xmrig | 34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1

Analysis

max time kernel
136s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
Size

2.0MB
MD5

f94cd81bbaea4219beb396f222eea219
SHA1

82d56867383c7764564dd4796b199fa114d222d6
SHA256

34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1
SHA512

52245c4abdc308ca4fe7ae85411ea81186f721248558d195b99d06b2449ca61c64726531b4dc156f6bc3b5f665f86580d270e024535ca4ecccace332d4e06f0b
SSDEEP

49152:knw9oUUEEDlnDwq6Sd0R7qV2mVQLzeorHCT7Lj:kQUEE/

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3008-451-0x00007FF745260000-0x00007FF745651000-memory.dmp	xmrig
behavioral2/memory/312-452-0x00007FF766730000-0x00007FF766B21000-memory.dmp	xmrig
behavioral2/memory/4984-453-0x00007FF6A4620000-0x00007FF6A4A11000-memory.dmp	xmrig
behavioral2/memory/3608-454-0x00007FF792190000-0x00007FF792581000-memory.dmp	xmrig
behavioral2/memory/1308-455-0x00007FF62F810000-0x00007FF62FC01000-memory.dmp	xmrig
behavioral2/memory/3684-456-0x00007FF79D1D0000-0x00007FF79D5C1000-memory.dmp	xmrig
behavioral2/memory/2420-457-0x00007FF6FFAF0000-0x00007FF6FFEE1000-memory.dmp	xmrig
behavioral2/memory/4696-458-0x00007FF607030000-0x00007FF607421000-memory.dmp	xmrig
behavioral2/memory/628-459-0x00007FF74EC80000-0x00007FF74F071000-memory.dmp	xmrig
behavioral2/memory/636-460-0x00007FF786850000-0x00007FF786C41000-memory.dmp	xmrig
behavioral2/memory/2952-461-0x00007FF6C20C0000-0x00007FF6C24B1000-memory.dmp	xmrig
behavioral2/memory/1864-462-0x00007FF715D80000-0x00007FF716171000-memory.dmp	xmrig
behavioral2/memory/4080-463-0x00007FF7E45D0000-0x00007FF7E49C1000-memory.dmp	xmrig
behavioral2/memory/968-464-0x00007FF6311F0000-0x00007FF6315E1000-memory.dmp	xmrig
behavioral2/memory/2352-465-0x00007FF769890000-0x00007FF769C81000-memory.dmp	xmrig
behavioral2/memory/2464-481-0x00007FF68CFC0000-0x00007FF68D3B1000-memory.dmp	xmrig
behavioral2/memory/2964-530-0x00007FF676C90000-0x00007FF677081000-memory.dmp	xmrig
behavioral2/memory/4644-540-0x00007FF690460000-0x00007FF690851000-memory.dmp	xmrig
behavioral2/memory/884-508-0x00007FF67E350000-0x00007FF67E741000-memory.dmp	xmrig
behavioral2/memory/4452-32-0x00007FF724210000-0x00007FF724601000-memory.dmp	xmrig
behavioral2/memory/4756-26-0x00007FF6C41D0000-0x00007FF6C45C1000-memory.dmp	xmrig
behavioral2/memory/2256-1990-0x00007FF7E51D0000-0x00007FF7E55C1000-memory.dmp	xmrig
behavioral2/memory/1404-1991-0x00007FF6EA170000-0x00007FF6EA561000-memory.dmp	xmrig
behavioral2/memory/4040-1992-0x00007FF70AC50000-0x00007FF70B041000-memory.dmp	xmrig
behavioral2/memory/2256-1994-0x00007FF7E51D0000-0x00007FF7E55C1000-memory.dmp	xmrig
behavioral2/memory/4452-1998-0x00007FF724210000-0x00007FF724601000-memory.dmp	xmrig
behavioral2/memory/4756-1997-0x00007FF6C41D0000-0x00007FF6C45C1000-memory.dmp	xmrig
behavioral2/memory/2464-2000-0x00007FF68CFC0000-0x00007FF68D3B1000-memory.dmp	xmrig
behavioral2/memory/2964-2025-0x00007FF676C90000-0x00007FF677081000-memory.dmp	xmrig
behavioral2/memory/4644-2012-0x00007FF690460000-0x00007FF690851000-memory.dmp	xmrig
behavioral2/memory/3008-2041-0x00007FF745260000-0x00007FF745651000-memory.dmp	xmrig
behavioral2/memory/4696-2068-0x00007FF607030000-0x00007FF607421000-memory.dmp	xmrig
behavioral2/memory/636-2091-0x00007FF786850000-0x00007FF786C41000-memory.dmp	xmrig
behavioral2/memory/4080-2095-0x00007FF7E45D0000-0x00007FF7E49C1000-memory.dmp	xmrig
behavioral2/memory/968-2112-0x00007FF6311F0000-0x00007FF6315E1000-memory.dmp	xmrig
behavioral2/memory/2352-2110-0x00007FF769890000-0x00007FF769C81000-memory.dmp	xmrig
behavioral2/memory/1864-2093-0x00007FF715D80000-0x00007FF716171000-memory.dmp	xmrig
behavioral2/memory/2952-2089-0x00007FF6C20C0000-0x00007FF6C24B1000-memory.dmp	xmrig
behavioral2/memory/628-2074-0x00007FF74EC80000-0x00007FF74F071000-memory.dmp	xmrig
behavioral2/memory/1308-2058-0x00007FF62F810000-0x00007FF62FC01000-memory.dmp	xmrig
behavioral2/memory/2420-2053-0x00007FF6FFAF0000-0x00007FF6FFEE1000-memory.dmp	xmrig
behavioral2/memory/4040-2042-0x00007FF70AC50000-0x00007FF70B041000-memory.dmp	xmrig
behavioral2/memory/4984-2040-0x00007FF6A4620000-0x00007FF6A4A11000-memory.dmp	xmrig
behavioral2/memory/884-2039-0x00007FF67E350000-0x00007FF67E741000-memory.dmp	xmrig
behavioral2/memory/1404-2037-0x00007FF6EA170000-0x00007FF6EA561000-memory.dmp	xmrig
behavioral2/memory/3684-2036-0x00007FF79D1D0000-0x00007FF79D5C1000-memory.dmp	xmrig
behavioral2/memory/312-2006-0x00007FF766730000-0x00007FF766B21000-memory.dmp	xmrig
behavioral2/memory/3608-2004-0x00007FF792190000-0x00007FF792581000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2256	mwutGZy.exe
4756	kUohUer.exe
4452	LPmlXWW.exe
2464	asPaTkY.exe
1404	QqUCRAe.exe
4040	fscZrjD.exe
884	ilMOGOK.exe
2964	AwkFlcR.exe
4644	gZktTMu.exe
3008	MqUohHP.exe
312	nybYqdS.exe
4984	AuPjuwh.exe
3608	uNiKuhw.exe
1308	XjWCUbZ.exe
3684	NwMDJCP.exe
2420	gEzPuOu.exe
4696	mGcXLIX.exe
628	DvElcdP.exe
636	XwpvYvY.exe
2952	gsHEhxb.exe
1864	KXrtoSA.exe
4080	HMCNtRy.exe
968	ZrYaGPi.exe
2352	pBPtMJz.exe
1560	rfJsLBs.exe
4232	LaKsatV.exe
5088	tQHOtbn.exe
1252	uNHvPFl.exe
5020	gaKYbnC.exe
3500	IIteiXd.exe
4740	QKYZRhY.exe
1636	rlncXlI.exe
4120	vCjzEqF.exe
3956	OYKyKsA.exe
4536	uWjRFBA.exe
1784	rOvEnPt.exe
4256	exlVaAt.exe
4000	QdzDOpp.exe
3556	NKGYift.exe
4428	ADxREUj.exe
4320	bkPKPht.exe
2848	RePxgmd.exe
4276	SXkHsiv.exe
2116	bHoBRop.exe
1012	rypcEwx.exe
3276	cYlVdXH.exe
4888	vApOKAZ.exe
3020	QxIUdek.exe
1048	WZjkyRY.exe
2304	HGCaucw.exe
4376	BASsAES.exe
3996	YYewvwo.exe
4248	yHqxGhC.exe
4504	mfRftKT.exe
4676	TjUGUhN.exe
3244	arHFkTN.exe
3056	DOPWEZA.exe
3100	sCGpNGd.exe
4580	ExgKeeO.exe
1172	GuUkhxG.exe
2596	GKDVPbP.exe
932	nXiHSwW.exe
4976	IPzbwjY.exe
3192	UjTyzUm.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF7EC9B0000-0x00007FF7ECDA1000-memory.dmp	upx
behavioral2/files/0x0008000000023410-4.dat	upx
behavioral2/memory/2256-5-0x00007FF7E51D0000-0x00007FF7E55C1000-memory.dmp	upx
behavioral2/files/0x0007000000023415-9.dat	upx
behavioral2/files/0x0007000000023414-13.dat	upx
behavioral2/files/0x0007000000023416-23.dat	upx
behavioral2/files/0x0007000000023418-30.dat	upx
behavioral2/files/0x000700000002341a-38.dat	upx
behavioral2/files/0x000700000002341b-49.dat	upx
behavioral2/files/0x000700000002341e-65.dat	upx
behavioral2/files/0x000700000002341f-70.dat	upx
behavioral2/files/0x0007000000023426-105.dat	upx
behavioral2/files/0x0007000000023428-115.dat	upx
behavioral2/files/0x000700000002342d-140.dat	upx
behavioral2/files/0x0007000000023432-165.dat	upx
behavioral2/memory/4040-450-0x00007FF70AC50000-0x00007FF70B041000-memory.dmp	upx
behavioral2/memory/3008-451-0x00007FF745260000-0x00007FF745651000-memory.dmp	upx
behavioral2/memory/312-452-0x00007FF766730000-0x00007FF766B21000-memory.dmp	upx
behavioral2/memory/4984-453-0x00007FF6A4620000-0x00007FF6A4A11000-memory.dmp	upx
behavioral2/memory/3608-454-0x00007FF792190000-0x00007FF792581000-memory.dmp	upx
behavioral2/memory/1308-455-0x00007FF62F810000-0x00007FF62FC01000-memory.dmp	upx
behavioral2/memory/3684-456-0x00007FF79D1D0000-0x00007FF79D5C1000-memory.dmp	upx
behavioral2/memory/2420-457-0x00007FF6FFAF0000-0x00007FF6FFEE1000-memory.dmp	upx
behavioral2/memory/4696-458-0x00007FF607030000-0x00007FF607421000-memory.dmp	upx
behavioral2/memory/628-459-0x00007FF74EC80000-0x00007FF74F071000-memory.dmp	upx
behavioral2/memory/636-460-0x00007FF786850000-0x00007FF786C41000-memory.dmp	upx
behavioral2/memory/2952-461-0x00007FF6C20C0000-0x00007FF6C24B1000-memory.dmp	upx
behavioral2/files/0x0007000000023431-161.dat	upx
behavioral2/memory/1864-462-0x00007FF715D80000-0x00007FF716171000-memory.dmp	upx
behavioral2/files/0x0007000000023430-155.dat	upx
behavioral2/memory/4080-463-0x00007FF7E45D0000-0x00007FF7E49C1000-memory.dmp	upx
behavioral2/files/0x000700000002342f-150.dat	upx
behavioral2/files/0x000700000002342e-145.dat	upx
behavioral2/files/0x000700000002342c-135.dat	upx
behavioral2/memory/968-464-0x00007FF6311F0000-0x00007FF6315E1000-memory.dmp	upx
behavioral2/files/0x000700000002342b-130.dat	upx
behavioral2/memory/2352-465-0x00007FF769890000-0x00007FF769C81000-memory.dmp	upx
behavioral2/files/0x000700000002342a-125.dat	upx
behavioral2/files/0x0007000000023429-120.dat	upx
behavioral2/files/0x0007000000023427-110.dat	upx
behavioral2/files/0x0007000000023425-100.dat	upx
behavioral2/files/0x0007000000023424-95.dat	upx
behavioral2/files/0x0007000000023423-90.dat	upx
behavioral2/files/0x0007000000023422-86.dat	upx
behavioral2/files/0x0007000000023421-83.dat	upx
behavioral2/memory/2464-481-0x00007FF68CFC0000-0x00007FF68D3B1000-memory.dmp	upx
behavioral2/memory/2964-530-0x00007FF676C90000-0x00007FF677081000-memory.dmp	upx
behavioral2/memory/4644-540-0x00007FF690460000-0x00007FF690851000-memory.dmp	upx
behavioral2/memory/884-508-0x00007FF67E350000-0x00007FF67E741000-memory.dmp	upx
behavioral2/files/0x0007000000023420-78.dat	upx
behavioral2/files/0x000700000002341d-60.dat	upx
behavioral2/files/0x000700000002341c-53.dat	upx
behavioral2/files/0x0007000000023417-42.dat	upx
behavioral2/memory/1404-41-0x00007FF6EA170000-0x00007FF6EA561000-memory.dmp	upx
behavioral2/files/0x0007000000023419-39.dat	upx
behavioral2/memory/4452-32-0x00007FF724210000-0x00007FF724601000-memory.dmp	upx
behavioral2/memory/4756-26-0x00007FF6C41D0000-0x00007FF6C45C1000-memory.dmp	upx
behavioral2/memory/2256-1990-0x00007FF7E51D0000-0x00007FF7E55C1000-memory.dmp	upx
behavioral2/memory/1404-1991-0x00007FF6EA170000-0x00007FF6EA561000-memory.dmp	upx
behavioral2/memory/4040-1992-0x00007FF70AC50000-0x00007FF70B041000-memory.dmp	upx
behavioral2/memory/2256-1994-0x00007FF7E51D0000-0x00007FF7E55C1000-memory.dmp	upx
behavioral2/memory/4452-1998-0x00007FF724210000-0x00007FF724601000-memory.dmp	upx
behavioral2/memory/4756-1997-0x00007FF6C41D0000-0x00007FF6C45C1000-memory.dmp	upx
behavioral2/memory/2464-2000-0x00007FF68CFC0000-0x00007FF68D3B1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\pBGUMnX.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\OMNoEVC.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\gKrfUZM.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\ymVtkbS.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\yHVjAvS.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\ZpxihXq.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\mTPlEMi.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\SaCfLEe.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\rENAQXx.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\STxkwHa.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\IfNaFKr.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\kIoKStb.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\nRmIFwm.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\rfJsLBs.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\BvEZKuK.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\SSCwooM.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\CHfbhfn.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\uWjRFBA.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\QSvDFGb.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\lJAcQMv.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\xSAPBEF.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\vDWCOEw.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\DBtpiJl.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\cRMhBiv.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\GAZPUKG.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\bnbERgm.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\grCciYY.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\OChmNPb.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\mMPXSIn.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\ZdnpeGY.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\wWCgBBX.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\ylQMyHn.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\iplBnuQ.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\tsFIrDg.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\JNeZiTb.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\lAiqlrU.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\iWyNmeH.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\bnBEDIY.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\VYkfpcf.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\kSXJQyN.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\VpoHXLi.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\DUAQvlx.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\QWcXPFE.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\HMkJqGT.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\AsnHFIp.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\ERoWFkJ.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\AwkFlcR.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\bHoBRop.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\YGdoqZD.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\jurxReI.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\yzUeBeO.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\IJKXRnZ.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\CBQwBIm.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\MqUohHP.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\tJiVzcd.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\aXKntmO.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\EpsiZym.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\hosXbra.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\ilMOGOK.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\FHGGhpn.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\pyYXxlb.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\VuSDpHS.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\prRCmEy.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
File created	C:\Windows\System32\bkPKPht.exe	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	336	dwm.exe
Token: SeChangeNotifyPrivilege	336	dwm.exe
Token: 33	336	dwm.exe
Token: SeIncBasePriorityPrivilege	336	dwm.exe
Token: SeShutdownPrivilege	336	dwm.exe
Token: SeCreatePagefilePrivilege	336	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 2256	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	85
PID 4160 wrote to memory of 2256	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	85
PID 4160 wrote to memory of 4756	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	86
PID 4160 wrote to memory of 4756	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	86
PID 4160 wrote to memory of 4452	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	87
PID 4160 wrote to memory of 4452	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	87
PID 4160 wrote to memory of 2464	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	88
PID 4160 wrote to memory of 2464	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	88
PID 4160 wrote to memory of 1404	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	89
PID 4160 wrote to memory of 1404	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	89
PID 4160 wrote to memory of 4040	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	90
PID 4160 wrote to memory of 4040	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	90
PID 4160 wrote to memory of 884	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	91
PID 4160 wrote to memory of 884	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	91
PID 4160 wrote to memory of 2964	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	92
PID 4160 wrote to memory of 2964	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	92
PID 4160 wrote to memory of 4644	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	93
PID 4160 wrote to memory of 4644	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	93
PID 4160 wrote to memory of 3008	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	94
PID 4160 wrote to memory of 3008	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	94
PID 4160 wrote to memory of 312	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	95
PID 4160 wrote to memory of 312	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	95
PID 4160 wrote to memory of 4984	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	96
PID 4160 wrote to memory of 4984	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	96
PID 4160 wrote to memory of 3608	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	97
PID 4160 wrote to memory of 3608	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	97
PID 4160 wrote to memory of 1308	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	98
PID 4160 wrote to memory of 1308	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	98
PID 4160 wrote to memory of 3684	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	99
PID 4160 wrote to memory of 3684	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	99
PID 4160 wrote to memory of 2420	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	100
PID 4160 wrote to memory of 2420	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	100
PID 4160 wrote to memory of 4696	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	101
PID 4160 wrote to memory of 4696	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	101
PID 4160 wrote to memory of 628	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	102
PID 4160 wrote to memory of 628	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	102
PID 4160 wrote to memory of 636	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	103
PID 4160 wrote to memory of 636	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	103
PID 4160 wrote to memory of 2952	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	104
PID 4160 wrote to memory of 2952	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	104
PID 4160 wrote to memory of 1864	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	105
PID 4160 wrote to memory of 1864	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	105
PID 4160 wrote to memory of 4080	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	106
PID 4160 wrote to memory of 4080	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	106
PID 4160 wrote to memory of 968	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	107
PID 4160 wrote to memory of 968	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	107
PID 4160 wrote to memory of 2352	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	108
PID 4160 wrote to memory of 2352	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	108
PID 4160 wrote to memory of 1560	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	109
PID 4160 wrote to memory of 1560	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	109
PID 4160 wrote to memory of 4232	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	110
PID 4160 wrote to memory of 4232	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	110
PID 4160 wrote to memory of 5088	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	111
PID 4160 wrote to memory of 5088	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	111
PID 4160 wrote to memory of 1252	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	112
PID 4160 wrote to memory of 1252	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	112
PID 4160 wrote to memory of 5020	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	113
PID 4160 wrote to memory of 5020	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	113
PID 4160 wrote to memory of 3500	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	114
PID 4160 wrote to memory of 3500	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	114
PID 4160 wrote to memory of 4740	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	115
PID 4160 wrote to memory of 4740	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	115
PID 4160 wrote to memory of 1636	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	116
PID 4160 wrote to memory of 1636	4160	34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe	116

C:\Users\Admin\AppData\Local\Temp\34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe
"C:\Users\Admin\AppData\Local\Temp\34b145a85b3667fb8d40bafc1bf00eb6b8cabe77570415f3e068b1fa003d60a1.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\System32\mwutGZy.exe
  C:\Windows\System32\mwutGZy.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System32\kUohUer.exe
  C:\Windows\System32\kUohUer.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System32\LPmlXWW.exe
  C:\Windows\System32\LPmlXWW.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System32\asPaTkY.exe
  C:\Windows\System32\asPaTkY.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System32\QqUCRAe.exe
  C:\Windows\System32\QqUCRAe.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System32\fscZrjD.exe
  C:\Windows\System32\fscZrjD.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System32\ilMOGOK.exe
  C:\Windows\System32\ilMOGOK.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System32\AwkFlcR.exe
  C:\Windows\System32\AwkFlcR.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System32\gZktTMu.exe
  C:\Windows\System32\gZktTMu.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System32\MqUohHP.exe
  C:\Windows\System32\MqUohHP.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System32\nybYqdS.exe
  C:\Windows\System32\nybYqdS.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System32\AuPjuwh.exe
  C:\Windows\System32\AuPjuwh.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System32\uNiKuhw.exe
  C:\Windows\System32\uNiKuhw.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System32\XjWCUbZ.exe
  C:\Windows\System32\XjWCUbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System32\NwMDJCP.exe
  C:\Windows\System32\NwMDJCP.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System32\gEzPuOu.exe
  C:\Windows\System32\gEzPuOu.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System32\mGcXLIX.exe
  C:\Windows\System32\mGcXLIX.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System32\DvElcdP.exe
  C:\Windows\System32\DvElcdP.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System32\XwpvYvY.exe
  C:\Windows\System32\XwpvYvY.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System32\gsHEhxb.exe
  C:\Windows\System32\gsHEhxb.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System32\KXrtoSA.exe
  C:\Windows\System32\KXrtoSA.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System32\HMCNtRy.exe
  C:\Windows\System32\HMCNtRy.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System32\ZrYaGPi.exe
  C:\Windows\System32\ZrYaGPi.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System32\pBPtMJz.exe
  C:\Windows\System32\pBPtMJz.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System32\rfJsLBs.exe
  C:\Windows\System32\rfJsLBs.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System32\LaKsatV.exe
  C:\Windows\System32\LaKsatV.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System32\tQHOtbn.exe
  C:\Windows\System32\tQHOtbn.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System32\uNHvPFl.exe
  C:\Windows\System32\uNHvPFl.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System32\gaKYbnC.exe
  C:\Windows\System32\gaKYbnC.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System32\IIteiXd.exe
  C:\Windows\System32\IIteiXd.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System32\QKYZRhY.exe
  C:\Windows\System32\QKYZRhY.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System32\rlncXlI.exe
  C:\Windows\System32\rlncXlI.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System32\vCjzEqF.exe
  C:\Windows\System32\vCjzEqF.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System32\OYKyKsA.exe
  C:\Windows\System32\OYKyKsA.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System32\uWjRFBA.exe
  C:\Windows\System32\uWjRFBA.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System32\rOvEnPt.exe
  C:\Windows\System32\rOvEnPt.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System32\exlVaAt.exe
  C:\Windows\System32\exlVaAt.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System32\QdzDOpp.exe
  C:\Windows\System32\QdzDOpp.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System32\NKGYift.exe
  C:\Windows\System32\NKGYift.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System32\ADxREUj.exe
  C:\Windows\System32\ADxREUj.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System32\bkPKPht.exe
  C:\Windows\System32\bkPKPht.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System32\RePxgmd.exe
  C:\Windows\System32\RePxgmd.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System32\SXkHsiv.exe
  C:\Windows\System32\SXkHsiv.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System32\bHoBRop.exe
  C:\Windows\System32\bHoBRop.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System32\rypcEwx.exe
  C:\Windows\System32\rypcEwx.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System32\cYlVdXH.exe
  C:\Windows\System32\cYlVdXH.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System32\vApOKAZ.exe
  C:\Windows\System32\vApOKAZ.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System32\QxIUdek.exe
  C:\Windows\System32\QxIUdek.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System32\WZjkyRY.exe
  C:\Windows\System32\WZjkyRY.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System32\HGCaucw.exe
  C:\Windows\System32\HGCaucw.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System32\BASsAES.exe
  C:\Windows\System32\BASsAES.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System32\YYewvwo.exe
  C:\Windows\System32\YYewvwo.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System32\yHqxGhC.exe
  C:\Windows\System32\yHqxGhC.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System32\mfRftKT.exe
  C:\Windows\System32\mfRftKT.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System32\TjUGUhN.exe
  C:\Windows\System32\TjUGUhN.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System32\arHFkTN.exe
  C:\Windows\System32\arHFkTN.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System32\DOPWEZA.exe
  C:\Windows\System32\DOPWEZA.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System32\sCGpNGd.exe
  C:\Windows\System32\sCGpNGd.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System32\ExgKeeO.exe
  C:\Windows\System32\ExgKeeO.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System32\GuUkhxG.exe
  C:\Windows\System32\GuUkhxG.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System32\GKDVPbP.exe
  C:\Windows\System32\GKDVPbP.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System32\nXiHSwW.exe
  C:\Windows\System32\nXiHSwW.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System32\IPzbwjY.exe
  C:\Windows\System32\IPzbwjY.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System32\UjTyzUm.exe
  C:\Windows\System32\UjTyzUm.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System32\XqAxSCd.exe
  C:\Windows\System32\XqAxSCd.exe
  2⤵
  PID:4916
- C:\Windows\System32\pUfsaTd.exe
  C:\Windows\System32\pUfsaTd.exe
  2⤵
  PID:4704
- C:\Windows\System32\qZrmauy.exe
  C:\Windows\System32\qZrmauy.exe
  2⤵
  PID:2156
- C:\Windows\System32\xaPPOxp.exe
  C:\Windows\System32\xaPPOxp.exe
  2⤵
  PID:4848
- C:\Windows\System32\seMLtyg.exe
  C:\Windows\System32\seMLtyg.exe
  2⤵
  PID:5156
- C:\Windows\System32\imVtVeR.exe
  C:\Windows\System32\imVtVeR.exe
  2⤵
  PID:5176
- C:\Windows\System32\FZjVRZa.exe
  C:\Windows\System32\FZjVRZa.exe
  2⤵
  PID:5192
- C:\Windows\System32\VXyUXJo.exe
  C:\Windows\System32\VXyUXJo.exe
  2⤵
  PID:5220
- C:\Windows\System32\liLBtnv.exe
  C:\Windows\System32\liLBtnv.exe
  2⤵
  PID:5248
- C:\Windows\System32\brVXAnw.exe
  C:\Windows\System32\brVXAnw.exe
  2⤵
  PID:5276
- C:\Windows\System32\kHVBTZw.exe
  C:\Windows\System32\kHVBTZw.exe
  2⤵
  PID:5308
- C:\Windows\System32\qFvWHrb.exe
  C:\Windows\System32\qFvWHrb.exe
  2⤵
  PID:5332
- C:\Windows\System32\QqCiCiL.exe
  C:\Windows\System32\QqCiCiL.exe
  2⤵
  PID:5364
- C:\Windows\System32\onRFPeY.exe
  C:\Windows\System32\onRFPeY.exe
  2⤵
  PID:5388
- C:\Windows\System32\VYkfpcf.exe
  C:\Windows\System32\VYkfpcf.exe
  2⤵
  PID:5412
- C:\Windows\System32\hHwZPnN.exe
  C:\Windows\System32\hHwZPnN.exe
  2⤵
  PID:5440
- C:\Windows\System32\uUXkIGG.exe
  C:\Windows\System32\uUXkIGG.exe
  2⤵
  PID:5472
- C:\Windows\System32\ljfSiaE.exe
  C:\Windows\System32\ljfSiaE.exe
  2⤵
  PID:5500
- C:\Windows\System32\FNDvlOU.exe
  C:\Windows\System32\FNDvlOU.exe
  2⤵
  PID:5528
- C:\Windows\System32\tJiVzcd.exe
  C:\Windows\System32\tJiVzcd.exe
  2⤵
  PID:5556
- C:\Windows\System32\zjZuvIH.exe
  C:\Windows\System32\zjZuvIH.exe
  2⤵
  PID:5584
- C:\Windows\System32\NCXuYco.exe
  C:\Windows\System32\NCXuYco.exe
  2⤵
  PID:5612
- C:\Windows\System32\DDxbIbe.exe
  C:\Windows\System32\DDxbIbe.exe
  2⤵
  PID:5640
- C:\Windows\System32\DIhdLgI.exe
  C:\Windows\System32\DIhdLgI.exe
  2⤵
  PID:5668
- C:\Windows\System32\ooNuAsd.exe
  C:\Windows\System32\ooNuAsd.exe
  2⤵
  PID:5696
- C:\Windows\System32\MgIhyiJ.exe
  C:\Windows\System32\MgIhyiJ.exe
  2⤵
  PID:5724
- C:\Windows\System32\cOFyGis.exe
  C:\Windows\System32\cOFyGis.exe
  2⤵
  PID:5752
- C:\Windows\System32\kEpzuqL.exe
  C:\Windows\System32\kEpzuqL.exe
  2⤵
  PID:5780
- C:\Windows\System32\GbttgVT.exe
  C:\Windows\System32\GbttgVT.exe
  2⤵
  PID:5808
- C:\Windows\System32\AwWjsLV.exe
  C:\Windows\System32\AwWjsLV.exe
  2⤵
  PID:5836
- C:\Windows\System32\amOWvfy.exe
  C:\Windows\System32\amOWvfy.exe
  2⤵
  PID:5864
- C:\Windows\System32\UETaEhY.exe
  C:\Windows\System32\UETaEhY.exe
  2⤵
  PID:5888
- C:\Windows\System32\QFNrpih.exe
  C:\Windows\System32\QFNrpih.exe
  2⤵
  PID:5920
- C:\Windows\System32\nqXqNEE.exe
  C:\Windows\System32\nqXqNEE.exe
  2⤵
  PID:5948
- C:\Windows\System32\uDRSyMi.exe
  C:\Windows\System32\uDRSyMi.exe
  2⤵
  PID:5972
- C:\Windows\System32\elrOaKb.exe
  C:\Windows\System32\elrOaKb.exe
  2⤵
  PID:6004
- C:\Windows\System32\ylQMyHn.exe
  C:\Windows\System32\ylQMyHn.exe
  2⤵
  PID:6032
- C:\Windows\System32\exHzJCU.exe
  C:\Windows\System32\exHzJCU.exe
  2⤵
  PID:6060
- C:\Windows\System32\BRbgAyc.exe
  C:\Windows\System32\BRbgAyc.exe
  2⤵
  PID:6084
- C:\Windows\System32\FVMZkVg.exe
  C:\Windows\System32\FVMZkVg.exe
  2⤵
  PID:6116
- C:\Windows\System32\NwTsZss.exe
  C:\Windows\System32\NwTsZss.exe
  2⤵
  PID:1664
- C:\Windows\System32\zUvPbDm.exe
  C:\Windows\System32\zUvPbDm.exe
  2⤵
  PID:1392
- C:\Windows\System32\pUIXkEK.exe
  C:\Windows\System32\pUIXkEK.exe
  2⤵
  PID:1152
- C:\Windows\System32\KtxZUTS.exe
  C:\Windows\System32\KtxZUTS.exe
  2⤵
  PID:3564
- C:\Windows\System32\dGBhCdq.exe
  C:\Windows\System32\dGBhCdq.exe
  2⤵
  PID:5140
- C:\Windows\System32\yvXFrGp.exe
  C:\Windows\System32\yvXFrGp.exe
  2⤵
  PID:5204
- C:\Windows\System32\OBqijEJ.exe
  C:\Windows\System32\OBqijEJ.exe
  2⤵
  PID:5256
- C:\Windows\System32\vxkcuMI.exe
  C:\Windows\System32\vxkcuMI.exe
  2⤵
  PID:5324
- C:\Windows\System32\eEWRcRQ.exe
  C:\Windows\System32\eEWRcRQ.exe
  2⤵
  PID:5380
- C:\Windows\System32\ZNyERBy.exe
  C:\Windows\System32\ZNyERBy.exe
  2⤵
  PID:5456
- C:\Windows\System32\PLdZDyo.exe
  C:\Windows\System32\PLdZDyo.exe
  2⤵
  PID:5512
- C:\Windows\System32\YGdoqZD.exe
  C:\Windows\System32\YGdoqZD.exe
  2⤵
  PID:5568
- C:\Windows\System32\ajnQkMp.exe
  C:\Windows\System32\ajnQkMp.exe
  2⤵
  PID:5624
- C:\Windows\System32\jujwVQK.exe
  C:\Windows\System32\jujwVQK.exe
  2⤵
  PID:5680
- C:\Windows\System32\jurxReI.exe
  C:\Windows\System32\jurxReI.exe
  2⤵
  PID:2492
- C:\Windows\System32\okmycAA.exe
  C:\Windows\System32\okmycAA.exe
  2⤵
  PID:5788
- C:\Windows\System32\lniZzVU.exe
  C:\Windows\System32\lniZzVU.exe
  2⤵
  PID:5844
- C:\Windows\System32\HQTNppV.exe
  C:\Windows\System32\HQTNppV.exe
  2⤵
  PID:3212
- C:\Windows\System32\SzWAPOs.exe
  C:\Windows\System32\SzWAPOs.exe
  2⤵
  PID:5956
- C:\Windows\System32\tVoqPCA.exe
  C:\Windows\System32\tVoqPCA.exe
  2⤵
  PID:6024
- C:\Windows\System32\FGIAhNe.exe
  C:\Windows\System32\FGIAhNe.exe
  2⤵
  PID:6072
- C:\Windows\System32\tHShmIt.exe
  C:\Windows\System32\tHShmIt.exe
  2⤵
  PID:6128
- C:\Windows\System32\ucVsuXf.exe
  C:\Windows\System32\ucVsuXf.exe
  2⤵
  PID:4768
- C:\Windows\System32\rCVjnxi.exe
  C:\Windows\System32\rCVjnxi.exe
  2⤵
  PID:4744
- C:\Windows\System32\EnOVDxP.exe
  C:\Windows\System32\EnOVDxP.exe
  2⤵
  PID:5604
- C:\Windows\System32\aENBvuz.exe
  C:\Windows\System32\aENBvuz.exe
  2⤵
  PID:2032
- C:\Windows\System32\qUWQJZD.exe
  C:\Windows\System32\qUWQJZD.exe
  2⤵
  PID:4988
- C:\Windows\System32\wzvImWQ.exe
  C:\Windows\System32\wzvImWQ.exe
  2⤵
  PID:764
- C:\Windows\System32\STxkwHa.exe
  C:\Windows\System32\STxkwHa.exe
  2⤵
  PID:5856
- C:\Windows\System32\XDBBFtG.exe
  C:\Windows\System32\XDBBFtG.exe
  2⤵
  PID:5876
- C:\Windows\System32\eXmzSdL.exe
  C:\Windows\System32\eXmzSdL.exe
  2⤵
  PID:5968
- C:\Windows\System32\TvfoVij.exe
  C:\Windows\System32\TvfoVij.exe
  2⤵
  PID:6040
- C:\Windows\System32\UNRPZCt.exe
  C:\Windows\System32\UNRPZCt.exe
  2⤵
  PID:3136
- C:\Windows\System32\LUQUixt.exe
  C:\Windows\System32\LUQUixt.exe
  2⤵
  PID:6092
- C:\Windows\System32\iYxYHRP.exe
  C:\Windows\System32\iYxYHRP.exe
  2⤵
  PID:4912
- C:\Windows\System32\QSvDFGb.exe
  C:\Windows\System32\QSvDFGb.exe
  2⤵
  PID:4156
- C:\Windows\System32\mxTsNnK.exe
  C:\Windows\System32\mxTsNnK.exe
  2⤵
  PID:4872
- C:\Windows\System32\vyNfQGu.exe
  C:\Windows\System32\vyNfQGu.exe
  2⤵
  PID:640
- C:\Windows\System32\IydzmKA.exe
  C:\Windows\System32\IydzmKA.exe
  2⤵
  PID:224
- C:\Windows\System32\aXodENc.exe
  C:\Windows\System32\aXodENc.exe
  2⤵
  PID:4212
- C:\Windows\System32\mEXEPtG.exe
  C:\Windows\System32\mEXEPtG.exe
  2⤵
  PID:2128
- C:\Windows\System32\AIAYitI.exe
  C:\Windows\System32\AIAYitI.exe
  2⤵
  PID:2076
- C:\Windows\System32\QufxhHQ.exe
  C:\Windows\System32\QufxhHQ.exe
  2⤵
  PID:1708
- C:\Windows\System32\MvNxDba.exe
  C:\Windows\System32\MvNxDba.exe
  2⤵
  PID:1508
- C:\Windows\System32\qvFURVq.exe
  C:\Windows\System32\qvFURVq.exe
  2⤵
  PID:3692
- C:\Windows\System32\VTFnRoo.exe
  C:\Windows\System32\VTFnRoo.exe
  2⤵
  PID:5800
- C:\Windows\System32\dtRnngV.exe
  C:\Windows\System32\dtRnngV.exe
  2⤵
  PID:4632
- C:\Windows\System32\aMFTkUa.exe
  C:\Windows\System32\aMFTkUa.exe
  2⤵
  PID:3616
- C:\Windows\System32\vQuqqxx.exe
  C:\Windows\System32\vQuqqxx.exe
  2⤵
  PID:1920
- C:\Windows\System32\ijrIdSx.exe
  C:\Windows\System32\ijrIdSx.exe
  2⤵
  PID:2060
- C:\Windows\System32\YJCPvLO.exe
  C:\Windows\System32\YJCPvLO.exe
  2⤵
  PID:1940
- C:\Windows\System32\VmPWyec.exe
  C:\Windows\System32\VmPWyec.exe
  2⤵
  PID:5076
- C:\Windows\System32\auydbOF.exe
  C:\Windows\System32\auydbOF.exe
  2⤵
  PID:3460
- C:\Windows\System32\bAMPTjK.exe
  C:\Windows\System32\bAMPTjK.exe
  2⤵
  PID:3676
- C:\Windows\System32\UQMqZyf.exe
  C:\Windows\System32\UQMqZyf.exe
  2⤵
  PID:4884
- C:\Windows\System32\qjZGMQU.exe
  C:\Windows\System32\qjZGMQU.exe
  2⤵
  PID:3308
- C:\Windows\System32\pfbiLLf.exe
  C:\Windows\System32\pfbiLLf.exe
  2⤵
  PID:5592
- C:\Windows\System32\WhVYnXE.exe
  C:\Windows\System32\WhVYnXE.exe
  2⤵
  PID:5704
- C:\Windows\System32\iplBnuQ.exe
  C:\Windows\System32\iplBnuQ.exe
  2⤵
  PID:5028
- C:\Windows\System32\IknjXOM.exe
  C:\Windows\System32\IknjXOM.exe
  2⤵
  PID:216
- C:\Windows\System32\abpoBCN.exe
  C:\Windows\System32\abpoBCN.exe
  2⤵
  PID:2176
- C:\Windows\System32\nzwHRQm.exe
  C:\Windows\System32\nzwHRQm.exe
  2⤵
  PID:1008
- C:\Windows\System32\kSXJQyN.exe
  C:\Windows\System32\kSXJQyN.exe
  2⤵
  PID:1444
- C:\Windows\System32\rTaOrwN.exe
  C:\Windows\System32\rTaOrwN.exe
  2⤵
  PID:2468
- C:\Windows\System32\KascDse.exe
  C:\Windows\System32\KascDse.exe
  2⤵
  PID:3584
- C:\Windows\System32\ZpxihXq.exe
  C:\Windows\System32\ZpxihXq.exe
  2⤵
  PID:5420
- C:\Windows\System32\herwnkw.exe
  C:\Windows\System32\herwnkw.exe
  2⤵
  PID:5268
- C:\Windows\System32\xtTpJYu.exe
  C:\Windows\System32\xtTpJYu.exe
  2⤵
  PID:6152
- C:\Windows\System32\QWcXPFE.exe
  C:\Windows\System32\QWcXPFE.exe
  2⤵
  PID:6172
- C:\Windows\System32\DlVZGFi.exe
  C:\Windows\System32\DlVZGFi.exe
  2⤵
  PID:6200
- C:\Windows\System32\NhrellP.exe
  C:\Windows\System32\NhrellP.exe
  2⤵
  PID:6220
- C:\Windows\System32\npvjPsL.exe
  C:\Windows\System32\npvjPsL.exe
  2⤵
  PID:6244
- C:\Windows\System32\VipBzal.exe
  C:\Windows\System32\VipBzal.exe
  2⤵
  PID:6268
- C:\Windows\System32\xwYDIIc.exe
  C:\Windows\System32\xwYDIIc.exe
  2⤵
  PID:6288
- C:\Windows\System32\niKvRPH.exe
  C:\Windows\System32\niKvRPH.exe
  2⤵
  PID:6312
- C:\Windows\System32\YWkAKvV.exe
  C:\Windows\System32\YWkAKvV.exe
  2⤵
  PID:6336
- C:\Windows\System32\zbapGSN.exe
  C:\Windows\System32\zbapGSN.exe
  2⤵
  PID:6360
- C:\Windows\System32\HMkJqGT.exe
  C:\Windows\System32\HMkJqGT.exe
  2⤵
  PID:6380
- C:\Windows\System32\OspPbbV.exe
  C:\Windows\System32\OspPbbV.exe
  2⤵
  PID:6412
- C:\Windows\System32\oXztHck.exe
  C:\Windows\System32\oXztHck.exe
  2⤵
  PID:6452
- C:\Windows\System32\GSojwyC.exe
  C:\Windows\System32\GSojwyC.exe
  2⤵
  PID:6476
- C:\Windows\System32\oHNnTqF.exe
  C:\Windows\System32\oHNnTqF.exe
  2⤵
  PID:6560
- C:\Windows\System32\MeNITIq.exe
  C:\Windows\System32\MeNITIq.exe
  2⤵
  PID:6592
- C:\Windows\System32\sancGrY.exe
  C:\Windows\System32\sancGrY.exe
  2⤵
  PID:6612
- C:\Windows\System32\eruohNi.exe
  C:\Windows\System32\eruohNi.exe
  2⤵
  PID:6640
- C:\Windows\System32\SqhfMZC.exe
  C:\Windows\System32\SqhfMZC.exe
  2⤵
  PID:6664
- C:\Windows\System32\vDTwVUx.exe
  C:\Windows\System32\vDTwVUx.exe
  2⤵
  PID:6692
- C:\Windows\System32\EWuJCtz.exe
  C:\Windows\System32\EWuJCtz.exe
  2⤵
  PID:6716
- C:\Windows\System32\HuBwiIi.exe
  C:\Windows\System32\HuBwiIi.exe
  2⤵
  PID:6740
- C:\Windows\System32\VpoHXLi.exe
  C:\Windows\System32\VpoHXLi.exe
  2⤵
  PID:6760
- C:\Windows\System32\yUbDvPL.exe
  C:\Windows\System32\yUbDvPL.exe
  2⤵
  PID:6792
- C:\Windows\System32\mTPlEMi.exe
  C:\Windows\System32\mTPlEMi.exe
  2⤵
  PID:6828
- C:\Windows\System32\tsFIrDg.exe
  C:\Windows\System32\tsFIrDg.exe
  2⤵
  PID:6860
- C:\Windows\System32\kbypVel.exe
  C:\Windows\System32\kbypVel.exe
  2⤵
  PID:6884
- C:\Windows\System32\vXoZxRr.exe
  C:\Windows\System32\vXoZxRr.exe
  2⤵
  PID:6916
- C:\Windows\System32\qDNGSIi.exe
  C:\Windows\System32\qDNGSIi.exe
  2⤵
  PID:6940
- C:\Windows\System32\zLEeOOy.exe
  C:\Windows\System32\zLEeOOy.exe
  2⤵
  PID:6960
- C:\Windows\System32\QLdKoWm.exe
  C:\Windows\System32\QLdKoWm.exe
  2⤵
  PID:6992
- C:\Windows\System32\EujcZzx.exe
  C:\Windows\System32\EujcZzx.exe
  2⤵
  PID:7024
- C:\Windows\System32\EqrVATe.exe
  C:\Windows\System32\EqrVATe.exe
  2⤵
  PID:7060
- C:\Windows\System32\mvbHMCK.exe
  C:\Windows\System32\mvbHMCK.exe
  2⤵
  PID:7076
- C:\Windows\System32\ufNNyaN.exe
  C:\Windows\System32\ufNNyaN.exe
  2⤵
  PID:7096
- C:\Windows\System32\FHGGhpn.exe
  C:\Windows\System32\FHGGhpn.exe
  2⤵
  PID:7116
- C:\Windows\System32\NsxucrE.exe
  C:\Windows\System32\NsxucrE.exe
  2⤵
  PID:7148
- C:\Windows\System32\UfesWYZ.exe
  C:\Windows\System32\UfesWYZ.exe
  2⤵
  PID:3540
- C:\Windows\System32\wJcgmcA.exe
  C:\Windows\System32\wJcgmcA.exe
  2⤵
  PID:6188
- C:\Windows\System32\ckmopfg.exe
  C:\Windows\System32\ckmopfg.exe
  2⤵
  PID:6296
- C:\Windows\System32\vJVEbkR.exe
  C:\Windows\System32\vJVEbkR.exe
  2⤵
  PID:6392
- C:\Windows\System32\VvfkWwZ.exe
  C:\Windows\System32\VvfkWwZ.exe
  2⤵
  PID:6344
- C:\Windows\System32\IeGEqMm.exe
  C:\Windows\System32\IeGEqMm.exe
  2⤵
  PID:6516
- C:\Windows\System32\tfqTjFZ.exe
  C:\Windows\System32\tfqTjFZ.exe
  2⤵
  PID:6552
- C:\Windows\System32\mQXTNgn.exe
  C:\Windows\System32\mQXTNgn.exe
  2⤵
  PID:6604
- C:\Windows\System32\aXKntmO.exe
  C:\Windows\System32\aXKntmO.exe
  2⤵
  PID:6660
- C:\Windows\System32\uSdBMkV.exe
  C:\Windows\System32\uSdBMkV.exe
  2⤵
  PID:6712
- C:\Windows\System32\ZgwmbiL.exe
  C:\Windows\System32\ZgwmbiL.exe
  2⤵
  PID:6788
- C:\Windows\System32\VypeLQj.exe
  C:\Windows\System32\VypeLQj.exe
  2⤵
  PID:6904
- C:\Windows\System32\IheNFuG.exe
  C:\Windows\System32\IheNFuG.exe
  2⤵
  PID:6932
- C:\Windows\System32\SaCfLEe.exe
  C:\Windows\System32\SaCfLEe.exe
  2⤵
  PID:7008
- C:\Windows\System32\khebFJC.exe
  C:\Windows\System32\khebFJC.exe
  2⤵
  PID:3752
- C:\Windows\System32\FPFQvtl.exe
  C:\Windows\System32\FPFQvtl.exe
  2⤵
  PID:7112
- C:\Windows\System32\YYOpewb.exe
  C:\Windows\System32\YYOpewb.exe
  2⤵
  PID:6184
- C:\Windows\System32\VxqPpgw.exe
  C:\Windows\System32\VxqPpgw.exe
  2⤵
  PID:6356
- C:\Windows\System32\nrHCWjn.exe
  C:\Windows\System32\nrHCWjn.exe
  2⤵
  PID:6428
- C:\Windows\System32\qhfjBuW.exe
  C:\Windows\System32\qhfjBuW.exe
  2⤵
  PID:6628
- C:\Windows\System32\MVTiiez.exe
  C:\Windows\System32\MVTiiez.exe
  2⤵
  PID:6752
- C:\Windows\System32\PkADWyi.exe
  C:\Windows\System32\PkADWyi.exe
  2⤵
  PID:6808
- C:\Windows\System32\KKcZMDD.exe
  C:\Windows\System32\KKcZMDD.exe
  2⤵
  PID:6924
- C:\Windows\System32\rNBpCGT.exe
  C:\Windows\System32\rNBpCGT.exe
  2⤵
  PID:3688
- C:\Windows\System32\jDFlKAO.exe
  C:\Windows\System32\jDFlKAO.exe
  2⤵
  PID:6484
- C:\Windows\System32\twFzCxw.exe
  C:\Windows\System32\twFzCxw.exe
  2⤵
  PID:7132
- C:\Windows\System32\vBYkaob.exe
  C:\Windows\System32\vBYkaob.exe
  2⤵
  PID:7092
- C:\Windows\System32\UQFUzoX.exe
  C:\Windows\System32\UQFUzoX.exe
  2⤵
  PID:7188
- C:\Windows\System32\BMNfjHR.exe
  C:\Windows\System32\BMNfjHR.exe
  2⤵
  PID:7204
- C:\Windows\System32\QdiZLek.exe
  C:\Windows\System32\QdiZLek.exe
  2⤵
  PID:7232
- C:\Windows\System32\qPoBwbn.exe
  C:\Windows\System32\qPoBwbn.exe
  2⤵
  PID:7264
- C:\Windows\System32\ROvHCGP.exe
  C:\Windows\System32\ROvHCGP.exe
  2⤵
  PID:7284
- C:\Windows\System32\zKBxQvF.exe
  C:\Windows\System32\zKBxQvF.exe
  2⤵
  PID:7308
- C:\Windows\System32\FzQMZej.exe
  C:\Windows\System32\FzQMZej.exe
  2⤵
  PID:7332
- C:\Windows\System32\gLmzCmR.exe
  C:\Windows\System32\gLmzCmR.exe
  2⤵
  PID:7360
- C:\Windows\System32\itfnDxR.exe
  C:\Windows\System32\itfnDxR.exe
  2⤵
  PID:7380
- C:\Windows\System32\gMYsyag.exe
  C:\Windows\System32\gMYsyag.exe
  2⤵
  PID:7436
- C:\Windows\System32\uZaFRUu.exe
  C:\Windows\System32\uZaFRUu.exe
  2⤵
  PID:7452
- C:\Windows\System32\jFgdxgI.exe
  C:\Windows\System32\jFgdxgI.exe
  2⤵
  PID:7476
- C:\Windows\System32\JNeZiTb.exe
  C:\Windows\System32\JNeZiTb.exe
  2⤵
  PID:7496
- C:\Windows\System32\CQbqeAf.exe
  C:\Windows\System32\CQbqeAf.exe
  2⤵
  PID:7540
- C:\Windows\System32\iXSulip.exe
  C:\Windows\System32\iXSulip.exe
  2⤵
  PID:7592
- C:\Windows\System32\QObWKdL.exe
  C:\Windows\System32\QObWKdL.exe
  2⤵
  PID:7608
- C:\Windows\System32\qOglONe.exe
  C:\Windows\System32\qOglONe.exe
  2⤵
  PID:7632
- C:\Windows\System32\cMWtxAV.exe
  C:\Windows\System32\cMWtxAV.exe
  2⤵
  PID:7652
- C:\Windows\System32\yXJFWet.exe
  C:\Windows\System32\yXJFWet.exe
  2⤵
  PID:7672
- C:\Windows\System32\DBtpiJl.exe
  C:\Windows\System32\DBtpiJl.exe
  2⤵
  PID:7700
- C:\Windows\System32\OChmNPb.exe
  C:\Windows\System32\OChmNPb.exe
  2⤵
  PID:7732
- C:\Windows\System32\mMPXSIn.exe
  C:\Windows\System32\mMPXSIn.exe
  2⤵
  PID:7784
- C:\Windows\System32\xbKYCsU.exe
  C:\Windows\System32\xbKYCsU.exe
  2⤵
  PID:7804
- C:\Windows\System32\pBGUMnX.exe
  C:\Windows\System32\pBGUMnX.exe
  2⤵
  PID:7828
- C:\Windows\System32\TBsyevh.exe
  C:\Windows\System32\TBsyevh.exe
  2⤵
  PID:7852
- C:\Windows\System32\lnbhgpC.exe
  C:\Windows\System32\lnbhgpC.exe
  2⤵
  PID:7880
- C:\Windows\System32\MdHcuei.exe
  C:\Windows\System32\MdHcuei.exe
  2⤵
  PID:7912
- C:\Windows\System32\GqPTImJ.exe
  C:\Windows\System32\GqPTImJ.exe
  2⤵
  PID:7956
- C:\Windows\System32\mUKOWCK.exe
  C:\Windows\System32\mUKOWCK.exe
  2⤵
  PID:7980
- C:\Windows\System32\pIqYQbB.exe
  C:\Windows\System32\pIqYQbB.exe
  2⤵
  PID:8004
- C:\Windows\System32\TVENJxP.exe
  C:\Windows\System32\TVENJxP.exe
  2⤵
  PID:8028
- C:\Windows\System32\ktvrrLI.exe
  C:\Windows\System32\ktvrrLI.exe
  2⤵
  PID:8056
- C:\Windows\System32\wMPmUsK.exe
  C:\Windows\System32\wMPmUsK.exe
  2⤵
  PID:8080
- C:\Windows\System32\DvpkFgp.exe
  C:\Windows\System32\DvpkFgp.exe
  2⤵
  PID:8100
- C:\Windows\System32\IfNaFKr.exe
  C:\Windows\System32\IfNaFKr.exe
  2⤵
  PID:8132
- C:\Windows\System32\ivLBFJo.exe
  C:\Windows\System32\ivLBFJo.exe
  2⤵
  PID:8148
- C:\Windows\System32\plhlcbk.exe
  C:\Windows\System32\plhlcbk.exe
  2⤵
  PID:7156
- C:\Windows\System32\SJeEHkO.exe
  C:\Windows\System32\SJeEHkO.exe
  2⤵
  PID:7196
- C:\Windows\System32\BXFyNRk.exe
  C:\Windows\System32\BXFyNRk.exe
  2⤵
  PID:7344
- C:\Windows\System32\xjLMTyh.exe
  C:\Windows\System32\xjLMTyh.exe
  2⤵
  PID:7276
- C:\Windows\System32\JhsoFEG.exe
  C:\Windows\System32\JhsoFEG.exe
  2⤵
  PID:7412
- C:\Windows\System32\FJUNiGg.exe
  C:\Windows\System32\FJUNiGg.exe
  2⤵
  PID:7448
- C:\Windows\System32\TkUotxT.exe
  C:\Windows\System32\TkUotxT.exe
  2⤵
  PID:7492
- C:\Windows\System32\JiTjRfP.exe
  C:\Windows\System32\JiTjRfP.exe
  2⤵
  PID:7552
- C:\Windows\System32\kCjgheI.exe
  C:\Windows\System32\kCjgheI.exe
  2⤵
  PID:7620
- C:\Windows\System32\AsnHFIp.exe
  C:\Windows\System32\AsnHFIp.exe
  2⤵
  PID:7740
- C:\Windows\System32\qSNzlBB.exe
  C:\Windows\System32\qSNzlBB.exe
  2⤵
  PID:7792
- C:\Windows\System32\jEFbxQp.exe
  C:\Windows\System32\jEFbxQp.exe
  2⤵
  PID:7896
- C:\Windows\System32\ZdnpeGY.exe
  C:\Windows\System32\ZdnpeGY.exe
  2⤵
  PID:7964
- C:\Windows\System32\epvEeQE.exe
  C:\Windows\System32\epvEeQE.exe
  2⤵
  PID:8012
- C:\Windows\System32\TGsmFWM.exe
  C:\Windows\System32\TGsmFWM.exe
  2⤵
  PID:8052
- C:\Windows\System32\kIoKStb.exe
  C:\Windows\System32\kIoKStb.exe
  2⤵
  PID:8092
- C:\Windows\System32\tvfrdIq.exe
  C:\Windows\System32\tvfrdIq.exe
  2⤵
  PID:8156
- C:\Windows\System32\aLkEGOW.exe
  C:\Windows\System32\aLkEGOW.exe
  2⤵
  PID:7172
- C:\Windows\System32\htRoWPt.exe
  C:\Windows\System32\htRoWPt.exe
  2⤵
  PID:7316
- C:\Windows\System32\qWnYcGJ.exe
  C:\Windows\System32\qWnYcGJ.exe
  2⤵
  PID:7508
- C:\Windows\System32\mBMoDnD.exe
  C:\Windows\System32\mBMoDnD.exe
  2⤵
  PID:7812
- C:\Windows\System32\mTEGMmp.exe
  C:\Windows\System32\mTEGMmp.exe
  2⤵
  PID:7928
- C:\Windows\System32\WANGISU.exe
  C:\Windows\System32\WANGISU.exe
  2⤵
  PID:8000
- C:\Windows\System32\okFwGQY.exe
  C:\Windows\System32\okFwGQY.exe
  2⤵
  PID:8160
- C:\Windows\System32\QFPOXvM.exe
  C:\Windows\System32\QFPOXvM.exe
  2⤵
  PID:7320
- C:\Windows\System32\GHlpnZw.exe
  C:\Windows\System32\GHlpnZw.exe
  2⤵
  PID:7756
- C:\Windows\System32\CLDFvah.exe
  C:\Windows\System32\CLDFvah.exe
  2⤵
  PID:8040
- C:\Windows\System32\xwXtneq.exe
  C:\Windows\System32\xwXtneq.exe
  2⤵
  PID:7348
- C:\Windows\System32\pyYXxlb.exe
  C:\Windows\System32\pyYXxlb.exe
  2⤵
  PID:8200
- C:\Windows\System32\GSLRycf.exe
  C:\Windows\System32\GSLRycf.exe
  2⤵
  PID:8220
- C:\Windows\System32\rENAQXx.exe
  C:\Windows\System32\rENAQXx.exe
  2⤵
  PID:8252
- C:\Windows\System32\OMNoEVC.exe
  C:\Windows\System32\OMNoEVC.exe
  2⤵
  PID:8272
- C:\Windows\System32\zUCYFPO.exe
  C:\Windows\System32\zUCYFPO.exe
  2⤵
  PID:8328
- C:\Windows\System32\cRMhBiv.exe
  C:\Windows\System32\cRMhBiv.exe
  2⤵
  PID:8344
- C:\Windows\System32\zsSGNKZ.exe
  C:\Windows\System32\zsSGNKZ.exe
  2⤵
  PID:8372
- C:\Windows\System32\hkMwycY.exe
  C:\Windows\System32\hkMwycY.exe
  2⤵
  PID:8404
- C:\Windows\System32\HCzGhkz.exe
  C:\Windows\System32\HCzGhkz.exe
  2⤵
  PID:8428
- C:\Windows\System32\DmbEyhH.exe
  C:\Windows\System32\DmbEyhH.exe
  2⤵
  PID:8464
- C:\Windows\System32\AEMpQcA.exe
  C:\Windows\System32\AEMpQcA.exe
  2⤵
  PID:8492
- C:\Windows\System32\FgjqyjS.exe
  C:\Windows\System32\FgjqyjS.exe
  2⤵
  PID:8516
- C:\Windows\System32\fJPPzkO.exe
  C:\Windows\System32\fJPPzkO.exe
  2⤵
  PID:8536
- C:\Windows\System32\eZabUat.exe
  C:\Windows\System32\eZabUat.exe
  2⤵
  PID:8564
- C:\Windows\System32\NbpDuwy.exe
  C:\Windows\System32\NbpDuwy.exe
  2⤵
  PID:8604
- C:\Windows\System32\YeWhMhZ.exe
  C:\Windows\System32\YeWhMhZ.exe
  2⤵
  PID:8644
- C:\Windows\System32\zgYevjC.exe
  C:\Windows\System32\zgYevjC.exe
  2⤵
  PID:8680
- C:\Windows\System32\aCoQwKh.exe
  C:\Windows\System32\aCoQwKh.exe
  2⤵
  PID:8720
- C:\Windows\System32\prRCmEy.exe
  C:\Windows\System32\prRCmEy.exe
  2⤵
  PID:8740
- C:\Windows\System32\zKPMDIr.exe
  C:\Windows\System32\zKPMDIr.exe
  2⤵
  PID:8760
- C:\Windows\System32\grCciYY.exe
  C:\Windows\System32\grCciYY.exe
  2⤵
  PID:8800
- C:\Windows\System32\EdqOKkH.exe
  C:\Windows\System32\EdqOKkH.exe
  2⤵
  PID:8836
- C:\Windows\System32\GOKpQjS.exe
  C:\Windows\System32\GOKpQjS.exe
  2⤵
  PID:8860
- C:\Windows\System32\gKrfUZM.exe
  C:\Windows\System32\gKrfUZM.exe
  2⤵
  PID:8900
- C:\Windows\System32\zOsGFGn.exe
  C:\Windows\System32\zOsGFGn.exe
  2⤵
  PID:8924
- C:\Windows\System32\zqfLBZI.exe
  C:\Windows\System32\zqfLBZI.exe
  2⤵
  PID:8960
- C:\Windows\System32\CObTlYd.exe
  C:\Windows\System32\CObTlYd.exe
  2⤵
  PID:8976
- C:\Windows\System32\xEGYUIR.exe
  C:\Windows\System32\xEGYUIR.exe
  2⤵
  PID:9008
- C:\Windows\System32\DWYANGd.exe
  C:\Windows\System32\DWYANGd.exe
  2⤵
  PID:9032
- C:\Windows\System32\ynxmjAK.exe
  C:\Windows\System32\ynxmjAK.exe
  2⤵
  PID:9072
- C:\Windows\System32\GNGupXo.exe
  C:\Windows\System32\GNGupXo.exe
  2⤵
  PID:9092
- C:\Windows\System32\ltxuZjT.exe
  C:\Windows\System32\ltxuZjT.exe
  2⤵
  PID:9132
- C:\Windows\System32\rFrfKBt.exe
  C:\Windows\System32\rFrfKBt.exe
  2⤵
  PID:9152
- C:\Windows\System32\VHtqqwJ.exe
  C:\Windows\System32\VHtqqwJ.exe
  2⤵
  PID:9188
- C:\Windows\System32\BFNvtIm.exe
  C:\Windows\System32\BFNvtIm.exe
  2⤵
  PID:9208
- C:\Windows\System32\uiNQRxE.exe
  C:\Windows\System32\uiNQRxE.exe
  2⤵
  PID:8268
- C:\Windows\System32\zbqtSNb.exe
  C:\Windows\System32\zbqtSNb.exe
  2⤵
  PID:8292
- C:\Windows\System32\eZBgxER.exe
  C:\Windows\System32\eZBgxER.exe
  2⤵
  PID:8308
- C:\Windows\System32\DCcVHhZ.exe
  C:\Windows\System32\DCcVHhZ.exe
  2⤵
  PID:8368
- C:\Windows\System32\wKNaBzi.exe
  C:\Windows\System32\wKNaBzi.exe
  2⤵
  PID:8448
- C:\Windows\System32\mQnHXGN.exe
  C:\Windows\System32\mQnHXGN.exe
  2⤵
  PID:8488
- C:\Windows\System32\LLSQyeE.exe
  C:\Windows\System32\LLSQyeE.exe
  2⤵
  PID:8548
- C:\Windows\System32\gpyQZre.exe
  C:\Windows\System32\gpyQZre.exe
  2⤵
  PID:8624
- C:\Windows\System32\XhUqDas.exe
  C:\Windows\System32\XhUqDas.exe
  2⤵
  PID:8652
- C:\Windows\System32\aTFbEGK.exe
  C:\Windows\System32\aTFbEGK.exe
  2⤵
  PID:8616
- C:\Windows\System32\RcUbXej.exe
  C:\Windows\System32\RcUbXej.exe
  2⤵
  PID:8676
- C:\Windows\System32\YSXSexm.exe
  C:\Windows\System32\YSXSexm.exe
  2⤵
  PID:8848
- C:\Windows\System32\jQAxXJb.exe
  C:\Windows\System32\jQAxXJb.exe
  2⤵
  PID:8936
- C:\Windows\System32\cTJHNZf.exe
  C:\Windows\System32\cTJHNZf.exe
  2⤵
  PID:8988
- C:\Windows\System32\tZfMrJB.exe
  C:\Windows\System32\tZfMrJB.exe
  2⤵
  PID:9064
- C:\Windows\System32\ktuNPhc.exe
  C:\Windows\System32\ktuNPhc.exe
  2⤵
  PID:9112
- C:\Windows\System32\vGPCkJi.exe
  C:\Windows\System32\vGPCkJi.exe
  2⤵
  PID:9184
- C:\Windows\System32\TEjUKyW.exe
  C:\Windows\System32\TEjUKyW.exe
  2⤵
  PID:9196
- C:\Windows\System32\EtPHnBa.exe
  C:\Windows\System32\EtPHnBa.exe
  2⤵
  PID:8340
- C:\Windows\System32\LWOPZux.exe
  C:\Windows\System32\LWOPZux.exe
  2⤵
  PID:8612
- C:\Windows\System32\WpazuwI.exe
  C:\Windows\System32\WpazuwI.exe
  2⤵
  PID:8628
- C:\Windows\System32\mLMvvlG.exe
  C:\Windows\System32\mLMvvlG.exe
  2⤵
  PID:8828
- C:\Windows\System32\WqHkwIA.exe
  C:\Windows\System32\WqHkwIA.exe
  2⤵
  PID:8912
- C:\Windows\System32\dWeUzpU.exe
  C:\Windows\System32\dWeUzpU.exe
  2⤵
  PID:9100
- C:\Windows\System32\UxqftuA.exe
  C:\Windows\System32\UxqftuA.exe
  2⤵
  PID:8228
- C:\Windows\System32\eMPEIuC.exe
  C:\Windows\System32\eMPEIuC.exe
  2⤵
  PID:8732
- C:\Windows\System32\VyGMkfI.exe
  C:\Windows\System32\VyGMkfI.exe
  2⤵
  PID:9148
- C:\Windows\System32\YPgxuBa.exe
  C:\Windows\System32\YPgxuBa.exe
  2⤵
  PID:8216
- C:\Windows\System32\trhTYCF.exe
  C:\Windows\System32\trhTYCF.exe
  2⤵
  PID:9240
- C:\Windows\System32\hmuJNHd.exe
  C:\Windows\System32\hmuJNHd.exe
  2⤵
  PID:9256
- C:\Windows\System32\dsMAlbI.exe
  C:\Windows\System32\dsMAlbI.exe
  2⤵
  PID:9276
- C:\Windows\System32\mizHbwH.exe
  C:\Windows\System32\mizHbwH.exe
  2⤵
  PID:9304
- C:\Windows\System32\GQGqtjz.exe
  C:\Windows\System32\GQGqtjz.exe
  2⤵
  PID:9340
- C:\Windows\System32\vSHrXTG.exe
  C:\Windows\System32\vSHrXTG.exe
  2⤵
  PID:9360
- C:\Windows\System32\IOcscMb.exe
  C:\Windows\System32\IOcscMb.exe
  2⤵
  PID:9384
- C:\Windows\System32\etzSxRY.exe
  C:\Windows\System32\etzSxRY.exe
  2⤵
  PID:9424
- C:\Windows\System32\AZDnVdK.exe
  C:\Windows\System32\AZDnVdK.exe
  2⤵
  PID:9444
- C:\Windows\System32\kayRgIo.exe
  C:\Windows\System32\kayRgIo.exe
  2⤵
  PID:9472
- C:\Windows\System32\LQxutDn.exe
  C:\Windows\System32\LQxutDn.exe
  2⤵
  PID:9520
- C:\Windows\System32\JWulpAw.exe
  C:\Windows\System32\JWulpAw.exe
  2⤵
  PID:9540
- C:\Windows\System32\ZaCHPiu.exe
  C:\Windows\System32\ZaCHPiu.exe
  2⤵
  PID:9604
- C:\Windows\System32\OBiDssm.exe
  C:\Windows\System32\OBiDssm.exe
  2⤵
  PID:9620
- C:\Windows\System32\AsVdowK.exe
  C:\Windows\System32\AsVdowK.exe
  2⤵
  PID:9636
- C:\Windows\System32\eAKJjpi.exe
  C:\Windows\System32\eAKJjpi.exe
  2⤵
  PID:9656
- C:\Windows\System32\uvsWibX.exe
  C:\Windows\System32\uvsWibX.exe
  2⤵
  PID:9700
- C:\Windows\System32\rNkmJGg.exe
  C:\Windows\System32\rNkmJGg.exe
  2⤵
  PID:9728
- C:\Windows\System32\ixptuux.exe
  C:\Windows\System32\ixptuux.exe
  2⤵
  PID:9748
- C:\Windows\System32\URKDbDZ.exe
  C:\Windows\System32\URKDbDZ.exe
  2⤵
  PID:9768
- C:\Windows\System32\NNWAuaf.exe
  C:\Windows\System32\NNWAuaf.exe
  2⤵
  PID:9796
- C:\Windows\System32\toqzTzp.exe
  C:\Windows\System32\toqzTzp.exe
  2⤵
  PID:9836
- C:\Windows\System32\xMhEIBM.exe
  C:\Windows\System32\xMhEIBM.exe
  2⤵
  PID:9864
- C:\Windows\System32\IBchFkZ.exe
  C:\Windows\System32\IBchFkZ.exe
  2⤵
  PID:9888
- C:\Windows\System32\kAfoHqJ.exe
  C:\Windows\System32\kAfoHqJ.exe
  2⤵
  PID:9912
- C:\Windows\System32\PydxqKL.exe
  C:\Windows\System32\PydxqKL.exe
  2⤵
  PID:9928
- C:\Windows\System32\ZJtwwtn.exe
  C:\Windows\System32\ZJtwwtn.exe
  2⤵
  PID:9960
- C:\Windows\System32\EpsiZym.exe
  C:\Windows\System32\EpsiZym.exe
  2⤵
  PID:9988
- C:\Windows\System32\LNhFSSf.exe
  C:\Windows\System32\LNhFSSf.exe
  2⤵
  PID:10012
- C:\Windows\System32\SwRvMoF.exe
  C:\Windows\System32\SwRvMoF.exe
  2⤵
  PID:10036
- C:\Windows\System32\rlknzOl.exe
  C:\Windows\System32\rlknzOl.exe
  2⤵
  PID:10064
- C:\Windows\System32\eNBZvAm.exe
  C:\Windows\System32\eNBZvAm.exe
  2⤵
  PID:10080
- C:\Windows\System32\nRmIFwm.exe
  C:\Windows\System32\nRmIFwm.exe
  2⤵
  PID:10104
- C:\Windows\System32\VpgDgsG.exe
  C:\Windows\System32\VpgDgsG.exe
  2⤵
  PID:10132
- C:\Windows\System32\xcnriHR.exe
  C:\Windows\System32\xcnriHR.exe
  2⤵
  PID:10164
- C:\Windows\System32\tDZgShk.exe
  C:\Windows\System32\tDZgShk.exe
  2⤵
  PID:10192
- C:\Windows\System32\xzqynaK.exe
  C:\Windows\System32\xzqynaK.exe
  2⤵
  PID:9220
- C:\Windows\System32\NeajbCP.exe
  C:\Windows\System32\NeajbCP.exe
  2⤵
  PID:9292
- C:\Windows\System32\GAZPUKG.exe
  C:\Windows\System32\GAZPUKG.exe
  2⤵
  PID:9376
- C:\Windows\System32\ThmyUrK.exe
  C:\Windows\System32\ThmyUrK.exe
  2⤵
  PID:9400
- C:\Windows\System32\byWOOzW.exe
  C:\Windows\System32\byWOOzW.exe
  2⤵
  PID:9480
- C:\Windows\System32\uhvdjYj.exe
  C:\Windows\System32\uhvdjYj.exe
  2⤵
  PID:9548
- C:\Windows\System32\lOXxYJr.exe
  C:\Windows\System32\lOXxYJr.exe
  2⤵
  PID:9684
- C:\Windows\System32\VkIgilO.exe
  C:\Windows\System32\VkIgilO.exe
  2⤵
  PID:9764
- C:\Windows\System32\JGZpDxT.exe
  C:\Windows\System32\JGZpDxT.exe
  2⤵
  PID:9760
- C:\Windows\System32\ymdDuKv.exe
  C:\Windows\System32\ymdDuKv.exe
  2⤵
  PID:9876
- C:\Windows\System32\piRyhli.exe
  C:\Windows\System32\piRyhli.exe
  2⤵
  PID:9896
- C:\Windows\System32\bnbERgm.exe
  C:\Windows\System32\bnbERgm.exe
  2⤵
  PID:9968
- C:\Windows\System32\HidNoVd.exe
  C:\Windows\System32\HidNoVd.exe
  2⤵
  PID:10020
- C:\Windows\System32\RnUySgh.exe
  C:\Windows\System32\RnUySgh.exe
  2⤵
  PID:10100
- C:\Windows\System32\WaUVWRH.exe
  C:\Windows\System32\WaUVWRH.exe
  2⤵
  PID:10148
- C:\Windows\System32\IrEQuUH.exe
  C:\Windows\System32\IrEQuUH.exe
  2⤵
  PID:10228
- C:\Windows\System32\RjRNTeH.exe
  C:\Windows\System32\RjRNTeH.exe
  2⤵
  PID:9320
- C:\Windows\System32\RmeayvT.exe
  C:\Windows\System32\RmeayvT.exe
  2⤵
  PID:9628
- C:\Windows\System32\seOddAh.exe
  C:\Windows\System32\seOddAh.exe
  2⤵
  PID:9708
- C:\Windows\System32\yHVjAvS.exe
  C:\Windows\System32\yHVjAvS.exe
  2⤵
  PID:9884
- C:\Windows\System32\OdWFeRb.exe
  C:\Windows\System32\OdWFeRb.exe
  2⤵
  PID:10048
- C:\Windows\System32\lgRjELb.exe
  C:\Windows\System32\lgRjELb.exe
  2⤵
  PID:10004
- C:\Windows\System32\nqELLUe.exe
  C:\Windows\System32\nqELLUe.exe
  2⤵
  PID:10204
- C:\Windows\System32\SfHHbCT.exe
  C:\Windows\System32\SfHHbCT.exe
  2⤵
  PID:9532
- C:\Windows\System32\ERoWFkJ.exe
  C:\Windows\System32\ERoWFkJ.exe
  2⤵
  PID:9788
- C:\Windows\System32\lJAcQMv.exe
  C:\Windows\System32\lJAcQMv.exe
  2⤵
  PID:10088
- C:\Windows\System32\rjPznFi.exe
  C:\Windows\System32\rjPznFi.exe
  2⤵
  PID:10152
- C:\Windows\System32\PXSDVPM.exe
  C:\Windows\System32\PXSDVPM.exe
  2⤵
  PID:10308
- C:\Windows\System32\hQkMMZs.exe
  C:\Windows\System32\hQkMMZs.exe
  2⤵
  PID:10344
- C:\Windows\System32\FJcMmud.exe
  C:\Windows\System32\FJcMmud.exe
  2⤵
  PID:10364
- C:\Windows\System32\BvEZKuK.exe
  C:\Windows\System32\BvEZKuK.exe
  2⤵
  PID:10384
- C:\Windows\System32\DXFSzzE.exe
  C:\Windows\System32\DXFSzzE.exe
  2⤵
  PID:10408
- C:\Windows\System32\dWwQjGp.exe
  C:\Windows\System32\dWwQjGp.exe
  2⤵
  PID:10424
- C:\Windows\System32\QxCccSe.exe
  C:\Windows\System32\QxCccSe.exe
  2⤵
  PID:10448
- C:\Windows\System32\gHwnTkx.exe
  C:\Windows\System32\gHwnTkx.exe
  2⤵
  PID:10500
- C:\Windows\System32\SWiQTOj.exe
  C:\Windows\System32\SWiQTOj.exe
  2⤵
  PID:10524
- C:\Windows\System32\VzxMnAl.exe
  C:\Windows\System32\VzxMnAl.exe
  2⤵
  PID:10548
- C:\Windows\System32\TgybNta.exe
  C:\Windows\System32\TgybNta.exe
  2⤵
  PID:10568
- C:\Windows\System32\VrIhvXa.exe
  C:\Windows\System32\VrIhvXa.exe
  2⤵
  PID:10596
- C:\Windows\System32\Frcgusi.exe
  C:\Windows\System32\Frcgusi.exe
  2⤵
  PID:10616
- C:\Windows\System32\wWCgBBX.exe
  C:\Windows\System32\wWCgBBX.exe
  2⤵
  PID:10668
- C:\Windows\System32\iePsHja.exe
  C:\Windows\System32\iePsHja.exe
  2⤵
  PID:10708
- C:\Windows\System32\GKUalUw.exe
  C:\Windows\System32\GKUalUw.exe
  2⤵
  PID:10740
- C:\Windows\System32\jRZJudP.exe
  C:\Windows\System32\jRZJudP.exe
  2⤵
  PID:10768
- C:\Windows\System32\NpoRqLV.exe
  C:\Windows\System32\NpoRqLV.exe
  2⤵
  PID:10796
- C:\Windows\System32\ORJSEWl.exe
  C:\Windows\System32\ORJSEWl.exe
  2⤵
  PID:10824
- C:\Windows\System32\DUAQvlx.exe
  C:\Windows\System32\DUAQvlx.exe
  2⤵
  PID:10840
- C:\Windows\System32\VuSDpHS.exe
  C:\Windows\System32\VuSDpHS.exe
  2⤵
  PID:10876
- C:\Windows\System32\yzUeBeO.exe
  C:\Windows\System32\yzUeBeO.exe
  2⤵
  PID:10896
- C:\Windows\System32\umzNDCu.exe
  C:\Windows\System32\umzNDCu.exe
  2⤵
  PID:10932
- C:\Windows\System32\dSzqHbQ.exe
  C:\Windows\System32\dSzqHbQ.exe
  2⤵
  PID:10960
- C:\Windows\System32\HZsialc.exe
  C:\Windows\System32\HZsialc.exe
  2⤵
  PID:10980
- C:\Windows\System32\JSguBSS.exe
  C:\Windows\System32\JSguBSS.exe
  2⤵
  PID:11024
- C:\Windows\System32\VIpYLfh.exe
  C:\Windows\System32\VIpYLfh.exe
  2⤵
  PID:11052
- C:\Windows\System32\IddtDru.exe
  C:\Windows\System32\IddtDru.exe
  2⤵
  PID:11072
- C:\Windows\System32\ODSQqZm.exe
  C:\Windows\System32\ODSQqZm.exe
  2⤵
  PID:11112
- C:\Windows\System32\FkhGgUs.exe
  C:\Windows\System32\FkhGgUs.exe
  2⤵
  PID:11136
- C:\Windows\System32\BbkDxqp.exe
  C:\Windows\System32\BbkDxqp.exe
  2⤵
  PID:11156
- C:\Windows\System32\CBQwBIm.exe
  C:\Windows\System32\CBQwBIm.exe
  2⤵
  PID:11184
- C:\Windows\System32\gxHCVvH.exe
  C:\Windows\System32\gxHCVvH.exe
  2⤵
  PID:11208
- C:\Windows\System32\bdgnERB.exe
  C:\Windows\System32\bdgnERB.exe
  2⤵
  PID:11244
- C:\Windows\System32\izAPgSx.exe
  C:\Windows\System32\izAPgSx.exe
  2⤵
  PID:10268
- C:\Windows\System32\JFzFdYV.exe
  C:\Windows\System32\JFzFdYV.exe
  2⤵
  PID:10476
- C:\Windows\System32\wymtAoE.exe
  C:\Windows\System32\wymtAoE.exe
  2⤵
  PID:10652
- C:\Windows\System32\sGoASYC.exe
  C:\Windows\System32\sGoASYC.exe
  2⤵
  PID:10644
- C:\Windows\System32\QxUnwOr.exe
  C:\Windows\System32\QxUnwOr.exe
  2⤵
  PID:10676
- C:\Windows\System32\ZCNmlPh.exe
  C:\Windows\System32\ZCNmlPh.exe
  2⤵
  PID:10748
- C:\Windows\System32\fJOckQy.exe
  C:\Windows\System32\fJOckQy.exe
  2⤵
  PID:10784
- C:\Windows\System32\gClciOT.exe
  C:\Windows\System32\gClciOT.exe
  2⤵
  PID:10836
- C:\Windows\System32\tNzHQfm.exe
  C:\Windows\System32\tNzHQfm.exe
  2⤵
  PID:10864
- C:\Windows\System32\FZWzyXv.exe
  C:\Windows\System32\FZWzyXv.exe
  2⤵
  PID:10928
- C:\Windows\System32\xCyzlUJ.exe
  C:\Windows\System32\xCyzlUJ.exe
  2⤵
  PID:10968
- C:\Windows\System32\OKjoIBn.exe
  C:\Windows\System32\OKjoIBn.exe
  2⤵
  PID:11060
- C:\Windows\System32\vdUlXUh.exe
  C:\Windows\System32\vdUlXUh.exe
  2⤵
  PID:11172
- C:\Windows\System32\IHGxZcg.exe
  C:\Windows\System32\IHGxZcg.exe
  2⤵
  PID:11216
- C:\Windows\System32\fpxqgJP.exe
  C:\Windows\System32\fpxqgJP.exe
  2⤵
  PID:11260
- C:\Windows\System32\hDQPEjD.exe
  C:\Windows\System32\hDQPEjD.exe
  2⤵
  PID:10580
- C:\Windows\System32\SSCwooM.exe
  C:\Windows\System32\SSCwooM.exe
  2⤵
  PID:10324
- C:\Windows\System32\zPEFFbR.exe
  C:\Windows\System32\zPEFFbR.exe
  2⤵
  PID:10400
- C:\Windows\System32\fzXOjgr.exe
  C:\Windows\System32\fzXOjgr.exe
  2⤵
  PID:10516
- C:\Windows\System32\GCskooD.exe
  C:\Windows\System32\GCskooD.exe
  2⤵
  PID:10632
- C:\Windows\System32\lAiqlrU.exe
  C:\Windows\System32\lAiqlrU.exe
  2⤵
  PID:10808
- C:\Windows\System32\AxhCBYd.exe
  C:\Windows\System32\AxhCBYd.exe
  2⤵
  PID:11032
- C:\Windows\System32\VlaJWeL.exe
  C:\Windows\System32\VlaJWeL.exe
  2⤵
  PID:11236
- C:\Windows\System32\IqxPKkm.exe
  C:\Windows\System32\IqxPKkm.exe
  2⤵
  PID:10288
- C:\Windows\System32\PDiifCp.exe
  C:\Windows\System32\PDiifCp.exe
  2⤵
  PID:10756
- C:\Windows\System32\xSAPBEF.exe
  C:\Windows\System32\xSAPBEF.exe
  2⤵
  PID:10804
- C:\Windows\System32\PugNlHr.exe
  C:\Windows\System32\PugNlHr.exe
  2⤵
  PID:11128
- C:\Windows\System32\OYFRafQ.exe
  C:\Windows\System32\OYFRafQ.exe
  2⤵
  PID:10536
- C:\Windows\System32\dCQhrBB.exe
  C:\Windows\System32\dCQhrBB.exe
  2⤵
  PID:10508
- C:\Windows\System32\MfROfLC.exe
  C:\Windows\System32\MfROfLC.exe
  2⤵
  PID:11284
- C:\Windows\System32\XATuWwx.exe
  C:\Windows\System32\XATuWwx.exe
  2⤵
  PID:11328
- C:\Windows\System32\zNWtuLP.exe
  C:\Windows\System32\zNWtuLP.exe
  2⤵
  PID:11364
- C:\Windows\System32\PrvdcVP.exe
  C:\Windows\System32\PrvdcVP.exe
  2⤵
  PID:11392
- C:\Windows\System32\NbRErec.exe
  C:\Windows\System32\NbRErec.exe
  2⤵
  PID:11428
- C:\Windows\System32\kqvUjiP.exe
  C:\Windows\System32\kqvUjiP.exe
  2⤵
  PID:11452
- C:\Windows\System32\rXOOjWG.exe
  C:\Windows\System32\rXOOjWG.exe
  2⤵
  PID:11488
- C:\Windows\System32\CJXTUPG.exe
  C:\Windows\System32\CJXTUPG.exe
  2⤵
  PID:11540
- C:\Windows\System32\imICgQN.exe
  C:\Windows\System32\imICgQN.exe
  2⤵
  PID:11556
- C:\Windows\System32\nhyHFTR.exe
  C:\Windows\System32\nhyHFTR.exe
  2⤵
  PID:11580
- C:\Windows\System32\emtuFyI.exe
  C:\Windows\System32\emtuFyI.exe
  2⤵
  PID:11596
- C:\Windows\System32\iWyNmeH.exe
  C:\Windows\System32\iWyNmeH.exe
  2⤵
  PID:11616
- C:\Windows\System32\bbOLcCC.exe
  C:\Windows\System32\bbOLcCC.exe
  2⤵
  PID:11672
- C:\Windows\System32\VSizNVt.exe
  C:\Windows\System32\VSizNVt.exe
  2⤵
  PID:11692
- C:\Windows\System32\TZZAkZn.exe
  C:\Windows\System32\TZZAkZn.exe
  2⤵
  PID:11712
- C:\Windows\System32\IXHDeUC.exe
  C:\Windows\System32\IXHDeUC.exe
  2⤵
  PID:11736
- C:\Windows\System32\uOzTgvd.exe
  C:\Windows\System32\uOzTgvd.exe
  2⤵
  PID:11764
- C:\Windows\System32\RjmboTb.exe
  C:\Windows\System32\RjmboTb.exe
  2⤵
  PID:11784
- C:\Windows\System32\JHqxKXj.exe
  C:\Windows\System32\JHqxKXj.exe
  2⤵
  PID:11804
- C:\Windows\System32\pPhiRbn.exe
  C:\Windows\System32\pPhiRbn.exe
  2⤵
  PID:11844
- C:\Windows\System32\msFsAbx.exe
  C:\Windows\System32\msFsAbx.exe
  2⤵
  PID:11876
- C:\Windows\System32\KmijsDS.exe
  C:\Windows\System32\KmijsDS.exe
  2⤵
  PID:11908
- C:\Windows\System32\rofVSOC.exe
  C:\Windows\System32\rofVSOC.exe
  2⤵
  PID:11932
- C:\Windows\System32\UhzoyGf.exe
  C:\Windows\System32\UhzoyGf.exe
  2⤵
  PID:11992
- C:\Windows\System32\NuqDfRq.exe
  C:\Windows\System32\NuqDfRq.exe
  2⤵
  PID:12016
- C:\Windows\System32\EBLYVbv.exe
  C:\Windows\System32\EBLYVbv.exe
  2⤵
  PID:12036
- C:\Windows\System32\wtwBWxP.exe
  C:\Windows\System32\wtwBWxP.exe
  2⤵
  PID:12060
- C:\Windows\System32\ehSDSUp.exe
  C:\Windows\System32\ehSDSUp.exe
  2⤵
  PID:12080
- C:\Windows\System32\dmoVlzI.exe
  C:\Windows\System32\dmoVlzI.exe
  2⤵
  PID:12112
- C:\Windows\System32\qMzWwYX.exe
  C:\Windows\System32\qMzWwYX.exe
  2⤵
  PID:12152
- C:\Windows\System32\hFESUwW.exe
  C:\Windows\System32\hFESUwW.exe
  2⤵
  PID:12168
- C:\Windows\System32\iuJSqtg.exe
  C:\Windows\System32\iuJSqtg.exe
  2⤵
  PID:12196
- C:\Windows\System32\gQbdLHC.exe
  C:\Windows\System32\gQbdLHC.exe
  2⤵
  PID:12228
- C:\Windows\System32\rOXQTxJ.exe
  C:\Windows\System32\rOXQTxJ.exe
  2⤵
  PID:12252
- C:\Windows\System32\bnBEDIY.exe
  C:\Windows\System32\bnBEDIY.exe
  2⤵
  PID:12284
- C:\Windows\System32\WcBPoWm.exe
  C:\Windows\System32\WcBPoWm.exe
  2⤵
  PID:11300
- C:\Windows\System32\OTFAvcN.exe
  C:\Windows\System32\OTFAvcN.exe
  2⤵
  PID:11384
- C:\Windows\System32\LZWhkDK.exe
  C:\Windows\System32\LZWhkDK.exe
  2⤵
  PID:11440
- C:\Windows\System32\JNZdGmv.exe
  C:\Windows\System32\JNZdGmv.exe
  2⤵
  PID:11496
- C:\Windows\System32\hlIAwlb.exe
  C:\Windows\System32\hlIAwlb.exe
  2⤵
  PID:11508
- C:\Windows\System32\jadUyuu.exe
  C:\Windows\System32\jadUyuu.exe
  2⤵
  PID:11588
- C:\Windows\System32\VuvkzPH.exe
  C:\Windows\System32\VuvkzPH.exe
  2⤵
  PID:11656
- C:\Windows\System32\KrOjpzs.exe
  C:\Windows\System32\KrOjpzs.exe
  2⤵
  PID:11732
- C:\Windows\System32\jbftOio.exe
  C:\Windows\System32\jbftOio.exe
  2⤵
  PID:11800
- C:\Windows\System32\mluXPzr.exe
  C:\Windows\System32\mluXPzr.exe
  2⤵
  PID:11840
- C:\Windows\System32\gaYBUUi.exe
  C:\Windows\System32\gaYBUUi.exe
  2⤵
  PID:10788
- C:\Windows\System32\GQQGemu.exe
  C:\Windows\System32\GQQGemu.exe
  2⤵
  PID:12044
- C:\Windows\System32\FAxpfUr.exe
  C:\Windows\System32\FAxpfUr.exe
  2⤵
  PID:12096
- C:\Windows\System32\WvkYOdQ.exe
  C:\Windows\System32\WvkYOdQ.exe
  2⤵
  PID:12160
- C:\Windows\System32\QklTGoU.exe
  C:\Windows\System32\QklTGoU.exe
  2⤵
  PID:12240
- C:\Windows\System32\XmpyYAF.exe
  C:\Windows\System32\XmpyYAF.exe
  2⤵
  PID:12268
- C:\Windows\System32\KYJNHhS.exe
  C:\Windows\System32\KYJNHhS.exe
  2⤵
  PID:11420
- C:\Windows\System32\quGVPsf.exe
  C:\Windows\System32\quGVPsf.exe
  2⤵
  PID:11532
- C:\Windows\System32\hGhkRku.exe
  C:\Windows\System32\hGhkRku.exe
  2⤵
  PID:11628
- C:\Windows\System32\KEyelLQ.exe
  C:\Windows\System32\KEyelLQ.exe
  2⤵
  PID:11752
- C:\Windows\System32\qfBYYhx.exe
  C:\Windows\System32\qfBYYhx.exe
  2⤵
  PID:11812
- C:\Windows\System32\nDQkutI.exe
  C:\Windows\System32\nDQkutI.exe
  2⤵
  PID:12068
- C:\Windows\System32\aAyoLsA.exe
  C:\Windows\System32\aAyoLsA.exe
  2⤵
  PID:12224
- C:\Windows\System32\rHJwxyF.exe
  C:\Windows\System32\rHJwxyF.exe
  2⤵
  PID:11352
- C:\Windows\System32\UmftqVf.exe
  C:\Windows\System32\UmftqVf.exe
  2⤵
  PID:11724
- C:\Windows\System32\IXFOTSc.exe
  C:\Windows\System32\IXFOTSc.exe
  2⤵
  PID:12220
- C:\Windows\System32\joNiDxO.exe
  C:\Windows\System32\joNiDxO.exe
  2⤵
  PID:12248
- C:\Windows\System32\wliDpLO.exe
  C:\Windows\System32\wliDpLO.exe
  2⤵
  PID:11892
- C:\Windows\System32\SUvZNAT.exe
  C:\Windows\System32\SUvZNAT.exe
  2⤵
  PID:3524
- C:\Windows\System32\IJKxYbt.exe
  C:\Windows\System32\IJKxYbt.exe
  2⤵
  PID:12304
- C:\Windows\System32\kNazPTP.exe
  C:\Windows\System32\kNazPTP.exe
  2⤵
  PID:12340
- C:\Windows\System32\ymVtkbS.exe
  C:\Windows\System32\ymVtkbS.exe
  2⤵
  PID:12368
- C:\Windows\System32\FzinDhP.exe
  C:\Windows\System32\FzinDhP.exe
  2⤵
  PID:12400
- C:\Windows\System32\AvQUCCK.exe
  C:\Windows\System32\AvQUCCK.exe
  2⤵
  PID:12416
- C:\Windows\System32\QnWuNdA.exe
  C:\Windows\System32\QnWuNdA.exe
  2⤵
  PID:12444
- C:\Windows\System32\wrzbQbp.exe
  C:\Windows\System32\wrzbQbp.exe
  2⤵
  PID:12476
- C:\Windows\System32\tlKjHji.exe
  C:\Windows\System32\tlKjHji.exe
  2⤵
  PID:12492
- C:\Windows\System32\ELooatQ.exe
  C:\Windows\System32\ELooatQ.exe
  2⤵
  PID:12532
- C:\Windows\System32\ZUtwWlA.exe
  C:\Windows\System32\ZUtwWlA.exe
  2⤵
  PID:12564
- C:\Windows\System32\siYaeaX.exe
  C:\Windows\System32\siYaeaX.exe
  2⤵
  PID:12592
- C:\Windows\System32\IJKXRnZ.exe
  C:\Windows\System32\IJKXRnZ.exe
  2⤵
  PID:12612
- C:\Windows\System32\WbWttAG.exe
  C:\Windows\System32\WbWttAG.exe
  2⤵
  PID:12640
- C:\Windows\System32\THFyxnc.exe
  C:\Windows\System32\THFyxnc.exe
  2⤵
  PID:12656
- C:\Windows\System32\ILQEBSN.exe
  C:\Windows\System32\ILQEBSN.exe
  2⤵
  PID:12684
- C:\Windows\System32\WRFcYYq.exe
  C:\Windows\System32\WRFcYYq.exe
  2⤵
  PID:12720
- C:\Windows\System32\yZLzzUA.exe
  C:\Windows\System32\yZLzzUA.exe
  2⤵
  PID:12740
- C:\Windows\System32\NKiOGEc.exe
  C:\Windows\System32\NKiOGEc.exe
  2⤵
  PID:12776
- C:\Windows\System32\PtDTFtK.exe
  C:\Windows\System32\PtDTFtK.exe
  2⤵
  PID:12796
- C:\Windows\System32\qYylmzA.exe
  C:\Windows\System32\qYylmzA.exe
  2⤵
  PID:12812
- C:\Windows\System32\VlQRTTV.exe
  C:\Windows\System32\VlQRTTV.exe
  2⤵
  PID:12852
- C:\Windows\System32\KADDRHX.exe
  C:\Windows\System32\KADDRHX.exe
  2⤵
  PID:12884
- C:\Windows\System32\bvGrseF.exe
  C:\Windows\System32\bvGrseF.exe
  2⤵
  PID:12928
- C:\Windows\System32\zYsIgCQ.exe
  C:\Windows\System32\zYsIgCQ.exe
  2⤵
  PID:12972
- C:\Windows\System32\vKKcIgq.exe
  C:\Windows\System32\vKKcIgq.exe
  2⤵
  PID:12988
- C:\Windows\System32\ZSXJUZe.exe
  C:\Windows\System32\ZSXJUZe.exe
  2⤵
  PID:13004
- C:\Windows\System32\HRRvHus.exe
  C:\Windows\System32\HRRvHus.exe
  2⤵
  PID:13024
- C:\Windows\System32\jFDieqr.exe
  C:\Windows\System32\jFDieqr.exe
  2⤵
  PID:13048
- C:\Windows\System32\XzkWeCT.exe
  C:\Windows\System32\XzkWeCT.exe
  2⤵
  PID:13080
- C:\Windows\System32\dvofjAL.exe
  C:\Windows\System32\dvofjAL.exe
  2⤵
  PID:13112
- C:\Windows\System32\YecSlsz.exe
  C:\Windows\System32\YecSlsz.exe
  2⤵
  PID:13132
- C:\Windows\System32\cHkOxcY.exe
  C:\Windows\System32\cHkOxcY.exe
  2⤵
  PID:13168
- C:\Windows\System32\OSeZDzv.exe
  C:\Windows\System32\OSeZDzv.exe
  2⤵
  PID:13184
- C:\Windows\System32\rgtYTen.exe
  C:\Windows\System32\rgtYTen.exe
  2⤵
  PID:13212
- C:\Windows\System32\NkEqsmY.exe
  C:\Windows\System32\NkEqsmY.exe
  2⤵
  PID:13248
- C:\Windows\System32\toeGuuJ.exe
  C:\Windows\System32\toeGuuJ.exe
  2⤵
  PID:13268
- C:\Windows\System32\BGSFojd.exe
  C:\Windows\System32\BGSFojd.exe
  2⤵
  PID:11772
- C:\Windows\System32\cOrAoPu.exe
  C:\Windows\System32\cOrAoPu.exe
  2⤵
  PID:12360
- C:\Windows\System32\KlvKzhc.exe
  C:\Windows\System32\KlvKzhc.exe
  2⤵
  PID:12428
- C:\Windows\System32\XtbrKiw.exe
  C:\Windows\System32\XtbrKiw.exe
  2⤵
  PID:12464
- C:\Windows\System32\FpdqNte.exe
  C:\Windows\System32\FpdqNte.exe
  2⤵
  PID:12572

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AuPjuwh.exe

Filesize
2.0MB

MD5
32ad673a6ffdda3366e7372e3b0757b6

SHA1
f46ce5a885084a4e070bde6228312181c2672aed

SHA256
d307d2b21c2200283cca648e587156d38308452d4ae302fc57296c7055a0f85a

SHA512
0cda3d3aaa2cc08a85e57863c3147a92613a354523b96e34c474e49423371762e8bd043c72f0daf15731e834179161e0e14ba997278807db66bb1e1deda79920

Download Submit
C:\Windows\System32\AwkFlcR.exe

Filesize
2.0MB

MD5
eb6dd810fbc44e07c17c32fd1fa008b5

SHA1
b007d19586fd8d01107eb9430ee100e353cdb734

SHA256
69f5fefcc41640f07c773f2dc8448327b6865fd890baff912752ec2668f2cd26

SHA512
06e0cc3ec3f3efe491b7bdd2b3657008f6e21609dd0508efc17da298d03757cab4ea7b8075140e155e9909f03ad05c9e65e23ed61e426fff07d4943002989c6f

Download Submit
C:\Windows\System32\DvElcdP.exe

Filesize
2.0MB

MD5
46ccabb4a5b885d79fd60c0e55b456fc

SHA1
1787287ad5e427becd8d39bf3e2ea4ce88b4bfbd

SHA256
169ba3bac1146852e590fa60a9ea2d7be8acae02be306a13c8437cb1a9ff7f1e

SHA512
aa86694ca2635c169ed636704f1cfcc5ffe5f50adcd1c42d04524a58b13367ddb1e8e0180195bb34271db96eb6185138479a9137be19cbd5b7fa32cb59e3a7fe

Download Submit
C:\Windows\System32\HMCNtRy.exe

Filesize
2.0MB

MD5
a186a8edc9e9f89f3e636f6afabb565d

SHA1
e70d21b3a6162eec8bb57f10dadba7e39ea86b16

SHA256
3c6f93bd467d39b205a6124189500005085e2968f0e2b5ac0d19c7348a7e0f91

SHA512
4d34e1b1628a301883dac8c8ec7815e35b11c576d10ba474107e88e10a4afc1a62b7ed024b9da47a34294799fd72ee6cd37d92d15481911b298f52ab5db76df0

Download Submit
C:\Windows\System32\IIteiXd.exe

Filesize
2.0MB

MD5
ba29bf130e027e42d20373f39a9e159a

SHA1
1385e68986c41ca2a34552c7f78cb4ee219d4c82

SHA256
81548b1ab88a9372257567063a84a9f657c88971a53ef9fc732076d65c35605c

SHA512
e21a6ab9617bb15c1264c10c44d070fe9740e15f932e73564d3c30c96637caa9a79dc41f157aecb133064a02b0e7f6353f0ecdf53c16e0a13b6f1aeba4da4e63

Download Submit
C:\Windows\System32\KXrtoSA.exe

Filesize
2.0MB

MD5
84e41ad8aa4bb7a822fe46953d5a1ea1

SHA1
648aca101864ae6c5980593755239165d0c90e3a

SHA256
00b7a99c57979e274a5b87a384f92565d9ed346f3538dc8804f729711e0f1971

SHA512
d8d8d67619514f55736db4a19f706294e202a627e9e0f126aa1615c4c327d8c84d7a2ed2902384acafceba5245536b49ce0b41837b555e7bf26342cc87064595

Download Submit
C:\Windows\System32\LPmlXWW.exe

Filesize
2.0MB

MD5
1250b1ccde3d5cd0928e2eca0c419a44

SHA1
37d7762d76661718cd1f7be654c6a0213aa7bfb9

SHA256
f3c40d61c5f81dba922d66f085942cc456c5848c3f9404bbc0626917d10f01e0

SHA512
01cada794e7a7cf35d408b1ec2908d01bbde84187ef8bbe0fab6302f06da7c6a74285ce2cae7ad7e9cf418eab394aa88884bda68819738665b453de91d9ffdbc

Download Submit
C:\Windows\System32\LaKsatV.exe

Filesize
2.0MB

MD5
a318a0753c0632e59c1aa26aeb0eaa91

SHA1
c2e431af303ce6e16549fdfb701bd1cd3d822676

SHA256
d095ac83a519c5a1d2c590b1e3ef98a29861aa43bd26ec1e82c64d18bd78667b

SHA512
ad8689689e81e4bcc96769f15f5f2e2e485710e796ff73ab2920353c2cf897100e49cd11f46e789a43a4eba8890007fa29cce03d51031e46155cf1cadb69dde8

Download Submit
C:\Windows\System32\MqUohHP.exe

Filesize
2.0MB

MD5
f05701d4b34449eb9c21b78b450d3cf4

SHA1
013acfbe562a0d6e633e67f80d5c8691d01dbfe1

SHA256
3a5e42e1f215a05e52923f305ff6bf292f1545fed0a699df8478229d264edd31

SHA512
4deb77098d71aea717df25834b060cd1ae68aa78779f76732b28a2dc68c393cd933264d9e29ec42e6f2a628aba16ee648cf5ea0eaf1e030e2285264f5fe46639

Download Submit
C:\Windows\System32\NwMDJCP.exe

Filesize
2.0MB

MD5
8ebcd47427fb0bc4375639e24dc65e2d

SHA1
6af6c4c37328c7b4baa9274c61799d4447732dc0

SHA256
54b88d2b3dafb80d760035055d0e4731a9d119f9bddcc015573f1cae3c091e0d

SHA512
7e797595a5ab62531bc3242d58ac6bde14357200e7cf77f99c6c5c0c550f19d0eb50de255dd392c5de286b94d7b9ed14e159dda9c7be7c671cbeb8d128c4e469

Download Submit
C:\Windows\System32\QKYZRhY.exe

Filesize
2.0MB

MD5
632f686da7f65f3b2f2511b6c3c92fa8

SHA1
9734bb7d4e31350919512771d29595d39c7276de

SHA256
80d2573a9840d76b7ada76bc92fbfc375559f0ae835af2ef152ea9e5717042a0

SHA512
e7988a788a486c22320bfa7c5c97c5a092d29f9edd4a2d2bb2e7f4b460f9998d2b399e02053010c6505c7652b8ccdece8a3465b7418ffeeb0e0fd2e529875f03

Download Submit
C:\Windows\System32\QqUCRAe.exe

Filesize
2.0MB

MD5
2e9b06067bbb175a240878c4797d33b9

SHA1
5dc7d4d6d1a31d305f306473d51d84113766eef2

SHA256
a93da1f68da42824afda65b2c4fca4cfe063efc5355fb437be023769ad5f057d

SHA512
0f55104dd9046375fe7a3dda853e0474aae97a62a7ea90f11904919106307262fbeabc0c7fc7ebcdb80b60e68c8d5e5418efec123fc1e91f01395f2a4c1a90fb

Download Submit
C:\Windows\System32\XjWCUbZ.exe

Filesize
2.0MB

MD5
6556bb9194882743c3203a968d6f2b2b

SHA1
91a5c643c68bd3764d6ab4f9ccd6f4291ad470e8

SHA256
c0ba615e58a93fec966e5068db789013115d6d785116067563a70565922cbbb3

SHA512
ee8fb930ae6defca184e4e5296f52a70a261300f1451b926e3581c85431995f39406467b287e3592c9c549d27010ead89c7a10845602a506edead544ee3b1ead

Download Submit
C:\Windows\System32\XwpvYvY.exe

Filesize
2.0MB

MD5
9a3bf68ce6fc72c45397395e29fc0ad5

SHA1
31eefdd6e40b22780c8d3488899717fbb515e23b

SHA256
fba2a9708a54bf6d76cf2c7cd852a67ec5e0c7c55df33d9eaf3a3689fb32c4ee

SHA512
efb7cc8ee3a23f4cbadf107b6496b55fe616b38256db4ff0be49af6ffbdee407add4e4fa46bc340c1b4c6896118a749cb7994af38cc0fc048d13a37d0cbed5e9

Download Submit
C:\Windows\System32\ZrYaGPi.exe

Filesize
2.0MB

MD5
eda58cf9e4d5a65b6380e4a45671788c

SHA1
22cc10bc4dd583a1ebd1939c3a9210efd155f6dc

SHA256
1bbf024fbbc55d846dd83f9e87a30dd9e9a442531b51a09eeaa339523aa3b40a

SHA512
bd19d3e4d5c66f25c0985fc66b58b8666a395ebcec5cf703ba19b4184918ad1bdea2810c5ab027bb7c826cad5e875c0455f9cce209e875ce0ca5e9644997a789

Download Submit
C:\Windows\System32\asPaTkY.exe

Filesize
2.0MB

MD5
81ef7960fcbed6f506c88cfb1c24678b

SHA1
d4f0dcb053ce078ff80437345f157137d8ec554d

SHA256
58d2931f42de1a5c5fb6c25c20a1bffd83e223fc3b7dcc9475876f8b80d001af

SHA512
d5d57dbb16ce86ff7f995b0e3a625f45e86594964be39e01af7481c8e2075e31a53fa6e811e20b7efcaf20b199ad023786499e36c6e530a64b8a139b9ca87a24

Download Submit
C:\Windows\System32\fscZrjD.exe

Filesize
2.0MB

MD5
bd1a9d4e0b3bfb88ab3a24b70b02324e

SHA1
58c946b1b662d9dd66b14c553cf8f0a0ffd42f73

SHA256
d930f6ef174428fe40ad02d08d266eca239e9904cc6203cd4cd91dabdaf783b5

SHA512
d68f3f9709eebb4bc4add46db0018d5855c25a24b75e7c8b0c399cfec497b992131015350e744b766260532d6f73fcc8cde6d43dcf498cc799f9b7daeb222dc6

Download Submit
C:\Windows\System32\gEzPuOu.exe

Filesize
2.0MB

MD5
22dc8b04ab0ab57e73df28835f6af227

SHA1
0a86f96b2b1e1f180480057fcf5ce423686eae57

SHA256
53165cdd81867cdc0c77448f5496e9aded50368e6a2198bfe00b3c013ebda884

SHA512
bf6ac0cc743ea779cb5309c8e4498df39cb4ec7507c324abdb0b27ca1946e6bd29d81a4e39de2d9240a7512adb93430d6c8ee544f911d47ce664e1dbd0f53d6d

Download Submit
C:\Windows\System32\gZktTMu.exe

Filesize
2.0MB

MD5
0ece3deae5b5fe4f33947932427e8a0c

SHA1
89a683f2c6a628cba9cfe8582b4fa142fe60511a

SHA256
7ba3c946f9a30a240477b8b069f345ca75ec1b8e51c62c0132dc98fa240a1753

SHA512
20753e52e7f19e1cf3960bb816056cbedd9f0ebeacdce5cc031d3f4b725f0451cda91b7d83894bc84ac2624686c35f7cb3a7f98c5d1f2d0042930726641b6e72

Download Submit
C:\Windows\System32\gaKYbnC.exe

Filesize
2.0MB

MD5
9745dbdb49151a2780cc56fbad30347e

SHA1
8836aa1dc7ed38c434966a09f0c7acedf0e2cbd3

SHA256
1b00a5045d66881449f660bd2bc113c92c727b67ab4440b5200cc1fc299514e0

SHA512
1d09caf1103517570c99453b9ff4f2846e26a44ba77f13ae4265eb1c4711dc74163b4b67920c2e6cd034fb0f042b1661fc0fa54fa49960348dc09fd3d2082e10

Download Submit
C:\Windows\System32\gsHEhxb.exe

Filesize
2.0MB

MD5
bbe51943e11a2996e6a426a61532b25a

SHA1
9871db63790174fd0b422bc0aaffba481e3b8fe1

SHA256
9c3b79f116fca88fd26e3023947ddd79bf520efc3ea7b9b1b791e193d085b1ce

SHA512
9d8a3f938ff9f84ebebf0854e15d06d0a53a0aa096a572576a126fc0e505f0343cb28941fecf70586d51f2c148f630a1699f5f7140e39b37d4752ba0098a2a91

Download Submit
C:\Windows\System32\ilMOGOK.exe

Filesize
2.0MB

MD5
258a2cceee7eb7aabacf6bf92a31058c

SHA1
b182796b518fe9506a7ceb90a296156892efb3e0

SHA256
0d76e3c6d86072549562c2cbc5858ebccff54de2113fd70d46ef8a76425eb014

SHA512
8024f3a2bf13ae665f633db7770620cbfdf16e606826a2e341ef3120ca7321d74b27362362fb840e749568802ea835b9c2059c2638d07c50cee7a7d2c35838b2

Download Submit
C:\Windows\System32\kUohUer.exe

Filesize
2.0MB

MD5
000d238b56573b2220ed63912ae55b08

SHA1
a0af240a4509c7bc9a36a058883773737915783e

SHA256
45039a4c9ea3a28ce8a90d2b838d4e3a4d1b150f3670a2f10205dda5beca0d0b

SHA512
950d71f20396ee5b0543d2dfa5be3fdfd2dfbd33630b23aed4c2a2fb58d8415a843805c67310169048aaa02fa8006560a06d736eb444bf111d8e7986053c1778

Download Submit
C:\Windows\System32\mGcXLIX.exe

Filesize
2.0MB

MD5
97384785c33ede67694df05fcb65ccb5

SHA1
58e4481e152fe0bef8e7e1040a7d7876282c6cd0

SHA256
124c604abeb3930ce73626dd9d126dedbd46f2a7d04d97fecaad34d4b03f89bf

SHA512
93709420876181e50489e6933f35b03db181c914015822e41d8251d182844f5f945a3801075d91a334ec6a4b6106bbc36d71a2fee9be951823610076c7bd6d11

Download Submit
C:\Windows\System32\mwutGZy.exe

Filesize
2.0MB

MD5
6f9c8a83bc44f2287dbf90e59ffb8d20

SHA1
e607d2866f78a8f38b63177b60e6400150c0bf4a

SHA256
9f97cb440b0cbc3df334affb9c1a5f20668d90f65286954cbe94a29bfb235f83

SHA512
c1929b9d89243fe4f0a293ed0c0c37693b9cea5510d8052df9e8ec5d25ab8211f8ae3c689fd26427765226c5d5f273fd597a060be6a3649e9db8836fa733079e

Download Submit
C:\Windows\System32\nybYqdS.exe

Filesize
2.0MB

MD5
51ffda79e53a436d0f33cb7a156ef8fa

SHA1
70f02adf8ce830a9d75e160645b265362b198529

SHA256
837209c6bdab17c59fc2704a208de6232c5806f43d436ac4b1d044810cce9c70

SHA512
81879969e94c8d3887f8b1dd3a7341e2298221987adbf091bea4fa43f2a1f5d96cdcbf42d86da5837174a2ab0dfe291a5234a5df008f0a9c6943ad5a3e1845f3

Download Submit
C:\Windows\System32\pBPtMJz.exe

Filesize
2.0MB

MD5
953cfc17377bce94826b2320c4001cf2

SHA1
6ccafa0bed62fb23ce6249e0aaea030409b353ed

SHA256
ae165a5a5bac2cc38f7937bdb816f3533b9144b0633d9b0965e639e12ea1ad2b

SHA512
2801d194be695961cd68a3031f4363bb120c271ad9ba18b17db801e4355da3c5060ba26b47edb1a9e2311c7e81b7ed26a3fdb5b32672f19dbb5206c257b201e9

Download Submit
C:\Windows\System32\rfJsLBs.exe

Filesize
2.0MB

MD5
c446309b20a8adc7cc4bd8fb512d711b

SHA1
6c15d877f06d92030ef1bf86eb17df369394cf63

SHA256
5fe2d6de0eb05ef879b5024cadc6b12462a49be6b3f1600e150e43af10d03a69

SHA512
937a910af29c1273a4ced867c0d0608a4e2a5abb515f99c27a0bb19912c25949161ae74c7e4a6099c4cddb69a2b7a1d6af63bc150f3e9356238e46c9fdb3cb7c

Download Submit
C:\Windows\System32\rlncXlI.exe

Filesize
2.0MB

MD5
eeb73fefc6c41902e427597b37e9190e

SHA1
a5a4e58182632882326d30b65e74db1ec5f236a3

SHA256
d5cb7ec5513bd46665c0ee520e194b83ef2c1591839258087bb1449d7e064a80

SHA512
a57a3270aa5c2bc5a5d4c4ac30f5d9ac6e8f5e36eb7606f1cf3248a5a2d3b251d4548418fadc02a68194bb1ec502060ccdbf7e856e4439700cf7062c3287a127

Download Submit
C:\Windows\System32\tQHOtbn.exe

Filesize
2.0MB

MD5
2c6156c7e0d95e9ffa7b749c6834f4ce

SHA1
cc039373dabfb95fc80d825b6bc4835c74d09b79

SHA256
50e6c9d99484de685c929385b92c26043dd5ef11f1b053136633255f318c3a15

SHA512
853552d704a902fe81e871303a2752a6e26fc2629ab6e01e7ada65732bc8c60293a2bf5541fa08441ab93e073123f426418f4eff33c90db37e839fbcc8294a59

Download Submit
C:\Windows\System32\uNHvPFl.exe

Filesize
2.0MB

MD5
181834f6826d8ee22deee2c0af83faaa

SHA1
c75ce7ce4341aa6f4ae9c3ecd81593809b882233

SHA256
585b5cd85a520a5d702abe6ee36ca716ea7cc3efb86ade67a3c16e2b4b0e1d37

SHA512
62f3ff722e808753721974bc43b6d0eaeaeaff3d7f8a56fbf6f8d7f1dddf6aa894f35870aa6a07145f833ed7ff33cb38027edbec6614a2f0c292864a62331354

Download Submit
C:\Windows\System32\uNiKuhw.exe

Filesize
2.0MB

MD5
93cc35709ff3cf559d6d2fb1c24a9158

SHA1
60b327e6fee2694dc8db3da76939179b459d5e7d

SHA256
aa1778befcc69d49871d15f544ece62f2114ffabf663b5eabb10acba19d0c8fb

SHA512
da143664288dd68ff2e70e3dbbb4d2c9e0dfedd052c65ed85e679dfb6a10a496d77341ae363c44be24cbf2f1b96084e6cffaa7d604c68704639114a4deecb102

Download Submit
memory/312-452-0x00007FF766730000-0x00007FF766B21000-memory.dmp

Filesize
3.9MB

Download
memory/312-2006-0x00007FF766730000-0x00007FF766B21000-memory.dmp

Filesize
3.9MB

Download
memory/628-459-0x00007FF74EC80000-0x00007FF74F071000-memory.dmp

Filesize
3.9MB

Download
memory/628-2074-0x00007FF74EC80000-0x00007FF74F071000-memory.dmp

Filesize
3.9MB

Download
memory/636-460-0x00007FF786850000-0x00007FF786C41000-memory.dmp

Filesize
3.9MB

Download
memory/636-2091-0x00007FF786850000-0x00007FF786C41000-memory.dmp

Filesize
3.9MB

Download
memory/884-508-0x00007FF67E350000-0x00007FF67E741000-memory.dmp

Filesize
3.9MB

Download
memory/884-2039-0x00007FF67E350000-0x00007FF67E741000-memory.dmp

Filesize
3.9MB

Download
memory/968-464-0x00007FF6311F0000-0x00007FF6315E1000-memory.dmp

Filesize
3.9MB

Download
memory/968-2112-0x00007FF6311F0000-0x00007FF6315E1000-memory.dmp

Filesize
3.9MB

Download
memory/1308-2058-0x00007FF62F810000-0x00007FF62FC01000-memory.dmp

Filesize
3.9MB

Download
memory/1308-455-0x00007FF62F810000-0x00007FF62FC01000-memory.dmp

Filesize
3.9MB

Download
memory/1404-2037-0x00007FF6EA170000-0x00007FF6EA561000-memory.dmp

Filesize
3.9MB

Download
memory/1404-1991-0x00007FF6EA170000-0x00007FF6EA561000-memory.dmp

Filesize
3.9MB

Download
memory/1404-41-0x00007FF6EA170000-0x00007FF6EA561000-memory.dmp

Filesize
3.9MB

Download
memory/1864-2093-0x00007FF715D80000-0x00007FF716171000-memory.dmp

Filesize
3.9MB

Download
memory/1864-462-0x00007FF715D80000-0x00007FF716171000-memory.dmp

Filesize
3.9MB

Download
memory/2256-1994-0x00007FF7E51D0000-0x00007FF7E55C1000-memory.dmp

Filesize
3.9MB

Download
memory/2256-5-0x00007FF7E51D0000-0x00007FF7E55C1000-memory.dmp

Filesize
3.9MB

Download
memory/2256-1990-0x00007FF7E51D0000-0x00007FF7E55C1000-memory.dmp

Filesize
3.9MB

Download
memory/2352-2110-0x00007FF769890000-0x00007FF769C81000-memory.dmp

Filesize
3.9MB

Download
memory/2352-465-0x00007FF769890000-0x00007FF769C81000-memory.dmp

Filesize
3.9MB

Download
memory/2420-457-0x00007FF6FFAF0000-0x00007FF6FFEE1000-memory.dmp

Filesize
3.9MB

Download
memory/2420-2053-0x00007FF6FFAF0000-0x00007FF6FFEE1000-memory.dmp

Filesize
3.9MB

Download
memory/2464-2000-0x00007FF68CFC0000-0x00007FF68D3B1000-memory.dmp

Filesize
3.9MB

Download
memory/2464-481-0x00007FF68CFC0000-0x00007FF68D3B1000-memory.dmp

Filesize
3.9MB

Download
memory/2952-461-0x00007FF6C20C0000-0x00007FF6C24B1000-memory.dmp

Filesize
3.9MB

Download
memory/2952-2089-0x00007FF6C20C0000-0x00007FF6C24B1000-memory.dmp

Filesize
3.9MB

Download
memory/2964-530-0x00007FF676C90000-0x00007FF677081000-memory.dmp

Filesize
3.9MB

Download
memory/2964-2025-0x00007FF676C90000-0x00007FF677081000-memory.dmp

Filesize
3.9MB

Download
memory/3008-451-0x00007FF745260000-0x00007FF745651000-memory.dmp

Filesize
3.9MB

Download
memory/3008-2041-0x00007FF745260000-0x00007FF745651000-memory.dmp

Filesize
3.9MB

Download
memory/3608-454-0x00007FF792190000-0x00007FF792581000-memory.dmp

Filesize
3.9MB

Download
memory/3608-2004-0x00007FF792190000-0x00007FF792581000-memory.dmp

Filesize
3.9MB

Download
memory/3684-456-0x00007FF79D1D0000-0x00007FF79D5C1000-memory.dmp

Filesize
3.9MB

Download
memory/3684-2036-0x00007FF79D1D0000-0x00007FF79D5C1000-memory.dmp

Filesize
3.9MB

Download
memory/4040-450-0x00007FF70AC50000-0x00007FF70B041000-memory.dmp

Filesize
3.9MB

Download
memory/4040-2042-0x00007FF70AC50000-0x00007FF70B041000-memory.dmp

Filesize
3.9MB

Download
memory/4040-1992-0x00007FF70AC50000-0x00007FF70B041000-memory.dmp

Filesize
3.9MB

Download
memory/4080-463-0x00007FF7E45D0000-0x00007FF7E49C1000-memory.dmp

Filesize
3.9MB

Download
memory/4080-2095-0x00007FF7E45D0000-0x00007FF7E49C1000-memory.dmp

Filesize
3.9MB

Download
memory/4160-1-0x00000108B58A0000-0x00000108B58B0000-memory.dmp

Filesize
64KB

Download
memory/4160-0-0x00007FF7EC9B0000-0x00007FF7ECDA1000-memory.dmp

Filesize
3.9MB

Download
memory/4452-32-0x00007FF724210000-0x00007FF724601000-memory.dmp

Filesize
3.9MB

Download
memory/4452-1998-0x00007FF724210000-0x00007FF724601000-memory.dmp

Filesize
3.9MB

Download
memory/4644-540-0x00007FF690460000-0x00007FF690851000-memory.dmp

Filesize
3.9MB

Download
memory/4644-2012-0x00007FF690460000-0x00007FF690851000-memory.dmp

Filesize
3.9MB

Download
memory/4696-458-0x00007FF607030000-0x00007FF607421000-memory.dmp

Filesize
3.9MB

Download
memory/4696-2068-0x00007FF607030000-0x00007FF607421000-memory.dmp

Filesize
3.9MB

Download
memory/4756-1997-0x00007FF6C41D0000-0x00007FF6C45C1000-memory.dmp

Filesize
3.9MB

Download
memory/4756-26-0x00007FF6C41D0000-0x00007FF6C45C1000-memory.dmp

Filesize
3.9MB

Download
memory/4984-453-0x00007FF6A4620000-0x00007FF6A4A11000-memory.dmp

Filesize
3.9MB

Download
memory/4984-2040-0x00007FF6A4620000-0x00007FF6A4A11000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads