xmrig | 8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345

Analysis

max time kernel
140s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
Size

2.3MB
MD5

3d9e78dcaca1fd2ea742b42ef730da82
SHA1

181160f3fd2617335c095cb55acc396e3521c84f
SHA256

8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345
SHA512

b2686edbccdcc6b35e379bc2a6efe0b01bd90c71a2139ed32758b68a962a032577c32c943e9dbfcc339862ccde16eca8312fbab9561b60920da01f8d97e00bfe
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8DzJuJ5a:w0GnJMOWPClFdx6e0EALKWVTffZiPAcB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1008-0-0x00007FF6E8C10000-0x00007FF6E9005000-memory.dmp	xmrig
behavioral2/files/0x0009000000023383-4.dat	xmrig
behavioral2/files/0x00070000000233e1-9.dat	xmrig
behavioral2/files/0x00090000000233cf-15.dat	xmrig
behavioral2/files/0x00070000000233e3-24.dat	xmrig
behavioral2/files/0x00070000000233e4-42.dat	xmrig
behavioral2/files/0x00070000000233e7-46.dat	xmrig
behavioral2/files/0x00070000000233e8-54.dat	xmrig
behavioral2/files/0x00070000000233eb-67.dat	xmrig
behavioral2/files/0x00070000000233ec-77.dat	xmrig
behavioral2/files/0x00070000000233ee-84.dat	xmrig
behavioral2/files/0x00070000000233f0-94.dat	xmrig
behavioral2/files/0x00070000000233f2-104.dat	xmrig
behavioral2/files/0x00070000000233f5-116.dat	xmrig
behavioral2/files/0x00070000000233fe-161.dat	xmrig
behavioral2/memory/2368-698-0x00007FF7DAFA0000-0x00007FF7DB395000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fd-159.dat	xmrig
behavioral2/files/0x00070000000233fc-154.dat	xmrig
behavioral2/files/0x00070000000233fb-149.dat	xmrig
behavioral2/files/0x00070000000233fa-147.dat	xmrig
behavioral2/files/0x00070000000233f9-139.dat	xmrig
behavioral2/memory/3428-699-0x00007FF7507E0000-0x00007FF750BD5000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f8-134.dat	xmrig
behavioral2/files/0x00070000000233f7-129.dat	xmrig
behavioral2/files/0x00070000000233f6-124.dat	xmrig
behavioral2/files/0x00070000000233f4-114.dat	xmrig
behavioral2/files/0x00070000000233f3-112.dat	xmrig
behavioral2/files/0x00070000000233f1-99.dat	xmrig
behavioral2/files/0x00070000000233ef-89.dat	xmrig
behavioral2/files/0x00070000000233ed-79.dat	xmrig
behavioral2/files/0x00070000000233ea-64.dat	xmrig
behavioral2/files/0x00070000000233e9-59.dat	xmrig
behavioral2/files/0x00070000000233e6-44.dat	xmrig
behavioral2/files/0x00070000000233e5-37.dat	xmrig
behavioral2/files/0x00070000000233e2-33.dat	xmrig
behavioral2/memory/1108-28-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp	xmrig
behavioral2/memory/2692-18-0x00007FF736170000-0x00007FF736565000-memory.dmp	xmrig
behavioral2/memory/2016-11-0x00007FF7C2E20000-0x00007FF7C3215000-memory.dmp	xmrig
behavioral2/memory/3388-701-0x00007FF7BF700000-0x00007FF7BFAF5000-memory.dmp	xmrig
behavioral2/memory/5004-700-0x00007FF6B5070000-0x00007FF6B5465000-memory.dmp	xmrig
behavioral2/memory/4488-702-0x00007FF788FB0000-0x00007FF7893A5000-memory.dmp	xmrig
behavioral2/memory/3660-704-0x00007FF779BF0000-0x00007FF779FE5000-memory.dmp	xmrig
behavioral2/memory/3788-703-0x00007FF60CB20000-0x00007FF60CF15000-memory.dmp	xmrig
behavioral2/memory/3068-705-0x00007FF7BE960000-0x00007FF7BED55000-memory.dmp	xmrig
behavioral2/memory/4916-712-0x00007FF64CB30000-0x00007FF64CF25000-memory.dmp	xmrig
behavioral2/memory/3420-720-0x00007FF75AC80000-0x00007FF75B075000-memory.dmp	xmrig
behavioral2/memory/1044-716-0x00007FF603ED0000-0x00007FF6042C5000-memory.dmp	xmrig
behavioral2/memory/644-750-0x00007FF656DE0000-0x00007FF6571D5000-memory.dmp	xmrig
behavioral2/memory/1900-761-0x00007FF75DDD0000-0x00007FF75E1C5000-memory.dmp	xmrig
behavioral2/memory/3540-770-0x00007FF6AC450000-0x00007FF6AC845000-memory.dmp	xmrig
behavioral2/memory/2560-775-0x00007FF7625D0000-0x00007FF7629C5000-memory.dmp	xmrig
behavioral2/memory/3576-758-0x00007FF7DA7C0000-0x00007FF7DABB5000-memory.dmp	xmrig
behavioral2/memory/3256-740-0x00007FF7D5240000-0x00007FF7D5635000-memory.dmp	xmrig
behavioral2/memory/3236-735-0x00007FF74EC60000-0x00007FF74F055000-memory.dmp	xmrig
behavioral2/memory/4996-732-0x00007FF633E70000-0x00007FF634265000-memory.dmp	xmrig
behavioral2/memory/3628-730-0x00007FF705BA0000-0x00007FF705F95000-memory.dmp	xmrig
behavioral2/memory/3020-725-0x00007FF651ED0000-0x00007FF6522C5000-memory.dmp	xmrig
behavioral2/memory/2692-1907-0x00007FF736170000-0x00007FF736565000-memory.dmp	xmrig
behavioral2/memory/1108-1908-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp	xmrig
behavioral2/memory/2368-1909-0x00007FF7DAFA0000-0x00007FF7DB395000-memory.dmp	xmrig
behavioral2/memory/1008-1910-0x00007FF6E8C10000-0x00007FF6E9005000-memory.dmp	xmrig
behavioral2/memory/2016-1911-0x00007FF7C2E20000-0x00007FF7C3215000-memory.dmp	xmrig
behavioral2/memory/2692-1912-0x00007FF736170000-0x00007FF736565000-memory.dmp	xmrig
behavioral2/memory/1108-1913-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2016	mXgtmPR.exe
2692	mnIRIaK.exe
1108	AVThszT.exe
3540	wpCALnB.exe
2368	SCSBKaG.exe
2560	CufAlHz.exe
3428	wFBGBNh.exe
5004	jeiYkAV.exe
3388	qTXQKmG.exe
4488	WrGAPJB.exe
3788	HyRpXVt.exe
3660	sxyIdCY.exe
3068	oUGkeyt.exe
4916	ryJegGu.exe
1044	mexOjVE.exe
3420	ngzPORe.exe
3020	oDWFbbg.exe
3628	ueWjnJs.exe
4996	hKiWUzz.exe
3236	hHSIaPO.exe
3256	NRUMLAt.exe
644	wvnhOhk.exe
3576	ONxkaoR.exe
1900	OOaUDEW.exe
2172	zxdyAnl.exe
4344	iPMYCPE.exe
3572	xyNrPMu.exe
1860	PIpgNlG.exe
4700	VvlaWHO.exe
2000	CMTsbJy.exe
1948	dynmfyi.exe
3596	kqkDUJr.exe
2808	ubZLqyA.exe
4688	fBXAPMi.exe
1188	GmwtFJR.exe
916	kvWdZNW.exe
2436	jMchWhv.exe
4572	KivPbRf.exe
3592	xHzGZGT.exe
932	MUellAI.exe
1628	wxMqoQp.exe
4144	cnmXSjQ.exe
3116	DYhYhnK.exe
2548	POxPxeE.exe
4460	KmBTJZT.exe
4476	dwQoQxu.exe
2968	EsRSXSP.exe
2244	kXUoRFv.exe
4136	EOhBjze.exe
2668	OQgChhM.exe
548	HNnDBIC.exe
4952	uAxGhfz.exe
4036	ZAMBuru.exe
640	NdtnccP.exe
516	xAyifYm.exe
1316	bolDAWM.exe
3820	UdCPsqq.exe
4076	LsVGTtO.exe
1888	DYHpuxR.exe
1960	pEkqUBE.exe
3016	LxkkIBv.exe
864	tnprgvB.exe
2068	nShlGXt.exe
1936	ErXgKdz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1008-0-0x00007FF6E8C10000-0x00007FF6E9005000-memory.dmp	upx
behavioral2/files/0x0009000000023383-4.dat	upx
behavioral2/files/0x00070000000233e1-9.dat	upx
behavioral2/files/0x00090000000233cf-15.dat	upx
behavioral2/files/0x00070000000233e3-24.dat	upx
behavioral2/files/0x00070000000233e4-42.dat	upx
behavioral2/files/0x00070000000233e7-46.dat	upx
behavioral2/files/0x00070000000233e8-54.dat	upx
behavioral2/files/0x00070000000233eb-67.dat	upx
behavioral2/files/0x00070000000233ec-77.dat	upx
behavioral2/files/0x00070000000233ee-84.dat	upx
behavioral2/files/0x00070000000233f0-94.dat	upx
behavioral2/files/0x00070000000233f2-104.dat	upx
behavioral2/files/0x00070000000233f5-116.dat	upx
behavioral2/files/0x00070000000233fe-161.dat	upx
behavioral2/memory/2368-698-0x00007FF7DAFA0000-0x00007FF7DB395000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-159.dat	upx
behavioral2/files/0x00070000000233fc-154.dat	upx
behavioral2/files/0x00070000000233fb-149.dat	upx
behavioral2/files/0x00070000000233fa-147.dat	upx
behavioral2/files/0x00070000000233f9-139.dat	upx
behavioral2/memory/3428-699-0x00007FF7507E0000-0x00007FF750BD5000-memory.dmp	upx
behavioral2/files/0x00070000000233f8-134.dat	upx
behavioral2/files/0x00070000000233f7-129.dat	upx
behavioral2/files/0x00070000000233f6-124.dat	upx
behavioral2/files/0x00070000000233f4-114.dat	upx
behavioral2/files/0x00070000000233f3-112.dat	upx
behavioral2/files/0x00070000000233f1-99.dat	upx
behavioral2/files/0x00070000000233ef-89.dat	upx
behavioral2/files/0x00070000000233ed-79.dat	upx
behavioral2/files/0x00070000000233ea-64.dat	upx
behavioral2/files/0x00070000000233e9-59.dat	upx
behavioral2/files/0x00070000000233e6-44.dat	upx
behavioral2/files/0x00070000000233e5-37.dat	upx
behavioral2/files/0x00070000000233e2-33.dat	upx
behavioral2/memory/1108-28-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp	upx
behavioral2/memory/2692-18-0x00007FF736170000-0x00007FF736565000-memory.dmp	upx
behavioral2/memory/2016-11-0x00007FF7C2E20000-0x00007FF7C3215000-memory.dmp	upx
behavioral2/memory/3388-701-0x00007FF7BF700000-0x00007FF7BFAF5000-memory.dmp	upx
behavioral2/memory/5004-700-0x00007FF6B5070000-0x00007FF6B5465000-memory.dmp	upx
behavioral2/memory/4488-702-0x00007FF788FB0000-0x00007FF7893A5000-memory.dmp	upx
behavioral2/memory/3660-704-0x00007FF779BF0000-0x00007FF779FE5000-memory.dmp	upx
behavioral2/memory/3788-703-0x00007FF60CB20000-0x00007FF60CF15000-memory.dmp	upx
behavioral2/memory/3068-705-0x00007FF7BE960000-0x00007FF7BED55000-memory.dmp	upx
behavioral2/memory/4916-712-0x00007FF64CB30000-0x00007FF64CF25000-memory.dmp	upx
behavioral2/memory/3420-720-0x00007FF75AC80000-0x00007FF75B075000-memory.dmp	upx
behavioral2/memory/1044-716-0x00007FF603ED0000-0x00007FF6042C5000-memory.dmp	upx
behavioral2/memory/644-750-0x00007FF656DE0000-0x00007FF6571D5000-memory.dmp	upx
behavioral2/memory/1900-761-0x00007FF75DDD0000-0x00007FF75E1C5000-memory.dmp	upx
behavioral2/memory/3540-770-0x00007FF6AC450000-0x00007FF6AC845000-memory.dmp	upx
behavioral2/memory/2560-775-0x00007FF7625D0000-0x00007FF7629C5000-memory.dmp	upx
behavioral2/memory/3576-758-0x00007FF7DA7C0000-0x00007FF7DABB5000-memory.dmp	upx
behavioral2/memory/3256-740-0x00007FF7D5240000-0x00007FF7D5635000-memory.dmp	upx
behavioral2/memory/3236-735-0x00007FF74EC60000-0x00007FF74F055000-memory.dmp	upx
behavioral2/memory/4996-732-0x00007FF633E70000-0x00007FF634265000-memory.dmp	upx
behavioral2/memory/3628-730-0x00007FF705BA0000-0x00007FF705F95000-memory.dmp	upx
behavioral2/memory/3020-725-0x00007FF651ED0000-0x00007FF6522C5000-memory.dmp	upx
behavioral2/memory/2692-1907-0x00007FF736170000-0x00007FF736565000-memory.dmp	upx
behavioral2/memory/1108-1908-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp	upx
behavioral2/memory/2368-1909-0x00007FF7DAFA0000-0x00007FF7DB395000-memory.dmp	upx
behavioral2/memory/1008-1910-0x00007FF6E8C10000-0x00007FF6E9005000-memory.dmp	upx
behavioral2/memory/2016-1911-0x00007FF7C2E20000-0x00007FF7C3215000-memory.dmp	upx
behavioral2/memory/2692-1912-0x00007FF736170000-0x00007FF736565000-memory.dmp	upx
behavioral2/memory/1108-1913-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\ONadgrE.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\ghCCHvL.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\mDAsMSl.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\aTmwBvD.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\MVlKQWT.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\LtrZIHt.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\fKStuor.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\eTLqdtx.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\LYqbPGm.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\TyuVeLv.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\YrwyWho.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\YxPkNOt.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\Fuzymil.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\Lxubgox.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\awqedru.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\hKiWUzz.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\ONxkaoR.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\HnDOVNK.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\RDPTHhZ.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\byNuNhJ.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\IVuKgfM.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\TfdCROt.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\xsEswcJ.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\EsRSXSP.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\JTLeRDB.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\tpGGYjW.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\VcqknSL.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\RUDuxQy.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\SIzMtkx.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\MMeQAMz.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\zfAvkYC.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\knJQkSi.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\EwJFwDP.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\jGsrpyP.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\gRcDYYx.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\wlEhMKB.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\jJBbzmK.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\zWsHdRt.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\fllHprt.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\KHKAwhu.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\iNzHEFn.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\OAcVOdH.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\dkBiGVV.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\EvoHkOH.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\JBquQnv.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\NcFHHTq.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\UNnzoWe.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\egKqISa.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\NIypFks.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\jfBAAFO.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\IBmwDxn.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\HkqEERu.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\GBYcavR.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\WUnSwcJ.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\ZCpXNZB.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\qHXYKwm.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\Cztawhf.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\lMiggaT.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\fkxISmI.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\yFZTUOh.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\NgYCwYL.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\rysILFg.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\eBtoAzW.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
File created	C:\Windows\System32\CfIPOcl.exe	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12340	dwm.exe
Token: SeChangeNotifyPrivilege	12340	dwm.exe
Token: 33	12340	dwm.exe
Token: SeIncBasePriorityPrivilege	12340	dwm.exe
Token: SeShutdownPrivilege	12340	dwm.exe
Token: SeCreatePagefilePrivilege	12340	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 2016	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	85
PID 1008 wrote to memory of 2016	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	85
PID 1008 wrote to memory of 2692	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	86
PID 1008 wrote to memory of 2692	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	86
PID 1008 wrote to memory of 1108	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	87
PID 1008 wrote to memory of 1108	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	87
PID 1008 wrote to memory of 3540	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	88
PID 1008 wrote to memory of 3540	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	88
PID 1008 wrote to memory of 2368	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	89
PID 1008 wrote to memory of 2368	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	89
PID 1008 wrote to memory of 2560	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	90
PID 1008 wrote to memory of 2560	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	90
PID 1008 wrote to memory of 3428	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	91
PID 1008 wrote to memory of 3428	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	91
PID 1008 wrote to memory of 5004	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	92
PID 1008 wrote to memory of 5004	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	92
PID 1008 wrote to memory of 3388	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	93
PID 1008 wrote to memory of 3388	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	93
PID 1008 wrote to memory of 4488	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	94
PID 1008 wrote to memory of 4488	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	94
PID 1008 wrote to memory of 3788	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	95
PID 1008 wrote to memory of 3788	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	95
PID 1008 wrote to memory of 3660	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	96
PID 1008 wrote to memory of 3660	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	96
PID 1008 wrote to memory of 3068	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	97
PID 1008 wrote to memory of 3068	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	97
PID 1008 wrote to memory of 4916	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	98
PID 1008 wrote to memory of 4916	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	98
PID 1008 wrote to memory of 1044	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	99
PID 1008 wrote to memory of 1044	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	99
PID 1008 wrote to memory of 3420	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	100
PID 1008 wrote to memory of 3420	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	100
PID 1008 wrote to memory of 3020	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	101
PID 1008 wrote to memory of 3020	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	101
PID 1008 wrote to memory of 3628	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	102
PID 1008 wrote to memory of 3628	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	102
PID 1008 wrote to memory of 4996	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	103
PID 1008 wrote to memory of 4996	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	103
PID 1008 wrote to memory of 3236	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	104
PID 1008 wrote to memory of 3236	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	104
PID 1008 wrote to memory of 3256	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	105
PID 1008 wrote to memory of 3256	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	105
PID 1008 wrote to memory of 644	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	106
PID 1008 wrote to memory of 644	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	106
PID 1008 wrote to memory of 3576	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	107
PID 1008 wrote to memory of 3576	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	107
PID 1008 wrote to memory of 1900	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	108
PID 1008 wrote to memory of 1900	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	108
PID 1008 wrote to memory of 2172	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	109
PID 1008 wrote to memory of 2172	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	109
PID 1008 wrote to memory of 4344	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	110
PID 1008 wrote to memory of 4344	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	110
PID 1008 wrote to memory of 3572	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	111
PID 1008 wrote to memory of 3572	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	111
PID 1008 wrote to memory of 1860	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	112
PID 1008 wrote to memory of 1860	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	112
PID 1008 wrote to memory of 4700	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	113
PID 1008 wrote to memory of 4700	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	113
PID 1008 wrote to memory of 2000	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	114
PID 1008 wrote to memory of 2000	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	114
PID 1008 wrote to memory of 1948	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	115
PID 1008 wrote to memory of 1948	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	115
PID 1008 wrote to memory of 3596	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	116
PID 1008 wrote to memory of 3596	1008	8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe	116

C:\Users\Admin\AppData\Local\Temp\8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe
"C:\Users\Admin\AppData\Local\Temp\8f48aff2b86a62cb91ab51638b14736e9cbc46ba13d541730ac76e84c9687345.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\System32\mXgtmPR.exe
  C:\Windows\System32\mXgtmPR.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System32\mnIRIaK.exe
  C:\Windows\System32\mnIRIaK.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System32\AVThszT.exe
  C:\Windows\System32\AVThszT.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System32\wpCALnB.exe
  C:\Windows\System32\wpCALnB.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System32\SCSBKaG.exe
  C:\Windows\System32\SCSBKaG.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System32\CufAlHz.exe
  C:\Windows\System32\CufAlHz.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System32\wFBGBNh.exe
  C:\Windows\System32\wFBGBNh.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System32\jeiYkAV.exe
  C:\Windows\System32\jeiYkAV.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System32\qTXQKmG.exe
  C:\Windows\System32\qTXQKmG.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System32\WrGAPJB.exe
  C:\Windows\System32\WrGAPJB.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System32\HyRpXVt.exe
  C:\Windows\System32\HyRpXVt.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System32\sxyIdCY.exe
  C:\Windows\System32\sxyIdCY.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System32\oUGkeyt.exe
  C:\Windows\System32\oUGkeyt.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System32\ryJegGu.exe
  C:\Windows\System32\ryJegGu.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System32\mexOjVE.exe
  C:\Windows\System32\mexOjVE.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System32\ngzPORe.exe
  C:\Windows\System32\ngzPORe.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System32\oDWFbbg.exe
  C:\Windows\System32\oDWFbbg.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System32\ueWjnJs.exe
  C:\Windows\System32\ueWjnJs.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System32\hKiWUzz.exe
  C:\Windows\System32\hKiWUzz.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System32\hHSIaPO.exe
  C:\Windows\System32\hHSIaPO.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System32\NRUMLAt.exe
  C:\Windows\System32\NRUMLAt.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System32\wvnhOhk.exe
  C:\Windows\System32\wvnhOhk.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System32\ONxkaoR.exe
  C:\Windows\System32\ONxkaoR.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\OOaUDEW.exe
  C:\Windows\System32\OOaUDEW.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System32\zxdyAnl.exe
  C:\Windows\System32\zxdyAnl.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System32\iPMYCPE.exe
  C:\Windows\System32\iPMYCPE.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System32\xyNrPMu.exe
  C:\Windows\System32\xyNrPMu.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System32\PIpgNlG.exe
  C:\Windows\System32\PIpgNlG.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System32\VvlaWHO.exe
  C:\Windows\System32\VvlaWHO.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System32\CMTsbJy.exe
  C:\Windows\System32\CMTsbJy.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System32\dynmfyi.exe
  C:\Windows\System32\dynmfyi.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System32\kqkDUJr.exe
  C:\Windows\System32\kqkDUJr.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System32\ubZLqyA.exe
  C:\Windows\System32\ubZLqyA.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System32\fBXAPMi.exe
  C:\Windows\System32\fBXAPMi.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System32\GmwtFJR.exe
  C:\Windows\System32\GmwtFJR.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System32\kvWdZNW.exe
  C:\Windows\System32\kvWdZNW.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System32\jMchWhv.exe
  C:\Windows\System32\jMchWhv.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System32\KivPbRf.exe
  C:\Windows\System32\KivPbRf.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System32\xHzGZGT.exe
  C:\Windows\System32\xHzGZGT.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System32\MUellAI.exe
  C:\Windows\System32\MUellAI.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System32\wxMqoQp.exe
  C:\Windows\System32\wxMqoQp.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System32\cnmXSjQ.exe
  C:\Windows\System32\cnmXSjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System32\DYhYhnK.exe
  C:\Windows\System32\DYhYhnK.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System32\POxPxeE.exe
  C:\Windows\System32\POxPxeE.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System32\KmBTJZT.exe
  C:\Windows\System32\KmBTJZT.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\dwQoQxu.exe
  C:\Windows\System32\dwQoQxu.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System32\EsRSXSP.exe
  C:\Windows\System32\EsRSXSP.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System32\kXUoRFv.exe
  C:\Windows\System32\kXUoRFv.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System32\EOhBjze.exe
  C:\Windows\System32\EOhBjze.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System32\OQgChhM.exe
  C:\Windows\System32\OQgChhM.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System32\HNnDBIC.exe
  C:\Windows\System32\HNnDBIC.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System32\uAxGhfz.exe
  C:\Windows\System32\uAxGhfz.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\ZAMBuru.exe
  C:\Windows\System32\ZAMBuru.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System32\NdtnccP.exe
  C:\Windows\System32\NdtnccP.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System32\xAyifYm.exe
  C:\Windows\System32\xAyifYm.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System32\bolDAWM.exe
  C:\Windows\System32\bolDAWM.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System32\UdCPsqq.exe
  C:\Windows\System32\UdCPsqq.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System32\LsVGTtO.exe
  C:\Windows\System32\LsVGTtO.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System32\DYHpuxR.exe
  C:\Windows\System32\DYHpuxR.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System32\pEkqUBE.exe
  C:\Windows\System32\pEkqUBE.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System32\LxkkIBv.exe
  C:\Windows\System32\LxkkIBv.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System32\tnprgvB.exe
  C:\Windows\System32\tnprgvB.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System32\nShlGXt.exe
  C:\Windows\System32\nShlGXt.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System32\ErXgKdz.exe
  C:\Windows\System32\ErXgKdz.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System32\cxvnPwS.exe
  C:\Windows\System32\cxvnPwS.exe
  2⤵
  PID:1556
- C:\Windows\System32\kgNXOHf.exe
  C:\Windows\System32\kgNXOHf.exe
  2⤵
  PID:4436
- C:\Windows\System32\EJAAVlx.exe
  C:\Windows\System32\EJAAVlx.exe
  2⤵
  PID:3056
- C:\Windows\System32\KCneEWK.exe
  C:\Windows\System32\KCneEWK.exe
  2⤵
  PID:1732
- C:\Windows\System32\zWsHdRt.exe
  C:\Windows\System32\zWsHdRt.exe
  2⤵
  PID:4220
- C:\Windows\System32\QPcRrtu.exe
  C:\Windows\System32\QPcRrtu.exe
  2⤵
  PID:4640
- C:\Windows\System32\zlJZdsO.exe
  C:\Windows\System32\zlJZdsO.exe
  2⤵
  PID:1976
- C:\Windows\System32\gRcDYYx.exe
  C:\Windows\System32\gRcDYYx.exe
  2⤵
  PID:5144
- C:\Windows\System32\JAvwPZR.exe
  C:\Windows\System32\JAvwPZR.exe
  2⤵
  PID:5172
- C:\Windows\System32\cCFRlxi.exe
  C:\Windows\System32\cCFRlxi.exe
  2⤵
  PID:5200
- C:\Windows\System32\WujosFG.exe
  C:\Windows\System32\WujosFG.exe
  2⤵
  PID:5228
- C:\Windows\System32\HnDOVNK.exe
  C:\Windows\System32\HnDOVNK.exe
  2⤵
  PID:5256
- C:\Windows\System32\sKMxbWK.exe
  C:\Windows\System32\sKMxbWK.exe
  2⤵
  PID:5284
- C:\Windows\System32\tpJyGSe.exe
  C:\Windows\System32\tpJyGSe.exe
  2⤵
  PID:5312
- C:\Windows\System32\RMveCUU.exe
  C:\Windows\System32\RMveCUU.exe
  2⤵
  PID:5340
- C:\Windows\System32\iJsIQUS.exe
  C:\Windows\System32\iJsIQUS.exe
  2⤵
  PID:5376
- C:\Windows\System32\JTLeRDB.exe
  C:\Windows\System32\JTLeRDB.exe
  2⤵
  PID:5400
- C:\Windows\System32\puvBZpE.exe
  C:\Windows\System32\puvBZpE.exe
  2⤵
  PID:5424
- C:\Windows\System32\knJQkSi.exe
  C:\Windows\System32\knJQkSi.exe
  2⤵
  PID:5460
- C:\Windows\System32\nUPMfrt.exe
  C:\Windows\System32\nUPMfrt.exe
  2⤵
  PID:5480
- C:\Windows\System32\ryBVlCi.exe
  C:\Windows\System32\ryBVlCi.exe
  2⤵
  PID:5508
- C:\Windows\System32\tGuuuOv.exe
  C:\Windows\System32\tGuuuOv.exe
  2⤵
  PID:5536
- C:\Windows\System32\ahkDluj.exe
  C:\Windows\System32\ahkDluj.exe
  2⤵
  PID:5564
- C:\Windows\System32\BrkmUng.exe
  C:\Windows\System32\BrkmUng.exe
  2⤵
  PID:5592
- C:\Windows\System32\eaXaACx.exe
  C:\Windows\System32\eaXaACx.exe
  2⤵
  PID:5632
- C:\Windows\System32\DVwWpwQ.exe
  C:\Windows\System32\DVwWpwQ.exe
  2⤵
  PID:5648
- C:\Windows\System32\jpxfVkK.exe
  C:\Windows\System32\jpxfVkK.exe
  2⤵
  PID:5672
- C:\Windows\System32\WlFndUG.exe
  C:\Windows\System32\WlFndUG.exe
  2⤵
  PID:5716
- C:\Windows\System32\nofnLGh.exe
  C:\Windows\System32\nofnLGh.exe
  2⤵
  PID:5732
- C:\Windows\System32\BPvcohf.exe
  C:\Windows\System32\BPvcohf.exe
  2⤵
  PID:5756
- C:\Windows\System32\LKXpHbb.exe
  C:\Windows\System32\LKXpHbb.exe
  2⤵
  PID:5788
- C:\Windows\System32\fllHprt.exe
  C:\Windows\System32\fllHprt.exe
  2⤵
  PID:5816
- C:\Windows\System32\EwJFwDP.exe
  C:\Windows\System32\EwJFwDP.exe
  2⤵
  PID:5844
- C:\Windows\System32\CpqArNm.exe
  C:\Windows\System32\CpqArNm.exe
  2⤵
  PID:5872
- C:\Windows\System32\HBTXVwX.exe
  C:\Windows\System32\HBTXVwX.exe
  2⤵
  PID:5900
- C:\Windows\System32\qSQNgMF.exe
  C:\Windows\System32\qSQNgMF.exe
  2⤵
  PID:5928
- C:\Windows\System32\ztWTxqz.exe
  C:\Windows\System32\ztWTxqz.exe
  2⤵
  PID:5956
- C:\Windows\System32\sNpaPXk.exe
  C:\Windows\System32\sNpaPXk.exe
  2⤵
  PID:5984
- C:\Windows\System32\fnWQBWg.exe
  C:\Windows\System32\fnWQBWg.exe
  2⤵
  PID:6012
- C:\Windows\System32\XmHVIkv.exe
  C:\Windows\System32\XmHVIkv.exe
  2⤵
  PID:6052
- C:\Windows\System32\ZfTdYhE.exe
  C:\Windows\System32\ZfTdYhE.exe
  2⤵
  PID:6068
- C:\Windows\System32\enhPMTK.exe
  C:\Windows\System32\enhPMTK.exe
  2⤵
  PID:6096
- C:\Windows\System32\aULzWtE.exe
  C:\Windows\System32\aULzWtE.exe
  2⤵
  PID:6120
- C:\Windows\System32\ospQxyz.exe
  C:\Windows\System32\ospQxyz.exe
  2⤵
  PID:3208
- C:\Windows\System32\Pbdysxa.exe
  C:\Windows\System32\Pbdysxa.exe
  2⤵
  PID:4852
- C:\Windows\System32\xgIStya.exe
  C:\Windows\System32\xgIStya.exe
  2⤵
  PID:3108
- C:\Windows\System32\fUUCzoq.exe
  C:\Windows\System32\fUUCzoq.exe
  2⤵
  PID:4580
- C:\Windows\System32\yVxQLfs.exe
  C:\Windows\System32\yVxQLfs.exe
  2⤵
  PID:4824
- C:\Windows\System32\CgvnbSR.exe
  C:\Windows\System32\CgvnbSR.exe
  2⤵
  PID:1568
- C:\Windows\System32\jDHNyNf.exe
  C:\Windows\System32\jDHNyNf.exe
  2⤵
  PID:5156
- C:\Windows\System32\YZMSIkM.exe
  C:\Windows\System32\YZMSIkM.exe
  2⤵
  PID:5208
- C:\Windows\System32\xHrCnbZ.exe
  C:\Windows\System32\xHrCnbZ.exe
  2⤵
  PID:5304
- C:\Windows\System32\XLRqITg.exe
  C:\Windows\System32\XLRqITg.exe
  2⤵
  PID:5348
- C:\Windows\System32\SixluQY.exe
  C:\Windows\System32\SixluQY.exe
  2⤵
  PID:5416
- C:\Windows\System32\rsrgtDM.exe
  C:\Windows\System32\rsrgtDM.exe
  2⤵
  PID:5500
- C:\Windows\System32\PhCbnSu.exe
  C:\Windows\System32\PhCbnSu.exe
  2⤵
  PID:5544
- C:\Windows\System32\OOTioym.exe
  C:\Windows\System32\OOTioym.exe
  2⤵
  PID:5600
- C:\Windows\System32\PjNrOIH.exe
  C:\Windows\System32\PjNrOIH.exe
  2⤵
  PID:5696
- C:\Windows\System32\tpGGYjW.exe
  C:\Windows\System32\tpGGYjW.exe
  2⤵
  PID:5744
- C:\Windows\System32\CBTjvJk.exe
  C:\Windows\System32\CBTjvJk.exe
  2⤵
  PID:5808
- C:\Windows\System32\OukbEsm.exe
  C:\Windows\System32\OukbEsm.exe
  2⤵
  PID:5880
- C:\Windows\System32\ueAaIfG.exe
  C:\Windows\System32\ueAaIfG.exe
  2⤵
  PID:5940
- C:\Windows\System32\ukaEgIo.exe
  C:\Windows\System32\ukaEgIo.exe
  2⤵
  PID:6004
- C:\Windows\System32\nfcLPVn.exe
  C:\Windows\System32\nfcLPVn.exe
  2⤵
  PID:6088
- C:\Windows\System32\XzESOgD.exe
  C:\Windows\System32\XzESOgD.exe
  2⤵
  PID:1652
- C:\Windows\System32\RbegsMP.exe
  C:\Windows\System32\RbegsMP.exe
  2⤵
  PID:912
- C:\Windows\System32\vLRoIYS.exe
  C:\Windows\System32\vLRoIYS.exe
  2⤵
  PID:3352
- C:\Windows\System32\NfaCgID.exe
  C:\Windows\System32\NfaCgID.exe
  2⤵
  PID:5236
- C:\Windows\System32\HwBNIhe.exe
  C:\Windows\System32\HwBNIhe.exe
  2⤵
  PID:5320
- C:\Windows\System32\SEnponl.exe
  C:\Windows\System32\SEnponl.exe
  2⤵
  PID:5436
- C:\Windows\System32\oCHFYJP.exe
  C:\Windows\System32\oCHFYJP.exe
  2⤵
  PID:5640
- C:\Windows\System32\MrulmMs.exe
  C:\Windows\System32\MrulmMs.exe
  2⤵
  PID:5764
- C:\Windows\System32\prIxrrj.exe
  C:\Windows\System32\prIxrrj.exe
  2⤵
  PID:5908
- C:\Windows\System32\FrxVkfR.exe
  C:\Windows\System32\FrxVkfR.exe
  2⤵
  PID:6024
- C:\Windows\System32\lktYOFF.exe
  C:\Windows\System32\lktYOFF.exe
  2⤵
  PID:6168
- C:\Windows\System32\XCCOprR.exe
  C:\Windows\System32\XCCOprR.exe
  2⤵
  PID:6200
- C:\Windows\System32\DXZqdnJ.exe
  C:\Windows\System32\DXZqdnJ.exe
  2⤵
  PID:6228
- C:\Windows\System32\YJkKbNC.exe
  C:\Windows\System32\YJkKbNC.exe
  2⤵
  PID:6256
- C:\Windows\System32\hzAvItB.exe
  C:\Windows\System32\hzAvItB.exe
  2⤵
  PID:6280
- C:\Windows\System32\IYCoTtJ.exe
  C:\Windows\System32\IYCoTtJ.exe
  2⤵
  PID:6312
- C:\Windows\System32\zUNADFr.exe
  C:\Windows\System32\zUNADFr.exe
  2⤵
  PID:6340
- C:\Windows\System32\cocfMRm.exe
  C:\Windows\System32\cocfMRm.exe
  2⤵
  PID:6368
- C:\Windows\System32\bmcdROH.exe
  C:\Windows\System32\bmcdROH.exe
  2⤵
  PID:6396
- C:\Windows\System32\TJNRqOl.exe
  C:\Windows\System32\TJNRqOl.exe
  2⤵
  PID:6424
- C:\Windows\System32\QWpyIwY.exe
  C:\Windows\System32\QWpyIwY.exe
  2⤵
  PID:6460
- C:\Windows\System32\TpvFleO.exe
  C:\Windows\System32\TpvFleO.exe
  2⤵
  PID:6492
- C:\Windows\System32\Ptoszrx.exe
  C:\Windows\System32\Ptoszrx.exe
  2⤵
  PID:6508
- C:\Windows\System32\vMfIySJ.exe
  C:\Windows\System32\vMfIySJ.exe
  2⤵
  PID:6536
- C:\Windows\System32\vHPofrh.exe
  C:\Windows\System32\vHPofrh.exe
  2⤵
  PID:6564
- C:\Windows\System32\jGsrpyP.exe
  C:\Windows\System32\jGsrpyP.exe
  2⤵
  PID:6592
- C:\Windows\System32\tHEcMdt.exe
  C:\Windows\System32\tHEcMdt.exe
  2⤵
  PID:6620
- C:\Windows\System32\RDPTHhZ.exe
  C:\Windows\System32\RDPTHhZ.exe
  2⤵
  PID:6648
- C:\Windows\System32\ofVQSOq.exe
  C:\Windows\System32\ofVQSOq.exe
  2⤵
  PID:6676
- C:\Windows\System32\gmgdEjQ.exe
  C:\Windows\System32\gmgdEjQ.exe
  2⤵
  PID:6704
- C:\Windows\System32\fTlNnjA.exe
  C:\Windows\System32\fTlNnjA.exe
  2⤵
  PID:6732
- C:\Windows\System32\ChlKcNR.exe
  C:\Windows\System32\ChlKcNR.exe
  2⤵
  PID:6760
- C:\Windows\System32\vQPhxee.exe
  C:\Windows\System32\vQPhxee.exe
  2⤵
  PID:6788
- C:\Windows\System32\cHaXViZ.exe
  C:\Windows\System32\cHaXViZ.exe
  2⤵
  PID:6816
- C:\Windows\System32\jvOYCyi.exe
  C:\Windows\System32\jvOYCyi.exe
  2⤵
  PID:6844
- C:\Windows\System32\ByQZRmY.exe
  C:\Windows\System32\ByQZRmY.exe
  2⤵
  PID:6868
- C:\Windows\System32\fMvxFAx.exe
  C:\Windows\System32\fMvxFAx.exe
  2⤵
  PID:6896
- C:\Windows\System32\zFCKaEO.exe
  C:\Windows\System32\zFCKaEO.exe
  2⤵
  PID:6928
- C:\Windows\System32\CwgDLZF.exe
  C:\Windows\System32\CwgDLZF.exe
  2⤵
  PID:6956
- C:\Windows\System32\cvjlxEs.exe
  C:\Windows\System32\cvjlxEs.exe
  2⤵
  PID:6984
- C:\Windows\System32\kpfFUwH.exe
  C:\Windows\System32\kpfFUwH.exe
  2⤵
  PID:7012
- C:\Windows\System32\yyQvPTy.exe
  C:\Windows\System32\yyQvPTy.exe
  2⤵
  PID:7040
- C:\Windows\System32\QIqjlbs.exe
  C:\Windows\System32\QIqjlbs.exe
  2⤵
  PID:7068
- C:\Windows\System32\eTLqdtx.exe
  C:\Windows\System32\eTLqdtx.exe
  2⤵
  PID:7096
- C:\Windows\System32\oQtRlWo.exe
  C:\Windows\System32\oQtRlWo.exe
  2⤵
  PID:7124
- C:\Windows\System32\rtuSGOO.exe
  C:\Windows\System32\rtuSGOO.exe
  2⤵
  PID:7152
- C:\Windows\System32\QFaQTtx.exe
  C:\Windows\System32\QFaQTtx.exe
  2⤵
  PID:2096
- C:\Windows\System32\cmXEDuM.exe
  C:\Windows\System32\cmXEDuM.exe
  2⤵
  PID:2108
- C:\Windows\System32\gDiOCMN.exe
  C:\Windows\System32\gDiOCMN.exe
  2⤵
  PID:5468
- C:\Windows\System32\jsPlLyl.exe
  C:\Windows\System32\jsPlLyl.exe
  2⤵
  PID:5892
- C:\Windows\System32\wjlZvUh.exe
  C:\Windows\System32\wjlZvUh.exe
  2⤵
  PID:6156
- C:\Windows\System32\KHKAwhu.exe
  C:\Windows\System32\KHKAwhu.exe
  2⤵
  PID:6208
- C:\Windows\System32\HgiGQnD.exe
  C:\Windows\System32\HgiGQnD.exe
  2⤵
  PID:6264
- C:\Windows\System32\FEbNzom.exe
  C:\Windows\System32\FEbNzom.exe
  2⤵
  PID:6324
- C:\Windows\System32\GsnTzVH.exe
  C:\Windows\System32\GsnTzVH.exe
  2⤵
  PID:6388
- C:\Windows\System32\XcqfEtG.exe
  C:\Windows\System32\XcqfEtG.exe
  2⤵
  PID:6456
- C:\Windows\System32\NEmTyRq.exe
  C:\Windows\System32\NEmTyRq.exe
  2⤵
  PID:6520
- C:\Windows\System32\HydEPIn.exe
  C:\Windows\System32\HydEPIn.exe
  2⤵
  PID:6584
- C:\Windows\System32\egKqISa.exe
  C:\Windows\System32\egKqISa.exe
  2⤵
  PID:6668
- C:\Windows\System32\sjoWtoz.exe
  C:\Windows\System32\sjoWtoz.exe
  2⤵
  PID:6696
- C:\Windows\System32\xwkSdYK.exe
  C:\Windows\System32\xwkSdYK.exe
  2⤵
  PID:6772
- C:\Windows\System32\EOUGbfY.exe
  C:\Windows\System32\EOUGbfY.exe
  2⤵
  PID:4924
- C:\Windows\System32\mblRSrr.exe
  C:\Windows\System32\mblRSrr.exe
  2⤵
  PID:6864
- C:\Windows\System32\VxVWqWE.exe
  C:\Windows\System32\VxVWqWE.exe
  2⤵
  PID:2760
- C:\Windows\System32\OmrSNKU.exe
  C:\Windows\System32\OmrSNKU.exe
  2⤵
  PID:6976
- C:\Windows\System32\wlEhMKB.exe
  C:\Windows\System32\wlEhMKB.exe
  2⤵
  PID:7060
- C:\Windows\System32\AQSvfrB.exe
  C:\Windows\System32\AQSvfrB.exe
  2⤵
  PID:7132
- C:\Windows\System32\oNLHPJp.exe
  C:\Windows\System32\oNLHPJp.exe
  2⤵
  PID:6104
- C:\Windows\System32\KtPutRJ.exe
  C:\Windows\System32\KtPutRJ.exe
  2⤵
  PID:5372
- C:\Windows\System32\aCVmNbx.exe
  C:\Windows\System32\aCVmNbx.exe
  2⤵
  PID:5968
- C:\Windows\System32\tDPPapQ.exe
  C:\Windows\System32\tDPPapQ.exe
  2⤵
  PID:6276
- C:\Windows\System32\fXxytJI.exe
  C:\Windows\System32\fXxytJI.exe
  2⤵
  PID:6352
- C:\Windows\System32\mSQcvUW.exe
  C:\Windows\System32\mSQcvUW.exe
  2⤵
  PID:6408
- C:\Windows\System32\GUklXhS.exe
  C:\Windows\System32\GUklXhS.exe
  2⤵
  PID:6548
- C:\Windows\System32\zFUzdnH.exe
  C:\Windows\System32\zFUzdnH.exe
  2⤵
  PID:2620
- C:\Windows\System32\XdMkErj.exe
  C:\Windows\System32\XdMkErj.exe
  2⤵
  PID:6800
- C:\Windows\System32\GinbQEB.exe
  C:\Windows\System32\GinbQEB.exe
  2⤵
  PID:6912
- C:\Windows\System32\JSZJfSv.exe
  C:\Windows\System32\JSZJfSv.exe
  2⤵
  PID:3332
- C:\Windows\System32\myPldVe.exe
  C:\Windows\System32\myPldVe.exe
  2⤵
  PID:7076
- C:\Windows\System32\FuUsnuy.exe
  C:\Windows\System32\FuUsnuy.exe
  2⤵
  PID:3732
- C:\Windows\System32\qdeInao.exe
  C:\Windows\System32\qdeInao.exe
  2⤵
  PID:5488
- C:\Windows\System32\lMiggaT.exe
  C:\Windows\System32\lMiggaT.exe
  2⤵
  PID:4648
- C:\Windows\System32\QwvKDCO.exe
  C:\Windows\System32\QwvKDCO.exe
  2⤵
  PID:1768
- C:\Windows\System32\dPecFnE.exe
  C:\Windows\System32\dPecFnE.exe
  2⤵
  PID:3364
- C:\Windows\System32\ABSaUuV.exe
  C:\Windows\System32\ABSaUuV.exe
  2⤵
  PID:1840
- C:\Windows\System32\ehytTxy.exe
  C:\Windows\System32\ehytTxy.exe
  2⤵
  PID:3160
- C:\Windows\System32\dFLuoCw.exe
  C:\Windows\System32\dFLuoCw.exe
  2⤵
  PID:5220
- C:\Windows\System32\fbRptfA.exe
  C:\Windows\System32\fbRptfA.exe
  2⤵
  PID:1728
- C:\Windows\System32\MlBHVnx.exe
  C:\Windows\System32\MlBHVnx.exe
  2⤵
  PID:1664
- C:\Windows\System32\zGYkKMb.exe
  C:\Windows\System32\zGYkKMb.exe
  2⤵
  PID:1168
- C:\Windows\System32\mDAsMSl.exe
  C:\Windows\System32\mDAsMSl.exe
  2⤵
  PID:1940
- C:\Windows\System32\uqKpRht.exe
  C:\Windows\System32\uqKpRht.exe
  2⤵
  PID:2532
- C:\Windows\System32\YxPkNOt.exe
  C:\Windows\System32\YxPkNOt.exe
  2⤵
  PID:3096
- C:\Windows\System32\saMQnTC.exe
  C:\Windows\System32\saMQnTC.exe
  2⤵
  PID:4652
- C:\Windows\System32\nJpjJJl.exe
  C:\Windows\System32\nJpjJJl.exe
  2⤵
  PID:2236
- C:\Windows\System32\wRiRzAX.exe
  C:\Windows\System32\wRiRzAX.exe
  2⤵
  PID:3824
- C:\Windows\System32\EKYuJoF.exe
  C:\Windows\System32\EKYuJoF.exe
  2⤵
  PID:2292
- C:\Windows\System32\GhxGvEq.exe
  C:\Windows\System32\GhxGvEq.exe
  2⤵
  PID:216
- C:\Windows\System32\XftUYyQ.exe
  C:\Windows\System32\XftUYyQ.exe
  2⤵
  PID:3524
- C:\Windows\System32\CqDQCCs.exe
  C:\Windows\System32\CqDQCCs.exe
  2⤵
  PID:5056
- C:\Windows\System32\GTZOnne.exe
  C:\Windows\System32\GTZOnne.exe
  2⤵
  PID:2124
- C:\Windows\System32\MZosEHL.exe
  C:\Windows\System32\MZosEHL.exe
  2⤵
  PID:4412
- C:\Windows\System32\qebcJmW.exe
  C:\Windows\System32\qebcJmW.exe
  2⤵
  PID:2640
- C:\Windows\System32\FvogiSP.exe
  C:\Windows\System32\FvogiSP.exe
  2⤵
  PID:2044
- C:\Windows\System32\LYqbPGm.exe
  C:\Windows\System32\LYqbPGm.exe
  2⤵
  PID:3604
- C:\Windows\System32\KsPHwrQ.exe
  C:\Windows\System32\KsPHwrQ.exe
  2⤵
  PID:1060
- C:\Windows\System32\OOIeIfi.exe
  C:\Windows\System32\OOIeIfi.exe
  2⤵
  PID:1516
- C:\Windows\System32\KrkHACw.exe
  C:\Windows\System32\KrkHACw.exe
  2⤵
  PID:4860
- C:\Windows\System32\oSRbeog.exe
  C:\Windows\System32\oSRbeog.exe
  2⤵
  PID:2288
- C:\Windows\System32\OCeXqob.exe
  C:\Windows\System32\OCeXqob.exe
  2⤵
  PID:3240
- C:\Windows\System32\diuTBoo.exe
  C:\Windows\System32\diuTBoo.exe
  2⤵
  PID:6752
- C:\Windows\System32\IZxIMda.exe
  C:\Windows\System32\IZxIMda.exe
  2⤵
  PID:3664
- C:\Windows\System32\YDALkAE.exe
  C:\Windows\System32\YDALkAE.exe
  2⤵
  PID:3892
- C:\Windows\System32\mQWEifM.exe
  C:\Windows\System32\mQWEifM.exe
  2⤵
  PID:1100
- C:\Windows\System32\zcmYUNT.exe
  C:\Windows\System32\zcmYUNT.exe
  2⤵
  PID:7176
- C:\Windows\System32\TfgoIZH.exe
  C:\Windows\System32\TfgoIZH.exe
  2⤵
  PID:7200
- C:\Windows\System32\WUnSwcJ.exe
  C:\Windows\System32\WUnSwcJ.exe
  2⤵
  PID:7220
- C:\Windows\System32\YKveqmA.exe
  C:\Windows\System32\YKveqmA.exe
  2⤵
  PID:7260
- C:\Windows\System32\bpoxjCR.exe
  C:\Windows\System32\bpoxjCR.exe
  2⤵
  PID:7296
- C:\Windows\System32\xinmlmE.exe
  C:\Windows\System32\xinmlmE.exe
  2⤵
  PID:7316
- C:\Windows\System32\JKMNEiK.exe
  C:\Windows\System32\JKMNEiK.exe
  2⤵
  PID:7352
- C:\Windows\System32\GbFVohA.exe
  C:\Windows\System32\GbFVohA.exe
  2⤵
  PID:7368
- C:\Windows\System32\nKpahWg.exe
  C:\Windows\System32\nKpahWg.exe
  2⤵
  PID:7400
- C:\Windows\System32\sCLXndf.exe
  C:\Windows\System32\sCLXndf.exe
  2⤵
  PID:7428
- C:\Windows\System32\rysILFg.exe
  C:\Windows\System32\rysILFg.exe
  2⤵
  PID:7456
- C:\Windows\System32\bufnqRZ.exe
  C:\Windows\System32\bufnqRZ.exe
  2⤵
  PID:7484
- C:\Windows\System32\LXSgyNO.exe
  C:\Windows\System32\LXSgyNO.exe
  2⤵
  PID:7520
- C:\Windows\System32\TyuVeLv.exe
  C:\Windows\System32\TyuVeLv.exe
  2⤵
  PID:7536
- C:\Windows\System32\viZdPbt.exe
  C:\Windows\System32\viZdPbt.exe
  2⤵
  PID:7576
- C:\Windows\System32\byNuNhJ.exe
  C:\Windows\System32\byNuNhJ.exe
  2⤵
  PID:7596
- C:\Windows\System32\pEbZQPd.exe
  C:\Windows\System32\pEbZQPd.exe
  2⤵
  PID:7632
- C:\Windows\System32\RUDuxQy.exe
  C:\Windows\System32\RUDuxQy.exe
  2⤵
  PID:7660
- C:\Windows\System32\BhBvHKH.exe
  C:\Windows\System32\BhBvHKH.exe
  2⤵
  PID:7680
- C:\Windows\System32\jNAMUdF.exe
  C:\Windows\System32\jNAMUdF.exe
  2⤵
  PID:7720
- C:\Windows\System32\MJGTEDi.exe
  C:\Windows\System32\MJGTEDi.exe
  2⤵
  PID:7748
- C:\Windows\System32\FyErtPG.exe
  C:\Windows\System32\FyErtPG.exe
  2⤵
  PID:7784
- C:\Windows\System32\Yladdre.exe
  C:\Windows\System32\Yladdre.exe
  2⤵
  PID:7812
- C:\Windows\System32\xGvxMkp.exe
  C:\Windows\System32\xGvxMkp.exe
  2⤵
  PID:7828
- C:\Windows\System32\ogGWGYW.exe
  C:\Windows\System32\ogGWGYW.exe
  2⤵
  PID:7860
- C:\Windows\System32\JNjfLSe.exe
  C:\Windows\System32\JNjfLSe.exe
  2⤵
  PID:7892
- C:\Windows\System32\XgWfQGY.exe
  C:\Windows\System32\XgWfQGY.exe
  2⤵
  PID:7912
- C:\Windows\System32\OAcVOdH.exe
  C:\Windows\System32\OAcVOdH.exe
  2⤵
  PID:7940
- C:\Windows\System32\gGTtxfL.exe
  C:\Windows\System32\gGTtxfL.exe
  2⤵
  PID:7980
- C:\Windows\System32\qDCbQTl.exe
  C:\Windows\System32\qDCbQTl.exe
  2⤵
  PID:8008
- C:\Windows\System32\qHhKzmx.exe
  C:\Windows\System32\qHhKzmx.exe
  2⤵
  PID:8036
- C:\Windows\System32\SIzMtkx.exe
  C:\Windows\System32\SIzMtkx.exe
  2⤵
  PID:8052
- C:\Windows\System32\dgfiuLT.exe
  C:\Windows\System32\dgfiuLT.exe
  2⤵
  PID:8092
- C:\Windows\System32\bSZIrLs.exe
  C:\Windows\System32\bSZIrLs.exe
  2⤵
  PID:8120
- C:\Windows\System32\PuzyFxc.exe
  C:\Windows\System32\PuzyFxc.exe
  2⤵
  PID:8136
- C:\Windows\System32\jWLTNaa.exe
  C:\Windows\System32\jWLTNaa.exe
  2⤵
  PID:8176
- C:\Windows\System32\UHUCQgi.exe
  C:\Windows\System32\UHUCQgi.exe
  2⤵
  PID:852
- C:\Windows\System32\XggOtTJ.exe
  C:\Windows\System32\XggOtTJ.exe
  2⤵
  PID:7272
- C:\Windows\System32\jMqwmed.exe
  C:\Windows\System32\jMqwmed.exe
  2⤵
  PID:7344
- C:\Windows\System32\FUBgUDC.exe
  C:\Windows\System32\FUBgUDC.exe
  2⤵
  PID:7416
- C:\Windows\System32\OizbqQE.exe
  C:\Windows\System32\OizbqQE.exe
  2⤵
  PID:7512
- C:\Windows\System32\pBoIuIF.exe
  C:\Windows\System32\pBoIuIF.exe
  2⤵
  PID:7588
- C:\Windows\System32\MWNMxLT.exe
  C:\Windows\System32\MWNMxLT.exe
  2⤵
  PID:7640
- C:\Windows\System32\mPZkVnL.exe
  C:\Windows\System32\mPZkVnL.exe
  2⤵
  PID:7716
- C:\Windows\System32\onvjLGa.exe
  C:\Windows\System32\onvjLGa.exe
  2⤵
  PID:1096
- C:\Windows\System32\hrXfgAs.exe
  C:\Windows\System32\hrXfgAs.exe
  2⤵
  PID:3128
- C:\Windows\System32\NIypFks.exe
  C:\Windows\System32\NIypFks.exe
  2⤵
  PID:1632
- C:\Windows\System32\GVpJrfV.exe
  C:\Windows\System32\GVpJrfV.exe
  2⤵
  PID:7872
- C:\Windows\System32\JGcRkKI.exe
  C:\Windows\System32\JGcRkKI.exe
  2⤵
  PID:7968
- C:\Windows\System32\LXncZEf.exe
  C:\Windows\System32\LXncZEf.exe
  2⤵
  PID:8024
- C:\Windows\System32\MHXPFOI.exe
  C:\Windows\System32\MHXPFOI.exe
  2⤵
  PID:8020
- C:\Windows\System32\ZCpXNZB.exe
  C:\Windows\System32\ZCpXNZB.exe
  2⤵
  PID:8128
- C:\Windows\System32\UwcDeNg.exe
  C:\Windows\System32\UwcDeNg.exe
  2⤵
  PID:8184
- C:\Windows\System32\FdhPAsp.exe
  C:\Windows\System32\FdhPAsp.exe
  2⤵
  PID:708
- C:\Windows\System32\gkXGxuV.exe
  C:\Windows\System32\gkXGxuV.exe
  2⤵
  PID:7528
- C:\Windows\System32\OEzSlgU.exe
  C:\Windows\System32\OEzSlgU.exe
  2⤵
  PID:7744
- C:\Windows\System32\SWbYlzi.exe
  C:\Windows\System32\SWbYlzi.exe
  2⤵
  PID:7796
- C:\Windows\System32\aTmwBvD.exe
  C:\Windows\System32\aTmwBvD.exe
  2⤵
  PID:7904
- C:\Windows\System32\vERldSC.exe
  C:\Windows\System32\vERldSC.exe
  2⤵
  PID:8116
- C:\Windows\System32\SgQCYpn.exe
  C:\Windows\System32\SgQCYpn.exe
  2⤵
  PID:8164
- C:\Windows\System32\ctkADeE.exe
  C:\Windows\System32\ctkADeE.exe
  2⤵
  PID:7736
- C:\Windows\System32\APTveZO.exe
  C:\Windows\System32\APTveZO.exe
  2⤵
  PID:376
- C:\Windows\System32\VPodZDr.exe
  C:\Windows\System32\VPodZDr.exe
  2⤵
  PID:8132
- C:\Windows\System32\kLWyGNK.exe
  C:\Windows\System32\kLWyGNK.exe
  2⤵
  PID:7840
- C:\Windows\System32\FYkaZGn.exe
  C:\Windows\System32\FYkaZGn.exe
  2⤵
  PID:8212
- C:\Windows\System32\uwsJQNF.exe
  C:\Windows\System32\uwsJQNF.exe
  2⤵
  PID:8240
- C:\Windows\System32\Fuzymil.exe
  C:\Windows\System32\Fuzymil.exe
  2⤵
  PID:8260
- C:\Windows\System32\NJhxBqV.exe
  C:\Windows\System32\NJhxBqV.exe
  2⤵
  PID:8288
- C:\Windows\System32\QeosvlH.exe
  C:\Windows\System32\QeosvlH.exe
  2⤵
  PID:8336
- C:\Windows\System32\vbcVUTY.exe
  C:\Windows\System32\vbcVUTY.exe
  2⤵
  PID:8364
- C:\Windows\System32\WdXNdKS.exe
  C:\Windows\System32\WdXNdKS.exe
  2⤵
  PID:8384
- C:\Windows\System32\IvGpzqs.exe
  C:\Windows\System32\IvGpzqs.exe
  2⤵
  PID:8424
- C:\Windows\System32\WWdlPuA.exe
  C:\Windows\System32\WWdlPuA.exe
  2⤵
  PID:8448
- C:\Windows\System32\ZOEJHZf.exe
  C:\Windows\System32\ZOEJHZf.exe
  2⤵
  PID:8476
- C:\Windows\System32\fasGqCR.exe
  C:\Windows\System32\fasGqCR.exe
  2⤵
  PID:8512
- C:\Windows\System32\fnrrYBT.exe
  C:\Windows\System32\fnrrYBT.exe
  2⤵
  PID:8540
- C:\Windows\System32\tfJwZFB.exe
  C:\Windows\System32\tfJwZFB.exe
  2⤵
  PID:8564
- C:\Windows\System32\sdzXbRt.exe
  C:\Windows\System32\sdzXbRt.exe
  2⤵
  PID:8584
- C:\Windows\System32\BiEMgLr.exe
  C:\Windows\System32\BiEMgLr.exe
  2⤵
  PID:8616
- C:\Windows\System32\utPjzgX.exe
  C:\Windows\System32\utPjzgX.exe
  2⤵
  PID:8652
- C:\Windows\System32\liZLWIw.exe
  C:\Windows\System32\liZLWIw.exe
  2⤵
  PID:8680
- C:\Windows\System32\PjgbmeQ.exe
  C:\Windows\System32\PjgbmeQ.exe
  2⤵
  PID:8708
- C:\Windows\System32\qHXYKwm.exe
  C:\Windows\System32\qHXYKwm.exe
  2⤵
  PID:8728
- C:\Windows\System32\FYitrKN.exe
  C:\Windows\System32\FYitrKN.exe
  2⤵
  PID:8764
- C:\Windows\System32\MMeQAMz.exe
  C:\Windows\System32\MMeQAMz.exe
  2⤵
  PID:8792
- C:\Windows\System32\bzjgqZb.exe
  C:\Windows\System32\bzjgqZb.exe
  2⤵
  PID:8808
- C:\Windows\System32\gxiDXlJ.exe
  C:\Windows\System32\gxiDXlJ.exe
  2⤵
  PID:8856
- C:\Windows\System32\woWsSzm.exe
  C:\Windows\System32\woWsSzm.exe
  2⤵
  PID:8876
- C:\Windows\System32\sypQbXb.exe
  C:\Windows\System32\sypQbXb.exe
  2⤵
  PID:8896
- C:\Windows\System32\saFQood.exe
  C:\Windows\System32\saFQood.exe
  2⤵
  PID:8932
- C:\Windows\System32\IhAvBgV.exe
  C:\Windows\System32\IhAvBgV.exe
  2⤵
  PID:8960
- C:\Windows\System32\wCmXFYA.exe
  C:\Windows\System32\wCmXFYA.exe
  2⤵
  PID:8988
- C:\Windows\System32\smeTgQJ.exe
  C:\Windows\System32\smeTgQJ.exe
  2⤵
  PID:9016
- C:\Windows\System32\hGkObFC.exe
  C:\Windows\System32\hGkObFC.exe
  2⤵
  PID:9044
- C:\Windows\System32\IhyxqEb.exe
  C:\Windows\System32\IhyxqEb.exe
  2⤵
  PID:9068
- C:\Windows\System32\GKZVwyi.exe
  C:\Windows\System32\GKZVwyi.exe
  2⤵
  PID:9096
- C:\Windows\System32\FPaaKpD.exe
  C:\Windows\System32\FPaaKpD.exe
  2⤵
  PID:9128
- C:\Windows\System32\uuOnouH.exe
  C:\Windows\System32\uuOnouH.exe
  2⤵
  PID:9156
- C:\Windows\System32\hGIdzFh.exe
  C:\Windows\System32\hGIdzFh.exe
  2⤵
  PID:9184
- C:\Windows\System32\kjCnJCq.exe
  C:\Windows\System32\kjCnJCq.exe
  2⤵
  PID:9200
- C:\Windows\System32\IgTkkdt.exe
  C:\Windows\System32\IgTkkdt.exe
  2⤵
  PID:7548
- C:\Windows\System32\zcHTuJg.exe
  C:\Windows\System32\zcHTuJg.exe
  2⤵
  PID:8256
- C:\Windows\System32\aHwHvjZ.exe
  C:\Windows\System32\aHwHvjZ.exe
  2⤵
  PID:8324
- C:\Windows\System32\eBtoAzW.exe
  C:\Windows\System32\eBtoAzW.exe
  2⤵
  PID:8360
- C:\Windows\System32\RIXrBjV.exe
  C:\Windows\System32\RIXrBjV.exe
  2⤵
  PID:8432
- C:\Windows\System32\UVddqVx.exe
  C:\Windows\System32\UVddqVx.exe
  2⤵
  PID:8548
- C:\Windows\System32\mCIEvFa.exe
  C:\Windows\System32\mCIEvFa.exe
  2⤵
  PID:8676
- C:\Windows\System32\dkBiGVV.exe
  C:\Windows\System32\dkBiGVV.exe
  2⤵
  PID:8716
- C:\Windows\System32\LRUQMyn.exe
  C:\Windows\System32\LRUQMyn.exe
  2⤵
  PID:8788
- C:\Windows\System32\yQBdRsO.exe
  C:\Windows\System32\yQBdRsO.exe
  2⤵
  PID:8864
- C:\Windows\System32\QOzCbLo.exe
  C:\Windows\System32\QOzCbLo.exe
  2⤵
  PID:8892
- C:\Windows\System32\KrFTzqz.exe
  C:\Windows\System32\KrFTzqz.exe
  2⤵
  PID:8972
- C:\Windows\System32\DUItgHe.exe
  C:\Windows\System32\DUItgHe.exe
  2⤵
  PID:9060
- C:\Windows\System32\GlCxoWf.exe
  C:\Windows\System32\GlCxoWf.exe
  2⤵
  PID:9120
- C:\Windows\System32\djxLkKB.exe
  C:\Windows\System32\djxLkKB.exe
  2⤵
  PID:9176
- C:\Windows\System32\QnIQuuT.exe
  C:\Windows\System32\QnIQuuT.exe
  2⤵
  PID:7464
- C:\Windows\System32\CfIPOcl.exe
  C:\Windows\System32\CfIPOcl.exe
  2⤵
  PID:8348
- C:\Windows\System32\gaaKICZ.exe
  C:\Windows\System32\gaaKICZ.exe
  2⤵
  PID:8532
- C:\Windows\System32\OBunWxZ.exe
  C:\Windows\System32\OBunWxZ.exe
  2⤵
  PID:8576
- C:\Windows\System32\cyidkma.exe
  C:\Windows\System32\cyidkma.exe
  2⤵
  PID:8836
- C:\Windows\System32\GCeWboZ.exe
  C:\Windows\System32\GCeWboZ.exe
  2⤵
  PID:9032
- C:\Windows\System32\rYbQeOq.exe
  C:\Windows\System32\rYbQeOq.exe
  2⤵
  PID:9212
- C:\Windows\System32\BcOXRha.exe
  C:\Windows\System32\BcOXRha.exe
  2⤵
  PID:9192
- C:\Windows\System32\XqFjqVM.exe
  C:\Windows\System32\XqFjqVM.exe
  2⤵
  PID:8524
- C:\Windows\System32\EvoHkOH.exe
  C:\Windows\System32\EvoHkOH.exe
  2⤵
  PID:8736
- C:\Windows\System32\jjZmJlM.exe
  C:\Windows\System32\jjZmJlM.exe
  2⤵
  PID:9052
- C:\Windows\System32\vPKllxr.exe
  C:\Windows\System32\vPKllxr.exe
  2⤵
  PID:8780
- C:\Windows\System32\aQeofPu.exe
  C:\Windows\System32\aQeofPu.exe
  2⤵
  PID:9272
- C:\Windows\System32\jqlgUcm.exe
  C:\Windows\System32\jqlgUcm.exe
  2⤵
  PID:9300
- C:\Windows\System32\KSfwSLr.exe
  C:\Windows\System32\KSfwSLr.exe
  2⤵
  PID:9328
- C:\Windows\System32\zLJVRso.exe
  C:\Windows\System32\zLJVRso.exe
  2⤵
  PID:9356
- C:\Windows\System32\bFqVLNT.exe
  C:\Windows\System32\bFqVLNT.exe
  2⤵
  PID:9384
- C:\Windows\System32\HlOYirO.exe
  C:\Windows\System32\HlOYirO.exe
  2⤵
  PID:9412
- C:\Windows\System32\jfBAAFO.exe
  C:\Windows\System32\jfBAAFO.exe
  2⤵
  PID:9440
- C:\Windows\System32\kBRONJr.exe
  C:\Windows\System32\kBRONJr.exe
  2⤵
  PID:9456
- C:\Windows\System32\FhOpLIy.exe
  C:\Windows\System32\FhOpLIy.exe
  2⤵
  PID:9504
- C:\Windows\System32\pdlEmDi.exe
  C:\Windows\System32\pdlEmDi.exe
  2⤵
  PID:9528
- C:\Windows\System32\aODhDfr.exe
  C:\Windows\System32\aODhDfr.exe
  2⤵
  PID:9552
- C:\Windows\System32\fRcziYQ.exe
  C:\Windows\System32\fRcziYQ.exe
  2⤵
  PID:9580
- C:\Windows\System32\khaosJZ.exe
  C:\Windows\System32\khaosJZ.exe
  2⤵
  PID:9596
- C:\Windows\System32\cYbyUYh.exe
  C:\Windows\System32\cYbyUYh.exe
  2⤵
  PID:9628
- C:\Windows\System32\cnUZuIl.exe
  C:\Windows\System32\cnUZuIl.exe
  2⤵
  PID:9660
- C:\Windows\System32\JHqGQRo.exe
  C:\Windows\System32\JHqGQRo.exe
  2⤵
  PID:9692
- C:\Windows\System32\fDJLffc.exe
  C:\Windows\System32\fDJLffc.exe
  2⤵
  PID:9708
- C:\Windows\System32\hjOtNlZ.exe
  C:\Windows\System32\hjOtNlZ.exe
  2⤵
  PID:9744
- C:\Windows\System32\DPEqSfV.exe
  C:\Windows\System32\DPEqSfV.exe
  2⤵
  PID:9776
- C:\Windows\System32\fkxISmI.exe
  C:\Windows\System32\fkxISmI.exe
  2⤵
  PID:9800
- C:\Windows\System32\RgaLZit.exe
  C:\Windows\System32\RgaLZit.exe
  2⤵
  PID:9820
- C:\Windows\System32\dPFHYcN.exe
  C:\Windows\System32\dPFHYcN.exe
  2⤵
  PID:9852
- C:\Windows\System32\LwqFcEG.exe
  C:\Windows\System32\LwqFcEG.exe
  2⤵
  PID:9888
- C:\Windows\System32\gGgbHto.exe
  C:\Windows\System32\gGgbHto.exe
  2⤵
  PID:9916
- C:\Windows\System32\agWrZIJ.exe
  C:\Windows\System32\agWrZIJ.exe
  2⤵
  PID:9940
- C:\Windows\System32\UaoWaqH.exe
  C:\Windows\System32\UaoWaqH.exe
  2⤵
  PID:9972
- C:\Windows\System32\IHMqcMw.exe
  C:\Windows\System32\IHMqcMw.exe
  2⤵
  PID:10000
- C:\Windows\System32\TEWmUvF.exe
  C:\Windows\System32\TEWmUvF.exe
  2⤵
  PID:10028
- C:\Windows\System32\wQZiuZN.exe
  C:\Windows\System32\wQZiuZN.exe
  2⤵
  PID:10044
- C:\Windows\System32\IgHLucS.exe
  C:\Windows\System32\IgHLucS.exe
  2⤵
  PID:10076
- C:\Windows\System32\oPLBmEh.exe
  C:\Windows\System32\oPLBmEh.exe
  2⤵
  PID:10112
- C:\Windows\System32\yxlKHpk.exe
  C:\Windows\System32\yxlKHpk.exe
  2⤵
  PID:10148
- C:\Windows\System32\ZebNDdx.exe
  C:\Windows\System32\ZebNDdx.exe
  2⤵
  PID:10176
- C:\Windows\System32\IVuKgfM.exe
  C:\Windows\System32\IVuKgfM.exe
  2⤵
  PID:10192
- C:\Windows\System32\fWdakXT.exe
  C:\Windows\System32\fWdakXT.exe
  2⤵
  PID:10232
- C:\Windows\System32\yQlIOWY.exe
  C:\Windows\System32\yQlIOWY.exe
  2⤵
  PID:8464
- C:\Windows\System32\ntwstsC.exe
  C:\Windows\System32\ntwstsC.exe
  2⤵
  PID:9292
- C:\Windows\System32\eTATmgv.exe
  C:\Windows\System32\eTATmgv.exe
  2⤵
  PID:9368
- C:\Windows\System32\JjmXFrp.exe
  C:\Windows\System32\JjmXFrp.exe
  2⤵
  PID:9408
- C:\Windows\System32\LLNHuna.exe
  C:\Windows\System32\LLNHuna.exe
  2⤵
  PID:9520
- C:\Windows\System32\LtmYAzJ.exe
  C:\Windows\System32\LtmYAzJ.exe
  2⤵
  PID:9548
- C:\Windows\System32\rIfWISY.exe
  C:\Windows\System32\rIfWISY.exe
  2⤵
  PID:9612
- C:\Windows\System32\EZrgepp.exe
  C:\Windows\System32\EZrgepp.exe
  2⤵
  PID:9672
- C:\Windows\System32\MIaXafM.exe
  C:\Windows\System32\MIaXafM.exe
  2⤵
  PID:9768
- C:\Windows\System32\VyLOWtj.exe
  C:\Windows\System32\VyLOWtj.exe
  2⤵
  PID:9836
- C:\Windows\System32\Lxubgox.exe
  C:\Windows\System32\Lxubgox.exe
  2⤵
  PID:9884
- C:\Windows\System32\FnyKYNT.exe
  C:\Windows\System32\FnyKYNT.exe
  2⤵
  PID:9952
- C:\Windows\System32\gOZAZRc.exe
  C:\Windows\System32\gOZAZRc.exe
  2⤵
  PID:10020
- C:\Windows\System32\ogUFZSi.exe
  C:\Windows\System32\ogUFZSi.exe
  2⤵
  PID:10096
- C:\Windows\System32\foHoKpy.exe
  C:\Windows\System32\foHoKpy.exe
  2⤵
  PID:10168
- C:\Windows\System32\qvzQadv.exe
  C:\Windows\System32\qvzQadv.exe
  2⤵
  PID:10212
- C:\Windows\System32\JZPDZbQ.exe
  C:\Windows\System32\JZPDZbQ.exe
  2⤵
  PID:8632
- C:\Windows\System32\MOlHxJZ.exe
  C:\Windows\System32\MOlHxJZ.exe
  2⤵
  PID:9452
- C:\Windows\System32\ezZVlZb.exe
  C:\Windows\System32\ezZVlZb.exe
  2⤵
  PID:9648
- C:\Windows\System32\SRPUpOu.exe
  C:\Windows\System32\SRPUpOu.exe
  2⤵
  PID:9720
- C:\Windows\System32\tWYiunI.exe
  C:\Windows\System32\tWYiunI.exe
  2⤵
  PID:8668
- C:\Windows\System32\pUScbkn.exe
  C:\Windows\System32\pUScbkn.exe
  2⤵
  PID:10184
- C:\Windows\System32\hYBYWRK.exe
  C:\Windows\System32\hYBYWRK.exe
  2⤵
  PID:9488
- C:\Windows\System32\aKOlGzR.exe
  C:\Windows\System32\aKOlGzR.exe
  2⤵
  PID:9900
- C:\Windows\System32\enSgigt.exe
  C:\Windows\System32\enSgigt.exe
  2⤵
  PID:9376
- C:\Windows\System32\txfdcPF.exe
  C:\Windows\System32\txfdcPF.exe
  2⤵
  PID:10260
- C:\Windows\System32\FHCjnpS.exe
  C:\Windows\System32\FHCjnpS.exe
  2⤵
  PID:10288
- C:\Windows\System32\mmwElKs.exe
  C:\Windows\System32\mmwElKs.exe
  2⤵
  PID:10304
- C:\Windows\System32\iNzHEFn.exe
  C:\Windows\System32\iNzHEFn.exe
  2⤵
  PID:10344
- C:\Windows\System32\mwKytjM.exe
  C:\Windows\System32\mwKytjM.exe
  2⤵
  PID:10372
- C:\Windows\System32\frzVQbL.exe
  C:\Windows\System32\frzVQbL.exe
  2⤵
  PID:10412
- C:\Windows\System32\LtrZIHt.exe
  C:\Windows\System32\LtrZIHt.exe
  2⤵
  PID:10440
- C:\Windows\System32\cjqYEbo.exe
  C:\Windows\System32\cjqYEbo.exe
  2⤵
  PID:10456
- C:\Windows\System32\ahkwxrF.exe
  C:\Windows\System32\ahkwxrF.exe
  2⤵
  PID:10504
- C:\Windows\System32\DDSSQkh.exe
  C:\Windows\System32\DDSSQkh.exe
  2⤵
  PID:10540
- C:\Windows\System32\DReupHC.exe
  C:\Windows\System32\DReupHC.exe
  2⤵
  PID:10560
- C:\Windows\System32\MVlKQWT.exe
  C:\Windows\System32\MVlKQWT.exe
  2⤵
  PID:10580
- C:\Windows\System32\pyfVQnS.exe
  C:\Windows\System32\pyfVQnS.exe
  2⤵
  PID:10632
- C:\Windows\System32\qCprHoO.exe
  C:\Windows\System32\qCprHoO.exe
  2⤵
  PID:10664
- C:\Windows\System32\xzMDixb.exe
  C:\Windows\System32\xzMDixb.exe
  2⤵
  PID:10692
- C:\Windows\System32\CWhkTfk.exe
  C:\Windows\System32\CWhkTfk.exe
  2⤵
  PID:10708
- C:\Windows\System32\PbnqkjW.exe
  C:\Windows\System32\PbnqkjW.exe
  2⤵
  PID:10736
- C:\Windows\System32\MeWmdWg.exe
  C:\Windows\System32\MeWmdWg.exe
  2⤵
  PID:10756
- C:\Windows\System32\awqedru.exe
  C:\Windows\System32\awqedru.exe
  2⤵
  PID:10776
- C:\Windows\System32\lhuNXyu.exe
  C:\Windows\System32\lhuNXyu.exe
  2⤵
  PID:10840
- C:\Windows\System32\bAjaLEC.exe
  C:\Windows\System32\bAjaLEC.exe
  2⤵
  PID:10860
- C:\Windows\System32\vHYymHF.exe
  C:\Windows\System32\vHYymHF.exe
  2⤵
  PID:10880
- C:\Windows\System32\rcmuiGj.exe
  C:\Windows\System32\rcmuiGj.exe
  2⤵
  PID:10904
- C:\Windows\System32\qzHorVk.exe
  C:\Windows\System32\qzHorVk.exe
  2⤵
  PID:10936
- C:\Windows\System32\ZtUSexp.exe
  C:\Windows\System32\ZtUSexp.exe
  2⤵
  PID:10964
- C:\Windows\System32\LvVsnuv.exe
  C:\Windows\System32\LvVsnuv.exe
  2⤵
  PID:10992
- C:\Windows\System32\jiNRjEa.exe
  C:\Windows\System32\jiNRjEa.exe
  2⤵
  PID:11016
- C:\Windows\System32\iHJhPEQ.exe
  C:\Windows\System32\iHJhPEQ.exe
  2⤵
  PID:11032
- C:\Windows\System32\fKStuor.exe
  C:\Windows\System32\fKStuor.exe
  2⤵
  PID:11060
- C:\Windows\System32\CRjYdVV.exe
  C:\Windows\System32\CRjYdVV.exe
  2⤵
  PID:11112
- C:\Windows\System32\JBquQnv.exe
  C:\Windows\System32\JBquQnv.exe
  2⤵
  PID:11128
- C:\Windows\System32\SKFdrjW.exe
  C:\Windows\System32\SKFdrjW.exe
  2⤵
  PID:11160
- C:\Windows\System32\ZQPXHkJ.exe
  C:\Windows\System32\ZQPXHkJ.exe
  2⤵
  PID:11184
- C:\Windows\System32\KNiwzqE.exe
  C:\Windows\System32\KNiwzqE.exe
  2⤵
  PID:11216
- C:\Windows\System32\NcFHHTq.exe
  C:\Windows\System32\NcFHHTq.exe
  2⤵
  PID:11244
- C:\Windows\System32\GQPcoFK.exe
  C:\Windows\System32\GQPcoFK.exe
  2⤵
  PID:10248
- C:\Windows\System32\nJpMIku.exe
  C:\Windows\System32\nJpMIku.exe
  2⤵
  PID:10316
- C:\Windows\System32\SxNFemQ.exe
  C:\Windows\System32\SxNFemQ.exe
  2⤵
  PID:10400
- C:\Windows\System32\MHboTnj.exe
  C:\Windows\System32\MHboTnj.exe
  2⤵
  PID:10432
- C:\Windows\System32\PhinjLa.exe
  C:\Windows\System32\PhinjLa.exe
  2⤵
  PID:10548
- C:\Windows\System32\SMzbEeu.exe
  C:\Windows\System32\SMzbEeu.exe
  2⤵
  PID:10628
- C:\Windows\System32\weHYXqW.exe
  C:\Windows\System32\weHYXqW.exe
  2⤵
  PID:10720
- C:\Windows\System32\yFZTUOh.exe
  C:\Windows\System32\yFZTUOh.exe
  2⤵
  PID:10768
- C:\Windows\System32\Frwdtiu.exe
  C:\Windows\System32\Frwdtiu.exe
  2⤵
  PID:10856
- C:\Windows\System32\XrmTGYa.exe
  C:\Windows\System32\XrmTGYa.exe
  2⤵
  PID:10944
- C:\Windows\System32\UfzEpOq.exe
  C:\Windows\System32\UfzEpOq.exe
  2⤵
  PID:11024
- C:\Windows\System32\GmHQsPp.exe
  C:\Windows\System32\GmHQsPp.exe
  2⤵
  PID:11104
- C:\Windows\System32\EkBOCqg.exe
  C:\Windows\System32\EkBOCqg.exe
  2⤵
  PID:11176
- C:\Windows\System32\aUPAKEg.exe
  C:\Windows\System32\aUPAKEg.exe
  2⤵
  PID:11228
- C:\Windows\System32\EpjnbVC.exe
  C:\Windows\System32\EpjnbVC.exe
  2⤵
  PID:10296
- C:\Windows\System32\UNnzoWe.exe
  C:\Windows\System32\UNnzoWe.exe
  2⤵
  PID:10496
- C:\Windows\System32\chiYyhw.exe
  C:\Windows\System32\chiYyhw.exe
  2⤵
  PID:10700
- C:\Windows\System32\OAkzorv.exe
  C:\Windows\System32\OAkzorv.exe
  2⤵
  PID:10852
- C:\Windows\System32\vbPUNzZ.exe
  C:\Windows\System32\vbPUNzZ.exe
  2⤵
  PID:11052
- C:\Windows\System32\aidJXkT.exe
  C:\Windows\System32\aidJXkT.exe
  2⤵
  PID:11140
- C:\Windows\System32\UGKqrYI.exe
  C:\Windows\System32\UGKqrYI.exe
  2⤵
  PID:10284
- C:\Windows\System32\kwsDMaj.exe
  C:\Windows\System32\kwsDMaj.exe
  2⤵
  PID:10652
- C:\Windows\System32\iTxMUMJ.exe
  C:\Windows\System32\iTxMUMJ.exe
  2⤵
  PID:10872
- C:\Windows\System32\TXwqnCe.exe
  C:\Windows\System32\TXwqnCe.exe
  2⤵
  PID:10368
- C:\Windows\System32\SLLGyng.exe
  C:\Windows\System32\SLLGyng.exe
  2⤵
  PID:11256
- C:\Windows\System32\CzGykTJ.exe
  C:\Windows\System32\CzGykTJ.exe
  2⤵
  PID:11284
- C:\Windows\System32\vwYiLHA.exe
  C:\Windows\System32\vwYiLHA.exe
  2⤵
  PID:11312
- C:\Windows\System32\ywyANrw.exe
  C:\Windows\System32\ywyANrw.exe
  2⤵
  PID:11340
- C:\Windows\System32\HcjlEsF.exe
  C:\Windows\System32\HcjlEsF.exe
  2⤵
  PID:11368
- C:\Windows\System32\gxwFcMa.exe
  C:\Windows\System32\gxwFcMa.exe
  2⤵
  PID:11404
- C:\Windows\System32\DnGNOja.exe
  C:\Windows\System32\DnGNOja.exe
  2⤵
  PID:11432
- C:\Windows\System32\vEOGywr.exe
  C:\Windows\System32\vEOGywr.exe
  2⤵
  PID:11460
- C:\Windows\System32\qXdyfsD.exe
  C:\Windows\System32\qXdyfsD.exe
  2⤵
  PID:11492
- C:\Windows\System32\WbSgMOQ.exe
  C:\Windows\System32\WbSgMOQ.exe
  2⤵
  PID:11520
- C:\Windows\System32\TfdCROt.exe
  C:\Windows\System32\TfdCROt.exe
  2⤵
  PID:11548
- C:\Windows\System32\dgVHFGq.exe
  C:\Windows\System32\dgVHFGq.exe
  2⤵
  PID:11576
- C:\Windows\System32\QqbSKCK.exe
  C:\Windows\System32\QqbSKCK.exe
  2⤵
  PID:11604
- C:\Windows\System32\CmJLVQo.exe
  C:\Windows\System32\CmJLVQo.exe
  2⤵
  PID:11632
- C:\Windows\System32\QbBeZbk.exe
  C:\Windows\System32\QbBeZbk.exe
  2⤵
  PID:11660
- C:\Windows\System32\mOfETWR.exe
  C:\Windows\System32\mOfETWR.exe
  2⤵
  PID:11688
- C:\Windows\System32\EKrSuWE.exe
  C:\Windows\System32\EKrSuWE.exe
  2⤵
  PID:11716
- C:\Windows\System32\INUcSCQ.exe
  C:\Windows\System32\INUcSCQ.exe
  2⤵
  PID:11748
- C:\Windows\System32\XqpFcug.exe
  C:\Windows\System32\XqpFcug.exe
  2⤵
  PID:11776
- C:\Windows\System32\NgYCwYL.exe
  C:\Windows\System32\NgYCwYL.exe
  2⤵
  PID:11804
- C:\Windows\System32\NKppyKT.exe
  C:\Windows\System32\NKppyKT.exe
  2⤵
  PID:11832
- C:\Windows\System32\aKeOHbU.exe
  C:\Windows\System32\aKeOHbU.exe
  2⤵
  PID:11848
- C:\Windows\System32\dMsXymg.exe
  C:\Windows\System32\dMsXymg.exe
  2⤵
  PID:11888
- C:\Windows\System32\QHXXqbm.exe
  C:\Windows\System32\QHXXqbm.exe
  2⤵
  PID:11920
- C:\Windows\System32\CPsqZiM.exe
  C:\Windows\System32\CPsqZiM.exe
  2⤵
  PID:11948
- C:\Windows\System32\Cztawhf.exe
  C:\Windows\System32\Cztawhf.exe
  2⤵
  PID:11976
- C:\Windows\System32\IJmIvFm.exe
  C:\Windows\System32\IJmIvFm.exe
  2⤵
  PID:12004
- C:\Windows\System32\cROHAUV.exe
  C:\Windows\System32\cROHAUV.exe
  2⤵
  PID:12032
- C:\Windows\System32\ZxOzZwC.exe
  C:\Windows\System32\ZxOzZwC.exe
  2⤵
  PID:12060
- C:\Windows\System32\eWMDqGx.exe
  C:\Windows\System32\eWMDqGx.exe
  2⤵
  PID:12088
- C:\Windows\System32\jkcqpjh.exe
  C:\Windows\System32\jkcqpjh.exe
  2⤵
  PID:12116
- C:\Windows\System32\xsEswcJ.exe
  C:\Windows\System32\xsEswcJ.exe
  2⤵
  PID:12144
- C:\Windows\System32\BWzgKyH.exe
  C:\Windows\System32\BWzgKyH.exe
  2⤵
  PID:12172
- C:\Windows\System32\XTObraO.exe
  C:\Windows\System32\XTObraO.exe
  2⤵
  PID:12200
- C:\Windows\System32\ozadaxx.exe
  C:\Windows\System32\ozadaxx.exe
  2⤵
  PID:12228
- C:\Windows\System32\IvOPLEL.exe
  C:\Windows\System32\IvOPLEL.exe
  2⤵
  PID:12260
- C:\Windows\System32\oPvfAHR.exe
  C:\Windows\System32\oPvfAHR.exe
  2⤵
  PID:10404
- C:\Windows\System32\zUieHWu.exe
  C:\Windows\System32\zUieHWu.exe
  2⤵
  PID:11332
- C:\Windows\System32\AgYCsHd.exe
  C:\Windows\System32\AgYCsHd.exe
  2⤵
  PID:11416
- C:\Windows\System32\yHgJhDW.exe
  C:\Windows\System32\yHgJhDW.exe
  2⤵
  PID:11488
- C:\Windows\System32\ONadgrE.exe
  C:\Windows\System32\ONadgrE.exe
  2⤵
  PID:11544
- C:\Windows\System32\gDXUytl.exe
  C:\Windows\System32\gDXUytl.exe
  2⤵
  PID:11616
- C:\Windows\System32\roZMSKq.exe
  C:\Windows\System32\roZMSKq.exe
  2⤵
  PID:11672
- C:\Windows\System32\XYmTNNz.exe
  C:\Windows\System32\XYmTNNz.exe
  2⤵
  PID:11740
- C:\Windows\System32\jRAhwQR.exe
  C:\Windows\System32\jRAhwQR.exe
  2⤵
  PID:11816
- C:\Windows\System32\bLhoNle.exe
  C:\Windows\System32\bLhoNle.exe
  2⤵
  PID:11876
- C:\Windows\System32\kucvYfl.exe
  C:\Windows\System32\kucvYfl.exe
  2⤵
  PID:11940
- C:\Windows\System32\bxozhNW.exe
  C:\Windows\System32\bxozhNW.exe
  2⤵
  PID:3224
- C:\Windows\System32\INZVjzP.exe
  C:\Windows\System32\INZVjzP.exe
  2⤵
  PID:3008
- C:\Windows\System32\iQbqEFx.exe
  C:\Windows\System32\iQbqEFx.exe
  2⤵
  PID:12056
- C:\Windows\System32\cEvazSp.exe
  C:\Windows\System32\cEvazSp.exe
  2⤵
  PID:12128
- C:\Windows\System32\kgaCpEh.exe
  C:\Windows\System32\kgaCpEh.exe
  2⤵
  PID:12192
- C:\Windows\System32\ErLVvKO.exe
  C:\Windows\System32\ErLVvKO.exe
  2⤵
  PID:12240
- C:\Windows\System32\MTlfUGq.exe
  C:\Windows\System32\MTlfUGq.exe
  2⤵
  PID:12284
- C:\Windows\System32\WVKpOxo.exe
  C:\Windows\System32\WVKpOxo.exe
  2⤵
  PID:11452
- C:\Windows\System32\JOtcFBD.exe
  C:\Windows\System32\JOtcFBD.exe
  2⤵
  PID:11572
- C:\Windows\System32\auBehoP.exe
  C:\Windows\System32\auBehoP.exe
  2⤵
  PID:11772
- C:\Windows\System32\XTtMkUr.exe
  C:\Windows\System32\XTtMkUr.exe
  2⤵
  PID:11932
- C:\Windows\System32\OdTWJtN.exe
  C:\Windows\System32\OdTWJtN.exe
  2⤵
  PID:2596
- C:\Windows\System32\IBmwDxn.exe
  C:\Windows\System32\IBmwDxn.exe
  2⤵
  PID:12156
- C:\Windows\System32\ORYGKiX.exe
  C:\Windows\System32\ORYGKiX.exe
  2⤵
  PID:11364
- C:\Windows\System32\DURZZXq.exe
  C:\Windows\System32\DURZZXq.exe
  2⤵
  PID:11708
- C:\Windows\System32\ccPJReD.exe
  C:\Windows\System32\ccPJReD.exe
  2⤵
  PID:3320
- C:\Windows\System32\LURXGyE.exe
  C:\Windows\System32\LURXGyE.exe
  2⤵
  PID:11540
- C:\Windows\System32\vuRIECv.exe
  C:\Windows\System32\vuRIECv.exe
  2⤵
  PID:12272
- C:\Windows\System32\iSuYiza.exe
  C:\Windows\System32\iSuYiza.exe
  2⤵
  PID:12300
- C:\Windows\System32\ojbzgFh.exe
  C:\Windows\System32\ojbzgFh.exe
  2⤵
  PID:12328
- C:\Windows\System32\DDtUQOH.exe
  C:\Windows\System32\DDtUQOH.exe
  2⤵
  PID:12356
- C:\Windows\System32\yAzNvpD.exe
  C:\Windows\System32\yAzNvpD.exe
  2⤵
  PID:12384
- C:\Windows\System32\ghCCHvL.exe
  C:\Windows\System32\ghCCHvL.exe
  2⤵
  PID:12412
- C:\Windows\System32\iwsIkbu.exe
  C:\Windows\System32\iwsIkbu.exe
  2⤵
  PID:12440
- C:\Windows\System32\PctoQGz.exe
  C:\Windows\System32\PctoQGz.exe
  2⤵
  PID:12468
- C:\Windows\System32\nqinpGj.exe
  C:\Windows\System32\nqinpGj.exe
  2⤵
  PID:12496
- C:\Windows\System32\hMWtUDi.exe
  C:\Windows\System32\hMWtUDi.exe
  2⤵
  PID:12528
- C:\Windows\System32\aBTjXKm.exe
  C:\Windows\System32\aBTjXKm.exe
  2⤵
  PID:12556
- C:\Windows\System32\VTCPtsF.exe
  C:\Windows\System32\VTCPtsF.exe
  2⤵
  PID:12584
- C:\Windows\System32\PzNgkuj.exe
  C:\Windows\System32\PzNgkuj.exe
  2⤵
  PID:12612
- C:\Windows\System32\IwzFxzC.exe
  C:\Windows\System32\IwzFxzC.exe
  2⤵
  PID:12640
- C:\Windows\System32\ezxLhRP.exe
  C:\Windows\System32\ezxLhRP.exe
  2⤵
  PID:12668
- C:\Windows\System32\kJZdqGR.exe
  C:\Windows\System32\kJZdqGR.exe
  2⤵
  PID:12696
- C:\Windows\System32\izLVbhM.exe
  C:\Windows\System32\izLVbhM.exe
  2⤵
  PID:12724
- C:\Windows\System32\TYNvpKY.exe
  C:\Windows\System32\TYNvpKY.exe
  2⤵
  PID:12752
- C:\Windows\System32\PRJHDFZ.exe
  C:\Windows\System32\PRJHDFZ.exe
  2⤵
  PID:12780
- C:\Windows\System32\OSJvlbk.exe
  C:\Windows\System32\OSJvlbk.exe
  2⤵
  PID:12808
- C:\Windows\System32\OlGFtWI.exe
  C:\Windows\System32\OlGFtWI.exe
  2⤵
  PID:12832
- C:\Windows\System32\HJEwJav.exe
  C:\Windows\System32\HJEwJav.exe
  2⤵
  PID:12864
- C:\Windows\System32\YrwyWho.exe
  C:\Windows\System32\YrwyWho.exe
  2⤵
  PID:12892
- C:\Windows\System32\mNtonHk.exe
  C:\Windows\System32\mNtonHk.exe
  2⤵
  PID:12920
- C:\Windows\System32\dWgwTki.exe
  C:\Windows\System32\dWgwTki.exe
  2⤵
  PID:12952
- C:\Windows\System32\ZIzJLeV.exe
  C:\Windows\System32\ZIzJLeV.exe
  2⤵
  PID:12980
- C:\Windows\System32\NakQigB.exe
  C:\Windows\System32\NakQigB.exe
  2⤵
  PID:13008
- C:\Windows\System32\HnAbOMk.exe
  C:\Windows\System32\HnAbOMk.exe
  2⤵
  PID:13044
- C:\Windows\System32\vKESNlS.exe
  C:\Windows\System32\vKESNlS.exe
  2⤵
  PID:13072
- C:\Windows\System32\lriyZmF.exe
  C:\Windows\System32\lriyZmF.exe
  2⤵
  PID:13100
- C:\Windows\System32\rZBuquj.exe
  C:\Windows\System32\rZBuquj.exe
  2⤵
  PID:13128
- C:\Windows\System32\DIwUlwf.exe
  C:\Windows\System32\DIwUlwf.exe
  2⤵
  PID:13156
- C:\Windows\System32\twUNQmv.exe
  C:\Windows\System32\twUNQmv.exe
  2⤵
  PID:13184
- C:\Windows\System32\ujehSfI.exe
  C:\Windows\System32\ujehSfI.exe
  2⤵
  PID:13212
- C:\Windows\System32\kMhWYOb.exe
  C:\Windows\System32\kMhWYOb.exe
  2⤵
  PID:13240
- C:\Windows\System32\zfAvkYC.exe
  C:\Windows\System32\zfAvkYC.exe
  2⤵
  PID:13268

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AVThszT.exe

Filesize
2.3MB

MD5
9357f44a8d611673db796bc00c1512bd

SHA1
665b44c099197c2eec0527c789e0d8deb4e39faa

SHA256
6002cd21f75c75d687c30c89e695747cceca8c07b73f27bdf9f777edf7bcd46a

SHA512
86d756b926299d16fe3f50c321229263e92c1f7e2c915337bdb6e07384a17948965b9c113559f71a9da23ccaacdadaefa77dcd5386ae337dbd7976ce212a4b58

Download Submit
C:\Windows\System32\CMTsbJy.exe

Filesize
2.3MB

MD5
38fc7c5315ab664ef1525d636c877cd9

SHA1
7e2f34561b140931619ccbbb264882a3a70f4070

SHA256
360ede30889fb5ace35a351850b82cd91e05a2a5fb710672b3a93a3002ffdec6

SHA512
9c4495dcfd20ee7461e4c358cfad688a4a1b3eaba8b14738235a15fda401912f51751e72d2cbfcc0c6b41e37f15005d48e629cd9620749dc3aeb40c323f5e999

Download Submit
C:\Windows\System32\CufAlHz.exe

Filesize
2.3MB

MD5
d9c8303eea09cc9fd61359ea6e06ab79

SHA1
e74679bc05d50db13f691fd036d099e4e7aac510

SHA256
2068fee07ab9080f96d20bfc5085770e870178a3b05f8601c4ac1f3be5efb936

SHA512
226207b5462c599614cb20d0ca7ca1c8d22e0e85965d895a225d543d17210ce39fdad0bc39fa41e9af3517cbbd8f352390e34f5daf974fe3e020d48ce56beff3

Download Submit
C:\Windows\System32\HyRpXVt.exe

Filesize
2.3MB

MD5
b13ac3463ac79ef84ed28707b8898b4f

SHA1
514a91a694c2b8c574e6346529c348ebff8a5071

SHA256
fc2b5e4fe44934c695cfe2d9822f8b319a757896fc0d87249fc0eee33735f088

SHA512
672c3dfd788e7e40adf922a40c2ef1e38532cefd5502530a27766fb5da78deeec5883a7b73d71eed2e5409cfde48b941fc7dc13ee10a8bd626e8fa9127f9e8b0

Download Submit
C:\Windows\System32\NRUMLAt.exe

Filesize
2.3MB

MD5
582e5d6cad3972ecab121b14b1fd3ea9

SHA1
ec35a03ac82da9b0968c0c15f6f6a732c22d0aae

SHA256
82c334a9e05ddbfa9cd5932fa7f985a207140bf85ee6b51ec4f66c7b4714ec87

SHA512
e97cb302e0c1e63ae9b1fcb03917d1eba77f9828a6f1a9c96d5258e4f52c1c86d8c00556229d29e357b71f92a2d25b7e3b00884d52638cb50a272447d923e2eb

Download Submit
C:\Windows\System32\ONxkaoR.exe

Filesize
2.3MB

MD5
af6e4fd2c9cfb170f8d0c15726d45833

SHA1
9dd436ba650fa28f6b23e3c12e5e42cbbe63dad3

SHA256
fc907fd3f29dd1a86fda7b32786b50bef10465e517d8d7ecacdb638eb8dcc15e

SHA512
977b2fbd6a88aaf1e777eadd7babd86d6a02aed00e33d39fd9d00d8466e08cc32262e37fe285bb8860b33d1c9fc298c49c77aa20125108b848ad864567cb5ea7

Download Submit
C:\Windows\System32\OOaUDEW.exe

Filesize
2.3MB

MD5
fba95fb1c4aeb3dacc633d571c2e26be

SHA1
42092b7af5b9f5aa6170dd37106ea6e4361e5982

SHA256
ac41f5d5b5cd20d13d48d999458400887d269592530d4fe20586546ef0ebf79e

SHA512
89efd91cf8aaf853bc52f9f25227d1d246d03a6b29c065782757a138d49a8201d3b7bd5bde8bc18f645df541f90dc7321ee2fac28a86aad5945a9009239c4858

Download Submit
C:\Windows\System32\PIpgNlG.exe

Filesize
2.3MB

MD5
cba20dbc85dbdd9c84808ae9bf967d76

SHA1
57f1a1bb212c22f3a93d516f84e1b63aea9e7195

SHA256
f2b2cbffc7ce386bed921d197e86b274a497e999910a446257dcdfbeaf431a7c

SHA512
a8ab09562a1947740848b8e7e9711be6a86afb2160d1333ec0bd13b87979712d1e4e99f620edc94bfa4ca7b9d3e415bb6370e7bdf5b3b810316d987cd36c3880

Download Submit
C:\Windows\System32\SCSBKaG.exe

Filesize
2.3MB

MD5
ec1f7c11cbb2d21c9c1ebfe1a6dc4e71

SHA1
6fb5372ce2ce935429dc51f398244dd04b9747e6

SHA256
a21109ecabc86afff98cfa740e823b0839ac112474b8ed41981c9cfac29447ff

SHA512
5931f647e12787e3f72357e204057aca7a459aa38d4f8e27e3faa09a1938696e98936a1d9fc451062b2e0fa9d42ac1cb25ac7a4ec0b26adc1c5b0a3b7fe44825

Download Submit
C:\Windows\System32\VvlaWHO.exe

Filesize
2.3MB

MD5
ca60d8a26cc26a8f6c82946ae91b2320

SHA1
20582af7c5ebd60c1ea1d066c0322728bf63d1f3

SHA256
118dce317ba87edb5cf9bbb8182eeb72fb5c0c8e9eb9ee50315182ca29c62ee4

SHA512
689b17b230af0963ebff20c27ef39bd979917e9cbecf91ae188e8859d32c5e29065ffa4b06e82087554dc618067b1ea78b947248cdb66609634acff9d2b0d3e2

Download Submit
C:\Windows\System32\WrGAPJB.exe

Filesize
2.3MB

MD5
b19fed3289de12a73a92bdc53b3b8c1a

SHA1
5226308fa1de7bf8ea459b96dc26ce6d64d5a2aa

SHA256
545d877208d171e647eca628e89e1d39582fbb1373ca97ed01a93059e6e4d43d

SHA512
cdded0bf3d879361a3f7e884a6435ac371e8c142147882f15239be18e336a175cb26f40fba0e93ebf1819a8f2401e8cd2645c37af09800a5754d33bec570d72d

Download Submit
C:\Windows\System32\dynmfyi.exe

Filesize
2.3MB

MD5
a2ff2cddea43b771a8eb8015e5e590a4

SHA1
907e592b8f2a4a96400442b0b55e323182f75997

SHA256
fb44fe4f9ae42ed14cf92fdb522b41f0b9a8e9c4621a9b4a1f17cf615ad44d95

SHA512
c422ba67447958943eb5a452ee7f069bf4e18b686e02f89fe6d4408abbc5f710b059998476277b5c30715be7ee12260b072298caa621a575336d511dcacf3fe4

Download Submit
C:\Windows\System32\hHSIaPO.exe

Filesize
2.3MB

MD5
c2b400d0ccbfe0e369343d427cd2e77b

SHA1
9490db5d109338424f2e649912cf4ef657941ff1

SHA256
bff64273fb30dce78b016c5ec9fd6709fd87d29bed5d3511370e4178b09b9228

SHA512
861835279c2cb3cc1ec0d22496f88a903c88d01e73edc91daa2b29b9ec1690c3567db526a030555e5d39359b0573f7dd2861151ddfeafc4382ccd207651c3508

Download Submit
C:\Windows\System32\hKiWUzz.exe

Filesize
2.3MB

MD5
fed74e6ac208425a7dcc5a9864ff7373

SHA1
b261d035ea8356aad493e6d53572cfb4af63e8cc

SHA256
087cd7bf79b9e5964e51177fdbf21094048a17dd686005eea4a44c762f8ec257

SHA512
c83091bd4e1667a820c47b92b65be7817bc109a37a08671423ee71445dab463063ec52b234d05a6f3651baa44c29fb950a686101b1357e4117c3bf54a9ae5080

Download Submit
C:\Windows\System32\iPMYCPE.exe

Filesize
2.3MB

MD5
4ff244ce455c47f4e89f56958df81475

SHA1
681b32755111f1c6a5c465afc7e0a551cf6b105a

SHA256
7f33288aa16e376c6d599c1128e4142fc41c3bff46198bf8fce4a199f9e0c623

SHA512
255b6f06545084178bee7af6d8b12880b0c1b89a7d8816cc21fd2aad7934d66478721fd5517df3bdd5119388183108dd527c89801783c76367ed4489ca399fa7

Download Submit
C:\Windows\System32\jeiYkAV.exe

Filesize
2.3MB

MD5
c39c5963f85ad4ec627309db279942be

SHA1
094c8372a661f5474b66384d840bbb46375b9a71

SHA256
6ad3d7431c2fd434427f9e47a0a53b7b787db83d053967ac0ddfa8318e38bb62

SHA512
68be3d6e3662186320b8b863b90193b7d72cd294581c2bc66a73a2aab7499cf6902f7d969b39cfc0057815dde3e1d43498094c4317b0380dd0731b5259e886cc

Download Submit
C:\Windows\System32\kqkDUJr.exe

Filesize
2.3MB

MD5
b23054bcb3b9e886f90b62a3e4711a61

SHA1
ad193bf628247bde06917acc33378a21220e4b1a

SHA256
0ca4590abe0f4a57655333324f3dec4e5695a1e26fb4cb11e807d6852c68538d

SHA512
97956e294a98ca984459b89b32f311ba8249c0540a29eaee5f7b4f8346bc32273833eb55e7caccb36778a78c8f95c151b3bd6603bf55c6c65819ac3ca109dcea

Download Submit
C:\Windows\System32\mXgtmPR.exe

Filesize
2.3MB

MD5
053619dfe7ae427de83138b928583d38

SHA1
9fded18b2f04c74d0a54aecc02f1081dd5c62004

SHA256
47de90aa62d833361145f9a5e0bf8736a47e4cd3a1aec4aa5a338cc3d01bcbb9

SHA512
17bb8ec33dd428951f1a5d57086385a29d9ed6a603ce42beda771fc96bc4bc5c732cf489f9f5355100d5d34a222211f2aebbe6d458b6f191b597c78e0f71a380

Download Submit
C:\Windows\System32\mexOjVE.exe

Filesize
2.3MB

MD5
1cc15f390f756932617ad082a5864bb6

SHA1
525ceb20946744f6b03a39256bf03da6e60c8140

SHA256
63283a156a6636f3648ed3361d6259fc319238ca7a32a6a4ccf0da7ff5ed332f

SHA512
3041f3e8069cd9852672673e8715fb613aa565ee3a9553d5114fd400b68e4920123f581503f0629bb39c74ec15985c98a2985e874ff26c2c44b095949f09f287

Download Submit
C:\Windows\System32\mnIRIaK.exe

Filesize
2.3MB

MD5
841eb9508525ea5d27f90d163931c14c

SHA1
9ea5ab9aa63da69192dcf589a6b46c6307d0cd26

SHA256
177c16eacab7a706611c123dc3675c77968d0b38b3055505bbfa6779e895f63d

SHA512
bc2f6b9bd350a3f7f76f6e33093f0e0ea1ceba5ffcab594b66ee3aa29b2a137e70b420fe85931fb4656924e24ba21c8af15f8ca0601141590015478e8fd6c166

Download Submit
C:\Windows\System32\ngzPORe.exe

Filesize
2.3MB

MD5
412b883ce3412c8198b3efb606bda2ff

SHA1
94cab5c0daa93974909174a550c03e6dc934ddad

SHA256
24b190415e86643fb65e645227f4335b3a3add9bd4ffe6d10b1575bff7c0250d

SHA512
ced4b1a24404634b52e8c790feb42aab9877a5c7b1c35c554ca03a12c2366d9be1d72c72c74dcede2ec297f270d69b0f184cae602d34aed366d207f0b7c663e5

Download Submit
C:\Windows\System32\oDWFbbg.exe

Filesize
2.3MB

MD5
8c5910c140d906a2ec3a6a4ff6ab090e

SHA1
4b94cb25a1840010747b1829260f4dfb29c45f79

SHA256
902ffc7051503fbec9eecb3777b6139bafb3ef12be0e50e953d330083acd8cef

SHA512
5e73181f847d43c67cba5041581b1a49d050b9b836fc4b00d0f7993bd6eb78ca4e189aea82d5fc4e19d4241396b3d6b85e11fcd2beef39ba56239d33b190d01e

Download Submit
C:\Windows\System32\oUGkeyt.exe

Filesize
2.3MB

MD5
5a1b575c97bef7bbd8f61f90de417562

SHA1
5cb8b9a01a9db0201b02bee5cd799d14e9a8fe00

SHA256
77bcf89aa9e2b26c519073772ea9e83af98fbadaa6932d48074263d7c210ff60

SHA512
a80b5764da9a9445fa811bf20270cdcdb36b3b26cf30370c6d2b01b607cd63d458c3103398f031140da2d088a7b73720e793d4aa4c50bae34c1babd2f177a73b

Download Submit
C:\Windows\System32\qTXQKmG.exe

Filesize
2.3MB

MD5
d737649574bf6ce4aa1c5c0ebaf7b72c

SHA1
483f3850c169bebac2d6bde0940417f3710584b6

SHA256
56c71f19a7602294ceb7fc39c824b88f6441021d77101933be190ea83ae8fe85

SHA512
08e32767814c69923abfed4cfc5bf2106ad144b8153ac7638360087923eb3d88eed22094db92dd8f19059bfa22d43c25a9890ec2fceb6fad1c7952300f0eb657

Download Submit
C:\Windows\System32\ryJegGu.exe

Filesize
2.3MB

MD5
1bbf3b2d1431b2bfef74b0547abbb7b5

SHA1
2a48b43fe0efba2e8dae553fa67417224f8d95e5

SHA256
4ff430028296e186da6265e1183d7c7939f7ac4ba37d8d8de9bbe2e7032163ae

SHA512
509bd9d826816b82505027b2452c186137982ef903eb39dff03957bc41961e6a67eb7c6902cd399a44a071afc4ce0169343d69e13b6dd120ea468a1c08576ec9

Download Submit
C:\Windows\System32\sxyIdCY.exe

Filesize
2.3MB

MD5
352f824ab727a28a197e0cbd3a596144

SHA1
3f910369f5f9eeead173b8b8e2c289d4ff2ac46f

SHA256
72225698aaf40a8162bd79709875aa620b6eb97f52e8334bc7643cff756e2c15

SHA512
733cff6667bce0b1a2370217f18f64f87db18f47b222a1a9ca7d86dd43e9d81f23ef22041dd35da00a04233703ada5fb3bf304851fc67091830aa183d2150be2

Download Submit
C:\Windows\System32\ueWjnJs.exe

Filesize
2.3MB

MD5
59ff44898ea069b814bf34cfff119063

SHA1
ece86578bd62713038a1abe02f9922c37021ff37

SHA256
c0178d9c3a227392b181bbb36b5bdeafa111e6c949ff365601c8a8d7497b14a1

SHA512
44382d87ac2f6efcd8791d9e9a225359162ff3b58998bd1a34ee90c8ab0341cf8c7cc3c1449c6d96b74152a61386033b926add86bfcab665b1850c2160902815

Download Submit
C:\Windows\System32\wFBGBNh.exe

Filesize
2.3MB

MD5
6a77837513a60759da30c7021ca681a1

SHA1
9b2a3b5f2be12ce23ab61bfc61f941fcc6cf1eef

SHA256
249a62c080a976d2396eb8d3003e2f0d31fac30a8ca026fb169af81dc24ac102

SHA512
080b22211194dd905ab70d6ecc35f8cb1aedbd51659d8c4749840147e035e423ed11ab54ee3794b96ddcb9715410a984f30699be0df5e038b460aaba3d0bd3c1

Download Submit
C:\Windows\System32\wpCALnB.exe

Filesize
2.3MB

MD5
a58edef9a625a563f555bde2dbd42558

SHA1
8808076af2230fbc9493dcae36f07b685d7c9750

SHA256
a9856ae65ece07124933edcb3458ad610bf2f537ff0a1e08b9b236275277b5c9

SHA512
7cb342cb5773d986bd132269d96c079cdf2a2aee80f5c83dc598435091782f6771b269ac03f4a56153e577aeb8bf07a12c3114175d4b8769c2ef03e45466dfd2

Download Submit
C:\Windows\System32\wvnhOhk.exe

Filesize
2.3MB

MD5
b0128c7d28d0ba81acc994c73f9b2008

SHA1
a8f7a24ceeb5c95b10d3fdbd66a1d16c4c49d9aa

SHA256
52181aa16b78b22a8e66cc4f2e572229c271d9944d2c2caf1f1ff9b217fed798

SHA512
32f42197412055a76d7b8eb766bcdef198e8ff1c755561e6e64c158a1284db1ef9c8630b74bdee1cf92ffb9cde97e32625e7888f04746605fe7db2ca41417a4f

Download Submit
C:\Windows\System32\xyNrPMu.exe

Filesize
2.3MB

MD5
71acb466b605d99255ab0431cd3b0c45

SHA1
5c321a956ddb0c7e959d7e0f97d58bf193670192

SHA256
115c02da57eef0319ba13d7d6c478bddaea74005737b440798a2037938475189

SHA512
b7908ab911eab707d006ed25539b6d9c3f67d9a1cbbbbeac0d039be0f3ededb6d6dc81e51dd2d8b5304087ad73e67d9cc1dcfc3f340b9df6e71c05aa4961e797

Download Submit
C:\Windows\System32\zxdyAnl.exe

Filesize
2.3MB

MD5
416ff6dc08e642df52f7a54ee90d1a7c

SHA1
b6f63f2c6592235dd6ae5be0577cc40eec6c666a

SHA256
47b167498e1bb87baf1b35646fd9ec24980a9aef91b020a11892f0ba80b07f3d

SHA512
f069adbe0e7226f5577a40a6f6efd1b828ce5630ce895fb439a4015d4a6239aceb03d27babce07f1380c0cb5c0e3d887b861067afe9921e10cbff905c77c471e

Download Submit
memory/644-1928-0x00007FF656DE0000-0x00007FF6571D5000-memory.dmp

Filesize
4.0MB

Download
memory/644-750-0x00007FF656DE0000-0x00007FF6571D5000-memory.dmp

Filesize
4.0MB

Download
memory/1008-0-0x00007FF6E8C10000-0x00007FF6E9005000-memory.dmp

Filesize
4.0MB

Download
memory/1008-1910-0x00007FF6E8C10000-0x00007FF6E9005000-memory.dmp

Filesize
4.0MB

Download
memory/1008-1-0x00000249ABC20000-0x00000249ABC30000-memory.dmp

Filesize
64KB

Download
memory/1044-1932-0x00007FF603ED0000-0x00007FF6042C5000-memory.dmp

Filesize
4.0MB

Download
memory/1044-716-0x00007FF603ED0000-0x00007FF6042C5000-memory.dmp

Filesize
4.0MB

Download
memory/1108-28-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp

Filesize
4.0MB

Download
memory/1108-1913-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp

Filesize
4.0MB

Download
memory/1108-1908-0x00007FF6DAFE0000-0x00007FF6DB3D5000-memory.dmp

Filesize
4.0MB

Download
memory/1900-1923-0x00007FF75DDD0000-0x00007FF75E1C5000-memory.dmp

Filesize
4.0MB

Download
memory/1900-761-0x00007FF75DDD0000-0x00007FF75E1C5000-memory.dmp

Filesize
4.0MB

Download
memory/2016-1911-0x00007FF7C2E20000-0x00007FF7C3215000-memory.dmp

Filesize
4.0MB

Download
memory/2016-11-0x00007FF7C2E20000-0x00007FF7C3215000-memory.dmp

Filesize
4.0MB

Download
memory/2368-1922-0x00007FF7DAFA0000-0x00007FF7DB395000-memory.dmp

Filesize
4.0MB

Download
memory/2368-698-0x00007FF7DAFA0000-0x00007FF7DB395000-memory.dmp

Filesize
4.0MB

Download
memory/2368-1909-0x00007FF7DAFA0000-0x00007FF7DB395000-memory.dmp

Filesize
4.0MB

Download
memory/2560-1916-0x00007FF7625D0000-0x00007FF7629C5000-memory.dmp

Filesize
4.0MB

Download
memory/2560-775-0x00007FF7625D0000-0x00007FF7629C5000-memory.dmp

Filesize
4.0MB

Download
memory/2692-18-0x00007FF736170000-0x00007FF736565000-memory.dmp

Filesize
4.0MB

Download
memory/2692-1912-0x00007FF736170000-0x00007FF736565000-memory.dmp

Filesize
4.0MB

Download
memory/2692-1907-0x00007FF736170000-0x00007FF736565000-memory.dmp

Filesize
4.0MB

Download
memory/3020-725-0x00007FF651ED0000-0x00007FF6522C5000-memory.dmp

Filesize
4.0MB

Download
memory/3020-1930-0x00007FF651ED0000-0x00007FF6522C5000-memory.dmp

Filesize
4.0MB

Download
memory/3068-1931-0x00007FF7BE960000-0x00007FF7BED55000-memory.dmp

Filesize
4.0MB

Download
memory/3068-705-0x00007FF7BE960000-0x00007FF7BED55000-memory.dmp

Filesize
4.0MB

Download
memory/3236-735-0x00007FF74EC60000-0x00007FF74F055000-memory.dmp

Filesize
4.0MB

Download
memory/3236-1929-0x00007FF74EC60000-0x00007FF74F055000-memory.dmp

Filesize
4.0MB

Download
memory/3256-1926-0x00007FF7D5240000-0x00007FF7D5635000-memory.dmp

Filesize
4.0MB

Download
memory/3256-740-0x00007FF7D5240000-0x00007FF7D5635000-memory.dmp

Filesize
4.0MB

Download
memory/3388-701-0x00007FF7BF700000-0x00007FF7BFAF5000-memory.dmp

Filesize
4.0MB

Download
memory/3388-1918-0x00007FF7BF700000-0x00007FF7BFAF5000-memory.dmp

Filesize
4.0MB

Download
memory/3420-1933-0x00007FF75AC80000-0x00007FF75B075000-memory.dmp

Filesize
4.0MB

Download
memory/3420-720-0x00007FF75AC80000-0x00007FF75B075000-memory.dmp

Filesize
4.0MB

Download
memory/3428-1919-0x00007FF7507E0000-0x00007FF750BD5000-memory.dmp

Filesize
4.0MB

Download
memory/3428-699-0x00007FF7507E0000-0x00007FF750BD5000-memory.dmp

Filesize
4.0MB

Download
memory/3540-1921-0x00007FF6AC450000-0x00007FF6AC845000-memory.dmp

Filesize
4.0MB

Download
memory/3540-770-0x00007FF6AC450000-0x00007FF6AC845000-memory.dmp

Filesize
4.0MB

Download
memory/3576-758-0x00007FF7DA7C0000-0x00007FF7DABB5000-memory.dmp

Filesize
4.0MB

Download
memory/3576-1924-0x00007FF7DA7C0000-0x00007FF7DABB5000-memory.dmp

Filesize
4.0MB

Download
memory/3628-730-0x00007FF705BA0000-0x00007FF705F95000-memory.dmp

Filesize
4.0MB

Download
memory/3628-1927-0x00007FF705BA0000-0x00007FF705F95000-memory.dmp

Filesize
4.0MB

Download
memory/3660-704-0x00007FF779BF0000-0x00007FF779FE5000-memory.dmp

Filesize
4.0MB

Download
memory/3660-1917-0x00007FF779BF0000-0x00007FF779FE5000-memory.dmp

Filesize
4.0MB

Download
memory/3788-1914-0x00007FF60CB20000-0x00007FF60CF15000-memory.dmp

Filesize
4.0MB

Download
memory/3788-703-0x00007FF60CB20000-0x00007FF60CF15000-memory.dmp

Filesize
4.0MB

Download
memory/4488-1915-0x00007FF788FB0000-0x00007FF7893A5000-memory.dmp

Filesize
4.0MB

Download
memory/4488-702-0x00007FF788FB0000-0x00007FF7893A5000-memory.dmp

Filesize
4.0MB

Download
memory/4916-712-0x00007FF64CB30000-0x00007FF64CF25000-memory.dmp

Filesize
4.0MB

Download
memory/4916-1934-0x00007FF64CB30000-0x00007FF64CF25000-memory.dmp

Filesize
4.0MB

Download
memory/4996-732-0x00007FF633E70000-0x00007FF634265000-memory.dmp

Filesize
4.0MB

Download
memory/4996-1925-0x00007FF633E70000-0x00007FF634265000-memory.dmp

Filesize
4.0MB

Download
memory/5004-1920-0x00007FF6B5070000-0x00007FF6B5465000-memory.dmp

Filesize
4.0MB

Download
memory/5004-700-0x00007FF6B5070000-0x00007FF6B5465000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads