xmrig | 07bfca65e503fa86349d2346de8be4b240981438ff07b6d4b8dec8bc7318e201

Analysis

max time kernel
109s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d88d284c4862195fdd2e74e65bb31470N.exe
Size

1.2MB
MD5

d88d284c4862195fdd2e74e65bb31470
SHA1

efc5c23a43b1b9cb97dffad948308e15c0f0ceec
SHA256

07bfca65e503fa86349d2346de8be4b240981438ff07b6d4b8dec8bc7318e201
SHA512

dfae76062f68f016710c1f8a9a0e0e1ae6e0c11a0a5e42d8aad48328aa315e0e03d599ad83119e920ab077fd425c71e269901c5e217aa8479f1441f2961d3ea0
SSDEEP

24576:JanwhSe11QSONCpGJCjETPl+Me7bPMS8Ykgc8R4zo9F6XS1gV:knw9oUUEEDl+xTMS8TgtS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/3816-30-0x00007FF639460000-0x00007FF639851000-memory.dmp	xmrig
behavioral2/memory/4320-363-0x00007FF76CE80000-0x00007FF76D271000-memory.dmp	xmrig
behavioral2/memory/2416-387-0x00007FF656760000-0x00007FF656B51000-memory.dmp	xmrig
behavioral2/memory/4968-390-0x00007FF6A7120000-0x00007FF6A7511000-memory.dmp	xmrig
behavioral2/memory/4376-376-0x00007FF782D90000-0x00007FF783181000-memory.dmp	xmrig
behavioral2/memory/1712-372-0x00007FF783E20000-0x00007FF784211000-memory.dmp	xmrig
behavioral2/memory/408-355-0x00007FF654590000-0x00007FF654981000-memory.dmp	xmrig
behavioral2/memory/3760-56-0x00007FF7914F0000-0x00007FF7918E1000-memory.dmp	xmrig
behavioral2/memory/624-418-0x00007FF6AF800000-0x00007FF6AFBF1000-memory.dmp	xmrig
behavioral2/memory/2268-431-0x00007FF7F3540000-0x00007FF7F3931000-memory.dmp	xmrig
behavioral2/memory/3028-428-0x00007FF6252C0000-0x00007FF6256B1000-memory.dmp	xmrig
behavioral2/memory/3616-440-0x00007FF66BEA0000-0x00007FF66C291000-memory.dmp	xmrig
behavioral2/memory/4704-441-0x00007FF730B10000-0x00007FF730F01000-memory.dmp	xmrig
behavioral2/memory/2024-443-0x00007FF769670000-0x00007FF769A61000-memory.dmp	xmrig
behavioral2/memory/4620-442-0x00007FF61CE80000-0x00007FF61D271000-memory.dmp	xmrig
behavioral2/memory/4628-439-0x00007FF632360000-0x00007FF632751000-memory.dmp	xmrig
behavioral2/memory/4000-427-0x00007FF7A2A70000-0x00007FF7A2E61000-memory.dmp	xmrig
behavioral2/memory/1000-425-0x00007FF769330000-0x00007FF769721000-memory.dmp	xmrig
behavioral2/memory/3240-424-0x00007FF7CDC90000-0x00007FF7CE081000-memory.dmp	xmrig
behavioral2/memory/2868-419-0x00007FF745AE0000-0x00007FF745ED1000-memory.dmp	xmrig
behavioral2/memory/4068-412-0x00007FF6DD420000-0x00007FF6DD811000-memory.dmp	xmrig
behavioral2/memory/4564-1193-0x00007FF6FACC0000-0x00007FF6FB0B1000-memory.dmp	xmrig
behavioral2/memory/112-1190-0x00007FF709FB0000-0x00007FF70A3A1000-memory.dmp	xmrig
behavioral2/memory/2296-1303-0x00007FF70E010000-0x00007FF70E401000-memory.dmp	xmrig
behavioral2/memory/720-1305-0x00007FF779950000-0x00007FF779D41000-memory.dmp	xmrig
behavioral2/memory/3760-1451-0x00007FF7914F0000-0x00007FF7918E1000-memory.dmp	xmrig
behavioral2/memory/3816-1573-0x00007FF639460000-0x00007FF639851000-memory.dmp	xmrig
behavioral2/memory/4564-2133-0x00007FF6FACC0000-0x00007FF6FB0B1000-memory.dmp	xmrig
behavioral2/memory/2296-2135-0x00007FF70E010000-0x00007FF70E401000-memory.dmp	xmrig
behavioral2/memory/720-2137-0x00007FF779950000-0x00007FF779D41000-memory.dmp	xmrig
behavioral2/memory/4376-2170-0x00007FF782D90000-0x00007FF783181000-memory.dmp	xmrig
behavioral2/memory/3760-2174-0x00007FF7914F0000-0x00007FF7918E1000-memory.dmp	xmrig
behavioral2/memory/1000-2190-0x00007FF769330000-0x00007FF769721000-memory.dmp	xmrig
behavioral2/memory/4000-2194-0x00007FF7A2A70000-0x00007FF7A2E61000-memory.dmp	xmrig
behavioral2/memory/3240-2188-0x00007FF7CDC90000-0x00007FF7CE081000-memory.dmp	xmrig
behavioral2/memory/4068-2186-0x00007FF6DD420000-0x00007FF6DD811000-memory.dmp	xmrig
behavioral2/memory/2868-2184-0x00007FF745AE0000-0x00007FF745ED1000-memory.dmp	xmrig
behavioral2/memory/624-2182-0x00007FF6AF800000-0x00007FF6AFBF1000-memory.dmp	xmrig
behavioral2/memory/4968-2180-0x00007FF6A7120000-0x00007FF6A7511000-memory.dmp	xmrig
behavioral2/memory/2416-2178-0x00007FF656760000-0x00007FF656B51000-memory.dmp	xmrig
behavioral2/memory/3028-2192-0x00007FF6252C0000-0x00007FF6256B1000-memory.dmp	xmrig
behavioral2/memory/1712-2172-0x00007FF783E20000-0x00007FF784211000-memory.dmp	xmrig
behavioral2/memory/2024-2176-0x00007FF769670000-0x00007FF769A61000-memory.dmp	xmrig
behavioral2/memory/4320-2168-0x00007FF76CE80000-0x00007FF76D271000-memory.dmp	xmrig
behavioral2/memory/3816-2140-0x00007FF639460000-0x00007FF639851000-memory.dmp	xmrig
behavioral2/memory/4704-2222-0x00007FF730B10000-0x00007FF730F01000-memory.dmp	xmrig
behavioral2/memory/4628-2218-0x00007FF632360000-0x00007FF632751000-memory.dmp	xmrig
behavioral2/memory/2268-2220-0x00007FF7F3540000-0x00007FF7F3931000-memory.dmp	xmrig
behavioral2/memory/3616-2216-0x00007FF66BEA0000-0x00007FF66C291000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4564	pkIinal.exe
2296	heSABtd.exe
3816	rvDjSkW.exe
720	aUWpqAw.exe
3760	UvzjxnT.exe
4620	NQvysSt.exe
408	GLUybNF.exe
4320	TIlxiIZ.exe
1712	ACbYcDC.exe
4376	LuIJxYS.exe
2024	mmEdcwz.exe
2416	geMVcFg.exe
4968	kBrDIAX.exe
4068	rhedwfW.exe
624	CStwSbX.exe
2868	oUrmLgV.exe
3240	JMXBBll.exe
1000	viGpEPy.exe
4000	OCggCHg.exe
3028	ZBYEuYF.exe
2268	kklYmFQ.exe
4628	hXmxFle.exe
3616	WVgcjnN.exe
4704	fUWJzBu.exe
3280	rDpQsLT.exe
4052	oPtopER.exe
5076	RAWZqcs.exe
1512	bQNxsgO.exe
3980	LBwrVIl.exe
2288	rHKmHdn.exe
2080	EnACZdU.exe
4460	pzpUuMV.exe
4668	lXpkaWr.exe
3696	RYopDnA.exe
5000	TKzxaXy.exe
4176	rFjOUOU.exe
3484	FllvYJE.exe
3924	MXLvEop.exe
4300	ncidGBe.exe
3252	nsrrcPg.exe
4204	WnVbSCr.exe
2612	PrFvRLo.exe
4544	nXcarbO.exe
3108	kgePGhA.exe
5016	LfcAzUs.exe
2208	ahpWozQ.exe
2136	QKbEZdt.exe
3272	GHZgqkw.exe
4520	MeTcqxS.exe
4292	dEfttSp.exe
4920	pvZrWAB.exe
1732	JuZTpEq.exe
2164	wugIKgC.exe
4212	bIejqej.exe
4092	Fplrlck.exe
3936	phAnVlJ.exe
3668	ZZzKMdN.exe
4404	tXfVtjT.exe
1200	QYGUxzk.exe
4680	WHXDMzC.exe
4328	XrFNYqW.exe
396	rDjJniT.exe
808	UeFQyfK.exe
2988	GRdKSka.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/112-0-0x00007FF709FB0000-0x00007FF70A3A1000-memory.dmp	upx
behavioral2/files/0x00080000000233c9-4.dat	upx
behavioral2/files/0x00070000000233d0-8.dat	upx
behavioral2/files/0x00070000000233d1-7.dat	upx
behavioral2/files/0x00070000000233d3-22.dat	upx
behavioral2/memory/720-27-0x00007FF779950000-0x00007FF779D41000-memory.dmp	upx
behavioral2/files/0x00070000000233d2-25.dat	upx
behavioral2/files/0x00070000000233d4-31.dat	upx
behavioral2/memory/3816-30-0x00007FF639460000-0x00007FF639851000-memory.dmp	upx
behavioral2/memory/2296-19-0x00007FF70E010000-0x00007FF70E401000-memory.dmp	upx
behavioral2/files/0x00070000000233d5-37.dat	upx
behavioral2/files/0x00070000000233d7-51.dat	upx
behavioral2/files/0x00070000000233da-69.dat	upx
behavioral2/files/0x00070000000233dc-82.dat	upx
behavioral2/files/0x00070000000233e0-99.dat	upx
behavioral2/files/0x00070000000233e3-107.dat	upx
behavioral2/files/0x00070000000233e5-118.dat	upx
behavioral2/files/0x00070000000233e6-129.dat	upx
behavioral2/files/0x00070000000233ec-153.dat	upx
behavioral2/files/0x00070000000233ee-166.dat	upx
behavioral2/files/0x00070000000233ed-164.dat	upx
behavioral2/files/0x00070000000233eb-151.dat	upx
behavioral2/files/0x00070000000233ea-149.dat	upx
behavioral2/files/0x00070000000233e9-141.dat	upx
behavioral2/files/0x00070000000233e8-136.dat	upx
behavioral2/files/0x00070000000233e7-134.dat	upx
behavioral2/files/0x00070000000233e4-116.dat	upx
behavioral2/files/0x00070000000233e2-109.dat	upx
behavioral2/files/0x00070000000233e1-101.dat	upx
behavioral2/memory/4320-363-0x00007FF76CE80000-0x00007FF76D271000-memory.dmp	upx
behavioral2/memory/2416-387-0x00007FF656760000-0x00007FF656B51000-memory.dmp	upx
behavioral2/memory/4968-390-0x00007FF6A7120000-0x00007FF6A7511000-memory.dmp	upx
behavioral2/memory/4376-376-0x00007FF782D90000-0x00007FF783181000-memory.dmp	upx
behavioral2/memory/1712-372-0x00007FF783E20000-0x00007FF784211000-memory.dmp	upx
behavioral2/memory/408-355-0x00007FF654590000-0x00007FF654981000-memory.dmp	upx
behavioral2/files/0x00070000000233df-92.dat	upx
behavioral2/files/0x00070000000233de-86.dat	upx
behavioral2/files/0x00070000000233dd-84.dat	upx
behavioral2/files/0x00070000000233db-71.dat	upx
behavioral2/files/0x00070000000233d9-67.dat	upx
behavioral2/memory/3760-56-0x00007FF7914F0000-0x00007FF7918E1000-memory.dmp	upx
behavioral2/files/0x00070000000233d8-53.dat	upx
behavioral2/files/0x00070000000233d6-52.dat	upx
behavioral2/memory/4564-9-0x00007FF6FACC0000-0x00007FF6FB0B1000-memory.dmp	upx
behavioral2/memory/624-418-0x00007FF6AF800000-0x00007FF6AFBF1000-memory.dmp	upx
behavioral2/memory/2268-431-0x00007FF7F3540000-0x00007FF7F3931000-memory.dmp	upx
behavioral2/memory/3028-428-0x00007FF6252C0000-0x00007FF6256B1000-memory.dmp	upx
behavioral2/memory/3616-440-0x00007FF66BEA0000-0x00007FF66C291000-memory.dmp	upx
behavioral2/memory/4704-441-0x00007FF730B10000-0x00007FF730F01000-memory.dmp	upx
behavioral2/memory/2024-443-0x00007FF769670000-0x00007FF769A61000-memory.dmp	upx
behavioral2/memory/4620-442-0x00007FF61CE80000-0x00007FF61D271000-memory.dmp	upx
behavioral2/memory/4628-439-0x00007FF632360000-0x00007FF632751000-memory.dmp	upx
behavioral2/memory/4000-427-0x00007FF7A2A70000-0x00007FF7A2E61000-memory.dmp	upx
behavioral2/memory/1000-425-0x00007FF769330000-0x00007FF769721000-memory.dmp	upx
behavioral2/memory/3240-424-0x00007FF7CDC90000-0x00007FF7CE081000-memory.dmp	upx
behavioral2/memory/2868-419-0x00007FF745AE0000-0x00007FF745ED1000-memory.dmp	upx
behavioral2/memory/4068-412-0x00007FF6DD420000-0x00007FF6DD811000-memory.dmp	upx
behavioral2/memory/4564-1193-0x00007FF6FACC0000-0x00007FF6FB0B1000-memory.dmp	upx
behavioral2/memory/112-1190-0x00007FF709FB0000-0x00007FF70A3A1000-memory.dmp	upx
behavioral2/memory/2296-1303-0x00007FF70E010000-0x00007FF70E401000-memory.dmp	upx
behavioral2/memory/720-1305-0x00007FF779950000-0x00007FF779D41000-memory.dmp	upx
behavioral2/memory/3760-1451-0x00007FF7914F0000-0x00007FF7918E1000-memory.dmp	upx
behavioral2/memory/3816-1573-0x00007FF639460000-0x00007FF639851000-memory.dmp	upx
behavioral2/memory/4564-2133-0x00007FF6FACC0000-0x00007FF6FB0B1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\arGVIYp.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\aBmnXmR.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\lSGJwwl.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\mxhWAdz.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\YMlujaQ.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\XScWBCq.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\anHvqsK.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\wMWeFpa.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\OfGJHmU.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\bBNvbit.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\SmhMRvr.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\NDMLsRR.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\rwKbvYu.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\QOewsEv.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\LdcXvJz.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\IrShAUC.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\GHZgqkw.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\DtgYTZG.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\RGoWKCy.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\JOTvCEI.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\bFvkKVw.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\OWZNIVJ.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\LyPHDDR.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\cjVkoZh.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\FHahfYX.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\pEoSzPF.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\AZsJoQy.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\KcINcEa.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\YTAvsWo.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\CMEMetv.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\IcqXjbq.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\kVKBUVf.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\NesuTdg.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\UtFOZcM.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\dMAmaci.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\JCQITHW.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\fPEINxn.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\dzzmUGu.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\QhTCdoR.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\qnNKMia.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\uCMxevw.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\XcDvJEb.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\nkHHgPo.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\PzGzqeg.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\hCnCZKS.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\rpcjWIN.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\tpUUNgT.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\HtaTtEF.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\nWbRxoT.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\Wimtaup.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\dVUXhpZ.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\kQJZRlT.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\UiFouiX.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\zCOkxZn.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\rpxgVvw.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\FIUtQdr.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\xEyIflO.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\XPhBsdR.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\pqjtoBx.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\eigMDlh.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\qvqWNGl.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\OTefpUl.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\uemyNDv.exe	d88d284c4862195fdd2e74e65bb31470N.exe
File created	C:\Windows\System32\iqXqAbg.exe	d88d284c4862195fdd2e74e65bb31470N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14236	dwm.exe
Token: SeChangeNotifyPrivilege	14236	dwm.exe
Token: 33	14236	dwm.exe
Token: SeIncBasePriorityPrivilege	14236	dwm.exe
Token: SeShutdownPrivilege	14236	dwm.exe
Token: SeCreatePagefilePrivilege	14236	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 4564	112	d88d284c4862195fdd2e74e65bb31470N.exe	87
PID 112 wrote to memory of 4564	112	d88d284c4862195fdd2e74e65bb31470N.exe	87
PID 112 wrote to memory of 2296	112	d88d284c4862195fdd2e74e65bb31470N.exe	88
PID 112 wrote to memory of 2296	112	d88d284c4862195fdd2e74e65bb31470N.exe	88
PID 112 wrote to memory of 3816	112	d88d284c4862195fdd2e74e65bb31470N.exe	89
PID 112 wrote to memory of 3816	112	d88d284c4862195fdd2e74e65bb31470N.exe	89
PID 112 wrote to memory of 720	112	d88d284c4862195fdd2e74e65bb31470N.exe	90
PID 112 wrote to memory of 720	112	d88d284c4862195fdd2e74e65bb31470N.exe	90
PID 112 wrote to memory of 3760	112	d88d284c4862195fdd2e74e65bb31470N.exe	91
PID 112 wrote to memory of 3760	112	d88d284c4862195fdd2e74e65bb31470N.exe	91
PID 112 wrote to memory of 4620	112	d88d284c4862195fdd2e74e65bb31470N.exe	92
PID 112 wrote to memory of 4620	112	d88d284c4862195fdd2e74e65bb31470N.exe	92
PID 112 wrote to memory of 408	112	d88d284c4862195fdd2e74e65bb31470N.exe	93
PID 112 wrote to memory of 408	112	d88d284c4862195fdd2e74e65bb31470N.exe	93
PID 112 wrote to memory of 4320	112	d88d284c4862195fdd2e74e65bb31470N.exe	94
PID 112 wrote to memory of 4320	112	d88d284c4862195fdd2e74e65bb31470N.exe	94
PID 112 wrote to memory of 1712	112	d88d284c4862195fdd2e74e65bb31470N.exe	95
PID 112 wrote to memory of 1712	112	d88d284c4862195fdd2e74e65bb31470N.exe	95
PID 112 wrote to memory of 4376	112	d88d284c4862195fdd2e74e65bb31470N.exe	96
PID 112 wrote to memory of 4376	112	d88d284c4862195fdd2e74e65bb31470N.exe	96
PID 112 wrote to memory of 2024	112	d88d284c4862195fdd2e74e65bb31470N.exe	97
PID 112 wrote to memory of 2024	112	d88d284c4862195fdd2e74e65bb31470N.exe	97
PID 112 wrote to memory of 2416	112	d88d284c4862195fdd2e74e65bb31470N.exe	98
PID 112 wrote to memory of 2416	112	d88d284c4862195fdd2e74e65bb31470N.exe	98
PID 112 wrote to memory of 4968	112	d88d284c4862195fdd2e74e65bb31470N.exe	99
PID 112 wrote to memory of 4968	112	d88d284c4862195fdd2e74e65bb31470N.exe	99
PID 112 wrote to memory of 4068	112	d88d284c4862195fdd2e74e65bb31470N.exe	100
PID 112 wrote to memory of 4068	112	d88d284c4862195fdd2e74e65bb31470N.exe	100
PID 112 wrote to memory of 624	112	d88d284c4862195fdd2e74e65bb31470N.exe	101
PID 112 wrote to memory of 624	112	d88d284c4862195fdd2e74e65bb31470N.exe	101
PID 112 wrote to memory of 2868	112	d88d284c4862195fdd2e74e65bb31470N.exe	102
PID 112 wrote to memory of 2868	112	d88d284c4862195fdd2e74e65bb31470N.exe	102
PID 112 wrote to memory of 3240	112	d88d284c4862195fdd2e74e65bb31470N.exe	103
PID 112 wrote to memory of 3240	112	d88d284c4862195fdd2e74e65bb31470N.exe	103
PID 112 wrote to memory of 1000	112	d88d284c4862195fdd2e74e65bb31470N.exe	104
PID 112 wrote to memory of 1000	112	d88d284c4862195fdd2e74e65bb31470N.exe	104
PID 112 wrote to memory of 4000	112	d88d284c4862195fdd2e74e65bb31470N.exe	105
PID 112 wrote to memory of 4000	112	d88d284c4862195fdd2e74e65bb31470N.exe	105
PID 112 wrote to memory of 3028	112	d88d284c4862195fdd2e74e65bb31470N.exe	106
PID 112 wrote to memory of 3028	112	d88d284c4862195fdd2e74e65bb31470N.exe	106
PID 112 wrote to memory of 2268	112	d88d284c4862195fdd2e74e65bb31470N.exe	107
PID 112 wrote to memory of 2268	112	d88d284c4862195fdd2e74e65bb31470N.exe	107
PID 112 wrote to memory of 4628	112	d88d284c4862195fdd2e74e65bb31470N.exe	108
PID 112 wrote to memory of 4628	112	d88d284c4862195fdd2e74e65bb31470N.exe	108
PID 112 wrote to memory of 3616	112	d88d284c4862195fdd2e74e65bb31470N.exe	109
PID 112 wrote to memory of 3616	112	d88d284c4862195fdd2e74e65bb31470N.exe	109
PID 112 wrote to memory of 4704	112	d88d284c4862195fdd2e74e65bb31470N.exe	110
PID 112 wrote to memory of 4704	112	d88d284c4862195fdd2e74e65bb31470N.exe	110
PID 112 wrote to memory of 3280	112	d88d284c4862195fdd2e74e65bb31470N.exe	111
PID 112 wrote to memory of 3280	112	d88d284c4862195fdd2e74e65bb31470N.exe	111
PID 112 wrote to memory of 4052	112	d88d284c4862195fdd2e74e65bb31470N.exe	112
PID 112 wrote to memory of 4052	112	d88d284c4862195fdd2e74e65bb31470N.exe	112
PID 112 wrote to memory of 5076	112	d88d284c4862195fdd2e74e65bb31470N.exe	113
PID 112 wrote to memory of 5076	112	d88d284c4862195fdd2e74e65bb31470N.exe	113
PID 112 wrote to memory of 1512	112	d88d284c4862195fdd2e74e65bb31470N.exe	114
PID 112 wrote to memory of 1512	112	d88d284c4862195fdd2e74e65bb31470N.exe	114
PID 112 wrote to memory of 3980	112	d88d284c4862195fdd2e74e65bb31470N.exe	115
PID 112 wrote to memory of 3980	112	d88d284c4862195fdd2e74e65bb31470N.exe	115
PID 112 wrote to memory of 2288	112	d88d284c4862195fdd2e74e65bb31470N.exe	116
PID 112 wrote to memory of 2288	112	d88d284c4862195fdd2e74e65bb31470N.exe	116
PID 112 wrote to memory of 2080	112	d88d284c4862195fdd2e74e65bb31470N.exe	117
PID 112 wrote to memory of 2080	112	d88d284c4862195fdd2e74e65bb31470N.exe	117
PID 112 wrote to memory of 4460	112	d88d284c4862195fdd2e74e65bb31470N.exe	118
PID 112 wrote to memory of 4460	112	d88d284c4862195fdd2e74e65bb31470N.exe	118

C:\Users\Admin\AppData\Local\Temp\d88d284c4862195fdd2e74e65bb31470N.exe
"C:\Users\Admin\AppData\Local\Temp\d88d284c4862195fdd2e74e65bb31470N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\System32\pkIinal.exe
  C:\Windows\System32\pkIinal.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System32\heSABtd.exe
  C:\Windows\System32\heSABtd.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System32\rvDjSkW.exe
  C:\Windows\System32\rvDjSkW.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System32\aUWpqAw.exe
  C:\Windows\System32\aUWpqAw.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System32\UvzjxnT.exe
  C:\Windows\System32\UvzjxnT.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System32\NQvysSt.exe
  C:\Windows\System32\NQvysSt.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System32\GLUybNF.exe
  C:\Windows\System32\GLUybNF.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System32\TIlxiIZ.exe
  C:\Windows\System32\TIlxiIZ.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System32\ACbYcDC.exe
  C:\Windows\System32\ACbYcDC.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System32\LuIJxYS.exe
  C:\Windows\System32\LuIJxYS.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System32\mmEdcwz.exe
  C:\Windows\System32\mmEdcwz.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System32\geMVcFg.exe
  C:\Windows\System32\geMVcFg.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System32\kBrDIAX.exe
  C:\Windows\System32\kBrDIAX.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System32\rhedwfW.exe
  C:\Windows\System32\rhedwfW.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System32\CStwSbX.exe
  C:\Windows\System32\CStwSbX.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System32\oUrmLgV.exe
  C:\Windows\System32\oUrmLgV.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System32\JMXBBll.exe
  C:\Windows\System32\JMXBBll.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System32\viGpEPy.exe
  C:\Windows\System32\viGpEPy.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System32\OCggCHg.exe
  C:\Windows\System32\OCggCHg.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System32\ZBYEuYF.exe
  C:\Windows\System32\ZBYEuYF.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System32\kklYmFQ.exe
  C:\Windows\System32\kklYmFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System32\hXmxFle.exe
  C:\Windows\System32\hXmxFle.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System32\WVgcjnN.exe
  C:\Windows\System32\WVgcjnN.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System32\fUWJzBu.exe
  C:\Windows\System32\fUWJzBu.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System32\rDpQsLT.exe
  C:\Windows\System32\rDpQsLT.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System32\oPtopER.exe
  C:\Windows\System32\oPtopER.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System32\RAWZqcs.exe
  C:\Windows\System32\RAWZqcs.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System32\bQNxsgO.exe
  C:\Windows\System32\bQNxsgO.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System32\LBwrVIl.exe
  C:\Windows\System32\LBwrVIl.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System32\rHKmHdn.exe
  C:\Windows\System32\rHKmHdn.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System32\EnACZdU.exe
  C:\Windows\System32\EnACZdU.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System32\pzpUuMV.exe
  C:\Windows\System32\pzpUuMV.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\lXpkaWr.exe
  C:\Windows\System32\lXpkaWr.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System32\RYopDnA.exe
  C:\Windows\System32\RYopDnA.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System32\TKzxaXy.exe
  C:\Windows\System32\TKzxaXy.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System32\rFjOUOU.exe
  C:\Windows\System32\rFjOUOU.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System32\FllvYJE.exe
  C:\Windows\System32\FllvYJE.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System32\MXLvEop.exe
  C:\Windows\System32\MXLvEop.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System32\ncidGBe.exe
  C:\Windows\System32\ncidGBe.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System32\nsrrcPg.exe
  C:\Windows\System32\nsrrcPg.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System32\WnVbSCr.exe
  C:\Windows\System32\WnVbSCr.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System32\PrFvRLo.exe
  C:\Windows\System32\PrFvRLo.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System32\nXcarbO.exe
  C:\Windows\System32\nXcarbO.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System32\kgePGhA.exe
  C:\Windows\System32\kgePGhA.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System32\LfcAzUs.exe
  C:\Windows\System32\LfcAzUs.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System32\ahpWozQ.exe
  C:\Windows\System32\ahpWozQ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System32\QKbEZdt.exe
  C:\Windows\System32\QKbEZdt.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System32\GHZgqkw.exe
  C:\Windows\System32\GHZgqkw.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System32\MeTcqxS.exe
  C:\Windows\System32\MeTcqxS.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System32\dEfttSp.exe
  C:\Windows\System32\dEfttSp.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System32\pvZrWAB.exe
  C:\Windows\System32\pvZrWAB.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System32\JuZTpEq.exe
  C:\Windows\System32\JuZTpEq.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System32\wugIKgC.exe
  C:\Windows\System32\wugIKgC.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System32\bIejqej.exe
  C:\Windows\System32\bIejqej.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System32\Fplrlck.exe
  C:\Windows\System32\Fplrlck.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System32\phAnVlJ.exe
  C:\Windows\System32\phAnVlJ.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System32\ZZzKMdN.exe
  C:\Windows\System32\ZZzKMdN.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System32\tXfVtjT.exe
  C:\Windows\System32\tXfVtjT.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System32\QYGUxzk.exe
  C:\Windows\System32\QYGUxzk.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System32\WHXDMzC.exe
  C:\Windows\System32\WHXDMzC.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System32\XrFNYqW.exe
  C:\Windows\System32\XrFNYqW.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System32\rDjJniT.exe
  C:\Windows\System32\rDjJniT.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System32\UeFQyfK.exe
  C:\Windows\System32\UeFQyfK.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System32\GRdKSka.exe
  C:\Windows\System32\GRdKSka.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System32\wZGmCDG.exe
  C:\Windows\System32\wZGmCDG.exe
  2⤵
  PID:1600
- C:\Windows\System32\JvDWBUw.exe
  C:\Windows\System32\JvDWBUw.exe
  2⤵
  PID:1088
- C:\Windows\System32\fPEINxn.exe
  C:\Windows\System32\fPEINxn.exe
  2⤵
  PID:3008
- C:\Windows\System32\SggyUVB.exe
  C:\Windows\System32\SggyUVB.exe
  2⤵
  PID:3296
- C:\Windows\System32\Fsynmpy.exe
  C:\Windows\System32\Fsynmpy.exe
  2⤵
  PID:4476
- C:\Windows\System32\qJMPLCb.exe
  C:\Windows\System32\qJMPLCb.exe
  2⤵
  PID:4720
- C:\Windows\System32\XFQJfSj.exe
  C:\Windows\System32\XFQJfSj.exe
  2⤵
  PID:3324
- C:\Windows\System32\pTzcgXW.exe
  C:\Windows\System32\pTzcgXW.exe
  2⤵
  PID:3588
- C:\Windows\System32\jYUBxne.exe
  C:\Windows\System32\jYUBxne.exe
  2⤵
  PID:4288
- C:\Windows\System32\LyAkGDB.exe
  C:\Windows\System32\LyAkGDB.exe
  2⤵
  PID:1156
- C:\Windows\System32\ukrPqsy.exe
  C:\Windows\System32\ukrPqsy.exe
  2⤵
  PID:4500
- C:\Windows\System32\yznXTxH.exe
  C:\Windows\System32\yznXTxH.exe
  2⤵
  PID:456
- C:\Windows\System32\RjKzDAa.exe
  C:\Windows\System32\RjKzDAa.exe
  2⤵
  PID:1264
- C:\Windows\System32\cuxHAFz.exe
  C:\Windows\System32\cuxHAFz.exe
  2⤵
  PID:1904
- C:\Windows\System32\CjrWuZy.exe
  C:\Windows\System32\CjrWuZy.exe
  2⤵
  PID:4912
- C:\Windows\System32\JMBUitK.exe
  C:\Windows\System32\JMBUitK.exe
  2⤵
  PID:936
- C:\Windows\System32\wkKZkIT.exe
  C:\Windows\System32\wkKZkIT.exe
  2⤵
  PID:3784
- C:\Windows\System32\RdoBBXn.exe
  C:\Windows\System32\RdoBBXn.exe
  2⤵
  PID:4928
- C:\Windows\System32\FjBuYmt.exe
  C:\Windows\System32\FjBuYmt.exe
  2⤵
  PID:2784
- C:\Windows\System32\DOZHqeH.exe
  C:\Windows\System32\DOZHqeH.exe
  2⤵
  PID:640
- C:\Windows\System32\gukCPaU.exe
  C:\Windows\System32\gukCPaU.exe
  2⤵
  PID:5116
- C:\Windows\System32\SWlOMTa.exe
  C:\Windows\System32\SWlOMTa.exe
  2⤵
  PID:1596
- C:\Windows\System32\YYfbQoG.exe
  C:\Windows\System32\YYfbQoG.exe
  2⤵
  PID:388
- C:\Windows\System32\jWXbfdC.exe
  C:\Windows\System32\jWXbfdC.exe
  2⤵
  PID:1160
- C:\Windows\System32\QhAKDOi.exe
  C:\Windows\System32\QhAKDOi.exe
  2⤵
  PID:3844
- C:\Windows\System32\dmQiptq.exe
  C:\Windows\System32\dmQiptq.exe
  2⤵
  PID:3716
- C:\Windows\System32\XZHSmaG.exe
  C:\Windows\System32\XZHSmaG.exe
  2⤵
  PID:3316
- C:\Windows\System32\qFrkIbQ.exe
  C:\Windows\System32\qFrkIbQ.exe
  2⤵
  PID:4884
- C:\Windows\System32\sZNNtNK.exe
  C:\Windows\System32\sZNNtNK.exe
  2⤵
  PID:3144
- C:\Windows\System32\RYLVNOf.exe
  C:\Windows\System32\RYLVNOf.exe
  2⤵
  PID:532
- C:\Windows\System32\UoDEeSt.exe
  C:\Windows\System32\UoDEeSt.exe
  2⤵
  PID:3740
- C:\Windows\System32\CEEHmbL.exe
  C:\Windows\System32\CEEHmbL.exe
  2⤵
  PID:3972
- C:\Windows\System32\KRDKEtx.exe
  C:\Windows\System32\KRDKEtx.exe
  2⤵
  PID:4044
- C:\Windows\System32\dkCZfNt.exe
  C:\Windows\System32\dkCZfNt.exe
  2⤵
  PID:1604
- C:\Windows\System32\fdCQNfu.exe
  C:\Windows\System32\fdCQNfu.exe
  2⤵
  PID:2892
- C:\Windows\System32\txqUhFj.exe
  C:\Windows\System32\txqUhFj.exe
  2⤵
  PID:1548
- C:\Windows\System32\LnnAMLY.exe
  C:\Windows\System32\LnnAMLY.exe
  2⤵
  PID:3572
- C:\Windows\System32\LlFCail.exe
  C:\Windows\System32\LlFCail.exe
  2⤵
  PID:3452
- C:\Windows\System32\QZiPHrY.exe
  C:\Windows\System32\QZiPHrY.exe
  2⤵
  PID:4316
- C:\Windows\System32\xKjlPIg.exe
  C:\Windows\System32\xKjlPIg.exe
  2⤵
  PID:5128
- C:\Windows\System32\dgFkJCn.exe
  C:\Windows\System32\dgFkJCn.exe
  2⤵
  PID:5156
- C:\Windows\System32\MYRqIMD.exe
  C:\Windows\System32\MYRqIMD.exe
  2⤵
  PID:5176
- C:\Windows\System32\ZymMbcO.exe
  C:\Windows\System32\ZymMbcO.exe
  2⤵
  PID:5196
- C:\Windows\System32\nEMlGRe.exe
  C:\Windows\System32\nEMlGRe.exe
  2⤵
  PID:5212
- C:\Windows\System32\nIlDeni.exe
  C:\Windows\System32\nIlDeni.exe
  2⤵
  PID:5256
- C:\Windows\System32\bFvkKVw.exe
  C:\Windows\System32\bFvkKVw.exe
  2⤵
  PID:5284
- C:\Windows\System32\utCsNBP.exe
  C:\Windows\System32\utCsNBP.exe
  2⤵
  PID:5312
- C:\Windows\System32\dzzmUGu.exe
  C:\Windows\System32\dzzmUGu.exe
  2⤵
  PID:5332
- C:\Windows\System32\BXfqkCC.exe
  C:\Windows\System32\BXfqkCC.exe
  2⤵
  PID:5348
- C:\Windows\System32\eigMDlh.exe
  C:\Windows\System32\eigMDlh.exe
  2⤵
  PID:5380
- C:\Windows\System32\DFYbsCB.exe
  C:\Windows\System32\DFYbsCB.exe
  2⤵
  PID:5396
- C:\Windows\System32\OAPPNTq.exe
  C:\Windows\System32\OAPPNTq.exe
  2⤵
  PID:5420
- C:\Windows\System32\OUrWlSb.exe
  C:\Windows\System32\OUrWlSb.exe
  2⤵
  PID:5436
- C:\Windows\System32\mlxNouB.exe
  C:\Windows\System32\mlxNouB.exe
  2⤵
  PID:5552
- C:\Windows\System32\DCvWcVJ.exe
  C:\Windows\System32\DCvWcVJ.exe
  2⤵
  PID:5600
- C:\Windows\System32\owrcxwQ.exe
  C:\Windows\System32\owrcxwQ.exe
  2⤵
  PID:5620
- C:\Windows\System32\SmhMRvr.exe
  C:\Windows\System32\SmhMRvr.exe
  2⤵
  PID:5640
- C:\Windows\System32\MGqEzpi.exe
  C:\Windows\System32\MGqEzpi.exe
  2⤵
  PID:5800
- C:\Windows\System32\YFryfxW.exe
  C:\Windows\System32\YFryfxW.exe
  2⤵
  PID:5848
- C:\Windows\System32\OPwCVpI.exe
  C:\Windows\System32\OPwCVpI.exe
  2⤵
  PID:5868
- C:\Windows\System32\ICbpgJq.exe
  C:\Windows\System32\ICbpgJq.exe
  2⤵
  PID:5912
- C:\Windows\System32\ZPbmKaf.exe
  C:\Windows\System32\ZPbmKaf.exe
  2⤵
  PID:5932
- C:\Windows\System32\PASHyBd.exe
  C:\Windows\System32\PASHyBd.exe
  2⤵
  PID:5984
- C:\Windows\System32\pqjtoBx.exe
  C:\Windows\System32\pqjtoBx.exe
  2⤵
  PID:6004
- C:\Windows\System32\PfNdzsx.exe
  C:\Windows\System32\PfNdzsx.exe
  2⤵
  PID:6020
- C:\Windows\System32\txbFmmo.exe
  C:\Windows\System32\txbFmmo.exe
  2⤵
  PID:6048
- C:\Windows\System32\yQVmosu.exe
  C:\Windows\System32\yQVmosu.exe
  2⤵
  PID:6080
- C:\Windows\System32\XScWBCq.exe
  C:\Windows\System32\XScWBCq.exe
  2⤵
  PID:6128
- C:\Windows\System32\AZsJoQy.exe
  C:\Windows\System32\AZsJoQy.exe
  2⤵
  PID:3952
- C:\Windows\System32\nDGnAmF.exe
  C:\Windows\System32\nDGnAmF.exe
  2⤵
  PID:4640
- C:\Windows\System32\QhTCdoR.exe
  C:\Windows\System32\QhTCdoR.exe
  2⤵
  PID:5148
- C:\Windows\System32\arGVIYp.exe
  C:\Windows\System32\arGVIYp.exe
  2⤵
  PID:5208
- C:\Windows\System32\cYfOqPl.exe
  C:\Windows\System32\cYfOqPl.exe
  2⤵
  PID:5428
- C:\Windows\System32\NDMLsRR.exe
  C:\Windows\System32\NDMLsRR.exe
  2⤵
  PID:5404
- C:\Windows\System32\qnNKMia.exe
  C:\Windows\System32\qnNKMia.exe
  2⤵
  PID:5304
- C:\Windows\System32\VmQFYsV.exe
  C:\Windows\System32\VmQFYsV.exe
  2⤵
  PID:5480
- C:\Windows\System32\UiFouiX.exe
  C:\Windows\System32\UiFouiX.exe
  2⤵
  PID:5540
- C:\Windows\System32\CwqIUOr.exe
  C:\Windows\System32\CwqIUOr.exe
  2⤵
  PID:3104
- C:\Windows\System32\anHvqsK.exe
  C:\Windows\System32\anHvqsK.exe
  2⤵
  PID:3496
- C:\Windows\System32\xwWPfjE.exe
  C:\Windows\System32\xwWPfjE.exe
  2⤵
  PID:5252
- C:\Windows\System32\rWnMyXJ.exe
  C:\Windows\System32\rWnMyXJ.exe
  2⤵
  PID:5144
- C:\Windows\System32\dRWqPRO.exe
  C:\Windows\System32\dRWqPRO.exe
  2⤵
  PID:5592
- C:\Windows\System32\mjKQnvg.exe
  C:\Windows\System32\mjKQnvg.exe
  2⤵
  PID:5652
- C:\Windows\System32\uCMxevw.exe
  C:\Windows\System32\uCMxevw.exe
  2⤵
  PID:5904
- C:\Windows\System32\opIRBNJ.exe
  C:\Windows\System32\opIRBNJ.exe
  2⤵
  PID:5924
- C:\Windows\System32\sYwWCJe.exe
  C:\Windows\System32\sYwWCJe.exe
  2⤵
  PID:6028
- C:\Windows\System32\KcINcEa.exe
  C:\Windows\System32\KcINcEa.exe
  2⤵
  PID:6064
- C:\Windows\System32\lIrmLCL.exe
  C:\Windows\System32\lIrmLCL.exe
  2⤵
  PID:6116
- C:\Windows\System32\pWFvxJo.exe
  C:\Windows\System32\pWFvxJo.exe
  2⤵
  PID:3276
- C:\Windows\System32\hSrKJYS.exe
  C:\Windows\System32\hSrKJYS.exe
  2⤵
  PID:5516
- C:\Windows\System32\wHwkKBR.exe
  C:\Windows\System32\wHwkKBR.exe
  2⤵
  PID:5272
- C:\Windows\System32\aBmnXmR.exe
  C:\Windows\System32\aBmnXmR.exe
  2⤵
  PID:5588
- C:\Windows\System32\QCRdGrJ.exe
  C:\Windows\System32\QCRdGrJ.exe
  2⤵
  PID:4468
- C:\Windows\System32\cUzaafS.exe
  C:\Windows\System32\cUzaafS.exe
  2⤵
  PID:5708
- C:\Windows\System32\ETwRqqy.exe
  C:\Windows\System32\ETwRqqy.exe
  2⤵
  PID:5960
- C:\Windows\System32\mNDcKpH.exe
  C:\Windows\System32\mNDcKpH.exe
  2⤵
  PID:6088
- C:\Windows\System32\XcDvJEb.exe
  C:\Windows\System32\XcDvJEb.exe
  2⤵
  PID:5248
- C:\Windows\System32\YTAvsWo.exe
  C:\Windows\System32\YTAvsWo.exe
  2⤵
  PID:5608
- C:\Windows\System32\VoYtswn.exe
  C:\Windows\System32\VoYtswn.exe
  2⤵
  PID:5572
- C:\Windows\System32\wMWeFpa.exe
  C:\Windows\System32\wMWeFpa.exe
  2⤵
  PID:5416
- C:\Windows\System32\QsxKUoR.exe
  C:\Windows\System32\QsxKUoR.exe
  2⤵
  PID:5704
- C:\Windows\System32\fkIXaIh.exe
  C:\Windows\System32\fkIXaIh.exe
  2⤵
  PID:6148
- C:\Windows\System32\yUDsadV.exe
  C:\Windows\System32\yUDsadV.exe
  2⤵
  PID:6168
- C:\Windows\System32\ukLUDwp.exe
  C:\Windows\System32\ukLUDwp.exe
  2⤵
  PID:6184
- C:\Windows\System32\STikbdq.exe
  C:\Windows\System32\STikbdq.exe
  2⤵
  PID:6204
- C:\Windows\System32\bEJrhvM.exe
  C:\Windows\System32\bEJrhvM.exe
  2⤵
  PID:6220
- C:\Windows\System32\NlXMDzy.exe
  C:\Windows\System32\NlXMDzy.exe
  2⤵
  PID:6248
- C:\Windows\System32\aaHSRwU.exe
  C:\Windows\System32\aaHSRwU.exe
  2⤵
  PID:6264
- C:\Windows\System32\ZJROmIt.exe
  C:\Windows\System32\ZJROmIt.exe
  2⤵
  PID:6288
- C:\Windows\System32\lXqcyio.exe
  C:\Windows\System32\lXqcyio.exe
  2⤵
  PID:6340
- C:\Windows\System32\UFivsuY.exe
  C:\Windows\System32\UFivsuY.exe
  2⤵
  PID:6368
- C:\Windows\System32\KLAmjBp.exe
  C:\Windows\System32\KLAmjBp.exe
  2⤵
  PID:6400
- C:\Windows\System32\TCZKlDW.exe
  C:\Windows\System32\TCZKlDW.exe
  2⤵
  PID:6420
- C:\Windows\System32\xsMEBKS.exe
  C:\Windows\System32\xsMEBKS.exe
  2⤵
  PID:6472
- C:\Windows\System32\XUelXqf.exe
  C:\Windows\System32\XUelXqf.exe
  2⤵
  PID:6488
- C:\Windows\System32\nkHHgPo.exe
  C:\Windows\System32\nkHHgPo.exe
  2⤵
  PID:6512
- C:\Windows\System32\qvqWNGl.exe
  C:\Windows\System32\qvqWNGl.exe
  2⤵
  PID:6532
- C:\Windows\System32\iQijNWS.exe
  C:\Windows\System32\iQijNWS.exe
  2⤵
  PID:6556
- C:\Windows\System32\qazINWd.exe
  C:\Windows\System32\qazINWd.exe
  2⤵
  PID:6576
- C:\Windows\System32\BsZVCsc.exe
  C:\Windows\System32\BsZVCsc.exe
  2⤵
  PID:6608
- C:\Windows\System32\DCtVcqF.exe
  C:\Windows\System32\DCtVcqF.exe
  2⤵
  PID:6652
- C:\Windows\System32\RKYQSiG.exe
  C:\Windows\System32\RKYQSiG.exe
  2⤵
  PID:6680
- C:\Windows\System32\WPgYmOv.exe
  C:\Windows\System32\WPgYmOv.exe
  2⤵
  PID:6728
- C:\Windows\System32\yWyLuoN.exe
  C:\Windows\System32\yWyLuoN.exe
  2⤵
  PID:6760
- C:\Windows\System32\HJevVXc.exe
  C:\Windows\System32\HJevVXc.exe
  2⤵
  PID:6792
- C:\Windows\System32\QulIlre.exe
  C:\Windows\System32\QulIlre.exe
  2⤵
  PID:6820
- C:\Windows\System32\FgIROgc.exe
  C:\Windows\System32\FgIROgc.exe
  2⤵
  PID:6836
- C:\Windows\System32\VHmufMN.exe
  C:\Windows\System32\VHmufMN.exe
  2⤵
  PID:6888
- C:\Windows\System32\bcaTvVR.exe
  C:\Windows\System32\bcaTvVR.exe
  2⤵
  PID:6912
- C:\Windows\System32\LrnJzeC.exe
  C:\Windows\System32\LrnJzeC.exe
  2⤵
  PID:6952
- C:\Windows\System32\DIhWEwi.exe
  C:\Windows\System32\DIhWEwi.exe
  2⤵
  PID:6968
- C:\Windows\System32\MmNhgQT.exe
  C:\Windows\System32\MmNhgQT.exe
  2⤵
  PID:6988
- C:\Windows\System32\PzGzqeg.exe
  C:\Windows\System32\PzGzqeg.exe
  2⤵
  PID:7004
- C:\Windows\System32\uvmmcCW.exe
  C:\Windows\System32\uvmmcCW.exe
  2⤵
  PID:7032
- C:\Windows\System32\qArLuKe.exe
  C:\Windows\System32\qArLuKe.exe
  2⤵
  PID:7048
- C:\Windows\System32\yjvXYnR.exe
  C:\Windows\System32\yjvXYnR.exe
  2⤵
  PID:7104
- C:\Windows\System32\oOXCcep.exe
  C:\Windows\System32\oOXCcep.exe
  2⤵
  PID:7124
- C:\Windows\System32\CMEMetv.exe
  C:\Windows\System32\CMEMetv.exe
  2⤵
  PID:7152
- C:\Windows\System32\LSuCmOI.exe
  C:\Windows\System32\LSuCmOI.exe
  2⤵
  PID:5204
- C:\Windows\System32\tPGZwAD.exe
  C:\Windows\System32\tPGZwAD.exe
  2⤵
  PID:6216
- C:\Windows\System32\uRfamuh.exe
  C:\Windows\System32\uRfamuh.exe
  2⤵
  PID:6260
- C:\Windows\System32\IxskqQz.exe
  C:\Windows\System32\IxskqQz.exe
  2⤵
  PID:6312
- C:\Windows\System32\LAAbUeY.exe
  C:\Windows\System32\LAAbUeY.exe
  2⤵
  PID:6364
- C:\Windows\System32\gIPzkEg.exe
  C:\Windows\System32\gIPzkEg.exe
  2⤵
  PID:6432
- C:\Windows\System32\rCdaHyi.exe
  C:\Windows\System32\rCdaHyi.exe
  2⤵
  PID:6452
- C:\Windows\System32\LRcYdxW.exe
  C:\Windows\System32\LRcYdxW.exe
  2⤵
  PID:6572
- C:\Windows\System32\iIWkWex.exe
  C:\Windows\System32\iIWkWex.exe
  2⤵
  PID:6544
- C:\Windows\System32\NANCQJE.exe
  C:\Windows\System32\NANCQJE.exe
  2⤵
  PID:6588
- C:\Windows\System32\OfGJHmU.exe
  C:\Windows\System32\OfGJHmU.exe
  2⤵
  PID:6724
- C:\Windows\System32\qgqVefd.exe
  C:\Windows\System32\qgqVefd.exe
  2⤵
  PID:6784
- C:\Windows\System32\CfHumdS.exe
  C:\Windows\System32\CfHumdS.exe
  2⤵
  PID:6828
- C:\Windows\System32\hCnCZKS.exe
  C:\Windows\System32\hCnCZKS.exe
  2⤵
  PID:6908
- C:\Windows\System32\bIgAKLy.exe
  C:\Windows\System32\bIgAKLy.exe
  2⤵
  PID:6920
- C:\Windows\System32\wWuyaWX.exe
  C:\Windows\System32\wWuyaWX.exe
  2⤵
  PID:6996
- C:\Windows\System32\gxlfTHi.exe
  C:\Windows\System32\gxlfTHi.exe
  2⤵
  PID:7024
- C:\Windows\System32\HKrgpBe.exe
  C:\Windows\System32\HKrgpBe.exe
  2⤵
  PID:5972
- C:\Windows\System32\nbtpncK.exe
  C:\Windows\System32\nbtpncK.exe
  2⤵
  PID:6272
- C:\Windows\System32\rpcjWIN.exe
  C:\Windows\System32\rpcjWIN.exe
  2⤵
  PID:6176
- C:\Windows\System32\tgnBhXL.exe
  C:\Windows\System32\tgnBhXL.exe
  2⤵
  PID:6448
- C:\Windows\System32\kOltHqo.exe
  C:\Windows\System32\kOltHqo.exe
  2⤵
  PID:6456
- C:\Windows\System32\WiVqATM.exe
  C:\Windows\System32\WiVqATM.exe
  2⤵
  PID:6644
- C:\Windows\System32\JnyxCNB.exe
  C:\Windows\System32\JnyxCNB.exe
  2⤵
  PID:7080
- C:\Windows\System32\lOicZYq.exe
  C:\Windows\System32\lOicZYq.exe
  2⤵
  PID:6480
- C:\Windows\System32\XRQbwsN.exe
  C:\Windows\System32\XRQbwsN.exe
  2⤵
  PID:7116
- C:\Windows\System32\wyzJoun.exe
  C:\Windows\System32\wyzJoun.exe
  2⤵
  PID:6688
- C:\Windows\System32\UlxotiM.exe
  C:\Windows\System32\UlxotiM.exe
  2⤵
  PID:7188
- C:\Windows\System32\UBuIpHC.exe
  C:\Windows\System32\UBuIpHC.exe
  2⤵
  PID:7236
- C:\Windows\System32\FafQfDl.exe
  C:\Windows\System32\FafQfDl.exe
  2⤵
  PID:7264
- C:\Windows\System32\ntRErFp.exe
  C:\Windows\System32\ntRErFp.exe
  2⤵
  PID:7284
- C:\Windows\System32\tpUUNgT.exe
  C:\Windows\System32\tpUUNgT.exe
  2⤵
  PID:7304
- C:\Windows\System32\UoFoZAN.exe
  C:\Windows\System32\UoFoZAN.exe
  2⤵
  PID:7332
- C:\Windows\System32\WigaWUe.exe
  C:\Windows\System32\WigaWUe.exe
  2⤵
  PID:7348
- C:\Windows\System32\alprLHy.exe
  C:\Windows\System32\alprLHy.exe
  2⤵
  PID:7392
- C:\Windows\System32\DHEvGgg.exe
  C:\Windows\System32\DHEvGgg.exe
  2⤵
  PID:7424
- C:\Windows\System32\bMtQduo.exe
  C:\Windows\System32\bMtQduo.exe
  2⤵
  PID:7440
- C:\Windows\System32\OfdWOnR.exe
  C:\Windows\System32\OfdWOnR.exe
  2⤵
  PID:7472
- C:\Windows\System32\hTjuxsV.exe
  C:\Windows\System32\hTjuxsV.exe
  2⤵
  PID:7492
- C:\Windows\System32\DyTJPeN.exe
  C:\Windows\System32\DyTJPeN.exe
  2⤵
  PID:7520
- C:\Windows\System32\SLwfuMT.exe
  C:\Windows\System32\SLwfuMT.exe
  2⤵
  PID:7564
- C:\Windows\System32\ovNCdyH.exe
  C:\Windows\System32\ovNCdyH.exe
  2⤵
  PID:7600
- C:\Windows\System32\uNJriQJ.exe
  C:\Windows\System32\uNJriQJ.exe
  2⤵
  PID:7616
- C:\Windows\System32\blsXxWH.exe
  C:\Windows\System32\blsXxWH.exe
  2⤵
  PID:7644
- C:\Windows\System32\mrEZhXF.exe
  C:\Windows\System32\mrEZhXF.exe
  2⤵
  PID:7672
- C:\Windows\System32\pcWssrJ.exe
  C:\Windows\System32\pcWssrJ.exe
  2⤵
  PID:7708
- C:\Windows\System32\qYqpuxb.exe
  C:\Windows\System32\qYqpuxb.exe
  2⤵
  PID:7736
- C:\Windows\System32\VWXclkg.exe
  C:\Windows\System32\VWXclkg.exe
  2⤵
  PID:7752
- C:\Windows\System32\DpwAFtB.exe
  C:\Windows\System32\DpwAFtB.exe
  2⤵
  PID:7772
- C:\Windows\System32\zGZAAvN.exe
  C:\Windows\System32\zGZAAvN.exe
  2⤵
  PID:7808
- C:\Windows\System32\RwvCzXb.exe
  C:\Windows\System32\RwvCzXb.exe
  2⤵
  PID:7836
- C:\Windows\System32\YSJIaoQ.exe
  C:\Windows\System32\YSJIaoQ.exe
  2⤵
  PID:7860
- C:\Windows\System32\panbwOL.exe
  C:\Windows\System32\panbwOL.exe
  2⤵
  PID:7880
- C:\Windows\System32\NtvcPhD.exe
  C:\Windows\System32\NtvcPhD.exe
  2⤵
  PID:7936
- C:\Windows\System32\MTQUxKI.exe
  C:\Windows\System32\MTQUxKI.exe
  2⤵
  PID:7952
- C:\Windows\System32\HtaTtEF.exe
  C:\Windows\System32\HtaTtEF.exe
  2⤵
  PID:7968
- C:\Windows\System32\TFZOZvk.exe
  C:\Windows\System32\TFZOZvk.exe
  2⤵
  PID:7984
- C:\Windows\System32\iAcgWCb.exe
  C:\Windows\System32\iAcgWCb.exe
  2⤵
  PID:8008
- C:\Windows\System32\IBEvZBP.exe
  C:\Windows\System32\IBEvZBP.exe
  2⤵
  PID:8028
- C:\Windows\System32\VeEZSPb.exe
  C:\Windows\System32\VeEZSPb.exe
  2⤵
  PID:8044
- C:\Windows\System32\dMAmaci.exe
  C:\Windows\System32\dMAmaci.exe
  2⤵
  PID:8060
- C:\Windows\System32\RnlKhIH.exe
  C:\Windows\System32\RnlKhIH.exe
  2⤵
  PID:8108
- C:\Windows\System32\ieVRaqT.exe
  C:\Windows\System32\ieVRaqT.exe
  2⤵
  PID:8188
- C:\Windows\System32\ysrXyPO.exe
  C:\Windows\System32\ysrXyPO.exe
  2⤵
  PID:7272
- C:\Windows\System32\AlbHGhL.exe
  C:\Windows\System32\AlbHGhL.exe
  2⤵
  PID:7320
- C:\Windows\System32\Jeqxukx.exe
  C:\Windows\System32\Jeqxukx.exe
  2⤵
  PID:7364
- C:\Windows\System32\qHEBLQN.exe
  C:\Windows\System32\qHEBLQN.exe
  2⤵
  PID:7400
- C:\Windows\System32\bRhPqef.exe
  C:\Windows\System32\bRhPqef.exe
  2⤵
  PID:7504
- C:\Windows\System32\xwjWwlf.exe
  C:\Windows\System32\xwjWwlf.exe
  2⤵
  PID:7544
- C:\Windows\System32\xYcgRKx.exe
  C:\Windows\System32\xYcgRKx.exe
  2⤵
  PID:7624
- C:\Windows\System32\YxBTqtr.exe
  C:\Windows\System32\YxBTqtr.exe
  2⤵
  PID:7660
- C:\Windows\System32\IhhMkUU.exe
  C:\Windows\System32\IhhMkUU.exe
  2⤵
  PID:7700
- C:\Windows\System32\kpGJJYj.exe
  C:\Windows\System32\kpGJJYj.exe
  2⤵
  PID:7784
- C:\Windows\System32\ZfPSYHE.exe
  C:\Windows\System32\ZfPSYHE.exe
  2⤵
  PID:7816
- C:\Windows\System32\yqhuiKt.exe
  C:\Windows\System32\yqhuiKt.exe
  2⤵
  PID:7844
- C:\Windows\System32\lCdrmZY.exe
  C:\Windows\System32\lCdrmZY.exe
  2⤵
  PID:7908
- C:\Windows\System32\iYTDEei.exe
  C:\Windows\System32\iYTDEei.exe
  2⤵
  PID:8024
- C:\Windows\System32\IcqXjbq.exe
  C:\Windows\System32\IcqXjbq.exe
  2⤵
  PID:7944
- C:\Windows\System32\edgcNak.exe
  C:\Windows\System32\edgcNak.exe
  2⤵
  PID:8116
- C:\Windows\System32\hCkXHVO.exe
  C:\Windows\System32\hCkXHVO.exe
  2⤵
  PID:7172
- C:\Windows\System32\SrJjEzJ.exe
  C:\Windows\System32\SrJjEzJ.exe
  2⤵
  PID:7432
- C:\Windows\System32\MWxAVcK.exe
  C:\Windows\System32\MWxAVcK.exe
  2⤵
  PID:7464
- C:\Windows\System32\sslzZzM.exe
  C:\Windows\System32\sslzZzM.exe
  2⤵
  PID:7636
- C:\Windows\System32\zJyzwZL.exe
  C:\Windows\System32\zJyzwZL.exe
  2⤵
  PID:7768
- C:\Windows\System32\LPscuXH.exe
  C:\Windows\System32\LPscuXH.exe
  2⤵
  PID:7928
- C:\Windows\System32\BnaEpkf.exe
  C:\Windows\System32\BnaEpkf.exe
  2⤵
  PID:8076
- C:\Windows\System32\BWEVWSp.exe
  C:\Windows\System32\BWEVWSp.exe
  2⤵
  PID:8136
- C:\Windows\System32\tTPpkub.exe
  C:\Windows\System32\tTPpkub.exe
  2⤵
  PID:7868
- C:\Windows\System32\wVQHpmD.exe
  C:\Windows\System32\wVQHpmD.exe
  2⤵
  PID:8036
- C:\Windows\System32\rJozdgH.exe
  C:\Windows\System32\rJozdgH.exe
  2⤵
  PID:7592
- C:\Windows\System32\GTkyRTn.exe
  C:\Windows\System32\GTkyRTn.exe
  2⤵
  PID:8144
- C:\Windows\System32\RJMoXES.exe
  C:\Windows\System32\RJMoXES.exe
  2⤵
  PID:8200
- C:\Windows\System32\TMmXVRT.exe
  C:\Windows\System32\TMmXVRT.exe
  2⤵
  PID:8236
- C:\Windows\System32\LYyWdPx.exe
  C:\Windows\System32\LYyWdPx.exe
  2⤵
  PID:8268
- C:\Windows\System32\NMuyCBc.exe
  C:\Windows\System32\NMuyCBc.exe
  2⤵
  PID:8284
- C:\Windows\System32\iOTDHjX.exe
  C:\Windows\System32\iOTDHjX.exe
  2⤵
  PID:8304
- C:\Windows\System32\KLSKWwR.exe
  C:\Windows\System32\KLSKWwR.exe
  2⤵
  PID:8320
- C:\Windows\System32\OEnCWsz.exe
  C:\Windows\System32\OEnCWsz.exe
  2⤵
  PID:8384
- C:\Windows\System32\OWZNIVJ.exe
  C:\Windows\System32\OWZNIVJ.exe
  2⤵
  PID:8400
- C:\Windows\System32\OhTqzCj.exe
  C:\Windows\System32\OhTqzCj.exe
  2⤵
  PID:8428
- C:\Windows\System32\Tdghpbk.exe
  C:\Windows\System32\Tdghpbk.exe
  2⤵
  PID:8516
- C:\Windows\System32\EXFgCzs.exe
  C:\Windows\System32\EXFgCzs.exe
  2⤵
  PID:8564
- C:\Windows\System32\cSwAUtA.exe
  C:\Windows\System32\cSwAUtA.exe
  2⤵
  PID:8580
- C:\Windows\System32\rwKbvYu.exe
  C:\Windows\System32\rwKbvYu.exe
  2⤵
  PID:8596
- C:\Windows\System32\sKKHnJc.exe
  C:\Windows\System32\sKKHnJc.exe
  2⤵
  PID:8612
- C:\Windows\System32\HQMrZSp.exe
  C:\Windows\System32\HQMrZSp.exe
  2⤵
  PID:8628
- C:\Windows\System32\rQjAcQL.exe
  C:\Windows\System32\rQjAcQL.exe
  2⤵
  PID:8644
- C:\Windows\System32\JwcfQTb.exe
  C:\Windows\System32\JwcfQTb.exe
  2⤵
  PID:8660
- C:\Windows\System32\ebfRbMA.exe
  C:\Windows\System32\ebfRbMA.exe
  2⤵
  PID:8676
- C:\Windows\System32\bgoUSgc.exe
  C:\Windows\System32\bgoUSgc.exe
  2⤵
  PID:8692
- C:\Windows\System32\BQBojMd.exe
  C:\Windows\System32\BQBojMd.exe
  2⤵
  PID:8708
- C:\Windows\System32\MeZqERw.exe
  C:\Windows\System32\MeZqERw.exe
  2⤵
  PID:8724
- C:\Windows\System32\CMAJhWQ.exe
  C:\Windows\System32\CMAJhWQ.exe
  2⤵
  PID:8740
- C:\Windows\System32\VZawSmR.exe
  C:\Windows\System32\VZawSmR.exe
  2⤵
  PID:8756
- C:\Windows\System32\lLlutks.exe
  C:\Windows\System32\lLlutks.exe
  2⤵
  PID:8772
- C:\Windows\System32\AFzztVr.exe
  C:\Windows\System32\AFzztVr.exe
  2⤵
  PID:8788
- C:\Windows\System32\RjVIEJV.exe
  C:\Windows\System32\RjVIEJV.exe
  2⤵
  PID:8804
- C:\Windows\System32\TapLjtr.exe
  C:\Windows\System32\TapLjtr.exe
  2⤵
  PID:8820
- C:\Windows\System32\xLwlSfG.exe
  C:\Windows\System32\xLwlSfG.exe
  2⤵
  PID:8836
- C:\Windows\System32\urZdfku.exe
  C:\Windows\System32\urZdfku.exe
  2⤵
  PID:8852
- C:\Windows\System32\dGEEqwj.exe
  C:\Windows\System32\dGEEqwj.exe
  2⤵
  PID:8868
- C:\Windows\System32\MQViXsP.exe
  C:\Windows\System32\MQViXsP.exe
  2⤵
  PID:8884
- C:\Windows\System32\jyNkRnk.exe
  C:\Windows\System32\jyNkRnk.exe
  2⤵
  PID:8900
- C:\Windows\System32\QPHyfrv.exe
  C:\Windows\System32\QPHyfrv.exe
  2⤵
  PID:8916
- C:\Windows\System32\gqMBMiz.exe
  C:\Windows\System32\gqMBMiz.exe
  2⤵
  PID:8932
- C:\Windows\System32\qvieiLn.exe
  C:\Windows\System32\qvieiLn.exe
  2⤵
  PID:8956
- C:\Windows\System32\AhcjCmm.exe
  C:\Windows\System32\AhcjCmm.exe
  2⤵
  PID:8972
- C:\Windows\System32\kRGSFrL.exe
  C:\Windows\System32\kRGSFrL.exe
  2⤵
  PID:8988
- C:\Windows\System32\fdcRWVU.exe
  C:\Windows\System32\fdcRWVU.exe
  2⤵
  PID:9064
- C:\Windows\System32\JoUQLYu.exe
  C:\Windows\System32\JoUQLYu.exe
  2⤵
  PID:8208
- C:\Windows\System32\GLOGtdO.exe
  C:\Windows\System32\GLOGtdO.exe
  2⤵
  PID:8260
- C:\Windows\System32\GyahBkS.exe
  C:\Windows\System32\GyahBkS.exe
  2⤵
  PID:8608
- C:\Windows\System32\PCMdXAZ.exe
  C:\Windows\System32\PCMdXAZ.exe
  2⤵
  PID:8480
- C:\Windows\System32\EVsXXnU.exe
  C:\Windows\System32\EVsXXnU.exe
  2⤵
  PID:8764
- C:\Windows\System32\tdKDnEH.exe
  C:\Windows\System32\tdKDnEH.exe
  2⤵
  PID:8844
- C:\Windows\System32\kVKBUVf.exe
  C:\Windows\System32\kVKBUVf.exe
  2⤵
  PID:8504
- C:\Windows\System32\CONPeDn.exe
  C:\Windows\System32\CONPeDn.exe
  2⤵
  PID:8944
- C:\Windows\System32\ipzFsRA.exe
  C:\Windows\System32\ipzFsRA.exe
  2⤵
  PID:8736
- C:\Windows\System32\xBrIOHL.exe
  C:\Windows\System32\xBrIOHL.exe
  2⤵
  PID:8832
- C:\Windows\System32\NXywjLe.exe
  C:\Windows\System32\NXywjLe.exe
  2⤵
  PID:8896
- C:\Windows\System32\GrUinXl.exe
  C:\Windows\System32\GrUinXl.exe
  2⤵
  PID:9000
- C:\Windows\System32\SqOdBfA.exe
  C:\Windows\System32\SqOdBfA.exe
  2⤵
  PID:9144
- C:\Windows\System32\xUGXnJp.exe
  C:\Windows\System32\xUGXnJp.exe
  2⤵
  PID:9212
- C:\Windows\System32\dVdCRnK.exe
  C:\Windows\System32\dVdCRnK.exe
  2⤵
  PID:8396
- C:\Windows\System32\ruEVCRK.exe
  C:\Windows\System32\ruEVCRK.exe
  2⤵
  PID:8464
- C:\Windows\System32\yUtIADC.exe
  C:\Windows\System32\yUtIADC.exe
  2⤵
  PID:8732
- C:\Windows\System32\UdYRTwY.exe
  C:\Windows\System32\UdYRTwY.exe
  2⤵
  PID:8496
- C:\Windows\System32\MDCxliu.exe
  C:\Windows\System32\MDCxliu.exe
  2⤵
  PID:8952
- C:\Windows\System32\ZNCuuwz.exe
  C:\Windows\System32\ZNCuuwz.exe
  2⤵
  PID:8980
- C:\Windows\System32\QJErXob.exe
  C:\Windows\System32\QJErXob.exe
  2⤵
  PID:9188
- C:\Windows\System32\EURTWBZ.exe
  C:\Windows\System32\EURTWBZ.exe
  2⤵
  PID:8276
- C:\Windows\System32\jMsyfyX.exe
  C:\Windows\System32\jMsyfyX.exe
  2⤵
  PID:8892
- C:\Windows\System32\ycavHKd.exe
  C:\Windows\System32\ycavHKd.exe
  2⤵
  PID:8656
- C:\Windows\System32\gqaLxIJ.exe
  C:\Windows\System32\gqaLxIJ.exe
  2⤵
  PID:8364
- C:\Windows\System32\bBNvbit.exe
  C:\Windows\System32\bBNvbit.exe
  2⤵
  PID:1344
- C:\Windows\System32\zHETjft.exe
  C:\Windows\System32\zHETjft.exe
  2⤵
  PID:9220
- C:\Windows\System32\XGgNhrj.exe
  C:\Windows\System32\XGgNhrj.exe
  2⤵
  PID:9240
- C:\Windows\System32\LWxAmFI.exe
  C:\Windows\System32\LWxAmFI.exe
  2⤵
  PID:9256
- C:\Windows\System32\DtgYTZG.exe
  C:\Windows\System32\DtgYTZG.exe
  2⤵
  PID:9284
- C:\Windows\System32\OTefpUl.exe
  C:\Windows\System32\OTefpUl.exe
  2⤵
  PID:9304
- C:\Windows\System32\zCOkxZn.exe
  C:\Windows\System32\zCOkxZn.exe
  2⤵
  PID:9324
- C:\Windows\System32\PFYwYVk.exe
  C:\Windows\System32\PFYwYVk.exe
  2⤵
  PID:9344
- C:\Windows\System32\ZMccGYt.exe
  C:\Windows\System32\ZMccGYt.exe
  2⤵
  PID:9380
- C:\Windows\System32\KSvEAcW.exe
  C:\Windows\System32\KSvEAcW.exe
  2⤵
  PID:9436
- C:\Windows\System32\AIGBUYY.exe
  C:\Windows\System32\AIGBUYY.exe
  2⤵
  PID:9468
- C:\Windows\System32\hUejako.exe
  C:\Windows\System32\hUejako.exe
  2⤵
  PID:9508
- C:\Windows\System32\EcaeJim.exe
  C:\Windows\System32\EcaeJim.exe
  2⤵
  PID:9540
- C:\Windows\System32\KShqLLU.exe
  C:\Windows\System32\KShqLLU.exe
  2⤵
  PID:9572
- C:\Windows\System32\tlrnDHe.exe
  C:\Windows\System32\tlrnDHe.exe
  2⤵
  PID:9632
- C:\Windows\System32\KjFAMef.exe
  C:\Windows\System32\KjFAMef.exe
  2⤵
  PID:9652
- C:\Windows\System32\QHtjKLW.exe
  C:\Windows\System32\QHtjKLW.exe
  2⤵
  PID:9684
- C:\Windows\System32\rCmOdLk.exe
  C:\Windows\System32\rCmOdLk.exe
  2⤵
  PID:9704
- C:\Windows\System32\XlLoUFb.exe
  C:\Windows\System32\XlLoUFb.exe
  2⤵
  PID:9720
- C:\Windows\System32\EEcIhiV.exe
  C:\Windows\System32\EEcIhiV.exe
  2⤵
  PID:9740
- C:\Windows\System32\oamXqnu.exe
  C:\Windows\System32\oamXqnu.exe
  2⤵
  PID:9756
- C:\Windows\System32\lSGJwwl.exe
  C:\Windows\System32\lSGJwwl.exe
  2⤵
  PID:9780
- C:\Windows\System32\wyjTNhW.exe
  C:\Windows\System32\wyjTNhW.exe
  2⤵
  PID:9820
- C:\Windows\System32\XqBbeNd.exe
  C:\Windows\System32\XqBbeNd.exe
  2⤵
  PID:9864
- C:\Windows\System32\QOewsEv.exe
  C:\Windows\System32\QOewsEv.exe
  2⤵
  PID:9884
- C:\Windows\System32\xOmSvqp.exe
  C:\Windows\System32\xOmSvqp.exe
  2⤵
  PID:9944
- C:\Windows\System32\ZFAXMsD.exe
  C:\Windows\System32\ZFAXMsD.exe
  2⤵
  PID:9964
- C:\Windows\System32\wYCUzuE.exe
  C:\Windows\System32\wYCUzuE.exe
  2⤵
  PID:9984
- C:\Windows\System32\TCmEKox.exe
  C:\Windows\System32\TCmEKox.exe
  2⤵
  PID:10020
- C:\Windows\System32\UpYwOSZ.exe
  C:\Windows\System32\UpYwOSZ.exe
  2⤵
  PID:10072
- C:\Windows\System32\rTArgPF.exe
  C:\Windows\System32\rTArgPF.exe
  2⤵
  PID:10096
- C:\Windows\System32\TPveSeX.exe
  C:\Windows\System32\TPveSeX.exe
  2⤵
  PID:10112
- C:\Windows\System32\lcuClLz.exe
  C:\Windows\System32\lcuClLz.exe
  2⤵
  PID:10132
- C:\Windows\System32\JyEjLHf.exe
  C:\Windows\System32\JyEjLHf.exe
  2⤵
  PID:10148
- C:\Windows\System32\kDYftkf.exe
  C:\Windows\System32\kDYftkf.exe
  2⤵
  PID:10180
- C:\Windows\System32\SrjjEBA.exe
  C:\Windows\System32\SrjjEBA.exe
  2⤵
  PID:10204
- C:\Windows\System32\rpxgVvw.exe
  C:\Windows\System32\rpxgVvw.exe
  2⤵
  PID:1252
- C:\Windows\System32\RGoWKCy.exe
  C:\Windows\System32\RGoWKCy.exe
  2⤵
  PID:9248
- C:\Windows\System32\BcEsOgb.exe
  C:\Windows\System32\BcEsOgb.exe
  2⤵
  PID:9320
- C:\Windows\System32\TnLWbxT.exe
  C:\Windows\System32\TnLWbxT.exe
  2⤵
  PID:9368
- C:\Windows\System32\LyPHDDR.exe
  C:\Windows\System32\LyPHDDR.exe
  2⤵
  PID:9396
- C:\Windows\System32\WJeKbjF.exe
  C:\Windows\System32\WJeKbjF.exe
  2⤵
  PID:9520
- C:\Windows\System32\uemyNDv.exe
  C:\Windows\System32\uemyNDv.exe
  2⤵
  PID:9556
- C:\Windows\System32\fJUOumt.exe
  C:\Windows\System32\fJUOumt.exe
  2⤵
  PID:9608
- C:\Windows\System32\vzdCkow.exe
  C:\Windows\System32\vzdCkow.exe
  2⤵
  PID:9228
- C:\Windows\System32\iqXqAbg.exe
  C:\Windows\System32\iqXqAbg.exe
  2⤵
  PID:9748
- C:\Windows\System32\ZLwqjVt.exe
  C:\Windows\System32\ZLwqjVt.exe
  2⤵
  PID:9908
- C:\Windows\System32\zttMhvw.exe
  C:\Windows\System32\zttMhvw.exe
  2⤵
  PID:9980
- C:\Windows\System32\rsRImTL.exe
  C:\Windows\System32\rsRImTL.exe
  2⤵
  PID:9976
- C:\Windows\System32\VtEwAOE.exe
  C:\Windows\System32\VtEwAOE.exe
  2⤵
  PID:10080
- C:\Windows\System32\HQwxqZk.exe
  C:\Windows\System32\HQwxqZk.exe
  2⤵
  PID:10104
- C:\Windows\System32\yQYFgpw.exe
  C:\Windows\System32\yQYFgpw.exe
  2⤵
  PID:10216
- C:\Windows\System32\plFFfBa.exe
  C:\Windows\System32\plFFfBa.exe
  2⤵
  PID:9252
- C:\Windows\System32\fOPhzLV.exe
  C:\Windows\System32\fOPhzLV.exe
  2⤵
  PID:9444
- C:\Windows\System32\OgkrxFY.exe
  C:\Windows\System32\OgkrxFY.exe
  2⤵
  PID:3856
- C:\Windows\System32\wcnftqS.exe
  C:\Windows\System32\wcnftqS.exe
  2⤵
  PID:9648
- C:\Windows\System32\qmfVKjh.exe
  C:\Windows\System32\qmfVKjh.exe
  2⤵
  PID:9892
- C:\Windows\System32\BicXMHH.exe
  C:\Windows\System32\BicXMHH.exe
  2⤵
  PID:10124
- C:\Windows\System32\kAaDdBz.exe
  C:\Windows\System32\kAaDdBz.exe
  2⤵
  PID:10196
- C:\Windows\System32\WiYoXjG.exe
  C:\Windows\System32\WiYoXjG.exe
  2⤵
  PID:9644
- C:\Windows\System32\IAvcRth.exe
  C:\Windows\System32\IAvcRth.exe
  2⤵
  PID:9996
- C:\Windows\System32\QgBsqjc.exe
  C:\Windows\System32\QgBsqjc.exe
  2⤵
  PID:10092
- C:\Windows\System32\nvvptgZ.exe
  C:\Windows\System32\nvvptgZ.exe
  2⤵
  PID:9424
- C:\Windows\System32\ZuVxXwS.exe
  C:\Windows\System32\ZuVxXwS.exe
  2⤵
  PID:10244
- C:\Windows\System32\yTeCKjs.exe
  C:\Windows\System32\yTeCKjs.exe
  2⤵
  PID:10292
- C:\Windows\System32\FDNFONH.exe
  C:\Windows\System32\FDNFONH.exe
  2⤵
  PID:10336
- C:\Windows\System32\LdcXvJz.exe
  C:\Windows\System32\LdcXvJz.exe
  2⤵
  PID:10376
- C:\Windows\System32\aEgsVqU.exe
  C:\Windows\System32\aEgsVqU.exe
  2⤵
  PID:10396
- C:\Windows\System32\GFwVbuQ.exe
  C:\Windows\System32\GFwVbuQ.exe
  2⤵
  PID:10412
- C:\Windows\System32\wMMYAMl.exe
  C:\Windows\System32\wMMYAMl.exe
  2⤵
  PID:10444
- C:\Windows\System32\OGXUbpG.exe
  C:\Windows\System32\OGXUbpG.exe
  2⤵
  PID:10464
- C:\Windows\System32\JDetZtR.exe
  C:\Windows\System32\JDetZtR.exe
  2⤵
  PID:10492
- C:\Windows\System32\SVHosmn.exe
  C:\Windows\System32\SVHosmn.exe
  2⤵
  PID:10512
- C:\Windows\System32\CIqQLrh.exe
  C:\Windows\System32\CIqQLrh.exe
  2⤵
  PID:10536
- C:\Windows\System32\JpBgdpU.exe
  C:\Windows\System32\JpBgdpU.exe
  2⤵
  PID:10556
- C:\Windows\System32\JkJDXYR.exe
  C:\Windows\System32\JkJDXYR.exe
  2⤵
  PID:10608
- C:\Windows\System32\kzmHwkk.exe
  C:\Windows\System32\kzmHwkk.exe
  2⤵
  PID:10632
- C:\Windows\System32\MEDqndk.exe
  C:\Windows\System32\MEDqndk.exe
  2⤵
  PID:10684
- C:\Windows\System32\AAUdUof.exe
  C:\Windows\System32\AAUdUof.exe
  2⤵
  PID:10712
- C:\Windows\System32\BUTFdOU.exe
  C:\Windows\System32\BUTFdOU.exe
  2⤵
  PID:10740
- C:\Windows\System32\nmenYnf.exe
  C:\Windows\System32\nmenYnf.exe
  2⤵
  PID:10756
- C:\Windows\System32\tFFwAUn.exe
  C:\Windows\System32\tFFwAUn.exe
  2⤵
  PID:10776
- C:\Windows\System32\QNhKgme.exe
  C:\Windows\System32\QNhKgme.exe
  2⤵
  PID:10812
- C:\Windows\System32\ANReQzs.exe
  C:\Windows\System32\ANReQzs.exe
  2⤵
  PID:10828
- C:\Windows\System32\gCwcbyG.exe
  C:\Windows\System32\gCwcbyG.exe
  2⤵
  PID:10856
- C:\Windows\System32\hejeFIg.exe
  C:\Windows\System32\hejeFIg.exe
  2⤵
  PID:10872
- C:\Windows\System32\FkKyOic.exe
  C:\Windows\System32\FkKyOic.exe
  2⤵
  PID:10892
- C:\Windows\System32\iBZmRtJ.exe
  C:\Windows\System32\iBZmRtJ.exe
  2⤵
  PID:10924
- C:\Windows\System32\mRfCLbj.exe
  C:\Windows\System32\mRfCLbj.exe
  2⤵
  PID:11000
- C:\Windows\System32\nlSLgAm.exe
  C:\Windows\System32\nlSLgAm.exe
  2⤵
  PID:11020
- C:\Windows\System32\reQiRbU.exe
  C:\Windows\System32\reQiRbU.exe
  2⤵
  PID:11036
- C:\Windows\System32\fpPxBKL.exe
  C:\Windows\System32\fpPxBKL.exe
  2⤵
  PID:11060
- C:\Windows\System32\ZrBXQyD.exe
  C:\Windows\System32\ZrBXQyD.exe
  2⤵
  PID:11100
- C:\Windows\System32\UYaRiPR.exe
  C:\Windows\System32\UYaRiPR.exe
  2⤵
  PID:11124
- C:\Windows\System32\yhSLCMH.exe
  C:\Windows\System32\yhSLCMH.exe
  2⤵
  PID:11144
- C:\Windows\System32\TvzGEkW.exe
  C:\Windows\System32\TvzGEkW.exe
  2⤵
  PID:11168
- C:\Windows\System32\yOqWqtv.exe
  C:\Windows\System32\yOqWqtv.exe
  2⤵
  PID:11196
- C:\Windows\System32\ZXfTJsj.exe
  C:\Windows\System32\ZXfTJsj.exe
  2⤵
  PID:11236
- C:\Windows\System32\BtngEOe.exe
  C:\Windows\System32\BtngEOe.exe
  2⤵
  PID:10256
- C:\Windows\System32\EMzNrML.exe
  C:\Windows\System32\EMzNrML.exe
  2⤵
  PID:10268
- C:\Windows\System32\WsgdeDN.exe
  C:\Windows\System32\WsgdeDN.exe
  2⤵
  PID:10344
- C:\Windows\System32\EbekLmi.exe
  C:\Windows\System32\EbekLmi.exe
  2⤵
  PID:10392
- C:\Windows\System32\FIUtQdr.exe
  C:\Windows\System32\FIUtQdr.exe
  2⤵
  PID:10404
- C:\Windows\System32\ZFMzmJj.exe
  C:\Windows\System32\ZFMzmJj.exe
  2⤵
  PID:10460
- C:\Windows\System32\IBvuFQS.exe
  C:\Windows\System32\IBvuFQS.exe
  2⤵
  PID:10580
- C:\Windows\System32\zbTWfJT.exe
  C:\Windows\System32\zbTWfJT.exe
  2⤵
  PID:10628
- C:\Windows\System32\lkqTueQ.exe
  C:\Windows\System32\lkqTueQ.exe
  2⤵
  PID:10724
- C:\Windows\System32\UKYvCTX.exe
  C:\Windows\System32\UKYvCTX.exe
  2⤵
  PID:10796
- C:\Windows\System32\iciVHjj.exe
  C:\Windows\System32\iciVHjj.exe
  2⤵
  PID:10844
- C:\Windows\System32\nWbRxoT.exe
  C:\Windows\System32\nWbRxoT.exe
  2⤵
  PID:10936
- C:\Windows\System32\wEHLkFY.exe
  C:\Windows\System32\wEHLkFY.exe
  2⤵
  PID:10976
- C:\Windows\System32\JnsSWVz.exe
  C:\Windows\System32\JnsSWVz.exe
  2⤵
  PID:11084
- C:\Windows\System32\YfuUjwx.exe
  C:\Windows\System32\YfuUjwx.exe
  2⤵
  PID:11140
- C:\Windows\System32\mqckfwq.exe
  C:\Windows\System32\mqckfwq.exe
  2⤵
  PID:11204
- C:\Windows\System32\JDQnHmW.exe
  C:\Windows\System32\JDQnHmW.exe
  2⤵
  PID:10916
- C:\Windows\System32\CDPxgJB.exe
  C:\Windows\System32\CDPxgJB.exe
  2⤵
  PID:10316
- C:\Windows\System32\uIaGasf.exe
  C:\Windows\System32\uIaGasf.exe
  2⤵
  PID:9300
- C:\Windows\System32\NesuTdg.exe
  C:\Windows\System32\NesuTdg.exe
  2⤵
  PID:10480
- C:\Windows\System32\MnnvZsj.exe
  C:\Windows\System32\MnnvZsj.exe
  2⤵
  PID:10624
- C:\Windows\System32\nmGMRlV.exe
  C:\Windows\System32\nmGMRlV.exe
  2⤵
  PID:10748
- C:\Windows\System32\jHRGics.exe
  C:\Windows\System32\jHRGics.exe
  2⤵
  PID:10840
- C:\Windows\System32\fQwhuhZ.exe
  C:\Windows\System32\fQwhuhZ.exe
  2⤵
  PID:11016
- C:\Windows\System32\ECnASWK.exe
  C:\Windows\System32\ECnASWK.exe
  2⤵
  PID:10528
- C:\Windows\System32\XcVmqvB.exe
  C:\Windows\System32\XcVmqvB.exe
  2⤵
  PID:10772
- C:\Windows\System32\dSzxLUh.exe
  C:\Windows\System32\dSzxLUh.exe
  2⤵
  PID:10484
- C:\Windows\System32\oIZXWWk.exe
  C:\Windows\System32\oIZXWWk.exe
  2⤵
  PID:11268
- C:\Windows\System32\ubPvAwP.exe
  C:\Windows\System32\ubPvAwP.exe
  2⤵
  PID:11304
- C:\Windows\System32\vXxGocX.exe
  C:\Windows\System32\vXxGocX.exe
  2⤵
  PID:11348
- C:\Windows\System32\dVWWlWK.exe
  C:\Windows\System32\dVWWlWK.exe
  2⤵
  PID:11364
- C:\Windows\System32\xhdzkYk.exe
  C:\Windows\System32\xhdzkYk.exe
  2⤵
  PID:11400
- C:\Windows\System32\oXZPIzW.exe
  C:\Windows\System32\oXZPIzW.exe
  2⤵
  PID:11420
- C:\Windows\System32\IrShAUC.exe
  C:\Windows\System32\IrShAUC.exe
  2⤵
  PID:11436
- C:\Windows\System32\Wimtaup.exe
  C:\Windows\System32\Wimtaup.exe
  2⤵
  PID:11456
- C:\Windows\System32\tZSKzdK.exe
  C:\Windows\System32\tZSKzdK.exe
  2⤵
  PID:11492
- C:\Windows\System32\LBeFfLA.exe
  C:\Windows\System32\LBeFfLA.exe
  2⤵
  PID:11512
- C:\Windows\System32\fQhWdld.exe
  C:\Windows\System32\fQhWdld.exe
  2⤵
  PID:11556
- C:\Windows\System32\JeBFjdG.exe
  C:\Windows\System32\JeBFjdG.exe
  2⤵
  PID:11572
- C:\Windows\System32\bdNAJxv.exe
  C:\Windows\System32\bdNAJxv.exe
  2⤵
  PID:11596
- C:\Windows\System32\HgKSBGL.exe
  C:\Windows\System32\HgKSBGL.exe
  2⤵
  PID:11624
- C:\Windows\System32\HNJJBrg.exe
  C:\Windows\System32\HNJJBrg.exe
  2⤵
  PID:11644
- C:\Windows\System32\RxsjXCC.exe
  C:\Windows\System32\RxsjXCC.exe
  2⤵
  PID:11660
- C:\Windows\System32\cjVkoZh.exe
  C:\Windows\System32\cjVkoZh.exe
  2⤵
  PID:11684
- C:\Windows\System32\KvJwibV.exe
  C:\Windows\System32\KvJwibV.exe
  2⤵
  PID:11712
- C:\Windows\System32\pLkoFOx.exe
  C:\Windows\System32\pLkoFOx.exe
  2⤵
  PID:11732
- C:\Windows\System32\dtjoPKV.exe
  C:\Windows\System32\dtjoPKV.exe
  2⤵
  PID:11768
- C:\Windows\System32\FHahfYX.exe
  C:\Windows\System32\FHahfYX.exe
  2⤵
  PID:11784
- C:\Windows\System32\egFfiMM.exe
  C:\Windows\System32\egFfiMM.exe
  2⤵
  PID:11804
- C:\Windows\System32\nNNSUDU.exe
  C:\Windows\System32\nNNSUDU.exe
  2⤵
  PID:11868
- C:\Windows\System32\NUoBcOn.exe
  C:\Windows\System32\NUoBcOn.exe
  2⤵
  PID:11888
- C:\Windows\System32\XWkjnUB.exe
  C:\Windows\System32\XWkjnUB.exe
  2⤵
  PID:11916
- C:\Windows\System32\wnNWQGB.exe
  C:\Windows\System32\wnNWQGB.exe
  2⤵
  PID:11940
- C:\Windows\System32\JOTvCEI.exe
  C:\Windows\System32\JOTvCEI.exe
  2⤵
  PID:11964
- C:\Windows\System32\eAjlTjZ.exe
  C:\Windows\System32\eAjlTjZ.exe
  2⤵
  PID:11988
- C:\Windows\System32\FaBwfZT.exe
  C:\Windows\System32\FaBwfZT.exe
  2⤵
  PID:12008
- C:\Windows\System32\FdGouKR.exe
  C:\Windows\System32\FdGouKR.exe
  2⤵
  PID:12052
- C:\Windows\System32\JnzEfXM.exe
  C:\Windows\System32\JnzEfXM.exe
  2⤵
  PID:12072
- C:\Windows\System32\gTiNVAo.exe
  C:\Windows\System32\gTiNVAo.exe
  2⤵
  PID:12100
- C:\Windows\System32\riMriBb.exe
  C:\Windows\System32\riMriBb.exe
  2⤵
  PID:12124
- C:\Windows\System32\diFkZkQ.exe
  C:\Windows\System32\diFkZkQ.exe
  2⤵
  PID:12200
- C:\Windows\System32\bioNMmF.exe
  C:\Windows\System32\bioNMmF.exe
  2⤵
  PID:12216
- C:\Windows\System32\SMKSnKN.exe
  C:\Windows\System32\SMKSnKN.exe
  2⤵
  PID:12240
- C:\Windows\System32\bOLpOJi.exe
  C:\Windows\System32\bOLpOJi.exe
  2⤵
  PID:12268
- C:\Windows\System32\OSvkiBd.exe
  C:\Windows\System32\OSvkiBd.exe
  2⤵
  PID:10836
- C:\Windows\System32\VgHUCiz.exe
  C:\Windows\System32\VgHUCiz.exe
  2⤵
  PID:11224
- C:\Windows\System32\uRUkefP.exe
  C:\Windows\System32\uRUkefP.exe
  2⤵
  PID:11356
- C:\Windows\System32\CJEaINk.exe
  C:\Windows\System32\CJEaINk.exe
  2⤵
  PID:11432
- C:\Windows\System32\krgSirJ.exe
  C:\Windows\System32\krgSirJ.exe
  2⤵
  PID:11520
- C:\Windows\System32\nkWTLRT.exe
  C:\Windows\System32\nkWTLRT.exe
  2⤵
  PID:11580
- C:\Windows\System32\rkgeIOs.exe
  C:\Windows\System32\rkgeIOs.exe
  2⤵
  PID:11640
- C:\Windows\System32\wCZOKzd.exe
  C:\Windows\System32\wCZOKzd.exe
  2⤵
  PID:11668
- C:\Windows\System32\dVUXhpZ.exe
  C:\Windows\System32\dVUXhpZ.exe
  2⤵
  PID:11800
- C:\Windows\System32\nLzJyaj.exe
  C:\Windows\System32\nLzJyaj.exe
  2⤵
  PID:11792
- C:\Windows\System32\trsmMTj.exe
  C:\Windows\System32\trsmMTj.exe
  2⤵
  PID:11948
- C:\Windows\System32\jTjJmHn.exe
  C:\Windows\System32\jTjJmHn.exe
  2⤵
  PID:11928
- C:\Windows\System32\tGhsmvF.exe
  C:\Windows\System32\tGhsmvF.exe
  2⤵
  PID:11996
- C:\Windows\System32\LPdbBru.exe
  C:\Windows\System32\LPdbBru.exe
  2⤵
  PID:12032
- C:\Windows\System32\DWvepoo.exe
  C:\Windows\System32\DWvepoo.exe
  2⤵
  PID:12136
- C:\Windows\System32\EwyTkPn.exe
  C:\Windows\System32\EwyTkPn.exe
  2⤵
  PID:12168
- C:\Windows\System32\norEXHw.exe
  C:\Windows\System32\norEXHw.exe
  2⤵
  PID:12264
- C:\Windows\System32\ntkLtHw.exe
  C:\Windows\System32\ntkLtHw.exe
  2⤵
  PID:11136
- C:\Windows\System32\rphWsPD.exe
  C:\Windows\System32\rphWsPD.exe
  2⤵
  PID:11408
- C:\Windows\System32\EqIQSRu.exe
  C:\Windows\System32\EqIQSRu.exe
  2⤵
  PID:11632
- C:\Windows\System32\FlJwtEp.exe
  C:\Windows\System32\FlJwtEp.exe
  2⤵
  PID:11584
- C:\Windows\System32\rqLJYtU.exe
  C:\Windows\System32\rqLJYtU.exe
  2⤵
  PID:11880
- C:\Windows\System32\DlEszrZ.exe
  C:\Windows\System32\DlEszrZ.exe
  2⤵
  PID:12224
- C:\Windows\System32\hJxxHSa.exe
  C:\Windows\System32\hJxxHSa.exe
  2⤵
  PID:11448
- C:\Windows\System32\oqafJDd.exe
  C:\Windows\System32\oqafJDd.exe
  2⤵
  PID:11472
- C:\Windows\System32\OiVtKyX.exe
  C:\Windows\System32\OiVtKyX.exe
  2⤵
  PID:11752
- C:\Windows\System32\uCFoHME.exe
  C:\Windows\System32\uCFoHME.exe
  2⤵
  PID:12000
- C:\Windows\System32\WNsgvEQ.exe
  C:\Windows\System32\WNsgvEQ.exe
  2⤵
  PID:11568
- C:\Windows\System32\HKvjnri.exe
  C:\Windows\System32\HKvjnri.exe
  2⤵
  PID:12308
- C:\Windows\System32\SjATwJE.exe
  C:\Windows\System32\SjATwJE.exe
  2⤵
  PID:12336
- C:\Windows\System32\tgSfNTE.exe
  C:\Windows\System32\tgSfNTE.exe
  2⤵
  PID:12356
- C:\Windows\System32\gFeHsDp.exe
  C:\Windows\System32\gFeHsDp.exe
  2⤵
  PID:12372
- C:\Windows\System32\ePAfTOd.exe
  C:\Windows\System32\ePAfTOd.exe
  2⤵
  PID:12408
- C:\Windows\System32\IRsPjBp.exe
  C:\Windows\System32\IRsPjBp.exe
  2⤵
  PID:12444
- C:\Windows\System32\imRMXmO.exe
  C:\Windows\System32\imRMXmO.exe
  2⤵
  PID:12496
- C:\Windows\System32\sKzBbps.exe
  C:\Windows\System32\sKzBbps.exe
  2⤵
  PID:12520
- C:\Windows\System32\bdObjny.exe
  C:\Windows\System32\bdObjny.exe
  2⤵
  PID:12540
- C:\Windows\System32\CnWWDqh.exe
  C:\Windows\System32\CnWWDqh.exe
  2⤵
  PID:12556
- C:\Windows\System32\IwHzGLY.exe
  C:\Windows\System32\IwHzGLY.exe
  2⤵
  PID:12580
- C:\Windows\System32\dDDjRcl.exe
  C:\Windows\System32\dDDjRcl.exe
  2⤵
  PID:12604
- C:\Windows\System32\JCQITHW.exe
  C:\Windows\System32\JCQITHW.exe
  2⤵
  PID:12624
- C:\Windows\System32\kSsHoPZ.exe
  C:\Windows\System32\kSsHoPZ.exe
  2⤵
  PID:12660
- C:\Windows\System32\LtvewzP.exe
  C:\Windows\System32\LtvewzP.exe
  2⤵
  PID:12720
- C:\Windows\System32\nWvGiPR.exe
  C:\Windows\System32\nWvGiPR.exe
  2⤵
  PID:12740
- C:\Windows\System32\CDdIxYF.exe
  C:\Windows\System32\CDdIxYF.exe
  2⤵
  PID:12788
- C:\Windows\System32\iEBCvLd.exe
  C:\Windows\System32\iEBCvLd.exe
  2⤵
  PID:12804
- C:\Windows\System32\pEoSzPF.exe
  C:\Windows\System32\pEoSzPF.exe
  2⤵
  PID:12824
- C:\Windows\System32\BaQpfhe.exe
  C:\Windows\System32\BaQpfhe.exe
  2⤵
  PID:12844
- C:\Windows\System32\xEyIflO.exe
  C:\Windows\System32\xEyIflO.exe
  2⤵
  PID:12868
- C:\Windows\System32\XihaNkC.exe
  C:\Windows\System32\XihaNkC.exe
  2⤵
  PID:12884
- C:\Windows\System32\icCRjhf.exe
  C:\Windows\System32\icCRjhf.exe
  2⤵
  PID:12904
- C:\Windows\System32\oaQJVBL.exe
  C:\Windows\System32\oaQJVBL.exe
  2⤵
  PID:12928
- C:\Windows\System32\iGfgiDv.exe
  C:\Windows\System32\iGfgiDv.exe
  2⤵
  PID:12980
- C:\Windows\System32\ZBTryAD.exe
  C:\Windows\System32\ZBTryAD.exe
  2⤵
  PID:13012
- C:\Windows\System32\VUrCURo.exe
  C:\Windows\System32\VUrCURo.exe
  2⤵
  PID:13028
- C:\Windows\System32\gNYUtvw.exe
  C:\Windows\System32\gNYUtvw.exe
  2⤵
  PID:13068
- C:\Windows\System32\buKpFmG.exe
  C:\Windows\System32\buKpFmG.exe
  2⤵
  PID:13112
- C:\Windows\System32\FVLTNjO.exe
  C:\Windows\System32\FVLTNjO.exe
  2⤵
  PID:13140
- C:\Windows\System32\kAcONhZ.exe
  C:\Windows\System32\kAcONhZ.exe
  2⤵
  PID:13156
- C:\Windows\System32\BdeuDmD.exe
  C:\Windows\System32\BdeuDmD.exe
  2⤵
  PID:13204
- C:\Windows\System32\GzTnRha.exe
  C:\Windows\System32\GzTnRha.exe
  2⤵
  PID:13240
- C:\Windows\System32\oLjbDsc.exe
  C:\Windows\System32\oLjbDsc.exe
  2⤵
  PID:13260
- C:\Windows\System32\AbqspQU.exe
  C:\Windows\System32\AbqspQU.exe
  2⤵
  PID:13276
- C:\Windows\System32\hLZjSJx.exe
  C:\Windows\System32\hLZjSJx.exe
  2⤵
  PID:13300
- C:\Windows\System32\wZpgjXg.exe
  C:\Windows\System32\wZpgjXg.exe
  2⤵
  PID:11276
- C:\Windows\System32\NFPNmSO.exe
  C:\Windows\System32\NFPNmSO.exe
  2⤵
  PID:12320
- C:\Windows\System32\WTCPBsD.exe
  C:\Windows\System32\WTCPBsD.exe
  2⤵
  PID:12368
- C:\Windows\System32\HedifJv.exe
  C:\Windows\System32\HedifJv.exe
  2⤵
  PID:12416
- C:\Windows\System32\Srblwcg.exe
  C:\Windows\System32\Srblwcg.exe
  2⤵
  PID:12532
- C:\Windows\System32\XiKOaiT.exe
  C:\Windows\System32\XiKOaiT.exe
  2⤵
  PID:12652
- C:\Windows\System32\IIwSgPc.exe
  C:\Windows\System32\IIwSgPc.exe
  2⤵
  PID:12648
- C:\Windows\System32\iECNYOL.exe
  C:\Windows\System32\iECNYOL.exe
  2⤵
  PID:12700
- C:\Windows\System32\yfniXQV.exe
  C:\Windows\System32\yfniXQV.exe
  2⤵
  PID:12832
- C:\Windows\System32\dXmkzUd.exe
  C:\Windows\System32\dXmkzUd.exe
  2⤵
  PID:12924
- C:\Windows\System32\psYbZfu.exe
  C:\Windows\System32\psYbZfu.exe
  2⤵
  PID:12876
- C:\Windows\System32\xrWyIVV.exe
  C:\Windows\System32\xrWyIVV.exe
  2⤵
  PID:13020
- C:\Windows\System32\tjHHdDv.exe
  C:\Windows\System32\tjHHdDv.exe
  2⤵
  PID:13040
- C:\Windows\System32\mWsuDNU.exe
  C:\Windows\System32\mWsuDNU.exe
  2⤵
  PID:13132
- C:\Windows\System32\NRDFzSt.exe
  C:\Windows\System32\NRDFzSt.exe
  2⤵
  PID:3432
- C:\Windows\System32\SZxcwOY.exe
  C:\Windows\System32\SZxcwOY.exe
  2⤵
  PID:2712
- C:\Windows\System32\SUrUZlm.exe
  C:\Windows\System32\SUrUZlm.exe
  2⤵
  PID:13248
- C:\Windows\System32\vgaSGQd.exe
  C:\Windows\System32\vgaSGQd.exe
  2⤵
  PID:13272
- C:\Windows\System32\ApZaEvP.exe
  C:\Windows\System32\ApZaEvP.exe
  2⤵
  PID:13308
- C:\Windows\System32\fngrXTw.exe
  C:\Windows\System32\fngrXTw.exe
  2⤵
  PID:12388
- C:\Windows\System32\gIXOhPI.exe
  C:\Windows\System32\gIXOhPI.exe
  2⤵
  PID:12760
- C:\Windows\System32\kQJZRlT.exe
  C:\Windows\System32\kQJZRlT.exe
  2⤵
  PID:12900
- C:\Windows\System32\VKpLEVT.exe
  C:\Windows\System32\VKpLEVT.exe
  2⤵
  PID:12960
- C:\Windows\System32\cHfYmwK.exe
  C:\Windows\System32\cHfYmwK.exe
  2⤵
  PID:13164
- C:\Windows\System32\NUXGoVz.exe
  C:\Windows\System32\NUXGoVz.exe
  2⤵
  PID:13252
- C:\Windows\System32\wIxlvTq.exe
  C:\Windows\System32\wIxlvTq.exe
  2⤵
  PID:13292
- C:\Windows\System32\FksnaYX.exe
  C:\Windows\System32\FksnaYX.exe
  2⤵
  PID:12592
- C:\Windows\System32\zGAdsgr.exe
  C:\Windows\System32\zGAdsgr.exe
  2⤵
  PID:12964
- C:\Windows\System32\kmLArzT.exe
  C:\Windows\System32\kmLArzT.exe
  2⤵
  PID:13104
- C:\Windows\System32\BRgHKVE.exe
  C:\Windows\System32\BRgHKVE.exe
  2⤵
  PID:12508
- C:\Windows\System32\FGCRFrE.exe
  C:\Windows\System32\FGCRFrE.exe
  2⤵
  PID:12292
- C:\Windows\System32\lDhTLli.exe
  C:\Windows\System32\lDhTLli.exe
  2⤵
  PID:13320
- C:\Windows\System32\UtFOZcM.exe
  C:\Windows\System32\UtFOZcM.exe
  2⤵
  PID:13340
- C:\Windows\System32\LcVKrsG.exe
  C:\Windows\System32\LcVKrsG.exe
  2⤵
  PID:13356
- C:\Windows\System32\XwVWPrT.exe
  C:\Windows\System32\XwVWPrT.exe
  2⤵
  PID:13388
- C:\Windows\System32\yoANMeJ.exe
  C:\Windows\System32\yoANMeJ.exe
  2⤵
  PID:13436
- C:\Windows\System32\mxhWAdz.exe
  C:\Windows\System32\mxhWAdz.exe
  2⤵
  PID:13464
- C:\Windows\System32\NLNxsWQ.exe
  C:\Windows\System32\NLNxsWQ.exe
  2⤵
  PID:13480
- C:\Windows\System32\RlJPPXi.exe
  C:\Windows\System32\RlJPPXi.exe
  2⤵
  PID:13524
- C:\Windows\System32\jwGmweL.exe
  C:\Windows\System32\jwGmweL.exe
  2⤵
  PID:13552
- C:\Windows\System32\ExwkYNA.exe
  C:\Windows\System32\ExwkYNA.exe
  2⤵
  PID:13600
- C:\Windows\System32\LjauXxD.exe
  C:\Windows\System32\LjauXxD.exe
  2⤵
  PID:13620
- C:\Windows\System32\lzvVTZk.exe
  C:\Windows\System32\lzvVTZk.exe
  2⤵
  PID:13648
- C:\Windows\System32\RoAuRwV.exe
  C:\Windows\System32\RoAuRwV.exe
  2⤵
  PID:13664
- C:\Windows\System32\BvdpAzK.exe
  C:\Windows\System32\BvdpAzK.exe
  2⤵
  PID:13684
- C:\Windows\System32\LQFAcPx.exe
  C:\Windows\System32\LQFAcPx.exe
  2⤵
  PID:13712
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13712 -s 244
    3⤵
    PID:14156
- C:\Windows\System32\oQhmcSP.exe
  C:\Windows\System32\oQhmcSP.exe
  2⤵
  PID:13728
- C:\Windows\System32\xAEwjGB.exe
  C:\Windows\System32\xAEwjGB.exe
  2⤵
  PID:13760

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ACbYcDC.exe

Filesize
1.2MB

MD5
54e0aba61dc07891303be0fd3e53d335

SHA1
aac91b07143ed395931d9899d11d5988ce2b6d36

SHA256
9ee7c4a97d48d8abde3b0c18b8129272d8850382f9b557f2555680054f804655

SHA512
e8ebe47b5dae7b4b3c3194ad2847a5838c4c7841eebe260e91e70e344f3ce497965d6acb7650dc51f65e347826f7af1000ce0a951cca4cd919d201b47edac2c2

Download Submit
C:\Windows\System32\CStwSbX.exe

Filesize
1.2MB

MD5
16734a2f78d605a2babc8c45f0ccfa15

SHA1
a63fd44566a4aef433261bb4bb7573477045f1c3

SHA256
cde90f465a9192c9ef8320523c47c6e59af15790bc184be4f4155f35a39a0eb8

SHA512
4f3c9a74febd4410dee00245ac7849b6e26e23c282f4d8d262f6706e50c3c4a9367e3e1e1bc46828538b8d297213daeefe9d25edca383eda53b4f800d2d3ca1a

Download Submit
C:\Windows\System32\EnACZdU.exe

Filesize
1.2MB

MD5
63e0d3831676e60374c8f30dd8da741b

SHA1
068c8e25e1f7e091bde71019fce18a3401524c51

SHA256
c7e2c89c1a55c25bd16406aff4481abdbc69360aaafeb947ce3d65b9f7de1f70

SHA512
d5a12df15ad563589670db0f08def8dd477e7d29a2be0dafca85195b2e5b799e691ef9f39e6643e7531556e2174a8252a585e7f303fa22ee4ef3116005ec4305

Download Submit
C:\Windows\System32\GLUybNF.exe

Filesize
1.2MB

MD5
3b275b4479f24855dcc857169cec95c7

SHA1
1d8a7f90080534218dfa8a961c7e43e91bf980fc

SHA256
a02ef4992190e5fbd88bcea68826342c5d8864a4ce1f00d2342dfc73e5391a90

SHA512
2a4fdc6f7b15124b348995cf1445006ea92a627433e94763e49b3309c33f912c6435e36e6bbd3f2f2e4092df64043695be4dd7d8c3996d1ec6ab54af8f082e55

Download Submit
C:\Windows\System32\JMXBBll.exe

Filesize
1.2MB

MD5
68e04281550cdafd2cd049b41fb0ccef

SHA1
9ad7e49b4d118f1a88e70d6b0f39b14d354ce131

SHA256
e9a2a2c7787abddad94c3a371a9975a2efd8b5d1e8faea6a426b27f9520fa461

SHA512
dc666d596b58748deec364174221c6362334b7ad73d569d93994235f67bf276e620cdc2c57f352ceab9367b39ab1ba26e937dbfbee6d0be7d15ca859a51b3edd

Download Submit
C:\Windows\System32\LBwrVIl.exe

Filesize
1.2MB

MD5
af3bde92586c84ae3f8aef1e2d89ec9b

SHA1
d71afd0f2f5483690a65be2ff0a57b4fda812b75

SHA256
3ea062fd725156d40057c2c9d1675b6af37be6dbe20ebf159cea091c2dbea5ed

SHA512
e479d4d4c88f5958a37e8df0eab90ef9456fd90c5502c140d1a8d0b8f96acf191e85cdf82cd2f93db7f7c9325fd4120bc655b60dd7e6291ead6405fcdf431691

Download Submit
C:\Windows\System32\LuIJxYS.exe

Filesize
1.2MB

MD5
2ba8f646f2fd95de96f7743a9ab43076

SHA1
b1704bcd008691facb083abaa954cea6b57a6657

SHA256
dbf28c5e6174d09ca2d5d7c1ec65b2de8c1b69fd4e5baa6a987c3f9e10962fa3

SHA512
fab7364b8964ecfbcec8040dfbfe7e3d186e1f2c3dcfcbc2ff43dfad23eff85412fe0ce55a62e74249f71641a017064224bea8e6c5179f86bada859d15bc5f90

Download Submit
C:\Windows\System32\NQvysSt.exe

Filesize
1.2MB

MD5
c6b4db26f5be32f81f5b719408a69de2

SHA1
5a5c0b678ea4ecb0a172919dc401a89cb6b20fae

SHA256
6c431ac257029485bca9bfac2706a1bb6308ebf48e30656858e2b117d0dda13d

SHA512
76481fee01cad6f6fd9133c59a3e9e232be1737c11ee2021e1bdaeceb37b42e541077ea2c0ec22549fc245c59a8e4b10cc3f368d679a2093535d7e48823afaf5

Download Submit
C:\Windows\System32\OCggCHg.exe

Filesize
1.2MB

MD5
57b2ba2eda841141307fddd093d5c8cb

SHA1
fe73488d6dd0d401d2dcc3ec1010b7b1dac62b48

SHA256
741a0781d867849ea8a1a6bfad3ae4bf236963241bf01b0dd1e6f522ff8e3579

SHA512
3a5a2c8b858ee0ff04e7d5e90ca9e2e86372f338f62501f717d20a380fabf8d995ff604613407e0dcadda5b9081705c1017ea3da0261bd94b8aaa58a28cb92e9

Download Submit
C:\Windows\System32\RAWZqcs.exe

Filesize
1.2MB

MD5
62d0450bc38247c9b7cc017d99b9c6a4

SHA1
30ab7e5f503ab8d08e6075112e4d2aed44977166

SHA256
b91f84c57d08b4fed8c0873bfa78c6f7ab4fd3f4bbd0310e8f39514769bb532d

SHA512
5775ddd24ee4c2a786736336df34490100cc66ae15e92dbcdf77b9bdf24800319c03bad749b133c3a2d7c453e0e74946f70ff5255bd0296bfcb113a644863402

Download Submit
C:\Windows\System32\TIlxiIZ.exe

Filesize
1.2MB

MD5
ba37b91f7c22f2911bb74b82ea4b194f

SHA1
a865e4d37bb81500b071b505196d9c728b4ecb76

SHA256
070e85132ba98a9496942e058a33c8d915cdfcca05e3e455ca6c70c8d94a3575

SHA512
30a941c2158e811317d863473e82e932e663d9a16518e8960acd795ddc604e64e9b5df07195461fbf666cd17779ed2dd2ee379c2e22046ca0038be49caa1dba2

Download Submit
C:\Windows\System32\UvzjxnT.exe

Filesize
1.2MB

MD5
2c8da684aed4f648984dab960a737f84

SHA1
71890e2e90fb81767f6568bd4b571228547c7f30

SHA256
2aa608a550e6d3bb8b02574388b65163045ca1a610c9fad9065f251da8cc6b11

SHA512
6b9b298dfd1dda66bc056f2cae415f495b25f240e6ffce27ea1bdc26cfd4b926bb522679b84dddd41d1554e28ef98813f0088448d9e386b10ab2c4dcede3978f

Download Submit
C:\Windows\System32\WVgcjnN.exe

Filesize
1.2MB

MD5
0945a6ef226f0bc9a2824a3e0f0d5557

SHA1
5a16fbda74262db5d99afaf9b26b86ce29d58d76

SHA256
bc2b3dcceb889fa93c7d61ebb51756ee8d8cd8baaa2684d17800feb523a28a8e

SHA512
be072182247dcaeab3c0a666dd9252358d728fd3a1d9e49ebaef776c9f041df27f6f53f32d8702b27cf588db2eda351e34867ecf04cc9b003b3b036c278e67d9

Download Submit
C:\Windows\System32\ZBYEuYF.exe

Filesize
1.2MB

MD5
75c3e65399ad4b7a2fa2278a5cd829f2

SHA1
1ae0bb8a2db07d8189a06f3db1a65558fbf7b8bc

SHA256
2ed34586d2d500c0f465f67152e52a77466677b1a5bb599a8608d340ac0431c6

SHA512
0e91e022a8fa93945029c7e309fbbb6d010608814cde53a3b32cf25a46fb5a321c314c906d161fbcf8d6482bd0dde1289ae1208560c77ac8aabe22cb2911bfc1

Download Submit
C:\Windows\System32\aUWpqAw.exe

Filesize
1.2MB

MD5
ea7588bd90a17143c5bf234b82d2e9b1

SHA1
2eeb8f0c959c8832a20c2c267a134962acf52024

SHA256
d2ed14134682c788ecd0ea2230bbba5be58952f3949d0b04d82cb315d74bdedd

SHA512
6c8d8f820801b47fdce8a2db4d4fdca026ffefa6aa0aac7ad235a82c724af6236ab67b9e5a1ec0dc9df6a4f98292c918e64e7a5688d4b94a8d28d37eb25ed09b

Download Submit
C:\Windows\System32\bQNxsgO.exe

Filesize
1.2MB

MD5
dc80a648f2f82615a828f3ab25021a77

SHA1
c12767b1c87008a8a1869270c74d87f919734214

SHA256
39830e70c76c15b9f45736c1170cc6092337d2b8689968ede4a713b73daa0d3a

SHA512
d1a149e05d37a00742180d08e287b72bb146e5fb8e127d40e7ee5d320cddb5933b8731f03b056e66e004186fc95f267399ac321ec35a36b79d82397979c7a3e8

Download Submit
C:\Windows\System32\fUWJzBu.exe

Filesize
1.2MB

MD5
9fec1a96b047bfa0205b0c81f78a4578

SHA1
41be62227178ca38ab643b4f14d13855578f0b21

SHA256
af3c0d1b6af89df81670327fd2712c1b7fd868c5610ddecff6287a0f1c637dfc

SHA512
fbbf26a51d3cba22f855f710d8560c3fa7234d224fd636e7d8d2e980cc30ed555dbd732b75cacfb50aa89d601fae1b270f2c82d98601b4c94d64f7d972e9a6ac

Download Submit
C:\Windows\System32\geMVcFg.exe

Filesize
1.2MB

MD5
8cee49feff51a8442d9d432a28daf0c8

SHA1
e8b063915165f7f305db0430eea59551a47453b3

SHA256
ce62c59747ec53d457674147853d645e570665f06727be11a59df5a969d833c2

SHA512
05a5f40d4ea3750fda3e4d16a5bec6ce9dec27e515b484cb878035cd79c22b8874035a1a2ee6faebbb091cd4c226985bcfa96ed89216079ca0198a6bb46821c0

Download Submit
C:\Windows\System32\hXmxFle.exe

Filesize
1.2MB

MD5
06cfaec7bc483cbd7baef10666e8fd61

SHA1
6240891f1e28d435fd7b702fbd0c36590832a3eb

SHA256
dbb8114474a032ea88d06aab50a482fef723980eebb4238899bcb5dae3909cc4

SHA512
b33d3f3a31eb58e9efc03d6f29832f09dfbe7be93ef31d6b9733134bcf4a1d9bb1d88fb0b1be0510d2145c612c2b835945a8abb5ba5ffedca0bfe6108f040ff8

Download Submit
C:\Windows\System32\heSABtd.exe

Filesize
1.2MB

MD5
5e70faa4281b26e8a17920df3df7694d

SHA1
67187bc936085c29016feb2fa0c90d3103378c46

SHA256
0c2f09d1080d03b16a6f7f14cccfd9427dbe2f391ffc040fb084d53d26bbd3f1

SHA512
fded3fd03aa12c2764203e9acede547af26021db223d3edc4e6776b6468c956786072b697cdd272b58c83f2241f1adc7ae07c278dce2348bb73e7c32f6dff510

Download Submit
C:\Windows\System32\kBrDIAX.exe

Filesize
1.2MB

MD5
6ead2d32de3a1c4d71bfb1c27c9e4762

SHA1
2f6005fdad5bd3faf4167952e3eb0580db6006c1

SHA256
410d409b725647a859c41db0c9478b5722cab9c346c80497ca14914ad0e1d9a1

SHA512
979c4a2b666710f3ef2fad56b1314817d7ce22e4a2f40436055426efb1981e36c67a2da1a8c97746df59b533c50ac34bd4782766213398be65dd04b896ad21dc

Download Submit
C:\Windows\System32\kklYmFQ.exe

Filesize
1.2MB

MD5
f0b5b1808a194e752923f2433acd48fc

SHA1
f970e98e133875d9afac6aa33f5e1f1e874b49a2

SHA256
ddffb2ff0cea2c15a0edd4db75febddf2d63e8d632d567092102dbf9560cb044

SHA512
864e9fb6d8f00c7aa40f4710abbc9002421e09c5cb7ad014ccf18c39b94e70485ef1810a1a4896f64d2eb1cd92b44653bf8b53e7e417ab8f930076ed00b1d0e7

Download Submit
C:\Windows\System32\mmEdcwz.exe

Filesize
1.2MB

MD5
a11fbbc12494756fdf7c5b5d07b58da6

SHA1
73317f79b7725121f1be45c34bd5e94db1847046

SHA256
748fb7e3074bb239335d2a3dd5913268cbbcaadd3a66897425f896ccf01c96e3

SHA512
9fd576748887b4b3c410dd4f3cf7fa62d6546095e6ea0a139fcd5624f6e72ad9a7bfcf46c453ff73b92fc2917c5330d954d7b62f14b7577988c8dc541f9efe0a

Download Submit
C:\Windows\System32\oPtopER.exe

Filesize
1.2MB

MD5
cc966df8a99c696476065a5ed402f85f

SHA1
1a7e0d37f833de50bcc88352f05ae4c223f7b9d4

SHA256
f12f180ca6413ba49b6dfb0ab63cb1bb0d465ed9d40e93ee1c1d423f03a2dde0

SHA512
0380b2b75afdeea4943e0f613e00282d34576e9a8fdfd6ac73b8c274a10d1bfd165fc4127ab4c6336de0253c7c3893f0153c4b059c224e9e75536cf34aa5bead

Download Submit
C:\Windows\System32\oUrmLgV.exe

Filesize
1.2MB

MD5
ace7b053ab50203ef2f07d1da6b3de09

SHA1
cc9d9475f9b4b524d4eee8a8a1bb458162add27c

SHA256
49356c82ec76295cc5ce9d55a7f5a38cc9ebbd177e8f9fd8a29c338af0cc0b98

SHA512
dfd83d100a2b266291fb126763a4c46feae227c364a5d749b3c47f20c287204409855445c8f66a58e9cb15aa8cbf7f56b8e1d843c821d218387ca59a613ddcff

Download Submit
C:\Windows\System32\pkIinal.exe

Filesize
1.2MB

MD5
cdcb6d61e7cc0883b8ef810b6374d2ef

SHA1
5079f92e9f18aa6670c248a2312da852e188b5fe

SHA256
cd48ace26cbadd91575954d16cc4f4e649857c837ed5184fb6914b75296e97c4

SHA512
b3aafcdca567c92fb770b03b3ee4f6d56d5f9e5f652588a5c9348c4d7860c7d59da06e34ada7ca127f4130a8f7a62bf1cd933af02313c3ee4a7345ce974706b9

Download Submit
C:\Windows\System32\pzpUuMV.exe

Filesize
1.2MB

MD5
2bdf0ea8d689c5b2ea54fdaeb31d66ff

SHA1
abeb8954427763aad8be3c029f3df04932ee4dd8

SHA256
755133e534b4275f0a98468c87cf73414ec083aeaed247d46acac1cb836687d1

SHA512
d5a6e7c211f47b3e452650f03b5a1e3ea344d001d9734651ad0786d70fa5232f090205efa12fae63be361a26bfcc02b7246fdc22fce0626b2c613c399cf7d9d1

Download Submit
C:\Windows\System32\rDpQsLT.exe

Filesize
1.2MB

MD5
d1ca231d66bc634a91ec8eeef0f0b8a2

SHA1
a9ba5dbdc7d1143ae191cba1dce0a2db9fb300c9

SHA256
85af5a4becb836ef952ac21f0deecd6ad5572b425f0c4bb9f1cf50699409ea9e

SHA512
794be0b226d455a24d729602bc9aaa822c6cde92ff43591f294662c3585fc7a97ac342778620d82f0636fd580955b30550105df9efc5251b3d186c2fa4b2f59a

Download Submit
C:\Windows\System32\rHKmHdn.exe

Filesize
1.2MB

MD5
546d58a7cfdd7aa5fb281cab9d561169

SHA1
d719d0c5863ffbbec7fc4706dc20fc89a74cc3b3

SHA256
f24326c92ac1d87d52ee7748a5c8515cb66e3e554133f793d6a546d6a7aaf8ae

SHA512
02482e4eddec0ad1bcde5da387ad4de23372951f9225ea6a12157413f021826293c882d25e703fa9ca868b54abbc6aaa4387c9aae5c03bc036ed18656c7314c6

Download Submit
C:\Windows\System32\rhedwfW.exe

Filesize
1.2MB

MD5
7fb32cd8832be50ff713ded170a14abd

SHA1
f1b7705e6718c3aa69e82e0070a5d9ea4d32d6bd

SHA256
ab1fd093280307946bb0aefa52d9887fb8a8337705d5cb300bc954eb3d541a92

SHA512
1eb2a2a6f071d037075f7578909a8163d915cd485f1553aa475504789ea30563febf423a6161235823e9f00a56c5a078e876399644128a4238867e47625a2328

Download Submit
C:\Windows\System32\rvDjSkW.exe

Filesize
1.2MB

MD5
a4dd4326a3c71945b3e27730f5053fa9

SHA1
844224823aa31b37361d4c99d7e0e234cb578c49

SHA256
9c9904da88c76f574fb6b33bcbac8bbe54fca2b3c46ca4c244f6318d7137ce93

SHA512
610f6cc10ef1c5a05e5865fc8f0d017e4e80889d541b2f599e62dfea7ff4ee36d7e6dc075595a5ce6fabf18f390f57e5e172a9364c744704dec8ffda7cd6ced8

Download Submit
C:\Windows\System32\viGpEPy.exe

Filesize
1.2MB

MD5
b689698077a775a09072adfb24960a81

SHA1
35a0071ab87ced6b7090d2a769a71fb57cfb4112

SHA256
091583fd98cc743c9042c36a4ba57612d09739afbf9736b65cc577865cfec553

SHA512
43bc04ccfb8584e4b462d05d691f28cb11f2cd17b548094021cf424c7cf1a6a20c10af6e70ee273f9f7f5722e1ddefd9e467d73e9b8ae39a0f3fb880993f4625

Download Submit
memory/112-1-0x00000214AE7C0000-0x00000214AE7D0000-memory.dmp

Filesize
64KB

Download
memory/112-0-0x00007FF709FB0000-0x00007FF70A3A1000-memory.dmp

Filesize
3.9MB

Download
memory/112-1190-0x00007FF709FB0000-0x00007FF70A3A1000-memory.dmp

Filesize
3.9MB

Download
memory/408-355-0x00007FF654590000-0x00007FF654981000-memory.dmp

Filesize
3.9MB

Download
memory/624-418-0x00007FF6AF800000-0x00007FF6AFBF1000-memory.dmp

Filesize
3.9MB

Download
memory/624-2182-0x00007FF6AF800000-0x00007FF6AFBF1000-memory.dmp

Filesize
3.9MB

Download
memory/720-2137-0x00007FF779950000-0x00007FF779D41000-memory.dmp

Filesize
3.9MB

Download
memory/720-27-0x00007FF779950000-0x00007FF779D41000-memory.dmp

Filesize
3.9MB

Download
memory/720-1305-0x00007FF779950000-0x00007FF779D41000-memory.dmp

Filesize
3.9MB

Download
memory/1000-2190-0x00007FF769330000-0x00007FF769721000-memory.dmp

Filesize
3.9MB

Download
memory/1000-425-0x00007FF769330000-0x00007FF769721000-memory.dmp

Filesize
3.9MB

Download
memory/1712-2172-0x00007FF783E20000-0x00007FF784211000-memory.dmp

Filesize
3.9MB

Download
memory/1712-372-0x00007FF783E20000-0x00007FF784211000-memory.dmp

Filesize
3.9MB

Download
memory/2024-2176-0x00007FF769670000-0x00007FF769A61000-memory.dmp

Filesize
3.9MB

Download
memory/2024-443-0x00007FF769670000-0x00007FF769A61000-memory.dmp

Filesize
3.9MB

Download
memory/2268-2220-0x00007FF7F3540000-0x00007FF7F3931000-memory.dmp

Filesize
3.9MB

Download
memory/2268-431-0x00007FF7F3540000-0x00007FF7F3931000-memory.dmp

Filesize
3.9MB

Download
memory/2296-2135-0x00007FF70E010000-0x00007FF70E401000-memory.dmp

Filesize
3.9MB

Download
memory/2296-19-0x00007FF70E010000-0x00007FF70E401000-memory.dmp

Filesize
3.9MB

Download
memory/2296-1303-0x00007FF70E010000-0x00007FF70E401000-memory.dmp

Filesize
3.9MB

Download
memory/2416-387-0x00007FF656760000-0x00007FF656B51000-memory.dmp

Filesize
3.9MB

Download
memory/2416-2178-0x00007FF656760000-0x00007FF656B51000-memory.dmp

Filesize
3.9MB

Download
memory/2868-419-0x00007FF745AE0000-0x00007FF745ED1000-memory.dmp

Filesize
3.9MB

Download
memory/2868-2184-0x00007FF745AE0000-0x00007FF745ED1000-memory.dmp

Filesize
3.9MB

Download
memory/3028-2192-0x00007FF6252C0000-0x00007FF6256B1000-memory.dmp

Filesize
3.9MB

Download
memory/3028-428-0x00007FF6252C0000-0x00007FF6256B1000-memory.dmp

Filesize
3.9MB

Download
memory/3240-424-0x00007FF7CDC90000-0x00007FF7CE081000-memory.dmp

Filesize
3.9MB

Download
memory/3240-2188-0x00007FF7CDC90000-0x00007FF7CE081000-memory.dmp

Filesize
3.9MB

Download
memory/3616-440-0x00007FF66BEA0000-0x00007FF66C291000-memory.dmp

Filesize
3.9MB

Download
memory/3616-2216-0x00007FF66BEA0000-0x00007FF66C291000-memory.dmp

Filesize
3.9MB

Download
memory/3760-1451-0x00007FF7914F0000-0x00007FF7918E1000-memory.dmp

Filesize
3.9MB

Download
memory/3760-2174-0x00007FF7914F0000-0x00007FF7918E1000-memory.dmp

Filesize
3.9MB

Download
memory/3760-56-0x00007FF7914F0000-0x00007FF7918E1000-memory.dmp

Filesize
3.9MB

Download
memory/3816-30-0x00007FF639460000-0x00007FF639851000-memory.dmp

Filesize
3.9MB

Download
memory/3816-1573-0x00007FF639460000-0x00007FF639851000-memory.dmp

Filesize
3.9MB

Download
memory/3816-2140-0x00007FF639460000-0x00007FF639851000-memory.dmp

Filesize
3.9MB

Download
memory/4000-2194-0x00007FF7A2A70000-0x00007FF7A2E61000-memory.dmp

Filesize
3.9MB

Download
memory/4000-427-0x00007FF7A2A70000-0x00007FF7A2E61000-memory.dmp

Filesize
3.9MB

Download
memory/4068-412-0x00007FF6DD420000-0x00007FF6DD811000-memory.dmp

Filesize
3.9MB

Download
memory/4068-2186-0x00007FF6DD420000-0x00007FF6DD811000-memory.dmp

Filesize
3.9MB

Download
memory/4320-363-0x00007FF76CE80000-0x00007FF76D271000-memory.dmp

Filesize
3.9MB

Download
memory/4320-2168-0x00007FF76CE80000-0x00007FF76D271000-memory.dmp

Filesize
3.9MB

Download
memory/4376-2170-0x00007FF782D90000-0x00007FF783181000-memory.dmp

Filesize
3.9MB

Download
memory/4376-376-0x00007FF782D90000-0x00007FF783181000-memory.dmp

Filesize
3.9MB

Download
memory/4564-2133-0x00007FF6FACC0000-0x00007FF6FB0B1000-memory.dmp

Filesize
3.9MB

Download
memory/4564-9-0x00007FF6FACC0000-0x00007FF6FB0B1000-memory.dmp

Filesize
3.9MB

Download
memory/4564-1193-0x00007FF6FACC0000-0x00007FF6FB0B1000-memory.dmp

Filesize
3.9MB

Download
memory/4620-442-0x00007FF61CE80000-0x00007FF61D271000-memory.dmp

Filesize
3.9MB

Download
memory/4628-439-0x00007FF632360000-0x00007FF632751000-memory.dmp

Filesize
3.9MB

Download
memory/4628-2218-0x00007FF632360000-0x00007FF632751000-memory.dmp

Filesize
3.9MB

Download
memory/4704-441-0x00007FF730B10000-0x00007FF730F01000-memory.dmp

Filesize
3.9MB

Download
memory/4704-2222-0x00007FF730B10000-0x00007FF730F01000-memory.dmp

Filesize
3.9MB

Download
memory/4968-2180-0x00007FF6A7120000-0x00007FF6A7511000-memory.dmp

Filesize
3.9MB

Download
memory/4968-390-0x00007FF6A7120000-0x00007FF6A7511000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads