xmrig | 8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 00:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
Size

1.3MB
MD5

b2e0c0d60de22860034a0f8af0ad2728
SHA1

865055a8919ba0f8ea352019301d6e557bc05d95
SHA256

8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd
SHA512

c03a07513ff93646faa449e882865c4cf65f2f62012986729b872ac79fc013a47cb6f1831f8b281ccf6b1e738d8db0615952654ff5c760cdbc5fcf69f6caf1b5
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlOqzJO0Rb8bodJj8RNixALx:knw9oUUEEDlOuJPHjkl

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3068-303-0x00007FF680F30000-0x00007FF681321000-memory.dmp	xmrig
behavioral2/memory/4568-302-0x00007FF757840000-0x00007FF757C31000-memory.dmp	xmrig
behavioral2/memory/5092-311-0x00007FF7BAC20000-0x00007FF7BB011000-memory.dmp	xmrig
behavioral2/memory/4856-318-0x00007FF7A9DF0000-0x00007FF7AA1E1000-memory.dmp	xmrig
behavioral2/memory/2116-325-0x00007FF78ADF0000-0x00007FF78B1E1000-memory.dmp	xmrig
behavioral2/memory/2200-329-0x00007FF73A050000-0x00007FF73A441000-memory.dmp	xmrig
behavioral2/memory/32-330-0x00007FF73F770000-0x00007FF73FB61000-memory.dmp	xmrig
behavioral2/memory/2592-333-0x00007FF715830000-0x00007FF715C21000-memory.dmp	xmrig
behavioral2/memory/1980-335-0x00007FF75B700000-0x00007FF75BAF1000-memory.dmp	xmrig
behavioral2/memory/5048-336-0x00007FF705180000-0x00007FF705571000-memory.dmp	xmrig
behavioral2/memory/992-334-0x00007FF6A6570000-0x00007FF6A6961000-memory.dmp	xmrig
behavioral2/memory/5072-331-0x00007FF6CD550000-0x00007FF6CD941000-memory.dmp	xmrig
behavioral2/memory/1556-309-0x00007FF63D970000-0x00007FF63DD61000-memory.dmp	xmrig
behavioral2/memory/1648-299-0x00007FF6B6B20000-0x00007FF6B6F11000-memory.dmp	xmrig
behavioral2/memory/3688-293-0x00007FF622FD0000-0x00007FF6233C1000-memory.dmp	xmrig
behavioral2/memory/3368-295-0x00007FF681530000-0x00007FF681921000-memory.dmp	xmrig
behavioral2/memory/1944-934-0x00007FF63DC60000-0x00007FF63E051000-memory.dmp	xmrig
behavioral2/memory/536-1581-0x00007FF7EF8D0000-0x00007FF7EFCC1000-memory.dmp	xmrig
behavioral2/memory/3440-1976-0x00007FF6E83E0000-0x00007FF6E87D1000-memory.dmp	xmrig
behavioral2/memory/2452-1993-0x00007FF771FA0000-0x00007FF772391000-memory.dmp	xmrig
behavioral2/memory/3960-1994-0x00007FF7B52D0000-0x00007FF7B56C1000-memory.dmp	xmrig
behavioral2/memory/4236-1995-0x00007FF7DA0C0000-0x00007FF7DA4B1000-memory.dmp	xmrig
behavioral2/memory/4728-2009-0x00007FF62E5D0000-0x00007FF62E9C1000-memory.dmp	xmrig
behavioral2/memory/536-2030-0x00007FF7EF8D0000-0x00007FF7EFCC1000-memory.dmp	xmrig
behavioral2/memory/1944-2035-0x00007FF63DC60000-0x00007FF63E051000-memory.dmp	xmrig
behavioral2/memory/2536-2037-0x00007FF71DB50000-0x00007FF71DF41000-memory.dmp	xmrig
behavioral2/memory/3440-2039-0x00007FF6E83E0000-0x00007FF6E87D1000-memory.dmp	xmrig
behavioral2/memory/2452-2065-0x00007FF771FA0000-0x00007FF772391000-memory.dmp	xmrig
behavioral2/memory/3960-2075-0x00007FF7B52D0000-0x00007FF7B56C1000-memory.dmp	xmrig
behavioral2/memory/3688-2069-0x00007FF622FD0000-0x00007FF6233C1000-memory.dmp	xmrig
behavioral2/memory/4236-2067-0x00007FF7DA0C0000-0x00007FF7DA4B1000-memory.dmp	xmrig
behavioral2/memory/3948-2073-0x00007FF683BD0000-0x00007FF683FC1000-memory.dmp	xmrig
behavioral2/memory/4728-2071-0x00007FF62E5D0000-0x00007FF62E9C1000-memory.dmp	xmrig
behavioral2/memory/992-2099-0x00007FF6A6570000-0x00007FF6A6961000-memory.dmp	xmrig
behavioral2/memory/5072-2106-0x00007FF6CD550000-0x00007FF6CD941000-memory.dmp	xmrig
behavioral2/memory/1980-2101-0x00007FF75B700000-0x00007FF75BAF1000-memory.dmp	xmrig
behavioral2/memory/2592-2097-0x00007FF715830000-0x00007FF715C21000-memory.dmp	xmrig
behavioral2/memory/5048-2103-0x00007FF705180000-0x00007FF705571000-memory.dmp	xmrig
behavioral2/memory/2200-2093-0x00007FF73A050000-0x00007FF73A441000-memory.dmp	xmrig
behavioral2/memory/2116-2091-0x00007FF78ADF0000-0x00007FF78B1E1000-memory.dmp	xmrig
behavioral2/memory/32-2095-0x00007FF73F770000-0x00007FF73FB61000-memory.dmp	xmrig
behavioral2/memory/1648-2087-0x00007FF6B6B20000-0x00007FF6B6F11000-memory.dmp	xmrig
behavioral2/memory/5092-2085-0x00007FF7BAC20000-0x00007FF7BB011000-memory.dmp	xmrig
behavioral2/memory/4856-2089-0x00007FF7A9DF0000-0x00007FF7AA1E1000-memory.dmp	xmrig
behavioral2/memory/3368-2077-0x00007FF681530000-0x00007FF681921000-memory.dmp	xmrig
behavioral2/memory/3068-2083-0x00007FF680F30000-0x00007FF681321000-memory.dmp	xmrig
behavioral2/memory/1556-2081-0x00007FF63D970000-0x00007FF63DD61000-memory.dmp	xmrig
behavioral2/memory/4568-2079-0x00007FF757840000-0x00007FF757C31000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1944	LZhzNkN.exe
2536	wnzjIoa.exe
3440	qKmSrMr.exe
2452	QqDgWVm.exe
3960	YlFFiMQ.exe
4236	AYLRjDE.exe
3948	DamGMKJ.exe
4728	cRIAZOL.exe
3688	kyhopMY.exe
3368	eJvGdmn.exe
1648	LjfqiHV.exe
4568	ChNFIMe.exe
3068	xREGFUG.exe
1556	uxpSjqx.exe
5092	jUrZVOH.exe
4856	JTksNvO.exe
2116	FmPmCpw.exe
2200	DIPUZui.exe
32	xMwRIRp.exe
5072	DUAkILs.exe
2592	jsqlVHU.exe
992	MSSShpQ.exe
1980	fIPkIGQ.exe
5048	aChzRXd.exe
4572	xTyLptM.exe
4108	VSIBkET.exe
2004	PyuUkVe.exe
552	hlokOeK.exe
4908	DMyCidb.exe
3624	kORgkXw.exe
4824	kFjDqsi.exe
2080	vwPWxSH.exe
1376	MIHWbQz.exe
3116	nySkyXR.exe
5012	dAjaUNA.exe
4936	ISAUaOs.exe
2924	IUqZAhr.exe
3632	uklvWgO.exe
2712	IBkulxN.exe
4064	riVOgJm.exe
2680	xbdudtP.exe
4588	nWoCCri.exe
3448	fNtqUQC.exe
4412	bacNIxK.exe
4276	mufNxkh.exe
4272	omnzhrG.exe
2224	SXdeSvG.exe
3168	xVgLSPN.exe
3592	MXpgwRv.exe
3980	erTsBGO.exe
3584	iHGkJIv.exe
4476	msCIFeU.exe
2844	NiRXGAd.exe
4792	XYJibGr.exe
1492	hKUPDJn.exe
468	gbYHlaZ.exe
4088	oJfmmIM.exe
1512	XcKWEIP.exe
3300	PKSkVKX.exe
4576	ZbzlPVi.exe
2348	jJuWYSz.exe
3640	uaqAlJk.exe
3236	hvJETVS.exe
5024	wZuyaiR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/536-0-0x00007FF7EF8D0000-0x00007FF7EFCC1000-memory.dmp	upx
behavioral2/files/0x0008000000023248-5.dat	upx
behavioral2/files/0x0008000000023443-9.dat	upx
behavioral2/files/0x0007000000023444-17.dat	upx
behavioral2/memory/2452-24-0x00007FF771FA0000-0x00007FF772391000-memory.dmp	upx
behavioral2/files/0x0007000000023449-43.dat	upx
behavioral2/memory/4728-44-0x00007FF62E5D0000-0x00007FF62E9C1000-memory.dmp	upx
behavioral2/files/0x0007000000023448-50.dat	upx
behavioral2/files/0x000700000002344b-59.dat	upx
behavioral2/files/0x000700000002344e-71.dat	upx
behavioral2/files/0x0007000000023451-86.dat	upx
behavioral2/files/0x0007000000023454-107.dat	upx
behavioral2/files/0x0007000000023457-116.dat	upx
behavioral2/files/0x0007000000023459-126.dat	upx
behavioral2/files/0x000700000002345d-146.dat	upx
behavioral2/files/0x000700000002345f-162.dat	upx
behavioral2/memory/3068-303-0x00007FF680F30000-0x00007FF681321000-memory.dmp	upx
behavioral2/memory/4568-302-0x00007FF757840000-0x00007FF757C31000-memory.dmp	upx
behavioral2/memory/5092-311-0x00007FF7BAC20000-0x00007FF7BB011000-memory.dmp	upx
behavioral2/memory/4856-318-0x00007FF7A9DF0000-0x00007FF7AA1E1000-memory.dmp	upx
behavioral2/memory/2116-325-0x00007FF78ADF0000-0x00007FF78B1E1000-memory.dmp	upx
behavioral2/memory/2200-329-0x00007FF73A050000-0x00007FF73A441000-memory.dmp	upx
behavioral2/memory/32-330-0x00007FF73F770000-0x00007FF73FB61000-memory.dmp	upx
behavioral2/memory/2592-333-0x00007FF715830000-0x00007FF715C21000-memory.dmp	upx
behavioral2/memory/1980-335-0x00007FF75B700000-0x00007FF75BAF1000-memory.dmp	upx
behavioral2/memory/5048-336-0x00007FF705180000-0x00007FF705571000-memory.dmp	upx
behavioral2/memory/992-334-0x00007FF6A6570000-0x00007FF6A6961000-memory.dmp	upx
behavioral2/memory/5072-331-0x00007FF6CD550000-0x00007FF6CD941000-memory.dmp	upx
behavioral2/memory/1556-309-0x00007FF63D970000-0x00007FF63DD61000-memory.dmp	upx
behavioral2/memory/1648-299-0x00007FF6B6B20000-0x00007FF6B6F11000-memory.dmp	upx
behavioral2/memory/3688-293-0x00007FF622FD0000-0x00007FF6233C1000-memory.dmp	upx
behavioral2/memory/3368-295-0x00007FF681530000-0x00007FF681921000-memory.dmp	upx
behavioral2/files/0x0007000000023462-170.dat	upx
behavioral2/files/0x0007000000023460-167.dat	upx
behavioral2/files/0x0007000000023461-165.dat	upx
behavioral2/files/0x000700000002345e-157.dat	upx
behavioral2/files/0x000700000002345c-144.dat	upx
behavioral2/files/0x000700000002345b-142.dat	upx
behavioral2/files/0x000700000002345a-134.dat	upx
behavioral2/files/0x0007000000023458-124.dat	upx
behavioral2/files/0x0007000000023456-114.dat	upx
behavioral2/files/0x0007000000023455-110.dat	upx
behavioral2/files/0x0007000000023453-99.dat	upx
behavioral2/files/0x0007000000023452-94.dat	upx
behavioral2/files/0x0007000000023450-85.dat	upx
behavioral2/files/0x000700000002344f-82.dat	upx
behavioral2/files/0x000700000002344d-70.dat	upx
behavioral2/files/0x000700000002344c-67.dat	upx
behavioral2/files/0x000700000002344a-57.dat	upx
behavioral2/memory/3948-48-0x00007FF683BD0000-0x00007FF683FC1000-memory.dmp	upx
behavioral2/files/0x0007000000023446-40.dat	upx
behavioral2/memory/4236-38-0x00007FF7DA0C0000-0x00007FF7DA4B1000-memory.dmp	upx
behavioral2/files/0x0007000000023447-34.dat	upx
behavioral2/memory/3960-33-0x00007FF7B52D0000-0x00007FF7B56C1000-memory.dmp	upx
behavioral2/files/0x0007000000023445-27.dat	upx
behavioral2/memory/3440-23-0x00007FF6E83E0000-0x00007FF6E87D1000-memory.dmp	upx
behavioral2/memory/2536-19-0x00007FF71DB50000-0x00007FF71DF41000-memory.dmp	upx
behavioral2/memory/1944-11-0x00007FF63DC60000-0x00007FF63E051000-memory.dmp	upx
behavioral2/memory/1944-934-0x00007FF63DC60000-0x00007FF63E051000-memory.dmp	upx
behavioral2/memory/536-1581-0x00007FF7EF8D0000-0x00007FF7EFCC1000-memory.dmp	upx
behavioral2/memory/3440-1976-0x00007FF6E83E0000-0x00007FF6E87D1000-memory.dmp	upx
behavioral2/memory/2452-1993-0x00007FF771FA0000-0x00007FF772391000-memory.dmp	upx
behavioral2/memory/3960-1994-0x00007FF7B52D0000-0x00007FF7B56C1000-memory.dmp	upx
behavioral2/memory/4236-1995-0x00007FF7DA0C0000-0x00007FF7DA4B1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\oNrXIfz.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\lhoyvqz.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\sznplwv.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\njFLIiG.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\fnWSlfg.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\PPDqfvD.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\ijhYNzU.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\PdzCWDp.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\bEDkgHf.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\hlokOeK.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\ecPlUUm.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\SyDUoSr.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\ocSTWTd.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\eJSqzWg.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\dcPcldE.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\DPdviDg.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\ayeyvId.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\peMEjYG.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\dVRVqSl.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\EDhseck.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\rRmWYTr.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\KGpxBfN.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\JyRWqFY.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\OljJHuX.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\cJQyzGK.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\kORgkXw.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\uugazTu.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\tkFhlGo.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\DKfMBRr.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\LRHuIBf.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\jQuwJKd.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\xpkhLRA.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\rXezdHO.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\nQrCUrk.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\iXaXmHw.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\AYLRjDE.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\iHGkJIv.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\ZbzlPVi.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\RqVRqJA.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\kiFgOQu.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\BDskmyy.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\RNMzZqR.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\OWggftH.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\gVlvcnj.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\mcQuLnt.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\uYjVYGP.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\LBaInoD.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\CDcRBEZ.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\EqbyiPd.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\iDeNLMQ.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\jNIbOcW.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\tzKncrK.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\ZoJemlK.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\RLWvhjf.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\pMqmlBF.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\BbZBXFp.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\hzbKydj.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\XByvfBl.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\KAlDaCZ.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\JPtUQEM.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\AOWsKzd.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\THFUfJe.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\HPQlpWL.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
File created	C:\Windows\System32\VSIBkET.exe	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12180	dwm.exe
Token: SeChangeNotifyPrivilege	12180	dwm.exe
Token: 33	12180	dwm.exe
Token: SeIncBasePriorityPrivilege	12180	dwm.exe
Token: SeShutdownPrivilege	12180	dwm.exe
Token: SeCreatePagefilePrivilege	12180	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1944	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	83
PID 536 wrote to memory of 1944	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	83
PID 536 wrote to memory of 2536	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	84
PID 536 wrote to memory of 2536	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	84
PID 536 wrote to memory of 3440	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	85
PID 536 wrote to memory of 3440	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	85
PID 536 wrote to memory of 2452	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	86
PID 536 wrote to memory of 2452	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	86
PID 536 wrote to memory of 3960	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	87
PID 536 wrote to memory of 3960	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	87
PID 536 wrote to memory of 4236	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	88
PID 536 wrote to memory of 4236	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	88
PID 536 wrote to memory of 3948	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	89
PID 536 wrote to memory of 3948	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	89
PID 536 wrote to memory of 4728	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	90
PID 536 wrote to memory of 4728	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	90
PID 536 wrote to memory of 3688	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	91
PID 536 wrote to memory of 3688	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	91
PID 536 wrote to memory of 3368	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	92
PID 536 wrote to memory of 3368	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	92
PID 536 wrote to memory of 1648	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	93
PID 536 wrote to memory of 1648	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	93
PID 536 wrote to memory of 4568	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	94
PID 536 wrote to memory of 4568	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	94
PID 536 wrote to memory of 3068	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	95
PID 536 wrote to memory of 3068	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	95
PID 536 wrote to memory of 1556	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	96
PID 536 wrote to memory of 1556	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	96
PID 536 wrote to memory of 5092	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	97
PID 536 wrote to memory of 5092	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	97
PID 536 wrote to memory of 4856	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	98
PID 536 wrote to memory of 4856	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	98
PID 536 wrote to memory of 2116	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	99
PID 536 wrote to memory of 2116	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	99
PID 536 wrote to memory of 2200	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	100
PID 536 wrote to memory of 2200	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	100
PID 536 wrote to memory of 32	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	101
PID 536 wrote to memory of 32	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	101
PID 536 wrote to memory of 5072	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	102
PID 536 wrote to memory of 5072	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	102
PID 536 wrote to memory of 2592	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	103
PID 536 wrote to memory of 2592	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	103
PID 536 wrote to memory of 992	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	104
PID 536 wrote to memory of 992	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	104
PID 536 wrote to memory of 1980	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	105
PID 536 wrote to memory of 1980	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	105
PID 536 wrote to memory of 5048	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	106
PID 536 wrote to memory of 5048	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	106
PID 536 wrote to memory of 4572	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	107
PID 536 wrote to memory of 4572	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	107
PID 536 wrote to memory of 4108	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	108
PID 536 wrote to memory of 4108	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	108
PID 536 wrote to memory of 2004	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	109
PID 536 wrote to memory of 2004	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	109
PID 536 wrote to memory of 552	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	110
PID 536 wrote to memory of 552	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	110
PID 536 wrote to memory of 4908	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	111
PID 536 wrote to memory of 4908	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	111
PID 536 wrote to memory of 3624	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	112
PID 536 wrote to memory of 3624	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	112
PID 536 wrote to memory of 4824	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	113
PID 536 wrote to memory of 4824	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	113
PID 536 wrote to memory of 2080	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	114
PID 536 wrote to memory of 2080	536	8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe	114

C:\Users\Admin\AppData\Local\Temp\8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe
"C:\Users\Admin\AppData\Local\Temp\8ebe0b429bc6d3058bee33b08021b624c70104544fd0515ad7a8e9ff21bbaefd.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\System32\LZhzNkN.exe
  C:\Windows\System32\LZhzNkN.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System32\wnzjIoa.exe
  C:\Windows\System32\wnzjIoa.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System32\qKmSrMr.exe
  C:\Windows\System32\qKmSrMr.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System32\QqDgWVm.exe
  C:\Windows\System32\QqDgWVm.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System32\YlFFiMQ.exe
  C:\Windows\System32\YlFFiMQ.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System32\AYLRjDE.exe
  C:\Windows\System32\AYLRjDE.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System32\DamGMKJ.exe
  C:\Windows\System32\DamGMKJ.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System32\cRIAZOL.exe
  C:\Windows\System32\cRIAZOL.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System32\kyhopMY.exe
  C:\Windows\System32\kyhopMY.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System32\eJvGdmn.exe
  C:\Windows\System32\eJvGdmn.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System32\LjfqiHV.exe
  C:\Windows\System32\LjfqiHV.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System32\ChNFIMe.exe
  C:\Windows\System32\ChNFIMe.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System32\xREGFUG.exe
  C:\Windows\System32\xREGFUG.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System32\uxpSjqx.exe
  C:\Windows\System32\uxpSjqx.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System32\jUrZVOH.exe
  C:\Windows\System32\jUrZVOH.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System32\JTksNvO.exe
  C:\Windows\System32\JTksNvO.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System32\FmPmCpw.exe
  C:\Windows\System32\FmPmCpw.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System32\DIPUZui.exe
  C:\Windows\System32\DIPUZui.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System32\xMwRIRp.exe
  C:\Windows\System32\xMwRIRp.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System32\DUAkILs.exe
  C:\Windows\System32\DUAkILs.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System32\jsqlVHU.exe
  C:\Windows\System32\jsqlVHU.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System32\MSSShpQ.exe
  C:\Windows\System32\MSSShpQ.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System32\fIPkIGQ.exe
  C:\Windows\System32\fIPkIGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System32\aChzRXd.exe
  C:\Windows\System32\aChzRXd.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System32\xTyLptM.exe
  C:\Windows\System32\xTyLptM.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System32\VSIBkET.exe
  C:\Windows\System32\VSIBkET.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System32\PyuUkVe.exe
  C:\Windows\System32\PyuUkVe.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System32\hlokOeK.exe
  C:\Windows\System32\hlokOeK.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System32\DMyCidb.exe
  C:\Windows\System32\DMyCidb.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System32\kORgkXw.exe
  C:\Windows\System32\kORgkXw.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System32\kFjDqsi.exe
  C:\Windows\System32\kFjDqsi.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System32\vwPWxSH.exe
  C:\Windows\System32\vwPWxSH.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System32\MIHWbQz.exe
  C:\Windows\System32\MIHWbQz.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System32\nySkyXR.exe
  C:\Windows\System32\nySkyXR.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System32\dAjaUNA.exe
  C:\Windows\System32\dAjaUNA.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System32\ISAUaOs.exe
  C:\Windows\System32\ISAUaOs.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System32\IUqZAhr.exe
  C:\Windows\System32\IUqZAhr.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System32\uklvWgO.exe
  C:\Windows\System32\uklvWgO.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System32\IBkulxN.exe
  C:\Windows\System32\IBkulxN.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System32\riVOgJm.exe
  C:\Windows\System32\riVOgJm.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System32\xbdudtP.exe
  C:\Windows\System32\xbdudtP.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System32\nWoCCri.exe
  C:\Windows\System32\nWoCCri.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System32\fNtqUQC.exe
  C:\Windows\System32\fNtqUQC.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System32\bacNIxK.exe
  C:\Windows\System32\bacNIxK.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System32\mufNxkh.exe
  C:\Windows\System32\mufNxkh.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System32\omnzhrG.exe
  C:\Windows\System32\omnzhrG.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System32\SXdeSvG.exe
  C:\Windows\System32\SXdeSvG.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System32\xVgLSPN.exe
  C:\Windows\System32\xVgLSPN.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System32\MXpgwRv.exe
  C:\Windows\System32\MXpgwRv.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System32\erTsBGO.exe
  C:\Windows\System32\erTsBGO.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System32\iHGkJIv.exe
  C:\Windows\System32\iHGkJIv.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System32\msCIFeU.exe
  C:\Windows\System32\msCIFeU.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System32\NiRXGAd.exe
  C:\Windows\System32\NiRXGAd.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System32\XYJibGr.exe
  C:\Windows\System32\XYJibGr.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System32\hKUPDJn.exe
  C:\Windows\System32\hKUPDJn.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System32\gbYHlaZ.exe
  C:\Windows\System32\gbYHlaZ.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System32\oJfmmIM.exe
  C:\Windows\System32\oJfmmIM.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System32\XcKWEIP.exe
  C:\Windows\System32\XcKWEIP.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System32\PKSkVKX.exe
  C:\Windows\System32\PKSkVKX.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System32\ZbzlPVi.exe
  C:\Windows\System32\ZbzlPVi.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System32\jJuWYSz.exe
  C:\Windows\System32\jJuWYSz.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System32\uaqAlJk.exe
  C:\Windows\System32\uaqAlJk.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System32\hvJETVS.exe
  C:\Windows\System32\hvJETVS.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System32\wZuyaiR.exe
  C:\Windows\System32\wZuyaiR.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System32\CYmAbgv.exe
  C:\Windows\System32\CYmAbgv.exe
  2⤵
  PID:4500
- C:\Windows\System32\HajDNuI.exe
  C:\Windows\System32\HajDNuI.exe
  2⤵
  PID:1156
- C:\Windows\System32\KPuLfNg.exe
  C:\Windows\System32\KPuLfNg.exe
  2⤵
  PID:1604
- C:\Windows\System32\JJbDPBJ.exe
  C:\Windows\System32\JJbDPBJ.exe
  2⤵
  PID:1676
- C:\Windows\System32\YuFizkU.exe
  C:\Windows\System32\YuFizkU.exe
  2⤵
  PID:4440
- C:\Windows\System32\YxyPNGn.exe
  C:\Windows\System32\YxyPNGn.exe
  2⤵
  PID:1444
- C:\Windows\System32\edDsKvd.exe
  C:\Windows\System32\edDsKvd.exe
  2⤵
  PID:1572
- C:\Windows\System32\lCYfyUe.exe
  C:\Windows\System32\lCYfyUe.exe
  2⤵
  PID:3324
- C:\Windows\System32\vrXoEfO.exe
  C:\Windows\System32\vrXoEfO.exe
  2⤵
  PID:1872
- C:\Windows\System32\CDcRBEZ.exe
  C:\Windows\System32\CDcRBEZ.exe
  2⤵
  PID:1420
- C:\Windows\System32\mSVtPvk.exe
  C:\Windows\System32\mSVtPvk.exe
  2⤵
  PID:1796
- C:\Windows\System32\cwjfIqC.exe
  C:\Windows\System32\cwjfIqC.exe
  2⤵
  PID:1532
- C:\Windows\System32\PnxkGGe.exe
  C:\Windows\System32\PnxkGGe.exe
  2⤵
  PID:4708
- C:\Windows\System32\oOkWpKC.exe
  C:\Windows\System32\oOkWpKC.exe
  2⤵
  PID:1884
- C:\Windows\System32\AOWsKzd.exe
  C:\Windows\System32\AOWsKzd.exe
  2⤵
  PID:5000
- C:\Windows\System32\DtsfpbF.exe
  C:\Windows\System32\DtsfpbF.exe
  2⤵
  PID:876
- C:\Windows\System32\aoXWBXx.exe
  C:\Windows\System32\aoXWBXx.exe
  2⤵
  PID:3896
- C:\Windows\System32\ssmaZTk.exe
  C:\Windows\System32\ssmaZTk.exe
  2⤵
  PID:3200
- C:\Windows\System32\FtZKZnD.exe
  C:\Windows\System32\FtZKZnD.exe
  2⤵
  PID:2232
- C:\Windows\System32\AsdoCzo.exe
  C:\Windows\System32\AsdoCzo.exe
  2⤵
  PID:4600
- C:\Windows\System32\YSIbyey.exe
  C:\Windows\System32\YSIbyey.exe
  2⤵
  PID:1636
- C:\Windows\System32\xiQjVNq.exe
  C:\Windows\System32\xiQjVNq.exe
  2⤵
  PID:3784
- C:\Windows\System32\hgUaMxB.exe
  C:\Windows\System32\hgUaMxB.exe
  2⤵
  PID:1768
- C:\Windows\System32\wZBDANA.exe
  C:\Windows\System32\wZBDANA.exe
  2⤵
  PID:3404
- C:\Windows\System32\TUkzsbe.exe
  C:\Windows\System32\TUkzsbe.exe
  2⤵
  PID:2772
- C:\Windows\System32\hitDBSq.exe
  C:\Windows\System32\hitDBSq.exe
  2⤵
  PID:2208
- C:\Windows\System32\ZDYqxGV.exe
  C:\Windows\System32\ZDYqxGV.exe
  2⤵
  PID:3480
- C:\Windows\System32\GJuyKOS.exe
  C:\Windows\System32\GJuyKOS.exe
  2⤵
  PID:4872
- C:\Windows\System32\foqhanr.exe
  C:\Windows\System32\foqhanr.exe
  2⤵
  PID:4700
- C:\Windows\System32\BDskmyy.exe
  C:\Windows\System32\BDskmyy.exe
  2⤵
  PID:4456
- C:\Windows\System32\yzZihfc.exe
  C:\Windows\System32\yzZihfc.exe
  2⤵
  PID:5100
- C:\Windows\System32\ayeyvId.exe
  C:\Windows\System32\ayeyvId.exe
  2⤵
  PID:3272
- C:\Windows\System32\EbIznFZ.exe
  C:\Windows\System32\EbIznFZ.exe
  2⤵
  PID:4404
- C:\Windows\System32\EqbyiPd.exe
  C:\Windows\System32\EqbyiPd.exe
  2⤵
  PID:1748
- C:\Windows\System32\vawEwoC.exe
  C:\Windows\System32\vawEwoC.exe
  2⤵
  PID:4892
- C:\Windows\System32\bNwQGbb.exe
  C:\Windows\System32\bNwQGbb.exe
  2⤵
  PID:4032
- C:\Windows\System32\ZoJemlK.exe
  C:\Windows\System32\ZoJemlK.exe
  2⤵
  PID:1260
- C:\Windows\System32\LgVZCot.exe
  C:\Windows\System32\LgVZCot.exe
  2⤵
  PID:1336
- C:\Windows\System32\vzKjzVE.exe
  C:\Windows\System32\vzKjzVE.exe
  2⤵
  PID:2700
- C:\Windows\System32\OpymvJn.exe
  C:\Windows\System32\OpymvJn.exe
  2⤵
  PID:2252
- C:\Windows\System32\DNspJnw.exe
  C:\Windows\System32\DNspJnw.exe
  2⤵
  PID:3124
- C:\Windows\System32\sCbFcEY.exe
  C:\Windows\System32\sCbFcEY.exe
  2⤵
  PID:2460
- C:\Windows\System32\iDeNLMQ.exe
  C:\Windows\System32\iDeNLMQ.exe
  2⤵
  PID:4928
- C:\Windows\System32\JcMhtuU.exe
  C:\Windows\System32\JcMhtuU.exe
  2⤵
  PID:4052
- C:\Windows\System32\OBhYFMz.exe
  C:\Windows\System32\OBhYFMz.exe
  2⤵
  PID:2928
- C:\Windows\System32\htLZgWi.exe
  C:\Windows\System32\htLZgWi.exe
  2⤵
  PID:3888
- C:\Windows\System32\gKAeZlm.exe
  C:\Windows\System32\gKAeZlm.exe
  2⤵
  PID:4124
- C:\Windows\System32\POviDzt.exe
  C:\Windows\System32\POviDzt.exe
  2⤵
  PID:3788
- C:\Windows\System32\jFlwWgM.exe
  C:\Windows\System32\jFlwWgM.exe
  2⤵
  PID:1576
- C:\Windows\System32\NRHAMZi.exe
  C:\Windows\System32\NRHAMZi.exe
  2⤵
  PID:2636
- C:\Windows\System32\QVsuxgL.exe
  C:\Windows\System32\QVsuxgL.exe
  2⤵
  PID:1824
- C:\Windows\System32\oAbhhqU.exe
  C:\Windows\System32\oAbhhqU.exe
  2⤵
  PID:4284
- C:\Windows\System32\aHnopPn.exe
  C:\Windows\System32\aHnopPn.exe
  2⤵
  PID:2056
- C:\Windows\System32\WwnjNjF.exe
  C:\Windows\System32\WwnjNjF.exe
  2⤵
  PID:5128
- C:\Windows\System32\vYmQsra.exe
  C:\Windows\System32\vYmQsra.exe
  2⤵
  PID:5148
- C:\Windows\System32\tMEBoOy.exe
  C:\Windows\System32\tMEBoOy.exe
  2⤵
  PID:5168
- C:\Windows\System32\xDyFlpF.exe
  C:\Windows\System32\xDyFlpF.exe
  2⤵
  PID:5228
- C:\Windows\System32\XApryWa.exe
  C:\Windows\System32\XApryWa.exe
  2⤵
  PID:5260
- C:\Windows\System32\eynRbXa.exe
  C:\Windows\System32\eynRbXa.exe
  2⤵
  PID:5276
- C:\Windows\System32\hdTKTtO.exe
  C:\Windows\System32\hdTKTtO.exe
  2⤵
  PID:5300
- C:\Windows\System32\iJXLbeJ.exe
  C:\Windows\System32\iJXLbeJ.exe
  2⤵
  PID:5320
- C:\Windows\System32\DKbGfap.exe
  C:\Windows\System32\DKbGfap.exe
  2⤵
  PID:5348
- C:\Windows\System32\lRDbVhJ.exe
  C:\Windows\System32\lRDbVhJ.exe
  2⤵
  PID:5372
- C:\Windows\System32\cbLNdEL.exe
  C:\Windows\System32\cbLNdEL.exe
  2⤵
  PID:5396
- C:\Windows\System32\LbXZhPq.exe
  C:\Windows\System32\LbXZhPq.exe
  2⤵
  PID:5440
- C:\Windows\System32\yzwmIrJ.exe
  C:\Windows\System32\yzwmIrJ.exe
  2⤵
  PID:5476
- C:\Windows\System32\aKcDuaj.exe
  C:\Windows\System32\aKcDuaj.exe
  2⤵
  PID:5492
- C:\Windows\System32\JIXPFqo.exe
  C:\Windows\System32\JIXPFqo.exe
  2⤵
  PID:5520
- C:\Windows\System32\xBWOuki.exe
  C:\Windows\System32\xBWOuki.exe
  2⤵
  PID:5536
- C:\Windows\System32\uehRDGS.exe
  C:\Windows\System32\uehRDGS.exe
  2⤵
  PID:5576
- C:\Windows\System32\oRffkSr.exe
  C:\Windows\System32\oRffkSr.exe
  2⤵
  PID:5612
- C:\Windows\System32\KGpxBfN.exe
  C:\Windows\System32\KGpxBfN.exe
  2⤵
  PID:5636
- C:\Windows\System32\EbEBYoN.exe
  C:\Windows\System32\EbEBYoN.exe
  2⤵
  PID:5652
- C:\Windows\System32\zXOTZZT.exe
  C:\Windows\System32\zXOTZZT.exe
  2⤵
  PID:5676
- C:\Windows\System32\OjAXILu.exe
  C:\Windows\System32\OjAXILu.exe
  2⤵
  PID:5700
- C:\Windows\System32\tkFhlGo.exe
  C:\Windows\System32\tkFhlGo.exe
  2⤵
  PID:5748
- C:\Windows\System32\CzbBVcG.exe
  C:\Windows\System32\CzbBVcG.exe
  2⤵
  PID:5776
- C:\Windows\System32\hfyvQoe.exe
  C:\Windows\System32\hfyvQoe.exe
  2⤵
  PID:5792
- C:\Windows\System32\jJVUnya.exe
  C:\Windows\System32\jJVUnya.exe
  2⤵
  PID:5812
- C:\Windows\System32\GtOqUmM.exe
  C:\Windows\System32\GtOqUmM.exe
  2⤵
  PID:5864
- C:\Windows\System32\SubzuTA.exe
  C:\Windows\System32\SubzuTA.exe
  2⤵
  PID:5880
- C:\Windows\System32\ZzTvnJk.exe
  C:\Windows\System32\ZzTvnJk.exe
  2⤵
  PID:5900
- C:\Windows\System32\yHQdQWE.exe
  C:\Windows\System32\yHQdQWE.exe
  2⤵
  PID:5924
- C:\Windows\System32\bImpgsN.exe
  C:\Windows\System32\bImpgsN.exe
  2⤵
  PID:5968
- C:\Windows\System32\aJcILNU.exe
  C:\Windows\System32\aJcILNU.exe
  2⤵
  PID:6040
- C:\Windows\System32\JdmcJER.exe
  C:\Windows\System32\JdmcJER.exe
  2⤵
  PID:6056
- C:\Windows\System32\SfIdxfr.exe
  C:\Windows\System32\SfIdxfr.exe
  2⤵
  PID:6076
- C:\Windows\System32\EzSXODz.exe
  C:\Windows\System32\EzSXODz.exe
  2⤵
  PID:6092
- C:\Windows\System32\zgRgXGS.exe
  C:\Windows\System32\zgRgXGS.exe
  2⤵
  PID:6136
- C:\Windows\System32\hNDYgkM.exe
  C:\Windows\System32\hNDYgkM.exe
  2⤵
  PID:400
- C:\Windows\System32\QXwPdUg.exe
  C:\Windows\System32\QXwPdUg.exe
  2⤵
  PID:5164
- C:\Windows\System32\aRTNeJR.exe
  C:\Windows\System32\aRTNeJR.exe
  2⤵
  PID:5156
- C:\Windows\System32\kdwQcuT.exe
  C:\Windows\System32\kdwQcuT.exe
  2⤵
  PID:5236
- C:\Windows\System32\gRCJMGh.exe
  C:\Windows\System32\gRCJMGh.exe
  2⤵
  PID:5312
- C:\Windows\System32\PUaBVIM.exe
  C:\Windows\System32\PUaBVIM.exe
  2⤵
  PID:5328
- C:\Windows\System32\eDmJTiP.exe
  C:\Windows\System32\eDmJTiP.exe
  2⤵
  PID:5384
- C:\Windows\System32\PettLdJ.exe
  C:\Windows\System32\PettLdJ.exe
  2⤵
  PID:5588
- C:\Windows\System32\ahRTRmT.exe
  C:\Windows\System32\ahRTRmT.exe
  2⤵
  PID:5684
- C:\Windows\System32\OuCGRfQ.exe
  C:\Windows\System32\OuCGRfQ.exe
  2⤵
  PID:5688
- C:\Windows\System32\oxAAmqw.exe
  C:\Windows\System32\oxAAmqw.exe
  2⤵
  PID:5756
- C:\Windows\System32\RqVRqJA.exe
  C:\Windows\System32\RqVRqJA.exe
  2⤵
  PID:5836
- C:\Windows\System32\SxIsCtS.exe
  C:\Windows\System32\SxIsCtS.exe
  2⤵
  PID:5784
- C:\Windows\System32\ggNYVbZ.exe
  C:\Windows\System32\ggNYVbZ.exe
  2⤵
  PID:5804
- C:\Windows\System32\JyRWqFY.exe
  C:\Windows\System32\JyRWqFY.exe
  2⤵
  PID:5908
- C:\Windows\System32\TMDkVTK.exe
  C:\Windows\System32\TMDkVTK.exe
  2⤵
  PID:5892
- C:\Windows\System32\RNMzZqR.exe
  C:\Windows\System32\RNMzZqR.exe
  2⤵
  PID:4248
- C:\Windows\System32\SXcCJkm.exe
  C:\Windows\System32\SXcCJkm.exe
  2⤵
  PID:2392
- C:\Windows\System32\RavLmxl.exe
  C:\Windows\System32\RavLmxl.exe
  2⤵
  PID:5084
- C:\Windows\System32\HiwPXws.exe
  C:\Windows\System32\HiwPXws.exe
  2⤵
  PID:3296
- C:\Windows\System32\uorUTXo.exe
  C:\Windows\System32\uorUTXo.exe
  2⤵
  PID:5332
- C:\Windows\System32\RYiTBOj.exe
  C:\Windows\System32\RYiTBOj.exe
  2⤵
  PID:5296
- C:\Windows\System32\uZYLzOA.exe
  C:\Windows\System32\uZYLzOA.exe
  2⤵
  PID:5508
- C:\Windows\System32\vDlhwhQ.exe
  C:\Windows\System32\vDlhwhQ.exe
  2⤵
  PID:5736
- C:\Windows\System32\dkQipts.exe
  C:\Windows\System32\dkQipts.exe
  2⤵
  PID:5844
- C:\Windows\System32\jUALzxn.exe
  C:\Windows\System32\jUALzxn.exe
  2⤵
  PID:6016
- C:\Windows\System32\ppMyGFO.exe
  C:\Windows\System32\ppMyGFO.exe
  2⤵
  PID:3416
- C:\Windows\System32\slBZrit.exe
  C:\Windows\System32\slBZrit.exe
  2⤵
  PID:5356
- C:\Windows\System32\XblBQGd.exe
  C:\Windows\System32\XblBQGd.exe
  2⤵
  PID:5768
- C:\Windows\System32\qxdRRIf.exe
  C:\Windows\System32\qxdRRIf.exe
  2⤵
  PID:5960
- C:\Windows\System32\vGebljD.exe
  C:\Windows\System32\vGebljD.exe
  2⤵
  PID:1064
- C:\Windows\System32\YOVFEXw.exe
  C:\Windows\System32\YOVFEXw.exe
  2⤵
  PID:5936
- C:\Windows\System32\PNusyZl.exe
  C:\Windows\System32\PNusyZl.exe
  2⤵
  PID:6156
- C:\Windows\System32\dNpqJcV.exe
  C:\Windows\System32\dNpqJcV.exe
  2⤵
  PID:6192
- C:\Windows\System32\JPanzmf.exe
  C:\Windows\System32\JPanzmf.exe
  2⤵
  PID:6236
- C:\Windows\System32\tAFoIqC.exe
  C:\Windows\System32\tAFoIqC.exe
  2⤵
  PID:6252
- C:\Windows\System32\dBXGhSX.exe
  C:\Windows\System32\dBXGhSX.exe
  2⤵
  PID:6272
- C:\Windows\System32\XqYvXjW.exe
  C:\Windows\System32\XqYvXjW.exe
  2⤵
  PID:6296
- C:\Windows\System32\gSWsSvh.exe
  C:\Windows\System32\gSWsSvh.exe
  2⤵
  PID:6340
- C:\Windows\System32\gzMMfza.exe
  C:\Windows\System32\gzMMfza.exe
  2⤵
  PID:6372
- C:\Windows\System32\WvbNipJ.exe
  C:\Windows\System32\WvbNipJ.exe
  2⤵
  PID:6392
- C:\Windows\System32\PPDqfvD.exe
  C:\Windows\System32\PPDqfvD.exe
  2⤵
  PID:6412
- C:\Windows\System32\kfjUMOK.exe
  C:\Windows\System32\kfjUMOK.exe
  2⤵
  PID:6436
- C:\Windows\System32\eiBBHgR.exe
  C:\Windows\System32\eiBBHgR.exe
  2⤵
  PID:6472
- C:\Windows\System32\TfwoKxE.exe
  C:\Windows\System32\TfwoKxE.exe
  2⤵
  PID:6496
- C:\Windows\System32\soXPWvb.exe
  C:\Windows\System32\soXPWvb.exe
  2⤵
  PID:6516
- C:\Windows\System32\YkRynVz.exe
  C:\Windows\System32\YkRynVz.exe
  2⤵
  PID:6540
- C:\Windows\System32\ooNLQfe.exe
  C:\Windows\System32\ooNLQfe.exe
  2⤵
  PID:6564
- C:\Windows\System32\RBlknqs.exe
  C:\Windows\System32\RBlknqs.exe
  2⤵
  PID:6584
- C:\Windows\System32\rGRpCLQ.exe
  C:\Windows\System32\rGRpCLQ.exe
  2⤵
  PID:6604
- C:\Windows\System32\NleBnsg.exe
  C:\Windows\System32\NleBnsg.exe
  2⤵
  PID:6688
- C:\Windows\System32\ypnJXTe.exe
  C:\Windows\System32\ypnJXTe.exe
  2⤵
  PID:6712
- C:\Windows\System32\wMABwQX.exe
  C:\Windows\System32\wMABwQX.exe
  2⤵
  PID:6728
- C:\Windows\System32\ZkniSgQ.exe
  C:\Windows\System32\ZkniSgQ.exe
  2⤵
  PID:6744
- C:\Windows\System32\xHtHZCf.exe
  C:\Windows\System32\xHtHZCf.exe
  2⤵
  PID:6772
- C:\Windows\System32\kBbQCRc.exe
  C:\Windows\System32\kBbQCRc.exe
  2⤵
  PID:6804
- C:\Windows\System32\coBAzaZ.exe
  C:\Windows\System32\coBAzaZ.exe
  2⤵
  PID:6820
- C:\Windows\System32\bEUguVC.exe
  C:\Windows\System32\bEUguVC.exe
  2⤵
  PID:6852
- C:\Windows\System32\CROwacs.exe
  C:\Windows\System32\CROwacs.exe
  2⤵
  PID:6884
- C:\Windows\System32\MHWnaQl.exe
  C:\Windows\System32\MHWnaQl.exe
  2⤵
  PID:6916
- C:\Windows\System32\jNIbOcW.exe
  C:\Windows\System32\jNIbOcW.exe
  2⤵
  PID:6932
- C:\Windows\System32\NqkhrKH.exe
  C:\Windows\System32\NqkhrKH.exe
  2⤵
  PID:6956
- C:\Windows\System32\sutymJB.exe
  C:\Windows\System32\sutymJB.exe
  2⤵
  PID:6976
- C:\Windows\System32\FxqaGEv.exe
  C:\Windows\System32\FxqaGEv.exe
  2⤵
  PID:7004
- C:\Windows\System32\CpDoBbL.exe
  C:\Windows\System32\CpDoBbL.exe
  2⤵
  PID:7024
- C:\Windows\System32\gUCjvBW.exe
  C:\Windows\System32\gUCjvBW.exe
  2⤵
  PID:7072
- C:\Windows\System32\xpkhLRA.exe
  C:\Windows\System32\xpkhLRA.exe
  2⤵
  PID:7096
- C:\Windows\System32\ehnmhon.exe
  C:\Windows\System32\ehnmhon.exe
  2⤵
  PID:7144
- C:\Windows\System32\OWggftH.exe
  C:\Windows\System32\OWggftH.exe
  2⤵
  PID:6172
- C:\Windows\System32\HuQOuLu.exe
  C:\Windows\System32\HuQOuLu.exe
  2⤵
  PID:6204
- C:\Windows\System32\aJwHGpZ.exe
  C:\Windows\System32\aJwHGpZ.exe
  2⤵
  PID:6244
- C:\Windows\System32\xNZsECq.exe
  C:\Windows\System32\xNZsECq.exe
  2⤵
  PID:6292
- C:\Windows\System32\IVxbiuW.exe
  C:\Windows\System32\IVxbiuW.exe
  2⤵
  PID:6356
- C:\Windows\System32\RAybSSd.exe
  C:\Windows\System32\RAybSSd.exe
  2⤵
  PID:6428
- C:\Windows\System32\kIrODzS.exe
  C:\Windows\System32\kIrODzS.exe
  2⤵
  PID:6552
- C:\Windows\System32\DKfMBRr.exe
  C:\Windows\System32\DKfMBRr.exe
  2⤵
  PID:6596
- C:\Windows\System32\kyOQUZg.exe
  C:\Windows\System32\kyOQUZg.exe
  2⤵
  PID:6592
- C:\Windows\System32\oNrXIfz.exe
  C:\Windows\System32\oNrXIfz.exe
  2⤵
  PID:6708
- C:\Windows\System32\uttljSo.exe
  C:\Windows\System32\uttljSo.exe
  2⤵
  PID:6764
- C:\Windows\System32\faGxltu.exe
  C:\Windows\System32\faGxltu.exe
  2⤵
  PID:6784
- C:\Windows\System32\XyiLszH.exe
  C:\Windows\System32\XyiLszH.exe
  2⤵
  PID:6812
- C:\Windows\System32\fpATNsH.exe
  C:\Windows\System32\fpATNsH.exe
  2⤵
  PID:6876
- C:\Windows\System32\MMapwin.exe
  C:\Windows\System32\MMapwin.exe
  2⤵
  PID:6972
- C:\Windows\System32\xhhdxsO.exe
  C:\Windows\System32\xhhdxsO.exe
  2⤵
  PID:7116
- C:\Windows\System32\YQTtvzg.exe
  C:\Windows\System32\YQTtvzg.exe
  2⤵
  PID:7124
- C:\Windows\System32\krAhugW.exe
  C:\Windows\System32\krAhugW.exe
  2⤵
  PID:6248
- C:\Windows\System32\yaKsWWi.exe
  C:\Windows\System32\yaKsWWi.exe
  2⤵
  PID:6504
- C:\Windows\System32\zKtkLcU.exe
  C:\Windows\System32\zKtkLcU.exe
  2⤵
  PID:6720
- C:\Windows\System32\BbPwRdH.exe
  C:\Windows\System32\BbPwRdH.exe
  2⤵
  PID:6768
- C:\Windows\System32\fGxkYvy.exe
  C:\Windows\System32\fGxkYvy.exe
  2⤵
  PID:6952
- C:\Windows\System32\VZkpWZq.exe
  C:\Windows\System32\VZkpWZq.exe
  2⤵
  PID:7080
- C:\Windows\System32\aiicQKq.exe
  C:\Windows\System32\aiicQKq.exe
  2⤵
  PID:7140
- C:\Windows\System32\HDHdjoL.exe
  C:\Windows\System32\HDHdjoL.exe
  2⤵
  PID:6408
- C:\Windows\System32\BfrETKy.exe
  C:\Windows\System32\BfrETKy.exe
  2⤵
  PID:6848
- C:\Windows\System32\RLWvhjf.exe
  C:\Windows\System32\RLWvhjf.exe
  2⤵
  PID:6828
- C:\Windows\System32\aJLSoIU.exe
  C:\Windows\System32\aJLSoIU.exe
  2⤵
  PID:7192
- C:\Windows\System32\tdNXZjr.exe
  C:\Windows\System32\tdNXZjr.exe
  2⤵
  PID:7220
- C:\Windows\System32\RtWBkKo.exe
  C:\Windows\System32\RtWBkKo.exe
  2⤵
  PID:7240
- C:\Windows\System32\CeNmRuK.exe
  C:\Windows\System32\CeNmRuK.exe
  2⤵
  PID:7264
- C:\Windows\System32\VtObAfo.exe
  C:\Windows\System32\VtObAfo.exe
  2⤵
  PID:7284
- C:\Windows\System32\fUKntcr.exe
  C:\Windows\System32\fUKntcr.exe
  2⤵
  PID:7348
- C:\Windows\System32\QcpQano.exe
  C:\Windows\System32\QcpQano.exe
  2⤵
  PID:7372
- C:\Windows\System32\YQHSLVq.exe
  C:\Windows\System32\YQHSLVq.exe
  2⤵
  PID:7392
- C:\Windows\System32\LawrmqZ.exe
  C:\Windows\System32\LawrmqZ.exe
  2⤵
  PID:7420
- C:\Windows\System32\bUYfbuy.exe
  C:\Windows\System32\bUYfbuy.exe
  2⤵
  PID:7456
- C:\Windows\System32\peMEjYG.exe
  C:\Windows\System32\peMEjYG.exe
  2⤵
  PID:7492
- C:\Windows\System32\dfOyTZt.exe
  C:\Windows\System32\dfOyTZt.exe
  2⤵
  PID:7508
- C:\Windows\System32\ARWnLMz.exe
  C:\Windows\System32\ARWnLMz.exe
  2⤵
  PID:7528
- C:\Windows\System32\XgqFOyD.exe
  C:\Windows\System32\XgqFOyD.exe
  2⤵
  PID:7544
- C:\Windows\System32\jEbAliA.exe
  C:\Windows\System32\jEbAliA.exe
  2⤵
  PID:7584
- C:\Windows\System32\SdirHTC.exe
  C:\Windows\System32\SdirHTC.exe
  2⤵
  PID:7628
- C:\Windows\System32\jkluZBp.exe
  C:\Windows\System32\jkluZBp.exe
  2⤵
  PID:7652
- C:\Windows\System32\kFOgsEZ.exe
  C:\Windows\System32\kFOgsEZ.exe
  2⤵
  PID:7672
- C:\Windows\System32\oYMpIwJ.exe
  C:\Windows\System32\oYMpIwJ.exe
  2⤵
  PID:7688
- C:\Windows\System32\clfqaAx.exe
  C:\Windows\System32\clfqaAx.exe
  2⤵
  PID:7712
- C:\Windows\System32\aOBZYZN.exe
  C:\Windows\System32\aOBZYZN.exe
  2⤵
  PID:7732
- C:\Windows\System32\SeRgUSh.exe
  C:\Windows\System32\SeRgUSh.exe
  2⤵
  PID:7760
- C:\Windows\System32\ijhYNzU.exe
  C:\Windows\System32\ijhYNzU.exe
  2⤵
  PID:7796
- C:\Windows\System32\NjmUxmV.exe
  C:\Windows\System32\NjmUxmV.exe
  2⤵
  PID:7824
- C:\Windows\System32\wPOjYdV.exe
  C:\Windows\System32\wPOjYdV.exe
  2⤵
  PID:7848
- C:\Windows\System32\anOTmYJ.exe
  C:\Windows\System32\anOTmYJ.exe
  2⤵
  PID:7872
- C:\Windows\System32\hzbKydj.exe
  C:\Windows\System32\hzbKydj.exe
  2⤵
  PID:7892
- C:\Windows\System32\LhufyZB.exe
  C:\Windows\System32\LhufyZB.exe
  2⤵
  PID:7920
- C:\Windows\System32\LXtegvy.exe
  C:\Windows\System32\LXtegvy.exe
  2⤵
  PID:7960
- C:\Windows\System32\BWpnUSk.exe
  C:\Windows\System32\BWpnUSk.exe
  2⤵
  PID:7980
- C:\Windows\System32\iawHtYl.exe
  C:\Windows\System32\iawHtYl.exe
  2⤵
  PID:8032
- C:\Windows\System32\cgVFVgj.exe
  C:\Windows\System32\cgVFVgj.exe
  2⤵
  PID:8048
- C:\Windows\System32\DyOumIP.exe
  C:\Windows\System32\DyOumIP.exe
  2⤵
  PID:8064
- C:\Windows\System32\noovqRY.exe
  C:\Windows\System32\noovqRY.exe
  2⤵
  PID:8100
- C:\Windows\System32\MsByUeh.exe
  C:\Windows\System32\MsByUeh.exe
  2⤵
  PID:8156
- C:\Windows\System32\OxdmZom.exe
  C:\Windows\System32\OxdmZom.exe
  2⤵
  PID:6152
- C:\Windows\System32\IrQzYGe.exe
  C:\Windows\System32\IrQzYGe.exe
  2⤵
  PID:6448
- C:\Windows\System32\rXprXGG.exe
  C:\Windows\System32\rXprXGG.exe
  2⤵
  PID:7236
- C:\Windows\System32\VEdEfAx.exe
  C:\Windows\System32\VEdEfAx.exe
  2⤵
  PID:6184
- C:\Windows\System32\Luvsowe.exe
  C:\Windows\System32\Luvsowe.exe
  2⤵
  PID:7368
- C:\Windows\System32\dVRVqSl.exe
  C:\Windows\System32\dVRVqSl.exe
  2⤵
  PID:7412
- C:\Windows\System32\vQuvKWU.exe
  C:\Windows\System32\vQuvKWU.exe
  2⤵
  PID:7452
- C:\Windows\System32\RkkGpxS.exe
  C:\Windows\System32\RkkGpxS.exe
  2⤵
  PID:7504
- C:\Windows\System32\DAyAgiq.exe
  C:\Windows\System32\DAyAgiq.exe
  2⤵
  PID:7608
- C:\Windows\System32\BQPhaJQ.exe
  C:\Windows\System32\BQPhaJQ.exe
  2⤵
  PID:7636
- C:\Windows\System32\VnIZdrw.exe
  C:\Windows\System32\VnIZdrw.exe
  2⤵
  PID:7700
- C:\Windows\System32\uHoCzJz.exe
  C:\Windows\System32\uHoCzJz.exe
  2⤵
  PID:7780
- C:\Windows\System32\uuXDPmM.exe
  C:\Windows\System32\uuXDPmM.exe
  2⤵
  PID:7804
- C:\Windows\System32\lhoyvqz.exe
  C:\Windows\System32\lhoyvqz.exe
  2⤵
  PID:7856
- C:\Windows\System32\KmiXaxv.exe
  C:\Windows\System32\KmiXaxv.exe
  2⤵
  PID:8008
- C:\Windows\System32\IWOnXBI.exe
  C:\Windows\System32\IWOnXBI.exe
  2⤵
  PID:8056
- C:\Windows\System32\uaBdvpL.exe
  C:\Windows\System32\uaBdvpL.exe
  2⤵
  PID:8084
- C:\Windows\System32\szUuBNj.exe
  C:\Windows\System32\szUuBNj.exe
  2⤵
  PID:8140
- C:\Windows\System32\SbGOYoa.exe
  C:\Windows\System32\SbGOYoa.exe
  2⤵
  PID:7320
- C:\Windows\System32\OumkvVO.exe
  C:\Windows\System32\OumkvVO.exe
  2⤵
  PID:7356
- C:\Windows\System32\GaJtDiQ.exe
  C:\Windows\System32\GaJtDiQ.exe
  2⤵
  PID:7580
- C:\Windows\System32\ZogPTpT.exe
  C:\Windows\System32\ZogPTpT.exe
  2⤵
  PID:7668
- C:\Windows\System32\CXkVYBx.exe
  C:\Windows\System32\CXkVYBx.exe
  2⤵
  PID:7728
- C:\Windows\System32\LKkrwEN.exe
  C:\Windows\System32\LKkrwEN.exe
  2⤵
  PID:8040
- C:\Windows\System32\bKEFIsf.exe
  C:\Windows\System32\bKEFIsf.exe
  2⤵
  PID:8112
- C:\Windows\System32\ytsWjFC.exe
  C:\Windows\System32\ytsWjFC.exe
  2⤵
  PID:7156
- C:\Windows\System32\pkcdPjm.exe
  C:\Windows\System32\pkcdPjm.exe
  2⤵
  PID:7680
- C:\Windows\System32\ZYMQWXj.exe
  C:\Windows\System32\ZYMQWXj.exe
  2⤵
  PID:8124
- C:\Windows\System32\AObHHYX.exe
  C:\Windows\System32\AObHHYX.exe
  2⤵
  PID:8072
- C:\Windows\System32\rXezdHO.exe
  C:\Windows\System32\rXezdHO.exe
  2⤵
  PID:8208
- C:\Windows\System32\THFaDCQ.exe
  C:\Windows\System32\THFaDCQ.exe
  2⤵
  PID:8228
- C:\Windows\System32\SkgIjbe.exe
  C:\Windows\System32\SkgIjbe.exe
  2⤵
  PID:8252
- C:\Windows\System32\nYAarYa.exe
  C:\Windows\System32\nYAarYa.exe
  2⤵
  PID:8296
- C:\Windows\System32\mcQuLnt.exe
  C:\Windows\System32\mcQuLnt.exe
  2⤵
  PID:8320
- C:\Windows\System32\bnxwtfh.exe
  C:\Windows\System32\bnxwtfh.exe
  2⤵
  PID:8348
- C:\Windows\System32\zCuehNQ.exe
  C:\Windows\System32\zCuehNQ.exe
  2⤵
  PID:8372
- C:\Windows\System32\JgxGGoo.exe
  C:\Windows\System32\JgxGGoo.exe
  2⤵
  PID:8400
- C:\Windows\System32\pWgginl.exe
  C:\Windows\System32\pWgginl.exe
  2⤵
  PID:8420
- C:\Windows\System32\EoSDuwx.exe
  C:\Windows\System32\EoSDuwx.exe
  2⤵
  PID:8440
- C:\Windows\System32\LDGVdBB.exe
  C:\Windows\System32\LDGVdBB.exe
  2⤵
  PID:8464
- C:\Windows\System32\ZqdpLlS.exe
  C:\Windows\System32\ZqdpLlS.exe
  2⤵
  PID:8488
- C:\Windows\System32\afJMaEc.exe
  C:\Windows\System32\afJMaEc.exe
  2⤵
  PID:8512
- C:\Windows\System32\lpsTKpA.exe
  C:\Windows\System32\lpsTKpA.exe
  2⤵
  PID:8536
- C:\Windows\System32\ZzeOpfj.exe
  C:\Windows\System32\ZzeOpfj.exe
  2⤵
  PID:8564
- C:\Windows\System32\yjtOmKD.exe
  C:\Windows\System32\yjtOmKD.exe
  2⤵
  PID:8584
- C:\Windows\System32\UdpGrkh.exe
  C:\Windows\System32\UdpGrkh.exe
  2⤵
  PID:8612
- C:\Windows\System32\THFUfJe.exe
  C:\Windows\System32\THFUfJe.exe
  2⤵
  PID:8668
- C:\Windows\System32\FfQRAwa.exe
  C:\Windows\System32\FfQRAwa.exe
  2⤵
  PID:8692
- C:\Windows\System32\NBrhhqL.exe
  C:\Windows\System32\NBrhhqL.exe
  2⤵
  PID:8732
- C:\Windows\System32\SAlrbQo.exe
  C:\Windows\System32\SAlrbQo.exe
  2⤵
  PID:8760
- C:\Windows\System32\DjKsVPZ.exe
  C:\Windows\System32\DjKsVPZ.exe
  2⤵
  PID:8784
- C:\Windows\System32\JpvssNp.exe
  C:\Windows\System32\JpvssNp.exe
  2⤵
  PID:8824
- C:\Windows\System32\VxMDHZj.exe
  C:\Windows\System32\VxMDHZj.exe
  2⤵
  PID:8860
- C:\Windows\System32\YqlsSMR.exe
  C:\Windows\System32\YqlsSMR.exe
  2⤵
  PID:8884
- C:\Windows\System32\qNfacCN.exe
  C:\Windows\System32\qNfacCN.exe
  2⤵
  PID:8908
- C:\Windows\System32\QwCTtAj.exe
  C:\Windows\System32\QwCTtAj.exe
  2⤵
  PID:8928
- C:\Windows\System32\KGysaxX.exe
  C:\Windows\System32\KGysaxX.exe
  2⤵
  PID:8984
- C:\Windows\System32\jAGYMCy.exe
  C:\Windows\System32\jAGYMCy.exe
  2⤵
  PID:9004
- C:\Windows\System32\QqmIiXN.exe
  C:\Windows\System32\QqmIiXN.exe
  2⤵
  PID:9024
- C:\Windows\System32\iqXdAfQ.exe
  C:\Windows\System32\iqXdAfQ.exe
  2⤵
  PID:9048
- C:\Windows\System32\dkHajCV.exe
  C:\Windows\System32\dkHajCV.exe
  2⤵
  PID:9080
- C:\Windows\System32\fKWOPmH.exe
  C:\Windows\System32\fKWOPmH.exe
  2⤵
  PID:9120
- C:\Windows\System32\qxTJJgW.exe
  C:\Windows\System32\qxTJJgW.exe
  2⤵
  PID:9140
- C:\Windows\System32\dCSgUcH.exe
  C:\Windows\System32\dCSgUcH.exe
  2⤵
  PID:9168
- C:\Windows\System32\FOtZLFl.exe
  C:\Windows\System32\FOtZLFl.exe
  2⤵
  PID:9204
- C:\Windows\System32\XrbfihM.exe
  C:\Windows\System32\XrbfihM.exe
  2⤵
  PID:7696
- C:\Windows\System32\mVyHzBW.exe
  C:\Windows\System32\mVyHzBW.exe
  2⤵
  PID:8248
- C:\Windows\System32\yOZHtPV.exe
  C:\Windows\System32\yOZHtPV.exe
  2⤵
  PID:8308
- C:\Windows\System32\cBwokzb.exe
  C:\Windows\System32\cBwokzb.exe
  2⤵
  PID:8336
- C:\Windows\System32\kpVyIsu.exe
  C:\Windows\System32\kpVyIsu.exe
  2⤵
  PID:8520
- C:\Windows\System32\eFRtQum.exe
  C:\Windows\System32\eFRtQum.exe
  2⤵
  PID:8504
- C:\Windows\System32\aPHhLIG.exe
  C:\Windows\System32\aPHhLIG.exe
  2⤵
  PID:8592
- C:\Windows\System32\EDhseck.exe
  C:\Windows\System32\EDhseck.exe
  2⤵
  PID:8644
- C:\Windows\System32\IlYmSmi.exe
  C:\Windows\System32\IlYmSmi.exe
  2⤵
  PID:8712
- C:\Windows\System32\VdavMDu.exe
  C:\Windows\System32\VdavMDu.exe
  2⤵
  PID:8772
- C:\Windows\System32\XByvfBl.exe
  C:\Windows\System32\XByvfBl.exe
  2⤵
  PID:8800
- C:\Windows\System32\IGbkpbU.exe
  C:\Windows\System32\IGbkpbU.exe
  2⤵
  PID:8852
- C:\Windows\System32\JkmxRIL.exe
  C:\Windows\System32\JkmxRIL.exe
  2⤵
  PID:8876
- C:\Windows\System32\iLrayWM.exe
  C:\Windows\System32\iLrayWM.exe
  2⤵
  PID:8996
- C:\Windows\System32\SQVaRFR.exe
  C:\Windows\System32\SQVaRFR.exe
  2⤵
  PID:9064
- C:\Windows\System32\PdzCWDp.exe
  C:\Windows\System32\PdzCWDp.exe
  2⤵
  PID:9152
- C:\Windows\System32\LKwhDRr.exe
  C:\Windows\System32\LKwhDRr.exe
  2⤵
  PID:8204
- C:\Windows\System32\SKNlBbk.exe
  C:\Windows\System32\SKNlBbk.exe
  2⤵
  PID:7976
- C:\Windows\System32\yZkktYM.exe
  C:\Windows\System32\yZkktYM.exe
  2⤵
  PID:8364
- C:\Windows\System32\TfXIrBS.exe
  C:\Windows\System32\TfXIrBS.exe
  2⤵
  PID:8600
- C:\Windows\System32\BTiwoNz.exe
  C:\Windows\System32\BTiwoNz.exe
  2⤵
  PID:8688
- C:\Windows\System32\AFvpRQi.exe
  C:\Windows\System32\AFvpRQi.exe
  2⤵
  PID:8948
- C:\Windows\System32\wsZWutf.exe
  C:\Windows\System32\wsZWutf.exe
  2⤵
  PID:9060
- C:\Windows\System32\UCjCqFu.exe
  C:\Windows\System32\UCjCqFu.exe
  2⤵
  PID:8332
- C:\Windows\System32\eGHUQIH.exe
  C:\Windows\System32\eGHUQIH.exe
  2⤵
  PID:8676
- C:\Windows\System32\uMkHkpH.exe
  C:\Windows\System32\uMkHkpH.exe
  2⤵
  PID:8868
- C:\Windows\System32\BepxtOR.exe
  C:\Windows\System32\BepxtOR.exe
  2⤵
  PID:2520
- C:\Windows\System32\AOOKUAu.exe
  C:\Windows\System32\AOOKUAu.exe
  2⤵
  PID:8432
- C:\Windows\System32\SSTbqEK.exe
  C:\Windows\System32\SSTbqEK.exe
  2⤵
  PID:9268
- C:\Windows\System32\ZGDYnAq.exe
  C:\Windows\System32\ZGDYnAq.exe
  2⤵
  PID:9292
- C:\Windows\System32\LRHuIBf.exe
  C:\Windows\System32\LRHuIBf.exe
  2⤵
  PID:9308
- C:\Windows\System32\uaiLVsA.exe
  C:\Windows\System32\uaiLVsA.exe
  2⤵
  PID:9344
- C:\Windows\System32\bgLsIkV.exe
  C:\Windows\System32\bgLsIkV.exe
  2⤵
  PID:9368
- C:\Windows\System32\JHsDhSd.exe
  C:\Windows\System32\JHsDhSd.exe
  2⤵
  PID:9384
- C:\Windows\System32\pMqmlBF.exe
  C:\Windows\System32\pMqmlBF.exe
  2⤵
  PID:9408
- C:\Windows\System32\rFdKXjI.exe
  C:\Windows\System32\rFdKXjI.exe
  2⤵
  PID:9440
- C:\Windows\System32\VhDCPeu.exe
  C:\Windows\System32\VhDCPeu.exe
  2⤵
  PID:9460
- C:\Windows\System32\qqmXMqp.exe
  C:\Windows\System32\qqmXMqp.exe
  2⤵
  PID:9492
- C:\Windows\System32\yTSCCmb.exe
  C:\Windows\System32\yTSCCmb.exe
  2⤵
  PID:9512
- C:\Windows\System32\ESTSDDc.exe
  C:\Windows\System32\ESTSDDc.exe
  2⤵
  PID:9532
- C:\Windows\System32\hadALhV.exe
  C:\Windows\System32\hadALhV.exe
  2⤵
  PID:9556
- C:\Windows\System32\tqmqrmu.exe
  C:\Windows\System32\tqmqrmu.exe
  2⤵
  PID:9572
- C:\Windows\System32\xzWNpOo.exe
  C:\Windows\System32\xzWNpOo.exe
  2⤵
  PID:9616
- C:\Windows\System32\BbZBXFp.exe
  C:\Windows\System32\BbZBXFp.exe
  2⤵
  PID:9644
- C:\Windows\System32\EitPFOP.exe
  C:\Windows\System32\EitPFOP.exe
  2⤵
  PID:9712
- C:\Windows\System32\jMNmlnK.exe
  C:\Windows\System32\jMNmlnK.exe
  2⤵
  PID:9728
- C:\Windows\System32\MFyvWhK.exe
  C:\Windows\System32\MFyvWhK.exe
  2⤵
  PID:9752
- C:\Windows\System32\ImMUIPn.exe
  C:\Windows\System32\ImMUIPn.exe
  2⤵
  PID:9800
- C:\Windows\System32\oxGNFeK.exe
  C:\Windows\System32\oxGNFeK.exe
  2⤵
  PID:9828
- C:\Windows\System32\OljJHuX.exe
  C:\Windows\System32\OljJHuX.exe
  2⤵
  PID:9848
- C:\Windows\System32\XlMtRNg.exe
  C:\Windows\System32\XlMtRNg.exe
  2⤵
  PID:9872
- C:\Windows\System32\CqVqtpN.exe
  C:\Windows\System32\CqVqtpN.exe
  2⤵
  PID:9896
- C:\Windows\System32\ecPlUUm.exe
  C:\Windows\System32\ecPlUUm.exe
  2⤵
  PID:9940
- C:\Windows\System32\SMyvZEk.exe
  C:\Windows\System32\SMyvZEk.exe
  2⤵
  PID:9968
- C:\Windows\System32\nrogbDA.exe
  C:\Windows\System32\nrogbDA.exe
  2⤵
  PID:9984
- C:\Windows\System32\hvFpGLi.exe
  C:\Windows\System32\hvFpGLi.exe
  2⤵
  PID:10012
- C:\Windows\System32\ngsaDeL.exe
  C:\Windows\System32\ngsaDeL.exe
  2⤵
  PID:10032
- C:\Windows\System32\zuKSJNq.exe
  C:\Windows\System32\zuKSJNq.exe
  2⤵
  PID:10072
- C:\Windows\System32\dmCNMxt.exe
  C:\Windows\System32\dmCNMxt.exe
  2⤵
  PID:10104
- C:\Windows\System32\zubiHhi.exe
  C:\Windows\System32\zubiHhi.exe
  2⤵
  PID:10124
- C:\Windows\System32\NrCgdye.exe
  C:\Windows\System32\NrCgdye.exe
  2⤵
  PID:10172
- C:\Windows\System32\pEQySjj.exe
  C:\Windows\System32\pEQySjj.exe
  2⤵
  PID:10188
- C:\Windows\System32\PaUOqRU.exe
  C:\Windows\System32\PaUOqRU.exe
  2⤵
  PID:10224
- C:\Windows\System32\kiFgOQu.exe
  C:\Windows\System32\kiFgOQu.exe
  2⤵
  PID:8816
- C:\Windows\System32\qRYbTkX.exe
  C:\Windows\System32\qRYbTkX.exe
  2⤵
  PID:9252
- C:\Windows\System32\cGDBUqg.exe
  C:\Windows\System32\cGDBUqg.exe
  2⤵
  PID:9276
- C:\Windows\System32\dIZnLwY.exe
  C:\Windows\System32\dIZnLwY.exe
  2⤵
  PID:9300
- C:\Windows\System32\KyLwzKT.exe
  C:\Windows\System32\KyLwzKT.exe
  2⤵
  PID:9420
- C:\Windows\System32\iEwdjsU.exe
  C:\Windows\System32\iEwdjsU.exe
  2⤵
  PID:9436
- C:\Windows\System32\ncKSNmr.exe
  C:\Windows\System32\ncKSNmr.exe
  2⤵
  PID:9548
- C:\Windows\System32\vrArHsX.exe
  C:\Windows\System32\vrArHsX.exe
  2⤵
  PID:9568
- C:\Windows\System32\QXHFVvX.exe
  C:\Windows\System32\QXHFVvX.exe
  2⤵
  PID:9652
- C:\Windows\System32\nPPmRqP.exe
  C:\Windows\System32\nPPmRqP.exe
  2⤵
  PID:9744
- C:\Windows\System32\zKrjvJN.exe
  C:\Windows\System32\zKrjvJN.exe
  2⤵
  PID:9812
- C:\Windows\System32\qvmVgnc.exe
  C:\Windows\System32\qvmVgnc.exe
  2⤵
  PID:9888
- C:\Windows\System32\qncwuEb.exe
  C:\Windows\System32\qncwuEb.exe
  2⤵
  PID:9932
- C:\Windows\System32\wvbJkBX.exe
  C:\Windows\System32\wvbJkBX.exe
  2⤵
  PID:9952
- C:\Windows\System32\KemMGkA.exe
  C:\Windows\System32\KemMGkA.exe
  2⤵
  PID:10000
- C:\Windows\System32\pNFMVSy.exe
  C:\Windows\System32\pNFMVSy.exe
  2⤵
  PID:10088
- C:\Windows\System32\CrBvmew.exe
  C:\Windows\System32\CrBvmew.exe
  2⤵
  PID:10160
- C:\Windows\System32\yAaJJuA.exe
  C:\Windows\System32\yAaJJuA.exe
  2⤵
  PID:10236
- C:\Windows\System32\MKotbhV.exe
  C:\Windows\System32\MKotbhV.exe
  2⤵
  PID:9304
- C:\Windows\System32\CQlePJY.exe
  C:\Windows\System32\CQlePJY.exe
  2⤵
  PID:9564
- C:\Windows\System32\oqqmJRj.exe
  C:\Windows\System32\oqqmJRj.exe
  2⤵
  PID:9696
- C:\Windows\System32\BWwqFSB.exe
  C:\Windows\System32\BWwqFSB.exe
  2⤵
  PID:9960
- C:\Windows\System32\riLgMlH.exe
  C:\Windows\System32\riLgMlH.exe
  2⤵
  PID:9864
- C:\Windows\System32\VIHovHN.exe
  C:\Windows\System32\VIHovHN.exe
  2⤵
  PID:10044
- C:\Windows\System32\sznplwv.exe
  C:\Windows\System32\sznplwv.exe
  2⤵
  PID:10140
- C:\Windows\System32\mRdBhQe.exe
  C:\Windows\System32\mRdBhQe.exe
  2⤵
  PID:9288
- C:\Windows\System32\OgkCpEG.exe
  C:\Windows\System32\OgkCpEG.exe
  2⤵
  PID:9672
- C:\Windows\System32\jQuwJKd.exe
  C:\Windows\System32\jQuwJKd.exe
  2⤵
  PID:10068
- C:\Windows\System32\MVSAvtt.exe
  C:\Windows\System32\MVSAvtt.exe
  2⤵
  PID:9360
- C:\Windows\System32\gVlvcnj.exe
  C:\Windows\System32\gVlvcnj.exe
  2⤵
  PID:10264
- C:\Windows\System32\IkKFiLP.exe
  C:\Windows\System32\IkKFiLP.exe
  2⤵
  PID:10320
- C:\Windows\System32\VUsHLOV.exe
  C:\Windows\System32\VUsHLOV.exe
  2⤵
  PID:10356
- C:\Windows\System32\jZUFYKD.exe
  C:\Windows\System32\jZUFYKD.exe
  2⤵
  PID:10372
- C:\Windows\System32\BoQhoxN.exe
  C:\Windows\System32\BoQhoxN.exe
  2⤵
  PID:10400
- C:\Windows\System32\TnLIquG.exe
  C:\Windows\System32\TnLIquG.exe
  2⤵
  PID:10428
- C:\Windows\System32\GOqKaEF.exe
  C:\Windows\System32\GOqKaEF.exe
  2⤵
  PID:10452
- C:\Windows\System32\eJSqzWg.exe
  C:\Windows\System32\eJSqzWg.exe
  2⤵
  PID:10476
- C:\Windows\System32\AJHNIPR.exe
  C:\Windows\System32\AJHNIPR.exe
  2⤵
  PID:10500
- C:\Windows\System32\cmMqswY.exe
  C:\Windows\System32\cmMqswY.exe
  2⤵
  PID:10516
- C:\Windows\System32\yUsVWcR.exe
  C:\Windows\System32\yUsVWcR.exe
  2⤵
  PID:10536
- C:\Windows\System32\NWxLAEg.exe
  C:\Windows\System32\NWxLAEg.exe
  2⤵
  PID:10556
- C:\Windows\System32\RgCsrpO.exe
  C:\Windows\System32\RgCsrpO.exe
  2⤵
  PID:10576
- C:\Windows\System32\FQjOMtG.exe
  C:\Windows\System32\FQjOMtG.exe
  2⤵
  PID:10648
- C:\Windows\System32\AvYOiwK.exe
  C:\Windows\System32\AvYOiwK.exe
  2⤵
  PID:10664
- C:\Windows\System32\eyTaYPq.exe
  C:\Windows\System32\eyTaYPq.exe
  2⤵
  PID:10708
- C:\Windows\System32\GvIKoFP.exe
  C:\Windows\System32\GvIKoFP.exe
  2⤵
  PID:10736
- C:\Windows\System32\vmnkdJa.exe
  C:\Windows\System32\vmnkdJa.exe
  2⤵
  PID:10756
- C:\Windows\System32\TEyRzGH.exe
  C:\Windows\System32\TEyRzGH.exe
  2⤵
  PID:10784
- C:\Windows\System32\nSbUVJp.exe
  C:\Windows\System32\nSbUVJp.exe
  2⤵
  PID:10820
- C:\Windows\System32\CLcRmVo.exe
  C:\Windows\System32\CLcRmVo.exe
  2⤵
  PID:10852
- C:\Windows\System32\QSAcFyC.exe
  C:\Windows\System32\QSAcFyC.exe
  2⤵
  PID:10876
- C:\Windows\System32\PMhHVnx.exe
  C:\Windows\System32\PMhHVnx.exe
  2⤵
  PID:10896
- C:\Windows\System32\QETkECC.exe
  C:\Windows\System32\QETkECC.exe
  2⤵
  PID:10920
- C:\Windows\System32\erlnYvE.exe
  C:\Windows\System32\erlnYvE.exe
  2⤵
  PID:10952
- C:\Windows\System32\SyDUoSr.exe
  C:\Windows\System32\SyDUoSr.exe
  2⤵
  PID:10976
- C:\Windows\System32\rMvDvbs.exe
  C:\Windows\System32\rMvDvbs.exe
  2⤵
  PID:10996
- C:\Windows\System32\WTYYzTQ.exe
  C:\Windows\System32\WTYYzTQ.exe
  2⤵
  PID:11020
- C:\Windows\System32\PnMSdKe.exe
  C:\Windows\System32\PnMSdKe.exe
  2⤵
  PID:11092
- C:\Windows\System32\ATqlNiu.exe
  C:\Windows\System32\ATqlNiu.exe
  2⤵
  PID:11112
- C:\Windows\System32\zSJSIRk.exe
  C:\Windows\System32\zSJSIRk.exe
  2⤵
  PID:11132
- C:\Windows\System32\GegyywT.exe
  C:\Windows\System32\GegyywT.exe
  2⤵
  PID:11156
- C:\Windows\System32\OMdHXMK.exe
  C:\Windows\System32\OMdHXMK.exe
  2⤵
  PID:11180
- C:\Windows\System32\stOTGmY.exe
  C:\Windows\System32\stOTGmY.exe
  2⤵
  PID:11212
- C:\Windows\System32\hMAWvDB.exe
  C:\Windows\System32\hMAWvDB.exe
  2⤵
  PID:11248
- C:\Windows\System32\xPNRVlU.exe
  C:\Windows\System32\xPNRVlU.exe
  2⤵
  PID:10112
- C:\Windows\System32\KtixOjt.exe
  C:\Windows\System32\KtixOjt.exe
  2⤵
  PID:9628
- C:\Windows\System32\dcPcldE.exe
  C:\Windows\System32\dcPcldE.exe
  2⤵
  PID:10296
- C:\Windows\System32\EiZUqQw.exe
  C:\Windows\System32\EiZUqQw.exe
  2⤵
  PID:10328
- C:\Windows\System32\FNfnwBs.exe
  C:\Windows\System32\FNfnwBs.exe
  2⤵
  PID:10412
- C:\Windows\System32\mgbYmeU.exe
  C:\Windows\System32\mgbYmeU.exe
  2⤵
  PID:10572
- C:\Windows\System32\DBYjNWA.exe
  C:\Windows\System32\DBYjNWA.exe
  2⤵
  PID:10608
- C:\Windows\System32\ZGusqrW.exe
  C:\Windows\System32\ZGusqrW.exe
  2⤵
  PID:10656
- C:\Windows\System32\nHhLIJU.exe
  C:\Windows\System32\nHhLIJU.exe
  2⤵
  PID:10764
- C:\Windows\System32\TgjZezH.exe
  C:\Windows\System32\TgjZezH.exe
  2⤵
  PID:10772
- C:\Windows\System32\fTcvnFh.exe
  C:\Windows\System32\fTcvnFh.exe
  2⤵
  PID:11004
- C:\Windows\System32\AZroNgN.exe
  C:\Windows\System32\AZroNgN.exe
  2⤵
  PID:11200
- C:\Windows\System32\knWTZQO.exe
  C:\Windows\System32\knWTZQO.exe
  2⤵
  PID:10304
- C:\Windows\System32\uugazTu.exe
  C:\Windows\System32\uugazTu.exe
  2⤵
  PID:10280
- C:\Windows\System32\uYjVYGP.exe
  C:\Windows\System32\uYjVYGP.exe
  2⤵
  PID:10636
- C:\Windows\System32\oXgKTPG.exe
  C:\Windows\System32\oXgKTPG.exe
  2⤵
  PID:10804
- C:\Windows\System32\vuOWTEo.exe
  C:\Windows\System32\vuOWTEo.exe
  2⤵
  PID:10872
- C:\Windows\System32\Gnpbprr.exe
  C:\Windows\System32\Gnpbprr.exe
  2⤵
  PID:10908
- C:\Windows\System32\eCqCqlX.exe
  C:\Windows\System32\eCqCqlX.exe
  2⤵
  PID:10904
- C:\Windows\System32\DzZUbQq.exe
  C:\Windows\System32\DzZUbQq.exe
  2⤵
  PID:10964
- C:\Windows\System32\WAnMiSI.exe
  C:\Windows\System32\WAnMiSI.exe
  2⤵
  PID:11108
- C:\Windows\System32\yBCFqaI.exe
  C:\Windows\System32\yBCFqaI.exe
  2⤵
  PID:11100
- C:\Windows\System32\eQcLbtg.exe
  C:\Windows\System32\eQcLbtg.exe
  2⤵
  PID:9380
- C:\Windows\System32\DyfFLUL.exe
  C:\Windows\System32\DyfFLUL.exe
  2⤵
  PID:10676
- C:\Windows\System32\uUBsJpF.exe
  C:\Windows\System32\uUBsJpF.exe
  2⤵
  PID:10840
- C:\Windows\System32\nqMVozO.exe
  C:\Windows\System32\nqMVozO.exe
  2⤵
  PID:11088
- C:\Windows\System32\cJQyzGK.exe
  C:\Windows\System32\cJQyzGK.exe
  2⤵
  PID:11068
- C:\Windows\System32\MeuDNeq.exe
  C:\Windows\System32\MeuDNeq.exe
  2⤵
  PID:10408
- C:\Windows\System32\VjxVKmQ.exe
  C:\Windows\System32\VjxVKmQ.exe
  2⤵
  PID:11324
- C:\Windows\System32\QUOAesq.exe
  C:\Windows\System32\QUOAesq.exe
  2⤵
  PID:11356
- C:\Windows\System32\oZkprub.exe
  C:\Windows\System32\oZkprub.exe
  2⤵
  PID:11376
- C:\Windows\System32\vGvLhcV.exe
  C:\Windows\System32\vGvLhcV.exe
  2⤵
  PID:11404
- C:\Windows\System32\kodkcWo.exe
  C:\Windows\System32\kodkcWo.exe
  2⤵
  PID:11420
- C:\Windows\System32\bNTFTel.exe
  C:\Windows\System32\bNTFTel.exe
  2⤵
  PID:11452
- C:\Windows\System32\LKlJggk.exe
  C:\Windows\System32\LKlJggk.exe
  2⤵
  PID:11500
- C:\Windows\System32\qBygrIJ.exe
  C:\Windows\System32\qBygrIJ.exe
  2⤵
  PID:11524
- C:\Windows\System32\pMJomNw.exe
  C:\Windows\System32\pMJomNw.exe
  2⤵
  PID:11544
- C:\Windows\System32\lFBOGSi.exe
  C:\Windows\System32\lFBOGSi.exe
  2⤵
  PID:11572
- C:\Windows\System32\bEDkgHf.exe
  C:\Windows\System32\bEDkgHf.exe
  2⤵
  PID:11592
- C:\Windows\System32\GkfkAZb.exe
  C:\Windows\System32\GkfkAZb.exe
  2⤵
  PID:11620
- C:\Windows\System32\xiveiym.exe
  C:\Windows\System32\xiveiym.exe
  2⤵
  PID:11644
- C:\Windows\System32\tbWGCKP.exe
  C:\Windows\System32\tbWGCKP.exe
  2⤵
  PID:11680
- C:\Windows\System32\vdLnyWb.exe
  C:\Windows\System32\vdLnyWb.exe
  2⤵
  PID:11704
- C:\Windows\System32\tzKncrK.exe
  C:\Windows\System32\tzKncrK.exe
  2⤵
  PID:11740
- C:\Windows\System32\qyaPXme.exe
  C:\Windows\System32\qyaPXme.exe
  2⤵
  PID:11768
- C:\Windows\System32\nQrCUrk.exe
  C:\Windows\System32\nQrCUrk.exe
  2⤵
  PID:11792
- C:\Windows\System32\MbTFsPN.exe
  C:\Windows\System32\MbTFsPN.exe
  2⤵
  PID:11852
- C:\Windows\System32\uWDmvKC.exe
  C:\Windows\System32\uWDmvKC.exe
  2⤵
  PID:11868
- C:\Windows\System32\LzfGySF.exe
  C:\Windows\System32\LzfGySF.exe
  2⤵
  PID:11900
- C:\Windows\System32\IgoxZUa.exe
  C:\Windows\System32\IgoxZUa.exe
  2⤵
  PID:11924
- C:\Windows\System32\FkEHgxf.exe
  C:\Windows\System32\FkEHgxf.exe
  2⤵
  PID:11940
- C:\Windows\System32\aLSSPLb.exe
  C:\Windows\System32\aLSSPLb.exe
  2⤵
  PID:11980
- C:\Windows\System32\epetDKb.exe
  C:\Windows\System32\epetDKb.exe
  2⤵
  PID:12020
- C:\Windows\System32\NqLfIAY.exe
  C:\Windows\System32\NqLfIAY.exe
  2⤵
  PID:12036
- C:\Windows\System32\wJaUagK.exe
  C:\Windows\System32\wJaUagK.exe
  2⤵
  PID:12056
- C:\Windows\System32\fHnaifr.exe
  C:\Windows\System32\fHnaifr.exe
  2⤵
  PID:12076
- C:\Windows\System32\hsWMtdb.exe
  C:\Windows\System32\hsWMtdb.exe
  2⤵
  PID:12092
- C:\Windows\System32\dzeZJVC.exe
  C:\Windows\System32\dzeZJVC.exe
  2⤵
  PID:12112
- C:\Windows\System32\XPSyplD.exe
  C:\Windows\System32\XPSyplD.exe
  2⤵
  PID:12148
- C:\Windows\System32\DyPnRrM.exe
  C:\Windows\System32\DyPnRrM.exe
  2⤵
  PID:12164
- C:\Windows\System32\hcbNjXo.exe
  C:\Windows\System32\hcbNjXo.exe
  2⤵
  PID:12184
- C:\Windows\System32\yesfCcT.exe
  C:\Windows\System32\yesfCcT.exe
  2⤵
  PID:12204
- C:\Windows\System32\sIKqdlo.exe
  C:\Windows\System32\sIKqdlo.exe
  2⤵
  PID:12228
- C:\Windows\System32\jcOKOFS.exe
  C:\Windows\System32\jcOKOFS.exe
  2⤵
  PID:10888
- C:\Windows\System32\sDUTNAE.exe
  C:\Windows\System32\sDUTNAE.exe
  2⤵
  PID:11140
- C:\Windows\System32\njFLIiG.exe
  C:\Windows\System32\njFLIiG.exe
  2⤵
  PID:11332
- C:\Windows\System32\AyPvzWS.exe
  C:\Windows\System32\AyPvzWS.exe
  2⤵
  PID:11388
- C:\Windows\System32\wxkGmJh.exe
  C:\Windows\System32\wxkGmJh.exe
  2⤵
  PID:11472
- C:\Windows\System32\NGVZcMv.exe
  C:\Windows\System32\NGVZcMv.exe
  2⤵
  PID:11532
- C:\Windows\System32\BgKlSDu.exe
  C:\Windows\System32\BgKlSDu.exe
  2⤵
  PID:11556
- C:\Windows\System32\pUoTEuR.exe
  C:\Windows\System32\pUoTEuR.exe
  2⤵
  PID:11732
- C:\Windows\System32\AzSNgXK.exe
  C:\Windows\System32\AzSNgXK.exe
  2⤵
  PID:11752
- C:\Windows\System32\sLKiEZe.exe
  C:\Windows\System32\sLKiEZe.exe
  2⤵
  PID:11816
- C:\Windows\System32\DPdviDg.exe
  C:\Windows\System32\DPdviDg.exe
  2⤵
  PID:11860
- C:\Windows\System32\HBtxrYc.exe
  C:\Windows\System32\HBtxrYc.exe
  2⤵
  PID:11884
- C:\Windows\System32\FbfAzzo.exe
  C:\Windows\System32\FbfAzzo.exe
  2⤵
  PID:2344
- C:\Windows\System32\wJnSnhU.exe
  C:\Windows\System32\wJnSnhU.exe
  2⤵
  PID:11976
- C:\Windows\System32\utJobsC.exe
  C:\Windows\System32\utJobsC.exe
  2⤵
  PID:12008
- C:\Windows\System32\AgBCMcn.exe
  C:\Windows\System32\AgBCMcn.exe
  2⤵
  PID:12064
- C:\Windows\System32\YAQOYwN.exe
  C:\Windows\System32\YAQOYwN.exe
  2⤵
  PID:12200
- C:\Windows\System32\XdYOITn.exe
  C:\Windows\System32\XdYOITn.exe
  2⤵
  PID:12260
- C:\Windows\System32\LBaInoD.exe
  C:\Windows\System32\LBaInoD.exe
  2⤵
  PID:11204
- C:\Windows\System32\ZKEUZvb.exe
  C:\Windows\System32\ZKEUZvb.exe
  2⤵
  PID:11280
- C:\Windows\System32\IjOAutF.exe
  C:\Windows\System32\IjOAutF.exe
  2⤵
  PID:11512
- C:\Windows\System32\IABQiip.exe
  C:\Windows\System32\IABQiip.exe
  2⤵
  PID:11808
- C:\Windows\System32\vAsVcAZ.exe
  C:\Windows\System32\vAsVcAZ.exe
  2⤵
  PID:11888
- C:\Windows\System32\JJEksph.exe
  C:\Windows\System32\JJEksph.exe
  2⤵
  PID:10724
- C:\Windows\System32\GXUhBeM.exe
  C:\Windows\System32\GXUhBeM.exe
  2⤵
  PID:12004
- C:\Windows\System32\zRcEFMB.exe
  C:\Windows\System32\zRcEFMB.exe
  2⤵
  PID:12124
- C:\Windows\System32\hJwclzp.exe
  C:\Windows\System32\hJwclzp.exe
  2⤵
  PID:11368
- C:\Windows\System32\pmYveio.exe
  C:\Windows\System32\pmYveio.exe
  2⤵
  PID:11836
- C:\Windows\System32\ocSTWTd.exe
  C:\Windows\System32\ocSTWTd.exe
  2⤵
  PID:12084
- C:\Windows\System32\KmYlizu.exe
  C:\Windows\System32\KmYlizu.exe
  2⤵
  PID:11780
- C:\Windows\System32\fsejdsS.exe
  C:\Windows\System32\fsejdsS.exe
  2⤵
  PID:12328
- C:\Windows\System32\EbWgEVv.exe
  C:\Windows\System32\EbWgEVv.exe
  2⤵
  PID:12352
- C:\Windows\System32\KBIqaSu.exe
  C:\Windows\System32\KBIqaSu.exe
  2⤵
  PID:12368
- C:\Windows\System32\nqGMpcX.exe
  C:\Windows\System32\nqGMpcX.exe
  2⤵
  PID:12388
- C:\Windows\System32\KcQsYzM.exe
  C:\Windows\System32\KcQsYzM.exe
  2⤵
  PID:12412
- C:\Windows\System32\BiSnigc.exe
  C:\Windows\System32\BiSnigc.exe
  2⤵
  PID:12464
- C:\Windows\System32\wLJLBDI.exe
  C:\Windows\System32\wLJLBDI.exe
  2⤵
  PID:12484
- C:\Windows\System32\dQqJLJI.exe
  C:\Windows\System32\dQqJLJI.exe
  2⤵
  PID:12508
- C:\Windows\System32\NFUDIIE.exe
  C:\Windows\System32\NFUDIIE.exe
  2⤵
  PID:12528
- C:\Windows\System32\PscqhVt.exe
  C:\Windows\System32\PscqhVt.exe
  2⤵
  PID:12552
- C:\Windows\System32\DisqFHQ.exe
  C:\Windows\System32\DisqFHQ.exe
  2⤵
  PID:12584
- C:\Windows\System32\rWEdszh.exe
  C:\Windows\System32\rWEdszh.exe
  2⤵
  PID:12608
- C:\Windows\System32\GZvsvXn.exe
  C:\Windows\System32\GZvsvXn.exe
  2⤵
  PID:12628
- C:\Windows\System32\HPQlpWL.exe
  C:\Windows\System32\HPQlpWL.exe
  2⤵
  PID:12656
- C:\Windows\System32\ZrwGuVT.exe
  C:\Windows\System32\ZrwGuVT.exe
  2⤵
  PID:12676
- C:\Windows\System32\kdjrQhb.exe
  C:\Windows\System32\kdjrQhb.exe
  2⤵
  PID:12692
- C:\Windows\System32\rRmWYTr.exe
  C:\Windows\System32\rRmWYTr.exe
  2⤵
  PID:12724
- C:\Windows\System32\ZOodiFQ.exe
  C:\Windows\System32\ZOodiFQ.exe
  2⤵
  PID:12740
- C:\Windows\System32\CCmqeMK.exe
  C:\Windows\System32\CCmqeMK.exe
  2⤵
  PID:12764
- C:\Windows\System32\zsSATVq.exe
  C:\Windows\System32\zsSATVq.exe
  2⤵
  PID:12816
- C:\Windows\System32\UHCUzHL.exe
  C:\Windows\System32\UHCUzHL.exe
  2⤵
  PID:12844
- C:\Windows\System32\YCTkYea.exe
  C:\Windows\System32\YCTkYea.exe
  2⤵
  PID:12888
- C:\Windows\System32\oXuCdRz.exe
  C:\Windows\System32\oXuCdRz.exe
  2⤵
  PID:12916
- C:\Windows\System32\ZgPlsiL.exe
  C:\Windows\System32\ZgPlsiL.exe
  2⤵
  PID:12940
- C:\Windows\System32\rZUsMvG.exe
  C:\Windows\System32\rZUsMvG.exe
  2⤵
  PID:12976
- C:\Windows\System32\iXaXmHw.exe
  C:\Windows\System32\iXaXmHw.exe
  2⤵
  PID:13012
- C:\Windows\System32\YBWroyK.exe
  C:\Windows\System32\YBWroyK.exe
  2⤵
  PID:13032
- C:\Windows\System32\HOhFzVj.exe
  C:\Windows\System32\HOhFzVj.exe
  2⤵
  PID:13060
- C:\Windows\System32\zpxYIxV.exe
  C:\Windows\System32\zpxYIxV.exe
  2⤵
  PID:13100
- C:\Windows\System32\KAlDaCZ.exe
  C:\Windows\System32\KAlDaCZ.exe
  2⤵
  PID:13136

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AYLRjDE.exe

Filesize
1.3MB

MD5
69c617f3bac77ad9da2a0699615a6266

SHA1
14eabb5bca5e2b2f50b2ddacd3161b1de1b51e35

SHA256
85d0f7e3c39ee43390442dac1cd0ec14e248b38320ad022a464b74bec493da42

SHA512
e66809ae5d0d77c115c01aa95cea46b4c60fcf4782193b11372e166423847e6618d864ea3aa67d7185148e1d62b118bb6f173daf8a449ace3b76c3e2968199d9

Download Submit
C:\Windows\System32\ChNFIMe.exe

Filesize
1.3MB

MD5
6807f4f047b32036106e9093582a6b94

SHA1
503a090030f2159a1dd7d2f3eeece880aa697e05

SHA256
b5c52bd8296ef9d6ab64188318304b26de2c671f8d9705ce49e6a3ee247ea5ba

SHA512
90e797aa8dc89312918ce8155566b276a0b576b11fd94cc7f0a5c28dcb2cad72d569a6411b3bf708e7c388833afa517cd69e6e5a129f72919c92c797e1547712

Download Submit
C:\Windows\System32\DIPUZui.exe

Filesize
1.3MB

MD5
4238ffec1820e89fa9da255ef69bf703

SHA1
b2692cb654497e5bb489c16a107a94bd7dd365b4

SHA256
1fd1d9b0eb22cad8727119b163ea7e37198a6bbc2db78c0b7368008ce2488dba

SHA512
243fa18df235c7c97c2db5d27066b17876d002b9a9b307c8e55189a5514fcb5825d20adceb98241adb30b59f89352688cf50239ac47eef8da8e2793173b9fd08

Download Submit
C:\Windows\System32\DMyCidb.exe

Filesize
1.3MB

MD5
a968b24d227e8b92da624684f0169e9f

SHA1
913f21350b212c69fd74d55afeb52e488b8c7ec6

SHA256
97b56678cf277d31df3b81612fdbc86122c6ead7769c4a82d8fb77dc8386108b

SHA512
7ae1ff85d7a45f967f5ca89c74446060b6bd53a05fe715495ee7a5e8b3059fd9359ddd9ff0e9f4718d789705195bb38384093fe1e9695b0880aae406f53e162c

Download Submit
C:\Windows\System32\DUAkILs.exe

Filesize
1.3MB

MD5
debd5c9b3cd89b0b9d11e912fe0f902d

SHA1
d0f402dc23ea2da626bcaf14be6f47a1c4518f83

SHA256
0dae5b311bec3cc5e7abe63057251080633a478572660697fa01420422614022

SHA512
96f42558471d235087e6f47b3224781f6c77b4fc3ca115543b67e76048dd615782e5f7c9cd1867d8d7c2ed38e9d7ef5dd746b36dab56e89e233a9790762f8169

Download Submit
C:\Windows\System32\DamGMKJ.exe

Filesize
1.3MB

MD5
8c7596d28b610fda5c287c5def17de43

SHA1
926447d14bc5bd8f7a2fa0e270f514536efbf68d

SHA256
9dff4b96342b3c9ef709bd16190c8ae05cc94be0e613d13e7977cfb1e806ed04

SHA512
a9226b83b8fe87bcff6b92c43a5d5794ae7e03a838d5f45309ce57258c352ab6add273fcf3e51732ea5b394b28af807b017699aaf6a98a460231bd388020cd2d

Download Submit
C:\Windows\System32\FmPmCpw.exe

Filesize
1.3MB

MD5
d4a38298bb5c007f54dc96c48352f521

SHA1
afd51d85f2efbf50b3f75da998906cacd539477c

SHA256
569082e45ee72da23ddc9ed498e7565a04423b4f523b9cc391a24714ee89d14d

SHA512
7dc521e804b889dae2fbaf1d369f6926a5b85edc060058d2ef321964be672f0a97f776a6def7a8fa0d36e90c975cea624225bce9291b013a58f6aef04c4e56e8

Download Submit
C:\Windows\System32\JTksNvO.exe

Filesize
1.3MB

MD5
9df1aec8adc39dbdaf0f1ec43e58c1b8

SHA1
7a42ea20adb3e98dbb48d6ef72f242a4887a20b7

SHA256
c5103a6adc08ec41cfbb73c9e6ece64998d36665e06dff73674ccdeab61f4526

SHA512
eb79b98ff89a2211fb3f312db03c9f93ed84d6e3f2941f9460a3d204090371040a0d475cf0f9a601bf02f5ba0734242884373dcfb8e8ab5f475dbb060e8c99f7

Download Submit
C:\Windows\System32\LZhzNkN.exe

Filesize
1.3MB

MD5
84bcc2150d10a5577e5726803cb962ec

SHA1
56e3b5ba6f7ce220abea5211a347c2d3622a43df

SHA256
6a6b0d9d96c04b8aa6ada577de427910508f1947a7d2429d7394fe1f51ebc9c0

SHA512
db99c6124e5f75f0b1bd9056efc5b50af03f78ed3d941bfde5a50167b2958fc36f0fbc48912f77fb33fc9b0e3e8b6a2938081af0f92689fd5b1b4443850b34d0

Download Submit
C:\Windows\System32\LjfqiHV.exe

Filesize
1.3MB

MD5
ed114721b3b2b4d54b3a8b1a54b50e81

SHA1
25628a50bd232aaa20cbbf8393c41cd76e4f76a3

SHA256
478dc2e01511f770b51e8b0a7b7d6619233ad22979a0ee9529378ffd235302fd

SHA512
018037be7bc4e2a730d4b8bfa324ed3d11e637ecbfcc61651bb31f38baae18bbfb7b149eb093e674680ef4f90e7ee21780b17d7a50f83ddf0e1505f427353af2

Download Submit
C:\Windows\System32\MIHWbQz.exe

Filesize
1.3MB

MD5
de2c3fc3efe1fabd96031c589e6eba35

SHA1
f0c578a9852033b3ed0ce3d03e8a2044e4056a10

SHA256
26d52e5d24a43f6d47a73807a2e75d4943c8efab6c125200b7eb032c97038af0

SHA512
53d8c4b032ad45ca84aed19554ceefdd8bbfe5b44e37727d4053c5f5cf5f072302b0cdbd46660e276d5d7293972f1a6ff7344809d7147e610442b1330484ca37

Download Submit
C:\Windows\System32\MSSShpQ.exe

Filesize
1.3MB

MD5
11828abb3771d5770bd314f612b67589

SHA1
e27dc8ebac5b6b04f5030c85b7db40b49e9ec181

SHA256
baad11ed99d56bf42f2043f6c93d6ea801914b63b0d40befb653922332e7c276

SHA512
bb863af6d17256ce460c9a692c4bc2567571f29342f03feeb958b1f5e03d54f85c32e4ddda8d9b6470679ef063854c0fed26aade6dffe0ab1d846d932bbe1190

Download Submit
C:\Windows\System32\PyuUkVe.exe

Filesize
1.3MB

MD5
51390fc3020eb916d6ce046888dc23bc

SHA1
7fcf58a0395e9714bd0e24b84628e89a76960d1e

SHA256
4ff695be8c1629608ce44d71413e9073305160c2b370e9bb1274d598614c2504

SHA512
45026cacd46dd0e913ed32df9e7f6135fc8030647447f5bc248599931cc371c16458bf0c506b0827cc5751cd6657c0ce3c8226d3315d630e36d4220417466b93

Download Submit
C:\Windows\System32\QqDgWVm.exe

Filesize
1.3MB

MD5
165c7c2ca2d023ccbc0629bbcbd22be5

SHA1
21019f3501f2cf4d2a584c531c86fc837921bb65

SHA256
afb5c7870c5c1db6074cc4fa8672a1440be3146e4544b5fe1d26258c9d8c321d

SHA512
a3d88100a3c8d61b3da52a12855c4fce01ec7277825531c1df1283a60ac3701b933d8ccc7cecc89d86ce82c1c49d881a4267fb136eb0c69ebc9b9114a09ec411

Download Submit
C:\Windows\System32\VSIBkET.exe

Filesize
1.3MB

MD5
2878236fd8ffb6b7f937b7673be338e9

SHA1
28f4111fa8efa838a181e8c631b167e7a145aa37

SHA256
e7fc80f97faa0781fb0be5db815b568a3d296bb14cbba4648768119b72ecfd80

SHA512
896010e73d4a7f2d19b2b381b72ee44a7b45903cb18bab8179ab052d0016b2fae9df1fe31076a622b30855984369d92943fcc6e79186169a3198d68e688bf9e7

Download Submit
C:\Windows\System32\YlFFiMQ.exe

Filesize
1.3MB

MD5
ef943f9b297279294b5101de5dd257a8

SHA1
2b473a11d41e139f46494e7c3ad996a87208b95e

SHA256
347acebcd9801e57500fb8054a81381a0661ca1baa2f442ca312414e63167b91

SHA512
87ccc9eb573e13180dd658e7be7a8eb29446b982fda79ca6ccadff7238b78eea2f963526b758d282a87951991bdb0d442a8e7c5a429adc9b54a00ca3ba2015d2

Download Submit
C:\Windows\System32\aChzRXd.exe

Filesize
1.3MB

MD5
4304f664032ff91550dc0906e39bca1f

SHA1
05f41aaf524904374081eb944263cd8f40d1475a

SHA256
4bd8091c8138b3243b051cf6c0b2e0811c41ab75b0004a6e8e8b22c55cd3a12a

SHA512
124440e6abf7930e80c0ee79ed53d82fd49168fb4b28d2f0d7041eb8bdb55a66e6d6c8ee371e8d559435b9d1abb481c922d338cd090c4f55a1b7884a53a61485

Download Submit
C:\Windows\System32\cRIAZOL.exe

Filesize
1.3MB

MD5
4b57d73aeb366eaa68887e835a9ea395

SHA1
c32c1cee0dbec11264180ba603f88b046d73c9c4

SHA256
23397176d578faef31c7e6e92915eca77fe901e51e6033ef8bb11b548385040f

SHA512
7d3a914768c6cb02c9d3a03502237605c939e6bb0c1cbadece6f9def7bce4fee078ab895448eaaac814f8ca6883cfa04c084100d3743bd262797641d2048afe0

Download Submit
C:\Windows\System32\eJvGdmn.exe

Filesize
1.3MB

MD5
790f3d378a95dd569f14f92ea9689146

SHA1
2a7f1919426a9760d8b5339b170710ba5d07ceba

SHA256
dc7a6e64bcb36019befc66c0182a58c28f8d97b6c0bc0a80592db65ec63d6948

SHA512
aaa9b7828ea0d78e1c474d5d7fe64e4c1174cb5f92472d86006da507f6f2bb15ff86d1833c6be0acc27dd94c40196a87b9655451398457e4aa31b9d8624a098d

Download Submit
C:\Windows\System32\fIPkIGQ.exe

Filesize
1.3MB

MD5
290f7925cb29fdf84a7f75676c758f2e

SHA1
82c2f8ccb41d25f09a31393dc82ffd4f7e1ceb86

SHA256
c206818b31f48b9c5a1f7457ea1238d0b1e259e1643c35795f7aa8801dc9036d

SHA512
9dec029b956c5f86aa277d7a0b1026e1f5c424f87eae86b7b31e1209bca24f78d67ce37b596b54dab29d67df4a373b18f25adbd2478afea54aca291ebefda4f2

Download Submit
C:\Windows\System32\hlokOeK.exe

Filesize
1.3MB

MD5
2d3ad59ae351435b8a45c111da704e16

SHA1
edd3fbe86c3b9924e0a291561193f18acedbc1ab

SHA256
4ad0dfce608868e1634f0172b8df449db0602a8c7bc6efc3c559f4bbdc609d46

SHA512
41da9b838babd4da7efe514d337b3579f97c7b96d5fd46dd02d4b1c678c3d1ba12860824d64cbb1ff32360ddba45a0a067cefebf7cb9d081997824247347466b

Download Submit
C:\Windows\System32\jUrZVOH.exe

Filesize
1.3MB

MD5
a7abc119313b089dc2480e18f6e2c64f

SHA1
a06b7c3cc3afad87036d9e46a8b3b5a74644eec3

SHA256
5758ab08cf8cc87485368cbe1772229d45196fae63817f2ac8dcf814c9351bc8

SHA512
e28ebec9010f399dd7ed31652c878ef6928cc983c456c00ada24e2acd12fe1fb8b6beb194b459b9236106c0ce4600d6f808644ec3dffe6fcb4153d81ef8efa3a

Download Submit
C:\Windows\System32\jsqlVHU.exe

Filesize
1.3MB

MD5
5579970c17bae23d48f47cf9f360ceff

SHA1
ef05f027ada5e003d85f1b1516376b69c75c5a36

SHA256
b97cab5e7dc3df13a11c27d4e7fcf93e41a283651f62f41921c0c601acebf2ea

SHA512
f7b7cc9d8bd22123c6f09316f6ffe3ddcd6732ac03f6f1b57cccf971bcb7b937b7981de7b2afc591b2d576c00d4452f63be89005a1367e558fe30095ba779f74

Download Submit
C:\Windows\System32\kFjDqsi.exe

Filesize
1.3MB

MD5
152368a620752ea4d86dfa79575534f2

SHA1
0f076445b3c72d148a4ab7174c577eb3f2919172

SHA256
4940fe04a2036bdedd77cd2db5f4c9c77840e05faf529a355ab891df02e890ed

SHA512
064cb0cc2a7266c0f681ac55d934411a2843a2d85954d8eefde60bea242f7af67e822f6055f98795e7b32338b7e30b0edf9d6024c5f392d7b34170d366562ce2

Download Submit
C:\Windows\System32\kORgkXw.exe

Filesize
1.3MB

MD5
0c95417b73ae1f429252f8800073d1a3

SHA1
12123fa108524bc4f840ba11fbc32f813a1c1fe7

SHA256
73a30b1f46b0b33dc374097a9447cfa7001932024366aa0e851464709ff60001

SHA512
b2c8711a4b438c849bd53c6503a432ebaacaefe0bc464608cc0b42d914a6be960ca0e9007906a9646602a7610b4f5a37fb3ac26d30470763dfd4101359a4e802

Download Submit
C:\Windows\System32\kyhopMY.exe

Filesize
1.3MB

MD5
54467fcbc05f15b25ae510b9c879bcef

SHA1
673ee3c5b7127239e9e9da2ab09e01ffb84b97e2

SHA256
79c4a2ae8465fd3b2ef663fd519c7ae0152d7231bbdb3f88706abf87bea12d2f

SHA512
e6d83fdd1bd785f7e39cf948ce95d9e4bb51159c941ff43a4c22488ccd6d06c2dff69b71ee7d2f43a38c214e560708c5e941ceb3d9d9c5aaebdbc70757fbc867

Download Submit
C:\Windows\System32\qKmSrMr.exe

Filesize
1.3MB

MD5
bbffb1e49330218ea5799eef60437b67

SHA1
0efda23c98bcc678e399f55054e1de849404a38a

SHA256
6411fda4c9eab0e9ab32754c18e102c8e3f33d4442167a0bf97a60eb329f0298

SHA512
5158c774d9629da4a609ec92b94fd517d92251ca52e15bd1ddc5b2e0d5ac554bff1a82e6a07d133f7a7b8292e25bcab0d48747aa38e787d0806e677b66497229

Download Submit
C:\Windows\System32\uxpSjqx.exe

Filesize
1.3MB

MD5
fc21f28ff01d3d1dbf62287df9a35d2e

SHA1
352c2b2705b8adfa9515595c0ae3f70c3be72dd9

SHA256
e9233b50393a82fd260ab201bbc83b129da0456fb07fd1b22191d992d612ce4f

SHA512
9056df9cfd5b3f4b3b75897d4c52576a7e4580a19ad1c8957a75fcd61c3398160ec6173cbc0c06fa7c0d4d0c0fa4bb472e8af01976a2a8e7c31dfbc5428509f5

Download Submit
C:\Windows\System32\vwPWxSH.exe

Filesize
1.3MB

MD5
d02d4b811bb41593eb4692303bdd92c9

SHA1
32f110770e4084775387a5b613ae23c6c4a23763

SHA256
53a5d4d690a0fe4053fa73a54620a7f75fc0d0fcc3513d1dbc85011ad3d774eb

SHA512
0ee1f883d45eb416b5b9841c1a8d05840c50fac6e27347bc1c3bcb054d050f098612004e33f1926c8951473aadfbf65c5e644fc21aec9e42625fc442f28e875b

Download Submit
C:\Windows\System32\wnzjIoa.exe

Filesize
1.3MB

MD5
2f715bb12bbdd806b10c29b2dff990fe

SHA1
2e4a1f1f433fa032b0d88b7cb637b9b5d615355d

SHA256
eaab5596a3e9322de037599710047d95b60c4df057d1b6706168fdd4e78c4bb7

SHA512
7ca40a4379ad2f5b024cf1c131cbc340e16c1e2650031f9566f298aded362fe55a5d93673240608e38bf87df8edc280a0f3b52b17bc8603fc7bdb04fcf5e7a09

Download Submit
C:\Windows\System32\xMwRIRp.exe

Filesize
1.3MB

MD5
6a6c428a30cda8512ac0cbfa7b0115bb

SHA1
f2d6e857ac0153913ca3dad4d9a340c3bef025dc

SHA256
d6880d5559d960b4ed4fc6a96e245114303eeae210da64516c7da18f0f94df7f

SHA512
b7b39e1b2f925599bab59f7d198665709d47b836d486cf23d5a062eb5035382c67767fe8f64247f2bb48ca35765c3ae869c8c8fffcd4668b2f252eaa58c3d7cc

Download Submit
C:\Windows\System32\xREGFUG.exe

Filesize
1.3MB

MD5
de8b591923f5a51244649ef53c1b4e5e

SHA1
042bfecc6e213c798787b74a991457ad09790a48

SHA256
b59d6a2117b980cdc9fb0e43e070082478b0381c84566251470342ccd4b1f890

SHA512
3baec32cb16d030343fb273290f2d977126914711dde17c842196072416eaa140edef555694b4ae23610e4a0f101bd93e59265bb526f4e6a14b521206e379eaa

Download Submit
C:\Windows\System32\xTyLptM.exe

Filesize
1.3MB

MD5
bc53dc5a6f18988b72820eb7fc8fb5f7

SHA1
9af7d7b45443d822fddae7648aaba7ab5533739b

SHA256
73d2f90da81bb80fde6ae8b76f811b732e4f7b8e983a7aaf0d3ba3ef66cc1b9f

SHA512
f383633e18f743037ac9d7c84e59d31849c35ec40424817abbe838bffa41c9e315ed3d83ab4e67d18dc85a4c4c12651985835874418e4a5b52914102ec8487e6

Download Submit
memory/32-2095-0x00007FF73F770000-0x00007FF73FB61000-memory.dmp

Filesize
3.9MB

Download
memory/32-330-0x00007FF73F770000-0x00007FF73FB61000-memory.dmp

Filesize
3.9MB

Download
memory/536-0-0x00007FF7EF8D0000-0x00007FF7EFCC1000-memory.dmp

Filesize
3.9MB

Download
memory/536-1581-0x00007FF7EF8D0000-0x00007FF7EFCC1000-memory.dmp

Filesize
3.9MB

Download
memory/536-2030-0x00007FF7EF8D0000-0x00007FF7EFCC1000-memory.dmp

Filesize
3.9MB

Download
memory/536-1-0x0000014240800000-0x0000014240810000-memory.dmp

Filesize
64KB

Download
memory/992-334-0x00007FF6A6570000-0x00007FF6A6961000-memory.dmp

Filesize
3.9MB

Download
memory/992-2099-0x00007FF6A6570000-0x00007FF6A6961000-memory.dmp

Filesize
3.9MB

Download
memory/1556-2081-0x00007FF63D970000-0x00007FF63DD61000-memory.dmp

Filesize
3.9MB

Download
memory/1556-309-0x00007FF63D970000-0x00007FF63DD61000-memory.dmp

Filesize
3.9MB

Download
memory/1648-299-0x00007FF6B6B20000-0x00007FF6B6F11000-memory.dmp

Filesize
3.9MB

Download
memory/1648-2087-0x00007FF6B6B20000-0x00007FF6B6F11000-memory.dmp

Filesize
3.9MB

Download
memory/1944-2035-0x00007FF63DC60000-0x00007FF63E051000-memory.dmp

Filesize
3.9MB

Download
memory/1944-11-0x00007FF63DC60000-0x00007FF63E051000-memory.dmp

Filesize
3.9MB

Download
memory/1944-934-0x00007FF63DC60000-0x00007FF63E051000-memory.dmp

Filesize
3.9MB

Download
memory/1980-2101-0x00007FF75B700000-0x00007FF75BAF1000-memory.dmp

Filesize
3.9MB

Download
memory/1980-335-0x00007FF75B700000-0x00007FF75BAF1000-memory.dmp

Filesize
3.9MB

Download
memory/2116-2091-0x00007FF78ADF0000-0x00007FF78B1E1000-memory.dmp

Filesize
3.9MB

Download
memory/2116-325-0x00007FF78ADF0000-0x00007FF78B1E1000-memory.dmp

Filesize
3.9MB

Download
memory/2200-2093-0x00007FF73A050000-0x00007FF73A441000-memory.dmp

Filesize
3.9MB

Download
memory/2200-329-0x00007FF73A050000-0x00007FF73A441000-memory.dmp

Filesize
3.9MB

Download
memory/2452-24-0x00007FF771FA0000-0x00007FF772391000-memory.dmp

Filesize
3.9MB

Download
memory/2452-2065-0x00007FF771FA0000-0x00007FF772391000-memory.dmp

Filesize
3.9MB

Download
memory/2452-1993-0x00007FF771FA0000-0x00007FF772391000-memory.dmp

Filesize
3.9MB

Download
memory/2536-2037-0x00007FF71DB50000-0x00007FF71DF41000-memory.dmp

Filesize
3.9MB

Download
memory/2536-19-0x00007FF71DB50000-0x00007FF71DF41000-memory.dmp

Filesize
3.9MB

Download
memory/2592-333-0x00007FF715830000-0x00007FF715C21000-memory.dmp

Filesize
3.9MB

Download
memory/2592-2097-0x00007FF715830000-0x00007FF715C21000-memory.dmp

Filesize
3.9MB

Download
memory/3068-303-0x00007FF680F30000-0x00007FF681321000-memory.dmp

Filesize
3.9MB

Download
memory/3068-2083-0x00007FF680F30000-0x00007FF681321000-memory.dmp

Filesize
3.9MB

Download
memory/3368-295-0x00007FF681530000-0x00007FF681921000-memory.dmp

Filesize
3.9MB

Download
memory/3368-2077-0x00007FF681530000-0x00007FF681921000-memory.dmp

Filesize
3.9MB

Download
memory/3440-2039-0x00007FF6E83E0000-0x00007FF6E87D1000-memory.dmp

Filesize
3.9MB

Download
memory/3440-23-0x00007FF6E83E0000-0x00007FF6E87D1000-memory.dmp

Filesize
3.9MB

Download
memory/3440-1976-0x00007FF6E83E0000-0x00007FF6E87D1000-memory.dmp

Filesize
3.9MB

Download
memory/3688-293-0x00007FF622FD0000-0x00007FF6233C1000-memory.dmp

Filesize
3.9MB

Download
memory/3688-2069-0x00007FF622FD0000-0x00007FF6233C1000-memory.dmp

Filesize
3.9MB

Download
memory/3948-48-0x00007FF683BD0000-0x00007FF683FC1000-memory.dmp

Filesize
3.9MB

Download
memory/3948-2073-0x00007FF683BD0000-0x00007FF683FC1000-memory.dmp

Filesize
3.9MB

Download
memory/3960-33-0x00007FF7B52D0000-0x00007FF7B56C1000-memory.dmp

Filesize
3.9MB

Download
memory/3960-1994-0x00007FF7B52D0000-0x00007FF7B56C1000-memory.dmp

Filesize
3.9MB

Download
memory/3960-2075-0x00007FF7B52D0000-0x00007FF7B56C1000-memory.dmp

Filesize
3.9MB

Download
memory/4236-38-0x00007FF7DA0C0000-0x00007FF7DA4B1000-memory.dmp

Filesize
3.9MB

Download
memory/4236-2067-0x00007FF7DA0C0000-0x00007FF7DA4B1000-memory.dmp

Filesize
3.9MB

Download
memory/4236-1995-0x00007FF7DA0C0000-0x00007FF7DA4B1000-memory.dmp

Filesize
3.9MB

Download
memory/4568-302-0x00007FF757840000-0x00007FF757C31000-memory.dmp

Filesize
3.9MB

Download
memory/4568-2079-0x00007FF757840000-0x00007FF757C31000-memory.dmp

Filesize
3.9MB

Download
memory/4728-2071-0x00007FF62E5D0000-0x00007FF62E9C1000-memory.dmp

Filesize
3.9MB

Download
memory/4728-2009-0x00007FF62E5D0000-0x00007FF62E9C1000-memory.dmp

Filesize
3.9MB

Download
memory/4728-44-0x00007FF62E5D0000-0x00007FF62E9C1000-memory.dmp

Filesize
3.9MB

Download
memory/4856-318-0x00007FF7A9DF0000-0x00007FF7AA1E1000-memory.dmp

Filesize
3.9MB

Download
memory/4856-2089-0x00007FF7A9DF0000-0x00007FF7AA1E1000-memory.dmp

Filesize
3.9MB

Download
memory/5048-336-0x00007FF705180000-0x00007FF705571000-memory.dmp

Filesize
3.9MB

Download
memory/5048-2103-0x00007FF705180000-0x00007FF705571000-memory.dmp

Filesize
3.9MB

Download
memory/5072-331-0x00007FF6CD550000-0x00007FF6CD941000-memory.dmp

Filesize
3.9MB

Download
memory/5072-2106-0x00007FF6CD550000-0x00007FF6CD941000-memory.dmp

Filesize
3.9MB

Download
memory/5092-2085-0x00007FF7BAC20000-0x00007FF7BB011000-memory.dmp

Filesize
3.9MB

Download
memory/5092-311-0x00007FF7BAC20000-0x00007FF7BB011000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads