xmrig | 3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930

Analysis

max time kernel
122s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 03:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
Size

1.2MB
MD5

d7970957a3a49b8c062852fe86581860
SHA1

1921269cfdca300baa28becccbcfbdebb1590590
SHA256

3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930
SHA512

da12d9c412c95e54a7900c97cc4a9e2c6ec2ca41f5b16ef439272ce0a38fde06409f883b305cabf325e243f281267b431fc7b9786b43db292ce7b0f47354d284
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlia+zzDwzVsJQ+AJB3wJ:knw9oUUEEDlnzLJo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/4588-86-0x00007FF7CB240000-0x00007FF7CB631000-memory.dmp	xmrig
behavioral2/memory/2768-334-0x00007FF68AD90000-0x00007FF68B181000-memory.dmp	xmrig
behavioral2/memory/2904-337-0x00007FF6A76D0000-0x00007FF6A7AC1000-memory.dmp	xmrig
behavioral2/memory/4764-340-0x00007FF6366E0000-0x00007FF636AD1000-memory.dmp	xmrig
behavioral2/memory/936-339-0x00007FF7B5120000-0x00007FF7B5511000-memory.dmp	xmrig
behavioral2/memory/4080-65-0x00007FF741DF0000-0x00007FF7421E1000-memory.dmp	xmrig
behavioral2/memory/4176-58-0x00007FF64F980000-0x00007FF64FD71000-memory.dmp	xmrig
behavioral2/memory/4892-52-0x00007FF666870000-0x00007FF666C61000-memory.dmp	xmrig
behavioral2/memory/744-28-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp	xmrig
behavioral2/memory/2360-341-0x00007FF618720000-0x00007FF618B11000-memory.dmp	xmrig
behavioral2/memory/3416-342-0x00007FF68E950000-0x00007FF68ED41000-memory.dmp	xmrig
behavioral2/memory/1028-344-0x00007FF664A20000-0x00007FF664E11000-memory.dmp	xmrig
behavioral2/memory/3760-343-0x00007FF7F8C10000-0x00007FF7F9001000-memory.dmp	xmrig
behavioral2/memory/436-345-0x00007FF691340000-0x00007FF691731000-memory.dmp	xmrig
behavioral2/memory/1040-346-0x00007FF7736F0000-0x00007FF773AE1000-memory.dmp	xmrig
behavioral2/memory/5080-348-0x00007FF7F1680000-0x00007FF7F1A71000-memory.dmp	xmrig
behavioral2/memory/3684-349-0x00007FF789F50000-0x00007FF78A341000-memory.dmp	xmrig
behavioral2/memory/5104-355-0x00007FF73B5A0000-0x00007FF73B991000-memory.dmp	xmrig
behavioral2/memory/3384-347-0x00007FF7D5A30000-0x00007FF7D5E21000-memory.dmp	xmrig
behavioral2/memory/1336-1463-0x00007FF6FF710000-0x00007FF6FFB01000-memory.dmp	xmrig
behavioral2/memory/4952-1920-0x00007FF783FA0000-0x00007FF784391000-memory.dmp	xmrig
behavioral2/memory/4176-2040-0x00007FF64F980000-0x00007FF64FD71000-memory.dmp	xmrig
behavioral2/memory/684-2041-0x00007FF637B90000-0x00007FF637F81000-memory.dmp	xmrig
behavioral2/memory/4484-2042-0x00007FF6D9430000-0x00007FF6D9821000-memory.dmp	xmrig
behavioral2/memory/4588-2076-0x00007FF7CB240000-0x00007FF7CB631000-memory.dmp	xmrig
behavioral2/memory/5080-2081-0x00007FF7F1680000-0x00007FF7F1A71000-memory.dmp	xmrig
behavioral2/memory/3684-2083-0x00007FF789F50000-0x00007FF78A341000-memory.dmp	xmrig
behavioral2/memory/1336-2085-0x00007FF6FF710000-0x00007FF6FFB01000-memory.dmp	xmrig
behavioral2/memory/744-2107-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp	xmrig
behavioral2/memory/4680-2109-0x00007FF6D0810000-0x00007FF6D0C01000-memory.dmp	xmrig
behavioral2/memory/4892-2113-0x00007FF666870000-0x00007FF666C61000-memory.dmp	xmrig
behavioral2/memory/2664-2115-0x00007FF76EBD0000-0x00007FF76EFC1000-memory.dmp	xmrig
behavioral2/memory/4952-2111-0x00007FF783FA0000-0x00007FF784391000-memory.dmp	xmrig
behavioral2/memory/4080-2131-0x00007FF741DF0000-0x00007FF7421E1000-memory.dmp	xmrig
behavioral2/memory/2768-2123-0x00007FF68AD90000-0x00007FF68B181000-memory.dmp	xmrig
behavioral2/memory/684-2121-0x00007FF637B90000-0x00007FF637F81000-memory.dmp	xmrig
behavioral2/memory/2904-2119-0x00007FF6A76D0000-0x00007FF6A7AC1000-memory.dmp	xmrig
behavioral2/memory/4484-2129-0x00007FF6D9430000-0x00007FF6D9821000-memory.dmp	xmrig
behavioral2/memory/2360-2135-0x00007FF618720000-0x00007FF618B11000-memory.dmp	xmrig
behavioral2/memory/4764-2133-0x00007FF6366E0000-0x00007FF636AD1000-memory.dmp	xmrig
behavioral2/memory/436-2145-0x00007FF691340000-0x00007FF691731000-memory.dmp	xmrig
behavioral2/memory/1040-2141-0x00007FF7736F0000-0x00007FF773AE1000-memory.dmp	xmrig
behavioral2/memory/4176-2117-0x00007FF64F980000-0x00007FF64FD71000-memory.dmp	xmrig
behavioral2/memory/936-2127-0x00007FF7B5120000-0x00007FF7B5511000-memory.dmp	xmrig
behavioral2/memory/5104-2125-0x00007FF73B5A0000-0x00007FF73B991000-memory.dmp	xmrig
behavioral2/memory/3760-2143-0x00007FF7F8C10000-0x00007FF7F9001000-memory.dmp	xmrig
behavioral2/memory/1028-2139-0x00007FF664A20000-0x00007FF664E11000-memory.dmp	xmrig
behavioral2/memory/3384-2147-0x00007FF7D5A30000-0x00007FF7D5E21000-memory.dmp	xmrig
behavioral2/memory/3416-2137-0x00007FF68E950000-0x00007FF68ED41000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5080	FyOYEYW.exe
3684	tpaJMco.exe
1336	fjBbZCX.exe
744	rScmNCN.exe
4680	bpKzPfC.exe
4952	PjdwbBP.exe
4892	ECSwZoS.exe
2664	HGYndyk.exe
4176	BPqMTMS.exe
4080	sfvOpCC.exe
684	QJipbVY.exe
4484	lSSCqvf.exe
2768	WAIHrig.exe
2904	AQcdhBl.exe
5104	FxbRYTZ.exe
936	YqNrkEI.exe
4764	SJMTUbh.exe
2360	oAPCzMc.exe
3416	phjeLxE.exe
3760	kAilmJE.exe
1028	oNDRJkP.exe
436	wwOLmsI.exe
1040	PaZmbTE.exe
3384	abIcmzj.exe
3432	ddCiONz.exe
1056	CwuKdxz.exe
3856	fkRqSwz.exe
2844	FBUPwoT.exe
1900	BIKmlVL.exe
2428	DndHXAp.exe
992	CHqIcQj.exe
4396	IEOjipF.exe
4912	XIKfWld.exe
1924	JslwWOO.exe
3388	UCdhftK.exe
2440	NZwQWQs.exe
4620	nhWmtrG.exe
4868	nEfJeGN.exe
4388	kkVaRBo.exe
1060	CvfqAeq.exe
4264	GojXJJs.exe
552	tKNhOqG.exe
4824	MYSordO.exe
4284	cnMKRhl.exe
1644	QlOfMOy.exe
3096	zRysQMq.exe
4640	ujRgirI.exe
1832	nbRIqeu.exe
2752	NJXdTti.exe
1696	bVUaVZf.exe
3412	dguiqcZ.exe
1624	MOBnaqC.exe
4132	KxVfNQD.exe
3784	APvPUDU.exe
3440	lBbiYxN.exe
4844	QtJloOW.exe
4524	ZINFoIO.exe
3644	TmUGTPI.exe
1536	nipvzbN.exe
1140	rrzmoAi.exe
1412	xPvUOEq.exe
1100	nkjcUYJ.exe
3884	IEKPTeo.exe
3764	Jkvnqag.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4588-0-0x00007FF7CB240000-0x00007FF7CB631000-memory.dmp	upx
behavioral2/files/0x000900000002351a-5.dat	upx
behavioral2/memory/5080-10-0x00007FF7F1680000-0x00007FF7F1A71000-memory.dmp	upx
behavioral2/files/0x0007000000023526-11.dat	upx
behavioral2/files/0x0007000000023527-14.dat	upx
behavioral2/memory/3684-15-0x00007FF789F50000-0x00007FF78A341000-memory.dmp	upx
behavioral2/memory/1336-20-0x00007FF6FF710000-0x00007FF6FFB01000-memory.dmp	upx
behavioral2/files/0x0007000000023528-23.dat	upx
behavioral2/files/0x0007000000023529-29.dat	upx
behavioral2/files/0x0009000000023523-32.dat	upx
behavioral2/files/0x000700000002352a-39.dat	upx
behavioral2/files/0x000700000002352b-43.dat	upx
behavioral2/memory/4952-41-0x00007FF783FA0000-0x00007FF784391000-memory.dmp	upx
behavioral2/memory/4680-36-0x00007FF6D0810000-0x00007FF6D0C01000-memory.dmp	upx
behavioral2/memory/2664-50-0x00007FF76EBD0000-0x00007FF76EFC1000-memory.dmp	upx
behavioral2/files/0x000700000002352c-53.dat	upx
behavioral2/files/0x000700000002352d-59.dat	upx
behavioral2/files/0x000700000002352e-69.dat	upx
behavioral2/memory/684-68-0x00007FF637B90000-0x00007FF637F81000-memory.dmp	upx
behavioral2/files/0x000700000002352f-75.dat	upx
behavioral2/files/0x0007000000023530-83.dat	upx
behavioral2/memory/4588-86-0x00007FF7CB240000-0x00007FF7CB631000-memory.dmp	upx
behavioral2/files/0x0007000000023534-102.dat	upx
behavioral2/files/0x0007000000023537-117.dat	upx
behavioral2/files/0x000700000002353a-129.dat	upx
behavioral2/files/0x000700000002353d-144.dat	upx
behavioral2/files/0x0007000000023542-167.dat	upx
behavioral2/memory/2768-334-0x00007FF68AD90000-0x00007FF68B181000-memory.dmp	upx
behavioral2/memory/2904-337-0x00007FF6A76D0000-0x00007FF6A7AC1000-memory.dmp	upx
behavioral2/memory/4764-340-0x00007FF6366E0000-0x00007FF636AD1000-memory.dmp	upx
behavioral2/memory/936-339-0x00007FF7B5120000-0x00007FF7B5511000-memory.dmp	upx
behavioral2/files/0x0007000000023543-174.dat	upx
behavioral2/files/0x0007000000023541-164.dat	upx
behavioral2/files/0x0007000000023540-159.dat	upx
behavioral2/files/0x000700000002353f-154.dat	upx
behavioral2/files/0x000700000002353e-149.dat	upx
behavioral2/files/0x000700000002353c-142.dat	upx
behavioral2/files/0x000700000002353b-134.dat	upx
behavioral2/files/0x0007000000023539-127.dat	upx
behavioral2/files/0x0007000000023538-122.dat	upx
behavioral2/files/0x0007000000023536-112.dat	upx
behavioral2/files/0x0007000000023535-107.dat	upx
behavioral2/files/0x0007000000023533-97.dat	upx
behavioral2/files/0x0007000000023532-92.dat	upx
behavioral2/files/0x0007000000023531-81.dat	upx
behavioral2/memory/4484-73-0x00007FF6D9430000-0x00007FF6D9821000-memory.dmp	upx
behavioral2/memory/4080-65-0x00007FF741DF0000-0x00007FF7421E1000-memory.dmp	upx
behavioral2/memory/4176-58-0x00007FF64F980000-0x00007FF64FD71000-memory.dmp	upx
behavioral2/memory/4892-52-0x00007FF666870000-0x00007FF666C61000-memory.dmp	upx
behavioral2/memory/744-28-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp	upx
behavioral2/memory/2360-341-0x00007FF618720000-0x00007FF618B11000-memory.dmp	upx
behavioral2/memory/3416-342-0x00007FF68E950000-0x00007FF68ED41000-memory.dmp	upx
behavioral2/memory/1028-344-0x00007FF664A20000-0x00007FF664E11000-memory.dmp	upx
behavioral2/memory/3760-343-0x00007FF7F8C10000-0x00007FF7F9001000-memory.dmp	upx
behavioral2/memory/436-345-0x00007FF691340000-0x00007FF691731000-memory.dmp	upx
behavioral2/memory/1040-346-0x00007FF7736F0000-0x00007FF773AE1000-memory.dmp	upx
behavioral2/memory/5080-348-0x00007FF7F1680000-0x00007FF7F1A71000-memory.dmp	upx
behavioral2/memory/3684-349-0x00007FF789F50000-0x00007FF78A341000-memory.dmp	upx
behavioral2/memory/5104-355-0x00007FF73B5A0000-0x00007FF73B991000-memory.dmp	upx
behavioral2/memory/3384-347-0x00007FF7D5A30000-0x00007FF7D5E21000-memory.dmp	upx
behavioral2/memory/1336-1463-0x00007FF6FF710000-0x00007FF6FFB01000-memory.dmp	upx
behavioral2/memory/4952-1920-0x00007FF783FA0000-0x00007FF784391000-memory.dmp	upx
behavioral2/memory/4176-2040-0x00007FF64F980000-0x00007FF64FD71000-memory.dmp	upx
behavioral2/memory/684-2041-0x00007FF637B90000-0x00007FF637F81000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\XSGoUEF.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\NMmtCRE.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\wkHtrdg.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\IjWrGgC.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\qHIifgG.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\ZHsANOo.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\OIKOxIF.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\oKbHTTb.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\rmLbZzX.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\QHXvpbV.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\jWZowHg.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\fyCJGqJ.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\NAbxvVV.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\kZqUaxA.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\lJFEMMT.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\HPjlOWE.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\kbKUtwe.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\xLNbirX.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\veEjqAy.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\ARLQOWY.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\FhhGiQy.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\GsLnDGG.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\GPKiOww.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\vaqyZZv.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\bZKxonf.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\NFIrAPW.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\FTAYTPK.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\OsTqJbX.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\KnHlpmZ.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\nfdnGaU.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\FyOYEYW.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\jFcaEmA.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\eHyHXSV.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\ySgZMTT.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\siYQdRe.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\DnjlpiO.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\rUOcnpK.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\TRDDIcq.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\jYNGCfC.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\KiIZcbR.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\sFtSeyx.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\IEKPTeo.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\gEbVaqj.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\CRbbDdE.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\VtLwPkd.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\dMFNJYN.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\IdiOBpk.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\IBAHIOJ.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\dguiqcZ.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\jrUroTg.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\qSNaYCC.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\lHWGcdS.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\YkbBzZQ.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\IeyigkV.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\lkKclxa.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\grCQlhm.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\AQcdhBl.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\zRysQMq.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\nBSboKY.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\oSUtmWv.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\xgnskej.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\NdhCYIa.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\BAUNjGc.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
File created	C:\Windows\System32\anlgYCt.exe	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2168	dwm.exe
Token: SeChangeNotifyPrivilege	2168	dwm.exe
Token: 33	2168	dwm.exe
Token: SeIncBasePriorityPrivilege	2168	dwm.exe
Token: SeShutdownPrivilege	2168	dwm.exe
Token: SeCreatePagefilePrivilege	2168	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 5080	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	83
PID 4588 wrote to memory of 5080	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	83
PID 4588 wrote to memory of 3684	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	84
PID 4588 wrote to memory of 3684	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	84
PID 4588 wrote to memory of 1336	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	85
PID 4588 wrote to memory of 1336	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	85
PID 4588 wrote to memory of 744	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	86
PID 4588 wrote to memory of 744	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	86
PID 4588 wrote to memory of 4680	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	87
PID 4588 wrote to memory of 4680	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	87
PID 4588 wrote to memory of 4952	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	88
PID 4588 wrote to memory of 4952	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	88
PID 4588 wrote to memory of 4892	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	89
PID 4588 wrote to memory of 4892	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	89
PID 4588 wrote to memory of 2664	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	90
PID 4588 wrote to memory of 2664	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	90
PID 4588 wrote to memory of 4176	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	91
PID 4588 wrote to memory of 4176	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	91
PID 4588 wrote to memory of 4080	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	92
PID 4588 wrote to memory of 4080	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	92
PID 4588 wrote to memory of 684	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	93
PID 4588 wrote to memory of 684	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	93
PID 4588 wrote to memory of 4484	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	94
PID 4588 wrote to memory of 4484	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	94
PID 4588 wrote to memory of 2768	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	95
PID 4588 wrote to memory of 2768	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	95
PID 4588 wrote to memory of 2904	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	96
PID 4588 wrote to memory of 2904	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	96
PID 4588 wrote to memory of 5104	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	97
PID 4588 wrote to memory of 5104	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	97
PID 4588 wrote to memory of 936	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	98
PID 4588 wrote to memory of 936	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	98
PID 4588 wrote to memory of 4764	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	99
PID 4588 wrote to memory of 4764	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	99
PID 4588 wrote to memory of 2360	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	100
PID 4588 wrote to memory of 2360	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	100
PID 4588 wrote to memory of 3416	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	101
PID 4588 wrote to memory of 3416	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	101
PID 4588 wrote to memory of 3760	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	102
PID 4588 wrote to memory of 3760	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	102
PID 4588 wrote to memory of 1028	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	103
PID 4588 wrote to memory of 1028	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	103
PID 4588 wrote to memory of 436	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	104
PID 4588 wrote to memory of 436	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	104
PID 4588 wrote to memory of 1040	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	105
PID 4588 wrote to memory of 1040	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	105
PID 4588 wrote to memory of 3384	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	106
PID 4588 wrote to memory of 3384	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	106
PID 4588 wrote to memory of 3432	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	107
PID 4588 wrote to memory of 3432	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	107
PID 4588 wrote to memory of 1056	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	108
PID 4588 wrote to memory of 1056	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	108
PID 4588 wrote to memory of 3856	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	109
PID 4588 wrote to memory of 3856	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	109
PID 4588 wrote to memory of 2844	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	110
PID 4588 wrote to memory of 2844	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	110
PID 4588 wrote to memory of 1900	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	111
PID 4588 wrote to memory of 1900	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	111
PID 4588 wrote to memory of 2428	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	112
PID 4588 wrote to memory of 2428	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	112
PID 4588 wrote to memory of 992	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	113
PID 4588 wrote to memory of 992	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	113
PID 4588 wrote to memory of 4396	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	114
PID 4588 wrote to memory of 4396	4588	3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe	114

C:\Users\Admin\AppData\Local\Temp\3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe
"C:\Users\Admin\AppData\Local\Temp\3aa6e5cf9024e4a71025440914d03af276f4cec562c34f85862d2e113c40c930.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\System32\FyOYEYW.exe
  C:\Windows\System32\FyOYEYW.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System32\tpaJMco.exe
  C:\Windows\System32\tpaJMco.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System32\fjBbZCX.exe
  C:\Windows\System32\fjBbZCX.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System32\rScmNCN.exe
  C:\Windows\System32\rScmNCN.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System32\bpKzPfC.exe
  C:\Windows\System32\bpKzPfC.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System32\PjdwbBP.exe
  C:\Windows\System32\PjdwbBP.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\ECSwZoS.exe
  C:\Windows\System32\ECSwZoS.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System32\HGYndyk.exe
  C:\Windows\System32\HGYndyk.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System32\BPqMTMS.exe
  C:\Windows\System32\BPqMTMS.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System32\sfvOpCC.exe
  C:\Windows\System32\sfvOpCC.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System32\QJipbVY.exe
  C:\Windows\System32\QJipbVY.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System32\lSSCqvf.exe
  C:\Windows\System32\lSSCqvf.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System32\WAIHrig.exe
  C:\Windows\System32\WAIHrig.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System32\AQcdhBl.exe
  C:\Windows\System32\AQcdhBl.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System32\FxbRYTZ.exe
  C:\Windows\System32\FxbRYTZ.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System32\YqNrkEI.exe
  C:\Windows\System32\YqNrkEI.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System32\SJMTUbh.exe
  C:\Windows\System32\SJMTUbh.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System32\oAPCzMc.exe
  C:\Windows\System32\oAPCzMc.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System32\phjeLxE.exe
  C:\Windows\System32\phjeLxE.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System32\kAilmJE.exe
  C:\Windows\System32\kAilmJE.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System32\oNDRJkP.exe
  C:\Windows\System32\oNDRJkP.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System32\wwOLmsI.exe
  C:\Windows\System32\wwOLmsI.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System32\PaZmbTE.exe
  C:\Windows\System32\PaZmbTE.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System32\abIcmzj.exe
  C:\Windows\System32\abIcmzj.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System32\ddCiONz.exe
  C:\Windows\System32\ddCiONz.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System32\CwuKdxz.exe
  C:\Windows\System32\CwuKdxz.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System32\fkRqSwz.exe
  C:\Windows\System32\fkRqSwz.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System32\FBUPwoT.exe
  C:\Windows\System32\FBUPwoT.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System32\BIKmlVL.exe
  C:\Windows\System32\BIKmlVL.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System32\DndHXAp.exe
  C:\Windows\System32\DndHXAp.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System32\CHqIcQj.exe
  C:\Windows\System32\CHqIcQj.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System32\IEOjipF.exe
  C:\Windows\System32\IEOjipF.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System32\XIKfWld.exe
  C:\Windows\System32\XIKfWld.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System32\JslwWOO.exe
  C:\Windows\System32\JslwWOO.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System32\UCdhftK.exe
  C:\Windows\System32\UCdhftK.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System32\NZwQWQs.exe
  C:\Windows\System32\NZwQWQs.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System32\nhWmtrG.exe
  C:\Windows\System32\nhWmtrG.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System32\nEfJeGN.exe
  C:\Windows\System32\nEfJeGN.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System32\kkVaRBo.exe
  C:\Windows\System32\kkVaRBo.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System32\CvfqAeq.exe
  C:\Windows\System32\CvfqAeq.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System32\GojXJJs.exe
  C:\Windows\System32\GojXJJs.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System32\tKNhOqG.exe
  C:\Windows\System32\tKNhOqG.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System32\MYSordO.exe
  C:\Windows\System32\MYSordO.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System32\cnMKRhl.exe
  C:\Windows\System32\cnMKRhl.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System32\QlOfMOy.exe
  C:\Windows\System32\QlOfMOy.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System32\zRysQMq.exe
  C:\Windows\System32\zRysQMq.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System32\ujRgirI.exe
  C:\Windows\System32\ujRgirI.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System32\nbRIqeu.exe
  C:\Windows\System32\nbRIqeu.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System32\NJXdTti.exe
  C:\Windows\System32\NJXdTti.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System32\bVUaVZf.exe
  C:\Windows\System32\bVUaVZf.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System32\dguiqcZ.exe
  C:\Windows\System32\dguiqcZ.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System32\MOBnaqC.exe
  C:\Windows\System32\MOBnaqC.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System32\KxVfNQD.exe
  C:\Windows\System32\KxVfNQD.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System32\APvPUDU.exe
  C:\Windows\System32\APvPUDU.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System32\lBbiYxN.exe
  C:\Windows\System32\lBbiYxN.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System32\QtJloOW.exe
  C:\Windows\System32\QtJloOW.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System32\ZINFoIO.exe
  C:\Windows\System32\ZINFoIO.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System32\TmUGTPI.exe
  C:\Windows\System32\TmUGTPI.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System32\nipvzbN.exe
  C:\Windows\System32\nipvzbN.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System32\rrzmoAi.exe
  C:\Windows\System32\rrzmoAi.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System32\xPvUOEq.exe
  C:\Windows\System32\xPvUOEq.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System32\nkjcUYJ.exe
  C:\Windows\System32\nkjcUYJ.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System32\IEKPTeo.exe
  C:\Windows\System32\IEKPTeo.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System32\Jkvnqag.exe
  C:\Windows\System32\Jkvnqag.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System32\oHtZVOW.exe
  C:\Windows\System32\oHtZVOW.exe
  2⤵
  PID:4164
- C:\Windows\System32\jrUroTg.exe
  C:\Windows\System32\jrUroTg.exe
  2⤵
  PID:4536
- C:\Windows\System32\aXmDNSl.exe
  C:\Windows\System32\aXmDNSl.exe
  2⤵
  PID:4876
- C:\Windows\System32\lQGJPSE.exe
  C:\Windows\System32\lQGJPSE.exe
  2⤵
  PID:4752
- C:\Windows\System32\YpqQZcQ.exe
  C:\Windows\System32\YpqQZcQ.exe
  2⤵
  PID:3476
- C:\Windows\System32\FezeXIo.exe
  C:\Windows\System32\FezeXIo.exe
  2⤵
  PID:2936
- C:\Windows\System32\qSNaYCC.exe
  C:\Windows\System32\qSNaYCC.exe
  2⤵
  PID:4232
- C:\Windows\System32\heNohyJ.exe
  C:\Windows\System32\heNohyJ.exe
  2⤵
  PID:1176
- C:\Windows\System32\DOVGNAV.exe
  C:\Windows\System32\DOVGNAV.exe
  2⤵
  PID:3948
- C:\Windows\System32\zykkfrD.exe
  C:\Windows\System32\zykkfrD.exe
  2⤵
  PID:1048
- C:\Windows\System32\kEmSZCg.exe
  C:\Windows\System32\kEmSZCg.exe
  2⤵
  PID:2872
- C:\Windows\System32\JfgIYrw.exe
  C:\Windows\System32\JfgIYrw.exe
  2⤵
  PID:1956
- C:\Windows\System32\SnKsZZT.exe
  C:\Windows\System32\SnKsZZT.exe
  2⤵
  PID:2032
- C:\Windows\System32\ZsFYKtx.exe
  C:\Windows\System32\ZsFYKtx.exe
  2⤵
  PID:1256
- C:\Windows\System32\wNniqJr.exe
  C:\Windows\System32\wNniqJr.exe
  2⤵
  PID:3824
- C:\Windows\System32\ArTTMKx.exe
  C:\Windows\System32\ArTTMKx.exe
  2⤵
  PID:3136
- C:\Windows\System32\gEbVaqj.exe
  C:\Windows\System32\gEbVaqj.exe
  2⤵
  PID:2504
- C:\Windows\System32\wkHtrdg.exe
  C:\Windows\System32\wkHtrdg.exe
  2⤵
  PID:4016
- C:\Windows\System32\cZsxCiN.exe
  C:\Windows\System32\cZsxCiN.exe
  2⤵
  PID:2988
- C:\Windows\System32\nBSboKY.exe
  C:\Windows\System32\nBSboKY.exe
  2⤵
  PID:2408
- C:\Windows\System32\aaNuaDk.exe
  C:\Windows\System32\aaNuaDk.exe
  2⤵
  PID:5036
- C:\Windows\System32\ptUmQRA.exe
  C:\Windows\System32\ptUmQRA.exe
  2⤵
  PID:1464
- C:\Windows\System32\ydtSwJI.exe
  C:\Windows\System32\ydtSwJI.exe
  2⤵
  PID:1136
- C:\Windows\System32\uIcSTah.exe
  C:\Windows\System32\uIcSTah.exe
  2⤵
  PID:2344
- C:\Windows\System32\AnOOafh.exe
  C:\Windows\System32\AnOOafh.exe
  2⤵
  PID:2696
- C:\Windows\System32\lHWGcdS.exe
  C:\Windows\System32\lHWGcdS.exe
  2⤵
  PID:852
- C:\Windows\System32\CinNNcU.exe
  C:\Windows\System32\CinNNcU.exe
  2⤵
  PID:2820
- C:\Windows\System32\ykSuGyT.exe
  C:\Windows\System32\ykSuGyT.exe
  2⤵
  PID:1904
- C:\Windows\System32\fArwIOz.exe
  C:\Windows\System32\fArwIOz.exe
  2⤵
  PID:2152
- C:\Windows\System32\wNvbufJ.exe
  C:\Windows\System32\wNvbufJ.exe
  2⤵
  PID:4404
- C:\Windows\System32\lxaNHNm.exe
  C:\Windows\System32\lxaNHNm.exe
  2⤵
  PID:1860
- C:\Windows\System32\mFpTNoR.exe
  C:\Windows\System32\mFpTNoR.exe
  2⤵
  PID:5060
- C:\Windows\System32\rbTjkUQ.exe
  C:\Windows\System32\rbTjkUQ.exe
  2⤵
  PID:3508
- C:\Windows\System32\OzxHpoR.exe
  C:\Windows\System32\OzxHpoR.exe
  2⤵
  PID:1988
- C:\Windows\System32\OMMVjBY.exe
  C:\Windows\System32\OMMVjBY.exe
  2⤵
  PID:1632
- C:\Windows\System32\LIsilyl.exe
  C:\Windows\System32\LIsilyl.exe
  2⤵
  PID:1600
- C:\Windows\System32\QRHZMRO.exe
  C:\Windows\System32\QRHZMRO.exe
  2⤵
  PID:3496
- C:\Windows\System32\mkPndTl.exe
  C:\Windows\System32\mkPndTl.exe
  2⤵
  PID:1344
- C:\Windows\System32\NQLFfoF.exe
  C:\Windows\System32\NQLFfoF.exe
  2⤵
  PID:5116
- C:\Windows\System32\OgXADWm.exe
  C:\Windows\System32\OgXADWm.exe
  2⤵
  PID:5148
- C:\Windows\System32\veauykr.exe
  C:\Windows\System32\veauykr.exe
  2⤵
  PID:5164
- C:\Windows\System32\gFiFknV.exe
  C:\Windows\System32\gFiFknV.exe
  2⤵
  PID:5188
- C:\Windows\System32\oTCXSHs.exe
  C:\Windows\System32\oTCXSHs.exe
  2⤵
  PID:5212
- C:\Windows\System32\YTFRDoH.exe
  C:\Windows\System32\YTFRDoH.exe
  2⤵
  PID:5252
- C:\Windows\System32\ChnEWxY.exe
  C:\Windows\System32\ChnEWxY.exe
  2⤵
  PID:5280
- C:\Windows\System32\iYLwxMi.exe
  C:\Windows\System32\iYLwxMi.exe
  2⤵
  PID:5328
- C:\Windows\System32\fYPZFTo.exe
  C:\Windows\System32\fYPZFTo.exe
  2⤵
  PID:5348
- C:\Windows\System32\ncjmHFU.exe
  C:\Windows\System32\ncjmHFU.exe
  2⤵
  PID:5388
- C:\Windows\System32\UWTaguD.exe
  C:\Windows\System32\UWTaguD.exe
  2⤵
  PID:5416
- C:\Windows\System32\FSrvENf.exe
  C:\Windows\System32\FSrvENf.exe
  2⤵
  PID:5440
- C:\Windows\System32\yBGmIYG.exe
  C:\Windows\System32\yBGmIYG.exe
  2⤵
  PID:5460
- C:\Windows\System32\DIvBisk.exe
  C:\Windows\System32\DIvBisk.exe
  2⤵
  PID:5504
- C:\Windows\System32\YqHugzr.exe
  C:\Windows\System32\YqHugzr.exe
  2⤵
  PID:5528
- C:\Windows\System32\fcKiAib.exe
  C:\Windows\System32\fcKiAib.exe
  2⤵
  PID:5556
- C:\Windows\System32\iHeXquq.exe
  C:\Windows\System32\iHeXquq.exe
  2⤵
  PID:5584
- C:\Windows\System32\OcUkgkj.exe
  C:\Windows\System32\OcUkgkj.exe
  2⤵
  PID:5604
- C:\Windows\System32\jFcaEmA.exe
  C:\Windows\System32\jFcaEmA.exe
  2⤵
  PID:5624
- C:\Windows\System32\mIJZcEY.exe
  C:\Windows\System32\mIJZcEY.exe
  2⤵
  PID:5640
- C:\Windows\System32\msgtgLk.exe
  C:\Windows\System32\msgtgLk.exe
  2⤵
  PID:5660
- C:\Windows\System32\jFpnpCT.exe
  C:\Windows\System32\jFpnpCT.exe
  2⤵
  PID:5676
- C:\Windows\System32\phCSAYt.exe
  C:\Windows\System32\phCSAYt.exe
  2⤵
  PID:5696
- C:\Windows\System32\DFUtMOt.exe
  C:\Windows\System32\DFUtMOt.exe
  2⤵
  PID:5712
- C:\Windows\System32\waUYlUC.exe
  C:\Windows\System32\waUYlUC.exe
  2⤵
  PID:5740
- C:\Windows\System32\KqjprbG.exe
  C:\Windows\System32\KqjprbG.exe
  2⤵
  PID:5776
- C:\Windows\System32\VnYxlff.exe
  C:\Windows\System32\VnYxlff.exe
  2⤵
  PID:5856
- C:\Windows\System32\WQsbBra.exe
  C:\Windows\System32\WQsbBra.exe
  2⤵
  PID:5876
- C:\Windows\System32\eaIsEFm.exe
  C:\Windows\System32\eaIsEFm.exe
  2⤵
  PID:5912
- C:\Windows\System32\QbAnpuA.exe
  C:\Windows\System32\QbAnpuA.exe
  2⤵
  PID:5932
- C:\Windows\System32\VtkhxGu.exe
  C:\Windows\System32\VtkhxGu.exe
  2⤵
  PID:5948
- C:\Windows\System32\WqVTcHg.exe
  C:\Windows\System32\WqVTcHg.exe
  2⤵
  PID:5996
- C:\Windows\System32\CRbbDdE.exe
  C:\Windows\System32\CRbbDdE.exe
  2⤵
  PID:6024
- C:\Windows\System32\DJYSfFd.exe
  C:\Windows\System32\DJYSfFd.exe
  2⤵
  PID:6052
- C:\Windows\System32\cHCjCeF.exe
  C:\Windows\System32\cHCjCeF.exe
  2⤵
  PID:6072
- C:\Windows\System32\PJbHnVQ.exe
  C:\Windows\System32\PJbHnVQ.exe
  2⤵
  PID:6088
- C:\Windows\System32\IjWrGgC.exe
  C:\Windows\System32\IjWrGgC.exe
  2⤵
  PID:6112
- C:\Windows\System32\oSUtmWv.exe
  C:\Windows\System32\oSUtmWv.exe
  2⤵
  PID:6136
- C:\Windows\System32\DYlJiGF.exe
  C:\Windows\System32\DYlJiGF.exe
  2⤵
  PID:2724
- C:\Windows\System32\EdxlWwu.exe
  C:\Windows\System32\EdxlWwu.exe
  2⤵
  PID:5236
- C:\Windows\System32\OSLJLLR.exe
  C:\Windows\System32\OSLJLLR.exe
  2⤵
  PID:5312
- C:\Windows\System32\ZvmziGI.exe
  C:\Windows\System32\ZvmziGI.exe
  2⤵
  PID:5340
- C:\Windows\System32\lFxeFRj.exe
  C:\Windows\System32\lFxeFRj.exe
  2⤵
  PID:5380
- C:\Windows\System32\JDdmGAD.exe
  C:\Windows\System32\JDdmGAD.exe
  2⤵
  PID:5456
- C:\Windows\System32\YkbBzZQ.exe
  C:\Windows\System32\YkbBzZQ.exe
  2⤵
  PID:5544
- C:\Windows\System32\kINsKNk.exe
  C:\Windows\System32\kINsKNk.exe
  2⤵
  PID:5636
- C:\Windows\System32\ADMLiOW.exe
  C:\Windows\System32\ADMLiOW.exe
  2⤵
  PID:5652
- C:\Windows\System32\RPJzfGh.exe
  C:\Windows\System32\RPJzfGh.exe
  2⤵
  PID:5688
- C:\Windows\System32\TJIAmaV.exe
  C:\Windows\System32\TJIAmaV.exe
  2⤵
  PID:5832
- C:\Windows\System32\bpVNKXK.exe
  C:\Windows\System32\bpVNKXK.exe
  2⤵
  PID:5960
- C:\Windows\System32\pWkxLlo.exe
  C:\Windows\System32\pWkxLlo.exe
  2⤵
  PID:5924
- C:\Windows\System32\DVkzKHB.exe
  C:\Windows\System32\DVkzKHB.exe
  2⤵
  PID:6040
- C:\Windows\System32\NAbxvVV.exe
  C:\Windows\System32\NAbxvVV.exe
  2⤵
  PID:6108
- C:\Windows\System32\VtLwPkd.exe
  C:\Windows\System32\VtLwPkd.exe
  2⤵
  PID:5140
- C:\Windows\System32\CIIaJBZ.exe
  C:\Windows\System32\CIIaJBZ.exe
  2⤵
  PID:5424
- C:\Windows\System32\HkUmSiF.exe
  C:\Windows\System32\HkUmSiF.exe
  2⤵
  PID:5496
- C:\Windows\System32\GIJynMv.exe
  C:\Windows\System32\GIJynMv.exe
  2⤵
  PID:5720
- C:\Windows\System32\zapDXyZ.exe
  C:\Windows\System32\zapDXyZ.exe
  2⤵
  PID:5836
- C:\Windows\System32\xLzbXzP.exe
  C:\Windows\System32\xLzbXzP.exe
  2⤵
  PID:5892
- C:\Windows\System32\rmLbZzX.exe
  C:\Windows\System32\rmLbZzX.exe
  2⤵
  PID:6016
- C:\Windows\System32\nVRKdSc.exe
  C:\Windows\System32\nVRKdSc.exe
  2⤵
  PID:6104
- C:\Windows\System32\nYyAJPc.exe
  C:\Windows\System32\nYyAJPc.exe
  2⤵
  PID:5308
- C:\Windows\System32\dMFNJYN.exe
  C:\Windows\System32\dMFNJYN.exe
  2⤵
  PID:5484
- C:\Windows\System32\oZiXoQv.exe
  C:\Windows\System32\oZiXoQv.exe
  2⤵
  PID:5756
- C:\Windows\System32\NBNjemb.exe
  C:\Windows\System32\NBNjemb.exe
  2⤵
  PID:6152
- C:\Windows\System32\rZEOFXS.exe
  C:\Windows\System32\rZEOFXS.exe
  2⤵
  PID:6188
- C:\Windows\System32\PdHhTTQ.exe
  C:\Windows\System32\PdHhTTQ.exe
  2⤵
  PID:6260
- C:\Windows\System32\jUVCJKn.exe
  C:\Windows\System32\jUVCJKn.exe
  2⤵
  PID:6288
- C:\Windows\System32\siTTEBM.exe
  C:\Windows\System32\siTTEBM.exe
  2⤵
  PID:6308
- C:\Windows\System32\NsBDGfy.exe
  C:\Windows\System32\NsBDGfy.exe
  2⤵
  PID:6328
- C:\Windows\System32\wBBmBgt.exe
  C:\Windows\System32\wBBmBgt.exe
  2⤵
  PID:6352
- C:\Windows\System32\owDKqLA.exe
  C:\Windows\System32\owDKqLA.exe
  2⤵
  PID:6388
- C:\Windows\System32\JLMAJfB.exe
  C:\Windows\System32\JLMAJfB.exe
  2⤵
  PID:6424
- C:\Windows\System32\EkjpOKh.exe
  C:\Windows\System32\EkjpOKh.exe
  2⤵
  PID:6448
- C:\Windows\System32\urHWYLp.exe
  C:\Windows\System32\urHWYLp.exe
  2⤵
  PID:6492
- C:\Windows\System32\QHXvpbV.exe
  C:\Windows\System32\QHXvpbV.exe
  2⤵
  PID:6508
- C:\Windows\System32\QWPSkKJ.exe
  C:\Windows\System32\QWPSkKJ.exe
  2⤵
  PID:6528
- C:\Windows\System32\pDHUqxf.exe
  C:\Windows\System32\pDHUqxf.exe
  2⤵
  PID:6544
- C:\Windows\System32\OKfaoIF.exe
  C:\Windows\System32\OKfaoIF.exe
  2⤵
  PID:6568
- C:\Windows\System32\YzlelJr.exe
  C:\Windows\System32\YzlelJr.exe
  2⤵
  PID:6616
- C:\Windows\System32\GmhqYXT.exe
  C:\Windows\System32\GmhqYXT.exe
  2⤵
  PID:6636
- C:\Windows\System32\cHrbuEo.exe
  C:\Windows\System32\cHrbuEo.exe
  2⤵
  PID:6668
- C:\Windows\System32\vTyqdLA.exe
  C:\Windows\System32\vTyqdLA.exe
  2⤵
  PID:6692
- C:\Windows\System32\ARLQOWY.exe
  C:\Windows\System32\ARLQOWY.exe
  2⤵
  PID:6736
- C:\Windows\System32\JOQWfxG.exe
  C:\Windows\System32\JOQWfxG.exe
  2⤵
  PID:6752
- C:\Windows\System32\FhhGiQy.exe
  C:\Windows\System32\FhhGiQy.exe
  2⤵
  PID:6776
- C:\Windows\System32\VyCZcWD.exe
  C:\Windows\System32\VyCZcWD.exe
  2⤵
  PID:6808
- C:\Windows\System32\lvpJIFF.exe
  C:\Windows\System32\lvpJIFF.exe
  2⤵
  PID:6832
- C:\Windows\System32\mKhbCSm.exe
  C:\Windows\System32\mKhbCSm.exe
  2⤵
  PID:6864
- C:\Windows\System32\EXEgtNT.exe
  C:\Windows\System32\EXEgtNT.exe
  2⤵
  PID:6884
- C:\Windows\System32\AgNwGQF.exe
  C:\Windows\System32\AgNwGQF.exe
  2⤵
  PID:6904
- C:\Windows\System32\pBsTVhj.exe
  C:\Windows\System32\pBsTVhj.exe
  2⤵
  PID:6932
- C:\Windows\System32\SlnNpZO.exe
  C:\Windows\System32\SlnNpZO.exe
  2⤵
  PID:6952
- C:\Windows\System32\xpgwHxN.exe
  C:\Windows\System32\xpgwHxN.exe
  2⤵
  PID:6996
- C:\Windows\System32\GsLnDGG.exe
  C:\Windows\System32\GsLnDGG.exe
  2⤵
  PID:7012
- C:\Windows\System32\IdiOBpk.exe
  C:\Windows\System32\IdiOBpk.exe
  2⤵
  PID:7040
- C:\Windows\System32\BkImJrb.exe
  C:\Windows\System32\BkImJrb.exe
  2⤵
  PID:7076
- C:\Windows\System32\ZDUYkdY.exe
  C:\Windows\System32\ZDUYkdY.exe
  2⤵
  PID:7116
- C:\Windows\System32\CVPzrNi.exe
  C:\Windows\System32\CVPzrNi.exe
  2⤵
  PID:7136
- C:\Windows\System32\qEyyEZQ.exe
  C:\Windows\System32\qEyyEZQ.exe
  2⤵
  PID:7164
- C:\Windows\System32\wtHVQfA.exe
  C:\Windows\System32\wtHVQfA.exe
  2⤵
  PID:5580
- C:\Windows\System32\MaAwhsq.exe
  C:\Windows\System32\MaAwhsq.exe
  2⤵
  PID:6148
- C:\Windows\System32\LiNvRoG.exe
  C:\Windows\System32\LiNvRoG.exe
  2⤵
  PID:5368
- C:\Windows\System32\tAEgPLs.exe
  C:\Windows\System32\tAEgPLs.exe
  2⤵
  PID:6224
- C:\Windows\System32\pFyENBJ.exe
  C:\Windows\System32\pFyENBJ.exe
  2⤵
  PID:6272
- C:\Windows\System32\pGOASsH.exe
  C:\Windows\System32\pGOASsH.exe
  2⤵
  PID:6408
- C:\Windows\System32\EYWpDkz.exe
  C:\Windows\System32\EYWpDkz.exe
  2⤵
  PID:6416
- C:\Windows\System32\OSEDyNh.exe
  C:\Windows\System32\OSEDyNh.exe
  2⤵
  PID:6560
- C:\Windows\System32\gPmlOWL.exe
  C:\Windows\System32\gPmlOWL.exe
  2⤵
  PID:6592
- C:\Windows\System32\TRDDIcq.exe
  C:\Windows\System32\TRDDIcq.exe
  2⤵
  PID:6680
- C:\Windows\System32\qHIifgG.exe
  C:\Windows\System32\qHIifgG.exe
  2⤵
  PID:6844
- C:\Windows\System32\byWfGCg.exe
  C:\Windows\System32\byWfGCg.exe
  2⤵
  PID:6852
- C:\Windows\System32\RsldAzj.exe
  C:\Windows\System32\RsldAzj.exe
  2⤵
  PID:6872
- C:\Windows\System32\nCLZHCq.exe
  C:\Windows\System32\nCLZHCq.exe
  2⤵
  PID:6972
- C:\Windows\System32\UDOGbet.exe
  C:\Windows\System32\UDOGbet.exe
  2⤵
  PID:7052
- C:\Windows\System32\eyHMtGK.exe
  C:\Windows\System32\eyHMtGK.exe
  2⤵
  PID:7108
- C:\Windows\System32\sBsFXUk.exe
  C:\Windows\System32\sBsFXUk.exe
  2⤵
  PID:5728
- C:\Windows\System32\mfPVsGI.exe
  C:\Windows\System32\mfPVsGI.exe
  2⤵
  PID:6164
- C:\Windows\System32\YPaxZef.exe
  C:\Windows\System32\YPaxZef.exe
  2⤵
  PID:6420
- C:\Windows\System32\NlUXuwG.exe
  C:\Windows\System32\NlUXuwG.exe
  2⤵
  PID:6432
- C:\Windows\System32\VMYsmQx.exe
  C:\Windows\System32\VMYsmQx.exe
  2⤵
  PID:6520
- C:\Windows\System32\xnrFKhI.exe
  C:\Windows\System32\xnrFKhI.exe
  2⤵
  PID:6848
- C:\Windows\System32\JZuESxU.exe
  C:\Windows\System32\JZuESxU.exe
  2⤵
  PID:6896
- C:\Windows\System32\oJyDUsA.exe
  C:\Windows\System32\oJyDUsA.exe
  2⤵
  PID:7004
- C:\Windows\System32\ZKXMMRo.exe
  C:\Windows\System32\ZKXMMRo.exe
  2⤵
  PID:5268
- C:\Windows\System32\emArREc.exe
  C:\Windows\System32\emArREc.exe
  2⤵
  PID:6484
- C:\Windows\System32\KnglUJr.exe
  C:\Windows\System32\KnglUJr.exe
  2⤵
  PID:6916
- C:\Windows\System32\fUguDYu.exe
  C:\Windows\System32\fUguDYu.exe
  2⤵
  PID:6772
- C:\Windows\System32\aXyvdju.exe
  C:\Windows\System32\aXyvdju.exe
  2⤵
  PID:7176
- C:\Windows\System32\LhmAoaB.exe
  C:\Windows\System32\LhmAoaB.exe
  2⤵
  PID:7196
- C:\Windows\System32\hvHelFe.exe
  C:\Windows\System32\hvHelFe.exe
  2⤵
  PID:7216
- C:\Windows\System32\jWZowHg.exe
  C:\Windows\System32\jWZowHg.exe
  2⤵
  PID:7232
- C:\Windows\System32\sglvHqX.exe
  C:\Windows\System32\sglvHqX.exe
  2⤵
  PID:7276
- C:\Windows\System32\tPgHkFf.exe
  C:\Windows\System32\tPgHkFf.exe
  2⤵
  PID:7316
- C:\Windows\System32\jwPAThG.exe
  C:\Windows\System32\jwPAThG.exe
  2⤵
  PID:7336
- C:\Windows\System32\ANqbSyS.exe
  C:\Windows\System32\ANqbSyS.exe
  2⤵
  PID:7360
- C:\Windows\System32\abYpQWM.exe
  C:\Windows\System32\abYpQWM.exe
  2⤵
  PID:7376
- C:\Windows\System32\cfUVPIS.exe
  C:\Windows\System32\cfUVPIS.exe
  2⤵
  PID:7428
- C:\Windows\System32\GStJJbw.exe
  C:\Windows\System32\GStJJbw.exe
  2⤵
  PID:7456
- C:\Windows\System32\PQcRdib.exe
  C:\Windows\System32\PQcRdib.exe
  2⤵
  PID:7484
- C:\Windows\System32\SbFXqVI.exe
  C:\Windows\System32\SbFXqVI.exe
  2⤵
  PID:7500
- C:\Windows\System32\ZpLrGew.exe
  C:\Windows\System32\ZpLrGew.exe
  2⤵
  PID:7528
- C:\Windows\System32\wWjbnaj.exe
  C:\Windows\System32\wWjbnaj.exe
  2⤵
  PID:7548
- C:\Windows\System32\jgnSrXk.exe
  C:\Windows\System32\jgnSrXk.exe
  2⤵
  PID:7588
- C:\Windows\System32\krSsuIu.exe
  C:\Windows\System32\krSsuIu.exe
  2⤵
  PID:7612
- C:\Windows\System32\HFUrWdn.exe
  C:\Windows\System32\HFUrWdn.exe
  2⤵
  PID:7628
- C:\Windows\System32\GLghdAp.exe
  C:\Windows\System32\GLghdAp.exe
  2⤵
  PID:7688
- C:\Windows\System32\jvOrCGH.exe
  C:\Windows\System32\jvOrCGH.exe
  2⤵
  PID:7704
- C:\Windows\System32\BPOpgtL.exe
  C:\Windows\System32\BPOpgtL.exe
  2⤵
  PID:7724
- C:\Windows\System32\ledQIht.exe
  C:\Windows\System32\ledQIht.exe
  2⤵
  PID:7740
- C:\Windows\System32\OrfoLWd.exe
  C:\Windows\System32\OrfoLWd.exe
  2⤵
  PID:7768
- C:\Windows\System32\SncMwmj.exe
  C:\Windows\System32\SncMwmj.exe
  2⤵
  PID:7784
- C:\Windows\System32\WzRdcHe.exe
  C:\Windows\System32\WzRdcHe.exe
  2⤵
  PID:7808
- C:\Windows\System32\ePyIyZb.exe
  C:\Windows\System32\ePyIyZb.exe
  2⤵
  PID:7844
- C:\Windows\System32\pTJRuwp.exe
  C:\Windows\System32\pTJRuwp.exe
  2⤵
  PID:7872
- C:\Windows\System32\EKiTDFw.exe
  C:\Windows\System32\EKiTDFw.exe
  2⤵
  PID:7908
- C:\Windows\System32\aAnjULS.exe
  C:\Windows\System32\aAnjULS.exe
  2⤵
  PID:7960
- C:\Windows\System32\JnXHhwk.exe
  C:\Windows\System32\JnXHhwk.exe
  2⤵
  PID:7980
- C:\Windows\System32\LTParwq.exe
  C:\Windows\System32\LTParwq.exe
  2⤵
  PID:7996
- C:\Windows\System32\FpBdyTx.exe
  C:\Windows\System32\FpBdyTx.exe
  2⤵
  PID:8020
- C:\Windows\System32\JyZEAsP.exe
  C:\Windows\System32\JyZEAsP.exe
  2⤵
  PID:8040
- C:\Windows\System32\QWwvinL.exe
  C:\Windows\System32\QWwvinL.exe
  2⤵
  PID:8076
- C:\Windows\System32\XKjVRvY.exe
  C:\Windows\System32\XKjVRvY.exe
  2⤵
  PID:8136
- C:\Windows\System32\aePOcTi.exe
  C:\Windows\System32\aePOcTi.exe
  2⤵
  PID:8160
- C:\Windows\System32\MjSMYsl.exe
  C:\Windows\System32\MjSMYsl.exe
  2⤵
  PID:8188
- C:\Windows\System32\jfuWvLb.exe
  C:\Windows\System32\jfuWvLb.exe
  2⤵
  PID:7208
- C:\Windows\System32\jbXSlsi.exe
  C:\Windows\System32\jbXSlsi.exe
  2⤵
  PID:7252
- C:\Windows\System32\AMruoOf.exe
  C:\Windows\System32\AMruoOf.exe
  2⤵
  PID:7292
- C:\Windows\System32\TmkVzia.exe
  C:\Windows\System32\TmkVzia.exe
  2⤵
  PID:7356
- C:\Windows\System32\uCTykbx.exe
  C:\Windows\System32\uCTykbx.exe
  2⤵
  PID:7396
- C:\Windows\System32\gYuXmSB.exe
  C:\Windows\System32\gYuXmSB.exe
  2⤵
  PID:7536
- C:\Windows\System32\XBEZtDT.exe
  C:\Windows\System32\XBEZtDT.exe
  2⤵
  PID:7580
- C:\Windows\System32\IeyigkV.exe
  C:\Windows\System32\IeyigkV.exe
  2⤵
  PID:7660
- C:\Windows\System32\ErIdePZ.exe
  C:\Windows\System32\ErIdePZ.exe
  2⤵
  PID:7696
- C:\Windows\System32\pHlJTDd.exe
  C:\Windows\System32\pHlJTDd.exe
  2⤵
  PID:7716
- C:\Windows\System32\zApmSWg.exe
  C:\Windows\System32\zApmSWg.exe
  2⤵
  PID:7836
- C:\Windows\System32\OcOYSDW.exe
  C:\Windows\System32\OcOYSDW.exe
  2⤵
  PID:7892
- C:\Windows\System32\fyCJGqJ.exe
  C:\Windows\System32\fyCJGqJ.exe
  2⤵
  PID:7976
- C:\Windows\System32\RCDKLXm.exe
  C:\Windows\System32\RCDKLXm.exe
  2⤵
  PID:8176
- C:\Windows\System32\krmCyXT.exe
  C:\Windows\System32\krmCyXT.exe
  2⤵
  PID:7228
- C:\Windows\System32\vaqyZZv.exe
  C:\Windows\System32\vaqyZZv.exe
  2⤵
  PID:7368
- C:\Windows\System32\lrHMyvw.exe
  C:\Windows\System32\lrHMyvw.exe
  2⤵
  PID:7512
- C:\Windows\System32\nqaZWxM.exe
  C:\Windows\System32\nqaZWxM.exe
  2⤵
  PID:7700
- C:\Windows\System32\YMnHiRF.exe
  C:\Windows\System32\YMnHiRF.exe
  2⤵
  PID:7776
- C:\Windows\System32\mjFqmHg.exe
  C:\Windows\System32\mjFqmHg.exe
  2⤵
  PID:7928
- C:\Windows\System32\HHBbEBe.exe
  C:\Windows\System32\HHBbEBe.exe
  2⤵
  PID:8052
- C:\Windows\System32\ANMlAgm.exe
  C:\Windows\System32\ANMlAgm.exe
  2⤵
  PID:7224
- C:\Windows\System32\hYToZDQ.exe
  C:\Windows\System32\hYToZDQ.exe
  2⤵
  PID:7584
- C:\Windows\System32\LjBuuar.exe
  C:\Windows\System32\LjBuuar.exe
  2⤵
  PID:7804
- C:\Windows\System32\vRJCGZN.exe
  C:\Windows\System32\vRJCGZN.exe
  2⤵
  PID:8072
- C:\Windows\System32\gWpaVjI.exe
  C:\Windows\System32\gWpaVjI.exe
  2⤵
  PID:7268
- C:\Windows\System32\BZuPPkm.exe
  C:\Windows\System32\BZuPPkm.exe
  2⤵
  PID:7400
- C:\Windows\System32\NERmkNr.exe
  C:\Windows\System32\NERmkNr.exe
  2⤵
  PID:8208
- C:\Windows\System32\blSAyTL.exe
  C:\Windows\System32\blSAyTL.exe
  2⤵
  PID:8236
- C:\Windows\System32\xqDmCjp.exe
  C:\Windows\System32\xqDmCjp.exe
  2⤵
  PID:8256
- C:\Windows\System32\zUGOxZV.exe
  C:\Windows\System32\zUGOxZV.exe
  2⤵
  PID:8276
- C:\Windows\System32\RaMAYYS.exe
  C:\Windows\System32\RaMAYYS.exe
  2⤵
  PID:8328
- C:\Windows\System32\GPKiOww.exe
  C:\Windows\System32\GPKiOww.exe
  2⤵
  PID:8376
- C:\Windows\System32\pvfnvEm.exe
  C:\Windows\System32\pvfnvEm.exe
  2⤵
  PID:8404
- C:\Windows\System32\OcwqXEC.exe
  C:\Windows\System32\OcwqXEC.exe
  2⤵
  PID:8428
- C:\Windows\System32\hcwNoNj.exe
  C:\Windows\System32\hcwNoNj.exe
  2⤵
  PID:8464
- C:\Windows\System32\lmhlWYG.exe
  C:\Windows\System32\lmhlWYG.exe
  2⤵
  PID:8484
- C:\Windows\System32\szHSCgB.exe
  C:\Windows\System32\szHSCgB.exe
  2⤵
  PID:8500
- C:\Windows\System32\SoPfWbg.exe
  C:\Windows\System32\SoPfWbg.exe
  2⤵
  PID:8552
- C:\Windows\System32\scYobmh.exe
  C:\Windows\System32\scYobmh.exe
  2⤵
  PID:8572
- C:\Windows\System32\QAWwGvZ.exe
  C:\Windows\System32\QAWwGvZ.exe
  2⤵
  PID:8588
- C:\Windows\System32\DWNkcuI.exe
  C:\Windows\System32\DWNkcuI.exe
  2⤵
  PID:8616
- C:\Windows\System32\QGEMUhG.exe
  C:\Windows\System32\QGEMUhG.exe
  2⤵
  PID:8640
- C:\Windows\System32\cOnlUcm.exe
  C:\Windows\System32\cOnlUcm.exe
  2⤵
  PID:8664
- C:\Windows\System32\VrpfFoa.exe
  C:\Windows\System32\VrpfFoa.exe
  2⤵
  PID:8704
- C:\Windows\System32\GwUSmRQ.exe
  C:\Windows\System32\GwUSmRQ.exe
  2⤵
  PID:8728
- C:\Windows\System32\SUfAZUl.exe
  C:\Windows\System32\SUfAZUl.exe
  2⤵
  PID:8752
- C:\Windows\System32\QjEELXk.exe
  C:\Windows\System32\QjEELXk.exe
  2⤵
  PID:8772
- C:\Windows\System32\ERwFpWq.exe
  C:\Windows\System32\ERwFpWq.exe
  2⤵
  PID:8800
- C:\Windows\System32\uUlIPLJ.exe
  C:\Windows\System32\uUlIPLJ.exe
  2⤵
  PID:8860
- C:\Windows\System32\QNjRkEa.exe
  C:\Windows\System32\QNjRkEa.exe
  2⤵
  PID:8888
- C:\Windows\System32\tzoueYk.exe
  C:\Windows\System32\tzoueYk.exe
  2⤵
  PID:8912
- C:\Windows\System32\fLxcYOL.exe
  C:\Windows\System32\fLxcYOL.exe
  2⤵
  PID:8936
- C:\Windows\System32\RnBJPER.exe
  C:\Windows\System32\RnBJPER.exe
  2⤵
  PID:8984
- C:\Windows\System32\fWBUzec.exe
  C:\Windows\System32\fWBUzec.exe
  2⤵
  PID:9000
- C:\Windows\System32\CCdBBSY.exe
  C:\Windows\System32\CCdBBSY.exe
  2⤵
  PID:9024
- C:\Windows\System32\HbGYLfU.exe
  C:\Windows\System32\HbGYLfU.exe
  2⤵
  PID:9040
- C:\Windows\System32\sRIeiDI.exe
  C:\Windows\System32\sRIeiDI.exe
  2⤵
  PID:9060
- C:\Windows\System32\bCQJMlM.exe
  C:\Windows\System32\bCQJMlM.exe
  2⤵
  PID:9092
- C:\Windows\System32\LtEAolE.exe
  C:\Windows\System32\LtEAolE.exe
  2⤵
  PID:9132
- C:\Windows\System32\eHyHXSV.exe
  C:\Windows\System32\eHyHXSV.exe
  2⤵
  PID:9164
- C:\Windows\System32\SXnqqJY.exe
  C:\Windows\System32\SXnqqJY.exe
  2⤵
  PID:9180
- C:\Windows\System32\eEcGuOk.exe
  C:\Windows\System32\eEcGuOk.exe
  2⤵
  PID:9204
- C:\Windows\System32\FdKXPzJ.exe
  C:\Windows\System32\FdKXPzJ.exe
  2⤵
  PID:6656
- C:\Windows\System32\cKMeOMR.exe
  C:\Windows\System32\cKMeOMR.exe
  2⤵
  PID:8340
- C:\Windows\System32\cgxBUat.exe
  C:\Windows\System32\cgxBUat.exe
  2⤵
  PID:8396
- C:\Windows\System32\JagTVxU.exe
  C:\Windows\System32\JagTVxU.exe
  2⤵
  PID:8440
- C:\Windows\System32\nhdAVLE.exe
  C:\Windows\System32\nhdAVLE.exe
  2⤵
  PID:8496
- C:\Windows\System32\bZKxonf.exe
  C:\Windows\System32\bZKxonf.exe
  2⤵
  PID:8564
- C:\Windows\System32\rpFTdkI.exe
  C:\Windows\System32\rpFTdkI.exe
  2⤵
  PID:8648
- C:\Windows\System32\MzJPViv.exe
  C:\Windows\System32\MzJPViv.exe
  2⤵
  PID:8716
- C:\Windows\System32\MEwwrgf.exe
  C:\Windows\System32\MEwwrgf.exe
  2⤵
  PID:8740
- C:\Windows\System32\TvxpBWs.exe
  C:\Windows\System32\TvxpBWs.exe
  2⤵
  PID:8784
- C:\Windows\System32\zKnQxoQ.exe
  C:\Windows\System32\zKnQxoQ.exe
  2⤵
  PID:8852
- C:\Windows\System32\ZHsANOo.exe
  C:\Windows\System32\ZHsANOo.exe
  2⤵
  PID:8920
- C:\Windows\System32\xFPzgTH.exe
  C:\Windows\System32\xFPzgTH.exe
  2⤵
  PID:8948
- C:\Windows\System32\YhuKfYv.exe
  C:\Windows\System32\YhuKfYv.exe
  2⤵
  PID:9052
- C:\Windows\System32\pejNIwt.exe
  C:\Windows\System32\pejNIwt.exe
  2⤵
  PID:9188
- C:\Windows\System32\jovFqOq.exe
  C:\Windows\System32\jovFqOq.exe
  2⤵
  PID:9200
- C:\Windows\System32\jnlXpLB.exe
  C:\Windows\System32\jnlXpLB.exe
  2⤵
  PID:9196
- C:\Windows\System32\idVKbIO.exe
  C:\Windows\System32\idVKbIO.exe
  2⤵
  PID:8424
- C:\Windows\System32\JBzKFxU.exe
  C:\Windows\System32\JBzKFxU.exe
  2⤵
  PID:8612
- C:\Windows\System32\GthSqLg.exe
  C:\Windows\System32\GthSqLg.exe
  2⤵
  PID:8744
- C:\Windows\System32\SnCeKGQ.exe
  C:\Windows\System32\SnCeKGQ.exe
  2⤵
  PID:8992
- C:\Windows\System32\MnZVwDL.exe
  C:\Windows\System32\MnZVwDL.exe
  2⤵
  PID:8996
- C:\Windows\System32\oSVQHJl.exe
  C:\Windows\System32\oSVQHJl.exe
  2⤵
  PID:9176
- C:\Windows\System32\ySgZMTT.exe
  C:\Windows\System32\ySgZMTT.exe
  2⤵
  PID:8204
- C:\Windows\System32\ZHhNHsx.exe
  C:\Windows\System32\ZHhNHsx.exe
  2⤵
  PID:8768
- C:\Windows\System32\FKlfuKL.exe
  C:\Windows\System32\FKlfuKL.exe
  2⤵
  PID:8932
- C:\Windows\System32\tMPwZAk.exe
  C:\Windows\System32\tMPwZAk.exe
  2⤵
  PID:8924
- C:\Windows\System32\cMOXuLX.exe
  C:\Windows\System32\cMOXuLX.exe
  2⤵
  PID:9232
- C:\Windows\System32\rRYsnep.exe
  C:\Windows\System32\rRYsnep.exe
  2⤵
  PID:9248
- C:\Windows\System32\kZqUaxA.exe
  C:\Windows\System32\kZqUaxA.exe
  2⤵
  PID:9272
- C:\Windows\System32\XSGoUEF.exe
  C:\Windows\System32\XSGoUEF.exe
  2⤵
  PID:9320
- C:\Windows\System32\HSwUMps.exe
  C:\Windows\System32\HSwUMps.exe
  2⤵
  PID:9352
- C:\Windows\System32\FfYesLj.exe
  C:\Windows\System32\FfYesLj.exe
  2⤵
  PID:9380
- C:\Windows\System32\itfQxZn.exe
  C:\Windows\System32\itfQxZn.exe
  2⤵
  PID:9408
- C:\Windows\System32\kRALFlZ.exe
  C:\Windows\System32\kRALFlZ.exe
  2⤵
  PID:9428
- C:\Windows\System32\vlBhBLL.exe
  C:\Windows\System32\vlBhBLL.exe
  2⤵
  PID:9460
- C:\Windows\System32\awyAwIY.exe
  C:\Windows\System32\awyAwIY.exe
  2⤵
  PID:9476
- C:\Windows\System32\WJMentI.exe
  C:\Windows\System32\WJMentI.exe
  2⤵
  PID:9500
- C:\Windows\System32\oGgCXfG.exe
  C:\Windows\System32\oGgCXfG.exe
  2⤵
  PID:9516
- C:\Windows\System32\NMmtCRE.exe
  C:\Windows\System32\NMmtCRE.exe
  2⤵
  PID:9536
- C:\Windows\System32\KQAGqlm.exe
  C:\Windows\System32\KQAGqlm.exe
  2⤵
  PID:9584
- C:\Windows\System32\IwMwqQr.exe
  C:\Windows\System32\IwMwqQr.exe
  2⤵
  PID:9600
- C:\Windows\System32\xNwKHgI.exe
  C:\Windows\System32\xNwKHgI.exe
  2⤵
  PID:9648
- C:\Windows\System32\TKRRJmW.exe
  C:\Windows\System32\TKRRJmW.exe
  2⤵
  PID:9676
- C:\Windows\System32\uKGtaIe.exe
  C:\Windows\System32\uKGtaIe.exe
  2⤵
  PID:9724
- C:\Windows\System32\wlQUdpE.exe
  C:\Windows\System32\wlQUdpE.exe
  2⤵
  PID:9740
- C:\Windows\System32\lLEaySn.exe
  C:\Windows\System32\lLEaySn.exe
  2⤵
  PID:9764
- C:\Windows\System32\dFctyAG.exe
  C:\Windows\System32\dFctyAG.exe
  2⤵
  PID:9780
- C:\Windows\System32\ncoQUiP.exe
  C:\Windows\System32\ncoQUiP.exe
  2⤵
  PID:9808
- C:\Windows\System32\YimkDPo.exe
  C:\Windows\System32\YimkDPo.exe
  2⤵
  PID:9856
- C:\Windows\System32\fhoVNSh.exe
  C:\Windows\System32\fhoVNSh.exe
  2⤵
  PID:9872
- C:\Windows\System32\JIpxsRP.exe
  C:\Windows\System32\JIpxsRP.exe
  2⤵
  PID:9896
- C:\Windows\System32\xbzewlW.exe
  C:\Windows\System32\xbzewlW.exe
  2⤵
  PID:9932
- C:\Windows\System32\hLdJFJF.exe
  C:\Windows\System32\hLdJFJF.exe
  2⤵
  PID:9964
- C:\Windows\System32\iRLHAEX.exe
  C:\Windows\System32\iRLHAEX.exe
  2⤵
  PID:9996
- C:\Windows\System32\WGFWxFD.exe
  C:\Windows\System32\WGFWxFD.exe
  2⤵
  PID:10020
- C:\Windows\System32\WYztofV.exe
  C:\Windows\System32\WYztofV.exe
  2⤵
  PID:10048
- C:\Windows\System32\vtYJuNs.exe
  C:\Windows\System32\vtYJuNs.exe
  2⤵
  PID:10076
- C:\Windows\System32\arOumMS.exe
  C:\Windows\System32\arOumMS.exe
  2⤵
  PID:10096
- C:\Windows\System32\kJexhuD.exe
  C:\Windows\System32\kJexhuD.exe
  2⤵
  PID:10124
- C:\Windows\System32\cWuXjym.exe
  C:\Windows\System32\cWuXjym.exe
  2⤵
  PID:10168
- C:\Windows\System32\NJNHaTd.exe
  C:\Windows\System32\NJNHaTd.exe
  2⤵
  PID:10196
- C:\Windows\System32\HndSsWs.exe
  C:\Windows\System32\HndSsWs.exe
  2⤵
  PID:10212
- C:\Windows\System32\CSTQTTx.exe
  C:\Windows\System32\CSTQTTx.exe
  2⤵
  PID:9108
- C:\Windows\System32\RCvDMUM.exe
  C:\Windows\System32\RCvDMUM.exe
  2⤵
  PID:9340
- C:\Windows\System32\uvBVgGo.exe
  C:\Windows\System32\uvBVgGo.exe
  2⤵
  PID:9396
- C:\Windows\System32\hgxlVtk.exe
  C:\Windows\System32\hgxlVtk.exe
  2⤵
  PID:9456
- C:\Windows\System32\QmdPyft.exe
  C:\Windows\System32\QmdPyft.exe
  2⤵
  PID:9496
- C:\Windows\System32\FBlqbwz.exe
  C:\Windows\System32\FBlqbwz.exe
  2⤵
  PID:9560
- C:\Windows\System32\AoNEbqz.exe
  C:\Windows\System32\AoNEbqz.exe
  2⤵
  PID:9556
- C:\Windows\System32\QlkXUhQ.exe
  C:\Windows\System32\QlkXUhQ.exe
  2⤵
  PID:9732
- C:\Windows\System32\pdvqIkD.exe
  C:\Windows\System32\pdvqIkD.exe
  2⤵
  PID:9756
- C:\Windows\System32\QyridFz.exe
  C:\Windows\System32\QyridFz.exe
  2⤵
  PID:9824
- C:\Windows\System32\lgYwLgh.exe
  C:\Windows\System32\lgYwLgh.exe
  2⤵
  PID:9880
- C:\Windows\System32\hZjkJCp.exe
  C:\Windows\System32\hZjkJCp.exe
  2⤵
  PID:9960
- C:\Windows\System32\erugMFe.exe
  C:\Windows\System32\erugMFe.exe
  2⤵
  PID:10032
- C:\Windows\System32\ScCjCLk.exe
  C:\Windows\System32\ScCjCLk.exe
  2⤵
  PID:10108
- C:\Windows\System32\tpznSPF.exe
  C:\Windows\System32\tpznSPF.exe
  2⤵
  PID:10188
- C:\Windows\System32\OIKOxIF.exe
  C:\Windows\System32\OIKOxIF.exe
  2⤵
  PID:10224
- C:\Windows\System32\mhVckSx.exe
  C:\Windows\System32\mhVckSx.exe
  2⤵
  PID:9240
- C:\Windows\System32\GDNivvm.exe
  C:\Windows\System32\GDNivvm.exe
  2⤵
  PID:9488
- C:\Windows\System32\JQrjVAg.exe
  C:\Windows\System32\JQrjVAg.exe
  2⤵
  PID:9580
- C:\Windows\System32\QTVKvLc.exe
  C:\Windows\System32\QTVKvLc.exe
  2⤵
  PID:9720
- C:\Windows\System32\CnjTWzB.exe
  C:\Windows\System32\CnjTWzB.exe
  2⤵
  PID:9888
- C:\Windows\System32\koyVSoe.exe
  C:\Windows\System32\koyVSoe.exe
  2⤵
  PID:9956
- C:\Windows\System32\GzCoxXr.exe
  C:\Windows\System32\GzCoxXr.exe
  2⤵
  PID:10140
- C:\Windows\System32\jYNGCfC.exe
  C:\Windows\System32\jYNGCfC.exe
  2⤵
  PID:9244
- C:\Windows\System32\nbbDOYO.exe
  C:\Windows\System32\nbbDOYO.exe
  2⤵
  PID:9596
- C:\Windows\System32\kbKUtwe.exe
  C:\Windows\System32\kbKUtwe.exe
  2⤵
  PID:9800
- C:\Windows\System32\qhBHqGK.exe
  C:\Windows\System32\qhBHqGK.exe
  2⤵
  PID:10208
- C:\Windows\System32\baJaGxX.exe
  C:\Windows\System32\baJaGxX.exe
  2⤵
  PID:10260
- C:\Windows\System32\OUGWZOB.exe
  C:\Windows\System32\OUGWZOB.exe
  2⤵
  PID:10284
- C:\Windows\System32\TlWViWr.exe
  C:\Windows\System32\TlWViWr.exe
  2⤵
  PID:10308
- C:\Windows\System32\pQQUwQU.exe
  C:\Windows\System32\pQQUwQU.exe
  2⤵
  PID:10360
- C:\Windows\System32\ztkJida.exe
  C:\Windows\System32\ztkJida.exe
  2⤵
  PID:10404
- C:\Windows\System32\PYMIGjX.exe
  C:\Windows\System32\PYMIGjX.exe
  2⤵
  PID:10432
- C:\Windows\System32\pcZsiho.exe
  C:\Windows\System32\pcZsiho.exe
  2⤵
  PID:10476
- C:\Windows\System32\INIwAaG.exe
  C:\Windows\System32\INIwAaG.exe
  2⤵
  PID:10504
- C:\Windows\System32\vTKzxTX.exe
  C:\Windows\System32\vTKzxTX.exe
  2⤵
  PID:10520
- C:\Windows\System32\VARNqoh.exe
  C:\Windows\System32\VARNqoh.exe
  2⤵
  PID:10560
- C:\Windows\System32\hZsywCZ.exe
  C:\Windows\System32\hZsywCZ.exe
  2⤵
  PID:10580
- C:\Windows\System32\LYsnLhy.exe
  C:\Windows\System32\LYsnLhy.exe
  2⤵
  PID:10608
- C:\Windows\System32\KiIZcbR.exe
  C:\Windows\System32\KiIZcbR.exe
  2⤵
  PID:10624
- C:\Windows\System32\UsbZwhL.exe
  C:\Windows\System32\UsbZwhL.exe
  2⤵
  PID:10676
- C:\Windows\System32\VYdhOpS.exe
  C:\Windows\System32\VYdhOpS.exe
  2⤵
  PID:10700
- C:\Windows\System32\eSZifcz.exe
  C:\Windows\System32\eSZifcz.exe
  2⤵
  PID:10732
- C:\Windows\System32\YYMUMfj.exe
  C:\Windows\System32\YYMUMfj.exe
  2⤵
  PID:10756
- C:\Windows\System32\FTAYTPK.exe
  C:\Windows\System32\FTAYTPK.exe
  2⤵
  PID:10788
- C:\Windows\System32\aIVPBEw.exe
  C:\Windows\System32\aIVPBEw.exe
  2⤵
  PID:10804
- C:\Windows\System32\LecGDzR.exe
  C:\Windows\System32\LecGDzR.exe
  2⤵
  PID:10844
- C:\Windows\System32\lIOFXmv.exe
  C:\Windows\System32\lIOFXmv.exe
  2⤵
  PID:10872
- C:\Windows\System32\kFPCAJT.exe
  C:\Windows\System32\kFPCAJT.exe
  2⤵
  PID:10888
- C:\Windows\System32\LIkIvGC.exe
  C:\Windows\System32\LIkIvGC.exe
  2⤵
  PID:10916
- C:\Windows\System32\OsTqJbX.exe
  C:\Windows\System32\OsTqJbX.exe
  2⤵
  PID:10944
- C:\Windows\System32\wRgSyLY.exe
  C:\Windows\System32\wRgSyLY.exe
  2⤵
  PID:10964
- C:\Windows\System32\MhSDQKs.exe
  C:\Windows\System32\MhSDQKs.exe
  2⤵
  PID:11060
- C:\Windows\System32\sekYuVq.exe
  C:\Windows\System32\sekYuVq.exe
  2⤵
  PID:11088
- C:\Windows\System32\PuzzECr.exe
  C:\Windows\System32\PuzzECr.exe
  2⤵
  PID:11164
- C:\Windows\System32\KQlAFPi.exe
  C:\Windows\System32\KQlAFPi.exe
  2⤵
  PID:11180
- C:\Windows\System32\pNOAmlM.exe
  C:\Windows\System32\pNOAmlM.exe
  2⤵
  PID:11208
- C:\Windows\System32\miDoVea.exe
  C:\Windows\System32\miDoVea.exe
  2⤵
  PID:11228
- C:\Windows\System32\hhgEUfC.exe
  C:\Windows\System32\hhgEUfC.exe
  2⤵
  PID:9420
- C:\Windows\System32\HdBmRvX.exe
  C:\Windows\System32\HdBmRvX.exe
  2⤵
  PID:9988
- C:\Windows\System32\TeMTzXE.exe
  C:\Windows\System32\TeMTzXE.exe
  2⤵
  PID:10280
- C:\Windows\System32\nEIVmyV.exe
  C:\Windows\System32\nEIVmyV.exe
  2⤵
  PID:10324
- C:\Windows\System32\MuKkPVR.exe
  C:\Windows\System32\MuKkPVR.exe
  2⤵
  PID:10392
- C:\Windows\System32\OASounO.exe
  C:\Windows\System32\OASounO.exe
  2⤵
  PID:10452
- C:\Windows\System32\KnHlpmZ.exe
  C:\Windows\System32\KnHlpmZ.exe
  2⤵
  PID:10516
- C:\Windows\System32\mnNoear.exe
  C:\Windows\System32\mnNoear.exe
  2⤵
  PID:10600
- C:\Windows\System32\neVuTDs.exe
  C:\Windows\System32\neVuTDs.exe
  2⤵
  PID:10664
- C:\Windows\System32\uAptkCp.exe
  C:\Windows\System32\uAptkCp.exe
  2⤵
  PID:10764
- C:\Windows\System32\trtRfYo.exe
  C:\Windows\System32\trtRfYo.exe
  2⤵
  PID:10796
- C:\Windows\System32\OzELFUf.exe
  C:\Windows\System32\OzELFUf.exe
  2⤵
  PID:10856
- C:\Windows\System32\FSWLjCr.exe
  C:\Windows\System32\FSWLjCr.exe
  2⤵
  PID:10880
- C:\Windows\System32\DaNUjrV.exe
  C:\Windows\System32\DaNUjrV.exe
  2⤵
  PID:11040
- C:\Windows\System32\XSqJZLG.exe
  C:\Windows\System32\XSqJZLG.exe
  2⤵
  PID:10984
- C:\Windows\System32\QYHRNkK.exe
  C:\Windows\System32\QYHRNkK.exe
  2⤵
  PID:11008
- C:\Windows\System32\YXrummM.exe
  C:\Windows\System32\YXrummM.exe
  2⤵
  PID:11044
- C:\Windows\System32\AgPZvGW.exe
  C:\Windows\System32\AgPZvGW.exe
  2⤵
  PID:11084
- C:\Windows\System32\glbSMEx.exe
  C:\Windows\System32\glbSMEx.exe
  2⤵
  PID:11160
- C:\Windows\System32\uNgTFub.exe
  C:\Windows\System32\uNgTFub.exe
  2⤵
  PID:11200
- C:\Windows\System32\KkCJAwR.exe
  C:\Windows\System32\KkCJAwR.exe
  2⤵
  PID:10296
- C:\Windows\System32\iPEOOUG.exe
  C:\Windows\System32\iPEOOUG.exe
  2⤵
  PID:10388
- C:\Windows\System32\lJFEMMT.exe
  C:\Windows\System32\lJFEMMT.exe
  2⤵
  PID:10572
- C:\Windows\System32\GXaILQq.exe
  C:\Windows\System32\GXaILQq.exe
  2⤵
  PID:10724
- C:\Windows\System32\zBgaTYv.exe
  C:\Windows\System32\zBgaTYv.exe
  2⤵
  PID:10912
- C:\Windows\System32\zZIMvaK.exe
  C:\Windows\System32\zZIMvaK.exe
  2⤵
  PID:10992
- C:\Windows\System32\YivGGIb.exe
  C:\Windows\System32\YivGGIb.exe
  2⤵
  PID:11224
- C:\Windows\System32\nfdnGaU.exe
  C:\Windows\System32\nfdnGaU.exe
  2⤵
  PID:10244
- C:\Windows\System32\siYQdRe.exe
  C:\Windows\System32\siYQdRe.exe
  2⤵
  PID:10660
- C:\Windows\System32\nNArxAL.exe
  C:\Windows\System32\nNArxAL.exe
  2⤵
  PID:11096
- C:\Windows\System32\hpKuFsf.exe
  C:\Windows\System32\hpKuFsf.exe
  2⤵
  PID:11136
- C:\Windows\System32\yiIERVm.exe
  C:\Windows\System32\yiIERVm.exe
  2⤵
  PID:11068
- C:\Windows\System32\dRzdPdf.exe
  C:\Windows\System32\dRzdPdf.exe
  2⤵
  PID:10640
- C:\Windows\System32\YQtJWJm.exe
  C:\Windows\System32\YQtJWJm.exe
  2⤵
  PID:11296
- C:\Windows\System32\yNkLZNo.exe
  C:\Windows\System32\yNkLZNo.exe
  2⤵
  PID:11312
- C:\Windows\System32\wCnEGaj.exe
  C:\Windows\System32\wCnEGaj.exe
  2⤵
  PID:11352
- C:\Windows\System32\enLFgag.exe
  C:\Windows\System32\enLFgag.exe
  2⤵
  PID:11376
- C:\Windows\System32\RAlscKU.exe
  C:\Windows\System32\RAlscKU.exe
  2⤵
  PID:11396
- C:\Windows\System32\nZEEhik.exe
  C:\Windows\System32\nZEEhik.exe
  2⤵
  PID:11416
- C:\Windows\System32\uZwHenY.exe
  C:\Windows\System32\uZwHenY.exe
  2⤵
  PID:11436
- C:\Windows\System32\oKbHTTb.exe
  C:\Windows\System32\oKbHTTb.exe
  2⤵
  PID:11460
- C:\Windows\System32\SZyEXvE.exe
  C:\Windows\System32\SZyEXvE.exe
  2⤵
  PID:11476
- C:\Windows\System32\BAUNjGc.exe
  C:\Windows\System32\BAUNjGc.exe
  2⤵
  PID:11504
- C:\Windows\System32\nLlOgco.exe
  C:\Windows\System32\nLlOgco.exe
  2⤵
  PID:11560
- C:\Windows\System32\QeGlcVn.exe
  C:\Windows\System32\QeGlcVn.exe
  2⤵
  PID:11608
- C:\Windows\System32\KgzSNGU.exe
  C:\Windows\System32\KgzSNGU.exe
  2⤵
  PID:11632
- C:\Windows\System32\AHZUvLS.exe
  C:\Windows\System32\AHZUvLS.exe
  2⤵
  PID:11652
- C:\Windows\System32\XjMwlDx.exe
  C:\Windows\System32\XjMwlDx.exe
  2⤵
  PID:11692
- C:\Windows\System32\jOZzIvQ.exe
  C:\Windows\System32\jOZzIvQ.exe
  2⤵
  PID:11712
- C:\Windows\System32\Cehvbfh.exe
  C:\Windows\System32\Cehvbfh.exe
  2⤵
  PID:11748
- C:\Windows\System32\kKrmYAk.exe
  C:\Windows\System32\kKrmYAk.exe
  2⤵
  PID:11764
- C:\Windows\System32\VrbfTbE.exe
  C:\Windows\System32\VrbfTbE.exe
  2⤵
  PID:11792
- C:\Windows\System32\anlgYCt.exe
  C:\Windows\System32\anlgYCt.exe
  2⤵
  PID:11836
- C:\Windows\System32\QKgWUdd.exe
  C:\Windows\System32\QKgWUdd.exe
  2⤵
  PID:11860
- C:\Windows\System32\ndbYhvq.exe
  C:\Windows\System32\ndbYhvq.exe
  2⤵
  PID:11892
- C:\Windows\System32\GfihUNf.exe
  C:\Windows\System32\GfihUNf.exe
  2⤵
  PID:11908
- C:\Windows\System32\bPwHPTj.exe
  C:\Windows\System32\bPwHPTj.exe
  2⤵
  PID:11948
- C:\Windows\System32\lkKclxa.exe
  C:\Windows\System32\lkKclxa.exe
  2⤵
  PID:11964
- C:\Windows\System32\hHmQMeS.exe
  C:\Windows\System32\hHmQMeS.exe
  2⤵
  PID:12004
- C:\Windows\System32\NSJRApH.exe
  C:\Windows\System32\NSJRApH.exe
  2⤵
  PID:12020
- C:\Windows\System32\uJlNpsg.exe
  C:\Windows\System32\uJlNpsg.exe
  2⤵
  PID:12044
- C:\Windows\System32\USaEHaJ.exe
  C:\Windows\System32\USaEHaJ.exe
  2⤵
  PID:12072
- C:\Windows\System32\NFIrAPW.exe
  C:\Windows\System32\NFIrAPW.exe
  2⤵
  PID:12096
- C:\Windows\System32\DnjlpiO.exe
  C:\Windows\System32\DnjlpiO.exe
  2⤵
  PID:12144
- C:\Windows\System32\NKoJPlB.exe
  C:\Windows\System32\NKoJPlB.exe
  2⤵
  PID:12164
- C:\Windows\System32\xLNbirX.exe
  C:\Windows\System32\xLNbirX.exe
  2⤵
  PID:12188
- C:\Windows\System32\ApELcQm.exe
  C:\Windows\System32\ApELcQm.exe
  2⤵
  PID:12228
- C:\Windows\System32\kslZiiu.exe
  C:\Windows\System32\kslZiiu.exe
  2⤵
  PID:12256
- C:\Windows\System32\HPjlOWE.exe
  C:\Windows\System32\HPjlOWE.exe
  2⤵
  PID:12276
- C:\Windows\System32\zqLlAfh.exe
  C:\Windows\System32\zqLlAfh.exe
  2⤵
  PID:11308
- C:\Windows\System32\SgMAtKg.exe
  C:\Windows\System32\SgMAtKg.exe
  2⤵
  PID:11324
- C:\Windows\System32\CvUNXVE.exe
  C:\Windows\System32\CvUNXVE.exe
  2⤵
  PID:11428
- C:\Windows\System32\veEjqAy.exe
  C:\Windows\System32\veEjqAy.exe
  2⤵
  PID:11500
- C:\Windows\System32\bTbCipy.exe
  C:\Windows\System32\bTbCipy.exe
  2⤵
  PID:11548
- C:\Windows\System32\VeUdJpj.exe
  C:\Windows\System32\VeUdJpj.exe
  2⤵
  PID:11640
- C:\Windows\System32\IWuynTo.exe
  C:\Windows\System32\IWuynTo.exe
  2⤵
  PID:11708
- C:\Windows\System32\qYoQCHl.exe
  C:\Windows\System32\qYoQCHl.exe
  2⤵
  PID:11736
- C:\Windows\System32\lIytynb.exe
  C:\Windows\System32\lIytynb.exe
  2⤵
  PID:11780
- C:\Windows\System32\wTjWUbn.exe
  C:\Windows\System32\wTjWUbn.exe
  2⤵
  PID:11828
- C:\Windows\System32\plkdHRN.exe
  C:\Windows\System32\plkdHRN.exe
  2⤵
  PID:11932
- C:\Windows\System32\SvEusTH.exe
  C:\Windows\System32\SvEusTH.exe
  2⤵
  PID:11980
- C:\Windows\System32\zqVCcvK.exe
  C:\Windows\System32\zqVCcvK.exe
  2⤵
  PID:12116
- C:\Windows\System32\xxTPMOF.exe
  C:\Windows\System32\xxTPMOF.exe
  2⤵
  PID:12152
- C:\Windows\System32\XDeJvNX.exe
  C:\Windows\System32\XDeJvNX.exe
  2⤵
  PID:12240
- C:\Windows\System32\TaigjON.exe
  C:\Windows\System32\TaigjON.exe
  2⤵
  PID:12284
- C:\Windows\System32\kcisXLo.exe
  C:\Windows\System32\kcisXLo.exe
  2⤵
  PID:11372
- C:\Windows\System32\hhhUirc.exe
  C:\Windows\System32\hhhUirc.exe
  2⤵
  PID:11448
- C:\Windows\System32\FKwguXV.exe
  C:\Windows\System32\FKwguXV.exe
  2⤵
  PID:11644
- C:\Windows\System32\rrHkFog.exe
  C:\Windows\System32\rrHkFog.exe
  2⤵
  PID:11668
- C:\Windows\System32\uvkSBvz.exe
  C:\Windows\System32\uvkSBvz.exe
  2⤵
  PID:11852
- C:\Windows\System32\AgXhfsa.exe
  C:\Windows\System32\AgXhfsa.exe
  2⤵
  PID:12060
- C:\Windows\System32\FEPzzcU.exe
  C:\Windows\System32\FEPzzcU.exe
  2⤵
  PID:11328
- C:\Windows\System32\zhnxAAV.exe
  C:\Windows\System32\zhnxAAV.exe
  2⤵
  PID:11720
- C:\Windows\System32\uHTGBxZ.exe
  C:\Windows\System32\uHTGBxZ.exe
  2⤵
  PID:12012
- C:\Windows\System32\aRLhrlU.exe
  C:\Windows\System32\aRLhrlU.exe
  2⤵
  PID:12296
- C:\Windows\System32\wZUNMMh.exe
  C:\Windows\System32\wZUNMMh.exe
  2⤵
  PID:12312
- C:\Windows\System32\bTdOYFI.exe
  C:\Windows\System32\bTdOYFI.exe
  2⤵
  PID:12352
- C:\Windows\System32\qVONQeD.exe
  C:\Windows\System32\qVONQeD.exe
  2⤵
  PID:12368
- C:\Windows\System32\IQWDpDp.exe
  C:\Windows\System32\IQWDpDp.exe
  2⤵
  PID:12388
- C:\Windows\System32\IRYtZOs.exe
  C:\Windows\System32\IRYtZOs.exe
  2⤵
  PID:12412
- C:\Windows\System32\bxLjqRK.exe
  C:\Windows\System32\bxLjqRK.exe
  2⤵
  PID:12460
- C:\Windows\System32\BeNmijv.exe
  C:\Windows\System32\BeNmijv.exe
  2⤵
  PID:12488
- C:\Windows\System32\HFeBvDt.exe
  C:\Windows\System32\HFeBvDt.exe
  2⤵
  PID:12520
- C:\Windows\System32\XJQawIr.exe
  C:\Windows\System32\XJQawIr.exe
  2⤵
  PID:12536
- C:\Windows\System32\KtedeMd.exe
  C:\Windows\System32\KtedeMd.exe
  2⤵
  PID:12560
- C:\Windows\System32\FeitgYY.exe
  C:\Windows\System32\FeitgYY.exe
  2⤵
  PID:12588
- C:\Windows\System32\ERDvtLZ.exe
  C:\Windows\System32\ERDvtLZ.exe
  2⤵
  PID:12608
- C:\Windows\System32\OPBBxWI.exe
  C:\Windows\System32\OPBBxWI.exe
  2⤵
  PID:12644
- C:\Windows\System32\GUMXcEc.exe
  C:\Windows\System32\GUMXcEc.exe
  2⤵
  PID:12668
- C:\Windows\System32\EbZhOsV.exe
  C:\Windows\System32\EbZhOsV.exe
  2⤵
  PID:12688
- C:\Windows\System32\LOQhKmb.exe
  C:\Windows\System32\LOQhKmb.exe
  2⤵
  PID:12712
- C:\Windows\System32\pOnIiiv.exe
  C:\Windows\System32\pOnIiiv.exe
  2⤵
  PID:12736
- C:\Windows\System32\avoTUqB.exe
  C:\Windows\System32\avoTUqB.exe
  2⤵
  PID:12776
- C:\Windows\System32\VMLvdSP.exe
  C:\Windows\System32\VMLvdSP.exe
  2⤵
  PID:12808
- C:\Windows\System32\KvwjycG.exe
  C:\Windows\System32\KvwjycG.exe
  2⤵
  PID:12824
- C:\Windows\System32\VoIDGdw.exe
  C:\Windows\System32\VoIDGdw.exe
  2⤵
  PID:12852
- C:\Windows\System32\trzvjIN.exe
  C:\Windows\System32\trzvjIN.exe
  2⤵
  PID:12876
- C:\Windows\System32\JSVORZP.exe
  C:\Windows\System32\JSVORZP.exe
  2⤵
  PID:12920
- C:\Windows\System32\CcofIYd.exe
  C:\Windows\System32\CcofIYd.exe
  2⤵
  PID:12948
- C:\Windows\System32\ympHEZo.exe
  C:\Windows\System32\ympHEZo.exe
  2⤵
  PID:12964
- C:\Windows\System32\eFvGZmk.exe
  C:\Windows\System32\eFvGZmk.exe
  2⤵
  PID:13020
- C:\Windows\System32\SsRXKlb.exe
  C:\Windows\System32\SsRXKlb.exe
  2⤵
  PID:13040
- C:\Windows\System32\QjSwZme.exe
  C:\Windows\System32\QjSwZme.exe
  2⤵
  PID:13060
- C:\Windows\System32\MXgAKwm.exe
  C:\Windows\System32\MXgAKwm.exe
  2⤵
  PID:13084
- C:\Windows\System32\cYpcZUw.exe
  C:\Windows\System32\cYpcZUw.exe
  2⤵
  PID:13100
- C:\Windows\System32\nEKvkIf.exe
  C:\Windows\System32\nEKvkIf.exe
  2⤵
  PID:13120
- C:\Windows\System32\oXLzJnW.exe
  C:\Windows\System32\oXLzJnW.exe
  2⤵
  PID:13144
- C:\Windows\System32\vIRWmIp.exe
  C:\Windows\System32\vIRWmIp.exe
  2⤵
  PID:13180
- C:\Windows\System32\PZfGKmd.exe
  C:\Windows\System32\PZfGKmd.exe
  2⤵
  PID:13224
- C:\Windows\System32\fcTZppO.exe
  C:\Windows\System32\fcTZppO.exe
  2⤵
  PID:13264
- C:\Windows\System32\HBPnCcF.exe
  C:\Windows\System32\HBPnCcF.exe
  2⤵
  PID:13292
- C:\Windows\System32\nltcZGL.exe
  C:\Windows\System32\nltcZGL.exe
  2⤵
  PID:12212
- C:\Windows\System32\ejhDnXy.exe
  C:\Windows\System32\ejhDnXy.exe
  2⤵
  PID:12364
- C:\Windows\System32\PfucSsV.exe
  C:\Windows\System32\PfucSsV.exe
  2⤵
  PID:12400
- C:\Windows\System32\nAynUbv.exe
  C:\Windows\System32\nAynUbv.exe
  2⤵
  PID:12500
- C:\Windows\System32\jjcLKHI.exe
  C:\Windows\System32\jjcLKHI.exe
  2⤵
  PID:12532
- C:\Windows\System32\IAmhZEo.exe
  C:\Windows\System32\IAmhZEo.exe
  2⤵
  PID:12624
- C:\Windows\System32\grCQlhm.exe
  C:\Windows\System32\grCQlhm.exe
  2⤵
  PID:12704
- C:\Windows\System32\PeOdWyM.exe
  C:\Windows\System32\PeOdWyM.exe
  2⤵
  PID:12632
- C:\Windows\System32\NHkQJbb.exe
  C:\Windows\System32\NHkQJbb.exe
  2⤵
  PID:12804
- C:\Windows\System32\fRGxbPT.exe
  C:\Windows\System32\fRGxbPT.exe
  2⤵
  PID:12844
- C:\Windows\System32\wFGMWcO.exe
  C:\Windows\System32\wFGMWcO.exe
  2⤵
  PID:12908
- C:\Windows\System32\SMIaRVo.exe
  C:\Windows\System32\SMIaRVo.exe
  2⤵
  PID:12972
- C:\Windows\System32\FSuJfTL.exe
  C:\Windows\System32\FSuJfTL.exe
  2⤵
  PID:13056
- C:\Windows\System32\eOthrAv.exe
  C:\Windows\System32\eOthrAv.exe
  2⤵
  PID:13140
- C:\Windows\System32\SQsQWPR.exe
  C:\Windows\System32\SQsQWPR.exe
  2⤵
  PID:13212
- C:\Windows\System32\jHyfnkn.exe
  C:\Windows\System32\jHyfnkn.exe
  2⤵
  PID:13280
- C:\Windows\System32\KLOBeYX.exe
  C:\Windows\System32\KLOBeYX.exe
  2⤵
  PID:13300
- C:\Windows\System32\oRazdfQ.exe
  C:\Windows\System32\oRazdfQ.exe
  2⤵
  PID:12344
- C:\Windows\System32\cLiykGf.exe
  C:\Windows\System32\cLiykGf.exe
  2⤵
  PID:12552
- C:\Windows\System32\Ugilack.exe
  C:\Windows\System32\Ugilack.exe
  2⤵
  PID:12684
- C:\Windows\System32\JtUoLME.exe
  C:\Windows\System32\JtUoLME.exe
  2⤵
  PID:12864
- C:\Windows\System32\EYasDDK.exe
  C:\Windows\System32\EYasDDK.exe
  2⤵
  PID:12940
- C:\Windows\System32\VINtAGA.exe
  C:\Windows\System32\VINtAGA.exe
  2⤵
  PID:13200
- C:\Windows\System32\QyZdmTA.exe
  C:\Windows\System32\QyZdmTA.exe
  2⤵
  PID:12836
- C:\Windows\System32\qKTdBBk.exe
  C:\Windows\System32\qKTdBBk.exe
  2⤵
  PID:13076
- C:\Windows\System32\UuXLkib.exe
  C:\Windows\System32\UuXLkib.exe
  2⤵
  PID:11472

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AQcdhBl.exe

Filesize
1.2MB

MD5
02799ae11dab561beedd68b468d9cd9f

SHA1
16a842826a889328dea39f97e2f830c6f083a728

SHA256
d27c45276b9b97c8ee1b218beba7cf94513d3fe8caf2b60d63ef9c6e28014649

SHA512
0dd9920c9d0b5f525078d49cef013242c9dbc82108f4760c457c3ffe692a1c74b31986707e81d04ddb76f3772558a9d9adda60cfaad35f90ec323767aa3d6e2b

Download Submit
C:\Windows\System32\BIKmlVL.exe

Filesize
1.2MB

MD5
c126d0b9e4b63cb566ecdb45bff5f7bf

SHA1
a6f3bc9cc849deb6983028d1b87ea8d4f08ed7c7

SHA256
b46ff89d6129a5e61751a5e4ea54087a0609584b7978cfd2482451490b1c995e

SHA512
ecd8c9289a2e456c564907ea03065150905f368707f14d111f8ddff810ce16d915764b2ab9b9452a427ec15ece51e3bace158cc5a1ea6c8aa59fcc5245164523

Download Submit
C:\Windows\System32\BPqMTMS.exe

Filesize
1.2MB

MD5
55d185637bb0217e0d3f0ff69c7fafaa

SHA1
7497622d28f16c7dad82e1eae63a38ce3fc330ef

SHA256
9d3cd384c79fa84da59bc9acd1f1f18b1706c4520c9897d26cf53fbd6b228439

SHA512
1d2e0c0d534a9e5935bbe5fecb35d104b0c52c8804e2497bb1dcca6e4fa2a1f0000835fb73deeec68f447b2ed6be6b3f3f345b59a21af0ab25e92836d5e9a250

Download Submit
C:\Windows\System32\CHqIcQj.exe

Filesize
1.2MB

MD5
53226ee55495cd907a0d3a27059b3bdc

SHA1
a14ebaa701522b5235430be1899d6a8fd95ac6ec

SHA256
6d9d81eca692fcb23fd8ed7d96f6f7d75d675e54336bf1a1f9b7da3f1872d04b

SHA512
4a6b9e2c910407e2515dbdba0459e633acd77ff59e4147c360093349de0e28b1d7164c33842ea7163ce9ab8482f9a3e55167b92ffb771e5ecf8d8d6f29a71fd1

Download Submit
C:\Windows\System32\CwuKdxz.exe

Filesize
1.2MB

MD5
e10bacc557062a88fd5b2e793e4f6764

SHA1
4768d74d7efa4f6eafbf3440bc75655268dd7c53

SHA256
04f6914b3406a130b002f2a8f1e31e8b57db01fcbb4a147df545d337045e7d0b

SHA512
049f6b4214dc848fa9e1d9630c3cc94621add0323d1a63124c2ba146260c86be6eee24cbe29c96eb9970e5014535401eedf4d8cae34b7999d20b2b721b006cdc

Download Submit
C:\Windows\System32\DndHXAp.exe

Filesize
1.2MB

MD5
76c9005f04bb8676797d4b7f784b126a

SHA1
47f6a6aef69c7eb3534f16efc69eb9e438cbf036

SHA256
d89b88bed7dd9c791058b49c1167e5eacb25099dc899d4689fb231d0add3975e

SHA512
4f47bf5d1872a493faa83ec2b43d996d6f4420845c199744f9d9e7b5b0e801a917499a991cef9d5a92af1bfec373bc2236f1a2ef9cd34e3620321db5633f2567

Download Submit
C:\Windows\System32\ECSwZoS.exe

Filesize
1.2MB

MD5
8957b787b1dca908bc7535b671902951

SHA1
ee90c559d8c8654847ff4233b861a53122f28590

SHA256
db70d0fd7d4027c9040491e5b3f0267f934e0e53c9611610a30c0b94bc63d688

SHA512
2ab119589f3038f47f73925523540f414efe866ed75127b653d4d6c01910bf2268a3a32b193323264b0da9b1f07ed688abead794713e3c821c445ba1df022eac

Download Submit
C:\Windows\System32\FBUPwoT.exe

Filesize
1.2MB

MD5
f52d94e120f660909a70db947dab76f6

SHA1
9f2db9581f29df4a763a00b823855e05f0565c3c

SHA256
b2093c4c8f5fd9828dc6f253cbe289767c7822e4f099dc4d9c85a9abb059ec63

SHA512
cdc4830cb924a8e81df129b986830335f6442002ac636489109fab2b76280502f0ad7824d0978d88c4d889a24c526fa04904915538fdd1d0ac45cd7fd7126c52

Download Submit
C:\Windows\System32\FxbRYTZ.exe

Filesize
1.2MB

MD5
ef5d89b048369dee82e3445d1fddd4a9

SHA1
a42f3c7e79d48a0aaea80c56ca8721a0c48a32da

SHA256
7b5d4bb0f430cee2783c9c36443ed9baedaf88d8d57f0a88afdf2076d3e7175f

SHA512
527c0c8d11708e53d36d036f1ad53059396084d75cc13731f026f7434e484b93f1343293869a608b5a7ed626a9e46b535856a46f18c25461c1e2e95a604cbd34

Download Submit
C:\Windows\System32\FyOYEYW.exe

Filesize
1.2MB

MD5
3ddb85c8aeabbedcc5cfeac1bacac9a1

SHA1
b561bcc8cca6e66dc5b219a20398f577764d2add

SHA256
051fb9262c8ccb3f571e3d9f4c66c421c63786ba9fb54c31e2584387f30e3b57

SHA512
206c1a3786a978e253ae205cb5434cd33954a78854fece8c6574b0e223703c8351fa3518a9188df482a63fccec5199e71838e2a9684fe1bcc8004750ddec7515

Download Submit
C:\Windows\System32\HGYndyk.exe

Filesize
1.2MB

MD5
c7c932d1eb026a49962bdbf62915b637

SHA1
776087c8791dea3e453dc82d78fb1e28a8769175

SHA256
af7e54d8b08317629d3d7d1982adef493933c0a4fb8e3e9e644299b312690762

SHA512
28a9a2fd46c86814b72775f5e0165c174c94a16728645853b6dac6099345a4f4a83768dc2ba0c6e32d6f5e495515b720fc7813603c2bb43c8f58f4c3954df854

Download Submit
C:\Windows\System32\IEOjipF.exe

Filesize
1.2MB

MD5
ba6fde430608f3ba4c1af2970b00e7ce

SHA1
1e374683622bbbb91f38912f39947f0e76a72b81

SHA256
aafb533149980095f66d04c33620a0c552d2004972771ee8bd961ed2eef0e2ec

SHA512
5fabd13388e0bde0961675daddfb38d8f62fa46fb55b65877a9398834c3443c9173a6b2599c77682adc6ba165b08052cf89d8a49a60cb39cbdd218833f78f6df

Download Submit
C:\Windows\System32\PaZmbTE.exe

Filesize
1.2MB

MD5
2f043b5cc82b6c84b8e594d37a067463

SHA1
e79dd0891e9b300f14aac67a29408d4190240423

SHA256
7e410b95b576617682984cbd58f38959de9645472f919a9a80ec89ba3a0a8546

SHA512
afa72380daa52fcfd0db537238fac883dec3f376f83755ee55d3061e03e84a73c98a2b00873cfba8bf73bd650a3e3a707529d2d6c2ef06ad7a0db29b9400d7d5

Download Submit
C:\Windows\System32\PjdwbBP.exe

Filesize
1.2MB

MD5
d697291d333bfb8f56a000f29150b7bc

SHA1
812e7623bffce0ada10a88d8293892917db284b2

SHA256
19325b207ee3583958acfa7dfe66eddf61510426aa99f4a494b676c2cf304947

SHA512
d1dcfd95efe024abaaf5819333c7dffc043b1b743e5edd43357b29cd9b00e04429887a0cc3f55b64f623401df5b8735f5a9b46a7e67e05ac7658fb1206e43bb8

Download Submit
C:\Windows\System32\QJipbVY.exe

Filesize
1.2MB

MD5
20e7fe1275d3fcd45271f88a3b2cd8de

SHA1
f9174ef22130bbbb54ead11ee2d0310e3dccac6c

SHA256
455077933f1304024b9c5d5787c8859da1c05e44e7dad6e50441995543e6a9d2

SHA512
289024f12dc845d49f300aee052974a19ece1c48337bfbf60b76aa052cda441758694a2c27b75a6af68bd94b71b91486e39829cc0993074dacc2cb230cd363bd

Download Submit
C:\Windows\System32\SJMTUbh.exe

Filesize
1.2MB

MD5
08b1387fab94d3e99f610e35c0740892

SHA1
09aa1357b1b316e24ff7a45320286d8be9715b30

SHA256
48a21a202606c55b83559191cb2cdeafef0604d2b1b5ad9235d45c8c014c8c93

SHA512
ada4fa4717568c14ce61e39bc645fa712ac3f318ac4e5260d003653402cbf5d023b8346815b44cfdf18278f8ff0299d506c04900ca76cb1790ccfc577e02c799

Download Submit
C:\Windows\System32\WAIHrig.exe

Filesize
1.2MB

MD5
63e1833dc2eec0d74c1080a0ffdb001e

SHA1
da4a9b310de27837adef9d930066d16f3f8f3fcd

SHA256
5e43a8f2fe880864d93fb4e847c11b21ddc854730c7a5faa78f0e48d056b96e9

SHA512
22e8a6df80a872ba1c3d8acc4ab695edfcf87a61bad47a82491bdb9aedb0cb14a290d67a46b21a14221bee27836b0b39ae3b9747f4be8d33310d683d3a77f3cd

Download Submit
C:\Windows\System32\YqNrkEI.exe

Filesize
1.2MB

MD5
7f439c1c04e748fa77c24fbe35fa587d

SHA1
1843a0a9afd9c758edef193a7428fd1dfd981948

SHA256
3ba88b9129667d82ea780506057cc8e54dfcb75e37bd3c014c88c38189085ea2

SHA512
fbd45f1690c6969c69d600c8c50abb9ac14507064bcc143ae69ee4834e75892b24abd67eea453a2729c7c0ef402ba4c41124e053eade2d4ff7c32e446fcc49b8

Download Submit
C:\Windows\System32\abIcmzj.exe

Filesize
1.2MB

MD5
98fac15729b138b29f7f393ad691250b

SHA1
e2753ea35ad7f96994dadd623182e34e04a3ccda

SHA256
2b899da07b01208172ea9dbcf89ad2494be8b82121d8be3b76ef43a215ce930e

SHA512
a30b50265d76e1d9980e6195218b6c3472834d11d94520766be0f9ac3499c760bb21f1ad592eb979a6b9ce378b1240f091f4c631f2a7084e756f59ce372f19a4

Download Submit
C:\Windows\System32\bpKzPfC.exe

Filesize
1.2MB

MD5
63a84e07f07fd80ba3149423352d9d1b

SHA1
c692ced0d4448b445aaee9cb1ee9e85f4fed698e

SHA256
40d3fc003954b7ad855c8a4b53741e0ca942148f7dd4449d8899592e0080d704

SHA512
f1f34f5ce5194aabd02f0e8d01eabd1062c4dac3aba7932ba25cf1fa992cf2d6e9de3b1633cbf9e7b83e49dee37b110eb9657230b2987253d3ec74bb5738dd8e

Download Submit
C:\Windows\System32\ddCiONz.exe

Filesize
1.2MB

MD5
986e03b7c14dd83cfbfd5a4725c8fc91

SHA1
d9e7c585069400c42dd5f450a895aa918375386f

SHA256
2df34a6c471490961c861eac1971c3a1adc421078b900dd91bb77502a236c968

SHA512
9848a6985dfa86eb4985031051649749cb39453f569f943bd0e125266c43ad8859664a8110b5556590e84caf1ddbba4b9494bd58499bb697886cbc8fab21457b

Download Submit
C:\Windows\System32\fjBbZCX.exe

Filesize
1.2MB

MD5
d91532941e11a488ad0e90f4abed7858

SHA1
03d2c1b04694bdcd54bc3d8260d2aa493b563cc5

SHA256
312f6e3c43e435e62691ed47d3ff34ae2b78098002b361c66b454881b9032ee1

SHA512
bc7e351a2b958efae03c9e41d0186b2d310520bd9ea7f245d82c4eade5d8e29cb87eb349ec2780b9a5d6d29d26f87f33b5be9b10cfd7d375e9ebf3b0cf8fabff

Download Submit
C:\Windows\System32\fkRqSwz.exe

Filesize
1.2MB

MD5
3893575e78052f87fccbba84ebacc878

SHA1
e039bc6d1e37dcbb1b5152443e9215a1655c042d

SHA256
34512e64daa159bfb3229ce5a746d47f79d3e2c858fabecf3a08b1072b657549

SHA512
e9a3959c63be47e774e6e514a1e5e47d96a176fbb31797f65710a5d6b9b23f4ea5ece27ae93c759954c5dee5568476b73c5a9fa2e962cd77fe6e675bcb50a83a

Download Submit
C:\Windows\System32\kAilmJE.exe

Filesize
1.2MB

MD5
1497a27f070f172fbf1831980bf67a55

SHA1
a1c7602c629414e11adc0cdc25eaf0dfe050523f

SHA256
98b7e75785a1de890bf5c84347cbbca82932b7ee77ff99aaf5f3559f43f4094b

SHA512
913cda23196331cb9dfaa1918a70c628d64224b927927879154293f173abc95fd4b8f11611aa2e613863d54d34512e02517b7376b78cf8237c9bfbcb82c5cab9

Download Submit
C:\Windows\System32\lSSCqvf.exe

Filesize
1.2MB

MD5
eb36de06d7a3ea4011de825c23a7fbd9

SHA1
e4233b8336e0c99a78008f4775fabda0009be0e3

SHA256
6610e8ace2107491253f8ac42f84c8b73a4626baf694380ae4197108551429c6

SHA512
187ae7415cfe10299ed7e9290fc43f4c6cfcc6cc8fcacc56762e802417aa8d84baa573456521928073c4ad37be5c08794c1f395816a2629c0ae64caecae71583

Download Submit
C:\Windows\System32\oAPCzMc.exe

Filesize
1.2MB

MD5
c4c4279687bf49fd6bff018b1ca449f7

SHA1
73a81a2541d06e51bc29a4bffcecb6685b46331b

SHA256
a75b2096025bb38ab8067a7cbf30cc67300f8b732d0f52f02d996f2c5f447d1f

SHA512
f402196ce2005b5f3fc970742efe7f095591ce079115a9c6392b1a159fb78848db959eccdd0cb03d41ae941b7932895ac1f4d0b9e43703500a2570ebb49b3130

Download Submit
C:\Windows\System32\oNDRJkP.exe

Filesize
1.2MB

MD5
24c86ec1ddb5cb7bf4b64fc079f284ed

SHA1
b63c0868f412ae12f267c12c281f1e7fcade4454

SHA256
15d6335d49a762d71e4d920ddbc87e89155eea8bc2d2b533c84190d8c3f61dc2

SHA512
5e58596d969039504e7e08bb00b84b48e99df4c076efae1b58485b95b844f4ccc9c1d539e708730dc8e0e30729ef5d38d94107f6a626fc0b457a6af1b3ac7e61

Download Submit
C:\Windows\System32\phjeLxE.exe

Filesize
1.2MB

MD5
50282e67c40b12b7c3708ceedb901b1b

SHA1
2e37cbf375f9aa5015e0cfb90746b874c3fadd0e

SHA256
d8ecd46b6d8e1f0832222aaf096928a0bbfa3cd6927cfeb8ea36a9f653ac7af9

SHA512
ed0bda19461801b0cfbf26219c6fc63eb69e6cfdbc0a292e6931e131e284ccacbbe848afbd07309ec9c131ba5eee9ec35f10836833981805981d7e19e7645404

Download Submit
C:\Windows\System32\rScmNCN.exe

Filesize
1.2MB

MD5
8abb8f28e93c2c2ea87adf547172b5fe

SHA1
6b87310ace7d5a34727d947bbb978681eec87e6f

SHA256
736afb7623aa9ad435bfb4aa43650e618cedc14077510aa2944ac321f7a0fc4b

SHA512
50a17063d347130a8edd5a7d4adc90e18ea316cf46b7f290c609d3b2fef0a6ceba8c78e067ce8d8cdbe5d38067026a2d7330464ccd7c5cc3405dfe0ad3b1f367

Download Submit
C:\Windows\System32\sfvOpCC.exe

Filesize
1.2MB

MD5
f894de6e991d273b835ff5d3a29ceda6

SHA1
2c036336344d9652b9c9f2e283a976a0000999e0

SHA256
bf6a3101957b56c18d7ceeaa5bd085587946bdc37024f0870cc2b7e463c9319e

SHA512
8d42c0009237a28bdc3af632688408ac9f87d0679a17e72b89629a67566103fa1733a5519dd79f83d31c6e2b0bd189dd005f3f225bbfb825d4970b966d44bfd0

Download Submit
C:\Windows\System32\tpaJMco.exe

Filesize
1.2MB

MD5
d7be1604051374b5a80a8639be5a9c18

SHA1
a354e35e2b68c15799462570dbe04cc7ef7e0b49

SHA256
bac66eba513fe59da5c59ab5467c989de1e380a385640661352dc10b05fd596a

SHA512
c7f81cb6d828fa221f6e2bf44f22102695e4f4dce3697448000b01d0317d2096d3c4c9d922b36780a49ef322ff17eb1a1bb5c2d5da2fb9a60127de93df332ae3

Download Submit
C:\Windows\System32\wwOLmsI.exe

Filesize
1.2MB

MD5
e97195c83ae0edaadf8da641917223a5

SHA1
d0c2ddd79eb195c3f7c6ca7379fd0dbd83f945f2

SHA256
ddad210c9cb761c7f74d2cdfc91f341b22c752cd45fe3f5ab0ce0ace5907850b

SHA512
eafcd64570a0d5ed6eb02cff0eec9c226ff13d9ae3f25e269795a4c9ed2b07a69c3c834051acb9e10aced1dd7bce249ecbfa6fc7fbbad0502709624e8e5f88d9

Download Submit
memory/436-345-0x00007FF691340000-0x00007FF691731000-memory.dmp

Filesize
3.9MB

Download
memory/436-2145-0x00007FF691340000-0x00007FF691731000-memory.dmp

Filesize
3.9MB

Download
memory/684-2121-0x00007FF637B90000-0x00007FF637F81000-memory.dmp

Filesize
3.9MB

Download
memory/684-2041-0x00007FF637B90000-0x00007FF637F81000-memory.dmp

Filesize
3.9MB

Download
memory/684-68-0x00007FF637B90000-0x00007FF637F81000-memory.dmp

Filesize
3.9MB

Download
memory/744-2107-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp

Filesize
3.9MB

Download
memory/744-28-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp

Filesize
3.9MB

Download
memory/936-339-0x00007FF7B5120000-0x00007FF7B5511000-memory.dmp

Filesize
3.9MB

Download
memory/936-2127-0x00007FF7B5120000-0x00007FF7B5511000-memory.dmp

Filesize
3.9MB

Download
memory/1028-344-0x00007FF664A20000-0x00007FF664E11000-memory.dmp

Filesize
3.9MB

Download
memory/1028-2139-0x00007FF664A20000-0x00007FF664E11000-memory.dmp

Filesize
3.9MB

Download
memory/1040-2141-0x00007FF7736F0000-0x00007FF773AE1000-memory.dmp

Filesize
3.9MB

Download
memory/1040-346-0x00007FF7736F0000-0x00007FF773AE1000-memory.dmp

Filesize
3.9MB

Download
memory/1336-1463-0x00007FF6FF710000-0x00007FF6FFB01000-memory.dmp

Filesize
3.9MB

Download
memory/1336-20-0x00007FF6FF710000-0x00007FF6FFB01000-memory.dmp

Filesize
3.9MB

Download
memory/1336-2085-0x00007FF6FF710000-0x00007FF6FFB01000-memory.dmp

Filesize
3.9MB

Download
memory/2360-2135-0x00007FF618720000-0x00007FF618B11000-memory.dmp

Filesize
3.9MB

Download
memory/2360-341-0x00007FF618720000-0x00007FF618B11000-memory.dmp

Filesize
3.9MB

Download
memory/2664-50-0x00007FF76EBD0000-0x00007FF76EFC1000-memory.dmp

Filesize
3.9MB

Download
memory/2664-2115-0x00007FF76EBD0000-0x00007FF76EFC1000-memory.dmp

Filesize
3.9MB

Download
memory/2768-2123-0x00007FF68AD90000-0x00007FF68B181000-memory.dmp

Filesize
3.9MB

Download
memory/2768-334-0x00007FF68AD90000-0x00007FF68B181000-memory.dmp

Filesize
3.9MB

Download
memory/2904-2119-0x00007FF6A76D0000-0x00007FF6A7AC1000-memory.dmp

Filesize
3.9MB

Download
memory/2904-337-0x00007FF6A76D0000-0x00007FF6A7AC1000-memory.dmp

Filesize
3.9MB

Download
memory/3384-2147-0x00007FF7D5A30000-0x00007FF7D5E21000-memory.dmp

Filesize
3.9MB

Download
memory/3384-347-0x00007FF7D5A30000-0x00007FF7D5E21000-memory.dmp

Filesize
3.9MB

Download
memory/3416-342-0x00007FF68E950000-0x00007FF68ED41000-memory.dmp

Filesize
3.9MB

Download
memory/3416-2137-0x00007FF68E950000-0x00007FF68ED41000-memory.dmp

Filesize
3.9MB

Download
memory/3684-2083-0x00007FF789F50000-0x00007FF78A341000-memory.dmp

Filesize
3.9MB

Download
memory/3684-349-0x00007FF789F50000-0x00007FF78A341000-memory.dmp

Filesize
3.9MB

Download
memory/3684-15-0x00007FF789F50000-0x00007FF78A341000-memory.dmp

Filesize
3.9MB

Download
memory/3760-343-0x00007FF7F8C10000-0x00007FF7F9001000-memory.dmp

Filesize
3.9MB

Download
memory/3760-2143-0x00007FF7F8C10000-0x00007FF7F9001000-memory.dmp

Filesize
3.9MB

Download
memory/4080-65-0x00007FF741DF0000-0x00007FF7421E1000-memory.dmp

Filesize
3.9MB

Download
memory/4080-2131-0x00007FF741DF0000-0x00007FF7421E1000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2040-0x00007FF64F980000-0x00007FF64FD71000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2117-0x00007FF64F980000-0x00007FF64FD71000-memory.dmp

Filesize
3.9MB

Download
memory/4176-58-0x00007FF64F980000-0x00007FF64FD71000-memory.dmp

Filesize
3.9MB

Download
memory/4484-2042-0x00007FF6D9430000-0x00007FF6D9821000-memory.dmp

Filesize
3.9MB

Download
memory/4484-2129-0x00007FF6D9430000-0x00007FF6D9821000-memory.dmp

Filesize
3.9MB

Download
memory/4484-73-0x00007FF6D9430000-0x00007FF6D9821000-memory.dmp

Filesize
3.9MB

Download
memory/4588-1-0x000001F638500000-0x000001F638510000-memory.dmp

Filesize
64KB

Download
memory/4588-86-0x00007FF7CB240000-0x00007FF7CB631000-memory.dmp

Filesize
3.9MB

Download
memory/4588-2076-0x00007FF7CB240000-0x00007FF7CB631000-memory.dmp

Filesize
3.9MB

Download
memory/4588-0-0x00007FF7CB240000-0x00007FF7CB631000-memory.dmp

Filesize
3.9MB

Download
memory/4680-2109-0x00007FF6D0810000-0x00007FF6D0C01000-memory.dmp

Filesize
3.9MB

Download
memory/4680-36-0x00007FF6D0810000-0x00007FF6D0C01000-memory.dmp

Filesize
3.9MB

Download
memory/4764-2133-0x00007FF6366E0000-0x00007FF636AD1000-memory.dmp

Filesize
3.9MB

Download
memory/4764-340-0x00007FF6366E0000-0x00007FF636AD1000-memory.dmp

Filesize
3.9MB

Download
memory/4892-2113-0x00007FF666870000-0x00007FF666C61000-memory.dmp

Filesize
3.9MB

Download
memory/4892-52-0x00007FF666870000-0x00007FF666C61000-memory.dmp

Filesize
3.9MB

Download
memory/4952-41-0x00007FF783FA0000-0x00007FF784391000-memory.dmp

Filesize
3.9MB

Download
memory/4952-2111-0x00007FF783FA0000-0x00007FF784391000-memory.dmp

Filesize
3.9MB

Download
memory/4952-1920-0x00007FF783FA0000-0x00007FF784391000-memory.dmp

Filesize
3.9MB

Download
memory/5080-10-0x00007FF7F1680000-0x00007FF7F1A71000-memory.dmp

Filesize
3.9MB

Download
memory/5080-2081-0x00007FF7F1680000-0x00007FF7F1A71000-memory.dmp

Filesize
3.9MB

Download
memory/5080-348-0x00007FF7F1680000-0x00007FF7F1A71000-memory.dmp

Filesize
3.9MB

Download
memory/5104-355-0x00007FF73B5A0000-0x00007FF73B991000-memory.dmp

Filesize
3.9MB

Download
memory/5104-2125-0x00007FF73B5A0000-0x00007FF73B991000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads