xmrig | 00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83

Analysis

max time kernel
122s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
Size

2.7MB
MD5

269a9ae8db9d97d102e00063ca9ae913
SHA1

a2c13b6b9d5da7ba4eeeeb6c0e34dd5612ac08ad
SHA256

00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83
SHA512

36d6126d84d6fff35fc9769dce924acf983efb7a9150caa03740b0f1511cc60dff19b5146a5b553eb06cc27830f1f0fc772e718a9e3373849b1478aeb2f7bf85
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8DzHUSuAQSzEQri:w0GnJMOWPClFdx6e0EALKWVTffZiPAcS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/1008-0-0x00007FF67BF90000-0x00007FF67C385000-memory.dmp	UPX
behavioral2/files/0x000700000002336e-4.dat	UPX
behavioral2/files/0x00070000000234fa-9.dat	UPX
behavioral2/files/0x000b0000000234d2-11.dat	UPX
behavioral2/files/0x00070000000234fb-21.dat	UPX
behavioral2/files/0x00070000000234fc-26.dat	UPX
behavioral2/files/0x00070000000234fe-37.dat	UPX
behavioral2/files/0x00070000000234ff-41.dat	UPX
behavioral2/files/0x0007000000023500-51.dat	UPX
behavioral2/files/0x0007000000023503-65.dat	UPX
behavioral2/files/0x0007000000023506-81.dat	UPX
behavioral2/files/0x000700000002350a-101.dat	UPX
behavioral2/files/0x000700000002350f-126.dat	UPX
behavioral2/files/0x0007000000023512-138.dat	UPX
behavioral2/files/0x0007000000023515-153.dat	UPX
behavioral2/files/0x0007000000023517-166.dat	UPX
behavioral2/memory/1300-716-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp	UPX
behavioral2/files/0x0007000000023516-161.dat	UPX
behavioral2/files/0x0007000000023514-151.dat	UPX
behavioral2/files/0x0007000000023513-146.dat	UPX
behavioral2/files/0x0007000000023511-136.dat	UPX
behavioral2/files/0x0007000000023510-131.dat	UPX
behavioral2/files/0x000700000002350e-121.dat	UPX
behavioral2/files/0x000700000002350d-116.dat	UPX
behavioral2/files/0x000700000002350c-111.dat	UPX
behavioral2/files/0x000700000002350b-106.dat	UPX
behavioral2/files/0x0007000000023509-96.dat	UPX
behavioral2/files/0x0007000000023508-91.dat	UPX
behavioral2/files/0x0007000000023507-86.dat	UPX
behavioral2/files/0x0007000000023505-76.dat	UPX
behavioral2/files/0x0007000000023504-71.dat	UPX
behavioral2/files/0x0007000000023502-61.dat	UPX
behavioral2/files/0x0007000000023501-56.dat	UPX
behavioral2/files/0x00070000000234fd-39.dat	UPX
behavioral2/memory/904-31-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp	UPX
behavioral2/memory/3484-28-0x00007FF6649B0000-0x00007FF664DA5000-memory.dmp	UPX
behavioral2/memory/3748-23-0x00007FF648E90000-0x00007FF649285000-memory.dmp	UPX
behavioral2/memory/724-22-0x00007FF752850000-0x00007FF752C45000-memory.dmp	UPX
behavioral2/memory/1536-10-0x00007FF6A2290000-0x00007FF6A2685000-memory.dmp	UPX
behavioral2/memory/208-717-0x00007FF69A4A0000-0x00007FF69A895000-memory.dmp	UPX
behavioral2/memory/5104-718-0x00007FF73ADC0000-0x00007FF73B1B5000-memory.dmp	UPX
behavioral2/memory/1848-719-0x00007FF64CDE0000-0x00007FF64D1D5000-memory.dmp	UPX
behavioral2/memory/2244-720-0x00007FF7BB740000-0x00007FF7BBB35000-memory.dmp	UPX
behavioral2/memory/4660-722-0x00007FF60ED60000-0x00007FF60F155000-memory.dmp	UPX
behavioral2/memory/396-721-0x00007FF7A6F50000-0x00007FF7A7345000-memory.dmp	UPX
behavioral2/memory/3172-723-0x00007FF71AE20000-0x00007FF71B215000-memory.dmp	UPX
behavioral2/memory/5088-724-0x00007FF789BF0000-0x00007FF789FE5000-memory.dmp	UPX
behavioral2/memory/4796-725-0x00007FF6B6E80000-0x00007FF6B7275000-memory.dmp	UPX
behavioral2/memory/4628-727-0x00007FF622000000-0x00007FF6223F5000-memory.dmp	UPX
behavioral2/memory/1816-728-0x00007FF6BEE00000-0x00007FF6BF1F5000-memory.dmp	UPX
behavioral2/memory/400-726-0x00007FF6CA5E0000-0x00007FF6CA9D5000-memory.dmp	UPX
behavioral2/memory/2624-733-0x00007FF767460000-0x00007FF767855000-memory.dmp	UPX
behavioral2/memory/4908-736-0x00007FF6B3BF0000-0x00007FF6B3FE5000-memory.dmp	UPX
behavioral2/memory/4300-740-0x00007FF6A6270000-0x00007FF6A6665000-memory.dmp	UPX
behavioral2/memory/4564-746-0x00007FF67E2B0000-0x00007FF67E6A5000-memory.dmp	UPX
behavioral2/memory/3888-751-0x00007FF669A60000-0x00007FF669E55000-memory.dmp	UPX
behavioral2/memory/3620-739-0x00007FF730720000-0x00007FF730B15000-memory.dmp	UPX
behavioral2/memory/3748-1919-0x00007FF648E90000-0x00007FF649285000-memory.dmp	UPX
behavioral2/memory/904-1920-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp	UPX
behavioral2/memory/1300-1921-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp	UPX
behavioral2/memory/1008-1922-0x00007FF67BF90000-0x00007FF67C385000-memory.dmp	UPX
behavioral2/memory/1536-1923-0x00007FF6A2290000-0x00007FF6A2685000-memory.dmp	UPX
behavioral2/memory/724-1924-0x00007FF752850000-0x00007FF752C45000-memory.dmp	UPX
behavioral2/memory/3484-1925-0x00007FF6649B0000-0x00007FF664DA5000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1008-0-0x00007FF67BF90000-0x00007FF67C385000-memory.dmp	xmrig
behavioral2/files/0x000700000002336e-4.dat	xmrig
behavioral2/files/0x00070000000234fa-9.dat	xmrig
behavioral2/files/0x000b0000000234d2-11.dat	xmrig
behavioral2/files/0x00070000000234fb-21.dat	xmrig
behavioral2/files/0x00070000000234fc-26.dat	xmrig
behavioral2/files/0x00070000000234fe-37.dat	xmrig
behavioral2/files/0x00070000000234ff-41.dat	xmrig
behavioral2/files/0x0007000000023500-51.dat	xmrig
behavioral2/files/0x0007000000023503-65.dat	xmrig
behavioral2/files/0x0007000000023506-81.dat	xmrig
behavioral2/files/0x000700000002350a-101.dat	xmrig
behavioral2/files/0x000700000002350f-126.dat	xmrig
behavioral2/files/0x0007000000023512-138.dat	xmrig
behavioral2/files/0x0007000000023515-153.dat	xmrig
behavioral2/files/0x0007000000023517-166.dat	xmrig
behavioral2/memory/1300-716-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp	xmrig
behavioral2/files/0x0007000000023516-161.dat	xmrig
behavioral2/files/0x0007000000023514-151.dat	xmrig
behavioral2/files/0x0007000000023513-146.dat	xmrig
behavioral2/files/0x0007000000023511-136.dat	xmrig
behavioral2/files/0x0007000000023510-131.dat	xmrig
behavioral2/files/0x000700000002350e-121.dat	xmrig
behavioral2/files/0x000700000002350d-116.dat	xmrig
behavioral2/files/0x000700000002350c-111.dat	xmrig
behavioral2/files/0x000700000002350b-106.dat	xmrig
behavioral2/files/0x0007000000023509-96.dat	xmrig
behavioral2/files/0x0007000000023508-91.dat	xmrig
behavioral2/files/0x0007000000023507-86.dat	xmrig
behavioral2/files/0x0007000000023505-76.dat	xmrig
behavioral2/files/0x0007000000023504-71.dat	xmrig
behavioral2/files/0x0007000000023502-61.dat	xmrig
behavioral2/files/0x0007000000023501-56.dat	xmrig
behavioral2/files/0x00070000000234fd-39.dat	xmrig
behavioral2/memory/904-31-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp	xmrig
behavioral2/memory/3484-28-0x00007FF6649B0000-0x00007FF664DA5000-memory.dmp	xmrig
behavioral2/memory/3748-23-0x00007FF648E90000-0x00007FF649285000-memory.dmp	xmrig
behavioral2/memory/724-22-0x00007FF752850000-0x00007FF752C45000-memory.dmp	xmrig
behavioral2/memory/1536-10-0x00007FF6A2290000-0x00007FF6A2685000-memory.dmp	xmrig
behavioral2/memory/208-717-0x00007FF69A4A0000-0x00007FF69A895000-memory.dmp	xmrig
behavioral2/memory/5104-718-0x00007FF73ADC0000-0x00007FF73B1B5000-memory.dmp	xmrig
behavioral2/memory/1848-719-0x00007FF64CDE0000-0x00007FF64D1D5000-memory.dmp	xmrig
behavioral2/memory/2244-720-0x00007FF7BB740000-0x00007FF7BBB35000-memory.dmp	xmrig
behavioral2/memory/4660-722-0x00007FF60ED60000-0x00007FF60F155000-memory.dmp	xmrig
behavioral2/memory/396-721-0x00007FF7A6F50000-0x00007FF7A7345000-memory.dmp	xmrig
behavioral2/memory/3172-723-0x00007FF71AE20000-0x00007FF71B215000-memory.dmp	xmrig
behavioral2/memory/5088-724-0x00007FF789BF0000-0x00007FF789FE5000-memory.dmp	xmrig
behavioral2/memory/4796-725-0x00007FF6B6E80000-0x00007FF6B7275000-memory.dmp	xmrig
behavioral2/memory/4628-727-0x00007FF622000000-0x00007FF6223F5000-memory.dmp	xmrig
behavioral2/memory/1816-728-0x00007FF6BEE00000-0x00007FF6BF1F5000-memory.dmp	xmrig
behavioral2/memory/400-726-0x00007FF6CA5E0000-0x00007FF6CA9D5000-memory.dmp	xmrig
behavioral2/memory/2624-733-0x00007FF767460000-0x00007FF767855000-memory.dmp	xmrig
behavioral2/memory/4908-736-0x00007FF6B3BF0000-0x00007FF6B3FE5000-memory.dmp	xmrig
behavioral2/memory/4300-740-0x00007FF6A6270000-0x00007FF6A6665000-memory.dmp	xmrig
behavioral2/memory/4564-746-0x00007FF67E2B0000-0x00007FF67E6A5000-memory.dmp	xmrig
behavioral2/memory/3888-751-0x00007FF669A60000-0x00007FF669E55000-memory.dmp	xmrig
behavioral2/memory/3620-739-0x00007FF730720000-0x00007FF730B15000-memory.dmp	xmrig
behavioral2/memory/3748-1919-0x00007FF648E90000-0x00007FF649285000-memory.dmp	xmrig
behavioral2/memory/904-1920-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp	xmrig
behavioral2/memory/1300-1921-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp	xmrig
behavioral2/memory/1008-1922-0x00007FF67BF90000-0x00007FF67C385000-memory.dmp	xmrig
behavioral2/memory/1536-1923-0x00007FF6A2290000-0x00007FF6A2685000-memory.dmp	xmrig
behavioral2/memory/724-1924-0x00007FF752850000-0x00007FF752C45000-memory.dmp	xmrig
behavioral2/memory/3484-1925-0x00007FF6649B0000-0x00007FF664DA5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1536	nuBSnmN.exe
724	EgWuUik.exe
3484	gfZBEsI.exe
3748	HaIPTsk.exe
904	uFhkVQm.exe
1300	qGRBoEz.exe
3888	LdTQdlF.exe
208	OGtIXpC.exe
5104	LnaYVBO.exe
1848	aMCbJKJ.exe
2244	iSekUGm.exe
396	WFiTaoh.exe
4660	qtmlYGC.exe
3172	upQDQkB.exe
5088	PTeduLd.exe
4796	CeVSMCf.exe
400	vruCjqX.exe
4628	xFWwKVx.exe
1816	AVZGxGL.exe
2624	UISWTHL.exe
4908	gSxguVi.exe
3620	ygWfVwn.exe
4300	DZnOnJH.exe
4564	FNRlPoc.exe
3616	ithAVTv.exe
4732	uTFgkZz.exe
4496	RgxZHwR.exe
984	ydXngbn.exe
3160	GQHIeAP.exe
408	KNWEPjD.exe
1128	FgoSXls.exe
1544	blEKrWw.exe
1684	FwFaXnv.exe
1900	sHxagWf.exe
4988	yezEhoj.exe
1864	iLbcsBK.exe
2724	xOBTHVd.exe
5100	jtnHXnr.exe
740	klouqFL.exe
1892	ZrjULvz.exe
3608	KKPCAwg.exe
4368	QhoYUtE.exe
1724	voRqcpT.exe
1956	JLTkmsF.exe
4860	Jcohths.exe
4632	JZcuoeK.exe
2924	PmhSgbK.exe
4548	MHNqEVQ.exe
3776	MbwwjgU.exe
2092	cSsayWF.exe
4332	qWTSajk.exe
4316	OEndZKJ.exe
376	BJNwFPz.exe
1520	CBZeghG.exe
532	RcPSyvm.exe
772	CYifHMG.exe
1908	ApEeIWV.exe
4384	sszeQWA.exe
4992	hyIQkyX.exe
2400	oAZkULK.exe
2620	xYcGXYf.exe
4516	TLapgjy.exe
5072	QmUpMrj.exe
2892	qcpoEBY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1008-0-0x00007FF67BF90000-0x00007FF67C385000-memory.dmp	upx
behavioral2/files/0x000700000002336e-4.dat	upx
behavioral2/files/0x00070000000234fa-9.dat	upx
behavioral2/files/0x000b0000000234d2-11.dat	upx
behavioral2/files/0x00070000000234fb-21.dat	upx
behavioral2/files/0x00070000000234fc-26.dat	upx
behavioral2/files/0x00070000000234fe-37.dat	upx
behavioral2/files/0x00070000000234ff-41.dat	upx
behavioral2/files/0x0007000000023500-51.dat	upx
behavioral2/files/0x0007000000023503-65.dat	upx
behavioral2/files/0x0007000000023506-81.dat	upx
behavioral2/files/0x000700000002350a-101.dat	upx
behavioral2/files/0x000700000002350f-126.dat	upx
behavioral2/files/0x0007000000023512-138.dat	upx
behavioral2/files/0x0007000000023515-153.dat	upx
behavioral2/files/0x0007000000023517-166.dat	upx
behavioral2/memory/1300-716-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp	upx
behavioral2/files/0x0007000000023516-161.dat	upx
behavioral2/files/0x0007000000023514-151.dat	upx
behavioral2/files/0x0007000000023513-146.dat	upx
behavioral2/files/0x0007000000023511-136.dat	upx
behavioral2/files/0x0007000000023510-131.dat	upx
behavioral2/files/0x000700000002350e-121.dat	upx
behavioral2/files/0x000700000002350d-116.dat	upx
behavioral2/files/0x000700000002350c-111.dat	upx
behavioral2/files/0x000700000002350b-106.dat	upx
behavioral2/files/0x0007000000023509-96.dat	upx
behavioral2/files/0x0007000000023508-91.dat	upx
behavioral2/files/0x0007000000023507-86.dat	upx
behavioral2/files/0x0007000000023505-76.dat	upx
behavioral2/files/0x0007000000023504-71.dat	upx
behavioral2/files/0x0007000000023502-61.dat	upx
behavioral2/files/0x0007000000023501-56.dat	upx
behavioral2/files/0x00070000000234fd-39.dat	upx
behavioral2/memory/904-31-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp	upx
behavioral2/memory/3484-28-0x00007FF6649B0000-0x00007FF664DA5000-memory.dmp	upx
behavioral2/memory/3748-23-0x00007FF648E90000-0x00007FF649285000-memory.dmp	upx
behavioral2/memory/724-22-0x00007FF752850000-0x00007FF752C45000-memory.dmp	upx
behavioral2/memory/1536-10-0x00007FF6A2290000-0x00007FF6A2685000-memory.dmp	upx
behavioral2/memory/208-717-0x00007FF69A4A0000-0x00007FF69A895000-memory.dmp	upx
behavioral2/memory/5104-718-0x00007FF73ADC0000-0x00007FF73B1B5000-memory.dmp	upx
behavioral2/memory/1848-719-0x00007FF64CDE0000-0x00007FF64D1D5000-memory.dmp	upx
behavioral2/memory/2244-720-0x00007FF7BB740000-0x00007FF7BBB35000-memory.dmp	upx
behavioral2/memory/4660-722-0x00007FF60ED60000-0x00007FF60F155000-memory.dmp	upx
behavioral2/memory/396-721-0x00007FF7A6F50000-0x00007FF7A7345000-memory.dmp	upx
behavioral2/memory/3172-723-0x00007FF71AE20000-0x00007FF71B215000-memory.dmp	upx
behavioral2/memory/5088-724-0x00007FF789BF0000-0x00007FF789FE5000-memory.dmp	upx
behavioral2/memory/4796-725-0x00007FF6B6E80000-0x00007FF6B7275000-memory.dmp	upx
behavioral2/memory/4628-727-0x00007FF622000000-0x00007FF6223F5000-memory.dmp	upx
behavioral2/memory/1816-728-0x00007FF6BEE00000-0x00007FF6BF1F5000-memory.dmp	upx
behavioral2/memory/400-726-0x00007FF6CA5E0000-0x00007FF6CA9D5000-memory.dmp	upx
behavioral2/memory/2624-733-0x00007FF767460000-0x00007FF767855000-memory.dmp	upx
behavioral2/memory/4908-736-0x00007FF6B3BF0000-0x00007FF6B3FE5000-memory.dmp	upx
behavioral2/memory/4300-740-0x00007FF6A6270000-0x00007FF6A6665000-memory.dmp	upx
behavioral2/memory/4564-746-0x00007FF67E2B0000-0x00007FF67E6A5000-memory.dmp	upx
behavioral2/memory/3888-751-0x00007FF669A60000-0x00007FF669E55000-memory.dmp	upx
behavioral2/memory/3620-739-0x00007FF730720000-0x00007FF730B15000-memory.dmp	upx
behavioral2/memory/3748-1919-0x00007FF648E90000-0x00007FF649285000-memory.dmp	upx
behavioral2/memory/904-1920-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp	upx
behavioral2/memory/1300-1921-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp	upx
behavioral2/memory/1008-1922-0x00007FF67BF90000-0x00007FF67C385000-memory.dmp	upx
behavioral2/memory/1536-1923-0x00007FF6A2290000-0x00007FF6A2685000-memory.dmp	upx
behavioral2/memory/724-1924-0x00007FF752850000-0x00007FF752C45000-memory.dmp	upx
behavioral2/memory/3484-1925-0x00007FF6649B0000-0x00007FF664DA5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\nKLMoKF.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\NoRozIY.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\rZkktuN.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\RcPSyvm.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\mppSbJo.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\veIiEtz.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\ukNBqkK.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\noSuOGo.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\VvBYTLm.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\ZgqmNCi.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\aWbQERD.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\DZnOnJH.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\jBvTxNv.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\ffNnLiE.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\tLIjkTA.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\oQjINrb.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\QMKkPVb.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\JmvIpXc.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\maCMYAM.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\zIckSWV.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\GxkVtDM.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\DbEnpKa.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\KNWEPjD.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\MHNqEVQ.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\HgPzCTJ.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\eMlpjQV.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\EbneNnk.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\gjbPWTh.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\ywycetx.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\mWEfWww.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\pyeevMI.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\rIGbSwv.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\xdhuiSq.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\GeIMRvd.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\WGkZCcD.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\sSVZMCE.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\OEndZKJ.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\pEwlLbu.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\JzMqYOR.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\MWBLWot.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\rEjwRjf.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\nuBSnmN.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\EjdTkvV.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\xAkGVly.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\VdCaedr.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\yLDavuf.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\zWYeIzl.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\OLywNAf.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\MBtgpuU.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\iSekUGm.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\FNRlPoc.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\krKVXxB.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\DOxdTdH.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\vtBKajj.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\EKnvSIz.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\qoJQFwX.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\POhdcoA.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\BUoGAIv.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\tAKTEar.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\NdCQjmv.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\vPAuUoI.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\sKdfdao.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\jQRxsYg.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
File created	C:\Windows\System32\oywymfF.exe	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2628	dwm.exe
Token: SeChangeNotifyPrivilege	2628	dwm.exe
Token: 33	2628	dwm.exe
Token: SeIncBasePriorityPrivilege	2628	dwm.exe
Token: SeShutdownPrivilege	2628	dwm.exe
Token: SeCreatePagefilePrivilege	2628	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1536	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	83
PID 1008 wrote to memory of 1536	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	83
PID 1008 wrote to memory of 724	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	84
PID 1008 wrote to memory of 724	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	84
PID 1008 wrote to memory of 3484	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	85
PID 1008 wrote to memory of 3484	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	85
PID 1008 wrote to memory of 3748	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	86
PID 1008 wrote to memory of 3748	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	86
PID 1008 wrote to memory of 904	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	87
PID 1008 wrote to memory of 904	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	87
PID 1008 wrote to memory of 1300	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	88
PID 1008 wrote to memory of 1300	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	88
PID 1008 wrote to memory of 3888	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	89
PID 1008 wrote to memory of 3888	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	89
PID 1008 wrote to memory of 208	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	90
PID 1008 wrote to memory of 208	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	90
PID 1008 wrote to memory of 5104	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	91
PID 1008 wrote to memory of 5104	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	91
PID 1008 wrote to memory of 1848	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	92
PID 1008 wrote to memory of 1848	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	92
PID 1008 wrote to memory of 2244	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	93
PID 1008 wrote to memory of 2244	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	93
PID 1008 wrote to memory of 396	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	94
PID 1008 wrote to memory of 396	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	94
PID 1008 wrote to memory of 4660	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	95
PID 1008 wrote to memory of 4660	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	95
PID 1008 wrote to memory of 3172	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	96
PID 1008 wrote to memory of 3172	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	96
PID 1008 wrote to memory of 5088	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	97
PID 1008 wrote to memory of 5088	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	97
PID 1008 wrote to memory of 4796	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	98
PID 1008 wrote to memory of 4796	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	98
PID 1008 wrote to memory of 400	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	99
PID 1008 wrote to memory of 400	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	99
PID 1008 wrote to memory of 4628	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	100
PID 1008 wrote to memory of 4628	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	100
PID 1008 wrote to memory of 1816	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	101
PID 1008 wrote to memory of 1816	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	101
PID 1008 wrote to memory of 2624	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	102
PID 1008 wrote to memory of 2624	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	102
PID 1008 wrote to memory of 4908	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	103
PID 1008 wrote to memory of 4908	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	103
PID 1008 wrote to memory of 3620	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	104
PID 1008 wrote to memory of 3620	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	104
PID 1008 wrote to memory of 4300	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	105
PID 1008 wrote to memory of 4300	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	105
PID 1008 wrote to memory of 4564	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	106
PID 1008 wrote to memory of 4564	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	106
PID 1008 wrote to memory of 3616	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	107
PID 1008 wrote to memory of 3616	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	107
PID 1008 wrote to memory of 4732	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	108
PID 1008 wrote to memory of 4732	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	108
PID 1008 wrote to memory of 4496	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	109
PID 1008 wrote to memory of 4496	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	109
PID 1008 wrote to memory of 984	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	110
PID 1008 wrote to memory of 984	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	110
PID 1008 wrote to memory of 3160	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	111
PID 1008 wrote to memory of 3160	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	111
PID 1008 wrote to memory of 408	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	112
PID 1008 wrote to memory of 408	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	112
PID 1008 wrote to memory of 1128	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	113
PID 1008 wrote to memory of 1128	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	113
PID 1008 wrote to memory of 1544	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	114
PID 1008 wrote to memory of 1544	1008	00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe	114

C:\Users\Admin\AppData\Local\Temp\00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe
"C:\Users\Admin\AppData\Local\Temp\00dbc5b948cfb05a2fafc4ac6513d5235907f355f301839fac74901c9a671e83.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\System32\nuBSnmN.exe
  C:\Windows\System32\nuBSnmN.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System32\EgWuUik.exe
  C:\Windows\System32\EgWuUik.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System32\gfZBEsI.exe
  C:\Windows\System32\gfZBEsI.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System32\HaIPTsk.exe
  C:\Windows\System32\HaIPTsk.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System32\uFhkVQm.exe
  C:\Windows\System32\uFhkVQm.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System32\qGRBoEz.exe
  C:\Windows\System32\qGRBoEz.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System32\LdTQdlF.exe
  C:\Windows\System32\LdTQdlF.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System32\OGtIXpC.exe
  C:\Windows\System32\OGtIXpC.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System32\LnaYVBO.exe
  C:\Windows\System32\LnaYVBO.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System32\aMCbJKJ.exe
  C:\Windows\System32\aMCbJKJ.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System32\iSekUGm.exe
  C:\Windows\System32\iSekUGm.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System32\WFiTaoh.exe
  C:\Windows\System32\WFiTaoh.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System32\qtmlYGC.exe
  C:\Windows\System32\qtmlYGC.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System32\upQDQkB.exe
  C:\Windows\System32\upQDQkB.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System32\PTeduLd.exe
  C:\Windows\System32\PTeduLd.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System32\CeVSMCf.exe
  C:\Windows\System32\CeVSMCf.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System32\vruCjqX.exe
  C:\Windows\System32\vruCjqX.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System32\xFWwKVx.exe
  C:\Windows\System32\xFWwKVx.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System32\AVZGxGL.exe
  C:\Windows\System32\AVZGxGL.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System32\UISWTHL.exe
  C:\Windows\System32\UISWTHL.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System32\gSxguVi.exe
  C:\Windows\System32\gSxguVi.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System32\ygWfVwn.exe
  C:\Windows\System32\ygWfVwn.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System32\DZnOnJH.exe
  C:\Windows\System32\DZnOnJH.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System32\FNRlPoc.exe
  C:\Windows\System32\FNRlPoc.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System32\ithAVTv.exe
  C:\Windows\System32\ithAVTv.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System32\uTFgkZz.exe
  C:\Windows\System32\uTFgkZz.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System32\RgxZHwR.exe
  C:\Windows\System32\RgxZHwR.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System32\ydXngbn.exe
  C:\Windows\System32\ydXngbn.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System32\GQHIeAP.exe
  C:\Windows\System32\GQHIeAP.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System32\KNWEPjD.exe
  C:\Windows\System32\KNWEPjD.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System32\FgoSXls.exe
  C:\Windows\System32\FgoSXls.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System32\blEKrWw.exe
  C:\Windows\System32\blEKrWw.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System32\FwFaXnv.exe
  C:\Windows\System32\FwFaXnv.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System32\sHxagWf.exe
  C:\Windows\System32\sHxagWf.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System32\yezEhoj.exe
  C:\Windows\System32\yezEhoj.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System32\iLbcsBK.exe
  C:\Windows\System32\iLbcsBK.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System32\xOBTHVd.exe
  C:\Windows\System32\xOBTHVd.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System32\jtnHXnr.exe
  C:\Windows\System32\jtnHXnr.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System32\klouqFL.exe
  C:\Windows\System32\klouqFL.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System32\ZrjULvz.exe
  C:\Windows\System32\ZrjULvz.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System32\KKPCAwg.exe
  C:\Windows\System32\KKPCAwg.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System32\QhoYUtE.exe
  C:\Windows\System32\QhoYUtE.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System32\voRqcpT.exe
  C:\Windows\System32\voRqcpT.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System32\JLTkmsF.exe
  C:\Windows\System32\JLTkmsF.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System32\Jcohths.exe
  C:\Windows\System32\Jcohths.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System32\JZcuoeK.exe
  C:\Windows\System32\JZcuoeK.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System32\PmhSgbK.exe
  C:\Windows\System32\PmhSgbK.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System32\MHNqEVQ.exe
  C:\Windows\System32\MHNqEVQ.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System32\MbwwjgU.exe
  C:\Windows\System32\MbwwjgU.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System32\cSsayWF.exe
  C:\Windows\System32\cSsayWF.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System32\qWTSajk.exe
  C:\Windows\System32\qWTSajk.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System32\OEndZKJ.exe
  C:\Windows\System32\OEndZKJ.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System32\BJNwFPz.exe
  C:\Windows\System32\BJNwFPz.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System32\CBZeghG.exe
  C:\Windows\System32\CBZeghG.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System32\RcPSyvm.exe
  C:\Windows\System32\RcPSyvm.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System32\CYifHMG.exe
  C:\Windows\System32\CYifHMG.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System32\ApEeIWV.exe
  C:\Windows\System32\ApEeIWV.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System32\sszeQWA.exe
  C:\Windows\System32\sszeQWA.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System32\hyIQkyX.exe
  C:\Windows\System32\hyIQkyX.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System32\oAZkULK.exe
  C:\Windows\System32\oAZkULK.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System32\xYcGXYf.exe
  C:\Windows\System32\xYcGXYf.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System32\TLapgjy.exe
  C:\Windows\System32\TLapgjy.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System32\QmUpMrj.exe
  C:\Windows\System32\QmUpMrj.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System32\qcpoEBY.exe
  C:\Windows\System32\qcpoEBY.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System32\fokTmTJ.exe
  C:\Windows\System32\fokTmTJ.exe
  2⤵
  PID:3284
- C:\Windows\System32\bWapdpF.exe
  C:\Windows\System32\bWapdpF.exe
  2⤵
  PID:3872
- C:\Windows\System32\bkQqaPU.exe
  C:\Windows\System32\bkQqaPU.exe
  2⤵
  PID:1564
- C:\Windows\System32\EFxgVmP.exe
  C:\Windows\System32\EFxgVmP.exe
  2⤵
  PID:388
- C:\Windows\System32\ASPzdle.exe
  C:\Windows\System32\ASPzdle.exe
  2⤵
  PID:4468
- C:\Windows\System32\cSIxLDv.exe
  C:\Windows\System32\cSIxLDv.exe
  2⤵
  PID:2636
- C:\Windows\System32\fuOPywQ.exe
  C:\Windows\System32\fuOPywQ.exe
  2⤵
  PID:4044
- C:\Windows\System32\NaKMivN.exe
  C:\Windows\System32\NaKMivN.exe
  2⤵
  PID:4716
- C:\Windows\System32\eVcNEVz.exe
  C:\Windows\System32\eVcNEVz.exe
  2⤵
  PID:3384
- C:\Windows\System32\IAvPSvE.exe
  C:\Windows\System32\IAvPSvE.exe
  2⤵
  PID:1556
- C:\Windows\System32\qGTKjur.exe
  C:\Windows\System32\qGTKjur.exe
  2⤵
  PID:852
- C:\Windows\System32\eafYxUD.exe
  C:\Windows\System32\eafYxUD.exe
  2⤵
  PID:2136
- C:\Windows\System32\EjdTkvV.exe
  C:\Windows\System32\EjdTkvV.exe
  2⤵
  PID:4648
- C:\Windows\System32\VXgCJpU.exe
  C:\Windows\System32\VXgCJpU.exe
  2⤵
  PID:4696
- C:\Windows\System32\AFFqYiX.exe
  C:\Windows\System32\AFFqYiX.exe
  2⤵
  PID:2248
- C:\Windows\System32\LFGxurh.exe
  C:\Windows\System32\LFGxurh.exe
  2⤵
  PID:436
- C:\Windows\System32\zwOUklb.exe
  C:\Windows\System32\zwOUklb.exe
  2⤵
  PID:956
- C:\Windows\System32\xYjONLi.exe
  C:\Windows\System32\xYjONLi.exe
  2⤵
  PID:2752
- C:\Windows\System32\OdGVaSW.exe
  C:\Windows\System32\OdGVaSW.exe
  2⤵
  PID:5000
- C:\Windows\System32\DUYWcsE.exe
  C:\Windows\System32\DUYWcsE.exe
  2⤵
  PID:2372
- C:\Windows\System32\HIScyxx.exe
  C:\Windows\System32\HIScyxx.exe
  2⤵
  PID:5148
- C:\Windows\System32\sysLQYG.exe
  C:\Windows\System32\sysLQYG.exe
  2⤵
  PID:5176
- C:\Windows\System32\gJjnZSq.exe
  C:\Windows\System32\gJjnZSq.exe
  2⤵
  PID:5204
- C:\Windows\System32\kDGcnik.exe
  C:\Windows\System32\kDGcnik.exe
  2⤵
  PID:5240
- C:\Windows\System32\lWMbGBV.exe
  C:\Windows\System32\lWMbGBV.exe
  2⤵
  PID:5260
- C:\Windows\System32\mpfprqs.exe
  C:\Windows\System32\mpfprqs.exe
  2⤵
  PID:5288
- C:\Windows\System32\aWrMFsz.exe
  C:\Windows\System32\aWrMFsz.exe
  2⤵
  PID:5312
- C:\Windows\System32\YOYKNlJ.exe
  C:\Windows\System32\YOYKNlJ.exe
  2⤵
  PID:5344
- C:\Windows\System32\RLDBXlc.exe
  C:\Windows\System32\RLDBXlc.exe
  2⤵
  PID:5372
- C:\Windows\System32\XyvVJaU.exe
  C:\Windows\System32\XyvVJaU.exe
  2⤵
  PID:5400
- C:\Windows\System32\WFHgtFR.exe
  C:\Windows\System32\WFHgtFR.exe
  2⤵
  PID:5428
- C:\Windows\System32\YddzVmC.exe
  C:\Windows\System32\YddzVmC.exe
  2⤵
  PID:5456
- C:\Windows\System32\EGWnuQd.exe
  C:\Windows\System32\EGWnuQd.exe
  2⤵
  PID:5484
- C:\Windows\System32\nBnifiX.exe
  C:\Windows\System32\nBnifiX.exe
  2⤵
  PID:5512
- C:\Windows\System32\oEHnQQe.exe
  C:\Windows\System32\oEHnQQe.exe
  2⤵
  PID:5552
- C:\Windows\System32\pthtScA.exe
  C:\Windows\System32\pthtScA.exe
  2⤵
  PID:5568
- C:\Windows\System32\Gizkmue.exe
  C:\Windows\System32\Gizkmue.exe
  2⤵
  PID:5596
- C:\Windows\System32\HgPzCTJ.exe
  C:\Windows\System32\HgPzCTJ.exe
  2⤵
  PID:5624
- C:\Windows\System32\EACPAOK.exe
  C:\Windows\System32\EACPAOK.exe
  2⤵
  PID:5652
- C:\Windows\System32\ToPsHTu.exe
  C:\Windows\System32\ToPsHTu.exe
  2⤵
  PID:5680
- C:\Windows\System32\ythdVWJ.exe
  C:\Windows\System32\ythdVWJ.exe
  2⤵
  PID:5708
- C:\Windows\System32\dEWTgVV.exe
  C:\Windows\System32\dEWTgVV.exe
  2⤵
  PID:5732
- C:\Windows\System32\PWKICgh.exe
  C:\Windows\System32\PWKICgh.exe
  2⤵
  PID:5764
- C:\Windows\System32\aqTLCjb.exe
  C:\Windows\System32\aqTLCjb.exe
  2⤵
  PID:5804
- C:\Windows\System32\nXuUuoi.exe
  C:\Windows\System32\nXuUuoi.exe
  2⤵
  PID:5820
- C:\Windows\System32\RoXzLhK.exe
  C:\Windows\System32\RoXzLhK.exe
  2⤵
  PID:5848
- C:\Windows\System32\isWkdHO.exe
  C:\Windows\System32\isWkdHO.exe
  2⤵
  PID:5872
- C:\Windows\System32\jBvTxNv.exe
  C:\Windows\System32\jBvTxNv.exe
  2⤵
  PID:5904
- C:\Windows\System32\HAVmzDG.exe
  C:\Windows\System32\HAVmzDG.exe
  2⤵
  PID:5932
- C:\Windows\System32\QdjyKKR.exe
  C:\Windows\System32\QdjyKKR.exe
  2⤵
  PID:5960
- C:\Windows\System32\LXSKBdi.exe
  C:\Windows\System32\LXSKBdi.exe
  2⤵
  PID:5988
- C:\Windows\System32\QEmVJYc.exe
  C:\Windows\System32\QEmVJYc.exe
  2⤵
  PID:6016
- C:\Windows\System32\dNLgAac.exe
  C:\Windows\System32\dNLgAac.exe
  2⤵
  PID:6044
- C:\Windows\System32\ffNnLiE.exe
  C:\Windows\System32\ffNnLiE.exe
  2⤵
  PID:6072
- C:\Windows\System32\PWStaiT.exe
  C:\Windows\System32\PWStaiT.exe
  2⤵
  PID:6096
- C:\Windows\System32\WOizAPm.exe
  C:\Windows\System32\WOizAPm.exe
  2⤵
  PID:6124
- C:\Windows\System32\xIWHXSL.exe
  C:\Windows\System32\xIWHXSL.exe
  2⤵
  PID:888
- C:\Windows\System32\vtBKajj.exe
  C:\Windows\System32\vtBKajj.exe
  2⤵
  PID:1944
- C:\Windows\System32\onSjEWH.exe
  C:\Windows\System32\onSjEWH.exe
  2⤵
  PID:3992
- C:\Windows\System32\XXSNKIF.exe
  C:\Windows\System32\XXSNKIF.exe
  2⤵
  PID:3464
- C:\Windows\System32\LxmtNqe.exe
  C:\Windows\System32\LxmtNqe.exe
  2⤵
  PID:5132
- C:\Windows\System32\Jmigpgf.exe
  C:\Windows\System32\Jmigpgf.exe
  2⤵
  PID:5188
- C:\Windows\System32\wrhDfIH.exe
  C:\Windows\System32\wrhDfIH.exe
  2⤵
  PID:5280
- C:\Windows\System32\hrqUyUH.exe
  C:\Windows\System32\hrqUyUH.exe
  2⤵
  PID:5328
- C:\Windows\System32\cCbQyyR.exe
  C:\Windows\System32\cCbQyyR.exe
  2⤵
  PID:5392
- C:\Windows\System32\WZDmAnM.exe
  C:\Windows\System32\WZDmAnM.exe
  2⤵
  PID:5464
- C:\Windows\System32\ljviqsX.exe
  C:\Windows\System32\ljviqsX.exe
  2⤵
  PID:5564
- C:\Windows\System32\xbYKbZv.exe
  C:\Windows\System32\xbYKbZv.exe
  2⤵
  PID:5588
- C:\Windows\System32\OpGDqMt.exe
  C:\Windows\System32\OpGDqMt.exe
  2⤵
  PID:5672
- C:\Windows\System32\jMNBtEe.exe
  C:\Windows\System32\jMNBtEe.exe
  2⤵
  PID:5720
- C:\Windows\System32\EaAjGQj.exe
  C:\Windows\System32\EaAjGQj.exe
  2⤵
  PID:5772
- C:\Windows\System32\HzsVXsI.exe
  C:\Windows\System32\HzsVXsI.exe
  2⤵
  PID:5896
- C:\Windows\System32\mppSbJo.exe
  C:\Windows\System32\mppSbJo.exe
  2⤵
  PID:5916
- C:\Windows\System32\OZpWcWP.exe
  C:\Windows\System32\OZpWcWP.exe
  2⤵
  PID:5972
- C:\Windows\System32\EGoPYsu.exe
  C:\Windows\System32\EGoPYsu.exe
  2⤵
  PID:6036
- C:\Windows\System32\krKVXxB.exe
  C:\Windows\System32\krKVXxB.exe
  2⤵
  PID:6084
- C:\Windows\System32\yLVXJzL.exe
  C:\Windows\System32\yLVXJzL.exe
  2⤵
  PID:4444
- C:\Windows\System32\SQnxlTg.exe
  C:\Windows\System32\SQnxlTg.exe
  2⤵
  PID:3396
- C:\Windows\System32\KnDUVCh.exe
  C:\Windows\System32\KnDUVCh.exe
  2⤵
  PID:5248
- C:\Windows\System32\sXBJiHW.exe
  C:\Windows\System32\sXBJiHW.exe
  2⤵
  PID:5364
- C:\Windows\System32\BUoGAIv.exe
  C:\Windows\System32\BUoGAIv.exe
  2⤵
  PID:5504
- C:\Windows\System32\xAkGVly.exe
  C:\Windows\System32\xAkGVly.exe
  2⤵
  PID:5604
- C:\Windows\System32\CLjyFVr.exe
  C:\Windows\System32\CLjyFVr.exe
  2⤵
  PID:5832
- C:\Windows\System32\njpCYLG.exe
  C:\Windows\System32\njpCYLG.exe
  2⤵
  PID:5944
- C:\Windows\System32\tLIjkTA.exe
  C:\Windows\System32\tLIjkTA.exe
  2⤵
  PID:6056
- C:\Windows\System32\LXlQAiy.exe
  C:\Windows\System32\LXlQAiy.exe
  2⤵
  PID:6176
- C:\Windows\System32\vddJMIX.exe
  C:\Windows\System32\vddJMIX.exe
  2⤵
  PID:6196
- C:\Windows\System32\zltxeTH.exe
  C:\Windows\System32\zltxeTH.exe
  2⤵
  PID:6220
- C:\Windows\System32\rmOirbv.exe
  C:\Windows\System32\rmOirbv.exe
  2⤵
  PID:6252
- C:\Windows\System32\yZqMpCQ.exe
  C:\Windows\System32\yZqMpCQ.exe
  2⤵
  PID:6276
- C:\Windows\System32\uZiNsLs.exe
  C:\Windows\System32\uZiNsLs.exe
  2⤵
  PID:6304
- C:\Windows\System32\XCYuNlk.exe
  C:\Windows\System32\XCYuNlk.exe
  2⤵
  PID:6332
- C:\Windows\System32\gIHdaRe.exe
  C:\Windows\System32\gIHdaRe.exe
  2⤵
  PID:6364
- C:\Windows\System32\xDWCMaQ.exe
  C:\Windows\System32\xDWCMaQ.exe
  2⤵
  PID:6392
- C:\Windows\System32\xVhbgHQ.exe
  C:\Windows\System32\xVhbgHQ.exe
  2⤵
  PID:6420
- C:\Windows\System32\oLGuxNT.exe
  C:\Windows\System32\oLGuxNT.exe
  2⤵
  PID:6448
- C:\Windows\System32\YHuwqjQ.exe
  C:\Windows\System32\YHuwqjQ.exe
  2⤵
  PID:6472
- C:\Windows\System32\StOcyKd.exe
  C:\Windows\System32\StOcyKd.exe
  2⤵
  PID:6504
- C:\Windows\System32\uLdDQrI.exe
  C:\Windows\System32\uLdDQrI.exe
  2⤵
  PID:6532
- C:\Windows\System32\xLCSfLW.exe
  C:\Windows\System32\xLCSfLW.exe
  2⤵
  PID:6556
- C:\Windows\System32\FLCXGtu.exe
  C:\Windows\System32\FLCXGtu.exe
  2⤵
  PID:6588
- C:\Windows\System32\JaizggL.exe
  C:\Windows\System32\JaizggL.exe
  2⤵
  PID:6612
- C:\Windows\System32\rxLNOBq.exe
  C:\Windows\System32\rxLNOBq.exe
  2⤵
  PID:6644
- C:\Windows\System32\NdzXlaz.exe
  C:\Windows\System32\NdzXlaz.exe
  2⤵
  PID:6672
- C:\Windows\System32\GjdwpVW.exe
  C:\Windows\System32\GjdwpVW.exe
  2⤵
  PID:6700
- C:\Windows\System32\JgEgyIh.exe
  C:\Windows\System32\JgEgyIh.exe
  2⤵
  PID:6728
- C:\Windows\System32\IxIIdSl.exe
  C:\Windows\System32\IxIIdSl.exe
  2⤵
  PID:6756
- C:\Windows\System32\pEiyCqx.exe
  C:\Windows\System32\pEiyCqx.exe
  2⤵
  PID:6780
- C:\Windows\System32\hjwZwVU.exe
  C:\Windows\System32\hjwZwVU.exe
  2⤵
  PID:6812
- C:\Windows\System32\jmukRmi.exe
  C:\Windows\System32\jmukRmi.exe
  2⤵
  PID:6836
- C:\Windows\System32\gtqaTYm.exe
  C:\Windows\System32\gtqaTYm.exe
  2⤵
  PID:6868
- C:\Windows\System32\GZCDctC.exe
  C:\Windows\System32\GZCDctC.exe
  2⤵
  PID:6896
- C:\Windows\System32\vzcYAjl.exe
  C:\Windows\System32\vzcYAjl.exe
  2⤵
  PID:6920
- C:\Windows\System32\fCuvfll.exe
  C:\Windows\System32\fCuvfll.exe
  2⤵
  PID:6948
- C:\Windows\System32\MxlAVJq.exe
  C:\Windows\System32\MxlAVJq.exe
  2⤵
  PID:6992
- C:\Windows\System32\fqdRRzw.exe
  C:\Windows\System32\fqdRRzw.exe
  2⤵
  PID:7008
- C:\Windows\System32\tGRyRYc.exe
  C:\Windows\System32\tGRyRYc.exe
  2⤵
  PID:7036
- C:\Windows\System32\NUfXuMq.exe
  C:\Windows\System32\NUfXuMq.exe
  2⤵
  PID:7064
- C:\Windows\System32\rEMpCHX.exe
  C:\Windows\System32\rEMpCHX.exe
  2⤵
  PID:7092
- C:\Windows\System32\YlKBbFM.exe
  C:\Windows\System32\YlKBbFM.exe
  2⤵
  PID:7120
- C:\Windows\System32\jVPIFgB.exe
  C:\Windows\System32\jVPIFgB.exe
  2⤵
  PID:7148
- C:\Windows\System32\UTsXODk.exe
  C:\Windows\System32\UTsXODk.exe
  2⤵
  PID:6120
- C:\Windows\System32\mARfatZ.exe
  C:\Windows\System32\mARfatZ.exe
  2⤵
  PID:5224
- C:\Windows\System32\MRiDAqE.exe
  C:\Windows\System32\MRiDAqE.exe
  2⤵
  PID:5520
- C:\Windows\System32\aSlqpkw.exe
  C:\Windows\System32\aSlqpkw.exe
  2⤵
  PID:5812
- C:\Windows\System32\gxRnZjk.exe
  C:\Windows\System32\gxRnZjk.exe
  2⤵
  PID:6160
- C:\Windows\System32\WCoKFmM.exe
  C:\Windows\System32\WCoKFmM.exe
  2⤵
  PID:6208
- C:\Windows\System32\DKweZbR.exe
  C:\Windows\System32\DKweZbR.exe
  2⤵
  PID:6272
- C:\Windows\System32\rqcVJhq.exe
  C:\Windows\System32\rqcVJhq.exe
  2⤵
  PID:6340
- C:\Windows\System32\JpZthIq.exe
  C:\Windows\System32\JpZthIq.exe
  2⤵
  PID:6404
- C:\Windows\System32\mLmrToQ.exe
  C:\Windows\System32\mLmrToQ.exe
  2⤵
  PID:6460
- C:\Windows\System32\tAKTEar.exe
  C:\Windows\System32\tAKTEar.exe
  2⤵
  PID:6552
- C:\Windows\System32\cUBlVku.exe
  C:\Windows\System32\cUBlVku.exe
  2⤵
  PID:6608
- C:\Windows\System32\DOxdTdH.exe
  C:\Windows\System32\DOxdTdH.exe
  2⤵
  PID:6652
- C:\Windows\System32\LyIWWVz.exe
  C:\Windows\System32\LyIWWVz.exe
  2⤵
  PID:6720
- C:\Windows\System32\BeTtdgt.exe
  C:\Windows\System32\BeTtdgt.exe
  2⤵
  PID:6776
- C:\Windows\System32\LhFzRjJ.exe
  C:\Windows\System32\LhFzRjJ.exe
  2⤵
  PID:6824
- C:\Windows\System32\EwnOYJo.exe
  C:\Windows\System32\EwnOYJo.exe
  2⤵
  PID:6888
- C:\Windows\System32\noSuOGo.exe
  C:\Windows\System32\noSuOGo.exe
  2⤵
  PID:6936
- C:\Windows\System32\YnkysnP.exe
  C:\Windows\System32\YnkysnP.exe
  2⤵
  PID:7004
- C:\Windows\System32\rLaakSU.exe
  C:\Windows\System32\rLaakSU.exe
  2⤵
  PID:7044
- C:\Windows\System32\MYEoBKQ.exe
  C:\Windows\System32\MYEoBKQ.exe
  2⤵
  PID:7100
- C:\Windows\System32\SXwaqvs.exe
  C:\Windows\System32\SXwaqvs.exe
  2⤵
  PID:3588
- C:\Windows\System32\cpzozLC.exe
  C:\Windows\System32\cpzozLC.exe
  2⤵
  PID:5440
- C:\Windows\System32\kPNooUI.exe
  C:\Windows\System32\kPNooUI.exe
  2⤵
  PID:3580
- C:\Windows\System32\IqVZzqZ.exe
  C:\Windows\System32\IqVZzqZ.exe
  2⤵
  PID:6236
- C:\Windows\System32\jCVKWnH.exe
  C:\Windows\System32\jCVKWnH.exe
  2⤵
  PID:6384
- C:\Windows\System32\pVZTwOA.exe
  C:\Windows\System32\pVZTwOA.exe
  2⤵
  PID:6540
- C:\Windows\System32\GjbQrJk.exe
  C:\Windows\System32\GjbQrJk.exe
  2⤵
  PID:6564
- C:\Windows\System32\gcRVmRv.exe
  C:\Windows\System32\gcRVmRv.exe
  2⤵
  PID:6680
- C:\Windows\System32\XpaCZXg.exe
  C:\Windows\System32\XpaCZXg.exe
  2⤵
  PID:4092
- C:\Windows\System32\ORbQmjl.exe
  C:\Windows\System32\ORbQmjl.exe
  2⤵
  PID:4056
- C:\Windows\System32\KFuiLvy.exe
  C:\Windows\System32\KFuiLvy.exe
  2⤵
  PID:3176
- C:\Windows\System32\qlZRDKD.exe
  C:\Windows\System32\qlZRDKD.exe
  2⤵
  PID:6456
- C:\Windows\System32\XcxAFeX.exe
  C:\Windows\System32\XcxAFeX.exe
  2⤵
  PID:4428
- C:\Windows\System32\BuHlAZw.exe
  C:\Windows\System32\BuHlAZw.exe
  2⤵
  PID:4684
- C:\Windows\System32\mWEfWww.exe
  C:\Windows\System32\mWEfWww.exe
  2⤵
  PID:4920
- C:\Windows\System32\tvlryYu.exe
  C:\Windows\System32\tvlryYu.exe
  2⤵
  PID:3868
- C:\Windows\System32\VdCaedr.exe
  C:\Windows\System32\VdCaedr.exe
  2⤵
  PID:1152
- C:\Windows\System32\FVQrrDW.exe
  C:\Windows\System32\FVQrrDW.exe
  2⤵
  PID:2764
- C:\Windows\System32\BDJmcrb.exe
  C:\Windows\System32\BDJmcrb.exe
  2⤵
  PID:4616
- C:\Windows\System32\ItmgMRn.exe
  C:\Windows\System32\ItmgMRn.exe
  2⤵
  PID:4284
- C:\Windows\System32\XPryXFA.exe
  C:\Windows\System32\XPryXFA.exe
  2⤵
  PID:1584
- C:\Windows\System32\oTpAgIo.exe
  C:\Windows\System32\oTpAgIo.exe
  2⤵
  PID:6480
- C:\Windows\System32\tdmFsIY.exe
  C:\Windows\System32\tdmFsIY.exe
  2⤵
  PID:1276
- C:\Windows\System32\VEnLyGu.exe
  C:\Windows\System32\VEnLyGu.exe
  2⤵
  PID:2748
- C:\Windows\System32\WOzWMMG.exe
  C:\Windows\System32\WOzWMMG.exe
  2⤵
  PID:3652
- C:\Windows\System32\vgQUwvE.exe
  C:\Windows\System32\vgQUwvE.exe
  2⤵
  PID:800
- C:\Windows\System32\BBwQips.exe
  C:\Windows\System32\BBwQips.exe
  2⤵
  PID:7172
- C:\Windows\System32\YtOslGv.exe
  C:\Windows\System32\YtOslGv.exe
  2⤵
  PID:7200
- C:\Windows\System32\glGpfbg.exe
  C:\Windows\System32\glGpfbg.exe
  2⤵
  PID:7228
- C:\Windows\System32\KmQOGjk.exe
  C:\Windows\System32\KmQOGjk.exe
  2⤵
  PID:7256
- C:\Windows\System32\CMfNUqM.exe
  C:\Windows\System32\CMfNUqM.exe
  2⤵
  PID:7288
- C:\Windows\System32\mgmBzji.exe
  C:\Windows\System32\mgmBzji.exe
  2⤵
  PID:7312
- C:\Windows\System32\aVAgcJr.exe
  C:\Windows\System32\aVAgcJr.exe
  2⤵
  PID:7344
- C:\Windows\System32\wKRFQQG.exe
  C:\Windows\System32\wKRFQQG.exe
  2⤵
  PID:7360
- C:\Windows\System32\pyeevMI.exe
  C:\Windows\System32\pyeevMI.exe
  2⤵
  PID:7400
- C:\Windows\System32\rIGbSwv.exe
  C:\Windows\System32\rIGbSwv.exe
  2⤵
  PID:7432
- C:\Windows\System32\QlVQCtx.exe
  C:\Windows\System32\QlVQCtx.exe
  2⤵
  PID:7452
- C:\Windows\System32\sIuCJcB.exe
  C:\Windows\System32\sIuCJcB.exe
  2⤵
  PID:7472
- C:\Windows\System32\sVUefKW.exe
  C:\Windows\System32\sVUefKW.exe
  2⤵
  PID:7512
- C:\Windows\System32\hoAsZUJ.exe
  C:\Windows\System32\hoAsZUJ.exe
  2⤵
  PID:7528
- C:\Windows\System32\owwRuVN.exe
  C:\Windows\System32\owwRuVN.exe
  2⤵
  PID:7560
- C:\Windows\System32\zNHtgfV.exe
  C:\Windows\System32\zNHtgfV.exe
  2⤵
  PID:7588
- C:\Windows\System32\jeHWryY.exe
  C:\Windows\System32\jeHWryY.exe
  2⤵
  PID:7608
- C:\Windows\System32\GaQHQag.exe
  C:\Windows\System32\GaQHQag.exe
  2⤵
  PID:7632
- C:\Windows\System32\ImINpee.exe
  C:\Windows\System32\ImINpee.exe
  2⤵
  PID:7648
- C:\Windows\System32\qiEcuFQ.exe
  C:\Windows\System32\qiEcuFQ.exe
  2⤵
  PID:7688
- C:\Windows\System32\UwgJyQB.exe
  C:\Windows\System32\UwgJyQB.exe
  2⤵
  PID:7716
- C:\Windows\System32\BaWeBzm.exe
  C:\Windows\System32\BaWeBzm.exe
  2⤵
  PID:7756
- C:\Windows\System32\RZuxrFV.exe
  C:\Windows\System32\RZuxrFV.exe
  2⤵
  PID:7784
- C:\Windows\System32\RnmGZAy.exe
  C:\Windows\System32\RnmGZAy.exe
  2⤵
  PID:7824
- C:\Windows\System32\veIiEtz.exe
  C:\Windows\System32\veIiEtz.exe
  2⤵
  PID:7852
- C:\Windows\System32\DKzGfQb.exe
  C:\Windows\System32\DKzGfQb.exe
  2⤵
  PID:7880
- C:\Windows\System32\ojiDikk.exe
  C:\Windows\System32\ojiDikk.exe
  2⤵
  PID:7908
- C:\Windows\System32\qhPZQzc.exe
  C:\Windows\System32\qhPZQzc.exe
  2⤵
  PID:7936
- C:\Windows\System32\xdhuiSq.exe
  C:\Windows\System32\xdhuiSq.exe
  2⤵
  PID:7964
- C:\Windows\System32\FLgVIAM.exe
  C:\Windows\System32\FLgVIAM.exe
  2⤵
  PID:7984
- C:\Windows\System32\McPGNTM.exe
  C:\Windows\System32\McPGNTM.exe
  2⤵
  PID:8012
- C:\Windows\System32\aRGLFzE.exe
  C:\Windows\System32\aRGLFzE.exe
  2⤵
  PID:8040
- C:\Windows\System32\zzHRbBM.exe
  C:\Windows\System32\zzHRbBM.exe
  2⤵
  PID:8064
- C:\Windows\System32\VfWlWXs.exe
  C:\Windows\System32\VfWlWXs.exe
  2⤵
  PID:8088
- C:\Windows\System32\JyxvCTQ.exe
  C:\Windows\System32\JyxvCTQ.exe
  2⤵
  PID:8124
- C:\Windows\System32\SqRcePG.exe
  C:\Windows\System32\SqRcePG.exe
  2⤵
  PID:8156
- C:\Windows\System32\wdDOBlw.exe
  C:\Windows\System32\wdDOBlw.exe
  2⤵
  PID:8188
- C:\Windows\System32\pPYTRCl.exe
  C:\Windows\System32\pPYTRCl.exe
  2⤵
  PID:7188
- C:\Windows\System32\UvkUTyH.exe
  C:\Windows\System32\UvkUTyH.exe
  2⤵
  PID:7252
- C:\Windows\System32\wsbpCpw.exe
  C:\Windows\System32\wsbpCpw.exe
  2⤵
  PID:7300
- C:\Windows\System32\gBAOImG.exe
  C:\Windows\System32\gBAOImG.exe
  2⤵
  PID:7356
- C:\Windows\System32\HYQZDGG.exe
  C:\Windows\System32\HYQZDGG.exe
  2⤵
  PID:7424
- C:\Windows\System32\vOfnMAB.exe
  C:\Windows\System32\vOfnMAB.exe
  2⤵
  PID:7492
- C:\Windows\System32\ciHrQbn.exe
  C:\Windows\System32\ciHrQbn.exe
  2⤵
  PID:7572
- C:\Windows\System32\LgaXNeU.exe
  C:\Windows\System32\LgaXNeU.exe
  2⤵
  PID:7644
- C:\Windows\System32\vQnGVxk.exe
  C:\Windows\System32\vQnGVxk.exe
  2⤵
  PID:7684
- C:\Windows\System32\VvBYTLm.exe
  C:\Windows\System32\VvBYTLm.exe
  2⤵
  PID:7704
- C:\Windows\System32\QCjBLGh.exe
  C:\Windows\System32\QCjBLGh.exe
  2⤵
  PID:7776
- C:\Windows\System32\eMlpjQV.exe
  C:\Windows\System32\eMlpjQV.exe
  2⤵
  PID:7864
- C:\Windows\System32\FTNMjpY.exe
  C:\Windows\System32\FTNMjpY.exe
  2⤵
  PID:7932
- C:\Windows\System32\HpcmzrJ.exe
  C:\Windows\System32\HpcmzrJ.exe
  2⤵
  PID:7948
- C:\Windows\System32\Lhgcsbc.exe
  C:\Windows\System32\Lhgcsbc.exe
  2⤵
  PID:8060
- C:\Windows\System32\ghNPUac.exe
  C:\Windows\System32\ghNPUac.exe
  2⤵
  PID:8144
- C:\Windows\System32\DqtczOI.exe
  C:\Windows\System32\DqtczOI.exe
  2⤵
  PID:3128
- C:\Windows\System32\XbdVTpu.exe
  C:\Windows\System32\XbdVTpu.exe
  2⤵
  PID:7296
- C:\Windows\System32\JlTXLkc.exe
  C:\Windows\System32\JlTXLkc.exe
  2⤵
  PID:7408
- C:\Windows\System32\wOCXXwn.exe
  C:\Windows\System32\wOCXXwn.exe
  2⤵
  PID:7508
- C:\Windows\System32\yLDavuf.exe
  C:\Windows\System32\yLDavuf.exe
  2⤵
  PID:7744
- C:\Windows\System32\EYxzaev.exe
  C:\Windows\System32\EYxzaev.exe
  2⤵
  PID:7900
- C:\Windows\System32\EbneNnk.exe
  C:\Windows\System32\EbneNnk.exe
  2⤵
  PID:8120
- C:\Windows\System32\wVWUMGJ.exe
  C:\Windows\System32\wVWUMGJ.exe
  2⤵
  PID:1408
- C:\Windows\System32\egXPDqx.exe
  C:\Windows\System32\egXPDqx.exe
  2⤵
  PID:7380
- C:\Windows\System32\AflUBIX.exe
  C:\Windows\System32\AflUBIX.exe
  2⤵
  PID:7972
- C:\Windows\System32\cMRuxcP.exe
  C:\Windows\System32\cMRuxcP.exe
  2⤵
  PID:1460
- C:\Windows\System32\tFmThjj.exe
  C:\Windows\System32\tFmThjj.exe
  2⤵
  PID:8112
- C:\Windows\System32\jzmxhkw.exe
  C:\Windows\System32\jzmxhkw.exe
  2⤵
  PID:8200
- C:\Windows\System32\ELVVJEC.exe
  C:\Windows\System32\ELVVJEC.exe
  2⤵
  PID:8228
- C:\Windows\System32\UGIJRhn.exe
  C:\Windows\System32\UGIJRhn.exe
  2⤵
  PID:8260
- C:\Windows\System32\aaSbeSH.exe
  C:\Windows\System32\aaSbeSH.exe
  2⤵
  PID:8304
- C:\Windows\System32\LxODQao.exe
  C:\Windows\System32\LxODQao.exe
  2⤵
  PID:8332
- C:\Windows\System32\TsJugAt.exe
  C:\Windows\System32\TsJugAt.exe
  2⤵
  PID:8360
- C:\Windows\System32\OgldmmK.exe
  C:\Windows\System32\OgldmmK.exe
  2⤵
  PID:8380
- C:\Windows\System32\VwLILSg.exe
  C:\Windows\System32\VwLILSg.exe
  2⤵
  PID:8404
- C:\Windows\System32\FXjwfZf.exe
  C:\Windows\System32\FXjwfZf.exe
  2⤵
  PID:8432
- C:\Windows\System32\ANCHFYj.exe
  C:\Windows\System32\ANCHFYj.exe
  2⤵
  PID:8468
- C:\Windows\System32\mUVzsVP.exe
  C:\Windows\System32\mUVzsVP.exe
  2⤵
  PID:8504
- C:\Windows\System32\TJLITGD.exe
  C:\Windows\System32\TJLITGD.exe
  2⤵
  PID:8540
- C:\Windows\System32\aTHJrtg.exe
  C:\Windows\System32\aTHJrtg.exe
  2⤵
  PID:8556
- C:\Windows\System32\rEjwRjf.exe
  C:\Windows\System32\rEjwRjf.exe
  2⤵
  PID:8596
- C:\Windows\System32\VmlAawN.exe
  C:\Windows\System32\VmlAawN.exe
  2⤵
  PID:8616
- C:\Windows\System32\sKdfdao.exe
  C:\Windows\System32\sKdfdao.exe
  2⤵
  PID:8644
- C:\Windows\System32\fjxaDRz.exe
  C:\Windows\System32\fjxaDRz.exe
  2⤵
  PID:8680
- C:\Windows\System32\OGAyCIp.exe
  C:\Windows\System32\OGAyCIp.exe
  2⤵
  PID:8696
- C:\Windows\System32\mewFzeN.exe
  C:\Windows\System32\mewFzeN.exe
  2⤵
  PID:8728
- C:\Windows\System32\NAEuBYY.exe
  C:\Windows\System32\NAEuBYY.exe
  2⤵
  PID:8764
- C:\Windows\System32\LOilFUU.exe
  C:\Windows\System32\LOilFUU.exe
  2⤵
  PID:8796
- C:\Windows\System32\SLqoUZT.exe
  C:\Windows\System32\SLqoUZT.exe
  2⤵
  PID:8824
- C:\Windows\System32\fixhPxZ.exe
  C:\Windows\System32\fixhPxZ.exe
  2⤵
  PID:8848
- C:\Windows\System32\xQmASjd.exe
  C:\Windows\System32\xQmASjd.exe
  2⤵
  PID:8872
- C:\Windows\System32\tgSNkQu.exe
  C:\Windows\System32\tgSNkQu.exe
  2⤵
  PID:8900
- C:\Windows\System32\tlPdDDG.exe
  C:\Windows\System32\tlPdDDG.exe
  2⤵
  PID:8928
- C:\Windows\System32\ZgqmNCi.exe
  C:\Windows\System32\ZgqmNCi.exe
  2⤵
  PID:8968
- C:\Windows\System32\OXilkHk.exe
  C:\Windows\System32\OXilkHk.exe
  2⤵
  PID:8988
- C:\Windows\System32\pflpewq.exe
  C:\Windows\System32\pflpewq.exe
  2⤵
  PID:9024
- C:\Windows\System32\SCdylil.exe
  C:\Windows\System32\SCdylil.exe
  2⤵
  PID:9048
- C:\Windows\System32\PyefXqX.exe
  C:\Windows\System32\PyefXqX.exe
  2⤵
  PID:9084
- C:\Windows\System32\INcHRxv.exe
  C:\Windows\System32\INcHRxv.exe
  2⤵
  PID:9100
- C:\Windows\System32\ukNBqkK.exe
  C:\Windows\System32\ukNBqkK.exe
  2⤵
  PID:9140
- C:\Windows\System32\OuoCAOT.exe
  C:\Windows\System32\OuoCAOT.exe
  2⤵
  PID:9156
- C:\Windows\System32\pEwlLbu.exe
  C:\Windows\System32\pEwlLbu.exe
  2⤵
  PID:9188
- C:\Windows\System32\FcNlTui.exe
  C:\Windows\System32\FcNlTui.exe
  2⤵
  PID:8196
- C:\Windows\System32\SJzrVHG.exe
  C:\Windows\System32\SJzrVHG.exe
  2⤵
  PID:8244
- C:\Windows\System32\fuqCXZw.exe
  C:\Windows\System32\fuqCXZw.exe
  2⤵
  PID:8324
- C:\Windows\System32\EUHIvXZ.exe
  C:\Windows\System32\EUHIvXZ.exe
  2⤵
  PID:8392
- C:\Windows\System32\XbGJDpU.exe
  C:\Windows\System32\XbGJDpU.exe
  2⤵
  PID:8464
- C:\Windows\System32\qkzwpZK.exe
  C:\Windows\System32\qkzwpZK.exe
  2⤵
  PID:8532
- C:\Windows\System32\nLCzxFC.exe
  C:\Windows\System32\nLCzxFC.exe
  2⤵
  PID:8580
- C:\Windows\System32\NasEzdj.exe
  C:\Windows\System32\NasEzdj.exe
  2⤵
  PID:8656
- C:\Windows\System32\omtMnmm.exe
  C:\Windows\System32\omtMnmm.exe
  2⤵
  PID:8736
- C:\Windows\System32\fzsfjGK.exe
  C:\Windows\System32\fzsfjGK.exe
  2⤵
  PID:8792
- C:\Windows\System32\BsoeEFM.exe
  C:\Windows\System32\BsoeEFM.exe
  2⤵
  PID:8864
- C:\Windows\System32\uvTJiIA.exe
  C:\Windows\System32\uvTJiIA.exe
  2⤵
  PID:8940
- C:\Windows\System32\RirJyWd.exe
  C:\Windows\System32\RirJyWd.exe
  2⤵
  PID:8980
- C:\Windows\System32\ESuFlnw.exe
  C:\Windows\System32\ESuFlnw.exe
  2⤵
  PID:9072
- C:\Windows\System32\uvlNvIy.exe
  C:\Windows\System32\uvlNvIy.exe
  2⤵
  PID:9132
- C:\Windows\System32\oOMAnyh.exe
  C:\Windows\System32\oOMAnyh.exe
  2⤵
  PID:7892
- C:\Windows\System32\hpXSkzH.exe
  C:\Windows\System32\hpXSkzH.exe
  2⤵
  PID:8288
- C:\Windows\System32\SgBhVSH.exe
  C:\Windows\System32\SgBhVSH.exe
  2⤵
  PID:8444
- C:\Windows\System32\bNrANiX.exe
  C:\Windows\System32\bNrANiX.exe
  2⤵
  PID:8548
- C:\Windows\System32\EemIkEB.exe
  C:\Windows\System32\EemIkEB.exe
  2⤵
  PID:8776
- C:\Windows\System32\JsNYpGz.exe
  C:\Windows\System32\JsNYpGz.exe
  2⤵
  PID:8960
- C:\Windows\System32\zWYeIzl.exe
  C:\Windows\System32\zWYeIzl.exe
  2⤵
  PID:9056
- C:\Windows\System32\JzMqYOR.exe
  C:\Windows\System32\JzMqYOR.exe
  2⤵
  PID:8344
- C:\Windows\System32\NiEnVmD.exe
  C:\Windows\System32\NiEnVmD.exe
  2⤵
  PID:9036
- C:\Windows\System32\yJPqtLx.exe
  C:\Windows\System32\yJPqtLx.exe
  2⤵
  PID:9128
- C:\Windows\System32\IYZvcuB.exe
  C:\Windows\System32\IYZvcuB.exe
  2⤵
  PID:8668
- C:\Windows\System32\faqWiiB.exe
  C:\Windows\System32\faqWiiB.exe
  2⤵
  PID:9236
- C:\Windows\System32\kpLLTsI.exe
  C:\Windows\System32\kpLLTsI.exe
  2⤵
  PID:9264
- C:\Windows\System32\DImXlxG.exe
  C:\Windows\System32\DImXlxG.exe
  2⤵
  PID:9292
- C:\Windows\System32\GSyRYYs.exe
  C:\Windows\System32\GSyRYYs.exe
  2⤵
  PID:9320
- C:\Windows\System32\TFZnCri.exe
  C:\Windows\System32\TFZnCri.exe
  2⤵
  PID:9356
- C:\Windows\System32\IiCNAYv.exe
  C:\Windows\System32\IiCNAYv.exe
  2⤵
  PID:9384
- C:\Windows\System32\DaTGxhc.exe
  C:\Windows\System32\DaTGxhc.exe
  2⤵
  PID:9432
- C:\Windows\System32\aVEcKat.exe
  C:\Windows\System32\aVEcKat.exe
  2⤵
  PID:9448
- C:\Windows\System32\NnUEcUn.exe
  C:\Windows\System32\NnUEcUn.exe
  2⤵
  PID:9484
- C:\Windows\System32\PjaLBvo.exe
  C:\Windows\System32\PjaLBvo.exe
  2⤵
  PID:9512
- C:\Windows\System32\etOTeSl.exe
  C:\Windows\System32\etOTeSl.exe
  2⤵
  PID:9532
- C:\Windows\System32\kLIURWS.exe
  C:\Windows\System32\kLIURWS.exe
  2⤵
  PID:9548
- C:\Windows\System32\gjTfSKP.exe
  C:\Windows\System32\gjTfSKP.exe
  2⤵
  PID:9588
- C:\Windows\System32\eMXkTTB.exe
  C:\Windows\System32\eMXkTTB.exe
  2⤵
  PID:9624
- C:\Windows\System32\GuUsxqy.exe
  C:\Windows\System32\GuUsxqy.exe
  2⤵
  PID:9648
- C:\Windows\System32\JaRThOV.exe
  C:\Windows\System32\JaRThOV.exe
  2⤵
  PID:9680
- C:\Windows\System32\LvYoUrO.exe
  C:\Windows\System32\LvYoUrO.exe
  2⤵
  PID:9712
- C:\Windows\System32\HRTECjH.exe
  C:\Windows\System32\HRTECjH.exe
  2⤵
  PID:9740
- C:\Windows\System32\YGqBmyQ.exe
  C:\Windows\System32\YGqBmyQ.exe
  2⤵
  PID:9768
- C:\Windows\System32\QgOmDmI.exe
  C:\Windows\System32\QgOmDmI.exe
  2⤵
  PID:9796
- C:\Windows\System32\TKhYZgD.exe
  C:\Windows\System32\TKhYZgD.exe
  2⤵
  PID:9812
- C:\Windows\System32\fqsfrHa.exe
  C:\Windows\System32\fqsfrHa.exe
  2⤵
  PID:9852
- C:\Windows\System32\rFkeaDW.exe
  C:\Windows\System32\rFkeaDW.exe
  2⤵
  PID:9880
- C:\Windows\System32\DKhJsiH.exe
  C:\Windows\System32\DKhJsiH.exe
  2⤵
  PID:9896
- C:\Windows\System32\sESblDF.exe
  C:\Windows\System32\sESblDF.exe
  2⤵
  PID:9936
- C:\Windows\System32\RppdTRf.exe
  C:\Windows\System32\RppdTRf.exe
  2⤵
  PID:9964
- C:\Windows\System32\QCnFQts.exe
  C:\Windows\System32\QCnFQts.exe
  2⤵
  PID:9980
- C:\Windows\System32\WThydSY.exe
  C:\Windows\System32\WThydSY.exe
  2⤵
  PID:9996
- C:\Windows\System32\RIZZlMr.exe
  C:\Windows\System32\RIZZlMr.exe
  2⤵
  PID:10028
- C:\Windows\System32\FeQQtWc.exe
  C:\Windows\System32\FeQQtWc.exe
  2⤵
  PID:10080
- C:\Windows\System32\WqPxQYZ.exe
  C:\Windows\System32\WqPxQYZ.exe
  2⤵
  PID:10104
- C:\Windows\System32\LrQRmVM.exe
  C:\Windows\System32\LrQRmVM.exe
  2⤵
  PID:10120
- C:\Windows\System32\ivZyzuP.exe
  C:\Windows\System32\ivZyzuP.exe
  2⤵
  PID:10160
- C:\Windows\System32\wLCtWjT.exe
  C:\Windows\System32\wLCtWjT.exe
  2⤵
  PID:10176
- C:\Windows\System32\eaEEaWy.exe
  C:\Windows\System32\eaEEaWy.exe
  2⤵
  PID:10212
- C:\Windows\System32\LxukDsr.exe
  C:\Windows\System32\LxukDsr.exe
  2⤵
  PID:10236
- C:\Windows\System32\PnUHnZJ.exe
  C:\Windows\System32\PnUHnZJ.exe
  2⤵
  PID:9288
- C:\Windows\System32\KNyvfhf.exe
  C:\Windows\System32\KNyvfhf.exe
  2⤵
  PID:9368
- C:\Windows\System32\ZsEmnHS.exe
  C:\Windows\System32\ZsEmnHS.exe
  2⤵
  PID:9444
- C:\Windows\System32\KXgOICh.exe
  C:\Windows\System32\KXgOICh.exe
  2⤵
  PID:9520
- C:\Windows\System32\QHzAzig.exe
  C:\Windows\System32\QHzAzig.exe
  2⤵
  PID:9560
- C:\Windows\System32\TOwphPw.exe
  C:\Windows\System32\TOwphPw.exe
  2⤵
  PID:9632
- C:\Windows\System32\jrbDyJf.exe
  C:\Windows\System32\jrbDyJf.exe
  2⤵
  PID:9724
- C:\Windows\System32\kkmlMsI.exe
  C:\Windows\System32\kkmlMsI.exe
  2⤵
  PID:9788
- C:\Windows\System32\ylSQyUW.exe
  C:\Windows\System32\ylSQyUW.exe
  2⤵
  PID:9840
- C:\Windows\System32\ElAxWkr.exe
  C:\Windows\System32\ElAxWkr.exe
  2⤵
  PID:9976
- C:\Windows\System32\AaickWb.exe
  C:\Windows\System32\AaickWb.exe
  2⤵
  PID:10020
- C:\Windows\System32\FVjMNxg.exe
  C:\Windows\System32\FVjMNxg.exe
  2⤵
  PID:10112
- C:\Windows\System32\yJNMlHT.exe
  C:\Windows\System32\yJNMlHT.exe
  2⤵
  PID:10200
- C:\Windows\System32\TqvizBZ.exe
  C:\Windows\System32\TqvizBZ.exe
  2⤵
  PID:9244
- C:\Windows\System32\ZKXpFOK.exe
  C:\Windows\System32\ZKXpFOK.exe
  2⤵
  PID:9576
- C:\Windows\System32\WekcBMr.exe
  C:\Windows\System32\WekcBMr.exe
  2⤵
  PID:9692
- C:\Windows\System32\VTyXBTt.exe
  C:\Windows\System32\VTyXBTt.exe
  2⤵
  PID:9832
- C:\Windows\System32\SjDnFij.exe
  C:\Windows\System32\SjDnFij.exe
  2⤵
  PID:10088
- C:\Windows\System32\qaieGLI.exe
  C:\Windows\System32\qaieGLI.exe
  2⤵
  PID:9544
- C:\Windows\System32\vNfzySe.exe
  C:\Windows\System32\vNfzySe.exe
  2⤵
  PID:10100
- C:\Windows\System32\EKnvSIz.exe
  C:\Windows\System32\EKnvSIz.exe
  2⤵
  PID:9808
- C:\Windows\System32\UbOYugM.exe
  C:\Windows\System32\UbOYugM.exe
  2⤵
  PID:10268
- C:\Windows\System32\TWMGrFk.exe
  C:\Windows\System32\TWMGrFk.exe
  2⤵
  PID:10308
- C:\Windows\System32\luecDEO.exe
  C:\Windows\System32\luecDEO.exe
  2⤵
  PID:10336
- C:\Windows\System32\JeUfjWd.exe
  C:\Windows\System32\JeUfjWd.exe
  2⤵
  PID:10368
- C:\Windows\System32\EgLJMCg.exe
  C:\Windows\System32\EgLJMCg.exe
  2⤵
  PID:10388
- C:\Windows\System32\ZXZikbw.exe
  C:\Windows\System32\ZXZikbw.exe
  2⤵
  PID:10424
- C:\Windows\System32\gTOnNwu.exe
  C:\Windows\System32\gTOnNwu.exe
  2⤵
  PID:10456
- C:\Windows\System32\QMKkPVb.exe
  C:\Windows\System32\QMKkPVb.exe
  2⤵
  PID:10484
- C:\Windows\System32\NPiPQnw.exe
  C:\Windows\System32\NPiPQnw.exe
  2⤵
  PID:10512
- C:\Windows\System32\mHlnYNK.exe
  C:\Windows\System32\mHlnYNK.exe
  2⤵
  PID:10540
- C:\Windows\System32\cuSrwgS.exe
  C:\Windows\System32\cuSrwgS.exe
  2⤵
  PID:10568
- C:\Windows\System32\WghwMat.exe
  C:\Windows\System32\WghwMat.exe
  2⤵
  PID:10604
- C:\Windows\System32\qVYkiVU.exe
  C:\Windows\System32\qVYkiVU.exe
  2⤵
  PID:10632
- C:\Windows\System32\PqsoWTs.exe
  C:\Windows\System32\PqsoWTs.exe
  2⤵
  PID:10668
- C:\Windows\System32\iPUiOnU.exe
  C:\Windows\System32\iPUiOnU.exe
  2⤵
  PID:10700
- C:\Windows\System32\lMiakya.exe
  C:\Windows\System32\lMiakya.exe
  2⤵
  PID:10732
- C:\Windows\System32\gjbPWTh.exe
  C:\Windows\System32\gjbPWTh.exe
  2⤵
  PID:10768
- C:\Windows\System32\txMyViK.exe
  C:\Windows\System32\txMyViK.exe
  2⤵
  PID:10796
- C:\Windows\System32\mYuidKc.exe
  C:\Windows\System32\mYuidKc.exe
  2⤵
  PID:10824
- C:\Windows\System32\DmdqhjW.exe
  C:\Windows\System32\DmdqhjW.exe
  2⤵
  PID:10852
- C:\Windows\System32\jjYRyXf.exe
  C:\Windows\System32\jjYRyXf.exe
  2⤵
  PID:10880
- C:\Windows\System32\UXYTotg.exe
  C:\Windows\System32\UXYTotg.exe
  2⤵
  PID:10916
- C:\Windows\System32\ywycetx.exe
  C:\Windows\System32\ywycetx.exe
  2⤵
  PID:10944
- C:\Windows\System32\qFMECkF.exe
  C:\Windows\System32\qFMECkF.exe
  2⤵
  PID:10976
- C:\Windows\System32\kcWfMuA.exe
  C:\Windows\System32\kcWfMuA.exe
  2⤵
  PID:11004
- C:\Windows\System32\QkNTDIF.exe
  C:\Windows\System32\QkNTDIF.exe
  2⤵
  PID:11032
- C:\Windows\System32\QjkAizU.exe
  C:\Windows\System32\QjkAizU.exe
  2⤵
  PID:11060
- C:\Windows\System32\kgCBCHX.exe
  C:\Windows\System32\kgCBCHX.exe
  2⤵
  PID:11092
- C:\Windows\System32\mAuNkuQ.exe
  C:\Windows\System32\mAuNkuQ.exe
  2⤵
  PID:11120
- C:\Windows\System32\ouRHUdX.exe
  C:\Windows\System32\ouRHUdX.exe
  2⤵
  PID:11148
- C:\Windows\System32\NdCQjmv.exe
  C:\Windows\System32\NdCQjmv.exe
  2⤵
  PID:11176
- C:\Windows\System32\EVzPGpt.exe
  C:\Windows\System32\EVzPGpt.exe
  2⤵
  PID:11220
- C:\Windows\System32\ytlExUL.exe
  C:\Windows\System32\ytlExUL.exe
  2⤵
  PID:11248
- C:\Windows\System32\afTnOZP.exe
  C:\Windows\System32\afTnOZP.exe
  2⤵
  PID:10264
- C:\Windows\System32\jQRxsYg.exe
  C:\Windows\System32\jQRxsYg.exe
  2⤵
  PID:10416
- C:\Windows\System32\hUvAVBT.exe
  C:\Windows\System32\hUvAVBT.exe
  2⤵
  PID:10468
- C:\Windows\System32\rgBywLn.exe
  C:\Windows\System32\rgBywLn.exe
  2⤵
  PID:10476
- C:\Windows\System32\yiBoeTB.exe
  C:\Windows\System32\yiBoeTB.exe
  2⤵
  PID:10532
- C:\Windows\System32\CtPJrPH.exe
  C:\Windows\System32\CtPJrPH.exe
  2⤵
  PID:10660
- C:\Windows\System32\oywymfF.exe
  C:\Windows\System32\oywymfF.exe
  2⤵
  PID:10740
- C:\Windows\System32\safJLsf.exe
  C:\Windows\System32\safJLsf.exe
  2⤵
  PID:10816
- C:\Windows\System32\CiiySAK.exe
  C:\Windows\System32\CiiySAK.exe
  2⤵
  PID:10908
- C:\Windows\System32\jIfxqIW.exe
  C:\Windows\System32\jIfxqIW.exe
  2⤵
  PID:10956
- C:\Windows\System32\kxAScXV.exe
  C:\Windows\System32\kxAScXV.exe
  2⤵
  PID:11028
- C:\Windows\System32\gNnFIQU.exe
  C:\Windows\System32\gNnFIQU.exe
  2⤵
  PID:11112
- C:\Windows\System32\lZXhtHS.exe
  C:\Windows\System32\lZXhtHS.exe
  2⤵
  PID:11216
- C:\Windows\System32\jTImKBD.exe
  C:\Windows\System32\jTImKBD.exe
  2⤵
  PID:10332
- C:\Windows\System32\GoKaDkq.exe
  C:\Windows\System32\GoKaDkq.exe
  2⤵
  PID:10524
- C:\Windows\System32\ipJgFXm.exe
  C:\Windows\System32\ipJgFXm.exe
  2⤵
  PID:10784
- C:\Windows\System32\UfCKBuG.exe
  C:\Windows\System32\UfCKBuG.exe
  2⤵
  PID:11188
- C:\Windows\System32\OOeMwxS.exe
  C:\Windows\System32\OOeMwxS.exe
  2⤵
  PID:10508
- C:\Windows\System32\FBqsVnU.exe
  C:\Windows\System32\FBqsVnU.exe
  2⤵
  PID:11244
- C:\Windows\System32\AEWSgMI.exe
  C:\Windows\System32\AEWSgMI.exe
  2⤵
  PID:11288
- C:\Windows\System32\QmLByoS.exe
  C:\Windows\System32\QmLByoS.exe
  2⤵
  PID:11312
- C:\Windows\System32\gepyagU.exe
  C:\Windows\System32\gepyagU.exe
  2⤵
  PID:11340
- C:\Windows\System32\htYKJfH.exe
  C:\Windows\System32\htYKJfH.exe
  2⤵
  PID:11384
- C:\Windows\System32\giBeVCq.exe
  C:\Windows\System32\giBeVCq.exe
  2⤵
  PID:11412
- C:\Windows\System32\OyGdgKT.exe
  C:\Windows\System32\OyGdgKT.exe
  2⤵
  PID:11444
- C:\Windows\System32\wfqqaEM.exe
  C:\Windows\System32\wfqqaEM.exe
  2⤵
  PID:11472
- C:\Windows\System32\IvTWEej.exe
  C:\Windows\System32\IvTWEej.exe
  2⤵
  PID:11500
- C:\Windows\System32\eMszjfh.exe
  C:\Windows\System32\eMszjfh.exe
  2⤵
  PID:11528
- C:\Windows\System32\zBVltbE.exe
  C:\Windows\System32\zBVltbE.exe
  2⤵
  PID:11556
- C:\Windows\System32\FhLhOQC.exe
  C:\Windows\System32\FhLhOQC.exe
  2⤵
  PID:11580
- C:\Windows\System32\HBayenR.exe
  C:\Windows\System32\HBayenR.exe
  2⤵
  PID:11604
- C:\Windows\System32\CmThLmp.exe
  C:\Windows\System32\CmThLmp.exe
  2⤵
  PID:11628
- C:\Windows\System32\PCZYIla.exe
  C:\Windows\System32\PCZYIla.exe
  2⤵
  PID:11664
- C:\Windows\System32\JvAVnPu.exe
  C:\Windows\System32\JvAVnPu.exe
  2⤵
  PID:11688
- C:\Windows\System32\hHVrfQw.exe
  C:\Windows\System32\hHVrfQw.exe
  2⤵
  PID:11712
- C:\Windows\System32\dyxDwYl.exe
  C:\Windows\System32\dyxDwYl.exe
  2⤵
  PID:11748
- C:\Windows\System32\nKLMoKF.exe
  C:\Windows\System32\nKLMoKF.exe
  2⤵
  PID:11788
- C:\Windows\System32\OdWHJLT.exe
  C:\Windows\System32\OdWHJLT.exe
  2⤵
  PID:11816
- C:\Windows\System32\uCMWnBm.exe
  C:\Windows\System32\uCMWnBm.exe
  2⤵
  PID:11848
- C:\Windows\System32\hrmAxFf.exe
  C:\Windows\System32\hrmAxFf.exe
  2⤵
  PID:11888
- C:\Windows\System32\XwvPWRn.exe
  C:\Windows\System32\XwvPWRn.exe
  2⤵
  PID:11916
- C:\Windows\System32\OwHfVjH.exe
  C:\Windows\System32\OwHfVjH.exe
  2⤵
  PID:11948
- C:\Windows\System32\NdJGXrD.exe
  C:\Windows\System32\NdJGXrD.exe
  2⤵
  PID:11976
- C:\Windows\System32\tfPocKW.exe
  C:\Windows\System32\tfPocKW.exe
  2⤵
  PID:12004
- C:\Windows\System32\iYtIElP.exe
  C:\Windows\System32\iYtIElP.exe
  2⤵
  PID:12032
- C:\Windows\System32\wOcDzJn.exe
  C:\Windows\System32\wOcDzJn.exe
  2⤵
  PID:12060
- C:\Windows\System32\ypXsrou.exe
  C:\Windows\System32\ypXsrou.exe
  2⤵
  PID:12088
- C:\Windows\System32\JUkNxLg.exe
  C:\Windows\System32\JUkNxLg.exe
  2⤵
  PID:12116
- C:\Windows\System32\BdtoHgg.exe
  C:\Windows\System32\BdtoHgg.exe
  2⤵
  PID:12144
- C:\Windows\System32\AWkmiVN.exe
  C:\Windows\System32\AWkmiVN.exe
  2⤵
  PID:12172
- C:\Windows\System32\iOwbloE.exe
  C:\Windows\System32\iOwbloE.exe
  2⤵
  PID:12200
- C:\Windows\System32\XVkyMMy.exe
  C:\Windows\System32\XVkyMMy.exe
  2⤵
  PID:12232
- C:\Windows\System32\GDabpTJ.exe
  C:\Windows\System32\GDabpTJ.exe
  2⤵
  PID:12260
- C:\Windows\System32\YABxEZT.exe
  C:\Windows\System32\YABxEZT.exe
  2⤵
  PID:10716
- C:\Windows\System32\hjjgQLV.exe
  C:\Windows\System32\hjjgQLV.exe
  2⤵
  PID:11304
- C:\Windows\System32\xdywbAr.exe
  C:\Windows\System32\xdywbAr.exe
  2⤵
  PID:11376
- C:\Windows\System32\HREpgjP.exe
  C:\Windows\System32\HREpgjP.exe
  2⤵
  PID:11460
- C:\Windows\System32\wTWZKSf.exe
  C:\Windows\System32\wTWZKSf.exe
  2⤵
  PID:11552
- C:\Windows\System32\FLcAwlv.exe
  C:\Windows\System32\FLcAwlv.exe
  2⤵
  PID:11672
- C:\Windows\System32\beWvsVT.exe
  C:\Windows\System32\beWvsVT.exe
  2⤵
  PID:11732
- C:\Windows\System32\khnvAmW.exe
  C:\Windows\System32\khnvAmW.exe
  2⤵
  PID:11796
- C:\Windows\System32\YDKMNiz.exe
  C:\Windows\System32\YDKMNiz.exe
  2⤵
  PID:11880
- C:\Windows\System32\OYUiSho.exe
  C:\Windows\System32\OYUiSho.exe
  2⤵
  PID:11928
- C:\Windows\System32\urmZEiy.exe
  C:\Windows\System32\urmZEiy.exe
  2⤵
  PID:12000
- C:\Windows\System32\gjZQfur.exe
  C:\Windows\System32\gjZQfur.exe
  2⤵
  PID:12080
- C:\Windows\System32\IiSTxRQ.exe
  C:\Windows\System32\IiSTxRQ.exe
  2⤵
  PID:12140
- C:\Windows\System32\pSlAOtp.exe
  C:\Windows\System32\pSlAOtp.exe
  2⤵
  PID:12212
- C:\Windows\System32\iBUsDlO.exe
  C:\Windows\System32\iBUsDlO.exe
  2⤵
  PID:12284
- C:\Windows\System32\eQzRJOj.exe
  C:\Windows\System32\eQzRJOj.exe
  2⤵
  PID:11408
- C:\Windows\System32\KTcWbCv.exe
  C:\Windows\System32\KTcWbCv.exe
  2⤵
  PID:11600
- C:\Windows\System32\nZFKACc.exe
  C:\Windows\System32\nZFKACc.exe
  2⤵
  PID:11784
- C:\Windows\System32\MWBLWot.exe
  C:\Windows\System32\MWBLWot.exe
  2⤵
  PID:11996
- C:\Windows\System32\IhrIHUz.exe
  C:\Windows\System32\IhrIHUz.exe
  2⤵
  PID:12128
- C:\Windows\System32\zIckSWV.exe
  C:\Windows\System32\zIckSWV.exe
  2⤵
  PID:12256
- C:\Windows\System32\tQtPadA.exe
  C:\Windows\System32\tQtPadA.exe
  2⤵
  PID:11704
- C:\Windows\System32\UBaigku.exe
  C:\Windows\System32\UBaigku.exe
  2⤵
  PID:12044
- C:\Windows\System32\krrSIpX.exe
  C:\Windows\System32\krrSIpX.exe
  2⤵
  PID:11540
- C:\Windows\System32\lvzOBOT.exe
  C:\Windows\System32\lvzOBOT.exe
  2⤵
  PID:11900
- C:\Windows\System32\nZslmaf.exe
  C:\Windows\System32\nZslmaf.exe
  2⤵
  PID:12324
- C:\Windows\System32\FhgNzSf.exe
  C:\Windows\System32\FhgNzSf.exe
  2⤵
  PID:12352
- C:\Windows\System32\LmMlPMC.exe
  C:\Windows\System32\LmMlPMC.exe
  2⤵
  PID:12380
- C:\Windows\System32\vFrZjiB.exe
  C:\Windows\System32\vFrZjiB.exe
  2⤵
  PID:12412
- C:\Windows\System32\glfamBZ.exe
  C:\Windows\System32\glfamBZ.exe
  2⤵
  PID:12440
- C:\Windows\System32\GJObqSS.exe
  C:\Windows\System32\GJObqSS.exe
  2⤵
  PID:12468
- C:\Windows\System32\kgYVSWo.exe
  C:\Windows\System32\kgYVSWo.exe
  2⤵
  PID:12496
- C:\Windows\System32\dyyvHRD.exe
  C:\Windows\System32\dyyvHRD.exe
  2⤵
  PID:12524
- C:\Windows\System32\OLywNAf.exe
  C:\Windows\System32\OLywNAf.exe
  2⤵
  PID:12552
- C:\Windows\System32\hAfkhxs.exe
  C:\Windows\System32\hAfkhxs.exe
  2⤵
  PID:12584
- C:\Windows\System32\lZPJOEZ.exe
  C:\Windows\System32\lZPJOEZ.exe
  2⤵
  PID:12612
- C:\Windows\System32\GxkVtDM.exe
  C:\Windows\System32\GxkVtDM.exe
  2⤵
  PID:12648
- C:\Windows\System32\qoJQFwX.exe
  C:\Windows\System32\qoJQFwX.exe
  2⤵
  PID:12672
- C:\Windows\System32\nfgLhhQ.exe
  C:\Windows\System32\nfgLhhQ.exe
  2⤵
  PID:12700
- C:\Windows\System32\vEhNJWO.exe
  C:\Windows\System32\vEhNJWO.exe
  2⤵
  PID:12728
- C:\Windows\System32\ZJmCirO.exe
  C:\Windows\System32\ZJmCirO.exe
  2⤵
  PID:12760
- C:\Windows\System32\AYAWyLj.exe
  C:\Windows\System32\AYAWyLj.exe
  2⤵
  PID:12792
- C:\Windows\System32\NXYlJku.exe
  C:\Windows\System32\NXYlJku.exe
  2⤵
  PID:12820
- C:\Windows\System32\ZKAJNjY.exe
  C:\Windows\System32\ZKAJNjY.exe
  2⤵
  PID:12848
- C:\Windows\System32\eRLQItV.exe
  C:\Windows\System32\eRLQItV.exe
  2⤵
  PID:12876
- C:\Windows\System32\dJyUqOW.exe
  C:\Windows\System32\dJyUqOW.exe
  2⤵
  PID:12904
- C:\Windows\System32\LahtLer.exe
  C:\Windows\System32\LahtLer.exe
  2⤵
  PID:12932
- C:\Windows\System32\shGcyIU.exe
  C:\Windows\System32\shGcyIU.exe
  2⤵
  PID:12960
- C:\Windows\System32\GeIMRvd.exe
  C:\Windows\System32\GeIMRvd.exe
  2⤵
  PID:12988
- C:\Windows\System32\GCdknGh.exe
  C:\Windows\System32\GCdknGh.exe
  2⤵
  PID:13016
- C:\Windows\System32\pDuHJjt.exe
  C:\Windows\System32\pDuHJjt.exe
  2⤵
  PID:13044
- C:\Windows\System32\VZPzsbc.exe
  C:\Windows\System32\VZPzsbc.exe
  2⤵
  PID:13072
- C:\Windows\System32\oGdNUNf.exe
  C:\Windows\System32\oGdNUNf.exe
  2⤵
  PID:13124
- C:\Windows\System32\XnPSAIX.exe
  C:\Windows\System32\XnPSAIX.exe
  2⤵
  PID:13152
- C:\Windows\System32\eAaUqhs.exe
  C:\Windows\System32\eAaUqhs.exe
  2⤵
  PID:13172
- C:\Windows\System32\WnXigtI.exe
  C:\Windows\System32\WnXigtI.exe
  2⤵
  PID:13208
- C:\Windows\System32\LLeNHgL.exe
  C:\Windows\System32\LLeNHgL.exe
  2⤵
  PID:13236
- C:\Windows\System32\xAmLuTe.exe
  C:\Windows\System32\xAmLuTe.exe
  2⤵
  PID:13264
- C:\Windows\System32\SyjtdZW.exe
  C:\Windows\System32\SyjtdZW.exe
  2⤵
  PID:13292
- C:\Windows\System32\DbEnpKa.exe
  C:\Windows\System32\DbEnpKa.exe
  2⤵
  PID:12316
- C:\Windows\System32\JmvIpXc.exe
  C:\Windows\System32\JmvIpXc.exe
  2⤵
  PID:12376
- C:\Windows\System32\ATveGrU.exe
  C:\Windows\System32\ATveGrU.exe
  2⤵
  PID:12452
- C:\Windows\System32\fqCnKeG.exe
  C:\Windows\System32\fqCnKeG.exe
  2⤵
  PID:12536
- C:\Windows\System32\vPAuUoI.exe
  C:\Windows\System32\vPAuUoI.exe
  2⤵
  PID:8812
- C:\Windows\System32\UgnrQyZ.exe
  C:\Windows\System32\UgnrQyZ.exe
  2⤵
  PID:2580
- C:\Windows\System32\HDdVeqm.exe
  C:\Windows\System32\HDdVeqm.exe
  2⤵
  PID:12636
- C:\Windows\System32\JfCDslR.exe
  C:\Windows\System32\JfCDslR.exe
  2⤵
  PID:12696
- C:\Windows\System32\zOUTIrZ.exe
  C:\Windows\System32\zOUTIrZ.exe
  2⤵
  PID:12788
- C:\Windows\System32\vflnjNs.exe
  C:\Windows\System32\vflnjNs.exe
  2⤵
  PID:12836
- C:\Windows\System32\hbHdfHk.exe
  C:\Windows\System32\hbHdfHk.exe
  2⤵
  PID:12916
- C:\Windows\System32\lCJBzaS.exe
  C:\Windows\System32\lCJBzaS.exe
  2⤵
  PID:11640
- C:\Windows\System32\MBtgpuU.exe
  C:\Windows\System32\MBtgpuU.exe
  2⤵
  PID:13036
- C:\Windows\System32\NoRozIY.exe
  C:\Windows\System32\NoRozIY.exe
  2⤵
  PID:13120
- C:\Windows\System32\ZKnZWZh.exe
  C:\Windows\System32\ZKnZWZh.exe
  2⤵
  PID:13192
- C:\Windows\System32\TtMwpEk.exe
  C:\Windows\System32\TtMwpEk.exe
  2⤵
  PID:13256
- C:\Windows\System32\NqKWwws.exe
  C:\Windows\System32\NqKWwws.exe
  2⤵
  PID:12296
- C:\Windows\System32\YcrrQtt.exe
  C:\Windows\System32\YcrrQtt.exe
  2⤵
  PID:12480
- C:\Windows\System32\UIJOFZK.exe
  C:\Windows\System32\UIJOFZK.exe
  2⤵
  PID:12516
- C:\Windows\System32\klWfysO.exe
  C:\Windows\System32\klWfysO.exe
  2⤵
  PID:12684
- C:\Windows\System32\NmWhygU.exe
  C:\Windows\System32\NmWhygU.exe
  2⤵
  PID:12844
- C:\Windows\System32\xnDGrHj.exe
  C:\Windows\System32\xnDGrHj.exe
  2⤵
  PID:12972

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AVZGxGL.exe

Filesize
2.7MB

MD5
f04cf0e30674810ecddfd8152611c679

SHA1
36287d141179125970827f4986f50c5622afb501

SHA256
d065374b70700cd3fdf8ebfc108bd44bc3d60d699bf2a1101d637ce531f9219b

SHA512
b5dabb5a917877ffdcb729e7fde844f73c8a1d1272dff2e0c67618d6bd233dd519302914f4425a2c190e5f18907fdc6983349182bb653ad42db5be3fa4806d8b

Download Submit
C:\Windows\System32\CeVSMCf.exe

Filesize
2.7MB

MD5
033a93f43c611621b6ea124fc08374aa

SHA1
73bcf524b2ab0f8f030a58086bef295fa8675378

SHA256
4e75b8f5562ce1f865e72fcc0e7930dd578996a69ea8466fcac7ed9e29019c02

SHA512
817ea27bc652a4e41d408f1abfb47ca9249af3de2800db765652fad36f9a1c34250c151f40f15c83f31de59b56d07759304b5189d680d95b7885d860bf0248cf

Download Submit
C:\Windows\System32\DZnOnJH.exe

Filesize
2.7MB

MD5
e293ed83b2d716d235f46f7f07211b20

SHA1
95ff160522368b3604521c504d02df077e589a32

SHA256
e37d2ba50435a95abfc8ef83a0fe2bae31d17cf88a9b9d6e327dea609fa5a916

SHA512
8fe7dddd9da98098fdf29aa0cc707c27dfd27024925b12bab053ae77e7085ed938df0d85f1bb2e926216802e3f9529ef1e948b41b7f599a1e7eafe7224a5bb69

Download Submit
C:\Windows\System32\EgWuUik.exe

Filesize
2.7MB

MD5
46d4aba7f8493ea7e7219d7f50a0b1ac

SHA1
c514f994ffd2ccc441bd4dca2f9b3bded6804992

SHA256
cf2c51d43b3dbf4d2fd83f71b27e69ccd341d952569ff42bbce37bdf92a6d63e

SHA512
5d9fa33bc66836e300a019e13c79a2b926c98369c434ced969758cfd63a8313f868f147a96c76e693fa56647b0c27e4e4fe3df0151ed02b9f6268f8c65f78f3b

Download Submit
C:\Windows\System32\FNRlPoc.exe

Filesize
2.7MB

MD5
aaffab67df5262359575f90764ffc410

SHA1
82d04818f82e64b470720795d9d30d0ed9d6ac6a

SHA256
7395a4364c1f4f46a08cba5955f44a5e852c2656c226ba927e80d14170526e8a

SHA512
a943a1394cc6748629c007edee9b1b95a03c337eacec533d079f5c3090f492a0d93da13ea1a43632c7361bc220b71f5f542a70c8c81cce64c2014bc296f07261

Download Submit
C:\Windows\System32\FgoSXls.exe

Filesize
2.7MB

MD5
76df2cf4ac53a7abc73c219788d21cb7

SHA1
9d39f1414b83f7d021f0c741e68a8b59cd74862d

SHA256
2f5346bf66dfba19ddb6246278e0f7c4193ba0f3203bb46ce4c9b2070716fc5c

SHA512
d901cfdad7d324504c2034362122622e17b466026199c9483b4a1acd73d0e336d8d302cf687bbc324c935d305337a13754e710f5dca37b32867d81fe3382a149

Download Submit
C:\Windows\System32\GQHIeAP.exe

Filesize
2.7MB

MD5
8e5421c9389598c482127aeb34854ad2

SHA1
100037015c9712ffda7063f90861002c3b176582

SHA256
4ec213303c049bf36f9e0c9bf56893d9a33c565d9525b8bb2e37630b2dbc53cf

SHA512
790531f9b8dc1a790922a82fc51a51f8d4c03a3f9ae17f54af5443af7180cab36303320d49c4bf5a931a4487a767b777f5476d613640d4af4d8e76cec19b0481

Download Submit
C:\Windows\System32\HaIPTsk.exe

Filesize
2.7MB

MD5
1508051857bce0bf51e9b2f1f86f6aa4

SHA1
1780ecff5a6fc8b274297d95b185dc8d9f87dadd

SHA256
f028a2c5c2e21c1837191a96cf7ce6ce1e2834e911ae11eacf73fbffafcf8c04

SHA512
23861b100119644fcd4dca57ecc0f62d908b011f972309b3404143553fb808914d702eb8035bd84e8cada2da0460f25a71cc393627282f07517343d8f25ecd8e

Download Submit
C:\Windows\System32\KNWEPjD.exe

Filesize
2.7MB

MD5
78cff194d54ddd4fc074f04814c91b26

SHA1
00c3ca1be3da89547d82d3deca5e3e6857d96c2f

SHA256
c8f9fec1be4f09e973d42b7c4e5382517901a565c12b4b264d66080647fc65a7

SHA512
eb8264e4c70ccec68bfad6ccb60d2007c9520c26fe6c04cf5cb8c311d5d62a9fbd964b8f6e7b72b04de91198f8c4a137da2c080f9e255b9bd4d093e91f578784

Download Submit
C:\Windows\System32\LdTQdlF.exe

Filesize
2.7MB

MD5
802083a9c99c53b36ef338acd2edf18f

SHA1
27b8c0d45f5f3400fa657a83d02a1cec1a08e6bc

SHA256
fa360c7c38e29e2417c7eca3e5422be9636ad8a9ed8290fa6fb82559e3c354e2

SHA512
38e22244159a00666bb4f84c26beda4a4e01d91b9ec1755943b6d9b105abcf79e797f10201756aec1b765eeb7db7c3ddb8598bf43dcf993aceba2f51167d4bbe

Download Submit
C:\Windows\System32\LnaYVBO.exe

Filesize
2.7MB

MD5
bd5ea18c0270bb0f7df276d1a6597f67

SHA1
7beda81c88466499b7b5a9427b5ef1b7ce3111a2

SHA256
e9aa722e9fb9022b6b704b242c9fd6ce55c9772ec41b0cf4cb1a1ace8b1ab9be

SHA512
4386a1075ac488fa30a5735456557851259a89092d5a242aac19d79a8563875514c394aac6f12b1688cd18ebe9fbd174054c4103fc2c12db1d300770aedf7c9e

Download Submit
C:\Windows\System32\OGtIXpC.exe

Filesize
2.7MB

MD5
1ad668d9d157eb3417b8279171809afb

SHA1
86f4035d46e16a65bed9655f1379958182f587a0

SHA256
8cf6474ab968fa526d772c31eae0e458d79201810296f12cd9de29b65f27a583

SHA512
92842f298e3a4bf936be16ec743a626b6a83a0022254ee4285b1fd2308b8583b0268318ef964b0698f9a0442f94d0531ae45897209009fe5beec8b995b27e3ed

Download Submit
C:\Windows\System32\PTeduLd.exe

Filesize
2.7MB

MD5
34fa2ba8cb737c8a5584d502ee9d2649

SHA1
0135973e7394397fb5b7529f7f54599327bd131c

SHA256
edd8b101645aba327cec4f37c9dac9f6f515fb387190fc7978862885286dc1f0

SHA512
ee047f621c9477cf1e50632e39497cac80523f9778ad6bcbd94a51d776e3973ca20c193186034cf0ae29e7337cccc0697ca883d79df2028ad0ea8892d0d4a466

Download Submit
C:\Windows\System32\RgxZHwR.exe

Filesize
2.7MB

MD5
21de2eec5a367e476d313ee35b621a01

SHA1
2b2c809ba387e99e1da477a1baf7a64717c8b65a

SHA256
4ba4178c7410302f806b1c0816edff737ae3500be13bbae42a9b5f8b22d76821

SHA512
6017f7d293f425d8d2ef6a990f180e347e197bea51935c9bc8fafb29728f73d85c62fe30d0ad446f4dcdb6de944a86e4b6c742c4c3479eba20fac834c3e82bb2

Download Submit
C:\Windows\System32\UISWTHL.exe

Filesize
2.7MB

MD5
0423fc8aab6f755623ca07764fd069b9

SHA1
df77857569d417c2658a5da53f3a8fd17c3c8693

SHA256
3265094575d87cfe03cfee02bfb449266c9f9ef57d3141711816bb68d0acbe36

SHA512
e7cd762aafca55fbdc16f3799e5ad0217c56256e3c0020cf7bd5e16598656e4a1a61bdce415efeb90c458af3bba3e35b7bb60ceaef5239267015317a0e1f4492

Download Submit
C:\Windows\System32\WFiTaoh.exe

Filesize
2.7MB

MD5
d5d9ce43978de675c2d2eb5988eca059

SHA1
ba157d7ab3d026b8a173f48d77582e46bb96fc35

SHA256
97fdb16ee66f9c344889405bad71f48046acf35e6d91db7821572899be4381b3

SHA512
00ce258ea747eae0843796c6ad0c9ff088d26fd498dc946b248e9adb147498823c305f5e5badb53fe98ea905fc7a1600248be9c7dae64c099db7dec3d183f092

Download Submit
C:\Windows\System32\aMCbJKJ.exe

Filesize
2.7MB

MD5
49896dbfa81af03e8c9fdfa9d3fc47e7

SHA1
c64c144072702ebce5981d29b707a49f71db47a6

SHA256
1986fa79171fd73385002b8d7f69a17811b72871b224bd4a677b59aa525e5031

SHA512
a205fd9f039a94db164bf4a83568c4e606d9a5b611998bdc7897ab418ee46323f072c8c76470fd37b977697d824963eae6e035bfc418b9a5daa5341db9202eef

Download Submit
C:\Windows\System32\blEKrWw.exe

Filesize
2.7MB

MD5
6ccc16961837d6e0ab94e764214c0617

SHA1
2847d39362c4a8f570ceed5c162e6cfd487b6146

SHA256
048a0990468f94cfe9524f3ca693cb72d10cb11b75e5846cb9bcc74d4230bb83

SHA512
fafe1c8b5ec6e9075a3e2540fe0ef4a9d879853278b902a6767bdcf553c4cbdf4a35270e42cf7548099175daa5becdef05e6328bdc14e54431283836e85c46e7

Download Submit
C:\Windows\System32\gSxguVi.exe

Filesize
2.7MB

MD5
46197b5df708f9bc3a540e51ce1b41e3

SHA1
bb2e5dcdc0869798f90dd03af4cf608441fc4cff

SHA256
d22158eb75ba09236bc44f990086d7089d374dfcc20df0f02d6c1a2ec61f66f8

SHA512
f6d5779810bc88dc19ed9bbd122dd1ae22cf62a06ab2c37cac6117097a62e81abd417bfc7cdbaf5351c7782b791402fde294dd2f71382a50f36c7190ee2e91e7

Download Submit
C:\Windows\System32\gfZBEsI.exe

Filesize
2.7MB

MD5
135f3098080756be690bf789c2b3ec77

SHA1
34c5d5f2e9892077ba700243e42b9ee6ba71c004

SHA256
9614c3f5de4123729a7583018560cedb3cd0cdc03d501c8f6f4a31ffe46017f3

SHA512
7f26030fc24a4e9fd0d6e69cedb5191ad05aa587db77ee228126489d4559525cb79264e76058193927b5c98179eb0cd94e6119debe8e0ef28fda30e7dbca6dd1

Download Submit
C:\Windows\System32\iSekUGm.exe

Filesize
2.7MB

MD5
fd74597683a1eac0f0988c276f1b7a60

SHA1
d3bd75efa45c7a46c223303bc8880b2485731c72

SHA256
86653014e466e950f6f2050d294c61deb67eb0b952384adeaa446f8dd24850ed

SHA512
886b574b511e6107ffa9e9512143e33d1f04cd57554cd6f089e779bff758697f42ef458446db6d527f09b8971d5b90b2a867fc309de6d8d33bf5b61526e0dc0f

Download Submit
C:\Windows\System32\ithAVTv.exe

Filesize
2.7MB

MD5
18a6f2cefdf3a6c3b735634dc31abf9a

SHA1
a4db8e873243bf318742eb3f7b84f8d7bffd661c

SHA256
b82852935ac6093ac8771a18317574cb0c736edcfe8a9bf87cf51e1f1edb2d63

SHA512
abb24526913435dedcf1130a5c9b84ea22961685630658ef40e74a3934d1328614fe642faf181792d0302a43984da6f67e99cbeafa1a5516b05d1ba003f6c35d

Download Submit
C:\Windows\System32\nuBSnmN.exe

Filesize
2.7MB

MD5
66fded2feda65eea6a25d4d5d4d1a10d

SHA1
e8b01636f8b0f35ca71344f2e506732e8630d202

SHA256
01ab98f0184ed6cbb91679ac2f7f014629f07c4da938a937d2dd66dc25fed515

SHA512
da2ee3536dd6dae97157075cf4f838b44071878822a652c19601da7a99e82240311c669c3bb9b9cf85b96ae2c194620cea820fb821a3fb1f7e2ec03cb476b58c

Download Submit
C:\Windows\System32\qGRBoEz.exe

Filesize
2.7MB

MD5
47e806677f512014110e52385fcec587

SHA1
ee3616375c539e464f1db6645b91988d114cfd1c

SHA256
fc04bae5b5e98e27c53fb3c8148ce116268d782af7b1075826c88a41d81736d3

SHA512
1d002fd6a7ddb2918635b81f7de97c4fc924ca9b67a9f6e1f1be27ba86598c6b3ff65e278e9e7b89917aab4c38db9c488648a185bd5666a32f129936b4ca3f04

Download Submit
C:\Windows\System32\qtmlYGC.exe

Filesize
2.7MB

MD5
96861c7166bedea6b9c70f0d5552cfe3

SHA1
dde88da0049015063f78e42f55e39640f1ba5879

SHA256
62464ac0bc6bb0e393c89b2bb763470de745479df0e8d7bd4c98fac6177cfca9

SHA512
c67b55c274a1dafcd479141228630a650a362737dcb2e5a7cbc318b2d4b536310e7306bd67cc122483cd3225f677df412e597e2769af38334c531a9dbfe77eab

Download Submit
C:\Windows\System32\uFhkVQm.exe

Filesize
2.7MB

MD5
2b2d6c32036dee4b988ff90d2f942b73

SHA1
0fd32473ab8024e0ac9800db0a39720f516ccbcf

SHA256
385fb494538275b56d546c77e5b832e62eb7626e00b8e135cec34dbdbb135bfd

SHA512
9143a3d43709ec1216d59c2ad52500cfa329c441604b844d242e022c45d6b101eab5fe01cc6028d3a2b0c8fd6e5f156eb6d39f38daeea9912804ad6afc79b1a6

Download Submit
C:\Windows\System32\uTFgkZz.exe

Filesize
2.7MB

MD5
f9f10286bad61dc76fa40081e2cef455

SHA1
9c262257e85213243cc88ee9b6926cf8b3dbdf41

SHA256
3bc89c6b5883ae8c7b2430a8f1b61abb8812bfde5fcec98db4f7e0fe7dc0385f

SHA512
70ba3be3fd9b67666dc3e00b05540bea04780e88c9666aeb38e6a0024ce1bfc8c9ac47d5464b49a7ee48a1b2498cdb782f0dde5e01ecbec908b59c8eaa795d97

Download Submit
C:\Windows\System32\upQDQkB.exe

Filesize
2.7MB

MD5
42cd382ec436a31c40830226bebd2243

SHA1
f59fbc912a5eac5ea42acb03b0fa5f93b7d91c99

SHA256
259d0e4904082827fdb470c8869408abc6ece3a2f78fa1b3fae5efc008a6d436

SHA512
9f3cc498fc36bc911786ab720f7c3afa79c3480beec8d2a83511c4c60924806f0dc48f9cfbfb54fcf88300031f5913f28a784d040eb364251fa820cd172a6098

Download Submit
C:\Windows\System32\vruCjqX.exe

Filesize
2.7MB

MD5
1603376ff784065f0a15486ac5382e88

SHA1
f8c8d4bf0e7065a1eefc8f231212ac4990460f3e

SHA256
2296a77a614f1e547c78d34d6d5989935335e8c601605200404e8393c5d44b7c

SHA512
268302edf0544e96e2417d9c0040896c94d45c1c45cc07743e0e294dd22e8644eaf3ff6af37ee4372053dbe98401e7f77477e00123bdabe8e8f80a7c1b651181

Download Submit
C:\Windows\System32\xFWwKVx.exe

Filesize
2.7MB

MD5
c9cd9c9120cbec44b0c59692575c8e90

SHA1
fd6146610f9d0740d73049bfd4e8322a3eeed34f

SHA256
71144586d1348e1ec59b846d903eef93a08cc0b5b2b378abb62a37cda8b8d6fb

SHA512
d484b9c7a61535c40925cf9e01684a1867354c72cd121a253884e10c1ace628286797053c16e3e16b6ff0e7bc7cf21fe52584cc466e51c770eaa35d5197fbd1c

Download Submit
C:\Windows\System32\ydXngbn.exe

Filesize
2.7MB

MD5
78eda7ce016f13dc948eb0673e3379ae

SHA1
217cd335960b8c1ed8283439536d36bc020ba3b3

SHA256
bb93be438e6f97b75af1f78cabcbaeff4acb5547bee7173f5dcc29e49173c1e9

SHA512
bf3d50d689f507a6d303ce8ada7fb6d0d3afadb3578035a45614e31d8af09ad906e97c47ebfb2da8ec4d84851da491770f9ddd619f5d2654293b4d4182f380e6

Download Submit
C:\Windows\System32\ygWfVwn.exe

Filesize
2.7MB

MD5
75b08b86197c0cbf04c2dea36fc869a9

SHA1
781b6f7affeb59f23b6ab48e4be6962512ccdd2b

SHA256
eece1c3b8275396165e79ffaf9b184a9fee2f4d7db66b89d52d2d65b779c06c6

SHA512
87777f81c9c624178c14e6bd1ee32646a5f226fc9ea6aec1d900e976de86fd8b6f916b76e71efab6d12daa7af92a167a50777c9a563a6cc4ffcfa0e60e537967

Download Submit
memory/208-717-0x00007FF69A4A0000-0x00007FF69A895000-memory.dmp

Filesize
4.0MB

Download
memory/208-1929-0x00007FF69A4A0000-0x00007FF69A895000-memory.dmp

Filesize
4.0MB

Download
memory/396-1934-0x00007FF7A6F50000-0x00007FF7A7345000-memory.dmp

Filesize
4.0MB

Download
memory/396-721-0x00007FF7A6F50000-0x00007FF7A7345000-memory.dmp

Filesize
4.0MB

Download
memory/400-1939-0x00007FF6CA5E0000-0x00007FF6CA9D5000-memory.dmp

Filesize
4.0MB

Download
memory/400-726-0x00007FF6CA5E0000-0x00007FF6CA9D5000-memory.dmp

Filesize
4.0MB

Download
memory/724-22-0x00007FF752850000-0x00007FF752C45000-memory.dmp

Filesize
4.0MB

Download
memory/724-1924-0x00007FF752850000-0x00007FF752C45000-memory.dmp

Filesize
4.0MB

Download
memory/904-31-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp

Filesize
4.0MB

Download
memory/904-1927-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp

Filesize
4.0MB

Download
memory/904-1920-0x00007FF6ABD30000-0x00007FF6AC125000-memory.dmp

Filesize
4.0MB

Download
memory/1008-1-0x0000021C15CB0000-0x0000021C15CC0000-memory.dmp

Filesize
64KB

Download
memory/1008-0-0x00007FF67BF90000-0x00007FF67C385000-memory.dmp

Filesize
4.0MB

Download
memory/1008-1922-0x00007FF67BF90000-0x00007FF67C385000-memory.dmp

Filesize
4.0MB

Download
memory/1300-1930-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp

Filesize
4.0MB

Download
memory/1300-716-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp

Filesize
4.0MB

Download
memory/1300-1921-0x00007FF6CCDA0000-0x00007FF6CD195000-memory.dmp

Filesize
4.0MB

Download
memory/1536-1923-0x00007FF6A2290000-0x00007FF6A2685000-memory.dmp

Filesize
4.0MB

Download
memory/1536-10-0x00007FF6A2290000-0x00007FF6A2685000-memory.dmp

Filesize
4.0MB

Download
memory/1816-728-0x00007FF6BEE00000-0x00007FF6BF1F5000-memory.dmp

Filesize
4.0MB

Download
memory/1816-1942-0x00007FF6BEE00000-0x00007FF6BF1F5000-memory.dmp

Filesize
4.0MB

Download
memory/1848-1932-0x00007FF64CDE0000-0x00007FF64D1D5000-memory.dmp

Filesize
4.0MB

Download
memory/1848-719-0x00007FF64CDE0000-0x00007FF64D1D5000-memory.dmp

Filesize
4.0MB

Download
memory/2244-1933-0x00007FF7BB740000-0x00007FF7BBB35000-memory.dmp

Filesize
4.0MB

Download
memory/2244-720-0x00007FF7BB740000-0x00007FF7BBB35000-memory.dmp

Filesize
4.0MB

Download
memory/2624-733-0x00007FF767460000-0x00007FF767855000-memory.dmp

Filesize
4.0MB

Download
memory/2624-1940-0x00007FF767460000-0x00007FF767855000-memory.dmp

Filesize
4.0MB

Download
memory/3172-723-0x00007FF71AE20000-0x00007FF71B215000-memory.dmp

Filesize
4.0MB

Download
memory/3172-1937-0x00007FF71AE20000-0x00007FF71B215000-memory.dmp

Filesize
4.0MB

Download
memory/3484-28-0x00007FF6649B0000-0x00007FF664DA5000-memory.dmp

Filesize
4.0MB

Download
memory/3484-1925-0x00007FF6649B0000-0x00007FF664DA5000-memory.dmp

Filesize
4.0MB

Download
memory/3620-1944-0x00007FF730720000-0x00007FF730B15000-memory.dmp

Filesize
4.0MB

Download
memory/3620-739-0x00007FF730720000-0x00007FF730B15000-memory.dmp

Filesize
4.0MB

Download
memory/3748-1926-0x00007FF648E90000-0x00007FF649285000-memory.dmp

Filesize
4.0MB

Download
memory/3748-23-0x00007FF648E90000-0x00007FF649285000-memory.dmp

Filesize
4.0MB

Download
memory/3748-1919-0x00007FF648E90000-0x00007FF649285000-memory.dmp

Filesize
4.0MB

Download
memory/3888-751-0x00007FF669A60000-0x00007FF669E55000-memory.dmp

Filesize
4.0MB

Download
memory/3888-1928-0x00007FF669A60000-0x00007FF669E55000-memory.dmp

Filesize
4.0MB

Download
memory/4300-1946-0x00007FF6A6270000-0x00007FF6A6665000-memory.dmp

Filesize
4.0MB

Download
memory/4300-740-0x00007FF6A6270000-0x00007FF6A6665000-memory.dmp

Filesize
4.0MB

Download
memory/4564-746-0x00007FF67E2B0000-0x00007FF67E6A5000-memory.dmp

Filesize
4.0MB

Download
memory/4564-1945-0x00007FF67E2B0000-0x00007FF67E6A5000-memory.dmp

Filesize
4.0MB

Download
memory/4628-1941-0x00007FF622000000-0x00007FF6223F5000-memory.dmp

Filesize
4.0MB

Download
memory/4628-727-0x00007FF622000000-0x00007FF6223F5000-memory.dmp

Filesize
4.0MB

Download
memory/4660-1938-0x00007FF60ED60000-0x00007FF60F155000-memory.dmp

Filesize
4.0MB

Download
memory/4660-722-0x00007FF60ED60000-0x00007FF60F155000-memory.dmp

Filesize
4.0MB

Download
memory/4796-725-0x00007FF6B6E80000-0x00007FF6B7275000-memory.dmp

Filesize
4.0MB

Download
memory/4796-1936-0x00007FF6B6E80000-0x00007FF6B7275000-memory.dmp

Filesize
4.0MB

Download
memory/4908-736-0x00007FF6B3BF0000-0x00007FF6B3FE5000-memory.dmp

Filesize
4.0MB

Download
memory/4908-1943-0x00007FF6B3BF0000-0x00007FF6B3FE5000-memory.dmp

Filesize
4.0MB

Download
memory/5088-1935-0x00007FF789BF0000-0x00007FF789FE5000-memory.dmp

Filesize
4.0MB

Download
memory/5088-724-0x00007FF789BF0000-0x00007FF789FE5000-memory.dmp

Filesize
4.0MB

Download
memory/5104-1931-0x00007FF73ADC0000-0x00007FF73B1B5000-memory.dmp

Filesize
4.0MB

Download
memory/5104-718-0x00007FF73ADC0000-0x00007FF73B1B5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads