xmrig | c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042

Analysis

max time kernel
107s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
Size

2.9MB
MD5

0c2f549a122aa0ad24e3ffe22d19a4d9
SHA1

1dd527cd8da590ce33838daf94111a3f4acbea61
SHA256

c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042
SHA512

91205b5553039a0fdde1f4b0da3439f4fc5cb8269e10a6c79b003313cd8ed665004290ce9c6147b4540bf2220881e9133c61f7b6afd68e165257b029a9694581
SSDEEP

49152:N0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8Dz05aIwC+AUBsWsXu:N0GnJMOWPClFdx6e0EALKWVTffZiPAcv

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3652-0-0x00007FF70EF50000-0x00007FF70F345000-memory.dmp	UPX
behavioral2/files/0x00090000000233e2-6.dat	UPX
behavioral2/files/0x00080000000233f6-8.dat	UPX
behavioral2/files/0x00080000000233f5-11.dat	UPX
behavioral2/memory/3744-13-0x00007FF627C60000-0x00007FF628055000-memory.dmp	UPX
behavioral2/files/0x00070000000233f9-33.dat	UPX
behavioral2/files/0x00070000000233fb-43.dat	UPX
behavioral2/files/0x0007000000023404-86.dat	UPX
behavioral2/files/0x000700000002340b-123.dat	UPX
behavioral2/files/0x000700000002340f-143.dat	UPX
behavioral2/files/0x0007000000023413-163.dat	UPX
behavioral2/files/0x0007000000023412-158.dat	UPX
behavioral2/files/0x0007000000023411-153.dat	UPX
behavioral2/files/0x0007000000023410-148.dat	UPX
behavioral2/files/0x000700000002340e-138.dat	UPX
behavioral2/files/0x000700000002340d-133.dat	UPX
behavioral2/files/0x000700000002340c-128.dat	UPX
behavioral2/files/0x000700000002340a-118.dat	UPX
behavioral2/files/0x0007000000023409-113.dat	UPX
behavioral2/files/0x0007000000023408-108.dat	UPX
behavioral2/files/0x0007000000023407-103.dat	UPX
behavioral2/files/0x0007000000023406-98.dat	UPX
behavioral2/files/0x0007000000023405-93.dat	UPX
behavioral2/files/0x0007000000023403-83.dat	UPX
behavioral2/files/0x0007000000023402-78.dat	UPX
behavioral2/files/0x0007000000023401-73.dat	UPX
behavioral2/files/0x0007000000023400-68.dat	UPX
behavioral2/files/0x00070000000233ff-63.dat	UPX
behavioral2/files/0x00070000000233fe-58.dat	UPX
behavioral2/files/0x00070000000233fd-53.dat	UPX
behavioral2/files/0x00070000000233fc-48.dat	UPX
behavioral2/files/0x00070000000233fa-38.dat	UPX
behavioral2/files/0x00070000000233f8-28.dat	UPX
behavioral2/files/0x00070000000233f7-23.dat	UPX
behavioral2/memory/2564-15-0x00007FF6EE830000-0x00007FF6EEC25000-memory.dmp	UPX
behavioral2/memory/4696-851-0x00007FF72F4F0000-0x00007FF72F8E5000-memory.dmp	UPX
behavioral2/memory/1128-858-0x00007FF73A1C0000-0x00007FF73A5B5000-memory.dmp	UPX
behavioral2/memory/3544-865-0x00007FF6653E0000-0x00007FF6657D5000-memory.dmp	UPX
behavioral2/memory/4688-871-0x00007FF625670000-0x00007FF625A65000-memory.dmp	UPX
behavioral2/memory/4920-878-0x00007FF634610000-0x00007FF634A05000-memory.dmp	UPX
behavioral2/memory/2208-881-0x00007FF656670000-0x00007FF656A65000-memory.dmp	UPX
behavioral2/memory/1348-884-0x00007FF782420000-0x00007FF782815000-memory.dmp	UPX
behavioral2/memory/3808-887-0x00007FF679A70000-0x00007FF679E65000-memory.dmp	UPX
behavioral2/memory/1936-889-0x00007FF67BF00000-0x00007FF67C2F5000-memory.dmp	UPX
behavioral2/memory/2760-893-0x00007FF6BFF10000-0x00007FF6C0305000-memory.dmp	UPX
behavioral2/memory/5044-894-0x00007FF6078E0000-0x00007FF607CD5000-memory.dmp	UPX
behavioral2/memory/5028-890-0x00007FF718EE0000-0x00007FF7192D5000-memory.dmp	UPX
behavioral2/memory/3552-899-0x00007FF72EBC0000-0x00007FF72EFB5000-memory.dmp	UPX
behavioral2/memory/3924-900-0x00007FF61C030000-0x00007FF61C425000-memory.dmp	UPX
behavioral2/memory/1196-902-0x00007FF64AC60000-0x00007FF64B055000-memory.dmp	UPX
behavioral2/memory/4080-903-0x00007FF7A0F30000-0x00007FF7A1325000-memory.dmp	UPX
behavioral2/memory/3524-904-0x00007FF624AA0000-0x00007FF624E95000-memory.dmp	UPX
behavioral2/memory/4992-905-0x00007FF602300000-0x00007FF6026F5000-memory.dmp	UPX
behavioral2/memory/3528-908-0x00007FF7E9C10000-0x00007FF7EA005000-memory.dmp	UPX
behavioral2/memory/4028-901-0x00007FF6A44F0000-0x00007FF6A48E5000-memory.dmp	UPX
behavioral2/memory/4636-888-0x00007FF7C7020000-0x00007FF7C7415000-memory.dmp	UPX
behavioral2/memory/1968-886-0x00007FF636350000-0x00007FF636745000-memory.dmp	UPX
behavioral2/memory/3652-1927-0x00007FF70EF50000-0x00007FF70F345000-memory.dmp	UPX
behavioral2/memory/3744-1928-0x00007FF627C60000-0x00007FF628055000-memory.dmp	UPX
behavioral2/memory/3744-1929-0x00007FF627C60000-0x00007FF628055000-memory.dmp	UPX
behavioral2/memory/2564-1930-0x00007FF6EE830000-0x00007FF6EEC25000-memory.dmp	UPX
behavioral2/memory/4688-1931-0x00007FF625670000-0x00007FF625A65000-memory.dmp	UPX
behavioral2/memory/4696-1933-0x00007FF72F4F0000-0x00007FF72F8E5000-memory.dmp	UPX
behavioral2/memory/1128-1934-0x00007FF73A1C0000-0x00007FF73A5B5000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3652-0-0x00007FF70EF50000-0x00007FF70F345000-memory.dmp	xmrig
behavioral2/files/0x00090000000233e2-6.dat	xmrig
behavioral2/files/0x00080000000233f6-8.dat	xmrig
behavioral2/files/0x00080000000233f5-11.dat	xmrig
behavioral2/memory/3744-13-0x00007FF627C60000-0x00007FF628055000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f9-33.dat	xmrig
behavioral2/files/0x00070000000233fb-43.dat	xmrig
behavioral2/files/0x0007000000023404-86.dat	xmrig
behavioral2/files/0x000700000002340b-123.dat	xmrig
behavioral2/files/0x000700000002340f-143.dat	xmrig
behavioral2/files/0x0007000000023413-163.dat	xmrig
behavioral2/files/0x0007000000023412-158.dat	xmrig
behavioral2/files/0x0007000000023411-153.dat	xmrig
behavioral2/files/0x0007000000023410-148.dat	xmrig
behavioral2/files/0x000700000002340e-138.dat	xmrig
behavioral2/files/0x000700000002340d-133.dat	xmrig
behavioral2/files/0x000700000002340c-128.dat	xmrig
behavioral2/files/0x000700000002340a-118.dat	xmrig
behavioral2/files/0x0007000000023409-113.dat	xmrig
behavioral2/files/0x0007000000023408-108.dat	xmrig
behavioral2/files/0x0007000000023407-103.dat	xmrig
behavioral2/files/0x0007000000023406-98.dat	xmrig
behavioral2/files/0x0007000000023405-93.dat	xmrig
behavioral2/files/0x0007000000023403-83.dat	xmrig
behavioral2/files/0x0007000000023402-78.dat	xmrig
behavioral2/files/0x0007000000023401-73.dat	xmrig
behavioral2/files/0x0007000000023400-68.dat	xmrig
behavioral2/files/0x00070000000233ff-63.dat	xmrig
behavioral2/files/0x00070000000233fe-58.dat	xmrig
behavioral2/files/0x00070000000233fd-53.dat	xmrig
behavioral2/files/0x00070000000233fc-48.dat	xmrig
behavioral2/files/0x00070000000233fa-38.dat	xmrig
behavioral2/files/0x00070000000233f8-28.dat	xmrig
behavioral2/files/0x00070000000233f7-23.dat	xmrig
behavioral2/memory/2564-15-0x00007FF6EE830000-0x00007FF6EEC25000-memory.dmp	xmrig
behavioral2/memory/4696-851-0x00007FF72F4F0000-0x00007FF72F8E5000-memory.dmp	xmrig
behavioral2/memory/1128-858-0x00007FF73A1C0000-0x00007FF73A5B5000-memory.dmp	xmrig
behavioral2/memory/3544-865-0x00007FF6653E0000-0x00007FF6657D5000-memory.dmp	xmrig
behavioral2/memory/4688-871-0x00007FF625670000-0x00007FF625A65000-memory.dmp	xmrig
behavioral2/memory/4920-878-0x00007FF634610000-0x00007FF634A05000-memory.dmp	xmrig
behavioral2/memory/2208-881-0x00007FF656670000-0x00007FF656A65000-memory.dmp	xmrig
behavioral2/memory/1348-884-0x00007FF782420000-0x00007FF782815000-memory.dmp	xmrig
behavioral2/memory/3808-887-0x00007FF679A70000-0x00007FF679E65000-memory.dmp	xmrig
behavioral2/memory/1936-889-0x00007FF67BF00000-0x00007FF67C2F5000-memory.dmp	xmrig
behavioral2/memory/2760-893-0x00007FF6BFF10000-0x00007FF6C0305000-memory.dmp	xmrig
behavioral2/memory/5044-894-0x00007FF6078E0000-0x00007FF607CD5000-memory.dmp	xmrig
behavioral2/memory/5028-890-0x00007FF718EE0000-0x00007FF7192D5000-memory.dmp	xmrig
behavioral2/memory/3552-899-0x00007FF72EBC0000-0x00007FF72EFB5000-memory.dmp	xmrig
behavioral2/memory/3924-900-0x00007FF61C030000-0x00007FF61C425000-memory.dmp	xmrig
behavioral2/memory/1196-902-0x00007FF64AC60000-0x00007FF64B055000-memory.dmp	xmrig
behavioral2/memory/4080-903-0x00007FF7A0F30000-0x00007FF7A1325000-memory.dmp	xmrig
behavioral2/memory/3524-904-0x00007FF624AA0000-0x00007FF624E95000-memory.dmp	xmrig
behavioral2/memory/4992-905-0x00007FF602300000-0x00007FF6026F5000-memory.dmp	xmrig
behavioral2/memory/3528-908-0x00007FF7E9C10000-0x00007FF7EA005000-memory.dmp	xmrig
behavioral2/memory/4028-901-0x00007FF6A44F0000-0x00007FF6A48E5000-memory.dmp	xmrig
behavioral2/memory/4636-888-0x00007FF7C7020000-0x00007FF7C7415000-memory.dmp	xmrig
behavioral2/memory/1968-886-0x00007FF636350000-0x00007FF636745000-memory.dmp	xmrig
behavioral2/memory/3652-1927-0x00007FF70EF50000-0x00007FF70F345000-memory.dmp	xmrig
behavioral2/memory/3744-1928-0x00007FF627C60000-0x00007FF628055000-memory.dmp	xmrig
behavioral2/memory/3744-1929-0x00007FF627C60000-0x00007FF628055000-memory.dmp	xmrig
behavioral2/memory/2564-1930-0x00007FF6EE830000-0x00007FF6EEC25000-memory.dmp	xmrig
behavioral2/memory/4688-1931-0x00007FF625670000-0x00007FF625A65000-memory.dmp	xmrig
behavioral2/memory/4696-1933-0x00007FF72F4F0000-0x00007FF72F8E5000-memory.dmp	xmrig
behavioral2/memory/1128-1934-0x00007FF73A1C0000-0x00007FF73A5B5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3744	ozvrhjl.exe
2564	vZTwDcW.exe
4696	XlgJnIA.exe
1128	iZHzwRN.exe
3544	SLKodZe.exe
4688	NinCpeU.exe
4920	KATjQiB.exe
2208	QLBiQZG.exe
1348	ESXXaBE.exe
1968	QrwJzZc.exe
3808	zQlfJfV.exe
4636	XFVljbB.exe
1936	cvsUgRo.exe
5028	yFHVcrw.exe
2760	IzfvYJs.exe
5044	lqhmFpV.exe
3552	hTCzOLq.exe
3924	jAewmLI.exe
4028	vBfKqmk.exe
1196	NctQYZx.exe
4080	ZRiqEiu.exe
3524	ldPULwk.exe
4992	IQkzOSA.exe
3528	YFworuB.exe
3444	PvGfMup.exe
2400	mGLTEfD.exe
2700	UvkQWuD.exe
4312	pXJQDVy.exe
2284	mYNqQjE.exe
4488	bfgOCLN.exe
2724	BoFUjag.exe
3296	FPYNujp.exe
2508	MlUyxgj.exe
3980	FUFNGwC.exe
3724	VCJZIWR.exe
2896	dYNoxUx.exe
3432	uSHuGjD.exe
3640	jsOkwfM.exe
3476	stQzcgo.exe
5048	urboJbS.exe
4516	BZHDMTo.exe
456	pCQOJAu.exe
4236	DRVFUti.exe
2320	ezjFSaF.exe
4604	KUcSQpF.exe
3660	HRaPbzg.exe
2420	xXDhlMS.exe
4000	GTcPmwi.exe
4364	IhIRkTr.exe
2600	wWXvlxQ.exe
3584	RTIUTgS.exe
772	XZohcHG.exe
2388	xKGzdOB.exe
4872	SXfBNQv.exe
3892	wVDSbwU.exe
2856	ZwqajKF.exe
5068	IhnQBYU.exe
1808	ayGneDq.exe
1260	MCfRuhR.exe
4256	PTwBBGZ.exe
4208	vQkEPyX.exe
396	RnSDfGR.exe
4632	MYKZyBl.exe
1692	rOzlDDh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3652-0-0x00007FF70EF50000-0x00007FF70F345000-memory.dmp	upx
behavioral2/files/0x00090000000233e2-6.dat	upx
behavioral2/files/0x00080000000233f6-8.dat	upx
behavioral2/files/0x00080000000233f5-11.dat	upx
behavioral2/memory/3744-13-0x00007FF627C60000-0x00007FF628055000-memory.dmp	upx
behavioral2/files/0x00070000000233f9-33.dat	upx
behavioral2/files/0x00070000000233fb-43.dat	upx
behavioral2/files/0x0007000000023404-86.dat	upx
behavioral2/files/0x000700000002340b-123.dat	upx
behavioral2/files/0x000700000002340f-143.dat	upx
behavioral2/files/0x0007000000023413-163.dat	upx
behavioral2/files/0x0007000000023412-158.dat	upx
behavioral2/files/0x0007000000023411-153.dat	upx
behavioral2/files/0x0007000000023410-148.dat	upx
behavioral2/files/0x000700000002340e-138.dat	upx
behavioral2/files/0x000700000002340d-133.dat	upx
behavioral2/files/0x000700000002340c-128.dat	upx
behavioral2/files/0x000700000002340a-118.dat	upx
behavioral2/files/0x0007000000023409-113.dat	upx
behavioral2/files/0x0007000000023408-108.dat	upx
behavioral2/files/0x0007000000023407-103.dat	upx
behavioral2/files/0x0007000000023406-98.dat	upx
behavioral2/files/0x0007000000023405-93.dat	upx
behavioral2/files/0x0007000000023403-83.dat	upx
behavioral2/files/0x0007000000023402-78.dat	upx
behavioral2/files/0x0007000000023401-73.dat	upx
behavioral2/files/0x0007000000023400-68.dat	upx
behavioral2/files/0x00070000000233ff-63.dat	upx
behavioral2/files/0x00070000000233fe-58.dat	upx
behavioral2/files/0x00070000000233fd-53.dat	upx
behavioral2/files/0x00070000000233fc-48.dat	upx
behavioral2/files/0x00070000000233fa-38.dat	upx
behavioral2/files/0x00070000000233f8-28.dat	upx
behavioral2/files/0x00070000000233f7-23.dat	upx
behavioral2/memory/2564-15-0x00007FF6EE830000-0x00007FF6EEC25000-memory.dmp	upx
behavioral2/memory/4696-851-0x00007FF72F4F0000-0x00007FF72F8E5000-memory.dmp	upx
behavioral2/memory/1128-858-0x00007FF73A1C0000-0x00007FF73A5B5000-memory.dmp	upx
behavioral2/memory/3544-865-0x00007FF6653E0000-0x00007FF6657D5000-memory.dmp	upx
behavioral2/memory/4688-871-0x00007FF625670000-0x00007FF625A65000-memory.dmp	upx
behavioral2/memory/4920-878-0x00007FF634610000-0x00007FF634A05000-memory.dmp	upx
behavioral2/memory/2208-881-0x00007FF656670000-0x00007FF656A65000-memory.dmp	upx
behavioral2/memory/1348-884-0x00007FF782420000-0x00007FF782815000-memory.dmp	upx
behavioral2/memory/3808-887-0x00007FF679A70000-0x00007FF679E65000-memory.dmp	upx
behavioral2/memory/1936-889-0x00007FF67BF00000-0x00007FF67C2F5000-memory.dmp	upx
behavioral2/memory/2760-893-0x00007FF6BFF10000-0x00007FF6C0305000-memory.dmp	upx
behavioral2/memory/5044-894-0x00007FF6078E0000-0x00007FF607CD5000-memory.dmp	upx
behavioral2/memory/5028-890-0x00007FF718EE0000-0x00007FF7192D5000-memory.dmp	upx
behavioral2/memory/3552-899-0x00007FF72EBC0000-0x00007FF72EFB5000-memory.dmp	upx
behavioral2/memory/3924-900-0x00007FF61C030000-0x00007FF61C425000-memory.dmp	upx
behavioral2/memory/1196-902-0x00007FF64AC60000-0x00007FF64B055000-memory.dmp	upx
behavioral2/memory/4080-903-0x00007FF7A0F30000-0x00007FF7A1325000-memory.dmp	upx
behavioral2/memory/3524-904-0x00007FF624AA0000-0x00007FF624E95000-memory.dmp	upx
behavioral2/memory/4992-905-0x00007FF602300000-0x00007FF6026F5000-memory.dmp	upx
behavioral2/memory/3528-908-0x00007FF7E9C10000-0x00007FF7EA005000-memory.dmp	upx
behavioral2/memory/4028-901-0x00007FF6A44F0000-0x00007FF6A48E5000-memory.dmp	upx
behavioral2/memory/4636-888-0x00007FF7C7020000-0x00007FF7C7415000-memory.dmp	upx
behavioral2/memory/1968-886-0x00007FF636350000-0x00007FF636745000-memory.dmp	upx
behavioral2/memory/3652-1927-0x00007FF70EF50000-0x00007FF70F345000-memory.dmp	upx
behavioral2/memory/3744-1928-0x00007FF627C60000-0x00007FF628055000-memory.dmp	upx
behavioral2/memory/3744-1929-0x00007FF627C60000-0x00007FF628055000-memory.dmp	upx
behavioral2/memory/2564-1930-0x00007FF6EE830000-0x00007FF6EEC25000-memory.dmp	upx
behavioral2/memory/4688-1931-0x00007FF625670000-0x00007FF625A65000-memory.dmp	upx
behavioral2/memory/4696-1933-0x00007FF72F4F0000-0x00007FF72F8E5000-memory.dmp	upx
behavioral2/memory/1128-1934-0x00007FF73A1C0000-0x00007FF73A5B5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\xXDhlMS.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\edXaACA.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\vYrUpCg.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\NxLWubX.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\lpopICP.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\wDathUt.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\rHBOgad.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\MlUyxgj.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\DRVFUti.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\KZUUQyQ.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\KDZOSwo.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\EIuzhDe.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\HHZodOR.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\NnGpfZP.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\lgEZErt.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\GUuqRaj.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\kJjNXvQ.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\FxpKsoe.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\ESXXaBE.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\lHgPCsQ.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\CmqcAHM.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\aqjNEbV.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\lSGKJVp.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\ucMzAWu.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\KQWgtlr.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\bGRKfgi.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\ISSXXDd.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\KuxBpnX.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\tWhToHP.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\rNBpgnP.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\LSKiXhm.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\ZaAIwnx.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\tBivvkW.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\FPYNujp.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\wESOJDv.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\MjqUJgQ.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\WNzUkLZ.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\SGAoDHm.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\CEXKQvu.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\LpRcacU.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\GvrYbql.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\nUJcevS.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\qVhsmch.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\duIVLKI.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\vBfKqmk.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\uSHuGjD.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\urboJbS.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\EsyrEhn.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\WUXorFS.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\ioCRzSJ.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\GcIAbNc.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\KUFBAnW.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\yDlqjEL.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\NVxorje.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\sZADFGb.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\PvGfMup.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\mdxjFbq.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\VJXQGbF.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\xqHAqFX.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\JooIaPh.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\iWIqpYT.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\EOXntPM.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\jWFACXc.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
File created	C:\Windows\System32\rzaKSVn.exe	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	10168	dwm.exe
Token: SeChangeNotifyPrivilege	10168	dwm.exe
Token: 33	10168	dwm.exe
Token: SeIncBasePriorityPrivilege	10168	dwm.exe
Token: SeShutdownPrivilege	10168	dwm.exe
Token: SeCreatePagefilePrivilege	10168	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 3744	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	82
PID 3652 wrote to memory of 3744	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	82
PID 3652 wrote to memory of 2564	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	83
PID 3652 wrote to memory of 2564	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	83
PID 3652 wrote to memory of 4696	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	84
PID 3652 wrote to memory of 4696	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	84
PID 3652 wrote to memory of 1128	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	85
PID 3652 wrote to memory of 1128	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	85
PID 3652 wrote to memory of 3544	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	86
PID 3652 wrote to memory of 3544	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	86
PID 3652 wrote to memory of 4688	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	87
PID 3652 wrote to memory of 4688	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	87
PID 3652 wrote to memory of 4920	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	88
PID 3652 wrote to memory of 4920	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	88
PID 3652 wrote to memory of 2208	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	89
PID 3652 wrote to memory of 2208	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	89
PID 3652 wrote to memory of 1348	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	90
PID 3652 wrote to memory of 1348	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	90
PID 3652 wrote to memory of 1968	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	91
PID 3652 wrote to memory of 1968	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	91
PID 3652 wrote to memory of 3808	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	92
PID 3652 wrote to memory of 3808	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	92
PID 3652 wrote to memory of 4636	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	93
PID 3652 wrote to memory of 4636	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	93
PID 3652 wrote to memory of 1936	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	94
PID 3652 wrote to memory of 1936	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	94
PID 3652 wrote to memory of 5028	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	95
PID 3652 wrote to memory of 5028	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	95
PID 3652 wrote to memory of 2760	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	96
PID 3652 wrote to memory of 2760	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	96
PID 3652 wrote to memory of 5044	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	97
PID 3652 wrote to memory of 5044	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	97
PID 3652 wrote to memory of 3552	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	98
PID 3652 wrote to memory of 3552	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	98
PID 3652 wrote to memory of 3924	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	99
PID 3652 wrote to memory of 3924	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	99
PID 3652 wrote to memory of 4028	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	100
PID 3652 wrote to memory of 4028	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	100
PID 3652 wrote to memory of 1196	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	101
PID 3652 wrote to memory of 1196	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	101
PID 3652 wrote to memory of 4080	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	102
PID 3652 wrote to memory of 4080	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	102
PID 3652 wrote to memory of 3524	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	103
PID 3652 wrote to memory of 3524	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	103
PID 3652 wrote to memory of 4992	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	104
PID 3652 wrote to memory of 4992	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	104
PID 3652 wrote to memory of 3528	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	105
PID 3652 wrote to memory of 3528	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	105
PID 3652 wrote to memory of 3444	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	106
PID 3652 wrote to memory of 3444	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	106
PID 3652 wrote to memory of 2400	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	107
PID 3652 wrote to memory of 2400	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	107
PID 3652 wrote to memory of 2700	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	108
PID 3652 wrote to memory of 2700	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	108
PID 3652 wrote to memory of 4312	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	109
PID 3652 wrote to memory of 4312	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	109
PID 3652 wrote to memory of 2284	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	110
PID 3652 wrote to memory of 2284	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	110
PID 3652 wrote to memory of 4488	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	111
PID 3652 wrote to memory of 4488	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	111
PID 3652 wrote to memory of 2724	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	112
PID 3652 wrote to memory of 2724	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	112
PID 3652 wrote to memory of 3296	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	113
PID 3652 wrote to memory of 3296	3652	c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe	113

C:\Users\Admin\AppData\Local\Temp\c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe
"C:\Users\Admin\AppData\Local\Temp\c2db6140bad5e5b9b4d76906d481d14c7e101e384443581cc110f8a1c7a12042.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Windows\System32\ozvrhjl.exe
  C:\Windows\System32\ozvrhjl.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System32\vZTwDcW.exe
  C:\Windows\System32\vZTwDcW.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System32\XlgJnIA.exe
  C:\Windows\System32\XlgJnIA.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System32\iZHzwRN.exe
  C:\Windows\System32\iZHzwRN.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System32\SLKodZe.exe
  C:\Windows\System32\SLKodZe.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System32\NinCpeU.exe
  C:\Windows\System32\NinCpeU.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System32\KATjQiB.exe
  C:\Windows\System32\KATjQiB.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System32\QLBiQZG.exe
  C:\Windows\System32\QLBiQZG.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System32\ESXXaBE.exe
  C:\Windows\System32\ESXXaBE.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System32\QrwJzZc.exe
  C:\Windows\System32\QrwJzZc.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System32\zQlfJfV.exe
  C:\Windows\System32\zQlfJfV.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System32\XFVljbB.exe
  C:\Windows\System32\XFVljbB.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System32\cvsUgRo.exe
  C:\Windows\System32\cvsUgRo.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System32\yFHVcrw.exe
  C:\Windows\System32\yFHVcrw.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\IzfvYJs.exe
  C:\Windows\System32\IzfvYJs.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System32\lqhmFpV.exe
  C:\Windows\System32\lqhmFpV.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System32\hTCzOLq.exe
  C:\Windows\System32\hTCzOLq.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System32\jAewmLI.exe
  C:\Windows\System32\jAewmLI.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System32\vBfKqmk.exe
  C:\Windows\System32\vBfKqmk.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System32\NctQYZx.exe
  C:\Windows\System32\NctQYZx.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System32\ZRiqEiu.exe
  C:\Windows\System32\ZRiqEiu.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System32\ldPULwk.exe
  C:\Windows\System32\ldPULwk.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System32\IQkzOSA.exe
  C:\Windows\System32\IQkzOSA.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System32\YFworuB.exe
  C:\Windows\System32\YFworuB.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System32\PvGfMup.exe
  C:\Windows\System32\PvGfMup.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System32\mGLTEfD.exe
  C:\Windows\System32\mGLTEfD.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System32\UvkQWuD.exe
  C:\Windows\System32\UvkQWuD.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System32\pXJQDVy.exe
  C:\Windows\System32\pXJQDVy.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System32\mYNqQjE.exe
  C:\Windows\System32\mYNqQjE.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System32\bfgOCLN.exe
  C:\Windows\System32\bfgOCLN.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System32\BoFUjag.exe
  C:\Windows\System32\BoFUjag.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System32\FPYNujp.exe
  C:\Windows\System32\FPYNujp.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System32\MlUyxgj.exe
  C:\Windows\System32\MlUyxgj.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System32\FUFNGwC.exe
  C:\Windows\System32\FUFNGwC.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System32\VCJZIWR.exe
  C:\Windows\System32\VCJZIWR.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System32\dYNoxUx.exe
  C:\Windows\System32\dYNoxUx.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System32\uSHuGjD.exe
  C:\Windows\System32\uSHuGjD.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System32\jsOkwfM.exe
  C:\Windows\System32\jsOkwfM.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System32\stQzcgo.exe
  C:\Windows\System32\stQzcgo.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System32\urboJbS.exe
  C:\Windows\System32\urboJbS.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System32\BZHDMTo.exe
  C:\Windows\System32\BZHDMTo.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System32\pCQOJAu.exe
  C:\Windows\System32\pCQOJAu.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System32\DRVFUti.exe
  C:\Windows\System32\DRVFUti.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System32\ezjFSaF.exe
  C:\Windows\System32\ezjFSaF.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System32\KUcSQpF.exe
  C:\Windows\System32\KUcSQpF.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System32\HRaPbzg.exe
  C:\Windows\System32\HRaPbzg.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System32\xXDhlMS.exe
  C:\Windows\System32\xXDhlMS.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System32\GTcPmwi.exe
  C:\Windows\System32\GTcPmwi.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System32\IhIRkTr.exe
  C:\Windows\System32\IhIRkTr.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System32\wWXvlxQ.exe
  C:\Windows\System32\wWXvlxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System32\RTIUTgS.exe
  C:\Windows\System32\RTIUTgS.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System32\XZohcHG.exe
  C:\Windows\System32\XZohcHG.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System32\xKGzdOB.exe
  C:\Windows\System32\xKGzdOB.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System32\SXfBNQv.exe
  C:\Windows\System32\SXfBNQv.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\wVDSbwU.exe
  C:\Windows\System32\wVDSbwU.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System32\ZwqajKF.exe
  C:\Windows\System32\ZwqajKF.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System32\IhnQBYU.exe
  C:\Windows\System32\IhnQBYU.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System32\ayGneDq.exe
  C:\Windows\System32\ayGneDq.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System32\MCfRuhR.exe
  C:\Windows\System32\MCfRuhR.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System32\PTwBBGZ.exe
  C:\Windows\System32\PTwBBGZ.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System32\vQkEPyX.exe
  C:\Windows\System32\vQkEPyX.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System32\RnSDfGR.exe
  C:\Windows\System32\RnSDfGR.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System32\MYKZyBl.exe
  C:\Windows\System32\MYKZyBl.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System32\rOzlDDh.exe
  C:\Windows\System32\rOzlDDh.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System32\vEnovFI.exe
  C:\Windows\System32\vEnovFI.exe
  2⤵
  PID:2584
- C:\Windows\System32\yuJdFuP.exe
  C:\Windows\System32\yuJdFuP.exe
  2⤵
  PID:4496
- C:\Windows\System32\xzdMUjY.exe
  C:\Windows\System32\xzdMUjY.exe
  2⤵
  PID:1068
- C:\Windows\System32\KZUUQyQ.exe
  C:\Windows\System32\KZUUQyQ.exe
  2⤵
  PID:5108
- C:\Windows\System32\zOsUFOt.exe
  C:\Windows\System32\zOsUFOt.exe
  2⤵
  PID:4136
- C:\Windows\System32\YYjlxrj.exe
  C:\Windows\System32\YYjlxrj.exe
  2⤵
  PID:1596
- C:\Windows\System32\bFYFuQw.exe
  C:\Windows\System32\bFYFuQw.exe
  2⤵
  PID:1472
- C:\Windows\System32\MzStbUC.exe
  C:\Windows\System32\MzStbUC.exe
  2⤵
  PID:4476
- C:\Windows\System32\KDZOSwo.exe
  C:\Windows\System32\KDZOSwo.exe
  2⤵
  PID:1636
- C:\Windows\System32\edXaACA.exe
  C:\Windows\System32\edXaACA.exe
  2⤵
  PID:4988
- C:\Windows\System32\ypbonhp.exe
  C:\Windows\System32\ypbonhp.exe
  2⤵
  PID:4464
- C:\Windows\System32\ahNbLvO.exe
  C:\Windows\System32\ahNbLvO.exe
  2⤵
  PID:5056
- C:\Windows\System32\AgiRsPW.exe
  C:\Windows\System32\AgiRsPW.exe
  2⤵
  PID:5132
- C:\Windows\System32\bWQpeXW.exe
  C:\Windows\System32\bWQpeXW.exe
  2⤵
  PID:5160
- C:\Windows\System32\ueYMrxV.exe
  C:\Windows\System32\ueYMrxV.exe
  2⤵
  PID:5200
- C:\Windows\System32\rzaKSVn.exe
  C:\Windows\System32\rzaKSVn.exe
  2⤵
  PID:5216
- C:\Windows\System32\MSxMohc.exe
  C:\Windows\System32\MSxMohc.exe
  2⤵
  PID:5244
- C:\Windows\System32\WNzUkLZ.exe
  C:\Windows\System32\WNzUkLZ.exe
  2⤵
  PID:5272
- C:\Windows\System32\TqtNSid.exe
  C:\Windows\System32\TqtNSid.exe
  2⤵
  PID:5300
- C:\Windows\System32\OETrlgG.exe
  C:\Windows\System32\OETrlgG.exe
  2⤵
  PID:5328
- C:\Windows\System32\gstPTxg.exe
  C:\Windows\System32\gstPTxg.exe
  2⤵
  PID:5356
- C:\Windows\System32\EsyrEhn.exe
  C:\Windows\System32\EsyrEhn.exe
  2⤵
  PID:5384
- C:\Windows\System32\qzgJViD.exe
  C:\Windows\System32\qzgJViD.exe
  2⤵
  PID:5412
- C:\Windows\System32\guNSWoo.exe
  C:\Windows\System32\guNSWoo.exe
  2⤵
  PID:5440
- C:\Windows\System32\ivAbBBV.exe
  C:\Windows\System32\ivAbBBV.exe
  2⤵
  PID:5468
- C:\Windows\System32\VtSnqcH.exe
  C:\Windows\System32\VtSnqcH.exe
  2⤵
  PID:5496
- C:\Windows\System32\nmeZRUT.exe
  C:\Windows\System32\nmeZRUT.exe
  2⤵
  PID:5524
- C:\Windows\System32\tWhToHP.exe
  C:\Windows\System32\tWhToHP.exe
  2⤵
  PID:5552
- C:\Windows\System32\JqfabwO.exe
  C:\Windows\System32\JqfabwO.exe
  2⤵
  PID:5580
- C:\Windows\System32\wLdyWYH.exe
  C:\Windows\System32\wLdyWYH.exe
  2⤵
  PID:5608
- C:\Windows\System32\iVBWdvc.exe
  C:\Windows\System32\iVBWdvc.exe
  2⤵
  PID:5648
- C:\Windows\System32\qsLbnkW.exe
  C:\Windows\System32\qsLbnkW.exe
  2⤵
  PID:5664
- C:\Windows\System32\dMbutJP.exe
  C:\Windows\System32\dMbutJP.exe
  2⤵
  PID:5692
- C:\Windows\System32\GgDuHtI.exe
  C:\Windows\System32\GgDuHtI.exe
  2⤵
  PID:5720
- C:\Windows\System32\lrGDAOa.exe
  C:\Windows\System32\lrGDAOa.exe
  2⤵
  PID:5756
- C:\Windows\System32\BWZvCnB.exe
  C:\Windows\System32\BWZvCnB.exe
  2⤵
  PID:5776
- C:\Windows\System32\CRyCXSh.exe
  C:\Windows\System32\CRyCXSh.exe
  2⤵
  PID:5804
- C:\Windows\System32\ToRtCqD.exe
  C:\Windows\System32\ToRtCqD.exe
  2⤵
  PID:5832
- C:\Windows\System32\ktCtCnh.exe
  C:\Windows\System32\ktCtCnh.exe
  2⤵
  PID:5860
- C:\Windows\System32\DhpzneP.exe
  C:\Windows\System32\DhpzneP.exe
  2⤵
  PID:5888
- C:\Windows\System32\GXiCVFm.exe
  C:\Windows\System32\GXiCVFm.exe
  2⤵
  PID:5916
- C:\Windows\System32\TnFcTiF.exe
  C:\Windows\System32\TnFcTiF.exe
  2⤵
  PID:5944
- C:\Windows\System32\OXiIjpq.exe
  C:\Windows\System32\OXiIjpq.exe
  2⤵
  PID:5972
- C:\Windows\System32\QbUzmPp.exe
  C:\Windows\System32\QbUzmPp.exe
  2⤵
  PID:6000
- C:\Windows\System32\ggTGyTF.exe
  C:\Windows\System32\ggTGyTF.exe
  2⤵
  PID:6028
- C:\Windows\System32\uudbBjM.exe
  C:\Windows\System32\uudbBjM.exe
  2⤵
  PID:6056
- C:\Windows\System32\TgkENDv.exe
  C:\Windows\System32\TgkENDv.exe
  2⤵
  PID:6084
- C:\Windows\System32\shLgwBX.exe
  C:\Windows\System32\shLgwBX.exe
  2⤵
  PID:6112
- C:\Windows\System32\oKpZsZC.exe
  C:\Windows\System32\oKpZsZC.exe
  2⤵
  PID:6140
- C:\Windows\System32\NKEpStG.exe
  C:\Windows\System32\NKEpStG.exe
  2⤵
  PID:4100
- C:\Windows\System32\vuyGeYl.exe
  C:\Windows\System32\vuyGeYl.exe
  2⤵
  PID:1088
- C:\Windows\System32\xudWzZP.exe
  C:\Windows\System32\xudWzZP.exe
  2⤵
  PID:512
- C:\Windows\System32\gBUNReW.exe
  C:\Windows\System32\gBUNReW.exe
  2⤵
  PID:4532
- C:\Windows\System32\uklSAAC.exe
  C:\Windows\System32\uklSAAC.exe
  2⤵
  PID:1428
- C:\Windows\System32\Ifdhupp.exe
  C:\Windows\System32\Ifdhupp.exe
  2⤵
  PID:1964
- C:\Windows\System32\KnKUdTy.exe
  C:\Windows\System32\KnKUdTy.exe
  2⤵
  PID:5156
- C:\Windows\System32\ylJkTJa.exe
  C:\Windows\System32\ylJkTJa.exe
  2⤵
  PID:5208
- C:\Windows\System32\RNvIVtp.exe
  C:\Windows\System32\RNvIVtp.exe
  2⤵
  PID:5284
- C:\Windows\System32\vtIzCtF.exe
  C:\Windows\System32\vtIzCtF.exe
  2⤵
  PID:5352
- C:\Windows\System32\ymhgWAB.exe
  C:\Windows\System32\ymhgWAB.exe
  2⤵
  PID:5400
- C:\Windows\System32\EIuzhDe.exe
  C:\Windows\System32\EIuzhDe.exe
  2⤵
  PID:5480
- C:\Windows\System32\NeIEKce.exe
  C:\Windows\System32\NeIEKce.exe
  2⤵
  PID:5548
- C:\Windows\System32\ijBdPkF.exe
  C:\Windows\System32\ijBdPkF.exe
  2⤵
  PID:5596
- C:\Windows\System32\HHZodOR.exe
  C:\Windows\System32\HHZodOR.exe
  2⤵
  PID:5676
- C:\Windows\System32\RAJapJY.exe
  C:\Windows\System32\RAJapJY.exe
  2⤵
  PID:5736
- C:\Windows\System32\poMYEDn.exe
  C:\Windows\System32\poMYEDn.exe
  2⤵
  PID:5792
- C:\Windows\System32\LGyVwOX.exe
  C:\Windows\System32\LGyVwOX.exe
  2⤵
  PID:5872
- C:\Windows\System32\PsMVHMk.exe
  C:\Windows\System32\PsMVHMk.exe
  2⤵
  PID:5940
- C:\Windows\System32\HimpDOj.exe
  C:\Windows\System32\HimpDOj.exe
  2⤵
  PID:5988
- C:\Windows\System32\VdaQKVO.exe
  C:\Windows\System32\VdaQKVO.exe
  2⤵
  PID:6068
- C:\Windows\System32\yBYvMob.exe
  C:\Windows\System32\yBYvMob.exe
  2⤵
  PID:6136
- C:\Windows\System32\IgsPLLh.exe
  C:\Windows\System32\IgsPLLh.exe
  2⤵
  PID:4168
- C:\Windows\System32\GcRyPjw.exe
  C:\Windows\System32\GcRyPjw.exe
  2⤵
  PID:940
- C:\Windows\System32\cPWoaNC.exe
  C:\Windows\System32\cPWoaNC.exe
  2⤵
  PID:5144
- C:\Windows\System32\YUOwyig.exe
  C:\Windows\System32\YUOwyig.exe
  2⤵
  PID:5256
- C:\Windows\System32\QRYtutc.exe
  C:\Windows\System32\QRYtutc.exe
  2⤵
  PID:5428
- C:\Windows\System32\jaBIBtH.exe
  C:\Windows\System32\jaBIBtH.exe
  2⤵
  PID:5604
- C:\Windows\System32\Jjchkot.exe
  C:\Windows\System32\Jjchkot.exe
  2⤵
  PID:5716
- C:\Windows\System32\lAvJZHy.exe
  C:\Windows\System32\lAvJZHy.exe
  2⤵
  PID:5900
- C:\Windows\System32\sWIsBYL.exe
  C:\Windows\System32\sWIsBYL.exe
  2⤵
  PID:6160
- C:\Windows\System32\tAeSdlz.exe
  C:\Windows\System32\tAeSdlz.exe
  2⤵
  PID:6188
- C:\Windows\System32\REhGoHE.exe
  C:\Windows\System32\REhGoHE.exe
  2⤵
  PID:6216
- C:\Windows\System32\LTvnHGV.exe
  C:\Windows\System32\LTvnHGV.exe
  2⤵
  PID:6244
- C:\Windows\System32\ZnviiYH.exe
  C:\Windows\System32\ZnviiYH.exe
  2⤵
  PID:6272
- C:\Windows\System32\MfeCcDw.exe
  C:\Windows\System32\MfeCcDw.exe
  2⤵
  PID:6300
- C:\Windows\System32\kLgiNvx.exe
  C:\Windows\System32\kLgiNvx.exe
  2⤵
  PID:6328
- C:\Windows\System32\SGAoDHm.exe
  C:\Windows\System32\SGAoDHm.exe
  2⤵
  PID:6356
- C:\Windows\System32\TfGWndv.exe
  C:\Windows\System32\TfGWndv.exe
  2⤵
  PID:6384
- C:\Windows\System32\iLQzCqF.exe
  C:\Windows\System32\iLQzCqF.exe
  2⤵
  PID:6412
- C:\Windows\System32\zAVJmnZ.exe
  C:\Windows\System32\zAVJmnZ.exe
  2⤵
  PID:6440
- C:\Windows\System32\WpFIDtf.exe
  C:\Windows\System32\WpFIDtf.exe
  2⤵
  PID:6468
- C:\Windows\System32\ngsGQpF.exe
  C:\Windows\System32\ngsGQpF.exe
  2⤵
  PID:6496
- C:\Windows\System32\ooJoZJj.exe
  C:\Windows\System32\ooJoZJj.exe
  2⤵
  PID:6524
- C:\Windows\System32\XOArByC.exe
  C:\Windows\System32\XOArByC.exe
  2⤵
  PID:6552
- C:\Windows\System32\NhbrPpN.exe
  C:\Windows\System32\NhbrPpN.exe
  2⤵
  PID:6580
- C:\Windows\System32\PeXyFpJ.exe
  C:\Windows\System32\PeXyFpJ.exe
  2⤵
  PID:6608
- C:\Windows\System32\rNBpgnP.exe
  C:\Windows\System32\rNBpgnP.exe
  2⤵
  PID:6636
- C:\Windows\System32\vYrUpCg.exe
  C:\Windows\System32\vYrUpCg.exe
  2⤵
  PID:6664
- C:\Windows\System32\okvkWkm.exe
  C:\Windows\System32\okvkWkm.exe
  2⤵
  PID:6692
- C:\Windows\System32\LXkdvYW.exe
  C:\Windows\System32\LXkdvYW.exe
  2⤵
  PID:6720
- C:\Windows\System32\qybdBbf.exe
  C:\Windows\System32\qybdBbf.exe
  2⤵
  PID:6748
- C:\Windows\System32\FaYOpiL.exe
  C:\Windows\System32\FaYOpiL.exe
  2⤵
  PID:6776
- C:\Windows\System32\CEXKQvu.exe
  C:\Windows\System32\CEXKQvu.exe
  2⤵
  PID:6804
- C:\Windows\System32\tFzPWnb.exe
  C:\Windows\System32\tFzPWnb.exe
  2⤵
  PID:6840
- C:\Windows\System32\ZbXWRVY.exe
  C:\Windows\System32\ZbXWRVY.exe
  2⤵
  PID:6860
- C:\Windows\System32\dKejCfi.exe
  C:\Windows\System32\dKejCfi.exe
  2⤵
  PID:6888
- C:\Windows\System32\LKfsEkf.exe
  C:\Windows\System32\LKfsEkf.exe
  2⤵
  PID:6924
- C:\Windows\System32\QidBhxp.exe
  C:\Windows\System32\QidBhxp.exe
  2⤵
  PID:6944
- C:\Windows\System32\BtqICFv.exe
  C:\Windows\System32\BtqICFv.exe
  2⤵
  PID:6972
- C:\Windows\System32\LSKiXhm.exe
  C:\Windows\System32\LSKiXhm.exe
  2⤵
  PID:7000
- C:\Windows\System32\UPHThgJ.exe
  C:\Windows\System32\UPHThgJ.exe
  2⤵
  PID:7028
- C:\Windows\System32\BoHfrmb.exe
  C:\Windows\System32\BoHfrmb.exe
  2⤵
  PID:7064
- C:\Windows\System32\KVOInrZ.exe
  C:\Windows\System32\KVOInrZ.exe
  2⤵
  PID:7084
- C:\Windows\System32\qTKCZYf.exe
  C:\Windows\System32\qTKCZYf.exe
  2⤵
  PID:7120
- C:\Windows\System32\EOwnuTq.exe
  C:\Windows\System32\EOwnuTq.exe
  2⤵
  PID:7140
- C:\Windows\System32\lHgPCsQ.exe
  C:\Windows\System32\lHgPCsQ.exe
  2⤵
  PID:6016
- C:\Windows\System32\rNvNTam.exe
  C:\Windows\System32\rNvNTam.exe
  2⤵
  PID:6108
- C:\Windows\System32\nguLWYB.exe
  C:\Windows\System32\nguLWYB.exe
  2⤵
  PID:748
- C:\Windows\System32\WpJzYmC.exe
  C:\Windows\System32\WpJzYmC.exe
  2⤵
  PID:5576
- C:\Windows\System32\HvELQci.exe
  C:\Windows\System32\HvELQci.exe
  2⤵
  PID:5640
- C:\Windows\System32\xkrVcSt.exe
  C:\Windows\System32\xkrVcSt.exe
  2⤵
  PID:6172
- C:\Windows\System32\UlIrWCf.exe
  C:\Windows\System32\UlIrWCf.exe
  2⤵
  PID:6256
- C:\Windows\System32\BOysIUw.exe
  C:\Windows\System32\BOysIUw.exe
  2⤵
  PID:6288
- C:\Windows\System32\vsRfizR.exe
  C:\Windows\System32\vsRfizR.exe
  2⤵
  PID:6368
- C:\Windows\System32\JytEtnU.exe
  C:\Windows\System32\JytEtnU.exe
  2⤵
  PID:6436
- C:\Windows\System32\yBVZlWg.exe
  C:\Windows\System32\yBVZlWg.exe
  2⤵
  PID:6484
- C:\Windows\System32\WUXorFS.exe
  C:\Windows\System32\WUXorFS.exe
  2⤵
  PID:6564
- C:\Windows\System32\oaDxkgQ.exe
  C:\Windows\System32\oaDxkgQ.exe
  2⤵
  PID:6632
- C:\Windows\System32\kPKYqRc.exe
  C:\Windows\System32\kPKYqRc.exe
  2⤵
  PID:6680
- C:\Windows\System32\kQfBVul.exe
  C:\Windows\System32\kQfBVul.exe
  2⤵
  PID:6760
- C:\Windows\System32\UGfAlwk.exe
  C:\Windows\System32\UGfAlwk.exe
  2⤵
  PID:6828
- C:\Windows\System32\efKBmTd.exe
  C:\Windows\System32\efKBmTd.exe
  2⤵
  PID:6876
- C:\Windows\System32\bLFZudU.exe
  C:\Windows\System32\bLFZudU.exe
  2⤵
  PID:6960
- C:\Windows\System32\HZzHewL.exe
  C:\Windows\System32\HZzHewL.exe
  2⤵
  PID:7024
- C:\Windows\System32\rrWstJO.exe
  C:\Windows\System32\rrWstJO.exe
  2⤵
  PID:7108
- C:\Windows\System32\fTzHtgO.exe
  C:\Windows\System32\fTzHtgO.exe
  2⤵
  PID:7156
- C:\Windows\System32\ssEVfwk.exe
  C:\Windows\System32\ssEVfwk.exe
  2⤵
  PID:5212
- C:\Windows\System32\yeqQzMK.exe
  C:\Windows\System32\yeqQzMK.exe
  2⤵
  PID:6148
- C:\Windows\System32\Rvmikjd.exe
  C:\Windows\System32\Rvmikjd.exe
  2⤵
  PID:6232
- C:\Windows\System32\LkyXhPT.exe
  C:\Windows\System32\LkyXhPT.exe
  2⤵
  PID:6464
- C:\Windows\System32\imxOrWS.exe
  C:\Windows\System32\imxOrWS.exe
  2⤵
  PID:1364
- C:\Windows\System32\pnaUCCV.exe
  C:\Windows\System32\pnaUCCV.exe
  2⤵
  PID:6736
- C:\Windows\System32\yaqTHWM.exe
  C:\Windows\System32\yaqTHWM.exe
  2⤵
  PID:6852
- C:\Windows\System32\iCmRWyf.exe
  C:\Windows\System32\iCmRWyf.exe
  2⤵
  PID:7052
- C:\Windows\System32\IlxweeH.exe
  C:\Windows\System32\IlxweeH.exe
  2⤵
  PID:7164
- C:\Windows\System32\YXwqaRu.exe
  C:\Windows\System32\YXwqaRu.exe
  2⤵
  PID:5380
- C:\Windows\System32\GJeqjkM.exe
  C:\Windows\System32\GJeqjkM.exe
  2⤵
  PID:6540
- C:\Windows\System32\pZqlPdx.exe
  C:\Windows\System32\pZqlPdx.exe
  2⤵
  PID:6708
- C:\Windows\System32\KDTrSUw.exe
  C:\Windows\System32\KDTrSUw.exe
  2⤵
  PID:2424
- C:\Windows\System32\mVYRdzZ.exe
  C:\Windows\System32\mVYRdzZ.exe
  2⤵
  PID:7196
- C:\Windows\System32\PzxzNdy.exe
  C:\Windows\System32\PzxzNdy.exe
  2⤵
  PID:7224
- C:\Windows\System32\eiMFtNr.exe
  C:\Windows\System32\eiMFtNr.exe
  2⤵
  PID:7252
- C:\Windows\System32\MWaQDMq.exe
  C:\Windows\System32\MWaQDMq.exe
  2⤵
  PID:7280
- C:\Windows\System32\illZwCz.exe
  C:\Windows\System32\illZwCz.exe
  2⤵
  PID:7308
- C:\Windows\System32\ZexCJRs.exe
  C:\Windows\System32\ZexCJRs.exe
  2⤵
  PID:7336
- C:\Windows\System32\mxVpwFc.exe
  C:\Windows\System32\mxVpwFc.exe
  2⤵
  PID:7364
- C:\Windows\System32\DsAksti.exe
  C:\Windows\System32\DsAksti.exe
  2⤵
  PID:7392
- C:\Windows\System32\PcLwvBu.exe
  C:\Windows\System32\PcLwvBu.exe
  2⤵
  PID:7420
- C:\Windows\System32\JEoVZom.exe
  C:\Windows\System32\JEoVZom.exe
  2⤵
  PID:7448
- C:\Windows\System32\PJkUJlL.exe
  C:\Windows\System32\PJkUJlL.exe
  2⤵
  PID:7476
- C:\Windows\System32\fqphjbg.exe
  C:\Windows\System32\fqphjbg.exe
  2⤵
  PID:7504
- C:\Windows\System32\cKOsBxs.exe
  C:\Windows\System32\cKOsBxs.exe
  2⤵
  PID:7532
- C:\Windows\System32\vHSGCtA.exe
  C:\Windows\System32\vHSGCtA.exe
  2⤵
  PID:7560
- C:\Windows\System32\nfZEolf.exe
  C:\Windows\System32\nfZEolf.exe
  2⤵
  PID:7588
- C:\Windows\System32\yMYKBAG.exe
  C:\Windows\System32\yMYKBAG.exe
  2⤵
  PID:7616
- C:\Windows\System32\AAkALwU.exe
  C:\Windows\System32\AAkALwU.exe
  2⤵
  PID:7644
- C:\Windows\System32\lCiQpJQ.exe
  C:\Windows\System32\lCiQpJQ.exe
  2⤵
  PID:7672
- C:\Windows\System32\GqyevkK.exe
  C:\Windows\System32\GqyevkK.exe
  2⤵
  PID:7700
- C:\Windows\System32\uyoxQjv.exe
  C:\Windows\System32\uyoxQjv.exe
  2⤵
  PID:7728
- C:\Windows\System32\ymwUHky.exe
  C:\Windows\System32\ymwUHky.exe
  2⤵
  PID:7756
- C:\Windows\System32\JGRvmKo.exe
  C:\Windows\System32\JGRvmKo.exe
  2⤵
  PID:7792
- C:\Windows\System32\mIwHAzu.exe
  C:\Windows\System32\mIwHAzu.exe
  2⤵
  PID:7812
- C:\Windows\System32\yzuxQZY.exe
  C:\Windows\System32\yzuxQZY.exe
  2⤵
  PID:7840
- C:\Windows\System32\qhauBzk.exe
  C:\Windows\System32\qhauBzk.exe
  2⤵
  PID:7868
- C:\Windows\System32\JWkvVJD.exe
  C:\Windows\System32\JWkvVJD.exe
  2⤵
  PID:7896
- C:\Windows\System32\WcoVxlK.exe
  C:\Windows\System32\WcoVxlK.exe
  2⤵
  PID:7924
- C:\Windows\System32\JooIaPh.exe
  C:\Windows\System32\JooIaPh.exe
  2⤵
  PID:7960
- C:\Windows\System32\zlJhJiG.exe
  C:\Windows\System32\zlJhJiG.exe
  2⤵
  PID:7980
- C:\Windows\System32\JnEWAhe.exe
  C:\Windows\System32\JnEWAhe.exe
  2⤵
  PID:8008
- C:\Windows\System32\STrYhvG.exe
  C:\Windows\System32\STrYhvG.exe
  2⤵
  PID:8036
- C:\Windows\System32\NSCweVV.exe
  C:\Windows\System32\NSCweVV.exe
  2⤵
  PID:8064
- C:\Windows\System32\iMpMEyd.exe
  C:\Windows\System32\iMpMEyd.exe
  2⤵
  PID:8100
- C:\Windows\System32\uvgSaVs.exe
  C:\Windows\System32\uvgSaVs.exe
  2⤵
  PID:8120
- C:\Windows\System32\QQqsFcc.exe
  C:\Windows\System32\QQqsFcc.exe
  2⤵
  PID:8148
- C:\Windows\System32\qTPVlgY.exe
  C:\Windows\System32\qTPVlgY.exe
  2⤵
  PID:8176
- C:\Windows\System32\CmqcAHM.exe
  C:\Windows\System32\CmqcAHM.exe
  2⤵
  PID:5732
- C:\Windows\System32\UDQiXxp.exe
  C:\Windows\System32\UDQiXxp.exe
  2⤵
  PID:6660
- C:\Windows\System32\RBgWyzy.exe
  C:\Windows\System32\RBgWyzy.exe
  2⤵
  PID:7208
- C:\Windows\System32\CAkznWB.exe
  C:\Windows\System32\CAkznWB.exe
  2⤵
  PID:7264
- C:\Windows\System32\erNeYai.exe
  C:\Windows\System32\erNeYai.exe
  2⤵
  PID:7320
- C:\Windows\System32\rZTUCGI.exe
  C:\Windows\System32\rZTUCGI.exe
  2⤵
  PID:7388
- C:\Windows\System32\kJKAsyl.exe
  C:\Windows\System32\kJKAsyl.exe
  2⤵
  PID:7436
- C:\Windows\System32\pCqajDh.exe
  C:\Windows\System32\pCqajDh.exe
  2⤵
  PID:7492
- C:\Windows\System32\KILBMRR.exe
  C:\Windows\System32\KILBMRR.exe
  2⤵
  PID:3404
- C:\Windows\System32\NnGpfZP.exe
  C:\Windows\System32\NnGpfZP.exe
  2⤵
  PID:7612
- C:\Windows\System32\vszCgfa.exe
  C:\Windows\System32\vszCgfa.exe
  2⤵
  PID:7752
- C:\Windows\System32\qWNvCov.exe
  C:\Windows\System32\qWNvCov.exe
  2⤵
  PID:7780
- C:\Windows\System32\LcTnuYc.exe
  C:\Windows\System32\LcTnuYc.exe
  2⤵
  PID:7824
- C:\Windows\System32\NxLWubX.exe
  C:\Windows\System32\NxLWubX.exe
  2⤵
  PID:7892
- C:\Windows\System32\dSGJlBC.exe
  C:\Windows\System32\dSGJlBC.exe
  2⤵
  PID:7976
- C:\Windows\System32\LnGFOWy.exe
  C:\Windows\System32\LnGFOWy.exe
  2⤵
  PID:1556
- C:\Windows\System32\jSqTYyu.exe
  C:\Windows\System32\jSqTYyu.exe
  2⤵
  PID:8060
- C:\Windows\System32\ioCRzSJ.exe
  C:\Windows\System32\ioCRzSJ.exe
  2⤵
  PID:8096
- C:\Windows\System32\XRqtoiO.exe
  C:\Windows\System32\XRqtoiO.exe
  2⤵
  PID:8132
- C:\Windows\System32\JHyBHqx.exe
  C:\Windows\System32\JHyBHqx.exe
  2⤵
  PID:6344
- C:\Windows\System32\DlIMwFp.exe
  C:\Windows\System32\DlIMwFp.exe
  2⤵
  PID:7212
- C:\Windows\System32\hCfEweH.exe
  C:\Windows\System32\hCfEweH.exe
  2⤵
  PID:7464
- C:\Windows\System32\DTBvoXQ.exe
  C:\Windows\System32\DTBvoXQ.exe
  2⤵
  PID:2380
- C:\Windows\System32\clLCbgL.exe
  C:\Windows\System32\clLCbgL.exe
  2⤵
  PID:2780
- C:\Windows\System32\GMDsRPK.exe
  C:\Windows\System32\GMDsRPK.exe
  2⤵
  PID:3800
- C:\Windows\System32\tVtYAmt.exe
  C:\Windows\System32\tVtYAmt.exe
  2⤵
  PID:4764
- C:\Windows\System32\TTzMQno.exe
  C:\Windows\System32\TTzMQno.exe
  2⤵
  PID:2256
- C:\Windows\System32\AJsvCsB.exe
  C:\Windows\System32\AJsvCsB.exe
  2⤵
  PID:4144
- C:\Windows\System32\aqjNEbV.exe
  C:\Windows\System32\aqjNEbV.exe
  2⤵
  PID:7912
- C:\Windows\System32\hkmOHpe.exe
  C:\Windows\System32\hkmOHpe.exe
  2⤵
  PID:4792
- C:\Windows\System32\BaSNdQf.exe
  C:\Windows\System32\BaSNdQf.exe
  2⤵
  PID:8188
- C:\Windows\System32\IrsBEjf.exe
  C:\Windows\System32\IrsBEjf.exe
  2⤵
  PID:7240
- C:\Windows\System32\ICNjTcn.exe
  C:\Windows\System32\ICNjTcn.exe
  2⤵
  PID:2636
- C:\Windows\System32\DgRNWIB.exe
  C:\Windows\System32\DgRNWIB.exe
  2⤵
  PID:8112
- C:\Windows\System32\zexwUBj.exe
  C:\Windows\System32\zexwUBj.exe
  2⤵
  PID:6316
- C:\Windows\System32\SBcyoIs.exe
  C:\Windows\System32\SBcyoIs.exe
  2⤵
  PID:7488
- C:\Windows\System32\larVKVD.exe
  C:\Windows\System32\larVKVD.exe
  2⤵
  PID:7376
- C:\Windows\System32\LbXqPwE.exe
  C:\Windows\System32\LbXqPwE.exe
  2⤵
  PID:636
- C:\Windows\System32\LpRcacU.exe
  C:\Windows\System32\LpRcacU.exe
  2⤵
  PID:4528
- C:\Windows\System32\RaElCvh.exe
  C:\Windows\System32\RaElCvh.exe
  2⤵
  PID:7528
- C:\Windows\System32\sNSjjbS.exe
  C:\Windows\System32\sNSjjbS.exe
  2⤵
  PID:3028
- C:\Windows\System32\qzkGkCR.exe
  C:\Windows\System32\qzkGkCR.exe
  2⤵
  PID:4900
- C:\Windows\System32\BGyjwYY.exe
  C:\Windows\System32\BGyjwYY.exe
  2⤵
  PID:2416
- C:\Windows\System32\VKKNSYl.exe
  C:\Windows\System32\VKKNSYl.exe
  2⤵
  PID:1356
- C:\Windows\System32\lgEZErt.exe
  C:\Windows\System32\lgEZErt.exe
  2⤵
  PID:8208
- C:\Windows\System32\KAdKZEP.exe
  C:\Windows\System32\KAdKZEP.exe
  2⤵
  PID:8224
- C:\Windows\System32\yYOrJpr.exe
  C:\Windows\System32\yYOrJpr.exe
  2⤵
  PID:8252
- C:\Windows\System32\oVHBodX.exe
  C:\Windows\System32\oVHBodX.exe
  2⤵
  PID:8292
- C:\Windows\System32\LzzsakV.exe
  C:\Windows\System32\LzzsakV.exe
  2⤵
  PID:8320
- C:\Windows\System32\eIcgCfr.exe
  C:\Windows\System32\eIcgCfr.exe
  2⤵
  PID:8344
- C:\Windows\System32\WyCaqHH.exe
  C:\Windows\System32\WyCaqHH.exe
  2⤵
  PID:8364
- C:\Windows\System32\yubnyRE.exe
  C:\Windows\System32\yubnyRE.exe
  2⤵
  PID:8416
- C:\Windows\System32\SswvyrK.exe
  C:\Windows\System32\SswvyrK.exe
  2⤵
  PID:8432
- C:\Windows\System32\doRPkUC.exe
  C:\Windows\System32\doRPkUC.exe
  2⤵
  PID:8460
- C:\Windows\System32\nFpYfwX.exe
  C:\Windows\System32\nFpYfwX.exe
  2⤵
  PID:8480
- C:\Windows\System32\WFeItLd.exe
  C:\Windows\System32\WFeItLd.exe
  2⤵
  PID:8520
- C:\Windows\System32\jlNOPfv.exe
  C:\Windows\System32\jlNOPfv.exe
  2⤵
  PID:8548
- C:\Windows\System32\GNUfArp.exe
  C:\Windows\System32\GNUfArp.exe
  2⤵
  PID:8576
- C:\Windows\System32\lezpfEF.exe
  C:\Windows\System32\lezpfEF.exe
  2⤵
  PID:8608
- C:\Windows\System32\LQuITzW.exe
  C:\Windows\System32\LQuITzW.exe
  2⤵
  PID:8636
- C:\Windows\System32\iGvuKRN.exe
  C:\Windows\System32\iGvuKRN.exe
  2⤵
  PID:8664
- C:\Windows\System32\oraBMFb.exe
  C:\Windows\System32\oraBMFb.exe
  2⤵
  PID:8680
- C:\Windows\System32\ZaAIwnx.exe
  C:\Windows\System32\ZaAIwnx.exe
  2⤵
  PID:8728
- C:\Windows\System32\gspatYo.exe
  C:\Windows\System32\gspatYo.exe
  2⤵
  PID:8748
- C:\Windows\System32\nVxboCL.exe
  C:\Windows\System32\nVxboCL.exe
  2⤵
  PID:8780
- C:\Windows\System32\SiiqpWV.exe
  C:\Windows\System32\SiiqpWV.exe
  2⤵
  PID:8816
- C:\Windows\System32\ltVKpQM.exe
  C:\Windows\System32\ltVKpQM.exe
  2⤵
  PID:8848
- C:\Windows\System32\GcIAbNc.exe
  C:\Windows\System32\GcIAbNc.exe
  2⤵
  PID:8888
- C:\Windows\System32\OwLjOnl.exe
  C:\Windows\System32\OwLjOnl.exe
  2⤵
  PID:8908
- C:\Windows\System32\mpasyBi.exe
  C:\Windows\System32\mpasyBi.exe
  2⤵
  PID:8932
- C:\Windows\System32\bydtfSZ.exe
  C:\Windows\System32\bydtfSZ.exe
  2⤵
  PID:8960
- C:\Windows\System32\vnYEcKX.exe
  C:\Windows\System32\vnYEcKX.exe
  2⤵
  PID:9000
- C:\Windows\System32\oWkPxPN.exe
  C:\Windows\System32\oWkPxPN.exe
  2⤵
  PID:9036
- C:\Windows\System32\qyZdjJC.exe
  C:\Windows\System32\qyZdjJC.exe
  2⤵
  PID:9064
- C:\Windows\System32\pheIDsg.exe
  C:\Windows\System32\pheIDsg.exe
  2⤵
  PID:9108
- C:\Windows\System32\RRRTZxs.exe
  C:\Windows\System32\RRRTZxs.exe
  2⤵
  PID:9144
- C:\Windows\System32\lSGKJVp.exe
  C:\Windows\System32\lSGKJVp.exe
  2⤵
  PID:9168
- C:\Windows\System32\VCnsaes.exe
  C:\Windows\System32\VCnsaes.exe
  2⤵
  PID:9204
- C:\Windows\System32\MbSRGME.exe
  C:\Windows\System32\MbSRGME.exe
  2⤵
  PID:8248
- C:\Windows\System32\QJyhVYY.exe
  C:\Windows\System32\QJyhVYY.exe
  2⤵
  PID:8284
- C:\Windows\System32\zwDAYII.exe
  C:\Windows\System32\zwDAYII.exe
  2⤵
  PID:8380
- C:\Windows\System32\HWbLLhj.exe
  C:\Windows\System32\HWbLLhj.exe
  2⤵
  PID:8444
- C:\Windows\System32\KKmcOvm.exe
  C:\Windows\System32\KKmcOvm.exe
  2⤵
  PID:8516
- C:\Windows\System32\btGjVFx.exe
  C:\Windows\System32\btGjVFx.exe
  2⤵
  PID:8588
- C:\Windows\System32\SzrNJpu.exe
  C:\Windows\System32\SzrNJpu.exe
  2⤵
  PID:8656
- C:\Windows\System32\tqqWNTC.exe
  C:\Windows\System32\tqqWNTC.exe
  2⤵
  PID:8740
- C:\Windows\System32\rkxoQwx.exe
  C:\Windows\System32\rkxoQwx.exe
  2⤵
  PID:8764
- C:\Windows\System32\VMsAEkI.exe
  C:\Windows\System32\VMsAEkI.exe
  2⤵
  PID:8844
- C:\Windows\System32\UKfsisR.exe
  C:\Windows\System32\UKfsisR.exe
  2⤵
  PID:8896
- C:\Windows\System32\sWqYePt.exe
  C:\Windows\System32\sWqYePt.exe
  2⤵
  PID:8948
- C:\Windows\System32\LXbrYHP.exe
  C:\Windows\System32\LXbrYHP.exe
  2⤵
  PID:9028
- C:\Windows\System32\SUfsAki.exe
  C:\Windows\System32\SUfsAki.exe
  2⤵
  PID:9124
- C:\Windows\System32\zGQIcdu.exe
  C:\Windows\System32\zGQIcdu.exe
  2⤵
  PID:8236
- C:\Windows\System32\pYZpIBj.exe
  C:\Windows\System32\pYZpIBj.exe
  2⤵
  PID:8388
- C:\Windows\System32\nKNATXx.exe
  C:\Windows\System32\nKNATXx.exe
  2⤵
  PID:8540
- C:\Windows\System32\VoTxwjZ.exe
  C:\Windows\System32\VoTxwjZ.exe
  2⤵
  PID:8712
- C:\Windows\System32\RFuDARR.exe
  C:\Windows\System32\RFuDARR.exe
  2⤵
  PID:8884
- C:\Windows\System32\UjKWwHo.exe
  C:\Windows\System32\UjKWwHo.exe
  2⤵
  PID:8924
- C:\Windows\System32\Wpczrrv.exe
  C:\Windows\System32\Wpczrrv.exe
  2⤵
  PID:8204
- C:\Windows\System32\EnESeiN.exe
  C:\Windows\System32\EnESeiN.exe
  2⤵
  PID:8632
- C:\Windows\System32\ZLrGoTA.exe
  C:\Windows\System32\ZLrGoTA.exe
  2⤵
  PID:8928
- C:\Windows\System32\fQegIiq.exe
  C:\Windows\System32\fQegIiq.exe
  2⤵
  PID:8568
- C:\Windows\System32\WqbSxCX.exe
  C:\Windows\System32\WqbSxCX.exe
  2⤵
  PID:8704
- C:\Windows\System32\ABdpwpT.exe
  C:\Windows\System32\ABdpwpT.exe
  2⤵
  PID:9236
- C:\Windows\System32\gKrcKxa.exe
  C:\Windows\System32\gKrcKxa.exe
  2⤵
  PID:9264
- C:\Windows\System32\ZgAxaFN.exe
  C:\Windows\System32\ZgAxaFN.exe
  2⤵
  PID:9292
- C:\Windows\System32\MwQbwfH.exe
  C:\Windows\System32\MwQbwfH.exe
  2⤵
  PID:9308
- C:\Windows\System32\UeBKxji.exe
  C:\Windows\System32\UeBKxji.exe
  2⤵
  PID:9348
- C:\Windows\System32\wESOJDv.exe
  C:\Windows\System32\wESOJDv.exe
  2⤵
  PID:9376
- C:\Windows\System32\RwxUdPe.exe
  C:\Windows\System32\RwxUdPe.exe
  2⤵
  PID:9400
- C:\Windows\System32\CTauJYb.exe
  C:\Windows\System32\CTauJYb.exe
  2⤵
  PID:9432
- C:\Windows\System32\zeMNXgn.exe
  C:\Windows\System32\zeMNXgn.exe
  2⤵
  PID:9460
- C:\Windows\System32\fFeSeCC.exe
  C:\Windows\System32\fFeSeCC.exe
  2⤵
  PID:9476
- C:\Windows\System32\jeznPQt.exe
  C:\Windows\System32\jeznPQt.exe
  2⤵
  PID:9516
- C:\Windows\System32\fqWkYFh.exe
  C:\Windows\System32\fqWkYFh.exe
  2⤵
  PID:9544
- C:\Windows\System32\SWggnAm.exe
  C:\Windows\System32\SWggnAm.exe
  2⤵
  PID:9572
- C:\Windows\System32\ExNfnTl.exe
  C:\Windows\System32\ExNfnTl.exe
  2⤵
  PID:9600
- C:\Windows\System32\emIjvHm.exe
  C:\Windows\System32\emIjvHm.exe
  2⤵
  PID:9616
- C:\Windows\System32\TcnGEmr.exe
  C:\Windows\System32\TcnGEmr.exe
  2⤵
  PID:9656
- C:\Windows\System32\ZmiEHZi.exe
  C:\Windows\System32\ZmiEHZi.exe
  2⤵
  PID:9688
- C:\Windows\System32\GtpWfsj.exe
  C:\Windows\System32\GtpWfsj.exe
  2⤵
  PID:9716
- C:\Windows\System32\CoUuGPC.exe
  C:\Windows\System32\CoUuGPC.exe
  2⤵
  PID:9748
- C:\Windows\System32\RgfKhuF.exe
  C:\Windows\System32\RgfKhuF.exe
  2⤵
  PID:9764
- C:\Windows\System32\BgDnNPJ.exe
  C:\Windows\System32\BgDnNPJ.exe
  2⤵
  PID:9804
- C:\Windows\System32\cwgbPlS.exe
  C:\Windows\System32\cwgbPlS.exe
  2⤵
  PID:9832
- C:\Windows\System32\nGTUduz.exe
  C:\Windows\System32\nGTUduz.exe
  2⤵
  PID:9860
- C:\Windows\System32\BWkGdRs.exe
  C:\Windows\System32\BWkGdRs.exe
  2⤵
  PID:9888
- C:\Windows\System32\IYuDNJs.exe
  C:\Windows\System32\IYuDNJs.exe
  2⤵
  PID:9908
- C:\Windows\System32\ZQRIyZd.exe
  C:\Windows\System32\ZQRIyZd.exe
  2⤵
  PID:9944
- C:\Windows\System32\jZuBLan.exe
  C:\Windows\System32\jZuBLan.exe
  2⤵
  PID:9968
- C:\Windows\System32\KUFBAnW.exe
  C:\Windows\System32\KUFBAnW.exe
  2⤵
  PID:9988
- C:\Windows\System32\ucMzAWu.exe
  C:\Windows\System32\ucMzAWu.exe
  2⤵
  PID:10020
- C:\Windows\System32\lVPAIZs.exe
  C:\Windows\System32\lVPAIZs.exe
  2⤵
  PID:10072
- C:\Windows\System32\yEfPkRE.exe
  C:\Windows\System32\yEfPkRE.exe
  2⤵
  PID:10092
- C:\Windows\System32\uUNsDab.exe
  C:\Windows\System32\uUNsDab.exe
  2⤵
  PID:10128
- C:\Windows\System32\fEFWsCh.exe
  C:\Windows\System32\fEFWsCh.exe
  2⤵
  PID:10160
- C:\Windows\System32\SlxqbRn.exe
  C:\Windows\System32\SlxqbRn.exe
  2⤵
  PID:10196
- C:\Windows\System32\iWIqpYT.exe
  C:\Windows\System32\iWIqpYT.exe
  2⤵
  PID:9232
- C:\Windows\System32\lpopICP.exe
  C:\Windows\System32\lpopICP.exe
  2⤵
  PID:9288
- C:\Windows\System32\keOSdOp.exe
  C:\Windows\System32\keOSdOp.exe
  2⤵
  PID:9340
- C:\Windows\System32\cjXyMgn.exe
  C:\Windows\System32\cjXyMgn.exe
  2⤵
  PID:9416
- C:\Windows\System32\OGdaqXl.exe
  C:\Windows\System32\OGdaqXl.exe
  2⤵
  PID:9452
- C:\Windows\System32\ikObZvN.exe
  C:\Windows\System32\ikObZvN.exe
  2⤵
  PID:9536
- C:\Windows\System32\mepBYcq.exe
  C:\Windows\System32\mepBYcq.exe
  2⤵
  PID:9588
- C:\Windows\System32\YGgClcM.exe
  C:\Windows\System32\YGgClcM.exe
  2⤵
  PID:9680
- C:\Windows\System32\klAzSbQ.exe
  C:\Windows\System32\klAzSbQ.exe
  2⤵
  PID:9756
- C:\Windows\System32\VCTeEJC.exe
  C:\Windows\System32\VCTeEJC.exe
  2⤵
  PID:9824
- C:\Windows\System32\dQoGUIt.exe
  C:\Windows\System32\dQoGUIt.exe
  2⤵
  PID:9848
- C:\Windows\System32\LcuRiuI.exe
  C:\Windows\System32\LcuRiuI.exe
  2⤵
  PID:9964
- C:\Windows\System32\LEwYyte.exe
  C:\Windows\System32\LEwYyte.exe
  2⤵
  PID:10028
- C:\Windows\System32\foZLdXU.exe
  C:\Windows\System32\foZLdXU.exe
  2⤵
  PID:10060
- C:\Windows\System32\BLEuIIh.exe
  C:\Windows\System32\BLEuIIh.exe
  2⤵
  PID:10184
- C:\Windows\System32\FZfPpMf.exe
  C:\Windows\System32\FZfPpMf.exe
  2⤵
  PID:9248
- C:\Windows\System32\ismmKXM.exe
  C:\Windows\System32\ismmKXM.exe
  2⤵
  PID:9392
- C:\Windows\System32\wbGevTL.exe
  C:\Windows\System32\wbGevTL.exe
  2⤵
  PID:9508
- C:\Windows\System32\gQqYLKB.exe
  C:\Windows\System32\gQqYLKB.exe
  2⤵
  PID:9648
- C:\Windows\System32\aJMcrTb.exe
  C:\Windows\System32\aJMcrTb.exe
  2⤵
  PID:9816
- C:\Windows\System32\Hyjgtnh.exe
  C:\Windows\System32\Hyjgtnh.exe
  2⤵
  PID:10000
- C:\Windows\System32\loZpOMi.exe
  C:\Windows\System32\loZpOMi.exe
  2⤵
  PID:10140
- C:\Windows\System32\EMiSMYI.exe
  C:\Windows\System32\EMiSMYI.exe
  2⤵
  PID:9276
- C:\Windows\System32\qdQOShW.exe
  C:\Windows\System32\qdQOShW.exe
  2⤵
  PID:9736
- C:\Windows\System32\KEwaTFG.exe
  C:\Windows\System32\KEwaTFG.exe
  2⤵
  PID:9936
- C:\Windows\System32\qwtriKg.exe
  C:\Windows\System32\qwtriKg.exe
  2⤵
  PID:9528
- C:\Windows\System32\CXZMSnM.exe
  C:\Windows\System32\CXZMSnM.exe
  2⤵
  PID:9368
- C:\Windows\System32\aClIdWN.exe
  C:\Windows\System32\aClIdWN.exe
  2⤵
  PID:10236
- C:\Windows\System32\wtLOoot.exe
  C:\Windows\System32\wtLOoot.exe
  2⤵
  PID:10272
- C:\Windows\System32\FEFHqHl.exe
  C:\Windows\System32\FEFHqHl.exe
  2⤵
  PID:10300
- C:\Windows\System32\BjVlGHh.exe
  C:\Windows\System32\BjVlGHh.exe
  2⤵
  PID:10340
- C:\Windows\System32\TTJvHmW.exe
  C:\Windows\System32\TTJvHmW.exe
  2⤵
  PID:10368
- C:\Windows\System32\HikxvEP.exe
  C:\Windows\System32\HikxvEP.exe
  2⤵
  PID:10396
- C:\Windows\System32\saGisMF.exe
  C:\Windows\System32\saGisMF.exe
  2⤵
  PID:10412
- C:\Windows\System32\CIwBaKK.exe
  C:\Windows\System32\CIwBaKK.exe
  2⤵
  PID:10456
- C:\Windows\System32\wbugWYa.exe
  C:\Windows\System32\wbugWYa.exe
  2⤵
  PID:10496
- C:\Windows\System32\FQxTBQe.exe
  C:\Windows\System32\FQxTBQe.exe
  2⤵
  PID:10512
- C:\Windows\System32\GvrYbql.exe
  C:\Windows\System32\GvrYbql.exe
  2⤵
  PID:10552
- C:\Windows\System32\gHcliFs.exe
  C:\Windows\System32\gHcliFs.exe
  2⤵
  PID:10588
- C:\Windows\System32\wYeyoIG.exe
  C:\Windows\System32\wYeyoIG.exe
  2⤵
  PID:10624
- C:\Windows\System32\fGnEObF.exe
  C:\Windows\System32\fGnEObF.exe
  2⤵
  PID:10652
- C:\Windows\System32\VaNnuDU.exe
  C:\Windows\System32\VaNnuDU.exe
  2⤵
  PID:10700
- C:\Windows\System32\GUuqRaj.exe
  C:\Windows\System32\GUuqRaj.exe
  2⤵
  PID:10748
- C:\Windows\System32\UqRXgRB.exe
  C:\Windows\System32\UqRXgRB.exe
  2⤵
  PID:10768
- C:\Windows\System32\BypfmAW.exe
  C:\Windows\System32\BypfmAW.exe
  2⤵
  PID:10816
- C:\Windows\System32\fUOKSfp.exe
  C:\Windows\System32\fUOKSfp.exe
  2⤵
  PID:10848
- C:\Windows\System32\xaBIlQo.exe
  C:\Windows\System32\xaBIlQo.exe
  2⤵
  PID:10908
- C:\Windows\System32\yHlzwPK.exe
  C:\Windows\System32\yHlzwPK.exe
  2⤵
  PID:10936
- C:\Windows\System32\mdxjFbq.exe
  C:\Windows\System32\mdxjFbq.exe
  2⤵
  PID:10976
- C:\Windows\System32\rJVLidV.exe
  C:\Windows\System32\rJVLidV.exe
  2⤵
  PID:11016
- C:\Windows\System32\fYEQeMg.exe
  C:\Windows\System32\fYEQeMg.exe
  2⤵
  PID:11056
- C:\Windows\System32\kJjNXvQ.exe
  C:\Windows\System32\kJjNXvQ.exe
  2⤵
  PID:11084
- C:\Windows\System32\LpSsesj.exe
  C:\Windows\System32\LpSsesj.exe
  2⤵
  PID:11116
- C:\Windows\System32\IOMNDCK.exe
  C:\Windows\System32\IOMNDCK.exe
  2⤵
  PID:11148
- C:\Windows\System32\WEOcQKZ.exe
  C:\Windows\System32\WEOcQKZ.exe
  2⤵
  PID:11176
- C:\Windows\System32\SAdfdOR.exe
  C:\Windows\System32\SAdfdOR.exe
  2⤵
  PID:11212
- C:\Windows\System32\YmyWQiM.exe
  C:\Windows\System32\YmyWQiM.exe
  2⤵
  PID:11240
- C:\Windows\System32\luUljeh.exe
  C:\Windows\System32\luUljeh.exe
  2⤵
  PID:10080
- C:\Windows\System32\eqBMCzu.exe
  C:\Windows\System32\eqBMCzu.exe
  2⤵
  PID:3672
- C:\Windows\System32\pwvZhgg.exe
  C:\Windows\System32\pwvZhgg.exe
  2⤵
  PID:10320
- C:\Windows\System32\MyLsfCo.exe
  C:\Windows\System32\MyLsfCo.exe
  2⤵
  PID:10388
- C:\Windows\System32\BDmtkts.exe
  C:\Windows\System32\BDmtkts.exe
  2⤵
  PID:10508
- C:\Windows\System32\FLEkbPA.exe
  C:\Windows\System32\FLEkbPA.exe
  2⤵
  PID:10608
- C:\Windows\System32\LdPonxr.exe
  C:\Windows\System32\LdPonxr.exe
  2⤵
  PID:10696
- C:\Windows\System32\SaJOkum.exe
  C:\Windows\System32\SaJOkum.exe
  2⤵
  PID:10800
- C:\Windows\System32\yrBayqS.exe
  C:\Windows\System32\yrBayqS.exe
  2⤵
  PID:10924
- C:\Windows\System32\iErqqqw.exe
  C:\Windows\System32\iErqqqw.exe
  2⤵
  PID:10988
- C:\Windows\System32\hELlbDy.exe
  C:\Windows\System32\hELlbDy.exe
  2⤵
  PID:11048
- C:\Windows\System32\lyNdeQf.exe
  C:\Windows\System32\lyNdeQf.exe
  2⤵
  PID:11108
- C:\Windows\System32\fjfDWlh.exe
  C:\Windows\System32\fjfDWlh.exe
  2⤵
  PID:11196
- C:\Windows\System32\Ceulfqe.exe
  C:\Windows\System32\Ceulfqe.exe
  2⤵
  PID:11256
- C:\Windows\System32\LCHLMnD.exe
  C:\Windows\System32\LCHLMnD.exe
  2⤵
  PID:10312
- C:\Windows\System32\cRiydsI.exe
  C:\Windows\System32\cRiydsI.exe
  2⤵
  PID:10536
- C:\Windows\System32\LZTNyvX.exe
  C:\Windows\System32\LZTNyvX.exe
  2⤵
  PID:10648
- C:\Windows\System32\KQWgtlr.exe
  C:\Windows\System32\KQWgtlr.exe
  2⤵
  PID:11036
- C:\Windows\System32\ldzhCBW.exe
  C:\Windows\System32\ldzhCBW.exe
  2⤵
  PID:11128
- C:\Windows\System32\bGRKfgi.exe
  C:\Windows\System32\bGRKfgi.exe
  2⤵
  PID:4768
- C:\Windows\System32\vUeDkuy.exe
  C:\Windows\System32\vUeDkuy.exe
  2⤵
  PID:10744
- C:\Windows\System32\acGcvWj.exe
  C:\Windows\System32\acGcvWj.exe
  2⤵
  PID:10580
- C:\Windows\System32\vxADpDz.exe
  C:\Windows\System32\vxADpDz.exe
  2⤵
  PID:10932
- C:\Windows\System32\cHUbASt.exe
  C:\Windows\System32\cHUbASt.exe
  2⤵
  PID:11160
- C:\Windows\System32\XJnqLVP.exe
  C:\Windows\System32\XJnqLVP.exe
  2⤵
  PID:7740
- C:\Windows\System32\FxpKsoe.exe
  C:\Windows\System32\FxpKsoe.exe
  2⤵
  PID:7956
- C:\Windows\System32\eXLvRnR.exe
  C:\Windows\System32\eXLvRnR.exe
  2⤵
  PID:11080
- C:\Windows\System32\LcXrWOD.exe
  C:\Windows\System32\LcXrWOD.exe
  2⤵
  PID:11288
- C:\Windows\System32\uPFUXFl.exe
  C:\Windows\System32\uPFUXFl.exe
  2⤵
  PID:11304
- C:\Windows\System32\xTrLPXE.exe
  C:\Windows\System32\xTrLPXE.exe
  2⤵
  PID:11344
- C:\Windows\System32\HyKiSQO.exe
  C:\Windows\System32\HyKiSQO.exe
  2⤵
  PID:11372
- C:\Windows\System32\TpOkhlW.exe
  C:\Windows\System32\TpOkhlW.exe
  2⤵
  PID:11400
- C:\Windows\System32\AypfEKF.exe
  C:\Windows\System32\AypfEKF.exe
  2⤵
  PID:11428
- C:\Windows\System32\XTiUIDd.exe
  C:\Windows\System32\XTiUIDd.exe
  2⤵
  PID:11456
- C:\Windows\System32\lBGpDVA.exe
  C:\Windows\System32\lBGpDVA.exe
  2⤵
  PID:11484
- C:\Windows\System32\rYioZYZ.exe
  C:\Windows\System32\rYioZYZ.exe
  2⤵
  PID:11512
- C:\Windows\System32\UkQZdHB.exe
  C:\Windows\System32\UkQZdHB.exe
  2⤵
  PID:11540
- C:\Windows\System32\zQEyYrV.exe
  C:\Windows\System32\zQEyYrV.exe
  2⤵
  PID:11576
- C:\Windows\System32\mFzMqyQ.exe
  C:\Windows\System32\mFzMqyQ.exe
  2⤵
  PID:11624
- C:\Windows\System32\hqoItiA.exe
  C:\Windows\System32\hqoItiA.exe
  2⤵
  PID:11652
- C:\Windows\System32\XuapPiV.exe
  C:\Windows\System32\XuapPiV.exe
  2⤵
  PID:11680
- C:\Windows\System32\EOXntPM.exe
  C:\Windows\System32\EOXntPM.exe
  2⤵
  PID:11712
- C:\Windows\System32\OVSyPSl.exe
  C:\Windows\System32\OVSyPSl.exe
  2⤵
  PID:11740
- C:\Windows\System32\LXrFdWW.exe
  C:\Windows\System32\LXrFdWW.exe
  2⤵
  PID:11756
- C:\Windows\System32\dFgDeAy.exe
  C:\Windows\System32\dFgDeAy.exe
  2⤵
  PID:11800
- C:\Windows\System32\PbbdECS.exe
  C:\Windows\System32\PbbdECS.exe
  2⤵
  PID:11816
- C:\Windows\System32\ztSoTFM.exe
  C:\Windows\System32\ztSoTFM.exe
  2⤵
  PID:11856
- C:\Windows\System32\PivIzdg.exe
  C:\Windows\System32\PivIzdg.exe
  2⤵
  PID:11892
- C:\Windows\System32\uYHxTeT.exe
  C:\Windows\System32\uYHxTeT.exe
  2⤵
  PID:11920
- C:\Windows\System32\ZHBvBDa.exe
  C:\Windows\System32\ZHBvBDa.exe
  2⤵
  PID:11948
- C:\Windows\System32\hlvHscW.exe
  C:\Windows\System32\hlvHscW.exe
  2⤵
  PID:11988
- C:\Windows\System32\RhFrkaf.exe
  C:\Windows\System32\RhFrkaf.exe
  2⤵
  PID:12004
- C:\Windows\System32\nUJcevS.exe
  C:\Windows\System32\nUJcevS.exe
  2⤵
  PID:12032
- C:\Windows\System32\rVWBjED.exe
  C:\Windows\System32\rVWBjED.exe
  2⤵
  PID:12064
- C:\Windows\System32\EpzDvOs.exe
  C:\Windows\System32\EpzDvOs.exe
  2⤵
  PID:12092
- C:\Windows\System32\CqPKJJd.exe
  C:\Windows\System32\CqPKJJd.exe
  2⤵
  PID:12124
- C:\Windows\System32\TpihsKZ.exe
  C:\Windows\System32\TpihsKZ.exe
  2⤵
  PID:12152
- C:\Windows\System32\ISSXXDd.exe
  C:\Windows\System32\ISSXXDd.exe
  2⤵
  PID:12180
- C:\Windows\System32\dFtLghS.exe
  C:\Windows\System32\dFtLghS.exe
  2⤵
  PID:12208
- C:\Windows\System32\Oyrbmrb.exe
  C:\Windows\System32\Oyrbmrb.exe
  2⤵
  PID:12236
- C:\Windows\System32\EksHjev.exe
  C:\Windows\System32\EksHjev.exe
  2⤵
  PID:12268
- C:\Windows\System32\hqNZElb.exe
  C:\Windows\System32\hqNZElb.exe
  2⤵
  PID:11280
- C:\Windows\System32\WmNBqDU.exe
  C:\Windows\System32\WmNBqDU.exe
  2⤵
  PID:4348
- C:\Windows\System32\BouYqQT.exe
  C:\Windows\System32\BouYqQT.exe
  2⤵
  PID:11388
- C:\Windows\System32\SMNNdHo.exe
  C:\Windows\System32\SMNNdHo.exe
  2⤵
  PID:11452
- C:\Windows\System32\VJXQGbF.exe
  C:\Windows\System32\VJXQGbF.exe
  2⤵
  PID:11524
- C:\Windows\System32\Pjlzexo.exe
  C:\Windows\System32\Pjlzexo.exe
  2⤵
  PID:11616
- C:\Windows\System32\MjqUJgQ.exe
  C:\Windows\System32\MjqUJgQ.exe
  2⤵
  PID:11704
- C:\Windows\System32\gTHFPPk.exe
  C:\Windows\System32\gTHFPPk.exe
  2⤵
  PID:11772
- C:\Windows\System32\sqqGjiA.exe
  C:\Windows\System32\sqqGjiA.exe
  2⤵
  PID:11844
- C:\Windows\System32\ISRMYga.exe
  C:\Windows\System32\ISRMYga.exe
  2⤵
  PID:11912
- C:\Windows\System32\SASMxAg.exe
  C:\Windows\System32\SASMxAg.exe
  2⤵
  PID:11984
- C:\Windows\System32\yisYLuy.exe
  C:\Windows\System32\yisYLuy.exe
  2⤵
  PID:12052
- C:\Windows\System32\oqJoVFd.exe
  C:\Windows\System32\oqJoVFd.exe
  2⤵
  PID:12116
- C:\Windows\System32\wDathUt.exe
  C:\Windows\System32\wDathUt.exe
  2⤵
  PID:12200
- C:\Windows\System32\OINrVLW.exe
  C:\Windows\System32\OINrVLW.exe
  2⤵
  PID:12264
- C:\Windows\System32\gHVuwOb.exe
  C:\Windows\System32\gHVuwOb.exe
  2⤵
  PID:11356
- C:\Windows\System32\giKdtcN.exe
  C:\Windows\System32\giKdtcN.exe
  2⤵
  PID:11504
- C:\Windows\System32\rHBOgad.exe
  C:\Windows\System32\rHBOgad.exe
  2⤵
  PID:11676
- C:\Windows\System32\QmJmLcO.exe
  C:\Windows\System32\QmJmLcO.exe
  2⤵
  PID:11868
- C:\Windows\System32\CjCknfB.exe
  C:\Windows\System32\CjCknfB.exe
  2⤵
  PID:12024
- C:\Windows\System32\TFRokKo.exe
  C:\Windows\System32\TFRokKo.exe
  2⤵
  PID:12192
- C:\Windows\System32\FgrWKMt.exe
  C:\Windows\System32\FgrWKMt.exe
  2⤵
  PID:11416
- C:\Windows\System32\QrBQThv.exe
  C:\Windows\System32\QrBQThv.exe
  2⤵
  PID:11960
- C:\Windows\System32\OxXSAri.exe
  C:\Windows\System32\OxXSAri.exe
  2⤵
  PID:11840
- C:\Windows\System32\tBivvkW.exe
  C:\Windows\System32\tBivvkW.exe
  2⤵
  PID:12308
- C:\Windows\System32\fbmejZi.exe
  C:\Windows\System32\fbmejZi.exe
  2⤵
  PID:12336
- C:\Windows\System32\ZbGhwUh.exe
  C:\Windows\System32\ZbGhwUh.exe
  2⤵
  PID:12364
- C:\Windows\System32\QDfVdgs.exe
  C:\Windows\System32\QDfVdgs.exe
  2⤵
  PID:12392
- C:\Windows\System32\yDlqjEL.exe
  C:\Windows\System32\yDlqjEL.exe
  2⤵
  PID:12420
- C:\Windows\System32\MtwLjov.exe
  C:\Windows\System32\MtwLjov.exe
  2⤵
  PID:12448
- C:\Windows\System32\wSWPSaS.exe
  C:\Windows\System32\wSWPSaS.exe
  2⤵
  PID:12476
- C:\Windows\System32\IgmNSBT.exe
  C:\Windows\System32\IgmNSBT.exe
  2⤵
  PID:12504
- C:\Windows\System32\ztbByiA.exe
  C:\Windows\System32\ztbByiA.exe
  2⤵
  PID:12532
- C:\Windows\System32\oUFhELV.exe
  C:\Windows\System32\oUFhELV.exe
  2⤵
  PID:12548
- C:\Windows\System32\YgBcoxF.exe
  C:\Windows\System32\YgBcoxF.exe
  2⤵
  PID:12588
- C:\Windows\System32\jnYjGTj.exe
  C:\Windows\System32\jnYjGTj.exe
  2⤵
  PID:12612
- C:\Windows\System32\sxEnTqG.exe
  C:\Windows\System32\sxEnTqG.exe
  2⤵
  PID:12652
- C:\Windows\System32\VPNvAqO.exe
  C:\Windows\System32\VPNvAqO.exe
  2⤵
  PID:12676
- C:\Windows\System32\EXcaoIN.exe
  C:\Windows\System32\EXcaoIN.exe
  2⤵
  PID:12704
- C:\Windows\System32\KYotdrR.exe
  C:\Windows\System32\KYotdrR.exe
  2⤵
  PID:12732
- C:\Windows\System32\vRaKhcN.exe
  C:\Windows\System32\vRaKhcN.exe
  2⤵
  PID:12760
- C:\Windows\System32\xNePWxE.exe
  C:\Windows\System32\xNePWxE.exe
  2⤵
  PID:12788
- C:\Windows\System32\KuxBpnX.exe
  C:\Windows\System32\KuxBpnX.exe
  2⤵
  PID:12816
- C:\Windows\System32\TOwlxhZ.exe
  C:\Windows\System32\TOwlxhZ.exe
  2⤵
  PID:12844
- C:\Windows\System32\WdEaJUp.exe
  C:\Windows\System32\WdEaJUp.exe
  2⤵
  PID:12872
- C:\Windows\System32\piMPDhU.exe
  C:\Windows\System32\piMPDhU.exe
  2⤵
  PID:12900
- C:\Windows\System32\TlLXklT.exe
  C:\Windows\System32\TlLXklT.exe
  2⤵
  PID:12928
- C:\Windows\System32\EHqMLwi.exe
  C:\Windows\System32\EHqMLwi.exe
  2⤵
  PID:12956
- C:\Windows\System32\kCFlalA.exe
  C:\Windows\System32\kCFlalA.exe
  2⤵
  PID:12984
- C:\Windows\System32\HWgYpRh.exe
  C:\Windows\System32\HWgYpRh.exe
  2⤵
  PID:13012
- C:\Windows\System32\mkEZJrS.exe
  C:\Windows\System32\mkEZJrS.exe
  2⤵
  PID:13040
- C:\Windows\System32\MujsYfL.exe
  C:\Windows\System32\MujsYfL.exe
  2⤵
  PID:13068
- C:\Windows\System32\cOYCerE.exe
  C:\Windows\System32\cOYCerE.exe
  2⤵
  PID:13096
- C:\Windows\System32\gokwMhb.exe
  C:\Windows\System32\gokwMhb.exe
  2⤵
  PID:13124
- C:\Windows\System32\PEkjmxo.exe
  C:\Windows\System32\PEkjmxo.exe
  2⤵
  PID:13152
- C:\Windows\System32\eGBITqK.exe
  C:\Windows\System32\eGBITqK.exe
  2⤵
  PID:13180
- C:\Windows\System32\iradItq.exe
  C:\Windows\System32\iradItq.exe
  2⤵
  PID:13208
- C:\Windows\System32\jlhIoYM.exe
  C:\Windows\System32\jlhIoYM.exe
  2⤵
  PID:13236
- C:\Windows\System32\NVxorje.exe
  C:\Windows\System32\NVxorje.exe
  2⤵
  PID:13264
- C:\Windows\System32\YQljArP.exe
  C:\Windows\System32\YQljArP.exe
  2⤵
  PID:13292
- C:\Windows\System32\UQQQHZk.exe
  C:\Windows\System32\UQQQHZk.exe
  2⤵
  PID:12296
- C:\Windows\System32\wAiMsJZ.exe
  C:\Windows\System32\wAiMsJZ.exe
  2⤵
  PID:12352
- C:\Windows\System32\GXkOGsM.exe
  C:\Windows\System32\GXkOGsM.exe
  2⤵
  PID:12416
- C:\Windows\System32\evNHUuq.exe
  C:\Windows\System32\evNHUuq.exe
  2⤵
  PID:12544
- C:\Windows\System32\eUWCudp.exe
  C:\Windows\System32\eUWCudp.exe
  2⤵
  PID:12584
- C:\Windows\System32\XFnRcPq.exe
  C:\Windows\System32\XFnRcPq.exe
  2⤵
  PID:12624
- C:\Windows\System32\WTLxylm.exe
  C:\Windows\System32\WTLxylm.exe
  2⤵
  PID:12696
- C:\Windows\System32\wMBETNc.exe
  C:\Windows\System32\wMBETNc.exe
  2⤵
  PID:12756
- C:\Windows\System32\MFZJsCP.exe
  C:\Windows\System32\MFZJsCP.exe
  2⤵
  PID:12828
- C:\Windows\System32\iwiQTOC.exe
  C:\Windows\System32\iwiQTOC.exe
  2⤵
  PID:12888
- C:\Windows\System32\ZgowXcs.exe
  C:\Windows\System32\ZgowXcs.exe
  2⤵
  PID:12924
- C:\Windows\System32\KYVqEEz.exe
  C:\Windows\System32\KYVqEEz.exe
  2⤵
  PID:13036
- C:\Windows\System32\VgfVWxs.exe
  C:\Windows\System32\VgfVWxs.exe
  2⤵
  PID:13088
- C:\Windows\System32\AcNHPbo.exe
  C:\Windows\System32\AcNHPbo.exe
  2⤵
  PID:13148
- C:\Windows\System32\BvrAAMR.exe
  C:\Windows\System32\BvrAAMR.exe
  2⤵
  PID:13220
- C:\Windows\System32\efqBroW.exe
  C:\Windows\System32\efqBroW.exe
  2⤵
  PID:13280
- C:\Windows\System32\mmUxqLm.exe
  C:\Windows\System32\mmUxqLm.exe
  2⤵
  PID:12348

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:10168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BoFUjag.exe

Filesize
2.9MB

MD5
44d97970f9e69bb3a4fbecda5abd3cca

SHA1
149e4639374c112879bc37d524ac9ce9abec69b2

SHA256
baddc9f130d8d4da28651e0a8f28ba669838461f8796a465a816975581e9a80b

SHA512
2ba5615c8eac5a280c2f62b918f6653ff94f853c2a691960526c61684e41971ed8782958865e5c95b2d73d709f2896796f4f73387db296ac0e90954fa7821782

Download Submit
C:\Windows\System32\ESXXaBE.exe

Filesize
2.9MB

MD5
e496562a25bac4d8b0daccee5c6398e0

SHA1
978431da0f78280dc2f9b23bac3c659bd6d9aef2

SHA256
59a7897b5a1eada7739da32cac2e35400f562abbedeab7aa540bae6d02fbcb35

SHA512
8d5f043daf6db35986fee5e0a95421b1ace574ba170452295853e5aec14294fcaa8ffd1ec2f8ba1e244f673b049bced4619a0c8cb072c4d8281e2aa67ace887a

Download Submit
C:\Windows\System32\FPYNujp.exe

Filesize
2.9MB

MD5
0b0581b447d9eecff261ad5c275a33bb

SHA1
0e2ab2ab7bc55269e21063187a10ed0406c13fea

SHA256
c9dc5b680bef1244f2568cfd412a65ed76db5ad466570687d56c81799a284861

SHA512
5a6effe0f1d7ddb7c8b164387658bce43934692ed371ccf955d79c5fb0f91619269b1d445245f390636a23ba529a340343f0abf5df57d1764935c7cd4c4d2105

Download Submit
C:\Windows\System32\IQkzOSA.exe

Filesize
2.9MB

MD5
40ea42c1709e5d9ae48cf355694c3c43

SHA1
fc6ceeca882dc8ab1fb8f2f28925483a604203dd

SHA256
e21a2dabe358e76e00e8037dc12fa289c236e34e2f056fdb96a1304976bfd0fd

SHA512
29363c30ef3ee62f75cfae4c08f31e5fd68917418c67792e8f92237f7aeae5250306a1a3b7b584db005fdf604f6b05f6ed496eaabe1eb0fc75538e29096c3db9

Download Submit
C:\Windows\System32\IzfvYJs.exe

Filesize
2.9MB

MD5
e4ad31c30e6e2ef011079cfc83f18be8

SHA1
9a5c50aa4418c51c36d05672edffb2d8b482ab72

SHA256
9f86a17b5549b28c652cc444325cb776196768a2a78e618307e54279dcb90b15

SHA512
82817d062584aec89ecabde769889ea24d0351ded0b0266f36700d0f742cacba7a41029131da75d166601f4106d21c09cee40be2825ffe5a81dd2df76978b1ea

Download Submit
C:\Windows\System32\KATjQiB.exe

Filesize
2.9MB

MD5
92b06334b900d8f7021de71ca25480ad

SHA1
7ee270ae027a8b7e20dfa9d65f2d5e7ce40795e8

SHA256
34b5a016fac9dc366d915c0ae72ad494a3719ea003796cc6090dd3ec94fdfdbd

SHA512
a684250cc633e892939a3f454df0b725db27a5c21f33aff9d614745f2fd6ba564455134b1c18ce049deab473b6e0c48f9dfb778d8bef52f2f93b844e5b35227d

Download Submit
C:\Windows\System32\NctQYZx.exe

Filesize
2.9MB

MD5
1743a6d470e4377321176a927e9ea1ea

SHA1
bcdf854b3a2445c8f3245f2f0994f1f209b607c0

SHA256
9e8fd0ebb7e7e060ad96fd73cd1b6e208c4b584b4416bec96049315a1b989b0f

SHA512
136cf986b327efddbb57fbf038ac0680cde5dbf11de59211fa7d99b9532da2fb04249e842e1a9c507a8574ec3069dac852b708c0f231f56b8fa25072cc8160c7

Download Submit
C:\Windows\System32\NinCpeU.exe

Filesize
2.9MB

MD5
6101984e63f09dfcddf64788342fb5a2

SHA1
2e6986ca3b0b9d3b561ed73d6cb94cf6a86477b1

SHA256
97ff01f4c7fbac6c384705f98885e69e073ccc5c9aa74f8bdb02134b15dd5d59

SHA512
fe9e44e98c2640d0e1fc60849740bdb53e820a556bb4dec8b5c825ccdec164b56e72c5d3d40b5468e44ac736ea6d92dee0bbea8ca5247e2d88758c2c1176d106

Download Submit
C:\Windows\System32\PvGfMup.exe

Filesize
2.9MB

MD5
849d3a5e9e7c0dc23f9032644ce35db2

SHA1
5de8f4c46083d059fe2b56ce8572f8baf4041c63

SHA256
99648064139f753c4a1cf49a971e5a6a4c0f3a9715b64d9d319fe2ae21583262

SHA512
5c02f1072955d874fee4606b8b99c5dc3753b99ef9b092586d6b6aa71769b4745c7fce4134f58648cb56240fe52a2f9676994e8f885d38336a5b4da9343355d8

Download Submit
C:\Windows\System32\QLBiQZG.exe

Filesize
2.9MB

MD5
78770320c12dfe215650ad604cd9d5c5

SHA1
a345d483cbfa0eddf9bf6f648fd8ea44d8e79dd2

SHA256
8a1f3b73efd652860e1c42270bf5c49be9a3563ed7f116713e06a021fe18fb4e

SHA512
0bc338c84437d96e04273fa3799542fa0e75b51f1798cd24e2c7b4767ad47810a5480bee3ec764bc9c090f6fc1fc484d15f57900eb7b5e577bf1406a7abcb5f9

Download Submit
C:\Windows\System32\QrwJzZc.exe

Filesize
2.9MB

MD5
e064c767c752559baaa6d166339f81e2

SHA1
340f55c53889e28f2f332d66ba06de18e4f27043

SHA256
02513b9a6a23015e9d89177f5d73efd67280eaca10abb805bc689c3a1b5c3e0d

SHA512
fa60ee29b8d77e26370e18046fff376243c7bd2765f14b33552b84d833f5e270579219e22325de595b9549475dd752e6ec2d5c08515110f43b44918d58518826

Download Submit
C:\Windows\System32\SLKodZe.exe

Filesize
2.9MB

MD5
6adae5f60b5a6da62729a4c758fd1f6b

SHA1
3c3eca9fc3e732f6246fd29f8458fd7735f145b0

SHA256
6911d48d10c0855e79c9ca3b26bd0687b2612c2ab4d170fd8a92d40228d2a51b

SHA512
3d914256110e34fc03b490e05dbbc228d3293330bd5b9807a45f005ea3f245b16a1836559887a5f845d973aef3c690cefd6f672d9e549e35c6ba802bd9420828

Download Submit
C:\Windows\System32\UvkQWuD.exe

Filesize
2.9MB

MD5
c342fcc4bc5f9b8c8594ce7d7493f824

SHA1
ef4f19dcb81134e63dfa53be4483112e3b107335

SHA256
da7abc24e106c2aafcba55c75e2069508388df4c279a210dac919af8b6708d74

SHA512
21c1ede9cc2b39a5aeb515964da5765d1b41b67bf8a4e381029f538a89929dc7d6853fb9610d33b1cf0810100c30be25a02760717faa3b0b20aa1bdd944d982a

Download Submit
C:\Windows\System32\XFVljbB.exe

Filesize
2.9MB

MD5
e33fc6bff54d337501d74f394fbe1e22

SHA1
c208d0f21830b2adb90b3fb91d6703380ee3add2

SHA256
f1685ddfb92ea6313f17fef60f6f6e8bc47d1ca4785380fa3229f5745c298284

SHA512
f5bac1e8951cfbb4ae493ec9c3a9b7128ed0ca84c28517117843445ce24c598265ec8624cd63f918d6b8d3d3b4dccb517324f69a97c0ffa3fb7d20324378bdb5

Download Submit
C:\Windows\System32\XlgJnIA.exe

Filesize
2.9MB

MD5
4bf477a9be6e70a1a7dae044a8729ae3

SHA1
42a11352b1649adff583ac01b84f09fc5ceaf13f

SHA256
ec1a4b9eb9410e9104ca8bc81bbbe4cd0c3c278614af8a5de060b6fbbe5fd583

SHA512
223cf52babe69d833f91b8ee2586576d421aa98838cb0ee8d064d6db92a5cd576a4cb4b3ad875665c981c0d319a2b3e11575e9bc8cb2d5e65af7b36fb39b9c0f

Download Submit
C:\Windows\System32\YFworuB.exe

Filesize
2.9MB

MD5
a8bfc8b7622f1dbed0aeccc08df56501

SHA1
4b605bd101a0f6a05e00b7d626f54545296cda04

SHA256
bb83d213dcb08fc3318a19264053273f4a7847bdcd2535cd1d53cb264d3964b0

SHA512
7c96c5c83d809e51f8d55d60a689c1dd85bad832bdc86e7da0ec2252cda36c9ad4983cd42743309207c233f111236e1aef950cbd4853078aac49945796fb390b

Download Submit
C:\Windows\System32\ZRiqEiu.exe

Filesize
2.9MB

MD5
37607e54a6cfd82264c644e1443bcc28

SHA1
59e17db265bb0df43ec39a8d0888f35c345dde1a

SHA256
f87b943c16f7f28b29df351be787ea3cee353e0612608d8096be5fd5aca983bf

SHA512
146dabc2d413a42f2c34d807bd6b27c38cd05e13297a202ca031c16cd16cda8f7f919c22cf3172844cb2f7d3f994db5d5c4da5b9ea43edc9b8be26df49abcb63

Download Submit
C:\Windows\System32\bfgOCLN.exe

Filesize
2.9MB

MD5
9ae512b6efdd211e0f2f61f7a0dab6fe

SHA1
84dca846a02cbeaa65d009e019de53579ef56726

SHA256
d5e6120770d92600f20eee21d1f2210b5f02494bcbceca0f1e0b572cb5609dfb

SHA512
5358f668cfe850f3851f379dd47855d3486d2ea2b3fea2689a342063e05db858dc22f308bc05007893ef72062ae37c708a70c395c2b56adc80827a5befef6cb7

Download Submit
C:\Windows\System32\cvsUgRo.exe

Filesize
2.9MB

MD5
04394bbcfa528fdeab01ebad246032a3

SHA1
8a021a62ad5e6669b23e21256456bc22445d4728

SHA256
6ef1daf237d5b9c8d5ab24135ac60dfd9a04215dfeff8d5f1721faf8ac8066ab

SHA512
5a352abb9d18a48bea5f9e2368d685e52b1d2725a1670f2b8d119ca164233c112718166066417e7470fd1f21841956b693d585126c60c69a1c80ebba72363abd

Download Submit
C:\Windows\System32\hTCzOLq.exe

Filesize
2.9MB

MD5
7f012c231e45add25088db3f98e86fff

SHA1
f2158640bba107dedd5ca8d545b0f57f9bd8f343

SHA256
a44d4f201c6f34efaf6d96c2167517f868247f223b54346c953d46890e98afad

SHA512
f5f38b907fcad464cdd2401de3d69db8fa5ae53abcdb95bd13c5e4bdd23e1e4aef257f82a76e09cb503b0c022d776a56df0b72d2dca9b18412278fedf22653a9

Download Submit
C:\Windows\System32\iZHzwRN.exe

Filesize
2.9MB

MD5
b0413e8a2abe37c2b89f90c38a85a4f7

SHA1
2334c7b0b42313656f5c37bca5b9dd218664c23c

SHA256
f9d1a7493bba9c772d95f4318410392ce10493ea497ce3a15c17bac3119d10ae

SHA512
c8ce51f72d48bf26587fcfa7d2a1c29a8f8a302c67bd9d5c37198521a5864173f30b8693d83e8d412874dae69d6d783041dd0ca9afd84d29a7b799a1a4c2dde5

Download Submit
C:\Windows\System32\jAewmLI.exe

Filesize
2.9MB

MD5
68e44ed759b137c6bfb8280da61783e9

SHA1
cfd1a8d9178e9b097bfebb2b14700ae4cb970236

SHA256
329fdc5585a0dde87021a92ade4646078272e38c5276efef0a476297e84484f0

SHA512
a84ed6e78a92ca1f6e79ed22ba02847b56523a09aa24b5e928e37520ad559f1f0af5a00ea890b31bf530b22f94faa6c3def6734b7d4324f2ddd8d58325694d79

Download Submit
C:\Windows\System32\ldPULwk.exe

Filesize
2.9MB

MD5
2c8e809c9c46600078fe45a00549c790

SHA1
88d2cef40de8d9ac1bd8179aa107e9b092b3e62b

SHA256
8169709d7501871781418b3115e56496e02b89611bd91cc8eae36c484313db3c

SHA512
d67778f6ec936074bd0d2a4daa757e87f5612052646953519e1f3314a7703bbfff0396280e0fe5bce234b5e18ead9fc97dd02b17d41cd1a48d83c94ac1794213

Download Submit
C:\Windows\System32\lqhmFpV.exe

Filesize
2.9MB

MD5
1f3d95ef5c9a938ee0eaad637f8b5959

SHA1
5237af8c2792f7566ee1bb96fbbbb5f401a54de0

SHA256
727753f956be736935b349944afcc538943485c73279521bb1279bd73ba7fa24

SHA512
5c3172001664fe340d26e2382f94cfd506b337d7ba898fa1fd76be0a5986374f4da276604388feeb3af511894e1ad4b2818014037211a705e8766bfaa0359091

Download Submit
C:\Windows\System32\mGLTEfD.exe

Filesize
2.9MB

MD5
6856dfa632592baf3394f622d5b86670

SHA1
738175deced8b86919cf5cba76ecd68e78481ed1

SHA256
4596acda42d330be8dcff7b401a4512424aa3114ed17e5be518dab5777545db8

SHA512
9d18c8e2e04fcc374d196ed86770d7476496ba284c5c22122f7c1fa24c875b6eae02388479dbae6ea88cb821c7f67fe4640be25b94b84311ff72bed064b3de31

Download Submit
C:\Windows\System32\mYNqQjE.exe

Filesize
2.9MB

MD5
d4d290c4c82fa224c66af925f1398d76

SHA1
ad40a3807423d30a29d137917124abe295dd4a23

SHA256
fa71a5c3cde2d26c425e8f1f6b9aebf24d603959105a3e40bc8e05b2db4472bb

SHA512
1893935c07ff8e65dd7a04af2b8ce4a8559a88f7136ddf8bd17af6dcc3c3f71f2867b1c551b3d3388005b41f6bfde0be7433ac6e6705e830f75ebed8d286b277

Download Submit
C:\Windows\System32\ozvrhjl.exe

Filesize
2.9MB

MD5
597f8cf7ec9eed38d16405d9c3a4848c

SHA1
82b9d3cd6649cd30357ec3c7814c55fc43505a43

SHA256
78942e1b8c729fe5927080d28a361a014a5bc7fb8c216f4e53cfca35ed217131

SHA512
aa8049ba6b66667bd356af6507e0c787e3a4916376d0f30c01a70d1a8ba419769aad6cd7c2120a038f3b2eafaff9533f3492c14f0d256ac9568404233eec1c82

Download Submit
C:\Windows\System32\pXJQDVy.exe

Filesize
2.9MB

MD5
7e111d3ab5f91ed963ee24852c024a68

SHA1
160f1c96aa9e4910f36590bdf6bdf9a43a83de97

SHA256
b7aca283bcfb1601001330397deb8f2d865ebe21799f67980ae151a1dbcba273

SHA512
82df0031932ce95da9c5ee00f96e54516e670f41d02a57f82e5c4882afde440e3321fb81589256f542c5e2615be748b41025bfbbb9ec833901f1c853fd6867cf

Download Submit
C:\Windows\System32\vBfKqmk.exe

Filesize
2.9MB

MD5
5c507b465bb803bb336e2a5eb9cb9bc6

SHA1
d9252f1c7d66e1b7880872c97367bed2c006317b

SHA256
6939fa7abcaa59a0e54a3685320051d249a3ce9c1d6120f4aae8471265c1a516

SHA512
1aee649d66242270cb8b05757b70edb7712cdb8bfb67ba57b3232b337ab29b49e32d1ed1f189ce8cc0ec0a7594a0e0d45d4cb6d99bebfbb73d2029160a274714

Download Submit
C:\Windows\System32\vZTwDcW.exe

Filesize
2.9MB

MD5
298834e958ef0d0342a862d333a6e9f2

SHA1
5a24a5b3ece553d001c9ba8b290cef82472fe6f3

SHA256
63787e9ec48d59c1bb3c3760d1cac8f5c37e35d7406484b0c23b0cb88d8dfbd1

SHA512
c52139fb9beff582cb7a861c8f5a20d15e7791841c255f85733b0b80bd85d74bd7fd18fa6798f07b2af128d70cb2cd4d707fc85c76e92d9fc4069afa139cd883

Download Submit
C:\Windows\System32\yFHVcrw.exe

Filesize
2.9MB

MD5
ae78dc01253e05a5096d40553bf755bd

SHA1
a3e12edd8396c0a982b2a50a8132d927176c9254

SHA256
7c846c6dce5137c187602f244cfbdc6240ccc235ccf630a017cbd6e765d9783a

SHA512
d5ca4cb9ce454b204a63313df39e99bc025d9859886c0fdbb419594e923f0cd9497aace57ad8ea2e8553583f84e587b1657e2e9af1d0d061f1c2d3c2326a7cb2

Download Submit
C:\Windows\System32\zQlfJfV.exe

Filesize
2.9MB

MD5
30a8dee63dddec4d9960396975cd937f

SHA1
23259891b6933b0c50768b092c61c09e47da3ea1

SHA256
3b9e99a922b96c68206a9d2c386b7f3c0be3d6c1493f5843e87a4445d64f2a08

SHA512
67a28e75a34239df9c3a6eb9a40ba74ffbd668a4643c66039bfc01fcfc245b6eb9d35ffb8ef799dc716f948c5841ebd15193f48ec8e87d80b1d900d212001e6b

Download Submit
memory/1128-858-0x00007FF73A1C0000-0x00007FF73A5B5000-memory.dmp

Filesize
4.0MB

Download
memory/1128-1934-0x00007FF73A1C0000-0x00007FF73A5B5000-memory.dmp

Filesize
4.0MB

Download
memory/1196-1947-0x00007FF64AC60000-0x00007FF64B055000-memory.dmp

Filesize
4.0MB

Download
memory/1196-902-0x00007FF64AC60000-0x00007FF64B055000-memory.dmp

Filesize
4.0MB

Download
memory/1348-1937-0x00007FF782420000-0x00007FF782815000-memory.dmp

Filesize
4.0MB

Download
memory/1348-884-0x00007FF782420000-0x00007FF782815000-memory.dmp

Filesize
4.0MB

Download
memory/1936-1943-0x00007FF67BF00000-0x00007FF67C2F5000-memory.dmp

Filesize
4.0MB

Download
memory/1936-889-0x00007FF67BF00000-0x00007FF67C2F5000-memory.dmp

Filesize
4.0MB

Download
memory/1968-1936-0x00007FF636350000-0x00007FF636745000-memory.dmp

Filesize
4.0MB

Download
memory/1968-886-0x00007FF636350000-0x00007FF636745000-memory.dmp

Filesize
4.0MB

Download
memory/2208-881-0x00007FF656670000-0x00007FF656A65000-memory.dmp

Filesize
4.0MB

Download
memory/2208-1938-0x00007FF656670000-0x00007FF656A65000-memory.dmp

Filesize
4.0MB

Download
memory/2564-15-0x00007FF6EE830000-0x00007FF6EEC25000-memory.dmp

Filesize
4.0MB

Download
memory/2564-1930-0x00007FF6EE830000-0x00007FF6EEC25000-memory.dmp

Filesize
4.0MB

Download
memory/2760-893-0x00007FF6BFF10000-0x00007FF6C0305000-memory.dmp

Filesize
4.0MB

Download
memory/2760-1948-0x00007FF6BFF10000-0x00007FF6C0305000-memory.dmp

Filesize
4.0MB

Download
memory/3524-904-0x00007FF624AA0000-0x00007FF624E95000-memory.dmp

Filesize
4.0MB

Download
memory/3524-1951-0x00007FF624AA0000-0x00007FF624E95000-memory.dmp

Filesize
4.0MB

Download
memory/3528-1949-0x00007FF7E9C10000-0x00007FF7EA005000-memory.dmp

Filesize
4.0MB

Download
memory/3528-908-0x00007FF7E9C10000-0x00007FF7EA005000-memory.dmp

Filesize
4.0MB

Download
memory/3544-865-0x00007FF6653E0000-0x00007FF6657D5000-memory.dmp

Filesize
4.0MB

Download
memory/3544-1935-0x00007FF6653E0000-0x00007FF6657D5000-memory.dmp

Filesize
4.0MB

Download
memory/3552-899-0x00007FF72EBC0000-0x00007FF72EFB5000-memory.dmp

Filesize
4.0MB

Download
memory/3552-1945-0x00007FF72EBC0000-0x00007FF72EFB5000-memory.dmp

Filesize
4.0MB

Download
memory/3652-1-0x00000268E7B10000-0x00000268E7B20000-memory.dmp

Filesize
64KB

Download
memory/3652-1927-0x00007FF70EF50000-0x00007FF70F345000-memory.dmp

Filesize
4.0MB

Download
memory/3652-0-0x00007FF70EF50000-0x00007FF70F345000-memory.dmp

Filesize
4.0MB

Download
memory/3744-1928-0x00007FF627C60000-0x00007FF628055000-memory.dmp

Filesize
4.0MB

Download
memory/3744-1929-0x00007FF627C60000-0x00007FF628055000-memory.dmp

Filesize
4.0MB

Download
memory/3744-13-0x00007FF627C60000-0x00007FF628055000-memory.dmp

Filesize
4.0MB

Download
memory/3808-1941-0x00007FF679A70000-0x00007FF679E65000-memory.dmp

Filesize
4.0MB

Download
memory/3808-887-0x00007FF679A70000-0x00007FF679E65000-memory.dmp

Filesize
4.0MB

Download
memory/3924-900-0x00007FF61C030000-0x00007FF61C425000-memory.dmp

Filesize
4.0MB

Download
memory/3924-1950-0x00007FF61C030000-0x00007FF61C425000-memory.dmp

Filesize
4.0MB

Download
memory/4028-1939-0x00007FF6A44F0000-0x00007FF6A48E5000-memory.dmp

Filesize
4.0MB

Download
memory/4028-901-0x00007FF6A44F0000-0x00007FF6A48E5000-memory.dmp

Filesize
4.0MB

Download
memory/4080-903-0x00007FF7A0F30000-0x00007FF7A1325000-memory.dmp

Filesize
4.0MB

Download
memory/4080-1944-0x00007FF7A0F30000-0x00007FF7A1325000-memory.dmp

Filesize
4.0MB

Download
memory/4636-888-0x00007FF7C7020000-0x00007FF7C7415000-memory.dmp

Filesize
4.0MB

Download
memory/4636-1942-0x00007FF7C7020000-0x00007FF7C7415000-memory.dmp

Filesize
4.0MB

Download
memory/4688-1931-0x00007FF625670000-0x00007FF625A65000-memory.dmp

Filesize
4.0MB

Download
memory/4688-871-0x00007FF625670000-0x00007FF625A65000-memory.dmp

Filesize
4.0MB

Download
memory/4696-1933-0x00007FF72F4F0000-0x00007FF72F8E5000-memory.dmp

Filesize
4.0MB

Download
memory/4696-851-0x00007FF72F4F0000-0x00007FF72F8E5000-memory.dmp

Filesize
4.0MB

Download
memory/4920-1932-0x00007FF634610000-0x00007FF634A05000-memory.dmp

Filesize
4.0MB

Download
memory/4920-878-0x00007FF634610000-0x00007FF634A05000-memory.dmp

Filesize
4.0MB

Download
memory/4992-1952-0x00007FF602300000-0x00007FF6026F5000-memory.dmp

Filesize
4.0MB

Download
memory/4992-905-0x00007FF602300000-0x00007FF6026F5000-memory.dmp

Filesize
4.0MB

Download
memory/5028-1940-0x00007FF718EE0000-0x00007FF7192D5000-memory.dmp

Filesize
4.0MB

Download
memory/5028-890-0x00007FF718EE0000-0x00007FF7192D5000-memory.dmp

Filesize
4.0MB

Download
memory/5044-1946-0x00007FF6078E0000-0x00007FF607CD5000-memory.dmp

Filesize
4.0MB

Download
memory/5044-894-0x00007FF6078E0000-0x00007FF607CD5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads