xmrig | 4658eae6585e317960694ab7bab18b68fa908a86ab62923cc539894ea4ad2c9b

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
Size

1.2MB
MD5

001a909c58f2ed96e76783820f8cc94a
SHA1

97b851c0ba0d21eb2bc77b5557c679f5d9b3cde6
SHA256

4658eae6585e317960694ab7bab18b68fa908a86ab62923cc539894ea4ad2c9b
SHA512

6c4cad7cb1203a306708951f37f53fac210bcc7c40b56b94552153b1e30155495c06103542875d29dffd8143698039d60f4036d3421c7ca465ae0e55bb8dffa2
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5Pbcq92zjP+sjI1T9:knw9oUUEEDl37jcq4nPK

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/2072-39-0x00007FF7F9FA0000-0x00007FF7FA391000-memory.dmp	xmrig
behavioral2/memory/4304-67-0x00007FF6B6840000-0x00007FF6B6C31000-memory.dmp	xmrig
behavioral2/memory/3128-68-0x00007FF7ABA00000-0x00007FF7ABDF1000-memory.dmp	xmrig
behavioral2/memory/2032-69-0x00007FF751210000-0x00007FF751601000-memory.dmp	xmrig
behavioral2/memory/2980-71-0x00007FF796620000-0x00007FF796A11000-memory.dmp	xmrig
behavioral2/memory/2168-64-0x00007FF781790000-0x00007FF781B81000-memory.dmp	xmrig
behavioral2/memory/4512-46-0x00007FF772F70000-0x00007FF773361000-memory.dmp	xmrig
behavioral2/memory/3652-26-0x00007FF6F4450000-0x00007FF6F4841000-memory.dmp	xmrig
behavioral2/memory/3480-86-0x00007FF74EDF0000-0x00007FF74F1E1000-memory.dmp	xmrig
behavioral2/memory/2880-117-0x00007FF76A440000-0x00007FF76A831000-memory.dmp	xmrig
behavioral2/memory/3712-121-0x00007FF7AE220000-0x00007FF7AE611000-memory.dmp	xmrig
behavioral2/memory/2516-140-0x00007FF6C8080000-0x00007FF6C8471000-memory.dmp	xmrig
behavioral2/memory/1980-147-0x00007FF7BDF10000-0x00007FF7BE301000-memory.dmp	xmrig
behavioral2/memory/544-176-0x00007FF7A4E00000-0x00007FF7A51F1000-memory.dmp	xmrig
behavioral2/memory/2660-181-0x00007FF7523A0000-0x00007FF752791000-memory.dmp	xmrig
behavioral2/memory/3964-186-0x00007FF694760000-0x00007FF694B51000-memory.dmp	xmrig
behavioral2/memory/4084-192-0x00007FF721030000-0x00007FF721421000-memory.dmp	xmrig
behavioral2/memory/2072-195-0x00007FF7F9FA0000-0x00007FF7FA391000-memory.dmp	xmrig
behavioral2/memory/4528-199-0x00007FF723320000-0x00007FF723711000-memory.dmp	xmrig
behavioral2/memory/1804-209-0x00007FF7B4860000-0x00007FF7B4C51000-memory.dmp	xmrig
behavioral2/memory/1008-215-0x00007FF75FD50000-0x00007FF760141000-memory.dmp	xmrig
behavioral2/memory/3528-218-0x00007FF77D150000-0x00007FF77D541000-memory.dmp	xmrig
behavioral2/memory/372-220-0x00007FF67DB00000-0x00007FF67DEF1000-memory.dmp	xmrig
behavioral2/memory/3652-217-0x00007FF6F4450000-0x00007FF6F4841000-memory.dmp	xmrig
behavioral2/memory/3220-223-0x00007FF7DC7B0000-0x00007FF7DCBA1000-memory.dmp	xmrig
behavioral2/memory/1576-204-0x00007FF720C10000-0x00007FF721001000-memory.dmp	xmrig
behavioral2/memory/1824-182-0x00007FF677830000-0x00007FF677C21000-memory.dmp	xmrig
behavioral2/memory/1712-178-0x00007FF6FECA0000-0x00007FF6FF091000-memory.dmp	xmrig
behavioral2/memory/3996-240-0x00007FF7FA780000-0x00007FF7FAB71000-memory.dmp	xmrig
behavioral2/memory/3664-242-0x00007FF717FA0000-0x00007FF718391000-memory.dmp	xmrig
behavioral2/memory/4504-248-0x00007FF6AD1F0000-0x00007FF6AD5E1000-memory.dmp	xmrig
behavioral2/memory/2328-254-0x00007FF609940000-0x00007FF609D31000-memory.dmp	xmrig
behavioral2/memory/640-271-0x00007FF6AEBC0000-0x00007FF6AEFB1000-memory.dmp	xmrig
behavioral2/memory/1536-283-0x00007FF6F5050000-0x00007FF6F5441000-memory.dmp	xmrig
behavioral2/memory/384-286-0x00007FF6F10C0000-0x00007FF6F14B1000-memory.dmp	xmrig
behavioral2/memory/3512-296-0x00007FF7BAF60000-0x00007FF7BB351000-memory.dmp	xmrig
behavioral2/memory/3480-295-0x00007FF74EDF0000-0x00007FF74F1E1000-memory.dmp	xmrig
behavioral2/memory/1216-302-0x00007FF6328B0000-0x00007FF632CA1000-memory.dmp	xmrig
behavioral2/memory/1492-309-0x00007FF7EF7B0000-0x00007FF7EFBA1000-memory.dmp	xmrig
behavioral2/memory/3272-307-0x00007FF79B840000-0x00007FF79BC31000-memory.dmp	xmrig
behavioral2/memory/1892-303-0x00007FF6A3690000-0x00007FF6A3A81000-memory.dmp	xmrig
behavioral2/memory/1356-281-0x00007FF63FF70000-0x00007FF640361000-memory.dmp	xmrig
behavioral2/memory/5000-275-0x00007FF6577B0000-0x00007FF657BA1000-memory.dmp	xmrig
behavioral2/memory/4296-263-0x00007FF603520000-0x00007FF603911000-memory.dmp	xmrig
behavioral2/memory/2832-256-0x00007FF7107A0000-0x00007FF710B91000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4084	YAdowWJ.exe
4512	RWylYGp.exe
1008	eonAmsX.exe
3652	sVILbPf.exe
2072	wIHjjZh.exe
2168	ZiqTZro.exe
4528	WVUqRfJ.exe
4304	Whbeoyb.exe
2980	zsjsNbs.exe
3128	qGveyjy.exe
2032	dKyiQGW.exe
3220	MlOCYXC.exe
3996	buAjxPy.exe
3480	MtAPFlY.exe
3464	msNiYIX.exe
3712	oraCmIF.exe
1020	DNsIXUX.exe
2880	JsUhBXr.exe
440	oATdaEj.exe
3392	imoDSTp.exe
3052	NfBlqTd.exe
2516	BTmWbvF.exe
2660	TCSjjfk.exe
1980	glYVXpF.exe
2896	moscMeL.exe
1824	icSOYbj.exe
3248	XryvHjr.exe
544	FoLlTYW.exe
1712	fasOiia.exe
2024	AwaqSWJ.exe
1576	JTfAPQo.exe
1804	WsmajQN.exe
3528	BUStmSY.exe
2248	ZBKYxqW.exe
804	hDfkYFv.exe
372	OFCbUGN.exe
2344	QaOEIaV.exe
3504	XdBbHLK.exe
3664	XncxNWr.exe
384	tqqtUoL.exe
4504	qwsQNGm.exe
2328	oAdkGnM.exe
2832	DzCJXWG.exe
4296	HFjrcIj.exe
3512	qATyGLO.exe
640	FoyuYAi.exe
1216	XUpajxj.exe
1892	oXdmnVD.exe
5000	wIEnQwl.exe
4868	gvLnrYM.exe
1356	SdYkSXn.exe
1536	NuLLfLT.exe
3272	RdWFCJV.exe
1492	XtbgYDO.exe
5048	PIvZYXI.exe
4128	yxgRpbx.exe
2124	CXWCIEB.exe
3900	amEhLTs.exe
1872	cXNsfWv.exe
2468	QIgTaPK.exe
1540	FlBgBxS.exe
3796	hXDxVMN.exe
4284	cfLfWdS.exe
3876	JzOAWGo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3964-0-0x00007FF694760000-0x00007FF694B51000-memory.dmp	upx
behavioral2/files/0x000300000001e97c-5.dat	upx
behavioral2/memory/4084-9-0x00007FF721030000-0x00007FF721421000-memory.dmp	upx
behavioral2/memory/1008-21-0x00007FF75FD50000-0x00007FF760141000-memory.dmp	upx
behavioral2/files/0x00080000000233fd-22.dat	upx
behavioral2/files/0x000b0000000233eb-24.dat	upx
behavioral2/files/0x0007000000023402-27.dat	upx
behavioral2/files/0x0007000000023403-33.dat	upx
behavioral2/memory/2072-39-0x00007FF7F9FA0000-0x00007FF7FA391000-memory.dmp	upx
behavioral2/files/0x0007000000023405-44.dat	upx
behavioral2/files/0x0007000000023404-47.dat	upx
behavioral2/files/0x0007000000023406-49.dat	upx
behavioral2/files/0x0007000000023407-55.dat	upx
behavioral2/files/0x0007000000023408-60.dat	upx
behavioral2/memory/4304-67-0x00007FF6B6840000-0x00007FF6B6C31000-memory.dmp	upx
behavioral2/memory/3128-68-0x00007FF7ABA00000-0x00007FF7ABDF1000-memory.dmp	upx
behavioral2/memory/2032-69-0x00007FF751210000-0x00007FF751601000-memory.dmp	upx
behavioral2/memory/3220-70-0x00007FF7DC7B0000-0x00007FF7DCBA1000-memory.dmp	upx
behavioral2/memory/2980-71-0x00007FF796620000-0x00007FF796A11000-memory.dmp	upx
behavioral2/files/0x0007000000023409-72.dat	upx
behavioral2/memory/2168-64-0x00007FF781790000-0x00007FF781B81000-memory.dmp	upx
behavioral2/memory/4512-46-0x00007FF772F70000-0x00007FF773361000-memory.dmp	upx
behavioral2/memory/4528-41-0x00007FF723320000-0x00007FF723711000-memory.dmp	upx
behavioral2/memory/3652-26-0x00007FF6F4450000-0x00007FF6F4841000-memory.dmp	upx
behavioral2/files/0x0007000000023401-23.dat	upx
behavioral2/files/0x000700000002340a-76.dat	upx
behavioral2/memory/3996-82-0x00007FF7FA780000-0x00007FF7FAB71000-memory.dmp	upx
behavioral2/memory/3480-86-0x00007FF74EDF0000-0x00007FF74F1E1000-memory.dmp	upx
behavioral2/files/0x000700000002340c-89.dat	upx
behavioral2/memory/3464-96-0x00007FF683DC0000-0x00007FF6841B1000-memory.dmp	upx
behavioral2/files/0x000700000002340f-103.dat	upx
behavioral2/files/0x0007000000023411-115.dat	upx
behavioral2/memory/2880-117-0x00007FF76A440000-0x00007FF76A831000-memory.dmp	upx
behavioral2/memory/3712-121-0x00007FF7AE220000-0x00007FF7AE611000-memory.dmp	upx
behavioral2/memory/3052-123-0x00007FF703E40000-0x00007FF704231000-memory.dmp	upx
behavioral2/memory/3392-122-0x00007FF65B510000-0x00007FF65B901000-memory.dmp	upx
behavioral2/files/0x0007000000023413-120.dat	upx
behavioral2/memory/440-119-0x00007FF67A850000-0x00007FF67AC41000-memory.dmp	upx
behavioral2/files/0x000700000002340e-109.dat	upx
behavioral2/files/0x000700000002340d-108.dat	upx
behavioral2/memory/1020-106-0x00007FF7708E0000-0x00007FF770CD1000-memory.dmp	upx
behavioral2/files/0x0007000000023410-104.dat	upx
behavioral2/files/0x000700000002340b-81.dat	upx
behavioral2/files/0x0007000000023415-137.dat	upx
behavioral2/files/0x0007000000023416-142.dat	upx
behavioral2/files/0x0007000000023414-144.dat	upx
behavioral2/memory/2516-140-0x00007FF6C8080000-0x00007FF6C8471000-memory.dmp	upx
behavioral2/memory/1980-147-0x00007FF7BDF10000-0x00007FF7BE301000-memory.dmp	upx
behavioral2/memory/2896-160-0x00007FF644AF0000-0x00007FF644EE1000-memory.dmp	upx
behavioral2/files/0x0007000000023418-165.dat	upx
behavioral2/files/0x000700000002341a-171.dat	upx
behavioral2/files/0x000700000002341b-169.dat	upx
behavioral2/memory/544-176-0x00007FF7A4E00000-0x00007FF7A51F1000-memory.dmp	upx
behavioral2/memory/2660-181-0x00007FF7523A0000-0x00007FF752791000-memory.dmp	upx
behavioral2/memory/2024-183-0x00007FF76AAC0000-0x00007FF76AEB1000-memory.dmp	upx
behavioral2/memory/3964-186-0x00007FF694760000-0x00007FF694B51000-memory.dmp	upx
behavioral2/memory/4084-192-0x00007FF721030000-0x00007FF721421000-memory.dmp	upx
behavioral2/memory/2072-195-0x00007FF7F9FA0000-0x00007FF7FA391000-memory.dmp	upx
behavioral2/memory/4528-199-0x00007FF723320000-0x00007FF723711000-memory.dmp	upx
behavioral2/memory/1804-209-0x00007FF7B4860000-0x00007FF7B4C51000-memory.dmp	upx
behavioral2/memory/1008-215-0x00007FF75FD50000-0x00007FF760141000-memory.dmp	upx
behavioral2/memory/3528-218-0x00007FF77D150000-0x00007FF77D541000-memory.dmp	upx
behavioral2/memory/804-219-0x00007FF627FB0000-0x00007FF6283A1000-memory.dmp	upx
behavioral2/memory/372-220-0x00007FF67DB00000-0x00007FF67DEF1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\PppzpBs.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\ZykyEAs.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\aGCpDnL.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\xKQWWuW.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\TAhpYdu.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\CXWCIEB.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\flELhwl.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\oYFDHwJ.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\amEhLTs.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\cSilgRZ.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\UgYjbDo.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\xsPXwPt.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\yRgGFaE.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\tUGLCgI.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\vIXiHhB.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\gRDQSYw.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\qkpBjie.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\BTmWbvF.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\jXatvAR.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\Wauzcvh.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\zkGckxm.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\UXpGEQo.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\IkTwhTw.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\UcuBxGn.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\PFYxAId.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\phXaYzj.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\TexjLtE.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\juxBxdE.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\WVUqRfJ.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\GCiTGoc.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\oKaPKZq.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\IdtDOKu.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\vpYWLBh.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\bKHIUPL.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\rftbYNC.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\yxgRpbx.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\FlHTDpJ.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\mCLKEBd.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\hdXYphx.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\QXSUXue.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\glYVXpF.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\hNIyIYF.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\UzMujva.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\gbXLcGq.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\isyCPVr.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\GrCUmle.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\IgYXeNh.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\ywqgHZw.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\RQBnUfI.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\DAAcLjO.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\leDeFqN.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\zYgIBiT.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\tRDKSsF.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\xSXiCcb.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\tGTSmMI.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\HFEMijD.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\MQFLwHG.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\YZMyKdb.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\jeMpcuH.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\xoaoprg.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\pkwLlpp.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\HlzYIrE.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\kyssyAb.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
File created	C:\Windows\System32\fjLkVrt.exe	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	10828	dwm.exe
Token: SeChangeNotifyPrivilege	10828	dwm.exe
Token: 33	10828	dwm.exe
Token: SeIncBasePriorityPrivilege	10828	dwm.exe
Token: SeShutdownPrivilege	10828	dwm.exe
Token: SeCreatePagefilePrivilege	10828	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 4084	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	87
PID 3964 wrote to memory of 4084	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	87
PID 3964 wrote to memory of 4512	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	88
PID 3964 wrote to memory of 4512	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	88
PID 3964 wrote to memory of 1008	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	89
PID 3964 wrote to memory of 1008	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	89
PID 3964 wrote to memory of 3652	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	90
PID 3964 wrote to memory of 3652	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	90
PID 3964 wrote to memory of 2072	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	91
PID 3964 wrote to memory of 2072	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	91
PID 3964 wrote to memory of 2168	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	92
PID 3964 wrote to memory of 2168	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	92
PID 3964 wrote to memory of 4528	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	93
PID 3964 wrote to memory of 4528	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	93
PID 3964 wrote to memory of 4304	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	94
PID 3964 wrote to memory of 4304	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	94
PID 3964 wrote to memory of 2980	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	95
PID 3964 wrote to memory of 2980	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	95
PID 3964 wrote to memory of 3128	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	96
PID 3964 wrote to memory of 3128	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	96
PID 3964 wrote to memory of 2032	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	97
PID 3964 wrote to memory of 2032	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	97
PID 3964 wrote to memory of 3220	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	98
PID 3964 wrote to memory of 3220	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	98
PID 3964 wrote to memory of 3996	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	99
PID 3964 wrote to memory of 3996	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	99
PID 3964 wrote to memory of 3480	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	100
PID 3964 wrote to memory of 3480	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	100
PID 3964 wrote to memory of 3464	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	101
PID 3964 wrote to memory of 3464	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	101
PID 3964 wrote to memory of 3712	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	102
PID 3964 wrote to memory of 3712	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	102
PID 3964 wrote to memory of 1020	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	103
PID 3964 wrote to memory of 1020	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	103
PID 3964 wrote to memory of 2880	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	104
PID 3964 wrote to memory of 2880	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	104
PID 3964 wrote to memory of 440	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	105
PID 3964 wrote to memory of 440	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	105
PID 3964 wrote to memory of 3392	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	106
PID 3964 wrote to memory of 3392	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	106
PID 3964 wrote to memory of 2516	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	107
PID 3964 wrote to memory of 2516	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	107
PID 3964 wrote to memory of 3052	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	108
PID 3964 wrote to memory of 3052	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	108
PID 3964 wrote to memory of 2660	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	109
PID 3964 wrote to memory of 2660	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	109
PID 3964 wrote to memory of 1980	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	110
PID 3964 wrote to memory of 1980	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	110
PID 3964 wrote to memory of 2896	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	111
PID 3964 wrote to memory of 2896	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	111
PID 3964 wrote to memory of 1824	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	112
PID 3964 wrote to memory of 1824	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	112
PID 3964 wrote to memory of 3248	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	113
PID 3964 wrote to memory of 3248	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	113
PID 3964 wrote to memory of 544	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	114
PID 3964 wrote to memory of 544	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	114
PID 3964 wrote to memory of 1712	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	115
PID 3964 wrote to memory of 1712	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	115
PID 3964 wrote to memory of 2024	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	116
PID 3964 wrote to memory of 2024	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	116
PID 3964 wrote to memory of 1576	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	117
PID 3964 wrote to memory of 1576	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	117
PID 3964 wrote to memory of 1804	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	118
PID 3964 wrote to memory of 1804	3964	001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe	118

C:\Users\Admin\AppData\Local\Temp\001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\001a909c58f2ed96e76783820f8cc94a_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Windows\System32\YAdowWJ.exe
  C:\Windows\System32\YAdowWJ.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System32\RWylYGp.exe
  C:\Windows\System32\RWylYGp.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System32\eonAmsX.exe
  C:\Windows\System32\eonAmsX.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System32\sVILbPf.exe
  C:\Windows\System32\sVILbPf.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System32\wIHjjZh.exe
  C:\Windows\System32\wIHjjZh.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System32\ZiqTZro.exe
  C:\Windows\System32\ZiqTZro.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System32\WVUqRfJ.exe
  C:\Windows\System32\WVUqRfJ.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System32\Whbeoyb.exe
  C:\Windows\System32\Whbeoyb.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System32\zsjsNbs.exe
  C:\Windows\System32\zsjsNbs.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System32\qGveyjy.exe
  C:\Windows\System32\qGveyjy.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System32\dKyiQGW.exe
  C:\Windows\System32\dKyiQGW.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System32\MlOCYXC.exe
  C:\Windows\System32\MlOCYXC.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System32\buAjxPy.exe
  C:\Windows\System32\buAjxPy.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System32\MtAPFlY.exe
  C:\Windows\System32\MtAPFlY.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System32\msNiYIX.exe
  C:\Windows\System32\msNiYIX.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System32\oraCmIF.exe
  C:\Windows\System32\oraCmIF.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System32\DNsIXUX.exe
  C:\Windows\System32\DNsIXUX.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System32\JsUhBXr.exe
  C:\Windows\System32\JsUhBXr.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System32\oATdaEj.exe
  C:\Windows\System32\oATdaEj.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System32\imoDSTp.exe
  C:\Windows\System32\imoDSTp.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System32\BTmWbvF.exe
  C:\Windows\System32\BTmWbvF.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System32\NfBlqTd.exe
  C:\Windows\System32\NfBlqTd.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System32\TCSjjfk.exe
  C:\Windows\System32\TCSjjfk.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System32\glYVXpF.exe
  C:\Windows\System32\glYVXpF.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System32\moscMeL.exe
  C:\Windows\System32\moscMeL.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System32\icSOYbj.exe
  C:\Windows\System32\icSOYbj.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System32\XryvHjr.exe
  C:\Windows\System32\XryvHjr.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System32\FoLlTYW.exe
  C:\Windows\System32\FoLlTYW.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System32\fasOiia.exe
  C:\Windows\System32\fasOiia.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System32\AwaqSWJ.exe
  C:\Windows\System32\AwaqSWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System32\JTfAPQo.exe
  C:\Windows\System32\JTfAPQo.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System32\WsmajQN.exe
  C:\Windows\System32\WsmajQN.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System32\BUStmSY.exe
  C:\Windows\System32\BUStmSY.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System32\ZBKYxqW.exe
  C:\Windows\System32\ZBKYxqW.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System32\hDfkYFv.exe
  C:\Windows\System32\hDfkYFv.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System32\OFCbUGN.exe
  C:\Windows\System32\OFCbUGN.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System32\QaOEIaV.exe
  C:\Windows\System32\QaOEIaV.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System32\XdBbHLK.exe
  C:\Windows\System32\XdBbHLK.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System32\XncxNWr.exe
  C:\Windows\System32\XncxNWr.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System32\tqqtUoL.exe
  C:\Windows\System32\tqqtUoL.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System32\qwsQNGm.exe
  C:\Windows\System32\qwsQNGm.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System32\oAdkGnM.exe
  C:\Windows\System32\oAdkGnM.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System32\DzCJXWG.exe
  C:\Windows\System32\DzCJXWG.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System32\HFjrcIj.exe
  C:\Windows\System32\HFjrcIj.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System32\XUpajxj.exe
  C:\Windows\System32\XUpajxj.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System32\qATyGLO.exe
  C:\Windows\System32\qATyGLO.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System32\FoyuYAi.exe
  C:\Windows\System32\FoyuYAi.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System32\oXdmnVD.exe
  C:\Windows\System32\oXdmnVD.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System32\wIEnQwl.exe
  C:\Windows\System32\wIEnQwl.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System32\gvLnrYM.exe
  C:\Windows\System32\gvLnrYM.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System32\SdYkSXn.exe
  C:\Windows\System32\SdYkSXn.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System32\NuLLfLT.exe
  C:\Windows\System32\NuLLfLT.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System32\RdWFCJV.exe
  C:\Windows\System32\RdWFCJV.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System32\XtbgYDO.exe
  C:\Windows\System32\XtbgYDO.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System32\PIvZYXI.exe
  C:\Windows\System32\PIvZYXI.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System32\CXWCIEB.exe
  C:\Windows\System32\CXWCIEB.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System32\amEhLTs.exe
  C:\Windows\System32\amEhLTs.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System32\yxgRpbx.exe
  C:\Windows\System32\yxgRpbx.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System32\cXNsfWv.exe
  C:\Windows\System32\cXNsfWv.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System32\QIgTaPK.exe
  C:\Windows\System32\QIgTaPK.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System32\FlBgBxS.exe
  C:\Windows\System32\FlBgBxS.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System32\hXDxVMN.exe
  C:\Windows\System32\hXDxVMN.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System32\cfLfWdS.exe
  C:\Windows\System32\cfLfWdS.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System32\JzOAWGo.exe
  C:\Windows\System32\JzOAWGo.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System32\jfCUqfS.exe
  C:\Windows\System32\jfCUqfS.exe
  2⤵
  PID:4012
- C:\Windows\System32\juxBxdE.exe
  C:\Windows\System32\juxBxdE.exe
  2⤵
  PID:456
- C:\Windows\System32\CYgyVGC.exe
  C:\Windows\System32\CYgyVGC.exe
  2⤵
  PID:3688
- C:\Windows\System32\JYoqLqi.exe
  C:\Windows\System32\JYoqLqi.exe
  2⤵
  PID:2292
- C:\Windows\System32\dBbGGpH.exe
  C:\Windows\System32\dBbGGpH.exe
  2⤵
  PID:3912
- C:\Windows\System32\ibbKQwn.exe
  C:\Windows\System32\ibbKQwn.exe
  2⤵
  PID:4376
- C:\Windows\System32\isyCPVr.exe
  C:\Windows\System32\isyCPVr.exe
  2⤵
  PID:592
- C:\Windows\System32\ITybJUS.exe
  C:\Windows\System32\ITybJUS.exe
  2⤵
  PID:1292
- C:\Windows\System32\wpIcwbE.exe
  C:\Windows\System32\wpIcwbE.exe
  2⤵
  PID:224
- C:\Windows\System32\tIgBaPg.exe
  C:\Windows\System32\tIgBaPg.exe
  2⤵
  PID:3284
- C:\Windows\System32\PFYxAId.exe
  C:\Windows\System32\PFYxAId.exe
  2⤵
  PID:4820
- C:\Windows\System32\SqShKVt.exe
  C:\Windows\System32\SqShKVt.exe
  2⤵
  PID:1272
- C:\Windows\System32\VEzfXKg.exe
  C:\Windows\System32\VEzfXKg.exe
  2⤵
  PID:5116
- C:\Windows\System32\ivHRLkJ.exe
  C:\Windows\System32\ivHRLkJ.exe
  2⤵
  PID:4644
- C:\Windows\System32\nWjYEMa.exe
  C:\Windows\System32\nWjYEMa.exe
  2⤵
  PID:1668
- C:\Windows\System32\miEdwsX.exe
  C:\Windows\System32\miEdwsX.exe
  2⤵
  PID:2700
- C:\Windows\System32\hUKMlzw.exe
  C:\Windows\System32\hUKMlzw.exe
  2⤵
  PID:908
- C:\Windows\System32\zWrQCbD.exe
  C:\Windows\System32\zWrQCbD.exe
  2⤵
  PID:4760
- C:\Windows\System32\FlHTDpJ.exe
  C:\Windows\System32\FlHTDpJ.exe
  2⤵
  PID:5172
- C:\Windows\System32\EzKUfLK.exe
  C:\Windows\System32\EzKUfLK.exe
  2⤵
  PID:5200
- C:\Windows\System32\kuVKkHu.exe
  C:\Windows\System32\kuVKkHu.exe
  2⤵
  PID:5220
- C:\Windows\System32\xoaoprg.exe
  C:\Windows\System32\xoaoprg.exe
  2⤵
  PID:5240
- C:\Windows\System32\fycwhug.exe
  C:\Windows\System32\fycwhug.exe
  2⤵
  PID:5324
- C:\Windows\System32\FiQdTMZ.exe
  C:\Windows\System32\FiQdTMZ.exe
  2⤵
  PID:5408
- C:\Windows\System32\TSRljtI.exe
  C:\Windows\System32\TSRljtI.exe
  2⤵
  PID:5440
- C:\Windows\System32\tOYlYBb.exe
  C:\Windows\System32\tOYlYBb.exe
  2⤵
  PID:5472
- C:\Windows\System32\RqlnrPE.exe
  C:\Windows\System32\RqlnrPE.exe
  2⤵
  PID:5496
- C:\Windows\System32\JpYJNJe.exe
  C:\Windows\System32\JpYJNJe.exe
  2⤵
  PID:5512
- C:\Windows\System32\QLjhMGc.exe
  C:\Windows\System32\QLjhMGc.exe
  2⤵
  PID:5532
- C:\Windows\System32\KouidMT.exe
  C:\Windows\System32\KouidMT.exe
  2⤵
  PID:5556
- C:\Windows\System32\JdhWqHL.exe
  C:\Windows\System32\JdhWqHL.exe
  2⤵
  PID:5592
- C:\Windows\System32\uoXSwAW.exe
  C:\Windows\System32\uoXSwAW.exe
  2⤵
  PID:5608
- C:\Windows\System32\PppzpBs.exe
  C:\Windows\System32\PppzpBs.exe
  2⤵
  PID:5632
- C:\Windows\System32\sgHMsFl.exe
  C:\Windows\System32\sgHMsFl.exe
  2⤵
  PID:5648
- C:\Windows\System32\tmHNZIx.exe
  C:\Windows\System32\tmHNZIx.exe
  2⤵
  PID:5668
- C:\Windows\System32\jaIllEn.exe
  C:\Windows\System32\jaIllEn.exe
  2⤵
  PID:5684
- C:\Windows\System32\bgCIeoA.exe
  C:\Windows\System32\bgCIeoA.exe
  2⤵
  PID:5700
- C:\Windows\System32\nRcFnXn.exe
  C:\Windows\System32\nRcFnXn.exe
  2⤵
  PID:5752
- C:\Windows\System32\xqFOJuy.exe
  C:\Windows\System32\xqFOJuy.exe
  2⤵
  PID:5800
- C:\Windows\System32\TPYeqqO.exe
  C:\Windows\System32\TPYeqqO.exe
  2⤵
  PID:5884
- C:\Windows\System32\ZtYQyuf.exe
  C:\Windows\System32\ZtYQyuf.exe
  2⤵
  PID:5900
- C:\Windows\System32\lzzASJQ.exe
  C:\Windows\System32\lzzASJQ.exe
  2⤵
  PID:5916
- C:\Windows\System32\HHMryiD.exe
  C:\Windows\System32\HHMryiD.exe
  2⤵
  PID:5936
- C:\Windows\System32\phXaYzj.exe
  C:\Windows\System32\phXaYzj.exe
  2⤵
  PID:5976
- C:\Windows\System32\qujaesg.exe
  C:\Windows\System32\qujaesg.exe
  2⤵
  PID:6012
- C:\Windows\System32\RCylIfw.exe
  C:\Windows\System32\RCylIfw.exe
  2⤵
  PID:6028
- C:\Windows\System32\NJRrsHo.exe
  C:\Windows\System32\NJRrsHo.exe
  2⤵
  PID:6048
- C:\Windows\System32\PXniZbX.exe
  C:\Windows\System32\PXniZbX.exe
  2⤵
  PID:6112
- C:\Windows\System32\BNcGKyt.exe
  C:\Windows\System32\BNcGKyt.exe
  2⤵
  PID:2064
- C:\Windows\System32\yIYVFIg.exe
  C:\Windows\System32\yIYVFIg.exe
  2⤵
  PID:2492
- C:\Windows\System32\UJDqANR.exe
  C:\Windows\System32\UJDqANR.exe
  2⤵
  PID:4604
- C:\Windows\System32\nhfbAWb.exe
  C:\Windows\System32\nhfbAWb.exe
  2⤵
  PID:1088
- C:\Windows\System32\jBNqyzp.exe
  C:\Windows\System32\jBNqyzp.exe
  2⤵
  PID:3244
- C:\Windows\System32\GgquPqI.exe
  C:\Windows\System32\GgquPqI.exe
  2⤵
  PID:5300
- C:\Windows\System32\RQBnUfI.exe
  C:\Windows\System32\RQBnUfI.exe
  2⤵
  PID:5260
- C:\Windows\System32\LGRGxrl.exe
  C:\Windows\System32\LGRGxrl.exe
  2⤵
  PID:5348
- C:\Windows\System32\MQFLwHG.exe
  C:\Windows\System32\MQFLwHG.exe
  2⤵
  PID:2920
- C:\Windows\System32\wMrpxzr.exe
  C:\Windows\System32\wMrpxzr.exe
  2⤵
  PID:5396
- C:\Windows\System32\kDFRyZS.exe
  C:\Windows\System32\kDFRyZS.exe
  2⤵
  PID:5452
- C:\Windows\System32\CuNfCaP.exe
  C:\Windows\System32\CuNfCaP.exe
  2⤵
  PID:5544
- C:\Windows\System32\bNzWjxM.exe
  C:\Windows\System32\bNzWjxM.exe
  2⤵
  PID:5600
- C:\Windows\System32\Hmndjsw.exe
  C:\Windows\System32\Hmndjsw.exe
  2⤵
  PID:5748
- C:\Windows\System32\fTbMFOY.exe
  C:\Windows\System32\fTbMFOY.exe
  2⤵
  PID:5792
- C:\Windows\System32\ndLxXQX.exe
  C:\Windows\System32\ndLxXQX.exe
  2⤵
  PID:5924
- C:\Windows\System32\ROvtChV.exe
  C:\Windows\System32\ROvtChV.exe
  2⤵
  PID:5876
- C:\Windows\System32\fUZYFJa.exe
  C:\Windows\System32\fUZYFJa.exe
  2⤵
  PID:5960
- C:\Windows\System32\mvyOjNc.exe
  C:\Windows\System32\mvyOjNc.exe
  2⤵
  PID:6000
- C:\Windows\System32\FnwPsQT.exe
  C:\Windows\System32\FnwPsQT.exe
  2⤵
  PID:4884
- C:\Windows\System32\rksfnKA.exe
  C:\Windows\System32\rksfnKA.exe
  2⤵
  PID:4244
- C:\Windows\System32\ZlQTsrD.exe
  C:\Windows\System32\ZlQTsrD.exe
  2⤵
  PID:5124
- C:\Windows\System32\VjzHJSL.exe
  C:\Windows\System32\VjzHJSL.exe
  2⤵
  PID:972
- C:\Windows\System32\PLrsgSV.exe
  C:\Windows\System32\PLrsgSV.exe
  2⤵
  PID:5156
- C:\Windows\System32\oKAZvRV.exe
  C:\Windows\System32\oKAZvRV.exe
  2⤵
  PID:5292
- C:\Windows\System32\wxbfxPx.exe
  C:\Windows\System32\wxbfxPx.exe
  2⤵
  PID:5604
- C:\Windows\System32\ZOrUGDc.exe
  C:\Windows\System32\ZOrUGDc.exe
  2⤵
  PID:5640
- C:\Windows\System32\dWydQBO.exe
  C:\Windows\System32\dWydQBO.exe
  2⤵
  PID:5872
- C:\Windows\System32\EdfaIlR.exe
  C:\Windows\System32\EdfaIlR.exe
  2⤵
  PID:6084
- C:\Windows\System32\SupZHVE.exe
  C:\Windows\System32\SupZHVE.exe
  2⤵
  PID:5180
- C:\Windows\System32\idZLhmn.exe
  C:\Windows\System32\idZLhmn.exe
  2⤵
  PID:5316
- C:\Windows\System32\UajmZQk.exe
  C:\Windows\System32\UajmZQk.exe
  2⤵
  PID:5448
- C:\Windows\System32\VHLhXsb.exe
  C:\Windows\System32\VHLhXsb.exe
  2⤵
  PID:5456
- C:\Windows\System32\xSXiCcb.exe
  C:\Windows\System32\xSXiCcb.exe
  2⤵
  PID:5504
- C:\Windows\System32\DAAcLjO.exe
  C:\Windows\System32\DAAcLjO.exe
  2⤵
  PID:6152
- C:\Windows\System32\pkwLlpp.exe
  C:\Windows\System32\pkwLlpp.exe
  2⤵
  PID:6168
- C:\Windows\System32\UXpGEQo.exe
  C:\Windows\System32\UXpGEQo.exe
  2⤵
  PID:6188
- C:\Windows\System32\rZvJosN.exe
  C:\Windows\System32\rZvJosN.exe
  2⤵
  PID:6208
- C:\Windows\System32\OqCrrOZ.exe
  C:\Windows\System32\OqCrrOZ.exe
  2⤵
  PID:6244
- C:\Windows\System32\fcpFuTZ.exe
  C:\Windows\System32\fcpFuTZ.exe
  2⤵
  PID:6316
- C:\Windows\System32\OjajSeD.exe
  C:\Windows\System32\OjajSeD.exe
  2⤵
  PID:6332
- C:\Windows\System32\YXNbbjW.exe
  C:\Windows\System32\YXNbbjW.exe
  2⤵
  PID:6352
- C:\Windows\System32\fyJFxUJ.exe
  C:\Windows\System32\fyJFxUJ.exe
  2⤵
  PID:6368
- C:\Windows\System32\RbhCLpF.exe
  C:\Windows\System32\RbhCLpF.exe
  2⤵
  PID:6388
- C:\Windows\System32\WTcjomK.exe
  C:\Windows\System32\WTcjomK.exe
  2⤵
  PID:6408
- C:\Windows\System32\WrGexcj.exe
  C:\Windows\System32\WrGexcj.exe
  2⤵
  PID:6440
- C:\Windows\System32\egfemLc.exe
  C:\Windows\System32\egfemLc.exe
  2⤵
  PID:6456
- C:\Windows\System32\GyyREQQ.exe
  C:\Windows\System32\GyyREQQ.exe
  2⤵
  PID:6476
- C:\Windows\System32\kfwPoXh.exe
  C:\Windows\System32\kfwPoXh.exe
  2⤵
  PID:6492
- C:\Windows\System32\cZOfNlX.exe
  C:\Windows\System32\cZOfNlX.exe
  2⤵
  PID:6580
- C:\Windows\System32\aIxoArr.exe
  C:\Windows\System32\aIxoArr.exe
  2⤵
  PID:6696
- C:\Windows\System32\GrCUmle.exe
  C:\Windows\System32\GrCUmle.exe
  2⤵
  PID:6756
- C:\Windows\System32\nYMjGnH.exe
  C:\Windows\System32\nYMjGnH.exe
  2⤵
  PID:6780
- C:\Windows\System32\GgfUYlz.exe
  C:\Windows\System32\GgfUYlz.exe
  2⤵
  PID:6796
- C:\Windows\System32\iOKniAm.exe
  C:\Windows\System32\iOKniAm.exe
  2⤵
  PID:6812
- C:\Windows\System32\qfDGGUJ.exe
  C:\Windows\System32\qfDGGUJ.exe
  2⤵
  PID:6860
- C:\Windows\System32\mCLKEBd.exe
  C:\Windows\System32\mCLKEBd.exe
  2⤵
  PID:6876
- C:\Windows\System32\HlzYIrE.exe
  C:\Windows\System32\HlzYIrE.exe
  2⤵
  PID:6892
- C:\Windows\System32\MKkTLfo.exe
  C:\Windows\System32\MKkTLfo.exe
  2⤵
  PID:6908
- C:\Windows\System32\eGbmJEA.exe
  C:\Windows\System32\eGbmJEA.exe
  2⤵
  PID:6928
- C:\Windows\System32\MFmoEzZ.exe
  C:\Windows\System32\MFmoEzZ.exe
  2⤵
  PID:6956
- C:\Windows\System32\mdtthpr.exe
  C:\Windows\System32\mdtthpr.exe
  2⤵
  PID:7016
- C:\Windows\System32\XOBFpEs.exe
  C:\Windows\System32\XOBFpEs.exe
  2⤵
  PID:7032
- C:\Windows\System32\odMhhVq.exe
  C:\Windows\System32\odMhhVq.exe
  2⤵
  PID:7056
- C:\Windows\System32\ZeCaICW.exe
  C:\Windows\System32\ZeCaICW.exe
  2⤵
  PID:7072
- C:\Windows\System32\goUfSlr.exe
  C:\Windows\System32\goUfSlr.exe
  2⤵
  PID:7092
- C:\Windows\System32\injWxvK.exe
  C:\Windows\System32\injWxvK.exe
  2⤵
  PID:7108
- C:\Windows\System32\zcqUKsk.exe
  C:\Windows\System32\zcqUKsk.exe
  2⤵
  PID:7128
- C:\Windows\System32\lvGkKdY.exe
  C:\Windows\System32\lvGkKdY.exe
  2⤵
  PID:7144
- C:\Windows\System32\zsRRueU.exe
  C:\Windows\System32\zsRRueU.exe
  2⤵
  PID:7160
- C:\Windows\System32\dsTrtcG.exe
  C:\Windows\System32\dsTrtcG.exe
  2⤵
  PID:5776
- C:\Windows\System32\NQhGtft.exe
  C:\Windows\System32\NQhGtft.exe
  2⤵
  PID:6228
- C:\Windows\System32\FJZBGui.exe
  C:\Windows\System32\FJZBGui.exe
  2⤵
  PID:6284
- C:\Windows\System32\WyZxoPM.exe
  C:\Windows\System32\WyZxoPM.exe
  2⤵
  PID:6328
- C:\Windows\System32\xYetcrJ.exe
  C:\Windows\System32\xYetcrJ.exe
  2⤵
  PID:6312
- C:\Windows\System32\qvBJLLP.exe
  C:\Windows\System32\qvBJLLP.exe
  2⤵
  PID:2552
- C:\Windows\System32\hEmglua.exe
  C:\Windows\System32\hEmglua.exe
  2⤵
  PID:6376
- C:\Windows\System32\leDeFqN.exe
  C:\Windows\System32\leDeFqN.exe
  2⤵
  PID:6344
- C:\Windows\System32\AcCuCts.exe
  C:\Windows\System32\AcCuCts.exe
  2⤵
  PID:3888
- C:\Windows\System32\qUDumqf.exe
  C:\Windows\System32\qUDumqf.exe
  2⤵
  PID:6576
- C:\Windows\System32\ViIkhyB.exe
  C:\Windows\System32\ViIkhyB.exe
  2⤵
  PID:4232
- C:\Windows\System32\Xkzvsxg.exe
  C:\Windows\System32\Xkzvsxg.exe
  2⤵
  PID:6792
- C:\Windows\System32\IDDxYIm.exe
  C:\Windows\System32\IDDxYIm.exe
  2⤵
  PID:6768
- C:\Windows\System32\AyfsNAJ.exe
  C:\Windows\System32\AyfsNAJ.exe
  2⤵
  PID:2812
- C:\Windows\System32\hxGkPml.exe
  C:\Windows\System32\hxGkPml.exe
  2⤵
  PID:6916
- C:\Windows\System32\nTFoFMt.exe
  C:\Windows\System32\nTFoFMt.exe
  2⤵
  PID:6904
- C:\Windows\System32\vqAygpU.exe
  C:\Windows\System32\vqAygpU.exe
  2⤵
  PID:7140
- C:\Windows\System32\qWBAyMr.exe
  C:\Windows\System32\qWBAyMr.exe
  2⤵
  PID:7084
- C:\Windows\System32\mzbPMcl.exe
  C:\Windows\System32\mzbPMcl.exe
  2⤵
  PID:6428
- C:\Windows\System32\UgMVqTT.exe
  C:\Windows\System32\UgMVqTT.exe
  2⤵
  PID:6468
- C:\Windows\System32\YZMyKdb.exe
  C:\Windows\System32\YZMyKdb.exe
  2⤵
  PID:6540
- C:\Windows\System32\jXatvAR.exe
  C:\Windows\System32\jXatvAR.exe
  2⤵
  PID:4620
- C:\Windows\System32\zsNZjxa.exe
  C:\Windows\System32\zsNZjxa.exe
  2⤵
  PID:6844
- C:\Windows\System32\tcsxrkI.exe
  C:\Windows\System32\tcsxrkI.exe
  2⤵
  PID:6512
- C:\Windows\System32\IsywyWR.exe
  C:\Windows\System32\IsywyWR.exe
  2⤵
  PID:6828
- C:\Windows\System32\flELhwl.exe
  C:\Windows\System32\flELhwl.exe
  2⤵
  PID:6992
- C:\Windows\System32\EGjUGgb.exe
  C:\Windows\System32\EGjUGgb.exe
  2⤵
  PID:6236
- C:\Windows\System32\YthDghm.exe
  C:\Windows\System32\YthDghm.exe
  2⤵
  PID:6520
- C:\Windows\System32\xlnkxlb.exe
  C:\Windows\System32\xlnkxlb.exe
  2⤵
  PID:6708
- C:\Windows\System32\MJpvYyF.exe
  C:\Windows\System32\MJpvYyF.exe
  2⤵
  PID:1588
- C:\Windows\System32\BqjAfgB.exe
  C:\Windows\System32\BqjAfgB.exe
  2⤵
  PID:6396
- C:\Windows\System32\XffzMcg.exe
  C:\Windows\System32\XffzMcg.exe
  2⤵
  PID:6128
- C:\Windows\System32\rqYPTVA.exe
  C:\Windows\System32\rqYPTVA.exe
  2⤵
  PID:7184
- C:\Windows\System32\xZUcPOE.exe
  C:\Windows\System32\xZUcPOE.exe
  2⤵
  PID:7200
- C:\Windows\System32\oGfyTyX.exe
  C:\Windows\System32\oGfyTyX.exe
  2⤵
  PID:7224
- C:\Windows\System32\hdXYphx.exe
  C:\Windows\System32\hdXYphx.exe
  2⤵
  PID:7240
- C:\Windows\System32\zJrHToC.exe
  C:\Windows\System32\zJrHToC.exe
  2⤵
  PID:7276
- C:\Windows\System32\rUGAmfB.exe
  C:\Windows\System32\rUGAmfB.exe
  2⤵
  PID:7344
- C:\Windows\System32\gIqJbrU.exe
  C:\Windows\System32\gIqJbrU.exe
  2⤵
  PID:7360
- C:\Windows\System32\EKVENTd.exe
  C:\Windows\System32\EKVENTd.exe
  2⤵
  PID:7380
- C:\Windows\System32\nzwCDWD.exe
  C:\Windows\System32\nzwCDWD.exe
  2⤵
  PID:7408
- C:\Windows\System32\rKiEegl.exe
  C:\Windows\System32\rKiEegl.exe
  2⤵
  PID:7448
- C:\Windows\System32\IkTwhTw.exe
  C:\Windows\System32\IkTwhTw.exe
  2⤵
  PID:7468
- C:\Windows\System32\Qkjxlth.exe
  C:\Windows\System32\Qkjxlth.exe
  2⤵
  PID:7492
- C:\Windows\System32\IgYXeNh.exe
  C:\Windows\System32\IgYXeNh.exe
  2⤵
  PID:7512
- C:\Windows\System32\ENvoLgD.exe
  C:\Windows\System32\ENvoLgD.exe
  2⤵
  PID:7528
- C:\Windows\System32\cbPeKFC.exe
  C:\Windows\System32\cbPeKFC.exe
  2⤵
  PID:7548
- C:\Windows\System32\XkFQZtM.exe
  C:\Windows\System32\XkFQZtM.exe
  2⤵
  PID:7584
- C:\Windows\System32\BtHKYYN.exe
  C:\Windows\System32\BtHKYYN.exe
  2⤵
  PID:7604
- C:\Windows\System32\CAhGRDD.exe
  C:\Windows\System32\CAhGRDD.exe
  2⤵
  PID:7624
- C:\Windows\System32\avHYqmx.exe
  C:\Windows\System32\avHYqmx.exe
  2⤵
  PID:7732
- C:\Windows\System32\BlBXEVH.exe
  C:\Windows\System32\BlBXEVH.exe
  2⤵
  PID:7752
- C:\Windows\System32\Wyuenfg.exe
  C:\Windows\System32\Wyuenfg.exe
  2⤵
  PID:7768
- C:\Windows\System32\GCiTGoc.exe
  C:\Windows\System32\GCiTGoc.exe
  2⤵
  PID:7816
- C:\Windows\System32\gbXLcGq.exe
  C:\Windows\System32\gbXLcGq.exe
  2⤵
  PID:7876
- C:\Windows\System32\zjzuUtA.exe
  C:\Windows\System32\zjzuUtA.exe
  2⤵
  PID:7896
- C:\Windows\System32\QXcIbPN.exe
  C:\Windows\System32\QXcIbPN.exe
  2⤵
  PID:7920
- C:\Windows\System32\hUBbtMN.exe
  C:\Windows\System32\hUBbtMN.exe
  2⤵
  PID:7936
- C:\Windows\System32\TLtPAZF.exe
  C:\Windows\System32\TLtPAZF.exe
  2⤵
  PID:7956
- C:\Windows\System32\IdtDOKu.exe
  C:\Windows\System32\IdtDOKu.exe
  2⤵
  PID:7984
- C:\Windows\System32\BXQSNpK.exe
  C:\Windows\System32\BXQSNpK.exe
  2⤵
  PID:8000
- C:\Windows\System32\pUxaFTQ.exe
  C:\Windows\System32\pUxaFTQ.exe
  2⤵
  PID:8048
- C:\Windows\System32\YPxwIMO.exe
  C:\Windows\System32\YPxwIMO.exe
  2⤵
  PID:8068
- C:\Windows\System32\vIXiHhB.exe
  C:\Windows\System32\vIXiHhB.exe
  2⤵
  PID:8084
- C:\Windows\System32\AIgrfsG.exe
  C:\Windows\System32\AIgrfsG.exe
  2⤵
  PID:8100
- C:\Windows\System32\jkbgAWg.exe
  C:\Windows\System32\jkbgAWg.exe
  2⤵
  PID:8120
- C:\Windows\System32\UcuBxGn.exe
  C:\Windows\System32\UcuBxGn.exe
  2⤵
  PID:8136
- C:\Windows\System32\ttEAFXV.exe
  C:\Windows\System32\ttEAFXV.exe
  2⤵
  PID:8156
- C:\Windows\System32\fgFoZSU.exe
  C:\Windows\System32\fgFoZSU.exe
  2⤵
  PID:6804
- C:\Windows\System32\WFCHdSL.exe
  C:\Windows\System32\WFCHdSL.exe
  2⤵
  PID:7196
- C:\Windows\System32\jgMdFuk.exe
  C:\Windows\System32\jgMdFuk.exe
  2⤵
  PID:7292
- C:\Windows\System32\hVGsnVH.exe
  C:\Windows\System32\hVGsnVH.exe
  2⤵
  PID:7308
- C:\Windows\System32\AaxJDfm.exe
  C:\Windows\System32\AaxJDfm.exe
  2⤵
  PID:7436
- C:\Windows\System32\hNIyIYF.exe
  C:\Windows\System32\hNIyIYF.exe
  2⤵
  PID:7524
- C:\Windows\System32\wVAHmtG.exe
  C:\Windows\System32\wVAHmtG.exe
  2⤵
  PID:7456
- C:\Windows\System32\rCeMZJS.exe
  C:\Windows\System32\rCeMZJS.exe
  2⤵
  PID:7520
- C:\Windows\System32\uutrjbg.exe
  C:\Windows\System32\uutrjbg.exe
  2⤵
  PID:7564
- C:\Windows\System32\euqfbuo.exe
  C:\Windows\System32\euqfbuo.exe
  2⤵
  PID:7888
- C:\Windows\System32\gVOcijK.exe
  C:\Windows\System32\gVOcijK.exe
  2⤵
  PID:7944
- C:\Windows\System32\AIxTPjZ.exe
  C:\Windows\System32\AIxTPjZ.exe
  2⤵
  PID:7952
- C:\Windows\System32\jeMpcuH.exe
  C:\Windows\System32\jeMpcuH.exe
  2⤵
  PID:8036
- C:\Windows\System32\VmSnyHF.exe
  C:\Windows\System32\VmSnyHF.exe
  2⤵
  PID:8064
- C:\Windows\System32\vYWmseh.exe
  C:\Windows\System32\vYWmseh.exe
  2⤵
  PID:8096
- C:\Windows\System32\BdydaLY.exe
  C:\Windows\System32\BdydaLY.exe
  2⤵
  PID:8144
- C:\Windows\System32\kbOLhkt.exe
  C:\Windows\System32\kbOLhkt.exe
  2⤵
  PID:7372
- C:\Windows\System32\oYFDHwJ.exe
  C:\Windows\System32\oYFDHwJ.exe
  2⤵
  PID:7504
- C:\Windows\System32\jRNiVYG.exe
  C:\Windows\System32\jRNiVYG.exe
  2⤵
  PID:7416
- C:\Windows\System32\PmefEFl.exe
  C:\Windows\System32\PmefEFl.exe
  2⤵
  PID:7992
- C:\Windows\System32\IPrJAQV.exe
  C:\Windows\System32\IPrJAQV.exe
  2⤵
  PID:8128
- C:\Windows\System32\XuLKMoi.exe
  C:\Windows\System32\XuLKMoi.exe
  2⤵
  PID:8164
- C:\Windows\System32\GewIipZ.exe
  C:\Windows\System32\GewIipZ.exe
  2⤵
  PID:8108
- C:\Windows\System32\EFJzdOs.exe
  C:\Windows\System32\EFJzdOs.exe
  2⤵
  PID:8200
- C:\Windows\System32\QIPzGbM.exe
  C:\Windows\System32\QIPzGbM.exe
  2⤵
  PID:8220
- C:\Windows\System32\SPSHTkT.exe
  C:\Windows\System32\SPSHTkT.exe
  2⤵
  PID:8236
- C:\Windows\System32\KDHaMRd.exe
  C:\Windows\System32\KDHaMRd.exe
  2⤵
  PID:8252
- C:\Windows\System32\ixIuxis.exe
  C:\Windows\System32\ixIuxis.exe
  2⤵
  PID:8296
- C:\Windows\System32\TexjLtE.exe
  C:\Windows\System32\TexjLtE.exe
  2⤵
  PID:8360
- C:\Windows\System32\ocJqXWP.exe
  C:\Windows\System32\ocJqXWP.exe
  2⤵
  PID:8380
- C:\Windows\System32\xsPXwPt.exe
  C:\Windows\System32\xsPXwPt.exe
  2⤵
  PID:8396
- C:\Windows\System32\CqTcyTs.exe
  C:\Windows\System32\CqTcyTs.exe
  2⤵
  PID:8416
- C:\Windows\System32\iWbwDRm.exe
  C:\Windows\System32\iWbwDRm.exe
  2⤵
  PID:8488
- C:\Windows\System32\XeiveHK.exe
  C:\Windows\System32\XeiveHK.exe
  2⤵
  PID:8540
- C:\Windows\System32\bIixETh.exe
  C:\Windows\System32\bIixETh.exe
  2⤵
  PID:8556
- C:\Windows\System32\mKcnSgo.exe
  C:\Windows\System32\mKcnSgo.exe
  2⤵
  PID:8612
- C:\Windows\System32\Crpocqo.exe
  C:\Windows\System32\Crpocqo.exe
  2⤵
  PID:8628
- C:\Windows\System32\xloFzIx.exe
  C:\Windows\System32\xloFzIx.exe
  2⤵
  PID:8680
- C:\Windows\System32\KVxSdpo.exe
  C:\Windows\System32\KVxSdpo.exe
  2⤵
  PID:8700
- C:\Windows\System32\UpBKXNT.exe
  C:\Windows\System32\UpBKXNT.exe
  2⤵
  PID:8752
- C:\Windows\System32\GKdRSEr.exe
  C:\Windows\System32\GKdRSEr.exe
  2⤵
  PID:8772
- C:\Windows\System32\hOwxhRV.exe
  C:\Windows\System32\hOwxhRV.exe
  2⤵
  PID:8792
- C:\Windows\System32\VTsbLAB.exe
  C:\Windows\System32\VTsbLAB.exe
  2⤵
  PID:8812
- C:\Windows\System32\nsHFWre.exe
  C:\Windows\System32\nsHFWre.exe
  2⤵
  PID:8836
- C:\Windows\System32\OQLHOaN.exe
  C:\Windows\System32\OQLHOaN.exe
  2⤵
  PID:8900
- C:\Windows\System32\eUIMPdl.exe
  C:\Windows\System32\eUIMPdl.exe
  2⤵
  PID:8960
- C:\Windows\System32\QAlsOBK.exe
  C:\Windows\System32\QAlsOBK.exe
  2⤵
  PID:8976
- C:\Windows\System32\UzMujva.exe
  C:\Windows\System32\UzMujva.exe
  2⤵
  PID:8996
- C:\Windows\System32\MYBpyUl.exe
  C:\Windows\System32\MYBpyUl.exe
  2⤵
  PID:9012
- C:\Windows\System32\EHtGUFB.exe
  C:\Windows\System32\EHtGUFB.exe
  2⤵
  PID:9032
- C:\Windows\System32\QXSUXue.exe
  C:\Windows\System32\QXSUXue.exe
  2⤵
  PID:9080
- C:\Windows\System32\aGdsfUf.exe
  C:\Windows\System32\aGdsfUf.exe
  2⤵
  PID:9116
- C:\Windows\System32\gRDQSYw.exe
  C:\Windows\System32\gRDQSYw.exe
  2⤵
  PID:9136
- C:\Windows\System32\nHxMGOH.exe
  C:\Windows\System32\nHxMGOH.exe
  2⤵
  PID:9152
- C:\Windows\System32\wtvhgJy.exe
  C:\Windows\System32\wtvhgJy.exe
  2⤵
  PID:9212
- C:\Windows\System32\wVvHUfM.exe
  C:\Windows\System32\wVvHUfM.exe
  2⤵
  PID:7840
- C:\Windows\System32\gVoFbXP.exe
  C:\Windows\System32\gVoFbXP.exe
  2⤵
  PID:7352
- C:\Windows\System32\vXAeUtE.exe
  C:\Windows\System32\vXAeUtE.exe
  2⤵
  PID:7476
- C:\Windows\System32\jxFjsrF.exe
  C:\Windows\System32\jxFjsrF.exe
  2⤵
  PID:8092
- C:\Windows\System32\ardbPGY.exe
  C:\Windows\System32\ardbPGY.exe
  2⤵
  PID:8212
- C:\Windows\System32\pNdMBdT.exe
  C:\Windows\System32\pNdMBdT.exe
  2⤵
  PID:8208
- C:\Windows\System32\yOyVpqG.exe
  C:\Windows\System32\yOyVpqG.exe
  2⤵
  PID:8288
- C:\Windows\System32\TypSsxW.exe
  C:\Windows\System32\TypSsxW.exe
  2⤵
  PID:7760
- C:\Windows\System32\kTMmwLK.exe
  C:\Windows\System32\kTMmwLK.exe
  2⤵
  PID:8324
- C:\Windows\System32\puiSoZu.exe
  C:\Windows\System32\puiSoZu.exe
  2⤵
  PID:8392
- C:\Windows\System32\ormzLXS.exe
  C:\Windows\System32\ormzLXS.exe
  2⤵
  PID:8484
- C:\Windows\System32\PDrdEqZ.exe
  C:\Windows\System32\PDrdEqZ.exe
  2⤵
  PID:8376
- C:\Windows\System32\HFEMijD.exe
  C:\Windows\System32\HFEMijD.exe
  2⤵
  PID:8552
- C:\Windows\System32\yjcaQrJ.exe
  C:\Windows\System32\yjcaQrJ.exe
  2⤵
  PID:8592
- C:\Windows\System32\pFLFEvc.exe
  C:\Windows\System32\pFLFEvc.exe
  2⤵
  PID:8668
- C:\Windows\System32\atwTzeS.exe
  C:\Windows\System32\atwTzeS.exe
  2⤵
  PID:8696
- C:\Windows\System32\sGbNZxv.exe
  C:\Windows\System32\sGbNZxv.exe
  2⤵
  PID:8944
- C:\Windows\System32\EPYJFmZ.exe
  C:\Windows\System32\EPYJFmZ.exe
  2⤵
  PID:9088
- C:\Windows\System32\xKQWWuW.exe
  C:\Windows\System32\xKQWWuW.exe
  2⤵
  PID:9076
- C:\Windows\System32\YCwbPoS.exe
  C:\Windows\System32\YCwbPoS.exe
  2⤵
  PID:9192
- C:\Windows\System32\TKhbFZD.exe
  C:\Windows\System32\TKhbFZD.exe
  2⤵
  PID:9124
- C:\Windows\System32\yRgGFaE.exe
  C:\Windows\System32\yRgGFaE.exe
  2⤵
  PID:8196
- C:\Windows\System32\KNzxxxP.exe
  C:\Windows\System32\KNzxxxP.exe
  2⤵
  PID:4364
- C:\Windows\System32\HdFOOur.exe
  C:\Windows\System32\HdFOOur.exe
  2⤵
  PID:8332
- C:\Windows\System32\vsupMII.exe
  C:\Windows\System32\vsupMII.exe
  2⤵
  PID:7980
- C:\Windows\System32\ICrwzzf.exe
  C:\Windows\System32\ICrwzzf.exe
  2⤵
  PID:8788
- C:\Windows\System32\klguHLj.exe
  C:\Windows\System32\klguHLj.exe
  2⤵
  PID:8884
- C:\Windows\System32\nEeHtoa.exe
  C:\Windows\System32\nEeHtoa.exe
  2⤵
  PID:9072
- C:\Windows\System32\jtzdtxh.exe
  C:\Windows\System32\jtzdtxh.exe
  2⤵
  PID:9112
- C:\Windows\System32\DXEYzoH.exe
  C:\Windows\System32\DXEYzoH.exe
  2⤵
  PID:9004
- C:\Windows\System32\bJPdNNG.exe
  C:\Windows\System32\bJPdNNG.exe
  2⤵
  PID:8572
- C:\Windows\System32\ypAYylt.exe
  C:\Windows\System32\ypAYylt.exe
  2⤵
  PID:8948
- C:\Windows\System32\AEHPsbP.exe
  C:\Windows\System32\AEHPsbP.exe
  2⤵
  PID:9228
- C:\Windows\System32\QqNidBE.exe
  C:\Windows\System32\QqNidBE.exe
  2⤵
  PID:9244
- C:\Windows\System32\TJbZqVD.exe
  C:\Windows\System32\TJbZqVD.exe
  2⤵
  PID:9264
- C:\Windows\System32\QykrACp.exe
  C:\Windows\System32\QykrACp.exe
  2⤵
  PID:9280
- C:\Windows\System32\kHDuKKy.exe
  C:\Windows\System32\kHDuKKy.exe
  2⤵
  PID:9356
- C:\Windows\System32\mHalzEy.exe
  C:\Windows\System32\mHalzEy.exe
  2⤵
  PID:9372
- C:\Windows\System32\rZrXmWe.exe
  C:\Windows\System32\rZrXmWe.exe
  2⤵
  PID:9388
- C:\Windows\System32\tCWIVjp.exe
  C:\Windows\System32\tCWIVjp.exe
  2⤵
  PID:9404
- C:\Windows\System32\zYgIBiT.exe
  C:\Windows\System32\zYgIBiT.exe
  2⤵
  PID:9468
- C:\Windows\System32\nRNMBym.exe
  C:\Windows\System32\nRNMBym.exe
  2⤵
  PID:9508
- C:\Windows\System32\WMNHPNZ.exe
  C:\Windows\System32\WMNHPNZ.exe
  2⤵
  PID:9524
- C:\Windows\System32\fdkgYcG.exe
  C:\Windows\System32\fdkgYcG.exe
  2⤵
  PID:9540
- C:\Windows\System32\Wauzcvh.exe
  C:\Windows\System32\Wauzcvh.exe
  2⤵
  PID:9564
- C:\Windows\System32\oKaPKZq.exe
  C:\Windows\System32\oKaPKZq.exe
  2⤵
  PID:9604
- C:\Windows\System32\vpYWLBh.exe
  C:\Windows\System32\vpYWLBh.exe
  2⤵
  PID:9676
- C:\Windows\System32\LTDdnJD.exe
  C:\Windows\System32\LTDdnJD.exe
  2⤵
  PID:9692
- C:\Windows\System32\OgxiBBo.exe
  C:\Windows\System32\OgxiBBo.exe
  2⤵
  PID:9712
- C:\Windows\System32\tGTSmMI.exe
  C:\Windows\System32\tGTSmMI.exe
  2⤵
  PID:9728
- C:\Windows\System32\kwojcQm.exe
  C:\Windows\System32\kwojcQm.exe
  2⤵
  PID:9760
- C:\Windows\System32\bKHIUPL.exe
  C:\Windows\System32\bKHIUPL.exe
  2⤵
  PID:9776
- C:\Windows\System32\poZPVwy.exe
  C:\Windows\System32\poZPVwy.exe
  2⤵
  PID:9800
- C:\Windows\System32\DIHccOC.exe
  C:\Windows\System32\DIHccOC.exe
  2⤵
  PID:9816
- C:\Windows\System32\CVUivIS.exe
  C:\Windows\System32\CVUivIS.exe
  2⤵
  PID:9836
- C:\Windows\System32\JqolFad.exe
  C:\Windows\System32\JqolFad.exe
  2⤵
  PID:9884
- C:\Windows\System32\MQpLlpw.exe
  C:\Windows\System32\MQpLlpw.exe
  2⤵
  PID:9920
- C:\Windows\System32\mhOTDNU.exe
  C:\Windows\System32\mhOTDNU.exe
  2⤵
  PID:9992
- C:\Windows\System32\tQsZThD.exe
  C:\Windows\System32\tQsZThD.exe
  2⤵
  PID:10028
- C:\Windows\System32\xCiURde.exe
  C:\Windows\System32\xCiURde.exe
  2⤵
  PID:10068
- C:\Windows\System32\voSzPsP.exe
  C:\Windows\System32\voSzPsP.exe
  2⤵
  PID:10088
- C:\Windows\System32\SKyxBTw.exe
  C:\Windows\System32\SKyxBTw.exe
  2⤵
  PID:10108
- C:\Windows\System32\aDiBrkK.exe
  C:\Windows\System32\aDiBrkK.exe
  2⤵
  PID:10148
- C:\Windows\System32\IGJhUAh.exe
  C:\Windows\System32\IGJhUAh.exe
  2⤵
  PID:10204
- C:\Windows\System32\AvPKpov.exe
  C:\Windows\System32\AvPKpov.exe
  2⤵
  PID:10220
- C:\Windows\System32\IecncJX.exe
  C:\Windows\System32\IecncJX.exe
  2⤵
  PID:9288
- C:\Windows\System32\nLaqowT.exe
  C:\Windows\System32\nLaqowT.exe
  2⤵
  PID:9364
- C:\Windows\System32\rZPdjKj.exe
  C:\Windows\System32\rZPdjKj.exe
  2⤵
  PID:9352
- C:\Windows\System32\PXDyFdh.exe
  C:\Windows\System32\PXDyFdh.exe
  2⤵
  PID:9396
- C:\Windows\System32\ppWHEly.exe
  C:\Windows\System32\ppWHEly.exe
  2⤵
  PID:9420
- C:\Windows\System32\WCvqNCJ.exe
  C:\Windows\System32\WCvqNCJ.exe
  2⤵
  PID:9488
- C:\Windows\System32\TAhpYdu.exe
  C:\Windows\System32\TAhpYdu.exe
  2⤵
  PID:9560
- C:\Windows\System32\IjuHrja.exe
  C:\Windows\System32\IjuHrja.exe
  2⤵
  PID:9596
- C:\Windows\System32\kyssyAb.exe
  C:\Windows\System32\kyssyAb.exe
  2⤵
  PID:9644
- C:\Windows\System32\ENxQaOq.exe
  C:\Windows\System32\ENxQaOq.exe
  2⤵
  PID:9684
- C:\Windows\System32\fjLkVrt.exe
  C:\Windows\System32\fjLkVrt.exe
  2⤵
  PID:9672
- C:\Windows\System32\dQjsmjJ.exe
  C:\Windows\System32\dQjsmjJ.exe
  2⤵
  PID:9796
- C:\Windows\System32\zEGTKly.exe
  C:\Windows\System32\zEGTKly.exe
  2⤵
  PID:9788
- C:\Windows\System32\qbMrzpm.exe
  C:\Windows\System32\qbMrzpm.exe
  2⤵
  PID:9868
- C:\Windows\System32\CcENNFT.exe
  C:\Windows\System32\CcENNFT.exe
  2⤵
  PID:9912
- C:\Windows\System32\ywqgHZw.exe
  C:\Windows\System32\ywqgHZw.exe
  2⤵
  PID:10044
- C:\Windows\System32\DimOJNC.exe
  C:\Windows\System32\DimOJNC.exe
  2⤵
  PID:10132
- C:\Windows\System32\ghfXRsd.exe
  C:\Windows\System32\ghfXRsd.exe
  2⤵
  PID:10160
- C:\Windows\System32\kSXinFC.exe
  C:\Windows\System32\kSXinFC.exe
  2⤵
  PID:9384
- C:\Windows\System32\NwEwzwW.exe
  C:\Windows\System32\NwEwzwW.exe
  2⤵
  PID:9432
- C:\Windows\System32\AZTISrq.exe
  C:\Windows\System32\AZTISrq.exe
  2⤵
  PID:9516
- C:\Windows\System32\flHbeoY.exe
  C:\Windows\System32\flHbeoY.exe
  2⤵
  PID:9844
- C:\Windows\System32\WyrEctP.exe
  C:\Windows\System32\WyrEctP.exe
  2⤵
  PID:9872
- C:\Windows\System32\pCwsNwg.exe
  C:\Windows\System32\pCwsNwg.exe
  2⤵
  PID:3516
- C:\Windows\System32\BoQbYKx.exe
  C:\Windows\System32\BoQbYKx.exe
  2⤵
  PID:9964
- C:\Windows\System32\yaOzMIu.exe
  C:\Windows\System32\yaOzMIu.exe
  2⤵
  PID:9980
- C:\Windows\System32\BJJfUPd.exe
  C:\Windows\System32\BJJfUPd.exe
  2⤵
  PID:10192
- C:\Windows\System32\qkpBjie.exe
  C:\Windows\System32\qkpBjie.exe
  2⤵
  PID:9040
- C:\Windows\System32\JuwPaOS.exe
  C:\Windows\System32\JuwPaOS.exe
  2⤵
  PID:9536
- C:\Windows\System32\rftbYNC.exe
  C:\Windows\System32\rftbYNC.exe
  2⤵
  PID:9952
- C:\Windows\System32\ldzuvmy.exe
  C:\Windows\System32\ldzuvmy.exe
  2⤵
  PID:8868
- C:\Windows\System32\RdGJyYA.exe
  C:\Windows\System32\RdGJyYA.exe
  2⤵
  PID:10116
- C:\Windows\System32\QeVnbPv.exe
  C:\Windows\System32\QeVnbPv.exe
  2⤵
  PID:1128
- C:\Windows\System32\iCfRrvI.exe
  C:\Windows\System32\iCfRrvI.exe
  2⤵
  PID:10244
- C:\Windows\System32\mPTXzrF.exe
  C:\Windows\System32\mPTXzrF.exe
  2⤵
  PID:10260
- C:\Windows\System32\VhPXwMF.exe
  C:\Windows\System32\VhPXwMF.exe
  2⤵
  PID:10316
- C:\Windows\System32\zkGckxm.exe
  C:\Windows\System32\zkGckxm.exe
  2⤵
  PID:10336
- C:\Windows\System32\jEvDPVk.exe
  C:\Windows\System32\jEvDPVk.exe
  2⤵
  PID:10352
- C:\Windows\System32\TwprQxS.exe
  C:\Windows\System32\TwprQxS.exe
  2⤵
  PID:10368
- C:\Windows\System32\tRDKSsF.exe
  C:\Windows\System32\tRDKSsF.exe
  2⤵
  PID:10388
- C:\Windows\System32\QikTiPG.exe
  C:\Windows\System32\QikTiPG.exe
  2⤵
  PID:10404
- C:\Windows\System32\IShNUJi.exe
  C:\Windows\System32\IShNUJi.exe
  2⤵
  PID:10424
- C:\Windows\System32\bJbvCIy.exe
  C:\Windows\System32\bJbvCIy.exe
  2⤵
  PID:10448
- C:\Windows\System32\kBxISEX.exe
  C:\Windows\System32\kBxISEX.exe
  2⤵
  PID:10516
- C:\Windows\System32\AlCPZOt.exe
  C:\Windows\System32\AlCPZOt.exe
  2⤵
  PID:10556
- C:\Windows\System32\eUlmdNB.exe
  C:\Windows\System32\eUlmdNB.exe
  2⤵
  PID:10572
- C:\Windows\System32\bdQVJve.exe
  C:\Windows\System32\bdQVJve.exe
  2⤵
  PID:10600
- C:\Windows\System32\cSilgRZ.exe
  C:\Windows\System32\cSilgRZ.exe
  2⤵
  PID:10628
- C:\Windows\System32\UgYjbDo.exe
  C:\Windows\System32\UgYjbDo.exe
  2⤵
  PID:10712
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 10712 -s 252
    3⤵
    PID:10280

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:10828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AwaqSWJ.exe

Filesize
1.2MB

MD5
8b4f6e685a312f3b077a8f9cfe081744

SHA1
35fefb0b0b16dbbe874dddf39039236285fe0511

SHA256
e144f5acadfc756ddc3ff8ae317d95020be5ede0d457e92b85b59feadc1f39ea

SHA512
086d3fccca88798af61b8600dcbaf741e4a6e867e7f9919d4da5458aebd6df1661f32e3715c3c55dedbb69dc981dd492c66ee3610336b5f379b2e124dfab4200

Download Submit
C:\Windows\System32\BTmWbvF.exe

Filesize
1.2MB

MD5
c2beffe85303180be2b63b8c7cc9e58a

SHA1
3725c4f338ba42371609c97d961bc712d3985685

SHA256
86fe2a88e6046e0409b80e4b141cb277aeb1fe6cac1e52b9dca73446160dad05

SHA512
58fdb21454d8935a8e8aa804cc482cdb63cde8920d7af83eba71389330be76a809a9e4a9fed8a0c62b6a5f0c821feff4e6ffe545bf992555f58461012ae1deaf

Download Submit
C:\Windows\System32\BUStmSY.exe

Filesize
1.2MB

MD5
be7390b94e973eba02bbd5d7058793c5

SHA1
477e269073be0392b4991ce4b71c82bd094ca180

SHA256
53f95eb0605b4a0018e1d2ce20d236c22dab24bb02eb2963f2bea1bccf0dc1e0

SHA512
679db6932629351099cba89afc6d09e22ee3ff352b5027ce6ed82240145541223c947f63eb11e24c976defbac68db6852a093a5f8d1632fc98c364cc384bbfbe

Download Submit
C:\Windows\System32\DNsIXUX.exe

Filesize
1.2MB

MD5
7b2320d89f13d209d34ad922b83be014

SHA1
7e0bb6d71b50477b38326ed2f8582716ceecf183

SHA256
08b5c6d7eac42f680dae7062a791d92f4dce2ce151be0c10e39c566b3156f661

SHA512
880beb7c2212d679c99124dd31fbf0b7120bcb8e33092588773cff56fadf1d34e7721222475cf3731a6698ccc0a2604d63620d3a34c1d895a42cf375b2e5cc2c

Download Submit
C:\Windows\System32\FoLlTYW.exe

Filesize
1.2MB

MD5
6916528b83dea90b8bc1a0fc44b1aa2d

SHA1
53db36b4709015e084af4f4269724c5ff90e4284

SHA256
9a55101ea496672f7b47d38461de7a98045b6aafc8158d889f5a4a8283c5a98c

SHA512
798519ee293a817242920a8bcff9b0acd4e65d4ae2c4dcb9ca5989d7cf5da88456c71e0b167e6ae523f02dc2d63f8c01ef1af641781becc3a5652798740afb64

Download Submit
C:\Windows\System32\JTfAPQo.exe

Filesize
1.2MB

MD5
7d72beb27f2b409e2e4b7545337439c9

SHA1
eb2e84130a5ff628e149314243a83a269e3e9d6e

SHA256
c664a86465fce02c4c0d28fd5aacea1be1810b72b54fb1846bc34dad67112f49

SHA512
4c50857f40d7208253a416424c60398b0fc6f8769a2233ddc370208ee84afdd34a6a07bbad9961c25d626f149b13424e8eda5a01c1cbe2d2c7e44cb881e8909d

Download Submit
C:\Windows\System32\JsUhBXr.exe

Filesize
1.2MB

MD5
73ec3202f675a0dc57a73d0a36150c98

SHA1
d8b2464e7c63d70e93bdba861e40d2335fdef05e

SHA256
d6a080e38ebe994f92939012d154b3778121ea17d409503dba0fddeaed961ee8

SHA512
a8c7fbc90355d8a0c4b14e9de45acb4ed5921337a000f61eea7695ba0e2fa921918280a0473a42efd795907736e864e90591dd37d62b79e682e6cc48a5dce4be

Download Submit
C:\Windows\System32\MlOCYXC.exe

Filesize
1.2MB

MD5
f5aeefb4bb036530fe869a1feb999012

SHA1
6ec24cfbab651540c35b8651b0f7279060089928

SHA256
0e3571bd37c7a33ed2ec283633119552c95d19316eea6ce55e11011def671fad

SHA512
33b40cf808a41584cf0840a660612f16c25b5ec240a33085892d85fd5fc14db7045e41ea0c1d1d734f05187655676d61f3751dc1d62c634413060b19553daeee

Download Submit
C:\Windows\System32\MtAPFlY.exe

Filesize
1.2MB

MD5
165374d5121a0db78023e8e48d7b341a

SHA1
702967b6d689233ca954afd0e7111c254b580bbc

SHA256
f4a7505ea2413f73a9963c97f2b416adba6f0ab683fe95a45a2d962c51979b50

SHA512
66a8c58deea2b2e33d6e12f801de9766f5b507e5989c810cf9152df733d26246cc251a6e207fa068e7b34dbf88b2e8f4fa46fe8efce669a2bdf3c0294b52e701

Download Submit
C:\Windows\System32\NfBlqTd.exe

Filesize
1.2MB

MD5
0ca4e3c7060c48404008cedc4cc337a5

SHA1
cb24b1bf2dfef6e5a7680907207396c18a1b5f71

SHA256
07be4c8d89e81509ea7516a2d118be9b95ff4a3548d9843181e91801311b51cb

SHA512
658efc7b5379c43bb0106c4a40f4e6275e886733acebdb38c404193228e81dad10843f47b3353353aa2ce151b24ad8633786c22fadd7ddf793e6d2b2f1df548f

Download Submit
C:\Windows\System32\RWylYGp.exe

Filesize
1.2MB

MD5
692103bbea42c48eb31fa850d30876a8

SHA1
e919e2c9e88f99119c0e22766eaf2f9e916997fb

SHA256
c4dbdadfeab64d854ea0480a37a489fb33a436d43437cf4f111c45d1ba367633

SHA512
7fc7c8512526b66bc562ee9dde8863f80213af058ccf212ac9bf0c4d17ce4684cdfb5e63a94b773daf54aabb4e3729ba26c7eb2aee205ee9e99d080a3b2e46ae

Download Submit
C:\Windows\System32\TCSjjfk.exe

Filesize
1.2MB

MD5
146bcba4e1e9472d96a4159ad9529a92

SHA1
3720420c48782756f08f679e79980a986349d65a

SHA256
97a22e0b9804fd0b08acb45ad6a83ad243460af0b2ede5ea10d380f68226985c

SHA512
2be48716636be6dae3782ba1cda94f0b86fdedbb890ab6de2dd3db8ae519eb578d5512d168b9dd0cc2b5c2bcc3afdc5444ff884ae95cff7acd5983217fe9f0db

Download Submit
C:\Windows\System32\WVUqRfJ.exe

Filesize
1.2MB

MD5
c4893bc9c73044888ba3e8a9f1738352

SHA1
aaba0a1a4a631efd368df50eb0599d5566a94fa2

SHA256
7d42eab4aeff86ca9757ccac401fcbdede36412b8ec846d3b285e59dcfe8beae

SHA512
9b382bd2de7b0dfb393c4990c72cb8d2d9e5a5f68c5a205e6360c75c49a919bbaff7146e5dd9ded0544314b4c07b4d6c25c79fe02fe75e5f5895b62909332cea

Download Submit
C:\Windows\System32\Whbeoyb.exe

Filesize
1.2MB

MD5
eb8af9bdc9408084c3bc494c60166abd

SHA1
ec5a83f9fafe95b8e3cf6dfa1805f0e566e0cda1

SHA256
7d92418f46024db6a19e4fcce4d9f145cd95f5e09ae1c7abd50dea575fa0f752

SHA512
94ab62f39a092cd925a301d196305f5bacb996014a7f35215ec1f9c3671dd3c24b78340eb47a7823f7e6ff9b7195cb3f1b35451b999f7ff080cdce860665e8c8

Download Submit
C:\Windows\System32\WsmajQN.exe

Filesize
1.2MB

MD5
50b94541c4583071969f3d7a60eff190

SHA1
5f67b36270f90d903892d37dc83ccf8c5798a8d4

SHA256
12dba01e76b84bf54fda3e6e9a91e21869ff88ff681ff23d802092ccb5c0837a

SHA512
ac1c727c5d6da9fead34bafbaa12e7e16d0688ed63a0a20ce811b17bdad3584d1988cd5f11e0310553d42722236729ac285081112e720cbd188941397a491577

Download Submit
C:\Windows\System32\XryvHjr.exe

Filesize
1.2MB

MD5
67bf3f32a880d57347ecc9923fcc11f7

SHA1
bc0b644e95404b95d2a69e763a960f00d2afa394

SHA256
aa078e3a159cfdb18967312ead9f2d82254e7ad95c53541a75ebbbf4f0b70da9

SHA512
4091a6e16ff67bca4e55eb0d36987cdd684e03f9733bdc2f01b572ac496f5c6cc3cac5ad157e957de3daec6ffdd4a4159b1e3d54daf4c0edf7e1032d7af9293f

Download Submit
C:\Windows\System32\YAdowWJ.exe

Filesize
1.2MB

MD5
782b13b350e63595c01869a616dea177

SHA1
8d33de303c82cd7b622b9f312894bae390661989

SHA256
3a5ed2e36962fc614be71511ccfee4697d6b83ef119038afa70834f3f12fd1ff

SHA512
897d3d0c381887a738af3df120d998994bf26281df2bc1ed80c11ad1aab92a4f2d2eb01dd1f81d4ffebc20cd102002b7a23add87282259439d47d36b60c7f5f5

Download Submit
C:\Windows\System32\ZiqTZro.exe

Filesize
1.2MB

MD5
5726b20e3b00b87b964171c840b00d6a

SHA1
c6c16f54f6359676d85317802ab69e7ebb3f0d25

SHA256
d0e4810a2fde8577c53090d30738f22ea2921998ad97e34767c1a35e6eecd1b3

SHA512
4aa61412d55a68bcd2c0a2f0e02d4033007c7d313678d36fb64fa8f3ab89de81f61d0d021e0f65df23c5721b641ad8c36824d9cb1cb808704299e98c9134763a

Download Submit
C:\Windows\System32\buAjxPy.exe

Filesize
1.2MB

MD5
b1efc44afdb7fe8058da82b63b56949d

SHA1
002ee320afe41287ac57b17b6d4f6b5dd0e55a20

SHA256
8fe558a5144f9da68d8468befd7aa2847c11afc4e4aaf7f5fef8adcd985bdc0f

SHA512
169b37791932fc518455d3c944ca4d33ecf2387e37c3c1b0e7968373ea49bdd5a915a8dbef0e17b5f7b620bf2b3ab18347bc7f38ac25bce4ddde67e57828c157

Download Submit
C:\Windows\System32\dKyiQGW.exe

Filesize
1.2MB

MD5
2fd29a38575e479fd48e611d80522b7f

SHA1
1d9a4802eff1c63b7f7a2cc95f2b637c95671c22

SHA256
0912e518a08eae4556f32188457ce8010161b4d56d8c8793cb8077589e379cec

SHA512
e12fc36bcc5dce29a92684d8a60c7dbfd1121b234afb46f05652f49a18bf9f4b523ef5a280eea80ec212431e509048e3b6da8ac54a0345e4ae16cf18431511f6

Download Submit
C:\Windows\System32\eonAmsX.exe

Filesize
1.2MB

MD5
b59fa97fa56ef17002e13e85fc553113

SHA1
c484981f171b488e9a0f65c46609b80dc98b768c

SHA256
a39303782a98160a8e22fa2e7df1374681bf93a20cf2bb2b2f6bab1619d913b6

SHA512
cf0df177278455fcbdc2e509e25e649d63dda92f99a592100665460dda440007b2392963af3701ebb9d37033c87fc13d46bef0430716fd5c769739e6434b6ccb

Download Submit
C:\Windows\System32\fasOiia.exe

Filesize
1.2MB

MD5
1a2860c6598bdaabcc0c650098f1684c

SHA1
9638a3706c25d14b37dda24abc76ef5225818b08

SHA256
cbcbb1029a99d691f41ed5f8256a7a135f6d21655eaa3af612e1906aa665a344

SHA512
cbbb7a4befb1499fe26b474a6c252bb324004f9c743fd4372b60b96c01f404007a866f2ff5fa210dfc58d1d3a2170d9459c688417da687dd0a215441ca0e3307

Download Submit
C:\Windows\System32\glYVXpF.exe

Filesize
1.2MB

MD5
4e9948c7442fd2d42a320a7249d90dc0

SHA1
cabb7a3038e1ff76b1447bd180761baa2c0a0ca0

SHA256
b9a34d0a22d09ca2383eb2e1a19f5379a3536ac0ed95a9cc0b0660ee740b19a8

SHA512
050ff5a70f237de66ec16b41eff7519f4e6c498a167aeb8fdecb464740797957f66702be618c7f3e76cb8c9251d83199b77b05443a5fba2579c0b2e6de826901

Download Submit
C:\Windows\System32\icSOYbj.exe

Filesize
1.2MB

MD5
cd9fe868f0e90204df5ebe11fa63f82b

SHA1
749e8ceb809c95c854cc8bced78e5f5274c9452a

SHA256
dbd67e85fb9b9d2feae3ef0c39229e17149acf6908fda4b88f86eac891a2cab8

SHA512
d749e34c064815b313699443591116ab444302f412cab3bc956d00d0d3da10e166b330c6882a4368412d8edb64a677099bc9da13c82b4fa6cb6525a1b29674ef

Download Submit
C:\Windows\System32\imoDSTp.exe

Filesize
1.2MB

MD5
383a0edf51d759d1593f84882f9bd6d6

SHA1
a2d03c6418cdaeb0340690526ed648b2329dcdb1

SHA256
89dc27e0216a0b013fc5e6fb1fe93e1e160725581dbcc29d90cf453133cda6c7

SHA512
196260eaba15d77f2781e0049049010af6bed5d82572d2ff388efa3e0541aaa0fe7b1d718d8dce4bef85bb3012ddc9df704c2c736057e7c238cb51ea9b68b984

Download Submit
C:\Windows\System32\moscMeL.exe

Filesize
1.2MB

MD5
95ac7bd9bb3c1e264ce3d1555a28471a

SHA1
f9b9c096c6c02883aef69a9ea60bf4558896e0ff

SHA256
d279202791b8328f8633701b7ffd355c8f1104fd018aec80814667fe1cc0549b

SHA512
f82bcbe3cda19f44828f6a0cf3865bdea17868a30feff1fe6b18760eebb9fb01ac26f540a94bfdd0dcb526a5a12df824315611a4b9b84a8536ead29a79b43116

Download Submit
C:\Windows\System32\msNiYIX.exe

Filesize
1.2MB

MD5
8d1b7bfa7e18d6d02e0b615b0c1322e6

SHA1
bfee6b0da38526e181c436a12ec088a07c68f913

SHA256
620e364e5040e0e610cdd358ac372aaf2b4f0912a8ec96b54d47ae412d768981

SHA512
5ec4b75aa29d4a90a753bf4fd8c41bb2cb895a82b878414e42745bb4be5638857f7d737d3247ae32bf98476db57adb720bcebb2dcd0a3dac8fd2c5517bfdd73d

Download Submit
C:\Windows\System32\oATdaEj.exe

Filesize
1.2MB

MD5
3be7732cf5a461315e634430b484643b

SHA1
3a37e7d878c5236e63f24e1464583324a6764d57

SHA256
cba440f5c2fba60f855a65aa78d4ab768b6c8d8933dba326dea4ac29018482d8

SHA512
55f860990ef112e5dd3950ffec05ebf89e96c101e67471093ba92838d353714c3e8fe4144e3e912d8b54cd0ee9a922c14a2772646dc542472337bcc8fa901f43

Download Submit
C:\Windows\System32\oraCmIF.exe

Filesize
1.2MB

MD5
66ceddbb2c88a481ad7508022fac2156

SHA1
d7cec6fc1c1ea4fec73933819fa5222b38949cce

SHA256
8748f69a0d0739436d0b82579858205ac604b27d23914e5a750dde2793a70f65

SHA512
1f4ce7b79dbbdd19769968c73958c4c0479f4666081fba4bd2565fe73815e172b7bb0e686c8badc1c0d77e1134816ef981b6e625af9dd600d6d90ab06a0c73ef

Download Submit
C:\Windows\System32\qGveyjy.exe

Filesize
1.2MB

MD5
e06a2789937377054485698e0fbb1acb

SHA1
4fd5e730b87dfa4d1b9842e6b8ffb2a1cb97f85e

SHA256
4d8b33f1f1ddf10c2209a67c72d342a287b59d939e711003b4143b43f41f5cd9

SHA512
343d6cf2753618f921b5e8bcb0206bf22c081d74d33f9792bc2e61eb499113e7ef49b6d18407a58676ed243e5a5087a9c632617e35233be89827d9337c3531db

Download Submit
C:\Windows\System32\sVILbPf.exe

Filesize
1.2MB

MD5
6179d150d3c1267efc61af2747390aa4

SHA1
18c765e359a9c2b65da1e4075cb2b8cf9ce3d3cf

SHA256
d70120a6187b41d1cafbac78863c5050f47bd57519e39e8e04da7f833cf10f89

SHA512
299f3eb8b1f1028ecf857981bc4ee147d22ce607f4b133474925820e205ac5e202d212feb08b850ec74b5d5a5753a3c7be14b1512c5c6dadae653920622ed7d4

Download Submit
C:\Windows\System32\wIHjjZh.exe

Filesize
1.2MB

MD5
ba37604fc0728c4e91ae21ef4ebbe867

SHA1
9033181110927cfc82f9cb2c0be9a5a34421b7b5

SHA256
f0298da772c33937a32eaa1cbab5ff8243c9e7f18e15d2afbaf4d3610159287f

SHA512
065381a63859f7f4ed11583c7888cd5ba34fd303b7d0fd8e19845ebcb236b317496a5e375e9ee6efc9d90bac76fea36a5e2ac3a3cb9a4ad1eb4048fc5df42d81

Download Submit
C:\Windows\System32\zsjsNbs.exe

Filesize
1.2MB

MD5
c0cf878e1f5459f00eb9d58cecea71bc

SHA1
dc8ceb2442c55e12ab1f5996e3a0155892913c62

SHA256
7e3ee05de19cd6c10f6966db289b1fdf104a69668e271fc33054532191a32011

SHA512
0f09b011802250f9814e16364a2ff1fccccd86c71de30c66e14ab467b1b8fa5746c826a8fede39d229ad6b7ad80b707005716b4591a615a3a50cbc0d35f73b9d

Download Submit
memory/372-220-0x00007FF67DB00000-0x00007FF67DEF1000-memory.dmp

Filesize
3.9MB

Download
memory/384-286-0x00007FF6F10C0000-0x00007FF6F14B1000-memory.dmp

Filesize
3.9MB

Download
memory/440-119-0x00007FF67A850000-0x00007FF67AC41000-memory.dmp

Filesize
3.9MB

Download
memory/544-176-0x00007FF7A4E00000-0x00007FF7A51F1000-memory.dmp

Filesize
3.9MB

Download
memory/640-271-0x00007FF6AEBC0000-0x00007FF6AEFB1000-memory.dmp

Filesize
3.9MB

Download
memory/804-219-0x00007FF627FB0000-0x00007FF6283A1000-memory.dmp

Filesize
3.9MB

Download
memory/1008-215-0x00007FF75FD50000-0x00007FF760141000-memory.dmp

Filesize
3.9MB

Download
memory/1008-21-0x00007FF75FD50000-0x00007FF760141000-memory.dmp

Filesize
3.9MB

Download
memory/1020-106-0x00007FF7708E0000-0x00007FF770CD1000-memory.dmp

Filesize
3.9MB

Download
memory/1216-302-0x00007FF6328B0000-0x00007FF632CA1000-memory.dmp

Filesize
3.9MB

Download
memory/1356-281-0x00007FF63FF70000-0x00007FF640361000-memory.dmp

Filesize
3.9MB

Download
memory/1492-309-0x00007FF7EF7B0000-0x00007FF7EFBA1000-memory.dmp

Filesize
3.9MB

Download
memory/1536-283-0x00007FF6F5050000-0x00007FF6F5441000-memory.dmp

Filesize
3.9MB

Download
memory/1576-204-0x00007FF720C10000-0x00007FF721001000-memory.dmp

Filesize
3.9MB

Download
memory/1712-178-0x00007FF6FECA0000-0x00007FF6FF091000-memory.dmp

Filesize
3.9MB

Download
memory/1804-209-0x00007FF7B4860000-0x00007FF7B4C51000-memory.dmp

Filesize
3.9MB

Download
memory/1824-182-0x00007FF677830000-0x00007FF677C21000-memory.dmp

Filesize
3.9MB

Download
memory/1892-303-0x00007FF6A3690000-0x00007FF6A3A81000-memory.dmp

Filesize
3.9MB

Download
memory/1980-147-0x00007FF7BDF10000-0x00007FF7BE301000-memory.dmp

Filesize
3.9MB

Download
memory/2024-183-0x00007FF76AAC0000-0x00007FF76AEB1000-memory.dmp

Filesize
3.9MB

Download
memory/2032-69-0x00007FF751210000-0x00007FF751601000-memory.dmp

Filesize
3.9MB

Download
memory/2072-39-0x00007FF7F9FA0000-0x00007FF7FA391000-memory.dmp

Filesize
3.9MB

Download
memory/2072-195-0x00007FF7F9FA0000-0x00007FF7FA391000-memory.dmp

Filesize
3.9MB

Download
memory/2168-64-0x00007FF781790000-0x00007FF781B81000-memory.dmp

Filesize
3.9MB

Download
memory/2248-206-0x00007FF696DF0000-0x00007FF6971E1000-memory.dmp

Filesize
3.9MB

Download
memory/2328-254-0x00007FF609940000-0x00007FF609D31000-memory.dmp

Filesize
3.9MB

Download
memory/2344-221-0x00007FF68C8D0000-0x00007FF68CCC1000-memory.dmp

Filesize
3.9MB

Download
memory/2516-140-0x00007FF6C8080000-0x00007FF6C8471000-memory.dmp

Filesize
3.9MB

Download
memory/2660-181-0x00007FF7523A0000-0x00007FF752791000-memory.dmp

Filesize
3.9MB

Download
memory/2832-256-0x00007FF7107A0000-0x00007FF710B91000-memory.dmp

Filesize
3.9MB

Download
memory/2880-117-0x00007FF76A440000-0x00007FF76A831000-memory.dmp

Filesize
3.9MB

Download
memory/2896-160-0x00007FF644AF0000-0x00007FF644EE1000-memory.dmp

Filesize
3.9MB

Download
memory/2980-71-0x00007FF796620000-0x00007FF796A11000-memory.dmp

Filesize
3.9MB

Download
memory/3052-123-0x00007FF703E40000-0x00007FF704231000-memory.dmp

Filesize
3.9MB

Download
memory/3128-68-0x00007FF7ABA00000-0x00007FF7ABDF1000-memory.dmp

Filesize
3.9MB

Download
memory/3220-223-0x00007FF7DC7B0000-0x00007FF7DCBA1000-memory.dmp

Filesize
3.9MB

Download
memory/3220-70-0x00007FF7DC7B0000-0x00007FF7DCBA1000-memory.dmp

Filesize
3.9MB

Download
memory/3248-168-0x00007FF7A8780000-0x00007FF7A8B71000-memory.dmp

Filesize
3.9MB

Download
memory/3272-307-0x00007FF79B840000-0x00007FF79BC31000-memory.dmp

Filesize
3.9MB

Download
memory/3392-122-0x00007FF65B510000-0x00007FF65B901000-memory.dmp

Filesize
3.9MB

Download
memory/3464-96-0x00007FF683DC0000-0x00007FF6841B1000-memory.dmp

Filesize
3.9MB

Download
memory/3480-295-0x00007FF74EDF0000-0x00007FF74F1E1000-memory.dmp

Filesize
3.9MB

Download
memory/3480-86-0x00007FF74EDF0000-0x00007FF74F1E1000-memory.dmp

Filesize
3.9MB

Download
memory/3504-222-0x00007FF7F8930000-0x00007FF7F8D21000-memory.dmp

Filesize
3.9MB

Download
memory/3512-296-0x00007FF7BAF60000-0x00007FF7BB351000-memory.dmp

Filesize
3.9MB

Download
memory/3528-218-0x00007FF77D150000-0x00007FF77D541000-memory.dmp

Filesize
3.9MB

Download
memory/3652-26-0x00007FF6F4450000-0x00007FF6F4841000-memory.dmp

Filesize
3.9MB

Download
memory/3652-217-0x00007FF6F4450000-0x00007FF6F4841000-memory.dmp

Filesize
3.9MB

Download
memory/3664-242-0x00007FF717FA0000-0x00007FF718391000-memory.dmp

Filesize
3.9MB

Download
memory/3712-121-0x00007FF7AE220000-0x00007FF7AE611000-memory.dmp

Filesize
3.9MB

Download
memory/3964-186-0x00007FF694760000-0x00007FF694B51000-memory.dmp

Filesize
3.9MB

Download
memory/3964-0-0x00007FF694760000-0x00007FF694B51000-memory.dmp

Filesize
3.9MB

Download
memory/3964-1-0x000001DA2BA80000-0x000001DA2BA90000-memory.dmp

Filesize
64KB

Download
memory/3996-240-0x00007FF7FA780000-0x00007FF7FAB71000-memory.dmp

Filesize
3.9MB

Download
memory/3996-82-0x00007FF7FA780000-0x00007FF7FAB71000-memory.dmp

Filesize
3.9MB

Download
memory/4084-9-0x00007FF721030000-0x00007FF721421000-memory.dmp

Filesize
3.9MB

Download
memory/4084-192-0x00007FF721030000-0x00007FF721421000-memory.dmp

Filesize
3.9MB

Download
memory/4296-263-0x00007FF603520000-0x00007FF603911000-memory.dmp

Filesize
3.9MB

Download
memory/4304-67-0x00007FF6B6840000-0x00007FF6B6C31000-memory.dmp

Filesize
3.9MB

Download
memory/4504-248-0x00007FF6AD1F0000-0x00007FF6AD5E1000-memory.dmp

Filesize
3.9MB

Download
memory/4512-46-0x00007FF772F70000-0x00007FF773361000-memory.dmp

Filesize
3.9MB

Download
memory/4528-41-0x00007FF723320000-0x00007FF723711000-memory.dmp

Filesize
3.9MB

Download
memory/4528-199-0x00007FF723320000-0x00007FF723711000-memory.dmp

Filesize
3.9MB

Download
memory/4868-276-0x00007FF7A95F0000-0x00007FF7A99E1000-memory.dmp

Filesize
3.9MB

Download
memory/5000-275-0x00007FF6577B0000-0x00007FF657BA1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads