xmrig | 7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
Size

3.4MB
MD5

7c4f355838013ce9baac895f2fdde9af
SHA1

13d6d07d9c63b4e2389d12ff6f060ffab363de80
SHA256

7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497
SHA512

26697258ff62cab163121a5c6a55688ca272af0e5c878d7d592e2af22b9ef45d12421a125475107b9a8362cd63497fb6c427f983a41e61e6aa98423abdbec111
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc404:wFWPClFk4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2624-0-0x00007FF68E950000-0x00007FF68ED45000-memory.dmp	UPX
C:\Windows\System32\Cxafsrp.exe	UPX
C:\Windows\System32\fXXNwDm.exe	UPX
C:\Windows\System32\QQnVHEm.exe	UPX
C:\Windows\System32\ksRxsnJ.exe	UPX
behavioral2/memory/3640-27-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	UPX
behavioral2/memory/1212-31-0x00007FF6679F0000-0x00007FF667DE5000-memory.dmp	UPX
C:\Windows\System32\BhpJHyj.exe	UPX
C:\Windows\System32\BTwvvkc.exe	UPX
C:\Windows\System32\gpBhRea.exe	UPX
C:\Windows\System32\YsHspAl.exe	UPX
C:\Windows\System32\FgTaTfR.exe	UPX
C:\Windows\System32\SCSFctb.exe	UPX
C:\Windows\System32\OqiAnSQ.exe	UPX
C:\Windows\System32\AyDVlAA.exe	UPX
C:\Windows\System32\PSVZLvS.exe	UPX
C:\Windows\System32\UVIxwCz.exe	UPX
C:\Windows\System32\lyPgtSZ.exe	UPX
C:\Windows\System32\YRqnlQh.exe	UPX
C:\Windows\System32\YkviqQC.exe	UPX
behavioral2/memory/4752-819-0x00007FF6003E0000-0x00007FF6007D5000-memory.dmp	UPX
C:\Windows\System32\nvQddRM.exe	UPX
C:\Windows\System32\TdaklYM.exe	UPX
C:\Windows\System32\RKVxQfG.exe	UPX
C:\Windows\System32\WmDbKVV.exe	UPX
C:\Windows\System32\SAvIvrv.exe	UPX
C:\Windows\System32\OvoCKrf.exe	UPX
C:\Windows\System32\uzUyWFE.exe	UPX
C:\Windows\System32\yTDJaaH.exe	UPX
C:\Windows\System32\JhfOhZO.exe	UPX
C:\Windows\System32\TwUAXcy.exe	UPX
C:\Windows\System32\xtWDtfp.exe	UPX
C:\Windows\System32\uNUMAis.exe	UPX
C:\Windows\System32\UALrVTH.exe	UPX
C:\Windows\System32\SxqxpQs.exe	UPX
behavioral2/memory/2792-28-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	UPX
C:\Windows\System32\BoOUjEq.exe	UPX
behavioral2/memory/4428-15-0x00007FF755C00000-0x00007FF755FF5000-memory.dmp	UPX
behavioral2/memory/2756-873-0x00007FF681960000-0x00007FF681D55000-memory.dmp	UPX
behavioral2/memory/4464-917-0x00007FF61BBE0000-0x00007FF61BFD5000-memory.dmp	UPX
behavioral2/memory/1284-925-0x00007FF6722E0000-0x00007FF6726D5000-memory.dmp	UPX
behavioral2/memory/3056-984-0x00007FF707160000-0x00007FF707555000-memory.dmp	UPX
behavioral2/memory/3852-983-0x00007FF602DB0000-0x00007FF6031A5000-memory.dmp	UPX
behavioral2/memory/3036-981-0x00007FF6D6AF0000-0x00007FF6D6EE5000-memory.dmp	UPX
behavioral2/memory/4432-914-0x00007FF6A4FC0000-0x00007FF6A53B5000-memory.dmp	UPX
behavioral2/memory/4384-907-0x00007FF6DB440000-0x00007FF6DB835000-memory.dmp	UPX
behavioral2/memory/4896-895-0x00007FF7CA0C0000-0x00007FF7CA4B5000-memory.dmp	UPX
behavioral2/memory/468-890-0x00007FF7E89C0000-0x00007FF7E8DB5000-memory.dmp	UPX
behavioral2/memory/2764-882-0x00007FF608B90000-0x00007FF608F85000-memory.dmp	UPX
behavioral2/memory/2320-863-0x00007FF631C70000-0x00007FF632065000-memory.dmp	UPX
behavioral2/memory/2584-857-0x00007FF6328E0000-0x00007FF632CD5000-memory.dmp	UPX
behavioral2/memory/996-852-0x00007FF6DF420000-0x00007FF6DF815000-memory.dmp	UPX
behavioral2/memory/3552-845-0x00007FF61AA70000-0x00007FF61AE65000-memory.dmp	UPX
behavioral2/memory/3060-841-0x00007FF680D00000-0x00007FF6810F5000-memory.dmp	UPX
behavioral2/memory/4360-835-0x00007FF78E920000-0x00007FF78ED15000-memory.dmp	UPX
behavioral2/memory/2300-829-0x00007FF7BB0C0000-0x00007FF7BB4B5000-memory.dmp	UPX
behavioral2/memory/1012-824-0x00007FF74BD80000-0x00007FF74C175000-memory.dmp	UPX
behavioral2/memory/2624-1941-0x00007FF68E950000-0x00007FF68ED45000-memory.dmp	UPX
behavioral2/memory/3640-1942-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	UPX
behavioral2/memory/2792-1943-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	UPX
behavioral2/memory/4428-1944-0x00007FF755C00000-0x00007FF755FF5000-memory.dmp	UPX
behavioral2/memory/1212-1945-0x00007FF6679F0000-0x00007FF667DE5000-memory.dmp	UPX
behavioral2/memory/3640-1946-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	UPX
behavioral2/memory/2792-1949-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2624-0-0x00007FF68E950000-0x00007FF68ED45000-memory.dmp	xmrig
C:\Windows\System32\Cxafsrp.exe	xmrig
C:\Windows\System32\fXXNwDm.exe	xmrig
C:\Windows\System32\QQnVHEm.exe	xmrig
C:\Windows\System32\ksRxsnJ.exe	xmrig
behavioral2/memory/3640-27-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	xmrig
behavioral2/memory/1212-31-0x00007FF6679F0000-0x00007FF667DE5000-memory.dmp	xmrig
C:\Windows\System32\BhpJHyj.exe	xmrig
C:\Windows\System32\BTwvvkc.exe	xmrig
C:\Windows\System32\gpBhRea.exe	xmrig
C:\Windows\System32\YsHspAl.exe	xmrig
C:\Windows\System32\FgTaTfR.exe	xmrig
C:\Windows\System32\SCSFctb.exe	xmrig
C:\Windows\System32\OqiAnSQ.exe	xmrig
C:\Windows\System32\AyDVlAA.exe	xmrig
C:\Windows\System32\PSVZLvS.exe	xmrig
C:\Windows\System32\UVIxwCz.exe	xmrig
C:\Windows\System32\lyPgtSZ.exe	xmrig
C:\Windows\System32\YRqnlQh.exe	xmrig
C:\Windows\System32\YkviqQC.exe	xmrig
behavioral2/memory/4752-819-0x00007FF6003E0000-0x00007FF6007D5000-memory.dmp	xmrig
C:\Windows\System32\nvQddRM.exe	xmrig
C:\Windows\System32\TdaklYM.exe	xmrig
C:\Windows\System32\RKVxQfG.exe	xmrig
C:\Windows\System32\WmDbKVV.exe	xmrig
C:\Windows\System32\SAvIvrv.exe	xmrig
C:\Windows\System32\OvoCKrf.exe	xmrig
C:\Windows\System32\uzUyWFE.exe	xmrig
C:\Windows\System32\yTDJaaH.exe	xmrig
C:\Windows\System32\JhfOhZO.exe	xmrig
C:\Windows\System32\TwUAXcy.exe	xmrig
C:\Windows\System32\xtWDtfp.exe	xmrig
C:\Windows\System32\uNUMAis.exe	xmrig
C:\Windows\System32\UALrVTH.exe	xmrig
C:\Windows\System32\SxqxpQs.exe	xmrig
behavioral2/memory/2792-28-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	xmrig
C:\Windows\System32\BoOUjEq.exe	xmrig
behavioral2/memory/4428-15-0x00007FF755C00000-0x00007FF755FF5000-memory.dmp	xmrig
behavioral2/memory/2756-873-0x00007FF681960000-0x00007FF681D55000-memory.dmp	xmrig
behavioral2/memory/4464-917-0x00007FF61BBE0000-0x00007FF61BFD5000-memory.dmp	xmrig
behavioral2/memory/1284-925-0x00007FF6722E0000-0x00007FF6726D5000-memory.dmp	xmrig
behavioral2/memory/3056-984-0x00007FF707160000-0x00007FF707555000-memory.dmp	xmrig
behavioral2/memory/3852-983-0x00007FF602DB0000-0x00007FF6031A5000-memory.dmp	xmrig
behavioral2/memory/3036-981-0x00007FF6D6AF0000-0x00007FF6D6EE5000-memory.dmp	xmrig
behavioral2/memory/4432-914-0x00007FF6A4FC0000-0x00007FF6A53B5000-memory.dmp	xmrig
behavioral2/memory/4384-907-0x00007FF6DB440000-0x00007FF6DB835000-memory.dmp	xmrig
behavioral2/memory/4896-895-0x00007FF7CA0C0000-0x00007FF7CA4B5000-memory.dmp	xmrig
behavioral2/memory/468-890-0x00007FF7E89C0000-0x00007FF7E8DB5000-memory.dmp	xmrig
behavioral2/memory/2764-882-0x00007FF608B90000-0x00007FF608F85000-memory.dmp	xmrig
behavioral2/memory/2320-863-0x00007FF631C70000-0x00007FF632065000-memory.dmp	xmrig
behavioral2/memory/2584-857-0x00007FF6328E0000-0x00007FF632CD5000-memory.dmp	xmrig
behavioral2/memory/996-852-0x00007FF6DF420000-0x00007FF6DF815000-memory.dmp	xmrig
behavioral2/memory/3552-845-0x00007FF61AA70000-0x00007FF61AE65000-memory.dmp	xmrig
behavioral2/memory/3060-841-0x00007FF680D00000-0x00007FF6810F5000-memory.dmp	xmrig
behavioral2/memory/4360-835-0x00007FF78E920000-0x00007FF78ED15000-memory.dmp	xmrig
behavioral2/memory/2300-829-0x00007FF7BB0C0000-0x00007FF7BB4B5000-memory.dmp	xmrig
behavioral2/memory/1012-824-0x00007FF74BD80000-0x00007FF74C175000-memory.dmp	xmrig
behavioral2/memory/2624-1941-0x00007FF68E950000-0x00007FF68ED45000-memory.dmp	xmrig
behavioral2/memory/3640-1942-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	xmrig
behavioral2/memory/2792-1943-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	xmrig
behavioral2/memory/4428-1944-0x00007FF755C00000-0x00007FF755FF5000-memory.dmp	xmrig
behavioral2/memory/1212-1945-0x00007FF6679F0000-0x00007FF667DE5000-memory.dmp	xmrig
behavioral2/memory/3640-1946-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	xmrig
behavioral2/memory/2792-1949-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

Cxafsrp.exefXXNwDm.exeQQnVHEm.exeksRxsnJ.exeBoOUjEq.exeBhpJHyj.exeBTwvvkc.exeSxqxpQs.exegpBhRea.exeUALrVTH.exeYsHspAl.exeFgTaTfR.exeuNUMAis.exeSCSFctb.exeOqiAnSQ.exextWDtfp.exeTwUAXcy.exeJhfOhZO.exeyTDJaaH.exeAyDVlAA.exeuzUyWFE.exeOvoCKrf.exePSVZLvS.exeUVIxwCz.exeSAvIvrv.exelyPgtSZ.exeWmDbKVV.exeRKVxQfG.exeYRqnlQh.exeTdaklYM.exenvQddRM.exeYkviqQC.exenfFvXcs.exeVTnjNAF.exeEAgvihn.exexKJlusU.exeHolUiPx.exeBnoDRGU.exeCjddLxj.exeSARYYdH.exeLNaHzrU.exeZhjqgUh.exehRBAMZO.exebkmZDQP.exesKvKpRq.exeEIjvgjz.exeveLajNd.exenUGqZls.exeXLfuxOo.exeCPGuUHM.exeiCpVKCM.exekjdNrTf.exeLaDUabt.exetCHXHlM.exezmYzbkC.exeoWSKNEs.exeehXJqlU.exerdBNXmc.exeVxKtzsU.exeEYXAqyL.exehjEvUid.exekrnnMml.exerhuNEeR.exeVWiAvhU.exe

pid	process
4428	Cxafsrp.exe
1212	fXXNwDm.exe
3640	QQnVHEm.exe
4752	ksRxsnJ.exe
2792	BoOUjEq.exe
3056	BhpJHyj.exe
1012	BTwvvkc.exe
2300	SxqxpQs.exe
4360	gpBhRea.exe
3060	UALrVTH.exe
3552	YsHspAl.exe
996	FgTaTfR.exe
2584	uNUMAis.exe
2320	SCSFctb.exe
2756	OqiAnSQ.exe
2764	xtWDtfp.exe
468	TwUAXcy.exe
4896	JhfOhZO.exe
4384	yTDJaaH.exe
4432	AyDVlAA.exe
4464	uzUyWFE.exe
1284	OvoCKrf.exe
3036	PSVZLvS.exe
3852	UVIxwCz.exe
452	SAvIvrv.exe
2516	lyPgtSZ.exe
3604	WmDbKVV.exe
3284	RKVxQfG.exe
212	YRqnlQh.exe
3092	TdaklYM.exe
3980	nvQddRM.exe
2540	YkviqQC.exe
2704	nfFvXcs.exe
4336	VTnjNAF.exe
1196	EAgvihn.exe
4456	xKJlusU.exe
2688	HolUiPx.exe
1052	BnoDRGU.exe
2424	CjddLxj.exe
4176	SARYYdH.exe
1596	LNaHzrU.exe
1500	ZhjqgUh.exe
376	hRBAMZO.exe
2168	bkmZDQP.exe
4916	sKvKpRq.exe
4392	EIjvgjz.exe
2692	veLajNd.exe
3232	nUGqZls.exe
4340	XLfuxOo.exe
4816	CPGuUHM.exe
3252	iCpVKCM.exe
4920	kjdNrTf.exe
4040	LaDUabt.exe
2344	tCHXHlM.exe
3672	zmYzbkC.exe
4848	oWSKNEs.exe
3788	ehXJqlU.exe
4624	rdBNXmc.exe
560	VxKtzsU.exe
3416	EYXAqyL.exe
3508	hjEvUid.exe
1820	krnnMml.exe
3488	rhuNEeR.exe
4480	VWiAvhU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2624-0-0x00007FF68E950000-0x00007FF68ED45000-memory.dmp	upx
C:\Windows\System32\Cxafsrp.exe	upx
C:\Windows\System32\fXXNwDm.exe	upx
C:\Windows\System32\QQnVHEm.exe	upx
C:\Windows\System32\ksRxsnJ.exe	upx
behavioral2/memory/3640-27-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	upx
behavioral2/memory/1212-31-0x00007FF6679F0000-0x00007FF667DE5000-memory.dmp	upx
C:\Windows\System32\BhpJHyj.exe	upx
C:\Windows\System32\BTwvvkc.exe	upx
C:\Windows\System32\gpBhRea.exe	upx
C:\Windows\System32\YsHspAl.exe	upx
C:\Windows\System32\FgTaTfR.exe	upx
C:\Windows\System32\SCSFctb.exe	upx
C:\Windows\System32\OqiAnSQ.exe	upx
C:\Windows\System32\AyDVlAA.exe	upx
C:\Windows\System32\PSVZLvS.exe	upx
C:\Windows\System32\UVIxwCz.exe	upx
C:\Windows\System32\lyPgtSZ.exe	upx
C:\Windows\System32\YRqnlQh.exe	upx
C:\Windows\System32\YkviqQC.exe	upx
behavioral2/memory/4752-819-0x00007FF6003E0000-0x00007FF6007D5000-memory.dmp	upx
C:\Windows\System32\nvQddRM.exe	upx
C:\Windows\System32\TdaklYM.exe	upx
C:\Windows\System32\RKVxQfG.exe	upx
C:\Windows\System32\WmDbKVV.exe	upx
C:\Windows\System32\SAvIvrv.exe	upx
C:\Windows\System32\OvoCKrf.exe	upx
C:\Windows\System32\uzUyWFE.exe	upx
C:\Windows\System32\yTDJaaH.exe	upx
C:\Windows\System32\JhfOhZO.exe	upx
C:\Windows\System32\TwUAXcy.exe	upx
C:\Windows\System32\xtWDtfp.exe	upx
C:\Windows\System32\uNUMAis.exe	upx
C:\Windows\System32\UALrVTH.exe	upx
C:\Windows\System32\SxqxpQs.exe	upx
behavioral2/memory/2792-28-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	upx
C:\Windows\System32\BoOUjEq.exe	upx
behavioral2/memory/4428-15-0x00007FF755C00000-0x00007FF755FF5000-memory.dmp	upx
behavioral2/memory/2756-873-0x00007FF681960000-0x00007FF681D55000-memory.dmp	upx
behavioral2/memory/4464-917-0x00007FF61BBE0000-0x00007FF61BFD5000-memory.dmp	upx
behavioral2/memory/1284-925-0x00007FF6722E0000-0x00007FF6726D5000-memory.dmp	upx
behavioral2/memory/3056-984-0x00007FF707160000-0x00007FF707555000-memory.dmp	upx
behavioral2/memory/3852-983-0x00007FF602DB0000-0x00007FF6031A5000-memory.dmp	upx
behavioral2/memory/3036-981-0x00007FF6D6AF0000-0x00007FF6D6EE5000-memory.dmp	upx
behavioral2/memory/4432-914-0x00007FF6A4FC0000-0x00007FF6A53B5000-memory.dmp	upx
behavioral2/memory/4384-907-0x00007FF6DB440000-0x00007FF6DB835000-memory.dmp	upx
behavioral2/memory/4896-895-0x00007FF7CA0C0000-0x00007FF7CA4B5000-memory.dmp	upx
behavioral2/memory/468-890-0x00007FF7E89C0000-0x00007FF7E8DB5000-memory.dmp	upx
behavioral2/memory/2764-882-0x00007FF608B90000-0x00007FF608F85000-memory.dmp	upx
behavioral2/memory/2320-863-0x00007FF631C70000-0x00007FF632065000-memory.dmp	upx
behavioral2/memory/2584-857-0x00007FF6328E0000-0x00007FF632CD5000-memory.dmp	upx
behavioral2/memory/996-852-0x00007FF6DF420000-0x00007FF6DF815000-memory.dmp	upx
behavioral2/memory/3552-845-0x00007FF61AA70000-0x00007FF61AE65000-memory.dmp	upx
behavioral2/memory/3060-841-0x00007FF680D00000-0x00007FF6810F5000-memory.dmp	upx
behavioral2/memory/4360-835-0x00007FF78E920000-0x00007FF78ED15000-memory.dmp	upx
behavioral2/memory/2300-829-0x00007FF7BB0C0000-0x00007FF7BB4B5000-memory.dmp	upx
behavioral2/memory/1012-824-0x00007FF74BD80000-0x00007FF74C175000-memory.dmp	upx
behavioral2/memory/2624-1941-0x00007FF68E950000-0x00007FF68ED45000-memory.dmp	upx
behavioral2/memory/3640-1942-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	upx
behavioral2/memory/2792-1943-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	upx
behavioral2/memory/4428-1944-0x00007FF755C00000-0x00007FF755FF5000-memory.dmp	upx
behavioral2/memory/1212-1945-0x00007FF6679F0000-0x00007FF667DE5000-memory.dmp	upx
behavioral2/memory/3640-1946-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp	upx
behavioral2/memory/2792-1949-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

Processes:

7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe

description	ioc	process
File created	C:\Windows\System32\jEKJwxq.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\JfyrObM.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\MIDbnir.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\KInHayp.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\BjnoZvY.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\uTLdVvw.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\saVTDQK.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\yxZcAMu.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\BsOtYBb.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\kZOkmGN.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\iyidkic.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\GXyscCb.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\EUhdUsm.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\UwvwATi.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\UVyIoRF.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\EeEFMkF.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\fXXNwDm.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\qnkfixa.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\DulslMw.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\JvTIgnk.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\AOdFKjd.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\RyqHKur.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\EfVYHZu.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\YxjBEDb.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\LpmRvTJ.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\nHPStjc.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\wBEPTFX.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\SoTnkcG.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\falHyaG.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\XLfuxOo.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\bwuDmfM.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\yTrBjob.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\qjtVnVI.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\hlrVzaC.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\CLeuarG.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\BoOUjEq.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\oLclsJb.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\knbYiDd.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\oWEVwiA.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\rynwavV.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\fmRckGB.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\jYISFrg.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\FoJzDVr.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\pDMcqOw.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\EhWEIik.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\SyayNft.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\WOrSEFR.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\AhNjxON.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\mNTrljg.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\XUKpSrH.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\zDFXCSw.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\drplheE.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\UXmnyaU.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\haDfonC.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\GtMqQbD.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\QwlryEX.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\mJmOEmY.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\GzAuTqH.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\VjGryQD.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\zWgweQU.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\LIaCtme.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\lqUVJpR.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\BizFulB.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
File created	C:\Windows\System32\yTDJaaH.exe	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	13172	dwm.exe
Token: SeChangeNotifyPrivilege	13172	dwm.exe
Token: 33	13172	dwm.exe
Token: SeIncBasePriorityPrivilege	13172	dwm.exe
Token: SeShutdownPrivilege	13172	dwm.exe
Token: SeCreatePagefilePrivilege	13172	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe

description	pid	process	target process
PID 2624 wrote to memory of 4428	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	Cxafsrp.exe
PID 2624 wrote to memory of 4428	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	Cxafsrp.exe
PID 2624 wrote to memory of 1212	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	fXXNwDm.exe
PID 2624 wrote to memory of 1212	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	fXXNwDm.exe
PID 2624 wrote to memory of 3640	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	QQnVHEm.exe
PID 2624 wrote to memory of 3640	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	QQnVHEm.exe
PID 2624 wrote to memory of 4752	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	ksRxsnJ.exe
PID 2624 wrote to memory of 4752	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	ksRxsnJ.exe
PID 2624 wrote to memory of 2792	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	BoOUjEq.exe
PID 2624 wrote to memory of 2792	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	BoOUjEq.exe
PID 2624 wrote to memory of 3056	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	BhpJHyj.exe
PID 2624 wrote to memory of 3056	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	BhpJHyj.exe
PID 2624 wrote to memory of 1012	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	BTwvvkc.exe
PID 2624 wrote to memory of 1012	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	BTwvvkc.exe
PID 2624 wrote to memory of 2300	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	SxqxpQs.exe
PID 2624 wrote to memory of 2300	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	SxqxpQs.exe
PID 2624 wrote to memory of 4360	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	gpBhRea.exe
PID 2624 wrote to memory of 4360	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	gpBhRea.exe
PID 2624 wrote to memory of 3060	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	UALrVTH.exe
PID 2624 wrote to memory of 3060	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	UALrVTH.exe
PID 2624 wrote to memory of 3552	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	YsHspAl.exe
PID 2624 wrote to memory of 3552	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	YsHspAl.exe
PID 2624 wrote to memory of 996	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	FgTaTfR.exe
PID 2624 wrote to memory of 996	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	FgTaTfR.exe
PID 2624 wrote to memory of 2584	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	uNUMAis.exe
PID 2624 wrote to memory of 2584	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	uNUMAis.exe
PID 2624 wrote to memory of 2320	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	SCSFctb.exe
PID 2624 wrote to memory of 2320	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	SCSFctb.exe
PID 2624 wrote to memory of 2756	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	OqiAnSQ.exe
PID 2624 wrote to memory of 2756	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	OqiAnSQ.exe
PID 2624 wrote to memory of 2764	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	xtWDtfp.exe
PID 2624 wrote to memory of 2764	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	xtWDtfp.exe
PID 2624 wrote to memory of 468	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	TwUAXcy.exe
PID 2624 wrote to memory of 468	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	TwUAXcy.exe
PID 2624 wrote to memory of 4896	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	JhfOhZO.exe
PID 2624 wrote to memory of 4896	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	JhfOhZO.exe
PID 2624 wrote to memory of 4384	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	yTDJaaH.exe
PID 2624 wrote to memory of 4384	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	yTDJaaH.exe
PID 2624 wrote to memory of 4432	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	AyDVlAA.exe
PID 2624 wrote to memory of 4432	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	AyDVlAA.exe
PID 2624 wrote to memory of 4464	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	uzUyWFE.exe
PID 2624 wrote to memory of 4464	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	uzUyWFE.exe
PID 2624 wrote to memory of 1284	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	OvoCKrf.exe
PID 2624 wrote to memory of 1284	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	OvoCKrf.exe
PID 2624 wrote to memory of 3036	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	PSVZLvS.exe
PID 2624 wrote to memory of 3036	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	PSVZLvS.exe
PID 2624 wrote to memory of 3852	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	UVIxwCz.exe
PID 2624 wrote to memory of 3852	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	UVIxwCz.exe
PID 2624 wrote to memory of 452	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	SAvIvrv.exe
PID 2624 wrote to memory of 452	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	SAvIvrv.exe
PID 2624 wrote to memory of 2516	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	lyPgtSZ.exe
PID 2624 wrote to memory of 2516	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	lyPgtSZ.exe
PID 2624 wrote to memory of 3604	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	WmDbKVV.exe
PID 2624 wrote to memory of 3604	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	WmDbKVV.exe
PID 2624 wrote to memory of 3284	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	RKVxQfG.exe
PID 2624 wrote to memory of 3284	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	RKVxQfG.exe
PID 2624 wrote to memory of 212	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	YRqnlQh.exe
PID 2624 wrote to memory of 212	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	YRqnlQh.exe
PID 2624 wrote to memory of 3092	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	TdaklYM.exe
PID 2624 wrote to memory of 3092	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	TdaklYM.exe
PID 2624 wrote to memory of 3980	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	nvQddRM.exe
PID 2624 wrote to memory of 3980	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	nvQddRM.exe
PID 2624 wrote to memory of 2540	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	YkviqQC.exe
PID 2624 wrote to memory of 2540	2624	7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe	YkviqQC.exe

C:\Users\Admin\AppData\Local\Temp\7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe
"C:\Users\Admin\AppData\Local\Temp\7aa2770bd14088211f3503474fa049cf4605a7db48fdf76c9e5940b30616a497.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2624

C:\Windows\System32\Cxafsrp.exe
C:\Windows\System32\Cxafsrp.exe
2⤵
- Executes dropped EXE
PID:4428

C:\Windows\System32\fXXNwDm.exe
C:\Windows\System32\fXXNwDm.exe
2⤵
- Executes dropped EXE
PID:1212

C:\Windows\System32\QQnVHEm.exe
C:\Windows\System32\QQnVHEm.exe
2⤵
- Executes dropped EXE
PID:3640

C:\Windows\System32\ksRxsnJ.exe
C:\Windows\System32\ksRxsnJ.exe
2⤵
- Executes dropped EXE
PID:4752

C:\Windows\System32\BoOUjEq.exe
C:\Windows\System32\BoOUjEq.exe
2⤵
- Executes dropped EXE
PID:2792

C:\Windows\System32\BhpJHyj.exe
C:\Windows\System32\BhpJHyj.exe
2⤵
- Executes dropped EXE
PID:3056

C:\Windows\System32\BTwvvkc.exe
C:\Windows\System32\BTwvvkc.exe
2⤵
- Executes dropped EXE
PID:1012

C:\Windows\System32\SxqxpQs.exe
C:\Windows\System32\SxqxpQs.exe
2⤵
- Executes dropped EXE
PID:2300

C:\Windows\System32\gpBhRea.exe
C:\Windows\System32\gpBhRea.exe
2⤵
- Executes dropped EXE
PID:4360

C:\Windows\System32\UALrVTH.exe
C:\Windows\System32\UALrVTH.exe
2⤵
- Executes dropped EXE
PID:3060

C:\Windows\System32\YsHspAl.exe
C:\Windows\System32\YsHspAl.exe
2⤵
- Executes dropped EXE
PID:3552

C:\Windows\System32\FgTaTfR.exe
C:\Windows\System32\FgTaTfR.exe
2⤵
- Executes dropped EXE
PID:996

C:\Windows\System32\uNUMAis.exe
C:\Windows\System32\uNUMAis.exe
2⤵
- Executes dropped EXE
PID:2584

C:\Windows\System32\SCSFctb.exe
C:\Windows\System32\SCSFctb.exe
2⤵
- Executes dropped EXE
PID:2320

C:\Windows\System32\OqiAnSQ.exe
C:\Windows\System32\OqiAnSQ.exe
2⤵
- Executes dropped EXE
PID:2756

C:\Windows\System32\xtWDtfp.exe
C:\Windows\System32\xtWDtfp.exe
2⤵
- Executes dropped EXE
PID:2764

C:\Windows\System32\TwUAXcy.exe
C:\Windows\System32\TwUAXcy.exe
2⤵
- Executes dropped EXE
PID:468

C:\Windows\System32\JhfOhZO.exe
C:\Windows\System32\JhfOhZO.exe
2⤵
- Executes dropped EXE
PID:4896

C:\Windows\System32\yTDJaaH.exe
C:\Windows\System32\yTDJaaH.exe
2⤵
- Executes dropped EXE
PID:4384

C:\Windows\System32\AyDVlAA.exe
C:\Windows\System32\AyDVlAA.exe
2⤵
- Executes dropped EXE
PID:4432

C:\Windows\System32\uzUyWFE.exe
C:\Windows\System32\uzUyWFE.exe
2⤵
- Executes dropped EXE
PID:4464

C:\Windows\System32\OvoCKrf.exe
C:\Windows\System32\OvoCKrf.exe
2⤵
- Executes dropped EXE
PID:1284

C:\Windows\System32\PSVZLvS.exe
C:\Windows\System32\PSVZLvS.exe
2⤵
- Executes dropped EXE
PID:3036

C:\Windows\System32\UVIxwCz.exe
C:\Windows\System32\UVIxwCz.exe
2⤵
- Executes dropped EXE
PID:3852

C:\Windows\System32\SAvIvrv.exe
C:\Windows\System32\SAvIvrv.exe
2⤵
- Executes dropped EXE
PID:452

C:\Windows\System32\lyPgtSZ.exe
C:\Windows\System32\lyPgtSZ.exe
2⤵
- Executes dropped EXE
PID:2516

C:\Windows\System32\WmDbKVV.exe
C:\Windows\System32\WmDbKVV.exe
2⤵
- Executes dropped EXE
PID:3604

C:\Windows\System32\RKVxQfG.exe
C:\Windows\System32\RKVxQfG.exe
2⤵
- Executes dropped EXE
PID:3284

C:\Windows\System32\YRqnlQh.exe
C:\Windows\System32\YRqnlQh.exe
2⤵
- Executes dropped EXE
PID:212

C:\Windows\System32\TdaklYM.exe
C:\Windows\System32\TdaklYM.exe
2⤵
- Executes dropped EXE
PID:3092

C:\Windows\System32\nvQddRM.exe
C:\Windows\System32\nvQddRM.exe
2⤵
- Executes dropped EXE
PID:3980

C:\Windows\System32\YkviqQC.exe
C:\Windows\System32\YkviqQC.exe
2⤵
- Executes dropped EXE
PID:2540

C:\Windows\System32\nfFvXcs.exe
C:\Windows\System32\nfFvXcs.exe
2⤵
- Executes dropped EXE
PID:2704

C:\Windows\System32\VTnjNAF.exe
C:\Windows\System32\VTnjNAF.exe
2⤵
- Executes dropped EXE
PID:4336

C:\Windows\System32\EAgvihn.exe
C:\Windows\System32\EAgvihn.exe
2⤵
- Executes dropped EXE
PID:1196

C:\Windows\System32\xKJlusU.exe
C:\Windows\System32\xKJlusU.exe
2⤵
- Executes dropped EXE
PID:4456

C:\Windows\System32\HolUiPx.exe
C:\Windows\System32\HolUiPx.exe
2⤵
- Executes dropped EXE
PID:2688

C:\Windows\System32\BnoDRGU.exe
C:\Windows\System32\BnoDRGU.exe
2⤵
- Executes dropped EXE
PID:1052

C:\Windows\System32\CjddLxj.exe
C:\Windows\System32\CjddLxj.exe
2⤵
- Executes dropped EXE
PID:2424

C:\Windows\System32\SARYYdH.exe
C:\Windows\System32\SARYYdH.exe
2⤵
- Executes dropped EXE
PID:4176

C:\Windows\System32\LNaHzrU.exe
C:\Windows\System32\LNaHzrU.exe
2⤵
- Executes dropped EXE
PID:1596

C:\Windows\System32\ZhjqgUh.exe
C:\Windows\System32\ZhjqgUh.exe
2⤵
- Executes dropped EXE
PID:1500

C:\Windows\System32\hRBAMZO.exe
C:\Windows\System32\hRBAMZO.exe
2⤵
- Executes dropped EXE
PID:376

C:\Windows\System32\bkmZDQP.exe
C:\Windows\System32\bkmZDQP.exe
2⤵
- Executes dropped EXE
PID:2168

C:\Windows\System32\sKvKpRq.exe
C:\Windows\System32\sKvKpRq.exe
2⤵
- Executes dropped EXE
PID:4916

C:\Windows\System32\EIjvgjz.exe
C:\Windows\System32\EIjvgjz.exe
2⤵
- Executes dropped EXE
PID:4392

C:\Windows\System32\veLajNd.exe
C:\Windows\System32\veLajNd.exe
2⤵
- Executes dropped EXE
PID:2692

C:\Windows\System32\nUGqZls.exe
C:\Windows\System32\nUGqZls.exe
2⤵
- Executes dropped EXE
PID:3232

C:\Windows\System32\XLfuxOo.exe
C:\Windows\System32\XLfuxOo.exe
2⤵
- Executes dropped EXE
PID:4340

C:\Windows\System32\CPGuUHM.exe
C:\Windows\System32\CPGuUHM.exe
2⤵
- Executes dropped EXE
PID:4816

C:\Windows\System32\iCpVKCM.exe
C:\Windows\System32\iCpVKCM.exe
2⤵
- Executes dropped EXE
PID:3252

C:\Windows\System32\kjdNrTf.exe
C:\Windows\System32\kjdNrTf.exe
2⤵
- Executes dropped EXE
PID:4920

C:\Windows\System32\LaDUabt.exe
C:\Windows\System32\LaDUabt.exe
2⤵
- Executes dropped EXE
PID:4040

C:\Windows\System32\tCHXHlM.exe
C:\Windows\System32\tCHXHlM.exe
2⤵
- Executes dropped EXE
PID:2344

C:\Windows\System32\zmYzbkC.exe
C:\Windows\System32\zmYzbkC.exe
2⤵
- Executes dropped EXE
PID:3672

C:\Windows\System32\oWSKNEs.exe
C:\Windows\System32\oWSKNEs.exe
2⤵
- Executes dropped EXE
PID:4848

C:\Windows\System32\ehXJqlU.exe
C:\Windows\System32\ehXJqlU.exe
2⤵
- Executes dropped EXE
PID:3788

C:\Windows\System32\rdBNXmc.exe
C:\Windows\System32\rdBNXmc.exe
2⤵
- Executes dropped EXE
PID:4624

C:\Windows\System32\VxKtzsU.exe
C:\Windows\System32\VxKtzsU.exe
2⤵
- Executes dropped EXE
PID:560

C:\Windows\System32\EYXAqyL.exe
C:\Windows\System32\EYXAqyL.exe
2⤵
- Executes dropped EXE
PID:3416

C:\Windows\System32\hjEvUid.exe
C:\Windows\System32\hjEvUid.exe
2⤵
- Executes dropped EXE
PID:3508

C:\Windows\System32\krnnMml.exe
C:\Windows\System32\krnnMml.exe
2⤵
- Executes dropped EXE
PID:1820

C:\Windows\System32\rhuNEeR.exe
C:\Windows\System32\rhuNEeR.exe
2⤵
- Executes dropped EXE
PID:3488

C:\Windows\System32\VWiAvhU.exe
C:\Windows\System32\VWiAvhU.exe
2⤵
- Executes dropped EXE
PID:4480

C:\Windows\System32\CcBlyAj.exe
C:\Windows\System32\CcBlyAj.exe
2⤵
PID:2436

C:\Windows\System32\qbkQFxD.exe
C:\Windows\System32\qbkQFxD.exe
2⤵
PID:2864

C:\Windows\System32\vFykWee.exe
C:\Windows\System32\vFykWee.exe
2⤵
PID:3632

C:\Windows\System32\gEAgsAm.exe
C:\Windows\System32\gEAgsAm.exe
2⤵
PID:216

C:\Windows\System32\YbtWPqa.exe
C:\Windows\System32\YbtWPqa.exe
2⤵
PID:4320

C:\Windows\System32\AZUgizp.exe
C:\Windows\System32\AZUgizp.exe
2⤵
PID:1080

C:\Windows\System32\ISLYxpJ.exe
C:\Windows\System32\ISLYxpJ.exe
2⤵
PID:1312

C:\Windows\System32\YJWBooG.exe
C:\Windows\System32\YJWBooG.exe
2⤵
PID:1344

C:\Windows\System32\xGRwtcM.exe
C:\Windows\System32\xGRwtcM.exe
2⤵
PID:4736

C:\Windows\System32\yWtRqar.exe
C:\Windows\System32\yWtRqar.exe
2⤵
PID:1260

C:\Windows\System32\JIqXQUF.exe
C:\Windows\System32\JIqXQUF.exe
2⤵
PID:4636

C:\Windows\System32\SyayNft.exe
C:\Windows\System32\SyayNft.exe
2⤵
PID:60

C:\Windows\System32\deOQSFS.exe
C:\Windows\System32\deOQSFS.exe
2⤵
PID:1028

C:\Windows\System32\tSmQNao.exe
C:\Windows\System32\tSmQNao.exe
2⤵
PID:4380

C:\Windows\System32\oMYItms.exe
C:\Windows\System32\oMYItms.exe
2⤵
PID:5148

C:\Windows\System32\fJQVhMj.exe
C:\Windows\System32\fJQVhMj.exe
2⤵
PID:5176

C:\Windows\System32\OQWdiVh.exe
C:\Windows\System32\OQWdiVh.exe
2⤵
PID:5204

C:\Windows\System32\VTxuSYz.exe
C:\Windows\System32\VTxuSYz.exe
2⤵
PID:5232

C:\Windows\System32\IKJOLnF.exe
C:\Windows\System32\IKJOLnF.exe
2⤵
PID:5260

C:\Windows\System32\ZNKpEEw.exe
C:\Windows\System32\ZNKpEEw.exe
2⤵
PID:5288

C:\Windows\System32\FeAutfO.exe
C:\Windows\System32\FeAutfO.exe
2⤵
PID:5316

C:\Windows\System32\YrigGYf.exe
C:\Windows\System32\YrigGYf.exe
2⤵
PID:5344

C:\Windows\System32\FPsWTWm.exe
C:\Windows\System32\FPsWTWm.exe
2⤵
PID:5372

C:\Windows\System32\XCFVTjc.exe
C:\Windows\System32\XCFVTjc.exe
2⤵
PID:5400

C:\Windows\System32\mNTrljg.exe
C:\Windows\System32\mNTrljg.exe
2⤵
PID:5436

C:\Windows\System32\kiWbWsW.exe
C:\Windows\System32\kiWbWsW.exe
2⤵
PID:5456

C:\Windows\System32\RUnowQl.exe
C:\Windows\System32\RUnowQl.exe
2⤵
PID:5484

C:\Windows\System32\pmDiUhJ.exe
C:\Windows\System32\pmDiUhJ.exe
2⤵
PID:5512

C:\Windows\System32\EfVYHZu.exe
C:\Windows\System32\EfVYHZu.exe
2⤵
PID:5540

C:\Windows\System32\CjhzfPc.exe
C:\Windows\System32\CjhzfPc.exe
2⤵
PID:5568

C:\Windows\System32\fmRckGB.exe
C:\Windows\System32\fmRckGB.exe
2⤵
PID:5596

C:\Windows\System32\eUBkFNb.exe
C:\Windows\System32\eUBkFNb.exe
2⤵
PID:5624

C:\Windows\System32\mpruFor.exe
C:\Windows\System32\mpruFor.exe
2⤵
PID:5652

C:\Windows\System32\goVFrLE.exe
C:\Windows\System32\goVFrLE.exe
2⤵
PID:5680

C:\Windows\System32\vBHtqHw.exe
C:\Windows\System32\vBHtqHw.exe
2⤵
PID:5720

C:\Windows\System32\RSTdGYR.exe
C:\Windows\System32\RSTdGYR.exe
2⤵
PID:5736

C:\Windows\System32\kxbCpoA.exe
C:\Windows\System32\kxbCpoA.exe
2⤵
PID:5764

C:\Windows\System32\UabwUrD.exe
C:\Windows\System32\UabwUrD.exe
2⤵
PID:5792

C:\Windows\System32\WXKlqwz.exe
C:\Windows\System32\WXKlqwz.exe
2⤵
PID:5820

C:\Windows\System32\YAOTgVC.exe
C:\Windows\System32\YAOTgVC.exe
2⤵
PID:5848

C:\Windows\System32\pWzpdvi.exe
C:\Windows\System32\pWzpdvi.exe
2⤵
PID:5876

C:\Windows\System32\IhrtAuh.exe
C:\Windows\System32\IhrtAuh.exe
2⤵
PID:5904

C:\Windows\System32\ImewVgJ.exe
C:\Windows\System32\ImewVgJ.exe
2⤵
PID:5932

C:\Windows\System32\BvKVDZi.exe
C:\Windows\System32\BvKVDZi.exe
2⤵
PID:5960

C:\Windows\System32\frdVRSR.exe
C:\Windows\System32\frdVRSR.exe
2⤵
PID:5988

C:\Windows\System32\xxUZGxr.exe
C:\Windows\System32\xxUZGxr.exe
2⤵
PID:6016

C:\Windows\System32\QrRGexu.exe
C:\Windows\System32\QrRGexu.exe
2⤵
PID:6044

C:\Windows\System32\PbPMhcq.exe
C:\Windows\System32\PbPMhcq.exe
2⤵
PID:6072

C:\Windows\System32\MCkdcnh.exe
C:\Windows\System32\MCkdcnh.exe
2⤵
PID:6100

C:\Windows\System32\ahNYRoW.exe
C:\Windows\System32\ahNYRoW.exe
2⤵
PID:6128

C:\Windows\System32\YxjBEDb.exe
C:\Windows\System32\YxjBEDb.exe
2⤵
PID:2304

C:\Windows\System32\wAfuXbz.exe
C:\Windows\System32\wAfuXbz.exe
2⤵
PID:4600

C:\Windows\System32\nbplbMb.exe
C:\Windows\System32\nbplbMb.exe
2⤵
PID:1556

C:\Windows\System32\SihfvyE.exe
C:\Windows\System32\SihfvyE.exe
2⤵
PID:3112

C:\Windows\System32\OTsAhVs.exe
C:\Windows\System32\OTsAhVs.exe
2⤵
PID:4568

C:\Windows\System32\nqdQVCr.exe
C:\Windows\System32\nqdQVCr.exe
2⤵
PID:5192

C:\Windows\System32\LMcgLDj.exe
C:\Windows\System32\LMcgLDj.exe
2⤵
PID:5240

C:\Windows\System32\ovfcHnl.exe
C:\Windows\System32\ovfcHnl.exe
2⤵
PID:5296

C:\Windows\System32\awtGJtz.exe
C:\Windows\System32\awtGJtz.exe
2⤵
PID:5416

C:\Windows\System32\NtHIIxU.exe
C:\Windows\System32\NtHIIxU.exe
2⤵
PID:5444

C:\Windows\System32\pVgGmQk.exe
C:\Windows\System32\pVgGmQk.exe
2⤵
PID:5504

C:\Windows\System32\Epspdmn.exe
C:\Windows\System32\Epspdmn.exe
2⤵
PID:5584

C:\Windows\System32\iKiGUHK.exe
C:\Windows\System32\iKiGUHK.exe
2⤵
PID:5632

C:\Windows\System32\ttbKlYh.exe
C:\Windows\System32\ttbKlYh.exe
2⤵
PID:5712

C:\Windows\System32\oBzqckH.exe
C:\Windows\System32\oBzqckH.exe
2⤵
PID:5780

C:\Windows\System32\BsOtYBb.exe
C:\Windows\System32\BsOtYBb.exe
2⤵
PID:5828

C:\Windows\System32\fdVEERS.exe
C:\Windows\System32\fdVEERS.exe
2⤵
PID:5896

C:\Windows\System32\vaBJwpM.exe
C:\Windows\System32\vaBJwpM.exe
2⤵
PID:5952

C:\Windows\System32\GOlkNxU.exe
C:\Windows\System32\GOlkNxU.exe
2⤵
PID:6032

C:\Windows\System32\dPzuKPF.exe
C:\Windows\System32\dPzuKPF.exe
2⤵
PID:6080

C:\Windows\System32\MflMPZw.exe
C:\Windows\System32\MflMPZw.exe
2⤵
PID:1932

C:\Windows\System32\qQketlC.exe
C:\Windows\System32\qQketlC.exe
2⤵
PID:3652

C:\Windows\System32\MrYyaqt.exe
C:\Windows\System32\MrYyaqt.exe
2⤵
PID:5128

C:\Windows\System32\bwXMRAL.exe
C:\Windows\System32\bwXMRAL.exe
2⤵
PID:5304

C:\Windows\System32\efxnwmD.exe
C:\Windows\System32\efxnwmD.exe
2⤵
PID:5556

C:\Windows\System32\BTsVrej.exe
C:\Windows\System32\BTsVrej.exe
2⤵
PID:5588

C:\Windows\System32\RzBOWfa.exe
C:\Windows\System32\RzBOWfa.exe
2⤵
PID:5744

C:\Windows\System32\fMZlFKf.exe
C:\Windows\System32\fMZlFKf.exe
2⤵
PID:5924

C:\Windows\System32\XnmikWJ.exe
C:\Windows\System32\XnmikWJ.exe
2⤵
PID:6160

C:\Windows\System32\BBIkAul.exe
C:\Windows\System32\BBIkAul.exe
2⤵
PID:6188

C:\Windows\System32\SxrCFTa.exe
C:\Windows\System32\SxrCFTa.exe
2⤵
PID:6216

C:\Windows\System32\dgUOxtn.exe
C:\Windows\System32\dgUOxtn.exe
2⤵
PID:6244

C:\Windows\System32\qGUMJyi.exe
C:\Windows\System32\qGUMJyi.exe
2⤵
PID:6284

C:\Windows\System32\otMczsp.exe
C:\Windows\System32\otMczsp.exe
2⤵
PID:6300

C:\Windows\System32\zIsXCfH.exe
C:\Windows\System32\zIsXCfH.exe
2⤵
PID:6328

C:\Windows\System32\YxgRqZD.exe
C:\Windows\System32\YxgRqZD.exe
2⤵
PID:6356

C:\Windows\System32\hpvSzBn.exe
C:\Windows\System32\hpvSzBn.exe
2⤵
PID:6384

C:\Windows\System32\GKQmcxl.exe
C:\Windows\System32\GKQmcxl.exe
2⤵
PID:6412

C:\Windows\System32\UMOGXCm.exe
C:\Windows\System32\UMOGXCm.exe
2⤵
PID:6440

C:\Windows\System32\ESPDxkm.exe
C:\Windows\System32\ESPDxkm.exe
2⤵
PID:6468

C:\Windows\System32\oxdRNkx.exe
C:\Windows\System32\oxdRNkx.exe
2⤵
PID:6496

C:\Windows\System32\EQZClyh.exe
C:\Windows\System32\EQZClyh.exe
2⤵
PID:6524

C:\Windows\System32\MNZtnUr.exe
C:\Windows\System32\MNZtnUr.exe
2⤵
PID:6552

C:\Windows\System32\nKINtlC.exe
C:\Windows\System32\nKINtlC.exe
2⤵
PID:6580

C:\Windows\System32\muxKrnY.exe
C:\Windows\System32\muxKrnY.exe
2⤵
PID:6608

C:\Windows\System32\zERWGLY.exe
C:\Windows\System32\zERWGLY.exe
2⤵
PID:6636

C:\Windows\System32\rRMoLwz.exe
C:\Windows\System32\rRMoLwz.exe
2⤵
PID:6664

C:\Windows\System32\boHXIwd.exe
C:\Windows\System32\boHXIwd.exe
2⤵
PID:6704

C:\Windows\System32\LNvzUvp.exe
C:\Windows\System32\LNvzUvp.exe
2⤵
PID:6728

C:\Windows\System32\CGsfrBf.exe
C:\Windows\System32\CGsfrBf.exe
2⤵
PID:6748

C:\Windows\System32\wqCoHaG.exe
C:\Windows\System32\wqCoHaG.exe
2⤵
PID:6776

C:\Windows\System32\sSJurer.exe
C:\Windows\System32\sSJurer.exe
2⤵
PID:6804

C:\Windows\System32\ThKAXCs.exe
C:\Windows\System32\ThKAXCs.exe
2⤵
PID:6844

C:\Windows\System32\CvMyPLE.exe
C:\Windows\System32\CvMyPLE.exe
2⤵
PID:6860

C:\Windows\System32\ZBcCECU.exe
C:\Windows\System32\ZBcCECU.exe
2⤵
PID:6888

C:\Windows\System32\HsAQNSk.exe
C:\Windows\System32\HsAQNSk.exe
2⤵
PID:6916

C:\Windows\System32\oLclsJb.exe
C:\Windows\System32\oLclsJb.exe
2⤵
PID:6944

C:\Windows\System32\VhiPTmq.exe
C:\Windows\System32\VhiPTmq.exe
2⤵
PID:6972

C:\Windows\System32\qrFtqgf.exe
C:\Windows\System32\qrFtqgf.exe
2⤵
PID:7000

C:\Windows\System32\PzIhhDJ.exe
C:\Windows\System32\PzIhhDJ.exe
2⤵
PID:7028

C:\Windows\System32\OVGiglH.exe
C:\Windows\System32\OVGiglH.exe
2⤵
PID:7056

C:\Windows\System32\fcBAOtr.exe
C:\Windows\System32\fcBAOtr.exe
2⤵
PID:7084

C:\Windows\System32\saVTDQK.exe
C:\Windows\System32\saVTDQK.exe
2⤵
PID:7112

C:\Windows\System32\iCJSJic.exe
C:\Windows\System32\iCJSJic.exe
2⤵
PID:7140

C:\Windows\System32\ncDtDee.exe
C:\Windows\System32\ncDtDee.exe
2⤵
PID:5968

C:\Windows\System32\mfJOCmt.exe
C:\Windows\System32\mfJOCmt.exe
2⤵
PID:400

C:\Windows\System32\AfoSXTA.exe
C:\Windows\System32\AfoSXTA.exe
2⤵
PID:5224

C:\Windows\System32\dCmhnXR.exe
C:\Windows\System32\dCmhnXR.exe
2⤵
PID:5696

C:\Windows\System32\DacsLFI.exe
C:\Windows\System32\DacsLFI.exe
2⤵
PID:5948

C:\Windows\System32\WGEDLlp.exe
C:\Windows\System32\WGEDLlp.exe
2⤵
PID:6204

C:\Windows\System32\WAEBPAs.exe
C:\Windows\System32\WAEBPAs.exe
2⤵
PID:6252

C:\Windows\System32\OsOBFFR.exe
C:\Windows\System32\OsOBFFR.exe
2⤵
PID:6320

C:\Windows\System32\TumcpxS.exe
C:\Windows\System32\TumcpxS.exe
2⤵
PID:6400

C:\Windows\System32\VjGryQD.exe
C:\Windows\System32\VjGryQD.exe
2⤵
PID:6460

C:\Windows\System32\JKpynzK.exe
C:\Windows\System32\JKpynzK.exe
2⤵
PID:6504

C:\Windows\System32\WhIqdif.exe
C:\Windows\System32\WhIqdif.exe
2⤵
PID:6572

C:\Windows\System32\LpmRvTJ.exe
C:\Windows\System32\LpmRvTJ.exe
2⤵
PID:6652

C:\Windows\System32\BSeYRJl.exe
C:\Windows\System32\BSeYRJl.exe
2⤵
PID:6716

C:\Windows\System32\kLMdiAI.exe
C:\Windows\System32\kLMdiAI.exe
2⤵
PID:6768

C:\Windows\System32\ocJdmGm.exe
C:\Windows\System32\ocJdmGm.exe
2⤵
PID:6836

C:\Windows\System32\aJWoHyc.exe
C:\Windows\System32\aJWoHyc.exe
2⤵
PID:6904

C:\Windows\System32\LyqZFJb.exe
C:\Windows\System32\LyqZFJb.exe
2⤵
PID:6952

C:\Windows\System32\VcuGGKC.exe
C:\Windows\System32\VcuGGKC.exe
2⤵
PID:7008

C:\Windows\System32\kWxOxSZ.exe
C:\Windows\System32\kWxOxSZ.exe
2⤵
PID:7076

C:\Windows\System32\bZryRaI.exe
C:\Windows\System32\bZryRaI.exe
2⤵
PID:3792

C:\Windows\System32\YPGnhTC.exe
C:\Windows\System32\YPGnhTC.exe
2⤵
PID:3032

C:\Windows\System32\RPzKynK.exe
C:\Windows\System32\RPzKynK.exe
2⤵
PID:5784

C:\Windows\System32\sRCMKXh.exe
C:\Windows\System32\sRCMKXh.exe
2⤵
PID:6236

C:\Windows\System32\kZOkmGN.exe
C:\Windows\System32\kZOkmGN.exe
2⤵
PID:6364

C:\Windows\System32\uNFPShR.exe
C:\Windows\System32\uNFPShR.exe
2⤵
PID:6512

C:\Windows\System32\MDRoNOW.exe
C:\Windows\System32\MDRoNOW.exe
2⤵
PID:6672

C:\Windows\System32\iLzFuuL.exe
C:\Windows\System32\iLzFuuL.exe
2⤵
PID:6796

C:\Windows\System32\xBLuiGE.exe
C:\Windows\System32\xBLuiGE.exe
2⤵
PID:6908

C:\Windows\System32\XJEIktq.exe
C:\Windows\System32\XJEIktq.exe
2⤵
PID:7072

C:\Windows\System32\ZQaRYfY.exe
C:\Windows\System32\ZQaRYfY.exe
2⤵
PID:6052

C:\Windows\System32\RFIzOMJ.exe
C:\Windows\System32\RFIzOMJ.exe
2⤵
PID:6224

C:\Windows\System32\VYsbOmD.exe
C:\Windows\System32\VYsbOmD.exe
2⤵
PID:7176

C:\Windows\System32\BbetbPb.exe
C:\Windows\System32\BbetbPb.exe
2⤵
PID:7204

C:\Windows\System32\yHmRBAo.exe
C:\Windows\System32\yHmRBAo.exe
2⤵
PID:7232

C:\Windows\System32\xFABXmR.exe
C:\Windows\System32\xFABXmR.exe
2⤵
PID:7260

C:\Windows\System32\kAERjTa.exe
C:\Windows\System32\kAERjTa.exe
2⤵
PID:7288

C:\Windows\System32\uaEMTtQ.exe
C:\Windows\System32\uaEMTtQ.exe
2⤵
PID:7316

C:\Windows\System32\FFguSlO.exe
C:\Windows\System32\FFguSlO.exe
2⤵
PID:7344

C:\Windows\System32\LJQwzBO.exe
C:\Windows\System32\LJQwzBO.exe
2⤵
PID:7372

C:\Windows\System32\klUPMKL.exe
C:\Windows\System32\klUPMKL.exe
2⤵
PID:7400

C:\Windows\System32\lrqAhnG.exe
C:\Windows\System32\lrqAhnG.exe
2⤵
PID:7428

C:\Windows\System32\NeHjhUO.exe
C:\Windows\System32\NeHjhUO.exe
2⤵
PID:7456

C:\Windows\System32\iyidkic.exe
C:\Windows\System32\iyidkic.exe
2⤵
PID:7484

C:\Windows\System32\qQNGTPr.exe
C:\Windows\System32\qQNGTPr.exe
2⤵
PID:7512

C:\Windows\System32\ZbqBtDH.exe
C:\Windows\System32\ZbqBtDH.exe
2⤵
PID:7540

C:\Windows\System32\KmNhBAJ.exe
C:\Windows\System32\KmNhBAJ.exe
2⤵
PID:7568

C:\Windows\System32\CAfWCim.exe
C:\Windows\System32\CAfWCim.exe
2⤵
PID:7596

C:\Windows\System32\uplxgEt.exe
C:\Windows\System32\uplxgEt.exe
2⤵
PID:7624

C:\Windows\System32\SlFIPtm.exe
C:\Windows\System32\SlFIPtm.exe
2⤵
PID:7652

C:\Windows\System32\RyqHKur.exe
C:\Windows\System32\RyqHKur.exe
2⤵
PID:7680

C:\Windows\System32\OZKEreE.exe
C:\Windows\System32\OZKEreE.exe
2⤵
PID:7708

C:\Windows\System32\HwxtXEX.exe
C:\Windows\System32\HwxtXEX.exe
2⤵
PID:7736

C:\Windows\System32\sijpMqx.exe
C:\Windows\System32\sijpMqx.exe
2⤵
PID:7764

C:\Windows\System32\vxcJyRU.exe
C:\Windows\System32\vxcJyRU.exe
2⤵
PID:7792

C:\Windows\System32\KbqEBca.exe
C:\Windows\System32\KbqEBca.exe
2⤵
PID:7820

C:\Windows\System32\nHPStjc.exe
C:\Windows\System32\nHPStjc.exe
2⤵
PID:7848

C:\Windows\System32\IUxpfzQ.exe
C:\Windows\System32\IUxpfzQ.exe
2⤵
PID:7876

C:\Windows\System32\uHdpKcI.exe
C:\Windows\System32\uHdpKcI.exe
2⤵
PID:7904

C:\Windows\System32\MzsADlH.exe
C:\Windows\System32\MzsADlH.exe
2⤵
PID:7932

C:\Windows\System32\rBfgSUe.exe
C:\Windows\System32\rBfgSUe.exe
2⤵
PID:7960

C:\Windows\System32\jioEmXc.exe
C:\Windows\System32\jioEmXc.exe
2⤵
PID:7988

C:\Windows\System32\hYkHbZp.exe
C:\Windows\System32\hYkHbZp.exe
2⤵
PID:8016

C:\Windows\System32\qjtVnVI.exe
C:\Windows\System32\qjtVnVI.exe
2⤵
PID:8044

C:\Windows\System32\ZbbitvI.exe
C:\Windows\System32\ZbbitvI.exe
2⤵
PID:8072

C:\Windows\System32\bkWBZJI.exe
C:\Windows\System32\bkWBZJI.exe
2⤵
PID:8100

C:\Windows\System32\dTwYKzE.exe
C:\Windows\System32\dTwYKzE.exe
2⤵
PID:8128

C:\Windows\System32\etuCgzM.exe
C:\Windows\System32\etuCgzM.exe
2⤵
PID:8156

C:\Windows\System32\nXjqVdF.exe
C:\Windows\System32\nXjqVdF.exe
2⤵
PID:8184

C:\Windows\System32\dyNXvaC.exe
C:\Windows\System32\dyNXvaC.exe
2⤵
PID:1604

C:\Windows\System32\IlopklS.exe
C:\Windows\System32\IlopklS.exe
2⤵
PID:6992

C:\Windows\System32\rxeOGVI.exe
C:\Windows\System32\rxeOGVI.exe
2⤵
PID:1168

C:\Windows\System32\FBbyqNw.exe
C:\Windows\System32\FBbyqNw.exe
2⤵
PID:3628

C:\Windows\System32\DAtFITm.exe
C:\Windows\System32\DAtFITm.exe
2⤵
PID:7324

C:\Windows\System32\WbvqzYT.exe
C:\Windows\System32\WbvqzYT.exe
2⤵
PID:7388

C:\Windows\System32\aKAeGKk.exe
C:\Windows\System32\aKAeGKk.exe
2⤵
PID:7420

C:\Windows\System32\ueNGOrm.exe
C:\Windows\System32\ueNGOrm.exe
2⤵
PID:7464

C:\Windows\System32\doxXfEs.exe
C:\Windows\System32\doxXfEs.exe
2⤵
PID:7528

C:\Windows\System32\SUEzAsm.exe
C:\Windows\System32\SUEzAsm.exe
2⤵
PID:7576

C:\Windows\System32\XMhfhmU.exe
C:\Windows\System32\XMhfhmU.exe
2⤵
PID:4008

C:\Windows\System32\aYUiIIW.exe
C:\Windows\System32\aYUiIIW.exe
2⤵
PID:7660

C:\Windows\System32\SXtvpBj.exe
C:\Windows\System32\SXtvpBj.exe
2⤵
PID:7728

C:\Windows\System32\cbcmNxT.exe
C:\Windows\System32\cbcmNxT.exe
2⤵
PID:7808

C:\Windows\System32\GXyscCb.exe
C:\Windows\System32\GXyscCb.exe
2⤵
PID:7868

C:\Windows\System32\slnazZp.exe
C:\Windows\System32\slnazZp.exe
2⤵
PID:7912

C:\Windows\System32\SaexfAx.exe
C:\Windows\System32\SaexfAx.exe
2⤵
PID:2016

C:\Windows\System32\AIoMrIw.exe
C:\Windows\System32\AIoMrIw.exe
2⤵
PID:7996

C:\Windows\System32\uWisFfH.exe
C:\Windows\System32\uWisFfH.exe
2⤵
PID:8036

C:\Windows\System32\xosSybO.exe
C:\Windows\System32\xosSybO.exe
2⤵
PID:4608

C:\Windows\System32\BpOEYMR.exe
C:\Windows\System32\BpOEYMR.exe
2⤵
PID:8108

C:\Windows\System32\MLiOZmN.exe
C:\Windows\System32\MLiOZmN.exe
2⤵
PID:948

C:\Windows\System32\gkcXKJR.exe
C:\Windows\System32\gkcXKJR.exe
2⤵
PID:932

C:\Windows\System32\hMeeFZX.exe
C:\Windows\System32\hMeeFZX.exe
2⤵
PID:8176

C:\Windows\System32\pUSUvyh.exe
C:\Windows\System32\pUSUvyh.exe
2⤵
PID:6724

C:\Windows\System32\dxdbDYc.exe
C:\Windows\System32\dxdbDYc.exe
2⤵
PID:4292

C:\Windows\System32\dGFNJFg.exe
C:\Windows\System32\dGFNJFg.exe
2⤵
PID:5280

C:\Windows\System32\YfhqRDe.exe
C:\Windows\System32\YfhqRDe.exe
2⤵
PID:1976

C:\Windows\System32\YreFOJS.exe
C:\Windows\System32\YreFOJS.exe
2⤵
PID:7360

C:\Windows\System32\dpgguDP.exe
C:\Windows\System32\dpgguDP.exe
2⤵
PID:7492

C:\Windows\System32\easnTmo.exe
C:\Windows\System32\easnTmo.exe
2⤵
PID:7668

C:\Windows\System32\UykSokZ.exe
C:\Windows\System32\UykSokZ.exe
2⤵
PID:3328

C:\Windows\System32\BtxeJnO.exe
C:\Windows\System32\BtxeJnO.exe
2⤵
PID:1480

C:\Windows\System32\EUhdUsm.exe
C:\Windows\System32\EUhdUsm.exe
2⤵
PID:8024

C:\Windows\System32\GwnZuoE.exe
C:\Windows\System32\GwnZuoE.exe
2⤵
PID:708

C:\Windows\System32\jpsdVKZ.exe
C:\Windows\System32\jpsdVKZ.exe
2⤵
PID:3008

C:\Windows\System32\TsixBAE.exe
C:\Windows\System32\TsixBAE.exe
2⤵
PID:7864

C:\Windows\System32\tSdyVKt.exe
C:\Windows\System32\tSdyVKt.exe
2⤵
PID:2860

C:\Windows\System32\zBWwDwP.exe
C:\Windows\System32\zBWwDwP.exe
2⤵
PID:8200

C:\Windows\System32\EDXBSHg.exe
C:\Windows\System32\EDXBSHg.exe
2⤵
PID:8228

C:\Windows\System32\YjMkbNS.exe
C:\Windows\System32\YjMkbNS.exe
2⤵
PID:8260

C:\Windows\System32\fFFksTT.exe
C:\Windows\System32\fFFksTT.exe
2⤵
PID:8288

C:\Windows\System32\pUvuXOy.exe
C:\Windows\System32\pUvuXOy.exe
2⤵
PID:8316

C:\Windows\System32\KgrJvop.exe
C:\Windows\System32\KgrJvop.exe
2⤵
PID:8344

C:\Windows\System32\ctkYYxH.exe
C:\Windows\System32\ctkYYxH.exe
2⤵
PID:8380

C:\Windows\System32\CaHnwvI.exe
C:\Windows\System32\CaHnwvI.exe
2⤵
PID:8400

C:\Windows\System32\DQTsWxK.exe
C:\Windows\System32\DQTsWxK.exe
2⤵
PID:8436

C:\Windows\System32\hlrVzaC.exe
C:\Windows\System32\hlrVzaC.exe
2⤵
PID:8464

C:\Windows\System32\rogNuHV.exe
C:\Windows\System32\rogNuHV.exe
2⤵
PID:8484

C:\Windows\System32\HjnPZDd.exe
C:\Windows\System32\HjnPZDd.exe
2⤵
PID:8524

C:\Windows\System32\uixIvHY.exe
C:\Windows\System32\uixIvHY.exe
2⤵
PID:8548

C:\Windows\System32\erXjFXh.exe
C:\Windows\System32\erXjFXh.exe
2⤵
PID:8568

C:\Windows\System32\UwvwATi.exe
C:\Windows\System32\UwvwATi.exe
2⤵
PID:8612

C:\Windows\System32\WOrSEFR.exe
C:\Windows\System32\WOrSEFR.exe
2⤵
PID:8632

C:\Windows\System32\mJexWmz.exe
C:\Windows\System32\mJexWmz.exe
2⤵
PID:8656

C:\Windows\System32\SbSgdby.exe
C:\Windows\System32\SbSgdby.exe
2⤵
PID:8676

C:\Windows\System32\bjVkgDH.exe
C:\Windows\System32\bjVkgDH.exe
2⤵
PID:8700

C:\Windows\System32\hPOLypt.exe
C:\Windows\System32\hPOLypt.exe
2⤵
PID:8728

C:\Windows\System32\LnrdDXA.exe
C:\Windows\System32\LnrdDXA.exe
2⤵
PID:8748

C:\Windows\System32\AhNjxON.exe
C:\Windows\System32\AhNjxON.exe
2⤵
PID:8776

C:\Windows\System32\JniSdsn.exe
C:\Windows\System32\JniSdsn.exe
2⤵
PID:8804

C:\Windows\System32\OLmDapz.exe
C:\Windows\System32\OLmDapz.exe
2⤵
PID:8820

C:\Windows\System32\BVBCgHr.exe
C:\Windows\System32\BVBCgHr.exe
2⤵
PID:8848

C:\Windows\System32\wBEPTFX.exe
C:\Windows\System32\wBEPTFX.exe
2⤵
PID:8872

C:\Windows\System32\JVasJwy.exe
C:\Windows\System32\JVasJwy.exe
2⤵
PID:8896

C:\Windows\System32\UVyIoRF.exe
C:\Windows\System32\UVyIoRF.exe
2⤵
PID:8920

C:\Windows\System32\haDfonC.exe
C:\Windows\System32\haDfonC.exe
2⤵
PID:8940

C:\Windows\System32\efONCAl.exe
C:\Windows\System32\efONCAl.exe
2⤵
PID:8964

C:\Windows\System32\rWbprRz.exe
C:\Windows\System32\rWbprRz.exe
2⤵
PID:8988

C:\Windows\System32\jXmXMbf.exe
C:\Windows\System32\jXmXMbf.exe
2⤵
PID:9016

C:\Windows\System32\IROYnBG.exe
C:\Windows\System32\IROYnBG.exe
2⤵
PID:9036

C:\Windows\System32\YEzrCff.exe
C:\Windows\System32\YEzrCff.exe
2⤵
PID:9060

C:\Windows\System32\hNKPkhy.exe
C:\Windows\System32\hNKPkhy.exe
2⤵
PID:9084

C:\Windows\System32\KVLsbTl.exe
C:\Windows\System32\KVLsbTl.exe
2⤵
PID:9112

C:\Windows\System32\LnWRzau.exe
C:\Windows\System32\LnWRzau.exe
2⤵
PID:9132

C:\Windows\System32\SoTnkcG.exe
C:\Windows\System32\SoTnkcG.exe
2⤵
PID:9160

C:\Windows\System32\zWgweQU.exe
C:\Windows\System32\zWgweQU.exe
2⤵
PID:9180

C:\Windows\System32\DYIStZL.exe
C:\Windows\System32\DYIStZL.exe
2⤵
PID:9204

C:\Windows\System32\eduiAgC.exe
C:\Windows\System32\eduiAgC.exe
2⤵
PID:2980

C:\Windows\System32\njTSWlr.exe
C:\Windows\System32\njTSWlr.exe
2⤵
PID:7268

C:\Windows\System32\NQPDPOi.exe
C:\Windows\System32\NQPDPOi.exe
2⤵
PID:8236

C:\Windows\System32\FTwSAIn.exe
C:\Windows\System32\FTwSAIn.exe
2⤵
PID:8296

C:\Windows\System32\XfARCxk.exe
C:\Windows\System32\XfARCxk.exe
2⤵
PID:8352

C:\Windows\System32\zOyHZei.exe
C:\Windows\System32\zOyHZei.exe
2⤵
PID:8408

C:\Windows\System32\falHyaG.exe
C:\Windows\System32\falHyaG.exe
2⤵
PID:8472

C:\Windows\System32\LyNOAEv.exe
C:\Windows\System32\LyNOAEv.exe
2⤵
PID:8516

C:\Windows\System32\bugcfAv.exe
C:\Windows\System32\bugcfAv.exe
2⤵
PID:8624

C:\Windows\System32\DsNoTvk.exe
C:\Windows\System32\DsNoTvk.exe
2⤵
PID:8664

C:\Windows\System32\HDFNMNQ.exe
C:\Windows\System32\HDFNMNQ.exe
2⤵
PID:8736

C:\Windows\System32\IvXzXEQ.exe
C:\Windows\System32\IvXzXEQ.exe
2⤵
PID:8812

C:\Windows\System32\OTwPOTd.exe
C:\Windows\System32\OTwPOTd.exe
2⤵
PID:8888

C:\Windows\System32\iVjGqnx.exe
C:\Windows\System32\iVjGqnx.exe
2⤵
PID:8948

C:\Windows\System32\pUSEKAn.exe
C:\Windows\System32\pUSEKAn.exe
2⤵
PID:9024

C:\Windows\System32\sWsfFga.exe
C:\Windows\System32\sWsfFga.exe
2⤵
PID:9100

C:\Windows\System32\gVzEUCp.exe
C:\Windows\System32\gVzEUCp.exe
2⤵
PID:9176

C:\Windows\System32\rRECgmd.exe
C:\Windows\System32\rRECgmd.exe
2⤵
PID:656

C:\Windows\System32\sVEIcSI.exe
C:\Windows\System32\sVEIcSI.exe
2⤵
PID:7532

C:\Windows\System32\EkBrLqI.exe
C:\Windows\System32\EkBrLqI.exe
2⤵
PID:8452

C:\Windows\System32\aPjzshG.exe
C:\Windows\System32\aPjzshG.exe
2⤵
PID:8544

C:\Windows\System32\PZZhQfK.exe
C:\Windows\System32\PZZhQfK.exe
2⤵
PID:8784

C:\Windows\System32\IvuVyoH.exe
C:\Windows\System32\IvuVyoH.exe
2⤵
PID:8972

C:\Windows\System32\OrlSrGX.exe
C:\Windows\System32\OrlSrGX.exe
2⤵
PID:9196

C:\Windows\System32\iseVuxw.exe
C:\Windows\System32\iseVuxw.exe
2⤵
PID:8416

C:\Windows\System32\tgdjyLm.exe
C:\Windows\System32\tgdjyLm.exe
2⤵
PID:1320

C:\Windows\System32\SBfUecM.exe
C:\Windows\System32\SBfUecM.exe
2⤵
PID:9280

C:\Windows\System32\DtMauqP.exe
C:\Windows\System32\DtMauqP.exe
2⤵
PID:9436

C:\Windows\System32\IbhaFHR.exe
C:\Windows\System32\IbhaFHR.exe
2⤵
PID:9468

C:\Windows\System32\yTrBjob.exe
C:\Windows\System32\yTrBjob.exe
2⤵
PID:9496

C:\Windows\System32\kbaeIkB.exe
C:\Windows\System32\kbaeIkB.exe
2⤵
PID:9528

C:\Windows\System32\LVVLAuH.exe
C:\Windows\System32\LVVLAuH.exe
2⤵
PID:9556

C:\Windows\System32\iZviOcS.exe
C:\Windows\System32\iZviOcS.exe
2⤵
PID:9572

C:\Windows\System32\BbAoTfn.exe
C:\Windows\System32\BbAoTfn.exe
2⤵
PID:9600

C:\Windows\System32\dGRqniU.exe
C:\Windows\System32\dGRqniU.exe
2⤵
PID:9632

C:\Windows\System32\SnFgXOT.exe
C:\Windows\System32\SnFgXOT.exe
2⤵
PID:9656

C:\Windows\System32\uBpBIgk.exe
C:\Windows\System32\uBpBIgk.exe
2⤵
PID:9696

C:\Windows\System32\KrReHdw.exe
C:\Windows\System32\KrReHdw.exe
2⤵
PID:9720

C:\Windows\System32\eOEzkPO.exe
C:\Windows\System32\eOEzkPO.exe
2⤵
PID:9752

C:\Windows\System32\JyakDYY.exe
C:\Windows\System32\JyakDYY.exe
2⤵
PID:9780

C:\Windows\System32\jYISFrg.exe
C:\Windows\System32\jYISFrg.exe
2⤵
PID:9796

C:\Windows\System32\nmIgUZP.exe
C:\Windows\System32\nmIgUZP.exe
2⤵
PID:9812

C:\Windows\System32\jEKJwxq.exe
C:\Windows\System32\jEKJwxq.exe
2⤵
PID:9828

C:\Windows\System32\LgAYFle.exe
C:\Windows\System32\LgAYFle.exe
2⤵
PID:9868

C:\Windows\System32\LIaCtme.exe
C:\Windows\System32\LIaCtme.exe
2⤵
PID:9896

C:\Windows\System32\TXYZvyN.exe
C:\Windows\System32\TXYZvyN.exe
2⤵
PID:9916

C:\Windows\System32\hvJapaY.exe
C:\Windows\System32\hvJapaY.exe
2⤵
PID:9964

C:\Windows\System32\XqwCAYJ.exe
C:\Windows\System32\XqwCAYJ.exe
2⤵
PID:9992

C:\Windows\System32\urUEJPs.exe
C:\Windows\System32\urUEJPs.exe
2⤵
PID:10032

C:\Windows\System32\oFmeKIq.exe
C:\Windows\System32\oFmeKIq.exe
2⤵
PID:10052

C:\Windows\System32\ckBZOtV.exe
C:\Windows\System32\ckBZOtV.exe
2⤵
PID:10088

C:\Windows\System32\CuENdhe.exe
C:\Windows\System32\CuENdhe.exe
2⤵
PID:10108

C:\Windows\System32\ifKaZeU.exe
C:\Windows\System32\ifKaZeU.exe
2⤵
PID:10132

C:\Windows\System32\cIZEdEq.exe
C:\Windows\System32\cIZEdEq.exe
2⤵
PID:10152

C:\Windows\System32\xFDYlPB.exe
C:\Windows\System32\xFDYlPB.exe
2⤵
PID:10180

C:\Windows\System32\MDeBDjn.exe
C:\Windows\System32\MDeBDjn.exe
2⤵
PID:10224

C:\Windows\System32\EeEFMkF.exe
C:\Windows\System32\EeEFMkF.exe
2⤵
PID:8276

C:\Windows\System32\DHkCOWJ.exe
C:\Windows\System32\DHkCOWJ.exe
2⤵
PID:9260

C:\Windows\System32\FdYcyfH.exe
C:\Windows\System32\FdYcyfH.exe
2⤵
PID:9228

C:\Windows\System32\hJSfNip.exe
C:\Windows\System32\hJSfNip.exe
2⤵
PID:9268

C:\Windows\System32\qnkfixa.exe
C:\Windows\System32\qnkfixa.exe
2⤵
PID:9352

C:\Windows\System32\qOLhJRi.exe
C:\Windows\System32\qOLhJRi.exe
2⤵
PID:9372

C:\Windows\System32\CbyznbW.exe
C:\Windows\System32\CbyznbW.exe
2⤵
PID:9320

C:\Windows\System32\mRlmUPm.exe
C:\Windows\System32\mRlmUPm.exe
2⤵
PID:9456

C:\Windows\System32\bJJekzK.exe
C:\Windows\System32\bJJekzK.exe
2⤵
PID:9392

C:\Windows\System32\QmqAIcO.exe
C:\Windows\System32\QmqAIcO.exe
2⤵
PID:9460

C:\Windows\System32\vCFOxRT.exe
C:\Windows\System32\vCFOxRT.exe
2⤵
PID:8564

C:\Windows\System32\xLEBsIU.exe
C:\Windows\System32\xLEBsIU.exe
2⤵
PID:9540

C:\Windows\System32\FzrCRNU.exe
C:\Windows\System32\FzrCRNU.exe
2⤵
PID:9648

C:\Windows\System32\sfiCOHZ.exe
C:\Windows\System32\sfiCOHZ.exe
2⤵
PID:9704

C:\Windows\System32\qJIkVUA.exe
C:\Windows\System32\qJIkVUA.exe
2⤵
PID:9764

C:\Windows\System32\rREpBkw.exe
C:\Windows\System32\rREpBkw.exe
2⤵
PID:9884

C:\Windows\System32\dmjDYrO.exe
C:\Windows\System32\dmjDYrO.exe
2⤵
PID:9924

C:\Windows\System32\LqTAWFh.exe
C:\Windows\System32\LqTAWFh.exe
2⤵
PID:10024

C:\Windows\System32\FtNqbGv.exe
C:\Windows\System32\FtNqbGv.exe
2⤵
PID:10040

C:\Windows\System32\tiNCucp.exe
C:\Windows\System32\tiNCucp.exe
2⤵
PID:10100

C:\Windows\System32\COjKJnF.exe
C:\Windows\System32\COjKJnF.exe
2⤵
PID:10216

C:\Windows\System32\lDzOhYK.exe
C:\Windows\System32\lDzOhYK.exe
2⤵
PID:5044

C:\Windows\System32\xfVdeWY.exe
C:\Windows\System32\xfVdeWY.exe
2⤵
PID:2696

C:\Windows\System32\nPpyXqE.exe
C:\Windows\System32\nPpyXqE.exe
2⤵
PID:9424

C:\Windows\System32\oCtgwJu.exe
C:\Windows\System32\oCtgwJu.exe
2⤵
PID:9388

C:\Windows\System32\vFqVIjf.exe
C:\Windows\System32\vFqVIjf.exe
2⤵
PID:9408

C:\Windows\System32\knbYiDd.exe
C:\Windows\System32\knbYiDd.exe
2⤵
PID:9668

C:\Windows\System32\DiAsiUf.exe
C:\Windows\System32\DiAsiUf.exe
2⤵
PID:9736

C:\Windows\System32\GtMqQbD.exe
C:\Windows\System32\GtMqQbD.exe
2⤵
PID:9976

C:\Windows\System32\KcjMVaZ.exe
C:\Windows\System32\KcjMVaZ.exe
2⤵
PID:10124

C:\Windows\System32\nngjGrQ.exe
C:\Windows\System32\nngjGrQ.exe
2⤵
PID:10068

C:\Windows\System32\XaiSMfI.exe
C:\Windows\System32\XaiSMfI.exe
2⤵
PID:9256

C:\Windows\System32\rChmxZW.exe
C:\Windows\System32\rChmxZW.exe
2⤵
PID:9688

C:\Windows\System32\rmmPuOl.exe
C:\Windows\System32\rmmPuOl.exe
2⤵
PID:10080

C:\Windows\System32\MQLFotd.exe
C:\Windows\System32\MQLFotd.exe
2⤵
PID:9912

C:\Windows\System32\QwdLthf.exe
C:\Windows\System32\QwdLthf.exe
2⤵
PID:4088

C:\Windows\System32\kKMzeqH.exe
C:\Windows\System32\kKMzeqH.exe
2⤵
PID:10256

C:\Windows\System32\SCfVqTo.exe
C:\Windows\System32\SCfVqTo.exe
2⤵
PID:10284

C:\Windows\System32\yisbRTX.exe
C:\Windows\System32\yisbRTX.exe
2⤵
PID:10320

C:\Windows\System32\AMgwSXy.exe
C:\Windows\System32\AMgwSXy.exe
2⤵
PID:10344

C:\Windows\System32\vkRwZSy.exe
C:\Windows\System32\vkRwZSy.exe
2⤵
PID:10376

C:\Windows\System32\HPglUkh.exe
C:\Windows\System32\HPglUkh.exe
2⤵
PID:10416

C:\Windows\System32\sAMYyuj.exe
C:\Windows\System32\sAMYyuj.exe
2⤵
PID:10432

C:\Windows\System32\WMaryzO.exe
C:\Windows\System32\WMaryzO.exe
2⤵
PID:10464

C:\Windows\System32\JfyrObM.exe
C:\Windows\System32\JfyrObM.exe
2⤵
PID:10492

C:\Windows\System32\yOPNiQP.exe
C:\Windows\System32\yOPNiQP.exe
2⤵
PID:10528

C:\Windows\System32\HGAQpzK.exe
C:\Windows\System32\HGAQpzK.exe
2⤵
PID:10560

C:\Windows\System32\xIOmpFv.exe
C:\Windows\System32\xIOmpFv.exe
2⤵
PID:10576

C:\Windows\System32\yxZcAMu.exe
C:\Windows\System32\yxZcAMu.exe
2⤵
PID:10616

C:\Windows\System32\CLeuarG.exe
C:\Windows\System32\CLeuarG.exe
2⤵
PID:10632

C:\Windows\System32\QwlryEX.exe
C:\Windows\System32\QwlryEX.exe
2⤵
PID:10672

C:\Windows\System32\DulslMw.exe
C:\Windows\System32\DulslMw.exe
2⤵
PID:10688

C:\Windows\System32\UXmnyaU.exe
C:\Windows\System32\UXmnyaU.exe
2⤵
PID:10708

C:\Windows\System32\iMwwkEE.exe
C:\Windows\System32\iMwwkEE.exe
2⤵
PID:10764

C:\Windows\System32\cFAYpwm.exe
C:\Windows\System32\cFAYpwm.exe
2⤵
PID:10796

C:\Windows\System32\ERUChZe.exe
C:\Windows\System32\ERUChZe.exe
2⤵
PID:10824

C:\Windows\System32\WOppKyy.exe
C:\Windows\System32\WOppKyy.exe
2⤵
PID:10852

C:\Windows\System32\ZKKoQvC.exe
C:\Windows\System32\ZKKoQvC.exe
2⤵
PID:10876

C:\Windows\System32\syxKcuX.exe
C:\Windows\System32\syxKcuX.exe
2⤵
PID:10904

C:\Windows\System32\ioRFeNL.exe
C:\Windows\System32\ioRFeNL.exe
2⤵
PID:10940

C:\Windows\System32\kLppozg.exe
C:\Windows\System32\kLppozg.exe
2⤵
PID:10972

C:\Windows\System32\aaqslCp.exe
C:\Windows\System32\aaqslCp.exe
2⤵
PID:11000

C:\Windows\System32\dObWodE.exe
C:\Windows\System32\dObWodE.exe
2⤵
PID:11028

C:\Windows\System32\UbELBRl.exe
C:\Windows\System32\UbELBRl.exe
2⤵
PID:11072

C:\Windows\System32\LQEktmJ.exe
C:\Windows\System32\LQEktmJ.exe
2⤵
PID:11096

C:\Windows\System32\NJFvONl.exe
C:\Windows\System32\NJFvONl.exe
2⤵
PID:11140

C:\Windows\System32\ShqoHSc.exe
C:\Windows\System32\ShqoHSc.exe
2⤵
PID:11176

C:\Windows\System32\pSPZswa.exe
C:\Windows\System32\pSPZswa.exe
2⤵
PID:11208

C:\Windows\System32\mtIicde.exe
C:\Windows\System32\mtIicde.exe
2⤵
PID:11236

C:\Windows\System32\OREUNIx.exe
C:\Windows\System32\OREUNIx.exe
2⤵
PID:10248

C:\Windows\System32\XFHCcOR.exe
C:\Windows\System32\XFHCcOR.exe
2⤵
PID:9368

C:\Windows\System32\hCiLdOg.exe
C:\Windows\System32\hCiLdOg.exe
2⤵
PID:10356

C:\Windows\System32\LTXYLxf.exe
C:\Windows\System32\LTXYLxf.exe
2⤵
PID:10428

C:\Windows\System32\rrkwHLf.exe
C:\Windows\System32\rrkwHLf.exe
2⤵
PID:10472

C:\Windows\System32\irpOxSb.exe
C:\Windows\System32\irpOxSb.exe
2⤵
PID:10568

C:\Windows\System32\ulGIlwC.exe
C:\Windows\System32\ulGIlwC.exe
2⤵
PID:10596

C:\Windows\System32\PHXoeSs.exe
C:\Windows\System32\PHXoeSs.exe
2⤵
PID:10680

C:\Windows\System32\GYzJwZT.exe
C:\Windows\System32\GYzJwZT.exe
2⤵
PID:10748

C:\Windows\System32\kGxgMhI.exe
C:\Windows\System32\kGxgMhI.exe
2⤵
PID:10788

C:\Windows\System32\bYdGEVN.exe
C:\Windows\System32\bYdGEVN.exe
2⤵
PID:10844

C:\Windows\System32\VQOJNFT.exe
C:\Windows\System32\VQOJNFT.exe
2⤵
PID:10884

C:\Windows\System32\FWkvVHQ.exe
C:\Windows\System32\FWkvVHQ.exe
2⤵
PID:10924

C:\Windows\System32\QrSAwcI.exe
C:\Windows\System32\QrSAwcI.exe
2⤵
PID:11012

C:\Windows\System32\wEVcSfA.exe
C:\Windows\System32\wEVcSfA.exe
2⤵
PID:9224

C:\Windows\System32\zqktHsU.exe
C:\Windows\System32\zqktHsU.exe
2⤵
PID:10812

C:\Windows\System32\MIDbnir.exe
C:\Windows\System32\MIDbnir.exe
2⤵
PID:11132

C:\Windows\System32\XUKpSrH.exe
C:\Windows\System32\XUKpSrH.exe
2⤵
PID:11188

C:\Windows\System32\KInHayp.exe
C:\Windows\System32\KInHayp.exe
2⤵
PID:11260

C:\Windows\System32\zgWmVMc.exe
C:\Windows\System32\zgWmVMc.exe
2⤵
PID:10340

C:\Windows\System32\qsIutfa.exe
C:\Windows\System32\qsIutfa.exe
2⤵
PID:10544

C:\Windows\System32\MGgQZGB.exe
C:\Windows\System32\MGgQZGB.exe
2⤵
PID:10728

C:\Windows\System32\QZbDZtv.exe
C:\Windows\System32\QZbDZtv.exe
2⤵
PID:3476

C:\Windows\System32\mvGtKjX.exe
C:\Windows\System32\mvGtKjX.exe
2⤵
PID:10916

C:\Windows\System32\OAflQDY.exe
C:\Windows\System32\OAflQDY.exe
2⤵
PID:900

C:\Windows\System32\xFWwXDl.exe
C:\Windows\System32\xFWwXDl.exe
2⤵
PID:11204

C:\Windows\System32\cOkSCWk.exe
C:\Windows\System32\cOkSCWk.exe
2⤵
PID:10276

C:\Windows\System32\vFQoomA.exe
C:\Windows\System32\vFQoomA.exe
2⤵
PID:10740

C:\Windows\System32\UvWSZNF.exe
C:\Windows\System32\UvWSZNF.exe
2⤵
PID:10968

C:\Windows\System32\nixKfnl.exe
C:\Windows\System32\nixKfnl.exe
2⤵
PID:10500

C:\Windows\System32\wPXGrDt.exe
C:\Windows\System32\wPXGrDt.exe
2⤵
PID:10816

C:\Windows\System32\cUQdVTE.exe
C:\Windows\System32\cUQdVTE.exe
2⤵
PID:11272

C:\Windows\System32\iwRvbvJ.exe
C:\Windows\System32\iwRvbvJ.exe
2⤵
PID:11296

C:\Windows\System32\GTlPaRb.exe
C:\Windows\System32\GTlPaRb.exe
2⤵
PID:11332

C:\Windows\System32\FXspupM.exe
C:\Windows\System32\FXspupM.exe
2⤵
PID:11364

C:\Windows\System32\KNjohEk.exe
C:\Windows\System32\KNjohEk.exe
2⤵
PID:11380

C:\Windows\System32\fNoFFwk.exe
C:\Windows\System32\fNoFFwk.exe
2⤵
PID:11396

C:\Windows\System32\GlYOcMB.exe
C:\Windows\System32\GlYOcMB.exe
2⤵
PID:11420

C:\Windows\System32\NfeFltm.exe
C:\Windows\System32\NfeFltm.exe
2⤵
PID:11444

C:\Windows\System32\FAQmGrP.exe
C:\Windows\System32\FAQmGrP.exe
2⤵
PID:11488

C:\Windows\System32\WFPUEZp.exe
C:\Windows\System32\WFPUEZp.exe
2⤵
PID:11528

C:\Windows\System32\aLnTFek.exe
C:\Windows\System32\aLnTFek.exe
2⤵
PID:11564

C:\Windows\System32\BbgxNLd.exe
C:\Windows\System32\BbgxNLd.exe
2⤵
PID:11588

C:\Windows\System32\vcxWXYR.exe
C:\Windows\System32\vcxWXYR.exe
2⤵
PID:11616

C:\Windows\System32\gSGadht.exe
C:\Windows\System32\gSGadht.exe
2⤵
PID:11644

C:\Windows\System32\gYwmeJw.exe
C:\Windows\System32\gYwmeJw.exe
2⤵
PID:11672

C:\Windows\System32\NThDJfL.exe
C:\Windows\System32\NThDJfL.exe
2⤵
PID:11700

C:\Windows\System32\sbQoswV.exe
C:\Windows\System32\sbQoswV.exe
2⤵
PID:11724

C:\Windows\System32\VWxUaXv.exe
C:\Windows\System32\VWxUaXv.exe
2⤵
PID:11744

C:\Windows\System32\hUxVppC.exe
C:\Windows\System32\hUxVppC.exe
2⤵
PID:11788

C:\Windows\System32\BwsnbQj.exe
C:\Windows\System32\BwsnbQj.exe
2⤵
PID:11812

C:\Windows\System32\LvGQzFx.exe
C:\Windows\System32\LvGQzFx.exe
2⤵
PID:11828

C:\Windows\System32\JBBBDZb.exe
C:\Windows\System32\JBBBDZb.exe
2⤵
PID:11868

C:\Windows\System32\oFysFSx.exe
C:\Windows\System32\oFysFSx.exe
2⤵
PID:11888

C:\Windows\System32\AkpfrIZ.exe
C:\Windows\System32\AkpfrIZ.exe
2⤵
PID:11916

C:\Windows\System32\qOWgpyw.exe
C:\Windows\System32\qOWgpyw.exe
2⤵
PID:11952

C:\Windows\System32\wSkFLxj.exe
C:\Windows\System32\wSkFLxj.exe
2⤵
PID:11984

C:\Windows\System32\ndfWPqM.exe
C:\Windows\System32\ndfWPqM.exe
2⤵
PID:12004

C:\Windows\System32\mbuiIpb.exe
C:\Windows\System32\mbuiIpb.exe
2⤵
PID:12028

C:\Windows\System32\TwIOKUj.exe
C:\Windows\System32\TwIOKUj.exe
2⤵
PID:12060

C:\Windows\System32\hkkDlkR.exe
C:\Windows\System32\hkkDlkR.exe
2⤵
PID:12096

C:\Windows\System32\KlGSmYT.exe
C:\Windows\System32\KlGSmYT.exe
2⤵
PID:12120

C:\Windows\System32\okISjCV.exe
C:\Windows\System32\okISjCV.exe
2⤵
PID:12140

C:\Windows\System32\KQUKQKR.exe
C:\Windows\System32\KQUKQKR.exe
2⤵
PID:12180

C:\Windows\System32\WjWwbpn.exe
C:\Windows\System32\WjWwbpn.exe
2⤵
PID:12208

C:\Windows\System32\ycoWxMe.exe
C:\Windows\System32\ycoWxMe.exe
2⤵
PID:12240

C:\Windows\System32\lPVZYbB.exe
C:\Windows\System32\lPVZYbB.exe
2⤵
PID:12256

C:\Windows\System32\BCFpnLR.exe
C:\Windows\System32\BCFpnLR.exe
2⤵
PID:12276

C:\Windows\System32\kJxMhpU.exe
C:\Windows\System32\kJxMhpU.exe
2⤵
PID:11344

C:\Windows\System32\FoJzDVr.exe
C:\Windows\System32\FoJzDVr.exe
2⤵
PID:11372

C:\Windows\System32\epkByvM.exe
C:\Windows\System32\epkByvM.exe
2⤵
PID:11428

C:\Windows\System32\hDjnCCu.exe
C:\Windows\System32\hDjnCCu.exe
2⤵
PID:11520

C:\Windows\System32\YZWRVJA.exe
C:\Windows\System32\YZWRVJA.exe
2⤵
PID:11604

C:\Windows\System32\kkSTqGc.exe
C:\Windows\System32\kkSTqGc.exe
2⤵
PID:11656

C:\Windows\System32\vGTLVVE.exe
C:\Windows\System32\vGTLVVE.exe
2⤵
PID:11732

C:\Windows\System32\HTneqrM.exe
C:\Windows\System32\HTneqrM.exe
2⤵
PID:11796

C:\Windows\System32\GIkBANI.exe
C:\Windows\System32\GIkBANI.exe
2⤵
PID:11852

C:\Windows\System32\SdIjXjQ.exe
C:\Windows\System32\SdIjXjQ.exe
2⤵
PID:11912

C:\Windows\System32\pDMcqOw.exe
C:\Windows\System32\pDMcqOw.exe
2⤵
PID:11992

C:\Windows\System32\INiNiDP.exe
C:\Windows\System32\INiNiDP.exe
2⤵
PID:12128

C:\Windows\System32\Aldtymz.exe
C:\Windows\System32\Aldtymz.exe
2⤵
PID:12236

C:\Windows\System32\uSHrClv.exe
C:\Windows\System32\uSHrClv.exe
2⤵
PID:11308

C:\Windows\System32\NBqUgzB.exe
C:\Windows\System32\NBqUgzB.exe
2⤵
PID:11460

C:\Windows\System32\bwuDmfM.exe
C:\Windows\System32\bwuDmfM.exe
2⤵
PID:11624

C:\Windows\System32\DwhmGgt.exe
C:\Windows\System32\DwhmGgt.exe
2⤵
PID:11768

C:\Windows\System32\YYxMbak.exe
C:\Windows\System32\YYxMbak.exe
2⤵
PID:11820

C:\Windows\System32\oWEVwiA.exe
C:\Windows\System32\oWEVwiA.exe
2⤵
PID:12152

C:\Windows\System32\WINFmku.exe
C:\Windows\System32\WINFmku.exe
2⤵
PID:11356

C:\Windows\System32\yObiqhu.exe
C:\Windows\System32\yObiqhu.exe
2⤵
PID:11692

C:\Windows\System32\EhWEIik.exe
C:\Windows\System32\EhWEIik.exe
2⤵
PID:4148

C:\Windows\System32\VVLzfqD.exe
C:\Windows\System32\VVLzfqD.exe
2⤵
PID:11976

C:\Windows\System32\wylyvyg.exe
C:\Windows\System32\wylyvyg.exe
2⤵
PID:11580

C:\Windows\System32\zUlvyfK.exe
C:\Windows\System32\zUlvyfK.exe
2⤵
PID:12220

C:\Windows\System32\BjnoZvY.exe
C:\Windows\System32\BjnoZvY.exe
2⤵
PID:12296

C:\Windows\System32\RRXIKBQ.exe
C:\Windows\System32\RRXIKBQ.exe
2⤵
PID:12316

C:\Windows\System32\zDFXCSw.exe
C:\Windows\System32\zDFXCSw.exe
2⤵
PID:12356

C:\Windows\System32\qesEmAJ.exe
C:\Windows\System32\qesEmAJ.exe
2⤵
PID:12384

C:\Windows\System32\AloZPnA.exe
C:\Windows\System32\AloZPnA.exe
2⤵
PID:12404

C:\Windows\System32\LyyfcJo.exe
C:\Windows\System32\LyyfcJo.exe
2⤵
PID:12440

C:\Windows\System32\PrEORWv.exe
C:\Windows\System32\PrEORWv.exe
2⤵
PID:12456

C:\Windows\System32\uYLcJIg.exe
C:\Windows\System32\uYLcJIg.exe
2⤵
PID:12492

C:\Windows\System32\diMJnAd.exe
C:\Windows\System32\diMJnAd.exe
2⤵
PID:12520

C:\Windows\System32\drplheE.exe
C:\Windows\System32\drplheE.exe
2⤵
PID:12556

C:\Windows\System32\lqUVJpR.exe
C:\Windows\System32\lqUVJpR.exe
2⤵
PID:12580

C:\Windows\System32\mIYMcDB.exe
C:\Windows\System32\mIYMcDB.exe
2⤵
PID:12616

C:\Windows\System32\uveJOhj.exe
C:\Windows\System32\uveJOhj.exe
2⤵
PID:12640

C:\Windows\System32\BxmgEvW.exe
C:\Windows\System32\BxmgEvW.exe
2⤵
PID:12668

C:\Windows\System32\SsEeqgd.exe
C:\Windows\System32\SsEeqgd.exe
2⤵
PID:12696

C:\Windows\System32\jaiRIHZ.exe
C:\Windows\System32\jaiRIHZ.exe
2⤵
PID:12720

C:\Windows\System32\JTFpojA.exe
C:\Windows\System32\JTFpojA.exe
2⤵
PID:12748

C:\Windows\System32\REQpNmz.exe
C:\Windows\System32\REQpNmz.exe
2⤵
PID:12780

C:\Windows\System32\VqivNoB.exe
C:\Windows\System32\VqivNoB.exe
2⤵
PID:12808

C:\Windows\System32\gGvcKsM.exe
C:\Windows\System32\gGvcKsM.exe
2⤵
PID:12832

C:\Windows\System32\EpCxNSi.exe
C:\Windows\System32\EpCxNSi.exe
2⤵
PID:12852

C:\Windows\System32\riCUIID.exe
C:\Windows\System32\riCUIID.exe
2⤵
PID:12888

C:\Windows\System32\PWqXMvV.exe
C:\Windows\System32\PWqXMvV.exe
2⤵
PID:12904

C:\Windows\System32\rynwavV.exe
C:\Windows\System32\rynwavV.exe
2⤵
PID:12936

C:\Windows\System32\YqMbkfp.exe
C:\Windows\System32\YqMbkfp.exe
2⤵
PID:12960

C:\Windows\System32\QCkkwfd.exe
C:\Windows\System32\QCkkwfd.exe
2⤵
PID:12984

C:\Windows\System32\UZkssGq.exe
C:\Windows\System32\UZkssGq.exe
2⤵
PID:13048

C:\Windows\System32\eLjuMut.exe
C:\Windows\System32\eLjuMut.exe
2⤵
PID:13076

C:\Windows\System32\jOxVKqd.exe
C:\Windows\System32\jOxVKqd.exe
2⤵
PID:13104

C:\Windows\System32\Thiiuag.exe
C:\Windows\System32\Thiiuag.exe
2⤵
PID:13124

C:\Windows\System32\eqnvzCt.exe
C:\Windows\System32\eqnvzCt.exe
2⤵
PID:13144

C:\Windows\System32\bFjSuSD.exe
C:\Windows\System32\bFjSuSD.exe
2⤵
PID:13160

C:\Windows\System32\vhHoqDi.exe
C:\Windows\System32\vhHoqDi.exe
2⤵
PID:13196

C:\Windows\System32\UVgtmkc.exe
C:\Windows\System32\UVgtmkc.exe
2⤵
PID:13248

C:\Windows\System32\BNuPWVS.exe
C:\Windows\System32\BNuPWVS.exe
2⤵
PID:13280

C:\Windows\System32\OZCIjcx.exe
C:\Windows\System32\OZCIjcx.exe
2⤵
PID:12292

C:\Windows\System32\cuvmKSL.exe
C:\Windows\System32\cuvmKSL.exe
2⤵
PID:12364

C:\Windows\System32\UvNouuC.exe
C:\Windows\System32\UvNouuC.exe
2⤵
PID:12428

C:\Windows\System32\OzRFrIh.exe
C:\Windows\System32\OzRFrIh.exe
2⤵
PID:12536

C:\Windows\System32\IdpCUDL.exe
C:\Windows\System32\IdpCUDL.exe
2⤵
PID:12652

C:\Windows\System32\chesTVl.exe
C:\Windows\System32\chesTVl.exe
2⤵
PID:12716

C:\Windows\System32\oCxxgaw.exe
C:\Windows\System32\oCxxgaw.exe
2⤵
PID:12788

C:\Windows\System32\DaauDig.exe
C:\Windows\System32\DaauDig.exe
2⤵
PID:12864

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AyDVlAA.exe

Filesize
3.4MB

MD5
1990837b4ecdaa712790df3db22f8e8c

SHA1
fad67be3e95c06c24009020f5cabd05806c38ae4

SHA256
44863eac8485b2decac4509359a05280df98be16551b6597227a6203b42a1b4d

SHA512
2195af8c359bea8d34114ccb30646550b1edd6b29177bca5e86fb3f0ad270276ec6b882559e50b174b39fb031670dda40c5f220cc656dc67dc52a1dca41323cd

Download Submit
C:\Windows\System32\BTwvvkc.exe

Filesize
3.4MB

MD5
05d2d348afcd665088094d2b3ac40c5c

SHA1
a3cb48dcd6599d86a36c18ce8604591ed1a4979f

SHA256
4487f82b6b19862c9946188047662c42c75cab7339c1ebfad4f426f4937a8fdf

SHA512
2fe473907a766a06a2cbe25a517c3b0ba5dddfcdcbe3d2abce0ab9a6eec49a2eef419f145a4447ddec455abedae54bab6d015b07aa392af5c7dd1b59f6a2d266

Download Submit
C:\Windows\System32\BhpJHyj.exe

Filesize
3.4MB

MD5
a639d8d2b4eeebb637a53d914ef9dd79

SHA1
1feee432ca90576796daeff343f7e4197f5080ab

SHA256
c3a374f422bd30760353d9cd85d19e8f46dd1eaef0ac4a3be3b4a6d05b6b357f

SHA512
ea529514599ed7bf6efdb2e533e0e4caeaf15518240d5c27da75be5eb5637dc467d1f928502c2842887de348d031d4b5e7be20b988f4b0b3f485087d78bf4c20

Download Submit
C:\Windows\System32\BoOUjEq.exe

Filesize
3.4MB

MD5
abed7f335180cf2f3de0da0d5e70c77f

SHA1
fcff050acafc79760ee2d310a377a4860f237fdf

SHA256
a817a1bbb90941575abce51d2981d6c5078f136bcbbb7b952965b2f2b4a47f1e

SHA512
54b35ab68784c86d1780544ccdf77fd3522851a12bb5f4f69741a6572325493c8c2cb5e4633e8f99d7b8fb2f2a2eb3cd1455267f062b99f3ac505e4d2e3fb130

Download Submit
C:\Windows\System32\Cxafsrp.exe

Filesize
3.4MB

MD5
9dd757863880f4257d790711d5fc9100

SHA1
637520df65f701b8896a1046cbbf864eef50787b

SHA256
41f0fd7d10c1b4620b3d5529900720c86bc2c8cb6d91ae18534933c27a20e1bf

SHA512
79217e31c6d108685739c799d31f9454790e4333403acfdf2bbc284ded587d6a9c7a98bc4c98825d25fe78d4729f6bea6ba038db2f0f44423cad736ae67443f3

Download Submit
C:\Windows\System32\FgTaTfR.exe

Filesize
3.4MB

MD5
04e615647588ef43af981c2d23e53242

SHA1
6a6665cc9c6bdd7f8a7dd54b5269eb577272f1e3

SHA256
9fd91917932bfd0a66e50838f546ac46a589cfad4a4492241bf4c7692caddeef

SHA512
8bb8d14047ec32d15bb8c4a285ff0555db27e6a38db513b890c0988ad73ec3b0cfca5bcf2251816e23a9e578d323d0671567b240de9fe9bc866bf250261f2dd8

Download Submit
C:\Windows\System32\JhfOhZO.exe

Filesize
3.4MB

MD5
9a3062c3c424489f76c7bbcfa75f29f5

SHA1
1fe403eb1bed12da65be3835da42aab2a3565c28

SHA256
6998308dde94005bc94e7f26856439d96c94253a61bc90d2053397b32ceaed2d

SHA512
7c81f6241cb7efbe6c40653655a74e89d4ce88e7e88c9d22f9d819181b39a80948a289c6bc15ca8b913c90c9ffc21ba0ca1017f8f9c363ca65cd2e8b7454fa0e

Download Submit
C:\Windows\System32\OqiAnSQ.exe

Filesize
3.4MB

MD5
02b823366684079273418c298e930246

SHA1
037d3a22fe9d983e0096a458817ec744a474aaf1

SHA256
2fcb0ef3e588d50c4e5ca28e4fc96720b82ebe71052befc5b9f30c850bf0cc07

SHA512
257f93fbd572e96d5a1a4cbdc322b5dba69ef4fe6aaacf0a6841f39e46f0efc68539ec59bfe7706f677c9e3f584f7ed57fe4c853001699d5c6f9ef78d1d3753a

Download Submit
C:\Windows\System32\OvoCKrf.exe

Filesize
3.4MB

MD5
b5fa8ffe2c21166589d251acff3c474e

SHA1
1cf95a28183f6b1bfe13af4d1a1fa5ea8c66bf57

SHA256
e821e3e8e04161b4b74bda44dcb593aa83af9db7ac6ba3a619a7731826403387

SHA512
f0d913cea47e7fa9ace2c782b0f4e99e2327f85eb13eaf3b2749d6e685b17d165f6cf90b3e113fb0556ebd47717cf01a451cd54b7a6039436da76a20ef3a8099

Download Submit
C:\Windows\System32\PSVZLvS.exe

Filesize
3.4MB

MD5
07e83d5b0203d2acbcefb5a936b9bf29

SHA1
56eb09ecf934333ba4f8134f51804fae34674eff

SHA256
720d662acd4f8774d0a3bccd9ef4e90a58a6d39672cc66f92767a748f683ef5b

SHA512
c0f5c61646434cfdf3b17fa0d0b156177f6b79a309fbeac7bc6dc27106bedf6a37d2dadb39d1e5eac1320c49861668d6c2a1e2bdb2a9a165c4690cf2ee23cfe2

Download Submit
C:\Windows\System32\QQnVHEm.exe

Filesize
3.4MB

MD5
239773cd78cb33d14b531accd476c019

SHA1
5feb65e78363c675ebe0a11ec3a91f531e780ac7

SHA256
7c5a2fa850e6836506f25368995fefda11cf5ebd1a62741b395299f57493e152

SHA512
e2bf68bca550ae23bfb19712185ad993cb047c600e29b6806d40ce7339e5257ba3a16ae0f29b85682ebe651c4a2b0257b86518ea4fbe8f69e0cd2f781086f3b6

Download Submit
C:\Windows\System32\RKVxQfG.exe

Filesize
3.4MB

MD5
f6b45d6a8e1e4ba6e90c3d5266e0cb40

SHA1
57be5dfa61aba3c8f7624836a9c34b36df245964

SHA256
93df5ad39f92eca6f7dfabd8f9fb8f59ca05dc6b5c8c35c0546adb6e59cef1c7

SHA512
ee6005ef00e4c0f84a3980fce2dbddbfeae6d52e03749ae9d2eda5ea9c6c461a9375cde19e0666231f2279924722ede81fa05a1d97c43b40f549d1599ef4c580

Download Submit
C:\Windows\System32\SAvIvrv.exe

Filesize
3.4MB

MD5
346c10ce185c809f4c2a6e14153ab990

SHA1
0d9b73524750db65491e024e59171fb61e574b5b

SHA256
4c962feda0f3628b7f5f76c17c8009959439c810ab8f5f19d36664af61843d20

SHA512
6c757c1a96142c8e51f8874d496ae2649ab3fd1e1016f724c70df181f52fdab00971a5b7a0a8506dbfbc3a9912dc0796e43bfa5c90a80eee471f638ece3a006e

Download Submit
C:\Windows\System32\SCSFctb.exe

Filesize
3.4MB

MD5
cc1200c62571984ad3d5ae8caea490f8

SHA1
8ccfc281509babd73030ecfa85cc6cf1b151935c

SHA256
88ca379f3fffac7475a17f3015e108143fd64cc241b8515bf0cb3b0bf0777ebc

SHA512
e13c1d00224d5fcec90faed3741dd13c541dea750d145e54a550e3bc313dbfebf52e5adc9accaef808145bb0480ebba2e50ad36580ab9f97eebeda170d516390

Download Submit
C:\Windows\System32\SxqxpQs.exe

Filesize
3.4MB

MD5
8baa0585bd40874b4bda762199757a94

SHA1
a3030f213e0f37ef2c67d7bfa978932a97700205

SHA256
b6cacfecfa9c0bb2f60dc6672d2e591405308579e0f52be53bdf670c9a1f25a6

SHA512
17f145e14cd99a735222d66212bcf743adbf7f234bf5579c5a474989efe762059a15ed8b44495dc846dd6d25d427cee58ebc7e254fc087a8ad89cc510c638dfb

Download Submit
C:\Windows\System32\TdaklYM.exe

Filesize
3.4MB

MD5
9abb3518dc8539b98b3a56b08278122b

SHA1
88381c2d3eed96a617ef21e1956fa238a7cdd6d4

SHA256
747c1e6a5d08b666ebcfa58998a84eb85137d927453f575092f4ef99be351fe5

SHA512
c0c8d82fbc744d092ea0b905d7131056a29cc9e0de2094cb57b4420e0dac225fd6d42b95d71bae88fc2aa8d2854a03d171bd48f1e9d9f443072aeac8a3d50726

Download Submit
C:\Windows\System32\TwUAXcy.exe

Filesize
3.4MB

MD5
61637e4ab63eb71fefc349b66e4c2c6f

SHA1
20bbb45df9b8b56e896e3666e60d3ec45f883ad9

SHA256
71da805d144e27222df6173c96fe0588da3c48e134b2c1dd797928f5db75ca76

SHA512
d5479afc6a458003580875a4542ba0be015bd2d635395210895d201668d272dd60f7542ef1a149ac43b2961d7df6d86757ece2fea113e8c57d57e28865ae4e41

Download Submit
C:\Windows\System32\UALrVTH.exe

Filesize
3.4MB

MD5
fa0a6ece65cd9f6eb05245ee6b4d97fc

SHA1
80f9ae6d99cf9163fbfa67aa29edeb97f1023adb

SHA256
2ddefa89ead4d0d9688f003999cb1340bce328217249015b855ee88feed71995

SHA512
0d69d2bce4ab7a4e19781484d9412cdd15a071640f6a5e4bba9c15f8850ed85aec6e4e6796c567358cdebeeddd5701b32ed4a16315cd795cdc1164068933837c

Download Submit
C:\Windows\System32\UVIxwCz.exe

Filesize
3.4MB

MD5
69e5308f65fb8fca37d7a1e2a05a0233

SHA1
7d4a75fd2cdffc357b23a4d4dec245f55aa92779

SHA256
48cfdd01eed14b82aec5e4029a062c89c557c12dbf5f165719d98e31a283af79

SHA512
962f43cf0ebccd44e439061175d83d5ce3b83ae62d76ce56ef84ce1ccffb4c3a243a2249ea761625e06659f24441e17b3c8b2cd715ed940e56066083331ae45c

Download Submit
C:\Windows\System32\WmDbKVV.exe

Filesize
3.4MB

MD5
121b976a3e71d238bf2889d0ea3d8f43

SHA1
49190a75cb537ff43d04bcb60b37a62705c35a23

SHA256
0bf26cb3928d36f7842afeadf6a6c0b4bfe843ed6647b9d3e0117c280b357d44

SHA512
0b8678ed702839a2deac19ec609f9b2f25d16914e1f4e9ec705cc3dbb0d25ff5145365b15e475208eefcbbbc68f4835aba0d82e944e94243fafc811267cde845

Download Submit
C:\Windows\System32\YRqnlQh.exe

Filesize
3.4MB

MD5
d1b6f6055c4c7bf84b7e37b6ea2a8e12

SHA1
db021db4e25561c44c29b03aa47e281590b4e242

SHA256
80edefc056fb41d68fb291908179946a6527d54f9dfa8e9b77708e9dc2fcc915

SHA512
4cfadc858efeb177af5629cdc3267284bf93905127e05ec4816bd35dc8d88454f0472b745c4e12dbda879c578a776025ae84f79941986b73554454e4479500c5

Download Submit
C:\Windows\System32\YkviqQC.exe

Filesize
3.4MB

MD5
b287159e7fd7cf6f27b98d91a79a0af1

SHA1
15b376692e258affa8a877f4158c250f9c7d89ab

SHA256
120467ff5df12d1316ced52c6e562ef1359ad7a95359c6e132b803c64e2ef524

SHA512
fb30436f34ac8a816b168a430efb7d050df3e8640bb4c44474ac7a8eaa59d03989f682521fb4e22900159ba5946e88ffc548d90bf8228959f109d1acc826658b

Download Submit
C:\Windows\System32\YsHspAl.exe

Filesize
3.4MB

MD5
8a0b2266330aa26451182256b2586cbf

SHA1
3ab9321e8ceca36f15aa26ebd305d185eb4c5be4

SHA256
4fb8f374718b019b2f512178a805e970499c89c539e43be80ef5a0276f6fccef

SHA512
449bc777ace6359b8ac44a933abbeb72cd756a4ea91c6500e0d945eca352dec1449f42002fb3340e4cbb98f1293f91f39f0c00f9c21404d5eade721842554bd7

Download Submit
C:\Windows\System32\fXXNwDm.exe

Filesize
3.4MB

MD5
4d70e430a20b1e60296393d6268f98d0

SHA1
064510155ba7b76f2c0e113c15655ce25ed380ce

SHA256
6456b7f838549f0f0ae6a0b1e0eb7dd4cd8834611f9310aaa6bc863fd3294312

SHA512
14b078aa2b88a978c298e0104adec1e733f0194e9e5ee1c8e24e7d35a6c6f8a8d0cda3899fce80cdf51ab7dc98f013c863935d9689c47425b77331cf27504d75

Download Submit
C:\Windows\System32\gpBhRea.exe

Filesize
3.4MB

MD5
c005e99fa961dae73015a9ccbbcfe62d

SHA1
1960b0fbbd64791674687b5e59025eeed02ce45f

SHA256
f7dc8072aa24728671f407cbfb2d6021e22b4eccc12d585f2bad2151a5403f75

SHA512
633c8c8cbeac7ba89283ac21b8396850620d93b99817fbcc4f8a19be0cfde7062fd7549bd833fd92b5f8da3d3ebd029064faeb54547c26cc732b327c3ebe2121

Download Submit
C:\Windows\System32\ksRxsnJ.exe

Filesize
3.4MB

MD5
0a4d890cdbe525e8a7f07a3e9131d39a

SHA1
6f66dc42f2c556bb601d2eb91baecf8f07f5225a

SHA256
f4e3e37182f2428ad309913a855cd67596c1f0818469cb6f2f7151753327cbb4

SHA512
5014af94eab8be03bf695b932e6fdc4bc12edea5415f6d9f3077dfc4090a266e890150151a2cf83dd1b091c954d8fd5475eb0b71b8692bdd6ecd09a4af6a17fa

Download Submit
C:\Windows\System32\lyPgtSZ.exe

Filesize
3.4MB

MD5
8c164c5c00168f56dfb98f32646e1553

SHA1
509ccd540d25cce1f02590c4b499c6be275d46d2

SHA256
5c1cf0f5401afbd4674c7c55c648b992fd99d537aa2c354c4d511027ab431aee

SHA512
a1c9b67abf4f93c882b2cc1774b17dceda779515c58d4d67746a56fee1866746b7cdda95114110819750890908601bf0c1bfa1eff31eb9a0279024b887e788fe

Download Submit
C:\Windows\System32\nvQddRM.exe

Filesize
3.4MB

MD5
abf4a5ff23cf4a8c1bdfee62e577b3ba

SHA1
f42ed5953ea8ba15b64fd7707011dbf78845b3a5

SHA256
c4e3ced4975e7e05c2bdc3f0fceb4bfbf62625077faca1f7dbdb1772c47c198f

SHA512
1e15baaae38fea0a1ea52183fd9b21c6b59eaebf2fb09d24d9b9357fc3250e0fde5d632dfe9ad1f490da484601f436a416d61f0dfb6fcd61077b103bc357276c

Download Submit
C:\Windows\System32\uNUMAis.exe

Filesize
3.4MB

MD5
a492005fbabaf15f2f69d4d62b0cc203

SHA1
a011f67b0d946dcba9a98b78cf20fd91a226dd1a

SHA256
3059d978369e581502af81c8a774c337d5463c94a23954fe69b07c202311320e

SHA512
a7bd9f8953c899738d038c6aecce6eda1ba0c271a4051e3610aedb40199961d1bf1c9b61503003fa2b72a7e7813a24aac76f635d19536a09e262fe5715efefa4

Download Submit
C:\Windows\System32\uzUyWFE.exe

Filesize
3.4MB

MD5
fde197a13d6450002ec6a992bae7b7d7

SHA1
1c0227c904a7372f639d5a125f310d9c995d138d

SHA256
d50654b68e4ad52b1893bb626f7c78e890076bca4550a6ff974edef3c7187547

SHA512
23e00b0beb358e986a78e85b66fdb41c0b011a13ac93f3eada3fa6f138afe4c091ca482db171ad11b30354bfd2bb9b9ed2704c6bbaab9be0dacc1e9f045d1374

Download Submit
C:\Windows\System32\xtWDtfp.exe

Filesize
3.4MB

MD5
90f7ef323eeb8e5ae852931ad1552a5e

SHA1
28beb879547fda89d7a473319fa97b20aa708a92

SHA256
88a0bbc9f2d2ec7b8200aebc2befdb01513f162d611d77b8656f493abb4203b3

SHA512
4a94cd7876db4b42f6a9319956fcc72941759aaea535ca4a67e897621467ea03f38a46652ee568d84e2ee5c2b0a8967a834ab0fde9fbe864c3e82f3019461326

Download Submit
C:\Windows\System32\yTDJaaH.exe

Filesize
3.4MB

MD5
0bb43456b4087945eca653f05201481e

SHA1
cf82c7b5ad0511f4aafec842014273423125513c

SHA256
196c2413d87a457be8c67773a3775e626893306b36592a28529655bce59b374f

SHA512
c9e5ff6afaabdc9efdf086aee612643d3aaf6c6fa778b5068596c6b7d5b83758eb7c3b738e1ed87d363cf45f406904cc4c934e6c60490720edd9054d3297b6e1

Download Submit
memory/468-890-0x00007FF7E89C0000-0x00007FF7E8DB5000-memory.dmp

Filesize
4.0MB

Download
memory/468-1958-0x00007FF7E89C0000-0x00007FF7E8DB5000-memory.dmp

Filesize
4.0MB

Download
memory/996-852-0x00007FF6DF420000-0x00007FF6DF815000-memory.dmp

Filesize
4.0MB

Download
memory/996-1955-0x00007FF6DF420000-0x00007FF6DF815000-memory.dmp

Filesize
4.0MB

Download
memory/1012-1950-0x00007FF74BD80000-0x00007FF74C175000-memory.dmp

Filesize
4.0MB

Download
memory/1012-824-0x00007FF74BD80000-0x00007FF74C175000-memory.dmp

Filesize
4.0MB

Download
memory/1212-1945-0x00007FF6679F0000-0x00007FF667DE5000-memory.dmp

Filesize
4.0MB

Download
memory/1212-31-0x00007FF6679F0000-0x00007FF667DE5000-memory.dmp

Filesize
4.0MB

Download
memory/1284-925-0x00007FF6722E0000-0x00007FF6726D5000-memory.dmp

Filesize
4.0MB

Download
memory/1284-1961-0x00007FF6722E0000-0x00007FF6726D5000-memory.dmp

Filesize
4.0MB

Download
memory/2300-1954-0x00007FF7BB0C0000-0x00007FF7BB4B5000-memory.dmp

Filesize
4.0MB

Download
memory/2300-829-0x00007FF7BB0C0000-0x00007FF7BB4B5000-memory.dmp

Filesize
4.0MB

Download
memory/2320-863-0x00007FF631C70000-0x00007FF632065000-memory.dmp

Filesize
4.0MB

Download
memory/2320-1952-0x00007FF631C70000-0x00007FF632065000-memory.dmp

Filesize
4.0MB

Download
memory/2584-1956-0x00007FF6328E0000-0x00007FF632CD5000-memory.dmp

Filesize
4.0MB

Download
memory/2584-857-0x00007FF6328E0000-0x00007FF632CD5000-memory.dmp

Filesize
4.0MB

Download
memory/2624-0-0x00007FF68E950000-0x00007FF68ED45000-memory.dmp

Filesize
4.0MB

Download
memory/2624-1941-0x00007FF68E950000-0x00007FF68ED45000-memory.dmp

Filesize
4.0MB

Download
memory/2624-1-0x000001D91C500000-0x000001D91C510000-memory.dmp

Filesize
64KB

Download
memory/2756-1960-0x00007FF681960000-0x00007FF681D55000-memory.dmp

Filesize
4.0MB

Download
memory/2756-873-0x00007FF681960000-0x00007FF681D55000-memory.dmp

Filesize
4.0MB

Download
memory/2764-882-0x00007FF608B90000-0x00007FF608F85000-memory.dmp

Filesize
4.0MB

Download
memory/2764-1965-0x00007FF608B90000-0x00007FF608F85000-memory.dmp

Filesize
4.0MB

Download
memory/2792-1949-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp

Filesize
4.0MB

Download
memory/2792-1943-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp

Filesize
4.0MB

Download
memory/2792-28-0x00007FF7A8480000-0x00007FF7A8875000-memory.dmp

Filesize
4.0MB

Download
memory/3036-1967-0x00007FF6D6AF0000-0x00007FF6D6EE5000-memory.dmp

Filesize
4.0MB

Download
memory/3036-981-0x00007FF6D6AF0000-0x00007FF6D6EE5000-memory.dmp

Filesize
4.0MB

Download
memory/3056-1948-0x00007FF707160000-0x00007FF707555000-memory.dmp

Filesize
4.0MB

Download
memory/3056-984-0x00007FF707160000-0x00007FF707555000-memory.dmp

Filesize
4.0MB

Download
memory/3060-841-0x00007FF680D00000-0x00007FF6810F5000-memory.dmp

Filesize
4.0MB

Download
memory/3060-1951-0x00007FF680D00000-0x00007FF6810F5000-memory.dmp

Filesize
4.0MB

Download
memory/3552-845-0x00007FF61AA70000-0x00007FF61AE65000-memory.dmp

Filesize
4.0MB

Download
memory/3552-1957-0x00007FF61AA70000-0x00007FF61AE65000-memory.dmp

Filesize
4.0MB

Download
memory/3640-1942-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp

Filesize
4.0MB

Download
memory/3640-1946-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp

Filesize
4.0MB

Download
memory/3640-27-0x00007FF6DD740000-0x00007FF6DDB35000-memory.dmp

Filesize
4.0MB

Download
memory/3852-983-0x00007FF602DB0000-0x00007FF6031A5000-memory.dmp

Filesize
4.0MB

Download
memory/3852-1966-0x00007FF602DB0000-0x00007FF6031A5000-memory.dmp

Filesize
4.0MB

Download
memory/4360-835-0x00007FF78E920000-0x00007FF78ED15000-memory.dmp

Filesize
4.0MB

Download
memory/4360-1953-0x00007FF78E920000-0x00007FF78ED15000-memory.dmp

Filesize
4.0MB

Download
memory/4384-907-0x00007FF6DB440000-0x00007FF6DB835000-memory.dmp

Filesize
4.0MB

Download
memory/4384-1964-0x00007FF6DB440000-0x00007FF6DB835000-memory.dmp

Filesize
4.0MB

Download
memory/4428-15-0x00007FF755C00000-0x00007FF755FF5000-memory.dmp

Filesize
4.0MB

Download
memory/4428-1944-0x00007FF755C00000-0x00007FF755FF5000-memory.dmp

Filesize
4.0MB

Download
memory/4432-914-0x00007FF6A4FC0000-0x00007FF6A53B5000-memory.dmp

Filesize
4.0MB

Download
memory/4432-1963-0x00007FF6A4FC0000-0x00007FF6A53B5000-memory.dmp

Filesize
4.0MB

Download
memory/4464-1962-0x00007FF61BBE0000-0x00007FF61BFD5000-memory.dmp

Filesize
4.0MB

Download
memory/4464-917-0x00007FF61BBE0000-0x00007FF61BFD5000-memory.dmp

Filesize
4.0MB

Download
memory/4752-1947-0x00007FF6003E0000-0x00007FF6007D5000-memory.dmp

Filesize
4.0MB

Download
memory/4752-819-0x00007FF6003E0000-0x00007FF6007D5000-memory.dmp

Filesize
4.0MB

Download
memory/4896-895-0x00007FF7CA0C0000-0x00007FF7CA4B5000-memory.dmp

Filesize
4.0MB

Download
memory/4896-1959-0x00007FF7CA0C0000-0x00007FF7CA4B5000-memory.dmp

Filesize
4.0MB

Download