xmrig | eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 00:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
Size

2.0MB
MD5

b6b64048870a55d5663c41312f096b74
SHA1

3c369556cde225d61e96fbb8159ab286f816256b
SHA256

eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c
SHA512

f7a0925e9f4fd47d3a2bf088bf206cc0e9a3d64229faa157806b0450df29bc176d03afb70cd92b1cc1c7e3d7c0ee49226608f56add99860624d85c031357bc81
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQOYkZtg946MEI:BemTLkNdfE0pZrQ6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3260-0-0x00007FF6EC1D0000-0x00007FF6EC524000-memory.dmp	UPX
behavioral2/files/0x0007000000023214-5.dat	UPX
behavioral2/files/0x0007000000023214-6.dat	UPX
behavioral2/files/0x0007000000023216-9.dat	UPX
behavioral2/memory/4728-11-0x00007FF694AD0000-0x00007FF694E24000-memory.dmp	UPX
behavioral2/files/0x0007000000023218-36.dat	UPX
behavioral2/memory/312-43-0x00007FF688700000-0x00007FF688A54000-memory.dmp	UPX
behavioral2/files/0x000700000002321d-52.dat	UPX
behavioral2/memory/3720-60-0x00007FF75DE20000-0x00007FF75E174000-memory.dmp	UPX
behavioral2/files/0x0007000000023220-69.dat	UPX
behavioral2/files/0x0007000000023223-88.dat	UPX
behavioral2/files/0x0007000000023226-112.dat	UPX
behavioral2/memory/1728-125-0x00007FF625810000-0x00007FF625B64000-memory.dmp	UPX
behavioral2/files/0x000700000002322d-136.dat	UPX
behavioral2/files/0x0007000000023231-162.dat	UPX
behavioral2/memory/4976-181-0x00007FF718060000-0x00007FF7183B4000-memory.dmp	UPX
behavioral2/memory/3308-216-0x00007FF7D73F0000-0x00007FF7D7744000-memory.dmp	UPX
behavioral2/memory/868-226-0x00007FF7550C0000-0x00007FF755414000-memory.dmp	UPX
behavioral2/memory/3384-250-0x00007FF6B35F0000-0x00007FF6B3944000-memory.dmp	UPX
behavioral2/memory/3312-265-0x00007FF64A470000-0x00007FF64A7C4000-memory.dmp	UPX
behavioral2/memory/4336-288-0x00007FF6016E0000-0x00007FF601A34000-memory.dmp	UPX
behavioral2/memory/1552-344-0x00007FF690620000-0x00007FF690974000-memory.dmp	UPX
behavioral2/memory/3368-339-0x00007FF60D970000-0x00007FF60DCC4000-memory.dmp	UPX
behavioral2/memory/4132-334-0x00007FF6102D0000-0x00007FF610624000-memory.dmp	UPX
behavioral2/memory/3052-331-0x00007FF78F3A0000-0x00007FF78F6F4000-memory.dmp	UPX
behavioral2/memory/2372-328-0x00007FF739B00000-0x00007FF739E54000-memory.dmp	UPX
behavioral2/memory/4616-323-0x00007FF672750000-0x00007FF672AA4000-memory.dmp	UPX
behavioral2/memory/928-320-0x00007FF749680000-0x00007FF7499D4000-memory.dmp	UPX
behavioral2/memory/4224-317-0x00007FF7431B0000-0x00007FF743504000-memory.dmp	UPX
behavioral2/memory/4260-314-0x00007FF749B00000-0x00007FF749E54000-memory.dmp	UPX
behavioral2/memory/544-311-0x00007FF619000000-0x00007FF619354000-memory.dmp	UPX
behavioral2/memory/3188-308-0x00007FF682100000-0x00007FF682454000-memory.dmp	UPX
behavioral2/memory/2132-305-0x00007FF77F7F0000-0x00007FF77FB44000-memory.dmp	UPX
behavioral2/memory/1596-300-0x00007FF7483D0000-0x00007FF748724000-memory.dmp	UPX
behavioral2/memory/3764-297-0x00007FF6F7DD0000-0x00007FF6F8124000-memory.dmp	UPX
behavioral2/memory/2500-294-0x00007FF6C16A0000-0x00007FF6C19F4000-memory.dmp	UPX
behavioral2/memory/3048-291-0x00007FF72F860000-0x00007FF72FBB4000-memory.dmp	UPX
behavioral2/memory/548-283-0x00007FF770440000-0x00007FF770794000-memory.dmp	UPX
behavioral2/memory/3088-278-0x00007FF62C230000-0x00007FF62C584000-memory.dmp	UPX
behavioral2/memory/3752-273-0x00007FF7B6F90000-0x00007FF7B72E4000-memory.dmp	UPX
behavioral2/memory/3596-270-0x00007FF6C1DB0000-0x00007FF6C2104000-memory.dmp	UPX
behavioral2/memory/3328-260-0x00007FF705DD0000-0x00007FF706124000-memory.dmp	UPX
behavioral2/memory/4972-255-0x00007FF706FA0000-0x00007FF7072F4000-memory.dmp	UPX
behavioral2/memory/3124-247-0x00007FF7C7650000-0x00007FF7C79A4000-memory.dmp	UPX
behavioral2/memory/3416-244-0x00007FF709140000-0x00007FF709494000-memory.dmp	UPX
behavioral2/memory/4684-239-0x00007FF67E7C0000-0x00007FF67EB14000-memory.dmp	UPX
behavioral2/memory/736-236-0x00007FF7049F0000-0x00007FF704D44000-memory.dmp	UPX
behavioral2/memory/1872-231-0x00007FF690740000-0x00007FF690A94000-memory.dmp	UPX
behavioral2/memory/2284-221-0x00007FF60FC90000-0x00007FF60FFE4000-memory.dmp	UPX
behavioral2/memory/2672-211-0x00007FF677990000-0x00007FF677CE4000-memory.dmp	UPX
behavioral2/memory/4280-206-0x00007FF6FFD20000-0x00007FF700074000-memory.dmp	UPX
behavioral2/memory/3348-201-0x00007FF6050F0000-0x00007FF605444000-memory.dmp	UPX
behavioral2/memory/636-196-0x00007FF617A30000-0x00007FF617D84000-memory.dmp	UPX
behavioral2/memory/3044-191-0x00007FF6D83D0000-0x00007FF6D8724000-memory.dmp	UPX
behavioral2/memory/1460-186-0x00007FF760270000-0x00007FF7605C4000-memory.dmp	UPX
behavioral2/memory/1012-178-0x00007FF7EB7B0000-0x00007FF7EBB04000-memory.dmp	UPX
behavioral2/memory/1516-173-0x00007FF75A220000-0x00007FF75A574000-memory.dmp	UPX
behavioral2/memory/4188-168-0x00007FF773090000-0x00007FF7733E4000-memory.dmp	UPX
behavioral2/files/0x0007000000023233-163.dat	UPX
behavioral2/memory/4360-161-0x00007FF746790000-0x00007FF746AE4000-memory.dmp	UPX
behavioral2/files/0x0007000000023232-158.dat	UPX
behavioral2/files/0x0007000000023230-157.dat	UPX
behavioral2/files/0x0007000000023231-154.dat	UPX
behavioral2/files/0x000700000002322f-153.dat	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3260-0-0x00007FF6EC1D0000-0x00007FF6EC524000-memory.dmp	xmrig
behavioral2/files/0x0007000000023214-5.dat	xmrig
behavioral2/files/0x0007000000023214-6.dat	xmrig
behavioral2/files/0x0007000000023216-9.dat	xmrig
behavioral2/memory/4728-11-0x00007FF694AD0000-0x00007FF694E24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023218-36.dat	xmrig
behavioral2/memory/312-43-0x00007FF688700000-0x00007FF688A54000-memory.dmp	xmrig
behavioral2/files/0x000700000002321d-52.dat	xmrig
behavioral2/memory/3720-60-0x00007FF75DE20000-0x00007FF75E174000-memory.dmp	xmrig
behavioral2/files/0x0007000000023220-69.dat	xmrig
behavioral2/files/0x0007000000023223-88.dat	xmrig
behavioral2/files/0x0007000000023226-112.dat	xmrig
behavioral2/memory/1728-125-0x00007FF625810000-0x00007FF625B64000-memory.dmp	xmrig
behavioral2/files/0x000700000002322d-136.dat	xmrig
behavioral2/files/0x0007000000023231-162.dat	xmrig
behavioral2/memory/4976-181-0x00007FF718060000-0x00007FF7183B4000-memory.dmp	xmrig
behavioral2/memory/3308-216-0x00007FF7D73F0000-0x00007FF7D7744000-memory.dmp	xmrig
behavioral2/memory/868-226-0x00007FF7550C0000-0x00007FF755414000-memory.dmp	xmrig
behavioral2/memory/3384-250-0x00007FF6B35F0000-0x00007FF6B3944000-memory.dmp	xmrig
behavioral2/memory/3312-265-0x00007FF64A470000-0x00007FF64A7C4000-memory.dmp	xmrig
behavioral2/memory/4336-288-0x00007FF6016E0000-0x00007FF601A34000-memory.dmp	xmrig
behavioral2/memory/1552-344-0x00007FF690620000-0x00007FF690974000-memory.dmp	xmrig
behavioral2/memory/3368-339-0x00007FF60D970000-0x00007FF60DCC4000-memory.dmp	xmrig
behavioral2/memory/4132-334-0x00007FF6102D0000-0x00007FF610624000-memory.dmp	xmrig
behavioral2/memory/3052-331-0x00007FF78F3A0000-0x00007FF78F6F4000-memory.dmp	xmrig
behavioral2/memory/2372-328-0x00007FF739B00000-0x00007FF739E54000-memory.dmp	xmrig
behavioral2/memory/4616-323-0x00007FF672750000-0x00007FF672AA4000-memory.dmp	xmrig
behavioral2/memory/928-320-0x00007FF749680000-0x00007FF7499D4000-memory.dmp	xmrig
behavioral2/memory/4224-317-0x00007FF7431B0000-0x00007FF743504000-memory.dmp	xmrig
behavioral2/memory/4260-314-0x00007FF749B00000-0x00007FF749E54000-memory.dmp	xmrig
behavioral2/memory/544-311-0x00007FF619000000-0x00007FF619354000-memory.dmp	xmrig
behavioral2/memory/3188-308-0x00007FF682100000-0x00007FF682454000-memory.dmp	xmrig
behavioral2/memory/2132-305-0x00007FF77F7F0000-0x00007FF77FB44000-memory.dmp	xmrig
behavioral2/memory/1596-300-0x00007FF7483D0000-0x00007FF748724000-memory.dmp	xmrig
behavioral2/memory/3764-297-0x00007FF6F7DD0000-0x00007FF6F8124000-memory.dmp	xmrig
behavioral2/memory/2500-294-0x00007FF6C16A0000-0x00007FF6C19F4000-memory.dmp	xmrig
behavioral2/memory/3048-291-0x00007FF72F860000-0x00007FF72FBB4000-memory.dmp	xmrig
behavioral2/memory/548-283-0x00007FF770440000-0x00007FF770794000-memory.dmp	xmrig
behavioral2/memory/3088-278-0x00007FF62C230000-0x00007FF62C584000-memory.dmp	xmrig
behavioral2/memory/3752-273-0x00007FF7B6F90000-0x00007FF7B72E4000-memory.dmp	xmrig
behavioral2/memory/3596-270-0x00007FF6C1DB0000-0x00007FF6C2104000-memory.dmp	xmrig
behavioral2/memory/3328-260-0x00007FF705DD0000-0x00007FF706124000-memory.dmp	xmrig
behavioral2/memory/4972-255-0x00007FF706FA0000-0x00007FF7072F4000-memory.dmp	xmrig
behavioral2/memory/3124-247-0x00007FF7C7650000-0x00007FF7C79A4000-memory.dmp	xmrig
behavioral2/memory/3416-244-0x00007FF709140000-0x00007FF709494000-memory.dmp	xmrig
behavioral2/memory/4684-239-0x00007FF67E7C0000-0x00007FF67EB14000-memory.dmp	xmrig
behavioral2/memory/736-236-0x00007FF7049F0000-0x00007FF704D44000-memory.dmp	xmrig
behavioral2/memory/1872-231-0x00007FF690740000-0x00007FF690A94000-memory.dmp	xmrig
behavioral2/memory/2284-221-0x00007FF60FC90000-0x00007FF60FFE4000-memory.dmp	xmrig
behavioral2/memory/2672-211-0x00007FF677990000-0x00007FF677CE4000-memory.dmp	xmrig
behavioral2/memory/4280-206-0x00007FF6FFD20000-0x00007FF700074000-memory.dmp	xmrig
behavioral2/memory/3348-201-0x00007FF6050F0000-0x00007FF605444000-memory.dmp	xmrig
behavioral2/memory/636-196-0x00007FF617A30000-0x00007FF617D84000-memory.dmp	xmrig
behavioral2/memory/3044-191-0x00007FF6D83D0000-0x00007FF6D8724000-memory.dmp	xmrig
behavioral2/memory/1460-186-0x00007FF760270000-0x00007FF7605C4000-memory.dmp	xmrig
behavioral2/memory/1012-178-0x00007FF7EB7B0000-0x00007FF7EBB04000-memory.dmp	xmrig
behavioral2/memory/1516-173-0x00007FF75A220000-0x00007FF75A574000-memory.dmp	xmrig
behavioral2/memory/4188-168-0x00007FF773090000-0x00007FF7733E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023233-163.dat	xmrig
behavioral2/memory/4360-161-0x00007FF746790000-0x00007FF746AE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023232-158.dat	xmrig
behavioral2/files/0x0007000000023230-157.dat	xmrig
behavioral2/files/0x0007000000023231-154.dat	xmrig
behavioral2/files/0x000700000002322f-153.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4728	eFYbWQP.exe
1332	SPZRLaZ.exe
1884	ehWRvvE.exe
2164	cqMhcwn.exe
312	nDgdnmk.exe
3536	TIEftXW.exe
3000	VZKEtpq.exe
3720	kcbZXmX.exe
3256	PrKgIFE.exe
1544	LCdRdCw.exe
4008	xWLDrDl.exe
5092	yqPCOGj.exe
4888	ZNnYRrc.exe
2176	HrZQTkT.exe
2200	ohDnIkN.exe
1728	evZEXOj.exe
3384	QHrWMtO.exe
2224	OSHtTyc.exe
4972	qCTQBPY.exe
3328	JSiuqQz.exe
3020	LqVWrpN.exe
3312	QWSgESV.exe
3596	oCayzKM.exe
3752	ilzrvQr.exe
4800	CsHzcnU.exe
3088	pEYStpM.exe
4360	TORpzeF.exe
548	BXJsNOA.exe
4188	ciLKgPx.exe
4336	QqFiScp.exe
1516	yRkfWyJ.exe
3048	WQCUMSQ.exe
1012	rCKzkru.exe
2500	fgyyIhr.exe
4976	LgpcHVY.exe
3764	nqeIhWP.exe
1460	viAxnmK.exe
1596	BXimfSs.exe
3044	vDBypHb.exe
2132	kdREQMS.exe
3188	zlyHDVM.exe
636	ONTvzTM.exe
544	eCzUUMk.exe
3348	lWrWWMo.exe
4260	olcKcPk.exe
4280	fYERZGK.exe
4224	CWtKuFl.exe
2672	TJdOQDT.exe
928	xjNQCvk.exe
3308	jvezNtb.exe
4616	tghVAGa.exe
2284	oioQoSO.exe
2372	TJjzsTA.exe
868	lnjCdtR.exe
3052	dWwMnZM.exe
1872	bpnjNlF.exe
4132	zhwKtHp.exe
736	OGmZIrR.exe
3368	XeCkEPQ.exe
4684	qDvvAwG.exe
1552	nRllgOT.exe
3416	XQcEpMS.exe
4300	bBhAVuP.exe
4100	LjJBTch.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3260-0-0x00007FF6EC1D0000-0x00007FF6EC524000-memory.dmp	upx
behavioral2/files/0x0007000000023214-5.dat	upx
behavioral2/files/0x0007000000023214-6.dat	upx
behavioral2/files/0x0007000000023216-9.dat	upx
behavioral2/memory/4728-11-0x00007FF694AD0000-0x00007FF694E24000-memory.dmp	upx
behavioral2/files/0x0007000000023218-36.dat	upx
behavioral2/memory/312-43-0x00007FF688700000-0x00007FF688A54000-memory.dmp	upx
behavioral2/files/0x000700000002321d-52.dat	upx
behavioral2/memory/3720-60-0x00007FF75DE20000-0x00007FF75E174000-memory.dmp	upx
behavioral2/files/0x0007000000023220-69.dat	upx
behavioral2/files/0x0007000000023223-88.dat	upx
behavioral2/files/0x0007000000023226-112.dat	upx
behavioral2/memory/1728-125-0x00007FF625810000-0x00007FF625B64000-memory.dmp	upx
behavioral2/files/0x000700000002322d-136.dat	upx
behavioral2/files/0x0007000000023231-162.dat	upx
behavioral2/memory/4976-181-0x00007FF718060000-0x00007FF7183B4000-memory.dmp	upx
behavioral2/memory/3308-216-0x00007FF7D73F0000-0x00007FF7D7744000-memory.dmp	upx
behavioral2/memory/868-226-0x00007FF7550C0000-0x00007FF755414000-memory.dmp	upx
behavioral2/memory/3384-250-0x00007FF6B35F0000-0x00007FF6B3944000-memory.dmp	upx
behavioral2/memory/3312-265-0x00007FF64A470000-0x00007FF64A7C4000-memory.dmp	upx
behavioral2/memory/4336-288-0x00007FF6016E0000-0x00007FF601A34000-memory.dmp	upx
behavioral2/memory/1552-344-0x00007FF690620000-0x00007FF690974000-memory.dmp	upx
behavioral2/memory/3368-339-0x00007FF60D970000-0x00007FF60DCC4000-memory.dmp	upx
behavioral2/memory/4132-334-0x00007FF6102D0000-0x00007FF610624000-memory.dmp	upx
behavioral2/memory/3052-331-0x00007FF78F3A0000-0x00007FF78F6F4000-memory.dmp	upx
behavioral2/memory/2372-328-0x00007FF739B00000-0x00007FF739E54000-memory.dmp	upx
behavioral2/memory/4616-323-0x00007FF672750000-0x00007FF672AA4000-memory.dmp	upx
behavioral2/memory/928-320-0x00007FF749680000-0x00007FF7499D4000-memory.dmp	upx
behavioral2/memory/4224-317-0x00007FF7431B0000-0x00007FF743504000-memory.dmp	upx
behavioral2/memory/4260-314-0x00007FF749B00000-0x00007FF749E54000-memory.dmp	upx
behavioral2/memory/544-311-0x00007FF619000000-0x00007FF619354000-memory.dmp	upx
behavioral2/memory/3188-308-0x00007FF682100000-0x00007FF682454000-memory.dmp	upx
behavioral2/memory/2132-305-0x00007FF77F7F0000-0x00007FF77FB44000-memory.dmp	upx
behavioral2/memory/1596-300-0x00007FF7483D0000-0x00007FF748724000-memory.dmp	upx
behavioral2/memory/3764-297-0x00007FF6F7DD0000-0x00007FF6F8124000-memory.dmp	upx
behavioral2/memory/2500-294-0x00007FF6C16A0000-0x00007FF6C19F4000-memory.dmp	upx
behavioral2/memory/3048-291-0x00007FF72F860000-0x00007FF72FBB4000-memory.dmp	upx
behavioral2/memory/548-283-0x00007FF770440000-0x00007FF770794000-memory.dmp	upx
behavioral2/memory/3088-278-0x00007FF62C230000-0x00007FF62C584000-memory.dmp	upx
behavioral2/memory/3752-273-0x00007FF7B6F90000-0x00007FF7B72E4000-memory.dmp	upx
behavioral2/memory/3596-270-0x00007FF6C1DB0000-0x00007FF6C2104000-memory.dmp	upx
behavioral2/memory/3328-260-0x00007FF705DD0000-0x00007FF706124000-memory.dmp	upx
behavioral2/memory/4972-255-0x00007FF706FA0000-0x00007FF7072F4000-memory.dmp	upx
behavioral2/memory/3124-247-0x00007FF7C7650000-0x00007FF7C79A4000-memory.dmp	upx
behavioral2/memory/3416-244-0x00007FF709140000-0x00007FF709494000-memory.dmp	upx
behavioral2/memory/4684-239-0x00007FF67E7C0000-0x00007FF67EB14000-memory.dmp	upx
behavioral2/memory/736-236-0x00007FF7049F0000-0x00007FF704D44000-memory.dmp	upx
behavioral2/memory/1872-231-0x00007FF690740000-0x00007FF690A94000-memory.dmp	upx
behavioral2/memory/2284-221-0x00007FF60FC90000-0x00007FF60FFE4000-memory.dmp	upx
behavioral2/memory/2672-211-0x00007FF677990000-0x00007FF677CE4000-memory.dmp	upx
behavioral2/memory/4280-206-0x00007FF6FFD20000-0x00007FF700074000-memory.dmp	upx
behavioral2/memory/3348-201-0x00007FF6050F0000-0x00007FF605444000-memory.dmp	upx
behavioral2/memory/636-196-0x00007FF617A30000-0x00007FF617D84000-memory.dmp	upx
behavioral2/memory/3044-191-0x00007FF6D83D0000-0x00007FF6D8724000-memory.dmp	upx
behavioral2/memory/1460-186-0x00007FF760270000-0x00007FF7605C4000-memory.dmp	upx
behavioral2/memory/1012-178-0x00007FF7EB7B0000-0x00007FF7EBB04000-memory.dmp	upx
behavioral2/memory/1516-173-0x00007FF75A220000-0x00007FF75A574000-memory.dmp	upx
behavioral2/memory/4188-168-0x00007FF773090000-0x00007FF7733E4000-memory.dmp	upx
behavioral2/files/0x0007000000023233-163.dat	upx
behavioral2/memory/4360-161-0x00007FF746790000-0x00007FF746AE4000-memory.dmp	upx
behavioral2/files/0x0007000000023232-158.dat	upx
behavioral2/files/0x0007000000023230-157.dat	upx
behavioral2/files/0x0007000000023231-154.dat	upx
behavioral2/files/0x000700000002322f-153.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BqmpbiV.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\dbTnMgs.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\BXJsNOA.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\zlyHDVM.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\BAzieYP.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\WlRuETM.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\cOlEcYL.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\RiBEaRb.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\UeCzNwD.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\sBsaxSv.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\dNRVoVx.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\fpeauPX.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\PtWYnIY.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\NUNZCkN.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\xAgnZHl.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\SZPXnGu.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ZJixUBW.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\LqVWrpN.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\oNITKak.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\DFHwkgk.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\QbhwcjW.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\WIcouqb.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\QGioLYz.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\NCKnprx.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\WbnHfMq.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\hdwhsGw.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\qnhYmhK.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\SPZRLaZ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\nYPANmu.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\dmQxzeM.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\zECPJWK.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\iWCFhvA.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ZdPXjJT.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\dvWSnoq.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\tmBkmXV.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\VVMMWrn.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\RXehLmJ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\jnhKHwj.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\XAzEiKi.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\StWiuFB.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\PRiayrj.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\BKrbuxU.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\HrPylEx.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\FIsrCwT.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ZOCXCat.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\wesiYAZ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ETuadow.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\jvezNtb.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\IQnbYIu.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\aupyttH.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\eBtvoNc.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\EXKiIOU.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\Crwcuar.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\NQOZGtj.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ZvhqaGc.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\cCxTPRo.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\OQepZrK.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\mCuvyWP.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ZgHwdul.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\VijRXBk.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\TaEzFQU.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\iwUKbjA.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\MOCGztJ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\bnBDSGb.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1332	dwm.exe
Token: SeChangeNotifyPrivilege	1332	dwm.exe
Token: 33	1332	dwm.exe
Token: SeIncBasePriorityPrivilege	1332	dwm.exe
Token: SeShutdownPrivilege	1332	dwm.exe
Token: SeCreatePagefilePrivilege	1332	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 4728	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	89
PID 3260 wrote to memory of 4728	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	89
PID 3260 wrote to memory of 1332	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	90
PID 3260 wrote to memory of 1332	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	90
PID 3260 wrote to memory of 1884	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	91
PID 3260 wrote to memory of 1884	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	91
PID 3260 wrote to memory of 2164	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	92
PID 3260 wrote to memory of 2164	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	92
PID 3260 wrote to memory of 312	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	93
PID 3260 wrote to memory of 312	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	93
PID 3260 wrote to memory of 3536	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	94
PID 3260 wrote to memory of 3536	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	94
PID 3260 wrote to memory of 3000	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	95
PID 3260 wrote to memory of 3000	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	95
PID 3260 wrote to memory of 3720	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	96
PID 3260 wrote to memory of 3720	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	96
PID 3260 wrote to memory of 3256	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	97
PID 3260 wrote to memory of 3256	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	97
PID 3260 wrote to memory of 1544	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	98
PID 3260 wrote to memory of 1544	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	98
PID 3260 wrote to memory of 4008	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	99
PID 3260 wrote to memory of 4008	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	99
PID 3260 wrote to memory of 5092	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	100
PID 3260 wrote to memory of 5092	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	100
PID 3260 wrote to memory of 4888	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	101
PID 3260 wrote to memory of 4888	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	101
PID 3260 wrote to memory of 2176	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	102
PID 3260 wrote to memory of 2176	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	102
PID 3260 wrote to memory of 2200	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	103
PID 3260 wrote to memory of 2200	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	103
PID 3260 wrote to memory of 1728	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	104
PID 3260 wrote to memory of 1728	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	104
PID 3260 wrote to memory of 3384	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	105
PID 3260 wrote to memory of 3384	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	105
PID 3260 wrote to memory of 2224	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	106
PID 3260 wrote to memory of 2224	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	106
PID 3260 wrote to memory of 4972	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	107
PID 3260 wrote to memory of 4972	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	107
PID 3260 wrote to memory of 3328	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	108
PID 3260 wrote to memory of 3328	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	108
PID 3260 wrote to memory of 3020	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	109
PID 3260 wrote to memory of 3020	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	109
PID 3260 wrote to memory of 3312	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	110
PID 3260 wrote to memory of 3312	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	110
PID 3260 wrote to memory of 3596	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	111
PID 3260 wrote to memory of 3596	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	111
PID 3260 wrote to memory of 3752	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	112
PID 3260 wrote to memory of 3752	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	112
PID 3260 wrote to memory of 4800	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	113
PID 3260 wrote to memory of 4800	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	113
PID 3260 wrote to memory of 3088	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	114
PID 3260 wrote to memory of 3088	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	114
PID 3260 wrote to memory of 4360	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	115
PID 3260 wrote to memory of 4360	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	115
PID 3260 wrote to memory of 548	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	116
PID 3260 wrote to memory of 548	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	116
PID 3260 wrote to memory of 4188	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	117
PID 3260 wrote to memory of 4188	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	117
PID 3260 wrote to memory of 4336	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	118
PID 3260 wrote to memory of 4336	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	118
PID 3260 wrote to memory of 1516	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	119
PID 3260 wrote to memory of 1516	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	119
PID 3260 wrote to memory of 3048	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	120
PID 3260 wrote to memory of 3048	3260	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	120

C:\Users\Admin\AppData\Local\Temp\eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
"C:\Users\Admin\AppData\Local\Temp\eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Windows\System\eFYbWQP.exe
  C:\Windows\System\eFYbWQP.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\SPZRLaZ.exe
  C:\Windows\System\SPZRLaZ.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\ehWRvvE.exe
  C:\Windows\System\ehWRvvE.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\cqMhcwn.exe
  C:\Windows\System\cqMhcwn.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\nDgdnmk.exe
  C:\Windows\System\nDgdnmk.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\TIEftXW.exe
  C:\Windows\System\TIEftXW.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\VZKEtpq.exe
  C:\Windows\System\VZKEtpq.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\kcbZXmX.exe
  C:\Windows\System\kcbZXmX.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\PrKgIFE.exe
  C:\Windows\System\PrKgIFE.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\LCdRdCw.exe
  C:\Windows\System\LCdRdCw.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\xWLDrDl.exe
  C:\Windows\System\xWLDrDl.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\yqPCOGj.exe
  C:\Windows\System\yqPCOGj.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\ZNnYRrc.exe
  C:\Windows\System\ZNnYRrc.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\HrZQTkT.exe
  C:\Windows\System\HrZQTkT.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\ohDnIkN.exe
  C:\Windows\System\ohDnIkN.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\evZEXOj.exe
  C:\Windows\System\evZEXOj.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\QHrWMtO.exe
  C:\Windows\System\QHrWMtO.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\OSHtTyc.exe
  C:\Windows\System\OSHtTyc.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\qCTQBPY.exe
  C:\Windows\System\qCTQBPY.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\JSiuqQz.exe
  C:\Windows\System\JSiuqQz.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\LqVWrpN.exe
  C:\Windows\System\LqVWrpN.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\QWSgESV.exe
  C:\Windows\System\QWSgESV.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\oCayzKM.exe
  C:\Windows\System\oCayzKM.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\ilzrvQr.exe
  C:\Windows\System\ilzrvQr.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\CsHzcnU.exe
  C:\Windows\System\CsHzcnU.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\pEYStpM.exe
  C:\Windows\System\pEYStpM.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\TORpzeF.exe
  C:\Windows\System\TORpzeF.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\BXJsNOA.exe
  C:\Windows\System\BXJsNOA.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\ciLKgPx.exe
  C:\Windows\System\ciLKgPx.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\QqFiScp.exe
  C:\Windows\System\QqFiScp.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\yRkfWyJ.exe
  C:\Windows\System\yRkfWyJ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\WQCUMSQ.exe
  C:\Windows\System\WQCUMSQ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\rCKzkru.exe
  C:\Windows\System\rCKzkru.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\fgyyIhr.exe
  C:\Windows\System\fgyyIhr.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\LgpcHVY.exe
  C:\Windows\System\LgpcHVY.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\nqeIhWP.exe
  C:\Windows\System\nqeIhWP.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\viAxnmK.exe
  C:\Windows\System\viAxnmK.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\BXimfSs.exe
  C:\Windows\System\BXimfSs.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\vDBypHb.exe
  C:\Windows\System\vDBypHb.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\kdREQMS.exe
  C:\Windows\System\kdREQMS.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\zlyHDVM.exe
  C:\Windows\System\zlyHDVM.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\ONTvzTM.exe
  C:\Windows\System\ONTvzTM.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\eCzUUMk.exe
  C:\Windows\System\eCzUUMk.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\lWrWWMo.exe
  C:\Windows\System\lWrWWMo.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\olcKcPk.exe
  C:\Windows\System\olcKcPk.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\fYERZGK.exe
  C:\Windows\System\fYERZGK.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\CWtKuFl.exe
  C:\Windows\System\CWtKuFl.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\TJdOQDT.exe
  C:\Windows\System\TJdOQDT.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\xjNQCvk.exe
  C:\Windows\System\xjNQCvk.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\jvezNtb.exe
  C:\Windows\System\jvezNtb.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\tghVAGa.exe
  C:\Windows\System\tghVAGa.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\oioQoSO.exe
  C:\Windows\System\oioQoSO.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\TJjzsTA.exe
  C:\Windows\System\TJjzsTA.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\lnjCdtR.exe
  C:\Windows\System\lnjCdtR.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\dWwMnZM.exe
  C:\Windows\System\dWwMnZM.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\bpnjNlF.exe
  C:\Windows\System\bpnjNlF.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\zhwKtHp.exe
  C:\Windows\System\zhwKtHp.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\OGmZIrR.exe
  C:\Windows\System\OGmZIrR.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\XeCkEPQ.exe
  C:\Windows\System\XeCkEPQ.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\qDvvAwG.exe
  C:\Windows\System\qDvvAwG.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\nRllgOT.exe
  C:\Windows\System\nRllgOT.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\XQcEpMS.exe
  C:\Windows\System\XQcEpMS.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\bBhAVuP.exe
  C:\Windows\System\bBhAVuP.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\LjJBTch.exe
  C:\Windows\System\LjJBTch.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\oBgVvOv.exe
  C:\Windows\System\oBgVvOv.exe
  2⤵
  PID:3124
- C:\Windows\System\qykehUd.exe
  C:\Windows\System\qykehUd.exe
  2⤵
  PID:4796
- C:\Windows\System\CqZxUHI.exe
  C:\Windows\System\CqZxUHI.exe
  2⤵
  PID:5136
- C:\Windows\System\cMXtPHQ.exe
  C:\Windows\System\cMXtPHQ.exe
  2⤵
  PID:5164
- C:\Windows\System\ZvhqaGc.exe
  C:\Windows\System\ZvhqaGc.exe
  2⤵
  PID:5192
- C:\Windows\System\WIcouqb.exe
  C:\Windows\System\WIcouqb.exe
  2⤵
  PID:5216
- C:\Windows\System\iwWVAfJ.exe
  C:\Windows\System\iwWVAfJ.exe
  2⤵
  PID:5244
- C:\Windows\System\lPTUWjF.exe
  C:\Windows\System\lPTUWjF.exe
  2⤵
  PID:5268
- C:\Windows\System\nGamcRP.exe
  C:\Windows\System\nGamcRP.exe
  2⤵
  PID:5300
- C:\Windows\System\aQTwPai.exe
  C:\Windows\System\aQTwPai.exe
  2⤵
  PID:5324
- C:\Windows\System\IQnbYIu.exe
  C:\Windows\System\IQnbYIu.exe
  2⤵
  PID:5352
- C:\Windows\System\jsakvVa.exe
  C:\Windows\System\jsakvVa.exe
  2⤵
  PID:5376
- C:\Windows\System\NpirvDk.exe
  C:\Windows\System\NpirvDk.exe
  2⤵
  PID:5404
- C:\Windows\System\TpAxmtv.exe
  C:\Windows\System\TpAxmtv.exe
  2⤵
  PID:5432
- C:\Windows\System\JhMGADR.exe
  C:\Windows\System\JhMGADR.exe
  2⤵
  PID:5456
- C:\Windows\System\zklpHRd.exe
  C:\Windows\System\zklpHRd.exe
  2⤵
  PID:5484
- C:\Windows\System\iPcHQbZ.exe
  C:\Windows\System\iPcHQbZ.exe
  2⤵
  PID:5508
- C:\Windows\System\caxJiFN.exe
  C:\Windows\System\caxJiFN.exe
  2⤵
  PID:5536
- C:\Windows\System\bxOSBCP.exe
  C:\Windows\System\bxOSBCP.exe
  2⤵
  PID:5560
- C:\Windows\System\zWvfJBt.exe
  C:\Windows\System\zWvfJBt.exe
  2⤵
  PID:5588
- C:\Windows\System\qNUpvVw.exe
  C:\Windows\System\qNUpvVw.exe
  2⤵
  PID:5616
- C:\Windows\System\bWeYzKt.exe
  C:\Windows\System\bWeYzKt.exe
  2⤵
  PID:5644
- C:\Windows\System\nareKFD.exe
  C:\Windows\System\nareKFD.exe
  2⤵
  PID:5672
- C:\Windows\System\eYttnhD.exe
  C:\Windows\System\eYttnhD.exe
  2⤵
  PID:5700
- C:\Windows\System\fXEGopf.exe
  C:\Windows\System\fXEGopf.exe
  2⤵
  PID:5724
- C:\Windows\System\nfSKdwk.exe
  C:\Windows\System\nfSKdwk.exe
  2⤵
  PID:5752
- C:\Windows\System\StWiuFB.exe
  C:\Windows\System\StWiuFB.exe
  2⤵
  PID:5780
- C:\Windows\System\DGdWmmP.exe
  C:\Windows\System\DGdWmmP.exe
  2⤵
  PID:5808
- C:\Windows\System\yFgBXIP.exe
  C:\Windows\System\yFgBXIP.exe
  2⤵
  PID:5836
- C:\Windows\System\BkeXdWc.exe
  C:\Windows\System\BkeXdWc.exe
  2⤵
  PID:5864
- C:\Windows\System\rhWFhJQ.exe
  C:\Windows\System\rhWFhJQ.exe
  2⤵
  PID:5892
- C:\Windows\System\BkwMMNu.exe
  C:\Windows\System\BkwMMNu.exe
  2⤵
  PID:5920
- C:\Windows\System\woVZMEq.exe
  C:\Windows\System\woVZMEq.exe
  2⤵
  PID:5944
- C:\Windows\System\uaMsVmj.exe
  C:\Windows\System\uaMsVmj.exe
  2⤵
  PID:5972
- C:\Windows\System\vraZoZg.exe
  C:\Windows\System\vraZoZg.exe
  2⤵
  PID:6000
- C:\Windows\System\VVMMWrn.exe
  C:\Windows\System\VVMMWrn.exe
  2⤵
  PID:6028
- C:\Windows\System\fnalwdg.exe
  C:\Windows\System\fnalwdg.exe
  2⤵
  PID:6052
- C:\Windows\System\WAJXjZZ.exe
  C:\Windows\System\WAJXjZZ.exe
  2⤵
  PID:6080
- C:\Windows\System\kGtlNOf.exe
  C:\Windows\System\kGtlNOf.exe
  2⤵
  PID:6104
- C:\Windows\System\AGcpLEZ.exe
  C:\Windows\System\AGcpLEZ.exe
  2⤵
  PID:6132
- C:\Windows\System\jjuQIeJ.exe
  C:\Windows\System\jjuQIeJ.exe
  2⤵
  PID:3432
- C:\Windows\System\RXehLmJ.exe
  C:\Windows\System\RXehLmJ.exe
  2⤵
  PID:1208
- C:\Windows\System\DshrSrw.exe
  C:\Windows\System\DshrSrw.exe
  2⤵
  PID:5128
- C:\Windows\System\DDCLkAN.exe
  C:\Windows\System\DDCLkAN.exe
  2⤵
  PID:5212
- C:\Windows\System\XDGTCmh.exe
  C:\Windows\System\XDGTCmh.exe
  2⤵
  PID:5316
- C:\Windows\System\rRknFQD.exe
  C:\Windows\System\rRknFQD.exe
  2⤵
  PID:5400
- C:\Windows\System\NwwFBCd.exe
  C:\Windows\System\NwwFBCd.exe
  2⤵
  PID:5480
- C:\Windows\System\ufjDnss.exe
  C:\Windows\System\ufjDnss.exe
  2⤵
  PID:5580
- C:\Windows\System\NBEmpQC.exe
  C:\Windows\System\NBEmpQC.exe
  2⤵
  PID:5668
- C:\Windows\System\QdjREfB.exe
  C:\Windows\System\QdjREfB.exe
  2⤵
  PID:4568
- C:\Windows\System\paQgQtq.exe
  C:\Windows\System\paQgQtq.exe
  2⤵
  PID:5832
- C:\Windows\System\kDIuKRz.exe
  C:\Windows\System\kDIuKRz.exe
  2⤵
  PID:5912
- C:\Windows\System\UZfCaRS.exe
  C:\Windows\System\UZfCaRS.exe
  2⤵
  PID:5996
- C:\Windows\System\CZOmUQF.exe
  C:\Windows\System\CZOmUQF.exe
  2⤵
  PID:6076
- C:\Windows\System\cCxTPRo.exe
  C:\Windows\System\cCxTPRo.exe
  2⤵
  PID:4504
- C:\Windows\System\ejRWhWJ.exe
  C:\Windows\System\ejRWhWJ.exe
  2⤵
  PID:1732
- C:\Windows\System\wEWvvaV.exe
  C:\Windows\System\wEWvvaV.exe
  2⤵
  PID:5296
- C:\Windows\System\BSyIpLk.exe
  C:\Windows\System\BSyIpLk.exe
  2⤵
  PID:6168
- C:\Windows\System\bpoINEv.exe
  C:\Windows\System\bpoINEv.exe
  2⤵
  PID:6192
- C:\Windows\System\FNrwaMb.exe
  C:\Windows\System\FNrwaMb.exe
  2⤵
  PID:6216
- C:\Windows\System\oveqzvJ.exe
  C:\Windows\System\oveqzvJ.exe
  2⤵
  PID:6240
- C:\Windows\System\MatLtzb.exe
  C:\Windows\System\MatLtzb.exe
  2⤵
  PID:6264
- C:\Windows\System\KHJfuUS.exe
  C:\Windows\System\KHJfuUS.exe
  2⤵
  PID:6288
- C:\Windows\System\fQYoplG.exe
  C:\Windows\System\fQYoplG.exe
  2⤵
  PID:6312
- C:\Windows\System\yVdAzZv.exe
  C:\Windows\System\yVdAzZv.exe
  2⤵
  PID:6336
- C:\Windows\System\oSONqMO.exe
  C:\Windows\System\oSONqMO.exe
  2⤵
  PID:6360
- C:\Windows\System\hsucVTg.exe
  C:\Windows\System\hsucVTg.exe
  2⤵
  PID:6384
- C:\Windows\System\oRUSfOc.exe
  C:\Windows\System\oRUSfOc.exe
  2⤵
  PID:6408
- C:\Windows\System\BJpJGGA.exe
  C:\Windows\System\BJpJGGA.exe
  2⤵
  PID:6432
- C:\Windows\System\RzJtJfI.exe
  C:\Windows\System\RzJtJfI.exe
  2⤵
  PID:6456
- C:\Windows\System\fuyqVXv.exe
  C:\Windows\System\fuyqVXv.exe
  2⤵
  PID:6480
- C:\Windows\System\czpOaLc.exe
  C:\Windows\System\czpOaLc.exe
  2⤵
  PID:6504
- C:\Windows\System\jAfuXXZ.exe
  C:\Windows\System\jAfuXXZ.exe
  2⤵
  PID:6528
- C:\Windows\System\DjQuZut.exe
  C:\Windows\System\DjQuZut.exe
  2⤵
  PID:6552
- C:\Windows\System\hSLZcBx.exe
  C:\Windows\System\hSLZcBx.exe
  2⤵
  PID:6576
- C:\Windows\System\UpxnClZ.exe
  C:\Windows\System\UpxnClZ.exe
  2⤵
  PID:6600
- C:\Windows\System\DiDFJeG.exe
  C:\Windows\System\DiDFJeG.exe
  2⤵
  PID:6624
- C:\Windows\System\DKsVuMu.exe
  C:\Windows\System\DKsVuMu.exe
  2⤵
  PID:6648
- C:\Windows\System\aIipWvp.exe
  C:\Windows\System\aIipWvp.exe
  2⤵
  PID:6672
- C:\Windows\System\HvYMwoA.exe
  C:\Windows\System\HvYMwoA.exe
  2⤵
  PID:6696
- C:\Windows\System\cjNFKyD.exe
  C:\Windows\System\cjNFKyD.exe
  2⤵
  PID:6720
- C:\Windows\System\gWlYIej.exe
  C:\Windows\System\gWlYIej.exe
  2⤵
  PID:6740
- C:\Windows\System\aupyttH.exe
  C:\Windows\System\aupyttH.exe
  2⤵
  PID:6768
- C:\Windows\System\FZWNSnq.exe
  C:\Windows\System\FZWNSnq.exe
  2⤵
  PID:6788
- C:\Windows\System\ceBCalh.exe
  C:\Windows\System\ceBCalh.exe
  2⤵
  PID:6816
- C:\Windows\System\axARILh.exe
  C:\Windows\System\axARILh.exe
  2⤵
  PID:6840
- C:\Windows\System\pmAguqh.exe
  C:\Windows\System\pmAguqh.exe
  2⤵
  PID:6864
- C:\Windows\System\jRbObCr.exe
  C:\Windows\System\jRbObCr.exe
  2⤵
  PID:6888
- C:\Windows\System\sjCiugp.exe
  C:\Windows\System\sjCiugp.exe
  2⤵
  PID:6912
- C:\Windows\System\nYPANmu.exe
  C:\Windows\System\nYPANmu.exe
  2⤵
  PID:6936
- C:\Windows\System\exGVFPy.exe
  C:\Windows\System\exGVFPy.exe
  2⤵
  PID:6956
- C:\Windows\System\ucFpJne.exe
  C:\Windows\System\ucFpJne.exe
  2⤵
  PID:6984
- C:\Windows\System\unILaYa.exe
  C:\Windows\System\unILaYa.exe
  2⤵
  PID:7008
- C:\Windows\System\GOnQpbn.exe
  C:\Windows\System\GOnQpbn.exe
  2⤵
  PID:7032
- C:\Windows\System\kscPVee.exe
  C:\Windows\System\kscPVee.exe
  2⤵
  PID:7056
- C:\Windows\System\CXJWFIu.exe
  C:\Windows\System\CXJWFIu.exe
  2⤵
  PID:7080
- C:\Windows\System\IBMNndl.exe
  C:\Windows\System\IBMNndl.exe
  2⤵
  PID:7104
- C:\Windows\System\vpKZPvJ.exe
  C:\Windows\System\vpKZPvJ.exe
  2⤵
  PID:7128
- C:\Windows\System\BojVtVx.exe
  C:\Windows\System\BojVtVx.exe
  2⤵
  PID:7152
- C:\Windows\System\PQbCqFD.exe
  C:\Windows\System\PQbCqFD.exe
  2⤵
  PID:5396
- C:\Windows\System\oNITKak.exe
  C:\Windows\System\oNITKak.exe
  2⤵
  PID:5556
- C:\Windows\System\AllJAAN.exe
  C:\Windows\System\AllJAAN.exe
  2⤵
  PID:5744
- C:\Windows\System\VFeQfyH.exe
  C:\Windows\System\VFeQfyH.exe
  2⤵
  PID:5936
- C:\Windows\System\uhCfeIB.exe
  C:\Windows\System\uhCfeIB.exe
  2⤵
  PID:6100
- C:\Windows\System\XywKIFJ.exe
  C:\Windows\System\XywKIFJ.exe
  2⤵
  PID:5208
- C:\Windows\System\jnhKHwj.exe
  C:\Windows\System\jnhKHwj.exe
  2⤵
  PID:6204
- C:\Windows\System\VfXZVRp.exe
  C:\Windows\System\VfXZVRp.exe
  2⤵
  PID:6276
- C:\Windows\System\wQfkdph.exe
  C:\Windows\System\wQfkdph.exe
  2⤵
  PID:6348
- C:\Windows\System\UjPiRmf.exe
  C:\Windows\System\UjPiRmf.exe
  2⤵
  PID:6396
- C:\Windows\System\zOdfjgk.exe
  C:\Windows\System\zOdfjgk.exe
  2⤵
  PID:6520
- C:\Windows\System\gltxKVI.exe
  C:\Windows\System\gltxKVI.exe
  2⤵
  PID:6568
- C:\Windows\System\OPwqqEh.exe
  C:\Windows\System\OPwqqEh.exe
  2⤵
  PID:6616
- C:\Windows\System\dmQxzeM.exe
  C:\Windows\System\dmQxzeM.exe
  2⤵
  PID:6688
- C:\Windows\System\oNzNnEA.exe
  C:\Windows\System\oNzNnEA.exe
  2⤵
  PID:6756
- C:\Windows\System\bmRhggO.exe
  C:\Windows\System\bmRhggO.exe
  2⤵
  PID:6852
- C:\Windows\System\oUZlCeQ.exe
  C:\Windows\System\oUZlCeQ.exe
  2⤵
  PID:6924
- C:\Windows\System\jjyvPSG.exe
  C:\Windows\System\jjyvPSG.exe
  2⤵
  PID:6972
- C:\Windows\System\cmzDskE.exe
  C:\Windows\System\cmzDskE.exe
  2⤵
  PID:7020
- C:\Windows\System\GSUjMrI.exe
  C:\Windows\System\GSUjMrI.exe
  2⤵
  PID:7172
- C:\Windows\System\GTudZbW.exe
  C:\Windows\System\GTudZbW.exe
  2⤵
  PID:7196
- C:\Windows\System\NXVtKeB.exe
  C:\Windows\System\NXVtKeB.exe
  2⤵
  PID:7220
- C:\Windows\System\iwUKbjA.exe
  C:\Windows\System\iwUKbjA.exe
  2⤵
  PID:7244
- C:\Windows\System\hyijBIG.exe
  C:\Windows\System\hyijBIG.exe
  2⤵
  PID:7268
- C:\Windows\System\DbYJuXX.exe
  C:\Windows\System\DbYJuXX.exe
  2⤵
  PID:7292
- C:\Windows\System\MoapHwY.exe
  C:\Windows\System\MoapHwY.exe
  2⤵
  PID:7316
- C:\Windows\System\BAzieYP.exe
  C:\Windows\System\BAzieYP.exe
  2⤵
  PID:7340
- C:\Windows\System\iYbSygc.exe
  C:\Windows\System\iYbSygc.exe
  2⤵
  PID:7364
- C:\Windows\System\prLOshI.exe
  C:\Windows\System\prLOshI.exe
  2⤵
  PID:7388
- C:\Windows\System\ZgHwdul.exe
  C:\Windows\System\ZgHwdul.exe
  2⤵
  PID:7412
- C:\Windows\System\jUPLYZE.exe
  C:\Windows\System\jUPLYZE.exe
  2⤵
  PID:7436
- C:\Windows\System\OQepZrK.exe
  C:\Windows\System\OQepZrK.exe
  2⤵
  PID:7460
- C:\Windows\System\NelsCQH.exe
  C:\Windows\System\NelsCQH.exe
  2⤵
  PID:7484
- C:\Windows\System\cMrChWe.exe
  C:\Windows\System\cMrChWe.exe
  2⤵
  PID:7508
- C:\Windows\System\xyAgqRM.exe
  C:\Windows\System\xyAgqRM.exe
  2⤵
  PID:7532
- C:\Windows\System\hdgMZAk.exe
  C:\Windows\System\hdgMZAk.exe
  2⤵
  PID:7556
- C:\Windows\System\VJXOZzo.exe
  C:\Windows\System\VJXOZzo.exe
  2⤵
  PID:7580
- C:\Windows\System\zjZxsjL.exe
  C:\Windows\System\zjZxsjL.exe
  2⤵
  PID:7604
- C:\Windows\System\CAtHueh.exe
  C:\Windows\System\CAtHueh.exe
  2⤵
  PID:7628
- C:\Windows\System\RLSrFdM.exe
  C:\Windows\System\RLSrFdM.exe
  2⤵
  PID:7652
- C:\Windows\System\OumCzPz.exe
  C:\Windows\System\OumCzPz.exe
  2⤵
  PID:7676
- C:\Windows\System\zYgOYSk.exe
  C:\Windows\System\zYgOYSk.exe
  2⤵
  PID:7700
- C:\Windows\System\jfZzdgM.exe
  C:\Windows\System\jfZzdgM.exe
  2⤵
  PID:7724
- C:\Windows\System\rjiNadH.exe
  C:\Windows\System\rjiNadH.exe
  2⤵
  PID:7748
- C:\Windows\System\hvbqFWo.exe
  C:\Windows\System\hvbqFWo.exe
  2⤵
  PID:7772
- C:\Windows\System\HWUQvvN.exe
  C:\Windows\System\HWUQvvN.exe
  2⤵
  PID:7796
- C:\Windows\System\XFxevsK.exe
  C:\Windows\System\XFxevsK.exe
  2⤵
  PID:7820
- C:\Windows\System\EEOxJEk.exe
  C:\Windows\System\EEOxJEk.exe
  2⤵
  PID:7844
- C:\Windows\System\wrSUBjS.exe
  C:\Windows\System\wrSUBjS.exe
  2⤵
  PID:7864
- C:\Windows\System\AFeryBT.exe
  C:\Windows\System\AFeryBT.exe
  2⤵
  PID:7884
- C:\Windows\System\awTKMWz.exe
  C:\Windows\System\awTKMWz.exe
  2⤵
  PID:7908
- C:\Windows\System\PZXmZkO.exe
  C:\Windows\System\PZXmZkO.exe
  2⤵
  PID:7932
- C:\Windows\System\TrbOnHF.exe
  C:\Windows\System\TrbOnHF.exe
  2⤵
  PID:7956
- C:\Windows\System\hyWeryG.exe
  C:\Windows\System\hyWeryG.exe
  2⤵
  PID:7980
- C:\Windows\System\umXKRfN.exe
  C:\Windows\System\umXKRfN.exe
  2⤵
  PID:8004
- C:\Windows\System\NvsjLGb.exe
  C:\Windows\System\NvsjLGb.exe
  2⤵
  PID:8028
- C:\Windows\System\AWHtRXz.exe
  C:\Windows\System\AWHtRXz.exe
  2⤵
  PID:8052
- C:\Windows\System\NyfrqJV.exe
  C:\Windows\System\NyfrqJV.exe
  2⤵
  PID:8076
- C:\Windows\System\DQKeoox.exe
  C:\Windows\System\DQKeoox.exe
  2⤵
  PID:8100
- C:\Windows\System\avQqcpr.exe
  C:\Windows\System\avQqcpr.exe
  2⤵
  PID:8124
- C:\Windows\System\tStfqSC.exe
  C:\Windows\System\tStfqSC.exe
  2⤵
  PID:8148
- C:\Windows\System\AjlVsNr.exe
  C:\Windows\System\AjlVsNr.exe
  2⤵
  PID:8172
- C:\Windows\System\GqWolrT.exe
  C:\Windows\System\GqWolrT.exe
  2⤵
  PID:7096
- C:\Windows\System\pjnvKIv.exe
  C:\Windows\System\pjnvKIv.exe
  2⤵
  PID:5344
- C:\Windows\System\JmGQsCS.exe
  C:\Windows\System\JmGQsCS.exe
  2⤵
  PID:5888
- C:\Windows\System\YJUkMkI.exe
  C:\Windows\System\YJUkMkI.exe
  2⤵
  PID:6184
- C:\Windows\System\RCestms.exe
  C:\Windows\System\RCestms.exe
  2⤵
  PID:6324
- C:\Windows\System\PfsAzYW.exe
  C:\Windows\System\PfsAzYW.exe
  2⤵
  PID:6564
- C:\Windows\System\zWwtNbS.exe
  C:\Windows\System\zWwtNbS.exe
  2⤵
  PID:6664
- C:\Windows\System\PDPMiNw.exe
  C:\Windows\System\PDPMiNw.exe
  2⤵
  PID:7048
- C:\Windows\System\LJPiHNa.exe
  C:\Windows\System\LJPiHNa.exe
  2⤵
  PID:7212
- C:\Windows\System\FFnCMET.exe
  C:\Windows\System\FFnCMET.exe
  2⤵
  PID:7260
- C:\Windows\System\SVEWfoZ.exe
  C:\Windows\System\SVEWfoZ.exe
  2⤵
  PID:7332
- C:\Windows\System\ntPkrpe.exe
  C:\Windows\System\ntPkrpe.exe
  2⤵
  PID:7404
- C:\Windows\System\fniiTlX.exe
  C:\Windows\System\fniiTlX.exe
  2⤵
  PID:7476
- C:\Windows\System\POXtZCe.exe
  C:\Windows\System\POXtZCe.exe
  2⤵
  PID:7548
- C:\Windows\System\pQYfFJQ.exe
  C:\Windows\System\pQYfFJQ.exe
  2⤵
  PID:7596
- C:\Windows\System\SPJEOqV.exe
  C:\Windows\System\SPJEOqV.exe
  2⤵
  PID:7664
- C:\Windows\System\xOzARBf.exe
  C:\Windows\System\xOzARBf.exe
  2⤵
  PID:7736
- C:\Windows\System\sfalgGT.exe
  C:\Windows\System\sfalgGT.exe
  2⤵
  PID:7808
- C:\Windows\System\AAnQcpb.exe
  C:\Windows\System\AAnQcpb.exe
  2⤵
  PID:7860
- C:\Windows\System\ASMmhsu.exe
  C:\Windows\System\ASMmhsu.exe
  2⤵
  PID:7944
- C:\Windows\System\hfcNPxq.exe
  C:\Windows\System\hfcNPxq.exe
  2⤵
  PID:8016
- C:\Windows\System\BZjzwiz.exe
  C:\Windows\System\BZjzwiz.exe
  2⤵
  PID:8088
- C:\Windows\System\xsSeRPg.exe
  C:\Windows\System\xsSeRPg.exe
  2⤵
  PID:8200
- C:\Windows\System\CuBPAsg.exe
  C:\Windows\System\CuBPAsg.exe
  2⤵
  PID:8224
- C:\Windows\System\avijJql.exe
  C:\Windows\System\avijJql.exe
  2⤵
  PID:8252
- C:\Windows\System\IxCACAm.exe
  C:\Windows\System\IxCACAm.exe
  2⤵
  PID:8276
- C:\Windows\System\adnzLbC.exe
  C:\Windows\System\adnzLbC.exe
  2⤵
  PID:8300
- C:\Windows\System\htFuuMZ.exe
  C:\Windows\System\htFuuMZ.exe
  2⤵
  PID:8324
- C:\Windows\System\PRiayrj.exe
  C:\Windows\System\PRiayrj.exe
  2⤵
  PID:8348
- C:\Windows\System\dNRVoVx.exe
  C:\Windows\System\dNRVoVx.exe
  2⤵
  PID:8372
- C:\Windows\System\uwByPBz.exe
  C:\Windows\System\uwByPBz.exe
  2⤵
  PID:8396
- C:\Windows\System\TXLwJEb.exe
  C:\Windows\System\TXLwJEb.exe
  2⤵
  PID:8420
- C:\Windows\System\JwkoOFb.exe
  C:\Windows\System\JwkoOFb.exe
  2⤵
  PID:8444
- C:\Windows\System\BqmpbiV.exe
  C:\Windows\System\BqmpbiV.exe
  2⤵
  PID:8468
- C:\Windows\System\hOzeTTu.exe
  C:\Windows\System\hOzeTTu.exe
  2⤵
  PID:8492
- C:\Windows\System\sVqfNhJ.exe
  C:\Windows\System\sVqfNhJ.exe
  2⤵
  PID:8512
- C:\Windows\System\ZtfWdBT.exe
  C:\Windows\System\ZtfWdBT.exe
  2⤵
  PID:8536
- C:\Windows\System\iXiCGSt.exe
  C:\Windows\System\iXiCGSt.exe
  2⤵
  PID:8564
- C:\Windows\System\AEkgwCd.exe
  C:\Windows\System\AEkgwCd.exe
  2⤵
  PID:8588
- C:\Windows\System\vQhqzMc.exe
  C:\Windows\System\vQhqzMc.exe
  2⤵
  PID:8612
- C:\Windows\System\uDcmxFP.exe
  C:\Windows\System\uDcmxFP.exe
  2⤵
  PID:8636
- C:\Windows\System\uFJjyZd.exe
  C:\Windows\System\uFJjyZd.exe
  2⤵
  PID:8660
- C:\Windows\System\UaEmjLc.exe
  C:\Windows\System\UaEmjLc.exe
  2⤵
  PID:8684
- C:\Windows\System\pEsdCsI.exe
  C:\Windows\System\pEsdCsI.exe
  2⤵
  PID:8708
- C:\Windows\System\YbQFbeR.exe
  C:\Windows\System\YbQFbeR.exe
  2⤵
  PID:8732
- C:\Windows\System\oaOekFd.exe
  C:\Windows\System\oaOekFd.exe
  2⤵
  PID:8756
- C:\Windows\System\cFcHKMB.exe
  C:\Windows\System\cFcHKMB.exe
  2⤵
  PID:8780
- C:\Windows\System\BNXLZON.exe
  C:\Windows\System\BNXLZON.exe
  2⤵
  PID:8804
- C:\Windows\System\LhwquNr.exe
  C:\Windows\System\LhwquNr.exe
  2⤵
  PID:8828
- C:\Windows\System\zECPJWK.exe
  C:\Windows\System\zECPJWK.exe
  2⤵
  PID:8852
- C:\Windows\System\OiqbzRd.exe
  C:\Windows\System\OiqbzRd.exe
  2⤵
  PID:8876
- C:\Windows\System\aVuqKgC.exe
  C:\Windows\System\aVuqKgC.exe
  2⤵
  PID:8900
- C:\Windows\System\eemcRaB.exe
  C:\Windows\System\eemcRaB.exe
  2⤵
  PID:8924
- C:\Windows\System\acHMuwm.exe
  C:\Windows\System\acHMuwm.exe
  2⤵
  PID:8948
- C:\Windows\System\JTrsMDI.exe
  C:\Windows\System\JTrsMDI.exe
  2⤵
  PID:8972
- C:\Windows\System\mAGqVEH.exe
  C:\Windows\System\mAGqVEH.exe
  2⤵
  PID:8996
- C:\Windows\System\iaiNxkg.exe
  C:\Windows\System\iaiNxkg.exe
  2⤵
  PID:9012
- C:\Windows\System\yniwuku.exe
  C:\Windows\System\yniwuku.exe
  2⤵
  PID:9036
- C:\Windows\System\fHrtMcc.exe
  C:\Windows\System\fHrtMcc.exe
  2⤵
  PID:9060
- C:\Windows\System\FyKuBAz.exe
  C:\Windows\System\FyKuBAz.exe
  2⤵
  PID:9084
- C:\Windows\System\lNRIgUy.exe
  C:\Windows\System\lNRIgUy.exe
  2⤵
  PID:9108
- C:\Windows\System\blNKdlw.exe
  C:\Windows\System\blNKdlw.exe
  2⤵
  PID:9132
- C:\Windows\System\vYtuwow.exe
  C:\Windows\System\vYtuwow.exe
  2⤵
  PID:9156
- C:\Windows\System\BbbBfWE.exe
  C:\Windows\System\BbbBfWE.exe
  2⤵
  PID:9180
- C:\Windows\System\fpeauPX.exe
  C:\Windows\System\fpeauPX.exe
  2⤵
  PID:9204
- C:\Windows\System\PceBjLa.exe
  C:\Windows\System\PceBjLa.exe
  2⤵
  PID:8160
- C:\Windows\System\ooXWbgf.exe
  C:\Windows\System\ooXWbgf.exe
  2⤵
  PID:5640
- C:\Windows\System\RrYrVZd.exe
  C:\Windows\System\RrYrVZd.exe
  2⤵
  PID:6424
- C:\Windows\System\HPkHbVf.exe
  C:\Windows\System\HPkHbVf.exe
  2⤵
  PID:6996
- C:\Windows\System\gcbFprg.exe
  C:\Windows\System\gcbFprg.exe
  2⤵
  PID:7308
- C:\Windows\System\lMAthXw.exe
  C:\Windows\System\lMAthXw.exe
  2⤵
  PID:7524
- C:\Windows\System\PxvLKXi.exe
  C:\Windows\System\PxvLKXi.exe
  2⤵
  PID:7692
- C:\Windows\System\pxIhfyq.exe
  C:\Windows\System\pxIhfyq.exe
  2⤵
  PID:7904
- C:\Windows\System\wIDZHFO.exe
  C:\Windows\System\wIDZHFO.exe
  2⤵
  PID:8116
- C:\Windows\System\QGioLYz.exe
  C:\Windows\System\QGioLYz.exe
  2⤵
  PID:8264
- C:\Windows\System\EcyheYy.exe
  C:\Windows\System\EcyheYy.exe
  2⤵
  PID:8336
- C:\Windows\System\ETZvlIW.exe
  C:\Windows\System\ETZvlIW.exe
  2⤵
  PID:8408
- C:\Windows\System\KmmSnQn.exe
  C:\Windows\System\KmmSnQn.exe
  2⤵
  PID:8480
- C:\Windows\System\CLTflMA.exe
  C:\Windows\System\CLTflMA.exe
  2⤵
  PID:8532
- C:\Windows\System\aQnfsft.exe
  C:\Windows\System\aQnfsft.exe
  2⤵
  PID:8600
- C:\Windows\System\dRSRweo.exe
  C:\Windows\System\dRSRweo.exe
  2⤵
  PID:8648
- C:\Windows\System\aSGEgYG.exe
  C:\Windows\System\aSGEgYG.exe
  2⤵
  PID:8720
- C:\Windows\System\VcOTtZi.exe
  C:\Windows\System\VcOTtZi.exe
  2⤵
  PID:8768
- C:\Windows\System\bXGovBo.exe
  C:\Windows\System\bXGovBo.exe
  2⤵
  PID:1060
- C:\Windows\System\nzaXjVo.exe
  C:\Windows\System\nzaXjVo.exe
  2⤵
  PID:8892
- C:\Windows\System\zrEMmTJ.exe
  C:\Windows\System\zrEMmTJ.exe
  2⤵
  PID:8964
- C:\Windows\System\SCFdGjz.exe
  C:\Windows\System\SCFdGjz.exe
  2⤵
  PID:9008
- C:\Windows\System\oZOSfTu.exe
  C:\Windows\System\oZOSfTu.exe
  2⤵
  PID:9076
- C:\Windows\System\HADGEJv.exe
  C:\Windows\System\HADGEJv.exe
  2⤵
  PID:9144
- C:\Windows\System\PtWYnIY.exe
  C:\Windows\System\PtWYnIY.exe
  2⤵
  PID:9192
- C:\Windows\System\MOCGztJ.exe
  C:\Windows\System\MOCGztJ.exe
  2⤵
  PID:2344
- C:\Windows\System\JJLvivq.exe
  C:\Windows\System\JJLvivq.exe
  2⤵
  PID:7236
- C:\Windows\System\UKnPTvR.exe
  C:\Windows\System\UKnPTvR.exe
  2⤵
  PID:2824
- C:\Windows\System\AxIOkIx.exe
  C:\Windows\System\AxIOkIx.exe
  2⤵
  PID:9224
- C:\Windows\System\UuVdnBf.exe
  C:\Windows\System\UuVdnBf.exe
  2⤵
  PID:9248
- C:\Windows\System\aCPwfMX.exe
  C:\Windows\System\aCPwfMX.exe
  2⤵
  PID:9272
- C:\Windows\System\ZdPXjJT.exe
  C:\Windows\System\ZdPXjJT.exe
  2⤵
  PID:9304
- C:\Windows\System\eBtvoNc.exe
  C:\Windows\System\eBtvoNc.exe
  2⤵
  PID:9328
- C:\Windows\System\pqvpqQz.exe
  C:\Windows\System\pqvpqQz.exe
  2⤵
  PID:9352
- C:\Windows\System\HrPylEx.exe
  C:\Windows\System\HrPylEx.exe
  2⤵
  PID:9376
- C:\Windows\System\croWmDp.exe
  C:\Windows\System\croWmDp.exe
  2⤵
  PID:9400
- C:\Windows\System\cMiJhnl.exe
  C:\Windows\System\cMiJhnl.exe
  2⤵
  PID:9424
- C:\Windows\System\ulIWUpE.exe
  C:\Windows\System\ulIWUpE.exe
  2⤵
  PID:9448
- C:\Windows\System\MWtfsPA.exe
  C:\Windows\System\MWtfsPA.exe
  2⤵
  PID:9472
- C:\Windows\System\WbnHfMq.exe
  C:\Windows\System\WbnHfMq.exe
  2⤵
  PID:9496
- C:\Windows\System\SJutnVL.exe
  C:\Windows\System\SJutnVL.exe
  2⤵
  PID:9520
- C:\Windows\System\dbTnMgs.exe
  C:\Windows\System\dbTnMgs.exe
  2⤵
  PID:9544
- C:\Windows\System\NCKnprx.exe
  C:\Windows\System\NCKnprx.exe
  2⤵
  PID:9568
- C:\Windows\System\YbzAmae.exe
  C:\Windows\System\YbzAmae.exe
  2⤵
  PID:9592
- C:\Windows\System\KwwnlqS.exe
  C:\Windows\System\KwwnlqS.exe
  2⤵
  PID:9616
- C:\Windows\System\aJJLwOU.exe
  C:\Windows\System\aJJLwOU.exe
  2⤵
  PID:9640
- C:\Windows\System\wEMXqSI.exe
  C:\Windows\System\wEMXqSI.exe
  2⤵
  PID:9664
- C:\Windows\System\qzftVts.exe
  C:\Windows\System\qzftVts.exe
  2⤵
  PID:9688
- C:\Windows\System\RqGPFox.exe
  C:\Windows\System\RqGPFox.exe
  2⤵
  PID:9712
- C:\Windows\System\FIsrCwT.exe
  C:\Windows\System\FIsrCwT.exe
  2⤵
  PID:9736
- C:\Windows\System\bnBDSGb.exe
  C:\Windows\System\bnBDSGb.exe
  2⤵
  PID:9760
- C:\Windows\System\RlrvBtO.exe
  C:\Windows\System\RlrvBtO.exe
  2⤵
  PID:9784
- C:\Windows\System\saMbxuG.exe
  C:\Windows\System\saMbxuG.exe
  2⤵
  PID:9808
- C:\Windows\System\ZxutILv.exe
  C:\Windows\System\ZxutILv.exe
  2⤵
  PID:9832
- C:\Windows\System\AnEXGYq.exe
  C:\Windows\System\AnEXGYq.exe
  2⤵
  PID:9856
- C:\Windows\System\xUcIVhF.exe
  C:\Windows\System\xUcIVhF.exe
  2⤵
  PID:9880
- C:\Windows\System\xEgXBpe.exe
  C:\Windows\System\xEgXBpe.exe
  2⤵
  PID:9896
- C:\Windows\System\uJHyRCE.exe
  C:\Windows\System\uJHyRCE.exe
  2⤵
  PID:9920
- C:\Windows\System\oFvodkB.exe
  C:\Windows\System\oFvodkB.exe
  2⤵
  PID:9944
- C:\Windows\System\GeqLrJO.exe
  C:\Windows\System\GeqLrJO.exe
  2⤵
  PID:9968
- C:\Windows\System\gnTXsan.exe
  C:\Windows\System\gnTXsan.exe
  2⤵
  PID:9992
- C:\Windows\System\SDTsFZy.exe
  C:\Windows\System\SDTsFZy.exe
  2⤵
  PID:10016
- C:\Windows\System\iECaBhk.exe
  C:\Windows\System\iECaBhk.exe
  2⤵
  PID:10040
- C:\Windows\System\WlRuETM.exe
  C:\Windows\System\WlRuETM.exe
  2⤵
  PID:10064
- C:\Windows\System\TOdIAWH.exe
  C:\Windows\System\TOdIAWH.exe
  2⤵
  PID:10088
- C:\Windows\System\iWCFhvA.exe
  C:\Windows\System\iWCFhvA.exe
  2⤵
  PID:10112
- C:\Windows\System\VijRXBk.exe
  C:\Windows\System\VijRXBk.exe
  2⤵
  PID:10136
- C:\Windows\System\hvHHrZh.exe
  C:\Windows\System\hvHHrZh.exe
  2⤵
  PID:10160
- C:\Windows\System\OOwSOQi.exe
  C:\Windows\System\OOwSOQi.exe
  2⤵
  PID:10184
- C:\Windows\System\eAUPVNH.exe
  C:\Windows\System\eAUPVNH.exe
  2⤵
  PID:10208
- C:\Windows\System\QKsaFvQ.exe
  C:\Windows\System\QKsaFvQ.exe
  2⤵
  PID:10232
- C:\Windows\System\FSoujLz.exe
  C:\Windows\System\FSoujLz.exe
  2⤵
  PID:8292
- C:\Windows\System\ocqbmXK.exe
  C:\Windows\System\ocqbmXK.exe
  2⤵
  PID:8436
- C:\Windows\System\ZOCXCat.exe
  C:\Windows\System\ZOCXCat.exe
  2⤵
  PID:4068
- C:\Windows\System\MQVckeQ.exe
  C:\Windows\System\MQVckeQ.exe
  2⤵
  PID:8696
- C:\Windows\System\lXisZJw.exe
  C:\Windows\System\lXisZJw.exe
  2⤵
  PID:8864
- C:\Windows\System\GXPoipk.exe
  C:\Windows\System\GXPoipk.exe
  2⤵
  PID:9052
- C:\Windows\System\hHxyoYN.exe
  C:\Windows\System\hHxyoYN.exe
  2⤵
  PID:9172
- C:\Windows\System\bJPXMGQ.exe
  C:\Windows\System\bJPXMGQ.exe
  2⤵
  PID:2808
- C:\Windows\System\OezJLzG.exe
  C:\Windows\System\OezJLzG.exe
  2⤵
  PID:9236
- C:\Windows\System\nztGFNO.exe
  C:\Windows\System\nztGFNO.exe
  2⤵
  PID:9288
- C:\Windows\System\iAfUDPk.exe
  C:\Windows\System\iAfUDPk.exe
  2⤵
  PID:9344
- C:\Windows\System\kuuNpBD.exe
  C:\Windows\System\kuuNpBD.exe
  2⤵
  PID:9412
- C:\Windows\System\NjOWGqU.exe
  C:\Windows\System\NjOWGqU.exe
  2⤵
  PID:9484
- C:\Windows\System\CGxOOhy.exe
  C:\Windows\System\CGxOOhy.exe
  2⤵
  PID:9536
- C:\Windows\System\hLokmfQ.exe
  C:\Windows\System\hLokmfQ.exe
  2⤵
  PID:9608
- C:\Windows\System\ZHIKFET.exe
  C:\Windows\System\ZHIKFET.exe
  2⤵
  PID:9676
- C:\Windows\System\bHXoiEb.exe
  C:\Windows\System\bHXoiEb.exe
  2⤵
  PID:2024
- C:\Windows\System\rXYSsna.exe
  C:\Windows\System\rXYSsna.exe
  2⤵
  PID:9800
- C:\Windows\System\nHHRFMq.exe
  C:\Windows\System\nHHRFMq.exe
  2⤵
  PID:764
- C:\Windows\System\DugGGad.exe
  C:\Windows\System\DugGGad.exe
  2⤵
  PID:9908
- C:\Windows\System\yroIPdD.exe
  C:\Windows\System\yroIPdD.exe
  2⤵
  PID:4880
- C:\Windows\System\QRRCaME.exe
  C:\Windows\System\QRRCaME.exe
  2⤵
  PID:10028
- C:\Windows\System\NKdOqhN.exe
  C:\Windows\System\NKdOqhN.exe
  2⤵
  PID:10100
- C:\Windows\System\owpakdT.exe
  C:\Windows\System\owpakdT.exe
  2⤵
  PID:10152
- C:\Windows\System\IsiNZkV.exe
  C:\Windows\System\IsiNZkV.exe
  2⤵
  PID:10196
- C:\Windows\System\ZyCMBXp.exe
  C:\Windows\System\ZyCMBXp.exe
  2⤵
  PID:8220
- C:\Windows\System\yOsgrCU.exe
  C:\Windows\System\yOsgrCU.exe
  2⤵
  PID:1444
- C:\Windows\System\onzLRqy.exe
  C:\Windows\System\onzLRqy.exe
  2⤵
  PID:4560
- C:\Windows\System\ARuulHS.exe
  C:\Windows\System\ARuulHS.exe
  2⤵
  PID:4712
- C:\Windows\System\yZrtnNP.exe
  C:\Windows\System\yZrtnNP.exe
  2⤵
  PID:9440
- C:\Windows\System\xMvqTwg.exe
  C:\Windows\System\xMvqTwg.exe
  2⤵
  PID:1752
- C:\Windows\System\AXvRwTT.exe
  C:\Windows\System\AXvRwTT.exe
  2⤵
  PID:10268
- C:\Windows\System\blYItjF.exe
  C:\Windows\System\blYItjF.exe
  2⤵
  PID:10292
- C:\Windows\System\sqeGMkV.exe
  C:\Windows\System\sqeGMkV.exe
  2⤵
  PID:10316
- C:\Windows\System\fuTAQur.exe
  C:\Windows\System\fuTAQur.exe
  2⤵
  PID:10344
- C:\Windows\System\Iqwckdf.exe
  C:\Windows\System\Iqwckdf.exe
  2⤵
  PID:10364
- C:\Windows\System\lzMzvoV.exe
  C:\Windows\System\lzMzvoV.exe
  2⤵
  PID:10388
- C:\Windows\System\PGHlvBd.exe
  C:\Windows\System\PGHlvBd.exe
  2⤵
  PID:10404
- C:\Windows\System\GOFlpDb.exe
  C:\Windows\System\GOFlpDb.exe
  2⤵
  PID:10428
- C:\Windows\System\XCqEZAv.exe
  C:\Windows\System\XCqEZAv.exe
  2⤵
  PID:10452
- C:\Windows\System\KiIXMOL.exe
  C:\Windows\System\KiIXMOL.exe
  2⤵
  PID:10476
- C:\Windows\System\hhsNitx.exe
  C:\Windows\System\hhsNitx.exe
  2⤵
  PID:10632
- C:\Windows\System\DFHwkgk.exe
  C:\Windows\System\DFHwkgk.exe
  2⤵
  PID:10668
- C:\Windows\System\BKrbuxU.exe
  C:\Windows\System\BKrbuxU.exe
  2⤵
  PID:10956
- C:\Windows\System\ZuJuDIG.exe
  C:\Windows\System\ZuJuDIG.exe
  2⤵
  PID:10976
- C:\Windows\System\LlbfSFE.exe
  C:\Windows\System\LlbfSFE.exe
  2⤵
  PID:10996
- C:\Windows\System\bkYNZrU.exe
  C:\Windows\System\bkYNZrU.exe
  2⤵
  PID:11024
- C:\Windows\System\tgbBZaV.exe
  C:\Windows\System\tgbBZaV.exe
  2⤵
  PID:11044
- C:\Windows\System\JgeNZeP.exe
  C:\Windows\System\JgeNZeP.exe
  2⤵
  PID:11064
- C:\Windows\System\fDYVIyT.exe
  C:\Windows\System\fDYVIyT.exe
  2⤵
  PID:11084
- C:\Windows\System\lpMzIaP.exe
  C:\Windows\System\lpMzIaP.exe
  2⤵
  PID:11100
- C:\Windows\System\JZAUxnI.exe
  C:\Windows\System\JZAUxnI.exe
  2⤵
  PID:11124
- C:\Windows\System\wesiYAZ.exe
  C:\Windows\System\wesiYAZ.exe
  2⤵
  PID:11144
- C:\Windows\System\uxqwlhG.exe
  C:\Windows\System\uxqwlhG.exe
  2⤵
  PID:11164
- C:\Windows\System\IvhFuDm.exe
  C:\Windows\System\IvhFuDm.exe
  2⤵
  PID:11180
- C:\Windows\System\OgrcQxg.exe
  C:\Windows\System\OgrcQxg.exe
  2⤵
  PID:11200
- C:\Windows\System\XjnWXii.exe
  C:\Windows\System\XjnWXii.exe
  2⤵
  PID:11220
- C:\Windows\System\BdGLCEM.exe
  C:\Windows\System\BdGLCEM.exe
  2⤵
  PID:11240
- C:\Windows\System\NUNZCkN.exe
  C:\Windows\System\NUNZCkN.exe
  2⤵
  PID:1340
- C:\Windows\System\LvoOVKn.exe
  C:\Windows\System\LvoOVKn.exe
  2⤵
  PID:5516
- C:\Windows\System\fDQDBXm.exe
  C:\Windows\System\fDQDBXm.exe
  2⤵
  PID:5412
- C:\Windows\System\QbhwcjW.exe
  C:\Windows\System\QbhwcjW.exe
  2⤵
  PID:5464
- C:\Windows\System\cGXhoAj.exe
  C:\Windows\System\cGXhoAj.exe
  2⤵
  PID:5596
- C:\Windows\System\ETuadow.exe
  C:\Windows\System\ETuadow.exe
  2⤵
  PID:5900
- C:\Windows\System\nBbCULx.exe
  C:\Windows\System\nBbCULx.exe
  2⤵
  PID:4452
- C:\Windows\System\TaEzFQU.exe
  C:\Windows\System\TaEzFQU.exe
  2⤵
  PID:10888
- C:\Windows\System\DVavGhC.exe
  C:\Windows\System\DVavGhC.exe
  2⤵
  PID:10872
- C:\Windows\System\dvWSnoq.exe
  C:\Windows\System\dvWSnoq.exe
  2⤵
  PID:6416
- C:\Windows\System\hOTOIPp.exe
  C:\Windows\System\hOTOIPp.exe
  2⤵
  PID:10944
- C:\Windows\System\CSEeAiT.exe
  C:\Windows\System\CSEeAiT.exe
  2⤵
  PID:2264
- C:\Windows\System\SVznDXn.exe
  C:\Windows\System\SVznDXn.exe
  2⤵
  PID:11092
- C:\Windows\System\IETAenm.exe
  C:\Windows\System\IETAenm.exe
  2⤵
  PID:11116
- C:\Windows\System\mMcIKDa.exe
  C:\Windows\System\mMcIKDa.exe
  2⤵
  PID:11172
- C:\Windows\System\OtbeFXf.exe
  C:\Windows\System\OtbeFXf.exe
  2⤵
  PID:11196
- C:\Windows\System\unkxQLI.exe
  C:\Windows\System\unkxQLI.exe
  2⤵
  PID:7240
- C:\Windows\System\caiRTBz.exe
  C:\Windows\System\caiRTBz.exe
  2⤵
  PID:10756
- C:\Windows\System\XPGKLQY.exe
  C:\Windows\System\XPGKLQY.exe
  2⤵
  PID:11252
- C:\Windows\System\tjAcAuS.exe
  C:\Windows\System\tjAcAuS.exe
  2⤵
  PID:5224
- C:\Windows\System\ylBhHux.exe
  C:\Windows\System\ylBhHux.exe
  2⤵
  PID:11424
- C:\Windows\System\DsUmRPo.exe
  C:\Windows\System\DsUmRPo.exe
  2⤵
  PID:11444
- C:\Windows\System\RzWMkur.exe
  C:\Windows\System\RzWMkur.exe
  2⤵
  PID:11564
- C:\Windows\System\drmjlua.exe
  C:\Windows\System\drmjlua.exe
  2⤵
  PID:11584
- C:\Windows\System\ecNJepS.exe
  C:\Windows\System\ecNJepS.exe
  2⤵
  PID:11604
- C:\Windows\System\HVkDaRl.exe
  C:\Windows\System\HVkDaRl.exe
  2⤵
  PID:11692
- C:\Windows\System\gXLiJpg.exe
  C:\Windows\System\gXLiJpg.exe
  2⤵
  PID:11776
- C:\Windows\System\XAzEiKi.exe
  C:\Windows\System\XAzEiKi.exe
  2⤵
  PID:11852
- C:\Windows\System\bndWywX.exe
  C:\Windows\System\bndWywX.exe
  2⤵
  PID:11868
- C:\Windows\System\nuUgWlG.exe
  C:\Windows\System\nuUgWlG.exe
  2⤵
  PID:11892
- C:\Windows\System\sFbloPH.exe
  C:\Windows\System\sFbloPH.exe
  2⤵
  PID:11916
- C:\Windows\System\KAXsDJk.exe
  C:\Windows\System\KAXsDJk.exe
  2⤵
  PID:11936
- C:\Windows\System\zhlMiuj.exe
  C:\Windows\System\zhlMiuj.exe
  2⤵
  PID:11976
- C:\Windows\System\XxLrFUw.exe
  C:\Windows\System\XxLrFUw.exe
  2⤵
  PID:12008
- C:\Windows\System\ETpmfQv.exe
  C:\Windows\System\ETpmfQv.exe
  2⤵
  PID:12032
- C:\Windows\System\kWRdagt.exe
  C:\Windows\System\kWRdagt.exe
  2⤵
  PID:12080
- C:\Windows\System\XNOIHmt.exe
  C:\Windows\System\XNOIHmt.exe
  2⤵
  PID:12104
- C:\Windows\System\dXlLJdt.exe
  C:\Windows\System\dXlLJdt.exe
  2⤵
  PID:12128
- C:\Windows\System\KRBLDty.exe
  C:\Windows\System\KRBLDty.exe
  2⤵
  PID:12172
- C:\Windows\System\HdGGhzV.exe
  C:\Windows\System\HdGGhzV.exe
  2⤵
  PID:12192
- C:\Windows\System\JesCdPl.exe
  C:\Windows\System\JesCdPl.exe
  2⤵
  PID:12212
- C:\Windows\System\gzRffjO.exe
  C:\Windows\System\gzRffjO.exe
  2⤵
  PID:12236
- C:\Windows\System\mGarHfr.exe
  C:\Windows\System\mGarHfr.exe
  2⤵
  PID:12252
- C:\Windows\System\BDDYoJZ.exe
  C:\Windows\System\BDDYoJZ.exe
  2⤵
  PID:12276
- C:\Windows\System\BBYdLIE.exe
  C:\Windows\System\BBYdLIE.exe
  2⤵
  PID:5000
- C:\Windows\System\yQxZaAN.exe
  C:\Windows\System\yQxZaAN.exe
  2⤵
  PID:10892
- C:\Windows\System\tfYLfmj.exe
  C:\Windows\System\tfYLfmj.exe
  2⤵
  PID:4876
- C:\Windows\System\mCuvyWP.exe
  C:\Windows\System\mCuvyWP.exe
  2⤵
  PID:4080
- C:\Windows\System\yijdXXJ.exe
  C:\Windows\System\yijdXXJ.exe
  2⤵
  PID:6296
- C:\Windows\System\ZfwmyHD.exe
  C:\Windows\System\ZfwmyHD.exe
  2⤵
  PID:6632
- C:\Windows\System\xgVWnSt.exe
  C:\Windows\System\xgVWnSt.exe
  2⤵
  PID:1312
- C:\Windows\System\qemkBya.exe
  C:\Windows\System\qemkBya.exe
  2⤵
  PID:4256
- C:\Windows\System\LldfqeK.exe
  C:\Windows\System\LldfqeK.exe
  2⤵
  PID:4852
- C:\Windows\System\nSfUyqX.exe
  C:\Windows\System\nSfUyqX.exe
  2⤵
  PID:10492
- C:\Windows\System\sAWROGv.exe
  C:\Windows\System\sAWROGv.exe
  2⤵
  PID:10784
- C:\Windows\System\WPDpArm.exe
  C:\Windows\System\WPDpArm.exe
  2⤵
  PID:10700
- C:\Windows\System\IGjlJkt.exe
  C:\Windows\System\IGjlJkt.exe
  2⤵
  PID:10780
- C:\Windows\System\YmQDVSo.exe
  C:\Windows\System\YmQDVSo.exe
  2⤵
  PID:10860
- C:\Windows\System\yWbufcT.exe
  C:\Windows\System\yWbufcT.exe
  2⤵
  PID:10684
- C:\Windows\System\EXKiIOU.exe
  C:\Windows\System\EXKiIOU.exe
  2⤵
  PID:10840
- C:\Windows\System\cOlEcYL.exe
  C:\Windows\System\cOlEcYL.exe
  2⤵
  PID:11120
- C:\Windows\System\nkMyKre.exe
  C:\Windows\System\nkMyKre.exe
  2⤵
  PID:9368
- C:\Windows\System\iaRbNFJ.exe
  C:\Windows\System\iaRbNFJ.exe
  2⤵
  PID:10400
- C:\Windows\System\lDeIveH.exe
  C:\Windows\System\lDeIveH.exe
  2⤵
  PID:3600
- C:\Windows\System\AVBuYPI.exe
  C:\Windows\System\AVBuYPI.exe
  2⤵
  PID:3108
- C:\Windows\System\XppiUuw.exe
  C:\Windows\System\XppiUuw.exe
  2⤵
  PID:11032
- C:\Windows\System\tmBkmXV.exe
  C:\Windows\System\tmBkmXV.exe
  2⤵
  PID:11136
- C:\Windows\System\aPEPZzZ.exe
  C:\Windows\System\aPEPZzZ.exe
  2⤵
  PID:5844
- C:\Windows\System\hdwhsGw.exe
  C:\Windows\System\hdwhsGw.exe
  2⤵
  PID:7756
- C:\Windows\System\RjhLong.exe
  C:\Windows\System\RjhLong.exe
  2⤵
  PID:11412
- C:\Windows\System\cFmUojt.exe
  C:\Windows\System\cFmUojt.exe
  2⤵
  PID:10308
- C:\Windows\System\UixWgEe.exe
  C:\Windows\System\UixWgEe.exe
  2⤵
  PID:10488
- C:\Windows\System\xAgnZHl.exe
  C:\Windows\System\xAgnZHl.exe
  2⤵
  PID:11596
- C:\Windows\System\YzTDmqK.exe
  C:\Windows\System\YzTDmqK.exe
  2⤵
  PID:4420
- C:\Windows\System\yJBcEPx.exe
  C:\Windows\System\yJBcEPx.exe
  2⤵
  PID:11276
- C:\Windows\System\JaHJEJy.exe
  C:\Windows\System\JaHJEJy.exe
  2⤵
  PID:9776
- C:\Windows\System\SZPXnGu.exe
  C:\Windows\System\SZPXnGu.exe
  2⤵
  PID:11516
- C:\Windows\System\VcFiGGz.exe
  C:\Windows\System\VcFiGGz.exe
  2⤵
  PID:11320
- C:\Windows\System\MYkmKvG.exe
  C:\Windows\System\MYkmKvG.exe
  2⤵
  PID:11440
- C:\Windows\System\LckcmIx.exe
  C:\Windows\System\LckcmIx.exe
  2⤵
  PID:11592
- C:\Windows\System\DmHOLoE.exe
  C:\Windows\System\DmHOLoE.exe
  2⤵
  PID:11744
- C:\Windows\System\JIlbdpU.exe
  C:\Windows\System\JIlbdpU.exe
  2⤵
  PID:11900
- C:\Windows\System\JGcSiVS.exe
  C:\Windows\System\JGcSiVS.exe
  2⤵
  PID:11964
- C:\Windows\System\MhUWYXJ.exe
  C:\Windows\System\MhUWYXJ.exe
  2⤵
  PID:12040
- C:\Windows\System\KcmooVo.exe
  C:\Windows\System\KcmooVo.exe
  2⤵
  PID:12076
- C:\Windows\System\VKYnLTH.exe
  C:\Windows\System\VKYnLTH.exe
  2⤵
  PID:2036
- C:\Windows\System\UJgvnoV.exe
  C:\Windows\System\UJgvnoV.exe
  2⤵
  PID:12156
- C:\Windows\System\NwrXTlP.exe
  C:\Windows\System\NwrXTlP.exe
  2⤵
  PID:12248
- C:\Windows\System\lssJQoa.exe
  C:\Windows\System\lssJQoa.exe
  2⤵
  PID:992
- C:\Windows\System\hdobCUS.exe
  C:\Windows\System\hdobCUS.exe
  2⤵
  PID:12260
- C:\Windows\System\uPaoNqD.exe
  C:\Windows\System\uPaoNqD.exe
  2⤵
  PID:9580
- C:\Windows\System\jQJmkGP.exe
  C:\Windows\System\jQJmkGP.exe
  2⤵
  PID:10224
- C:\Windows\System\QqjJRqz.exe
  C:\Windows\System\QqjJRqz.exe
  2⤵
  PID:10928
- C:\Windows\System\SEQXTxk.exe
  C:\Windows\System\SEQXTxk.exe
  2⤵
  PID:10796
- C:\Windows\System\Crwcuar.exe
  C:\Windows\System\Crwcuar.exe
  2⤵
  PID:10628
- C:\Windows\System\SJvacHb.exe
  C:\Windows\System\SJvacHb.exe
  2⤵
  PID:10704
- C:\Windows\System\ggEVPjq.exe
  C:\Windows\System\ggEVPjq.exe
  2⤵
  PID:10804
- C:\Windows\System\sEZGRaY.exe
  C:\Windows\System\sEZGRaY.exe
  2⤵
  PID:11160
- C:\Windows\System\cwJATqm.exe
  C:\Windows\System\cwJATqm.exe
  2⤵
  PID:7044
- C:\Windows\System\CXIaMpG.exe
  C:\Windows\System\CXIaMpG.exe
  2⤵
  PID:4424
- C:\Windows\System\frHmncO.exe
  C:\Windows\System\frHmncO.exe
  2⤵
  PID:4848
- C:\Windows\System\qTtKpRG.exe
  C:\Windows\System\qTtKpRG.exe
  2⤵
  PID:11112
- C:\Windows\System\ASRgWLM.exe
  C:\Windows\System\ASRgWLM.exe
  2⤵
  PID:11236
- C:\Windows\System\RiBEaRb.exe
  C:\Windows\System\RiBEaRb.exe
  2⤵
  PID:10800
- C:\Windows\System\ntmlhxf.exe
  C:\Windows\System\ntmlhxf.exe
  2⤵
  PID:7836
- C:\Windows\System\HSadSwC.exe
  C:\Windows\System\HSadSwC.exe
  2⤵
  PID:5760
- C:\Windows\System\mBVkUDx.exe
  C:\Windows\System\mBVkUDx.exe
  2⤵
  PID:10416
- C:\Windows\System\LRIfPHX.exe
  C:\Windows\System\LRIfPHX.exe
  2⤵
  PID:11876
- C:\Windows\System\ZJixUBW.exe
  C:\Windows\System\ZJixUBW.exe
  2⤵
  PID:1936
- C:\Windows\System\pZebJxG.exe
  C:\Windows\System\pZebJxG.exe
  2⤵
  PID:12120
- C:\Windows\System\mCEdKhE.exe
  C:\Windows\System\mCEdKhE.exe
  2⤵
  PID:3948
- C:\Windows\System\qULDjnl.exe
  C:\Windows\System\qULDjnl.exe
  2⤵
  PID:12180
- C:\Windows\System\JLkzRPc.exe
  C:\Windows\System\JLkzRPc.exe
  2⤵
  PID:6200
- C:\Windows\System\YOBTWAG.exe
  C:\Windows\System\YOBTWAG.exe
  2⤵
  PID:12284
- C:\Windows\System\ahxihxz.exe
  C:\Windows\System\ahxihxz.exe
  2⤵
  PID:10896
- C:\Windows\System\NQOZGtj.exe
  C:\Windows\System\NQOZGtj.exe
  2⤵
  PID:10864
- C:\Windows\System\qnhYmhK.exe
  C:\Windows\System\qnhYmhK.exe
  2⤵
  PID:11152
- C:\Windows\System\pzUjpzY.exe
  C:\Windows\System\pzUjpzY.exe
  2⤵
  PID:3240
- C:\Windows\System\BrCPHiX.exe
  C:\Windows\System\BrCPHiX.exe
  2⤵
  PID:10776
- C:\Windows\System\oJyorDB.exe
  C:\Windows\System\oJyorDB.exe
  2⤵
  PID:11728
- C:\Windows\System\nKWwpgK.exe
  C:\Windows\System\nKWwpgK.exe
  2⤵
  PID:11880
- C:\Windows\System\FFfQBMa.exe
  C:\Windows\System\FFfQBMa.exe
  2⤵
  PID:12112
- C:\Windows\System\nOAzEKg.exe
  C:\Windows\System\nOAzEKg.exe
  2⤵
  PID:7968
- C:\Windows\System\lkoUllN.exe
  C:\Windows\System\lkoUllN.exe
  2⤵
  PID:7276
- C:\Windows\System\FZlKWsp.exe
  C:\Windows\System\FZlKWsp.exe
  2⤵
  PID:5952
- C:\Windows\System\QLTVdzM.exe
  C:\Windows\System\QLTVdzM.exe
  2⤵
  PID:11844

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:11704

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BXJsNOA.exe

Filesize
2.0MB

MD5
f41dd468fd9f219e418853343e5968c0

SHA1
b22990bbb85fd49613f9de466c49cb5b822251b7

SHA256
7e49ffd25dd1865c9169c03b7430b31cc419a547092edcefa6ebef5952f1d031

SHA512
52f0d3a5f75eedb9b774506fee87facf27718cefd3be76806abf2edaaac03e21a630b7176b64e9ebbd4765213d285ccda7527d01fe68d5575801bfe104d75c32

Download Submit
C:\Windows\System\CsHzcnU.exe

Filesize
2.0MB

MD5
2d63ddc4035570da6b9bd8ad73f9d6c5

SHA1
07d48a57dd8440082dc9d26d641b225e4de90497

SHA256
27fb06fa7e8cf1ebe95f9e1078011f184465e0f568bdbcc88c141fae6898df5d

SHA512
d2ababa4f4cbbe15c6974e5a4827e74b207dce877fcfe028d7ad1fd7c814396438b96ffe4d5c98d4a71562e1b46ffe3337c47a939381116dcf0f22fe8506d174

Download Submit
C:\Windows\System\HrZQTkT.exe

Filesize
2.0MB

MD5
accf16e7e3dd795c385591962219852a

SHA1
97c4ece02556cd3951f4d77b296d40acd632f965

SHA256
cd1c6f057714d75aa49aefae6187787791b4a6dd53d8d14ec845d9eccba90f8d

SHA512
c2ef130185d99873ff186edfd5470ed0b6162e51c50e4fae4b3832d3791cb01a9e6ed685bbc96313aebfe8f936ee2b663a783906d088216c6cb4fbe77f6998aa

Download Submit
C:\Windows\System\JSiuqQz.exe

Filesize
2.0MB

MD5
f086770e01bc80f9861a993d6efe28d0

SHA1
90e99e7869fcb2406f4080477914754af0e053b5

SHA256
6a55c8f7b26793970e2899ec3e061fde8dec0365cabf9a36e2fac4f9ddf5ac57

SHA512
b06f164326f904f9640fa83d2d0a5770f9a68ac6f5a1c1be6a154e92f37fe629a9cc22ceee6dfef693c3d4d0d7a9673d03ed21164f8488c572d718a904c0205d

Download Submit
C:\Windows\System\LCdRdCw.exe

Filesize
640KB

MD5
469aca0e2abc33bcc5100f89b3196890

SHA1
b77c2be76b0bcd5c1640c82143bf4ae8abf6ed35

SHA256
8e4d419e754f89fae1d30741df9483d06709f6d20541cbce976b97c6b74f264f

SHA512
bb8f27156094a7b200e5c1844466de9827240ad5c62598ca983899918fcfddc76480438ab7ff457f4059655d26f5dee65f9d3ba57dc850a7e0c1c267d7e2bdae

Download Submit
C:\Windows\System\LCdRdCw.exe

Filesize
2.0MB

MD5
1c37e91393c4a951f7e0b5472d7f30a4

SHA1
f5627133258bd9b229bf277cf41886714e927ec7

SHA256
c337785170724a966fb080ce810236e4201e61659f209d63da05929d59aa8c09

SHA512
b213c7bb9ba51349a475ce878c41a2e25349f366b7e024525d79623206498a0f9c28bda5446dba5a6ffcb279633c77e3d2e82a4e083d8f789f389973f82c0541

Download Submit
C:\Windows\System\LqVWrpN.exe

Filesize
2.0MB

MD5
7a6db29820c701bfe1aad9e065a2c1a5

SHA1
24f6abc9d4ded1561f048de27ae2b97037249297

SHA256
b1a40ad0d3ee7ebe2031b80e99a5e79873a2ff7660e9da7aa7924683132432d5

SHA512
7585d673dd779d76166157a99ee55b9abaa164e0d2ac7263762de199b0f342650de575defa826fc041faa1766dee1ad9c85cbcfa17e65a43d3427b6cd06af3e3

Download Submit
C:\Windows\System\OSHtTyc.exe

Filesize
2.0MB

MD5
80c7fa08a1f929c3a94bcd1e8c24b1f9

SHA1
dcdad514b909ac53c93f210414de40ef1701446c

SHA256
cdcbb25e586542fcd64d63f67f8727c9a756f6c9daba9c3b99c517cc5aeaed4f

SHA512
77a31ba87bfd3c39573b5ec3f2fb43cc8e18c11009ed00e57ef1520b004fa4b46856ded7cca76568cc135941fd9ae453194961424c56dbbf51d97e850f2bba97

Download Submit
C:\Windows\System\PrKgIFE.exe

Filesize
2.0MB

MD5
aec806720829b3c37878b216465ee145

SHA1
977aaca62790ef5cd5106e24ca9e15cbd76c5ac4

SHA256
3333881d3545d549a749052299b619b3462a8231474fed6706c28cf4ab0b8c5e

SHA512
551c1f46d4963e5da5fa5d0be5ffff22800fac85d091de78b2654763a42e02b5bdc638d0e05083d62124add097487ce939785f498224a5e0b9d2c997981b40c2

Download Submit
C:\Windows\System\QHrWMtO.exe

Filesize
126KB

MD5
4b19efac4a2a87dd0d3a501c731af995

SHA1
409bdeb7cb3421de7bf4883706e163c19584ecc3

SHA256
c67ab917ab4bcc727d5392233f1814050ad3bb83506b88d3fed8ac2916206256

SHA512
a700ff304bd68d08655a1dd5075acf9283504bfe35e35cb0feba29f3fc0b1fd24367029d4495c36ff7b8acbff5980d45cacb38a444ab961cf5dddbf2db4d7d85

Download Submit
C:\Windows\System\QHrWMtO.exe

Filesize
2.0MB

MD5
f9d785f2f1b76c5202fc35d4053e3f09

SHA1
b9461e4f75a3c652156620a9072b15622ba13f2a

SHA256
979aa32e7d85ba6319d637481053196619f22656479031c0ebff172df6044192

SHA512
b77770edc7a234d15373b8bf2d278cae0df9a1f3dd514cd30feffd267d75dabb6dedd539ba5d9e950b4f6ad0be82f45da45637415acd2bcc41462d2a1a1a8a74

Download Submit
C:\Windows\System\QWSgESV.exe

Filesize
2.0MB

MD5
d223a9a8e780258165bc80b5cf0c9814

SHA1
4c505e661215f30f39606776b6ed0c39375db2d0

SHA256
244de334ac6ff58f4ffd28f14471395deb4ce0029a88f90919c315edb1e6b4c2

SHA512
338989ad5c3c1b97b2a8d6c337c84e136e430966ad71b513bb66e2abba3725d8f1cc8f89ce101ff3452645df6877b5b6deb54512571c3480ab1983654c2c3e78

Download Submit
C:\Windows\System\QqFiScp.exe

Filesize
2.0MB

MD5
64b6fd239aa7badc47f098de6a74c670

SHA1
b5d9b729e75b2b24dbbac084ea4d5397650e7090

SHA256
5681f9c9493eb82f13c2c0e3a4b0ca1736659b2b6d55e49f97a11b57ecd90596

SHA512
4290b1cb2d28c928dd3dfef75220ede8f75612167de2800e495a91d9bcc41397aaaeecb5cc01b92869dcd75e1a695ddfaad1f3c6216192a8839050e590763a80

Download Submit
C:\Windows\System\SPZRLaZ.exe

Filesize
2.0MB

MD5
febb31334b03ac1c2b935a13a2866bb9

SHA1
7c27ca2470bb2513d35fd7cff8ce59fb45fe3174

SHA256
0aa5778326889796bd09b64f286265f278b5b2f3752a2625f9df4b408882f789

SHA512
dc52a81f38fb2ea824b36021f1e8698aad5affddd488f69f8f56a18686759ba11465838d26452b0bd59c0fc7b8c7c69b731d2296dde3436d352a4c19bf381ce8

Download Submit
C:\Windows\System\TIEftXW.exe

Filesize
2.0MB

MD5
b142d82ed2ee57ad431a3b0997186e70

SHA1
4674ae07cc83688fcd2102d3b3a85453f0075cd8

SHA256
e0d4f03d5fe1a2884b2cea40b018a187ebfdfee5aecffd51a60115a3015677c0

SHA512
a4843fa815356f8dd32e2e67ae4939dc10da3b72104b1f6453d06fbc6d5f0d8215c61986586094ae26bc86f2d88c6e6b50dab6c2541e6ad352ad2d49cf2ee72b

Download Submit
C:\Windows\System\TORpzeF.exe

Filesize
128KB

MD5
7ce4ba1725e83a50f64ba525f8815dcf

SHA1
b1714a2d23cfc42c18c37e1546ac0908d8252c04

SHA256
9f7e171000696500dfb6a966f2c3ddf12dc1a77b8276ef660f14f7b7188d2908

SHA512
2dff777f276295d96892e5749316e2e8892ba50f8398f9972ecc2f6e5378213e3cdd31c7c6ab8360d3490d1ec9e77be4e73ac137e108b2eddff2feaaf600be19

Download Submit
C:\Windows\System\TORpzeF.exe

Filesize
2.0MB

MD5
9edb5e4eca60e9c4493b6e293a579283

SHA1
9fa1d43a6985a726dbe001b2a0fc8934583bdfb1

SHA256
eaa2b5dbe5c00f48e569359db62628dd9a3a925a53940f1d3abda7241b5699ee

SHA512
d15448a8ea41b110fb1ebb18073482de7c3cbdd6ad1c5d97a9452a56719a5aaca7c3c602789cb5f195aac62c794d56a47f29fa308bb77be3acbceb29077ae99e

Download Submit
C:\Windows\System\VZKEtpq.exe

Filesize
2.0MB

MD5
03647bbfb25c8b57d6ad71a8a8af6585

SHA1
386bfa7fe093ab4a1d00a383e340cf0ed9b98745

SHA256
a7c8be0401fd45ce0cdeed7ff5cfcba037016ae6274ea409de19fdf865404612

SHA512
4b000fc86e7c6457c079b31dce8346e1e569e1362b4e79b6d63799e9563ef50c92c7706b84246ea9addba8288e6571c4ff564564a5057723e29493766ba3eff8

Download Submit
C:\Windows\System\WQCUMSQ.exe

Filesize
2.0MB

MD5
d85b1218e270c2a769fd60460a7ec789

SHA1
9ea30245e6f0b5ae0de3092caf11fffa7a7eef2b

SHA256
dce1d2cb3be7c3fdf6627794e7773f74d906c1e268c9527e735f08692ae3ee9f

SHA512
611bf7d08099ae26d1bff11833f8ce0f48de740423a08617d515fd874f1aad54831cff87fb2a67a75d7dbfcf78707a38c3181dd2bbbcadc9fd1594bfb734e2d4

Download Submit
C:\Windows\System\ZNnYRrc.exe

Filesize
384KB

MD5
6207c08555e637186de329c9179e16d9

SHA1
09098b1d2cbfb2ab317439f6c4fc0121d5b8f70a

SHA256
90e60744ec9da51fba847be626db348bca6bdaf98ac91b116446f5b42433003b

SHA512
a17015ce5be9dbe107f45a5361c78d0722d3574d1684f1ab5a78044304a8f13b281179a8bde4be29c0529678da2d8332817db568d46fd1e81541274c1a2a6ea7

Download Submit
C:\Windows\System\ZNnYRrc.exe

Filesize
2.0MB

MD5
d44a033b5b83fa95fe6646a53de35b7e

SHA1
43f8ecf8f5a2ce67eec6436aaeef87a411475729

SHA256
2b768487a8a4633294694ef8ef094e5ba81eede6e0cbcc3dabd4174d9f2445f3

SHA512
3eef0e0c7d1332125bb518e68984829ebd73f2898920ae71669bcd68688dcf9bf6d639fd754efade9205da1d60913b9dc06873208994cd8d42cd09332cfe1322

Download Submit
C:\Windows\System\ciLKgPx.exe

Filesize
2.0MB

MD5
221f190bc4f7740b8ce7352bf0c95174

SHA1
45ea21cebe60aa04e0be797b5ee12a7da88542ae

SHA256
3eb715ae90d64e78db1cc340d7e7569a6e27ded5cdc8e079d1db360dc7680e63

SHA512
76f046cde5f3509fd588d658057d067ccc249fc0f57dcc49cc65392ae0bfacb30298d259492d0dfef1c0885612d9f109a4cef7d11a41798e37b8390d501a7d0f

Download Submit
C:\Windows\System\cqMhcwn.exe

Filesize
2.0MB

MD5
c2a0102b62003435ff23f523294ef837

SHA1
92d5946625f81ddfa059906fd6b8e06c71cda332

SHA256
1eab883dee4f8f40d7fa988d3da5f2467444e3511ed94bd9ddd9ae5de6386528

SHA512
df1f99d694e32e1a7af5e7b5a4a6a5d5955fedd438614345d344af460765e6bbdb94431b78c5ce337593f16eeff21cb403e1ece0399e4055a0b3aaa24b0b1d61

Download Submit
C:\Windows\System\eFYbWQP.exe

Filesize
1.2MB

MD5
1e2c91c252fda2ba969dbe32b0b5ab77

SHA1
ab171f79b0e051763189f6cdb9168dd2af0b084f

SHA256
ea520e081a8e8135310d7168f90c0cf55bf3a607ff8dd73063a44570c10abf00

SHA512
376952619d13e73211b4ad7b27c979d9cc4f6e2961ac10d8f57882bec33161ecb5760b47d8607621ec4be8ef4d760bd317fb45b1946f2e0ffc31af3173e3d0a8

Download Submit
C:\Windows\System\eFYbWQP.exe

Filesize
576KB

MD5
2b325ba998218e1724cf0adeb30ee980

SHA1
91c91f972b93ca21c02dbae5cc375d4e1212c0a0

SHA256
3b509ef9edb2905d68e114a86a101a00bf7ea4fa51d16ade0566e14bca5a50a9

SHA512
d7398cce9bbdb945487f66d7ab2c5fc7624933379c2058d1b197daa7f380b66de5a2145bdf0033355e795b1072c67b0031b7045307d04119888457779d707df5

Download Submit
C:\Windows\System\ehWRvvE.exe

Filesize
2.0MB

MD5
1e0bae273df275c896bbb513ae3242c2

SHA1
be40ee3aaa59f494998188a26eca3e8c438d177d

SHA256
ce067e9cadd2912ab0d642c9ec6f31d2aff9931b848cea784182aa538ed98edb

SHA512
3debb2d03e7037b65f769505e6d164d8f1f3045db1b1076de071512fb493e26a29d8224be22bb85be53d5345471777471c24dc47ee09e09121a4aeaf030b4621

Download Submit
C:\Windows\System\ehWRvvE.exe

Filesize
448KB

MD5
0642442db4acbbfb6037e06789624264

SHA1
923aee440a6887c7a7a8a78085aa492b2cdcee65

SHA256
5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85

SHA512
7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

Download Submit
C:\Windows\System\evZEXOj.exe

Filesize
2.0MB

MD5
929d571e581662017959a5ad38ee0097

SHA1
ab0e1a7119014f662b2bb26f1dab4918df1a6c7b

SHA256
e969600f3780fba3de0635aa1c40a7ccddb22784e7c998d95e0c4e9dc5bc5834

SHA512
37e11f9aecb6b4076e759114a1bbbfdf9c5e80ad330568c9387c89f84b66c5a724271b19d963204e5e17876b5f24e470eb2847dcd67ae4098ce811ff563aea48

Download Submit
C:\Windows\System\ilzrvQr.exe

Filesize
2.0MB

MD5
cca4795636910cd84b6691df182828e8

SHA1
8194b815e4f47c4e5f08b8d182bf0dcf8cf5849e

SHA256
c0774471cf04252bb1b21173f55b386197122670812df9b694bfd349eae38ac8

SHA512
904b7fcefa414240f434500a4cbb2a79acc3b44d6b709402bf52f9e050d4804f85c4699b3b8c64489ff39a66c75c3cd7884a8548a8a7a6bb617a8edbd98ee32b

Download Submit
C:\Windows\System\kcbZXmX.exe

Filesize
2.0MB

MD5
2b17b0c48aef7fd6a9b930b5a561db45

SHA1
966c99a4793e9925b27b2ee995bdc7952643a2f5

SHA256
95ebb4bcaa8474a4c3f99474a26d6a48cc14333832144c7852659134f069baa2

SHA512
0fce935eaf8b65741a4f66b711835d6bb50df528de492ff15b9aeaaf45310c5397a14105cc51d097d39e15e913a0097ebc133a630005417dfeec3c5668e7b04b

Download Submit
C:\Windows\System\nDgdnmk.exe

Filesize
2.0MB

MD5
bcf7023fcc7053d26cc6b235ad811f61

SHA1
645079db16d9961ddf76c2210c273d1a3064371e

SHA256
d148443c0aa5e229f0568244aaf7f1916035783a4e61771115a9df63117d9687

SHA512
a7bfd8689d0204c5c0d0503b9c38b937391c774ea8258042efc88c43d1ae0eb82742273c842489c2d269ddce701c9ee6fa7fa206f71d087dc79521a442ce2796

Download Submit
C:\Windows\System\nDgdnmk.exe

Filesize
14KB

MD5
dc44fb2b3e57e75c8602aa4c49539a5a

SHA1
24d941c20591e062b13370ff61695ba9a0df3ddd

SHA256
239057df4cfe21552e1f81bd6c8a1d05dc2da476fa8d51f2abc685d5edb284e7

SHA512
df7086ec197871656f6dbb264459c3e607921ef5f7df012183b1e78378425131eb62a52ea1cb4abef39705630474c99405c280f76d05f98848003a90ee35f713

Download Submit
C:\Windows\System\oCayzKM.exe

Filesize
2.0MB

MD5
9c2d98f343b619bfa829a3d281360474

SHA1
19b6d1a51ce62e8697cd9839035bd0206950af70

SHA256
932363b65e4964d96a887f1cb65c76195897129da2b8245dbf971f3cfa449537

SHA512
9bd175fdf621a34c9f1d7bf2c928d09ac00c674cc543ee85e73cf4f6027aa8b6ede05b5d82695e581f2a35a8eabf9155a5956ce2562c0ae4d44bac39362f7e03

Download Submit
C:\Windows\System\ohDnIkN.exe

Filesize
2.0MB

MD5
b2a3cfe04dd3fec45a251efd78059ba2

SHA1
bb9dc511362851679a177020c4104513c7b39f2c

SHA256
508b3384e3d1c73218fd563ce643060cdf7116f5590846328fbaa89bee0fba66

SHA512
46a6ea04be0dc8d26a93cc3ead823bba0de9a841bc799de70ea7b80cf11c6fa3b9727a7dbb52ac46c58ed98c4e8e98cdf62ddd2dd80016d17899aa9b90fe04c8

Download Submit
C:\Windows\System\pEYStpM.exe

Filesize
2.0MB

MD5
5c03ba8782ae65e815040169f5a4d091

SHA1
30256eb7087a89447ea9d8c262c47f904d937935

SHA256
fe9080aa2954bcef4844b9a05fc94a2affc068d53df1cce6f9bfbeeb5bf98c0b

SHA512
e9f17b7768e2a219ed3aab89bd77aebc2a700fe3a56cce5f5c20306ee21d4af26bc09fdb560e5fa189e07d27d825cc38b43152d69e12bd00d0324e795e458ee7

Download Submit
C:\Windows\System\qCTQBPY.exe

Filesize
2.0MB

MD5
c0397d1878f16ec6023a3c23a545cbcf

SHA1
5143173943203be1d8edebea30fb47866fc54f8a

SHA256
3f8424a2fe19de0436072c60d6c2b9e7ee37b3f6a3802b014d04be881520164d

SHA512
fd2ab2b1e6e226489d662169d1e6455791e564a5510794163f2d0ca45b3a8a4d3a07c0895204f42e9415472c07777efeeda25bd35d4e57e8b3520605a1b47f75

Download Submit
C:\Windows\System\rCKzkru.exe

Filesize
2.0MB

MD5
9bece007e9cee9478b6b5bbb67d934e7

SHA1
3c8a59efc1e09c9cf083ebbae1a99c2099174a6d

SHA256
fe1338faea89ef7b3dee83d7532890d92bb3e5d73d35a7051a3116901cdf6f60

SHA512
c240b32d95214742e70bc9a76fb5f046f08b50a4bab81bce92d8395b0c2ec4e4d68f224dca1eb7ce79d7dd955f32e608df4fadac5c3d82bf49cc441f5cd4cc33

Download Submit
C:\Windows\System\xWLDrDl.exe

Filesize
2.0MB

MD5
c600306134a85b0a4bc0e3262e005ead

SHA1
cd8f7ce42519bfb7fc5c946194a434b7cf906b54

SHA256
611196a0849d0a4f1cf2cdabb1b4d9df793b26caea1f20a3ea78577ae6bfd667

SHA512
ae6f66569c86a805073a250ab19d1ed406b7c5d4cb30772b9d21352450fdf0502335b6cdc3c9d0460cba1ea94cbb6ea7b5fa1369a2946473edf8aae774340030

Download Submit
C:\Windows\System\yRkfWyJ.exe

Filesize
2.0MB

MD5
5d968c6684c6365277ca5ff0877f1488

SHA1
c5ac0be907ab39a461c5fd0ee0f44976295837f2

SHA256
5af51193a2e4a40acd0c6301f3adeb1505d801becd614aedfa978a0e18297ad7

SHA512
40b4e6c1df70d15e5dd6e3c2bac678778f22bcb8698c210e0d5580efa9758de47bf64e2b4d395a981e73e79cf1781b83ec290da55b49240a67064884b32c7f6b

Download Submit
C:\Windows\System\yRkfWyJ.exe

Filesize
64KB

MD5
51e4020b90426a266032ae5bcb74e5b3

SHA1
242fa8dc7d05d7b78f629fe2652627274810a122

SHA256
5984cb4794a67b4fd33c39a8582f294030d387db17fdb4933391142fb7f614c6

SHA512
5acda5a7b0ce962164cbb0c2fe75fb43a2d35d269fbb33e0eda06f3daf5a3cc37b11c0b76c58b3b3846604a879813821c87b0ead541065090905bfc897125758

Download Submit
C:\Windows\System\yqPCOGj.exe

Filesize
2.0MB

MD5
20e015d94c7e46a583efd926a4a67fda

SHA1
d41f60e743bc55f75c963fdb7364aad3b44459ac

SHA256
6182083184a362e6a92c51c0b99acfae68594d81a095f48863cd977891c21a0e

SHA512
eff8deb3ea38e627ad46d973e1a882d9fdbb94cbc4f0f4c1aa295fedb207943414ff1f92937f42cd9bd63c4d6145511f93805cb8d0300e037f5ce40116e82cbd

Download Submit
memory/312-43-0x00007FF688700000-0x00007FF688A54000-memory.dmp

Filesize
3.3MB

Download
memory/544-311-0x00007FF619000000-0x00007FF619354000-memory.dmp

Filesize
3.3MB

Download
memory/548-283-0x00007FF770440000-0x00007FF770794000-memory.dmp

Filesize
3.3MB

Download
memory/636-196-0x00007FF617A30000-0x00007FF617D84000-memory.dmp

Filesize
3.3MB

Download
memory/736-236-0x00007FF7049F0000-0x00007FF704D44000-memory.dmp

Filesize
3.3MB

Download
memory/868-226-0x00007FF7550C0000-0x00007FF755414000-memory.dmp

Filesize
3.3MB

Download
memory/928-320-0x00007FF749680000-0x00007FF7499D4000-memory.dmp

Filesize
3.3MB

Download
memory/1012-178-0x00007FF7EB7B0000-0x00007FF7EBB04000-memory.dmp

Filesize
3.3MB

Download
memory/1332-14-0x00007FF6BDD50000-0x00007FF6BE0A4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-186-0x00007FF760270000-0x00007FF7605C4000-memory.dmp

Filesize
3.3MB

Download
memory/1516-173-0x00007FF75A220000-0x00007FF75A574000-memory.dmp

Filesize
3.3MB

Download
memory/1544-99-0x00007FF6A1EA0000-0x00007FF6A21F4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-344-0x00007FF690620000-0x00007FF690974000-memory.dmp

Filesize
3.3MB

Download
memory/1596-300-0x00007FF7483D0000-0x00007FF748724000-memory.dmp

Filesize
3.3MB

Download
memory/1728-125-0x00007FF625810000-0x00007FF625B64000-memory.dmp

Filesize
3.3MB

Download
memory/1872-231-0x00007FF690740000-0x00007FF690A94000-memory.dmp

Filesize
3.3MB

Download
memory/1884-24-0x00007FF632360000-0x00007FF6326B4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-305-0x00007FF77F7F0000-0x00007FF77FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2164-91-0x00007FF63A860000-0x00007FF63ABB4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-116-0x00007FF64FFC0000-0x00007FF650314000-memory.dmp

Filesize
3.3MB

Download
memory/2200-83-0x00007FF61F060000-0x00007FF61F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-134-0x00007FF6B99B0000-0x00007FF6B9D04000-memory.dmp

Filesize
3.3MB

Download
memory/2284-221-0x00007FF60FC90000-0x00007FF60FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-328-0x00007FF739B00000-0x00007FF739E54000-memory.dmp

Filesize
3.3MB

Download
memory/2500-294-0x00007FF6C16A0000-0x00007FF6C19F4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-211-0x00007FF677990000-0x00007FF677CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-96-0x00007FF7EAB60000-0x00007FF7EAEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-143-0x00007FF763580000-0x00007FF7638D4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-191-0x00007FF6D83D0000-0x00007FF6D8724000-memory.dmp

Filesize
3.3MB

Download
memory/3048-291-0x00007FF72F860000-0x00007FF72FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-331-0x00007FF78F3A0000-0x00007FF78F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3088-278-0x00007FF62C230000-0x00007FF62C584000-memory.dmp

Filesize
3.3MB

Download
memory/3124-247-0x00007FF7C7650000-0x00007FF7C79A4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-308-0x00007FF682100000-0x00007FF682454000-memory.dmp

Filesize
3.3MB

Download
memory/3256-67-0x00007FF61AD70000-0x00007FF61B0C4000-memory.dmp

Filesize
3.3MB

Download
memory/3260-0-0x00007FF6EC1D0000-0x00007FF6EC524000-memory.dmp

Filesize
3.3MB

Download
memory/3260-1-0x00000140FE820000-0x00000140FE830000-memory.dmp

Filesize
64KB

Download
memory/3308-216-0x00007FF7D73F0000-0x00007FF7D7744000-memory.dmp

Filesize
3.3MB

Download
memory/3312-265-0x00007FF64A470000-0x00007FF64A7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3328-260-0x00007FF705DD0000-0x00007FF706124000-memory.dmp

Filesize
3.3MB

Download
memory/3348-201-0x00007FF6050F0000-0x00007FF605444000-memory.dmp

Filesize
3.3MB

Download
memory/3368-339-0x00007FF60D970000-0x00007FF60DCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3384-250-0x00007FF6B35F0000-0x00007FF6B3944000-memory.dmp

Filesize
3.3MB

Download
memory/3416-244-0x00007FF709140000-0x00007FF709494000-memory.dmp

Filesize
3.3MB

Download
memory/3536-50-0x00007FF72C680000-0x00007FF72C9D4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-270-0x00007FF6C1DB0000-0x00007FF6C2104000-memory.dmp

Filesize
3.3MB

Download
memory/3720-60-0x00007FF75DE20000-0x00007FF75E174000-memory.dmp

Filesize
3.3MB

Download
memory/3752-273-0x00007FF7B6F90000-0x00007FF7B72E4000-memory.dmp

Filesize
3.3MB

Download
memory/3764-297-0x00007FF6F7DD0000-0x00007FF6F8124000-memory.dmp

Filesize
3.3MB

Download
memory/4008-107-0x00007FF725100000-0x00007FF725454000-memory.dmp

Filesize
3.3MB

Download
memory/4132-334-0x00007FF6102D0000-0x00007FF610624000-memory.dmp

Filesize
3.3MB

Download
memory/4188-168-0x00007FF773090000-0x00007FF7733E4000-memory.dmp

Filesize
3.3MB

Download
memory/4224-317-0x00007FF7431B0000-0x00007FF743504000-memory.dmp

Filesize
3.3MB

Download
memory/4260-314-0x00007FF749B00000-0x00007FF749E54000-memory.dmp

Filesize
3.3MB

Download
memory/4280-206-0x00007FF6FFD20000-0x00007FF700074000-memory.dmp

Filesize
3.3MB

Download
memory/4336-288-0x00007FF6016E0000-0x00007FF601A34000-memory.dmp

Filesize
3.3MB

Download
memory/4360-161-0x00007FF746790000-0x00007FF746AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-323-0x00007FF672750000-0x00007FF672AA4000-memory.dmp

Filesize
3.3MB

Download
memory/4684-239-0x00007FF67E7C0000-0x00007FF67EB14000-memory.dmp

Filesize
3.3MB

Download
memory/4728-11-0x00007FF694AD0000-0x00007FF694E24000-memory.dmp

Filesize
3.3MB

Download
memory/4800-152-0x00007FF77AEE0000-0x00007FF77B234000-memory.dmp

Filesize
3.3MB

Download
memory/4888-111-0x00007FF77C350000-0x00007FF77C6A4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-255-0x00007FF706FA0000-0x00007FF7072F4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-181-0x00007FF718060000-0x00007FF7183B4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-77-0x00007FF66FF90000-0x00007FF6702E4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads