xmrig | 2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2024, 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
Size

1.1MB
MD5

8e0adcfd6d38aa93c32071def699376d
SHA1

66c97541cfd958c277625e42d138f63e42a2e0f3
SHA256

2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661
SHA512

94ddc5b6d3fa2b8f528e7f8efb63ffa8797abf115d4a2686a21979d3b5403632c811d7f8569fd63d86639799961506e86d03a562954ca703e69299ac7712ab9f
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTF8pQ9mv:knw9oUUEEDl37jcmWH/omv

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/1824-320-0x00007FF6200D0000-0x00007FF6204C1000-memory.dmp	xmrig
behavioral2/memory/4256-321-0x00007FF67AA70000-0x00007FF67AE61000-memory.dmp	xmrig
behavioral2/memory/2780-322-0x00007FF611410000-0x00007FF611801000-memory.dmp	xmrig
behavioral2/memory/648-29-0x00007FF75DB90000-0x00007FF75DF81000-memory.dmp	xmrig
behavioral2/memory/956-323-0x00007FF6A6C70000-0x00007FF6A7061000-memory.dmp	xmrig
behavioral2/memory/4548-324-0x00007FF7688C0000-0x00007FF768CB1000-memory.dmp	xmrig
behavioral2/memory/3100-326-0x00007FF7E9C30000-0x00007FF7EA021000-memory.dmp	xmrig
behavioral2/memory/4420-327-0x00007FF6F9320000-0x00007FF6F9711000-memory.dmp	xmrig
behavioral2/memory/2676-342-0x00007FF755750000-0x00007FF755B41000-memory.dmp	xmrig
behavioral2/memory/2924-345-0x00007FF6A90A0000-0x00007FF6A9491000-memory.dmp	xmrig
behavioral2/memory/1960-349-0x00007FF6CD920000-0x00007FF6CDD11000-memory.dmp	xmrig
behavioral2/memory/1360-352-0x00007FF789360000-0x00007FF789751000-memory.dmp	xmrig
behavioral2/memory/4904-338-0x00007FF756E30000-0x00007FF757221000-memory.dmp	xmrig
behavioral2/memory/2432-331-0x00007FF796DD0000-0x00007FF7971C1000-memory.dmp	xmrig
behavioral2/memory/3372-366-0x00007FF7413B0000-0x00007FF7417A1000-memory.dmp	xmrig
behavioral2/memory/436-361-0x00007FF62A080000-0x00007FF62A471000-memory.dmp	xmrig
behavioral2/memory/3748-358-0x00007FF794C20000-0x00007FF795011000-memory.dmp	xmrig
behavioral2/memory/3644-329-0x00007FF70D880000-0x00007FF70DC71000-memory.dmp	xmrig
behavioral2/memory/4048-325-0x00007FF7F89C0000-0x00007FF7F8DB1000-memory.dmp	xmrig
behavioral2/memory/1660-1988-0x00007FF77FAD0000-0x00007FF77FEC1000-memory.dmp	xmrig
behavioral2/memory/1572-1990-0x00007FF7A0E40000-0x00007FF7A1231000-memory.dmp	xmrig
behavioral2/memory/4952-1991-0x00007FF62FB90000-0x00007FF62FF81000-memory.dmp	xmrig
behavioral2/memory/4872-1989-0x00007FF6CC190000-0x00007FF6CC581000-memory.dmp	xmrig
behavioral2/memory/1532-2016-0x00007FF6582B0000-0x00007FF6586A1000-memory.dmp	xmrig
behavioral2/memory/648-2054-0x00007FF75DB90000-0x00007FF75DF81000-memory.dmp	xmrig
behavioral2/memory/4872-2052-0x00007FF6CC190000-0x00007FF6CC581000-memory.dmp	xmrig
behavioral2/memory/4952-2056-0x00007FF62FB90000-0x00007FF62FF81000-memory.dmp	xmrig
behavioral2/memory/1572-2050-0x00007FF7A0E40000-0x00007FF7A1231000-memory.dmp	xmrig
behavioral2/memory/1660-2048-0x00007FF77FAD0000-0x00007FF77FEC1000-memory.dmp	xmrig
behavioral2/memory/2432-2064-0x00007FF796DD0000-0x00007FF7971C1000-memory.dmp	xmrig
behavioral2/memory/4904-2082-0x00007FF756E30000-0x00007FF757221000-memory.dmp	xmrig
behavioral2/memory/436-2096-0x00007FF62A080000-0x00007FF62A471000-memory.dmp	xmrig
behavioral2/memory/3748-2092-0x00007FF794C20000-0x00007FF795011000-memory.dmp	xmrig
behavioral2/memory/1360-2090-0x00007FF789360000-0x00007FF789751000-memory.dmp	xmrig
behavioral2/memory/2676-2084-0x00007FF755750000-0x00007FF755B41000-memory.dmp	xmrig
behavioral2/memory/1960-2088-0x00007FF6CD920000-0x00007FF6CDD11000-memory.dmp	xmrig
behavioral2/memory/2924-2086-0x00007FF6A90A0000-0x00007FF6A9491000-memory.dmp	xmrig
behavioral2/memory/4420-2080-0x00007FF6F9320000-0x00007FF6F9711000-memory.dmp	xmrig
behavioral2/memory/4256-2076-0x00007FF67AA70000-0x00007FF67AE61000-memory.dmp	xmrig
behavioral2/memory/2780-2074-0x00007FF611410000-0x00007FF611801000-memory.dmp	xmrig
behavioral2/memory/4048-2072-0x00007FF7F89C0000-0x00007FF7F8DB1000-memory.dmp	xmrig
behavioral2/memory/4548-2070-0x00007FF7688C0000-0x00007FF768CB1000-memory.dmp	xmrig
behavioral2/memory/3100-2068-0x00007FF7E9C30000-0x00007FF7EA021000-memory.dmp	xmrig
behavioral2/memory/3644-2066-0x00007FF70D880000-0x00007FF70DC71000-memory.dmp	xmrig
behavioral2/memory/1824-2062-0x00007FF6200D0000-0x00007FF6204C1000-memory.dmp	xmrig
behavioral2/memory/3372-2078-0x00007FF7413B0000-0x00007FF7417A1000-memory.dmp	xmrig
behavioral2/memory/956-2060-0x00007FF6A6C70000-0x00007FF6A7061000-memory.dmp	xmrig
behavioral2/memory/1532-2058-0x00007FF6582B0000-0x00007FF6586A1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1660	DJfzJRG.exe
4872	vjpJdSB.exe
1572	YcmrRUC.exe
648	VXmeknx.exe
4952	XRwgyWx.exe
1532	rhsqNqP.exe
3372	lLxePcx.exe
1824	RVtahTZ.exe
4256	MLWMqHr.exe
2780	ldwHuXt.exe
956	zPiCwFn.exe
4548	JDKNHmt.exe
4048	mWjASiZ.exe
3100	XqYwBcK.exe
4420	RmbXnUM.exe
3644	lsQxlHe.exe
2432	AknxTEp.exe
4904	icGMobJ.exe
2676	iuSpBIm.exe
2924	kByWaKH.exe
1960	bhWCLWb.exe
1360	jeXEKxy.exe
3748	vIbouLA.exe
436	XilyCqz.exe
3008	tiqJxjh.exe
2124	gfXHggQ.exe
4644	ZPUJzzL.exe
1680	hMKSlUN.exe
5036	qrLqrrD.exe
3220	sTZrxJL.exe
3112	IBfDIOH.exe
4968	bWmnQkw.exe
2616	xevtMnI.exe
3828	jATWbQz.exe
3920	ioAzkXu.exe
2268	mmfBSRf.exe
516	zEdfRTN.exe
5080	qJGBNgc.exe
1684	vsBhkGo.exe
2480	Byowwsw.exe
3116	ZnmjumD.exe
3756	RovhAEm.exe
1384	bWNnPoE.exe
2816	mrZJeNQ.exe
392	yRTQZoM.exe
2060	kVhqKpE.exe
4544	dgYxjue.exe
3404	MBpJpxL.exe
3880	NChzwcO.exe
532	zMKdeeI.exe
1952	XCkZpZb.exe
4180	UWlhHhM.exe
3572	xNZafme.exe
2584	AGGuMXa.exe
3104	kQJNJyy.exe
4512	hKWPRkK.exe
1492	vrBYhKK.exe
4880	EGsSdXY.exe
4220	MBZeZJX.exe
3252	WdSGEiZ.exe
4308	gVyCCWv.exe
1876	QKojLxc.exe
2380	CIqcKrR.exe
2996	WAtMJCJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1332-0-0x00007FF73C6E0000-0x00007FF73CAD1000-memory.dmp	upx
behavioral2/files/0x0009000000023447-5.dat	upx
behavioral2/files/0x00070000000234a6-13.dat	upx
behavioral2/files/0x00080000000234a1-18.dat	upx
behavioral2/files/0x00070000000234a7-23.dat	upx
behavioral2/files/0x00070000000234a8-28.dat	upx
behavioral2/files/0x00070000000234a9-32.dat	upx
behavioral2/memory/4952-35-0x00007FF62FB90000-0x00007FF62FF81000-memory.dmp	upx
behavioral2/files/0x00070000000234aa-38.dat	upx
behavioral2/files/0x00070000000234ab-42.dat	upx
behavioral2/files/0x00070000000234ad-52.dat	upx
behavioral2/files/0x00070000000234ae-64.dat	upx
behavioral2/files/0x00080000000234b1-79.dat	upx
behavioral2/files/0x00070000000234b3-83.dat	upx
behavioral2/files/0x00070000000234bb-126.dat	upx
behavioral2/files/0x00070000000234c0-151.dat	upx
behavioral2/memory/1532-319-0x00007FF6582B0000-0x00007FF6586A1000-memory.dmp	upx
behavioral2/memory/1824-320-0x00007FF6200D0000-0x00007FF6204C1000-memory.dmp	upx
behavioral2/memory/4256-321-0x00007FF67AA70000-0x00007FF67AE61000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-167.dat	upx
behavioral2/files/0x00070000000234c3-163.dat	upx
behavioral2/memory/2780-322-0x00007FF611410000-0x00007FF611801000-memory.dmp	upx
behavioral2/files/0x00070000000234c2-162.dat	upx
behavioral2/files/0x00070000000234c1-159.dat	upx
behavioral2/files/0x00070000000234bf-149.dat	upx
behavioral2/files/0x00070000000234be-141.dat	upx
behavioral2/files/0x00070000000234bd-136.dat	upx
behavioral2/files/0x00070000000234bc-134.dat	upx
behavioral2/files/0x00070000000234ba-124.dat	upx
behavioral2/files/0x00070000000234b9-119.dat	upx
behavioral2/files/0x00070000000234b8-114.dat	upx
behavioral2/files/0x00070000000234b7-109.dat	upx
behavioral2/files/0x00070000000234b6-104.dat	upx
behavioral2/files/0x00070000000234b5-96.dat	upx
behavioral2/files/0x00070000000234b4-91.dat	upx
behavioral2/files/0x00070000000234b2-81.dat	upx
behavioral2/files/0x00070000000234b0-74.dat	upx
behavioral2/files/0x00070000000234af-69.dat	upx
behavioral2/files/0x00070000000234ac-54.dat	upx
behavioral2/memory/648-29-0x00007FF75DB90000-0x00007FF75DF81000-memory.dmp	upx
behavioral2/memory/1572-17-0x00007FF7A0E40000-0x00007FF7A1231000-memory.dmp	upx
behavioral2/memory/4872-15-0x00007FF6CC190000-0x00007FF6CC581000-memory.dmp	upx
behavioral2/memory/1660-8-0x00007FF77FAD0000-0x00007FF77FEC1000-memory.dmp	upx
behavioral2/memory/956-323-0x00007FF6A6C70000-0x00007FF6A7061000-memory.dmp	upx
behavioral2/memory/4548-324-0x00007FF7688C0000-0x00007FF768CB1000-memory.dmp	upx
behavioral2/memory/3100-326-0x00007FF7E9C30000-0x00007FF7EA021000-memory.dmp	upx
behavioral2/memory/4420-327-0x00007FF6F9320000-0x00007FF6F9711000-memory.dmp	upx
behavioral2/memory/2676-342-0x00007FF755750000-0x00007FF755B41000-memory.dmp	upx
behavioral2/memory/2924-345-0x00007FF6A90A0000-0x00007FF6A9491000-memory.dmp	upx
behavioral2/memory/1960-349-0x00007FF6CD920000-0x00007FF6CDD11000-memory.dmp	upx
behavioral2/memory/1360-352-0x00007FF789360000-0x00007FF789751000-memory.dmp	upx
behavioral2/memory/4904-338-0x00007FF756E30000-0x00007FF757221000-memory.dmp	upx
behavioral2/memory/2432-331-0x00007FF796DD0000-0x00007FF7971C1000-memory.dmp	upx
behavioral2/memory/3372-366-0x00007FF7413B0000-0x00007FF7417A1000-memory.dmp	upx
behavioral2/memory/436-361-0x00007FF62A080000-0x00007FF62A471000-memory.dmp	upx
behavioral2/memory/3748-358-0x00007FF794C20000-0x00007FF795011000-memory.dmp	upx
behavioral2/memory/3644-329-0x00007FF70D880000-0x00007FF70DC71000-memory.dmp	upx
behavioral2/memory/4048-325-0x00007FF7F89C0000-0x00007FF7F8DB1000-memory.dmp	upx
behavioral2/memory/1660-1988-0x00007FF77FAD0000-0x00007FF77FEC1000-memory.dmp	upx
behavioral2/memory/1572-1990-0x00007FF7A0E40000-0x00007FF7A1231000-memory.dmp	upx
behavioral2/memory/4952-1991-0x00007FF62FB90000-0x00007FF62FF81000-memory.dmp	upx
behavioral2/memory/4872-1989-0x00007FF6CC190000-0x00007FF6CC581000-memory.dmp	upx
behavioral2/memory/1532-2016-0x00007FF6582B0000-0x00007FF6586A1000-memory.dmp	upx
behavioral2/memory/648-2054-0x00007FF75DB90000-0x00007FF75DF81000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\mFHAOmH.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\rzfIapx.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\XJoTFev.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\VgtKbvi.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\XGFuCvb.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\MtefnBm.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\MToQWHL.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\XqYwBcK.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\MIyHyLS.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\qZmsQfH.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\AAOzjZs.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\qkLwpiA.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\Chmrqzc.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\bsrLjyK.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\WdSGEiZ.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\tNVnzVM.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\kMLSvnI.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\jKzvova.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\aQAIbZR.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\gdIATDW.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\fCTMDST.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\OJRIdhA.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\bWmnQkw.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\aLoACrE.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\ZSITHet.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\GLBlkci.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\cGKahql.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\jclrFcw.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\dMVtQjB.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\kWLOeqw.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\BPfeDQO.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\HBDFWfx.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\RBqvYeT.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\clXqDOw.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\cRVRpjF.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\cwCNbnL.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\ixFlzcD.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\aajlLBF.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\xUMLbiZ.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\fDOMFnr.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\GFjPVvQ.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\ocwnBFG.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\pqHqoSZ.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\nmBiGLf.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\nHCbBOf.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\PWFvSWA.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\NsmVVNY.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\JFkzKHt.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\qrZGaZB.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\eDkVBvX.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\FvYvKLJ.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\MiKCQJn.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\uXGBWlN.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\ANMtQPv.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\TjaqElX.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\tdKhGRB.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\ViMPWFZ.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\bkmnssm.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\vjpJdSB.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\opwSMpf.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\sjCGDwN.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\QwCwLiT.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\gqRBRPH.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
File created	C:\Windows\System32\ePOrsMJ.exe	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12656	dwm.exe
Token: SeChangeNotifyPrivilege	12656	dwm.exe
Token: 33	12656	dwm.exe
Token: SeIncBasePriorityPrivilege	12656	dwm.exe
Token: SeCreateGlobalPrivilege	13196	dwm.exe
Token: SeChangeNotifyPrivilege	13196	dwm.exe
Token: 33	13196	dwm.exe
Token: SeIncBasePriorityPrivilege	13196	dwm.exe
Token: SeShutdownPrivilege	13196	dwm.exe
Token: SeCreatePagefilePrivilege	13196	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1660	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	84
PID 1332 wrote to memory of 1660	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	84
PID 1332 wrote to memory of 4872	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	85
PID 1332 wrote to memory of 4872	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	85
PID 1332 wrote to memory of 1572	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	86
PID 1332 wrote to memory of 1572	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	86
PID 1332 wrote to memory of 648	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	87
PID 1332 wrote to memory of 648	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	87
PID 1332 wrote to memory of 4952	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	88
PID 1332 wrote to memory of 4952	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	88
PID 1332 wrote to memory of 1532	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	89
PID 1332 wrote to memory of 1532	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	89
PID 1332 wrote to memory of 3372	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	90
PID 1332 wrote to memory of 3372	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	90
PID 1332 wrote to memory of 1824	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	91
PID 1332 wrote to memory of 1824	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	91
PID 1332 wrote to memory of 4256	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	92
PID 1332 wrote to memory of 4256	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	92
PID 1332 wrote to memory of 2780	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	93
PID 1332 wrote to memory of 2780	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	93
PID 1332 wrote to memory of 956	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	94
PID 1332 wrote to memory of 956	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	94
PID 1332 wrote to memory of 4548	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	95
PID 1332 wrote to memory of 4548	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	95
PID 1332 wrote to memory of 4048	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	96
PID 1332 wrote to memory of 4048	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	96
PID 1332 wrote to memory of 3100	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	97
PID 1332 wrote to memory of 3100	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	97
PID 1332 wrote to memory of 4420	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	98
PID 1332 wrote to memory of 4420	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	98
PID 1332 wrote to memory of 3644	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	99
PID 1332 wrote to memory of 3644	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	99
PID 1332 wrote to memory of 2432	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	100
PID 1332 wrote to memory of 2432	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	100
PID 1332 wrote to memory of 4904	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	101
PID 1332 wrote to memory of 4904	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	101
PID 1332 wrote to memory of 2676	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	102
PID 1332 wrote to memory of 2676	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	102
PID 1332 wrote to memory of 2924	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	103
PID 1332 wrote to memory of 2924	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	103
PID 1332 wrote to memory of 1960	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	104
PID 1332 wrote to memory of 1960	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	104
PID 1332 wrote to memory of 1360	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	105
PID 1332 wrote to memory of 1360	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	105
PID 1332 wrote to memory of 3748	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	106
PID 1332 wrote to memory of 3748	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	106
PID 1332 wrote to memory of 436	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	107
PID 1332 wrote to memory of 436	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	107
PID 1332 wrote to memory of 3008	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	108
PID 1332 wrote to memory of 3008	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	108
PID 1332 wrote to memory of 2124	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	109
PID 1332 wrote to memory of 2124	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	109
PID 1332 wrote to memory of 4644	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	110
PID 1332 wrote to memory of 4644	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	110
PID 1332 wrote to memory of 1680	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	111
PID 1332 wrote to memory of 1680	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	111
PID 1332 wrote to memory of 5036	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	112
PID 1332 wrote to memory of 5036	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	112
PID 1332 wrote to memory of 3220	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	113
PID 1332 wrote to memory of 3220	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	113
PID 1332 wrote to memory of 3112	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	114
PID 1332 wrote to memory of 3112	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	114
PID 1332 wrote to memory of 4968	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	115
PID 1332 wrote to memory of 4968	1332	2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe	115

C:\Users\Admin\AppData\Local\Temp\2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe
"C:\Users\Admin\AppData\Local\Temp\2668ce0685baf2c099776e09991ca0ba51336a05b80a7a75913bc5261f9a2661.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\System32\DJfzJRG.exe
  C:\Windows\System32\DJfzJRG.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System32\vjpJdSB.exe
  C:\Windows\System32\vjpJdSB.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\YcmrRUC.exe
  C:\Windows\System32\YcmrRUC.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System32\VXmeknx.exe
  C:\Windows\System32\VXmeknx.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System32\XRwgyWx.exe
  C:\Windows\System32\XRwgyWx.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\rhsqNqP.exe
  C:\Windows\System32\rhsqNqP.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System32\lLxePcx.exe
  C:\Windows\System32\lLxePcx.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System32\RVtahTZ.exe
  C:\Windows\System32\RVtahTZ.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System32\MLWMqHr.exe
  C:\Windows\System32\MLWMqHr.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System32\ldwHuXt.exe
  C:\Windows\System32\ldwHuXt.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System32\zPiCwFn.exe
  C:\Windows\System32\zPiCwFn.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System32\JDKNHmt.exe
  C:\Windows\System32\JDKNHmt.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System32\mWjASiZ.exe
  C:\Windows\System32\mWjASiZ.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System32\XqYwBcK.exe
  C:\Windows\System32\XqYwBcK.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System32\RmbXnUM.exe
  C:\Windows\System32\RmbXnUM.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System32\lsQxlHe.exe
  C:\Windows\System32\lsQxlHe.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System32\AknxTEp.exe
  C:\Windows\System32\AknxTEp.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System32\icGMobJ.exe
  C:\Windows\System32\icGMobJ.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System32\iuSpBIm.exe
  C:\Windows\System32\iuSpBIm.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System32\kByWaKH.exe
  C:\Windows\System32\kByWaKH.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System32\bhWCLWb.exe
  C:\Windows\System32\bhWCLWb.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System32\jeXEKxy.exe
  C:\Windows\System32\jeXEKxy.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System32\vIbouLA.exe
  C:\Windows\System32\vIbouLA.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System32\XilyCqz.exe
  C:\Windows\System32\XilyCqz.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System32\tiqJxjh.exe
  C:\Windows\System32\tiqJxjh.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System32\gfXHggQ.exe
  C:\Windows\System32\gfXHggQ.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System32\ZPUJzzL.exe
  C:\Windows\System32\ZPUJzzL.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System32\hMKSlUN.exe
  C:\Windows\System32\hMKSlUN.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System32\qrLqrrD.exe
  C:\Windows\System32\qrLqrrD.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System32\sTZrxJL.exe
  C:\Windows\System32\sTZrxJL.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System32\IBfDIOH.exe
  C:\Windows\System32\IBfDIOH.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System32\bWmnQkw.exe
  C:\Windows\System32\bWmnQkw.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System32\xevtMnI.exe
  C:\Windows\System32\xevtMnI.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System32\jATWbQz.exe
  C:\Windows\System32\jATWbQz.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System32\ioAzkXu.exe
  C:\Windows\System32\ioAzkXu.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System32\mmfBSRf.exe
  C:\Windows\System32\mmfBSRf.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System32\zEdfRTN.exe
  C:\Windows\System32\zEdfRTN.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System32\qJGBNgc.exe
  C:\Windows\System32\qJGBNgc.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System32\vsBhkGo.exe
  C:\Windows\System32\vsBhkGo.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System32\Byowwsw.exe
  C:\Windows\System32\Byowwsw.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System32\ZnmjumD.exe
  C:\Windows\System32\ZnmjumD.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System32\RovhAEm.exe
  C:\Windows\System32\RovhAEm.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System32\bWNnPoE.exe
  C:\Windows\System32\bWNnPoE.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System32\mrZJeNQ.exe
  C:\Windows\System32\mrZJeNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System32\yRTQZoM.exe
  C:\Windows\System32\yRTQZoM.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System32\kVhqKpE.exe
  C:\Windows\System32\kVhqKpE.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System32\dgYxjue.exe
  C:\Windows\System32\dgYxjue.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System32\MBpJpxL.exe
  C:\Windows\System32\MBpJpxL.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System32\NChzwcO.exe
  C:\Windows\System32\NChzwcO.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System32\zMKdeeI.exe
  C:\Windows\System32\zMKdeeI.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System32\XCkZpZb.exe
  C:\Windows\System32\XCkZpZb.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System32\UWlhHhM.exe
  C:\Windows\System32\UWlhHhM.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System32\xNZafme.exe
  C:\Windows\System32\xNZafme.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System32\AGGuMXa.exe
  C:\Windows\System32\AGGuMXa.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System32\kQJNJyy.exe
  C:\Windows\System32\kQJNJyy.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System32\hKWPRkK.exe
  C:\Windows\System32\hKWPRkK.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System32\vrBYhKK.exe
  C:\Windows\System32\vrBYhKK.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System32\EGsSdXY.exe
  C:\Windows\System32\EGsSdXY.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System32\MBZeZJX.exe
  C:\Windows\System32\MBZeZJX.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System32\WdSGEiZ.exe
  C:\Windows\System32\WdSGEiZ.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System32\gVyCCWv.exe
  C:\Windows\System32\gVyCCWv.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System32\QKojLxc.exe
  C:\Windows\System32\QKojLxc.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System32\CIqcKrR.exe
  C:\Windows\System32\CIqcKrR.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System32\WAtMJCJ.exe
  C:\Windows\System32\WAtMJCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System32\RqfKQTQ.exe
  C:\Windows\System32\RqfKQTQ.exe
  2⤵
  PID:3604
- C:\Windows\System32\KcyMHFL.exe
  C:\Windows\System32\KcyMHFL.exe
  2⤵
  PID:4800
- C:\Windows\System32\tWNktNb.exe
  C:\Windows\System32\tWNktNb.exe
  2⤵
  PID:1136
- C:\Windows\System32\IroggXT.exe
  C:\Windows\System32\IroggXT.exe
  2⤵
  PID:4112
- C:\Windows\System32\CNPFzWg.exe
  C:\Windows\System32\CNPFzWg.exe
  2⤵
  PID:1340
- C:\Windows\System32\aekoqaT.exe
  C:\Windows\System32\aekoqaT.exe
  2⤵
  PID:2440
- C:\Windows\System32\DfMrIvn.exe
  C:\Windows\System32\DfMrIvn.exe
  2⤵
  PID:4016
- C:\Windows\System32\EUYsAKX.exe
  C:\Windows\System32\EUYsAKX.exe
  2⤵
  PID:4264
- C:\Windows\System32\pWmzzmf.exe
  C:\Windows\System32\pWmzzmf.exe
  2⤵
  PID:1636
- C:\Windows\System32\uXGBWlN.exe
  C:\Windows\System32\uXGBWlN.exe
  2⤵
  PID:2296
- C:\Windows\System32\xrCsIbK.exe
  C:\Windows\System32\xrCsIbK.exe
  2⤵
  PID:3384
- C:\Windows\System32\XUwYJZU.exe
  C:\Windows\System32\XUwYJZU.exe
  2⤵
  PID:8
- C:\Windows\System32\mgClmex.exe
  C:\Windows\System32\mgClmex.exe
  2⤵
  PID:5076
- C:\Windows\System32\wdrxbPK.exe
  C:\Windows\System32\wdrxbPK.exe
  2⤵
  PID:4656
- C:\Windows\System32\MXAVJJt.exe
  C:\Windows\System32\MXAVJJt.exe
  2⤵
  PID:4876
- C:\Windows\System32\oTWeKZn.exe
  C:\Windows\System32\oTWeKZn.exe
  2⤵
  PID:2016
- C:\Windows\System32\lEoSviT.exe
  C:\Windows\System32\lEoSviT.exe
  2⤵
  PID:4040
- C:\Windows\System32\GZDBxXx.exe
  C:\Windows\System32\GZDBxXx.exe
  2⤵
  PID:4868
- C:\Windows\System32\COfUqgT.exe
  C:\Windows\System32\COfUqgT.exe
  2⤵
  PID:4052
- C:\Windows\System32\APbvGlG.exe
  C:\Windows\System32\APbvGlG.exe
  2⤵
  PID:4668
- C:\Windows\System32\LlnQrCD.exe
  C:\Windows\System32\LlnQrCD.exe
  2⤵
  PID:212
- C:\Windows\System32\VPrrQly.exe
  C:\Windows\System32\VPrrQly.exe
  2⤵
  PID:2892
- C:\Windows\System32\MZgHeaD.exe
  C:\Windows\System32\MZgHeaD.exe
  2⤵
  PID:2384
- C:\Windows\System32\vpXtkeX.exe
  C:\Windows\System32\vpXtkeX.exe
  2⤵
  PID:2236
- C:\Windows\System32\CycqhXZ.exe
  C:\Windows\System32\CycqhXZ.exe
  2⤵
  PID:408
- C:\Windows\System32\MCuMkMb.exe
  C:\Windows\System32\MCuMkMb.exe
  2⤵
  PID:5068
- C:\Windows\System32\dMVtQjB.exe
  C:\Windows\System32\dMVtQjB.exe
  2⤵
  PID:3472
- C:\Windows\System32\npHjJwg.exe
  C:\Windows\System32\npHjJwg.exe
  2⤵
  PID:4760
- C:\Windows\System32\AtqNjwO.exe
  C:\Windows\System32\AtqNjwO.exe
  2⤵
  PID:4496
- C:\Windows\System32\xyGNJqQ.exe
  C:\Windows\System32\xyGNJqQ.exe
  2⤵
  PID:1948
- C:\Windows\System32\KtJqLjx.exe
  C:\Windows\System32\KtJqLjx.exe
  2⤵
  PID:548
- C:\Windows\System32\JdWEYyj.exe
  C:\Windows\System32\JdWEYyj.exe
  2⤵
  PID:2264
- C:\Windows\System32\bMvYDPT.exe
  C:\Windows\System32\bMvYDPT.exe
  2⤵
  PID:3680
- C:\Windows\System32\KLgOWeb.exe
  C:\Windows\System32\KLgOWeb.exe
  2⤵
  PID:3344
- C:\Windows\System32\HUdNMXV.exe
  C:\Windows\System32\HUdNMXV.exe
  2⤵
  PID:1512
- C:\Windows\System32\oLlXTMR.exe
  C:\Windows\System32\oLlXTMR.exe
  2⤵
  PID:3972
- C:\Windows\System32\tVPjmhQ.exe
  C:\Windows\System32\tVPjmhQ.exe
  2⤵
  PID:3996
- C:\Windows\System32\MLqreaZ.exe
  C:\Windows\System32\MLqreaZ.exe
  2⤵
  PID:4528
- C:\Windows\System32\zMGIYxF.exe
  C:\Windows\System32\zMGIYxF.exe
  2⤵
  PID:4860
- C:\Windows\System32\YkAjwyU.exe
  C:\Windows\System32\YkAjwyU.exe
  2⤵
  PID:1020
- C:\Windows\System32\UJEfeNC.exe
  C:\Windows\System32\UJEfeNC.exe
  2⤵
  PID:1084
- C:\Windows\System32\peYPEzW.exe
  C:\Windows\System32\peYPEzW.exe
  2⤵
  PID:3844
- C:\Windows\System32\zKgTzsb.exe
  C:\Windows\System32\zKgTzsb.exe
  2⤵
  PID:2680
- C:\Windows\System32\taymbMp.exe
  C:\Windows\System32\taymbMp.exe
  2⤵
  PID:2556
- C:\Windows\System32\LhgWfLD.exe
  C:\Windows\System32\LhgWfLD.exe
  2⤵
  PID:1648
- C:\Windows\System32\mfSxGJU.exe
  C:\Windows\System32\mfSxGJU.exe
  2⤵
  PID:1172
- C:\Windows\System32\fyyPmtB.exe
  C:\Windows\System32\fyyPmtB.exe
  2⤵
  PID:3740
- C:\Windows\System32\tdKhGRB.exe
  C:\Windows\System32\tdKhGRB.exe
  2⤵
  PID:3732
- C:\Windows\System32\dHeOVBB.exe
  C:\Windows\System32\dHeOVBB.exe
  2⤵
  PID:3908
- C:\Windows\System32\DjAHiZt.exe
  C:\Windows\System32\DjAHiZt.exe
  2⤵
  PID:4144
- C:\Windows\System32\roqKjcy.exe
  C:\Windows\System32\roqKjcy.exe
  2⤵
  PID:5128
- C:\Windows\System32\clXqDOw.exe
  C:\Windows\System32\clXqDOw.exe
  2⤵
  PID:5172
- C:\Windows\System32\nVCrWby.exe
  C:\Windows\System32\nVCrWby.exe
  2⤵
  PID:5200
- C:\Windows\System32\BAXFfNP.exe
  C:\Windows\System32\BAXFfNP.exe
  2⤵
  PID:5240
- C:\Windows\System32\jRERQeT.exe
  C:\Windows\System32\jRERQeT.exe
  2⤵
  PID:5256
- C:\Windows\System32\xDCnVLA.exe
  C:\Windows\System32\xDCnVLA.exe
  2⤵
  PID:5284
- C:\Windows\System32\uiWWDHm.exe
  C:\Windows\System32\uiWWDHm.exe
  2⤵
  PID:5324
- C:\Windows\System32\itSddgX.exe
  C:\Windows\System32\itSddgX.exe
  2⤵
  PID:5340
- C:\Windows\System32\XjVFmqx.exe
  C:\Windows\System32\XjVFmqx.exe
  2⤵
  PID:5356
- C:\Windows\System32\hdEhDPD.exe
  C:\Windows\System32\hdEhDPD.exe
  2⤵
  PID:5376
- C:\Windows\System32\GiqVZCg.exe
  C:\Windows\System32\GiqVZCg.exe
  2⤵
  PID:5392
- C:\Windows\System32\ecnfGex.exe
  C:\Windows\System32\ecnfGex.exe
  2⤵
  PID:5420
- C:\Windows\System32\XiAPdSf.exe
  C:\Windows\System32\XiAPdSf.exe
  2⤵
  PID:5436
- C:\Windows\System32\DzEUdZk.exe
  C:\Windows\System32\DzEUdZk.exe
  2⤵
  PID:5484
- C:\Windows\System32\qsOxoCV.exe
  C:\Windows\System32\qsOxoCV.exe
  2⤵
  PID:5500
- C:\Windows\System32\KqptIXk.exe
  C:\Windows\System32\KqptIXk.exe
  2⤵
  PID:5520
- C:\Windows\System32\aZDqvJM.exe
  C:\Windows\System32\aZDqvJM.exe
  2⤵
  PID:5536
- C:\Windows\System32\aiXyKhq.exe
  C:\Windows\System32\aiXyKhq.exe
  2⤵
  PID:5560
- C:\Windows\System32\PSpwjJU.exe
  C:\Windows\System32\PSpwjJU.exe
  2⤵
  PID:5576
- C:\Windows\System32\wWMeHql.exe
  C:\Windows\System32\wWMeHql.exe
  2⤵
  PID:5604
- C:\Windows\System32\cyDvjVc.exe
  C:\Windows\System32\cyDvjVc.exe
  2⤵
  PID:5620
- C:\Windows\System32\jclrFcw.exe
  C:\Windows\System32\jclrFcw.exe
  2⤵
  PID:5636
- C:\Windows\System32\ZQqNWBh.exe
  C:\Windows\System32\ZQqNWBh.exe
  2⤵
  PID:5668
- C:\Windows\System32\pxyClKu.exe
  C:\Windows\System32\pxyClKu.exe
  2⤵
  PID:5692
- C:\Windows\System32\hjYbYTx.exe
  C:\Windows\System32\hjYbYTx.exe
  2⤵
  PID:5708
- C:\Windows\System32\oLqzhhV.exe
  C:\Windows\System32\oLqzhhV.exe
  2⤵
  PID:5724
- C:\Windows\System32\fmPEmtO.exe
  C:\Windows\System32\fmPEmtO.exe
  2⤵
  PID:5800
- C:\Windows\System32\QCulyIh.exe
  C:\Windows\System32\QCulyIh.exe
  2⤵
  PID:5868
- C:\Windows\System32\jvqrkqV.exe
  C:\Windows\System32\jvqrkqV.exe
  2⤵
  PID:5924
- C:\Windows\System32\fDFhGJN.exe
  C:\Windows\System32\fDFhGJN.exe
  2⤵
  PID:5944
- C:\Windows\System32\lbhtolX.exe
  C:\Windows\System32\lbhtolX.exe
  2⤵
  PID:5960
- C:\Windows\System32\PWFvSWA.exe
  C:\Windows\System32\PWFvSWA.exe
  2⤵
  PID:5984
- C:\Windows\System32\DbamCnA.exe
  C:\Windows\System32\DbamCnA.exe
  2⤵
  PID:6000
- C:\Windows\System32\DUNsvFX.exe
  C:\Windows\System32\DUNsvFX.exe
  2⤵
  PID:6028
- C:\Windows\System32\gdvfBNQ.exe
  C:\Windows\System32\gdvfBNQ.exe
  2⤵
  PID:6044
- C:\Windows\System32\uOQyTCc.exe
  C:\Windows\System32\uOQyTCc.exe
  2⤵
  PID:6060
- C:\Windows\System32\ZYdZvmj.exe
  C:\Windows\System32\ZYdZvmj.exe
  2⤵
  PID:6088
- C:\Windows\System32\LlnOZIy.exe
  C:\Windows\System32\LlnOZIy.exe
  2⤵
  PID:6104
- C:\Windows\System32\asOatcM.exe
  C:\Windows\System32\asOatcM.exe
  2⤵
  PID:4940
- C:\Windows\System32\warioDj.exe
  C:\Windows\System32\warioDj.exe
  2⤵
  PID:5248
- C:\Windows\System32\bOYOohL.exe
  C:\Windows\System32\bOYOohL.exe
  2⤵
  PID:5296
- C:\Windows\System32\fhbAfBV.exe
  C:\Windows\System32\fhbAfBV.exe
  2⤵
  PID:5372
- C:\Windows\System32\GPnJbXl.exe
  C:\Windows\System32\GPnJbXl.exe
  2⤵
  PID:5444
- C:\Windows\System32\lAjPazj.exe
  C:\Windows\System32\lAjPazj.exe
  2⤵
  PID:5552
- C:\Windows\System32\zVEFMBc.exe
  C:\Windows\System32\zVEFMBc.exe
  2⤵
  PID:5612
- C:\Windows\System32\xUMLbiZ.exe
  C:\Windows\System32\xUMLbiZ.exe
  2⤵
  PID:5544
- C:\Windows\System32\vcmCMkl.exe
  C:\Windows\System32\vcmCMkl.exe
  2⤵
  PID:5632
- C:\Windows\System32\XzMEVTa.exe
  C:\Windows\System32\XzMEVTa.exe
  2⤵
  PID:5700
- C:\Windows\System32\ZkzsszA.exe
  C:\Windows\System32\ZkzsszA.exe
  2⤵
  PID:5740
- C:\Windows\System32\OAUhtAa.exe
  C:\Windows\System32\OAUhtAa.exe
  2⤵
  PID:5812
- C:\Windows\System32\gqAEtxM.exe
  C:\Windows\System32\gqAEtxM.exe
  2⤵
  PID:5880
- C:\Windows\System32\NsmVVNY.exe
  C:\Windows\System32\NsmVVNY.exe
  2⤵
  PID:6052
- C:\Windows\System32\aKjiRwQ.exe
  C:\Windows\System32\aKjiRwQ.exe
  2⤵
  PID:6096
- C:\Windows\System32\QaarGcD.exe
  C:\Windows\System32\QaarGcD.exe
  2⤵
  PID:5280
- C:\Windows\System32\iumbvJX.exe
  C:\Windows\System32\iumbvJX.exe
  2⤵
  PID:5336
- C:\Windows\System32\KFsSmGn.exe
  C:\Windows\System32\KFsSmGn.exe
  2⤵
  PID:5492
- C:\Windows\System32\xrqRWxD.exe
  C:\Windows\System32\xrqRWxD.exe
  2⤵
  PID:5616
- C:\Windows\System32\TxiiNAt.exe
  C:\Windows\System32\TxiiNAt.exe
  2⤵
  PID:5572
- C:\Windows\System32\RWCyFRy.exe
  C:\Windows\System32\RWCyFRy.exe
  2⤵
  PID:5832
- C:\Windows\System32\ccjGgel.exe
  C:\Windows\System32\ccjGgel.exe
  2⤵
  PID:5968
- C:\Windows\System32\ZDjkNRi.exe
  C:\Windows\System32\ZDjkNRi.exe
  2⤵
  PID:6040
- C:\Windows\System32\yFxyKLP.exe
  C:\Windows\System32\yFxyKLP.exe
  2⤵
  PID:2200
- C:\Windows\System32\xLjayuG.exe
  C:\Windows\System32\xLjayuG.exe
  2⤵
  PID:5468
- C:\Windows\System32\FrLWQTD.exe
  C:\Windows\System32\FrLWQTD.exe
  2⤵
  PID:5904
- C:\Windows\System32\snyUZCl.exe
  C:\Windows\System32\snyUZCl.exe
  2⤵
  PID:6164
- C:\Windows\System32\abYnQcS.exe
  C:\Windows\System32\abYnQcS.exe
  2⤵
  PID:6180
- C:\Windows\System32\CFUNofD.exe
  C:\Windows\System32\CFUNofD.exe
  2⤵
  PID:6224
- C:\Windows\System32\GZQAKEZ.exe
  C:\Windows\System32\GZQAKEZ.exe
  2⤵
  PID:6320
- C:\Windows\System32\eUvOvaz.exe
  C:\Windows\System32\eUvOvaz.exe
  2⤵
  PID:6344
- C:\Windows\System32\iJDdrBV.exe
  C:\Windows\System32\iJDdrBV.exe
  2⤵
  PID:6372
- C:\Windows\System32\gUOMjXM.exe
  C:\Windows\System32\gUOMjXM.exe
  2⤵
  PID:6388
- C:\Windows\System32\txCHEQG.exe
  C:\Windows\System32\txCHEQG.exe
  2⤵
  PID:6412
- C:\Windows\System32\IRrBRZz.exe
  C:\Windows\System32\IRrBRZz.exe
  2⤵
  PID:6432
- C:\Windows\System32\AozcvEj.exe
  C:\Windows\System32\AozcvEj.exe
  2⤵
  PID:6452
- C:\Windows\System32\ViMPWFZ.exe
  C:\Windows\System32\ViMPWFZ.exe
  2⤵
  PID:6476
- C:\Windows\System32\EqCjeLv.exe
  C:\Windows\System32\EqCjeLv.exe
  2⤵
  PID:6492
- C:\Windows\System32\kWLOeqw.exe
  C:\Windows\System32\kWLOeqw.exe
  2⤵
  PID:6512
- C:\Windows\System32\tipJzST.exe
  C:\Windows\System32\tipJzST.exe
  2⤵
  PID:6532
- C:\Windows\System32\OKCXZtg.exe
  C:\Windows\System32\OKCXZtg.exe
  2⤵
  PID:6556
- C:\Windows\System32\bkmnssm.exe
  C:\Windows\System32\bkmnssm.exe
  2⤵
  PID:6572
- C:\Windows\System32\okeOccR.exe
  C:\Windows\System32\okeOccR.exe
  2⤵
  PID:6620
- C:\Windows\System32\LQpcAHU.exe
  C:\Windows\System32\LQpcAHU.exe
  2⤵
  PID:6640
- C:\Windows\System32\MAYEmvI.exe
  C:\Windows\System32\MAYEmvI.exe
  2⤵
  PID:6656
- C:\Windows\System32\JFkzKHt.exe
  C:\Windows\System32\JFkzKHt.exe
  2⤵
  PID:6680
- C:\Windows\System32\cAHgCVK.exe
  C:\Windows\System32\cAHgCVK.exe
  2⤵
  PID:6696
- C:\Windows\System32\bUfxRxK.exe
  C:\Windows\System32\bUfxRxK.exe
  2⤵
  PID:6720
- C:\Windows\System32\RIbzBBN.exe
  C:\Windows\System32\RIbzBBN.exe
  2⤵
  PID:6792
- C:\Windows\System32\wgRQfqe.exe
  C:\Windows\System32\wgRQfqe.exe
  2⤵
  PID:6808
- C:\Windows\System32\NNpPOCc.exe
  C:\Windows\System32\NNpPOCc.exe
  2⤵
  PID:6836
- C:\Windows\System32\MQJBZhH.exe
  C:\Windows\System32\MQJBZhH.exe
  2⤵
  PID:6896
- C:\Windows\System32\mFHAOmH.exe
  C:\Windows\System32\mFHAOmH.exe
  2⤵
  PID:6912
- C:\Windows\System32\HGVNPAB.exe
  C:\Windows\System32\HGVNPAB.exe
  2⤵
  PID:6936
- C:\Windows\System32\AdHoUkT.exe
  C:\Windows\System32\AdHoUkT.exe
  2⤵
  PID:6952
- C:\Windows\System32\zDzpldz.exe
  C:\Windows\System32\zDzpldz.exe
  2⤵
  PID:6972
- C:\Windows\System32\kYqJbEe.exe
  C:\Windows\System32\kYqJbEe.exe
  2⤵
  PID:6988
- C:\Windows\System32\Chmrqzc.exe
  C:\Windows\System32\Chmrqzc.exe
  2⤵
  PID:7012
- C:\Windows\System32\UEzJlYF.exe
  C:\Windows\System32\UEzJlYF.exe
  2⤵
  PID:7028
- C:\Windows\System32\pXmEAle.exe
  C:\Windows\System32\pXmEAle.exe
  2⤵
  PID:7052
- C:\Windows\System32\KKxgXGV.exe
  C:\Windows\System32\KKxgXGV.exe
  2⤵
  PID:7072
- C:\Windows\System32\RIdErbz.exe
  C:\Windows\System32\RIdErbz.exe
  2⤵
  PID:7112
- C:\Windows\System32\pnHfNfe.exe
  C:\Windows\System32\pnHfNfe.exe
  2⤵
  PID:5732
- C:\Windows\System32\JFdNdqW.exe
  C:\Windows\System32\JFdNdqW.exe
  2⤵
  PID:5680
- C:\Windows\System32\mFAtfhV.exe
  C:\Windows\System32\mFAtfhV.exe
  2⤵
  PID:6276
- C:\Windows\System32\aCefWMG.exe
  C:\Windows\System32\aCefWMG.exe
  2⤵
  PID:6308
- C:\Windows\System32\iwtRXiR.exe
  C:\Windows\System32\iwtRXiR.exe
  2⤵
  PID:6380
- C:\Windows\System32\DrjoFqt.exe
  C:\Windows\System32\DrjoFqt.exe
  2⤵
  PID:6396
- C:\Windows\System32\yfivuoc.exe
  C:\Windows\System32\yfivuoc.exe
  2⤵
  PID:6600
- C:\Windows\System32\IJIpRaI.exe
  C:\Windows\System32\IJIpRaI.exe
  2⤵
  PID:6588
- C:\Windows\System32\nnGDpvW.exe
  C:\Windows\System32\nnGDpvW.exe
  2⤵
  PID:6708
- C:\Windows\System32\FHYbhlo.exe
  C:\Windows\System32\FHYbhlo.exe
  2⤵
  PID:6672
- C:\Windows\System32\rzfIapx.exe
  C:\Windows\System32\rzfIapx.exe
  2⤵
  PID:6820
- C:\Windows\System32\EsOvbDe.exe
  C:\Windows\System32\EsOvbDe.exe
  2⤵
  PID:6788
- C:\Windows\System32\kWwMPAv.exe
  C:\Windows\System32\kWwMPAv.exe
  2⤵
  PID:6908
- C:\Windows\System32\nrHyQYV.exe
  C:\Windows\System32\nrHyQYV.exe
  2⤵
  PID:6844
- C:\Windows\System32\ogWAsok.exe
  C:\Windows\System32\ogWAsok.exe
  2⤵
  PID:7024
- C:\Windows\System32\uoeqEwl.exe
  C:\Windows\System32\uoeqEwl.exe
  2⤵
  PID:7080
- C:\Windows\System32\rzNIfAi.exe
  C:\Windows\System32\rzNIfAi.exe
  2⤵
  PID:5208
- C:\Windows\System32\JQSFkIn.exe
  C:\Windows\System32\JQSFkIn.exe
  2⤵
  PID:6468
- C:\Windows\System32\XJoTFev.exe
  C:\Windows\System32\XJoTFev.exe
  2⤵
  PID:6360
- C:\Windows\System32\wYFfYvj.exe
  C:\Windows\System32\wYFfYvj.exe
  2⤵
  PID:6568
- C:\Windows\System32\IYCJUqi.exe
  C:\Windows\System32\IYCJUqi.exe
  2⤵
  PID:6768
- C:\Windows\System32\hCWKkFL.exe
  C:\Windows\System32\hCWKkFL.exe
  2⤵
  PID:6804
- C:\Windows\System32\wrqDJOF.exe
  C:\Windows\System32\wrqDJOF.exe
  2⤵
  PID:7160
- C:\Windows\System32\hgMArDp.exe
  C:\Windows\System32\hgMArDp.exe
  2⤵
  PID:6564
- C:\Windows\System32\qrZGaZB.exe
  C:\Windows\System32\qrZGaZB.exe
  2⤵
  PID:6500
- C:\Windows\System32\huythnd.exe
  C:\Windows\System32\huythnd.exe
  2⤵
  PID:6964
- C:\Windows\System32\sxcBlPi.exe
  C:\Windows\System32\sxcBlPi.exe
  2⤵
  PID:6440
- C:\Windows\System32\UoJeycM.exe
  C:\Windows\System32\UoJeycM.exe
  2⤵
  PID:7184
- C:\Windows\System32\jGMsKHY.exe
  C:\Windows\System32\jGMsKHY.exe
  2⤵
  PID:7208
- C:\Windows\System32\QwCwLiT.exe
  C:\Windows\System32\QwCwLiT.exe
  2⤵
  PID:7240
- C:\Windows\System32\mXZoqlQ.exe
  C:\Windows\System32\mXZoqlQ.exe
  2⤵
  PID:7284
- C:\Windows\System32\VgtKbvi.exe
  C:\Windows\System32\VgtKbvi.exe
  2⤵
  PID:7316
- C:\Windows\System32\UZHmgDF.exe
  C:\Windows\System32\UZHmgDF.exe
  2⤵
  PID:7340
- C:\Windows\System32\ooCAVGz.exe
  C:\Windows\System32\ooCAVGz.exe
  2⤵
  PID:7356
- C:\Windows\System32\EwSRPVI.exe
  C:\Windows\System32\EwSRPVI.exe
  2⤵
  PID:7396
- C:\Windows\System32\ShgKjLK.exe
  C:\Windows\System32\ShgKjLK.exe
  2⤵
  PID:7420
- C:\Windows\System32\RPPvQPG.exe
  C:\Windows\System32\RPPvQPG.exe
  2⤵
  PID:7444
- C:\Windows\System32\JmByNdm.exe
  C:\Windows\System32\JmByNdm.exe
  2⤵
  PID:7464
- C:\Windows\System32\hQgtCWO.exe
  C:\Windows\System32\hQgtCWO.exe
  2⤵
  PID:7480
- C:\Windows\System32\wSJanqv.exe
  C:\Windows\System32\wSJanqv.exe
  2⤵
  PID:7512
- C:\Windows\System32\wpCoALW.exe
  C:\Windows\System32\wpCoALW.exe
  2⤵
  PID:7556
- C:\Windows\System32\YmBlhOi.exe
  C:\Windows\System32\YmBlhOi.exe
  2⤵
  PID:7592
- C:\Windows\System32\aajlLBF.exe
  C:\Windows\System32\aajlLBF.exe
  2⤵
  PID:7624
- C:\Windows\System32\aLRTkPc.exe
  C:\Windows\System32\aLRTkPc.exe
  2⤵
  PID:7640
- C:\Windows\System32\QnYvxNO.exe
  C:\Windows\System32\QnYvxNO.exe
  2⤵
  PID:7668
- C:\Windows\System32\wEkpkpU.exe
  C:\Windows\System32\wEkpkpU.exe
  2⤵
  PID:7688
- C:\Windows\System32\PGlKwnk.exe
  C:\Windows\System32\PGlKwnk.exe
  2⤵
  PID:7708
- C:\Windows\System32\ZeUNCpw.exe
  C:\Windows\System32\ZeUNCpw.exe
  2⤵
  PID:7728
- C:\Windows\System32\nEazHFn.exe
  C:\Windows\System32\nEazHFn.exe
  2⤵
  PID:7756
- C:\Windows\System32\FdsXAQA.exe
  C:\Windows\System32\FdsXAQA.exe
  2⤵
  PID:7792
- C:\Windows\System32\rWHoGCc.exe
  C:\Windows\System32\rWHoGCc.exe
  2⤵
  PID:7808
- C:\Windows\System32\FchfIsi.exe
  C:\Windows\System32\FchfIsi.exe
  2⤵
  PID:7828
- C:\Windows\System32\HnESIwI.exe
  C:\Windows\System32\HnESIwI.exe
  2⤵
  PID:7848
- C:\Windows\System32\nZnTuyw.exe
  C:\Windows\System32\nZnTuyw.exe
  2⤵
  PID:7876
- C:\Windows\System32\WFwCApc.exe
  C:\Windows\System32\WFwCApc.exe
  2⤵
  PID:7892
- C:\Windows\System32\NVdoAec.exe
  C:\Windows\System32\NVdoAec.exe
  2⤵
  PID:7952
- C:\Windows\System32\gqRBRPH.exe
  C:\Windows\System32\gqRBRPH.exe
  2⤵
  PID:7984
- C:\Windows\System32\IVrCAWN.exe
  C:\Windows\System32\IVrCAWN.exe
  2⤵
  PID:8012
- C:\Windows\System32\brbsCUK.exe
  C:\Windows\System32\brbsCUK.exe
  2⤵
  PID:8060
- C:\Windows\System32\FQkYODs.exe
  C:\Windows\System32\FQkYODs.exe
  2⤵
  PID:8100
- C:\Windows\System32\LGGCbQO.exe
  C:\Windows\System32\LGGCbQO.exe
  2⤵
  PID:8128
- C:\Windows\System32\qJcBnFE.exe
  C:\Windows\System32\qJcBnFE.exe
  2⤵
  PID:8148
- C:\Windows\System32\hnZKoeu.exe
  C:\Windows\System32\hnZKoeu.exe
  2⤵
  PID:8164
- C:\Windows\System32\ApGigtV.exe
  C:\Windows\System32\ApGigtV.exe
  2⤵
  PID:8188
- C:\Windows\System32\JcodQQk.exe
  C:\Windows\System32\JcodQQk.exe
  2⤵
  PID:6448
- C:\Windows\System32\ICipseC.exe
  C:\Windows\System32\ICipseC.exe
  2⤵
  PID:7176
- C:\Windows\System32\sYTpGbw.exe
  C:\Windows\System32\sYTpGbw.exe
  2⤵
  PID:7280
- C:\Windows\System32\dvXZkou.exe
  C:\Windows\System32\dvXZkou.exe
  2⤵
  PID:7332
- C:\Windows\System32\Zrcuhhw.exe
  C:\Windows\System32\Zrcuhhw.exe
  2⤵
  PID:7460
- C:\Windows\System32\aMIQVwi.exe
  C:\Windows\System32\aMIQVwi.exe
  2⤵
  PID:7540
- C:\Windows\System32\fWzCMNb.exe
  C:\Windows\System32\fWzCMNb.exe
  2⤵
  PID:7572
- C:\Windows\System32\mUVGssA.exe
  C:\Windows\System32\mUVGssA.exe
  2⤵
  PID:7608
- C:\Windows\System32\ardRbux.exe
  C:\Windows\System32\ardRbux.exe
  2⤵
  PID:7684
- C:\Windows\System32\vQXdbPT.exe
  C:\Windows\System32\vQXdbPT.exe
  2⤵
  PID:7776
- C:\Windows\System32\OoLCYnv.exe
  C:\Windows\System32\OoLCYnv.exe
  2⤵
  PID:7856
- C:\Windows\System32\vZzowmu.exe
  C:\Windows\System32\vZzowmu.exe
  2⤵
  PID:7868
- C:\Windows\System32\AUHqVtq.exe
  C:\Windows\System32\AUHqVtq.exe
  2⤵
  PID:7888
- C:\Windows\System32\nMOkghu.exe
  C:\Windows\System32\nMOkghu.exe
  2⤵
  PID:8028
- C:\Windows\System32\JbyJpVc.exe
  C:\Windows\System32\JbyJpVc.exe
  2⤵
  PID:8112
- C:\Windows\System32\ePOrsMJ.exe
  C:\Windows\System32\ePOrsMJ.exe
  2⤵
  PID:8156
- C:\Windows\System32\kLWSDkB.exe
  C:\Windows\System32\kLWSDkB.exe
  2⤵
  PID:7204
- C:\Windows\System32\DfIsFKj.exe
  C:\Windows\System32\DfIsFKj.exe
  2⤵
  PID:7224
- C:\Windows\System32\XrDWsHg.exe
  C:\Windows\System32\XrDWsHg.exe
  2⤵
  PID:7252
- C:\Windows\System32\fsxNoGs.exe
  C:\Windows\System32\fsxNoGs.exe
  2⤵
  PID:7616
- C:\Windows\System32\QHHqBJR.exe
  C:\Windows\System32\QHHqBJR.exe
  2⤵
  PID:7768
- C:\Windows\System32\VtfiYKX.exe
  C:\Windows\System32\VtfiYKX.exe
  2⤵
  PID:7820
- C:\Windows\System32\cxlKRNB.exe
  C:\Windows\System32\cxlKRNB.exe
  2⤵
  PID:7960
- C:\Windows\System32\AqmtiFz.exe
  C:\Windows\System32\AqmtiFz.exe
  2⤵
  PID:7180
- C:\Windows\System32\CFHPAuK.exe
  C:\Windows\System32\CFHPAuK.exe
  2⤵
  PID:7248
- C:\Windows\System32\dTdZrSj.exe
  C:\Windows\System32\dTdZrSj.exe
  2⤵
  PID:7408
- C:\Windows\System32\BitotCX.exe
  C:\Windows\System32\BitotCX.exe
  2⤵
  PID:7704
- C:\Windows\System32\gdNtSHy.exe
  C:\Windows\System32\gdNtSHy.exe
  2⤵
  PID:8200
- C:\Windows\System32\SKBWJyv.exe
  C:\Windows\System32\SKBWJyv.exe
  2⤵
  PID:8248
- C:\Windows\System32\ZHIYeZB.exe
  C:\Windows\System32\ZHIYeZB.exe
  2⤵
  PID:8268
- C:\Windows\System32\kAomCjp.exe
  C:\Windows\System32\kAomCjp.exe
  2⤵
  PID:8304
- C:\Windows\System32\jfOAoIt.exe
  C:\Windows\System32\jfOAoIt.exe
  2⤵
  PID:8328
- C:\Windows\System32\kyCdJgd.exe
  C:\Windows\System32\kyCdJgd.exe
  2⤵
  PID:8352
- C:\Windows\System32\cvIJiJx.exe
  C:\Windows\System32\cvIJiJx.exe
  2⤵
  PID:8388
- C:\Windows\System32\oaPGIbW.exe
  C:\Windows\System32\oaPGIbW.exe
  2⤵
  PID:8408
- C:\Windows\System32\DqQHogZ.exe
  C:\Windows\System32\DqQHogZ.exe
  2⤵
  PID:8428
- C:\Windows\System32\TXhCekY.exe
  C:\Windows\System32\TXhCekY.exe
  2⤵
  PID:8452
- C:\Windows\System32\VOADHwK.exe
  C:\Windows\System32\VOADHwK.exe
  2⤵
  PID:8472
- C:\Windows\System32\nWSmOWH.exe
  C:\Windows\System32\nWSmOWH.exe
  2⤵
  PID:8540
- C:\Windows\System32\oZVlNZG.exe
  C:\Windows\System32\oZVlNZG.exe
  2⤵
  PID:8584
- C:\Windows\System32\TPZGngL.exe
  C:\Windows\System32\TPZGngL.exe
  2⤵
  PID:8604
- C:\Windows\System32\lnmyyxJ.exe
  C:\Windows\System32\lnmyyxJ.exe
  2⤵
  PID:8624
- C:\Windows\System32\EpbDWhM.exe
  C:\Windows\System32\EpbDWhM.exe
  2⤵
  PID:8640
- C:\Windows\System32\RezFqFx.exe
  C:\Windows\System32\RezFqFx.exe
  2⤵
  PID:8692
- C:\Windows\System32\dLgSocr.exe
  C:\Windows\System32\dLgSocr.exe
  2⤵
  PID:8712
- C:\Windows\System32\THnWBwm.exe
  C:\Windows\System32\THnWBwm.exe
  2⤵
  PID:8740
- C:\Windows\System32\LJhCRmg.exe
  C:\Windows\System32\LJhCRmg.exe
  2⤵
  PID:8760
- C:\Windows\System32\kiAybHs.exe
  C:\Windows\System32\kiAybHs.exe
  2⤵
  PID:8816
- C:\Windows\System32\SfijZpt.exe
  C:\Windows\System32\SfijZpt.exe
  2⤵
  PID:8860
- C:\Windows\System32\oLHQLGV.exe
  C:\Windows\System32\oLHQLGV.exe
  2⤵
  PID:8888
- C:\Windows\System32\twLZHrA.exe
  C:\Windows\System32\twLZHrA.exe
  2⤵
  PID:8904
- C:\Windows\System32\uokoAxv.exe
  C:\Windows\System32\uokoAxv.exe
  2⤵
  PID:8928
- C:\Windows\System32\hxxdAEb.exe
  C:\Windows\System32\hxxdAEb.exe
  2⤵
  PID:8948
- C:\Windows\System32\FEuJFsj.exe
  C:\Windows\System32\FEuJFsj.exe
  2⤵
  PID:8972
- C:\Windows\System32\eZMudMS.exe
  C:\Windows\System32\eZMudMS.exe
  2⤵
  PID:9020
- C:\Windows\System32\iWArioJ.exe
  C:\Windows\System32\iWArioJ.exe
  2⤵
  PID:9052
- C:\Windows\System32\kRvaUTZ.exe
  C:\Windows\System32\kRvaUTZ.exe
  2⤵
  PID:9088
- C:\Windows\System32\XGFuCvb.exe
  C:\Windows\System32\XGFuCvb.exe
  2⤵
  PID:9116
- C:\Windows\System32\cCxOPll.exe
  C:\Windows\System32\cCxOPll.exe
  2⤵
  PID:9136
- C:\Windows\System32\qLNHstI.exe
  C:\Windows\System32\qLNHstI.exe
  2⤵
  PID:9152
- C:\Windows\System32\rowwduH.exe
  C:\Windows\System32\rowwduH.exe
  2⤵
  PID:9180
- C:\Windows\System32\faOMIHv.exe
  C:\Windows\System32\faOMIHv.exe
  2⤵
  PID:8172
- C:\Windows\System32\xCrrwgf.exe
  C:\Windows\System32\xCrrwgf.exe
  2⤵
  PID:8264
- C:\Windows\System32\uhYsjcd.exe
  C:\Windows\System32\uhYsjcd.exe
  2⤵
  PID:8324
- C:\Windows\System32\TjaqElX.exe
  C:\Windows\System32\TjaqElX.exe
  2⤵
  PID:8364
- C:\Windows\System32\oAgeaYR.exe
  C:\Windows\System32\oAgeaYR.exe
  2⤵
  PID:8468
- C:\Windows\System32\JqJPupR.exe
  C:\Windows\System32\JqJPupR.exe
  2⤵
  PID:8396
- C:\Windows\System32\ZQSAxjN.exe
  C:\Windows\System32\ZQSAxjN.exe
  2⤵
  PID:8548
- C:\Windows\System32\GTWkTvG.exe
  C:\Windows\System32\GTWkTvG.exe
  2⤵
  PID:8656
- C:\Windows\System32\IkosKfe.exe
  C:\Windows\System32\IkosKfe.exe
  2⤵
  PID:8708
- C:\Windows\System32\hLSLFAi.exe
  C:\Windows\System32\hLSLFAi.exe
  2⤵
  PID:8748
- C:\Windows\System32\LSDbxkF.exe
  C:\Windows\System32\LSDbxkF.exe
  2⤵
  PID:8776
- C:\Windows\System32\FSsDzFT.exe
  C:\Windows\System32\FSsDzFT.exe
  2⤵
  PID:8792
- C:\Windows\System32\SJrJHnj.exe
  C:\Windows\System32\SJrJHnj.exe
  2⤵
  PID:8868
- C:\Windows\System32\QIXIouv.exe
  C:\Windows\System32\QIXIouv.exe
  2⤵
  PID:9000
- C:\Windows\System32\vPJeQPi.exe
  C:\Windows\System32\vPJeQPi.exe
  2⤵
  PID:9144
- C:\Windows\System32\aGACWct.exe
  C:\Windows\System32\aGACWct.exe
  2⤵
  PID:9208
- C:\Windows\System32\iYkcOPV.exe
  C:\Windows\System32\iYkcOPV.exe
  2⤵
  PID:6856
- C:\Windows\System32\MWdjKNQ.exe
  C:\Windows\System32\MWdjKNQ.exe
  2⤵
  PID:8216
- C:\Windows\System32\cgPEexa.exe
  C:\Windows\System32\cgPEexa.exe
  2⤵
  PID:8344
- C:\Windows\System32\cNUvvhv.exe
  C:\Windows\System32\cNUvvhv.exe
  2⤵
  PID:6632
- C:\Windows\System32\eDkVBvX.exe
  C:\Windows\System32\eDkVBvX.exe
  2⤵
  PID:8632
- C:\Windows\System32\Kwhxcsw.exe
  C:\Windows\System32\Kwhxcsw.exe
  2⤵
  PID:8780
- C:\Windows\System32\LVDhMxB.exe
  C:\Windows\System32\LVDhMxB.exe
  2⤵
  PID:9012
- C:\Windows\System32\qqXRJeJ.exe
  C:\Windows\System32\qqXRJeJ.exe
  2⤵
  PID:8336
- C:\Windows\System32\ZAsuJox.exe
  C:\Windows\System32\ZAsuJox.exe
  2⤵
  PID:8144
- C:\Windows\System32\xEBeYLc.exe
  C:\Windows\System32\xEBeYLc.exe
  2⤵
  PID:8484
- C:\Windows\System32\zCbSfvn.exe
  C:\Windows\System32\zCbSfvn.exe
  2⤵
  PID:8756
- C:\Windows\System32\mKNzOAZ.exe
  C:\Windows\System32\mKNzOAZ.exe
  2⤵
  PID:9176
- C:\Windows\System32\iOaPMEl.exe
  C:\Windows\System32\iOaPMEl.exe
  2⤵
  PID:8440
- C:\Windows\System32\yiOTbRf.exe
  C:\Windows\System32\yiOTbRf.exe
  2⤵
  PID:7992
- C:\Windows\System32\lHSMaJM.exe
  C:\Windows\System32\lHSMaJM.exe
  2⤵
  PID:9236
- C:\Windows\System32\rrXFEcC.exe
  C:\Windows\System32\rrXFEcC.exe
  2⤵
  PID:9268
- C:\Windows\System32\MtefnBm.exe
  C:\Windows\System32\MtefnBm.exe
  2⤵
  PID:9288
- C:\Windows\System32\TjllKGq.exe
  C:\Windows\System32\TjllKGq.exe
  2⤵
  PID:9344
- C:\Windows\System32\BPfeDQO.exe
  C:\Windows\System32\BPfeDQO.exe
  2⤵
  PID:9372
- C:\Windows\System32\QhuJAjY.exe
  C:\Windows\System32\QhuJAjY.exe
  2⤵
  PID:9388
- C:\Windows\System32\gPfACHb.exe
  C:\Windows\System32\gPfACHb.exe
  2⤵
  PID:9412
- C:\Windows\System32\bsrLjyK.exe
  C:\Windows\System32\bsrLjyK.exe
  2⤵
  PID:9428
- C:\Windows\System32\OgOZcUh.exe
  C:\Windows\System32\OgOZcUh.exe
  2⤵
  PID:9468
- C:\Windows\System32\vnKknPD.exe
  C:\Windows\System32\vnKknPD.exe
  2⤵
  PID:9488
- C:\Windows\System32\FVWhvHZ.exe
  C:\Windows\System32\FVWhvHZ.exe
  2⤵
  PID:9512
- C:\Windows\System32\FpyPxcN.exe
  C:\Windows\System32\FpyPxcN.exe
  2⤵
  PID:9544
- C:\Windows\System32\TOQYQAu.exe
  C:\Windows\System32\TOQYQAu.exe
  2⤵
  PID:9564
- C:\Windows\System32\xEYXTWJ.exe
  C:\Windows\System32\xEYXTWJ.exe
  2⤵
  PID:9584
- C:\Windows\System32\mYGwqnE.exe
  C:\Windows\System32\mYGwqnE.exe
  2⤵
  PID:9608
- C:\Windows\System32\aqnNfSt.exe
  C:\Windows\System32\aqnNfSt.exe
  2⤵
  PID:9628
- C:\Windows\System32\FSawYxz.exe
  C:\Windows\System32\FSawYxz.exe
  2⤵
  PID:9652
- C:\Windows\System32\fomfHLV.exe
  C:\Windows\System32\fomfHLV.exe
  2⤵
  PID:9708
- C:\Windows\System32\eVqrHQW.exe
  C:\Windows\System32\eVqrHQW.exe
  2⤵
  PID:9728
- C:\Windows\System32\UtzsVvM.exe
  C:\Windows\System32\UtzsVvM.exe
  2⤵
  PID:9760
- C:\Windows\System32\yshuJKj.exe
  C:\Windows\System32\yshuJKj.exe
  2⤵
  PID:9780
- C:\Windows\System32\YhWGsGa.exe
  C:\Windows\System32\YhWGsGa.exe
  2⤵
  PID:9840
- C:\Windows\System32\blJtNCD.exe
  C:\Windows\System32\blJtNCD.exe
  2⤵
  PID:9868
- C:\Windows\System32\yIoRehn.exe
  C:\Windows\System32\yIoRehn.exe
  2⤵
  PID:9908
- C:\Windows\System32\tNVnzVM.exe
  C:\Windows\System32\tNVnzVM.exe
  2⤵
  PID:9944
- C:\Windows\System32\JoErAfX.exe
  C:\Windows\System32\JoErAfX.exe
  2⤵
  PID:9960
- C:\Windows\System32\SxAqpaN.exe
  C:\Windows\System32\SxAqpaN.exe
  2⤵
  PID:9980
- C:\Windows\System32\MmOjSVv.exe
  C:\Windows\System32\MmOjSVv.exe
  2⤵
  PID:10000
- C:\Windows\System32\HacqmzQ.exe
  C:\Windows\System32\HacqmzQ.exe
  2⤵
  PID:10016
- C:\Windows\System32\bbNqLLO.exe
  C:\Windows\System32\bbNqLLO.exe
  2⤵
  PID:10040
- C:\Windows\System32\DtWuaeN.exe
  C:\Windows\System32\DtWuaeN.exe
  2⤵
  PID:10080
- C:\Windows\System32\IvylZyW.exe
  C:\Windows\System32\IvylZyW.exe
  2⤵
  PID:10112
- C:\Windows\System32\HPgcVSU.exe
  C:\Windows\System32\HPgcVSU.exe
  2⤵
  PID:10128
- C:\Windows\System32\RLLAFXU.exe
  C:\Windows\System32\RLLAFXU.exe
  2⤵
  PID:10152
- C:\Windows\System32\WBQoBFZ.exe
  C:\Windows\System32\WBQoBFZ.exe
  2⤵
  PID:10176
- C:\Windows\System32\SwfcHpo.exe
  C:\Windows\System32\SwfcHpo.exe
  2⤵
  PID:10204
- C:\Windows\System32\HvVxqnX.exe
  C:\Windows\System32\HvVxqnX.exe
  2⤵
  PID:10224
- C:\Windows\System32\QGEztgs.exe
  C:\Windows\System32\QGEztgs.exe
  2⤵
  PID:9248
- C:\Windows\System32\ViFGARN.exe
  C:\Windows\System32\ViFGARN.exe
  2⤵
  PID:9332
- C:\Windows\System32\uroCTlw.exe
  C:\Windows\System32\uroCTlw.exe
  2⤵
  PID:9384
- C:\Windows\System32\auMZpol.exe
  C:\Windows\System32\auMZpol.exe
  2⤵
  PID:9408
- C:\Windows\System32\APBQbMl.exe
  C:\Windows\System32\APBQbMl.exe
  2⤵
  PID:9464
- C:\Windows\System32\VSpPkSI.exe
  C:\Windows\System32\VSpPkSI.exe
  2⤵
  PID:9556
- C:\Windows\System32\sUfqZOy.exe
  C:\Windows\System32\sUfqZOy.exe
  2⤵
  PID:9604
- C:\Windows\System32\jjdUDEh.exe
  C:\Windows\System32\jjdUDEh.exe
  2⤵
  PID:9748
- C:\Windows\System32\yMHUUGz.exe
  C:\Windows\System32\yMHUUGz.exe
  2⤵
  PID:9756
- C:\Windows\System32\KqqqXBm.exe
  C:\Windows\System32\KqqqXBm.exe
  2⤵
  PID:9904
- C:\Windows\System32\qrLRdOZ.exe
  C:\Windows\System32\qrLRdOZ.exe
  2⤵
  PID:9976
- C:\Windows\System32\ohumnry.exe
  C:\Windows\System32\ohumnry.exe
  2⤵
  PID:10012
- C:\Windows\System32\QBDkWuN.exe
  C:\Windows\System32\QBDkWuN.exe
  2⤵
  PID:10092
- C:\Windows\System32\IrnxUBK.exe
  C:\Windows\System32\IrnxUBK.exe
  2⤵
  PID:10148
- C:\Windows\System32\PqGDCMc.exe
  C:\Windows\System32\PqGDCMc.exe
  2⤵
  PID:10200
- C:\Windows\System32\ufXYNWO.exe
  C:\Windows\System32\ufXYNWO.exe
  2⤵
  PID:10236
- C:\Windows\System32\AyaMVSj.exe
  C:\Windows\System32\AyaMVSj.exe
  2⤵
  PID:9300
- C:\Windows\System32\fDOMFnr.exe
  C:\Windows\System32\fDOMFnr.exe
  2⤵
  PID:9520
- C:\Windows\System32\UrwzemC.exe
  C:\Windows\System32\UrwzemC.exe
  2⤵
  PID:9640
- C:\Windows\System32\BqDqHhd.exe
  C:\Windows\System32\BqDqHhd.exe
  2⤵
  PID:9680
- C:\Windows\System32\cRVRpjF.exe
  C:\Windows\System32\cRVRpjF.exe
  2⤵
  PID:10036
- C:\Windows\System32\gUQFYGB.exe
  C:\Windows\System32\gUQFYGB.exe
  2⤵
  PID:10140
- C:\Windows\System32\MToQWHL.exe
  C:\Windows\System32\MToQWHL.exe
  2⤵
  PID:9316
- C:\Windows\System32\RCxXabF.exe
  C:\Windows\System32\RCxXabF.exe
  2⤵
  PID:9504
- C:\Windows\System32\MZjriaW.exe
  C:\Windows\System32\MZjriaW.exe
  2⤵
  PID:9848
- C:\Windows\System32\hwxbFwv.exe
  C:\Windows\System32\hwxbFwv.exe
  2⤵
  PID:8488
- C:\Windows\System32\ysIZNUR.exe
  C:\Windows\System32\ysIZNUR.exe
  2⤵
  PID:10120
- C:\Windows\System32\IFSaZRa.exe
  C:\Windows\System32\IFSaZRa.exe
  2⤵
  PID:10256
- C:\Windows\System32\pIUeuca.exe
  C:\Windows\System32\pIUeuca.exe
  2⤵
  PID:10272
- C:\Windows\System32\zNIGNtF.exe
  C:\Windows\System32\zNIGNtF.exe
  2⤵
  PID:10288
- C:\Windows\System32\naZpQJj.exe
  C:\Windows\System32\naZpQJj.exe
  2⤵
  PID:10360
- C:\Windows\System32\iXhvLKl.exe
  C:\Windows\System32\iXhvLKl.exe
  2⤵
  PID:10380
- C:\Windows\System32\PqmDYVM.exe
  C:\Windows\System32\PqmDYVM.exe
  2⤵
  PID:10396
- C:\Windows\System32\OwxQZPx.exe
  C:\Windows\System32\OwxQZPx.exe
  2⤵
  PID:10424
- C:\Windows\System32\iwsLLBU.exe
  C:\Windows\System32\iwsLLBU.exe
  2⤵
  PID:10440
- C:\Windows\System32\uCzZUvd.exe
  C:\Windows\System32\uCzZUvd.exe
  2⤵
  PID:10464
- C:\Windows\System32\DEcibdp.exe
  C:\Windows\System32\DEcibdp.exe
  2⤵
  PID:10528
- C:\Windows\System32\PfxWzGm.exe
  C:\Windows\System32\PfxWzGm.exe
  2⤵
  PID:10544
- C:\Windows\System32\hkUfjxm.exe
  C:\Windows\System32\hkUfjxm.exe
  2⤵
  PID:10596
- C:\Windows\System32\MuwCRFB.exe
  C:\Windows\System32\MuwCRFB.exe
  2⤵
  PID:10616
- C:\Windows\System32\aDDEdlK.exe
  C:\Windows\System32\aDDEdlK.exe
  2⤵
  PID:10636
- C:\Windows\System32\FeAERzA.exe
  C:\Windows\System32\FeAERzA.exe
  2⤵
  PID:10656
- C:\Windows\System32\vagCAMo.exe
  C:\Windows\System32\vagCAMo.exe
  2⤵
  PID:10672
- C:\Windows\System32\HnUNVAW.exe
  C:\Windows\System32\HnUNVAW.exe
  2⤵
  PID:10708
- C:\Windows\System32\iqaxRQa.exe
  C:\Windows\System32\iqaxRQa.exe
  2⤵
  PID:10740
- C:\Windows\System32\INRfaAF.exe
  C:\Windows\System32\INRfaAF.exe
  2⤵
  PID:10760
- C:\Windows\System32\GFjPVvQ.exe
  C:\Windows\System32\GFjPVvQ.exe
  2⤵
  PID:10784
- C:\Windows\System32\gplapCY.exe
  C:\Windows\System32\gplapCY.exe
  2⤵
  PID:10804
- C:\Windows\System32\AlBpcUF.exe
  C:\Windows\System32\AlBpcUF.exe
  2⤵
  PID:10824
- C:\Windows\System32\gzQtBad.exe
  C:\Windows\System32\gzQtBad.exe
  2⤵
  PID:10868
- C:\Windows\System32\qSRyWkI.exe
  C:\Windows\System32\qSRyWkI.exe
  2⤵
  PID:10900
- C:\Windows\System32\FvYvKLJ.exe
  C:\Windows\System32\FvYvKLJ.exe
  2⤵
  PID:10940
- C:\Windows\System32\uIBCzNy.exe
  C:\Windows\System32\uIBCzNy.exe
  2⤵
  PID:10960
- C:\Windows\System32\rFPTSgU.exe
  C:\Windows\System32\rFPTSgU.exe
  2⤵
  PID:10984
- C:\Windows\System32\zMFCFNp.exe
  C:\Windows\System32\zMFCFNp.exe
  2⤵
  PID:11000
- C:\Windows\System32\PBQwTiW.exe
  C:\Windows\System32\PBQwTiW.exe
  2⤵
  PID:11040
- C:\Windows\System32\twreYXA.exe
  C:\Windows\System32\twreYXA.exe
  2⤵
  PID:11064
- C:\Windows\System32\AQwRCYo.exe
  C:\Windows\System32\AQwRCYo.exe
  2⤵
  PID:11084
- C:\Windows\System32\wHgOUIN.exe
  C:\Windows\System32\wHgOUIN.exe
  2⤵
  PID:11132
- C:\Windows\System32\uQFyCGM.exe
  C:\Windows\System32\uQFyCGM.exe
  2⤵
  PID:11152
- C:\Windows\System32\XzRCtne.exe
  C:\Windows\System32\XzRCtne.exe
  2⤵
  PID:11172
- C:\Windows\System32\hHazTfZ.exe
  C:\Windows\System32\hHazTfZ.exe
  2⤵
  PID:11196
- C:\Windows\System32\sIyYBJx.exe
  C:\Windows\System32\sIyYBJx.exe
  2⤵
  PID:11220
- C:\Windows\System32\UnTyviY.exe
  C:\Windows\System32\UnTyviY.exe
  2⤵
  PID:10252
- C:\Windows\System32\dyWUgTr.exe
  C:\Windows\System32\dyWUgTr.exe
  2⤵
  PID:10344
- C:\Windows\System32\bdcPQxK.exe
  C:\Windows\System32\bdcPQxK.exe
  2⤵
  PID:10376
- C:\Windows\System32\iqTAVoO.exe
  C:\Windows\System32\iqTAVoO.exe
  2⤵
  PID:10412
- C:\Windows\System32\olDIdgh.exe
  C:\Windows\System32\olDIdgh.exe
  2⤵
  PID:10560
- C:\Windows\System32\kMLSvnI.exe
  C:\Windows\System32\kMLSvnI.exe
  2⤵
  PID:10568
- C:\Windows\System32\JzKxnuj.exe
  C:\Windows\System32\JzKxnuj.exe
  2⤵
  PID:10624
- C:\Windows\System32\cGKahql.exe
  C:\Windows\System32\cGKahql.exe
  2⤵
  PID:10684
- C:\Windows\System32\juOwaQi.exe
  C:\Windows\System32\juOwaQi.exe
  2⤵
  PID:10720
- C:\Windows\System32\DsiRCfh.exe
  C:\Windows\System32\DsiRCfh.exe
  2⤵
  PID:10796
- C:\Windows\System32\HBDFWfx.exe
  C:\Windows\System32\HBDFWfx.exe
  2⤵
  PID:10836
- C:\Windows\System32\qEwyXqG.exe
  C:\Windows\System32\qEwyXqG.exe
  2⤵
  PID:10860
- C:\Windows\System32\WYssdxq.exe
  C:\Windows\System32\WYssdxq.exe
  2⤵
  PID:11008
- C:\Windows\System32\shYnGWs.exe
  C:\Windows\System32\shYnGWs.exe
  2⤵
  PID:11048
- C:\Windows\System32\JhLdQLV.exe
  C:\Windows\System32\JhLdQLV.exe
  2⤵
  PID:11060
- C:\Windows\System32\gSNtpaQ.exe
  C:\Windows\System32\gSNtpaQ.exe
  2⤵
  PID:11188
- C:\Windows\System32\XSrQhIM.exe
  C:\Windows\System32\XSrQhIM.exe
  2⤵
  PID:11164
- C:\Windows\System32\qesdsAl.exe
  C:\Windows\System32\qesdsAl.exe
  2⤵
  PID:11228
- C:\Windows\System32\cEaEjeP.exe
  C:\Windows\System32\cEaEjeP.exe
  2⤵
  PID:10056
- C:\Windows\System32\ONrtkdG.exe
  C:\Windows\System32\ONrtkdG.exe
  2⤵
  PID:10392
- C:\Windows\System32\vDVqpVK.exe
  C:\Windows\System32\vDVqpVK.exe
  2⤵
  PID:10460
- C:\Windows\System32\bVGvPag.exe
  C:\Windows\System32\bVGvPag.exe
  2⤵
  PID:10756
- C:\Windows\System32\WMNffRo.exe
  C:\Windows\System32\WMNffRo.exe
  2⤵
  PID:11260
- C:\Windows\System32\jDNMPmf.exe
  C:\Windows\System32\jDNMPmf.exe
  2⤵
  PID:11256
- C:\Windows\System32\HjPPdiO.exe
  C:\Windows\System32\HjPPdiO.exe
  2⤵
  PID:10664
- C:\Windows\System32\NYZPgVO.exe
  C:\Windows\System32\NYZPgVO.exe
  2⤵
  PID:10908
- C:\Windows\System32\YsKEkni.exe
  C:\Windows\System32\YsKEkni.exe
  2⤵
  PID:10668
- C:\Windows\System32\aZpuAMV.exe
  C:\Windows\System32\aZpuAMV.exe
  2⤵
  PID:11292
- C:\Windows\System32\nUdZThl.exe
  C:\Windows\System32\nUdZThl.exe
  2⤵
  PID:11312
- C:\Windows\System32\vmmkIrJ.exe
  C:\Windows\System32\vmmkIrJ.exe
  2⤵
  PID:11328
- C:\Windows\System32\ypiBoqi.exe
  C:\Windows\System32\ypiBoqi.exe
  2⤵
  PID:11356
- C:\Windows\System32\zGiMOWB.exe
  C:\Windows\System32\zGiMOWB.exe
  2⤵
  PID:11376
- C:\Windows\System32\dhSIdgP.exe
  C:\Windows\System32\dhSIdgP.exe
  2⤵
  PID:11396
- C:\Windows\System32\Zmmqdln.exe
  C:\Windows\System32\Zmmqdln.exe
  2⤵
  PID:11448
- C:\Windows\System32\tNlyXLH.exe
  C:\Windows\System32\tNlyXLH.exe
  2⤵
  PID:11496
- C:\Windows\System32\rCVjjRd.exe
  C:\Windows\System32\rCVjjRd.exe
  2⤵
  PID:11516
- C:\Windows\System32\ehCqDAZ.exe
  C:\Windows\System32\ehCqDAZ.exe
  2⤵
  PID:11544
- C:\Windows\System32\NxpLHqo.exe
  C:\Windows\System32\NxpLHqo.exe
  2⤵
  PID:11564
- C:\Windows\System32\NngGtiV.exe
  C:\Windows\System32\NngGtiV.exe
  2⤵
  PID:11580
- C:\Windows\System32\ectsAlQ.exe
  C:\Windows\System32\ectsAlQ.exe
  2⤵
  PID:11616
- C:\Windows\System32\FEQYySi.exe
  C:\Windows\System32\FEQYySi.exe
  2⤵
  PID:11632
- C:\Windows\System32\CdydXkh.exe
  C:\Windows\System32\CdydXkh.exe
  2⤵
  PID:11664
- C:\Windows\System32\opwSMpf.exe
  C:\Windows\System32\opwSMpf.exe
  2⤵
  PID:11724
- C:\Windows\System32\vNwWzqy.exe
  C:\Windows\System32\vNwWzqy.exe
  2⤵
  PID:11744
- C:\Windows\System32\qkLwpiA.exe
  C:\Windows\System32\qkLwpiA.exe
  2⤵
  PID:11768
- C:\Windows\System32\mUMpSII.exe
  C:\Windows\System32\mUMpSII.exe
  2⤵
  PID:11788
- C:\Windows\System32\NvUWWdV.exe
  C:\Windows\System32\NvUWWdV.exe
  2⤵
  PID:11820
- C:\Windows\System32\ZSITHet.exe
  C:\Windows\System32\ZSITHet.exe
  2⤵
  PID:11836
- C:\Windows\System32\llWOxKS.exe
  C:\Windows\System32\llWOxKS.exe
  2⤵
  PID:11872
- C:\Windows\System32\MIyHyLS.exe
  C:\Windows\System32\MIyHyLS.exe
  2⤵
  PID:11912
- C:\Windows\System32\uTpONfM.exe
  C:\Windows\System32\uTpONfM.exe
  2⤵
  PID:11960
- C:\Windows\System32\RreJrrj.exe
  C:\Windows\System32\RreJrrj.exe
  2⤵
  PID:11976
- C:\Windows\System32\uZdtbce.exe
  C:\Windows\System32\uZdtbce.exe
  2⤵
  PID:11996
- C:\Windows\System32\ocwnBFG.exe
  C:\Windows\System32\ocwnBFG.exe
  2⤵
  PID:12016
- C:\Windows\System32\OACrIUh.exe
  C:\Windows\System32\OACrIUh.exe
  2⤵
  PID:12032
- C:\Windows\System32\jKzvova.exe
  C:\Windows\System32\jKzvova.exe
  2⤵
  PID:12068
- C:\Windows\System32\pqHqoSZ.exe
  C:\Windows\System32\pqHqoSZ.exe
  2⤵
  PID:12092
- C:\Windows\System32\iQSGuFZ.exe
  C:\Windows\System32\iQSGuFZ.exe
  2⤵
  PID:12132
- C:\Windows\System32\JsoVZgu.exe
  C:\Windows\System32\JsoVZgu.exe
  2⤵
  PID:12156
- C:\Windows\System32\DJRIQyK.exe
  C:\Windows\System32\DJRIQyK.exe
  2⤵
  PID:12172
- C:\Windows\System32\qekSCxk.exe
  C:\Windows\System32\qekSCxk.exe
  2⤵
  PID:12204
- C:\Windows\System32\SDRdvFj.exe
  C:\Windows\System32\SDRdvFj.exe
  2⤵
  PID:12240
- C:\Windows\System32\SbMqWur.exe
  C:\Windows\System32\SbMqWur.exe
  2⤵
  PID:12268
- C:\Windows\System32\cwCNbnL.exe
  C:\Windows\System32\cwCNbnL.exe
  2⤵
  PID:11092
- C:\Windows\System32\jXwfNTa.exe
  C:\Windows\System32\jXwfNTa.exe
  2⤵
  PID:9864
- C:\Windows\System32\omMQbfB.exe
  C:\Windows\System32\omMQbfB.exe
  2⤵
  PID:11364
- C:\Windows\System32\DtFJoom.exe
  C:\Windows\System32\DtFJoom.exe
  2⤵
  PID:11464
- C:\Windows\System32\RMWWJBR.exe
  C:\Windows\System32\RMWWJBR.exe
  2⤵
  PID:11460
- C:\Windows\System32\QMVQffF.exe
  C:\Windows\System32\QMVQffF.exe
  2⤵
  PID:11540
- C:\Windows\System32\UizBKxz.exe
  C:\Windows\System32\UizBKxz.exe
  2⤵
  PID:11588
- C:\Windows\System32\kinUIbt.exe
  C:\Windows\System32\kinUIbt.exe
  2⤵
  PID:11608
- C:\Windows\System32\aQAIbZR.exe
  C:\Windows\System32\aQAIbZR.exe
  2⤵
  PID:11656
- C:\Windows\System32\BQQEaRW.exe
  C:\Windows\System32\BQQEaRW.exe
  2⤵
  PID:11732
- C:\Windows\System32\PkCtFwF.exe
  C:\Windows\System32\PkCtFwF.exe
  2⤵
  PID:11804
- C:\Windows\System32\FDOGrrV.exe
  C:\Windows\System32\FDOGrrV.exe
  2⤵
  PID:11892
- C:\Windows\System32\WUBaPac.exe
  C:\Windows\System32\WUBaPac.exe
  2⤵
  PID:4636
- C:\Windows\System32\SzdXfOL.exe
  C:\Windows\System32\SzdXfOL.exe
  2⤵
  PID:12028
- C:\Windows\System32\IuTPIBo.exe
  C:\Windows\System32\IuTPIBo.exe
  2⤵
  PID:12048
- C:\Windows\System32\qZmsQfH.exe
  C:\Windows\System32\qZmsQfH.exe
  2⤵
  PID:12200
- C:\Windows\System32\WImVzet.exe
  C:\Windows\System32\WImVzet.exe
  2⤵
  PID:12252
- C:\Windows\System32\ErEvaTU.exe
  C:\Windows\System32\ErEvaTU.exe
  2⤵
  PID:10832
- C:\Windows\System32\bEedLzJ.exe
  C:\Windows\System32\bEedLzJ.exe
  2⤵
  PID:11404
- C:\Windows\System32\bqVaEPH.exe
  C:\Windows\System32\bqVaEPH.exe
  2⤵
  PID:11596
- C:\Windows\System32\LaWPAVo.exe
  C:\Windows\System32\LaWPAVo.exe
  2⤵
  PID:11708
- C:\Windows\System32\nmBiGLf.exe
  C:\Windows\System32\nmBiGLf.exe
  2⤵
  PID:11704
- C:\Windows\System32\IegKNjY.exe
  C:\Windows\System32\IegKNjY.exe
  2⤵
  PID:11764
- C:\Windows\System32\TGamghQ.exe
  C:\Windows\System32\TGamghQ.exe
  2⤵
  PID:11968
- C:\Windows\System32\cwYignn.exe
  C:\Windows\System32\cwYignn.exe
  2⤵
  PID:12124
- C:\Windows\System32\vMhuNLs.exe
  C:\Windows\System32\vMhuNLs.exe
  2⤵
  PID:12248
- C:\Windows\System32\WAQjSxY.exe
  C:\Windows\System32\WAQjSxY.exe
  2⤵
  PID:11508
- C:\Windows\System32\AAOzjZs.exe
  C:\Windows\System32\AAOzjZs.exe
  2⤵
  PID:11852
- C:\Windows\System32\cFXcNBD.exe
  C:\Windows\System32\cFXcNBD.exe
  2⤵
  PID:12004
- C:\Windows\System32\gIFqRWv.exe
  C:\Windows\System32\gIFqRWv.exe
  2⤵
  PID:12276
- C:\Windows\System32\jVPsYpJ.exe
  C:\Windows\System32\jVPsYpJ.exe
  2⤵
  PID:12300
- C:\Windows\System32\LCZAIEd.exe
  C:\Windows\System32\LCZAIEd.exe
  2⤵
  PID:12348
- C:\Windows\System32\iayzrBq.exe
  C:\Windows\System32\iayzrBq.exe
  2⤵
  PID:12364
- C:\Windows\System32\gdIATDW.exe
  C:\Windows\System32\gdIATDW.exe
  2⤵
  PID:12384
- C:\Windows\System32\fVeQnZb.exe
  C:\Windows\System32\fVeQnZb.exe
  2⤵
  PID:12400
- C:\Windows\System32\BvrFkEK.exe
  C:\Windows\System32\BvrFkEK.exe
  2⤵
  PID:12420
- C:\Windows\System32\nHCbBOf.exe
  C:\Windows\System32\nHCbBOf.exe
  2⤵
  PID:12472
- C:\Windows\System32\MFaylMp.exe
  C:\Windows\System32\MFaylMp.exe
  2⤵
  PID:12492
- C:\Windows\System32\UDQtRJD.exe
  C:\Windows\System32\UDQtRJD.exe
  2⤵
  PID:12524
- C:\Windows\System32\mFDGcPi.exe
  C:\Windows\System32\mFDGcPi.exe
  2⤵
  PID:12556
- C:\Windows\System32\MlHrUvq.exe
  C:\Windows\System32\MlHrUvq.exe
  2⤵
  PID:12592
- C:\Windows\System32\qeUmVXR.exe
  C:\Windows\System32\qeUmVXR.exe
  2⤵
  PID:12608
- C:\Windows\System32\tRlJjrf.exe
  C:\Windows\System32\tRlJjrf.exe
  2⤵
  PID:12628
- C:\Windows\System32\BsWFZfL.exe
  C:\Windows\System32\BsWFZfL.exe
  2⤵
  PID:12648
- C:\Windows\System32\SexaThl.exe
  C:\Windows\System32\SexaThl.exe
  2⤵
  PID:12668
- C:\Windows\System32\SOFkAey.exe
  C:\Windows\System32\SOFkAey.exe
  2⤵
  PID:12752
- C:\Windows\System32\juVeyih.exe
  C:\Windows\System32\juVeyih.exe
  2⤵
  PID:12772
- C:\Windows\System32\dVgmnbs.exe
  C:\Windows\System32\dVgmnbs.exe
  2⤵
  PID:12788
- C:\Windows\System32\qfNWdIJ.exe
  C:\Windows\System32\qfNWdIJ.exe
  2⤵
  PID:12816
- C:\Windows\System32\Yvbhfnb.exe
  C:\Windows\System32\Yvbhfnb.exe
  2⤵
  PID:12832
- C:\Windows\System32\jhCBQGJ.exe
  C:\Windows\System32\jhCBQGJ.exe
  2⤵
  PID:12860
- C:\Windows\System32\GLBlkci.exe
  C:\Windows\System32\GLBlkci.exe
  2⤵
  PID:12880
- C:\Windows\System32\LvXlqTk.exe
  C:\Windows\System32\LvXlqTk.exe
  2⤵
  PID:12904
- C:\Windows\System32\FXBlAbX.exe
  C:\Windows\System32\FXBlAbX.exe
  2⤵
  PID:12960
- C:\Windows\System32\neNdege.exe
  C:\Windows\System32\neNdege.exe
  2⤵
  PID:12984
- C:\Windows\System32\BehvXUZ.exe
  C:\Windows\System32\BehvXUZ.exe
  2⤵
  PID:13008
- C:\Windows\System32\whcZaEQ.exe
  C:\Windows\System32\whcZaEQ.exe
  2⤵
  PID:13036
- C:\Windows\System32\TSJfESe.exe
  C:\Windows\System32\TSJfESe.exe
  2⤵
  PID:13200

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12656

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AknxTEp.exe

Filesize
1.1MB

MD5
901121b92be14ca6148082718f46bfcc

SHA1
95357659212b9f2a63125ddb4fd88f63bfd9c9a1

SHA256
0d17e61907c23972a9de702e8faeee38ceb8e1cfdb755be3f5381139015d75f0

SHA512
1ca4d0e0dc91f5bad5b3b97c87555eecc3521205df042a5006ddb48e35a3cfdc6cab2431c8c78e6a66d89b0b2e36adb320efa403a90067886d2cb7f68ddc93a9

Download Submit
C:\Windows\System32\DJfzJRG.exe

Filesize
1.1MB

MD5
3a3eb13cb43804de53c0889acdb71c23

SHA1
549b6f6ad8a6e2f478d3cc9f86c54ecdcd774810

SHA256
c9b1413ffff983c0be4f99d33cfde9bd753d7f3f5ff9f3055660d24bb31d3973

SHA512
0e2e484258eff05af414e902868ac3a7ce7328ee25d6e1c5aa26804f01510b50f2f445e3965c5da15ca7ab8a753f795994b37d77d951c1c2e111c1796d7e89f8

Download Submit
C:\Windows\System32\IBfDIOH.exe

Filesize
1.1MB

MD5
360fc22986aa050cceb5458ac2f617ea

SHA1
43c92dee626a2f573fbc6dc92dbfd30c04fda961

SHA256
baa6458fe56db8fe0f59dfc8311e41b89c9011d7294de49212e6ee64e1236f12

SHA512
8df09e06bd1c7fc75a920404f1a91b59fd9a28f4f7e3206a9ee23586959a441cb8fec9a7da21db596136eb0f44b2e3bb98a04ae986cc537777757fc56d246b66

Download Submit
C:\Windows\System32\JDKNHmt.exe

Filesize
1.1MB

MD5
ce8bec966dd9e42d41f17cea8a72218f

SHA1
aeb4486da7fc8df67b70b9d84ccd08b7763bde90

SHA256
df9ca7f02ff56b24adeadd0d20e24833ebaf0990791aae8a89fd90caa89f8745

SHA512
ffdc7c572bff9b83f026b9f6826dc5cdca052672041630044d2a866256ceacbcd3ab4a8ac8c126b22cb7822ec5b12cd150ee98fa225b5969a12c01298f9ffc69

Download Submit
C:\Windows\System32\MLWMqHr.exe

Filesize
1.1MB

MD5
1064cec84fc751a123ba284df96b5c69

SHA1
c596ff913435a7dd69c8da60e3f9191d91bcfcf8

SHA256
095b58e5d169f8c76f85bf470097c0069ffd959a7e62d6f541e4d34a3636a617

SHA512
ba3c7701ce19ba71d79138a35af4a4542e6c27b4426cc7cab977450a7d1976a95f0d4018c7498b7a1afcfa488e018265149db25dc60da146d1458814ed15c388

Download Submit
C:\Windows\System32\RVtahTZ.exe

Filesize
1.1MB

MD5
cadbc2b0018007e0c0d8aed20958d72a

SHA1
40e4c602ca9cdb2937e0b926131e0e9b21803828

SHA256
a60a0268d672a2268bf86f57b22a09eb0276c8993849eb6cbf975b4039049c6a

SHA512
ca9cbb5a1f6debe01597ea7c9d8c4b7c0077cbebb609693a5fccde216c7262c4a677c1046bd6e5dde7eaadab5915f955167d440a55ea453996a06eb5f1e8d2be

Download Submit
C:\Windows\System32\RmbXnUM.exe

Filesize
1.1MB

MD5
8e709b501a031b2a903181f2d77ac75c

SHA1
1ecc6ec5408dbeaa127b2de3cdbcff4a82d1fd20

SHA256
c9f71fd12b16df7e1146a2a54028488a21b5834ea5e42ac9dd71563fe362e079

SHA512
80c6de385803875ba45c7334a6e1b43c7ae6e8ec4fb37746a6cd88ebeeeec910b6ca6c6649bcdcea27814915f72c6604c1e203f8cb4d4e211a8b71d0d47fc792

Download Submit
C:\Windows\System32\VXmeknx.exe

Filesize
1.1MB

MD5
952ff9045bae3a3ca825032e5de981be

SHA1
6fd35362e2a0720751f0390e308c66512f5c9201

SHA256
1c5b224f230e676b5574619329266e2d9a54425d7400a0bba9483fea66da5904

SHA512
cc2819c9a423aaa910dd86704de8892f15f691d0da5dbf8d4177341aed4fb44442091a27a01d50952365d8763a6a8461616577c68915f7acb54a040f99395943

Download Submit
C:\Windows\System32\XRwgyWx.exe

Filesize
1.1MB

MD5
3cc363cf265acfd29799fc1037cd3977

SHA1
1908853f6b9405489307a1eada2378428a97d6e9

SHA256
526653ecb978b2cd7fc19b4a8255ca9280080c4569c893841ce038f468721979

SHA512
cdda04a2db10859f7ff89c36e80dbbf5dc5f8b1e7531918eb2335ab28145cdf1fff6270b5e2bf5264b4d088b83b3b0fb789ecb7ca7dba229f44eff09c41c709a

Download Submit
C:\Windows\System32\XilyCqz.exe

Filesize
1.1MB

MD5
3b8650893c06b71897de0f4d3bdf77f8

SHA1
acfece17530a3e91213008e5434e9f41060ec043

SHA256
88266866ec59ee73797960dd129af17dd76bb3f18215d27230c54f1696c7c9e2

SHA512
d8f83d011f2aeb900f5c7d03c376072c3165b75fe7ef622db7cb3c0a6115a314bfee20fcf69553f34bd2ccff23bd15bf3fd62e828508a0eacd869d783e6fafc9

Download Submit
C:\Windows\System32\XqYwBcK.exe

Filesize
1.1MB

MD5
56b8fb5b959ccd3ab2dd214fd6adce9c

SHA1
d6ef7ace2c6d260e44815774ec45f1a5a8921d2e

SHA256
72a69bdd35e23e823252ae3ac54459c14ee0cc44b2d6a8668c70855d64d897ba

SHA512
48064a189d2aa95ccedc91415dbe2529d40eb695dda752e9d6419f40d98ad8545f1c5bdeb66615f44fb4f637dd85b543a902c2d0e71bd6743b40fa2a80d01221

Download Submit
C:\Windows\System32\YcmrRUC.exe

Filesize
1.1MB

MD5
03646ed002f21555dc69b537045cd128

SHA1
6176e6dbc368f41f029aad9882de2db68c9dd3be

SHA256
a21264ee5faf6c0855772b5568d7fe270e4789cf3636ee709228629883ba9a06

SHA512
5d82bd7b098628607a2b3ed3b42905efbd2cd6ffbccbbf8a7d681c7d46c72dcd10ccb156e24f3c210d81176b27ed2934c088b22fe0b2cb59f94833c4865859bc

Download Submit
C:\Windows\System32\ZPUJzzL.exe

Filesize
1.1MB

MD5
3002bc7caadbbd15dc76cc8799111b84

SHA1
1733f4ba19574971d64ac2fdb5f0b66f5c50e8be

SHA256
aa259ed6f6be24c74e235d7484cedc4c49c1018b96f122c162af6f469e018c96

SHA512
71b257ca1c6bc0ee1065e414c71d5082b99755a0ac369596fefda4f4cd14819aadba14d7325d318a458b52bf6f891c6998d96fb3d25ad13c9ae7160a2ad3a2b9

Download Submit
C:\Windows\System32\bWmnQkw.exe

Filesize
1.1MB

MD5
5d027f81c049883ea8bdf6f73791d1de

SHA1
50e4016d057e85aaaf123c7d97d5500351bbe5f4

SHA256
aca309bd49e1b1ca39a16af249ac631f456a7f017b3eb660e81b117535457803

SHA512
403e45dcf1c25d767ff3b0ebe08b5623a9e8e0a0081d63c8deebabb0e8f5eab02dbc137459e2985d7e263385ac2f15328b965de17b2dfd9d77d1a1d70e207409

Download Submit
C:\Windows\System32\bhWCLWb.exe

Filesize
1.1MB

MD5
bb4d59d16ccc6b700849e364393c92c1

SHA1
4429f7a943fdf3f22108380772d45e871e045ebc

SHA256
8307f9556d21b76ca40c80200d55a66e09daa827771ad0d2bb9c95f29ed8e7e8

SHA512
95e29b59960229a1252d4ef8d137e9803a19238f5851d782c352c9fb732ffc2cf598ec8b4f9a01512b63d9ec2c5fddc6d2c0de13fef1267343f5616a2c0af923

Download Submit
C:\Windows\System32\gfXHggQ.exe

Filesize
1.1MB

MD5
adf0890fbf9bbc27b27eda38a80765a3

SHA1
a8e19ac6a5a6ca0dbbe910e78766d7477ddbf947

SHA256
70b1ea1908d4da7dc1b50f38b2beadb5c9a3cb176be0cda789e321cc80e5d934

SHA512
68f139170a748ff738c46944d1253012ee34e564f5636a433a24edd40b447c39a99f4758caa53dd03d48db6ba87205278d11aaadf7d43b566344c30abb999bf9

Download Submit
C:\Windows\System32\hMKSlUN.exe

Filesize
1.1MB

MD5
3a07c386171115c83098cd583c324db0

SHA1
4632e7da1e7e0e2c04e4ce6953fdf10eeddcdd4b

SHA256
02c631884fa994a298978feac0a9d5862a645a964dd5cecb8ab5771fcd064d8e

SHA512
23e0c123d9d89607b553706cc9cd7ba9c575e9a159e1238fb136a27492f773a89053fde3c4a9d428054be5e70826743ac50aa9a0acf525d075b2e74229baf933

Download Submit
C:\Windows\System32\icGMobJ.exe

Filesize
1.1MB

MD5
f5bf3b32f371e3469ace222f2d19ea24

SHA1
6c94bfe208563f39de7deede2dfbd807b5038bba

SHA256
a8778a12522a3b7f1bad6785513cbcf0ac01008864c1e5f8eacdb934d77f7d1d

SHA512
ccf983917bc5f2c86ae1cdcb140f93dba41630152c01c62171a6dbe5c767bbd8f5a56eeddc8f7f2ee3c3639bfa4c37a68440f270ef189531ccbc2eeed131059d

Download Submit
C:\Windows\System32\iuSpBIm.exe

Filesize
1.1MB

MD5
d368ec8d5e43b89a21aa8a369fa1e8be

SHA1
bd3eefe0855726b5de7b9a0520d79962bfb5c8cc

SHA256
5bce2607e59867a7690d3c37b456d072cdb7db2a99f16ac34087ab9f1dfb0b3f

SHA512
b40291b619a7b49268a9f72c7028735329d1423a7157aa3a890f332580423df2ad4a85145ed8eba8f05d2f5936bebf0f6822b11c13fb62e046266ea3d5d93ca4

Download Submit
C:\Windows\System32\jeXEKxy.exe

Filesize
1.1MB

MD5
05ee662e8d898362e867ca030c464019

SHA1
444fa7d96f0ca1591ea0eab7d58657acda0064db

SHA256
10ba28aebf746df1649afeb1ee19ecd90dcbdb57d207cc6f65394124d4d36b24

SHA512
abcac91cd6c84826181130cc2231f377ddfae73513aad997a04edc5b8055bd795a11b5269e2ba00e82b4628a4d8be458051feea6ee364383982f273da6559ddc

Download Submit
C:\Windows\System32\kByWaKH.exe

Filesize
1.1MB

MD5
5a39814dd3fb862a363d8a4a382e3a09

SHA1
c8e67472c51533fec75f9c250b3d00b022ba213e

SHA256
79147c27ca8189d86f2ad8f2268f26619e1ad1efb54796250cb32331baf279e5

SHA512
d9d78de22d65610193f7d4a3e83151d686b83b8064cd1744089dc95e400a691ba34dea802b18d1726386a8219fadadfb3863e3c4ad2d5f2ff043ab0969ba33b2

Download Submit
C:\Windows\System32\lLxePcx.exe

Filesize
1.1MB

MD5
932c73aa05f1cdcd93ad4384b1f1c43d

SHA1
084d52c326d4a0057535f7445747ad87302d8fed

SHA256
676e36fbfafefbc24d26741021f47f9eea4fa704e84f49e3bf787e83d80d5024

SHA512
a29cc4066f92d888029ccc46944c7908d6b78d09be41e9146cf99099da8fe4851b599040d5918c6dff088f02b72d0a751f3277241629c9d9bd139e55ab8543e4

Download Submit
C:\Windows\System32\ldwHuXt.exe

Filesize
1.1MB

MD5
fda2705bf91762ac3408ab6c84f32fe2

SHA1
d70fea58f39203cf583e9c5c74d5bccdf78af4ad

SHA256
5db19b8975ae69b746b164c7b8a0dbcd5eb533f0bef517d3358a1ce7ade47cff

SHA512
0c3c553faf66af3dec5a00b933794ba01870a90d67a7d04b38bb349d51f59a3eb22d8a84589164d4313d509dbcf054be8ba0802150d25e490e03e9b3e361d0a1

Download Submit
C:\Windows\System32\lsQxlHe.exe

Filesize
1.1MB

MD5
14091d8b3be05ac35d4f04d1acd613fd

SHA1
d19b0966cd259f617bbbdb02f222c2d07c8eb56a

SHA256
432c242844d1a6a5aa9884779abde316132dc82e3e53ac76758edef6129cf8e0

SHA512
99c89f0bff76312f0a4ffa7ba6b9b350a5a4c7a28c8c1d126c258132574c6894aa7017afb6829fe66aa7ba6c8e601fe9be9df8a66af74300386dbb799832b7d7

Download Submit
C:\Windows\System32\mWjASiZ.exe

Filesize
1.1MB

MD5
175f7efaf36bf832ce9178dea1420754

SHA1
6a27888827662657f30dfc96b0a58a093e8eaaa6

SHA256
fc88b64cb588c9b77b671b5f928061a0396a519c37f3495f55886774cf13c0dd

SHA512
1c9392319242096d8d6e0b3fe1af6b302546bd10cff856e27d9327c582718c4e1e759f9e8c5287df48903d42322c77768e115f9666c7bd5eaa02bf9157b99a22

Download Submit
C:\Windows\System32\qrLqrrD.exe

Filesize
1.1MB

MD5
5527740439f35589caf60800645b2c43

SHA1
945278fc2ceba118f23633f0c9a23e979219185a

SHA256
2cfb3ae1591505648634c9033a746f1ec81d75fe5512035aa1b4bfe0291edd97

SHA512
fc0fe65494df89cdf906d96d17f7925d079e99f12ed4dab27f37355efd07edea34ab659f945712fb9e9f5ef5d9479b09db5031d2e800a2136c33be9b29c716ff

Download Submit
C:\Windows\System32\rhsqNqP.exe

Filesize
1.1MB

MD5
6c9a11a654d49ba72aff2ec01b69fa79

SHA1
7d366135eb7603c39a930dd915da6f3ae71e5a22

SHA256
5214908a67b1eba555c90e954c5d9c5d2d8ebff7279fefe69948075664d9e313

SHA512
793b8423c83441ddcce647eb5095231ac50dc224475980564d327eb835c7514011eadb5443b865091996fbb00f1796b5d7d6d383f7693746ba208205bf2f0c80

Download Submit
C:\Windows\System32\sTZrxJL.exe

Filesize
1.1MB

MD5
f9ad9f33e692d7f1a92638da88789e53

SHA1
81c02bdf81fe2ea8c91c9a236495b34cb56ea006

SHA256
e559361943f8251992a8420412929630fe6e299d4f86fbb3a08357f6c1fa1ea3

SHA512
60f6cb83af72c8b1e01dac01372d74a089f0a38cc9d6db4a208ebbcd35ba9eb316f9324a62695b61a9c9d04e52d3162e484cdb46ff713f68924e68ee051b54eb

Download Submit
C:\Windows\System32\tiqJxjh.exe

Filesize
1.1MB

MD5
36b7de5f664a2ec8803d347d435edacc

SHA1
66d461df68d6c4f2d8d8af899558999a7d8fce81

SHA256
a9428929a9c968eb1cc6c9d410c8bda6dec4ae5ddcb69e271330ddf7b0bf574a

SHA512
cedc7b0698d6757f8ea4c8287bb7fc5331f569d4773697bfec0c61ebc2ec011681023fd7d7affd5bfa34b5de4c957686b99e915c53bcebbd1770926c87e98d31

Download Submit
C:\Windows\System32\vIbouLA.exe

Filesize
1.1MB

MD5
307741ed4acc40675551a7658f4d70e4

SHA1
7a732ac022fdc1187f0978cf82c792bff484b894

SHA256
5f7c5c97cd4aa9edaae9e840ea858b8ab5caece06bd0dbbcc7aa55d903688cdc

SHA512
3607ef7d76a0f69a0ec8bb0322b977a3a1a71e92a24caa39e3cf4ff7ad3c0374beca0e444317b17f4d8052a98bb1e5b16b9905b55acabbd531b7e87cce28284b

Download Submit
C:\Windows\System32\vjpJdSB.exe

Filesize
1.1MB

MD5
8af6047f5db69b4f0101aa1f34404a30

SHA1
3a1e8fbbc202eae08bd70a70f90350f05338c963

SHA256
92dac1efe51eb1f19be57dd594ca6a4288acd3c1c7dc9f2dc437b259d1e93d89

SHA512
8e000cff761387fdf87fa45c57ccb03b92f52c679f6a71539792ffd49d07f8597e6922d5525164a03c713e52f8a146d42eb163a8989f6cc42866b1deb920a3b9

Download Submit
C:\Windows\System32\xevtMnI.exe

Filesize
1.1MB

MD5
51c5e6a918e518812ca374ea40fb1e34

SHA1
f8a3e73d89fe3c53f5b120e13b2ff60dd720b689

SHA256
5a663907f32ec8c60f73d82d71bd46cc74dd44113ecfba569ea8d468234b7fac

SHA512
8e1402557832dd820b5397d7efdc3a70e7fcd48ffb912bac42aa24862e62e7543a1b8525f9b4ebff9bc7f8513f13f3e1fafae7d07936e6a804654c1d55c5698c

Download Submit
C:\Windows\System32\zPiCwFn.exe

Filesize
1.1MB

MD5
c082f3f3b4c6b6a807c1c1b192135d9a

SHA1
e69dc6e528d6572244a050f94f8ab0e3b95848ca

SHA256
7c3a9a252a2554aa3edf42e12403eda2eb6199881c0360862a518b4e742145ab

SHA512
360c0e555e913820410e9204762923218e5c48dc94b7727867fe3a6878906f832d7a0938ee152e232576f284bd991fbaf627b36daa090a32aeea56f801364764

Download Submit
memory/436-361-0x00007FF62A080000-0x00007FF62A471000-memory.dmp

Filesize
3.9MB

Download
memory/436-2096-0x00007FF62A080000-0x00007FF62A471000-memory.dmp

Filesize
3.9MB

Download
memory/648-29-0x00007FF75DB90000-0x00007FF75DF81000-memory.dmp

Filesize
3.9MB

Download
memory/648-2054-0x00007FF75DB90000-0x00007FF75DF81000-memory.dmp

Filesize
3.9MB

Download
memory/956-2060-0x00007FF6A6C70000-0x00007FF6A7061000-memory.dmp

Filesize
3.9MB

Download
memory/956-323-0x00007FF6A6C70000-0x00007FF6A7061000-memory.dmp

Filesize
3.9MB

Download
memory/1332-0-0x00007FF73C6E0000-0x00007FF73CAD1000-memory.dmp

Filesize
3.9MB

Download
memory/1332-1-0x000002EC64AE0000-0x000002EC64AF0000-memory.dmp

Filesize
64KB

Download
memory/1360-2090-0x00007FF789360000-0x00007FF789751000-memory.dmp

Filesize
3.9MB

Download
memory/1360-352-0x00007FF789360000-0x00007FF789751000-memory.dmp

Filesize
3.9MB

Download
memory/1532-2058-0x00007FF6582B0000-0x00007FF6586A1000-memory.dmp

Filesize
3.9MB

Download
memory/1532-319-0x00007FF6582B0000-0x00007FF6586A1000-memory.dmp

Filesize
3.9MB

Download
memory/1532-2016-0x00007FF6582B0000-0x00007FF6586A1000-memory.dmp

Filesize
3.9MB

Download
memory/1572-17-0x00007FF7A0E40000-0x00007FF7A1231000-memory.dmp

Filesize
3.9MB

Download
memory/1572-2050-0x00007FF7A0E40000-0x00007FF7A1231000-memory.dmp

Filesize
3.9MB

Download
memory/1572-1990-0x00007FF7A0E40000-0x00007FF7A1231000-memory.dmp

Filesize
3.9MB

Download
memory/1660-8-0x00007FF77FAD0000-0x00007FF77FEC1000-memory.dmp

Filesize
3.9MB

Download
memory/1660-2048-0x00007FF77FAD0000-0x00007FF77FEC1000-memory.dmp

Filesize
3.9MB

Download
memory/1660-1988-0x00007FF77FAD0000-0x00007FF77FEC1000-memory.dmp

Filesize
3.9MB

Download
memory/1824-320-0x00007FF6200D0000-0x00007FF6204C1000-memory.dmp

Filesize
3.9MB

Download
memory/1824-2062-0x00007FF6200D0000-0x00007FF6204C1000-memory.dmp

Filesize
3.9MB

Download
memory/1960-2088-0x00007FF6CD920000-0x00007FF6CDD11000-memory.dmp

Filesize
3.9MB

Download
memory/1960-349-0x00007FF6CD920000-0x00007FF6CDD11000-memory.dmp

Filesize
3.9MB

Download
memory/2432-331-0x00007FF796DD0000-0x00007FF7971C1000-memory.dmp

Filesize
3.9MB

Download
memory/2432-2064-0x00007FF796DD0000-0x00007FF7971C1000-memory.dmp

Filesize
3.9MB

Download
memory/2676-342-0x00007FF755750000-0x00007FF755B41000-memory.dmp

Filesize
3.9MB

Download
memory/2676-2084-0x00007FF755750000-0x00007FF755B41000-memory.dmp

Filesize
3.9MB

Download
memory/2780-2074-0x00007FF611410000-0x00007FF611801000-memory.dmp

Filesize
3.9MB

Download
memory/2780-322-0x00007FF611410000-0x00007FF611801000-memory.dmp

Filesize
3.9MB

Download
memory/2924-2086-0x00007FF6A90A0000-0x00007FF6A9491000-memory.dmp

Filesize
3.9MB

Download
memory/2924-345-0x00007FF6A90A0000-0x00007FF6A9491000-memory.dmp

Filesize
3.9MB

Download
memory/3100-2068-0x00007FF7E9C30000-0x00007FF7EA021000-memory.dmp

Filesize
3.9MB

Download
memory/3100-326-0x00007FF7E9C30000-0x00007FF7EA021000-memory.dmp

Filesize
3.9MB

Download
memory/3372-2078-0x00007FF7413B0000-0x00007FF7417A1000-memory.dmp

Filesize
3.9MB

Download
memory/3372-366-0x00007FF7413B0000-0x00007FF7417A1000-memory.dmp

Filesize
3.9MB

Download
memory/3644-2066-0x00007FF70D880000-0x00007FF70DC71000-memory.dmp

Filesize
3.9MB

Download
memory/3644-329-0x00007FF70D880000-0x00007FF70DC71000-memory.dmp

Filesize
3.9MB

Download
memory/3748-2092-0x00007FF794C20000-0x00007FF795011000-memory.dmp

Filesize
3.9MB

Download
memory/3748-358-0x00007FF794C20000-0x00007FF795011000-memory.dmp

Filesize
3.9MB

Download
memory/4048-325-0x00007FF7F89C0000-0x00007FF7F8DB1000-memory.dmp

Filesize
3.9MB

Download
memory/4048-2072-0x00007FF7F89C0000-0x00007FF7F8DB1000-memory.dmp

Filesize
3.9MB

Download
memory/4256-321-0x00007FF67AA70000-0x00007FF67AE61000-memory.dmp

Filesize
3.9MB

Download
memory/4256-2076-0x00007FF67AA70000-0x00007FF67AE61000-memory.dmp

Filesize
3.9MB

Download
memory/4420-327-0x00007FF6F9320000-0x00007FF6F9711000-memory.dmp

Filesize
3.9MB

Download
memory/4420-2080-0x00007FF6F9320000-0x00007FF6F9711000-memory.dmp

Filesize
3.9MB

Download
memory/4548-324-0x00007FF7688C0000-0x00007FF768CB1000-memory.dmp

Filesize
3.9MB

Download
memory/4548-2070-0x00007FF7688C0000-0x00007FF768CB1000-memory.dmp

Filesize
3.9MB

Download
memory/4872-15-0x00007FF6CC190000-0x00007FF6CC581000-memory.dmp

Filesize
3.9MB

Download
memory/4872-1989-0x00007FF6CC190000-0x00007FF6CC581000-memory.dmp

Filesize
3.9MB

Download
memory/4872-2052-0x00007FF6CC190000-0x00007FF6CC581000-memory.dmp

Filesize
3.9MB

Download
memory/4904-2082-0x00007FF756E30000-0x00007FF757221000-memory.dmp

Filesize
3.9MB

Download
memory/4904-338-0x00007FF756E30000-0x00007FF757221000-memory.dmp

Filesize
3.9MB

Download
memory/4952-2056-0x00007FF62FB90000-0x00007FF62FF81000-memory.dmp

Filesize
3.9MB

Download
memory/4952-1991-0x00007FF62FB90000-0x00007FF62FF81000-memory.dmp

Filesize
3.9MB

Download
memory/4952-35-0x00007FF62FB90000-0x00007FF62FF81000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads