xmrig | 5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
Size

1.9MB
MD5

aa203a8295a0cdfc04269a5e98c91020
SHA1

61eb85e8b7d155a071084ff76d1b52e46c39e168
SHA256

5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd
SHA512

dcef7db19fce2898d7b9d45e1e982e02241e835be62471486d4c07b1d30e300e9c8c20fccf169ce5e935e1c7bdbe15b3662affb41b47e387559db6314cf4dbfd
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78SVe4wtdopOAjVzcMjntjZ865pTkC2KS0YFLq1:knw9oUUEEDlGUnwwBntDTFrY9Q

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/700-45-0x00007FF741AD0000-0x00007FF741EC1000-memory.dmp	xmrig
behavioral2/memory/3988-52-0x00007FF7AB570000-0x00007FF7AB961000-memory.dmp	xmrig
behavioral2/memory/3740-418-0x00007FF7C9140000-0x00007FF7C9531000-memory.dmp	xmrig
behavioral2/memory/2868-422-0x00007FF68DA60000-0x00007FF68DE51000-memory.dmp	xmrig
behavioral2/memory/3852-423-0x00007FF6CC620000-0x00007FF6CCA11000-memory.dmp	xmrig
behavioral2/memory/2644-426-0x00007FF611BB0000-0x00007FF611FA1000-memory.dmp	xmrig
behavioral2/memory/4348-431-0x00007FF6C7DF0000-0x00007FF6C81E1000-memory.dmp	xmrig
behavioral2/memory/3696-424-0x00007FF7FDFF0000-0x00007FF7FE3E1000-memory.dmp	xmrig
behavioral2/memory/212-421-0x00007FF678B10000-0x00007FF678F01000-memory.dmp	xmrig
behavioral2/memory/4412-46-0x00007FF6A76B0000-0x00007FF6A7AA1000-memory.dmp	xmrig
behavioral2/memory/3572-22-0x00007FF722AC0000-0x00007FF722EB1000-memory.dmp	xmrig
behavioral2/memory/4608-439-0x00007FF750040000-0x00007FF750431000-memory.dmp	xmrig
behavioral2/memory/4228-442-0x00007FF620350000-0x00007FF620741000-memory.dmp	xmrig
behavioral2/memory/1596-445-0x00007FF729C50000-0x00007FF72A041000-memory.dmp	xmrig
behavioral2/memory/3028-443-0x00007FF6EE220000-0x00007FF6EE611000-memory.dmp	xmrig
behavioral2/memory/3880-449-0x00007FF62A070000-0x00007FF62A461000-memory.dmp	xmrig
behavioral2/memory/4284-437-0x00007FF76BE90000-0x00007FF76C281000-memory.dmp	xmrig
behavioral2/memory/976-451-0x00007FF674230000-0x00007FF674621000-memory.dmp	xmrig
behavioral2/memory/4976-452-0x00007FF632930000-0x00007FF632D21000-memory.dmp	xmrig
behavioral2/memory/1608-1843-0x00007FF621FF0000-0x00007FF6223E1000-memory.dmp	xmrig
behavioral2/memory/1096-1840-0x00007FF6F6020000-0x00007FF6F6411000-memory.dmp	xmrig
behavioral2/memory/944-1978-0x00007FF7FA750000-0x00007FF7FAB41000-memory.dmp	xmrig
behavioral2/memory/4692-1979-0x00007FF6DDAB0000-0x00007FF6DDEA1000-memory.dmp	xmrig
behavioral2/memory/5004-2012-0x00007FF6CED70000-0x00007FF6CF161000-memory.dmp	xmrig
behavioral2/memory/1096-2014-0x00007FF6F6020000-0x00007FF6F6411000-memory.dmp	xmrig
behavioral2/memory/1608-2019-0x00007FF621FF0000-0x00007FF6223E1000-memory.dmp	xmrig
behavioral2/memory/4448-2021-0x00007FF6A0520000-0x00007FF6A0911000-memory.dmp	xmrig
behavioral2/memory/3572-2023-0x00007FF722AC0000-0x00007FF722EB1000-memory.dmp	xmrig
behavioral2/memory/700-2025-0x00007FF741AD0000-0x00007FF741EC1000-memory.dmp	xmrig
behavioral2/memory/3988-2031-0x00007FF7AB570000-0x00007FF7AB961000-memory.dmp	xmrig
behavioral2/memory/944-2029-0x00007FF7FA750000-0x00007FF7FAB41000-memory.dmp	xmrig
behavioral2/memory/4412-2027-0x00007FF6A76B0000-0x00007FF6A7AA1000-memory.dmp	xmrig
behavioral2/memory/212-2033-0x00007FF678B10000-0x00007FF678F01000-memory.dmp	xmrig
behavioral2/memory/5004-2037-0x00007FF6CED70000-0x00007FF6CF161000-memory.dmp	xmrig
behavioral2/memory/3696-2039-0x00007FF7FDFF0000-0x00007FF7FE3E1000-memory.dmp	xmrig
behavioral2/memory/4284-2078-0x00007FF76BE90000-0x00007FF76C281000-memory.dmp	xmrig
behavioral2/memory/976-2095-0x00007FF674230000-0x00007FF674621000-memory.dmp	xmrig
behavioral2/memory/1596-2091-0x00007FF729C50000-0x00007FF72A041000-memory.dmp	xmrig
behavioral2/memory/3028-2089-0x00007FF6EE220000-0x00007FF6EE611000-memory.dmp	xmrig
behavioral2/memory/4976-2087-0x00007FF632930000-0x00007FF632D21000-memory.dmp	xmrig
behavioral2/memory/4228-2085-0x00007FF620350000-0x00007FF620741000-memory.dmp	xmrig
behavioral2/memory/4608-2083-0x00007FF750040000-0x00007FF750431000-memory.dmp	xmrig
behavioral2/memory/3880-2093-0x00007FF62A070000-0x00007FF62A461000-memory.dmp	xmrig
behavioral2/memory/4348-2070-0x00007FF6C7DF0000-0x00007FF6C81E1000-memory.dmp	xmrig
behavioral2/memory/2644-2045-0x00007FF611BB0000-0x00007FF611FA1000-memory.dmp	xmrig
behavioral2/memory/3852-2043-0x00007FF6CC620000-0x00007FF6CCA11000-memory.dmp	xmrig
behavioral2/memory/2868-2041-0x00007FF68DA60000-0x00007FF68DE51000-memory.dmp	xmrig
behavioral2/memory/3740-2035-0x00007FF7C9140000-0x00007FF7C9531000-memory.dmp	xmrig
behavioral2/memory/4692-2187-0x00007FF6DDAB0000-0x00007FF6DDEA1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1608	ENyRwHI.exe
4448	vQMeLZc.exe
3572	xjZVdDH.exe
944	SroliQq.exe
700	GOuYIxx.exe
3988	rnPkLmA.exe
4412	fXlhapH.exe
4692	VLordQM.exe
5004	JeuuFDC.exe
3740	lHpDbJr.exe
212	UHBKtWm.exe
2868	wZmtZwN.exe
3852	VKMZEtt.exe
3696	yRxtgoU.exe
2644	HhfhVyk.exe
4348	aIvqfhG.exe
4284	DsXzDsV.exe
4608	jMgkCsA.exe
4228	AckqqGe.exe
3028	VQZWFIk.exe
1596	PRBmShx.exe
3880	liJGGWz.exe
976	xVAikxK.exe
4976	EMitSqA.exe
372	ykyXxdg.exe
5024	RQCFnjD.exe
1544	gqymNQH.exe
4580	BoQstCh.exe
3628	zxZJmHo.exe
2452	ZerqMCR.exe
3364	SCpzWjl.exe
3484	xyTInWQ.exe
5056	iZnbaoE.exe
3932	WgxpEiI.exe
988	iAIuBUZ.exe
1556	RFgDfny.exe
2244	vEqmzSS.exe
1764	FCFUhEa.exe
436	gYFeMni.exe
4512	oHmHHIW.exe
400	gchwfHz.exe
440	jFYfMGG.exe
4660	vCWRgnn.exe
448	yNcfcxH.exe
3588	yhFeoOh.exe
3632	FbEqFtH.exe
4204	DOnnMxH.exe
2956	onNpUik.exe
4744	FxcvOrY.exe
1892	miMWZKm.exe
5104	OgjIWSs.exe
3748	IDFRUjQ.exe
4896	cawFzKY.exe
2788	WufUWtD.exe
4360	CGQzDsw.exe
4540	IGTphIo.exe
2296	KcbOqLP.exe
4820	PZmltne.exe
3436	KDAZpIW.exe
3712	WlIwjmB.exe
3828	qXFVYXu.exe
1268	HQPGOsD.exe
1104	lwRymLm.exe
4104	MRHPFuI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1096-0-0x00007FF6F6020000-0x00007FF6F6411000-memory.dmp	upx
behavioral2/files/0x0009000000023419-5.dat	upx
behavioral2/files/0x0008000000023475-10.dat	upx
behavioral2/memory/1608-12-0x00007FF621FF0000-0x00007FF6223E1000-memory.dmp	upx
behavioral2/files/0x0007000000023479-18.dat	upx
behavioral2/files/0x000700000002347b-27.dat	upx
behavioral2/files/0x000700000002347a-29.dat	upx
behavioral2/files/0x000700000002347c-38.dat	upx
behavioral2/memory/700-45-0x00007FF741AD0000-0x00007FF741EC1000-memory.dmp	upx
behavioral2/memory/3988-52-0x00007FF7AB570000-0x00007FF7AB961000-memory.dmp	upx
behavioral2/files/0x000700000002347f-57.dat	upx
behavioral2/files/0x0007000000023481-64.dat	upx
behavioral2/files/0x0007000000023483-72.dat	upx
behavioral2/files/0x0007000000023484-77.dat	upx
behavioral2/files/0x0007000000023485-84.dat	upx
behavioral2/files/0x000700000002348a-109.dat	upx
behavioral2/files/0x000700000002348b-114.dat	upx
behavioral2/files/0x000700000002348f-134.dat	upx
behavioral2/files/0x0007000000023492-147.dat	upx
behavioral2/files/0x0007000000023494-159.dat	upx
behavioral2/memory/3740-418-0x00007FF7C9140000-0x00007FF7C9531000-memory.dmp	upx
behavioral2/memory/2868-422-0x00007FF68DA60000-0x00007FF68DE51000-memory.dmp	upx
behavioral2/memory/3852-423-0x00007FF6CC620000-0x00007FF6CCA11000-memory.dmp	upx
behavioral2/memory/2644-426-0x00007FF611BB0000-0x00007FF611FA1000-memory.dmp	upx
behavioral2/memory/4348-431-0x00007FF6C7DF0000-0x00007FF6C81E1000-memory.dmp	upx
behavioral2/memory/3696-424-0x00007FF7FDFF0000-0x00007FF7FE3E1000-memory.dmp	upx
behavioral2/memory/212-421-0x00007FF678B10000-0x00007FF678F01000-memory.dmp	upx
behavioral2/files/0x0007000000023496-169.dat	upx
behavioral2/files/0x0007000000023495-164.dat	upx
behavioral2/files/0x0007000000023493-154.dat	upx
behavioral2/files/0x0007000000023491-144.dat	upx
behavioral2/files/0x0007000000023490-139.dat	upx
behavioral2/files/0x000700000002348e-129.dat	upx
behavioral2/files/0x000700000002348d-124.dat	upx
behavioral2/files/0x000700000002348c-119.dat	upx
behavioral2/files/0x0007000000023489-104.dat	upx
behavioral2/files/0x0007000000023488-99.dat	upx
behavioral2/files/0x0007000000023487-94.dat	upx
behavioral2/files/0x0007000000023486-89.dat	upx
behavioral2/files/0x0007000000023482-69.dat	upx
behavioral2/files/0x0007000000023480-59.dat	upx
behavioral2/memory/5004-54-0x00007FF6CED70000-0x00007FF6CF161000-memory.dmp	upx
behavioral2/files/0x000700000002347e-48.dat	upx
behavioral2/memory/4692-47-0x00007FF6DDAB0000-0x00007FF6DDEA1000-memory.dmp	upx
behavioral2/memory/4412-46-0x00007FF6A76B0000-0x00007FF6A7AA1000-memory.dmp	upx
behavioral2/files/0x000700000002347d-40.dat	upx
behavioral2/memory/944-33-0x00007FF7FA750000-0x00007FF7FAB41000-memory.dmp	upx
behavioral2/memory/3572-22-0x00007FF722AC0000-0x00007FF722EB1000-memory.dmp	upx
behavioral2/memory/4448-15-0x00007FF6A0520000-0x00007FF6A0911000-memory.dmp	upx
behavioral2/memory/4608-439-0x00007FF750040000-0x00007FF750431000-memory.dmp	upx
behavioral2/memory/4228-442-0x00007FF620350000-0x00007FF620741000-memory.dmp	upx
behavioral2/memory/1596-445-0x00007FF729C50000-0x00007FF72A041000-memory.dmp	upx
behavioral2/memory/3028-443-0x00007FF6EE220000-0x00007FF6EE611000-memory.dmp	upx
behavioral2/memory/3880-449-0x00007FF62A070000-0x00007FF62A461000-memory.dmp	upx
behavioral2/memory/4284-437-0x00007FF76BE90000-0x00007FF76C281000-memory.dmp	upx
behavioral2/memory/976-451-0x00007FF674230000-0x00007FF674621000-memory.dmp	upx
behavioral2/memory/4976-452-0x00007FF632930000-0x00007FF632D21000-memory.dmp	upx
behavioral2/memory/1608-1843-0x00007FF621FF0000-0x00007FF6223E1000-memory.dmp	upx
behavioral2/memory/1096-1840-0x00007FF6F6020000-0x00007FF6F6411000-memory.dmp	upx
behavioral2/memory/944-1978-0x00007FF7FA750000-0x00007FF7FAB41000-memory.dmp	upx
behavioral2/memory/4692-1979-0x00007FF6DDAB0000-0x00007FF6DDEA1000-memory.dmp	upx
behavioral2/memory/5004-2012-0x00007FF6CED70000-0x00007FF6CF161000-memory.dmp	upx
behavioral2/memory/1096-2014-0x00007FF6F6020000-0x00007FF6F6411000-memory.dmp	upx
behavioral2/memory/1608-2019-0x00007FF621FF0000-0x00007FF6223E1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\WzFYmWO.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\qEcXNCn.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\DnSqXLA.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\cYwwjYN.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\PSqHmhN.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\NtSSWcX.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\YNcKBjy.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\MpASsrD.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\nMSUVXf.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\WlIwjmB.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\cmSFjez.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\BeaJqpH.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\HdDyuAU.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\DTWBaCG.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\EPVlfBv.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\MZzjhej.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\YcaLRpn.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\yqALkNT.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\aSZIMrx.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\Hzkumog.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\GFKVqnU.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\TYMGuGd.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\nvImYqV.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\CVkmWZG.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\ENyRwHI.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\onNpUik.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\aJuZwzf.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\JJHNJbL.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\YqDsVdS.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\WufUWtD.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\ExbuVSw.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\CZQPCGe.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\uUnDDSr.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\ZrwIWZR.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\oTGUtCs.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\MpRBSRo.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\xyKocSp.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\GbbdgCp.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\oDKiNyG.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\ZRpGRUV.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\FRUZASd.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\WArfgab.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\hYIxrEv.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\xmIwwaE.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\ndcfEPe.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\kNuBvRx.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\ekItMmC.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\GFawjYR.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\yxatXNz.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\RwHAwAI.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\LQUAwwr.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\UqIdwxX.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\eMwYpvD.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\RDvLOpP.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\fHgtyRE.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\KdYLrWC.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\FtCjIpW.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\lYJRbjY.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\OgjIWSs.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\qUGXGuY.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\ugpHoNr.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\rNTWESP.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\HOBRfgg.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
File created	C:\Windows\System32\XPZhMed.exe	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12532	dwm.exe
Token: SeChangeNotifyPrivilege	12532	dwm.exe
Token: 33	12532	dwm.exe
Token: SeIncBasePriorityPrivilege	12532	dwm.exe
Token: SeShutdownPrivilege	12532	dwm.exe
Token: SeCreatePagefilePrivilege	12532	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1608	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	85
PID 1096 wrote to memory of 1608	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	85
PID 1096 wrote to memory of 4448	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	86
PID 1096 wrote to memory of 4448	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	86
PID 1096 wrote to memory of 3572	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	87
PID 1096 wrote to memory of 3572	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	87
PID 1096 wrote to memory of 944	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	88
PID 1096 wrote to memory of 944	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	88
PID 1096 wrote to memory of 700	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	89
PID 1096 wrote to memory of 700	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	89
PID 1096 wrote to memory of 3988	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	90
PID 1096 wrote to memory of 3988	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	90
PID 1096 wrote to memory of 4412	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	91
PID 1096 wrote to memory of 4412	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	91
PID 1096 wrote to memory of 4692	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	92
PID 1096 wrote to memory of 4692	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	92
PID 1096 wrote to memory of 5004	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	93
PID 1096 wrote to memory of 5004	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	93
PID 1096 wrote to memory of 3740	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	94
PID 1096 wrote to memory of 3740	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	94
PID 1096 wrote to memory of 212	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	95
PID 1096 wrote to memory of 212	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	95
PID 1096 wrote to memory of 2868	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	96
PID 1096 wrote to memory of 2868	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	96
PID 1096 wrote to memory of 3852	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	97
PID 1096 wrote to memory of 3852	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	97
PID 1096 wrote to memory of 3696	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	98
PID 1096 wrote to memory of 3696	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	98
PID 1096 wrote to memory of 2644	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	99
PID 1096 wrote to memory of 2644	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	99
PID 1096 wrote to memory of 4348	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	100
PID 1096 wrote to memory of 4348	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	100
PID 1096 wrote to memory of 4284	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	101
PID 1096 wrote to memory of 4284	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	101
PID 1096 wrote to memory of 4608	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	102
PID 1096 wrote to memory of 4608	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	102
PID 1096 wrote to memory of 4228	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	103
PID 1096 wrote to memory of 4228	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	103
PID 1096 wrote to memory of 3028	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	104
PID 1096 wrote to memory of 3028	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	104
PID 1096 wrote to memory of 1596	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	105
PID 1096 wrote to memory of 1596	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	105
PID 1096 wrote to memory of 3880	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	106
PID 1096 wrote to memory of 3880	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	106
PID 1096 wrote to memory of 976	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	107
PID 1096 wrote to memory of 976	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	107
PID 1096 wrote to memory of 4976	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	108
PID 1096 wrote to memory of 4976	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	108
PID 1096 wrote to memory of 372	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	109
PID 1096 wrote to memory of 372	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	109
PID 1096 wrote to memory of 5024	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	110
PID 1096 wrote to memory of 5024	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	110
PID 1096 wrote to memory of 1544	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	111
PID 1096 wrote to memory of 1544	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	111
PID 1096 wrote to memory of 4580	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	112
PID 1096 wrote to memory of 4580	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	112
PID 1096 wrote to memory of 3628	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	113
PID 1096 wrote to memory of 3628	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	113
PID 1096 wrote to memory of 2452	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	114
PID 1096 wrote to memory of 2452	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	114
PID 1096 wrote to memory of 3364	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	115
PID 1096 wrote to memory of 3364	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	115
PID 1096 wrote to memory of 3484	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	116
PID 1096 wrote to memory of 3484	1096	5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe	116

C:\Users\Admin\AppData\Local\Temp\5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe
"C:\Users\Admin\AppData\Local\Temp\5e4983dde3db4300f8898c835e101b871550e098300be6455a95a66915b4cfbd.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\System32\ENyRwHI.exe
  C:\Windows\System32\ENyRwHI.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System32\vQMeLZc.exe
  C:\Windows\System32\vQMeLZc.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System32\xjZVdDH.exe
  C:\Windows\System32\xjZVdDH.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System32\SroliQq.exe
  C:\Windows\System32\SroliQq.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System32\GOuYIxx.exe
  C:\Windows\System32\GOuYIxx.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System32\rnPkLmA.exe
  C:\Windows\System32\rnPkLmA.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System32\fXlhapH.exe
  C:\Windows\System32\fXlhapH.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System32\VLordQM.exe
  C:\Windows\System32\VLordQM.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System32\JeuuFDC.exe
  C:\Windows\System32\JeuuFDC.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System32\lHpDbJr.exe
  C:\Windows\System32\lHpDbJr.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System32\UHBKtWm.exe
  C:\Windows\System32\UHBKtWm.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System32\wZmtZwN.exe
  C:\Windows\System32\wZmtZwN.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System32\VKMZEtt.exe
  C:\Windows\System32\VKMZEtt.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System32\yRxtgoU.exe
  C:\Windows\System32\yRxtgoU.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System32\HhfhVyk.exe
  C:\Windows\System32\HhfhVyk.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System32\aIvqfhG.exe
  C:\Windows\System32\aIvqfhG.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System32\DsXzDsV.exe
  C:\Windows\System32\DsXzDsV.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System32\jMgkCsA.exe
  C:\Windows\System32\jMgkCsA.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System32\AckqqGe.exe
  C:\Windows\System32\AckqqGe.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System32\VQZWFIk.exe
  C:\Windows\System32\VQZWFIk.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System32\PRBmShx.exe
  C:\Windows\System32\PRBmShx.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System32\liJGGWz.exe
  C:\Windows\System32\liJGGWz.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System32\xVAikxK.exe
  C:\Windows\System32\xVAikxK.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System32\EMitSqA.exe
  C:\Windows\System32\EMitSqA.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System32\ykyXxdg.exe
  C:\Windows\System32\ykyXxdg.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System32\RQCFnjD.exe
  C:\Windows\System32\RQCFnjD.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System32\gqymNQH.exe
  C:\Windows\System32\gqymNQH.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System32\BoQstCh.exe
  C:\Windows\System32\BoQstCh.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System32\zxZJmHo.exe
  C:\Windows\System32\zxZJmHo.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System32\ZerqMCR.exe
  C:\Windows\System32\ZerqMCR.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System32\SCpzWjl.exe
  C:\Windows\System32\SCpzWjl.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System32\xyTInWQ.exe
  C:\Windows\System32\xyTInWQ.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System32\iZnbaoE.exe
  C:\Windows\System32\iZnbaoE.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System32\WgxpEiI.exe
  C:\Windows\System32\WgxpEiI.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System32\iAIuBUZ.exe
  C:\Windows\System32\iAIuBUZ.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System32\RFgDfny.exe
  C:\Windows\System32\RFgDfny.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System32\vEqmzSS.exe
  C:\Windows\System32\vEqmzSS.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System32\FCFUhEa.exe
  C:\Windows\System32\FCFUhEa.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System32\gYFeMni.exe
  C:\Windows\System32\gYFeMni.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System32\oHmHHIW.exe
  C:\Windows\System32\oHmHHIW.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System32\gchwfHz.exe
  C:\Windows\System32\gchwfHz.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System32\jFYfMGG.exe
  C:\Windows\System32\jFYfMGG.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System32\vCWRgnn.exe
  C:\Windows\System32\vCWRgnn.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System32\yNcfcxH.exe
  C:\Windows\System32\yNcfcxH.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System32\yhFeoOh.exe
  C:\Windows\System32\yhFeoOh.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System32\FbEqFtH.exe
  C:\Windows\System32\FbEqFtH.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System32\DOnnMxH.exe
  C:\Windows\System32\DOnnMxH.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System32\onNpUik.exe
  C:\Windows\System32\onNpUik.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System32\FxcvOrY.exe
  C:\Windows\System32\FxcvOrY.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System32\miMWZKm.exe
  C:\Windows\System32\miMWZKm.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System32\OgjIWSs.exe
  C:\Windows\System32\OgjIWSs.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System32\IDFRUjQ.exe
  C:\Windows\System32\IDFRUjQ.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System32\cawFzKY.exe
  C:\Windows\System32\cawFzKY.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System32\WufUWtD.exe
  C:\Windows\System32\WufUWtD.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System32\CGQzDsw.exe
  C:\Windows\System32\CGQzDsw.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System32\IGTphIo.exe
  C:\Windows\System32\IGTphIo.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System32\KcbOqLP.exe
  C:\Windows\System32\KcbOqLP.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System32\PZmltne.exe
  C:\Windows\System32\PZmltne.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System32\KDAZpIW.exe
  C:\Windows\System32\KDAZpIW.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System32\WlIwjmB.exe
  C:\Windows\System32\WlIwjmB.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System32\qXFVYXu.exe
  C:\Windows\System32\qXFVYXu.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System32\HQPGOsD.exe
  C:\Windows\System32\HQPGOsD.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System32\lwRymLm.exe
  C:\Windows\System32\lwRymLm.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System32\MRHPFuI.exe
  C:\Windows\System32\MRHPFuI.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System32\ssBRzSW.exe
  C:\Windows\System32\ssBRzSW.exe
  2⤵
  PID:1272
- C:\Windows\System32\cYhdDTO.exe
  C:\Windows\System32\cYhdDTO.exe
  2⤵
  PID:5060
- C:\Windows\System32\dCNHTmN.exe
  C:\Windows\System32\dCNHTmN.exe
  2⤵
  PID:1520
- C:\Windows\System32\hWUcPMe.exe
  C:\Windows\System32\hWUcPMe.exe
  2⤵
  PID:1508
- C:\Windows\System32\aZMQZuo.exe
  C:\Windows\System32\aZMQZuo.exe
  2⤵
  PID:2192
- C:\Windows\System32\nogMSye.exe
  C:\Windows\System32\nogMSye.exe
  2⤵
  PID:2668
- C:\Windows\System32\EPVlfBv.exe
  C:\Windows\System32\EPVlfBv.exe
  2⤵
  PID:208
- C:\Windows\System32\cmSFjez.exe
  C:\Windows\System32\cmSFjez.exe
  2⤵
  PID:3404
- C:\Windows\System32\zKqWEos.exe
  C:\Windows\System32\zKqWEos.exe
  2⤵
  PID:1336
- C:\Windows\System32\ZZmvvRf.exe
  C:\Windows\System32\ZZmvvRf.exe
  2⤵
  PID:644
- C:\Windows\System32\DIovfhq.exe
  C:\Windows\System32\DIovfhq.exe
  2⤵
  PID:2820
- C:\Windows\System32\YrlwJDE.exe
  C:\Windows\System32\YrlwJDE.exe
  2⤵
  PID:1684
- C:\Windows\System32\DOhqRdu.exe
  C:\Windows\System32\DOhqRdu.exe
  2⤵
  PID:3512
- C:\Windows\System32\srhbqfB.exe
  C:\Windows\System32\srhbqfB.exe
  2⤵
  PID:2444
- C:\Windows\System32\QkpuviK.exe
  C:\Windows\System32\QkpuviK.exe
  2⤵
  PID:3992
- C:\Windows\System32\mMqxXUl.exe
  C:\Windows\System32\mMqxXUl.exe
  2⤵
  PID:3388
- C:\Windows\System32\okPUCxr.exe
  C:\Windows\System32\okPUCxr.exe
  2⤵
  PID:3936
- C:\Windows\System32\TesrEDs.exe
  C:\Windows\System32\TesrEDs.exe
  2⤵
  PID:2128
- C:\Windows\System32\daqjRmk.exe
  C:\Windows\System32\daqjRmk.exe
  2⤵
  PID:4472
- C:\Windows\System32\OFgmzcJ.exe
  C:\Windows\System32\OFgmzcJ.exe
  2⤵
  PID:2512
- C:\Windows\System32\xMmlVcR.exe
  C:\Windows\System32\xMmlVcR.exe
  2⤵
  PID:3664
- C:\Windows\System32\OwzahTs.exe
  C:\Windows\System32\OwzahTs.exe
  2⤵
  PID:3684
- C:\Windows\System32\IDmTWMP.exe
  C:\Windows\System32\IDmTWMP.exe
  2⤵
  PID:3692
- C:\Windows\System32\rQIwBON.exe
  C:\Windows\System32\rQIwBON.exe
  2⤵
  PID:2648
- C:\Windows\System32\OawgtxD.exe
  C:\Windows\System32\OawgtxD.exe
  2⤵
  PID:908
- C:\Windows\System32\KdYLrWC.exe
  C:\Windows\System32\KdYLrWC.exe
  2⤵
  PID:5008
- C:\Windows\System32\PyKlXyS.exe
  C:\Windows\System32\PyKlXyS.exe
  2⤵
  PID:4232
- C:\Windows\System32\vPWolkI.exe
  C:\Windows\System32\vPWolkI.exe
  2⤵
  PID:4216
- C:\Windows\System32\tHizplb.exe
  C:\Windows\System32\tHizplb.exe
  2⤵
  PID:1428
- C:\Windows\System32\txVlqMG.exe
  C:\Windows\System32\txVlqMG.exe
  2⤵
  PID:1628
- C:\Windows\System32\QaAEkci.exe
  C:\Windows\System32\QaAEkci.exe
  2⤵
  PID:3068
- C:\Windows\System32\kTBKXus.exe
  C:\Windows\System32\kTBKXus.exe
  2⤵
  PID:2708
- C:\Windows\System32\awLKbBD.exe
  C:\Windows\System32\awLKbBD.exe
  2⤵
  PID:4620
- C:\Windows\System32\UxfTeZk.exe
  C:\Windows\System32\UxfTeZk.exe
  2⤵
  PID:3896
- C:\Windows\System32\vgikaeS.exe
  C:\Windows\System32\vgikaeS.exe
  2⤵
  PID:632
- C:\Windows\System32\oLkPtgL.exe
  C:\Windows\System32\oLkPtgL.exe
  2⤵
  PID:864
- C:\Windows\System32\OJIrULu.exe
  C:\Windows\System32\OJIrULu.exe
  2⤵
  PID:2524
- C:\Windows\System32\JbevuwJ.exe
  C:\Windows\System32\JbevuwJ.exe
  2⤵
  PID:2252
- C:\Windows\System32\beEKkqB.exe
  C:\Windows\System32\beEKkqB.exe
  2⤵
  PID:452
- C:\Windows\System32\xXCsaPv.exe
  C:\Windows\System32\xXCsaPv.exe
  2⤵
  PID:4844
- C:\Windows\System32\QKDnpfc.exe
  C:\Windows\System32\QKDnpfc.exe
  2⤵
  PID:5148
- C:\Windows\System32\yqALkNT.exe
  C:\Windows\System32\yqALkNT.exe
  2⤵
  PID:5168
- C:\Windows\System32\RaJPfms.exe
  C:\Windows\System32\RaJPfms.exe
  2⤵
  PID:5208
- C:\Windows\System32\EseOnbx.exe
  C:\Windows\System32\EseOnbx.exe
  2⤵
  PID:5224
- C:\Windows\System32\myLCXIY.exe
  C:\Windows\System32\myLCXIY.exe
  2⤵
  PID:5252
- C:\Windows\System32\kjnsyDy.exe
  C:\Windows\System32\kjnsyDy.exe
  2⤵
  PID:5280
- C:\Windows\System32\wZNabdF.exe
  C:\Windows\System32\wZNabdF.exe
  2⤵
  PID:5320
- C:\Windows\System32\AGYZQAU.exe
  C:\Windows\System32\AGYZQAU.exe
  2⤵
  PID:5336
- C:\Windows\System32\ChFWzVL.exe
  C:\Windows\System32\ChFWzVL.exe
  2⤵
  PID:5360
- C:\Windows\System32\PJeFxsA.exe
  C:\Windows\System32\PJeFxsA.exe
  2⤵
  PID:5392
- C:\Windows\System32\BXHkaoE.exe
  C:\Windows\System32\BXHkaoE.exe
  2⤵
  PID:5432
- C:\Windows\System32\athczzf.exe
  C:\Windows\System32\athczzf.exe
  2⤵
  PID:5500
- C:\Windows\System32\CPNqVUJ.exe
  C:\Windows\System32\CPNqVUJ.exe
  2⤵
  PID:5540
- C:\Windows\System32\TwNyyay.exe
  C:\Windows\System32\TwNyyay.exe
  2⤵
  PID:5568
- C:\Windows\System32\bScEQJQ.exe
  C:\Windows\System32\bScEQJQ.exe
  2⤵
  PID:5584
- C:\Windows\System32\UvjbOtX.exe
  C:\Windows\System32\UvjbOtX.exe
  2⤵
  PID:5632
- C:\Windows\System32\JkEfZJw.exe
  C:\Windows\System32\JkEfZJw.exe
  2⤵
  PID:5692
- C:\Windows\System32\qUXDhdP.exe
  C:\Windows\System32\qUXDhdP.exe
  2⤵
  PID:5724
- C:\Windows\System32\UuUpnup.exe
  C:\Windows\System32\UuUpnup.exe
  2⤵
  PID:5772
- C:\Windows\System32\GaNMmrz.exe
  C:\Windows\System32\GaNMmrz.exe
  2⤵
  PID:5792
- C:\Windows\System32\ExbuVSw.exe
  C:\Windows\System32\ExbuVSw.exe
  2⤵
  PID:5856
- C:\Windows\System32\NlrNwMs.exe
  C:\Windows\System32\NlrNwMs.exe
  2⤵
  PID:5876
- C:\Windows\System32\zIwNNVx.exe
  C:\Windows\System32\zIwNNVx.exe
  2⤵
  PID:5892
- C:\Windows\System32\SQljSWx.exe
  C:\Windows\System32\SQljSWx.exe
  2⤵
  PID:5920
- C:\Windows\System32\ITaytQT.exe
  C:\Windows\System32\ITaytQT.exe
  2⤵
  PID:5968
- C:\Windows\System32\CbhCrlc.exe
  C:\Windows\System32\CbhCrlc.exe
  2⤵
  PID:6012
- C:\Windows\System32\nWZIiuM.exe
  C:\Windows\System32\nWZIiuM.exe
  2⤵
  PID:6032
- C:\Windows\System32\zIBeZlk.exe
  C:\Windows\System32\zIBeZlk.exe
  2⤵
  PID:6048
- C:\Windows\System32\gkeSnQd.exe
  C:\Windows\System32\gkeSnQd.exe
  2⤵
  PID:6096
- C:\Windows\System32\jpBNIfz.exe
  C:\Windows\System32\jpBNIfz.exe
  2⤵
  PID:6116
- C:\Windows\System32\BXpJGfN.exe
  C:\Windows\System32\BXpJGfN.exe
  2⤵
  PID:3848
- C:\Windows\System32\qfIOoPT.exe
  C:\Windows\System32\qfIOoPT.exe
  2⤵
  PID:1524
- C:\Windows\System32\peuZaLA.exe
  C:\Windows\System32\peuZaLA.exe
  2⤵
  PID:3052
- C:\Windows\System32\jFedgsZ.exe
  C:\Windows\System32\jFedgsZ.exe
  2⤵
  PID:5136
- C:\Windows\System32\EoDSavT.exe
  C:\Windows\System32\EoDSavT.exe
  2⤵
  PID:5164
- C:\Windows\System32\sAWHnbh.exe
  C:\Windows\System32\sAWHnbh.exe
  2⤵
  PID:2804
- C:\Windows\System32\Hzkumog.exe
  C:\Windows\System32\Hzkumog.exe
  2⤵
  PID:5248
- C:\Windows\System32\VXOhKdg.exe
  C:\Windows\System32\VXOhKdg.exe
  2⤵
  PID:5088
- C:\Windows\System32\WYQcnjO.exe
  C:\Windows\System32\WYQcnjO.exe
  2⤵
  PID:3860
- C:\Windows\System32\JZFGzaF.exe
  C:\Windows\System32\JZFGzaF.exe
  2⤵
  PID:5328
- C:\Windows\System32\dghRvnI.exe
  C:\Windows\System32\dghRvnI.exe
  2⤵
  PID:1676
- C:\Windows\System32\AGYNOPJ.exe
  C:\Windows\System32\AGYNOPJ.exe
  2⤵
  PID:3192
- C:\Windows\System32\defSfdD.exe
  C:\Windows\System32\defSfdD.exe
  2⤵
  PID:5480
- C:\Windows\System32\zeYTbJK.exe
  C:\Windows\System32\zeYTbJK.exe
  2⤵
  PID:3348
- C:\Windows\System32\WArfgab.exe
  C:\Windows\System32\WArfgab.exe
  2⤵
  PID:4024
- C:\Windows\System32\PSqHmhN.exe
  C:\Windows\System32\PSqHmhN.exe
  2⤵
  PID:5580
- C:\Windows\System32\DZQBJkK.exe
  C:\Windows\System32\DZQBJkK.exe
  2⤵
  PID:5620
- C:\Windows\System32\AWFpdpn.exe
  C:\Windows\System32\AWFpdpn.exe
  2⤵
  PID:5700
- C:\Windows\System32\uAHVTqM.exe
  C:\Windows\System32\uAHVTqM.exe
  2⤵
  PID:5768
- C:\Windows\System32\YvcrrED.exe
  C:\Windows\System32\YvcrrED.exe
  2⤵
  PID:5884
- C:\Windows\System32\hMRVoLT.exe
  C:\Windows\System32\hMRVoLT.exe
  2⤵
  PID:5872
- C:\Windows\System32\CGZpbDu.exe
  C:\Windows\System32\CGZpbDu.exe
  2⤵
  PID:5944
- C:\Windows\System32\VqBPMir.exe
  C:\Windows\System32\VqBPMir.exe
  2⤵
  PID:5980
- C:\Windows\System32\orNEzMf.exe
  C:\Windows\System32\orNEzMf.exe
  2⤵
  PID:6044
- C:\Windows\System32\Gyphcry.exe
  C:\Windows\System32\Gyphcry.exe
  2⤵
  PID:6104
- C:\Windows\System32\FtCjIpW.exe
  C:\Windows\System32\FtCjIpW.exe
  2⤵
  PID:2080
- C:\Windows\System32\mCANmba.exe
  C:\Windows\System32\mCANmba.exe
  2⤵
  PID:5144
- C:\Windows\System32\DBNoAde.exe
  C:\Windows\System32\DBNoAde.exe
  2⤵
  PID:5176
- C:\Windows\System32\KJusOfr.exe
  C:\Windows\System32\KJusOfr.exe
  2⤵
  PID:2656
- C:\Windows\System32\aJuZwzf.exe
  C:\Windows\System32\aJuZwzf.exe
  2⤵
  PID:5416
- C:\Windows\System32\HHlLmIH.exe
  C:\Windows\System32\HHlLmIH.exe
  2⤵
  PID:2176
- C:\Windows\System32\JvYuEKj.exe
  C:\Windows\System32\JvYuEKj.exe
  2⤵
  PID:5536
- C:\Windows\System32\SczbCDU.exe
  C:\Windows\System32\SczbCDU.exe
  2⤵
  PID:5684
- C:\Windows\System32\TxikFeq.exe
  C:\Windows\System32\TxikFeq.exe
  2⤵
  PID:5524
- C:\Windows\System32\YfvzBcs.exe
  C:\Windows\System32\YfvzBcs.exe
  2⤵
  PID:5912
- C:\Windows\System32\npPHxEZ.exe
  C:\Windows\System32\npPHxEZ.exe
  2⤵
  PID:6088
- C:\Windows\System32\NYHgVAO.exe
  C:\Windows\System32\NYHgVAO.exe
  2⤵
  PID:2988
- C:\Windows\System32\jWtuAvX.exe
  C:\Windows\System32\jWtuAvX.exe
  2⤵
  PID:5348
- C:\Windows\System32\bZQdOhN.exe
  C:\Windows\System32\bZQdOhN.exe
  2⤵
  PID:5528
- C:\Windows\System32\UlSzpHl.exe
  C:\Windows\System32\UlSzpHl.exe
  2⤵
  PID:5784
- C:\Windows\System32\NAJicEH.exe
  C:\Windows\System32\NAJicEH.exe
  2⤵
  PID:4184
- C:\Windows\System32\xyKocSp.exe
  C:\Windows\System32\xyKocSp.exe
  2⤵
  PID:2752
- C:\Windows\System32\DhchdMB.exe
  C:\Windows\System32\DhchdMB.exe
  2⤵
  PID:6148
- C:\Windows\System32\GpfSlpI.exe
  C:\Windows\System32\GpfSlpI.exe
  2⤵
  PID:6188
- C:\Windows\System32\dkVOrNO.exe
  C:\Windows\System32\dkVOrNO.exe
  2⤵
  PID:6212
- C:\Windows\System32\PCNAotx.exe
  C:\Windows\System32\PCNAotx.exe
  2⤵
  PID:6252
- C:\Windows\System32\eKQtoKT.exe
  C:\Windows\System32\eKQtoKT.exe
  2⤵
  PID:6284
- C:\Windows\System32\ZVUBAis.exe
  C:\Windows\System32\ZVUBAis.exe
  2⤵
  PID:6316
- C:\Windows\System32\gyiaSsH.exe
  C:\Windows\System32\gyiaSsH.exe
  2⤵
  PID:6344
- C:\Windows\System32\WaWjsqk.exe
  C:\Windows\System32\WaWjsqk.exe
  2⤵
  PID:6364
- C:\Windows\System32\bjSMuFt.exe
  C:\Windows\System32\bjSMuFt.exe
  2⤵
  PID:6392
- C:\Windows\System32\cZLVIXI.exe
  C:\Windows\System32\cZLVIXI.exe
  2⤵
  PID:6424
- C:\Windows\System32\pPKXUPK.exe
  C:\Windows\System32\pPKXUPK.exe
  2⤵
  PID:6456
- C:\Windows\System32\GfCNYwl.exe
  C:\Windows\System32\GfCNYwl.exe
  2⤵
  PID:6476
- C:\Windows\System32\dlMWWZy.exe
  C:\Windows\System32\dlMWWZy.exe
  2⤵
  PID:6500
- C:\Windows\System32\fNJtfjf.exe
  C:\Windows\System32\fNJtfjf.exe
  2⤵
  PID:6524
- C:\Windows\System32\NUJFKlG.exe
  C:\Windows\System32\NUJFKlG.exe
  2⤵
  PID:6544
- C:\Windows\System32\yxatXNz.exe
  C:\Windows\System32\yxatXNz.exe
  2⤵
  PID:6568
- C:\Windows\System32\MZzjhej.exe
  C:\Windows\System32\MZzjhej.exe
  2⤵
  PID:6596
- C:\Windows\System32\SnAyHKI.exe
  C:\Windows\System32\SnAyHKI.exe
  2⤵
  PID:6640
- C:\Windows\System32\jIvDUNz.exe
  C:\Windows\System32\jIvDUNz.exe
  2⤵
  PID:6672
- C:\Windows\System32\hCfaiZC.exe
  C:\Windows\System32\hCfaiZC.exe
  2⤵
  PID:6692
- C:\Windows\System32\IiKLhNu.exe
  C:\Windows\System32\IiKLhNu.exe
  2⤵
  PID:6752
- C:\Windows\System32\gVEqvNz.exe
  C:\Windows\System32\gVEqvNz.exe
  2⤵
  PID:6768
- C:\Windows\System32\KXjyLDH.exe
  C:\Windows\System32\KXjyLDH.exe
  2⤵
  PID:6792
- C:\Windows\System32\WxoRKcY.exe
  C:\Windows\System32\WxoRKcY.exe
  2⤵
  PID:6820
- C:\Windows\System32\QeFeBHY.exe
  C:\Windows\System32\QeFeBHY.exe
  2⤵
  PID:6840
- C:\Windows\System32\Hvsehjs.exe
  C:\Windows\System32\Hvsehjs.exe
  2⤵
  PID:6880
- C:\Windows\System32\vNIQVVl.exe
  C:\Windows\System32\vNIQVVl.exe
  2⤵
  PID:6900
- C:\Windows\System32\kYInula.exe
  C:\Windows\System32\kYInula.exe
  2⤵
  PID:6924
- C:\Windows\System32\OyHhTvz.exe
  C:\Windows\System32\OyHhTvz.exe
  2⤵
  PID:6948
- C:\Windows\System32\LQUAwwr.exe
  C:\Windows\System32\LQUAwwr.exe
  2⤵
  PID:6984
- C:\Windows\System32\vOYGKqN.exe
  C:\Windows\System32\vOYGKqN.exe
  2⤵
  PID:7004
- C:\Windows\System32\qoTOvsG.exe
  C:\Windows\System32\qoTOvsG.exe
  2⤵
  PID:7040
- C:\Windows\System32\mPMeDQw.exe
  C:\Windows\System32\mPMeDQw.exe
  2⤵
  PID:7076
- C:\Windows\System32\MTrpgiD.exe
  C:\Windows\System32\MTrpgiD.exe
  2⤵
  PID:7100
- C:\Windows\System32\uEAIGcb.exe
  C:\Windows\System32\uEAIGcb.exe
  2⤵
  PID:7136
- C:\Windows\System32\xrhpSfB.exe
  C:\Windows\System32\xrhpSfB.exe
  2⤵
  PID:7160
- C:\Windows\System32\xKyQPcu.exe
  C:\Windows\System32\xKyQPcu.exe
  2⤵
  PID:5760
- C:\Windows\System32\dDuZuVZ.exe
  C:\Windows\System32\dDuZuVZ.exe
  2⤵
  PID:5312
- C:\Windows\System32\ynxfTWV.exe
  C:\Windows\System32\ynxfTWV.exe
  2⤵
  PID:6224
- C:\Windows\System32\vGuJAwK.exe
  C:\Windows\System32\vGuJAwK.exe
  2⤵
  PID:6292
- C:\Windows\System32\TVEWzkQ.exe
  C:\Windows\System32\TVEWzkQ.exe
  2⤵
  PID:6388
- C:\Windows\System32\BjYtWyZ.exe
  C:\Windows\System32\BjYtWyZ.exe
  2⤵
  PID:6472
- C:\Windows\System32\EnfROQY.exe
  C:\Windows\System32\EnfROQY.exe
  2⤵
  PID:6516
- C:\Windows\System32\IEZmjXY.exe
  C:\Windows\System32\IEZmjXY.exe
  2⤵
  PID:6540
- C:\Windows\System32\GyLCPHh.exe
  C:\Windows\System32\GyLCPHh.exe
  2⤵
  PID:6648
- C:\Windows\System32\QqJdRJa.exe
  C:\Windows\System32\QqJdRJa.exe
  2⤵
  PID:6712
- C:\Windows\System32\kSygaTS.exe
  C:\Windows\System32\kSygaTS.exe
  2⤵
  PID:6764
- C:\Windows\System32\BArqpMI.exe
  C:\Windows\System32\BArqpMI.exe
  2⤵
  PID:6828
- C:\Windows\System32\aQfBfOz.exe
  C:\Windows\System32\aQfBfOz.exe
  2⤵
  PID:6860
- C:\Windows\System32\UiirSsY.exe
  C:\Windows\System32\UiirSsY.exe
  2⤵
  PID:6916
- C:\Windows\System32\XMqvfbx.exe
  C:\Windows\System32\XMqvfbx.exe
  2⤵
  PID:6980
- C:\Windows\System32\xLwrCvf.exe
  C:\Windows\System32\xLwrCvf.exe
  2⤵
  PID:7156
- C:\Windows\System32\jrhBohJ.exe
  C:\Windows\System32\jrhBohJ.exe
  2⤵
  PID:6092
- C:\Windows\System32\WrgVFtR.exe
  C:\Windows\System32\WrgVFtR.exe
  2⤵
  PID:6248
- C:\Windows\System32\tZTwuKx.exe
  C:\Windows\System32\tZTwuKx.exe
  2⤵
  PID:6420
- C:\Windows\System32\cQwXFpV.exe
  C:\Windows\System32\cQwXFpV.exe
  2⤵
  PID:6508
- C:\Windows\System32\sRbgoDb.exe
  C:\Windows\System32\sRbgoDb.exe
  2⤵
  PID:6636
- C:\Windows\System32\GFKVqnU.exe
  C:\Windows\System32\GFKVqnU.exe
  2⤵
  PID:6832
- C:\Windows\System32\DAEfkyk.exe
  C:\Windows\System32\DAEfkyk.exe
  2⤵
  PID:7060
- C:\Windows\System32\NtSSWcX.exe
  C:\Windows\System32\NtSSWcX.exe
  2⤵
  PID:7132
- C:\Windows\System32\nBcztmq.exe
  C:\Windows\System32\nBcztmq.exe
  2⤵
  PID:6468
- C:\Windows\System32\UzjeSNI.exe
  C:\Windows\System32\UzjeSNI.exe
  2⤵
  PID:6808
- C:\Windows\System32\yDyGwzY.exe
  C:\Windows\System32\yDyGwzY.exe
  2⤵
  PID:4984
- C:\Windows\System32\hYIxrEv.exe
  C:\Windows\System32\hYIxrEv.exe
  2⤵
  PID:7092
- C:\Windows\System32\wwnxpBj.exe
  C:\Windows\System32\wwnxpBj.exe
  2⤵
  PID:7180
- C:\Windows\System32\TYMGuGd.exe
  C:\Windows\System32\TYMGuGd.exe
  2⤵
  PID:7204
- C:\Windows\System32\QKbgDtI.exe
  C:\Windows\System32\QKbgDtI.exe
  2⤵
  PID:7224
- C:\Windows\System32\xePgnAm.exe
  C:\Windows\System32\xePgnAm.exe
  2⤵
  PID:7264
- C:\Windows\System32\UnLDfQn.exe
  C:\Windows\System32\UnLDfQn.exe
  2⤵
  PID:7284
- C:\Windows\System32\GSdtcaq.exe
  C:\Windows\System32\GSdtcaq.exe
  2⤵
  PID:7308
- C:\Windows\System32\JNoBXpC.exe
  C:\Windows\System32\JNoBXpC.exe
  2⤵
  PID:7332
- C:\Windows\System32\KyYnGqW.exe
  C:\Windows\System32\KyYnGqW.exe
  2⤵
  PID:7360
- C:\Windows\System32\JOluJPN.exe
  C:\Windows\System32\JOluJPN.exe
  2⤵
  PID:7384
- C:\Windows\System32\TsyYsNm.exe
  C:\Windows\System32\TsyYsNm.exe
  2⤵
  PID:7420
- C:\Windows\System32\wBYgWQp.exe
  C:\Windows\System32\wBYgWQp.exe
  2⤵
  PID:7460
- C:\Windows\System32\XjZmTQq.exe
  C:\Windows\System32\XjZmTQq.exe
  2⤵
  PID:7484
- C:\Windows\System32\caQAfgi.exe
  C:\Windows\System32\caQAfgi.exe
  2⤵
  PID:7500
- C:\Windows\System32\YNcKBjy.exe
  C:\Windows\System32\YNcKBjy.exe
  2⤵
  PID:7524
- C:\Windows\System32\bULhZen.exe
  C:\Windows\System32\bULhZen.exe
  2⤵
  PID:7544
- C:\Windows\System32\hLmKDcS.exe
  C:\Windows\System32\hLmKDcS.exe
  2⤵
  PID:7592
- C:\Windows\System32\cXyGXDS.exe
  C:\Windows\System32\cXyGXDS.exe
  2⤵
  PID:7612
- C:\Windows\System32\FlKUTXl.exe
  C:\Windows\System32\FlKUTXl.exe
  2⤵
  PID:7656
- C:\Windows\System32\lYJRbjY.exe
  C:\Windows\System32\lYJRbjY.exe
  2⤵
  PID:7684
- C:\Windows\System32\oDKiNyG.exe
  C:\Windows\System32\oDKiNyG.exe
  2⤵
  PID:7700
- C:\Windows\System32\HZaSjFR.exe
  C:\Windows\System32\HZaSjFR.exe
  2⤵
  PID:7724
- C:\Windows\System32\YdEMZJG.exe
  C:\Windows\System32\YdEMZJG.exe
  2⤵
  PID:7764
- C:\Windows\System32\vCqgGMw.exe
  C:\Windows\System32\vCqgGMw.exe
  2⤵
  PID:7788
- C:\Windows\System32\XtoTLcW.exe
  C:\Windows\System32\XtoTLcW.exe
  2⤵
  PID:7836
- C:\Windows\System32\SdUDWFT.exe
  C:\Windows\System32\SdUDWFT.exe
  2⤵
  PID:7852
- C:\Windows\System32\BeaJqpH.exe
  C:\Windows\System32\BeaJqpH.exe
  2⤵
  PID:7884
- C:\Windows\System32\ZzxNofU.exe
  C:\Windows\System32\ZzxNofU.exe
  2⤵
  PID:7908
- C:\Windows\System32\FcvwEle.exe
  C:\Windows\System32\FcvwEle.exe
  2⤵
  PID:7928
- C:\Windows\System32\eXViUOT.exe
  C:\Windows\System32\eXViUOT.exe
  2⤵
  PID:7964
- C:\Windows\System32\RwHAwAI.exe
  C:\Windows\System32\RwHAwAI.exe
  2⤵
  PID:7984
- C:\Windows\System32\QFdEqLo.exe
  C:\Windows\System32\QFdEqLo.exe
  2⤵
  PID:8024
- C:\Windows\System32\oVANCuF.exe
  C:\Windows\System32\oVANCuF.exe
  2⤵
  PID:8044
- C:\Windows\System32\UqIdwxX.exe
  C:\Windows\System32\UqIdwxX.exe
  2⤵
  PID:8068
- C:\Windows\System32\LjdgOda.exe
  C:\Windows\System32\LjdgOda.exe
  2⤵
  PID:8084
- C:\Windows\System32\GbbdgCp.exe
  C:\Windows\System32\GbbdgCp.exe
  2⤵
  PID:8128
- C:\Windows\System32\jPYgyUP.exe
  C:\Windows\System32\jPYgyUP.exe
  2⤵
  PID:8152
- C:\Windows\System32\CZQPCGe.exe
  C:\Windows\System32\CZQPCGe.exe
  2⤵
  PID:8172
- C:\Windows\System32\uUnDDSr.exe
  C:\Windows\System32\uUnDDSr.exe
  2⤵
  PID:7176
- C:\Windows\System32\lwqqyaa.exe
  C:\Windows\System32\lwqqyaa.exe
  2⤵
  PID:7260
- C:\Windows\System32\MLhAAif.exe
  C:\Windows\System32\MLhAAif.exe
  2⤵
  PID:7328
- C:\Windows\System32\PKBERFI.exe
  C:\Windows\System32\PKBERFI.exe
  2⤵
  PID:7604
- C:\Windows\System32\HdDyuAU.exe
  C:\Windows\System32\HdDyuAU.exe
  2⤵
  PID:7648
- C:\Windows\System32\ugpHoNr.exe
  C:\Windows\System32\ugpHoNr.exe
  2⤵
  PID:7668
- C:\Windows\System32\qmWPSmx.exe
  C:\Windows\System32\qmWPSmx.exe
  2⤵
  PID:7744
- C:\Windows\System32\HpJMLwn.exe
  C:\Windows\System32\HpJMLwn.exe
  2⤵
  PID:7748
- C:\Windows\System32\YMbRKYY.exe
  C:\Windows\System32\YMbRKYY.exe
  2⤵
  PID:7096
- C:\Windows\System32\iVNaKdI.exe
  C:\Windows\System32\iVNaKdI.exe
  2⤵
  PID:7800
- C:\Windows\System32\aZzpGvQ.exe
  C:\Windows\System32\aZzpGvQ.exe
  2⤵
  PID:7868
- C:\Windows\System32\WWOVSIg.exe
  C:\Windows\System32\WWOVSIg.exe
  2⤵
  PID:7916
- C:\Windows\System32\QgqlwXH.exe
  C:\Windows\System32\QgqlwXH.exe
  2⤵
  PID:7940
- C:\Windows\System32\mclMYsp.exe
  C:\Windows\System32\mclMYsp.exe
  2⤵
  PID:8004
- C:\Windows\System32\kgwVmth.exe
  C:\Windows\System32\kgwVmth.exe
  2⤵
  PID:8040
- C:\Windows\System32\ctNeyyB.exe
  C:\Windows\System32\ctNeyyB.exe
  2⤵
  PID:8120
- C:\Windows\System32\nvImYqV.exe
  C:\Windows\System32\nvImYqV.exe
  2⤵
  PID:7472
- C:\Windows\System32\oGNyUeF.exe
  C:\Windows\System32\oGNyUeF.exe
  2⤵
  PID:7416
- C:\Windows\System32\XUloxne.exe
  C:\Windows\System32\XUloxne.exe
  2⤵
  PID:7516
- C:\Windows\System32\RORxFgK.exe
  C:\Windows\System32\RORxFgK.exe
  2⤵
  PID:7676
- C:\Windows\System32\PLTWfaV.exe
  C:\Windows\System32\PLTWfaV.exe
  2⤵
  PID:8036
- C:\Windows\System32\wyotnoc.exe
  C:\Windows\System32\wyotnoc.exe
  2⤵
  PID:7220
- C:\Windows\System32\vzvXjiu.exe
  C:\Windows\System32\vzvXjiu.exe
  2⤵
  PID:7536
- C:\Windows\System32\YCcMtnV.exe
  C:\Windows\System32\YCcMtnV.exe
  2⤵
  PID:8056
- C:\Windows\System32\HxNaSdp.exe
  C:\Windows\System32\HxNaSdp.exe
  2⤵
  PID:7740
- C:\Windows\System32\ctvnytM.exe
  C:\Windows\System32\ctvnytM.exe
  2⤵
  PID:7468
- C:\Windows\System32\DEEtHma.exe
  C:\Windows\System32\DEEtHma.exe
  2⤵
  PID:7496
- C:\Windows\System32\BikmMsD.exe
  C:\Windows\System32\BikmMsD.exe
  2⤵
  PID:8252
- C:\Windows\System32\yIoAyby.exe
  C:\Windows\System32\yIoAyby.exe
  2⤵
  PID:8272
- C:\Windows\System32\xmIwwaE.exe
  C:\Windows\System32\xmIwwaE.exe
  2⤵
  PID:8300
- C:\Windows\System32\nmKQtKK.exe
  C:\Windows\System32\nmKQtKK.exe
  2⤵
  PID:8324
- C:\Windows\System32\sNpceFv.exe
  C:\Windows\System32\sNpceFv.exe
  2⤵
  PID:8344
- C:\Windows\System32\ovPpetS.exe
  C:\Windows\System32\ovPpetS.exe
  2⤵
  PID:8392
- C:\Windows\System32\eMwYpvD.exe
  C:\Windows\System32\eMwYpvD.exe
  2⤵
  PID:8420
- C:\Windows\System32\xEdcbLR.exe
  C:\Windows\System32\xEdcbLR.exe
  2⤵
  PID:8444
- C:\Windows\System32\sxVBGqw.exe
  C:\Windows\System32\sxVBGqw.exe
  2⤵
  PID:8476
- C:\Windows\System32\dBRDcOS.exe
  C:\Windows\System32\dBRDcOS.exe
  2⤵
  PID:8504
- C:\Windows\System32\MZVPIAU.exe
  C:\Windows\System32\MZVPIAU.exe
  2⤵
  PID:8528
- C:\Windows\System32\PjpoEVv.exe
  C:\Windows\System32\PjpoEVv.exe
  2⤵
  PID:8560
- C:\Windows\System32\JJHNJbL.exe
  C:\Windows\System32\JJHNJbL.exe
  2⤵
  PID:8580
- C:\Windows\System32\KBInhFA.exe
  C:\Windows\System32\KBInhFA.exe
  2⤵
  PID:8604
- C:\Windows\System32\mnTOuZf.exe
  C:\Windows\System32\mnTOuZf.exe
  2⤵
  PID:8624
- C:\Windows\System32\drxGFSf.exe
  C:\Windows\System32\drxGFSf.exe
  2⤵
  PID:8648
- C:\Windows\System32\JtmIDNN.exe
  C:\Windows\System32\JtmIDNN.exe
  2⤵
  PID:8680
- C:\Windows\System32\qMwNvjf.exe
  C:\Windows\System32\qMwNvjf.exe
  2⤵
  PID:8724
- C:\Windows\System32\qRNGyxK.exe
  C:\Windows\System32\qRNGyxK.exe
  2⤵
  PID:8748
- C:\Windows\System32\PAefagC.exe
  C:\Windows\System32\PAefagC.exe
  2⤵
  PID:8776
- C:\Windows\System32\cxpINeZ.exe
  C:\Windows\System32\cxpINeZ.exe
  2⤵
  PID:8792
- C:\Windows\System32\lcJOhro.exe
  C:\Windows\System32\lcJOhro.exe
  2⤵
  PID:8832
- C:\Windows\System32\IJOPvbA.exe
  C:\Windows\System32\IJOPvbA.exe
  2⤵
  PID:8852
- C:\Windows\System32\rWnHtBt.exe
  C:\Windows\System32\rWnHtBt.exe
  2⤵
  PID:8880
- C:\Windows\System32\ZrwIWZR.exe
  C:\Windows\System32\ZrwIWZR.exe
  2⤵
  PID:8912
- C:\Windows\System32\hvsffkc.exe
  C:\Windows\System32\hvsffkc.exe
  2⤵
  PID:8940
- C:\Windows\System32\AQhgTYZ.exe
  C:\Windows\System32\AQhgTYZ.exe
  2⤵
  PID:8956
- C:\Windows\System32\hQThMjd.exe
  C:\Windows\System32\hQThMjd.exe
  2⤵
  PID:8988
- C:\Windows\System32\NyBheRU.exe
  C:\Windows\System32\NyBheRU.exe
  2⤵
  PID:9040
- C:\Windows\System32\fUAVHyt.exe
  C:\Windows\System32\fUAVHyt.exe
  2⤵
  PID:9060
- C:\Windows\System32\ePcrRZC.exe
  C:\Windows\System32\ePcrRZC.exe
  2⤵
  PID:9088
- C:\Windows\System32\qAseXrd.exe
  C:\Windows\System32\qAseXrd.exe
  2⤵
  PID:9108
- C:\Windows\System32\RQBoQZF.exe
  C:\Windows\System32\RQBoQZF.exe
  2⤵
  PID:9152
- C:\Windows\System32\rbjOtPu.exe
  C:\Windows\System32\rbjOtPu.exe
  2⤵
  PID:9180
- C:\Windows\System32\MDlsTcP.exe
  C:\Windows\System32\MDlsTcP.exe
  2⤵
  PID:9212
- C:\Windows\System32\wzLLsqJ.exe
  C:\Windows\System32\wzLLsqJ.exe
  2⤵
  PID:7396
- C:\Windows\System32\FSmVJXH.exe
  C:\Windows\System32\FSmVJXH.exe
  2⤵
  PID:8236
- C:\Windows\System32\kQVlyJx.exe
  C:\Windows\System32\kQVlyJx.exe
  2⤵
  PID:8292
- C:\Windows\System32\MpASsrD.exe
  C:\Windows\System32\MpASsrD.exe
  2⤵
  PID:8368
- C:\Windows\System32\ICoBAQs.exe
  C:\Windows\System32\ICoBAQs.exe
  2⤵
  PID:8412
- C:\Windows\System32\wTsnZHn.exe
  C:\Windows\System32\wTsnZHn.exe
  2⤵
  PID:8544
- C:\Windows\System32\QkUubBM.exe
  C:\Windows\System32\QkUubBM.exe
  2⤵
  PID:8572
- C:\Windows\System32\Gztsmpj.exe
  C:\Windows\System32\Gztsmpj.exe
  2⤵
  PID:8640
- C:\Windows\System32\ZcRGOqo.exe
  C:\Windows\System32\ZcRGOqo.exe
  2⤵
  PID:8672
- C:\Windows\System32\ptKAuFy.exe
  C:\Windows\System32\ptKAuFy.exe
  2⤵
  PID:8744
- C:\Windows\System32\EtdXhxe.exe
  C:\Windows\System32\EtdXhxe.exe
  2⤵
  PID:8788
- C:\Windows\System32\dYcyEhl.exe
  C:\Windows\System32\dYcyEhl.exe
  2⤵
  PID:8820
- C:\Windows\System32\ygudvpB.exe
  C:\Windows\System32\ygudvpB.exe
  2⤵
  PID:8920
- C:\Windows\System32\DnSqXLA.exe
  C:\Windows\System32\DnSqXLA.exe
  2⤵
  PID:9028
- C:\Windows\System32\SIFxjJM.exe
  C:\Windows\System32\SIFxjJM.exe
  2⤵
  PID:9084
- C:\Windows\System32\YSAwIgF.exe
  C:\Windows\System32\YSAwIgF.exe
  2⤵
  PID:9196
- C:\Windows\System32\GFZMwAu.exe
  C:\Windows\System32\GFZMwAu.exe
  2⤵
  PID:7564
- C:\Windows\System32\YsbhYad.exe
  C:\Windows\System32\YsbhYad.exe
  2⤵
  PID:8312
- C:\Windows\System32\LmmOFlB.exe
  C:\Windows\System32\LmmOFlB.exe
  2⤵
  PID:8460
- C:\Windows\System32\fnvlMfd.exe
  C:\Windows\System32\fnvlMfd.exe
  2⤵
  PID:8612
- C:\Windows\System32\obyMRRI.exe
  C:\Windows\System32\obyMRRI.exe
  2⤵
  PID:8760
- C:\Windows\System32\KmEfHKr.exe
  C:\Windows\System32\KmEfHKr.exe
  2⤵
  PID:8896
- C:\Windows\System32\qnoNwgK.exe
  C:\Windows\System32\qnoNwgK.exe
  2⤵
  PID:9144
- C:\Windows\System32\Opvlahd.exe
  C:\Windows\System32\Opvlahd.exe
  2⤵
  PID:8220
- C:\Windows\System32\KsalmbJ.exe
  C:\Windows\System32\KsalmbJ.exe
  2⤵
  PID:8520
- C:\Windows\System32\wSWLkXs.exe
  C:\Windows\System32\wSWLkXs.exe
  2⤵
  PID:8848
- C:\Windows\System32\rXgjPSZ.exe
  C:\Windows\System32\rXgjPSZ.exe
  2⤵
  PID:8456
- C:\Windows\System32\RLWZBoY.exe
  C:\Windows\System32\RLWZBoY.exe
  2⤵
  PID:8388
- C:\Windows\System32\ndcfEPe.exe
  C:\Windows\System32\ndcfEPe.exe
  2⤵
  PID:9220
- C:\Windows\System32\joFjRQr.exe
  C:\Windows\System32\joFjRQr.exe
  2⤵
  PID:9248
- C:\Windows\System32\sZKFift.exe
  C:\Windows\System32\sZKFift.exe
  2⤵
  PID:9276
- C:\Windows\System32\YHEWJRF.exe
  C:\Windows\System32\YHEWJRF.exe
  2⤵
  PID:9304
- C:\Windows\System32\oyOaMct.exe
  C:\Windows\System32\oyOaMct.exe
  2⤵
  PID:9324
- C:\Windows\System32\StGzput.exe
  C:\Windows\System32\StGzput.exe
  2⤵
  PID:9352
- C:\Windows\System32\evCyLBh.exe
  C:\Windows\System32\evCyLBh.exe
  2⤵
  PID:9372
- C:\Windows\System32\XWdIeXf.exe
  C:\Windows\System32\XWdIeXf.exe
  2⤵
  PID:9428
- C:\Windows\System32\OUWBtGt.exe
  C:\Windows\System32\OUWBtGt.exe
  2⤵
  PID:9448
- C:\Windows\System32\nMSUVXf.exe
  C:\Windows\System32\nMSUVXf.exe
  2⤵
  PID:9472
- C:\Windows\System32\FDGodvP.exe
  C:\Windows\System32\FDGodvP.exe
  2⤵
  PID:9512
- C:\Windows\System32\EGpJKAo.exe
  C:\Windows\System32\EGpJKAo.exe
  2⤵
  PID:9544
- C:\Windows\System32\MKeLAwu.exe
  C:\Windows\System32\MKeLAwu.exe
  2⤵
  PID:9564
- C:\Windows\System32\hGRpudp.exe
  C:\Windows\System32\hGRpudp.exe
  2⤵
  PID:9584
- C:\Windows\System32\kNuBvRx.exe
  C:\Windows\System32\kNuBvRx.exe
  2⤵
  PID:9604
- C:\Windows\System32\YqDsVdS.exe
  C:\Windows\System32\YqDsVdS.exe
  2⤵
  PID:9624
- C:\Windows\System32\ANckCgQ.exe
  C:\Windows\System32\ANckCgQ.exe
  2⤵
  PID:9656
- C:\Windows\System32\FeXMRFK.exe
  C:\Windows\System32\FeXMRFK.exe
  2⤵
  PID:9680
- C:\Windows\System32\BNMJgLu.exe
  C:\Windows\System32\BNMJgLu.exe
  2⤵
  PID:9712
- C:\Windows\System32\wcNtUXm.exe
  C:\Windows\System32\wcNtUXm.exe
  2⤵
  PID:9740
- C:\Windows\System32\ChTJlAB.exe
  C:\Windows\System32\ChTJlAB.exe
  2⤵
  PID:9764
- C:\Windows\System32\mHrdfOe.exe
  C:\Windows\System32\mHrdfOe.exe
  2⤵
  PID:9796
- C:\Windows\System32\SAzyHGV.exe
  C:\Windows\System32\SAzyHGV.exe
  2⤵
  PID:9820
- C:\Windows\System32\lnfSnHk.exe
  C:\Windows\System32\lnfSnHk.exe
  2⤵
  PID:9852
- C:\Windows\System32\SJxjPMp.exe
  C:\Windows\System32\SJxjPMp.exe
  2⤵
  PID:9884
- C:\Windows\System32\TeBuYmi.exe
  C:\Windows\System32\TeBuYmi.exe
  2⤵
  PID:9924
- C:\Windows\System32\vFUwwtO.exe
  C:\Windows\System32\vFUwwtO.exe
  2⤵
  PID:9960
- C:\Windows\System32\CVkmWZG.exe
  C:\Windows\System32\CVkmWZG.exe
  2⤵
  PID:9976
- C:\Windows\System32\ykcjqGD.exe
  C:\Windows\System32\ykcjqGD.exe
  2⤵
  PID:9996
- C:\Windows\System32\WSKATHO.exe
  C:\Windows\System32\WSKATHO.exe
  2⤵
  PID:10048
- C:\Windows\System32\BfBGLqN.exe
  C:\Windows\System32\BfBGLqN.exe
  2⤵
  PID:10076
- C:\Windows\System32\zYnjGhH.exe
  C:\Windows\System32\zYnjGhH.exe
  2⤵
  PID:10092
- C:\Windows\System32\VQPKPgh.exe
  C:\Windows\System32\VQPKPgh.exe
  2⤵
  PID:10132
- C:\Windows\System32\CioLKuu.exe
  C:\Windows\System32\CioLKuu.exe
  2⤵
  PID:10156
- C:\Windows\System32\hyreXhQ.exe
  C:\Windows\System32\hyreXhQ.exe
  2⤵
  PID:10176
- C:\Windows\System32\cqvCuOT.exe
  C:\Windows\System32\cqvCuOT.exe
  2⤵
  PID:10196
- C:\Windows\System32\WzMGdly.exe
  C:\Windows\System32\WzMGdly.exe
  2⤵
  PID:10220
- C:\Windows\System32\DNDJAgN.exe
  C:\Windows\System32\DNDJAgN.exe
  2⤵
  PID:9264
- C:\Windows\System32\ekItMmC.exe
  C:\Windows\System32\ekItMmC.exe
  2⤵
  PID:9368
- C:\Windows\System32\rNTWESP.exe
  C:\Windows\System32\rNTWESP.exe
  2⤵
  PID:9404
- C:\Windows\System32\SCOFYiP.exe
  C:\Windows\System32\SCOFYiP.exe
  2⤵
  PID:9420
- C:\Windows\System32\dPrWvSx.exe
  C:\Windows\System32\dPrWvSx.exe
  2⤵
  PID:9484
- C:\Windows\System32\XRxNnxW.exe
  C:\Windows\System32\XRxNnxW.exe
  2⤵
  PID:9580
- C:\Windows\System32\gfNHppY.exe
  C:\Windows\System32\gfNHppY.exe
  2⤵
  PID:9600
- C:\Windows\System32\MpshRPf.exe
  C:\Windows\System32\MpshRPf.exe
  2⤵
  PID:9612
- C:\Windows\System32\lGKHGAr.exe
  C:\Windows\System32\lGKHGAr.exe
  2⤵
  PID:9700
- C:\Windows\System32\EHlNmzj.exe
  C:\Windows\System32\EHlNmzj.exe
  2⤵
  PID:9816
- C:\Windows\System32\ozRilii.exe
  C:\Windows\System32\ozRilii.exe
  2⤵
  PID:9972
- C:\Windows\System32\XtAFgLD.exe
  C:\Windows\System32\XtAFgLD.exe
  2⤵
  PID:9968
- C:\Windows\System32\rwsYGvv.exe
  C:\Windows\System32\rwsYGvv.exe
  2⤵
  PID:10068
- C:\Windows\System32\SuXMRrW.exe
  C:\Windows\System32\SuXMRrW.exe
  2⤵
  PID:10108
- C:\Windows\System32\fOtShrn.exe
  C:\Windows\System32\fOtShrn.exe
  2⤵
  PID:10208
- C:\Windows\System32\ltTYANr.exe
  C:\Windows\System32\ltTYANr.exe
  2⤵
  PID:10204
- C:\Windows\System32\OBgImZi.exe
  C:\Windows\System32\OBgImZi.exe
  2⤵
  PID:9320
- C:\Windows\System32\ghwYkFU.exe
  C:\Windows\System32\ghwYkFU.exe
  2⤵
  PID:9540
- C:\Windows\System32\HvPsLqg.exe
  C:\Windows\System32\HvPsLqg.exe
  2⤵
  PID:9760
- C:\Windows\System32\bnSXNai.exe
  C:\Windows\System32\bnSXNai.exe
  2⤵
  PID:9676
- C:\Windows\System32\GOAikCE.exe
  C:\Windows\System32\GOAikCE.exe
  2⤵
  PID:9984
- C:\Windows\System32\ssssutt.exe
  C:\Windows\System32\ssssutt.exe
  2⤵
  PID:10056
- C:\Windows\System32\vJmQaOg.exe
  C:\Windows\System32\vJmQaOg.exe
  2⤵
  PID:10188
- C:\Windows\System32\dyuHoNL.exe
  C:\Windows\System32\dyuHoNL.exe
  2⤵
  PID:9444
- C:\Windows\System32\CrsQcnF.exe
  C:\Windows\System32\CrsQcnF.exe
  2⤵
  PID:10088
- C:\Windows\System32\cYwwjYN.exe
  C:\Windows\System32\cYwwjYN.exe
  2⤵
  PID:9780
- C:\Windows\System32\fQCzTxu.exe
  C:\Windows\System32\fQCzTxu.exe
  2⤵
  PID:10244
- C:\Windows\System32\eAHhMUf.exe
  C:\Windows\System32\eAHhMUf.exe
  2⤵
  PID:10272
- C:\Windows\System32\oegFgye.exe
  C:\Windows\System32\oegFgye.exe
  2⤵
  PID:10292
- C:\Windows\System32\bAYtHfp.exe
  C:\Windows\System32\bAYtHfp.exe
  2⤵
  PID:10332
- C:\Windows\System32\RDvLOpP.exe
  C:\Windows\System32\RDvLOpP.exe
  2⤵
  PID:10348
- C:\Windows\System32\uWLsSpj.exe
  C:\Windows\System32\uWLsSpj.exe
  2⤵
  PID:10388
- C:\Windows\System32\rSfQZHw.exe
  C:\Windows\System32\rSfQZHw.exe
  2⤵
  PID:10412
- C:\Windows\System32\oTGUtCs.exe
  C:\Windows\System32\oTGUtCs.exe
  2⤵
  PID:10440
- C:\Windows\System32\FAXoxtT.exe
  C:\Windows\System32\FAXoxtT.exe
  2⤵
  PID:10460
- C:\Windows\System32\wtRwXie.exe
  C:\Windows\System32\wtRwXie.exe
  2⤵
  PID:10500
- C:\Windows\System32\FKgLrZM.exe
  C:\Windows\System32\FKgLrZM.exe
  2⤵
  PID:10528
- C:\Windows\System32\zaPERQp.exe
  C:\Windows\System32\zaPERQp.exe
  2⤵
  PID:10552
- C:\Windows\System32\ZRpGRUV.exe
  C:\Windows\System32\ZRpGRUV.exe
  2⤵
  PID:10572
- C:\Windows\System32\JpYeOww.exe
  C:\Windows\System32\JpYeOww.exe
  2⤵
  PID:10596
- C:\Windows\System32\mwPPcPI.exe
  C:\Windows\System32\mwPPcPI.exe
  2⤵
  PID:10620
- C:\Windows\System32\uMsrLmq.exe
  C:\Windows\System32\uMsrLmq.exe
  2⤵
  PID:10644
- C:\Windows\System32\fAcOHHV.exe
  C:\Windows\System32\fAcOHHV.exe
  2⤵
  PID:10684
- C:\Windows\System32\JUmIPuf.exe
  C:\Windows\System32\JUmIPuf.exe
  2⤵
  PID:10712
- C:\Windows\System32\WzFYmWO.exe
  C:\Windows\System32\WzFYmWO.exe
  2⤵
  PID:10732
- C:\Windows\System32\mogfwXS.exe
  C:\Windows\System32\mogfwXS.exe
  2⤵
  PID:10768
- C:\Windows\System32\xFEPjoi.exe
  C:\Windows\System32\xFEPjoi.exe
  2⤵
  PID:10788
- C:\Windows\System32\xZCjiKP.exe
  C:\Windows\System32\xZCjiKP.exe
  2⤵
  PID:10812
- C:\Windows\System32\fHgtyRE.exe
  C:\Windows\System32\fHgtyRE.exe
  2⤵
  PID:10832
- C:\Windows\System32\XKmtjTB.exe
  C:\Windows\System32\XKmtjTB.exe
  2⤵
  PID:10880
- C:\Windows\System32\DdypIRy.exe
  C:\Windows\System32\DdypIRy.exe
  2⤵
  PID:10900
- C:\Windows\System32\mGbQJcj.exe
  C:\Windows\System32\mGbQJcj.exe
  2⤵
  PID:10924
- C:\Windows\System32\yIUVoBS.exe
  C:\Windows\System32\yIUVoBS.exe
  2⤵
  PID:10952
- C:\Windows\System32\EhLEtrG.exe
  C:\Windows\System32\EhLEtrG.exe
  2⤵
  PID:10972
- C:\Windows\System32\lJOmZuJ.exe
  C:\Windows\System32\lJOmZuJ.exe
  2⤵
  PID:10996
- C:\Windows\System32\bjzFfXQ.exe
  C:\Windows\System32\bjzFfXQ.exe
  2⤵
  PID:11024
- C:\Windows\System32\wExJpga.exe
  C:\Windows\System32\wExJpga.exe
  2⤵
  PID:11044
- C:\Windows\System32\jqYnmUY.exe
  C:\Windows\System32\jqYnmUY.exe
  2⤵
  PID:11080
- C:\Windows\System32\dmospqL.exe
  C:\Windows\System32\dmospqL.exe
  2⤵
  PID:11104
- C:\Windows\System32\WBKwPxX.exe
  C:\Windows\System32\WBKwPxX.exe
  2⤵
  PID:11152
- C:\Windows\System32\cMrUitC.exe
  C:\Windows\System32\cMrUitC.exe
  2⤵
  PID:11168
- C:\Windows\System32\CKrFOnC.exe
  C:\Windows\System32\CKrFOnC.exe
  2⤵
  PID:11196
- C:\Windows\System32\iuMWJTT.exe
  C:\Windows\System32\iuMWJTT.exe
  2⤵
  PID:11240
- C:\Windows\System32\QSJCEri.exe
  C:\Windows\System32\QSJCEri.exe
  2⤵
  PID:10264
- C:\Windows\System32\GFawjYR.exe
  C:\Windows\System32\GFawjYR.exe
  2⤵
  PID:10316
- C:\Windows\System32\kUZRAVr.exe
  C:\Windows\System32\kUZRAVr.exe
  2⤵
  PID:10400
- C:\Windows\System32\bpwnyaS.exe
  C:\Windows\System32\bpwnyaS.exe
  2⤵
  PID:10480
- C:\Windows\System32\RhvHkXb.exe
  C:\Windows\System32\RhvHkXb.exe
  2⤵
  PID:10512
- C:\Windows\System32\FfsWcLG.exe
  C:\Windows\System32\FfsWcLG.exe
  2⤵
  PID:10564
- C:\Windows\System32\wXmSLSI.exe
  C:\Windows\System32\wXmSLSI.exe
  2⤵
  PID:10636
- C:\Windows\System32\VJsuzli.exe
  C:\Windows\System32\VJsuzli.exe
  2⤵
  PID:10696
- C:\Windows\System32\TulMWul.exe
  C:\Windows\System32\TulMWul.exe
  2⤵
  PID:10764
- C:\Windows\System32\HFBFZsh.exe
  C:\Windows\System32\HFBFZsh.exe
  2⤵
  PID:10856
- C:\Windows\System32\ofKQhzW.exe
  C:\Windows\System32\ofKQhzW.exe
  2⤵
  PID:10896
- C:\Windows\System32\uFzezle.exe
  C:\Windows\System32\uFzezle.exe
  2⤵
  PID:10944
- C:\Windows\System32\LPNHeoW.exe
  C:\Windows\System32\LPNHeoW.exe
  2⤵
  PID:11020
- C:\Windows\System32\IxDjUFh.exe
  C:\Windows\System32\IxDjUFh.exe
  2⤵
  PID:11096
- C:\Windows\System32\oBkGYwh.exe
  C:\Windows\System32\oBkGYwh.exe
  2⤵
  PID:11144
- C:\Windows\System32\ZTRHbWO.exe
  C:\Windows\System32\ZTRHbWO.exe
  2⤵
  PID:11260
- C:\Windows\System32\VWuUfcG.exe
  C:\Windows\System32\VWuUfcG.exe
  2⤵
  PID:10452
- C:\Windows\System32\KExohpx.exe
  C:\Windows\System32\KExohpx.exe
  2⤵
  PID:10536
- C:\Windows\System32\ZoQWFjC.exe
  C:\Windows\System32\ZoQWFjC.exe
  2⤵
  PID:10704
- C:\Windows\System32\aHQsfHm.exe
  C:\Windows\System32\aHQsfHm.exe
  2⤵
  PID:10796
- C:\Windows\System32\xkgUlMG.exe
  C:\Windows\System32\xkgUlMG.exe
  2⤵
  PID:10916
- C:\Windows\System32\HOBRfgg.exe
  C:\Windows\System32\HOBRfgg.exe
  2⤵
  PID:11092
- C:\Windows\System32\rPPMjOl.exe
  C:\Windows\System32\rPPMjOl.exe
  2⤵
  PID:11232
- C:\Windows\System32\uoHyNuL.exe
  C:\Windows\System32\uoHyNuL.exe
  2⤵
  PID:10568
- C:\Windows\System32\cyjdfsn.exe
  C:\Windows\System32\cyjdfsn.exe
  2⤵
  PID:2628
- C:\Windows\System32\eJQNrLj.exe
  C:\Windows\System32\eJQNrLj.exe
  2⤵
  PID:10660
- C:\Windows\System32\QJZuohr.exe
  C:\Windows\System32\QJZuohr.exe
  2⤵
  PID:10980
- C:\Windows\System32\pZIuHXQ.exe
  C:\Windows\System32\pZIuHXQ.exe
  2⤵
  PID:11188
- C:\Windows\System32\mwNwowO.exe
  C:\Windows\System32\mwNwowO.exe
  2⤵
  PID:4044
- C:\Windows\System32\qEcXNCn.exe
  C:\Windows\System32\qEcXNCn.exe
  2⤵
  PID:10740
- C:\Windows\System32\tZRnAGa.exe
  C:\Windows\System32\tZRnAGa.exe
  2⤵
  PID:11276
- C:\Windows\System32\gjtLXYq.exe
  C:\Windows\System32\gjtLXYq.exe
  2⤵
  PID:11300
- C:\Windows\System32\JRSSSHd.exe
  C:\Windows\System32\JRSSSHd.exe
  2⤵
  PID:11332
- C:\Windows\System32\RFylknY.exe
  C:\Windows\System32\RFylknY.exe
  2⤵
  PID:11368
- C:\Windows\System32\OqXmWyu.exe
  C:\Windows\System32\OqXmWyu.exe
  2⤵
  PID:11388
- C:\Windows\System32\mKySioi.exe
  C:\Windows\System32\mKySioi.exe
  2⤵
  PID:11412
- C:\Windows\System32\dcsONBY.exe
  C:\Windows\System32\dcsONBY.exe
  2⤵
  PID:11432
- C:\Windows\System32\kHzwuJF.exe
  C:\Windows\System32\kHzwuJF.exe
  2⤵
  PID:11460
- C:\Windows\System32\jjmOxco.exe
  C:\Windows\System32\jjmOxco.exe
  2⤵
  PID:11484
- C:\Windows\System32\cOnivPI.exe
  C:\Windows\System32\cOnivPI.exe
  2⤵
  PID:11508
- C:\Windows\System32\ikTKFSi.exe
  C:\Windows\System32\ikTKFSi.exe
  2⤵
  PID:11560
- C:\Windows\System32\RwXAmsg.exe
  C:\Windows\System32\RwXAmsg.exe
  2⤵
  PID:11592
- C:\Windows\System32\xirTZsd.exe
  C:\Windows\System32\xirTZsd.exe
  2⤵
  PID:11620
- C:\Windows\System32\SaLVqvu.exe
  C:\Windows\System32\SaLVqvu.exe
  2⤵
  PID:11640
- C:\Windows\System32\rJWcUPm.exe
  C:\Windows\System32\rJWcUPm.exe
  2⤵
  PID:11660
- C:\Windows\System32\ajscoFS.exe
  C:\Windows\System32\ajscoFS.exe
  2⤵
  PID:11684
- C:\Windows\System32\dUDARTc.exe
  C:\Windows\System32\dUDARTc.exe
  2⤵
  PID:11712
- C:\Windows\System32\YXejzJH.exe
  C:\Windows\System32\YXejzJH.exe
  2⤵
  PID:11756
- C:\Windows\System32\MpRBSRo.exe
  C:\Windows\System32\MpRBSRo.exe
  2⤵
  PID:11788
- C:\Windows\System32\SpwfEAv.exe
  C:\Windows\System32\SpwfEAv.exe
  2⤵
  PID:11816
- C:\Windows\System32\oJzmZKt.exe
  C:\Windows\System32\oJzmZKt.exe
  2⤵
  PID:11848
- C:\Windows\System32\AvZuERv.exe
  C:\Windows\System32\AvZuERv.exe
  2⤵
  PID:11876
- C:\Windows\System32\gdjlLrB.exe
  C:\Windows\System32\gdjlLrB.exe
  2⤵
  PID:11896
- C:\Windows\System32\FRsJqVd.exe
  C:\Windows\System32\FRsJqVd.exe
  2⤵
  PID:11920
- C:\Windows\System32\qfiiHwK.exe
  C:\Windows\System32\qfiiHwK.exe
  2⤵
  PID:11956
- C:\Windows\System32\TifhNOl.exe
  C:\Windows\System32\TifhNOl.exe
  2⤵
  PID:11976
- C:\Windows\System32\opSIdhM.exe
  C:\Windows\System32\opSIdhM.exe
  2⤵
  PID:12012
- C:\Windows\System32\ZnXIHiq.exe
  C:\Windows\System32\ZnXIHiq.exe
  2⤵
  PID:12032
- C:\Windows\System32\lYkNXTW.exe
  C:\Windows\System32\lYkNXTW.exe
  2⤵
  PID:12052
- C:\Windows\System32\DTWBaCG.exe
  C:\Windows\System32\DTWBaCG.exe
  2⤵
  PID:12088
- C:\Windows\System32\xdXhrxq.exe
  C:\Windows\System32\xdXhrxq.exe
  2⤵
  PID:12120
- C:\Windows\System32\yRcAMJy.exe
  C:\Windows\System32\yRcAMJy.exe
  2⤵
  PID:12156
- C:\Windows\System32\AvhLIMq.exe
  C:\Windows\System32\AvhLIMq.exe
  2⤵
  PID:12180
- C:\Windows\System32\jDDdcwd.exe
  C:\Windows\System32\jDDdcwd.exe
  2⤵
  PID:12200
- C:\Windows\System32\PhEfhdV.exe
  C:\Windows\System32\PhEfhdV.exe
  2⤵
  PID:12216
- C:\Windows\System32\wHNqvst.exe
  C:\Windows\System32\wHNqvst.exe
  2⤵
  PID:12248
- C:\Windows\System32\WvntpdG.exe
  C:\Windows\System32\WvntpdG.exe
  2⤵
  PID:12284
- C:\Windows\System32\KJyMSEl.exe
  C:\Windows\System32\KJyMSEl.exe
  2⤵
  PID:11344
- C:\Windows\System32\zsbEAUL.exe
  C:\Windows\System32\zsbEAUL.exe
  2⤵
  PID:11408
- C:\Windows\System32\uXeTKKq.exe
  C:\Windows\System32\uXeTKKq.exe
  2⤵
  PID:11472
- C:\Windows\System32\XrxZAqE.exe
  C:\Windows\System32\XrxZAqE.exe
  2⤵
  PID:11496
- C:\Windows\System32\vZqOBUZ.exe
  C:\Windows\System32\vZqOBUZ.exe
  2⤵
  PID:11584
- C:\Windows\System32\GfPAxHm.exe
  C:\Windows\System32\GfPAxHm.exe
  2⤵
  PID:11652
- C:\Windows\System32\cifdxfv.exe
  C:\Windows\System32\cifdxfv.exe
  2⤵
  PID:11752
- C:\Windows\System32\AEcrDJZ.exe
  C:\Windows\System32\AEcrDJZ.exe
  2⤵
  PID:11812
- C:\Windows\System32\pHKIUuB.exe
  C:\Windows\System32\pHKIUuB.exe
  2⤵
  PID:11856
- C:\Windows\System32\tHxTTlf.exe
  C:\Windows\System32\tHxTTlf.exe
  2⤵
  PID:11892
- C:\Windows\System32\JJblHBa.exe
  C:\Windows\System32\JJblHBa.exe
  2⤵
  PID:11948
- C:\Windows\System32\EmlGDGh.exe
  C:\Windows\System32\EmlGDGh.exe
  2⤵
  PID:12028
- C:\Windows\System32\diVbYxO.exe
  C:\Windows\System32\diVbYxO.exe
  2⤵
  PID:12116
- C:\Windows\System32\YdaFnsp.exe
  C:\Windows\System32\YdaFnsp.exe
  2⤵
  PID:12152
- C:\Windows\System32\osxMHcF.exe
  C:\Windows\System32\osxMHcF.exe
  2⤵
  PID:4440
- C:\Windows\System32\SWdxMaz.exe
  C:\Windows\System32\SWdxMaz.exe
  2⤵
  PID:12236
- C:\Windows\System32\OyqNyir.exe
  C:\Windows\System32\OyqNyir.exe
  2⤵
  PID:12276
- C:\Windows\System32\ATSgFcI.exe
  C:\Windows\System32\ATSgFcI.exe
  2⤵
  PID:11316
- C:\Windows\System32\ounpgLe.exe
  C:\Windows\System32\ounpgLe.exe
  2⤵
  PID:11448
- C:\Windows\System32\dgJMBPm.exe
  C:\Windows\System32\dgJMBPm.exe
  2⤵
  PID:11608
- C:\Windows\System32\CosTwCH.exe
  C:\Windows\System32\CosTwCH.exe
  2⤵
  PID:11868
- C:\Windows\System32\PHJxExf.exe
  C:\Windows\System32\PHJxExf.exe
  2⤵
  PID:11932
- C:\Windows\System32\QyQYfaK.exe
  C:\Windows\System32\QyQYfaK.exe
  2⤵
  PID:612
- C:\Windows\System32\sxLFAjJ.exe
  C:\Windows\System32\sxLFAjJ.exe
  2⤵
  PID:12280
- C:\Windows\System32\faSVKDE.exe
  C:\Windows\System32\faSVKDE.exe
  2⤵
  PID:11384
- C:\Windows\System32\oTKfBsB.exe
  C:\Windows\System32\oTKfBsB.exe
  2⤵
  PID:11700
- C:\Windows\System32\UZRiYPk.exe
  C:\Windows\System32\UZRiYPk.exe
  2⤵
  PID:12260
- C:\Windows\System32\IISEQNh.exe
  C:\Windows\System32\IISEQNh.exe
  2⤵
  PID:11732
- C:\Windows\System32\WaaSMDL.exe
  C:\Windows\System32\WaaSMDL.exe
  2⤵
  PID:12292
- C:\Windows\System32\XPZhMed.exe
  C:\Windows\System32\XPZhMed.exe
  2⤵
  PID:12312
- C:\Windows\System32\aSZIMrx.exe
  C:\Windows\System32\aSZIMrx.exe
  2⤵
  PID:12336
- C:\Windows\System32\MFNJxSj.exe
  C:\Windows\System32\MFNJxSj.exe
  2⤵
  PID:12368
- C:\Windows\System32\YcaLRpn.exe
  C:\Windows\System32\YcaLRpn.exe
  2⤵
  PID:12396
- C:\Windows\System32\gBNyoow.exe
  C:\Windows\System32\gBNyoow.exe
  2⤵
  PID:12424
- C:\Windows\System32\vxMRofk.exe
  C:\Windows\System32\vxMRofk.exe
  2⤵
  PID:12448
- C:\Windows\System32\NGBjigM.exe
  C:\Windows\System32\NGBjigM.exe
  2⤵
  PID:12468
- C:\Windows\System32\FBhAaaE.exe
  C:\Windows\System32\FBhAaaE.exe
  2⤵
  PID:12508
- C:\Windows\System32\PbPzjmD.exe
  C:\Windows\System32\PbPzjmD.exe
  2⤵
  PID:12536
- C:\Windows\System32\zCvEDla.exe
  C:\Windows\System32\zCvEDla.exe
  2⤵
  PID:12564
- C:\Windows\System32\DVYqChk.exe
  C:\Windows\System32\DVYqChk.exe
  2⤵
  PID:12592
- C:\Windows\System32\hQmlgtO.exe
  C:\Windows\System32\hQmlgtO.exe
  2⤵
  PID:12612
- C:\Windows\System32\wQuSWAH.exe
  C:\Windows\System32\wQuSWAH.exe
  2⤵
  PID:12656
- C:\Windows\System32\XrNWxlZ.exe
  C:\Windows\System32\XrNWxlZ.exe
  2⤵
  PID:12692
- C:\Windows\System32\OiZruui.exe
  C:\Windows\System32\OiZruui.exe
  2⤵
  PID:12716
- C:\Windows\System32\NPHWmyW.exe
  C:\Windows\System32\NPHWmyW.exe
  2⤵
  PID:12768
- C:\Windows\System32\rRORTXV.exe
  C:\Windows\System32\rRORTXV.exe
  2⤵
  PID:12800
- C:\Windows\System32\LUXzLbL.exe
  C:\Windows\System32\LUXzLbL.exe
  2⤵
  PID:12832
- C:\Windows\System32\JDUzKms.exe
  C:\Windows\System32\JDUzKms.exe
  2⤵
  PID:12860
- C:\Windows\System32\qUGXGuY.exe
  C:\Windows\System32\qUGXGuY.exe
  2⤵
  PID:12908
- C:\Windows\System32\RFOIGJJ.exe
  C:\Windows\System32\RFOIGJJ.exe
  2⤵
  PID:12924
- C:\Windows\System32\UzMVSrA.exe
  C:\Windows\System32\UzMVSrA.exe
  2⤵
  PID:12952
- C:\Windows\System32\zGjecRD.exe
  C:\Windows\System32\zGjecRD.exe
  2⤵
  PID:12976
- C:\Windows\System32\nVXPIeS.exe
  C:\Windows\System32\nVXPIeS.exe
  2⤵
  PID:13004
- C:\Windows\System32\dsDcZlI.exe
  C:\Windows\System32\dsDcZlI.exe
  2⤵
  PID:13052
- C:\Windows\System32\pIgSULc.exe
  C:\Windows\System32\pIgSULc.exe
  2⤵
  PID:13076
- C:\Windows\System32\AbAYaYE.exe
  C:\Windows\System32\AbAYaYE.exe
  2⤵
  PID:13096
- C:\Windows\System32\NHZPRyg.exe
  C:\Windows\System32\NHZPRyg.exe
  2⤵
  PID:13116
- C:\Windows\System32\bKYNsxq.exe
  C:\Windows\System32\bKYNsxq.exe
  2⤵
  PID:13148
- C:\Windows\System32\syJKUzI.exe
  C:\Windows\System32\syJKUzI.exe
  2⤵
  PID:13172
- C:\Windows\System32\JLzHPxT.exe
  C:\Windows\System32\JLzHPxT.exe
  2⤵
  PID:13204
- C:\Windows\System32\xCKfgoo.exe
  C:\Windows\System32\xCKfgoo.exe
  2⤵
  PID:13236
- C:\Windows\System32\JkwNEyf.exe
  C:\Windows\System32\JkwNEyf.exe
  2⤵
  PID:13276

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AckqqGe.exe

Filesize
1.9MB

MD5
4639e3791df754b7ebbdce2e53d875f3

SHA1
086501485aca4073eb8d947b420f8702a3dbe672

SHA256
f4c1e2e5293aef8646a070b9534c88b3afddb4ed62d178923a2da63a145d2f3f

SHA512
72ff879267bf20106d5708467c7abe0466b5eeffcab2f3e1dd5a04cd45b75b3d3e7955509e6dfeb4c24dbe1f8c9ddc649bc1d10cd67c3163e52bc227d8795cda

Download Submit
C:\Windows\System32\BoQstCh.exe

Filesize
1.9MB

MD5
098731dd6600b2973f5d08344d68d946

SHA1
29bccbf9c9f2a02800d0dd62c71d4a78c35959bb

SHA256
4785fbad62cb62f9b9ab5f2cf2fe0bc4c0c33f4e3d130f98ef9ac95887243ff6

SHA512
f9ed23314b0261f048e4319b88e188a6d1dc122b7e0bf8a951761043fce0229ca4447b418f25f14cb9e4cfe1776f625bc8f0fd297bb2c92901b834f2674b2b71

Download Submit
C:\Windows\System32\DsXzDsV.exe

Filesize
1.9MB

MD5
68f36b913bd848b652e02514a501cade

SHA1
de72276355c15d050de0a563a17a642a8b8fbace

SHA256
852837781786afb9e81e8289deab73c6651dc17ddd34a368b4979134fda84158

SHA512
ea6d8957de2d04c49868e80c8b2cab5e2bf0128f57aa2be4af4a0b71792953ea2332f7b7aebd3254a488e7cb482a98bf046ff02d77b3b210998f5781a68aa12c

Download Submit
C:\Windows\System32\EMitSqA.exe

Filesize
1.9MB

MD5
aa31336b0645eac3b48ed47dda1c7899

SHA1
a6200c34c6eb03e8fc5876e408231610ad9c9bc4

SHA256
c41133b4abd8a0d80c9f70ffe0874bfb5b0ec5795d3f2f890a9232778adf10d7

SHA512
57f2f8f8fbaa4adb3fa4968a3355f65e9993a786c54a526a870a999db0b14cccf3e81868349d63907f8487ff414287f4af0c0aa300a7068cd345c0331ec6455b

Download Submit
C:\Windows\System32\ENyRwHI.exe

Filesize
1.9MB

MD5
b524213d3cd80ee636c7674ad6776bd7

SHA1
e63230b2f44153b3b4a3344e84579e4f42a6588a

SHA256
c5d99e2773b6fe684370346510aade8ab67d4b5c0fbabf6b89f4fc1c22ac6488

SHA512
c54d5d724e3996d5c667928ef61af5a951b44494e77f6a0964cbb8849594a4ba4033a7fdd2a5892f3865f484bcc8b044f3bf620f9a7c9ad8b44ab061650cf9aa

Download Submit
C:\Windows\System32\GOuYIxx.exe

Filesize
1.9MB

MD5
e3e135fe6e120408a82ed4363ae04c05

SHA1
9ad45ce8f72f5f6f8b35e4e4aa1460844b9c3188

SHA256
cb4334be95defa9fa2dc6214bb5fe60fb3d68fba13b85470101f7b675a83947f

SHA512
3184012aa095bda1813ec96ad8cd49398b6adea5c7e8e687b964b93267d4d93862f31ea92df744ee033360b15ca5af0cdd7947c267b72cd60bae43a91f774e7e

Download Submit
C:\Windows\System32\HhfhVyk.exe

Filesize
1.9MB

MD5
bcfa50a071a83adbf5d9a8d129abfcef

SHA1
237aa0ac93ede99b1300cd51d9b81536de64524c

SHA256
e5bec0a26bd47132b6d5939e74bcff65f4399e344e5c0727e89bcbd4c68702c2

SHA512
9ee1fe59646b57311cd343234d506321a64c7d5d2cecc6fe6c6d457125dfb7afd9a225a59c9e020059ae97e711640d6e22e4cfede92aa40e6062dea7ec5e778f

Download Submit
C:\Windows\System32\JeuuFDC.exe

Filesize
1.9MB

MD5
7b28bfd75ec222e8ba8e7e231ca590ee

SHA1
d3c596db17f5b08806281bc4ca62adf5e5c36b40

SHA256
974b3fbc368533c9ebb415db21bbb981c4c4bfb925f6a22b470dedd056b8afb3

SHA512
f9cb0acc2ce27bf63cf1177904134026851da32108530571a48dfa026a6aafa07f2f90fc0fd90f63c015cb837aea1aa607247044dc17fdef6c5bd1d5e1c24a5a

Download Submit
C:\Windows\System32\PRBmShx.exe

Filesize
1.9MB

MD5
8ebd976ab9aff768245e65c341aed4de

SHA1
f0dc557a7b63b8bfd3bcfee3ebdff448305c1bc4

SHA256
a2d814e2a6550c862b341b35e72a106313aa33bfc7502ac035e04a539cfdc4fc

SHA512
ea57543ff8889bade38e22e88e3536d5e66fe6350752fbbfb76ff18870b242c40755ee58c18c020580aa581ccbd58a45780d8a2b6a39d05bc580e1e8d28d7567

Download Submit
C:\Windows\System32\RQCFnjD.exe

Filesize
1.9MB

MD5
ed1634e053e72241df854496d5a5232e

SHA1
1213419309d8dfcfed340eba7c82288cf11bd489

SHA256
72399089a7e4b9e143071f6ccffaafbb787182879615ad1cf2005ffe3f7f4ab3

SHA512
20eb460d417387339d029763b343181a6bf519bfa86df59154c4d3e5384a61ab374f215989f4e6f54e6673d2f9119f0dd28634927d827b8e1c7e54b5a92cd052

Download Submit
C:\Windows\System32\SCpzWjl.exe

Filesize
1.9MB

MD5
616eb73845ccbb017d54763b1847d7b5

SHA1
52524ea7249e7472a82990917e2e92b7b812392d

SHA256
d1e455557a489fe619e4cb0ef54813783d7663024698b3bd8f45e740ea5147b9

SHA512
628f9f7c7af26bd559cf8d434b2c7de2217511d2bda70a39e72a8c46b0cb799b05e95162d5a2b43c7c793dde7c3704c77893dc776ec199221b563e7d6dcf8044

Download Submit
C:\Windows\System32\SroliQq.exe

Filesize
1.9MB

MD5
c589e8e266991d9e380682dd5fca21f0

SHA1
5dea550dd6620f53998e19fe7a0a51dc6dc34dcb

SHA256
964bef7c4d98fa0657ec4eeb2bd717069f47bd4f47022057e075ee26fd148208

SHA512
e1b01203548041837c4e18b84c503cfd290760fc3eadf7b92d0977220851a99202e70e60dd0f9af2b7c9107904c063c4ac1e9980e6893636c9c54d12b3bc12d8

Download Submit
C:\Windows\System32\UHBKtWm.exe

Filesize
1.9MB

MD5
849d51f16813561fcff48ab7762c590f

SHA1
54b53540031c56c7bd9dc3701253f70cb440b7c0

SHA256
a390444fb51b70c07ef90ef656a34de72e5b6e36880b70d715fabb860721678e

SHA512
e6cf38086f834a4fbe56e52cdc27e8427f39d24f43bae7efd6fdbfaecd950304cfe77255f81b77632afeb036b6812dbd81ac02c40993e96a17b6c33cbc6f68bb

Download Submit
C:\Windows\System32\VKMZEtt.exe

Filesize
1.9MB

MD5
2fb0693f368127211175a18aeb36a735

SHA1
8ccae01c9169b2e2531c67f4bb9889f7cd9cb4ad

SHA256
3e9b201294acaf4b3989dbdf6dd521c04ca931019744528a51a00a7d7ce729e9

SHA512
8a77063021f321ba7481e2970b9013f56687797a6b45fefd465e1e2420d610883885fc1b9560066c2bf0e34d36a08ac092c457323647fed8229da450feba4dca

Download Submit
C:\Windows\System32\VLordQM.exe

Filesize
1.9MB

MD5
101287014a43b7eee8780e90940f3caf

SHA1
2b07c5d7dec498943095b3618be98f30d402d5d5

SHA256
d687f8966e530f0a5626beaae60da0e7050ce73e8ac3e65bf42be7e9000e63ce

SHA512
e44fbc5f16f9e870de918daf3ef5d830478b1dfd9e7c4c45398ebc5b671ccc53faefc93aba905b41b2522b054daa4f8d639ac27a7107cea8912384ceef89e490

Download Submit
C:\Windows\System32\VQZWFIk.exe

Filesize
1.9MB

MD5
0caac573389cef8d5a1ec92fc26950e7

SHA1
58822ad109afe78bbe7334441617ee53cd93c684

SHA256
948cb67ea0339ffa54c44e643431264cf0f2b1c10e418510ddfc75966d5d787b

SHA512
46086a084f71a0e46dda06263855f9349fd56abe433b1e40960df2cfcd451404b4edfef6dc940efe9f13a071442da17e4377ad2f776990f917857ba85d3a3826

Download Submit
C:\Windows\System32\ZerqMCR.exe

Filesize
1.9MB

MD5
9f050a540e2b667ca455bc62ef517f4c

SHA1
b2f8c33968d4f277b6985614c5598450db7c5948

SHA256
df5c4dc298a7bb5aa343ef8510af5d1324a2efca901c68f1aada47240ff016cf

SHA512
e4fafd8d612403d7011f8d7c790861776c73ac1d45cb94ba3c780eecbf311dd33195ea388141b292633214f25206935267034d55bd5ff902b82825888ace119a

Download Submit
C:\Windows\System32\aIvqfhG.exe

Filesize
1.9MB

MD5
8900f4f4c83d998e373c08fb5991b36b

SHA1
292dd155fd40fa3d1451618d485eca2676a995f4

SHA256
de1923eab126d65381b7479ec7ef6db86ebd1c782511d127192a09de41f43de2

SHA512
42216eefd92e8e823ebdac8432d0d1dbccdb484fa19df8feb8ccacd6678c7f4da79665d489c5ff9bb6f169dbfa1695301911c68ae125ad3a9ef49e76e1c98167

Download Submit
C:\Windows\System32\fXlhapH.exe

Filesize
1.9MB

MD5
0bb4e120c1594e56d2623dc2acafd9d1

SHA1
350a1887bd350a1d3854adf0cbe110759da3b4c1

SHA256
4004a3ac80913ed29211aa69e1601980395851c52505d11d7125f96f25238894

SHA512
e2dbed2eef6e2a2626da496822ef711ffacec54023cdb6ffbdae87522bbb1ff33413e85376e7f7ee194727a4221819c1add45c57707a2e5085862268aa0c6c50

Download Submit
C:\Windows\System32\gqymNQH.exe

Filesize
1.9MB

MD5
88a379e46d091d23588ed15230f47882

SHA1
73e656dde7401270b2687784009d41dbeb185c14

SHA256
b81bd8ab683551df6e603eb13598e8d2878835b6c5e8ff7861d30aa69ea750f2

SHA512
d93bb63d89c82d864f86da7e444a8b30b3a70e6d8a441cada94579d90991dbc5ca12c6b0c7c2caade9ea75e3d156d9576c3b73675dc0c9b0d739144129a586b9

Download Submit
C:\Windows\System32\jMgkCsA.exe

Filesize
1.9MB

MD5
554c608c141acd7789d64567c32324cd

SHA1
c24f9c453a78df16ef28b92ce3befa5343eaaa72

SHA256
0d33c8268336b082b2d393848b39b37d7999ba0ae8c41f63b9a30d5a5289d36a

SHA512
39538b3eddd6a1e2cac9673850160ffeac231c453ff7ba0a9cd1b41981a91fc90cef29853a6dd1b41710b7b426947fc7eaa61bf3eaaad432b2797f38471935cc

Download Submit
C:\Windows\System32\lHpDbJr.exe

Filesize
1.9MB

MD5
43875c90d7658041e425d77f718a62a5

SHA1
bbb931bf8f50caeb4423d51b97dbe5d072fc8f32

SHA256
1a384626fa260d699c2238e1d37bb7b7cd0c3b3831294910f2b1676bc4dc3208

SHA512
939294a09d31aa148f706bb646aa045433336adb73c252ce5a368cab42bf4cc599f73ab63de32f5007c47ccaa2a463cc7d034de8f21d654085a2a8efe3da7c02

Download Submit
C:\Windows\System32\liJGGWz.exe

Filesize
1.9MB

MD5
a6451ccdb987c37c6af6e9f462c3aecb

SHA1
54bd5684737773adf96055fc868bc9f7aebb93b5

SHA256
f31d7c083551fc6f7c979e62bc12d435af089c5b427907ecd10d252e8a18fe4d

SHA512
7d7e43258bca51431033460ec03159f535a0533b751000eb4c591fe7f20b8eb53ba1200bafd5af9154393f6e5afed1af170e217fdeb815a520c2f7b43bfaf055

Download Submit
C:\Windows\System32\rnPkLmA.exe

Filesize
1.9MB

MD5
8237ab16b116c0ebaabf6caa88382fea

SHA1
29263e27c0814e6e1e49a1ed13bd75f21889b525

SHA256
2dd99f6d5a1f5844151605b3127d701ded58f9e9bbe59a966c0fd38201e16810

SHA512
982b31472756b725199dc7af45c98470c28b2b1a87c850b31b8e2001a3f5023d165eab1ea1c02b8ae2a3b8e140f1a557c47585243ddb18c4e0e7876766cd06bf

Download Submit
C:\Windows\System32\vQMeLZc.exe

Filesize
1.9MB

MD5
add56284e273b4923ae1153203bd0fd7

SHA1
9af895f6e8ccc7f013aef6ec85846acbccff914f

SHA256
b6807b5725f886027addcde0bfbe66832093056e7834e05ea473d6701d9d6fee

SHA512
5bdba402cd5912b62c99c33d2ccbf86463e6003c25a9facca094211f9f79acddcf2c16606f0958779a047fc6a1aa91892bfde94f21cfb289f80f34864697fe53

Download Submit
C:\Windows\System32\wZmtZwN.exe

Filesize
1.9MB

MD5
41fac6c068ce08f2e4f0f98b540458ff

SHA1
5ddb5f3c922fd586651f47f3919bb87fb5d394bf

SHA256
11a36e0ab1dc723133ee85209b9ed2c0c47026243948346169b58b661c0dfa8f

SHA512
95c6052fdbffea2598a14d8dc44099a928e1198cf74cd006eba1500457cd03f4ca0b3d0f633b06a4bfd0d393f6d8e28eaeeaa49c7839f852432b98584c6ef74b

Download Submit
C:\Windows\System32\xVAikxK.exe

Filesize
1.9MB

MD5
e085544b47285416f27f7280c57425a6

SHA1
761068714129fd968c36a78ef07b7e1120e5429e

SHA256
865ff6501aff979d2fdb929efe0755a63d250a84aaa241b46fdb95ecb9a0e958

SHA512
11dea2392704ffbc6be8b8923beecdc2d20219cf9c4005a3f8334e7f79aabcf738557673709497faf00a2acc8d7853582c7f2b49a61e89cb5f1bd7cccc315143

Download Submit
C:\Windows\System32\xjZVdDH.exe

Filesize
1.9MB

MD5
71d6063237c7604df11006ac6ac7b5f2

SHA1
9096eec2bf959fb6e3acc9cffe7a0ab06b04234d

SHA256
1ab79f9731bb39a1d625d0d7dce7083bc6edff05e22122c116d3852ed2cc3332

SHA512
6bc442a5e46e82753f4d9e2c22ad87f55cbc9066cc04be8bb3c51ebb79eb5613de4dd60e251388f2969a894bcc110fbd5a1d9ae6427c040dfa20b0cfb60f4248

Download Submit
C:\Windows\System32\xyTInWQ.exe

Filesize
1.9MB

MD5
65267e139d7e5b0f57a230ec59befcc5

SHA1
27451a0f9d116380706b68bfa95c51cec3c8aba4

SHA256
d1df6a02b057aa3f2e51055587dad45ff3f67692b7aec1d0050a4b5e073af028

SHA512
9f38d2f56b02ac9003e37892604dc524c0003ead2616f34c609cffe619fd0da74c84352fbacea538c787c328285d79117bdc0dcff1d2ee2eccf3f36230fa9260

Download Submit
C:\Windows\System32\yRxtgoU.exe

Filesize
1.9MB

MD5
d6ad713eff2b3cf59bae8bf27a8a6f34

SHA1
d32f5685a8719d5f95203bbb66331e851647d84f

SHA256
a5b8c8995300cfbd377b2c1b3b85675d631c03d196940c6345f063965058ed5a

SHA512
210427df10312de05eb9eaae7871a09bd385173f7377724d9a90d0a32bca2253ef09956eda746b4c88e30914654f29bd96f54566c7f09013b06000b2d544930a

Download Submit
C:\Windows\System32\ykyXxdg.exe

Filesize
1.9MB

MD5
47a4baf0d50661cad199fc863febe377

SHA1
5303b16f94db9b34a5537ee70c94e9d4a40bf812

SHA256
629189e5c144291c9625d24378320dddc3ceabd6506446211a23903ab119a059

SHA512
6be593483ec8c57a1365a55ae697aef860a4ddf8da57df7ded861772d64d8b59d4fbf1a98897c3ef17f6dc82a1bbd8499bcab84375a12653af5f310404731732

Download Submit
C:\Windows\System32\zxZJmHo.exe

Filesize
1.9MB

MD5
a36a407933f90220bb4e12adf939acc8

SHA1
f9c9bb5e32f0a03ce80ff0dd36c11c2ecb8fb47a

SHA256
45135fc010dbd4b79df25d8330224a18a182725cdb7ee43a02a670331478bf5f

SHA512
59e916576a0049fd83bb3433046501d712e0ebd848a42c69c4a7085e8c8fda4552f8e16f846da7c386dd34779171cf610216132810cad12f06458b27430b0fea

Download Submit
memory/212-2033-0x00007FF678B10000-0x00007FF678F01000-memory.dmp

Filesize
3.9MB

Download
memory/212-421-0x00007FF678B10000-0x00007FF678F01000-memory.dmp

Filesize
3.9MB

Download
memory/700-2025-0x00007FF741AD0000-0x00007FF741EC1000-memory.dmp

Filesize
3.9MB

Download
memory/700-45-0x00007FF741AD0000-0x00007FF741EC1000-memory.dmp

Filesize
3.9MB

Download
memory/944-2029-0x00007FF7FA750000-0x00007FF7FAB41000-memory.dmp

Filesize
3.9MB

Download
memory/944-33-0x00007FF7FA750000-0x00007FF7FAB41000-memory.dmp

Filesize
3.9MB

Download
memory/944-1978-0x00007FF7FA750000-0x00007FF7FAB41000-memory.dmp

Filesize
3.9MB

Download
memory/976-451-0x00007FF674230000-0x00007FF674621000-memory.dmp

Filesize
3.9MB

Download
memory/976-2095-0x00007FF674230000-0x00007FF674621000-memory.dmp

Filesize
3.9MB

Download
memory/1096-2014-0x00007FF6F6020000-0x00007FF6F6411000-memory.dmp

Filesize
3.9MB

Download
memory/1096-1840-0x00007FF6F6020000-0x00007FF6F6411000-memory.dmp

Filesize
3.9MB

Download
memory/1096-0-0x00007FF6F6020000-0x00007FF6F6411000-memory.dmp

Filesize
3.9MB

Download
memory/1096-1-0x000001992CA10000-0x000001992CA20000-memory.dmp

Filesize
64KB

Download
memory/1596-445-0x00007FF729C50000-0x00007FF72A041000-memory.dmp

Filesize
3.9MB

Download
memory/1596-2091-0x00007FF729C50000-0x00007FF72A041000-memory.dmp

Filesize
3.9MB

Download
memory/1608-12-0x00007FF621FF0000-0x00007FF6223E1000-memory.dmp

Filesize
3.9MB

Download
memory/1608-2019-0x00007FF621FF0000-0x00007FF6223E1000-memory.dmp

Filesize
3.9MB

Download
memory/1608-1843-0x00007FF621FF0000-0x00007FF6223E1000-memory.dmp

Filesize
3.9MB

Download
memory/2644-2045-0x00007FF611BB0000-0x00007FF611FA1000-memory.dmp

Filesize
3.9MB

Download
memory/2644-426-0x00007FF611BB0000-0x00007FF611FA1000-memory.dmp

Filesize
3.9MB

Download
memory/2868-422-0x00007FF68DA60000-0x00007FF68DE51000-memory.dmp

Filesize
3.9MB

Download
memory/2868-2041-0x00007FF68DA60000-0x00007FF68DE51000-memory.dmp

Filesize
3.9MB

Download
memory/3028-443-0x00007FF6EE220000-0x00007FF6EE611000-memory.dmp

Filesize
3.9MB

Download
memory/3028-2089-0x00007FF6EE220000-0x00007FF6EE611000-memory.dmp

Filesize
3.9MB

Download
memory/3572-22-0x00007FF722AC0000-0x00007FF722EB1000-memory.dmp

Filesize
3.9MB

Download
memory/3572-2023-0x00007FF722AC0000-0x00007FF722EB1000-memory.dmp

Filesize
3.9MB

Download
memory/3696-2039-0x00007FF7FDFF0000-0x00007FF7FE3E1000-memory.dmp

Filesize
3.9MB

Download
memory/3696-424-0x00007FF7FDFF0000-0x00007FF7FE3E1000-memory.dmp

Filesize
3.9MB

Download
memory/3740-418-0x00007FF7C9140000-0x00007FF7C9531000-memory.dmp

Filesize
3.9MB

Download
memory/3740-2035-0x00007FF7C9140000-0x00007FF7C9531000-memory.dmp

Filesize
3.9MB

Download
memory/3852-2043-0x00007FF6CC620000-0x00007FF6CCA11000-memory.dmp

Filesize
3.9MB

Download
memory/3852-423-0x00007FF6CC620000-0x00007FF6CCA11000-memory.dmp

Filesize
3.9MB

Download
memory/3880-449-0x00007FF62A070000-0x00007FF62A461000-memory.dmp

Filesize
3.9MB

Download
memory/3880-2093-0x00007FF62A070000-0x00007FF62A461000-memory.dmp

Filesize
3.9MB

Download
memory/3988-2031-0x00007FF7AB570000-0x00007FF7AB961000-memory.dmp

Filesize
3.9MB

Download
memory/3988-52-0x00007FF7AB570000-0x00007FF7AB961000-memory.dmp

Filesize
3.9MB

Download
memory/4228-2085-0x00007FF620350000-0x00007FF620741000-memory.dmp

Filesize
3.9MB

Download
memory/4228-442-0x00007FF620350000-0x00007FF620741000-memory.dmp

Filesize
3.9MB

Download
memory/4284-2078-0x00007FF76BE90000-0x00007FF76C281000-memory.dmp

Filesize
3.9MB

Download
memory/4284-437-0x00007FF76BE90000-0x00007FF76C281000-memory.dmp

Filesize
3.9MB

Download
memory/4348-431-0x00007FF6C7DF0000-0x00007FF6C81E1000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2070-0x00007FF6C7DF0000-0x00007FF6C81E1000-memory.dmp

Filesize
3.9MB

Download
memory/4412-2027-0x00007FF6A76B0000-0x00007FF6A7AA1000-memory.dmp

Filesize
3.9MB

Download
memory/4412-46-0x00007FF6A76B0000-0x00007FF6A7AA1000-memory.dmp

Filesize
3.9MB

Download
memory/4448-2021-0x00007FF6A0520000-0x00007FF6A0911000-memory.dmp

Filesize
3.9MB

Download
memory/4448-15-0x00007FF6A0520000-0x00007FF6A0911000-memory.dmp

Filesize
3.9MB

Download
memory/4608-2083-0x00007FF750040000-0x00007FF750431000-memory.dmp

Filesize
3.9MB

Download
memory/4608-439-0x00007FF750040000-0x00007FF750431000-memory.dmp

Filesize
3.9MB

Download
memory/4692-1979-0x00007FF6DDAB0000-0x00007FF6DDEA1000-memory.dmp

Filesize
3.9MB

Download
memory/4692-47-0x00007FF6DDAB0000-0x00007FF6DDEA1000-memory.dmp

Filesize
3.9MB

Download
memory/4692-2187-0x00007FF6DDAB0000-0x00007FF6DDEA1000-memory.dmp

Filesize
3.9MB

Download
memory/4976-2087-0x00007FF632930000-0x00007FF632D21000-memory.dmp

Filesize
3.9MB

Download
memory/4976-452-0x00007FF632930000-0x00007FF632D21000-memory.dmp

Filesize
3.9MB

Download
memory/5004-54-0x00007FF6CED70000-0x00007FF6CF161000-memory.dmp

Filesize
3.9MB

Download
memory/5004-2037-0x00007FF6CED70000-0x00007FF6CF161000-memory.dmp

Filesize
3.9MB

Download
memory/5004-2012-0x00007FF6CED70000-0x00007FF6CF161000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads