xmrig | 706159a517137d7b848a070c53bd388e8407e1fd3d04028c46e1967a99cefc9a

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
Size

1.1MB
MD5

be24af81f26ace0503501b67eb211afc
SHA1

8ddc947dd8b2f327dae7e8afaf4587ef531adb48
SHA256

706159a517137d7b848a070c53bd388e8407e1fd3d04028c46e1967a99cefc9a
SHA512

4a38521d0ac6f39fc0d5e6521dfae63bfdccadffe746adb4db95126b434e72feec21810a7cef24b2c438c758dbcd1ba56fb6abaa129c5e4e3c1cbc28b42c4e0d
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XCejIODosTigQytOFCL+:knw9oUUEEDlGUrMNO

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 44 IoCs

miner

resource	yara_rule
behavioral2/memory/1312-109-0x00007FF7D51C0000-0x00007FF7D55B1000-memory.dmp	xmrig
behavioral2/memory/2488-121-0x00007FF696B10000-0x00007FF696F01000-memory.dmp	xmrig
behavioral2/memory/4152-150-0x00007FF7026C0000-0x00007FF702AB1000-memory.dmp	xmrig
behavioral2/memory/1384-147-0x00007FF779A20000-0x00007FF779E11000-memory.dmp	xmrig
behavioral2/memory/1464-140-0x00007FF65A170000-0x00007FF65A561000-memory.dmp	xmrig
behavioral2/memory/680-127-0x00007FF663A60000-0x00007FF663E51000-memory.dmp	xmrig
behavioral2/memory/4212-126-0x00007FF77A500000-0x00007FF77A8F1000-memory.dmp	xmrig
behavioral2/memory/396-117-0x00007FF7375F0000-0x00007FF7379E1000-memory.dmp	xmrig
behavioral2/memory/712-113-0x00007FF779110000-0x00007FF779501000-memory.dmp	xmrig
behavioral2/memory/4852-112-0x00007FF685600000-0x00007FF6859F1000-memory.dmp	xmrig
behavioral2/memory/2592-108-0x00007FF7BEE30000-0x00007FF7BF221000-memory.dmp	xmrig
behavioral2/memory/1040-101-0x00007FF612300000-0x00007FF6126F1000-memory.dmp	xmrig
behavioral2/memory/1188-63-0x00007FF76DF50000-0x00007FF76E341000-memory.dmp	xmrig
behavioral2/memory/3752-60-0x00007FF6CB730000-0x00007FF6CBB21000-memory.dmp	xmrig
behavioral2/memory/2824-54-0x00007FF780750000-0x00007FF780B41000-memory.dmp	xmrig
behavioral2/memory/4348-937-0x00007FF738810000-0x00007FF738C01000-memory.dmp	xmrig
behavioral2/memory/4412-1060-0x00007FF7E1960000-0x00007FF7E1D51000-memory.dmp	xmrig
behavioral2/memory/2972-1198-0x00007FF689E20000-0x00007FF68A211000-memory.dmp	xmrig
behavioral2/memory/2552-1195-0x00007FF633E00000-0x00007FF6341F1000-memory.dmp	xmrig
behavioral2/memory/4816-1426-0x00007FF7EE530000-0x00007FF7EE921000-memory.dmp	xmrig
behavioral2/memory/3888-1526-0x00007FF758050000-0x00007FF758441000-memory.dmp	xmrig
behavioral2/memory/5088-1633-0x00007FF6185B0000-0x00007FF6189A1000-memory.dmp	xmrig
behavioral2/memory/4496-1741-0x00007FF701380000-0x00007FF701771000-memory.dmp	xmrig
behavioral2/memory/4960-1867-0x00007FF632490000-0x00007FF632881000-memory.dmp	xmrig
behavioral2/memory/2592-2082-0x00007FF7BEE30000-0x00007FF7BF221000-memory.dmp	xmrig
behavioral2/memory/1312-2084-0x00007FF7D51C0000-0x00007FF7D55B1000-memory.dmp	xmrig
behavioral2/memory/2824-2086-0x00007FF780750000-0x00007FF780B41000-memory.dmp	xmrig
behavioral2/memory/712-2096-0x00007FF779110000-0x00007FF779501000-memory.dmp	xmrig
behavioral2/memory/1188-2094-0x00007FF76DF50000-0x00007FF76E341000-memory.dmp	xmrig
behavioral2/memory/396-2092-0x00007FF7375F0000-0x00007FF7379E1000-memory.dmp	xmrig
behavioral2/memory/3752-2090-0x00007FF6CB730000-0x00007FF6CBB21000-memory.dmp	xmrig
behavioral2/memory/4852-2088-0x00007FF685600000-0x00007FF6859F1000-memory.dmp	xmrig
behavioral2/memory/4152-2150-0x00007FF7026C0000-0x00007FF702AB1000-memory.dmp	xmrig
behavioral2/memory/4960-2160-0x00007FF632490000-0x00007FF632881000-memory.dmp	xmrig
behavioral2/memory/4496-2156-0x00007FF701380000-0x00007FF701771000-memory.dmp	xmrig
behavioral2/memory/3772-2162-0x00007FF77B7A0000-0x00007FF77BB91000-memory.dmp	xmrig
behavioral2/memory/4212-2152-0x00007FF77A500000-0x00007FF77A8F1000-memory.dmp	xmrig
behavioral2/memory/4412-2149-0x00007FF7E1960000-0x00007FF7E1D51000-memory.dmp	xmrig
behavioral2/memory/4348-2158-0x00007FF738810000-0x00007FF738C01000-memory.dmp	xmrig
behavioral2/memory/1384-2146-0x00007FF779A20000-0x00007FF779E11000-memory.dmp	xmrig
behavioral2/memory/2552-2144-0x00007FF633E00000-0x00007FF6341F1000-memory.dmp	xmrig
behavioral2/memory/3888-2142-0x00007FF758050000-0x00007FF758441000-memory.dmp	xmrig
behavioral2/memory/4816-2140-0x00007FF7EE530000-0x00007FF7EE921000-memory.dmp	xmrig
behavioral2/memory/2972-2138-0x00007FF689E20000-0x00007FF68A211000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2592	bZkKbZp.exe
1312	ZvPJkiY.exe
3752	WIBxEyu.exe
4852	oDuZtBh.exe
712	NYQqvLk.exe
396	gJqxJfn.exe
1188	LPJWfnE.exe
2824	kNYNXCd.exe
4212	QWMepAn.exe
2488	FiLllKk.exe
680	dgtfGHo.exe
1464	LIgtIsc.exe
1384	KXUjdkI.exe
4152	SIhZsWA.exe
4348	FLSVamE.exe
4412	AeJGWBq.exe
2552	xeBDERJ.exe
2972	BbxTuPv.exe
4816	CEBCwpP.exe
3888	rHjlMkW.exe
5088	pGOlrZX.exe
4496	pyNIMHn.exe
4960	airXSKU.exe
3772	zyQaBaJ.exe
8	sXMSwnf.exe
3116	PkZoGaQ.exe
4512	ZoXPFfA.exe
4372	fYQACoA.exe
1296	wJIuzhs.exe
1192	BBamYAa.exe
3916	iBqzBBI.exe
4780	rsQSrnN.exe
2736	nlRtYGV.exe
1452	jcGGXzg.exe
2000	rQPxyVY.exe
1448	YmZdTQB.exe
1124	ItEDchn.exe
3596	lFbpUwd.exe
2316	klHylTH.exe
5136	MOIXtqF.exe
5156	hkszkcH.exe
5180	BJaipUj.exe
5212	NGnruWy.exe
5248	hDlPqRN.exe
5268	erEfxtz.exe
5300	KVpnthM.exe
5320	AdgqjGk.exe
5356	FiFKsvv.exe
5376	VMsihaf.exe
5408	GPlMFJw.exe
5432	vdJDIpM.exe
5460	MdwGSAd.exe
5488	UuRNfYx.exe
5516	PhfhBwz.exe
5544	dqkopKj.exe
5572	qzRIfQP.exe
5600	pdlWfhd.exe
5632	jeCvHfS.exe
5656	BIvSDuk.exe
5684	ikrZjDP.exe
5716	SduZUKK.exe
5740	ENBYfDy.exe
5768	zhOnVee.exe
5796	ImrdzVm.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1040-0-0x00007FF612300000-0x00007FF6126F1000-memory.dmp	upx
behavioral2/files/0x0007000000023623-9.dat	upx
behavioral2/files/0x0008000000023622-10.dat	upx
behavioral2/files/0x0007000000023628-32.dat	upx
behavioral2/files/0x0007000000023629-42.dat	upx
behavioral2/memory/396-53-0x00007FF7375F0000-0x00007FF7379E1000-memory.dmp	upx
behavioral2/files/0x000700000002362b-61.dat	upx
behavioral2/files/0x000700000002362e-82.dat	upx
behavioral2/memory/1312-109-0x00007FF7D51C0000-0x00007FF7D55B1000-memory.dmp	upx
behavioral2/memory/2488-121-0x00007FF696B10000-0x00007FF696F01000-memory.dmp	upx
behavioral2/files/0x0007000000023636-134.dat	upx
behavioral2/files/0x000700000002363b-164.dat	upx
behavioral2/files/0x000700000002363f-190.dat	upx
behavioral2/files/0x0007000000023642-198.dat	upx
behavioral2/files/0x0007000000023641-196.dat	upx
behavioral2/files/0x0007000000023640-192.dat	upx
behavioral2/files/0x000700000002363e-185.dat	upx
behavioral2/files/0x000700000002363d-177.dat	upx
behavioral2/files/0x000700000002363c-173.dat	upx
behavioral2/files/0x000700000002363a-163.dat	upx
behavioral2/files/0x0007000000023639-160.dat	upx
behavioral2/memory/3772-157-0x00007FF77B7A0000-0x00007FF77BB91000-memory.dmp	upx
behavioral2/files/0x0007000000023638-154.dat	upx
behavioral2/memory/4960-151-0x00007FF632490000-0x00007FF632881000-memory.dmp	upx
behavioral2/memory/4152-150-0x00007FF7026C0000-0x00007FF702AB1000-memory.dmp	upx
behavioral2/memory/1384-147-0x00007FF779A20000-0x00007FF779E11000-memory.dmp	upx
behavioral2/files/0x0007000000023637-146.dat	upx
behavioral2/memory/4496-143-0x00007FF701380000-0x00007FF701771000-memory.dmp	upx
behavioral2/memory/1464-140-0x00007FF65A170000-0x00007FF65A561000-memory.dmp	upx
behavioral2/memory/5088-136-0x00007FF6185B0000-0x00007FF6189A1000-memory.dmp	upx
behavioral2/files/0x0007000000023635-130.dat	upx
behavioral2/memory/3888-129-0x00007FF758050000-0x00007FF758441000-memory.dmp	upx
behavioral2/memory/680-127-0x00007FF663A60000-0x00007FF663E51000-memory.dmp	upx
behavioral2/memory/4212-126-0x00007FF77A500000-0x00007FF77A8F1000-memory.dmp	upx
behavioral2/files/0x0007000000023634-125.dat	upx
behavioral2/memory/4816-122-0x00007FF7EE530000-0x00007FF7EE921000-memory.dmp	upx
behavioral2/files/0x0007000000023633-118.dat	upx
behavioral2/memory/396-117-0x00007FF7375F0000-0x00007FF7379E1000-memory.dmp	upx
behavioral2/memory/2972-116-0x00007FF689E20000-0x00007FF68A211000-memory.dmp	upx
behavioral2/memory/712-113-0x00007FF779110000-0x00007FF779501000-memory.dmp	upx
behavioral2/memory/4852-112-0x00007FF685600000-0x00007FF6859F1000-memory.dmp	upx
behavioral2/memory/2592-108-0x00007FF7BEE30000-0x00007FF7BF221000-memory.dmp	upx
behavioral2/files/0x0007000000023632-107.dat	upx
behavioral2/memory/2552-104-0x00007FF633E00000-0x00007FF6341F1000-memory.dmp	upx
behavioral2/memory/1040-101-0x00007FF612300000-0x00007FF6126F1000-memory.dmp	upx
behavioral2/files/0x0007000000023631-97.dat	upx
behavioral2/memory/4412-95-0x00007FF7E1960000-0x00007FF7E1D51000-memory.dmp	upx
behavioral2/files/0x0007000000023630-94.dat	upx
behavioral2/files/0x000700000002362f-89.dat	upx
behavioral2/memory/4348-88-0x00007FF738810000-0x00007FF738C01000-memory.dmp	upx
behavioral2/memory/4152-87-0x00007FF7026C0000-0x00007FF702AB1000-memory.dmp	upx
behavioral2/memory/1384-79-0x00007FF779A20000-0x00007FF779E11000-memory.dmp	upx
behavioral2/files/0x000700000002362c-75.dat	upx
behavioral2/files/0x000700000002362d-74.dat	upx
behavioral2/memory/1464-70-0x00007FF65A170000-0x00007FF65A561000-memory.dmp	upx
behavioral2/memory/680-67-0x00007FF663A60000-0x00007FF663E51000-memory.dmp	upx
behavioral2/memory/4212-64-0x00007FF77A500000-0x00007FF77A8F1000-memory.dmp	upx
behavioral2/memory/1188-63-0x00007FF76DF50000-0x00007FF76E341000-memory.dmp	upx
behavioral2/memory/3752-60-0x00007FF6CB730000-0x00007FF6CBB21000-memory.dmp	upx
behavioral2/memory/2488-57-0x00007FF696B10000-0x00007FF696F01000-memory.dmp	upx
behavioral2/files/0x000700000002362a-55.dat	upx
behavioral2/memory/2824-54-0x00007FF780750000-0x00007FF780B41000-memory.dmp	upx
behavioral2/memory/712-44-0x00007FF779110000-0x00007FF779501000-memory.dmp	upx
behavioral2/files/0x0007000000023627-40.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\fMRvdxC.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\lpYwTZF.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\PAVoIUt.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\eNmkpmH.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\sXMSwnf.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\TJYXwRf.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\jWiDdOh.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\YdqaWXG.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\ySLqFCF.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\zaSRicr.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\rEJQhDT.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\OlnlYlF.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\PVVSkDq.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\RMrJdhJ.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\FnMRvDi.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\XuJXcVw.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\OtmwaOs.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\JSnAeUU.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\UbaPdwm.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\CYRUPcq.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\rLSMRVS.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\XRZvfmS.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\nyvGKcU.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\wTvLFtP.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\ZWEdkZV.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\TBFxYwh.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\HHzAlyy.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\sNRceSN.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\MOIXtqF.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\oJlRjFa.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\gLEorlc.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\PkZoGaQ.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\eYAMQrJ.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\nGxPJMp.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\CmiViVO.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\WIBxEyu.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\VMsihaf.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\pyPSEre.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\GPlMFJw.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\pdlWfhd.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\RVpEAsJ.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\vnmvkvJ.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\AuJSSSe.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\DgUpsni.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\KVpnthM.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\RKqXiDx.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\uILvciB.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\HMEaDXh.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\UNfgqgG.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\LddSEMm.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\sDKLZYC.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\fvKyvAS.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\UUOhNUk.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\NZhtArn.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\eUeZaGh.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\xQuspCt.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\hDlPqRN.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\JNDsXzC.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\Ctjtbqa.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\eXymDFp.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\YkwEHpM.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\mvmGWHv.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\UMQIgZS.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
File created	C:\Windows\System32\WygVJTL.exe	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14212	dwm.exe
Token: SeChangeNotifyPrivilege	14212	dwm.exe
Token: 33	14212	dwm.exe
Token: SeIncBasePriorityPrivilege	14212	dwm.exe
Token: SeShutdownPrivilege	14212	dwm.exe
Token: SeCreatePagefilePrivilege	14212	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2592	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	93
PID 1040 wrote to memory of 2592	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	93
PID 1040 wrote to memory of 1312	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	94
PID 1040 wrote to memory of 1312	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	94
PID 1040 wrote to memory of 3752	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	95
PID 1040 wrote to memory of 3752	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	95
PID 1040 wrote to memory of 4852	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	96
PID 1040 wrote to memory of 4852	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	96
PID 1040 wrote to memory of 712	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	97
PID 1040 wrote to memory of 712	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	97
PID 1040 wrote to memory of 396	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	98
PID 1040 wrote to memory of 396	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	98
PID 1040 wrote to memory of 1188	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	99
PID 1040 wrote to memory of 1188	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	99
PID 1040 wrote to memory of 2824	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	100
PID 1040 wrote to memory of 2824	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	100
PID 1040 wrote to memory of 4212	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	101
PID 1040 wrote to memory of 4212	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	101
PID 1040 wrote to memory of 2488	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	102
PID 1040 wrote to memory of 2488	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	102
PID 1040 wrote to memory of 680	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	103
PID 1040 wrote to memory of 680	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	103
PID 1040 wrote to memory of 1464	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	104
PID 1040 wrote to memory of 1464	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	104
PID 1040 wrote to memory of 1384	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	105
PID 1040 wrote to memory of 1384	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	105
PID 1040 wrote to memory of 4152	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	106
PID 1040 wrote to memory of 4152	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	106
PID 1040 wrote to memory of 4348	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	107
PID 1040 wrote to memory of 4348	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	107
PID 1040 wrote to memory of 4412	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	108
PID 1040 wrote to memory of 4412	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	108
PID 1040 wrote to memory of 2552	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	109
PID 1040 wrote to memory of 2552	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	109
PID 1040 wrote to memory of 2972	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	110
PID 1040 wrote to memory of 2972	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	110
PID 1040 wrote to memory of 4816	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	111
PID 1040 wrote to memory of 4816	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	111
PID 1040 wrote to memory of 3888	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	112
PID 1040 wrote to memory of 3888	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	112
PID 1040 wrote to memory of 5088	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	113
PID 1040 wrote to memory of 5088	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	113
PID 1040 wrote to memory of 4496	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	114
PID 1040 wrote to memory of 4496	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	114
PID 1040 wrote to memory of 4960	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	115
PID 1040 wrote to memory of 4960	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	115
PID 1040 wrote to memory of 3772	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	116
PID 1040 wrote to memory of 3772	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	116
PID 1040 wrote to memory of 8	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	117
PID 1040 wrote to memory of 8	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	117
PID 1040 wrote to memory of 3116	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	118
PID 1040 wrote to memory of 3116	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	118
PID 1040 wrote to memory of 4512	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	119
PID 1040 wrote to memory of 4512	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	119
PID 1040 wrote to memory of 4372	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	120
PID 1040 wrote to memory of 4372	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	120
PID 1040 wrote to memory of 1296	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	121
PID 1040 wrote to memory of 1296	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	121
PID 1040 wrote to memory of 1192	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	122
PID 1040 wrote to memory of 1192	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	122
PID 1040 wrote to memory of 3916	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	123
PID 1040 wrote to memory of 3916	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	123
PID 1040 wrote to memory of 4780	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	124
PID 1040 wrote to memory of 4780	1040	be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe	124

C:\Users\Admin\AppData\Local\Temp\be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\be24af81f26ace0503501b67eb211afc_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Windows\System32\bZkKbZp.exe
  C:\Windows\System32\bZkKbZp.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System32\ZvPJkiY.exe
  C:\Windows\System32\ZvPJkiY.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System32\WIBxEyu.exe
  C:\Windows\System32\WIBxEyu.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System32\oDuZtBh.exe
  C:\Windows\System32\oDuZtBh.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System32\NYQqvLk.exe
  C:\Windows\System32\NYQqvLk.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System32\gJqxJfn.exe
  C:\Windows\System32\gJqxJfn.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System32\LPJWfnE.exe
  C:\Windows\System32\LPJWfnE.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System32\kNYNXCd.exe
  C:\Windows\System32\kNYNXCd.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System32\QWMepAn.exe
  C:\Windows\System32\QWMepAn.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System32\FiLllKk.exe
  C:\Windows\System32\FiLllKk.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System32\dgtfGHo.exe
  C:\Windows\System32\dgtfGHo.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System32\LIgtIsc.exe
  C:\Windows\System32\LIgtIsc.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System32\KXUjdkI.exe
  C:\Windows\System32\KXUjdkI.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System32\SIhZsWA.exe
  C:\Windows\System32\SIhZsWA.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System32\FLSVamE.exe
  C:\Windows\System32\FLSVamE.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System32\AeJGWBq.exe
  C:\Windows\System32\AeJGWBq.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System32\xeBDERJ.exe
  C:\Windows\System32\xeBDERJ.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System32\BbxTuPv.exe
  C:\Windows\System32\BbxTuPv.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System32\CEBCwpP.exe
  C:\Windows\System32\CEBCwpP.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System32\rHjlMkW.exe
  C:\Windows\System32\rHjlMkW.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System32\pGOlrZX.exe
  C:\Windows\System32\pGOlrZX.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System32\pyNIMHn.exe
  C:\Windows\System32\pyNIMHn.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System32\airXSKU.exe
  C:\Windows\System32\airXSKU.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System32\zyQaBaJ.exe
  C:\Windows\System32\zyQaBaJ.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System32\sXMSwnf.exe
  C:\Windows\System32\sXMSwnf.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System32\PkZoGaQ.exe
  C:\Windows\System32\PkZoGaQ.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System32\ZoXPFfA.exe
  C:\Windows\System32\ZoXPFfA.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System32\fYQACoA.exe
  C:\Windows\System32\fYQACoA.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System32\wJIuzhs.exe
  C:\Windows\System32\wJIuzhs.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System32\BBamYAa.exe
  C:\Windows\System32\BBamYAa.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System32\iBqzBBI.exe
  C:\Windows\System32\iBqzBBI.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System32\rsQSrnN.exe
  C:\Windows\System32\rsQSrnN.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System32\nlRtYGV.exe
  C:\Windows\System32\nlRtYGV.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System32\jcGGXzg.exe
  C:\Windows\System32\jcGGXzg.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System32\rQPxyVY.exe
  C:\Windows\System32\rQPxyVY.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System32\YmZdTQB.exe
  C:\Windows\System32\YmZdTQB.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System32\ItEDchn.exe
  C:\Windows\System32\ItEDchn.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System32\lFbpUwd.exe
  C:\Windows\System32\lFbpUwd.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System32\klHylTH.exe
  C:\Windows\System32\klHylTH.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System32\MOIXtqF.exe
  C:\Windows\System32\MOIXtqF.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System32\hkszkcH.exe
  C:\Windows\System32\hkszkcH.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System32\BJaipUj.exe
  C:\Windows\System32\BJaipUj.exe
  2⤵
  - Executes dropped EXE
  PID:5180
- C:\Windows\System32\NGnruWy.exe
  C:\Windows\System32\NGnruWy.exe
  2⤵
  - Executes dropped EXE
  PID:5212
- C:\Windows\System32\hDlPqRN.exe
  C:\Windows\System32\hDlPqRN.exe
  2⤵
  - Executes dropped EXE
  PID:5248
- C:\Windows\System32\erEfxtz.exe
  C:\Windows\System32\erEfxtz.exe
  2⤵
  - Executes dropped EXE
  PID:5268
- C:\Windows\System32\KVpnthM.exe
  C:\Windows\System32\KVpnthM.exe
  2⤵
  - Executes dropped EXE
  PID:5300
- C:\Windows\System32\AdgqjGk.exe
  C:\Windows\System32\AdgqjGk.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System32\FiFKsvv.exe
  C:\Windows\System32\FiFKsvv.exe
  2⤵
  - Executes dropped EXE
  PID:5356
- C:\Windows\System32\VMsihaf.exe
  C:\Windows\System32\VMsihaf.exe
  2⤵
  - Executes dropped EXE
  PID:5376
- C:\Windows\System32\GPlMFJw.exe
  C:\Windows\System32\GPlMFJw.exe
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Windows\System32\vdJDIpM.exe
  C:\Windows\System32\vdJDIpM.exe
  2⤵
  - Executes dropped EXE
  PID:5432
- C:\Windows\System32\MdwGSAd.exe
  C:\Windows\System32\MdwGSAd.exe
  2⤵
  - Executes dropped EXE
  PID:5460
- C:\Windows\System32\UuRNfYx.exe
  C:\Windows\System32\UuRNfYx.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System32\PhfhBwz.exe
  C:\Windows\System32\PhfhBwz.exe
  2⤵
  - Executes dropped EXE
  PID:5516
- C:\Windows\System32\dqkopKj.exe
  C:\Windows\System32\dqkopKj.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System32\qzRIfQP.exe
  C:\Windows\System32\qzRIfQP.exe
  2⤵
  - Executes dropped EXE
  PID:5572
- C:\Windows\System32\pdlWfhd.exe
  C:\Windows\System32\pdlWfhd.exe
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Windows\System32\jeCvHfS.exe
  C:\Windows\System32\jeCvHfS.exe
  2⤵
  - Executes dropped EXE
  PID:5632
- C:\Windows\System32\BIvSDuk.exe
  C:\Windows\System32\BIvSDuk.exe
  2⤵
  - Executes dropped EXE
  PID:5656
- C:\Windows\System32\ikrZjDP.exe
  C:\Windows\System32\ikrZjDP.exe
  2⤵
  - Executes dropped EXE
  PID:5684
- C:\Windows\System32\SduZUKK.exe
  C:\Windows\System32\SduZUKK.exe
  2⤵
  - Executes dropped EXE
  PID:5716
- C:\Windows\System32\ENBYfDy.exe
  C:\Windows\System32\ENBYfDy.exe
  2⤵
  - Executes dropped EXE
  PID:5740
- C:\Windows\System32\zhOnVee.exe
  C:\Windows\System32\zhOnVee.exe
  2⤵
  - Executes dropped EXE
  PID:5768
- C:\Windows\System32\ImrdzVm.exe
  C:\Windows\System32\ImrdzVm.exe
  2⤵
  - Executes dropped EXE
  PID:5796
- C:\Windows\System32\UHeOYQJ.exe
  C:\Windows\System32\UHeOYQJ.exe
  2⤵
  PID:5828
- C:\Windows\System32\EgZoYeX.exe
  C:\Windows\System32\EgZoYeX.exe
  2⤵
  PID:5860
- C:\Windows\System32\fxptDWH.exe
  C:\Windows\System32\fxptDWH.exe
  2⤵
  PID:5880
- C:\Windows\System32\pyPSEre.exe
  C:\Windows\System32\pyPSEre.exe
  2⤵
  PID:5908
- C:\Windows\System32\VQTHQUC.exe
  C:\Windows\System32\VQTHQUC.exe
  2⤵
  PID:5936
- C:\Windows\System32\czPfFlg.exe
  C:\Windows\System32\czPfFlg.exe
  2⤵
  PID:5968
- C:\Windows\System32\aPTnovA.exe
  C:\Windows\System32\aPTnovA.exe
  2⤵
  PID:5992
- C:\Windows\System32\RVpEAsJ.exe
  C:\Windows\System32\RVpEAsJ.exe
  2⤵
  PID:6032
- C:\Windows\System32\UIYDbpg.exe
  C:\Windows\System32\UIYDbpg.exe
  2⤵
  PID:6048
- C:\Windows\System32\NWmRUeA.exe
  C:\Windows\System32\NWmRUeA.exe
  2⤵
  PID:6076
- C:\Windows\System32\gLrjNmM.exe
  C:\Windows\System32\gLrjNmM.exe
  2⤵
  PID:6104
- C:\Windows\System32\gbIWtlc.exe
  C:\Windows\System32\gbIWtlc.exe
  2⤵
  PID:6132
- C:\Windows\System32\LjZzJwb.exe
  C:\Windows\System32\LjZzJwb.exe
  2⤵
  PID:428
- C:\Windows\System32\MhCoSVp.exe
  C:\Windows\System32\MhCoSVp.exe
  2⤵
  PID:4248
- C:\Windows\System32\oKLFFJX.exe
  C:\Windows\System32\oKLFFJX.exe
  2⤵
  PID:3572
- C:\Windows\System32\tzmjhMb.exe
  C:\Windows\System32\tzmjhMb.exe
  2⤵
  PID:1888
- C:\Windows\System32\yysuqZm.exe
  C:\Windows\System32\yysuqZm.exe
  2⤵
  PID:532
- C:\Windows\System32\sNPnqer.exe
  C:\Windows\System32\sNPnqer.exe
  2⤵
  PID:5164
- C:\Windows\System32\JkgeZXr.exe
  C:\Windows\System32\JkgeZXr.exe
  2⤵
  PID:5232
- C:\Windows\System32\BTiOwKu.exe
  C:\Windows\System32\BTiOwKu.exe
  2⤵
  PID:5280
- C:\Windows\System32\sCFerWJ.exe
  C:\Windows\System32\sCFerWJ.exe
  2⤵
  PID:5332
- C:\Windows\System32\tXepDKJ.exe
  C:\Windows\System32\tXepDKJ.exe
  2⤵
  PID:5372
- C:\Windows\System32\JNDsXzC.exe
  C:\Windows\System32\JNDsXzC.exe
  2⤵
  PID:5424
- C:\Windows\System32\sDKLZYC.exe
  C:\Windows\System32\sDKLZYC.exe
  2⤵
  PID:3584
- C:\Windows\System32\XRZvfmS.exe
  C:\Windows\System32\XRZvfmS.exe
  2⤵
  PID:5536
- C:\Windows\System32\MydNCBr.exe
  C:\Windows\System32\MydNCBr.exe
  2⤵
  PID:5580
- C:\Windows\System32\JFQxFfK.exe
  C:\Windows\System32\JFQxFfK.exe
  2⤵
  PID:5640
- C:\Windows\System32\kPJJoTm.exe
  C:\Windows\System32\kPJJoTm.exe
  2⤵
  PID:5696
- C:\Windows\System32\VHBDfMV.exe
  C:\Windows\System32\VHBDfMV.exe
  2⤵
  PID:5748
- C:\Windows\System32\zSfIYBZ.exe
  C:\Windows\System32\zSfIYBZ.exe
  2⤵
  PID:5808
- C:\Windows\System32\VDAxjWs.exe
  C:\Windows\System32\VDAxjWs.exe
  2⤵
  PID:5868
- C:\Windows\System32\fMRvdxC.exe
  C:\Windows\System32\fMRvdxC.exe
  2⤵
  PID:5928
- C:\Windows\System32\UqPJrep.exe
  C:\Windows\System32\UqPJrep.exe
  2⤵
  PID:6012
- C:\Windows\System32\EJbKBvv.exe
  C:\Windows\System32\EJbKBvv.exe
  2⤵
  PID:6056
- C:\Windows\System32\Ctjtbqa.exe
  C:\Windows\System32\Ctjtbqa.exe
  2⤵
  PID:6124
- C:\Windows\System32\xAtdEvv.exe
  C:\Windows\System32\xAtdEvv.exe
  2⤵
  PID:1072
- C:\Windows\System32\YrAiiuT.exe
  C:\Windows\System32\YrAiiuT.exe
  2⤵
  PID:1136
- C:\Windows\System32\GGCHgCm.exe
  C:\Windows\System32\GGCHgCm.exe
  2⤵
  PID:5276
- C:\Windows\System32\dyeNwdl.exe
  C:\Windows\System32\dyeNwdl.exe
  2⤵
  PID:3140
- C:\Windows\System32\SPsXUBW.exe
  C:\Windows\System32\SPsXUBW.exe
  2⤵
  PID:5452
- C:\Windows\System32\GLQyKMi.exe
  C:\Windows\System32\GLQyKMi.exe
  2⤵
  PID:4884
- C:\Windows\System32\tDPJAOG.exe
  C:\Windows\System32\tDPJAOG.exe
  2⤵
  PID:6164
- C:\Windows\System32\IujNigN.exe
  C:\Windows\System32\IujNigN.exe
  2⤵
  PID:6192
- C:\Windows\System32\VgheSkH.exe
  C:\Windows\System32\VgheSkH.exe
  2⤵
  PID:6216
- C:\Windows\System32\gktToSb.exe
  C:\Windows\System32\gktToSb.exe
  2⤵
  PID:6240
- C:\Windows\System32\yovbrWT.exe
  C:\Windows\System32\yovbrWT.exe
  2⤵
  PID:6272
- C:\Windows\System32\ofkpTyw.exe
  C:\Windows\System32\ofkpTyw.exe
  2⤵
  PID:6300
- C:\Windows\System32\pEzVHRf.exe
  C:\Windows\System32\pEzVHRf.exe
  2⤵
  PID:6324
- C:\Windows\System32\CTCxPTs.exe
  C:\Windows\System32\CTCxPTs.exe
  2⤵
  PID:6356
- C:\Windows\System32\OlnlYlF.exe
  C:\Windows\System32\OlnlYlF.exe
  2⤵
  PID:6384
- C:\Windows\System32\vFwrHYB.exe
  C:\Windows\System32\vFwrHYB.exe
  2⤵
  PID:6408
- C:\Windows\System32\XECHIuZ.exe
  C:\Windows\System32\XECHIuZ.exe
  2⤵
  PID:6440
- C:\Windows\System32\DYGgIzq.exe
  C:\Windows\System32\DYGgIzq.exe
  2⤵
  PID:6476
- C:\Windows\System32\fcztlmk.exe
  C:\Windows\System32\fcztlmk.exe
  2⤵
  PID:6496
- C:\Windows\System32\rftWRxD.exe
  C:\Windows\System32\rftWRxD.exe
  2⤵
  PID:6524
- C:\Windows\System32\EUahiCF.exe
  C:\Windows\System32\EUahiCF.exe
  2⤵
  PID:6548
- C:\Windows\System32\zYrJlnq.exe
  C:\Windows\System32\zYrJlnq.exe
  2⤵
  PID:6580
- C:\Windows\System32\TJYXwRf.exe
  C:\Windows\System32\TJYXwRf.exe
  2⤵
  PID:6608
- C:\Windows\System32\MraKMBp.exe
  C:\Windows\System32\MraKMBp.exe
  2⤵
  PID:6636
- C:\Windows\System32\ioEsELT.exe
  C:\Windows\System32\ioEsELT.exe
  2⤵
  PID:6660
- C:\Windows\System32\ZvzmjHD.exe
  C:\Windows\System32\ZvzmjHD.exe
  2⤵
  PID:6692
- C:\Windows\System32\EPQgiqD.exe
  C:\Windows\System32\EPQgiqD.exe
  2⤵
  PID:6720
- C:\Windows\System32\JiStJWS.exe
  C:\Windows\System32\JiStJWS.exe
  2⤵
  PID:6748
- C:\Windows\System32\nZtxqiG.exe
  C:\Windows\System32\nZtxqiG.exe
  2⤵
  PID:6776
- C:\Windows\System32\SuvWMUV.exe
  C:\Windows\System32\SuvWMUV.exe
  2⤵
  PID:6804
- C:\Windows\System32\WqSQxLc.exe
  C:\Windows\System32\WqSQxLc.exe
  2⤵
  PID:6828
- C:\Windows\System32\rVdyKpd.exe
  C:\Windows\System32\rVdyKpd.exe
  2⤵
  PID:6860
- C:\Windows\System32\oXeaKSb.exe
  C:\Windows\System32\oXeaKSb.exe
  2⤵
  PID:6884
- C:\Windows\System32\EsRYNYg.exe
  C:\Windows\System32\EsRYNYg.exe
  2⤵
  PID:6912
- C:\Windows\System32\VjZEfKQ.exe
  C:\Windows\System32\VjZEfKQ.exe
  2⤵
  PID:6940
- C:\Windows\System32\thPDnio.exe
  C:\Windows\System32\thPDnio.exe
  2⤵
  PID:6972
- C:\Windows\System32\UmoEBoG.exe
  C:\Windows\System32\UmoEBoG.exe
  2⤵
  PID:7000
- C:\Windows\System32\sdJoEHR.exe
  C:\Windows\System32\sdJoEHR.exe
  2⤵
  PID:7024
- C:\Windows\System32\cpIGEDq.exe
  C:\Windows\System32\cpIGEDq.exe
  2⤵
  PID:7064
- C:\Windows\System32\GpKrNkR.exe
  C:\Windows\System32\GpKrNkR.exe
  2⤵
  PID:7084
- C:\Windows\System32\SlBjBmg.exe
  C:\Windows\System32\SlBjBmg.exe
  2⤵
  PID:7108
- C:\Windows\System32\HktHWig.exe
  C:\Windows\System32\HktHWig.exe
  2⤵
  PID:7140
- C:\Windows\System32\LtwJAAS.exe
  C:\Windows\System32\LtwJAAS.exe
  2⤵
  PID:7164
- C:\Windows\System32\wcLYjFn.exe
  C:\Windows\System32\wcLYjFn.exe
  2⤵
  PID:5816
- C:\Windows\System32\VrWRZNZ.exe
  C:\Windows\System32\VrWRZNZ.exe
  2⤵
  PID:1732
- C:\Windows\System32\KcNQlyP.exe
  C:\Windows\System32\KcNQlyP.exe
  2⤵
  PID:6020
- C:\Windows\System32\aHxhTEt.exe
  C:\Windows\System32\aHxhTEt.exe
  2⤵
  PID:1472
- C:\Windows\System32\CfGiyfZ.exe
  C:\Windows\System32\CfGiyfZ.exe
  2⤵
  PID:5128
- C:\Windows\System32\JITvLwK.exe
  C:\Windows\System32\JITvLwK.exe
  2⤵
  PID:5500
- C:\Windows\System32\VmPoMMc.exe
  C:\Windows\System32\VmPoMMc.exe
  2⤵
  PID:6184
- C:\Windows\System32\hZZxNJy.exe
  C:\Windows\System32\hZZxNJy.exe
  2⤵
  PID:6208
- C:\Windows\System32\QTssjpc.exe
  C:\Windows\System32\QTssjpc.exe
  2⤵
  PID:6284
- C:\Windows\System32\vNCwDrZ.exe
  C:\Windows\System32\vNCwDrZ.exe
  2⤵
  PID:6340
- C:\Windows\System32\AZAfVCx.exe
  C:\Windows\System32\AZAfVCx.exe
  2⤵
  PID:6404
- C:\Windows\System32\PAqIrzP.exe
  C:\Windows\System32\PAqIrzP.exe
  2⤵
  PID:6452
- C:\Windows\System32\vyltGOy.exe
  C:\Windows\System32\vyltGOy.exe
  2⤵
  PID:6536
- C:\Windows\System32\LkMyIBE.exe
  C:\Windows\System32\LkMyIBE.exe
  2⤵
  PID:6600
- C:\Windows\System32\RhGQsWz.exe
  C:\Windows\System32\RhGQsWz.exe
  2⤵
  PID:720
- C:\Windows\System32\StbhqaM.exe
  C:\Windows\System32\StbhqaM.exe
  2⤵
  PID:6676
- C:\Windows\System32\gmMPlPs.exe
  C:\Windows\System32\gmMPlPs.exe
  2⤵
  PID:6768
- C:\Windows\System32\dAZKMQZ.exe
  C:\Windows\System32\dAZKMQZ.exe
  2⤵
  PID:6812
- C:\Windows\System32\iYSAJCZ.exe
  C:\Windows\System32\iYSAJCZ.exe
  2⤵
  PID:6880
- C:\Windows\System32\jLELkCs.exe
  C:\Windows\System32\jLELkCs.exe
  2⤵
  PID:6948
- C:\Windows\System32\jWiDdOh.exe
  C:\Windows\System32\jWiDdOh.exe
  2⤵
  PID:7012
- C:\Windows\System32\EwqleaE.exe
  C:\Windows\System32\EwqleaE.exe
  2⤵
  PID:7032
- C:\Windows\System32\mtYivhJ.exe
  C:\Windows\System32\mtYivhJ.exe
  2⤵
  PID:7104
- C:\Windows\System32\bpTPIHO.exe
  C:\Windows\System32\bpTPIHO.exe
  2⤵
  PID:5664
- C:\Windows\System32\TpzWHGn.exe
  C:\Windows\System32\TpzWHGn.exe
  2⤵
  PID:5844
- C:\Windows\System32\zfPnbyA.exe
  C:\Windows\System32\zfPnbyA.exe
  2⤵
  PID:880
- C:\Windows\System32\VhCIOsl.exe
  C:\Windows\System32\VhCIOsl.exe
  2⤵
  PID:5292
- C:\Windows\System32\rxDsYPn.exe
  C:\Windows\System32\rxDsYPn.exe
  2⤵
  PID:6228
- C:\Windows\System32\xHkpidt.exe
  C:\Windows\System32\xHkpidt.exe
  2⤵
  PID:6308
- C:\Windows\System32\dKXcduc.exe
  C:\Windows\System32\dKXcduc.exe
  2⤵
  PID:6432
- C:\Windows\System32\lpYwTZF.exe
  C:\Windows\System32\lpYwTZF.exe
  2⤵
  PID:3968
- C:\Windows\System32\PVVSkDq.exe
  C:\Windows\System32\PVVSkDq.exe
  2⤵
  PID:6644
- C:\Windows\System32\oPKXSGL.exe
  C:\Windows\System32\oPKXSGL.exe
  2⤵
  PID:6756
- C:\Windows\System32\ADaOjFM.exe
  C:\Windows\System32\ADaOjFM.exe
  2⤵
  PID:6868
- C:\Windows\System32\fMFzYPA.exe
  C:\Windows\System32\fMFzYPA.exe
  2⤵
  PID:6900
- C:\Windows\System32\ZklXTLI.exe
  C:\Windows\System32\ZklXTLI.exe
  2⤵
  PID:4752
- C:\Windows\System32\WsPYDWk.exe
  C:\Windows\System32\WsPYDWk.exe
  2⤵
  PID:7040
- C:\Windows\System32\XAdfscN.exe
  C:\Windows\System32\XAdfscN.exe
  2⤵
  PID:2360
- C:\Windows\System32\zeWNdII.exe
  C:\Windows\System32\zeWNdII.exe
  2⤵
  PID:4340
- C:\Windows\System32\wBYpgdm.exe
  C:\Windows\System32\wBYpgdm.exe
  2⤵
  PID:1088
- C:\Windows\System32\VdgYoxH.exe
  C:\Windows\System32\VdgYoxH.exe
  2⤵
  PID:6392
- C:\Windows\System32\RKqXiDx.exe
  C:\Windows\System32\RKqXiDx.exe
  2⤵
  PID:6588
- C:\Windows\System32\ZBfrOtf.exe
  C:\Windows\System32\ZBfrOtf.exe
  2⤵
  PID:6928
- C:\Windows\System32\ZhmdAmm.exe
  C:\Windows\System32\ZhmdAmm.exe
  2⤵
  PID:2100
- C:\Windows\System32\GKwYRWM.exe
  C:\Windows\System32\GKwYRWM.exe
  2⤵
  PID:2040
- C:\Windows\System32\WibeEga.exe
  C:\Windows\System32\WibeEga.exe
  2⤵
  PID:7192
- C:\Windows\System32\KdEteti.exe
  C:\Windows\System32\KdEteti.exe
  2⤵
  PID:7212
- C:\Windows\System32\FMEOXdA.exe
  C:\Windows\System32\FMEOXdA.exe
  2⤵
  PID:7240
- C:\Windows\System32\QkNHDTa.exe
  C:\Windows\System32\QkNHDTa.exe
  2⤵
  PID:7264
- C:\Windows\System32\xDEylED.exe
  C:\Windows\System32\xDEylED.exe
  2⤵
  PID:7304
- C:\Windows\System32\YTpobXs.exe
  C:\Windows\System32\YTpobXs.exe
  2⤵
  PID:7324
- C:\Windows\System32\HznGOfV.exe
  C:\Windows\System32\HznGOfV.exe
  2⤵
  PID:7348
- C:\Windows\System32\lfoUSOq.exe
  C:\Windows\System32\lfoUSOq.exe
  2⤵
  PID:7380
- C:\Windows\System32\aSuBeVU.exe
  C:\Windows\System32\aSuBeVU.exe
  2⤵
  PID:7404
- C:\Windows\System32\uILvciB.exe
  C:\Windows\System32\uILvciB.exe
  2⤵
  PID:7436
- C:\Windows\System32\fVpgzgA.exe
  C:\Windows\System32\fVpgzgA.exe
  2⤵
  PID:7460
- C:\Windows\System32\NFZOQew.exe
  C:\Windows\System32\NFZOQew.exe
  2⤵
  PID:7492
- C:\Windows\System32\bfkJTiJ.exe
  C:\Windows\System32\bfkJTiJ.exe
  2⤵
  PID:7516
- C:\Windows\System32\tXcXvFW.exe
  C:\Windows\System32\tXcXvFW.exe
  2⤵
  PID:7544
- C:\Windows\System32\hlCzgml.exe
  C:\Windows\System32\hlCzgml.exe
  2⤵
  PID:7572
- C:\Windows\System32\mcEiJMR.exe
  C:\Windows\System32\mcEiJMR.exe
  2⤵
  PID:7604
- C:\Windows\System32\RAzXDqz.exe
  C:\Windows\System32\RAzXDqz.exe
  2⤵
  PID:7632
- C:\Windows\System32\qVgdTeC.exe
  C:\Windows\System32\qVgdTeC.exe
  2⤵
  PID:7660
- C:\Windows\System32\iPHdsXW.exe
  C:\Windows\System32\iPHdsXW.exe
  2⤵
  PID:7684
- C:\Windows\System32\ATTWHVF.exe
  C:\Windows\System32\ATTWHVF.exe
  2⤵
  PID:7716
- C:\Windows\System32\fbCEJMJ.exe
  C:\Windows\System32\fbCEJMJ.exe
  2⤵
  PID:7744
- C:\Windows\System32\IIbNoXv.exe
  C:\Windows\System32\IIbNoXv.exe
  2⤵
  PID:7772
- C:\Windows\System32\CefEMPE.exe
  C:\Windows\System32\CefEMPE.exe
  2⤵
  PID:7800
- C:\Windows\System32\igxHkxZ.exe
  C:\Windows\System32\igxHkxZ.exe
  2⤵
  PID:7824
- C:\Windows\System32\tARHZWu.exe
  C:\Windows\System32\tARHZWu.exe
  2⤵
  PID:7868
- C:\Windows\System32\pPlTdtZ.exe
  C:\Windows\System32\pPlTdtZ.exe
  2⤵
  PID:7884
- C:\Windows\System32\axZkxDr.exe
  C:\Windows\System32\axZkxDr.exe
  2⤵
  PID:7908
- C:\Windows\System32\gnUGFaG.exe
  C:\Windows\System32\gnUGFaG.exe
  2⤵
  PID:7940
- C:\Windows\System32\NzTHJVZ.exe
  C:\Windows\System32\NzTHJVZ.exe
  2⤵
  PID:7968
- C:\Windows\System32\kzwzVmA.exe
  C:\Windows\System32\kzwzVmA.exe
  2⤵
  PID:7996
- C:\Windows\System32\ZKRgInJ.exe
  C:\Windows\System32\ZKRgInJ.exe
  2⤵
  PID:8020
- C:\Windows\System32\UqpxMKE.exe
  C:\Windows\System32\UqpxMKE.exe
  2⤵
  PID:8052
- C:\Windows\System32\VvMxPAh.exe
  C:\Windows\System32\VvMxPAh.exe
  2⤵
  PID:8076
- C:\Windows\System32\XPvPWxP.exe
  C:\Windows\System32\XPvPWxP.exe
  2⤵
  PID:8108
- C:\Windows\System32\FnMRvDi.exe
  C:\Windows\System32\FnMRvDi.exe
  2⤵
  PID:8132
- C:\Windows\System32\DwdoBIM.exe
  C:\Windows\System32\DwdoBIM.exe
  2⤵
  PID:8164
- C:\Windows\System32\idVRzCt.exe
  C:\Windows\System32\idVRzCt.exe
  2⤵
  PID:5620
- C:\Windows\System32\ptLGFtY.exe
  C:\Windows\System32\ptLGFtY.exe
  2⤵
  PID:6732
- C:\Windows\System32\ZExpfbj.exe
  C:\Windows\System32\ZExpfbj.exe
  2⤵
  PID:7124
- C:\Windows\System32\fvKyvAS.exe
  C:\Windows\System32\fvKyvAS.exe
  2⤵
  PID:7232
- C:\Windows\System32\XuJXcVw.exe
  C:\Windows\System32\XuJXcVw.exe
  2⤵
  PID:7300
- C:\Windows\System32\fHUfuWM.exe
  C:\Windows\System32\fHUfuWM.exe
  2⤵
  PID:7344
- C:\Windows\System32\VqqXeFS.exe
  C:\Windows\System32\VqqXeFS.exe
  2⤵
  PID:7444
- C:\Windows\System32\heCuPQs.exe
  C:\Windows\System32\heCuPQs.exe
  2⤵
  PID:7476
- C:\Windows\System32\DQeJzWA.exe
  C:\Windows\System32\DQeJzWA.exe
  2⤵
  PID:7532
- C:\Windows\System32\UUOhNUk.exe
  C:\Windows\System32\UUOhNUk.exe
  2⤵
  PID:7624
- C:\Windows\System32\XveAoVZ.exe
  C:\Windows\System32\XveAoVZ.exe
  2⤵
  PID:7668
- C:\Windows\System32\lAQieMD.exe
  C:\Windows\System32\lAQieMD.exe
  2⤵
  PID:7708
- C:\Windows\System32\eXymDFp.exe
  C:\Windows\System32\eXymDFp.exe
  2⤵
  PID:7808
- C:\Windows\System32\JCsKrCc.exe
  C:\Windows\System32\JCsKrCc.exe
  2⤵
  PID:7860
- C:\Windows\System32\sMmEoQc.exe
  C:\Windows\System32\sMmEoQc.exe
  2⤵
  PID:7916
- C:\Windows\System32\JayNAyG.exe
  C:\Windows\System32\JayNAyG.exe
  2⤵
  PID:7976
- C:\Windows\System32\idgLzjP.exe
  C:\Windows\System32\idgLzjP.exe
  2⤵
  PID:8060
- C:\Windows\System32\JDuosIw.exe
  C:\Windows\System32\JDuosIw.exe
  2⤵
  PID:8120
- C:\Windows\System32\nyvGKcU.exe
  C:\Windows\System32\nyvGKcU.exe
  2⤵
  PID:8172
- C:\Windows\System32\LJxWDRc.exe
  C:\Windows\System32\LJxWDRc.exe
  2⤵
  PID:6040
- C:\Windows\System32\zLnybOR.exe
  C:\Windows\System32\zLnybOR.exe
  2⤵
  PID:7272
- C:\Windows\System32\DcJSOET.exe
  C:\Windows\System32\DcJSOET.exe
  2⤵
  PID:7468
- C:\Windows\System32\JRbISgW.exe
  C:\Windows\System32\JRbISgW.exe
  2⤵
  PID:7652
- C:\Windows\System32\XyMkORa.exe
  C:\Windows\System32\XyMkORa.exe
  2⤵
  PID:7756
- C:\Windows\System32\csDemle.exe
  C:\Windows\System32\csDemle.exe
  2⤵
  PID:7820
- C:\Windows\System32\hQoEhXb.exe
  C:\Windows\System32\hQoEhXb.exe
  2⤵
  PID:7988
- C:\Windows\System32\ahUDKVj.exe
  C:\Windows\System32\ahUDKVj.exe
  2⤵
  PID:8184
- C:\Windows\System32\rAunCNN.exe
  C:\Windows\System32\rAunCNN.exe
  2⤵
  PID:7220
- C:\Windows\System32\cfczuBl.exe
  C:\Windows\System32\cfczuBl.exe
  2⤵
  PID:2252
- C:\Windows\System32\lzYQSGW.exe
  C:\Windows\System32\lzYQSGW.exe
  2⤵
  PID:7728
- C:\Windows\System32\HGCwYIo.exe
  C:\Windows\System32\HGCwYIo.exe
  2⤵
  PID:8212
- C:\Windows\System32\sZxjQcO.exe
  C:\Windows\System32\sZxjQcO.exe
  2⤵
  PID:8244
- C:\Windows\System32\hSVEodv.exe
  C:\Windows\System32\hSVEodv.exe
  2⤵
  PID:8272
- C:\Windows\System32\PzYSRTH.exe
  C:\Windows\System32\PzYSRTH.exe
  2⤵
  PID:8300
- C:\Windows\System32\OlnUAJB.exe
  C:\Windows\System32\OlnUAJB.exe
  2⤵
  PID:8328
- C:\Windows\System32\mYzrDUr.exe
  C:\Windows\System32\mYzrDUr.exe
  2⤵
  PID:8356
- C:\Windows\System32\ifofFYQ.exe
  C:\Windows\System32\ifofFYQ.exe
  2⤵
  PID:8392
- C:\Windows\System32\OpsHGan.exe
  C:\Windows\System32\OpsHGan.exe
  2⤵
  PID:8412
- C:\Windows\System32\OtmwaOs.exe
  C:\Windows\System32\OtmwaOs.exe
  2⤵
  PID:8440
- C:\Windows\System32\qsZwINH.exe
  C:\Windows\System32\qsZwINH.exe
  2⤵
  PID:8464
- C:\Windows\System32\EfXztCm.exe
  C:\Windows\System32\EfXztCm.exe
  2⤵
  PID:8492
- C:\Windows\System32\mgVihTa.exe
  C:\Windows\System32\mgVihTa.exe
  2⤵
  PID:8524
- C:\Windows\System32\VVIyUQq.exe
  C:\Windows\System32\VVIyUQq.exe
  2⤵
  PID:8552
- C:\Windows\System32\OfWZymJ.exe
  C:\Windows\System32\OfWZymJ.exe
  2⤵
  PID:8636
- C:\Windows\System32\UqLVwrG.exe
  C:\Windows\System32\UqLVwrG.exe
  2⤵
  PID:8736
- C:\Windows\System32\zmjsFkO.exe
  C:\Windows\System32\zmjsFkO.exe
  2⤵
  PID:8804
- C:\Windows\System32\WPpxnKy.exe
  C:\Windows\System32\WPpxnKy.exe
  2⤵
  PID:8840
- C:\Windows\System32\lUiMaNw.exe
  C:\Windows\System32\lUiMaNw.exe
  2⤵
  PID:8860
- C:\Windows\System32\MASYSqD.exe
  C:\Windows\System32\MASYSqD.exe
  2⤵
  PID:8908
- C:\Windows\System32\KeTqBLD.exe
  C:\Windows\System32\KeTqBLD.exe
  2⤵
  PID:8952
- C:\Windows\System32\FdADadZ.exe
  C:\Windows\System32\FdADadZ.exe
  2⤵
  PID:8992
- C:\Windows\System32\VELWTaa.exe
  C:\Windows\System32\VELWTaa.exe
  2⤵
  PID:9016
- C:\Windows\System32\JiSKuIB.exe
  C:\Windows\System32\JiSKuIB.exe
  2⤵
  PID:9032
- C:\Windows\System32\cDSvvDb.exe
  C:\Windows\System32\cDSvvDb.exe
  2⤵
  PID:9048
- C:\Windows\System32\wYzDoOQ.exe
  C:\Windows\System32\wYzDoOQ.exe
  2⤵
  PID:9064
- C:\Windows\System32\tNgkWYf.exe
  C:\Windows\System32\tNgkWYf.exe
  2⤵
  PID:9136
- C:\Windows\System32\RtDKrpj.exe
  C:\Windows\System32\RtDKrpj.exe
  2⤵
  PID:9152
- C:\Windows\System32\Gvidsqa.exe
  C:\Windows\System32\Gvidsqa.exe
  2⤵
  PID:9176
- C:\Windows\System32\FMxSWBF.exe
  C:\Windows\System32\FMxSWBF.exe
  2⤵
  PID:9200
- C:\Windows\System32\IfEiSUL.exe
  C:\Windows\System32\IfEiSUL.exe
  2⤵
  PID:7952
- C:\Windows\System32\xElIVXW.exe
  C:\Windows\System32\xElIVXW.exe
  2⤵
  PID:7200
- C:\Windows\System32\IVzbUfA.exe
  C:\Windows\System32\IVzbUfA.exe
  2⤵
  PID:7504
- C:\Windows\System32\JSnAeUU.exe
  C:\Windows\System32\JSnAeUU.exe
  2⤵
  PID:1884
- C:\Windows\System32\YkwEHpM.exe
  C:\Windows\System32\YkwEHpM.exe
  2⤵
  PID:8312
- C:\Windows\System32\ChRyvqL.exe
  C:\Windows\System32\ChRyvqL.exe
  2⤵
  PID:8368
- C:\Windows\System32\YfhoINP.exe
  C:\Windows\System32\YfhoINP.exe
  2⤵
  PID:8424
- C:\Windows\System32\SuhEYGb.exe
  C:\Windows\System32\SuhEYGb.exe
  2⤵
  PID:2788
- C:\Windows\System32\JkdBycd.exe
  C:\Windows\System32\JkdBycd.exe
  2⤵
  PID:4704
- C:\Windows\System32\TCCxAUU.exe
  C:\Windows\System32\TCCxAUU.exe
  2⤵
  PID:2016
- C:\Windows\System32\mFziZht.exe
  C:\Windows\System32\mFziZht.exe
  2⤵
  PID:2288
- C:\Windows\System32\YdqaWXG.exe
  C:\Windows\System32\YdqaWXG.exe
  2⤵
  PID:4524
- C:\Windows\System32\sWOujWR.exe
  C:\Windows\System32\sWOujWR.exe
  2⤵
  PID:316
- C:\Windows\System32\JJFMsjK.exe
  C:\Windows\System32\JJFMsjK.exe
  2⤵
  PID:8688
- C:\Windows\System32\DeHSSMm.exe
  C:\Windows\System32\DeHSSMm.exe
  2⤵
  PID:8756
- C:\Windows\System32\WRSqNml.exe
  C:\Windows\System32\WRSqNml.exe
  2⤵
  PID:8680
- C:\Windows\System32\kFzfXdP.exe
  C:\Windows\System32\kFzfXdP.exe
  2⤵
  PID:8692
- C:\Windows\System32\LCbGfsa.exe
  C:\Windows\System32\LCbGfsa.exe
  2⤵
  PID:8776
- C:\Windows\System32\AbLCXpd.exe
  C:\Windows\System32\AbLCXpd.exe
  2⤵
  PID:8832
- C:\Windows\System32\ONMtWJO.exe
  C:\Windows\System32\ONMtWJO.exe
  2⤵
  PID:8916
- C:\Windows\System32\ueHSwOY.exe
  C:\Windows\System32\ueHSwOY.exe
  2⤵
  PID:9004
- C:\Windows\System32\iYRGgck.exe
  C:\Windows\System32\iYRGgck.exe
  2⤵
  PID:9040
- C:\Windows\System32\rIpQDBk.exe
  C:\Windows\System32\rIpQDBk.exe
  2⤵
  PID:9076
- C:\Windows\System32\fZUjDyS.exe
  C:\Windows\System32\fZUjDyS.exe
  2⤵
  PID:9160
- C:\Windows\System32\gZitIrG.exe
  C:\Windows\System32\gZitIrG.exe
  2⤵
  PID:5108
- C:\Windows\System32\QsSlpcU.exe
  C:\Windows\System32\QsSlpcU.exe
  2⤵
  PID:9168
- C:\Windows\System32\RrgFIaB.exe
  C:\Windows\System32\RrgFIaB.exe
  2⤵
  PID:7700
- C:\Windows\System32\LvgdGfr.exe
  C:\Windows\System32\LvgdGfr.exe
  2⤵
  PID:8236
- C:\Windows\System32\KlNXaMh.exe
  C:\Windows\System32\KlNXaMh.exe
  2⤵
  PID:8408
- C:\Windows\System32\yaOyPeB.exe
  C:\Windows\System32\yaOyPeB.exe
  2⤵
  PID:2808
- C:\Windows\System32\sSbQTtP.exe
  C:\Windows\System32\sSbQTtP.exe
  2⤵
  PID:2104
- C:\Windows\System32\WBdLgOR.exe
  C:\Windows\System32\WBdLgOR.exe
  2⤵
  PID:8656
- C:\Windows\System32\ebIDNPq.exe
  C:\Windows\System32\ebIDNPq.exe
  2⤵
  PID:8728
- C:\Windows\System32\hRnLvqs.exe
  C:\Windows\System32\hRnLvqs.exe
  2⤵
  PID:8760
- C:\Windows\System32\bZMtvdR.exe
  C:\Windows\System32\bZMtvdR.exe
  2⤵
  PID:9096
- C:\Windows\System32\lrKZKHv.exe
  C:\Windows\System32\lrKZKHv.exe
  2⤵
  PID:5064
- C:\Windows\System32\dYPzEhd.exe
  C:\Windows\System32\dYPzEhd.exe
  2⤵
  PID:9212
- C:\Windows\System32\cgvbsML.exe
  C:\Windows\System32\cgvbsML.exe
  2⤵
  PID:8452
- C:\Windows\System32\jJlzFnO.exe
  C:\Windows\System32\jJlzFnO.exe
  2⤵
  PID:8672
- C:\Windows\System32\QPvoGlm.exe
  C:\Windows\System32\QPvoGlm.exe
  2⤵
  PID:8980
- C:\Windows\System32\ahqoclr.exe
  C:\Windows\System32\ahqoclr.exe
  2⤵
  PID:9188
- C:\Windows\System32\qvzZCLk.exe
  C:\Windows\System32\qvzZCLk.exe
  2⤵
  PID:8800
- C:\Windows\System32\oxmECVz.exe
  C:\Windows\System32\oxmECVz.exe
  2⤵
  PID:8708
- C:\Windows\System32\hrdqAYz.exe
  C:\Windows\System32\hrdqAYz.exe
  2⤵
  PID:9232
- C:\Windows\System32\IUilDBq.exe
  C:\Windows\System32\IUilDBq.exe
  2⤵
  PID:9248
- C:\Windows\System32\XkCHIIY.exe
  C:\Windows\System32\XkCHIIY.exe
  2⤵
  PID:9272
- C:\Windows\System32\MnbAiem.exe
  C:\Windows\System32\MnbAiem.exe
  2⤵
  PID:9316
- C:\Windows\System32\TFBeqvN.exe
  C:\Windows\System32\TFBeqvN.exe
  2⤵
  PID:9332
- C:\Windows\System32\MmDZLuU.exe
  C:\Windows\System32\MmDZLuU.exe
  2⤵
  PID:9360
- C:\Windows\System32\UOFHLcB.exe
  C:\Windows\System32\UOFHLcB.exe
  2⤵
  PID:9388
- C:\Windows\System32\PfeMQkM.exe
  C:\Windows\System32\PfeMQkM.exe
  2⤵
  PID:9404
- C:\Windows\System32\ehEgQxe.exe
  C:\Windows\System32\ehEgQxe.exe
  2⤵
  PID:9420
- C:\Windows\System32\LAikbtm.exe
  C:\Windows\System32\LAikbtm.exe
  2⤵
  PID:9436
- C:\Windows\System32\oJlRjFa.exe
  C:\Windows\System32\oJlRjFa.exe
  2⤵
  PID:9480
- C:\Windows\System32\latVtsn.exe
  C:\Windows\System32\latVtsn.exe
  2⤵
  PID:9496
- C:\Windows\System32\WENQdss.exe
  C:\Windows\System32\WENQdss.exe
  2⤵
  PID:9528
- C:\Windows\System32\rkQOGkZ.exe
  C:\Windows\System32\rkQOGkZ.exe
  2⤵
  PID:9588
- C:\Windows\System32\aOjQVKw.exe
  C:\Windows\System32\aOjQVKw.exe
  2⤵
  PID:9636
- C:\Windows\System32\dPjlmoT.exe
  C:\Windows\System32\dPjlmoT.exe
  2⤵
  PID:9652
- C:\Windows\System32\yZasdlE.exe
  C:\Windows\System32\yZasdlE.exe
  2⤵
  PID:9672
- C:\Windows\System32\fMXtmuM.exe
  C:\Windows\System32\fMXtmuM.exe
  2⤵
  PID:9688
- C:\Windows\System32\RvSXyPb.exe
  C:\Windows\System32\RvSXyPb.exe
  2⤵
  PID:9712
- C:\Windows\System32\otGDdKA.exe
  C:\Windows\System32\otGDdKA.exe
  2⤵
  PID:9772
- C:\Windows\System32\tOIwshC.exe
  C:\Windows\System32\tOIwshC.exe
  2⤵
  PID:9800
- C:\Windows\System32\DsQlwNk.exe
  C:\Windows\System32\DsQlwNk.exe
  2⤵
  PID:9832
- C:\Windows\System32\BAUmJGL.exe
  C:\Windows\System32\BAUmJGL.exe
  2⤵
  PID:9872
- C:\Windows\System32\HPnpTzH.exe
  C:\Windows\System32\HPnpTzH.exe
  2⤵
  PID:9896
- C:\Windows\System32\OYXXwdK.exe
  C:\Windows\System32\OYXXwdK.exe
  2⤵
  PID:9920
- C:\Windows\System32\MSoDkqv.exe
  C:\Windows\System32\MSoDkqv.exe
  2⤵
  PID:9952
- C:\Windows\System32\cCYDEYP.exe
  C:\Windows\System32\cCYDEYP.exe
  2⤵
  PID:9984
- C:\Windows\System32\ksVctNV.exe
  C:\Windows\System32\ksVctNV.exe
  2⤵
  PID:10008
- C:\Windows\System32\hsRYwnZ.exe
  C:\Windows\System32\hsRYwnZ.exe
  2⤵
  PID:10048
- C:\Windows\System32\ySLqFCF.exe
  C:\Windows\System32\ySLqFCF.exe
  2⤵
  PID:10064
- C:\Windows\System32\nhAiLfo.exe
  C:\Windows\System32\nhAiLfo.exe
  2⤵
  PID:10088
- C:\Windows\System32\cwyJtKE.exe
  C:\Windows\System32\cwyJtKE.exe
  2⤵
  PID:10132
- C:\Windows\System32\QakcJZl.exe
  C:\Windows\System32\QakcJZl.exe
  2⤵
  PID:10148
- C:\Windows\System32\EPgdVYi.exe
  C:\Windows\System32\EPgdVYi.exe
  2⤵
  PID:10172
- C:\Windows\System32\CykctKJ.exe
  C:\Windows\System32\CykctKJ.exe
  2⤵
  PID:10208
- C:\Windows\System32\zaSRicr.exe
  C:\Windows\System32\zaSRicr.exe
  2⤵
  PID:1932
- C:\Windows\System32\QfFYDQK.exe
  C:\Windows\System32\QfFYDQK.exe
  2⤵
  PID:9260
- C:\Windows\System32\xSGyxQg.exe
  C:\Windows\System32\xSGyxQg.exe
  2⤵
  PID:9224
- C:\Windows\System32\mvmGWHv.exe
  C:\Windows\System32\mvmGWHv.exe
  2⤵
  PID:9304
- C:\Windows\System32\xkeKEaP.exe
  C:\Windows\System32\xkeKEaP.exe
  2⤵
  PID:9356
- C:\Windows\System32\FYsRiKb.exe
  C:\Windows\System32\FYsRiKb.exe
  2⤵
  PID:9460
- C:\Windows\System32\gRGyTKa.exe
  C:\Windows\System32\gRGyTKa.exe
  2⤵
  PID:9520
- C:\Windows\System32\tfGWuqi.exe
  C:\Windows\System32\tfGWuqi.exe
  2⤵
  PID:9568
- C:\Windows\System32\OfeHceD.exe
  C:\Windows\System32\OfeHceD.exe
  2⤵
  PID:9648
- C:\Windows\System32\eYAMQrJ.exe
  C:\Windows\System32\eYAMQrJ.exe
  2⤵
  PID:9780
- C:\Windows\System32\KdsRKKe.exe
  C:\Windows\System32\KdsRKKe.exe
  2⤵
  PID:9848
- C:\Windows\System32\hPCzZCS.exe
  C:\Windows\System32\hPCzZCS.exe
  2⤵
  PID:9904
- C:\Windows\System32\tFXNHKo.exe
  C:\Windows\System32\tFXNHKo.exe
  2⤵
  PID:9964
- C:\Windows\System32\iuuexSH.exe
  C:\Windows\System32\iuuexSH.exe
  2⤵
  PID:10016
- C:\Windows\System32\SatKZos.exe
  C:\Windows\System32\SatKZos.exe
  2⤵
  PID:10120
- C:\Windows\System32\CgmIVty.exe
  C:\Windows\System32\CgmIVty.exe
  2⤵
  PID:10180
- C:\Windows\System32\VtbDQfz.exe
  C:\Windows\System32\VtbDQfz.exe
  2⤵
  PID:10220
- C:\Windows\System32\xxSgfdR.exe
  C:\Windows\System32\xxSgfdR.exe
  2⤵
  PID:9060
- C:\Windows\System32\DHxEoXu.exe
  C:\Windows\System32\DHxEoXu.exe
  2⤵
  PID:9368
- C:\Windows\System32\EFHXPXT.exe
  C:\Windows\System32\EFHXPXT.exe
  2⤵
  PID:9416
- C:\Windows\System32\YcvjUll.exe
  C:\Windows\System32\YcvjUll.exe
  2⤵
  PID:9572
- C:\Windows\System32\ICnBQXH.exe
  C:\Windows\System32\ICnBQXH.exe
  2⤵
  PID:9732
- C:\Windows\System32\WxqNffQ.exe
  C:\Windows\System32\WxqNffQ.exe
  2⤵
  PID:9888
- C:\Windows\System32\KPQfRhi.exe
  C:\Windows\System32\KPQfRhi.exe
  2⤵
  PID:10228
- C:\Windows\System32\fZcTwHo.exe
  C:\Windows\System32\fZcTwHo.exe
  2⤵
  PID:2320
- C:\Windows\System32\stGdJYJ.exe
  C:\Windows\System32\stGdJYJ.exe
  2⤵
  PID:9324
- C:\Windows\System32\ZCIpKlY.exe
  C:\Windows\System32\ZCIpKlY.exe
  2⤵
  PID:9684
- C:\Windows\System32\KkAtuzo.exe
  C:\Windows\System32\KkAtuzo.exe
  2⤵
  PID:9912
- C:\Windows\System32\aeWWmVQ.exe
  C:\Windows\System32\aeWWmVQ.exe
  2⤵
  PID:10188
- C:\Windows\System32\VXiodOO.exe
  C:\Windows\System32\VXiodOO.exe
  2⤵
  PID:10244
- C:\Windows\System32\FjdpNVJ.exe
  C:\Windows\System32\FjdpNVJ.exe
  2⤵
  PID:10260
- C:\Windows\System32\phIwkVM.exe
  C:\Windows\System32\phIwkVM.exe
  2⤵
  PID:10292
- C:\Windows\System32\ePTVCUh.exe
  C:\Windows\System32\ePTVCUh.exe
  2⤵
  PID:10312
- C:\Windows\System32\gqqwEdx.exe
  C:\Windows\System32\gqqwEdx.exe
  2⤵
  PID:10328
- C:\Windows\System32\MBgjdkg.exe
  C:\Windows\System32\MBgjdkg.exe
  2⤵
  PID:10380
- C:\Windows\System32\YYdZyZf.exe
  C:\Windows\System32\YYdZyZf.exe
  2⤵
  PID:10408
- C:\Windows\System32\NZhtArn.exe
  C:\Windows\System32\NZhtArn.exe
  2⤵
  PID:10440
- C:\Windows\System32\HyEZUxl.exe
  C:\Windows\System32\HyEZUxl.exe
  2⤵
  PID:10468
- C:\Windows\System32\dRPrDRM.exe
  C:\Windows\System32\dRPrDRM.exe
  2⤵
  PID:10492
- C:\Windows\System32\uhsglfn.exe
  C:\Windows\System32\uhsglfn.exe
  2⤵
  PID:10540
- C:\Windows\System32\UMQIgZS.exe
  C:\Windows\System32\UMQIgZS.exe
  2⤵
  PID:10576
- C:\Windows\System32\SnFuQOk.exe
  C:\Windows\System32\SnFuQOk.exe
  2⤵
  PID:10616
- C:\Windows\System32\PQxjaJp.exe
  C:\Windows\System32\PQxjaJp.exe
  2⤵
  PID:10640
- C:\Windows\System32\UgvtrcW.exe
  C:\Windows\System32\UgvtrcW.exe
  2⤵
  PID:10664
- C:\Windows\System32\JEoXlXB.exe
  C:\Windows\System32\JEoXlXB.exe
  2⤵
  PID:10688
- C:\Windows\System32\FUrkplU.exe
  C:\Windows\System32\FUrkplU.exe
  2⤵
  PID:10704
- C:\Windows\System32\NjbdkAd.exe
  C:\Windows\System32\NjbdkAd.exe
  2⤵
  PID:10740
- C:\Windows\System32\ONpxSLV.exe
  C:\Windows\System32\ONpxSLV.exe
  2⤵
  PID:10756
- C:\Windows\System32\PFfcdPN.exe
  C:\Windows\System32\PFfcdPN.exe
  2⤵
  PID:10792
- C:\Windows\System32\ugnrrLY.exe
  C:\Windows\System32\ugnrrLY.exe
  2⤵
  PID:10828
- C:\Windows\System32\QGjRnMC.exe
  C:\Windows\System32\QGjRnMC.exe
  2⤵
  PID:10868
- C:\Windows\System32\lRdrotv.exe
  C:\Windows\System32\lRdrotv.exe
  2⤵
  PID:10888
- C:\Windows\System32\lyWHvdY.exe
  C:\Windows\System32\lyWHvdY.exe
  2⤵
  PID:10912
- C:\Windows\System32\rEJQhDT.exe
  C:\Windows\System32\rEJQhDT.exe
  2⤵
  PID:10928
- C:\Windows\System32\qmDdEft.exe
  C:\Windows\System32\qmDdEft.exe
  2⤵
  PID:10944
- C:\Windows\System32\VjjOZkQ.exe
  C:\Windows\System32\VjjOZkQ.exe
  2⤵
  PID:10964
- C:\Windows\System32\wTvLFtP.exe
  C:\Windows\System32\wTvLFtP.exe
  2⤵
  PID:10984
- C:\Windows\System32\niwueqd.exe
  C:\Windows\System32\niwueqd.exe
  2⤵
  PID:11016
- C:\Windows\System32\SzBNNqD.exe
  C:\Windows\System32\SzBNNqD.exe
  2⤵
  PID:11072
- C:\Windows\System32\IpMeAqo.exe
  C:\Windows\System32\IpMeAqo.exe
  2⤵
  PID:11096
- C:\Windows\System32\pXBStio.exe
  C:\Windows\System32\pXBStio.exe
  2⤵
  PID:11120
- C:\Windows\System32\AafWDcs.exe
  C:\Windows\System32\AafWDcs.exe
  2⤵
  PID:11156
- C:\Windows\System32\YvoTWiH.exe
  C:\Windows\System32\YvoTWiH.exe
  2⤵
  PID:11192
- C:\Windows\System32\lPiJvQS.exe
  C:\Windows\System32\lPiJvQS.exe
  2⤵
  PID:11216
- C:\Windows\System32\owHMBFF.exe
  C:\Windows\System32\owHMBFF.exe
  2⤵
  PID:11244
- C:\Windows\System32\ABjYhlR.exe
  C:\Windows\System32\ABjYhlR.exe
  2⤵
  PID:10164
- C:\Windows\System32\VrdqYlT.exe
  C:\Windows\System32\VrdqYlT.exe
  2⤵
  PID:10348
- C:\Windows\System32\gOiMbKL.exe
  C:\Windows\System32\gOiMbKL.exe
  2⤵
  PID:10416
- C:\Windows\System32\gJwUySc.exe
  C:\Windows\System32\gJwUySc.exe
  2⤵
  PID:10448
- C:\Windows\System32\YapdmQA.exe
  C:\Windows\System32\YapdmQA.exe
  2⤵
  PID:2272
- C:\Windows\System32\rBeJQWo.exe
  C:\Windows\System32\rBeJQWo.exe
  2⤵
  PID:10500
- C:\Windows\System32\zxvTwbC.exe
  C:\Windows\System32\zxvTwbC.exe
  2⤵
  PID:10600
- C:\Windows\System32\aVcFcnm.exe
  C:\Windows\System32\aVcFcnm.exe
  2⤵
  PID:10672
- C:\Windows\System32\LndblSG.exe
  C:\Windows\System32\LndblSG.exe
  2⤵
  PID:10748
- C:\Windows\System32\IaxXcUr.exe
  C:\Windows\System32\IaxXcUr.exe
  2⤵
  PID:10812
- C:\Windows\System32\PAVoIUt.exe
  C:\Windows\System32\PAVoIUt.exe
  2⤵
  PID:10900
- C:\Windows\System32\NkiyjoE.exe
  C:\Windows\System32\NkiyjoE.exe
  2⤵
  PID:3932
- C:\Windows\System32\JMauuZf.exe
  C:\Windows\System32\JMauuZf.exe
  2⤵
  PID:10936
- C:\Windows\System32\zJesfce.exe
  C:\Windows\System32\zJesfce.exe
  2⤵
  PID:11104
- C:\Windows\System32\pCdmTGs.exe
  C:\Windows\System32\pCdmTGs.exe
  2⤵
  PID:1468
- C:\Windows\System32\qeVNfmK.exe
  C:\Windows\System32\qeVNfmK.exe
  2⤵
  PID:11204
- C:\Windows\System32\CKuOWzf.exe
  C:\Windows\System32\CKuOWzf.exe
  2⤵
  PID:10044
- C:\Windows\System32\kiBPrEP.exe
  C:\Windows\System32\kiBPrEP.exe
  2⤵
  PID:10360
- C:\Windows\System32\XEwZtIt.exe
  C:\Windows\System32\XEwZtIt.exe
  2⤵
  PID:10532
- C:\Windows\System32\DqDiSIO.exe
  C:\Windows\System32\DqDiSIO.exe
  2⤵
  PID:1744
- C:\Windows\System32\DSeMsuq.exe
  C:\Windows\System32\DSeMsuq.exe
  2⤵
  PID:10648
- C:\Windows\System32\cQLfUAW.exe
  C:\Windows\System32\cQLfUAW.exe
  2⤵
  PID:10684
- C:\Windows\System32\SKlUHQm.exe
  C:\Windows\System32\SKlUHQm.exe
  2⤵
  PID:10824
- C:\Windows\System32\AnZClrW.exe
  C:\Windows\System32\AnZClrW.exe
  2⤵
  PID:10880
- C:\Windows\System32\UbaPdwm.exe
  C:\Windows\System32\UbaPdwm.exe
  2⤵
  PID:11056
- C:\Windows\System32\qwSYEiC.exe
  C:\Windows\System32\qwSYEiC.exe
  2⤵
  PID:11200
- C:\Windows\System32\UcTdVib.exe
  C:\Windows\System32\UcTdVib.exe
  2⤵
  PID:4392
- C:\Windows\System32\WmLxzgT.exe
  C:\Windows\System32\WmLxzgT.exe
  2⤵
  PID:768
- C:\Windows\System32\ZWEdkZV.exe
  C:\Windows\System32\ZWEdkZV.exe
  2⤵
  PID:11148
- C:\Windows\System32\IAxhJRf.exe
  C:\Windows\System32\IAxhJRf.exe
  2⤵
  PID:10456
- C:\Windows\System32\GnOxkHq.exe
  C:\Windows\System32\GnOxkHq.exe
  2⤵
  PID:11088
- C:\Windows\System32\RqohEyJ.exe
  C:\Windows\System32\RqohEyJ.exe
  2⤵
  PID:10256
- C:\Windows\System32\cquOGRf.exe
  C:\Windows\System32\cquOGRf.exe
  2⤵
  PID:11284
- C:\Windows\System32\TBFxYwh.exe
  C:\Windows\System32\TBFxYwh.exe
  2⤵
  PID:11312
- C:\Windows\System32\eUeZaGh.exe
  C:\Windows\System32\eUeZaGh.exe
  2⤵
  PID:11360
- C:\Windows\System32\OGjrfnM.exe
  C:\Windows\System32\OGjrfnM.exe
  2⤵
  PID:11404
- C:\Windows\System32\BomiPYs.exe
  C:\Windows\System32\BomiPYs.exe
  2⤵
  PID:11424
- C:\Windows\System32\wNnOWpR.exe
  C:\Windows\System32\wNnOWpR.exe
  2⤵
  PID:11440
- C:\Windows\System32\rKvHwGq.exe
  C:\Windows\System32\rKvHwGq.exe
  2⤵
  PID:11476
- C:\Windows\System32\cZlaNLR.exe
  C:\Windows\System32\cZlaNLR.exe
  2⤵
  PID:11500
- C:\Windows\System32\JaayAuy.exe
  C:\Windows\System32\JaayAuy.exe
  2⤵
  PID:11516
- C:\Windows\System32\BVKJDQL.exe
  C:\Windows\System32\BVKJDQL.exe
  2⤵
  PID:11532
- C:\Windows\System32\HMEaDXh.exe
  C:\Windows\System32\HMEaDXh.exe
  2⤵
  PID:11552
- C:\Windows\System32\EJkXFkw.exe
  C:\Windows\System32\EJkXFkw.exe
  2⤵
  PID:11576
- C:\Windows\System32\xNSUIYn.exe
  C:\Windows\System32\xNSUIYn.exe
  2⤵
  PID:11616
- C:\Windows\System32\EbdthqR.exe
  C:\Windows\System32\EbdthqR.exe
  2⤵
  PID:11632
- C:\Windows\System32\zDckrlk.exe
  C:\Windows\System32\zDckrlk.exe
  2⤵
  PID:11660
- C:\Windows\System32\OoaMQHe.exe
  C:\Windows\System32\OoaMQHe.exe
  2⤵
  PID:11748
- C:\Windows\System32\nKNoHcN.exe
  C:\Windows\System32\nKNoHcN.exe
  2⤵
  PID:11764
- C:\Windows\System32\YTByPpW.exe
  C:\Windows\System32\YTByPpW.exe
  2⤵
  PID:11804
- C:\Windows\System32\DtczZQT.exe
  C:\Windows\System32\DtczZQT.exe
  2⤵
  PID:11820
- C:\Windows\System32\KkJKbpe.exe
  C:\Windows\System32\KkJKbpe.exe
  2⤵
  PID:11836
- C:\Windows\System32\duBJgsj.exe
  C:\Windows\System32\duBJgsj.exe
  2⤵
  PID:11860
- C:\Windows\System32\YwCbmdE.exe
  C:\Windows\System32\YwCbmdE.exe
  2⤵
  PID:11876
- C:\Windows\System32\pIFybub.exe
  C:\Windows\System32\pIFybub.exe
  2⤵
  PID:11924
- C:\Windows\System32\FciGYuJ.exe
  C:\Windows\System32\FciGYuJ.exe
  2⤵
  PID:11948
- C:\Windows\System32\LIfQwAS.exe
  C:\Windows\System32\LIfQwAS.exe
  2⤵
  PID:11980
- C:\Windows\System32\UNfgqgG.exe
  C:\Windows\System32\UNfgqgG.exe
  2⤵
  PID:12000
- C:\Windows\System32\OQplUeH.exe
  C:\Windows\System32\OQplUeH.exe
  2⤵
  PID:12024
- C:\Windows\System32\QhnEOnB.exe
  C:\Windows\System32\QhnEOnB.exe
  2⤵
  PID:12040
- C:\Windows\System32\ADUqTqS.exe
  C:\Windows\System32\ADUqTqS.exe
  2⤵
  PID:12064
- C:\Windows\System32\NBZEWgv.exe
  C:\Windows\System32\NBZEWgv.exe
  2⤵
  PID:12080
- C:\Windows\System32\jYgoCAE.exe
  C:\Windows\System32\jYgoCAE.exe
  2⤵
  PID:12116
- C:\Windows\System32\KsphWty.exe
  C:\Windows\System32\KsphWty.exe
  2⤵
  PID:12168
- C:\Windows\System32\MEdpsoG.exe
  C:\Windows\System32\MEdpsoG.exe
  2⤵
  PID:12216
- C:\Windows\System32\jVkTjhP.exe
  C:\Windows\System32\jVkTjhP.exe
  2⤵
  PID:12240
- C:\Windows\System32\YncmfdX.exe
  C:\Windows\System32\YncmfdX.exe
  2⤵
  PID:12268
- C:\Windows\System32\vnmvkvJ.exe
  C:\Windows\System32\vnmvkvJ.exe
  2⤵
  PID:11292
- C:\Windows\System32\oFkvghp.exe
  C:\Windows\System32\oFkvghp.exe
  2⤵
  PID:11332
- C:\Windows\System32\SwxjsnZ.exe
  C:\Windows\System32\SwxjsnZ.exe
  2⤵
  PID:3532
- C:\Windows\System32\fowNzxb.exe
  C:\Windows\System32\fowNzxb.exe
  2⤵
  PID:11412
- C:\Windows\System32\qQvemoN.exe
  C:\Windows\System32\qQvemoN.exe
  2⤵
  PID:11464
- C:\Windows\System32\gScnTfB.exe
  C:\Windows\System32\gScnTfB.exe
  2⤵
  PID:11508
- C:\Windows\System32\YGKRDEu.exe
  C:\Windows\System32\YGKRDEu.exe
  2⤵
  PID:11624
- C:\Windows\System32\eDswGzn.exe
  C:\Windows\System32\eDswGzn.exe
  2⤵
  PID:11640
- C:\Windows\System32\HXskncW.exe
  C:\Windows\System32\HXskncW.exe
  2⤵
  PID:11724
- C:\Windows\System32\NsXJyZe.exe
  C:\Windows\System32\NsXJyZe.exe
  2⤵
  PID:11788
- C:\Windows\System32\gLEorlc.exe
  C:\Windows\System32\gLEorlc.exe
  2⤵
  PID:11828
- C:\Windows\System32\nwfGWGQ.exe
  C:\Windows\System32\nwfGWGQ.exe
  2⤵
  PID:11872
- C:\Windows\System32\nGxPJMp.exe
  C:\Windows\System32\nGxPJMp.exe
  2⤵
  PID:11988
- C:\Windows\System32\NqyVqSG.exe
  C:\Windows\System32\NqyVqSG.exe
  2⤵
  PID:12036
- C:\Windows\System32\jdaGIEi.exe
  C:\Windows\System32\jdaGIEi.exe
  2⤵
  PID:12088
- C:\Windows\System32\aREDdFu.exe
  C:\Windows\System32\aREDdFu.exe
  2⤵
  PID:11468
- C:\Windows\System32\phhKdyB.exe
  C:\Windows\System32\phhKdyB.exe
  2⤵
  PID:12196
- C:\Windows\System32\wFeHySQ.exe
  C:\Windows\System32\wFeHySQ.exe
  2⤵
  PID:12236
- C:\Windows\System32\WSlILVl.exe
  C:\Windows\System32\WSlILVl.exe
  2⤵
  PID:11280
- C:\Windows\System32\RBJnVpA.exe
  C:\Windows\System32\RBJnVpA.exe
  2⤵
  PID:11448
- C:\Windows\System32\pLPkBMc.exe
  C:\Windows\System32\pLPkBMc.exe
  2⤵
  PID:11564
- C:\Windows\System32\tJomiGU.exe
  C:\Windows\System32\tJomiGU.exe
  2⤵
  PID:11652
- C:\Windows\System32\hGQcHpb.exe
  C:\Windows\System32\hGQcHpb.exe
  2⤵
  PID:12016
- C:\Windows\System32\ClHgGuy.exe
  C:\Windows\System32\ClHgGuy.exe
  2⤵
  PID:11460
- C:\Windows\System32\kLfmAwj.exe
  C:\Windows\System32\kLfmAwj.exe
  2⤵
  PID:12092
- C:\Windows\System32\WygVJTL.exe
  C:\Windows\System32\WygVJTL.exe
  2⤵
  PID:12284
- C:\Windows\System32\rCDXEFt.exe
  C:\Windows\System32\rCDXEFt.exe
  2⤵
  PID:11692
- C:\Windows\System32\hYPwdIp.exe
  C:\Windows\System32\hYPwdIp.exe
  2⤵
  PID:11960
- C:\Windows\System32\JYrRolP.exe
  C:\Windows\System32\JYrRolP.exe
  2⤵
  PID:12164
- C:\Windows\System32\LmWJJHH.exe
  C:\Windows\System32\LmWJJHH.exe
  2⤵
  PID:11772
- C:\Windows\System32\VUhxbLk.exe
  C:\Windows\System32\VUhxbLk.exe
  2⤵
  PID:12260
- C:\Windows\System32\fqBcasH.exe
  C:\Windows\System32\fqBcasH.exe
  2⤵
  PID:12300
- C:\Windows\System32\qspGYmr.exe
  C:\Windows\System32\qspGYmr.exe
  2⤵
  PID:12332
- C:\Windows\System32\XJyqUkO.exe
  C:\Windows\System32\XJyqUkO.exe
  2⤵
  PID:12348
- C:\Windows\System32\MHgoXyW.exe
  C:\Windows\System32\MHgoXyW.exe
  2⤵
  PID:12372
- C:\Windows\System32\CYRUPcq.exe
  C:\Windows\System32\CYRUPcq.exe
  2⤵
  PID:12396
- C:\Windows\System32\hUHncAr.exe
  C:\Windows\System32\hUHncAr.exe
  2⤵
  PID:12432
- C:\Windows\System32\LddSEMm.exe
  C:\Windows\System32\LddSEMm.exe
  2⤵
  PID:12448
- C:\Windows\System32\qeXkYhr.exe
  C:\Windows\System32\qeXkYhr.exe
  2⤵
  PID:12464
- C:\Windows\System32\CmiViVO.exe
  C:\Windows\System32\CmiViVO.exe
  2⤵
  PID:12484
- C:\Windows\System32\RiAfRrt.exe
  C:\Windows\System32\RiAfRrt.exe
  2⤵
  PID:12568
- C:\Windows\System32\hUqPxLz.exe
  C:\Windows\System32\hUqPxLz.exe
  2⤵
  PID:12588
- C:\Windows\System32\LJwHUAo.exe
  C:\Windows\System32\LJwHUAo.exe
  2⤵
  PID:12604
- C:\Windows\System32\eBvoopU.exe
  C:\Windows\System32\eBvoopU.exe
  2⤵
  PID:12620
- C:\Windows\System32\apCDdsT.exe
  C:\Windows\System32\apCDdsT.exe
  2⤵
  PID:12636
- C:\Windows\System32\yVjaryb.exe
  C:\Windows\System32\yVjaryb.exe
  2⤵
  PID:12652
- C:\Windows\System32\WMzgAAE.exe
  C:\Windows\System32\WMzgAAE.exe
  2⤵
  PID:12668
- C:\Windows\System32\JHcKFIy.exe
  C:\Windows\System32\JHcKFIy.exe
  2⤵
  PID:12688
- C:\Windows\System32\ZLInjrm.exe
  C:\Windows\System32\ZLInjrm.exe
  2⤵
  PID:12704
- C:\Windows\System32\nqaRWCA.exe
  C:\Windows\System32\nqaRWCA.exe
  2⤵
  PID:12724
- C:\Windows\System32\XlMrfGG.exe
  C:\Windows\System32\XlMrfGG.exe
  2⤵
  PID:12740
- C:\Windows\System32\jpUXNew.exe
  C:\Windows\System32\jpUXNew.exe
  2⤵
  PID:12760
- C:\Windows\System32\HHzAlyy.exe
  C:\Windows\System32\HHzAlyy.exe
  2⤵
  PID:12808
- C:\Windows\System32\GyygCXd.exe
  C:\Windows\System32\GyygCXd.exe
  2⤵
  PID:12832
- C:\Windows\System32\JCQYbdn.exe
  C:\Windows\System32\JCQYbdn.exe
  2⤵
  PID:12900
- C:\Windows\System32\wlgozZZ.exe
  C:\Windows\System32\wlgozZZ.exe
  2⤵
  PID:13000
- C:\Windows\System32\iUhTkPx.exe
  C:\Windows\System32\iUhTkPx.exe
  2⤵
  PID:13016
- C:\Windows\System32\WrLBKMg.exe
  C:\Windows\System32\WrLBKMg.exe
  2⤵
  PID:13044
- C:\Windows\System32\HVAYASq.exe
  C:\Windows\System32\HVAYASq.exe
  2⤵
  PID:13072
- C:\Windows\System32\EGRDJdl.exe
  C:\Windows\System32\EGRDJdl.exe
  2⤵
  PID:13092
- C:\Windows\System32\AuJSSSe.exe
  C:\Windows\System32\AuJSSSe.exe
  2⤵
  PID:13116
- C:\Windows\System32\dSfrjxw.exe
  C:\Windows\System32\dSfrjxw.exe
  2⤵
  PID:13144
- C:\Windows\System32\kCKiqCN.exe
  C:\Windows\System32\kCKiqCN.exe
  2⤵
  PID:13164
- C:\Windows\System32\sOTzORO.exe
  C:\Windows\System32\sOTzORO.exe
  2⤵
  PID:13220
- C:\Windows\System32\slDOzLR.exe
  C:\Windows\System32\slDOzLR.exe
  2⤵
  PID:13240
- C:\Windows\System32\tjZFonF.exe
  C:\Windows\System32\tjZFonF.exe
  2⤵
  PID:13280
- C:\Windows\System32\KFcgHfe.exe
  C:\Windows\System32\KFcgHfe.exe
  2⤵
  PID:13300
- C:\Windows\System32\CoAJriC.exe
  C:\Windows\System32\CoAJriC.exe
  2⤵
  PID:12408
- C:\Windows\System32\PKhzjWT.exe
  C:\Windows\System32\PKhzjWT.exe
  2⤵
  PID:12480
- C:\Windows\System32\GCowCex.exe
  C:\Windows\System32\GCowCex.exe
  2⤵
  PID:12576
- C:\Windows\System32\WHClyia.exe
  C:\Windows\System32\WHClyia.exe
  2⤵
  PID:12664
- C:\Windows\System32\qJmPyqM.exe
  C:\Windows\System32\qJmPyqM.exe
  2⤵
  PID:336
- C:\Windows\System32\PuizYyC.exe
  C:\Windows\System32\PuizYyC.exe
  2⤵
  PID:12772
- C:\Windows\System32\FmWMxsJ.exe
  C:\Windows\System32\FmWMxsJ.exe
  2⤵
  PID:12732
- C:\Windows\System32\JCgkpJC.exe
  C:\Windows\System32\JCgkpJC.exe
  2⤵
  PID:3852
- C:\Windows\System32\TrivFDd.exe
  C:\Windows\System32\TrivFDd.exe
  2⤵
  PID:12792
- C:\Windows\System32\OASEqDs.exe
  C:\Windows\System32\OASEqDs.exe
  2⤵
  PID:12876
- C:\Windows\System32\ILWivQj.exe
  C:\Windows\System32\ILWivQj.exe
  2⤵
  PID:13100
- C:\Windows\System32\NJazoej.exe
  C:\Windows\System32\NJazoej.exe
  2⤵
  PID:13112
- C:\Windows\System32\ysdARLb.exe
  C:\Windows\System32\ysdARLb.exe
  2⤵
  PID:13136
- C:\Windows\System32\qjQLQZW.exe
  C:\Windows\System32\qjQLQZW.exe
  2⤵
  PID:13184
- C:\Windows\System32\ArYsomm.exe
  C:\Windows\System32\ArYsomm.exe
  2⤵
  PID:13212
- C:\Windows\System32\lZloyDe.exe
  C:\Windows\System32\lZloyDe.exe
  2⤵
  PID:11784
- C:\Windows\System32\SAlejRP.exe
  C:\Windows\System32\SAlejRP.exe
  2⤵
  PID:13276
- C:\Windows\System32\LtPVAYZ.exe
  C:\Windows\System32\LtPVAYZ.exe
  2⤵
  PID:12344
- C:\Windows\System32\isDKqLb.exe
  C:\Windows\System32\isDKqLb.exe
  2⤵
  PID:12296
- C:\Windows\System32\rPBhfTB.exe
  C:\Windows\System32\rPBhfTB.exe
  2⤵
  PID:2240
- C:\Windows\System32\gZpxeFs.exe
  C:\Windows\System32\gZpxeFs.exe
  2⤵
  PID:12444
- C:\Windows\System32\FgeLSPi.exe
  C:\Windows\System32\FgeLSPi.exe
  2⤵
  PID:12520
- C:\Windows\System32\sNRceSN.exe
  C:\Windows\System32\sNRceSN.exe
  2⤵
  PID:4976
- C:\Windows\System32\PnrRFWK.exe
  C:\Windows\System32\PnrRFWK.exe
  2⤵
  PID:12644
- C:\Windows\System32\rNYYPjO.exe
  C:\Windows\System32\rNYYPjO.exe
  2⤵
  PID:12696
- C:\Windows\System32\mfIvwom.exe
  C:\Windows\System32\mfIvwom.exe
  2⤵
  PID:13152
- C:\Windows\System32\rbKutbw.exe
  C:\Windows\System32\rbKutbw.exe
  2⤵
  PID:2120
- C:\Windows\System32\hXhinvF.exe
  C:\Windows\System32\hXhinvF.exe
  2⤵
  PID:12960
- C:\Windows\System32\GXhvMpg.exe
  C:\Windows\System32\GXhvMpg.exe
  2⤵
  PID:13080
- C:\Windows\System32\kFuTVjX.exe
  C:\Windows\System32\kFuTVjX.exe
  2⤵
  PID:12340
- C:\Windows\System32\SXUiAkI.exe
  C:\Windows\System32\SXUiAkI.exe
  2⤵
  PID:13064
- C:\Windows\System32\QXCdPff.exe
  C:\Windows\System32\QXCdPff.exe
  2⤵
  PID:13132
- C:\Windows\System32\MlnCTkc.exe
  C:\Windows\System32\MlnCTkc.exe
  2⤵
  PID:13352
- C:\Windows\System32\mAETXyN.exe
  C:\Windows\System32\mAETXyN.exe
  2⤵
  PID:13380
- C:\Windows\System32\noVPhIP.exe
  C:\Windows\System32\noVPhIP.exe
  2⤵
  PID:13408
- C:\Windows\System32\CKfMyAM.exe
  C:\Windows\System32\CKfMyAM.exe
  2⤵
  PID:13424
- C:\Windows\System32\JbTEQME.exe
  C:\Windows\System32\JbTEQME.exe
  2⤵
  PID:13456
- C:\Windows\System32\VrAFWQE.exe
  C:\Windows\System32\VrAFWQE.exe
  2⤵
  PID:13472
- C:\Windows\System32\yhIoNPN.exe
  C:\Windows\System32\yhIoNPN.exe
  2⤵
  PID:13488
- C:\Windows\System32\fmJUyrA.exe
  C:\Windows\System32\fmJUyrA.exe
  2⤵
  PID:13548
- C:\Windows\System32\IAhlpPr.exe
  C:\Windows\System32\IAhlpPr.exe
  2⤵
  PID:13612
- C:\Windows\System32\SHUNltr.exe
  C:\Windows\System32\SHUNltr.exe
  2⤵
  PID:13632
- C:\Windows\System32\DgUpsni.exe
  C:\Windows\System32\DgUpsni.exe
  2⤵
  PID:13648
- C:\Windows\System32\PKxTlNj.exe
  C:\Windows\System32\PKxTlNj.exe
  2⤵
  PID:13692
- C:\Windows\System32\bXiAArR.exe
  C:\Windows\System32\bXiAArR.exe
  2⤵
  PID:13724
- C:\Windows\System32\jaGFNrw.exe
  C:\Windows\System32\jaGFNrw.exe
  2⤵
  PID:13744
- C:\Windows\System32\mnnfzsf.exe
  C:\Windows\System32\mnnfzsf.exe
  2⤵
  PID:13788
- C:\Windows\System32\XKVFkBi.exe
  C:\Windows\System32\XKVFkBi.exe
  2⤵
  PID:13820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1296,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
1⤵
PID:8624

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AeJGWBq.exe

Filesize
1.1MB

MD5
f5323587fa84a9222d30ae9d253e3a8b

SHA1
2b3feb347c7b2e7874abcb6ef90defa4e807a64a

SHA256
34929d05c21cdf4ef71431eb38dd19676c0d058967e41a44a43a1886d408b4e2

SHA512
f6bf9fe110a5d4ff94841cecc9922f6b0ea6e2f67b1a4a7c634356c50d637c5444dcba41018b9231aa92a0f19f16393edc2a5c2cd80662a36f34f60c8110c328

Download Submit
C:\Windows\System32\BBamYAa.exe

Filesize
1.1MB

MD5
3d764f1d30a4d18248debf741d0bd7f4

SHA1
2d4d1203b82296575ada8bc4beef9db7bc3a7df0

SHA256
ac6f307880b74407004caf2a4458feac9aa0a010c17673bffbb33be82eeab814

SHA512
18cc02231fb8049978ede15fcdac3f489c73ecdbc4f5aef92ea8049a9fbc10aa024cc22e0c77a88d13f7067862a5a77ea2024fdc578d9e107de44dd13bf430b7

Download Submit
C:\Windows\System32\BbxTuPv.exe

Filesize
1.1MB

MD5
f55441b3a669191147b9624ed297884d

SHA1
c6e945ef12025fdfb57db94a298b6ac36e3ba123

SHA256
9eafd81c5eebe82a9e317735f81c2f970002194b0cae34595b42f1b874572f13

SHA512
2be49a2e68e6ed16579980289fbf0c90a32cae3e2903a5d74e217e732bda246155323186143fd8391a2f8555242a6ba01337bc4af64a6e0b0cec5ef48bdaee07

Download Submit
C:\Windows\System32\CEBCwpP.exe

Filesize
1.1MB

MD5
b726820c653a24cff83d7948dfe2037f

SHA1
7bc42a1147eef1953d7c7ad973d20b81489d2845

SHA256
af9c2d969e2d6f18d161df21580d074144410f202a9622d00de153ee7daa041a

SHA512
25f71b153291da816ac49fa7730ae036c5de23018cc20c0bca162ab057f4b942513eecc3d25248222ddeac343125485c2f0e0b21b2362b2368c0a90e71238cdb

Download Submit
C:\Windows\System32\FLSVamE.exe

Filesize
1.1MB

MD5
da496856b0c4b7440965fc8b282bf4af

SHA1
2bec5f7905e0bd77e397b08e77d7332da6d99c81

SHA256
09725d9d72a1a80bf84f0b54682896a12b9f564f8ae3a82a4576e3ae35959641

SHA512
e3f5d5092fefbae15ef9dee6c26bf8eb5f268394a40d51f67a16de0e54fd716877999c8733a39e1f3f231e6514ca902df4761c2f17426e0a3a62be2d530716d4

Download Submit
C:\Windows\System32\FiLllKk.exe

Filesize
1.1MB

MD5
60f2ee4d01c155bdca132d63dc975007

SHA1
4d51644a85146960c34650ef39d5bca3d91ba212

SHA256
f0f69362be76a64027f7031569546690d8fa694e5c4e93ef4a23feff46d33b64

SHA512
847bc68b773ccefef2779e7027f318561dee619967c541fd427907c05578bdb211e96aba30a490a181033ee9ca1a447531f23a1487c2e319c9a57196823b2062

Download Submit
C:\Windows\System32\KXUjdkI.exe

Filesize
1.1MB

MD5
64734eb328ddf0d5f8543256868658b1

SHA1
c35b8054415f374eb103634cfea6e9d711e327e1

SHA256
affa086d1438ab371e326804eff6cdd193715a9c48bf7b31eb9b877e246e1c16

SHA512
c1c72b292c28e1d5d13ff862fb9f1b41a9700d8a46f21340d084ee09999d976bbcb4f2bcd3a1f133414257bd99c2306cee02544c5e1fa6b2ce90155375dca3b6

Download Submit
C:\Windows\System32\LIgtIsc.exe

Filesize
1.1MB

MD5
a439681ffc815a4f137faa3cb48d0cac

SHA1
ba6913c689de664a2de16d51646d1e9361a02445

SHA256
02dc1c33a9a91014d29cdf2edd79ae25a58a043f4f1ff75678ffd3c4c6782edb

SHA512
fbe20776d81aa06338c73f4a2333ff05685e19a63138db2f0cb7335e87f8a1e69b5e03f65ab0827d8b51c5a17b88d4076229a72cca7cc46ad9a2b219e63ef821

Download Submit
C:\Windows\System32\LPJWfnE.exe

Filesize
1.1MB

MD5
e8688f939b1233eb6eb05d2477700ac5

SHA1
cc059d68e4909cb854ace30cf1ab791b5e4af5fc

SHA256
c0697f43e5819ab7629b0d52a237db29bc5574030f083b11adff3f29e4af3d9b

SHA512
0986eb186c463fe4851b4a96892cd2499c924ab0ca70c0728307861d67b8512bb7bd5770918448b702160478c9b5e02cd6256bf6ecfae0671be030c16d4b8579

Download Submit
C:\Windows\System32\NYQqvLk.exe

Filesize
1.1MB

MD5
32717225a3e69fb91b9a82b5285f667e

SHA1
1a1a86d7437044f831bc9182726a0899e9fb939b

SHA256
adc5ac3c6dec941e6a9bbc113cde8e54fe077e3ac676543175a2c0574366390a

SHA512
c4db424badeb0e107d6718ea8305c294c16d7c619ce871c7f2927ba5b010c457b78747f9fbd7ab8ed41b197ea036c075c8a6cb807a2f04dc431a7525d0e989b0

Download Submit
C:\Windows\System32\PkZoGaQ.exe

Filesize
1.1MB

MD5
acef6e294e1b9ab05def56ed8da3f368

SHA1
ecdd2bdc96bb81108ed0809c6281e35e302640e3

SHA256
16090e2efae810b42ec75f91d3b62ab3a4bf144d9f27adf1e5c6c7aaeea81f1c

SHA512
6d027705d162ecaadc120de354abec1fb426a9eeb2c73b613a2fb29d6446a320c4a268472095113e397b5ad7470afeb33d3f938548efa6b2f11c34757d1f3829

Download Submit
C:\Windows\System32\QWMepAn.exe

Filesize
1.1MB

MD5
a66e3c57bd3b5a78e9294abebd08a642

SHA1
809518d8a7388ff88e75e6259c5c866f97d13684

SHA256
6d7485cbd2c156c22f9b796e4d5b916ded1c274b1c77af4a8a256ea1a2d59110

SHA512
2e90d9ea61389ecccdbada79f163ac7f9c569f5e699a2ea18311f0146b438589e924fb42b87bd8647c2ff51f7e671e63c24c30c7ed90f88f22a1373ba86b2748

Download Submit
C:\Windows\System32\SIhZsWA.exe

Filesize
1.1MB

MD5
09dfadf8171f2e9c22ba0e0eb7ebb373

SHA1
ead001fefe8811318a3568d92b56ab7574071f89

SHA256
8299c328286cadb191596748fdf81bda66c2c5d6d62f31aee93d4b1a4bd0bb0e

SHA512
7238d3a40c8ab08ca612743399313df47df313e3ad56d95ebd4b0fc165ba3bdce415ecd6cf6fd2544fc913634121a451f075f2ecdcda28678e0751754befd857

Download Submit
C:\Windows\System32\WIBxEyu.exe

Filesize
1.1MB

MD5
c1757d4e0f49622442eb4e047a6a7460

SHA1
eb4d4c627a172fa38be014a01f0dadc3a26f7717

SHA256
e91ffc1f8a067f8c65c1ab064aa49720b1c8f3deee3fbd4270f4204123532eda

SHA512
b7d0ca1d2a5802ff2df5115260b42bb0dd5b1a9ff684566ed0584feb217268266a7ca1b6e7011583d0ad0e974304ac1d190d6d6bb8ffca50a09ac2e405258317

Download Submit
C:\Windows\System32\ZoXPFfA.exe

Filesize
1.1MB

MD5
92a5ecff36e2519fcd0fee3bf010c456

SHA1
fee784bb850c8e7e8a968bf3957898615714b018

SHA256
366db90a02b1792589465b37820f58fc6efb0f15400adf39071e6ea9d711d344

SHA512
a6ca242c57dd7d9f3b5b5bfad54d49e74d6ba1be5382f5ce7f521632e6fa4f97da78b7916db74dedc4fee67f158efe6596262f3e89ea8efd11051fac71d7fc9a

Download Submit
C:\Windows\System32\ZvPJkiY.exe

Filesize
1.1MB

MD5
bc9699a51c2665a7d057f746d2452e76

SHA1
813c0defcfcffff794dbda340cd3bb5eda4aac1f

SHA256
705bb94bbfe04117473c122674cb73e12838456963087f929716308f7a30f54f

SHA512
1651b78dbcc0c21f1cafa3afbd0dff7bff18a70b55e67c90db207a3986e9fa265cb4701a44a5625e58daa9de329b5bcf3f355487c6e38ada94be1ae98e413629

Download Submit
C:\Windows\System32\airXSKU.exe

Filesize
1.1MB

MD5
8a3c0f8e88b4217afbfb53f450fde050

SHA1
347c8177f4f419a84bb9d1170a74b79b69772fe0

SHA256
ab49315d0d96a15f3ab7b5726848854687d7702d4dc33ad0f8350c34f1c89b73

SHA512
31a5d5d56b6e8877ce3ae4f917c21f358d19d8f99a8c91ab56af9f638720e5c9d66247591460e6c683f6d29e7637484d00aa62428ae5a932907a3d05ac7f9981

Download Submit
C:\Windows\System32\bZkKbZp.exe

Filesize
1.1MB

MD5
ffe89fc7b251ffab6c355a58ce162576

SHA1
a9fafd65ff3e73d1d6ed4315ac95059794939a50

SHA256
3b98d612d0c2603ab6b84af99fefe8591377da2cfb1919fd655108ad0d70a5b0

SHA512
5254cdcd947234cb50319297977b59dd1625a9427a0bd9bfbde0504b17b87ee0c9849984a7f6d9988124e5b311083958e258cd700dac5b223fdb001f52c37f16

Download Submit
C:\Windows\System32\dgtfGHo.exe

Filesize
1.1MB

MD5
fcc11bb6f2f3bb0df2dd72a5626d1f4a

SHA1
ee0a3676d02e52bece12addd5af3918b3024e214

SHA256
f6d99a21ade9792fd028f7ed7440aeb33667970ff07d29c3bc7582bdbc4192e0

SHA512
add8f87754bc3035138130aeba05c6e1bf6c000f35496e0f3db1570f47da80ad4fc2e7fb4e41bf2f4b3b645d43cdddc0f911eb97f850ed96a35512d7737bd106

Download Submit
C:\Windows\System32\fYQACoA.exe

Filesize
1.1MB

MD5
141ca95b93a2ce38fccf97cd62771084

SHA1
99a620797421241e931b91d2626c9c25d2a78873

SHA256
19e95dccc1b410d4d0bad0c75bcc5b88bfaa2fb473cd1489d3cc339220234800

SHA512
5565f5992e0857d53310f660a5ee37e6abd10f46dcc4c6495c3e29c2a1852af999d52884f7a8263d04784659614c43387fe0825dee929b65d40d1caae2a7945d

Download Submit
C:\Windows\System32\gJqxJfn.exe

Filesize
1.1MB

MD5
c2bdee93b8c0dad92263e14982151608

SHA1
b36d4c00bf4a07afa68178f3c2499772f87a3ee6

SHA256
7d79c9b82cabc3d9b4a49242a607a3add0174604bee889951781234748ff3cd1

SHA512
bc099667f811430248bf7d75a96f95b5f28e9ba365b3567fb5b2d0303d705a29e58ca05a19ad0e28d89e675d0dd1e92c32c30393dce6e4b805bbcd76a38e45d0

Download Submit
C:\Windows\System32\iBqzBBI.exe

Filesize
1.1MB

MD5
8c62af856aa249b9cc5181cbfb36c6d5

SHA1
7351dc3dd4c6348ae1c59fb53f36f1285067e316

SHA256
6a94bfce8c759ef39e529f7603b87483db9c105e1cf163460db6f259d9be1a14

SHA512
f109ed58099e262f773d68db726e568f9aed0d2fe23b3275e486eebdb67dbcdf106f2ee42db4311794792c6b155b7ea87a11350f57cba825447f6ea1f7ce40bc

Download Submit
C:\Windows\System32\kNYNXCd.exe

Filesize
1.1MB

MD5
7f8e56ab92cbddf0c4d8f4c2ca6e2684

SHA1
12f59f59f0ae8e8521c2aeca09aa8298794f2280

SHA256
72e6ff6584e6ac25877888984c5ee53409238da51e0fa7ec12b1b177a184405a

SHA512
b707167c89b06801867e5d10d1c73de197c5a536f681095964bc5b597318bc641444af01e02984e09719163ca331e940b56cf41066acceebc185889d70ca896f

Download Submit
C:\Windows\System32\nlRtYGV.exe

Filesize
1.1MB

MD5
d8332ac3801ec9662c024287605e3854

SHA1
5fd0b91785d07380aadab5a2cfadae8ca715ef86

SHA256
fdbcee22f81af6a980327a417d7af2a0476ece76996bc47520013285b4f65f7d

SHA512
ebb040fb685bc4eeed792983db733ecf67164e5851dad0e81635441b79849d4789266aaf0c2d3848119d76022bf29df3002acae7abf63a2273f5780c4a5e9f40

Download Submit
C:\Windows\System32\oDuZtBh.exe

Filesize
1.1MB

MD5
8a916aec0a9f79266495ce15f342ef08

SHA1
02ce2acc23df82bb52c8072d69ffefc1dc12c6e1

SHA256
474ca03295d46fac6f02d029a5c8e88f42835791efdd70a43b2e107a6bf3ba9b

SHA512
5a0b16d4d888ba9d6a41d5bc896b9ad341ecdb54d5919986244f2a4ed5c0371c86405a5cd6e47f5e1ffe23e2bbc87b7b10adf3840bb9ad1481ed1442a25a036b

Download Submit
C:\Windows\System32\pGOlrZX.exe

Filesize
1.1MB

MD5
aab69edf459fe65afb79079898d3236e

SHA1
7b1d0943005b8b3158d5662ffab13f30f13c6ba8

SHA256
b0e442e796761790f667e5b728e03ad17d366796be9cf9e0bded2cfee753559f

SHA512
bae1adbdcf79ec4c1514aea651916854f0b57433442f84c7bfa9f6e2df8579d711ecdbecb515dc7901e2f324011898400f61d085e20341b4508b161bcb4047d7

Download Submit
C:\Windows\System32\pyNIMHn.exe

Filesize
1.1MB

MD5
7675280c5df3cb18559da74ff81f4b97

SHA1
6ec8648464e8e26d4f0a9ce99429b4aaf52bc521

SHA256
572376668baf033a27192154b940bb2223236adbcafa1f8e92ad429591f402f3

SHA512
f1006211005cbc30cd1798efd2184111eadcfacd2442ade2eba4f7b1453ce908e80e1e7a7497941e0460b81aed5ca2ea0044efd8a1c642fa4e20ea5070fb00b2

Download Submit
C:\Windows\System32\rHjlMkW.exe

Filesize
1.1MB

MD5
083cd0e991122b8173b28849fd5045a7

SHA1
547a0d8baad4f6b04c395ff2c4668ae8485b9058

SHA256
ca98f92e60aab90accb5ca5b3bb586d5434a7d98ac2d2964124f1a2a36ec6d32

SHA512
2346982b8dc94073054198a890d1d15cc17841f320dc93f60628e8c121b377efdc966447444711a362fb8bfe664394712c996e7b07e7478493cf0eacd61eba5a

Download Submit
C:\Windows\System32\rsQSrnN.exe

Filesize
1.1MB

MD5
421604f45bd5fda59cb50ba202911611

SHA1
e7e4350a47fc6e9610018b2448a6bc5d74d923e9

SHA256
953760f75d580ab8b1c728ff340b84c7ed4d869c66535c83f6902443af12c7a6

SHA512
d204e00f43796b1b165eabc2ff2ff833975794ccdd69eea04dc9ee2537834626696fef1ccc85515be358ab4afad7a71fb5ab642a0aefc3340f9c52fc8a9073d0

Download Submit
C:\Windows\System32\sXMSwnf.exe

Filesize
1.1MB

MD5
56f271090c9601b4b47a9e21669048c8

SHA1
6f554c3ea5e1485d5b38ad1dae4a1f2b59f60b8d

SHA256
505557362d2b30589d4cf480db7125f0982025547cf6a8183a969c170951dea5

SHA512
e4e1a20d7237792bd626e527d74ce9d1e9f96a6f457847a032d7212ae353634cdc85cf27d435701fdbf6fabfa51151f96db2bb4da8433e3b9703c156c58f2294

Download Submit
C:\Windows\System32\wJIuzhs.exe

Filesize
1.1MB

MD5
e7626412e4c8a8368de840e901067c6c

SHA1
e56dc0fce0edd85f19797367522e5384a5d679ff

SHA256
4f5253864519f38eba241551adf6f6beae49d1e4ea8332314fb4521d31dbea36

SHA512
17055591d5d7f305b25b0ea634dcffe6dcbfda194ce2c51be131dbca70c1b21eccd23f130ccae90bbcde3d6a0d002354aac4a2a4d2aa83fab930fbd87baf8ce1

Download Submit
C:\Windows\System32\xeBDERJ.exe

Filesize
1.1MB

MD5
55b2d0d5c0778663415cd91c7eb70a91

SHA1
e198c062993ff6dca1c9e1049b506e7599ac7c40

SHA256
1982a9d5abc5da783faf2b3585a6dbcd39122115a2bcaf57304d889300bb55a1

SHA512
6a1b40af9dcb89eebcccb0a2ade6ae2397c7698070b75f2b8bfe9ea1fdeaf54363723c0b3ddcb66ad83835c4f96f2823f265a5e9e2e05513c27ae01c055bf629

Download Submit
C:\Windows\System32\zyQaBaJ.exe

Filesize
1.1MB

MD5
cdde314d412808a86cdc1b2c8741d831

SHA1
231bbf11889a9ee5c053d1ada454c924af7249f6

SHA256
d9caba18adc1ede9c45febc39243f121079da7da59e762a8e8c90f23d19eee14

SHA512
323d36b15169d1e7debb8f596423917bd2a28223f957408bd4038f1d49e355d44da3c054918a58c196d5ae892a892c794ee26e0a287531250be388bec6852102

Download Submit
memory/396-2092-0x00007FF7375F0000-0x00007FF7379E1000-memory.dmp

Filesize
3.9MB

Download
memory/396-53-0x00007FF7375F0000-0x00007FF7379E1000-memory.dmp

Filesize
3.9MB

Download
memory/396-117-0x00007FF7375F0000-0x00007FF7379E1000-memory.dmp

Filesize
3.9MB

Download
memory/680-67-0x00007FF663A60000-0x00007FF663E51000-memory.dmp

Filesize
3.9MB

Download
memory/680-127-0x00007FF663A60000-0x00007FF663E51000-memory.dmp

Filesize
3.9MB

Download
memory/712-44-0x00007FF779110000-0x00007FF779501000-memory.dmp

Filesize
3.9MB

Download
memory/712-113-0x00007FF779110000-0x00007FF779501000-memory.dmp

Filesize
3.9MB

Download
memory/712-2096-0x00007FF779110000-0x00007FF779501000-memory.dmp

Filesize
3.9MB

Download
memory/1040-101-0x00007FF612300000-0x00007FF6126F1000-memory.dmp

Filesize
3.9MB

Download
memory/1040-0-0x00007FF612300000-0x00007FF6126F1000-memory.dmp

Filesize
3.9MB

Download
memory/1040-1-0x0000029E95350000-0x0000029E95360000-memory.dmp

Filesize
64KB

Download
memory/1188-2094-0x00007FF76DF50000-0x00007FF76E341000-memory.dmp

Filesize
3.9MB

Download
memory/1188-63-0x00007FF76DF50000-0x00007FF76E341000-memory.dmp

Filesize
3.9MB

Download
memory/1312-2084-0x00007FF7D51C0000-0x00007FF7D55B1000-memory.dmp

Filesize
3.9MB

Download
memory/1312-109-0x00007FF7D51C0000-0x00007FF7D55B1000-memory.dmp

Filesize
3.9MB

Download
memory/1312-27-0x00007FF7D51C0000-0x00007FF7D55B1000-memory.dmp

Filesize
3.9MB

Download
memory/1384-79-0x00007FF779A20000-0x00007FF779E11000-memory.dmp

Filesize
3.9MB

Download
memory/1384-2146-0x00007FF779A20000-0x00007FF779E11000-memory.dmp

Filesize
3.9MB

Download
memory/1384-147-0x00007FF779A20000-0x00007FF779E11000-memory.dmp

Filesize
3.9MB

Download
memory/1464-140-0x00007FF65A170000-0x00007FF65A561000-memory.dmp

Filesize
3.9MB

Download
memory/1464-70-0x00007FF65A170000-0x00007FF65A561000-memory.dmp

Filesize
3.9MB

Download
memory/2488-57-0x00007FF696B10000-0x00007FF696F01000-memory.dmp

Filesize
3.9MB

Download
memory/2488-121-0x00007FF696B10000-0x00007FF696F01000-memory.dmp

Filesize
3.9MB

Download
memory/2552-104-0x00007FF633E00000-0x00007FF6341F1000-memory.dmp

Filesize
3.9MB

Download
memory/2552-1195-0x00007FF633E00000-0x00007FF6341F1000-memory.dmp

Filesize
3.9MB

Download
memory/2552-2144-0x00007FF633E00000-0x00007FF6341F1000-memory.dmp

Filesize
3.9MB

Download
memory/2592-2082-0x00007FF7BEE30000-0x00007FF7BF221000-memory.dmp

Filesize
3.9MB

Download
memory/2592-8-0x00007FF7BEE30000-0x00007FF7BF221000-memory.dmp

Filesize
3.9MB

Download
memory/2592-108-0x00007FF7BEE30000-0x00007FF7BF221000-memory.dmp

Filesize
3.9MB

Download
memory/2824-54-0x00007FF780750000-0x00007FF780B41000-memory.dmp

Filesize
3.9MB

Download
memory/2824-2086-0x00007FF780750000-0x00007FF780B41000-memory.dmp

Filesize
3.9MB

Download
memory/2972-116-0x00007FF689E20000-0x00007FF68A211000-memory.dmp

Filesize
3.9MB

Download
memory/2972-2138-0x00007FF689E20000-0x00007FF68A211000-memory.dmp

Filesize
3.9MB

Download
memory/2972-1198-0x00007FF689E20000-0x00007FF68A211000-memory.dmp

Filesize
3.9MB

Download
memory/3752-2090-0x00007FF6CB730000-0x00007FF6CBB21000-memory.dmp

Filesize
3.9MB

Download
memory/3752-60-0x00007FF6CB730000-0x00007FF6CBB21000-memory.dmp

Filesize
3.9MB

Download
memory/3772-2162-0x00007FF77B7A0000-0x00007FF77BB91000-memory.dmp

Filesize
3.9MB

Download
memory/3772-157-0x00007FF77B7A0000-0x00007FF77BB91000-memory.dmp

Filesize
3.9MB

Download
memory/3888-1526-0x00007FF758050000-0x00007FF758441000-memory.dmp

Filesize
3.9MB

Download
memory/3888-2142-0x00007FF758050000-0x00007FF758441000-memory.dmp

Filesize
3.9MB

Download
memory/3888-129-0x00007FF758050000-0x00007FF758441000-memory.dmp

Filesize
3.9MB

Download
memory/4152-150-0x00007FF7026C0000-0x00007FF702AB1000-memory.dmp

Filesize
3.9MB

Download
memory/4152-2150-0x00007FF7026C0000-0x00007FF702AB1000-memory.dmp

Filesize
3.9MB

Download
memory/4152-87-0x00007FF7026C0000-0x00007FF702AB1000-memory.dmp

Filesize
3.9MB

Download
memory/4212-126-0x00007FF77A500000-0x00007FF77A8F1000-memory.dmp

Filesize
3.9MB

Download
memory/4212-64-0x00007FF77A500000-0x00007FF77A8F1000-memory.dmp

Filesize
3.9MB

Download
memory/4212-2152-0x00007FF77A500000-0x00007FF77A8F1000-memory.dmp

Filesize
3.9MB

Download
memory/4348-937-0x00007FF738810000-0x00007FF738C01000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2158-0x00007FF738810000-0x00007FF738C01000-memory.dmp

Filesize
3.9MB

Download
memory/4348-88-0x00007FF738810000-0x00007FF738C01000-memory.dmp

Filesize
3.9MB

Download
memory/4412-2149-0x00007FF7E1960000-0x00007FF7E1D51000-memory.dmp

Filesize
3.9MB

Download
memory/4412-95-0x00007FF7E1960000-0x00007FF7E1D51000-memory.dmp

Filesize
3.9MB

Download
memory/4412-1060-0x00007FF7E1960000-0x00007FF7E1D51000-memory.dmp

Filesize
3.9MB

Download
memory/4496-2156-0x00007FF701380000-0x00007FF701771000-memory.dmp

Filesize
3.9MB

Download
memory/4496-143-0x00007FF701380000-0x00007FF701771000-memory.dmp

Filesize
3.9MB

Download
memory/4496-1741-0x00007FF701380000-0x00007FF701771000-memory.dmp

Filesize
3.9MB

Download
memory/4816-1426-0x00007FF7EE530000-0x00007FF7EE921000-memory.dmp

Filesize
3.9MB

Download
memory/4816-122-0x00007FF7EE530000-0x00007FF7EE921000-memory.dmp

Filesize
3.9MB

Download
memory/4816-2140-0x00007FF7EE530000-0x00007FF7EE921000-memory.dmp

Filesize
3.9MB

Download
memory/4852-2088-0x00007FF685600000-0x00007FF6859F1000-memory.dmp

Filesize
3.9MB

Download
memory/4852-112-0x00007FF685600000-0x00007FF6859F1000-memory.dmp

Filesize
3.9MB

Download
memory/4852-30-0x00007FF685600000-0x00007FF6859F1000-memory.dmp

Filesize
3.9MB

Download
memory/4960-2160-0x00007FF632490000-0x00007FF632881000-memory.dmp

Filesize
3.9MB

Download
memory/4960-1867-0x00007FF632490000-0x00007FF632881000-memory.dmp

Filesize
3.9MB

Download
memory/4960-151-0x00007FF632490000-0x00007FF632881000-memory.dmp

Filesize
3.9MB

Download
memory/5088-136-0x00007FF6185B0000-0x00007FF6189A1000-memory.dmp

Filesize
3.9MB

Download
memory/5088-1633-0x00007FF6185B0000-0x00007FF6189A1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads