xmrig | dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7

Analysis

max time kernel
131s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 03:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
Size

3.2MB
MD5

72739ba551f3261af7379556cca9e10f
SHA1

e59b57d1badf7d109dc2a04b1016ebb7144e142f
SHA256

dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7
SHA512

fb8ccc6d07c440d402c7604e045a2914b5ea43e6ed6214a68dbd7c36227460cd5b24dca4e4026a194103c3a707c57fe6e30e4b7bf3b749412f2dddc2806892c6
SSDEEP

98304:N0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc42:NFWPClFG

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2124-0-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp	UPX
behavioral2/files/0x000800000002351e-4.dat	UPX
behavioral2/files/0x0007000000023522-12.dat	UPX
behavioral2/memory/2492-16-0x00007FF7CA8E0000-0x00007FF7CACD5000-memory.dmp	UPX
behavioral2/files/0x0007000000023524-19.dat	UPX
behavioral2/memory/2364-20-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	UPX
behavioral2/files/0x0007000000023526-34.dat	UPX
behavioral2/files/0x0007000000023529-47.dat	UPX
behavioral2/files/0x000700000002352a-54.dat	UPX
behavioral2/files/0x000700000002352d-69.dat	UPX
behavioral2/files/0x0007000000023530-84.dat	UPX
behavioral2/files/0x0007000000023535-109.dat	UPX
behavioral2/files/0x0007000000023539-129.dat	UPX
behavioral2/files/0x000700000002353d-152.dat	UPX
behavioral2/files/0x0007000000023540-164.dat	UPX
behavioral2/files/0x000700000002353f-159.dat	UPX
behavioral2/files/0x000700000002353e-157.dat	UPX
behavioral2/files/0x000700000002353c-147.dat	UPX
behavioral2/files/0x000700000002353b-142.dat	UPX
behavioral2/files/0x000700000002353a-134.dat	UPX
behavioral2/files/0x0007000000023538-124.dat	UPX
behavioral2/files/0x0007000000023537-119.dat	UPX
behavioral2/files/0x0007000000023536-114.dat	UPX
behavioral2/files/0x0007000000023534-104.dat	UPX
behavioral2/files/0x0007000000023533-99.dat	UPX
behavioral2/files/0x0007000000023532-94.dat	UPX
behavioral2/files/0x0007000000023531-89.dat	UPX
behavioral2/files/0x000700000002352f-79.dat	UPX
behavioral2/files/0x000700000002352e-74.dat	UPX
behavioral2/files/0x000700000002352c-64.dat	UPX
behavioral2/files/0x000700000002352b-59.dat	UPX
behavioral2/files/0x0007000000023528-44.dat	UPX
behavioral2/files/0x0007000000023527-39.dat	UPX
behavioral2/files/0x0007000000023525-29.dat	UPX
behavioral2/files/0x0007000000023523-22.dat	UPX
behavioral2/memory/2336-9-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	UPX
behavioral2/memory/3704-830-0x00007FF7030C0000-0x00007FF7034B5000-memory.dmp	UPX
behavioral2/memory/1920-835-0x00007FF6D97E0000-0x00007FF6D9BD5000-memory.dmp	UPX
behavioral2/memory/3928-851-0x00007FF7969D0000-0x00007FF796DC5000-memory.dmp	UPX
behavioral2/memory/4004-842-0x00007FF6C9990000-0x00007FF6C9D85000-memory.dmp	UPX
behavioral2/memory/4748-855-0x00007FF65A140000-0x00007FF65A535000-memory.dmp	UPX
behavioral2/memory/3712-863-0x00007FF6C0D50000-0x00007FF6C1145000-memory.dmp	UPX
behavioral2/memory/4380-868-0x00007FF7EA1A0000-0x00007FF7EA595000-memory.dmp	UPX
behavioral2/memory/4132-874-0x00007FF65C9D0000-0x00007FF65CDC5000-memory.dmp	UPX
behavioral2/memory/608-878-0x00007FF6092A0000-0x00007FF609695000-memory.dmp	UPX
behavioral2/memory/4824-860-0x00007FF6C6520000-0x00007FF6C6915000-memory.dmp	UPX
behavioral2/memory/2268-884-0x00007FF634C30000-0x00007FF635025000-memory.dmp	UPX
behavioral2/memory/3064-890-0x00007FF734510000-0x00007FF734905000-memory.dmp	UPX
behavioral2/memory/4640-891-0x00007FF6B77C0000-0x00007FF6B7BB5000-memory.dmp	UPX
behavioral2/memory/4068-900-0x00007FF72C100000-0x00007FF72C4F5000-memory.dmp	UPX
behavioral2/memory/4244-902-0x00007FF70A5A0000-0x00007FF70A995000-memory.dmp	UPX
behavioral2/memory/3988-905-0x00007FF6D8D20000-0x00007FF6D9115000-memory.dmp	UPX
behavioral2/memory/2828-898-0x00007FF7040D0000-0x00007FF7044C5000-memory.dmp	UPX
behavioral2/memory/380-894-0x00007FF70A770000-0x00007FF70AB65000-memory.dmp	UPX
behavioral2/memory/3536-889-0x00007FF76A560000-0x00007FF76A955000-memory.dmp	UPX
behavioral2/memory/4052-936-0x00007FF7A4610000-0x00007FF7A4A05000-memory.dmp	UPX
behavioral2/memory/2688-937-0x00007FF7F2800000-0x00007FF7F2BF5000-memory.dmp	UPX
behavioral2/memory/2124-1797-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp	UPX
behavioral2/memory/2336-1798-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	UPX
behavioral2/memory/2364-1799-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	UPX
behavioral2/memory/2336-1800-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	UPX
behavioral2/memory/2492-1801-0x00007FF7CA8E0000-0x00007FF7CACD5000-memory.dmp	UPX
behavioral2/memory/2364-1802-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	UPX
behavioral2/memory/4052-1803-0x00007FF7A4610000-0x00007FF7A4A05000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2124-0-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp	xmrig
behavioral2/files/0x000800000002351e-4.dat	xmrig
behavioral2/files/0x0007000000023522-12.dat	xmrig
behavioral2/memory/2492-16-0x00007FF7CA8E0000-0x00007FF7CACD5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023524-19.dat	xmrig
behavioral2/memory/2364-20-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	xmrig
behavioral2/files/0x0007000000023526-34.dat	xmrig
behavioral2/files/0x0007000000023529-47.dat	xmrig
behavioral2/files/0x000700000002352a-54.dat	xmrig
behavioral2/files/0x000700000002352d-69.dat	xmrig
behavioral2/files/0x0007000000023530-84.dat	xmrig
behavioral2/files/0x0007000000023535-109.dat	xmrig
behavioral2/files/0x0007000000023539-129.dat	xmrig
behavioral2/files/0x000700000002353d-152.dat	xmrig
behavioral2/files/0x0007000000023540-164.dat	xmrig
behavioral2/files/0x000700000002353f-159.dat	xmrig
behavioral2/files/0x000700000002353e-157.dat	xmrig
behavioral2/files/0x000700000002353c-147.dat	xmrig
behavioral2/files/0x000700000002353b-142.dat	xmrig
behavioral2/files/0x000700000002353a-134.dat	xmrig
behavioral2/files/0x0007000000023538-124.dat	xmrig
behavioral2/files/0x0007000000023537-119.dat	xmrig
behavioral2/files/0x0007000000023536-114.dat	xmrig
behavioral2/files/0x0007000000023534-104.dat	xmrig
behavioral2/files/0x0007000000023533-99.dat	xmrig
behavioral2/files/0x0007000000023532-94.dat	xmrig
behavioral2/files/0x0007000000023531-89.dat	xmrig
behavioral2/files/0x000700000002352f-79.dat	xmrig
behavioral2/files/0x000700000002352e-74.dat	xmrig
behavioral2/files/0x000700000002352c-64.dat	xmrig
behavioral2/files/0x000700000002352b-59.dat	xmrig
behavioral2/files/0x0007000000023528-44.dat	xmrig
behavioral2/files/0x0007000000023527-39.dat	xmrig
behavioral2/files/0x0007000000023525-29.dat	xmrig
behavioral2/files/0x0007000000023523-22.dat	xmrig
behavioral2/memory/2336-9-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	xmrig
behavioral2/memory/3704-830-0x00007FF7030C0000-0x00007FF7034B5000-memory.dmp	xmrig
behavioral2/memory/1920-835-0x00007FF6D97E0000-0x00007FF6D9BD5000-memory.dmp	xmrig
behavioral2/memory/3928-851-0x00007FF7969D0000-0x00007FF796DC5000-memory.dmp	xmrig
behavioral2/memory/4004-842-0x00007FF6C9990000-0x00007FF6C9D85000-memory.dmp	xmrig
behavioral2/memory/4748-855-0x00007FF65A140000-0x00007FF65A535000-memory.dmp	xmrig
behavioral2/memory/3712-863-0x00007FF6C0D50000-0x00007FF6C1145000-memory.dmp	xmrig
behavioral2/memory/4380-868-0x00007FF7EA1A0000-0x00007FF7EA595000-memory.dmp	xmrig
behavioral2/memory/4132-874-0x00007FF65C9D0000-0x00007FF65CDC5000-memory.dmp	xmrig
behavioral2/memory/608-878-0x00007FF6092A0000-0x00007FF609695000-memory.dmp	xmrig
behavioral2/memory/4824-860-0x00007FF6C6520000-0x00007FF6C6915000-memory.dmp	xmrig
behavioral2/memory/2268-884-0x00007FF634C30000-0x00007FF635025000-memory.dmp	xmrig
behavioral2/memory/3064-890-0x00007FF734510000-0x00007FF734905000-memory.dmp	xmrig
behavioral2/memory/4640-891-0x00007FF6B77C0000-0x00007FF6B7BB5000-memory.dmp	xmrig
behavioral2/memory/4068-900-0x00007FF72C100000-0x00007FF72C4F5000-memory.dmp	xmrig
behavioral2/memory/4244-902-0x00007FF70A5A0000-0x00007FF70A995000-memory.dmp	xmrig
behavioral2/memory/3988-905-0x00007FF6D8D20000-0x00007FF6D9115000-memory.dmp	xmrig
behavioral2/memory/2828-898-0x00007FF7040D0000-0x00007FF7044C5000-memory.dmp	xmrig
behavioral2/memory/380-894-0x00007FF70A770000-0x00007FF70AB65000-memory.dmp	xmrig
behavioral2/memory/3536-889-0x00007FF76A560000-0x00007FF76A955000-memory.dmp	xmrig
behavioral2/memory/4052-936-0x00007FF7A4610000-0x00007FF7A4A05000-memory.dmp	xmrig
behavioral2/memory/2688-937-0x00007FF7F2800000-0x00007FF7F2BF5000-memory.dmp	xmrig
behavioral2/memory/2124-1797-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp	xmrig
behavioral2/memory/2336-1798-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	xmrig
behavioral2/memory/2364-1799-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	xmrig
behavioral2/memory/2336-1800-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	xmrig
behavioral2/memory/2492-1801-0x00007FF7CA8E0000-0x00007FF7CACD5000-memory.dmp	xmrig
behavioral2/memory/2364-1802-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	xmrig
behavioral2/memory/4052-1803-0x00007FF7A4610000-0x00007FF7A4A05000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2336	teRSydL.exe
2492	KTkWsjv.exe
2364	GbWzbqB.exe
4052	NOFpEXQ.exe
2688	GtMzzwt.exe
3704	orSloTy.exe
1920	LYslqMj.exe
4004	WDWVRBO.exe
3928	nmVKdVY.exe
4748	EOgkKcG.exe
4824	KYPMfjz.exe
3712	XdumKPN.exe
4380	zviKDEj.exe
4132	vAEDgFK.exe
608	FExjwSJ.exe
2268	NFYLVsD.exe
3536	veVvmVN.exe
3064	LmVSncE.exe
4640	TrbhcSY.exe
380	afgGDJw.exe
2828	UosXrYU.exe
4068	UtLjEem.exe
4244	WoHeDzF.exe
3988	jTxOtyY.exe
2160	icKHgcP.exe
3588	FVljsoT.exe
2712	tHonreE.exe
3400	ZcvTquI.exe
4572	ZjVxdsa.exe
5076	wHwSrac.exe
4592	hQxeCfi.exe
3096	TBrVokz.exe
4352	LUwsDLg.exe
4336	RwCZgWz.exe
2408	BugAeep.exe
1084	IGBxmUD.exe
4484	drlIPwa.exe
2452	tAnzcVJ.exe
4916	iMtTGhp.exe
2400	xCskeSU.exe
2784	JOfwveW.exe
1544	cOHRqEP.exe
4788	oslLHCw.exe
1796	kNtyGJU.exe
1520	YMgUhyl.exe
2368	xSxYuFj.exe
2732	lXbgrAu.exe
4440	umQotOD.exe
4012	AhvZALS.exe
396	PqOUyXn.exe
4412	zeNqOnN.exe
3224	MFfaODe.exe
3672	RMSPjEK.exe
4996	HADhVjo.exe
4740	JVqWjsg.exe
5124	KZScpwd.exe
5152	DQPkbup.exe
5180	eGDOLnk.exe
5208	PBVPiIp.exe
5224	pMxiDqj.exe
5252	nXySZCQ.exe
5292	CQjAZFn.exe
5320	cNyrqYK.exe
5336	CpieQbf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2124-0-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp	upx
behavioral2/files/0x000800000002351e-4.dat	upx
behavioral2/files/0x0007000000023522-12.dat	upx
behavioral2/memory/2492-16-0x00007FF7CA8E0000-0x00007FF7CACD5000-memory.dmp	upx
behavioral2/files/0x0007000000023524-19.dat	upx
behavioral2/memory/2364-20-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	upx
behavioral2/files/0x0007000000023526-34.dat	upx
behavioral2/files/0x0007000000023529-47.dat	upx
behavioral2/files/0x000700000002352a-54.dat	upx
behavioral2/files/0x000700000002352d-69.dat	upx
behavioral2/files/0x0007000000023530-84.dat	upx
behavioral2/files/0x0007000000023535-109.dat	upx
behavioral2/files/0x0007000000023539-129.dat	upx
behavioral2/files/0x000700000002353d-152.dat	upx
behavioral2/files/0x0007000000023540-164.dat	upx
behavioral2/files/0x000700000002353f-159.dat	upx
behavioral2/files/0x000700000002353e-157.dat	upx
behavioral2/files/0x000700000002353c-147.dat	upx
behavioral2/files/0x000700000002353b-142.dat	upx
behavioral2/files/0x000700000002353a-134.dat	upx
behavioral2/files/0x0007000000023538-124.dat	upx
behavioral2/files/0x0007000000023537-119.dat	upx
behavioral2/files/0x0007000000023536-114.dat	upx
behavioral2/files/0x0007000000023534-104.dat	upx
behavioral2/files/0x0007000000023533-99.dat	upx
behavioral2/files/0x0007000000023532-94.dat	upx
behavioral2/files/0x0007000000023531-89.dat	upx
behavioral2/files/0x000700000002352f-79.dat	upx
behavioral2/files/0x000700000002352e-74.dat	upx
behavioral2/files/0x000700000002352c-64.dat	upx
behavioral2/files/0x000700000002352b-59.dat	upx
behavioral2/files/0x0007000000023528-44.dat	upx
behavioral2/files/0x0007000000023527-39.dat	upx
behavioral2/files/0x0007000000023525-29.dat	upx
behavioral2/files/0x0007000000023523-22.dat	upx
behavioral2/memory/2336-9-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	upx
behavioral2/memory/3704-830-0x00007FF7030C0000-0x00007FF7034B5000-memory.dmp	upx
behavioral2/memory/1920-835-0x00007FF6D97E0000-0x00007FF6D9BD5000-memory.dmp	upx
behavioral2/memory/3928-851-0x00007FF7969D0000-0x00007FF796DC5000-memory.dmp	upx
behavioral2/memory/4004-842-0x00007FF6C9990000-0x00007FF6C9D85000-memory.dmp	upx
behavioral2/memory/4748-855-0x00007FF65A140000-0x00007FF65A535000-memory.dmp	upx
behavioral2/memory/3712-863-0x00007FF6C0D50000-0x00007FF6C1145000-memory.dmp	upx
behavioral2/memory/4380-868-0x00007FF7EA1A0000-0x00007FF7EA595000-memory.dmp	upx
behavioral2/memory/4132-874-0x00007FF65C9D0000-0x00007FF65CDC5000-memory.dmp	upx
behavioral2/memory/608-878-0x00007FF6092A0000-0x00007FF609695000-memory.dmp	upx
behavioral2/memory/4824-860-0x00007FF6C6520000-0x00007FF6C6915000-memory.dmp	upx
behavioral2/memory/2268-884-0x00007FF634C30000-0x00007FF635025000-memory.dmp	upx
behavioral2/memory/3064-890-0x00007FF734510000-0x00007FF734905000-memory.dmp	upx
behavioral2/memory/4640-891-0x00007FF6B77C0000-0x00007FF6B7BB5000-memory.dmp	upx
behavioral2/memory/4068-900-0x00007FF72C100000-0x00007FF72C4F5000-memory.dmp	upx
behavioral2/memory/4244-902-0x00007FF70A5A0000-0x00007FF70A995000-memory.dmp	upx
behavioral2/memory/3988-905-0x00007FF6D8D20000-0x00007FF6D9115000-memory.dmp	upx
behavioral2/memory/2828-898-0x00007FF7040D0000-0x00007FF7044C5000-memory.dmp	upx
behavioral2/memory/380-894-0x00007FF70A770000-0x00007FF70AB65000-memory.dmp	upx
behavioral2/memory/3536-889-0x00007FF76A560000-0x00007FF76A955000-memory.dmp	upx
behavioral2/memory/4052-936-0x00007FF7A4610000-0x00007FF7A4A05000-memory.dmp	upx
behavioral2/memory/2688-937-0x00007FF7F2800000-0x00007FF7F2BF5000-memory.dmp	upx
behavioral2/memory/2124-1797-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp	upx
behavioral2/memory/2336-1798-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	upx
behavioral2/memory/2364-1799-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	upx
behavioral2/memory/2336-1800-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp	upx
behavioral2/memory/2492-1801-0x00007FF7CA8E0000-0x00007FF7CACD5000-memory.dmp	upx
behavioral2/memory/2364-1802-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp	upx
behavioral2/memory/4052-1803-0x00007FF7A4610000-0x00007FF7A4A05000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\SKYspNa.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\oIHRQvP.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\BugAeep.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\dNXrDGu.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\tInrtmp.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\XHlqIBv.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\ohEbCvT.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\HRvhSeQ.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\OYKwdiu.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\UctoWCc.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\RusJeGZ.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\dpEuYcT.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\LYslqMj.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\CykXisN.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\vnjrQXC.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\wgcBDQc.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\nUTERRF.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\rhWpJra.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\fQrsvnK.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\zxwnLSU.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\pxZHyTI.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\CPXtEnt.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\FpilQXh.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\IrwEtmy.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\vmbaVcU.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\wPjgdZy.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\PziEdWj.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\NCcgbGX.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\nYAgEcV.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\nyCFpra.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\cyFxWEi.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\vcptYOf.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\RpABXuO.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\LtEivvw.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\LYSgKfs.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\BYGbyzY.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\lKsSxxT.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\xEJrYRL.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\srKQPZQ.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\BEAdsfE.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\khoJDsu.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\IPXcTIe.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\RVJTJMt.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\EKpmuXo.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\eWiIpas.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\WuweMtG.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\NZIwnQF.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\HWKiCLy.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\dVoFVsy.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\JZEoKXb.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\fBkXuDO.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\VbziOaT.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\GlfxllQ.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\AnpoYzs.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\yzVNjFP.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\SvkwMPc.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\EDtjvfy.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\IlXbGfS.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\nAlUXHV.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\dIbHiIj.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\eXwwJOS.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\yMzhXkE.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\yDljqpT.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
File created	C:\Windows\System32\fepUSsL.exe	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14012	dwm.exe
Token: SeChangeNotifyPrivilege	14012	dwm.exe
Token: 33	14012	dwm.exe
Token: SeIncBasePriorityPrivilege	14012	dwm.exe
Token: SeShutdownPrivilege	14012	dwm.exe
Token: SeCreatePagefilePrivilege	14012	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2336	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	91
PID 2124 wrote to memory of 2336	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	91
PID 2124 wrote to memory of 2492	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	92
PID 2124 wrote to memory of 2492	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	92
PID 2124 wrote to memory of 2364	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	93
PID 2124 wrote to memory of 2364	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	93
PID 2124 wrote to memory of 4052	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	94
PID 2124 wrote to memory of 4052	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	94
PID 2124 wrote to memory of 2688	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	95
PID 2124 wrote to memory of 2688	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	95
PID 2124 wrote to memory of 3704	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	96
PID 2124 wrote to memory of 3704	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	96
PID 2124 wrote to memory of 1920	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	97
PID 2124 wrote to memory of 1920	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	97
PID 2124 wrote to memory of 4004	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	98
PID 2124 wrote to memory of 4004	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	98
PID 2124 wrote to memory of 3928	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	99
PID 2124 wrote to memory of 3928	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	99
PID 2124 wrote to memory of 4748	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	100
PID 2124 wrote to memory of 4748	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	100
PID 2124 wrote to memory of 4824	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	101
PID 2124 wrote to memory of 4824	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	101
PID 2124 wrote to memory of 3712	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	102
PID 2124 wrote to memory of 3712	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	102
PID 2124 wrote to memory of 4380	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	103
PID 2124 wrote to memory of 4380	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	103
PID 2124 wrote to memory of 4132	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	104
PID 2124 wrote to memory of 4132	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	104
PID 2124 wrote to memory of 608	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	105
PID 2124 wrote to memory of 608	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	105
PID 2124 wrote to memory of 2268	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	106
PID 2124 wrote to memory of 2268	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	106
PID 2124 wrote to memory of 3536	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	107
PID 2124 wrote to memory of 3536	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	107
PID 2124 wrote to memory of 3064	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	108
PID 2124 wrote to memory of 3064	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	108
PID 2124 wrote to memory of 4640	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	109
PID 2124 wrote to memory of 4640	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	109
PID 2124 wrote to memory of 380	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	110
PID 2124 wrote to memory of 380	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	110
PID 2124 wrote to memory of 2828	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	111
PID 2124 wrote to memory of 2828	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	111
PID 2124 wrote to memory of 4068	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	112
PID 2124 wrote to memory of 4068	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	112
PID 2124 wrote to memory of 4244	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	113
PID 2124 wrote to memory of 4244	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	113
PID 2124 wrote to memory of 3988	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	114
PID 2124 wrote to memory of 3988	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	114
PID 2124 wrote to memory of 2160	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	115
PID 2124 wrote to memory of 2160	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	115
PID 2124 wrote to memory of 3588	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	116
PID 2124 wrote to memory of 3588	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	116
PID 2124 wrote to memory of 2712	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	117
PID 2124 wrote to memory of 2712	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	117
PID 2124 wrote to memory of 3400	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	118
PID 2124 wrote to memory of 3400	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	118
PID 2124 wrote to memory of 4572	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	119
PID 2124 wrote to memory of 4572	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	119
PID 2124 wrote to memory of 5076	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	120
PID 2124 wrote to memory of 5076	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	120
PID 2124 wrote to memory of 4592	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	121
PID 2124 wrote to memory of 4592	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	121
PID 2124 wrote to memory of 3096	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	122
PID 2124 wrote to memory of 3096	2124	dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe	122

C:\Users\Admin\AppData\Local\Temp\dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe
"C:\Users\Admin\AppData\Local\Temp\dd568195ff6e0c0ee5b77cef847591a2bde1b85e62398b778a5744c3774da2f7.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\System32\teRSydL.exe
  C:\Windows\System32\teRSydL.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System32\KTkWsjv.exe
  C:\Windows\System32\KTkWsjv.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System32\GbWzbqB.exe
  C:\Windows\System32\GbWzbqB.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System32\NOFpEXQ.exe
  C:\Windows\System32\NOFpEXQ.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System32\GtMzzwt.exe
  C:\Windows\System32\GtMzzwt.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System32\orSloTy.exe
  C:\Windows\System32\orSloTy.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System32\LYslqMj.exe
  C:\Windows\System32\LYslqMj.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System32\WDWVRBO.exe
  C:\Windows\System32\WDWVRBO.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System32\nmVKdVY.exe
  C:\Windows\System32\nmVKdVY.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System32\EOgkKcG.exe
  C:\Windows\System32\EOgkKcG.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System32\KYPMfjz.exe
  C:\Windows\System32\KYPMfjz.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System32\XdumKPN.exe
  C:\Windows\System32\XdumKPN.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System32\zviKDEj.exe
  C:\Windows\System32\zviKDEj.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System32\vAEDgFK.exe
  C:\Windows\System32\vAEDgFK.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System32\FExjwSJ.exe
  C:\Windows\System32\FExjwSJ.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System32\NFYLVsD.exe
  C:\Windows\System32\NFYLVsD.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System32\veVvmVN.exe
  C:\Windows\System32\veVvmVN.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System32\LmVSncE.exe
  C:\Windows\System32\LmVSncE.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System32\TrbhcSY.exe
  C:\Windows\System32\TrbhcSY.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System32\afgGDJw.exe
  C:\Windows\System32\afgGDJw.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System32\UosXrYU.exe
  C:\Windows\System32\UosXrYU.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System32\UtLjEem.exe
  C:\Windows\System32\UtLjEem.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System32\WoHeDzF.exe
  C:\Windows\System32\WoHeDzF.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System32\jTxOtyY.exe
  C:\Windows\System32\jTxOtyY.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System32\icKHgcP.exe
  C:\Windows\System32\icKHgcP.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System32\FVljsoT.exe
  C:\Windows\System32\FVljsoT.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System32\tHonreE.exe
  C:\Windows\System32\tHonreE.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System32\ZcvTquI.exe
  C:\Windows\System32\ZcvTquI.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System32\ZjVxdsa.exe
  C:\Windows\System32\ZjVxdsa.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System32\wHwSrac.exe
  C:\Windows\System32\wHwSrac.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System32\hQxeCfi.exe
  C:\Windows\System32\hQxeCfi.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System32\TBrVokz.exe
  C:\Windows\System32\TBrVokz.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System32\LUwsDLg.exe
  C:\Windows\System32\LUwsDLg.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System32\RwCZgWz.exe
  C:\Windows\System32\RwCZgWz.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System32\BugAeep.exe
  C:\Windows\System32\BugAeep.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System32\IGBxmUD.exe
  C:\Windows\System32\IGBxmUD.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System32\drlIPwa.exe
  C:\Windows\System32\drlIPwa.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System32\tAnzcVJ.exe
  C:\Windows\System32\tAnzcVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System32\iMtTGhp.exe
  C:\Windows\System32\iMtTGhp.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System32\xCskeSU.exe
  C:\Windows\System32\xCskeSU.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System32\JOfwveW.exe
  C:\Windows\System32\JOfwveW.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System32\cOHRqEP.exe
  C:\Windows\System32\cOHRqEP.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System32\oslLHCw.exe
  C:\Windows\System32\oslLHCw.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System32\kNtyGJU.exe
  C:\Windows\System32\kNtyGJU.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System32\YMgUhyl.exe
  C:\Windows\System32\YMgUhyl.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System32\xSxYuFj.exe
  C:\Windows\System32\xSxYuFj.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System32\lXbgrAu.exe
  C:\Windows\System32\lXbgrAu.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System32\umQotOD.exe
  C:\Windows\System32\umQotOD.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System32\AhvZALS.exe
  C:\Windows\System32\AhvZALS.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System32\PqOUyXn.exe
  C:\Windows\System32\PqOUyXn.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System32\zeNqOnN.exe
  C:\Windows\System32\zeNqOnN.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System32\MFfaODe.exe
  C:\Windows\System32\MFfaODe.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System32\RMSPjEK.exe
  C:\Windows\System32\RMSPjEK.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System32\HADhVjo.exe
  C:\Windows\System32\HADhVjo.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System32\JVqWjsg.exe
  C:\Windows\System32\JVqWjsg.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System32\KZScpwd.exe
  C:\Windows\System32\KZScpwd.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System32\DQPkbup.exe
  C:\Windows\System32\DQPkbup.exe
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Windows\System32\eGDOLnk.exe
  C:\Windows\System32\eGDOLnk.exe
  2⤵
  - Executes dropped EXE
  PID:5180
- C:\Windows\System32\PBVPiIp.exe
  C:\Windows\System32\PBVPiIp.exe
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Windows\System32\pMxiDqj.exe
  C:\Windows\System32\pMxiDqj.exe
  2⤵
  - Executes dropped EXE
  PID:5224
- C:\Windows\System32\nXySZCQ.exe
  C:\Windows\System32\nXySZCQ.exe
  2⤵
  - Executes dropped EXE
  PID:5252
- C:\Windows\System32\CQjAZFn.exe
  C:\Windows\System32\CQjAZFn.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System32\cNyrqYK.exe
  C:\Windows\System32\cNyrqYK.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System32\CpieQbf.exe
  C:\Windows\System32\CpieQbf.exe
  2⤵
  - Executes dropped EXE
  PID:5336
- C:\Windows\System32\rvGjWtE.exe
  C:\Windows\System32\rvGjWtE.exe
  2⤵
  PID:5364
- C:\Windows\System32\XHXUnSG.exe
  C:\Windows\System32\XHXUnSG.exe
  2⤵
  PID:5404
- C:\Windows\System32\dRskTvx.exe
  C:\Windows\System32\dRskTvx.exe
  2⤵
  PID:5420
- C:\Windows\System32\hmYaNNo.exe
  C:\Windows\System32\hmYaNNo.exe
  2⤵
  PID:5448
- C:\Windows\System32\xyLrnRm.exe
  C:\Windows\System32\xyLrnRm.exe
  2⤵
  PID:5488
- C:\Windows\System32\nqnGuKf.exe
  C:\Windows\System32\nqnGuKf.exe
  2⤵
  PID:5504
- C:\Windows\System32\lycigpp.exe
  C:\Windows\System32\lycigpp.exe
  2⤵
  PID:5544
- C:\Windows\System32\nqigQsY.exe
  C:\Windows\System32\nqigQsY.exe
  2⤵
  PID:5560
- C:\Windows\System32\VLITjDk.exe
  C:\Windows\System32\VLITjDk.exe
  2⤵
  PID:5600
- C:\Windows\System32\vJdSVWB.exe
  C:\Windows\System32\vJdSVWB.exe
  2⤵
  PID:5628
- C:\Windows\System32\eWiIpas.exe
  C:\Windows\System32\eWiIpas.exe
  2⤵
  PID:5644
- C:\Windows\System32\dJFOneF.exe
  C:\Windows\System32\dJFOneF.exe
  2⤵
  PID:5684
- C:\Windows\System32\kpdqUuf.exe
  C:\Windows\System32\kpdqUuf.exe
  2⤵
  PID:5712
- C:\Windows\System32\gWqoMJM.exe
  C:\Windows\System32\gWqoMJM.exe
  2⤵
  PID:5740
- C:\Windows\System32\pxZHyTI.exe
  C:\Windows\System32\pxZHyTI.exe
  2⤵
  PID:5756
- C:\Windows\System32\SHXukTv.exe
  C:\Windows\System32\SHXukTv.exe
  2⤵
  PID:5784
- C:\Windows\System32\kQRaVKv.exe
  C:\Windows\System32\kQRaVKv.exe
  2⤵
  PID:5824
- C:\Windows\System32\rToABJk.exe
  C:\Windows\System32\rToABJk.exe
  2⤵
  PID:5840
- C:\Windows\System32\sOEAlbb.exe
  C:\Windows\System32\sOEAlbb.exe
  2⤵
  PID:5868
- C:\Windows\System32\WuweMtG.exe
  C:\Windows\System32\WuweMtG.exe
  2⤵
  PID:5908
- C:\Windows\System32\tInrtmp.exe
  C:\Windows\System32\tInrtmp.exe
  2⤵
  PID:5924
- C:\Windows\System32\hFniJxm.exe
  C:\Windows\System32\hFniJxm.exe
  2⤵
  PID:5964
- C:\Windows\System32\foTKVdU.exe
  C:\Windows\System32\foTKVdU.exe
  2⤵
  PID:5992
- C:\Windows\System32\uPtJbLy.exe
  C:\Windows\System32\uPtJbLy.exe
  2⤵
  PID:6020
- C:\Windows\System32\LYSgKfs.exe
  C:\Windows\System32\LYSgKfs.exe
  2⤵
  PID:6048
- C:\Windows\System32\PwsDfWr.exe
  C:\Windows\System32\PwsDfWr.exe
  2⤵
  PID:6076
- C:\Windows\System32\wPjgdZy.exe
  C:\Windows\System32\wPjgdZy.exe
  2⤵
  PID:6104
- C:\Windows\System32\uSOCKCZ.exe
  C:\Windows\System32\uSOCKCZ.exe
  2⤵
  PID:6120
- C:\Windows\System32\ksQhREr.exe
  C:\Windows\System32\ksQhREr.exe
  2⤵
  PID:4948
- C:\Windows\System32\QAfKPfP.exe
  C:\Windows\System32\QAfKPfP.exe
  2⤵
  PID:2872
- C:\Windows\System32\TjxgrIZ.exe
  C:\Windows\System32\TjxgrIZ.exe
  2⤵
  PID:4596
- C:\Windows\System32\SKYspNa.exe
  C:\Windows\System32\SKYspNa.exe
  2⤵
  PID:4516
- C:\Windows\System32\ESPCbqH.exe
  C:\Windows\System32\ESPCbqH.exe
  2⤵
  PID:5172
- C:\Windows\System32\uaHuIYF.exe
  C:\Windows\System32\uaHuIYF.exe
  2⤵
  PID:5216
- C:\Windows\System32\sSUkWCs.exe
  C:\Windows\System32\sSUkWCs.exe
  2⤵
  PID:5300
- C:\Windows\System32\CykXisN.exe
  C:\Windows\System32\CykXisN.exe
  2⤵
  PID:5388
- C:\Windows\System32\lkkdRec.exe
  C:\Windows\System32\lkkdRec.exe
  2⤵
  PID:5444
- C:\Windows\System32\awxSSSb.exe
  C:\Windows\System32\awxSSSb.exe
  2⤵
  PID:5516
- C:\Windows\System32\JZEoKXb.exe
  C:\Windows\System32\JZEoKXb.exe
  2⤵
  PID:5552
- C:\Windows\System32\cnStGws.exe
  C:\Windows\System32\cnStGws.exe
  2⤵
  PID:5640
- C:\Windows\System32\cyFxWEi.exe
  C:\Windows\System32\cyFxWEi.exe
  2⤵
  PID:5660
- C:\Windows\System32\NwIgXjO.exe
  C:\Windows\System32\NwIgXjO.exe
  2⤵
  PID:5780
- C:\Windows\System32\MnoYDfK.exe
  C:\Windows\System32\MnoYDfK.exe
  2⤵
  PID:5808
- C:\Windows\System32\aEGqAcY.exe
  C:\Windows\System32\aEGqAcY.exe
  2⤵
  PID:5884
- C:\Windows\System32\hkROOvZ.exe
  C:\Windows\System32\hkROOvZ.exe
  2⤵
  PID:5956
- C:\Windows\System32\PMmNcxx.exe
  C:\Windows\System32\PMmNcxx.exe
  2⤵
  PID:6028
- C:\Windows\System32\LhouJvP.exe
  C:\Windows\System32\LhouJvP.exe
  2⤵
  PID:6056
- C:\Windows\System32\NMWtKaj.exe
  C:\Windows\System32\NMWtKaj.exe
  2⤵
  PID:2696
- C:\Windows\System32\nAApKJZ.exe
  C:\Windows\System32\nAApKJZ.exe
  2⤵
  PID:5020
- C:\Windows\System32\etOpUsu.exe
  C:\Windows\System32\etOpUsu.exe
  2⤵
  PID:5248
- C:\Windows\System32\vnjrQXC.exe
  C:\Windows\System32\vnjrQXC.exe
  2⤵
  PID:5360
- C:\Windows\System32\jCMcuBS.exe
  C:\Windows\System32\jCMcuBS.exe
  2⤵
  PID:5520
- C:\Windows\System32\zYwQHXU.exe
  C:\Windows\System32\zYwQHXU.exe
  2⤵
  PID:5696
- C:\Windows\System32\rRwFGIa.exe
  C:\Windows\System32\rRwFGIa.exe
  2⤵
  PID:5816
- C:\Windows\System32\PVthGrH.exe
  C:\Windows\System32\PVthGrH.exe
  2⤵
  PID:6176
- C:\Windows\System32\MTUxLge.exe
  C:\Windows\System32\MTUxLge.exe
  2⤵
  PID:6192
- C:\Windows\System32\JfCjWmu.exe
  C:\Windows\System32\JfCjWmu.exe
  2⤵
  PID:6220
- C:\Windows\System32\KFeKcmV.exe
  C:\Windows\System32\KFeKcmV.exe
  2⤵
  PID:6260
- C:\Windows\System32\YthiekM.exe
  C:\Windows\System32\YthiekM.exe
  2⤵
  PID:6288
- C:\Windows\System32\pZCJQuo.exe
  C:\Windows\System32\pZCJQuo.exe
  2⤵
  PID:6316
- C:\Windows\System32\KaDgRWA.exe
  C:\Windows\System32\KaDgRWA.exe
  2⤵
  PID:6332
- C:\Windows\System32\zgAvuCm.exe
  C:\Windows\System32\zgAvuCm.exe
  2⤵
  PID:6372
- C:\Windows\System32\MRmyPbv.exe
  C:\Windows\System32\MRmyPbv.exe
  2⤵
  PID:6400
- C:\Windows\System32\byQpbMr.exe
  C:\Windows\System32\byQpbMr.exe
  2⤵
  PID:6416
- C:\Windows\System32\XRtnVht.exe
  C:\Windows\System32\XRtnVht.exe
  2⤵
  PID:6456
- C:\Windows\System32\eAJbqQE.exe
  C:\Windows\System32\eAJbqQE.exe
  2⤵
  PID:6472
- C:\Windows\System32\oeaKsuP.exe
  C:\Windows\System32\oeaKsuP.exe
  2⤵
  PID:6500
- C:\Windows\System32\BEAdsfE.exe
  C:\Windows\System32\BEAdsfE.exe
  2⤵
  PID:6540
- C:\Windows\System32\CPXtEnt.exe
  C:\Windows\System32\CPXtEnt.exe
  2⤵
  PID:6556
- C:\Windows\System32\XHlqIBv.exe
  C:\Windows\System32\XHlqIBv.exe
  2⤵
  PID:6596
- C:\Windows\System32\QDBrhzD.exe
  C:\Windows\System32\QDBrhzD.exe
  2⤵
  PID:6624
- C:\Windows\System32\NSCjngb.exe
  C:\Windows\System32\NSCjngb.exe
  2⤵
  PID:6652
- C:\Windows\System32\wGqoUFE.exe
  C:\Windows\System32\wGqoUFE.exe
  2⤵
  PID:6668
- C:\Windows\System32\hQHplzp.exe
  C:\Windows\System32\hQHplzp.exe
  2⤵
  PID:6708
- C:\Windows\System32\khoJDsu.exe
  C:\Windows\System32\khoJDsu.exe
  2⤵
  PID:6724
- C:\Windows\System32\znUapxJ.exe
  C:\Windows\System32\znUapxJ.exe
  2⤵
  PID:6752
- C:\Windows\System32\MWsiqym.exe
  C:\Windows\System32\MWsiqym.exe
  2⤵
  PID:6792
- C:\Windows\System32\LfiXOtu.exe
  C:\Windows\System32\LfiXOtu.exe
  2⤵
  PID:6808
- C:\Windows\System32\JovGbci.exe
  C:\Windows\System32\JovGbci.exe
  2⤵
  PID:6836
- C:\Windows\System32\jGZLvwY.exe
  C:\Windows\System32\jGZLvwY.exe
  2⤵
  PID:6864
- C:\Windows\System32\FMUDKyA.exe
  C:\Windows\System32\FMUDKyA.exe
  2⤵
  PID:6892
- C:\Windows\System32\dkKAwxt.exe
  C:\Windows\System32\dkKAwxt.exe
  2⤵
  PID:6932
- C:\Windows\System32\Laosnvj.exe
  C:\Windows\System32\Laosnvj.exe
  2⤵
  PID:6948
- C:\Windows\System32\DcRFUxs.exe
  C:\Windows\System32\DcRFUxs.exe
  2⤵
  PID:6988
- C:\Windows\System32\vcptYOf.exe
  C:\Windows\System32\vcptYOf.exe
  2⤵
  PID:7016
- C:\Windows\System32\PQNTVkr.exe
  C:\Windows\System32\PQNTVkr.exe
  2⤵
  PID:7044
- C:\Windows\System32\xrpmKUD.exe
  C:\Windows\System32\xrpmKUD.exe
  2⤵
  PID:7060
- C:\Windows\System32\cOJEuLZ.exe
  C:\Windows\System32\cOJEuLZ.exe
  2⤵
  PID:7100
- C:\Windows\System32\ydrraqR.exe
  C:\Windows\System32\ydrraqR.exe
  2⤵
  PID:7116
- C:\Windows\System32\ZkevnuR.exe
  C:\Windows\System32\ZkevnuR.exe
  2⤵
  PID:7156
- C:\Windows\System32\WHSnbCm.exe
  C:\Windows\System32\WHSnbCm.exe
  2⤵
  PID:5900
- C:\Windows\System32\biaRxaO.exe
  C:\Windows\System32\biaRxaO.exe
  2⤵
  PID:5984
- C:\Windows\System32\rhWpJra.exe
  C:\Windows\System32\rhWpJra.exe
  2⤵
  PID:4488
- C:\Windows\System32\OLzQhse.exe
  C:\Windows\System32\OLzQhse.exe
  2⤵
  PID:5380
- C:\Windows\System32\KfidfRk.exe
  C:\Windows\System32\KfidfRk.exe
  2⤵
  PID:5608
- C:\Windows\System32\MslgKEH.exe
  C:\Windows\System32\MslgKEH.exe
  2⤵
  PID:6188
- C:\Windows\System32\SliAJUC.exe
  C:\Windows\System32\SliAJUC.exe
  2⤵
  PID:6244
- C:\Windows\System32\chnEfVB.exe
  C:\Windows\System32\chnEfVB.exe
  2⤵
  PID:6344
- C:\Windows\System32\NZIwnQF.exe
  C:\Windows\System32\NZIwnQF.exe
  2⤵
  PID:548
- C:\Windows\System32\xdxAAga.exe
  C:\Windows\System32\xdxAAga.exe
  2⤵
  PID:6468
- C:\Windows\System32\AtskUZk.exe
  C:\Windows\System32\AtskUZk.exe
  2⤵
  PID:6532
- C:\Windows\System32\oeQvXzV.exe
  C:\Windows\System32\oeQvXzV.exe
  2⤵
  PID:6568
- C:\Windows\System32\kEAcoAV.exe
  C:\Windows\System32\kEAcoAV.exe
  2⤵
  PID:6660
- C:\Windows\System32\ChYHlIS.exe
  C:\Windows\System32\ChYHlIS.exe
  2⤵
  PID:6684
- C:\Windows\System32\fgJtUqy.exe
  C:\Windows\System32\fgJtUqy.exe
  2⤵
  PID:6768
- C:\Windows\System32\oHxzpBL.exe
  C:\Windows\System32\oHxzpBL.exe
  2⤵
  PID:6832
- C:\Windows\System32\UqmugBl.exe
  C:\Windows\System32\UqmugBl.exe
  2⤵
  PID:6924
- C:\Windows\System32\oBFJMIM.exe
  C:\Windows\System32\oBFJMIM.exe
  2⤵
  PID:6960
- C:\Windows\System32\MjipMva.exe
  C:\Windows\System32\MjipMva.exe
  2⤵
  PID:7036
- C:\Windows\System32\lDFwHxz.exe
  C:\Windows\System32\lDFwHxz.exe
  2⤵
  PID:7092
- C:\Windows\System32\eBCGxjf.exe
  C:\Windows\System32\eBCGxjf.exe
  2⤵
  PID:7148
- C:\Windows\System32\bHAaYtK.exe
  C:\Windows\System32\bHAaYtK.exe
  2⤵
  PID:5132
- C:\Windows\System32\rebMzIX.exe
  C:\Windows\System32\rebMzIX.exe
  2⤵
  PID:6152
- C:\Windows\System32\fQrsvnK.exe
  C:\Windows\System32\fQrsvnK.exe
  2⤵
  PID:6252
- C:\Windows\System32\xxNGait.exe
  C:\Windows\System32\xxNGait.exe
  2⤵
  PID:6428
- C:\Windows\System32\iMqtpjC.exe
  C:\Windows\System32\iMqtpjC.exe
  2⤵
  PID:6548
- C:\Windows\System32\rEuaUgj.exe
  C:\Windows\System32\rEuaUgj.exe
  2⤵
  PID:6748
- C:\Windows\System32\HdfYBFs.exe
  C:\Windows\System32\HdfYBFs.exe
  2⤵
  PID:6860
- C:\Windows\System32\ZPNMcZu.exe
  C:\Windows\System32\ZPNMcZu.exe
  2⤵
  PID:6964
- C:\Windows\System32\BYGbyzY.exe
  C:\Windows\System32\BYGbyzY.exe
  2⤵
  PID:7164
- C:\Windows\System32\nDuiTFm.exe
  C:\Windows\System32\nDuiTFm.exe
  2⤵
  PID:7196
- C:\Windows\System32\ohEbCvT.exe
  C:\Windows\System32\ohEbCvT.exe
  2⤵
  PID:7212
- C:\Windows\System32\nhsFHeY.exe
  C:\Windows\System32\nhsFHeY.exe
  2⤵
  PID:7240
- C:\Windows\System32\zlVCwiV.exe
  C:\Windows\System32\zlVCwiV.exe
  2⤵
  PID:7268
- C:\Windows\System32\nVfMqgR.exe
  C:\Windows\System32\nVfMqgR.exe
  2⤵
  PID:7308
- C:\Windows\System32\tuUZNXc.exe
  C:\Windows\System32\tuUZNXc.exe
  2⤵
  PID:7336
- C:\Windows\System32\JWQUuOo.exe
  C:\Windows\System32\JWQUuOo.exe
  2⤵
  PID:7352
- C:\Windows\System32\KwNqfwl.exe
  C:\Windows\System32\KwNqfwl.exe
  2⤵
  PID:7392
- C:\Windows\System32\HWeuuOu.exe
  C:\Windows\System32\HWeuuOu.exe
  2⤵
  PID:7420
- C:\Windows\System32\kJIYGve.exe
  C:\Windows\System32\kJIYGve.exe
  2⤵
  PID:7436
- C:\Windows\System32\BsEVhfG.exe
  C:\Windows\System32\BsEVhfG.exe
  2⤵
  PID:7476
- C:\Windows\System32\KotciBL.exe
  C:\Windows\System32\KotciBL.exe
  2⤵
  PID:7492
- C:\Windows\System32\CAmcRgt.exe
  C:\Windows\System32\CAmcRgt.exe
  2⤵
  PID:7520
- C:\Windows\System32\veFVQgP.exe
  C:\Windows\System32\veFVQgP.exe
  2⤵
  PID:7548
- C:\Windows\System32\HpsiBcd.exe
  C:\Windows\System32\HpsiBcd.exe
  2⤵
  PID:7576
- C:\Windows\System32\vdSDcHX.exe
  C:\Windows\System32\vdSDcHX.exe
  2⤵
  PID:7616
- C:\Windows\System32\gsxwLLU.exe
  C:\Windows\System32\gsxwLLU.exe
  2⤵
  PID:7632
- C:\Windows\System32\lKsSxxT.exe
  C:\Windows\System32\lKsSxxT.exe
  2⤵
  PID:7660
- C:\Windows\System32\McSkmzi.exe
  C:\Windows\System32\McSkmzi.exe
  2⤵
  PID:7688
- C:\Windows\System32\lyKsroN.exe
  C:\Windows\System32\lyKsroN.exe
  2⤵
  PID:7728
- C:\Windows\System32\OruIoQZ.exe
  C:\Windows\System32\OruIoQZ.exe
  2⤵
  PID:7744
- C:\Windows\System32\KVYSvFw.exe
  C:\Windows\System32\KVYSvFw.exe
  2⤵
  PID:7784
- C:\Windows\System32\qZCdjCV.exe
  C:\Windows\System32\qZCdjCV.exe
  2⤵
  PID:7800
- C:\Windows\System32\yMzhXkE.exe
  C:\Windows\System32\yMzhXkE.exe
  2⤵
  PID:7828
- C:\Windows\System32\cKEQebg.exe
  C:\Windows\System32\cKEQebg.exe
  2⤵
  PID:7868
- C:\Windows\System32\uRUFXzZ.exe
  C:\Windows\System32\uRUFXzZ.exe
  2⤵
  PID:7884
- C:\Windows\System32\QZzBJsN.exe
  C:\Windows\System32\QZzBJsN.exe
  2⤵
  PID:7912
- C:\Windows\System32\MTQHbNh.exe
  C:\Windows\System32\MTQHbNh.exe
  2⤵
  PID:7952
- C:\Windows\System32\RAvfAYb.exe
  C:\Windows\System32\RAvfAYb.exe
  2⤵
  PID:7968
- C:\Windows\System32\ZkpkYXO.exe
  C:\Windows\System32\ZkpkYXO.exe
  2⤵
  PID:7996
- C:\Windows\System32\jgpQNLN.exe
  C:\Windows\System32\jgpQNLN.exe
  2⤵
  PID:8036
- C:\Windows\System32\clVNJkK.exe
  C:\Windows\System32\clVNJkK.exe
  2⤵
  PID:8052
- C:\Windows\System32\BVTCxWx.exe
  C:\Windows\System32\BVTCxWx.exe
  2⤵
  PID:8080
- C:\Windows\System32\wgcBDQc.exe
  C:\Windows\System32\wgcBDQc.exe
  2⤵
  PID:8120
- C:\Windows\System32\yDljqpT.exe
  C:\Windows\System32\yDljqpT.exe
  2⤵
  PID:8136
- C:\Windows\System32\tVISCmX.exe
  C:\Windows\System32\tVISCmX.exe
  2⤵
  PID:8164
- C:\Windows\System32\kjNrHEi.exe
  C:\Windows\System32\kjNrHEi.exe
  2⤵
  PID:5220
- C:\Windows\System32\soNSWZV.exe
  C:\Windows\System32\soNSWZV.exe
  2⤵
  PID:6216
- C:\Windows\System32\tmtNirG.exe
  C:\Windows\System32\tmtNirG.exe
  2⤵
  PID:6644
- C:\Windows\System32\FVKJEhR.exe
  C:\Windows\System32\FVKJEhR.exe
  2⤵
  PID:6904
- C:\Windows\System32\gLnYdrV.exe
  C:\Windows\System32\gLnYdrV.exe
  2⤵
  PID:7208
- C:\Windows\System32\iwPnMvH.exe
  C:\Windows\System32\iwPnMvH.exe
  2⤵
  PID:7228
- C:\Windows\System32\aVomUMb.exe
  C:\Windows\System32\aVomUMb.exe
  2⤵
  PID:7316
- C:\Windows\System32\RCAMxUQ.exe
  C:\Windows\System32\RCAMxUQ.exe
  2⤵
  PID:7376
- C:\Windows\System32\tmTPwnl.exe
  C:\Windows\System32\tmTPwnl.exe
  2⤵
  PID:7460
- C:\Windows\System32\fepUSsL.exe
  C:\Windows\System32\fepUSsL.exe
  2⤵
  PID:7484
- C:\Windows\System32\beCQtSq.exe
  C:\Windows\System32\beCQtSq.exe
  2⤵
  PID:7560
- C:\Windows\System32\PeNyqWG.exe
  C:\Windows\System32\PeNyqWG.exe
  2⤵
  PID:7648
- C:\Windows\System32\nUTERRF.exe
  C:\Windows\System32\nUTERRF.exe
  2⤵
  PID:7676
- C:\Windows\System32\dWeQYMq.exe
  C:\Windows\System32\dWeQYMq.exe
  2⤵
  PID:7756
- C:\Windows\System32\FgMldeZ.exe
  C:\Windows\System32\FgMldeZ.exe
  2⤵
  PID:7824
- C:\Windows\System32\vMRbyns.exe
  C:\Windows\System32\vMRbyns.exe
  2⤵
  PID:7880
- C:\Windows\System32\uCOVqst.exe
  C:\Windows\System32\uCOVqst.exe
  2⤵
  PID:7944
- C:\Windows\System32\MlJCmBQ.exe
  C:\Windows\System32\MlJCmBQ.exe
  2⤵
  PID:7992
- C:\Windows\System32\evGisaT.exe
  C:\Windows\System32\evGisaT.exe
  2⤵
  PID:8044
- C:\Windows\System32\rlSYiJm.exe
  C:\Windows\System32\rlSYiJm.exe
  2⤵
  PID:8148
- C:\Windows\System32\fBkXuDO.exe
  C:\Windows\System32\fBkXuDO.exe
  2⤵
  PID:8176
- C:\Windows\System32\orvnbgE.exe
  C:\Windows\System32\orvnbgE.exe
  2⤵
  PID:1436
- C:\Windows\System32\CmjWMey.exe
  C:\Windows\System32\CmjWMey.exe
  2⤵
  PID:3136
- C:\Windows\System32\RFaZDhN.exe
  C:\Windows\System32\RFaZDhN.exe
  2⤵
  PID:4616
- C:\Windows\System32\KwMwOXf.exe
  C:\Windows\System32\KwMwOXf.exe
  2⤵
  PID:7256
- C:\Windows\System32\nnvLXmx.exe
  C:\Windows\System32\nnvLXmx.exe
  2⤵
  PID:7448
- C:\Windows\System32\ovTiJQY.exe
  C:\Windows\System32\ovTiJQY.exe
  2⤵
  PID:7624
- C:\Windows\System32\MRTuGrg.exe
  C:\Windows\System32\MRTuGrg.exe
  2⤵
  PID:7740
- C:\Windows\System32\KuJUQIy.exe
  C:\Windows\System32\KuJUQIy.exe
  2⤵
  PID:7860
- C:\Windows\System32\pFWdFif.exe
  C:\Windows\System32\pFWdFif.exe
  2⤵
  PID:4424
- C:\Windows\System32\wBDJJqy.exe
  C:\Windows\System32\wBDJJqy.exe
  2⤵
  PID:4856
- C:\Windows\System32\dWKfuqt.exe
  C:\Windows\System32\dWKfuqt.exe
  2⤵
  PID:8132
- C:\Windows\System32\wpDEnbl.exe
  C:\Windows\System32\wpDEnbl.exe
  2⤵
  PID:2316
- C:\Windows\System32\bWIibUz.exe
  C:\Windows\System32\bWIibUz.exe
  2⤵
  PID:4920
- C:\Windows\System32\jSUaniE.exe
  C:\Windows\System32\jSUaniE.exe
  2⤵
  PID:7364
- C:\Windows\System32\sRtHLCI.exe
  C:\Windows\System32\sRtHLCI.exe
  2⤵
  PID:5100
- C:\Windows\System32\Hdggyny.exe
  C:\Windows\System32\Hdggyny.exe
  2⤵
  PID:2552
- C:\Windows\System32\JzKhbtX.exe
  C:\Windows\System32\JzKhbtX.exe
  2⤵
  PID:4900
- C:\Windows\System32\IpmWCCr.exe
  C:\Windows\System32\IpmWCCr.exe
  2⤵
  PID:7964
- C:\Windows\System32\oaZNCbz.exe
  C:\Windows\System32\oaZNCbz.exe
  2⤵
  PID:4152
- C:\Windows\System32\wpNpnjz.exe
  C:\Windows\System32\wpNpnjz.exe
  2⤵
  PID:1444
- C:\Windows\System32\IPXcTIe.exe
  C:\Windows\System32\IPXcTIe.exe
  2⤵
  PID:560
- C:\Windows\System32\bCBxfKm.exe
  C:\Windows\System32\bCBxfKm.exe
  2⤵
  PID:6272
- C:\Windows\System32\PMNhkAt.exe
  C:\Windows\System32\PMNhkAt.exe
  2⤵
  PID:7812
- C:\Windows\System32\pHBDBKv.exe
  C:\Windows\System32\pHBDBKv.exe
  2⤵
  PID:8112
- C:\Windows\System32\MldbauG.exe
  C:\Windows\System32\MldbauG.exe
  2⤵
  PID:4792
- C:\Windows\System32\zPkIaNX.exe
  C:\Windows\System32\zPkIaNX.exe
  2⤵
  PID:7760
- C:\Windows\System32\UJhGXwI.exe
  C:\Windows\System32\UJhGXwI.exe
  2⤵
  PID:8224
- C:\Windows\System32\TRsOPpT.exe
  C:\Windows\System32\TRsOPpT.exe
  2⤵
  PID:8244
- C:\Windows\System32\JibAThp.exe
  C:\Windows\System32\JibAThp.exe
  2⤵
  PID:8336
- C:\Windows\System32\gEPilTf.exe
  C:\Windows\System32\gEPilTf.exe
  2⤵
  PID:8356
- C:\Windows\System32\jLQwwRA.exe
  C:\Windows\System32\jLQwwRA.exe
  2⤵
  PID:8392
- C:\Windows\System32\SetEJkc.exe
  C:\Windows\System32\SetEJkc.exe
  2⤵
  PID:8448
- C:\Windows\System32\FbOPHYV.exe
  C:\Windows\System32\FbOPHYV.exe
  2⤵
  PID:8528
- C:\Windows\System32\YpnUUEk.exe
  C:\Windows\System32\YpnUUEk.exe
  2⤵
  PID:8544
- C:\Windows\System32\OJlZwtW.exe
  C:\Windows\System32\OJlZwtW.exe
  2⤵
  PID:8572
- C:\Windows\System32\lYZmcsw.exe
  C:\Windows\System32\lYZmcsw.exe
  2⤵
  PID:8588
- C:\Windows\System32\YXGAyDq.exe
  C:\Windows\System32\YXGAyDq.exe
  2⤵
  PID:8616
- C:\Windows\System32\WweWLJT.exe
  C:\Windows\System32\WweWLJT.exe
  2⤵
  PID:8644
- C:\Windows\System32\SAsTtAB.exe
  C:\Windows\System32\SAsTtAB.exe
  2⤵
  PID:8672
- C:\Windows\System32\AzArfFJ.exe
  C:\Windows\System32\AzArfFJ.exe
  2⤵
  PID:8700
- C:\Windows\System32\rUxEIRx.exe
  C:\Windows\System32\rUxEIRx.exe
  2⤵
  PID:8740
- C:\Windows\System32\RTYoKOG.exe
  C:\Windows\System32\RTYoKOG.exe
  2⤵
  PID:8768
- C:\Windows\System32\DCErhrH.exe
  C:\Windows\System32\DCErhrH.exe
  2⤵
  PID:8792
- C:\Windows\System32\TMTCcbw.exe
  C:\Windows\System32\TMTCcbw.exe
  2⤵
  PID:8852
- C:\Windows\System32\TMpiNWH.exe
  C:\Windows\System32\TMpiNWH.exe
  2⤵
  PID:8868
- C:\Windows\System32\dytAfIo.exe
  C:\Windows\System32\dytAfIo.exe
  2⤵
  PID:8896
- C:\Windows\System32\cLjcDEB.exe
  C:\Windows\System32\cLjcDEB.exe
  2⤵
  PID:8924
- C:\Windows\System32\PziEdWj.exe
  C:\Windows\System32\PziEdWj.exe
  2⤵
  PID:8940
- C:\Windows\System32\iYLbUkW.exe
  C:\Windows\System32\iYLbUkW.exe
  2⤵
  PID:8968
- C:\Windows\System32\YtHZbOS.exe
  C:\Windows\System32\YtHZbOS.exe
  2⤵
  PID:8996
- C:\Windows\System32\NRcXxog.exe
  C:\Windows\System32\NRcXxog.exe
  2⤵
  PID:9036
- C:\Windows\System32\AnpoYzs.exe
  C:\Windows\System32\AnpoYzs.exe
  2⤵
  PID:9052
- C:\Windows\System32\KhsgcmY.exe
  C:\Windows\System32\KhsgcmY.exe
  2⤵
  PID:9080
- C:\Windows\System32\omRONkf.exe
  C:\Windows\System32\omRONkf.exe
  2⤵
  PID:9108
- C:\Windows\System32\STeGHWz.exe
  C:\Windows\System32\STeGHWz.exe
  2⤵
  PID:9180
- C:\Windows\System32\cTfHMHo.exe
  C:\Windows\System32\cTfHMHo.exe
  2⤵
  PID:9204
- C:\Windows\System32\dNXrDGu.exe
  C:\Windows\System32\dNXrDGu.exe
  2⤵
  PID:8216
- C:\Windows\System32\yzVNjFP.exe
  C:\Windows\System32\yzVNjFP.exe
  2⤵
  PID:4912
- C:\Windows\System32\ehLRYuz.exe
  C:\Windows\System32\ehLRYuz.exe
  2⤵
  PID:8332
- C:\Windows\System32\miaqBjV.exe
  C:\Windows\System32\miaqBjV.exe
  2⤵
  PID:8376
- C:\Windows\System32\olHYvJh.exe
  C:\Windows\System32\olHYvJh.exe
  2⤵
  PID:8444
- C:\Windows\System32\aHQxSWj.exe
  C:\Windows\System32\aHQxSWj.exe
  2⤵
  PID:8552
- C:\Windows\System32\SgbQJYv.exe
  C:\Windows\System32\SgbQJYv.exe
  2⤵
  PID:8624
- C:\Windows\System32\oyiYgas.exe
  C:\Windows\System32\oyiYgas.exe
  2⤵
  PID:8680
- C:\Windows\System32\ynnYnnA.exe
  C:\Windows\System32\ynnYnnA.exe
  2⤵
  PID:8708
- C:\Windows\System32\WckDEVY.exe
  C:\Windows\System32\WckDEVY.exe
  2⤵
  PID:8808
- C:\Windows\System32\SvkwMPc.exe
  C:\Windows\System32\SvkwMPc.exe
  2⤵
  PID:8904
- C:\Windows\System32\bsuFgIK.exe
  C:\Windows\System32\bsuFgIK.exe
  2⤵
  PID:8984
- C:\Windows\System32\QudVgAr.exe
  C:\Windows\System32\QudVgAr.exe
  2⤵
  PID:9048
- C:\Windows\System32\vNPLszq.exe
  C:\Windows\System32\vNPLszq.exe
  2⤵
  PID:9096
- C:\Windows\System32\iDQHqWu.exe
  C:\Windows\System32\iDQHqWu.exe
  2⤵
  PID:8388
- C:\Windows\System32\KbcyvIC.exe
  C:\Windows\System32\KbcyvIC.exe
  2⤵
  PID:9200
- C:\Windows\System32\NRjkVUJ.exe
  C:\Windows\System32\NRjkVUJ.exe
  2⤵
  PID:4860
- C:\Windows\System32\oZhbToe.exe
  C:\Windows\System32\oZhbToe.exe
  2⤵
  PID:8480
- C:\Windows\System32\bWtkbHZ.exe
  C:\Windows\System32\bWtkbHZ.exe
  2⤵
  PID:8596
- C:\Windows\System32\bxLdGpx.exe
  C:\Windows\System32\bxLdGpx.exe
  2⤵
  PID:8732
- C:\Windows\System32\WkDqcKI.exe
  C:\Windows\System32\WkDqcKI.exe
  2⤵
  PID:8952
- C:\Windows\System32\xEJrYRL.exe
  C:\Windows\System32\xEJrYRL.exe
  2⤵
  PID:8428
- C:\Windows\System32\ZXCGwnV.exe
  C:\Windows\System32\ZXCGwnV.exe
  2⤵
  PID:3532
- C:\Windows\System32\kxvpFAK.exe
  C:\Windows\System32\kxvpFAK.exe
  2⤵
  PID:8656
- C:\Windows\System32\VkDYMZJ.exe
  C:\Windows\System32\VkDYMZJ.exe
  2⤵
  PID:9068
- C:\Windows\System32\SnzvhAt.exe
  C:\Windows\System32\SnzvhAt.exe
  2⤵
  PID:9172
- C:\Windows\System32\zeeydZF.exe
  C:\Windows\System32\zeeydZF.exe
  2⤵
  PID:8848
- C:\Windows\System32\NbnOakX.exe
  C:\Windows\System32\NbnOakX.exe
  2⤵
  PID:9244
- C:\Windows\System32\xbmFMPt.exe
  C:\Windows\System32\xbmFMPt.exe
  2⤵
  PID:9272
- C:\Windows\System32\IZnLcsT.exe
  C:\Windows\System32\IZnLcsT.exe
  2⤵
  PID:9304
- C:\Windows\System32\xIgsCMV.exe
  C:\Windows\System32\xIgsCMV.exe
  2⤵
  PID:9336
- C:\Windows\System32\SUfdyER.exe
  C:\Windows\System32\SUfdyER.exe
  2⤵
  PID:9364
- C:\Windows\System32\ZYZynZH.exe
  C:\Windows\System32\ZYZynZH.exe
  2⤵
  PID:9392
- C:\Windows\System32\JGJAuda.exe
  C:\Windows\System32\JGJAuda.exe
  2⤵
  PID:9424
- C:\Windows\System32\olmPlPH.exe
  C:\Windows\System32\olmPlPH.exe
  2⤵
  PID:9460
- C:\Windows\System32\HWKiCLy.exe
  C:\Windows\System32\HWKiCLy.exe
  2⤵
  PID:9492
- C:\Windows\System32\WRAVhBx.exe
  C:\Windows\System32\WRAVhBx.exe
  2⤵
  PID:9512
- C:\Windows\System32\rVSzeZg.exe
  C:\Windows\System32\rVSzeZg.exe
  2⤵
  PID:9548
- C:\Windows\System32\EOqMZlv.exe
  C:\Windows\System32\EOqMZlv.exe
  2⤵
  PID:9572
- C:\Windows\System32\mNMDCNY.exe
  C:\Windows\System32\mNMDCNY.exe
  2⤵
  PID:9604
- C:\Windows\System32\boMGHOs.exe
  C:\Windows\System32\boMGHOs.exe
  2⤵
  PID:9628
- C:\Windows\System32\bBycout.exe
  C:\Windows\System32\bBycout.exe
  2⤵
  PID:9668
- C:\Windows\System32\NYnNbij.exe
  C:\Windows\System32\NYnNbij.exe
  2⤵
  PID:9684
- C:\Windows\System32\gdanErr.exe
  C:\Windows\System32\gdanErr.exe
  2⤵
  PID:9724
- C:\Windows\System32\UctoWCc.exe
  C:\Windows\System32\UctoWCc.exe
  2⤵
  PID:9740
- C:\Windows\System32\OJEiQcF.exe
  C:\Windows\System32\OJEiQcF.exe
  2⤵
  PID:9780
- C:\Windows\System32\UMrCxdd.exe
  C:\Windows\System32\UMrCxdd.exe
  2⤵
  PID:9812
- C:\Windows\System32\srKQPZQ.exe
  C:\Windows\System32\srKQPZQ.exe
  2⤵
  PID:9840
- C:\Windows\System32\IsHQCrn.exe
  C:\Windows\System32\IsHQCrn.exe
  2⤵
  PID:9868
- C:\Windows\System32\qTCKOZi.exe
  C:\Windows\System32\qTCKOZi.exe
  2⤵
  PID:9896
- C:\Windows\System32\aYdecvL.exe
  C:\Windows\System32\aYdecvL.exe
  2⤵
  PID:9920
- C:\Windows\System32\aqcaLAM.exe
  C:\Windows\System32\aqcaLAM.exe
  2⤵
  PID:9952
- C:\Windows\System32\uRGqTrQ.exe
  C:\Windows\System32\uRGqTrQ.exe
  2⤵
  PID:9980
- C:\Windows\System32\mBHeOyJ.exe
  C:\Windows\System32\mBHeOyJ.exe
  2⤵
  PID:10008
- C:\Windows\System32\elDXPtv.exe
  C:\Windows\System32\elDXPtv.exe
  2⤵
  PID:10036
- C:\Windows\System32\DFznPdk.exe
  C:\Windows\System32\DFznPdk.exe
  2⤵
  PID:10052
- C:\Windows\System32\dLesaLz.exe
  C:\Windows\System32\dLesaLz.exe
  2⤵
  PID:10068
- C:\Windows\System32\yNyxpvQ.exe
  C:\Windows\System32\yNyxpvQ.exe
  2⤵
  PID:10116
- C:\Windows\System32\yPmOnhV.exe
  C:\Windows\System32\yPmOnhV.exe
  2⤵
  PID:10148
- C:\Windows\System32\btHONVo.exe
  C:\Windows\System32\btHONVo.exe
  2⤵
  PID:10168
- C:\Windows\System32\thUnNvV.exe
  C:\Windows\System32\thUnNvV.exe
  2⤵
  PID:10192
- C:\Windows\System32\NryrfyY.exe
  C:\Windows\System32\NryrfyY.exe
  2⤵
  PID:10236
- C:\Windows\System32\kpPnJVx.exe
  C:\Windows\System32\kpPnJVx.exe
  2⤵
  PID:9224
- C:\Windows\System32\xTAEeia.exe
  C:\Windows\System32\xTAEeia.exe
  2⤵
  PID:9252
- C:\Windows\System32\EoHqfOs.exe
  C:\Windows\System32\EoHqfOs.exe
  2⤵
  PID:9356
- C:\Windows\System32\Vjuamer.exe
  C:\Windows\System32\Vjuamer.exe
  2⤵
  PID:9416
- C:\Windows\System32\ioLlYmm.exe
  C:\Windows\System32\ioLlYmm.exe
  2⤵
  PID:9488
- C:\Windows\System32\JapBptP.exe
  C:\Windows\System32\JapBptP.exe
  2⤵
  PID:9556
- C:\Windows\System32\BjrIvyK.exe
  C:\Windows\System32\BjrIvyK.exe
  2⤵
  PID:9640
- C:\Windows\System32\PpMvOxu.exe
  C:\Windows\System32\PpMvOxu.exe
  2⤵
  PID:9708
- C:\Windows\System32\QrgYoFq.exe
  C:\Windows\System32\QrgYoFq.exe
  2⤵
  PID:9776
- C:\Windows\System32\iqOhgVN.exe
  C:\Windows\System32\iqOhgVN.exe
  2⤵
  PID:9832
- C:\Windows\System32\oyCpXEJ.exe
  C:\Windows\System32\oyCpXEJ.exe
  2⤵
  PID:9892
- C:\Windows\System32\kecdwWf.exe
  C:\Windows\System32\kecdwWf.exe
  2⤵
  PID:9964
- C:\Windows\System32\ngPOHpy.exe
  C:\Windows\System32\ngPOHpy.exe
  2⤵
  PID:9996
- C:\Windows\System32\LdXmLAW.exe
  C:\Windows\System32\LdXmLAW.exe
  2⤵
  PID:10080
- C:\Windows\System32\acFVLlz.exe
  C:\Windows\System32\acFVLlz.exe
  2⤵
  PID:10132
- C:\Windows\System32\fGxPqmM.exe
  C:\Windows\System32\fGxPqmM.exe
  2⤵
  PID:10204
- C:\Windows\System32\nAlUXHV.exe
  C:\Windows\System32\nAlUXHV.exe
  2⤵
  PID:9256
- C:\Windows\System32\vqOiIUh.exe
  C:\Windows\System32\vqOiIUh.exe
  2⤵
  PID:9384
- C:\Windows\System32\IJUttbg.exe
  C:\Windows\System32\IJUttbg.exe
  2⤵
  PID:9560
- C:\Windows\System32\XpXNNNP.exe
  C:\Windows\System32\XpXNNNP.exe
  2⤵
  PID:9752
- C:\Windows\System32\DMhzvHR.exe
  C:\Windows\System32\DMhzvHR.exe
  2⤵
  PID:9908
- C:\Windows\System32\wIGYQBE.exe
  C:\Windows\System32\wIGYQBE.exe
  2⤵
  PID:9664
- C:\Windows\System32\OFPiwru.exe
  C:\Windows\System32\OFPiwru.exe
  2⤵
  PID:10228
- C:\Windows\System32\IPMTGJu.exe
  C:\Windows\System32\IPMTGJu.exe
  2⤵
  PID:9520
- C:\Windows\System32\wZJiCRA.exe
  C:\Windows\System32\wZJiCRA.exe
  2⤵
  PID:9808
- C:\Windows\System32\idZqGtC.exe
  C:\Windows\System32\idZqGtC.exe
  2⤵
  PID:10128
- C:\Windows\System32\PFRsKvV.exe
  C:\Windows\System32\PFRsKvV.exe
  2⤵
  PID:9288
- C:\Windows\System32\HZzdMLh.exe
  C:\Windows\System32\HZzdMLh.exe
  2⤵
  PID:10280
- C:\Windows\System32\iUgKLvY.exe
  C:\Windows\System32\iUgKLvY.exe
  2⤵
  PID:10312
- C:\Windows\System32\psZodnE.exe
  C:\Windows\System32\psZodnE.exe
  2⤵
  PID:10344
- C:\Windows\System32\zQLhgrk.exe
  C:\Windows\System32\zQLhgrk.exe
  2⤵
  PID:10372
- C:\Windows\System32\ZmvknGv.exe
  C:\Windows\System32\ZmvknGv.exe
  2⤵
  PID:10400
- C:\Windows\System32\HvfvUVf.exe
  C:\Windows\System32\HvfvUVf.exe
  2⤵
  PID:10428
- C:\Windows\System32\bEXahbv.exe
  C:\Windows\System32\bEXahbv.exe
  2⤵
  PID:10452
- C:\Windows\System32\FoZOGCi.exe
  C:\Windows\System32\FoZOGCi.exe
  2⤵
  PID:10472
- C:\Windows\System32\exqinXz.exe
  C:\Windows\System32\exqinXz.exe
  2⤵
  PID:10508
- C:\Windows\System32\EDtjvfy.exe
  C:\Windows\System32\EDtjvfy.exe
  2⤵
  PID:10540
- C:\Windows\System32\dIbHiIj.exe
  C:\Windows\System32\dIbHiIj.exe
  2⤵
  PID:10568
- C:\Windows\System32\CietriC.exe
  C:\Windows\System32\CietriC.exe
  2⤵
  PID:10584
- C:\Windows\System32\mwWqGjV.exe
  C:\Windows\System32\mwWqGjV.exe
  2⤵
  PID:10624
- C:\Windows\System32\SgeRbbP.exe
  C:\Windows\System32\SgeRbbP.exe
  2⤵
  PID:10652
- C:\Windows\System32\GxNqmmv.exe
  C:\Windows\System32\GxNqmmv.exe
  2⤵
  PID:10680
- C:\Windows\System32\IplKsSM.exe
  C:\Windows\System32\IplKsSM.exe
  2⤵
  PID:10696
- C:\Windows\System32\BpooMWL.exe
  C:\Windows\System32\BpooMWL.exe
  2⤵
  PID:10736
- C:\Windows\System32\MuvFGav.exe
  C:\Windows\System32\MuvFGav.exe
  2⤵
  PID:10764
- C:\Windows\System32\NtzRagk.exe
  C:\Windows\System32\NtzRagk.exe
  2⤵
  PID:10780
- C:\Windows\System32\ADROQKv.exe
  C:\Windows\System32\ADROQKv.exe
  2⤵
  PID:10824
- C:\Windows\System32\KEUWPby.exe
  C:\Windows\System32\KEUWPby.exe
  2⤵
  PID:10856
- C:\Windows\System32\cgFyjVT.exe
  C:\Windows\System32\cgFyjVT.exe
  2⤵
  PID:10884
- C:\Windows\System32\pxrwSxY.exe
  C:\Windows\System32\pxrwSxY.exe
  2⤵
  PID:10916
- C:\Windows\System32\oIHRQvP.exe
  C:\Windows\System32\oIHRQvP.exe
  2⤵
  PID:10940
- C:\Windows\System32\CHAxjvE.exe
  C:\Windows\System32\CHAxjvE.exe
  2⤵
  PID:10968
- C:\Windows\System32\VtERZEO.exe
  C:\Windows\System32\VtERZEO.exe
  2⤵
  PID:10996
- C:\Windows\System32\DcRvGvx.exe
  C:\Windows\System32\DcRvGvx.exe
  2⤵
  PID:11032
- C:\Windows\System32\OcZpgNJ.exe
  C:\Windows\System32\OcZpgNJ.exe
  2⤵
  PID:11052
- C:\Windows\System32\DyzUQku.exe
  C:\Windows\System32\DyzUQku.exe
  2⤵
  PID:11080
- C:\Windows\System32\PvuXjtb.exe
  C:\Windows\System32\PvuXjtb.exe
  2⤵
  PID:11128
- C:\Windows\System32\ftdpLcm.exe
  C:\Windows\System32\ftdpLcm.exe
  2⤵
  PID:11160
- C:\Windows\System32\SnuHYEy.exe
  C:\Windows\System32\SnuHYEy.exe
  2⤵
  PID:11208
- C:\Windows\System32\mdAOpZP.exe
  C:\Windows\System32\mdAOpZP.exe
  2⤵
  PID:11224
- C:\Windows\System32\fidzYNV.exe
  C:\Windows\System32\fidzYNV.exe
  2⤵
  PID:10032
- C:\Windows\System32\saVBeRa.exe
  C:\Windows\System32\saVBeRa.exe
  2⤵
  PID:10340
- C:\Windows\System32\uUeVgFN.exe
  C:\Windows\System32\uUeVgFN.exe
  2⤵
  PID:10464
- C:\Windows\System32\mHhkkYo.exe
  C:\Windows\System32\mHhkkYo.exe
  2⤵
  PID:808
- C:\Windows\System32\BHshPVa.exe
  C:\Windows\System32\BHshPVa.exe
  2⤵
  PID:10648
- C:\Windows\System32\fKGBHFE.exe
  C:\Windows\System32\fKGBHFE.exe
  2⤵
  PID:10728
- C:\Windows\System32\dDvWjUU.exe
  C:\Windows\System32\dDvWjUU.exe
  2⤵
  PID:10772
- C:\Windows\System32\jaLVBZk.exe
  C:\Windows\System32\jaLVBZk.exe
  2⤵
  PID:10876
- C:\Windows\System32\vmYtyaU.exe
  C:\Windows\System32\vmYtyaU.exe
  2⤵
  PID:10964
- C:\Windows\System32\yOMMdAa.exe
  C:\Windows\System32\yOMMdAa.exe
  2⤵
  PID:11012
- C:\Windows\System32\eXwwJOS.exe
  C:\Windows\System32\eXwwJOS.exe
  2⤵
  PID:11124
- C:\Windows\System32\gitYhRx.exe
  C:\Windows\System32\gitYhRx.exe
  2⤵
  PID:11248
- C:\Windows\System32\IqJSpwj.exe
  C:\Windows\System32\IqJSpwj.exe
  2⤵
  PID:10524
- C:\Windows\System32\sjwdjgL.exe
  C:\Windows\System32\sjwdjgL.exe
  2⤵
  PID:10752
- C:\Windows\System32\wOBYRAw.exe
  C:\Windows\System32\wOBYRAw.exe
  2⤵
  PID:11020
- C:\Windows\System32\pAltIFV.exe
  C:\Windows\System32\pAltIFV.exe
  2⤵
  PID:10416
- C:\Windows\System32\oLgvwks.exe
  C:\Windows\System32\oLgvwks.exe
  2⤵
  PID:10936
- C:\Windows\System32\ueosTKD.exe
  C:\Windows\System32\ueosTKD.exe
  2⤵
  PID:11268
- C:\Windows\System32\ZYuxRXQ.exe
  C:\Windows\System32\ZYuxRXQ.exe
  2⤵
  PID:11296
- C:\Windows\System32\QwMzmBJ.exe
  C:\Windows\System32\QwMzmBJ.exe
  2⤵
  PID:11324
- C:\Windows\System32\CqZvFBp.exe
  C:\Windows\System32\CqZvFBp.exe
  2⤵
  PID:11352
- C:\Windows\System32\oDpVVos.exe
  C:\Windows\System32\oDpVVos.exe
  2⤵
  PID:11380
- C:\Windows\System32\RVJTJMt.exe
  C:\Windows\System32\RVJTJMt.exe
  2⤵
  PID:11396
- C:\Windows\System32\UlNxVva.exe
  C:\Windows\System32\UlNxVva.exe
  2⤵
  PID:11432
- C:\Windows\System32\WIWtFII.exe
  C:\Windows\System32\WIWtFII.exe
  2⤵
  PID:11480
- C:\Windows\System32\poRIMsc.exe
  C:\Windows\System32\poRIMsc.exe
  2⤵
  PID:11496
- C:\Windows\System32\SkVYKcH.exe
  C:\Windows\System32\SkVYKcH.exe
  2⤵
  PID:11524
- C:\Windows\System32\TxoWkpp.exe
  C:\Windows\System32\TxoWkpp.exe
  2⤵
  PID:11556
- C:\Windows\System32\qjFnsho.exe
  C:\Windows\System32\qjFnsho.exe
  2⤵
  PID:11592
- C:\Windows\System32\RusJeGZ.exe
  C:\Windows\System32\RusJeGZ.exe
  2⤵
  PID:11628
- C:\Windows\System32\vPtNgLi.exe
  C:\Windows\System32\vPtNgLi.exe
  2⤵
  PID:11656
- C:\Windows\System32\TfkJTpX.exe
  C:\Windows\System32\TfkJTpX.exe
  2⤵
  PID:11684
- C:\Windows\System32\RpABXuO.exe
  C:\Windows\System32\RpABXuO.exe
  2⤵
  PID:11712
- C:\Windows\System32\bSjItAL.exe
  C:\Windows\System32\bSjItAL.exe
  2⤵
  PID:11728
- C:\Windows\System32\CkWByuq.exe
  C:\Windows\System32\CkWByuq.exe
  2⤵
  PID:11768
- C:\Windows\System32\fFckdAr.exe
  C:\Windows\System32\fFckdAr.exe
  2⤵
  PID:11784
- C:\Windows\System32\PrhIzUy.exe
  C:\Windows\System32\PrhIzUy.exe
  2⤵
  PID:11812
- C:\Windows\System32\uOByrmp.exe
  C:\Windows\System32\uOByrmp.exe
  2⤵
  PID:11840
- C:\Windows\System32\MzQrYtO.exe
  C:\Windows\System32\MzQrYtO.exe
  2⤵
  PID:11880
- C:\Windows\System32\FpilQXh.exe
  C:\Windows\System32\FpilQXh.exe
  2⤵
  PID:11912
- C:\Windows\System32\JIhOrfg.exe
  C:\Windows\System32\JIhOrfg.exe
  2⤵
  PID:11940
- C:\Windows\System32\SCEZXzB.exe
  C:\Windows\System32\SCEZXzB.exe
  2⤵
  PID:11964
- C:\Windows\System32\QdGIWGu.exe
  C:\Windows\System32\QdGIWGu.exe
  2⤵
  PID:11980
- C:\Windows\System32\tOgZMhK.exe
  C:\Windows\System32\tOgZMhK.exe
  2⤵
  PID:12012
- C:\Windows\System32\cTXDxzU.exe
  C:\Windows\System32\cTXDxzU.exe
  2⤵
  PID:12052
- C:\Windows\System32\GcPjEXb.exe
  C:\Windows\System32\GcPjEXb.exe
  2⤵
  PID:12084
- C:\Windows\System32\jvqjqFW.exe
  C:\Windows\System32\jvqjqFW.exe
  2⤵
  PID:12108
- C:\Windows\System32\xByyIoQ.exe
  C:\Windows\System32\xByyIoQ.exe
  2⤵
  PID:12136
- C:\Windows\System32\giAILzb.exe
  C:\Windows\System32\giAILzb.exe
  2⤵
  PID:12164
- C:\Windows\System32\NCcgbGX.exe
  C:\Windows\System32\NCcgbGX.exe
  2⤵
  PID:12192
- C:\Windows\System32\RgzXtal.exe
  C:\Windows\System32\RgzXtal.exe
  2⤵
  PID:12228
- C:\Windows\System32\PWGNFzT.exe
  C:\Windows\System32\PWGNFzT.exe
  2⤵
  PID:12248
- C:\Windows\System32\WDwfhrH.exe
  C:\Windows\System32\WDwfhrH.exe
  2⤵
  PID:12284
- C:\Windows\System32\jFoHMNa.exe
  C:\Windows\System32\jFoHMNa.exe
  2⤵
  PID:11312
- C:\Windows\System32\iNIzzOp.exe
  C:\Windows\System32\iNIzzOp.exe
  2⤵
  PID:11368
- C:\Windows\System32\JvRxlGw.exe
  C:\Windows\System32\JvRxlGw.exe
  2⤵
  PID:11468
- C:\Windows\System32\aAsfAJG.exe
  C:\Windows\System32\aAsfAJG.exe
  2⤵
  PID:11516
- C:\Windows\System32\OeWRGoo.exe
  C:\Windows\System32\OeWRGoo.exe
  2⤵
  PID:11584
- C:\Windows\System32\XONnUey.exe
  C:\Windows\System32\XONnUey.exe
  2⤵
  PID:11644
- C:\Windows\System32\BlkYNeX.exe
  C:\Windows\System32\BlkYNeX.exe
  2⤵
  PID:11720
- C:\Windows\System32\WxKtPKA.exe
  C:\Windows\System32\WxKtPKA.exe
  2⤵
  PID:11764
- C:\Windows\System32\kDRaWnD.exe
  C:\Windows\System32\kDRaWnD.exe
  2⤵
  PID:11824
- C:\Windows\System32\CikmTbG.exe
  C:\Windows\System32\CikmTbG.exe
  2⤵
  PID:11892
- C:\Windows\System32\dpiAJWr.exe
  C:\Windows\System32\dpiAJWr.exe
  2⤵
  PID:12000
- C:\Windows\System32\tsWYwCR.exe
  C:\Windows\System32\tsWYwCR.exe
  2⤵
  PID:12024
- C:\Windows\System32\rQTRQbS.exe
  C:\Windows\System32\rQTRQbS.exe
  2⤵
  PID:12124
- C:\Windows\System32\DklimDO.exe
  C:\Windows\System32\DklimDO.exe
  2⤵
  PID:12180
- C:\Windows\System32\MlVAnmg.exe
  C:\Windows\System32\MlVAnmg.exe
  2⤵
  PID:12280
- C:\Windows\System32\kJARejM.exe
  C:\Windows\System32\kJARejM.exe
  2⤵
  PID:11392
- C:\Windows\System32\yjKBqca.exe
  C:\Windows\System32\yjKBqca.exe
  2⤵
  PID:11552
- C:\Windows\System32\JLKoBId.exe
  C:\Windows\System32\JLKoBId.exe
  2⤵
  PID:11700
- C:\Windows\System32\TBzctmz.exe
  C:\Windows\System32\TBzctmz.exe
  2⤵
  PID:11908
- C:\Windows\System32\ElDosSi.exe
  C:\Windows\System32\ElDosSi.exe
  2⤵
  PID:12212
- C:\Windows\System32\HRvhSeQ.exe
  C:\Windows\System32\HRvhSeQ.exe
  2⤵
  PID:11512
- C:\Windows\System32\IlXbGfS.exe
  C:\Windows\System32\IlXbGfS.exe
  2⤵
  PID:12004
- C:\Windows\System32\OdcZjto.exe
  C:\Windows\System32\OdcZjto.exe
  2⤵
  PID:11800
- C:\Windows\System32\DVBpdJS.exe
  C:\Windows\System32\DVBpdJS.exe
  2⤵
  PID:12300
- C:\Windows\System32\PrvUlTT.exe
  C:\Windows\System32\PrvUlTT.exe
  2⤵
  PID:12328
- C:\Windows\System32\KJLEfuR.exe
  C:\Windows\System32\KJLEfuR.exe
  2⤵
  PID:12356
- C:\Windows\System32\AqdVdao.exe
  C:\Windows\System32\AqdVdao.exe
  2⤵
  PID:12384
- C:\Windows\System32\OYKwdiu.exe
  C:\Windows\System32\OYKwdiu.exe
  2⤵
  PID:12412
- C:\Windows\System32\rGETnhu.exe
  C:\Windows\System32\rGETnhu.exe
  2⤵
  PID:12444
- C:\Windows\System32\grRAixI.exe
  C:\Windows\System32\grRAixI.exe
  2⤵
  PID:12472
- C:\Windows\System32\dVoFVsy.exe
  C:\Windows\System32\dVoFVsy.exe
  2⤵
  PID:12500
- C:\Windows\System32\gkBLvLk.exe
  C:\Windows\System32\gkBLvLk.exe
  2⤵
  PID:12560
- C:\Windows\System32\mrpUTsH.exe
  C:\Windows\System32\mrpUTsH.exe
  2⤵
  PID:12600
- C:\Windows\System32\YqVtzYI.exe
  C:\Windows\System32\YqVtzYI.exe
  2⤵
  PID:12620
- C:\Windows\System32\wymSJoK.exe
  C:\Windows\System32\wymSJoK.exe
  2⤵
  PID:12656
- C:\Windows\System32\veOLidH.exe
  C:\Windows\System32\veOLidH.exe
  2⤵
  PID:12708
- C:\Windows\System32\nYAgEcV.exe
  C:\Windows\System32\nYAgEcV.exe
  2⤵
  PID:12740
- C:\Windows\System32\nYQeyyE.exe
  C:\Windows\System32\nYQeyyE.exe
  2⤵
  PID:12764
- C:\Windows\System32\YSCYQZI.exe
  C:\Windows\System32\YSCYQZI.exe
  2⤵
  PID:12792
- C:\Windows\System32\upcZXkS.exe
  C:\Windows\System32\upcZXkS.exe
  2⤵
  PID:12820
- C:\Windows\System32\IFEAgPf.exe
  C:\Windows\System32\IFEAgPf.exe
  2⤵
  PID:12848
- C:\Windows\System32\upqLYhx.exe
  C:\Windows\System32\upqLYhx.exe
  2⤵
  PID:12876
- C:\Windows\System32\dpEuYcT.exe
  C:\Windows\System32\dpEuYcT.exe
  2⤵
  PID:12904
- C:\Windows\System32\iHqbmoH.exe
  C:\Windows\System32\iHqbmoH.exe
  2⤵
  PID:12932
- C:\Windows\System32\IMYlJTI.exe
  C:\Windows\System32\IMYlJTI.exe
  2⤵
  PID:12960
- C:\Windows\System32\ZaeUsaY.exe
  C:\Windows\System32\ZaeUsaY.exe
  2⤵
  PID:12988
- C:\Windows\System32\hODTueP.exe
  C:\Windows\System32\hODTueP.exe
  2⤵
  PID:13020
- C:\Windows\System32\VbziOaT.exe
  C:\Windows\System32\VbziOaT.exe
  2⤵
  PID:13048
- C:\Windows\System32\cNAlDdr.exe
  C:\Windows\System32\cNAlDdr.exe
  2⤵
  PID:13076
- C:\Windows\System32\JardMCE.exe
  C:\Windows\System32\JardMCE.exe
  2⤵
  PID:13104
- C:\Windows\System32\SYuhylZ.exe
  C:\Windows\System32\SYuhylZ.exe
  2⤵
  PID:13132
- C:\Windows\System32\nyCFpra.exe
  C:\Windows\System32\nyCFpra.exe
  2⤵
  PID:13164
- C:\Windows\System32\FYNwoDJ.exe
  C:\Windows\System32\FYNwoDJ.exe
  2⤵
  PID:13192
- C:\Windows\System32\CCIbUPx.exe
  C:\Windows\System32\CCIbUPx.exe
  2⤵
  PID:13220
- C:\Windows\System32\GyAfhPe.exe
  C:\Windows\System32\GyAfhPe.exe
  2⤵
  PID:13248
- C:\Windows\System32\gXnvFhT.exe
  C:\Windows\System32\gXnvFhT.exe
  2⤵
  PID:13276
- C:\Windows\System32\zZLnOgd.exe
  C:\Windows\System32\zZLnOgd.exe
  2⤵
  PID:13304
- C:\Windows\System32\NtqWcSl.exe
  C:\Windows\System32\NtqWcSl.exe
  2⤵
  PID:12324
- C:\Windows\System32\UVEtKAd.exe
  C:\Windows\System32\UVEtKAd.exe
  2⤵
  PID:12404
- C:\Windows\System32\UwgOqjq.exe
  C:\Windows\System32\UwgOqjq.exe
  2⤵
  PID:12468
- C:\Windows\System32\XLEsiXy.exe
  C:\Windows\System32\XLEsiXy.exe
  2⤵
  PID:11108
- C:\Windows\System32\yMHkNhL.exe
  C:\Windows\System32\yMHkNhL.exe
  2⤵
  PID:12544
- C:\Windows\System32\dyCHJmU.exe
  C:\Windows\System32\dyCHJmU.exe
  2⤵
  PID:12588
- C:\Windows\System32\fLxSjrs.exe
  C:\Windows\System32\fLxSjrs.exe
  2⤵
  PID:12652
- C:\Windows\System32\RPsNsRh.exe
  C:\Windows\System32\RPsNsRh.exe
  2⤵
  PID:1404
- C:\Windows\System32\LtEivvw.exe
  C:\Windows\System32\LtEivvw.exe
  2⤵
  PID:4000
- C:\Windows\System32\KMOHjch.exe
  C:\Windows\System32\KMOHjch.exe
  2⤵
  PID:12816
- C:\Windows\System32\mVrwqxU.exe
  C:\Windows\System32\mVrwqxU.exe
  2⤵
  PID:12260
- C:\Windows\System32\woqZqzs.exe
  C:\Windows\System32\woqZqzs.exe
  2⤵
  PID:12952
- C:\Windows\System32\EWUgRQv.exe
  C:\Windows\System32\EWUgRQv.exe
  2⤵
  PID:13016
- C:\Windows\System32\ryPIVkL.exe
  C:\Windows\System32\ryPIVkL.exe
  2⤵
  PID:13092
- C:\Windows\System32\IrwEtmy.exe
  C:\Windows\System32\IrwEtmy.exe
  2⤵
  PID:13160
- C:\Windows\System32\hTKKQur.exe
  C:\Windows\System32\hTKKQur.exe
  2⤵
  PID:13260
- C:\Windows\System32\ZeKjygQ.exe
  C:\Windows\System32\ZeKjygQ.exe
  2⤵
  PID:12380
- C:\Windows\System32\mdUnJVl.exe
  C:\Windows\System32\mdUnJVl.exe
  2⤵
  PID:11116
- C:\Windows\System32\bXwziGs.exe
  C:\Windows\System32\bXwziGs.exe
  2⤵
  PID:12616
- C:\Windows\System32\mWEqjQD.exe
  C:\Windows\System32\mWEqjQD.exe
  2⤵
  PID:3748
- C:\Windows\System32\YrWCHFB.exe
  C:\Windows\System32\YrWCHFB.exe
  2⤵
  PID:12900
- C:\Windows\System32\vmbaVcU.exe
  C:\Windows\System32\vmbaVcU.exe
  2⤵
  PID:13068
- C:\Windows\System32\KvzVSIj.exe
  C:\Windows\System32\KvzVSIj.exe
  2⤵
  PID:13240
- C:\Windows\System32\VGkjQLP.exe
  C:\Windows\System32\VGkjQLP.exe
  2⤵
  PID:11348
- C:\Windows\System32\EKpmuXo.exe
  C:\Windows\System32\EKpmuXo.exe
  2⤵
  PID:12872
- C:\Windows\System32\GlfxllQ.exe
  C:\Windows\System32\GlfxllQ.exe
  2⤵
  PID:13236
- C:\Windows\System32\GTnVTRg.exe
  C:\Windows\System32\GTnVTRg.exe
  2⤵
  PID:13044
- C:\Windows\System32\ROpyMmW.exe
  C:\Windows\System32\ROpyMmW.exe
  2⤵
  PID:13320
- C:\Windows\System32\KFoJmPF.exe
  C:\Windows\System32\KFoJmPF.exe
  2⤵
  PID:13348
- C:\Windows\System32\otMwbFO.exe
  C:\Windows\System32\otMwbFO.exe
  2⤵
  PID:13376
- C:\Windows\System32\MYhBDMq.exe
  C:\Windows\System32\MYhBDMq.exe
  2⤵
  PID:13436
- C:\Windows\System32\TFUOGCM.exe
  C:\Windows\System32\TFUOGCM.exe
  2⤵
  PID:13480
- C:\Windows\System32\cdGFpBL.exe
  C:\Windows\System32\cdGFpBL.exe
  2⤵
  PID:13516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4460,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=2860 /prefetch:8
1⤵
PID:3268

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\EOgkKcG.exe

Filesize
3.2MB

MD5
8ddaf51e2726d4e14b272af8436c12b2

SHA1
9265554fb64be0de7f819cbd8e37975272910f22

SHA256
0c83643fef1af97c4e3c206ace195e9ff30e7312ec21317bb74e62594f8e1a2d

SHA512
d208d8e84ffd23f87889e34297e40bea0598bc1d34b5dc39e679d641bd1dc962b9ed1aa1848afe6ba2405cd130247f49be6bc6426fb283a2f8a6e657bec493eb

Download Submit
C:\Windows\System32\FExjwSJ.exe

Filesize
3.2MB

MD5
65528981da02b236f3709d1891a0799c

SHA1
ee37e4a64900f37d55764619ce70c32a1ebb5a3d

SHA256
d87ade588d1ed010cd665512c156df076e453bc048162cc9177c4cfad8a4984a

SHA512
24e2845df43b5d38064b81b3b7f26f787e6b0bffffc1ca7dc3b6ef26be4bbc9c93bd8f6f573f9156464522a1a79eac7395a892319d3edce0bf7f286cec1be3c0

Download Submit
C:\Windows\System32\FVljsoT.exe

Filesize
3.2MB

MD5
3d2b6bd02d59af198a6db79f80407c5b

SHA1
b9af95cc453c4debf1020352a0a345f1ed3c83a4

SHA256
365b47e0b2d3ef0cdc5f4f35a33e83abf42acbf771116ac79eb34c175a4bb006

SHA512
675d8333c520ba3ab2929d66ba546bfe07e49a96abaff92c6f1b01aa43e2f66b1dd186e3d41ebd3ac087f0c9773dc9324ca66816149e090672c477dc869a4feb

Download Submit
C:\Windows\System32\GbWzbqB.exe

Filesize
3.2MB

MD5
401375cfcb4f8ba5c4f72c7a630c5a58

SHA1
a45210facfc07024264fd34bdc7affd412257cdb

SHA256
cfa8c84de1ab1672ef024806e0e760a86a250021da90796080a4462df93f6bff

SHA512
e0fe230fd1894dc169c17fb51d8d1ed99ecee7df4f26d5f4ec1d839a4e4617f497964c00d9e39ea3d73ef5f46955951cf5685da9211f890181fd9d84bcfe1b19

Download Submit
C:\Windows\System32\GtMzzwt.exe

Filesize
3.2MB

MD5
99c33dab8f94da8821ee6b0fb118e90d

SHA1
bba96f7e7e36100504d6202d03c6ba9a3c3f8a09

SHA256
cef764b372cc98ea8b1b3f78d999c1e1e70532dd6d8c4c24d5d17afc892d5bdb

SHA512
43beb43fb60c6594da4be70e741f6271d9fa253c1dfa6b7bfe7c226776a80ac476adbba27daea138f3e018bf487be97fc80017587278f61363908f8294d81662

Download Submit
C:\Windows\System32\KTkWsjv.exe

Filesize
3.2MB

MD5
1ae2b48822d7fc9df9d1df5aa4314a8e

SHA1
dd47bc33b08ff407ad6de9dad9aab32aab66ecaa

SHA256
c6bec2dfc9bf0b07fd3d36b6032d0dfa8bb5853041229cd3e7c87d337ac3b320

SHA512
fc215259c5417a778f201e3d47a2226b0d3a81a7fda54935adc072a16c281624dc84dd413fce28522d8e2799a71949817115cdf309d1b5e7ef25082ddc8bd68f

Download Submit
C:\Windows\System32\KYPMfjz.exe

Filesize
3.2MB

MD5
50a21fe0acd908e444a473de5411e494

SHA1
059eee0a1a6bff0b840a269e3eaeb008445a8d88

SHA256
ddd58c6357412c4334bd7dd299c597f15348cab3adb9a8d9e5cd4f20cd94ddf2

SHA512
04a6c40571c8c2cce87ae83d34856fabf3866383e78c2769b0672c327be5a8a6597d41146dfcacf45ad1ee925a384e871668f36b1383df694768416282d0b0c7

Download Submit
C:\Windows\System32\LYslqMj.exe

Filesize
3.2MB

MD5
ba289a526c8630fee7511d58c1901c25

SHA1
a2319616aadaf0bc868827d9ee92632ff46d04ec

SHA256
7f53bdf5fa4f89276cada5c345872960292ca2778414a773f931ea0279bd8096

SHA512
ae6b4213019d050baacb0cb74f0117a47050c6103e3573ab75b8465a699e4bb730ec7ef72c5973647bbacbf6b56769a3a930448b5fd1217fec798a1bdc790805

Download Submit
C:\Windows\System32\LmVSncE.exe

Filesize
3.2MB

MD5
9d4ef42b43a8bb6367b7ac1d82f2c535

SHA1
e96ea8f64f75edfd78f10d06ccdd4bc5bc68617b

SHA256
dc826eea7c194afdf512a6d28c19d0320064cb2d7808a023771dae54fa39c485

SHA512
5c9ce23b7692d0cbbc4acb1189393e9e8dc5e64fe7c11e49fa78f204120d53fa8e9dffca292e7fa94e9bd169816c28370d07e5d4376b8dc5d98d2fedeba03208

Download Submit
C:\Windows\System32\NFYLVsD.exe

Filesize
3.2MB

MD5
7eb577b8fb2e0d1b0322d3df6d3dbecd

SHA1
66f2aaf4a7e7a6d51f2e60f672bf453a000a7d8f

SHA256
05691b0c455f7e00bc1908492b61da6092f2494e822cc43d4db2b3224b921749

SHA512
93112d0ff07127a1e64dccac90ad8fbf14b48af7e011996465053a47a4cb6237036bb284d21b51c66f83b86e9f528edb4388bf6aee21e1cb4ab9ef10f17c048f

Download Submit
C:\Windows\System32\NOFpEXQ.exe

Filesize
3.2MB

MD5
e079fbb6a93ec5a204fe1071d0f97478

SHA1
bc465a5cfb68e4f28fb5cd0156b457e497220361

SHA256
fc9d3534de3cae320f8cd8c9c2d7b81f55a80da228741969103e4bd7cde4bdb5

SHA512
9d419b6dcc24594d976abf3a59e03f91ed544b4fd9e58790c7e83362d20f732ea9263a69702fda44623f48762a92939c6cf2cdef4286b5a1c1844df0ca9251c2

Download Submit
C:\Windows\System32\TBrVokz.exe

Filesize
3.2MB

MD5
30c9e02c3c48564a4c1a322b74c09b81

SHA1
4db61b467068564d0367023ea4acb77ddb160e81

SHA256
ea5bea842e7285f5b1cde2f3e1ae36c141be46116d5b136474014eb1040db8a2

SHA512
ae2ce714b74a7ac8bd5d6fef98fb83133da42d880e2285ad1437ef3c206b0a772be61974acfea551dc98c221d1b2bba4424718a7cc1717b646f3c479fdcad2f4

Download Submit
C:\Windows\System32\TrbhcSY.exe

Filesize
3.2MB

MD5
cd16bd4b3d27bb4df51227e036164882

SHA1
1d8b527c6b0cde7f456babe292fd7d3b9492e02f

SHA256
3def1cb6f5e66e9c7f8fa5cebcf5f3849a2785356c04a2038aaa7657ea2f5421

SHA512
fe999939ff3a1c6a464d21b6572295a51f09a16f01c3e343e459520b3a482aa0f489c5870d5fbe5e173d35eb3bcc887f49af5206e7b169d8f5ec3383485ca75e

Download Submit
C:\Windows\System32\UosXrYU.exe

Filesize
3.2MB

MD5
859e442839c68c2a7cffdcf8efd332b3

SHA1
b7d6a85a1f9a9b6c3384a8f3d49888ddd6fb4801

SHA256
d1671e54d641ed4a84bfb380bbad6529089f7e595e5fadb76d96d85947cd0dcf

SHA512
1a57e6c13e349d91821b33b0de8ec7ca973c1d3de08198577b441a92f1112478b97df1c1534b607b6f3f0ab156eee05693e6c9b76f263ae5188a35ed3db45f38

Download Submit
C:\Windows\System32\UtLjEem.exe

Filesize
3.2MB

MD5
788a7c72d0acc5f2144a814a68a4e7fa

SHA1
5772c18aceef228abb8b1e2c703807e4665666eb

SHA256
b56ef41d609608b13de860793da90026297051cfffbcd64910fd441a7c636703

SHA512
d801b2c0112cbba3be7ae687963f1fdbeae11396a11a5c801010b8fa36a19fa71d01be12847ffaa80eac5280bf311d3aab375c777da0ee0ce03717ad25caa8a4

Download Submit
C:\Windows\System32\WDWVRBO.exe

Filesize
3.2MB

MD5
39751350b7bea554909fb3a8fc21afeb

SHA1
3be28706173b1328b9d6fb7394e400dc0c277eb3

SHA256
fee06a36a5ba6b9ab1f36948f90275e3cf40df5e74596cc26c8ce0f2dac4e821

SHA512
dc3fd698aa1ff67f2bdd453b228596ca92904b372069788d97122b5d813bbb851b8c067cfe6c7e050aa1a4f359484a4e32e2500e616f696ae2f8a1ea8b9a3d6e

Download Submit
C:\Windows\System32\WoHeDzF.exe

Filesize
3.2MB

MD5
62ab5a416f8458e7a320c4f79f3f7070

SHA1
4af15327b8bd3ab00cf099d8552cc4d20a1c5b3f

SHA256
0a1e1be26f3288785ba62dd27474e4a26f8e787109fd20e542fc6e6490c95604

SHA512
0c50f6766a2acefdc0a59cdf5e19124729f7150e03075592f8ff4f9afc05e5b0aa505704deb958d32ed8695805f0dd4e4b8aa4f40c33dcec27d61ac2b40133a1

Download Submit
C:\Windows\System32\XdumKPN.exe

Filesize
3.2MB

MD5
f9ad62d8348621164ad34554a7655fd0

SHA1
280c3e98e72b046b5c984e372d04725d89f059db

SHA256
aa3a969b4ef00a6099bd99f499399ff1f1e15017c05dcaf0ec08a37d143d78e3

SHA512
a8e8323720680176316ce0cbf5a8de6cfecf8afd95eabc4c4db56b58974b1e64c8d0db64e30b4bdd3b566a6e5af87832d31adf7edc80ab4189c021e963c40b4a

Download Submit
C:\Windows\System32\ZcvTquI.exe

Filesize
3.2MB

MD5
0b8ac7308a8364d809e92e930aca9b4c

SHA1
437a4bf48b8c3d11d75fa84baace595c141a16e8

SHA256
c81125621a0d373a16b6f140ba3a54dc38f9d38fbe81667b176df556661b76a1

SHA512
f049a4c0f1ff279a12a99cc004c8dee9ffac9636cc737e1b057769afa095c925a1654756bdb8e88337d5f215bab214f0a79740173e1a539836e03863a1610109

Download Submit
C:\Windows\System32\ZjVxdsa.exe

Filesize
3.2MB

MD5
bbb264ed6ef431bd4124c3b860c80c9f

SHA1
f81534e1301cbd5d99c2349fe08f37633a4933bb

SHA256
d3eee38a93c337f9f7f8a168db142a328f126b52f42b07037fe35ed95a3bf01b

SHA512
a8daa2a68a7a46f3984dcf8c363b330f466d9c68b5f5273b8c03d84302121d2a8b7682b5ba7bf9fed0a9208599c88bd0de070b74c4285d28be9cb2452ebb2903

Download Submit
C:\Windows\System32\afgGDJw.exe

Filesize
3.2MB

MD5
7792ec13a4796929d36fffc6d1712675

SHA1
cbdceade794a1ce462ecd17e4d9fa1a6a18db69e

SHA256
1debee908d20d119028802a8112f02092cb7623776a237df12239598bf4b2903

SHA512
22df5ca15cdb9bfd61e7510be9d8b1764f35ad782010ae8685ff262fa6b698e52e41b92fbef8b44056330e1abe9c96f2e07288c52570e3792aff707c55f52290

Download Submit
C:\Windows\System32\hQxeCfi.exe

Filesize
3.2MB

MD5
ee457c93df0386c7e0ce19bb69b4e145

SHA1
71594231fef79bd70190515af56faf3517b4572c

SHA256
800608327e0d4959ba0d177c6621efed14f955a5ab74f5e42fde210c1c215426

SHA512
a4d2cddd164bccb5787f7125b0ce188f36502348a21286354f5b65fb8627414ab015cecadc9c6acefbc386e776b6422b1753ca375571690564c386ab75edd2fa

Download Submit
C:\Windows\System32\icKHgcP.exe

Filesize
3.2MB

MD5
799df50411b4cc3ffae264a8a56469b3

SHA1
ff7e00a06424b175ff42b65b1e871912db2c5d5b

SHA256
6b7f887e0b7b77c8e966fb76646b6d3c81c4033588a5d130504f1cf219353ed8

SHA512
7f400d1b8bf1bd41c69ae6023a916eae24715f01920fc300cb3e901219cc0192cadd8e56ed2db46027694596a210eb45d93a475b1f1ba3d88efc06dfcc27f3a1

Download Submit
C:\Windows\System32\jTxOtyY.exe

Filesize
3.2MB

MD5
667112cb50cee907f8ca1258e2f82b44

SHA1
fda596f060c5f6d23b9c2c4b2ff4961c9c9ef0d7

SHA256
4cfc16c527d06559cb6502c8c582a78499882e3ba5754d44e0ff258f730ec3f0

SHA512
5f14e10d720cedcd53cd45942f2b2d9638557c78dfe8ff55eff73155b48420fd3f03810fb82c4f50f325356ed3ce4e6c3622a3fe2f015e4a862e2aa81c887d78

Download Submit
C:\Windows\System32\nmVKdVY.exe

Filesize
3.2MB

MD5
24db7020e514744d7506dd9090fe66c7

SHA1
df6579af37042ed679d38284f92cff91082d058c

SHA256
91da9147cc0486d818000f44b885be7449d32d7f62f0527400f57ebe9d068f4d

SHA512
a4e52d435a2ee627495c3e636cdfe36047de3df40cf70cc0086bb85da6a5970e2d878ce711aa43aee90549ea4dfbe5f38799f5cf18a18fa65a13d835115d5579

Download Submit
C:\Windows\System32\orSloTy.exe

Filesize
3.2MB

MD5
a68b1e2c40845d5e37c032f23054b713

SHA1
f4dbecbed8ef78909612ff62b2bc547e833b2aa8

SHA256
7a53163cb631b5fffd2c168be809b44a63a6ec91bf74522ebd16fb0e62cb473c

SHA512
a941bfa7c30f96b8cf9a145a6c2a7f25e909793141a5b2665b932f5b054ad3c961bea27c32118302e47ca3a43f2a4d8bc8420aec0598c272431e048c5e59182a

Download Submit
C:\Windows\System32\tHonreE.exe

Filesize
3.2MB

MD5
062f9827ae71df746e77d281ed0583f9

SHA1
5d8cdaeb3e40bd5ec8f8663ae9bcdff6d46e4a56

SHA256
019398aec8fa26cbc4ec93cdeacbe983748c4b51e91359d879abfcaa0f5189e9

SHA512
ca222a81627b2cb7e3d78fee410b0250ff4ea03b0cef12681a3f12b33cf30de09a8673f04e634a2b63f0f02f1e3f8d876e6a6859246899128e928e3c86efdcde

Download Submit
C:\Windows\System32\teRSydL.exe

Filesize
3.2MB

MD5
0bc39d56bee2dfbeadeb1dbf5abb80b4

SHA1
139f41674e85f7037bd1ddf41db5f61d7193be59

SHA256
48928d980014ea71958ced680292b290bb5e59f1c2581ce60608b885048189e4

SHA512
2deb7eeed9d7231d363f85731eb3501a401190a4de9dbb40f682a61a8cecdf532238b66ed042a85487493183ad4d2bd20465879980fd75d0b949401c5c1a5105

Download Submit
C:\Windows\System32\vAEDgFK.exe

Filesize
3.2MB

MD5
af81341ab2f5d9bf49eb28fedf6f09fd

SHA1
0aae5b3679dc56945376e7570a850e8637c9a330

SHA256
1df18402e022192033db5ccf4036d57482a1525be20e69e0109f8ee042d28f55

SHA512
9cda61e34a7815e1ac029683b9e5768a20c29e574e22252e87d20df53a7b0e9fb7fb2eeb03337c72b55b6269150d3723e5d54d7838d9a2206bd89450cefc58cd

Download Submit
C:\Windows\System32\veVvmVN.exe

Filesize
3.2MB

MD5
8d40ee0ee8cfcfa121ba3940fa01f953

SHA1
37471f1348f1725bd5120282df7d445a83a06cbf

SHA256
fa244bd90c854a6539fe6ff094ce650b74e2f5105e2cc0129b426f810bc486e7

SHA512
cab383fa314f56343efc22ea2a88dd693bb1b83542a7f68f99d5ae356398b0b444d38c405a53a8c75c2e2a509f6486f6134f796c11aa5868664d2cf5f90bda81

Download Submit
C:\Windows\System32\wHwSrac.exe

Filesize
3.2MB

MD5
00c16b76e3ded349d7395e533ccb4f1c

SHA1
0a5bd0b47b25580e14e78f3e9c9b0632fbdc126d

SHA256
3f7717d1b471e4b18fb90d2dd18668b28394a8b48537cafbe44a360daeee49d4

SHA512
661ab2328309502e4cd420b1df6dea8e4f13826595ad5fb18b7d8dba958f376d3ecd39169c2c2e4fe563d5fb8c0290123fb32ef960152f11bd04b27e9b3edb50

Download Submit
C:\Windows\System32\zviKDEj.exe

Filesize
3.2MB

MD5
f1924ef5c5257fbfc2179254dd48ab2c

SHA1
9701aa7065bc0a88d6e0cc76efdcf9f81ffbe582

SHA256
13c803f8ab9f202e507a6a8aa24b28649b5c55935d01476a0f509050c3bdd91f

SHA512
9578ceabcf4e6b631253cd42a2f7960a0c1e2f19a48553a56246169ffcf01a7b5bac74fe8f11cc2bf01a1c77bcd852accaf0c3c0b210297799a47bde3f3b15e0

Download Submit
memory/380-894-0x00007FF70A770000-0x00007FF70AB65000-memory.dmp

Filesize
4.0MB

Download
memory/380-1819-0x00007FF70A770000-0x00007FF70AB65000-memory.dmp

Filesize
4.0MB

Download
memory/608-878-0x00007FF6092A0000-0x00007FF609695000-memory.dmp

Filesize
4.0MB

Download
memory/608-1812-0x00007FF6092A0000-0x00007FF609695000-memory.dmp

Filesize
4.0MB

Download
memory/1920-835-0x00007FF6D97E0000-0x00007FF6D9BD5000-memory.dmp

Filesize
4.0MB

Download
memory/1920-1807-0x00007FF6D97E0000-0x00007FF6D9BD5000-memory.dmp

Filesize
4.0MB

Download
memory/2124-1-0x000001FDD24A0000-0x000001FDD24B0000-memory.dmp

Filesize
64KB

Download
memory/2124-0-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp

Filesize
4.0MB

Download
memory/2124-1797-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp

Filesize
4.0MB

Download
memory/2268-1815-0x00007FF634C30000-0x00007FF635025000-memory.dmp

Filesize
4.0MB

Download
memory/2268-884-0x00007FF634C30000-0x00007FF635025000-memory.dmp

Filesize
4.0MB

Download
memory/2336-9-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp

Filesize
4.0MB

Download
memory/2336-1800-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp

Filesize
4.0MB

Download
memory/2336-1798-0x00007FF7FA2C0000-0x00007FF7FA6B5000-memory.dmp

Filesize
4.0MB

Download
memory/2364-1802-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp

Filesize
4.0MB

Download
memory/2364-1799-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp

Filesize
4.0MB

Download
memory/2364-20-0x00007FF6AF710000-0x00007FF6AFB05000-memory.dmp

Filesize
4.0MB

Download
memory/2492-1801-0x00007FF7CA8E0000-0x00007FF7CACD5000-memory.dmp

Filesize
4.0MB

Download
memory/2492-16-0x00007FF7CA8E0000-0x00007FF7CACD5000-memory.dmp

Filesize
4.0MB

Download
memory/2688-937-0x00007FF7F2800000-0x00007FF7F2BF5000-memory.dmp

Filesize
4.0MB

Download
memory/2688-1806-0x00007FF7F2800000-0x00007FF7F2BF5000-memory.dmp

Filesize
4.0MB

Download
memory/2828-1820-0x00007FF7040D0000-0x00007FF7044C5000-memory.dmp

Filesize
4.0MB

Download
memory/2828-898-0x00007FF7040D0000-0x00007FF7044C5000-memory.dmp

Filesize
4.0MB

Download
memory/3064-890-0x00007FF734510000-0x00007FF734905000-memory.dmp

Filesize
4.0MB

Download
memory/3064-1821-0x00007FF734510000-0x00007FF734905000-memory.dmp

Filesize
4.0MB

Download
memory/3536-889-0x00007FF76A560000-0x00007FF76A955000-memory.dmp

Filesize
4.0MB

Download
memory/3536-1822-0x00007FF76A560000-0x00007FF76A955000-memory.dmp

Filesize
4.0MB

Download
memory/3704-1804-0x00007FF7030C0000-0x00007FF7034B5000-memory.dmp

Filesize
4.0MB

Download
memory/3704-830-0x00007FF7030C0000-0x00007FF7034B5000-memory.dmp

Filesize
4.0MB

Download
memory/3712-1813-0x00007FF6C0D50000-0x00007FF6C1145000-memory.dmp

Filesize
4.0MB

Download
memory/3712-863-0x00007FF6C0D50000-0x00007FF6C1145000-memory.dmp

Filesize
4.0MB

Download
memory/3928-851-0x00007FF7969D0000-0x00007FF796DC5000-memory.dmp

Filesize
4.0MB

Download
memory/3928-1808-0x00007FF7969D0000-0x00007FF796DC5000-memory.dmp

Filesize
4.0MB

Download
memory/3988-905-0x00007FF6D8D20000-0x00007FF6D9115000-memory.dmp

Filesize
4.0MB

Download
memory/3988-1817-0x00007FF6D8D20000-0x00007FF6D9115000-memory.dmp

Filesize
4.0MB

Download
memory/4004-842-0x00007FF6C9990000-0x00007FF6C9D85000-memory.dmp

Filesize
4.0MB

Download
memory/4004-1805-0x00007FF6C9990000-0x00007FF6C9D85000-memory.dmp

Filesize
4.0MB

Download
memory/4052-1803-0x00007FF7A4610000-0x00007FF7A4A05000-memory.dmp

Filesize
4.0MB

Download
memory/4052-936-0x00007FF7A4610000-0x00007FF7A4A05000-memory.dmp

Filesize
4.0MB

Download
memory/4068-1818-0x00007FF72C100000-0x00007FF72C4F5000-memory.dmp

Filesize
4.0MB

Download
memory/4068-900-0x00007FF72C100000-0x00007FF72C4F5000-memory.dmp

Filesize
4.0MB

Download
memory/4132-874-0x00007FF65C9D0000-0x00007FF65CDC5000-memory.dmp

Filesize
4.0MB

Download
memory/4132-1810-0x00007FF65C9D0000-0x00007FF65CDC5000-memory.dmp

Filesize
4.0MB

Download
memory/4244-1816-0x00007FF70A5A0000-0x00007FF70A995000-memory.dmp

Filesize
4.0MB

Download
memory/4244-902-0x00007FF70A5A0000-0x00007FF70A995000-memory.dmp

Filesize
4.0MB

Download
memory/4380-868-0x00007FF7EA1A0000-0x00007FF7EA595000-memory.dmp

Filesize
4.0MB

Download
memory/4380-1814-0x00007FF7EA1A0000-0x00007FF7EA595000-memory.dmp

Filesize
4.0MB

Download
memory/4640-1823-0x00007FF6B77C0000-0x00007FF6B7BB5000-memory.dmp

Filesize
4.0MB

Download
memory/4640-891-0x00007FF6B77C0000-0x00007FF6B7BB5000-memory.dmp

Filesize
4.0MB

Download
memory/4748-1809-0x00007FF65A140000-0x00007FF65A535000-memory.dmp

Filesize
4.0MB

Download
memory/4748-855-0x00007FF65A140000-0x00007FF65A535000-memory.dmp

Filesize
4.0MB

Download
memory/4824-1811-0x00007FF6C6520000-0x00007FF6C6915000-memory.dmp

Filesize
4.0MB

Download
memory/4824-860-0x00007FF6C6520000-0x00007FF6C6915000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads