xmrig | 0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa

Analysis

max time kernel
119s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
Size

1004KB
MD5

51343044abac463f5a9d525169cf2e58
SHA1

6dd8315f8996b9a1535be97ee4900c561f3518c2
SHA256

0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa
SHA512

ccd980ff5a44d424f131d41bb45f76597ffde89a84f08caa4c9f90fd4cf973943f0bea89d728c0390dc55974362327b53b100502c98b91ea6bd04da4f34ff235
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlOqzJO0RopmRRzRJC:knw9oUUEEDlOuJZE

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/3452-75-0x00007FF635330000-0x00007FF635721000-memory.dmp	xmrig
behavioral2/memory/1584-80-0x00007FF6F6AB0000-0x00007FF6F6EA1000-memory.dmp	xmrig
behavioral2/memory/3536-356-0x00007FF72FF20000-0x00007FF730311000-memory.dmp	xmrig
behavioral2/memory/1032-362-0x00007FF7E52A0000-0x00007FF7E5691000-memory.dmp	xmrig
behavioral2/memory/1648-370-0x00007FF686CE0000-0x00007FF6870D1000-memory.dmp	xmrig
behavioral2/memory/3996-354-0x00007FF7A91A0000-0x00007FF7A9591000-memory.dmp	xmrig
behavioral2/memory/2736-348-0x00007FF75BE50000-0x00007FF75C241000-memory.dmp	xmrig
behavioral2/memory/4916-341-0x00007FF782490000-0x00007FF782881000-memory.dmp	xmrig
behavioral2/memory/3412-374-0x00007FF630D10000-0x00007FF631101000-memory.dmp	xmrig
behavioral2/memory/1964-380-0x00007FF7FDE80000-0x00007FF7FE271000-memory.dmp	xmrig
behavioral2/memory/2540-378-0x00007FF691B40000-0x00007FF691F31000-memory.dmp	xmrig
behavioral2/memory/1708-373-0x00007FF724A20000-0x00007FF724E11000-memory.dmp	xmrig
behavioral2/memory/636-386-0x00007FF717B70000-0x00007FF717F61000-memory.dmp	xmrig
behavioral2/memory/5024-79-0x00007FF70B210000-0x00007FF70B601000-memory.dmp	xmrig
behavioral2/memory/1288-76-0x00007FF67DC40000-0x00007FF67E031000-memory.dmp	xmrig
behavioral2/memory/4052-73-0x00007FF7E8FD0000-0x00007FF7E93C1000-memory.dmp	xmrig
behavioral2/memory/1096-68-0x00007FF638180000-0x00007FF638571000-memory.dmp	xmrig
behavioral2/memory/3556-56-0x00007FF6D0330000-0x00007FF6D0721000-memory.dmp	xmrig
behavioral2/memory/4200-46-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp	xmrig
behavioral2/memory/748-42-0x00007FF6ADC90000-0x00007FF6AE081000-memory.dmp	xmrig
behavioral2/memory/748-1979-0x00007FF6ADC90000-0x00007FF6AE081000-memory.dmp	xmrig
behavioral2/memory/1396-1980-0x00007FF7D6CA0000-0x00007FF7D7091000-memory.dmp	xmrig
behavioral2/memory/3816-1981-0x00007FF780FD0000-0x00007FF7813C1000-memory.dmp	xmrig
behavioral2/memory/1428-1982-0x00007FF662CC0000-0x00007FF6630B1000-memory.dmp	xmrig
behavioral2/memory/1096-1983-0x00007FF638180000-0x00007FF638571000-memory.dmp	xmrig
behavioral2/memory/2968-2021-0x00007FF770DE0000-0x00007FF7711D1000-memory.dmp	xmrig
behavioral2/memory/4052-2023-0x00007FF7E8FD0000-0x00007FF7E93C1000-memory.dmp	xmrig
behavioral2/memory/3816-2027-0x00007FF780FD0000-0x00007FF7813C1000-memory.dmp	xmrig
behavioral2/memory/748-2025-0x00007FF6ADC90000-0x00007FF6AE081000-memory.dmp	xmrig
behavioral2/memory/3452-2029-0x00007FF635330000-0x00007FF635721000-memory.dmp	xmrig
behavioral2/memory/1096-2037-0x00007FF638180000-0x00007FF638571000-memory.dmp	xmrig
behavioral2/memory/1428-2036-0x00007FF662CC0000-0x00007FF6630B1000-memory.dmp	xmrig
behavioral2/memory/4200-2033-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp	xmrig
behavioral2/memory/3556-2031-0x00007FF6D0330000-0x00007FF6D0721000-memory.dmp	xmrig
behavioral2/memory/3996-2043-0x00007FF7A91A0000-0x00007FF7A9591000-memory.dmp	xmrig
behavioral2/memory/1288-2041-0x00007FF67DC40000-0x00007FF67E031000-memory.dmp	xmrig
behavioral2/memory/1584-2049-0x00007FF6F6AB0000-0x00007FF6F6EA1000-memory.dmp	xmrig
behavioral2/memory/1032-2055-0x00007FF7E52A0000-0x00007FF7E5691000-memory.dmp	xmrig
behavioral2/memory/1648-2057-0x00007FF686CE0000-0x00007FF6870D1000-memory.dmp	xmrig
behavioral2/memory/3412-2061-0x00007FF630D10000-0x00007FF631101000-memory.dmp	xmrig
behavioral2/memory/636-2068-0x00007FF717B70000-0x00007FF717F61000-memory.dmp	xmrig
behavioral2/memory/2540-2065-0x00007FF691B40000-0x00007FF691F31000-memory.dmp	xmrig
behavioral2/memory/1964-2063-0x00007FF7FDE80000-0x00007FF7FE271000-memory.dmp	xmrig
behavioral2/memory/1708-2059-0x00007FF724A20000-0x00007FF724E11000-memory.dmp	xmrig
behavioral2/memory/3536-2051-0x00007FF72FF20000-0x00007FF730311000-memory.dmp	xmrig
behavioral2/memory/2736-2053-0x00007FF75BE50000-0x00007FF75C241000-memory.dmp	xmrig
behavioral2/memory/5024-2047-0x00007FF70B210000-0x00007FF70B601000-memory.dmp	xmrig
behavioral2/memory/4916-2045-0x00007FF782490000-0x00007FF782881000-memory.dmp	xmrig
behavioral2/memory/1396-2039-0x00007FF7D6CA0000-0x00007FF7D7091000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2968	LWzHiuK.exe
4052	NiGHEly.exe
3816	beGoDpa.exe
748	TDMPGtL.exe
3452	GgxZKJY.exe
4200	InOlNph.exe
3556	bXwlREV.exe
1396	ZcMneQB.exe
1288	GcRrrTw.exe
1428	DQYUIMz.exe
1096	hlmZfTl.exe
5024	JPlFfho.exe
1584	OjoiTEg.exe
4916	oAedpUJ.exe
2736	wkzBhSb.exe
3996	IwqMKJg.exe
3536	vHJyvGV.exe
1032	eYBPLDV.exe
1648	lvPbycH.exe
1708	aTFKwZV.exe
3412	ZOOlNHi.exe
2540	KPoIcad.exe
1964	cqxCmyP.exe
636	hETtkMT.exe
3476	KabUmjG.exe
2104	nDWfxLC.exe
4360	wRCOJrg.exe
968	tkTHmUZ.exe
4460	JxKJXjG.exe
1312	HiPJtSt.exe
464	UJprstB.exe
2680	BCsGEnY.exe
864	fRVcQXy.exe
2952	UtLPQhx.exe
4120	OJOEiuV.exe
2180	AIHYOmc.exe
3268	wKvVlJw.exe
4864	nsmaDUv.exe
1384	ZXQouSz.exe
3424	MXhNRiK.exe
1576	mpkZfAV.exe
4508	sXFQZYc.exe
4484	IJDPjQD.exe
4636	JOWhvrO.exe
2312	SYMSkGT.exe
3572	kDYGqml.exe
624	nVCDyyT.exe
1456	BAeOwtB.exe
4988	jzIPpvN.exe
1472	ywWMGCJ.exe
1232	cnzRqJx.exe
1816	jdbJpbq.exe
2288	gXludpW.exe
2192	dJttyNu.exe
1404	UUpeuOL.exe
912	IrcRPKi.exe
3684	NCcwjen.exe
3764	RtfHqAg.exe
428	cscwqGY.exe
3924	hoTmrxr.exe
1560	BaaTklU.exe
1440	FHZfQyW.exe
4156	nLRRRqZ.exe
3024	kOJkfJM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4848-0-0x00007FF6387E0000-0x00007FF638BD1000-memory.dmp	upx
behavioral2/files/0x0007000000023436-7.dat	upx
behavioral2/files/0x0007000000023435-16.dat	upx
behavioral2/files/0x0007000000023437-24.dat	upx
behavioral2/files/0x000700000002343a-32.dat	upx
behavioral2/files/0x000700000002343b-51.dat	upx
behavioral2/memory/1396-59-0x00007FF7D6CA0000-0x00007FF7D7091000-memory.dmp	upx
behavioral2/files/0x000700000002343e-63.dat	upx
behavioral2/files/0x0007000000023440-71.dat	upx
behavioral2/memory/3452-75-0x00007FF635330000-0x00007FF635721000-memory.dmp	upx
behavioral2/memory/1584-80-0x00007FF6F6AB0000-0x00007FF6F6EA1000-memory.dmp	upx
behavioral2/files/0x0007000000023446-112.dat	upx
behavioral2/files/0x0007000000023449-121.dat	upx
behavioral2/files/0x000700000002344c-142.dat	upx
behavioral2/memory/3536-356-0x00007FF72FF20000-0x00007FF730311000-memory.dmp	upx
behavioral2/memory/1032-362-0x00007FF7E52A0000-0x00007FF7E5691000-memory.dmp	upx
behavioral2/memory/1648-370-0x00007FF686CE0000-0x00007FF6870D1000-memory.dmp	upx
behavioral2/memory/3996-354-0x00007FF7A91A0000-0x00007FF7A9591000-memory.dmp	upx
behavioral2/memory/2736-348-0x00007FF75BE50000-0x00007FF75C241000-memory.dmp	upx
behavioral2/memory/4916-341-0x00007FF782490000-0x00007FF782881000-memory.dmp	upx
behavioral2/memory/3412-374-0x00007FF630D10000-0x00007FF631101000-memory.dmp	upx
behavioral2/memory/1964-380-0x00007FF7FDE80000-0x00007FF7FE271000-memory.dmp	upx
behavioral2/memory/2540-378-0x00007FF691B40000-0x00007FF691F31000-memory.dmp	upx
behavioral2/memory/1708-373-0x00007FF724A20000-0x00007FF724E11000-memory.dmp	upx
behavioral2/files/0x0007000000023454-175.dat	upx
behavioral2/files/0x0007000000023453-171.dat	upx
behavioral2/files/0x0007000000023452-169.dat	upx
behavioral2/memory/636-386-0x00007FF717B70000-0x00007FF717F61000-memory.dmp	upx
behavioral2/files/0x0007000000023451-167.dat	upx
behavioral2/files/0x0007000000023450-162.dat	upx
behavioral2/files/0x000700000002344f-157.dat	upx
behavioral2/files/0x000700000002344e-152.dat	upx
behavioral2/files/0x000700000002344d-147.dat	upx
behavioral2/files/0x000700000002344b-137.dat	upx
behavioral2/files/0x000700000002344a-132.dat	upx
behavioral2/files/0x0007000000023448-119.dat	upx
behavioral2/files/0x0007000000023447-117.dat	upx
behavioral2/files/0x0007000000023445-107.dat	upx
behavioral2/files/0x0007000000023444-100.dat	upx
behavioral2/files/0x0007000000023443-94.dat	upx
behavioral2/files/0x0007000000023442-92.dat	upx
behavioral2/files/0x0007000000023441-84.dat	upx
behavioral2/memory/5024-79-0x00007FF70B210000-0x00007FF70B601000-memory.dmp	upx
behavioral2/memory/1288-76-0x00007FF67DC40000-0x00007FF67E031000-memory.dmp	upx
behavioral2/memory/4052-73-0x00007FF7E8FD0000-0x00007FF7E93C1000-memory.dmp	upx
behavioral2/files/0x000700000002343f-70.dat	upx
behavioral2/memory/1096-68-0x00007FF638180000-0x00007FF638571000-memory.dmp	upx
behavioral2/files/0x000700000002343d-62.dat	upx
behavioral2/files/0x000700000002343c-61.dat	upx
behavioral2/memory/1428-60-0x00007FF662CC0000-0x00007FF6630B1000-memory.dmp	upx
behavioral2/memory/3556-56-0x00007FF6D0330000-0x00007FF6D0721000-memory.dmp	upx
behavioral2/memory/4200-46-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp	upx
behavioral2/memory/748-42-0x00007FF6ADC90000-0x00007FF6AE081000-memory.dmp	upx
behavioral2/files/0x0007000000023439-41.dat	upx
behavioral2/files/0x0007000000023438-34.dat	upx
behavioral2/memory/3816-21-0x00007FF780FD0000-0x00007FF7813C1000-memory.dmp	upx
behavioral2/files/0x0008000000023431-14.dat	upx
behavioral2/memory/2968-12-0x00007FF770DE0000-0x00007FF7711D1000-memory.dmp	upx
behavioral2/memory/748-1979-0x00007FF6ADC90000-0x00007FF6AE081000-memory.dmp	upx
behavioral2/memory/1396-1980-0x00007FF7D6CA0000-0x00007FF7D7091000-memory.dmp	upx
behavioral2/memory/3816-1981-0x00007FF780FD0000-0x00007FF7813C1000-memory.dmp	upx
behavioral2/memory/1428-1982-0x00007FF662CC0000-0x00007FF6630B1000-memory.dmp	upx
behavioral2/memory/1096-1983-0x00007FF638180000-0x00007FF638571000-memory.dmp	upx
behavioral2/memory/2968-2021-0x00007FF770DE0000-0x00007FF7711D1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\dRznDfA.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\AgjVtzJ.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\viRNyFT.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\vGyXejg.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\gPZMkTs.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\UJCmATn.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\fInnnLL.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\ygoaPOU.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\rfokzKW.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\LvyJtXk.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\CEjXWaT.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\wCpOYdI.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\oNmWNmo.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\UchErkz.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\eHJFKba.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\bVzrPwy.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\QcoVsJB.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\faDcKEP.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\GcVXTmu.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\gYcYWBS.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\KabUmjG.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\VnJstLs.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\DVqGmeK.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\qIaonET.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\lpMEhoc.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\bdWUQyT.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\HqDuMJH.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\uhOlRiD.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\wavGikW.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\fkOxQYC.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\WgabUac.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\KZJKpRi.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\RpqDmtk.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\UUpeuOL.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\WxeEfPo.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\UmSQEJb.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\tUCMsON.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\osqWMDu.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\xXcyqhd.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\FvoiwIN.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\nsmaDUv.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\mpkZfAV.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\yJwIOAn.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\vazauYs.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\HyoRszf.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\DTcNCTH.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\jMkVThP.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\haKgDsn.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\VbSRIJc.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\LWzHiuK.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\uZtiUxG.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\xfMQjOD.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\DTRFAcj.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\gKeQbhw.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\IHwAABp.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\NCcwjen.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\NFYjIxM.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\tlGOhUw.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\DhMZQxY.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\vrISThp.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\fqnWXOL.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\LxUsYyL.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\oqBIzaf.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
File created	C:\Windows\System32\tkTHmUZ.exe	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12508	dwm.exe
Token: SeChangeNotifyPrivilege	12508	dwm.exe
Token: 33	12508	dwm.exe
Token: SeIncBasePriorityPrivilege	12508	dwm.exe
Token: SeShutdownPrivilege	12508	dwm.exe
Token: SeCreatePagefilePrivilege	12508	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 2968	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	85
PID 4848 wrote to memory of 2968	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	85
PID 4848 wrote to memory of 4052	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	86
PID 4848 wrote to memory of 4052	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	86
PID 4848 wrote to memory of 3816	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	87
PID 4848 wrote to memory of 3816	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	87
PID 4848 wrote to memory of 748	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	88
PID 4848 wrote to memory of 748	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	88
PID 4848 wrote to memory of 3452	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	89
PID 4848 wrote to memory of 3452	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	89
PID 4848 wrote to memory of 4200	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	90
PID 4848 wrote to memory of 4200	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	90
PID 4848 wrote to memory of 3556	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	91
PID 4848 wrote to memory of 3556	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	91
PID 4848 wrote to memory of 1396	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	92
PID 4848 wrote to memory of 1396	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	92
PID 4848 wrote to memory of 1288	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	93
PID 4848 wrote to memory of 1288	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	93
PID 4848 wrote to memory of 1428	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	94
PID 4848 wrote to memory of 1428	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	94
PID 4848 wrote to memory of 1096	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	95
PID 4848 wrote to memory of 1096	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	95
PID 4848 wrote to memory of 5024	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	96
PID 4848 wrote to memory of 5024	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	96
PID 4848 wrote to memory of 1584	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	97
PID 4848 wrote to memory of 1584	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	97
PID 4848 wrote to memory of 4916	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	98
PID 4848 wrote to memory of 4916	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	98
PID 4848 wrote to memory of 2736	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	99
PID 4848 wrote to memory of 2736	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	99
PID 4848 wrote to memory of 3996	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	100
PID 4848 wrote to memory of 3996	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	100
PID 4848 wrote to memory of 3536	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	101
PID 4848 wrote to memory of 3536	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	101
PID 4848 wrote to memory of 1032	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	102
PID 4848 wrote to memory of 1032	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	102
PID 4848 wrote to memory of 1648	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	103
PID 4848 wrote to memory of 1648	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	103
PID 4848 wrote to memory of 1708	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	104
PID 4848 wrote to memory of 1708	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	104
PID 4848 wrote to memory of 3412	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	105
PID 4848 wrote to memory of 3412	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	105
PID 4848 wrote to memory of 2540	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	106
PID 4848 wrote to memory of 2540	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	106
PID 4848 wrote to memory of 1964	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	107
PID 4848 wrote to memory of 1964	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	107
PID 4848 wrote to memory of 636	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	108
PID 4848 wrote to memory of 636	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	108
PID 4848 wrote to memory of 3476	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	109
PID 4848 wrote to memory of 3476	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	109
PID 4848 wrote to memory of 2104	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	110
PID 4848 wrote to memory of 2104	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	110
PID 4848 wrote to memory of 4360	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	111
PID 4848 wrote to memory of 4360	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	111
PID 4848 wrote to memory of 968	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	112
PID 4848 wrote to memory of 968	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	112
PID 4848 wrote to memory of 4460	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	113
PID 4848 wrote to memory of 4460	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	113
PID 4848 wrote to memory of 1312	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	114
PID 4848 wrote to memory of 1312	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	114
PID 4848 wrote to memory of 464	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	115
PID 4848 wrote to memory of 464	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	115
PID 4848 wrote to memory of 2680	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	116
PID 4848 wrote to memory of 2680	4848	0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe	116

C:\Users\Admin\AppData\Local\Temp\0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe
"C:\Users\Admin\AppData\Local\Temp\0cef9c0346d5462f87ff0d65d7c8a0149a37e0c33991ce3f18929eff0593c6fa.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\System32\LWzHiuK.exe
  C:\Windows\System32\LWzHiuK.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System32\NiGHEly.exe
  C:\Windows\System32\NiGHEly.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System32\beGoDpa.exe
  C:\Windows\System32\beGoDpa.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System32\TDMPGtL.exe
  C:\Windows\System32\TDMPGtL.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System32\GgxZKJY.exe
  C:\Windows\System32\GgxZKJY.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System32\InOlNph.exe
  C:\Windows\System32\InOlNph.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System32\bXwlREV.exe
  C:\Windows\System32\bXwlREV.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System32\ZcMneQB.exe
  C:\Windows\System32\ZcMneQB.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System32\GcRrrTw.exe
  C:\Windows\System32\GcRrrTw.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System32\DQYUIMz.exe
  C:\Windows\System32\DQYUIMz.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System32\hlmZfTl.exe
  C:\Windows\System32\hlmZfTl.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System32\JPlFfho.exe
  C:\Windows\System32\JPlFfho.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System32\OjoiTEg.exe
  C:\Windows\System32\OjoiTEg.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System32\oAedpUJ.exe
  C:\Windows\System32\oAedpUJ.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System32\wkzBhSb.exe
  C:\Windows\System32\wkzBhSb.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System32\IwqMKJg.exe
  C:\Windows\System32\IwqMKJg.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System32\vHJyvGV.exe
  C:\Windows\System32\vHJyvGV.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System32\eYBPLDV.exe
  C:\Windows\System32\eYBPLDV.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System32\lvPbycH.exe
  C:\Windows\System32\lvPbycH.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System32\aTFKwZV.exe
  C:\Windows\System32\aTFKwZV.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System32\ZOOlNHi.exe
  C:\Windows\System32\ZOOlNHi.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System32\KPoIcad.exe
  C:\Windows\System32\KPoIcad.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System32\cqxCmyP.exe
  C:\Windows\System32\cqxCmyP.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System32\hETtkMT.exe
  C:\Windows\System32\hETtkMT.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System32\KabUmjG.exe
  C:\Windows\System32\KabUmjG.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System32\nDWfxLC.exe
  C:\Windows\System32\nDWfxLC.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System32\wRCOJrg.exe
  C:\Windows\System32\wRCOJrg.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System32\tkTHmUZ.exe
  C:\Windows\System32\tkTHmUZ.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System32\JxKJXjG.exe
  C:\Windows\System32\JxKJXjG.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\HiPJtSt.exe
  C:\Windows\System32\HiPJtSt.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System32\UJprstB.exe
  C:\Windows\System32\UJprstB.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System32\BCsGEnY.exe
  C:\Windows\System32\BCsGEnY.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System32\fRVcQXy.exe
  C:\Windows\System32\fRVcQXy.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System32\UtLPQhx.exe
  C:\Windows\System32\UtLPQhx.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System32\OJOEiuV.exe
  C:\Windows\System32\OJOEiuV.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System32\AIHYOmc.exe
  C:\Windows\System32\AIHYOmc.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System32\wKvVlJw.exe
  C:\Windows\System32\wKvVlJw.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System32\nsmaDUv.exe
  C:\Windows\System32\nsmaDUv.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System32\ZXQouSz.exe
  C:\Windows\System32\ZXQouSz.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System32\MXhNRiK.exe
  C:\Windows\System32\MXhNRiK.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System32\mpkZfAV.exe
  C:\Windows\System32\mpkZfAV.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System32\sXFQZYc.exe
  C:\Windows\System32\sXFQZYc.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System32\IJDPjQD.exe
  C:\Windows\System32\IJDPjQD.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System32\JOWhvrO.exe
  C:\Windows\System32\JOWhvrO.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System32\SYMSkGT.exe
  C:\Windows\System32\SYMSkGT.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System32\kDYGqml.exe
  C:\Windows\System32\kDYGqml.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System32\nVCDyyT.exe
  C:\Windows\System32\nVCDyyT.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System32\BAeOwtB.exe
  C:\Windows\System32\BAeOwtB.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System32\jzIPpvN.exe
  C:\Windows\System32\jzIPpvN.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System32\ywWMGCJ.exe
  C:\Windows\System32\ywWMGCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System32\cnzRqJx.exe
  C:\Windows\System32\cnzRqJx.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System32\jdbJpbq.exe
  C:\Windows\System32\jdbJpbq.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System32\gXludpW.exe
  C:\Windows\System32\gXludpW.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System32\dJttyNu.exe
  C:\Windows\System32\dJttyNu.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System32\UUpeuOL.exe
  C:\Windows\System32\UUpeuOL.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System32\IrcRPKi.exe
  C:\Windows\System32\IrcRPKi.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System32\NCcwjen.exe
  C:\Windows\System32\NCcwjen.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System32\RtfHqAg.exe
  C:\Windows\System32\RtfHqAg.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System32\cscwqGY.exe
  C:\Windows\System32\cscwqGY.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System32\hoTmrxr.exe
  C:\Windows\System32\hoTmrxr.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System32\BaaTklU.exe
  C:\Windows\System32\BaaTklU.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System32\FHZfQyW.exe
  C:\Windows\System32\FHZfQyW.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System32\nLRRRqZ.exe
  C:\Windows\System32\nLRRRqZ.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System32\kOJkfJM.exe
  C:\Windows\System32\kOJkfJM.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System32\IHWObSf.exe
  C:\Windows\System32\IHWObSf.exe
  2⤵
  PID:1224
- C:\Windows\System32\NFYjIxM.exe
  C:\Windows\System32\NFYjIxM.exe
  2⤵
  PID:4060
- C:\Windows\System32\lxeYrKp.exe
  C:\Windows\System32\lxeYrKp.exe
  2⤵
  PID:1572
- C:\Windows\System32\RzqOyJQ.exe
  C:\Windows\System32\RzqOyJQ.exe
  2⤵
  PID:1784
- C:\Windows\System32\qApvFbw.exe
  C:\Windows\System32\qApvFbw.exe
  2⤵
  PID:4472
- C:\Windows\System32\vwtMyIw.exe
  C:\Windows\System32\vwtMyIw.exe
  2⤵
  PID:3300
- C:\Windows\System32\aFbAUJE.exe
  C:\Windows\System32\aFbAUJE.exe
  2⤵
  PID:728
- C:\Windows\System32\KlQVDPx.exe
  C:\Windows\System32\KlQVDPx.exe
  2⤵
  PID:1108
- C:\Windows\System32\HyoRszf.exe
  C:\Windows\System32\HyoRszf.exe
  2⤵
  PID:4136
- C:\Windows\System32\nVTMQAS.exe
  C:\Windows\System32\nVTMQAS.exe
  2⤵
  PID:2432
- C:\Windows\System32\EJJUcst.exe
  C:\Windows\System32\EJJUcst.exe
  2⤵
  PID:2524
- C:\Windows\System32\VMfusGI.exe
  C:\Windows\System32\VMfusGI.exe
  2⤵
  PID:1084
- C:\Windows\System32\nSBeKZI.exe
  C:\Windows\System32\nSBeKZI.exe
  2⤵
  PID:2060
- C:\Windows\System32\Fhnqhnh.exe
  C:\Windows\System32\Fhnqhnh.exe
  2⤵
  PID:216
- C:\Windows\System32\ZqvVpmi.exe
  C:\Windows\System32\ZqvVpmi.exe
  2⤵
  PID:4888
- C:\Windows\System32\szThviE.exe
  C:\Windows\System32\szThviE.exe
  2⤵
  PID:2476
- C:\Windows\System32\WDRXuHT.exe
  C:\Windows\System32\WDRXuHT.exe
  2⤵
  PID:2172
- C:\Windows\System32\AKZQZMN.exe
  C:\Windows\System32\AKZQZMN.exe
  2⤵
  PID:3716
- C:\Windows\System32\aXiNyUx.exe
  C:\Windows\System32\aXiNyUx.exe
  2⤵
  PID:368
- C:\Windows\System32\XNBOUhN.exe
  C:\Windows\System32\XNBOUhN.exe
  2⤵
  PID:4216
- C:\Windows\System32\yjqysBv.exe
  C:\Windows\System32\yjqysBv.exe
  2⤵
  PID:800
- C:\Windows\System32\ikYtHAq.exe
  C:\Windows\System32\ikYtHAq.exe
  2⤵
  PID:4744
- C:\Windows\System32\WxeEfPo.exe
  C:\Windows\System32\WxeEfPo.exe
  2⤵
  PID:1700
- C:\Windows\System32\fLhkIEN.exe
  C:\Windows\System32\fLhkIEN.exe
  2⤵
  PID:772
- C:\Windows\System32\RBPRHKj.exe
  C:\Windows\System32\RBPRHKj.exe
  2⤵
  PID:4632
- C:\Windows\System32\ObsxEQa.exe
  C:\Windows\System32\ObsxEQa.exe
  2⤵
  PID:1012
- C:\Windows\System32\uUjiNWG.exe
  C:\Windows\System32\uUjiNWG.exe
  2⤵
  PID:3880
- C:\Windows\System32\OiLAuUX.exe
  C:\Windows\System32\OiLAuUX.exe
  2⤵
  PID:3972
- C:\Windows\System32\wCpOYdI.exe
  C:\Windows\System32\wCpOYdI.exe
  2⤵
  PID:2708
- C:\Windows\System32\CZipUdq.exe
  C:\Windows\System32\CZipUdq.exe
  2⤵
  PID:1180
- C:\Windows\System32\GjiUCkB.exe
  C:\Windows\System32\GjiUCkB.exe
  2⤵
  PID:3288
- C:\Windows\System32\GippjXs.exe
  C:\Windows\System32\GippjXs.exe
  2⤵
  PID:3656
- C:\Windows\System32\lIHhIxs.exe
  C:\Windows\System32\lIHhIxs.exe
  2⤵
  PID:832
- C:\Windows\System32\qXGjvUh.exe
  C:\Windows\System32\qXGjvUh.exe
  2⤵
  PID:432
- C:\Windows\System32\xbWjxnx.exe
  C:\Windows\System32\xbWjxnx.exe
  2⤵
  PID:1276
- C:\Windows\System32\jxEefht.exe
  C:\Windows\System32\jxEefht.exe
  2⤵
  PID:3316
- C:\Windows\System32\oqNzccz.exe
  C:\Windows\System32\oqNzccz.exe
  2⤵
  PID:1536
- C:\Windows\System32\mugLWaS.exe
  C:\Windows\System32\mugLWaS.exe
  2⤵
  PID:5108
- C:\Windows\System32\PdAbBoB.exe
  C:\Windows\System32\PdAbBoB.exe
  2⤵
  PID:3644
- C:\Windows\System32\LKhPppQ.exe
  C:\Windows\System32\LKhPppQ.exe
  2⤵
  PID:3564
- C:\Windows\System32\dPcvwsi.exe
  C:\Windows\System32\dPcvwsi.exe
  2⤵
  PID:516
- C:\Windows\System32\MMjRFpl.exe
  C:\Windows\System32\MMjRFpl.exe
  2⤵
  PID:824
- C:\Windows\System32\vtJbVnS.exe
  C:\Windows\System32\vtJbVnS.exe
  2⤵
  PID:1764
- C:\Windows\System32\QvqPQYN.exe
  C:\Windows\System32\QvqPQYN.exe
  2⤵
  PID:4100
- C:\Windows\System32\ouORlTZ.exe
  C:\Windows\System32\ouORlTZ.exe
  2⤵
  PID:4456
- C:\Windows\System32\zgLzCeT.exe
  C:\Windows\System32\zgLzCeT.exe
  2⤵
  PID:2416
- C:\Windows\System32\dQiZIxK.exe
  C:\Windows\System32\dQiZIxK.exe
  2⤵
  PID:232
- C:\Windows\System32\VnJstLs.exe
  C:\Windows\System32\VnJstLs.exe
  2⤵
  PID:2972
- C:\Windows\System32\GFbKeHL.exe
  C:\Windows\System32\GFbKeHL.exe
  2⤵
  PID:2960
- C:\Windows\System32\xUKRLiP.exe
  C:\Windows\System32\xUKRLiP.exe
  2⤵
  PID:1092
- C:\Windows\System32\nynOhBo.exe
  C:\Windows\System32\nynOhBo.exe
  2⤵
  PID:3524
- C:\Windows\System32\ShOieOX.exe
  C:\Windows\System32\ShOieOX.exe
  2⤵
  PID:1104
- C:\Windows\System32\xZjIJxl.exe
  C:\Windows\System32\xZjIJxl.exe
  2⤵
  PID:5128
- C:\Windows\System32\xfMQjOD.exe
  C:\Windows\System32\xfMQjOD.exe
  2⤵
  PID:5148
- C:\Windows\System32\JqPXPWe.exe
  C:\Windows\System32\JqPXPWe.exe
  2⤵
  PID:5192
- C:\Windows\System32\cgWziqZ.exe
  C:\Windows\System32\cgWziqZ.exe
  2⤵
  PID:5216
- C:\Windows\System32\HWBdryy.exe
  C:\Windows\System32\HWBdryy.exe
  2⤵
  PID:5264
- C:\Windows\System32\HlnmuXc.exe
  C:\Windows\System32\HlnmuXc.exe
  2⤵
  PID:5288
- C:\Windows\System32\NbUtbjp.exe
  C:\Windows\System32\NbUtbjp.exe
  2⤵
  PID:5304
- C:\Windows\System32\ltcvXNI.exe
  C:\Windows\System32\ltcvXNI.exe
  2⤵
  PID:5324
- C:\Windows\System32\pVRuoSD.exe
  C:\Windows\System32\pVRuoSD.exe
  2⤵
  PID:5340
- C:\Windows\System32\zgljTxa.exe
  C:\Windows\System32\zgljTxa.exe
  2⤵
  PID:5368
- C:\Windows\System32\yKilVjV.exe
  C:\Windows\System32\yKilVjV.exe
  2⤵
  PID:5392
- C:\Windows\System32\ZjlRfbj.exe
  C:\Windows\System32\ZjlRfbj.exe
  2⤵
  PID:5412
- C:\Windows\System32\XnoxpaR.exe
  C:\Windows\System32\XnoxpaR.exe
  2⤵
  PID:5432
- C:\Windows\System32\sGnOSju.exe
  C:\Windows\System32\sGnOSju.exe
  2⤵
  PID:5456
- C:\Windows\System32\yqjOoXZ.exe
  C:\Windows\System32\yqjOoXZ.exe
  2⤵
  PID:5472
- C:\Windows\System32\xeWCaeL.exe
  C:\Windows\System32\xeWCaeL.exe
  2⤵
  PID:5508
- C:\Windows\System32\uZtiUxG.exe
  C:\Windows\System32\uZtiUxG.exe
  2⤵
  PID:5528
- C:\Windows\System32\eIzzLBE.exe
  C:\Windows\System32\eIzzLBE.exe
  2⤵
  PID:5568
- C:\Windows\System32\vLRiynM.exe
  C:\Windows\System32\vLRiynM.exe
  2⤵
  PID:5584
- C:\Windows\System32\LaFmmRc.exe
  C:\Windows\System32\LaFmmRc.exe
  2⤵
  PID:5640
- C:\Windows\System32\BcMrJgy.exe
  C:\Windows\System32\BcMrJgy.exe
  2⤵
  PID:5660
- C:\Windows\System32\yyQjJXm.exe
  C:\Windows\System32\yyQjJXm.exe
  2⤵
  PID:5708
- C:\Windows\System32\aOgBCUm.exe
  C:\Windows\System32\aOgBCUm.exe
  2⤵
  PID:5728
- C:\Windows\System32\yUvAQHp.exe
  C:\Windows\System32\yUvAQHp.exe
  2⤵
  PID:5764
- C:\Windows\System32\rjTkeRm.exe
  C:\Windows\System32\rjTkeRm.exe
  2⤵
  PID:5784
- C:\Windows\System32\XmjWBsd.exe
  C:\Windows\System32\XmjWBsd.exe
  2⤵
  PID:5800
- C:\Windows\System32\DTSkdbd.exe
  C:\Windows\System32\DTSkdbd.exe
  2⤵
  PID:5828
- C:\Windows\System32\cmQTuty.exe
  C:\Windows\System32\cmQTuty.exe
  2⤵
  PID:5888
- C:\Windows\System32\yPfIuyy.exe
  C:\Windows\System32\yPfIuyy.exe
  2⤵
  PID:5924
- C:\Windows\System32\ZyZnRng.exe
  C:\Windows\System32\ZyZnRng.exe
  2⤵
  PID:5948
- C:\Windows\System32\fkOxQYC.exe
  C:\Windows\System32\fkOxQYC.exe
  2⤵
  PID:5964
- C:\Windows\System32\bNYBDHS.exe
  C:\Windows\System32\bNYBDHS.exe
  2⤵
  PID:5984
- C:\Windows\System32\zpSCFWq.exe
  C:\Windows\System32\zpSCFWq.exe
  2⤵
  PID:6016
- C:\Windows\System32\HDeGOPP.exe
  C:\Windows\System32\HDeGOPP.exe
  2⤵
  PID:6032
- C:\Windows\System32\ZHRNwMS.exe
  C:\Windows\System32\ZHRNwMS.exe
  2⤵
  PID:6072
- C:\Windows\System32\OOPCeHW.exe
  C:\Windows\System32\OOPCeHW.exe
  2⤵
  PID:6132
- C:\Windows\System32\ZodxbXo.exe
  C:\Windows\System32\ZodxbXo.exe
  2⤵
  PID:5156
- C:\Windows\System32\QAaBxxm.exe
  C:\Windows\System32\QAaBxxm.exe
  2⤵
  PID:5204
- C:\Windows\System32\DoZxkgm.exe
  C:\Windows\System32\DoZxkgm.exe
  2⤵
  PID:5300
- C:\Windows\System32\KgpcCZa.exe
  C:\Windows\System32\KgpcCZa.exe
  2⤵
  PID:5356
- C:\Windows\System32\SwMgTJk.exe
  C:\Windows\System32\SwMgTJk.exe
  2⤵
  PID:5360
- C:\Windows\System32\vKvwKJd.exe
  C:\Windows\System32\vKvwKJd.exe
  2⤵
  PID:5400
- C:\Windows\System32\eopCkrx.exe
  C:\Windows\System32\eopCkrx.exe
  2⤵
  PID:5428
- C:\Windows\System32\fInnnLL.exe
  C:\Windows\System32\fInnnLL.exe
  2⤵
  PID:5516
- C:\Windows\System32\RKMyHES.exe
  C:\Windows\System32\RKMyHES.exe
  2⤵
  PID:5564
- C:\Windows\System32\TnNYnaH.exe
  C:\Windows\System32\TnNYnaH.exe
  2⤵
  PID:5592
- C:\Windows\System32\QmTEpjv.exe
  C:\Windows\System32\QmTEpjv.exe
  2⤵
  PID:5740
- C:\Windows\System32\safLVYM.exe
  C:\Windows\System32\safLVYM.exe
  2⤵
  PID:5840
- C:\Windows\System32\MwsANnF.exe
  C:\Windows\System32\MwsANnF.exe
  2⤵
  PID:5940
- C:\Windows\System32\XMlUFdm.exe
  C:\Windows\System32\XMlUFdm.exe
  2⤵
  PID:6004
- C:\Windows\System32\racirrH.exe
  C:\Windows\System32\racirrH.exe
  2⤵
  PID:6108
- C:\Windows\System32\hSzTTfg.exe
  C:\Windows\System32\hSzTTfg.exe
  2⤵
  PID:6100
- C:\Windows\System32\uhOlRiD.exe
  C:\Windows\System32\uhOlRiD.exe
  2⤵
  PID:5140
- C:\Windows\System32\zXGpgmF.exe
  C:\Windows\System32\zXGpgmF.exe
  2⤵
  PID:5296
- C:\Windows\System32\BfLpoBH.exe
  C:\Windows\System32\BfLpoBH.exe
  2⤵
  PID:5320
- C:\Windows\System32\jbnNZiU.exe
  C:\Windows\System32\jbnNZiU.exe
  2⤵
  PID:5452
- C:\Windows\System32\eltaUWM.exe
  C:\Windows\System32\eltaUWM.exe
  2⤵
  PID:5692
- C:\Windows\System32\IUQANTd.exe
  C:\Windows\System32\IUQANTd.exe
  2⤵
  PID:5752
- C:\Windows\System32\gDcLRka.exe
  C:\Windows\System32\gDcLRka.exe
  2⤵
  PID:2216
- C:\Windows\System32\xMtvxwV.exe
  C:\Windows\System32\xMtvxwV.exe
  2⤵
  PID:5388
- C:\Windows\System32\DTRFAcj.exe
  C:\Windows\System32\DTRFAcj.exe
  2⤵
  PID:5672
- C:\Windows\System32\kaebiyn.exe
  C:\Windows\System32\kaebiyn.exe
  2⤵
  PID:5524
- C:\Windows\System32\CRgaWwm.exe
  C:\Windows\System32\CRgaWwm.exe
  2⤵
  PID:5704
- C:\Windows\System32\qzYbLuY.exe
  C:\Windows\System32\qzYbLuY.exe
  2⤵
  PID:6160
- C:\Windows\System32\GjSczoU.exe
  C:\Windows\System32\GjSczoU.exe
  2⤵
  PID:6188
- C:\Windows\System32\zEtHorA.exe
  C:\Windows\System32\zEtHorA.exe
  2⤵
  PID:6204
- C:\Windows\System32\nwUlUZH.exe
  C:\Windows\System32\nwUlUZH.exe
  2⤵
  PID:6220
- C:\Windows\System32\ViMASUv.exe
  C:\Windows\System32\ViMASUv.exe
  2⤵
  PID:6244
- C:\Windows\System32\bANWXvV.exe
  C:\Windows\System32\bANWXvV.exe
  2⤵
  PID:6260
- C:\Windows\System32\ZbwjYdD.exe
  C:\Windows\System32\ZbwjYdD.exe
  2⤵
  PID:6276
- C:\Windows\System32\XIchCyt.exe
  C:\Windows\System32\XIchCyt.exe
  2⤵
  PID:6296
- C:\Windows\System32\ouPQmvd.exe
  C:\Windows\System32\ouPQmvd.exe
  2⤵
  PID:6316
- C:\Windows\System32\xmlsdeg.exe
  C:\Windows\System32\xmlsdeg.exe
  2⤵
  PID:6356
- C:\Windows\System32\HlouGZb.exe
  C:\Windows\System32\HlouGZb.exe
  2⤵
  PID:6400
- C:\Windows\System32\HZlIwhm.exe
  C:\Windows\System32\HZlIwhm.exe
  2⤵
  PID:6456
- C:\Windows\System32\JVJErVZ.exe
  C:\Windows\System32\JVJErVZ.exe
  2⤵
  PID:6484
- C:\Windows\System32\DTcNCTH.exe
  C:\Windows\System32\DTcNCTH.exe
  2⤵
  PID:6504
- C:\Windows\System32\fknHZth.exe
  C:\Windows\System32\fknHZth.exe
  2⤵
  PID:6520
- C:\Windows\System32\TYImDOl.exe
  C:\Windows\System32\TYImDOl.exe
  2⤵
  PID:6560
- C:\Windows\System32\nYoNxgZ.exe
  C:\Windows\System32\nYoNxgZ.exe
  2⤵
  PID:6580
- C:\Windows\System32\CTakmlj.exe
  C:\Windows\System32\CTakmlj.exe
  2⤵
  PID:6612
- C:\Windows\System32\MLXGUfZ.exe
  C:\Windows\System32\MLXGUfZ.exe
  2⤵
  PID:6660
- C:\Windows\System32\qbNJDzJ.exe
  C:\Windows\System32\qbNJDzJ.exe
  2⤵
  PID:6692
- C:\Windows\System32\jBmJzmK.exe
  C:\Windows\System32\jBmJzmK.exe
  2⤵
  PID:6720
- C:\Windows\System32\FpghqKh.exe
  C:\Windows\System32\FpghqKh.exe
  2⤵
  PID:6752
- C:\Windows\System32\BJFcERS.exe
  C:\Windows\System32\BJFcERS.exe
  2⤵
  PID:6768
- C:\Windows\System32\UchErkz.exe
  C:\Windows\System32\UchErkz.exe
  2⤵
  PID:6792
- C:\Windows\System32\sTatNKP.exe
  C:\Windows\System32\sTatNKP.exe
  2⤵
  PID:6808
- C:\Windows\System32\GwWQYsr.exe
  C:\Windows\System32\GwWQYsr.exe
  2⤵
  PID:6824
- C:\Windows\System32\nmJzgtW.exe
  C:\Windows\System32\nmJzgtW.exe
  2⤵
  PID:6844
- C:\Windows\System32\bHvsQFl.exe
  C:\Windows\System32\bHvsQFl.exe
  2⤵
  PID:6864
- C:\Windows\System32\YDPnyEr.exe
  C:\Windows\System32\YDPnyEr.exe
  2⤵
  PID:6900
- C:\Windows\System32\bnstlqS.exe
  C:\Windows\System32\bnstlqS.exe
  2⤵
  PID:6924
- C:\Windows\System32\KOWwDyp.exe
  C:\Windows\System32\KOWwDyp.exe
  2⤵
  PID:6992
- C:\Windows\System32\ouXQrGV.exe
  C:\Windows\System32\ouXQrGV.exe
  2⤵
  PID:7016
- C:\Windows\System32\AWSpKNo.exe
  C:\Windows\System32\AWSpKNo.exe
  2⤵
  PID:7032
- C:\Windows\System32\XAjrwaT.exe
  C:\Windows\System32\XAjrwaT.exe
  2⤵
  PID:7052
- C:\Windows\System32\OGnvNrk.exe
  C:\Windows\System32\OGnvNrk.exe
  2⤵
  PID:7076
- C:\Windows\System32\CtnvZfg.exe
  C:\Windows\System32\CtnvZfg.exe
  2⤵
  PID:7092
- C:\Windows\System32\crVRZNB.exe
  C:\Windows\System32\crVRZNB.exe
  2⤵
  PID:7120
- C:\Windows\System32\wavGikW.exe
  C:\Windows\System32\wavGikW.exe
  2⤵
  PID:7140
- C:\Windows\System32\eiJXftg.exe
  C:\Windows\System32\eiJXftg.exe
  2⤵
  PID:7164
- C:\Windows\System32\sCEOTVt.exe
  C:\Windows\System32\sCEOTVt.exe
  2⤵
  PID:6212
- C:\Windows\System32\LkqBlLS.exe
  C:\Windows\System32\LkqBlLS.exe
  2⤵
  PID:6324
- C:\Windows\System32\jMkVThP.exe
  C:\Windows\System32\jMkVThP.exe
  2⤵
  PID:6472
- C:\Windows\System32\JrfohSQ.exe
  C:\Windows\System32\JrfohSQ.exe
  2⤵
  PID:6500
- C:\Windows\System32\cAQkFAe.exe
  C:\Windows\System32\cAQkFAe.exe
  2⤵
  PID:6512
- C:\Windows\System32\DqmDEdY.exe
  C:\Windows\System32\DqmDEdY.exe
  2⤵
  PID:6596
- C:\Windows\System32\WHYgacd.exe
  C:\Windows\System32\WHYgacd.exe
  2⤵
  PID:6640
- C:\Windows\System32\MLlcVMI.exe
  C:\Windows\System32\MLlcVMI.exe
  2⤵
  PID:6668
- C:\Windows\System32\nCBXnqz.exe
  C:\Windows\System32\nCBXnqz.exe
  2⤵
  PID:6736
- C:\Windows\System32\viRNyFT.exe
  C:\Windows\System32\viRNyFT.exe
  2⤵
  PID:6908
- C:\Windows\System32\DennDhJ.exe
  C:\Windows\System32\DennDhJ.exe
  2⤵
  PID:7028
- C:\Windows\System32\ZlRFYVj.exe
  C:\Windows\System32\ZlRFYVj.exe
  2⤵
  PID:7044
- C:\Windows\System32\QauVUvq.exe
  C:\Windows\System32\QauVUvq.exe
  2⤵
  PID:7008
- C:\Windows\System32\kjQtLrz.exe
  C:\Windows\System32\kjQtLrz.exe
  2⤵
  PID:7068
- C:\Windows\System32\RRDnhFh.exe
  C:\Windows\System32\RRDnhFh.exe
  2⤵
  PID:7156
- C:\Windows\System32\FCBfgpA.exe
  C:\Windows\System32\FCBfgpA.exe
  2⤵
  PID:6240
- C:\Windows\System32\DVqGmeK.exe
  C:\Windows\System32\DVqGmeK.exe
  2⤵
  PID:6364
- C:\Windows\System32\ZuouRxk.exe
  C:\Windows\System32\ZuouRxk.exe
  2⤵
  PID:6480
- C:\Windows\System32\UwQqBJL.exe
  C:\Windows\System32\UwQqBJL.exe
  2⤵
  PID:6552
- C:\Windows\System32\fHPcMlE.exe
  C:\Windows\System32\fHPcMlE.exe
  2⤵
  PID:6708
- C:\Windows\System32\lpRgCJW.exe
  C:\Windows\System32\lpRgCJW.exe
  2⤵
  PID:6656
- C:\Windows\System32\UVmEeFF.exe
  C:\Windows\System32\UVmEeFF.exe
  2⤵
  PID:6860
- C:\Windows\System32\KXRMYCf.exe
  C:\Windows\System32\KXRMYCf.exe
  2⤵
  PID:6556
- C:\Windows\System32\bVzrPwy.exe
  C:\Windows\System32\bVzrPwy.exe
  2⤵
  PID:6776
- C:\Windows\System32\pldbwqu.exe
  C:\Windows\System32\pldbwqu.exe
  2⤵
  PID:6572
- C:\Windows\System32\olRNUrq.exe
  C:\Windows\System32\olRNUrq.exe
  2⤵
  PID:7040
- C:\Windows\System32\GDqGDNF.exe
  C:\Windows\System32\GDqGDNF.exe
  2⤵
  PID:7196
- C:\Windows\System32\LdmGoNi.exe
  C:\Windows\System32\LdmGoNi.exe
  2⤵
  PID:7220
- C:\Windows\System32\XpPbscL.exe
  C:\Windows\System32\XpPbscL.exe
  2⤵
  PID:7248
- C:\Windows\System32\xuLuAWk.exe
  C:\Windows\System32\xuLuAWk.exe
  2⤵
  PID:7296
- C:\Windows\System32\MVnvqZC.exe
  C:\Windows\System32\MVnvqZC.exe
  2⤵
  PID:7312
- C:\Windows\System32\fqqqDLE.exe
  C:\Windows\System32\fqqqDLE.exe
  2⤵
  PID:7336
- C:\Windows\System32\AWVfXZv.exe
  C:\Windows\System32\AWVfXZv.exe
  2⤵
  PID:7392
- C:\Windows\System32\QNSRZtH.exe
  C:\Windows\System32\QNSRZtH.exe
  2⤵
  PID:7412
- C:\Windows\System32\kQRoMqs.exe
  C:\Windows\System32\kQRoMqs.exe
  2⤵
  PID:7440
- C:\Windows\System32\AKNiMWk.exe
  C:\Windows\System32\AKNiMWk.exe
  2⤵
  PID:7456
- C:\Windows\System32\haKgDsn.exe
  C:\Windows\System32\haKgDsn.exe
  2⤵
  PID:7480
- C:\Windows\System32\RcaROtO.exe
  C:\Windows\System32\RcaROtO.exe
  2⤵
  PID:7508
- C:\Windows\System32\JNvQfSG.exe
  C:\Windows\System32\JNvQfSG.exe
  2⤵
  PID:7528
- C:\Windows\System32\yXbxGOc.exe
  C:\Windows\System32\yXbxGOc.exe
  2⤵
  PID:7576
- C:\Windows\System32\UmSQEJb.exe
  C:\Windows\System32\UmSQEJb.exe
  2⤵
  PID:7604
- C:\Windows\System32\zWWFLPx.exe
  C:\Windows\System32\zWWFLPx.exe
  2⤵
  PID:7664
- C:\Windows\System32\lCbAtNT.exe
  C:\Windows\System32\lCbAtNT.exe
  2⤵
  PID:7696
- C:\Windows\System32\LRCJsBe.exe
  C:\Windows\System32\LRCJsBe.exe
  2⤵
  PID:7712
- C:\Windows\System32\qnkYVrS.exe
  C:\Windows\System32\qnkYVrS.exe
  2⤵
  PID:7732
- C:\Windows\System32\LlJeCuS.exe
  C:\Windows\System32\LlJeCuS.exe
  2⤵
  PID:7756
- C:\Windows\System32\upCXnqu.exe
  C:\Windows\System32\upCXnqu.exe
  2⤵
  PID:7780
- C:\Windows\System32\oNmWNmo.exe
  C:\Windows\System32\oNmWNmo.exe
  2⤵
  PID:7808
- C:\Windows\System32\aveyNyK.exe
  C:\Windows\System32\aveyNyK.exe
  2⤵
  PID:7824
- C:\Windows\System32\BycXxdl.exe
  C:\Windows\System32\BycXxdl.exe
  2⤵
  PID:7868
- C:\Windows\System32\maRfLCv.exe
  C:\Windows\System32\maRfLCv.exe
  2⤵
  PID:7912
- C:\Windows\System32\EcaErMQ.exe
  C:\Windows\System32\EcaErMQ.exe
  2⤵
  PID:7928
- C:\Windows\System32\dDkAvtJ.exe
  C:\Windows\System32\dDkAvtJ.exe
  2⤵
  PID:7948
- C:\Windows\System32\XmqWoue.exe
  C:\Windows\System32\XmqWoue.exe
  2⤵
  PID:7976
- C:\Windows\System32\DBEOHCW.exe
  C:\Windows\System32\DBEOHCW.exe
  2⤵
  PID:8000
- C:\Windows\System32\TnTkKsF.exe
  C:\Windows\System32\TnTkKsF.exe
  2⤵
  PID:8020
- C:\Windows\System32\lZQskIK.exe
  C:\Windows\System32\lZQskIK.exe
  2⤵
  PID:8060
- C:\Windows\System32\HVNgdRv.exe
  C:\Windows\System32\HVNgdRv.exe
  2⤵
  PID:8080
- C:\Windows\System32\nIJGAyY.exe
  C:\Windows\System32\nIJGAyY.exe
  2⤵
  PID:8124
- C:\Windows\System32\qIaonET.exe
  C:\Windows\System32\qIaonET.exe
  2⤵
  PID:8140
- C:\Windows\System32\VJwtJLI.exe
  C:\Windows\System32\VJwtJLI.exe
  2⤵
  PID:8172
- C:\Windows\System32\KBxfOSP.exe
  C:\Windows\System32\KBxfOSP.exe
  2⤵
  PID:6980
- C:\Windows\System32\vGyXejg.exe
  C:\Windows\System32\vGyXejg.exe
  2⤵
  PID:7184
- C:\Windows\System32\jRxwgkg.exe
  C:\Windows\System32\jRxwgkg.exe
  2⤵
  PID:7256
- C:\Windows\System32\NMndlVP.exe
  C:\Windows\System32\NMndlVP.exe
  2⤵
  PID:7328
- C:\Windows\System32\CvyCAqy.exe
  C:\Windows\System32\CvyCAqy.exe
  2⤵
  PID:7344
- C:\Windows\System32\YgNwlYA.exe
  C:\Windows\System32\YgNwlYA.exe
  2⤵
  PID:7452
- C:\Windows\System32\hquMWAv.exe
  C:\Windows\System32\hquMWAv.exe
  2⤵
  PID:7472
- C:\Windows\System32\XTZBqZQ.exe
  C:\Windows\System32\XTZBqZQ.exe
  2⤵
  PID:7516
- C:\Windows\System32\PJlhoPg.exe
  C:\Windows\System32\PJlhoPg.exe
  2⤵
  PID:7660
- C:\Windows\System32\VbSRIJc.exe
  C:\Windows\System32\VbSRIJc.exe
  2⤵
  PID:7720
- C:\Windows\System32\tlGOhUw.exe
  C:\Windows\System32\tlGOhUw.exe
  2⤵
  PID:7776
- C:\Windows\System32\CwsMmYT.exe
  C:\Windows\System32\CwsMmYT.exe
  2⤵
  PID:7840
- C:\Windows\System32\nFamaDC.exe
  C:\Windows\System32\nFamaDC.exe
  2⤵
  PID:7864
- C:\Windows\System32\qifcnzw.exe
  C:\Windows\System32\qifcnzw.exe
  2⤵
  PID:7944
- C:\Windows\System32\hYzamDB.exe
  C:\Windows\System32\hYzamDB.exe
  2⤵
  PID:7964
- C:\Windows\System32\TOGQRMx.exe
  C:\Windows\System32\TOGQRMx.exe
  2⤵
  PID:7996
- C:\Windows\System32\FlflUvh.exe
  C:\Windows\System32\FlflUvh.exe
  2⤵
  PID:8072
- C:\Windows\System32\ZRCFGRc.exe
  C:\Windows\System32\ZRCFGRc.exe
  2⤵
  PID:8068
- C:\Windows\System32\kzhPhUd.exe
  C:\Windows\System32\kzhPhUd.exe
  2⤵
  PID:8184
- C:\Windows\System32\hxNkQyJ.exe
  C:\Windows\System32\hxNkQyJ.exe
  2⤵
  PID:8164
- C:\Windows\System32\sgzIAWR.exe
  C:\Windows\System32\sgzIAWR.exe
  2⤵
  PID:7408
- C:\Windows\System32\dRznDfA.exe
  C:\Windows\System32\dRznDfA.exe
  2⤵
  PID:8016
- C:\Windows\System32\vyppPEg.exe
  C:\Windows\System32\vyppPEg.exe
  2⤵
  PID:8096
- C:\Windows\System32\XSsibbe.exe
  C:\Windows\System32\XSsibbe.exe
  2⤵
  PID:8180
- C:\Windows\System32\jcDkMdM.exe
  C:\Windows\System32\jcDkMdM.exe
  2⤵
  PID:8032
- C:\Windows\System32\GnooluT.exe
  C:\Windows\System32\GnooluT.exe
  2⤵
  PID:7836
- C:\Windows\System32\yZheJNP.exe
  C:\Windows\System32\yZheJNP.exe
  2⤵
  PID:8116
- C:\Windows\System32\zTeTQHB.exe
  C:\Windows\System32\zTeTQHB.exe
  2⤵
  PID:7900
- C:\Windows\System32\YxYjgGR.exe
  C:\Windows\System32\YxYjgGR.exe
  2⤵
  PID:8204
- C:\Windows\System32\WgabUac.exe
  C:\Windows\System32\WgabUac.exe
  2⤵
  PID:8224
- C:\Windows\System32\QcoVsJB.exe
  C:\Windows\System32\QcoVsJB.exe
  2⤵
  PID:8244
- C:\Windows\System32\kRSGkUl.exe
  C:\Windows\System32\kRSGkUl.exe
  2⤵
  PID:8292
- C:\Windows\System32\EOTPUPz.exe
  C:\Windows\System32\EOTPUPz.exe
  2⤵
  PID:8312
- C:\Windows\System32\KWkspgC.exe
  C:\Windows\System32\KWkspgC.exe
  2⤵
  PID:8328
- C:\Windows\System32\gWMEAfE.exe
  C:\Windows\System32\gWMEAfE.exe
  2⤵
  PID:8376
- C:\Windows\System32\YNSntvs.exe
  C:\Windows\System32\YNSntvs.exe
  2⤵
  PID:8396
- C:\Windows\System32\pcaSghq.exe
  C:\Windows\System32\pcaSghq.exe
  2⤵
  PID:8412
- C:\Windows\System32\fUqedAz.exe
  C:\Windows\System32\fUqedAz.exe
  2⤵
  PID:8436
- C:\Windows\System32\KZJKpRi.exe
  C:\Windows\System32\KZJKpRi.exe
  2⤵
  PID:8464
- C:\Windows\System32\RbWIqQF.exe
  C:\Windows\System32\RbWIqQF.exe
  2⤵
  PID:8484
- C:\Windows\System32\FEzkOwu.exe
  C:\Windows\System32\FEzkOwu.exe
  2⤵
  PID:8504
- C:\Windows\System32\dLRnjxq.exe
  C:\Windows\System32\dLRnjxq.exe
  2⤵
  PID:8524
- C:\Windows\System32\tIUWEeJ.exe
  C:\Windows\System32\tIUWEeJ.exe
  2⤵
  PID:8596
- C:\Windows\System32\Yutgyjr.exe
  C:\Windows\System32\Yutgyjr.exe
  2⤵
  PID:8656
- C:\Windows\System32\MKyNKIZ.exe
  C:\Windows\System32\MKyNKIZ.exe
  2⤵
  PID:8684
- C:\Windows\System32\LqaKRbd.exe
  C:\Windows\System32\LqaKRbd.exe
  2⤵
  PID:8704
- C:\Windows\System32\UnPEARY.exe
  C:\Windows\System32\UnPEARY.exe
  2⤵
  PID:8724
- C:\Windows\System32\suygydn.exe
  C:\Windows\System32\suygydn.exe
  2⤵
  PID:8752
- C:\Windows\System32\vaXVKSB.exe
  C:\Windows\System32\vaXVKSB.exe
  2⤵
  PID:8804
- C:\Windows\System32\ZxzVnSv.exe
  C:\Windows\System32\ZxzVnSv.exe
  2⤵
  PID:8832
- C:\Windows\System32\SqEjkKk.exe
  C:\Windows\System32\SqEjkKk.exe
  2⤵
  PID:8868
- C:\Windows\System32\sTzpAsA.exe
  C:\Windows\System32\sTzpAsA.exe
  2⤵
  PID:8896
- C:\Windows\System32\LgxBUmI.exe
  C:\Windows\System32\LgxBUmI.exe
  2⤵
  PID:8920
- C:\Windows\System32\dmBjccR.exe
  C:\Windows\System32\dmBjccR.exe
  2⤵
  PID:8936
- C:\Windows\System32\TuhRBMa.exe
  C:\Windows\System32\TuhRBMa.exe
  2⤵
  PID:8960
- C:\Windows\System32\sJzcWxe.exe
  C:\Windows\System32\sJzcWxe.exe
  2⤵
  PID:8980
- C:\Windows\System32\hFNrTcU.exe
  C:\Windows\System32\hFNrTcU.exe
  2⤵
  PID:8996
- C:\Windows\System32\IWCkhQP.exe
  C:\Windows\System32\IWCkhQP.exe
  2⤵
  PID:9052
- C:\Windows\System32\cClpnhA.exe
  C:\Windows\System32\cClpnhA.exe
  2⤵
  PID:9080
- C:\Windows\System32\RpmvPUG.exe
  C:\Windows\System32\RpmvPUG.exe
  2⤵
  PID:9128
- C:\Windows\System32\rfokzKW.exe
  C:\Windows\System32\rfokzKW.exe
  2⤵
  PID:9152
- C:\Windows\System32\faDcKEP.exe
  C:\Windows\System32\faDcKEP.exe
  2⤵
  PID:9184
- C:\Windows\System32\EhQZZiy.exe
  C:\Windows\System32\EhQZZiy.exe
  2⤵
  PID:9208
- C:\Windows\System32\lpMEhoc.exe
  C:\Windows\System32\lpMEhoc.exe
  2⤵
  PID:8008
- C:\Windows\System32\LddqMHH.exe
  C:\Windows\System32\LddqMHH.exe
  2⤵
  PID:8220
- C:\Windows\System32\JGFhZKs.exe
  C:\Windows\System32\JGFhZKs.exe
  2⤵
  PID:8308
- C:\Windows\System32\gOVytOc.exe
  C:\Windows\System32\gOVytOc.exe
  2⤵
  PID:8360
- C:\Windows\System32\hQzugFD.exe
  C:\Windows\System32\hQzugFD.exe
  2⤵
  PID:8432
- C:\Windows\System32\SNkjKaz.exe
  C:\Windows\System32\SNkjKaz.exe
  2⤵
  PID:8500
- C:\Windows\System32\VeiJMGQ.exe
  C:\Windows\System32\VeiJMGQ.exe
  2⤵
  PID:8588
- C:\Windows\System32\XVrwgDQ.exe
  C:\Windows\System32\XVrwgDQ.exe
  2⤵
  PID:8640
- C:\Windows\System32\wKwnzYe.exe
  C:\Windows\System32\wKwnzYe.exe
  2⤵
  PID:8748
- C:\Windows\System32\behNQoL.exe
  C:\Windows\System32\behNQoL.exe
  2⤵
  PID:8780
- C:\Windows\System32\JuHSODA.exe
  C:\Windows\System32\JuHSODA.exe
  2⤵
  PID:9096
- C:\Windows\System32\NQDyyAi.exe
  C:\Windows\System32\NQDyyAi.exe
  2⤵
  PID:9200
- C:\Windows\System32\UCzDzKs.exe
  C:\Windows\System32\UCzDzKs.exe
  2⤵
  PID:8212
- C:\Windows\System32\dDREGub.exe
  C:\Windows\System32\dDREGub.exe
  2⤵
  PID:8260
- C:\Windows\System32\JmTjAPC.exe
  C:\Windows\System32\JmTjAPC.exe
  2⤵
  PID:8364
- C:\Windows\System32\LPcHHxL.exe
  C:\Windows\System32\LPcHHxL.exe
  2⤵
  PID:8476
- C:\Windows\System32\ooFbeGB.exe
  C:\Windows\System32\ooFbeGB.exe
  2⤵
  PID:8532
- C:\Windows\System32\PFyrzWR.exe
  C:\Windows\System32\PFyrzWR.exe
  2⤵
  PID:8776
- C:\Windows\System32\nAAPhCT.exe
  C:\Windows\System32\nAAPhCT.exe
  2⤵
  PID:8764
- C:\Windows\System32\WkVlQOp.exe
  C:\Windows\System32\WkVlQOp.exe
  2⤵
  PID:9032
- C:\Windows\System32\qKBpBlK.exe
  C:\Windows\System32\qKBpBlK.exe
  2⤵
  PID:8904
- C:\Windows\System32\BtZWUPe.exe
  C:\Windows\System32\BtZWUPe.exe
  2⤵
  PID:8336
- C:\Windows\System32\SXIPXUE.exe
  C:\Windows\System32\SXIPXUE.exe
  2⤵
  PID:8668
- C:\Windows\System32\JTuuulw.exe
  C:\Windows\System32\JTuuulw.exe
  2⤵
  PID:8264
- C:\Windows\System32\PKmQIec.exe
  C:\Windows\System32\PKmQIec.exe
  2⤵
  PID:8844
- C:\Windows\System32\KoBKRvx.exe
  C:\Windows\System32\KoBKRvx.exe
  2⤵
  PID:8932
- C:\Windows\System32\AqaXhiw.exe
  C:\Windows\System32\AqaXhiw.exe
  2⤵
  PID:8444
- C:\Windows\System32\Yyfakuz.exe
  C:\Windows\System32\Yyfakuz.exe
  2⤵
  PID:9236
- C:\Windows\System32\BSVgBXv.exe
  C:\Windows\System32\BSVgBXv.exe
  2⤵
  PID:9288
- C:\Windows\System32\RhKwVBl.exe
  C:\Windows\System32\RhKwVBl.exe
  2⤵
  PID:9316
- C:\Windows\System32\GKGZjuT.exe
  C:\Windows\System32\GKGZjuT.exe
  2⤵
  PID:9332
- C:\Windows\System32\jfqNUiA.exe
  C:\Windows\System32\jfqNUiA.exe
  2⤵
  PID:9352
- C:\Windows\System32\bdWUQyT.exe
  C:\Windows\System32\bdWUQyT.exe
  2⤵
  PID:9376
- C:\Windows\System32\AgjVtzJ.exe
  C:\Windows\System32\AgjVtzJ.exe
  2⤵
  PID:9396
- C:\Windows\System32\DhMZQxY.exe
  C:\Windows\System32\DhMZQxY.exe
  2⤵
  PID:9444
- C:\Windows\System32\hrKLLvj.exe
  C:\Windows\System32\hrKLLvj.exe
  2⤵
  PID:9480
- C:\Windows\System32\gpgeNIY.exe
  C:\Windows\System32\gpgeNIY.exe
  2⤵
  PID:9504
- C:\Windows\System32\MuWXyKV.exe
  C:\Windows\System32\MuWXyKV.exe
  2⤵
  PID:9540
- C:\Windows\System32\ygoaPOU.exe
  C:\Windows\System32\ygoaPOU.exe
  2⤵
  PID:9576
- C:\Windows\System32\vrISThp.exe
  C:\Windows\System32\vrISThp.exe
  2⤵
  PID:9600
- C:\Windows\System32\fDpYcxv.exe
  C:\Windows\System32\fDpYcxv.exe
  2⤵
  PID:9632
- C:\Windows\System32\xZhxcjk.exe
  C:\Windows\System32\xZhxcjk.exe
  2⤵
  PID:9668
- C:\Windows\System32\GcVXTmu.exe
  C:\Windows\System32\GcVXTmu.exe
  2⤵
  PID:9692
- C:\Windows\System32\XZNSRKd.exe
  C:\Windows\System32\XZNSRKd.exe
  2⤵
  PID:9712
- C:\Windows\System32\wTJeiIG.exe
  C:\Windows\System32\wTJeiIG.exe
  2⤵
  PID:9732
- C:\Windows\System32\KGsUcmp.exe
  C:\Windows\System32\KGsUcmp.exe
  2⤵
  PID:9768
- C:\Windows\System32\qnkybZa.exe
  C:\Windows\System32\qnkybZa.exe
  2⤵
  PID:9788
- C:\Windows\System32\qPHInOG.exe
  C:\Windows\System32\qPHInOG.exe
  2⤵
  PID:9816
- C:\Windows\System32\ToffOwu.exe
  C:\Windows\System32\ToffOwu.exe
  2⤵
  PID:9832
- C:\Windows\System32\qcXDnZX.exe
  C:\Windows\System32\qcXDnZX.exe
  2⤵
  PID:9852
- C:\Windows\System32\CHaneYc.exe
  C:\Windows\System32\CHaneYc.exe
  2⤵
  PID:9872
- C:\Windows\System32\QRjbIOX.exe
  C:\Windows\System32\QRjbIOX.exe
  2⤵
  PID:9888
- C:\Windows\System32\RpqDmtk.exe
  C:\Windows\System32\RpqDmtk.exe
  2⤵
  PID:9972
- C:\Windows\System32\yYgLzUf.exe
  C:\Windows\System32\yYgLzUf.exe
  2⤵
  PID:9992
- C:\Windows\System32\XiWeXIC.exe
  C:\Windows\System32\XiWeXIC.exe
  2⤵
  PID:10012
- C:\Windows\System32\UIMygsw.exe
  C:\Windows\System32\UIMygsw.exe
  2⤵
  PID:10052
- C:\Windows\System32\pLckMTc.exe
  C:\Windows\System32\pLckMTc.exe
  2⤵
  PID:10088
- C:\Windows\System32\cxOFAAx.exe
  C:\Windows\System32\cxOFAAx.exe
  2⤵
  PID:10112
- C:\Windows\System32\bfLxnjQ.exe
  C:\Windows\System32\bfLxnjQ.exe
  2⤵
  PID:10132
- C:\Windows\System32\nhUJFxZ.exe
  C:\Windows\System32\nhUJFxZ.exe
  2⤵
  PID:10148
- C:\Windows\System32\BCVLvct.exe
  C:\Windows\System32\BCVLvct.exe
  2⤵
  PID:10188
- C:\Windows\System32\NUlwtIa.exe
  C:\Windows\System32\NUlwtIa.exe
  2⤵
  PID:10224
- C:\Windows\System32\ycyriyA.exe
  C:\Windows\System32\ycyriyA.exe
  2⤵
  PID:8196
- C:\Windows\System32\caNDyFZ.exe
  C:\Windows\System32\caNDyFZ.exe
  2⤵
  PID:9044
- C:\Windows\System32\HMWGhWk.exe
  C:\Windows\System32\HMWGhWk.exe
  2⤵
  PID:9256
- C:\Windows\System32\RVxssKn.exe
  C:\Windows\System32\RVxssKn.exe
  2⤵
  PID:9364
- C:\Windows\System32\MyeyPPz.exe
  C:\Windows\System32\MyeyPPz.exe
  2⤵
  PID:9408
- C:\Windows\System32\dfSnxjq.exe
  C:\Windows\System32\dfSnxjq.exe
  2⤵
  PID:9424
- C:\Windows\System32\BEnxRHG.exe
  C:\Windows\System32\BEnxRHG.exe
  2⤵
  PID:9488
- C:\Windows\System32\gPZMkTs.exe
  C:\Windows\System32\gPZMkTs.exe
  2⤵
  PID:9568
- C:\Windows\System32\yJwIOAn.exe
  C:\Windows\System32\yJwIOAn.exe
  2⤵
  PID:9612
- C:\Windows\System32\mrfsZDR.exe
  C:\Windows\System32\mrfsZDR.exe
  2⤵
  PID:9728
- C:\Windows\System32\eTaZHQp.exe
  C:\Windows\System32\eTaZHQp.exe
  2⤵
  PID:9776
- C:\Windows\System32\OMpknQY.exe
  C:\Windows\System32\OMpknQY.exe
  2⤵
  PID:9824
- C:\Windows\System32\DYzcMmF.exe
  C:\Windows\System32\DYzcMmF.exe
  2⤵
  PID:9880
- C:\Windows\System32\dYAUVjX.exe
  C:\Windows\System32\dYAUVjX.exe
  2⤵
  PID:9896
- C:\Windows\System32\FGDQGPB.exe
  C:\Windows\System32\FGDQGPB.exe
  2⤵
  PID:10028
- C:\Windows\System32\kMrKqOo.exe
  C:\Windows\System32\kMrKqOo.exe
  2⤵
  PID:10044
- C:\Windows\System32\XURAjmG.exe
  C:\Windows\System32\XURAjmG.exe
  2⤵
  PID:10104
- C:\Windows\System32\ixDNxBq.exe
  C:\Windows\System32\ixDNxBq.exe
  2⤵
  PID:10212
- C:\Windows\System32\yifvelq.exe
  C:\Windows\System32\yifvelq.exe
  2⤵
  PID:9264
- C:\Windows\System32\gKeQbhw.exe
  C:\Windows\System32\gKeQbhw.exe
  2⤵
  PID:9476
- C:\Windows\System32\TGRGNED.exe
  C:\Windows\System32\TGRGNED.exe
  2⤵
  PID:9584
- C:\Windows\System32\LvyJtXk.exe
  C:\Windows\System32\LvyJtXk.exe
  2⤵
  PID:9700
- C:\Windows\System32\LMFonPl.exe
  C:\Windows\System32\LMFonPl.exe
  2⤵
  PID:9828
- C:\Windows\System32\HGZtDiT.exe
  C:\Windows\System32\HGZtDiT.exe
  2⤵
  PID:10008
- C:\Windows\System32\evFQUUi.exe
  C:\Windows\System32\evFQUUi.exe
  2⤵
  PID:10084
- C:\Windows\System32\tUCMsON.exe
  C:\Windows\System32\tUCMsON.exe
  2⤵
  PID:10200
- C:\Windows\System32\tNTeIqu.exe
  C:\Windows\System32\tNTeIqu.exe
  2⤵
  PID:9536
- C:\Windows\System32\YlreLtZ.exe
  C:\Windows\System32\YlreLtZ.exe
  2⤵
  PID:9864
- C:\Windows\System32\csSPcYy.exe
  C:\Windows\System32\csSPcYy.exe
  2⤵
  PID:10244
- C:\Windows\System32\GIqtaFy.exe
  C:\Windows\System32\GIqtaFy.exe
  2⤵
  PID:10292
- C:\Windows\System32\nSHwwHH.exe
  C:\Windows\System32\nSHwwHH.exe
  2⤵
  PID:10312
- C:\Windows\System32\UoWekFV.exe
  C:\Windows\System32\UoWekFV.exe
  2⤵
  PID:10328
- C:\Windows\System32\FpoajSr.exe
  C:\Windows\System32\FpoajSr.exe
  2⤵
  PID:10352
- C:\Windows\System32\ctikDEI.exe
  C:\Windows\System32\ctikDEI.exe
  2⤵
  PID:10396
- C:\Windows\System32\oHeaTgu.exe
  C:\Windows\System32\oHeaTgu.exe
  2⤵
  PID:10416
- C:\Windows\System32\iXwCAeJ.exe
  C:\Windows\System32\iXwCAeJ.exe
  2⤵
  PID:10440
- C:\Windows\System32\hcGbqKy.exe
  C:\Windows\System32\hcGbqKy.exe
  2⤵
  PID:10460
- C:\Windows\System32\hRxhzOY.exe
  C:\Windows\System32\hRxhzOY.exe
  2⤵
  PID:10480
- C:\Windows\System32\keHaWki.exe
  C:\Windows\System32\keHaWki.exe
  2⤵
  PID:10512
- C:\Windows\System32\JzAsorp.exe
  C:\Windows\System32\JzAsorp.exe
  2⤵
  PID:10568
- C:\Windows\System32\FxuIzPU.exe
  C:\Windows\System32\FxuIzPU.exe
  2⤵
  PID:10592
- C:\Windows\System32\NpNGzpE.exe
  C:\Windows\System32\NpNGzpE.exe
  2⤵
  PID:10624
- C:\Windows\System32\qOXMOsq.exe
  C:\Windows\System32\qOXMOsq.exe
  2⤵
  PID:10648
- C:\Windows\System32\YXMBLgI.exe
  C:\Windows\System32\YXMBLgI.exe
  2⤵
  PID:10684
- C:\Windows\System32\VbMqqor.exe
  C:\Windows\System32\VbMqqor.exe
  2⤵
  PID:10716
- C:\Windows\System32\gbQHisj.exe
  C:\Windows\System32\gbQHisj.exe
  2⤵
  PID:10740
- C:\Windows\System32\DJNmrxI.exe
  C:\Windows\System32\DJNmrxI.exe
  2⤵
  PID:10760
- C:\Windows\System32\yhJwJUe.exe
  C:\Windows\System32\yhJwJUe.exe
  2⤵
  PID:10776
- C:\Windows\System32\cBQgnya.exe
  C:\Windows\System32\cBQgnya.exe
  2⤵
  PID:10816
- C:\Windows\System32\uPivTwZ.exe
  C:\Windows\System32\uPivTwZ.exe
  2⤵
  PID:10836
- C:\Windows\System32\AReyufN.exe
  C:\Windows\System32\AReyufN.exe
  2⤵
  PID:10852
- C:\Windows\System32\ofbaaiT.exe
  C:\Windows\System32\ofbaaiT.exe
  2⤵
  PID:10880
- C:\Windows\System32\NIAihvr.exe
  C:\Windows\System32\NIAihvr.exe
  2⤵
  PID:10904
- C:\Windows\System32\ZAKQZct.exe
  C:\Windows\System32\ZAKQZct.exe
  2⤵
  PID:10940
- C:\Windows\System32\ZvNTxlX.exe
  C:\Windows\System32\ZvNTxlX.exe
  2⤵
  PID:10972
- C:\Windows\System32\zsyCKsD.exe
  C:\Windows\System32\zsyCKsD.exe
  2⤵
  PID:10992
- C:\Windows\System32\OQbGbcK.exe
  C:\Windows\System32\OQbGbcK.exe
  2⤵
  PID:11012
- C:\Windows\System32\ngwLZvg.exe
  C:\Windows\System32\ngwLZvg.exe
  2⤵
  PID:11040
- C:\Windows\System32\gYcYWBS.exe
  C:\Windows\System32\gYcYWBS.exe
  2⤵
  PID:11084
- C:\Windows\System32\CbqWLLQ.exe
  C:\Windows\System32\CbqWLLQ.exe
  2⤵
  PID:11124
- C:\Windows\System32\jiHvlnK.exe
  C:\Windows\System32\jiHvlnK.exe
  2⤵
  PID:11152
- C:\Windows\System32\faHDNod.exe
  C:\Windows\System32\faHDNod.exe
  2⤵
  PID:11176
- C:\Windows\System32\EAImhLH.exe
  C:\Windows\System32\EAImhLH.exe
  2⤵
  PID:11216
- C:\Windows\System32\xRpsqne.exe
  C:\Windows\System32\xRpsqne.exe
  2⤵
  PID:11236
- C:\Windows\System32\RUeRHeY.exe
  C:\Windows\System32\RUeRHeY.exe
  2⤵
  PID:11260
- C:\Windows\System32\ZFoInyB.exe
  C:\Windows\System32\ZFoInyB.exe
  2⤵
  PID:10280
- C:\Windows\System32\aymsYxF.exe
  C:\Windows\System32\aymsYxF.exe
  2⤵
  PID:10308
- C:\Windows\System32\pieUCFh.exe
  C:\Windows\System32\pieUCFh.exe
  2⤵
  PID:10380
- C:\Windows\System32\NESjJJQ.exe
  C:\Windows\System32\NESjJJQ.exe
  2⤵
  PID:10456
- C:\Windows\System32\JKEuObm.exe
  C:\Windows\System32\JKEuObm.exe
  2⤵
  PID:10468
- C:\Windows\System32\RiEfHpw.exe
  C:\Windows\System32\RiEfHpw.exe
  2⤵
  PID:10588
- C:\Windows\System32\QAMSmSz.exe
  C:\Windows\System32\QAMSmSz.exe
  2⤵
  PID:10636
- C:\Windows\System32\etWWMcc.exe
  C:\Windows\System32\etWWMcc.exe
  2⤵
  PID:10696
- C:\Windows\System32\rgFMScW.exe
  C:\Windows\System32\rgFMScW.exe
  2⤵
  PID:10756
- C:\Windows\System32\WsrMrxw.exe
  C:\Windows\System32\WsrMrxw.exe
  2⤵
  PID:10772
- C:\Windows\System32\lGKkDPk.exe
  C:\Windows\System32\lGKkDPk.exe
  2⤵
  PID:10896
- C:\Windows\System32\fiBOOPO.exe
  C:\Windows\System32\fiBOOPO.exe
  2⤵
  PID:10912
- C:\Windows\System32\RBPJRtL.exe
  C:\Windows\System32\RBPJRtL.exe
  2⤵
  PID:10968
- C:\Windows\System32\OOvkSSU.exe
  C:\Windows\System32\OOvkSSU.exe
  2⤵
  PID:11072
- C:\Windows\System32\FsrYFQh.exe
  C:\Windows\System32\FsrYFQh.exe
  2⤵
  PID:11164
- C:\Windows\System32\xDKbolZ.exe
  C:\Windows\System32\xDKbolZ.exe
  2⤵
  PID:11232
- C:\Windows\System32\zzVqlRF.exe
  C:\Windows\System32\zzVqlRF.exe
  2⤵
  PID:10168
- C:\Windows\System32\OSHiqiP.exe
  C:\Windows\System32\OSHiqiP.exe
  2⤵
  PID:10272
- C:\Windows\System32\EPKetqx.exe
  C:\Windows\System32\EPKetqx.exe
  2⤵
  PID:10412
- C:\Windows\System32\QfEwQrA.exe
  C:\Windows\System32\QfEwQrA.exe
  2⤵
  PID:10660
- C:\Windows\System32\YzwzYPF.exe
  C:\Windows\System32\YzwzYPF.exe
  2⤵
  PID:10916
- C:\Windows\System32\frThrlw.exe
  C:\Windows\System32\frThrlw.exe
  2⤵
  PID:11100
- C:\Windows\System32\jRVrpWG.exe
  C:\Windows\System32\jRVrpWG.exe
  2⤵
  PID:11132
- C:\Windows\System32\WDSYfrH.exe
  C:\Windows\System32\WDSYfrH.exe
  2⤵
  PID:10324
- C:\Windows\System32\eIQNhZD.exe
  C:\Windows\System32\eIQNhZD.exe
  2⤵
  PID:10556
- C:\Windows\System32\IvLNYYA.exe
  C:\Windows\System32\IvLNYYA.exe
  2⤵
  PID:10752
- C:\Windows\System32\qbHIeuY.exe
  C:\Windows\System32\qbHIeuY.exe
  2⤵
  PID:10808
- C:\Windows\System32\hNpDYug.exe
  C:\Windows\System32\hNpDYug.exe
  2⤵
  PID:11248
- C:\Windows\System32\vnKCMgP.exe
  C:\Windows\System32\vnKCMgP.exe
  2⤵
  PID:11276
- C:\Windows\System32\wDDiZZa.exe
  C:\Windows\System32\wDDiZZa.exe
  2⤵
  PID:11300
- C:\Windows\System32\kyOoLTt.exe
  C:\Windows\System32\kyOoLTt.exe
  2⤵
  PID:11344
- C:\Windows\System32\DpRtJUL.exe
  C:\Windows\System32\DpRtJUL.exe
  2⤵
  PID:11376
- C:\Windows\System32\OqwoGXF.exe
  C:\Windows\System32\OqwoGXF.exe
  2⤵
  PID:11396
- C:\Windows\System32\WlktWUB.exe
  C:\Windows\System32\WlktWUB.exe
  2⤵
  PID:11412
- C:\Windows\System32\VblhxEQ.exe
  C:\Windows\System32\VblhxEQ.exe
  2⤵
  PID:11436
- C:\Windows\System32\AOfkIBJ.exe
  C:\Windows\System32\AOfkIBJ.exe
  2⤵
  PID:11452
- C:\Windows\System32\dQBBFoQ.exe
  C:\Windows\System32\dQBBFoQ.exe
  2⤵
  PID:11484
- C:\Windows\System32\HBGwSLD.exe
  C:\Windows\System32\HBGwSLD.exe
  2⤵
  PID:11504
- C:\Windows\System32\cUJBqGO.exe
  C:\Windows\System32\cUJBqGO.exe
  2⤵
  PID:11628
- C:\Windows\System32\fEMYRrr.exe
  C:\Windows\System32\fEMYRrr.exe
  2⤵
  PID:11644
- C:\Windows\System32\URMPgvo.exe
  C:\Windows\System32\URMPgvo.exe
  2⤵
  PID:11660
- C:\Windows\System32\LQXMMbK.exe
  C:\Windows\System32\LQXMMbK.exe
  2⤵
  PID:11684
- C:\Windows\System32\CmbKgtf.exe
  C:\Windows\System32\CmbKgtf.exe
  2⤵
  PID:11712
- C:\Windows\System32\ySaWmXF.exe
  C:\Windows\System32\ySaWmXF.exe
  2⤵
  PID:11736
- C:\Windows\System32\OLqCmWU.exe
  C:\Windows\System32\OLqCmWU.exe
  2⤵
  PID:11772
- C:\Windows\System32\edNpOsd.exe
  C:\Windows\System32\edNpOsd.exe
  2⤵
  PID:11788
- C:\Windows\System32\QvBlOMY.exe
  C:\Windows\System32\QvBlOMY.exe
  2⤵
  PID:11804
- C:\Windows\System32\OVklRuk.exe
  C:\Windows\System32\OVklRuk.exe
  2⤵
  PID:11844
- C:\Windows\System32\sJXfVkV.exe
  C:\Windows\System32\sJXfVkV.exe
  2⤵
  PID:11872
- C:\Windows\System32\vazauYs.exe
  C:\Windows\System32\vazauYs.exe
  2⤵
  PID:11888
- C:\Windows\System32\rTfYbrq.exe
  C:\Windows\System32\rTfYbrq.exe
  2⤵
  PID:11912
- C:\Windows\System32\QxBsQya.exe
  C:\Windows\System32\QxBsQya.exe
  2⤵
  PID:11940
- C:\Windows\System32\OhvvRKa.exe
  C:\Windows\System32\OhvvRKa.exe
  2⤵
  PID:11968
- C:\Windows\System32\yTMNNkU.exe
  C:\Windows\System32\yTMNNkU.exe
  2⤵
  PID:11988
- C:\Windows\System32\enqwZwk.exe
  C:\Windows\System32\enqwZwk.exe
  2⤵
  PID:12008
- C:\Windows\System32\gXltdCg.exe
  C:\Windows\System32\gXltdCg.exe
  2⤵
  PID:12032
- C:\Windows\System32\vnUNfWI.exe
  C:\Windows\System32\vnUNfWI.exe
  2⤵
  PID:12072
- C:\Windows\System32\kwnkoBh.exe
  C:\Windows\System32\kwnkoBh.exe
  2⤵
  PID:12104
- C:\Windows\System32\bqApPSi.exe
  C:\Windows\System32\bqApPSi.exe
  2⤵
  PID:12124
- C:\Windows\System32\FpJFGRV.exe
  C:\Windows\System32\FpJFGRV.exe
  2⤵
  PID:12140
- C:\Windows\System32\aMDPraw.exe
  C:\Windows\System32\aMDPraw.exe
  2⤵
  PID:12156
- C:\Windows\System32\DsUjIdP.exe
  C:\Windows\System32\DsUjIdP.exe
  2⤵
  PID:12180
- C:\Windows\System32\qZoMHrf.exe
  C:\Windows\System32\qZoMHrf.exe
  2⤵
  PID:12220
- C:\Windows\System32\YNGZmCL.exe
  C:\Windows\System32\YNGZmCL.exe
  2⤵
  PID:12240
- C:\Windows\System32\osqWMDu.exe
  C:\Windows\System32\osqWMDu.exe
  2⤵
  PID:11296
- C:\Windows\System32\kPSTeNj.exe
  C:\Windows\System32\kPSTeNj.exe
  2⤵
  PID:11316
- C:\Windows\System32\WZoylOd.exe
  C:\Windows\System32\WZoylOd.exe
  2⤵
  PID:11464
- C:\Windows\System32\ThwxjdR.exe
  C:\Windows\System32\ThwxjdR.exe
  2⤵
  PID:11460
- C:\Windows\System32\ZeKPVjZ.exe
  C:\Windows\System32\ZeKPVjZ.exe
  2⤵
  PID:11512
- C:\Windows\System32\ExGyHaE.exe
  C:\Windows\System32\ExGyHaE.exe
  2⤵
  PID:11572
- C:\Windows\System32\ZoaPfRt.exe
  C:\Windows\System32\ZoaPfRt.exe
  2⤵
  PID:11672
- C:\Windows\System32\KmxFNAA.exe
  C:\Windows\System32\KmxFNAA.exe
  2⤵
  PID:11744
- C:\Windows\System32\lwCtmrQ.exe
  C:\Windows\System32\lwCtmrQ.exe
  2⤵
  PID:11780
- C:\Windows\System32\wPOqmLE.exe
  C:\Windows\System32\wPOqmLE.exe
  2⤵
  PID:11856
- C:\Windows\System32\AKEXBmO.exe
  C:\Windows\System32\AKEXBmO.exe
  2⤵
  PID:11984
- C:\Windows\System32\daKMioI.exe
  C:\Windows\System32\daKMioI.exe
  2⤵
  PID:12016
- C:\Windows\System32\sTSjDWd.exe
  C:\Windows\System32\sTSjDWd.exe
  2⤵
  PID:12152
- C:\Windows\System32\Dkslsha.exe
  C:\Windows\System32\Dkslsha.exe
  2⤵
  PID:12172
- C:\Windows\System32\MsOKMCn.exe
  C:\Windows\System32\MsOKMCn.exe
  2⤵
  PID:12204
- C:\Windows\System32\eHJFKba.exe
  C:\Windows\System32\eHJFKba.exe
  2⤵
  PID:12260
- C:\Windows\System32\ZLZsWnZ.exe
  C:\Windows\System32\ZLZsWnZ.exe
  2⤵
  PID:11364
- C:\Windows\System32\HWKOWHN.exe
  C:\Windows\System32\HWKOWHN.exe
  2⤵
  PID:11640
- C:\Windows\System32\kqXHZCB.exe
  C:\Windows\System32\kqXHZCB.exe
  2⤵
  PID:11584
- C:\Windows\System32\vDWTDkt.exe
  C:\Windows\System32\vDWTDkt.exe
  2⤵
  PID:11720
- C:\Windows\System32\xMWUIWl.exe
  C:\Windows\System32\xMWUIWl.exe
  2⤵
  PID:11880
- C:\Windows\System32\IHwAABp.exe
  C:\Windows\System32\IHwAABp.exe
  2⤵
  PID:11956
- C:\Windows\System32\lkSRASR.exe
  C:\Windows\System32\lkSRASR.exe
  2⤵
  PID:12200
- C:\Windows\System32\iUQaENa.exe
  C:\Windows\System32\iUQaENa.exe
  2⤵
  PID:380
- C:\Windows\System32\xXcyqhd.exe
  C:\Windows\System32\xXcyqhd.exe
  2⤵
  PID:2440
- C:\Windows\System32\RVZfzWD.exe
  C:\Windows\System32\RVZfzWD.exe
  2⤵
  PID:11784
- C:\Windows\System32\bamYvCt.exe
  C:\Windows\System32\bamYvCt.exe
  2⤵
  PID:11928
- C:\Windows\System32\fqnWXOL.exe
  C:\Windows\System32\fqnWXOL.exe
  2⤵
  PID:12040
- C:\Windows\System32\EsSJxaX.exe
  C:\Windows\System32\EsSJxaX.exe
  2⤵
  PID:11336
- C:\Windows\System32\VNrCDbz.exe
  C:\Windows\System32\VNrCDbz.exe
  2⤵
  PID:12308
- C:\Windows\System32\CEjXWaT.exe
  C:\Windows\System32\CEjXWaT.exe
  2⤵
  PID:12340
- C:\Windows\System32\SCMuVBV.exe
  C:\Windows\System32\SCMuVBV.exe
  2⤵
  PID:12368
- C:\Windows\System32\iKuHFnK.exe
  C:\Windows\System32\iKuHFnK.exe
  2⤵
  PID:12396
- C:\Windows\System32\KBYbVNR.exe
  C:\Windows\System32\KBYbVNR.exe
  2⤵
  PID:12416
- C:\Windows\System32\XwDrHNG.exe
  C:\Windows\System32\XwDrHNG.exe
  2⤵
  PID:12460
- C:\Windows\System32\xzvmeds.exe
  C:\Windows\System32\xzvmeds.exe
  2⤵
  PID:12484
- C:\Windows\System32\xsqTdBq.exe
  C:\Windows\System32\xsqTdBq.exe
  2⤵
  PID:12500
- C:\Windows\System32\KEKNSFz.exe
  C:\Windows\System32\KEKNSFz.exe
  2⤵
  PID:12520
- C:\Windows\System32\IfobLDn.exe
  C:\Windows\System32\IfobLDn.exe
  2⤵
  PID:12540
- C:\Windows\System32\sQIvYmo.exe
  C:\Windows\System32\sQIvYmo.exe
  2⤵
  PID:12584
- C:\Windows\System32\CZDHISc.exe
  C:\Windows\System32\CZDHISc.exe
  2⤵
  PID:12624
- C:\Windows\System32\tqhpxkq.exe
  C:\Windows\System32\tqhpxkq.exe
  2⤵
  PID:12664
- C:\Windows\System32\FXLqiZF.exe
  C:\Windows\System32\FXLqiZF.exe
  2⤵
  PID:12688
- C:\Windows\System32\UJCmATn.exe
  C:\Windows\System32\UJCmATn.exe
  2⤵
  PID:12708
- C:\Windows\System32\HEyYvWb.exe
  C:\Windows\System32\HEyYvWb.exe
  2⤵
  PID:12728
- C:\Windows\System32\pNLtrGY.exe
  C:\Windows\System32\pNLtrGY.exe
  2⤵
  PID:12776
- C:\Windows\System32\MoUZbZn.exe
  C:\Windows\System32\MoUZbZn.exe
  2⤵
  PID:12808
- C:\Windows\System32\zdpTIaI.exe
  C:\Windows\System32\zdpTIaI.exe
  2⤵
  PID:12832
- C:\Windows\System32\fvXakUZ.exe
  C:\Windows\System32\fvXakUZ.exe
  2⤵
  PID:12856
- C:\Windows\System32\TZkiyjM.exe
  C:\Windows\System32\TZkiyjM.exe
  2⤵
  PID:12896
- C:\Windows\System32\dglHKLP.exe
  C:\Windows\System32\dglHKLP.exe
  2⤵
  PID:12912
- C:\Windows\System32\mxcTLPR.exe
  C:\Windows\System32\mxcTLPR.exe
  2⤵
  PID:12936
- C:\Windows\System32\TqzRRnJ.exe
  C:\Windows\System32\TqzRRnJ.exe
  2⤵
  PID:12952
- C:\Windows\System32\FcUFvqU.exe
  C:\Windows\System32\FcUFvqU.exe
  2⤵
  PID:12968
- C:\Windows\System32\nKJfnJd.exe
  C:\Windows\System32\nKJfnJd.exe
  2⤵
  PID:12988
- C:\Windows\System32\FvoiwIN.exe
  C:\Windows\System32\FvoiwIN.exe
  2⤵
  PID:13040
- C:\Windows\System32\QSyuAGM.exe
  C:\Windows\System32\QSyuAGM.exe
  2⤵
  PID:13088
- C:\Windows\System32\qjkZZmw.exe
  C:\Windows\System32\qjkZZmw.exe
  2⤵
  PID:13104
- C:\Windows\System32\VJuDNzy.exe
  C:\Windows\System32\VJuDNzy.exe
  2⤵
  PID:13120
- C:\Windows\System32\ozaTajU.exe
  C:\Windows\System32\ozaTajU.exe
  2⤵
  PID:13172
- C:\Windows\System32\JbXBiwd.exe
  C:\Windows\System32\JbXBiwd.exe
  2⤵
  PID:13200
- C:\Windows\System32\yNgudHe.exe
  C:\Windows\System32\yNgudHe.exe
  2⤵
  PID:13220

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BCsGEnY.exe

Filesize
1012KB

MD5
a5ad7c656f0772dd2f5995e1303ebf24

SHA1
4eafae75884516de3fcbe8433828c01114fec1cf

SHA256
aa28e8d7a80b2eca1aa09ea714aaad646c1b4ccf2dfcab6c81b78bf29d0c0873

SHA512
99ad22362f9963eccf07ca6c730319e4ca1230a729de967cecbac27c14f9453b4eb2b440044deb8ec59b4efb8faa7758a3162d5bdc5bf7e94d714844c97c20cb

Download Submit
C:\Windows\System32\DQYUIMz.exe

Filesize
1006KB

MD5
2c074aa61cdb3377efbdfa7dbe7b64c2

SHA1
de67f323afecf143be419da31258666cd96c977a

SHA256
fe41c883b07673fdc672d13ad367d1c8fb2c46bf0441fc38f3b142a86a5e0267

SHA512
e81899305cf75af53efefd6fdb0fbacdb3eb207dcd8afce75946fb31f3939a434dc2cc444b61dcb0437eb0e748051058066c70b4c64443d05a202189a67c20cf

Download Submit
C:\Windows\System32\GcRrrTw.exe

Filesize
1006KB

MD5
92c8422c9e4fd254f3216f6418f033a6

SHA1
12515ef9af3427e757c522c6feb387c3e2b6de17

SHA256
e506c7720a244210c76286eb05feea4ebef74d3b72b263325ce58ed20bcfa184

SHA512
8a45caa6ea53685df49faff773fbc1373a18b88e6e2adc469924c45b3180885c8e8f19d0beb913af9541d904dd655c3f889cedf8c55b775601f94027f89dc62a

Download Submit
C:\Windows\System32\GgxZKJY.exe

Filesize
1005KB

MD5
46b51bebf979b79d9de5d54659a56960

SHA1
ed757e2f3433e69d20ea40625bc598eaa01858c5

SHA256
41be74b22fd37bd225a8ec9f6ec4ac7363c23adb54c3cf966491c76894eb19ed

SHA512
93c900b0de5e327e2067a5cc992847fb99efa4d6e158174f6d7ce7b579f76e37d238364a436ab88849724aecdff8b823af65d06d101ca7ea4cff380c00455c88

Download Submit
C:\Windows\System32\HiPJtSt.exe

Filesize
1011KB

MD5
669ad7d62e7b0df3b44901e5e37612b9

SHA1
f393fcb18f54fb3a66e56cb5df7f1de25bb74187

SHA256
79c256d4a96582656fbe4518090bcbf48151d8e308e51a81e967d4c1b3cd3e1c

SHA512
acb6f40502f067bf0fbccc60404e7d74937c3c1541b7dd48a908551d5ed9addde2d29208b89d3332a380a6a9dacec1a4b9c52442eba4964a328c1b9ba7413eec

Download Submit
C:\Windows\System32\InOlNph.exe

Filesize
1005KB

MD5
a98d2b738a3e25aebf0d6a30fe2451a3

SHA1
6b619878543586122f097558fe40052c835b80d3

SHA256
633bceee6a32388f0497735a4f2c3385800f36415df27db3e6490721fb8c3002

SHA512
922c36d04efcdd280f067f2d65aa710557deb79dcbb5cf6b6483b50f7b59fa61793e769bc83259bcdbb2052ee6d2f218d5c10061d2a0c0c5e6852ddf8faf0f1f

Download Submit
C:\Windows\System32\IwqMKJg.exe

Filesize
1008KB

MD5
a43e39b412a708fcced1ed33c388eedd

SHA1
baf7f5787d8355627c55dbc8d30fbec2a6a4f7d0

SHA256
3e207ecb62d736882c074c6d3f64d3e17dc1e9c8b3cac1d52533d7912a63d42d

SHA512
6b311c26f503bc8cdaebe95473c84ad1cc4d8f4785b952e6c30ebaf707dee4adf7eb76321a0a8a98341ccbc65c57a3333ef33c9f44be0e15753e8a5cc9f8ad85

Download Submit
C:\Windows\System32\JPlFfho.exe

Filesize
1007KB

MD5
9aa8f0ff2cdf18649ab4277aedb4d85f

SHA1
eacb76e947a3d86e6ca93a4313d25b8a88894133

SHA256
851f577ef5ec999b0ae644bcda1bb8615eba881ce7673dcedb6bb9c49464d2b7

SHA512
ca539c6f66cab11eef89289a0186a7407a4600636b8a7d4e2208d5af6632338cfa6c9a0e778377afca2be9388ec4d3554544193b002120595bb0209feb000e0d

Download Submit
C:\Windows\System32\JxKJXjG.exe

Filesize
1011KB

MD5
e9416d8481ad96ba96590331b5ff0faf

SHA1
58d2b4dcc2251e705e2b57e02781ebb82d3cd306

SHA256
b3cabee56f3d9db9ebeaa8ef419ce0eab1b3a7bc256389966e89261098d7b8d2

SHA512
8af351078285c08dc77da72f765c7ff65e0d9e5b842de031fdc2742d7660f999bb1967d49a1c1cbfb2217f535eafbdad5e2649ad19c551542a2d165803276a44

Download Submit
C:\Windows\System32\KPoIcad.exe

Filesize
1009KB

MD5
4dcada4114f6d8903546bc33a31762e9

SHA1
a6df3aeb0902a711990bd9dba7052c7a2be25f58

SHA256
d104342ff2b90b1a4184e9d321c197e4269b8fee2597f3a1b7abb066f954c56d

SHA512
aafaf8ab05b383eca867baefd9ac8168e429a5de71446f168950a8583e9bf102ec0ce04860971845965e0e37beb27d41bc947f5c657fd41d0484a9c73e4472ef

Download Submit
C:\Windows\System32\KabUmjG.exe

Filesize
1010KB

MD5
23ec1efa65ff0baa15312a2433487646

SHA1
0121c680f6e8b78d9d65f65909dffab81d6543c8

SHA256
c41da59dc58654e8d63be413ef4a58b926fc251eec7f40475034af5741350045

SHA512
4fa8c84c1a887195d7489c07250825ab7aee179ab2402815477d5c55d3da8e7e2bbfb12b12d20ddf5e492853e069c06b266441af1e1ab1c4e5e32b27583edf4e

Download Submit
C:\Windows\System32\LWzHiuK.exe

Filesize
1004KB

MD5
aea41c9fcfdb701f34458e5d0d736571

SHA1
78681681c369bfcaa3b72c7356822e574433b1cb

SHA256
c7c2183c47fb06d360027e27cd6a2ac92dce48c249c4f4edfe955deddc4f67e3

SHA512
56817cb9b857c5c0cb7b0f00247c622dc84417b3085208b0f4f1cc472b3dca67f7f392edb6a762b0790c8c29481b1cf34c88c9ef251467fa91663f62c67d0ccf

Download Submit
C:\Windows\System32\NiGHEly.exe

Filesize
1004KB

MD5
8e589911ce2f8efa8d305d5a2f3d986c

SHA1
7020748bb0f33f043b23fad675bdaeb74624c1ca

SHA256
facc9e20cdc626a8a11aee67e7e4d4e01287506e1ef13677dd576aa6199fe3a5

SHA512
bb0c1adbb557fbdeeb8f2ad49d0253dd0c8744bb4184f3b5cdcc342855d74316fcfe0198f09f735097d2fd6772ae3ba0ffe22d5e5c9c6735ef095d5d7f6fbefa

Download Submit
C:\Windows\System32\OjoiTEg.exe

Filesize
1007KB

MD5
77597c691d2943e48a492db08224b6ed

SHA1
c06a73595a6f66eca0ef909be376393a55a3e496

SHA256
bed13121cccfc79797618534b6c43c6c0868e8c174367df9227f58902cd1d717

SHA512
99192a4bc8cb1ab8b2b7a74759bb320ce9823c83a64bb28347baaada5094f6ef7bc93499f7a2990ef07d191abda1d940b8e9d20e658c36b9f9c4e34378028869

Download Submit
C:\Windows\System32\TDMPGtL.exe

Filesize
1005KB

MD5
cfdecd24422c0b8f2f395d6be7f4d3bb

SHA1
50ebec900fa1ce32433b4b3f3e58f03539919b97

SHA256
80ff088d695f443cad82506375a99247f7068a6c157fcf004c7f808c7d9f779c

SHA512
f8c12f551503069d5726c34158167d5cd2c4adc751746bdef3dbcba84dc428d92d65b10c7001caf1bdf0a84757e895fda793710cb8a5b15d4192826898edd9d9

Download Submit
C:\Windows\System32\UJprstB.exe

Filesize
1011KB

MD5
6629f5e43d98096aa3e1553395e2cd63

SHA1
ac8454c39417a4fae4f8174d2e98280ebaccc92c

SHA256
9771149206f49b754ffa637c66e55542cfea06077b0ab621a2cb5c4e1a748d0a

SHA512
c498fe9a4248b1a708e965c8b6e0d24edc684fdeb7e5be20504bbff2c435375f99f86a8a41c8c09d1f4cbb3b0c0224fb90b03b71b13ac3f3244c276d41481d71

Download Submit
C:\Windows\System32\ZOOlNHi.exe

Filesize
1009KB

MD5
e39269955dc11562bc6f5d1b3c725f16

SHA1
1fd8b1c99094a40d0ef6956f38bcc4510031cd0b

SHA256
f151f5b53521888b9d9a267bb87f4f95320dcd951454ef26d5d38c7a3db7516b

SHA512
fcf160d94c4d2044a67c7a5295af85b1cfd478a56085430582d3ae6a8f2d69926f05be0e0613408526b48f9ed4db79b75a0581cc2ddf44bb23180c564c0b42bf

Download Submit
C:\Windows\System32\ZcMneQB.exe

Filesize
1006KB

MD5
84b4f4eccc45a358277da7f9cdc81e6b

SHA1
cf6b5294beeb4706736a8cb7464b83dd294bc7e8

SHA256
0763700d54db182afce216ce31716dee2671dc0beae24210e611991b0ea60daa

SHA512
be0fc5f060bb2826080a1f349c7c4a1e58172566061647c2388accf553fa4ab2c6f4ecde4cd75864be42a2b06b203fb98d516c35de39e3db31b2c099738d0085

Download Submit
C:\Windows\System32\aTFKwZV.exe

Filesize
1009KB

MD5
26619c48eb1e2833a33b0ed5a8587ee3

SHA1
17acdddbed8cb06ea98b643531e98491201866f8

SHA256
d34a52a3ae5accbc2548bad271d511745455a25872f452d51066a941be244402

SHA512
777ba0a49d5cdf34b475505b91b4dd7c204e1f635a9a542b804758930f9bb54aead9e1f24209b61042267b602d365632dc959a2cc085062a15feac6dc93b7e87

Download Submit
C:\Windows\System32\bXwlREV.exe

Filesize
1006KB

MD5
a2788e7967f0fa4051ecb67f335f5905

SHA1
53870b8824ad746b5c13b432edf1cca942930e62

SHA256
034d79281c91a9300217c0442236c3e2c354a12b78fca73ed8d311fd665aea48

SHA512
24c5840600eda4586004a1922303b87063f49011867ddbb099805acb1da402c06fc842c1d93011d69e19b95cb5730a71c5452b933a8f9b1b38e9e818c07407a5

Download Submit
C:\Windows\System32\beGoDpa.exe

Filesize
1005KB

MD5
29a263c12397f1e669ba0b444f484b45

SHA1
a61a2e39ab16e59913f267bcc52583c5eb3bc30e

SHA256
0cc90e633c9928fdc58bf5b46f72a88b012d703d23e34f76670782fb3c888c33

SHA512
b92517b31967b044491afda3e757514d76076d9d94cc6a5add8270b1775e078aeb1f9943afd860a441a482e03f92cf5192d5c3412a48dccb318d0bad4c37bad6

Download Submit
C:\Windows\System32\cqxCmyP.exe

Filesize
1009KB

MD5
a78b9a2dfcd0a547008daa008ef4890a

SHA1
325cf900a654290ed90a3d5b29ae90da99639251

SHA256
97e05a037509b4fac31311793ffa7a46fa6747167f7e050375d36c02576a84e1

SHA512
61952a43df1a8394d32485615defc1904da1169186541d93977777b4ec0b9c253a0f769188d0d59a7da06982b0970e1ea3e257defefcc7f6314251955c214e4a

Download Submit
C:\Windows\System32\eYBPLDV.exe

Filesize
1008KB

MD5
d9f152f0eeb6d1bceaa579675521d7db

SHA1
c2157ebd7a467dd8e4e70aa91382b975a7a39e1f

SHA256
33be8a8a07b3ed3f190ea372c3a415c8c3c4f23a56b1a071b6a5daf85c6b0398

SHA512
3be63cc5d7f952637df6cfe234c878b26f988b7fa5c00569e9771df84f3ad91bd3f904956408124c9cc3b9e65aa8d71c6460ce1a1a14b0b9e65a7a3298097fdc

Download Submit
C:\Windows\System32\fRVcQXy.exe

Filesize
1012KB

MD5
cd9fa1c3b1cd90beaedb7b8620c3532f

SHA1
d1e91b95b1f66fca081b304723f328f6356bcc6c

SHA256
d51a3dc8d76d57e1d8bd5752938f979d8e54c8d756d91c632abe7b7d023805e6

SHA512
25abe1028390c1e952d1e0a2489628a0212b405a47598cb12402eefee57e9721a64648471fe63822f1a1e5712d3cb66e585aaa6931fb46bcdf7fe946b7405adf

Download Submit
C:\Windows\System32\hETtkMT.exe

Filesize
1010KB

MD5
44e86e07d0bbbf7e3d1e06c430b24c3a

SHA1
6c6efcc00fbf792d7b9dfa0a2a706c8948e8b89c

SHA256
8bc73ad7e0bfcc630ed34b40c644f06ba86fb16a9134494597b68a3645ec52f3

SHA512
b3cc33fb29d096ee4bdde3a7c00bc46ebace2af6c307e4b002d3f02dfb5f8777f7c8a3e622da2613d8baade02ecb931c4aab67035d3b6ab8044e7e06866d6ef3

Download Submit
C:\Windows\System32\hlmZfTl.exe

Filesize
1007KB

MD5
580a5805bfde06cc4ed6b035b3a53712

SHA1
4c22dce037304f08199cc1c568a3fbe4db9fd4b6

SHA256
e7da269dc04b56c4838dbd456440aeed2e0bdc60b3f12d88dc29dc6553f113bf

SHA512
a034ca7f23add7eb2f50645cb9779711cdf731f9343c0bd9fffc0a4c3ea75be484bd09ef7ec952015e438f40e65f2a1598c92e69b07ac240f0bd4043feb4bd61

Download Submit
C:\Windows\System32\lvPbycH.exe

Filesize
1009KB

MD5
68fde287b2cc282111cc48d9a72515cc

SHA1
a24fe0a06af1682bcf5f244782b4e470c6e73039

SHA256
0e98d4a69761d28103e804d7fea657629f2449a9260f5a2a53db9470ca130ad0

SHA512
b32326bb4e2d57d23076f1df68460cac55bc02a6c1f35a82cd1932b3408e7dff8cd2b4a15bd747a1b5fb5c5303174a25cd91716c25a761e883d6cb21e185ea71

Download Submit
C:\Windows\System32\nDWfxLC.exe

Filesize
1010KB

MD5
044cf5d9126e571e8ad2430f3d4040a2

SHA1
75735f278c3dc90ba564e68d741fbf8bb3d894d4

SHA256
0e24488594743e5b04182b1a9b782154572e0737b9a77034fe8b445988844b69

SHA512
73b710ee70f7c976395a33a17aedfa2773b58dbdecc04c7844dd6db879864febad74b44a2e8568eb130fe03ba6b673d85c65840ff98a875e90ea9234b85b8f0a

Download Submit
C:\Windows\System32\oAedpUJ.exe

Filesize
1007KB

MD5
4347231d8cc7ce3e937b43ef8acee291

SHA1
cea3926a8159ccd30e83226e7fb8e16404984a4b

SHA256
cd5b1df07d5153d3fcb3934913e0f1e132cbc91d2b861166269d631fdde2acad

SHA512
ac6c23efe307cf99c7c23623a1bd40402aeab414635ce049d785b27c6a1b5c26b146eeaa3259359c54d2d9cc590665e19e47727d93d8c6e157a79c3d482125a4

Download Submit
C:\Windows\System32\tkTHmUZ.exe

Filesize
1011KB

MD5
3a213cf276bce4aa1768c91f25d168df

SHA1
e7e8f61f8a26d7678d69ef0609b201c87b81d445

SHA256
ac146414fb84ffcfa2cbffec7a8481f73344e800b30d9bb11669ffa28a03ffe4

SHA512
5576965e59929e5b3f118b463d3decd35a7ad81fc8cad34f700740ee4790c56962fa293968734ccbf2cef3732c73e0ae1393d951eb0ea359edefef2b0c023e9f

Download Submit
C:\Windows\System32\vHJyvGV.exe

Filesize
1008KB

MD5
9772aa42eaf18895c5c5ce937e75add1

SHA1
cb96fb551acc0e98552a12dd10423bc96c90c853

SHA256
6ffcf322eb7436f3cbe1de8f88e1358ff615586aa8f0d6793cde2ea5060690ea

SHA512
76681f6374abc79230357cc19632fc5b575377334983b4def652bdb7c3a841d97ca5db004dd773480ef86537e112274acd9dca5287e87f02ada6dc34cfa92635

Download Submit
C:\Windows\System32\wRCOJrg.exe

Filesize
1010KB

MD5
843316b3b108a29b0093e1c133790d2d

SHA1
bf2b8677bbdb35b2dc5e56bb9323d01c810c96ab

SHA256
48f02959d23c5020a2c4e0bc7c026c983a1119c0ef2cd207fd739a709cbdc5f3

SHA512
84f4b381bce8d49144d6a43f3ebac3e92778828e1d47f2d6d88f349f4197db444d95c016cffa290a48119c3d4cf4e36553b0b0524a3dc2b075b26b3f6409af7a

Download Submit
C:\Windows\System32\wkzBhSb.exe

Filesize
1008KB

MD5
0332710241c6d15ca251567fac91f267

SHA1
187bdfe73a172631abfe00de39d4ee7e479ced60

SHA256
300f9cb16a2f339e3b9433b6f92227a7c8aaca2aba8b0565a627dd1bcd2c33d3

SHA512
a0b5568bc8c9c44ddce000cf1a868f966c64d56c9de99c3b3823f12155d321908209077dfb30e94fec71e08197b10cfc3e7978cbe3183f2c031a386cfbba14b7

Download Submit
memory/636-386-0x00007FF717B70000-0x00007FF717F61000-memory.dmp

Filesize
3.9MB

Download
memory/636-2068-0x00007FF717B70000-0x00007FF717F61000-memory.dmp

Filesize
3.9MB

Download
memory/748-1979-0x00007FF6ADC90000-0x00007FF6AE081000-memory.dmp

Filesize
3.9MB

Download
memory/748-42-0x00007FF6ADC90000-0x00007FF6AE081000-memory.dmp

Filesize
3.9MB

Download
memory/748-2025-0x00007FF6ADC90000-0x00007FF6AE081000-memory.dmp

Filesize
3.9MB

Download
memory/1032-2055-0x00007FF7E52A0000-0x00007FF7E5691000-memory.dmp

Filesize
3.9MB

Download
memory/1032-362-0x00007FF7E52A0000-0x00007FF7E5691000-memory.dmp

Filesize
3.9MB

Download
memory/1096-1983-0x00007FF638180000-0x00007FF638571000-memory.dmp

Filesize
3.9MB

Download
memory/1096-68-0x00007FF638180000-0x00007FF638571000-memory.dmp

Filesize
3.9MB

Download
memory/1096-2037-0x00007FF638180000-0x00007FF638571000-memory.dmp

Filesize
3.9MB

Download
memory/1288-2041-0x00007FF67DC40000-0x00007FF67E031000-memory.dmp

Filesize
3.9MB

Download
memory/1288-76-0x00007FF67DC40000-0x00007FF67E031000-memory.dmp

Filesize
3.9MB

Download
memory/1396-2039-0x00007FF7D6CA0000-0x00007FF7D7091000-memory.dmp

Filesize
3.9MB

Download
memory/1396-59-0x00007FF7D6CA0000-0x00007FF7D7091000-memory.dmp

Filesize
3.9MB

Download
memory/1396-1980-0x00007FF7D6CA0000-0x00007FF7D7091000-memory.dmp

Filesize
3.9MB

Download
memory/1428-2036-0x00007FF662CC0000-0x00007FF6630B1000-memory.dmp

Filesize
3.9MB

Download
memory/1428-60-0x00007FF662CC0000-0x00007FF6630B1000-memory.dmp

Filesize
3.9MB

Download
memory/1428-1982-0x00007FF662CC0000-0x00007FF6630B1000-memory.dmp

Filesize
3.9MB

Download
memory/1584-2049-0x00007FF6F6AB0000-0x00007FF6F6EA1000-memory.dmp

Filesize
3.9MB

Download
memory/1584-80-0x00007FF6F6AB0000-0x00007FF6F6EA1000-memory.dmp

Filesize
3.9MB

Download
memory/1648-2057-0x00007FF686CE0000-0x00007FF6870D1000-memory.dmp

Filesize
3.9MB

Download
memory/1648-370-0x00007FF686CE0000-0x00007FF6870D1000-memory.dmp

Filesize
3.9MB

Download
memory/1708-2059-0x00007FF724A20000-0x00007FF724E11000-memory.dmp

Filesize
3.9MB

Download
memory/1708-373-0x00007FF724A20000-0x00007FF724E11000-memory.dmp

Filesize
3.9MB

Download
memory/1964-380-0x00007FF7FDE80000-0x00007FF7FE271000-memory.dmp

Filesize
3.9MB

Download
memory/1964-2063-0x00007FF7FDE80000-0x00007FF7FE271000-memory.dmp

Filesize
3.9MB

Download
memory/2540-378-0x00007FF691B40000-0x00007FF691F31000-memory.dmp

Filesize
3.9MB

Download
memory/2540-2065-0x00007FF691B40000-0x00007FF691F31000-memory.dmp

Filesize
3.9MB

Download
memory/2736-348-0x00007FF75BE50000-0x00007FF75C241000-memory.dmp

Filesize
3.9MB

Download
memory/2736-2053-0x00007FF75BE50000-0x00007FF75C241000-memory.dmp

Filesize
3.9MB

Download
memory/2968-12-0x00007FF770DE0000-0x00007FF7711D1000-memory.dmp

Filesize
3.9MB

Download
memory/2968-2021-0x00007FF770DE0000-0x00007FF7711D1000-memory.dmp

Filesize
3.9MB

Download
memory/3412-2061-0x00007FF630D10000-0x00007FF631101000-memory.dmp

Filesize
3.9MB

Download
memory/3412-374-0x00007FF630D10000-0x00007FF631101000-memory.dmp

Filesize
3.9MB

Download
memory/3452-75-0x00007FF635330000-0x00007FF635721000-memory.dmp

Filesize
3.9MB

Download
memory/3452-2029-0x00007FF635330000-0x00007FF635721000-memory.dmp

Filesize
3.9MB

Download
memory/3536-2051-0x00007FF72FF20000-0x00007FF730311000-memory.dmp

Filesize
3.9MB

Download
memory/3536-356-0x00007FF72FF20000-0x00007FF730311000-memory.dmp

Filesize
3.9MB

Download
memory/3556-56-0x00007FF6D0330000-0x00007FF6D0721000-memory.dmp

Filesize
3.9MB

Download
memory/3556-2031-0x00007FF6D0330000-0x00007FF6D0721000-memory.dmp

Filesize
3.9MB

Download
memory/3816-2027-0x00007FF780FD0000-0x00007FF7813C1000-memory.dmp

Filesize
3.9MB

Download
memory/3816-1981-0x00007FF780FD0000-0x00007FF7813C1000-memory.dmp

Filesize
3.9MB

Download
memory/3816-21-0x00007FF780FD0000-0x00007FF7813C1000-memory.dmp

Filesize
3.9MB

Download
memory/3996-2043-0x00007FF7A91A0000-0x00007FF7A9591000-memory.dmp

Filesize
3.9MB

Download
memory/3996-354-0x00007FF7A91A0000-0x00007FF7A9591000-memory.dmp

Filesize
3.9MB

Download
memory/4052-73-0x00007FF7E8FD0000-0x00007FF7E93C1000-memory.dmp

Filesize
3.9MB

Download
memory/4052-2023-0x00007FF7E8FD0000-0x00007FF7E93C1000-memory.dmp

Filesize
3.9MB

Download
memory/4200-46-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp

Filesize
3.9MB

Download
memory/4200-2033-0x00007FF6736A0000-0x00007FF673A91000-memory.dmp

Filesize
3.9MB

Download
memory/4848-0-0x00007FF6387E0000-0x00007FF638BD1000-memory.dmp

Filesize
3.9MB

Download
memory/4848-1-0x000001508FB50000-0x000001508FB60000-memory.dmp

Filesize
64KB

Download
memory/4916-341-0x00007FF782490000-0x00007FF782881000-memory.dmp

Filesize
3.9MB

Download
memory/4916-2045-0x00007FF782490000-0x00007FF782881000-memory.dmp

Filesize
3.9MB

Download
memory/5024-79-0x00007FF70B210000-0x00007FF70B601000-memory.dmp

Filesize
3.9MB

Download
memory/5024-2047-0x00007FF70B210000-0x00007FF70B601000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads