xmrig | d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
Size

3.3MB
MD5

cfb51e1dbbd8d8f881548b3d694a3046
SHA1

f8d4288a80346d001d66fa6907ae60710dc4cbf9
SHA256

d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5
SHA512

56cdf059857dd61e4900838b4ef94d927cfa1b9a5c63a7aa2468a2d3968a3e6402311f79e6edb5ee2aaf43352d5b712d81fb5d883471a6044a54660c1f1b9c4e
SSDEEP

98304:N0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc46:NFWPClFq

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4388-0-0x00007FF7EA930000-0x00007FF7EAD25000-memory.dmp	UPX
behavioral2/files/0x000800000002349f-5.dat	UPX
behavioral2/files/0x00070000000234a3-9.dat	UPX
behavioral2/files/0x00070000000234a4-10.dat	UPX
behavioral2/files/0x00070000000234a5-21.dat	UPX
behavioral2/files/0x00070000000234a8-38.dat	UPX
behavioral2/files/0x00070000000234a9-43.dat	UPX
behavioral2/files/0x00070000000234ab-51.dat	UPX
behavioral2/files/0x00070000000234ac-58.dat	UPX
behavioral2/files/0x00070000000234b2-88.dat	UPX
behavioral2/files/0x00070000000234b5-101.dat	UPX
behavioral2/files/0x00070000000234b7-113.dat	UPX
behavioral2/files/0x00070000000234ba-126.dat	UPX
behavioral2/files/0x00070000000234c0-156.dat	UPX
behavioral2/memory/5072-747-0x00007FF7FA060000-0x00007FF7FA455000-memory.dmp	UPX
behavioral2/memory/532-749-0x00007FF65C950000-0x00007FF65CD45000-memory.dmp	UPX
behavioral2/memory/4324-748-0x00007FF627170000-0x00007FF627565000-memory.dmp	UPX
behavioral2/memory/3696-752-0x00007FF70C5A0000-0x00007FF70C995000-memory.dmp	UPX
behavioral2/memory/3664-759-0x00007FF7F1B80000-0x00007FF7F1F75000-memory.dmp	UPX
behavioral2/memory/3980-767-0x00007FF7FBE00000-0x00007FF7FC1F5000-memory.dmp	UPX
behavioral2/memory/3944-772-0x00007FF75A410000-0x00007FF75A805000-memory.dmp	UPX
behavioral2/memory/3456-774-0x00007FF762370000-0x00007FF762765000-memory.dmp	UPX
behavioral2/memory/2104-778-0x00007FF7F8D20000-0x00007FF7F9115000-memory.dmp	UPX
behavioral2/memory/3620-782-0x00007FF604780000-0x00007FF604B75000-memory.dmp	UPX
behavioral2/memory/1740-785-0x00007FF65C5E0000-0x00007FF65C9D5000-memory.dmp	UPX
behavioral2/memory/1840-789-0x00007FF7D0ED0000-0x00007FF7D12C5000-memory.dmp	UPX
behavioral2/memory/4112-793-0x00007FF72F370000-0x00007FF72F765000-memory.dmp	UPX
behavioral2/memory/2280-780-0x00007FF689120000-0x00007FF689515000-memory.dmp	UPX
behavioral2/memory/2964-840-0x00007FF76D970000-0x00007FF76DD65000-memory.dmp	UPX
behavioral2/memory/1964-845-0x00007FF74DD80000-0x00007FF74E175000-memory.dmp	UPX
behavioral2/memory/1412-846-0x00007FF782940000-0x00007FF782D35000-memory.dmp	UPX
behavioral2/memory/1444-841-0x00007FF79EAE0000-0x00007FF79EED5000-memory.dmp	UPX
behavioral2/memory/428-837-0x00007FF6427B0000-0x00007FF642BA5000-memory.dmp	UPX
behavioral2/memory/2644-763-0x00007FF6F6350000-0x00007FF6F6745000-memory.dmp	UPX
behavioral2/memory/4472-847-0x00007FF6CEB20000-0x00007FF6CEF15000-memory.dmp	UPX
behavioral2/memory/456-850-0x00007FF7120B0000-0x00007FF7124A5000-memory.dmp	UPX
behavioral2/files/0x00070000000234c1-164.dat	UPX
behavioral2/files/0x00070000000234bf-153.dat	UPX
behavioral2/files/0x00070000000234be-148.dat	UPX
behavioral2/files/0x00070000000234bd-143.dat	UPX
behavioral2/files/0x00070000000234bc-138.dat	UPX
behavioral2/files/0x00070000000234bb-133.dat	UPX
behavioral2/files/0x00070000000234b9-123.dat	UPX
behavioral2/files/0x00070000000234b8-118.dat	UPX
behavioral2/files/0x00070000000234b6-108.dat	UPX
behavioral2/files/0x00070000000234b4-98.dat	UPX
behavioral2/files/0x00070000000234b3-93.dat	UPX
behavioral2/files/0x00070000000234b1-83.dat	UPX
behavioral2/files/0x00070000000234b0-78.dat	UPX
behavioral2/files/0x00070000000234af-73.dat	UPX
behavioral2/files/0x00070000000234ae-68.dat	UPX
behavioral2/files/0x00070000000234ad-63.dat	UPX
behavioral2/files/0x00070000000234aa-48.dat	UPX
behavioral2/files/0x00070000000234a7-33.dat	UPX
behavioral2/files/0x00070000000234a6-28.dat	UPX
behavioral2/memory/116-14-0x00007FF60A1F0000-0x00007FF60A5E5000-memory.dmp	UPX
behavioral2/memory/1372-6-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	UPX
behavioral2/memory/4388-1872-0x00007FF7EA930000-0x00007FF7EAD25000-memory.dmp	UPX
behavioral2/memory/1372-1873-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	UPX
behavioral2/memory/116-1875-0x00007FF60A1F0000-0x00007FF60A5E5000-memory.dmp	UPX
behavioral2/memory/1372-1874-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	UPX
behavioral2/memory/532-1879-0x00007FF65C950000-0x00007FF65CD45000-memory.dmp	UPX
behavioral2/memory/5072-1878-0x00007FF7FA060000-0x00007FF7FA455000-memory.dmp	UPX
behavioral2/memory/3696-1876-0x00007FF70C5A0000-0x00007FF70C995000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4388-0-0x00007FF7EA930000-0x00007FF7EAD25000-memory.dmp	xmrig
behavioral2/files/0x000800000002349f-5.dat	xmrig
behavioral2/files/0x00070000000234a3-9.dat	xmrig
behavioral2/files/0x00070000000234a4-10.dat	xmrig
behavioral2/files/0x00070000000234a5-21.dat	xmrig
behavioral2/files/0x00070000000234a8-38.dat	xmrig
behavioral2/files/0x00070000000234a9-43.dat	xmrig
behavioral2/files/0x00070000000234ab-51.dat	xmrig
behavioral2/files/0x00070000000234ac-58.dat	xmrig
behavioral2/files/0x00070000000234b2-88.dat	xmrig
behavioral2/files/0x00070000000234b5-101.dat	xmrig
behavioral2/files/0x00070000000234b7-113.dat	xmrig
behavioral2/files/0x00070000000234ba-126.dat	xmrig
behavioral2/files/0x00070000000234c0-156.dat	xmrig
behavioral2/memory/5072-747-0x00007FF7FA060000-0x00007FF7FA455000-memory.dmp	xmrig
behavioral2/memory/532-749-0x00007FF65C950000-0x00007FF65CD45000-memory.dmp	xmrig
behavioral2/memory/4324-748-0x00007FF627170000-0x00007FF627565000-memory.dmp	xmrig
behavioral2/memory/3696-752-0x00007FF70C5A0000-0x00007FF70C995000-memory.dmp	xmrig
behavioral2/memory/3664-759-0x00007FF7F1B80000-0x00007FF7F1F75000-memory.dmp	xmrig
behavioral2/memory/3980-767-0x00007FF7FBE00000-0x00007FF7FC1F5000-memory.dmp	xmrig
behavioral2/memory/3944-772-0x00007FF75A410000-0x00007FF75A805000-memory.dmp	xmrig
behavioral2/memory/3456-774-0x00007FF762370000-0x00007FF762765000-memory.dmp	xmrig
behavioral2/memory/2104-778-0x00007FF7F8D20000-0x00007FF7F9115000-memory.dmp	xmrig
behavioral2/memory/3620-782-0x00007FF604780000-0x00007FF604B75000-memory.dmp	xmrig
behavioral2/memory/1740-785-0x00007FF65C5E0000-0x00007FF65C9D5000-memory.dmp	xmrig
behavioral2/memory/1840-789-0x00007FF7D0ED0000-0x00007FF7D12C5000-memory.dmp	xmrig
behavioral2/memory/4112-793-0x00007FF72F370000-0x00007FF72F765000-memory.dmp	xmrig
behavioral2/memory/2280-780-0x00007FF689120000-0x00007FF689515000-memory.dmp	xmrig
behavioral2/memory/2964-840-0x00007FF76D970000-0x00007FF76DD65000-memory.dmp	xmrig
behavioral2/memory/1964-845-0x00007FF74DD80000-0x00007FF74E175000-memory.dmp	xmrig
behavioral2/memory/1412-846-0x00007FF782940000-0x00007FF782D35000-memory.dmp	xmrig
behavioral2/memory/1444-841-0x00007FF79EAE0000-0x00007FF79EED5000-memory.dmp	xmrig
behavioral2/memory/428-837-0x00007FF6427B0000-0x00007FF642BA5000-memory.dmp	xmrig
behavioral2/memory/2644-763-0x00007FF6F6350000-0x00007FF6F6745000-memory.dmp	xmrig
behavioral2/memory/4472-847-0x00007FF6CEB20000-0x00007FF6CEF15000-memory.dmp	xmrig
behavioral2/memory/456-850-0x00007FF7120B0000-0x00007FF7124A5000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c1-164.dat	xmrig
behavioral2/files/0x00070000000234bf-153.dat	xmrig
behavioral2/files/0x00070000000234be-148.dat	xmrig
behavioral2/files/0x00070000000234bd-143.dat	xmrig
behavioral2/files/0x00070000000234bc-138.dat	xmrig
behavioral2/files/0x00070000000234bb-133.dat	xmrig
behavioral2/files/0x00070000000234b9-123.dat	xmrig
behavioral2/files/0x00070000000234b8-118.dat	xmrig
behavioral2/files/0x00070000000234b6-108.dat	xmrig
behavioral2/files/0x00070000000234b4-98.dat	xmrig
behavioral2/files/0x00070000000234b3-93.dat	xmrig
behavioral2/files/0x00070000000234b1-83.dat	xmrig
behavioral2/files/0x00070000000234b0-78.dat	xmrig
behavioral2/files/0x00070000000234af-73.dat	xmrig
behavioral2/files/0x00070000000234ae-68.dat	xmrig
behavioral2/files/0x00070000000234ad-63.dat	xmrig
behavioral2/files/0x00070000000234aa-48.dat	xmrig
behavioral2/files/0x00070000000234a7-33.dat	xmrig
behavioral2/files/0x00070000000234a6-28.dat	xmrig
behavioral2/memory/116-14-0x00007FF60A1F0000-0x00007FF60A5E5000-memory.dmp	xmrig
behavioral2/memory/1372-6-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	xmrig
behavioral2/memory/4388-1872-0x00007FF7EA930000-0x00007FF7EAD25000-memory.dmp	xmrig
behavioral2/memory/1372-1873-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	xmrig
behavioral2/memory/116-1875-0x00007FF60A1F0000-0x00007FF60A5E5000-memory.dmp	xmrig
behavioral2/memory/1372-1874-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	xmrig
behavioral2/memory/532-1879-0x00007FF65C950000-0x00007FF65CD45000-memory.dmp	xmrig
behavioral2/memory/5072-1878-0x00007FF7FA060000-0x00007FF7FA455000-memory.dmp	xmrig
behavioral2/memory/3696-1876-0x00007FF70C5A0000-0x00007FF70C995000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1372	xnSHejQ.exe
116	prhxlPG.exe
5072	CJnBszw.exe
4324	LPJljXi.exe
456	iDOqTkw.exe
532	AwWzwSH.exe
3696	aCyvmHh.exe
3664	BElBeAm.exe
2644	oJlSsCG.exe
3980	AoOjDTD.exe
3944	lORsNHb.exe
3456	QtIksSt.exe
2104	EPQxhjr.exe
2280	buHmILe.exe
3620	wlMKPsa.exe
1740	NuzaElz.exe
1840	YXegTxs.exe
4112	BhlBRMs.exe
428	tmNEPtY.exe
2964	NgAVhJk.exe
1444	tzDoses.exe
1964	ARSJyUn.exe
1412	KrSHwTw.exe
4472	NGLKhMM.exe
824	OAJGZde.exe
2732	ITeuDlL.exe
1268	gWKPwGu.exe
3504	FXHTvGa.exe
2292	qgDbFys.exe
4016	YSfcwLm.exe
848	goiRreb.exe
1848	iGELvWH.exe
4892	qIGrlYv.exe
4192	aQUylZj.exe
820	okiejMl.exe
3320	gQzCDwl.exe
3260	gMqkWSH.exe
4712	AZtZcbV.exe
2020	EEcLQQX.exe
3756	GfEuNzC.exe
2896	MVrXuIP.exe
4480	IzkzoIa.exe
1464	mItOJAF.exe
3656	ohldzFt.exe
1876	SpSnLrG.exe
1192	IBZypEw.exe
400	PrTuKcF.exe
2884	bEwlKZk.exe
5032	BFJYWlk.exe
3936	WluNVAZ.exe
4996	FqGJQan.exe
800	jGLYyee.exe
3120	NjfLWqU.exe
1340	wiYVzEu.exe
244	eSbhwUC.exe
4628	fJMWkec.exe
1884	LFrvsAK.exe
4952	cDjTtrq.exe
688	LtDGZAY.exe
4340	BNEAiPw.exe
2440	seiDnQH.exe
4680	funtYlx.exe
4392	yOlyXyk.exe
2604	evoQnIB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4388-0-0x00007FF7EA930000-0x00007FF7EAD25000-memory.dmp	upx
behavioral2/files/0x000800000002349f-5.dat	upx
behavioral2/files/0x00070000000234a3-9.dat	upx
behavioral2/files/0x00070000000234a4-10.dat	upx
behavioral2/files/0x00070000000234a5-21.dat	upx
behavioral2/files/0x00070000000234a8-38.dat	upx
behavioral2/files/0x00070000000234a9-43.dat	upx
behavioral2/files/0x00070000000234ab-51.dat	upx
behavioral2/files/0x00070000000234ac-58.dat	upx
behavioral2/files/0x00070000000234b2-88.dat	upx
behavioral2/files/0x00070000000234b5-101.dat	upx
behavioral2/files/0x00070000000234b7-113.dat	upx
behavioral2/files/0x00070000000234ba-126.dat	upx
behavioral2/files/0x00070000000234c0-156.dat	upx
behavioral2/memory/5072-747-0x00007FF7FA060000-0x00007FF7FA455000-memory.dmp	upx
behavioral2/memory/532-749-0x00007FF65C950000-0x00007FF65CD45000-memory.dmp	upx
behavioral2/memory/4324-748-0x00007FF627170000-0x00007FF627565000-memory.dmp	upx
behavioral2/memory/3696-752-0x00007FF70C5A0000-0x00007FF70C995000-memory.dmp	upx
behavioral2/memory/3664-759-0x00007FF7F1B80000-0x00007FF7F1F75000-memory.dmp	upx
behavioral2/memory/3980-767-0x00007FF7FBE00000-0x00007FF7FC1F5000-memory.dmp	upx
behavioral2/memory/3944-772-0x00007FF75A410000-0x00007FF75A805000-memory.dmp	upx
behavioral2/memory/3456-774-0x00007FF762370000-0x00007FF762765000-memory.dmp	upx
behavioral2/memory/2104-778-0x00007FF7F8D20000-0x00007FF7F9115000-memory.dmp	upx
behavioral2/memory/3620-782-0x00007FF604780000-0x00007FF604B75000-memory.dmp	upx
behavioral2/memory/1740-785-0x00007FF65C5E0000-0x00007FF65C9D5000-memory.dmp	upx
behavioral2/memory/1840-789-0x00007FF7D0ED0000-0x00007FF7D12C5000-memory.dmp	upx
behavioral2/memory/4112-793-0x00007FF72F370000-0x00007FF72F765000-memory.dmp	upx
behavioral2/memory/2280-780-0x00007FF689120000-0x00007FF689515000-memory.dmp	upx
behavioral2/memory/2964-840-0x00007FF76D970000-0x00007FF76DD65000-memory.dmp	upx
behavioral2/memory/1964-845-0x00007FF74DD80000-0x00007FF74E175000-memory.dmp	upx
behavioral2/memory/1412-846-0x00007FF782940000-0x00007FF782D35000-memory.dmp	upx
behavioral2/memory/1444-841-0x00007FF79EAE0000-0x00007FF79EED5000-memory.dmp	upx
behavioral2/memory/428-837-0x00007FF6427B0000-0x00007FF642BA5000-memory.dmp	upx
behavioral2/memory/2644-763-0x00007FF6F6350000-0x00007FF6F6745000-memory.dmp	upx
behavioral2/memory/4472-847-0x00007FF6CEB20000-0x00007FF6CEF15000-memory.dmp	upx
behavioral2/memory/456-850-0x00007FF7120B0000-0x00007FF7124A5000-memory.dmp	upx
behavioral2/files/0x00070000000234c1-164.dat	upx
behavioral2/files/0x00070000000234bf-153.dat	upx
behavioral2/files/0x00070000000234be-148.dat	upx
behavioral2/files/0x00070000000234bd-143.dat	upx
behavioral2/files/0x00070000000234bc-138.dat	upx
behavioral2/files/0x00070000000234bb-133.dat	upx
behavioral2/files/0x00070000000234b9-123.dat	upx
behavioral2/files/0x00070000000234b8-118.dat	upx
behavioral2/files/0x00070000000234b6-108.dat	upx
behavioral2/files/0x00070000000234b4-98.dat	upx
behavioral2/files/0x00070000000234b3-93.dat	upx
behavioral2/files/0x00070000000234b1-83.dat	upx
behavioral2/files/0x00070000000234b0-78.dat	upx
behavioral2/files/0x00070000000234af-73.dat	upx
behavioral2/files/0x00070000000234ae-68.dat	upx
behavioral2/files/0x00070000000234ad-63.dat	upx
behavioral2/files/0x00070000000234aa-48.dat	upx
behavioral2/files/0x00070000000234a7-33.dat	upx
behavioral2/files/0x00070000000234a6-28.dat	upx
behavioral2/memory/116-14-0x00007FF60A1F0000-0x00007FF60A5E5000-memory.dmp	upx
behavioral2/memory/1372-6-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	upx
behavioral2/memory/4388-1872-0x00007FF7EA930000-0x00007FF7EAD25000-memory.dmp	upx
behavioral2/memory/1372-1873-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	upx
behavioral2/memory/116-1875-0x00007FF60A1F0000-0x00007FF60A5E5000-memory.dmp	upx
behavioral2/memory/1372-1874-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp	upx
behavioral2/memory/532-1879-0x00007FF65C950000-0x00007FF65CD45000-memory.dmp	upx
behavioral2/memory/5072-1878-0x00007FF7FA060000-0x00007FF7FA455000-memory.dmp	upx
behavioral2/memory/3696-1876-0x00007FF70C5A0000-0x00007FF70C995000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\HAIhkBt.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\IemoPsL.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\xwOUrQo.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\PklnXHz.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\ZNyXMuf.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\aNiwaYM.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\bkiKqgs.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\RKXUZFG.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\rhjbYSF.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\anxXzUX.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\FFeCHat.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\NsPEqNV.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\cJTLUOO.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\FrAymJQ.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\KhDkvjy.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\aEbmpDg.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\ueOJYOH.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\CSDBBCN.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\fxdFFNG.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\tjFADzH.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\KPSdZJd.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\EAdYeAH.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\FgUQDCW.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\JfjrSmn.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\KUuWfLA.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\twPAdnI.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\ycMlYHD.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\MUxhBxJ.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\wntdpTp.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\cgVQLwU.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\ZHuMYdx.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\qqTGeuW.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\JCLbxrv.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\iGELvWH.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\iovvGbp.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\cOIANRo.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\oNFytCQ.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\cMyoWkX.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\HlvZuYG.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\YSfcwLm.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\GSUOtZM.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\qZAswlp.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\WaZrEjJ.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\OypSEEk.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\UjtMKae.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\tbgzQBw.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\XvaBqVh.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\GfEuNzC.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\nwrnuBn.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\nZeRaAa.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\LcPlzBj.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\KFIFAQQ.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\myXEYyf.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\JcFMXxs.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\roVIwIO.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\OGAaYGB.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\MqoSbfj.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\okiejMl.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\gMqkWSH.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\NjErvFp.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\DeSIKtQ.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\FMTKDsS.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\xfvGJma.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
File created	C:\Windows\System32\WNnoPID.exe	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13180	dwm.exe
Token: SeChangeNotifyPrivilege	13180	dwm.exe
Token: 33	13180	dwm.exe
Token: SeIncBasePriorityPrivilege	13180	dwm.exe
Token: SeShutdownPrivilege	13180	dwm.exe
Token: SeCreatePagefilePrivilege	13180	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 1372	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	83
PID 4388 wrote to memory of 1372	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	83
PID 4388 wrote to memory of 116	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	84
PID 4388 wrote to memory of 116	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	84
PID 4388 wrote to memory of 5072	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	85
PID 4388 wrote to memory of 5072	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	85
PID 4388 wrote to memory of 4324	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	86
PID 4388 wrote to memory of 4324	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	86
PID 4388 wrote to memory of 456	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	87
PID 4388 wrote to memory of 456	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	87
PID 4388 wrote to memory of 532	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	88
PID 4388 wrote to memory of 532	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	88
PID 4388 wrote to memory of 3696	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	89
PID 4388 wrote to memory of 3696	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	89
PID 4388 wrote to memory of 3664	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	90
PID 4388 wrote to memory of 3664	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	90
PID 4388 wrote to memory of 2644	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	91
PID 4388 wrote to memory of 2644	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	91
PID 4388 wrote to memory of 3980	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	92
PID 4388 wrote to memory of 3980	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	92
PID 4388 wrote to memory of 3944	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	93
PID 4388 wrote to memory of 3944	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	93
PID 4388 wrote to memory of 3456	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	94
PID 4388 wrote to memory of 3456	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	94
PID 4388 wrote to memory of 2104	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	95
PID 4388 wrote to memory of 2104	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	95
PID 4388 wrote to memory of 2280	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	96
PID 4388 wrote to memory of 2280	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	96
PID 4388 wrote to memory of 3620	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	97
PID 4388 wrote to memory of 3620	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	97
PID 4388 wrote to memory of 1740	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	98
PID 4388 wrote to memory of 1740	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	98
PID 4388 wrote to memory of 1840	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	99
PID 4388 wrote to memory of 1840	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	99
PID 4388 wrote to memory of 4112	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	100
PID 4388 wrote to memory of 4112	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	100
PID 4388 wrote to memory of 428	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	101
PID 4388 wrote to memory of 428	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	101
PID 4388 wrote to memory of 2964	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	102
PID 4388 wrote to memory of 2964	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	102
PID 4388 wrote to memory of 1444	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	103
PID 4388 wrote to memory of 1444	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	103
PID 4388 wrote to memory of 1964	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	104
PID 4388 wrote to memory of 1964	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	104
PID 4388 wrote to memory of 1412	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	105
PID 4388 wrote to memory of 1412	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	105
PID 4388 wrote to memory of 4472	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	106
PID 4388 wrote to memory of 4472	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	106
PID 4388 wrote to memory of 824	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	107
PID 4388 wrote to memory of 824	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	107
PID 4388 wrote to memory of 2732	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	108
PID 4388 wrote to memory of 2732	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	108
PID 4388 wrote to memory of 1268	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	109
PID 4388 wrote to memory of 1268	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	109
PID 4388 wrote to memory of 3504	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	110
PID 4388 wrote to memory of 3504	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	110
PID 4388 wrote to memory of 2292	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	111
PID 4388 wrote to memory of 2292	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	111
PID 4388 wrote to memory of 4016	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	112
PID 4388 wrote to memory of 4016	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	112
PID 4388 wrote to memory of 848	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	113
PID 4388 wrote to memory of 848	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	113
PID 4388 wrote to memory of 1848	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	114
PID 4388 wrote to memory of 1848	4388	d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe	114

C:\Users\Admin\AppData\Local\Temp\d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe
"C:\Users\Admin\AppData\Local\Temp\d5fb28f50e25a086bf30cf41f9ee67d72159b01631b7e96a741f2b6328579cc5.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Windows\System32\xnSHejQ.exe
  C:\Windows\System32\xnSHejQ.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System32\prhxlPG.exe
  C:\Windows\System32\prhxlPG.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System32\CJnBszw.exe
  C:\Windows\System32\CJnBszw.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System32\LPJljXi.exe
  C:\Windows\System32\LPJljXi.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System32\iDOqTkw.exe
  C:\Windows\System32\iDOqTkw.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System32\AwWzwSH.exe
  C:\Windows\System32\AwWzwSH.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System32\aCyvmHh.exe
  C:\Windows\System32\aCyvmHh.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System32\BElBeAm.exe
  C:\Windows\System32\BElBeAm.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System32\oJlSsCG.exe
  C:\Windows\System32\oJlSsCG.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System32\AoOjDTD.exe
  C:\Windows\System32\AoOjDTD.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System32\lORsNHb.exe
  C:\Windows\System32\lORsNHb.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System32\QtIksSt.exe
  C:\Windows\System32\QtIksSt.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System32\EPQxhjr.exe
  C:\Windows\System32\EPQxhjr.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System32\buHmILe.exe
  C:\Windows\System32\buHmILe.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System32\wlMKPsa.exe
  C:\Windows\System32\wlMKPsa.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System32\NuzaElz.exe
  C:\Windows\System32\NuzaElz.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System32\YXegTxs.exe
  C:\Windows\System32\YXegTxs.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System32\BhlBRMs.exe
  C:\Windows\System32\BhlBRMs.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System32\tmNEPtY.exe
  C:\Windows\System32\tmNEPtY.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System32\NgAVhJk.exe
  C:\Windows\System32\NgAVhJk.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System32\tzDoses.exe
  C:\Windows\System32\tzDoses.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System32\ARSJyUn.exe
  C:\Windows\System32\ARSJyUn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System32\KrSHwTw.exe
  C:\Windows\System32\KrSHwTw.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System32\NGLKhMM.exe
  C:\Windows\System32\NGLKhMM.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System32\OAJGZde.exe
  C:\Windows\System32\OAJGZde.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System32\ITeuDlL.exe
  C:\Windows\System32\ITeuDlL.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System32\gWKPwGu.exe
  C:\Windows\System32\gWKPwGu.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System32\FXHTvGa.exe
  C:\Windows\System32\FXHTvGa.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System32\qgDbFys.exe
  C:\Windows\System32\qgDbFys.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System32\YSfcwLm.exe
  C:\Windows\System32\YSfcwLm.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System32\goiRreb.exe
  C:\Windows\System32\goiRreb.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System32\iGELvWH.exe
  C:\Windows\System32\iGELvWH.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System32\qIGrlYv.exe
  C:\Windows\System32\qIGrlYv.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System32\aQUylZj.exe
  C:\Windows\System32\aQUylZj.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System32\okiejMl.exe
  C:\Windows\System32\okiejMl.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System32\gQzCDwl.exe
  C:\Windows\System32\gQzCDwl.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System32\gMqkWSH.exe
  C:\Windows\System32\gMqkWSH.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System32\AZtZcbV.exe
  C:\Windows\System32\AZtZcbV.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System32\EEcLQQX.exe
  C:\Windows\System32\EEcLQQX.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System32\GfEuNzC.exe
  C:\Windows\System32\GfEuNzC.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System32\MVrXuIP.exe
  C:\Windows\System32\MVrXuIP.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System32\IzkzoIa.exe
  C:\Windows\System32\IzkzoIa.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System32\mItOJAF.exe
  C:\Windows\System32\mItOJAF.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System32\ohldzFt.exe
  C:\Windows\System32\ohldzFt.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System32\SpSnLrG.exe
  C:\Windows\System32\SpSnLrG.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System32\IBZypEw.exe
  C:\Windows\System32\IBZypEw.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System32\PrTuKcF.exe
  C:\Windows\System32\PrTuKcF.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System32\bEwlKZk.exe
  C:\Windows\System32\bEwlKZk.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System32\BFJYWlk.exe
  C:\Windows\System32\BFJYWlk.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System32\WluNVAZ.exe
  C:\Windows\System32\WluNVAZ.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System32\FqGJQan.exe
  C:\Windows\System32\FqGJQan.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System32\jGLYyee.exe
  C:\Windows\System32\jGLYyee.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System32\NjfLWqU.exe
  C:\Windows\System32\NjfLWqU.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System32\wiYVzEu.exe
  C:\Windows\System32\wiYVzEu.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System32\eSbhwUC.exe
  C:\Windows\System32\eSbhwUC.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System32\fJMWkec.exe
  C:\Windows\System32\fJMWkec.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System32\LFrvsAK.exe
  C:\Windows\System32\LFrvsAK.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System32\cDjTtrq.exe
  C:\Windows\System32\cDjTtrq.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\LtDGZAY.exe
  C:\Windows\System32\LtDGZAY.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System32\BNEAiPw.exe
  C:\Windows\System32\BNEAiPw.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System32\seiDnQH.exe
  C:\Windows\System32\seiDnQH.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System32\funtYlx.exe
  C:\Windows\System32\funtYlx.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System32\yOlyXyk.exe
  C:\Windows\System32\yOlyXyk.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System32\evoQnIB.exe
  C:\Windows\System32\evoQnIB.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System32\QaJGFsO.exe
  C:\Windows\System32\QaJGFsO.exe
  2⤵
  PID:1688
- C:\Windows\System32\HpYSvCc.exe
  C:\Windows\System32\HpYSvCc.exe
  2⤵
  PID:1808
- C:\Windows\System32\YsIKUDQ.exe
  C:\Windows\System32\YsIKUDQ.exe
  2⤵
  PID:2512
- C:\Windows\System32\mGJzAcV.exe
  C:\Windows\System32\mGJzAcV.exe
  2⤵
  PID:1796
- C:\Windows\System32\bEWHjdW.exe
  C:\Windows\System32\bEWHjdW.exe
  2⤵
  PID:4780
- C:\Windows\System32\OoAYGPL.exe
  C:\Windows\System32\OoAYGPL.exe
  2⤵
  PID:3316
- C:\Windows\System32\VqWKCcM.exe
  C:\Windows\System32\VqWKCcM.exe
  2⤵
  PID:4012
- C:\Windows\System32\jwywzyR.exe
  C:\Windows\System32\jwywzyR.exe
  2⤵
  PID:2672
- C:\Windows\System32\KKSwHaL.exe
  C:\Windows\System32\KKSwHaL.exe
  2⤵
  PID:2216
- C:\Windows\System32\OGdGdAj.exe
  C:\Windows\System32\OGdGdAj.exe
  2⤵
  PID:224
- C:\Windows\System32\kVUpmiD.exe
  C:\Windows\System32\kVUpmiD.exe
  2⤵
  PID:3160
- C:\Windows\System32\QZCRCjR.exe
  C:\Windows\System32\QZCRCjR.exe
  2⤵
  PID:4912
- C:\Windows\System32\aCEqqlP.exe
  C:\Windows\System32\aCEqqlP.exe
  2⤵
  PID:3148
- C:\Windows\System32\POdOJTo.exe
  C:\Windows\System32\POdOJTo.exe
  2⤵
  PID:2248
- C:\Windows\System32\NgoMRTv.exe
  C:\Windows\System32\NgoMRTv.exe
  2⤵
  PID:724
- C:\Windows\System32\nwrnuBn.exe
  C:\Windows\System32\nwrnuBn.exe
  2⤵
  PID:3412
- C:\Windows\System32\ZNyXMuf.exe
  C:\Windows\System32\ZNyXMuf.exe
  2⤵
  PID:3132
- C:\Windows\System32\dguJFhR.exe
  C:\Windows\System32\dguJFhR.exe
  2⤵
  PID:3564
- C:\Windows\System32\UECmYrp.exe
  C:\Windows\System32\UECmYrp.exe
  2⤵
  PID:5136
- C:\Windows\System32\LcPlzBj.exe
  C:\Windows\System32\LcPlzBj.exe
  2⤵
  PID:5172
- C:\Windows\System32\IHQiuNb.exe
  C:\Windows\System32\IHQiuNb.exe
  2⤵
  PID:5192
- C:\Windows\System32\DXJLLWE.exe
  C:\Windows\System32\DXJLLWE.exe
  2⤵
  PID:5220
- C:\Windows\System32\AzdMXlK.exe
  C:\Windows\System32\AzdMXlK.exe
  2⤵
  PID:5248
- C:\Windows\System32\qPVMqaE.exe
  C:\Windows\System32\qPVMqaE.exe
  2⤵
  PID:5276
- C:\Windows\System32\EPUjjnB.exe
  C:\Windows\System32\EPUjjnB.exe
  2⤵
  PID:5304
- C:\Windows\System32\hTwcRrm.exe
  C:\Windows\System32\hTwcRrm.exe
  2⤵
  PID:5332
- C:\Windows\System32\XqrghSh.exe
  C:\Windows\System32\XqrghSh.exe
  2⤵
  PID:5360
- C:\Windows\System32\bmjykMZ.exe
  C:\Windows\System32\bmjykMZ.exe
  2⤵
  PID:5388
- C:\Windows\System32\ClQDpfW.exe
  C:\Windows\System32\ClQDpfW.exe
  2⤵
  PID:5416
- C:\Windows\System32\bFPdRVf.exe
  C:\Windows\System32\bFPdRVf.exe
  2⤵
  PID:5444
- C:\Windows\System32\GyjDQiu.exe
  C:\Windows\System32\GyjDQiu.exe
  2⤵
  PID:5472
- C:\Windows\System32\iDoXnIk.exe
  C:\Windows\System32\iDoXnIk.exe
  2⤵
  PID:5500
- C:\Windows\System32\maRAaYp.exe
  C:\Windows\System32\maRAaYp.exe
  2⤵
  PID:5528
- C:\Windows\System32\SWVIrUT.exe
  C:\Windows\System32\SWVIrUT.exe
  2⤵
  PID:5556
- C:\Windows\System32\FfcPjhA.exe
  C:\Windows\System32\FfcPjhA.exe
  2⤵
  PID:5584
- C:\Windows\System32\RyfTbAp.exe
  C:\Windows\System32\RyfTbAp.exe
  2⤵
  PID:5612
- C:\Windows\System32\mztzclB.exe
  C:\Windows\System32\mztzclB.exe
  2⤵
  PID:5640
- C:\Windows\System32\MTPFNfh.exe
  C:\Windows\System32\MTPFNfh.exe
  2⤵
  PID:5668
- C:\Windows\System32\qZvIVay.exe
  C:\Windows\System32\qZvIVay.exe
  2⤵
  PID:5696
- C:\Windows\System32\TjSRiuO.exe
  C:\Windows\System32\TjSRiuO.exe
  2⤵
  PID:5724
- C:\Windows\System32\GWOPGCg.exe
  C:\Windows\System32\GWOPGCg.exe
  2⤵
  PID:5752
- C:\Windows\System32\fCnPogG.exe
  C:\Windows\System32\fCnPogG.exe
  2⤵
  PID:5780
- C:\Windows\System32\yYeiYyU.exe
  C:\Windows\System32\yYeiYyU.exe
  2⤵
  PID:5808
- C:\Windows\System32\oKyjKPh.exe
  C:\Windows\System32\oKyjKPh.exe
  2⤵
  PID:5836
- C:\Windows\System32\CcPnrxZ.exe
  C:\Windows\System32\CcPnrxZ.exe
  2⤵
  PID:5864
- C:\Windows\System32\UdOHfGN.exe
  C:\Windows\System32\UdOHfGN.exe
  2⤵
  PID:5892
- C:\Windows\System32\NZjvTvD.exe
  C:\Windows\System32\NZjvTvD.exe
  2⤵
  PID:5920
- C:\Windows\System32\twPAdnI.exe
  C:\Windows\System32\twPAdnI.exe
  2⤵
  PID:5948
- C:\Windows\System32\PpCjOVc.exe
  C:\Windows\System32\PpCjOVc.exe
  2⤵
  PID:5976
- C:\Windows\System32\tAUVBLk.exe
  C:\Windows\System32\tAUVBLk.exe
  2⤵
  PID:6004
- C:\Windows\System32\Gggbthi.exe
  C:\Windows\System32\Gggbthi.exe
  2⤵
  PID:6032
- C:\Windows\System32\LgJXjVq.exe
  C:\Windows\System32\LgJXjVq.exe
  2⤵
  PID:6060
- C:\Windows\System32\kdXoSLA.exe
  C:\Windows\System32\kdXoSLA.exe
  2⤵
  PID:6088
- C:\Windows\System32\FrAymJQ.exe
  C:\Windows\System32\FrAymJQ.exe
  2⤵
  PID:6116
- C:\Windows\System32\XaMfkEf.exe
  C:\Windows\System32\XaMfkEf.exe
  2⤵
  PID:2160
- C:\Windows\System32\ftPMJoO.exe
  C:\Windows\System32\ftPMJoO.exe
  2⤵
  PID:1800
- C:\Windows\System32\ZWsdaMh.exe
  C:\Windows\System32\ZWsdaMh.exe
  2⤵
  PID:1612
- C:\Windows\System32\ytUDRgW.exe
  C:\Windows\System32\ytUDRgW.exe
  2⤵
  PID:3548
- C:\Windows\System32\GbEqszn.exe
  C:\Windows\System32\GbEqszn.exe
  2⤵
  PID:4640
- C:\Windows\System32\sFjsVHr.exe
  C:\Windows\System32\sFjsVHr.exe
  2⤵
  PID:3616
- C:\Windows\System32\PKpevaY.exe
  C:\Windows\System32\PKpevaY.exe
  2⤵
  PID:3476
- C:\Windows\System32\aNiwaYM.exe
  C:\Windows\System32\aNiwaYM.exe
  2⤵
  PID:5156
- C:\Windows\System32\yPqPmlE.exe
  C:\Windows\System32\yPqPmlE.exe
  2⤵
  PID:5236
- C:\Windows\System32\uaPuAle.exe
  C:\Windows\System32\uaPuAle.exe
  2⤵
  PID:5284
- C:\Windows\System32\CHBChze.exe
  C:\Windows\System32\CHBChze.exe
  2⤵
  PID:5352
- C:\Windows\System32\TCKTURg.exe
  C:\Windows\System32\TCKTURg.exe
  2⤵
  PID:5432
- C:\Windows\System32\vKQzDdo.exe
  C:\Windows\System32\vKQzDdo.exe
  2⤵
  PID:5480
- C:\Windows\System32\szdeLgP.exe
  C:\Windows\System32\szdeLgP.exe
  2⤵
  PID:5548
- C:\Windows\System32\CQQQHKI.exe
  C:\Windows\System32\CQQQHKI.exe
  2⤵
  PID:5628
- C:\Windows\System32\iovvGbp.exe
  C:\Windows\System32\iovvGbp.exe
  2⤵
  PID:5676
- C:\Windows\System32\zIzQIIy.exe
  C:\Windows\System32\zIzQIIy.exe
  2⤵
  PID:5744
- C:\Windows\System32\bAMSRCL.exe
  C:\Windows\System32\bAMSRCL.exe
  2⤵
  PID:5824
- C:\Windows\System32\xoDJjCe.exe
  C:\Windows\System32\xoDJjCe.exe
  2⤵
  PID:5872
- C:\Windows\System32\ZXqMGPM.exe
  C:\Windows\System32\ZXqMGPM.exe
  2⤵
  PID:5940
- C:\Windows\System32\ZXRHvPT.exe
  C:\Windows\System32\ZXRHvPT.exe
  2⤵
  PID:6020
- C:\Windows\System32\kupoCWM.exe
  C:\Windows\System32\kupoCWM.exe
  2⤵
  PID:6068
- C:\Windows\System32\tdXrzYY.exe
  C:\Windows\System32\tdXrzYY.exe
  2⤵
  PID:6136
- C:\Windows\System32\GXMkQCI.exe
  C:\Windows\System32\GXMkQCI.exe
  2⤵
  PID:780
- C:\Windows\System32\hJALodf.exe
  C:\Windows\System32\hJALodf.exe
  2⤵
  PID:2876
- C:\Windows\System32\WpBhrlb.exe
  C:\Windows\System32\WpBhrlb.exe
  2⤵
  PID:5152
- C:\Windows\System32\ZYPMbSg.exe
  C:\Windows\System32\ZYPMbSg.exe
  2⤵
  PID:5324
- C:\Windows\System32\fCluZoS.exe
  C:\Windows\System32\fCluZoS.exe
  2⤵
  PID:5436
- C:\Windows\System32\jRZcpXO.exe
  C:\Windows\System32\jRZcpXO.exe
  2⤵
  PID:5592
- C:\Windows\System32\iciDOvc.exe
  C:\Windows\System32\iciDOvc.exe
  2⤵
  PID:5796
- C:\Windows\System32\kbbFswH.exe
  C:\Windows\System32\kbbFswH.exe
  2⤵
  PID:5908
- C:\Windows\System32\pSBrtLL.exe
  C:\Windows\System32\pSBrtLL.exe
  2⤵
  PID:6168
- C:\Windows\System32\xEojoHq.exe
  C:\Windows\System32\xEojoHq.exe
  2⤵
  PID:6196
- C:\Windows\System32\swmeWUl.exe
  C:\Windows\System32\swmeWUl.exe
  2⤵
  PID:6224
- C:\Windows\System32\xMbtSUr.exe
  C:\Windows\System32\xMbtSUr.exe
  2⤵
  PID:6252
- C:\Windows\System32\kOwTuyS.exe
  C:\Windows\System32\kOwTuyS.exe
  2⤵
  PID:6280
- C:\Windows\System32\LWuSGvw.exe
  C:\Windows\System32\LWuSGvw.exe
  2⤵
  PID:6308
- C:\Windows\System32\SyoygqO.exe
  C:\Windows\System32\SyoygqO.exe
  2⤵
  PID:6336
- C:\Windows\System32\soJWwpp.exe
  C:\Windows\System32\soJWwpp.exe
  2⤵
  PID:6364
- C:\Windows\System32\lNxhnuu.exe
  C:\Windows\System32\lNxhnuu.exe
  2⤵
  PID:6392
- C:\Windows\System32\AVVjVFP.exe
  C:\Windows\System32\AVVjVFP.exe
  2⤵
  PID:6420
- C:\Windows\System32\rQmqSLx.exe
  C:\Windows\System32\rQmqSLx.exe
  2⤵
  PID:6448
- C:\Windows\System32\TOWwFjn.exe
  C:\Windows\System32\TOWwFjn.exe
  2⤵
  PID:6476
- C:\Windows\System32\FmYFcUt.exe
  C:\Windows\System32\FmYFcUt.exe
  2⤵
  PID:6504
- C:\Windows\System32\HZRMesD.exe
  C:\Windows\System32\HZRMesD.exe
  2⤵
  PID:6532
- C:\Windows\System32\tBzqYzV.exe
  C:\Windows\System32\tBzqYzV.exe
  2⤵
  PID:6560
- C:\Windows\System32\KMDSqMg.exe
  C:\Windows\System32\KMDSqMg.exe
  2⤵
  PID:6588
- C:\Windows\System32\yvWAUHg.exe
  C:\Windows\System32\yvWAUHg.exe
  2⤵
  PID:6616
- C:\Windows\System32\oLCvnQT.exe
  C:\Windows\System32\oLCvnQT.exe
  2⤵
  PID:6644
- C:\Windows\System32\quOEzaQ.exe
  C:\Windows\System32\quOEzaQ.exe
  2⤵
  PID:6672
- C:\Windows\System32\pUywLTz.exe
  C:\Windows\System32\pUywLTz.exe
  2⤵
  PID:6700
- C:\Windows\System32\rZvcLBA.exe
  C:\Windows\System32\rZvcLBA.exe
  2⤵
  PID:6728
- C:\Windows\System32\ckPyXhd.exe
  C:\Windows\System32\ckPyXhd.exe
  2⤵
  PID:6756
- C:\Windows\System32\HnzrPoz.exe
  C:\Windows\System32\HnzrPoz.exe
  2⤵
  PID:6784
- C:\Windows\System32\VGTccBQ.exe
  C:\Windows\System32\VGTccBQ.exe
  2⤵
  PID:6812
- C:\Windows\System32\DrIeHut.exe
  C:\Windows\System32\DrIeHut.exe
  2⤵
  PID:6840
- C:\Windows\System32\nAndpBs.exe
  C:\Windows\System32\nAndpBs.exe
  2⤵
  PID:6868
- C:\Windows\System32\abkUcmQ.exe
  C:\Windows\System32\abkUcmQ.exe
  2⤵
  PID:6896
- C:\Windows\System32\CvLvjhP.exe
  C:\Windows\System32\CvLvjhP.exe
  2⤵
  PID:6924
- C:\Windows\System32\FpVyFqD.exe
  C:\Windows\System32\FpVyFqD.exe
  2⤵
  PID:6952
- C:\Windows\System32\MUxhBxJ.exe
  C:\Windows\System32\MUxhBxJ.exe
  2⤵
  PID:6980
- C:\Windows\System32\jIVxQHZ.exe
  C:\Windows\System32\jIVxQHZ.exe
  2⤵
  PID:7008
- C:\Windows\System32\litVhhg.exe
  C:\Windows\System32\litVhhg.exe
  2⤵
  PID:7036
- C:\Windows\System32\VFkNnmR.exe
  C:\Windows\System32\VFkNnmR.exe
  2⤵
  PID:7064
- C:\Windows\System32\EAdYeAH.exe
  C:\Windows\System32\EAdYeAH.exe
  2⤵
  PID:7092
- C:\Windows\System32\cxRidnK.exe
  C:\Windows\System32\cxRidnK.exe
  2⤵
  PID:7120
- C:\Windows\System32\pHBgrHq.exe
  C:\Windows\System32\pHBgrHq.exe
  2⤵
  PID:7148
- C:\Windows\System32\myXEYyf.exe
  C:\Windows\System32\myXEYyf.exe
  2⤵
  PID:5984
- C:\Windows\System32\PxXRrqP.exe
  C:\Windows\System32\PxXRrqP.exe
  2⤵
  PID:3672
- C:\Windows\System32\mJGOlSX.exe
  C:\Windows\System32\mJGOlSX.exe
  2⤵
  PID:4744
- C:\Windows\System32\oJrqmBy.exe
  C:\Windows\System32\oJrqmBy.exe
  2⤵
  PID:5396
- C:\Windows\System32\ASyxliX.exe
  C:\Windows\System32\ASyxliX.exe
  2⤵
  PID:5828
- C:\Windows\System32\mwIjKge.exe
  C:\Windows\System32\mwIjKge.exe
  2⤵
  PID:6176
- C:\Windows\System32\UBBToaY.exe
  C:\Windows\System32\UBBToaY.exe
  2⤵
  PID:6244
- C:\Windows\System32\IJuRLGs.exe
  C:\Windows\System32\IJuRLGs.exe
  2⤵
  PID:6324
- C:\Windows\System32\QKjlRCb.exe
  C:\Windows\System32\QKjlRCb.exe
  2⤵
  PID:6372
- C:\Windows\System32\QfDYjMq.exe
  C:\Windows\System32\QfDYjMq.exe
  2⤵
  PID:6440
- C:\Windows\System32\OQVwnTf.exe
  C:\Windows\System32\OQVwnTf.exe
  2⤵
  PID:6520
- C:\Windows\System32\bPexSso.exe
  C:\Windows\System32\bPexSso.exe
  2⤵
  PID:6568
- C:\Windows\System32\PuucLed.exe
  C:\Windows\System32\PuucLed.exe
  2⤵
  PID:6636
- C:\Windows\System32\tjFADzH.exe
  C:\Windows\System32\tjFADzH.exe
  2⤵
  PID:6716
- C:\Windows\System32\FKOxqSb.exe
  C:\Windows\System32\FKOxqSb.exe
  2⤵
  PID:6764
- C:\Windows\System32\qbtQtRt.exe
  C:\Windows\System32\qbtQtRt.exe
  2⤵
  PID:6832
- C:\Windows\System32\SECTLvl.exe
  C:\Windows\System32\SECTLvl.exe
  2⤵
  PID:6912
- C:\Windows\System32\bscZcxL.exe
  C:\Windows\System32\bscZcxL.exe
  2⤵
  PID:6960
- C:\Windows\System32\HAIhkBt.exe
  C:\Windows\System32\HAIhkBt.exe
  2⤵
  PID:7028
- C:\Windows\System32\aPkbfMa.exe
  C:\Windows\System32\aPkbfMa.exe
  2⤵
  PID:7108
- C:\Windows\System32\WBAQhsQ.exe
  C:\Windows\System32\WBAQhsQ.exe
  2⤵
  PID:5992
- C:\Windows\System32\wntdpTp.exe
  C:\Windows\System32\wntdpTp.exe
  2⤵
  PID:5076
- C:\Windows\System32\fRlWDzs.exe
  C:\Windows\System32\fRlWDzs.exe
  2⤵
  PID:5520
- C:\Windows\System32\VtdfbOp.exe
  C:\Windows\System32\VtdfbOp.exe
  2⤵
  PID:6240
- C:\Windows\System32\zvMOhMk.exe
  C:\Windows\System32\zvMOhMk.exe
  2⤵
  PID:6412
- C:\Windows\System32\hBUiRrj.exe
  C:\Windows\System32\hBUiRrj.exe
  2⤵
  PID:6512
- C:\Windows\System32\DeSIKtQ.exe
  C:\Windows\System32\DeSIKtQ.exe
  2⤵
  PID:6652
- C:\Windows\System32\GylcRlo.exe
  C:\Windows\System32\GylcRlo.exe
  2⤵
  PID:6804
- C:\Windows\System32\EfxQpGl.exe
  C:\Windows\System32\EfxQpGl.exe
  2⤵
  PID:6916
- C:\Windows\System32\maMxiwW.exe
  C:\Windows\System32\maMxiwW.exe
  2⤵
  PID:7072
- C:\Windows\System32\VfxseoP.exe
  C:\Windows\System32\VfxseoP.exe
  2⤵
  PID:1572
- C:\Windows\System32\CbjlwxE.exe
  C:\Windows\System32\CbjlwxE.exe
  2⤵
  PID:6260
- C:\Windows\System32\EAvWjmf.exe
  C:\Windows\System32\EAvWjmf.exe
  2⤵
  PID:3572
- C:\Windows\System32\JcFMXxs.exe
  C:\Windows\System32\JcFMXxs.exe
  2⤵
  PID:7080
- C:\Windows\System32\sPmxRKq.exe
  C:\Windows\System32\sPmxRKq.exe
  2⤵
  PID:6108
- C:\Windows\System32\rHbWbld.exe
  C:\Windows\System32\rHbWbld.exe
  2⤵
  PID:3240
- C:\Windows\System32\TaGDvtI.exe
  C:\Windows\System32\TaGDvtI.exe
  2⤵
  PID:7024
- C:\Windows\System32\BdnqpHz.exe
  C:\Windows\System32\BdnqpHz.exe
  2⤵
  PID:7192
- C:\Windows\System32\NkkSsWT.exe
  C:\Windows\System32\NkkSsWT.exe
  2⤵
  PID:7220
- C:\Windows\System32\fyGSulX.exe
  C:\Windows\System32\fyGSulX.exe
  2⤵
  PID:7248
- C:\Windows\System32\EeqvhFD.exe
  C:\Windows\System32\EeqvhFD.exe
  2⤵
  PID:7276
- C:\Windows\System32\LWZmZfS.exe
  C:\Windows\System32\LWZmZfS.exe
  2⤵
  PID:7304
- C:\Windows\System32\thMOvGu.exe
  C:\Windows\System32\thMOvGu.exe
  2⤵
  PID:7416
- C:\Windows\System32\HVcRnpY.exe
  C:\Windows\System32\HVcRnpY.exe
  2⤵
  PID:7452
- C:\Windows\System32\ZPuEsVi.exe
  C:\Windows\System32\ZPuEsVi.exe
  2⤵
  PID:7476
- C:\Windows\System32\SjeITBL.exe
  C:\Windows\System32\SjeITBL.exe
  2⤵
  PID:7504
- C:\Windows\System32\TQRLELa.exe
  C:\Windows\System32\TQRLELa.exe
  2⤵
  PID:7540
- C:\Windows\System32\uIOECrs.exe
  C:\Windows\System32\uIOECrs.exe
  2⤵
  PID:7568
- C:\Windows\System32\BjvtOgm.exe
  C:\Windows\System32\BjvtOgm.exe
  2⤵
  PID:7604
- C:\Windows\System32\rmRxeie.exe
  C:\Windows\System32\rmRxeie.exe
  2⤵
  PID:7648
- C:\Windows\System32\GSUOtZM.exe
  C:\Windows\System32\GSUOtZM.exe
  2⤵
  PID:7672
- C:\Windows\System32\MnaRwSI.exe
  C:\Windows\System32\MnaRwSI.exe
  2⤵
  PID:7708
- C:\Windows\System32\SpObQSc.exe
  C:\Windows\System32\SpObQSc.exe
  2⤵
  PID:7756
- C:\Windows\System32\oNFytCQ.exe
  C:\Windows\System32\oNFytCQ.exe
  2⤵
  PID:7788
- C:\Windows\System32\YUcouKZ.exe
  C:\Windows\System32\YUcouKZ.exe
  2⤵
  PID:7816
- C:\Windows\System32\oClBycJ.exe
  C:\Windows\System32\oClBycJ.exe
  2⤵
  PID:7844
- C:\Windows\System32\AylyFuv.exe
  C:\Windows\System32\AylyFuv.exe
  2⤵
  PID:7872
- C:\Windows\System32\RMpDRRN.exe
  C:\Windows\System32\RMpDRRN.exe
  2⤵
  PID:7900
- C:\Windows\System32\jYVsAdW.exe
  C:\Windows\System32\jYVsAdW.exe
  2⤵
  PID:7936
- C:\Windows\System32\MbOiAYl.exe
  C:\Windows\System32\MbOiAYl.exe
  2⤵
  PID:7964
- C:\Windows\System32\FIBmyBp.exe
  C:\Windows\System32\FIBmyBp.exe
  2⤵
  PID:7984
- C:\Windows\System32\xfvGJma.exe
  C:\Windows\System32\xfvGJma.exe
  2⤵
  PID:8012
- C:\Windows\System32\roVIwIO.exe
  C:\Windows\System32\roVIwIO.exe
  2⤵
  PID:8040
- C:\Windows\System32\SestZBG.exe
  C:\Windows\System32\SestZBG.exe
  2⤵
  PID:8068
- C:\Windows\System32\vVKRXsM.exe
  C:\Windows\System32\vVKRXsM.exe
  2⤵
  PID:8096
- C:\Windows\System32\elspmrv.exe
  C:\Windows\System32\elspmrv.exe
  2⤵
  PID:8124
- C:\Windows\System32\UPqODwn.exe
  C:\Windows\System32\UPqODwn.exe
  2⤵
  PID:8152
- C:\Windows\System32\GHfatFg.exe
  C:\Windows\System32\GHfatFg.exe
  2⤵
  PID:6104
- C:\Windows\System32\ufKkpkw.exe
  C:\Windows\System32\ufKkpkw.exe
  2⤵
  PID:4456
- C:\Windows\System32\lbKEVqg.exe
  C:\Windows\System32\lbKEVqg.exe
  2⤵
  PID:7236
- C:\Windows\System32\XHCdJkm.exe
  C:\Windows\System32\XHCdJkm.exe
  2⤵
  PID:2524
- C:\Windows\System32\ScbGToS.exe
  C:\Windows\System32\ScbGToS.exe
  2⤵
  PID:7376
- C:\Windows\System32\eWCyinE.exe
  C:\Windows\System32\eWCyinE.exe
  2⤵
  PID:396
- C:\Windows\System32\jsoBVpk.exe
  C:\Windows\System32\jsoBVpk.exe
  2⤵
  PID:7432
- C:\Windows\System32\UXqAlZy.exe
  C:\Windows\System32\UXqAlZy.exe
  2⤵
  PID:4204
- C:\Windows\System32\NptihkE.exe
  C:\Windows\System32\NptihkE.exe
  2⤵
  PID:3900
- C:\Windows\System32\DqiIeIY.exe
  C:\Windows\System32\DqiIeIY.exe
  2⤵
  PID:4484
- C:\Windows\System32\SPrGYSa.exe
  C:\Windows\System32\SPrGYSa.exe
  2⤵
  PID:2300
- C:\Windows\System32\cMyoWkX.exe
  C:\Windows\System32\cMyoWkX.exe
  2⤵
  PID:4352
- C:\Windows\System32\wvUxhTh.exe
  C:\Windows\System32\wvUxhTh.exe
  2⤵
  PID:3044
- C:\Windows\System32\pPxGsQc.exe
  C:\Windows\System32\pPxGsQc.exe
  2⤵
  PID:7620
- C:\Windows\System32\bAqPhEV.exe
  C:\Windows\System32\bAqPhEV.exe
  2⤵
  PID:8088
- C:\Windows\System32\mfspvbe.exe
  C:\Windows\System32\mfspvbe.exe
  2⤵
  PID:8020
- C:\Windows\System32\IwUcWuo.exe
  C:\Windows\System32\IwUcWuo.exe
  2⤵
  PID:7960
- C:\Windows\System32\wMorLBp.exe
  C:\Windows\System32\wMorLBp.exe
  2⤵
  PID:7880
- C:\Windows\System32\PqCtsrq.exe
  C:\Windows\System32\PqCtsrq.exe
  2⤵
  PID:7824
- C:\Windows\System32\qZAswlp.exe
  C:\Windows\System32\qZAswlp.exe
  2⤵
  PID:7776
- C:\Windows\System32\BCvxFEU.exe
  C:\Windows\System32\BCvxFEU.exe
  2⤵
  PID:8132
- C:\Windows\System32\gnNjBtq.exe
  C:\Windows\System32\gnNjBtq.exe
  2⤵
  PID:8180
- C:\Windows\System32\IdIkUAN.exe
  C:\Windows\System32\IdIkUAN.exe
  2⤵
  PID:7240
- C:\Windows\System32\tFaOUeD.exe
  C:\Windows\System32\tFaOUeD.exe
  2⤵
  PID:336
- C:\Windows\System32\hcFgqPJ.exe
  C:\Windows\System32\hcFgqPJ.exe
  2⤵
  PID:5056
- C:\Windows\System32\qQysORK.exe
  C:\Windows\System32\qQysORK.exe
  2⤵
  PID:2712
- C:\Windows\System32\WOwkWJU.exe
  C:\Windows\System32\WOwkWJU.exe
  2⤵
  PID:8112
- C:\Windows\System32\eenKRZm.exe
  C:\Windows\System32\eenKRZm.exe
  2⤵
  PID:7548
- C:\Windows\System32\uicgrUI.exe
  C:\Windows\System32\uicgrUI.exe
  2⤵
  PID:4900
- C:\Windows\System32\KFIFAQQ.exe
  C:\Windows\System32\KFIFAQQ.exe
  2⤵
  PID:1512
- C:\Windows\System32\RWNioYs.exe
  C:\Windows\System32\RWNioYs.exe
  2⤵
  PID:2304
- C:\Windows\System32\OGAaYGB.exe
  C:\Windows\System32\OGAaYGB.exe
  2⤵
  PID:4332
- C:\Windows\System32\okJiuqO.exe
  C:\Windows\System32\okJiuqO.exe
  2⤵
  PID:7980
- C:\Windows\System32\BJVDANQ.exe
  C:\Windows\System32\BJVDANQ.exe
  2⤵
  PID:7592
- C:\Windows\System32\aCtemAp.exe
  C:\Windows\System32\aCtemAp.exe
  2⤵
  PID:3976
- C:\Windows\System32\howmefi.exe
  C:\Windows\System32\howmefi.exe
  2⤵
  PID:516
- C:\Windows\System32\uUoqNSZ.exe
  C:\Windows\System32\uUoqNSZ.exe
  2⤵
  PID:7704
- C:\Windows\System32\SpvwZwC.exe
  C:\Windows\System32\SpvwZwC.exe
  2⤵
  PID:2708
- C:\Windows\System32\dufjEsD.exe
  C:\Windows\System32\dufjEsD.exe
  2⤵
  PID:860
- C:\Windows\System32\IyBBwkP.exe
  C:\Windows\System32\IyBBwkP.exe
  2⤵
  PID:8188
- C:\Windows\System32\ChjBEjk.exe
  C:\Windows\System32\ChjBEjk.exe
  2⤵
  PID:8212
- C:\Windows\System32\KNmbubz.exe
  C:\Windows\System32\KNmbubz.exe
  2⤵
  PID:8228
- C:\Windows\System32\DAbTwxx.exe
  C:\Windows\System32\DAbTwxx.exe
  2⤵
  PID:8252
- C:\Windows\System32\NOKKQxQ.exe
  C:\Windows\System32\NOKKQxQ.exe
  2⤵
  PID:8288
- C:\Windows\System32\EwviOXY.exe
  C:\Windows\System32\EwviOXY.exe
  2⤵
  PID:8316
- C:\Windows\System32\McViJko.exe
  C:\Windows\System32\McViJko.exe
  2⤵
  PID:8352
- C:\Windows\System32\UEjeEIA.exe
  C:\Windows\System32\UEjeEIA.exe
  2⤵
  PID:8376
- C:\Windows\System32\hhjyZoz.exe
  C:\Windows\System32\hhjyZoz.exe
  2⤵
  PID:8408
- C:\Windows\System32\WArKLkN.exe
  C:\Windows\System32\WArKLkN.exe
  2⤵
  PID:8424
- C:\Windows\System32\FpAHLtV.exe
  C:\Windows\System32\FpAHLtV.exe
  2⤵
  PID:8464
- C:\Windows\System32\JSmFiGK.exe
  C:\Windows\System32\JSmFiGK.exe
  2⤵
  PID:8492
- C:\Windows\System32\rtLvYcD.exe
  C:\Windows\System32\rtLvYcD.exe
  2⤵
  PID:8520
- C:\Windows\System32\tiQyTCV.exe
  C:\Windows\System32\tiQyTCV.exe
  2⤵
  PID:8536
- C:\Windows\System32\bWDHEwc.exe
  C:\Windows\System32\bWDHEwc.exe
  2⤵
  PID:8576
- C:\Windows\System32\bLThcPZ.exe
  C:\Windows\System32\bLThcPZ.exe
  2⤵
  PID:8604
- C:\Windows\System32\CSZKBNa.exe
  C:\Windows\System32\CSZKBNa.exe
  2⤵
  PID:8620
- C:\Windows\System32\IemoPsL.exe
  C:\Windows\System32\IemoPsL.exe
  2⤵
  PID:8660
- C:\Windows\System32\VQapWHn.exe
  C:\Windows\System32\VQapWHn.exe
  2⤵
  PID:8680
- C:\Windows\System32\BbubqcP.exe
  C:\Windows\System32\BbubqcP.exe
  2⤵
  PID:8708
- C:\Windows\System32\jmBekpy.exe
  C:\Windows\System32\jmBekpy.exe
  2⤵
  PID:8744
- C:\Windows\System32\CSDBBCN.exe
  C:\Windows\System32\CSDBBCN.exe
  2⤵
  PID:8772
- C:\Windows\System32\CsniqgZ.exe
  C:\Windows\System32\CsniqgZ.exe
  2⤵
  PID:8792
- C:\Windows\System32\mQkVUNQ.exe
  C:\Windows\System32\mQkVUNQ.exe
  2⤵
  PID:8828
- C:\Windows\System32\tKfoqVF.exe
  C:\Windows\System32\tKfoqVF.exe
  2⤵
  PID:8856
- C:\Windows\System32\aESGfCr.exe
  C:\Windows\System32\aESGfCr.exe
  2⤵
  PID:8880
- C:\Windows\System32\MuvZAkc.exe
  C:\Windows\System32\MuvZAkc.exe
  2⤵
  PID:8912
- C:\Windows\System32\UzhEMvv.exe
  C:\Windows\System32\UzhEMvv.exe
  2⤵
  PID:8940
- C:\Windows\System32\wHZTBkl.exe
  C:\Windows\System32\wHZTBkl.exe
  2⤵
  PID:8976
- C:\Windows\System32\rJBZsRm.exe
  C:\Windows\System32\rJBZsRm.exe
  2⤵
  PID:9004
- C:\Windows\System32\vwsoSOJ.exe
  C:\Windows\System32\vwsoSOJ.exe
  2⤵
  PID:9032
- C:\Windows\System32\HTkroWe.exe
  C:\Windows\System32\HTkroWe.exe
  2⤵
  PID:9048
- C:\Windows\System32\pTguAyg.exe
  C:\Windows\System32\pTguAyg.exe
  2⤵
  PID:9092
- C:\Windows\System32\AjYgUQA.exe
  C:\Windows\System32\AjYgUQA.exe
  2⤵
  PID:9108
- C:\Windows\System32\XCHtDVC.exe
  C:\Windows\System32\XCHtDVC.exe
  2⤵
  PID:9136
- C:\Windows\System32\nMiKSzU.exe
  C:\Windows\System32\nMiKSzU.exe
  2⤵
  PID:9176
- C:\Windows\System32\ZdFXuLA.exe
  C:\Windows\System32\ZdFXuLA.exe
  2⤵
  PID:9208
- C:\Windows\System32\BMbIqcJ.exe
  C:\Windows\System32\BMbIqcJ.exe
  2⤵
  PID:8196
- C:\Windows\System32\JiLlRyL.exe
  C:\Windows\System32\JiLlRyL.exe
  2⤵
  PID:8280
- C:\Windows\System32\hHbhxcj.exe
  C:\Windows\System32\hHbhxcj.exe
  2⤵
  PID:7200
- C:\Windows\System32\oglqssc.exe
  C:\Windows\System32\oglqssc.exe
  2⤵
  PID:8344
- C:\Windows\System32\UYmFmsD.exe
  C:\Windows\System32\UYmFmsD.exe
  2⤵
  PID:8436
- C:\Windows\System32\fYxIiFu.exe
  C:\Windows\System32\fYxIiFu.exe
  2⤵
  PID:8484
- C:\Windows\System32\WaZrEjJ.exe
  C:\Windows\System32\WaZrEjJ.exe
  2⤵
  PID:8548
- C:\Windows\System32\zvieAFj.exe
  C:\Windows\System32\zvieAFj.exe
  2⤵
  PID:8600
- C:\Windows\System32\sRqVRGB.exe
  C:\Windows\System32\sRqVRGB.exe
  2⤵
  PID:8688
- C:\Windows\System32\LKgsQnt.exe
  C:\Windows\System32\LKgsQnt.exe
  2⤵
  PID:8728
- C:\Windows\System32\FTImwDQ.exe
  C:\Windows\System32\FTImwDQ.exe
  2⤵
  PID:8780
- C:\Windows\System32\KCPjAmt.exe
  C:\Windows\System32\KCPjAmt.exe
  2⤵
  PID:8848
- C:\Windows\System32\SFAXbWS.exe
  C:\Windows\System32\SFAXbWS.exe
  2⤵
  PID:2172
- C:\Windows\System32\UjsjKjm.exe
  C:\Windows\System32\UjsjKjm.exe
  2⤵
  PID:8960
- C:\Windows\System32\OypSEEk.exe
  C:\Windows\System32\OypSEEk.exe
  2⤵
  PID:8968
- C:\Windows\System32\tHboUDh.exe
  C:\Windows\System32\tHboUDh.exe
  2⤵
  PID:9104
- C:\Windows\System32\WmFUTDC.exe
  C:\Windows\System32\WmFUTDC.exe
  2⤵
  PID:9120
- C:\Windows\System32\CGkMQKe.exe
  C:\Windows\System32\CGkMQKe.exe
  2⤵
  PID:9204
- C:\Windows\System32\uHZQsVl.exe
  C:\Windows\System32\uHZQsVl.exe
  2⤵
  PID:8272
- C:\Windows\System32\LdbdIwf.exe
  C:\Windows\System32\LdbdIwf.exe
  2⤵
  PID:8456
- C:\Windows\System32\LhpWEDz.exe
  C:\Windows\System32\LhpWEDz.exe
  2⤵
  PID:8612
- C:\Windows\System32\ycMlYHD.exe
  C:\Windows\System32\ycMlYHD.exe
  2⤵
  PID:8644
- C:\Windows\System32\fxdFFNG.exe
  C:\Windows\System32\fxdFFNG.exe
  2⤵
  PID:8824
- C:\Windows\System32\zKmpQdB.exe
  C:\Windows\System32\zKmpQdB.exe
  2⤵
  PID:1784
- C:\Windows\System32\qnuEpvT.exe
  C:\Windows\System32\qnuEpvT.exe
  2⤵
  PID:9084
- C:\Windows\System32\xHiSVLV.exe
  C:\Windows\System32\xHiSVLV.exe
  2⤵
  PID:9192
- C:\Windows\System32\AtAAyWY.exe
  C:\Windows\System32\AtAAyWY.exe
  2⤵
  PID:8528
- C:\Windows\System32\zJvqqYe.exe
  C:\Windows\System32\zJvqqYe.exe
  2⤵
  PID:1148
- C:\Windows\System32\HskwEXJ.exe
  C:\Windows\System32\HskwEXJ.exe
  2⤵
  PID:8384
- C:\Windows\System32\MgzPGkm.exe
  C:\Windows\System32\MgzPGkm.exe
  2⤵
  PID:8988
- C:\Windows\System32\shQsIIX.exe
  C:\Windows\System32\shQsIIX.exe
  2⤵
  PID:9228
- C:\Windows\System32\IiGpQpf.exe
  C:\Windows\System32\IiGpQpf.exe
  2⤵
  PID:9256
- C:\Windows\System32\gGAacNT.exe
  C:\Windows\System32\gGAacNT.exe
  2⤵
  PID:9276
- C:\Windows\System32\ZMGrDUf.exe
  C:\Windows\System32\ZMGrDUf.exe
  2⤵
  PID:9316
- C:\Windows\System32\HVDCOaS.exe
  C:\Windows\System32\HVDCOaS.exe
  2⤵
  PID:9344
- C:\Windows\System32\jSmRvOh.exe
  C:\Windows\System32\jSmRvOh.exe
  2⤵
  PID:9364
- C:\Windows\System32\dnTviDu.exe
  C:\Windows\System32\dnTviDu.exe
  2⤵
  PID:9388
- C:\Windows\System32\HVcFQHF.exe
  C:\Windows\System32\HVcFQHF.exe
  2⤵
  PID:9416
- C:\Windows\System32\qxByVRL.exe
  C:\Windows\System32\qxByVRL.exe
  2⤵
  PID:9436
- C:\Windows\System32\IKsfGKO.exe
  C:\Windows\System32\IKsfGKO.exe
  2⤵
  PID:9472
- C:\Windows\System32\iDPNyzA.exe
  C:\Windows\System32\iDPNyzA.exe
  2⤵
  PID:9504
- C:\Windows\System32\FgUQDCW.exe
  C:\Windows\System32\FgUQDCW.exe
  2⤵
  PID:9532
- C:\Windows\System32\KhDkvjy.exe
  C:\Windows\System32\KhDkvjy.exe
  2⤵
  PID:9568
- C:\Windows\System32\lxzdLtB.exe
  C:\Windows\System32\lxzdLtB.exe
  2⤵
  PID:9596
- C:\Windows\System32\SxUxhuJ.exe
  C:\Windows\System32\SxUxhuJ.exe
  2⤵
  PID:9624
- C:\Windows\System32\lBYqEhw.exe
  C:\Windows\System32\lBYqEhw.exe
  2⤵
  PID:9652
- C:\Windows\System32\pQtRYhL.exe
  C:\Windows\System32\pQtRYhL.exe
  2⤵
  PID:9668
- C:\Windows\System32\xwOUrQo.exe
  C:\Windows\System32\xwOUrQo.exe
  2⤵
  PID:9696
- C:\Windows\System32\afmTCvL.exe
  C:\Windows\System32\afmTCvL.exe
  2⤵
  PID:9736
- C:\Windows\System32\COGfsJA.exe
  C:\Windows\System32\COGfsJA.exe
  2⤵
  PID:9752
- C:\Windows\System32\AzTSqIt.exe
  C:\Windows\System32\AzTSqIt.exe
  2⤵
  PID:9792
- C:\Windows\System32\iiYQotK.exe
  C:\Windows\System32\iiYQotK.exe
  2⤵
  PID:9824
- C:\Windows\System32\LATyBxS.exe
  C:\Windows\System32\LATyBxS.exe
  2⤵
  PID:9852
- C:\Windows\System32\heIAcsa.exe
  C:\Windows\System32\heIAcsa.exe
  2⤵
  PID:9880
- C:\Windows\System32\DUpByjm.exe
  C:\Windows\System32\DUpByjm.exe
  2⤵
  PID:9908
- C:\Windows\System32\yvLVQQN.exe
  C:\Windows\System32\yvLVQQN.exe
  2⤵
  PID:9936
- C:\Windows\System32\hyXHzJs.exe
  C:\Windows\System32\hyXHzJs.exe
  2⤵
  PID:9964
- C:\Windows\System32\VixCCOm.exe
  C:\Windows\System32\VixCCOm.exe
  2⤵
  PID:9992
- C:\Windows\System32\dWKAioq.exe
  C:\Windows\System32\dWKAioq.exe
  2⤵
  PID:10020
- C:\Windows\System32\aEbmpDg.exe
  C:\Windows\System32\aEbmpDg.exe
  2⤵
  PID:10048
- C:\Windows\System32\CDFxauS.exe
  C:\Windows\System32\CDFxauS.exe
  2⤵
  PID:10076
- C:\Windows\System32\Snkpiqn.exe
  C:\Windows\System32\Snkpiqn.exe
  2⤵
  PID:10104
- C:\Windows\System32\ELhAOkd.exe
  C:\Windows\System32\ELhAOkd.exe
  2⤵
  PID:10132
- C:\Windows\System32\rlKXqjm.exe
  C:\Windows\System32\rlKXqjm.exe
  2⤵
  PID:10164
- C:\Windows\System32\qiTVFMP.exe
  C:\Windows\System32\qiTVFMP.exe
  2⤵
  PID:10196
- C:\Windows\System32\zoTkZOG.exe
  C:\Windows\System32\zoTkZOG.exe
  2⤵
  PID:10216
- C:\Windows\System32\MdGLBOR.exe
  C:\Windows\System32\MdGLBOR.exe
  2⤵
  PID:8240
- C:\Windows\System32\OheyLEC.exe
  C:\Windows\System32\OheyLEC.exe
  2⤵
  PID:9252
- C:\Windows\System32\WHvzBET.exe
  C:\Windows\System32\WHvzBET.exe
  2⤵
  PID:9356
- C:\Windows\System32\RdHuwFt.exe
  C:\Windows\System32\RdHuwFt.exe
  2⤵
  PID:4596
- C:\Windows\System32\JfjrSmn.exe
  C:\Windows\System32\JfjrSmn.exe
  2⤵
  PID:9408
- C:\Windows\System32\MNzgTeu.exe
  C:\Windows\System32\MNzgTeu.exe
  2⤵
  PID:9456
- C:\Windows\System32\PIaSyzp.exe
  C:\Windows\System32\PIaSyzp.exe
  2⤵
  PID:9540
- C:\Windows\System32\TUmtzaR.exe
  C:\Windows\System32\TUmtzaR.exe
  2⤵
  PID:9564
- C:\Windows\System32\LYaJfPw.exe
  C:\Windows\System32\LYaJfPw.exe
  2⤵
  PID:9644
- C:\Windows\System32\DbRhWdF.exe
  C:\Windows\System32\DbRhWdF.exe
  2⤵
  PID:9708
- C:\Windows\System32\FFeCHat.exe
  C:\Windows\System32\FFeCHat.exe
  2⤵
  PID:9804
- C:\Windows\System32\teXbSww.exe
  C:\Windows\System32\teXbSww.exe
  2⤵
  PID:9868
- C:\Windows\System32\iEjZDKf.exe
  C:\Windows\System32\iEjZDKf.exe
  2⤵
  PID:9932
- C:\Windows\System32\KUuWfLA.exe
  C:\Windows\System32\KUuWfLA.exe
  2⤵
  PID:10032
- C:\Windows\System32\qQbzahv.exe
  C:\Windows\System32\qQbzahv.exe
  2⤵
  PID:10144
- C:\Windows\System32\rhjbYSF.exe
  C:\Windows\System32\rhjbYSF.exe
  2⤵
  PID:8820
- C:\Windows\System32\tsHKrSn.exe
  C:\Windows\System32\tsHKrSn.exe
  2⤵
  PID:9380
- C:\Windows\System32\IuifGKb.exe
  C:\Windows\System32\IuifGKb.exe
  2⤵
  PID:9452
- C:\Windows\System32\rtgCuqJ.exe
  C:\Windows\System32\rtgCuqJ.exe
  2⤵
  PID:9588
- C:\Windows\System32\XtcRQAd.exe
  C:\Windows\System32\XtcRQAd.exe
  2⤵
  PID:9744
- C:\Windows\System32\vghGBIS.exe
  C:\Windows\System32\vghGBIS.exe
  2⤵
  PID:9920
- C:\Windows\System32\evjNOZp.exe
  C:\Windows\System32\evjNOZp.exe
  2⤵
  PID:10092
- C:\Windows\System32\UjtMKae.exe
  C:\Windows\System32\UjtMKae.exe
  2⤵
  PID:4264
- C:\Windows\System32\eccQZPx.exe
  C:\Windows\System32\eccQZPx.exe
  2⤵
  PID:9512
- C:\Windows\System32\gfkWAVt.exe
  C:\Windows\System32\gfkWAVt.exe
  2⤵
  PID:9928
- C:\Windows\System32\GNSCeEj.exe
  C:\Windows\System32\GNSCeEj.exe
  2⤵
  PID:9428
- C:\Windows\System32\pChHMLX.exe
  C:\Windows\System32\pChHMLX.exe
  2⤵
  PID:3680
- C:\Windows\System32\tklSXoc.exe
  C:\Windows\System32\tklSXoc.exe
  2⤵
  PID:3460
- C:\Windows\System32\EkZrsea.exe
  C:\Windows\System32\EkZrsea.exe
  2⤵
  PID:10264
- C:\Windows\System32\OKdYcBv.exe
  C:\Windows\System32\OKdYcBv.exe
  2⤵
  PID:10284
- C:\Windows\System32\FpuFQzF.exe
  C:\Windows\System32\FpuFQzF.exe
  2⤵
  PID:10324
- C:\Windows\System32\kINMtyb.exe
  C:\Windows\System32\kINMtyb.exe
  2⤵
  PID:10352
- C:\Windows\System32\fhWuEqB.exe
  C:\Windows\System32\fhWuEqB.exe
  2⤵
  PID:10376
- C:\Windows\System32\psxluwm.exe
  C:\Windows\System32\psxluwm.exe
  2⤵
  PID:10412
- C:\Windows\System32\NutUFLw.exe
  C:\Windows\System32\NutUFLw.exe
  2⤵
  PID:10436
- C:\Windows\System32\JnXgaYX.exe
  C:\Windows\System32\JnXgaYX.exe
  2⤵
  PID:10468
- C:\Windows\System32\SNsKCgy.exe
  C:\Windows\System32\SNsKCgy.exe
  2⤵
  PID:10496
- C:\Windows\System32\fJYPrVN.exe
  C:\Windows\System32\fJYPrVN.exe
  2⤵
  PID:10524
- C:\Windows\System32\HlvZuYG.exe
  C:\Windows\System32\HlvZuYG.exe
  2⤵
  PID:10552
- C:\Windows\System32\kWzFySc.exe
  C:\Windows\System32\kWzFySc.exe
  2⤵
  PID:10580
- C:\Windows\System32\TuriuTs.exe
  C:\Windows\System32\TuriuTs.exe
  2⤵
  PID:10608
- C:\Windows\System32\QIZjArm.exe
  C:\Windows\System32\QIZjArm.exe
  2⤵
  PID:10636
- C:\Windows\System32\anxXzUX.exe
  C:\Windows\System32\anxXzUX.exe
  2⤵
  PID:10664
- C:\Windows\System32\wLHxcKv.exe
  C:\Windows\System32\wLHxcKv.exe
  2⤵
  PID:10692
- C:\Windows\System32\EqJGZBt.exe
  C:\Windows\System32\EqJGZBt.exe
  2⤵
  PID:10720
- C:\Windows\System32\hcfOJMS.exe
  C:\Windows\System32\hcfOJMS.exe
  2⤵
  PID:10748
- C:\Windows\System32\uRXWdmP.exe
  C:\Windows\System32\uRXWdmP.exe
  2⤵
  PID:10780
- C:\Windows\System32\YLIoiQu.exe
  C:\Windows\System32\YLIoiQu.exe
  2⤵
  PID:10796
- C:\Windows\System32\AhMmjUP.exe
  C:\Windows\System32\AhMmjUP.exe
  2⤵
  PID:10824
- C:\Windows\System32\nAtqCAJ.exe
  C:\Windows\System32\nAtqCAJ.exe
  2⤵
  PID:10856
- C:\Windows\System32\SorDbgS.exe
  C:\Windows\System32\SorDbgS.exe
  2⤵
  PID:10892
- C:\Windows\System32\CAathvj.exe
  C:\Windows\System32\CAathvj.exe
  2⤵
  PID:10916
- C:\Windows\System32\detxRST.exe
  C:\Windows\System32\detxRST.exe
  2⤵
  PID:10948
- C:\Windows\System32\KOfPMiV.exe
  C:\Windows\System32\KOfPMiV.exe
  2⤵
  PID:10980
- C:\Windows\System32\tsiGPUB.exe
  C:\Windows\System32\tsiGPUB.exe
  2⤵
  PID:11024
- C:\Windows\System32\gncYNjN.exe
  C:\Windows\System32\gncYNjN.exe
  2⤵
  PID:11052
- C:\Windows\System32\FMTKDsS.exe
  C:\Windows\System32\FMTKDsS.exe
  2⤵
  PID:11080
- C:\Windows\System32\ueOJYOH.exe
  C:\Windows\System32\ueOJYOH.exe
  2⤵
  PID:11116
- C:\Windows\System32\tbgzQBw.exe
  C:\Windows\System32\tbgzQBw.exe
  2⤵
  PID:11144
- C:\Windows\System32\FeqjmFy.exe
  C:\Windows\System32\FeqjmFy.exe
  2⤵
  PID:11172
- C:\Windows\System32\ZKZkfAk.exe
  C:\Windows\System32\ZKZkfAk.exe
  2⤵
  PID:11212
- C:\Windows\System32\bkiKqgs.exe
  C:\Windows\System32\bkiKqgs.exe
  2⤵
  PID:11236
- C:\Windows\System32\ahnZNzA.exe
  C:\Windows\System32\ahnZNzA.exe
  2⤵
  PID:10256
- C:\Windows\System32\PFavYOS.exe
  C:\Windows\System32\PFavYOS.exe
  2⤵
  PID:10312
- C:\Windows\System32\JzdmQIk.exe
  C:\Windows\System32\JzdmQIk.exe
  2⤵
  PID:10444
- C:\Windows\System32\QAUkTjm.exe
  C:\Windows\System32\QAUkTjm.exe
  2⤵
  PID:10520
- C:\Windows\System32\WNnoPID.exe
  C:\Windows\System32\WNnoPID.exe
  2⤵
  PID:10560
- C:\Windows\System32\PklnXHz.exe
  C:\Windows\System32\PklnXHz.exe
  2⤵
  PID:10628
- C:\Windows\System32\LirqhYg.exe
  C:\Windows\System32\LirqhYg.exe
  2⤵
  PID:10688
- C:\Windows\System32\gCaCeAq.exe
  C:\Windows\System32\gCaCeAq.exe
  2⤵
  PID:10760
- C:\Windows\System32\ytCqtbM.exe
  C:\Windows\System32\ytCqtbM.exe
  2⤵
  PID:10888
- C:\Windows\System32\puHeNPC.exe
  C:\Windows\System32\puHeNPC.exe
  2⤵
  PID:10928
- C:\Windows\System32\vFSkRbE.exe
  C:\Windows\System32\vFSkRbE.exe
  2⤵
  PID:11016
- C:\Windows\System32\rBbGtov.exe
  C:\Windows\System32\rBbGtov.exe
  2⤵
  PID:11188
- C:\Windows\System32\JVCmLHI.exe
  C:\Windows\System32\JVCmLHI.exe
  2⤵
  PID:11248
- C:\Windows\System32\KPSdZJd.exe
  C:\Windows\System32\KPSdZJd.exe
  2⤵
  PID:10648
- C:\Windows\System32\JrJHMkx.exe
  C:\Windows\System32\JrJHMkx.exe
  2⤵
  PID:10732
- C:\Windows\System32\FQsIdzE.exe
  C:\Windows\System32\FQsIdzE.exe
  2⤵
  PID:10972
- C:\Windows\System32\dOtENyK.exe
  C:\Windows\System32\dOtENyK.exe
  2⤵
  PID:11168
- C:\Windows\System32\eshuEvo.exe
  C:\Windows\System32\eshuEvo.exe
  2⤵
  PID:10548
- C:\Windows\System32\lvgxLJe.exe
  C:\Windows\System32\lvgxLJe.exe
  2⤵
  PID:11064
- C:\Windows\System32\QgqaFHF.exe
  C:\Windows\System32\QgqaFHF.exe
  2⤵
  PID:11292
- C:\Windows\System32\ZMNjPWj.exe
  C:\Windows\System32\ZMNjPWj.exe
  2⤵
  PID:11324
- C:\Windows\System32\QLogjgR.exe
  C:\Windows\System32\QLogjgR.exe
  2⤵
  PID:11352
- C:\Windows\System32\HplgTvU.exe
  C:\Windows\System32\HplgTvU.exe
  2⤵
  PID:11392
- C:\Windows\System32\bgTSzty.exe
  C:\Windows\System32\bgTSzty.exe
  2⤵
  PID:11428
- C:\Windows\System32\zwknBhV.exe
  C:\Windows\System32\zwknBhV.exe
  2⤵
  PID:11456
- C:\Windows\System32\AVAWsBF.exe
  C:\Windows\System32\AVAWsBF.exe
  2⤵
  PID:11488
- C:\Windows\System32\HlqgRlr.exe
  C:\Windows\System32\HlqgRlr.exe
  2⤵
  PID:11504
- C:\Windows\System32\klizPbM.exe
  C:\Windows\System32\klizPbM.exe
  2⤵
  PID:11544
- C:\Windows\System32\dHQfgMx.exe
  C:\Windows\System32\dHQfgMx.exe
  2⤵
  PID:11564
- C:\Windows\System32\eNnHifc.exe
  C:\Windows\System32\eNnHifc.exe
  2⤵
  PID:11596
- C:\Windows\System32\VwcUHEd.exe
  C:\Windows\System32\VwcUHEd.exe
  2⤵
  PID:11624
- C:\Windows\System32\BhScvfj.exe
  C:\Windows\System32\BhScvfj.exe
  2⤵
  PID:11656
- C:\Windows\System32\dJZxxsx.exe
  C:\Windows\System32\dJZxxsx.exe
  2⤵
  PID:11684
- C:\Windows\System32\USDKHlb.exe
  C:\Windows\System32\USDKHlb.exe
  2⤵
  PID:11704
- C:\Windows\System32\dUTPZvc.exe
  C:\Windows\System32\dUTPZvc.exe
  2⤵
  PID:11744
- C:\Windows\System32\erKMzZx.exe
  C:\Windows\System32\erKMzZx.exe
  2⤵
  PID:11780
- C:\Windows\System32\vcGybcX.exe
  C:\Windows\System32\vcGybcX.exe
  2⤵
  PID:11808
- C:\Windows\System32\mCESGQw.exe
  C:\Windows\System32\mCESGQw.exe
  2⤵
  PID:11844
- C:\Windows\System32\KaEbIhc.exe
  C:\Windows\System32\KaEbIhc.exe
  2⤵
  PID:11860
- C:\Windows\System32\XDGncCl.exe
  C:\Windows\System32\XDGncCl.exe
  2⤵
  PID:11880
- C:\Windows\System32\bgzUrja.exe
  C:\Windows\System32\bgzUrja.exe
  2⤵
  PID:11904
- C:\Windows\System32\FESyYfD.exe
  C:\Windows\System32\FESyYfD.exe
  2⤵
  PID:11924
- C:\Windows\System32\GKBZcQm.exe
  C:\Windows\System32\GKBZcQm.exe
  2⤵
  PID:11952
- C:\Windows\System32\qtbrhRm.exe
  C:\Windows\System32\qtbrhRm.exe
  2⤵
  PID:12000
- C:\Windows\System32\LMZINYn.exe
  C:\Windows\System32\LMZINYn.exe
  2⤵
  PID:12028
- C:\Windows\System32\yObDVFV.exe
  C:\Windows\System32\yObDVFV.exe
  2⤵
  PID:12084
- C:\Windows\System32\nZeRaAa.exe
  C:\Windows\System32\nZeRaAa.exe
  2⤵
  PID:12112
- C:\Windows\System32\aEWFbdY.exe
  C:\Windows\System32\aEWFbdY.exe
  2⤵
  PID:12128
- C:\Windows\System32\NsPEqNV.exe
  C:\Windows\System32\NsPEqNV.exe
  2⤵
  PID:12168
- C:\Windows\System32\YItqDjS.exe
  C:\Windows\System32\YItqDjS.exe
  2⤵
  PID:12196
- C:\Windows\System32\huMDlpi.exe
  C:\Windows\System32\huMDlpi.exe
  2⤵
  PID:12212
- C:\Windows\System32\MqoSbfj.exe
  C:\Windows\System32\MqoSbfj.exe
  2⤵
  PID:12244
- C:\Windows\System32\zKyrwBT.exe
  C:\Windows\System32\zKyrwBT.exe
  2⤵
  PID:12276
- C:\Windows\System32\eWdtMpr.exe
  C:\Windows\System32\eWdtMpr.exe
  2⤵
  PID:11256
- C:\Windows\System32\TNmjOou.exe
  C:\Windows\System32\TNmjOou.exe
  2⤵
  PID:11308
- C:\Windows\System32\koyRbVy.exe
  C:\Windows\System32\koyRbVy.exe
  2⤵
  PID:11384
- C:\Windows\System32\RYqztSJ.exe
  C:\Windows\System32\RYqztSJ.exe
  2⤵
  PID:11416
- C:\Windows\System32\enKmoFz.exe
  C:\Windows\System32\enKmoFz.exe
  2⤵
  PID:11500
- C:\Windows\System32\yxGfxIK.exe
  C:\Windows\System32\yxGfxIK.exe
  2⤵
  PID:11588
- C:\Windows\System32\mWRBMtB.exe
  C:\Windows\System32\mWRBMtB.exe
  2⤵
  PID:11640
- C:\Windows\System32\RKXUZFG.exe
  C:\Windows\System32\RKXUZFG.exe
  2⤵
  PID:11728
- C:\Windows\System32\AWkzPsH.exe
  C:\Windows\System32\AWkzPsH.exe
  2⤵
  PID:11776
- C:\Windows\System32\obOrDvV.exe
  C:\Windows\System32\obOrDvV.exe
  2⤵
  PID:11832
- C:\Windows\System32\dnxtFqa.exe
  C:\Windows\System32\dnxtFqa.exe
  2⤵
  PID:11900
- C:\Windows\System32\CmkanuX.exe
  C:\Windows\System32\CmkanuX.exe
  2⤵
  PID:11972
- C:\Windows\System32\MtPjcIz.exe
  C:\Windows\System32\MtPjcIz.exe
  2⤵
  PID:12064
- C:\Windows\System32\cgVQLwU.exe
  C:\Windows\System32\cgVQLwU.exe
  2⤵
  PID:12140
- C:\Windows\System32\ZHuMYdx.exe
  C:\Windows\System32\ZHuMYdx.exe
  2⤵
  PID:12208
- C:\Windows\System32\jeaFmmU.exe
  C:\Windows\System32\jeaFmmU.exe
  2⤵
  PID:12232
- C:\Windows\System32\UPAybBv.exe
  C:\Windows\System32\UPAybBv.exe
  2⤵
  PID:11260
- C:\Windows\System32\otfejZf.exe
  C:\Windows\System32\otfejZf.exe
  2⤵
  PID:11476
- C:\Windows\System32\ldskRzW.exe
  C:\Windows\System32\ldskRzW.exe
  2⤵
  PID:11604
- C:\Windows\System32\cXHUVKu.exe
  C:\Windows\System32\cXHUVKu.exe
  2⤵
  PID:11732
- C:\Windows\System32\gfTrXIz.exe
  C:\Windows\System32\gfTrXIz.exe
  2⤵
  PID:11988
- C:\Windows\System32\xtmWbJc.exe
  C:\Windows\System32\xtmWbJc.exe
  2⤵
  PID:12120
- C:\Windows\System32\jlWNJdQ.exe
  C:\Windows\System32\jlWNJdQ.exe
  2⤵
  PID:12284
- C:\Windows\System32\vHJaKVk.exe
  C:\Windows\System32\vHJaKVk.exe
  2⤵
  PID:11560
- C:\Windows\System32\OBNSFYg.exe
  C:\Windows\System32\OBNSFYg.exe
  2⤵
  PID:11840
- C:\Windows\System32\omsjXth.exe
  C:\Windows\System32\omsjXth.exe
  2⤵
  PID:12164
- C:\Windows\System32\NjErvFp.exe
  C:\Windows\System32\NjErvFp.exe
  2⤵
  PID:12024
- C:\Windows\System32\EeFXjmI.exe
  C:\Windows\System32\EeFXjmI.exe
  2⤵
  PID:11452
- C:\Windows\System32\Dydyblk.exe
  C:\Windows\System32\Dydyblk.exe
  2⤵
  PID:12332
- C:\Windows\System32\flrHhFB.exe
  C:\Windows\System32\flrHhFB.exe
  2⤵
  PID:12348
- C:\Windows\System32\pPPHWjz.exe
  C:\Windows\System32\pPPHWjz.exe
  2⤵
  PID:12376
- C:\Windows\System32\wStPsLe.exe
  C:\Windows\System32\wStPsLe.exe
  2⤵
  PID:12392
- C:\Windows\System32\wNlQXcc.exe
  C:\Windows\System32\wNlQXcc.exe
  2⤵
  PID:12424
- C:\Windows\System32\XvaBqVh.exe
  C:\Windows\System32\XvaBqVh.exe
  2⤵
  PID:12460
- C:\Windows\System32\eEFmXCn.exe
  C:\Windows\System32\eEFmXCn.exe
  2⤵
  PID:12488
- C:\Windows\System32\lykbezi.exe
  C:\Windows\System32\lykbezi.exe
  2⤵
  PID:12516
- C:\Windows\System32\wMboXYb.exe
  C:\Windows\System32\wMboXYb.exe
  2⤵
  PID:12536
- C:\Windows\System32\PRLlSSa.exe
  C:\Windows\System32\PRLlSSa.exe
  2⤵
  PID:12560
- C:\Windows\System32\GfCenOv.exe
  C:\Windows\System32\GfCenOv.exe
  2⤵
  PID:12600
- C:\Windows\System32\eThLfLs.exe
  C:\Windows\System32\eThLfLs.exe
  2⤵
  PID:12620
- C:\Windows\System32\iTuaCpT.exe
  C:\Windows\System32\iTuaCpT.exe
  2⤵
  PID:12656
- C:\Windows\System32\kKjcrYe.exe
  C:\Windows\System32\kKjcrYe.exe
  2⤵
  PID:12684
- C:\Windows\System32\BauPqqw.exe
  C:\Windows\System32\BauPqqw.exe
  2⤵
  PID:12704
- C:\Windows\System32\RuIUUwb.exe
  C:\Windows\System32\RuIUUwb.exe
  2⤵
  PID:12732
- C:\Windows\System32\SAEjoqw.exe
  C:\Windows\System32\SAEjoqw.exe
  2⤵
  PID:12764
- C:\Windows\System32\EKTbGpA.exe
  C:\Windows\System32\EKTbGpA.exe
  2⤵
  PID:12784
- C:\Windows\System32\kTeVWcn.exe
  C:\Windows\System32\kTeVWcn.exe
  2⤵
  PID:12824
- C:\Windows\System32\nNqTVrK.exe
  C:\Windows\System32\nNqTVrK.exe
  2⤵
  PID:12852
- C:\Windows\System32\DGlyfPw.exe
  C:\Windows\System32\DGlyfPw.exe
  2⤵
  PID:12884
- C:\Windows\System32\BUYbkOl.exe
  C:\Windows\System32\BUYbkOl.exe
  2⤵
  PID:12916
- C:\Windows\System32\JdXAJQt.exe
  C:\Windows\System32\JdXAJQt.exe
  2⤵
  PID:12960
- C:\Windows\System32\fFwFnWw.exe
  C:\Windows\System32\fFwFnWw.exe
  2⤵
  PID:12996
- C:\Windows\System32\XAmPShi.exe
  C:\Windows\System32\XAmPShi.exe
  2⤵
  PID:13028
- C:\Windows\System32\OtFcmDx.exe
  C:\Windows\System32\OtFcmDx.exe
  2⤵
  PID:13056
- C:\Windows\System32\fUKdRid.exe
  C:\Windows\System32\fUKdRid.exe
  2⤵
  PID:13084
- C:\Windows\System32\GEHuqpj.exe
  C:\Windows\System32\GEHuqpj.exe
  2⤵
  PID:13112
- C:\Windows\System32\ZviaQkm.exe
  C:\Windows\System32\ZviaQkm.exe
  2⤵
  PID:13140
- C:\Windows\System32\qqTGeuW.exe
  C:\Windows\System32\qqTGeuW.exe
  2⤵
  PID:13168
- C:\Windows\System32\JCLbxrv.exe
  C:\Windows\System32\JCLbxrv.exe
  2⤵
  PID:13184
- C:\Windows\System32\bthkszj.exe
  C:\Windows\System32\bthkszj.exe
  2⤵
  PID:13224
- C:\Windows\System32\dbgXQrS.exe
  C:\Windows\System32\dbgXQrS.exe
  2⤵
  PID:13240
- C:\Windows\System32\UyfbNQJ.exe
  C:\Windows\System32\UyfbNQJ.exe
  2⤵
  PID:13268
- C:\Windows\System32\cNLdxAY.exe
  C:\Windows\System32\cNLdxAY.exe
  2⤵
  PID:13296
- C:\Windows\System32\xcbHFiQ.exe
  C:\Windows\System32\xcbHFiQ.exe
  2⤵
  PID:12312
- C:\Windows\System32\mpkSFSh.exe
  C:\Windows\System32\mpkSFSh.exe
  2⤵
  PID:12388
- C:\Windows\System32\stfPUhR.exe
  C:\Windows\System32\stfPUhR.exe
  2⤵
  PID:12420
- C:\Windows\System32\cOIANRo.exe
  C:\Windows\System32\cOIANRo.exe
  2⤵
  PID:12544
- C:\Windows\System32\hFaTtrE.exe
  C:\Windows\System32\hFaTtrE.exe
  2⤵
  PID:12640
- C:\Windows\System32\IWOIrdf.exe
  C:\Windows\System32\IWOIrdf.exe
  2⤵
  PID:12672
- C:\Windows\System32\RdVZyKv.exe
  C:\Windows\System32\RdVZyKv.exe
  2⤵
  PID:12724
- C:\Windows\System32\KWygGuJ.exe
  C:\Windows\System32\KWygGuJ.exe
  2⤵
  PID:12816
- C:\Windows\System32\vIIKqed.exe
  C:\Windows\System32\vIIKqed.exe
  2⤵
  PID:12872
- C:\Windows\System32\aakxXVM.exe
  C:\Windows\System32\aakxXVM.exe
  2⤵
  PID:12972

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ARSJyUn.exe

Filesize
3.3MB

MD5
e5f10ab4b8fbb6679b9a3a3e998d70ad

SHA1
6bb04c0169183c67b30b723fdee97de5964bfc66

SHA256
83daf1449f1642329afedcd5f9de86c059ae503ad525b999f50cbb394e007bd6

SHA512
b04651edee3146985f3af9557ed05ad8ee82296ee7747544f93521bf2db17284b039696c898fbd7e4499e21dc6d61abec21e7e35ef251c7c417d7d899504d8c0

Download Submit
C:\Windows\System32\AoOjDTD.exe

Filesize
3.3MB

MD5
1ed2e8bb142b2c8e059d064e4fa8c4a3

SHA1
1f85291ede81e5830effbbe9944127c62699262c

SHA256
c939c2f902d382035736aea97c3abbc2c8284fe764019dbf22d056aa7f8e7b0d

SHA512
1caebf6fcc7b9b4aa147611128796e31c70bdafcbc5687bdd50322cbd3a10b5e98d1c4f2d481e29c9a2d64abaca0a8a3c7511bc55c5fd494d850d2ac6d3c4cc7

Download Submit
C:\Windows\System32\AwWzwSH.exe

Filesize
3.3MB

MD5
d89cec97d43de2d9f851d3be92dac573

SHA1
c53c2cddfb6b1ab4b55c6b303db64d84d6ae20aa

SHA256
5094aa242bf024ceddb236a2680422d95ae92a595ccb7079951e5131e2a4c266

SHA512
948dc9234a082d768e71317cb50d203a5aa3e4b565dace7cd95fef88b56377ad18abb9d570c606e5cbd295fdd6c10a14444e30cefca88289b7839c2dda0b647d

Download Submit
C:\Windows\System32\BElBeAm.exe

Filesize
3.3MB

MD5
ac47445f12a3416c06f98416a7482e92

SHA1
fa47d82706765bc0c133b8641b9b6354bf66c386

SHA256
674e578e03f1a7c3ac1a7f0032c9caf5c98405c0ade778770b48bb1bcced1e53

SHA512
1fd53b15e8814c0789db6914e57380f3444047815eb4a375a1258608cf62a4352ca426faf54d918a9cd46a1d6e6c36bf40d8819fced198c28027f5949915fdae

Download Submit
C:\Windows\System32\BhlBRMs.exe

Filesize
3.3MB

MD5
a87c75185ee54c2a05d54126766158ea

SHA1
71c812862ba29ba5f18a4c46d89d62f64ce1bea3

SHA256
9cb3a89557278556e29f67f24bf8a4d68c6942fad47131974c92c9663053856d

SHA512
172d518d6c86f28bdbb65de92b8bc6c2f940d2cb325d350dd18e297a5be78a82f4764359221d1ca0ac91449bba51387579a8330659535d06da0f8677a1eab8b4

Download Submit
C:\Windows\System32\CJnBszw.exe

Filesize
3.3MB

MD5
af4a4b0860037c8861f547f4378cac6a

SHA1
d65631855c57c36647457c596123ad7c7a4d74fa

SHA256
178abbc3e11a737fa8c10b2c4a07e5bd99fbf9cce62a5e71f0bb3afc1ea41fa4

SHA512
ba4daa630203ed5802e09d9dfa9bf18e1e8906d7e373256c0473c75b42a372cdc756d161506446d2fbc299f387d1469f96722f76d002653493e0e614db7e8c6c

Download Submit
C:\Windows\System32\EPQxhjr.exe

Filesize
3.3MB

MD5
5f9cbd2dded260deaa26ce689c0dd8db

SHA1
af123c732b1c9bb693516b1eb0ca7fedaeb37e05

SHA256
320171268de25fa3f6b6b01054cc8b5939f4ac8e2a2590c5562bc6573657696b

SHA512
54c7d6872a1b72ed0bbf72820f04d81f6c68921378ce0f086227fb4ad2331e95f1415da50ad0608d82ff5560b911636ef76f25ef5f5a320cc51f8fbfd74a8a31

Download Submit
C:\Windows\System32\FXHTvGa.exe

Filesize
3.3MB

MD5
1a50de4d9be7df5a369311f41cdd6d03

SHA1
a65ce87e25ac895cd2e99ac053694caae35c89b1

SHA256
c0fc680436df3fc676eb4bae51d69507fd38138dfb9c0944d8fc4c5b87317df1

SHA512
f73ad8543ecaa6384335e484b0240c5ff13e96cdd00cfebc995484a6b21785ada1579c09d98bf34e283de5daf4a39b718cc0b16b26be00821693711246e4f703

Download Submit
C:\Windows\System32\ITeuDlL.exe

Filesize
3.3MB

MD5
cc7a09925d52e24b056ade9b40a7b3b2

SHA1
8810770531dd6c864f6aa8807d876073139e3343

SHA256
e728435c65ad7b63abbb5f423fe77ff6181801ab510283d8fb59fdac2674041c

SHA512
43f5cd375e4a4bdcf6e683e7390dab1b322bde38612111140f181c12323414d16ef98a0a3ad75bd0e6ba3b1ba03b214587ef87bd1b4a6cf3fdc77cddbd9a0777

Download Submit
C:\Windows\System32\KrSHwTw.exe

Filesize
3.3MB

MD5
63d5b72c7bf2082490faddaccfc7e716

SHA1
d75875075d16df3701e21eaa4db97bcbda5954b2

SHA256
1956765519a9e54db1a2c473ef7fe26224b98897a035439d6bd773018f73202d

SHA512
42beab7f3ca7a96d12c8b19c27e193ce61e338170d91047ef6d7a9c625a310fbe36381b6a57af2347ccbb5069a041f759e91497e86fd1337d2523faff3673d59

Download Submit
C:\Windows\System32\LPJljXi.exe

Filesize
3.3MB

MD5
21e8d984c8e4122408765fcb93a183ff

SHA1
170a6a9c24b9f2a0c8c192f5a9a1bc3e1eb8758e

SHA256
cb302e72e7ce991cc35bc782a3cdcb082eda6b139ec97f3f5e661b6ecc0b2492

SHA512
c2d0cbb6b571a56fbf427cdd398dacefa82a8fb6c7401862cd779acef27d26b80425f59b76e057216cd07db7eff27a038cdf7e0647dc553def3d529238e119ff

Download Submit
C:\Windows\System32\NGLKhMM.exe

Filesize
3.3MB

MD5
9f669e83a034fc7332d1e4a677c9d09c

SHA1
ca6af61e3f2e0742876bea35bb714ad240799f8b

SHA256
9638e29969ed416dcbdcc9be6319d53d78434029210c18c9cd35966053d81799

SHA512
0ebd630678c1810a1d33ad391fc9b0ddd943809c2bc849c229c4e0f4365001b9c0e51ad67830a17e1fcca1c5d1c00d890e93c4ed3dd24cdb076c577632affe7b

Download Submit
C:\Windows\System32\NgAVhJk.exe

Filesize
3.3MB

MD5
99d95a2d8a232083a1a3e3d1e371654f

SHA1
c875e718cf19448b92942719ab767ab021023066

SHA256
ebfc8b9943df02c593f8be45f87423a1236289f28a0db134994e8a6084a4a656

SHA512
4af4a5a7f90cca4c5ad18a6a8330511ac52b669ec2dfb4e43109af74f61be3cb999b77a0b916feabcf496dbe9a2da8da0dee068ac53bbb7a0b8a34e1fbed7c40

Download Submit
C:\Windows\System32\NuzaElz.exe

Filesize
3.3MB

MD5
b77dfe093a8f4bbbe186e01e32b03364

SHA1
2ff45db8c1ed5233ab72f45e998d2da5c208ec7b

SHA256
e3df595f3ae92d5ccc9619841cee1ef205dd38a13047aa022c98d1bbb8440af7

SHA512
defcdc483d4ab7a73419da981c7e996a320d33c5a1fbcb28c9a9105528063e6792338b47000e5269aaaf9c0abf080f359c70fa658712cf7bba5e4e1e1196478e

Download Submit
C:\Windows\System32\OAJGZde.exe

Filesize
3.3MB

MD5
1c43110f96d43bfb1261832866319c82

SHA1
60ea3f94d9f64300bc270f6f46091283fe6b3992

SHA256
2f89234c0b9e2c0ccee60c253ca0095620f1e54e273061c901ffa116583d3a26

SHA512
f3ed596b2cb9cac76ddde7bcb256765e874a0b2c2ef5fac86a507098de3cd37f14a412ab6cbf7119de5577b6be0c1ae6379e09f85456bece6052275be5854d00

Download Submit
C:\Windows\System32\QtIksSt.exe

Filesize
3.3MB

MD5
3abdec01df0978838a4047ad49b12e6b

SHA1
bd128763acfd5a4f973fe15336ade470a00e8628

SHA256
182a48e5e90e124dd984bfd148a07f51f6e71657df0d242a0c387ab21af1f73a

SHA512
3ba51d312c881069a3f3116c87fe5b78384bd1b997355fe033202dbe135a8559eb8f90d536cbf0af944a903c07869c0f62d9f41157306ae0828329a87dd83559

Download Submit
C:\Windows\System32\YSfcwLm.exe

Filesize
3.3MB

MD5
3166e21dcb5e23a761c4470348a31e5f

SHA1
d3d4adc4482f2f033bdb5c4098fbf4665caf926a

SHA256
ee15138681afe14ee29a3736bc242285593108cb1b26617ba3e1c5a5fb89a0f3

SHA512
b717ac30dc4cccc29c50594d309ae6a67cd4c01676ce6deece943126cde5a340b05d6174d4fdc6359d969bb668943fc77573842bb284f8bd2d9892b023f7a7b3

Download Submit
C:\Windows\System32\YXegTxs.exe

Filesize
3.3MB

MD5
d3765ece63d280db35298bd90a830c43

SHA1
d308b11072abe187736b6e3fff9ca60507c3c195

SHA256
cf77ed66b7245a326b6283de80580a127a758292bc1ccc64a72b2188d3064fca

SHA512
6af1813c963f8a60c98775817a55d7f38dda98d34250c6175aacdf96e63692c2699ef0e603ada406c88a18807728f1e3a375ce9aef10a68dd4551271215173c5

Download Submit
C:\Windows\System32\aCyvmHh.exe

Filesize
3.3MB

MD5
96a6a082945e3de39802a4bb70672aab

SHA1
3065ea46cb2df91b3e68d2c26033fbd4ba9b7062

SHA256
c17865cc5ff6ca4a828094d63fc43edc94989a9a7104b4a6e9e65614aed70c48

SHA512
3d620a5a4fc04d57368feca52c7306db645d7fe340f36a560c88d8b10c7fe8d40b8ec80cf046fff9d736d4b24a4ec4a717c876751a417535cd282e52c77a0d01

Download Submit
C:\Windows\System32\buHmILe.exe

Filesize
3.3MB

MD5
0e11c5df06e595f16fe088d75bf021fa

SHA1
19bf3ff85f06aa561f9824d312f13bc13db15d50

SHA256
faecad77844147b5aee389d5fb548ba90de3c6ddba0336da834de51117a16687

SHA512
80599a0c96657e74f90a6f58d0e09cd196b44e226f026c65231a38915b1ba12dba9767001fcc01274725ffcc394eb5b8b1d2930b83b5b5f27d8bda6f4a0cc021

Download Submit
C:\Windows\System32\gWKPwGu.exe

Filesize
3.3MB

MD5
8e6823c476f956ca7d4cdf98981a080e

SHA1
85f307f235d22ae96bc253af95022eb956b45f73

SHA256
8630e7ec3924078fbe1b37fdd6219176341fd698b37db4776ae675a794300ba1

SHA512
7b5c2c8adf0fc52a62b0700c4841607cddca77d38a52e0d38ec46a06c0e68250eb9ba3826442bf0c03acf3c4dca57ea6884953c28231710589829f139526ed3e

Download Submit
C:\Windows\System32\goiRreb.exe

Filesize
3.3MB

MD5
7dbea70ecf0998f8cb6bb4c1a85a5789

SHA1
82d465882f14df09d0fc6672c3d5847bcaefddca

SHA256
6b1de0fdab51c6242898085fa074088c6a602ea8070059ec0749a8e0d44bfc05

SHA512
7475726e4ad8e8024d1ac33a4adcf3caf4ee72d878352be28d5939d5f1addd6c4a26b5743e3ed7012ef7c5cd5b4e20871cc6480ac90a25569fa232a0555e12be

Download Submit
C:\Windows\System32\iDOqTkw.exe

Filesize
3.3MB

MD5
97569e473ef38bacdb16649b414850a4

SHA1
1e10f44b472b3c68897bbf6958f18ea5d1640727

SHA256
9a0fcd7eda2be879bb17503bade99401cba47f3bb631ba7f55c6ec1428d9274a

SHA512
6a4ff4802bce44f6b71ddbf2b828d6990e71b06480fbcccada9d0121c5f5aafb693769a6fe6c75e62596c02e99cd2d20f41c550f6f722b394906cacee02c8561

Download Submit
C:\Windows\System32\iGELvWH.exe

Filesize
3.3MB

MD5
f34fa4a7977988838207f12b31161b86

SHA1
5a6b2d33d339b353199b0bf5c385ed4f3f9cfa42

SHA256
04b70e85d7668eb18dbc914556fdd9cb44c541211269c7dfdd71078bb9c6c1a9

SHA512
b14b26184642142b311f61d285adcc8fdc6a5a66dc6e1f434d3abfb28fa19dd3a2404fa44e241f4abd5a7a4b6c041d1d551e0df3acacba56d67e1097a810ad61

Download Submit
C:\Windows\System32\lORsNHb.exe

Filesize
3.3MB

MD5
ff15ab9f60cf2a8a8c060f94787be431

SHA1
9044bffb7b1237cd411d89d4edade25bc45f59a2

SHA256
c67b56db0ff668ef799e3845d85eb7934a99488be2286d0741653d7f8aaca878

SHA512
58ad7b244e04dde1afd6dc65eb33e717c5f838fd38b73767ffab191880935c80036e661bf86f87ccedc7087188eb19769f9016bf41e4809085a3702c500401bd

Download Submit
C:\Windows\System32\oJlSsCG.exe

Filesize
3.3MB

MD5
ff6fc3548ee191454ffd93775a3fce60

SHA1
da4f373f8558ac7347b0265375c6b07ba211af94

SHA256
b27b28d718da2bea44bdba60451cc088b35e52c626010115d40a35b59adad15b

SHA512
01e8a8bde8063ca432f0a34f391f0d60cb7be30aa280f9c39f0d992cf603de770000a756161710b3cd9466838fead8c8eb71bb73a774d0c1625d3f9e61259817

Download Submit
C:\Windows\System32\prhxlPG.exe

Filesize
3.3MB

MD5
5a05daec07ba8a13e1e64ff9b6cd8f30

SHA1
bad5b383f5ac6281e9518f9417ea0f32ce53eb46

SHA256
6512c92f4da18e462626af1d51678aa30bf8b6ce7b897d1a82c646f319d3bdc0

SHA512
b0180872c16df89ae062c940516d88264d03e42c0da43161fb8521970a22d6b307b448a3f9f1abf58f942a035ecda29059a02e45912e39773bff0c72ef41b003

Download Submit
C:\Windows\System32\qgDbFys.exe

Filesize
3.3MB

MD5
0134e1c470723308b5d4f0aec1eb832c

SHA1
ad60d0bd613d85df8969240dca7e804b8b3f2474

SHA256
1600c2f483401f7366fad077fb16f727b8a25c246f0331da156ecd437f3d4102

SHA512
4c94bbab13a689e9d2a153846944239647616191a69fa9325c33ae184624084eb046f46222b74af3dd9dd8318862857c33689ee162b0aa8e5a0fea902f9b4776

Download Submit
C:\Windows\System32\tmNEPtY.exe

Filesize
3.3MB

MD5
a84d5df1632726936bfa04c803133474

SHA1
3a0038d7544300307fc9f3ec6c4d7fafb2dcc7a7

SHA256
762591348b3b2750e55e59f0aeacaffd72336df7cb3656e671f453dcc5cd041f

SHA512
69ee87095064d3149fb3ad5b8db231e997b28c3f5f192d7ce42557ca4dc6c156262e053edac82874508dc038dee12e60f2eef6872b9b4cc9c4aaf8714ea47b03

Download Submit
C:\Windows\System32\tzDoses.exe

Filesize
3.3MB

MD5
f41b4b7902ed4e91a6b37bcec8bc43fb

SHA1
561690010c5116bac51a531252e3f084c0a88a1c

SHA256
a42e11f1550ec732004c8ee175641ae47dc3cba4423b8a723265a274d78daca6

SHA512
213c254b39d07d92d942c97d1441f75173657ed7aa7d027d8edf47ede40f44310109317a156965145ed865907aa95b438fa501a4becfe89d3744f809c24ddb8c

Download Submit
C:\Windows\System32\wlMKPsa.exe

Filesize
3.3MB

MD5
5d6bdc9fd0b0808841fa78bb56d40444

SHA1
3b4bbb74d86fbfc51c7a6d8edb51a2da630d66b0

SHA256
25a657af0ab6169250dd48ae2eff102d30ad25aa3e0b2be81a858c40af44bee2

SHA512
e9941a8fc51e3e1703dfed72de4bbad9939fd232eabcbb1a220c77024901a23bd62e9cb5e1bf3f9945e98b4c28bf9a69f6b89d5e2e23a627bf1b673173c137de

Download Submit
C:\Windows\System32\xnSHejQ.exe

Filesize
3.3MB

MD5
545d7f5571d8cb8c30620b2287715d5a

SHA1
b46b4b06ac568f79a95d74306c83e05d53359223

SHA256
20c7848df3734e017b6dfe2d706c5941c0ed2b35859f9d1273416efec2e0c795

SHA512
33e9514f106eb4912ac33016ccb1dd3c085427f5cbe489a99e2c168005d1896d8d76115aaf5e1d91259caccd3fec40f4c6b13768b9de7872fda2489ea22b8faa

Download Submit
memory/116-14-0x00007FF60A1F0000-0x00007FF60A5E5000-memory.dmp

Filesize
4.0MB

Download
memory/116-1875-0x00007FF60A1F0000-0x00007FF60A5E5000-memory.dmp

Filesize
4.0MB

Download
memory/428-837-0x00007FF6427B0000-0x00007FF642BA5000-memory.dmp

Filesize
4.0MB

Download
memory/428-1895-0x00007FF6427B0000-0x00007FF642BA5000-memory.dmp

Filesize
4.0MB

Download
memory/456-850-0x00007FF7120B0000-0x00007FF7124A5000-memory.dmp

Filesize
4.0MB

Download
memory/456-1880-0x00007FF7120B0000-0x00007FF7124A5000-memory.dmp

Filesize
4.0MB

Download
memory/532-749-0x00007FF65C950000-0x00007FF65CD45000-memory.dmp

Filesize
4.0MB

Download
memory/532-1879-0x00007FF65C950000-0x00007FF65CD45000-memory.dmp

Filesize
4.0MB

Download
memory/1372-1873-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp

Filesize
4.0MB

Download
memory/1372-1874-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp

Filesize
4.0MB

Download
memory/1372-6-0x00007FF6C2090000-0x00007FF6C2485000-memory.dmp

Filesize
4.0MB

Download
memory/1412-1890-0x00007FF782940000-0x00007FF782D35000-memory.dmp

Filesize
4.0MB

Download
memory/1412-846-0x00007FF782940000-0x00007FF782D35000-memory.dmp

Filesize
4.0MB

Download
memory/1444-841-0x00007FF79EAE0000-0x00007FF79EED5000-memory.dmp

Filesize
4.0MB

Download
memory/1444-1897-0x00007FF79EAE0000-0x00007FF79EED5000-memory.dmp

Filesize
4.0MB

Download
memory/1740-1892-0x00007FF65C5E0000-0x00007FF65C9D5000-memory.dmp

Filesize
4.0MB

Download
memory/1740-785-0x00007FF65C5E0000-0x00007FF65C9D5000-memory.dmp

Filesize
4.0MB

Download
memory/1840-1888-0x00007FF7D0ED0000-0x00007FF7D12C5000-memory.dmp

Filesize
4.0MB

Download
memory/1840-789-0x00007FF7D0ED0000-0x00007FF7D12C5000-memory.dmp

Filesize
4.0MB

Download
memory/1964-1891-0x00007FF74DD80000-0x00007FF74E175000-memory.dmp

Filesize
4.0MB

Download
memory/1964-845-0x00007FF74DD80000-0x00007FF74E175000-memory.dmp

Filesize
4.0MB

Download
memory/2104-778-0x00007FF7F8D20000-0x00007FF7F9115000-memory.dmp

Filesize
4.0MB

Download
memory/2104-1886-0x00007FF7F8D20000-0x00007FF7F9115000-memory.dmp

Filesize
4.0MB

Download
memory/2280-780-0x00007FF689120000-0x00007FF689515000-memory.dmp

Filesize
4.0MB

Download
memory/2280-1889-0x00007FF689120000-0x00007FF689515000-memory.dmp

Filesize
4.0MB

Download
memory/2644-1882-0x00007FF6F6350000-0x00007FF6F6745000-memory.dmp

Filesize
4.0MB

Download
memory/2644-763-0x00007FF6F6350000-0x00007FF6F6745000-memory.dmp

Filesize
4.0MB

Download
memory/2964-840-0x00007FF76D970000-0x00007FF76DD65000-memory.dmp

Filesize
4.0MB

Download
memory/2964-1894-0x00007FF76D970000-0x00007FF76DD65000-memory.dmp

Filesize
4.0MB

Download
memory/3456-1883-0x00007FF762370000-0x00007FF762765000-memory.dmp

Filesize
4.0MB

Download
memory/3456-774-0x00007FF762370000-0x00007FF762765000-memory.dmp

Filesize
4.0MB

Download
memory/3620-782-0x00007FF604780000-0x00007FF604B75000-memory.dmp

Filesize
4.0MB

Download
memory/3620-1887-0x00007FF604780000-0x00007FF604B75000-memory.dmp

Filesize
4.0MB

Download
memory/3664-1881-0x00007FF7F1B80000-0x00007FF7F1F75000-memory.dmp

Filesize
4.0MB

Download
memory/3664-759-0x00007FF7F1B80000-0x00007FF7F1F75000-memory.dmp

Filesize
4.0MB

Download
memory/3696-1876-0x00007FF70C5A0000-0x00007FF70C995000-memory.dmp

Filesize
4.0MB

Download
memory/3696-752-0x00007FF70C5A0000-0x00007FF70C995000-memory.dmp

Filesize
4.0MB

Download
memory/3944-1884-0x00007FF75A410000-0x00007FF75A805000-memory.dmp

Filesize
4.0MB

Download
memory/3944-772-0x00007FF75A410000-0x00007FF75A805000-memory.dmp

Filesize
4.0MB

Download
memory/3980-1885-0x00007FF7FBE00000-0x00007FF7FC1F5000-memory.dmp

Filesize
4.0MB

Download
memory/3980-767-0x00007FF7FBE00000-0x00007FF7FC1F5000-memory.dmp

Filesize
4.0MB

Download
memory/4112-1896-0x00007FF72F370000-0x00007FF72F765000-memory.dmp

Filesize
4.0MB

Download
memory/4112-793-0x00007FF72F370000-0x00007FF72F765000-memory.dmp

Filesize
4.0MB

Download
memory/4324-1877-0x00007FF627170000-0x00007FF627565000-memory.dmp

Filesize
4.0MB

Download
memory/4324-748-0x00007FF627170000-0x00007FF627565000-memory.dmp

Filesize
4.0MB

Download
memory/4388-0-0x00007FF7EA930000-0x00007FF7EAD25000-memory.dmp

Filesize
4.0MB

Download
memory/4388-1872-0x00007FF7EA930000-0x00007FF7EAD25000-memory.dmp

Filesize
4.0MB

Download
memory/4388-1-0x0000026CA9EE0000-0x0000026CA9EF0000-memory.dmp

Filesize
64KB

Download
memory/4472-847-0x00007FF6CEB20000-0x00007FF6CEF15000-memory.dmp

Filesize
4.0MB

Download
memory/4472-1893-0x00007FF6CEB20000-0x00007FF6CEF15000-memory.dmp

Filesize
4.0MB

Download
memory/5072-1878-0x00007FF7FA060000-0x00007FF7FA455000-memory.dmp

Filesize
4.0MB

Download
memory/5072-747-0x00007FF7FA060000-0x00007FF7FA455000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads