xmrig | 8170e14dc46a09ba35f5d3ec4a0084d4de638f1c90f9422e580b1bbd68d8c76c

Analysis

max time kernel
101s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bee36e57943f0a75cb97381f3ad9f470N.exe
Size

1.6MB
MD5

bee36e57943f0a75cb97381f3ad9f470
SHA1

d0b6c44784772b8158ab5be8ad0581f486606b14
SHA256

8170e14dc46a09ba35f5d3ec4a0084d4de638f1c90f9422e580b1bbd68d8c76c
SHA512

2c1fd186149f18fe7bfbf0d2111157f19374e122d7f7ce5952437b44f06f838ed7ffb4cc027b88a525951b188c1c5bf53f46b97c62e86e1150e1963ad9d6dba0
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XCej4qDQidfgq+AUwbJS5vXnPmGoP7L1:knw9oUUEEDlGUrMTUNXnc

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3028-32-0x00007FF6AA6E0000-0x00007FF6AAAD1000-memory.dmp	xmrig
behavioral2/memory/3176-64-0x00007FF67A080000-0x00007FF67A471000-memory.dmp	xmrig
behavioral2/memory/1920-67-0x00007FF61C6C0000-0x00007FF61CAB1000-memory.dmp	xmrig
behavioral2/memory/1576-61-0x00007FF60EC10000-0x00007FF60F001000-memory.dmp	xmrig
behavioral2/memory/4908-47-0x00007FF7517B0000-0x00007FF751BA1000-memory.dmp	xmrig
behavioral2/memory/4820-44-0x00007FF6413A0000-0x00007FF641791000-memory.dmp	xmrig
behavioral2/memory/2284-42-0x00007FF6579C0000-0x00007FF657DB1000-memory.dmp	xmrig
behavioral2/memory/4380-421-0x00007FF6DB3C0000-0x00007FF6DB7B1000-memory.dmp	xmrig
behavioral2/memory/1828-422-0x00007FF7D7260000-0x00007FF7D7651000-memory.dmp	xmrig
behavioral2/memory/4680-423-0x00007FF6F7380000-0x00007FF6F7771000-memory.dmp	xmrig
behavioral2/memory/4384-425-0x00007FF7E7250000-0x00007FF7E7641000-memory.dmp	xmrig
behavioral2/memory/3092-424-0x00007FF7D61C0000-0x00007FF7D65B1000-memory.dmp	xmrig
behavioral2/memory/4796-426-0x00007FF6D1E50000-0x00007FF6D2241000-memory.dmp	xmrig
behavioral2/memory/3992-427-0x00007FF713590000-0x00007FF713981000-memory.dmp	xmrig
behavioral2/memory/3304-428-0x00007FF602BA0000-0x00007FF602F91000-memory.dmp	xmrig
behavioral2/memory/2376-429-0x00007FF72D540000-0x00007FF72D931000-memory.dmp	xmrig
behavioral2/memory/2488-449-0x00007FF6237C0000-0x00007FF623BB1000-memory.dmp	xmrig
behavioral2/memory/3080-445-0x00007FF6075D0000-0x00007FF6079C1000-memory.dmp	xmrig
behavioral2/memory/2584-438-0x00007FF631FE0000-0x00007FF6323D1000-memory.dmp	xmrig
behavioral2/memory/3376-441-0x00007FF6B7D50000-0x00007FF6B8141000-memory.dmp	xmrig
behavioral2/memory/3456-433-0x00007FF7665E0000-0x00007FF7669D1000-memory.dmp	xmrig
behavioral2/memory/2828-1117-0x00007FF7F05D0000-0x00007FF7F09C1000-memory.dmp	xmrig
behavioral2/memory/2272-1121-0x00007FF7D7A70000-0x00007FF7D7E61000-memory.dmp	xmrig
behavioral2/memory/2740-1253-0x00007FF70A250000-0x00007FF70A641000-memory.dmp	xmrig
behavioral2/memory/4380-1553-0x00007FF6DB3C0000-0x00007FF6DB7B1000-memory.dmp	xmrig
behavioral2/memory/4620-1548-0x00007FF6372F0000-0x00007FF6376E1000-memory.dmp	xmrig
behavioral2/memory/2272-2162-0x00007FF7D7A70000-0x00007FF7D7E61000-memory.dmp	xmrig
behavioral2/memory/3028-2166-0x00007FF6AA6E0000-0x00007FF6AAAD1000-memory.dmp	xmrig
behavioral2/memory/2284-2168-0x00007FF6579C0000-0x00007FF657DB1000-memory.dmp	xmrig
behavioral2/memory/2740-2164-0x00007FF70A250000-0x00007FF70A641000-memory.dmp	xmrig
behavioral2/memory/1576-2175-0x00007FF60EC10000-0x00007FF60F001000-memory.dmp	xmrig
behavioral2/memory/4820-2173-0x00007FF6413A0000-0x00007FF641791000-memory.dmp	xmrig
behavioral2/memory/1920-2171-0x00007FF61C6C0000-0x00007FF61CAB1000-memory.dmp	xmrig
behavioral2/memory/2488-2184-0x00007FF6237C0000-0x00007FF623BB1000-memory.dmp	xmrig
behavioral2/memory/4620-2182-0x00007FF6372F0000-0x00007FF6376E1000-memory.dmp	xmrig
behavioral2/memory/4380-2180-0x00007FF6DB3C0000-0x00007FF6DB7B1000-memory.dmp	xmrig
behavioral2/memory/1828-2178-0x00007FF7D7260000-0x00007FF7D7651000-memory.dmp	xmrig
behavioral2/memory/2376-2219-0x00007FF72D540000-0x00007FF72D931000-memory.dmp	xmrig
behavioral2/memory/4384-2221-0x00007FF7E7250000-0x00007FF7E7641000-memory.dmp	xmrig
behavioral2/memory/3456-2233-0x00007FF7665E0000-0x00007FF7669D1000-memory.dmp	xmrig
behavioral2/memory/3080-2236-0x00007FF6075D0000-0x00007FF6079C1000-memory.dmp	xmrig
behavioral2/memory/4796-2231-0x00007FF6D1E50000-0x00007FF6D2241000-memory.dmp	xmrig
behavioral2/memory/3992-2229-0x00007FF713590000-0x00007FF713981000-memory.dmp	xmrig
behavioral2/memory/2584-2227-0x00007FF631FE0000-0x00007FF6323D1000-memory.dmp	xmrig
behavioral2/memory/3376-2225-0x00007FF6B7D50000-0x00007FF6B8141000-memory.dmp	xmrig
behavioral2/memory/3304-2223-0x00007FF602BA0000-0x00007FF602F91000-memory.dmp	xmrig
behavioral2/memory/4680-2217-0x00007FF6F7380000-0x00007FF6F7771000-memory.dmp	xmrig
behavioral2/memory/3092-2187-0x00007FF7D61C0000-0x00007FF7D65B1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2272	CsqzlXG.exe
2740	VRKDAsg.exe
4908	uRZyTum.exe
3028	wyEiiIu.exe
2284	qtVpJfd.exe
4820	qWUcYkI.exe
1576	liHcDxY.exe
1920	qPdXrjJ.exe
3176	gNpkmlL.exe
4620	daPqpxO.exe
4380	SIrrJvR.exe
1828	epwyKFs.exe
2488	xPCVtBw.exe
4680	wNYGjsc.exe
3092	nIlNliG.exe
4384	SKuIAUw.exe
4796	HNvWlul.exe
3992	mlhGWwu.exe
3304	FcBAZPQ.exe
2376	HACyRrB.exe
3456	tGOThtB.exe
2584	xQnlmPh.exe
3376	lRfdhuv.exe
3080	kGRwgdt.exe
4108	tbpRCQl.exe
2304	KOttQrg.exe
1672	NMLyOwH.exe
3096	MDcPatY.exe
4860	zNegUwP.exe
4156	eNqIcpU.exe
2632	HwJbqYy.exe
4244	AqouaOl.exe
3616	sdhazUY.exe
752	fMwNOZx.exe
1600	NZnNTXB.exe
3020	NFYxMVr.exe
1648	scpHDzd.exe
3748	urmXdNW.exe
4636	MxNpPHw.exe
5080	yGOieQP.exe
2508	qTHskTC.exe
4980	UZNFFEi.exe
5092	zBaRemh.exe
2836	PVkoozb.exe
4916	TgEQJag.exe
1344	GeqQNYT.exe
3428	ZusdDKr.exe
4456	bTSTvZA.exe
3056	eIrsBYi.exe
3736	VcyYFhE.exe
3928	eRmzWYR.exe
5052	fGvEFqS.exe
3232	NcDzyYH.exe
3156	alKeIoK.exe
208	QaxdJlx.exe
3068	ZFBWdqo.exe
4512	xNEOWdf.exe
3964	OkWCWYZ.exe
2900	tnCvlRN.exe
2260	PDJVtyW.exe
1480	OvPbloA.exe
3516	vrfBtNF.exe
2832	aPJsekW.exe
4900	QGEUbVL.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2828-0-0x00007FF7F05D0000-0x00007FF7F09C1000-memory.dmp	upx
behavioral2/memory/2272-8-0x00007FF7D7A70000-0x00007FF7D7E61000-memory.dmp	upx
behavioral2/files/0x000700000002344d-18.dat	upx
behavioral2/files/0x0007000000023450-24.dat	upx
behavioral2/memory/3028-32-0x00007FF6AA6E0000-0x00007FF6AAAD1000-memory.dmp	upx
behavioral2/files/0x0007000000023452-50.dat	upx
behavioral2/files/0x0007000000023455-59.dat	upx
behavioral2/memory/3176-64-0x00007FF67A080000-0x00007FF67A471000-memory.dmp	upx
behavioral2/memory/1920-67-0x00007FF61C6C0000-0x00007FF61CAB1000-memory.dmp	upx
behavioral2/files/0x0007000000023459-89.dat	upx
behavioral2/files/0x000700000002345a-94.dat	upx
behavioral2/files/0x000700000002345c-104.dat	upx
behavioral2/files/0x000700000002345e-114.dat	upx
behavioral2/files/0x0007000000023461-122.dat	upx
behavioral2/files/0x0007000000023468-164.dat	upx
behavioral2/files/0x000700000002346b-172.dat	upx
behavioral2/files/0x0007000000023469-169.dat	upx
behavioral2/files/0x000700000002346a-167.dat	upx
behavioral2/files/0x0007000000023467-159.dat	upx
behavioral2/files/0x0007000000023466-154.dat	upx
behavioral2/files/0x0007000000023465-149.dat	upx
behavioral2/files/0x0007000000023464-144.dat	upx
behavioral2/files/0x0007000000023463-139.dat	upx
behavioral2/files/0x0007000000023462-134.dat	upx
behavioral2/files/0x0007000000023460-124.dat	upx
behavioral2/files/0x000700000002345f-119.dat	upx
behavioral2/files/0x000700000002345d-109.dat	upx
behavioral2/files/0x000700000002345b-98.dat	upx
behavioral2/files/0x0007000000023458-84.dat	upx
behavioral2/files/0x0007000000023457-76.dat	upx
behavioral2/files/0x0007000000023454-73.dat	upx
behavioral2/files/0x0007000000023456-72.dat	upx
behavioral2/memory/4620-66-0x00007FF6372F0000-0x00007FF6376E1000-memory.dmp	upx
behavioral2/memory/1576-61-0x00007FF60EC10000-0x00007FF60F001000-memory.dmp	upx
behavioral2/files/0x0007000000023453-54.dat	upx
behavioral2/memory/4908-47-0x00007FF7517B0000-0x00007FF751BA1000-memory.dmp	upx
behavioral2/memory/4820-44-0x00007FF6413A0000-0x00007FF641791000-memory.dmp	upx
behavioral2/memory/2284-42-0x00007FF6579C0000-0x00007FF657DB1000-memory.dmp	upx
behavioral2/files/0x0007000000023451-41.dat	upx
behavioral2/files/0x000700000002344f-28.dat	upx
behavioral2/files/0x000700000002344e-27.dat	upx
behavioral2/memory/2740-23-0x00007FF70A250000-0x00007FF70A641000-memory.dmp	upx
behavioral2/files/0x000700000002344c-21.dat	upx
behavioral2/files/0x0008000000023448-10.dat	upx
behavioral2/memory/4380-421-0x00007FF6DB3C0000-0x00007FF6DB7B1000-memory.dmp	upx
behavioral2/memory/1828-422-0x00007FF7D7260000-0x00007FF7D7651000-memory.dmp	upx
behavioral2/memory/4680-423-0x00007FF6F7380000-0x00007FF6F7771000-memory.dmp	upx
behavioral2/memory/4384-425-0x00007FF7E7250000-0x00007FF7E7641000-memory.dmp	upx
behavioral2/memory/3092-424-0x00007FF7D61C0000-0x00007FF7D65B1000-memory.dmp	upx
behavioral2/memory/4796-426-0x00007FF6D1E50000-0x00007FF6D2241000-memory.dmp	upx
behavioral2/memory/3992-427-0x00007FF713590000-0x00007FF713981000-memory.dmp	upx
behavioral2/memory/3304-428-0x00007FF602BA0000-0x00007FF602F91000-memory.dmp	upx
behavioral2/memory/2376-429-0x00007FF72D540000-0x00007FF72D931000-memory.dmp	upx
behavioral2/memory/2488-449-0x00007FF6237C0000-0x00007FF623BB1000-memory.dmp	upx
behavioral2/memory/3080-445-0x00007FF6075D0000-0x00007FF6079C1000-memory.dmp	upx
behavioral2/memory/2584-438-0x00007FF631FE0000-0x00007FF6323D1000-memory.dmp	upx
behavioral2/memory/3376-441-0x00007FF6B7D50000-0x00007FF6B8141000-memory.dmp	upx
behavioral2/memory/3456-433-0x00007FF7665E0000-0x00007FF7669D1000-memory.dmp	upx
behavioral2/memory/2828-1117-0x00007FF7F05D0000-0x00007FF7F09C1000-memory.dmp	upx
behavioral2/memory/2272-1121-0x00007FF7D7A70000-0x00007FF7D7E61000-memory.dmp	upx
behavioral2/memory/2740-1253-0x00007FF70A250000-0x00007FF70A641000-memory.dmp	upx
behavioral2/memory/4380-1553-0x00007FF6DB3C0000-0x00007FF6DB7B1000-memory.dmp	upx
behavioral2/memory/4620-1548-0x00007FF6372F0000-0x00007FF6376E1000-memory.dmp	upx
behavioral2/memory/2272-2162-0x00007FF7D7A70000-0x00007FF7D7E61000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\daPqpxO.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\bTSTvZA.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\erwnGjw.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\DTtNYSu.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\fnhOjdX.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\DfzCWWL.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\XKChFOD.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\WbTnzlW.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\FtdfXag.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\PqvHkrZ.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\NvGOuUM.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\lqAvhgb.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\hlKFpEH.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\xkGAuKk.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\drsMxLK.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\VQDbZLn.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\RfQDGKa.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\rSXOGaF.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\TkJfsSK.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\NzkfmWk.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\ReGfqeu.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\OTInlxb.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\spSACPI.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\hVjoOvU.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\zHNrYlw.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\OgpUlxe.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\ljEUYPk.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\enXDYkx.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\JRtBJMq.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\FJlzMhr.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\FtEdpMs.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\ExXpFQJ.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\YIPmPmO.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\LxBguvM.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\cPnINGZ.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\NYhtciG.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\nYubLFw.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\nxUnzIn.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\QORCxcv.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\BokJTPe.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\qnMbydD.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\JUzDBIi.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\fGvEFqS.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\aAsvcyu.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\hlzmaVV.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\ZtbIMwK.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\NghmAKm.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\FgjACAM.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\RAdFmXr.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\Yevcswk.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\KQmNdTR.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\OQpXuCt.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\ukWBwnT.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\iAeoZgm.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\oRgDBHi.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\OMGdKbl.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\CsqzlXG.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\mlhGWwu.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\yAmDYqB.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\jrIbvBM.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\lpiROfZ.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\ImiMHqk.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\yTBKxKo.exe	bee36e57943f0a75cb97381f3ad9f470N.exe
File created	C:\Windows\System32\RRyPrFp.exe	bee36e57943f0a75cb97381f3ad9f470N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14076	dwm.exe
Token: SeChangeNotifyPrivilege	14076	dwm.exe
Token: 33	14076	dwm.exe
Token: SeIncBasePriorityPrivilege	14076	dwm.exe
Token: SeShutdownPrivilege	14076	dwm.exe
Token: SeCreatePagefilePrivilege	14076	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2272	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	85
PID 2828 wrote to memory of 2272	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	85
PID 2828 wrote to memory of 2740	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	86
PID 2828 wrote to memory of 2740	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	86
PID 2828 wrote to memory of 4908	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	87
PID 2828 wrote to memory of 4908	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	87
PID 2828 wrote to memory of 3028	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	88
PID 2828 wrote to memory of 3028	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	88
PID 2828 wrote to memory of 2284	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	89
PID 2828 wrote to memory of 2284	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	89
PID 2828 wrote to memory of 4820	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	90
PID 2828 wrote to memory of 4820	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	90
PID 2828 wrote to memory of 1576	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	91
PID 2828 wrote to memory of 1576	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	91
PID 2828 wrote to memory of 1920	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	92
PID 2828 wrote to memory of 1920	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	92
PID 2828 wrote to memory of 3176	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	93
PID 2828 wrote to memory of 3176	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	93
PID 2828 wrote to memory of 4620	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	94
PID 2828 wrote to memory of 4620	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	94
PID 2828 wrote to memory of 4380	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	95
PID 2828 wrote to memory of 4380	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	95
PID 2828 wrote to memory of 1828	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	96
PID 2828 wrote to memory of 1828	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	96
PID 2828 wrote to memory of 2488	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	97
PID 2828 wrote to memory of 2488	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	97
PID 2828 wrote to memory of 4680	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	98
PID 2828 wrote to memory of 4680	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	98
PID 2828 wrote to memory of 3092	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	99
PID 2828 wrote to memory of 3092	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	99
PID 2828 wrote to memory of 4384	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	100
PID 2828 wrote to memory of 4384	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	100
PID 2828 wrote to memory of 4796	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	101
PID 2828 wrote to memory of 4796	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	101
PID 2828 wrote to memory of 3992	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	102
PID 2828 wrote to memory of 3992	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	102
PID 2828 wrote to memory of 3304	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	103
PID 2828 wrote to memory of 3304	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	103
PID 2828 wrote to memory of 2376	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	104
PID 2828 wrote to memory of 2376	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	104
PID 2828 wrote to memory of 3456	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	105
PID 2828 wrote to memory of 3456	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	105
PID 2828 wrote to memory of 2584	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	106
PID 2828 wrote to memory of 2584	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	106
PID 2828 wrote to memory of 3376	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	107
PID 2828 wrote to memory of 3376	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	107
PID 2828 wrote to memory of 3080	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	108
PID 2828 wrote to memory of 3080	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	108
PID 2828 wrote to memory of 4108	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	109
PID 2828 wrote to memory of 4108	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	109
PID 2828 wrote to memory of 2304	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	110
PID 2828 wrote to memory of 2304	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	110
PID 2828 wrote to memory of 1672	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	111
PID 2828 wrote to memory of 1672	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	111
PID 2828 wrote to memory of 3096	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	112
PID 2828 wrote to memory of 3096	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	112
PID 2828 wrote to memory of 4860	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	113
PID 2828 wrote to memory of 4860	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	113
PID 2828 wrote to memory of 4156	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	114
PID 2828 wrote to memory of 4156	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	114
PID 2828 wrote to memory of 2632	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	115
PID 2828 wrote to memory of 2632	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	115
PID 2828 wrote to memory of 4244	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	116
PID 2828 wrote to memory of 4244	2828	bee36e57943f0a75cb97381f3ad9f470N.exe	116

C:\Users\Admin\AppData\Local\Temp\bee36e57943f0a75cb97381f3ad9f470N.exe
"C:\Users\Admin\AppData\Local\Temp\bee36e57943f0a75cb97381f3ad9f470N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\System32\CsqzlXG.exe
  C:\Windows\System32\CsqzlXG.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System32\VRKDAsg.exe
  C:\Windows\System32\VRKDAsg.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System32\uRZyTum.exe
  C:\Windows\System32\uRZyTum.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System32\wyEiiIu.exe
  C:\Windows\System32\wyEiiIu.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System32\qtVpJfd.exe
  C:\Windows\System32\qtVpJfd.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System32\qWUcYkI.exe
  C:\Windows\System32\qWUcYkI.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System32\liHcDxY.exe
  C:\Windows\System32\liHcDxY.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System32\qPdXrjJ.exe
  C:\Windows\System32\qPdXrjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System32\gNpkmlL.exe
  C:\Windows\System32\gNpkmlL.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System32\daPqpxO.exe
  C:\Windows\System32\daPqpxO.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System32\SIrrJvR.exe
  C:\Windows\System32\SIrrJvR.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System32\epwyKFs.exe
  C:\Windows\System32\epwyKFs.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System32\xPCVtBw.exe
  C:\Windows\System32\xPCVtBw.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System32\wNYGjsc.exe
  C:\Windows\System32\wNYGjsc.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System32\nIlNliG.exe
  C:\Windows\System32\nIlNliG.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System32\SKuIAUw.exe
  C:\Windows\System32\SKuIAUw.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System32\HNvWlul.exe
  C:\Windows\System32\HNvWlul.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System32\mlhGWwu.exe
  C:\Windows\System32\mlhGWwu.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System32\FcBAZPQ.exe
  C:\Windows\System32\FcBAZPQ.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System32\HACyRrB.exe
  C:\Windows\System32\HACyRrB.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System32\tGOThtB.exe
  C:\Windows\System32\tGOThtB.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System32\xQnlmPh.exe
  C:\Windows\System32\xQnlmPh.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System32\lRfdhuv.exe
  C:\Windows\System32\lRfdhuv.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System32\kGRwgdt.exe
  C:\Windows\System32\kGRwgdt.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System32\tbpRCQl.exe
  C:\Windows\System32\tbpRCQl.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System32\KOttQrg.exe
  C:\Windows\System32\KOttQrg.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System32\NMLyOwH.exe
  C:\Windows\System32\NMLyOwH.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System32\MDcPatY.exe
  C:\Windows\System32\MDcPatY.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System32\zNegUwP.exe
  C:\Windows\System32\zNegUwP.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System32\eNqIcpU.exe
  C:\Windows\System32\eNqIcpU.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System32\HwJbqYy.exe
  C:\Windows\System32\HwJbqYy.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System32\AqouaOl.exe
  C:\Windows\System32\AqouaOl.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System32\sdhazUY.exe
  C:\Windows\System32\sdhazUY.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System32\fMwNOZx.exe
  C:\Windows\System32\fMwNOZx.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System32\NZnNTXB.exe
  C:\Windows\System32\NZnNTXB.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System32\NFYxMVr.exe
  C:\Windows\System32\NFYxMVr.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System32\scpHDzd.exe
  C:\Windows\System32\scpHDzd.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System32\urmXdNW.exe
  C:\Windows\System32\urmXdNW.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System32\MxNpPHw.exe
  C:\Windows\System32\MxNpPHw.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System32\yGOieQP.exe
  C:\Windows\System32\yGOieQP.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System32\qTHskTC.exe
  C:\Windows\System32\qTHskTC.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System32\UZNFFEi.exe
  C:\Windows\System32\UZNFFEi.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System32\zBaRemh.exe
  C:\Windows\System32\zBaRemh.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System32\PVkoozb.exe
  C:\Windows\System32\PVkoozb.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System32\TgEQJag.exe
  C:\Windows\System32\TgEQJag.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System32\GeqQNYT.exe
  C:\Windows\System32\GeqQNYT.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System32\ZusdDKr.exe
  C:\Windows\System32\ZusdDKr.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System32\bTSTvZA.exe
  C:\Windows\System32\bTSTvZA.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System32\eIrsBYi.exe
  C:\Windows\System32\eIrsBYi.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System32\VcyYFhE.exe
  C:\Windows\System32\VcyYFhE.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System32\eRmzWYR.exe
  C:\Windows\System32\eRmzWYR.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System32\fGvEFqS.exe
  C:\Windows\System32\fGvEFqS.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System32\NcDzyYH.exe
  C:\Windows\System32\NcDzyYH.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System32\alKeIoK.exe
  C:\Windows\System32\alKeIoK.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System32\QaxdJlx.exe
  C:\Windows\System32\QaxdJlx.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System32\ZFBWdqo.exe
  C:\Windows\System32\ZFBWdqo.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System32\xNEOWdf.exe
  C:\Windows\System32\xNEOWdf.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System32\OkWCWYZ.exe
  C:\Windows\System32\OkWCWYZ.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System32\tnCvlRN.exe
  C:\Windows\System32\tnCvlRN.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System32\PDJVtyW.exe
  C:\Windows\System32\PDJVtyW.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System32\OvPbloA.exe
  C:\Windows\System32\OvPbloA.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System32\vrfBtNF.exe
  C:\Windows\System32\vrfBtNF.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System32\aPJsekW.exe
  C:\Windows\System32\aPJsekW.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System32\QGEUbVL.exe
  C:\Windows\System32\QGEUbVL.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System32\tiHbxQJ.exe
  C:\Windows\System32\tiHbxQJ.exe
  2⤵
  PID:1924
- C:\Windows\System32\BVNsjix.exe
  C:\Windows\System32\BVNsjix.exe
  2⤵
  PID:4740
- C:\Windows\System32\erwnGjw.exe
  C:\Windows\System32\erwnGjw.exe
  2⤵
  PID:1216
- C:\Windows\System32\aLeZaEX.exe
  C:\Windows\System32\aLeZaEX.exe
  2⤵
  PID:3808
- C:\Windows\System32\gDvjHKK.exe
  C:\Windows\System32\gDvjHKK.exe
  2⤵
  PID:556
- C:\Windows\System32\SqeHILq.exe
  C:\Windows\System32\SqeHILq.exe
  2⤵
  PID:3000
- C:\Windows\System32\uzdjdFV.exe
  C:\Windows\System32\uzdjdFV.exe
  2⤵
  PID:4348
- C:\Windows\System32\kMkKIcp.exe
  C:\Windows\System32\kMkKIcp.exe
  2⤵
  PID:4572
- C:\Windows\System32\sJNijTA.exe
  C:\Windows\System32\sJNijTA.exe
  2⤵
  PID:3452
- C:\Windows\System32\KrKdJPy.exe
  C:\Windows\System32\KrKdJPy.exe
  2⤵
  PID:1060
- C:\Windows\System32\kGTyOxv.exe
  C:\Windows\System32\kGTyOxv.exe
  2⤵
  PID:2068
- C:\Windows\System32\WYhOwqP.exe
  C:\Windows\System32\WYhOwqP.exe
  2⤵
  PID:512
- C:\Windows\System32\UctAtgM.exe
  C:\Windows\System32\UctAtgM.exe
  2⤵
  PID:3728
- C:\Windows\System32\giPxYXS.exe
  C:\Windows\System32\giPxYXS.exe
  2⤵
  PID:4944
- C:\Windows\System32\LRzbuVO.exe
  C:\Windows\System32\LRzbuVO.exe
  2⤵
  PID:4784
- C:\Windows\System32\YuVvuer.exe
  C:\Windows\System32\YuVvuer.exe
  2⤵
  PID:3216
- C:\Windows\System32\rDnxWVo.exe
  C:\Windows\System32\rDnxWVo.exe
  2⤵
  PID:744
- C:\Windows\System32\CHrUyLD.exe
  C:\Windows\System32\CHrUyLD.exe
  2⤵
  PID:1964
- C:\Windows\System32\DytQiww.exe
  C:\Windows\System32\DytQiww.exe
  2⤵
  PID:3760
- C:\Windows\System32\LwFBrEE.exe
  C:\Windows\System32\LwFBrEE.exe
  2⤵
  PID:2592
- C:\Windows\System32\mNbITsF.exe
  C:\Windows\System32\mNbITsF.exe
  2⤵
  PID:232
- C:\Windows\System32\NAEPDUv.exe
  C:\Windows\System32\NAEPDUv.exe
  2⤵
  PID:2392
- C:\Windows\System32\fPNAhGS.exe
  C:\Windows\System32\fPNAhGS.exe
  2⤵
  PID:4548
- C:\Windows\System32\OtwQOja.exe
  C:\Windows\System32\OtwQOja.exe
  2⤵
  PID:4104
- C:\Windows\System32\aAsvcyu.exe
  C:\Windows\System32\aAsvcyu.exe
  2⤵
  PID:5140
- C:\Windows\System32\UXgmWbF.exe
  C:\Windows\System32\UXgmWbF.exe
  2⤵
  PID:5172
- C:\Windows\System32\pmkoJIP.exe
  C:\Windows\System32\pmkoJIP.exe
  2⤵
  PID:5196
- C:\Windows\System32\yTBKxKo.exe
  C:\Windows\System32\yTBKxKo.exe
  2⤵
  PID:5224
- C:\Windows\System32\LBJMYPj.exe
  C:\Windows\System32\LBJMYPj.exe
  2⤵
  PID:5252
- C:\Windows\System32\yXpPJvL.exe
  C:\Windows\System32\yXpPJvL.exe
  2⤵
  PID:5284
- C:\Windows\System32\TmmrQaJ.exe
  C:\Windows\System32\TmmrQaJ.exe
  2⤵
  PID:5324
- C:\Windows\System32\vjmRncP.exe
  C:\Windows\System32\vjmRncP.exe
  2⤵
  PID:5340
- C:\Windows\System32\hlzmaVV.exe
  C:\Windows\System32\hlzmaVV.exe
  2⤵
  PID:5368
- C:\Windows\System32\WrcGhPw.exe
  C:\Windows\System32\WrcGhPw.exe
  2⤵
  PID:5392
- C:\Windows\System32\LGPKVxy.exe
  C:\Windows\System32\LGPKVxy.exe
  2⤵
  PID:5420
- C:\Windows\System32\RRyPrFp.exe
  C:\Windows\System32\RRyPrFp.exe
  2⤵
  PID:5452
- C:\Windows\System32\vfbquNS.exe
  C:\Windows\System32\vfbquNS.exe
  2⤵
  PID:5480
- C:\Windows\System32\QFcpMfZ.exe
  C:\Windows\System32\QFcpMfZ.exe
  2⤵
  PID:5508
- C:\Windows\System32\RQeRiRx.exe
  C:\Windows\System32\RQeRiRx.exe
  2⤵
  PID:5532
- C:\Windows\System32\biqMTRp.exe
  C:\Windows\System32\biqMTRp.exe
  2⤵
  PID:5564
- C:\Windows\System32\eHNPueN.exe
  C:\Windows\System32\eHNPueN.exe
  2⤵
  PID:5600
- C:\Windows\System32\pofmjIG.exe
  C:\Windows\System32\pofmjIG.exe
  2⤵
  PID:5620
- C:\Windows\System32\iBKGhSc.exe
  C:\Windows\System32\iBKGhSc.exe
  2⤵
  PID:5644
- C:\Windows\System32\XBPlvit.exe
  C:\Windows\System32\XBPlvit.exe
  2⤵
  PID:5676
- C:\Windows\System32\FJlzMhr.exe
  C:\Windows\System32\FJlzMhr.exe
  2⤵
  PID:5700
- C:\Windows\System32\CnbpqkU.exe
  C:\Windows\System32\CnbpqkU.exe
  2⤵
  PID:5728
- C:\Windows\System32\eOiVjhl.exe
  C:\Windows\System32\eOiVjhl.exe
  2⤵
  PID:5756
- C:\Windows\System32\mossGNH.exe
  C:\Windows\System32\mossGNH.exe
  2⤵
  PID:5788
- C:\Windows\System32\kgAqYTj.exe
  C:\Windows\System32\kgAqYTj.exe
  2⤵
  PID:5816
- C:\Windows\System32\oGxWdEH.exe
  C:\Windows\System32\oGxWdEH.exe
  2⤵
  PID:5844
- C:\Windows\System32\vHUcneH.exe
  C:\Windows\System32\vHUcneH.exe
  2⤵
  PID:5872
- C:\Windows\System32\xYOvWuq.exe
  C:\Windows\System32\xYOvWuq.exe
  2⤵
  PID:5892
- C:\Windows\System32\cxHbRWQ.exe
  C:\Windows\System32\cxHbRWQ.exe
  2⤵
  PID:6000
- C:\Windows\System32\EUmTPVh.exe
  C:\Windows\System32\EUmTPVh.exe
  2⤵
  PID:6040
- C:\Windows\System32\GlxUaqC.exe
  C:\Windows\System32\GlxUaqC.exe
  2⤵
  PID:6064
- C:\Windows\System32\vQVCTUH.exe
  C:\Windows\System32\vQVCTUH.exe
  2⤵
  PID:6112
- C:\Windows\System32\emqsJAr.exe
  C:\Windows\System32\emqsJAr.exe
  2⤵
  PID:6132
- C:\Windows\System32\tSQFWrv.exe
  C:\Windows\System32\tSQFWrv.exe
  2⤵
  PID:5112
- C:\Windows\System32\NvGOuUM.exe
  C:\Windows\System32\NvGOuUM.exe
  2⤵
  PID:1796
- C:\Windows\System32\wwNlCAd.exe
  C:\Windows\System32\wwNlCAd.exe
  2⤵
  PID:4976
- C:\Windows\System32\lqAvhgb.exe
  C:\Windows\System32\lqAvhgb.exe
  2⤵
  PID:5128
- C:\Windows\System32\PVYdAVa.exe
  C:\Windows\System32\PVYdAVa.exe
  2⤵
  PID:3464
- C:\Windows\System32\PXarTSH.exe
  C:\Windows\System32\PXarTSH.exe
  2⤵
  PID:5240
- C:\Windows\System32\rhVRObx.exe
  C:\Windows\System32\rhVRObx.exe
  2⤵
  PID:5316
- C:\Windows\System32\oYtqOQs.exe
  C:\Windows\System32\oYtqOQs.exe
  2⤵
  PID:5400
- C:\Windows\System32\vIlteIq.exe
  C:\Windows\System32\vIlteIq.exe
  2⤵
  PID:5436
- C:\Windows\System32\DTtNYSu.exe
  C:\Windows\System32\DTtNYSu.exe
  2⤵
  PID:5488
- C:\Windows\System32\nxUnzIn.exe
  C:\Windows\System32\nxUnzIn.exe
  2⤵
  PID:5520
- C:\Windows\System32\wrQRRik.exe
  C:\Windows\System32\wrQRRik.exe
  2⤵
  PID:5528
- C:\Windows\System32\pfEUmYf.exe
  C:\Windows\System32\pfEUmYf.exe
  2⤵
  PID:5584
- C:\Windows\System32\KaMbaVm.exe
  C:\Windows\System32\KaMbaVm.exe
  2⤵
  PID:5616
- C:\Windows\System32\oQxREVO.exe
  C:\Windows\System32\oQxREVO.exe
  2⤵
  PID:5632
- C:\Windows\System32\QORCxcv.exe
  C:\Windows\System32\QORCxcv.exe
  2⤵
  PID:5688
- C:\Windows\System32\ZDbASqC.exe
  C:\Windows\System32\ZDbASqC.exe
  2⤵
  PID:5716
- C:\Windows\System32\vwCimDy.exe
  C:\Windows\System32\vwCimDy.exe
  2⤵
  PID:5736
- C:\Windows\System32\ekrgISl.exe
  C:\Windows\System32\ekrgISl.exe
  2⤵
  PID:5764
- C:\Windows\System32\SkfKQDB.exe
  C:\Windows\System32\SkfKQDB.exe
  2⤵
  PID:5800
- C:\Windows\System32\XwryOQG.exe
  C:\Windows\System32\XwryOQG.exe
  2⤵
  PID:5828
- C:\Windows\System32\igWvSAU.exe
  C:\Windows\System32\igWvSAU.exe
  2⤵
  PID:5852
- C:\Windows\System32\pIDhnqX.exe
  C:\Windows\System32\pIDhnqX.exe
  2⤵
  PID:4120
- C:\Windows\System32\OvwjMom.exe
  C:\Windows\System32\OvwjMom.exe
  2⤵
  PID:1204
- C:\Windows\System32\cVgGabY.exe
  C:\Windows\System32\cVgGabY.exe
  2⤵
  PID:1960
- C:\Windows\System32\LvXVjaQ.exe
  C:\Windows\System32\LvXVjaQ.exe
  2⤵
  PID:900
- C:\Windows\System32\PBsHrwZ.exe
  C:\Windows\System32\PBsHrwZ.exe
  2⤵
  PID:5924
- C:\Windows\System32\WAHmAtS.exe
  C:\Windows\System32\WAHmAtS.exe
  2⤵
  PID:2868
- C:\Windows\System32\sWhzppT.exe
  C:\Windows\System32\sWhzppT.exe
  2⤵
  PID:6060
- C:\Windows\System32\tDQgnKC.exe
  C:\Windows\System32\tDQgnKC.exe
  2⤵
  PID:6128
- C:\Windows\System32\igBsDKL.exe
  C:\Windows\System32\igBsDKL.exe
  2⤵
  PID:6072
- C:\Windows\System32\vOpGEXa.exe
  C:\Windows\System32\vOpGEXa.exe
  2⤵
  PID:5164
- C:\Windows\System32\UniPYRi.exe
  C:\Windows\System32\UniPYRi.exe
  2⤵
  PID:4124
- C:\Windows\System32\eHwBsFD.exe
  C:\Windows\System32\eHwBsFD.exe
  2⤵
  PID:5268
- C:\Windows\System32\OFTfruO.exe
  C:\Windows\System32\OFTfruO.exe
  2⤵
  PID:5348
- C:\Windows\System32\FUfLMbo.exe
  C:\Windows\System32\FUfLMbo.exe
  2⤵
  PID:5464
- C:\Windows\System32\mKAvRsg.exe
  C:\Windows\System32\mKAvRsg.exe
  2⤵
  PID:5684
- C:\Windows\System32\egIhYoY.exe
  C:\Windows\System32\egIhYoY.exe
  2⤵
  PID:2036
- C:\Windows\System32\iAeoZgm.exe
  C:\Windows\System32\iAeoZgm.exe
  2⤵
  PID:5752
- C:\Windows\System32\abFwigp.exe
  C:\Windows\System32\abFwigp.exe
  2⤵
  PID:1636
- C:\Windows\System32\WuKvUmc.exe
  C:\Windows\System32\WuKvUmc.exe
  2⤵
  PID:3436
- C:\Windows\System32\nWRwGYW.exe
  C:\Windows\System32\nWRwGYW.exe
  2⤵
  PID:4768
- C:\Windows\System32\hKoUvQe.exe
  C:\Windows\System32\hKoUvQe.exe
  2⤵
  PID:2288
- C:\Windows\System32\gpbaCgU.exe
  C:\Windows\System32\gpbaCgU.exe
  2⤵
  PID:6048
- C:\Windows\System32\hlKFpEH.exe
  C:\Windows\System32\hlKFpEH.exe
  2⤵
  PID:5992
- C:\Windows\System32\JDLHMmc.exe
  C:\Windows\System32\JDLHMmc.exe
  2⤵
  PID:5460
- C:\Windows\System32\aCpbwHl.exe
  C:\Windows\System32\aCpbwHl.exe
  2⤵
  PID:5628
- C:\Windows\System32\GFwAtFM.exe
  C:\Windows\System32\GFwAtFM.exe
  2⤵
  PID:3188
- C:\Windows\System32\ktMDpSu.exe
  C:\Windows\System32\ktMDpSu.exe
  2⤵
  PID:4444
- C:\Windows\System32\bDYADIH.exe
  C:\Windows\System32\bDYADIH.exe
  2⤵
  PID:6124
- C:\Windows\System32\fRnHLTu.exe
  C:\Windows\System32\fRnHLTu.exe
  2⤵
  PID:1324
- C:\Windows\System32\KJIdnVW.exe
  C:\Windows\System32\KJIdnVW.exe
  2⤵
  PID:5500
- C:\Windows\System32\JCJbxko.exe
  C:\Windows\System32\JCJbxko.exe
  2⤵
  PID:6164
- C:\Windows\System32\nzykxLN.exe
  C:\Windows\System32\nzykxLN.exe
  2⤵
  PID:6204
- C:\Windows\System32\zQxUJvq.exe
  C:\Windows\System32\zQxUJvq.exe
  2⤵
  PID:6232
- C:\Windows\System32\hyBXtJO.exe
  C:\Windows\System32\hyBXtJO.exe
  2⤵
  PID:6252
- C:\Windows\System32\pbXshxD.exe
  C:\Windows\System32\pbXshxD.exe
  2⤵
  PID:6296
- C:\Windows\System32\JYkIoQC.exe
  C:\Windows\System32\JYkIoQC.exe
  2⤵
  PID:6320
- C:\Windows\System32\ynKsNSc.exe
  C:\Windows\System32\ynKsNSc.exe
  2⤵
  PID:6340
- C:\Windows\System32\IhGfMBB.exe
  C:\Windows\System32\IhGfMBB.exe
  2⤵
  PID:6372
- C:\Windows\System32\RQoyBQv.exe
  C:\Windows\System32\RQoyBQv.exe
  2⤵
  PID:6420
- C:\Windows\System32\vOOGQrO.exe
  C:\Windows\System32\vOOGQrO.exe
  2⤵
  PID:6444
- C:\Windows\System32\WOQmkrq.exe
  C:\Windows\System32\WOQmkrq.exe
  2⤵
  PID:6476
- C:\Windows\System32\OJZxCPq.exe
  C:\Windows\System32\OJZxCPq.exe
  2⤵
  PID:6512
- C:\Windows\System32\xkGAuKk.exe
  C:\Windows\System32\xkGAuKk.exe
  2⤵
  PID:6540
- C:\Windows\System32\bNJZOTp.exe
  C:\Windows\System32\bNJZOTp.exe
  2⤵
  PID:6572
- C:\Windows\System32\hulAoWO.exe
  C:\Windows\System32\hulAoWO.exe
  2⤵
  PID:6596
- C:\Windows\System32\CFXWRFb.exe
  C:\Windows\System32\CFXWRFb.exe
  2⤵
  PID:6620
- C:\Windows\System32\zxqrwAb.exe
  C:\Windows\System32\zxqrwAb.exe
  2⤵
  PID:6640
- C:\Windows\System32\IJdJxXD.exe
  C:\Windows\System32\IJdJxXD.exe
  2⤵
  PID:6672
- C:\Windows\System32\gnVleho.exe
  C:\Windows\System32\gnVleho.exe
  2⤵
  PID:6688
- C:\Windows\System32\XNfAFHJ.exe
  C:\Windows\System32\XNfAFHJ.exe
  2⤵
  PID:6704
- C:\Windows\System32\OuxCVMQ.exe
  C:\Windows\System32\OuxCVMQ.exe
  2⤵
  PID:6724
- C:\Windows\System32\mrsfhqF.exe
  C:\Windows\System32\mrsfhqF.exe
  2⤵
  PID:6744
- C:\Windows\System32\JRrmWah.exe
  C:\Windows\System32\JRrmWah.exe
  2⤵
  PID:6796
- C:\Windows\System32\ynEiyYS.exe
  C:\Windows\System32\ynEiyYS.exe
  2⤵
  PID:6836
- C:\Windows\System32\IGbjWFK.exe
  C:\Windows\System32\IGbjWFK.exe
  2⤵
  PID:6856
- C:\Windows\System32\GKjSYLg.exe
  C:\Windows\System32\GKjSYLg.exe
  2⤵
  PID:6888
- C:\Windows\System32\BrFUlYM.exe
  C:\Windows\System32\BrFUlYM.exe
  2⤵
  PID:6908
- C:\Windows\System32\QEewNtE.exe
  C:\Windows\System32\QEewNtE.exe
  2⤵
  PID:6936
- C:\Windows\System32\VWrzRPn.exe
  C:\Windows\System32\VWrzRPn.exe
  2⤵
  PID:6952
- C:\Windows\System32\BokJTPe.exe
  C:\Windows\System32\BokJTPe.exe
  2⤵
  PID:6988
- C:\Windows\System32\NxJMxBJ.exe
  C:\Windows\System32\NxJMxBJ.exe
  2⤵
  PID:7020
- C:\Windows\System32\NzQhTPu.exe
  C:\Windows\System32\NzQhTPu.exe
  2⤵
  PID:7060
- C:\Windows\System32\KHjmJdZ.exe
  C:\Windows\System32\KHjmJdZ.exe
  2⤵
  PID:7080
- C:\Windows\System32\RrNtXaK.exe
  C:\Windows\System32\RrNtXaK.exe
  2⤵
  PID:7104
- C:\Windows\System32\PirEkyX.exe
  C:\Windows\System32\PirEkyX.exe
  2⤵
  PID:7124
- C:\Windows\System32\MbuHrev.exe
  C:\Windows\System32\MbuHrev.exe
  2⤵
  PID:7156
- C:\Windows\System32\viPwGkL.exe
  C:\Windows\System32\viPwGkL.exe
  2⤵
  PID:6176
- C:\Windows\System32\IUxaTZx.exe
  C:\Windows\System32\IUxaTZx.exe
  2⤵
  PID:6228
- C:\Windows\System32\aLEDIjV.exe
  C:\Windows\System32\aLEDIjV.exe
  2⤵
  PID:6276
- C:\Windows\System32\HdxAhbk.exe
  C:\Windows\System32\HdxAhbk.exe
  2⤵
  PID:6408
- C:\Windows\System32\nILstwe.exe
  C:\Windows\System32\nILstwe.exe
  2⤵
  PID:6460
- C:\Windows\System32\CAoKmUW.exe
  C:\Windows\System32\CAoKmUW.exe
  2⤵
  PID:6504
- C:\Windows\System32\USBwFBN.exe
  C:\Windows\System32\USBwFBN.exe
  2⤵
  PID:6556
- C:\Windows\System32\spSACPI.exe
  C:\Windows\System32\spSACPI.exe
  2⤵
  PID:6588
- C:\Windows\System32\hVjoOvU.exe
  C:\Windows\System32\hVjoOvU.exe
  2⤵
  PID:6700
- C:\Windows\System32\lzuquXr.exe
  C:\Windows\System32\lzuquXr.exe
  2⤵
  PID:6816
- C:\Windows\System32\nHKTutr.exe
  C:\Windows\System32\nHKTutr.exe
  2⤵
  PID:6876
- C:\Windows\System32\oGznMxG.exe
  C:\Windows\System32\oGznMxG.exe
  2⤵
  PID:6948
- C:\Windows\System32\eyIOihb.exe
  C:\Windows\System32\eyIOihb.exe
  2⤵
  PID:6972
- C:\Windows\System32\hcjGpEJ.exe
  C:\Windows\System32\hcjGpEJ.exe
  2⤵
  PID:7044
- C:\Windows\System32\gjtmtNJ.exe
  C:\Windows\System32\gjtmtNJ.exe
  2⤵
  PID:7052
- C:\Windows\System32\vtggUjn.exe
  C:\Windows\System32\vtggUjn.exe
  2⤵
  PID:6188
- C:\Windows\System32\wjzgaqI.exe
  C:\Windows\System32\wjzgaqI.exe
  2⤵
  PID:6260
- C:\Windows\System32\xZKFwcY.exe
  C:\Windows\System32\xZKFwcY.exe
  2⤵
  PID:6308
- C:\Windows\System32\UIzuhyO.exe
  C:\Windows\System32\UIzuhyO.exe
  2⤵
  PID:6520
- C:\Windows\System32\CeqKwAu.exe
  C:\Windows\System32\CeqKwAu.exe
  2⤵
  PID:6656
- C:\Windows\System32\melXDsU.exe
  C:\Windows\System32\melXDsU.exe
  2⤵
  PID:6852
- C:\Windows\System32\RfQDGKa.exe
  C:\Windows\System32\RfQDGKa.exe
  2⤵
  PID:6904
- C:\Windows\System32\yAmDYqB.exe
  C:\Windows\System32\yAmDYqB.exe
  2⤵
  PID:7116
- C:\Windows\System32\djnzWrx.exe
  C:\Windows\System32\djnzWrx.exe
  2⤵
  PID:6348
- C:\Windows\System32\lOLMLhA.exe
  C:\Windows\System32\lOLMLhA.exe
  2⤵
  PID:6552
- C:\Windows\System32\RhJdtyC.exe
  C:\Windows\System32\RhJdtyC.exe
  2⤵
  PID:6964
- C:\Windows\System32\iHIZmYR.exe
  C:\Windows\System32\iHIZmYR.exe
  2⤵
  PID:6532
- C:\Windows\System32\QzOkSGu.exe
  C:\Windows\System32\QzOkSGu.exe
  2⤵
  PID:6812
- C:\Windows\System32\blzjWqq.exe
  C:\Windows\System32\blzjWqq.exe
  2⤵
  PID:7188
- C:\Windows\System32\MpJlZUX.exe
  C:\Windows\System32\MpJlZUX.exe
  2⤵
  PID:7212
- C:\Windows\System32\WzhpEaL.exe
  C:\Windows\System32\WzhpEaL.exe
  2⤵
  PID:7248
- C:\Windows\System32\hpbinXQ.exe
  C:\Windows\System32\hpbinXQ.exe
  2⤵
  PID:7268
- C:\Windows\System32\LgjmcyX.exe
  C:\Windows\System32\LgjmcyX.exe
  2⤵
  PID:7304
- C:\Windows\System32\tIuRgoa.exe
  C:\Windows\System32\tIuRgoa.exe
  2⤵
  PID:7332
- C:\Windows\System32\DEuvVVZ.exe
  C:\Windows\System32\DEuvVVZ.exe
  2⤵
  PID:7348
- C:\Windows\System32\qcUDHJz.exe
  C:\Windows\System32\qcUDHJz.exe
  2⤵
  PID:7404
- C:\Windows\System32\eBOzXcz.exe
  C:\Windows\System32\eBOzXcz.exe
  2⤵
  PID:7440
- C:\Windows\System32\IPcdMDt.exe
  C:\Windows\System32\IPcdMDt.exe
  2⤵
  PID:7468
- C:\Windows\System32\OgBGFgX.exe
  C:\Windows\System32\OgBGFgX.exe
  2⤵
  PID:7496
- C:\Windows\System32\bpwHQAA.exe
  C:\Windows\System32\bpwHQAA.exe
  2⤵
  PID:7516
- C:\Windows\System32\okKcdrn.exe
  C:\Windows\System32\okKcdrn.exe
  2⤵
  PID:7544
- C:\Windows\System32\vTDxKka.exe
  C:\Windows\System32\vTDxKka.exe
  2⤵
  PID:7568
- C:\Windows\System32\ZMeMEGO.exe
  C:\Windows\System32\ZMeMEGO.exe
  2⤵
  PID:7588
- C:\Windows\System32\EjMiNvv.exe
  C:\Windows\System32\EjMiNvv.exe
  2⤵
  PID:7612
- C:\Windows\System32\KqgXKeW.exe
  C:\Windows\System32\KqgXKeW.exe
  2⤵
  PID:7652
- C:\Windows\System32\ZTwkpft.exe
  C:\Windows\System32\ZTwkpft.exe
  2⤵
  PID:7672
- C:\Windows\System32\eoPaIkE.exe
  C:\Windows\System32\eoPaIkE.exe
  2⤵
  PID:7688
- C:\Windows\System32\yKeHaJt.exe
  C:\Windows\System32\yKeHaJt.exe
  2⤵
  PID:7740
- C:\Windows\System32\PfTnXZH.exe
  C:\Windows\System32\PfTnXZH.exe
  2⤵
  PID:7772
- C:\Windows\System32\DqrUavN.exe
  C:\Windows\System32\DqrUavN.exe
  2⤵
  PID:7792
- C:\Windows\System32\mGGAPAV.exe
  C:\Windows\System32\mGGAPAV.exe
  2⤵
  PID:7812
- C:\Windows\System32\xiuoOyt.exe
  C:\Windows\System32\xiuoOyt.exe
  2⤵
  PID:7836
- C:\Windows\System32\HNmNHJc.exe
  C:\Windows\System32\HNmNHJc.exe
  2⤵
  PID:7864
- C:\Windows\System32\WbTnzlW.exe
  C:\Windows\System32\WbTnzlW.exe
  2⤵
  PID:7892
- C:\Windows\System32\oRgDBHi.exe
  C:\Windows\System32\oRgDBHi.exe
  2⤵
  PID:7928
- C:\Windows\System32\LrjxjEl.exe
  C:\Windows\System32\LrjxjEl.exe
  2⤵
  PID:7976
- C:\Windows\System32\DICPhEs.exe
  C:\Windows\System32\DICPhEs.exe
  2⤵
  PID:8008
- C:\Windows\System32\EfAQbIW.exe
  C:\Windows\System32\EfAQbIW.exe
  2⤵
  PID:8036
- C:\Windows\System32\FncawHv.exe
  C:\Windows\System32\FncawHv.exe
  2⤵
  PID:8056
- C:\Windows\System32\mGnnpgJ.exe
  C:\Windows\System32\mGnnpgJ.exe
  2⤵
  PID:8072
- C:\Windows\System32\wcjHqtz.exe
  C:\Windows\System32\wcjHqtz.exe
  2⤵
  PID:8108
- C:\Windows\System32\IwStdvq.exe
  C:\Windows\System32\IwStdvq.exe
  2⤵
  PID:8140
- C:\Windows\System32\qvWnxYn.exe
  C:\Windows\System32\qvWnxYn.exe
  2⤵
  PID:8184
- C:\Windows\System32\PUwggXm.exe
  C:\Windows\System32\PUwggXm.exe
  2⤵
  PID:7180
- C:\Windows\System32\RGRSxvl.exe
  C:\Windows\System32\RGRSxvl.exe
  2⤵
  PID:7184
- C:\Windows\System32\fnhOjdX.exe
  C:\Windows\System32\fnhOjdX.exe
  2⤵
  PID:7344
- C:\Windows\System32\lGYSbuH.exe
  C:\Windows\System32\lGYSbuH.exe
  2⤵
  PID:7480
- C:\Windows\System32\BWKmytu.exe
  C:\Windows\System32\BWKmytu.exe
  2⤵
  PID:7536
- C:\Windows\System32\OwyMLbA.exe
  C:\Windows\System32\OwyMLbA.exe
  2⤵
  PID:7552
- C:\Windows\System32\jrIbvBM.exe
  C:\Windows\System32\jrIbvBM.exe
  2⤵
  PID:7608
- C:\Windows\System32\EHPItun.exe
  C:\Windows\System32\EHPItun.exe
  2⤵
  PID:7696
- C:\Windows\System32\ACfghGh.exe
  C:\Windows\System32\ACfghGh.exe
  2⤵
  PID:7680
- C:\Windows\System32\QLSGjDD.exe
  C:\Windows\System32\QLSGjDD.exe
  2⤵
  PID:7756
- C:\Windows\System32\JeDkIqA.exe
  C:\Windows\System32\JeDkIqA.exe
  2⤵
  PID:7828
- C:\Windows\System32\XulFmDy.exe
  C:\Windows\System32\XulFmDy.exe
  2⤵
  PID:7824
- C:\Windows\System32\JXebLgB.exe
  C:\Windows\System32\JXebLgB.exe
  2⤵
  PID:7856
- C:\Windows\System32\ZMVfUxa.exe
  C:\Windows\System32\ZMVfUxa.exe
  2⤵
  PID:7880
- C:\Windows\System32\wtewsAg.exe
  C:\Windows\System32\wtewsAg.exe
  2⤵
  PID:7908
- C:\Windows\System32\SeKxabh.exe
  C:\Windows\System32\SeKxabh.exe
  2⤵
  PID:7984
- C:\Windows\System32\jtvfItU.exe
  C:\Windows\System32\jtvfItU.exe
  2⤵
  PID:8016
- C:\Windows\System32\ogGlEEB.exe
  C:\Windows\System32\ogGlEEB.exe
  2⤵
  PID:8048
- C:\Windows\System32\YwmfVqu.exe
  C:\Windows\System32\YwmfVqu.exe
  2⤵
  PID:8068
- C:\Windows\System32\CTTvArc.exe
  C:\Windows\System32\CTTvArc.exe
  2⤵
  PID:8096
- C:\Windows\System32\nqoeTFK.exe
  C:\Windows\System32\nqoeTFK.exe
  2⤵
  PID:8176
- C:\Windows\System32\HYZoDDP.exe
  C:\Windows\System32\HYZoDDP.exe
  2⤵
  PID:6428
- C:\Windows\System32\JZiRLtb.exe
  C:\Windows\System32\JZiRLtb.exe
  2⤵
  PID:8204
- C:\Windows\System32\QGWKHjl.exe
  C:\Windows\System32\QGWKHjl.exe
  2⤵
  PID:8248
- C:\Windows\System32\sLzBMws.exe
  C:\Windows\System32\sLzBMws.exe
  2⤵
  PID:8336
- C:\Windows\System32\MSpKQVN.exe
  C:\Windows\System32\MSpKQVN.exe
  2⤵
  PID:8392
- C:\Windows\System32\ZytvzBX.exe
  C:\Windows\System32\ZytvzBX.exe
  2⤵
  PID:8416
- C:\Windows\System32\FRekqwv.exe
  C:\Windows\System32\FRekqwv.exe
  2⤵
  PID:8456
- C:\Windows\System32\HpPbgQL.exe
  C:\Windows\System32\HpPbgQL.exe
  2⤵
  PID:8488
- C:\Windows\System32\xOyOAvr.exe
  C:\Windows\System32\xOyOAvr.exe
  2⤵
  PID:8584
- C:\Windows\System32\EQeoWNF.exe
  C:\Windows\System32\EQeoWNF.exe
  2⤵
  PID:8604
- C:\Windows\System32\KezSXTA.exe
  C:\Windows\System32\KezSXTA.exe
  2⤵
  PID:8628
- C:\Windows\System32\RVNyLjR.exe
  C:\Windows\System32\RVNyLjR.exe
  2⤵
  PID:8652
- C:\Windows\System32\vPCsLhF.exe
  C:\Windows\System32\vPCsLhF.exe
  2⤵
  PID:8696
- C:\Windows\System32\vHnGkNq.exe
  C:\Windows\System32\vHnGkNq.exe
  2⤵
  PID:8740
- C:\Windows\System32\UJLQrjZ.exe
  C:\Windows\System32\UJLQrjZ.exe
  2⤵
  PID:8780
- C:\Windows\System32\ZSsXGPd.exe
  C:\Windows\System32\ZSsXGPd.exe
  2⤵
  PID:8808
- C:\Windows\System32\GDxWQSi.exe
  C:\Windows\System32\GDxWQSi.exe
  2⤵
  PID:8832
- C:\Windows\System32\RuereGS.exe
  C:\Windows\System32\RuereGS.exe
  2⤵
  PID:8864
- C:\Windows\System32\JAdGqFr.exe
  C:\Windows\System32\JAdGqFr.exe
  2⤵
  PID:8896
- C:\Windows\System32\jxQAkdg.exe
  C:\Windows\System32\jxQAkdg.exe
  2⤵
  PID:8940
- C:\Windows\System32\YwFLYaK.exe
  C:\Windows\System32\YwFLYaK.exe
  2⤵
  PID:8968
- C:\Windows\System32\cwLImxT.exe
  C:\Windows\System32\cwLImxT.exe
  2⤵
  PID:8988
- C:\Windows\System32\NkzTleV.exe
  C:\Windows\System32\NkzTleV.exe
  2⤵
  PID:9016
- C:\Windows\System32\cjduciH.exe
  C:\Windows\System32\cjduciH.exe
  2⤵
  PID:9040
- C:\Windows\System32\esbhtoH.exe
  C:\Windows\System32\esbhtoH.exe
  2⤵
  PID:9056
- C:\Windows\System32\pvPSvuS.exe
  C:\Windows\System32\pvPSvuS.exe
  2⤵
  PID:9076
- C:\Windows\System32\SocrTdQ.exe
  C:\Windows\System32\SocrTdQ.exe
  2⤵
  PID:9104
- C:\Windows\System32\YEuUZrv.exe
  C:\Windows\System32\YEuUZrv.exe
  2⤵
  PID:9128
- C:\Windows\System32\drsMxLK.exe
  C:\Windows\System32\drsMxLK.exe
  2⤵
  PID:9152
- C:\Windows\System32\NwjmHBR.exe
  C:\Windows\System32\NwjmHBR.exe
  2⤵
  PID:9168
- C:\Windows\System32\SIKUZIl.exe
  C:\Windows\System32\SIKUZIl.exe
  2⤵
  PID:9192
- C:\Windows\System32\eozGOiZ.exe
  C:\Windows\System32\eozGOiZ.exe
  2⤵
  PID:7260
- C:\Windows\System32\NyKMiUt.exe
  C:\Windows\System32\NyKMiUt.exe
  2⤵
  PID:7720
- C:\Windows\System32\WlbCVuC.exe
  C:\Windows\System32\WlbCVuC.exe
  2⤵
  PID:8152
- C:\Windows\System32\hjtPAIx.exe
  C:\Windows\System32\hjtPAIx.exe
  2⤵
  PID:7708
- C:\Windows\System32\xnxHyjT.exe
  C:\Windows\System32\xnxHyjT.exe
  2⤵
  PID:8116
- C:\Windows\System32\OeTysOX.exe
  C:\Windows\System32\OeTysOX.exe
  2⤵
  PID:7456
- C:\Windows\System32\FOjYSmm.exe
  C:\Windows\System32\FOjYSmm.exe
  2⤵
  PID:7528
- C:\Windows\System32\TOkSxlR.exe
  C:\Windows\System32\TOkSxlR.exe
  2⤵
  PID:8000
- C:\Windows\System32\srpmjbk.exe
  C:\Windows\System32\srpmjbk.exe
  2⤵
  PID:8384
- C:\Windows\System32\OFJzxwX.exe
  C:\Windows\System32\OFJzxwX.exe
  2⤵
  PID:8504
- C:\Windows\System32\SyWXFTo.exe
  C:\Windows\System32\SyWXFTo.exe
  2⤵
  PID:8500
- C:\Windows\System32\PTYChvA.exe
  C:\Windows\System32\PTYChvA.exe
  2⤵
  PID:8468
- C:\Windows\System32\pjPMvbg.exe
  C:\Windows\System32\pjPMvbg.exe
  2⤵
  PID:8600
- C:\Windows\System32\jVVFvCF.exe
  C:\Windows\System32\jVVFvCF.exe
  2⤵
  PID:8672
- C:\Windows\System32\siTDrOG.exe
  C:\Windows\System32\siTDrOG.exe
  2⤵
  PID:8772
- C:\Windows\System32\zqleUbY.exe
  C:\Windows\System32\zqleUbY.exe
  2⤵
  PID:8800
- C:\Windows\System32\GhBcypo.exe
  C:\Windows\System32\GhBcypo.exe
  2⤵
  PID:8884
- C:\Windows\System32\cUZymgl.exe
  C:\Windows\System32\cUZymgl.exe
  2⤵
  PID:8912
- C:\Windows\System32\zKQNmKU.exe
  C:\Windows\System32\zKQNmKU.exe
  2⤵
  PID:8976
- C:\Windows\System32\RjAYqlO.exe
  C:\Windows\System32\RjAYqlO.exe
  2⤵
  PID:9088
- C:\Windows\System32\fHhxKJB.exe
  C:\Windows\System32\fHhxKJB.exe
  2⤵
  PID:9188
- C:\Windows\System32\lhMrMcn.exe
  C:\Windows\System32\lhMrMcn.exe
  2⤵
  PID:7436
- C:\Windows\System32\QMXKNay.exe
  C:\Windows\System32\QMXKNay.exe
  2⤵
  PID:8164
- C:\Windows\System32\ijZsEws.exe
  C:\Windows\System32\ijZsEws.exe
  2⤵
  PID:7376
- C:\Windows\System32\kHAjacg.exe
  C:\Windows\System32\kHAjacg.exe
  2⤵
  PID:8240
- C:\Windows\System32\IvPuYsr.exe
  C:\Windows\System32\IvPuYsr.exe
  2⤵
  PID:8028
- C:\Windows\System32\yIqBdPf.exe
  C:\Windows\System32\yIqBdPf.exe
  2⤵
  PID:8532
- C:\Windows\System32\PAKhCuR.exe
  C:\Windows\System32\PAKhCuR.exe
  2⤵
  PID:8524
- C:\Windows\System32\fyTvxig.exe
  C:\Windows\System32\fyTvxig.exe
  2⤵
  PID:8664
- C:\Windows\System32\xokzaeb.exe
  C:\Windows\System32\xokzaeb.exe
  2⤵
  PID:8828
- C:\Windows\System32\FtEdpMs.exe
  C:\Windows\System32\FtEdpMs.exe
  2⤵
  PID:8924
- C:\Windows\System32\hHXqpjE.exe
  C:\Windows\System32\hHXqpjE.exe
  2⤵
  PID:9096
- C:\Windows\System32\UaIKVrq.exe
  C:\Windows\System32\UaIKVrq.exe
  2⤵
  PID:7280
- C:\Windows\System32\bnJKhSt.exe
  C:\Windows\System32\bnJKhSt.exe
  2⤵
  PID:7340
- C:\Windows\System32\wrFtZEK.exe
  C:\Windows\System32\wrFtZEK.exe
  2⤵
  PID:8452
- C:\Windows\System32\cHJJXYe.exe
  C:\Windows\System32\cHJJXYe.exe
  2⤵
  PID:8408
- C:\Windows\System32\vjzgcIm.exe
  C:\Windows\System32\vjzgcIm.exe
  2⤵
  PID:8916
- C:\Windows\System32\cJmHdWk.exe
  C:\Windows\System32\cJmHdWk.exe
  2⤵
  PID:8212
- C:\Windows\System32\PqLVUyg.exe
  C:\Windows\System32\PqLVUyg.exe
  2⤵
  PID:9008
- C:\Windows\System32\otsRvuA.exe
  C:\Windows\System32\otsRvuA.exe
  2⤵
  PID:9236
- C:\Windows\System32\IzqaGzo.exe
  C:\Windows\System32\IzqaGzo.exe
  2⤵
  PID:9256
- C:\Windows\System32\HgKSXAz.exe
  C:\Windows\System32\HgKSXAz.exe
  2⤵
  PID:9284
- C:\Windows\System32\ExXpFQJ.exe
  C:\Windows\System32\ExXpFQJ.exe
  2⤵
  PID:9304
- C:\Windows\System32\ELYTZEV.exe
  C:\Windows\System32\ELYTZEV.exe
  2⤵
  PID:9324
- C:\Windows\System32\dGRBNrg.exe
  C:\Windows\System32\dGRBNrg.exe
  2⤵
  PID:9376
- C:\Windows\System32\RuQruxu.exe
  C:\Windows\System32\RuQruxu.exe
  2⤵
  PID:9420
- C:\Windows\System32\Gtbvsvf.exe
  C:\Windows\System32\Gtbvsvf.exe
  2⤵
  PID:9448
- C:\Windows\System32\wksnqoL.exe
  C:\Windows\System32\wksnqoL.exe
  2⤵
  PID:9472
- C:\Windows\System32\yjTfEFU.exe
  C:\Windows\System32\yjTfEFU.exe
  2⤵
  PID:9488
- C:\Windows\System32\qHxrOjg.exe
  C:\Windows\System32\qHxrOjg.exe
  2⤵
  PID:9512
- C:\Windows\System32\VGtiiUi.exe
  C:\Windows\System32\VGtiiUi.exe
  2⤵
  PID:9540
- C:\Windows\System32\pQjbyYl.exe
  C:\Windows\System32\pQjbyYl.exe
  2⤵
  PID:9568
- C:\Windows\System32\qnMbydD.exe
  C:\Windows\System32\qnMbydD.exe
  2⤵
  PID:9596
- C:\Windows\System32\NySvvRd.exe
  C:\Windows\System32\NySvvRd.exe
  2⤵
  PID:9624
- C:\Windows\System32\rLaQBsl.exe
  C:\Windows\System32\rLaQBsl.exe
  2⤵
  PID:9648
- C:\Windows\System32\ExmMQcG.exe
  C:\Windows\System32\ExmMQcG.exe
  2⤵
  PID:9672
- C:\Windows\System32\BDfSOvh.exe
  C:\Windows\System32\BDfSOvh.exe
  2⤵
  PID:9688
- C:\Windows\System32\kDThCAk.exe
  C:\Windows\System32\kDThCAk.exe
  2⤵
  PID:9736
- C:\Windows\System32\ZQIButm.exe
  C:\Windows\System32\ZQIButm.exe
  2⤵
  PID:9780
- C:\Windows\System32\XoPBlqZ.exe
  C:\Windows\System32\XoPBlqZ.exe
  2⤵
  PID:9800
- C:\Windows\System32\pbSMlXY.exe
  C:\Windows\System32\pbSMlXY.exe
  2⤵
  PID:9820
- C:\Windows\System32\FvjhKOu.exe
  C:\Windows\System32\FvjhKOu.exe
  2⤵
  PID:9840
- C:\Windows\System32\ZtbIMwK.exe
  C:\Windows\System32\ZtbIMwK.exe
  2⤵
  PID:9880
- C:\Windows\System32\yvCGNAn.exe
  C:\Windows\System32\yvCGNAn.exe
  2⤵
  PID:9900
- C:\Windows\System32\lpiROfZ.exe
  C:\Windows\System32\lpiROfZ.exe
  2⤵
  PID:9924
- C:\Windows\System32\vDHanWg.exe
  C:\Windows\System32\vDHanWg.exe
  2⤵
  PID:9944
- C:\Windows\System32\NkgQDao.exe
  C:\Windows\System32\NkgQDao.exe
  2⤵
  PID:9968
- C:\Windows\System32\bvxOPit.exe
  C:\Windows\System32\bvxOPit.exe
  2⤵
  PID:10028
- C:\Windows\System32\AMQcjoB.exe
  C:\Windows\System32\AMQcjoB.exe
  2⤵
  PID:10064
- C:\Windows\System32\rSXOGaF.exe
  C:\Windows\System32\rSXOGaF.exe
  2⤵
  PID:10084
- C:\Windows\System32\rfFAVJf.exe
  C:\Windows\System32\rfFAVJf.exe
  2⤵
  PID:10108
- C:\Windows\System32\KLMRUBV.exe
  C:\Windows\System32\KLMRUBV.exe
  2⤵
  PID:10124
- C:\Windows\System32\IchBcjD.exe
  C:\Windows\System32\IchBcjD.exe
  2⤵
  PID:10152
- C:\Windows\System32\kHjoCLW.exe
  C:\Windows\System32\kHjoCLW.exe
  2⤵
  PID:10192
- C:\Windows\System32\kZUbHaO.exe
  C:\Windows\System32\kZUbHaO.exe
  2⤵
  PID:10236
- C:\Windows\System32\KyUKhqu.exe
  C:\Windows\System32\KyUKhqu.exe
  2⤵
  PID:9280
- C:\Windows\System32\SqCyrHp.exe
  C:\Windows\System32\SqCyrHp.exe
  2⤵
  PID:9248
- C:\Windows\System32\ITszuWh.exe
  C:\Windows\System32\ITszuWh.exe
  2⤵
  PID:9312
- C:\Windows\System32\OMAQWxF.exe
  C:\Windows\System32\OMAQWxF.exe
  2⤵
  PID:9412
- C:\Windows\System32\pfPkuAf.exe
  C:\Windows\System32\pfPkuAf.exe
  2⤵
  PID:9496
- C:\Windows\System32\QMXKySg.exe
  C:\Windows\System32\QMXKySg.exe
  2⤵
  PID:9556
- C:\Windows\System32\WeRzDdk.exe
  C:\Windows\System32\WeRzDdk.exe
  2⤵
  PID:9656
- C:\Windows\System32\TmJyaGc.exe
  C:\Windows\System32\TmJyaGc.exe
  2⤵
  PID:9684
- C:\Windows\System32\MuARSQK.exe
  C:\Windows\System32\MuARSQK.exe
  2⤵
  PID:9712
- C:\Windows\System32\fGQaUKz.exe
  C:\Windows\System32\fGQaUKz.exe
  2⤵
  PID:9856
- C:\Windows\System32\UBVFxlu.exe
  C:\Windows\System32\UBVFxlu.exe
  2⤵
  PID:9936
- C:\Windows\System32\vKtgeLg.exe
  C:\Windows\System32\vKtgeLg.exe
  2⤵
  PID:9964
- C:\Windows\System32\OcSOQwN.exe
  C:\Windows\System32\OcSOQwN.exe
  2⤵
  PID:9980
- C:\Windows\System32\cPkXJoH.exe
  C:\Windows\System32\cPkXJoH.exe
  2⤵
  PID:10104
- C:\Windows\System32\HDhAOqC.exe
  C:\Windows\System32\HDhAOqC.exe
  2⤵
  PID:10116
- C:\Windows\System32\zbLcPVM.exe
  C:\Windows\System32\zbLcPVM.exe
  2⤵
  PID:10184
- C:\Windows\System32\pYFIGOC.exe
  C:\Windows\System32\pYFIGOC.exe
  2⤵
  PID:10208
- C:\Windows\System32\XMICICy.exe
  C:\Windows\System32\XMICICy.exe
  2⤵
  PID:9232
- C:\Windows\System32\kfpYTiV.exe
  C:\Windows\System32\kfpYTiV.exe
  2⤵
  PID:9352
- C:\Windows\System32\UmpXOUn.exe
  C:\Windows\System32\UmpXOUn.exe
  2⤵
  PID:9524
- C:\Windows\System32\bZELgzD.exe
  C:\Windows\System32\bZELgzD.exe
  2⤵
  PID:9724
- C:\Windows\System32\YIPmPmO.exe
  C:\Windows\System32\YIPmPmO.exe
  2⤵
  PID:4892
- C:\Windows\System32\PHuzQwu.exe
  C:\Windows\System32\PHuzQwu.exe
  2⤵
  PID:10080
- C:\Windows\System32\zHNrYlw.exe
  C:\Windows\System32\zHNrYlw.exe
  2⤵
  PID:10200
- C:\Windows\System32\hXixqTE.exe
  C:\Windows\System32\hXixqTE.exe
  2⤵
  PID:9444
- C:\Windows\System32\lVYOqbr.exe
  C:\Windows\System32\lVYOqbr.exe
  2⤵
  PID:9796
- C:\Windows\System32\uLxhJAb.exe
  C:\Windows\System32\uLxhJAb.exe
  2⤵
  PID:9480
- C:\Windows\System32\OhQmVfd.exe
  C:\Windows\System32\OhQmVfd.exe
  2⤵
  PID:10256
- C:\Windows\System32\WSqFKdD.exe
  C:\Windows\System32\WSqFKdD.exe
  2⤵
  PID:10308
- C:\Windows\System32\zLkpbbC.exe
  C:\Windows\System32\zLkpbbC.exe
  2⤵
  PID:10332
- C:\Windows\System32\RXKVMcV.exe
  C:\Windows\System32\RXKVMcV.exe
  2⤵
  PID:10352
- C:\Windows\System32\ISJkSHH.exe
  C:\Windows\System32\ISJkSHH.exe
  2⤵
  PID:10368
- C:\Windows\System32\QUTJWqf.exe
  C:\Windows\System32\QUTJWqf.exe
  2⤵
  PID:10392
- C:\Windows\System32\lUETcWq.exe
  C:\Windows\System32\lUETcWq.exe
  2⤵
  PID:10412
- C:\Windows\System32\AvlBkqJ.exe
  C:\Windows\System32\AvlBkqJ.exe
  2⤵
  PID:10468
- C:\Windows\System32\ImiMHqk.exe
  C:\Windows\System32\ImiMHqk.exe
  2⤵
  PID:10488
- C:\Windows\System32\gMeBbYQ.exe
  C:\Windows\System32\gMeBbYQ.exe
  2⤵
  PID:10504
- C:\Windows\System32\lEovllQ.exe
  C:\Windows\System32\lEovllQ.exe
  2⤵
  PID:10532
- C:\Windows\System32\irJyKfQ.exe
  C:\Windows\System32\irJyKfQ.exe
  2⤵
  PID:10564
- C:\Windows\System32\tbZwnyZ.exe
  C:\Windows\System32\tbZwnyZ.exe
  2⤵
  PID:10600
- C:\Windows\System32\eDInmwb.exe
  C:\Windows\System32\eDInmwb.exe
  2⤵
  PID:10648
- C:\Windows\System32\NHhMBws.exe
  C:\Windows\System32\NHhMBws.exe
  2⤵
  PID:10668
- C:\Windows\System32\kYKemle.exe
  C:\Windows\System32\kYKemle.exe
  2⤵
  PID:10696
- C:\Windows\System32\Yevcswk.exe
  C:\Windows\System32\Yevcswk.exe
  2⤵
  PID:10720
- C:\Windows\System32\TkJfsSK.exe
  C:\Windows\System32\TkJfsSK.exe
  2⤵
  PID:10744
- C:\Windows\System32\RSRCdoX.exe
  C:\Windows\System32\RSRCdoX.exe
  2⤵
  PID:10768
- C:\Windows\System32\vEonpkr.exe
  C:\Windows\System32\vEonpkr.exe
  2⤵
  PID:10788
- C:\Windows\System32\FtdfXag.exe
  C:\Windows\System32\FtdfXag.exe
  2⤵
  PID:10804
- C:\Windows\System32\eiZKOJq.exe
  C:\Windows\System32\eiZKOJq.exe
  2⤵
  PID:10852
- C:\Windows\System32\DYzZOrP.exe
  C:\Windows\System32\DYzZOrP.exe
  2⤵
  PID:10884
- C:\Windows\System32\bxVXrWz.exe
  C:\Windows\System32\bxVXrWz.exe
  2⤵
  PID:10904
- C:\Windows\System32\adxKMpU.exe
  C:\Windows\System32\adxKMpU.exe
  2⤵
  PID:10944
- C:\Windows\System32\WDUKWnn.exe
  C:\Windows\System32\WDUKWnn.exe
  2⤵
  PID:10964
- C:\Windows\System32\xRojupl.exe
  C:\Windows\System32\xRojupl.exe
  2⤵
  PID:10992
- C:\Windows\System32\pGIOBnC.exe
  C:\Windows\System32\pGIOBnC.exe
  2⤵
  PID:11012
- C:\Windows\System32\wQePAhO.exe
  C:\Windows\System32\wQePAhO.exe
  2⤵
  PID:11040
- C:\Windows\System32\rDAOqRN.exe
  C:\Windows\System32\rDAOqRN.exe
  2⤵
  PID:11056
- C:\Windows\System32\uubCSlB.exe
  C:\Windows\System32\uubCSlB.exe
  2⤵
  PID:11080
- C:\Windows\System32\NWKJFXZ.exe
  C:\Windows\System32\NWKJFXZ.exe
  2⤵
  PID:11100
- C:\Windows\System32\HUhEkJx.exe
  C:\Windows\System32\HUhEkJx.exe
  2⤵
  PID:11128
- C:\Windows\System32\gEdtHhg.exe
  C:\Windows\System32\gEdtHhg.exe
  2⤵
  PID:11160
- C:\Windows\System32\ZApQyrv.exe
  C:\Windows\System32\ZApQyrv.exe
  2⤵
  PID:11176
- C:\Windows\System32\xzRokYg.exe
  C:\Windows\System32\xzRokYg.exe
  2⤵
  PID:11196
- C:\Windows\System32\pBaNfUZ.exe
  C:\Windows\System32\pBaNfUZ.exe
  2⤵
  PID:11216
- C:\Windows\System32\KQmNdTR.exe
  C:\Windows\System32\KQmNdTR.exe
  2⤵
  PID:11248
- C:\Windows\System32\sjLeZFE.exe
  C:\Windows\System32\sjLeZFE.exe
  2⤵
  PID:10264
- C:\Windows\System32\qcahoMq.exe
  C:\Windows\System32\qcahoMq.exe
  2⤵
  PID:10424
- C:\Windows\System32\KlEytdk.exe
  C:\Windows\System32\KlEytdk.exe
  2⤵
  PID:10476
- C:\Windows\System32\rGZJmIy.exe
  C:\Windows\System32\rGZJmIy.exe
  2⤵
  PID:9536
- C:\Windows\System32\TOkltNI.exe
  C:\Windows\System32\TOkltNI.exe
  2⤵
  PID:10560
- C:\Windows\System32\nxNBihJ.exe
  C:\Windows\System32\nxNBihJ.exe
  2⤵
  PID:10624
- C:\Windows\System32\nMXxMRW.exe
  C:\Windows\System32\nMXxMRW.exe
  2⤵
  PID:10664
- C:\Windows\System32\QRaRqsq.exe
  C:\Windows\System32\QRaRqsq.exe
  2⤵
  PID:10776
- C:\Windows\System32\iFwEIrc.exe
  C:\Windows\System32\iFwEIrc.exe
  2⤵
  PID:10844
- C:\Windows\System32\oIUTlIP.exe
  C:\Windows\System32\oIUTlIP.exe
  2⤵
  PID:10932
- C:\Windows\System32\JCSdfuv.exe
  C:\Windows\System32\JCSdfuv.exe
  2⤵
  PID:10960
- C:\Windows\System32\RznGlTE.exe
  C:\Windows\System32\RznGlTE.exe
  2⤵
  PID:11004
- C:\Windows\System32\CJvbfvL.exe
  C:\Windows\System32\CJvbfvL.exe
  2⤵
  PID:11064
- C:\Windows\System32\hjcjWLI.exe
  C:\Windows\System32\hjcjWLI.exe
  2⤵
  PID:11140
- C:\Windows\System32\VHkQzOP.exe
  C:\Windows\System32\VHkQzOP.exe
  2⤵
  PID:11224
- C:\Windows\System32\lhzXBrY.exe
  C:\Windows\System32\lhzXBrY.exe
  2⤵
  PID:10292
- C:\Windows\System32\eHNuUBX.exe
  C:\Windows\System32\eHNuUBX.exe
  2⤵
  PID:10444
- C:\Windows\System32\RhImEro.exe
  C:\Windows\System32\RhImEro.exe
  2⤵
  PID:10656
- C:\Windows\System32\YNkZBtP.exe
  C:\Windows\System32\YNkZBtP.exe
  2⤵
  PID:10864
- C:\Windows\System32\QUdSQRN.exe
  C:\Windows\System32\QUdSQRN.exe
  2⤵
  PID:10956
- C:\Windows\System32\UqcfIXv.exe
  C:\Windows\System32\UqcfIXv.exe
  2⤵
  PID:11072
- C:\Windows\System32\ioICZIB.exe
  C:\Windows\System32\ioICZIB.exe
  2⤵
  PID:11008
- C:\Windows\System32\OQpXuCt.exe
  C:\Windows\System32\OQpXuCt.exe
  2⤵
  PID:11168
- C:\Windows\System32\TaycYyL.exe
  C:\Windows\System32\TaycYyL.exe
  2⤵
  PID:10920
- C:\Windows\System32\TMuRKSb.exe
  C:\Windows\System32\TMuRKSb.exe
  2⤵
  PID:10680
- C:\Windows\System32\VQDbZLn.exe
  C:\Windows\System32\VQDbZLn.exe
  2⤵
  PID:11112
- C:\Windows\System32\OksMuaP.exe
  C:\Windows\System32\OksMuaP.exe
  2⤵
  PID:11284
- C:\Windows\System32\sMquDWV.exe
  C:\Windows\System32\sMquDWV.exe
  2⤵
  PID:11304
- C:\Windows\System32\jmYEcoI.exe
  C:\Windows\System32\jmYEcoI.exe
  2⤵
  PID:11320
- C:\Windows\System32\SXDWjXq.exe
  C:\Windows\System32\SXDWjXq.exe
  2⤵
  PID:11392
- C:\Windows\System32\vVXKYBk.exe
  C:\Windows\System32\vVXKYBk.exe
  2⤵
  PID:11412
- C:\Windows\System32\NghmAKm.exe
  C:\Windows\System32\NghmAKm.exe
  2⤵
  PID:11460
- C:\Windows\System32\EolGJMr.exe
  C:\Windows\System32\EolGJMr.exe
  2⤵
  PID:11496
- C:\Windows\System32\FgjACAM.exe
  C:\Windows\System32\FgjACAM.exe
  2⤵
  PID:11520
- C:\Windows\System32\iPvFGuO.exe
  C:\Windows\System32\iPvFGuO.exe
  2⤵
  PID:11536
- C:\Windows\System32\LxBguvM.exe
  C:\Windows\System32\LxBguvM.exe
  2⤵
  PID:11560
- C:\Windows\System32\NzkfmWk.exe
  C:\Windows\System32\NzkfmWk.exe
  2⤵
  PID:11584
- C:\Windows\System32\JhpzXjP.exe
  C:\Windows\System32\JhpzXjP.exe
  2⤵
  PID:11616
- C:\Windows\System32\kxBAtyO.exe
  C:\Windows\System32\kxBAtyO.exe
  2⤵
  PID:11632
- C:\Windows\System32\JFbQlJd.exe
  C:\Windows\System32\JFbQlJd.exe
  2⤵
  PID:11704
- C:\Windows\System32\cPnINGZ.exe
  C:\Windows\System32\cPnINGZ.exe
  2⤵
  PID:11764
- C:\Windows\System32\tpkCEXf.exe
  C:\Windows\System32\tpkCEXf.exe
  2⤵
  PID:11780
- C:\Windows\System32\aNAguhz.exe
  C:\Windows\System32\aNAguhz.exe
  2⤵
  PID:11796
- C:\Windows\System32\CfUsXXl.exe
  C:\Windows\System32\CfUsXXl.exe
  2⤵
  PID:11812
- C:\Windows\System32\RQBSDbJ.exe
  C:\Windows\System32\RQBSDbJ.exe
  2⤵
  PID:11828
- C:\Windows\System32\xZxbtCE.exe
  C:\Windows\System32\xZxbtCE.exe
  2⤵
  PID:11852
- C:\Windows\System32\UEGfezF.exe
  C:\Windows\System32\UEGfezF.exe
  2⤵
  PID:11872
- C:\Windows\System32\nYubLFw.exe
  C:\Windows\System32\nYubLFw.exe
  2⤵
  PID:11896
- C:\Windows\System32\sJVpRRi.exe
  C:\Windows\System32\sJVpRRi.exe
  2⤵
  PID:11920
- C:\Windows\System32\SbKEIIc.exe
  C:\Windows\System32\SbKEIIc.exe
  2⤵
  PID:11968
- C:\Windows\System32\SgeRjyW.exe
  C:\Windows\System32\SgeRjyW.exe
  2⤵
  PID:11988
- C:\Windows\System32\OgpUlxe.exe
  C:\Windows\System32\OgpUlxe.exe
  2⤵
  PID:12032
- C:\Windows\System32\LMdxJYP.exe
  C:\Windows\System32\LMdxJYP.exe
  2⤵
  PID:12092
- C:\Windows\System32\qeKswjX.exe
  C:\Windows\System32\qeKswjX.exe
  2⤵
  PID:12116
- C:\Windows\System32\mVMYerR.exe
  C:\Windows\System32\mVMYerR.exe
  2⤵
  PID:12140
- C:\Windows\System32\NulBoCy.exe
  C:\Windows\System32\NulBoCy.exe
  2⤵
  PID:12168
- C:\Windows\System32\sqzbWhU.exe
  C:\Windows\System32\sqzbWhU.exe
  2⤵
  PID:12184
- C:\Windows\System32\SdLdPJB.exe
  C:\Windows\System32\SdLdPJB.exe
  2⤵
  PID:12204
- C:\Windows\System32\YwcsGyk.exe
  C:\Windows\System32\YwcsGyk.exe
  2⤵
  PID:12240
- C:\Windows\System32\pXvMxTl.exe
  C:\Windows\System32\pXvMxTl.exe
  2⤵
  PID:12256
- C:\Windows\System32\BGavTFE.exe
  C:\Windows\System32\BGavTFE.exe
  2⤵
  PID:10900
- C:\Windows\System32\KsUeLgw.exe
  C:\Windows\System32\KsUeLgw.exe
  2⤵
  PID:10796
- C:\Windows\System32\WuRiUNQ.exe
  C:\Windows\System32\WuRiUNQ.exe
  2⤵
  PID:10420
- C:\Windows\System32\sCYYgiM.exe
  C:\Windows\System32\sCYYgiM.exe
  2⤵
  PID:11280
- C:\Windows\System32\hdXNxfa.exe
  C:\Windows\System32\hdXNxfa.exe
  2⤵
  PID:11488
- C:\Windows\System32\CkukpbL.exe
  C:\Windows\System32\CkukpbL.exe
  2⤵
  PID:11556
- C:\Windows\System32\UJWLYhh.exe
  C:\Windows\System32\UJWLYhh.exe
  2⤵
  PID:11576
- C:\Windows\System32\gZkvcvb.exe
  C:\Windows\System32\gZkvcvb.exe
  2⤵
  PID:11628
- C:\Windows\System32\sfErgMU.exe
  C:\Windows\System32\sfErgMU.exe
  2⤵
  PID:11656
- C:\Windows\System32\MeShyYB.exe
  C:\Windows\System32\MeShyYB.exe
  2⤵
  PID:11820
- C:\Windows\System32\CeCSvrC.exe
  C:\Windows\System32\CeCSvrC.exe
  2⤵
  PID:11788
- C:\Windows\System32\OezqFuz.exe
  C:\Windows\System32\OezqFuz.exe
  2⤵
  PID:11980
- C:\Windows\System32\QqwIVaH.exe
  C:\Windows\System32\QqwIVaH.exe
  2⤵
  PID:11880
- C:\Windows\System32\xjyFNBM.exe
  C:\Windows\System32\xjyFNBM.exe
  2⤵
  PID:12080
- C:\Windows\System32\fyNALGv.exe
  C:\Windows\System32\fyNALGv.exe
  2⤵
  PID:12108
- C:\Windows\System32\PPIsQme.exe
  C:\Windows\System32\PPIsQme.exe
  2⤵
  PID:12176
- C:\Windows\System32\SncXoiI.exe
  C:\Windows\System32\SncXoiI.exe
  2⤵
  PID:12268
- C:\Windows\System32\TarkrnV.exe
  C:\Windows\System32\TarkrnV.exe
  2⤵
  PID:12248
- C:\Windows\System32\GFiPUeZ.exe
  C:\Windows\System32\GFiPUeZ.exe
  2⤵
  PID:11292
- C:\Windows\System32\TMPXIaG.exe
  C:\Windows\System32\TMPXIaG.exe
  2⤵
  PID:11404
- C:\Windows\System32\lHXhaoL.exe
  C:\Windows\System32\lHXhaoL.exe
  2⤵
  PID:11680
- C:\Windows\System32\nGWnMJU.exe
  C:\Windows\System32\nGWnMJU.exe
  2⤵
  PID:11740
- C:\Windows\System32\CYSwpHA.exe
  C:\Windows\System32\CYSwpHA.exe
  2⤵
  PID:11960
- C:\Windows\System32\CcTrGDe.exe
  C:\Windows\System32\CcTrGDe.exe
  2⤵
  PID:12020
- C:\Windows\System32\PjsrBIV.exe
  C:\Windows\System32\PjsrBIV.exe
  2⤵
  PID:12124
- C:\Windows\System32\BHebrwv.exe
  C:\Windows\System32\BHebrwv.exe
  2⤵
  PID:11312
- C:\Windows\System32\kOliFeU.exe
  C:\Windows\System32\kOliFeU.exe
  2⤵
  PID:11792
- C:\Windows\System32\UNVwrju.exe
  C:\Windows\System32\UNVwrju.exe
  2⤵
  PID:12068
- C:\Windows\System32\gssHnXF.exe
  C:\Windows\System32\gssHnXF.exe
  2⤵
  PID:11544
- C:\Windows\System32\CcrVdPX.exe
  C:\Windows\System32\CcrVdPX.exe
  2⤵
  PID:12312
- C:\Windows\System32\dJeSGOa.exe
  C:\Windows\System32\dJeSGOa.exe
  2⤵
  PID:12332
- C:\Windows\System32\lAuWFSG.exe
  C:\Windows\System32\lAuWFSG.exe
  2⤵
  PID:12360
- C:\Windows\System32\hFnbhjj.exe
  C:\Windows\System32\hFnbhjj.exe
  2⤵
  PID:12384
- C:\Windows\System32\GhJREpR.exe
  C:\Windows\System32\GhJREpR.exe
  2⤵
  PID:12404
- C:\Windows\System32\qdKxAeI.exe
  C:\Windows\System32\qdKxAeI.exe
  2⤵
  PID:12432
- C:\Windows\System32\obKEZvC.exe
  C:\Windows\System32\obKEZvC.exe
  2⤵
  PID:12448
- C:\Windows\System32\GcKrXJK.exe
  C:\Windows\System32\GcKrXJK.exe
  2⤵
  PID:12484
- C:\Windows\System32\sYJunTc.exe
  C:\Windows\System32\sYJunTc.exe
  2⤵
  PID:12508
- C:\Windows\System32\PqvHkrZ.exe
  C:\Windows\System32\PqvHkrZ.exe
  2⤵
  PID:12528
- C:\Windows\System32\XXUKbmK.exe
  C:\Windows\System32\XXUKbmK.exe
  2⤵
  PID:12556
- C:\Windows\System32\zaXMnHR.exe
  C:\Windows\System32\zaXMnHR.exe
  2⤵
  PID:12592
- C:\Windows\System32\UgXXWuk.exe
  C:\Windows\System32\UgXXWuk.exe
  2⤵
  PID:12636
- C:\Windows\System32\gsOSCWO.exe
  C:\Windows\System32\gsOSCWO.exe
  2⤵
  PID:12668
- C:\Windows\System32\SaSZRPV.exe
  C:\Windows\System32\SaSZRPV.exe
  2⤵
  PID:12692
- C:\Windows\System32\ukWBwnT.exe
  C:\Windows\System32\ukWBwnT.exe
  2⤵
  PID:12720
- C:\Windows\System32\YJxCRiI.exe
  C:\Windows\System32\YJxCRiI.exe
  2⤵
  PID:12744
- C:\Windows\System32\iGewwXX.exe
  C:\Windows\System32\iGewwXX.exe
  2⤵
  PID:12768
- C:\Windows\System32\MncnijK.exe
  C:\Windows\System32\MncnijK.exe
  2⤵
  PID:12804
- C:\Windows\System32\oSwSgPV.exe
  C:\Windows\System32\oSwSgPV.exe
  2⤵
  PID:12832
- C:\Windows\System32\qkSSDEw.exe
  C:\Windows\System32\qkSSDEw.exe
  2⤵
  PID:12852
- C:\Windows\System32\XJgZGuQ.exe
  C:\Windows\System32\XJgZGuQ.exe
  2⤵
  PID:12880
- C:\Windows\System32\NYhtciG.exe
  C:\Windows\System32\NYhtciG.exe
  2⤵
  PID:12896
- C:\Windows\System32\AITbmXm.exe
  C:\Windows\System32\AITbmXm.exe
  2⤵
  PID:12956
- C:\Windows\System32\DLVqgGK.exe
  C:\Windows\System32\DLVqgGK.exe
  2⤵
  PID:12988
- C:\Windows\System32\mutrLVl.exe
  C:\Windows\System32\mutrLVl.exe
  2⤵
  PID:13012
- C:\Windows\System32\xWEUuyU.exe
  C:\Windows\System32\xWEUuyU.exe
  2⤵
  PID:13032
- C:\Windows\System32\WioscIx.exe
  C:\Windows\System32\WioscIx.exe
  2⤵
  PID:13080
- C:\Windows\System32\TLMUqXW.exe
  C:\Windows\System32\TLMUqXW.exe
  2⤵
  PID:13108
- C:\Windows\System32\MYjMCpY.exe
  C:\Windows\System32\MYjMCpY.exe
  2⤵
  PID:13132
- C:\Windows\System32\wDZZnrX.exe
  C:\Windows\System32\wDZZnrX.exe
  2⤵
  PID:13152
- C:\Windows\System32\BnkWwUp.exe
  C:\Windows\System32\BnkWwUp.exe
  2⤵
  PID:13168
- C:\Windows\System32\QPzJQPC.exe
  C:\Windows\System32\QPzJQPC.exe
  2⤵
  PID:13212
- C:\Windows\System32\TntMkdf.exe
  C:\Windows\System32\TntMkdf.exe
  2⤵
  PID:13240
- C:\Windows\System32\HbVcYFp.exe
  C:\Windows\System32\HbVcYFp.exe
  2⤵
  PID:13260
- C:\Windows\System32\adDTLER.exe
  C:\Windows\System32\adDTLER.exe
  2⤵
  PID:13280
- C:\Windows\System32\nqsKpwK.exe
  C:\Windows\System32\nqsKpwK.exe
  2⤵
  PID:12100
- C:\Windows\System32\DlIoWqZ.exe
  C:\Windows\System32\DlIoWqZ.exe
  2⤵
  PID:12352
- C:\Windows\System32\IGAgvxI.exe
  C:\Windows\System32\IGAgvxI.exe
  2⤵
  PID:12416
- C:\Windows\System32\RAdFmXr.exe
  C:\Windows\System32\RAdFmXr.exe
  2⤵
  PID:12444
- C:\Windows\System32\fslbnul.exe
  C:\Windows\System32\fslbnul.exe
  2⤵
  PID:12524
- C:\Windows\System32\zYPgGjC.exe
  C:\Windows\System32\zYPgGjC.exe
  2⤵
  PID:12568
- C:\Windows\System32\ZKAonxe.exe
  C:\Windows\System32\ZKAonxe.exe
  2⤵
  PID:12624
- C:\Windows\System32\XjtWnkm.exe
  C:\Windows\System32\XjtWnkm.exe
  2⤵
  PID:12688
- C:\Windows\System32\ljEUYPk.exe
  C:\Windows\System32\ljEUYPk.exe
  2⤵
  PID:12756
- C:\Windows\System32\RSJVcEZ.exe
  C:\Windows\System32\RSJVcEZ.exe
  2⤵
  PID:12788
- C:\Windows\System32\enXDYkx.exe
  C:\Windows\System32\enXDYkx.exe
  2⤵
  PID:12872
- C:\Windows\System32\KwwGdtN.exe
  C:\Windows\System32\KwwGdtN.exe
  2⤵
  PID:12888
- C:\Windows\System32\FFTTYWC.exe
  C:\Windows\System32\FFTTYWC.exe
  2⤵
  PID:13024
- C:\Windows\System32\MZXGnWD.exe
  C:\Windows\System32\MZXGnWD.exe
  2⤵
  PID:13100
- C:\Windows\System32\RwrFZkW.exe
  C:\Windows\System32\RwrFZkW.exe
  2⤵
  PID:13160
- C:\Windows\System32\DAoPuWK.exe
  C:\Windows\System32\DAoPuWK.exe
  2⤵
  PID:13248
- C:\Windows\System32\MNXYNOh.exe
  C:\Windows\System32\MNXYNOh.exe
  2⤵
  PID:12300
- C:\Windows\System32\CYAxQJW.exe
  C:\Windows\System32\CYAxQJW.exe
  2⤵
  PID:12460
- C:\Windows\System32\amVSnpp.exe
  C:\Windows\System32\amVSnpp.exe
  2⤵
  PID:12552
- C:\Windows\System32\zVpCCxt.exe
  C:\Windows\System32\zVpCCxt.exe
  2⤵
  PID:12712
- C:\Windows\System32\iSLloQs.exe
  C:\Windows\System32\iSLloQs.exe
  2⤵
  PID:12608
- C:\Windows\System32\qKHeYeF.exe
  C:\Windows\System32\qKHeYeF.exe
  2⤵
  PID:12816
- C:\Windows\System32\CgeWiQV.exe
  C:\Windows\System32\CgeWiQV.exe
  2⤵
  PID:13008
- C:\Windows\System32\bXjsaLP.exe
  C:\Windows\System32\bXjsaLP.exe
  2⤵
  PID:13192
- C:\Windows\System32\IqtGgTE.exe
  C:\Windows\System32\IqtGgTE.exe
  2⤵
  PID:12440
- C:\Windows\System32\CtenZgS.exe
  C:\Windows\System32\CtenZgS.exe
  2⤵
  PID:13200
- C:\Windows\System32\CyikkVm.exe
  C:\Windows\System32\CyikkVm.exe
  2⤵
  PID:13232
- C:\Windows\System32\pxHXVAd.exe
  C:\Windows\System32\pxHXVAd.exe
  2⤵
  PID:13140
- C:\Windows\System32\ZcWfENA.exe
  C:\Windows\System32\ZcWfENA.exe
  2⤵
  PID:13328
- C:\Windows\System32\pOuBSDC.exe
  C:\Windows\System32\pOuBSDC.exe
  2⤵
  PID:13344
- C:\Windows\System32\WEqYZld.exe
  C:\Windows\System32\WEqYZld.exe
  2⤵
  PID:13360
- C:\Windows\System32\dudqlmL.exe
  C:\Windows\System32\dudqlmL.exe
  2⤵
  PID:13400
- C:\Windows\System32\DfzCWWL.exe
  C:\Windows\System32\DfzCWWL.exe
  2⤵
  PID:13420
- C:\Windows\System32\ReGfqeu.exe
  C:\Windows\System32\ReGfqeu.exe
  2⤵
  PID:13456
- C:\Windows\System32\JRtBJMq.exe
  C:\Windows\System32\JRtBJMq.exe
  2⤵
  PID:13476
- C:\Windows\System32\xWQLDBY.exe
  C:\Windows\System32\xWQLDBY.exe
  2⤵
  PID:13504
- C:\Windows\System32\UHhtwAM.exe
  C:\Windows\System32\UHhtwAM.exe
  2⤵
  PID:13520
- C:\Windows\System32\UJpMORk.exe
  C:\Windows\System32\UJpMORk.exe
  2⤵
  PID:13544
- C:\Windows\System32\heMydvf.exe
  C:\Windows\System32\heMydvf.exe
  2⤵
  PID:13616
- C:\Windows\System32\vnkdUKS.exe
  C:\Windows\System32\vnkdUKS.exe
  2⤵
  PID:13652
- C:\Windows\System32\bPpNLTp.exe
  C:\Windows\System32\bPpNLTp.exe
  2⤵
  PID:13676

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AqouaOl.exe

Filesize
1.6MB

MD5
ee9033d75f7c6d29803c29241afa49c3

SHA1
41d0cc174a32f8eeabaadf03419f42db58b78af8

SHA256
25f788da4231ac129c2d67ae6a17012096e2e4c9511f440293de4a8e58ec0782

SHA512
3dea5648c16c7d6a91c9943f76edb7c95d18901ac73f2320edfd193c85260ebb68ec0922e9e532247cd93ad4f8f0133a6bdf33e2b3fc234ebf1be268a03438dd

Download Submit
C:\Windows\System32\CsqzlXG.exe

Filesize
1.6MB

MD5
f181c2d9b521da017de8c3a187166800

SHA1
31970c9d77aecb37ac9686919be23844266a9ed0

SHA256
cd387a65188751e26a758b349d0c5c1c3104c18019c2f3cd708db78e8f1f6b28

SHA512
932bc0aacf369592540a493e672bf2216d844b57b1202a5ffe4b57cedae3aeff0457eb9579e3efd492a0172e1a3c7e264ce6f6c5a6b83ce746eb8de914562698

Download Submit
C:\Windows\System32\FcBAZPQ.exe

Filesize
1.6MB

MD5
296b5325de858b70f518d7261946486e

SHA1
77411277d19d2a91d4e7e8086758d5805a89ef63

SHA256
88084f38937794975e652c42c116bdec88f38bd06976aefd6e7e6afc43a02aa3

SHA512
a3fb3c998bf605658c8150e8d35f5c9b232061c024b9d985fbf3cc811cd8450cf3cef22ce07b0f03ea8f4593df721f5ed35abc8accec5c0f45a355f4aa9125ab

Download Submit
C:\Windows\System32\HACyRrB.exe

Filesize
1.6MB

MD5
d2a526041b8c0bab7c80bad75947524d

SHA1
c6eb4949b5e002dda596af2c1b387f1c3fd1648c

SHA256
67b871cbafc2d2f82eecbdb137fd4d95527433c652efc4c9c09fd6d274956832

SHA512
3d9798943be1165df8d00e496b1aa8f24daa56f1f2ba5d57a265229056540ae12b3b2262cb8c5f21a9c1bb320ed5a0246a20899fe21391d6c946530d235bf9bb

Download Submit
C:\Windows\System32\HNvWlul.exe

Filesize
1.6MB

MD5
50b21db8be3f457cbb9ca613e30efc38

SHA1
ab6db498e1ea1f240486aad561647024a66af6e7

SHA256
52c9620b56371992d3770601cadcb2d6f2dce4a920e48f8ba8c00acbc529dd55

SHA512
3397759a8bb2b2e62a0f1e899f735757908b17f4b19069eb673af74a6819d8f591fec8b9144644eb3175aa3663bca1877e8e06d431dfb8df942f6c8f23996fc8

Download Submit
C:\Windows\System32\HwJbqYy.exe

Filesize
1.6MB

MD5
c19562ea931ce1608492e4d7c6973356

SHA1
3009a1ce6aa99a910d66bd88257406ad741fa253

SHA256
ea3ade0d01fb89c5bbf8500ed6737ca6a3ece7eb5b1ff0026b1dc86d33006e99

SHA512
7cfb207251cd0344cb82038b989f9db188eb3782b1872c17747ac4831b7ed621976822893d17bb7d4a6c98359afae909c9861cf629d0d195bbf79a03277ad06f

Download Submit
C:\Windows\System32\KOttQrg.exe

Filesize
1.6MB

MD5
8aec1555ea50072539583a20bef9aa9a

SHA1
4d35665a830254aeea9eeeaa259bba2b909b07f4

SHA256
62ca70900959ed3b8e5d787a4a1c9762bf7fa7ec88d60a3a0975eeed17e7547c

SHA512
01019a004009ee1d8fe8e06d8a40ddd7ef86276b13aa87dee5709643343ef24697a1b0af8c97337e22839a1d7ca3e0d4f235bfcbc6e39a8a7e11382dc800c6d4

Download Submit
C:\Windows\System32\MDcPatY.exe

Filesize
1.6MB

MD5
5525f6da1f76dcda4a7422d20b72c55d

SHA1
cb4029f02961a981b62f560053c2fc45e1bf7e28

SHA256
a5486dd107a780df5c5385743bc4cd2be65de43286c0c549b636b5359ae908b5

SHA512
a9baf38f79d15295e5cb4933c1b04e93a761a486c77d3475571bf1d73d854e2a2ce95a3513e12a76d9f2df5dc43b9044cba64f7762114593eadfa0f861bb017f

Download Submit
C:\Windows\System32\NMLyOwH.exe

Filesize
1.6MB

MD5
bf1b6e38a20041edc4aab92929ba882c

SHA1
921e28da773deb13bd908938d12f00996d981564

SHA256
28364029712593c434441712c90aa0ea344ffd7d3a76447ef827ff28eb88c450

SHA512
ba81a653f3af9a3852e174274f053127056fa6a00cfc3385ad6e3c81abf224335eb75f164db65f2e21d71869176b405ca045041caafe03916906f12031351213

Download Submit
C:\Windows\System32\SIrrJvR.exe

Filesize
1.6MB

MD5
15b670a9cd1cb3a8a45eefd0a8718d5c

SHA1
a813d9a6c18efca862234cffee5e0e2bce855980

SHA256
aec7ad626afc2a87a49cf450c0e38d244bea8e13d6b1668e4d075f6913e0321b

SHA512
1ddb54eb7d895989420e0538aef92680caed65e70ee82e5ba658112f5e9bfd85e5d80eb52ac049a1dd376bb05d8657f29763764b6359e077f9ea500df971c4f5

Download Submit
C:\Windows\System32\SKuIAUw.exe

Filesize
1.6MB

MD5
5d91fd58dc4707084cd804bbf7576fb7

SHA1
959d763467fdca4b90ce3033721f69b82e0aba58

SHA256
209f14e2d2bcbe95862dbad34b1015201b9ce8aa0589d337cc6be323498d3e37

SHA512
5b99a7590f7f643e724175cad00e2700508ca2d6eeca484ee513b927893c4e7e3cf478a5257ec2fd03102d99b62e76e99f268ac9b628513a044d36f0e985933f

Download Submit
C:\Windows\System32\VRKDAsg.exe

Filesize
1.6MB

MD5
553c3695e4032c8f50b7f82d6dbec0ab

SHA1
6e0fa8d8f8e123319e191b0719745a22e692a99e

SHA256
bc96d1ce5ab0b1877bd09863ee5fbb5fb07c769ff573a3d12f09b37f4c77e676

SHA512
831053785dd05a09453c3d0dcf5908eadbb3643e981628bfadc6cfe86e16dccb76450aa41687a3580fa3b979b2c184c2d44e9be8fc40b1c339b532228c114f12

Download Submit
C:\Windows\System32\daPqpxO.exe

Filesize
1.6MB

MD5
72ae4cfeb4238eafae4bdf2f62be547e

SHA1
a7dbaf48650d0b34aa9a9a1811c7e53bac70255b

SHA256
ed4c4b4bd3e87309529069bc4333731ddb76ce8f80e9be70f1bac12a7f9313ce

SHA512
0207a26487ee5961804b83391ed3cb9d6e55a071bdf1789cab39da03089873dcbeddfca3501ede60b08b37ff243161627168d8a5cb77baabe12e9e74186401cc

Download Submit
C:\Windows\System32\eNqIcpU.exe

Filesize
1.6MB

MD5
b539a871acd9223447cf47829bf14484

SHA1
8c5c5d49eccb8029c6ef3bc1e0f86b1eb8a10a18

SHA256
20eae38e82ae940ce8e6be60847f0f1469ae8709468715a05ddb70d305c55979

SHA512
e73fb1b5716909db519a5bbe02279f4dab6d4a81080198309ca47d8a42338f35c63e7ee634298e29bd8e5fdd4529a0e78e2b520bf388297c7e8b9ad664121390

Download Submit
C:\Windows\System32\epwyKFs.exe

Filesize
1.6MB

MD5
c4fe0ae1d34139659e83dfc3d171d8f6

SHA1
f894f85dda5113530accf3fc3392a2f01501245f

SHA256
27a4b1848908041c86a670f286477896286149638690ff1a1b6250be1f036493

SHA512
b0c43fb6b8e186caa0228e02958579665c5c36cb41f651f46e04fac60c8b25f0d805e3ed8166d7a29129276d21e3b3ef8e0d28d8dc16e54ae3ee4f08c3acff05

Download Submit
C:\Windows\System32\gNpkmlL.exe

Filesize
1.6MB

MD5
91052c7ad1973468fd3e489cc5408ec5

SHA1
56698736fbd77be6283515d27f9bb01b29dc1736

SHA256
d6339b388f13840ad693bb7096656a508168f99040c62d757dad8cf78890599d

SHA512
97049ccbb6b55a53e52486735e43b72b6d2d79d1df1045256328877d4a74dac79ebcfa05ac7ca640112fa6c7f5a7b32a171734249ec398fc0fd1fdf604804b42

Download Submit
C:\Windows\System32\kGRwgdt.exe

Filesize
1.6MB

MD5
24315a6dd9877e233df4d50e4386c562

SHA1
63f19265892743daa19a739d7038ec5c246c5f83

SHA256
989104999479970ae630338a62983575f9d8cd2a16e30c6a957775082e885697

SHA512
b3b14656b8d500934b650cf7fa0d8bc5703ae102548a973a704b7dbd17f1ba0f49c4d081d4b841b2f067e0943900a0333ed15f186af439ebad657096f91957d3

Download Submit
C:\Windows\System32\lRfdhuv.exe

Filesize
1.6MB

MD5
0726a82bcecb2c385b3edb844082d4ca

SHA1
608dbaeafda2d666b98b0f41b5f9c9b7391f7ca7

SHA256
26de09134593caec4ed5dce6e6d5062c5241d0ea1ab13c5467221eab5225ddd4

SHA512
0a01cf5c17b9c2f575730311ee50c20209a6565675c6538d1fd8977f0d7a39eed7ed8ec7dc6562a0b3d1b6c05837fc8b71d98c2e5f8a22eabfcc81b1d921a1bc

Download Submit
C:\Windows\System32\liHcDxY.exe

Filesize
1.6MB

MD5
fc2472ec85d58881ed30882c431dd2e7

SHA1
661df309b79442fc28d7af12b90da226663b8bb1

SHA256
6fb9fd1b9609bdaac939d9d7b824071c44bdf41bda65a05712ad127c6255fd2e

SHA512
f278a660da9da39af0448ce5151d6e0e0ebdba34ba605dfe9aa55edcdd92a8a44bb57b6808cec9af13043482c134b71000ddc5868ab3ebfa9822beb79a7919de

Download Submit
C:\Windows\System32\mlhGWwu.exe

Filesize
1.6MB

MD5
6c943516e3ac3076a901953449c2a874

SHA1
2ea30970c50753e24d1136d717e0f45028fbfbf2

SHA256
bf410c416c0b30e1b931d2803a50a64c5f7282020e0a04f355c2fb016da5943b

SHA512
3a8f168d35dfccc1ee9cf8dd80dd9a0a88039ead3919505048e6ef06b2606048d24975cfca2dc060d02fd4aa4f8cac1270f504f8ba1d729ab0bcfdab8a6f58e8

Download Submit
C:\Windows\System32\nIlNliG.exe

Filesize
1.6MB

MD5
4ddc15a8e460907d6d60855fd44155d3

SHA1
576af769698c66ac6d2588100829a7b68b332500

SHA256
8c684c6b571f270c9e1cb2fc5dfb46c5cc3f49aaaf88f3e18e427cb9572a2081

SHA512
905cec1d0c9dc5abe94a1761a0db09617e26400cf53d6ff265260ae648152aa4a0b98fadbd8d8312e5ebe92dce0249ccc7f277e3b3b88ca692a7315936caba33

Download Submit
C:\Windows\System32\qPdXrjJ.exe

Filesize
1.6MB

MD5
80670e9b811ad250e04cb8aa79bc03df

SHA1
5b7014cb9994b47e9bbe8bd3b2d8fd8f3bfa698d

SHA256
b943059d92ac7bcf6bcdb87189eef88f19bd0a1d9c0a0cb8853dd5ece45dfa9c

SHA512
691ea81f0027466f29c3fbeb8e3ffa22ec05646be1e4841c71ec804db40574fce1c51e049caa845c9aab215fc5c62576eac9081e4db8fdc9633175225a593128

Download Submit
C:\Windows\System32\qWUcYkI.exe

Filesize
1.6MB

MD5
4603b3677a733879fdb78e521c8bdf2b

SHA1
0957ceb06b93e6469d16b76fda2042fc4945e3b2

SHA256
672f3d5b801443d1366b1a059de4e84ce10c0b6ca8195bb4dbeace451c3c93ac

SHA512
886797186e9835589b4e1586f3c047dc1d5b00ed743a776b0f6c6d05e36e6fe717cb2913bd916b947154381eafe1689a80325a3a2b9d8e2c53d5dc8fc81f89fd

Download Submit
C:\Windows\System32\qtVpJfd.exe

Filesize
1.6MB

MD5
9428d39104d73d4aa822d5d2ccf0b4a1

SHA1
084e6ff6f38fe9cf41f74ab76d2d22094c618ecd

SHA256
e8819518bb9efa08a66bdf0fe004bf58a1f024a811068814749a1bde04f6b594

SHA512
1ca437eb6c2be8703a6b2fee05eb02dac2689aa9714274edf65783e1cedcf11f4923f64067a63d6157e256268d9798038b6eebe1b4f2a2ebca0f9e6ee9f20c72

Download Submit
C:\Windows\System32\sdhazUY.exe

Filesize
1.6MB

MD5
e13562b4bbc7f3845630dad490791f16

SHA1
080478e09e0259d7502bf4e5d0d035fd96c6a710

SHA256
6cda5199c2e1b7e66603570a914b0f7f205e07c150010ee18ab8f955a4ed0a14

SHA512
e5b928739f01aa8b7ce861a8849cd7900b0dc366d9f93cd7bc13f0c1a4e40e9b07157142591c60df6dd59bb3d91cd112b0857f48e6296a58d181cff369a66d41

Download Submit
C:\Windows\System32\tGOThtB.exe

Filesize
1.6MB

MD5
477323924b4b385c2b0a1a3015fc5609

SHA1
7326e1fef7c7501a4709eae5f03cdb1bed2b3c53

SHA256
2a16f172a6fe37dcc1f61d623b1b85542f01b974c7900a15ec28665ae2a2c449

SHA512
df0b9575221b5c1adad57428ddecfd53afdb26fc2b52b4c320c6e52607066842140ed0b0efc32a2daf85991f7ebb65ddd2d9b314d817ed7838a7e830bee25a90

Download Submit
C:\Windows\System32\tbpRCQl.exe

Filesize
1.6MB

MD5
9a7d12d7870ce0d45bcccc3b1d2156ce

SHA1
bb52e9eb03b5ea569ada711b9907fa05c8dc6efc

SHA256
dcb22d481523f3591be74c44a5eaa444d2f2b8faf0cf7c0a44e5f670d7523f7e

SHA512
e8fddf9c5add82ce8ae85872653d5e1f7b89ed61306392a6b23494939e793074905b64cbc8bf43496bb9c44c8a9ffd363380d20760a46ca57f3e9cf9202704ff

Download Submit
C:\Windows\System32\uRZyTum.exe

Filesize
1.6MB

MD5
760c6d3251136d8bc235b4e5585377ce

SHA1
b9548d069007ef6a9053b4144e35db79d12ba48b

SHA256
b0082bf2abf5cf7b54e80a01aedb380e99413276ed0be0ba88ab1f5c02847f46

SHA512
6d96ea011e7b93d46cd6c34f6f203bfee4f394eb4466b49ef3a241c3224241c7dafc086e2209256dcad931df3a5c9f135f84339eae365ceab10ed5fc9e94b047

Download Submit
C:\Windows\System32\wNYGjsc.exe

Filesize
1.6MB

MD5
1bb7e7d1c742d782757b31e3f475d61d

SHA1
a03c404755a14c308b439a6c9f6f9c2d0b685879

SHA256
fe7a22980918caf6aaf19e742f10898a3773f887c4be321e5c132f89a89ed982

SHA512
8544425fb1308ef250c10592ca550bebeb93b42722794c43d4dd178996d2f6c8adac7919c8629fdb22da708216633bb96edb600ad39d6b7f381655c9aa2a3fb5

Download Submit
C:\Windows\System32\wyEiiIu.exe

Filesize
1.6MB

MD5
1a1a05c267997aaad1c9226be12dd601

SHA1
c558c98dce80b297d7acdd366e4be47913a8a92e

SHA256
18b81e04d33a147e2d8a8e62386c9cab5e1112ea3535039aaedad9b13d56105d

SHA512
28cb648f6b3876b4464e9624eaa6f2fe8bd23d707e13207cf77813b5c2fdc03a29ce6400a3236576225da3bd07af03bd7408d3942737b798e9131bba55511b1e

Download Submit
C:\Windows\System32\xPCVtBw.exe

Filesize
1.6MB

MD5
51b62e19aa9b2295e7db8191df9ff638

SHA1
31c4bfb620a192deaa79a0388d2b01798e59df23

SHA256
e61c4d156fc95c5cfe1650658d8b64b48a0fbbd9cfbec4c1d5d98836014b6800

SHA512
b43bc5c3534081a1de6cb97f5c9001fd58915b13b40204f6a75abc2f0e0949eebaad388988844f5dd4d608c9ea1a285258554bfecf96db7caabfcfc6ddebe5e5

Download Submit
C:\Windows\System32\xQnlmPh.exe

Filesize
1.6MB

MD5
c16915fd5775b0e7f9cb17b292f608ad

SHA1
c0106a66b7ba1aa89b1afd2d00f0c4bfb564b47e

SHA256
9e15c5758fc1caf675de88cc5aae1e60d4e44f318812b37ae19159c239697436

SHA512
afbd0f4be6ca0755d4c3eaf270b9943709b671ab453f96046381b89d99822312b646c999805ca3a20af4fb87d38f4250d4548a415c88729ba57607cd273720fa

Download Submit
C:\Windows\System32\zNegUwP.exe

Filesize
1.6MB

MD5
ceb52b648f8180519cd57b74bb9f345f

SHA1
8c84a9f685da38a69b6e4a8b6829af0ef5f1e681

SHA256
0d9dfcf0456ace1551b14bd93600bd0f2bce52aaf3876dbd495283b85bf77fc9

SHA512
cd85f20d0d9fffa2cc2b7df3dd0a408a92ed58f368bb6174ed7f2ef0187165bfbc2711d4f25c9c5f04e12167ca344bb4b055eb8083c54c91b17786107e9071d7

Download Submit
memory/1576-61-0x00007FF60EC10000-0x00007FF60F001000-memory.dmp

Filesize
3.9MB

Download
memory/1576-2175-0x00007FF60EC10000-0x00007FF60F001000-memory.dmp

Filesize
3.9MB

Download
memory/1828-2178-0x00007FF7D7260000-0x00007FF7D7651000-memory.dmp

Filesize
3.9MB

Download
memory/1828-422-0x00007FF7D7260000-0x00007FF7D7651000-memory.dmp

Filesize
3.9MB

Download
memory/1920-67-0x00007FF61C6C0000-0x00007FF61CAB1000-memory.dmp

Filesize
3.9MB

Download
memory/1920-2171-0x00007FF61C6C0000-0x00007FF61CAB1000-memory.dmp

Filesize
3.9MB

Download
memory/2272-8-0x00007FF7D7A70000-0x00007FF7D7E61000-memory.dmp

Filesize
3.9MB

Download
memory/2272-2162-0x00007FF7D7A70000-0x00007FF7D7E61000-memory.dmp

Filesize
3.9MB

Download
memory/2272-1121-0x00007FF7D7A70000-0x00007FF7D7E61000-memory.dmp

Filesize
3.9MB

Download
memory/2284-42-0x00007FF6579C0000-0x00007FF657DB1000-memory.dmp

Filesize
3.9MB

Download
memory/2284-2168-0x00007FF6579C0000-0x00007FF657DB1000-memory.dmp

Filesize
3.9MB

Download
memory/2376-429-0x00007FF72D540000-0x00007FF72D931000-memory.dmp

Filesize
3.9MB

Download
memory/2376-2219-0x00007FF72D540000-0x00007FF72D931000-memory.dmp

Filesize
3.9MB

Download
memory/2488-2184-0x00007FF6237C0000-0x00007FF623BB1000-memory.dmp

Filesize
3.9MB

Download
memory/2488-449-0x00007FF6237C0000-0x00007FF623BB1000-memory.dmp

Filesize
3.9MB

Download
memory/2584-2227-0x00007FF631FE0000-0x00007FF6323D1000-memory.dmp

Filesize
3.9MB

Download
memory/2584-438-0x00007FF631FE0000-0x00007FF6323D1000-memory.dmp

Filesize
3.9MB

Download
memory/2740-2164-0x00007FF70A250000-0x00007FF70A641000-memory.dmp

Filesize
3.9MB

Download
memory/2740-1253-0x00007FF70A250000-0x00007FF70A641000-memory.dmp

Filesize
3.9MB

Download
memory/2740-23-0x00007FF70A250000-0x00007FF70A641000-memory.dmp

Filesize
3.9MB

Download
memory/2828-0-0x00007FF7F05D0000-0x00007FF7F09C1000-memory.dmp

Filesize
3.9MB

Download
memory/2828-1117-0x00007FF7F05D0000-0x00007FF7F09C1000-memory.dmp

Filesize
3.9MB

Download
memory/2828-1-0x000001A1138F0000-0x000001A113900000-memory.dmp

Filesize
64KB

Download
memory/3028-2166-0x00007FF6AA6E0000-0x00007FF6AAAD1000-memory.dmp

Filesize
3.9MB

Download
memory/3028-32-0x00007FF6AA6E0000-0x00007FF6AAAD1000-memory.dmp

Filesize
3.9MB

Download
memory/3080-2236-0x00007FF6075D0000-0x00007FF6079C1000-memory.dmp

Filesize
3.9MB

Download
memory/3080-445-0x00007FF6075D0000-0x00007FF6079C1000-memory.dmp

Filesize
3.9MB

Download
memory/3092-424-0x00007FF7D61C0000-0x00007FF7D65B1000-memory.dmp

Filesize
3.9MB

Download
memory/3092-2187-0x00007FF7D61C0000-0x00007FF7D65B1000-memory.dmp

Filesize
3.9MB

Download
memory/3176-64-0x00007FF67A080000-0x00007FF67A471000-memory.dmp

Filesize
3.9MB

Download
memory/3304-428-0x00007FF602BA0000-0x00007FF602F91000-memory.dmp

Filesize
3.9MB

Download
memory/3304-2223-0x00007FF602BA0000-0x00007FF602F91000-memory.dmp

Filesize
3.9MB

Download
memory/3376-441-0x00007FF6B7D50000-0x00007FF6B8141000-memory.dmp

Filesize
3.9MB

Download
memory/3376-2225-0x00007FF6B7D50000-0x00007FF6B8141000-memory.dmp

Filesize
3.9MB

Download
memory/3456-433-0x00007FF7665E0000-0x00007FF7669D1000-memory.dmp

Filesize
3.9MB

Download
memory/3456-2233-0x00007FF7665E0000-0x00007FF7669D1000-memory.dmp

Filesize
3.9MB

Download
memory/3992-2229-0x00007FF713590000-0x00007FF713981000-memory.dmp

Filesize
3.9MB

Download
memory/3992-427-0x00007FF713590000-0x00007FF713981000-memory.dmp

Filesize
3.9MB

Download
memory/4380-1553-0x00007FF6DB3C0000-0x00007FF6DB7B1000-memory.dmp

Filesize
3.9MB

Download
memory/4380-421-0x00007FF6DB3C0000-0x00007FF6DB7B1000-memory.dmp

Filesize
3.9MB

Download
memory/4380-2180-0x00007FF6DB3C0000-0x00007FF6DB7B1000-memory.dmp

Filesize
3.9MB

Download
memory/4384-2221-0x00007FF7E7250000-0x00007FF7E7641000-memory.dmp

Filesize
3.9MB

Download
memory/4384-425-0x00007FF7E7250000-0x00007FF7E7641000-memory.dmp

Filesize
3.9MB

Download
memory/4620-2182-0x00007FF6372F0000-0x00007FF6376E1000-memory.dmp

Filesize
3.9MB

Download
memory/4620-1548-0x00007FF6372F0000-0x00007FF6376E1000-memory.dmp

Filesize
3.9MB

Download
memory/4620-66-0x00007FF6372F0000-0x00007FF6376E1000-memory.dmp

Filesize
3.9MB

Download
memory/4680-423-0x00007FF6F7380000-0x00007FF6F7771000-memory.dmp

Filesize
3.9MB

Download
memory/4680-2217-0x00007FF6F7380000-0x00007FF6F7771000-memory.dmp

Filesize
3.9MB

Download
memory/4796-426-0x00007FF6D1E50000-0x00007FF6D2241000-memory.dmp

Filesize
3.9MB

Download
memory/4796-2231-0x00007FF6D1E50000-0x00007FF6D2241000-memory.dmp

Filesize
3.9MB

Download
memory/4820-44-0x00007FF6413A0000-0x00007FF641791000-memory.dmp

Filesize
3.9MB

Download
memory/4820-2173-0x00007FF6413A0000-0x00007FF641791000-memory.dmp

Filesize
3.9MB

Download
memory/4908-47-0x00007FF7517B0000-0x00007FF751BA1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads