xmrig | 62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8

Analysis

max time kernel
148s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
Size

3.0MB
MD5

32908f044bc8415c0b6a753f51cceb6a
SHA1

65a4d0952a99187452aabb7c01c4fc2e4d195279
SHA256

62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8
SHA512

ca2a5a73355d0c343bb8da6c8b9512f327e0e5b884293d755b7a3a8ef4515c05162c7fa0ac53b5d920f58bbd397ed95b82f48c4ab33886f02b82de5c7ac16105
SSDEEP

98304:N0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc4W:NFWPClFm

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/864-0-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp	UPX
behavioral2/files/0x000a0000000233dd-6.dat	UPX
behavioral2/files/0x00070000000233e6-10.dat	UPX
behavioral2/files/0x00070000000233e5-11.dat	UPX
behavioral2/memory/3592-14-0x00007FF7012C0000-0x00007FF7016B5000-memory.dmp	UPX
behavioral2/memory/2084-9-0x00007FF6D6200000-0x00007FF6D65F5000-memory.dmp	UPX
behavioral2/files/0x00070000000233ea-29.dat	UPX
behavioral2/files/0x00070000000233e9-33.dat	UPX
behavioral2/files/0x00070000000233ec-42.dat	UPX
behavioral2/files/0x00070000000233eb-50.dat	UPX
behavioral2/memory/2860-53-0x00007FF7BD640000-0x00007FF7BDA35000-memory.dmp	UPX
behavioral2/files/0x00080000000233e2-55.dat	UPX
behavioral2/memory/4716-54-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp	UPX
behavioral2/memory/4440-52-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp	UPX
behavioral2/memory/2164-49-0x00007FF68DA00000-0x00007FF68DDF5000-memory.dmp	UPX
behavioral2/memory/1628-45-0x00007FF760BE0000-0x00007FF760FD5000-memory.dmp	UPX
behavioral2/memory/2316-41-0x00007FF752EC0000-0x00007FF7532B5000-memory.dmp	UPX
behavioral2/memory/3596-37-0x00007FF755F70000-0x00007FF756365000-memory.dmp	UPX
behavioral2/files/0x00070000000233e8-31.dat	UPX
behavioral2/files/0x00070000000233ed-59.dat	UPX
behavioral2/memory/2364-62-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp	UPX
behavioral2/files/0x00070000000233ee-61.dat	UPX
behavioral2/memory/3852-64-0x00007FF681C50000-0x00007FF682045000-memory.dmp	UPX
behavioral2/memory/1116-73-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp	UPX
behavioral2/files/0x00070000000233f0-78.dat	UPX
behavioral2/files/0x00070000000233f1-83.dat	UPX
behavioral2/files/0x00070000000233fa-128.dat	UPX
behavioral2/files/0x00070000000233fe-146.dat	UPX
behavioral2/files/0x0007000000023401-161.dat	UPX
behavioral2/files/0x0007000000023403-173.dat	UPX
behavioral2/files/0x0007000000023402-168.dat	UPX
behavioral2/files/0x0007000000023400-158.dat	UPX
behavioral2/files/0x00070000000233ff-153.dat	UPX
behavioral2/files/0x00070000000233fd-143.dat	UPX
behavioral2/files/0x00070000000233fc-138.dat	UPX
behavioral2/files/0x00070000000233fb-133.dat	UPX
behavioral2/files/0x00070000000233f9-123.dat	UPX
behavioral2/files/0x00070000000233f8-118.dat	UPX
behavioral2/files/0x00070000000233f7-113.dat	UPX
behavioral2/files/0x00070000000233f6-108.dat	UPX
behavioral2/files/0x00070000000233f5-103.dat	UPX
behavioral2/files/0x00070000000233f4-98.dat	UPX
behavioral2/files/0x00070000000233f3-93.dat	UPX
behavioral2/files/0x00070000000233f2-88.dat	UPX
behavioral2/files/0x00070000000233ef-72.dat	UPX
behavioral2/memory/4740-788-0x00007FF6B8570000-0x00007FF6B8965000-memory.dmp	UPX
behavioral2/memory/2416-796-0x00007FF6E9AC0000-0x00007FF6E9EB5000-memory.dmp	UPX
behavioral2/memory/3880-801-0x00007FF68F5F0000-0x00007FF68F9E5000-memory.dmp	UPX
behavioral2/memory/2132-817-0x00007FF71EB90000-0x00007FF71EF85000-memory.dmp	UPX
behavioral2/memory/1008-813-0x00007FF63FA60000-0x00007FF63FE55000-memory.dmp	UPX
behavioral2/memory/2384-807-0x00007FF6BDAC0000-0x00007FF6BDEB5000-memory.dmp	UPX
behavioral2/memory/912-825-0x00007FF7C4660000-0x00007FF7C4A55000-memory.dmp	UPX
behavioral2/memory/4488-829-0x00007FF6604D0000-0x00007FF6608C5000-memory.dmp	UPX
behavioral2/memory/4536-831-0x00007FF60A2E0000-0x00007FF60A6D5000-memory.dmp	UPX
behavioral2/memory/400-835-0x00007FF7F27E0000-0x00007FF7F2BD5000-memory.dmp	UPX
behavioral2/memory/3216-837-0x00007FF6D6A20000-0x00007FF6D6E15000-memory.dmp	UPX
behavioral2/memory/1572-839-0x00007FF7CEE50000-0x00007FF7CF245000-memory.dmp	UPX
behavioral2/memory/864-1409-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp	UPX
behavioral2/memory/4440-1952-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp	UPX
behavioral2/memory/4716-1953-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp	UPX
behavioral2/memory/2364-1954-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp	UPX
behavioral2/memory/3852-1955-0x00007FF681C50000-0x00007FF682045000-memory.dmp	UPX
behavioral2/memory/1116-1956-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp	UPX
behavioral2/memory/2084-1957-0x00007FF6D6200000-0x00007FF6D65F5000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/864-0-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp	xmrig
behavioral2/files/0x000a0000000233dd-6.dat	xmrig
behavioral2/files/0x00070000000233e6-10.dat	xmrig
behavioral2/files/0x00070000000233e5-11.dat	xmrig
behavioral2/memory/3592-14-0x00007FF7012C0000-0x00007FF7016B5000-memory.dmp	xmrig
behavioral2/memory/2084-9-0x00007FF6D6200000-0x00007FF6D65F5000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ea-29.dat	xmrig
behavioral2/files/0x00070000000233e9-33.dat	xmrig
behavioral2/files/0x00070000000233ec-42.dat	xmrig
behavioral2/files/0x00070000000233eb-50.dat	xmrig
behavioral2/memory/2860-53-0x00007FF7BD640000-0x00007FF7BDA35000-memory.dmp	xmrig
behavioral2/files/0x00080000000233e2-55.dat	xmrig
behavioral2/memory/4716-54-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp	xmrig
behavioral2/memory/4440-52-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp	xmrig
behavioral2/memory/2164-49-0x00007FF68DA00000-0x00007FF68DDF5000-memory.dmp	xmrig
behavioral2/memory/1628-45-0x00007FF760BE0000-0x00007FF760FD5000-memory.dmp	xmrig
behavioral2/memory/2316-41-0x00007FF752EC0000-0x00007FF7532B5000-memory.dmp	xmrig
behavioral2/memory/3596-37-0x00007FF755F70000-0x00007FF756365000-memory.dmp	xmrig
behavioral2/files/0x00070000000233e8-31.dat	xmrig
behavioral2/files/0x00070000000233ed-59.dat	xmrig
behavioral2/memory/2364-62-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ee-61.dat	xmrig
behavioral2/memory/3852-64-0x00007FF681C50000-0x00007FF682045000-memory.dmp	xmrig
behavioral2/memory/1116-73-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f0-78.dat	xmrig
behavioral2/files/0x00070000000233f1-83.dat	xmrig
behavioral2/files/0x00070000000233fa-128.dat	xmrig
behavioral2/files/0x00070000000233fe-146.dat	xmrig
behavioral2/files/0x0007000000023401-161.dat	xmrig
behavioral2/files/0x0007000000023403-173.dat	xmrig
behavioral2/files/0x0007000000023402-168.dat	xmrig
behavioral2/files/0x0007000000023400-158.dat	xmrig
behavioral2/files/0x00070000000233ff-153.dat	xmrig
behavioral2/files/0x00070000000233fd-143.dat	xmrig
behavioral2/files/0x00070000000233fc-138.dat	xmrig
behavioral2/files/0x00070000000233fb-133.dat	xmrig
behavioral2/files/0x00070000000233f9-123.dat	xmrig
behavioral2/files/0x00070000000233f8-118.dat	xmrig
behavioral2/files/0x00070000000233f7-113.dat	xmrig
behavioral2/files/0x00070000000233f6-108.dat	xmrig
behavioral2/files/0x00070000000233f5-103.dat	xmrig
behavioral2/files/0x00070000000233f4-98.dat	xmrig
behavioral2/files/0x00070000000233f3-93.dat	xmrig
behavioral2/files/0x00070000000233f2-88.dat	xmrig
behavioral2/files/0x00070000000233ef-72.dat	xmrig
behavioral2/memory/4740-788-0x00007FF6B8570000-0x00007FF6B8965000-memory.dmp	xmrig
behavioral2/memory/2416-796-0x00007FF6E9AC0000-0x00007FF6E9EB5000-memory.dmp	xmrig
behavioral2/memory/3880-801-0x00007FF68F5F0000-0x00007FF68F9E5000-memory.dmp	xmrig
behavioral2/memory/2132-817-0x00007FF71EB90000-0x00007FF71EF85000-memory.dmp	xmrig
behavioral2/memory/1008-813-0x00007FF63FA60000-0x00007FF63FE55000-memory.dmp	xmrig
behavioral2/memory/2384-807-0x00007FF6BDAC0000-0x00007FF6BDEB5000-memory.dmp	xmrig
behavioral2/memory/912-825-0x00007FF7C4660000-0x00007FF7C4A55000-memory.dmp	xmrig
behavioral2/memory/4488-829-0x00007FF6604D0000-0x00007FF6608C5000-memory.dmp	xmrig
behavioral2/memory/4536-831-0x00007FF60A2E0000-0x00007FF60A6D5000-memory.dmp	xmrig
behavioral2/memory/400-835-0x00007FF7F27E0000-0x00007FF7F2BD5000-memory.dmp	xmrig
behavioral2/memory/3216-837-0x00007FF6D6A20000-0x00007FF6D6E15000-memory.dmp	xmrig
behavioral2/memory/1572-839-0x00007FF7CEE50000-0x00007FF7CF245000-memory.dmp	xmrig
behavioral2/memory/864-1409-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp	xmrig
behavioral2/memory/4440-1952-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp	xmrig
behavioral2/memory/4716-1953-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp	xmrig
behavioral2/memory/2364-1954-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp	xmrig
behavioral2/memory/3852-1955-0x00007FF681C50000-0x00007FF682045000-memory.dmp	xmrig
behavioral2/memory/1116-1956-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp	xmrig
behavioral2/memory/2084-1957-0x00007FF6D6200000-0x00007FF6D65F5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2084	pifaTJO.exe
3592	wdXTQGU.exe
3596	kNozaFV.exe
2316	SwvuicM.exe
1628	mNZPzDt.exe
2164	EEOHPNX.exe
4440	UIcupNO.exe
2860	thsKdSz.exe
4716	vkUlMEt.exe
2364	GqjwTvl.exe
3852	poNeavY.exe
1116	EEywsvB.exe
4740	nLifIay.exe
2416	Ifloiuy.exe
3880	LjFMABp.exe
2384	dTYXZIM.exe
1008	ijmEVRa.exe
2132	nXgvFop.exe
912	LrwgdZG.exe
4488	dqlUYrB.exe
4536	dzKVhnj.exe
400	MlJCeDw.exe
3216	DkXHZFz.exe
1572	GuwKlQO.exe
4680	sdvcKQL.exe
3992	uzDjeJd.exe
4924	WEiTNbV.exe
3400	zDBjEYg.exe
4608	lqJHMix.exe
440	quxfhNQ.exe
3648	tbNbbnz.exe
4880	AGNTuOi.exe
4308	IzJlzcw.exe
5032	zfMLUzn.exe
1424	iVicvXq.exe
564	uBqHNyI.exe
1464	YcPgYbn.exe
244	IujGaRg.exe
4080	GldobOj.exe
4352	ZIXFAxX.exe
4320	bFlfJeI.exe
2232	TGFJPGR.exe
1036	QbcaqvD.exe
4068	sEhokvs.exe
1468	IpUjSKp.exe
1856	geheKOc.exe
1688	kpTaWVq.exe
2480	fBqnsCn.exe
3864	diijarV.exe
1168	JvroUPW.exe
1040	kitYlhu.exe
4760	gdoplER.exe
4368	BumVwTH.exe
3920	gMFgLtH.exe
5028	mJrDuSk.exe
4204	ovVfLgE.exe
744	DNBxLQu.exe
3364	cZxuofl.exe
1548	uFGVThE.exe
3752	jutILzH.exe
2832	YyKsFvR.exe
3504	QVhHMOQ.exe
4392	fPmIfaN.exe
8	zXQKwbe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/864-0-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp	upx
behavioral2/files/0x000a0000000233dd-6.dat	upx
behavioral2/files/0x00070000000233e6-10.dat	upx
behavioral2/files/0x00070000000233e5-11.dat	upx
behavioral2/memory/3592-14-0x00007FF7012C0000-0x00007FF7016B5000-memory.dmp	upx
behavioral2/memory/2084-9-0x00007FF6D6200000-0x00007FF6D65F5000-memory.dmp	upx
behavioral2/files/0x00070000000233ea-29.dat	upx
behavioral2/files/0x00070000000233e9-33.dat	upx
behavioral2/files/0x00070000000233ec-42.dat	upx
behavioral2/files/0x00070000000233eb-50.dat	upx
behavioral2/memory/2860-53-0x00007FF7BD640000-0x00007FF7BDA35000-memory.dmp	upx
behavioral2/files/0x00080000000233e2-55.dat	upx
behavioral2/memory/4716-54-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp	upx
behavioral2/memory/4440-52-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp	upx
behavioral2/memory/2164-49-0x00007FF68DA00000-0x00007FF68DDF5000-memory.dmp	upx
behavioral2/memory/1628-45-0x00007FF760BE0000-0x00007FF760FD5000-memory.dmp	upx
behavioral2/memory/2316-41-0x00007FF752EC0000-0x00007FF7532B5000-memory.dmp	upx
behavioral2/memory/3596-37-0x00007FF755F70000-0x00007FF756365000-memory.dmp	upx
behavioral2/files/0x00070000000233e8-31.dat	upx
behavioral2/files/0x00070000000233ed-59.dat	upx
behavioral2/memory/2364-62-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp	upx
behavioral2/files/0x00070000000233ee-61.dat	upx
behavioral2/memory/3852-64-0x00007FF681C50000-0x00007FF682045000-memory.dmp	upx
behavioral2/memory/1116-73-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp	upx
behavioral2/files/0x00070000000233f0-78.dat	upx
behavioral2/files/0x00070000000233f1-83.dat	upx
behavioral2/files/0x00070000000233fa-128.dat	upx
behavioral2/files/0x00070000000233fe-146.dat	upx
behavioral2/files/0x0007000000023401-161.dat	upx
behavioral2/files/0x0007000000023403-173.dat	upx
behavioral2/files/0x0007000000023402-168.dat	upx
behavioral2/files/0x0007000000023400-158.dat	upx
behavioral2/files/0x00070000000233ff-153.dat	upx
behavioral2/files/0x00070000000233fd-143.dat	upx
behavioral2/files/0x00070000000233fc-138.dat	upx
behavioral2/files/0x00070000000233fb-133.dat	upx
behavioral2/files/0x00070000000233f9-123.dat	upx
behavioral2/files/0x00070000000233f8-118.dat	upx
behavioral2/files/0x00070000000233f7-113.dat	upx
behavioral2/files/0x00070000000233f6-108.dat	upx
behavioral2/files/0x00070000000233f5-103.dat	upx
behavioral2/files/0x00070000000233f4-98.dat	upx
behavioral2/files/0x00070000000233f3-93.dat	upx
behavioral2/files/0x00070000000233f2-88.dat	upx
behavioral2/files/0x00070000000233ef-72.dat	upx
behavioral2/memory/4740-788-0x00007FF6B8570000-0x00007FF6B8965000-memory.dmp	upx
behavioral2/memory/2416-796-0x00007FF6E9AC0000-0x00007FF6E9EB5000-memory.dmp	upx
behavioral2/memory/3880-801-0x00007FF68F5F0000-0x00007FF68F9E5000-memory.dmp	upx
behavioral2/memory/2132-817-0x00007FF71EB90000-0x00007FF71EF85000-memory.dmp	upx
behavioral2/memory/1008-813-0x00007FF63FA60000-0x00007FF63FE55000-memory.dmp	upx
behavioral2/memory/2384-807-0x00007FF6BDAC0000-0x00007FF6BDEB5000-memory.dmp	upx
behavioral2/memory/912-825-0x00007FF7C4660000-0x00007FF7C4A55000-memory.dmp	upx
behavioral2/memory/4488-829-0x00007FF6604D0000-0x00007FF6608C5000-memory.dmp	upx
behavioral2/memory/4536-831-0x00007FF60A2E0000-0x00007FF60A6D5000-memory.dmp	upx
behavioral2/memory/400-835-0x00007FF7F27E0000-0x00007FF7F2BD5000-memory.dmp	upx
behavioral2/memory/3216-837-0x00007FF6D6A20000-0x00007FF6D6E15000-memory.dmp	upx
behavioral2/memory/1572-839-0x00007FF7CEE50000-0x00007FF7CF245000-memory.dmp	upx
behavioral2/memory/864-1409-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp	upx
behavioral2/memory/4440-1952-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp	upx
behavioral2/memory/4716-1953-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp	upx
behavioral2/memory/2364-1954-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp	upx
behavioral2/memory/3852-1955-0x00007FF681C50000-0x00007FF682045000-memory.dmp	upx
behavioral2/memory/1116-1956-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp	upx
behavioral2/memory/2084-1957-0x00007FF6D6200000-0x00007FF6D65F5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\RZTDRSH.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\qrRCmrL.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\EssSGWg.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\wJIsUmO.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\mJrDuSk.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\xGpkymi.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\UtdxvQh.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\VqSLTgj.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\ekQiXaP.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\IZwLbHC.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\RAEykeH.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\lSCCSrO.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\KvBVakq.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\GFAZlGC.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\oPgRTBs.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\rnrqvsJ.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\NCfypwv.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\zkZQtoj.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\XdqNdYU.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\NTpajKV.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\gjUCLbc.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\FHvyQvk.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\XxYtZAM.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\hZRzrlO.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\IXhdMpg.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\MdNidjl.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\zgqcsVy.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\YZIrCvZ.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\jhDbqpv.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\QdAsLit.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\LjFMABp.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\zbNlGwu.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\cCtkwRo.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\DpnputX.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\DDqAGsu.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\cHMBFSy.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\GLVaDcZ.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\jtjhEcC.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\mQnbivw.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\hwYyjIc.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\MQLxkTw.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\KzzXWdI.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\RBIdZir.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\QHtXWdT.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\qeteLYb.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\inqgTyH.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\tZRTxHY.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\MZYMLeJ.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\ZOrToug.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\ghkIGhB.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\NyKOrFF.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\JBSeJan.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\nMRTiyc.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\bcdSCgU.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\ssiGVeu.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\sVMwaQF.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\puYHTpT.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\EmtbcwR.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\aAQMCFD.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\HVIAgOb.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\vkUlMEt.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\iVoQOiN.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\zELDZuI.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
File created	C:\Windows\System32\VGiHqEj.exe	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7936	dwm.exe
Token: SeChangeNotifyPrivilege	7936	dwm.exe
Token: 33	7936	dwm.exe
Token: SeIncBasePriorityPrivilege	7936	dwm.exe
Token: SeShutdownPrivilege	7936	dwm.exe
Token: SeCreatePagefilePrivilege	7936	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 2084	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	84
PID 864 wrote to memory of 2084	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	84
PID 864 wrote to memory of 3592	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	85
PID 864 wrote to memory of 3592	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	85
PID 864 wrote to memory of 3596	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	86
PID 864 wrote to memory of 3596	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	86
PID 864 wrote to memory of 2316	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	87
PID 864 wrote to memory of 2316	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	87
PID 864 wrote to memory of 1628	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	88
PID 864 wrote to memory of 1628	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	88
PID 864 wrote to memory of 2164	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	89
PID 864 wrote to memory of 2164	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	89
PID 864 wrote to memory of 4440	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	90
PID 864 wrote to memory of 4440	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	90
PID 864 wrote to memory of 2860	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	91
PID 864 wrote to memory of 2860	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	91
PID 864 wrote to memory of 4716	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	92
PID 864 wrote to memory of 4716	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	92
PID 864 wrote to memory of 2364	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	93
PID 864 wrote to memory of 2364	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	93
PID 864 wrote to memory of 3852	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	94
PID 864 wrote to memory of 3852	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	94
PID 864 wrote to memory of 1116	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	95
PID 864 wrote to memory of 1116	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	95
PID 864 wrote to memory of 4740	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	96
PID 864 wrote to memory of 4740	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	96
PID 864 wrote to memory of 2416	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	98
PID 864 wrote to memory of 2416	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	98
PID 864 wrote to memory of 3880	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	99
PID 864 wrote to memory of 3880	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	99
PID 864 wrote to memory of 2384	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	100
PID 864 wrote to memory of 2384	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	100
PID 864 wrote to memory of 1008	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	101
PID 864 wrote to memory of 1008	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	101
PID 864 wrote to memory of 2132	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	102
PID 864 wrote to memory of 2132	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	102
PID 864 wrote to memory of 912	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	103
PID 864 wrote to memory of 912	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	103
PID 864 wrote to memory of 4488	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	104
PID 864 wrote to memory of 4488	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	104
PID 864 wrote to memory of 4536	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	105
PID 864 wrote to memory of 4536	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	105
PID 864 wrote to memory of 400	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	106
PID 864 wrote to memory of 400	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	106
PID 864 wrote to memory of 3216	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	107
PID 864 wrote to memory of 3216	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	107
PID 864 wrote to memory of 1572	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	108
PID 864 wrote to memory of 1572	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	108
PID 864 wrote to memory of 4680	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	109
PID 864 wrote to memory of 4680	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	109
PID 864 wrote to memory of 3992	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	110
PID 864 wrote to memory of 3992	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	110
PID 864 wrote to memory of 4924	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	111
PID 864 wrote to memory of 4924	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	111
PID 864 wrote to memory of 3400	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	112
PID 864 wrote to memory of 3400	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	112
PID 864 wrote to memory of 4608	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	113
PID 864 wrote to memory of 4608	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	113
PID 864 wrote to memory of 440	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	114
PID 864 wrote to memory of 440	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	114
PID 864 wrote to memory of 3648	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	115
PID 864 wrote to memory of 3648	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	115
PID 864 wrote to memory of 4880	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	116
PID 864 wrote to memory of 4880	864	62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe	116

C:\Users\Admin\AppData\Local\Temp\62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe
"C:\Users\Admin\AppData\Local\Temp\62fc145e1e866ca212be5ad116895071c7c4bec8f6b3e5f8541c99313a7fd2b8.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\System32\pifaTJO.exe
  C:\Windows\System32\pifaTJO.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System32\wdXTQGU.exe
  C:\Windows\System32\wdXTQGU.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System32\kNozaFV.exe
  C:\Windows\System32\kNozaFV.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System32\SwvuicM.exe
  C:\Windows\System32\SwvuicM.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System32\mNZPzDt.exe
  C:\Windows\System32\mNZPzDt.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System32\EEOHPNX.exe
  C:\Windows\System32\EEOHPNX.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System32\UIcupNO.exe
  C:\Windows\System32\UIcupNO.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System32\thsKdSz.exe
  C:\Windows\System32\thsKdSz.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System32\vkUlMEt.exe
  C:\Windows\System32\vkUlMEt.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System32\GqjwTvl.exe
  C:\Windows\System32\GqjwTvl.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System32\poNeavY.exe
  C:\Windows\System32\poNeavY.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System32\EEywsvB.exe
  C:\Windows\System32\EEywsvB.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System32\nLifIay.exe
  C:\Windows\System32\nLifIay.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System32\Ifloiuy.exe
  C:\Windows\System32\Ifloiuy.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System32\LjFMABp.exe
  C:\Windows\System32\LjFMABp.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System32\dTYXZIM.exe
  C:\Windows\System32\dTYXZIM.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System32\ijmEVRa.exe
  C:\Windows\System32\ijmEVRa.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System32\nXgvFop.exe
  C:\Windows\System32\nXgvFop.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System32\LrwgdZG.exe
  C:\Windows\System32\LrwgdZG.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System32\dqlUYrB.exe
  C:\Windows\System32\dqlUYrB.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System32\dzKVhnj.exe
  C:\Windows\System32\dzKVhnj.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System32\MlJCeDw.exe
  C:\Windows\System32\MlJCeDw.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System32\DkXHZFz.exe
  C:\Windows\System32\DkXHZFz.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System32\GuwKlQO.exe
  C:\Windows\System32\GuwKlQO.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System32\sdvcKQL.exe
  C:\Windows\System32\sdvcKQL.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System32\uzDjeJd.exe
  C:\Windows\System32\uzDjeJd.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System32\WEiTNbV.exe
  C:\Windows\System32\WEiTNbV.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System32\zDBjEYg.exe
  C:\Windows\System32\zDBjEYg.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System32\lqJHMix.exe
  C:\Windows\System32\lqJHMix.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System32\quxfhNQ.exe
  C:\Windows\System32\quxfhNQ.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System32\tbNbbnz.exe
  C:\Windows\System32\tbNbbnz.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System32\AGNTuOi.exe
  C:\Windows\System32\AGNTuOi.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System32\IzJlzcw.exe
  C:\Windows\System32\IzJlzcw.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System32\zfMLUzn.exe
  C:\Windows\System32\zfMLUzn.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System32\iVicvXq.exe
  C:\Windows\System32\iVicvXq.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System32\uBqHNyI.exe
  C:\Windows\System32\uBqHNyI.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System32\YcPgYbn.exe
  C:\Windows\System32\YcPgYbn.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System32\IujGaRg.exe
  C:\Windows\System32\IujGaRg.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System32\GldobOj.exe
  C:\Windows\System32\GldobOj.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System32\ZIXFAxX.exe
  C:\Windows\System32\ZIXFAxX.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System32\bFlfJeI.exe
  C:\Windows\System32\bFlfJeI.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System32\TGFJPGR.exe
  C:\Windows\System32\TGFJPGR.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System32\QbcaqvD.exe
  C:\Windows\System32\QbcaqvD.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System32\sEhokvs.exe
  C:\Windows\System32\sEhokvs.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System32\IpUjSKp.exe
  C:\Windows\System32\IpUjSKp.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System32\geheKOc.exe
  C:\Windows\System32\geheKOc.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System32\kpTaWVq.exe
  C:\Windows\System32\kpTaWVq.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System32\fBqnsCn.exe
  C:\Windows\System32\fBqnsCn.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System32\diijarV.exe
  C:\Windows\System32\diijarV.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System32\JvroUPW.exe
  C:\Windows\System32\JvroUPW.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System32\kitYlhu.exe
  C:\Windows\System32\kitYlhu.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System32\gdoplER.exe
  C:\Windows\System32\gdoplER.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System32\BumVwTH.exe
  C:\Windows\System32\BumVwTH.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System32\gMFgLtH.exe
  C:\Windows\System32\gMFgLtH.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System32\mJrDuSk.exe
  C:\Windows\System32\mJrDuSk.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\ovVfLgE.exe
  C:\Windows\System32\ovVfLgE.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System32\DNBxLQu.exe
  C:\Windows\System32\DNBxLQu.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System32\cZxuofl.exe
  C:\Windows\System32\cZxuofl.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System32\uFGVThE.exe
  C:\Windows\System32\uFGVThE.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System32\jutILzH.exe
  C:\Windows\System32\jutILzH.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System32\YyKsFvR.exe
  C:\Windows\System32\YyKsFvR.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System32\QVhHMOQ.exe
  C:\Windows\System32\QVhHMOQ.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System32\fPmIfaN.exe
  C:\Windows\System32\fPmIfaN.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System32\zXQKwbe.exe
  C:\Windows\System32\zXQKwbe.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System32\loElThr.exe
  C:\Windows\System32\loElThr.exe
  2⤵
  PID:2016
- C:\Windows\System32\gNeXflm.exe
  C:\Windows\System32\gNeXflm.exe
  2⤵
  PID:4524
- C:\Windows\System32\OmMavmE.exe
  C:\Windows\System32\OmMavmE.exe
  2⤵
  PID:3976
- C:\Windows\System32\yFXohSf.exe
  C:\Windows\System32\yFXohSf.exe
  2⤵
  PID:2768
- C:\Windows\System32\OrRAaMl.exe
  C:\Windows\System32\OrRAaMl.exe
  2⤵
  PID:2244
- C:\Windows\System32\WkbciDO.exe
  C:\Windows\System32\WkbciDO.exe
  2⤵
  PID:1376
- C:\Windows\System32\iVoQOiN.exe
  C:\Windows\System32\iVoQOiN.exe
  2⤵
  PID:5144
- C:\Windows\System32\MOKjcba.exe
  C:\Windows\System32\MOKjcba.exe
  2⤵
  PID:5172
- C:\Windows\System32\HbVBcVo.exe
  C:\Windows\System32\HbVBcVo.exe
  2⤵
  PID:5208
- C:\Windows\System32\bcVrQIx.exe
  C:\Windows\System32\bcVrQIx.exe
  2⤵
  PID:5236
- C:\Windows\System32\vlPxEXN.exe
  C:\Windows\System32\vlPxEXN.exe
  2⤵
  PID:5256
- C:\Windows\System32\bUyUfIG.exe
  C:\Windows\System32\bUyUfIG.exe
  2⤵
  PID:5284
- C:\Windows\System32\CEULkSD.exe
  C:\Windows\System32\CEULkSD.exe
  2⤵
  PID:5312
- C:\Windows\System32\AHFqpgn.exe
  C:\Windows\System32\AHFqpgn.exe
  2⤵
  PID:5348
- C:\Windows\System32\OyTxARK.exe
  C:\Windows\System32\OyTxARK.exe
  2⤵
  PID:5380
- C:\Windows\System32\CdmzbKy.exe
  C:\Windows\System32\CdmzbKy.exe
  2⤵
  PID:5404
- C:\Windows\System32\dfXEqLY.exe
  C:\Windows\System32\dfXEqLY.exe
  2⤵
  PID:5436
- C:\Windows\System32\eJyoBGw.exe
  C:\Windows\System32\eJyoBGw.exe
  2⤵
  PID:5460
- C:\Windows\System32\RAEykeH.exe
  C:\Windows\System32\RAEykeH.exe
  2⤵
  PID:5488
- C:\Windows\System32\PzbcSUc.exe
  C:\Windows\System32\PzbcSUc.exe
  2⤵
  PID:5516
- C:\Windows\System32\aTkRsmn.exe
  C:\Windows\System32\aTkRsmn.exe
  2⤵
  PID:5536
- C:\Windows\System32\VdGsvqi.exe
  C:\Windows\System32\VdGsvqi.exe
  2⤵
  PID:5564
- C:\Windows\System32\dHHfpom.exe
  C:\Windows\System32\dHHfpom.exe
  2⤵
  PID:5600
- C:\Windows\System32\npHFUqO.exe
  C:\Windows\System32\npHFUqO.exe
  2⤵
  PID:5620
- C:\Windows\System32\kIZaZwC.exe
  C:\Windows\System32\kIZaZwC.exe
  2⤵
  PID:5656
- C:\Windows\System32\ukYJtBL.exe
  C:\Windows\System32\ukYJtBL.exe
  2⤵
  PID:5676
- C:\Windows\System32\XUYwZef.exe
  C:\Windows\System32\XUYwZef.exe
  2⤵
  PID:5712
- C:\Windows\System32\vWlBVsB.exe
  C:\Windows\System32\vWlBVsB.exe
  2⤵
  PID:5732
- C:\Windows\System32\uxpcQkH.exe
  C:\Windows\System32\uxpcQkH.exe
  2⤵
  PID:5768
- C:\Windows\System32\vUGyzqM.exe
  C:\Windows\System32\vUGyzqM.exe
  2⤵
  PID:5796
- C:\Windows\System32\QoGZFxJ.exe
  C:\Windows\System32\QoGZFxJ.exe
  2⤵
  PID:5824
- C:\Windows\System32\SoYjMtR.exe
  C:\Windows\System32\SoYjMtR.exe
  2⤵
  PID:5844
- C:\Windows\System32\tOPsQSL.exe
  C:\Windows\System32\tOPsQSL.exe
  2⤵
  PID:5872
- C:\Windows\System32\yJabyMV.exe
  C:\Windows\System32\yJabyMV.exe
  2⤵
  PID:5908
- C:\Windows\System32\ewAvXeR.exe
  C:\Windows\System32\ewAvXeR.exe
  2⤵
  PID:5940
- C:\Windows\System32\EnLUeWC.exe
  C:\Windows\System32\EnLUeWC.exe
  2⤵
  PID:5956
- C:\Windows\System32\IWQHYVx.exe
  C:\Windows\System32\IWQHYVx.exe
  2⤵
  PID:5984
- C:\Windows\System32\PWCPOhB.exe
  C:\Windows\System32\PWCPOhB.exe
  2⤵
  PID:6020
- C:\Windows\System32\bUQYkuY.exe
  C:\Windows\System32\bUQYkuY.exe
  2⤵
  PID:6040
- C:\Windows\System32\uHTDGQa.exe
  C:\Windows\System32\uHTDGQa.exe
  2⤵
  PID:6076
- C:\Windows\System32\CDNQFrn.exe
  C:\Windows\System32\CDNQFrn.exe
  2⤵
  PID:6096
- C:\Windows\System32\BQQqSMb.exe
  C:\Windows\System32\BQQqSMb.exe
  2⤵
  PID:6132
- C:\Windows\System32\GnbINwq.exe
  C:\Windows\System32\GnbINwq.exe
  2⤵
  PID:1132
- C:\Windows\System32\XTMiHgV.exe
  C:\Windows\System32\XTMiHgV.exe
  2⤵
  PID:2248
- C:\Windows\System32\KjtMxEe.exe
  C:\Windows\System32\KjtMxEe.exe
  2⤵
  PID:4248
- C:\Windows\System32\IxMdJEZ.exe
  C:\Windows\System32\IxMdJEZ.exe
  2⤵
  PID:4888
- C:\Windows\System32\NKnjsPl.exe
  C:\Windows\System32\NKnjsPl.exe
  2⤵
  PID:2044
- C:\Windows\System32\UKMhLwP.exe
  C:\Windows\System32\UKMhLwP.exe
  2⤵
  PID:1000
- C:\Windows\System32\OLhGprK.exe
  C:\Windows\System32\OLhGprK.exe
  2⤵
  PID:5160
- C:\Windows\System32\RCbSPME.exe
  C:\Windows\System32\RCbSPME.exe
  2⤵
  PID:4940
- C:\Windows\System32\sJXOIdX.exe
  C:\Windows\System32\sJXOIdX.exe
  2⤵
  PID:5272
- C:\Windows\System32\bTjNqjv.exe
  C:\Windows\System32\bTjNqjv.exe
  2⤵
  PID:5344
- C:\Windows\System32\uOEEwzJ.exe
  C:\Windows\System32\uOEEwzJ.exe
  2⤵
  PID:5416
- C:\Windows\System32\rdAteOL.exe
  C:\Windows\System32\rdAteOL.exe
  2⤵
  PID:5484
- C:\Windows\System32\gaDwadb.exe
  C:\Windows\System32\gaDwadb.exe
  2⤵
  PID:5528
- C:\Windows\System32\TfTGpCn.exe
  C:\Windows\System32\TfTGpCn.exe
  2⤵
  PID:5612
- C:\Windows\System32\mWuonxV.exe
  C:\Windows\System32\mWuonxV.exe
  2⤵
  PID:5672
- C:\Windows\System32\YOHiUAM.exe
  C:\Windows\System32\YOHiUAM.exe
  2⤵
  PID:5724
- C:\Windows\System32\bJQZMFE.exe
  C:\Windows\System32\bJQZMFE.exe
  2⤵
  PID:5792
- C:\Windows\System32\mXZDmaY.exe
  C:\Windows\System32\mXZDmaY.exe
  2⤵
  PID:5868
- C:\Windows\System32\vLdCsEe.exe
  C:\Windows\System32\vLdCsEe.exe
  2⤵
  PID:5924
- C:\Windows\System32\caJMmTM.exe
  C:\Windows\System32\caJMmTM.exe
  2⤵
  PID:5996
- C:\Windows\System32\LlVqXdf.exe
  C:\Windows\System32\LlVqXdf.exe
  2⤵
  PID:6072
- C:\Windows\System32\ZOgsXnG.exe
  C:\Windows\System32\ZOgsXnG.exe
  2⤵
  PID:3964
- C:\Windows\System32\bcdSCgU.exe
  C:\Windows\System32\bcdSCgU.exe
  2⤵
  PID:2028
- C:\Windows\System32\RZTDRSH.exe
  C:\Windows\System32\RZTDRSH.exe
  2⤵
  PID:532
- C:\Windows\System32\zbNlGwu.exe
  C:\Windows\System32\zbNlGwu.exe
  2⤵
  PID:5132
- C:\Windows\System32\IAKsIfr.exe
  C:\Windows\System32\IAKsIfr.exe
  2⤵
  PID:5280
- C:\Windows\System32\KZrhEPA.exe
  C:\Windows\System32\KZrhEPA.exe
  2⤵
  PID:1348
- C:\Windows\System32\jtjhEcC.exe
  C:\Windows\System32\jtjhEcC.exe
  2⤵
  PID:5588
- C:\Windows\System32\imXufOe.exe
  C:\Windows\System32\imXufOe.exe
  2⤵
  PID:5692
- C:\Windows\System32\LSklJco.exe
  C:\Windows\System32\LSklJco.exe
  2⤵
  PID:5856
- C:\Windows\System32\lJBwJDo.exe
  C:\Windows\System32\lJBwJDo.exe
  2⤵
  PID:5968
- C:\Windows\System32\QdoTUDJ.exe
  C:\Windows\System32\QdoTUDJ.exe
  2⤵
  PID:6128
- C:\Windows\System32\ZhrBEJJ.exe
  C:\Windows\System32\ZhrBEJJ.exe
  2⤵
  PID:4620
- C:\Windows\System32\YqUzCMl.exe
  C:\Windows\System32\YqUzCMl.exe
  2⤵
  PID:6156
- C:\Windows\System32\awrUtQf.exe
  C:\Windows\System32\awrUtQf.exe
  2⤵
  PID:6184
- C:\Windows\System32\XQQibWx.exe
  C:\Windows\System32\XQQibWx.exe
  2⤵
  PID:6212
- C:\Windows\System32\oUDuTgA.exe
  C:\Windows\System32\oUDuTgA.exe
  2⤵
  PID:6240
- C:\Windows\System32\cCtkwRo.exe
  C:\Windows\System32\cCtkwRo.exe
  2⤵
  PID:6276
- C:\Windows\System32\DhDekhA.exe
  C:\Windows\System32\DhDekhA.exe
  2⤵
  PID:6304
- C:\Windows\System32\EzUOfNS.exe
  C:\Windows\System32\EzUOfNS.exe
  2⤵
  PID:6324
- C:\Windows\System32\XdqNdYU.exe
  C:\Windows\System32\XdqNdYU.exe
  2⤵
  PID:6352
- C:\Windows\System32\ndsnlpp.exe
  C:\Windows\System32\ndsnlpp.exe
  2⤵
  PID:6388
- C:\Windows\System32\Aurvtqf.exe
  C:\Windows\System32\Aurvtqf.exe
  2⤵
  PID:6408
- C:\Windows\System32\JArJMVM.exe
  C:\Windows\System32\JArJMVM.exe
  2⤵
  PID:6436
- C:\Windows\System32\erHqdLy.exe
  C:\Windows\System32\erHqdLy.exe
  2⤵
  PID:6464
- C:\Windows\System32\ADUwOfJ.exe
  C:\Windows\System32\ADUwOfJ.exe
  2⤵
  PID:6500
- C:\Windows\System32\ubimURh.exe
  C:\Windows\System32\ubimURh.exe
  2⤵
  PID:6520
- C:\Windows\System32\mQnbivw.exe
  C:\Windows\System32\mQnbivw.exe
  2⤵
  PID:6548
- C:\Windows\System32\krzbfDt.exe
  C:\Windows\System32\krzbfDt.exe
  2⤵
  PID:6576
- C:\Windows\System32\kCkCULO.exe
  C:\Windows\System32\kCkCULO.exe
  2⤵
  PID:6604
- C:\Windows\System32\QnvOyko.exe
  C:\Windows\System32\QnvOyko.exe
  2⤵
  PID:6640
- C:\Windows\System32\OwCYUfN.exe
  C:\Windows\System32\OwCYUfN.exe
  2⤵
  PID:6660
- C:\Windows\System32\ReDGWPN.exe
  C:\Windows\System32\ReDGWPN.exe
  2⤵
  PID:6696
- C:\Windows\System32\pTYYMyC.exe
  C:\Windows\System32\pTYYMyC.exe
  2⤵
  PID:6716
- C:\Windows\System32\ondRqkO.exe
  C:\Windows\System32\ondRqkO.exe
  2⤵
  PID:6744
- C:\Windows\System32\RKNIPMF.exe
  C:\Windows\System32\RKNIPMF.exe
  2⤵
  PID:6780
- C:\Windows\System32\Wrorlfv.exe
  C:\Windows\System32\Wrorlfv.exe
  2⤵
  PID:6800
- C:\Windows\System32\riwEHtx.exe
  C:\Windows\System32\riwEHtx.exe
  2⤵
  PID:6828
- C:\Windows\System32\ccCmmBe.exe
  C:\Windows\System32\ccCmmBe.exe
  2⤵
  PID:6856
- C:\Windows\System32\hwYyjIc.exe
  C:\Windows\System32\hwYyjIc.exe
  2⤵
  PID:6884
- C:\Windows\System32\qofyBRF.exe
  C:\Windows\System32\qofyBRF.exe
  2⤵
  PID:6912
- C:\Windows\System32\zBwWugf.exe
  C:\Windows\System32\zBwWugf.exe
  2⤵
  PID:6948
- C:\Windows\System32\DoJsmII.exe
  C:\Windows\System32\DoJsmII.exe
  2⤵
  PID:6968
- C:\Windows\System32\mNHBCQs.exe
  C:\Windows\System32\mNHBCQs.exe
  2⤵
  PID:6996
- C:\Windows\System32\InPKyKT.exe
  C:\Windows\System32\InPKyKT.exe
  2⤵
  PID:7024
- C:\Windows\System32\HwyuGcN.exe
  C:\Windows\System32\HwyuGcN.exe
  2⤵
  PID:7052
- C:\Windows\System32\TSHNOJh.exe
  C:\Windows\System32\TSHNOJh.exe
  2⤵
  PID:7080
- C:\Windows\System32\ZpXDomj.exe
  C:\Windows\System32\ZpXDomj.exe
  2⤵
  PID:7116
- C:\Windows\System32\IsViewt.exe
  C:\Windows\System32\IsViewt.exe
  2⤵
  PID:7144
- C:\Windows\System32\ZEAcxQO.exe
  C:\Windows\System32\ZEAcxQO.exe
  2⤵
  PID:5188
- C:\Windows\System32\oVvcFSY.exe
  C:\Windows\System32\oVvcFSY.exe
  2⤵
  PID:5472
- C:\Windows\System32\mCoEQOS.exe
  C:\Windows\System32\mCoEQOS.exe
  2⤵
  PID:5820
- C:\Windows\System32\MQLxkTw.exe
  C:\Windows\System32\MQLxkTw.exe
  2⤵
  PID:6056
- C:\Windows\System32\YeevzKC.exe
  C:\Windows\System32\YeevzKC.exe
  2⤵
  PID:6168
- C:\Windows\System32\bBwfiAZ.exe
  C:\Windows\System32\bBwfiAZ.exe
  2⤵
  PID:6208
- C:\Windows\System32\AlOuxjs.exe
  C:\Windows\System32\AlOuxjs.exe
  2⤵
  PID:6288
- C:\Windows\System32\ACDVevg.exe
  C:\Windows\System32\ACDVevg.exe
  2⤵
  PID:6340
- C:\Windows\System32\CnKiCVG.exe
  C:\Windows\System32\CnKiCVG.exe
  2⤵
  PID:6400
- C:\Windows\System32\zBPSGFZ.exe
  C:\Windows\System32\zBPSGFZ.exe
  2⤵
  PID:6488
- C:\Windows\System32\BWuPqrv.exe
  C:\Windows\System32\BWuPqrv.exe
  2⤵
  PID:6532
- C:\Windows\System32\UYcJDrL.exe
  C:\Windows\System32\UYcJDrL.exe
  2⤵
  PID:6600
- C:\Windows\System32\rebpkNr.exe
  C:\Windows\System32\rebpkNr.exe
  2⤵
  PID:6684
- C:\Windows\System32\fTBlKDP.exe
  C:\Windows\System32\fTBlKDP.exe
  2⤵
  PID:6728
- C:\Windows\System32\yhxHPLu.exe
  C:\Windows\System32\yhxHPLu.exe
  2⤵
  PID:6792
- C:\Windows\System32\GIHOfBh.exe
  C:\Windows\System32\GIHOfBh.exe
  2⤵
  PID:6844
- C:\Windows\System32\oYpwQZF.exe
  C:\Windows\System32\oYpwQZF.exe
  2⤵
  PID:6924
- C:\Windows\System32\gSonasi.exe
  C:\Windows\System32\gSonasi.exe
  2⤵
  PID:6992
- C:\Windows\System32\FMspUwj.exe
  C:\Windows\System32\FMspUwj.exe
  2⤵
  PID:7040
- C:\Windows\System32\tEohPcn.exe
  C:\Windows\System32\tEohPcn.exe
  2⤵
  PID:7128
- C:\Windows\System32\sdUnCow.exe
  C:\Windows\System32\sdUnCow.exe
  2⤵
  PID:5400
- C:\Windows\System32\ivSaDkb.exe
  C:\Windows\System32\ivSaDkb.exe
  2⤵
  PID:1704
- C:\Windows\System32\dHrUDhD.exe
  C:\Windows\System32\dHrUDhD.exe
  2⤵
  PID:6256
- C:\Windows\System32\EOlZQdI.exe
  C:\Windows\System32\EOlZQdI.exe
  2⤵
  PID:6348
- C:\Windows\System32\iqIYkAR.exe
  C:\Windows\System32\iqIYkAR.exe
  2⤵
  PID:6560
- C:\Windows\System32\wcgtVoi.exe
  C:\Windows\System32\wcgtVoi.exe
  2⤵
  PID:6708
- C:\Windows\System32\qOZzFbX.exe
  C:\Windows\System32\qOZzFbX.exe
  2⤵
  PID:6816
- C:\Windows\System32\DhcuDIU.exe
  C:\Windows\System32\DhcuDIU.exe
  2⤵
  PID:6944
- C:\Windows\System32\rNJwxoE.exe
  C:\Windows\System32\rNJwxoE.exe
  2⤵
  PID:7092
- C:\Windows\System32\BEnGpPP.exe
  C:\Windows\System32\BEnGpPP.exe
  2⤵
  PID:7192
- C:\Windows\System32\MoWRuIs.exe
  C:\Windows\System32\MoWRuIs.exe
  2⤵
  PID:7228
- C:\Windows\System32\gDvZPLq.exe
  C:\Windows\System32\gDvZPLq.exe
  2⤵
  PID:7248
- C:\Windows\System32\NTpajKV.exe
  C:\Windows\System32\NTpajKV.exe
  2⤵
  PID:7276
- C:\Windows\System32\zELDZuI.exe
  C:\Windows\System32\zELDZuI.exe
  2⤵
  PID:7304
- C:\Windows\System32\voQkrWj.exe
  C:\Windows\System32\voQkrWj.exe
  2⤵
  PID:7340
- C:\Windows\System32\lSYcBwE.exe
  C:\Windows\System32\lSYcBwE.exe
  2⤵
  PID:7360
- C:\Windows\System32\VRcBIaK.exe
  C:\Windows\System32\VRcBIaK.exe
  2⤵
  PID:7388
- C:\Windows\System32\FZnxUoF.exe
  C:\Windows\System32\FZnxUoF.exe
  2⤵
  PID:7416
- C:\Windows\System32\DImIRcf.exe
  C:\Windows\System32\DImIRcf.exe
  2⤵
  PID:7444
- C:\Windows\System32\ddOERSH.exe
  C:\Windows\System32\ddOERSH.exe
  2⤵
  PID:7472
- C:\Windows\System32\BNGcuQb.exe
  C:\Windows\System32\BNGcuQb.exe
  2⤵
  PID:7500
- C:\Windows\System32\OVCVQlC.exe
  C:\Windows\System32\OVCVQlC.exe
  2⤵
  PID:7528
- C:\Windows\System32\HgKedrJ.exe
  C:\Windows\System32\HgKedrJ.exe
  2⤵
  PID:7556
- C:\Windows\System32\FKbpDqt.exe
  C:\Windows\System32\FKbpDqt.exe
  2⤵
  PID:7584
- C:\Windows\System32\IEyJaqF.exe
  C:\Windows\System32\IEyJaqF.exe
  2⤵
  PID:7612
- C:\Windows\System32\ptulnlM.exe
  C:\Windows\System32\ptulnlM.exe
  2⤵
  PID:7640
- C:\Windows\System32\AhhRSEP.exe
  C:\Windows\System32\AhhRSEP.exe
  2⤵
  PID:7668
- C:\Windows\System32\tTGSkMe.exe
  C:\Windows\System32\tTGSkMe.exe
  2⤵
  PID:7696
- C:\Windows\System32\nZhKbwD.exe
  C:\Windows\System32\nZhKbwD.exe
  2⤵
  PID:7724
- C:\Windows\System32\yhasrBr.exe
  C:\Windows\System32\yhasrBr.exe
  2⤵
  PID:7752
- C:\Windows\System32\LHhZmNh.exe
  C:\Windows\System32\LHhZmNh.exe
  2⤵
  PID:7780
- C:\Windows\System32\OKRPBGf.exe
  C:\Windows\System32\OKRPBGf.exe
  2⤵
  PID:7808
- C:\Windows\System32\gjUCLbc.exe
  C:\Windows\System32\gjUCLbc.exe
  2⤵
  PID:7844
- C:\Windows\System32\lSCCSrO.exe
  C:\Windows\System32\lSCCSrO.exe
  2⤵
  PID:7864
- C:\Windows\System32\wHdYMGf.exe
  C:\Windows\System32\wHdYMGf.exe
  2⤵
  PID:7892
- C:\Windows\System32\QHtXWdT.exe
  C:\Windows\System32\QHtXWdT.exe
  2⤵
  PID:7920
- C:\Windows\System32\YPPlYbg.exe
  C:\Windows\System32\YPPlYbg.exe
  2⤵
  PID:7948
- C:\Windows\System32\JeLrWhC.exe
  C:\Windows\System32\JeLrWhC.exe
  2⤵
  PID:7976
- C:\Windows\System32\AeAgBlU.exe
  C:\Windows\System32\AeAgBlU.exe
  2⤵
  PID:8004
- C:\Windows\System32\yXUhmOj.exe
  C:\Windows\System32\yXUhmOj.exe
  2⤵
  PID:8044
- C:\Windows\System32\pmCtxsJ.exe
  C:\Windows\System32\pmCtxsJ.exe
  2⤵
  PID:8060
- C:\Windows\System32\xDpngXA.exe
  C:\Windows\System32\xDpngXA.exe
  2⤵
  PID:8108
- C:\Windows\System32\tvxPGTT.exe
  C:\Windows\System32\tvxPGTT.exe
  2⤵
  PID:8140
- C:\Windows\System32\BImdMBn.exe
  C:\Windows\System32\BImdMBn.exe
  2⤵
  PID:8164
- C:\Windows\System32\TdQAtiI.exe
  C:\Windows\System32\TdQAtiI.exe
  2⤵
  PID:8180
- C:\Windows\System32\JlPgZZY.exe
  C:\Windows\System32\JlPgZZY.exe
  2⤵
  PID:7156
- C:\Windows\System32\vNnXQlK.exe
  C:\Windows\System32\vNnXQlK.exe
  2⤵
  PID:6320
- C:\Windows\System32\MqQATRb.exe
  C:\Windows\System32\MqQATRb.exe
  2⤵
  PID:828
- C:\Windows\System32\OGvsQtK.exe
  C:\Windows\System32\OGvsQtK.exe
  2⤵
  PID:3532
- C:\Windows\System32\wzlnqbJ.exe
  C:\Windows\System32\wzlnqbJ.exe
  2⤵
  PID:7288
- C:\Windows\System32\vSXtsEW.exe
  C:\Windows\System32\vSXtsEW.exe
  2⤵
  PID:7320
- C:\Windows\System32\OSpzCei.exe
  C:\Windows\System32\OSpzCei.exe
  2⤵
  PID:7372
- C:\Windows\System32\FnLOdKj.exe
  C:\Windows\System32\FnLOdKj.exe
  2⤵
  PID:7460
- C:\Windows\System32\fhaGekm.exe
  C:\Windows\System32\fhaGekm.exe
  2⤵
  PID:7596
- C:\Windows\System32\BGLkKMN.exe
  C:\Windows\System32\BGLkKMN.exe
  2⤵
  PID:7628
- C:\Windows\System32\lqgzUGF.exe
  C:\Windows\System32\lqgzUGF.exe
  2⤵
  PID:7840
- C:\Windows\System32\KvBVakq.exe
  C:\Windows\System32\KvBVakq.exe
  2⤵
  PID:7972
- C:\Windows\System32\CjiUFbW.exe
  C:\Windows\System32\CjiUFbW.exe
  2⤵
  PID:3028
- C:\Windows\System32\PVrhpMV.exe
  C:\Windows\System32\PVrhpMV.exe
  2⤵
  PID:392
- C:\Windows\System32\ehUlbIR.exe
  C:\Windows\System32\ehUlbIR.exe
  2⤵
  PID:3176
- C:\Windows\System32\uCGwIEr.exe
  C:\Windows\System32\uCGwIEr.exe
  2⤵
  PID:8096
- C:\Windows\System32\mZDxOnC.exe
  C:\Windows\System32\mZDxOnC.exe
  2⤵
  PID:5652
- C:\Windows\System32\ifHGKYb.exe
  C:\Windows\System32\ifHGKYb.exe
  2⤵
  PID:5896
- C:\Windows\System32\DpnputX.exe
  C:\Windows\System32\DpnputX.exe
  2⤵
  PID:7224
- C:\Windows\System32\DDqAGsu.exe
  C:\Windows\System32\DDqAGsu.exe
  2⤵
  PID:7356
- C:\Windows\System32\jpuRUKV.exe
  C:\Windows\System32\jpuRUKV.exe
  2⤵
  PID:7496
- C:\Windows\System32\VwyFKtF.exe
  C:\Windows\System32\VwyFKtF.exe
  2⤵
  PID:7580
- C:\Windows\System32\tLSIBMz.exe
  C:\Windows\System32\tLSIBMz.exe
  2⤵
  PID:8124
- C:\Windows\System32\NGxPith.exe
  C:\Windows\System32\NGxPith.exe
  2⤵
  PID:3888
- C:\Windows\System32\KxyFKBQ.exe
  C:\Windows\System32\KxyFKBQ.exe
  2⤵
  PID:7876
- C:\Windows\System32\nruhhVF.exe
  C:\Windows\System32\nruhhVF.exe
  2⤵
  PID:7572
- C:\Windows\System32\hZRzrlO.exe
  C:\Windows\System32\hZRzrlO.exe
  2⤵
  PID:8016
- C:\Windows\System32\ZSqwdQJ.exe
  C:\Windows\System32\ZSqwdQJ.exe
  2⤵
  PID:8036
- C:\Windows\System32\BQhELUB.exe
  C:\Windows\System32\BQhELUB.exe
  2⤵
  PID:8176
- C:\Windows\System32\vUHWldY.exe
  C:\Windows\System32\vUHWldY.exe
  2⤵
  PID:7400
- C:\Windows\System32\arCWHiO.exe
  C:\Windows\System32\arCWHiO.exe
  2⤵
  PID:1320
- C:\Windows\System32\fcSUYdd.exe
  C:\Windows\System32\fcSUYdd.exe
  2⤵
  PID:7796
- C:\Windows\System32\EoRXfjm.exe
  C:\Windows\System32\EoRXfjm.exe
  2⤵
  PID:4232
- C:\Windows\System32\qNZDWgH.exe
  C:\Windows\System32\qNZDWgH.exe
  2⤵
  PID:7352
- C:\Windows\System32\PmATKqY.exe
  C:\Windows\System32\PmATKqY.exe
  2⤵
  PID:612
- C:\Windows\System32\RSnJLSV.exe
  C:\Windows\System32\RSnJLSV.exe
  2⤵
  PID:6460
- C:\Windows\System32\mDwHMAu.exe
  C:\Windows\System32\mDwHMAu.exe
  2⤵
  PID:8200
- C:\Windows\System32\TioCKmA.exe
  C:\Windows\System32\TioCKmA.exe
  2⤵
  PID:8224
- C:\Windows\System32\SpAYBcu.exe
  C:\Windows\System32\SpAYBcu.exe
  2⤵
  PID:8260
- C:\Windows\System32\yWRkYAQ.exe
  C:\Windows\System32\yWRkYAQ.exe
  2⤵
  PID:8304
- C:\Windows\System32\xsFPrAv.exe
  C:\Windows\System32\xsFPrAv.exe
  2⤵
  PID:8340
- C:\Windows\System32\LITtiMU.exe
  C:\Windows\System32\LITtiMU.exe
  2⤵
  PID:8368
- C:\Windows\System32\bkYRFut.exe
  C:\Windows\System32\bkYRFut.exe
  2⤵
  PID:8396
- C:\Windows\System32\iXAikQJ.exe
  C:\Windows\System32\iXAikQJ.exe
  2⤵
  PID:8448
- C:\Windows\System32\DrBwFkP.exe
  C:\Windows\System32\DrBwFkP.exe
  2⤵
  PID:8488
- C:\Windows\System32\bJHckUn.exe
  C:\Windows\System32\bJHckUn.exe
  2⤵
  PID:8516
- C:\Windows\System32\KlVoGxV.exe
  C:\Windows\System32\KlVoGxV.exe
  2⤵
  PID:8576
- C:\Windows\System32\mLwkDAD.exe
  C:\Windows\System32\mLwkDAD.exe
  2⤵
  PID:8608
- C:\Windows\System32\dxSGVey.exe
  C:\Windows\System32\dxSGVey.exe
  2⤵
  PID:8624
- C:\Windows\System32\msCUbkA.exe
  C:\Windows\System32\msCUbkA.exe
  2⤵
  PID:8664
- C:\Windows\System32\ScPAHOX.exe
  C:\Windows\System32\ScPAHOX.exe
  2⤵
  PID:8692
- C:\Windows\System32\saPWFJB.exe
  C:\Windows\System32\saPWFJB.exe
  2⤵
  PID:8740
- C:\Windows\System32\tLCjNWO.exe
  C:\Windows\System32\tLCjNWO.exe
  2⤵
  PID:8764
- C:\Windows\System32\BEdlBhA.exe
  C:\Windows\System32\BEdlBhA.exe
  2⤵
  PID:8788
- C:\Windows\System32\jTCXbov.exe
  C:\Windows\System32\jTCXbov.exe
  2⤵
  PID:8836
- C:\Windows\System32\BIKQRCQ.exe
  C:\Windows\System32\BIKQRCQ.exe
  2⤵
  PID:8868
- C:\Windows\System32\OtpgPGN.exe
  C:\Windows\System32\OtpgPGN.exe
  2⤵
  PID:8920
- C:\Windows\System32\VGiHqEj.exe
  C:\Windows\System32\VGiHqEj.exe
  2⤵
  PID:8940
- C:\Windows\System32\BTXBvov.exe
  C:\Windows\System32\BTXBvov.exe
  2⤵
  PID:8984
- C:\Windows\System32\WmzGMvm.exe
  C:\Windows\System32\WmzGMvm.exe
  2⤵
  PID:9008
- C:\Windows\System32\qhNVlSK.exe
  C:\Windows\System32\qhNVlSK.exe
  2⤵
  PID:9036
- C:\Windows\System32\XvleRID.exe
  C:\Windows\System32\XvleRID.exe
  2⤵
  PID:9076
- C:\Windows\System32\EljRFOV.exe
  C:\Windows\System32\EljRFOV.exe
  2⤵
  PID:9096
- C:\Windows\System32\RtqZrBu.exe
  C:\Windows\System32\RtqZrBu.exe
  2⤵
  PID:9120
- C:\Windows\System32\YanLhcg.exe
  C:\Windows\System32\YanLhcg.exe
  2⤵
  PID:9148
- C:\Windows\System32\ssiGVeu.exe
  C:\Windows\System32\ssiGVeu.exe
  2⤵
  PID:9188
- C:\Windows\System32\wMPkXeC.exe
  C:\Windows\System32\wMPkXeC.exe
  2⤵
  PID:2700
- C:\Windows\System32\YREPpzj.exe
  C:\Windows\System32\YREPpzj.exe
  2⤵
  PID:8248
- C:\Windows\System32\OJjAwEg.exe
  C:\Windows\System32\OJjAwEg.exe
  2⤵
  PID:8352
- C:\Windows\System32\scTCLkR.exe
  C:\Windows\System32\scTCLkR.exe
  2⤵
  PID:8420
- C:\Windows\System32\movRqMg.exe
  C:\Windows\System32\movRqMg.exe
  2⤵
  PID:8572
- C:\Windows\System32\sOYnSwM.exe
  C:\Windows\System32\sOYnSwM.exe
  2⤵
  PID:8616
- C:\Windows\System32\grJthUF.exe
  C:\Windows\System32\grJthUF.exe
  2⤵
  PID:8704
- C:\Windows\System32\GFAZlGC.exe
  C:\Windows\System32\GFAZlGC.exe
  2⤵
  PID:8820
- C:\Windows\System32\Khaojbe.exe
  C:\Windows\System32\Khaojbe.exe
  2⤵
  PID:8916
- C:\Windows\System32\rNWAAaD.exe
  C:\Windows\System32\rNWAAaD.exe
  2⤵
  PID:8936
- C:\Windows\System32\ySIbfNN.exe
  C:\Windows\System32\ySIbfNN.exe
  2⤵
  PID:9052
- C:\Windows\System32\BjdGLHd.exe
  C:\Windows\System32\BjdGLHd.exe
  2⤵
  PID:9116
- C:\Windows\System32\xsZeLGS.exe
  C:\Windows\System32\xsZeLGS.exe
  2⤵
  PID:9168
- C:\Windows\System32\VHdIxNl.exe
  C:\Windows\System32\VHdIxNl.exe
  2⤵
  PID:8212
- C:\Windows\System32\HycnGxW.exe
  C:\Windows\System32\HycnGxW.exe
  2⤵
  PID:8428
- C:\Windows\System32\zmKhOmR.exe
  C:\Windows\System32\zmKhOmR.exe
  2⤵
  PID:8724
- C:\Windows\System32\RpfKjQr.exe
  C:\Windows\System32\RpfKjQr.exe
  2⤵
  PID:8928
- C:\Windows\System32\LSKcdMm.exe
  C:\Windows\System32\LSKcdMm.exe
  2⤵
  PID:9024
- C:\Windows\System32\DmTsAmN.exe
  C:\Windows\System32\DmTsAmN.exe
  2⤵
  PID:8236
- C:\Windows\System32\oVLRBBw.exe
  C:\Windows\System32\oVLRBBw.exe
  2⤵
  PID:8600
- C:\Windows\System32\PifJWnn.exe
  C:\Windows\System32\PifJWnn.exe
  2⤵
  PID:9032
- C:\Windows\System32\lZSfOHx.exe
  C:\Windows\System32\lZSfOHx.exe
  2⤵
  PID:8852
- C:\Windows\System32\aLAkypM.exe
  C:\Windows\System32\aLAkypM.exe
  2⤵
  PID:9220
- C:\Windows\System32\pnRfPhh.exe
  C:\Windows\System32\pnRfPhh.exe
  2⤵
  PID:9260
- C:\Windows\System32\UwAFuvX.exe
  C:\Windows\System32\UwAFuvX.exe
  2⤵
  PID:9276
- C:\Windows\System32\IhRjILP.exe
  C:\Windows\System32\IhRjILP.exe
  2⤵
  PID:9304
- C:\Windows\System32\VbLjLqS.exe
  C:\Windows\System32\VbLjLqS.exe
  2⤵
  PID:9344
- C:\Windows\System32\crgzgCl.exe
  C:\Windows\System32\crgzgCl.exe
  2⤵
  PID:9372
- C:\Windows\System32\ylMCbRn.exe
  C:\Windows\System32\ylMCbRn.exe
  2⤵
  PID:9400
- C:\Windows\System32\oBonHZc.exe
  C:\Windows\System32\oBonHZc.exe
  2⤵
  PID:9428
- C:\Windows\System32\xHWpRMZ.exe
  C:\Windows\System32\xHWpRMZ.exe
  2⤵
  PID:9456
- C:\Windows\System32\lBfLqwz.exe
  C:\Windows\System32\lBfLqwz.exe
  2⤵
  PID:9484
- C:\Windows\System32\xOtzelq.exe
  C:\Windows\System32\xOtzelq.exe
  2⤵
  PID:9512
- C:\Windows\System32\LhJHued.exe
  C:\Windows\System32\LhJHued.exe
  2⤵
  PID:9540
- C:\Windows\System32\sBbOcJn.exe
  C:\Windows\System32\sBbOcJn.exe
  2⤵
  PID:9568
- C:\Windows\System32\FhKHTUx.exe
  C:\Windows\System32\FhKHTUx.exe
  2⤵
  PID:9596
- C:\Windows\System32\JyyjFdV.exe
  C:\Windows\System32\JyyjFdV.exe
  2⤵
  PID:9628
- C:\Windows\System32\IXhdMpg.exe
  C:\Windows\System32\IXhdMpg.exe
  2⤵
  PID:9652
- C:\Windows\System32\tZPzDTi.exe
  C:\Windows\System32\tZPzDTi.exe
  2⤵
  PID:9680
- C:\Windows\System32\gLtpabG.exe
  C:\Windows\System32\gLtpabG.exe
  2⤵
  PID:9708
- C:\Windows\System32\gHmhFAY.exe
  C:\Windows\System32\gHmhFAY.exe
  2⤵
  PID:9736
- C:\Windows\System32\zwEDLWu.exe
  C:\Windows\System32\zwEDLWu.exe
  2⤵
  PID:9764
- C:\Windows\System32\IAWMOZt.exe
  C:\Windows\System32\IAWMOZt.exe
  2⤵
  PID:9792
- C:\Windows\System32\JJMuybX.exe
  C:\Windows\System32\JJMuybX.exe
  2⤵
  PID:9820
- C:\Windows\System32\CcfRIVU.exe
  C:\Windows\System32\CcfRIVU.exe
  2⤵
  PID:9848
- C:\Windows\System32\kErTKux.exe
  C:\Windows\System32\kErTKux.exe
  2⤵
  PID:9876
- C:\Windows\System32\DLZnfWt.exe
  C:\Windows\System32\DLZnfWt.exe
  2⤵
  PID:9904
- C:\Windows\System32\pRcCitO.exe
  C:\Windows\System32\pRcCitO.exe
  2⤵
  PID:9928
- C:\Windows\System32\aiyhHsW.exe
  C:\Windows\System32\aiyhHsW.exe
  2⤵
  PID:9960
- C:\Windows\System32\qrRCmrL.exe
  C:\Windows\System32\qrRCmrL.exe
  2⤵
  PID:9976
- C:\Windows\System32\akYAhbs.exe
  C:\Windows\System32\akYAhbs.exe
  2⤵
  PID:10016
- C:\Windows\System32\JLdVSOy.exe
  C:\Windows\System32\JLdVSOy.exe
  2⤵
  PID:10044
- C:\Windows\System32\tMapdmw.exe
  C:\Windows\System32\tMapdmw.exe
  2⤵
  PID:10072
- C:\Windows\System32\Dtitggb.exe
  C:\Windows\System32\Dtitggb.exe
  2⤵
  PID:10100
- C:\Windows\System32\qjagUGR.exe
  C:\Windows\System32\qjagUGR.exe
  2⤵
  PID:10116
- C:\Windows\System32\LaVzpQl.exe
  C:\Windows\System32\LaVzpQl.exe
  2⤵
  PID:10152
- C:\Windows\System32\PGmlnTW.exe
  C:\Windows\System32\PGmlnTW.exe
  2⤵
  PID:10184
- C:\Windows\System32\VTSqkaQ.exe
  C:\Windows\System32\VTSqkaQ.exe
  2⤵
  PID:10216
- C:\Windows\System32\EWPdVTD.exe
  C:\Windows\System32\EWPdVTD.exe
  2⤵
  PID:8800
- C:\Windows\System32\LcxIANZ.exe
  C:\Windows\System32\LcxIANZ.exe
  2⤵
  PID:9288
- C:\Windows\System32\tYTpgKN.exe
  C:\Windows\System32\tYTpgKN.exe
  2⤵
  PID:9356
- C:\Windows\System32\SelWDqX.exe
  C:\Windows\System32\SelWDqX.exe
  2⤵
  PID:9420
- C:\Windows\System32\BuqwZSu.exe
  C:\Windows\System32\BuqwZSu.exe
  2⤵
  PID:9480
- C:\Windows\System32\lCPqFJJ.exe
  C:\Windows\System32\lCPqFJJ.exe
  2⤵
  PID:9560
- C:\Windows\System32\geCFeEI.exe
  C:\Windows\System32\geCFeEI.exe
  2⤵
  PID:9612
- C:\Windows\System32\LIcNvlx.exe
  C:\Windows\System32\LIcNvlx.exe
  2⤵
  PID:9672
- C:\Windows\System32\LbyWMiP.exe
  C:\Windows\System32\LbyWMiP.exe
  2⤵
  PID:9732
- C:\Windows\System32\TcyaKwN.exe
  C:\Windows\System32\TcyaKwN.exe
  2⤵
  PID:9784
- C:\Windows\System32\UwQZmJs.exe
  C:\Windows\System32\UwQZmJs.exe
  2⤵
  PID:9864
- C:\Windows\System32\ARPolss.exe
  C:\Windows\System32\ARPolss.exe
  2⤵
  PID:9936
- C:\Windows\System32\cGmjNzA.exe
  C:\Windows\System32\cGmjNzA.exe
  2⤵
  PID:9996
- C:\Windows\System32\ncCsFpe.exe
  C:\Windows\System32\ncCsFpe.exe
  2⤵
  PID:10056
- C:\Windows\System32\APovUSL.exe
  C:\Windows\System32\APovUSL.exe
  2⤵
  PID:10112
- C:\Windows\System32\qJmWPEk.exe
  C:\Windows\System32\qJmWPEk.exe
  2⤵
  PID:10160
- C:\Windows\System32\mNPQKlH.exe
  C:\Windows\System32\mNPQKlH.exe
  2⤵
  PID:9252
- C:\Windows\System32\anqtJTG.exe
  C:\Windows\System32\anqtJTG.exe
  2⤵
  PID:9532
- C:\Windows\System32\VoAeDpk.exe
  C:\Windows\System32\VoAeDpk.exe
  2⤵
  PID:9776
- C:\Windows\System32\MdNidjl.exe
  C:\Windows\System32\MdNidjl.exe
  2⤵
  PID:9900
- C:\Windows\System32\FJlzWsU.exe
  C:\Windows\System32\FJlzWsU.exe
  2⤵
  PID:10084
- C:\Windows\System32\kEvUwVL.exe
  C:\Windows\System32\kEvUwVL.exe
  2⤵
  PID:10208
- C:\Windows\System32\QAFUuJW.exe
  C:\Windows\System32\QAFUuJW.exe
  2⤵
  PID:9448
- C:\Windows\System32\SkajIsq.exe
  C:\Windows\System32\SkajIsq.exe
  2⤵
  PID:9840
- C:\Windows\System32\sTxbxrF.exe
  C:\Windows\System32\sTxbxrF.exe
  2⤵
  PID:9340
- C:\Windows\System32\ltEchtF.exe
  C:\Windows\System32\ltEchtF.exe
  2⤵
  PID:10096
- C:\Windows\System32\MKqVLhF.exe
  C:\Windows\System32\MKqVLhF.exe
  2⤵
  PID:10252
- C:\Windows\System32\UohMnoT.exe
  C:\Windows\System32\UohMnoT.exe
  2⤵
  PID:10280
- C:\Windows\System32\oPgRTBs.exe
  C:\Windows\System32\oPgRTBs.exe
  2⤵
  PID:10308
- C:\Windows\System32\XngZrmZ.exe
  C:\Windows\System32\XngZrmZ.exe
  2⤵
  PID:10336
- C:\Windows\System32\uPEcjnD.exe
  C:\Windows\System32\uPEcjnD.exe
  2⤵
  PID:10360
- C:\Windows\System32\eRMgAGu.exe
  C:\Windows\System32\eRMgAGu.exe
  2⤵
  PID:10388
- C:\Windows\System32\wybuNuf.exe
  C:\Windows\System32\wybuNuf.exe
  2⤵
  PID:10424
- C:\Windows\System32\vbXOTSk.exe
  C:\Windows\System32\vbXOTSk.exe
  2⤵
  PID:10448
- C:\Windows\System32\oNGdDDi.exe
  C:\Windows\System32\oNGdDDi.exe
  2⤵
  PID:10464
- C:\Windows\System32\udXioiC.exe
  C:\Windows\System32\udXioiC.exe
  2⤵
  PID:10504
- C:\Windows\System32\rnrqvsJ.exe
  C:\Windows\System32\rnrqvsJ.exe
  2⤵
  PID:10528
- C:\Windows\System32\IqarpKZ.exe
  C:\Windows\System32\IqarpKZ.exe
  2⤵
  PID:10560
- C:\Windows\System32\vBWIwub.exe
  C:\Windows\System32\vBWIwub.exe
  2⤵
  PID:10588
- C:\Windows\System32\PebleqF.exe
  C:\Windows\System32\PebleqF.exe
  2⤵
  PID:10616
- C:\Windows\System32\JLiaxQr.exe
  C:\Windows\System32\JLiaxQr.exe
  2⤵
  PID:10648
- C:\Windows\System32\ZOrToug.exe
  C:\Windows\System32\ZOrToug.exe
  2⤵
  PID:10676
- C:\Windows\System32\jUKgFTG.exe
  C:\Windows\System32\jUKgFTG.exe
  2⤵
  PID:10704
- C:\Windows\System32\FgOzWgH.exe
  C:\Windows\System32\FgOzWgH.exe
  2⤵
  PID:10732
- C:\Windows\System32\UHouPKy.exe
  C:\Windows\System32\UHouPKy.exe
  2⤵
  PID:10760
- C:\Windows\System32\NuAuDQI.exe
  C:\Windows\System32\NuAuDQI.exe
  2⤵
  PID:10788
- C:\Windows\System32\ecROfnq.exe
  C:\Windows\System32\ecROfnq.exe
  2⤵
  PID:10816
- C:\Windows\System32\JbDKZMZ.exe
  C:\Windows\System32\JbDKZMZ.exe
  2⤵
  PID:10844
- C:\Windows\System32\qVMhcgW.exe
  C:\Windows\System32\qVMhcgW.exe
  2⤵
  PID:10860
- C:\Windows\System32\AsxSgjd.exe
  C:\Windows\System32\AsxSgjd.exe
  2⤵
  PID:10900
- C:\Windows\System32\ghkIGhB.exe
  C:\Windows\System32\ghkIGhB.exe
  2⤵
  PID:10928
- C:\Windows\System32\rxsrnlH.exe
  C:\Windows\System32\rxsrnlH.exe
  2⤵
  PID:10956
- C:\Windows\System32\WaALOup.exe
  C:\Windows\System32\WaALOup.exe
  2⤵
  PID:10984
- C:\Windows\System32\UxPenrc.exe
  C:\Windows\System32\UxPenrc.exe
  2⤵
  PID:11008
- C:\Windows\System32\CvmvdbZ.exe
  C:\Windows\System32\CvmvdbZ.exe
  2⤵
  PID:11028
- C:\Windows\System32\VNKEnBi.exe
  C:\Windows\System32\VNKEnBi.exe
  2⤵
  PID:11068
- C:\Windows\System32\ShfWARV.exe
  C:\Windows\System32\ShfWARV.exe
  2⤵
  PID:11096
- C:\Windows\System32\zTTXEQJ.exe
  C:\Windows\System32\zTTXEQJ.exe
  2⤵
  PID:11124
- C:\Windows\System32\ZrpmuMy.exe
  C:\Windows\System32\ZrpmuMy.exe
  2⤵
  PID:11152
- C:\Windows\System32\xWQKgDd.exe
  C:\Windows\System32\xWQKgDd.exe
  2⤵
  PID:11180
- C:\Windows\System32\HxyrRea.exe
  C:\Windows\System32\HxyrRea.exe
  2⤵
  PID:11208
- C:\Windows\System32\xGpkymi.exe
  C:\Windows\System32\xGpkymi.exe
  2⤵
  PID:11236
- C:\Windows\System32\CUrGFcs.exe
  C:\Windows\System32\CUrGFcs.exe
  2⤵
  PID:9832
- C:\Windows\System32\dbwVDFQ.exe
  C:\Windows\System32\dbwVDFQ.exe
  2⤵
  PID:10296
- C:\Windows\System32\SzpgSeT.exe
  C:\Windows\System32\SzpgSeT.exe
  2⤵
  PID:10368
- C:\Windows\System32\OHVkPZw.exe
  C:\Windows\System32\OHVkPZw.exe
  2⤵
  PID:10204
- C:\Windows\System32\cshnaSG.exe
  C:\Windows\System32\cshnaSG.exe
  2⤵
  PID:10488
- C:\Windows\System32\gZIEOdW.exe
  C:\Windows\System32\gZIEOdW.exe
  2⤵
  PID:10548
- C:\Windows\System32\dyMddIk.exe
  C:\Windows\System32\dyMddIk.exe
  2⤵
  PID:10612
- C:\Windows\System32\WkojOeL.exe
  C:\Windows\System32\WkojOeL.exe
  2⤵
  PID:10688
- C:\Windows\System32\RUCOrgd.exe
  C:\Windows\System32\RUCOrgd.exe
  2⤵
  PID:1556
- C:\Windows\System32\IeveIOB.exe
  C:\Windows\System32\IeveIOB.exe
  2⤵
  PID:10808
- C:\Windows\System32\ZxqMyFk.exe
  C:\Windows\System32\ZxqMyFk.exe
  2⤵
  PID:10852
- C:\Windows\System32\cOkRaPS.exe
  C:\Windows\System32\cOkRaPS.exe
  2⤵
  PID:10924
- C:\Windows\System32\QyEoTqq.exe
  C:\Windows\System32\QyEoTqq.exe
  2⤵
  PID:10992
- C:\Windows\System32\kEHCjxH.exe
  C:\Windows\System32\kEHCjxH.exe
  2⤵
  PID:11060
- C:\Windows\System32\esvvFWp.exe
  C:\Windows\System32\esvvFWp.exe
  2⤵
  PID:11092
- C:\Windows\System32\QvCDYfV.exe
  C:\Windows\System32\QvCDYfV.exe
  2⤵
  PID:11232
- C:\Windows\System32\ekQiXaP.exe
  C:\Windows\System32\ekQiXaP.exe
  2⤵
  PID:10264
- C:\Windows\System32\byFiKmL.exe
  C:\Windows\System32\byFiKmL.exe
  2⤵
  PID:10396
- C:\Windows\System32\WkYNgGk.exe
  C:\Windows\System32\WkYNgGk.exe
  2⤵
  PID:10556
- C:\Windows\System32\JQtzPag.exe
  C:\Windows\System32\JQtzPag.exe
  2⤵
  PID:10624
- C:\Windows\System32\wqTBjOr.exe
  C:\Windows\System32\wqTBjOr.exe
  2⤵
  PID:1780
- C:\Windows\System32\XJHvzrF.exe
  C:\Windows\System32\XJHvzrF.exe
  2⤵
  PID:10920
- C:\Windows\System32\eddSShr.exe
  C:\Windows\System32\eddSShr.exe
  2⤵
  PID:11088
- C:\Windows\System32\OqtohqY.exe
  C:\Windows\System32\OqtohqY.exe
  2⤵
  PID:11252
- C:\Windows\System32\ifcecTj.exe
  C:\Windows\System32\ifcecTj.exe
  2⤵
  PID:10644
- C:\Windows\System32\fDJczbI.exe
  C:\Windows\System32\fDJczbI.exe
  2⤵
  PID:10840
- C:\Windows\System32\VvNUlLU.exe
  C:\Windows\System32\VvNUlLU.exe
  2⤵
  PID:11168
- C:\Windows\System32\LKghYQe.exe
  C:\Windows\System32\LKghYQe.exe
  2⤵
  PID:11080
- C:\Windows\System32\fgBHBvf.exe
  C:\Windows\System32\fgBHBvf.exe
  2⤵
  PID:3092
- C:\Windows\System32\kqFtnSt.exe
  C:\Windows\System32\kqFtnSt.exe
  2⤵
  PID:10608
- C:\Windows\System32\BhYJcYq.exe
  C:\Windows\System32\BhYJcYq.exe
  2⤵
  PID:11272
- C:\Windows\System32\NvBYaRw.exe
  C:\Windows\System32\NvBYaRw.exe
  2⤵
  PID:11300
- C:\Windows\System32\NRFfWBj.exe
  C:\Windows\System32\NRFfWBj.exe
  2⤵
  PID:11328
- C:\Windows\System32\CDqUvcO.exe
  C:\Windows\System32\CDqUvcO.exe
  2⤵
  PID:11344
- C:\Windows\System32\chIuOQH.exe
  C:\Windows\System32\chIuOQH.exe
  2⤵
  PID:11376
- C:\Windows\System32\coWjSef.exe
  C:\Windows\System32\coWjSef.exe
  2⤵
  PID:11412
- C:\Windows\System32\NyKOrFF.exe
  C:\Windows\System32\NyKOrFF.exe
  2⤵
  PID:11440
- C:\Windows\System32\AUIGEyv.exe
  C:\Windows\System32\AUIGEyv.exe
  2⤵
  PID:11468
- C:\Windows\System32\PYTRScy.exe
  C:\Windows\System32\PYTRScy.exe
  2⤵
  PID:11496
- C:\Windows\System32\ztaoOJb.exe
  C:\Windows\System32\ztaoOJb.exe
  2⤵
  PID:11524
- C:\Windows\System32\OlxGghA.exe
  C:\Windows\System32\OlxGghA.exe
  2⤵
  PID:11552
- C:\Windows\System32\ywPNxBD.exe
  C:\Windows\System32\ywPNxBD.exe
  2⤵
  PID:11580
- C:\Windows\System32\ToLiUdu.exe
  C:\Windows\System32\ToLiUdu.exe
  2⤵
  PID:11608
- C:\Windows\System32\PUSlmfQ.exe
  C:\Windows\System32\PUSlmfQ.exe
  2⤵
  PID:11636
- C:\Windows\System32\aNOsOks.exe
  C:\Windows\System32\aNOsOks.exe
  2⤵
  PID:11664
- C:\Windows\System32\zdluzUi.exe
  C:\Windows\System32\zdluzUi.exe
  2⤵
  PID:11692
- C:\Windows\System32\RLkjXVv.exe
  C:\Windows\System32\RLkjXVv.exe
  2⤵
  PID:11720
- C:\Windows\System32\SgYLTax.exe
  C:\Windows\System32\SgYLTax.exe
  2⤵
  PID:11760
- C:\Windows\System32\zOxXwAA.exe
  C:\Windows\System32\zOxXwAA.exe
  2⤵
  PID:11820
- C:\Windows\System32\dXqTolI.exe
  C:\Windows\System32\dXqTolI.exe
  2⤵
  PID:11860
- C:\Windows\System32\MabClsn.exe
  C:\Windows\System32\MabClsn.exe
  2⤵
  PID:11908
- C:\Windows\System32\qAsdqRk.exe
  C:\Windows\System32\qAsdqRk.exe
  2⤵
  PID:11960
- C:\Windows\System32\TQAuFRW.exe
  C:\Windows\System32\TQAuFRW.exe
  2⤵
  PID:11992
- C:\Windows\System32\GySLWFV.exe
  C:\Windows\System32\GySLWFV.exe
  2⤵
  PID:12028
- C:\Windows\System32\APptIqb.exe
  C:\Windows\System32\APptIqb.exe
  2⤵
  PID:12060
- C:\Windows\System32\EssSGWg.exe
  C:\Windows\System32\EssSGWg.exe
  2⤵
  PID:12100
- C:\Windows\System32\PoTuygm.exe
  C:\Windows\System32\PoTuygm.exe
  2⤵
  PID:12124
- C:\Windows\System32\bFehJSv.exe
  C:\Windows\System32\bFehJSv.exe
  2⤵
  PID:12164
- C:\Windows\System32\LJbFNBi.exe
  C:\Windows\System32\LJbFNBi.exe
  2⤵
  PID:12188
- C:\Windows\System32\XlJbNJZ.exe
  C:\Windows\System32\XlJbNJZ.exe
  2⤵
  PID:12220
- C:\Windows\System32\DgDqAKJ.exe
  C:\Windows\System32\DgDqAKJ.exe
  2⤵
  PID:12248
- C:\Windows\System32\KiarvcP.exe
  C:\Windows\System32\KiarvcP.exe
  2⤵
  PID:12276
- C:\Windows\System32\eipMahR.exe
  C:\Windows\System32\eipMahR.exe
  2⤵
  PID:11296
- C:\Windows\System32\PdnRhGP.exe
  C:\Windows\System32\PdnRhGP.exe
  2⤵
  PID:11360
- C:\Windows\System32\QbYfNKh.exe
  C:\Windows\System32\QbYfNKh.exe
  2⤵
  PID:11432
- C:\Windows\System32\ATBqfLh.exe
  C:\Windows\System32\ATBqfLh.exe
  2⤵
  PID:11508
- C:\Windows\System32\cHMBFSy.exe
  C:\Windows\System32\cHMBFSy.exe
  2⤵
  PID:11604
- C:\Windows\System32\KzzXWdI.exe
  C:\Windows\System32\KzzXWdI.exe
  2⤵
  PID:11648
- C:\Windows\System32\GbHkMqs.exe
  C:\Windows\System32\GbHkMqs.exe
  2⤵
  PID:11712
- C:\Windows\System32\qFOaidt.exe
  C:\Windows\System32\qFOaidt.exe
  2⤵
  PID:11812
- C:\Windows\System32\iZOzROc.exe
  C:\Windows\System32\iZOzROc.exe
  2⤵
  PID:11888
- C:\Windows\System32\neToKUM.exe
  C:\Windows\System32\neToKUM.exe
  2⤵
  PID:11980
- C:\Windows\System32\hgAseKt.exe
  C:\Windows\System32\hgAseKt.exe
  2⤵
  PID:12076
- C:\Windows\System32\EJpBJPB.exe
  C:\Windows\System32\EJpBJPB.exe
  2⤵
  PID:12160
- C:\Windows\System32\XqveaTs.exe
  C:\Windows\System32\XqveaTs.exe
  2⤵
  PID:12216
- C:\Windows\System32\jxGGtmV.exe
  C:\Windows\System32\jxGGtmV.exe
  2⤵
  PID:10716
- C:\Windows\System32\PBDVPHk.exe
  C:\Windows\System32\PBDVPHk.exe
  2⤵
  PID:11424
- C:\Windows\System32\XWItCkJ.exe
  C:\Windows\System32\XWItCkJ.exe
  2⤵
  PID:11592
- C:\Windows\System32\VPPWRgm.exe
  C:\Windows\System32\VPPWRgm.exe
  2⤵
  PID:11704
- C:\Windows\System32\JBSeJan.exe
  C:\Windows\System32\JBSeJan.exe
  2⤵
  PID:11940
- C:\Windows\System32\jVRSVAF.exe
  C:\Windows\System32\jVRSVAF.exe
  2⤵
  PID:12132
- C:\Windows\System32\DxLJInn.exe
  C:\Windows\System32\DxLJInn.exe
  2⤵
  PID:12272
- C:\Windows\System32\OyGGctg.exe
  C:\Windows\System32\OyGGctg.exe
  2⤵
  PID:11632
- C:\Windows\System32\yLknVZn.exe
  C:\Windows\System32\yLknVZn.exe
  2⤵
  PID:12040
- C:\Windows\System32\hiMXDIL.exe
  C:\Windows\System32\hiMXDIL.exe
  2⤵
  PID:11544
- C:\Windows\System32\qeteLYb.exe
  C:\Windows\System32\qeteLYb.exe
  2⤵
  PID:12204
- C:\Windows\System32\tPoHXbT.exe
  C:\Windows\System32\tPoHXbT.exe
  2⤵
  PID:11788
- C:\Windows\System32\vEksHgE.exe
  C:\Windows\System32\vEksHgE.exe
  2⤵
  PID:12316
- C:\Windows\System32\xSQZHDo.exe
  C:\Windows\System32\xSQZHDo.exe
  2⤵
  PID:12344
- C:\Windows\System32\inqgTyH.exe
  C:\Windows\System32\inqgTyH.exe
  2⤵
  PID:12376
- C:\Windows\System32\NXhRLzj.exe
  C:\Windows\System32\NXhRLzj.exe
  2⤵
  PID:12404
- C:\Windows\System32\IRMxMzF.exe
  C:\Windows\System32\IRMxMzF.exe
  2⤵
  PID:12436
- C:\Windows\System32\AbLgyxj.exe
  C:\Windows\System32\AbLgyxj.exe
  2⤵
  PID:12476
- C:\Windows\System32\sobvhdW.exe
  C:\Windows\System32\sobvhdW.exe
  2⤵
  PID:12504
- C:\Windows\System32\rMqbpAF.exe
  C:\Windows\System32\rMqbpAF.exe
  2⤵
  PID:12532
- C:\Windows\System32\TCHkihi.exe
  C:\Windows\System32\TCHkihi.exe
  2⤵
  PID:12560
- C:\Windows\System32\AwTfbcJ.exe
  C:\Windows\System32\AwTfbcJ.exe
  2⤵
  PID:12576
- C:\Windows\System32\MbjvzKP.exe
  C:\Windows\System32\MbjvzKP.exe
  2⤵
  PID:12604
- C:\Windows\System32\ljqfUHN.exe
  C:\Windows\System32\ljqfUHN.exe
  2⤵
  PID:12628
- C:\Windows\System32\zDorpSg.exe
  C:\Windows\System32\zDorpSg.exe
  2⤵
  PID:12660
- C:\Windows\System32\XVtHEaN.exe
  C:\Windows\System32\XVtHEaN.exe
  2⤵
  PID:12700
- C:\Windows\System32\moNzFbk.exe
  C:\Windows\System32\moNzFbk.exe
  2⤵
  PID:12728
- C:\Windows\System32\RsJzcbZ.exe
  C:\Windows\System32\RsJzcbZ.exe
  2⤵
  PID:12756
- C:\Windows\System32\bRLWoeI.exe
  C:\Windows\System32\bRLWoeI.exe
  2⤵
  PID:12784
- C:\Windows\System32\IXmYKRU.exe
  C:\Windows\System32\IXmYKRU.exe
  2⤵
  PID:12812
- C:\Windows\System32\GADXNYP.exe
  C:\Windows\System32\GADXNYP.exe
  2⤵
  PID:12828
- C:\Windows\System32\tZRTxHY.exe
  C:\Windows\System32\tZRTxHY.exe
  2⤵
  PID:12868
- C:\Windows\System32\UtdxvQh.exe
  C:\Windows\System32\UtdxvQh.exe
  2⤵
  PID:12896
- C:\Windows\System32\LjAzvAu.exe
  C:\Windows\System32\LjAzvAu.exe
  2⤵
  PID:12924
- C:\Windows\System32\RBIdZir.exe
  C:\Windows\System32\RBIdZir.exe
  2⤵
  PID:12952
- C:\Windows\System32\IZwLbHC.exe
  C:\Windows\System32\IZwLbHC.exe
  2⤵
  PID:12980
- C:\Windows\System32\XKBJRWB.exe
  C:\Windows\System32\XKBJRWB.exe
  2⤵
  PID:13008
- C:\Windows\System32\FDTNivw.exe
  C:\Windows\System32\FDTNivw.exe
  2⤵
  PID:13036
- C:\Windows\System32\MZYMLeJ.exe
  C:\Windows\System32\MZYMLeJ.exe
  2⤵
  PID:13064
- C:\Windows\System32\SCzMMhy.exe
  C:\Windows\System32\SCzMMhy.exe
  2⤵
  PID:13092
- C:\Windows\System32\mRvvEco.exe
  C:\Windows\System32\mRvvEco.exe
  2⤵
  PID:13120
- C:\Windows\System32\JIXbHYt.exe
  C:\Windows\System32\JIXbHYt.exe
  2⤵
  PID:13148
- C:\Windows\System32\FuJEDsh.exe
  C:\Windows\System32\FuJEDsh.exe
  2⤵
  PID:13176
- C:\Windows\System32\QyipyxF.exe
  C:\Windows\System32\QyipyxF.exe
  2⤵
  PID:13204
- C:\Windows\System32\XAVHroM.exe
  C:\Windows\System32\XAVHroM.exe
  2⤵
  PID:13240
- C:\Windows\System32\XZRxorS.exe
  C:\Windows\System32\XZRxorS.exe
  2⤵
  PID:13260
- C:\Windows\System32\LmlkWPg.exe
  C:\Windows\System32\LmlkWPg.exe
  2⤵
  PID:13288
- C:\Windows\System32\MFcAkui.exe
  C:\Windows\System32\MFcAkui.exe
  2⤵
  PID:12300
- C:\Windows\System32\EFdzLSK.exe
  C:\Windows\System32\EFdzLSK.exe
  2⤵
  PID:12356
- C:\Windows\System32\zCgwdEd.exe
  C:\Windows\System32\zCgwdEd.exe
  2⤵
  PID:12428
- C:\Windows\System32\oSuVYij.exe
  C:\Windows\System32\oSuVYij.exe
  2⤵
  PID:12516
- C:\Windows\System32\UcngfAs.exe
  C:\Windows\System32\UcngfAs.exe
  2⤵
  PID:5048
- C:\Windows\System32\doVrnPT.exe
  C:\Windows\System32\doVrnPT.exe
  2⤵
  PID:12616
- C:\Windows\System32\jcHOzqJ.exe
  C:\Windows\System32\jcHOzqJ.exe
  2⤵
  PID:880
- C:\Windows\System32\deqGvpi.exe
  C:\Windows\System32\deqGvpi.exe
  2⤵
  PID:12680
- C:\Windows\System32\GLVaDcZ.exe
  C:\Windows\System32\GLVaDcZ.exe
  2⤵
  PID:12764
- C:\Windows\System32\sVMwaQF.exe
  C:\Windows\System32\sVMwaQF.exe
  2⤵
  PID:12840
- C:\Windows\System32\puYHTpT.exe
  C:\Windows\System32\puYHTpT.exe
  2⤵
  PID:12892
- C:\Windows\System32\wAkBZPL.exe
  C:\Windows\System32\wAkBZPL.exe
  2⤵
  PID:12964
- C:\Windows\System32\RhaNKrV.exe
  C:\Windows\System32\RhaNKrV.exe
  2⤵
  PID:13000
- C:\Windows\System32\VjHycMJ.exe
  C:\Windows\System32\VjHycMJ.exe
  2⤵
  PID:13116
- C:\Windows\System32\qNrmbVM.exe
  C:\Windows\System32\qNrmbVM.exe
  2⤵
  PID:13168
- C:\Windows\System32\VqSLTgj.exe
  C:\Windows\System32\VqSLTgj.exe
  2⤵
  PID:13224
- C:\Windows\System32\hiBKpCI.exe
  C:\Windows\System32\hiBKpCI.exe
  2⤵
  PID:13304
- C:\Windows\System32\ZKWyhZI.exe
  C:\Windows\System32\ZKWyhZI.exe
  2⤵
  PID:12424
- C:\Windows\System32\IyNFAbv.exe
  C:\Windows\System32\IyNFAbv.exe
  2⤵
  PID:12620
- C:\Windows\System32\zgqcsVy.exe
  C:\Windows\System32\zgqcsVy.exe
  2⤵
  PID:12688
- C:\Windows\System32\HbWbhWt.exe
  C:\Windows\System32\HbWbhWt.exe
  2⤵
  PID:12800
- C:\Windows\System32\CvYWMzh.exe
  C:\Windows\System32\CvYWMzh.exe
  2⤵
  PID:12944
- C:\Windows\System32\NCfypwv.exe
  C:\Windows\System32\NCfypwv.exe
  2⤵
  PID:13164
- C:\Windows\System32\gSonDEI.exe
  C:\Windows\System32\gSonDEI.exe
  2⤵
  PID:13300
- C:\Windows\System32\aAQMCFD.exe
  C:\Windows\System32\aAQMCFD.exe
  2⤵
  PID:12648
- C:\Windows\System32\FHvyQvk.exe
  C:\Windows\System32\FHvyQvk.exe
  2⤵
  PID:12856
- C:\Windows\System32\ETRjwFM.exe
  C:\Windows\System32\ETRjwFM.exe
  2⤵
  PID:12368
- C:\Windows\System32\FWEpZUx.exe
  C:\Windows\System32\FWEpZUx.exe
  2⤵
  PID:13112
- C:\Windows\System32\eeSHTQE.exe
  C:\Windows\System32\eeSHTQE.exe
  2⤵
  PID:13316
- C:\Windows\System32\QVoNrAz.exe
  C:\Windows\System32\QVoNrAz.exe
  2⤵
  PID:13344
- C:\Windows\System32\XxYtZAM.exe
  C:\Windows\System32\XxYtZAM.exe
  2⤵
  PID:13372
- C:\Windows\System32\jtfzDwH.exe
  C:\Windows\System32\jtfzDwH.exe
  2⤵
  PID:13412
- C:\Windows\System32\YJBRZPG.exe
  C:\Windows\System32\YJBRZPG.exe
  2⤵
  PID:13592
- C:\Windows\System32\OsBWUNd.exe
  C:\Windows\System32\OsBWUNd.exe
  2⤵
  PID:13804
- C:\Windows\System32\sNxSMoU.exe
  C:\Windows\System32\sNxSMoU.exe
  2⤵
  PID:13820
- C:\Windows\System32\GiTQSim.exe
  C:\Windows\System32\GiTQSim.exe
  2⤵
  PID:13848

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AGNTuOi.exe

Filesize
3.0MB

MD5
9274ccf079559890218f3b459dad0b29

SHA1
b52097f600be3bf996658e3670980a25532017cd

SHA256
b0a24358b22e89760c223cde9687c4640f588af92d2206b24a3afc6a3e21712e

SHA512
1c0002fb94cdf2b92a4f534d9352bdeae5328b6a38d45154f4c47e845476d45e4cb7c42ab650cc89f9fa048b1081683785a3fb2f9cbb5608836161b0a63663ea

Download Submit
C:\Windows\System32\DkXHZFz.exe

Filesize
3.0MB

MD5
cc4e94da94f4aca9d8bca9e2cc9e7b93

SHA1
d6bac4d362cc48dfa00dab4530d21de71f811418

SHA256
d0cb6bcb761e7a37ee096d28a66886a877e5971eebe683b590cba3bcb37f71db

SHA512
b84cd99345cb8a9f7d0f3c767b1c8195cbb15c38025c6f112017adbfb00d2295cd625f83ca21e6742a4e2ca69436b91c11c951e829d99aa9d7f7968023664bff

Download Submit
C:\Windows\System32\EEOHPNX.exe

Filesize
3.0MB

MD5
d513a1ab8cc8a5a6ab47bd2dd206db6a

SHA1
d1515cee8a71b75b163f518b2e24171f8833d2b4

SHA256
e1fd45f54f459a42979f8057e1f1dae0850d08fc24f18de99a8ed63289e246ce

SHA512
bffd493d106da8460d7f5faf524a14271bc7d7088cd2e4af5ddbc666e194eda0154cf487843e4d72aaf49e45cc804094f1fef46d7ffa0dfc768ddc08f9912417

Download Submit
C:\Windows\System32\EEywsvB.exe

Filesize
3.0MB

MD5
823a6e164ad52d0534f8c818cf6bc1e2

SHA1
8bad15a4d928d63e1826599e12fe0d665d45ffcc

SHA256
f9dcc83c0389ecb0ca824ec02a6e701afd03844c1bb31257ca7338d36a0a4376

SHA512
95dc302bf1b10ed219e6636f138ab11420915c3a971153f7ba14baa10f5a182796f2d37fddc111c4443465dc6b476fc37590196ad3479f93cf8e8287a94df19d

Download Submit
C:\Windows\System32\GqjwTvl.exe

Filesize
3.0MB

MD5
79cb2e325cc85d82f5449ad3a9b66c31

SHA1
788d05e9ce9d91ac57053739baf98701a9849ac3

SHA256
e71f9dbe2d2bcc67d9ceb4f5df69a577a072ee65e635b7267888d1b491932df5

SHA512
4e2f808294c692f0e40c7583d8c4e1e723082833fa83a3cea39355650c65e245d8e6de669fd5ceaf06e7a2b61c59c2597e1bd2c5f36baed7c636b72e04d6d266

Download Submit
C:\Windows\System32\GuwKlQO.exe

Filesize
3.0MB

MD5
f776d6e660bf8dbb130492272be6daa2

SHA1
609b8a53a4824e801e697e95d0e2e369d17949a9

SHA256
d22df72c47886c63270164a731297319f441e2ab23420b7637cd827e55607b5e

SHA512
d7efbef9e34f2e7dd592cdbb1196d7b82d1d89c27af4f10b144a94dcf99afc9564e549bd16456316a64079c6826d4faa1c38593de42b6d9cafc696aa3cafa2c1

Download Submit
C:\Windows\System32\Ifloiuy.exe

Filesize
3.0MB

MD5
8f2b3c465d5de8fed7bbfa8635d582dd

SHA1
ddc1c15544d3fcd2c64012d3a2cc9ab491272836

SHA256
6f0ffdbdd7f555b025d08b2e771905023e72c506eabfc29c832a70372c81922f

SHA512
249eb4e223fef477b22b11f3ade5d98049de5c235cedb8125d508bad015db4a1de21205dee391511cbfc31c202c033e502faa2442be0be4ceed2a68ff3bca438

Download Submit
C:\Windows\System32\LjFMABp.exe

Filesize
3.0MB

MD5
2442c9ced85b96a23cd73b3f0d15bc90

SHA1
6eebaed94720cb5b0df90ba8799e38398c06aca6

SHA256
08ff257df6a98c48e07dc65b56679fa27393ae80014f5eba962b2703cdeaa885

SHA512
5ec10ffe0bdfc561d0a9757227ceef1bf7d0c93c7420507eb38207fa2928b7a3cbb9677f688d8c48f892d5de10a7fa13358b94015e476cc66beb7eb40beb0b32

Download Submit
C:\Windows\System32\LrwgdZG.exe

Filesize
3.0MB

MD5
8feff03a626ed62016d335750ec7244b

SHA1
9b6c88584bd768e8ba462d9ce6905731adc6d704

SHA256
33c27ff46485ded0d770caaa881be78738cd6b966d20294d217eb997890c08a9

SHA512
4beb1c9606eb54578588ca7712e7583e701df383bdd2a8a7a00d7fa12e80f32f7a6746d0aff7a1211db32dff9897419c3144c16e315dc40062c61c8d2f4d60ef

Download Submit
C:\Windows\System32\MlJCeDw.exe

Filesize
3.0MB

MD5
a620306440a091d27a843ed660022d6d

SHA1
ebcfed63eb3ab5d4857b10948f82bb380efa9b8d

SHA256
42dccbf53cfe8954093fa807670dc3a3909a735c7fe5119ea9195b03c72e051e

SHA512
0c99b8d8a252600b4fab79cefe373ff715fe9582200a12e47777106480c6eeebdd4d706a34b98d43064dbe6febe6616a7a823929658c0dae947453d1936824ba

Download Submit
C:\Windows\System32\SwvuicM.exe

Filesize
3.0MB

MD5
8340c5d2ef7093e63d060e467c87f6c5

SHA1
889dac64ef88daad02f466d459a422d8248d956d

SHA256
9b6b3a63805b96261a8972dc6dfc0930e69468238ea2f7e395b6a32ef3f71110

SHA512
83e2e993a3031579df8a9d2f574f2472d02da76997ee04353e8ddeb70b6bb45fc256c7b99556f72080609544012c59635915957bd627a03a855197e830e1a704

Download Submit
C:\Windows\System32\UIcupNO.exe

Filesize
3.0MB

MD5
146b2906b633c464f3706b1b19647f08

SHA1
125e710b41b126930cd6453487c7e4951c2cec84

SHA256
39f7fa81b2aeae5045e1838b447cafebe9a4457a144f530e45bb345d170a8c95

SHA512
fe1d18c1bc9af15c39f82d54f75ebd4c848883b77b4b94bc534afc978b5fde6958e4860c6e16c67fbd657e6a748c6cce2d30bfc09450fae1a88c388a8c625cb6

Download Submit
C:\Windows\System32\WEiTNbV.exe

Filesize
3.0MB

MD5
fe2430fa9eb14a8bdb3ecd03fb3a0006

SHA1
4e3256f121dd103f134965486bd8c2281a09196b

SHA256
19c9f7ffa35a5f4bec510b8fe79f5787e3f5bddc401767c82545db7399a3f375

SHA512
68d7b6b1f085086bf7e201e9477229c215591b812e3270bbdf55e9c026ab9f139de1f0d395cddd3cce9e5e048dccb65d579148643a3d75ee44edbee7d5b2880c

Download Submit
C:\Windows\System32\dTYXZIM.exe

Filesize
3.0MB

MD5
112185b0f8871a4dc6a42a85bcef7736

SHA1
a7a905dd678d1d5d34233f539445a32f53ccc5fa

SHA256
221f56dedd61065c7f75da50c28a161ba159b6a9b169b5786d6faec5bc19fa5c

SHA512
fef574774e417f0199aec23fbc75fd2c1b454624762af27593007fd17a8acf31f828cdb9da27c854578e2c36d640b984fe91e41fd0e0386a2914fd448ace18ea

Download Submit
C:\Windows\System32\dqlUYrB.exe

Filesize
3.0MB

MD5
9613fce9377ab4eeaa99b871ef8f9d1e

SHA1
ee84375d6ce4f1e3318675bce4e0130891d054e6

SHA256
094a4598f565b7ffbb0e67d669e06df37393d9cffbb0cb05d284dd30d77a554e

SHA512
1742dbbec2c2c106bf5cb5f8f8dc00389fd0061e4e36c450a9a0fe33e8f346688b4c824cb80bfdd9e40171509b7f100c4e11772bdec0a2bd0e5408249cd69ce7

Download Submit
C:\Windows\System32\dzKVhnj.exe

Filesize
3.0MB

MD5
9121a6a8f01df937c2d82e06481c63ca

SHA1
f0114e313e0736502ab12861c9ac78b2dff91824

SHA256
c527cfd1bc6da0aeb88bcfff203e8c9f29d4ddc2424b50bec7acc2a64969575c

SHA512
873df71c39bf34e8bcd20c55470be55e5e759c9ca29cd56e45b9d0cdfa0344956fd8bed7b6a79bf8d107a2dcdef9b44dff921344ed40bc2e2da20d5f3b52e15f

Download Submit
C:\Windows\System32\ijmEVRa.exe

Filesize
3.0MB

MD5
696ff64d20d4970c39580cc89a510aa0

SHA1
b28f1ada9446ca2dd339b8cda0029c221491a05f

SHA256
0b5116a37bf5626fe7ab5ccff3eaa0769dfec8e81b654cad290622e3682fde9b

SHA512
e72c6aaaa3cd21e26610174be652399faa60d196e3531dfacbe450dbadad20fea10a2b7c8dab0c2e173090bd4c15c1e3c4d5b740e59df9a8960d6fece708431d

Download Submit
C:\Windows\System32\kNozaFV.exe

Filesize
3.0MB

MD5
28fb25f7c90c9a8cde3e5930029e764d

SHA1
1858f477fa8d9f1416c3a80a1bc2f37ce516580e

SHA256
5735ec09c0c648c2d170f1d1114825ce4d113ccc6235e55a3cd07e178b13b16e

SHA512
2b0704d656df2b8dd5970424f17ea9b92a368e0b149d7c898a8d8dac30ea4ad7f5aa3bddfe6464a77ca5d554434956c4de9b31776d30ff95af211977338d8229

Download Submit
C:\Windows\System32\lqJHMix.exe

Filesize
3.0MB

MD5
531638419714098d914fb354b723907d

SHA1
5fffa5f13667e4229255fbe3dbe5b400da213dd6

SHA256
0e6beef801484ccc0e091ed4d719bda843669f1e21ab7b76b385401ca4a6358a

SHA512
31080677fd464ed5476b8e4e5afdd7da9ddb62626e733dd5f7cd75e13c15e9425d0edfa06acf82237c45aa9a3a33226dc16801720031920d0071b185a9fe57d8

Download Submit
C:\Windows\System32\mNZPzDt.exe

Filesize
3.0MB

MD5
ecb1343b1a6f943cba6cefa3539bb1f9

SHA1
f6b733ba972e6da7b386f0fa938b2b0a2bb47754

SHA256
bc45fe46dbbca6f29f7ce08cebc2b8e28a7ec37c22285d7967cec1fc401d9303

SHA512
0b9934dc75f983dea1d2d547b2f2cd7c62c8e971c11d6d1c2ea1f4dfb21ff3431a9b6ce26a91e8eef562181804236a62977291573d707eef30663e84af29769e

Download Submit
C:\Windows\System32\nLifIay.exe

Filesize
3.0MB

MD5
e3c158039ce37170ebf665ab0c722a46

SHA1
233c8bb5ddde0022f84247569ed92a2fb4e5c02d

SHA256
67eaa133f8169cadbb805d82159e3374b866be591fe6f2a79a476ab3c1e805e8

SHA512
5816f19cdd2f75aa94cb14a668e3a4d967e109d06177430eacaf959c758faf87d15d46696885565641d8f2169e9f230d027b495cb7f77b16c9e11a2fce019c7b

Download Submit
C:\Windows\System32\nXgvFop.exe

Filesize
3.0MB

MD5
e2f4ffeabb1594c069c617e602af7ae8

SHA1
67dbc698d5daf0725fe26c28e1229e86c420ad34

SHA256
238f0fd58957e5cf18244321f0039b1db22a65dac13fe09676bd3db8ba666481

SHA512
22de7cc15289fe944f2340fccda7436d2c5325e4850c08daf53e43edee0dbc832400f4ad2aeadd5411e0883741eb7cb457b93ace6e793fb3c085dda08bcc6933

Download Submit
C:\Windows\System32\pifaTJO.exe

Filesize
3.0MB

MD5
c7f1f80791542c6a43a606c055534ede

SHA1
2726973e25b89459101f6ce707b60e7f8da32e1a

SHA256
51a6acdeae121a0adcaafe9f7310a5edbf59483df8dd5301a89db660357c44a1

SHA512
4bc1e530b7bbdebf9a7bce480653c97f0608028ffb527e569fdc285fc5a2696931207a409e86e8e171c37c23bfeba0cc8200c47bf3808c2ff8de0c07bc38c026

Download Submit
C:\Windows\System32\poNeavY.exe

Filesize
3.0MB

MD5
5ae584ad373cddc2f22f4502bf5cd3c8

SHA1
5c46c31ebdcf8852db4c1f237035c07be5054a97

SHA256
b4f95bbe25308774e2e03c4eafd126391ace010394b6f67d995b1e04974fac73

SHA512
4fa462b146813a0eb5676b67cd124dedd7ff47b7d28bd20554e6197c6f1f7204168e92a0d3374877c887764955e56a35e20b4f9197f193c9fbe2f828414dd8ed

Download Submit
C:\Windows\System32\quxfhNQ.exe

Filesize
3.0MB

MD5
034fde640824adeb0fe418800bfbad99

SHA1
6220dd06935dd03b08681cbea107a3d0502d7528

SHA256
855554f1d0bd57dc9a43a771ea061e81fcfd92b40ff427f6ca3e019fd43d2e16

SHA512
229440b4c99b8c83ccb2f0dc42df1261df24057997284e1970b54abce5d1e78ea3b746994ae9c1fa1d62eee17eedbe770c7296860b56e84f3ea7a09e20f282f3

Download Submit
C:\Windows\System32\sdvcKQL.exe

Filesize
3.0MB

MD5
74e34eddc4d5dbfcf454a6cefcb6b2df

SHA1
51dfedb0d2a97d1122f00ba1fa7da2b36f9d57cc

SHA256
cfda352560e043e0f2fa9a70ef3920ec2e0e0d1c347f3a66d97b483f7b35128a

SHA512
ba52471d3732517065cd71227bf6c0c76105796106372733b8d2210dee5b3bf1870bdc624d71131d5aa92015b20a422dfd120b99c6ed17d8d720156f8a05536d

Download Submit
C:\Windows\System32\tbNbbnz.exe

Filesize
3.0MB

MD5
dade7b115818f5b591a1136b9d6a4908

SHA1
e543a6376d81ce30116ebe4cfb54204379315ea4

SHA256
0e8f398c6c8c3e2dc02fc3ce962ae700a976f94f2f1d5ce94157a1aded39f43e

SHA512
aca8a7586d50596662b2e832070d2cdd944970c6c21e6b0457c305f7e5e048007099ede89d58bc0a5ec501249522c4a2f9239f011b33c61c40f18decee7fbc51

Download Submit
C:\Windows\System32\thsKdSz.exe

Filesize
3.0MB

MD5
84f716f49b03f7e9a352ddb0774fbf84

SHA1
8d02d2a496dbb6f6f06e245d82c93f3d8608b708

SHA256
72e23f53b2f1ad8e7843af7fe730dbd1e2cd56db75830d254140986119857362

SHA512
36306f66995ce3bfb03217ec2d244726421c0ea5d5aeb5c605f6ba99423a323e81c1be66c5d830ed3986a518bdf2dbf15f32233ae266ab554658df16ec95e9ce

Download Submit
C:\Windows\System32\uzDjeJd.exe

Filesize
3.0MB

MD5
ef34c599d715450fc5d30c00dac8b1c2

SHA1
3542ab9a678a40883ea9bc7e613dbd9007f13bc5

SHA256
905fc6e9c488950f5bae03f62563999d00e7b9649d1ea1f88ba430748fc0b571

SHA512
602c55aa94254b441111a6d010ccf6b28732def8e0461123ba645ee376d431376a8cbf183e8bf550ef785af82d28c03c191a4d9f34f797ab17932dfb62338821

Download Submit
C:\Windows\System32\vkUlMEt.exe

Filesize
3.0MB

MD5
54792773d531451cef251850f61573b7

SHA1
e58a2932fe011b1aaf1447da8da8b9f8b75772d9

SHA256
bf270a33eb6ce49269782460c5fae45abfe75aad295c5eea8afb812168edf2fb

SHA512
5e613a689eba1c53b15f3da4b79beb542fad25c244a7a7edadff8cd086a11933e7d51f9582c81ac5b750724fa1226f35a7f725dfb684c3466263caf8e3b31ac9

Download Submit
C:\Windows\System32\wdXTQGU.exe

Filesize
3.0MB

MD5
e1f0c52de82cb9e3f4a48f3506b5bc8f

SHA1
6fe4fca125be49aa98f942ad81589ac8899df7d6

SHA256
c2259f4b7a1c3cb922b8de3bb0caa40e47ef398030aa9d3e3793bafbdf27e292

SHA512
9ced1b6ff8254141c93df8cf50ae3973d87b2a32f546485a511ddf424099e6674f5d32a2fa2d101615e4355efe72c962f98635822ea0baf72e5a52970605f77f

Download Submit
C:\Windows\System32\zDBjEYg.exe

Filesize
3.0MB

MD5
5024efe4118ad79efefc945cf3073bde

SHA1
661e91ca0099ac1cf8a75a45a2906be8fc718141

SHA256
5d00b6a8e6f1b17418df05b0e16fcacda63c3b4114f301568245dde5d1c16cc8

SHA512
45e63ab2f76366f81f972ae2455fce70a8783d2a74022de00e259c037bf4d88b512e328d839138859dde9c69a108840b4364615de9aa09092986824510810d2b

Download Submit
memory/400-1977-0x00007FF7F27E0000-0x00007FF7F2BD5000-memory.dmp

Filesize
4.0MB

Download
memory/400-835-0x00007FF7F27E0000-0x00007FF7F2BD5000-memory.dmp

Filesize
4.0MB

Download
memory/864-1-0x000002A63D9A0000-0x000002A63D9B0000-memory.dmp

Filesize
64KB

Download
memory/864-1409-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp

Filesize
4.0MB

Download
memory/864-0-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp

Filesize
4.0MB

Download
memory/864-1966-0x00007FF61D8F0000-0x00007FF61DCE5000-memory.dmp

Filesize
4.0MB

Download
memory/912-825-0x00007FF7C4660000-0x00007FF7C4A55000-memory.dmp

Filesize
4.0MB

Download
memory/912-1974-0x00007FF7C4660000-0x00007FF7C4A55000-memory.dmp

Filesize
4.0MB

Download
memory/1008-813-0x00007FF63FA60000-0x00007FF63FE55000-memory.dmp

Filesize
4.0MB

Download
memory/1008-1971-0x00007FF63FA60000-0x00007FF63FE55000-memory.dmp

Filesize
4.0MB

Download
memory/1116-1970-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp

Filesize
4.0MB

Download
memory/1116-73-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp

Filesize
4.0MB

Download
memory/1116-1956-0x00007FF6D3EA0000-0x00007FF6D4295000-memory.dmp

Filesize
4.0MB

Download
memory/1572-1979-0x00007FF7CEE50000-0x00007FF7CF245000-memory.dmp

Filesize
4.0MB

Download
memory/1572-839-0x00007FF7CEE50000-0x00007FF7CF245000-memory.dmp

Filesize
4.0MB

Download
memory/1628-1961-0x00007FF760BE0000-0x00007FF760FD5000-memory.dmp

Filesize
4.0MB

Download
memory/1628-45-0x00007FF760BE0000-0x00007FF760FD5000-memory.dmp

Filesize
4.0MB

Download
memory/2084-1957-0x00007FF6D6200000-0x00007FF6D65F5000-memory.dmp

Filesize
4.0MB

Download
memory/2084-9-0x00007FF6D6200000-0x00007FF6D65F5000-memory.dmp

Filesize
4.0MB

Download
memory/2132-817-0x00007FF71EB90000-0x00007FF71EF85000-memory.dmp

Filesize
4.0MB

Download
memory/2132-1978-0x00007FF71EB90000-0x00007FF71EF85000-memory.dmp

Filesize
4.0MB

Download
memory/2164-1960-0x00007FF68DA00000-0x00007FF68DDF5000-memory.dmp

Filesize
4.0MB

Download
memory/2164-49-0x00007FF68DA00000-0x00007FF68DDF5000-memory.dmp

Filesize
4.0MB

Download
memory/2316-1962-0x00007FF752EC0000-0x00007FF7532B5000-memory.dmp

Filesize
4.0MB

Download
memory/2316-41-0x00007FF752EC0000-0x00007FF7532B5000-memory.dmp

Filesize
4.0MB

Download
memory/2364-62-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp

Filesize
4.0MB

Download
memory/2364-1954-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp

Filesize
4.0MB

Download
memory/2364-1967-0x00007FF70C5C0000-0x00007FF70C9B5000-memory.dmp

Filesize
4.0MB

Download
memory/2384-1972-0x00007FF6BDAC0000-0x00007FF6BDEB5000-memory.dmp

Filesize
4.0MB

Download
memory/2384-807-0x00007FF6BDAC0000-0x00007FF6BDEB5000-memory.dmp

Filesize
4.0MB

Download
memory/2416-1975-0x00007FF6E9AC0000-0x00007FF6E9EB5000-memory.dmp

Filesize
4.0MB

Download
memory/2416-796-0x00007FF6E9AC0000-0x00007FF6E9EB5000-memory.dmp

Filesize
4.0MB

Download
memory/2860-1964-0x00007FF7BD640000-0x00007FF7BDA35000-memory.dmp

Filesize
4.0MB

Download
memory/2860-53-0x00007FF7BD640000-0x00007FF7BDA35000-memory.dmp

Filesize
4.0MB

Download
memory/3216-1980-0x00007FF6D6A20000-0x00007FF6D6E15000-memory.dmp

Filesize
4.0MB

Download
memory/3216-837-0x00007FF6D6A20000-0x00007FF6D6E15000-memory.dmp

Filesize
4.0MB

Download
memory/3592-14-0x00007FF7012C0000-0x00007FF7016B5000-memory.dmp

Filesize
4.0MB

Download
memory/3592-1958-0x00007FF7012C0000-0x00007FF7016B5000-memory.dmp

Filesize
4.0MB

Download
memory/3596-1959-0x00007FF755F70000-0x00007FF756365000-memory.dmp

Filesize
4.0MB

Download
memory/3596-37-0x00007FF755F70000-0x00007FF756365000-memory.dmp

Filesize
4.0MB

Download
memory/3852-64-0x00007FF681C50000-0x00007FF682045000-memory.dmp

Filesize
4.0MB

Download
memory/3852-1955-0x00007FF681C50000-0x00007FF682045000-memory.dmp

Filesize
4.0MB

Download
memory/3852-1968-0x00007FF681C50000-0x00007FF682045000-memory.dmp

Filesize
4.0MB

Download
memory/3880-801-0x00007FF68F5F0000-0x00007FF68F9E5000-memory.dmp

Filesize
4.0MB

Download
memory/3880-1976-0x00007FF68F5F0000-0x00007FF68F9E5000-memory.dmp

Filesize
4.0MB

Download
memory/4440-52-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp

Filesize
4.0MB

Download
memory/4440-1965-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp

Filesize
4.0MB

Download
memory/4440-1952-0x00007FF7A33A0000-0x00007FF7A3795000-memory.dmp

Filesize
4.0MB

Download
memory/4488-1973-0x00007FF6604D0000-0x00007FF6608C5000-memory.dmp

Filesize
4.0MB

Download
memory/4488-829-0x00007FF6604D0000-0x00007FF6608C5000-memory.dmp

Filesize
4.0MB

Download
memory/4536-831-0x00007FF60A2E0000-0x00007FF60A6D5000-memory.dmp

Filesize
4.0MB

Download
memory/4536-1981-0x00007FF60A2E0000-0x00007FF60A6D5000-memory.dmp

Filesize
4.0MB

Download
memory/4716-54-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp

Filesize
4.0MB

Download
memory/4716-1963-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp

Filesize
4.0MB

Download
memory/4716-1953-0x00007FF72B8A0000-0x00007FF72BC95000-memory.dmp

Filesize
4.0MB

Download
memory/4740-1969-0x00007FF6B8570000-0x00007FF6B8965000-memory.dmp

Filesize
4.0MB

Download
memory/4740-788-0x00007FF6B8570000-0x00007FF6B8965000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads