xmrig | a67fdf310d977b9d4ebe50ac7cdbd01468c53d970bd11b81092ac46c8857acee

Analysis

max time kernel
131s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
Size

1.0MB
MD5

da06b62527ebda59456b5a54e430bf13
SHA1

9186d46b9ca00bc107d24421bdbac75993cc5603
SHA256

a67fdf310d977b9d4ebe50ac7cdbd01468c53d970bd11b81092ac46c8857acee
SHA512

e7f081de62aea056a86fb0bbedfca13539e4175191565f21d8a4dc3467617642c810035836c9d424bccbdcded9d6da815e500c49e52a5337b3145a75a4617607
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5Pbcq92zEeBo:knw9oUUEEDl37jcq4C

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral2/memory/4288-37-0x00007FF67DC20000-0x00007FF67E011000-memory.dmp	xmrig
behavioral2/memory/2020-38-0x00007FF60C8E0000-0x00007FF60CCD1000-memory.dmp	xmrig
behavioral2/memory/1792-36-0x00007FF62C3A0000-0x00007FF62C791000-memory.dmp	xmrig
behavioral2/memory/4144-27-0x00007FF6CC8D0000-0x00007FF6CCCC1000-memory.dmp	xmrig
behavioral2/memory/632-18-0x00007FF7D4940000-0x00007FF7D4D31000-memory.dmp	xmrig
behavioral2/memory/2116-71-0x00007FF76C370000-0x00007FF76C761000-memory.dmp	xmrig
behavioral2/memory/912-103-0x00007FF760EE0000-0x00007FF7612D1000-memory.dmp	xmrig
behavioral2/memory/2152-122-0x00007FF797950000-0x00007FF797D41000-memory.dmp	xmrig
behavioral2/memory/1516-113-0x00007FF6C6B10000-0x00007FF6C6F01000-memory.dmp	xmrig
behavioral2/memory/4364-107-0x00007FF762490000-0x00007FF762881000-memory.dmp	xmrig
behavioral2/memory/752-95-0x00007FF6B2520000-0x00007FF6B2911000-memory.dmp	xmrig
behavioral2/memory/3376-91-0x00007FF689660000-0x00007FF689A51000-memory.dmp	xmrig
behavioral2/memory/840-88-0x00007FF6C6800000-0x00007FF6C6BF1000-memory.dmp	xmrig
behavioral2/memory/2280-127-0x00007FF674B70000-0x00007FF674F61000-memory.dmp	xmrig
behavioral2/memory/4744-131-0x00007FF6127F0000-0x00007FF612BE1000-memory.dmp	xmrig
behavioral2/memory/780-159-0x00007FF6F2BD0000-0x00007FF6F2FC1000-memory.dmp	xmrig
behavioral2/memory/2880-178-0x00007FF6CF490000-0x00007FF6CF881000-memory.dmp	xmrig
behavioral2/memory/2280-251-0x00007FF674B70000-0x00007FF674F61000-memory.dmp	xmrig
behavioral2/memory/4144-167-0x00007FF6CC8D0000-0x00007FF6CCCC1000-memory.dmp	xmrig
behavioral2/memory/4828-154-0x00007FF764930000-0x00007FF764D21000-memory.dmp	xmrig
behavioral2/memory/1196-262-0x00007FF73B190000-0x00007FF73B581000-memory.dmp	xmrig
behavioral2/memory/624-539-0x00007FF7F0A30000-0x00007FF7F0E21000-memory.dmp	xmrig
behavioral2/memory/2116-527-0x00007FF76C370000-0x00007FF76C761000-memory.dmp	xmrig
behavioral2/memory/4952-638-0x00007FF71CB00000-0x00007FF71CEF1000-memory.dmp	xmrig
behavioral2/memory/3308-647-0x00007FF685C80000-0x00007FF686071000-memory.dmp	xmrig
behavioral2/memory/692-755-0x00007FF784F60000-0x00007FF785351000-memory.dmp	xmrig
behavioral2/memory/4396-762-0x00007FF622C50000-0x00007FF623041000-memory.dmp	xmrig
behavioral2/memory/2488-1003-0x00007FF71E520000-0x00007FF71E911000-memory.dmp	xmrig
behavioral2/memory/632-2055-0x00007FF7D4940000-0x00007FF7D4D31000-memory.dmp	xmrig
behavioral2/memory/4144-2058-0x00007FF6CC8D0000-0x00007FF6CCCC1000-memory.dmp	xmrig
behavioral2/memory/1792-2067-0x00007FF62C3A0000-0x00007FF62C791000-memory.dmp	xmrig
behavioral2/memory/4288-2068-0x00007FF67DC20000-0x00007FF67E011000-memory.dmp	xmrig
behavioral2/memory/2020-2070-0x00007FF60C8E0000-0x00007FF60CCD1000-memory.dmp	xmrig
behavioral2/memory/912-2088-0x00007FF760EE0000-0x00007FF7612D1000-memory.dmp	xmrig
behavioral2/memory/2116-2090-0x00007FF76C370000-0x00007FF76C761000-memory.dmp	xmrig
behavioral2/memory/840-2093-0x00007FF6C6800000-0x00007FF6C6BF1000-memory.dmp	xmrig
behavioral2/memory/1196-2094-0x00007FF73B190000-0x00007FF73B581000-memory.dmp	xmrig
behavioral2/memory/4952-2112-0x00007FF71CB00000-0x00007FF71CEF1000-memory.dmp	xmrig
behavioral2/memory/752-2118-0x00007FF6B2520000-0x00007FF6B2911000-memory.dmp	xmrig
behavioral2/memory/4364-2120-0x00007FF762490000-0x00007FF762881000-memory.dmp	xmrig
behavioral2/memory/692-2128-0x00007FF784F60000-0x00007FF785351000-memory.dmp	xmrig
behavioral2/memory/1516-2130-0x00007FF6C6B10000-0x00007FF6C6F01000-memory.dmp	xmrig
behavioral2/memory/2152-2126-0x00007FF797950000-0x00007FF797D41000-memory.dmp	xmrig
behavioral2/memory/4396-2124-0x00007FF622C50000-0x00007FF623041000-memory.dmp	xmrig
behavioral2/memory/624-2122-0x00007FF7F0A30000-0x00007FF7F0E21000-memory.dmp	xmrig
behavioral2/memory/3308-2116-0x00007FF685C80000-0x00007FF686071000-memory.dmp	xmrig
behavioral2/memory/3376-2114-0x00007FF689660000-0x00007FF689A51000-memory.dmp	xmrig
behavioral2/memory/2488-2178-0x00007FF71E520000-0x00007FF71E911000-memory.dmp	xmrig
behavioral2/memory/2880-2182-0x00007FF6CF490000-0x00007FF6CF881000-memory.dmp	xmrig
behavioral2/memory/4828-2180-0x00007FF764930000-0x00007FF764D21000-memory.dmp	xmrig
behavioral2/memory/780-2184-0x00007FF6F2BD0000-0x00007FF6F2FC1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4744	TDoSMaQ.exe
632	YyjYZox.exe
4144	UfOgJsd.exe
4288	ghkuZqE.exe
1792	LjGhnEJ.exe
2020	tvHowTv.exe
1196	QXDEwaC.exe
912	kzZqcMT.exe
2116	MmvpmRp.exe
4952	OHEtnpe.exe
3308	tMOAqqt.exe
840	NXTWHKW.exe
3376	miNhTei.exe
752	DiHflIe.exe
4364	ZCwLPfM.exe
692	lBttNEs.exe
624	UkqwbYO.exe
1516	aFHaIEy.exe
2152	PEWOQCK.exe
4396	jYkMHYF.exe
2488	UDqrknz.exe
4828	kehIHhn.exe
2880	jIufDhV.exe
780	NPfaISK.exe
3088	sqcfxrx.exe
644	BciOcsQ.exe
2920	ItoFfQo.exe
3268	wwubnIM.exe
4432	UsxdyOY.exe
3932	rnVdmCb.exe
4216	uGUfSyo.exe
452	rxfhSdq.exe
4656	DExQntu.exe
4588	ZJpTfEo.exe
656	OXPCeqE.exe
4600	XkMTFKT.exe
3484	CiOaiCE.exe
1208	VazaDBI.exe
5064	vXruPeZ.exe
1004	CyZkPrE.exe
2460	BctLJFo.exe
548	wOSDYDL.exe
3700	EvZkVsr.exe
2792	pJHMlan.exe
3224	IpghxbX.exe
1656	BWyjwWQ.exe
4200	nkWRvKc.exe
2812	dNyXSXl.exe
1676	CUTjwsj.exe
5056	BtqXxwG.exe
4108	QCyzhVy.exe
3612	ZFpKySX.exe
2200	evOFQZg.exe
1112	elaDgcu.exe
1316	LysJXbc.exe
4160	YhUcoah.exe
4376	WbunWtS.exe
1604	rGhEECV.exe
4328	EdUgOJC.exe
1964	qyQVMgk.exe
1216	sYdvCYO.exe
4204	KZeTZxl.exe
1884	yJymwBn.exe
3884	XFLIzfp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2280-0-0x00007FF674B70000-0x00007FF674F61000-memory.dmp	upx
behavioral2/files/0x00070000000235c8-11.dat	upx
behavioral2/files/0x00070000000235c9-15.dat	upx
behavioral2/files/0x00070000000235ca-23.dat	upx
behavioral2/files/0x00070000000235cb-29.dat	upx
behavioral2/files/0x00070000000235cc-34.dat	upx
behavioral2/memory/4288-37-0x00007FF67DC20000-0x00007FF67E011000-memory.dmp	upx
behavioral2/memory/2020-38-0x00007FF60C8E0000-0x00007FF60CCD1000-memory.dmp	upx
behavioral2/memory/1792-36-0x00007FF62C3A0000-0x00007FF62C791000-memory.dmp	upx
behavioral2/memory/4144-27-0x00007FF6CC8D0000-0x00007FF6CCCC1000-memory.dmp	upx
behavioral2/memory/632-18-0x00007FF7D4940000-0x00007FF7D4D31000-memory.dmp	upx
behavioral2/files/0x00080000000235c4-9.dat	upx
behavioral2/memory/4744-6-0x00007FF6127F0000-0x00007FF612BE1000-memory.dmp	upx
behavioral2/files/0x00070000000235cd-41.dat	upx
behavioral2/files/0x00070000000235d2-63.dat	upx
behavioral2/files/0x00070000000235d0-66.dat	upx
behavioral2/memory/2116-71-0x00007FF76C370000-0x00007FF76C761000-memory.dmp	upx
behavioral2/files/0x00070000000235d3-78.dat	upx
behavioral2/memory/3308-79-0x00007FF685C80000-0x00007FF686071000-memory.dmp	upx
behavioral2/memory/624-98-0x00007FF7F0A30000-0x00007FF7F0E21000-memory.dmp	upx
behavioral2/memory/912-103-0x00007FF760EE0000-0x00007FF7612D1000-memory.dmp	upx
behavioral2/files/0x00070000000235d6-109.dat	upx
behavioral2/files/0x00070000000235d8-116.dat	upx
behavioral2/memory/2152-122-0x00007FF797950000-0x00007FF797D41000-memory.dmp	upx
behavioral2/memory/4396-120-0x00007FF622C50000-0x00007FF623041000-memory.dmp	upx
behavioral2/files/0x00070000000235d9-118.dat	upx
behavioral2/memory/1516-113-0x00007FF6C6B10000-0x00007FF6C6F01000-memory.dmp	upx
behavioral2/files/0x00070000000235d7-111.dat	upx
behavioral2/memory/692-108-0x00007FF784F60000-0x00007FF785351000-memory.dmp	upx
behavioral2/files/0x00070000000235d5-114.dat	upx
behavioral2/memory/4364-107-0x00007FF762490000-0x00007FF762881000-memory.dmp	upx
behavioral2/files/0x00070000000235d4-99.dat	upx
behavioral2/memory/752-95-0x00007FF6B2520000-0x00007FF6B2911000-memory.dmp	upx
behavioral2/memory/3376-91-0x00007FF689660000-0x00007FF689A51000-memory.dmp	upx
behavioral2/memory/840-88-0x00007FF6C6800000-0x00007FF6C6BF1000-memory.dmp	upx
behavioral2/files/0x00080000000235c5-80.dat	upx
behavioral2/memory/4952-77-0x00007FF71CB00000-0x00007FF71CEF1000-memory.dmp	upx
behavioral2/files/0x00070000000235d1-76.dat	upx
behavioral2/files/0x00070000000235ce-67.dat	upx
behavioral2/memory/1196-68-0x00007FF73B190000-0x00007FF73B581000-memory.dmp	upx
behavioral2/files/0x00070000000235cf-57.dat	upx
behavioral2/files/0x00070000000235da-125.dat	upx
behavioral2/files/0x00070000000235db-128.dat	upx
behavioral2/memory/2280-127-0x00007FF674B70000-0x00007FF674F61000-memory.dmp	upx
behavioral2/files/0x00070000000235dc-142.dat	upx
behavioral2/files/0x00070000000235dd-144.dat	upx
behavioral2/files/0x00070000000235df-152.dat	upx
behavioral2/files/0x00070000000235de-149.dat	upx
behavioral2/memory/4744-131-0x00007FF6127F0000-0x00007FF612BE1000-memory.dmp	upx
behavioral2/memory/2488-130-0x00007FF71E520000-0x00007FF71E911000-memory.dmp	upx
behavioral2/memory/780-159-0x00007FF6F2BD0000-0x00007FF6F2FC1000-memory.dmp	upx
behavioral2/files/0x00070000000235e1-164.dat	upx
behavioral2/files/0x00070000000235e2-173.dat	upx
behavioral2/memory/2880-178-0x00007FF6CF490000-0x00007FF6CF881000-memory.dmp	upx
behavioral2/files/0x00070000000235e3-183.dat	upx
behavioral2/files/0x00070000000235e5-186.dat	upx
behavioral2/memory/2280-251-0x00007FF674B70000-0x00007FF674F61000-memory.dmp	upx
behavioral2/files/0x00070000000235e6-189.dat	upx
behavioral2/files/0x00070000000235e4-181.dat	upx
behavioral2/memory/4144-167-0x00007FF6CC8D0000-0x00007FF6CCCC1000-memory.dmp	upx
behavioral2/files/0x00070000000235e0-166.dat	upx
behavioral2/memory/4828-154-0x00007FF764930000-0x00007FF764D21000-memory.dmp	upx
behavioral2/memory/1196-262-0x00007FF73B190000-0x00007FF73B581000-memory.dmp	upx
behavioral2/memory/624-539-0x00007FF7F0A30000-0x00007FF7F0E21000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\yKljUti.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\RtmpnpK.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\DWmzxwn.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\tzFjVRj.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\PLvKrlU.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\RQilFij.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\IiMhwoh.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\seMQlrt.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\thlPOiV.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\JbiynyR.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\iwebzln.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\WNcyobk.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\OptxAFc.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\NIEixFa.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\gwYFYQv.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\aLFmMqw.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\IlqSXGv.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\ztQsUPv.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\SEXOhgD.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\uuZGofE.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\BPxbgDc.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\BWyjwWQ.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\UkXldkt.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\wEOOSxh.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\FedrMGQ.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\pOfKXMU.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\WVEJFrr.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\rLVlLMz.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\wLpAedF.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\VieyzjF.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\jYkMHYF.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\BIHbyyz.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\SmEjGoi.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\sCUdEoJ.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\NHBeBaY.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\SDljceH.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\BciOcsQ.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\EQGKbEA.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\ZLyMwso.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\OHEtnpe.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\aKEbtHU.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\qVcvxmn.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\HplFLvP.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\mpBtCXX.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\rPdtRlO.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\BwfGfnc.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\xpLZgYA.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\oNDvMfW.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\CnvyuNG.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\ylFGTOK.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\tGjafKV.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\urzTyex.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\qeyOEoF.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\pAgzdNa.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\HCcOGpJ.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\WfrqVVO.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\hWQbvfh.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\tvHowTv.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\YhUcoah.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\vGKdySD.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\ERQLCoM.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\RiHWnqD.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\zcWwKac.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
File created	C:\Windows\System32\oCZjbKz.exe	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13488	dwm.exe
Token: SeChangeNotifyPrivilege	13488	dwm.exe
Token: 33	13488	dwm.exe
Token: SeIncBasePriorityPrivilege	13488	dwm.exe
Token: SeShutdownPrivilege	13488	dwm.exe
Token: SeCreatePagefilePrivilege	13488	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 4744	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	91
PID 2280 wrote to memory of 4744	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	91
PID 2280 wrote to memory of 632	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	92
PID 2280 wrote to memory of 632	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	92
PID 2280 wrote to memory of 4144	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	93
PID 2280 wrote to memory of 4144	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	93
PID 2280 wrote to memory of 4288	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	94
PID 2280 wrote to memory of 4288	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	94
PID 2280 wrote to memory of 1792	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	95
PID 2280 wrote to memory of 1792	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	95
PID 2280 wrote to memory of 2020	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	96
PID 2280 wrote to memory of 2020	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	96
PID 2280 wrote to memory of 1196	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	97
PID 2280 wrote to memory of 1196	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	97
PID 2280 wrote to memory of 3308	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	98
PID 2280 wrote to memory of 3308	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	98
PID 2280 wrote to memory of 840	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	99
PID 2280 wrote to memory of 840	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	99
PID 2280 wrote to memory of 912	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	100
PID 2280 wrote to memory of 912	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	100
PID 2280 wrote to memory of 2116	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	101
PID 2280 wrote to memory of 2116	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	101
PID 2280 wrote to memory of 4952	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	102
PID 2280 wrote to memory of 4952	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	102
PID 2280 wrote to memory of 3376	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	103
PID 2280 wrote to memory of 3376	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	103
PID 2280 wrote to memory of 752	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	104
PID 2280 wrote to memory of 752	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	104
PID 2280 wrote to memory of 4364	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	105
PID 2280 wrote to memory of 4364	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	105
PID 2280 wrote to memory of 692	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	106
PID 2280 wrote to memory of 692	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	106
PID 2280 wrote to memory of 624	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	107
PID 2280 wrote to memory of 624	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	107
PID 2280 wrote to memory of 1516	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	108
PID 2280 wrote to memory of 1516	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	108
PID 2280 wrote to memory of 2152	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	110
PID 2280 wrote to memory of 2152	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	110
PID 2280 wrote to memory of 4396	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	111
PID 2280 wrote to memory of 4396	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	111
PID 2280 wrote to memory of 2488	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	112
PID 2280 wrote to memory of 2488	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	112
PID 2280 wrote to memory of 4828	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	114
PID 2280 wrote to memory of 4828	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	114
PID 2280 wrote to memory of 2880	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	115
PID 2280 wrote to memory of 2880	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	115
PID 2280 wrote to memory of 780	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	116
PID 2280 wrote to memory of 780	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	116
PID 2280 wrote to memory of 3088	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	117
PID 2280 wrote to memory of 3088	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	117
PID 2280 wrote to memory of 644	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	119
PID 2280 wrote to memory of 644	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	119
PID 2280 wrote to memory of 2920	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	120
PID 2280 wrote to memory of 2920	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	120
PID 2280 wrote to memory of 3268	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	121
PID 2280 wrote to memory of 3268	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	121
PID 2280 wrote to memory of 4432	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	122
PID 2280 wrote to memory of 4432	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	122
PID 2280 wrote to memory of 3932	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	123
PID 2280 wrote to memory of 3932	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	123
PID 2280 wrote to memory of 4216	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	124
PID 2280 wrote to memory of 4216	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	124
PID 2280 wrote to memory of 452	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	125
PID 2280 wrote to memory of 452	2280	da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe	125

C:\Users\Admin\AppData\Local\Temp\da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\da06b62527ebda59456b5a54e430bf13_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\System32\TDoSMaQ.exe
  C:\Windows\System32\TDoSMaQ.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System32\YyjYZox.exe
  C:\Windows\System32\YyjYZox.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System32\UfOgJsd.exe
  C:\Windows\System32\UfOgJsd.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System32\ghkuZqE.exe
  C:\Windows\System32\ghkuZqE.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System32\LjGhnEJ.exe
  C:\Windows\System32\LjGhnEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System32\tvHowTv.exe
  C:\Windows\System32\tvHowTv.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System32\QXDEwaC.exe
  C:\Windows\System32\QXDEwaC.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System32\tMOAqqt.exe
  C:\Windows\System32\tMOAqqt.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System32\NXTWHKW.exe
  C:\Windows\System32\NXTWHKW.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System32\kzZqcMT.exe
  C:\Windows\System32\kzZqcMT.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System32\MmvpmRp.exe
  C:\Windows\System32\MmvpmRp.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System32\OHEtnpe.exe
  C:\Windows\System32\OHEtnpe.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\miNhTei.exe
  C:\Windows\System32\miNhTei.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System32\DiHflIe.exe
  C:\Windows\System32\DiHflIe.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System32\ZCwLPfM.exe
  C:\Windows\System32\ZCwLPfM.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System32\lBttNEs.exe
  C:\Windows\System32\lBttNEs.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System32\UkqwbYO.exe
  C:\Windows\System32\UkqwbYO.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System32\aFHaIEy.exe
  C:\Windows\System32\aFHaIEy.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System32\PEWOQCK.exe
  C:\Windows\System32\PEWOQCK.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System32\jYkMHYF.exe
  C:\Windows\System32\jYkMHYF.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System32\UDqrknz.exe
  C:\Windows\System32\UDqrknz.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System32\kehIHhn.exe
  C:\Windows\System32\kehIHhn.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System32\jIufDhV.exe
  C:\Windows\System32\jIufDhV.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System32\NPfaISK.exe
  C:\Windows\System32\NPfaISK.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System32\sqcfxrx.exe
  C:\Windows\System32\sqcfxrx.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System32\BciOcsQ.exe
  C:\Windows\System32\BciOcsQ.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System32\ItoFfQo.exe
  C:\Windows\System32\ItoFfQo.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System32\wwubnIM.exe
  C:\Windows\System32\wwubnIM.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System32\UsxdyOY.exe
  C:\Windows\System32\UsxdyOY.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System32\rnVdmCb.exe
  C:\Windows\System32\rnVdmCb.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System32\uGUfSyo.exe
  C:\Windows\System32\uGUfSyo.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System32\rxfhSdq.exe
  C:\Windows\System32\rxfhSdq.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System32\DExQntu.exe
  C:\Windows\System32\DExQntu.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System32\ZJpTfEo.exe
  C:\Windows\System32\ZJpTfEo.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System32\OXPCeqE.exe
  C:\Windows\System32\OXPCeqE.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System32\XkMTFKT.exe
  C:\Windows\System32\XkMTFKT.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System32\CiOaiCE.exe
  C:\Windows\System32\CiOaiCE.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System32\VazaDBI.exe
  C:\Windows\System32\VazaDBI.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System32\vXruPeZ.exe
  C:\Windows\System32\vXruPeZ.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System32\CyZkPrE.exe
  C:\Windows\System32\CyZkPrE.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System32\BctLJFo.exe
  C:\Windows\System32\BctLJFo.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System32\wOSDYDL.exe
  C:\Windows\System32\wOSDYDL.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System32\EvZkVsr.exe
  C:\Windows\System32\EvZkVsr.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System32\pJHMlan.exe
  C:\Windows\System32\pJHMlan.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System32\IpghxbX.exe
  C:\Windows\System32\IpghxbX.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System32\BWyjwWQ.exe
  C:\Windows\System32\BWyjwWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System32\nkWRvKc.exe
  C:\Windows\System32\nkWRvKc.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System32\dNyXSXl.exe
  C:\Windows\System32\dNyXSXl.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System32\CUTjwsj.exe
  C:\Windows\System32\CUTjwsj.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System32\BtqXxwG.exe
  C:\Windows\System32\BtqXxwG.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System32\QCyzhVy.exe
  C:\Windows\System32\QCyzhVy.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System32\ZFpKySX.exe
  C:\Windows\System32\ZFpKySX.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System32\evOFQZg.exe
  C:\Windows\System32\evOFQZg.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System32\elaDgcu.exe
  C:\Windows\System32\elaDgcu.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System32\LysJXbc.exe
  C:\Windows\System32\LysJXbc.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System32\YhUcoah.exe
  C:\Windows\System32\YhUcoah.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System32\WbunWtS.exe
  C:\Windows\System32\WbunWtS.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System32\rGhEECV.exe
  C:\Windows\System32\rGhEECV.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System32\EdUgOJC.exe
  C:\Windows\System32\EdUgOJC.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System32\qyQVMgk.exe
  C:\Windows\System32\qyQVMgk.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System32\sYdvCYO.exe
  C:\Windows\System32\sYdvCYO.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System32\KZeTZxl.exe
  C:\Windows\System32\KZeTZxl.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System32\yJymwBn.exe
  C:\Windows\System32\yJymwBn.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System32\XFLIzfp.exe
  C:\Windows\System32\XFLIzfp.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System32\fePsEKK.exe
  C:\Windows\System32\fePsEKK.exe
  2⤵
  PID:2948
- C:\Windows\System32\AbjrkAS.exe
  C:\Windows\System32\AbjrkAS.exe
  2⤵
  PID:4520
- C:\Windows\System32\mtlEaJs.exe
  C:\Windows\System32\mtlEaJs.exe
  2⤵
  PID:2352
- C:\Windows\System32\vLdCjpc.exe
  C:\Windows\System32\vLdCjpc.exe
  2⤵
  PID:4764
- C:\Windows\System32\mzbWzxU.exe
  C:\Windows\System32\mzbWzxU.exe
  2⤵
  PID:4844
- C:\Windows\System32\encSzRi.exe
  C:\Windows\System32\encSzRi.exe
  2⤵
  PID:3428
- C:\Windows\System32\XfaAzYA.exe
  C:\Windows\System32\XfaAzYA.exe
  2⤵
  PID:392
- C:\Windows\System32\yIwLMuC.exe
  C:\Windows\System32\yIwLMuC.exe
  2⤵
  PID:32
- C:\Windows\System32\PhMQaTE.exe
  C:\Windows\System32\PhMQaTE.exe
  2⤵
  PID:5132
- C:\Windows\System32\WAtmZle.exe
  C:\Windows\System32\WAtmZle.exe
  2⤵
  PID:5156
- C:\Windows\System32\tGjafKV.exe
  C:\Windows\System32\tGjafKV.exe
  2⤵
  PID:5232
- C:\Windows\System32\NGZwwtA.exe
  C:\Windows\System32\NGZwwtA.exe
  2⤵
  PID:5248
- C:\Windows\System32\wyzJiSP.exe
  C:\Windows\System32\wyzJiSP.exe
  2⤵
  PID:5272
- C:\Windows\System32\xvqrCTH.exe
  C:\Windows\System32\xvqrCTH.exe
  2⤵
  PID:5292
- C:\Windows\System32\Ayfovdo.exe
  C:\Windows\System32\Ayfovdo.exe
  2⤵
  PID:5312
- C:\Windows\System32\ogmXlft.exe
  C:\Windows\System32\ogmXlft.exe
  2⤵
  PID:5332
- C:\Windows\System32\fBndaHX.exe
  C:\Windows\System32\fBndaHX.exe
  2⤵
  PID:5356
- C:\Windows\System32\cVdneGC.exe
  C:\Windows\System32\cVdneGC.exe
  2⤵
  PID:5372
- C:\Windows\System32\uMdqrbP.exe
  C:\Windows\System32\uMdqrbP.exe
  2⤵
  PID:5408
- C:\Windows\System32\SstFpct.exe
  C:\Windows\System32\SstFpct.exe
  2⤵
  PID:5440
- C:\Windows\System32\oeNIztY.exe
  C:\Windows\System32\oeNIztY.exe
  2⤵
  PID:5456
- C:\Windows\System32\saFepvM.exe
  C:\Windows\System32\saFepvM.exe
  2⤵
  PID:5544
- C:\Windows\System32\SmEjGoi.exe
  C:\Windows\System32\SmEjGoi.exe
  2⤵
  PID:5560
- C:\Windows\System32\BmzLCod.exe
  C:\Windows\System32\BmzLCod.exe
  2⤵
  PID:5584
- C:\Windows\System32\lqQlogG.exe
  C:\Windows\System32\lqQlogG.exe
  2⤵
  PID:5616
- C:\Windows\System32\riodNAS.exe
  C:\Windows\System32\riodNAS.exe
  2⤵
  PID:5648
- C:\Windows\System32\ScLAhQj.exe
  C:\Windows\System32\ScLAhQj.exe
  2⤵
  PID:5692
- C:\Windows\System32\rphqksd.exe
  C:\Windows\System32\rphqksd.exe
  2⤵
  PID:5708
- C:\Windows\System32\AEJvkQv.exe
  C:\Windows\System32\AEJvkQv.exe
  2⤵
  PID:5752
- C:\Windows\System32\xqSKmpT.exe
  C:\Windows\System32\xqSKmpT.exe
  2⤵
  PID:5792
- C:\Windows\System32\vfYbsrq.exe
  C:\Windows\System32\vfYbsrq.exe
  2⤵
  PID:5808
- C:\Windows\System32\EiobxgJ.exe
  C:\Windows\System32\EiobxgJ.exe
  2⤵
  PID:5832
- C:\Windows\System32\iwebzln.exe
  C:\Windows\System32\iwebzln.exe
  2⤵
  PID:5872
- C:\Windows\System32\tjHcGCV.exe
  C:\Windows\System32\tjHcGCV.exe
  2⤵
  PID:5896
- C:\Windows\System32\kCovcFr.exe
  C:\Windows\System32\kCovcFr.exe
  2⤵
  PID:5916
- C:\Windows\System32\ddXXaeV.exe
  C:\Windows\System32\ddXXaeV.exe
  2⤵
  PID:5936
- C:\Windows\System32\WNcyobk.exe
  C:\Windows\System32\WNcyobk.exe
  2⤵
  PID:5952
- C:\Windows\System32\hhqIOAR.exe
  C:\Windows\System32\hhqIOAR.exe
  2⤵
  PID:5980
- C:\Windows\System32\jNBPMMc.exe
  C:\Windows\System32\jNBPMMc.exe
  2⤵
  PID:6004
- C:\Windows\System32\zGhlKJX.exe
  C:\Windows\System32\zGhlKJX.exe
  2⤵
  PID:6084
- C:\Windows\System32\MXVTxNL.exe
  C:\Windows\System32\MXVTxNL.exe
  2⤵
  PID:6108
- C:\Windows\System32\vuOqIcM.exe
  C:\Windows\System32\vuOqIcM.exe
  2⤵
  PID:6124
- C:\Windows\System32\PZOjFRX.exe
  C:\Windows\System32\PZOjFRX.exe
  2⤵
  PID:4416
- C:\Windows\System32\NCaZotx.exe
  C:\Windows\System32\NCaZotx.exe
  2⤵
  PID:2320
- C:\Windows\System32\BmXiRxQ.exe
  C:\Windows\System32\BmXiRxQ.exe
  2⤵
  PID:5240
- C:\Windows\System32\QNnqyre.exe
  C:\Windows\System32\QNnqyre.exe
  2⤵
  PID:5308
- C:\Windows\System32\ojSSKhy.exe
  C:\Windows\System32\ojSSKhy.exe
  2⤵
  PID:5340
- C:\Windows\System32\qqXAxRE.exe
  C:\Windows\System32\qqXAxRE.exe
  2⤵
  PID:5388
- C:\Windows\System32\fceofHu.exe
  C:\Windows\System32\fceofHu.exe
  2⤵
  PID:5492
- C:\Windows\System32\jBDWznF.exe
  C:\Windows\System32\jBDWznF.exe
  2⤵
  PID:5572
- C:\Windows\System32\bjfcBzO.exe
  C:\Windows\System32\bjfcBzO.exe
  2⤵
  PID:5700
- C:\Windows\System32\bxbEAza.exe
  C:\Windows\System32\bxbEAza.exe
  2⤵
  PID:5728
- C:\Windows\System32\FQBhJWK.exe
  C:\Windows\System32\FQBhJWK.exe
  2⤵
  PID:5800
- C:\Windows\System32\VyaAeGm.exe
  C:\Windows\System32\VyaAeGm.exe
  2⤵
  PID:5892
- C:\Windows\System32\yKljUti.exe
  C:\Windows\System32\yKljUti.exe
  2⤵
  PID:5976
- C:\Windows\System32\IlqSXGv.exe
  C:\Windows\System32\IlqSXGv.exe
  2⤵
  PID:6048
- C:\Windows\System32\NQBvWJI.exe
  C:\Windows\System32\NQBvWJI.exe
  2⤵
  PID:3068
- C:\Windows\System32\fPoSMhp.exe
  C:\Windows\System32\fPoSMhp.exe
  2⤵
  PID:884
- C:\Windows\System32\HrwWqkj.exe
  C:\Windows\System32\HrwWqkj.exe
  2⤵
  PID:5280
- C:\Windows\System32\BwfGfnc.exe
  C:\Windows\System32\BwfGfnc.exe
  2⤵
  PID:5452
- C:\Windows\System32\UkXldkt.exe
  C:\Windows\System32\UkXldkt.exe
  2⤵
  PID:5568
- C:\Windows\System32\MhmNvXC.exe
  C:\Windows\System32\MhmNvXC.exe
  2⤵
  PID:5736
- C:\Windows\System32\uhkKKbj.exe
  C:\Windows\System32\uhkKKbj.exe
  2⤵
  PID:5764
- C:\Windows\System32\GBNCQuC.exe
  C:\Windows\System32\GBNCQuC.exe
  2⤵
  PID:6104
- C:\Windows\System32\JxBzcDm.exe
  C:\Windows\System32\JxBzcDm.exe
  2⤵
  PID:5676
- C:\Windows\System32\DAMZYgR.exe
  C:\Windows\System32\DAMZYgR.exe
  2⤵
  PID:732
- C:\Windows\System32\MlgTpdD.exe
  C:\Windows\System32\MlgTpdD.exe
  2⤵
  PID:5656
- C:\Windows\System32\InlqoVI.exe
  C:\Windows\System32\InlqoVI.exe
  2⤵
  PID:6148
- C:\Windows\System32\cRFBQRB.exe
  C:\Windows\System32\cRFBQRB.exe
  2⤵
  PID:6164
- C:\Windows\System32\FehEeQy.exe
  C:\Windows\System32\FehEeQy.exe
  2⤵
  PID:6180
- C:\Windows\System32\PqvoucL.exe
  C:\Windows\System32\PqvoucL.exe
  2⤵
  PID:6196
- C:\Windows\System32\vFdJkmM.exe
  C:\Windows\System32\vFdJkmM.exe
  2⤵
  PID:6212
- C:\Windows\System32\nqkdAyv.exe
  C:\Windows\System32\nqkdAyv.exe
  2⤵
  PID:6244
- C:\Windows\System32\sflkPNc.exe
  C:\Windows\System32\sflkPNc.exe
  2⤵
  PID:6268
- C:\Windows\System32\uiIsJDv.exe
  C:\Windows\System32\uiIsJDv.exe
  2⤵
  PID:6292
- C:\Windows\System32\ZQDrpSm.exe
  C:\Windows\System32\ZQDrpSm.exe
  2⤵
  PID:6308
- C:\Windows\System32\dspDSeX.exe
  C:\Windows\System32\dspDSeX.exe
  2⤵
  PID:6396
- C:\Windows\System32\lPfTeve.exe
  C:\Windows\System32\lPfTeve.exe
  2⤵
  PID:6448
- C:\Windows\System32\YmAtqQA.exe
  C:\Windows\System32\YmAtqQA.exe
  2⤵
  PID:6468
- C:\Windows\System32\rYrKTkO.exe
  C:\Windows\System32\rYrKTkO.exe
  2⤵
  PID:6484
- C:\Windows\System32\bsLHswM.exe
  C:\Windows\System32\bsLHswM.exe
  2⤵
  PID:6504
- C:\Windows\System32\aKEbtHU.exe
  C:\Windows\System32\aKEbtHU.exe
  2⤵
  PID:6536
- C:\Windows\System32\YlscXmy.exe
  C:\Windows\System32\YlscXmy.exe
  2⤵
  PID:6568
- C:\Windows\System32\QbgmraC.exe
  C:\Windows\System32\QbgmraC.exe
  2⤵
  PID:6628
- C:\Windows\System32\odYAeqS.exe
  C:\Windows\System32\odYAeqS.exe
  2⤵
  PID:6644
- C:\Windows\System32\pivDDBy.exe
  C:\Windows\System32\pivDDBy.exe
  2⤵
  PID:6668
- C:\Windows\System32\pmsvdIE.exe
  C:\Windows\System32\pmsvdIE.exe
  2⤵
  PID:6684
- C:\Windows\System32\wfbiNdb.exe
  C:\Windows\System32\wfbiNdb.exe
  2⤵
  PID:6700
- C:\Windows\System32\gtimFbZ.exe
  C:\Windows\System32\gtimFbZ.exe
  2⤵
  PID:6788
- C:\Windows\System32\QlMOQLM.exe
  C:\Windows\System32\QlMOQLM.exe
  2⤵
  PID:6820
- C:\Windows\System32\jJHGUTt.exe
  C:\Windows\System32\jJHGUTt.exe
  2⤵
  PID:6856
- C:\Windows\System32\mtuJcSG.exe
  C:\Windows\System32\mtuJcSG.exe
  2⤵
  PID:6876
- C:\Windows\System32\oYJuXSW.exe
  C:\Windows\System32\oYJuXSW.exe
  2⤵
  PID:6900
- C:\Windows\System32\wEOOSxh.exe
  C:\Windows\System32\wEOOSxh.exe
  2⤵
  PID:6936
- C:\Windows\System32\urzTyex.exe
  C:\Windows\System32\urzTyex.exe
  2⤵
  PID:6960
- C:\Windows\System32\wpjkpHf.exe
  C:\Windows\System32\wpjkpHf.exe
  2⤵
  PID:6976
- C:\Windows\System32\GChFDLl.exe
  C:\Windows\System32\GChFDLl.exe
  2⤵
  PID:6996
- C:\Windows\System32\AJCTfiH.exe
  C:\Windows\System32\AJCTfiH.exe
  2⤵
  PID:7032
- C:\Windows\System32\FedrMGQ.exe
  C:\Windows\System32\FedrMGQ.exe
  2⤵
  PID:7056
- C:\Windows\System32\RVgnDzQ.exe
  C:\Windows\System32\RVgnDzQ.exe
  2⤵
  PID:7096
- C:\Windows\System32\GRyYVXf.exe
  C:\Windows\System32\GRyYVXf.exe
  2⤵
  PID:7132
- C:\Windows\System32\OkEmYrX.exe
  C:\Windows\System32\OkEmYrX.exe
  2⤵
  PID:7160
- C:\Windows\System32\MZiVNuf.exe
  C:\Windows\System32\MZiVNuf.exe
  2⤵
  PID:6208
- C:\Windows\System32\LMNsPSl.exe
  C:\Windows\System32\LMNsPSl.exe
  2⤵
  PID:6156
- C:\Windows\System32\AJwKJOS.exe
  C:\Windows\System32\AJwKJOS.exe
  2⤵
  PID:6304
- C:\Windows\System32\zcnXhDD.exe
  C:\Windows\System32\zcnXhDD.exe
  2⤵
  PID:6364
- C:\Windows\System32\TcuRPon.exe
  C:\Windows\System32\TcuRPon.exe
  2⤵
  PID:6332
- C:\Windows\System32\KZQyPdf.exe
  C:\Windows\System32\KZQyPdf.exe
  2⤵
  PID:6388
- C:\Windows\System32\qYIJmTf.exe
  C:\Windows\System32\qYIJmTf.exe
  2⤵
  PID:6500
- C:\Windows\System32\ZewYMhw.exe
  C:\Windows\System32\ZewYMhw.exe
  2⤵
  PID:6456
- C:\Windows\System32\YqJDpQF.exe
  C:\Windows\System32\YqJDpQF.exe
  2⤵
  PID:6564
- C:\Windows\System32\mRhDlKS.exe
  C:\Windows\System32\mRhDlKS.exe
  2⤵
  PID:6676
- C:\Windows\System32\GnvRWAO.exe
  C:\Windows\System32\GnvRWAO.exe
  2⤵
  PID:6776
- C:\Windows\System32\BOUSgei.exe
  C:\Windows\System32\BOUSgei.exe
  2⤵
  PID:6840
- C:\Windows\System32\FgJbKIk.exe
  C:\Windows\System32\FgJbKIk.exe
  2⤵
  PID:6872
- C:\Windows\System32\YMshepF.exe
  C:\Windows\System32\YMshepF.exe
  2⤵
  PID:6916
- C:\Windows\System32\zqgADby.exe
  C:\Windows\System32\zqgADby.exe
  2⤵
  PID:7024
- C:\Windows\System32\RtmpnpK.exe
  C:\Windows\System32\RtmpnpK.exe
  2⤵
  PID:5576
- C:\Windows\System32\PsAFVTs.exe
  C:\Windows\System32\PsAFVTs.exe
  2⤵
  PID:7148
- C:\Windows\System32\vSgvPBw.exe
  C:\Windows\System32\vSgvPBw.exe
  2⤵
  PID:6228
- C:\Windows\System32\pkvqKiO.exe
  C:\Windows\System32\pkvqKiO.exe
  2⤵
  PID:6232
- C:\Windows\System32\ydoqOMP.exe
  C:\Windows\System32\ydoqOMP.exe
  2⤵
  PID:5404
- C:\Windows\System32\KPAuQTm.exe
  C:\Windows\System32\KPAuQTm.exe
  2⤵
  PID:6636
- C:\Windows\System32\mKbrdDe.exe
  C:\Windows\System32\mKbrdDe.exe
  2⤵
  PID:6744
- C:\Windows\System32\kVaSmPm.exe
  C:\Windows\System32\kVaSmPm.exe
  2⤵
  PID:6920
- C:\Windows\System32\IJpodJQ.exe
  C:\Windows\System32\IJpodJQ.exe
  2⤵
  PID:6984
- C:\Windows\System32\skUfUOA.exe
  C:\Windows\System32\skUfUOA.exe
  2⤵
  PID:7156
- C:\Windows\System32\sCUdEoJ.exe
  C:\Windows\System32\sCUdEoJ.exe
  2⤵
  PID:6832
- C:\Windows\System32\FfOJcNS.exe
  C:\Windows\System32\FfOJcNS.exe
  2⤵
  PID:6188
- C:\Windows\System32\ivVxRKf.exe
  C:\Windows\System32\ivVxRKf.exe
  2⤵
  PID:6220
- C:\Windows\System32\ZaoPyUI.exe
  C:\Windows\System32\ZaoPyUI.exe
  2⤵
  PID:6868
- C:\Windows\System32\rjvidDV.exe
  C:\Windows\System32\rjvidDV.exe
  2⤵
  PID:7188
- C:\Windows\System32\enDujFd.exe
  C:\Windows\System32\enDujFd.exe
  2⤵
  PID:7236
- C:\Windows\System32\JZAzVNK.exe
  C:\Windows\System32\JZAzVNK.exe
  2⤵
  PID:7260
- C:\Windows\System32\NEkoBli.exe
  C:\Windows\System32\NEkoBli.exe
  2⤵
  PID:7280
- C:\Windows\System32\zbIlyxm.exe
  C:\Windows\System32\zbIlyxm.exe
  2⤵
  PID:7332
- C:\Windows\System32\kemXyJf.exe
  C:\Windows\System32\kemXyJf.exe
  2⤵
  PID:7356
- C:\Windows\System32\VYeEDQA.exe
  C:\Windows\System32\VYeEDQA.exe
  2⤵
  PID:7372
- C:\Windows\System32\jAVZiWb.exe
  C:\Windows\System32\jAVZiWb.exe
  2⤵
  PID:7400
- C:\Windows\System32\TJRKphw.exe
  C:\Windows\System32\TJRKphw.exe
  2⤵
  PID:7428
- C:\Windows\System32\eeQPMUV.exe
  C:\Windows\System32\eeQPMUV.exe
  2⤵
  PID:7460
- C:\Windows\System32\TOqQtfd.exe
  C:\Windows\System32\TOqQtfd.exe
  2⤵
  PID:7496
- C:\Windows\System32\eUoKBhZ.exe
  C:\Windows\System32\eUoKBhZ.exe
  2⤵
  PID:7524
- C:\Windows\System32\FBFcXhh.exe
  C:\Windows\System32\FBFcXhh.exe
  2⤵
  PID:7544
- C:\Windows\System32\JftkTlv.exe
  C:\Windows\System32\JftkTlv.exe
  2⤵
  PID:7560
- C:\Windows\System32\wMPkyTR.exe
  C:\Windows\System32\wMPkyTR.exe
  2⤵
  PID:7584
- C:\Windows\System32\WDcEdJj.exe
  C:\Windows\System32\WDcEdJj.exe
  2⤵
  PID:7616
- C:\Windows\System32\DWmzxwn.exe
  C:\Windows\System32\DWmzxwn.exe
  2⤵
  PID:7644
- C:\Windows\System32\QifKcio.exe
  C:\Windows\System32\QifKcio.exe
  2⤵
  PID:7660
- C:\Windows\System32\QdDMIhU.exe
  C:\Windows\System32\QdDMIhU.exe
  2⤵
  PID:7684
- C:\Windows\System32\vinLniu.exe
  C:\Windows\System32\vinLniu.exe
  2⤵
  PID:7700
- C:\Windows\System32\sUXgKar.exe
  C:\Windows\System32\sUXgKar.exe
  2⤵
  PID:7728
- C:\Windows\System32\hLLwbvI.exe
  C:\Windows\System32\hLLwbvI.exe
  2⤵
  PID:7768
- C:\Windows\System32\xdcNhAb.exe
  C:\Windows\System32\xdcNhAb.exe
  2⤵
  PID:7820
- C:\Windows\System32\cPvRVhF.exe
  C:\Windows\System32\cPvRVhF.exe
  2⤵
  PID:7860
- C:\Windows\System32\EMuElcE.exe
  C:\Windows\System32\EMuElcE.exe
  2⤵
  PID:7900
- C:\Windows\System32\QmuYFyT.exe
  C:\Windows\System32\QmuYFyT.exe
  2⤵
  PID:7924
- C:\Windows\System32\VxozFqj.exe
  C:\Windows\System32\VxozFqj.exe
  2⤵
  PID:7964
- C:\Windows\System32\DCVYbRE.exe
  C:\Windows\System32\DCVYbRE.exe
  2⤵
  PID:7984
- C:\Windows\System32\EQGKbEA.exe
  C:\Windows\System32\EQGKbEA.exe
  2⤵
  PID:8000
- C:\Windows\System32\BIHbyyz.exe
  C:\Windows\System32\BIHbyyz.exe
  2⤵
  PID:8060
- C:\Windows\System32\KgNMOeR.exe
  C:\Windows\System32\KgNMOeR.exe
  2⤵
  PID:8076
- C:\Windows\System32\OkfEVPR.exe
  C:\Windows\System32\OkfEVPR.exe
  2⤵
  PID:8092
- C:\Windows\System32\uUXMgZs.exe
  C:\Windows\System32\uUXMgZs.exe
  2⤵
  PID:8128
- C:\Windows\System32\WOdgWKw.exe
  C:\Windows\System32\WOdgWKw.exe
  2⤵
  PID:8156
- C:\Windows\System32\SpkBDoq.exe
  C:\Windows\System32\SpkBDoq.exe
  2⤵
  PID:8184
- C:\Windows\System32\HpRPxqG.exe
  C:\Windows\System32\HpRPxqG.exe
  2⤵
  PID:6284
- C:\Windows\System32\bzyJNWm.exe
  C:\Windows\System32\bzyJNWm.exe
  2⤵
  PID:6800
- C:\Windows\System32\TTuSlQe.exe
  C:\Windows\System32\TTuSlQe.exe
  2⤵
  PID:7276
- C:\Windows\System32\OvwvguI.exe
  C:\Windows\System32\OvwvguI.exe
  2⤵
  PID:7348
- C:\Windows\System32\lFkhubo.exe
  C:\Windows\System32\lFkhubo.exe
  2⤵
  PID:7436
- C:\Windows\System32\pkBjNCy.exe
  C:\Windows\System32\pkBjNCy.exe
  2⤵
  PID:6848
- C:\Windows\System32\nrRGBDF.exe
  C:\Windows\System32\nrRGBDF.exe
  2⤵
  PID:7568
- C:\Windows\System32\LnXzBFT.exe
  C:\Windows\System32\LnXzBFT.exe
  2⤵
  PID:7608
- C:\Windows\System32\EMGFAtt.exe
  C:\Windows\System32\EMGFAtt.exe
  2⤵
  PID:7744
- C:\Windows\System32\ydvAESi.exe
  C:\Windows\System32\ydvAESi.exe
  2⤵
  PID:7752
- C:\Windows\System32\PRGnEKS.exe
  C:\Windows\System32\PRGnEKS.exe
  2⤵
  PID:7812
- C:\Windows\System32\vpWZqYL.exe
  C:\Windows\System32\vpWZqYL.exe
  2⤵
  PID:7876
- C:\Windows\System32\LLnUwNR.exe
  C:\Windows\System32\LLnUwNR.exe
  2⤵
  PID:7948
- C:\Windows\System32\pOfKXMU.exe
  C:\Windows\System32\pOfKXMU.exe
  2⤵
  PID:7992
- C:\Windows\System32\cikBQvd.exe
  C:\Windows\System32\cikBQvd.exe
  2⤵
  PID:8072
- C:\Windows\System32\DnErNRy.exe
  C:\Windows\System32\DnErNRy.exe
  2⤵
  PID:8108
- C:\Windows\System32\JJGTFnH.exe
  C:\Windows\System32\JJGTFnH.exe
  2⤵
  PID:6376
- C:\Windows\System32\CZXVNXT.exe
  C:\Windows\System32\CZXVNXT.exe
  2⤵
  PID:7220
- C:\Windows\System32\CwvONZV.exe
  C:\Windows\System32\CwvONZV.exe
  2⤵
  PID:7304
- C:\Windows\System32\NAxMFxE.exe
  C:\Windows\System32\NAxMFxE.exe
  2⤵
  PID:7364
- C:\Windows\System32\JfZRwFj.exe
  C:\Windows\System32\JfZRwFj.exe
  2⤵
  PID:7668
- C:\Windows\System32\UaLkbcI.exe
  C:\Windows\System32\UaLkbcI.exe
  2⤵
  PID:7784
- C:\Windows\System32\rrphgRD.exe
  C:\Windows\System32\rrphgRD.exe
  2⤵
  PID:7976
- C:\Windows\System32\qQnvWdS.exe
  C:\Windows\System32\qQnvWdS.exe
  2⤵
  PID:7960
- C:\Windows\System32\zjyXZDm.exe
  C:\Windows\System32\zjyXZDm.exe
  2⤵
  PID:7272
- C:\Windows\System32\WwfzQpH.exe
  C:\Windows\System32\WwfzQpH.exe
  2⤵
  PID:7476
- C:\Windows\System32\WsNbrMG.exe
  C:\Windows\System32\WsNbrMG.exe
  2⤵
  PID:7636
- C:\Windows\System32\NvrDFEE.exe
  C:\Windows\System32\NvrDFEE.exe
  2⤵
  PID:6816
- C:\Windows\System32\CgwCkXP.exe
  C:\Windows\System32\CgwCkXP.exe
  2⤵
  PID:8196
- C:\Windows\System32\PmEjhhD.exe
  C:\Windows\System32\PmEjhhD.exe
  2⤵
  PID:8212
- C:\Windows\System32\LHKazcz.exe
  C:\Windows\System32\LHKazcz.exe
  2⤵
  PID:8236
- C:\Windows\System32\vGKdySD.exe
  C:\Windows\System32\vGKdySD.exe
  2⤵
  PID:8296
- C:\Windows\System32\dJywXoi.exe
  C:\Windows\System32\dJywXoi.exe
  2⤵
  PID:8328
- C:\Windows\System32\HbbTxWq.exe
  C:\Windows\System32\HbbTxWq.exe
  2⤵
  PID:8348
- C:\Windows\System32\XVHFLWw.exe
  C:\Windows\System32\XVHFLWw.exe
  2⤵
  PID:8372
- C:\Windows\System32\qVcvxmn.exe
  C:\Windows\System32\qVcvxmn.exe
  2⤵
  PID:8424
- C:\Windows\System32\MjTgwMa.exe
  C:\Windows\System32\MjTgwMa.exe
  2⤵
  PID:8440
- C:\Windows\System32\XKBNJwv.exe
  C:\Windows\System32\XKBNJwv.exe
  2⤵
  PID:8468
- C:\Windows\System32\imjOMmG.exe
  C:\Windows\System32\imjOMmG.exe
  2⤵
  PID:8492
- C:\Windows\System32\OptxAFc.exe
  C:\Windows\System32\OptxAFc.exe
  2⤵
  PID:8544
- C:\Windows\System32\mZeAHmz.exe
  C:\Windows\System32\mZeAHmz.exe
  2⤵
  PID:8564
- C:\Windows\System32\HcjRIFO.exe
  C:\Windows\System32\HcjRIFO.exe
  2⤵
  PID:8592
- C:\Windows\System32\UpmOhYF.exe
  C:\Windows\System32\UpmOhYF.exe
  2⤵
  PID:8620
- C:\Windows\System32\OfDslHI.exe
  C:\Windows\System32\OfDslHI.exe
  2⤵
  PID:8636
- C:\Windows\System32\EDtuAHH.exe
  C:\Windows\System32\EDtuAHH.exe
  2⤵
  PID:8652
- C:\Windows\System32\bgHxaYZ.exe
  C:\Windows\System32\bgHxaYZ.exe
  2⤵
  PID:8700
- C:\Windows\System32\MVMNvOI.exe
  C:\Windows\System32\MVMNvOI.exe
  2⤵
  PID:8732
- C:\Windows\System32\ZXHeBif.exe
  C:\Windows\System32\ZXHeBif.exe
  2⤵
  PID:8752
- C:\Windows\System32\KtkfhAl.exe
  C:\Windows\System32\KtkfhAl.exe
  2⤵
  PID:8772
- C:\Windows\System32\bvFzJtp.exe
  C:\Windows\System32\bvFzJtp.exe
  2⤵
  PID:8792
- C:\Windows\System32\EgbCEsn.exe
  C:\Windows\System32\EgbCEsn.exe
  2⤵
  PID:8808
- C:\Windows\System32\mzxivlO.exe
  C:\Windows\System32\mzxivlO.exe
  2⤵
  PID:8868
- C:\Windows\System32\MzQefyI.exe
  C:\Windows\System32\MzQefyI.exe
  2⤵
  PID:8896
- C:\Windows\System32\LiBTVAS.exe
  C:\Windows\System32\LiBTVAS.exe
  2⤵
  PID:8924
- C:\Windows\System32\jBwEoCW.exe
  C:\Windows\System32\jBwEoCW.exe
  2⤵
  PID:8952
- C:\Windows\System32\LhNAEBi.exe
  C:\Windows\System32\LhNAEBi.exe
  2⤵
  PID:8984
- C:\Windows\System32\FoxMNCE.exe
  C:\Windows\System32\FoxMNCE.exe
  2⤵
  PID:9008
- C:\Windows\System32\wJtHDlz.exe
  C:\Windows\System32\wJtHDlz.exe
  2⤵
  PID:9024
- C:\Windows\System32\NIEixFa.exe
  C:\Windows\System32\NIEixFa.exe
  2⤵
  PID:9048
- C:\Windows\System32\thlPOiV.exe
  C:\Windows\System32\thlPOiV.exe
  2⤵
  PID:9064
- C:\Windows\System32\jCKkIXL.exe
  C:\Windows\System32\jCKkIXL.exe
  2⤵
  PID:9080
- C:\Windows\System32\ZLyMwso.exe
  C:\Windows\System32\ZLyMwso.exe
  2⤵
  PID:9144
- C:\Windows\System32\ydUXOpj.exe
  C:\Windows\System32\ydUXOpj.exe
  2⤵
  PID:9180
- C:\Windows\System32\bejXkTF.exe
  C:\Windows\System32\bejXkTF.exe
  2⤵
  PID:7696
- C:\Windows\System32\IovmJTn.exe
  C:\Windows\System32\IovmJTn.exe
  2⤵
  PID:8220
- C:\Windows\System32\HHPQFpV.exe
  C:\Windows\System32\HHPQFpV.exe
  2⤵
  PID:8320
- C:\Windows\System32\SIKiwbX.exe
  C:\Windows\System32\SIKiwbX.exe
  2⤵
  PID:8360
- C:\Windows\System32\cSOFVQY.exe
  C:\Windows\System32\cSOFVQY.exe
  2⤵
  PID:8380
- C:\Windows\System32\EqafHFh.exe
  C:\Windows\System32\EqafHFh.exe
  2⤵
  PID:8464
- C:\Windows\System32\JOtUnIB.exe
  C:\Windows\System32\JOtUnIB.exe
  2⤵
  PID:8504
- C:\Windows\System32\rnbqRmp.exe
  C:\Windows\System32\rnbqRmp.exe
  2⤵
  PID:8532
- C:\Windows\System32\DHoiaJj.exe
  C:\Windows\System32\DHoiaJj.exe
  2⤵
  PID:8648
- C:\Windows\System32\PlBOGAl.exe
  C:\Windows\System32\PlBOGAl.exe
  2⤵
  PID:8740
- C:\Windows\System32\GSCbUCJ.exe
  C:\Windows\System32\GSCbUCJ.exe
  2⤵
  PID:8788
- C:\Windows\System32\ZehIiiz.exe
  C:\Windows\System32\ZehIiiz.exe
  2⤵
  PID:8884
- C:\Windows\System32\UhQRNVF.exe
  C:\Windows\System32\UhQRNVF.exe
  2⤵
  PID:8912
- C:\Windows\System32\ZHODhxF.exe
  C:\Windows\System32\ZHODhxF.exe
  2⤵
  PID:8996
- C:\Windows\System32\RfNQAwB.exe
  C:\Windows\System32\RfNQAwB.exe
  2⤵
  PID:9060
- C:\Windows\System32\WiNUpGq.exe
  C:\Windows\System32\WiNUpGq.exe
  2⤵
  PID:9100
- C:\Windows\System32\WVEJFrr.exe
  C:\Windows\System32\WVEJFrr.exe
  2⤵
  PID:9088
- C:\Windows\System32\BOvKRcW.exe
  C:\Windows\System32\BOvKRcW.exe
  2⤵
  PID:9204
- C:\Windows\System32\BwXuUAB.exe
  C:\Windows\System32\BwXuUAB.exe
  2⤵
  PID:8276
- C:\Windows\System32\qeyOEoF.exe
  C:\Windows\System32\qeyOEoF.exe
  2⤵
  PID:8452
- C:\Windows\System32\bEesKKQ.exe
  C:\Windows\System32\bEesKKQ.exe
  2⤵
  PID:2080
- C:\Windows\System32\nxSltRH.exe
  C:\Windows\System32\nxSltRH.exe
  2⤵
  PID:8672
- C:\Windows\System32\cyZqFTy.exe
  C:\Windows\System32\cyZqFTy.exe
  2⤵
  PID:8804
- C:\Windows\System32\KrRyYqy.exe
  C:\Windows\System32\KrRyYqy.exe
  2⤵
  PID:9016
- C:\Windows\System32\ZtjurWp.exe
  C:\Windows\System32\ZtjurWp.exe
  2⤵
  PID:9120
- C:\Windows\System32\ERQLCoM.exe
  C:\Windows\System32\ERQLCoM.exe
  2⤵
  PID:9196
- C:\Windows\System32\PLvKrlU.exe
  C:\Windows\System32\PLvKrlU.exe
  2⤵
  PID:8432
- C:\Windows\System32\xIDKVRf.exe
  C:\Windows\System32\xIDKVRf.exe
  2⤵
  PID:8588
- C:\Windows\System32\jEFrOEY.exe
  C:\Windows\System32\jEFrOEY.exe
  2⤵
  PID:8932
- C:\Windows\System32\iTWvfkR.exe
  C:\Windows\System32\iTWvfkR.exe
  2⤵
  PID:1452
- C:\Windows\System32\pAgzdNa.exe
  C:\Windows\System32\pAgzdNa.exe
  2⤵
  PID:8084
- C:\Windows\System32\JEKzyZs.exe
  C:\Windows\System32\JEKzyZs.exe
  2⤵
  PID:9236
- C:\Windows\System32\nKaokZY.exe
  C:\Windows\System32\nKaokZY.exe
  2⤵
  PID:9252
- C:\Windows\System32\ztQsUPv.exe
  C:\Windows\System32\ztQsUPv.exe
  2⤵
  PID:9288
- C:\Windows\System32\fbTjmbI.exe
  C:\Windows\System32\fbTjmbI.exe
  2⤵
  PID:9308
- C:\Windows\System32\IXqmUYh.exe
  C:\Windows\System32\IXqmUYh.exe
  2⤵
  PID:9356
- C:\Windows\System32\SLygAfU.exe
  C:\Windows\System32\SLygAfU.exe
  2⤵
  PID:9372
- C:\Windows\System32\gfGZAqo.exe
  C:\Windows\System32\gfGZAqo.exe
  2⤵
  PID:9388
- C:\Windows\System32\IhcYRJf.exe
  C:\Windows\System32\IhcYRJf.exe
  2⤵
  PID:9404
- C:\Windows\System32\yHXilPi.exe
  C:\Windows\System32\yHXilPi.exe
  2⤵
  PID:9420
- C:\Windows\System32\OKtiDQh.exe
  C:\Windows\System32\OKtiDQh.exe
  2⤵
  PID:9440
- C:\Windows\System32\XmnBBBC.exe
  C:\Windows\System32\XmnBBBC.exe
  2⤵
  PID:9456
- C:\Windows\System32\wPOfLAn.exe
  C:\Windows\System32\wPOfLAn.exe
  2⤵
  PID:9484
- C:\Windows\System32\ySOPagt.exe
  C:\Windows\System32\ySOPagt.exe
  2⤵
  PID:9504
- C:\Windows\System32\DzcZddK.exe
  C:\Windows\System32\DzcZddK.exe
  2⤵
  PID:9524
- C:\Windows\System32\hXmDldi.exe
  C:\Windows\System32\hXmDldi.exe
  2⤵
  PID:9540
- C:\Windows\System32\CAKWzNA.exe
  C:\Windows\System32\CAKWzNA.exe
  2⤵
  PID:9556
- C:\Windows\System32\LMwDnUD.exe
  C:\Windows\System32\LMwDnUD.exe
  2⤵
  PID:9572
- C:\Windows\System32\nQFntQf.exe
  C:\Windows\System32\nQFntQf.exe
  2⤵
  PID:9604
- C:\Windows\System32\LnovXAZ.exe
  C:\Windows\System32\LnovXAZ.exe
  2⤵
  PID:9688
- C:\Windows\System32\dbPNRIH.exe
  C:\Windows\System32\dbPNRIH.exe
  2⤵
  PID:9776
- C:\Windows\System32\gApsxeL.exe
  C:\Windows\System32\gApsxeL.exe
  2⤵
  PID:9824
- C:\Windows\System32\OGihviP.exe
  C:\Windows\System32\OGihviP.exe
  2⤵
  PID:9844
- C:\Windows\System32\IbOebmR.exe
  C:\Windows\System32\IbOebmR.exe
  2⤵
  PID:9872
- C:\Windows\System32\IvGjoRd.exe
  C:\Windows\System32\IvGjoRd.exe
  2⤵
  PID:9892
- C:\Windows\System32\WBGKwtp.exe
  C:\Windows\System32\WBGKwtp.exe
  2⤵
  PID:9928
- C:\Windows\System32\bQIVDQh.exe
  C:\Windows\System32\bQIVDQh.exe
  2⤵
  PID:9952
- C:\Windows\System32\dtvFpwd.exe
  C:\Windows\System32\dtvFpwd.exe
  2⤵
  PID:9976
- C:\Windows\System32\fbeOgBV.exe
  C:\Windows\System32\fbeOgBV.exe
  2⤵
  PID:9992
- C:\Windows\System32\GQDofiG.exe
  C:\Windows\System32\GQDofiG.exe
  2⤵
  PID:10016
- C:\Windows\System32\zumsUMU.exe
  C:\Windows\System32\zumsUMU.exe
  2⤵
  PID:10056
- C:\Windows\System32\DuyOZmp.exe
  C:\Windows\System32\DuyOZmp.exe
  2⤵
  PID:10080
- C:\Windows\System32\ukvVYAp.exe
  C:\Windows\System32\ukvVYAp.exe
  2⤵
  PID:10100
- C:\Windows\System32\pwMLfyi.exe
  C:\Windows\System32\pwMLfyi.exe
  2⤵
  PID:10120
- C:\Windows\System32\ZOxOiWY.exe
  C:\Windows\System32\ZOxOiWY.exe
  2⤵
  PID:10136
- C:\Windows\System32\aSIcFsw.exe
  C:\Windows\System32\aSIcFsw.exe
  2⤵
  PID:10156
- C:\Windows\System32\PUZdfEb.exe
  C:\Windows\System32\PUZdfEb.exe
  2⤵
  PID:10176
- C:\Windows\System32\gsxOeDE.exe
  C:\Windows\System32\gsxOeDE.exe
  2⤵
  PID:8436
- C:\Windows\System32\qbxcjRP.exe
  C:\Windows\System32\qbxcjRP.exe
  2⤵
  PID:9244
- C:\Windows\System32\mBBrZmc.exe
  C:\Windows\System32\mBBrZmc.exe
  2⤵
  PID:4672
- C:\Windows\System32\gTDNkDh.exe
  C:\Windows\System32\gTDNkDh.exe
  2⤵
  PID:9324
- C:\Windows\System32\ChNzPFw.exe
  C:\Windows\System32\ChNzPFw.exe
  2⤵
  PID:9416
- C:\Windows\System32\kOgdbfA.exe
  C:\Windows\System32\kOgdbfA.exe
  2⤵
  PID:9436
- C:\Windows\System32\TJIsQDO.exe
  C:\Windows\System32\TJIsQDO.exe
  2⤵
  PID:9592
- C:\Windows\System32\NARsZlH.exe
  C:\Windows\System32\NARsZlH.exe
  2⤵
  PID:9648
- C:\Windows\System32\JbiynyR.exe
  C:\Windows\System32\JbiynyR.exe
  2⤵
  PID:9700
- C:\Windows\System32\BenoqNX.exe
  C:\Windows\System32\BenoqNX.exe
  2⤵
  PID:9816
- C:\Windows\System32\mYqpXPv.exe
  C:\Windows\System32\mYqpXPv.exe
  2⤵
  PID:9888
- C:\Windows\System32\mTGFxSC.exe
  C:\Windows\System32\mTGFxSC.exe
  2⤵
  PID:9880
- C:\Windows\System32\joypxQW.exe
  C:\Windows\System32\joypxQW.exe
  2⤵
  PID:2712
- C:\Windows\System32\HCcOGpJ.exe
  C:\Windows\System32\HCcOGpJ.exe
  2⤵
  PID:9972
- C:\Windows\System32\TGPEECG.exe
  C:\Windows\System32\TGPEECG.exe
  2⤵
  PID:10088
- C:\Windows\System32\LoPlVpS.exe
  C:\Windows\System32\LoPlVpS.exe
  2⤵
  PID:10212
- C:\Windows\System32\jYMWbNS.exe
  C:\Windows\System32\jYMWbNS.exe
  2⤵
  PID:9224
- C:\Windows\System32\qxzSpVH.exe
  C:\Windows\System32\qxzSpVH.exe
  2⤵
  PID:9412
- C:\Windows\System32\lwQkQxe.exe
  C:\Windows\System32\lwQkQxe.exe
  2⤵
  PID:9368
- C:\Windows\System32\etKPWSS.exe
  C:\Windows\System32\etKPWSS.exe
  2⤵
  PID:9708
- C:\Windows\System32\RQilFij.exe
  C:\Windows\System32\RQilFij.exe
  2⤵
  PID:9804
- C:\Windows\System32\KuyZgEB.exe
  C:\Windows\System32\KuyZgEB.exe
  2⤵
  PID:1708
- C:\Windows\System32\PmsUnjr.exe
  C:\Windows\System32\PmsUnjr.exe
  2⤵
  PID:10148
- C:\Windows\System32\AwEIPxH.exe
  C:\Windows\System32\AwEIPxH.exe
  2⤵
  PID:10232
- C:\Windows\System32\ZTcxUKZ.exe
  C:\Windows\System32\ZTcxUKZ.exe
  2⤵
  PID:9328
- C:\Windows\System32\NusKAkS.exe
  C:\Windows\System32\NusKAkS.exe
  2⤵
  PID:9696
- C:\Windows\System32\WfrqVVO.exe
  C:\Windows\System32\WfrqVVO.exe
  2⤵
  PID:10064
- C:\Windows\System32\oFukUiF.exe
  C:\Windows\System32\oFukUiF.exe
  2⤵
  PID:10192
- C:\Windows\System32\lOeLWOo.exe
  C:\Windows\System32\lOeLWOo.exe
  2⤵
  PID:10216
- C:\Windows\System32\QCJexhO.exe
  C:\Windows\System32\QCJexhO.exe
  2⤵
  PID:10256
- C:\Windows\System32\elcxabk.exe
  C:\Windows\System32\elcxabk.exe
  2⤵
  PID:10272
- C:\Windows\System32\KRPSQHC.exe
  C:\Windows\System32\KRPSQHC.exe
  2⤵
  PID:10308
- C:\Windows\System32\uJJwEby.exe
  C:\Windows\System32\uJJwEby.exe
  2⤵
  PID:10348
- C:\Windows\System32\GTFjpUM.exe
  C:\Windows\System32\GTFjpUM.exe
  2⤵
  PID:10380
- C:\Windows\System32\kUFohrV.exe
  C:\Windows\System32\kUFohrV.exe
  2⤵
  PID:10404
- C:\Windows\System32\bkNMUWT.exe
  C:\Windows\System32\bkNMUWT.exe
  2⤵
  PID:10420
- C:\Windows\System32\ZtUtcjA.exe
  C:\Windows\System32\ZtUtcjA.exe
  2⤵
  PID:10440
- C:\Windows\System32\pLZjqRN.exe
  C:\Windows\System32\pLZjqRN.exe
  2⤵
  PID:10496
- C:\Windows\System32\idrHyRx.exe
  C:\Windows\System32\idrHyRx.exe
  2⤵
  PID:10516
- C:\Windows\System32\hMSDnDx.exe
  C:\Windows\System32\hMSDnDx.exe
  2⤵
  PID:10556
- C:\Windows\System32\IiMhwoh.exe
  C:\Windows\System32\IiMhwoh.exe
  2⤵
  PID:10572
- C:\Windows\System32\HplFLvP.exe
  C:\Windows\System32\HplFLvP.exe
  2⤵
  PID:10592
- C:\Windows\System32\WgwpUhg.exe
  C:\Windows\System32\WgwpUhg.exe
  2⤵
  PID:10628
- C:\Windows\System32\eMoEDvb.exe
  C:\Windows\System32\eMoEDvb.exe
  2⤵
  PID:10648
- C:\Windows\System32\VUCHKes.exe
  C:\Windows\System32\VUCHKes.exe
  2⤵
  PID:10664
- C:\Windows\System32\mpBtCXX.exe
  C:\Windows\System32\mpBtCXX.exe
  2⤵
  PID:10712
- C:\Windows\System32\RRfMwIh.exe
  C:\Windows\System32\RRfMwIh.exe
  2⤵
  PID:10732
- C:\Windows\System32\TMFdXKf.exe
  C:\Windows\System32\TMFdXKf.exe
  2⤵
  PID:10752
- C:\Windows\System32\SzKqplw.exe
  C:\Windows\System32\SzKqplw.exe
  2⤵
  PID:10796
- C:\Windows\System32\qqoPIBv.exe
  C:\Windows\System32\qqoPIBv.exe
  2⤵
  PID:10816
- C:\Windows\System32\IocrpON.exe
  C:\Windows\System32\IocrpON.exe
  2⤵
  PID:10860
- C:\Windows\System32\CgSSbnU.exe
  C:\Windows\System32\CgSSbnU.exe
  2⤵
  PID:10884
- C:\Windows\System32\kClOjrm.exe
  C:\Windows\System32\kClOjrm.exe
  2⤵
  PID:10912
- C:\Windows\System32\JzXaNVZ.exe
  C:\Windows\System32\JzXaNVZ.exe
  2⤵
  PID:10928
- C:\Windows\System32\SiNhmDK.exe
  C:\Windows\System32\SiNhmDK.exe
  2⤵
  PID:10948
- C:\Windows\System32\WqmaLEi.exe
  C:\Windows\System32\WqmaLEi.exe
  2⤵
  PID:10996
- C:\Windows\System32\RrtPypi.exe
  C:\Windows\System32\RrtPypi.exe
  2⤵
  PID:11016
- C:\Windows\System32\QhvkXFN.exe
  C:\Windows\System32\QhvkXFN.exe
  2⤵
  PID:11032
- C:\Windows\System32\PjKuPwZ.exe
  C:\Windows\System32\PjKuPwZ.exe
  2⤵
  PID:11064
- C:\Windows\System32\EtuNvuW.exe
  C:\Windows\System32\EtuNvuW.exe
  2⤵
  PID:11104
- C:\Windows\System32\zlxiWuX.exe
  C:\Windows\System32\zlxiWuX.exe
  2⤵
  PID:11120
- C:\Windows\System32\hFBVHGJ.exe
  C:\Windows\System32\hFBVHGJ.exe
  2⤵
  PID:11136
- C:\Windows\System32\qLXOcfx.exe
  C:\Windows\System32\qLXOcfx.exe
  2⤵
  PID:11152
- C:\Windows\System32\yCIdSig.exe
  C:\Windows\System32\yCIdSig.exe
  2⤵
  PID:11168
- C:\Windows\System32\Pniedhq.exe
  C:\Windows\System32\Pniedhq.exe
  2⤵
  PID:11184
- C:\Windows\System32\cOoWfJE.exe
  C:\Windows\System32\cOoWfJE.exe
  2⤵
  PID:11200
- C:\Windows\System32\DAxVKny.exe
  C:\Windows\System32\DAxVKny.exe
  2⤵
  PID:11216
- C:\Windows\System32\bAffFXG.exe
  C:\Windows\System32\bAffFXG.exe
  2⤵
  PID:11252
- C:\Windows\System32\uDsrriV.exe
  C:\Windows\System32\uDsrriV.exe
  2⤵
  PID:10268
- C:\Windows\System32\bsXgvyZ.exe
  C:\Windows\System32\bsXgvyZ.exe
  2⤵
  PID:10428
- C:\Windows\System32\ZABeNTT.exe
  C:\Windows\System32\ZABeNTT.exe
  2⤵
  PID:10524
- C:\Windows\System32\wTJUtez.exe
  C:\Windows\System32\wTJUtez.exe
  2⤵
  PID:10540
- C:\Windows\System32\bXZIwPr.exe
  C:\Windows\System32\bXZIwPr.exe
  2⤵
  PID:10564
- C:\Windows\System32\mguNdwz.exe
  C:\Windows\System32\mguNdwz.exe
  2⤵
  PID:10724
- C:\Windows\System32\PaGxmhM.exe
  C:\Windows\System32\PaGxmhM.exe
  2⤵
  PID:10832
- C:\Windows\System32\tzFjVRj.exe
  C:\Windows\System32\tzFjVRj.exe
  2⤵
  PID:10904
- C:\Windows\System32\rjYgGeJ.exe
  C:\Windows\System32\rjYgGeJ.exe
  2⤵
  PID:10988
- C:\Windows\System32\VCZsBNQ.exe
  C:\Windows\System32\VCZsBNQ.exe
  2⤵
  PID:11056
- C:\Windows\System32\OdxiLWz.exe
  C:\Windows\System32\OdxiLWz.exe
  2⤵
  PID:11148
- C:\Windows\System32\tegyQwt.exe
  C:\Windows\System32\tegyQwt.exe
  2⤵
  PID:11088
- C:\Windows\System32\RRkGVDv.exe
  C:\Windows\System32\RRkGVDv.exe
  2⤵
  PID:11084
- C:\Windows\System32\zzuedoE.exe
  C:\Windows\System32\zzuedoE.exe
  2⤵
  PID:11212
- C:\Windows\System32\WYDYBIP.exe
  C:\Windows\System32\WYDYBIP.exe
  2⤵
  PID:10468
- C:\Windows\System32\pHpFnbd.exe
  C:\Windows\System32\pHpFnbd.exe
  2⤵
  PID:10472
- C:\Windows\System32\TprWMek.exe
  C:\Windows\System32\TprWMek.exe
  2⤵
  PID:10584
- C:\Windows\System32\gijkYjZ.exe
  C:\Windows\System32\gijkYjZ.exe
  2⤵
  PID:10660
- C:\Windows\System32\nVGJzWW.exe
  C:\Windows\System32\nVGJzWW.exe
  2⤵
  PID:10940
- C:\Windows\System32\Fdlgcvp.exe
  C:\Windows\System32\Fdlgcvp.exe
  2⤵
  PID:11132
- C:\Windows\System32\PirgaJw.exe
  C:\Windows\System32\PirgaJw.exe
  2⤵
  PID:10336
- C:\Windows\System32\aaMmcry.exe
  C:\Windows\System32\aaMmcry.exe
  2⤵
  PID:10568
- C:\Windows\System32\ylKjMYS.exe
  C:\Windows\System32\ylKjMYS.exe
  2⤵
  PID:10964
- C:\Windows\System32\xpLZgYA.exe
  C:\Windows\System32\xpLZgYA.exe
  2⤵
  PID:10376
- C:\Windows\System32\KBrITOK.exe
  C:\Windows\System32\KBrITOK.exe
  2⤵
  PID:10728
- C:\Windows\System32\LEaBqWx.exe
  C:\Windows\System32\LEaBqWx.exe
  2⤵
  PID:11280
- C:\Windows\System32\ywuNrJO.exe
  C:\Windows\System32\ywuNrJO.exe
  2⤵
  PID:11296
- C:\Windows\System32\pEwWUzC.exe
  C:\Windows\System32\pEwWUzC.exe
  2⤵
  PID:11336
- C:\Windows\System32\WdBnALZ.exe
  C:\Windows\System32\WdBnALZ.exe
  2⤵
  PID:11364
- C:\Windows\System32\VUdYMvn.exe
  C:\Windows\System32\VUdYMvn.exe
  2⤵
  PID:11392
- C:\Windows\System32\DmMhcSI.exe
  C:\Windows\System32\DmMhcSI.exe
  2⤵
  PID:11420
- C:\Windows\System32\wKRTDRo.exe
  C:\Windows\System32\wKRTDRo.exe
  2⤵
  PID:11460
- C:\Windows\System32\AEpFseV.exe
  C:\Windows\System32\AEpFseV.exe
  2⤵
  PID:11484
- C:\Windows\System32\AjzYAGT.exe
  C:\Windows\System32\AjzYAGT.exe
  2⤵
  PID:11504
- C:\Windows\System32\vQxksqo.exe
  C:\Windows\System32\vQxksqo.exe
  2⤵
  PID:11544
- C:\Windows\System32\BJaaVsD.exe
  C:\Windows\System32\BJaaVsD.exe
  2⤵
  PID:11560
- C:\Windows\System32\tRtngWB.exe
  C:\Windows\System32\tRtngWB.exe
  2⤵
  PID:11576
- C:\Windows\System32\wnfzPoW.exe
  C:\Windows\System32\wnfzPoW.exe
  2⤵
  PID:11616
- C:\Windows\System32\DjTOhEs.exe
  C:\Windows\System32\DjTOhEs.exe
  2⤵
  PID:11644
- C:\Windows\System32\LvtWPOf.exe
  C:\Windows\System32\LvtWPOf.exe
  2⤵
  PID:11660
- C:\Windows\System32\guwuZfs.exe
  C:\Windows\System32\guwuZfs.exe
  2⤵
  PID:11684
- C:\Windows\System32\wQYTdvA.exe
  C:\Windows\System32\wQYTdvA.exe
  2⤵
  PID:11732
- C:\Windows\System32\pdMAtuq.exe
  C:\Windows\System32\pdMAtuq.exe
  2⤵
  PID:11752
- C:\Windows\System32\hWQbvfh.exe
  C:\Windows\System32\hWQbvfh.exe
  2⤵
  PID:11784
- C:\Windows\System32\tBBktJO.exe
  C:\Windows\System32\tBBktJO.exe
  2⤵
  PID:11820
- C:\Windows\System32\pyLqzXZ.exe
  C:\Windows\System32\pyLqzXZ.exe
  2⤵
  PID:11840
- C:\Windows\System32\QrfjokE.exe
  C:\Windows\System32\QrfjokE.exe
  2⤵
  PID:11856
- C:\Windows\System32\qDJmuuN.exe
  C:\Windows\System32\qDJmuuN.exe
  2⤵
  PID:11876
- C:\Windows\System32\aBIYuMJ.exe
  C:\Windows\System32\aBIYuMJ.exe
  2⤵
  PID:11892
- C:\Windows\System32\IcTzHqG.exe
  C:\Windows\System32\IcTzHqG.exe
  2⤵
  PID:11932
- C:\Windows\System32\lBoKWgY.exe
  C:\Windows\System32\lBoKWgY.exe
  2⤵
  PID:11976
- C:\Windows\System32\RugRbWR.exe
  C:\Windows\System32\RugRbWR.exe
  2⤵
  PID:12008
- C:\Windows\System32\qZuaLYX.exe
  C:\Windows\System32\qZuaLYX.exe
  2⤵
  PID:12024
- C:\Windows\System32\mZNBwyB.exe
  C:\Windows\System32\mZNBwyB.exe
  2⤵
  PID:12056
- C:\Windows\System32\zdDxnhM.exe
  C:\Windows\System32\zdDxnhM.exe
  2⤵
  PID:12080
- C:\Windows\System32\gFRyaEs.exe
  C:\Windows\System32\gFRyaEs.exe
  2⤵
  PID:12108
- C:\Windows\System32\NbCuKCu.exe
  C:\Windows\System32\NbCuKCu.exe
  2⤵
  PID:12148
- C:\Windows\System32\bDcQTUC.exe
  C:\Windows\System32\bDcQTUC.exe
  2⤵
  PID:12168
- C:\Windows\System32\rLVlLMz.exe
  C:\Windows\System32\rLVlLMz.exe
  2⤵
  PID:12184
- C:\Windows\System32\RiHWnqD.exe
  C:\Windows\System32\RiHWnqD.exe
  2⤵
  PID:12208
- C:\Windows\System32\YlSuTwV.exe
  C:\Windows\System32\YlSuTwV.exe
  2⤵
  PID:12244
- C:\Windows\System32\OFwmMIA.exe
  C:\Windows\System32\OFwmMIA.exe
  2⤵
  PID:12268
- C:\Windows\System32\MRxdLiq.exe
  C:\Windows\System32\MRxdLiq.exe
  2⤵
  PID:11276
- C:\Windows\System32\FHbwKQj.exe
  C:\Windows\System32\FHbwKQj.exe
  2⤵
  PID:11348
- C:\Windows\System32\FXIhQHW.exe
  C:\Windows\System32\FXIhQHW.exe
  2⤵
  PID:11416
- C:\Windows\System32\oCZjbKz.exe
  C:\Windows\System32\oCZjbKz.exe
  2⤵
  PID:11440
- C:\Windows\System32\oKUXGNp.exe
  C:\Windows\System32\oKUXGNp.exe
  2⤵
  PID:11472
- C:\Windows\System32\GXqtGTm.exe
  C:\Windows\System32\GXqtGTm.exe
  2⤵
  PID:11556
- C:\Windows\System32\uBXilWm.exe
  C:\Windows\System32\uBXilWm.exe
  2⤵
  PID:11676
- C:\Windows\System32\uPWcRux.exe
  C:\Windows\System32\uPWcRux.exe
  2⤵
  PID:11808
- C:\Windows\System32\jFzqbyz.exe
  C:\Windows\System32\jFzqbyz.exe
  2⤵
  PID:11832
- C:\Windows\System32\RNnJlQp.exe
  C:\Windows\System32\RNnJlQp.exe
  2⤵
  PID:11888
- C:\Windows\System32\XzKNhmK.exe
  C:\Windows\System32\XzKNhmK.exe
  2⤵
  PID:11944
- C:\Windows\System32\qdeyZSf.exe
  C:\Windows\System32\qdeyZSf.exe
  2⤵
  PID:12128
- C:\Windows\System32\PLhNeuM.exe
  C:\Windows\System32\PLhNeuM.exe
  2⤵
  PID:11076
- C:\Windows\System32\zxuJUbj.exe
  C:\Windows\System32\zxuJUbj.exe
  2⤵
  PID:11176
- C:\Windows\System32\tZrqDmd.exe
  C:\Windows\System32\tZrqDmd.exe
  2⤵
  PID:11496
- C:\Windows\System32\pjNRfiz.exe
  C:\Windows\System32\pjNRfiz.exe
  2⤵
  PID:11592
- C:\Windows\System32\UpOXreP.exe
  C:\Windows\System32\UpOXreP.exe
  2⤵
  PID:11764
- C:\Windows\System32\CwDesUu.exe
  C:\Windows\System32\CwDesUu.exe
  2⤵
  PID:11828
- C:\Windows\System32\xwsBhYG.exe
  C:\Windows\System32\xwsBhYG.exe
  2⤵
  PID:11884
- C:\Windows\System32\oNDvMfW.exe
  C:\Windows\System32\oNDvMfW.exe
  2⤵
  PID:12048
- C:\Windows\System32\YNfqzDv.exe
  C:\Windows\System32\YNfqzDv.exe
  2⤵
  PID:12076
- C:\Windows\System32\VAjuwlJ.exe
  C:\Windows\System32\VAjuwlJ.exe
  2⤵
  PID:12176
- C:\Windows\System32\PjNrvxj.exe
  C:\Windows\System32\PjNrvxj.exe
  2⤵
  PID:11516
- C:\Windows\System32\nqclKlF.exe
  C:\Windows\System32\nqclKlF.exe
  2⤵
  PID:12036
- C:\Windows\System32\BPxbgDc.exe
  C:\Windows\System32\BPxbgDc.exe
  2⤵
  PID:12200
- C:\Windows\System32\UkvOuHd.exe
  C:\Windows\System32\UkvOuHd.exe
  2⤵
  PID:11512
- C:\Windows\System32\imNkmST.exe
  C:\Windows\System32\imNkmST.exe
  2⤵
  PID:11308
- C:\Windows\System32\omWkTYI.exe
  C:\Windows\System32\omWkTYI.exe
  2⤵
  PID:12328
- C:\Windows\System32\ExEWzww.exe
  C:\Windows\System32\ExEWzww.exe
  2⤵
  PID:12364
- C:\Windows\System32\sUaJmps.exe
  C:\Windows\System32\sUaJmps.exe
  2⤵
  PID:12388
- C:\Windows\System32\gZddMQP.exe
  C:\Windows\System32\gZddMQP.exe
  2⤵
  PID:12404
- C:\Windows\System32\BRdTsmw.exe
  C:\Windows\System32\BRdTsmw.exe
  2⤵
  PID:12424
- C:\Windows\System32\ettdIth.exe
  C:\Windows\System32\ettdIth.exe
  2⤵
  PID:12468
- C:\Windows\System32\qHErehq.exe
  C:\Windows\System32\qHErehq.exe
  2⤵
  PID:12488
- C:\Windows\System32\nUTgGJw.exe
  C:\Windows\System32\nUTgGJw.exe
  2⤵
  PID:12528
- C:\Windows\System32\KKsldVF.exe
  C:\Windows\System32\KKsldVF.exe
  2⤵
  PID:12548
- C:\Windows\System32\xCKaQUt.exe
  C:\Windows\System32\xCKaQUt.exe
  2⤵
  PID:12564
- C:\Windows\System32\SEXOhgD.exe
  C:\Windows\System32\SEXOhgD.exe
  2⤵
  PID:12588
- C:\Windows\System32\rPdtRlO.exe
  C:\Windows\System32\rPdtRlO.exe
  2⤵
  PID:12616
- C:\Windows\System32\UvdDkPY.exe
  C:\Windows\System32\UvdDkPY.exe
  2⤵
  PID:12668
- C:\Windows\System32\bLSRynv.exe
  C:\Windows\System32\bLSRynv.exe
  2⤵
  PID:12696
- C:\Windows\System32\OhEEHbD.exe
  C:\Windows\System32\OhEEHbD.exe
  2⤵
  PID:12736
- C:\Windows\System32\eEjSbTu.exe
  C:\Windows\System32\eEjSbTu.exe
  2⤵
  PID:12760
- C:\Windows\System32\fHaNhZt.exe
  C:\Windows\System32\fHaNhZt.exe
  2⤵
  PID:12776
- C:\Windows\System32\jVkpCZA.exe
  C:\Windows\System32\jVkpCZA.exe
  2⤵
  PID:12804
- C:\Windows\System32\LxozEfG.exe
  C:\Windows\System32\LxozEfG.exe
  2⤵
  PID:12836
- C:\Windows\System32\CnDSZfk.exe
  C:\Windows\System32\CnDSZfk.exe
  2⤵
  PID:12872
- C:\Windows\System32\RxmYwNu.exe
  C:\Windows\System32\RxmYwNu.exe
  2⤵
  PID:12900
- C:\Windows\System32\eGDlZGp.exe
  C:\Windows\System32\eGDlZGp.exe
  2⤵
  PID:12916
- C:\Windows\System32\EuqCJSV.exe
  C:\Windows\System32\EuqCJSV.exe
  2⤵
  PID:12948
- C:\Windows\System32\gwYFYQv.exe
  C:\Windows\System32\gwYFYQv.exe
  2⤵
  PID:12976
- C:\Windows\System32\BpDwZdD.exe
  C:\Windows\System32\BpDwZdD.exe
  2⤵
  PID:13000
- C:\Windows\System32\dofXGle.exe
  C:\Windows\System32\dofXGle.exe
  2⤵
  PID:13016
- C:\Windows\System32\TLiTRrX.exe
  C:\Windows\System32\TLiTRrX.exe
  2⤵
  PID:13060
- C:\Windows\System32\BChRREU.exe
  C:\Windows\System32\BChRREU.exe
  2⤵
  PID:13084
- C:\Windows\System32\GOMFbZU.exe
  C:\Windows\System32\GOMFbZU.exe
  2⤵
  PID:13120
- C:\Windows\System32\qgkFQmR.exe
  C:\Windows\System32\qgkFQmR.exe
  2⤵
  PID:13152
- C:\Windows\System32\Volnloi.exe
  C:\Windows\System32\Volnloi.exe
  2⤵
  PID:13168
- C:\Windows\System32\DSIZcNN.exe
  C:\Windows\System32\DSIZcNN.exe
  2⤵
  PID:13188
- C:\Windows\System32\SRCjQyH.exe
  C:\Windows\System32\SRCjQyH.exe
  2⤵
  PID:13208
- C:\Windows\System32\KiOspFS.exe
  C:\Windows\System32\KiOspFS.exe
  2⤵
  PID:13240
- C:\Windows\System32\zarKZaR.exe
  C:\Windows\System32\zarKZaR.exe
  2⤵
  PID:13284
- C:\Windows\System32\uuZGofE.exe
  C:\Windows\System32\uuZGofE.exe
  2⤵
  PID:12156
- C:\Windows\System32\fhEUneT.exe
  C:\Windows\System32\fhEUneT.exe
  2⤵
  PID:12312
- C:\Windows\System32\JfdrTtl.exe
  C:\Windows\System32\JfdrTtl.exe
  2⤵
  PID:12476
- C:\Windows\System32\kiVuuvF.exe
  C:\Windows\System32\kiVuuvF.exe
  2⤵
  PID:12456
- C:\Windows\System32\TEkUXXQ.exe
  C:\Windows\System32\TEkUXXQ.exe
  2⤵
  PID:12560
- C:\Windows\System32\amteuTp.exe
  C:\Windows\System32\amteuTp.exe
  2⤵
  PID:12612
- C:\Windows\System32\FgqtfXL.exe
  C:\Windows\System32\FgqtfXL.exe
  2⤵
  PID:12688
- C:\Windows\System32\AhTlIHv.exe
  C:\Windows\System32\AhTlIHv.exe
  2⤵
  PID:12816
- C:\Windows\System32\DzQQdRG.exe
  C:\Windows\System32\DzQQdRG.exe
  2⤵
  PID:12828
- C:\Windows\System32\yLDVvsj.exe
  C:\Windows\System32\yLDVvsj.exe
  2⤵
  PID:12892
- C:\Windows\System32\LRkemKS.exe
  C:\Windows\System32\LRkemKS.exe
  2⤵
  PID:11448
- C:\Windows\System32\PXgbFBc.exe
  C:\Windows\System32\PXgbFBc.exe
  2⤵
  PID:12996
- C:\Windows\System32\zElopeC.exe
  C:\Windows\System32\zElopeC.exe
  2⤵
  PID:13024
- C:\Windows\System32\TnlUgkL.exe
  C:\Windows\System32\TnlUgkL.exe
  2⤵
  PID:13160
- C:\Windows\System32\JsxwUUS.exe
  C:\Windows\System32\JsxwUUS.exe
  2⤵
  PID:13200
- C:\Windows\System32\UMgWWML.exe
  C:\Windows\System32\UMgWWML.exe
  2⤵
  PID:12316
- C:\Windows\System32\Dckvoqb.exe
  C:\Windows\System32\Dckvoqb.exe
  2⤵
  PID:12460
- C:\Windows\System32\qIouWre.exe
  C:\Windows\System32\qIouWre.exe
  2⤵
  PID:12580
- C:\Windows\System32\gvKIbUC.exe
  C:\Windows\System32\gvKIbUC.exe
  2⤵
  PID:12792
- C:\Windows\System32\kdEsAjL.exe
  C:\Windows\System32\kdEsAjL.exe
  2⤵
  PID:12964
- C:\Windows\System32\iMXnDmE.exe
  C:\Windows\System32\iMXnDmE.exe
  2⤵
  PID:13092
- C:\Windows\System32\uoWCXos.exe
  C:\Windows\System32\uoWCXos.exe
  2⤵
  PID:13256
- C:\Windows\System32\YjTPOtz.exe
  C:\Windows\System32\YjTPOtz.exe
  2⤵
  PID:12396
- C:\Windows\System32\NHBeBaY.exe
  C:\Windows\System32\NHBeBaY.exe
  2⤵
  PID:12652
- C:\Windows\System32\YIdyAKS.exe
  C:\Windows\System32\YIdyAKS.exe
  2⤵
  PID:13072
- C:\Windows\System32\wfxFluT.exe
  C:\Windows\System32\wfxFluT.exe
  2⤵
  PID:12784
- C:\Windows\System32\wLpAedF.exe
  C:\Windows\System32\wLpAedF.exe
  2⤵
  PID:13332
- C:\Windows\System32\kztXhXK.exe
  C:\Windows\System32\kztXhXK.exe
  2⤵
  PID:13352
- C:\Windows\System32\aTDaXsL.exe
  C:\Windows\System32\aTDaXsL.exe
  2⤵
  PID:13400
- C:\Windows\System32\yvhMbHw.exe
  C:\Windows\System32\yvhMbHw.exe
  2⤵
  PID:13428
- C:\Windows\System32\EGsHgTg.exe
  C:\Windows\System32\EGsHgTg.exe
  2⤵
  PID:13448
- C:\Windows\System32\GFEpxOl.exe
  C:\Windows\System32\GFEpxOl.exe
  2⤵
  PID:13464
- C:\Windows\System32\zwDzLOX.exe
  C:\Windows\System32\zwDzLOX.exe
  2⤵
  PID:13492
- C:\Windows\System32\EkWMGQE.exe
  C:\Windows\System32\EkWMGQE.exe
  2⤵
  PID:13508
- C:\Windows\System32\VOWWmDS.exe
  C:\Windows\System32\VOWWmDS.exe
  2⤵
  PID:13556
- C:\Windows\System32\aLFmMqw.exe
  C:\Windows\System32\aLFmMqw.exe
  2⤵
  PID:13592
- C:\Windows\System32\xhuZWqm.exe
  C:\Windows\System32\xhuZWqm.exe
  2⤵
  PID:13616
- C:\Windows\System32\VUvbrgM.exe
  C:\Windows\System32\VUvbrgM.exe
  2⤵
  PID:13636
- C:\Windows\System32\tPdkNrN.exe
  C:\Windows\System32\tPdkNrN.exe
  2⤵
  PID:13652
- C:\Windows\System32\pYxJGAu.exe
  C:\Windows\System32\pYxJGAu.exe
  2⤵
  PID:13676
- C:\Windows\System32\rZXPVyw.exe
  C:\Windows\System32\rZXPVyw.exe
  2⤵
  PID:13716
- C:\Windows\System32\HwQeDCx.exe
  C:\Windows\System32\HwQeDCx.exe
  2⤵
  PID:13732
- C:\Windows\System32\fEqemFA.exe
  C:\Windows\System32\fEqemFA.exe
  2⤵
  PID:13776
- C:\Windows\System32\nuSOuYM.exe
  C:\Windows\System32\nuSOuYM.exe
  2⤵
  PID:13824
- C:\Windows\System32\zcWwKac.exe
  C:\Windows\System32\zcWwKac.exe
  2⤵
  PID:13840
- C:\Windows\System32\vgbPsff.exe
  C:\Windows\System32\vgbPsff.exe
  2⤵
  PID:13860
- C:\Windows\System32\CnvyuNG.exe
  C:\Windows\System32\CnvyuNG.exe
  2⤵
  PID:13876
- C:\Windows\System32\cukNray.exe
  C:\Windows\System32\cukNray.exe
  2⤵
  PID:13896
- C:\Windows\System32\xPUkYeS.exe
  C:\Windows\System32\xPUkYeS.exe
  2⤵
  PID:13956
- C:\Windows\System32\bkGbqpi.exe
  C:\Windows\System32\bkGbqpi.exe
  2⤵
  PID:13996
- C:\Windows\System32\RjDBIHd.exe
  C:\Windows\System32\RjDBIHd.exe
  2⤵
  PID:14024
- C:\Windows\System32\zMSFLfL.exe
  C:\Windows\System32\zMSFLfL.exe
  2⤵
  PID:14060
- C:\Windows\System32\NBtrLnM.exe
  C:\Windows\System32\NBtrLnM.exe
  2⤵
  PID:14080
- C:\Windows\System32\INBGmVx.exe
  C:\Windows\System32\INBGmVx.exe
  2⤵
  PID:14100
- C:\Windows\System32\seMQlrt.exe
  C:\Windows\System32\seMQlrt.exe
  2⤵
  PID:14116
- C:\Windows\System32\FBlCNAT.exe
  C:\Windows\System32\FBlCNAT.exe
  2⤵
  PID:14148
- C:\Windows\System32\hOHoOaW.exe
  C:\Windows\System32\hOHoOaW.exe
  2⤵
  PID:14168
- C:\Windows\System32\vUrCjYB.exe
  C:\Windows\System32\vUrCjYB.exe
  2⤵
  PID:14188
- C:\Windows\System32\FgGkjNV.exe
  C:\Windows\System32\FgGkjNV.exe
  2⤵
  PID:14208
- C:\Windows\System32\ZWNoTlq.exe
  C:\Windows\System32\ZWNoTlq.exe
  2⤵
  PID:14232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4388,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=1044 /prefetch:8
1⤵
PID:1400

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BciOcsQ.exe

Filesize
1.0MB

MD5
ceb5155eb56d29b2494b26dcd8abfb24

SHA1
e46ded9741bc009492f7fe3c6930d61e163caa0c

SHA256
08e0a30863f4769bebc78a05ac5cea29ca7bcc575f9e7e681fc641b39e267ffc

SHA512
c02e2ee2ed7986d594cf05e2eb5027ed9ec4ec072a4ddac7b7545a6119ad7590e8ad9aff381f7fb66f25ab111748865318a957e706eef7a092b49eeeb5dd0eb4

Download Submit
C:\Windows\System32\DExQntu.exe

Filesize
1.0MB

MD5
eeb8b9fc90fd04211145e2eb5792958f

SHA1
e36d928c4d81db900f2277071c451c4124626c7a

SHA256
cd8d005b5a7bf1b7d1ed41addda1a6a9a161a3b43e58e2bd8a690e7b2674c2a3

SHA512
f4fe2d234000ab5cad11689300da1539a261e30aea2dbd1bed7518fa437efce56f6085e321e0cd34d3da9bf8a0168e1e9fff1c96add7096a67a51062b7432cd0

Download Submit
C:\Windows\System32\DiHflIe.exe

Filesize
1.0MB

MD5
0cd941b21ffda09cbc05237c15b51445

SHA1
8a61da853a69b0129f16d5b8678a9640713a4c49

SHA256
179ee5bd176279931bc8b3edc38e1b9f276aa9402bd252d1412d1b1be47127ec

SHA512
a390352c32d34a7e58ec0319353c62c912897c2df63a06d477b88c925b6858611e06034037c4ccc32912976381f478311e676705a25b2dc4a841c6cb00c9924c

Download Submit
C:\Windows\System32\ItoFfQo.exe

Filesize
1.0MB

MD5
cb21133fc0273dcc2745bccb50f4177d

SHA1
f444cb18be836b7b8bc6d0bf19786e38546533b5

SHA256
36e5f3f26f1befb91ac4adf32ed49e45ab16f82a5ea7b72d93a60b24e579a9ca

SHA512
fc9cb678dd4cb8d9561812093096996bc66053bb065c8a52dbb94f08e8ffce2e2434a2a6fdc16ed565ec9025b48fefdd965ce738aeae2ec52ec354b03ba7e721

Download Submit
C:\Windows\System32\LjGhnEJ.exe

Filesize
1.0MB

MD5
1180fec69073babfb9a45d1fda4bd720

SHA1
6c8dd16ffda664f2233c7e959d5f02b4b5baab13

SHA256
6826e46c04736bdef525b2125d3748c6df9b211b6c6f090cf4abc41fa52a5a50

SHA512
10f60337f3d1ed0af6b499e6d8afa11550b4f0c04eda9ca3a255036e76464c39d24e74cd7e7db302f22cf314fcb92a25dbfaf091489d8ec74622ba3040c2fcb2

Download Submit
C:\Windows\System32\MmvpmRp.exe

Filesize
1.0MB

MD5
b6d047802be0aa19e60f3c762499bb99

SHA1
8bd3a2af520f78b68b6d11aaa0ffdecc5fd1aa5b

SHA256
557369eeacc7f7a25a03ba283f00d4e68895605e42a0bf15307fd7c0fdbba90c

SHA512
e188e7cd6127548b6e7c27417304451ab1fa737885e553bfd0dff1be6b54f7fda8780f05966239cdd56e8c7e40bede62020afbf3c4fb35fb27eea032844077eb

Download Submit
C:\Windows\System32\NPfaISK.exe

Filesize
1.0MB

MD5
5f02d84354b449b7221f78a6f72ca728

SHA1
809d5a2ed0a7cfa5dd874a437879f06b5dd2c568

SHA256
17301332177e6e2dc22062cabe0a0306762abb606eed1ff349d6711562fbc41c

SHA512
fc37bdce5b77e43de53712063ecd9728525718dc7bc7a821fe5a3e85d296dcc5e881d50f768a7e33f49b3cd36e87876476d9152920078a6973491d5ce68e3e6f

Download Submit
C:\Windows\System32\NXTWHKW.exe

Filesize
1.0MB

MD5
2fe3dd873fa829fee89d595332b611a9

SHA1
1c21ab4c3dcb1ef2a68bf6255ca102d588597538

SHA256
1759bd896022234515c210aff9c9c24fa7ccbafd55af5d4cbedf3ef8f967b46d

SHA512
6505a0cec9628279c04a93356e925e74f186b4d35ca048a890fe8679c8b2208be5c8c40e8ea11a1fa47e0113640d01c167c81c5473bcfdff57c35b076b65e5f1

Download Submit
C:\Windows\System32\OHEtnpe.exe

Filesize
1.0MB

MD5
6668618e6f1fbe9adde942fa742e9e1e

SHA1
7a6708364f1d5b71323c9fd909202b52a0ea9fc5

SHA256
6f67ae5c69a49685eb8c64f08895f05fe92fb6269fcbcecfe9abe7d5ce7337ab

SHA512
9f8937fc777c8a0c4c4e2f288b1a483a9a13ffe7ea3445955ceaf7d92c2cd7d99ae73aa28c6718590c1d0525073f11a6a3055213bb66cf931d99d2b48dddeb90

Download Submit
C:\Windows\System32\PEWOQCK.exe

Filesize
1.0MB

MD5
77e64549b5caa40d7d6f1a445ae2cd15

SHA1
8872aacdd5feccf9baf9312f4d3ff6d5e3ba1942

SHA256
d515d1636ff181837107b5f268113635d838ca3007ddce88cc9203ac8f285eb3

SHA512
fc6801eeae4aba7df7945abce7f480ad7c0879c3b175128a03949652cb2dd0322172554cd3ea39d894d43c7a1224df8e4b9c4ea89efe534e9fc9443a995c7d97

Download Submit
C:\Windows\System32\QXDEwaC.exe

Filesize
1.0MB

MD5
2fa72a1dcab33fcfd6708d2eb1661bd8

SHA1
7a588642da5af4f533eb6c56611fde3870a826c5

SHA256
be65fb7d87f00f91186046601bd7e316e4fd01cfd8a169bafff3c9f3b11d7f0d

SHA512
756bc555df8dd040578f1792e7986886547d6a8464b0a152a23cea6f205670a9385f8aa2f87341df423e4e4e7a344440a36f7160e450c6968246eb399b013df5

Download Submit
C:\Windows\System32\TDoSMaQ.exe

Filesize
1.0MB

MD5
0846b161646d8be402b13e5d8364f0bb

SHA1
14b1dc7053c25e176753af0b95cd8f484e501909

SHA256
3bdd1ecfc5ee44c26a1396c31c6b7bd5a78f9d869c5940a8729ce88c35c37743

SHA512
de71fd931fdca52a0c0260ad38222e995374af43398f764a0a22826e6656adca53156ef3ce478db3567a3333877efda544928319221bfa6a35af746172da5ebd

Download Submit
C:\Windows\System32\UDqrknz.exe

Filesize
1.0MB

MD5
aabc5b729790be645800d6ff0565fa69

SHA1
bf49feb1ed11b7e9ff585767aafb619bed3d691a

SHA256
fc861d5997fe00b5f7241b200f2c16a257f1f2338f3d7123528d76bf6e7223e2

SHA512
7c084681d2c36d93bb73cf9a13bd15a8d88c828e1547bc60002d3d3cb7cf98b8c7c31557a71794652fd5212c01d3d8386df34fbdfb8e2370957d539979e78a36

Download Submit
C:\Windows\System32\UfOgJsd.exe

Filesize
1.0MB

MD5
e4a37bae89571be20dc27ed5683712ed

SHA1
ffa5df4d64d4ac0c86b26cf87fe010a910622963

SHA256
aff5e8a8ebcccead6f304735661f9c14474f047d885dd4ccea1f84b8b9f71567

SHA512
29ce243cfa6d2824a82debeb5417ce68d01b09a5fc67172ae14b3a0f4c752ba46267319450331058ea8f7ccbd9a3c6be26043be866d4b24e6965f8d417743c62

Download Submit
C:\Windows\System32\UkqwbYO.exe

Filesize
1.0MB

MD5
6f3cab6fe1329007f5f6551af18fe71d

SHA1
e8ba0f086f9d7d026b23bdbca2aa76b5d0d2114a

SHA256
72af6e9475d5224776be810a3769ac94f24a2b98b74c286655fb1986e6003352

SHA512
7646f22f9582575d99ce57e0adb5a3e43675750f6f418380b3f24f9940cf6164137424e16f8e254927a3c03e036f2546474a0438958f1b74743024ca53ccf94c

Download Submit
C:\Windows\System32\UsxdyOY.exe

Filesize
1.0MB

MD5
05a930037ac7dff21106d83c84c001dc

SHA1
1eb063d9aa7429cec7728c9119d7cea52e699935

SHA256
71905804ff1a2d074636933b8f8e90fc154505ecee173447ff514ae2c6dba7d9

SHA512
53c96613243239772cda0f68c59ba8b43b029cd4da8020a9c0cb1c7b4f080bdcfcf8447ec38d4b3034a0b7556119dfd80396c46cc94ada5d0b98760e8e91fd61

Download Submit
C:\Windows\System32\YyjYZox.exe

Filesize
1.0MB

MD5
3bdd2ff3bf53908eb79ac206c2f101cf

SHA1
2f0153bb3f69ae6d3df1887d1c33ea7d6dc0f549

SHA256
92d0370ca1d08d54d9bc4986d0b2765dcb5f67b29c60dab7f85f5b4eea682b4d

SHA512
a6c9034ff3114697e3a0a716d9fd990d49e47a58125f191b30571d87db5b4c345eb424bf65336ca2aa75c85d933769e41acc604cec509775ce55d52fece5416a

Download Submit
C:\Windows\System32\ZCwLPfM.exe

Filesize
1.0MB

MD5
81178703ec25221b69e9321e47b28388

SHA1
2236255676b64ada4c687a5c5044a7426644668c

SHA256
c4733d0a83dd165a87eab99534e48a2588bade787580ed49b5f6ae2cca3cf637

SHA512
0a606a23389b2b65fc3829439d7ef622092f1a4224806a933f8c9bb9f3abd4b2092d224f2c8a56d383e8c7272588fed4e5ca660bcb71df8117bb4ae257685355

Download Submit
C:\Windows\System32\aFHaIEy.exe

Filesize
1.0MB

MD5
79f5cabcaf80d924e6d9307d88dbb927

SHA1
10201b5646ed428082d1fa15a33de10846f8239a

SHA256
cc0beb39b7bf674b78144789108447edccc8204b40c671dec160b4f25e1f6c91

SHA512
84c21986ffc68981f3d38da3e8b4115c384b54208dfdd3a2049546e53bced1ae2589ca0736e5304652d20dcaa5c9aa43bc967e4e55fd89b0ddbd31cc6f42f911

Download Submit
C:\Windows\System32\ghkuZqE.exe

Filesize
1.0MB

MD5
79d9c57ea70b3ed9d0510334b31f38b8

SHA1
ac82541606557c1714490ce24ab37cee0983abeb

SHA256
127273432f78baf36143688591dd99578a33fc59226ec871384dea25a37579b8

SHA512
842b6b06c8ff8bbae9f491d74a3c99a2a06e4a4aebfad80d9fdb67da9f8db21c07df0e281d8c05a68ea47d17294f02e7cc6e33d71d3322aaadb48ac4c37167f4

Download Submit
C:\Windows\System32\jIufDhV.exe

Filesize
1.0MB

MD5
f74b1c4d0cccb2bfc6e3d526a1858296

SHA1
43e59cc90faeef1a4f1e091f34293d028ca9ba6d

SHA256
674c2d277ad72b94133bf01fcee2eca1d1fa0357d9da0018fa46aa62e94df7ac

SHA512
1a32bd44d915069735b9133357afc80ffd0f117e28d52f74367ce5eb254879faabe2aef08c0a954dd645f7740e4c67c58708e3e3f6b6e001ddfa01757323e119

Download Submit
C:\Windows\System32\jYkMHYF.exe

Filesize
1.0MB

MD5
6ca1e12e3dd9c809e0cfcbaada218c91

SHA1
cd09eac37f5d05fc88026b02921a197c947f00e6

SHA256
a415f24e7de668a12d6deef55157814eb47f890ede65786bbbf4f0e32cfee057

SHA512
d25740c2a50a7ab14e7bcf75e0f053578418bb84421984821427c8c22362ac4f1ce88351a29ad654ec0d40e5bfaac53326f5e66302ddb7778241be9675ab165d

Download Submit
C:\Windows\System32\kehIHhn.exe

Filesize
1.0MB

MD5
d6daeeeaf0afc2b561b6592935f8f37f

SHA1
31baccf56720580cf91f97253b4b1c32dc1e4b12

SHA256
29a2609d3e6379a60c5bcefea49ad54adc0f332c43c3b801262d82196ef749fe

SHA512
33e4b1940f48228bb810b1f18705e93c4e17b50d0861a0e511d7a0be69421c1b34e99db7dad66ea2d29d2d63383ad34452fa342248090f5cc7911362a05e7c83

Download Submit
C:\Windows\System32\kzZqcMT.exe

Filesize
1.0MB

MD5
a0553c3939667e6e801880d634167ca9

SHA1
de67b67c3cae3a7372f87dc13a0b39c60fc2e606

SHA256
98a7ccb5a67678e2af973c54363e0227f0af20bd6932ffc163c14bd4b30883c2

SHA512
a146ff5d6f14ece9bd235c34262f8eb6e0a85a6efc894287d118931c44be7956911eb0a9752908feb436f0fcff995c09ac0b05f41203676ff03b7de15b4166af

Download Submit
C:\Windows\System32\lBttNEs.exe

Filesize
1.0MB

MD5
db3e89815bbfa449d1d537d12ff0414f

SHA1
3f9d7756f869973125f9053dff81e37f84aa4ac6

SHA256
a5ca47a023e91d458e542a92dd4bf12f2dd335f249e3838b3fbe3b7a9f133860

SHA512
9caf8417dcf89e349c599b9f1ace922351b77a92eddb0ed7d7cfdb412444b129c1c70fc3c5fab039beb37b0f2c0ffc3fc1bc3507e9e064c6d8379fc0bf00a810

Download Submit
C:\Windows\System32\miNhTei.exe

Filesize
1.0MB

MD5
ae2f6031596460ebf3f1156e754c7938

SHA1
dd7c003d0d7b2022b84e78c8f09254e2ae6dcdfd

SHA256
7909b63b89f5c09128bf329b19812dc84185ba905ca0e9c6ae3e5d2df04930d6

SHA512
9b09ccbf5cbd9a67effc1737f4a3e3413004af831dd570ff25a5bdf6f9e1fcceedbe9b884f17d0c09bebf100f3017d05fa812064edb24481899bd7da0eabc611

Download Submit
C:\Windows\System32\rnVdmCb.exe

Filesize
1.0MB

MD5
100e398274e38087a03a4eb73650ebd2

SHA1
616a14f523a57c8c970fc4d9e033a478ff7d999e

SHA256
ccea45c362c68d99c45c3f9486e668c09b90ba5d214b462f4afc32fa0e470502

SHA512
cefdebe58583b042a170c021dcbeeb808aef77c09aa77d5afdb538304fecfb0efc34a8dd9c649318f543bd2e713f2e7b40bc71f92329ed10844e152153834a17

Download Submit
C:\Windows\System32\rxfhSdq.exe

Filesize
1.0MB

MD5
b760bbd1bd75445f06a86a8bd6ec1f6f

SHA1
2f3cf09bb325026bc0ca630d34883eb7c74d0666

SHA256
2a634ab95f47e148d0cda021dc63ff8b8c4a9b0d9eaa8a49e5d982316b1bc453

SHA512
c975cff0f678459938ea13108fe2f9a94fbdeffd5ffd6425aa77ae8571c66c0647f1ba3eec76ae5a0e03e7b663f23422a6ad49e1cbd057485c282e258985c296

Download Submit
C:\Windows\System32\sqcfxrx.exe

Filesize
1.0MB

MD5
e6853ec70937662362de3c35ca6dbaa0

SHA1
3d4aef647e0d3e634686b646140c358a4657aabe

SHA256
10d2579ea264179f320dff53cbbc500efe83125c14bf123204f80f38a3607f52

SHA512
1553d0a6742d55780e85fb60e4619227295463bbb71efffa7974d7902aeb1bc466db68a76e2124b1a9a2fd996416482dc5d19f1fce3bc401151be7cb57446afd

Download Submit
C:\Windows\System32\tMOAqqt.exe

Filesize
1.0MB

MD5
51fc426cb5c1ed9c572aa62f7000db82

SHA1
c235f606cbad55f8b0f101bfbb642c49ed9a5d94

SHA256
375ecc292d8ce3d85f68b26695cc4e86f78fb4768a67f91a888786def07c274c

SHA512
a3ee43e83b3082e06f71e6ddd815a3f6ed9ae9845d1c9bcc9bd829b496d93c456f1d9f8685e11e92d7ba6f98d819f6d0e5dead3ffec07d956f71bca857e40e27

Download Submit
C:\Windows\System32\tvHowTv.exe

Filesize
1.0MB

MD5
b6e8fecb79f83e707fe8bc379f7ae664

SHA1
40a5f68b9d361258b6f6c386208be43f0532cda8

SHA256
d8f581cb8e8685188c360c5256280b0cd6188f3719c0a68482e867c2d3603f78

SHA512
a8caf66c906fcf555a0db102d913e07db8ac2025849add83032a8299e4fb1310cf527a42f5d316064564d54a4afc1f8166d3ad4e6bc31f983d9e4730c5ed7386

Download Submit
C:\Windows\System32\uGUfSyo.exe

Filesize
1.0MB

MD5
aeda75d3504516916af86e0aca719aa2

SHA1
936dd5e7a24ce1d870ba695efc1e28ed94d089dd

SHA256
32b8040789a244ab13c2b2b698d0bdeb7a362fd3e00fd827a484a8a795b9afbe

SHA512
c846158b8ea0e76f9ec69f0eaa7027e418479ac09e6c019a7b6ebc477a99a9b01e7c803f772576e592d66343271d5a86cb9d092ef8288a8220c98ce8bac6772b

Download Submit
C:\Windows\System32\wwubnIM.exe

Filesize
1.0MB

MD5
e105077190b258adeee90e1dd3112e59

SHA1
d5219149f2c0ad1fa0f18b0dd64664e76e56b339

SHA256
ce32d6fc8760bfa560709f826e8feb0224c6c7c281554143a29c3ff77a2f4b38

SHA512
6b66a6d067549fceaaba974a489346995c46ed382a4897f4af080374114ed54b9eb1bfa7021223cc8cb4e8c7ca1a9d87576453a2e5db1943687ed4a27568a1f6

Download Submit
memory/624-539-0x00007FF7F0A30000-0x00007FF7F0E21000-memory.dmp

Filesize
3.9MB

Download
memory/624-98-0x00007FF7F0A30000-0x00007FF7F0E21000-memory.dmp

Filesize
3.9MB

Download
memory/624-2122-0x00007FF7F0A30000-0x00007FF7F0E21000-memory.dmp

Filesize
3.9MB

Download
memory/632-2055-0x00007FF7D4940000-0x00007FF7D4D31000-memory.dmp

Filesize
3.9MB

Download
memory/632-18-0x00007FF7D4940000-0x00007FF7D4D31000-memory.dmp

Filesize
3.9MB

Download
memory/692-108-0x00007FF784F60000-0x00007FF785351000-memory.dmp

Filesize
3.9MB

Download
memory/692-755-0x00007FF784F60000-0x00007FF785351000-memory.dmp

Filesize
3.9MB

Download
memory/692-2128-0x00007FF784F60000-0x00007FF785351000-memory.dmp

Filesize
3.9MB

Download
memory/752-95-0x00007FF6B2520000-0x00007FF6B2911000-memory.dmp

Filesize
3.9MB

Download
memory/752-2118-0x00007FF6B2520000-0x00007FF6B2911000-memory.dmp

Filesize
3.9MB

Download
memory/780-159-0x00007FF6F2BD0000-0x00007FF6F2FC1000-memory.dmp

Filesize
3.9MB

Download
memory/780-2184-0x00007FF6F2BD0000-0x00007FF6F2FC1000-memory.dmp

Filesize
3.9MB

Download
memory/840-88-0x00007FF6C6800000-0x00007FF6C6BF1000-memory.dmp

Filesize
3.9MB

Download
memory/840-2093-0x00007FF6C6800000-0x00007FF6C6BF1000-memory.dmp

Filesize
3.9MB

Download
memory/912-103-0x00007FF760EE0000-0x00007FF7612D1000-memory.dmp

Filesize
3.9MB

Download
memory/912-2088-0x00007FF760EE0000-0x00007FF7612D1000-memory.dmp

Filesize
3.9MB

Download
memory/1196-262-0x00007FF73B190000-0x00007FF73B581000-memory.dmp

Filesize
3.9MB

Download
memory/1196-68-0x00007FF73B190000-0x00007FF73B581000-memory.dmp

Filesize
3.9MB

Download
memory/1196-2094-0x00007FF73B190000-0x00007FF73B581000-memory.dmp

Filesize
3.9MB

Download
memory/1516-113-0x00007FF6C6B10000-0x00007FF6C6F01000-memory.dmp

Filesize
3.9MB

Download
memory/1516-2130-0x00007FF6C6B10000-0x00007FF6C6F01000-memory.dmp

Filesize
3.9MB

Download
memory/1792-2067-0x00007FF62C3A0000-0x00007FF62C791000-memory.dmp

Filesize
3.9MB

Download
memory/1792-36-0x00007FF62C3A0000-0x00007FF62C791000-memory.dmp

Filesize
3.9MB

Download
memory/2020-38-0x00007FF60C8E0000-0x00007FF60CCD1000-memory.dmp

Filesize
3.9MB

Download
memory/2020-2070-0x00007FF60C8E0000-0x00007FF60CCD1000-memory.dmp

Filesize
3.9MB

Download
memory/2116-2090-0x00007FF76C370000-0x00007FF76C761000-memory.dmp

Filesize
3.9MB

Download
memory/2116-71-0x00007FF76C370000-0x00007FF76C761000-memory.dmp

Filesize
3.9MB

Download
memory/2116-527-0x00007FF76C370000-0x00007FF76C761000-memory.dmp

Filesize
3.9MB

Download
memory/2152-2126-0x00007FF797950000-0x00007FF797D41000-memory.dmp

Filesize
3.9MB

Download
memory/2152-122-0x00007FF797950000-0x00007FF797D41000-memory.dmp

Filesize
3.9MB

Download
memory/2280-251-0x00007FF674B70000-0x00007FF674F61000-memory.dmp

Filesize
3.9MB

Download
memory/2280-127-0x00007FF674B70000-0x00007FF674F61000-memory.dmp

Filesize
3.9MB

Download
memory/2280-1-0x00000281AFEC0000-0x00000281AFED0000-memory.dmp

Filesize
64KB

Download
memory/2280-0-0x00007FF674B70000-0x00007FF674F61000-memory.dmp

Filesize
3.9MB

Download
memory/2488-1003-0x00007FF71E520000-0x00007FF71E911000-memory.dmp

Filesize
3.9MB

Download
memory/2488-2178-0x00007FF71E520000-0x00007FF71E911000-memory.dmp

Filesize
3.9MB

Download
memory/2488-130-0x00007FF71E520000-0x00007FF71E911000-memory.dmp

Filesize
3.9MB

Download
memory/2880-2182-0x00007FF6CF490000-0x00007FF6CF881000-memory.dmp

Filesize
3.9MB

Download
memory/2880-178-0x00007FF6CF490000-0x00007FF6CF881000-memory.dmp

Filesize
3.9MB

Download
memory/3308-647-0x00007FF685C80000-0x00007FF686071000-memory.dmp

Filesize
3.9MB

Download
memory/3308-79-0x00007FF685C80000-0x00007FF686071000-memory.dmp

Filesize
3.9MB

Download
memory/3308-2116-0x00007FF685C80000-0x00007FF686071000-memory.dmp

Filesize
3.9MB

Download
memory/3376-91-0x00007FF689660000-0x00007FF689A51000-memory.dmp

Filesize
3.9MB

Download
memory/3376-2114-0x00007FF689660000-0x00007FF689A51000-memory.dmp

Filesize
3.9MB

Download
memory/4144-2058-0x00007FF6CC8D0000-0x00007FF6CCCC1000-memory.dmp

Filesize
3.9MB

Download
memory/4144-167-0x00007FF6CC8D0000-0x00007FF6CCCC1000-memory.dmp

Filesize
3.9MB

Download
memory/4144-27-0x00007FF6CC8D0000-0x00007FF6CCCC1000-memory.dmp

Filesize
3.9MB

Download
memory/4288-37-0x00007FF67DC20000-0x00007FF67E011000-memory.dmp

Filesize
3.9MB

Download
memory/4288-2068-0x00007FF67DC20000-0x00007FF67E011000-memory.dmp

Filesize
3.9MB

Download
memory/4364-107-0x00007FF762490000-0x00007FF762881000-memory.dmp

Filesize
3.9MB

Download
memory/4364-2120-0x00007FF762490000-0x00007FF762881000-memory.dmp

Filesize
3.9MB

Download
memory/4396-2124-0x00007FF622C50000-0x00007FF623041000-memory.dmp

Filesize
3.9MB

Download
memory/4396-120-0x00007FF622C50000-0x00007FF623041000-memory.dmp

Filesize
3.9MB

Download
memory/4396-762-0x00007FF622C50000-0x00007FF623041000-memory.dmp

Filesize
3.9MB

Download
memory/4744-131-0x00007FF6127F0000-0x00007FF612BE1000-memory.dmp

Filesize
3.9MB

Download
memory/4744-6-0x00007FF6127F0000-0x00007FF612BE1000-memory.dmp

Filesize
3.9MB

Download
memory/4828-154-0x00007FF764930000-0x00007FF764D21000-memory.dmp

Filesize
3.9MB

Download
memory/4828-2180-0x00007FF764930000-0x00007FF764D21000-memory.dmp

Filesize
3.9MB

Download
memory/4952-77-0x00007FF71CB00000-0x00007FF71CEF1000-memory.dmp

Filesize
3.9MB

Download
memory/4952-2112-0x00007FF71CB00000-0x00007FF71CEF1000-memory.dmp

Filesize
3.9MB

Download
memory/4952-638-0x00007FF71CB00000-0x00007FF71CEF1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads