xmrig | 26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 19:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
Size

1.5MB
MD5

299f8fd7e5989c6b6abbeba7cf0aed92
SHA1

c08550ffa10bb57daf31973b023ae1ce7e1c254b
SHA256

26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009
SHA512

a08ae1864def9e2813f21538cf038e3e32a7b2ef1c08f2b2b56ccdf51789191d400e3e92551d5ba83bb51a331f9448bfc3dc2cd29fc0d30f54038f7d09b3075c
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5Pbcq92zMWQ59U4Wyjxan7fE7:knw9oUUEEDl37jcq4QJ7tl7

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2196-0-0x00007FF6A72D0000-0x00007FF6A76C1000-memory.dmp	UPX
behavioral2/files/0x000800000002351f-5.dat	UPX
behavioral2/files/0x0007000000023523-9.dat	UPX
behavioral2/files/0x0007000000023524-7.dat	UPX
behavioral2/memory/1188-10-0x00007FF60AC20000-0x00007FF60B011000-memory.dmp	UPX
behavioral2/files/0x0007000000023526-28.dat	UPX
behavioral2/files/0x0007000000023527-35.dat	UPX
behavioral2/files/0x0007000000023529-45.dat	UPX
behavioral2/files/0x000700000002352a-50.dat	UPX
behavioral2/files/0x000700000002352b-55.dat	UPX
behavioral2/files/0x000700000002352c-60.dat	UPX
behavioral2/files/0x000700000002352d-65.dat	UPX
behavioral2/files/0x0007000000023530-80.dat	UPX
behavioral2/files/0x0007000000023535-105.dat	UPX
behavioral2/files/0x0007000000023537-115.dat	UPX
behavioral2/files/0x0007000000023539-125.dat	UPX
behavioral2/files/0x0007000000023541-165.dat	UPX
behavioral2/files/0x0007000000023540-163.dat	UPX
behavioral2/files/0x000700000002353f-155.dat	UPX
behavioral2/files/0x000700000002353e-150.dat	UPX
behavioral2/files/0x000700000002353d-145.dat	UPX
behavioral2/files/0x000700000002353c-140.dat	UPX
behavioral2/files/0x000700000002353b-135.dat	UPX
behavioral2/files/0x000700000002353a-130.dat	UPX
behavioral2/files/0x0007000000023538-120.dat	UPX
behavioral2/files/0x0007000000023536-110.dat	UPX
behavioral2/files/0x0007000000023534-100.dat	UPX
behavioral2/files/0x0007000000023533-95.dat	UPX
behavioral2/files/0x0007000000023532-90.dat	UPX
behavioral2/files/0x0007000000023531-85.dat	UPX
behavioral2/files/0x000700000002352f-75.dat	UPX
behavioral2/files/0x000700000002352e-70.dat	UPX
behavioral2/files/0x0007000000023528-40.dat	UPX
behavioral2/memory/3664-27-0x00007FF609C80000-0x00007FF60A071000-memory.dmp	UPX
behavioral2/memory/2836-24-0x00007FF78DC30000-0x00007FF78E021000-memory.dmp	UPX
behavioral2/files/0x0007000000023525-23.dat	UPX
behavioral2/memory/1020-11-0x00007FF616A10000-0x00007FF616E01000-memory.dmp	UPX
behavioral2/memory/3688-421-0x00007FF642F50000-0x00007FF643341000-memory.dmp	UPX
behavioral2/memory/4488-422-0x00007FF7E60E0000-0x00007FF7E64D1000-memory.dmp	UPX
behavioral2/memory/1176-424-0x00007FF613320000-0x00007FF613711000-memory.dmp	UPX
behavioral2/memory/3604-425-0x00007FF6F4380000-0x00007FF6F4771000-memory.dmp	UPX
behavioral2/memory/1584-426-0x00007FF7F8480000-0x00007FF7F8871000-memory.dmp	UPX
behavioral2/memory/1064-427-0x00007FF756F70000-0x00007FF757361000-memory.dmp	UPX
behavioral2/memory/1572-428-0x00007FF75A800000-0x00007FF75ABF1000-memory.dmp	UPX
behavioral2/memory/5032-429-0x00007FF7D4E50000-0x00007FF7D5241000-memory.dmp	UPX
behavioral2/memory/4496-423-0x00007FF622E40000-0x00007FF623231000-memory.dmp	UPX
behavioral2/memory/1500-430-0x00007FF6FC210000-0x00007FF6FC601000-memory.dmp	UPX
behavioral2/memory/4548-438-0x00007FF78AB50000-0x00007FF78AF41000-memory.dmp	UPX
behavioral2/memory/3424-455-0x00007FF6F2A70000-0x00007FF6F2E61000-memory.dmp	UPX
behavioral2/memory/2388-441-0x00007FF7E0CE0000-0x00007FF7E10D1000-memory.dmp	UPX
behavioral2/memory/2036-467-0x00007FF60ABA0000-0x00007FF60AF91000-memory.dmp	UPX
behavioral2/memory/3952-480-0x00007FF7C0E40000-0x00007FF7C1231000-memory.dmp	UPX
behavioral2/memory/880-490-0x00007FF6A73C0000-0x00007FF6A77B1000-memory.dmp	UPX
behavioral2/memory/3956-483-0x00007FF68D660000-0x00007FF68DA51000-memory.dmp	UPX
behavioral2/memory/1916-460-0x00007FF61B380000-0x00007FF61B771000-memory.dmp	UPX
behavioral2/memory/2052-434-0x00007FF6F2AA0000-0x00007FF6F2E91000-memory.dmp	UPX
behavioral2/memory/3540-433-0x00007FF759D30000-0x00007FF75A121000-memory.dmp	UPX
behavioral2/memory/1020-1962-0x00007FF616A10000-0x00007FF616E01000-memory.dmp	UPX
behavioral2/memory/1188-1968-0x00007FF60AC20000-0x00007FF60B011000-memory.dmp	UPX
behavioral2/memory/2836-1970-0x00007FF78DC30000-0x00007FF78E021000-memory.dmp	UPX
behavioral2/memory/1020-1972-0x00007FF616A10000-0x00007FF616E01000-memory.dmp	UPX
behavioral2/memory/3664-1974-0x00007FF609C80000-0x00007FF60A071000-memory.dmp	UPX
behavioral2/memory/1176-1982-0x00007FF613320000-0x00007FF613711000-memory.dmp	UPX
behavioral2/memory/4488-1984-0x00007FF7E60E0000-0x00007FF7E64D1000-memory.dmp	UPX

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/3664-27-0x00007FF609C80000-0x00007FF60A071000-memory.dmp	xmrig
behavioral2/memory/2836-24-0x00007FF78DC30000-0x00007FF78E021000-memory.dmp	xmrig
behavioral2/memory/3688-421-0x00007FF642F50000-0x00007FF643341000-memory.dmp	xmrig
behavioral2/memory/4488-422-0x00007FF7E60E0000-0x00007FF7E64D1000-memory.dmp	xmrig
behavioral2/memory/1176-424-0x00007FF613320000-0x00007FF613711000-memory.dmp	xmrig
behavioral2/memory/3604-425-0x00007FF6F4380000-0x00007FF6F4771000-memory.dmp	xmrig
behavioral2/memory/1584-426-0x00007FF7F8480000-0x00007FF7F8871000-memory.dmp	xmrig
behavioral2/memory/1064-427-0x00007FF756F70000-0x00007FF757361000-memory.dmp	xmrig
behavioral2/memory/1572-428-0x00007FF75A800000-0x00007FF75ABF1000-memory.dmp	xmrig
behavioral2/memory/5032-429-0x00007FF7D4E50000-0x00007FF7D5241000-memory.dmp	xmrig
behavioral2/memory/4496-423-0x00007FF622E40000-0x00007FF623231000-memory.dmp	xmrig
behavioral2/memory/1500-430-0x00007FF6FC210000-0x00007FF6FC601000-memory.dmp	xmrig
behavioral2/memory/4548-438-0x00007FF78AB50000-0x00007FF78AF41000-memory.dmp	xmrig
behavioral2/memory/3424-455-0x00007FF6F2A70000-0x00007FF6F2E61000-memory.dmp	xmrig
behavioral2/memory/2388-441-0x00007FF7E0CE0000-0x00007FF7E10D1000-memory.dmp	xmrig
behavioral2/memory/2036-467-0x00007FF60ABA0000-0x00007FF60AF91000-memory.dmp	xmrig
behavioral2/memory/3952-480-0x00007FF7C0E40000-0x00007FF7C1231000-memory.dmp	xmrig
behavioral2/memory/880-490-0x00007FF6A73C0000-0x00007FF6A77B1000-memory.dmp	xmrig
behavioral2/memory/3956-483-0x00007FF68D660000-0x00007FF68DA51000-memory.dmp	xmrig
behavioral2/memory/1916-460-0x00007FF61B380000-0x00007FF61B771000-memory.dmp	xmrig
behavioral2/memory/2052-434-0x00007FF6F2AA0000-0x00007FF6F2E91000-memory.dmp	xmrig
behavioral2/memory/3540-433-0x00007FF759D30000-0x00007FF75A121000-memory.dmp	xmrig
behavioral2/memory/1020-1962-0x00007FF616A10000-0x00007FF616E01000-memory.dmp	xmrig
behavioral2/memory/1188-1968-0x00007FF60AC20000-0x00007FF60B011000-memory.dmp	xmrig
behavioral2/memory/2836-1970-0x00007FF78DC30000-0x00007FF78E021000-memory.dmp	xmrig
behavioral2/memory/1020-1972-0x00007FF616A10000-0x00007FF616E01000-memory.dmp	xmrig
behavioral2/memory/3664-1974-0x00007FF609C80000-0x00007FF60A071000-memory.dmp	xmrig
behavioral2/memory/1176-1982-0x00007FF613320000-0x00007FF613711000-memory.dmp	xmrig
behavioral2/memory/4488-1984-0x00007FF7E60E0000-0x00007FF7E64D1000-memory.dmp	xmrig
behavioral2/memory/3604-1986-0x00007FF6F4380000-0x00007FF6F4771000-memory.dmp	xmrig
behavioral2/memory/4496-1980-0x00007FF622E40000-0x00007FF623231000-memory.dmp	xmrig
behavioral2/memory/3688-1978-0x00007FF642F50000-0x00007FF643341000-memory.dmp	xmrig
behavioral2/memory/880-1976-0x00007FF6A73C0000-0x00007FF6A77B1000-memory.dmp	xmrig
behavioral2/memory/1572-2009-0x00007FF75A800000-0x00007FF75ABF1000-memory.dmp	xmrig
behavioral2/memory/5032-2007-0x00007FF7D4E50000-0x00007FF7D5241000-memory.dmp	xmrig
behavioral2/memory/1500-1992-0x00007FF6FC210000-0x00007FF6FC601000-memory.dmp	xmrig
behavioral2/memory/2052-1990-0x00007FF6F2AA0000-0x00007FF6F2E91000-memory.dmp	xmrig
behavioral2/memory/1916-2024-0x00007FF61B380000-0x00007FF61B771000-memory.dmp	xmrig
behavioral2/memory/3424-2022-0x00007FF6F2A70000-0x00007FF6F2E61000-memory.dmp	xmrig
behavioral2/memory/3956-2018-0x00007FF68D660000-0x00007FF68DA51000-memory.dmp	xmrig
behavioral2/memory/2036-2016-0x00007FF60ABA0000-0x00007FF60AF91000-memory.dmp	xmrig
behavioral2/memory/1064-2005-0x00007FF756F70000-0x00007FF757361000-memory.dmp	xmrig
behavioral2/memory/2388-2003-0x00007FF7E0CE0000-0x00007FF7E10D1000-memory.dmp	xmrig
behavioral2/memory/4548-2001-0x00007FF78AB50000-0x00007FF78AF41000-memory.dmp	xmrig
behavioral2/memory/3952-2014-0x00007FF7C0E40000-0x00007FF7C1231000-memory.dmp	xmrig
behavioral2/memory/3540-1994-0x00007FF759D30000-0x00007FF75A121000-memory.dmp	xmrig
behavioral2/memory/1584-1988-0x00007FF7F8480000-0x00007FF7F8871000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1188	XlVJgxS.exe
1020	BgXMDAT.exe
2836	VWXoUJS.exe
3664	HcGQcZh.exe
880	PgDOjYz.exe
3688	UlgJroe.exe
4488	OujcOOJ.exe
4496	hTBuTVr.exe
1176	LpxytbC.exe
3604	IHbMawC.exe
1584	ZxAaLvC.exe
1064	VRIPoGO.exe
1572	NbPolYA.exe
5032	WrOAOdn.exe
1500	HQrarcC.exe
3540	rEqviij.exe
2052	ffPulHD.exe
4548	UsICYTD.exe
2388	fOZJjbU.exe
3424	DDkTTDT.exe
1916	zJOTVsH.exe
2036	HwjoAcH.exe
3952	ljGijiT.exe
3956	XHGViDN.exe
4288	KEXjnWL.exe
4744	TSotSut.exe
5028	MIMKIRe.exe
4352	eeqPlJW.exe
2020	dEgBRiV.exe
4308	gwkddlo.exe
1988	FIqEtPk.exe
4680	DSRZCAP.exe
4348	YELpahl.exe
4324	XmVpwKu.exe
2476	jAOgYoP.exe
2556	TBjCFOR.exe
1620	qeAguFb.exe
1408	eKrLdJM.exe
4124	NHOcCaM.exe
2376	zCxGpli.exe
3944	tQoJjNy.exe
2868	Fazjkye.exe
4864	rTwlqJb.exe
2008	lKtGuCy.exe
2804	udrkJhF.exe
3536	eDtzOlq.exe
3216	jVeJlBi.exe
2072	CYxbqaL.exe
4656	YDivPLr.exe
2604	dNoREXR.exe
3400	hSjdDRG.exe
1684	njDQMQt.exe
1052	IDYQWsR.exe
4936	EfGTRwD.exe
5136	HgbzfEF.exe
5160	MuRIKUY.exe
5184	ZZawygQ.exe
5212	hihntHm.exe
5236	bKZvrOJ.exe
5276	kMeArin.exe
5304	StOPzYK.exe
5324	lsAExjd.exe
5360	ECJgZWx.exe
5376	QvNBIWJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2196-0-0x00007FF6A72D0000-0x00007FF6A76C1000-memory.dmp	upx
behavioral2/files/0x000800000002351f-5.dat	upx
behavioral2/files/0x0007000000023523-9.dat	upx
behavioral2/files/0x0007000000023524-7.dat	upx
behavioral2/memory/1188-10-0x00007FF60AC20000-0x00007FF60B011000-memory.dmp	upx
behavioral2/files/0x0007000000023526-28.dat	upx
behavioral2/files/0x0007000000023527-35.dat	upx
behavioral2/files/0x0007000000023529-45.dat	upx
behavioral2/files/0x000700000002352a-50.dat	upx
behavioral2/files/0x000700000002352b-55.dat	upx
behavioral2/files/0x000700000002352c-60.dat	upx
behavioral2/files/0x000700000002352d-65.dat	upx
behavioral2/files/0x0007000000023530-80.dat	upx
behavioral2/files/0x0007000000023535-105.dat	upx
behavioral2/files/0x0007000000023537-115.dat	upx
behavioral2/files/0x0007000000023539-125.dat	upx
behavioral2/files/0x0007000000023541-165.dat	upx
behavioral2/files/0x0007000000023540-163.dat	upx
behavioral2/files/0x000700000002353f-155.dat	upx
behavioral2/files/0x000700000002353e-150.dat	upx
behavioral2/files/0x000700000002353d-145.dat	upx
behavioral2/files/0x000700000002353c-140.dat	upx
behavioral2/files/0x000700000002353b-135.dat	upx
behavioral2/files/0x000700000002353a-130.dat	upx
behavioral2/files/0x0007000000023538-120.dat	upx
behavioral2/files/0x0007000000023536-110.dat	upx
behavioral2/files/0x0007000000023534-100.dat	upx
behavioral2/files/0x0007000000023533-95.dat	upx
behavioral2/files/0x0007000000023532-90.dat	upx
behavioral2/files/0x0007000000023531-85.dat	upx
behavioral2/files/0x000700000002352f-75.dat	upx
behavioral2/files/0x000700000002352e-70.dat	upx
behavioral2/files/0x0007000000023528-40.dat	upx
behavioral2/memory/3664-27-0x00007FF609C80000-0x00007FF60A071000-memory.dmp	upx
behavioral2/memory/2836-24-0x00007FF78DC30000-0x00007FF78E021000-memory.dmp	upx
behavioral2/files/0x0007000000023525-23.dat	upx
behavioral2/memory/1020-11-0x00007FF616A10000-0x00007FF616E01000-memory.dmp	upx
behavioral2/memory/3688-421-0x00007FF642F50000-0x00007FF643341000-memory.dmp	upx
behavioral2/memory/4488-422-0x00007FF7E60E0000-0x00007FF7E64D1000-memory.dmp	upx
behavioral2/memory/1176-424-0x00007FF613320000-0x00007FF613711000-memory.dmp	upx
behavioral2/memory/3604-425-0x00007FF6F4380000-0x00007FF6F4771000-memory.dmp	upx
behavioral2/memory/1584-426-0x00007FF7F8480000-0x00007FF7F8871000-memory.dmp	upx
behavioral2/memory/1064-427-0x00007FF756F70000-0x00007FF757361000-memory.dmp	upx
behavioral2/memory/1572-428-0x00007FF75A800000-0x00007FF75ABF1000-memory.dmp	upx
behavioral2/memory/5032-429-0x00007FF7D4E50000-0x00007FF7D5241000-memory.dmp	upx
behavioral2/memory/4496-423-0x00007FF622E40000-0x00007FF623231000-memory.dmp	upx
behavioral2/memory/1500-430-0x00007FF6FC210000-0x00007FF6FC601000-memory.dmp	upx
behavioral2/memory/4548-438-0x00007FF78AB50000-0x00007FF78AF41000-memory.dmp	upx
behavioral2/memory/3424-455-0x00007FF6F2A70000-0x00007FF6F2E61000-memory.dmp	upx
behavioral2/memory/2388-441-0x00007FF7E0CE0000-0x00007FF7E10D1000-memory.dmp	upx
behavioral2/memory/2036-467-0x00007FF60ABA0000-0x00007FF60AF91000-memory.dmp	upx
behavioral2/memory/3952-480-0x00007FF7C0E40000-0x00007FF7C1231000-memory.dmp	upx
behavioral2/memory/880-490-0x00007FF6A73C0000-0x00007FF6A77B1000-memory.dmp	upx
behavioral2/memory/3956-483-0x00007FF68D660000-0x00007FF68DA51000-memory.dmp	upx
behavioral2/memory/1916-460-0x00007FF61B380000-0x00007FF61B771000-memory.dmp	upx
behavioral2/memory/2052-434-0x00007FF6F2AA0000-0x00007FF6F2E91000-memory.dmp	upx
behavioral2/memory/3540-433-0x00007FF759D30000-0x00007FF75A121000-memory.dmp	upx
behavioral2/memory/1020-1962-0x00007FF616A10000-0x00007FF616E01000-memory.dmp	upx
behavioral2/memory/1188-1968-0x00007FF60AC20000-0x00007FF60B011000-memory.dmp	upx
behavioral2/memory/2836-1970-0x00007FF78DC30000-0x00007FF78E021000-memory.dmp	upx
behavioral2/memory/1020-1972-0x00007FF616A10000-0x00007FF616E01000-memory.dmp	upx
behavioral2/memory/3664-1974-0x00007FF609C80000-0x00007FF60A071000-memory.dmp	upx
behavioral2/memory/1176-1982-0x00007FF613320000-0x00007FF613711000-memory.dmp	upx
behavioral2/memory/4488-1984-0x00007FF7E60E0000-0x00007FF7E64D1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\QrjIdpL.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\YjBXBgn.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\FXgebKh.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\tOwjrlk.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\GtbhoTE.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\xpBXPdc.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\PgDOjYz.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\zBMmQjw.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\ktqDuvz.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\HwjoAcH.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\dEgBRiV.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\gnLhRoY.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\YCsFhTn.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\GfyjPQt.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\YpCOjMf.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\qzfmpyV.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\FebEIJQ.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\eeqPlJW.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\vNDFZzI.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\RILMBoU.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\TOAfVhg.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\alDIVxS.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\BkWZzJu.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\FuuntDp.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\xdnAshg.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\gBSAuPe.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\gqdPfWz.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\hSTPXKk.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\hXUAuRT.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\uIksPlB.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\ekPMytz.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\hiBhRyl.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\dspFgiW.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\uPSOvGe.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\ECJgZWx.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\yJFkCPA.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\TcNJSYe.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\pwFAtdx.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\AxHOKan.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\Plmcpzg.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\SunTgyz.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\jTMyneh.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\NbPolYA.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\NYdNdin.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\sQUTbJK.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\eXQFQuF.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\ndEiiiT.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\XHGViDN.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\eDtzOlq.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\zBEcUdF.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\clUDRpf.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\fdxHsjn.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\yvkBqCu.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\CmRLXqQ.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\vwBzPjB.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\bmomuIa.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\wDcScPT.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\UsICYTD.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\KEXjnWL.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\ljGijiT.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\HCRFTYc.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\PsVwcyv.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\VNqorzR.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
File created	C:\Windows\System32\HbQGgru.exe	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13532	dwm.exe
Token: SeChangeNotifyPrivilege	13532	dwm.exe
Token: 33	13532	dwm.exe
Token: SeIncBasePriorityPrivilege	13532	dwm.exe
Token: SeShutdownPrivilege	13532	dwm.exe
Token: SeCreatePagefilePrivilege	13532	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1188	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	91
PID 2196 wrote to memory of 1188	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	91
PID 2196 wrote to memory of 1020	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	92
PID 2196 wrote to memory of 1020	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	92
PID 2196 wrote to memory of 2836	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	93
PID 2196 wrote to memory of 2836	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	93
PID 2196 wrote to memory of 3664	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	94
PID 2196 wrote to memory of 3664	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	94
PID 2196 wrote to memory of 880	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	95
PID 2196 wrote to memory of 880	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	95
PID 2196 wrote to memory of 3688	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	96
PID 2196 wrote to memory of 3688	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	96
PID 2196 wrote to memory of 4488	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	97
PID 2196 wrote to memory of 4488	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	97
PID 2196 wrote to memory of 4496	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	98
PID 2196 wrote to memory of 4496	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	98
PID 2196 wrote to memory of 1176	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	99
PID 2196 wrote to memory of 1176	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	99
PID 2196 wrote to memory of 3604	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	100
PID 2196 wrote to memory of 3604	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	100
PID 2196 wrote to memory of 1584	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	101
PID 2196 wrote to memory of 1584	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	101
PID 2196 wrote to memory of 1064	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	102
PID 2196 wrote to memory of 1064	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	102
PID 2196 wrote to memory of 1572	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	103
PID 2196 wrote to memory of 1572	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	103
PID 2196 wrote to memory of 5032	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	104
PID 2196 wrote to memory of 5032	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	104
PID 2196 wrote to memory of 1500	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	105
PID 2196 wrote to memory of 1500	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	105
PID 2196 wrote to memory of 3540	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	106
PID 2196 wrote to memory of 3540	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	106
PID 2196 wrote to memory of 2052	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	107
PID 2196 wrote to memory of 2052	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	107
PID 2196 wrote to memory of 4548	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	108
PID 2196 wrote to memory of 4548	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	108
PID 2196 wrote to memory of 2388	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	109
PID 2196 wrote to memory of 2388	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	109
PID 2196 wrote to memory of 3424	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	110
PID 2196 wrote to memory of 3424	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	110
PID 2196 wrote to memory of 1916	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	111
PID 2196 wrote to memory of 1916	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	111
PID 2196 wrote to memory of 2036	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	112
PID 2196 wrote to memory of 2036	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	112
PID 2196 wrote to memory of 3952	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	113
PID 2196 wrote to memory of 3952	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	113
PID 2196 wrote to memory of 3956	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	114
PID 2196 wrote to memory of 3956	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	114
PID 2196 wrote to memory of 4288	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	115
PID 2196 wrote to memory of 4288	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	115
PID 2196 wrote to memory of 4744	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	116
PID 2196 wrote to memory of 4744	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	116
PID 2196 wrote to memory of 5028	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	117
PID 2196 wrote to memory of 5028	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	117
PID 2196 wrote to memory of 4352	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	118
PID 2196 wrote to memory of 4352	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	118
PID 2196 wrote to memory of 2020	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	119
PID 2196 wrote to memory of 2020	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	119
PID 2196 wrote to memory of 4308	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	120
PID 2196 wrote to memory of 4308	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	120
PID 2196 wrote to memory of 1988	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	121
PID 2196 wrote to memory of 1988	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	121
PID 2196 wrote to memory of 4680	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	122
PID 2196 wrote to memory of 4680	2196	26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe	122

C:\Users\Admin\AppData\Local\Temp\26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe
"C:\Users\Admin\AppData\Local\Temp\26097e7d4bed8cb2f7bc7e4f3ca66bfe2f9eccd891fe866a54faa23c7451d009.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\System32\XlVJgxS.exe
  C:\Windows\System32\XlVJgxS.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System32\BgXMDAT.exe
  C:\Windows\System32\BgXMDAT.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System32\VWXoUJS.exe
  C:\Windows\System32\VWXoUJS.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System32\HcGQcZh.exe
  C:\Windows\System32\HcGQcZh.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System32\PgDOjYz.exe
  C:\Windows\System32\PgDOjYz.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System32\UlgJroe.exe
  C:\Windows\System32\UlgJroe.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System32\OujcOOJ.exe
  C:\Windows\System32\OujcOOJ.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System32\hTBuTVr.exe
  C:\Windows\System32\hTBuTVr.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System32\LpxytbC.exe
  C:\Windows\System32\LpxytbC.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System32\IHbMawC.exe
  C:\Windows\System32\IHbMawC.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System32\ZxAaLvC.exe
  C:\Windows\System32\ZxAaLvC.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System32\VRIPoGO.exe
  C:\Windows\System32\VRIPoGO.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System32\NbPolYA.exe
  C:\Windows\System32\NbPolYA.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System32\WrOAOdn.exe
  C:\Windows\System32\WrOAOdn.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System32\HQrarcC.exe
  C:\Windows\System32\HQrarcC.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System32\rEqviij.exe
  C:\Windows\System32\rEqviij.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System32\ffPulHD.exe
  C:\Windows\System32\ffPulHD.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System32\UsICYTD.exe
  C:\Windows\System32\UsICYTD.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System32\fOZJjbU.exe
  C:\Windows\System32\fOZJjbU.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System32\DDkTTDT.exe
  C:\Windows\System32\DDkTTDT.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System32\zJOTVsH.exe
  C:\Windows\System32\zJOTVsH.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System32\HwjoAcH.exe
  C:\Windows\System32\HwjoAcH.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System32\ljGijiT.exe
  C:\Windows\System32\ljGijiT.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System32\XHGViDN.exe
  C:\Windows\System32\XHGViDN.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System32\KEXjnWL.exe
  C:\Windows\System32\KEXjnWL.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System32\TSotSut.exe
  C:\Windows\System32\TSotSut.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System32\MIMKIRe.exe
  C:\Windows\System32\MIMKIRe.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\eeqPlJW.exe
  C:\Windows\System32\eeqPlJW.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System32\dEgBRiV.exe
  C:\Windows\System32\dEgBRiV.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System32\gwkddlo.exe
  C:\Windows\System32\gwkddlo.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System32\FIqEtPk.exe
  C:\Windows\System32\FIqEtPk.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System32\DSRZCAP.exe
  C:\Windows\System32\DSRZCAP.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System32\YELpahl.exe
  C:\Windows\System32\YELpahl.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System32\XmVpwKu.exe
  C:\Windows\System32\XmVpwKu.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System32\jAOgYoP.exe
  C:\Windows\System32\jAOgYoP.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System32\TBjCFOR.exe
  C:\Windows\System32\TBjCFOR.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System32\qeAguFb.exe
  C:\Windows\System32\qeAguFb.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\eKrLdJM.exe
  C:\Windows\System32\eKrLdJM.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System32\NHOcCaM.exe
  C:\Windows\System32\NHOcCaM.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System32\zCxGpli.exe
  C:\Windows\System32\zCxGpli.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System32\tQoJjNy.exe
  C:\Windows\System32\tQoJjNy.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System32\Fazjkye.exe
  C:\Windows\System32\Fazjkye.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System32\rTwlqJb.exe
  C:\Windows\System32\rTwlqJb.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System32\lKtGuCy.exe
  C:\Windows\System32\lKtGuCy.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System32\udrkJhF.exe
  C:\Windows\System32\udrkJhF.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System32\eDtzOlq.exe
  C:\Windows\System32\eDtzOlq.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System32\jVeJlBi.exe
  C:\Windows\System32\jVeJlBi.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System32\CYxbqaL.exe
  C:\Windows\System32\CYxbqaL.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System32\YDivPLr.exe
  C:\Windows\System32\YDivPLr.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System32\dNoREXR.exe
  C:\Windows\System32\dNoREXR.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System32\hSjdDRG.exe
  C:\Windows\System32\hSjdDRG.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System32\njDQMQt.exe
  C:\Windows\System32\njDQMQt.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System32\IDYQWsR.exe
  C:\Windows\System32\IDYQWsR.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System32\EfGTRwD.exe
  C:\Windows\System32\EfGTRwD.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System32\HgbzfEF.exe
  C:\Windows\System32\HgbzfEF.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System32\MuRIKUY.exe
  C:\Windows\System32\MuRIKUY.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System32\ZZawygQ.exe
  C:\Windows\System32\ZZawygQ.exe
  2⤵
  - Executes dropped EXE
  PID:5184
- C:\Windows\System32\hihntHm.exe
  C:\Windows\System32\hihntHm.exe
  2⤵
  - Executes dropped EXE
  PID:5212
- C:\Windows\System32\bKZvrOJ.exe
  C:\Windows\System32\bKZvrOJ.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System32\kMeArin.exe
  C:\Windows\System32\kMeArin.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System32\StOPzYK.exe
  C:\Windows\System32\StOPzYK.exe
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Windows\System32\lsAExjd.exe
  C:\Windows\System32\lsAExjd.exe
  2⤵
  - Executes dropped EXE
  PID:5324
- C:\Windows\System32\ECJgZWx.exe
  C:\Windows\System32\ECJgZWx.exe
  2⤵
  - Executes dropped EXE
  PID:5360
- C:\Windows\System32\QvNBIWJ.exe
  C:\Windows\System32\QvNBIWJ.exe
  2⤵
  - Executes dropped EXE
  PID:5376
- C:\Windows\System32\uSokzEk.exe
  C:\Windows\System32\uSokzEk.exe
  2⤵
  PID:5416
- C:\Windows\System32\nDlAzMQ.exe
  C:\Windows\System32\nDlAzMQ.exe
  2⤵
  PID:5432
- C:\Windows\System32\IbHyKkx.exe
  C:\Windows\System32\IbHyKkx.exe
  2⤵
  PID:5464
- C:\Windows\System32\POXNFKp.exe
  C:\Windows\System32\POXNFKp.exe
  2⤵
  PID:5500
- C:\Windows\System32\HiNGuBF.exe
  C:\Windows\System32\HiNGuBF.exe
  2⤵
  PID:5520
- C:\Windows\System32\sXwEdJO.exe
  C:\Windows\System32\sXwEdJO.exe
  2⤵
  PID:5556
- C:\Windows\System32\SjLkllw.exe
  C:\Windows\System32\SjLkllw.exe
  2⤵
  PID:5584
- C:\Windows\System32\FflCqeA.exe
  C:\Windows\System32\FflCqeA.exe
  2⤵
  PID:5604
- C:\Windows\System32\bwfGUQA.exe
  C:\Windows\System32\bwfGUQA.exe
  2⤵
  PID:5632
- C:\Windows\System32\ZDBRlap.exe
  C:\Windows\System32\ZDBRlap.exe
  2⤵
  PID:5676
- C:\Windows\System32\fdxHsjn.exe
  C:\Windows\System32\fdxHsjn.exe
  2⤵
  PID:5696
- C:\Windows\System32\lIoHNNf.exe
  C:\Windows\System32\lIoHNNf.exe
  2⤵
  PID:5724
- C:\Windows\System32\bCweihG.exe
  C:\Windows\System32\bCweihG.exe
  2⤵
  PID:5740
- C:\Windows\System32\RjAbPiL.exe
  C:\Windows\System32\RjAbPiL.exe
  2⤵
  PID:5768
- C:\Windows\System32\aeNGojc.exe
  C:\Windows\System32\aeNGojc.exe
  2⤵
  PID:5808
- C:\Windows\System32\NYdNdin.exe
  C:\Windows\System32\NYdNdin.exe
  2⤵
  PID:5824
- C:\Windows\System32\TgtDVIv.exe
  C:\Windows\System32\TgtDVIv.exe
  2⤵
  PID:5864
- C:\Windows\System32\OscHjkN.exe
  C:\Windows\System32\OscHjkN.exe
  2⤵
  PID:5880
- C:\Windows\System32\Qqlvaxa.exe
  C:\Windows\System32\Qqlvaxa.exe
  2⤵
  PID:5916
- C:\Windows\System32\GfbjSnb.exe
  C:\Windows\System32\GfbjSnb.exe
  2⤵
  PID:5936
- C:\Windows\System32\qetLNZE.exe
  C:\Windows\System32\qetLNZE.exe
  2⤵
  PID:5964
- C:\Windows\System32\XXmIvGF.exe
  C:\Windows\System32\XXmIvGF.exe
  2⤵
  PID:6004
- C:\Windows\System32\zloRaLV.exe
  C:\Windows\System32\zloRaLV.exe
  2⤵
  PID:6024
- C:\Windows\System32\sQUTbJK.exe
  C:\Windows\System32\sQUTbJK.exe
  2⤵
  PID:6052
- C:\Windows\System32\nceCnMZ.exe
  C:\Windows\System32\nceCnMZ.exe
  2⤵
  PID:6088
- C:\Windows\System32\dsKBRjV.exe
  C:\Windows\System32\dsKBRjV.exe
  2⤵
  PID:6104
- C:\Windows\System32\zBMmQjw.exe
  C:\Windows\System32\zBMmQjw.exe
  2⤵
  PID:912
- C:\Windows\System32\oWfVaLR.exe
  C:\Windows\System32\oWfVaLR.exe
  2⤵
  PID:4476
- C:\Windows\System32\jQcwoYM.exe
  C:\Windows\System32\jQcwoYM.exe
  2⤵
  PID:4636
- C:\Windows\System32\JeKabcz.exe
  C:\Windows\System32\JeKabcz.exe
  2⤵
  PID:2180
- C:\Windows\System32\RiXdhxA.exe
  C:\Windows\System32\RiXdhxA.exe
  2⤵
  PID:5004
- C:\Windows\System32\PutUioe.exe
  C:\Windows\System32\PutUioe.exe
  2⤵
  PID:5144
- C:\Windows\System32\wnfgDjl.exe
  C:\Windows\System32\wnfgDjl.exe
  2⤵
  PID:5268
- C:\Windows\System32\HJNrjOO.exe
  C:\Windows\System32\HJNrjOO.exe
  2⤵
  PID:5312
- C:\Windows\System32\bpJoVIW.exe
  C:\Windows\System32\bpJoVIW.exe
  2⤵
  PID:5388
- C:\Windows\System32\HZCMQub.exe
  C:\Windows\System32\HZCMQub.exe
  2⤵
  PID:5456
- C:\Windows\System32\StbrKlV.exe
  C:\Windows\System32\StbrKlV.exe
  2⤵
  PID:5484
- C:\Windows\System32\SzfiFyy.exe
  C:\Windows\System32\SzfiFyy.exe
  2⤵
  PID:5548
- C:\Windows\System32\QFucBLj.exe
  C:\Windows\System32\QFucBLj.exe
  2⤵
  PID:5620
- C:\Windows\System32\tNUIuOS.exe
  C:\Windows\System32\tNUIuOS.exe
  2⤵
  PID:5692
- C:\Windows\System32\XcqNCrd.exe
  C:\Windows\System32\XcqNCrd.exe
  2⤵
  PID:1468
- C:\Windows\System32\KIuNAQW.exe
  C:\Windows\System32\KIuNAQW.exe
  2⤵
  PID:5784
- C:\Windows\System32\lhZKnol.exe
  C:\Windows\System32\lhZKnol.exe
  2⤵
  PID:5848
- C:\Windows\System32\UoZMmrn.exe
  C:\Windows\System32\UoZMmrn.exe
  2⤵
  PID:5896
- C:\Windows\System32\CHvgEeq.exe
  C:\Windows\System32\CHvgEeq.exe
  2⤵
  PID:5996
- C:\Windows\System32\IAipbAG.exe
  C:\Windows\System32\IAipbAG.exe
  2⤵
  PID:4248
- C:\Windows\System32\XdJWHiC.exe
  C:\Windows\System32\XdJWHiC.exe
  2⤵
  PID:6068
- C:\Windows\System32\sVHcaAg.exe
  C:\Windows\System32\sVHcaAg.exe
  2⤵
  PID:6120
- C:\Windows\System32\xiRcUSa.exe
  C:\Windows\System32\xiRcUSa.exe
  2⤵
  PID:4460
- C:\Windows\System32\sYWwNoe.exe
  C:\Windows\System32\sYWwNoe.exe
  2⤵
  PID:3548
- C:\Windows\System32\jhClwcX.exe
  C:\Windows\System32\jhClwcX.exe
  2⤵
  PID:5192
- C:\Windows\System32\vNDFZzI.exe
  C:\Windows\System32\vNDFZzI.exe
  2⤵
  PID:5260
- C:\Windows\System32\zKIHnMD.exe
  C:\Windows\System32\zKIHnMD.exe
  2⤵
  PID:5392
- C:\Windows\System32\pAmYBtL.exe
  C:\Windows\System32\pAmYBtL.exe
  2⤵
  PID:4536
- C:\Windows\System32\tWnINfo.exe
  C:\Windows\System32\tWnINfo.exe
  2⤵
  PID:5952
- C:\Windows\System32\yJFkCPA.exe
  C:\Windows\System32\yJFkCPA.exe
  2⤵
  PID:840
- C:\Windows\System32\NmPKRLW.exe
  C:\Windows\System32\NmPKRLW.exe
  2⤵
  PID:6096
- C:\Windows\System32\LFmTBuL.exe
  C:\Windows\System32\LFmTBuL.exe
  2⤵
  PID:1996
- C:\Windows\System32\ytEDIyI.exe
  C:\Windows\System32\ytEDIyI.exe
  2⤵
  PID:380
- C:\Windows\System32\Bofxsgq.exe
  C:\Windows\System32\Bofxsgq.exe
  2⤵
  PID:4824
- C:\Windows\System32\CpAsErM.exe
  C:\Windows\System32\CpAsErM.exe
  2⤵
  PID:5288
- C:\Windows\System32\MieAPTw.exe
  C:\Windows\System32\MieAPTw.exe
  2⤵
  PID:3608
- C:\Windows\System32\pasDnEX.exe
  C:\Windows\System32\pasDnEX.exe
  2⤵
  PID:3636
- C:\Windows\System32\sIVHhpG.exe
  C:\Windows\System32\sIVHhpG.exe
  2⤵
  PID:5792
- C:\Windows\System32\yvkBqCu.exe
  C:\Windows\System32\yvkBqCu.exe
  2⤵
  PID:5576
- C:\Windows\System32\hRrXRgT.exe
  C:\Windows\System32\hRrXRgT.exe
  2⤵
  PID:3420
- C:\Windows\System32\yPznijC.exe
  C:\Windows\System32\yPznijC.exe
  2⤵
  PID:6040
- C:\Windows\System32\gQLvKSh.exe
  C:\Windows\System32\gQLvKSh.exe
  2⤵
  PID:4512
- C:\Windows\System32\znscGTN.exe
  C:\Windows\System32\znscGTN.exe
  2⤵
  PID:5156
- C:\Windows\System32\IHRZXli.exe
  C:\Windows\System32\IHRZXli.exe
  2⤵
  PID:6152
- C:\Windows\System32\ktqDuvz.exe
  C:\Windows\System32\ktqDuvz.exe
  2⤵
  PID:6176
- C:\Windows\System32\hteaKYC.exe
  C:\Windows\System32\hteaKYC.exe
  2⤵
  PID:6200
- C:\Windows\System32\gwPkjzj.exe
  C:\Windows\System32\gwPkjzj.exe
  2⤵
  PID:6228
- C:\Windows\System32\yGgqSOL.exe
  C:\Windows\System32\yGgqSOL.exe
  2⤵
  PID:6248
- C:\Windows\System32\NvZISIm.exe
  C:\Windows\System32\NvZISIm.exe
  2⤵
  PID:6268
- C:\Windows\System32\OjLYhIn.exe
  C:\Windows\System32\OjLYhIn.exe
  2⤵
  PID:6292
- C:\Windows\System32\IManIvi.exe
  C:\Windows\System32\IManIvi.exe
  2⤵
  PID:6368
- C:\Windows\System32\xoYIser.exe
  C:\Windows\System32\xoYIser.exe
  2⤵
  PID:6384
- C:\Windows\System32\ClpUrfy.exe
  C:\Windows\System32\ClpUrfy.exe
  2⤵
  PID:6416
- C:\Windows\System32\WnwuBex.exe
  C:\Windows\System32\WnwuBex.exe
  2⤵
  PID:6444
- C:\Windows\System32\pxllrWf.exe
  C:\Windows\System32\pxllrWf.exe
  2⤵
  PID:6472
- C:\Windows\System32\XuAAfxh.exe
  C:\Windows\System32\XuAAfxh.exe
  2⤵
  PID:6492
- C:\Windows\System32\bpdhWUi.exe
  C:\Windows\System32\bpdhWUi.exe
  2⤵
  PID:6532
- C:\Windows\System32\GMklRJn.exe
  C:\Windows\System32\GMklRJn.exe
  2⤵
  PID:6560
- C:\Windows\System32\kbtWbHT.exe
  C:\Windows\System32\kbtWbHT.exe
  2⤵
  PID:6588
- C:\Windows\System32\pvzORub.exe
  C:\Windows\System32\pvzORub.exe
  2⤵
  PID:6612
- C:\Windows\System32\nUjyUvk.exe
  C:\Windows\System32\nUjyUvk.exe
  2⤵
  PID:6644
- C:\Windows\System32\DHPBZIC.exe
  C:\Windows\System32\DHPBZIC.exe
  2⤵
  PID:6668
- C:\Windows\System32\DaOKuBX.exe
  C:\Windows\System32\DaOKuBX.exe
  2⤵
  PID:6688
- C:\Windows\System32\jtjlZNU.exe
  C:\Windows\System32\jtjlZNU.exe
  2⤵
  PID:6708
- C:\Windows\System32\hyDeKSh.exe
  C:\Windows\System32\hyDeKSh.exe
  2⤵
  PID:6748
- C:\Windows\System32\HaKhTzZ.exe
  C:\Windows\System32\HaKhTzZ.exe
  2⤵
  PID:6772
- C:\Windows\System32\ZXAHMjN.exe
  C:\Windows\System32\ZXAHMjN.exe
  2⤵
  PID:6792
- C:\Windows\System32\jwDigJS.exe
  C:\Windows\System32\jwDigJS.exe
  2⤵
  PID:6812
- C:\Windows\System32\GtbhoTE.exe
  C:\Windows\System32\GtbhoTE.exe
  2⤵
  PID:6860
- C:\Windows\System32\fZlqMpo.exe
  C:\Windows\System32\fZlqMpo.exe
  2⤵
  PID:6900
- C:\Windows\System32\FSFuAVx.exe
  C:\Windows\System32\FSFuAVx.exe
  2⤵
  PID:6920
- C:\Windows\System32\FyFcwKI.exe
  C:\Windows\System32\FyFcwKI.exe
  2⤵
  PID:6940
- C:\Windows\System32\nxnbwEK.exe
  C:\Windows\System32\nxnbwEK.exe
  2⤵
  PID:6976
- C:\Windows\System32\tCLjKFt.exe
  C:\Windows\System32\tCLjKFt.exe
  2⤵
  PID:7008
- C:\Windows\System32\hPxmTJa.exe
  C:\Windows\System32\hPxmTJa.exe
  2⤵
  PID:7032
- C:\Windows\System32\LRmEIhI.exe
  C:\Windows\System32\LRmEIhI.exe
  2⤵
  PID:7052
- C:\Windows\System32\QHgNuWT.exe
  C:\Windows\System32\QHgNuWT.exe
  2⤵
  PID:7068
- C:\Windows\System32\yWrCRQk.exe
  C:\Windows\System32\yWrCRQk.exe
  2⤵
  PID:7088
- C:\Windows\System32\KtxWcQQ.exe
  C:\Windows\System32\KtxWcQQ.exe
  2⤵
  PID:7116
- C:\Windows\System32\OgZNqpc.exe
  C:\Windows\System32\OgZNqpc.exe
  2⤵
  PID:6060
- C:\Windows\System32\SlSvqHF.exe
  C:\Windows\System32\SlSvqHF.exe
  2⤵
  PID:4888
- C:\Windows\System32\TvnENTP.exe
  C:\Windows\System32\TvnENTP.exe
  2⤵
  PID:4108
- C:\Windows\System32\xJzWswG.exe
  C:\Windows\System32\xJzWswG.exe
  2⤵
  PID:6160
- C:\Windows\System32\rNCpgBq.exe
  C:\Windows\System32\rNCpgBq.exe
  2⤵
  PID:6220
- C:\Windows\System32\TGecwyK.exe
  C:\Windows\System32\TGecwyK.exe
  2⤵
  PID:6308
- C:\Windows\System32\QRSZHKD.exe
  C:\Windows\System32\QRSZHKD.exe
  2⤵
  PID:1624
- C:\Windows\System32\DeyXkQg.exe
  C:\Windows\System32\DeyXkQg.exe
  2⤵
  PID:6428
- C:\Windows\System32\DOgHchV.exe
  C:\Windows\System32\DOgHchV.exe
  2⤵
  PID:6556
- C:\Windows\System32\xjAYXvO.exe
  C:\Windows\System32\xjAYXvO.exe
  2⤵
  PID:6580
- C:\Windows\System32\ogqrFhC.exe
  C:\Windows\System32\ogqrFhC.exe
  2⤵
  PID:6632
- C:\Windows\System32\hEMLVwI.exe
  C:\Windows\System32\hEMLVwI.exe
  2⤵
  PID:6660
- C:\Windows\System32\cKsCZhD.exe
  C:\Windows\System32\cKsCZhD.exe
  2⤵
  PID:5352
- C:\Windows\System32\PGSITjO.exe
  C:\Windows\System32\PGSITjO.exe
  2⤵
  PID:6764
- C:\Windows\System32\PgKLuuz.exe
  C:\Windows\System32\PgKLuuz.exe
  2⤵
  PID:6784
- C:\Windows\System32\jUzFcSk.exe
  C:\Windows\System32\jUzFcSk.exe
  2⤵
  PID:6852
- C:\Windows\System32\VnouFij.exe
  C:\Windows\System32\VnouFij.exe
  2⤵
  PID:6936
- C:\Windows\System32\jrgbWra.exe
  C:\Windows\System32\jrgbWra.exe
  2⤵
  PID:7024
- C:\Windows\System32\GwhDAeK.exe
  C:\Windows\System32\GwhDAeK.exe
  2⤵
  PID:7060
- C:\Windows\System32\kfKRDFL.exe
  C:\Windows\System32\kfKRDFL.exe
  2⤵
  PID:7104
- C:\Windows\System32\ZYSLIaT.exe
  C:\Windows\System32\ZYSLIaT.exe
  2⤵
  PID:7156
- C:\Windows\System32\TYdXfBt.exe
  C:\Windows\System32\TYdXfBt.exe
  2⤵
  PID:1260
- C:\Windows\System32\DcZITcd.exe
  C:\Windows\System32\DcZITcd.exe
  2⤵
  PID:6236
- C:\Windows\System32\oZTLcHc.exe
  C:\Windows\System32\oZTLcHc.exe
  2⤵
  PID:6512
- C:\Windows\System32\ZGBmgtg.exe
  C:\Windows\System32\ZGBmgtg.exe
  2⤵
  PID:6624
- C:\Windows\System32\XusgjAp.exe
  C:\Windows\System32\XusgjAp.exe
  2⤵
  PID:6664
- C:\Windows\System32\ePZLlse.exe
  C:\Windows\System32\ePZLlse.exe
  2⤵
  PID:7004
- C:\Windows\System32\tGHPYFi.exe
  C:\Windows\System32\tGHPYFi.exe
  2⤵
  PID:7084
- C:\Windows\System32\CWRvcMr.exe
  C:\Windows\System32\CWRvcMr.exe
  2⤵
  PID:3856
- C:\Windows\System32\PYzrPvX.exe
  C:\Windows\System32\PYzrPvX.exe
  2⤵
  PID:6800
- C:\Windows\System32\kOOBzST.exe
  C:\Windows\System32\kOOBzST.exe
  2⤵
  PID:6912
- C:\Windows\System32\mBaogti.exe
  C:\Windows\System32\mBaogti.exe
  2⤵
  PID:7144
- C:\Windows\System32\effDMay.exe
  C:\Windows\System32\effDMay.exe
  2⤵
  PID:6604
- C:\Windows\System32\NBSxFNj.exe
  C:\Windows\System32\NBSxFNj.exe
  2⤵
  PID:7196
- C:\Windows\System32\gGUDcIU.exe
  C:\Windows\System32\gGUDcIU.exe
  2⤵
  PID:7212
- C:\Windows\System32\RxMfWdd.exe
  C:\Windows\System32\RxMfWdd.exe
  2⤵
  PID:7252
- C:\Windows\System32\mSyrPYv.exe
  C:\Windows\System32\mSyrPYv.exe
  2⤵
  PID:7276
- C:\Windows\System32\XhEPtPQ.exe
  C:\Windows\System32\XhEPtPQ.exe
  2⤵
  PID:7292
- C:\Windows\System32\iEPbHDy.exe
  C:\Windows\System32\iEPbHDy.exe
  2⤵
  PID:7312
- C:\Windows\System32\UPcIhgf.exe
  C:\Windows\System32\UPcIhgf.exe
  2⤵
  PID:7340
- C:\Windows\System32\vfIlYXu.exe
  C:\Windows\System32\vfIlYXu.exe
  2⤵
  PID:7368
- C:\Windows\System32\WLmqrMs.exe
  C:\Windows\System32\WLmqrMs.exe
  2⤵
  PID:7388
- C:\Windows\System32\nhccmaU.exe
  C:\Windows\System32\nhccmaU.exe
  2⤵
  PID:7420
- C:\Windows\System32\hiBhRyl.exe
  C:\Windows\System32\hiBhRyl.exe
  2⤵
  PID:7456
- C:\Windows\System32\BbqteJu.exe
  C:\Windows\System32\BbqteJu.exe
  2⤵
  PID:7492
- C:\Windows\System32\sMQQile.exe
  C:\Windows\System32\sMQQile.exe
  2⤵
  PID:7524
- C:\Windows\System32\CsivJcX.exe
  C:\Windows\System32\CsivJcX.exe
  2⤵
  PID:7556
- C:\Windows\System32\HQVIgpZ.exe
  C:\Windows\System32\HQVIgpZ.exe
  2⤵
  PID:7580
- C:\Windows\System32\gwpUOXd.exe
  C:\Windows\System32\gwpUOXd.exe
  2⤵
  PID:7604
- C:\Windows\System32\qgrKoJP.exe
  C:\Windows\System32\qgrKoJP.exe
  2⤵
  PID:7624
- C:\Windows\System32\TDDimFd.exe
  C:\Windows\System32\TDDimFd.exe
  2⤵
  PID:7648
- C:\Windows\System32\dcImFyU.exe
  C:\Windows\System32\dcImFyU.exe
  2⤵
  PID:7692
- C:\Windows\System32\XnaXhlZ.exe
  C:\Windows\System32\XnaXhlZ.exe
  2⤵
  PID:7708
- C:\Windows\System32\AVNZKDw.exe
  C:\Windows\System32\AVNZKDw.exe
  2⤵
  PID:7732
- C:\Windows\System32\CmRLXqQ.exe
  C:\Windows\System32\CmRLXqQ.exe
  2⤵
  PID:7776
- C:\Windows\System32\vjwJjZR.exe
  C:\Windows\System32\vjwJjZR.exe
  2⤵
  PID:7792
- C:\Windows\System32\Plmcpzg.exe
  C:\Windows\System32\Plmcpzg.exe
  2⤵
  PID:7820
- C:\Windows\System32\qjGyLEo.exe
  C:\Windows\System32\qjGyLEo.exe
  2⤵
  PID:7844
- C:\Windows\System32\HQaAvDs.exe
  C:\Windows\System32\HQaAvDs.exe
  2⤵
  PID:7864
- C:\Windows\System32\jDUwVdt.exe
  C:\Windows\System32\jDUwVdt.exe
  2⤵
  PID:7888
- C:\Windows\System32\iPzDDST.exe
  C:\Windows\System32\iPzDDST.exe
  2⤵
  PID:7908
- C:\Windows\System32\ZSwMGPS.exe
  C:\Windows\System32\ZSwMGPS.exe
  2⤵
  PID:7956
- C:\Windows\System32\ufxLFiY.exe
  C:\Windows\System32\ufxLFiY.exe
  2⤵
  PID:7992
- C:\Windows\System32\HmOkVfD.exe
  C:\Windows\System32\HmOkVfD.exe
  2⤵
  PID:8028
- C:\Windows\System32\GfMyYAc.exe
  C:\Windows\System32\GfMyYAc.exe
  2⤵
  PID:8052
- C:\Windows\System32\afKnZin.exe
  C:\Windows\System32\afKnZin.exe
  2⤵
  PID:8076
- C:\Windows\System32\InDKcRg.exe
  C:\Windows\System32\InDKcRg.exe
  2⤵
  PID:8096
- C:\Windows\System32\TxPhyaz.exe
  C:\Windows\System32\TxPhyaz.exe
  2⤵
  PID:8144
- C:\Windows\System32\GbLmntu.exe
  C:\Windows\System32\GbLmntu.exe
  2⤵
  PID:8176
- C:\Windows\System32\BkWZzJu.exe
  C:\Windows\System32\BkWZzJu.exe
  2⤵
  PID:7100
- C:\Windows\System32\cEtyVKV.exe
  C:\Windows\System32\cEtyVKV.exe
  2⤵
  PID:7204
- C:\Windows\System32\uCGofhy.exe
  C:\Windows\System32\uCGofhy.exe
  2⤵
  PID:7300
- C:\Windows\System32\lSDSELR.exe
  C:\Windows\System32\lSDSELR.exe
  2⤵
  PID:7380
- C:\Windows\System32\NMrPurX.exe
  C:\Windows\System32\NMrPurX.exe
  2⤵
  PID:7412
- C:\Windows\System32\aEqPQRh.exe
  C:\Windows\System32\aEqPQRh.exe
  2⤵
  PID:7452
- C:\Windows\System32\Zgzisty.exe
  C:\Windows\System32\Zgzisty.exe
  2⤵
  PID:7516
- C:\Windows\System32\AQNTbzs.exe
  C:\Windows\System32\AQNTbzs.exe
  2⤵
  PID:7588
- C:\Windows\System32\aqSlULt.exe
  C:\Windows\System32\aqSlULt.exe
  2⤵
  PID:7636
- C:\Windows\System32\XBXrEVr.exe
  C:\Windows\System32\XBXrEVr.exe
  2⤵
  PID:7752
- C:\Windows\System32\eCJyKOC.exe
  C:\Windows\System32\eCJyKOC.exe
  2⤵
  PID:7816
- C:\Windows\System32\lHWiHDx.exe
  C:\Windows\System32\lHWiHDx.exe
  2⤵
  PID:7856
- C:\Windows\System32\wnQGJRt.exe
  C:\Windows\System32\wnQGJRt.exe
  2⤵
  PID:7880
- C:\Windows\System32\ZBZHgNq.exe
  C:\Windows\System32\ZBZHgNq.exe
  2⤵
  PID:7972
- C:\Windows\System32\WIkhjNB.exe
  C:\Windows\System32\WIkhjNB.exe
  2⤵
  PID:8088
- C:\Windows\System32\HbQGgru.exe
  C:\Windows\System32\HbQGgru.exe
  2⤵
  PID:8136
- C:\Windows\System32\CtwoDMI.exe
  C:\Windows\System32\CtwoDMI.exe
  2⤵
  PID:6196
- C:\Windows\System32\evdyjvq.exe
  C:\Windows\System32\evdyjvq.exe
  2⤵
  PID:7208
- C:\Windows\System32\KsofZXb.exe
  C:\Windows\System32\KsofZXb.exe
  2⤵
  PID:7432
- C:\Windows\System32\whrEwiH.exe
  C:\Windows\System32\whrEwiH.exe
  2⤵
  PID:7576
- C:\Windows\System32\oHspMZj.exe
  C:\Windows\System32\oHspMZj.exe
  2⤵
  PID:7728
- C:\Windows\System32\xjNRgxa.exe
  C:\Windows\System32\xjNRgxa.exe
  2⤵
  PID:7876
- C:\Windows\System32\TcNJSYe.exe
  C:\Windows\System32\TcNJSYe.exe
  2⤵
  PID:8140
- C:\Windows\System32\NPLfkJn.exe
  C:\Windows\System32\NPLfkJn.exe
  2⤵
  PID:8188
- C:\Windows\System32\ebqMbOC.exe
  C:\Windows\System32\ebqMbOC.exe
  2⤵
  PID:7544
- C:\Windows\System32\CljUlhK.exe
  C:\Windows\System32\CljUlhK.exe
  2⤵
  PID:7836
- C:\Windows\System32\hmWhRtB.exe
  C:\Windows\System32\hmWhRtB.exe
  2⤵
  PID:8184
- C:\Windows\System32\lDeTfPn.exe
  C:\Windows\System32\lDeTfPn.exe
  2⤵
  PID:8204
- C:\Windows\System32\JBDxine.exe
  C:\Windows\System32\JBDxine.exe
  2⤵
  PID:8232
- C:\Windows\System32\PmHMCkt.exe
  C:\Windows\System32\PmHMCkt.exe
  2⤵
  PID:8256
- C:\Windows\System32\xxKniPt.exe
  C:\Windows\System32\xxKniPt.exe
  2⤵
  PID:8276
- C:\Windows\System32\IkDXaGs.exe
  C:\Windows\System32\IkDXaGs.exe
  2⤵
  PID:8304
- C:\Windows\System32\tZwsvFr.exe
  C:\Windows\System32\tZwsvFr.exe
  2⤵
  PID:8324
- C:\Windows\System32\VtuztxY.exe
  C:\Windows\System32\VtuztxY.exe
  2⤵
  PID:8348
- C:\Windows\System32\kKwVqYQ.exe
  C:\Windows\System32\kKwVqYQ.exe
  2⤵
  PID:8364
- C:\Windows\System32\nfgqLum.exe
  C:\Windows\System32\nfgqLum.exe
  2⤵
  PID:8384
- C:\Windows\System32\VuqDxsw.exe
  C:\Windows\System32\VuqDxsw.exe
  2⤵
  PID:8416
- C:\Windows\System32\SXFxHuo.exe
  C:\Windows\System32\SXFxHuo.exe
  2⤵
  PID:8436
- C:\Windows\System32\lLUEZRo.exe
  C:\Windows\System32\lLUEZRo.exe
  2⤵
  PID:8456
- C:\Windows\System32\NrkzmLg.exe
  C:\Windows\System32\NrkzmLg.exe
  2⤵
  PID:8484
- C:\Windows\System32\uIksPlB.exe
  C:\Windows\System32\uIksPlB.exe
  2⤵
  PID:8544
- C:\Windows\System32\YFxENEj.exe
  C:\Windows\System32\YFxENEj.exe
  2⤵
  PID:8596
- C:\Windows\System32\wiSsePT.exe
  C:\Windows\System32\wiSsePT.exe
  2⤵
  PID:8616
- C:\Windows\System32\UGsvwys.exe
  C:\Windows\System32\UGsvwys.exe
  2⤵
  PID:8640
- C:\Windows\System32\yeDVgtA.exe
  C:\Windows\System32\yeDVgtA.exe
  2⤵
  PID:8660
- C:\Windows\System32\sgvthiR.exe
  C:\Windows\System32\sgvthiR.exe
  2⤵
  PID:8704
- C:\Windows\System32\odMorGd.exe
  C:\Windows\System32\odMorGd.exe
  2⤵
  PID:8732
- C:\Windows\System32\DuHlMQM.exe
  C:\Windows\System32\DuHlMQM.exe
  2⤵
  PID:8752
- C:\Windows\System32\UJpwzKh.exe
  C:\Windows\System32\UJpwzKh.exe
  2⤵
  PID:8780
- C:\Windows\System32\nSBsDkC.exe
  C:\Windows\System32\nSBsDkC.exe
  2⤵
  PID:8800
- C:\Windows\System32\WUGxqoR.exe
  C:\Windows\System32\WUGxqoR.exe
  2⤵
  PID:8824
- C:\Windows\System32\QoedAla.exe
  C:\Windows\System32\QoedAla.exe
  2⤵
  PID:8856
- C:\Windows\System32\UnoxDKx.exe
  C:\Windows\System32\UnoxDKx.exe
  2⤵
  PID:8872
- C:\Windows\System32\PuHKIna.exe
  C:\Windows\System32\PuHKIna.exe
  2⤵
  PID:8892
- C:\Windows\System32\ILnpgCm.exe
  C:\Windows\System32\ILnpgCm.exe
  2⤵
  PID:9068
- C:\Windows\System32\FuuntDp.exe
  C:\Windows\System32\FuuntDp.exe
  2⤵
  PID:9092
- C:\Windows\System32\LiKEpLG.exe
  C:\Windows\System32\LiKEpLG.exe
  2⤵
  PID:9156
- C:\Windows\System32\COggFdi.exe
  C:\Windows\System32\COggFdi.exe
  2⤵
  PID:9184
- C:\Windows\System32\ovKsdhO.exe
  C:\Windows\System32\ovKsdhO.exe
  2⤵
  PID:9204
- C:\Windows\System32\dFvuofj.exe
  C:\Windows\System32\dFvuofj.exe
  2⤵
  PID:7720
- C:\Windows\System32\BRLXeCn.exe
  C:\Windows\System32\BRLXeCn.exe
  2⤵
  PID:8268
- C:\Windows\System32\RwlpJOh.exe
  C:\Windows\System32\RwlpJOh.exe
  2⤵
  PID:8264
- C:\Windows\System32\dIvHEtf.exe
  C:\Windows\System32\dIvHEtf.exe
  2⤵
  PID:8380
- C:\Windows\System32\nWSNFrP.exe
  C:\Windows\System32\nWSNFrP.exe
  2⤵
  PID:8464
- C:\Windows\System32\riDGXyz.exe
  C:\Windows\System32\riDGXyz.exe
  2⤵
  PID:8448
- C:\Windows\System32\yCASguA.exe
  C:\Windows\System32\yCASguA.exe
  2⤵
  PID:8612
- C:\Windows\System32\HDvCRgk.exe
  C:\Windows\System32\HDvCRgk.exe
  2⤵
  PID:8656
- C:\Windows\System32\mxlsFac.exe
  C:\Windows\System32\mxlsFac.exe
  2⤵
  PID:8720
- C:\Windows\System32\VTBmrbO.exe
  C:\Windows\System32\VTBmrbO.exe
  2⤵
  PID:8744
- C:\Windows\System32\xEdxmgX.exe
  C:\Windows\System32\xEdxmgX.exe
  2⤵
  PID:8820
- C:\Windows\System32\BvHZRKT.exe
  C:\Windows\System32\BvHZRKT.exe
  2⤵
  PID:8868
- C:\Windows\System32\gnLhRoY.exe
  C:\Windows\System32\gnLhRoY.exe
  2⤵
  PID:8900
- C:\Windows\System32\TfdIhQX.exe
  C:\Windows\System32\TfdIhQX.exe
  2⤵
  PID:8944
- C:\Windows\System32\vozJjau.exe
  C:\Windows\System32\vozJjau.exe
  2⤵
  PID:8980
- C:\Windows\System32\aRNxniQ.exe
  C:\Windows\System32\aRNxniQ.exe
  2⤵
  PID:9104
- C:\Windows\System32\ELJNCkZ.exe
  C:\Windows\System32\ELJNCkZ.exe
  2⤵
  PID:9108
- C:\Windows\System32\YCsFhTn.exe
  C:\Windows\System32\YCsFhTn.exe
  2⤵
  PID:9144
- C:\Windows\System32\djgBOMF.exe
  C:\Windows\System32\djgBOMF.exe
  2⤵
  PID:8044
- C:\Windows\System32\bzuJvRZ.exe
  C:\Windows\System32\bzuJvRZ.exe
  2⤵
  PID:8224
- C:\Windows\System32\DHAwTfS.exe
  C:\Windows\System32\DHAwTfS.exe
  2⤵
  PID:8424
- C:\Windows\System32\qUNoeKy.exe
  C:\Windows\System32\qUNoeKy.exe
  2⤵
  PID:8528
- C:\Windows\System32\vwBzPjB.exe
  C:\Windows\System32\vwBzPjB.exe
  2⤵
  PID:8700
- C:\Windows\System32\KrfQFlV.exe
  C:\Windows\System32\KrfQFlV.exe
  2⤵
  PID:8844
- C:\Windows\System32\XWWSxEx.exe
  C:\Windows\System32\XWWSxEx.exe
  2⤵
  PID:8984
- C:\Windows\System32\Hvpmnqf.exe
  C:\Windows\System32\Hvpmnqf.exe
  2⤵
  PID:8972
- C:\Windows\System32\ekPMytz.exe
  C:\Windows\System32\ekPMytz.exe
  2⤵
  PID:8228
- C:\Windows\System32\Tswimsw.exe
  C:\Windows\System32\Tswimsw.exe
  2⤵
  PID:8340
- C:\Windows\System32\dojEMwY.exe
  C:\Windows\System32\dojEMwY.exe
  2⤵
  PID:8692
- C:\Windows\System32\DLnLqwa.exe
  C:\Windows\System32\DLnLqwa.exe
  2⤵
  PID:8948
- C:\Windows\System32\rcIjlcD.exe
  C:\Windows\System32\rcIjlcD.exe
  2⤵
  PID:9180
- C:\Windows\System32\pwFAtdx.exe
  C:\Windows\System32\pwFAtdx.exe
  2⤵
  PID:8404
- C:\Windows\System32\IKRrnET.exe
  C:\Windows\System32\IKRrnET.exe
  2⤵
  PID:8712
- C:\Windows\System32\XfMVzNf.exe
  C:\Windows\System32\XfMVzNf.exe
  2⤵
  PID:9224
- C:\Windows\System32\jTMyneh.exe
  C:\Windows\System32\jTMyneh.exe
  2⤵
  PID:9260
- C:\Windows\System32\zjZHnLU.exe
  C:\Windows\System32\zjZHnLU.exe
  2⤵
  PID:9292
- C:\Windows\System32\QfxZQBk.exe
  C:\Windows\System32\QfxZQBk.exe
  2⤵
  PID:9356
- C:\Windows\System32\QBDnbZd.exe
  C:\Windows\System32\QBDnbZd.exe
  2⤵
  PID:9388
- C:\Windows\System32\bPxvJDR.exe
  C:\Windows\System32\bPxvJDR.exe
  2⤵
  PID:9408
- C:\Windows\System32\xpfcqLA.exe
  C:\Windows\System32\xpfcqLA.exe
  2⤵
  PID:9428
- C:\Windows\System32\dBhKido.exe
  C:\Windows\System32\dBhKido.exe
  2⤵
  PID:9456
- C:\Windows\System32\KtPTgRS.exe
  C:\Windows\System32\KtPTgRS.exe
  2⤵
  PID:9500
- C:\Windows\System32\OGNEbgd.exe
  C:\Windows\System32\OGNEbgd.exe
  2⤵
  PID:9520
- C:\Windows\System32\pTwriIy.exe
  C:\Windows\System32\pTwriIy.exe
  2⤵
  PID:9544
- C:\Windows\System32\qhXBBXz.exe
  C:\Windows\System32\qhXBBXz.exe
  2⤵
  PID:9568
- C:\Windows\System32\ptlBKgY.exe
  C:\Windows\System32\ptlBKgY.exe
  2⤵
  PID:9596
- C:\Windows\System32\wjPUbUo.exe
  C:\Windows\System32\wjPUbUo.exe
  2⤵
  PID:9612
- C:\Windows\System32\vdZtCQB.exe
  C:\Windows\System32\vdZtCQB.exe
  2⤵
  PID:9648
- C:\Windows\System32\riWWTJx.exe
  C:\Windows\System32\riWWTJx.exe
  2⤵
  PID:9672
- C:\Windows\System32\SunTgyz.exe
  C:\Windows\System32\SunTgyz.exe
  2⤵
  PID:9720
- C:\Windows\System32\rmJubKs.exe
  C:\Windows\System32\rmJubKs.exe
  2⤵
  PID:9740
- C:\Windows\System32\vnoxTuc.exe
  C:\Windows\System32\vnoxTuc.exe
  2⤵
  PID:9764
- C:\Windows\System32\xGGGrls.exe
  C:\Windows\System32\xGGGrls.exe
  2⤵
  PID:9792
- C:\Windows\System32\MSrsArN.exe
  C:\Windows\System32\MSrsArN.exe
  2⤵
  PID:9844
- C:\Windows\System32\dspFgiW.exe
  C:\Windows\System32\dspFgiW.exe
  2⤵
  PID:9868
- C:\Windows\System32\PBWoHlm.exe
  C:\Windows\System32\PBWoHlm.exe
  2⤵
  PID:9888
- C:\Windows\System32\INLdQDb.exe
  C:\Windows\System32\INLdQDb.exe
  2⤵
  PID:9928
- C:\Windows\System32\drXnhvo.exe
  C:\Windows\System32\drXnhvo.exe
  2⤵
  PID:9956
- C:\Windows\System32\YRWqvGd.exe
  C:\Windows\System32\YRWqvGd.exe
  2⤵
  PID:9980
- C:\Windows\System32\olynkYt.exe
  C:\Windows\System32\olynkYt.exe
  2⤵
  PID:10020
- C:\Windows\System32\qJrZGmg.exe
  C:\Windows\System32\qJrZGmg.exe
  2⤵
  PID:10040
- C:\Windows\System32\bqiCIKK.exe
  C:\Windows\System32\bqiCIKK.exe
  2⤵
  PID:10068
- C:\Windows\System32\tLDxLhe.exe
  C:\Windows\System32\tLDxLhe.exe
  2⤵
  PID:10084
- C:\Windows\System32\ziPSoFh.exe
  C:\Windows\System32\ziPSoFh.exe
  2⤵
  PID:10104
- C:\Windows\System32\OhWhAHf.exe
  C:\Windows\System32\OhWhAHf.exe
  2⤵
  PID:10128
- C:\Windows\System32\XkAmErR.exe
  C:\Windows\System32\XkAmErR.exe
  2⤵
  PID:10148
- C:\Windows\System32\EJxKqJC.exe
  C:\Windows\System32\EJxKqJC.exe
  2⤵
  PID:10196
- C:\Windows\System32\xdnAshg.exe
  C:\Windows\System32\xdnAshg.exe
  2⤵
  PID:10232
- C:\Windows\System32\BJYGzIv.exe
  C:\Windows\System32\BJYGzIv.exe
  2⤵
  PID:8992
- C:\Windows\System32\HhvWNWH.exe
  C:\Windows\System32\HhvWNWH.exe
  2⤵
  PID:9232
- C:\Windows\System32\siECIOe.exe
  C:\Windows\System32\siECIOe.exe
  2⤵
  PID:9272
- C:\Windows\System32\BFPJXWf.exe
  C:\Windows\System32\BFPJXWf.exe
  2⤵
  PID:9372
- C:\Windows\System32\FXgebKh.exe
  C:\Windows\System32\FXgebKh.exe
  2⤵
  PID:9436
- C:\Windows\System32\sdQEJUT.exe
  C:\Windows\System32\sdQEJUT.exe
  2⤵
  PID:9472
- C:\Windows\System32\pVlYIBW.exe
  C:\Windows\System32\pVlYIBW.exe
  2⤵
  PID:9584
- C:\Windows\System32\YgbPyQV.exe
  C:\Windows\System32\YgbPyQV.exe
  2⤵
  PID:9660
- C:\Windows\System32\CjQMRQN.exe
  C:\Windows\System32\CjQMRQN.exe
  2⤵
  PID:9760
- C:\Windows\System32\loZoIdu.exe
  C:\Windows\System32\loZoIdu.exe
  2⤵
  PID:9776
- C:\Windows\System32\lSIYkHO.exe
  C:\Windows\System32\lSIYkHO.exe
  2⤵
  PID:9836
- C:\Windows\System32\PobxbsO.exe
  C:\Windows\System32\PobxbsO.exe
  2⤵
  PID:9904
- C:\Windows\System32\zQvrNCv.exe
  C:\Windows\System32\zQvrNCv.exe
  2⤵
  PID:10008
- C:\Windows\System32\nLUzOGn.exe
  C:\Windows\System32\nLUzOGn.exe
  2⤵
  PID:10036
- C:\Windows\System32\iphojJe.exe
  C:\Windows\System32\iphojJe.exe
  2⤵
  PID:10144
- C:\Windows\System32\EBRpFSX.exe
  C:\Windows\System32\EBRpFSX.exe
  2⤵
  PID:10140
- C:\Windows\System32\bcuXFWh.exe
  C:\Windows\System32\bcuXFWh.exe
  2⤵
  PID:9220
- C:\Windows\System32\jToUont.exe
  C:\Windows\System32\jToUont.exe
  2⤵
  PID:9284
- C:\Windows\System32\UjGklsC.exe
  C:\Windows\System32\UjGklsC.exe
  2⤵
  PID:9476
- C:\Windows\System32\TOAfVhg.exe
  C:\Windows\System32\TOAfVhg.exe
  2⤵
  PID:9608
- C:\Windows\System32\NfEYjrI.exe
  C:\Windows\System32\NfEYjrI.exe
  2⤵
  PID:9728
- C:\Windows\System32\aueKzlw.exe
  C:\Windows\System32\aueKzlw.exe
  2⤵
  PID:9936
- C:\Windows\System32\DlztTfQ.exe
  C:\Windows\System32\DlztTfQ.exe
  2⤵
  PID:10112
- C:\Windows\System32\HXsLHUY.exe
  C:\Windows\System32\HXsLHUY.exe
  2⤵
  PID:8808
- C:\Windows\System32\LahXmyl.exe
  C:\Windows\System32\LahXmyl.exe
  2⤵
  PID:9492
- C:\Windows\System32\xrKcUMa.exe
  C:\Windows\System32\xrKcUMa.exe
  2⤵
  PID:9800
- C:\Windows\System32\rwNVJwu.exe
  C:\Windows\System32\rwNVJwu.exe
  2⤵
  PID:9128
- C:\Windows\System32\yLlpsWI.exe
  C:\Windows\System32\yLlpsWI.exe
  2⤵
  PID:10028
- C:\Windows\System32\JkNWkCU.exe
  C:\Windows\System32\JkNWkCU.exe
  2⤵
  PID:10260
- C:\Windows\System32\VoZAVwa.exe
  C:\Windows\System32\VoZAVwa.exe
  2⤵
  PID:10292
- C:\Windows\System32\IBTSHXj.exe
  C:\Windows\System32\IBTSHXj.exe
  2⤵
  PID:10308
- C:\Windows\System32\NjrHens.exe
  C:\Windows\System32\NjrHens.exe
  2⤵
  PID:10328
- C:\Windows\System32\kDOVZAx.exe
  C:\Windows\System32\kDOVZAx.exe
  2⤵
  PID:10356
- C:\Windows\System32\tOwjrlk.exe
  C:\Windows\System32\tOwjrlk.exe
  2⤵
  PID:10404
- C:\Windows\System32\hdkmeCw.exe
  C:\Windows\System32\hdkmeCw.exe
  2⤵
  PID:10424
- C:\Windows\System32\LlrZpcx.exe
  C:\Windows\System32\LlrZpcx.exe
  2⤵
  PID:10448
- C:\Windows\System32\TCdFLtY.exe
  C:\Windows\System32\TCdFLtY.exe
  2⤵
  PID:10464
- C:\Windows\System32\qSUrsmK.exe
  C:\Windows\System32\qSUrsmK.exe
  2⤵
  PID:10504
- C:\Windows\System32\alDIVxS.exe
  C:\Windows\System32\alDIVxS.exe
  2⤵
  PID:10532
- C:\Windows\System32\fqVtYhh.exe
  C:\Windows\System32\fqVtYhh.exe
  2⤵
  PID:10556
- C:\Windows\System32\ZfZKHiC.exe
  C:\Windows\System32\ZfZKHiC.exe
  2⤵
  PID:10572
- C:\Windows\System32\abJBRSX.exe
  C:\Windows\System32\abJBRSX.exe
  2⤵
  PID:10628
- C:\Windows\System32\IJXIKlI.exe
  C:\Windows\System32\IJXIKlI.exe
  2⤵
  PID:10660
- C:\Windows\System32\aZeMSDn.exe
  C:\Windows\System32\aZeMSDn.exe
  2⤵
  PID:10680
- C:\Windows\System32\thIQwSk.exe
  C:\Windows\System32\thIQwSk.exe
  2⤵
  PID:10708
- C:\Windows\System32\IFvRqjL.exe
  C:\Windows\System32\IFvRqjL.exe
  2⤵
  PID:10728
- C:\Windows\System32\zBEcUdF.exe
  C:\Windows\System32\zBEcUdF.exe
  2⤵
  PID:10772
- C:\Windows\System32\JdIPzkF.exe
  C:\Windows\System32\JdIPzkF.exe
  2⤵
  PID:10792
- C:\Windows\System32\QrjIdpL.exe
  C:\Windows\System32\QrjIdpL.exe
  2⤵
  PID:10812
- C:\Windows\System32\CznuDzS.exe
  C:\Windows\System32\CznuDzS.exe
  2⤵
  PID:10832
- C:\Windows\System32\NlyymZI.exe
  C:\Windows\System32\NlyymZI.exe
  2⤵
  PID:10848
- C:\Windows\System32\EfVcExb.exe
  C:\Windows\System32\EfVcExb.exe
  2⤵
  PID:10872
- C:\Windows\System32\EgzMsGG.exe
  C:\Windows\System32\EgzMsGG.exe
  2⤵
  PID:10924
- C:\Windows\System32\poWFXyh.exe
  C:\Windows\System32\poWFXyh.exe
  2⤵
  PID:10964
- C:\Windows\System32\qIXQmEM.exe
  C:\Windows\System32\qIXQmEM.exe
  2⤵
  PID:10992
- C:\Windows\System32\ghZoivK.exe
  C:\Windows\System32\ghZoivK.exe
  2⤵
  PID:11012
- C:\Windows\System32\AueNSHj.exe
  C:\Windows\System32\AueNSHj.exe
  2⤵
  PID:11036
- C:\Windows\System32\bmomuIa.exe
  C:\Windows\System32\bmomuIa.exe
  2⤵
  PID:11064
- C:\Windows\System32\mfydumU.exe
  C:\Windows\System32\mfydumU.exe
  2⤵
  PID:11100
- C:\Windows\System32\zZztrkZ.exe
  C:\Windows\System32\zZztrkZ.exe
  2⤵
  PID:11124
- C:\Windows\System32\vfapezK.exe
  C:\Windows\System32\vfapezK.exe
  2⤵
  PID:11148
- C:\Windows\System32\VPBtrUi.exe
  C:\Windows\System32\VPBtrUi.exe
  2⤵
  PID:11188
- C:\Windows\System32\sDnNCjX.exe
  C:\Windows\System32\sDnNCjX.exe
  2⤵
  PID:11204
- C:\Windows\System32\gpgyJFg.exe
  C:\Windows\System32\gpgyJFg.exe
  2⤵
  PID:11224
- C:\Windows\System32\dFggrko.exe
  C:\Windows\System32\dFggrko.exe
  2⤵
  PID:11248
- C:\Windows\System32\sVNrWNI.exe
  C:\Windows\System32\sVNrWNI.exe
  2⤵
  PID:10276
- C:\Windows\System32\tEvJuEi.exe
  C:\Windows\System32\tEvJuEi.exe
  2⤵
  PID:10368
- C:\Windows\System32\PnMbkzu.exe
  C:\Windows\System32\PnMbkzu.exe
  2⤵
  PID:10420
- C:\Windows\System32\tnqjKyd.exe
  C:\Windows\System32\tnqjKyd.exe
  2⤵
  PID:10456
- C:\Windows\System32\mlPeMCz.exe
  C:\Windows\System32\mlPeMCz.exe
  2⤵
  PID:10488
- C:\Windows\System32\eXQFQuF.exe
  C:\Windows\System32\eXQFQuF.exe
  2⤵
  PID:10580
- C:\Windows\System32\OYsRBOi.exe
  C:\Windows\System32\OYsRBOi.exe
  2⤵
  PID:10624
- C:\Windows\System32\BzfGJWW.exe
  C:\Windows\System32\BzfGJWW.exe
  2⤵
  PID:10688
- C:\Windows\System32\sGcCKEd.exe
  C:\Windows\System32\sGcCKEd.exe
  2⤵
  PID:10744
- C:\Windows\System32\nDiqBUB.exe
  C:\Windows\System32\nDiqBUB.exe
  2⤵
  PID:10808
- C:\Windows\System32\RovfbxZ.exe
  C:\Windows\System32\RovfbxZ.exe
  2⤵
  PID:10896
- C:\Windows\System32\xNVtyMP.exe
  C:\Windows\System32\xNVtyMP.exe
  2⤵
  PID:10948
- C:\Windows\System32\RDEtEtZ.exe
  C:\Windows\System32\RDEtEtZ.exe
  2⤵
  PID:11000
- C:\Windows\System32\EwUZAxS.exe
  C:\Windows\System32\EwUZAxS.exe
  2⤵
  PID:11080
- C:\Windows\System32\DeLYEjg.exe
  C:\Windows\System32\DeLYEjg.exe
  2⤵
  PID:11132
- C:\Windows\System32\AVqkPLN.exe
  C:\Windows\System32\AVqkPLN.exe
  2⤵
  PID:11220
- C:\Windows\System32\NXNLJCY.exe
  C:\Windows\System32\NXNLJCY.exe
  2⤵
  PID:10300
- C:\Windows\System32\LaeYThJ.exe
  C:\Windows\System32\LaeYThJ.exe
  2⤵
  PID:10492
- C:\Windows\System32\JbDEbMX.exe
  C:\Windows\System32\JbDEbMX.exe
  2⤵
  PID:10704
- C:\Windows\System32\mKnpvqG.exe
  C:\Windows\System32\mKnpvqG.exe
  2⤵
  PID:10764
- C:\Windows\System32\sfXSNcE.exe
  C:\Windows\System32\sfXSNcE.exe
  2⤵
  PID:10988
- C:\Windows\System32\GfyjPQt.exe
  C:\Windows\System32\GfyjPQt.exe
  2⤵
  PID:11108
- C:\Windows\System32\OVrMppz.exe
  C:\Windows\System32\OVrMppz.exe
  2⤵
  PID:11140
- C:\Windows\System32\dcVYITG.exe
  C:\Windows\System32\dcVYITG.exe
  2⤵
  PID:10444
- C:\Windows\System32\gUbyVji.exe
  C:\Windows\System32\gUbyVji.exe
  2⤵
  PID:10912
- C:\Windows\System32\uAanPxw.exe
  C:\Windows\System32\uAanPxw.exe
  2⤵
  PID:10668
- C:\Windows\System32\ZKAfubb.exe
  C:\Windows\System32\ZKAfubb.exe
  2⤵
  PID:11280
- C:\Windows\System32\BoIVahE.exe
  C:\Windows\System32\BoIVahE.exe
  2⤵
  PID:11304
- C:\Windows\System32\OMeztUc.exe
  C:\Windows\System32\OMeztUc.exe
  2⤵
  PID:11332
- C:\Windows\System32\zPtjyeE.exe
  C:\Windows\System32\zPtjyeE.exe
  2⤵
  PID:11352
- C:\Windows\System32\OTJmlXD.exe
  C:\Windows\System32\OTJmlXD.exe
  2⤵
  PID:11380
- C:\Windows\System32\ublihMF.exe
  C:\Windows\System32\ublihMF.exe
  2⤵
  PID:11408
- C:\Windows\System32\ecrZmDX.exe
  C:\Windows\System32\ecrZmDX.exe
  2⤵
  PID:11456
- C:\Windows\System32\NJwusKY.exe
  C:\Windows\System32\NJwusKY.exe
  2⤵
  PID:11476
- C:\Windows\System32\mmKDnYG.exe
  C:\Windows\System32\mmKDnYG.exe
  2⤵
  PID:11492
- C:\Windows\System32\LiORgpD.exe
  C:\Windows\System32\LiORgpD.exe
  2⤵
  PID:11512
- C:\Windows\System32\qSZreIl.exe
  C:\Windows\System32\qSZreIl.exe
  2⤵
  PID:11532
- C:\Windows\System32\YpCOjMf.exe
  C:\Windows\System32\YpCOjMf.exe
  2⤵
  PID:11552
- C:\Windows\System32\lwFTQNv.exe
  C:\Windows\System32\lwFTQNv.exe
  2⤵
  PID:11568
- C:\Windows\System32\QBNQwsx.exe
  C:\Windows\System32\QBNQwsx.exe
  2⤵
  PID:11588
- C:\Windows\System32\bhvNLfS.exe
  C:\Windows\System32\bhvNLfS.exe
  2⤵
  PID:11612
- C:\Windows\System32\gBSAuPe.exe
  C:\Windows\System32\gBSAuPe.exe
  2⤵
  PID:11668
- C:\Windows\System32\TRaJZVi.exe
  C:\Windows\System32\TRaJZVi.exe
  2⤵
  PID:11692
- C:\Windows\System32\qzfmpyV.exe
  C:\Windows\System32\qzfmpyV.exe
  2⤵
  PID:11744
- C:\Windows\System32\WWPftdm.exe
  C:\Windows\System32\WWPftdm.exe
  2⤵
  PID:11772
- C:\Windows\System32\DoyUwKp.exe
  C:\Windows\System32\DoyUwKp.exe
  2⤵
  PID:11792
- C:\Windows\System32\CBhwhBs.exe
  C:\Windows\System32\CBhwhBs.exe
  2⤵
  PID:11832
- C:\Windows\System32\IZPrCIL.exe
  C:\Windows\System32\IZPrCIL.exe
  2⤵
  PID:11860
- C:\Windows\System32\VxmZidf.exe
  C:\Windows\System32\VxmZidf.exe
  2⤵
  PID:11884
- C:\Windows\System32\YFSWRJF.exe
  C:\Windows\System32\YFSWRJF.exe
  2⤵
  PID:11916
- C:\Windows\System32\XmpVckX.exe
  C:\Windows\System32\XmpVckX.exe
  2⤵
  PID:11936
- C:\Windows\System32\qfwPayu.exe
  C:\Windows\System32\qfwPayu.exe
  2⤵
  PID:11980
- C:\Windows\System32\xpBXPdc.exe
  C:\Windows\System32\xpBXPdc.exe
  2⤵
  PID:12004
- C:\Windows\System32\RcLPQAD.exe
  C:\Windows\System32\RcLPQAD.exe
  2⤵
  PID:12024
- C:\Windows\System32\iQEtsaS.exe
  C:\Windows\System32\iQEtsaS.exe
  2⤵
  PID:12040
- C:\Windows\System32\SezLtzC.exe
  C:\Windows\System32\SezLtzC.exe
  2⤵
  PID:12068
- C:\Windows\System32\BoMvGEq.exe
  C:\Windows\System32\BoMvGEq.exe
  2⤵
  PID:12104
- C:\Windows\System32\jydxzTx.exe
  C:\Windows\System32\jydxzTx.exe
  2⤵
  PID:12128
- C:\Windows\System32\QEdqQmA.exe
  C:\Windows\System32\QEdqQmA.exe
  2⤵
  PID:12160
- C:\Windows\System32\vdxflMv.exe
  C:\Windows\System32\vdxflMv.exe
  2⤵
  PID:12196
- C:\Windows\System32\JEzQXys.exe
  C:\Windows\System32\JEzQXys.exe
  2⤵
  PID:12236
- C:\Windows\System32\hFwRJUM.exe
  C:\Windows\System32\hFwRJUM.exe
  2⤵
  PID:12256
- C:\Windows\System32\vcMqbSG.exe
  C:\Windows\System32\vcMqbSG.exe
  2⤵
  PID:12280
- C:\Windows\System32\NWWEvaN.exe
  C:\Windows\System32\NWWEvaN.exe
  2⤵
  PID:11296
- C:\Windows\System32\aNpyWuR.exe
  C:\Windows\System32\aNpyWuR.exe
  2⤵
  PID:11376
- C:\Windows\System32\FebEIJQ.exe
  C:\Windows\System32\FebEIJQ.exe
  2⤵
  PID:11432
- C:\Windows\System32\TGMlHSZ.exe
  C:\Windows\System32\TGMlHSZ.exe
  2⤵
  PID:11484
- C:\Windows\System32\fyxxqba.exe
  C:\Windows\System32\fyxxqba.exe
  2⤵
  PID:11560
- C:\Windows\System32\rBGTscQ.exe
  C:\Windows\System32\rBGTscQ.exe
  2⤵
  PID:11644
- C:\Windows\System32\ldlQkho.exe
  C:\Windows\System32\ldlQkho.exe
  2⤵
  PID:11656
- C:\Windows\System32\UDYqBOB.exe
  C:\Windows\System32\UDYqBOB.exe
  2⤵
  PID:11756
- C:\Windows\System32\GcUJUHL.exe
  C:\Windows\System32\GcUJUHL.exe
  2⤵
  PID:11868
- C:\Windows\System32\kYZyIqU.exe
  C:\Windows\System32\kYZyIqU.exe
  2⤵
  PID:11904
- C:\Windows\System32\DGHATKy.exe
  C:\Windows\System32\DGHATKy.exe
  2⤵
  PID:11960
- C:\Windows\System32\sZeKBMT.exe
  C:\Windows\System32\sZeKBMT.exe
  2⤵
  PID:12056
- C:\Windows\System32\CoUDNnJ.exe
  C:\Windows\System32\CoUDNnJ.exe
  2⤵
  PID:12116
- C:\Windows\System32\yGIzQOh.exe
  C:\Windows\System32\yGIzQOh.exe
  2⤵
  PID:12192
- C:\Windows\System32\swZsMPu.exe
  C:\Windows\System32\swZsMPu.exe
  2⤵
  PID:10800
- C:\Windows\System32\xJqzBNS.exe
  C:\Windows\System32\xJqzBNS.exe
  2⤵
  PID:10784
- C:\Windows\System32\vygaTHt.exe
  C:\Windows\System32\vygaTHt.exe
  2⤵
  PID:11392
- C:\Windows\System32\YjBXBgn.exe
  C:\Windows\System32\YjBXBgn.exe
  2⤵
  PID:11544
- C:\Windows\System32\eDaUPrj.exe
  C:\Windows\System32\eDaUPrj.exe
  2⤵
  PID:11680
- C:\Windows\System32\MIhmQaN.exe
  C:\Windows\System32\MIhmQaN.exe
  2⤵
  PID:11760
- C:\Windows\System32\uPSOvGe.exe
  C:\Windows\System32\uPSOvGe.exe
  2⤵
  PID:1076
- C:\Windows\System32\sPMpvbK.exe
  C:\Windows\System32\sPMpvbK.exe
  2⤵
  PID:12020
- C:\Windows\System32\thmjToq.exe
  C:\Windows\System32\thmjToq.exe
  2⤵
  PID:752
- C:\Windows\System32\ImWFwWD.exe
  C:\Windows\System32\ImWFwWD.exe
  2⤵
  PID:12156
- C:\Windows\System32\wDcScPT.exe
  C:\Windows\System32\wDcScPT.exe
  2⤵
  PID:12212
- C:\Windows\System32\FKDHBYG.exe
  C:\Windows\System32\FKDHBYG.exe
  2⤵
  PID:11420
- C:\Windows\System32\RuABGKn.exe
  C:\Windows\System32\RuABGKn.exe
  2⤵
  PID:12036
- C:\Windows\System32\gqdPfWz.exe
  C:\Windows\System32\gqdPfWz.exe
  2⤵
  PID:12120
- C:\Windows\System32\pywQGAq.exe
  C:\Windows\System32\pywQGAq.exe
  2⤵
  PID:424
- C:\Windows\System32\yLLBGgn.exe
  C:\Windows\System32\yLLBGgn.exe
  2⤵
  PID:1096
- C:\Windows\System32\vxEONFh.exe
  C:\Windows\System32\vxEONFh.exe
  2⤵
  PID:1716
- C:\Windows\System32\jlsoJsI.exe
  C:\Windows\System32\jlsoJsI.exe
  2⤵
  PID:12292
- C:\Windows\System32\BsicREO.exe
  C:\Windows\System32\BsicREO.exe
  2⤵
  PID:12340
- C:\Windows\System32\tbQNMPK.exe
  C:\Windows\System32\tbQNMPK.exe
  2⤵
  PID:12368
- C:\Windows\System32\VbbsTCT.exe
  C:\Windows\System32\VbbsTCT.exe
  2⤵
  PID:12392
- C:\Windows\System32\PDrbkGe.exe
  C:\Windows\System32\PDrbkGe.exe
  2⤵
  PID:12424
- C:\Windows\System32\LsDnTeD.exe
  C:\Windows\System32\LsDnTeD.exe
  2⤵
  PID:12456
- C:\Windows\System32\xxWqFLF.exe
  C:\Windows\System32\xxWqFLF.exe
  2⤵
  PID:12496
- C:\Windows\System32\bCANVuw.exe
  C:\Windows\System32\bCANVuw.exe
  2⤵
  PID:12524
- C:\Windows\System32\uAxwgPz.exe
  C:\Windows\System32\uAxwgPz.exe
  2⤵
  PID:12540
- C:\Windows\System32\RILMBoU.exe
  C:\Windows\System32\RILMBoU.exe
  2⤵
  PID:12568
- C:\Windows\System32\CcHgkqZ.exe
  C:\Windows\System32\CcHgkqZ.exe
  2⤵
  PID:12608
- C:\Windows\System32\Sklkbeq.exe
  C:\Windows\System32\Sklkbeq.exe
  2⤵
  PID:12624
- C:\Windows\System32\hSTPXKk.exe
  C:\Windows\System32\hSTPXKk.exe
  2⤵
  PID:12644
- C:\Windows\System32\TXNgUAk.exe
  C:\Windows\System32\TXNgUAk.exe
  2⤵
  PID:12692
- C:\Windows\System32\zbrxlbI.exe
  C:\Windows\System32\zbrxlbI.exe
  2⤵
  PID:12712
- C:\Windows\System32\JECBPdV.exe
  C:\Windows\System32\JECBPdV.exe
  2⤵
  PID:12736
- C:\Windows\System32\mPGoAEG.exe
  C:\Windows\System32\mPGoAEG.exe
  2⤵
  PID:12752
- C:\Windows\System32\hXUAuRT.exe
  C:\Windows\System32\hXUAuRT.exe
  2⤵
  PID:12792
- C:\Windows\System32\VsuGcPf.exe
  C:\Windows\System32\VsuGcPf.exe
  2⤵
  PID:12820
- C:\Windows\System32\uTjVBND.exe
  C:\Windows\System32\uTjVBND.exe
  2⤵
  PID:12860
- C:\Windows\System32\iRrUXBM.exe
  C:\Windows\System32\iRrUXBM.exe
  2⤵
  PID:12884
- C:\Windows\System32\MHRGCip.exe
  C:\Windows\System32\MHRGCip.exe
  2⤵
  PID:12904
- C:\Windows\System32\LQQsYxR.exe
  C:\Windows\System32\LQQsYxR.exe
  2⤵
  PID:12932
- C:\Windows\System32\ChQslva.exe
  C:\Windows\System32\ChQslva.exe
  2⤵
  PID:12956
- C:\Windows\System32\cmExYVv.exe
  C:\Windows\System32\cmExYVv.exe
  2⤵
  PID:12988
- C:\Windows\System32\TAXCzWJ.exe
  C:\Windows\System32\TAXCzWJ.exe
  2⤵
  PID:13020
- C:\Windows\System32\EaHuCna.exe
  C:\Windows\System32\EaHuCna.exe
  2⤵
  PID:13056
- C:\Windows\System32\nbxcgID.exe
  C:\Windows\System32\nbxcgID.exe
  2⤵
  PID:13080
- C:\Windows\System32\CwNRlqM.exe
  C:\Windows\System32\CwNRlqM.exe
  2⤵
  PID:13100
- C:\Windows\System32\rdxSVxZ.exe
  C:\Windows\System32\rdxSVxZ.exe
  2⤵
  PID:13136
- C:\Windows\System32\BIwXVhV.exe
  C:\Windows\System32\BIwXVhV.exe
  2⤵
  PID:13156
- C:\Windows\System32\PYenbsu.exe
  C:\Windows\System32\PYenbsu.exe
  2⤵
  PID:13180
- C:\Windows\System32\dtFvini.exe
  C:\Windows\System32\dtFvini.exe
  2⤵
  PID:13208
- C:\Windows\System32\SzuieHN.exe
  C:\Windows\System32\SzuieHN.exe
  2⤵
  PID:13260
- C:\Windows\System32\qGDGKuK.exe
  C:\Windows\System32\qGDGKuK.exe
  2⤵
  PID:13288
- C:\Windows\System32\UCeLsow.exe
  C:\Windows\System32\UCeLsow.exe
  2⤵
  PID:11876
- C:\Windows\System32\slWCWUX.exe
  C:\Windows\System32\slWCWUX.exe
  2⤵
  PID:12320
- C:\Windows\System32\wAsBHMB.exe
  C:\Windows\System32\wAsBHMB.exe
  2⤵
  PID:12356
- C:\Windows\System32\vuRUFbM.exe
  C:\Windows\System32\vuRUFbM.exe
  2⤵
  PID:12412
- C:\Windows\System32\kEoEeCz.exe
  C:\Windows\System32\kEoEeCz.exe
  2⤵
  PID:12448
- C:\Windows\System32\YtMYJxm.exe
  C:\Windows\System32\YtMYJxm.exe
  2⤵
  PID:12532
- C:\Windows\System32\zOTRSyw.exe
  C:\Windows\System32\zOTRSyw.exe
  2⤵
  PID:12652
- C:\Windows\System32\JPAbRub.exe
  C:\Windows\System32\JPAbRub.exe
  2⤵
  PID:12732
- C:\Windows\System32\LQQFjVx.exe
  C:\Windows\System32\LQQFjVx.exe
  2⤵
  PID:12788
- C:\Windows\System32\EKOjvWS.exe
  C:\Windows\System32\EKOjvWS.exe
  2⤵
  PID:12844
- C:\Windows\System32\mxblsXO.exe
  C:\Windows\System32\mxblsXO.exe
  2⤵
  PID:12924
- C:\Windows\System32\PsVwcyv.exe
  C:\Windows\System32\PsVwcyv.exe
  2⤵
  PID:13072
- C:\Windows\System32\woYcnku.exe
  C:\Windows\System32\woYcnku.exe
  2⤵
  PID:13152
- C:\Windows\System32\nvANOED.exe
  C:\Windows\System32\nvANOED.exe
  2⤵
  PID:13224
- C:\Windows\System32\XhheXWd.exe
  C:\Windows\System32\XhheXWd.exe
  2⤵
  PID:11272
- C:\Windows\System32\dMWpRZV.exe
  C:\Windows\System32\dMWpRZV.exe
  2⤵
  PID:11608
- C:\Windows\System32\MWTPEei.exe
  C:\Windows\System32\MWTPEei.exe
  2⤵
  PID:12476
- C:\Windows\System32\tOwGhTw.exe
  C:\Windows\System32\tOwGhTw.exe
  2⤵
  PID:12668
- C:\Windows\System32\dbdHViE.exe
  C:\Windows\System32\dbdHViE.exe
  2⤵
  PID:12840
- C:\Windows\System32\QZFUKvn.exe
  C:\Windows\System32\QZFUKvn.exe
  2⤵
  PID:12816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:8
1⤵
PID:4172

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BgXMDAT.exe

Filesize
1.5MB

MD5
e7916ce1794bfac9478dd1e1bff08429

SHA1
ec2e6dbdbd6cd9b54be7b1a73aa05faa5c52a471

SHA256
8dc8e4e51738ba1b971b75742be8537dff306888977968ef6bdca3522633cbf6

SHA512
2c078ed646c44855b5898ad3fb4eab50bf9a5ffff31ce8715afe5bfdaf2b1306df784c90b7902af1304510dc68331b3397811bb16732842d343c8c6484b16d3a

Download Submit
C:\Windows\System32\DDkTTDT.exe

Filesize
1.5MB

MD5
0cbc01c3a298804060fc0a17dc3c3174

SHA1
15dbd1bbb80d8fc63bfa653700af0a1ccb0ea6aa

SHA256
b29e2a1f3e3db896260b364d15b2a4444ca044d54b45a689ef54b52e834c1d28

SHA512
70112ff080a24051f862d8bf391c0e4544570713f310b2cd7c903a43104e76941936cb559ccf2a3251a7901be51dbd54ce0a5f76831a7ecb7608305da1665db6

Download Submit
C:\Windows\System32\DSRZCAP.exe

Filesize
1.5MB

MD5
d212d00e72b3c41d92cf310d640e6188

SHA1
3d16ef0de4e6dc317abe7b12e8f691efe247e6ed

SHA256
f0a81eb3e7fd3fba84859b474350ba297425677841d688001cf7082558f1584b

SHA512
46f98c13db9d309c1dcabf3fa8c30dea908131b8674f4b692d1b92bdfd039533460f94b791d40e886480304f3bcf6a29ce7fa0165f85d6d9a8e5f87884d4fc17

Download Submit
C:\Windows\System32\FIqEtPk.exe

Filesize
1.5MB

MD5
8987ae2816409cc67b1c4a4aab5f859b

SHA1
8f1c93ea56f462650563a2b993cdfa0ac03a04bf

SHA256
ef03d6b102c36253cfba2b5af5ef676aa5a7a0d31ad2df6a0674d0590b20d549

SHA512
9565f02cc01e00764ac651241f8d68c021dcabe2c30777dd16fd3e40905bf6f7bd50648c457bb073dfebfa32f910a1be4946d835c99a15806a6edeb553693ef6

Download Submit
C:\Windows\System32\HQrarcC.exe

Filesize
1.5MB

MD5
42ff19f0870ed3f19c6e6ed472fda80b

SHA1
9b71513d315860354e1dc3556c677d734342d95e

SHA256
ac0810c5abb55f6624b014f0f0c71cfb5835788631e9f0e3c68c5f71da218474

SHA512
3afd939b22b3003623542fc19106ad4912d55a29ba04c52cc35506659c7ac3bf7c341cb38ae15f01fa36b4b36557f55ccb0197ecbe5fe56b0868f0a0e5f68142

Download Submit
C:\Windows\System32\HcGQcZh.exe

Filesize
1.5MB

MD5
59fe040664a8c69be0c2bd3978bd880b

SHA1
2ecf3585f11bda1f33c39340d308e26da0e621ab

SHA256
c2d823c84fc127d65349ea7ef8ca795a953fc1cc2b511dea66c33f0023d1e9a1

SHA512
24c93f4b75e472063259b1229452201556237ca0502f0c91ce946010b35f97b7790d79f7683bddf5123bb1861116594497de551b33f7d33611369fa2b2e607ac

Download Submit
C:\Windows\System32\HwjoAcH.exe

Filesize
1.5MB

MD5
8d13116e986bc27d179f59c8b5d237d3

SHA1
641f16e23e906f575f54ccc88a4c83aa9be943ff

SHA256
65f22312c28c70206a38223a40e2b2269624909f5f8f2bdf06c7253c493d9069

SHA512
c4c5f548005e51a747a6470d7c0109a7370f001642c2bd4a1f3d0f6b9ebc7cb17071501c62ff22e3016d781453e68ea5f9acb3280a3e42018ec9f3e8895f8d12

Download Submit
C:\Windows\System32\IHbMawC.exe

Filesize
1.5MB

MD5
40ef1cf35dc49c8ebcec9f2921121e02

SHA1
662651c6f8a367f0c9ecb875305b6ad40b955e3e

SHA256
6da7ffd0a7cbf007ee16883ab3710ba469f58dc707f45bef68a498566135c350

SHA512
36885570b4474db88d81bcf0a1853954ad45a895e9a65f81494ea9fc870700cc0b25fe947b10983235996bfd89d0c3a53e2b29cd7e65c8c42a09dc23acfb2097

Download Submit
C:\Windows\System32\KEXjnWL.exe

Filesize
1.5MB

MD5
3e74259115d7992670daa9ff41a6984e

SHA1
8d3b35734e1e0d66dcd2fadeaecea316ef55549f

SHA256
200fc9e372fbe12a3e19bbac5502533ee07b0d779d1af97c25e4759743e42498

SHA512
ed149b3aab9051e7b967dba0c0fa9ce85e27e7db7e8d8c08abc196cc0ade4f173223c1870764370cdba1b74730a2d727120edc70e556ebbcf138e187ffc51f47

Download Submit
C:\Windows\System32\LpxytbC.exe

Filesize
1.5MB

MD5
9e3c6c349cec84422af9c04d242d0c07

SHA1
19c998364b2e3ee24ae33d40d9f8b0200eea0c40

SHA256
41f877c0f1c56afd1b18c0300b3dfb059e4e56f7305ca72f09d9c8ed54125e7b

SHA512
1d328f55c803c56efd8d830789a494f48e40f9ad1dfa5fb125dd33387608bcc9f034926426f01fc3bdd9ac3460bf60a7d3d71872716601df088b2505689434be

Download Submit
C:\Windows\System32\MIMKIRe.exe

Filesize
1.5MB

MD5
a0f6ca4e780427b1435b6fbf67d638f2

SHA1
7b123fc04640a0d40f838a16abcf85d2b9113527

SHA256
0a9ad2f9f166f259df83004305deac2f2da578b1d4c07ca3cffece413363374c

SHA512
f4e6b422af6e969be77526f4ff8fb8e1825543ccc31ad43ffb703ddc556c3b21bbabf2e8e55d86cd0e090ee01ce849c52d6dc71ee4b7af76a7f62eaa68d309aa

Download Submit
C:\Windows\System32\NbPolYA.exe

Filesize
1.5MB

MD5
3ae02dd84aca87dde9a67015fe5a16bb

SHA1
9aa6e9bb91ae2a98548669af9b8b2a3f7d5bcd79

SHA256
6c6a7178d691875ec6bf3e36da5f9ecf75285efeff3269a4e59948347113c3e1

SHA512
e6f1e18086e38fe48992aa2ced81b1c9185d9c60253f70c6f412e0aa71bc76d36910bbd205042c8d9e9de95d3f41d5d33a27004365052e101772a27493fa6a6d

Download Submit
C:\Windows\System32\OujcOOJ.exe

Filesize
1.5MB

MD5
16f2a70f58f3b85fb0ae90b8fdc2b67b

SHA1
026a4a354b153d0ea0e909bff967b43bd9458853

SHA256
efe8b2542c92c58052f91611fc8bec854a64222bab0d2e4c06c16a57bed033fc

SHA512
324af98f72a6a9a890c8ab415ea5ebe4b062ec91c3f6ba0c17fc792975681d39811fccc53ea00f1685ffc4250b6a07cc66185d33798407a3dcb26072e9d4dfd3

Download Submit
C:\Windows\System32\PgDOjYz.exe

Filesize
1.5MB

MD5
0f0c8e54a0516f218bad3d8284f9c1c2

SHA1
968f62ee8081e2a30bbc8519d94c8fb6c2fe934c

SHA256
5a22c472a8e389ad7ea0ea50ecb60460183de8c7d591e47be728f6b20246a9b7

SHA512
c020f43d5933787b1b2e87ce7088077a71705621945cf4facc807637ccace83f8cd6088eb8e4e2413a425a5d58df4803b9ad331d3878395919ac55bbda13d6c2

Download Submit
C:\Windows\System32\TSotSut.exe

Filesize
1.5MB

MD5
ead6ec45f1c06fad03babe21926270c0

SHA1
e2858ddd55aa42decdcb2dbd025a4dba782ca0db

SHA256
8924b854b2f56bb6e9e8c42c80b79f288c2a31214f0503f352f950dfc0cc5302

SHA512
aae47859714f6d3cc5cb1953358eeb0b223d228156c5df78a9f0f9af9b5075e9671909965abd398071024dec66f3954c20e077d4d505dc98ca03878a9504e0ca

Download Submit
C:\Windows\System32\UlgJroe.exe

Filesize
1.5MB

MD5
2da82ee5d04fe04a0b14f00f787540d4

SHA1
97159c1b38bf6a45ef72df387ab0e7ef05c21b09

SHA256
958d2d31be6e8ff7f8d78864a37aa2790ce0cb2bbcea65e79b847d090e5c6043

SHA512
d6d999bf498b1ac2973ee4b1f5b36f3ba3ed3e249b386c08b1b6577a6bd5b943aa2a9cab297cbd2b697537162e0a5f327d1888a81ba0511513cea18168ce8823

Download Submit
C:\Windows\System32\UsICYTD.exe

Filesize
1.5MB

MD5
2497aaa3d7a15d13a7b0f8d4ce2c5828

SHA1
0640258d7a72605407e765c8b8ee1712dab338fb

SHA256
3cdd675d73859ae006145c13ddf788166c8bbfdcff8a03fb03214b1056df9010

SHA512
9c3833b02d6aae418c0e3c513f781bf94fa3caaa13d8eca43836a800901b08152a3c83da3ffb22f5fd346c87061ab2ad19040cc5274ccbd1365f6bc79eab674b

Download Submit
C:\Windows\System32\VRIPoGO.exe

Filesize
1.5MB

MD5
caa5b196dad31dd28480d9d1bd6cfbe9

SHA1
e8071445953d2480118bb131921f394a185f8414

SHA256
47a3be80eb8ac28f757a71c7e8a938a52011cc4621e7dc1ef433a9069712db98

SHA512
2588035e78294ab05ba3dd41f5b66f4dd45048094e3886e9783f17d9d1f84f42a94b9f2fd49ba18c63c52ea0feb2b460205cc6fd2a48f092c32b5d93ab2ccbf4

Download Submit
C:\Windows\System32\VWXoUJS.exe

Filesize
1.5MB

MD5
35da3e213ae0c544c1c252a394141228

SHA1
ac05ae2a32224beaf2b5979da1f3082cdaf89477

SHA256
b64fcc937582b6f85c97765b0c19dc1fd6777b327d6de91c71d7e1fb9c599517

SHA512
178ecd67f52cd5d17105a111ee65320aaff8536c4878269da03fab320458f6dd68c80a9cae40bd51f6e7610b9af237a789ac41c3a42908866106a7cae334df87

Download Submit
C:\Windows\System32\WrOAOdn.exe

Filesize
1.5MB

MD5
d73e445b600426421c2fa72480092b81

SHA1
9f6ff67c7b723e5013530700e5b1abfb69c6a5ac

SHA256
bc374df70db45e1e4fb1ffe881b530ce99190d8f4388792d716e7131d35bf85d

SHA512
7b8a365b08437d0dc28770b3ddbc9585795648dfee1a568ce4a53d6dcd51bfa58ab742781aa7940756f4623edc7e3ddae416cb20a381b6224d7ed6104f49e539

Download Submit
C:\Windows\System32\XHGViDN.exe

Filesize
1.5MB

MD5
2bcd36b62f6f83f361aa833a1f81902d

SHA1
5b755d61fc0f329452ae532d9b877302c5d3e5ad

SHA256
032a3dbb994aa870ce9c8ffa5fc7dcc337f6d7ead2976ceddcb863fc1702b791

SHA512
a231f6f24f7f1321643934cb25bddbc61f3bda4ed6f891a169f61ba492931fdb99d97344506d0fd74e0a7dfbf09ab8b1a528b58375951ca17862ad92c09aac28

Download Submit
C:\Windows\System32\XlVJgxS.exe

Filesize
1.5MB

MD5
578ead335716b8faf2fb6b348ee05fd3

SHA1
6527280c43108dde8adb5bb7b6fc343ebefefe53

SHA256
dfa9c2e2e85619f5317c8c9e3239512bd7bfd80ecdfb2a68d2ae4307b1353680

SHA512
f6d031ce61f78ad4f955953c3952be93dd4cadb25dacbd6dab9ba04042c9ae252d44b39e3b88e35834f98f67a9ea8c97af550c6b77835f72ce7f9f608a9d9297

Download Submit
C:\Windows\System32\ZxAaLvC.exe

Filesize
1.5MB

MD5
bbdfbca3f91a60b4626a89fb72744051

SHA1
a5100069abd1ece6895aec0dbf464671100b4272

SHA256
354d739001adf4e354ae0dee9997fdb46522d16815267da711202a22919cfb1e

SHA512
107c0fd77f6d63ceed2a00516a82c3ba7ce3e6640df8423e843909d3472a88996661a8ee72440f2089b8e2cf339b911ec7dcafe9bb654e99b33bf2560615184a

Download Submit
C:\Windows\System32\dEgBRiV.exe

Filesize
1.5MB

MD5
d0076684c3072b11a30c65012e94987f

SHA1
b3dbc8b5edb7a825482e74ef868eb50846816e8e

SHA256
0f7e152df54daa774c972e24d7249e00d1767cd1d50b2086582242dc80bbee27

SHA512
b677e8f03833fcc695fade5ed041893a99495bec49882e5db7d4e4dc553fde63dbe6398f1caf7a018eb73bad4cb4e0001bfbfaff93b70c9688d8fb5ed7fdea98

Download Submit
C:\Windows\System32\eeqPlJW.exe

Filesize
1.5MB

MD5
e743d93829b723cf7e75fdc68564164d

SHA1
edd58a486fdcc7878fe282a5cc60007b86f4772d

SHA256
8d399b80c9976f5179e3dd949aae72041582a9c81d06af66562fbe3a1af71a51

SHA512
764283dc14baa7c03847d8612361b01df3ef6b3ee18ee5aee3baa91336ca4f4574ceb7ff1149f830cd069a408f0fd340887b036cae58e7a7723c23aaf782e8c5

Download Submit
C:\Windows\System32\fOZJjbU.exe

Filesize
1.5MB

MD5
f267da25496a89fa08de502b9eee831b

SHA1
0e900f30d0ef453df9efa3fd3a035c48d0e8a534

SHA256
5b18a5637eafdded108742c9faf12af0f0047ae55e5992970e6584f6caf4762f

SHA512
f9ed45af9733624800474ea8658c66a9caab346a08cab5159a65de904f73619fc2ce9c9c5b006489041324855e85fe4812a430d868a05128c013e358befc5ff6

Download Submit
C:\Windows\System32\ffPulHD.exe

Filesize
1.5MB

MD5
0ceb6cd9a5b9f55c44515cce7f7e6a5f

SHA1
7c312c7936cf85b3f420f53177dd27b7076114e9

SHA256
200e5a797c3a289189b456919da1e900b8d50ee741becc53b1deb3ed18acb697

SHA512
512abd204f8417cef54450c175638930b4f4fa72a66f05496d7faa8b9e302385e40075678708da86743c37c9a09c2627f5cf85af726628bf68674dfd55f71172

Download Submit
C:\Windows\System32\gwkddlo.exe

Filesize
1.5MB

MD5
4f9ec22956115e65d7bf7011b88be52e

SHA1
c355d6fddb5dbbbf2ad3ae1e8a60bed3d784c9d7

SHA256
33d44f9f6743a0f50104bb7c697f1b259f2f922eca8fe3c7deb8ca0953296d76

SHA512
9ad9c03ee75833fbbadbb97b68397bc13226732955312a2ade971c35688f65c2b6ef0747dcf071e4e304f37bde9ee376ccab9c35c0ef83565c0d97ea52e3750a

Download Submit
C:\Windows\System32\hTBuTVr.exe

Filesize
1.5MB

MD5
7540ed043318dfd844eab295b032aae8

SHA1
dac92316087c5d2cefb8b633ddf38250b90fd387

SHA256
eb63f863fc27cf151889e8789b42e8f2e73b6adbf1077ca7946a36e50cd656db

SHA512
b37d8634b14cfb027b3ebf64cdc383a474939f8750f906e63991d15230b53a762b3bef337f78de029da1be3a189d90263547ca036dd9ace6a5dc8d36d7c9da4c

Download Submit
C:\Windows\System32\ljGijiT.exe

Filesize
1.5MB

MD5
8a4f5c1a554104ce5d604791050d1325

SHA1
55fd2908bcc07dd3bed37148b74982d30890ab48

SHA256
25db0602b66eb81864c84d1adada41398a52b7d2acdaf40b95c783bcff11df8e

SHA512
4604c6c95c3840a84c8684b6db30aed9fe4b74622770d3227df32786993a8d8fe7c551c6638880200608ac0b7ac7e742951158749467ddf62bcf65f2c22a3b2f

Download Submit
C:\Windows\System32\rEqviij.exe

Filesize
1.5MB

MD5
bf28f96d17a56c4a5d69549bc68ffb49

SHA1
4d56276bb8153f1492e6045b187d2a5fa9462da0

SHA256
25465cce7ed97c790a0a5686e5e20ac807072676ebe347b693d762c522a1f506

SHA512
eaa9c281425b1f9f8231b07503988592752944ae12d7e7db4581f31c9d1e061f54be03cff4a3bfa9cb25da36ca36078d54c00fdf2dcd55d17f6c14d4affe58a6

Download Submit
C:\Windows\System32\zJOTVsH.exe

Filesize
1.5MB

MD5
7eb9b3f633601edad2ba0c963fb91750

SHA1
0d0f8cb7f8f275d389335b3f995541e6076d1f08

SHA256
6ed73c33e3324fecce82634b9e1bf73483e022ca1ee87f1fa32044d61695e245

SHA512
8dc81c0cf92869bfc59632d8307e5e8c3c2269f0c146c5a761dcd82bd160947e93fac062fec59e5319395b2fc662bfa28bd079d89b95da2e506253873c697af5

Download Submit
memory/880-1976-0x00007FF6A73C0000-0x00007FF6A77B1000-memory.dmp

Filesize
3.9MB

Download
memory/880-490-0x00007FF6A73C0000-0x00007FF6A77B1000-memory.dmp

Filesize
3.9MB

Download
memory/1020-11-0x00007FF616A10000-0x00007FF616E01000-memory.dmp

Filesize
3.9MB

Download
memory/1020-1972-0x00007FF616A10000-0x00007FF616E01000-memory.dmp

Filesize
3.9MB

Download
memory/1020-1962-0x00007FF616A10000-0x00007FF616E01000-memory.dmp

Filesize
3.9MB

Download
memory/1064-427-0x00007FF756F70000-0x00007FF757361000-memory.dmp

Filesize
3.9MB

Download
memory/1064-2005-0x00007FF756F70000-0x00007FF757361000-memory.dmp

Filesize
3.9MB

Download
memory/1176-1982-0x00007FF613320000-0x00007FF613711000-memory.dmp

Filesize
3.9MB

Download
memory/1176-424-0x00007FF613320000-0x00007FF613711000-memory.dmp

Filesize
3.9MB

Download
memory/1188-1968-0x00007FF60AC20000-0x00007FF60B011000-memory.dmp

Filesize
3.9MB

Download
memory/1188-10-0x00007FF60AC20000-0x00007FF60B011000-memory.dmp

Filesize
3.9MB

Download
memory/1500-430-0x00007FF6FC210000-0x00007FF6FC601000-memory.dmp

Filesize
3.9MB

Download
memory/1500-1992-0x00007FF6FC210000-0x00007FF6FC601000-memory.dmp

Filesize
3.9MB

Download
memory/1572-2009-0x00007FF75A800000-0x00007FF75ABF1000-memory.dmp

Filesize
3.9MB

Download
memory/1572-428-0x00007FF75A800000-0x00007FF75ABF1000-memory.dmp

Filesize
3.9MB

Download
memory/1584-426-0x00007FF7F8480000-0x00007FF7F8871000-memory.dmp

Filesize
3.9MB

Download
memory/1584-1988-0x00007FF7F8480000-0x00007FF7F8871000-memory.dmp

Filesize
3.9MB

Download
memory/1916-460-0x00007FF61B380000-0x00007FF61B771000-memory.dmp

Filesize
3.9MB

Download
memory/1916-2024-0x00007FF61B380000-0x00007FF61B771000-memory.dmp

Filesize
3.9MB

Download
memory/2036-467-0x00007FF60ABA0000-0x00007FF60AF91000-memory.dmp

Filesize
3.9MB

Download
memory/2036-2016-0x00007FF60ABA0000-0x00007FF60AF91000-memory.dmp

Filesize
3.9MB

Download
memory/2052-1990-0x00007FF6F2AA0000-0x00007FF6F2E91000-memory.dmp

Filesize
3.9MB

Download
memory/2052-434-0x00007FF6F2AA0000-0x00007FF6F2E91000-memory.dmp

Filesize
3.9MB

Download
memory/2196-1-0x0000019EFDAA0000-0x0000019EFDAB0000-memory.dmp

Filesize
64KB

Download
memory/2196-0-0x00007FF6A72D0000-0x00007FF6A76C1000-memory.dmp

Filesize
3.9MB

Download
memory/2388-2003-0x00007FF7E0CE0000-0x00007FF7E10D1000-memory.dmp

Filesize
3.9MB

Download
memory/2388-441-0x00007FF7E0CE0000-0x00007FF7E10D1000-memory.dmp

Filesize
3.9MB

Download
memory/2836-1970-0x00007FF78DC30000-0x00007FF78E021000-memory.dmp

Filesize
3.9MB

Download
memory/2836-24-0x00007FF78DC30000-0x00007FF78E021000-memory.dmp

Filesize
3.9MB

Download
memory/3424-2022-0x00007FF6F2A70000-0x00007FF6F2E61000-memory.dmp

Filesize
3.9MB

Download
memory/3424-455-0x00007FF6F2A70000-0x00007FF6F2E61000-memory.dmp

Filesize
3.9MB

Download
memory/3540-433-0x00007FF759D30000-0x00007FF75A121000-memory.dmp

Filesize
3.9MB

Download
memory/3540-1994-0x00007FF759D30000-0x00007FF75A121000-memory.dmp

Filesize
3.9MB

Download
memory/3604-1986-0x00007FF6F4380000-0x00007FF6F4771000-memory.dmp

Filesize
3.9MB

Download
memory/3604-425-0x00007FF6F4380000-0x00007FF6F4771000-memory.dmp

Filesize
3.9MB

Download
memory/3664-1974-0x00007FF609C80000-0x00007FF60A071000-memory.dmp

Filesize
3.9MB

Download
memory/3664-27-0x00007FF609C80000-0x00007FF60A071000-memory.dmp

Filesize
3.9MB

Download
memory/3688-421-0x00007FF642F50000-0x00007FF643341000-memory.dmp

Filesize
3.9MB

Download
memory/3688-1978-0x00007FF642F50000-0x00007FF643341000-memory.dmp

Filesize
3.9MB

Download
memory/3952-2014-0x00007FF7C0E40000-0x00007FF7C1231000-memory.dmp

Filesize
3.9MB

Download
memory/3952-480-0x00007FF7C0E40000-0x00007FF7C1231000-memory.dmp

Filesize
3.9MB

Download
memory/3956-483-0x00007FF68D660000-0x00007FF68DA51000-memory.dmp

Filesize
3.9MB

Download
memory/3956-2018-0x00007FF68D660000-0x00007FF68DA51000-memory.dmp

Filesize
3.9MB

Download
memory/4488-1984-0x00007FF7E60E0000-0x00007FF7E64D1000-memory.dmp

Filesize
3.9MB

Download
memory/4488-422-0x00007FF7E60E0000-0x00007FF7E64D1000-memory.dmp

Filesize
3.9MB

Download
memory/4496-1980-0x00007FF622E40000-0x00007FF623231000-memory.dmp

Filesize
3.9MB

Download
memory/4496-423-0x00007FF622E40000-0x00007FF623231000-memory.dmp

Filesize
3.9MB

Download
memory/4548-438-0x00007FF78AB50000-0x00007FF78AF41000-memory.dmp

Filesize
3.9MB

Download
memory/4548-2001-0x00007FF78AB50000-0x00007FF78AF41000-memory.dmp

Filesize
3.9MB

Download
memory/5032-2007-0x00007FF7D4E50000-0x00007FF7D5241000-memory.dmp

Filesize
3.9MB

Download
memory/5032-429-0x00007FF7D4E50000-0x00007FF7D5241000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads