xmrig | 66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689

Analysis

max time kernel
118s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
Size

3.4MB
MD5

03a4f1b46324d4a8d2364094c72b9754
SHA1

9f50e204621040aa5e8896186ea077d8f21fb2ac
SHA256

66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689
SHA512

b66304f1fc2934b91c8065133804ac7422fe21fa68fd5ed5401b4b7784713a8791a6ff97cb3358878e6048ac40111d0c0c3c07e9475a659a86b2a94fb6d76200
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc40j:wFWPClFkj

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2320-0-0x00007FF6FAA90000-0x00007FF6FAE85000-memory.dmp	xmrig
behavioral2/files/0x0006000000023248-4.dat	xmrig
behavioral2/files/0x00080000000234d9-11.dat	xmrig
behavioral2/files/0x00070000000234da-21.dat	xmrig
behavioral2/files/0x00070000000234db-30.dat	xmrig
behavioral2/files/0x00070000000234dd-37.dat	xmrig
behavioral2/files/0x00070000000234de-41.dat	xmrig
behavioral2/files/0x00070000000234df-47.dat	xmrig
behavioral2/files/0x00070000000234e1-53.dat	xmrig
behavioral2/files/0x00070000000234e2-59.dat	xmrig
behavioral2/files/0x00070000000234e5-74.dat	xmrig
behavioral2/files/0x00070000000234ec-109.dat	xmrig
behavioral2/files/0x00070000000234ee-119.dat	xmrig
behavioral2/files/0x00070000000234f4-152.dat	xmrig
behavioral2/files/0x00070000000234f8-165.dat	xmrig
behavioral2/files/0x00070000000234f6-162.dat	xmrig
behavioral2/files/0x00070000000234f7-160.dat	xmrig
behavioral2/files/0x00070000000234f5-157.dat	xmrig
behavioral2/files/0x00070000000234f3-147.dat	xmrig
behavioral2/files/0x00070000000234f2-142.dat	xmrig
behavioral2/files/0x00070000000234f1-134.dat	xmrig
behavioral2/files/0x00070000000234f0-129.dat	xmrig
behavioral2/files/0x00070000000234ef-124.dat	xmrig
behavioral2/files/0x00070000000234ed-114.dat	xmrig
behavioral2/files/0x00070000000234eb-104.dat	xmrig
behavioral2/files/0x00070000000234ea-99.dat	xmrig
behavioral2/files/0x00070000000234e9-94.dat	xmrig
behavioral2/files/0x00070000000234e8-89.dat	xmrig
behavioral2/files/0x00070000000234e7-84.dat	xmrig
behavioral2/files/0x00070000000234e6-79.dat	xmrig
behavioral2/files/0x00070000000234e4-69.dat	xmrig
behavioral2/files/0x00070000000234e3-64.dat	xmrig
behavioral2/files/0x00070000000234e0-49.dat	xmrig
behavioral2/files/0x00070000000234dc-32.dat	xmrig
behavioral2/memory/2188-28-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp	xmrig
behavioral2/memory/3580-16-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp	xmrig
behavioral2/memory/3668-10-0x00007FF794850000-0x00007FF794C45000-memory.dmp	xmrig
behavioral2/memory/3176-735-0x00007FF7960A0000-0x00007FF796495000-memory.dmp	xmrig
behavioral2/memory/5112-736-0x00007FF7A9990000-0x00007FF7A9D85000-memory.dmp	xmrig
behavioral2/memory/5076-737-0x00007FF62D3D0000-0x00007FF62D7C5000-memory.dmp	xmrig
behavioral2/memory/952-738-0x00007FF613650000-0x00007FF613A45000-memory.dmp	xmrig
behavioral2/memory/1352-739-0x00007FF701DC0000-0x00007FF7021B5000-memory.dmp	xmrig
behavioral2/memory/208-740-0x00007FF6C0460000-0x00007FF6C0855000-memory.dmp	xmrig
behavioral2/memory/5000-741-0x00007FF642B60000-0x00007FF642F55000-memory.dmp	xmrig
behavioral2/memory/216-742-0x00007FF7BCBB0000-0x00007FF7BCFA5000-memory.dmp	xmrig
behavioral2/memory/3516-743-0x00007FF666520000-0x00007FF666915000-memory.dmp	xmrig
behavioral2/memory/1216-744-0x00007FF64F510000-0x00007FF64F905000-memory.dmp	xmrig
behavioral2/memory/3456-771-0x00007FF7B0470000-0x00007FF7B0865000-memory.dmp	xmrig
behavioral2/memory/1304-775-0x00007FF7B2130000-0x00007FF7B2525000-memory.dmp	xmrig
behavioral2/memory/2440-769-0x00007FF7D9A90000-0x00007FF7D9E85000-memory.dmp	xmrig
behavioral2/memory/220-765-0x00007FF700EA0000-0x00007FF701295000-memory.dmp	xmrig
behavioral2/memory/2724-756-0x00007FF62A410000-0x00007FF62A805000-memory.dmp	xmrig
behavioral2/memory/3572-751-0x00007FF6E4EB0000-0x00007FF6E52A5000-memory.dmp	xmrig
behavioral2/memory/4652-782-0x00007FF611D10000-0x00007FF612105000-memory.dmp	xmrig
behavioral2/memory/3120-785-0x00007FF653BE0000-0x00007FF653FD5000-memory.dmp	xmrig
behavioral2/memory/2792-790-0x00007FF79A4A0000-0x00007FF79A895000-memory.dmp	xmrig
behavioral2/memory/1956-796-0x00007FF7ADD70000-0x00007FF7AE165000-memory.dmp	xmrig
behavioral2/memory/2900-800-0x00007FF7DC6A0000-0x00007FF7DCA95000-memory.dmp	xmrig
behavioral2/memory/3668-1889-0x00007FF794850000-0x00007FF794C45000-memory.dmp	xmrig
behavioral2/memory/3580-1890-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp	xmrig
behavioral2/memory/2188-1891-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp	xmrig
behavioral2/memory/3668-1892-0x00007FF794850000-0x00007FF794C45000-memory.dmp	xmrig
behavioral2/memory/3580-1893-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp	xmrig
behavioral2/memory/2188-1894-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3668	zoMmupi.exe
3580	UYebMmm.exe
2188	cNQqBop.exe
1956	NjoCEvm.exe
3176	FXfmGUi.exe
5112	psaHQII.exe
2900	IRlmBji.exe
5076	jvyqjzQ.exe
952	tTkBCDi.exe
1352	cklxNIg.exe
208	iDnwBED.exe
5000	owpNJMQ.exe
216	IBAMDeq.exe
3516	gDrQxZj.exe
1216	GzOUeDZ.exe
3572	zQDommU.exe
2724	KeAxORz.exe
220	aRRgOGT.exe
2440	LDYXXjX.exe
3456	JpOCdup.exe
1304	bRiiuwn.exe
4652	iQcEDwD.exe
3120	OAamtLF.exe
2792	LcCtOHl.exe
440	XARISWU.exe
4732	qYdSBdz.exe
4948	YuRTHjd.exe
2344	dSvdSDM.exe
1368	uaddHkQ.exe
3200	ntoNUix.exe
1656	WlEVAKl.exe
3788	LCQCRGC.exe
2060	wzLcIWk.exe
884	OXNxkfu.exe
60	yZlOwJR.exe
2000	eWHpHsk.exe
728	KIKgqFx.exe
2268	kGtEUfn.exe
764	XMWXoWF.exe
5056	XekzXEl.exe
3996	RJtNJDq.exe
2968	kluBzfH.exe
1940	tWHRdjq.exe
2596	rGPIIpI.exe
3752	TFkHuNU.exe
3640	diENHVb.exe
2260	SvqhEUP.exe
3260	cfbXMhq.exe
1288	fBvCQmA.exe
3616	SIXgokO.exe
1512	fVuKBRq.exe
3392	rdeyeUI.exe
4688	cPUEgYM.exe
4456	yCUIhuB.exe
2256	hGnhpVo.exe
3936	UgWjLNZ.exe
2052	qLVgNrK.exe
4844	FGERwpH.exe
1652	fKXTEep.exe
1228	fwoUBZj.exe
4072	uSkLdEM.exe
2284	BiRgkhY.exe
3664	xulKDLE.exe
4088	VjHQQLK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2320-0-0x00007FF6FAA90000-0x00007FF6FAE85000-memory.dmp	upx
behavioral2/files/0x0006000000023248-4.dat	upx
behavioral2/files/0x00080000000234d9-11.dat	upx
behavioral2/files/0x00070000000234da-21.dat	upx
behavioral2/files/0x00070000000234db-30.dat	upx
behavioral2/files/0x00070000000234dd-37.dat	upx
behavioral2/files/0x00070000000234de-41.dat	upx
behavioral2/files/0x00070000000234df-47.dat	upx
behavioral2/files/0x00070000000234e1-53.dat	upx
behavioral2/files/0x00070000000234e2-59.dat	upx
behavioral2/files/0x00070000000234e5-74.dat	upx
behavioral2/files/0x00070000000234ec-109.dat	upx
behavioral2/files/0x00070000000234ee-119.dat	upx
behavioral2/files/0x00070000000234f4-152.dat	upx
behavioral2/files/0x00070000000234f8-165.dat	upx
behavioral2/files/0x00070000000234f6-162.dat	upx
behavioral2/files/0x00070000000234f7-160.dat	upx
behavioral2/files/0x00070000000234f5-157.dat	upx
behavioral2/files/0x00070000000234f3-147.dat	upx
behavioral2/files/0x00070000000234f2-142.dat	upx
behavioral2/files/0x00070000000234f1-134.dat	upx
behavioral2/files/0x00070000000234f0-129.dat	upx
behavioral2/files/0x00070000000234ef-124.dat	upx
behavioral2/files/0x00070000000234ed-114.dat	upx
behavioral2/files/0x00070000000234eb-104.dat	upx
behavioral2/files/0x00070000000234ea-99.dat	upx
behavioral2/files/0x00070000000234e9-94.dat	upx
behavioral2/files/0x00070000000234e8-89.dat	upx
behavioral2/files/0x00070000000234e7-84.dat	upx
behavioral2/files/0x00070000000234e6-79.dat	upx
behavioral2/files/0x00070000000234e4-69.dat	upx
behavioral2/files/0x00070000000234e3-64.dat	upx
behavioral2/files/0x00070000000234e0-49.dat	upx
behavioral2/files/0x00070000000234dc-32.dat	upx
behavioral2/memory/2188-28-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp	upx
behavioral2/memory/3580-16-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp	upx
behavioral2/memory/3668-10-0x00007FF794850000-0x00007FF794C45000-memory.dmp	upx
behavioral2/memory/3176-735-0x00007FF7960A0000-0x00007FF796495000-memory.dmp	upx
behavioral2/memory/5112-736-0x00007FF7A9990000-0x00007FF7A9D85000-memory.dmp	upx
behavioral2/memory/5076-737-0x00007FF62D3D0000-0x00007FF62D7C5000-memory.dmp	upx
behavioral2/memory/952-738-0x00007FF613650000-0x00007FF613A45000-memory.dmp	upx
behavioral2/memory/1352-739-0x00007FF701DC0000-0x00007FF7021B5000-memory.dmp	upx
behavioral2/memory/208-740-0x00007FF6C0460000-0x00007FF6C0855000-memory.dmp	upx
behavioral2/memory/5000-741-0x00007FF642B60000-0x00007FF642F55000-memory.dmp	upx
behavioral2/memory/216-742-0x00007FF7BCBB0000-0x00007FF7BCFA5000-memory.dmp	upx
behavioral2/memory/3516-743-0x00007FF666520000-0x00007FF666915000-memory.dmp	upx
behavioral2/memory/1216-744-0x00007FF64F510000-0x00007FF64F905000-memory.dmp	upx
behavioral2/memory/3456-771-0x00007FF7B0470000-0x00007FF7B0865000-memory.dmp	upx
behavioral2/memory/1304-775-0x00007FF7B2130000-0x00007FF7B2525000-memory.dmp	upx
behavioral2/memory/2440-769-0x00007FF7D9A90000-0x00007FF7D9E85000-memory.dmp	upx
behavioral2/memory/220-765-0x00007FF700EA0000-0x00007FF701295000-memory.dmp	upx
behavioral2/memory/2724-756-0x00007FF62A410000-0x00007FF62A805000-memory.dmp	upx
behavioral2/memory/3572-751-0x00007FF6E4EB0000-0x00007FF6E52A5000-memory.dmp	upx
behavioral2/memory/4652-782-0x00007FF611D10000-0x00007FF612105000-memory.dmp	upx
behavioral2/memory/3120-785-0x00007FF653BE0000-0x00007FF653FD5000-memory.dmp	upx
behavioral2/memory/2792-790-0x00007FF79A4A0000-0x00007FF79A895000-memory.dmp	upx
behavioral2/memory/1956-796-0x00007FF7ADD70000-0x00007FF7AE165000-memory.dmp	upx
behavioral2/memory/2900-800-0x00007FF7DC6A0000-0x00007FF7DCA95000-memory.dmp	upx
behavioral2/memory/3668-1889-0x00007FF794850000-0x00007FF794C45000-memory.dmp	upx
behavioral2/memory/3580-1890-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp	upx
behavioral2/memory/2188-1891-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp	upx
behavioral2/memory/3668-1892-0x00007FF794850000-0x00007FF794C45000-memory.dmp	upx
behavioral2/memory/3580-1893-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp	upx
behavioral2/memory/2188-1894-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\sMcGyuk.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\QuNXTgp.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\zbqaMlO.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\eDVdrjQ.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\eeUITvV.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\HNiOBVh.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\PPyfpYR.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\nDKUDoy.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\xcLfFxI.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\WXFVdbo.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\UsQLIiD.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\DAjULMF.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\hYouQgX.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\YnnrMWb.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\IBBkUxp.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\iUcwcxu.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\JVAijKL.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\xYVaTJa.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\cEGuOLV.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\YDCWEoP.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\EmqSTOd.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\anjPjjQ.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\LJRgMDZ.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\FDdmJgm.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\DZTXgaY.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\ROHKNxM.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\xvaIUEh.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\GTHIeIx.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\cPUEgYM.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\NKjtasW.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\ylJtDDc.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\CyAZYRA.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\SxxEiVo.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\YLYMmAg.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\FIripTa.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\XizbgnS.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\gxkeCUD.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\eLNMBuL.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\KwnXdGp.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\AxDlGKa.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\meoBspg.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\EVoliYB.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\uviajku.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\eWHpHsk.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\aFyQZcd.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\tTQWGMX.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\zFsZhTe.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\iosfJju.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\ZeOLbxS.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\dhpBRkM.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\zinCWdY.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\tAWnXXB.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\srStNZT.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\mBDPMoN.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\SaotJNW.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\qZklRQC.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\lupoHvF.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\myMvpzy.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\QMjFfLY.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\iQcEDwD.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\UgWjLNZ.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\GxtQIgv.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\ChxdOLL.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
File created	C:\Windows\System32\GXwzyUB.exe	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12488	dwm.exe
Token: SeChangeNotifyPrivilege	12488	dwm.exe
Token: 33	12488	dwm.exe
Token: SeIncBasePriorityPrivilege	12488	dwm.exe
Token: SeShutdownPrivilege	12488	dwm.exe
Token: SeCreatePagefilePrivilege	12488	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 3668	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	84
PID 2320 wrote to memory of 3668	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	84
PID 2320 wrote to memory of 3580	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	85
PID 2320 wrote to memory of 3580	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	85
PID 2320 wrote to memory of 2188	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	86
PID 2320 wrote to memory of 2188	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	86
PID 2320 wrote to memory of 1956	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	87
PID 2320 wrote to memory of 1956	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	87
PID 2320 wrote to memory of 3176	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	88
PID 2320 wrote to memory of 3176	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	88
PID 2320 wrote to memory of 5112	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	89
PID 2320 wrote to memory of 5112	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	89
PID 2320 wrote to memory of 2900	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	90
PID 2320 wrote to memory of 2900	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	90
PID 2320 wrote to memory of 5076	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	91
PID 2320 wrote to memory of 5076	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	91
PID 2320 wrote to memory of 952	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	92
PID 2320 wrote to memory of 952	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	92
PID 2320 wrote to memory of 1352	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	93
PID 2320 wrote to memory of 1352	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	93
PID 2320 wrote to memory of 208	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	94
PID 2320 wrote to memory of 208	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	94
PID 2320 wrote to memory of 5000	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	95
PID 2320 wrote to memory of 5000	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	95
PID 2320 wrote to memory of 216	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	96
PID 2320 wrote to memory of 216	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	96
PID 2320 wrote to memory of 3516	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	97
PID 2320 wrote to memory of 3516	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	97
PID 2320 wrote to memory of 1216	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	98
PID 2320 wrote to memory of 1216	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	98
PID 2320 wrote to memory of 3572	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	99
PID 2320 wrote to memory of 3572	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	99
PID 2320 wrote to memory of 2724	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	100
PID 2320 wrote to memory of 2724	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	100
PID 2320 wrote to memory of 220	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	101
PID 2320 wrote to memory of 220	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	101
PID 2320 wrote to memory of 2440	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	102
PID 2320 wrote to memory of 2440	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	102
PID 2320 wrote to memory of 3456	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	103
PID 2320 wrote to memory of 3456	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	103
PID 2320 wrote to memory of 1304	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	104
PID 2320 wrote to memory of 1304	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	104
PID 2320 wrote to memory of 4652	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	105
PID 2320 wrote to memory of 4652	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	105
PID 2320 wrote to memory of 3120	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	106
PID 2320 wrote to memory of 3120	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	106
PID 2320 wrote to memory of 2792	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	107
PID 2320 wrote to memory of 2792	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	107
PID 2320 wrote to memory of 440	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	108
PID 2320 wrote to memory of 440	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	108
PID 2320 wrote to memory of 4732	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	109
PID 2320 wrote to memory of 4732	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	109
PID 2320 wrote to memory of 4948	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	110
PID 2320 wrote to memory of 4948	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	110
PID 2320 wrote to memory of 2344	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	111
PID 2320 wrote to memory of 2344	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	111
PID 2320 wrote to memory of 1368	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	112
PID 2320 wrote to memory of 1368	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	112
PID 2320 wrote to memory of 3200	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	113
PID 2320 wrote to memory of 3200	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	113
PID 2320 wrote to memory of 1656	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	114
PID 2320 wrote to memory of 1656	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	114
PID 2320 wrote to memory of 3788	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	115
PID 2320 wrote to memory of 3788	2320	66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe	115

C:\Users\Admin\AppData\Local\Temp\66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe
"C:\Users\Admin\AppData\Local\Temp\66cfcc5d83903dc9070fb04c77e76adcc1e4af45849530ba10e492f2f41a5689.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\System32\zoMmupi.exe
  C:\Windows\System32\zoMmupi.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System32\UYebMmm.exe
  C:\Windows\System32\UYebMmm.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System32\cNQqBop.exe
  C:\Windows\System32\cNQqBop.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System32\NjoCEvm.exe
  C:\Windows\System32\NjoCEvm.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System32\FXfmGUi.exe
  C:\Windows\System32\FXfmGUi.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System32\psaHQII.exe
  C:\Windows\System32\psaHQII.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System32\IRlmBji.exe
  C:\Windows\System32\IRlmBji.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System32\jvyqjzQ.exe
  C:\Windows\System32\jvyqjzQ.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System32\tTkBCDi.exe
  C:\Windows\System32\tTkBCDi.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System32\cklxNIg.exe
  C:\Windows\System32\cklxNIg.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System32\iDnwBED.exe
  C:\Windows\System32\iDnwBED.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System32\owpNJMQ.exe
  C:\Windows\System32\owpNJMQ.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System32\IBAMDeq.exe
  C:\Windows\System32\IBAMDeq.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System32\gDrQxZj.exe
  C:\Windows\System32\gDrQxZj.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System32\GzOUeDZ.exe
  C:\Windows\System32\GzOUeDZ.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System32\zQDommU.exe
  C:\Windows\System32\zQDommU.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System32\KeAxORz.exe
  C:\Windows\System32\KeAxORz.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System32\aRRgOGT.exe
  C:\Windows\System32\aRRgOGT.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System32\LDYXXjX.exe
  C:\Windows\System32\LDYXXjX.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System32\JpOCdup.exe
  C:\Windows\System32\JpOCdup.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System32\bRiiuwn.exe
  C:\Windows\System32\bRiiuwn.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System32\iQcEDwD.exe
  C:\Windows\System32\iQcEDwD.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System32\OAamtLF.exe
  C:\Windows\System32\OAamtLF.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System32\LcCtOHl.exe
  C:\Windows\System32\LcCtOHl.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System32\XARISWU.exe
  C:\Windows\System32\XARISWU.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System32\qYdSBdz.exe
  C:\Windows\System32\qYdSBdz.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System32\YuRTHjd.exe
  C:\Windows\System32\YuRTHjd.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System32\dSvdSDM.exe
  C:\Windows\System32\dSvdSDM.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System32\uaddHkQ.exe
  C:\Windows\System32\uaddHkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System32\ntoNUix.exe
  C:\Windows\System32\ntoNUix.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System32\WlEVAKl.exe
  C:\Windows\System32\WlEVAKl.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System32\LCQCRGC.exe
  C:\Windows\System32\LCQCRGC.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System32\wzLcIWk.exe
  C:\Windows\System32\wzLcIWk.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System32\OXNxkfu.exe
  C:\Windows\System32\OXNxkfu.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System32\yZlOwJR.exe
  C:\Windows\System32\yZlOwJR.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System32\eWHpHsk.exe
  C:\Windows\System32\eWHpHsk.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System32\KIKgqFx.exe
  C:\Windows\System32\KIKgqFx.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System32\kGtEUfn.exe
  C:\Windows\System32\kGtEUfn.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System32\XMWXoWF.exe
  C:\Windows\System32\XMWXoWF.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System32\XekzXEl.exe
  C:\Windows\System32\XekzXEl.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System32\RJtNJDq.exe
  C:\Windows\System32\RJtNJDq.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System32\kluBzfH.exe
  C:\Windows\System32\kluBzfH.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System32\tWHRdjq.exe
  C:\Windows\System32\tWHRdjq.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System32\rGPIIpI.exe
  C:\Windows\System32\rGPIIpI.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System32\TFkHuNU.exe
  C:\Windows\System32\TFkHuNU.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System32\diENHVb.exe
  C:\Windows\System32\diENHVb.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System32\SvqhEUP.exe
  C:\Windows\System32\SvqhEUP.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System32\cfbXMhq.exe
  C:\Windows\System32\cfbXMhq.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System32\fBvCQmA.exe
  C:\Windows\System32\fBvCQmA.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System32\SIXgokO.exe
  C:\Windows\System32\SIXgokO.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System32\fVuKBRq.exe
  C:\Windows\System32\fVuKBRq.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System32\rdeyeUI.exe
  C:\Windows\System32\rdeyeUI.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System32\cPUEgYM.exe
  C:\Windows\System32\cPUEgYM.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System32\yCUIhuB.exe
  C:\Windows\System32\yCUIhuB.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System32\hGnhpVo.exe
  C:\Windows\System32\hGnhpVo.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System32\UgWjLNZ.exe
  C:\Windows\System32\UgWjLNZ.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System32\qLVgNrK.exe
  C:\Windows\System32\qLVgNrK.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System32\FGERwpH.exe
  C:\Windows\System32\FGERwpH.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System32\fKXTEep.exe
  C:\Windows\System32\fKXTEep.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System32\fwoUBZj.exe
  C:\Windows\System32\fwoUBZj.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System32\uSkLdEM.exe
  C:\Windows\System32\uSkLdEM.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System32\BiRgkhY.exe
  C:\Windows\System32\BiRgkhY.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System32\xulKDLE.exe
  C:\Windows\System32\xulKDLE.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System32\VjHQQLK.exe
  C:\Windows\System32\VjHQQLK.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System32\tLAKtgz.exe
  C:\Windows\System32\tLAKtgz.exe
  2⤵
  PID:2128
- C:\Windows\System32\kGMXaTA.exe
  C:\Windows\System32\kGMXaTA.exe
  2⤵
  PID:4952
- C:\Windows\System32\YHLrmAC.exe
  C:\Windows\System32\YHLrmAC.exe
  2⤵
  PID:4576
- C:\Windows\System32\wNXJqrX.exe
  C:\Windows\System32\wNXJqrX.exe
  2⤵
  PID:2240
- C:\Windows\System32\ApQefMy.exe
  C:\Windows\System32\ApQefMy.exe
  2⤵
  PID:3588
- C:\Windows\System32\FlGNpnV.exe
  C:\Windows\System32\FlGNpnV.exe
  2⤵
  PID:2088
- C:\Windows\System32\pcaTVTf.exe
  C:\Windows\System32\pcaTVTf.exe
  2⤵
  PID:4900
- C:\Windows\System32\QVnSWti.exe
  C:\Windows\System32\QVnSWti.exe
  2⤵
  PID:5048
- C:\Windows\System32\KhVuJBP.exe
  C:\Windows\System32\KhVuJBP.exe
  2⤵
  PID:768
- C:\Windows\System32\giggIOp.exe
  C:\Windows\System32\giggIOp.exe
  2⤵
  PID:4560
- C:\Windows\System32\KulmnGa.exe
  C:\Windows\System32\KulmnGa.exe
  2⤵
  PID:5092
- C:\Windows\System32\aQlvWOk.exe
  C:\Windows\System32\aQlvWOk.exe
  2⤵
  PID:2444
- C:\Windows\System32\qigUzjY.exe
  C:\Windows\System32\qigUzjY.exe
  2⤵
  PID:2468
- C:\Windows\System32\lfLnlyj.exe
  C:\Windows\System32\lfLnlyj.exe
  2⤵
  PID:4444
- C:\Windows\System32\gfGoIgY.exe
  C:\Windows\System32\gfGoIgY.exe
  2⤵
  PID:4932
- C:\Windows\System32\GxtQIgv.exe
  C:\Windows\System32\GxtQIgv.exe
  2⤵
  PID:1392
- C:\Windows\System32\fbehVeA.exe
  C:\Windows\System32\fbehVeA.exe
  2⤵
  PID:4780
- C:\Windows\System32\DNwxujl.exe
  C:\Windows\System32\DNwxujl.exe
  2⤵
  PID:3264
- C:\Windows\System32\BSCsIol.exe
  C:\Windows\System32\BSCsIol.exe
  2⤵
  PID:3148
- C:\Windows\System32\ZguUdrE.exe
  C:\Windows\System32\ZguUdrE.exe
  2⤵
  PID:5096
- C:\Windows\System32\ikqDFKR.exe
  C:\Windows\System32\ikqDFKR.exe
  2⤵
  PID:3084
- C:\Windows\System32\ErCXloR.exe
  C:\Windows\System32\ErCXloR.exe
  2⤵
  PID:4908
- C:\Windows\System32\CVCMySc.exe
  C:\Windows\System32\CVCMySc.exe
  2⤵
  PID:4420
- C:\Windows\System32\sBLXfEX.exe
  C:\Windows\System32\sBLXfEX.exe
  2⤵
  PID:4296
- C:\Windows\System32\kyVCSkG.exe
  C:\Windows\System32\kyVCSkG.exe
  2⤵
  PID:4644
- C:\Windows\System32\LJRgMDZ.exe
  C:\Windows\System32\LJRgMDZ.exe
  2⤵
  PID:5144
- C:\Windows\System32\aFyQZcd.exe
  C:\Windows\System32\aFyQZcd.exe
  2⤵
  PID:5160
- C:\Windows\System32\KgmBQNz.exe
  C:\Windows\System32\KgmBQNz.exe
  2⤵
  PID:5184
- C:\Windows\System32\QuNXTgp.exe
  C:\Windows\System32\QuNXTgp.exe
  2⤵
  PID:5216
- C:\Windows\System32\MAfGWvK.exe
  C:\Windows\System32\MAfGWvK.exe
  2⤵
  PID:5240
- C:\Windows\System32\mDiOWGJ.exe
  C:\Windows\System32\mDiOWGJ.exe
  2⤵
  PID:5272
- C:\Windows\System32\VhZusuf.exe
  C:\Windows\System32\VhZusuf.exe
  2⤵
  PID:5300
- C:\Windows\System32\cYlAtfw.exe
  C:\Windows\System32\cYlAtfw.exe
  2⤵
  PID:5328
- C:\Windows\System32\JjrOtdl.exe
  C:\Windows\System32\JjrOtdl.exe
  2⤵
  PID:5352
- C:\Windows\System32\SaotJNW.exe
  C:\Windows\System32\SaotJNW.exe
  2⤵
  PID:5384
- C:\Windows\System32\EiFRgAJ.exe
  C:\Windows\System32\EiFRgAJ.exe
  2⤵
  PID:5408
- C:\Windows\System32\euRbZTE.exe
  C:\Windows\System32\euRbZTE.exe
  2⤵
  PID:5440
- C:\Windows\System32\rVsqtwD.exe
  C:\Windows\System32\rVsqtwD.exe
  2⤵
  PID:5468
- C:\Windows\System32\ErThNvs.exe
  C:\Windows\System32\ErThNvs.exe
  2⤵
  PID:5496
- C:\Windows\System32\DnoolRM.exe
  C:\Windows\System32\DnoolRM.exe
  2⤵
  PID:5520
- C:\Windows\System32\igzoRyk.exe
  C:\Windows\System32\igzoRyk.exe
  2⤵
  PID:5552
- C:\Windows\System32\JsKoAbX.exe
  C:\Windows\System32\JsKoAbX.exe
  2⤵
  PID:5580
- C:\Windows\System32\hbHHxqI.exe
  C:\Windows\System32\hbHHxqI.exe
  2⤵
  PID:5608
- C:\Windows\System32\NKjtasW.exe
  C:\Windows\System32\NKjtasW.exe
  2⤵
  PID:5636
- C:\Windows\System32\AxDlGKa.exe
  C:\Windows\System32\AxDlGKa.exe
  2⤵
  PID:5664
- C:\Windows\System32\PRAmIjE.exe
  C:\Windows\System32\PRAmIjE.exe
  2⤵
  PID:5688
- C:\Windows\System32\qZklRQC.exe
  C:\Windows\System32\qZklRQC.exe
  2⤵
  PID:5720
- C:\Windows\System32\AyzivtY.exe
  C:\Windows\System32\AyzivtY.exe
  2⤵
  PID:5744
- C:\Windows\System32\qkrzbut.exe
  C:\Windows\System32\qkrzbut.exe
  2⤵
  PID:5776
- C:\Windows\System32\VDGacZo.exe
  C:\Windows\System32\VDGacZo.exe
  2⤵
  PID:5800
- C:\Windows\System32\VGskXSo.exe
  C:\Windows\System32\VGskXSo.exe
  2⤵
  PID:5840
- C:\Windows\System32\dOFpppb.exe
  C:\Windows\System32\dOFpppb.exe
  2⤵
  PID:5860
- C:\Windows\System32\ErGclLR.exe
  C:\Windows\System32\ErGclLR.exe
  2⤵
  PID:5888
- C:\Windows\System32\GHUAKKW.exe
  C:\Windows\System32\GHUAKKW.exe
  2⤵
  PID:5924
- C:\Windows\System32\BPbhLxU.exe
  C:\Windows\System32\BPbhLxU.exe
  2⤵
  PID:5956
- C:\Windows\System32\UXDjZBb.exe
  C:\Windows\System32\UXDjZBb.exe
  2⤵
  PID:5972
- C:\Windows\System32\yBCJqmx.exe
  C:\Windows\System32\yBCJqmx.exe
  2⤵
  PID:6008
- C:\Windows\System32\woqWVFg.exe
  C:\Windows\System32\woqWVFg.exe
  2⤵
  PID:6028
- C:\Windows\System32\tSRzIlk.exe
  C:\Windows\System32\tSRzIlk.exe
  2⤵
  PID:6056
- C:\Windows\System32\wzbvAgz.exe
  C:\Windows\System32\wzbvAgz.exe
  2⤵
  PID:6080
- C:\Windows\System32\gBkKxsi.exe
  C:\Windows\System32\gBkKxsi.exe
  2⤵
  PID:6108
- C:\Windows\System32\CRZbLaP.exe
  C:\Windows\System32\CRZbLaP.exe
  2⤵
  PID:6140
- C:\Windows\System32\XSlvFKH.exe
  C:\Windows\System32\XSlvFKH.exe
  2⤵
  PID:3000
- C:\Windows\System32\IfqPWBC.exe
  C:\Windows\System32\IfqPWBC.exe
  2⤵
  PID:224
- C:\Windows\System32\AycuJYW.exe
  C:\Windows\System32\AycuJYW.exe
  2⤵
  PID:5060
- C:\Windows\System32\uqtlbVo.exe
  C:\Windows\System32\uqtlbVo.exe
  2⤵
  PID:5136
- C:\Windows\System32\zShLTYo.exe
  C:\Windows\System32\zShLTYo.exe
  2⤵
  PID:5208
- C:\Windows\System32\IMwNFyi.exe
  C:\Windows\System32\IMwNFyi.exe
  2⤵
  PID:5248
- C:\Windows\System32\mDooUXr.exe
  C:\Windows\System32\mDooUXr.exe
  2⤵
  PID:5336
- C:\Windows\System32\ByjMgPp.exe
  C:\Windows\System32\ByjMgPp.exe
  2⤵
  PID:5396
- C:\Windows\System32\Hiofrkn.exe
  C:\Windows\System32\Hiofrkn.exe
  2⤵
  PID:5452
- C:\Windows\System32\vFuVtmC.exe
  C:\Windows\System32\vFuVtmC.exe
  2⤵
  PID:5536
- C:\Windows\System32\EQXbKWi.exe
  C:\Windows\System32\EQXbKWi.exe
  2⤵
  PID:5588
- C:\Windows\System32\ylJtDDc.exe
  C:\Windows\System32\ylJtDDc.exe
  2⤵
  PID:5672
- C:\Windows\System32\gbXDYnr.exe
  C:\Windows\System32\gbXDYnr.exe
  2⤵
  PID:5732
- C:\Windows\System32\kQKplOc.exe
  C:\Windows\System32\kQKplOc.exe
  2⤵
  PID:5796
- C:\Windows\System32\eOamcrf.exe
  C:\Windows\System32\eOamcrf.exe
  2⤵
  PID:5868
- C:\Windows\System32\HWIqgdm.exe
  C:\Windows\System32\HWIqgdm.exe
  2⤵
  PID:5940
- C:\Windows\System32\nDKUDoy.exe
  C:\Windows\System32\nDKUDoy.exe
  2⤵
  PID:5984
- C:\Windows\System32\uhSiZtY.exe
  C:\Windows\System32\uhSiZtY.exe
  2⤵
  PID:6076
- C:\Windows\System32\IUJymNc.exe
  C:\Windows\System32\IUJymNc.exe
  2⤵
  PID:6124
- C:\Windows\System32\NriVSvU.exe
  C:\Windows\System32\NriVSvU.exe
  2⤵
  PID:4188
- C:\Windows\System32\CNDjSEc.exe
  C:\Windows\System32\CNDjSEc.exe
  2⤵
  PID:5156
- C:\Windows\System32\sqLLzCP.exe
  C:\Windows\System32\sqLLzCP.exe
  2⤵
  PID:5360
- C:\Windows\System32\aYuKIoB.exe
  C:\Windows\System32\aYuKIoB.exe
  2⤵
  PID:5448
- C:\Windows\System32\LOGLtnB.exe
  C:\Windows\System32\LOGLtnB.exe
  2⤵
  PID:5656
- C:\Windows\System32\WDHfZfu.exe
  C:\Windows\System32\WDHfZfu.exe
  2⤵
  PID:5760
- C:\Windows\System32\YHrvlct.exe
  C:\Windows\System32\YHrvlct.exe
  2⤵
  PID:5880
- C:\Windows\System32\YDCWEoP.exe
  C:\Windows\System32\YDCWEoP.exe
  2⤵
  PID:6068
- C:\Windows\System32\LoAQuog.exe
  C:\Windows\System32\LoAQuog.exe
  2⤵
  PID:6152
- C:\Windows\System32\NNpYaNa.exe
  C:\Windows\System32\NNpYaNa.exe
  2⤵
  PID:6180
- C:\Windows\System32\LLXuFks.exe
  C:\Windows\System32\LLXuFks.exe
  2⤵
  PID:6208
- C:\Windows\System32\pApTnwf.exe
  C:\Windows\System32\pApTnwf.exe
  2⤵
  PID:6236
- C:\Windows\System32\ZinfmRf.exe
  C:\Windows\System32\ZinfmRf.exe
  2⤵
  PID:6260
- C:\Windows\System32\uBVUOAt.exe
  C:\Windows\System32\uBVUOAt.exe
  2⤵
  PID:6292
- C:\Windows\System32\VOagsYO.exe
  C:\Windows\System32\VOagsYO.exe
  2⤵
  PID:6320
- C:\Windows\System32\dslAlWD.exe
  C:\Windows\System32\dslAlWD.exe
  2⤵
  PID:6348
- C:\Windows\System32\zyXNzSl.exe
  C:\Windows\System32\zyXNzSl.exe
  2⤵
  PID:6372
- C:\Windows\System32\TUiGGYw.exe
  C:\Windows\System32\TUiGGYw.exe
  2⤵
  PID:6404
- C:\Windows\System32\xqEJXpc.exe
  C:\Windows\System32\xqEJXpc.exe
  2⤵
  PID:6432
- C:\Windows\System32\MxqRctQ.exe
  C:\Windows\System32\MxqRctQ.exe
  2⤵
  PID:6460
- C:\Windows\System32\pXTxjja.exe
  C:\Windows\System32\pXTxjja.exe
  2⤵
  PID:6484
- C:\Windows\System32\elNJDZB.exe
  C:\Windows\System32\elNJDZB.exe
  2⤵
  PID:6516
- C:\Windows\System32\BGrBovU.exe
  C:\Windows\System32\BGrBovU.exe
  2⤵
  PID:6556
- C:\Windows\System32\smxDTot.exe
  C:\Windows\System32\smxDTot.exe
  2⤵
  PID:6572
- C:\Windows\System32\UwlNEqh.exe
  C:\Windows\System32\UwlNEqh.exe
  2⤵
  PID:6596
- C:\Windows\System32\cMubltA.exe
  C:\Windows\System32\cMubltA.exe
  2⤵
  PID:6628
- C:\Windows\System32\LltCPxk.exe
  C:\Windows\System32\LltCPxk.exe
  2⤵
  PID:6664
- C:\Windows\System32\ffxBXOa.exe
  C:\Windows\System32\ffxBXOa.exe
  2⤵
  PID:6684
- C:\Windows\System32\FdVjkaN.exe
  C:\Windows\System32\FdVjkaN.exe
  2⤵
  PID:6712
- C:\Windows\System32\GjMxfTM.exe
  C:\Windows\System32\GjMxfTM.exe
  2⤵
  PID:6736
- C:\Windows\System32\duKTrgn.exe
  C:\Windows\System32\duKTrgn.exe
  2⤵
  PID:6768
- C:\Windows\System32\lupoHvF.exe
  C:\Windows\System32\lupoHvF.exe
  2⤵
  PID:6792
- C:\Windows\System32\XvPTtxP.exe
  C:\Windows\System32\XvPTtxP.exe
  2⤵
  PID:6824
- C:\Windows\System32\xEQhGuk.exe
  C:\Windows\System32\xEQhGuk.exe
  2⤵
  PID:6852
- C:\Windows\System32\HGUUDOR.exe
  C:\Windows\System32\HGUUDOR.exe
  2⤵
  PID:6880
- C:\Windows\System32\ZEvKCfD.exe
  C:\Windows\System32\ZEvKCfD.exe
  2⤵
  PID:6908
- C:\Windows\System32\yPOUBnq.exe
  C:\Windows\System32\yPOUBnq.exe
  2⤵
  PID:6944
- C:\Windows\System32\OIdjnnE.exe
  C:\Windows\System32\OIdjnnE.exe
  2⤵
  PID:6976
- C:\Windows\System32\TdDwjpO.exe
  C:\Windows\System32\TdDwjpO.exe
  2⤵
  PID:7004
- C:\Windows\System32\HGrWJXE.exe
  C:\Windows\System32\HGrWJXE.exe
  2⤵
  PID:7020
- C:\Windows\System32\lwaaRsW.exe
  C:\Windows\System32\lwaaRsW.exe
  2⤵
  PID:7048
- C:\Windows\System32\tDimEcb.exe
  C:\Windows\System32\tDimEcb.exe
  2⤵
  PID:7076
- C:\Windows\System32\tBQqqYi.exe
  C:\Windows\System32\tBQqqYi.exe
  2⤵
  PID:7104
- C:\Windows\System32\buvbQbJ.exe
  C:\Windows\System32\buvbQbJ.exe
  2⤵
  PID:7132
- C:\Windows\System32\zbqaMlO.exe
  C:\Windows\System32\zbqaMlO.exe
  2⤵
  PID:7156
- C:\Windows\System32\qhzNETK.exe
  C:\Windows\System32\qhzNETK.exe
  2⤵
  PID:5192
- C:\Windows\System32\tlNFXNn.exe
  C:\Windows\System32\tlNFXNn.exe
  2⤵
  PID:5684
- C:\Windows\System32\zQyWEaV.exe
  C:\Windows\System32\zQyWEaV.exe
  2⤵
  PID:5992
- C:\Windows\System32\OLNSRqk.exe
  C:\Windows\System32\OLNSRqk.exe
  2⤵
  PID:6164
- C:\Windows\System32\bjqhAvH.exe
  C:\Windows\System32\bjqhAvH.exe
  2⤵
  PID:6228
- C:\Windows\System32\EmqSTOd.exe
  C:\Windows\System32\EmqSTOd.exe
  2⤵
  PID:6300
- C:\Windows\System32\FIripTa.exe
  C:\Windows\System32\FIripTa.exe
  2⤵
  PID:6360
- C:\Windows\System32\GSNrBEk.exe
  C:\Windows\System32\GSNrBEk.exe
  2⤵
  PID:6424
- C:\Windows\System32\oAzpDrq.exe
  C:\Windows\System32\oAzpDrq.exe
  2⤵
  PID:6472
- C:\Windows\System32\wjtzvrG.exe
  C:\Windows\System32\wjtzvrG.exe
  2⤵
  PID:6548
- C:\Windows\System32\ZKVhYYp.exe
  C:\Windows\System32\ZKVhYYp.exe
  2⤵
  PID:6584
- C:\Windows\System32\qetmNoM.exe
  C:\Windows\System32\qetmNoM.exe
  2⤵
  PID:6636
- C:\Windows\System32\EeMGKwF.exe
  C:\Windows\System32\EeMGKwF.exe
  2⤵
  PID:6720
- C:\Windows\System32\WPQJzwu.exe
  C:\Windows\System32\WPQJzwu.exe
  2⤵
  PID:6744
- C:\Windows\System32\IHYYpTj.exe
  C:\Windows\System32\IHYYpTj.exe
  2⤵
  PID:4904
- C:\Windows\System32\OpWhwSo.exe
  C:\Windows\System32\OpWhwSo.exe
  2⤵
  PID:6892
- C:\Windows\System32\diMRdhw.exe
  C:\Windows\System32\diMRdhw.exe
  2⤵
  PID:6952
- C:\Windows\System32\NyKqDZZ.exe
  C:\Windows\System32\NyKqDZZ.exe
  2⤵
  PID:7016
- C:\Windows\System32\QctgBhT.exe
  C:\Windows\System32\QctgBhT.exe
  2⤵
  PID:7056
- C:\Windows\System32\anjPjjQ.exe
  C:\Windows\System32\anjPjjQ.exe
  2⤵
  PID:7124
- C:\Windows\System32\VHjVJkE.exe
  C:\Windows\System32\VHjVJkE.exe
  2⤵
  PID:5312
- C:\Windows\System32\EEZLMuV.exe
  C:\Windows\System32\EEZLMuV.exe
  2⤵
  PID:5816
- C:\Windows\System32\dGBwbhd.exe
  C:\Windows\System32\dGBwbhd.exe
  2⤵
  PID:6216
- C:\Windows\System32\tAWnXXB.exe
  C:\Windows\System32\tAWnXXB.exe
  2⤵
  PID:924
- C:\Windows\System32\DfRfCNX.exe
  C:\Windows\System32\DfRfCNX.exe
  2⤵
  PID:6452
- C:\Windows\System32\afKevYN.exe
  C:\Windows\System32\afKevYN.exe
  2⤵
  PID:6524
- C:\Windows\System32\RQwSBdw.exe
  C:\Windows\System32\RQwSBdw.exe
  2⤵
  PID:3004
- C:\Windows\System32\xcLfFxI.exe
  C:\Windows\System32\xcLfFxI.exe
  2⤵
  PID:3452
- C:\Windows\System32\SfkKAus.exe
  C:\Windows\System32\SfkKAus.exe
  2⤵
  PID:6860
- C:\Windows\System32\odkzMpc.exe
  C:\Windows\System32\odkzMpc.exe
  2⤵
  PID:6988
- C:\Windows\System32\HPHWKnv.exe
  C:\Windows\System32\HPHWKnv.exe
  2⤵
  PID:7060
- C:\Windows\System32\eUoRoZT.exe
  C:\Windows\System32\eUoRoZT.exe
  2⤵
  PID:4868
- C:\Windows\System32\yChiBIz.exe
  C:\Windows\System32\yChiBIz.exe
  2⤵
  PID:4664
- C:\Windows\System32\fQqqHDC.exe
  C:\Windows\System32\fQqqHDC.exe
  2⤵
  PID:404
- C:\Windows\System32\KwVtXnC.exe
  C:\Windows\System32\KwVtXnC.exe
  2⤵
  PID:1296
- C:\Windows\System32\eZXzMXu.exe
  C:\Windows\System32\eZXzMXu.exe
  2⤵
  PID:3228
- C:\Windows\System32\rQPSvnE.exe
  C:\Windows\System32\rQPSvnE.exe
  2⤵
  PID:7152
- C:\Windows\System32\jSkWTMf.exe
  C:\Windows\System32\jSkWTMf.exe
  2⤵
  PID:5028
- C:\Windows\System32\IjDuTyJ.exe
  C:\Windows\System32\IjDuTyJ.exe
  2⤵
  PID:1500
- C:\Windows\System32\nKcpDnl.exe
  C:\Windows\System32\nKcpDnl.exe
  2⤵
  PID:7144
- C:\Windows\System32\nWppgRq.exe
  C:\Windows\System32\nWppgRq.exe
  2⤵
  PID:3724
- C:\Windows\System32\BnFjTzl.exe
  C:\Windows\System32\BnFjTzl.exe
  2⤵
  PID:1600
- C:\Windows\System32\xTQcPWC.exe
  C:\Windows\System32\xTQcPWC.exe
  2⤵
  PID:6780
- C:\Windows\System32\pGzIlxv.exe
  C:\Windows\System32\pGzIlxv.exe
  2⤵
  PID:2096
- C:\Windows\System32\pUZeZIw.exe
  C:\Windows\System32\pUZeZIw.exe
  2⤵
  PID:400
- C:\Windows\System32\JojHdbI.exe
  C:\Windows\System32\JojHdbI.exe
  2⤵
  PID:4648
- C:\Windows\System32\YnnrMWb.exe
  C:\Windows\System32\YnnrMWb.exe
  2⤵
  PID:7176
- C:\Windows\System32\gQYlFQo.exe
  C:\Windows\System32\gQYlFQo.exe
  2⤵
  PID:7252
- C:\Windows\System32\XZMHkKJ.exe
  C:\Windows\System32\XZMHkKJ.exe
  2⤵
  PID:7272
- C:\Windows\System32\JsTPKyX.exe
  C:\Windows\System32\JsTPKyX.exe
  2⤵
  PID:7300
- C:\Windows\System32\DIceljk.exe
  C:\Windows\System32\DIceljk.exe
  2⤵
  PID:7324
- C:\Windows\System32\iOcHxNM.exe
  C:\Windows\System32\iOcHxNM.exe
  2⤵
  PID:7364
- C:\Windows\System32\LBAccyh.exe
  C:\Windows\System32\LBAccyh.exe
  2⤵
  PID:7384
- C:\Windows\System32\hdMYyqq.exe
  C:\Windows\System32\hdMYyqq.exe
  2⤵
  PID:7424
- C:\Windows\System32\drQPXyz.exe
  C:\Windows\System32\drQPXyz.exe
  2⤵
  PID:7456
- C:\Windows\System32\TEtFGiq.exe
  C:\Windows\System32\TEtFGiq.exe
  2⤵
  PID:7500
- C:\Windows\System32\GQYdiOX.exe
  C:\Windows\System32\GQYdiOX.exe
  2⤵
  PID:7540
- C:\Windows\System32\srStNZT.exe
  C:\Windows\System32\srStNZT.exe
  2⤵
  PID:7560
- C:\Windows\System32\vSOlHZK.exe
  C:\Windows\System32\vSOlHZK.exe
  2⤵
  PID:7588
- C:\Windows\System32\zZOkyjl.exe
  C:\Windows\System32\zZOkyjl.exe
  2⤵
  PID:7636
- C:\Windows\System32\otTrMTI.exe
  C:\Windows\System32\otTrMTI.exe
  2⤵
  PID:7672
- C:\Windows\System32\qDuieSU.exe
  C:\Windows\System32\qDuieSU.exe
  2⤵
  PID:7692
- C:\Windows\System32\MgFLYOJ.exe
  C:\Windows\System32\MgFLYOJ.exe
  2⤵
  PID:7720
- C:\Windows\System32\pRTrKqD.exe
  C:\Windows\System32\pRTrKqD.exe
  2⤵
  PID:7764
- C:\Windows\System32\kMFHhNU.exe
  C:\Windows\System32\kMFHhNU.exe
  2⤵
  PID:7808
- C:\Windows\System32\MUzapaq.exe
  C:\Windows\System32\MUzapaq.exe
  2⤵
  PID:7824
- C:\Windows\System32\SyiHlOm.exe
  C:\Windows\System32\SyiHlOm.exe
  2⤵
  PID:7852
- C:\Windows\System32\NFdRSie.exe
  C:\Windows\System32\NFdRSie.exe
  2⤵
  PID:7880
- C:\Windows\System32\mqrbBeP.exe
  C:\Windows\System32\mqrbBeP.exe
  2⤵
  PID:7932
- C:\Windows\System32\QzMjnIs.exe
  C:\Windows\System32\QzMjnIs.exe
  2⤵
  PID:7948
- C:\Windows\System32\OiVReWF.exe
  C:\Windows\System32\OiVReWF.exe
  2⤵
  PID:7988
- C:\Windows\System32\myMvpzy.exe
  C:\Windows\System32\myMvpzy.exe
  2⤵
  PID:8028
- C:\Windows\System32\mBDPMoN.exe
  C:\Windows\System32\mBDPMoN.exe
  2⤵
  PID:8044
- C:\Windows\System32\IObraAQ.exe
  C:\Windows\System32\IObraAQ.exe
  2⤵
  PID:8060
- C:\Windows\System32\TTxzZDT.exe
  C:\Windows\System32\TTxzZDT.exe
  2⤵
  PID:8100
- C:\Windows\System32\IBBkUxp.exe
  C:\Windows\System32\IBBkUxp.exe
  2⤵
  PID:8124
- C:\Windows\System32\meoBspg.exe
  C:\Windows\System32\meoBspg.exe
  2⤵
  PID:8156
- C:\Windows\System32\FarNmzs.exe
  C:\Windows\System32\FarNmzs.exe
  2⤵
  PID:8180
- C:\Windows\System32\URBLyLU.exe
  C:\Windows\System32\URBLyLU.exe
  2⤵
  PID:4604
- C:\Windows\System32\EYxubUB.exe
  C:\Windows\System32\EYxubUB.exe
  2⤵
  PID:6604
- C:\Windows\System32\zWbGNUM.exe
  C:\Windows\System32\zWbGNUM.exe
  2⤵
  PID:6412
- C:\Windows\System32\GRZSdqo.exe
  C:\Windows\System32\GRZSdqo.exe
  2⤵
  PID:2872
- C:\Windows\System32\BzGvjnq.exe
  C:\Windows\System32\BzGvjnq.exe
  2⤵
  PID:7308
- C:\Windows\System32\RwbAQuI.exe
  C:\Windows\System32\RwbAQuI.exe
  2⤵
  PID:7392
- C:\Windows\System32\OWraLwC.exe
  C:\Windows\System32\OWraLwC.exe
  2⤵
  PID:7476
- C:\Windows\System32\sqADCBy.exe
  C:\Windows\System32\sqADCBy.exe
  2⤵
  PID:7556
- C:\Windows\System32\OtzIimj.exe
  C:\Windows\System32\OtzIimj.exe
  2⤵
  PID:7584
- C:\Windows\System32\jOzoPck.exe
  C:\Windows\System32\jOzoPck.exe
  2⤵
  PID:7684
- C:\Windows\System32\MIxbipH.exe
  C:\Windows\System32\MIxbipH.exe
  2⤵
  PID:7752
- C:\Windows\System32\ellgZLC.exe
  C:\Windows\System32\ellgZLC.exe
  2⤵
  PID:1860
- C:\Windows\System32\WcQbLAY.exe
  C:\Windows\System32\WcQbLAY.exe
  2⤵
  PID:7244
- C:\Windows\System32\gDogMee.exe
  C:\Windows\System32\gDogMee.exe
  2⤵
  PID:7836
- C:\Windows\System32\SOSTafP.exe
  C:\Windows\System32\SOSTafP.exe
  2⤵
  PID:7876
- C:\Windows\System32\ZviGJYY.exe
  C:\Windows\System32\ZviGJYY.exe
  2⤵
  PID:8016
- C:\Windows\System32\nktMCVY.exe
  C:\Windows\System32\nktMCVY.exe
  2⤵
  PID:8084
- C:\Windows\System32\XizbgnS.exe
  C:\Windows\System32\XizbgnS.exe
  2⤵
  PID:8116
- C:\Windows\System32\nfHEhlg.exe
  C:\Windows\System32\nfHEhlg.exe
  2⤵
  PID:8152
- C:\Windows\System32\cYaCnxb.exe
  C:\Windows\System32\cYaCnxb.exe
  2⤵
  PID:7216
- C:\Windows\System32\zAfafiP.exe
  C:\Windows\System32\zAfafiP.exe
  2⤵
  PID:7408
- C:\Windows\System32\bXavSTM.exe
  C:\Windows\System32\bXavSTM.exe
  2⤵
  PID:7572
- C:\Windows\System32\QaPAZiR.exe
  C:\Windows\System32\QaPAZiR.exe
  2⤵
  PID:7680
- C:\Windows\System32\hNqoGFE.exe
  C:\Windows\System32\hNqoGFE.exe
  2⤵
  PID:7816
- C:\Windows\System32\LSLlajX.exe
  C:\Windows\System32\LSLlajX.exe
  2⤵
  PID:7944
- C:\Windows\System32\mcBlSVX.exe
  C:\Windows\System32\mcBlSVX.exe
  2⤵
  PID:8108
- C:\Windows\System32\ZMGJTPq.exe
  C:\Windows\System32\ZMGJTPq.exe
  2⤵
  PID:8188
- C:\Windows\System32\olWxOYb.exe
  C:\Windows\System32\olWxOYb.exe
  2⤵
  PID:7664
- C:\Windows\System32\nBhsBjB.exe
  C:\Windows\System32\nBhsBjB.exe
  2⤵
  PID:7860
- C:\Windows\System32\QSgCyAX.exe
  C:\Windows\System32\QSgCyAX.exe
  2⤵
  PID:3448
- C:\Windows\System32\hwvjBuO.exe
  C:\Windows\System32\hwvjBuO.exe
  2⤵
  PID:7996
- C:\Windows\System32\EXHaiHn.exe
  C:\Windows\System32\EXHaiHn.exe
  2⤵
  PID:7480
- C:\Windows\System32\bczgNNR.exe
  C:\Windows\System32\bczgNNR.exe
  2⤵
  PID:8208
- C:\Windows\System32\qmQoVjT.exe
  C:\Windows\System32\qmQoVjT.exe
  2⤵
  PID:8244
- C:\Windows\System32\HuuIDwJ.exe
  C:\Windows\System32\HuuIDwJ.exe
  2⤵
  PID:8276
- C:\Windows\System32\vbsSiYo.exe
  C:\Windows\System32\vbsSiYo.exe
  2⤵
  PID:8304
- C:\Windows\System32\Wmctaju.exe
  C:\Windows\System32\Wmctaju.exe
  2⤵
  PID:8332
- C:\Windows\System32\EVoliYB.exe
  C:\Windows\System32\EVoliYB.exe
  2⤵
  PID:8348
- C:\Windows\System32\HLbyOmn.exe
  C:\Windows\System32\HLbyOmn.exe
  2⤵
  PID:8396
- C:\Windows\System32\LJWBcrP.exe
  C:\Windows\System32\LJWBcrP.exe
  2⤵
  PID:8428
- C:\Windows\System32\PHfDsRT.exe
  C:\Windows\System32\PHfDsRT.exe
  2⤵
  PID:8456
- C:\Windows\System32\zjJaRyg.exe
  C:\Windows\System32\zjJaRyg.exe
  2⤵
  PID:8484
- C:\Windows\System32\XxYXSrk.exe
  C:\Windows\System32\XxYXSrk.exe
  2⤵
  PID:8512
- C:\Windows\System32\bkwwLoY.exe
  C:\Windows\System32\bkwwLoY.exe
  2⤵
  PID:8540
- C:\Windows\System32\IqiwKUA.exe
  C:\Windows\System32\IqiwKUA.exe
  2⤵
  PID:8568
- C:\Windows\System32\EIBRryg.exe
  C:\Windows\System32\EIBRryg.exe
  2⤵
  PID:8592
- C:\Windows\System32\BWWHAlG.exe
  C:\Windows\System32\BWWHAlG.exe
  2⤵
  PID:8616
- C:\Windows\System32\DIRyEhl.exe
  C:\Windows\System32\DIRyEhl.exe
  2⤵
  PID:8640
- C:\Windows\System32\cTqSsAq.exe
  C:\Windows\System32\cTqSsAq.exe
  2⤵
  PID:8680
- C:\Windows\System32\CbeXgIU.exe
  C:\Windows\System32\CbeXgIU.exe
  2⤵
  PID:8708
- C:\Windows\System32\SftqRxI.exe
  C:\Windows\System32\SftqRxI.exe
  2⤵
  PID:8740
- C:\Windows\System32\ahnFvyV.exe
  C:\Windows\System32\ahnFvyV.exe
  2⤵
  PID:8756
- C:\Windows\System32\NjaNITj.exe
  C:\Windows\System32\NjaNITj.exe
  2⤵
  PID:8784
- C:\Windows\System32\RCzTEyt.exe
  C:\Windows\System32\RCzTEyt.exe
  2⤵
  PID:8824
- C:\Windows\System32\qSjKeoY.exe
  C:\Windows\System32\qSjKeoY.exe
  2⤵
  PID:8852
- C:\Windows\System32\kpMpJTB.exe
  C:\Windows\System32\kpMpJTB.exe
  2⤵
  PID:8868
- C:\Windows\System32\iSDwDAe.exe
  C:\Windows\System32\iSDwDAe.exe
  2⤵
  PID:8904
- C:\Windows\System32\vOQMeQn.exe
  C:\Windows\System32\vOQMeQn.exe
  2⤵
  PID:8936
- C:\Windows\System32\MCUeZCi.exe
  C:\Windows\System32\MCUeZCi.exe
  2⤵
  PID:8956
- C:\Windows\System32\tTQWGMX.exe
  C:\Windows\System32\tTQWGMX.exe
  2⤵
  PID:8992
- C:\Windows\System32\dYLjhEo.exe
  C:\Windows\System32\dYLjhEo.exe
  2⤵
  PID:9020
- C:\Windows\System32\JVAijKL.exe
  C:\Windows\System32\JVAijKL.exe
  2⤵
  PID:9044
- C:\Windows\System32\usAhahM.exe
  C:\Windows\System32\usAhahM.exe
  2⤵
  PID:9064
- C:\Windows\System32\PUTuYEh.exe
  C:\Windows\System32\PUTuYEh.exe
  2⤵
  PID:9104
- C:\Windows\System32\qxZGzmL.exe
  C:\Windows\System32\qxZGzmL.exe
  2⤵
  PID:9120
- C:\Windows\System32\WTVLPgC.exe
  C:\Windows\System32\WTVLPgC.exe
  2⤵
  PID:9156
- C:\Windows\System32\CALkHYo.exe
  C:\Windows\System32\CALkHYo.exe
  2⤵
  PID:9176
- C:\Windows\System32\dporrOY.exe
  C:\Windows\System32\dporrOY.exe
  2⤵
  PID:9204
- C:\Windows\System32\eDVdrjQ.exe
  C:\Windows\System32\eDVdrjQ.exe
  2⤵
  PID:8268
- C:\Windows\System32\KKqkIFD.exe
  C:\Windows\System32\KKqkIFD.exe
  2⤵
  PID:8316
- C:\Windows\System32\WXFVdbo.exe
  C:\Windows\System32\WXFVdbo.exe
  2⤵
  PID:8404
- C:\Windows\System32\YHkMTcq.exe
  C:\Windows\System32\YHkMTcq.exe
  2⤵
  PID:8480
- C:\Windows\System32\hrojCGO.exe
  C:\Windows\System32\hrojCGO.exe
  2⤵
  PID:8536
- C:\Windows\System32\GgGSpLi.exe
  C:\Windows\System32\GgGSpLi.exe
  2⤵
  PID:8676
- C:\Windows\System32\gwFITjS.exe
  C:\Windows\System32\gwFITjS.exe
  2⤵
  PID:8728
- C:\Windows\System32\QMjFfLY.exe
  C:\Windows\System32\QMjFfLY.exe
  2⤵
  PID:8796
- C:\Windows\System32\iUcwcxu.exe
  C:\Windows\System32\iUcwcxu.exe
  2⤵
  PID:8836
- C:\Windows\System32\aWwVHOw.exe
  C:\Windows\System32\aWwVHOw.exe
  2⤵
  PID:8920
- C:\Windows\System32\oTbSUHE.exe
  C:\Windows\System32\oTbSUHE.exe
  2⤵
  PID:8984
- C:\Windows\System32\LsuAAsH.exe
  C:\Windows\System32\LsuAAsH.exe
  2⤵
  PID:9060
- C:\Windows\System32\Seigmzp.exe
  C:\Windows\System32\Seigmzp.exe
  2⤵
  PID:9084
- C:\Windows\System32\FryqaKc.exe
  C:\Windows\System32\FryqaKc.exe
  2⤵
  PID:9168
- C:\Windows\System32\nApwMzh.exe
  C:\Windows\System32\nApwMzh.exe
  2⤵
  PID:8236
- C:\Windows\System32\eeUITvV.exe
  C:\Windows\System32\eeUITvV.exe
  2⤵
  PID:8364
- C:\Windows\System32\AnaAhmP.exe
  C:\Windows\System32\AnaAhmP.exe
  2⤵
  PID:8564
- C:\Windows\System32\TmkPsXs.exe
  C:\Windows\System32\TmkPsXs.exe
  2⤵
  PID:8700
- C:\Windows\System32\cxiVuEj.exe
  C:\Windows\System32\cxiVuEj.exe
  2⤵
  PID:8884
- C:\Windows\System32\AxcuHzh.exe
  C:\Windows\System32\AxcuHzh.exe
  2⤵
  PID:9076
- C:\Windows\System32\oSCvCzK.exe
  C:\Windows\System32\oSCvCzK.exe
  2⤵
  PID:8196
- C:\Windows\System32\gxkeCUD.exe
  C:\Windows\System32\gxkeCUD.exe
  2⤵
  PID:8524
- C:\Windows\System32\bRbGoKh.exe
  C:\Windows\System32\bRbGoKh.exe
  2⤵
  PID:8812
- C:\Windows\System32\gsDlFoT.exe
  C:\Windows\System32\gsDlFoT.exe
  2⤵
  PID:9196
- C:\Windows\System32\ROHKNxM.exe
  C:\Windows\System32\ROHKNxM.exe
  2⤵
  PID:8448
- C:\Windows\System32\anwfDGU.exe
  C:\Windows\System32\anwfDGU.exe
  2⤵
  PID:9240
- C:\Windows\System32\mrHPtMM.exe
  C:\Windows\System32\mrHPtMM.exe
  2⤵
  PID:9260
- C:\Windows\System32\ulwRYte.exe
  C:\Windows\System32\ulwRYte.exe
  2⤵
  PID:9300
- C:\Windows\System32\UHfweRE.exe
  C:\Windows\System32\UHfweRE.exe
  2⤵
  PID:9340
- C:\Windows\System32\MdcHWbd.exe
  C:\Windows\System32\MdcHWbd.exe
  2⤵
  PID:9356
- C:\Windows\System32\AWETVXs.exe
  C:\Windows\System32\AWETVXs.exe
  2⤵
  PID:9384
- C:\Windows\System32\bJAHqyC.exe
  C:\Windows\System32\bJAHqyC.exe
  2⤵
  PID:9400
- C:\Windows\System32\eLNMBuL.exe
  C:\Windows\System32\eLNMBuL.exe
  2⤵
  PID:9420
- C:\Windows\System32\Anmejvc.exe
  C:\Windows\System32\Anmejvc.exe
  2⤵
  PID:9464
- C:\Windows\System32\KmJrxBK.exe
  C:\Windows\System32\KmJrxBK.exe
  2⤵
  PID:9484
- C:\Windows\System32\xYVaTJa.exe
  C:\Windows\System32\xYVaTJa.exe
  2⤵
  PID:9516
- C:\Windows\System32\kdKhqzI.exe
  C:\Windows\System32\kdKhqzI.exe
  2⤵
  PID:9552
- C:\Windows\System32\wLyweQi.exe
  C:\Windows\System32\wLyweQi.exe
  2⤵
  PID:9580
- C:\Windows\System32\YANvBex.exe
  C:\Windows\System32\YANvBex.exe
  2⤵
  PID:9608
- C:\Windows\System32\gGNOlLL.exe
  C:\Windows\System32\gGNOlLL.exe
  2⤵
  PID:9636
- C:\Windows\System32\JOXPsyg.exe
  C:\Windows\System32\JOXPsyg.exe
  2⤵
  PID:9656
- C:\Windows\System32\PtfMoAG.exe
  C:\Windows\System32\PtfMoAG.exe
  2⤵
  PID:9684
- C:\Windows\System32\MUdmUTJ.exe
  C:\Windows\System32\MUdmUTJ.exe
  2⤵
  PID:9708
- C:\Windows\System32\lZxwAOB.exe
  C:\Windows\System32\lZxwAOB.exe
  2⤵
  PID:9740
- C:\Windows\System32\mhjcoSJ.exe
  C:\Windows\System32\mhjcoSJ.exe
  2⤵
  PID:9776
- C:\Windows\System32\HAGtrAr.exe
  C:\Windows\System32\HAGtrAr.exe
  2⤵
  PID:9804
- C:\Windows\System32\VualvbY.exe
  C:\Windows\System32\VualvbY.exe
  2⤵
  PID:9832
- C:\Windows\System32\uYjflxW.exe
  C:\Windows\System32\uYjflxW.exe
  2⤵
  PID:9864
- C:\Windows\System32\EwXsWGv.exe
  C:\Windows\System32\EwXsWGv.exe
  2⤵
  PID:9892
- C:\Windows\System32\EQRPuSd.exe
  C:\Windows\System32\EQRPuSd.exe
  2⤵
  PID:9920
- C:\Windows\System32\JkJFseH.exe
  C:\Windows\System32\JkJFseH.exe
  2⤵
  PID:9948
- C:\Windows\System32\IhxjxMp.exe
  C:\Windows\System32\IhxjxMp.exe
  2⤵
  PID:9976
- C:\Windows\System32\EHDBNDY.exe
  C:\Windows\System32\EHDBNDY.exe
  2⤵
  PID:10004
- C:\Windows\System32\nJyJOec.exe
  C:\Windows\System32\nJyJOec.exe
  2⤵
  PID:10032
- C:\Windows\System32\eLTNzaz.exe
  C:\Windows\System32\eLTNzaz.exe
  2⤵
  PID:10060
- C:\Windows\System32\tlYnRAP.exe
  C:\Windows\System32\tlYnRAP.exe
  2⤵
  PID:10088
- C:\Windows\System32\rRZeubs.exe
  C:\Windows\System32\rRZeubs.exe
  2⤵
  PID:10120
- C:\Windows\System32\HLlyqCL.exe
  C:\Windows\System32\HLlyqCL.exe
  2⤵
  PID:10156
- C:\Windows\System32\oXSpdYC.exe
  C:\Windows\System32\oXSpdYC.exe
  2⤵
  PID:10192
- C:\Windows\System32\dilTzmB.exe
  C:\Windows\System32\dilTzmB.exe
  2⤵
  PID:10220
- C:\Windows\System32\qbwXYJL.exe
  C:\Windows\System32\qbwXYJL.exe
  2⤵
  PID:9232
- C:\Windows\System32\VNaEmZp.exe
  C:\Windows\System32\VNaEmZp.exe
  2⤵
  PID:9372
- C:\Windows\System32\xHMfPeT.exe
  C:\Windows\System32\xHMfPeT.exe
  2⤵
  PID:9452
- C:\Windows\System32\STygcNJ.exe
  C:\Windows\System32\STygcNJ.exe
  2⤵
  PID:9540
- C:\Windows\System32\oitNcAY.exe
  C:\Windows\System32\oitNcAY.exe
  2⤵
  PID:9632
- C:\Windows\System32\FDdmJgm.exe
  C:\Windows\System32\FDdmJgm.exe
  2⤵
  PID:9692
- C:\Windows\System32\DZTXgaY.exe
  C:\Windows\System32\DZTXgaY.exe
  2⤵
  PID:9760
- C:\Windows\System32\RDtChKR.exe
  C:\Windows\System32\RDtChKR.exe
  2⤵
  PID:9816
- C:\Windows\System32\zFsZhTe.exe
  C:\Windows\System32\zFsZhTe.exe
  2⤵
  PID:9888
- C:\Windows\System32\txeRlQT.exe
  C:\Windows\System32\txeRlQT.exe
  2⤵
  PID:9940
- C:\Windows\System32\JPfKzeh.exe
  C:\Windows\System32\JPfKzeh.exe
  2⤵
  PID:10016
- C:\Windows\System32\ApzoNdM.exe
  C:\Windows\System32\ApzoNdM.exe
  2⤵
  PID:10116
- C:\Windows\System32\DICuDnE.exe
  C:\Windows\System32\DICuDnE.exe
  2⤵
  PID:10180
- C:\Windows\System32\yoYLiuY.exe
  C:\Windows\System32\yoYLiuY.exe
  2⤵
  PID:9436
- C:\Windows\System32\YubMriq.exe
  C:\Windows\System32\YubMriq.exe
  2⤵
  PID:9644
- C:\Windows\System32\ktvwBaE.exe
  C:\Windows\System32\ktvwBaE.exe
  2⤵
  PID:9884
- C:\Windows\System32\XjWifNU.exe
  C:\Windows\System32\XjWifNU.exe
  2⤵
  PID:10100
- C:\Windows\System32\uwTOmLd.exe
  C:\Windows\System32\uwTOmLd.exe
  2⤵
  PID:9476
- C:\Windows\System32\ccBclss.exe
  C:\Windows\System32\ccBclss.exe
  2⤵
  PID:9392
- C:\Windows\System32\rGVBjII.exe
  C:\Windows\System32\rGVBjII.exe
  2⤵
  PID:10256
- C:\Windows\System32\pOuDFzL.exe
  C:\Windows\System32\pOuDFzL.exe
  2⤵
  PID:10284
- C:\Windows\System32\EDiNSnA.exe
  C:\Windows\System32\EDiNSnA.exe
  2⤵
  PID:10312
- C:\Windows\System32\CdgtUeS.exe
  C:\Windows\System32\CdgtUeS.exe
  2⤵
  PID:10340
- C:\Windows\System32\yroEzvl.exe
  C:\Windows\System32\yroEzvl.exe
  2⤵
  PID:10380
- C:\Windows\System32\iosfJju.exe
  C:\Windows\System32\iosfJju.exe
  2⤵
  PID:10408
- C:\Windows\System32\vCAYViX.exe
  C:\Windows\System32\vCAYViX.exe
  2⤵
  PID:10436
- C:\Windows\System32\JhyAEPk.exe
  C:\Windows\System32\JhyAEPk.exe
  2⤵
  PID:10464
- C:\Windows\System32\rKigILb.exe
  C:\Windows\System32\rKigILb.exe
  2⤵
  PID:10496
- C:\Windows\System32\ratAXkB.exe
  C:\Windows\System32\ratAXkB.exe
  2⤵
  PID:10524
- C:\Windows\System32\tFHLlEx.exe
  C:\Windows\System32\tFHLlEx.exe
  2⤵
  PID:10552
- C:\Windows\System32\VXPiVOo.exe
  C:\Windows\System32\VXPiVOo.exe
  2⤵
  PID:10580
- C:\Windows\System32\VHOslAb.exe
  C:\Windows\System32\VHOslAb.exe
  2⤵
  PID:10608
- C:\Windows\System32\LYFzrXM.exe
  C:\Windows\System32\LYFzrXM.exe
  2⤵
  PID:10644
- C:\Windows\System32\jXOfORa.exe
  C:\Windows\System32\jXOfORa.exe
  2⤵
  PID:10668
- C:\Windows\System32\BqgqYAn.exe
  C:\Windows\System32\BqgqYAn.exe
  2⤵
  PID:10696
- C:\Windows\System32\qvsTevq.exe
  C:\Windows\System32\qvsTevq.exe
  2⤵
  PID:10724
- C:\Windows\System32\dYzwtWn.exe
  C:\Windows\System32\dYzwtWn.exe
  2⤵
  PID:10752
- C:\Windows\System32\CyAZYRA.exe
  C:\Windows\System32\CyAZYRA.exe
  2⤵
  PID:10784
- C:\Windows\System32\uviajku.exe
  C:\Windows\System32\uviajku.exe
  2⤵
  PID:10820
- C:\Windows\System32\bmhkRyx.exe
  C:\Windows\System32\bmhkRyx.exe
  2⤵
  PID:10848
- C:\Windows\System32\CMweLVT.exe
  C:\Windows\System32\CMweLVT.exe
  2⤵
  PID:10876
- C:\Windows\System32\RmInRgW.exe
  C:\Windows\System32\RmInRgW.exe
  2⤵
  PID:10904
- C:\Windows\System32\psbLuaZ.exe
  C:\Windows\System32\psbLuaZ.exe
  2⤵
  PID:10932
- C:\Windows\System32\bGuyfOH.exe
  C:\Windows\System32\bGuyfOH.exe
  2⤵
  PID:10960
- C:\Windows\System32\SehTQBD.exe
  C:\Windows\System32\SehTQBD.exe
  2⤵
  PID:10988
- C:\Windows\System32\UrUWOmw.exe
  C:\Windows\System32\UrUWOmw.exe
  2⤵
  PID:11016
- C:\Windows\System32\xvaIUEh.exe
  C:\Windows\System32\xvaIUEh.exe
  2⤵
  PID:11048
- C:\Windows\System32\CCSFGVd.exe
  C:\Windows\System32\CCSFGVd.exe
  2⤵
  PID:11080
- C:\Windows\System32\OQugVsM.exe
  C:\Windows\System32\OQugVsM.exe
  2⤵
  PID:11108
- C:\Windows\System32\ZUHDwOu.exe
  C:\Windows\System32\ZUHDwOu.exe
  2⤵
  PID:11144
- C:\Windows\System32\sMcGyuk.exe
  C:\Windows\System32\sMcGyuk.exe
  2⤵
  PID:11172
- C:\Windows\System32\XgSLbhE.exe
  C:\Windows\System32\XgSLbhE.exe
  2⤵
  PID:11204
- C:\Windows\System32\jdGvNKS.exe
  C:\Windows\System32\jdGvNKS.exe
  2⤵
  PID:11232
- C:\Windows\System32\EHmKsSW.exe
  C:\Windows\System32\EHmKsSW.exe
  2⤵
  PID:11260
- C:\Windows\System32\yQzOWAO.exe
  C:\Windows\System32\yQzOWAO.exe
  2⤵
  PID:10296
- C:\Windows\System32\xWLycHV.exe
  C:\Windows\System32\xWLycHV.exe
  2⤵
  PID:10376
- C:\Windows\System32\wurhOlq.exe
  C:\Windows\System32\wurhOlq.exe
  2⤵
  PID:10432
- C:\Windows\System32\UsQLIiD.exe
  C:\Windows\System32\UsQLIiD.exe
  2⤵
  PID:10508
- C:\Windows\System32\MTOifcv.exe
  C:\Windows\System32\MTOifcv.exe
  2⤵
  PID:10572
- C:\Windows\System32\ztXnonc.exe
  C:\Windows\System32\ztXnonc.exe
  2⤵
  PID:10140
- C:\Windows\System32\dRofRsb.exe
  C:\Windows\System32\dRofRsb.exe
  2⤵
  PID:10708
- C:\Windows\System32\IiKBSpb.exe
  C:\Windows\System32\IiKBSpb.exe
  2⤵
  PID:10776
- C:\Windows\System32\ZcUbrgo.exe
  C:\Windows\System32\ZcUbrgo.exe
  2⤵
  PID:10844
- C:\Windows\System32\EcPRJCo.exe
  C:\Windows\System32\EcPRJCo.exe
  2⤵
  PID:10916
- C:\Windows\System32\oCaDRkj.exe
  C:\Windows\System32\oCaDRkj.exe
  2⤵
  PID:10980
- C:\Windows\System32\XeVvbgQ.exe
  C:\Windows\System32\XeVvbgQ.exe
  2⤵
  PID:11040
- C:\Windows\System32\nhrHitR.exe
  C:\Windows\System32\nhrHitR.exe
  2⤵
  PID:11120
- C:\Windows\System32\qKWvHAf.exe
  C:\Windows\System32\qKWvHAf.exe
  2⤵
  PID:11132
- C:\Windows\System32\VcFZIfI.exe
  C:\Windows\System32\VcFZIfI.exe
  2⤵
  PID:11244
- C:\Windows\System32\OJWjKzK.exe
  C:\Windows\System32\OJWjKzK.exe
  2⤵
  PID:10276
- C:\Windows\System32\fNzQKZx.exe
  C:\Windows\System32\fNzQKZx.exe
  2⤵
  PID:10488
- C:\Windows\System32\tsskidv.exe
  C:\Windows\System32\tsskidv.exe
  2⤵
  PID:10628
- C:\Windows\System32\GewhZGD.exe
  C:\Windows\System32\GewhZGD.exe
  2⤵
  PID:10832
- C:\Windows\System32\kCWADKf.exe
  C:\Windows\System32\kCWADKf.exe
  2⤵
  PID:10972
- C:\Windows\System32\TmZcRry.exe
  C:\Windows\System32\TmZcRry.exe
  2⤵
  PID:11156
- C:\Windows\System32\iErhIgU.exe
  C:\Windows\System32\iErhIgU.exe
  2⤵
  PID:10460
- C:\Windows\System32\UbkIQDt.exe
  C:\Windows\System32\UbkIQDt.exe
  2⤵
  PID:10748
- C:\Windows\System32\JKThOCJ.exe
  C:\Windows\System32\JKThOCJ.exe
  2⤵
  PID:11200
- C:\Windows\System32\KfudViI.exe
  C:\Windows\System32\KfudViI.exe
  2⤵
  PID:11096
- C:\Windows\System32\KJEkQKV.exe
  C:\Windows\System32\KJEkQKV.exe
  2⤵
  PID:11272
- C:\Windows\System32\OERQnDo.exe
  C:\Windows\System32\OERQnDo.exe
  2⤵
  PID:11300
- C:\Windows\System32\oRkDktK.exe
  C:\Windows\System32\oRkDktK.exe
  2⤵
  PID:11328
- C:\Windows\System32\lEhswNv.exe
  C:\Windows\System32\lEhswNv.exe
  2⤵
  PID:11356
- C:\Windows\System32\arGNvOQ.exe
  C:\Windows\System32\arGNvOQ.exe
  2⤵
  PID:11384
- C:\Windows\System32\yATaATK.exe
  C:\Windows\System32\yATaATK.exe
  2⤵
  PID:11412
- C:\Windows\System32\IRuVQWe.exe
  C:\Windows\System32\IRuVQWe.exe
  2⤵
  PID:11440
- C:\Windows\System32\iEqLFgG.exe
  C:\Windows\System32\iEqLFgG.exe
  2⤵
  PID:11468
- C:\Windows\System32\cNgkgpY.exe
  C:\Windows\System32\cNgkgpY.exe
  2⤵
  PID:11496
- C:\Windows\System32\HgFitjY.exe
  C:\Windows\System32\HgFitjY.exe
  2⤵
  PID:11524
- C:\Windows\System32\ePlKmgW.exe
  C:\Windows\System32\ePlKmgW.exe
  2⤵
  PID:11556
- C:\Windows\System32\HNiOBVh.exe
  C:\Windows\System32\HNiOBVh.exe
  2⤵
  PID:11580
- C:\Windows\System32\gAJREvp.exe
  C:\Windows\System32\gAJREvp.exe
  2⤵
  PID:11608
- C:\Windows\System32\RiFDYZq.exe
  C:\Windows\System32\RiFDYZq.exe
  2⤵
  PID:11636
- C:\Windows\System32\fyiNCmY.exe
  C:\Windows\System32\fyiNCmY.exe
  2⤵
  PID:11668
- C:\Windows\System32\zdavizJ.exe
  C:\Windows\System32\zdavizJ.exe
  2⤵
  PID:11704
- C:\Windows\System32\PZtwYVw.exe
  C:\Windows\System32\PZtwYVw.exe
  2⤵
  PID:11724
- C:\Windows\System32\ZePMhiZ.exe
  C:\Windows\System32\ZePMhiZ.exe
  2⤵
  PID:11752
- C:\Windows\System32\GolHkli.exe
  C:\Windows\System32\GolHkli.exe
  2⤵
  PID:11780
- C:\Windows\System32\tutClKw.exe
  C:\Windows\System32\tutClKw.exe
  2⤵
  PID:11808
- C:\Windows\System32\CEGFGou.exe
  C:\Windows\System32\CEGFGou.exe
  2⤵
  PID:11836
- C:\Windows\System32\kcvRgHv.exe
  C:\Windows\System32\kcvRgHv.exe
  2⤵
  PID:11864
- C:\Windows\System32\PPyfpYR.exe
  C:\Windows\System32\PPyfpYR.exe
  2⤵
  PID:11896
- C:\Windows\System32\xquweGY.exe
  C:\Windows\System32\xquweGY.exe
  2⤵
  PID:11924
- C:\Windows\System32\esGrtwn.exe
  C:\Windows\System32\esGrtwn.exe
  2⤵
  PID:11956
- C:\Windows\System32\KZJyRzn.exe
  C:\Windows\System32\KZJyRzn.exe
  2⤵
  PID:11980
- C:\Windows\System32\CBAiXRO.exe
  C:\Windows\System32\CBAiXRO.exe
  2⤵
  PID:12008
- C:\Windows\System32\mHePVoI.exe
  C:\Windows\System32\mHePVoI.exe
  2⤵
  PID:12036
- C:\Windows\System32\ZHVFuUU.exe
  C:\Windows\System32\ZHVFuUU.exe
  2⤵
  PID:12064
- C:\Windows\System32\zFMACxu.exe
  C:\Windows\System32\zFMACxu.exe
  2⤵
  PID:12092
- C:\Windows\System32\gbAvnPv.exe
  C:\Windows\System32\gbAvnPv.exe
  2⤵
  PID:12120
- C:\Windows\System32\cVnQxRv.exe
  C:\Windows\System32\cVnQxRv.exe
  2⤵
  PID:12148
- C:\Windows\System32\kDBIjdj.exe
  C:\Windows\System32\kDBIjdj.exe
  2⤵
  PID:12176
- C:\Windows\System32\YghztJh.exe
  C:\Windows\System32\YghztJh.exe
  2⤵
  PID:12204
- C:\Windows\System32\bByaTJw.exe
  C:\Windows\System32\bByaTJw.exe
  2⤵
  PID:12232
- C:\Windows\System32\vqzzErC.exe
  C:\Windows\System32\vqzzErC.exe
  2⤵
  PID:12260
- C:\Windows\System32\fCkWpvu.exe
  C:\Windows\System32\fCkWpvu.exe
  2⤵
  PID:10812
- C:\Windows\System32\PhNWSUN.exe
  C:\Windows\System32\PhNWSUN.exe
  2⤵
  PID:11324
- C:\Windows\System32\jtCwGlM.exe
  C:\Windows\System32\jtCwGlM.exe
  2⤵
  PID:11396
- C:\Windows\System32\BNkZbFX.exe
  C:\Windows\System32\BNkZbFX.exe
  2⤵
  PID:11460
- C:\Windows\System32\hmfGwzL.exe
  C:\Windows\System32\hmfGwzL.exe
  2⤵
  PID:11520
- C:\Windows\System32\mXqzIGC.exe
  C:\Windows\System32\mXqzIGC.exe
  2⤵
  PID:11576
- C:\Windows\System32\FDgdkwu.exe
  C:\Windows\System32\FDgdkwu.exe
  2⤵
  PID:11648
- C:\Windows\System32\ObXatby.exe
  C:\Windows\System32\ObXatby.exe
  2⤵
  PID:11716
- C:\Windows\System32\bDRSQuq.exe
  C:\Windows\System32\bDRSQuq.exe
  2⤵
  PID:11772
- C:\Windows\System32\TNVkzaK.exe
  C:\Windows\System32\TNVkzaK.exe
  2⤵
  PID:11832
- C:\Windows\System32\XvOCllp.exe
  C:\Windows\System32\XvOCllp.exe
  2⤵
  PID:11908
- C:\Windows\System32\sDgziPA.exe
  C:\Windows\System32\sDgziPA.exe
  2⤵
  PID:11992
- C:\Windows\System32\vhXTVYS.exe
  C:\Windows\System32\vhXTVYS.exe
  2⤵
  PID:12032
- C:\Windows\System32\FAIJvWl.exe
  C:\Windows\System32\FAIJvWl.exe
  2⤵
  PID:12104
- C:\Windows\System32\WAkxCgZ.exe
  C:\Windows\System32\WAkxCgZ.exe
  2⤵
  PID:12168
- C:\Windows\System32\SnajKue.exe
  C:\Windows\System32\SnajKue.exe
  2⤵
  PID:12228
- C:\Windows\System32\jgahxTS.exe
  C:\Windows\System32\jgahxTS.exe
  2⤵
  PID:11292
- C:\Windows\System32\GWzqOrj.exe
  C:\Windows\System32\GWzqOrj.exe
  2⤵
  PID:11452
- C:\Windows\System32\hsTuwRc.exe
  C:\Windows\System32\hsTuwRc.exe
  2⤵
  PID:11044
- C:\Windows\System32\sSnPJHn.exe
  C:\Windows\System32\sSnPJHn.exe
  2⤵
  PID:11684
- C:\Windows\System32\KwnXdGp.exe
  C:\Windows\System32\KwnXdGp.exe
  2⤵
  PID:11888
- C:\Windows\System32\vsWEcuF.exe
  C:\Windows\System32\vsWEcuF.exe
  2⤵
  PID:12020
- C:\Windows\System32\LyULcnv.exe
  C:\Windows\System32\LyULcnv.exe
  2⤵
  PID:12200
- C:\Windows\System32\chRnxOz.exe
  C:\Windows\System32\chRnxOz.exe
  2⤵
  PID:1496
- C:\Windows\System32\nYGGOGq.exe
  C:\Windows\System32\nYGGOGq.exe
  2⤵
  PID:12284
- C:\Windows\System32\KeYzLIy.exe
  C:\Windows\System32\KeYzLIy.exe
  2⤵
  PID:11632
- C:\Windows\System32\dTBhBFD.exe
  C:\Windows\System32\dTBhBFD.exe
  2⤵
  PID:12028
- C:\Windows\System32\WJlEogc.exe
  C:\Windows\System32\WJlEogc.exe
  2⤵
  PID:4304
- C:\Windows\System32\QmrJeTR.exe
  C:\Windows\System32\QmrJeTR.exe
  2⤵
  PID:11572
- C:\Windows\System32\DAjULMF.exe
  C:\Windows\System32\DAjULMF.exe
  2⤵
  PID:12280
- C:\Windows\System32\mdjMhxx.exe
  C:\Windows\System32\mdjMhxx.exe
  2⤵
  PID:548
- C:\Windows\System32\GorVchl.exe
  C:\Windows\System32\GorVchl.exe
  2⤵
  PID:12316
- C:\Windows\System32\bpWIgKu.exe
  C:\Windows\System32\bpWIgKu.exe
  2⤵
  PID:12344
- C:\Windows\System32\ordacnb.exe
  C:\Windows\System32\ordacnb.exe
  2⤵
  PID:12372
- C:\Windows\System32\SxxEiVo.exe
  C:\Windows\System32\SxxEiVo.exe
  2⤵
  PID:12400
- C:\Windows\System32\QUKYLNH.exe
  C:\Windows\System32\QUKYLNH.exe
  2⤵
  PID:12428
- C:\Windows\System32\bfSwXUS.exe
  C:\Windows\System32\bfSwXUS.exe
  2⤵
  PID:12456
- C:\Windows\System32\elZrAKK.exe
  C:\Windows\System32\elZrAKK.exe
  2⤵
  PID:12492
- C:\Windows\System32\lIgdBxZ.exe
  C:\Windows\System32\lIgdBxZ.exe
  2⤵
  PID:12536
- C:\Windows\System32\hFHJEhJ.exe
  C:\Windows\System32\hFHJEhJ.exe
  2⤵
  PID:12564
- C:\Windows\System32\LVrVrKY.exe
  C:\Windows\System32\LVrVrKY.exe
  2⤵
  PID:12580
- C:\Windows\System32\bSmeOEa.exe
  C:\Windows\System32\bSmeOEa.exe
  2⤵
  PID:12608
- C:\Windows\System32\HEQpTjV.exe
  C:\Windows\System32\HEQpTjV.exe
  2⤵
  PID:12636
- C:\Windows\System32\LUxzKIz.exe
  C:\Windows\System32\LUxzKIz.exe
  2⤵
  PID:12664
- C:\Windows\System32\SuxlFIk.exe
  C:\Windows\System32\SuxlFIk.exe
  2⤵
  PID:12684
- C:\Windows\System32\IKMbWUY.exe
  C:\Windows\System32\IKMbWUY.exe
  2⤵
  PID:12720
- C:\Windows\System32\MFtVMGy.exe
  C:\Windows\System32\MFtVMGy.exe
  2⤵
  PID:12748
- C:\Windows\System32\CmjyJql.exe
  C:\Windows\System32\CmjyJql.exe
  2⤵
  PID:12776
- C:\Windows\System32\tWAOvZU.exe
  C:\Windows\System32\tWAOvZU.exe
  2⤵
  PID:12804
- C:\Windows\System32\EczWVrd.exe
  C:\Windows\System32\EczWVrd.exe
  2⤵
  PID:12832
- C:\Windows\System32\xVCUmBT.exe
  C:\Windows\System32\xVCUmBT.exe
  2⤵
  PID:12860
- C:\Windows\System32\RGSBJQm.exe
  C:\Windows\System32\RGSBJQm.exe
  2⤵
  PID:12888
- C:\Windows\System32\oKYWDnM.exe
  C:\Windows\System32\oKYWDnM.exe
  2⤵
  PID:12928
- C:\Windows\System32\lwZMnwQ.exe
  C:\Windows\System32\lwZMnwQ.exe
  2⤵
  PID:12960
- C:\Windows\System32\HzIuGEh.exe
  C:\Windows\System32\HzIuGEh.exe
  2⤵
  PID:12988
- C:\Windows\System32\TuTQuDn.exe
  C:\Windows\System32\TuTQuDn.exe
  2⤵
  PID:13016
- C:\Windows\System32\MOwbFRK.exe
  C:\Windows\System32\MOwbFRK.exe
  2⤵
  PID:13036
- C:\Windows\System32\AYMiikw.exe
  C:\Windows\System32\AYMiikw.exe
  2⤵
  PID:13072
- C:\Windows\System32\hYouQgX.exe
  C:\Windows\System32\hYouQgX.exe
  2⤵
  PID:13100
- C:\Windows\System32\BrrGpCJ.exe
  C:\Windows\System32\BrrGpCJ.exe
  2⤵
  PID:13136
- C:\Windows\System32\iHEPNzR.exe
  C:\Windows\System32\iHEPNzR.exe
  2⤵
  PID:13156
- C:\Windows\System32\QPOMKaS.exe
  C:\Windows\System32\QPOMKaS.exe
  2⤵
  PID:13184
- C:\Windows\System32\FZpllSB.exe
  C:\Windows\System32\FZpllSB.exe
  2⤵
  PID:13212
- C:\Windows\System32\SPIUYFz.exe
  C:\Windows\System32\SPIUYFz.exe
  2⤵
  PID:13240
- C:\Windows\System32\ppCEzeq.exe
  C:\Windows\System32\ppCEzeq.exe
  2⤵
  PID:13268
- C:\Windows\System32\ehSDKQa.exe
  C:\Windows\System32\ehSDKQa.exe
  2⤵
  PID:13296
- C:\Windows\System32\EblVscj.exe
  C:\Windows\System32\EblVscj.exe
  2⤵
  PID:12308
- C:\Windows\System32\XsAzdON.exe
  C:\Windows\System32\XsAzdON.exe
  2⤵
  PID:12364
- C:\Windows\System32\aevSWFR.exe
  C:\Windows\System32\aevSWFR.exe
  2⤵
  PID:12424
- C:\Windows\System32\WFnAeXg.exe
  C:\Windows\System32\WFnAeXg.exe
  2⤵
  PID:12452
- C:\Windows\System32\ChxdOLL.exe
  C:\Windows\System32\ChxdOLL.exe
  2⤵
  PID:2504
- C:\Windows\System32\YLYMmAg.exe
  C:\Windows\System32\YLYMmAg.exe
  2⤵
  PID:9172
- C:\Windows\System32\ZeOLbxS.exe
  C:\Windows\System32\ZeOLbxS.exe
  2⤵
  PID:9252
- C:\Windows\System32\ZpuReBD.exe
  C:\Windows\System32\ZpuReBD.exe
  2⤵
  PID:12512
- C:\Windows\System32\sudOdwU.exe
  C:\Windows\System32\sudOdwU.exe
  2⤵
  PID:12576
- C:\Windows\System32\kzMzYFU.exe
  C:\Windows\System32\kzMzYFU.exe
  2⤵
  PID:12648
- C:\Windows\System32\SiYKrrk.exe
  C:\Windows\System32\SiYKrrk.exe
  2⤵
  PID:12704

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\FXfmGUi.exe

Filesize
3.4MB

MD5
814eb1a923f9b68caca26c23d2c2bc0c

SHA1
534f7754871ed9dc02262f66fe14714464127720

SHA256
7424ebcc270d15a826517b1ed9b94a271d98b8e1c4eb6f5daf5fd8156b4244d7

SHA512
daef2c222e2111285241da9576e8c80928c08557d86fc38ae4744825f4993df5fd97fe128b480af65c7e9d75e8b3627868606d7692390a0f3bd1631e093f6c0d

Download Submit
C:\Windows\System32\GzOUeDZ.exe

Filesize
3.4MB

MD5
06554b53ef06c553d2330411c0e3abbe

SHA1
3ec6ec744f5acb81cf39b0f7ed1dce9fe302af1f

SHA256
3ad2d58b22df04611edc71b324d809fb2fa50064ecc73a988d4ed20d27ece754

SHA512
4199afb5087d7dd924cf40f2854449e05436a1af9b2ada3e8cfbd662110a53a9b3ea9cd75631fd35c385582b501d2928760c0b2b2fd6735b3c3bcc5fb514c446

Download Submit
C:\Windows\System32\IBAMDeq.exe

Filesize
3.4MB

MD5
dc64c4c9209fd862ca3cef90ab37a5d7

SHA1
cd66a8b94331a0c781da4f0d5cc687019c08bf66

SHA256
2ca1b6fcac63d72cdb9fb42d1faadcd25907215e459521f350dd3e334b480223

SHA512
9d0b6fde3b24c3c0fa7ec5b86e4cca763e977de7a91f453f2661b1779f305359925c6eeda79eb47ef7d2e79c2642b50cae9e2ccefebec73966d1f48f0fa9af8c

Download Submit
C:\Windows\System32\IRlmBji.exe

Filesize
3.4MB

MD5
74785d24358861921a24ca237c816b7e

SHA1
7eabcca5d0e233cfa48c68a3ff35657fbd6f6464

SHA256
192f673d6ef10dd81a83449702bf923d22033d7c5ff0fb9e1a393a787d77041c

SHA512
962610265a2a2ae2f0420dc203e82e9653556e5fe970c3f547a02ecc9fdceb8b46e198f98bc9117d70720f549c84b61ef7ab03e22227040b9e32922a96511d2b

Download Submit
C:\Windows\System32\JpOCdup.exe

Filesize
3.4MB

MD5
81effe40f47e04e56af9126d05e7900c

SHA1
2c5df87404122659114c0344dc57a2dc98411cfc

SHA256
a28f34852e2ee548cdeeec7a688aabe4a09e04313af595453bb74bef6242627f

SHA512
7ad758cdc4dce967176e709fa17b4bb96111ee5392db2fa0ddbe4565dc0a880eb1ecf7d31437cd3198a3a37c41f94269f721f74a1ba445d4513747da3004869c

Download Submit
C:\Windows\System32\KeAxORz.exe

Filesize
3.4MB

MD5
3b9554837555a00fc4ce4da8b1f87837

SHA1
d50e3b29e1157acd4124a14db82f4b19e0dbed8e

SHA256
2dd08c8cb18b9ea6a2c4dcbbdf951e201e81e0d5de693d2fbaa1008dbadb5891

SHA512
f8d9ca1a41ee0c0b0e6d4d6878b54deb7ea8a88f93236c2e1e377767eb485abe80461f7ca7c5aa83135383b0621750349bc9ba0654070bd5636f8d45bb982e21

Download Submit
C:\Windows\System32\LCQCRGC.exe

Filesize
3.4MB

MD5
34e37f2b38f5870db75a0c9a1b3f398f

SHA1
a77ed3b6baced8589a480c6005f325618a14ffeb

SHA256
d413f01e2aa5495ca2ac148d04d7924c83f509563ffea811f62898937d5b872a

SHA512
a7f301bc1f9694e1f8f81503f9c698a8a38a621fc4d47eca8635aef6bf9e7de09a0a3f34e534a66f9b3f8977f49c80ee449ce36484ad8c9ebe7bf38c16914174

Download Submit
C:\Windows\System32\LDYXXjX.exe

Filesize
3.4MB

MD5
19a3d56ea59c90415ebc640ee410f573

SHA1
d1c7e10917ab5de599e66b87c60710e72ac384ff

SHA256
f03d1731e580efb818aacf7510378d1365942408dff2b5c466ebb0e5d03505cc

SHA512
122a7d418e0548780afa390bb747f7554eca7123d4523b051b891271220c511be283b152b68e53dd61791907520704efb6c61b5ae7e50769474d63cd76bead28

Download Submit
C:\Windows\System32\LcCtOHl.exe

Filesize
3.4MB

MD5
8a08157124243249424ee69ee169b14a

SHA1
9b7749b5c8838eb75b3120e4200b4d29dc7497ee

SHA256
12fb88618b04c8d5efe572159c97d67d856b653b87880008b3aa73712d4e1f37

SHA512
1c566eb646e30fc3deb02311c6b252c98acbfc16d42dc343127d2351023b1f11bdbbc3a9cfd47ab907bf1744c53379b06f96e61ebac9bbf9d99f747e22703a83

Download Submit
C:\Windows\System32\NjoCEvm.exe

Filesize
3.4MB

MD5
f318ef688a42c21af952b532afd8f035

SHA1
7271d3e2c0330c3eababeff48403f9fed10f33df

SHA256
26f127634d8407cbbe16772edc7c964cf74fe90d67bb5dac743cf373cad648d8

SHA512
5b58a2debb9926c976137bfb23746eb2fabf33fbe23e5922cb63f6b58899e626dcfa7012702fa27eabab63e214bd986d595cd2168bbccdb102f4b7c4abb7d69f

Download Submit
C:\Windows\System32\OAamtLF.exe

Filesize
3.4MB

MD5
39992ec411d4c836d4dd67e85918261e

SHA1
0fce0499d1f53e80e7fe3ce98580763e054bcfb1

SHA256
f376284de5b5cf357f0baa7502cac87a047abf9f5e62a0231b72e35346315aeb

SHA512
18cfcbab4b0cc785cff67984c3e87d2ffc328b0a6e0f043d7da351b380b4cff2135cb3fa0ba1f35476df7ad2233c8b3948b7de3d6f26d531056d5097cadfa48f

Download Submit
C:\Windows\System32\UYebMmm.exe

Filesize
3.4MB

MD5
51a801fbcfa6e82199ed69afe6d740d9

SHA1
e3497767cf60dd625945ee20a3ef4e9e11af0452

SHA256
43f4a72935c9d1625fcca63511a8fc18677d3978e00cbe094fef9aebecce39f1

SHA512
c33f203702654724f9c65c02815861124502d8ed64dae253bf96eb586e315b20811ccfbe7165726d14c6da29c7bdb6f23c8253eebed6dfbb1619f1ba52116794

Download Submit
C:\Windows\System32\WlEVAKl.exe

Filesize
3.4MB

MD5
77215cb4d86c1c7266a30db5e9ec2d3a

SHA1
af6a2718310e8ff1b01d0f07a8983093a726fff5

SHA256
dc8ffed80947cd011c1bfce406ac836139a13e2b49d269e1a11ae6b12e3469a2

SHA512
de9322c763ed03a852c902447ae2a5b9ac2e584ab9325fffdcd0e55a03b66d0bc1730b664ebab2157d8563881bd32fca80f6c61692859a1217b6f23c8c2cd06a

Download Submit
C:\Windows\System32\XARISWU.exe

Filesize
3.4MB

MD5
c6d50bf46633f1be32be45869f449644

SHA1
46423740e61d16c750c508e6cedb4cfa21985ddd

SHA256
2c058d0e919219b55ea4cffd33afb9aa06a04b19c43723d0e2b6ff30f7f1a305

SHA512
033f67c22f458315a8a1a5e06ca1f52f6216c20b062b76a1561c9f5f60ea39ed5dc334c0abbb17b8ab7f234301132c4b7a1b6ff86da89759e8247f75b4230a26

Download Submit
C:\Windows\System32\YuRTHjd.exe

Filesize
3.4MB

MD5
7ce99789fd80e31f18a743458abd1a1f

SHA1
27f8bad766b4ca5b73ccf79b1e6d8d396136f857

SHA256
41a8aa90d270916eaf3a3280cf366489a58e1248d757ca6332ee13f7a7dcdf9f

SHA512
2f8ed26fd5cb56aae44bc4d679bfc3fd9f1976b18cd25fd63fd406630f80d589aee419a782f260d83ad7e8de628b9fc132707f5279d19a16cf1ebe7c4c5a1af3

Download Submit
C:\Windows\System32\aRRgOGT.exe

Filesize
3.4MB

MD5
ce7cc8d69b574b2cb98cd33fcfcb1b4c

SHA1
73e14dcb424cd5678e9aea6d1f2dce329ff5707a

SHA256
b849ba9f4c7a5a5605e17d70956e0464bf011ef19c8ccee190887e017eba1352

SHA512
ce9d2b69c809d89c94f0fdf00d5fe533f8edad5a4858986c707b1c99b6782bd5d689af728905e89bd6f5b04df5bcf7cbf7dd1815c304d9db1f6d26fef52d4cb7

Download Submit
C:\Windows\System32\bRiiuwn.exe

Filesize
3.4MB

MD5
4dba230965ce67ab287a803d594f4106

SHA1
aff2068ffe5c2f684088116faafc325dbe843a09

SHA256
9a6ba1be61ce31a425d530c041d51c55dc42166844a08796fbbc31ab56a88a26

SHA512
cff14c92a7f9139a641c889fb3025440136e86b7d3019ea7564ac6f45cc3fbdb8edc3724fea1a61f8047d7f5cf06105a508ae47271aaa140f72613f8607bad54

Download Submit
C:\Windows\System32\cNQqBop.exe

Filesize
3.4MB

MD5
21abe9743b7c6748792262c059239b5e

SHA1
c34a22d315385df3ece0074ae3f3b2bdaa4cd1a3

SHA256
1e0e2416bd449f9c5691cf28d25378c00fe25517cc7b347df007c1a79393bb17

SHA512
53a4ab14d284a808a3740bc6ac5a33762171b70a08b6dcef0be0ec1b37750832f9957af4810b90ae0d3890909c821dfc3dadeb2d82e6a82a0e9becf429582f5f

Download Submit
C:\Windows\System32\cklxNIg.exe

Filesize
3.4MB

MD5
b9897fd8ef937686db30b3210cfcb7df

SHA1
5b80d5efdb30651f6764f223971e97b492e967f2

SHA256
94eaf257bdf91f19899484ecab2a1076d4e5c6641949b3f6aeca8519b0dc283b

SHA512
58c353496e3116d46761af927d4f130871baa30ccaa75de90c9ad294d134d7de0047ec1f418e13ee4695952e1a26bf8bc16b8dd2d1df6c509267d736184a9efe

Download Submit
C:\Windows\System32\dSvdSDM.exe

Filesize
3.4MB

MD5
4dfc0aa1b46416b05592c95409e4fc04

SHA1
316073605ff9b9690c4112a937b5a6b4d9f9c41e

SHA256
ebf1a30696ff1a86c51f6db193126e8a1a3d572c9fcd7286a8d6441222765d1e

SHA512
f13cef531c3803e209c76f634579ced3e02e6fc4adbfdec1a914433909962a26ccf052f858617a833caff8ba33e9f61df4bcd6c7ac1f13da7cef237c21666dff

Download Submit
C:\Windows\System32\gDrQxZj.exe

Filesize
3.4MB

MD5
9417a38c02944f2ace3d63397af78950

SHA1
fc91de4c5b8bd3b1bf1981e7320ba789817dc245

SHA256
ebb0afdb7a59375942276b61a2406420e7f5ba6200710b68617f8bd082c8a17c

SHA512
4221c2f5acf582661e65d060673aa40aa9916c1f44c858fb8e4b97d79937873a7d2856f61dc0bf9f562bd8373da52ed1dca9f4ac62df18be6fd8186a4f8ea170

Download Submit
C:\Windows\System32\iDnwBED.exe

Filesize
3.4MB

MD5
63a0bb006c1848e43f4012a32a209f57

SHA1
e5c3bc317785a77746152fc290753139852721f2

SHA256
137291c2eb9ce51399ebcdb08643f7d89cc9ab1f0369a9c1bdbaf354894aca05

SHA512
98d3133828373c2276463ba3482ec8bcd8b1190fc07a0a7ebb1da6e190a1225904d3aedd5434f2a844054d1059124b7d382251a599ad16224d5b7f834848abaf

Download Submit
C:\Windows\System32\iQcEDwD.exe

Filesize
3.4MB

MD5
9f47624c8ba0c3fe017ac5a946bc8cd7

SHA1
1917caa6c0b0ed1d6dbafe9f68f958239bb43967

SHA256
8339488c2c93be7e164a322baa4dda1daf39aac7163da223a4f78a841faaf126

SHA512
c9b3f45d7dd2097d0c140a26b39ab0b961025566f2e9b880dfa2d6eb11aa4f17f719bb073a0e27db1ed6d4c5a824f9a8805cfbb9ca7ce3ac3413c56b7ee68b05

Download Submit
C:\Windows\System32\jvyqjzQ.exe

Filesize
3.4MB

MD5
24da797b5a1744d9859a6a92a1032904

SHA1
e6092a602c77b172b91cb6cc11b7f59e1780fc62

SHA256
a14dd9c0e2f4f252fac64f8f9ed0350d02a78c9fe148fe351eb7e7b3192c3403

SHA512
ca60f3aa64b07ed7e6b8ef746abe47992d265a4ed1eeecc5a0d268f5c3b46440d3b7d63ac002b90a4c42d3f5997bd799d3d969f586167e5a75f87d21e9df134f

Download Submit
C:\Windows\System32\ntoNUix.exe

Filesize
3.4MB

MD5
4f2a3caea10e88930ffd8f650a7224e2

SHA1
6300c40c2d56d53e1b2187f350f59ffa712f4cff

SHA256
998aa385a07172fb94abb45488d8c9a9063cdb21516c88e3bde08b6e4456a853

SHA512
16c1db67b3902653ff749f293d30480da9345ec84d3cd2d79fd7d75459f09bce11e39cb622cdf89782cd35070925ddaac0702822bba1f952889d635b2985ca55

Download Submit
C:\Windows\System32\owpNJMQ.exe

Filesize
3.4MB

MD5
d9fc7a47505f3bdd10708f692350ae4f

SHA1
e23671d48b0ea73ede03f56682cc730d7025b9f6

SHA256
8b8bd6cf858b2ecfbc275fa5b65f66748be99ba9ed44e256584599b060200587

SHA512
566e099061f539f3be33395b47e288af1af195495a60bd7d2dd7d102b1e07689039bcdc5ce46653543f85a8676d633c18101756658b4370bea1128bbb9d1f2a6

Download Submit
C:\Windows\System32\psaHQII.exe

Filesize
3.4MB

MD5
969ee097b85916934fa72bf202a46a20

SHA1
d12a86a5224a28bb48b26599d565d8467eb2957c

SHA256
06b9037bf83e2b6e342d2e722d36bf4a70a89a5ed53115e0b76454934d8d496d

SHA512
0ffcd6037d7aac3f25d4055e480ee7a30d0a660c6d9dd49b745dc840820fd50d3cd6eb87b01ac9fde7f4908d3ff86c795dcebd2dee358527869fea414b73ed89

Download Submit
C:\Windows\System32\qYdSBdz.exe

Filesize
3.4MB

MD5
69e6e3d47000ceb6a46d893f5e50f618

SHA1
1557401532de5832a88ad26b496b32b388dd6c04

SHA256
57b5a599378f3f5c4cc3aba8c5cc180764c6846075e195a9ea68206005a4547a

SHA512
8e59010c5ef527d11611624b77135be3a306291ae92a28443077c0816737aee4fcb5370fd1fc4fd7b4df50f374f4ebf84785d5c66be23ca02f254f8268444118

Download Submit
C:\Windows\System32\tTkBCDi.exe

Filesize
3.4MB

MD5
009de68e39650368ca19533c86f16bdb

SHA1
703d95de38702f90cbaa01cd471bba7767197c58

SHA256
69e9b6d9c0d7530aba8d3febb8f3b06595b7adad254b15f49f12f9d3e6c13684

SHA512
c0e2079dc8d2af9212d9d1b960fa13d884d60f4a2bde15ef011e264913c2b0dc01a32200a74b354d928e307b586f86a1f3f0d5f5c434371b6e7ce28fcd00c11c

Download Submit
C:\Windows\System32\uaddHkQ.exe

Filesize
3.4MB

MD5
55312cd7c45f450085626e895d3727d7

SHA1
6f30398b4527a3947f830f5a42baec0a9b2d1dbb

SHA256
5a43ae0d45678bd8b7eb41dec02153da7e8c060781384614c820ccafe00921eb

SHA512
656e87bdebede675df99e0f6435ebb3fedfb5d05534788585699cc3e9481142b75fb1656a488982928e4b5566c79c3f2a83df207191a87ecb8105067e557082b

Download Submit
C:\Windows\System32\wzLcIWk.exe

Filesize
3.4MB

MD5
b4d378c6cdbd5d88d52aaa5ca170082e

SHA1
089943d5a944ae3d5175a98f19a5bc58a9e22df4

SHA256
95054e59928c788255f27eb3f3d50e020e5da95bf946be7ea14c6fb85d5ddee2

SHA512
6a5e374c16a0bbf74f97118be5829ebe412a4cbba7dc147fcd6e94caa2d341cf76fe3995465cb2cfeb15d1798ef3f4dcb9368e1dca1c018b570d2dc6fd751e86

Download Submit
C:\Windows\System32\zQDommU.exe

Filesize
3.4MB

MD5
9e6b060df5430b96ff32e6bf48bf44a0

SHA1
425bcb7124e7a328f91aa923fba8d571e0f79b92

SHA256
3a9fe1bc0dc8abcd6ccaf56dbee6048ed7ad7bc7c137dd401d46b66cd71a03cd

SHA512
0e57bdae2164eeb54ca150cd7c6ac84435bddb4080ea252ec09b02ea121390f06ac6b14e2a9ad76f9e6f75947e3a8d8d9daf48830ea9efb44e8aed819b683e46

Download Submit
C:\Windows\System32\zoMmupi.exe

Filesize
3.4MB

MD5
0bd0d8efcb948a5e7b1bc9f875a3b9ef

SHA1
973674d411f1ccf1fdafc66831faa24b63820040

SHA256
471aede10f7e1d3bce092413b20efb6300830cde9159376c585ad8dcdd93df50

SHA512
c7b04ca9dfec27a780b20258332078b05cc32d421bb1ac074ae7dc4022d8b3e3948e9be2bacdad80e2759b7f4826f008afe0647e185935433a1acc68171b42e6

Download Submit
memory/208-740-0x00007FF6C0460000-0x00007FF6C0855000-memory.dmp

Filesize
4.0MB

Download
memory/208-1909-0x00007FF6C0460000-0x00007FF6C0855000-memory.dmp

Filesize
4.0MB

Download
memory/216-1906-0x00007FF7BCBB0000-0x00007FF7BCFA5000-memory.dmp

Filesize
4.0MB

Download
memory/216-742-0x00007FF7BCBB0000-0x00007FF7BCFA5000-memory.dmp

Filesize
4.0MB

Download
memory/220-1914-0x00007FF700EA0000-0x00007FF701295000-memory.dmp

Filesize
4.0MB

Download
memory/220-765-0x00007FF700EA0000-0x00007FF701295000-memory.dmp

Filesize
4.0MB

Download
memory/952-738-0x00007FF613650000-0x00007FF613A45000-memory.dmp

Filesize
4.0MB

Download
memory/952-1899-0x00007FF613650000-0x00007FF613A45000-memory.dmp

Filesize
4.0MB

Download
memory/1216-744-0x00007FF64F510000-0x00007FF64F905000-memory.dmp

Filesize
4.0MB

Download
memory/1216-1907-0x00007FF64F510000-0x00007FF64F905000-memory.dmp

Filesize
4.0MB

Download
memory/1304-775-0x00007FF7B2130000-0x00007FF7B2525000-memory.dmp

Filesize
4.0MB

Download
memory/1304-1912-0x00007FF7B2130000-0x00007FF7B2525000-memory.dmp

Filesize
4.0MB

Download
memory/1352-739-0x00007FF701DC0000-0x00007FF7021B5000-memory.dmp

Filesize
4.0MB

Download
memory/1352-1915-0x00007FF701DC0000-0x00007FF7021B5000-memory.dmp

Filesize
4.0MB

Download
memory/1956-796-0x00007FF7ADD70000-0x00007FF7AE165000-memory.dmp

Filesize
4.0MB

Download
memory/1956-1896-0x00007FF7ADD70000-0x00007FF7AE165000-memory.dmp

Filesize
4.0MB

Download
memory/2188-28-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp

Filesize
4.0MB

Download
memory/2188-1894-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp

Filesize
4.0MB

Download
memory/2188-1891-0x00007FF778DC0000-0x00007FF7791B5000-memory.dmp

Filesize
4.0MB

Download
memory/2320-1-0x00000133D0C70000-0x00000133D0C80000-memory.dmp

Filesize
64KB

Download
memory/2320-0-0x00007FF6FAA90000-0x00007FF6FAE85000-memory.dmp

Filesize
4.0MB

Download
memory/2440-769-0x00007FF7D9A90000-0x00007FF7D9E85000-memory.dmp

Filesize
4.0MB

Download
memory/2440-1905-0x00007FF7D9A90000-0x00007FF7D9E85000-memory.dmp

Filesize
4.0MB

Download
memory/2724-756-0x00007FF62A410000-0x00007FF62A805000-memory.dmp

Filesize
4.0MB

Download
memory/2724-1903-0x00007FF62A410000-0x00007FF62A805000-memory.dmp

Filesize
4.0MB

Download
memory/2792-790-0x00007FF79A4A0000-0x00007FF79A895000-memory.dmp

Filesize
4.0MB

Download
memory/2792-1910-0x00007FF79A4A0000-0x00007FF79A895000-memory.dmp

Filesize
4.0MB

Download
memory/2900-1898-0x00007FF7DC6A0000-0x00007FF7DCA95000-memory.dmp

Filesize
4.0MB

Download
memory/2900-800-0x00007FF7DC6A0000-0x00007FF7DCA95000-memory.dmp

Filesize
4.0MB

Download
memory/3120-785-0x00007FF653BE0000-0x00007FF653FD5000-memory.dmp

Filesize
4.0MB

Download
memory/3120-1902-0x00007FF653BE0000-0x00007FF653FD5000-memory.dmp

Filesize
4.0MB

Download
memory/3176-735-0x00007FF7960A0000-0x00007FF796495000-memory.dmp

Filesize
4.0MB

Download
memory/3176-1897-0x00007FF7960A0000-0x00007FF796495000-memory.dmp

Filesize
4.0MB

Download
memory/3456-1913-0x00007FF7B0470000-0x00007FF7B0865000-memory.dmp

Filesize
4.0MB

Download
memory/3456-771-0x00007FF7B0470000-0x00007FF7B0865000-memory.dmp

Filesize
4.0MB

Download
memory/3516-743-0x00007FF666520000-0x00007FF666915000-memory.dmp

Filesize
4.0MB

Download
memory/3516-1908-0x00007FF666520000-0x00007FF666915000-memory.dmp

Filesize
4.0MB

Download
memory/3572-751-0x00007FF6E4EB0000-0x00007FF6E52A5000-memory.dmp

Filesize
4.0MB

Download
memory/3572-1904-0x00007FF6E4EB0000-0x00007FF6E52A5000-memory.dmp

Filesize
4.0MB

Download
memory/3580-1893-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp

Filesize
4.0MB

Download
memory/3580-1890-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp

Filesize
4.0MB

Download
memory/3580-16-0x00007FF6FA8D0000-0x00007FF6FACC5000-memory.dmp

Filesize
4.0MB

Download
memory/3668-10-0x00007FF794850000-0x00007FF794C45000-memory.dmp

Filesize
4.0MB

Download
memory/3668-1892-0x00007FF794850000-0x00007FF794C45000-memory.dmp

Filesize
4.0MB

Download
memory/3668-1889-0x00007FF794850000-0x00007FF794C45000-memory.dmp

Filesize
4.0MB

Download
memory/4652-1911-0x00007FF611D10000-0x00007FF612105000-memory.dmp

Filesize
4.0MB

Download
memory/4652-782-0x00007FF611D10000-0x00007FF612105000-memory.dmp

Filesize
4.0MB

Download
memory/5000-1901-0x00007FF642B60000-0x00007FF642F55000-memory.dmp

Filesize
4.0MB

Download
memory/5000-741-0x00007FF642B60000-0x00007FF642F55000-memory.dmp

Filesize
4.0MB

Download
memory/5076-1895-0x00007FF62D3D0000-0x00007FF62D7C5000-memory.dmp

Filesize
4.0MB

Download
memory/5076-737-0x00007FF62D3D0000-0x00007FF62D7C5000-memory.dmp

Filesize
4.0MB

Download
memory/5112-1900-0x00007FF7A9990000-0x00007FF7A9D85000-memory.dmp

Filesize
4.0MB

Download
memory/5112-736-0x00007FF7A9990000-0x00007FF7A9D85000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads