xmrig | 359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500

Analysis

max time kernel
129s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
Size

1.3MB
MD5

8ce4c35dc2586c27b21fefb9bb16773b
SHA1

9b2907b9d0acd7e18b9bd99b0bd4c0c6cb346df4
SHA256

359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500
SHA512

bc4fea3ad291efd7862e40f766cef08792f94048f957564ad4d59400c0c06ab8149a8c4000fbf0403f6131c587e27e1b77a08f94a8dd65782d36352b2cdb1615
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tszICT0Kbp:knw9oUUEEDlGUJ8Y9c87MecV

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/536-27-0x00007FF705240000-0x00007FF705631000-memory.dmp	xmrig
behavioral2/memory/1412-44-0x00007FF6EF4B0000-0x00007FF6EF8A1000-memory.dmp	xmrig
behavioral2/memory/4220-382-0x00007FF7FF880000-0x00007FF7FFC71000-memory.dmp	xmrig
behavioral2/memory/2484-381-0x00007FF75C410000-0x00007FF75C801000-memory.dmp	xmrig
behavioral2/memory/2656-393-0x00007FF753B10000-0x00007FF753F01000-memory.dmp	xmrig
behavioral2/memory/4956-398-0x00007FF7467B0000-0x00007FF746BA1000-memory.dmp	xmrig
behavioral2/memory/3292-409-0x00007FF787ED0000-0x00007FF7882C1000-memory.dmp	xmrig
behavioral2/memory/3240-415-0x00007FF6F20C0000-0x00007FF6F24B1000-memory.dmp	xmrig
behavioral2/memory/3760-422-0x00007FF626880000-0x00007FF626C71000-memory.dmp	xmrig
behavioral2/memory/4360-427-0x00007FF73D860000-0x00007FF73DC51000-memory.dmp	xmrig
behavioral2/memory/3336-433-0x00007FF71C760000-0x00007FF71CB51000-memory.dmp	xmrig
behavioral2/memory/1960-468-0x00007FF747A30000-0x00007FF747E21000-memory.dmp	xmrig
behavioral2/memory/2392-482-0x00007FF74D800000-0x00007FF74DBF1000-memory.dmp	xmrig
behavioral2/memory/2424-485-0x00007FF764A50000-0x00007FF764E41000-memory.dmp	xmrig
behavioral2/memory/2336-484-0x00007FF61BB40000-0x00007FF61BF31000-memory.dmp	xmrig
behavioral2/memory/2612-491-0x00007FF60F160000-0x00007FF60F551000-memory.dmp	xmrig
behavioral2/memory/2124-478-0x00007FF797C80000-0x00007FF798071000-memory.dmp	xmrig
behavioral2/memory/3176-466-0x00007FF6B6740000-0x00007FF6B6B31000-memory.dmp	xmrig
behavioral2/memory/1064-452-0x00007FF75A400000-0x00007FF75A7F1000-memory.dmp	xmrig
behavioral2/memory/3996-442-0x00007FF6B43F0000-0x00007FF6B47E1000-memory.dmp	xmrig
behavioral2/memory/3944-440-0x00007FF6B6C30000-0x00007FF6B7021000-memory.dmp	xmrig
behavioral2/memory/1664-419-0x00007FF7EEF30000-0x00007FF7EF321000-memory.dmp	xmrig
behavioral2/memory/3864-54-0x00007FF69F070000-0x00007FF69F461000-memory.dmp	xmrig
behavioral2/memory/3008-2005-0x00007FF606530000-0x00007FF606921000-memory.dmp	xmrig
behavioral2/memory/3008-2021-0x00007FF606530000-0x00007FF606921000-memory.dmp	xmrig
behavioral2/memory/536-2023-0x00007FF705240000-0x00007FF705631000-memory.dmp	xmrig
behavioral2/memory/1412-2025-0x00007FF6EF4B0000-0x00007FF6EF8A1000-memory.dmp	xmrig
behavioral2/memory/3864-2029-0x00007FF69F070000-0x00007FF69F461000-memory.dmp	xmrig
behavioral2/memory/4220-2035-0x00007FF7FF880000-0x00007FF7FFC71000-memory.dmp	xmrig
behavioral2/memory/2424-2037-0x00007FF764A50000-0x00007FF764E41000-memory.dmp	xmrig
behavioral2/memory/2656-2033-0x00007FF753B10000-0x00007FF753F01000-memory.dmp	xmrig
behavioral2/memory/2336-2031-0x00007FF61BB40000-0x00007FF61BF31000-memory.dmp	xmrig
behavioral2/memory/2484-2027-0x00007FF75C410000-0x00007FF75C801000-memory.dmp	xmrig
behavioral2/memory/3176-2051-0x00007FF6B6740000-0x00007FF6B6B31000-memory.dmp	xmrig
behavioral2/memory/3292-2049-0x00007FF787ED0000-0x00007FF7882C1000-memory.dmp	xmrig
behavioral2/memory/4360-2071-0x00007FF73D860000-0x00007FF73DC51000-memory.dmp	xmrig
behavioral2/memory/2124-2065-0x00007FF797C80000-0x00007FF798071000-memory.dmp	xmrig
behavioral2/memory/3336-2059-0x00007FF71C760000-0x00007FF71CB51000-memory.dmp	xmrig
behavioral2/memory/3944-2057-0x00007FF6B6C30000-0x00007FF6B7021000-memory.dmp	xmrig
behavioral2/memory/3996-2055-0x00007FF6B43F0000-0x00007FF6B47E1000-memory.dmp	xmrig
behavioral2/memory/1064-2053-0x00007FF75A400000-0x00007FF75A7F1000-memory.dmp	xmrig
behavioral2/memory/1664-2047-0x00007FF7EEF30000-0x00007FF7EF321000-memory.dmp	xmrig
behavioral2/memory/3760-2045-0x00007FF626880000-0x00007FF626C71000-memory.dmp	xmrig
behavioral2/memory/3240-2043-0x00007FF6F20C0000-0x00007FF6F24B1000-memory.dmp	xmrig
behavioral2/memory/1960-2069-0x00007FF747A30000-0x00007FF747E21000-memory.dmp	xmrig
behavioral2/memory/2392-2067-0x00007FF74D800000-0x00007FF74DBF1000-memory.dmp	xmrig
behavioral2/memory/4956-2041-0x00007FF7467B0000-0x00007FF746BA1000-memory.dmp	xmrig
behavioral2/memory/2612-2039-0x00007FF60F160000-0x00007FF60F551000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3008	KErHssu.exe
536	fFCGCvq.exe
1412	TqICdJE.exe
2336	zYgGjHb.exe
3864	HLaEWYq.exe
2484	mOqXwxc.exe
2424	ZCvOxNW.exe
4220	gXYEPNM.exe
2656	qzDJQXH.exe
2612	ssPrNvQ.exe
4956	CLdaXNN.exe
3292	ZxcbUQS.exe
3240	CCxKAip.exe
1664	zKqpTYA.exe
3760	LWtRIgn.exe
4360	twgLLLo.exe
3336	BDRCRGt.exe
3944	glSgkkl.exe
3996	dXFvvwB.exe
1064	ATXYZbN.exe
3176	acLmary.exe
1960	paJCsgD.exe
2124	ZQFuSFl.exe
2392	LoVQLBg.exe
3612	JNRUkTU.exe
4076	lkcukBP.exe
1004	XEnpeDP.exe
4148	saAkRTx.exe
4088	oBneZKS.exe
1332	MHgcBKX.exe
3456	kYdDgfV.exe
4364	NqvoBFK.exe
3256	NYioAht.exe
716	aSizOlW.exe
2592	MImaoWs.exe
2600	tbJukNX.exe
2388	HSDNBji.exe
1944	VoOnldx.exe
4948	KMlUuvl.exe
1436	zaBhByV.exe
2904	uxfvlTJ.exe
4180	SrOOUEd.exe
3188	TUtYdHT.exe
552	CAQdFNY.exe
4416	NlCvCHe.exe
3540	fxaxnTD.exe
4992	fHZVEPG.exe
5080	sohzsum.exe
2744	ozXiUWU.exe
632	ulLYzfb.exe
1256	iltLlHw.exe
1500	OvUjCUP.exe
4176	FvsZflS.exe
4692	URgJgqc.exe
1752	WgCSkhs.exe
1696	MWwrVSI.exe
3956	pYSXARc.exe
3744	lCKFgkj.exe
2496	eEyLtit.exe
1668	CemGLQy.exe
3932	mvRCtwo.exe
4964	JBzadeP.exe
4036	ISQySwA.exe
4472	OiocgJx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2680-0-0x00007FF779B90000-0x00007FF779F81000-memory.dmp	upx
behavioral2/files/0x0008000000023437-4.dat	upx
behavioral2/files/0x000700000002343b-9.dat	upx
behavioral2/files/0x000700000002343c-16.dat	upx
behavioral2/memory/536-27-0x00007FF705240000-0x00007FF705631000-memory.dmp	upx
behavioral2/files/0x0007000000023442-37.dat	upx
behavioral2/files/0x000700000002343f-40.dat	upx
behavioral2/memory/1412-44-0x00007FF6EF4B0000-0x00007FF6EF8A1000-memory.dmp	upx
behavioral2/files/0x0007000000023446-73.dat	upx
behavioral2/files/0x0007000000023448-83.dat	upx
behavioral2/files/0x000700000002344b-98.dat	upx
behavioral2/files/0x0007000000023451-128.dat	upx
behavioral2/files/0x0007000000023454-143.dat	upx
behavioral2/memory/4220-382-0x00007FF7FF880000-0x00007FF7FFC71000-memory.dmp	upx
behavioral2/memory/2484-381-0x00007FF75C410000-0x00007FF75C801000-memory.dmp	upx
behavioral2/memory/2656-393-0x00007FF753B10000-0x00007FF753F01000-memory.dmp	upx
behavioral2/memory/4956-398-0x00007FF7467B0000-0x00007FF746BA1000-memory.dmp	upx
behavioral2/files/0x000700000002345a-166.dat	upx
behavioral2/files/0x0007000000023458-163.dat	upx
behavioral2/files/0x0007000000023459-161.dat	upx
behavioral2/files/0x0007000000023457-155.dat	upx
behavioral2/files/0x0007000000023456-153.dat	upx
behavioral2/files/0x0007000000023455-145.dat	upx
behavioral2/memory/3292-409-0x00007FF787ED0000-0x00007FF7882C1000-memory.dmp	upx
behavioral2/memory/3240-415-0x00007FF6F20C0000-0x00007FF6F24B1000-memory.dmp	upx
behavioral2/memory/3760-422-0x00007FF626880000-0x00007FF626C71000-memory.dmp	upx
behavioral2/memory/4360-427-0x00007FF73D860000-0x00007FF73DC51000-memory.dmp	upx
behavioral2/memory/3336-433-0x00007FF71C760000-0x00007FF71CB51000-memory.dmp	upx
behavioral2/memory/1960-468-0x00007FF747A30000-0x00007FF747E21000-memory.dmp	upx
behavioral2/memory/2392-482-0x00007FF74D800000-0x00007FF74DBF1000-memory.dmp	upx
behavioral2/memory/2424-485-0x00007FF764A50000-0x00007FF764E41000-memory.dmp	upx
behavioral2/memory/2336-484-0x00007FF61BB40000-0x00007FF61BF31000-memory.dmp	upx
behavioral2/memory/2612-491-0x00007FF60F160000-0x00007FF60F551000-memory.dmp	upx
behavioral2/memory/2124-478-0x00007FF797C80000-0x00007FF798071000-memory.dmp	upx
behavioral2/memory/3176-466-0x00007FF6B6740000-0x00007FF6B6B31000-memory.dmp	upx
behavioral2/memory/1064-452-0x00007FF75A400000-0x00007FF75A7F1000-memory.dmp	upx
behavioral2/memory/3996-442-0x00007FF6B43F0000-0x00007FF6B47E1000-memory.dmp	upx
behavioral2/memory/3944-440-0x00007FF6B6C30000-0x00007FF6B7021000-memory.dmp	upx
behavioral2/memory/1664-419-0x00007FF7EEF30000-0x00007FF7EF321000-memory.dmp	upx
behavioral2/files/0x0007000000023453-135.dat	upx
behavioral2/files/0x0007000000023452-133.dat	upx
behavioral2/files/0x0007000000023450-123.dat	upx
behavioral2/files/0x000700000002344f-118.dat	upx
behavioral2/files/0x000700000002344e-113.dat	upx
behavioral2/files/0x000700000002344d-105.dat	upx
behavioral2/files/0x000700000002344c-103.dat	upx
behavioral2/files/0x000700000002344a-93.dat	upx
behavioral2/files/0x0007000000023449-85.dat	upx
behavioral2/files/0x0007000000023447-75.dat	upx
behavioral2/files/0x0007000000023445-68.dat	upx
behavioral2/files/0x0007000000023444-63.dat	upx
behavioral2/files/0x0007000000023443-55.dat	upx
behavioral2/memory/3864-54-0x00007FF69F070000-0x00007FF69F461000-memory.dmp	upx
behavioral2/files/0x0007000000023441-50.dat	upx
behavioral2/files/0x0007000000023440-43.dat	upx
behavioral2/files/0x000700000002343d-39.dat	upx
behavioral2/files/0x000700000002343e-31.dat	upx
behavioral2/memory/3008-8-0x00007FF606530000-0x00007FF606921000-memory.dmp	upx
behavioral2/memory/3008-2005-0x00007FF606530000-0x00007FF606921000-memory.dmp	upx
behavioral2/memory/3008-2021-0x00007FF606530000-0x00007FF606921000-memory.dmp	upx
behavioral2/memory/536-2023-0x00007FF705240000-0x00007FF705631000-memory.dmp	upx
behavioral2/memory/1412-2025-0x00007FF6EF4B0000-0x00007FF6EF8A1000-memory.dmp	upx
behavioral2/memory/3864-2029-0x00007FF69F070000-0x00007FF69F461000-memory.dmp	upx
behavioral2/memory/4220-2035-0x00007FF7FF880000-0x00007FF7FFC71000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\SavuTKG.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\KzqxGNP.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\oKptbzG.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\QeaWxub.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\tVFNcOc.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\kOhXxSc.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\wsfUJXN.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\mGGGntT.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\twgLLLo.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\yJPvKNj.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\ZPbPsyL.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\dwVgXux.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\ZJWfpxd.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\LNbDvfs.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\THcwwEu.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\SVQTtIB.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\jLwfLGA.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\QUjSZDX.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\dWXoZfb.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\qqEozYj.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\bBFtzsi.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\BBsquly.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\wBfyIpn.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\rfWZKdR.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\JLAqYCh.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\WhBhCcy.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\TFGmshl.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\JcgGUWj.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\WzsSbBK.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\zwcKUgk.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\eXKnKuY.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\cygzHEK.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\NYioAht.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\MqCGjhR.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\mwxMnTB.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\AHjDTbU.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\fFCGCvq.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\EyhBdAH.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\GNbPlBs.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\ClwHwhk.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\qSNWbWS.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\VBhyony.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\lUjsibM.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\FNyIXGp.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\zRHxMJK.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\bNJVKmr.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\RKtIZqS.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\vgLeJJs.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\eUctfpk.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\oMYAUTW.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\ATXYZbN.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\Acpeibp.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\JALbnPN.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\lXlgfqZ.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\FrbdUTX.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\qERiNWi.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\quKAKYN.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\MulPKdW.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\pYSXARc.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\csrLtWL.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\znXAFgn.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\APWCRLM.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\AhGqMKM.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
File created	C:\Windows\System32\yKlHwNB.exe	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12716	dwm.exe
Token: SeChangeNotifyPrivilege	12716	dwm.exe
Token: 33	12716	dwm.exe
Token: SeIncBasePriorityPrivilege	12716	dwm.exe
Token: SeShutdownPrivilege	12716	dwm.exe
Token: SeCreatePagefilePrivilege	12716	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 3008	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	85
PID 2680 wrote to memory of 3008	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	85
PID 2680 wrote to memory of 536	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	86
PID 2680 wrote to memory of 536	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	86
PID 2680 wrote to memory of 1412	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	87
PID 2680 wrote to memory of 1412	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	87
PID 2680 wrote to memory of 2336	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	88
PID 2680 wrote to memory of 2336	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	88
PID 2680 wrote to memory of 3864	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	89
PID 2680 wrote to memory of 3864	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	89
PID 2680 wrote to memory of 2484	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	90
PID 2680 wrote to memory of 2484	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	90
PID 2680 wrote to memory of 2656	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	91
PID 2680 wrote to memory of 2656	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	91
PID 2680 wrote to memory of 2424	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	92
PID 2680 wrote to memory of 2424	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	92
PID 2680 wrote to memory of 4220	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	93
PID 2680 wrote to memory of 4220	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	93
PID 2680 wrote to memory of 2612	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	94
PID 2680 wrote to memory of 2612	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	94
PID 2680 wrote to memory of 4956	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	95
PID 2680 wrote to memory of 4956	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	95
PID 2680 wrote to memory of 3292	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	96
PID 2680 wrote to memory of 3292	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	96
PID 2680 wrote to memory of 3240	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	97
PID 2680 wrote to memory of 3240	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	97
PID 2680 wrote to memory of 1664	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	98
PID 2680 wrote to memory of 1664	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	98
PID 2680 wrote to memory of 3760	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	99
PID 2680 wrote to memory of 3760	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	99
PID 2680 wrote to memory of 4360	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	100
PID 2680 wrote to memory of 4360	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	100
PID 2680 wrote to memory of 3336	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	101
PID 2680 wrote to memory of 3336	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	101
PID 2680 wrote to memory of 3944	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	102
PID 2680 wrote to memory of 3944	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	102
PID 2680 wrote to memory of 3996	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	103
PID 2680 wrote to memory of 3996	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	103
PID 2680 wrote to memory of 1064	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	104
PID 2680 wrote to memory of 1064	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	104
PID 2680 wrote to memory of 3176	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	105
PID 2680 wrote to memory of 3176	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	105
PID 2680 wrote to memory of 1960	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	106
PID 2680 wrote to memory of 1960	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	106
PID 2680 wrote to memory of 2124	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	107
PID 2680 wrote to memory of 2124	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	107
PID 2680 wrote to memory of 2392	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	108
PID 2680 wrote to memory of 2392	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	108
PID 2680 wrote to memory of 3612	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	109
PID 2680 wrote to memory of 3612	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	109
PID 2680 wrote to memory of 4076	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	110
PID 2680 wrote to memory of 4076	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	110
PID 2680 wrote to memory of 1004	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	111
PID 2680 wrote to memory of 1004	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	111
PID 2680 wrote to memory of 4148	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	112
PID 2680 wrote to memory of 4148	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	112
PID 2680 wrote to memory of 4088	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	113
PID 2680 wrote to memory of 4088	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	113
PID 2680 wrote to memory of 1332	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	114
PID 2680 wrote to memory of 1332	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	114
PID 2680 wrote to memory of 3456	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	115
PID 2680 wrote to memory of 3456	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	115
PID 2680 wrote to memory of 4364	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	116
PID 2680 wrote to memory of 4364	2680	359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe	116

C:\Users\Admin\AppData\Local\Temp\359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe
"C:\Users\Admin\AppData\Local\Temp\359e3ddcb34139afdd5b30848b7cd4663e544f3e45e2041e99ac775f3838e500.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\System32\KErHssu.exe
  C:\Windows\System32\KErHssu.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System32\fFCGCvq.exe
  C:\Windows\System32\fFCGCvq.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System32\TqICdJE.exe
  C:\Windows\System32\TqICdJE.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System32\zYgGjHb.exe
  C:\Windows\System32\zYgGjHb.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System32\HLaEWYq.exe
  C:\Windows\System32\HLaEWYq.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System32\mOqXwxc.exe
  C:\Windows\System32\mOqXwxc.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System32\qzDJQXH.exe
  C:\Windows\System32\qzDJQXH.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System32\ZCvOxNW.exe
  C:\Windows\System32\ZCvOxNW.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System32\gXYEPNM.exe
  C:\Windows\System32\gXYEPNM.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System32\ssPrNvQ.exe
  C:\Windows\System32\ssPrNvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System32\CLdaXNN.exe
  C:\Windows\System32\CLdaXNN.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System32\ZxcbUQS.exe
  C:\Windows\System32\ZxcbUQS.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System32\CCxKAip.exe
  C:\Windows\System32\CCxKAip.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System32\zKqpTYA.exe
  C:\Windows\System32\zKqpTYA.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System32\LWtRIgn.exe
  C:\Windows\System32\LWtRIgn.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System32\twgLLLo.exe
  C:\Windows\System32\twgLLLo.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System32\BDRCRGt.exe
  C:\Windows\System32\BDRCRGt.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System32\glSgkkl.exe
  C:\Windows\System32\glSgkkl.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System32\dXFvvwB.exe
  C:\Windows\System32\dXFvvwB.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System32\ATXYZbN.exe
  C:\Windows\System32\ATXYZbN.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System32\acLmary.exe
  C:\Windows\System32\acLmary.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System32\paJCsgD.exe
  C:\Windows\System32\paJCsgD.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System32\ZQFuSFl.exe
  C:\Windows\System32\ZQFuSFl.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System32\LoVQLBg.exe
  C:\Windows\System32\LoVQLBg.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System32\JNRUkTU.exe
  C:\Windows\System32\JNRUkTU.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System32\lkcukBP.exe
  C:\Windows\System32\lkcukBP.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System32\XEnpeDP.exe
  C:\Windows\System32\XEnpeDP.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System32\saAkRTx.exe
  C:\Windows\System32\saAkRTx.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System32\oBneZKS.exe
  C:\Windows\System32\oBneZKS.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System32\MHgcBKX.exe
  C:\Windows\System32\MHgcBKX.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System32\kYdDgfV.exe
  C:\Windows\System32\kYdDgfV.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System32\NqvoBFK.exe
  C:\Windows\System32\NqvoBFK.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System32\NYioAht.exe
  C:\Windows\System32\NYioAht.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System32\aSizOlW.exe
  C:\Windows\System32\aSizOlW.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System32\MImaoWs.exe
  C:\Windows\System32\MImaoWs.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System32\tbJukNX.exe
  C:\Windows\System32\tbJukNX.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System32\HSDNBji.exe
  C:\Windows\System32\HSDNBji.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System32\VoOnldx.exe
  C:\Windows\System32\VoOnldx.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System32\KMlUuvl.exe
  C:\Windows\System32\KMlUuvl.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System32\zaBhByV.exe
  C:\Windows\System32\zaBhByV.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System32\uxfvlTJ.exe
  C:\Windows\System32\uxfvlTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System32\SrOOUEd.exe
  C:\Windows\System32\SrOOUEd.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System32\TUtYdHT.exe
  C:\Windows\System32\TUtYdHT.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System32\CAQdFNY.exe
  C:\Windows\System32\CAQdFNY.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System32\NlCvCHe.exe
  C:\Windows\System32\NlCvCHe.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System32\fxaxnTD.exe
  C:\Windows\System32\fxaxnTD.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System32\fHZVEPG.exe
  C:\Windows\System32\fHZVEPG.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System32\sohzsum.exe
  C:\Windows\System32\sohzsum.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System32\ozXiUWU.exe
  C:\Windows\System32\ozXiUWU.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System32\ulLYzfb.exe
  C:\Windows\System32\ulLYzfb.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System32\iltLlHw.exe
  C:\Windows\System32\iltLlHw.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System32\OvUjCUP.exe
  C:\Windows\System32\OvUjCUP.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System32\FvsZflS.exe
  C:\Windows\System32\FvsZflS.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System32\URgJgqc.exe
  C:\Windows\System32\URgJgqc.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System32\WgCSkhs.exe
  C:\Windows\System32\WgCSkhs.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System32\MWwrVSI.exe
  C:\Windows\System32\MWwrVSI.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System32\pYSXARc.exe
  C:\Windows\System32\pYSXARc.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System32\lCKFgkj.exe
  C:\Windows\System32\lCKFgkj.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System32\eEyLtit.exe
  C:\Windows\System32\eEyLtit.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System32\CemGLQy.exe
  C:\Windows\System32\CemGLQy.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System32\mvRCtwo.exe
  C:\Windows\System32\mvRCtwo.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System32\JBzadeP.exe
  C:\Windows\System32\JBzadeP.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System32\ISQySwA.exe
  C:\Windows\System32\ISQySwA.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System32\OiocgJx.exe
  C:\Windows\System32\OiocgJx.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System32\uWErWoN.exe
  C:\Windows\System32\uWErWoN.exe
  2⤵
  PID:4296
- C:\Windows\System32\ddQfEmL.exe
  C:\Windows\System32\ddQfEmL.exe
  2⤵
  PID:1180
- C:\Windows\System32\ggSKYWY.exe
  C:\Windows\System32\ggSKYWY.exe
  2⤵
  PID:1904
- C:\Windows\System32\EcJsUNQ.exe
  C:\Windows\System32\EcJsUNQ.exe
  2⤵
  PID:3928
- C:\Windows\System32\NKNxutt.exe
  C:\Windows\System32\NKNxutt.exe
  2⤵
  PID:4960
- C:\Windows\System32\dwZqhzT.exe
  C:\Windows\System32\dwZqhzT.exe
  2⤵
  PID:1836
- C:\Windows\System32\OeARGrM.exe
  C:\Windows\System32\OeARGrM.exe
  2⤵
  PID:1192
- C:\Windows\System32\aKvflIu.exe
  C:\Windows\System32\aKvflIu.exe
  2⤵
  PID:3064
- C:\Windows\System32\BWmigKS.exe
  C:\Windows\System32\BWmigKS.exe
  2⤵
  PID:784
- C:\Windows\System32\lFweiNi.exe
  C:\Windows\System32\lFweiNi.exe
  2⤵
  PID:4236
- C:\Windows\System32\HOOhVml.exe
  C:\Windows\System32\HOOhVml.exe
  2⤵
  PID:2892
- C:\Windows\System32\OYuRMYe.exe
  C:\Windows\System32\OYuRMYe.exe
  2⤵
  PID:2028
- C:\Windows\System32\jmBzKGO.exe
  C:\Windows\System32\jmBzKGO.exe
  2⤵
  PID:5148
- C:\Windows\System32\MqCGjhR.exe
  C:\Windows\System32\MqCGjhR.exe
  2⤵
  PID:5172
- C:\Windows\System32\aFKihOF.exe
  C:\Windows\System32\aFKihOF.exe
  2⤵
  PID:5204
- C:\Windows\System32\HsVfgcJ.exe
  C:\Windows\System32\HsVfgcJ.exe
  2⤵
  PID:5232
- C:\Windows\System32\vjGOQiy.exe
  C:\Windows\System32\vjGOQiy.exe
  2⤵
  PID:5256
- C:\Windows\System32\WBDxFDD.exe
  C:\Windows\System32\WBDxFDD.exe
  2⤵
  PID:5288
- C:\Windows\System32\FuIkLPd.exe
  C:\Windows\System32\FuIkLPd.exe
  2⤵
  PID:5316
- C:\Windows\System32\UbeMdqv.exe
  C:\Windows\System32\UbeMdqv.exe
  2⤵
  PID:5344
- C:\Windows\System32\UZkHEjs.exe
  C:\Windows\System32\UZkHEjs.exe
  2⤵
  PID:5372
- C:\Windows\System32\tPQlmAV.exe
  C:\Windows\System32\tPQlmAV.exe
  2⤵
  PID:5404
- C:\Windows\System32\QmjeWxl.exe
  C:\Windows\System32\QmjeWxl.exe
  2⤵
  PID:5428
- C:\Windows\System32\QrsROLR.exe
  C:\Windows\System32\QrsROLR.exe
  2⤵
  PID:5456
- C:\Windows\System32\ZwlnnUN.exe
  C:\Windows\System32\ZwlnnUN.exe
  2⤵
  PID:5484
- C:\Windows\System32\DlYrVwH.exe
  C:\Windows\System32\DlYrVwH.exe
  2⤵
  PID:5516
- C:\Windows\System32\lkECPlt.exe
  C:\Windows\System32\lkECPlt.exe
  2⤵
  PID:5540
- C:\Windows\System32\LoskCLZ.exe
  C:\Windows\System32\LoskCLZ.exe
  2⤵
  PID:5576
- C:\Windows\System32\pwafWes.exe
  C:\Windows\System32\pwafWes.exe
  2⤵
  PID:5616
- C:\Windows\System32\FHByOrr.exe
  C:\Windows\System32\FHByOrr.exe
  2⤵
  PID:5636
- C:\Windows\System32\FqWvkYt.exe
  C:\Windows\System32\FqWvkYt.exe
  2⤵
  PID:5652
- C:\Windows\System32\SEpXgEo.exe
  C:\Windows\System32\SEpXgEo.exe
  2⤵
  PID:5680
- C:\Windows\System32\btSVcyq.exe
  C:\Windows\System32\btSVcyq.exe
  2⤵
  PID:5708
- C:\Windows\System32\ivraTWo.exe
  C:\Windows\System32\ivraTWo.exe
  2⤵
  PID:5736
- C:\Windows\System32\IisUuJN.exe
  C:\Windows\System32\IisUuJN.exe
  2⤵
  PID:5764
- C:\Windows\System32\LacyYwX.exe
  C:\Windows\System32\LacyYwX.exe
  2⤵
  PID:5792
- C:\Windows\System32\KTTzQne.exe
  C:\Windows\System32\KTTzQne.exe
  2⤵
  PID:5820
- C:\Windows\System32\dWXoZfb.exe
  C:\Windows\System32\dWXoZfb.exe
  2⤵
  PID:5848
- C:\Windows\System32\RQeLolv.exe
  C:\Windows\System32\RQeLolv.exe
  2⤵
  PID:5872
- C:\Windows\System32\eWgSFGh.exe
  C:\Windows\System32\eWgSFGh.exe
  2⤵
  PID:5904
- C:\Windows\System32\vyOxInY.exe
  C:\Windows\System32\vyOxInY.exe
  2⤵
  PID:5952
- C:\Windows\System32\QaUfnuV.exe
  C:\Windows\System32\QaUfnuV.exe
  2⤵
  PID:6016
- C:\Windows\System32\gOPxlHi.exe
  C:\Windows\System32\gOPxlHi.exe
  2⤵
  PID:6032
- C:\Windows\System32\qROfmMB.exe
  C:\Windows\System32\qROfmMB.exe
  2⤵
  PID:6052
- C:\Windows\System32\cFKqwIf.exe
  C:\Windows\System32\cFKqwIf.exe
  2⤵
  PID:6068
- C:\Windows\System32\gyGCcyB.exe
  C:\Windows\System32\gyGCcyB.exe
  2⤵
  PID:6088
- C:\Windows\System32\vdPnDub.exe
  C:\Windows\System32\vdPnDub.exe
  2⤵
  PID:6108
- C:\Windows\System32\mazjmZO.exe
  C:\Windows\System32\mazjmZO.exe
  2⤵
  PID:396
- C:\Windows\System32\cuuDBeo.exe
  C:\Windows\System32\cuuDBeo.exe
  2⤵
  PID:4136
- C:\Windows\System32\LVWoDYi.exe
  C:\Windows\System32\LVWoDYi.exe
  2⤵
  PID:1452
- C:\Windows\System32\psrzlAr.exe
  C:\Windows\System32\psrzlAr.exe
  2⤵
  PID:3052
- C:\Windows\System32\culBJAQ.exe
  C:\Windows\System32\culBJAQ.exe
  2⤵
  PID:5168
- C:\Windows\System32\buieLEj.exe
  C:\Windows\System32\buieLEj.exe
  2⤵
  PID:4328
- C:\Windows\System32\utBewLB.exe
  C:\Windows\System32\utBewLB.exe
  2⤵
  PID:5392
- C:\Windows\System32\IHFWczF.exe
  C:\Windows\System32\IHFWczF.exe
  2⤵
  PID:5420
- C:\Windows\System32\bOJzruN.exe
  C:\Windows\System32\bOJzruN.exe
  2⤵
  PID:5440
- C:\Windows\System32\khuuIMT.exe
  C:\Windows\System32\khuuIMT.exe
  2⤵
  PID:5504
- C:\Windows\System32\IOznaWN.exe
  C:\Windows\System32\IOznaWN.exe
  2⤵
  PID:4696
- C:\Windows\System32\EbQxQfe.exe
  C:\Windows\System32\EbQxQfe.exe
  2⤵
  PID:5600
- C:\Windows\System32\KiapaSb.exe
  C:\Windows\System32\KiapaSb.exe
  2⤵
  PID:5632
- C:\Windows\System32\ianKihG.exe
  C:\Windows\System32\ianKihG.exe
  2⤵
  PID:5664
- C:\Windows\System32\BlRYfBw.exe
  C:\Windows\System32\BlRYfBw.exe
  2⤵
  PID:5688
- C:\Windows\System32\aXboxmX.exe
  C:\Windows\System32\aXboxmX.exe
  2⤵
  PID:5744
- C:\Windows\System32\kanwQop.exe
  C:\Windows\System32\kanwQop.exe
  2⤵
  PID:5776
- C:\Windows\System32\mBqmZKZ.exe
  C:\Windows\System32\mBqmZKZ.exe
  2⤵
  PID:4440
- C:\Windows\System32\kvYxZAx.exe
  C:\Windows\System32\kvYxZAx.exe
  2⤵
  PID:4656
- C:\Windows\System32\niPGimB.exe
  C:\Windows\System32\niPGimB.exe
  2⤵
  PID:5832
- C:\Windows\System32\jmCqnQo.exe
  C:\Windows\System32\jmCqnQo.exe
  2⤵
  PID:3216
- C:\Windows\System32\RmuIeAT.exe
  C:\Windows\System32\RmuIeAT.exe
  2⤵
  PID:2332
- C:\Windows\System32\eqtxYlk.exe
  C:\Windows\System32\eqtxYlk.exe
  2⤵
  PID:3536
- C:\Windows\System32\ZPhsRUS.exe
  C:\Windows\System32\ZPhsRUS.exe
  2⤵
  PID:4500
- C:\Windows\System32\seBiEdS.exe
  C:\Windows\System32\seBiEdS.exe
  2⤵
  PID:3720
- C:\Windows\System32\mwxMnTB.exe
  C:\Windows\System32\mwxMnTB.exe
  2⤵
  PID:648
- C:\Windows\System32\ceCvbKo.exe
  C:\Windows\System32\ceCvbKo.exe
  2⤵
  PID:4428
- C:\Windows\System32\xnJDRKN.exe
  C:\Windows\System32\xnJDRKN.exe
  2⤵
  PID:6060
- C:\Windows\System32\eeNXywd.exe
  C:\Windows\System32\eeNXywd.exe
  2⤵
  PID:2632
- C:\Windows\System32\FbMlfUz.exe
  C:\Windows\System32\FbMlfUz.exe
  2⤵
  PID:4080
- C:\Windows\System32\xBqfhiA.exe
  C:\Windows\System32\xBqfhiA.exe
  2⤵
  PID:5180
- C:\Windows\System32\LCWRitI.exe
  C:\Windows\System32\LCWRitI.exe
  2⤵
  PID:4648
- C:\Windows\System32\yMHUzvw.exe
  C:\Windows\System32\yMHUzvw.exe
  2⤵
  PID:5380
- C:\Windows\System32\UtEtTrK.exe
  C:\Windows\System32\UtEtTrK.exe
  2⤵
  PID:5476
- C:\Windows\System32\NSpgVBi.exe
  C:\Windows\System32\NSpgVBi.exe
  2⤵
  PID:1420
- C:\Windows\System32\ayhvyBk.exe
  C:\Windows\System32\ayhvyBk.exe
  2⤵
  PID:5720
- C:\Windows\System32\YiezdGQ.exe
  C:\Windows\System32\YiezdGQ.exe
  2⤵
  PID:3600
- C:\Windows\System32\XbzSFNS.exe
  C:\Windows\System32\XbzSFNS.exe
  2⤵
  PID:5856
- C:\Windows\System32\kzMAceQ.exe
  C:\Windows\System32\kzMAceQ.exe
  2⤵
  PID:5880
- C:\Windows\System32\uTqiiFg.exe
  C:\Windows\System32\uTqiiFg.exe
  2⤵
  PID:1968
- C:\Windows\System32\KDNRnfS.exe
  C:\Windows\System32\KDNRnfS.exe
  2⤵
  PID:1096
- C:\Windows\System32\ESJmHuQ.exe
  C:\Windows\System32\ESJmHuQ.exe
  2⤵
  PID:3784
- C:\Windows\System32\bLeahdb.exe
  C:\Windows\System32\bLeahdb.exe
  2⤵
  PID:4868
- C:\Windows\System32\UwSwcJQ.exe
  C:\Windows\System32\UwSwcJQ.exe
  2⤵
  PID:2768
- C:\Windows\System32\OmjTtEj.exe
  C:\Windows\System32\OmjTtEj.exe
  2⤵
  PID:2268
- C:\Windows\System32\bMbiycy.exe
  C:\Windows\System32\bMbiycy.exe
  2⤵
  PID:6136
- C:\Windows\System32\lpGsRtq.exe
  C:\Windows\System32\lpGsRtq.exe
  2⤵
  PID:1780
- C:\Windows\System32\MyjLGmf.exe
  C:\Windows\System32\MyjLGmf.exe
  2⤵
  PID:2192
- C:\Windows\System32\RKtIZqS.exe
  C:\Windows\System32\RKtIZqS.exe
  2⤵
  PID:2764
- C:\Windows\System32\MoxWmDS.exe
  C:\Windows\System32\MoxWmDS.exe
  2⤵
  PID:4572
- C:\Windows\System32\cpWrIFm.exe
  C:\Windows\System32\cpWrIFm.exe
  2⤵
  PID:3376
- C:\Windows\System32\xdjswud.exe
  C:\Windows\System32\xdjswud.exe
  2⤵
  PID:5648
- C:\Windows\System32\svLhRXG.exe
  C:\Windows\System32\svLhRXG.exe
  2⤵
  PID:768
- C:\Windows\System32\eSajBiH.exe
  C:\Windows\System32\eSajBiH.exe
  2⤵
  PID:3576
- C:\Windows\System32\kbltmdX.exe
  C:\Windows\System32\kbltmdX.exe
  2⤵
  PID:3140
- C:\Windows\System32\kLHKMIb.exe
  C:\Windows\System32\kLHKMIb.exe
  2⤵
  PID:6012
- C:\Windows\System32\CHJPLhC.exe
  C:\Windows\System32\CHJPLhC.exe
  2⤵
  PID:2212
- C:\Windows\System32\iBZvzfB.exe
  C:\Windows\System32\iBZvzfB.exe
  2⤵
  PID:5716
- C:\Windows\System32\ImAcVyB.exe
  C:\Windows\System32\ImAcVyB.exe
  2⤵
  PID:6168
- C:\Windows\System32\LNbDvfs.exe
  C:\Windows\System32\LNbDvfs.exe
  2⤵
  PID:6208
- C:\Windows\System32\tMpdgmo.exe
  C:\Windows\System32\tMpdgmo.exe
  2⤵
  PID:6236
- C:\Windows\System32\deEwZcA.exe
  C:\Windows\System32\deEwZcA.exe
  2⤵
  PID:6272
- C:\Windows\System32\BCTDWGt.exe
  C:\Windows\System32\BCTDWGt.exe
  2⤵
  PID:6344
- C:\Windows\System32\muSFytu.exe
  C:\Windows\System32\muSFytu.exe
  2⤵
  PID:6360
- C:\Windows\System32\OVburEy.exe
  C:\Windows\System32\OVburEy.exe
  2⤵
  PID:6384
- C:\Windows\System32\jcGEHzT.exe
  C:\Windows\System32\jcGEHzT.exe
  2⤵
  PID:6404
- C:\Windows\System32\Qertvvx.exe
  C:\Windows\System32\Qertvvx.exe
  2⤵
  PID:6432
- C:\Windows\System32\EMnFffD.exe
  C:\Windows\System32\EMnFffD.exe
  2⤵
  PID:6460
- C:\Windows\System32\WQfSgUT.exe
  C:\Windows\System32\WQfSgUT.exe
  2⤵
  PID:6476
- C:\Windows\System32\KzqxGNP.exe
  C:\Windows\System32\KzqxGNP.exe
  2⤵
  PID:6500
- C:\Windows\System32\yJPvKNj.exe
  C:\Windows\System32\yJPvKNj.exe
  2⤵
  PID:6516
- C:\Windows\System32\VZHilGF.exe
  C:\Windows\System32\VZHilGF.exe
  2⤵
  PID:6540
- C:\Windows\System32\EyhBdAH.exe
  C:\Windows\System32\EyhBdAH.exe
  2⤵
  PID:6564
- C:\Windows\System32\nEKYVkv.exe
  C:\Windows\System32\nEKYVkv.exe
  2⤵
  PID:6604
- C:\Windows\System32\NGGCEin.exe
  C:\Windows\System32\NGGCEin.exe
  2⤵
  PID:6648
- C:\Windows\System32\MGUkiXq.exe
  C:\Windows\System32\MGUkiXq.exe
  2⤵
  PID:6668
- C:\Windows\System32\gclUxpR.exe
  C:\Windows\System32\gclUxpR.exe
  2⤵
  PID:6708
- C:\Windows\System32\rqXXCQs.exe
  C:\Windows\System32\rqXXCQs.exe
  2⤵
  PID:6736
- C:\Windows\System32\kxSxeds.exe
  C:\Windows\System32\kxSxeds.exe
  2⤵
  PID:6752
- C:\Windows\System32\XeiZBMZ.exe
  C:\Windows\System32\XeiZBMZ.exe
  2⤵
  PID:6776
- C:\Windows\System32\TvoePJJ.exe
  C:\Windows\System32\TvoePJJ.exe
  2⤵
  PID:6792
- C:\Windows\System32\EYflizs.exe
  C:\Windows\System32\EYflizs.exe
  2⤵
  PID:6816
- C:\Windows\System32\PtWUxQP.exe
  C:\Windows\System32\PtWUxQP.exe
  2⤵
  PID:6836
- C:\Windows\System32\PexxfAq.exe
  C:\Windows\System32\PexxfAq.exe
  2⤵
  PID:6896
- C:\Windows\System32\qWUQiPW.exe
  C:\Windows\System32\qWUQiPW.exe
  2⤵
  PID:6956
- C:\Windows\System32\KmudBee.exe
  C:\Windows\System32\KmudBee.exe
  2⤵
  PID:6976
- C:\Windows\System32\qqEozYj.exe
  C:\Windows\System32\qqEozYj.exe
  2⤵
  PID:7016
- C:\Windows\System32\bLDGGNn.exe
  C:\Windows\System32\bLDGGNn.exe
  2⤵
  PID:7032
- C:\Windows\System32\XbRKSRD.exe
  C:\Windows\System32\XbRKSRD.exe
  2⤵
  PID:7052
- C:\Windows\System32\ZAANgxD.exe
  C:\Windows\System32\ZAANgxD.exe
  2⤵
  PID:7068
- C:\Windows\System32\ANPWeFS.exe
  C:\Windows\System32\ANPWeFS.exe
  2⤵
  PID:7124
- C:\Windows\System32\QEumlBy.exe
  C:\Windows\System32\QEumlBy.exe
  2⤵
  PID:7144
- C:\Windows\System32\JCfNhFh.exe
  C:\Windows\System32\JCfNhFh.exe
  2⤵
  PID:3736
- C:\Windows\System32\wUFhQpl.exe
  C:\Windows\System32\wUFhQpl.exe
  2⤵
  PID:1220
- C:\Windows\System32\uifLvUR.exe
  C:\Windows\System32\uifLvUR.exe
  2⤵
  PID:6232
- C:\Windows\System32\wWLNUVG.exe
  C:\Windows\System32\wWLNUVG.exe
  2⤵
  PID:6284
- C:\Windows\System32\yNQLiNC.exe
  C:\Windows\System32\yNQLiNC.exe
  2⤵
  PID:6352
- C:\Windows\System32\daZvTwP.exe
  C:\Windows\System32\daZvTwP.exe
  2⤵
  PID:6392
- C:\Windows\System32\FbNQABh.exe
  C:\Windows\System32\FbNQABh.exe
  2⤵
  PID:6444
- C:\Windows\System32\krdIohY.exe
  C:\Windows\System32\krdIohY.exe
  2⤵
  PID:6524
- C:\Windows\System32\WDtmDCG.exe
  C:\Windows\System32\WDtmDCG.exe
  2⤵
  PID:6552
- C:\Windows\System32\PdAOGRV.exe
  C:\Windows\System32\PdAOGRV.exe
  2⤵
  PID:6584
- C:\Windows\System32\DiDfUgm.exe
  C:\Windows\System32\DiDfUgm.exe
  2⤵
  PID:6644
- C:\Windows\System32\jKUOIrQ.exe
  C:\Windows\System32\jKUOIrQ.exe
  2⤵
  PID:6620
- C:\Windows\System32\FrbdUTX.exe
  C:\Windows\System32\FrbdUTX.exe
  2⤵
  PID:6808
- C:\Windows\System32\WyJMdgG.exe
  C:\Windows\System32\WyJMdgG.exe
  2⤵
  PID:6716
- C:\Windows\System32\wBfyIpn.exe
  C:\Windows\System32\wBfyIpn.exe
  2⤵
  PID:6892
- C:\Windows\System32\pKfdYhO.exe
  C:\Windows\System32\pKfdYhO.exe
  2⤵
  PID:6908
- C:\Windows\System32\oaHxaVH.exe
  C:\Windows\System32\oaHxaVH.exe
  2⤵
  PID:6076
- C:\Windows\System32\vgLeJJs.exe
  C:\Windows\System32\vgLeJJs.exe
  2⤵
  PID:1232
- C:\Windows\System32\LRAdZvC.exe
  C:\Windows\System32\LRAdZvC.exe
  2⤵
  PID:6204
- C:\Windows\System32\vcomYVI.exe
  C:\Windows\System32\vcomYVI.exe
  2⤵
  PID:6292
- C:\Windows\System32\klEONGQ.exe
  C:\Windows\System32\klEONGQ.exe
  2⤵
  PID:6356
- C:\Windows\System32\tdMWJCU.exe
  C:\Windows\System32\tdMWJCU.exe
  2⤵
  PID:6536
- C:\Windows\System32\CvLVQPs.exe
  C:\Windows\System32\CvLVQPs.exe
  2⤵
  PID:6664
- C:\Windows\System32\LhlZRWy.exe
  C:\Windows\System32\LhlZRWy.exe
  2⤵
  PID:6832
- C:\Windows\System32\tbbBTOv.exe
  C:\Windows\System32\tbbBTOv.exe
  2⤵
  PID:6932
- C:\Windows\System32\AEmYVXn.exe
  C:\Windows\System32\AEmYVXn.exe
  2⤵
  PID:3764
- C:\Windows\System32\uOHVEtx.exe
  C:\Windows\System32\uOHVEtx.exe
  2⤵
  PID:6628
- C:\Windows\System32\iMIpRzd.exe
  C:\Windows\System32\iMIpRzd.exe
  2⤵
  PID:7024
- C:\Windows\System32\IwlTAqa.exe
  C:\Windows\System32\IwlTAqa.exe
  2⤵
  PID:6572
- C:\Windows\System32\FLkoEzE.exe
  C:\Windows\System32\FLkoEzE.exe
  2⤵
  PID:7188
- C:\Windows\System32\Maqwukp.exe
  C:\Windows\System32\Maqwukp.exe
  2⤵
  PID:7208
- C:\Windows\System32\TUOPxlj.exe
  C:\Windows\System32\TUOPxlj.exe
  2⤵
  PID:7232
- C:\Windows\System32\YZESgeK.exe
  C:\Windows\System32\YZESgeK.exe
  2⤵
  PID:7260
- C:\Windows\System32\OAIGNKt.exe
  C:\Windows\System32\OAIGNKt.exe
  2⤵
  PID:7280
- C:\Windows\System32\csrLtWL.exe
  C:\Windows\System32\csrLtWL.exe
  2⤵
  PID:7304
- C:\Windows\System32\VFmGPpT.exe
  C:\Windows\System32\VFmGPpT.exe
  2⤵
  PID:7328
- C:\Windows\System32\rgcpHVG.exe
  C:\Windows\System32\rgcpHVG.exe
  2⤵
  PID:7368
- C:\Windows\System32\ZIBMeMz.exe
  C:\Windows\System32\ZIBMeMz.exe
  2⤵
  PID:7384
- C:\Windows\System32\znXAFgn.exe
  C:\Windows\System32\znXAFgn.exe
  2⤵
  PID:7432
- C:\Windows\System32\ptadlIr.exe
  C:\Windows\System32\ptadlIr.exe
  2⤵
  PID:7452
- C:\Windows\System32\ClwHwhk.exe
  C:\Windows\System32\ClwHwhk.exe
  2⤵
  PID:7468
- C:\Windows\System32\DTMildM.exe
  C:\Windows\System32\DTMildM.exe
  2⤵
  PID:7492
- C:\Windows\System32\SDBjwDQ.exe
  C:\Windows\System32\SDBjwDQ.exe
  2⤵
  PID:7516
- C:\Windows\System32\qSNWbWS.exe
  C:\Windows\System32\qSNWbWS.exe
  2⤵
  PID:7540
- C:\Windows\System32\RCXhdoU.exe
  C:\Windows\System32\RCXhdoU.exe
  2⤵
  PID:7556
- C:\Windows\System32\UlObLlB.exe
  C:\Windows\System32\UlObLlB.exe
  2⤵
  PID:7580
- C:\Windows\System32\aqcblpp.exe
  C:\Windows\System32\aqcblpp.exe
  2⤵
  PID:7596
- C:\Windows\System32\tBxlsKn.exe
  C:\Windows\System32\tBxlsKn.exe
  2⤵
  PID:7624
- C:\Windows\System32\hmlySga.exe
  C:\Windows\System32\hmlySga.exe
  2⤵
  PID:7692
- C:\Windows\System32\cLmmVqq.exe
  C:\Windows\System32\cLmmVqq.exe
  2⤵
  PID:7752
- C:\Windows\System32\bHjySOZ.exe
  C:\Windows\System32\bHjySOZ.exe
  2⤵
  PID:7800
- C:\Windows\System32\Acpeibp.exe
  C:\Windows\System32\Acpeibp.exe
  2⤵
  PID:7828
- C:\Windows\System32\rAElVNO.exe
  C:\Windows\System32\rAElVNO.exe
  2⤵
  PID:7848
- C:\Windows\System32\SBIzDOp.exe
  C:\Windows\System32\SBIzDOp.exe
  2⤵
  PID:7884
- C:\Windows\System32\EjOWdAl.exe
  C:\Windows\System32\EjOWdAl.exe
  2⤵
  PID:7904
- C:\Windows\System32\YiGxsST.exe
  C:\Windows\System32\YiGxsST.exe
  2⤵
  PID:7940
- C:\Windows\System32\oKptbzG.exe
  C:\Windows\System32\oKptbzG.exe
  2⤵
  PID:7960
- C:\Windows\System32\AHjDTbU.exe
  C:\Windows\System32\AHjDTbU.exe
  2⤵
  PID:7980
- C:\Windows\System32\WIASYzV.exe
  C:\Windows\System32\WIASYzV.exe
  2⤵
  PID:8008
- C:\Windows\System32\oBUNPrn.exe
  C:\Windows\System32\oBUNPrn.exe
  2⤵
  PID:8032
- C:\Windows\System32\eloIPTD.exe
  C:\Windows\System32\eloIPTD.exe
  2⤵
  PID:8052
- C:\Windows\System32\TwEehor.exe
  C:\Windows\System32\TwEehor.exe
  2⤵
  PID:8068
- C:\Windows\System32\APWCRLM.exe
  C:\Windows\System32\APWCRLM.exe
  2⤵
  PID:8108
- C:\Windows\System32\QeaWxub.exe
  C:\Windows\System32\QeaWxub.exe
  2⤵
  PID:8164
- C:\Windows\System32\HNGuJjf.exe
  C:\Windows\System32\HNGuJjf.exe
  2⤵
  PID:8188
- C:\Windows\System32\cCILXJK.exe
  C:\Windows\System32\cCILXJK.exe
  2⤵
  PID:1092
- C:\Windows\System32\NhLPnvc.exe
  C:\Windows\System32\NhLPnvc.exe
  2⤵
  PID:7204
- C:\Windows\System32\IclcIZP.exe
  C:\Windows\System32\IclcIZP.exe
  2⤵
  PID:7276
- C:\Windows\System32\jyDsrlw.exe
  C:\Windows\System32\jyDsrlw.exe
  2⤵
  PID:7292
- C:\Windows\System32\oKCOBti.exe
  C:\Windows\System32\oKCOBti.exe
  2⤵
  PID:7404
- C:\Windows\System32\agISKso.exe
  C:\Windows\System32\agISKso.exe
  2⤵
  PID:7564
- C:\Windows\System32\bYCrxQY.exe
  C:\Windows\System32\bYCrxQY.exe
  2⤵
  PID:7548
- C:\Windows\System32\MbttuHa.exe
  C:\Windows\System32\MbttuHa.exe
  2⤵
  PID:7636
- C:\Windows\System32\AxrHuNE.exe
  C:\Windows\System32\AxrHuNE.exe
  2⤵
  PID:7680
- C:\Windows\System32\QnblFCW.exe
  C:\Windows\System32\QnblFCW.exe
  2⤵
  PID:6860
- C:\Windows\System32\ngKlHhz.exe
  C:\Windows\System32\ngKlHhz.exe
  2⤵
  PID:7760
- C:\Windows\System32\hcwYwZN.exe
  C:\Windows\System32\hcwYwZN.exe
  2⤵
  PID:7860
- C:\Windows\System32\zdpOjzh.exe
  C:\Windows\System32\zdpOjzh.exe
  2⤵
  PID:7956
- C:\Windows\System32\jYhTynz.exe
  C:\Windows\System32\jYhTynz.exe
  2⤵
  PID:7952
- C:\Windows\System32\OkqOXvF.exe
  C:\Windows\System32\OkqOXvF.exe
  2⤵
  PID:8020
- C:\Windows\System32\JALbnPN.exe
  C:\Windows\System32\JALbnPN.exe
  2⤵
  PID:8084
- C:\Windows\System32\ftwUwMr.exe
  C:\Windows\System32\ftwUwMr.exe
  2⤵
  PID:8140
- C:\Windows\System32\WhpKiih.exe
  C:\Windows\System32\WhpKiih.exe
  2⤵
  PID:6636
- C:\Windows\System32\lhdhsML.exe
  C:\Windows\System32\lhdhsML.exe
  2⤵
  PID:7216
- C:\Windows\System32\pdIKRBu.exe
  C:\Windows\System32\pdIKRBu.exe
  2⤵
  PID:7552
- C:\Windows\System32\cKTXsNg.exe
  C:\Windows\System32\cKTXsNg.exe
  2⤵
  PID:7500
- C:\Windows\System32\iRmOXba.exe
  C:\Windows\System32\iRmOXba.exe
  2⤵
  PID:7704
- C:\Windows\System32\rJdkJYT.exe
  C:\Windows\System32\rJdkJYT.exe
  2⤵
  PID:7976
- C:\Windows\System32\ZyiTySa.exe
  C:\Windows\System32\ZyiTySa.exe
  2⤵
  PID:8076
- C:\Windows\System32\qklzBnY.exe
  C:\Windows\System32\qklzBnY.exe
  2⤵
  PID:8120
- C:\Windows\System32\LcAJDMO.exe
  C:\Windows\System32\LcAJDMO.exe
  2⤵
  PID:7668
- C:\Windows\System32\XvaHfvp.exe
  C:\Windows\System32\XvaHfvp.exe
  2⤵
  PID:7676
- C:\Windows\System32\WuCstBf.exe
  C:\Windows\System32\WuCstBf.exe
  2⤵
  PID:7840
- C:\Windows\System32\zDfFyQZ.exe
  C:\Windows\System32\zDfFyQZ.exe
  2⤵
  PID:8212
- C:\Windows\System32\BsylqZt.exe
  C:\Windows\System32\BsylqZt.exe
  2⤵
  PID:8232
- C:\Windows\System32\PwqcFtq.exe
  C:\Windows\System32\PwqcFtq.exe
  2⤵
  PID:8268
- C:\Windows\System32\SZzHUqt.exe
  C:\Windows\System32\SZzHUqt.exe
  2⤵
  PID:8288
- C:\Windows\System32\hmWjkvr.exe
  C:\Windows\System32\hmWjkvr.exe
  2⤵
  PID:8312
- C:\Windows\System32\nFwXxPL.exe
  C:\Windows\System32\nFwXxPL.exe
  2⤵
  PID:8348
- C:\Windows\System32\GXJjZhi.exe
  C:\Windows\System32\GXJjZhi.exe
  2⤵
  PID:8368
- C:\Windows\System32\EIcDGRv.exe
  C:\Windows\System32\EIcDGRv.exe
  2⤵
  PID:8392
- C:\Windows\System32\OHQQCWu.exe
  C:\Windows\System32\OHQQCWu.exe
  2⤵
  PID:8420
- C:\Windows\System32\bBFtzsi.exe
  C:\Windows\System32\bBFtzsi.exe
  2⤵
  PID:8440
- C:\Windows\System32\rmaGuIr.exe
  C:\Windows\System32\rmaGuIr.exe
  2⤵
  PID:8492
- C:\Windows\System32\FEmkxOk.exe
  C:\Windows\System32\FEmkxOk.exe
  2⤵
  PID:8532
- C:\Windows\System32\pZsoqQg.exe
  C:\Windows\System32\pZsoqQg.exe
  2⤵
  PID:8556
- C:\Windows\System32\ZPbPsyL.exe
  C:\Windows\System32\ZPbPsyL.exe
  2⤵
  PID:8580
- C:\Windows\System32\eZgpfSq.exe
  C:\Windows\System32\eZgpfSq.exe
  2⤵
  PID:8596
- C:\Windows\System32\gzPOUka.exe
  C:\Windows\System32\gzPOUka.exe
  2⤵
  PID:8620
- C:\Windows\System32\pZuISua.exe
  C:\Windows\System32\pZuISua.exe
  2⤵
  PID:8644
- C:\Windows\System32\JIIqRzs.exe
  C:\Windows\System32\JIIqRzs.exe
  2⤵
  PID:8660
- C:\Windows\System32\TllAkjk.exe
  C:\Windows\System32\TllAkjk.exe
  2⤵
  PID:8680
- C:\Windows\System32\mGlIYll.exe
  C:\Windows\System32\mGlIYll.exe
  2⤵
  PID:8740
- C:\Windows\System32\EIuXmbR.exe
  C:\Windows\System32\EIuXmbR.exe
  2⤵
  PID:8780
- C:\Windows\System32\cThjwXd.exe
  C:\Windows\System32\cThjwXd.exe
  2⤵
  PID:8800
- C:\Windows\System32\HIsDpLO.exe
  C:\Windows\System32\HIsDpLO.exe
  2⤵
  PID:8816
- C:\Windows\System32\AixKmTS.exe
  C:\Windows\System32\AixKmTS.exe
  2⤵
  PID:8860
- C:\Windows\System32\XAyRttU.exe
  C:\Windows\System32\XAyRttU.exe
  2⤵
  PID:8904
- C:\Windows\System32\zykFvhz.exe
  C:\Windows\System32\zykFvhz.exe
  2⤵
  PID:8928
- C:\Windows\System32\uSlufZU.exe
  C:\Windows\System32\uSlufZU.exe
  2⤵
  PID:8944
- C:\Windows\System32\WYzdMQw.exe
  C:\Windows\System32\WYzdMQw.exe
  2⤵
  PID:8972
- C:\Windows\System32\PZvXAGv.exe
  C:\Windows\System32\PZvXAGv.exe
  2⤵
  PID:8996
- C:\Windows\System32\tJUoyzg.exe
  C:\Windows\System32\tJUoyzg.exe
  2⤵
  PID:9040
- C:\Windows\System32\FqafyxI.exe
  C:\Windows\System32\FqafyxI.exe
  2⤵
  PID:9068
- C:\Windows\System32\MvMwvAg.exe
  C:\Windows\System32\MvMwvAg.exe
  2⤵
  PID:9096
- C:\Windows\System32\JRLPXgx.exe
  C:\Windows\System32\JRLPXgx.exe
  2⤵
  PID:9112
- C:\Windows\System32\ubsMyDX.exe
  C:\Windows\System32\ubsMyDX.exe
  2⤵
  PID:9144
- C:\Windows\System32\tUTknKo.exe
  C:\Windows\System32\tUTknKo.exe
  2⤵
  PID:9164
- C:\Windows\System32\MWRTmFs.exe
  C:\Windows\System32\MWRTmFs.exe
  2⤵
  PID:9184
- C:\Windows\System32\VMJWyow.exe
  C:\Windows\System32\VMJWyow.exe
  2⤵
  PID:8060
- C:\Windows\System32\PMUrYuN.exe
  C:\Windows\System32\PMUrYuN.exe
  2⤵
  PID:8248
- C:\Windows\System32\TFGmshl.exe
  C:\Windows\System32\TFGmshl.exe
  2⤵
  PID:8240
- C:\Windows\System32\esAqsAq.exe
  C:\Windows\System32\esAqsAq.exe
  2⤵
  PID:8276
- C:\Windows\System32\PEYYsog.exe
  C:\Windows\System32\PEYYsog.exe
  2⤵
  PID:8300
- C:\Windows\System32\NKpVApr.exe
  C:\Windows\System32\NKpVApr.exe
  2⤵
  PID:8404
- C:\Windows\System32\TlevmlY.exe
  C:\Windows\System32\TlevmlY.exe
  2⤵
  PID:8572
- C:\Windows\System32\xWQYWxl.exe
  C:\Windows\System32\xWQYWxl.exe
  2⤵
  PID:8592
- C:\Windows\System32\eYMahiO.exe
  C:\Windows\System32\eYMahiO.exe
  2⤵
  PID:8612
- C:\Windows\System32\JDLvbuM.exe
  C:\Windows\System32\JDLvbuM.exe
  2⤵
  PID:8776
- C:\Windows\System32\SRNAffY.exe
  C:\Windows\System32\SRNAffY.exe
  2⤵
  PID:8796
- C:\Windows\System32\mRDUDJD.exe
  C:\Windows\System32\mRDUDJD.exe
  2⤵
  PID:8880
- C:\Windows\System32\DiZcvTH.exe
  C:\Windows\System32\DiZcvTH.exe
  2⤵
  PID:8960
- C:\Windows\System32\aMCbYsP.exe
  C:\Windows\System32\aMCbYsP.exe
  2⤵
  PID:9032
- C:\Windows\System32\FifeNrE.exe
  C:\Windows\System32\FifeNrE.exe
  2⤵
  PID:9080
- C:\Windows\System32\hKTxtxt.exe
  C:\Windows\System32\hKTxtxt.exe
  2⤵
  PID:9136
- C:\Windows\System32\FPwchel.exe
  C:\Windows\System32\FPwchel.exe
  2⤵
  PID:9212
- C:\Windows\System32\LPTawdK.exe
  C:\Windows\System32\LPTawdK.exe
  2⤵
  PID:8364
- C:\Windows\System32\CtXEZML.exe
  C:\Windows\System32\CtXEZML.exe
  2⤵
  PID:8264
- C:\Windows\System32\iZvwzHR.exe
  C:\Windows\System32\iZvwzHR.exe
  2⤵
  PID:8564
- C:\Windows\System32\fZXqykq.exe
  C:\Windows\System32\fZXqykq.exe
  2⤵
  PID:8812
- C:\Windows\System32\vVzrtus.exe
  C:\Windows\System32\vVzrtus.exe
  2⤵
  PID:8892
- C:\Windows\System32\rSfEMtU.exe
  C:\Windows\System32\rSfEMtU.exe
  2⤵
  PID:7380
- C:\Windows\System32\PnqOunL.exe
  C:\Windows\System32\PnqOunL.exe
  2⤵
  PID:8204
- C:\Windows\System32\dwVgXux.exe
  C:\Windows\System32\dwVgXux.exe
  2⤵
  PID:8828
- C:\Windows\System32\jwuFDZc.exe
  C:\Windows\System32\jwuFDZc.exe
  2⤵
  PID:9108
- C:\Windows\System32\TOjMDUz.exe
  C:\Windows\System32\TOjMDUz.exe
  2⤵
  PID:8672
- C:\Windows\System32\KpKCNbD.exe
  C:\Windows\System32\KpKCNbD.exe
  2⤵
  PID:9232
- C:\Windows\System32\EWahBGI.exe
  C:\Windows\System32\EWahBGI.exe
  2⤵
  PID:9308
- C:\Windows\System32\kVwMpNt.exe
  C:\Windows\System32\kVwMpNt.exe
  2⤵
  PID:9324
- C:\Windows\System32\JVpXxgM.exe
  C:\Windows\System32\JVpXxgM.exe
  2⤵
  PID:9340
- C:\Windows\System32\PEWQSqz.exe
  C:\Windows\System32\PEWQSqz.exe
  2⤵
  PID:9356
- C:\Windows\System32\ZVaxSLI.exe
  C:\Windows\System32\ZVaxSLI.exe
  2⤵
  PID:9372
- C:\Windows\System32\BBsquly.exe
  C:\Windows\System32\BBsquly.exe
  2⤵
  PID:9388
- C:\Windows\System32\zfAfoaj.exe
  C:\Windows\System32\zfAfoaj.exe
  2⤵
  PID:9440
- C:\Windows\System32\QUjSZDX.exe
  C:\Windows\System32\QUjSZDX.exe
  2⤵
  PID:9480
- C:\Windows\System32\uJggDpe.exe
  C:\Windows\System32\uJggDpe.exe
  2⤵
  PID:9512
- C:\Windows\System32\YoETEHy.exe
  C:\Windows\System32\YoETEHy.exe
  2⤵
  PID:9532
- C:\Windows\System32\JUlJSbL.exe
  C:\Windows\System32\JUlJSbL.exe
  2⤵
  PID:9552
- C:\Windows\System32\omocgsG.exe
  C:\Windows\System32\omocgsG.exe
  2⤵
  PID:9572
- C:\Windows\System32\rfWZKdR.exe
  C:\Windows\System32\rfWZKdR.exe
  2⤵
  PID:9620
- C:\Windows\System32\fyQzERM.exe
  C:\Windows\System32\fyQzERM.exe
  2⤵
  PID:9660
- C:\Windows\System32\NzmrbHo.exe
  C:\Windows\System32\NzmrbHo.exe
  2⤵
  PID:9696
- C:\Windows\System32\ENBlvuw.exe
  C:\Windows\System32\ENBlvuw.exe
  2⤵
  PID:9716
- C:\Windows\System32\NwXaqsl.exe
  C:\Windows\System32\NwXaqsl.exe
  2⤵
  PID:9740
- C:\Windows\System32\VBhyony.exe
  C:\Windows\System32\VBhyony.exe
  2⤵
  PID:9812
- C:\Windows\System32\LCDQgfV.exe
  C:\Windows\System32\LCDQgfV.exe
  2⤵
  PID:9916
- C:\Windows\System32\uwdaXZP.exe
  C:\Windows\System32\uwdaXZP.exe
  2⤵
  PID:9932
- C:\Windows\System32\UiFyYKM.exe
  C:\Windows\System32\UiFyYKM.exe
  2⤵
  PID:9960
- C:\Windows\System32\tHPnelP.exe
  C:\Windows\System32\tHPnelP.exe
  2⤵
  PID:9984
- C:\Windows\System32\RLUTMbW.exe
  C:\Windows\System32\RLUTMbW.exe
  2⤵
  PID:10004
- C:\Windows\System32\XxZsysf.exe
  C:\Windows\System32\XxZsysf.exe
  2⤵
  PID:10020
- C:\Windows\System32\fTTfFZh.exe
  C:\Windows\System32\fTTfFZh.exe
  2⤵
  PID:10052
- C:\Windows\System32\mSsNBeR.exe
  C:\Windows\System32\mSsNBeR.exe
  2⤵
  PID:10080
- C:\Windows\System32\drOqSoB.exe
  C:\Windows\System32\drOqSoB.exe
  2⤵
  PID:10100
- C:\Windows\System32\eUctfpk.exe
  C:\Windows\System32\eUctfpk.exe
  2⤵
  PID:10124
- C:\Windows\System32\THcwwEu.exe
  C:\Windows\System32\THcwwEu.exe
  2⤵
  PID:10140
- C:\Windows\System32\DFAZhUK.exe
  C:\Windows\System32\DFAZhUK.exe
  2⤵
  PID:10164
- C:\Windows\System32\RyzwmsL.exe
  C:\Windows\System32\RyzwmsL.exe
  2⤵
  PID:10184
- C:\Windows\System32\SubKGoR.exe
  C:\Windows\System32\SubKGoR.exe
  2⤵
  PID:10228
- C:\Windows\System32\iWyALMZ.exe
  C:\Windows\System32\iWyALMZ.exe
  2⤵
  PID:9224
- C:\Windows\System32\arLoneB.exe
  C:\Windows\System32\arLoneB.exe
  2⤵
  PID:9416
- C:\Windows\System32\kjbYYAJ.exe
  C:\Windows\System32\kjbYYAJ.exe
  2⤵
  PID:9508
- C:\Windows\System32\NncfMkj.exe
  C:\Windows\System32\NncfMkj.exe
  2⤵
  PID:9284
- C:\Windows\System32\oXkDcsJ.exe
  C:\Windows\System32\oXkDcsJ.exe
  2⤵
  PID:9332
- C:\Windows\System32\BJVahyh.exe
  C:\Windows\System32\BJVahyh.exe
  2⤵
  PID:9400
- C:\Windows\System32\mdTdmTR.exe
  C:\Windows\System32\mdTdmTR.exe
  2⤵
  PID:9456
- C:\Windows\System32\JLAqYCh.exe
  C:\Windows\System32\JLAqYCh.exe
  2⤵
  PID:9564
- C:\Windows\System32\tVFNcOc.exe
  C:\Windows\System32\tVFNcOc.exe
  2⤵
  PID:9464
- C:\Windows\System32\wBoaYtC.exe
  C:\Windows\System32\wBoaYtC.exe
  2⤵
  PID:9548
- C:\Windows\System32\JATYBVl.exe
  C:\Windows\System32\JATYBVl.exe
  2⤵
  PID:9732
- C:\Windows\System32\RPIiDPe.exe
  C:\Windows\System32\RPIiDPe.exe
  2⤵
  PID:9860
- C:\Windows\System32\FNrDzrx.exe
  C:\Windows\System32\FNrDzrx.exe
  2⤵
  PID:9924
- C:\Windows\System32\YdfMHJs.exe
  C:\Windows\System32\YdfMHJs.exe
  2⤵
  PID:10000
- C:\Windows\System32\JcgGUWj.exe
  C:\Windows\System32\JcgGUWj.exe
  2⤵
  PID:10040
- C:\Windows\System32\tvlCVpY.exe
  C:\Windows\System32\tvlCVpY.exe
  2⤵
  PID:10060
- C:\Windows\System32\jiupfDf.exe
  C:\Windows\System32\jiupfDf.exe
  2⤵
  PID:10160
- C:\Windows\System32\WIVEcoo.exe
  C:\Windows\System32\WIVEcoo.exe
  2⤵
  PID:10212
- C:\Windows\System32\VJujuyX.exe
  C:\Windows\System32\VJujuyX.exe
  2⤵
  PID:9276
- C:\Windows\System32\QtzulxD.exe
  C:\Windows\System32\QtzulxD.exe
  2⤵
  PID:8720
- C:\Windows\System32\EdGxCfU.exe
  C:\Windows\System32\EdGxCfU.exe
  2⤵
  PID:9364
- C:\Windows\System32\PHZerCd.exe
  C:\Windows\System32\PHZerCd.exe
  2⤵
  PID:9676
- C:\Windows\System32\WzsSbBK.exe
  C:\Windows\System32\WzsSbBK.exe
  2⤵
  PID:9760
- C:\Windows\System32\ZKwXhDT.exe
  C:\Windows\System32\ZKwXhDT.exe
  2⤵
  PID:10012
- C:\Windows\System32\serCYUS.exe
  C:\Windows\System32\serCYUS.exe
  2⤵
  PID:10176
- C:\Windows\System32\IJrjGwS.exe
  C:\Windows\System32\IJrjGwS.exe
  2⤵
  PID:9260
- C:\Windows\System32\JPLuqBW.exe
  C:\Windows\System32\JPLuqBW.exe
  2⤵
  PID:9380
- C:\Windows\System32\VXCEnAO.exe
  C:\Windows\System32\VXCEnAO.exe
  2⤵
  PID:9608
- C:\Windows\System32\CYQmVvu.exe
  C:\Windows\System32\CYQmVvu.exe
  2⤵
  PID:10156
- C:\Windows\System32\XIQgFCZ.exe
  C:\Windows\System32\XIQgFCZ.exe
  2⤵
  PID:9616
- C:\Windows\System32\WjBObpk.exe
  C:\Windows\System32\WjBObpk.exe
  2⤵
  PID:9424
- C:\Windows\System32\zwcKUgk.exe
  C:\Windows\System32\zwcKUgk.exe
  2⤵
  PID:10252
- C:\Windows\System32\BYimZdx.exe
  C:\Windows\System32\BYimZdx.exe
  2⤵
  PID:10268
- C:\Windows\System32\oMYAUTW.exe
  C:\Windows\System32\oMYAUTW.exe
  2⤵
  PID:10288
- C:\Windows\System32\kONfUCg.exe
  C:\Windows\System32\kONfUCg.exe
  2⤵
  PID:10308
- C:\Windows\System32\nWxgAIH.exe
  C:\Windows\System32\nWxgAIH.exe
  2⤵
  PID:10332
- C:\Windows\System32\eswFURS.exe
  C:\Windows\System32\eswFURS.exe
  2⤵
  PID:10368
- C:\Windows\System32\aPpFFDa.exe
  C:\Windows\System32\aPpFFDa.exe
  2⤵
  PID:10412
- C:\Windows\System32\zqgPNED.exe
  C:\Windows\System32\zqgPNED.exe
  2⤵
  PID:10436
- C:\Windows\System32\ApnaiMY.exe
  C:\Windows\System32\ApnaiMY.exe
  2⤵
  PID:10484
- C:\Windows\System32\SVQTtIB.exe
  C:\Windows\System32\SVQTtIB.exe
  2⤵
  PID:10500
- C:\Windows\System32\uvSDYUx.exe
  C:\Windows\System32\uvSDYUx.exe
  2⤵
  PID:10548
- C:\Windows\System32\NbBZNcY.exe
  C:\Windows\System32\NbBZNcY.exe
  2⤵
  PID:10576
- C:\Windows\System32\lXlgfqZ.exe
  C:\Windows\System32\lXlgfqZ.exe
  2⤵
  PID:10604
- C:\Windows\System32\nWeWuVu.exe
  C:\Windows\System32\nWeWuVu.exe
  2⤵
  PID:10620
- C:\Windows\System32\gsTyWhP.exe
  C:\Windows\System32\gsTyWhP.exe
  2⤵
  PID:10660
- C:\Windows\System32\bYtSBhw.exe
  C:\Windows\System32\bYtSBhw.exe
  2⤵
  PID:10680
- C:\Windows\System32\dvaesOF.exe
  C:\Windows\System32\dvaesOF.exe
  2⤵
  PID:10712
- C:\Windows\System32\gtjzLzV.exe
  C:\Windows\System32\gtjzLzV.exe
  2⤵
  PID:10732
- C:\Windows\System32\KEBQmic.exe
  C:\Windows\System32\KEBQmic.exe
  2⤵
  PID:10756
- C:\Windows\System32\jAQaapy.exe
  C:\Windows\System32\jAQaapy.exe
  2⤵
  PID:10784
- C:\Windows\System32\UBZbDDC.exe
  C:\Windows\System32\UBZbDDC.exe
  2⤵
  PID:10816
- C:\Windows\System32\NFSecka.exe
  C:\Windows\System32\NFSecka.exe
  2⤵
  PID:10836
- C:\Windows\System32\RYVDyDP.exe
  C:\Windows\System32\RYVDyDP.exe
  2⤵
  PID:10860
- C:\Windows\System32\LNvLBQw.exe
  C:\Windows\System32\LNvLBQw.exe
  2⤵
  PID:10904
- C:\Windows\System32\mYzQlIj.exe
  C:\Windows\System32\mYzQlIj.exe
  2⤵
  PID:10932
- C:\Windows\System32\eYVIWdp.exe
  C:\Windows\System32\eYVIWdp.exe
  2⤵
  PID:10956
- C:\Windows\System32\uevIGhP.exe
  C:\Windows\System32\uevIGhP.exe
  2⤵
  PID:10980
- C:\Windows\System32\dFRPwxu.exe
  C:\Windows\System32\dFRPwxu.exe
  2⤵
  PID:11036
- C:\Windows\System32\xECRbGu.exe
  C:\Windows\System32\xECRbGu.exe
  2⤵
  PID:11080
- C:\Windows\System32\QmwLLoN.exe
  C:\Windows\System32\QmwLLoN.exe
  2⤵
  PID:11100
- C:\Windows\System32\cEUOZVh.exe
  C:\Windows\System32\cEUOZVh.exe
  2⤵
  PID:11124
- C:\Windows\System32\LMZJXEN.exe
  C:\Windows\System32\LMZJXEN.exe
  2⤵
  PID:11140
- C:\Windows\System32\dKMNZuO.exe
  C:\Windows\System32\dKMNZuO.exe
  2⤵
  PID:11168
- C:\Windows\System32\yZOkTtg.exe
  C:\Windows\System32\yZOkTtg.exe
  2⤵
  PID:11188
- C:\Windows\System32\uschzkg.exe
  C:\Windows\System32\uschzkg.exe
  2⤵
  PID:11224
- C:\Windows\System32\PXoxpWa.exe
  C:\Windows\System32\PXoxpWa.exe
  2⤵
  PID:11260
- C:\Windows\System32\oRrTjkP.exe
  C:\Windows\System32\oRrTjkP.exe
  2⤵
  PID:10344
- C:\Windows\System32\fTZSFYf.exe
  C:\Windows\System32\fTZSFYf.exe
  2⤵
  PID:10300
- C:\Windows\System32\lUeJobC.exe
  C:\Windows\System32\lUeJobC.exe
  2⤵
  PID:10432
- C:\Windows\System32\fHhSJtA.exe
  C:\Windows\System32\fHhSJtA.exe
  2⤵
  PID:10472
- C:\Windows\System32\aHJbjOH.exe
  C:\Windows\System32\aHJbjOH.exe
  2⤵
  PID:10508
- C:\Windows\System32\WdryJOm.exe
  C:\Windows\System32\WdryJOm.exe
  2⤵
  PID:10572
- C:\Windows\System32\xZstUUN.exe
  C:\Windows\System32\xZstUUN.exe
  2⤵
  PID:10632
- C:\Windows\System32\Dybcsgt.exe
  C:\Windows\System32\Dybcsgt.exe
  2⤵
  PID:10704
- C:\Windows\System32\AzksBiJ.exe
  C:\Windows\System32\AzksBiJ.exe
  2⤵
  PID:10772
- C:\Windows\System32\emUOsKk.exe
  C:\Windows\System32\emUOsKk.exe
  2⤵
  PID:10780
- C:\Windows\System32\jLLpjam.exe
  C:\Windows\System32\jLLpjam.exe
  2⤵
  PID:10880
- C:\Windows\System32\SqSFGWw.exe
  C:\Windows\System32\SqSFGWw.exe
  2⤵
  PID:10916
- C:\Windows\System32\gaYtuPi.exe
  C:\Windows\System32\gaYtuPi.exe
  2⤵
  PID:10968
- C:\Windows\System32\htOKBEp.exe
  C:\Windows\System32\htOKBEp.exe
  2⤵
  PID:11020
- C:\Windows\System32\AhGqMKM.exe
  C:\Windows\System32\AhGqMKM.exe
  2⤵
  PID:11196
- C:\Windows\System32\uBvmmIW.exe
  C:\Windows\System32\uBvmmIW.exe
  2⤵
  PID:11252
- C:\Windows\System32\SgrHRcz.exe
  C:\Windows\System32\SgrHRcz.exe
  2⤵
  PID:10264
- C:\Windows\System32\cgdcVKz.exe
  C:\Windows\System32\cgdcVKz.exe
  2⤵
  PID:10384
- C:\Windows\System32\SavuTKG.exe
  C:\Windows\System32\SavuTKG.exe
  2⤵
  PID:10492
- C:\Windows\System32\BIyIqyc.exe
  C:\Windows\System32\BIyIqyc.exe
  2⤵
  PID:10656
- C:\Windows\System32\RgjsOKG.exe
  C:\Windows\System32\RgjsOKG.exe
  2⤵
  PID:11056
- C:\Windows\System32\BreVvxd.exe
  C:\Windows\System32\BreVvxd.exe
  2⤵
  PID:11108
- C:\Windows\System32\viAMPUg.exe
  C:\Windows\System32\viAMPUg.exe
  2⤵
  PID:11212
- C:\Windows\System32\cJdOQXX.exe
  C:\Windows\System32\cJdOQXX.exe
  2⤵
  PID:10596
- C:\Windows\System32\OKCqaPs.exe
  C:\Windows\System32\OKCqaPs.exe
  2⤵
  PID:10724
- C:\Windows\System32\otNKCvP.exe
  C:\Windows\System32\otNKCvP.exe
  2⤵
  PID:10612
- C:\Windows\System32\ppPbgbP.exe
  C:\Windows\System32\ppPbgbP.exe
  2⤵
  PID:10964
- C:\Windows\System32\UqrnpPW.exe
  C:\Windows\System32\UqrnpPW.exe
  2⤵
  PID:11276
- C:\Windows\System32\pcwUOIN.exe
  C:\Windows\System32\pcwUOIN.exe
  2⤵
  PID:11296
- C:\Windows\System32\EwRtWEJ.exe
  C:\Windows\System32\EwRtWEJ.exe
  2⤵
  PID:11324
- C:\Windows\System32\sjraRgn.exe
  C:\Windows\System32\sjraRgn.exe
  2⤵
  PID:11364
- C:\Windows\System32\pwYJmDj.exe
  C:\Windows\System32\pwYJmDj.exe
  2⤵
  PID:11388
- C:\Windows\System32\aiQcgFt.exe
  C:\Windows\System32\aiQcgFt.exe
  2⤵
  PID:11408
- C:\Windows\System32\QgAGACk.exe
  C:\Windows\System32\QgAGACk.exe
  2⤵
  PID:11428
- C:\Windows\System32\isuosCl.exe
  C:\Windows\System32\isuosCl.exe
  2⤵
  PID:11460
- C:\Windows\System32\GYnPmWQ.exe
  C:\Windows\System32\GYnPmWQ.exe
  2⤵
  PID:11480
- C:\Windows\System32\xbFlvIE.exe
  C:\Windows\System32\xbFlvIE.exe
  2⤵
  PID:11512
- C:\Windows\System32\YYAiBcu.exe
  C:\Windows\System32\YYAiBcu.exe
  2⤵
  PID:11544
- C:\Windows\System32\FbGsPsc.exe
  C:\Windows\System32\FbGsPsc.exe
  2⤵
  PID:11568
- C:\Windows\System32\qaQPnkY.exe
  C:\Windows\System32\qaQPnkY.exe
  2⤵
  PID:11592
- C:\Windows\System32\iWLMAaH.exe
  C:\Windows\System32\iWLMAaH.exe
  2⤵
  PID:11620
- C:\Windows\System32\cJxNJrz.exe
  C:\Windows\System32\cJxNJrz.exe
  2⤵
  PID:11668
- C:\Windows\System32\FtFRhyk.exe
  C:\Windows\System32\FtFRhyk.exe
  2⤵
  PID:11692
- C:\Windows\System32\AzYLYLa.exe
  C:\Windows\System32\AzYLYLa.exe
  2⤵
  PID:11716
- C:\Windows\System32\TvEkVZD.exe
  C:\Windows\System32\TvEkVZD.exe
  2⤵
  PID:11752
- C:\Windows\System32\Chkgeic.exe
  C:\Windows\System32\Chkgeic.exe
  2⤵
  PID:11772
- C:\Windows\System32\YvfvrwX.exe
  C:\Windows\System32\YvfvrwX.exe
  2⤵
  PID:11796
- C:\Windows\System32\smmCUav.exe
  C:\Windows\System32\smmCUav.exe
  2⤵
  PID:11816
- C:\Windows\System32\OVJbQZz.exe
  C:\Windows\System32\OVJbQZz.exe
  2⤵
  PID:11840
- C:\Windows\System32\TEZYfct.exe
  C:\Windows\System32\TEZYfct.exe
  2⤵
  PID:11872
- C:\Windows\System32\wFPHXGm.exe
  C:\Windows\System32\wFPHXGm.exe
  2⤵
  PID:11904
- C:\Windows\System32\QlDnOps.exe
  C:\Windows\System32\QlDnOps.exe
  2⤵
  PID:11928
- C:\Windows\System32\HwnajaY.exe
  C:\Windows\System32\HwnajaY.exe
  2⤵
  PID:11964
- C:\Windows\System32\RzPpzuK.exe
  C:\Windows\System32\RzPpzuK.exe
  2⤵
  PID:12004
- C:\Windows\System32\sznPiHu.exe
  C:\Windows\System32\sznPiHu.exe
  2⤵
  PID:12028
- C:\Windows\System32\qHLBVJo.exe
  C:\Windows\System32\qHLBVJo.exe
  2⤵
  PID:12052
- C:\Windows\System32\MlYJghT.exe
  C:\Windows\System32\MlYJghT.exe
  2⤵
  PID:12076
- C:\Windows\System32\GOmYeTI.exe
  C:\Windows\System32\GOmYeTI.exe
  2⤵
  PID:12100
- C:\Windows\System32\stofyjf.exe
  C:\Windows\System32\stofyjf.exe
  2⤵
  PID:12136
- C:\Windows\System32\VtrGRUV.exe
  C:\Windows\System32\VtrGRUV.exe
  2⤵
  PID:12164
- C:\Windows\System32\dKzVOjv.exe
  C:\Windows\System32\dKzVOjv.exe
  2⤵
  PID:12196
- C:\Windows\System32\kOhXxSc.exe
  C:\Windows\System32\kOhXxSc.exe
  2⤵
  PID:12216
- C:\Windows\System32\btQgSYu.exe
  C:\Windows\System32\btQgSYu.exe
  2⤵
  PID:12248
- C:\Windows\System32\QLEYohj.exe
  C:\Windows\System32\QLEYohj.exe
  2⤵
  PID:12268
- C:\Windows\System32\HrTjcAm.exe
  C:\Windows\System32\HrTjcAm.exe
  2⤵
  PID:11308
- C:\Windows\System32\AwZiByJ.exe
  C:\Windows\System32\AwZiByJ.exe
  2⤵
  PID:11376
- C:\Windows\System32\tSXTUQO.exe
  C:\Windows\System32\tSXTUQO.exe
  2⤵
  PID:11456
- C:\Windows\System32\wsfUJXN.exe
  C:\Windows\System32\wsfUJXN.exe
  2⤵
  PID:11508
- C:\Windows\System32\oTMfNVW.exe
  C:\Windows\System32\oTMfNVW.exe
  2⤵
  PID:11552
- C:\Windows\System32\uLdPHKy.exe
  C:\Windows\System32\uLdPHKy.exe
  2⤵
  PID:11644
- C:\Windows\System32\bRgZmJZ.exe
  C:\Windows\System32\bRgZmJZ.exe
  2⤵
  PID:11712
- C:\Windows\System32\XKBBBBx.exe
  C:\Windows\System32\XKBBBBx.exe
  2⤵
  PID:11764
- C:\Windows\System32\fxsNNpS.exe
  C:\Windows\System32\fxsNNpS.exe
  2⤵
  PID:11832
- C:\Windows\System32\XoUmUQz.exe
  C:\Windows\System32\XoUmUQz.exe
  2⤵
  PID:11848
- C:\Windows\System32\lSHiEfC.exe
  C:\Windows\System32\lSHiEfC.exe
  2⤵
  PID:11940
- C:\Windows\System32\TnROdHD.exe
  C:\Windows\System32\TnROdHD.exe
  2⤵
  PID:11980
- C:\Windows\System32\tlySODo.exe
  C:\Windows\System32\tlySODo.exe
  2⤵
  PID:12036
- C:\Windows\System32\HWPfMZl.exe
  C:\Windows\System32\HWPfMZl.exe
  2⤵
  PID:12128
- C:\Windows\System32\zadyLDV.exe
  C:\Windows\System32\zadyLDV.exe
  2⤵
  PID:3344
- C:\Windows\System32\oFLytod.exe
  C:\Windows\System32\oFLytod.exe
  2⤵
  PID:11360
- C:\Windows\System32\otrIzxO.exe
  C:\Windows\System32\otrIzxO.exe
  2⤵
  PID:11400
- C:\Windows\System32\BwvJQUm.exe
  C:\Windows\System32\BwvJQUm.exe
  2⤵
  PID:11588
- C:\Windows\System32\lERBkQR.exe
  C:\Windows\System32\lERBkQR.exe
  2⤵
  PID:11608
- C:\Windows\System32\zQzZybP.exe
  C:\Windows\System32\zQzZybP.exe
  2⤵
  PID:11768
- C:\Windows\System32\miYmywJ.exe
  C:\Windows\System32\miYmywJ.exe
  2⤵
  PID:11824
- C:\Windows\System32\FNyIXGp.exe
  C:\Windows\System32\FNyIXGp.exe
  2⤵
  PID:11896
- C:\Windows\System32\zfYXabv.exe
  C:\Windows\System32\zfYXabv.exe
  2⤵
  PID:12096
- C:\Windows\System32\QkqHgcR.exe
  C:\Windows\System32\QkqHgcR.exe
  2⤵
  PID:12040
- C:\Windows\System32\aPWfdlz.exe
  C:\Windows\System32\aPWfdlz.exe
  2⤵
  PID:12292
- C:\Windows\System32\DfUICtM.exe
  C:\Windows\System32\DfUICtM.exe
  2⤵
  PID:12308
- C:\Windows\System32\jGxyDFQ.exe
  C:\Windows\System32\jGxyDFQ.exe
  2⤵
  PID:12324
- C:\Windows\System32\aohbvGb.exe
  C:\Windows\System32\aohbvGb.exe
  2⤵
  PID:12340
- C:\Windows\System32\kcmYrCS.exe
  C:\Windows\System32\kcmYrCS.exe
  2⤵
  PID:12356
- C:\Windows\System32\vnRJMfa.exe
  C:\Windows\System32\vnRJMfa.exe
  2⤵
  PID:12372
- C:\Windows\System32\OOriWwb.exe
  C:\Windows\System32\OOriWwb.exe
  2⤵
  PID:12392
- C:\Windows\System32\CrNpbmG.exe
  C:\Windows\System32\CrNpbmG.exe
  2⤵
  PID:12432
- C:\Windows\System32\sBvgVIx.exe
  C:\Windows\System32\sBvgVIx.exe
  2⤵
  PID:12484
- C:\Windows\System32\zRHxMJK.exe
  C:\Windows\System32\zRHxMJK.exe
  2⤵
  PID:12568
- C:\Windows\System32\OLveReO.exe
  C:\Windows\System32\OLveReO.exe
  2⤵
  PID:12600
- C:\Windows\System32\sQvidpc.exe
  C:\Windows\System32\sQvidpc.exe
  2⤵
  PID:12624
- C:\Windows\System32\jxGlTCt.exe
  C:\Windows\System32\jxGlTCt.exe
  2⤵
  PID:12644
- C:\Windows\System32\GVopWlR.exe
  C:\Windows\System32\GVopWlR.exe
  2⤵
  PID:12752
- C:\Windows\System32\qTgjNPI.exe
  C:\Windows\System32\qTgjNPI.exe
  2⤵
  PID:12868
- C:\Windows\System32\RuNDwPJ.exe
  C:\Windows\System32\RuNDwPJ.exe
  2⤵
  PID:12888
- C:\Windows\System32\qMqnexH.exe
  C:\Windows\System32\qMqnexH.exe
  2⤵
  PID:12908
- C:\Windows\System32\fRhmuMJ.exe
  C:\Windows\System32\fRhmuMJ.exe
  2⤵
  PID:12936
- C:\Windows\System32\IIDkxYX.exe
  C:\Windows\System32\IIDkxYX.exe
  2⤵
  PID:13000
- C:\Windows\System32\AdDFzWi.exe
  C:\Windows\System32\AdDFzWi.exe
  2⤵
  PID:13016
- C:\Windows\System32\mSJgBjF.exe
  C:\Windows\System32\mSJgBjF.exe
  2⤵
  PID:13040
- C:\Windows\System32\McooBmd.exe
  C:\Windows\System32\McooBmd.exe
  2⤵
  PID:13068
- C:\Windows\System32\zrzYcEq.exe
  C:\Windows\System32\zrzYcEq.exe
  2⤵
  PID:13112
- C:\Windows\System32\bgOXxWE.exe
  C:\Windows\System32\bgOXxWE.exe
  2⤵
  PID:13128
- C:\Windows\System32\LTOcSPj.exe
  C:\Windows\System32\LTOcSPj.exe
  2⤵
  PID:13144
- C:\Windows\System32\jwCbRcs.exe
  C:\Windows\System32\jwCbRcs.exe
  2⤵
  PID:13164
- C:\Windows\System32\qERiNWi.exe
  C:\Windows\System32\qERiNWi.exe
  2⤵
  PID:13180
- C:\Windows\System32\kkHapcb.exe
  C:\Windows\System32\kkHapcb.exe
  2⤵
  PID:13204
- C:\Windows\System32\wlNRJbh.exe
  C:\Windows\System32\wlNRJbh.exe
  2⤵
  PID:13232
- C:\Windows\System32\WhBhCcy.exe
  C:\Windows\System32\WhBhCcy.exe
  2⤵
  PID:13256
- C:\Windows\System32\ClSRxnc.exe
  C:\Windows\System32\ClSRxnc.exe
  2⤵
  PID:13280
- C:\Windows\System32\RySRVvB.exe
  C:\Windows\System32\RySRVvB.exe
  2⤵
  PID:12364
- C:\Windows\System32\quKAKYN.exe
  C:\Windows\System32\quKAKYN.exe
  2⤵
  PID:12420
- C:\Windows\System32\mGGGntT.exe
  C:\Windows\System32\mGGGntT.exe
  2⤵
  PID:12208
- C:\Windows\System32\rYpoAWT.exe
  C:\Windows\System32\rYpoAWT.exe
  2⤵
  PID:12300
- C:\Windows\System32\OIxTAZu.exe
  C:\Windows\System32\OIxTAZu.exe
  2⤵
  PID:12264
- C:\Windows\System32\jLwfLGA.exe
  C:\Windows\System32\jLwfLGA.exe
  2⤵
  PID:12352
- C:\Windows\System32\LLdCwcH.exe
  C:\Windows\System32\LLdCwcH.exe
  2⤵
  PID:4400
- C:\Windows\System32\ObOUpjV.exe
  C:\Windows\System32\ObOUpjV.exe
  2⤵
  PID:11736
- C:\Windows\System32\uAKNfIM.exe
  C:\Windows\System32\uAKNfIM.exe
  2⤵
  PID:12656
- C:\Windows\System32\pPuWppn.exe
  C:\Windows\System32\pPuWppn.exe
  2⤵
  PID:12424
- C:\Windows\System32\qdGzwrv.exe
  C:\Windows\System32\qdGzwrv.exe
  2⤵
  PID:12468
- C:\Windows\System32\UzghmOg.exe
  C:\Windows\System32\UzghmOg.exe
  2⤵
  PID:12632
- C:\Windows\System32\TwAJCDz.exe
  C:\Windows\System32\TwAJCDz.exe
  2⤵
  PID:12700
- C:\Windows\System32\rvuvnax.exe
  C:\Windows\System32\rvuvnax.exe
  2⤵
  PID:12748
- C:\Windows\System32\lUjsibM.exe
  C:\Windows\System32\lUjsibM.exe
  2⤵
  PID:12760
- C:\Windows\System32\yKlHwNB.exe
  C:\Windows\System32\yKlHwNB.exe
  2⤵
  PID:12900

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ATXYZbN.exe

Filesize
1.3MB

MD5
2dc514bd8aea2fdf78b1edba2aeb21a5

SHA1
0f6a20e6b0919996146d54e091242297ab2d1e43

SHA256
76213f3aeac00fbf4bee15553d51fe6af65f1455e4b1553d5e27b8f0d6a3a637

SHA512
96e9488da7313b9d258c7d295b7b103557a6931a2eaf2b54278d6f7e147a7de65694e8fc63cf91db8dc9e43a857bc4affa5cabd9686e5a9dd6ed665c88776397

Download Submit
C:\Windows\System32\BDRCRGt.exe

Filesize
1.3MB

MD5
4cedb65878b1283bdc76e4f4c53e5314

SHA1
43fb53626ca77013421dabd6c6769f052fe3eb0a

SHA256
4ad01cfe0c519450b444058284f1bcfe9543d8e4665957699112dd9421cf5b62

SHA512
7d165f66332ed818b1441b881c5762493b213fcc5394e6d873364356724d52de3217d528d4952158de9e0c107beda7601e41e8e48d716924f152e5d855f98527

Download Submit
C:\Windows\System32\CCxKAip.exe

Filesize
1.3MB

MD5
cae5d56197e944b56f9106ff7cf681f6

SHA1
e1474c598fb44623e21db64072990e18263aae8a

SHA256
910afea5202bc02114f82056e614399f497aae62d29b6d570080b91cbfe12361

SHA512
ec055c31fcbc67c2e93cc82fa3c70bc6f0bc68e428eba9457f8d81249998e71be7b28553b33e2857058a3c4e295af0a237c7f51b71fa3ae6a836f32f0b300908

Download Submit
C:\Windows\System32\CLdaXNN.exe

Filesize
1.3MB

MD5
d43979dc4e5537b3d35abe28e8ba1f31

SHA1
6b0546495dbe552d1a64a81529f7454bd6b35d1a

SHA256
01e81b65f49f67970fa5f2e3b9b3202c5ab933803774950d9ebda45bebaa7dac

SHA512
3d2f9f1546805c8e90dfe79152a2e9e3c792840c74a1e195727ae544a5e6817eb702bb2cf8ad41c7682d1794e2e7c43cde49e435272bb263eff6aca589d087c0

Download Submit
C:\Windows\System32\HLaEWYq.exe

Filesize
1.3MB

MD5
5a737f6c6e137283cbb92f128b74e8d2

SHA1
a7286fc476b05f347ccd7141b2a0e1f584b3856a

SHA256
b0ca3524f206a58617b2de01b1175350e37e1f015861c97b1c814911dd1b07eb

SHA512
2a944f4ba01470e5b237e16f5c261c3f162c9fb3f34217834326e31569a98afe82e7bb13deca6d6c4972d5b8a9064eba0a5e96b0e37ecf4660598653b9e27716

Download Submit
C:\Windows\System32\JNRUkTU.exe

Filesize
1.3MB

MD5
7861039f59c7f0c00f9f300925993af2

SHA1
f44883ac19b94145858fc78397abb5c3d6e83a96

SHA256
9cb2c747cc0efa4002e28ea608afb961cf919777a2c6b2d884962dc899f88bad

SHA512
cace9a013fba9592898d7e495bbbdf1a61e6c061ca65ea8537518c61ca9728662129ee7478c3dbc2e3008d9e12a6c3c84586cc05d1bf57ff4e587f7fa04aff12

Download Submit
C:\Windows\System32\KErHssu.exe

Filesize
1.3MB

MD5
446a2146797e3eb44ebf92feb6b057e6

SHA1
978d2265b02ee1381bcc9d1fe4793d99a2f40413

SHA256
c147bd15fe199e300156b125e76258d115d78580fde9a1da31cf41dcd7c7d643

SHA512
4b21fb38d985808a1ba675b168c1e9f4023c5745e86790b29960120dfbf73cf2f3a84fa79269e85c584b488607df6b4f74ce6c891338364b7b14be6145278a83

Download Submit
C:\Windows\System32\LWtRIgn.exe

Filesize
1.3MB

MD5
1e7ad23fdc14a23abb7077d342dcf6ba

SHA1
174b0803a3b46614db4a7d39c0512d86c5edc964

SHA256
e79b7355fa0ba4dc03a3a88276a5c0bb2875064f1cdf82a25747765b7f79d329

SHA512
f965d12706e4ebc5af1f5f86c3da27e72b73a8492f6d4368ee83af3801ccc2357ec59a33fa32305dd6364e6e8161103ce023134b01905946258acf97884834aa

Download Submit
C:\Windows\System32\LoVQLBg.exe

Filesize
1.3MB

MD5
a1d248acfab37c552214a026e5da6218

SHA1
aa2235f8fc076290b974da397f5325b46790c797

SHA256
07e2394942b3dbe41288f9c1a95534aecda662094cc0bf38b526db749c6d8e32

SHA512
9adebc58820b1622a1cedb0659465e3736e414ef1de6c1c05d1fdb2a00a26d2d58d45cd02415612f44268cf2698da98b2a39f4be9fe80d82c4d8e9a865225a0d

Download Submit
C:\Windows\System32\MHgcBKX.exe

Filesize
1.3MB

MD5
6db75e0fa127848b03d199ef2d65a4ba

SHA1
7b0d1cf6f53a9a552412d39f2f7c4ff92234ab62

SHA256
6dda844320cff3c318246aefe7f9fb8d6f2fb4b7288b245a1df9f3183c49d234

SHA512
ffdec9a87d5146a834da6496c66f4f2a49259bfd36e9e2023904986e4664b3d83d1fc2ffa98b8c4c1d966a6f8c319f30edd56bc52a740eb02d537e484bca9f45

Download Submit
C:\Windows\System32\NYioAht.exe

Filesize
1.3MB

MD5
ebfedcd23fe2ca60b00eb46dce96a5d1

SHA1
1adb7a8ba1cf1149a743404aa018fb3430b6d086

SHA256
af96a733a67dbcd06bd9f9f5ab7444b9de2e2e9273965399721fa060bdbd8b86

SHA512
eecab7f7ce5839945da505a21616aabdbac5f40d4e1261e76c54bdce7d0bc4e0545c527b1f2b01465922443ea7f6156ae915e07fb116fbe216ab395a2a646c52

Download Submit
C:\Windows\System32\NqvoBFK.exe

Filesize
1.3MB

MD5
1a94c262da990251dae976300a8cff84

SHA1
ac6de16e5f39df5ea983538ae69afda2758d6ca8

SHA256
81b9d0d6455e5cbdbf8340f1e7d90e6dcd048940e6e45fe5a253893ca3e230e0

SHA512
f5e1b73c761e2f7d15a3019df9092d910a4206b9f607e7d672926f952ab84caf5e811386a2ee1a5f3da5f7dcd59ed8a6bb558be38146fc78a747b147b6c6151e

Download Submit
C:\Windows\System32\TqICdJE.exe

Filesize
1.3MB

MD5
fcdb194a3238f2d947e4a2bf9aeacde2

SHA1
4d150ea235668e074a40959f9567513baf360121

SHA256
912031c41e39ec8ffc61ab988f7828e6ca4fb626ef3f514ea4ceed77c10e4d59

SHA512
fc734a596eb0fcff52d09eda3954afbbd1c703fae5214415332e634a94f69cf286d0de5f0d5c6fe8da522946bed27ed6a032cadd991fa14500ea8bab9ea544fd

Download Submit
C:\Windows\System32\XEnpeDP.exe

Filesize
1.3MB

MD5
326ae5d3a8f0b23dd24eb5d3debc87bc

SHA1
44f02c6d735ebdec0e82082071c84fa0463fc51c

SHA256
fea9f7dc5e11f763cba304230838e1b4964c4289b424ebe9e6de47bcd2e6778a

SHA512
5ff4f917812664e1410287e345534c5f9647d6b0b4182138a6918e6b2318507b3300ba94a26942cd2ee735717a50e7903627029021498eec0c5a930c0cd8e1be

Download Submit
C:\Windows\System32\ZCvOxNW.exe

Filesize
1.3MB

MD5
1b3ddd8370c0255aecd8110637d51eb5

SHA1
58ee9c0fcf3867a120ddf15dda1cabe215008c7c

SHA256
43bf23882f2819c1f0b129f9edc2951f786abe290b4f6a6b72eea0aeaa148a67

SHA512
69f15b857bc9d0bc7db0f0b0bbbe639000ce1e5a1af8c5df0e8c8c787e53dd4367b7a1af8a894dfe81dd4e20bad963f53dcd95244491b352d2800b5bdb5c7f97

Download Submit
C:\Windows\System32\ZQFuSFl.exe

Filesize
1.3MB

MD5
1d9cab0ea136dff7906f9da7223eca01

SHA1
8d6dfcf20a0ba0cefc0c7d0d556272534388132a

SHA256
735ae36c66eebd05094a1ad40844b0fd987983b677577bcb55e0be7c5fb7b36e

SHA512
6d7e831b7c0f7db561d84ca604c12c6783c9da594ee1e02394c0c00803b77b27e339353cb3bab8788ebdd1244136c220926ef9de9bfea845506dbbac05a33edd

Download Submit
C:\Windows\System32\ZxcbUQS.exe

Filesize
1.3MB

MD5
8c23619ef3360c2aa34daa9c1c5dec8b

SHA1
90118e19c488396359108d4768624e147dc46144

SHA256
935a0c37bb7b95c21db4e9b9c052d9e3153e843b1671fae678f65d9fed8a1317

SHA512
e3fff8b4832086bfa62fb43a32251518622023c03ce8533935b288929dac9f12ee4c3e26bbe5e8383dea1836d4efd84880425570c0d02136af1487201bfa1578

Download Submit
C:\Windows\System32\acLmary.exe

Filesize
1.3MB

MD5
a3204d9cfac1e36b9b72c8509fcb2073

SHA1
64a80fe70c2cc9d92d7c55d744e6a0a27bb13bfc

SHA256
4bc80a552556dc1c75a76a0de501f4ed0fbfbc910c4b124095eae69d44ebc381

SHA512
ece9f1e75668c5360545a27b52cf86fa4f9df3f62f8b02b67ff37280ae1062ce5cfd962e42fe712925122c9d6337064ef3cbffced9afa8ab59686390ec7cdb8c

Download Submit
C:\Windows\System32\dXFvvwB.exe

Filesize
1.3MB

MD5
e77f4099e48afa1545b5b299bd7a6c20

SHA1
0c980f2dfdbb85ae0cd3ba27827cb730ede7d94c

SHA256
06adb29a441c6eb9edc250521b1f95b530a04b79400e9cc5b53e5b6917092d54

SHA512
4280ec76731e7f8bd8c6408846252a6599a2bb2db718ce2734907199df020623dcac099f5d17109affaa0a4e31c2dbaf532c0bcf3e87dea3bbf991df8b76f1c5

Download Submit
C:\Windows\System32\fFCGCvq.exe

Filesize
1.3MB

MD5
63ed431d42bc57ca15e3e359265a9c6e

SHA1
f5af4d9b99c46519e25e31e3ef3c161a8a80c00a

SHA256
63fa332450f2f05cb99d7437a37fe1f96415fb31c83366f982b9c027ab2abaa2

SHA512
3cdead0df916c52ed9df89142cbdc6df1b9e64c705b0e89a01dd8667114da4db041b26df7a059662b24ce634af2a0df35ebfd8ebe3ad3e6e7e5153c05879c366

Download Submit
C:\Windows\System32\gXYEPNM.exe

Filesize
1.3MB

MD5
12a10097707e09d9a8388e59c8ef2ae1

SHA1
7e7490c2785173db285efd76ea9da45ea4b4bf79

SHA256
efd54cd477603518753c314a1edf4de6844c160f2eea1c2817c459e3ff9aea38

SHA512
7aad29ac18f5f13511f1538ad648bb8490a84324e00abba08e1ed1a94835461b0775df7b88d806ad45054c6e6db3ddb80dc13158e569e5b2c3ccc753011ae34f

Download Submit
C:\Windows\System32\glSgkkl.exe

Filesize
1.3MB

MD5
dd4fb32f3c41e8a992338adba85d25b0

SHA1
fdca52c88ba3f5d50fd240ea0c63f8607129a830

SHA256
a554e748be9ec6dda1da260a5805bca589198549299da9db5abf80c861e69238

SHA512
b87d30edd1cd3bf9c9241a6f6a3b0ee46396674e04dd9cea0ecf158b82c6dafda5b5840f9069efec9881af7589c22e4cc4a02c8cff751841af88f26e6893986f

Download Submit
C:\Windows\System32\kYdDgfV.exe

Filesize
1.3MB

MD5
e6e1d6f47ac6ef3ae3e74f6b60c8e0bc

SHA1
12d084ec308d94e5111f4a360f9e4d693d9084ef

SHA256
fb04c274aa689bdf43377deaffec36883d8b1f2fef89d3ddb8316717dbc01e95

SHA512
26e0a5fbf2ce4451a86f125e61f381f2b3ffcc9cb6c07839368be06eaefa9f3edc1293b6b831ae2a0662119140a7577ef727bc49371649621d2aa31e2964e0af

Download Submit
C:\Windows\System32\lkcukBP.exe

Filesize
1.3MB

MD5
9a1947e51d795f5fa45bafcfe221c83e

SHA1
680cc5f6293d03f8c1463ad0a49a8598bf8a8e3e

SHA256
2bfd130931f53467e8ce4bada048086fd8624ab3e3573e43a89eaa9aae0c5197

SHA512
4b2f1c82e671b8f84237eada7373ac2aeb2721abe81d673c1d9c1091aa9f9913052473ae7771e891136e884356dfd48302fc638e303b4a29a92808feb15ba005

Download Submit
C:\Windows\System32\mOqXwxc.exe

Filesize
1.3MB

MD5
d734f9d16379cb38b4f6713dd05c5070

SHA1
8967f36f0b6db669ef2e92c2f2e62cde66c8b950

SHA256
7ad53d200e2cc771acc4e4da58ff7ddcf94c617419f5156f74a04dd0e84d35e7

SHA512
dc4517c07111b00905f7a1989c0fbb5280acac31bd68b3bd938873583dba93b84788bb4f06d87a27e0d8de768121e3d3bcd5fabb9e7d8f554123d17731de563c

Download Submit
C:\Windows\System32\oBneZKS.exe

Filesize
1.3MB

MD5
e13745f69660c307e2264955ec0bd9c1

SHA1
78d20d13ad2088c7b2a89106a13d58b4d57100c0

SHA256
1dd0ee66c2bc6dca43dd87c329b2eade7923b986744ee499f2d44230e3092066

SHA512
0f1012d7b91a35265df42182ae4ec5db47235748188aa48b2a5914f1e19df10f47e7874db2149e392e2be7b3fba0e303209cd3b9ada910f094659531257e999c

Download Submit
C:\Windows\System32\paJCsgD.exe

Filesize
1.3MB

MD5
d14f895eabf3c61d14ac7e23995a5bee

SHA1
678e567da2368f4a9cbd59a019b95f0c789228cc

SHA256
aea2827466254540092372f9349464a7dca7623a90481eeac00fb58021cab747

SHA512
1463e4e674e0d476b995bce67e802f4def278fc142c136b86dc70870dfdbc4fc5dfaee0ea0ed4daf5944d4096cd378185dbac32f45b7a54149d7da0346705eff

Download Submit
C:\Windows\System32\qzDJQXH.exe

Filesize
1.3MB

MD5
06cfb56bb0155c7a066e5fdf462b401c

SHA1
e0dd68b000a3123c320cb8acb0966ecc16045cc6

SHA256
fcbed64e56ef6b9218cd24274b8cee95202bbefda098d8e84b94bfbf8e3cbff4

SHA512
ed6019717ee1138f564120d7c88ab4086e8815a1960637c8dd8e5e179a90ecee3bc800314df46c3379deaae2aeb1a3aa512c1cd5b1fe96b028a414f87f8ba3ce

Download Submit
C:\Windows\System32\saAkRTx.exe

Filesize
1.3MB

MD5
65910eaf791b60a79cbccee093e5ffcf

SHA1
3558a60e2d0c6408f7c97f5f1bc0dc05e46c5160

SHA256
467acf661e8734483fb01e06552acebadaf6d037e85be6f18f1768149cdf9f64

SHA512
778dad40a0e663e34b52235f9275c7b1170e43f75f1f2b40fde29656ced6b85cc0532905766267197c711195a96dfd994197fbaf2fc975b99517be5b77c1ee55

Download Submit
C:\Windows\System32\ssPrNvQ.exe

Filesize
1.3MB

MD5
bda244e06fe4b5e87d98b961ebbb0ee1

SHA1
d76f0dfaa1d5d5d3fe9828030b93261ee19848b2

SHA256
b1555ef4002597cdd1ef733f0bf7098a385fe260700bd3e7d1c477dcb9b51229

SHA512
48bcb66a001ae971666e7158db78e2695aa6ccfe9e60e84de9e1be75d92d16f411c392c9b9a953a2a048ea30bc521d6dfc2916eda6872e044207e8c95352f59e

Download Submit
C:\Windows\System32\twgLLLo.exe

Filesize
1.3MB

MD5
baeed6c81dc8f3369aed1364051a0714

SHA1
cc6b57db6360bf8abef73c5695ef963ccdd2749c

SHA256
4912c21432a7440e8b06b797b123e482b31a4718aac1893705c5fcaa8219a685

SHA512
4b2405e01af2e4589dac61a837d541c35d14016dde67f12dd35decb9a5a9cfbd8aa5382b224b2c693a81085cfd5efd7a39700d90d0fc263489a7f133361163b3

Download Submit
C:\Windows\System32\zKqpTYA.exe

Filesize
1.3MB

MD5
7a73db93677430ac032a6d377a69c1cd

SHA1
4cb30f03680cd90929beb3929f205e33dd063fb9

SHA256
86d016632ada9e7068070a2fc81da0c1390bcde11e91dfda85fa86c61a96e62d

SHA512
11bf05a929b2fc7b4bdcaca76418f8553e1385a2caa1d459657dbb368225045335175cad7e95dfe53ffd7b9c91ff61cbbd3e1f17ea1a87895fed87e24aebb4da

Download Submit
C:\Windows\System32\zYgGjHb.exe

Filesize
1.3MB

MD5
e05cd951e3b2d6b0b2f4779a2d09ac19

SHA1
1a6d2b31bb0fdc2727f4a348242ee079567682e4

SHA256
208a63bfb9f8296f86e83d08b78b5b5e1293fa0bb268545830268ab8c2dec929

SHA512
539b049aebee6bb6ebb359d0990311e581072fdbfe7b95f1b8e0624512b3c8c80e43f00332220eb493c837e2c511f2026700a5eedeb7ceab0fe7ac720b731e35

Download Submit
memory/536-2023-0x00007FF705240000-0x00007FF705631000-memory.dmp

Filesize
3.9MB

Download
memory/536-27-0x00007FF705240000-0x00007FF705631000-memory.dmp

Filesize
3.9MB

Download
memory/1064-452-0x00007FF75A400000-0x00007FF75A7F1000-memory.dmp

Filesize
3.9MB

Download
memory/1064-2053-0x00007FF75A400000-0x00007FF75A7F1000-memory.dmp

Filesize
3.9MB

Download
memory/1412-2025-0x00007FF6EF4B0000-0x00007FF6EF8A1000-memory.dmp

Filesize
3.9MB

Download
memory/1412-44-0x00007FF6EF4B0000-0x00007FF6EF8A1000-memory.dmp

Filesize
3.9MB

Download
memory/1664-419-0x00007FF7EEF30000-0x00007FF7EF321000-memory.dmp

Filesize
3.9MB

Download
memory/1664-2047-0x00007FF7EEF30000-0x00007FF7EF321000-memory.dmp

Filesize
3.9MB

Download
memory/1960-468-0x00007FF747A30000-0x00007FF747E21000-memory.dmp

Filesize
3.9MB

Download
memory/1960-2069-0x00007FF747A30000-0x00007FF747E21000-memory.dmp

Filesize
3.9MB

Download
memory/2124-478-0x00007FF797C80000-0x00007FF798071000-memory.dmp

Filesize
3.9MB

Download
memory/2124-2065-0x00007FF797C80000-0x00007FF798071000-memory.dmp

Filesize
3.9MB

Download
memory/2336-484-0x00007FF61BB40000-0x00007FF61BF31000-memory.dmp

Filesize
3.9MB

Download
memory/2336-2031-0x00007FF61BB40000-0x00007FF61BF31000-memory.dmp

Filesize
3.9MB

Download
memory/2392-2067-0x00007FF74D800000-0x00007FF74DBF1000-memory.dmp

Filesize
3.9MB

Download
memory/2392-482-0x00007FF74D800000-0x00007FF74DBF1000-memory.dmp

Filesize
3.9MB

Download
memory/2424-2037-0x00007FF764A50000-0x00007FF764E41000-memory.dmp

Filesize
3.9MB

Download
memory/2424-485-0x00007FF764A50000-0x00007FF764E41000-memory.dmp

Filesize
3.9MB

Download
memory/2484-381-0x00007FF75C410000-0x00007FF75C801000-memory.dmp

Filesize
3.9MB

Download
memory/2484-2027-0x00007FF75C410000-0x00007FF75C801000-memory.dmp

Filesize
3.9MB

Download
memory/2612-2039-0x00007FF60F160000-0x00007FF60F551000-memory.dmp

Filesize
3.9MB

Download
memory/2612-491-0x00007FF60F160000-0x00007FF60F551000-memory.dmp

Filesize
3.9MB

Download
memory/2656-393-0x00007FF753B10000-0x00007FF753F01000-memory.dmp

Filesize
3.9MB

Download
memory/2656-2033-0x00007FF753B10000-0x00007FF753F01000-memory.dmp

Filesize
3.9MB

Download
memory/2680-0-0x00007FF779B90000-0x00007FF779F81000-memory.dmp

Filesize
3.9MB

Download
memory/2680-1-0x0000021E19D90000-0x0000021E19DA0000-memory.dmp

Filesize
64KB

Download
memory/3008-8-0x00007FF606530000-0x00007FF606921000-memory.dmp

Filesize
3.9MB

Download
memory/3008-2005-0x00007FF606530000-0x00007FF606921000-memory.dmp

Filesize
3.9MB

Download
memory/3008-2021-0x00007FF606530000-0x00007FF606921000-memory.dmp

Filesize
3.9MB

Download
memory/3176-2051-0x00007FF6B6740000-0x00007FF6B6B31000-memory.dmp

Filesize
3.9MB

Download
memory/3176-466-0x00007FF6B6740000-0x00007FF6B6B31000-memory.dmp

Filesize
3.9MB

Download
memory/3240-415-0x00007FF6F20C0000-0x00007FF6F24B1000-memory.dmp

Filesize
3.9MB

Download
memory/3240-2043-0x00007FF6F20C0000-0x00007FF6F24B1000-memory.dmp

Filesize
3.9MB

Download
memory/3292-409-0x00007FF787ED0000-0x00007FF7882C1000-memory.dmp

Filesize
3.9MB

Download
memory/3292-2049-0x00007FF787ED0000-0x00007FF7882C1000-memory.dmp

Filesize
3.9MB

Download
memory/3336-2059-0x00007FF71C760000-0x00007FF71CB51000-memory.dmp

Filesize
3.9MB

Download
memory/3336-433-0x00007FF71C760000-0x00007FF71CB51000-memory.dmp

Filesize
3.9MB

Download
memory/3760-2045-0x00007FF626880000-0x00007FF626C71000-memory.dmp

Filesize
3.9MB

Download
memory/3760-422-0x00007FF626880000-0x00007FF626C71000-memory.dmp

Filesize
3.9MB

Download
memory/3864-2029-0x00007FF69F070000-0x00007FF69F461000-memory.dmp

Filesize
3.9MB

Download
memory/3864-54-0x00007FF69F070000-0x00007FF69F461000-memory.dmp

Filesize
3.9MB

Download
memory/3944-2057-0x00007FF6B6C30000-0x00007FF6B7021000-memory.dmp

Filesize
3.9MB

Download
memory/3944-440-0x00007FF6B6C30000-0x00007FF6B7021000-memory.dmp

Filesize
3.9MB

Download
memory/3996-2055-0x00007FF6B43F0000-0x00007FF6B47E1000-memory.dmp

Filesize
3.9MB

Download
memory/3996-442-0x00007FF6B43F0000-0x00007FF6B47E1000-memory.dmp

Filesize
3.9MB

Download
memory/4220-382-0x00007FF7FF880000-0x00007FF7FFC71000-memory.dmp

Filesize
3.9MB

Download
memory/4220-2035-0x00007FF7FF880000-0x00007FF7FFC71000-memory.dmp

Filesize
3.9MB

Download
memory/4360-2071-0x00007FF73D860000-0x00007FF73DC51000-memory.dmp

Filesize
3.9MB

Download
memory/4360-427-0x00007FF73D860000-0x00007FF73DC51000-memory.dmp

Filesize
3.9MB

Download
memory/4956-398-0x00007FF7467B0000-0x00007FF746BA1000-memory.dmp

Filesize
3.9MB

Download
memory/4956-2041-0x00007FF7467B0000-0x00007FF746BA1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads