xmrig | 04a6d1da0d2109656df2b0f226eb1840c3e71424b8835cd567e8f83d24187fa7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

099d341dd8586080786cf867eb4e9cb0N.exe
Size

2.4MB
MD5

099d341dd8586080786cf867eb4e9cb0
SHA1

3203745997464333d9db6db23671144d8f7a501f
SHA256

04a6d1da0d2109656df2b0f226eb1840c3e71424b8835cd567e8f83d24187fa7
SHA512

faae54211708e611a568f8e8297c95c98cd8372b0aaf4e2beb6bd5e717a1c035bb24213fff41f942031587df5071a587085d3b26033cc620778c0f98b8c88d35
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQwNGyX687xWHMTnd39P:oemTLkNdfE0pZrQo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/944-0-0x00007FF73F480000-0x00007FF73F7D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000232e2-5.dat	xmrig
behavioral2/files/0x000700000002347f-10.dat	xmrig
behavioral2/memory/4980-8-0x00007FF622060000-0x00007FF6223B4000-memory.dmp	xmrig
behavioral2/files/0x000800000002347e-12.dat	xmrig
behavioral2/files/0x0007000000023481-26.dat	xmrig
behavioral2/files/0x0007000000023482-29.dat	xmrig
behavioral2/files/0x0007000000023484-42.dat	xmrig
behavioral2/files/0x0007000000023486-52.dat	xmrig
behavioral2/files/0x000700000002348a-69.dat	xmrig
behavioral2/files/0x000700000002348d-90.dat	xmrig
behavioral2/files/0x0007000000023490-104.dat	xmrig
behavioral2/files/0x0007000000023493-116.dat	xmrig
behavioral2/files/0x0007000000023495-130.dat	xmrig
behavioral2/files/0x0007000000023499-146.dat	xmrig
behavioral2/files/0x000700000002349c-164.dat	xmrig
behavioral2/memory/4104-701-0x00007FF7F7C50000-0x00007FF7F7FA4000-memory.dmp	xmrig
behavioral2/memory/4156-702-0x00007FF772260000-0x00007FF7725B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002349b-160.dat	xmrig
behavioral2/files/0x000700000002349a-154.dat	xmrig
behavioral2/files/0x0007000000023498-144.dat	xmrig
behavioral2/files/0x0007000000023497-140.dat	xmrig
behavioral2/files/0x0007000000023496-134.dat	xmrig
behavioral2/files/0x0007000000023494-124.dat	xmrig
behavioral2/files/0x0007000000023492-114.dat	xmrig
behavioral2/files/0x0007000000023491-110.dat	xmrig
behavioral2/files/0x000700000002348f-100.dat	xmrig
behavioral2/files/0x000700000002348e-94.dat	xmrig
behavioral2/files/0x000700000002348c-84.dat	xmrig
behavioral2/files/0x000700000002348b-80.dat	xmrig
behavioral2/files/0x0007000000023489-70.dat	xmrig
behavioral2/files/0x0007000000023488-64.dat	xmrig
behavioral2/files/0x0007000000023487-57.dat	xmrig
behavioral2/files/0x0007000000023485-47.dat	xmrig
behavioral2/files/0x0007000000023483-37.dat	xmrig
behavioral2/files/0x0007000000023480-22.dat	xmrig
behavioral2/memory/2052-703-0x00007FF6FC770000-0x00007FF6FCAC4000-memory.dmp	xmrig
behavioral2/memory/3200-704-0x00007FF70EEA0000-0x00007FF70F1F4000-memory.dmp	xmrig
behavioral2/memory/2928-705-0x00007FF702920000-0x00007FF702C74000-memory.dmp	xmrig
behavioral2/memory/4880-706-0x00007FF7407D0000-0x00007FF740B24000-memory.dmp	xmrig
behavioral2/memory/4948-707-0x00007FF76C090000-0x00007FF76C3E4000-memory.dmp	xmrig
behavioral2/memory/808-708-0x00007FF7163A0000-0x00007FF7166F4000-memory.dmp	xmrig
behavioral2/memory/1888-709-0x00007FF7FEE00000-0x00007FF7FF154000-memory.dmp	xmrig
behavioral2/memory/4364-712-0x00007FF7C96E0000-0x00007FF7C9A34000-memory.dmp	xmrig
behavioral2/memory/2564-718-0x00007FF7D2610000-0x00007FF7D2964000-memory.dmp	xmrig
behavioral2/memory/216-722-0x00007FF709ED0000-0x00007FF70A224000-memory.dmp	xmrig
behavioral2/memory/2036-766-0x00007FF64CA50000-0x00007FF64CDA4000-memory.dmp	xmrig
behavioral2/memory/1060-770-0x00007FF7D1C20000-0x00007FF7D1F74000-memory.dmp	xmrig
behavioral2/memory/2248-776-0x00007FF686EA0000-0x00007FF6871F4000-memory.dmp	xmrig
behavioral2/memory/2624-783-0x00007FF65DFA0000-0x00007FF65E2F4000-memory.dmp	xmrig
behavioral2/memory/1832-800-0x00007FF644A50000-0x00007FF644DA4000-memory.dmp	xmrig
behavioral2/memory/4936-795-0x00007FF724A90000-0x00007FF724DE4000-memory.dmp	xmrig
behavioral2/memory/3756-790-0x00007FF7321E0000-0x00007FF732534000-memory.dmp	xmrig
behavioral2/memory/3720-784-0x00007FF627B30000-0x00007FF627E84000-memory.dmp	xmrig
behavioral2/memory/2332-780-0x00007FF640970000-0x00007FF640CC4000-memory.dmp	xmrig
behavioral2/memory/4596-775-0x00007FF799410000-0x00007FF799764000-memory.dmp	xmrig
behavioral2/memory/2996-771-0x00007FF619BC0000-0x00007FF619F14000-memory.dmp	xmrig
behavioral2/memory/3512-760-0x00007FF7C86B0000-0x00007FF7C8A04000-memory.dmp	xmrig
behavioral2/memory/4472-746-0x00007FF7E1190000-0x00007FF7E14E4000-memory.dmp	xmrig
behavioral2/memory/116-741-0x00007FF74A4B0000-0x00007FF74A804000-memory.dmp	xmrig
behavioral2/memory/2032-730-0x00007FF7749C0000-0x00007FF774D14000-memory.dmp	xmrig
behavioral2/memory/3708-727-0x00007FF7B1C30000-0x00007FF7B1F84000-memory.dmp	xmrig
behavioral2/memory/4980-2160-0x00007FF622060000-0x00007FF6223B4000-memory.dmp	xmrig
behavioral2/memory/4104-2161-0x00007FF7F7C50000-0x00007FF7F7FA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4980	vqThtFH.exe
4104	AsxvSIn.exe
1832	iVlClYB.exe
4156	iEBspCU.exe
2052	BeBKftk.exe
3200	xPfNKPR.exe
2928	wZUzMhv.exe
4880	MONqzvT.exe
4948	hMyohJn.exe
808	rcQQLSb.exe
1888	dYuLXgI.exe
4364	kTrrfiQ.exe
2564	yAEKQsk.exe
216	lKByeWz.exe
3708	OLEQaKe.exe
2032	cHLUnZW.exe
116	hvTFMQV.exe
4472	qRanGnp.exe
3512	zTHQWEN.exe
2036	SVEGhWh.exe
1060	awBKXgN.exe
2996	IvaVYyV.exe
4596	UBmHwGf.exe
2248	NpxQxVe.exe
2332	kgDeodN.exe
2624	uCRTvem.exe
3720	XLEOqFQ.exe
3756	deWApfd.exe
4936	jlNyWid.exe
2464	vUVMWHh.exe
4832	JmjYLLH.exe
2324	qbovSbx.exe
4136	AuyOfpD.exe
4040	cMajWcO.exe
676	ZhrORhY.exe
3628	oIWRqGQ.exe
5112	WadIyMO.exe
3728	KJOhCdj.exe
4552	SDSQXbD.exe
768	shqxQQS.exe
1272	MkZQahf.exe
3280	jpCMMbU.exe
2428	KUkIzXZ.exe
4400	jOBhrGk.exe
2964	fEYKxyP.exe
5080	LCvVLqN.exe
2308	guENbCL.exe
4640	ASluDlp.exe
4968	wEErkSp.exe
2960	cTrtiMX.exe
1812	hJCMTUd.exe
3124	iakmyQV.exe
4448	UCxtuqm.exe
4428	ymxlHlb.exe
2932	TOdyygY.exe
3128	XFaCdkx.exe
4824	HqOYvqc.exe
2008	boRmGZJ.exe
2512	tQeLwuH.exe
2236	bjwDZFQ.exe
4952	LbhNLhQ.exe
4220	azdPxfj.exe
2212	bjwFyYJ.exe
208	QkudlXD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/944-0-0x00007FF73F480000-0x00007FF73F7D4000-memory.dmp	upx
behavioral2/files/0x00070000000232e2-5.dat	upx
behavioral2/files/0x000700000002347f-10.dat	upx
behavioral2/memory/4980-8-0x00007FF622060000-0x00007FF6223B4000-memory.dmp	upx
behavioral2/files/0x000800000002347e-12.dat	upx
behavioral2/files/0x0007000000023481-26.dat	upx
behavioral2/files/0x0007000000023482-29.dat	upx
behavioral2/files/0x0007000000023484-42.dat	upx
behavioral2/files/0x0007000000023486-52.dat	upx
behavioral2/files/0x000700000002348a-69.dat	upx
behavioral2/files/0x000700000002348d-90.dat	upx
behavioral2/files/0x0007000000023490-104.dat	upx
behavioral2/files/0x0007000000023493-116.dat	upx
behavioral2/files/0x0007000000023495-130.dat	upx
behavioral2/files/0x0007000000023499-146.dat	upx
behavioral2/files/0x000700000002349c-164.dat	upx
behavioral2/memory/4104-701-0x00007FF7F7C50000-0x00007FF7F7FA4000-memory.dmp	upx
behavioral2/memory/4156-702-0x00007FF772260000-0x00007FF7725B4000-memory.dmp	upx
behavioral2/files/0x000700000002349b-160.dat	upx
behavioral2/files/0x000700000002349a-154.dat	upx
behavioral2/files/0x0007000000023498-144.dat	upx
behavioral2/files/0x0007000000023497-140.dat	upx
behavioral2/files/0x0007000000023496-134.dat	upx
behavioral2/files/0x0007000000023494-124.dat	upx
behavioral2/files/0x0007000000023492-114.dat	upx
behavioral2/files/0x0007000000023491-110.dat	upx
behavioral2/files/0x000700000002348f-100.dat	upx
behavioral2/files/0x000700000002348e-94.dat	upx
behavioral2/files/0x000700000002348c-84.dat	upx
behavioral2/files/0x000700000002348b-80.dat	upx
behavioral2/files/0x0007000000023489-70.dat	upx
behavioral2/files/0x0007000000023488-64.dat	upx
behavioral2/files/0x0007000000023487-57.dat	upx
behavioral2/files/0x0007000000023485-47.dat	upx
behavioral2/files/0x0007000000023483-37.dat	upx
behavioral2/files/0x0007000000023480-22.dat	upx
behavioral2/memory/2052-703-0x00007FF6FC770000-0x00007FF6FCAC4000-memory.dmp	upx
behavioral2/memory/3200-704-0x00007FF70EEA0000-0x00007FF70F1F4000-memory.dmp	upx
behavioral2/memory/2928-705-0x00007FF702920000-0x00007FF702C74000-memory.dmp	upx
behavioral2/memory/4880-706-0x00007FF7407D0000-0x00007FF740B24000-memory.dmp	upx
behavioral2/memory/4948-707-0x00007FF76C090000-0x00007FF76C3E4000-memory.dmp	upx
behavioral2/memory/808-708-0x00007FF7163A0000-0x00007FF7166F4000-memory.dmp	upx
behavioral2/memory/1888-709-0x00007FF7FEE00000-0x00007FF7FF154000-memory.dmp	upx
behavioral2/memory/4364-712-0x00007FF7C96E0000-0x00007FF7C9A34000-memory.dmp	upx
behavioral2/memory/2564-718-0x00007FF7D2610000-0x00007FF7D2964000-memory.dmp	upx
behavioral2/memory/216-722-0x00007FF709ED0000-0x00007FF70A224000-memory.dmp	upx
behavioral2/memory/2036-766-0x00007FF64CA50000-0x00007FF64CDA4000-memory.dmp	upx
behavioral2/memory/1060-770-0x00007FF7D1C20000-0x00007FF7D1F74000-memory.dmp	upx
behavioral2/memory/2248-776-0x00007FF686EA0000-0x00007FF6871F4000-memory.dmp	upx
behavioral2/memory/2624-783-0x00007FF65DFA0000-0x00007FF65E2F4000-memory.dmp	upx
behavioral2/memory/1832-800-0x00007FF644A50000-0x00007FF644DA4000-memory.dmp	upx
behavioral2/memory/4936-795-0x00007FF724A90000-0x00007FF724DE4000-memory.dmp	upx
behavioral2/memory/3756-790-0x00007FF7321E0000-0x00007FF732534000-memory.dmp	upx
behavioral2/memory/3720-784-0x00007FF627B30000-0x00007FF627E84000-memory.dmp	upx
behavioral2/memory/2332-780-0x00007FF640970000-0x00007FF640CC4000-memory.dmp	upx
behavioral2/memory/4596-775-0x00007FF799410000-0x00007FF799764000-memory.dmp	upx
behavioral2/memory/2996-771-0x00007FF619BC0000-0x00007FF619F14000-memory.dmp	upx
behavioral2/memory/3512-760-0x00007FF7C86B0000-0x00007FF7C8A04000-memory.dmp	upx
behavioral2/memory/4472-746-0x00007FF7E1190000-0x00007FF7E14E4000-memory.dmp	upx
behavioral2/memory/116-741-0x00007FF74A4B0000-0x00007FF74A804000-memory.dmp	upx
behavioral2/memory/2032-730-0x00007FF7749C0000-0x00007FF774D14000-memory.dmp	upx
behavioral2/memory/3708-727-0x00007FF7B1C30000-0x00007FF7B1F84000-memory.dmp	upx
behavioral2/memory/4980-2160-0x00007FF622060000-0x00007FF6223B4000-memory.dmp	upx
behavioral2/memory/4104-2161-0x00007FF7F7C50000-0x00007FF7F7FA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dxXIbyV.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\qCyDZnx.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\PKffwEV.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\xWGZbxL.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\RlxhJQY.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\tdnEhHu.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\hCgEMAN.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\qOTjGnc.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\EJuhVCw.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\RutCKKg.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\QxcvZJB.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\XFaCdkx.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\jLJtayT.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\eqDBggQ.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\kYMvOGg.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\WErGJKP.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\OLEQaKe.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\RVNDRDl.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\XBCPbaM.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\FQywdec.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\HUtebEX.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\otUOdUM.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\zKgBSjl.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\BSfRUOh.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\IrconYU.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\nylvHzD.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\XPQkLry.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\CBmKXMX.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\ImngGVW.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\mUkUDFZ.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\iLTYHwX.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\tOFCGxw.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\uZBAFcV.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\MsBVjKo.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\bLVoUOH.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\kZhZaKJ.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\bzbwrWJ.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\GaiJkqp.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\SMtCpFK.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\xXNuwZu.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\trkUxYD.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\LfSFQBl.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\ytCSard.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\GnQcBwH.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\HqOYvqc.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\bjwFyYJ.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\mgRBivp.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\AFKcWWg.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\gOigTnz.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\jARrOSF.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\HKzUWZd.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\hoQFKLe.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\EUczjTE.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\OgqJWmX.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\guENbCL.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\ijRuZMN.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\LxxTHVR.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\XdOqWyj.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\RUlMftG.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\PTauTdw.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\PEakYal.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\vnDrAHh.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\bOmvMSg.exe	099d341dd8586080786cf867eb4e9cb0N.exe
File created	C:\Windows\System\AwsnmRK.exe	099d341dd8586080786cf867eb4e9cb0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13972	dwm.exe
Token: SeChangeNotifyPrivilege	13972	dwm.exe
Token: 33	13972	dwm.exe
Token: SeIncBasePriorityPrivilege	13972	dwm.exe
Token: SeShutdownPrivilege	13972	dwm.exe
Token: SeCreatePagefilePrivilege	13972	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 4980	944	099d341dd8586080786cf867eb4e9cb0N.exe	83
PID 944 wrote to memory of 4980	944	099d341dd8586080786cf867eb4e9cb0N.exe	83
PID 944 wrote to memory of 4104	944	099d341dd8586080786cf867eb4e9cb0N.exe	84
PID 944 wrote to memory of 4104	944	099d341dd8586080786cf867eb4e9cb0N.exe	84
PID 944 wrote to memory of 1832	944	099d341dd8586080786cf867eb4e9cb0N.exe	85
PID 944 wrote to memory of 1832	944	099d341dd8586080786cf867eb4e9cb0N.exe	85
PID 944 wrote to memory of 4156	944	099d341dd8586080786cf867eb4e9cb0N.exe	86
PID 944 wrote to memory of 4156	944	099d341dd8586080786cf867eb4e9cb0N.exe	86
PID 944 wrote to memory of 2052	944	099d341dd8586080786cf867eb4e9cb0N.exe	88
PID 944 wrote to memory of 2052	944	099d341dd8586080786cf867eb4e9cb0N.exe	88
PID 944 wrote to memory of 3200	944	099d341dd8586080786cf867eb4e9cb0N.exe	89
PID 944 wrote to memory of 3200	944	099d341dd8586080786cf867eb4e9cb0N.exe	89
PID 944 wrote to memory of 2928	944	099d341dd8586080786cf867eb4e9cb0N.exe	90
PID 944 wrote to memory of 2928	944	099d341dd8586080786cf867eb4e9cb0N.exe	90
PID 944 wrote to memory of 4880	944	099d341dd8586080786cf867eb4e9cb0N.exe	91
PID 944 wrote to memory of 4880	944	099d341dd8586080786cf867eb4e9cb0N.exe	91
PID 944 wrote to memory of 4948	944	099d341dd8586080786cf867eb4e9cb0N.exe	92
PID 944 wrote to memory of 4948	944	099d341dd8586080786cf867eb4e9cb0N.exe	92
PID 944 wrote to memory of 808	944	099d341dd8586080786cf867eb4e9cb0N.exe	93
PID 944 wrote to memory of 808	944	099d341dd8586080786cf867eb4e9cb0N.exe	93
PID 944 wrote to memory of 1888	944	099d341dd8586080786cf867eb4e9cb0N.exe	94
PID 944 wrote to memory of 1888	944	099d341dd8586080786cf867eb4e9cb0N.exe	94
PID 944 wrote to memory of 4364	944	099d341dd8586080786cf867eb4e9cb0N.exe	95
PID 944 wrote to memory of 4364	944	099d341dd8586080786cf867eb4e9cb0N.exe	95
PID 944 wrote to memory of 2564	944	099d341dd8586080786cf867eb4e9cb0N.exe	96
PID 944 wrote to memory of 2564	944	099d341dd8586080786cf867eb4e9cb0N.exe	96
PID 944 wrote to memory of 216	944	099d341dd8586080786cf867eb4e9cb0N.exe	97
PID 944 wrote to memory of 216	944	099d341dd8586080786cf867eb4e9cb0N.exe	97
PID 944 wrote to memory of 3708	944	099d341dd8586080786cf867eb4e9cb0N.exe	98
PID 944 wrote to memory of 3708	944	099d341dd8586080786cf867eb4e9cb0N.exe	98
PID 944 wrote to memory of 2032	944	099d341dd8586080786cf867eb4e9cb0N.exe	99
PID 944 wrote to memory of 2032	944	099d341dd8586080786cf867eb4e9cb0N.exe	99
PID 944 wrote to memory of 116	944	099d341dd8586080786cf867eb4e9cb0N.exe	100
PID 944 wrote to memory of 116	944	099d341dd8586080786cf867eb4e9cb0N.exe	100
PID 944 wrote to memory of 4472	944	099d341dd8586080786cf867eb4e9cb0N.exe	101
PID 944 wrote to memory of 4472	944	099d341dd8586080786cf867eb4e9cb0N.exe	101
PID 944 wrote to memory of 3512	944	099d341dd8586080786cf867eb4e9cb0N.exe	102
PID 944 wrote to memory of 3512	944	099d341dd8586080786cf867eb4e9cb0N.exe	102
PID 944 wrote to memory of 2036	944	099d341dd8586080786cf867eb4e9cb0N.exe	103
PID 944 wrote to memory of 2036	944	099d341dd8586080786cf867eb4e9cb0N.exe	103
PID 944 wrote to memory of 1060	944	099d341dd8586080786cf867eb4e9cb0N.exe	104
PID 944 wrote to memory of 1060	944	099d341dd8586080786cf867eb4e9cb0N.exe	104
PID 944 wrote to memory of 2996	944	099d341dd8586080786cf867eb4e9cb0N.exe	105
PID 944 wrote to memory of 2996	944	099d341dd8586080786cf867eb4e9cb0N.exe	105
PID 944 wrote to memory of 4596	944	099d341dd8586080786cf867eb4e9cb0N.exe	106
PID 944 wrote to memory of 4596	944	099d341dd8586080786cf867eb4e9cb0N.exe	106
PID 944 wrote to memory of 2248	944	099d341dd8586080786cf867eb4e9cb0N.exe	107
PID 944 wrote to memory of 2248	944	099d341dd8586080786cf867eb4e9cb0N.exe	107
PID 944 wrote to memory of 2332	944	099d341dd8586080786cf867eb4e9cb0N.exe	108
PID 944 wrote to memory of 2332	944	099d341dd8586080786cf867eb4e9cb0N.exe	108
PID 944 wrote to memory of 2624	944	099d341dd8586080786cf867eb4e9cb0N.exe	109
PID 944 wrote to memory of 2624	944	099d341dd8586080786cf867eb4e9cb0N.exe	109
PID 944 wrote to memory of 3720	944	099d341dd8586080786cf867eb4e9cb0N.exe	110
PID 944 wrote to memory of 3720	944	099d341dd8586080786cf867eb4e9cb0N.exe	110
PID 944 wrote to memory of 3756	944	099d341dd8586080786cf867eb4e9cb0N.exe	111
PID 944 wrote to memory of 3756	944	099d341dd8586080786cf867eb4e9cb0N.exe	111
PID 944 wrote to memory of 4936	944	099d341dd8586080786cf867eb4e9cb0N.exe	112
PID 944 wrote to memory of 4936	944	099d341dd8586080786cf867eb4e9cb0N.exe	112
PID 944 wrote to memory of 2464	944	099d341dd8586080786cf867eb4e9cb0N.exe	113
PID 944 wrote to memory of 2464	944	099d341dd8586080786cf867eb4e9cb0N.exe	113
PID 944 wrote to memory of 4832	944	099d341dd8586080786cf867eb4e9cb0N.exe	114
PID 944 wrote to memory of 4832	944	099d341dd8586080786cf867eb4e9cb0N.exe	114
PID 944 wrote to memory of 2324	944	099d341dd8586080786cf867eb4e9cb0N.exe	115
PID 944 wrote to memory of 2324	944	099d341dd8586080786cf867eb4e9cb0N.exe	115

C:\Users\Admin\AppData\Local\Temp\099d341dd8586080786cf867eb4e9cb0N.exe
"C:\Users\Admin\AppData\Local\Temp\099d341dd8586080786cf867eb4e9cb0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\System\vqThtFH.exe
  C:\Windows\System\vqThtFH.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\AsxvSIn.exe
  C:\Windows\System\AsxvSIn.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\iVlClYB.exe
  C:\Windows\System\iVlClYB.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\iEBspCU.exe
  C:\Windows\System\iEBspCU.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\BeBKftk.exe
  C:\Windows\System\BeBKftk.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\xPfNKPR.exe
  C:\Windows\System\xPfNKPR.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\wZUzMhv.exe
  C:\Windows\System\wZUzMhv.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\MONqzvT.exe
  C:\Windows\System\MONqzvT.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\hMyohJn.exe
  C:\Windows\System\hMyohJn.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\rcQQLSb.exe
  C:\Windows\System\rcQQLSb.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\dYuLXgI.exe
  C:\Windows\System\dYuLXgI.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\kTrrfiQ.exe
  C:\Windows\System\kTrrfiQ.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\yAEKQsk.exe
  C:\Windows\System\yAEKQsk.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\lKByeWz.exe
  C:\Windows\System\lKByeWz.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\OLEQaKe.exe
  C:\Windows\System\OLEQaKe.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\cHLUnZW.exe
  C:\Windows\System\cHLUnZW.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\hvTFMQV.exe
  C:\Windows\System\hvTFMQV.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\qRanGnp.exe
  C:\Windows\System\qRanGnp.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\zTHQWEN.exe
  C:\Windows\System\zTHQWEN.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\SVEGhWh.exe
  C:\Windows\System\SVEGhWh.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\awBKXgN.exe
  C:\Windows\System\awBKXgN.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\IvaVYyV.exe
  C:\Windows\System\IvaVYyV.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\UBmHwGf.exe
  C:\Windows\System\UBmHwGf.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\NpxQxVe.exe
  C:\Windows\System\NpxQxVe.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\kgDeodN.exe
  C:\Windows\System\kgDeodN.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\uCRTvem.exe
  C:\Windows\System\uCRTvem.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\XLEOqFQ.exe
  C:\Windows\System\XLEOqFQ.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\deWApfd.exe
  C:\Windows\System\deWApfd.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\jlNyWid.exe
  C:\Windows\System\jlNyWid.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\vUVMWHh.exe
  C:\Windows\System\vUVMWHh.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\JmjYLLH.exe
  C:\Windows\System\JmjYLLH.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\qbovSbx.exe
  C:\Windows\System\qbovSbx.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\AuyOfpD.exe
  C:\Windows\System\AuyOfpD.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\cMajWcO.exe
  C:\Windows\System\cMajWcO.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\ZhrORhY.exe
  C:\Windows\System\ZhrORhY.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\oIWRqGQ.exe
  C:\Windows\System\oIWRqGQ.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\WadIyMO.exe
  C:\Windows\System\WadIyMO.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\KJOhCdj.exe
  C:\Windows\System\KJOhCdj.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\SDSQXbD.exe
  C:\Windows\System\SDSQXbD.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\shqxQQS.exe
  C:\Windows\System\shqxQQS.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\MkZQahf.exe
  C:\Windows\System\MkZQahf.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\jpCMMbU.exe
  C:\Windows\System\jpCMMbU.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\KUkIzXZ.exe
  C:\Windows\System\KUkIzXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\jOBhrGk.exe
  C:\Windows\System\jOBhrGk.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\fEYKxyP.exe
  C:\Windows\System\fEYKxyP.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\LCvVLqN.exe
  C:\Windows\System\LCvVLqN.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\guENbCL.exe
  C:\Windows\System\guENbCL.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ASluDlp.exe
  C:\Windows\System\ASluDlp.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\wEErkSp.exe
  C:\Windows\System\wEErkSp.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\cTrtiMX.exe
  C:\Windows\System\cTrtiMX.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\hJCMTUd.exe
  C:\Windows\System\hJCMTUd.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\iakmyQV.exe
  C:\Windows\System\iakmyQV.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\UCxtuqm.exe
  C:\Windows\System\UCxtuqm.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\ymxlHlb.exe
  C:\Windows\System\ymxlHlb.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\TOdyygY.exe
  C:\Windows\System\TOdyygY.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\XFaCdkx.exe
  C:\Windows\System\XFaCdkx.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\HqOYvqc.exe
  C:\Windows\System\HqOYvqc.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\boRmGZJ.exe
  C:\Windows\System\boRmGZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\tQeLwuH.exe
  C:\Windows\System\tQeLwuH.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\bjwDZFQ.exe
  C:\Windows\System\bjwDZFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\LbhNLhQ.exe
  C:\Windows\System\LbhNLhQ.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\azdPxfj.exe
  C:\Windows\System\azdPxfj.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\bjwFyYJ.exe
  C:\Windows\System\bjwFyYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\QkudlXD.exe
  C:\Windows\System\QkudlXD.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\tOFCGxw.exe
  C:\Windows\System\tOFCGxw.exe
  2⤵
  PID:4148
- C:\Windows\System\mgRBivp.exe
  C:\Windows\System\mgRBivp.exe
  2⤵
  PID:3328
- C:\Windows\System\IZPUqen.exe
  C:\Windows\System\IZPUqen.exe
  2⤵
  PID:1616
- C:\Windows\System\GaiJkqp.exe
  C:\Windows\System\GaiJkqp.exe
  2⤵
  PID:2124
- C:\Windows\System\PRSEULj.exe
  C:\Windows\System\PRSEULj.exe
  2⤵
  PID:4928
- C:\Windows\System\ajbrJzf.exe
  C:\Windows\System\ajbrJzf.exe
  2⤵
  PID:3972
- C:\Windows\System\CaOpyPk.exe
  C:\Windows\System\CaOpyPk.exe
  2⤵
  PID:3716
- C:\Windows\System\wFudagz.exe
  C:\Windows\System\wFudagz.exe
  2⤵
  PID:2516
- C:\Windows\System\jARrOSF.exe
  C:\Windows\System\jARrOSF.exe
  2⤵
  PID:3828
- C:\Windows\System\uxdHiyx.exe
  C:\Windows\System\uxdHiyx.exe
  2⤵
  PID:932
- C:\Windows\System\EiQbixm.exe
  C:\Windows\System\EiQbixm.exe
  2⤵
  PID:2020
- C:\Windows\System\DbBgfYl.exe
  C:\Windows\System\DbBgfYl.exe
  2⤵
  PID:3196
- C:\Windows\System\CMVhGYi.exe
  C:\Windows\System\CMVhGYi.exe
  2⤵
  PID:4340
- C:\Windows\System\FBCwCLa.exe
  C:\Windows\System\FBCwCLa.exe
  2⤵
  PID:4024
- C:\Windows\System\eTVfYEp.exe
  C:\Windows\System\eTVfYEp.exe
  2⤵
  PID:368
- C:\Windows\System\HVDPxbF.exe
  C:\Windows\System\HVDPxbF.exe
  2⤵
  PID:428
- C:\Windows\System\QKdFTtZ.exe
  C:\Windows\System\QKdFTtZ.exe
  2⤵
  PID:4544
- C:\Windows\System\WukRQsU.exe
  C:\Windows\System\WukRQsU.exe
  2⤵
  PID:3428
- C:\Windows\System\KtBQKBi.exe
  C:\Windows\System\KtBQKBi.exe
  2⤵
  PID:2012
- C:\Windows\System\bNoJZse.exe
  C:\Windows\System\bNoJZse.exe
  2⤵
  PID:1304
- C:\Windows\System\tZgbxeo.exe
  C:\Windows\System\tZgbxeo.exe
  2⤵
  PID:1728
- C:\Windows\System\ZDKCKau.exe
  C:\Windows\System\ZDKCKau.exe
  2⤵
  PID:1496
- C:\Windows\System\jLJtayT.exe
  C:\Windows\System\jLJtayT.exe
  2⤵
  PID:3488
- C:\Windows\System\LkBqJnT.exe
  C:\Windows\System\LkBqJnT.exe
  2⤵
  PID:3484
- C:\Windows\System\rNwqerj.exe
  C:\Windows\System\rNwqerj.exe
  2⤵
  PID:3460
- C:\Windows\System\lkayssu.exe
  C:\Windows\System\lkayssu.exe
  2⤵
  PID:5144
- C:\Windows\System\myGPLIY.exe
  C:\Windows\System\myGPLIY.exe
  2⤵
  PID:5172
- C:\Windows\System\JDCGoja.exe
  C:\Windows\System\JDCGoja.exe
  2⤵
  PID:5200
- C:\Windows\System\XplZSqF.exe
  C:\Windows\System\XplZSqF.exe
  2⤵
  PID:5228
- C:\Windows\System\oMzfkJf.exe
  C:\Windows\System\oMzfkJf.exe
  2⤵
  PID:5256
- C:\Windows\System\NaxxrZp.exe
  C:\Windows\System\NaxxrZp.exe
  2⤵
  PID:5284
- C:\Windows\System\GRpxsps.exe
  C:\Windows\System\GRpxsps.exe
  2⤵
  PID:5312
- C:\Windows\System\lECoXYP.exe
  C:\Windows\System\lECoXYP.exe
  2⤵
  PID:5340
- C:\Windows\System\dfVuLrM.exe
  C:\Windows\System\dfVuLrM.exe
  2⤵
  PID:5368
- C:\Windows\System\CMsVrva.exe
  C:\Windows\System\CMsVrva.exe
  2⤵
  PID:5396
- C:\Windows\System\arenIBX.exe
  C:\Windows\System\arenIBX.exe
  2⤵
  PID:5424
- C:\Windows\System\MpAuuEg.exe
  C:\Windows\System\MpAuuEg.exe
  2⤵
  PID:5452
- C:\Windows\System\NDofcgp.exe
  C:\Windows\System\NDofcgp.exe
  2⤵
  PID:5480
- C:\Windows\System\UrsIeSx.exe
  C:\Windows\System\UrsIeSx.exe
  2⤵
  PID:5508
- C:\Windows\System\zaShCRn.exe
  C:\Windows\System\zaShCRn.exe
  2⤵
  PID:5536
- C:\Windows\System\KkiCZLe.exe
  C:\Windows\System\KkiCZLe.exe
  2⤵
  PID:5564
- C:\Windows\System\rGQGtGE.exe
  C:\Windows\System\rGQGtGE.exe
  2⤵
  PID:5592
- C:\Windows\System\ODMMIaJ.exe
  C:\Windows\System\ODMMIaJ.exe
  2⤵
  PID:5620
- C:\Windows\System\qeEJQhO.exe
  C:\Windows\System\qeEJQhO.exe
  2⤵
  PID:5648
- C:\Windows\System\nrUzMZW.exe
  C:\Windows\System\nrUzMZW.exe
  2⤵
  PID:5676
- C:\Windows\System\upZPHjZ.exe
  C:\Windows\System\upZPHjZ.exe
  2⤵
  PID:5704
- C:\Windows\System\dgIAkfG.exe
  C:\Windows\System\dgIAkfG.exe
  2⤵
  PID:5732
- C:\Windows\System\YBSMYBe.exe
  C:\Windows\System\YBSMYBe.exe
  2⤵
  PID:5760
- C:\Windows\System\EdYEStU.exe
  C:\Windows\System\EdYEStU.exe
  2⤵
  PID:5788
- C:\Windows\System\HKJooEq.exe
  C:\Windows\System\HKJooEq.exe
  2⤵
  PID:5816
- C:\Windows\System\POolnRK.exe
  C:\Windows\System\POolnRK.exe
  2⤵
  PID:5844
- C:\Windows\System\yMKAgpa.exe
  C:\Windows\System\yMKAgpa.exe
  2⤵
  PID:5872
- C:\Windows\System\EJuhVCw.exe
  C:\Windows\System\EJuhVCw.exe
  2⤵
  PID:5900
- C:\Windows\System\UgAaAJc.exe
  C:\Windows\System\UgAaAJc.exe
  2⤵
  PID:5928
- C:\Windows\System\SMtCpFK.exe
  C:\Windows\System\SMtCpFK.exe
  2⤵
  PID:5956
- C:\Windows\System\VmBudCr.exe
  C:\Windows\System\VmBudCr.exe
  2⤵
  PID:5984
- C:\Windows\System\KHwKVhz.exe
  C:\Windows\System\KHwKVhz.exe
  2⤵
  PID:6012
- C:\Windows\System\zzMEtWj.exe
  C:\Windows\System\zzMEtWj.exe
  2⤵
  PID:6040
- C:\Windows\System\BNZXTzi.exe
  C:\Windows\System\BNZXTzi.exe
  2⤵
  PID:6068
- C:\Windows\System\AwsnmRK.exe
  C:\Windows\System\AwsnmRK.exe
  2⤵
  PID:6096
- C:\Windows\System\SCdVXRw.exe
  C:\Windows\System\SCdVXRw.exe
  2⤵
  PID:6124
- C:\Windows\System\zcIkQeD.exe
  C:\Windows\System\zcIkQeD.exe
  2⤵
  PID:4676
- C:\Windows\System\FwEXRVn.exe
  C:\Windows\System\FwEXRVn.exe
  2⤵
  PID:3624
- C:\Windows\System\lPpeSqY.exe
  C:\Windows\System\lPpeSqY.exe
  2⤵
  PID:4828
- C:\Windows\System\bhLAFaQ.exe
  C:\Windows\System\bhLAFaQ.exe
  2⤵
  PID:2800
- C:\Windows\System\iNcaHeE.exe
  C:\Windows\System\iNcaHeE.exe
  2⤵
  PID:1300
- C:\Windows\System\tqLZTAm.exe
  C:\Windows\System\tqLZTAm.exe
  2⤵
  PID:792
- C:\Windows\System\uIsrmbY.exe
  C:\Windows\System\uIsrmbY.exe
  2⤵
  PID:5160
- C:\Windows\System\iJvxuQg.exe
  C:\Windows\System\iJvxuQg.exe
  2⤵
  PID:5220
- C:\Windows\System\yaFVSJp.exe
  C:\Windows\System\yaFVSJp.exe
  2⤵
  PID:5276
- C:\Windows\System\ILlAXIn.exe
  C:\Windows\System\ILlAXIn.exe
  2⤵
  PID:5356
- C:\Windows\System\WsyaRQB.exe
  C:\Windows\System\WsyaRQB.exe
  2⤵
  PID:5416
- C:\Windows\System\CcWUCQO.exe
  C:\Windows\System\CcWUCQO.exe
  2⤵
  PID:5492
- C:\Windows\System\DYtoNmw.exe
  C:\Windows\System\DYtoNmw.exe
  2⤵
  PID:5552
- C:\Windows\System\RutCKKg.exe
  C:\Windows\System\RutCKKg.exe
  2⤵
  PID:5612
- C:\Windows\System\ijRuZMN.exe
  C:\Windows\System\ijRuZMN.exe
  2⤵
  PID:5688
- C:\Windows\System\RVNDRDl.exe
  C:\Windows\System\RVNDRDl.exe
  2⤵
  PID:5748
- C:\Windows\System\wVIgThY.exe
  C:\Windows\System\wVIgThY.exe
  2⤵
  PID:5808
- C:\Windows\System\aCECEjk.exe
  C:\Windows\System\aCECEjk.exe
  2⤵
  PID:5884
- C:\Windows\System\jipVEMs.exe
  C:\Windows\System\jipVEMs.exe
  2⤵
  PID:5940
- C:\Windows\System\SxIetGs.exe
  C:\Windows\System\SxIetGs.exe
  2⤵
  PID:6000
- C:\Windows\System\oUKVWXE.exe
  C:\Windows\System\oUKVWXE.exe
  2⤵
  PID:6060
- C:\Windows\System\XBCPbaM.exe
  C:\Windows\System\XBCPbaM.exe
  2⤵
  PID:6136
- C:\Windows\System\lYloTUm.exe
  C:\Windows\System\lYloTUm.exe
  2⤵
  PID:2400
- C:\Windows\System\KRyXHrt.exe
  C:\Windows\System\KRyXHrt.exe
  2⤵
  PID:3336
- C:\Windows\System\Vmkntxi.exe
  C:\Windows\System\Vmkntxi.exe
  2⤵
  PID:5248
- C:\Windows\System\CQhzycX.exe
  C:\Windows\System\CQhzycX.exe
  2⤵
  PID:5328
- C:\Windows\System\UkTnhpq.exe
  C:\Windows\System\UkTnhpq.exe
  2⤵
  PID:5468
- C:\Windows\System\yKqulnU.exe
  C:\Windows\System\yKqulnU.exe
  2⤵
  PID:5640
- C:\Windows\System\FQywdec.exe
  C:\Windows\System\FQywdec.exe
  2⤵
  PID:5780
- C:\Windows\System\efbzAad.exe
  C:\Windows\System\efbzAad.exe
  2⤵
  PID:5916
- C:\Windows\System\SsXEGoW.exe
  C:\Windows\System\SsXEGoW.exe
  2⤵
  PID:6088
- C:\Windows\System\szMulCt.exe
  C:\Windows\System\szMulCt.exe
  2⤵
  PID:6172
- C:\Windows\System\AtbaJhs.exe
  C:\Windows\System\AtbaJhs.exe
  2⤵
  PID:6200
- C:\Windows\System\QxjPxBO.exe
  C:\Windows\System\QxjPxBO.exe
  2⤵
  PID:6228
- C:\Windows\System\UYlFPKD.exe
  C:\Windows\System\UYlFPKD.exe
  2⤵
  PID:6256
- C:\Windows\System\hBkCNEv.exe
  C:\Windows\System\hBkCNEv.exe
  2⤵
  PID:6284
- C:\Windows\System\cXMMsCv.exe
  C:\Windows\System\cXMMsCv.exe
  2⤵
  PID:6312
- C:\Windows\System\lAcAIVx.exe
  C:\Windows\System\lAcAIVx.exe
  2⤵
  PID:6340
- C:\Windows\System\kPnhple.exe
  C:\Windows\System\kPnhple.exe
  2⤵
  PID:6368
- C:\Windows\System\tSuqtvP.exe
  C:\Windows\System\tSuqtvP.exe
  2⤵
  PID:6396
- C:\Windows\System\LcAVlBa.exe
  C:\Windows\System\LcAVlBa.exe
  2⤵
  PID:6424
- C:\Windows\System\ewPZkAS.exe
  C:\Windows\System\ewPZkAS.exe
  2⤵
  PID:6452
- C:\Windows\System\EMmsVaJ.exe
  C:\Windows\System\EMmsVaJ.exe
  2⤵
  PID:6480
- C:\Windows\System\VIDQmSR.exe
  C:\Windows\System\VIDQmSR.exe
  2⤵
  PID:6508
- C:\Windows\System\dWuTqwW.exe
  C:\Windows\System\dWuTqwW.exe
  2⤵
  PID:6536
- C:\Windows\System\ETXyKZW.exe
  C:\Windows\System\ETXyKZW.exe
  2⤵
  PID:6564
- C:\Windows\System\VWptzqM.exe
  C:\Windows\System\VWptzqM.exe
  2⤵
  PID:6592
- C:\Windows\System\dTEiKAV.exe
  C:\Windows\System\dTEiKAV.exe
  2⤵
  PID:6620
- C:\Windows\System\OQLEBep.exe
  C:\Windows\System\OQLEBep.exe
  2⤵
  PID:6648
- C:\Windows\System\LxxTHVR.exe
  C:\Windows\System\LxxTHVR.exe
  2⤵
  PID:6676
- C:\Windows\System\tSXVtUX.exe
  C:\Windows\System\tSXVtUX.exe
  2⤵
  PID:6704
- C:\Windows\System\xWGZbxL.exe
  C:\Windows\System\xWGZbxL.exe
  2⤵
  PID:6732
- C:\Windows\System\BXyGGwj.exe
  C:\Windows\System\BXyGGwj.exe
  2⤵
  PID:6760
- C:\Windows\System\HFIpAZl.exe
  C:\Windows\System\HFIpAZl.exe
  2⤵
  PID:6788
- C:\Windows\System\uZBAFcV.exe
  C:\Windows\System\uZBAFcV.exe
  2⤵
  PID:6816
- C:\Windows\System\CNOUVZP.exe
  C:\Windows\System\CNOUVZP.exe
  2⤵
  PID:6844
- C:\Windows\System\PtAobyQ.exe
  C:\Windows\System\PtAobyQ.exe
  2⤵
  PID:6872
- C:\Windows\System\RdlYSjO.exe
  C:\Windows\System\RdlYSjO.exe
  2⤵
  PID:6900
- C:\Windows\System\ENvQVXq.exe
  C:\Windows\System\ENvQVXq.exe
  2⤵
  PID:6928
- C:\Windows\System\dLeAWKW.exe
  C:\Windows\System\dLeAWKW.exe
  2⤵
  PID:6956
- C:\Windows\System\IIxOESX.exe
  C:\Windows\System\IIxOESX.exe
  2⤵
  PID:6984
- C:\Windows\System\KboWWrh.exe
  C:\Windows\System\KboWWrh.exe
  2⤵
  PID:7012
- C:\Windows\System\AgOsofw.exe
  C:\Windows\System\AgOsofw.exe
  2⤵
  PID:7040
- C:\Windows\System\HKzUWZd.exe
  C:\Windows\System\HKzUWZd.exe
  2⤵
  PID:7068
- C:\Windows\System\rDEmeyu.exe
  C:\Windows\System\rDEmeyu.exe
  2⤵
  PID:7096
- C:\Windows\System\HhKZuoE.exe
  C:\Windows\System\HhKZuoE.exe
  2⤵
  PID:7124
- C:\Windows\System\YwfRLdO.exe
  C:\Windows\System\YwfRLdO.exe
  2⤵
  PID:7152
- C:\Windows\System\GIjyqRr.exe
  C:\Windows\System\GIjyqRr.exe
  2⤵
  PID:440
- C:\Windows\System\YsKFclz.exe
  C:\Windows\System\YsKFclz.exe
  2⤵
  PID:5136
- C:\Windows\System\fFTddht.exe
  C:\Windows\System\fFTddht.exe
  2⤵
  PID:5444
- C:\Windows\System\mhMWRGe.exe
  C:\Windows\System\mhMWRGe.exe
  2⤵
  PID:5724
- C:\Windows\System\YSfVsNV.exe
  C:\Windows\System\YSfVsNV.exe
  2⤵
  PID:6028
- C:\Windows\System\DhvMdxi.exe
  C:\Windows\System\DhvMdxi.exe
  2⤵
  PID:6188
- C:\Windows\System\STcHeSq.exe
  C:\Windows\System\STcHeSq.exe
  2⤵
  PID:6244
- C:\Windows\System\WOpXsdX.exe
  C:\Windows\System\WOpXsdX.exe
  2⤵
  PID:6304
- C:\Windows\System\UHQMRxD.exe
  C:\Windows\System\UHQMRxD.exe
  2⤵
  PID:6380
- C:\Windows\System\eExIQKF.exe
  C:\Windows\System\eExIQKF.exe
  2⤵
  PID:6440
- C:\Windows\System\snxgRGA.exe
  C:\Windows\System\snxgRGA.exe
  2⤵
  PID:6500
- C:\Windows\System\eueRJKM.exe
  C:\Windows\System\eueRJKM.exe
  2⤵
  PID:6576
- C:\Windows\System\vJMkkyG.exe
  C:\Windows\System\vJMkkyG.exe
  2⤵
  PID:6632
- C:\Windows\System\kTXgWYM.exe
  C:\Windows\System\kTXgWYM.exe
  2⤵
  PID:2468
- C:\Windows\System\iZDtOkF.exe
  C:\Windows\System\iZDtOkF.exe
  2⤵
  PID:1848
- C:\Windows\System\iUDljVw.exe
  C:\Windows\System\iUDljVw.exe
  2⤵
  PID:4460
- C:\Windows\System\Rgpkoqx.exe
  C:\Windows\System\Rgpkoqx.exe
  2⤵
  PID:6856
- C:\Windows\System\BDqgkjJ.exe
  C:\Windows\System\BDqgkjJ.exe
  2⤵
  PID:6916
- C:\Windows\System\qmvMnKf.exe
  C:\Windows\System\qmvMnKf.exe
  2⤵
  PID:6968
- C:\Windows\System\EjzIvtx.exe
  C:\Windows\System\EjzIvtx.exe
  2⤵
  PID:7024
- C:\Windows\System\Vqghhor.exe
  C:\Windows\System\Vqghhor.exe
  2⤵
  PID:4812
- C:\Windows\System\OVuhfJy.exe
  C:\Windows\System\OVuhfJy.exe
  2⤵
  PID:6184
- C:\Windows\System\JtijMXp.exe
  C:\Windows\System\JtijMXp.exe
  2⤵
  PID:6220
- C:\Windows\System\WqtrVmi.exe
  C:\Windows\System\WqtrVmi.exe
  2⤵
  PID:6408
- C:\Windows\System\aKZfTkY.exe
  C:\Windows\System\aKZfTkY.exe
  2⤵
  PID:6472
- C:\Windows\System\UGNxqgC.exe
  C:\Windows\System\UGNxqgC.exe
  2⤵
  PID:6604
- C:\Windows\System\NCThGoP.exe
  C:\Windows\System\NCThGoP.exe
  2⤵
  PID:6664
- C:\Windows\System\CJlaZbw.exe
  C:\Windows\System\CJlaZbw.exe
  2⤵
  PID:6720
- C:\Windows\System\IfOTNSD.exe
  C:\Windows\System\IfOTNSD.exe
  2⤵
  PID:6772
- C:\Windows\System\NUPTUmF.exe
  C:\Windows\System\NUPTUmF.exe
  2⤵
  PID:4712
- C:\Windows\System\IgjudSr.exe
  C:\Windows\System\IgjudSr.exe
  2⤵
  PID:6888
- C:\Windows\System\AWRgSjo.exe
  C:\Windows\System\AWRgSjo.exe
  2⤵
  PID:4108
- C:\Windows\System\qJWtVuq.exe
  C:\Windows\System\qJWtVuq.exe
  2⤵
  PID:4672
- C:\Windows\System\RlxhJQY.exe
  C:\Windows\System\RlxhJQY.exe
  2⤵
  PID:3160
- C:\Windows\System\DCXZeiS.exe
  C:\Windows\System\DCXZeiS.exe
  2⤵
  PID:4808
- C:\Windows\System\KmNozjI.exe
  C:\Windows\System\KmNozjI.exe
  2⤵
  PID:7056
- C:\Windows\System\gNsNZKL.exe
  C:\Windows\System\gNsNZKL.exe
  2⤵
  PID:7164
- C:\Windows\System\CJdUvnj.exe
  C:\Windows\System\CJdUvnj.exe
  2⤵
  PID:4336
- C:\Windows\System\ssgGoWO.exe
  C:\Windows\System\ssgGoWO.exe
  2⤵
  PID:6272
- C:\Windows\System\fNJGpSA.exe
  C:\Windows\System\fNJGpSA.exe
  2⤵
  PID:6716
- C:\Windows\System\TDZnxbX.exe
  C:\Windows\System\TDZnxbX.exe
  2⤵
  PID:6884
- C:\Windows\System\BXmCbNF.exe
  C:\Windows\System\BXmCbNF.exe
  2⤵
  PID:1252
- C:\Windows\System\kFJvrbF.exe
  C:\Windows\System\kFJvrbF.exe
  2⤵
  PID:4068
- C:\Windows\System\otaaUol.exe
  C:\Windows\System\otaaUol.exe
  2⤵
  PID:2916
- C:\Windows\System\tdnEhHu.exe
  C:\Windows\System\tdnEhHu.exe
  2⤵
  PID:3772
- C:\Windows\System\ZnfDZWj.exe
  C:\Windows\System\ZnfDZWj.exe
  2⤵
  PID:6216
- C:\Windows\System\VyDbYFW.exe
  C:\Windows\System\VyDbYFW.exe
  2⤵
  PID:828
- C:\Windows\System\RRyFmXj.exe
  C:\Windows\System\RRyFmXj.exe
  2⤵
  PID:7296
- C:\Windows\System\mDhTFIw.exe
  C:\Windows\System\mDhTFIw.exe
  2⤵
  PID:7312
- C:\Windows\System\ZdfXsXF.exe
  C:\Windows\System\ZdfXsXF.exe
  2⤵
  PID:7340
- C:\Windows\System\NpUslKI.exe
  C:\Windows\System\NpUslKI.exe
  2⤵
  PID:7424
- C:\Windows\System\mKOokwE.exe
  C:\Windows\System\mKOokwE.exe
  2⤵
  PID:7444
- C:\Windows\System\SzRZdgQ.exe
  C:\Windows\System\SzRZdgQ.exe
  2⤵
  PID:7484
- C:\Windows\System\WqliPxb.exe
  C:\Windows\System\WqliPxb.exe
  2⤵
  PID:7512
- C:\Windows\System\VCXFRru.exe
  C:\Windows\System\VCXFRru.exe
  2⤵
  PID:7556
- C:\Windows\System\GmRhtYb.exe
  C:\Windows\System\GmRhtYb.exe
  2⤵
  PID:7584
- C:\Windows\System\sMyfVgn.exe
  C:\Windows\System\sMyfVgn.exe
  2⤵
  PID:7612
- C:\Windows\System\wihqsBs.exe
  C:\Windows\System\wihqsBs.exe
  2⤵
  PID:7640
- C:\Windows\System\eaVgivC.exe
  C:\Windows\System\eaVgivC.exe
  2⤵
  PID:7664
- C:\Windows\System\MJJRhvE.exe
  C:\Windows\System\MJJRhvE.exe
  2⤵
  PID:7696
- C:\Windows\System\VVJqKNv.exe
  C:\Windows\System\VVJqKNv.exe
  2⤵
  PID:7724
- C:\Windows\System\UjlMeIJ.exe
  C:\Windows\System\UjlMeIJ.exe
  2⤵
  PID:7752
- C:\Windows\System\ZaQASko.exe
  C:\Windows\System\ZaQASko.exe
  2⤵
  PID:7772
- C:\Windows\System\hCgEMAN.exe
  C:\Windows\System\hCgEMAN.exe
  2⤵
  PID:7804
- C:\Windows\System\NCdJJKu.exe
  C:\Windows\System\NCdJJKu.exe
  2⤵
  PID:7820
- C:\Windows\System\AlHkFfY.exe
  C:\Windows\System\AlHkFfY.exe
  2⤵
  PID:7864
- C:\Windows\System\EaajHju.exe
  C:\Windows\System\EaajHju.exe
  2⤵
  PID:7880
- C:\Windows\System\GaFlvPQ.exe
  C:\Windows\System\GaFlvPQ.exe
  2⤵
  PID:7912
- C:\Windows\System\AxtrSeQ.exe
  C:\Windows\System\AxtrSeQ.exe
  2⤵
  PID:7948
- C:\Windows\System\QwWrnSV.exe
  C:\Windows\System\QwWrnSV.exe
  2⤵
  PID:7968
- C:\Windows\System\UHVbHBj.exe
  C:\Windows\System\UHVbHBj.exe
  2⤵
  PID:7992
- C:\Windows\System\Ipwpflv.exe
  C:\Windows\System\Ipwpflv.exe
  2⤵
  PID:8012
- C:\Windows\System\iTbGVOu.exe
  C:\Windows\System\iTbGVOu.exe
  2⤵
  PID:8048
- C:\Windows\System\HCbrgRy.exe
  C:\Windows\System\HCbrgRy.exe
  2⤵
  PID:8064
- C:\Windows\System\FCJotGV.exe
  C:\Windows\System\FCJotGV.exe
  2⤵
  PID:8100
- C:\Windows\System\ZpEEbpy.exe
  C:\Windows\System\ZpEEbpy.exe
  2⤵
  PID:8132
- C:\Windows\System\qxbHSoj.exe
  C:\Windows\System\qxbHSoj.exe
  2⤵
  PID:8152
- C:\Windows\System\DuXprpM.exe
  C:\Windows\System\DuXprpM.exe
  2⤵
  PID:8180
- C:\Windows\System\hoQFKLe.exe
  C:\Windows\System\hoQFKLe.exe
  2⤵
  PID:7116
- C:\Windows\System\qvUwOWe.exe
  C:\Windows\System\qvUwOWe.exe
  2⤵
  PID:7196
- C:\Windows\System\wCuKWHP.exe
  C:\Windows\System\wCuKWHP.exe
  2⤵
  PID:7244
- C:\Windows\System\oUyGSqT.exe
  C:\Windows\System\oUyGSqT.exe
  2⤵
  PID:7332
- C:\Windows\System\zNqQYvf.exe
  C:\Windows\System\zNqQYvf.exe
  2⤵
  PID:3832
- C:\Windows\System\SOicZkv.exe
  C:\Windows\System\SOicZkv.exe
  2⤵
  PID:7384
- C:\Windows\System\GwkKbFm.exe
  C:\Windows\System\GwkKbFm.exe
  2⤵
  PID:7480
- C:\Windows\System\zMajjWc.exe
  C:\Windows\System\zMajjWc.exe
  2⤵
  PID:7496
- C:\Windows\System\kWoPFQC.exe
  C:\Windows\System\kWoPFQC.exe
  2⤵
  PID:4920
- C:\Windows\System\fRuOFrL.exe
  C:\Windows\System\fRuOFrL.exe
  2⤵
  PID:6528
- C:\Windows\System\NzFtfnH.exe
  C:\Windows\System\NzFtfnH.exe
  2⤵
  PID:7656
- C:\Windows\System\Yhzkspi.exe
  C:\Windows\System\Yhzkspi.exe
  2⤵
  PID:7720
- C:\Windows\System\FXmeDyW.exe
  C:\Windows\System\FXmeDyW.exe
  2⤵
  PID:7788
- C:\Windows\System\LNhqjjr.exe
  C:\Windows\System\LNhqjjr.exe
  2⤵
  PID:7848
- C:\Windows\System\OcTyxBt.exe
  C:\Windows\System\OcTyxBt.exe
  2⤵
  PID:7920
- C:\Windows\System\hcxXFcR.exe
  C:\Windows\System\hcxXFcR.exe
  2⤵
  PID:7980
- C:\Windows\System\wLQtUtf.exe
  C:\Windows\System\wLQtUtf.exe
  2⤵
  PID:8032
- C:\Windows\System\KpHVFwi.exe
  C:\Windows\System\KpHVFwi.exe
  2⤵
  PID:8116
- C:\Windows\System\zyuYbaH.exe
  C:\Windows\System\zyuYbaH.exe
  2⤵
  PID:8160
- C:\Windows\System\FhOhiWl.exe
  C:\Windows\System\FhOhiWl.exe
  2⤵
  PID:1376
- C:\Windows\System\TtCsMzH.exe
  C:\Windows\System\TtCsMzH.exe
  2⤵
  PID:4708
- C:\Windows\System\RpUUMmW.exe
  C:\Windows\System\RpUUMmW.exe
  2⤵
  PID:7392
- C:\Windows\System\otUOdUM.exe
  C:\Windows\System\otUOdUM.exe
  2⤵
  PID:7508
- C:\Windows\System\lqbYwkm.exe
  C:\Windows\System\lqbYwkm.exe
  2⤵
  PID:7628
- C:\Windows\System\KAhRCrV.exe
  C:\Windows\System\KAhRCrV.exe
  2⤵
  PID:7764
- C:\Windows\System\UfKKclE.exe
  C:\Windows\System\UfKKclE.exe
  2⤵
  PID:7936
- C:\Windows\System\GaNnveU.exe
  C:\Windows\System\GaNnveU.exe
  2⤵
  PID:8060
- C:\Windows\System\QduUpzg.exe
  C:\Windows\System\QduUpzg.exe
  2⤵
  PID:2612
- C:\Windows\System\apFDBVM.exe
  C:\Windows\System\apFDBVM.exe
  2⤵
  PID:7576
- C:\Windows\System\IMtPjoB.exe
  C:\Windows\System\IMtPjoB.exe
  2⤵
  PID:7232
- C:\Windows\System\AFthchw.exe
  C:\Windows\System\AFthchw.exe
  2⤵
  PID:5860
- C:\Windows\System\FhUSEIk.exe
  C:\Windows\System\FhUSEIk.exe
  2⤵
  PID:7708
- C:\Windows\System\vCXILii.exe
  C:\Windows\System\vCXILii.exe
  2⤵
  PID:4592
- C:\Windows\System\GOAbjZT.exe
  C:\Windows\System\GOAbjZT.exe
  2⤵
  PID:8212
- C:\Windows\System\KnJaaUp.exe
  C:\Windows\System\KnJaaUp.exe
  2⤵
  PID:8236
- C:\Windows\System\XdOqWyj.exe
  C:\Windows\System\XdOqWyj.exe
  2⤵
  PID:8264
- C:\Windows\System\ZHEpyZB.exe
  C:\Windows\System\ZHEpyZB.exe
  2⤵
  PID:8280
- C:\Windows\System\ejjJSSO.exe
  C:\Windows\System\ejjJSSO.exe
  2⤵
  PID:8320
- C:\Windows\System\RSfudKp.exe
  C:\Windows\System\RSfudKp.exe
  2⤵
  PID:8348
- C:\Windows\System\hWItSxh.exe
  C:\Windows\System\hWItSxh.exe
  2⤵
  PID:8376
- C:\Windows\System\IqGUPBp.exe
  C:\Windows\System\IqGUPBp.exe
  2⤵
  PID:8392
- C:\Windows\System\RkxllRI.exe
  C:\Windows\System\RkxllRI.exe
  2⤵
  PID:8428
- C:\Windows\System\grzPdoM.exe
  C:\Windows\System\grzPdoM.exe
  2⤵
  PID:8448
- C:\Windows\System\GitMbYa.exe
  C:\Windows\System\GitMbYa.exe
  2⤵
  PID:8476
- C:\Windows\System\gbaAdzn.exe
  C:\Windows\System\gbaAdzn.exe
  2⤵
  PID:8504
- C:\Windows\System\JIdaDIY.exe
  C:\Windows\System\JIdaDIY.exe
  2⤵
  PID:8532
- C:\Windows\System\SgGieEW.exe
  C:\Windows\System\SgGieEW.exe
  2⤵
  PID:8572
- C:\Windows\System\JqfAQTS.exe
  C:\Windows\System\JqfAQTS.exe
  2⤵
  PID:8588
- C:\Windows\System\vukcwpv.exe
  C:\Windows\System\vukcwpv.exe
  2⤵
  PID:8608
- C:\Windows\System\ImwUduO.exe
  C:\Windows\System\ImwUduO.exe
  2⤵
  PID:8656
- C:\Windows\System\AYntbEr.exe
  C:\Windows\System\AYntbEr.exe
  2⤵
  PID:8684
- C:\Windows\System\mYncTZq.exe
  C:\Windows\System\mYncTZq.exe
  2⤵
  PID:8720
- C:\Windows\System\XUvoBzI.exe
  C:\Windows\System\XUvoBzI.exe
  2⤵
  PID:8744
- C:\Windows\System\iPnFWlB.exe
  C:\Windows\System\iPnFWlB.exe
  2⤵
  PID:8772
- C:\Windows\System\WqTYsGX.exe
  C:\Windows\System\WqTYsGX.exe
  2⤵
  PID:8812
- C:\Windows\System\ZCvjKJg.exe
  C:\Windows\System\ZCvjKJg.exe
  2⤵
  PID:8848
- C:\Windows\System\qOTjGnc.exe
  C:\Windows\System\qOTjGnc.exe
  2⤵
  PID:8876
- C:\Windows\System\cuJzyUo.exe
  C:\Windows\System\cuJzyUo.exe
  2⤵
  PID:8916
- C:\Windows\System\dxXIbyV.exe
  C:\Windows\System\dxXIbyV.exe
  2⤵
  PID:8944
- C:\Windows\System\fBEUDEg.exe
  C:\Windows\System\fBEUDEg.exe
  2⤵
  PID:8972
- C:\Windows\System\kvjbQin.exe
  C:\Windows\System\kvjbQin.exe
  2⤵
  PID:8988
- C:\Windows\System\BkUYHKg.exe
  C:\Windows\System\BkUYHKg.exe
  2⤵
  PID:9024
- C:\Windows\System\PAkxpWK.exe
  C:\Windows\System\PAkxpWK.exe
  2⤵
  PID:9048
- C:\Windows\System\HUtebEX.exe
  C:\Windows\System\HUtebEX.exe
  2⤵
  PID:9084
- C:\Windows\System\CymScfW.exe
  C:\Windows\System\CymScfW.exe
  2⤵
  PID:9124
- C:\Windows\System\hkEhVWl.exe
  C:\Windows\System\hkEhVWl.exe
  2⤵
  PID:9160
- C:\Windows\System\SQptCeP.exe
  C:\Windows\System\SQptCeP.exe
  2⤵
  PID:9184
- C:\Windows\System\xXNuwZu.exe
  C:\Windows\System\xXNuwZu.exe
  2⤵
  PID:9212
- C:\Windows\System\bSlbFGJ.exe
  C:\Windows\System\bSlbFGJ.exe
  2⤵
  PID:8228
- C:\Windows\System\EZCFuph.exe
  C:\Windows\System\EZCFuph.exe
  2⤵
  PID:8300
- C:\Windows\System\ytYVNZd.exe
  C:\Windows\System\ytYVNZd.exe
  2⤵
  PID:8344
- C:\Windows\System\QSvipSO.exe
  C:\Windows\System\QSvipSO.exe
  2⤵
  PID:8412
- C:\Windows\System\oTrjUPz.exe
  C:\Windows\System\oTrjUPz.exe
  2⤵
  PID:8468
- C:\Windows\System\qCyDZnx.exe
  C:\Windows\System\qCyDZnx.exe
  2⤵
  PID:8568
- C:\Windows\System\RmrLNUK.exe
  C:\Windows\System\RmrLNUK.exe
  2⤵
  PID:8652
- C:\Windows\System\HZgeBqq.exe
  C:\Windows\System\HZgeBqq.exe
  2⤵
  PID:8672
- C:\Windows\System\AxJidUO.exe
  C:\Windows\System\AxJidUO.exe
  2⤵
  PID:8736
- C:\Windows\System\jcNanFc.exe
  C:\Windows\System\jcNanFc.exe
  2⤵
  PID:8844
- C:\Windows\System\ODAnhcR.exe
  C:\Windows\System\ODAnhcR.exe
  2⤵
  PID:8896
- C:\Windows\System\eqDBggQ.exe
  C:\Windows\System\eqDBggQ.exe
  2⤵
  PID:8968
- C:\Windows\System\IFPRJpt.exe
  C:\Windows\System\IFPRJpt.exe
  2⤵
  PID:9008
- C:\Windows\System\fpFpUwt.exe
  C:\Windows\System\fpFpUwt.exe
  2⤵
  PID:9116
- C:\Windows\System\jlHUsfM.exe
  C:\Windows\System\jlHUsfM.exe
  2⤵
  PID:9176
- C:\Windows\System\GayHDwY.exe
  C:\Windows\System\GayHDwY.exe
  2⤵
  PID:8312
- C:\Windows\System\oWfqGoa.exe
  C:\Windows\System\oWfqGoa.exe
  2⤵
  PID:8472
- C:\Windows\System\XPQkLry.exe
  C:\Windows\System\XPQkLry.exe
  2⤵
  PID:8596
- C:\Windows\System\LCjzyfO.exe
  C:\Windows\System\LCjzyfO.exe
  2⤵
  PID:8804
- C:\Windows\System\oyOgepJ.exe
  C:\Windows\System\oyOgepJ.exe
  2⤵
  PID:8980
- C:\Windows\System\ZncfWtc.exe
  C:\Windows\System\ZncfWtc.exe
  2⤵
  PID:9136
- C:\Windows\System\vOPUvVi.exe
  C:\Windows\System\vOPUvVi.exe
  2⤵
  PID:9168
- C:\Windows\System\AFKcWWg.exe
  C:\Windows\System\AFKcWWg.exe
  2⤵
  PID:8668
- C:\Windows\System\YxFRybh.exe
  C:\Windows\System\YxFRybh.exe
  2⤵
  PID:9152
- C:\Windows\System\bnuxHyh.exe
  C:\Windows\System\bnuxHyh.exe
  2⤵
  PID:8732
- C:\Windows\System\cKppwdH.exe
  C:\Windows\System\cKppwdH.exe
  2⤵
  PID:9224
- C:\Windows\System\gOigTnz.exe
  C:\Windows\System\gOigTnz.exe
  2⤵
  PID:9256
- C:\Windows\System\drSttEB.exe
  C:\Windows\System\drSttEB.exe
  2⤵
  PID:9284
- C:\Windows\System\JqzNwVO.exe
  C:\Windows\System\JqzNwVO.exe
  2⤵
  PID:9316
- C:\Windows\System\mEGYAfY.exe
  C:\Windows\System\mEGYAfY.exe
  2⤵
  PID:9348
- C:\Windows\System\njSxZpI.exe
  C:\Windows\System\njSxZpI.exe
  2⤵
  PID:9376
- C:\Windows\System\rvBQoJz.exe
  C:\Windows\System\rvBQoJz.exe
  2⤵
  PID:9396
- C:\Windows\System\kWqdjdX.exe
  C:\Windows\System\kWqdjdX.exe
  2⤵
  PID:9416
- C:\Windows\System\fvmKtpf.exe
  C:\Windows\System\fvmKtpf.exe
  2⤵
  PID:9448
- C:\Windows\System\trkUxYD.exe
  C:\Windows\System\trkUxYD.exe
  2⤵
  PID:9484
- C:\Windows\System\QmHMEjn.exe
  C:\Windows\System\QmHMEjn.exe
  2⤵
  PID:9524
- C:\Windows\System\PTauTdw.exe
  C:\Windows\System\PTauTdw.exe
  2⤵
  PID:9552
- C:\Windows\System\vIFfmJD.exe
  C:\Windows\System\vIFfmJD.exe
  2⤵
  PID:9568
- C:\Windows\System\QrJccWY.exe
  C:\Windows\System\QrJccWY.exe
  2⤵
  PID:9612
- C:\Windows\System\CDcGHHm.exe
  C:\Windows\System\CDcGHHm.exe
  2⤵
  PID:9636
- C:\Windows\System\TayftSS.exe
  C:\Windows\System\TayftSS.exe
  2⤵
  PID:9656
- C:\Windows\System\uoOQEzi.exe
  C:\Windows\System\uoOQEzi.exe
  2⤵
  PID:9696
- C:\Windows\System\padZOmr.exe
  C:\Windows\System\padZOmr.exe
  2⤵
  PID:9712
- C:\Windows\System\eVKjckC.exe
  C:\Windows\System\eVKjckC.exe
  2⤵
  PID:9740
- C:\Windows\System\VSZULxJ.exe
  C:\Windows\System\VSZULxJ.exe
  2⤵
  PID:9780
- C:\Windows\System\yLbsiIL.exe
  C:\Windows\System\yLbsiIL.exe
  2⤵
  PID:9808
- C:\Windows\System\SWulOAw.exe
  C:\Windows\System\SWulOAw.exe
  2⤵
  PID:9836
- C:\Windows\System\PEakYal.exe
  C:\Windows\System\PEakYal.exe
  2⤵
  PID:9868
- C:\Windows\System\YgYvfIg.exe
  C:\Windows\System\YgYvfIg.exe
  2⤵
  PID:9896
- C:\Windows\System\LfSFQBl.exe
  C:\Windows\System\LfSFQBl.exe
  2⤵
  PID:9912
- C:\Windows\System\mpMvGSM.exe
  C:\Windows\System\mpMvGSM.exe
  2⤵
  PID:9928
- C:\Windows\System\uUAHoJy.exe
  C:\Windows\System\uUAHoJy.exe
  2⤵
  PID:9980
- C:\Windows\System\JpaYLhQ.exe
  C:\Windows\System\JpaYLhQ.exe
  2⤵
  PID:9996
- C:\Windows\System\qYpvunq.exe
  C:\Windows\System\qYpvunq.exe
  2⤵
  PID:10024
- C:\Windows\System\cUtOkjm.exe
  C:\Windows\System\cUtOkjm.exe
  2⤵
  PID:10068
- C:\Windows\System\cGJwDPc.exe
  C:\Windows\System\cGJwDPc.exe
  2⤵
  PID:10084
- C:\Windows\System\mFBxwpS.exe
  C:\Windows\System\mFBxwpS.exe
  2⤵
  PID:10136
- C:\Windows\System\krYUmYA.exe
  C:\Windows\System\krYUmYA.exe
  2⤵
  PID:10160
- C:\Windows\System\zsJqQoR.exe
  C:\Windows\System\zsJqQoR.exe
  2⤵
  PID:10180
- C:\Windows\System\TpzctFK.exe
  C:\Windows\System\TpzctFK.exe
  2⤵
  PID:10208
- C:\Windows\System\uslYEFV.exe
  C:\Windows\System\uslYEFV.exe
  2⤵
  PID:10236
- C:\Windows\System\WrbJIWV.exe
  C:\Windows\System\WrbJIWV.exe
  2⤵
  PID:9268
- C:\Windows\System\RSoNgGy.exe
  C:\Windows\System\RSoNgGy.exe
  2⤵
  PID:9328
- C:\Windows\System\oEkxnzD.exe
  C:\Windows\System\oEkxnzD.exe
  2⤵
  PID:9440
- C:\Windows\System\sEXkqST.exe
  C:\Windows\System\sEXkqST.exe
  2⤵
  PID:9500
- C:\Windows\System\vnDrAHh.exe
  C:\Windows\System\vnDrAHh.exe
  2⤵
  PID:9544
- C:\Windows\System\LbDXfdP.exe
  C:\Windows\System\LbDXfdP.exe
  2⤵
  PID:9600
- C:\Windows\System\NocGJjH.exe
  C:\Windows\System\NocGJjH.exe
  2⤵
  PID:9680
- C:\Windows\System\LnQpIjz.exe
  C:\Windows\System\LnQpIjz.exe
  2⤵
  PID:9732
- C:\Windows\System\ytCSard.exe
  C:\Windows\System\ytCSard.exe
  2⤵
  PID:9820
- C:\Windows\System\VWpSxGb.exe
  C:\Windows\System\VWpSxGb.exe
  2⤵
  PID:3300
- C:\Windows\System\EUczjTE.exe
  C:\Windows\System\EUczjTE.exe
  2⤵
  PID:9924
- C:\Windows\System\pcKAnlT.exe
  C:\Windows\System\pcKAnlT.exe
  2⤵
  PID:9992
- C:\Windows\System\UoDOIlA.exe
  C:\Windows\System\UoDOIlA.exe
  2⤵
  PID:10048
- C:\Windows\System\ojbftzK.exe
  C:\Windows\System\ojbftzK.exe
  2⤵
  PID:10152
- C:\Windows\System\jxTTpmq.exe
  C:\Windows\System\jxTTpmq.exe
  2⤵
  PID:10196
- C:\Windows\System\hieyLEP.exe
  C:\Windows\System\hieyLEP.exe
  2⤵
  PID:9248
- C:\Windows\System\NrWIHkh.exe
  C:\Windows\System\NrWIHkh.exe
  2⤵
  PID:9388
- C:\Windows\System\UphhieU.exe
  C:\Windows\System\UphhieU.exe
  2⤵
  PID:9564
- C:\Windows\System\pdpLhdz.exe
  C:\Windows\System\pdpLhdz.exe
  2⤵
  PID:9728
- C:\Windows\System\cFMbsQq.exe
  C:\Windows\System\cFMbsQq.exe
  2⤵
  PID:9832
- C:\Windows\System\uZClcmN.exe
  C:\Windows\System\uZClcmN.exe
  2⤵
  PID:9956
- C:\Windows\System\EGWRuYl.exe
  C:\Windows\System\EGWRuYl.exe
  2⤵
  PID:10204
- C:\Windows\System\ACapfYK.exe
  C:\Windows\System\ACapfYK.exe
  2⤵
  PID:9308
- C:\Windows\System\PKffwEV.exe
  C:\Windows\System\PKffwEV.exe
  2⤵
  PID:9676
- C:\Windows\System\tfzWzkc.exe
  C:\Windows\System\tfzWzkc.exe
  2⤵
  PID:10100
- C:\Windows\System\vzoxkIX.exe
  C:\Windows\System\vzoxkIX.exe
  2⤵
  PID:9408
- C:\Windows\System\DHrYYAY.exe
  C:\Windows\System\DHrYYAY.exe
  2⤵
  PID:10244
- C:\Windows\System\tSxiAry.exe
  C:\Windows\System\tSxiAry.exe
  2⤵
  PID:10260
- C:\Windows\System\rtCIItG.exe
  C:\Windows\System\rtCIItG.exe
  2⤵
  PID:10300
- C:\Windows\System\nBqCOII.exe
  C:\Windows\System\nBqCOII.exe
  2⤵
  PID:10328
- C:\Windows\System\RstSXpF.exe
  C:\Windows\System\RstSXpF.exe
  2⤵
  PID:10356
- C:\Windows\System\DKlKTiE.exe
  C:\Windows\System\DKlKTiE.exe
  2⤵
  PID:10384
- C:\Windows\System\YbDXlJj.exe
  C:\Windows\System\YbDXlJj.exe
  2⤵
  PID:10412
- C:\Windows\System\UuANeNz.exe
  C:\Windows\System\UuANeNz.exe
  2⤵
  PID:10440
- C:\Windows\System\ZqakPLM.exe
  C:\Windows\System\ZqakPLM.exe
  2⤵
  PID:10460
- C:\Windows\System\YHHnAIa.exe
  C:\Windows\System\YHHnAIa.exe
  2⤵
  PID:10496
- C:\Windows\System\jzuICer.exe
  C:\Windows\System\jzuICer.exe
  2⤵
  PID:10516
- C:\Windows\System\AaImVqb.exe
  C:\Windows\System\AaImVqb.exe
  2⤵
  PID:10552
- C:\Windows\System\DmrATrf.exe
  C:\Windows\System\DmrATrf.exe
  2⤵
  PID:10568
- C:\Windows\System\bieulex.exe
  C:\Windows\System\bieulex.exe
  2⤵
  PID:10600
- C:\Windows\System\rGkoaJP.exe
  C:\Windows\System\rGkoaJP.exe
  2⤵
  PID:10636
- C:\Windows\System\rqQVORL.exe
  C:\Windows\System\rqQVORL.exe
  2⤵
  PID:10664
- C:\Windows\System\Yviiadm.exe
  C:\Windows\System\Yviiadm.exe
  2⤵
  PID:10692
- C:\Windows\System\NXZMRxa.exe
  C:\Windows\System\NXZMRxa.exe
  2⤵
  PID:10708
- C:\Windows\System\ibkbXMA.exe
  C:\Windows\System\ibkbXMA.exe
  2⤵
  PID:10748
- C:\Windows\System\WhUCqhE.exe
  C:\Windows\System\WhUCqhE.exe
  2⤵
  PID:10776
- C:\Windows\System\vniweLS.exe
  C:\Windows\System\vniweLS.exe
  2⤵
  PID:10792
- C:\Windows\System\jyjNNWP.exe
  C:\Windows\System\jyjNNWP.exe
  2⤵
  PID:10824
- C:\Windows\System\pKSGbaS.exe
  C:\Windows\System\pKSGbaS.exe
  2⤵
  PID:10848
- C:\Windows\System\ernCQeT.exe
  C:\Windows\System\ernCQeT.exe
  2⤵
  PID:10888
- C:\Windows\System\uBlydwG.exe
  C:\Windows\System\uBlydwG.exe
  2⤵
  PID:10916
- C:\Windows\System\LdFmtEM.exe
  C:\Windows\System\LdFmtEM.exe
  2⤵
  PID:10944
- C:\Windows\System\bOmvMSg.exe
  C:\Windows\System\bOmvMSg.exe
  2⤵
  PID:10964
- C:\Windows\System\gZwtYmq.exe
  C:\Windows\System\gZwtYmq.exe
  2⤵
  PID:11000
- C:\Windows\System\wSXdkro.exe
  C:\Windows\System\wSXdkro.exe
  2⤵
  PID:11028
- C:\Windows\System\wkbWmGv.exe
  C:\Windows\System\wkbWmGv.exe
  2⤵
  PID:11060
- C:\Windows\System\nMZBdCx.exe
  C:\Windows\System\nMZBdCx.exe
  2⤵
  PID:11092
- C:\Windows\System\OKHWqpL.exe
  C:\Windows\System\OKHWqpL.exe
  2⤵
  PID:11108
- C:\Windows\System\odIDOtV.exe
  C:\Windows\System\odIDOtV.exe
  2⤵
  PID:11148
- C:\Windows\System\lROlskm.exe
  C:\Windows\System\lROlskm.exe
  2⤵
  PID:11176
- C:\Windows\System\AxmFmcQ.exe
  C:\Windows\System\AxmFmcQ.exe
  2⤵
  PID:11192
- C:\Windows\System\YJdBnJe.exe
  C:\Windows\System\YJdBnJe.exe
  2⤵
  PID:11232
- C:\Windows\System\nXPiVHL.exe
  C:\Windows\System\nXPiVHL.exe
  2⤵
  PID:11248
- C:\Windows\System\iBNuWgP.exe
  C:\Windows\System\iBNuWgP.exe
  2⤵
  PID:10276
- C:\Windows\System\RUlMftG.exe
  C:\Windows\System\RUlMftG.exe
  2⤵
  PID:10320
- C:\Windows\System\QrBlwIY.exe
  C:\Windows\System\QrBlwIY.exe
  2⤵
  PID:10424
- C:\Windows\System\NShPxhs.exe
  C:\Windows\System\NShPxhs.exe
  2⤵
  PID:10480
- C:\Windows\System\gwTTrFn.exe
  C:\Windows\System\gwTTrFn.exe
  2⤵
  PID:10548
- C:\Windows\System\txCZQPZ.exe
  C:\Windows\System\txCZQPZ.exe
  2⤵
  PID:10588
- C:\Windows\System\biVElEt.exe
  C:\Windows\System\biVElEt.exe
  2⤵
  PID:10684
- C:\Windows\System\LBobIlP.exe
  C:\Windows\System\LBobIlP.exe
  2⤵
  PID:10740
- C:\Windows\System\zqFfDhm.exe
  C:\Windows\System\zqFfDhm.exe
  2⤵
  PID:10812
- C:\Windows\System\KaoFWTh.exe
  C:\Windows\System\KaoFWTh.exe
  2⤵
  PID:10900
- C:\Windows\System\MsBVjKo.exe
  C:\Windows\System\MsBVjKo.exe
  2⤵
  PID:10936
- C:\Windows\System\QQcGxbj.exe
  C:\Windows\System\QQcGxbj.exe
  2⤵
  PID:10996
- C:\Windows\System\UeWRVFq.exe
  C:\Windows\System\UeWRVFq.exe
  2⤵
  PID:11080
- C:\Windows\System\tyifBHD.exe
  C:\Windows\System\tyifBHD.exe
  2⤵
  PID:11132
- C:\Windows\System\kVyCRBY.exe
  C:\Windows\System\kVyCRBY.exe
  2⤵
  PID:11172
- C:\Windows\System\UXEGcyD.exe
  C:\Windows\System\UXEGcyD.exe
  2⤵
  PID:11244
- C:\Windows\System\pAijMvw.exe
  C:\Windows\System\pAijMvw.exe
  2⤵
  PID:10368
- C:\Windows\System\iDWdXHi.exe
  C:\Windows\System\iDWdXHi.exe
  2⤵
  PID:10544
- C:\Windows\System\iAIKLKg.exe
  C:\Windows\System\iAIKLKg.exe
  2⤵
  PID:10700
- C:\Windows\System\DFzbmmA.exe
  C:\Windows\System\DFzbmmA.exe
  2⤵
  PID:10784
- C:\Windows\System\WRrTScq.exe
  C:\Windows\System\WRrTScq.exe
  2⤵
  PID:10912
- C:\Windows\System\kHlWfqw.exe
  C:\Windows\System\kHlWfqw.exe
  2⤵
  PID:11100
- C:\Windows\System\wrYvCuK.exe
  C:\Windows\System\wrYvCuK.exe
  2⤵
  PID:10376
- C:\Windows\System\jVDjmdL.exe
  C:\Windows\System\jVDjmdL.exe
  2⤵
  PID:10648
- C:\Windows\System\GcozFSO.exe
  C:\Windows\System\GcozFSO.exe
  2⤵
  PID:11040
- C:\Windows\System\FunKiqU.exe
  C:\Windows\System\FunKiqU.exe
  2⤵
  PID:10536
- C:\Windows\System\uNjOMPC.exe
  C:\Windows\System\uNjOMPC.exe
  2⤵
  PID:11284
- C:\Windows\System\TzoeOkX.exe
  C:\Windows\System\TzoeOkX.exe
  2⤵
  PID:11320
- C:\Windows\System\Kfblqjx.exe
  C:\Windows\System\Kfblqjx.exe
  2⤵
  PID:11336
- C:\Windows\System\LqEjVRn.exe
  C:\Windows\System\LqEjVRn.exe
  2⤵
  PID:11372
- C:\Windows\System\oxdWFBN.exe
  C:\Windows\System\oxdWFBN.exe
  2⤵
  PID:11400
- C:\Windows\System\pxxakws.exe
  C:\Windows\System\pxxakws.exe
  2⤵
  PID:11416
- C:\Windows\System\ahXlNEO.exe
  C:\Windows\System\ahXlNEO.exe
  2⤵
  PID:11448
- C:\Windows\System\YQaBHKC.exe
  C:\Windows\System\YQaBHKC.exe
  2⤵
  PID:11484
- C:\Windows\System\aJYNxRZ.exe
  C:\Windows\System\aJYNxRZ.exe
  2⤵
  PID:11516
- C:\Windows\System\xvHDRJK.exe
  C:\Windows\System\xvHDRJK.exe
  2⤵
  PID:11544
- C:\Windows\System\fqYIhHq.exe
  C:\Windows\System\fqYIhHq.exe
  2⤵
  PID:11572
- C:\Windows\System\cTvzWhP.exe
  C:\Windows\System\cTvzWhP.exe
  2⤵
  PID:11600
- C:\Windows\System\IPYqKTQ.exe
  C:\Windows\System\IPYqKTQ.exe
  2⤵
  PID:11628
- C:\Windows\System\DFtJUoC.exe
  C:\Windows\System\DFtJUoC.exe
  2⤵
  PID:11656
- C:\Windows\System\zuxqcMd.exe
  C:\Windows\System\zuxqcMd.exe
  2⤵
  PID:11688
- C:\Windows\System\pZKETMs.exe
  C:\Windows\System\pZKETMs.exe
  2⤵
  PID:11708
- C:\Windows\System\TRQzBCN.exe
  C:\Windows\System\TRQzBCN.exe
  2⤵
  PID:11732
- C:\Windows\System\QDDweLY.exe
  C:\Windows\System\QDDweLY.exe
  2⤵
  PID:11756
- C:\Windows\System\yVnpdPj.exe
  C:\Windows\System\yVnpdPj.exe
  2⤵
  PID:11776
- C:\Windows\System\nKTrcGp.exe
  C:\Windows\System\nKTrcGp.exe
  2⤵
  PID:11828
- C:\Windows\System\pGDamPf.exe
  C:\Windows\System\pGDamPf.exe
  2⤵
  PID:11856
- C:\Windows\System\IZEFPbo.exe
  C:\Windows\System\IZEFPbo.exe
  2⤵
  PID:11872
- C:\Windows\System\qxCzVEb.exe
  C:\Windows\System\qxCzVEb.exe
  2⤵
  PID:11900
- C:\Windows\System\PrLjZfO.exe
  C:\Windows\System\PrLjZfO.exe
  2⤵
  PID:11928
- C:\Windows\System\JIgAENy.exe
  C:\Windows\System\JIgAENy.exe
  2⤵
  PID:11956
- C:\Windows\System\CBmKXMX.exe
  C:\Windows\System\CBmKXMX.exe
  2⤵
  PID:12000
- C:\Windows\System\EocqzAd.exe
  C:\Windows\System\EocqzAd.exe
  2⤵
  PID:12020
- C:\Windows\System\ImngGVW.exe
  C:\Windows\System\ImngGVW.exe
  2⤵
  PID:12048
- C:\Windows\System\EbQeTJx.exe
  C:\Windows\System\EbQeTJx.exe
  2⤵
  PID:12084
- C:\Windows\System\ZHjPOng.exe
  C:\Windows\System\ZHjPOng.exe
  2⤵
  PID:12112
- C:\Windows\System\KOUFQst.exe
  C:\Windows\System\KOUFQst.exe
  2⤵
  PID:12132
- C:\Windows\System\yeQvpJh.exe
  C:\Windows\System\yeQvpJh.exe
  2⤵
  PID:12168
- C:\Windows\System\xXuyfFz.exe
  C:\Windows\System\xXuyfFz.exe
  2⤵
  PID:12184
- C:\Windows\System\KFLcuLW.exe
  C:\Windows\System\KFLcuLW.exe
  2⤵
  PID:12224
- C:\Windows\System\bLVoUOH.exe
  C:\Windows\System\bLVoUOH.exe
  2⤵
  PID:12252
- C:\Windows\System\ISszNNC.exe
  C:\Windows\System\ISszNNC.exe
  2⤵
  PID:12280
- C:\Windows\System\kYMvOGg.exe
  C:\Windows\System\kYMvOGg.exe
  2⤵
  PID:11188
- C:\Windows\System\TorKeaP.exe
  C:\Windows\System\TorKeaP.exe
  2⤵
  PID:11328
- C:\Windows\System\LWbAzFh.exe
  C:\Windows\System\LWbAzFh.exe
  2⤵
  PID:11412
- C:\Windows\System\iKnuHAE.exe
  C:\Windows\System\iKnuHAE.exe
  2⤵
  PID:11460
- C:\Windows\System\IITlyQq.exe
  C:\Windows\System\IITlyQq.exe
  2⤵
  PID:11508
- C:\Windows\System\EplXYHb.exe
  C:\Windows\System\EplXYHb.exe
  2⤵
  PID:11540
- C:\Windows\System\dZfWFTk.exe
  C:\Windows\System\dZfWFTk.exe
  2⤵
  PID:11640
- C:\Windows\System\oONAfBU.exe
  C:\Windows\System\oONAfBU.exe
  2⤵
  PID:11696
- C:\Windows\System\tjKLErg.exe
  C:\Windows\System\tjKLErg.exe
  2⤵
  PID:11764
- C:\Windows\System\wOYMkNa.exe
  C:\Windows\System\wOYMkNa.exe
  2⤵
  PID:11844
- C:\Windows\System\KSAdMIE.exe
  C:\Windows\System\KSAdMIE.exe
  2⤵
  PID:11888
- C:\Windows\System\DgSCfOW.exe
  C:\Windows\System\DgSCfOW.exe
  2⤵
  PID:11984
- C:\Windows\System\MXKlXMT.exe
  C:\Windows\System\MXKlXMT.exe
  2⤵
  PID:12036
- C:\Windows\System\xiKEfHL.exe
  C:\Windows\System\xiKEfHL.exe
  2⤵
  PID:12080
- C:\Windows\System\VFKQHqB.exe
  C:\Windows\System\VFKQHqB.exe
  2⤵
  PID:12144
- C:\Windows\System\mhiFXSS.exe
  C:\Windows\System\mhiFXSS.exe
  2⤵
  PID:12216
- C:\Windows\System\SUbHNDX.exe
  C:\Windows\System\SUbHNDX.exe
  2⤵
  PID:12272
- C:\Windows\System\OVidKvn.exe
  C:\Windows\System\OVidKvn.exe
  2⤵
  PID:11424
- C:\Windows\System\CJIJXFI.exe
  C:\Windows\System\CJIJXFI.exe
  2⤵
  PID:11592
- C:\Windows\System\kZhZaKJ.exe
  C:\Windows\System\kZhZaKJ.exe
  2⤵
  PID:11704
- C:\Windows\System\fXsASQm.exe
  C:\Windows\System\fXsASQm.exe
  2⤵
  PID:11868
- C:\Windows\System\fnEpUem.exe
  C:\Windows\System\fnEpUem.exe
  2⤵
  PID:11968
- C:\Windows\System\PTetIXs.exe
  C:\Windows\System\PTetIXs.exe
  2⤵
  PID:12120
- C:\Windows\System\vcAhcgN.exe
  C:\Windows\System\vcAhcgN.exe
  2⤵
  PID:11272
- C:\Windows\System\VxsnTjD.exe
  C:\Windows\System\VxsnTjD.exe
  2⤵
  PID:11676
- C:\Windows\System\aImtHAv.exe
  C:\Windows\System\aImtHAv.exe
  2⤵
  PID:12076
- C:\Windows\System\pfOvbJq.exe
  C:\Windows\System\pfOvbJq.exe
  2⤵
  PID:11536
- C:\Windows\System\WKhICJt.exe
  C:\Windows\System\WKhICJt.exe
  2⤵
  PID:12204
- C:\Windows\System\RyfIJML.exe
  C:\Windows\System\RyfIJML.exe
  2⤵
  PID:12316
- C:\Windows\System\WUJOckb.exe
  C:\Windows\System\WUJOckb.exe
  2⤵
  PID:12540
- C:\Windows\System\ddtUBsJ.exe
  C:\Windows\System\ddtUBsJ.exe
  2⤵
  PID:12556
- C:\Windows\System\zwLHFgf.exe
  C:\Windows\System\zwLHFgf.exe
  2⤵
  PID:12572
- C:\Windows\System\SnYNsaT.exe
  C:\Windows\System\SnYNsaT.exe
  2⤵
  PID:12600
- C:\Windows\System\taeMzZa.exe
  C:\Windows\System\taeMzZa.exe
  2⤵
  PID:12652
- C:\Windows\System\wEbsEcP.exe
  C:\Windows\System\wEbsEcP.exe
  2⤵
  PID:12680
- C:\Windows\System\vPpyEbr.exe
  C:\Windows\System\vPpyEbr.exe
  2⤵
  PID:12696
- C:\Windows\System\vcUWzkO.exe
  C:\Windows\System\vcUWzkO.exe
  2⤵
  PID:12736
- C:\Windows\System\jNDlwKW.exe
  C:\Windows\System\jNDlwKW.exe
  2⤵
  PID:12764
- C:\Windows\System\HKvUSNT.exe
  C:\Windows\System\HKvUSNT.exe
  2⤵
  PID:12780
- C:\Windows\System\NCpmYVN.exe
  C:\Windows\System\NCpmYVN.exe
  2⤵
  PID:12820
- C:\Windows\System\TkihaQq.exe
  C:\Windows\System\TkihaQq.exe
  2⤵
  PID:12848
- C:\Windows\System\qkgScDp.exe
  C:\Windows\System\qkgScDp.exe
  2⤵
  PID:12864
- C:\Windows\System\GtAfjVx.exe
  C:\Windows\System\GtAfjVx.exe
  2⤵
  PID:12892
- C:\Windows\System\SKDmoIS.exe
  C:\Windows\System\SKDmoIS.exe
  2⤵
  PID:12932
- C:\Windows\System\HPyFmwC.exe
  C:\Windows\System\HPyFmwC.exe
  2⤵
  PID:12960
- C:\Windows\System\yybBqRC.exe
  C:\Windows\System\yybBqRC.exe
  2⤵
  PID:12988
- C:\Windows\System\QxcvZJB.exe
  C:\Windows\System\QxcvZJB.exe
  2⤵
  PID:13016
- C:\Windows\System\sosvIOJ.exe
  C:\Windows\System\sosvIOJ.exe
  2⤵
  PID:13032
- C:\Windows\System\ngMVWkT.exe
  C:\Windows\System\ngMVWkT.exe
  2⤵
  PID:13072
- C:\Windows\System\VXbbddu.exe
  C:\Windows\System\VXbbddu.exe
  2⤵
  PID:13100
- C:\Windows\System\oUSxPpb.exe
  C:\Windows\System\oUSxPpb.exe
  2⤵
  PID:13128
- C:\Windows\System\CdoaKoT.exe
  C:\Windows\System\CdoaKoT.exe
  2⤵
  PID:13160
- C:\Windows\System\EdHiGuo.exe
  C:\Windows\System\EdHiGuo.exe
  2⤵
  PID:13188
- C:\Windows\System\ZKLyJNO.exe
  C:\Windows\System\ZKLyJNO.exe
  2⤵
  PID:13216
- C:\Windows\System\ftKaOTc.exe
  C:\Windows\System\ftKaOTc.exe
  2⤵
  PID:13232
- C:\Windows\System\VtNTjyD.exe
  C:\Windows\System\VtNTjyD.exe
  2⤵
  PID:13260
- C:\Windows\System\aOihpTR.exe
  C:\Windows\System\aOihpTR.exe
  2⤵
  PID:13300
- C:\Windows\System\vsQBaEf.exe
  C:\Windows\System\vsQBaEf.exe
  2⤵
  PID:11884
- C:\Windows\System\FMfTHEn.exe
  C:\Windows\System\FMfTHEn.exe
  2⤵
  PID:12340
- C:\Windows\System\SpanZHj.exe
  C:\Windows\System\SpanZHj.exe
  2⤵
  PID:12368
- C:\Windows\System\opveiPu.exe
  C:\Windows\System\opveiPu.exe
  2⤵
  PID:12384
- C:\Windows\System\hHZsaxF.exe
  C:\Windows\System\hHZsaxF.exe
  2⤵
  PID:12404
- C:\Windows\System\zGIRIcu.exe
  C:\Windows\System\zGIRIcu.exe
  2⤵
  PID:12436
- C:\Windows\System\YfwJmRo.exe
  C:\Windows\System\YfwJmRo.exe
  2⤵
  PID:12476
- C:\Windows\System\qBKjWKX.exe
  C:\Windows\System\qBKjWKX.exe
  2⤵
  PID:12508
- C:\Windows\System\kotFPUH.exe
  C:\Windows\System\kotFPUH.exe
  2⤵
  PID:12568
- C:\Windows\System\XLxQFQx.exe
  C:\Windows\System\XLxQFQx.exe
  2⤵
  PID:12628
- C:\Windows\System\VFXOSvH.exe
  C:\Windows\System\VFXOSvH.exe
  2⤵
  PID:12712
- C:\Windows\System\HEiXLdj.exe
  C:\Windows\System\HEiXLdj.exe
  2⤵
  PID:12732
- C:\Windows\System\CLNGaEb.exe
  C:\Windows\System\CLNGaEb.exe
  2⤵
  PID:12836
- C:\Windows\System\NMHDeVF.exe
  C:\Windows\System\NMHDeVF.exe
  2⤵
  PID:12856
- C:\Windows\System\LTuoAom.exe
  C:\Windows\System\LTuoAom.exe
  2⤵
  PID:12924
- C:\Windows\System\VWKdqqM.exe
  C:\Windows\System\VWKdqqM.exe
  2⤵
  PID:13012
- C:\Windows\System\entlDXA.exe
  C:\Windows\System\entlDXA.exe
  2⤵
  PID:13084
- C:\Windows\System\mUkUDFZ.exe
  C:\Windows\System\mUkUDFZ.exe
  2⤵
  PID:13152
- C:\Windows\System\KTOtQxV.exe
  C:\Windows\System\KTOtQxV.exe
  2⤵
  PID:13208
- C:\Windows\System\spQSGny.exe
  C:\Windows\System\spQSGny.exe
  2⤵
  PID:13280
- C:\Windows\System\glEpdyd.exe
  C:\Windows\System\glEpdyd.exe
  2⤵
  PID:12308
- C:\Windows\System\NdtaZGm.exe
  C:\Windows\System\NdtaZGm.exe
  2⤵
  PID:264
- C:\Windows\System\DvLjDmk.exe
  C:\Windows\System\DvLjDmk.exe
  2⤵
  PID:12352
- C:\Windows\System\bWEwBcA.exe
  C:\Windows\System\bWEwBcA.exe
  2⤵
  PID:12456
- C:\Windows\System\DTNJdRm.exe
  C:\Windows\System\DTNJdRm.exe
  2⤵
  PID:12496
- C:\Windows\System\eVXnAMs.exe
  C:\Windows\System\eVXnAMs.exe
  2⤵
  PID:12612
- C:\Windows\System\dsoQGVk.exe
  C:\Windows\System\dsoQGVk.exe
  2⤵
  PID:12800
- C:\Windows\System\glZGHQX.exe
  C:\Windows\System\glZGHQX.exe
  2⤵
  PID:12980
- C:\Windows\System\ljMhmbR.exe
  C:\Windows\System\ljMhmbR.exe
  2⤵
  PID:13124
- C:\Windows\System\xaAlzyY.exe
  C:\Windows\System\xaAlzyY.exe
  2⤵
  PID:13248
- C:\Windows\System\OpZLXoW.exe
  C:\Windows\System\OpZLXoW.exe
  2⤵
  PID:12356
- C:\Windows\System\MtgtLvi.exe
  C:\Windows\System\MtgtLvi.exe
  2⤵
  PID:12516
- C:\Windows\System\OTNoSYm.exe
  C:\Windows\System\OTNoSYm.exe
  2⤵
  PID:12668
- C:\Windows\System\EEhxkhB.exe
  C:\Windows\System\EEhxkhB.exe
  2⤵
  PID:12888
- C:\Windows\System\OgqJWmX.exe
  C:\Windows\System\OgqJWmX.exe
  2⤵
  PID:4540
- C:\Windows\System\IzcbpvA.exe
  C:\Windows\System\IzcbpvA.exe
  2⤵
  PID:12728
- C:\Windows\System\zKgBSjl.exe
  C:\Windows\System\zKgBSjl.exe
  2⤵
  PID:12328
- C:\Windows\System\JNFUbji.exe
  C:\Windows\System\JNFUbji.exe
  2⤵
  PID:13328
- C:\Windows\System\HNvoHsa.exe
  C:\Windows\System\HNvoHsa.exe
  2⤵
  PID:13360
- C:\Windows\System\vHFrLav.exe
  C:\Windows\System\vHFrLav.exe
  2⤵
  PID:13388
- C:\Windows\System\uuNigff.exe
  C:\Windows\System\uuNigff.exe
  2⤵
  PID:13416
- C:\Windows\System\TjsPilD.exe
  C:\Windows\System\TjsPilD.exe
  2⤵
  PID:13440
- C:\Windows\System\foQFWoh.exe
  C:\Windows\System\foQFWoh.exe
  2⤵
  PID:13460
- C:\Windows\System\cSiMiAX.exe
  C:\Windows\System\cSiMiAX.exe
  2⤵
  PID:13480
- C:\Windows\System\QtOdbLW.exe
  C:\Windows\System\QtOdbLW.exe
  2⤵
  PID:13516
- C:\Windows\System\icieovu.exe
  C:\Windows\System\icieovu.exe
  2⤵
  PID:13556
- C:\Windows\System\uVkGcDv.exe
  C:\Windows\System\uVkGcDv.exe
  2⤵
  PID:13584
- C:\Windows\System\wEEKXMd.exe
  C:\Windows\System\wEEKXMd.exe
  2⤵
  PID:13604
- C:\Windows\System\GnQcBwH.exe
  C:\Windows\System\GnQcBwH.exe
  2⤵
  PID:13632
- C:\Windows\System\KYcMDvr.exe
  C:\Windows\System\KYcMDvr.exe
  2⤵
  PID:13660
- C:\Windows\System\QgXTkeh.exe
  C:\Windows\System\QgXTkeh.exe
  2⤵
  PID:13676
- C:\Windows\System\sZAoGQv.exe
  C:\Windows\System\sZAoGQv.exe
  2⤵
  PID:13728
- C:\Windows\System\failmCC.exe
  C:\Windows\System\failmCC.exe
  2⤵
  PID:13756
- C:\Windows\System\MqBtxHE.exe
  C:\Windows\System\MqBtxHE.exe
  2⤵
  PID:13784
- C:\Windows\System\lGSDRjR.exe
  C:\Windows\System\lGSDRjR.exe
  2⤵
  PID:13800
- C:\Windows\System\KsEjzKX.exe
  C:\Windows\System\KsEjzKX.exe
  2⤵
  PID:13840
- C:\Windows\System\fMiVCwP.exe
  C:\Windows\System\fMiVCwP.exe
  2⤵
  PID:13864
- C:\Windows\System\nKHALvK.exe
  C:\Windows\System\nKHALvK.exe
  2⤵
  PID:13900
- C:\Windows\System\cBkAcYp.exe
  C:\Windows\System\cBkAcYp.exe
  2⤵
  PID:13932
- C:\Windows\System\rFXNeVN.exe
  C:\Windows\System\rFXNeVN.exe
  2⤵
  PID:13960
- C:\Windows\System\aMPnPox.exe
  C:\Windows\System\aMPnPox.exe
  2⤵
  PID:13988
- C:\Windows\System\MrocoWI.exe
  C:\Windows\System\MrocoWI.exe
  2⤵
  PID:14016
- C:\Windows\System\akxuRQv.exe
  C:\Windows\System\akxuRQv.exe
  2⤵
  PID:14044
- C:\Windows\System\XHMLwuu.exe
  C:\Windows\System\XHMLwuu.exe
  2⤵
  PID:14072
- C:\Windows\System\scOAoHy.exe
  C:\Windows\System\scOAoHy.exe
  2⤵
  PID:14088
- C:\Windows\System\kWuHRRr.exe
  C:\Windows\System\kWuHRRr.exe
  2⤵
  PID:14128
- C:\Windows\System\NSztNgR.exe
  C:\Windows\System\NSztNgR.exe
  2⤵
  PID:14148
- C:\Windows\System\oepfrDw.exe
  C:\Windows\System\oepfrDw.exe
  2⤵
  PID:14172
- C:\Windows\System\zquPuOd.exe
  C:\Windows\System\zquPuOd.exe
  2⤵
  PID:14220
- C:\Windows\System\BSfRUOh.exe
  C:\Windows\System\BSfRUOh.exe
  2⤵
  PID:14252
- C:\Windows\System\lgZkxZR.exe
  C:\Windows\System\lgZkxZR.exe
  2⤵
  PID:14280
- C:\Windows\System\WErGJKP.exe
  C:\Windows\System\WErGJKP.exe
  2⤵
  PID:14308
- C:\Windows\System\soMalDO.exe
  C:\Windows\System\soMalDO.exe
  2⤵
  PID:12428
- C:\Windows\System\IrhrykV.exe
  C:\Windows\System\IrhrykV.exe
  2⤵
  PID:13356
- C:\Windows\System\PnfUCWT.exe
  C:\Windows\System\PnfUCWT.exe
  2⤵
  PID:13400
- C:\Windows\System\igepRYm.exe
  C:\Windows\System\igepRYm.exe
  2⤵
  PID:13500
- C:\Windows\System\tGfshls.exe
  C:\Windows\System\tGfshls.exe
  2⤵
  PID:13552
- C:\Windows\System\ThhrADA.exe
  C:\Windows\System\ThhrADA.exe
  2⤵
  PID:13628
- C:\Windows\System\iLTYHwX.exe
  C:\Windows\System\iLTYHwX.exe
  2⤵
  PID:13648
- C:\Windows\System\zCpiFUK.exe
  C:\Windows\System\zCpiFUK.exe
  2⤵
  PID:13724

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AsxvSIn.exe

Filesize
2.4MB

MD5
8f28900830085ebbb408f5c9442c2d51

SHA1
6ceb28bf79c3b76c308fc15b3e7d5396366fb546

SHA256
36c9323c7533aae7e4116d0cdb45f4393e8a1cab1b394c36c03b86554c139834

SHA512
8f979ceaaf0f332b4e9fcc0ec710378aa97b185d05aea54a476fd2b630aa7489b19e199a58af9217ac178875c1cceee15c8f098d16919555f669c7a0a73f247e

Download Submit
C:\Windows\System\BeBKftk.exe

Filesize
2.4MB

MD5
d447cc993ac765c37aa1f44f866ce13e

SHA1
f0668bf5cc59c71cacc85d06069ca80a0fccff8c

SHA256
eab23faf30718e05581e043c5ca471985d2a152921457127f4e1ff932daf4342

SHA512
83a094b2bae1773a096f5e980aae78cef7cc9f18c12e6d6ae6aa2908888cf267721df93e8971d10a000dca891cf65389a2d03bb14184ad9ebee913d4e0e6f6ee

Download Submit
C:\Windows\System\IvaVYyV.exe

Filesize
2.4MB

MD5
de91ba94319d8beac79140d8510ab660

SHA1
4f95470a7207a2700f53b72242aba3432c36bc55

SHA256
cf5e383d78204818877bb591df8e83cc4ee67fff7606414431b3e7683c00bf17

SHA512
ab41d82736dc0236688142b25b9b12f3155c8d6ebd12fad9dbc54bed20fdec5879a279c5337c4738b046d08b7982ed1df3722c4b9bc7fdae9705ed09c1b63209

Download Submit
C:\Windows\System\JmjYLLH.exe

Filesize
2.4MB

MD5
a67653e83a0820a49153b0392a0d4648

SHA1
af6004103880c0232e38d1fd3eeffaff72cdc191

SHA256
78c53bbd81f4b90fb03a89fc6c1a751c07dd24b7e6048bcd7d5d64185d346bd7

SHA512
42a55ebaa08ec0112a04746fd2913bac7f8e9237cab7d54cb6f0f9d1844fd3042b988edad3589daa21db8f701ba0dd89635e8052020caf20fd0157522711251c

Download Submit
C:\Windows\System\MONqzvT.exe

Filesize
2.4MB

MD5
9275b399b649663315538fc0b5dfd154

SHA1
fdff8c8c76ac0b1be6a53bd9b86bd1b4a8e41be3

SHA256
d062e3e112aa9f029b06b8c88b8025ed832ef59f64092b8fdc15c032135c55db

SHA512
9e1b49cfc22d8afda7bf9298a98b7c8b88d9a7d8a3941684c4e9bce72571497e053998b7576d8163ea29096ada07f9b33537ddd71ae4e29a75e630a89a5b1c1f

Download Submit
C:\Windows\System\NpxQxVe.exe

Filesize
2.4MB

MD5
bc18aafc0fb5661e40c7514c064dd235

SHA1
09e6d74377d43ea975e7e2f608ce2fd25ae95f9b

SHA256
e30c398963723898e8c52dab7f2ef8ff3f3da5e6fef229672528468f1405d367

SHA512
40265e3d30f913a3b092e8876e7eb4005b9141f063bfb42ddbcd59729ad957c176c4b2e9a640b9c512a2a06709e26f8fd93465d10365522bee53cfd580c6c7fc

Download Submit
C:\Windows\System\OLEQaKe.exe

Filesize
2.4MB

MD5
2fe13cd672138a3209ce0bc13bd3a07d

SHA1
147dcb10d5f1afe3a3fcf24590f9cdd504bb1ba7

SHA256
dec89a6b97efc9c0a4e627ccc663c34550071614447c098016409ada30fa16a1

SHA512
7a36a9febc06eaaee88807ae130bf8b26d6eb2f8f255e2ec3c2390ebbcebe9a5839f45d095c8429ca844c6eeab431d1a4631b3d7d0bc6eaeedfc3f0fb5ad3ac3

Download Submit
C:\Windows\System\SVEGhWh.exe

Filesize
2.4MB

MD5
c365ef337ffe01439e7b39826ae785cf

SHA1
e6c3bf860c38d5c8b22ab47953dcb5bc0f964a75

SHA256
54fdb63d83ab3c4af8927811df60330b4740e622f4f9ad69c346963083de2f9b

SHA512
fa15601b8704484372417a31400c2148e968fe09dd207379d3a52236372ce3503ec59207feb0e33895fd70cc590ac717f0d4fe5db291191f235f8dffa50052e7

Download Submit
C:\Windows\System\UBmHwGf.exe

Filesize
2.4MB

MD5
acda1042e6c92b7139741a121f2354f2

SHA1
5ecdf91abe618ac0fb54357a74118c54ab25bfee

SHA256
244066ee42b1532fa3ce62d1501b719dcbc167d5998dacf9a818a90efeb950f9

SHA512
09d9c423f08a97031af11dc9f81f17137565233b8b40340d92203a415b7896895392d65847d994dd31b2b16e7218a3e77ce91f332640f76e368c0491249ed405

Download Submit
C:\Windows\System\XLEOqFQ.exe

Filesize
2.4MB

MD5
d21bc8cdfdb0c10de27e7db17f1cf838

SHA1
a50561150402c9672842b79aa5a626ab559ff700

SHA256
cadaba9566bf64547a59fcbaa1506ad60dfbb6f836ea9fe04220ed7dcde0466e

SHA512
ef6a44f7396781e92be85a5d94774d0dbeb27528b1f44e5c3129ae63f3d0e0197652181a16c773bca55ace62271c7da36609dbda975b61c342770c60f91ae7dc

Download Submit
C:\Windows\System\awBKXgN.exe

Filesize
2.4MB

MD5
7f189775ad2553449c47d0699ec764fe

SHA1
4b102fbc8a2c853984682e246574bb4d7deea738

SHA256
11e2d4ae70a015f1e08339a2be75f4398a22bd8a7b2f6c3026ebec7b03e5a26f

SHA512
ec04594c66273cb59f24096637239331ca7efb2c78211498599c8ca93d565b05e2a39db487f6e8803e9787521711a359ed95bcf5f8b354a9c502e37d4a4207c6

Download Submit
C:\Windows\System\cHLUnZW.exe

Filesize
2.4MB

MD5
ab7ae584f82c79408424569d01529e61

SHA1
000bef29ed094f71491dbc889949254cb01aae41

SHA256
10f6be1df193cf87abe1745510e606ca11437884ed787ff19622df3b757c98a8

SHA512
8750949fb8769983acb5e289574138e28d4811fc2e68f1cedca6d3fdb89ef7d0d3ed005d9843c3ec4e47bc93f49d7239eecb7ca9837d3fef871f072177e634db

Download Submit
C:\Windows\System\dYuLXgI.exe

Filesize
2.4MB

MD5
16366bd33a0ee5d837369992e5de4997

SHA1
edf5484b2b70455e237cb31db20d8839b5b84bc5

SHA256
bdadebd5b5455aeb2ded1edb542b7275a2b3e790b2d092c29066a2e3a484bebd

SHA512
4e9de7de5dec8f1edb89ac616c1b456da522d663ef51923250a9cfe1537afde29fa0e65eaef0a5693ddc8c22df77776b169ac60d89323df0915b9180a90d0b09

Download Submit
C:\Windows\System\deWApfd.exe

Filesize
2.4MB

MD5
8f7849a4dbd9bb098e5baa3868590637

SHA1
00bf3a49cd46a78fa70e53e542a826f5600569b6

SHA256
c8ee0b9f3e7f8861d9e23adf0c459613af35e047aeae0980ea0456e568427b23

SHA512
4bc622e06bd41fbfd3b83465dc9a90823576a13ec7ddfbf0c96f2175dd9272f96a1043d360b658841cfd669ea44a0529e91dac5064ed333f7de47070bf183f0f

Download Submit
C:\Windows\System\hMyohJn.exe

Filesize
2.4MB

MD5
c2f8eb508cb692b35ea75061ac2c1f64

SHA1
56d5361fa1b13b9d18f485b6ade632a5340d5512

SHA256
125aae89a987030bda7bbf7f15b20584098ee6a007771bb001e49d6756e54437

SHA512
d44a74eb055224b90bb15b4b6d5468eec950c370a99d9e7b972dffe4a08d1185d22b25affa1d6773d52616f928cf2b4756e88a9121a1ed8dfb01ba7e08714097

Download Submit
C:\Windows\System\hvTFMQV.exe

Filesize
2.4MB

MD5
8cc386b6845eee2204a6dafe28727ab1

SHA1
370a58c14b54de6ed73b745f39cadaf452e71fb7

SHA256
ebc48933e5c0893c5df94e296d24b24625d80b50bd8ffa4b9f838075e5d269cc

SHA512
9f52d6cd031749c15d32abac32cc171cb7a7f431c7f0395b8ce913cf8a163870b4c05fd7d4c6cd98d3d908af2e560e27ae66a613cb2fb75027c986dfba5d1982

Download Submit
C:\Windows\System\iEBspCU.exe

Filesize
2.4MB

MD5
6d997dc31d21bc4a92e5f5e9ed4ea9e4

SHA1
0855c733e245c6f4036a8e8633109af91034d6bd

SHA256
b2d015e2e4a2542a4940d47c45deb8051eb200104b651051b45ac92c331da61a

SHA512
37c50dd67a2f53ca333413ee7f983cb8a3d0a3965eaadac2625c7d05287d602d123a29c90dd87df22c566285a66871244ba211a4cfe1b5c7c872f3431843d25d

Download Submit
C:\Windows\System\iVlClYB.exe

Filesize
2.4MB

MD5
c4046b55321c396f49564a6da77193bd

SHA1
8af1d142b15f57c496adc261be0c648e500c6cd8

SHA256
c7d4573e0e26203ab8c7f31908cb58a7b3065aea5c13a6cbbfc9c07fad630004

SHA512
4b4a8229c65ed82cca86e240b2c46e9c62365cab1921881ef105d14b6ef322f8534c22580782bbdcd9bf7383cdbdf631a25b08ce24069fde92c448c3f0b39519

Download Submit
C:\Windows\System\jlNyWid.exe

Filesize
2.4MB

MD5
9aa83e0e812c35f6588052bb44dbb57f

SHA1
f1111713333ee70e98b1a6c20ccbe252e8f83cb5

SHA256
8ec2354d4817c239758bf6de4b13c8a47e90772a3692443abdc53222c3b8741e

SHA512
2b56b08ef6122f053e532d3f3539ebbf10f44ef72ca886e083da1c2723109321278fba4c894e1361a46bd72452aea1971780747e62387597f3e466b0f0eb73be

Download Submit
C:\Windows\System\kTrrfiQ.exe

Filesize
2.4MB

MD5
1e8e1eea38c321090ba5ce30e938a76d

SHA1
d18c942b101aa5608b5b1332bddb48b281d931f1

SHA256
6f9687daedbbb4a791e35d50bb8407c93bd192f1ff6e0c420dbc1017649c5983

SHA512
6ff21c86adf8f8acfda19110f914c7497c1113e185409f91e7a0c7dcc3713ada39d1ba6dff3c35f1054f7f52125907b0daa09d463714d28f5b4d9dc035338be5

Download Submit
C:\Windows\System\kgDeodN.exe

Filesize
2.4MB

MD5
74816daf59d57b34fd6eca50d7a21740

SHA1
98eae0659efbc615911efdf5473c6b864c7226e4

SHA256
e366afe99a02a8885d353a681446da5df29de91a3219b15a29bab7bcdefaaee6

SHA512
577078f98213425ba178266bd4403eb3fde54584fb6c907a00e0785e4ad9ee063a9f487271c78579fe699afd6d1bf45d0f3c573e641794f605857e1ca7e2696a

Download Submit
C:\Windows\System\lKByeWz.exe

Filesize
2.4MB

MD5
a61db61562d0a39511f8e060831b1a45

SHA1
83617ef24fb467926b12c46620ebebffca886c7e

SHA256
6c695a2114c59cb966e97daf2df56bbecec930258aef9961294eea4723eb1503

SHA512
9bc318073e6e4a1e79c1ad8ab1aa7dab5410d042aa07fc98f34a5803040b68d17270ec6471b0aa56a78f1767e3c9df6e552d463b4a9fed025e29289d97f2a2c2

Download Submit
C:\Windows\System\qRanGnp.exe

Filesize
2.4MB

MD5
b3b7d3efeb1bba38ec49f87cca827818

SHA1
a942dfb739e72dc1297c59ffc9d14e9a8ce7aea7

SHA256
b951e2d1b1cd71547ec1ef9eefe5dfedfc104223d5a632de1e53157208831def

SHA512
4b6506d60a0f219b5f54542cd5f3dcbd070a7008b68c55cf0e3ac7ccad034eb191197bae7a6573886cd2e04ca09656c934149189e254e6aa8ed2de12774f1b7b

Download Submit
C:\Windows\System\qbovSbx.exe

Filesize
2.4MB

MD5
ffcdee9dd9c574ae3e54af1aa9a0b929

SHA1
07f4df279e504a8c2f5950e30f9f785a207c5ed6

SHA256
27c47d91612a3cf23a566b81ff75378cc69160c6e4da042291429d5bd3601f41

SHA512
ce0ca496de533c89ae5137bd3d2e7598c6f57c1385d41078bd343c46830d280dba91462d26c8f2b051e16eeff360b305c5baf4beb15b9e47150250feb4b06383

Download Submit
C:\Windows\System\rcQQLSb.exe

Filesize
2.4MB

MD5
84ba31c3df68a505f379da3caec9325b

SHA1
355c9e3842406a31c262c14119fefde7f6ad7fb9

SHA256
04291995632c4d1aefba04a6bdafdb79f3c908c26a3710d5aed650b800d09b5b

SHA512
91fc49e788e1d30ecc0687efc42e7777411b8798dd408514aae4086b935481ced7a85cd445bcf368c01958dee62c6ea7d5ca991e1b9bd2dc3e030703ed8ed1ec

Download Submit
C:\Windows\System\uCRTvem.exe

Filesize
2.4MB

MD5
e8bb2746937e3b7db14c90048eeb3e83

SHA1
f1e8e73860b26cb019ba77dfcd008090770ea273

SHA256
090c278ec9630297809fe7f5e7856a4fd45a0972e20ce285ea9a5f15c2903f29

SHA512
27c66bc6cd8c038c0afa268242b1b094b6871e38193b273fadadfb8e5240410eab7a7b51513ceb46de9e0485afba336785415c7713a680fabb07f24eedfd7aec

Download Submit
C:\Windows\System\vUVMWHh.exe

Filesize
2.4MB

MD5
746e86e447cfb91448d64d6770c812cd

SHA1
ab3856a5b30bd6636f7c39a10f12bdcefdae21b2

SHA256
2f173031bc08efdae789da67c02955c60e3434985f06c7838d15b1f1fcc44860

SHA512
ee15fceeb51a672ebaf9557526019b6eb49971d29593ddab462f9553001fa53120ebc30a91425b1d8eb70f0722ef6d7e9fe478e621f94122be633a67d2a2603c

Download Submit
C:\Windows\System\vqThtFH.exe

Filesize
2.4MB

MD5
28578e17b2942c03ee48952bca85b171

SHA1
81279e4817f75caddfcb7bde4f7c5c736965b14f

SHA256
0c3ee4e4fc3139f1b5707a9fbdaae7fc8a5ce50c309637ed4e54bccd8671d0a8

SHA512
4480af40995fd866eec92e0a460001aa900946803e14c70d7851221d3d58c1261d1cc74d6d64ed22a02fc2760f1b66819cd2d39dc46953963df56a375aae8258

Download Submit
C:\Windows\System\wZUzMhv.exe

Filesize
2.4MB

MD5
0778501e8847aebfc7a0dcf30c071c7a

SHA1
1d2c21d0f4ce36f73341310f0ee667e8a3f38057

SHA256
5f88ad1b761fad9f5093d0e85fcb86575772b7d0114426623e3c4ffe6468ff60

SHA512
b6151f3e51640511a549a54cf29e03d9b09482eac30efae47e468aa27277c4cd95fa063efd8048fd5837626a43b6b53c6ff5001594bc1fb510acff5035a07fac

Download Submit
C:\Windows\System\xPfNKPR.exe

Filesize
2.4MB

MD5
408c82b8fc517f974fced079fe149b78

SHA1
2ba1afc8c67751e64b78268e16c20e63c18db2c7

SHA256
f6e84cbbff5ffa40f1625f2a8a2fc593d0bd1e28ec3e2bf3712200d2637f7cf1

SHA512
765c1834f536247ea5d01a5b298d18b8cb11617f56ae0cd7de9130baddafdc8b604b76f05496411be21aa2f288b0f32164adf99d53221f8f8d1071ec6c6c63b2

Download Submit
C:\Windows\System\yAEKQsk.exe

Filesize
2.4MB

MD5
bc06a6c49d59561291a0524cb00e504c

SHA1
0f365954269765037966fd3d179e3573ff7ee69d

SHA256
533a6442b6ff9c1918c5463c01b000fe7d9d504d1eb1f35470c0cb83f31834d1

SHA512
78f3331ed7c6ea2f7f29ef2125054008af9e470d65c1eb3ff224847022a4e1a340921884e83f7d697161f3644bac6b7f3ac807cb0dd8a4764bbe669b87fe85a4

Download Submit
C:\Windows\System\zTHQWEN.exe

Filesize
2.4MB

MD5
edc68894a0692d54785a94af16176601

SHA1
ffa4950ff9bccc281246f17e9e905dda44c38525

SHA256
f472d2ebb9409219101d58f9f2a42f9b5502e120404c652b3e97399dfc8e9d93

SHA512
62b2de1cd0f6d390e5b4993c1aab3e1cc857b8b7f0d412c96231d531ab0ed1dbff60bfc213faf703aa92b62ae588d3293fe210258b98a085729a3112cf74ab4a

Download Submit
memory/116-2176-0x00007FF74A4B0000-0x00007FF74A804000-memory.dmp

Filesize
3.3MB

Download
memory/116-741-0x00007FF74A4B0000-0x00007FF74A804000-memory.dmp

Filesize
3.3MB

Download
memory/216-2174-0x00007FF709ED0000-0x00007FF70A224000-memory.dmp

Filesize
3.3MB

Download
memory/216-722-0x00007FF709ED0000-0x00007FF70A224000-memory.dmp

Filesize
3.3MB

Download
memory/808-708-0x00007FF7163A0000-0x00007FF7166F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-2167-0x00007FF7163A0000-0x00007FF7166F4000-memory.dmp

Filesize
3.3MB

Download
memory/944-1-0x00000252DCC90000-0x00000252DCCA0000-memory.dmp

Filesize
64KB

Download
memory/944-0-0x00007FF73F480000-0x00007FF73F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1060-770-0x00007FF7D1C20000-0x00007FF7D1F74000-memory.dmp

Filesize
3.3MB

Download
memory/1060-2182-0x00007FF7D1C20000-0x00007FF7D1F74000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2163-0x00007FF644A50000-0x00007FF644DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-800-0x00007FF644A50000-0x00007FF644DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1888-2168-0x00007FF7FEE00000-0x00007FF7FF154000-memory.dmp

Filesize
3.3MB

Download
memory/1888-709-0x00007FF7FEE00000-0x00007FF7FF154000-memory.dmp

Filesize
3.3MB

Download
memory/2032-730-0x00007FF7749C0000-0x00007FF774D14000-memory.dmp

Filesize
3.3MB

Download
memory/2032-2171-0x00007FF7749C0000-0x00007FF774D14000-memory.dmp

Filesize
3.3MB

Download
memory/2036-766-0x00007FF64CA50000-0x00007FF64CDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2179-0x00007FF64CA50000-0x00007FF64CDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-2164-0x00007FF6FC770000-0x00007FF6FCAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-703-0x00007FF6FC770000-0x00007FF6FCAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-776-0x00007FF686EA0000-0x00007FF6871F4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2185-0x00007FF686EA0000-0x00007FF6871F4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2184-0x00007FF640970000-0x00007FF640CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-780-0x00007FF640970000-0x00007FF640CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2173-0x00007FF7D2610000-0x00007FF7D2964000-memory.dmp

Filesize
3.3MB

Download
memory/2564-718-0x00007FF7D2610000-0x00007FF7D2964000-memory.dmp

Filesize
3.3MB

Download
memory/2624-2181-0x00007FF65DFA0000-0x00007FF65E2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-783-0x00007FF65DFA0000-0x00007FF65E2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2165-0x00007FF702920000-0x00007FF702C74000-memory.dmp

Filesize
3.3MB

Download
memory/2928-705-0x00007FF702920000-0x00007FF702C74000-memory.dmp

Filesize
3.3MB

Download
memory/2996-771-0x00007FF619BC0000-0x00007FF619F14000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2180-0x00007FF619BC0000-0x00007FF619F14000-memory.dmp

Filesize
3.3MB

Download
memory/3200-704-0x00007FF70EEA0000-0x00007FF70F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/3200-2166-0x00007FF70EEA0000-0x00007FF70F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2178-0x00007FF7C86B0000-0x00007FF7C8A04000-memory.dmp

Filesize
3.3MB

Download
memory/3512-760-0x00007FF7C86B0000-0x00007FF7C8A04000-memory.dmp

Filesize
3.3MB

Download
memory/3708-727-0x00007FF7B1C30000-0x00007FF7B1F84000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2175-0x00007FF7B1C30000-0x00007FF7B1F84000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2183-0x00007FF627B30000-0x00007FF627E84000-memory.dmp

Filesize
3.3MB

Download
memory/3720-784-0x00007FF627B30000-0x00007FF627E84000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2188-0x00007FF7321E0000-0x00007FF732534000-memory.dmp

Filesize
3.3MB

Download
memory/3756-790-0x00007FF7321E0000-0x00007FF732534000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2161-0x00007FF7F7C50000-0x00007FF7F7FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-701-0x00007FF7F7C50000-0x00007FF7F7FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-702-0x00007FF772260000-0x00007FF7725B4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2162-0x00007FF772260000-0x00007FF7725B4000-memory.dmp

Filesize
3.3MB

Download
memory/4364-2172-0x00007FF7C96E0000-0x00007FF7C9A34000-memory.dmp

Filesize
3.3MB

Download
memory/4364-712-0x00007FF7C96E0000-0x00007FF7C9A34000-memory.dmp

Filesize
3.3MB

Download
memory/4472-746-0x00007FF7E1190000-0x00007FF7E14E4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-2177-0x00007FF7E1190000-0x00007FF7E14E4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2186-0x00007FF799410000-0x00007FF799764000-memory.dmp

Filesize
3.3MB

Download
memory/4596-775-0x00007FF799410000-0x00007FF799764000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2169-0x00007FF7407D0000-0x00007FF740B24000-memory.dmp

Filesize
3.3MB

Download
memory/4880-706-0x00007FF7407D0000-0x00007FF740B24000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2187-0x00007FF724A90000-0x00007FF724DE4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-795-0x00007FF724A90000-0x00007FF724DE4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2170-0x00007FF76C090000-0x00007FF76C3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-707-0x00007FF76C090000-0x00007FF76C3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-8-0x00007FF622060000-0x00007FF6223B4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2160-0x00007FF622060000-0x00007FF6223B4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads