xmrig | 4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
Size

3.1MB
MD5

892bb131b96703d129a665a5c12d5a06
SHA1

210350f617a23820a3fc8555fa5cff6d628fa417
SHA256

4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848
SHA512

057779203610d1d25aca82af51a76e9c1e3ce5ab3cfd6004a3313fc60f29f4a193c93145edc8129e4f777061bdbb3b910ba3fbdf7fc93f1a4b2122b67b900d0a
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc42:wFWPClFm

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4568-0-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp	xmrig
behavioral2/files/0x0008000000023486-5.dat	xmrig
behavioral2/memory/1468-7-0x00007FF709960000-0x00007FF709D55000-memory.dmp	xmrig
behavioral2/files/0x000700000002348b-17.dat	xmrig
behavioral2/files/0x000700000002348c-25.dat	xmrig
behavioral2/files/0x0007000000023490-50.dat	xmrig
behavioral2/files/0x0007000000023493-53.dat	xmrig
behavioral2/files/0x0007000000023495-68.dat	xmrig
behavioral2/files/0x0007000000023496-77.dat	xmrig
behavioral2/files/0x000700000002349a-94.dat	xmrig
behavioral2/files/0x000700000002349c-101.dat	xmrig
behavioral2/files/0x000700000002349e-114.dat	xmrig
behavioral2/files/0x00070000000234a1-127.dat	xmrig
behavioral2/files/0x00070000000234a3-139.dat	xmrig
behavioral2/files/0x00070000000234a9-165.dat	xmrig
behavioral2/memory/2620-546-0x00007FF73D960000-0x00007FF73DD55000-memory.dmp	xmrig
behavioral2/memory/4732-548-0x00007FF64D160000-0x00007FF64D555000-memory.dmp	xmrig
behavioral2/memory/1436-547-0x00007FF763DF0000-0x00007FF7641E5000-memory.dmp	xmrig
behavioral2/memory/780-549-0x00007FF652380000-0x00007FF652775000-memory.dmp	xmrig
behavioral2/memory/5040-550-0x00007FF7EE4C0000-0x00007FF7EE8B5000-memory.dmp	xmrig
behavioral2/memory/3252-551-0x00007FF73B9B0000-0x00007FF73BDA5000-memory.dmp	xmrig
behavioral2/memory/4520-553-0x00007FF663AB0000-0x00007FF663EA5000-memory.dmp	xmrig
behavioral2/memory/2344-552-0x00007FF6D6B40000-0x00007FF6D6F35000-memory.dmp	xmrig
behavioral2/memory/3576-554-0x00007FF7F4570000-0x00007FF7F4965000-memory.dmp	xmrig
behavioral2/memory/4116-555-0x00007FF632520000-0x00007FF632915000-memory.dmp	xmrig
behavioral2/memory/3520-556-0x00007FF7C0380000-0x00007FF7C0775000-memory.dmp	xmrig
behavioral2/memory/2356-560-0x00007FF713C00000-0x00007FF713FF5000-memory.dmp	xmrig
behavioral2/memory/4828-563-0x00007FF7342C0000-0x00007FF7346B5000-memory.dmp	xmrig
behavioral2/memory/2784-565-0x00007FF770390000-0x00007FF770785000-memory.dmp	xmrig
behavioral2/memory/5060-575-0x00007FF6A86F0000-0x00007FF6A8AE5000-memory.dmp	xmrig
behavioral2/memory/3008-578-0x00007FF77C020000-0x00007FF77C415000-memory.dmp	xmrig
behavioral2/memory/4976-584-0x00007FF73A1D0000-0x00007FF73A5C5000-memory.dmp	xmrig
behavioral2/memory/3804-583-0x00007FF615E00000-0x00007FF6161F5000-memory.dmp	xmrig
behavioral2/memory/1276-569-0x00007FF6048F0000-0x00007FF604CE5000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a8-162.dat	xmrig
behavioral2/files/0x00070000000234a7-159.dat	xmrig
behavioral2/files/0x00070000000234a6-154.dat	xmrig
behavioral2/memory/1004-593-0x00007FF602E50000-0x00007FF603245000-memory.dmp	xmrig
behavioral2/memory/220-595-0x00007FF721490000-0x00007FF721885000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a5-149.dat	xmrig
behavioral2/files/0x00070000000234a4-144.dat	xmrig
behavioral2/files/0x00070000000234a2-134.dat	xmrig
behavioral2/files/0x00070000000234a0-124.dat	xmrig
behavioral2/files/0x000700000002349f-119.dat	xmrig
behavioral2/files/0x000700000002349d-109.dat	xmrig
behavioral2/files/0x000700000002349b-99.dat	xmrig
behavioral2/files/0x0007000000023499-89.dat	xmrig
behavioral2/files/0x0007000000023498-84.dat	xmrig
behavioral2/files/0x0007000000023497-82.dat	xmrig
behavioral2/files/0x0007000000023494-64.dat	xmrig
behavioral2/files/0x0007000000023491-57.dat	xmrig
behavioral2/files/0x0007000000023492-55.dat	xmrig
behavioral2/files/0x000700000002348f-42.dat	xmrig
behavioral2/files/0x000700000002348e-39.dat	xmrig
behavioral2/files/0x000700000002348d-34.dat	xmrig
behavioral2/memory/1672-29-0x00007FF7ECD20000-0x00007FF7ED115000-memory.dmp	xmrig
behavioral2/memory/1552-20-0x00007FF7E3D80000-0x00007FF7E4175000-memory.dmp	xmrig
behavioral2/files/0x000700000002348a-10.dat	xmrig
behavioral2/memory/4568-1266-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp	xmrig
behavioral2/memory/1468-1269-0x00007FF709960000-0x00007FF709D55000-memory.dmp	xmrig
behavioral2/memory/1672-1484-0x00007FF7ECD20000-0x00007FF7ED115000-memory.dmp	xmrig
behavioral2/memory/2620-1488-0x00007FF73D960000-0x00007FF73DD55000-memory.dmp	xmrig
behavioral2/memory/4568-2083-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp	xmrig
behavioral2/memory/1552-2084-0x00007FF7E3D80000-0x00007FF7E4175000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1468	VQauQnn.exe
1552	vGmDTDg.exe
1672	YKDoEQq.exe
1004	aPZKzuK.exe
2620	qGiUmWX.exe
1436	DSyDZZS.exe
220	fzDAhgS.exe
4732	gttHFLm.exe
780	rVVuQWQ.exe
5040	pvKGChL.exe
3252	HQtrQCz.exe
2344	vGluQwP.exe
4520	tebQzcT.exe
3576	ajAHXmc.exe
4116	wAttIXX.exe
3520	kjMjiwA.exe
2356	culnzgE.exe
4828	acoNjbh.exe
2784	yotigsp.exe
1276	RYwGNKW.exe
5060	rAdwtwR.exe
3008	NZwVuyu.exe
3804	wDsZizX.exe
4976	OlppoJa.exe
2564	bnRuYEv.exe
3316	xzmykcR.exe
4752	VkErDkt.exe
4980	qduBdGL.exe
4508	ytnGiHw.exe
1992	iqKvuYZ.exe
452	qKaqLlT.exe
4240	hIQgdAn.exe
4920	GSfHhvd.exe
1832	AtTIbpg.exe
2480	CcLjLiS.exe
1988	BfgoNgV.exe
4448	wEnRNWE.exe
448	dRMpFEB.exe
4200	QVtYNFR.exe
388	wAOrmdn.exe
3768	ZkByyzK.exe
3096	fHWXiwO.exe
4708	nVXlEHV.exe
632	ahnzgZT.exe
64	zvgyXlN.exe
1372	YEuiYTC.exe
3564	vGtnjUC.exe
3024	rJbviWk.exe
1864	JKINjIr.exe
4500	yUqrkfG.exe
1544	YISCFBT.exe
3692	kPSanCC.exe
1824	XMSUKxa.exe
1944	LepQAdJ.exe
4100	lxtdZHy.exe
2856	JIuVflI.exe
3500	aEWojJC.exe
1472	MDMkteY.exe
1432	mhISbYe.exe
1344	HeBXrHe.exe
2064	TNsAXCe.exe
1912	HAPlqDC.exe
1668	AFddISO.exe
2288	XozGqxc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4568-0-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp	upx
behavioral2/files/0x0008000000023486-5.dat	upx
behavioral2/memory/1468-7-0x00007FF709960000-0x00007FF709D55000-memory.dmp	upx
behavioral2/files/0x000700000002348b-17.dat	upx
behavioral2/files/0x000700000002348c-25.dat	upx
behavioral2/files/0x0007000000023490-50.dat	upx
behavioral2/files/0x0007000000023493-53.dat	upx
behavioral2/files/0x0007000000023495-68.dat	upx
behavioral2/files/0x0007000000023496-77.dat	upx
behavioral2/files/0x000700000002349a-94.dat	upx
behavioral2/files/0x000700000002349c-101.dat	upx
behavioral2/files/0x000700000002349e-114.dat	upx
behavioral2/files/0x00070000000234a1-127.dat	upx
behavioral2/files/0x00070000000234a3-139.dat	upx
behavioral2/files/0x00070000000234a9-165.dat	upx
behavioral2/memory/2620-546-0x00007FF73D960000-0x00007FF73DD55000-memory.dmp	upx
behavioral2/memory/4732-548-0x00007FF64D160000-0x00007FF64D555000-memory.dmp	upx
behavioral2/memory/1436-547-0x00007FF763DF0000-0x00007FF7641E5000-memory.dmp	upx
behavioral2/memory/780-549-0x00007FF652380000-0x00007FF652775000-memory.dmp	upx
behavioral2/memory/5040-550-0x00007FF7EE4C0000-0x00007FF7EE8B5000-memory.dmp	upx
behavioral2/memory/3252-551-0x00007FF73B9B0000-0x00007FF73BDA5000-memory.dmp	upx
behavioral2/memory/4520-553-0x00007FF663AB0000-0x00007FF663EA5000-memory.dmp	upx
behavioral2/memory/2344-552-0x00007FF6D6B40000-0x00007FF6D6F35000-memory.dmp	upx
behavioral2/memory/3576-554-0x00007FF7F4570000-0x00007FF7F4965000-memory.dmp	upx
behavioral2/memory/4116-555-0x00007FF632520000-0x00007FF632915000-memory.dmp	upx
behavioral2/memory/3520-556-0x00007FF7C0380000-0x00007FF7C0775000-memory.dmp	upx
behavioral2/memory/2356-560-0x00007FF713C00000-0x00007FF713FF5000-memory.dmp	upx
behavioral2/memory/4828-563-0x00007FF7342C0000-0x00007FF7346B5000-memory.dmp	upx
behavioral2/memory/2784-565-0x00007FF770390000-0x00007FF770785000-memory.dmp	upx
behavioral2/memory/5060-575-0x00007FF6A86F0000-0x00007FF6A8AE5000-memory.dmp	upx
behavioral2/memory/3008-578-0x00007FF77C020000-0x00007FF77C415000-memory.dmp	upx
behavioral2/memory/4976-584-0x00007FF73A1D0000-0x00007FF73A5C5000-memory.dmp	upx
behavioral2/memory/3804-583-0x00007FF615E00000-0x00007FF6161F5000-memory.dmp	upx
behavioral2/memory/1276-569-0x00007FF6048F0000-0x00007FF604CE5000-memory.dmp	upx
behavioral2/files/0x00070000000234a8-162.dat	upx
behavioral2/files/0x00070000000234a7-159.dat	upx
behavioral2/files/0x00070000000234a6-154.dat	upx
behavioral2/memory/1004-593-0x00007FF602E50000-0x00007FF603245000-memory.dmp	upx
behavioral2/memory/220-595-0x00007FF721490000-0x00007FF721885000-memory.dmp	upx
behavioral2/files/0x00070000000234a5-149.dat	upx
behavioral2/files/0x00070000000234a4-144.dat	upx
behavioral2/files/0x00070000000234a2-134.dat	upx
behavioral2/files/0x00070000000234a0-124.dat	upx
behavioral2/files/0x000700000002349f-119.dat	upx
behavioral2/files/0x000700000002349d-109.dat	upx
behavioral2/files/0x000700000002349b-99.dat	upx
behavioral2/files/0x0007000000023499-89.dat	upx
behavioral2/files/0x0007000000023498-84.dat	upx
behavioral2/files/0x0007000000023497-82.dat	upx
behavioral2/files/0x0007000000023494-64.dat	upx
behavioral2/files/0x0007000000023491-57.dat	upx
behavioral2/files/0x0007000000023492-55.dat	upx
behavioral2/files/0x000700000002348f-42.dat	upx
behavioral2/files/0x000700000002348e-39.dat	upx
behavioral2/files/0x000700000002348d-34.dat	upx
behavioral2/memory/1672-29-0x00007FF7ECD20000-0x00007FF7ED115000-memory.dmp	upx
behavioral2/memory/1552-20-0x00007FF7E3D80000-0x00007FF7E4175000-memory.dmp	upx
behavioral2/files/0x000700000002348a-10.dat	upx
behavioral2/memory/4568-1266-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp	upx
behavioral2/memory/1468-1269-0x00007FF709960000-0x00007FF709D55000-memory.dmp	upx
behavioral2/memory/1672-1484-0x00007FF7ECD20000-0x00007FF7ED115000-memory.dmp	upx
behavioral2/memory/2620-1488-0x00007FF73D960000-0x00007FF73DD55000-memory.dmp	upx
behavioral2/memory/4568-2083-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp	upx
behavioral2/memory/1552-2084-0x00007FF7E3D80000-0x00007FF7E4175000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\bYrwdXW.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\woSSqBk.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\YfPKiGj.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\bIGTbQq.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\lfHzFrU.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\yUqrkfG.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\FtBVyuJ.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\uvqIODp.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\AVetEeb.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\KrXWBzy.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\uKPzoQi.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\VsObotF.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\lFdsYBQ.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\VBKhuwu.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\UssndXt.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\gwlctcZ.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\TRcbmUK.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\vSjPklq.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\zJSDPku.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\YPJRwLI.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\mppKAPK.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\CnRddIY.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\MldtbXr.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\YveGRHy.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\JDjPJbW.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\dFYXWXt.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\OWtfNut.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\bzNpcuj.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\fpYomMq.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\HqvaiCF.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\gXZavxS.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\ExzvefX.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\fRVKwvu.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\LlmYeMm.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\xfxildQ.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\pClKCNw.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\qntHNdp.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\bPVaaHi.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\SGHvqYs.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\OlppoJa.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\dRMpFEB.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\RayPGuR.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\icGCqgy.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\PyPgfNr.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\pdxwRNv.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\lPyKeMv.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\yUfiNjZ.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\VQauQnn.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\MtDVVkD.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\XekkWSe.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\QZWfHKW.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\UrLUbCX.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\wqxHJfY.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\EnzRKoC.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\HRYiYOp.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\UMQrMsx.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\bGjRQNZ.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\sCnQcrq.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\MxbwmGe.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\TLdBuOk.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\xhClruU.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\jnoCROw.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\NZwVuyu.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
File created	C:\Windows\System32\HAPlqDC.exe	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14236	dwm.exe
Token: SeChangeNotifyPrivilege	14236	dwm.exe
Token: 33	14236	dwm.exe
Token: SeIncBasePriorityPrivilege	14236	dwm.exe
Token: SeShutdownPrivilege	14236	dwm.exe
Token: SeCreatePagefilePrivilege	14236	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 1468	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	85
PID 4568 wrote to memory of 1468	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	85
PID 4568 wrote to memory of 1552	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	86
PID 4568 wrote to memory of 1552	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	86
PID 4568 wrote to memory of 1672	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	87
PID 4568 wrote to memory of 1672	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	87
PID 4568 wrote to memory of 1004	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	88
PID 4568 wrote to memory of 1004	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	88
PID 4568 wrote to memory of 2620	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	89
PID 4568 wrote to memory of 2620	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	89
PID 4568 wrote to memory of 1436	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	90
PID 4568 wrote to memory of 1436	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	90
PID 4568 wrote to memory of 220	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	91
PID 4568 wrote to memory of 220	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	91
PID 4568 wrote to memory of 4732	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	92
PID 4568 wrote to memory of 4732	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	92
PID 4568 wrote to memory of 780	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	93
PID 4568 wrote to memory of 780	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	93
PID 4568 wrote to memory of 5040	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	94
PID 4568 wrote to memory of 5040	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	94
PID 4568 wrote to memory of 3252	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	95
PID 4568 wrote to memory of 3252	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	95
PID 4568 wrote to memory of 2344	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	96
PID 4568 wrote to memory of 2344	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	96
PID 4568 wrote to memory of 4520	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	97
PID 4568 wrote to memory of 4520	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	97
PID 4568 wrote to memory of 3576	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	98
PID 4568 wrote to memory of 3576	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	98
PID 4568 wrote to memory of 4116	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	99
PID 4568 wrote to memory of 4116	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	99
PID 4568 wrote to memory of 3520	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	100
PID 4568 wrote to memory of 3520	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	100
PID 4568 wrote to memory of 2356	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	101
PID 4568 wrote to memory of 2356	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	101
PID 4568 wrote to memory of 4828	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	102
PID 4568 wrote to memory of 4828	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	102
PID 4568 wrote to memory of 2784	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	103
PID 4568 wrote to memory of 2784	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	103
PID 4568 wrote to memory of 1276	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	104
PID 4568 wrote to memory of 1276	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	104
PID 4568 wrote to memory of 5060	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	105
PID 4568 wrote to memory of 5060	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	105
PID 4568 wrote to memory of 3008	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	106
PID 4568 wrote to memory of 3008	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	106
PID 4568 wrote to memory of 3804	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	107
PID 4568 wrote to memory of 3804	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	107
PID 4568 wrote to memory of 4976	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	108
PID 4568 wrote to memory of 4976	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	108
PID 4568 wrote to memory of 2564	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	109
PID 4568 wrote to memory of 2564	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	109
PID 4568 wrote to memory of 3316	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	110
PID 4568 wrote to memory of 3316	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	110
PID 4568 wrote to memory of 4752	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	111
PID 4568 wrote to memory of 4752	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	111
PID 4568 wrote to memory of 4980	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	112
PID 4568 wrote to memory of 4980	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	112
PID 4568 wrote to memory of 4508	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	113
PID 4568 wrote to memory of 4508	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	113
PID 4568 wrote to memory of 1992	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	114
PID 4568 wrote to memory of 1992	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	114
PID 4568 wrote to memory of 452	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	115
PID 4568 wrote to memory of 452	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	115
PID 4568 wrote to memory of 4240	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	116
PID 4568 wrote to memory of 4240	4568	4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe	116

C:\Users\Admin\AppData\Local\Temp\4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe
"C:\Users\Admin\AppData\Local\Temp\4d4eacfaca44e2bc261e2bf7e2edad034b5b881fdbca084184d40008bbc53848.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\System32\VQauQnn.exe
  C:\Windows\System32\VQauQnn.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System32\vGmDTDg.exe
  C:\Windows\System32\vGmDTDg.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System32\YKDoEQq.exe
  C:\Windows\System32\YKDoEQq.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System32\aPZKzuK.exe
  C:\Windows\System32\aPZKzuK.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System32\qGiUmWX.exe
  C:\Windows\System32\qGiUmWX.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System32\DSyDZZS.exe
  C:\Windows\System32\DSyDZZS.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System32\fzDAhgS.exe
  C:\Windows\System32\fzDAhgS.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System32\gttHFLm.exe
  C:\Windows\System32\gttHFLm.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System32\rVVuQWQ.exe
  C:\Windows\System32\rVVuQWQ.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System32\pvKGChL.exe
  C:\Windows\System32\pvKGChL.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System32\HQtrQCz.exe
  C:\Windows\System32\HQtrQCz.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System32\vGluQwP.exe
  C:\Windows\System32\vGluQwP.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System32\tebQzcT.exe
  C:\Windows\System32\tebQzcT.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System32\ajAHXmc.exe
  C:\Windows\System32\ajAHXmc.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\wAttIXX.exe
  C:\Windows\System32\wAttIXX.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System32\kjMjiwA.exe
  C:\Windows\System32\kjMjiwA.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System32\culnzgE.exe
  C:\Windows\System32\culnzgE.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System32\acoNjbh.exe
  C:\Windows\System32\acoNjbh.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System32\yotigsp.exe
  C:\Windows\System32\yotigsp.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System32\RYwGNKW.exe
  C:\Windows\System32\RYwGNKW.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System32\rAdwtwR.exe
  C:\Windows\System32\rAdwtwR.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System32\NZwVuyu.exe
  C:\Windows\System32\NZwVuyu.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System32\wDsZizX.exe
  C:\Windows\System32\wDsZizX.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System32\OlppoJa.exe
  C:\Windows\System32\OlppoJa.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System32\bnRuYEv.exe
  C:\Windows\System32\bnRuYEv.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System32\xzmykcR.exe
  C:\Windows\System32\xzmykcR.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System32\VkErDkt.exe
  C:\Windows\System32\VkErDkt.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System32\qduBdGL.exe
  C:\Windows\System32\qduBdGL.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System32\ytnGiHw.exe
  C:\Windows\System32\ytnGiHw.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System32\iqKvuYZ.exe
  C:\Windows\System32\iqKvuYZ.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System32\qKaqLlT.exe
  C:\Windows\System32\qKaqLlT.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System32\hIQgdAn.exe
  C:\Windows\System32\hIQgdAn.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System32\GSfHhvd.exe
  C:\Windows\System32\GSfHhvd.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System32\AtTIbpg.exe
  C:\Windows\System32\AtTIbpg.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System32\CcLjLiS.exe
  C:\Windows\System32\CcLjLiS.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System32\BfgoNgV.exe
  C:\Windows\System32\BfgoNgV.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System32\wEnRNWE.exe
  C:\Windows\System32\wEnRNWE.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System32\dRMpFEB.exe
  C:\Windows\System32\dRMpFEB.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System32\QVtYNFR.exe
  C:\Windows\System32\QVtYNFR.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System32\wAOrmdn.exe
  C:\Windows\System32\wAOrmdn.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System32\ZkByyzK.exe
  C:\Windows\System32\ZkByyzK.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System32\fHWXiwO.exe
  C:\Windows\System32\fHWXiwO.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System32\nVXlEHV.exe
  C:\Windows\System32\nVXlEHV.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System32\ahnzgZT.exe
  C:\Windows\System32\ahnzgZT.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System32\zvgyXlN.exe
  C:\Windows\System32\zvgyXlN.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System32\YEuiYTC.exe
  C:\Windows\System32\YEuiYTC.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System32\vGtnjUC.exe
  C:\Windows\System32\vGtnjUC.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System32\rJbviWk.exe
  C:\Windows\System32\rJbviWk.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System32\JKINjIr.exe
  C:\Windows\System32\JKINjIr.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System32\yUqrkfG.exe
  C:\Windows\System32\yUqrkfG.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System32\YISCFBT.exe
  C:\Windows\System32\YISCFBT.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System32\kPSanCC.exe
  C:\Windows\System32\kPSanCC.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System32\XMSUKxa.exe
  C:\Windows\System32\XMSUKxa.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System32\LepQAdJ.exe
  C:\Windows\System32\LepQAdJ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System32\lxtdZHy.exe
  C:\Windows\System32\lxtdZHy.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System32\JIuVflI.exe
  C:\Windows\System32\JIuVflI.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System32\aEWojJC.exe
  C:\Windows\System32\aEWojJC.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System32\MDMkteY.exe
  C:\Windows\System32\MDMkteY.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System32\mhISbYe.exe
  C:\Windows\System32\mhISbYe.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System32\HeBXrHe.exe
  C:\Windows\System32\HeBXrHe.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System32\TNsAXCe.exe
  C:\Windows\System32\TNsAXCe.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System32\HAPlqDC.exe
  C:\Windows\System32\HAPlqDC.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System32\AFddISO.exe
  C:\Windows\System32\AFddISO.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System32\XozGqxc.exe
  C:\Windows\System32\XozGqxc.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System32\QBhiBUA.exe
  C:\Windows\System32\QBhiBUA.exe
  2⤵
  PID:3364
- C:\Windows\System32\jWpcHTP.exe
  C:\Windows\System32\jWpcHTP.exe
  2⤵
  PID:3188
- C:\Windows\System32\bcMoCBt.exe
  C:\Windows\System32\bcMoCBt.exe
  2⤵
  PID:3192
- C:\Windows\System32\YPlkSUZ.exe
  C:\Windows\System32\YPlkSUZ.exe
  2⤵
  PID:1020
- C:\Windows\System32\DtksksG.exe
  C:\Windows\System32\DtksksG.exe
  2⤵
  PID:4936
- C:\Windows\System32\QRsdrVY.exe
  C:\Windows\System32\QRsdrVY.exe
  2⤵
  PID:5084
- C:\Windows\System32\sKdSuzH.exe
  C:\Windows\System32\sKdSuzH.exe
  2⤵
  PID:2928
- C:\Windows\System32\RayPGuR.exe
  C:\Windows\System32\RayPGuR.exe
  2⤵
  PID:4644
- C:\Windows\System32\HhlewBU.exe
  C:\Windows\System32\HhlewBU.exe
  2⤵
  PID:3308
- C:\Windows\System32\tVwXARi.exe
  C:\Windows\System32\tVwXARi.exe
  2⤵
  PID:1396
- C:\Windows\System32\lSYIMIN.exe
  C:\Windows\System32\lSYIMIN.exe
  2⤵
  PID:880
- C:\Windows\System32\xfxildQ.exe
  C:\Windows\System32\xfxildQ.exe
  2⤵
  PID:1624
- C:\Windows\System32\AUqyPPF.exe
  C:\Windows\System32\AUqyPPF.exe
  2⤵
  PID:2336
- C:\Windows\System32\ecyQfGg.exe
  C:\Windows\System32\ecyQfGg.exe
  2⤵
  PID:4524
- C:\Windows\System32\jSWSPrA.exe
  C:\Windows\System32\jSWSPrA.exe
  2⤵
  PID:1940
- C:\Windows\System32\WVcbXag.exe
  C:\Windows\System32\WVcbXag.exe
  2⤵
  PID:2580
- C:\Windows\System32\QoWOHbr.exe
  C:\Windows\System32\QoWOHbr.exe
  2⤵
  PID:4408
- C:\Windows\System32\anFpMaU.exe
  C:\Windows\System32\anFpMaU.exe
  2⤵
  PID:1924
- C:\Windows\System32\WfOvOmG.exe
  C:\Windows\System32\WfOvOmG.exe
  2⤵
  PID:3896
- C:\Windows\System32\ZQZdFsw.exe
  C:\Windows\System32\ZQZdFsw.exe
  2⤵
  PID:5128
- C:\Windows\System32\mdoTcwP.exe
  C:\Windows\System32\mdoTcwP.exe
  2⤵
  PID:5168
- C:\Windows\System32\ONFSjjW.exe
  C:\Windows\System32\ONFSjjW.exe
  2⤵
  PID:5184
- C:\Windows\System32\rRdInCm.exe
  C:\Windows\System32\rRdInCm.exe
  2⤵
  PID:5212
- C:\Windows\System32\nwvgbvN.exe
  C:\Windows\System32\nwvgbvN.exe
  2⤵
  PID:5240
- C:\Windows\System32\IydGkuV.exe
  C:\Windows\System32\IydGkuV.exe
  2⤵
  PID:5268
- C:\Windows\System32\FIaLFoV.exe
  C:\Windows\System32\FIaLFoV.exe
  2⤵
  PID:5296
- C:\Windows\System32\btWlCmU.exe
  C:\Windows\System32\btWlCmU.exe
  2⤵
  PID:5324
- C:\Windows\System32\dNzEfiL.exe
  C:\Windows\System32\dNzEfiL.exe
  2⤵
  PID:5352
- C:\Windows\System32\oBwbYQG.exe
  C:\Windows\System32\oBwbYQG.exe
  2⤵
  PID:5392
- C:\Windows\System32\vixbnvX.exe
  C:\Windows\System32\vixbnvX.exe
  2⤵
  PID:5408
- C:\Windows\System32\mppKAPK.exe
  C:\Windows\System32\mppKAPK.exe
  2⤵
  PID:5444
- C:\Windows\System32\mMtKrAq.exe
  C:\Windows\System32\mMtKrAq.exe
  2⤵
  PID:5464
- C:\Windows\System32\pgVziGQ.exe
  C:\Windows\System32\pgVziGQ.exe
  2⤵
  PID:5488
- C:\Windows\System32\JcfhHEO.exe
  C:\Windows\System32\JcfhHEO.exe
  2⤵
  PID:5520
- C:\Windows\System32\eBFHDVb.exe
  C:\Windows\System32\eBFHDVb.exe
  2⤵
  PID:5548
- C:\Windows\System32\bUEmJcR.exe
  C:\Windows\System32\bUEmJcR.exe
  2⤵
  PID:5576
- C:\Windows\System32\XTERsxD.exe
  C:\Windows\System32\XTERsxD.exe
  2⤵
  PID:5604
- C:\Windows\System32\StPHYyU.exe
  C:\Windows\System32\StPHYyU.exe
  2⤵
  PID:5632
- C:\Windows\System32\roNpRWp.exe
  C:\Windows\System32\roNpRWp.exe
  2⤵
  PID:5660
- C:\Windows\System32\LvUHgPw.exe
  C:\Windows\System32\LvUHgPw.exe
  2⤵
  PID:5688
- C:\Windows\System32\WcbIJSx.exe
  C:\Windows\System32\WcbIJSx.exe
  2⤵
  PID:5728
- C:\Windows\System32\JZHeDVV.exe
  C:\Windows\System32\JZHeDVV.exe
  2⤵
  PID:5744
- C:\Windows\System32\bzNpcuj.exe
  C:\Windows\System32\bzNpcuj.exe
  2⤵
  PID:5768
- C:\Windows\System32\pZFxouD.exe
  C:\Windows\System32\pZFxouD.exe
  2⤵
  PID:5796
- C:\Windows\System32\bXYkMOo.exe
  C:\Windows\System32\bXYkMOo.exe
  2⤵
  PID:5828
- C:\Windows\System32\dNCAjrd.exe
  C:\Windows\System32\dNCAjrd.exe
  2⤵
  PID:5856
- C:\Windows\System32\VAagWmQ.exe
  C:\Windows\System32\VAagWmQ.exe
  2⤵
  PID:5884
- C:\Windows\System32\IkTaylE.exe
  C:\Windows\System32\IkTaylE.exe
  2⤵
  PID:5912
- C:\Windows\System32\Zidfjxr.exe
  C:\Windows\System32\Zidfjxr.exe
  2⤵
  PID:5940
- C:\Windows\System32\CQzTilo.exe
  C:\Windows\System32\CQzTilo.exe
  2⤵
  PID:5968
- C:\Windows\System32\FFwwxuC.exe
  C:\Windows\System32\FFwwxuC.exe
  2⤵
  PID:6008
- C:\Windows\System32\YEPkTSF.exe
  C:\Windows\System32\YEPkTSF.exe
  2⤵
  PID:6024
- C:\Windows\System32\ZpDlZNc.exe
  C:\Windows\System32\ZpDlZNc.exe
  2⤵
  PID:6052
- C:\Windows\System32\AwuMCda.exe
  C:\Windows\System32\AwuMCda.exe
  2⤵
  PID:6080
- C:\Windows\System32\hjctsfg.exe
  C:\Windows\System32\hjctsfg.exe
  2⤵
  PID:6108
- C:\Windows\System32\eZdBXyR.exe
  C:\Windows\System32\eZdBXyR.exe
  2⤵
  PID:6136
- C:\Windows\System32\srgOubw.exe
  C:\Windows\System32\srgOubw.exe
  2⤵
  PID:4528
- C:\Windows\System32\XcfERTo.exe
  C:\Windows\System32\XcfERTo.exe
  2⤵
  PID:4436
- C:\Windows\System32\jflDyfC.exe
  C:\Windows\System32\jflDyfC.exe
  2⤵
  PID:892
- C:\Windows\System32\MxgEDXx.exe
  C:\Windows\System32\MxgEDXx.exe
  2⤵
  PID:3516
- C:\Windows\System32\yTimrCK.exe
  C:\Windows\System32\yTimrCK.exe
  2⤵
  PID:5176
- C:\Windows\System32\DHgrBjH.exe
  C:\Windows\System32\DHgrBjH.exe
  2⤵
  PID:5224
- C:\Windows\System32\LhscqaK.exe
  C:\Windows\System32\LhscqaK.exe
  2⤵
  PID:5304
- C:\Windows\System32\qcvLbbL.exe
  C:\Windows\System32\qcvLbbL.exe
  2⤵
  PID:5364
- C:\Windows\System32\GYTemmQ.exe
  C:\Windows\System32\GYTemmQ.exe
  2⤵
  PID:5420
- C:\Windows\System32\lHaRBmD.exe
  C:\Windows\System32\lHaRBmD.exe
  2⤵
  PID:5512
- C:\Windows\System32\vjDxgMY.exe
  C:\Windows\System32\vjDxgMY.exe
  2⤵
  PID:5560
- C:\Windows\System32\FtBVyuJ.exe
  C:\Windows\System32\FtBVyuJ.exe
  2⤵
  PID:5612
- C:\Windows\System32\ZmIeOUt.exe
  C:\Windows\System32\ZmIeOUt.exe
  2⤵
  PID:5708
- C:\Windows\System32\IavCWMR.exe
  C:\Windows\System32\IavCWMR.exe
  2⤵
  PID:5756
- C:\Windows\System32\wBaYUcG.exe
  C:\Windows\System32\wBaYUcG.exe
  2⤵
  PID:5804
- C:\Windows\System32\wrEYOjA.exe
  C:\Windows\System32\wrEYOjA.exe
  2⤵
  PID:5904
- C:\Windows\System32\xYgOxsX.exe
  C:\Windows\System32\xYgOxsX.exe
  2⤵
  PID:5988
- C:\Windows\System32\GcHVNod.exe
  C:\Windows\System32\GcHVNod.exe
  2⤵
  PID:6020
- C:\Windows\System32\fABTLtn.exe
  C:\Windows\System32\fABTLtn.exe
  2⤵
  PID:6088
- C:\Windows\System32\ByexoTa.exe
  C:\Windows\System32\ByexoTa.exe
  2⤵
  PID:1540
- C:\Windows\System32\EnzRKoC.exe
  C:\Windows\System32\EnzRKoC.exe
  2⤵
  PID:4512
- C:\Windows\System32\NExUdGe.exe
  C:\Windows\System32\NExUdGe.exe
  2⤵
  PID:4904
- C:\Windows\System32\deyaSjX.exe
  C:\Windows\System32\deyaSjX.exe
  2⤵
  PID:5344
- C:\Windows\System32\OwTojbF.exe
  C:\Windows\System32\OwTojbF.exe
  2⤵
  PID:5460
- C:\Windows\System32\jJQVIbB.exe
  C:\Windows\System32\jJQVIbB.exe
  2⤵
  PID:5652
- C:\Windows\System32\CGoWcDk.exe
  C:\Windows\System32\CGoWcDk.exe
  2⤵
  PID:5820
- C:\Windows\System32\HuZpHtj.exe
  C:\Windows\System32\HuZpHtj.exe
  2⤵
  PID:5868
- C:\Windows\System32\lqaDGnx.exe
  C:\Windows\System32\lqaDGnx.exe
  2⤵
  PID:6016
- C:\Windows\System32\rmsPvKV.exe
  C:\Windows\System32\rmsPvKV.exe
  2⤵
  PID:2132
- C:\Windows\System32\rlXGStY.exe
  C:\Windows\System32\rlXGStY.exe
  2⤵
  PID:5332
- C:\Windows\System32\difWpRb.exe
  C:\Windows\System32\difWpRb.exe
  2⤵
  PID:5568
- C:\Windows\System32\NUQglXt.exe
  C:\Windows\System32\NUQglXt.exe
  2⤵
  PID:1112
- C:\Windows\System32\wXsqZky.exe
  C:\Windows\System32\wXsqZky.exe
  2⤵
  PID:6036
- C:\Windows\System32\uVYmAql.exe
  C:\Windows\System32\uVYmAql.exe
  2⤵
  PID:5220
- C:\Windows\System32\GqWAgKT.exe
  C:\Windows\System32\GqWAgKT.exe
  2⤵
  PID:5840
- C:\Windows\System32\Aforujw.exe
  C:\Windows\System32\Aforujw.exe
  2⤵
  PID:6164
- C:\Windows\System32\MtDVVkD.exe
  C:\Windows\System32\MtDVVkD.exe
  2⤵
  PID:6192
- C:\Windows\System32\whwYxvv.exe
  C:\Windows\System32\whwYxvv.exe
  2⤵
  PID:6220
- C:\Windows\System32\tCxNDmn.exe
  C:\Windows\System32\tCxNDmn.exe
  2⤵
  PID:6244
- C:\Windows\System32\UYFhgOG.exe
  C:\Windows\System32\UYFhgOG.exe
  2⤵
  PID:6276
- C:\Windows\System32\ndHiNSd.exe
  C:\Windows\System32\ndHiNSd.exe
  2⤵
  PID:6392
- C:\Windows\System32\XzdYPCX.exe
  C:\Windows\System32\XzdYPCX.exe
  2⤵
  PID:6432
- C:\Windows\System32\CnRddIY.exe
  C:\Windows\System32\CnRddIY.exe
  2⤵
  PID:6464
- C:\Windows\System32\XDErRpj.exe
  C:\Windows\System32\XDErRpj.exe
  2⤵
  PID:6484
- C:\Windows\System32\wkHiNLe.exe
  C:\Windows\System32\wkHiNLe.exe
  2⤵
  PID:6512
- C:\Windows\System32\hIpwToO.exe
  C:\Windows\System32\hIpwToO.exe
  2⤵
  PID:6544
- C:\Windows\System32\YJgZtqf.exe
  C:\Windows\System32\YJgZtqf.exe
  2⤵
  PID:6564
- C:\Windows\System32\mzgdSIN.exe
  C:\Windows\System32\mzgdSIN.exe
  2⤵
  PID:6644
- C:\Windows\System32\eikuwxW.exe
  C:\Windows\System32\eikuwxW.exe
  2⤵
  PID:6676
- C:\Windows\System32\VsObotF.exe
  C:\Windows\System32\VsObotF.exe
  2⤵
  PID:6700
- C:\Windows\System32\FKFHLUJ.exe
  C:\Windows\System32\FKFHLUJ.exe
  2⤵
  PID:6752
- C:\Windows\System32\UIYxhIR.exe
  C:\Windows\System32\UIYxhIR.exe
  2⤵
  PID:6768
- C:\Windows\System32\nQzcVDX.exe
  C:\Windows\System32\nQzcVDX.exe
  2⤵
  PID:6816
- C:\Windows\System32\mhnDXAy.exe
  C:\Windows\System32\mhnDXAy.exe
  2⤵
  PID:6956
- C:\Windows\System32\nCvgGgB.exe
  C:\Windows\System32\nCvgGgB.exe
  2⤵
  PID:6984
- C:\Windows\System32\iLxSaMd.exe
  C:\Windows\System32\iLxSaMd.exe
  2⤵
  PID:7028
- C:\Windows\System32\rQSypDV.exe
  C:\Windows\System32\rQSypDV.exe
  2⤵
  PID:7056
- C:\Windows\System32\bGjRQNZ.exe
  C:\Windows\System32\bGjRQNZ.exe
  2⤵
  PID:7084
- C:\Windows\System32\KekrnBR.exe
  C:\Windows\System32\KekrnBR.exe
  2⤵
  PID:7112
- C:\Windows\System32\czgitTf.exe
  C:\Windows\System32\czgitTf.exe
  2⤵
  PID:7156
- C:\Windows\System32\oqbFvNK.exe
  C:\Windows\System32\oqbFvNK.exe
  2⤵
  PID:4676
- C:\Windows\System32\wsQQaJF.exe
  C:\Windows\System32\wsQQaJF.exe
  2⤵
  PID:228
- C:\Windows\System32\RPAdJjI.exe
  C:\Windows\System32\RPAdJjI.exe
  2⤵
  PID:6172
- C:\Windows\System32\pPKCPZD.exe
  C:\Windows\System32\pPKCPZD.exe
  2⤵
  PID:4816
- C:\Windows\System32\CXRrOSv.exe
  C:\Windows\System32\CXRrOSv.exe
  2⤵
  PID:1092
- C:\Windows\System32\rztJUXc.exe
  C:\Windows\System32\rztJUXc.exe
  2⤵
  PID:6332
- C:\Windows\System32\gogBDlF.exe
  C:\Windows\System32\gogBDlF.exe
  2⤵
  PID:4572
- C:\Windows\System32\wqvtxsl.exe
  C:\Windows\System32\wqvtxsl.exe
  2⤵
  PID:5032
- C:\Windows\System32\KmmRFRF.exe
  C:\Windows\System32\KmmRFRF.exe
  2⤵
  PID:2956
- C:\Windows\System32\NKhSqTb.exe
  C:\Windows\System32\NKhSqTb.exe
  2⤵
  PID:3212
- C:\Windows\System32\SgozqfM.exe
  C:\Windows\System32\SgozqfM.exe
  2⤵
  PID:3344
- C:\Windows\System32\PEqhgfT.exe
  C:\Windows\System32\PEqhgfT.exe
  2⤵
  PID:6384
- C:\Windows\System32\QKlhZYC.exe
  C:\Windows\System32\QKlhZYC.exe
  2⤵
  PID:624
- C:\Windows\System32\QwNpiAW.exe
  C:\Windows\System32\QwNpiAW.exe
  2⤵
  PID:6424
- C:\Windows\System32\gvsQYSr.exe
  C:\Windows\System32\gvsQYSr.exe
  2⤵
  PID:6496
- C:\Windows\System32\pClKCNw.exe
  C:\Windows\System32\pClKCNw.exe
  2⤵
  PID:32
- C:\Windows\System32\oeyuETZ.exe
  C:\Windows\System32\oeyuETZ.exe
  2⤵
  PID:392
- C:\Windows\System32\HSCDzxP.exe
  C:\Windows\System32\HSCDzxP.exe
  2⤵
  PID:6356
- C:\Windows\System32\DOkCTNP.exe
  C:\Windows\System32\DOkCTNP.exe
  2⤵
  PID:6712
- C:\Windows\System32\whZXVjn.exe
  C:\Windows\System32\whZXVjn.exe
  2⤵
  PID:6764
- C:\Windows\System32\vawtPdz.exe
  C:\Windows\System32\vawtPdz.exe
  2⤵
  PID:6472
- C:\Windows\System32\kPdlhZI.exe
  C:\Windows\System32\kPdlhZI.exe
  2⤵
  PID:6840
- C:\Windows\System32\Xghcyoq.exe
  C:\Windows\System32\Xghcyoq.exe
  2⤵
  PID:6952
- C:\Windows\System32\pFbfkdD.exe
  C:\Windows\System32\pFbfkdD.exe
  2⤵
  PID:7012
- C:\Windows\System32\ZyqmgTz.exe
  C:\Windows\System32\ZyqmgTz.exe
  2⤵
  PID:6684
- C:\Windows\System32\onFIUIm.exe
  C:\Windows\System32\onFIUIm.exe
  2⤵
  PID:7136
- C:\Windows\System32\mgXGTsZ.exe
  C:\Windows\System32\mgXGTsZ.exe
  2⤵
  PID:5496
- C:\Windows\System32\uQwbrTJ.exe
  C:\Windows\System32\uQwbrTJ.exe
  2⤵
  PID:6228
- C:\Windows\System32\lVNHynY.exe
  C:\Windows\System32\lVNHynY.exe
  2⤵
  PID:6376
- C:\Windows\System32\MldtbXr.exe
  C:\Windows\System32\MldtbXr.exe
  2⤵
  PID:4880
- C:\Windows\System32\yGFpzsg.exe
  C:\Windows\System32\yGFpzsg.exe
  2⤵
  PID:4664
- C:\Windows\System32\wzHNcOP.exe
  C:\Windows\System32\wzHNcOP.exe
  2⤵
  PID:6412
- C:\Windows\System32\YcXKZTL.exe
  C:\Windows\System32\YcXKZTL.exe
  2⤵
  PID:6572
- C:\Windows\System32\nHpaNkA.exe
  C:\Windows\System32\nHpaNkA.exe
  2⤵
  PID:6656
- C:\Windows\System32\GugbJCv.exe
  C:\Windows\System32\GugbJCv.exe
  2⤵
  PID:6848
- C:\Windows\System32\sYWjiKg.exe
  C:\Windows\System32\sYWjiKg.exe
  2⤵
  PID:6976
- C:\Windows\System32\nXAGwQZ.exe
  C:\Windows\System32\nXAGwQZ.exe
  2⤵
  PID:7124
- C:\Windows\System32\UEJujXJ.exe
  C:\Windows\System32\UEJujXJ.exe
  2⤵
  PID:6200
- C:\Windows\System32\CtHpVFj.exe
  C:\Windows\System32\CtHpVFj.exe
  2⤵
  PID:6252
- C:\Windows\System32\JEJCykv.exe
  C:\Windows\System32\JEJCykv.exe
  2⤵
  PID:3332
- C:\Windows\System32\wCjJJiI.exe
  C:\Windows\System32\wCjJJiI.exe
  2⤵
  PID:6652
- C:\Windows\System32\sCnQcrq.exe
  C:\Windows\System32\sCnQcrq.exe
  2⤵
  PID:6828
- C:\Windows\System32\zmNInNa.exe
  C:\Windows\System32\zmNInNa.exe
  2⤵
  PID:1456
- C:\Windows\System32\rBWuYMZ.exe
  C:\Windows\System32\rBWuYMZ.exe
  2⤵
  PID:2924
- C:\Windows\System32\MgWFUHU.exe
  C:\Windows\System32\MgWFUHU.exe
  2⤵
  PID:6348
- C:\Windows\System32\uvqIODp.exe
  C:\Windows\System32\uvqIODp.exe
  2⤵
  PID:7176
- C:\Windows\System32\UtvRjRN.exe
  C:\Windows\System32\UtvRjRN.exe
  2⤵
  PID:7208
- C:\Windows\System32\XekkWSe.exe
  C:\Windows\System32\XekkWSe.exe
  2⤵
  PID:7232
- C:\Windows\System32\adJEicZ.exe
  C:\Windows\System32\adJEicZ.exe
  2⤵
  PID:7248
- C:\Windows\System32\kFQNkqu.exe
  C:\Windows\System32\kFQNkqu.exe
  2⤵
  PID:7264
- C:\Windows\System32\ZCYAbwb.exe
  C:\Windows\System32\ZCYAbwb.exe
  2⤵
  PID:7312
- C:\Windows\System32\ezWNLrm.exe
  C:\Windows\System32\ezWNLrm.exe
  2⤵
  PID:7344
- C:\Windows\System32\VXCndiR.exe
  C:\Windows\System32\VXCndiR.exe
  2⤵
  PID:7372
- C:\Windows\System32\OQXmMss.exe
  C:\Windows\System32\OQXmMss.exe
  2⤵
  PID:7392
- C:\Windows\System32\XxXfddc.exe
  C:\Windows\System32\XxXfddc.exe
  2⤵
  PID:7428
- C:\Windows\System32\JRHOcCR.exe
  C:\Windows\System32\JRHOcCR.exe
  2⤵
  PID:7460
- C:\Windows\System32\ZhTJJaL.exe
  C:\Windows\System32\ZhTJJaL.exe
  2⤵
  PID:7512
- C:\Windows\System32\ifdholt.exe
  C:\Windows\System32\ifdholt.exe
  2⤵
  PID:7528
- C:\Windows\System32\ouwMnYk.exe
  C:\Windows\System32\ouwMnYk.exe
  2⤵
  PID:7556
- C:\Windows\System32\qntHNdp.exe
  C:\Windows\System32\qntHNdp.exe
  2⤵
  PID:7584
- C:\Windows\System32\NBwgvSp.exe
  C:\Windows\System32\NBwgvSp.exe
  2⤵
  PID:7612
- C:\Windows\System32\OkFZddj.exe
  C:\Windows\System32\OkFZddj.exe
  2⤵
  PID:7640
- C:\Windows\System32\NNGYZfI.exe
  C:\Windows\System32\NNGYZfI.exe
  2⤵
  PID:7668
- C:\Windows\System32\CdWMAoK.exe
  C:\Windows\System32\CdWMAoK.exe
  2⤵
  PID:7692
- C:\Windows\System32\IoJGtTM.exe
  C:\Windows\System32\IoJGtTM.exe
  2⤵
  PID:7712
- C:\Windows\System32\MHaQuyC.exe
  C:\Windows\System32\MHaQuyC.exe
  2⤵
  PID:7740
- C:\Windows\System32\DawNvjP.exe
  C:\Windows\System32\DawNvjP.exe
  2⤵
  PID:7796
- C:\Windows\System32\xiWVtPw.exe
  C:\Windows\System32\xiWVtPw.exe
  2⤵
  PID:7812
- C:\Windows\System32\brbZHqN.exe
  C:\Windows\System32\brbZHqN.exe
  2⤵
  PID:7840
- C:\Windows\System32\YdQYWdJ.exe
  C:\Windows\System32\YdQYWdJ.exe
  2⤵
  PID:7860
- C:\Windows\System32\HfJpUhM.exe
  C:\Windows\System32\HfJpUhM.exe
  2⤵
  PID:7896
- C:\Windows\System32\fTiNLqn.exe
  C:\Windows\System32\fTiNLqn.exe
  2⤵
  PID:7920
- C:\Windows\System32\vqsWHLl.exe
  C:\Windows\System32\vqsWHLl.exe
  2⤵
  PID:7952
- C:\Windows\System32\nyrEPjl.exe
  C:\Windows\System32\nyrEPjl.exe
  2⤵
  PID:7980
- C:\Windows\System32\nFUuGkM.exe
  C:\Windows\System32\nFUuGkM.exe
  2⤵
  PID:8004
- C:\Windows\System32\kdqJANe.exe
  C:\Windows\System32\kdqJANe.exe
  2⤵
  PID:8044
- C:\Windows\System32\cnQMNHG.exe
  C:\Windows\System32\cnQMNHG.exe
  2⤵
  PID:8060
- C:\Windows\System32\ranOLgO.exe
  C:\Windows\System32\ranOLgO.exe
  2⤵
  PID:8104
- C:\Windows\System32\mnnoLme.exe
  C:\Windows\System32\mnnoLme.exe
  2⤵
  PID:8128
- C:\Windows\System32\xyaDAQd.exe
  C:\Windows\System32\xyaDAQd.exe
  2⤵
  PID:8164
- C:\Windows\System32\dwKsIZU.exe
  C:\Windows\System32\dwKsIZU.exe
  2⤵
  PID:8188
- C:\Windows\System32\lFdsYBQ.exe
  C:\Windows\System32\lFdsYBQ.exe
  2⤵
  PID:7196
- C:\Windows\System32\OVNfkLm.exe
  C:\Windows\System32\OVNfkLm.exe
  2⤵
  PID:7256
- C:\Windows\System32\xUoXrqu.exe
  C:\Windows\System32\xUoXrqu.exe
  2⤵
  PID:7320
- C:\Windows\System32\AWosKRJ.exe
  C:\Windows\System32\AWosKRJ.exe
  2⤵
  PID:7364
- C:\Windows\System32\jrdOAtI.exe
  C:\Windows\System32\jrdOAtI.exe
  2⤵
  PID:7440
- C:\Windows\System32\MPaGjKA.exe
  C:\Windows\System32\MPaGjKA.exe
  2⤵
  PID:7568
- C:\Windows\System32\spYNRIW.exe
  C:\Windows\System32\spYNRIW.exe
  2⤵
  PID:7632
- C:\Windows\System32\DJYMyKt.exe
  C:\Windows\System32\DJYMyKt.exe
  2⤵
  PID:7684
- C:\Windows\System32\hRAkIZR.exe
  C:\Windows\System32\hRAkIZR.exe
  2⤵
  PID:7764
- C:\Windows\System32\HRYiYOp.exe
  C:\Windows\System32\HRYiYOp.exe
  2⤵
  PID:7832
- C:\Windows\System32\wszXFJi.exe
  C:\Windows\System32\wszXFJi.exe
  2⤵
  PID:7892
- C:\Windows\System32\bTjVtcN.exe
  C:\Windows\System32\bTjVtcN.exe
  2⤵
  PID:7976
- C:\Windows\System32\Uhkthmn.exe
  C:\Windows\System32\Uhkthmn.exe
  2⤵
  PID:8000
- C:\Windows\System32\FWwHOdy.exe
  C:\Windows\System32\FWwHOdy.exe
  2⤵
  PID:8116
- C:\Windows\System32\iywCkpE.exe
  C:\Windows\System32\iywCkpE.exe
  2⤵
  PID:8184
- C:\Windows\System32\zDQJKeW.exe
  C:\Windows\System32\zDQJKeW.exe
  2⤵
  PID:7276
- C:\Windows\System32\SPLOqvy.exe
  C:\Windows\System32\SPLOqvy.exe
  2⤵
  PID:7352
- C:\Windows\System32\qoaBlXJ.exe
  C:\Windows\System32\qoaBlXJ.exe
  2⤵
  PID:7524
- C:\Windows\System32\ExzvefX.exe
  C:\Windows\System32\ExzvefX.exe
  2⤵
  PID:7728
- C:\Windows\System32\WOglvMG.exe
  C:\Windows\System32\WOglvMG.exe
  2⤵
  PID:7868
- C:\Windows\System32\UHXYNfC.exe
  C:\Windows\System32\UHXYNfC.exe
  2⤵
  PID:8092
- C:\Windows\System32\bYrwdXW.exe
  C:\Windows\System32\bYrwdXW.exe
  2⤵
  PID:7284
- C:\Windows\System32\SPKsDeh.exe
  C:\Windows\System32\SPKsDeh.exe
  2⤵
  PID:7604
- C:\Windows\System32\GICjwXa.exe
  C:\Windows\System32\GICjwXa.exe
  2⤵
  PID:7988
- C:\Windows\System32\AyvQoUP.exe
  C:\Windows\System32\AyvQoUP.exe
  2⤵
  PID:7804
- C:\Windows\System32\cNpCUtz.exe
  C:\Windows\System32\cNpCUtz.exe
  2⤵
  PID:7676
- C:\Windows\System32\TqCBjgZ.exe
  C:\Windows\System32\TqCBjgZ.exe
  2⤵
  PID:8208
- C:\Windows\System32\IuQIMgo.exe
  C:\Windows\System32\IuQIMgo.exe
  2⤵
  PID:8236
- C:\Windows\System32\bjAiouK.exe
  C:\Windows\System32\bjAiouK.exe
  2⤵
  PID:8264
- C:\Windows\System32\WLgCAxG.exe
  C:\Windows\System32\WLgCAxG.exe
  2⤵
  PID:8292
- C:\Windows\System32\aHpoVcR.exe
  C:\Windows\System32\aHpoVcR.exe
  2⤵
  PID:8320
- C:\Windows\System32\FDMcyHZ.exe
  C:\Windows\System32\FDMcyHZ.exe
  2⤵
  PID:8348
- C:\Windows\System32\uWvhuSb.exe
  C:\Windows\System32\uWvhuSb.exe
  2⤵
  PID:8364
- C:\Windows\System32\JJYsKid.exe
  C:\Windows\System32\JJYsKid.exe
  2⤵
  PID:8404
- C:\Windows\System32\woSSqBk.exe
  C:\Windows\System32\woSSqBk.exe
  2⤵
  PID:8432
- C:\Windows\System32\DHowfLf.exe
  C:\Windows\System32\DHowfLf.exe
  2⤵
  PID:8460
- C:\Windows\System32\ToeWmlb.exe
  C:\Windows\System32\ToeWmlb.exe
  2⤵
  PID:8488
- C:\Windows\System32\fpYomMq.exe
  C:\Windows\System32\fpYomMq.exe
  2⤵
  PID:8516
- C:\Windows\System32\ahKKnaf.exe
  C:\Windows\System32\ahKKnaf.exe
  2⤵
  PID:8544
- C:\Windows\System32\wHJZcPi.exe
  C:\Windows\System32\wHJZcPi.exe
  2⤵
  PID:8572
- C:\Windows\System32\tYKnHnW.exe
  C:\Windows\System32\tYKnHnW.exe
  2⤵
  PID:8600
- C:\Windows\System32\IchvykU.exe
  C:\Windows\System32\IchvykU.exe
  2⤵
  PID:8628
- C:\Windows\System32\SLLejAS.exe
  C:\Windows\System32\SLLejAS.exe
  2⤵
  PID:8656
- C:\Windows\System32\ehFVbdY.exe
  C:\Windows\System32\ehFVbdY.exe
  2⤵
  PID:8684
- C:\Windows\System32\CqZqEPY.exe
  C:\Windows\System32\CqZqEPY.exe
  2⤵
  PID:8712
- C:\Windows\System32\NDevxDw.exe
  C:\Windows\System32\NDevxDw.exe
  2⤵
  PID:8740
- C:\Windows\System32\YuvJUOU.exe
  C:\Windows\System32\YuvJUOU.exe
  2⤵
  PID:8756
- C:\Windows\System32\VjpFBQP.exe
  C:\Windows\System32\VjpFBQP.exe
  2⤵
  PID:8796
- C:\Windows\System32\OBQHDTN.exe
  C:\Windows\System32\OBQHDTN.exe
  2⤵
  PID:8828
- C:\Windows\System32\RPjEGkg.exe
  C:\Windows\System32\RPjEGkg.exe
  2⤵
  PID:8856
- C:\Windows\System32\NtYivgV.exe
  C:\Windows\System32\NtYivgV.exe
  2⤵
  PID:8884
- C:\Windows\System32\LxVlJil.exe
  C:\Windows\System32\LxVlJil.exe
  2⤵
  PID:8912
- C:\Windows\System32\aMKdsit.exe
  C:\Windows\System32\aMKdsit.exe
  2⤵
  PID:8944
- C:\Windows\System32\HGkrUUw.exe
  C:\Windows\System32\HGkrUUw.exe
  2⤵
  PID:8972
- C:\Windows\System32\KhFNvUI.exe
  C:\Windows\System32\KhFNvUI.exe
  2⤵
  PID:9008
- C:\Windows\System32\lWzNkLM.exe
  C:\Windows\System32\lWzNkLM.exe
  2⤵
  PID:9036
- C:\Windows\System32\HGIJyxg.exe
  C:\Windows\System32\HGIJyxg.exe
  2⤵
  PID:9064
- C:\Windows\System32\gGUEnCu.exe
  C:\Windows\System32\gGUEnCu.exe
  2⤵
  PID:9092
- C:\Windows\System32\bPVaaHi.exe
  C:\Windows\System32\bPVaaHi.exe
  2⤵
  PID:9120
- C:\Windows\System32\IOPqSKo.exe
  C:\Windows\System32\IOPqSKo.exe
  2⤵
  PID:9140
- C:\Windows\System32\MxbwmGe.exe
  C:\Windows\System32\MxbwmGe.exe
  2⤵
  PID:9180
- C:\Windows\System32\JEdiSZt.exe
  C:\Windows\System32\JEdiSZt.exe
  2⤵
  PID:9212
- C:\Windows\System32\PEifEts.exe
  C:\Windows\System32\PEifEts.exe
  2⤵
  PID:8248
- C:\Windows\System32\KWpjzxT.exe
  C:\Windows\System32\KWpjzxT.exe
  2⤵
  PID:8332
- C:\Windows\System32\ivAobHb.exe
  C:\Windows\System32\ivAobHb.exe
  2⤵
  PID:8376
- C:\Windows\System32\jAnFJpb.exe
  C:\Windows\System32\jAnFJpb.exe
  2⤵
  PID:8448
- C:\Windows\System32\TwCJowO.exe
  C:\Windows\System32\TwCJowO.exe
  2⤵
  PID:8508
- C:\Windows\System32\LxnnGve.exe
  C:\Windows\System32\LxnnGve.exe
  2⤵
  PID:8564
- C:\Windows\System32\jHYqyQj.exe
  C:\Windows\System32\jHYqyQj.exe
  2⤵
  PID:8644
- C:\Windows\System32\CUBSIfn.exe
  C:\Windows\System32\CUBSIfn.exe
  2⤵
  PID:8708
- C:\Windows\System32\qBCTfHP.exe
  C:\Windows\System32\qBCTfHP.exe
  2⤵
  PID:8016
- C:\Windows\System32\nSToyzP.exe
  C:\Windows\System32\nSToyzP.exe
  2⤵
  PID:8840
- C:\Windows\System32\BpXodMx.exe
  C:\Windows\System32\BpXodMx.exe
  2⤵
  PID:7824
- C:\Windows\System32\rZlVnor.exe
  C:\Windows\System32\rZlVnor.exe
  2⤵
  PID:8956
- C:\Windows\System32\fdAdTyy.exe
  C:\Windows\System32\fdAdTyy.exe
  2⤵
  PID:9028
- C:\Windows\System32\PAIyRqp.exe
  C:\Windows\System32\PAIyRqp.exe
  2⤵
  PID:9084
- C:\Windows\System32\IadrWjr.exe
  C:\Windows\System32\IadrWjr.exe
  2⤵
  PID:9160
- C:\Windows\System32\BIZyUdP.exe
  C:\Windows\System32\BIZyUdP.exe
  2⤵
  PID:8232
- C:\Windows\System32\zUurgaG.exe
  C:\Windows\System32\zUurgaG.exe
  2⤵
  PID:8360
- C:\Windows\System32\fmXDeMU.exe
  C:\Windows\System32\fmXDeMU.exe
  2⤵
  PID:8540
- C:\Windows\System32\cKtBYSr.exe
  C:\Windows\System32\cKtBYSr.exe
  2⤵
  PID:8680
- C:\Windows\System32\lBAGfMd.exe
  C:\Windows\System32\lBAGfMd.exe
  2⤵
  PID:8880
- C:\Windows\System32\lrpMRbj.exe
  C:\Windows\System32\lrpMRbj.exe
  2⤵
  PID:8992
- C:\Windows\System32\UMQrMsx.exe
  C:\Windows\System32\UMQrMsx.exe
  2⤵
  PID:9136
- C:\Windows\System32\tWYrmBy.exe
  C:\Windows\System32\tWYrmBy.exe
  2⤵
  PID:8428
- C:\Windows\System32\RXJZRfm.exe
  C:\Windows\System32\RXJZRfm.exe
  2⤵
  PID:8816
- C:\Windows\System32\OJnFmZR.exe
  C:\Windows\System32\OJnFmZR.exe
  2⤵
  PID:8220
- C:\Windows\System32\oXTTCLI.exe
  C:\Windows\System32\oXTTCLI.exe
  2⤵
  PID:9100
- C:\Windows\System32\itSDZZC.exe
  C:\Windows\System32\itSDZZC.exe
  2⤵
  PID:8996
- C:\Windows\System32\oLRoGhe.exe
  C:\Windows\System32\oLRoGhe.exe
  2⤵
  PID:9244
- C:\Windows\System32\MwLlZep.exe
  C:\Windows\System32\MwLlZep.exe
  2⤵
  PID:9284
- C:\Windows\System32\YfPKiGj.exe
  C:\Windows\System32\YfPKiGj.exe
  2⤵
  PID:9312
- C:\Windows\System32\AURhtYM.exe
  C:\Windows\System32\AURhtYM.exe
  2⤵
  PID:9340
- C:\Windows\System32\eTupcPo.exe
  C:\Windows\System32\eTupcPo.exe
  2⤵
  PID:9368
- C:\Windows\System32\wnVghiJ.exe
  C:\Windows\System32\wnVghiJ.exe
  2⤵
  PID:9400
- C:\Windows\System32\lZyedwo.exe
  C:\Windows\System32\lZyedwo.exe
  2⤵
  PID:9432
- C:\Windows\System32\vkmBOST.exe
  C:\Windows\System32\vkmBOST.exe
  2⤵
  PID:9464
- C:\Windows\System32\cazOyhF.exe
  C:\Windows\System32\cazOyhF.exe
  2⤵
  PID:9492
- C:\Windows\System32\SuMhBKp.exe
  C:\Windows\System32\SuMhBKp.exe
  2⤵
  PID:9520
- C:\Windows\System32\VBKhuwu.exe
  C:\Windows\System32\VBKhuwu.exe
  2⤵
  PID:9548
- C:\Windows\System32\KRDoAlP.exe
  C:\Windows\System32\KRDoAlP.exe
  2⤵
  PID:9576
- C:\Windows\System32\HqvaiCF.exe
  C:\Windows\System32\HqvaiCF.exe
  2⤵
  PID:9604
- C:\Windows\System32\xcqtgtz.exe
  C:\Windows\System32\xcqtgtz.exe
  2⤵
  PID:9640
- C:\Windows\System32\ceStecW.exe
  C:\Windows\System32\ceStecW.exe
  2⤵
  PID:9660
- C:\Windows\System32\rnboOSB.exe
  C:\Windows\System32\rnboOSB.exe
  2⤵
  PID:9688
- C:\Windows\System32\LNiGhMn.exe
  C:\Windows\System32\LNiGhMn.exe
  2⤵
  PID:9716
- C:\Windows\System32\HEXrQHv.exe
  C:\Windows\System32\HEXrQHv.exe
  2⤵
  PID:9732
- C:\Windows\System32\yfznghY.exe
  C:\Windows\System32\yfznghY.exe
  2⤵
  PID:9760
- C:\Windows\System32\OVbVfXS.exe
  C:\Windows\System32\OVbVfXS.exe
  2⤵
  PID:9784
- C:\Windows\System32\ObQLNWP.exe
  C:\Windows\System32\ObQLNWP.exe
  2⤵
  PID:9828
- C:\Windows\System32\gxBOhIT.exe
  C:\Windows\System32\gxBOhIT.exe
  2⤵
  PID:9848
- C:\Windows\System32\EXbFhPZ.exe
  C:\Windows\System32\EXbFhPZ.exe
  2⤵
  PID:9880
- C:\Windows\System32\EqqOSZL.exe
  C:\Windows\System32\EqqOSZL.exe
  2⤵
  PID:9916
- C:\Windows\System32\KonaDef.exe
  C:\Windows\System32\KonaDef.exe
  2⤵
  PID:9944
- C:\Windows\System32\npngcfz.exe
  C:\Windows\System32\npngcfz.exe
  2⤵
  PID:9972
- C:\Windows\System32\PWfKEbj.exe
  C:\Windows\System32\PWfKEbj.exe
  2⤵
  PID:10000
- C:\Windows\System32\xolXwaq.exe
  C:\Windows\System32\xolXwaq.exe
  2⤵
  PID:10028
- C:\Windows\System32\vONaTaw.exe
  C:\Windows\System32\vONaTaw.exe
  2⤵
  PID:10056
- C:\Windows\System32\fvUFYzf.exe
  C:\Windows\System32\fvUFYzf.exe
  2⤵
  PID:10088
- C:\Windows\System32\QriBgOg.exe
  C:\Windows\System32\QriBgOg.exe
  2⤵
  PID:10116
- C:\Windows\System32\LAZCuae.exe
  C:\Windows\System32\LAZCuae.exe
  2⤵
  PID:10144
- C:\Windows\System32\EUQWaFj.exe
  C:\Windows\System32\EUQWaFj.exe
  2⤵
  PID:10172
- C:\Windows\System32\fRVKwvu.exe
  C:\Windows\System32\fRVKwvu.exe
  2⤵
  PID:10200
- C:\Windows\System32\jMNlIzg.exe
  C:\Windows\System32\jMNlIzg.exe
  2⤵
  PID:10228
- C:\Windows\System32\qgIBBjy.exe
  C:\Windows\System32\qgIBBjy.exe
  2⤵
  PID:9240
- C:\Windows\System32\NmJObjh.exe
  C:\Windows\System32\NmJObjh.exe
  2⤵
  PID:9308
- C:\Windows\System32\URPPQRK.exe
  C:\Windows\System32\URPPQRK.exe
  2⤵
  PID:9380
- C:\Windows\System32\JAinqUf.exe
  C:\Windows\System32\JAinqUf.exe
  2⤵
  PID:9456
- C:\Windows\System32\frPgnpY.exe
  C:\Windows\System32\frPgnpY.exe
  2⤵
  PID:9540
- C:\Windows\System32\nYNBfwT.exe
  C:\Windows\System32\nYNBfwT.exe
  2⤵
  PID:9628
- C:\Windows\System32\iItJdTl.exe
  C:\Windows\System32\iItJdTl.exe
  2⤵
  PID:9740
- C:\Windows\System32\uCgpAFI.exe
  C:\Windows\System32\uCgpAFI.exe
  2⤵
  PID:9812
- C:\Windows\System32\JEkCstL.exe
  C:\Windows\System32\JEkCstL.exe
  2⤵
  PID:9844
- C:\Windows\System32\plbwEyV.exe
  C:\Windows\System32\plbwEyV.exe
  2⤵
  PID:9900
- C:\Windows\System32\HDfRuzH.exe
  C:\Windows\System32\HDfRuzH.exe
  2⤵
  PID:9992
- C:\Windows\System32\TLdBuOk.exe
  C:\Windows\System32\TLdBuOk.exe
  2⤵
  PID:10128
- C:\Windows\System32\dnrHfLv.exe
  C:\Windows\System32\dnrHfLv.exe
  2⤵
  PID:10168
- C:\Windows\System32\JomsHrD.exe
  C:\Windows\System32\JomsHrD.exe
  2⤵
  PID:9228
- C:\Windows\System32\TSoRbin.exe
  C:\Windows\System32\TSoRbin.exe
  2⤵
  PID:9360
- C:\Windows\System32\bIGTbQq.exe
  C:\Windows\System32\bIGTbQq.exe
  2⤵
  PID:9504
- C:\Windows\System32\hLAnzLf.exe
  C:\Windows\System32\hLAnzLf.exe
  2⤵
  PID:9700
- C:\Windows\System32\ndJUVfd.exe
  C:\Windows\System32\ndJUVfd.exe
  2⤵
  PID:9932
- C:\Windows\System32\rRnsiyL.exe
  C:\Windows\System32\rRnsiyL.exe
  2⤵
  PID:10112
- C:\Windows\System32\IeYShdj.exe
  C:\Windows\System32\IeYShdj.exe
  2⤵
  PID:9232
- C:\Windows\System32\NgvUTrl.exe
  C:\Windows\System32\NgvUTrl.exe
  2⤵
  PID:9416
- C:\Windows\System32\fMWCOeP.exe
  C:\Windows\System32\fMWCOeP.exe
  2⤵
  PID:10220
- C:\Windows\System32\QZWfHKW.exe
  C:\Windows\System32\QZWfHKW.exe
  2⤵
  PID:9984
- C:\Windows\System32\woExSZi.exe
  C:\Windows\System32\woExSZi.exe
  2⤵
  PID:10244
- C:\Windows\System32\SrjQCaz.exe
  C:\Windows\System32\SrjQCaz.exe
  2⤵
  PID:10268
- C:\Windows\System32\ZrZynei.exe
  C:\Windows\System32\ZrZynei.exe
  2⤵
  PID:10308
- C:\Windows\System32\BWVXtAW.exe
  C:\Windows\System32\BWVXtAW.exe
  2⤵
  PID:10336
- C:\Windows\System32\AyCccZS.exe
  C:\Windows\System32\AyCccZS.exe
  2⤵
  PID:10352
- C:\Windows\System32\LKuKkkz.exe
  C:\Windows\System32\LKuKkkz.exe
  2⤵
  PID:10392
- C:\Windows\System32\cjBCdWg.exe
  C:\Windows\System32\cjBCdWg.exe
  2⤵
  PID:10420
- C:\Windows\System32\OurjLkp.exe
  C:\Windows\System32\OurjLkp.exe
  2⤵
  PID:10448
- C:\Windows\System32\CGGAJMp.exe
  C:\Windows\System32\CGGAJMp.exe
  2⤵
  PID:10476
- C:\Windows\System32\HdMeucW.exe
  C:\Windows\System32\HdMeucW.exe
  2⤵
  PID:10504
- C:\Windows\System32\vzXBrUJ.exe
  C:\Windows\System32\vzXBrUJ.exe
  2⤵
  PID:10532
- C:\Windows\System32\dNyPtFv.exe
  C:\Windows\System32\dNyPtFv.exe
  2⤵
  PID:10564
- C:\Windows\System32\ycNCTFo.exe
  C:\Windows\System32\ycNCTFo.exe
  2⤵
  PID:10592
- C:\Windows\System32\DSaRCeh.exe
  C:\Windows\System32\DSaRCeh.exe
  2⤵
  PID:10624
- C:\Windows\System32\iCkJjgE.exe
  C:\Windows\System32\iCkJjgE.exe
  2⤵
  PID:10652
- C:\Windows\System32\uMoSXZn.exe
  C:\Windows\System32\uMoSXZn.exe
  2⤵
  PID:10684
- C:\Windows\System32\VOMpOTk.exe
  C:\Windows\System32\VOMpOTk.exe
  2⤵
  PID:10712
- C:\Windows\System32\mWekpEv.exe
  C:\Windows\System32\mWekpEv.exe
  2⤵
  PID:10744
- C:\Windows\System32\lfHzFrU.exe
  C:\Windows\System32\lfHzFrU.exe
  2⤵
  PID:10772
- C:\Windows\System32\sxldVmW.exe
  C:\Windows\System32\sxldVmW.exe
  2⤵
  PID:10808
- C:\Windows\System32\lFVIHqq.exe
  C:\Windows\System32\lFVIHqq.exe
  2⤵
  PID:10836
- C:\Windows\System32\IZFdfFX.exe
  C:\Windows\System32\IZFdfFX.exe
  2⤵
  PID:10864
- C:\Windows\System32\dJrJRVQ.exe
  C:\Windows\System32\dJrJRVQ.exe
  2⤵
  PID:10892
- C:\Windows\System32\qKCSYbs.exe
  C:\Windows\System32\qKCSYbs.exe
  2⤵
  PID:10936
- C:\Windows\System32\FcVDqyj.exe
  C:\Windows\System32\FcVDqyj.exe
  2⤵
  PID:10964
- C:\Windows\System32\sFMFdmE.exe
  C:\Windows\System32\sFMFdmE.exe
  2⤵
  PID:11004
- C:\Windows\System32\MfIJYkX.exe
  C:\Windows\System32\MfIJYkX.exe
  2⤵
  PID:11048
- C:\Windows\System32\cvySLEJ.exe
  C:\Windows\System32\cvySLEJ.exe
  2⤵
  PID:11104
- C:\Windows\System32\frbjUxQ.exe
  C:\Windows\System32\frbjUxQ.exe
  2⤵
  PID:11136
- C:\Windows\System32\ptZJZYG.exe
  C:\Windows\System32\ptZJZYG.exe
  2⤵
  PID:11152
- C:\Windows\System32\tKHVcxw.exe
  C:\Windows\System32\tKHVcxw.exe
  2⤵
  PID:11192
- C:\Windows\System32\iixQXdx.exe
  C:\Windows\System32\iixQXdx.exe
  2⤵
  PID:11224
- C:\Windows\System32\JKRCcoI.exe
  C:\Windows\System32\JKRCcoI.exe
  2⤵
  PID:11252
- C:\Windows\System32\lNnvUcq.exe
  C:\Windows\System32\lNnvUcq.exe
  2⤵
  PID:10320
- C:\Windows\System32\RGwrtSg.exe
  C:\Windows\System32\RGwrtSg.exe
  2⤵
  PID:10412
- C:\Windows\System32\XjoUmXk.exe
  C:\Windows\System32\XjoUmXk.exe
  2⤵
  PID:10496
- C:\Windows\System32\IoqfSrw.exe
  C:\Windows\System32\IoqfSrw.exe
  2⤵
  PID:10576
- C:\Windows\System32\KMHTPVG.exe
  C:\Windows\System32\KMHTPVG.exe
  2⤵
  PID:10680
- C:\Windows\System32\LypgyEB.exe
  C:\Windows\System32\LypgyEB.exe
  2⤵
  PID:10764
- C:\Windows\System32\EYsTxpm.exe
  C:\Windows\System32\EYsTxpm.exe
  2⤵
  PID:10848
- C:\Windows\System32\FUYOjbe.exe
  C:\Windows\System32\FUYOjbe.exe
  2⤵
  PID:10956
- C:\Windows\System32\ygQSTrK.exe
  C:\Windows\System32\ygQSTrK.exe
  2⤵
  PID:10988
- C:\Windows\System32\DwGfkLF.exe
  C:\Windows\System32\DwGfkLF.exe
  2⤵
  PID:11132
- C:\Windows\System32\lxbqhHB.exe
  C:\Windows\System32\lxbqhHB.exe
  2⤵
  PID:11168
- C:\Windows\System32\VIUOfab.exe
  C:\Windows\System32\VIUOfab.exe
  2⤵
  PID:10332
- C:\Windows\System32\KdugkYL.exe
  C:\Windows\System32\KdugkYL.exe
  2⤵
  PID:9912
- C:\Windows\System32\PoDJXIE.exe
  C:\Windows\System32\PoDJXIE.exe
  2⤵
  PID:10740
- C:\Windows\System32\mkmKVGF.exe
  C:\Windows\System32\mkmKVGF.exe
  2⤵
  PID:10976
- C:\Windows\System32\dKoXPLl.exe
  C:\Windows\System32\dKoXPLl.exe
  2⤵
  PID:10732
- C:\Windows\System32\DaCFYpT.exe
  C:\Windows\System32\DaCFYpT.exe
  2⤵
  PID:10932
- C:\Windows\System32\SGHvqYs.exe
  C:\Windows\System32\SGHvqYs.exe
  2⤵
  PID:3152
- C:\Windows\System32\zfgKOYQ.exe
  C:\Windows\System32\zfgKOYQ.exe
  2⤵
  PID:1176
- C:\Windows\System32\loJltQe.exe
  C:\Windows\System32\loJltQe.exe
  2⤵
  PID:11292
- C:\Windows\System32\kpiGmKo.exe
  C:\Windows\System32\kpiGmKo.exe
  2⤵
  PID:11320
- C:\Windows\System32\DRkGAzl.exe
  C:\Windows\System32\DRkGAzl.exe
  2⤵
  PID:11352
- C:\Windows\System32\QsdKnAQ.exe
  C:\Windows\System32\QsdKnAQ.exe
  2⤵
  PID:11380
- C:\Windows\System32\GakQtDu.exe
  C:\Windows\System32\GakQtDu.exe
  2⤵
  PID:11408
- C:\Windows\System32\YFaQnxv.exe
  C:\Windows\System32\YFaQnxv.exe
  2⤵
  PID:11428
- C:\Windows\System32\icGCqgy.exe
  C:\Windows\System32\icGCqgy.exe
  2⤵
  PID:11448
- C:\Windows\System32\zIVsEsu.exe
  C:\Windows\System32\zIVsEsu.exe
  2⤵
  PID:11476
- C:\Windows\System32\mqLXwUZ.exe
  C:\Windows\System32\mqLXwUZ.exe
  2⤵
  PID:11528
- C:\Windows\System32\CwWiXAu.exe
  C:\Windows\System32\CwWiXAu.exe
  2⤵
  PID:11556
- C:\Windows\System32\JqQmptb.exe
  C:\Windows\System32\JqQmptb.exe
  2⤵
  PID:11576
- C:\Windows\System32\HkdMdDK.exe
  C:\Windows\System32\HkdMdDK.exe
  2⤵
  PID:11600
- C:\Windows\System32\cHknJXB.exe
  C:\Windows\System32\cHknJXB.exe
  2⤵
  PID:11616
- C:\Windows\System32\RHQzqSc.exe
  C:\Windows\System32\RHQzqSc.exe
  2⤵
  PID:11636
- C:\Windows\System32\JgwKloW.exe
  C:\Windows\System32\JgwKloW.exe
  2⤵
  PID:11672
- C:\Windows\System32\LlmYeMm.exe
  C:\Windows\System32\LlmYeMm.exe
  2⤵
  PID:11700
- C:\Windows\System32\pCsWYic.exe
  C:\Windows\System32\pCsWYic.exe
  2⤵
  PID:11736
- C:\Windows\System32\oOFRzmO.exe
  C:\Windows\System32\oOFRzmO.exe
  2⤵
  PID:11780
- C:\Windows\System32\aFOUFAw.exe
  C:\Windows\System32\aFOUFAw.exe
  2⤵
  PID:11808
- C:\Windows\System32\WWtbnrt.exe
  C:\Windows\System32\WWtbnrt.exe
  2⤵
  PID:11836
- C:\Windows\System32\coFmgLA.exe
  C:\Windows\System32\coFmgLA.exe
  2⤵
  PID:11864
- C:\Windows\System32\bAZthow.exe
  C:\Windows\System32\bAZthow.exe
  2⤵
  PID:11892
- C:\Windows\System32\VXirKwr.exe
  C:\Windows\System32\VXirKwr.exe
  2⤵
  PID:11920
- C:\Windows\System32\FODPDFU.exe
  C:\Windows\System32\FODPDFU.exe
  2⤵
  PID:11952
- C:\Windows\System32\cfnDgYj.exe
  C:\Windows\System32\cfnDgYj.exe
  2⤵
  PID:11980
- C:\Windows\System32\qiFofDh.exe
  C:\Windows\System32\qiFofDh.exe
  2⤵
  PID:12008
- C:\Windows\System32\XFkrRoQ.exe
  C:\Windows\System32\XFkrRoQ.exe
  2⤵
  PID:12036
- C:\Windows\System32\zjbApPd.exe
  C:\Windows\System32\zjbApPd.exe
  2⤵
  PID:12064
- C:\Windows\System32\xhClruU.exe
  C:\Windows\System32\xhClruU.exe
  2⤵
  PID:12092
- C:\Windows\System32\nAsRddO.exe
  C:\Windows\System32\nAsRddO.exe
  2⤵
  PID:12120
- C:\Windows\System32\AVetEeb.exe
  C:\Windows\System32\AVetEeb.exe
  2⤵
  PID:12148
- C:\Windows\System32\SdpAkLm.exe
  C:\Windows\System32\SdpAkLm.exe
  2⤵
  PID:12176
- C:\Windows\System32\PlxMrIO.exe
  C:\Windows\System32\PlxMrIO.exe
  2⤵
  PID:12204
- C:\Windows\System32\ouyhZFy.exe
  C:\Windows\System32\ouyhZFy.exe
  2⤵
  PID:12232
- C:\Windows\System32\PLcvPHg.exe
  C:\Windows\System32\PLcvPHg.exe
  2⤵
  PID:12260
- C:\Windows\System32\KwOKcbN.exe
  C:\Windows\System32\KwOKcbN.exe
  2⤵
  PID:3928
- C:\Windows\System32\cjrMFDQ.exe
  C:\Windows\System32\cjrMFDQ.exe
  2⤵
  PID:11332
- C:\Windows\System32\zJSDPku.exe
  C:\Windows\System32\zJSDPku.exe
  2⤵
  PID:11404
- C:\Windows\System32\HIeIOcz.exe
  C:\Windows\System32\HIeIOcz.exe
  2⤵
  PID:11468
- C:\Windows\System32\DUwSWvJ.exe
  C:\Windows\System32\DUwSWvJ.exe
  2⤵
  PID:11548
- C:\Windows\System32\UAxaCOD.exe
  C:\Windows\System32\UAxaCOD.exe
  2⤵
  PID:11592
- C:\Windows\System32\RDHHGTU.exe
  C:\Windows\System32\RDHHGTU.exe
  2⤵
  PID:11664
- C:\Windows\System32\EUMvmoT.exe
  C:\Windows\System32\EUMvmoT.exe
  2⤵
  PID:11712
- C:\Windows\System32\anhiqmO.exe
  C:\Windows\System32\anhiqmO.exe
  2⤵
  PID:11760
- C:\Windows\System32\SYwyyqa.exe
  C:\Windows\System32\SYwyyqa.exe
  2⤵
  PID:11832
- C:\Windows\System32\PyPgfNr.exe
  C:\Windows\System32\PyPgfNr.exe
  2⤵
  PID:11888
- C:\Windows\System32\ZXlBapk.exe
  C:\Windows\System32\ZXlBapk.exe
  2⤵
  PID:11936
- C:\Windows\System32\jFDPtvz.exe
  C:\Windows\System32\jFDPtvz.exe
  2⤵
  PID:11992
- C:\Windows\System32\SOIOJog.exe
  C:\Windows\System32\SOIOJog.exe
  2⤵
  PID:12056
- C:\Windows\System32\gwlctcZ.exe
  C:\Windows\System32\gwlctcZ.exe
  2⤵
  PID:12104
- C:\Windows\System32\pONRbIa.exe
  C:\Windows\System32\pONRbIa.exe
  2⤵
  PID:12160
- C:\Windows\System32\ijlhtWS.exe
  C:\Windows\System32\ijlhtWS.exe
  2⤵
  PID:12244
- C:\Windows\System32\ysbIQFG.exe
  C:\Windows\System32\ysbIQFG.exe
  2⤵
  PID:11372
- C:\Windows\System32\uAuuIGi.exe
  C:\Windows\System32\uAuuIGi.exe
  2⤵
  PID:11504
- C:\Windows\System32\pTWGQCw.exe
  C:\Windows\System32\pTWGQCw.exe
  2⤵
  PID:11720
- C:\Windows\System32\RngNkxX.exe
  C:\Windows\System32\RngNkxX.exe
  2⤵
  PID:12028
- C:\Windows\System32\KrZZIyG.exe
  C:\Windows\System32\KrZZIyG.exe
  2⤵
  PID:12020
- C:\Windows\System32\JDiLmLE.exe
  C:\Windows\System32\JDiLmLE.exe
  2⤵
  PID:12200
- C:\Windows\System32\ySlpMgQ.exe
  C:\Windows\System32\ySlpMgQ.exe
  2⤵
  PID:11572
- C:\Windows\System32\vWOdzzp.exe
  C:\Windows\System32\vWOdzzp.exe
  2⤵
  PID:11848
- C:\Windows\System32\ChgdWKU.exe
  C:\Windows\System32\ChgdWKU.exe
  2⤵
  PID:11312
- C:\Windows\System32\fovcgsi.exe
  C:\Windows\System32\fovcgsi.exe
  2⤵
  PID:11972
- C:\Windows\System32\LYhIIxb.exe
  C:\Windows\System32\LYhIIxb.exe
  2⤵
  PID:12084
- C:\Windows\System32\TvKOTFI.exe
  C:\Windows\System32\TvKOTFI.exe
  2⤵
  PID:12308
- C:\Windows\System32\AWDOPlx.exe
  C:\Windows\System32\AWDOPlx.exe
  2⤵
  PID:12336
- C:\Windows\System32\igOQfLH.exe
  C:\Windows\System32\igOQfLH.exe
  2⤵
  PID:12364
- C:\Windows\System32\osBEajt.exe
  C:\Windows\System32\osBEajt.exe
  2⤵
  PID:12392
- C:\Windows\System32\XDldSBp.exe
  C:\Windows\System32\XDldSBp.exe
  2⤵
  PID:12420
- C:\Windows\System32\bbGENXI.exe
  C:\Windows\System32\bbGENXI.exe
  2⤵
  PID:12448
- C:\Windows\System32\PwZLeST.exe
  C:\Windows\System32\PwZLeST.exe
  2⤵
  PID:12476
- C:\Windows\System32\ZnpuOcc.exe
  C:\Windows\System32\ZnpuOcc.exe
  2⤵
  PID:12504
- C:\Windows\System32\RmfUUSn.exe
  C:\Windows\System32\RmfUUSn.exe
  2⤵
  PID:12532
- C:\Windows\System32\BLBRdmo.exe
  C:\Windows\System32\BLBRdmo.exe
  2⤵
  PID:12560
- C:\Windows\System32\lvAAxBF.exe
  C:\Windows\System32\lvAAxBF.exe
  2⤵
  PID:12588
- C:\Windows\System32\VLCOXFF.exe
  C:\Windows\System32\VLCOXFF.exe
  2⤵
  PID:12616
- C:\Windows\System32\YveGRHy.exe
  C:\Windows\System32\YveGRHy.exe
  2⤵
  PID:12644
- C:\Windows\System32\TAchlhe.exe
  C:\Windows\System32\TAchlhe.exe
  2⤵
  PID:12680
- C:\Windows\System32\FhPzkQV.exe
  C:\Windows\System32\FhPzkQV.exe
  2⤵
  PID:12736
- C:\Windows\System32\TRcbmUK.exe
  C:\Windows\System32\TRcbmUK.exe
  2⤵
  PID:12764
- C:\Windows\System32\QDAknMU.exe
  C:\Windows\System32\QDAknMU.exe
  2⤵
  PID:12792
- C:\Windows\System32\vSjPklq.exe
  C:\Windows\System32\vSjPklq.exe
  2⤵
  PID:12820
- C:\Windows\System32\PdBfAmv.exe
  C:\Windows\System32\PdBfAmv.exe
  2⤵
  PID:12848
- C:\Windows\System32\AXyZzmt.exe
  C:\Windows\System32\AXyZzmt.exe
  2⤵
  PID:12876
- C:\Windows\System32\aFJkHKx.exe
  C:\Windows\System32\aFJkHKx.exe
  2⤵
  PID:12904
- C:\Windows\System32\UssndXt.exe
  C:\Windows\System32\UssndXt.exe
  2⤵
  PID:12932
- C:\Windows\System32\cegpMlC.exe
  C:\Windows\System32\cegpMlC.exe
  2⤵
  PID:12960
- C:\Windows\System32\gQjLDmh.exe
  C:\Windows\System32\gQjLDmh.exe
  2⤵
  PID:12988
- C:\Windows\System32\clExGRK.exe
  C:\Windows\System32\clExGRK.exe
  2⤵
  PID:13016
- C:\Windows\System32\wsvxghf.exe
  C:\Windows\System32\wsvxghf.exe
  2⤵
  PID:13044
- C:\Windows\System32\MtRjqVs.exe
  C:\Windows\System32\MtRjqVs.exe
  2⤵
  PID:13072
- C:\Windows\System32\YbEpUlj.exe
  C:\Windows\System32\YbEpUlj.exe
  2⤵
  PID:13100
- C:\Windows\System32\JDjPJbW.exe
  C:\Windows\System32\JDjPJbW.exe
  2⤵
  PID:13128
- C:\Windows\System32\cvVgNRO.exe
  C:\Windows\System32\cvVgNRO.exe
  2⤵
  PID:13156
- C:\Windows\System32\ubfIIFy.exe
  C:\Windows\System32\ubfIIFy.exe
  2⤵
  PID:13184
- C:\Windows\System32\wcDBxQG.exe
  C:\Windows\System32\wcDBxQG.exe
  2⤵
  PID:13212
- C:\Windows\System32\fwoCogl.exe
  C:\Windows\System32\fwoCogl.exe
  2⤵
  PID:13244
- C:\Windows\System32\TRwqLgy.exe
  C:\Windows\System32\TRwqLgy.exe
  2⤵
  PID:13272
- C:\Windows\System32\whAOwqI.exe
  C:\Windows\System32\whAOwqI.exe
  2⤵
  PID:13300
- C:\Windows\System32\vwWZGxx.exe
  C:\Windows\System32\vwWZGxx.exe
  2⤵
  PID:12328
- C:\Windows\System32\nfhfaxa.exe
  C:\Windows\System32\nfhfaxa.exe
  2⤵
  PID:12384
- C:\Windows\System32\pdxwRNv.exe
  C:\Windows\System32\pdxwRNv.exe
  2⤵
  PID:12460
- C:\Windows\System32\IWTPPBQ.exe
  C:\Windows\System32\IWTPPBQ.exe
  2⤵
  PID:12524
- C:\Windows\System32\EtDBMri.exe
  C:\Windows\System32\EtDBMri.exe
  2⤵
  PID:12584
- C:\Windows\System32\lPyKeMv.exe
  C:\Windows\System32\lPyKeMv.exe
  2⤵
  PID:12664
- C:\Windows\System32\dtinHZW.exe
  C:\Windows\System32\dtinHZW.exe
  2⤵
  PID:12748
- C:\Windows\System32\YPJRwLI.exe
  C:\Windows\System32\YPJRwLI.exe
  2⤵
  PID:12816
- C:\Windows\System32\zAokycU.exe
  C:\Windows\System32\zAokycU.exe
  2⤵
  PID:12872
- C:\Windows\System32\MFzVkdA.exe
  C:\Windows\System32\MFzVkdA.exe
  2⤵
  PID:12944
- C:\Windows\System32\jwGddxe.exe
  C:\Windows\System32\jwGddxe.exe
  2⤵
  PID:13000
- C:\Windows\System32\ZcxwtEg.exe
  C:\Windows\System32\ZcxwtEg.exe
  2⤵
  PID:13064
- C:\Windows\System32\ZtJpfuQ.exe
  C:\Windows\System32\ZtJpfuQ.exe
  2⤵
  PID:13124
- C:\Windows\System32\mbTtVsE.exe
  C:\Windows\System32\mbTtVsE.exe
  2⤵
  PID:13176
- C:\Windows\System32\Rdtjiyg.exe
  C:\Windows\System32\Rdtjiyg.exe
  2⤵
  PID:13264
- C:\Windows\System32\ZSWwgwx.exe
  C:\Windows\System32\ZSWwgwx.exe
  2⤵
  PID:3016
- C:\Windows\System32\jsqytdt.exe
  C:\Windows\System32\jsqytdt.exe
  2⤵
  PID:12292
- C:\Windows\System32\JbcpFqu.exe
  C:\Windows\System32\JbcpFqu.exe
  2⤵
  PID:12416
- C:\Windows\System32\qVipdLB.exe
  C:\Windows\System32\qVipdLB.exe
  2⤵
  PID:12552
- C:\Windows\System32\DWWPADC.exe
  C:\Windows\System32\DWWPADC.exe
  2⤵
  PID:12732
- C:\Windows\System32\hzwLDgA.exe
  C:\Windows\System32\hzwLDgA.exe
  2⤵
  PID:12868
- C:\Windows\System32\kwFwbfm.exe
  C:\Windows\System32\kwFwbfm.exe
  2⤵
  PID:13040
- C:\Windows\System32\QAULYxW.exe
  C:\Windows\System32\QAULYxW.exe
  2⤵
  PID:13256
- C:\Windows\System32\brRStEf.exe
  C:\Windows\System32\brRStEf.exe
  2⤵
  PID:12356
- C:\Windows\System32\IzQZSlK.exe
  C:\Windows\System32\IzQZSlK.exe
  2⤵
  PID:12640
- C:\Windows\System32\yUfiNjZ.exe
  C:\Windows\System32\yUfiNjZ.exe
  2⤵
  PID:12980
- C:\Windows\System32\uGYSnyh.exe
  C:\Windows\System32\uGYSnyh.exe
  2⤵
  PID:12444
- C:\Windows\System32\gXZavxS.exe
  C:\Windows\System32\gXZavxS.exe
  2⤵
  PID:4028
- C:\Windows\System32\KXFOGED.exe
  C:\Windows\System32\KXFOGED.exe
  2⤵
  PID:13320
- C:\Windows\System32\dFYXWXt.exe
  C:\Windows\System32\dFYXWXt.exe
  2⤵
  PID:13348
- C:\Windows\System32\IpDYAhD.exe
  C:\Windows\System32\IpDYAhD.exe
  2⤵
  PID:13376
- C:\Windows\System32\HTauccf.exe
  C:\Windows\System32\HTauccf.exe
  2⤵
  PID:13404
- C:\Windows\System32\wLrupHj.exe
  C:\Windows\System32\wLrupHj.exe
  2⤵
  PID:13432
- C:\Windows\System32\qCShIoK.exe
  C:\Windows\System32\qCShIoK.exe
  2⤵
  PID:13460
- C:\Windows\System32\FqMsaLs.exe
  C:\Windows\System32\FqMsaLs.exe
  2⤵
  PID:13488
- C:\Windows\System32\UrLUbCX.exe
  C:\Windows\System32\UrLUbCX.exe
  2⤵
  PID:13516
- C:\Windows\System32\OSzYsiy.exe
  C:\Windows\System32\OSzYsiy.exe
  2⤵
  PID:13544
- C:\Windows\System32\bCBIltC.exe
  C:\Windows\System32\bCBIltC.exe
  2⤵
  PID:13572
- C:\Windows\System32\hpcJaKf.exe
  C:\Windows\System32\hpcJaKf.exe
  2⤵
  PID:13600
- C:\Windows\System32\YhbuLQB.exe
  C:\Windows\System32\YhbuLQB.exe
  2⤵
  PID:13628
- C:\Windows\System32\RahGtRp.exe
  C:\Windows\System32\RahGtRp.exe
  2⤵
  PID:13656
- C:\Windows\System32\eblOJxW.exe
  C:\Windows\System32\eblOJxW.exe
  2⤵
  PID:13684
- C:\Windows\System32\eoNCWAq.exe
  C:\Windows\System32\eoNCWAq.exe
  2⤵
  PID:13712
- C:\Windows\System32\KHgFOVq.exe
  C:\Windows\System32\KHgFOVq.exe
  2⤵
  PID:13740
- C:\Windows\System32\KrXWBzy.exe
  C:\Windows\System32\KrXWBzy.exe
  2⤵
  PID:13768
- C:\Windows\System32\EUyNCBR.exe
  C:\Windows\System32\EUyNCBR.exe
  2⤵
  PID:13796
- C:\Windows\System32\mHRwrrY.exe
  C:\Windows\System32\mHRwrrY.exe
  2⤵
  PID:13824
- C:\Windows\System32\qelZOWq.exe
  C:\Windows\System32\qelZOWq.exe
  2⤵
  PID:13856
- C:\Windows\System32\pbHlJVx.exe
  C:\Windows\System32\pbHlJVx.exe
  2⤵
  PID:13884
- C:\Windows\System32\AyHXGfN.exe
  C:\Windows\System32\AyHXGfN.exe
  2⤵
  PID:13912
- C:\Windows\System32\EHDATnd.exe
  C:\Windows\System32\EHDATnd.exe
  2⤵
  PID:13940
- C:\Windows\System32\OWtfNut.exe
  C:\Windows\System32\OWtfNut.exe
  2⤵
  PID:13968
- C:\Windows\System32\gSqosTT.exe
  C:\Windows\System32\gSqosTT.exe
  2⤵
  PID:13996
- C:\Windows\System32\PjZsTGD.exe
  C:\Windows\System32\PjZsTGD.exe
  2⤵
  PID:14024
- C:\Windows\System32\YUBGwNf.exe
  C:\Windows\System32\YUBGwNf.exe
  2⤵
  PID:14052
- C:\Windows\System32\VGcqizQ.exe
  C:\Windows\System32\VGcqizQ.exe
  2⤵
  PID:14080
- C:\Windows\System32\jnoCROw.exe
  C:\Windows\System32\jnoCROw.exe
  2⤵
  PID:14108
- C:\Windows\System32\oHadALE.exe
  C:\Windows\System32\oHadALE.exe
  2⤵
  PID:14136

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\DSyDZZS.exe

Filesize
3.1MB

MD5
7b52aec8c6542df2c912df81432b1a2c

SHA1
fb24a4563e03981a1347aea8f4af00c02abf95d3

SHA256
3bb5193f4bcea7407c2851de17e0fae348f4a19188a26dda1ee84c06e249bde7

SHA512
51f632a329c6d7c3bf2b3af4bf91a44e5aeb8c8e89ae8024caf770ad45cf439162b006f6ae56927868c9e631dc25c1778f6e076a99de58a1490c7bfe88a3b079

Download Submit
C:\Windows\System32\GSfHhvd.exe

Filesize
3.1MB

MD5
32cf0d75f277fe2b59c3641631b84f85

SHA1
e9dfbae7a650f33898d7810530c2577a61650bf0

SHA256
87dd78662fc1f7c5d3e6b26d18c6a82bba0dff7397718c547e4095087ad0adbc

SHA512
619b7697ffe2bd6dcba236766c356bca2782293191698c13f38172983521fc07a68690de0f84069d46db686f28593b160aa3c220dbe4024c9bd7d030a1af2780

Download Submit
C:\Windows\System32\HQtrQCz.exe

Filesize
3.1MB

MD5
6f813d209165e80b50290573d55fc992

SHA1
1716cc281ee005d0ca03defd67380372aa7f06a6

SHA256
3cb05d6cdc1408f203675d5d7de047baf88a4e0aef2dc99f45a831690d404c00

SHA512
6171009d9d3aeb17258ab3e78e30263595500f043be5421773de749034bbdfead5443ea3d67f23beba8c3a3d6db2316754afaaa2c1ac509e146a7d2bb7f2ef15

Download Submit
C:\Windows\System32\NZwVuyu.exe

Filesize
3.1MB

MD5
6b3b1afea756e586f9c9c31bc1773c29

SHA1
76eab0b1215539015ae39f2ae3e3ded6cc877443

SHA256
4db773d922daac274256ef2506db841d9069caebcc928a7aef0f0ef13a7b3589

SHA512
7e2fe48e7a204a15700f4d6c5c536198ac361d6782d9065ce14c1802c96241efc0314bc251221ea9a25e053dd3d0fa93f2488e58a68b25a040ebe22ec1363522

Download Submit
C:\Windows\System32\OlppoJa.exe

Filesize
3.1MB

MD5
1c2d561a4b56bf36622a337df6c3e9ff

SHA1
98ec4fd6c4daca26c2ec446469eec480642c3b63

SHA256
0baaf229f6d278b31c35d38bf297b8941e43b7b2fb04a643c8c4edc37fc2d58b

SHA512
71c6b0fa11e20eb2dae3f402e5b63acd50ac72c186edf41267b96578a398164c8d81300aeda33caaf9451b8ca95d6bd66e19f9ab95908423286205f8b8abad96

Download Submit
C:\Windows\System32\RYwGNKW.exe

Filesize
3.1MB

MD5
07ecd8b2c10062c91f805edac58b6285

SHA1
89aaf9400309493f8d39f421404153b7aedfa762

SHA256
a78f958b77366c86a75fb4b609d87afd144b7c50b50ea6aff51b25958b10cde5

SHA512
3e6a19ffb89459fe84388eee2f70305dbfae3c257dcb18926c277086558124727223bf031f59e8722122402f010fdf92f26ab52e36cc276a644a1ebf72f65cd0

Download Submit
C:\Windows\System32\VQauQnn.exe

Filesize
3.1MB

MD5
d76af8d5ac28120f1f3b7a9f2c97f3c1

SHA1
24db507c63962beb0d4a8a33897904e92c429555

SHA256
7e7f5d6bedb6a3f8fbc8199e0dacc49a1415161bf4f092cd43811e2e55811599

SHA512
4ea7920b3ab65ddf760f8e7eaa34d040238f2b9d9f2be26690f2bbe44114ae3a87591105a30275873b61959207c5bfbc0116a750757f3830a269086ace51f80c

Download Submit
C:\Windows\System32\VkErDkt.exe

Filesize
3.1MB

MD5
50b0b9f01b2fc710f78ca47f05c42fb3

SHA1
abcc27d21d1a542243563781cf4d3faaaa6b8f3e

SHA256
ff316d770f8875bf06a3ed29d1dce8fc3524a93f3f6edd3c564886449bb76e54

SHA512
dab63eb3d0dbe32e4b1f62285c491804d2bf8343c13c8d48cf4506fe2d1c3074c5e1d26b447bc23465046c15d94983b0dd27706c11f8cd07ff1c649cc141191a

Download Submit
C:\Windows\System32\YKDoEQq.exe

Filesize
3.1MB

MD5
fc5a914ff6889959d6c5a63f035e1e03

SHA1
f3aad69e5e77ae93489a6e5461243c6192547aae

SHA256
00af45e414b2b35bec729cb9bbbf7ee1488b26b790457551d0c458d6524aafb2

SHA512
de785bc5362e3440cfb4c3f782e52d0957fd24e816314968e7d85813b0d2a11b8aaf7f8ce16a901517a151eaf2c16654a6c8b2bce1b01d5d5b1a120446e4745c

Download Submit
C:\Windows\System32\aPZKzuK.exe

Filesize
3.1MB

MD5
85662ef4ab69ad9e5ecccb45803c9e36

SHA1
c6f3133d49a5c1dfcca973b7f71ccc0c33577693

SHA256
6e5af813229ed39e2033fa70bab346dc95a746f775e0eefb3f406b891d9adade

SHA512
60fb6741b15dfa90bb53703625b34d96920a3f8874db9de3ecdc5bb9e90120f3e79cb8f186ca07e0a0ff31c6a612136d4072d4bd38b08e17cc195d9d646569fc

Download Submit
C:\Windows\System32\acoNjbh.exe

Filesize
3.1MB

MD5
fb0e463ca0c018aac8d14bb362a039de

SHA1
8be72bd7b680bf99ceaa5ce528206f35eb0c74ed

SHA256
3706ef78820862be08aaa512773fe06795d1586551ba997bbce04cfdfe79a7b9

SHA512
946329a218611661130201d144b49071de5239c64c16e9c78f1f29c85c5c8dd9ff413baa672c84f49618338a87feba47c2fa32ad74205f033f14730253b9b4ce

Download Submit
C:\Windows\System32\ajAHXmc.exe

Filesize
3.1MB

MD5
47665d46b39a764898492c5d44274273

SHA1
a85e99dde927633c961dd0006c1662ed3d747b1e

SHA256
1faca95d4b96bb4bfe77f58bfc940f53901f8661f680e0e586167edd48f96388

SHA512
562bf725fdbbd2807adc280afa17bd072cddc63f4dfc9469cfda8065a1a1451ef8ce6a821cdb2215eac5a35373a85c7807387c32e1a6dbdd7aff3cbd4ab804fb

Download Submit
C:\Windows\System32\bnRuYEv.exe

Filesize
3.1MB

MD5
9db143f8feea23a125eb38b901931ea0

SHA1
6db7951fa86af5dc6df8192d75b5a70e88d6aa6a

SHA256
effb86e6630043e2f85e76d363ed0c1ad6f9702ed366ba7a189341ba49416874

SHA512
a2026713d4b16a0a726ed3598c3ce3676584f6c284087b9b75bc7e4e454f5670cebff827d4f9a3666e9a4c379bdbdbda59a10696db9e7c54a33aa2852e29830d

Download Submit
C:\Windows\System32\culnzgE.exe

Filesize
3.1MB

MD5
be12f7fea45eaa00f930fc0021cbd63f

SHA1
3f5997b1d0c443ecf05aa14926a8f9ef66578174

SHA256
23c8c432db8129efcc30c62fae0a8fbc7c731a311f3dedc3529552497a0ccced

SHA512
e4f7aabf69418bf4f4e9f1272ecbdf0cb6765cf2c3ec9a3c2959ad9b7cda31ebdb596547f99f093ac5988a72a9eeb2decbf38896630617a1bc56ccfe66a25eaf

Download Submit
C:\Windows\System32\fzDAhgS.exe

Filesize
3.1MB

MD5
05d7ddc7ce6172c67f1e3ec5ed6523fc

SHA1
4d3de53b5eec194034e1d00ee485110ded615f1b

SHA256
a14ed33101ad851eb098b11f93140d8bba631d342e786b10747776ba4db181a7

SHA512
a3fa555e8de0d04c27997c3dc1dbe9867c0de6c71d72db52d3937251e89ffb94635c3daeddd3e31a4004f4ab163ba5e3a6be39bc6fc06afd5ae7646795b92c3e

Download Submit
C:\Windows\System32\gttHFLm.exe

Filesize
3.1MB

MD5
9214e684605d2164cc3c51e9a83a9579

SHA1
f9c5471095abaa8caeac3acbb57daf9339a94217

SHA256
93223b44570c2cfd9b1cc150b371227856a377134fbc220b3a68f8656dabf756

SHA512
d987164a1a653090e3d9c37b5b963108381799c3f83e5cdc71ed2d88425945a794a8d1486877df4a8c6585d6157a49030aedc2bf0f025c9facdf07f7730aedc5

Download Submit
C:\Windows\System32\hIQgdAn.exe

Filesize
3.1MB

MD5
aefb7c6d58b629a1dee751151dace708

SHA1
920e782faba70f4869fb889c28dec4f902d5dfd8

SHA256
00f489daa5f9fd72158049c19004be455632c8786590bc7f2beec7e1470354c1

SHA512
d48633f23a4dea17bbdda1641bb0355f05c2db125904a7ee8af48c8863bf879b8fc1865721c5e61655fd17705e7e22358a7e7f69de54ed1626e66c99d3dee2f1

Download Submit
C:\Windows\System32\iqKvuYZ.exe

Filesize
3.1MB

MD5
fd8277ea072dea7ceff89726a18195cb

SHA1
491bdf0ff8ea03d414af3dfab82df6d998630126

SHA256
caef88e0fe0a0216d43214d24ef2f1c553606835027007f31f055ca8fbbdf22b

SHA512
e352f8b5ae0fe6b5c0cdb7e63a9090d8fa10e7ddcc9a52330e29887f5a0148571943a6d30e833a29af9e10348b4ad8d15aa694f904ae56cb56b421e6fbbede41

Download Submit
C:\Windows\System32\kjMjiwA.exe

Filesize
3.1MB

MD5
414f9eece127ec8862ee32c1352f1d2e

SHA1
f7e7ccb23d0a18fc2a70852e7d792fe876edd7b7

SHA256
938a76a1fc826170bbbcb0fd63eb9f113d416a6a707091434955ccf8ee5ed8e6

SHA512
9469eebb8b6469c304dd35fd562a0b9ae9e92733fccf3608c9091324053b544aa0e9161351acfd4ddc4c0cc878d94c1c91a02268b6e4601394c3d9c6afbf38db

Download Submit
C:\Windows\System32\pvKGChL.exe

Filesize
3.1MB

MD5
94df0231eab0f496f1b6aa52c3e42e89

SHA1
47161eabfd7f46f68875f4310465b44689919e46

SHA256
0dc7bad99962e66c869b9d9e5a4ddbd0b5446ef84da66d40eb9f98196feb3f24

SHA512
b4c1907cfcd72dac354d9d3c45b73860a4de23e087fbb940e34432dbfcd80f9c30c18937fbd0a4b4038210b5e3c1e91e93d221f4624964ad5707a11e54c65d18

Download Submit
C:\Windows\System32\qGiUmWX.exe

Filesize
3.1MB

MD5
699b3fcf09473a701528b2f5e85eea9b

SHA1
2f5076a347d9486862b90112aeef55dceea6debb

SHA256
94941d2a0d1d724ebf6228912994201a6777384d1a9412683920f6a5825896b0

SHA512
aa28f40562c34366d5d5ccfbc9ab1df8b955ea17640172d1ae71b143428cc83035f637184b0c8ba0d2c1f122341ac48b5d75acc2a8c0b49dea4d4a80aca8151d

Download Submit
C:\Windows\System32\qKaqLlT.exe

Filesize
3.1MB

MD5
d7eea4a767001ccfb86669b15259493d

SHA1
78badce2912165e6e0938c2eba447275cc728ee5

SHA256
3f935b8f7245d7ebb5fa1db16609790efaa289a00b58860144c754f7a3f877b3

SHA512
69a35477525d23b316b5b32f374aeac4f5d808ca6bc9329e0be8a3d677e00e45d944cc9d24bf98e1ff97f14f9cf241e70901dcb4082b60d5cd4b1aa6c1bd3213

Download Submit
C:\Windows\System32\qduBdGL.exe

Filesize
3.1MB

MD5
0343810efae33b87971d372e5a57eec6

SHA1
31d83a1888a498d57e64f8d325eb3a7308b403d4

SHA256
658b62faac966ab95cae3741b1254538bca2aa2a1cd54f048aad77e4bad99edd

SHA512
77808f315158e8fd70dbd3d62be24803faff4aeacda1fff98077686dd303d9633ea41ae817a6d0ce14121f89af17b7f7b1dc33e2fe417ea276292b0abcb19db7

Download Submit
C:\Windows\System32\rAdwtwR.exe

Filesize
3.1MB

MD5
7128390c063b3a8a416578b335f471c5

SHA1
6fe0c826a2e17b815e1c212fa0ee2da6c7a98bd3

SHA256
89016cf33f21429cb22b8dc70cd8fd9f00f50a2382107d6a09aad7ec130dfb00

SHA512
748a12b3940fae85a07b007e056b7b0cf3a01d613130c4efb0884f81ebb0218325aaeb8c9e65465e3aa0b712165544bb3bacc389d43ccf8cf88e28ff71cfe63f

Download Submit
C:\Windows\System32\rVVuQWQ.exe

Filesize
3.1MB

MD5
a5bd45354f8d3fa9b5cc441f8abf9e4b

SHA1
9ef33c7ecdb80e746bc3d4276b3d192ba8c2916f

SHA256
f8c9e04699cd1259eabbd809573b5776c19aa97c9fefc1ba8f616431e0a9c7f6

SHA512
ec913f90690bc0c00ecd3b3181d99f1bb2e11ca204909f9f1dcaa5b0ea58a42150b91c2442c2180835dc2d347f49c1014aab82fdc13f936579265755a3996a19

Download Submit
C:\Windows\System32\tebQzcT.exe

Filesize
3.1MB

MD5
77762ddc0733c136a03384272b764575

SHA1
c884b966d783f3ec873b813a07a72ace799f4194

SHA256
83d4651a39a62777a71905a2109d604e6f73b79aa8f7c2d24145def1566ce9de

SHA512
591e814961c934a19bfc0f60bff69c3f012d89acdf786dc103b3bc6fb1a982de2bf2829b9adcdd732844c19da4a07694ec9761bdb8b53e3860c944abc31bed3b

Download Submit
C:\Windows\System32\vGluQwP.exe

Filesize
3.1MB

MD5
2816a9277e77b53bab38ff929baf999e

SHA1
ab63006fa6d1019f357661c86da40d9e20b9542d

SHA256
49761b241e632128a45513cc15aea22d8bd9b89e670bd15ccf2ceda60a3df707

SHA512
ae8f55037fe280cd36eb697504f7a092383c4656c59150e2cbb07e78237b07716790657fe9dcda84fd4c8e33af38b8edbdd8af4164bee2f236f7c7ea1fdaf0d3

Download Submit
C:\Windows\System32\vGmDTDg.exe

Filesize
3.1MB

MD5
220642aa95dc02b6f3322c1429bde6aa

SHA1
132643f5cd01c608976943c929d41ad951917d07

SHA256
585381f52f0d72c586769bcd3b9fc878786b3eef9f2b0c8a52e66eea4252181f

SHA512
2ab039304fb120cb2db6d0481297a1ec8f41f5c1530e075e57e0566cc6bc3ba2c2fe44e960ca341ea2318c9c1973dfe6c754041175a58f8e2a1255247583b55d

Download Submit
C:\Windows\System32\wAttIXX.exe

Filesize
3.1MB

MD5
a495f37f0f1df0907b9669d54706fac9

SHA1
07d7fa405ee2b2b164a701a8dd32477c52f94d17

SHA256
3741656de9a4b22120285ea266af9102054146a41d58e25e9bbc6bea56a51a57

SHA512
89327ab5cf9af7a83ccc818e5cdd329f09c1972c338401d8b4e89142b72e4c75c25cd0118ee5a0d52d97e156385439f1a9bce971f6b5d4f98d2797b3c90ba284

Download Submit
C:\Windows\System32\wDsZizX.exe

Filesize
3.1MB

MD5
5e82fa60d474b29fbb2ac5736f222beb

SHA1
41a7e7cbe4626774c0c2ec8ee94e300dd6b643ee

SHA256
ac24ab27c554cf7701465253bb47b93bb2c3bfc42354a19a4a6e3993859bf585

SHA512
cdbfeb94be5127a130d33051d8e9c6a8fb1c571cfb91256e10b8d6d33aaa1d5ee4f96bbaa991e70789ccab0424d222885ebcde39037ded7267eff35ec8013c9c

Download Submit
C:\Windows\System32\xzmykcR.exe

Filesize
3.1MB

MD5
8998c4c22927e3b3d45e74c9b51db088

SHA1
72d558437b6aa01ce213ac296c48ec5ff2646847

SHA256
746320990481df16bbd34b5767dc6841501a3305cd4c0af7d19a301a73ca7302

SHA512
621472ba04d7c99d3c19c97c9e947d106432ddb5b03878965e835088007c2b6c13567a36efc5a6bbf24c2b68ae3a5ff7e22b9ae9d0277a89412ffa6703f01046

Download Submit
C:\Windows\System32\yotigsp.exe

Filesize
3.1MB

MD5
91c1309c7ff2b6766d403f07dfc31b4f

SHA1
568cfd97327778f62d1ef0b4043c0d8baf92c667

SHA256
8a456c038f3d4a7244cc77f32286c4f4524815bdd6a1c587327c2eacbc255023

SHA512
de4068cd350421afeae3d3bfa254353a9bd8e78c0201aae4450d518afeb77ca4ff78d01d41cff58aa835f9616d2f4830689353ed4acd4bce4846e985d3429fc7

Download Submit
C:\Windows\System32\ytnGiHw.exe

Filesize
3.1MB

MD5
4432005b36bb9743ff923d8f5bf34dee

SHA1
6cffae2dc301285b9ca8cbc4fc0353bc36878230

SHA256
666ed18589b9a306ad63301294d8ddd755805b78430f53454fc801a822d610a1

SHA512
9e7a0c0fec4e420f688bc70e2723dc579acc8dcdfd0de44c76298567d038099ddbcc83a8ef16ba9d2faf635a8361f4db815aa2b3dfed27919cadd1ebfd836511

Download Submit
memory/220-2087-0x00007FF721490000-0x00007FF721885000-memory.dmp

Filesize
4.0MB

Download
memory/220-595-0x00007FF721490000-0x00007FF721885000-memory.dmp

Filesize
4.0MB

Download
memory/780-2093-0x00007FF652380000-0x00007FF652775000-memory.dmp

Filesize
4.0MB

Download
memory/780-549-0x00007FF652380000-0x00007FF652775000-memory.dmp

Filesize
4.0MB

Download
memory/1004-2088-0x00007FF602E50000-0x00007FF603245000-memory.dmp

Filesize
4.0MB

Download
memory/1004-593-0x00007FF602E50000-0x00007FF603245000-memory.dmp

Filesize
4.0MB

Download
memory/1276-569-0x00007FF6048F0000-0x00007FF604CE5000-memory.dmp

Filesize
4.0MB

Download
memory/1276-2099-0x00007FF6048F0000-0x00007FF604CE5000-memory.dmp

Filesize
4.0MB

Download
memory/1436-547-0x00007FF763DF0000-0x00007FF7641E5000-memory.dmp

Filesize
4.0MB

Download
memory/1436-2089-0x00007FF763DF0000-0x00007FF7641E5000-memory.dmp

Filesize
4.0MB

Download
memory/1468-2085-0x00007FF709960000-0x00007FF709D55000-memory.dmp

Filesize
4.0MB

Download
memory/1468-7-0x00007FF709960000-0x00007FF709D55000-memory.dmp

Filesize
4.0MB

Download
memory/1468-1269-0x00007FF709960000-0x00007FF709D55000-memory.dmp

Filesize
4.0MB

Download
memory/1552-20-0x00007FF7E3D80000-0x00007FF7E4175000-memory.dmp

Filesize
4.0MB

Download
memory/1552-2084-0x00007FF7E3D80000-0x00007FF7E4175000-memory.dmp

Filesize
4.0MB

Download
memory/1672-2086-0x00007FF7ECD20000-0x00007FF7ED115000-memory.dmp

Filesize
4.0MB

Download
memory/1672-1484-0x00007FF7ECD20000-0x00007FF7ED115000-memory.dmp

Filesize
4.0MB

Download
memory/1672-29-0x00007FF7ECD20000-0x00007FF7ED115000-memory.dmp

Filesize
4.0MB

Download
memory/2344-2098-0x00007FF6D6B40000-0x00007FF6D6F35000-memory.dmp

Filesize
4.0MB

Download
memory/2344-552-0x00007FF6D6B40000-0x00007FF6D6F35000-memory.dmp

Filesize
4.0MB

Download
memory/2356-560-0x00007FF713C00000-0x00007FF713FF5000-memory.dmp

Filesize
4.0MB

Download
memory/2356-2104-0x00007FF713C00000-0x00007FF713FF5000-memory.dmp

Filesize
4.0MB

Download
memory/2620-2090-0x00007FF73D960000-0x00007FF73DD55000-memory.dmp

Filesize
4.0MB

Download
memory/2620-546-0x00007FF73D960000-0x00007FF73DD55000-memory.dmp

Filesize
4.0MB

Download
memory/2620-1488-0x00007FF73D960000-0x00007FF73DD55000-memory.dmp

Filesize
4.0MB

Download
memory/2784-2100-0x00007FF770390000-0x00007FF770785000-memory.dmp

Filesize
4.0MB

Download
memory/2784-565-0x00007FF770390000-0x00007FF770785000-memory.dmp

Filesize
4.0MB

Download
memory/3008-2103-0x00007FF77C020000-0x00007FF77C415000-memory.dmp

Filesize
4.0MB

Download
memory/3008-578-0x00007FF77C020000-0x00007FF77C415000-memory.dmp

Filesize
4.0MB

Download
memory/3252-2097-0x00007FF73B9B0000-0x00007FF73BDA5000-memory.dmp

Filesize
4.0MB

Download
memory/3252-551-0x00007FF73B9B0000-0x00007FF73BDA5000-memory.dmp

Filesize
4.0MB

Download
memory/3520-556-0x00007FF7C0380000-0x00007FF7C0775000-memory.dmp

Filesize
4.0MB

Download
memory/3520-2102-0x00007FF7C0380000-0x00007FF7C0775000-memory.dmp

Filesize
4.0MB

Download
memory/3576-554-0x00007FF7F4570000-0x00007FF7F4965000-memory.dmp

Filesize
4.0MB

Download
memory/3576-2095-0x00007FF7F4570000-0x00007FF7F4965000-memory.dmp

Filesize
4.0MB

Download
memory/3804-2106-0x00007FF615E00000-0x00007FF6161F5000-memory.dmp

Filesize
4.0MB

Download
memory/3804-583-0x00007FF615E00000-0x00007FF6161F5000-memory.dmp

Filesize
4.0MB

Download
memory/4116-555-0x00007FF632520000-0x00007FF632915000-memory.dmp

Filesize
4.0MB

Download
memory/4116-2094-0x00007FF632520000-0x00007FF632915000-memory.dmp

Filesize
4.0MB

Download
memory/4520-553-0x00007FF663AB0000-0x00007FF663EA5000-memory.dmp

Filesize
4.0MB

Download
memory/4520-2096-0x00007FF663AB0000-0x00007FF663EA5000-memory.dmp

Filesize
4.0MB

Download
memory/4568-0-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp

Filesize
4.0MB

Download
memory/4568-1266-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp

Filesize
4.0MB

Download
memory/4568-2083-0x00007FF66C0B0000-0x00007FF66C4A5000-memory.dmp

Filesize
4.0MB

Download
memory/4568-1-0x000001E17F450000-0x000001E17F460000-memory.dmp

Filesize
64KB

Download
memory/4732-548-0x00007FF64D160000-0x00007FF64D555000-memory.dmp

Filesize
4.0MB

Download
memory/4732-2092-0x00007FF64D160000-0x00007FF64D555000-memory.dmp

Filesize
4.0MB

Download
memory/4828-2101-0x00007FF7342C0000-0x00007FF7346B5000-memory.dmp

Filesize
4.0MB

Download
memory/4828-563-0x00007FF7342C0000-0x00007FF7346B5000-memory.dmp

Filesize
4.0MB

Download
memory/4976-584-0x00007FF73A1D0000-0x00007FF73A5C5000-memory.dmp

Filesize
4.0MB

Download
memory/4976-2107-0x00007FF73A1D0000-0x00007FF73A5C5000-memory.dmp

Filesize
4.0MB

Download
memory/5040-2091-0x00007FF7EE4C0000-0x00007FF7EE8B5000-memory.dmp

Filesize
4.0MB

Download
memory/5040-550-0x00007FF7EE4C0000-0x00007FF7EE8B5000-memory.dmp

Filesize
4.0MB

Download
memory/5060-2105-0x00007FF6A86F0000-0x00007FF6A8AE5000-memory.dmp

Filesize
4.0MB

Download
memory/5060-575-0x00007FF6A86F0000-0x00007FF6A8AE5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads