  PID:9920
- C:\Windows\System\kUeSETt.exe
  C:\Windows\System\kUeSETt.exe
  2⤵
  PID:9936
- C:\Windows\System\Bnybdvc.exe
  C:\Windows\System\Bnybdvc.exe
  2⤵
  PID:9956
- C:\Windows\System\osidoOf.exe
  C:\Windows\System\osidoOf.exe
  2⤵
  PID:9972
- C:\Windows\System\kTEfGCR.exe
  C:\Windows\System\kTEfGCR.exe
  2⤵
  PID:9992
- C:\Windows\System\LSoWoCP.exe
  C:\Windows\System\LSoWoCP.exe
  2⤵
  PID:10048
- C:\Windows\System\QQBDWUd.exe
  C:\Windows\System\QQBDWUd.exe
  2⤵
  PID:10068
- C:\Windows\System\TBWBWYL.exe
  C:\Windows\System\TBWBWYL.exe
  2⤵
  PID:10084
- C:\Windows\System\GXCgKIi.exe
  C:\Windows\System\GXCgKIi.exe
  2⤵
  PID:10100
- C:\Windows\System\oAhayug.exe
  C:\Windows\System\oAhayug.exe
  2⤵
  PID:10160
- C:\Windows\System\BsadtrZ.exe
  C:\Windows\System\BsadtrZ.exe
  2⤵
  PID:10176
- C:\Windows\System\vwpSXDu.exe
  C:\Windows\System\vwpSXDu.exe
  2⤵
  PID:10196
- C:\Windows\System\CbDeBpQ.exe
  C:\Windows\System\CbDeBpQ.exe
  2⤵
  PID:9104
- C:\Windows\System\aJsrGHy.exe
  C:\Windows\System\aJsrGHy.exe
  2⤵
  PID:9396
- C:\Windows\System\wpMRJPX.exe
  C:\Windows\System\wpMRJPX.exe
  2⤵
  PID:9408
- C:\Windows\System\iapkcwv.exe
  C:\Windows\System\iapkcwv.exe
  2⤵
  PID:9452
- C:\Windows\System\TDhdcPI.exe
  C:\Windows\System\TDhdcPI.exe
  2⤵
  PID:9504
- C:\Windows\System\niCUOAs.exe
  C:\Windows\System\niCUOAs.exe
  2⤵
  PID:9528
- C:\Windows\System\pHeRSTp.exe
  C:\Windows\System\pHeRSTp.exe
  2⤵
  PID:9696
- C:\Windows\System\DZcPmfk.exe
  C:\Windows\System\DZcPmfk.exe
  2⤵
  PID:9760
- C:\Windows\System\AGbndOI.exe
  C:\Windows\System\AGbndOI.exe
  2⤵
  PID:9736
- C:\Windows\System\XLGKEJm.exe
  C:\Windows\System\XLGKEJm.exe
  2⤵
  PID:9808
- C:\Windows\System\WzFWqkR.exe
  C:\Windows\System\WzFWqkR.exe
  2⤵
  PID:9944
- C:\Windows\System\HIHGido.exe
  C:\Windows\System\HIHGido.exe
  2⤵
  PID:9912
- C:\Windows\System\AlHPADj.exe
  C:\Windows\System\AlHPADj.exe
  2⤵
  PID:10060
- C:\Windows\System\NgsWYHw.exe
  C:\Windows\System\NgsWYHw.exe
  2⤵
  PID:10092
- C:\Windows\System\cKSkGqo.exe
  C:\Windows\System\cKSkGqo.exe
  2⤵
  PID:10208
- C:\Windows\System\iFhAhKC.exe
  C:\Windows\System\iFhAhKC.exe
  2⤵
  PID:10228
- C:\Windows\System\GxxZmpQ.exe
  C:\Windows\System\GxxZmpQ.exe
  2⤵
  PID:10188
- C:\Windows\System\afabwFd.exe
  C:\Windows\System\afabwFd.exe
  2⤵
  PID:9432
- C:\Windows\System\oGCpdXD.exe
  C:\Windows\System\oGCpdXD.exe
  2⤵
  PID:9548
- C:\Windows\System\MfhpGvT.exe
  C:\Windows\System\MfhpGvT.exe
  2⤵
  PID:9928
- C:\Windows\System\aZUevpz.exe
  C:\Windows\System\aZUevpz.exe
  2⤵
  PID:9720
- C:\Windows\System\hhPaelw.exe
  C:\Windows\System\hhPaelw.exe
  2⤵
  PID:9932
- C:\Windows\System\fNRzNPi.exe
  C:\Windows\System\fNRzNPi.exe
  2⤵
  PID:10056
- C:\Windows\System\kMqITnM.exe
  C:\Windows\System\kMqITnM.exe
  2⤵
  PID:9964
- C:\Windows\System\pZoCtxT.exe
  C:\Windows\System\pZoCtxT.exe
  2⤵
  PID:8872
- C:\Windows\System\EDwEkzx.exe
  C:\Windows\System\EDwEkzx.exe
  2⤵
  PID:9424
- C:\Windows\System\moiVujl.exe
  C:\Windows\System\moiVujl.exe
  2⤵
  PID:9656
- C:\Windows\System\gbbTcca.exe
  C:\Windows\System\gbbTcca.exe
  2⤵
  PID:10248
- C:\Windows\System\ZNVazxg.exe
  C:\Windows\System\ZNVazxg.exe
  2⤵
  PID:10268
- C:\Windows\System\pRrmErg.exe
  C:\Windows\System\pRrmErg.exe
  2⤵
  PID:10284
- C:\Windows\System\StwRect.exe
  C:\Windows\System\StwRect.exe
  2⤵
  PID:10340
- C:\Windows\System\giUeroY.exe
  C:\Windows\System\giUeroY.exe
  2⤵
  PID:10360
- C:\Windows\System\wSUXMmf.exe
  C:\Windows\System\wSUXMmf.exe
  2⤵
  PID:10376
- C:\Windows\System\dysjFBH.exe
  C:\Windows\System\dysjFBH.exe
  2⤵
  PID:10396
- C:\Windows\System\kAoYDxu.exe
  C:\Windows\System\kAoYDxu.exe
  2⤵
  PID:10412
- C:\Windows\System\GOzrogK.exe
  C:\Windows\System\GOzrogK.exe
  2⤵
  PID:10432
- C:\Windows\System\WBbiWni.exe
  C:\Windows\System\WBbiWni.exe
  2⤵
  PID:10448
- C:\Windows\System\pddaWsr.exe
  C:\Windows\System\pddaWsr.exe
  2⤵
  PID:10464
- C:\Windows\System\iarxSKC.exe
  C:\Windows\System\iarxSKC.exe
  2⤵
  PID:10544
- C:\Windows\System\SwKaruy.exe
  C:\Windows\System\SwKaruy.exe
  2⤵
  PID:10568
- C:\Windows\System\ZDMAQPR.exe
  C:\Windows\System\ZDMAQPR.exe
  2⤵
  PID:10596
- C:\Windows\System\DGjxZPn.exe
  C:\Windows\System\DGjxZPn.exe
  2⤵
  PID:10640
- C:\Windows\System\ahkTAxJ.exe
  C:\Windows\System\ahkTAxJ.exe
  2⤵
  PID:10684
- C:\Windows\System\MTitGKg.exe
  C:\Windows\System\MTitGKg.exe
  2⤵
  PID:10724
- C:\Windows\System\JmJVoza.exe
  C:\Windows\System\JmJVoza.exe
  2⤵
  PID:10740
- C:\Windows\System\JHClleK.exe
  C:\Windows\System\JHClleK.exe
  2⤵
  PID:10760
- C:\Windows\System\WQXCpCk.exe
  C:\Windows\System\WQXCpCk.exe
  2⤵
  PID:10780
- C:\Windows\System\OQonAhi.exe
  C:\Windows\System\OQonAhi.exe
  2⤵
  PID:10796
- C:\Windows\System\cqvtluu.exe
  C:\Windows\System\cqvtluu.exe
  2⤵
  PID:10860
- C:\Windows\System\DeSZBZT.exe
  C:\Windows\System\DeSZBZT.exe
  2⤵
  PID:10904
- C:\Windows\System\GxTEJMt.exe
  C:\Windows\System\GxTEJMt.exe
  2⤵
  PID:10924
- C:\Windows\System\MucpxNd.exe
  C:\Windows\System\MucpxNd.exe
  2⤵
  PID:10940
- C:\Windows\System\SWHQLAB.exe
  C:\Windows\System\SWHQLAB.exe
  2⤵
  PID:10960
- C:\Windows\System\kaHfXhJ.exe
  C:\Windows\System\kaHfXhJ.exe
  2⤵
  PID:10976
- C:\Windows\System\nPfRwuS.exe
  C:\Windows\System\nPfRwuS.exe
  2⤵
  PID:10996
- C:\Windows\System\HrspJNA.exe
  C:\Windows\System\HrspJNA.exe
  2⤵
  PID:11012
- C:\Windows\System\ytbBRkZ.exe
  C:\Windows\System\ytbBRkZ.exe
  2⤵
  PID:11064
- C:\Windows\System\BTPzjwn.exe
  C:\Windows\System\BTPzjwn.exe
  2⤵
  PID:11080
- C:\Windows\System\MfdJiYL.exe
  C:\Windows\System\MfdJiYL.exe
  2⤵
  PID:11100
- C:\Windows\System\LOiEOzD.exe
  C:\Windows\System\LOiEOzD.exe
  2⤵
  PID:11116
- C:\Windows\System\CzOeoFJ.exe
  C:\Windows\System\CzOeoFJ.exe
  2⤵
  PID:11136
- C:\Windows\System\vAvDEZW.exe
  C:\Windows\System\vAvDEZW.exe
  2⤵
  PID:11156
- C:\Windows\System\UNzChuu.exe
  C:\Windows\System\UNzChuu.exe
  2⤵
  PID:11208
- C:\Windows\System\FHLmvxG.exe
  C:\Windows\System\FHLmvxG.exe
  2⤵
  PID:11228
- C:\Windows\System\aohlTpN.exe
  C:\Windows\System\aohlTpN.exe
  2⤵
  PID:9488
- C:\Windows\System\bvFubRK.exe
  C:\Windows\System\bvFubRK.exe
  2⤵
  PID:10260
- C:\Windows\System\qtNAYXv.exe
  C:\Windows\System\qtNAYXv.exe
  2⤵
  PID:10244
- C:\Windows\System\pwwKggI.exe
  C:\Windows\System\pwwKggI.exe
  2⤵
  PID:10372
- C:\Windows\System\gOZKQSs.exe
  C:\Windows\System\gOZKQSs.exe
  2⤵
  PID:10504
- C:\Windows\System\xmhkLvq.exe
  C:\Windows\System\xmhkLvq.exe
  2⤵
  PID:10444
- C:\Windows\System\cjfqLIY.exe
  C:\Windows\System\cjfqLIY.exe
  2⤵
  PID:10536
- C:\Windows\System\KlxOqtQ.exe
  C:\Windows\System\KlxOqtQ.exe
  2⤵
  PID:10616
- C:\Windows\System\bbNaZio.exe
  C:\Windows\System\bbNaZio.exe
  2⤵
  PID:10628
- C:\Windows\System\sxQmJvQ.exe
  C:\Windows\System\sxQmJvQ.exe
  2⤵
  PID:4328
- C:\Windows\System\ccDUEJh.exe
  C:\Windows\System\ccDUEJh.exe
  2⤵
  PID:10776
- C:\Windows\System\SiSRGhU.exe
  C:\Windows\System\SiSRGhU.exe
  2⤵
  PID:10936
- C:\Windows\System\ERLfOmJ.exe
  C:\Windows\System\ERLfOmJ.exe
  2⤵
  PID:10968
- C:\Windows\System\MNzTHno.exe
  C:\Windows\System\MNzTHno.exe
  2⤵
  PID:11180
- C:\Windows\System\kPaJvCA.exe
  C:\Windows\System\kPaJvCA.exe
  2⤵
  PID:11240
- C:\Windows\System\NVLXJlq.exe
  C:\Windows\System\NVLXJlq.exe
  2⤵
  PID:10172
- C:\Windows\System\RqLlyvK.exe
  C:\Windows\System\RqLlyvK.exe
  2⤵
  PID:10192
- C:\Windows\System\FspEbea.exe
  C:\Windows\System\FspEbea.exe
  2⤵
  PID:9984
- C:\Windows\System\XYvDhXH.exe
  C:\Windows\System\XYvDhXH.exe
  2⤵
  PID:10256
- C:\Windows\System\kwIYDFU.exe
  C:\Windows\System\kwIYDFU.exe
  2⤵
  PID:10384
- C:\Windows\System\xhMitAh.exe
  C:\Windows\System\xhMitAh.exe
  2⤵
  PID:10480
- C:\Windows\System\SmpNfbB.exe
  C:\Windows\System\SmpNfbB.exe
  2⤵
  PID:10768
- C:\Windows\System\mrpjGUs.exe
  C:\Windows\System\mrpjGUs.exe
  2⤵
  PID:10656
- C:\Windows\System\FpEoKKC.exe
  C:\Windows\System\FpEoKKC.exe
  2⤵
  PID:10772
- C:\Windows\System\uPpYgsB.exe
  C:\Windows\System\uPpYgsB.exe
  2⤵
  PID:11168
- C:\Windows\System\OkBuCqQ.exe
  C:\Windows\System\OkBuCqQ.exe
  2⤵
  PID:11020
- C:\Windows\System\EpnypzM.exe
  C:\Windows\System\EpnypzM.exe
  2⤵
  PID:10660
- C:\Windows\System\pirMbyK.exe
  C:\Windows\System\pirMbyK.exe
  2⤵
  PID:10152
- C:\Windows\System\yACgYqk.exe
  C:\Windows\System\yACgYqk.exe
  2⤵
  PID:11272
- C:\Windows\System\sFgVSRe.exe
  C:\Windows\System\sFgVSRe.exe
  2⤵
  PID:11292
- C:\Windows\System\YeGNWTw.exe
  C:\Windows\System\YeGNWTw.exe
  2⤵
  PID:11360
- C:\Windows\System\ltYDHMP.exe
  C:\Windows\System\ltYDHMP.exe
  2⤵
  PID:11376
- C:\Windows\System\dJRXcpb.exe
  C:\Windows\System\dJRXcpb.exe
  2⤵
  PID:11392
- C:\Windows\System\PdlQLhQ.exe
  C:\Windows\System\PdlQLhQ.exe
  2⤵
  PID:11408
- C:\Windows\System\yhGMSHl.exe
  C:\Windows\System\yhGMSHl.exe
  2⤵
  PID:11456
- C:\Windows\System\sYoNjNm.exe
  C:\Windows\System\sYoNjNm.exe
  2⤵
  PID:11480
- C:\Windows\System\TsFEncS.exe
  C:\Windows\System\TsFEncS.exe
  2⤵
  PID:11532
- C:\Windows\System\NEEqdeh.exe
  C:\Windows\System\NEEqdeh.exe
  2⤵
  PID:11552
- C:\Windows\System\DTvTdaO.exe
  C:\Windows\System\DTvTdaO.exe
  2⤵
  PID:11572
- C:\Windows\System\TCLpLMw.exe
  C:\Windows\System\TCLpLMw.exe
  2⤵
  PID:11636
- C:\Windows\System\iLMDofU.exe
  C:\Windows\System\iLMDofU.exe
  2⤵
  PID:11688
- C:\Windows\System\DjVdulf.exe
  C:\Windows\System\DjVdulf.exe
  2⤵
  PID:11704
- C:\Windows\System\KleFNhm.exe
  C:\Windows\System\KleFNhm.exe
  2⤵
  PID:11724
- C:\Windows\System\kcNDMoz.exe
  C:\Windows\System\kcNDMoz.exe
  2⤵
  PID:11768
- C:\Windows\System\PyNZiqe.exe
  C:\Windows\System\PyNZiqe.exe
  2⤵
  PID:11788
- C:\Windows\System\sxjLZPp.exe
  C:\Windows\System\sxjLZPp.exe
  2⤵
  PID:11836
- C:\Windows\System\xLJUWPr.exe
  C:\Windows\System\xLJUWPr.exe
  2⤵
  PID:11856
- C:\Windows\System\ldIjOBJ.exe
  C:\Windows\System\ldIjOBJ.exe
  2⤵
  PID:11904
- C:\Windows\System\nUlMTzE.exe
  C:\Windows\System\nUlMTzE.exe
  2⤵
  PID:11920
- C:\Windows\System\PxfJykV.exe
  C:\Windows\System\PxfJykV.exe
  2⤵
  PID:11936
- C:\Windows\System\BfyXtuB.exe
  C:\Windows\System\BfyXtuB.exe
  2⤵
  PID:11960
- C:\Windows\System\KyRAyjZ.exe
  C:\Windows\System\KyRAyjZ.exe
  2⤵
  PID:12012
- C:\Windows\System\VTFBlkC.exe
  C:\Windows\System\VTFBlkC.exe
  2⤵
  PID:12028
- C:\Windows\System\fpNRGPX.exe
  C:\Windows\System\fpNRGPX.exe
  2⤵
  PID:12060
- C:\Windows\System\jjCgPOg.exe
  C:\Windows\System\jjCgPOg.exe
  2⤵
  PID:12080
- C:\Windows\System\qbOILcX.exe
  C:\Windows\System\qbOILcX.exe
  2⤵
  PID:12096
- C:\Windows\System\tiljADR.exe
  C:\Windows\System\tiljADR.exe
  2⤵
  PID:12112
- C:\Windows\System\NHWpMfc.exe
  C:\Windows\System\NHWpMfc.exe
  2⤵
  PID:12136
- C:\Windows\System\YvuJjHM.exe
  C:\Windows\System\YvuJjHM.exe
  2⤵
  PID:12168
- C:\Windows\System\ByNMqgc.exe
  C:\Windows\System\ByNMqgc.exe
  2⤵
  PID:12220
- C:\Windows\System\lYPfUdz.exe
  C:\Windows\System\lYPfUdz.exe
  2⤵
  PID:12236
- C:\Windows\System\upWbPgs.exe
  C:\Windows\System\upWbPgs.exe
  2⤵
  PID:12272
- C:\Windows\System\xGiOVuj.exe
  C:\Windows\System\xGiOVuj.exe
  2⤵
  PID:4176
- C:\Windows\System\yHZnEyk.exe
  C:\Windows\System\yHZnEyk.exe
  2⤵
  PID:8540
- C:\Windows\System\dpJzOXm.exe
  C:\Windows\System\dpJzOXm.exe
  2⤵
  PID:11400
- C:\Windows\System\xridvNv.exe
  C:\Windows\System\xridvNv.exe
  2⤵
  PID:11268
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 11268 -s 264
    3⤵
    PID:3160
- C:\Windows\System\wWysDrB.exe
  C:\Windows\System\wWysDrB.exe
  2⤵
  PID:11448
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 11448 -s 248
    3⤵
    PID:11736
- C:\Windows\System\aGrkbqG.exe
  C:\Windows\System\aGrkbqG.exe
  2⤵
  PID:11356
- C:\Windows\System\VjlcWsQ.exe
  C:\Windows\System\VjlcWsQ.exe
  2⤵
  PID:11440

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BYMells.exe

Filesize
1.0MB

MD5
5ba382847cbdd97cc418ec493b503b95

SHA1
23f857bece5d1018790a5df1377631739bca654b

SHA256
164fcba45638a69c56ae1b1bf7d420108c10a56298e06556da9753b3d415d208

SHA512
a47025bf6db9f0ac2dba4aad90993310d226f1a1c735e604de1954368c909cc57272931814429480d676c926d0a5a150217b53908b7f8aefb2a1fd0e264811e2

Download Submit
C:\Windows\System\BYMells.exe

Filesize
109KB

MD5
65c8959708fece3c2609c0a8b3a7d8f8

SHA1
997ecf18c2802a09c533bb047910e819e00ba92e

SHA256
b21a40856a2083e6d63e4a30025bc0b618184a66117bc25f68626d410246edbf

SHA512
2fbcb351cb7944ea4e124023900f4b50984b29280ad5f0d870f11d3491435d86f33e6df8cdd97ec507484fe59c74b1910075fa37d249b759ab042694ec1e3fab

Download Submit
C:\Windows\System\BoQuNfW.exe

Filesize
1.0MB

MD5
f732a6372b913b1f8f7f64ac7700579a

SHA1
7f1b31342b0d8ce1f43d4306ae9279db6596acef

SHA256
74754d52791c0acaae61288b6150fac7ee7b64c505dcc9297949743b274f6ca4

SHA512
0f8456746530487f09b1c37d72e6931b21d6ae76e7bb9cf8216e6ce76e6eda682fe42c3c5ce1ca7cf30c9813c38ace45adfbedbd08f9186ca149372c1bc35b8f

Download Submit
C:\Windows\System\KiqAMVI.exe

Filesize
1.0MB

MD5
102571baa1d805df11acb84ea88faded

SHA1
27d0bc02efb1b4cc995ee2e49e636de37a8738ff

SHA256
29721523b57d49b3c0f644dbe31148e4829035bb486ab2cc53a2412cc31cf6b7

SHA512
687bb6fc89bf8630913f099c19d64c32ffa524b18c0adf58a86877dbd92f7cc7973d3580bc56b7c73f9e59873f9fbc7991ef77a9b76055be29002bae20da7c2e

Download Submit
C:\Windows\System\KoDmgTA.exe

Filesize
1.0MB

MD5
e9d464670f39b43e0ee7e68e5335e56c

SHA1
e56dd7e78a13f3e45dd9696366d49a9a36e23b1c

SHA256
3cfad5795bbf75292389b7734ae52236cb316b839dfec2cf689722816f4239c1

SHA512
cb122e1f53627988d1014179c541a69827bbd810683dedb31685918230bcb87667900988c747fc142686f4096fe2a60f70401b617238f3aff54434c83e227d52

Download Submit
C:\Windows\System\NGskFqm.exe

Filesize
64KB

MD5
990857d2b61cee085cf72ce6c8c7e46a

SHA1
a136ecea2aaba10562bf1d8189d9c2777159d971

SHA256
8edfb8d06bf599bef40497a1cfe0da6d9256e3b8c9619315be56bd2761cb5511

SHA512
719bbf375652bffd6ae76238414df170479a8cbf7761efd15600ad91bbbc5fd228ed7522c7fba049cc3f7b460fd15326ccd67d752cd58b5f4b7705a4a3de6e6c

Download Submit
C:\Windows\System\NGskFqm.exe

Filesize
1.0MB

MD5
d4ff1fe025e26e11d1d6b9d3dbb87b65

SHA1
fc44e73682f32d69e945ead0711e1425dec43a65

SHA256
ac04dcfe6edb8a8b6df1006d2cf744d5468a98e19b58da92e1967cf0efc92da1

SHA512
7df2130c72fd7513f0e8b48e4757a185e641dbe0a12972557865f5686e82444e1ccb67ee12b3d7ebbb4bdc43b4beca1bdb44650766d66da9dc9f36f6612477e4

Download Submit
C:\Windows\System\OfopuvN.exe

Filesize
1.0MB

MD5
133668521ad9df3727130bfa27e3cfdb

SHA1
48191d385fbe02a6b657f93aa165777753ddf9ae

SHA256
ea3cd88c668d59860479c113d84765625d02b7adf78f22834267d1c75958d605

SHA512
74ae0e713249af146a6c1597039a03a75d9de66ac016e4041e1b02b25f383393f0ab2cce59dc6eab679ca11feb055b5f5be08d2c991f6f1d2ac9c2e40c0638fd

Download Submit
C:\Windows\System\UBSVIhP.exe

Filesize
1.0MB

MD5
6b96aaac23fa5f980ce79e1af5e5ee8e

SHA1
2959d53dcacc7afdcb2c1440b5ecdd2111d13332

SHA256
1ed9844edbc2efe2cad8831e7be5890b506a440587bbc9c79aa78b189d8e752e

SHA512
93559e69e1064b15f312f5aa71090ec458f28b38ebef31a23b44d5ab0805ac43eb540680d97712bc276ed9704b6ff2e4a7aa848834673adbf58976c2ad166ebd

Download Submit
C:\Windows\System\UBSVIhP.exe

Filesize
350KB

MD5
6339524bd117064fb6ddc63ee0296578

SHA1
ddb860ad6472f28d730214b2678fb18d84f08c18

SHA256
16f4e7c2e3123db18f953052fd7a234afe839c9893425a096405380db9cb07e7

SHA512
a8657e0846153c2d337735806b3925c49177bb4484ffe27d738d320690d702462ccaaa6d3a31ae1098baecaa2027362abb18941495cbd59f9913df3e571be949

Download Submit
C:\Windows\System\VnJLTlD.exe

Filesize
161KB

MD5
e21e903cb9f96ad16c7b067b06e4aed3

SHA1
5a00e39cb793b3d585966aafa016a472882b9d81

SHA256
2ab93b702b56f7d4e39b624e2e93b514dd33d8326355db447c6d6a24f6d7588d

SHA512
120c2b1be1dcdf25cfad2ffe05e34ce2748740bc40006ee324fc9508cf64dc52b283f2a922d6b4a5d26da56505f59fb2502ef5feec2924d072d5a9a6b3a9d74f

Download Submit
C:\Windows\System\VnJLTlD.exe

Filesize
297KB

MD5
98a20d1d35e7d07bd663b0cb6f7e9d3a

SHA1
7da4f677526ba74fd9a556a53ccabbaeb6426bba

SHA256
bd60ffa9916c61d7d977cdd355918c92ce9a9f7f744dc14cddc10f749771aaae

SHA512
75f5e46bf88f61142e96d1cccfcafd700df4e0667668b37462ad6d23f2f66e2f9f981ab6b735399549d6cf81ec959e1c2b87adc2dc1eed09d1a5af04d9e06370

Download Submit
C:\Windows\System\XatsGqJ.exe

Filesize
1.0MB

MD5
a079a3c54478067113647fbe38ab49e2

SHA1
6826ac5a91de65ad936af3df97505a4ebbc6b62b

SHA256
cdd05071a636f78ab29847dcccb7b0dbc0dbe9382ba60ed21c8c888823c96d91

SHA512
5452fb8bbd4101fc8c7679a06684340d64496b77a257918bfba822e11af0aaf1dd9362b74f72b7f4022ef15371d22184edbc1150c96ea32c3b373f2442111ac9

Download Submit
C:\Windows\System\aTKElsH.exe

Filesize
1.0MB

MD5
3384930e0df20c5743292832026277b3

SHA1
b29a38fad4e6f0f5694e21ca7a422e08ebe1826a

SHA256
7fef0b2ce00c3559b242aaec9437f2af371d8abc08ea90f43d7de87a276c1a13

SHA512
7d307a770471defdafeb5f7c7fe9a8d499f97b2a45d08a6e430eaa1aa1a28a496c239a037e462406fc7d045feecda632910470236007f874e9b25cde74c1967a

Download Submit
C:\Windows\System\cISPTMA.exe

Filesize
1.0MB

MD5
545a627b57ae5ce5fc839ab5ef8d9691

SHA1
3ae8bd0f4d8d6398dac22caea49dd71ccc9adce1

SHA256
9ffcdc769946405aee0b95a989f36889b5040ac72308435438642eafc5ef6167

SHA512
2efe1a885824e8caa4de05f38b1e487d479e26d805a2b965ddfc57796657e4217b92b96155f9384462f81976b0cb20f327fb3d72a9e4b64ff18e197315da2edb

Download Submit
C:\Windows\System\cWVpwAp.exe

Filesize
1.0MB

MD5
3250368aad50621978d6299af76ae95a

SHA1
2afe50c6e1030132749ff840205cbab8a9288eb3

SHA256
12580b99f85c62f33b34c4c7b1e702f8951598a6759ae8fc55ee0edde20bcea4

SHA512
cd527fe6e64d611639a4777a3192409f75f48c378bffd33f6cc33d80942aa791f7231647b5836d900d0ba37c81d7beaf286f6874a918592122975372f119262d

Download Submit
C:\Windows\System\ewHJCna.exe

Filesize
1.0MB

MD5
0fc8b73108c0e0263cd391ce69212545

SHA1
7db605910c2fe6995e595dc4d4500d4e4581cdb2

SHA256
55cefb1d4d3e5506f7a627c630845bcbc04e153257b0b32c2d14f493173ebbff

SHA512
bb9ec39262b7d1fa96c7f1667d6dbb9bc8afd07bf7d58a8a5c8332b707ffcfa1d0560a251d96489c8b814d5f29b14fe1e0815daf407ba10b054fe583e0f56ad6

Download Submit
C:\Windows\System\gxKPoyL.exe

Filesize
1.0MB

MD5
352f56bc103e0526ca677870ef2253eb

SHA1
e3ffc8501fc6b64ed2bb12936d51d1f3f353b98e

SHA256
b13077643fc3235a27361aeff4cda550eef20983b5a0f1451420cd63cee4863b

SHA512
4b1e1405bab930259668f63524d3e7517167a817073967f6c69f17d83fc11c5845a32350865b7e90f274eb8f8aa299dc23b740170ce3e3a97a13ce91b1cf843e

Download Submit
C:\Windows\System\jYPLxvP.exe

Filesize
1.0MB

MD5
a13ca5d9aa811b6c9eaf5dac9918a347

SHA1
6b139c31f329700075bac9c901b06bf99e20462e

SHA256
0e05585e24b0f87c8342a64e2b803e0355e0a7b8ece456344e876ea361e41d41

SHA512
7087e3f01082a3f2ffc30c90f0588a186ace5a3436593e377dc72544d7ead15891b8c5513d1ac6e5cd139a36d9b8fd14c4f2ab704ebf124722f4f1d6f65ae26f

Download Submit
C:\Windows\System\jYPLxvP.exe

Filesize
390KB

MD5
dc2fa9d42c85317061c57152138f4d33

SHA1
eeaa283194873bc0c6d295d6e055cf1b48c6ef4e

SHA256
84930d9e3d6da4a98eb878b03e1c8899dbd2c9aaf3bbdd6641f0bdc9f14945f8

SHA512
92eb5fb073494fee3c7e08501acfc8df402e75b0728698362ebe14061c952cadb7aea3a0903e5acbe443211874006410cc465fe09387c4b6f096e843f031379f

Download Submit
C:\Windows\System\kOGIcJe.exe

Filesize
1.0MB

MD5
7f03e1d19086011bbaa538640bcb40e2

SHA1
79929828b28eeef0cc4d19908284d698c152ca2a

SHA256
51c91fd9eae3f663492592455936d0b41b3980a2a1d1788025dcce604fbc45ed

SHA512
9617069092db8f50e11b8d5b4064032c2a83a2a38091b37adcf6edf16d7cb46d54b8c0fa6a7ddacda312a606379ae7b7544c72f85c7d330de96eccf676fa7ff8

Download Submit
C:\Windows\System\luOXBMx.exe

Filesize
1.0MB

MD5
9017186c6fe37f1d76ff147883f53188

SHA1
ca4f0bceb8adc3b75550229c30dc485e846b685e

SHA256
3e058c75b11ba5dcd0e8bce7344abd197f4ab5574690a9d218a1859067b26257

SHA512
014f4fb8ff0ecb7a6d51056e2d5239037f9527905616e81627fd97bd5958ab6ae5bb972578ade6fbab27fc2f062b7d517deff735dcce39ba6cf4a26becdc1f0b

Download Submit
C:\Windows\System\luOXBMx.exe

Filesize
32KB

MD5
0ab2139214b84c5b5b9914ddf8d98eef

SHA1
0db3e47eef91e1213b5a3129a7238838316cc7eb

SHA256
0f79f6ea7da4be4fe35e0c5f41d5da71cc43fbb9a61b8f389655376068fc327c

SHA512
0fc1d3d30d67c3fd6205f05d11a11a4dd65ba3c5bb76e5bc84ccff5761418ab83af568316461a2f4684ea7438f2b99b8d0cb4eb4a39048a1bdde70beaa04fec6

Download Submit
C:\Windows\System\myZWgqs.exe

Filesize
1.0MB

MD5
c080a61e49edabe1e0b86a7270d1eafa

SHA1
70894717fca368430a702f6bc8ebd53ae5c564db

SHA256
49e87def5118805e2445d92849513fdcf0b8b19cabcaad6178dd1c543a0e04c4

SHA512
6a90d73684269a6db58c4198f2b3b9442c628f410c1143c4ab1b2b7404831b90c257bd6cbaeda9c2aa264868ba13a9512f502743747e31d6b1e8ea4cebee6153

Download Submit
C:\Windows\System\myZWgqs.exe

Filesize
473KB

MD5
9cf824aa22276d9863bacb323996f359

SHA1
571b5f929479ad259b69df716bc3abf002bf159f

SHA256
09b7403f47e2115298f793b2654c52ced0928d8700d469784b810238829d3cdc

SHA512
e461ae41ef86fccd6fc179dffc77f3062a3dc23244f873f8840cecabf955d4270b002be7dc33bc444dbc8bb8afb130954f8c6d11184fe468eabd08aaddefdf83

Download Submit
C:\Windows\System\pNMWmpg.exe

Filesize
1.0MB

MD5
5f704469d544896e7d66a02b293b4dad

SHA1
82df1d11aca6cb236bfa3caa402a4b611c93bc54

SHA256
ed78030293a87b2da30d4df3a42cf152c96a44a0e52fd99d3ba64c9512059a21

SHA512
60844633facd2594ab854f92ef667b5171d229cdfb79eea1c13977349c42b4dfe69c0edcbac4f810456d0c04d7bf8f4db766223913d2e0c17559b92b243d9a88

Download Submit
C:\Windows\System\qAyuAzH.exe

Filesize
1.0MB

MD5
d274bdaeb060de0647fa6315c0da9333

SHA1
4ee6614a4aa327990569aaa783c0072ce9924c52

SHA256
740efa8e5b37b3fb8130ece1fbe38219eafd7d04ebaf9c92c6c0a648f5763c92

SHA512
361fe2c6e8a5b37037c8efc84c640793b7a3282bb2bae4552372b0da2a2c4f3dbe70f6acf80b73195b594f8e63178b55154380fcbe4c5fab7c54c889f0d7ad40

Download Submit
C:\Windows\System\qAyuAzH.exe

Filesize
100KB

MD5
326bb376126f814540ff18afea954749

SHA1
bbf287da5e41bcbf2b232f68e4fde7b0b7fa0de3

SHA256
6d58282039a2ef329b9b2abe042727df3427ca3a2def2372fbeedb1f4b736c5d

SHA512
00f7e35138e8b156df293bd2b47756b1ab594c865e3bed0775a00942445b7d63cf539c0aa027a33bd549c253ab23249db5edae7eb0c3f98319f2461bdd56ca99

Download Submit
C:\Windows\System\rBAymWW.exe

Filesize
1.0MB

MD5
6b885faa7356fd387919757accb5bd9c

SHA1
269809ee6d2e27fed289df6bdf36a1b72292d107

SHA256
557d0fa5c79937ff6edc32bc5d6e87db6b1d7917957b54c03c45aca6069eb5a1

SHA512
4a488610a64a30b7ac5145bd698005aa2a6d013ba4fe74e8e84cb3ed0d4b1f81b0d7b539df93b292ad5500bb04e2d01e7fe33e1b3e710f55df506ac16cbbf614

Download Submit
C:\Windows\System\rsikRSx.exe

Filesize
1.0MB

MD5
4923cb4a28f33c715563dc8f2652c05a

SHA1
8f17fe2d6ab6f26f882a2d9cdf3d0a54ea54a8b5

SHA256
a6d0137aaa89168bebec4085c86d42f0c7ae2f6c546a82f19a8d4787f300367c

SHA512
5552746664ad2b1e07eb127760246c2512cc9bb955cc23548771100fe96b2e2a7d0802dfe4d9626aa04b075e34773cd2cf8ea888ea2e9fb2c4f9951c2aed4d9c

Download Submit
C:\Windows\System\tDJPlfy.exe

Filesize
1.0MB

MD5
73cfbc7d1983d4e44c8415f346b78786

SHA1
3df933ea046f16344ce1920f26ed689ada69d472

SHA256
8dcb0a11b4591ca3c1fde176a573bef8f788496b7393d1c98be2bd949c921bf6

SHA512
54c8b4f8a07074cfabe4dcf7ab76d3ae9244c8cd7597713abd990397717522f77ae62227dc1a18229d9528c3ac236e905ebb229d98c0995b84cb09e281ef4127

Download Submit
C:\Windows\System\tDJPlfy.exe

Filesize
448KB

MD5
722b402772b139109922747efabc3cae

SHA1
ab0dc02e8346d421dc7fe8abfd6fb5624a3d8bb6

SHA256
e7bff406164f9d46e356eada198ea69523a2cf82e3aeec2457f0f7c503cdeaa2

SHA512
67eeb100f6c86eaf13c4d3251f498af3911c6b121312a0593d775e308deab4dc59d2e4730ca694b6e8a701d39d35239c2fef905dfcd2652338dfddcaa3b1cbe8

Download Submit
C:\Windows\System\thXIDxg.exe

Filesize
1.0MB

MD5
54e45178a35b565f97f27f021606acca

SHA1
5f31f448bd5104ea97dfd5b7ee8babedec5d52ca

SHA256
2065e14219ca6d10306fd365fef478596ff9221a3c9fef6afea25a18f1c63c84

SHA512
397c9bf107dd7d891b26abad4e15a3ed85d301279d4b6d6d54f11a8d549b683f4a99411665325b28d3c5b52b17a0fc4e4ff5d8974aef94bc04121190b86ea665

Download Submit
C:\Windows\System\thXIDxg.exe

Filesize
384KB

MD5
973f44a47779a687fd0bb65c224596e7

SHA1
d4cf3e4b28d610ee947343829a7e2b4cbdc3ddcf

SHA256
0def842055dea35c457aafc49929128319c6be6026d74391b6e618515d034bb3

SHA512
71017e4fe61c87f3398dd6dbaaf47582bdad84718d1e5877b5ca7d9071e1e728c7c566039c3b29585e95dab3c79fda699dca2c41d6ba5a8db8f82cfe1f24d9fe

Download Submit
C:\Windows\System\tsxHwoH.exe

Filesize
1.0MB

MD5
989d649c67962d1962e490c327e39c72

SHA1
58088156ccc042e98adb2f17a4832b25823b6cd7

SHA256
9130a2335999ae6fc4130a29589be664b1e65e1b94a36aa2f524b5116745cd87

SHA512
1a0041f369191d9bbebb8e3aee2173a18f0e10120e6e7cc3526dd7fdd9ddae6bbf6c5ece05229a02460b26061a4662a353047100a2d2a58594ded96b6449e790

Download Submit
C:\Windows\System\uFFcQmC.exe

Filesize
1.0MB

MD5
9be139044a5ebef24da5f78af1274fc3

SHA1
e507c2c6cb268e5bded23f06234be5e0ed4fef76

SHA256
c34fc3b162aa28358c45ce505370360aaf7630f15edb00e56c5db9b4e3b32e96

SHA512
3e3b97be6bc188028224cadafbbe12b3dc414dc155dc0dd999af372bab8a7438f2e4fa5176ec3b9d78cf1a7a3ced5d377acda5612ef7e7251ea949e1d93dcd25

Download Submit
C:\Windows\System\uzodIro.exe

Filesize
1.0MB

MD5
84dfb3286103ba3660cd85e96eccc8fc

SHA1
719dc57fd3d5f28977ffcb409a5801390a090e8d

SHA256
e9ce93c1528500309806f6d04f6a6848dc725f3b62a3a88c35d8436e1b14ce2e

SHA512
2fe442b5d26cbc9b901d15666345f8bec2064b918bbc588e8748b0951c488574dd76082367a4f1a6b8ae5834ba40c411f88ef69300d51a3c2fb2b417ec0ad9bb

Download Submit
C:\Windows\System\vSOSKcq.exe

Filesize
1.0MB

MD5
cca66e1e7700ba0c94413a4404dea3c7

SHA1
0e678afb360de5e3e364767636ce60d1d104557f

SHA256
a5b584978c0361f7d50788c12ae0d9d4bb2ba15e0a3038b463a0a3ffe7ea02a6

SHA512
6429c42fb8338cc811b05b29ab6700c7c028978d1c54a8f46e628ad96f5f003d18e01aa36ad732fa016c80f4ede878e27c6c95b56419b2208ded2e6ac480a68c

Download Submit
C:\Windows\System\vsFored.exe

Filesize
1.0MB

MD5
0646ad5b4e26b93c8ced597d66aa6bdc

SHA1
e3bcf2d51063df6abaa65718b9d951dc76485e45

SHA256
c3677abe9c4bc28ac1b2220831194498bd8ca33528403ab516de56c8f0df2ffb

SHA512
16e4d3a4e15a2d61a0b092a668f6c125ed896425e2b878d5b630e276979260648f1ac0ee6a079102baea2c638d8f2112a234b43c00603cfbe4d1ada27c4091b4

Download Submit
C:\Windows\System\wXievJp.exe

Filesize
1.0MB

MD5
24b16acc52f0141407cdee3e8606eca6

SHA1
a5bfca63f5171d24fd265ebf2dbe71915025e627

SHA256
409a05ca62e452cf3cd8b84d417d39d5d7b14fe192f693a794c8ab0afbaf74be

SHA512
45f8f8cc8443d99903be6024c5fd94feddcd8328e2acf9aa3dafd681db41af14462d98db5cb456f3c5c4eea6c5680c8bba2ed781158f4c56df201b205b1d4a77

Download Submit
C:\Windows\System\wqVxGIu.exe

Filesize
896KB

MD5
65c14a9c58b7b3e944ea7373004e8832

SHA1
47587efc62fc70b49431026aab8f552035e16889

SHA256
a4d0ec91bba7fb1c37859918f348b4777b2c470b9e146f0d845713f9809c6f0e

SHA512
609bf0980c2df8dc11472409083a0e9fa60ea2064d4b3da156080af70529f6c4d9a39e44c0159e498aa51a1a89cd83b91bca71b5bb9dfa464ae50f967516d76b

Download Submit
C:\Windows\System\wqVxGIu.exe

Filesize
640KB

MD5
52da4204c0c8edccce94bf09ae5e0a46

SHA1
95634764fe19396fd75720be879445e34bfe3f05

SHA256
0da6833af4e38d08f5c95e80892f61a56f212bc3d9d60d9faaa2a95e43b75e5b

SHA512
ed002175e946034b8741de07b7af11c442b474cd4701c349719fb50a5ad8c3b1ade0c4237a6cd7f50104b7318d0b2a34d287373529e51f359b72c1de5058875e

Download Submit
C:\Windows\System\wqVxGIu.exe

Filesize
1.0MB

MD5
d19789ca7acddb40997036edd63948bd

SHA1
f249318387b3d265b33d01976850786627f5b84e

SHA256
a55e59e6940f6f2d8c9bf2789ec9b9de9eff40141a8e395b9f1effd1f8865d6e

SHA512
6e7c445d472ae4fbb82150e8d1f6d6df0fd561c49cc69dc6edd6d3bcad0b7688439264dec1f13f9a9081a3a7deecc4c89962d71ebde12553389f44554ffc27c2

Download Submit
C:\Windows\System\wwVsYCA.exe

Filesize
1.0MB

MD5
312a08896b99deb9eb4a427e6f8beefd

SHA1
df624ad983840b767e1657d0eb7f4f16c3cc8b7b

SHA256
a6edced0740cc552cd438faf2fef8faefb76b1d0a2123270d72a1c2c761a5c70

SHA512
f6a2279a9430b11444d8dee74d4c946e1b8e356eb31184d119f293af50a548a15e904ebb546246c1093dc32439b120c27a7782de16a942ea1eda8996d45e2b5c

Download Submit
C:\Windows\System\xYzBHmu.exe

Filesize
1.0MB

MD5
fbc5b2c4672b9f72ff765334971d0c7d

SHA1
f266c6cb3bf2d94b25bed1690196b12b5dd521e8

SHA256
98eca9f08e5b12141fd95728caf2a1ea3f6e323dcee47f52fe34c1944e2ef11d

SHA512
eeccb981509e5fd64bb8b57adba15a35f0a6577165c07b9a5483f9696a9280b2ab09534b380b736451e1425af070714053f49565fba33b259167d38eb3592831

Download Submit
C:\Windows\System\xzUMOCf.exe

Filesize
1.0MB

MD5
55cd2d1f656d7e66beea8a976998c597

SHA1
bd2f9600f0d8b7128b31fa6691872bed76535b9c

SHA256
f89f9c2843525d656fa7d41f28843e6479eb3b5ac3e4bf2d4025800e9d0ecd0f

SHA512
bf307ca69a5b56227d19c9e4ed9ba2790967dcd572a638270d043a56ce4fb8831af58093ddcac38a620ae600c88e37c3bd85784a9e0a390a92965d3c03fd914f

Download Submit
memory/348-373-0x00007FF659B80000-0x00007FF659ED1000-memory.dmp

Filesize
3.3MB

Download
memory/412-311-0x00007FF76C1A0000-0x00007FF76C4F1000-memory.dmp

Filesize
3.3MB

Download
memory/436-324-0x00007FF699A40000-0x00007FF699D91000-memory.dmp

Filesize
3.3MB

Download
memory/508-283-0x00007FF7C4A20000-0x00007FF7C4D71000-memory.dmp

Filesize
3.3MB

Download
memory/588-377-0x00007FF628F60000-0x00007FF6292B1000-memory.dmp

Filesize
3.3MB

Download
memory/624-260-0x00007FF750A40000-0x00007FF750D91000-memory.dmp

Filesize
3.3MB

Download
memory/724-27-0x00007FF651E60000-0x00007FF6521B1000-memory.dmp

Filesize
3.3MB

Download
memory/932-263-0x00007FF655370000-0x00007FF6556C1000-memory.dmp

Filesize
3.3MB

Download
memory/1076-219-0x00007FF7725F0000-0x00007FF772941000-memory.dmp

Filesize
3.3MB

Download
memory/1144-203-0x00007FF7728B0000-0x00007FF772C01000-memory.dmp

Filesize
3.3MB

Download
memory/1156-403-0x00007FF605550000-0x00007FF6058A1000-memory.dmp

Filesize
3.3MB

Download
memory/1360-211-0x00007FF708F00000-0x00007FF709251000-memory.dmp

Filesize
3.3MB

Download
memory/1416-223-0x00007FF72DD30000-0x00007FF72E081000-memory.dmp

Filesize
3.3MB

Download
memory/1608-380-0x00007FF6973F0000-0x00007FF697741000-memory.dmp

Filesize
3.3MB

Download
memory/1704-425-0x00007FF652630000-0x00007FF652981000-memory.dmp

Filesize
3.3MB

Download
memory/1744-231-0x00007FF606010000-0x00007FF606361000-memory.dmp

Filesize
3.3MB

Download
memory/1808-238-0x00007FF77D580000-0x00007FF77D8D1000-memory.dmp

Filesize
3.3MB

Download
memory/1844-264-0x00007FF638610000-0x00007FF638961000-memory.dmp

Filesize
3.3MB

Download
memory/1916-287-0x00007FF6E08A0000-0x00007FF6E0BF1000-memory.dmp

Filesize
3.3MB

Download
memory/1932-181-0x00007FF6687B0000-0x00007FF668B01000-memory.dmp

Filesize
3.3MB

Download
memory/2016-40-0x00007FF738960000-0x00007FF738CB1000-memory.dmp

Filesize
3.3MB

Download
memory/2068-255-0x00007FF659790000-0x00007FF659AE1000-memory.dmp

Filesize
3.3MB

Download
memory/2096-433-0x00007FF7BFA90000-0x00007FF7BFDE1000-memory.dmp

Filesize
3.3MB

Download
memory/2100-142-0x00007FF6358C0000-0x00007FF635C11000-memory.dmp

Filesize
3.3MB

Download
memory/2232-191-0x00007FF678300000-0x00007FF678651000-memory.dmp

Filesize
3.3MB

Download
memory/2300-21-0x00007FF645900000-0x00007FF645C51000-memory.dmp

Filesize
3.3MB

Download
memory/2360-261-0x00007FF74CE30000-0x00007FF74D181000-memory.dmp

Filesize
3.3MB

Download
memory/2576-187-0x00007FF715C10000-0x00007FF715F61000-memory.dmp

Filesize
3.3MB

Download
memory/2696-455-0x00007FF705580000-0x00007FF7058D1000-memory.dmp

Filesize
3.3MB

Download
memory/3060-94-0x00007FF7B8600000-0x00007FF7B8951000-memory.dmp

Filesize
3.3MB

Download
memory/3112-306-0x00007FF681F10000-0x00007FF682261000-memory.dmp

Filesize
3.3MB

Download
memory/3188-126-0x00007FF7AC7B0000-0x00007FF7ACB01000-memory.dmp

Filesize
3.3MB

Download
memory/3200-291-0x00007FF70B590000-0x00007FF70B8E1000-memory.dmp

Filesize
3.3MB

Download
memory/3300-463-0x00007FF606330000-0x00007FF606681000-memory.dmp

Filesize
3.3MB

Download
memory/3308-227-0x00007FF7FB6E0000-0x00007FF7FBA31000-memory.dmp

Filesize
3.3MB

Download
memory/3324-358-0x00007FF6C48B0000-0x00007FF6C4C01000-memory.dmp

Filesize
3.3MB

Download
memory/3524-249-0x00007FF6DD510000-0x00007FF6DD861000-memory.dmp

Filesize
3.3MB

Download
memory/3544-273-0x00007FF786A80000-0x00007FF786DD1000-memory.dmp

Filesize
3.3MB

Download
memory/3564-162-0x00007FF66EA20000-0x00007FF66ED71000-memory.dmp

Filesize
3.3MB

Download
memory/3604-199-0x00007FF7C7CD0000-0x00007FF7C8021000-memory.dmp

Filesize
3.3MB

Download
memory/3664-81-0x00007FF762360000-0x00007FF7626B1000-memory.dmp

Filesize
3.3MB

Download
memory/3692-259-0x00007FF759C90000-0x00007FF759FE1000-memory.dmp

Filesize
3.3MB

Download
memory/3700-411-0x00007FF6A9C00000-0x00007FF6A9F51000-memory.dmp

Filesize
3.3MB

Download
memory/3748-346-0x00007FF655EB0000-0x00007FF656201000-memory.dmp

Filesize
3.3MB

Download
memory/3864-385-0x00007FF781220000-0x00007FF781571000-memory.dmp

Filesize
3.3MB

Download
memory/4036-265-0x00007FF7478F0000-0x00007FF747C41000-memory.dmp

Filesize
3.3MB

Download
memory/4048-482-0x00007FF786F30000-0x00007FF787281000-memory.dmp

Filesize
3.3MB

Download
memory/4360-368-0x00007FF7DA130000-0x00007FF7DA481000-memory.dmp

Filesize
3.3MB

Download
memory/4480-241-0x00007FF7DD7B0000-0x00007FF7DDB01000-memory.dmp

Filesize
3.3MB

Download
memory/4516-339-0x00007FF6A5410000-0x00007FF6A5761000-memory.dmp

Filesize
3.3MB

Download
memory/4672-0-0x00007FF60EEE0000-0x00007FF60F231000-memory.dmp

Filesize
3.3MB

Download
memory/4672-1-0x00000218210C0000-0x00000218210D0000-memory.dmp

Filesize
64KB

Download
memory/4692-298-0x00007FF7E29A0000-0x00007FF7E2CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4720-195-0x00007FF7433C0000-0x00007FF743711000-memory.dmp

Filesize
3.3MB

Download
memory/4724-207-0x00007FF6366C0000-0x00007FF636A11000-memory.dmp

Filesize
3.3MB

Download
memory/4776-406-0x00007FF61E700000-0x00007FF61EA51000-memory.dmp

Filesize
3.3MB

Download
memory/4820-14-0x00007FF714A70000-0x00007FF714DC1000-memory.dmp

Filesize
3.3MB

Download
memory/4848-334-0x00007FF6258A0000-0x00007FF625BF1000-memory.dmp

Filesize
3.3MB

Download
memory/4892-477-0x00007FF7270F0000-0x00007FF727441000-memory.dmp

Filesize
3.3MB

Download
memory/4912-450-0x00007FF7FFA00000-0x00007FF7FFD51000-memory.dmp

Filesize
3.3MB

Download
memory/4972-56-0x00007FF7675F0000-0x00007FF767941000-memory.dmp

Filesize
3.3MB

Download
memory/5032-173-0x00007FF7B7CB0000-0x00007FF7B8001000-memory.dmp

Filesize
3.3MB

Download
memory/5036-262-0x00007FF71A030000-0x00007FF71A381000-memory.dmp

Filesize
3.3MB

Download
memory/5064-397-0x00007FF7AF5B0000-0x00007FF7AF901000-memory.dmp

Filesize
3.3MB

Download
memory/5072-215-0x00007FF6F59C0000-0x00007FF6F5D11000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads