xmrig | 969a46aeb548b398cd2e7652c955fa6b69fc65bdffa3a0308aed8e96d9b92faa

Analysis

max time kernel
98s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25f4a371797f7c346c8baade585d0fc0N.exe
Size

2.0MB
MD5

25f4a371797f7c346c8baade585d0fc0
SHA1

2b2b60897d918d1a87d4f61dc9d0972b8f1770b1
SHA256

969a46aeb548b398cd2e7652c955fa6b69fc65bdffa3a0308aed8e96d9b92faa
SHA512

f331c7e833b56f6d65376cff2414fb94b2beb7f97e02587a7a340cecfe86877b66bd31a243be1794dc21790a5a630e9828b964a22e3524de1d9d6ea9aaaae1f0
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XCejHeOuU4GrTsO20J1nycsW5mJgNP9Gfpc/p:knw9oUUEEDlGUrMsWfb1/y6TR

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral2/memory/2920-10-0x00007FF7E2100000-0x00007FF7E24F1000-memory.dmp	xmrig
behavioral2/memory/4808-408-0x00007FF6BF8E0000-0x00007FF6BFCD1000-memory.dmp	xmrig
behavioral2/memory/3636-407-0x00007FF6849E0000-0x00007FF684DD1000-memory.dmp	xmrig
behavioral2/memory/3040-409-0x00007FF67D2B0000-0x00007FF67D6A1000-memory.dmp	xmrig
behavioral2/memory/4300-410-0x00007FF60CD00000-0x00007FF60D0F1000-memory.dmp	xmrig
behavioral2/memory/228-411-0x00007FF613AE0000-0x00007FF613ED1000-memory.dmp	xmrig
behavioral2/memory/1736-412-0x00007FF6E95C0000-0x00007FF6E99B1000-memory.dmp	xmrig
behavioral2/memory/1928-413-0x00007FF7016A0000-0x00007FF701A91000-memory.dmp	xmrig
behavioral2/memory/2200-415-0x00007FF7ED8F0000-0x00007FF7EDCE1000-memory.dmp	xmrig
behavioral2/memory/3564-414-0x00007FF6ABE60000-0x00007FF6AC251000-memory.dmp	xmrig
behavioral2/memory/2424-423-0x00007FF60DD20000-0x00007FF60E111000-memory.dmp	xmrig
behavioral2/memory/3876-433-0x00007FF65A3C0000-0x00007FF65A7B1000-memory.dmp	xmrig
behavioral2/memory/2328-434-0x00007FF631E10000-0x00007FF632201000-memory.dmp	xmrig
behavioral2/memory/760-444-0x00007FF7402C0000-0x00007FF7406B1000-memory.dmp	xmrig
behavioral2/memory/3188-455-0x00007FF7E6890000-0x00007FF7E6C81000-memory.dmp	xmrig
behavioral2/memory/4600-459-0x00007FF783520000-0x00007FF783911000-memory.dmp	xmrig
behavioral2/memory/1684-461-0x00007FF7CDBD0000-0x00007FF7CDFC1000-memory.dmp	xmrig
behavioral2/memory/3420-467-0x00007FF63EB70000-0x00007FF63EF61000-memory.dmp	xmrig
behavioral2/memory/4132-479-0x00007FF7ADA70000-0x00007FF7ADE61000-memory.dmp	xmrig
behavioral2/memory/4816-474-0x00007FF7398C0000-0x00007FF739CB1000-memory.dmp	xmrig
behavioral2/memory/4028-481-0x00007FF760CC0000-0x00007FF7610B1000-memory.dmp	xmrig
behavioral2/memory/2848-471-0x00007FF6CE830000-0x00007FF6CEC21000-memory.dmp	xmrig
behavioral2/memory/3156-1460-0x00007FF607C80000-0x00007FF608071000-memory.dmp	xmrig
behavioral2/memory/3740-1594-0x00007FF6D1F30000-0x00007FF6D2321000-memory.dmp	xmrig
behavioral2/memory/4872-1599-0x00007FF7F4AC0000-0x00007FF7F4EB1000-memory.dmp	xmrig
behavioral2/memory/2920-1591-0x00007FF7E2100000-0x00007FF7E24F1000-memory.dmp	xmrig
behavioral2/memory/3156-2125-0x00007FF607C80000-0x00007FF608071000-memory.dmp	xmrig
behavioral2/memory/3740-2156-0x00007FF6D1F30000-0x00007FF6D2321000-memory.dmp	xmrig
behavioral2/memory/4132-2152-0x00007FF7ADA70000-0x00007FF7ADE61000-memory.dmp	xmrig
behavioral2/memory/2920-2154-0x00007FF7E2100000-0x00007FF7E24F1000-memory.dmp	xmrig
behavioral2/memory/3636-2158-0x00007FF6849E0000-0x00007FF684DD1000-memory.dmp	xmrig
behavioral2/memory/4028-2162-0x00007FF760CC0000-0x00007FF7610B1000-memory.dmp	xmrig
behavioral2/memory/4872-2160-0x00007FF7F4AC0000-0x00007FF7F4EB1000-memory.dmp	xmrig
behavioral2/memory/228-2182-0x00007FF613AE0000-0x00007FF613ED1000-memory.dmp	xmrig
behavioral2/memory/4300-2180-0x00007FF60CD00000-0x00007FF60D0F1000-memory.dmp	xmrig
behavioral2/memory/1736-2178-0x00007FF6E95C0000-0x00007FF6E99B1000-memory.dmp	xmrig
behavioral2/memory/1928-2176-0x00007FF7016A0000-0x00007FF701A91000-memory.dmp	xmrig
behavioral2/memory/2200-2174-0x00007FF7ED8F0000-0x00007FF7EDCE1000-memory.dmp	xmrig
behavioral2/memory/2424-2172-0x00007FF60DD20000-0x00007FF60E111000-memory.dmp	xmrig
behavioral2/memory/3040-2166-0x00007FF67D2B0000-0x00007FF67D6A1000-memory.dmp	xmrig
behavioral2/memory/4808-2164-0x00007FF6BF8E0000-0x00007FF6BFCD1000-memory.dmp	xmrig
behavioral2/memory/3564-2170-0x00007FF6ABE60000-0x00007FF6AC251000-memory.dmp	xmrig
behavioral2/memory/3420-2221-0x00007FF63EB70000-0x00007FF63EF61000-memory.dmp	xmrig
behavioral2/memory/760-2213-0x00007FF7402C0000-0x00007FF7406B1000-memory.dmp	xmrig
behavioral2/memory/2848-2227-0x00007FF6CE830000-0x00007FF6CEC21000-memory.dmp	xmrig
behavioral2/memory/4816-2225-0x00007FF7398C0000-0x00007FF739CB1000-memory.dmp	xmrig
behavioral2/memory/3188-2219-0x00007FF7E6890000-0x00007FF7E6C81000-memory.dmp	xmrig
behavioral2/memory/4600-2217-0x00007FF783520000-0x00007FF783911000-memory.dmp	xmrig
behavioral2/memory/1684-2215-0x00007FF7CDBD0000-0x00007FF7CDFC1000-memory.dmp	xmrig
behavioral2/memory/3876-2168-0x00007FF65A3C0000-0x00007FF65A7B1000-memory.dmp	xmrig
behavioral2/memory/2328-2184-0x00007FF631E10000-0x00007FF632201000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2920	yZLeipZ.exe
3740	LHyemVs.exe
4132	tdsMzhk.exe
4872	PYVUMLW.exe
3636	DEmqpzb.exe
4028	nKwLXyf.exe
4808	FQxvpvG.exe
3040	ZFGshhg.exe
4300	SjzEUOB.exe
228	wOLQVLA.exe
1736	CSzWMWS.exe
1928	ScYjMIP.exe
3564	xmfUDKa.exe
2200	xVckvBe.exe
2424	rBSokij.exe
3876	jigUdGd.exe
2328	IuNfVZB.exe
760	yrCPKQz.exe
3188	IJYsQfQ.exe
4600	XMGsHTO.exe
1684	tXLIfuO.exe
3420	qyoCbfL.exe
2848	DLUPPMX.exe
4816	UJkejDE.exe
4820	naORVTU.exe
3728	LxttqhR.exe
4080	whVgNyb.exe
2720	hSNYUFz.exe
1612	gINRldi.exe
3628	tJzXEcG.exe
4356	RWXOWLX.exe
3652	HzGSOaK.exe
3768	vESUtTu.exe
4856	UXalJhL.exe
4012	Rkqcoep.exe
3168	SoakmwL.exe
4264	BXUDbuX.exe
3684	Eszcckn.exe
3708	KlHXHSp.exe
4496	SVyuhLa.exe
1640	kCcwERQ.exe
4704	LWvcLqi.exe
5056	PjmcZtU.exe
4340	ccPPMCy.exe
1724	RJeSDgI.exe
3232	XRZUjRc.exe
2464	HpctsjB.exe
4868	XMzvyjJ.exe
3640	FktvPSi.exe
3092	TsgIrbd.exe
1276	FlEXmnm.exe
2004	TMYnwkI.exe
628	IVtAwZo.exe
2440	DnwNKPP.exe
3252	smzcHsS.exe
4988	LDwUScp.exe
2588	bBCvlxh.exe
728	aTHlFPk.exe
4208	JiCnIoz.exe
4944	ORPRdiQ.exe
3456	pakbQSg.exe
2516	EWJPflI.exe
1088	SJGgnjt.exe
224	VVsftEc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3156-0-0x00007FF607C80000-0x00007FF608071000-memory.dmp	upx
behavioral2/files/0x0008000000023479-5.dat	upx
behavioral2/memory/2920-10-0x00007FF7E2100000-0x00007FF7E24F1000-memory.dmp	upx
behavioral2/files/0x000700000002347e-8.dat	upx
behavioral2/files/0x000700000002347d-14.dat	upx
behavioral2/files/0x0007000000023480-26.dat	upx
behavioral2/files/0x0007000000023481-28.dat	upx
behavioral2/files/0x000700000002347f-31.dat	upx
behavioral2/files/0x0007000000023483-40.dat	upx
behavioral2/files/0x0007000000023485-50.dat	upx
behavioral2/files/0x0007000000023486-61.dat	upx
behavioral2/files/0x000700000002348f-100.dat	upx
behavioral2/files/0x0007000000023490-105.dat	upx
behavioral2/files/0x0007000000023493-126.dat	upx
behavioral2/files/0x0007000000023498-145.dat	upx
behavioral2/files/0x000700000002349c-164.dat	upx
behavioral2/files/0x000700000002349a-161.dat	upx
behavioral2/files/0x000700000002349b-159.dat	upx
behavioral2/files/0x0007000000023499-156.dat	upx
behavioral2/files/0x0007000000023497-143.dat	upx
behavioral2/files/0x0007000000023496-138.dat	upx
behavioral2/files/0x0007000000023495-133.dat	upx
behavioral2/files/0x0007000000023494-131.dat	upx
behavioral2/files/0x0007000000023492-121.dat	upx
behavioral2/files/0x0007000000023491-113.dat	upx
behavioral2/files/0x000700000002348e-99.dat	upx
behavioral2/files/0x000700000002348d-93.dat	upx
behavioral2/files/0x000700000002348c-88.dat	upx
behavioral2/files/0x000700000002348b-86.dat	upx
behavioral2/files/0x000700000002348a-81.dat	upx
behavioral2/files/0x0007000000023489-76.dat	upx
behavioral2/files/0x0007000000023488-71.dat	upx
behavioral2/files/0x0007000000023487-63.dat	upx
behavioral2/files/0x0007000000023484-48.dat	upx
behavioral2/files/0x0007000000023482-38.dat	upx
behavioral2/memory/3740-24-0x00007FF6D1F30000-0x00007FF6D2321000-memory.dmp	upx
behavioral2/memory/4872-406-0x00007FF7F4AC0000-0x00007FF7F4EB1000-memory.dmp	upx
behavioral2/memory/4808-408-0x00007FF6BF8E0000-0x00007FF6BFCD1000-memory.dmp	upx
behavioral2/memory/3636-407-0x00007FF6849E0000-0x00007FF684DD1000-memory.dmp	upx
behavioral2/memory/3040-409-0x00007FF67D2B0000-0x00007FF67D6A1000-memory.dmp	upx
behavioral2/memory/4300-410-0x00007FF60CD00000-0x00007FF60D0F1000-memory.dmp	upx
behavioral2/memory/228-411-0x00007FF613AE0000-0x00007FF613ED1000-memory.dmp	upx
behavioral2/memory/1736-412-0x00007FF6E95C0000-0x00007FF6E99B1000-memory.dmp	upx
behavioral2/memory/1928-413-0x00007FF7016A0000-0x00007FF701A91000-memory.dmp	upx
behavioral2/memory/2200-415-0x00007FF7ED8F0000-0x00007FF7EDCE1000-memory.dmp	upx
behavioral2/memory/3564-414-0x00007FF6ABE60000-0x00007FF6AC251000-memory.dmp	upx
behavioral2/memory/2424-423-0x00007FF60DD20000-0x00007FF60E111000-memory.dmp	upx
behavioral2/memory/3876-433-0x00007FF65A3C0000-0x00007FF65A7B1000-memory.dmp	upx
behavioral2/memory/2328-434-0x00007FF631E10000-0x00007FF632201000-memory.dmp	upx
behavioral2/memory/760-444-0x00007FF7402C0000-0x00007FF7406B1000-memory.dmp	upx
behavioral2/memory/3188-455-0x00007FF7E6890000-0x00007FF7E6C81000-memory.dmp	upx
behavioral2/memory/4600-459-0x00007FF783520000-0x00007FF783911000-memory.dmp	upx
behavioral2/memory/1684-461-0x00007FF7CDBD0000-0x00007FF7CDFC1000-memory.dmp	upx
behavioral2/memory/3420-467-0x00007FF63EB70000-0x00007FF63EF61000-memory.dmp	upx
behavioral2/memory/4132-479-0x00007FF7ADA70000-0x00007FF7ADE61000-memory.dmp	upx
behavioral2/memory/4816-474-0x00007FF7398C0000-0x00007FF739CB1000-memory.dmp	upx
behavioral2/memory/4028-481-0x00007FF760CC0000-0x00007FF7610B1000-memory.dmp	upx
behavioral2/memory/2848-471-0x00007FF6CE830000-0x00007FF6CEC21000-memory.dmp	upx
behavioral2/memory/3156-1460-0x00007FF607C80000-0x00007FF608071000-memory.dmp	upx
behavioral2/memory/3740-1594-0x00007FF6D1F30000-0x00007FF6D2321000-memory.dmp	upx
behavioral2/memory/4872-1599-0x00007FF7F4AC0000-0x00007FF7F4EB1000-memory.dmp	upx
behavioral2/memory/2920-1591-0x00007FF7E2100000-0x00007FF7E24F1000-memory.dmp	upx
behavioral2/memory/3156-2125-0x00007FF607C80000-0x00007FF608071000-memory.dmp	upx
behavioral2/memory/3740-2156-0x00007FF6D1F30000-0x00007FF6D2321000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\xhAnifG.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\exOxtrm.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\OaFrmMS.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\rUexAjZ.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\IMXHYgf.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\JjMvTOD.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\NldvMkR.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\DsGEbfO.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\zxMoyqE.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\nfoqOfu.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\LcgyTmI.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\RkWTjaB.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\YgAZiBW.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\adhMJBr.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\lTPAKTp.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\EEQNedS.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\czrxrrn.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\goAZnxg.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\pKCoDOb.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\LWvcLqi.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\Vzsskzq.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\uMXzVaP.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\NFHzlCz.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\oFAGvJM.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\IJYsQfQ.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\QKgeREl.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\zoxlwNh.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\TkuDSYk.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\yusrVbM.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\xAVuiKB.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\ZKxRtbP.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\Eszcckn.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\PrXLMDK.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\UJrFmJP.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\FeJFvtP.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\dhKxBan.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\xPJfOXI.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\yOBchqb.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\uOKmWql.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\KGvyqLk.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\nTVBHVH.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\CcKjWsl.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\ENtoANL.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\yEVVuOi.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\wzgkjXz.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\BTiWIju.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\BtXQKyN.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\RLdyZSW.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\lWZWTOL.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\bchczLu.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\mBdRhCV.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\RqVtngS.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\ZSfmYEj.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\WupSpcZ.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\DLUPPMX.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\IwXkyNn.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\BvFGFEG.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\jyGWePY.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\gINRldi.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\wocoljr.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\vgnIWvl.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\aqrxTpH.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\wOLLCXu.exe	25f4a371797f7c346c8baade585d0fc0N.exe
File created	C:\Windows\System32\Cledzin.exe	25f4a371797f7c346c8baade585d0fc0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14216	dwm.exe
Token: SeChangeNotifyPrivilege	14216	dwm.exe
Token: 33	14216	dwm.exe
Token: SeIncBasePriorityPrivilege	14216	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 2920	3156	25f4a371797f7c346c8baade585d0fc0N.exe	85
PID 3156 wrote to memory of 2920	3156	25f4a371797f7c346c8baade585d0fc0N.exe	85
PID 3156 wrote to memory of 4132	3156	25f4a371797f7c346c8baade585d0fc0N.exe	86
PID 3156 wrote to memory of 4132	3156	25f4a371797f7c346c8baade585d0fc0N.exe	86
PID 3156 wrote to memory of 3740	3156	25f4a371797f7c346c8baade585d0fc0N.exe	87
PID 3156 wrote to memory of 3740	3156	25f4a371797f7c346c8baade585d0fc0N.exe	87
PID 3156 wrote to memory of 4872	3156	25f4a371797f7c346c8baade585d0fc0N.exe	88
PID 3156 wrote to memory of 4872	3156	25f4a371797f7c346c8baade585d0fc0N.exe	88
PID 3156 wrote to memory of 3636	3156	25f4a371797f7c346c8baade585d0fc0N.exe	89
PID 3156 wrote to memory of 3636	3156	25f4a371797f7c346c8baade585d0fc0N.exe	89
PID 3156 wrote to memory of 4028	3156	25f4a371797f7c346c8baade585d0fc0N.exe	90
PID 3156 wrote to memory of 4028	3156	25f4a371797f7c346c8baade585d0fc0N.exe	90
PID 3156 wrote to memory of 4808	3156	25f4a371797f7c346c8baade585d0fc0N.exe	91
PID 3156 wrote to memory of 4808	3156	25f4a371797f7c346c8baade585d0fc0N.exe	91
PID 3156 wrote to memory of 3040	3156	25f4a371797f7c346c8baade585d0fc0N.exe	92
PID 3156 wrote to memory of 3040	3156	25f4a371797f7c346c8baade585d0fc0N.exe	92
PID 3156 wrote to memory of 4300	3156	25f4a371797f7c346c8baade585d0fc0N.exe	93
PID 3156 wrote to memory of 4300	3156	25f4a371797f7c346c8baade585d0fc0N.exe	93
PID 3156 wrote to memory of 228	3156	25f4a371797f7c346c8baade585d0fc0N.exe	94
PID 3156 wrote to memory of 228	3156	25f4a371797f7c346c8baade585d0fc0N.exe	94
PID 3156 wrote to memory of 1736	3156	25f4a371797f7c346c8baade585d0fc0N.exe	95
PID 3156 wrote to memory of 1736	3156	25f4a371797f7c346c8baade585d0fc0N.exe	95
PID 3156 wrote to memory of 1928	3156	25f4a371797f7c346c8baade585d0fc0N.exe	96
PID 3156 wrote to memory of 1928	3156	25f4a371797f7c346c8baade585d0fc0N.exe	96
PID 3156 wrote to memory of 3564	3156	25f4a371797f7c346c8baade585d0fc0N.exe	97
PID 3156 wrote to memory of 3564	3156	25f4a371797f7c346c8baade585d0fc0N.exe	97
PID 3156 wrote to memory of 2200	3156	25f4a371797f7c346c8baade585d0fc0N.exe	98
PID 3156 wrote to memory of 2200	3156	25f4a371797f7c346c8baade585d0fc0N.exe	98
PID 3156 wrote to memory of 2424	3156	25f4a371797f7c346c8baade585d0fc0N.exe	99
PID 3156 wrote to memory of 2424	3156	25f4a371797f7c346c8baade585d0fc0N.exe	99
PID 3156 wrote to memory of 3876	3156	25f4a371797f7c346c8baade585d0fc0N.exe	100
PID 3156 wrote to memory of 3876	3156	25f4a371797f7c346c8baade585d0fc0N.exe	100
PID 3156 wrote to memory of 2328	3156	25f4a371797f7c346c8baade585d0fc0N.exe	101
PID 3156 wrote to memory of 2328	3156	25f4a371797f7c346c8baade585d0fc0N.exe	101
PID 3156 wrote to memory of 760	3156	25f4a371797f7c346c8baade585d0fc0N.exe	102
PID 3156 wrote to memory of 760	3156	25f4a371797f7c346c8baade585d0fc0N.exe	102
PID 3156 wrote to memory of 3188	3156	25f4a371797f7c346c8baade585d0fc0N.exe	103
PID 3156 wrote to memory of 3188	3156	25f4a371797f7c346c8baade585d0fc0N.exe	103
PID 3156 wrote to memory of 4600	3156	25f4a371797f7c346c8baade585d0fc0N.exe	104
PID 3156 wrote to memory of 4600	3156	25f4a371797f7c346c8baade585d0fc0N.exe	104
PID 3156 wrote to memory of 1684	3156	25f4a371797f7c346c8baade585d0fc0N.exe	105
PID 3156 wrote to memory of 1684	3156	25f4a371797f7c346c8baade585d0fc0N.exe	105
PID 3156 wrote to memory of 3420	3156	25f4a371797f7c346c8baade585d0fc0N.exe	106
PID 3156 wrote to memory of 3420	3156	25f4a371797f7c346c8baade585d0fc0N.exe	106
PID 3156 wrote to memory of 2848	3156	25f4a371797f7c346c8baade585d0fc0N.exe	107
PID 3156 wrote to memory of 2848	3156	25f4a371797f7c346c8baade585d0fc0N.exe	107
PID 3156 wrote to memory of 4816	3156	25f4a371797f7c346c8baade585d0fc0N.exe	108
PID 3156 wrote to memory of 4816	3156	25f4a371797f7c346c8baade585d0fc0N.exe	108
PID 3156 wrote to memory of 4820	3156	25f4a371797f7c346c8baade585d0fc0N.exe	109
PID 3156 wrote to memory of 4820	3156	25f4a371797f7c346c8baade585d0fc0N.exe	109
PID 3156 wrote to memory of 3728	3156	25f4a371797f7c346c8baade585d0fc0N.exe	110
PID 3156 wrote to memory of 3728	3156	25f4a371797f7c346c8baade585d0fc0N.exe	110
PID 3156 wrote to memory of 4080	3156	25f4a371797f7c346c8baade585d0fc0N.exe	111
PID 3156 wrote to memory of 4080	3156	25f4a371797f7c346c8baade585d0fc0N.exe	111
PID 3156 wrote to memory of 2720	3156	25f4a371797f7c346c8baade585d0fc0N.exe	112
PID 3156 wrote to memory of 2720	3156	25f4a371797f7c346c8baade585d0fc0N.exe	112
PID 3156 wrote to memory of 1612	3156	25f4a371797f7c346c8baade585d0fc0N.exe	113
PID 3156 wrote to memory of 1612	3156	25f4a371797f7c346c8baade585d0fc0N.exe	113
PID 3156 wrote to memory of 3628	3156	25f4a371797f7c346c8baade585d0fc0N.exe	114
PID 3156 wrote to memory of 3628	3156	25f4a371797f7c346c8baade585d0fc0N.exe	114
PID 3156 wrote to memory of 4356	3156	25f4a371797f7c346c8baade585d0fc0N.exe	115
PID 3156 wrote to memory of 4356	3156	25f4a371797f7c346c8baade585d0fc0N.exe	115
PID 3156 wrote to memory of 3652	3156	25f4a371797f7c346c8baade585d0fc0N.exe	116
PID 3156 wrote to memory of 3652	3156	25f4a371797f7c346c8baade585d0fc0N.exe	116

C:\Users\Admin\AppData\Local\Temp\25f4a371797f7c346c8baade585d0fc0N.exe
"C:\Users\Admin\AppData\Local\Temp\25f4a371797f7c346c8baade585d0fc0N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Windows\System32\yZLeipZ.exe
  C:\Windows\System32\yZLeipZ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System32\tdsMzhk.exe
  C:\Windows\System32\tdsMzhk.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System32\LHyemVs.exe
  C:\Windows\System32\LHyemVs.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System32\PYVUMLW.exe
  C:\Windows\System32\PYVUMLW.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\DEmqpzb.exe
  C:\Windows\System32\DEmqpzb.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System32\nKwLXyf.exe
  C:\Windows\System32\nKwLXyf.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System32\FQxvpvG.exe
  C:\Windows\System32\FQxvpvG.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System32\ZFGshhg.exe
  C:\Windows\System32\ZFGshhg.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System32\SjzEUOB.exe
  C:\Windows\System32\SjzEUOB.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System32\wOLQVLA.exe
  C:\Windows\System32\wOLQVLA.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System32\CSzWMWS.exe
  C:\Windows\System32\CSzWMWS.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System32\ScYjMIP.exe
  C:\Windows\System32\ScYjMIP.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System32\xmfUDKa.exe
  C:\Windows\System32\xmfUDKa.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System32\xVckvBe.exe
  C:\Windows\System32\xVckvBe.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System32\rBSokij.exe
  C:\Windows\System32\rBSokij.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System32\jigUdGd.exe
  C:\Windows\System32\jigUdGd.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System32\IuNfVZB.exe
  C:\Windows\System32\IuNfVZB.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System32\yrCPKQz.exe
  C:\Windows\System32\yrCPKQz.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System32\IJYsQfQ.exe
  C:\Windows\System32\IJYsQfQ.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System32\XMGsHTO.exe
  C:\Windows\System32\XMGsHTO.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System32\tXLIfuO.exe
  C:\Windows\System32\tXLIfuO.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System32\qyoCbfL.exe
  C:\Windows\System32\qyoCbfL.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System32\DLUPPMX.exe
  C:\Windows\System32\DLUPPMX.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System32\UJkejDE.exe
  C:\Windows\System32\UJkejDE.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System32\naORVTU.exe
  C:\Windows\System32\naORVTU.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System32\LxttqhR.exe
  C:\Windows\System32\LxttqhR.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System32\whVgNyb.exe
  C:\Windows\System32\whVgNyb.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System32\hSNYUFz.exe
  C:\Windows\System32\hSNYUFz.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System32\gINRldi.exe
  C:\Windows\System32\gINRldi.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System32\tJzXEcG.exe
  C:\Windows\System32\tJzXEcG.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System32\RWXOWLX.exe
  C:\Windows\System32\RWXOWLX.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System32\HzGSOaK.exe
  C:\Windows\System32\HzGSOaK.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System32\vESUtTu.exe
  C:\Windows\System32\vESUtTu.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System32\UXalJhL.exe
  C:\Windows\System32\UXalJhL.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System32\Rkqcoep.exe
  C:\Windows\System32\Rkqcoep.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System32\SoakmwL.exe
  C:\Windows\System32\SoakmwL.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System32\BXUDbuX.exe
  C:\Windows\System32\BXUDbuX.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System32\Eszcckn.exe
  C:\Windows\System32\Eszcckn.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System32\KlHXHSp.exe
  C:\Windows\System32\KlHXHSp.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System32\SVyuhLa.exe
  C:\Windows\System32\SVyuhLa.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System32\kCcwERQ.exe
  C:\Windows\System32\kCcwERQ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System32\LWvcLqi.exe
  C:\Windows\System32\LWvcLqi.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System32\PjmcZtU.exe
  C:\Windows\System32\PjmcZtU.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System32\ccPPMCy.exe
  C:\Windows\System32\ccPPMCy.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System32\RJeSDgI.exe
  C:\Windows\System32\RJeSDgI.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System32\XRZUjRc.exe
  C:\Windows\System32\XRZUjRc.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System32\HpctsjB.exe
  C:\Windows\System32\HpctsjB.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System32\XMzvyjJ.exe
  C:\Windows\System32\XMzvyjJ.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System32\FktvPSi.exe
  C:\Windows\System32\FktvPSi.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System32\TsgIrbd.exe
  C:\Windows\System32\TsgIrbd.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System32\FlEXmnm.exe
  C:\Windows\System32\FlEXmnm.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System32\TMYnwkI.exe
  C:\Windows\System32\TMYnwkI.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System32\IVtAwZo.exe
  C:\Windows\System32\IVtAwZo.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System32\DnwNKPP.exe
  C:\Windows\System32\DnwNKPP.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System32\smzcHsS.exe
  C:\Windows\System32\smzcHsS.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System32\LDwUScp.exe
  C:\Windows\System32\LDwUScp.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System32\bBCvlxh.exe
  C:\Windows\System32\bBCvlxh.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System32\aTHlFPk.exe
  C:\Windows\System32\aTHlFPk.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System32\JiCnIoz.exe
  C:\Windows\System32\JiCnIoz.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System32\ORPRdiQ.exe
  C:\Windows\System32\ORPRdiQ.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System32\pakbQSg.exe
  C:\Windows\System32\pakbQSg.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System32\EWJPflI.exe
  C:\Windows\System32\EWJPflI.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System32\SJGgnjt.exe
  C:\Windows\System32\SJGgnjt.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System32\VVsftEc.exe
  C:\Windows\System32\VVsftEc.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System32\FxwraEY.exe
  C:\Windows\System32\FxwraEY.exe
  2⤵
  PID:1660
- C:\Windows\System32\cYdPCTR.exe
  C:\Windows\System32\cYdPCTR.exe
  2⤵
  PID:4056
- C:\Windows\System32\MXWTVRi.exe
  C:\Windows\System32\MXWTVRi.exe
  2⤵
  PID:3980
- C:\Windows\System32\ihcJMss.exe
  C:\Windows\System32\ihcJMss.exe
  2⤵
  PID:2628
- C:\Windows\System32\XOJFTnc.exe
  C:\Windows\System32\XOJFTnc.exe
  2⤵
  PID:400
- C:\Windows\System32\DVhOdEk.exe
  C:\Windows\System32\DVhOdEk.exe
  2⤵
  PID:668
- C:\Windows\System32\fURBoyP.exe
  C:\Windows\System32\fURBoyP.exe
  2⤵
  PID:1292
- C:\Windows\System32\JWgseBG.exe
  C:\Windows\System32\JWgseBG.exe
  2⤵
  PID:1864
- C:\Windows\System32\lBdeQYt.exe
  C:\Windows\System32\lBdeQYt.exe
  2⤵
  PID:2572
- C:\Windows\System32\AMlZpMV.exe
  C:\Windows\System32\AMlZpMV.exe
  2⤵
  PID:2648
- C:\Windows\System32\vesbFtU.exe
  C:\Windows\System32\vesbFtU.exe
  2⤵
  PID:2972
- C:\Windows\System32\LGIOwVN.exe
  C:\Windows\System32\LGIOwVN.exe
  2⤵
  PID:4712
- C:\Windows\System32\FjqaeBa.exe
  C:\Windows\System32\FjqaeBa.exe
  2⤵
  PID:4608
- C:\Windows\System32\HACSNsf.exe
  C:\Windows\System32\HACSNsf.exe
  2⤵
  PID:4124
- C:\Windows\System32\XpeQyZu.exe
  C:\Windows\System32\XpeQyZu.exe
  2⤵
  PID:820
- C:\Windows\System32\VhANeQs.exe
  C:\Windows\System32\VhANeQs.exe
  2⤵
  PID:1804
- C:\Windows\System32\TtxHngy.exe
  C:\Windows\System32\TtxHngy.exe
  2⤵
  PID:1476
- C:\Windows\System32\TaBVJWo.exe
  C:\Windows\System32\TaBVJWo.exe
  2⤵
  PID:5128
- C:\Windows\System32\QKgeREl.exe
  C:\Windows\System32\QKgeREl.exe
  2⤵
  PID:5164
- C:\Windows\System32\LPGeLlQ.exe
  C:\Windows\System32\LPGeLlQ.exe
  2⤵
  PID:5184
- C:\Windows\System32\tLwBgwq.exe
  C:\Windows\System32\tLwBgwq.exe
  2⤵
  PID:5212
- C:\Windows\System32\RjAfzEq.exe
  C:\Windows\System32\RjAfzEq.exe
  2⤵
  PID:5240
- C:\Windows\System32\Vzsskzq.exe
  C:\Windows\System32\Vzsskzq.exe
  2⤵
  PID:5268
- C:\Windows\System32\aIEMYTe.exe
  C:\Windows\System32\aIEMYTe.exe
  2⤵
  PID:5292
- C:\Windows\System32\pVIWQIq.exe
  C:\Windows\System32\pVIWQIq.exe
  2⤵
  PID:5324
- C:\Windows\System32\NHdmbjT.exe
  C:\Windows\System32\NHdmbjT.exe
  2⤵
  PID:5352
- C:\Windows\System32\sNYFzau.exe
  C:\Windows\System32\sNYFzau.exe
  2⤵
  PID:5380
- C:\Windows\System32\SPJBLiL.exe
  C:\Windows\System32\SPJBLiL.exe
  2⤵
  PID:5404
- C:\Windows\System32\RMKCzYS.exe
  C:\Windows\System32\RMKCzYS.exe
  2⤵
  PID:5436
- C:\Windows\System32\bUBsFQy.exe
  C:\Windows\System32\bUBsFQy.exe
  2⤵
  PID:5464
- C:\Windows\System32\MhGIRNc.exe
  C:\Windows\System32\MhGIRNc.exe
  2⤵
  PID:5492
- C:\Windows\System32\qMjxiYg.exe
  C:\Windows\System32\qMjxiYg.exe
  2⤵
  PID:5520
- C:\Windows\System32\uLvIqfH.exe
  C:\Windows\System32\uLvIqfH.exe
  2⤵
  PID:5548
- C:\Windows\System32\EkYjhhm.exe
  C:\Windows\System32\EkYjhhm.exe
  2⤵
  PID:5576
- C:\Windows\System32\zsIFmHy.exe
  C:\Windows\System32\zsIFmHy.exe
  2⤵
  PID:5604
- C:\Windows\System32\wRxjvqC.exe
  C:\Windows\System32\wRxjvqC.exe
  2⤵
  PID:5632
- C:\Windows\System32\FLnMhig.exe
  C:\Windows\System32\FLnMhig.exe
  2⤵
  PID:5660
- C:\Windows\System32\cCVRrLu.exe
  C:\Windows\System32\cCVRrLu.exe
  2⤵
  PID:5688
- C:\Windows\System32\qnNOZfN.exe
  C:\Windows\System32\qnNOZfN.exe
  2⤵
  PID:5716
- C:\Windows\System32\TDtRtdb.exe
  C:\Windows\System32\TDtRtdb.exe
  2⤵
  PID:5744
- C:\Windows\System32\lWZWTOL.exe
  C:\Windows\System32\lWZWTOL.exe
  2⤵
  PID:5772
- C:\Windows\System32\WGgmzPX.exe
  C:\Windows\System32\WGgmzPX.exe
  2⤵
  PID:5800
- C:\Windows\System32\fKmzaMW.exe
  C:\Windows\System32\fKmzaMW.exe
  2⤵
  PID:5828
- C:\Windows\System32\vzClQxn.exe
  C:\Windows\System32\vzClQxn.exe
  2⤵
  PID:5856
- C:\Windows\System32\hvrXjJf.exe
  C:\Windows\System32\hvrXjJf.exe
  2⤵
  PID:5884
- C:\Windows\System32\zSZuczo.exe
  C:\Windows\System32\zSZuczo.exe
  2⤵
  PID:5908
- C:\Windows\System32\qJwPeHC.exe
  C:\Windows\System32\qJwPeHC.exe
  2⤵
  PID:5936
- C:\Windows\System32\NNLVraM.exe
  C:\Windows\System32\NNLVraM.exe
  2⤵
  PID:5980
- C:\Windows\System32\sSFRVas.exe
  C:\Windows\System32\sSFRVas.exe
  2⤵
  PID:5996
- C:\Windows\System32\VYUhwnE.exe
  C:\Windows\System32\VYUhwnE.exe
  2⤵
  PID:6020
- C:\Windows\System32\eXulmqB.exe
  C:\Windows\System32\eXulmqB.exe
  2⤵
  PID:6132
- C:\Windows\System32\nKZHYnb.exe
  C:\Windows\System32\nKZHYnb.exe
  2⤵
  PID:532
- C:\Windows\System32\MYRexHF.exe
  C:\Windows\System32\MYRexHF.exe
  2⤵
  PID:1716
- C:\Windows\System32\KXhgDZA.exe
  C:\Windows\System32\KXhgDZA.exe
  2⤵
  PID:4416
- C:\Windows\System32\QYSiXuJ.exe
  C:\Windows\System32\QYSiXuJ.exe
  2⤵
  PID:3356
- C:\Windows\System32\yEVVuOi.exe
  C:\Windows\System32\yEVVuOi.exe
  2⤵
  PID:5252
- C:\Windows\System32\cdrYeWv.exe
  C:\Windows\System32\cdrYeWv.exe
  2⤵
  PID:5308
- C:\Windows\System32\IwXkyNn.exe
  C:\Windows\System32\IwXkyNn.exe
  2⤵
  PID:5344
- C:\Windows\System32\sJUmeky.exe
  C:\Windows\System32\sJUmeky.exe
  2⤵
  PID:5420
- C:\Windows\System32\RkWTjaB.exe
  C:\Windows\System32\RkWTjaB.exe
  2⤵
  PID:5484
- C:\Windows\System32\PrXLMDK.exe
  C:\Windows\System32\PrXLMDK.exe
  2⤵
  PID:2712
- C:\Windows\System32\EvJNGgc.exe
  C:\Windows\System32\EvJNGgc.exe
  2⤵
  PID:5556
- C:\Windows\System32\UUZMHaM.exe
  C:\Windows\System32\UUZMHaM.exe
  2⤵
  PID:5672
- C:\Windows\System32\HYRfVmf.exe
  C:\Windows\System32\HYRfVmf.exe
  2⤵
  PID:4752
- C:\Windows\System32\pwlRAFb.exe
  C:\Windows\System32\pwlRAFb.exe
  2⤵
  PID:5780
- C:\Windows\System32\NidlAFn.exe
  C:\Windows\System32\NidlAFn.exe
  2⤵
  PID:5820
- C:\Windows\System32\CRGgZMh.exe
  C:\Windows\System32\CRGgZMh.exe
  2⤵
  PID:5836
- C:\Windows\System32\hngquCt.exe
  C:\Windows\System32\hngquCt.exe
  2⤵
  PID:5108
- C:\Windows\System32\WdoHGSH.exe
  C:\Windows\System32\WdoHGSH.exe
  2⤵
  PID:3132
- C:\Windows\System32\uWfBCod.exe
  C:\Windows\System32\uWfBCod.exe
  2⤵
  PID:5944
- C:\Windows\System32\uMXzVaP.exe
  C:\Windows\System32\uMXzVaP.exe
  2⤵
  PID:4260
- C:\Windows\System32\zoxlwNh.exe
  C:\Windows\System32\zoxlwNh.exe
  2⤵
  PID:2756
- C:\Windows\System32\wzgkjXz.exe
  C:\Windows\System32\wzgkjXz.exe
  2⤵
  PID:4948
- C:\Windows\System32\WAZtBBW.exe
  C:\Windows\System32\WAZtBBW.exe
  2⤵
  PID:4328
- C:\Windows\System32\STHrWJW.exe
  C:\Windows\System32\STHrWJW.exe
  2⤵
  PID:5088
- C:\Windows\System32\AWBZTfS.exe
  C:\Windows\System32\AWBZTfS.exe
  2⤵
  PID:4512
- C:\Windows\System32\GNQegoH.exe
  C:\Windows\System32\GNQegoH.exe
  2⤵
  PID:4252
- C:\Windows\System32\dvUoxuP.exe
  C:\Windows\System32\dvUoxuP.exe
  2⤵
  PID:4044
- C:\Windows\System32\eFzAFWp.exe
  C:\Windows\System32\eFzAFWp.exe
  2⤵
  PID:4272
- C:\Windows\System32\eJfNDDt.exe
  C:\Windows\System32\eJfNDDt.exe
  2⤵
  PID:6004
- C:\Windows\System32\NMdDSkq.exe
  C:\Windows\System32\NMdDSkq.exe
  2⤵
  PID:220
- C:\Windows\System32\erjNbUW.exe
  C:\Windows\System32\erjNbUW.exe
  2⤵
  PID:1520
- C:\Windows\System32\zJvfrNa.exe
  C:\Windows\System32\zJvfrNa.exe
  2⤵
  PID:6072
- C:\Windows\System32\LZTLlhl.exe
  C:\Windows\System32\LZTLlhl.exe
  2⤵
  PID:6100
- C:\Windows\System32\IkHFCXY.exe
  C:\Windows\System32\IkHFCXY.exe
  2⤵
  PID:3160
- C:\Windows\System32\zAdtdDk.exe
  C:\Windows\System32\zAdtdDk.exe
  2⤵
  PID:3620
- C:\Windows\System32\XnuSsQl.exe
  C:\Windows\System32\XnuSsQl.exe
  2⤵
  PID:2836
- C:\Windows\System32\qWXguPd.exe
  C:\Windows\System32\qWXguPd.exe
  2⤵
  PID:4452
- C:\Windows\System32\AGLTZcE.exe
  C:\Windows\System32\AGLTZcE.exe
  2⤵
  PID:4424
- C:\Windows\System32\ifMGchW.exe
  C:\Windows\System32\ifMGchW.exe
  2⤵
  PID:2556
- C:\Windows\System32\NIaFluC.exe
  C:\Windows\System32\NIaFluC.exe
  2⤵
  PID:1272
- C:\Windows\System32\YEaTMhz.exe
  C:\Windows\System32\YEaTMhz.exe
  2⤵
  PID:332
- C:\Windows\System32\YiOpmDL.exe
  C:\Windows\System32\YiOpmDL.exe
  2⤵
  PID:3224
- C:\Windows\System32\pnHOXFp.exe
  C:\Windows\System32\pnHOXFp.exe
  2⤵
  PID:5156
- C:\Windows\System32\uQqqGdR.exe
  C:\Windows\System32\uQqqGdR.exe
  2⤵
  PID:5332
- C:\Windows\System32\HOnWuxw.exe
  C:\Windows\System32\HOnWuxw.exe
  2⤵
  PID:5280
- C:\Windows\System32\WfVMVhb.exe
  C:\Windows\System32\WfVMVhb.exe
  2⤵
  PID:5500
- C:\Windows\System32\PmmkmJL.exe
  C:\Windows\System32\PmmkmJL.exe
  2⤵
  PID:5528
- C:\Windows\System32\XTRgUQI.exe
  C:\Windows\System32\XTRgUQI.exe
  2⤵
  PID:5612
- C:\Windows\System32\bmSvTRh.exe
  C:\Windows\System32\bmSvTRh.exe
  2⤵
  PID:5808
- C:\Windows\System32\GdJDYlD.exe
  C:\Windows\System32\GdJDYlD.exe
  2⤵
  PID:5728
- C:\Windows\System32\XgLPZHI.exe
  C:\Windows\System32\XgLPZHI.exe
  2⤵
  PID:4488
- C:\Windows\System32\mBdRhCV.exe
  C:\Windows\System32\mBdRhCV.exe
  2⤵
  PID:2776
- C:\Windows\System32\uKEGlHw.exe
  C:\Windows\System32\uKEGlHw.exe
  2⤵
  PID:3712
- C:\Windows\System32\WuecQAS.exe
  C:\Windows\System32\WuecQAS.exe
  2⤵
  PID:4156
- C:\Windows\System32\DlsTzHO.exe
  C:\Windows\System32\DlsTzHO.exe
  2⤵
  PID:4596
- C:\Windows\System32\NuxEbzZ.exe
  C:\Windows\System32\NuxEbzZ.exe
  2⤵
  PID:5100
- C:\Windows\System32\LyRxBqY.exe
  C:\Windows\System32\LyRxBqY.exe
  2⤵
  PID:5084
- C:\Windows\System32\PWKroFS.exe
  C:\Windows\System32\PWKroFS.exe
  2⤵
  PID:5992
- C:\Windows\System32\Hfmpgzw.exe
  C:\Windows\System32\Hfmpgzw.exe
  2⤵
  PID:6120
- C:\Windows\System32\CRRhGhK.exe
  C:\Windows\System32\CRRhGhK.exe
  2⤵
  PID:4492
- C:\Windows\System32\wYeCgAp.exe
  C:\Windows\System32\wYeCgAp.exe
  2⤵
  PID:4708
- C:\Windows\System32\DhGAaKS.exe
  C:\Windows\System32\DhGAaKS.exe
  2⤵
  PID:4352
- C:\Windows\System32\xdEwIWt.exe
  C:\Windows\System32\xdEwIWt.exe
  2⤵
  PID:3748
- C:\Windows\System32\eTXZudV.exe
  C:\Windows\System32\eTXZudV.exe
  2⤵
  PID:3488
- C:\Windows\System32\mQqXPvl.exe
  C:\Windows\System32\mQqXPvl.exe
  2⤵
  PID:2312
- C:\Windows\System32\KsgbfuD.exe
  C:\Windows\System32\KsgbfuD.exe
  2⤵
  PID:5364
- C:\Windows\System32\lYKYWVY.exe
  C:\Windows\System32\lYKYWVY.exe
  2⤵
  PID:5472
- C:\Windows\System32\dhCUlVb.exe
  C:\Windows\System32\dhCUlVb.exe
  2⤵
  PID:5568
- C:\Windows\System32\HGSFBsc.exe
  C:\Windows\System32\HGSFBsc.exe
  2⤵
  PID:5708
- C:\Windows\System32\pphSHUJ.exe
  C:\Windows\System32\pphSHUJ.exe
  2⤵
  PID:5868
- C:\Windows\System32\PXmYsiz.exe
  C:\Windows\System32\PXmYsiz.exe
  2⤵
  PID:3240
- C:\Windows\System32\ECeCAML.exe
  C:\Windows\System32\ECeCAML.exe
  2⤵
  PID:3272
- C:\Windows\System32\ZfGiTjE.exe
  C:\Windows\System32\ZfGiTjE.exe
  2⤵
  PID:384
- C:\Windows\System32\jBkOZXx.exe
  C:\Windows\System32\jBkOZXx.exe
  2⤵
  PID:3452
- C:\Windows\System32\IMXHYgf.exe
  C:\Windows\System32\IMXHYgf.exe
  2⤵
  PID:864
- C:\Windows\System32\DGGVBnG.exe
  C:\Windows\System32\DGGVBnG.exe
  2⤵
  PID:6124
- C:\Windows\System32\DORlVLH.exe
  C:\Windows\System32\DORlVLH.exe
  2⤵
  PID:5276
- C:\Windows\System32\NAcIoHM.exe
  C:\Windows\System32\NAcIoHM.exe
  2⤵
  PID:5624
- C:\Windows\System32\JMURDLS.exe
  C:\Windows\System32\JMURDLS.exe
  2⤵
  PID:5848
- C:\Windows\System32\oEEqBLe.exe
  C:\Windows\System32\oEEqBLe.exe
  2⤵
  PID:5048
- C:\Windows\System32\MLFZLqW.exe
  C:\Windows\System32\MLFZLqW.exe
  2⤵
  PID:2892
- C:\Windows\System32\CCasodu.exe
  C:\Windows\System32\CCasodu.exe
  2⤵
  PID:5196
- C:\Windows\System32\eQaCEBN.exe
  C:\Windows\System32\eQaCEBN.exe
  2⤵
  PID:396
- C:\Windows\System32\sDpmkwy.exe
  C:\Windows\System32\sDpmkwy.exe
  2⤵
  PID:5724
- C:\Windows\System32\IAhGOxZ.exe
  C:\Windows\System32\IAhGOxZ.exe
  2⤵
  PID:1344
- C:\Windows\System32\zQQvvge.exe
  C:\Windows\System32\zQQvvge.exe
  2⤵
  PID:2352
- C:\Windows\System32\CNhkOVt.exe
  C:\Windows\System32\CNhkOVt.exe
  2⤵
  PID:6156
- C:\Windows\System32\LXGFfMe.exe
  C:\Windows\System32\LXGFfMe.exe
  2⤵
  PID:6184
- C:\Windows\System32\WbbBXSu.exe
  C:\Windows\System32\WbbBXSu.exe
  2⤵
  PID:6200
- C:\Windows\System32\attGzOU.exe
  C:\Windows\System32\attGzOU.exe
  2⤵
  PID:6216
- C:\Windows\System32\DiMXjIL.exe
  C:\Windows\System32\DiMXjIL.exe
  2⤵
  PID:6232
- C:\Windows\System32\aEcpekq.exe
  C:\Windows\System32\aEcpekq.exe
  2⤵
  PID:6248
- C:\Windows\System32\kfuTUFO.exe
  C:\Windows\System32\kfuTUFO.exe
  2⤵
  PID:6264
- C:\Windows\System32\MaTMIed.exe
  C:\Windows\System32\MaTMIed.exe
  2⤵
  PID:6280
- C:\Windows\System32\PBjEapt.exe
  C:\Windows\System32\PBjEapt.exe
  2⤵
  PID:6296
- C:\Windows\System32\zOZWtCN.exe
  C:\Windows\System32\zOZWtCN.exe
  2⤵
  PID:6312
- C:\Windows\System32\iLKiJOp.exe
  C:\Windows\System32\iLKiJOp.exe
  2⤵
  PID:6328
- C:\Windows\System32\JreTvMX.exe
  C:\Windows\System32\JreTvMX.exe
  2⤵
  PID:6344
- C:\Windows\System32\bgcDyEC.exe
  C:\Windows\System32\bgcDyEC.exe
  2⤵
  PID:6360
- C:\Windows\System32\yOBchqb.exe
  C:\Windows\System32\yOBchqb.exe
  2⤵
  PID:6376
- C:\Windows\System32\YJFEsDS.exe
  C:\Windows\System32\YJFEsDS.exe
  2⤵
  PID:6392
- C:\Windows\System32\TArxgZV.exe
  C:\Windows\System32\TArxgZV.exe
  2⤵
  PID:6408
- C:\Windows\System32\ABnweWe.exe
  C:\Windows\System32\ABnweWe.exe
  2⤵
  PID:6424
- C:\Windows\System32\JjMvTOD.exe
  C:\Windows\System32\JjMvTOD.exe
  2⤵
  PID:6440
- C:\Windows\System32\xwQCjVq.exe
  C:\Windows\System32\xwQCjVq.exe
  2⤵
  PID:6464
- C:\Windows\System32\NNVnRxx.exe
  C:\Windows\System32\NNVnRxx.exe
  2⤵
  PID:6480
- C:\Windows\System32\YyPkgMI.exe
  C:\Windows\System32\YyPkgMI.exe
  2⤵
  PID:6496
- C:\Windows\System32\ZyLltXY.exe
  C:\Windows\System32\ZyLltXY.exe
  2⤵
  PID:6620
- C:\Windows\System32\uOKmWql.exe
  C:\Windows\System32\uOKmWql.exe
  2⤵
  PID:6644
- C:\Windows\System32\mawBawO.exe
  C:\Windows\System32\mawBawO.exe
  2⤵
  PID:6668
- C:\Windows\System32\QNDkzEQ.exe
  C:\Windows\System32\QNDkzEQ.exe
  2⤵
  PID:6804
- C:\Windows\System32\FDhuuQv.exe
  C:\Windows\System32\FDhuuQv.exe
  2⤵
  PID:6828
- C:\Windows\System32\OTzcolP.exe
  C:\Windows\System32\OTzcolP.exe
  2⤵
  PID:6864
- C:\Windows\System32\CBrZawb.exe
  C:\Windows\System32\CBrZawb.exe
  2⤵
  PID:6880
- C:\Windows\System32\MdHKFdO.exe
  C:\Windows\System32\MdHKFdO.exe
  2⤵
  PID:6944
- C:\Windows\System32\fSiIinb.exe
  C:\Windows\System32\fSiIinb.exe
  2⤵
  PID:6972
- C:\Windows\System32\MSKqhdP.exe
  C:\Windows\System32\MSKqhdP.exe
  2⤵
  PID:6308
- C:\Windows\System32\nlhzUTz.exe
  C:\Windows\System32\nlhzUTz.exe
  2⤵
  PID:6368
- C:\Windows\System32\bZXjkXV.exe
  C:\Windows\System32\bZXjkXV.exe
  2⤵
  PID:7192
- C:\Windows\System32\ZFTYlea.exe
  C:\Windows\System32\ZFTYlea.exe
  2⤵
  PID:7312
- C:\Windows\System32\ydCdpQE.exe
  C:\Windows\System32\ydCdpQE.exe
  2⤵
  PID:7336
- C:\Windows\System32\cmZWplS.exe
  C:\Windows\System32\cmZWplS.exe
  2⤵
  PID:7536
- C:\Windows\System32\HAEcJxH.exe
  C:\Windows\System32\HAEcJxH.exe
  2⤵
  PID:7604
- C:\Windows\System32\qwUVJYJ.exe
  C:\Windows\System32\qwUVJYJ.exe
  2⤵
  PID:7632
- C:\Windows\System32\WgoyRCr.exe
  C:\Windows\System32\WgoyRCr.exe
  2⤵
  PID:7648
- C:\Windows\System32\ObsDktL.exe
  C:\Windows\System32\ObsDktL.exe
  2⤵
  PID:7676
- C:\Windows\System32\rwSvBZX.exe
  C:\Windows\System32\rwSvBZX.exe
  2⤵
  PID:7704
- C:\Windows\System32\vZnMSLC.exe
  C:\Windows\System32\vZnMSLC.exe
  2⤵
  PID:7724
- C:\Windows\System32\adhMJBr.exe
  C:\Windows\System32\adhMJBr.exe
  2⤵
  PID:7748
- C:\Windows\System32\SyqvYXS.exe
  C:\Windows\System32\SyqvYXS.exe
  2⤵
  PID:7780
- C:\Windows\System32\YglFkLf.exe
  C:\Windows\System32\YglFkLf.exe
  2⤵
  PID:7808
- C:\Windows\System32\VOPOyuU.exe
  C:\Windows\System32\VOPOyuU.exe
  2⤵
  PID:7840
- C:\Windows\System32\GixctZf.exe
  C:\Windows\System32\GixctZf.exe
  2⤵
  PID:7860
- C:\Windows\System32\aUTUZgp.exe
  C:\Windows\System32\aUTUZgp.exe
  2⤵
  PID:7880
- C:\Windows\System32\BwwAlzs.exe
  C:\Windows\System32\BwwAlzs.exe
  2⤵
  PID:7928
- C:\Windows\System32\fEvmrEo.exe
  C:\Windows\System32\fEvmrEo.exe
  2⤵
  PID:7948
- C:\Windows\System32\dhKxBan.exe
  C:\Windows\System32\dhKxBan.exe
  2⤵
  PID:7972
- C:\Windows\System32\xhAnifG.exe
  C:\Windows\System32\xhAnifG.exe
  2⤵
  PID:8004
- C:\Windows\System32\oIxFICk.exe
  C:\Windows\System32\oIxFICk.exe
  2⤵
  PID:8032
- C:\Windows\System32\NFHzlCz.exe
  C:\Windows\System32\NFHzlCz.exe
  2⤵
  PID:8056
- C:\Windows\System32\ZMDqiPE.exe
  C:\Windows\System32\ZMDqiPE.exe
  2⤵
  PID:8072
- C:\Windows\System32\lTPAKTp.exe
  C:\Windows\System32\lTPAKTp.exe
  2⤵
  PID:8112
- C:\Windows\System32\fRiAiAe.exe
  C:\Windows\System32\fRiAiAe.exe
  2⤵
  PID:6192
- C:\Windows\System32\DFKsVFv.exe
  C:\Windows\System32\DFKsVFv.exe
  2⤵
  PID:6964
- C:\Windows\System32\vgnIWvl.exe
  C:\Windows\System32\vgnIWvl.exe
  2⤵
  PID:3944
- C:\Windows\System32\xdnrbAD.exe
  C:\Windows\System32\xdnrbAD.exe
  2⤵
  PID:6292
- C:\Windows\System32\PJuvZQk.exe
  C:\Windows\System32\PJuvZQk.exe
  2⤵
  PID:7012
- C:\Windows\System32\zSVmRPo.exe
  C:\Windows\System32\zSVmRPo.exe
  2⤵
  PID:7084
- C:\Windows\System32\vdZBgJe.exe
  C:\Windows\System32\vdZBgJe.exe
  2⤵
  PID:7164
- C:\Windows\System32\aBtOGWP.exe
  C:\Windows\System32\aBtOGWP.exe
  2⤵
  PID:6652
- C:\Windows\System32\YgAZiBW.exe
  C:\Windows\System32\YgAZiBW.exe
  2⤵
  PID:7172
- C:\Windows\System32\OEwHwCz.exe
  C:\Windows\System32\OEwHwCz.exe
  2⤵
  PID:7516
- C:\Windows\System32\kPelSse.exe
  C:\Windows\System32\kPelSse.exe
  2⤵
  PID:7420
- C:\Windows\System32\LulEGQf.exe
  C:\Windows\System32\LulEGQf.exe
  2⤵
  PID:7324
- C:\Windows\System32\GwYzkJp.exe
  C:\Windows\System32\GwYzkJp.exe
  2⤵
  PID:7620
- C:\Windows\System32\OYvzycv.exe
  C:\Windows\System32\OYvzycv.exe
  2⤵
  PID:7720
- C:\Windows\System32\dyDXSSd.exe
  C:\Windows\System32\dyDXSSd.exe
  2⤵
  PID:7768
- C:\Windows\System32\ngmqjZb.exe
  C:\Windows\System32\ngmqjZb.exe
  2⤵
  PID:7816
- C:\Windows\System32\Klzhhem.exe
  C:\Windows\System32\Klzhhem.exe
  2⤵
  PID:7876
- C:\Windows\System32\SQDpzGJ.exe
  C:\Windows\System32\SQDpzGJ.exe
  2⤵
  PID:7988
- C:\Windows\System32\LENlnlU.exe
  C:\Windows\System32\LENlnlU.exe
  2⤵
  PID:8048
- C:\Windows\System32\FcUQxKC.exe
  C:\Windows\System32\FcUQxKC.exe
  2⤵
  PID:8092
- C:\Windows\System32\SoXewSz.exe
  C:\Windows\System32\SoXewSz.exe
  2⤵
  PID:8140
- C:\Windows\System32\YBVXkOE.exe
  C:\Windows\System32\YBVXkOE.exe
  2⤵
  PID:8184
- C:\Windows\System32\oyeNOKH.exe
  C:\Windows\System32\oyeNOKH.exe
  2⤵
  PID:8180
- C:\Windows\System32\aNBvpkZ.exe
  C:\Windows\System32\aNBvpkZ.exe
  2⤵
  PID:6176
- C:\Windows\System32\ZUAgfus.exe
  C:\Windows\System32\ZUAgfus.exe
  2⤵
  PID:6168
- C:\Windows\System32\TBBjyme.exe
  C:\Windows\System32\TBBjyme.exe
  2⤵
  PID:7036
- C:\Windows\System32\LIwCwDF.exe
  C:\Windows\System32\LIwCwDF.exe
  2⤵
  PID:6764
- C:\Windows\System32\oyvfMDQ.exe
  C:\Windows\System32\oyvfMDQ.exe
  2⤵
  PID:7344
- C:\Windows\System32\iscnflV.exe
  C:\Windows\System32\iscnflV.exe
  2⤵
  PID:7660
- C:\Windows\System32\kliFOuz.exe
  C:\Windows\System32\kliFOuz.exe
  2⤵
  PID:7744
- C:\Windows\System32\bchczLu.exe
  C:\Windows\System32\bchczLu.exe
  2⤵
  PID:7960
- C:\Windows\System32\xhNLuBo.exe
  C:\Windows\System32\xhNLuBo.exe
  2⤵
  PID:8080
- C:\Windows\System32\WDuOwXX.exe
  C:\Windows\System32\WDuOwXX.exe
  2⤵
  PID:6576
- C:\Windows\System32\pdELAgz.exe
  C:\Windows\System32\pdELAgz.exe
  2⤵
  PID:7032
- C:\Windows\System32\dTSRYns.exe
  C:\Windows\System32\dTSRYns.exe
  2⤵
  PID:6320
- C:\Windows\System32\wGzqRGQ.exe
  C:\Windows\System32\wGzqRGQ.exe
  2⤵
  PID:7664
- C:\Windows\System32\YCQRzBi.exe
  C:\Windows\System32\YCQRzBi.exe
  2⤵
  PID:7804
- C:\Windows\System32\rzEkvNx.exe
  C:\Windows\System32\rzEkvNx.exe
  2⤵
  PID:8124
- C:\Windows\System32\cwzsxCD.exe
  C:\Windows\System32\cwzsxCD.exe
  2⤵
  PID:6984
- C:\Windows\System32\AwUnOwc.exe
  C:\Windows\System32\AwUnOwc.exe
  2⤵
  PID:8176
- C:\Windows\System32\YbCldTe.exe
  C:\Windows\System32\YbCldTe.exe
  2⤵
  PID:7760
- C:\Windows\System32\rUxuCcz.exe
  C:\Windows\System32\rUxuCcz.exe
  2⤵
  PID:8220
- C:\Windows\System32\aqrxTpH.exe
  C:\Windows\System32\aqrxTpH.exe
  2⤵
  PID:8248
- C:\Windows\System32\fxrrKho.exe
  C:\Windows\System32\fxrrKho.exe
  2⤵
  PID:8272
- C:\Windows\System32\gAjkEQN.exe
  C:\Windows\System32\gAjkEQN.exe
  2⤵
  PID:8292
- C:\Windows\System32\ijrxNQs.exe
  C:\Windows\System32\ijrxNQs.exe
  2⤵
  PID:8332
- C:\Windows\System32\qrtUqnf.exe
  C:\Windows\System32\qrtUqnf.exe
  2⤵
  PID:8360
- C:\Windows\System32\ccsbxVr.exe
  C:\Windows\System32\ccsbxVr.exe
  2⤵
  PID:8384
- C:\Windows\System32\EVkwOQK.exe
  C:\Windows\System32\EVkwOQK.exe
  2⤵
  PID:8460
- C:\Windows\System32\nsmVChp.exe
  C:\Windows\System32\nsmVChp.exe
  2⤵
  PID:8480
- C:\Windows\System32\zSxpwtw.exe
  C:\Windows\System32\zSxpwtw.exe
  2⤵
  PID:8504
- C:\Windows\System32\ICoRmFn.exe
  C:\Windows\System32\ICoRmFn.exe
  2⤵
  PID:8528
- C:\Windows\System32\XABXPCp.exe
  C:\Windows\System32\XABXPCp.exe
  2⤵
  PID:8556
- C:\Windows\System32\efJiFFh.exe
  C:\Windows\System32\efJiFFh.exe
  2⤵
  PID:8576
- C:\Windows\System32\zYoBuuX.exe
  C:\Windows\System32\zYoBuuX.exe
  2⤵
  PID:8596
- C:\Windows\System32\IPbDBOJ.exe
  C:\Windows\System32\IPbDBOJ.exe
  2⤵
  PID:8616
- C:\Windows\System32\RqVtngS.exe
  C:\Windows\System32\RqVtngS.exe
  2⤵
  PID:8656
- C:\Windows\System32\wocoljr.exe
  C:\Windows\System32\wocoljr.exe
  2⤵
  PID:8672
- C:\Windows\System32\tPUhpbl.exe
  C:\Windows\System32\tPUhpbl.exe
  2⤵
  PID:8748
- C:\Windows\System32\GTIzzvs.exe
  C:\Windows\System32\GTIzzvs.exe
  2⤵
  PID:8764
- C:\Windows\System32\hAAMimB.exe
  C:\Windows\System32\hAAMimB.exe
  2⤵
  PID:8812
- C:\Windows\System32\YSuBvmv.exe
  C:\Windows\System32\YSuBvmv.exe
  2⤵
  PID:8828
- C:\Windows\System32\BttCKcz.exe
  C:\Windows\System32\BttCKcz.exe
  2⤵
  PID:8848
- C:\Windows\System32\ERYkOlI.exe
  C:\Windows\System32\ERYkOlI.exe
  2⤵
  PID:8900
- C:\Windows\System32\znTVkBn.exe
  C:\Windows\System32\znTVkBn.exe
  2⤵
  PID:8916
- C:\Windows\System32\obzwZrC.exe
  C:\Windows\System32\obzwZrC.exe
  2⤵
  PID:8956
- C:\Windows\System32\aYvvTir.exe
  C:\Windows\System32\aYvvTir.exe
  2⤵
  PID:8980
- C:\Windows\System32\upbFiuM.exe
  C:\Windows\System32\upbFiuM.exe
  2⤵
  PID:9000
- C:\Windows\System32\TCDkwpe.exe
  C:\Windows\System32\TCDkwpe.exe
  2⤵
  PID:9020
- C:\Windows\System32\NldvMkR.exe
  C:\Windows\System32\NldvMkR.exe
  2⤵
  PID:9056
- C:\Windows\System32\YUITeIF.exe
  C:\Windows\System32\YUITeIF.exe
  2⤵
  PID:9096
- C:\Windows\System32\tazCHKH.exe
  C:\Windows\System32\tazCHKH.exe
  2⤵
  PID:9120
- C:\Windows\System32\hZesXUn.exe
  C:\Windows\System32\hZesXUn.exe
  2⤵
  PID:9144
- C:\Windows\System32\QqlKmUJ.exe
  C:\Windows\System32\QqlKmUJ.exe
  2⤵
  PID:9160
- C:\Windows\System32\iLiKzPU.exe
  C:\Windows\System32\iLiKzPU.exe
  2⤵
  PID:9196
- C:\Windows\System32\XZRkJhz.exe
  C:\Windows\System32\XZRkJhz.exe
  2⤵
  PID:8208
- C:\Windows\System32\AWaTeLL.exe
  C:\Windows\System32\AWaTeLL.exe
  2⤵
  PID:8312
- C:\Windows\System32\muPhQtH.exe
  C:\Windows\System32\muPhQtH.exe
  2⤵
  PID:8368
- C:\Windows\System32\UTofjUM.exe
  C:\Windows\System32\UTofjUM.exe
  2⤵
  PID:8352
- C:\Windows\System32\CtmUVCB.exe
  C:\Windows\System32\CtmUVCB.exe
  2⤵
  PID:8444
- C:\Windows\System32\gqLdEvs.exe
  C:\Windows\System32\gqLdEvs.exe
  2⤵
  PID:8452
- C:\Windows\System32\rgDBmyO.exe
  C:\Windows\System32\rgDBmyO.exe
  2⤵
  PID:8524
- C:\Windows\System32\DFulbtq.exe
  C:\Windows\System32\DFulbtq.exe
  2⤵
  PID:8540
- C:\Windows\System32\CbpUTfL.exe
  C:\Windows\System32\CbpUTfL.exe
  2⤵
  PID:8608
- C:\Windows\System32\FIAKpyO.exe
  C:\Windows\System32\FIAKpyO.exe
  2⤵
  PID:8684
- C:\Windows\System32\TgSrePs.exe
  C:\Windows\System32\TgSrePs.exe
  2⤵
  PID:8824
- C:\Windows\System32\ngTWolG.exe
  C:\Windows\System32\ngTWolG.exe
  2⤵
  PID:4140
- C:\Windows\System32\OpzycxM.exe
  C:\Windows\System32\OpzycxM.exe
  2⤵
  PID:8940
- C:\Windows\System32\QxprFzK.exe
  C:\Windows\System32\QxprFzK.exe
  2⤵
  PID:9028
- C:\Windows\System32\mTYXAdV.exe
  C:\Windows\System32\mTYXAdV.exe
  2⤵
  PID:9072
- C:\Windows\System32\NgEygWK.exe
  C:\Windows\System32\NgEygWK.exe
  2⤵
  PID:9108
- C:\Windows\System32\ykkWjEt.exe
  C:\Windows\System32\ykkWjEt.exe
  2⤵
  PID:9188
- C:\Windows\System32\xqOywTt.exe
  C:\Windows\System32\xqOywTt.exe
  2⤵
  PID:8284
- C:\Windows\System32\XudWlnA.exe
  C:\Windows\System32\XudWlnA.exe
  2⤵
  PID:8408
- C:\Windows\System32\THmdbvF.exe
  C:\Windows\System32\THmdbvF.exe
  2⤵
  PID:8572
- C:\Windows\System32\uLqqLjx.exe
  C:\Windows\System32\uLqqLjx.exe
  2⤵
  PID:8756
- C:\Windows\System32\fJFLkxj.exe
  C:\Windows\System32\fJFLkxj.exe
  2⤵
  PID:8844
- C:\Windows\System32\TkuDSYk.exe
  C:\Windows\System32\TkuDSYk.exe
  2⤵
  PID:8996
- C:\Windows\System32\VvCDyXQ.exe
  C:\Windows\System32\VvCDyXQ.exe
  2⤵
  PID:9116
- C:\Windows\System32\vZLdkwD.exe
  C:\Windows\System32\vZLdkwD.exe
  2⤵
  PID:8372
- C:\Windows\System32\IvtJjOO.exe
  C:\Windows\System32\IvtJjOO.exe
  2⤵
  PID:8412
- C:\Windows\System32\cvwJtJu.exe
  C:\Windows\System32\cvwJtJu.exe
  2⤵
  PID:8988
- C:\Windows\System32\iEnFhHo.exe
  C:\Windows\System32\iEnFhHo.exe
  2⤵
  PID:8500
- C:\Windows\System32\xPJfOXI.exe
  C:\Windows\System32\xPJfOXI.exe
  2⤵
  PID:8928
- C:\Windows\System32\vaDehGs.exe
  C:\Windows\System32\vaDehGs.exe
  2⤵
  PID:9232
- C:\Windows\System32\YyNjICS.exe
  C:\Windows\System32\YyNjICS.exe
  2⤵
  PID:9248
- C:\Windows\System32\KoGajip.exe
  C:\Windows\System32\KoGajip.exe
  2⤵
  PID:9284
- C:\Windows\System32\MgcvPwC.exe
  C:\Windows\System32\MgcvPwC.exe
  2⤵
  PID:9308
- C:\Windows\System32\EEQNedS.exe
  C:\Windows\System32\EEQNedS.exe
  2⤵
  PID:9336
- C:\Windows\System32\aOoBITh.exe
  C:\Windows\System32\aOoBITh.exe
  2⤵
  PID:9356
- C:\Windows\System32\sGdEEwn.exe
  C:\Windows\System32\sGdEEwn.exe
  2⤵
  PID:9380
- C:\Windows\System32\gyBYMHy.exe
  C:\Windows\System32\gyBYMHy.exe
  2⤵
  PID:9432
- C:\Windows\System32\OXUzHam.exe
  C:\Windows\System32\OXUzHam.exe
  2⤵
  PID:9468
- C:\Windows\System32\JBQRmvk.exe
  C:\Windows\System32\JBQRmvk.exe
  2⤵
  PID:9488
- C:\Windows\System32\jPWfBun.exe
  C:\Windows\System32\jPWfBun.exe
  2⤵
  PID:9508
- C:\Windows\System32\hvEikKg.exe
  C:\Windows\System32\hvEikKg.exe
  2⤵
  PID:9544
- C:\Windows\System32\HPHpNuC.exe
  C:\Windows\System32\HPHpNuC.exe
  2⤵
  PID:9568
- C:\Windows\System32\rXNedhA.exe
  C:\Windows\System32\rXNedhA.exe
  2⤵
  PID:9596
- C:\Windows\System32\jXuliLo.exe
  C:\Windows\System32\jXuliLo.exe
  2⤵
  PID:9612
- C:\Windows\System32\xFcqvtb.exe
  C:\Windows\System32\xFcqvtb.exe
  2⤵
  PID:9656
- C:\Windows\System32\LydWlkB.exe
  C:\Windows\System32\LydWlkB.exe
  2⤵
  PID:9688
- C:\Windows\System32\TqrQAWD.exe
  C:\Windows\System32\TqrQAWD.exe
  2⤵
  PID:9716
- C:\Windows\System32\xovNght.exe
  C:\Windows\System32\xovNght.exe
  2⤵
  PID:9732
- C:\Windows\System32\QiapwCD.exe
  C:\Windows\System32\QiapwCD.exe
  2⤵
  PID:9756
- C:\Windows\System32\FcNsGrV.exe
  C:\Windows\System32\FcNsGrV.exe
  2⤵
  PID:9780
- C:\Windows\System32\DsGEbfO.exe
  C:\Windows\System32\DsGEbfO.exe
  2⤵
  PID:9800
- C:\Windows\System32\ATaIrgm.exe
  C:\Windows\System32\ATaIrgm.exe
  2⤵
  PID:9820
- C:\Windows\System32\ZnqdUEj.exe
  C:\Windows\System32\ZnqdUEj.exe
  2⤵
  PID:9840
- C:\Windows\System32\ceMNgVG.exe
  C:\Windows\System32\ceMNgVG.exe
  2⤵
  PID:9868
- C:\Windows\System32\LIjPOEC.exe
  C:\Windows\System32\LIjPOEC.exe
  2⤵
  PID:9888
- C:\Windows\System32\RMrjivV.exe
  C:\Windows\System32\RMrjivV.exe
  2⤵
  PID:9952
- C:\Windows\System32\ZSfmYEj.exe
  C:\Windows\System32\ZSfmYEj.exe
  2⤵
  PID:10000
- C:\Windows\System32\XWimFXv.exe
  C:\Windows\System32\XWimFXv.exe
  2⤵
  PID:10040
- C:\Windows\System32\gfvElLC.exe
  C:\Windows\System32\gfvElLC.exe
  2⤵
  PID:10064
- C:\Windows\System32\XdxDtew.exe
  C:\Windows\System32\XdxDtew.exe
  2⤵
  PID:10080
- C:\Windows\System32\drSumQb.exe
  C:\Windows\System32\drSumQb.exe
  2⤵
  PID:10104
- C:\Windows\System32\fHXCczR.exe
  C:\Windows\System32\fHXCczR.exe
  2⤵
  PID:10120
- C:\Windows\System32\byVEfGN.exe
  C:\Windows\System32\byVEfGN.exe
  2⤵
  PID:10144
- C:\Windows\System32\wOLLCXu.exe
  C:\Windows\System32\wOLLCXu.exe
  2⤵
  PID:10180
- C:\Windows\System32\BifPgaB.exe
  C:\Windows\System32\BifPgaB.exe
  2⤵
  PID:10200
- C:\Windows\System32\PcJMvCU.exe
  C:\Windows\System32\PcJMvCU.exe
  2⤵
  PID:10228
- C:\Windows\System32\epxQvRu.exe
  C:\Windows\System32\epxQvRu.exe
  2⤵
  PID:9220
- C:\Windows\System32\pZwNRRp.exe
  C:\Windows\System32\pZwNRRp.exe
  2⤵
  PID:9280
- C:\Windows\System32\FqfnlNC.exe
  C:\Windows\System32\FqfnlNC.exe
  2⤵
  PID:9392
- C:\Windows\System32\XZJQzbe.exe
  C:\Windows\System32\XZJQzbe.exe
  2⤵
  PID:9420
- C:\Windows\System32\CWHVUxk.exe
  C:\Windows\System32\CWHVUxk.exe
  2⤵
  PID:9516
- C:\Windows\System32\bpfNaXg.exe
  C:\Windows\System32\bpfNaXg.exe
  2⤵
  PID:9560
- C:\Windows\System32\BvFGFEG.exe
  C:\Windows\System32\BvFGFEG.exe
  2⤵
  PID:9556
- C:\Windows\System32\IraGTzt.exe
  C:\Windows\System32\IraGTzt.exe
  2⤵
  PID:9712
- C:\Windows\System32\qioDqCf.exe
  C:\Windows\System32\qioDqCf.exe
  2⤵
  PID:9772
- C:\Windows\System32\DYSByoh.exe
  C:\Windows\System32\DYSByoh.exe
  2⤵
  PID:9864
- C:\Windows\System32\FiPyajC.exe
  C:\Windows\System32\FiPyajC.exe
  2⤵
  PID:9884
- C:\Windows\System32\dspJzDm.exe
  C:\Windows\System32\dspJzDm.exe
  2⤵
  PID:10020
- C:\Windows\System32\cgnBPTy.exe
  C:\Windows\System32\cgnBPTy.exe
  2⤵
  PID:10048
- C:\Windows\System32\zbGeVbL.exe
  C:\Windows\System32\zbGeVbL.exe
  2⤵
  PID:10140
- C:\Windows\System32\tsokOtC.exe
  C:\Windows\System32\tsokOtC.exe
  2⤵
  PID:9260
- C:\Windows\System32\vDZqDTt.exe
  C:\Windows\System32\vDZqDTt.exe
  2⤵
  PID:9292
- C:\Windows\System32\CQBXyuB.exe
  C:\Windows\System32\CQBXyuB.exe
  2⤵
  PID:9364
- C:\Windows\System32\kAbVYrF.exe
  C:\Windows\System32\kAbVYrF.exe
  2⤵
  PID:9536
- C:\Windows\System32\adNVObu.exe
  C:\Windows\System32\adNVObu.exe
  2⤵
  PID:9724
- C:\Windows\System32\KGvyqLk.exe
  C:\Windows\System32\KGvyqLk.exe
  2⤵
  PID:9928
- C:\Windows\System32\gpcdQzf.exe
  C:\Windows\System32\gpcdQzf.exe
  2⤵
  PID:10112
- C:\Windows\System32\cCLxORb.exe
  C:\Windows\System32\cCLxORb.exe
  2⤵
  PID:10208
- C:\Windows\System32\pNqjzyW.exe
  C:\Windows\System32\pNqjzyW.exe
  2⤵
  PID:9324
- C:\Windows\System32\tjwdVdA.exe
  C:\Windows\System32\tjwdVdA.exe
  2⤵
  PID:9744
- C:\Windows\System32\xDQuhfO.exe
  C:\Windows\System32\xDQuhfO.exe
  2⤵
  PID:9972
- C:\Windows\System32\exOxtrm.exe
  C:\Windows\System32\exOxtrm.exe
  2⤵
  PID:10216
- C:\Windows\System32\PlXYoED.exe
  C:\Windows\System32\PlXYoED.exe
  2⤵
  PID:10248
- C:\Windows\System32\JLUBSNj.exe
  C:\Windows\System32\JLUBSNj.exe
  2⤵
  PID:10272
- C:\Windows\System32\yNRPxIS.exe
  C:\Windows\System32\yNRPxIS.exe
  2⤵
  PID:10296
- C:\Windows\System32\CFOMJCX.exe
  C:\Windows\System32\CFOMJCX.exe
  2⤵
  PID:10320
- C:\Windows\System32\LqYBUHK.exe
  C:\Windows\System32\LqYBUHK.exe
  2⤵
  PID:10340
- C:\Windows\System32\FjleyHT.exe
  C:\Windows\System32\FjleyHT.exe
  2⤵
  PID:10360
- C:\Windows\System32\KMmvlPK.exe
  C:\Windows\System32\KMmvlPK.exe
  2⤵
  PID:10384
- C:\Windows\System32\YkgMZpM.exe
  C:\Windows\System32\YkgMZpM.exe
  2⤵
  PID:10424
- C:\Windows\System32\vDWpJus.exe
  C:\Windows\System32\vDWpJus.exe
  2⤵
  PID:10484
- C:\Windows\System32\DnAZARE.exe
  C:\Windows\System32\DnAZARE.exe
  2⤵
  PID:10552
- C:\Windows\System32\xDBIrAN.exe
  C:\Windows\System32\xDBIrAN.exe
  2⤵
  PID:10584
- C:\Windows\System32\TkxWtpG.exe
  C:\Windows\System32\TkxWtpG.exe
  2⤵
  PID:10600
- C:\Windows\System32\XeQVKeX.exe
  C:\Windows\System32\XeQVKeX.exe
  2⤵
  PID:10624
- C:\Windows\System32\yXRnwxb.exe
  C:\Windows\System32\yXRnwxb.exe
  2⤵
  PID:10652
- C:\Windows\System32\XvaKUjH.exe
  C:\Windows\System32\XvaKUjH.exe
  2⤵
  PID:10684
- C:\Windows\System32\wAjTywK.exe
  C:\Windows\System32\wAjTywK.exe
  2⤵
  PID:10704
- C:\Windows\System32\mrnmEih.exe
  C:\Windows\System32\mrnmEih.exe
  2⤵
  PID:10744
- C:\Windows\System32\HjtFTQh.exe
  C:\Windows\System32\HjtFTQh.exe
  2⤵
  PID:10764
- C:\Windows\System32\UpNEGwU.exe
  C:\Windows\System32\UpNEGwU.exe
  2⤵
  PID:10784
- C:\Windows\System32\VBHygJh.exe
  C:\Windows\System32\VBHygJh.exe
  2⤵
  PID:10808
- C:\Windows\System32\NrEHVlv.exe
  C:\Windows\System32\NrEHVlv.exe
  2⤵
  PID:10828
- C:\Windows\System32\ivfUwtw.exe
  C:\Windows\System32\ivfUwtw.exe
  2⤵
  PID:10856
- C:\Windows\System32\GhDXKHF.exe
  C:\Windows\System32\GhDXKHF.exe
  2⤵
  PID:10880
- C:\Windows\System32\czrxrrn.exe
  C:\Windows\System32\czrxrrn.exe
  2⤵
  PID:10896
- C:\Windows\System32\RtpKNZB.exe
  C:\Windows\System32\RtpKNZB.exe
  2⤵
  PID:10940
- C:\Windows\System32\lMrwnFe.exe
  C:\Windows\System32\lMrwnFe.exe
  2⤵
  PID:10960
- C:\Windows\System32\JNGIKRv.exe
  C:\Windows\System32\JNGIKRv.exe
  2⤵
  PID:11008
- C:\Windows\System32\xntszlS.exe
  C:\Windows\System32\xntszlS.exe
  2⤵
  PID:11028
- C:\Windows\System32\uuphrGT.exe
  C:\Windows\System32\uuphrGT.exe
  2⤵
  PID:11060
- C:\Windows\System32\kSdVRGr.exe
  C:\Windows\System32\kSdVRGr.exe
  2⤵
  PID:11088
- C:\Windows\System32\jJithfx.exe
  C:\Windows\System32\jJithfx.exe
  2⤵
  PID:11108
- C:\Windows\System32\wnWynhh.exe
  C:\Windows\System32\wnWynhh.exe
  2⤵
  PID:11176
- C:\Windows\System32\gzvHvbN.exe
  C:\Windows\System32\gzvHvbN.exe
  2⤵
  PID:11192
- C:\Windows\System32\EqfjZCZ.exe
  C:\Windows\System32\EqfjZCZ.exe
  2⤵
  PID:11220
- C:\Windows\System32\ZgoppTZ.exe
  C:\Windows\System32\ZgoppTZ.exe
  2⤵
  PID:11252
- C:\Windows\System32\Cledzin.exe
  C:\Windows\System32\Cledzin.exe
  2⤵
  PID:10304
- C:\Windows\System32\hQdJfnf.exe
  C:\Windows\System32\hQdJfnf.exe
  2⤵
  PID:10316
- C:\Windows\System32\mRZOKjk.exe
  C:\Windows\System32\mRZOKjk.exe
  2⤵
  PID:10332
- C:\Windows\System32\WjjwhpI.exe
  C:\Windows\System32\WjjwhpI.exe
  2⤵
  PID:10416
- C:\Windows\System32\UJrFmJP.exe
  C:\Windows\System32\UJrFmJP.exe
  2⤵
  PID:10468
- C:\Windows\System32\IbGGfRN.exe
  C:\Windows\System32\IbGGfRN.exe
  2⤵
  PID:9676
- C:\Windows\System32\RqqaOPe.exe
  C:\Windows\System32\RqqaOPe.exe
  2⤵
  PID:10620
- C:\Windows\System32\jtqzecb.exe
  C:\Windows\System32\jtqzecb.exe
  2⤵
  PID:10668
- C:\Windows\System32\jyGWePY.exe
  C:\Windows\System32\jyGWePY.exe
  2⤵
  PID:10716
- C:\Windows\System32\DtMfLsZ.exe
  C:\Windows\System32\DtMfLsZ.exe
  2⤵
  PID:10756
- C:\Windows\System32\YCMrgLH.exe
  C:\Windows\System32\YCMrgLH.exe
  2⤵
  PID:10864
- C:\Windows\System32\EHnwsHV.exe
  C:\Windows\System32\EHnwsHV.exe
  2⤵
  PID:10968
- C:\Windows\System32\mGtnJGW.exe
  C:\Windows\System32\mGtnJGW.exe
  2⤵
  PID:11016
- C:\Windows\System32\lqQuBWk.exe
  C:\Windows\System32\lqQuBWk.exe
  2⤵
  PID:11076
- C:\Windows\System32\MAMaBun.exe
  C:\Windows\System32\MAMaBun.exe
  2⤵
  PID:11212
- C:\Windows\System32\hiNFWCr.exe
  C:\Windows\System32\hiNFWCr.exe
  2⤵
  PID:11260
- C:\Windows\System32\NaIQZGC.exe
  C:\Windows\System32\NaIQZGC.exe
  2⤵
  PID:10244
- C:\Windows\System32\zGnFZeN.exe
  C:\Windows\System32\zGnFZeN.exe
  2⤵
  PID:10408
- C:\Windows\System32\KIJTRNP.exe
  C:\Windows\System32\KIJTRNP.exe
  2⤵
  PID:10528
- C:\Windows\System32\BtXQKyN.exe
  C:\Windows\System32\BtXQKyN.exe
  2⤵
  PID:10648
- C:\Windows\System32\kziDZKv.exe
  C:\Windows\System32\kziDZKv.exe
  2⤵
  PID:10868
- C:\Windows\System32\ejAoIFZ.exe
  C:\Windows\System32\ejAoIFZ.exe
  2⤵
  PID:11020
- C:\Windows\System32\fEoAzhS.exe
  C:\Windows\System32\fEoAzhS.exe
  2⤵
  PID:11140
- C:\Windows\System32\PUBBfGm.exe
  C:\Windows\System32\PUBBfGm.exe
  2⤵
  PID:9256
- C:\Windows\System32\rdtcYAB.exe
  C:\Windows\System32\rdtcYAB.exe
  2⤵
  PID:10608
- C:\Windows\System32\mcIYGXv.exe
  C:\Windows\System32\mcIYGXv.exe
  2⤵
  PID:10912
- C:\Windows\System32\RLdyZSW.exe
  C:\Windows\System32\RLdyZSW.exe
  2⤵
  PID:10448
- C:\Windows\System32\CzVEkWF.exe
  C:\Windows\System32\CzVEkWF.exe
  2⤵
  PID:10776
- C:\Windows\System32\IgVziHB.exe
  C:\Windows\System32\IgVziHB.exe
  2⤵
  PID:11288
- C:\Windows\System32\EvSVEKx.exe
  C:\Windows\System32\EvSVEKx.exe
  2⤵
  PID:11308
- C:\Windows\System32\AZwsTbn.exe
  C:\Windows\System32\AZwsTbn.exe
  2⤵
  PID:11328
- C:\Windows\System32\rFLtrBz.exe
  C:\Windows\System32\rFLtrBz.exe
  2⤵
  PID:11352
- C:\Windows\System32\Pebfpzn.exe
  C:\Windows\System32\Pebfpzn.exe
  2⤵
  PID:11376
- C:\Windows\System32\gtDiayb.exe
  C:\Windows\System32\gtDiayb.exe
  2⤵
  PID:11392
- C:\Windows\System32\yqQcbDa.exe
  C:\Windows\System32\yqQcbDa.exe
  2⤵
  PID:11408
- C:\Windows\System32\Witcgod.exe
  C:\Windows\System32\Witcgod.exe
  2⤵
  PID:11464
- C:\Windows\System32\ybPSndf.exe
  C:\Windows\System32\ybPSndf.exe
  2⤵
  PID:11548
- C:\Windows\System32\qTtvgYN.exe
  C:\Windows\System32\qTtvgYN.exe
  2⤵
  PID:11564
- C:\Windows\System32\phPiBCe.exe
  C:\Windows\System32\phPiBCe.exe
  2⤵
  PID:11580
- C:\Windows\System32\nTVBHVH.exe
  C:\Windows\System32\nTVBHVH.exe
  2⤵
  PID:11604
- C:\Windows\System32\goAZnxg.exe
  C:\Windows\System32\goAZnxg.exe
  2⤵
  PID:11632
- C:\Windows\System32\gjvDUef.exe
  C:\Windows\System32\gjvDUef.exe
  2⤵
  PID:11656
- C:\Windows\System32\ipUKyly.exe
  C:\Windows\System32\ipUKyly.exe
  2⤵
  PID:11680
- C:\Windows\System32\sLTPhbd.exe
  C:\Windows\System32\sLTPhbd.exe
  2⤵
  PID:11724
- C:\Windows\System32\kOnozEy.exe
  C:\Windows\System32\kOnozEy.exe
  2⤵
  PID:11748
- C:\Windows\System32\YlWDTwm.exe
  C:\Windows\System32\YlWDTwm.exe
  2⤵
  PID:11784
- C:\Windows\System32\JSPLFXS.exe
  C:\Windows\System32\JSPLFXS.exe
  2⤵
  PID:11800
- C:\Windows\System32\niHmJPP.exe
  C:\Windows\System32\niHmJPP.exe
  2⤵
  PID:11844
- C:\Windows\System32\ZaREPip.exe
  C:\Windows\System32\ZaREPip.exe
  2⤵
  PID:11860
- C:\Windows\System32\fyVmvjs.exe
  C:\Windows\System32\fyVmvjs.exe
  2⤵
  PID:11888
- C:\Windows\System32\HGlulmT.exe
  C:\Windows\System32\HGlulmT.exe
  2⤵
  PID:11912
- C:\Windows\System32\OaFrmMS.exe
  C:\Windows\System32\OaFrmMS.exe
  2⤵
  PID:11928
- C:\Windows\System32\rUexAjZ.exe
  C:\Windows\System32\rUexAjZ.exe
  2⤵
  PID:11948
- C:\Windows\System32\lHdsEHC.exe
  C:\Windows\System32\lHdsEHC.exe
  2⤵
  PID:11988
- C:\Windows\System32\PfiiWMW.exe
  C:\Windows\System32\PfiiWMW.exe
  2⤵
  PID:12032
- C:\Windows\System32\lZIoDGh.exe
  C:\Windows\System32\lZIoDGh.exe
  2⤵
  PID:12056
- C:\Windows\System32\QWzOydx.exe
  C:\Windows\System32\QWzOydx.exe
  2⤵
  PID:12076
- C:\Windows\System32\lfvjffU.exe
  C:\Windows\System32\lfvjffU.exe
  2⤵
  PID:12100
- C:\Windows\System32\YCSMuky.exe
  C:\Windows\System32\YCSMuky.exe
  2⤵
  PID:12116
- C:\Windows\System32\euKIChU.exe
  C:\Windows\System32\euKIChU.exe
  2⤵
  PID:12148
- C:\Windows\System32\brWgFvq.exe
  C:\Windows\System32\brWgFvq.exe
  2⤵
  PID:12168
- C:\Windows\System32\cqAxGAX.exe
  C:\Windows\System32\cqAxGAX.exe
  2⤵
  PID:12200
- C:\Windows\System32\CcKjWsl.exe
  C:\Windows\System32\CcKjWsl.exe
  2⤵
  PID:12232
- C:\Windows\System32\QvaZzAf.exe
  C:\Windows\System32\QvaZzAf.exe
  2⤵
  PID:12276
- C:\Windows\System32\gIlMaNb.exe
  C:\Windows\System32\gIlMaNb.exe
  2⤵
  PID:11280
- C:\Windows\System32\zUNVzDn.exe
  C:\Windows\System32\zUNVzDn.exe
  2⤵
  PID:11300
- C:\Windows\System32\pKCoDOb.exe
  C:\Windows\System32\pKCoDOb.exe
  2⤵
  PID:11324
- C:\Windows\System32\exSQdoN.exe
  C:\Windows\System32\exSQdoN.exe
  2⤵
  PID:11424
- C:\Windows\System32\pvNVUlC.exe
  C:\Windows\System32\pvNVUlC.exe
  2⤵
  PID:11472
- C:\Windows\System32\oXtKXTk.exe
  C:\Windows\System32\oXtKXTk.exe
  2⤵
  PID:11520
- C:\Windows\System32\wQDOtyr.exe
  C:\Windows\System32\wQDOtyr.exe
  2⤵
  PID:11556
- C:\Windows\System32\yusrVbM.exe
  C:\Windows\System32\yusrVbM.exe
  2⤵
  PID:11640
- C:\Windows\System32\UeygRAw.exe
  C:\Windows\System32\UeygRAw.exe
  2⤵
  PID:11792
- C:\Windows\System32\jAvOhAJ.exe
  C:\Windows\System32\jAvOhAJ.exe
  2⤵
  PID:11816
- C:\Windows\System32\YsYdzTw.exe
  C:\Windows\System32\YsYdzTw.exe
  2⤵
  PID:11852
- C:\Windows\System32\PNzZUeb.exe
  C:\Windows\System32\PNzZUeb.exe
  2⤵
  PID:11972
- C:\Windows\System32\WhizrsU.exe
  C:\Windows\System32\WhizrsU.exe
  2⤵
  PID:12084
- C:\Windows\System32\UtxTfIE.exe
  C:\Windows\System32\UtxTfIE.exe
  2⤵
  PID:12072
- C:\Windows\System32\BOmVLlF.exe
  C:\Windows\System32\BOmVLlF.exe
  2⤵
  PID:12112
- C:\Windows\System32\zSmVZPS.exe
  C:\Windows\System32\zSmVZPS.exe
  2⤵
  PID:12240
- C:\Windows\System32\kdUaCix.exe
  C:\Windows\System32\kdUaCix.exe
  2⤵
  PID:11476
- C:\Windows\System32\KhCsFih.exe
  C:\Windows\System32\KhCsFih.exe
  2⤵
  PID:11672
- C:\Windows\System32\JBPEEkN.exe
  C:\Windows\System32\JBPEEkN.exe
  2⤵
  PID:11648
- C:\Windows\System32\oZazvUE.exe
  C:\Windows\System32\oZazvUE.exe
  2⤵
  PID:11964
- C:\Windows\System32\anJUFBV.exe
  C:\Windows\System32\anJUFBV.exe
  2⤵
  PID:12004
- C:\Windows\System32\aoNIYYM.exe
  C:\Windows\System32\aoNIYYM.exe
  2⤵
  PID:12064
- C:\Windows\System32\zEdZYrW.exe
  C:\Windows\System32\zEdZYrW.exe
  2⤵
  PID:12192
- C:\Windows\System32\nQsJKtX.exe
  C:\Windows\System32\nQsJKtX.exe
  2⤵
  PID:12244
- C:\Windows\System32\vQIIkgS.exe
  C:\Windows\System32\vQIIkgS.exe
  2⤵
  PID:11404
- C:\Windows\System32\IjFvtwI.exe
  C:\Windows\System32\IjFvtwI.exe
  2⤵
  PID:10520
- C:\Windows\System32\euywokb.exe
  C:\Windows\System32\euywokb.exe
  2⤵
  PID:11372
- C:\Windows\System32\jeAvkHL.exe
  C:\Windows\System32\jeAvkHL.exe
  2⤵
  PID:12308
- C:\Windows\System32\otecizp.exe
  C:\Windows\System32\otecizp.exe
  2⤵
  PID:12336
- C:\Windows\System32\eUKHquK.exe
  C:\Windows\System32\eUKHquK.exe
  2⤵
  PID:12364
- C:\Windows\System32\qqHoApQ.exe
  C:\Windows\System32\qqHoApQ.exe
  2⤵
  PID:12384
- C:\Windows\System32\WjdeZOh.exe
  C:\Windows\System32\WjdeZOh.exe
  2⤵
  PID:12424
- C:\Windows\System32\njxCbhy.exe
  C:\Windows\System32\njxCbhy.exe
  2⤵
  PID:12448
- C:\Windows\System32\nWdyXkd.exe
  C:\Windows\System32\nWdyXkd.exe
  2⤵
  PID:12476
- C:\Windows\System32\rxvKLhx.exe
  C:\Windows\System32\rxvKLhx.exe
  2⤵
  PID:12504
- C:\Windows\System32\OLRLZEQ.exe
  C:\Windows\System32\OLRLZEQ.exe
  2⤵
  PID:12532
- C:\Windows\System32\GLBKFNW.exe
  C:\Windows\System32\GLBKFNW.exe
  2⤵
  PID:12560
- C:\Windows\System32\iHFpBei.exe
  C:\Windows\System32\iHFpBei.exe
  2⤵
  PID:12580
- C:\Windows\System32\uIdtbgu.exe
  C:\Windows\System32\uIdtbgu.exe
  2⤵
  PID:12604
- C:\Windows\System32\YNFpsym.exe
  C:\Windows\System32\YNFpsym.exe
  2⤵
  PID:12628
- C:\Windows\System32\sfJZubm.exe
  C:\Windows\System32\sfJZubm.exe
  2⤵
  PID:12648
- C:\Windows\System32\zxMoyqE.exe
  C:\Windows\System32\zxMoyqE.exe
  2⤵
  PID:12676
- C:\Windows\System32\xAVuiKB.exe
  C:\Windows\System32\xAVuiKB.exe
  2⤵
  PID:12704
- C:\Windows\System32\OWalMIi.exe
  C:\Windows\System32\OWalMIi.exe
  2⤵
  PID:12748
- C:\Windows\System32\WOaoHfS.exe
  C:\Windows\System32\WOaoHfS.exe
  2⤵
  PID:12796
- C:\Windows\System32\ySeojMe.exe
  C:\Windows\System32\ySeojMe.exe
  2⤵
  PID:12832
- C:\Windows\System32\NXNgnmd.exe
  C:\Windows\System32\NXNgnmd.exe
  2⤵
  PID:12860
- C:\Windows\System32\AtzyUYW.exe
  C:\Windows\System32\AtzyUYW.exe
  2⤵
  PID:12876
- C:\Windows\System32\BebaYRL.exe
  C:\Windows\System32\BebaYRL.exe
  2⤵
  PID:12908
- C:\Windows\System32\wORJkde.exe
  C:\Windows\System32\wORJkde.exe
  2⤵
  PID:12940
- C:\Windows\System32\EhJvnoE.exe
  C:\Windows\System32\EhJvnoE.exe
  2⤵
  PID:12964
- C:\Windows\System32\BKVUFKr.exe
  C:\Windows\System32\BKVUFKr.exe
  2⤵
  PID:13008
- C:\Windows\System32\kvQThJA.exe
  C:\Windows\System32\kvQThJA.exe
  2⤵
  PID:13028
- C:\Windows\System32\icXmUHe.exe
  C:\Windows\System32\icXmUHe.exe
  2⤵
  PID:13048
- C:\Windows\System32\PDEixQE.exe
  C:\Windows\System32\PDEixQE.exe
  2⤵
  PID:13100
- C:\Windows\System32\LSBnTnA.exe
  C:\Windows\System32\LSBnTnA.exe
  2⤵
  PID:13116
- C:\Windows\System32\sADMrGA.exe
  C:\Windows\System32\sADMrGA.exe
  2⤵
  PID:13136
- C:\Windows\System32\ytPTmPe.exe
  C:\Windows\System32\ytPTmPe.exe
  2⤵
  PID:13172
- C:\Windows\System32\tJUYKjl.exe
  C:\Windows\System32\tJUYKjl.exe
  2⤵
  PID:13196
- C:\Windows\System32\VfTTOpK.exe
  C:\Windows\System32\VfTTOpK.exe
  2⤵
  PID:13220
- C:\Windows\System32\sEZgQsJ.exe
  C:\Windows\System32\sEZgQsJ.exe
  2⤵
  PID:13244
- C:\Windows\System32\DGfUoXY.exe
  C:\Windows\System32\DGfUoXY.exe
  2⤵
  PID:13284
- C:\Windows\System32\jTRRbSj.exe
  C:\Windows\System32\jTRRbSj.exe
  2⤵
  PID:11388
- C:\Windows\System32\SZIXtJp.exe
  C:\Windows\System32\SZIXtJp.exe
  2⤵
  PID:11504
- C:\Windows\System32\vWyfwLO.exe
  C:\Windows\System32\vWyfwLO.exe
  2⤵
  PID:12360
- C:\Windows\System32\gGNwmvT.exe
  C:\Windows\System32\gGNwmvT.exe
  2⤵
  PID:12412
- C:\Windows\System32\AKoHKzB.exe
  C:\Windows\System32\AKoHKzB.exe
  2⤵
  PID:12456
- C:\Windows\System32\mivZPkq.exe
  C:\Windows\System32\mivZPkq.exe
  2⤵
  PID:12556
- C:\Windows\System32\RXCeelr.exe
  C:\Windows\System32\RXCeelr.exe
  2⤵
  PID:12588
- C:\Windows\System32\zPyzyKm.exe
  C:\Windows\System32\zPyzyKm.exe
  2⤵
  PID:12644
- C:\Windows\System32\yoewZyu.exe
  C:\Windows\System32\yoewZyu.exe
  2⤵
  PID:12780
- C:\Windows\System32\MQBvwRh.exe
  C:\Windows\System32\MQBvwRh.exe
  2⤵
  PID:12820
- C:\Windows\System32\dRTqani.exe
  C:\Windows\System32\dRTqani.exe
  2⤵
  PID:12844
- C:\Windows\System32\klIlzkb.exe
  C:\Windows\System32\klIlzkb.exe
  2⤵
  PID:12932
- C:\Windows\System32\bDWPIyd.exe
  C:\Windows\System32\bDWPIyd.exe
  2⤵
  PID:12996
- C:\Windows\System32\DGJLGSD.exe
  C:\Windows\System32\DGJLGSD.exe
  2⤵
  PID:13108
- C:\Windows\System32\dWXSGZL.exe
  C:\Windows\System32\dWXSGZL.exe
  2⤵
  PID:13144
- C:\Windows\System32\MIQZPfI.exe
  C:\Windows\System32\MIQZPfI.exe
  2⤵
  PID:1544
- C:\Windows\System32\lFPfFsI.exe
  C:\Windows\System32\lFPfFsI.exe
  2⤵
  PID:13204
- C:\Windows\System32\LzSWzVm.exe
  C:\Windows\System32\LzSWzVm.exe
  2⤵
  PID:13256
- C:\Windows\System32\qvFIGkT.exe
  C:\Windows\System32\qvFIGkT.exe
  2⤵
  PID:12296
- C:\Windows\System32\sCbdESO.exe
  C:\Windows\System32\sCbdESO.exe
  2⤵
  PID:12344
- C:\Windows\System32\wtdCGxW.exe
  C:\Windows\System32\wtdCGxW.exe
  2⤵
  PID:12516
- C:\Windows\System32\ghSynrC.exe
  C:\Windows\System32\ghSynrC.exe
  2⤵
  PID:12640
- C:\Windows\System32\qpHHeIR.exe
  C:\Windows\System32\qpHHeIR.exe
  2⤵
  PID:12788
- C:\Windows\System32\vhzNGFC.exe
  C:\Windows\System32\vhzNGFC.exe
  2⤵
  PID:12856
- C:\Windows\System32\glgkqkK.exe
  C:\Windows\System32\glgkqkK.exe
  2⤵
  PID:13020
- C:\Windows\System32\WyTykzd.exe
  C:\Windows\System32\WyTykzd.exe
  2⤵
  PID:13184
- C:\Windows\System32\Xrppfnv.exe
  C:\Windows\System32\Xrppfnv.exe
  2⤵
  PID:13296
- C:\Windows\System32\ENtoANL.exe
  C:\Windows\System32\ENtoANL.exe
  2⤵
  PID:13152
- C:\Windows\System32\PxYWIEX.exe
  C:\Windows\System32\PxYWIEX.exe
  2⤵
  PID:13308
- C:\Windows\System32\oFAGvJM.exe
  C:\Windows\System32\oFAGvJM.exe
  2⤵
  PID:13064
- C:\Windows\System32\zTbsXWy.exe
  C:\Windows\System32\zTbsXWy.exe
  2⤵
  PID:13324
- C:\Windows\System32\UajqOHn.exe
  C:\Windows\System32\UajqOHn.exe
  2⤵
  PID:13344
- C:\Windows\System32\yTtIeLH.exe
  C:\Windows\System32\yTtIeLH.exe
  2⤵
  PID:13372
- C:\Windows\System32\ObaVvmE.exe
  C:\Windows\System32\ObaVvmE.exe
  2⤵
  PID:13388
- C:\Windows\System32\LnYpImR.exe
  C:\Windows\System32\LnYpImR.exe
  2⤵
  PID:13424
- C:\Windows\System32\EoGQFqg.exe
  C:\Windows\System32\EoGQFqg.exe
  2⤵
  PID:13456
- C:\Windows\System32\wfUOFcb.exe
  C:\Windows\System32\wfUOFcb.exe
  2⤵
  PID:13480
- C:\Windows\System32\ncmugAO.exe
  C:\Windows\System32\ncmugAO.exe
  2⤵
  PID:13512
- C:\Windows\System32\FeJFvtP.exe
  C:\Windows\System32\FeJFvtP.exe
  2⤵
  PID:13536
- C:\Windows\System32\pjmYprx.exe
  C:\Windows\System32\pjmYprx.exe
  2⤵
  PID:13576
- C:\Windows\System32\ZpSDwQH.exe
  C:\Windows\System32\ZpSDwQH.exe
  2⤵
  PID:13596
- C:\Windows\System32\KMMYdya.exe
  C:\Windows\System32\KMMYdya.exe
  2⤵
  PID:13632
- C:\Windows\System32\BTiWIju.exe
  C:\Windows\System32\BTiWIju.exe
  2⤵
  PID:13664
- C:\Windows\System32\oxaEgKy.exe
  C:\Windows\System32\oxaEgKy.exe
  2⤵
  PID:13692

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\CSzWMWS.exe

Filesize
2.0MB

MD5
078d626049617a743821ab9072f7fd26

SHA1
950edc482a3b27a845ce706d374f01a4e59de204

SHA256
56baa08855b342ac57f6154851c102775e6977d9d63b22aa91630a4ee9ef2718

SHA512
820226f19940412287bbfbe3a8cc82c846ad73374ce399a398061852a000d90dc8142a4ead0403e3ec4b66adda605e53bf5dc4347724f383e98a52262149bea4

Download Submit
C:\Windows\System32\DEmqpzb.exe

Filesize
2.0MB

MD5
ff90c0aea06bb41db188d12888b6e574

SHA1
fccb4c3da2824947679078b94c5e24ad0f6fb79c

SHA256
eca3aa8c1d3453b392e2674b51bf4cddf6babaf3463bc21dc46bf0aeb14cd521

SHA512
9b671f69299aeac5f620b60de09ffb3dabd181bbbd14acf442271e8d8dcec78c707aa629a70fd7e09952a7b5c8872e187d797e108acbf0dca22db6d7f82d5600

Download Submit
C:\Windows\System32\DLUPPMX.exe

Filesize
2.0MB

MD5
e802e8043a25bfbf899178c549fdfa9a

SHA1
ef3fb6d7e201aabfd80340848dc978e0c257026a

SHA256
878b1ddfc024899551a6e1ed75a746cb9aa9ae7086dccaa606a62515b1be9219

SHA512
1bc352331acf86d0b3da9c2a6d9555fccf5de9439bb858f8adb778a0db3a916ff47926dd11b020ab9d626ed31515b172d015b8387ed5777a465c74847c5ec98c

Download Submit
C:\Windows\System32\FQxvpvG.exe

Filesize
2.0MB

MD5
05a52964ceea1f67e43f6cc5fcb4aad4

SHA1
6c6fae30b438f371625a2436e6055cba148f45da

SHA256
f4016d3865739246fa0295a9f3f8efb03610e08b77197899560aac4557e7387a

SHA512
a00de815cc1659f12bdce4e8e25081392b44717f8fe6bf2fb81bfc5dedf4b8413d731c3373fb902cfa93bc63e18167ab0db3766aab82eb0997335148c1051506

Download Submit
C:\Windows\System32\HzGSOaK.exe

Filesize
2.0MB

MD5
e667a029b713be025c44c00f14d5b78c

SHA1
f67b238764d1f0cc5ea3482208b1c47f99d78ef5

SHA256
edb7bb34c437e79097f75f3b48a10ea61e9cd6375a87ff886aff2e28372d9d3b

SHA512
0bf596ec2e5361c65d47a877d8854ce35e0360c37c2fa8ff152158b182de8c90ebf675a395e76aae38a68298277411b09de74acc6e4f3acf3078a99144e0f13b

Download Submit
C:\Windows\System32\IJYsQfQ.exe

Filesize
2.0MB

MD5
02504203c67d3cf1dba781c11c899b4b

SHA1
64551bc7281611eb377dd1593cb614c1feaffb1c

SHA256
2e0b148fb0f488a9c56e38e07cab4a9b2726d094787e7e7e5c1388f46e5c7865

SHA512
9ab61b2738a7bfb091f3ec927eea4537e1dd6710448066280eab31d553019a63e9de2e678d519917d4e2f13abf7d9bdcc5423da1648d9ac3b1d32210362d5a9a

Download Submit
C:\Windows\System32\IuNfVZB.exe

Filesize
2.0MB

MD5
c9ea7c2e2f432619b0dcb11208096868

SHA1
debcfefd01997ca7718efb4c24585bbbf8cadbbd

SHA256
f8bb276e50869d38cd0b29f6e2786d2ef9a396402de1d7bba9df5c37755dfc8c

SHA512
67d4ce3579aadd9d86d4f2603100b4130b59ee27dbb9cc4a264549c81bb65b4d0a9385690ed1b7de1daac1c9aed339b0f8cd0c3f02a0756472c34af9937e22c9

Download Submit
C:\Windows\System32\LHyemVs.exe

Filesize
2.0MB

MD5
bd46d02ef034951de5d72a5d3c18ab71

SHA1
607372136943d939cbe04bdb429402d739c0e08f

SHA256
971c75230bd1596f4747fa39f1b222bbfb31287c0f51889a30387c22423e0e56

SHA512
692a409572d5e4a382dc20ac955c9db950fa1b11f782e049800ff34c786bdb621c5d978b7f715d101a2b91fdf0d41852403e00f3da0947fb93cf08ff90a8c3d5

Download Submit
C:\Windows\System32\LxttqhR.exe

Filesize
2.0MB

MD5
3bbbe01dade9a7371ed143e283ed6e0f

SHA1
59a58fffb14536b93e4a427ecccd2332d693b9f2

SHA256
006352c42e463d70d5b72b27833155571069e7b3d1458686d830676425397a5c

SHA512
bbbca69f5d9526e94ce321c8895eaffa11df331fe93636ca85a692470c69ce3163aad226a9009cd58d8b97debb2c8d454f6db9f27c193b6d30a5ef415fa13785

Download Submit
C:\Windows\System32\PYVUMLW.exe

Filesize
2.0MB

MD5
3254dea27e45a0039e0fddf259cc5c04

SHA1
13e47e2306f7505af3756ed71a54693d62ab1fe7

SHA256
998b7ffa71413e2cd77db4a638014ea9c87d76ab794f2a0ba73a64614f1119ea

SHA512
6aa4343a00c64de0a84e84f9fa17dba4b1e12f4f075671a52db211bc69f90d40059574154d384d4c2d19d3a9e92e101638259f2959bd06252a7cfce5b4e63c16

Download Submit
C:\Windows\System32\RWXOWLX.exe

Filesize
2.0MB

MD5
c86c3f44305fcbaec76c25079a23f554

SHA1
23d60e6053399d7fc9dd575a5f7d7701d60b8901

SHA256
764f09355fd46037a867575d29fd31bdd5e2d6ab96937979c9c6d3ee1c6ec960

SHA512
48eca8d8263ea0ecd56ea68b7c99908d08e3e8d7d9ed427f1419dc2b2325fe5f60f234f65c07a37e49546b24eea3baa5e829a2fd41079b84fc633a67b3a3fc8b

Download Submit
C:\Windows\System32\ScYjMIP.exe

Filesize
2.0MB

MD5
e36b58be34d0f0826b45b4daffb85f36

SHA1
6b7da058d3b05d3e8567e67e03346ef36579b05b

SHA256
caaafb4a46e951e30f6cd04c507df2f25724bde18f2978051c00fcfa2bf36ef7

SHA512
b2f895a2791e5d1b6afb8d7b4ea3d580dba2d6805a17534f7436ffe78e9a16060af133c75a5e229d039ed864748b38d3b046f09417b2d10c9031cbda3d25e9a0

Download Submit
C:\Windows\System32\SjzEUOB.exe

Filesize
2.0MB

MD5
bba4488cf1cdaf01d15f6b99c4ae9c26

SHA1
d8b89f5a6f514bbb2d342b6a021c9dba7cfe250a

SHA256
e6f536ef7f29b3348ce436504696c1e6ef5eeb1e28be46ba89499bfa6f0dd5ad

SHA512
369bfe46137aa96c461ab8b4f295dc171f66ad4a43b9ceacf36b9c7c9ef34f35b24c003a3411e118bf088771616d7e1f45e917bacf5d7f1c7a6971887f64150e

Download Submit
C:\Windows\System32\UJkejDE.exe

Filesize
2.0MB

MD5
9db058727bb6ab5cfbb42e2893e40c28

SHA1
e7cc1d049202c172afc2dc0df61d0233d2ba71ed

SHA256
158a532a0996fe24d5083c01edb8f4764551a77099995a5c8ac399589503300a

SHA512
fb361e3cb9fe5c68e108c75fa9483f033a9ac0c589615ab4eec7444e28ce5f2a78a0564f148f3a99b7db3f8bb8380fcd39a00f04d461527f3bca6558b29e7515

Download Submit
C:\Windows\System32\XMGsHTO.exe

Filesize
2.0MB

MD5
dda90763a7270ca871c7de7d75976194

SHA1
84a393635a4174160d46199856705a89861d636e

SHA256
962d47e98193fbc638d9aa065d1b214e86bfb494239119be1769a085a833cdfe

SHA512
6880941e94ce173f564234903731cebc06f56bca2a8d834ba56b7f778472695ec058e1918f85719b627d34058b96d31d6bdeb4d6d067037c2084ceb362a617e7

Download Submit
C:\Windows\System32\ZFGshhg.exe

Filesize
2.0MB

MD5
37b3e6d59ca1e1267df580e94e3dc8dc

SHA1
02d171073f8959db54ea7ce1378ab619742223a4

SHA256
58ec2938517330cc867caea4a370f6eca5e93da158b19e1247eaeed904797740

SHA512
fabb5313b8509dd7f632918441d6cdd3c92fd65941157c8e015eafffdf083b902814137ecf3a7b19990664fa2dc0873a3b7dbb7719d4afdc40513cf2ff864022

Download Submit
C:\Windows\System32\gINRldi.exe

Filesize
2.0MB

MD5
352b70c5f5f015e4c0822a19320f87a3

SHA1
bc353519c77099c05060d45a677120a6cd3c3969

SHA256
5a5991d9262e0ee3f955c4d23855981263b935e2563bcb0b60d387099e782179

SHA512
b3c021545372bed80aae08203ae99161bb95b3b141517dda75ef4e837fb6185dcfe4822e6748857c38619379bb3d71f73bc61c422c8fef6d8a105b17701847bf

Download Submit
C:\Windows\System32\hSNYUFz.exe

Filesize
2.0MB

MD5
42c50d44330b6b38deaf18d01149098e

SHA1
17b36c2a169181e9e615f88ef9594a08958119f1

SHA256
6ef137faecd5254535d1f54bcb53986292383dac3698c318a0660f9cab039f9e

SHA512
b0742fcb7254e9c0c7129ae4eb6f5b511fdde8cd30f608ed93796aea51a93047ce72463f08e935b1e00cad5af875cb8ddaf8768ed6c522e7e812ca9095cf8ae4

Download Submit
C:\Windows\System32\jigUdGd.exe

Filesize
2.0MB

MD5
5032b66978c0c87a294ed8d79bc8de5b

SHA1
43697a2071ee2fa400f6df9c92dd8b9c7dc758b6

SHA256
069eb98e9dd4908d2404b813fdf63c61156311d8b821ddca2d7bf76997e4462d

SHA512
7db8bc026d7bc1fbe2b02680615a65ba4f52099d77fd214a1a90359533e04acdd14464fe8dd6b04d73350594b67ee990965d46a40237d40134b3bd1636f7ffa4

Download Submit
C:\Windows\System32\nKwLXyf.exe

Filesize
2.0MB

MD5
b2ad8fce582f84c9886ecbbf8fda6b48

SHA1
531418701846952f1427095d61ba52544ff3c73e

SHA256
b1426ae9064e1a90c661c6549203e96e3021862247b95c5ee4da7d985008b8c8

SHA512
670edb8c566fa442c0079b8b769c6f3ef135d8eefde148dba24e299a894d4cf0745c01dbff2a1f0f3624da763cf4d56e45f838899537922e96a7b2e238587579

Download Submit
C:\Windows\System32\naORVTU.exe

Filesize
2.0MB

MD5
a9586b2d9839d1afac3a5bb699d67910

SHA1
f49444fc75a63a2b854b0ae472b96760f8ca40b9

SHA256
c78c6768384422b5ca73cb5c6efc3f7958a5e3e6c6c7f4a7946aebc8cc09df53

SHA512
8dd7b5ea8b649355d55e2aa6aead2420f09f5118ebc8d2ffdce24447cbfdea7319af353abf8d847f90897edb368c8c5ca692fea0ac6737e21837566a1bda2a29

Download Submit
C:\Windows\System32\qyoCbfL.exe

Filesize
2.0MB

MD5
651bef07147504069efbc89ad258fb9d

SHA1
87d5c4b3041eb39eca3409cb0d8772782f4efcac

SHA256
a613980263ef75e09eee303bf34e711c826d46fa9655c4bd24460c7497582dc8

SHA512
b5ac9ca5f1c3eaf460919be12d0921818f321a24f5219ac06117a30df11be94624a4b773ab0ffc4a111b0812704898a1095125e071e6371168380ba98494effd

Download Submit
C:\Windows\System32\rBSokij.exe

Filesize
2.0MB

MD5
51eba4fed11ff6d2cbc02b216b8b0cb9

SHA1
df53bf71ba65a030fdd9cd194ac2133a59331620

SHA256
cd62d54d723d35fed9b1dd4172356ad30b0f0f14c172755ae6d6fc2b0d3f537a

SHA512
c6691e611d554dec82ce9443e0887d4190b724d7e53200c4164440cbcaabbaaaa144fbe24fa281e1961f810d42a6b44079e52c22d164e0c02196b575e94d7a61

Download Submit
C:\Windows\System32\tJzXEcG.exe

Filesize
2.0MB

MD5
92de627c94421353809b8b19ba8d0392

SHA1
64d73aaf5dbd7e3af83d1962cee16fe6dc10a6cc

SHA256
d640eba219ae949baf27518bf3d3b506cceb1e4070262d9cb960feb45200727e

SHA512
6923592b4d552453a083d080f6504d0f6cf77b010d588485dc1079cbc66aedafb335d6a39cfcbbf112fe2cc9d6dec44225ea5de8fb11a76a8f8319791ffeb365

Download Submit
C:\Windows\System32\tXLIfuO.exe

Filesize
2.0MB

MD5
719754c568428bf7c279f5dd6b422e58

SHA1
275f4e690ac3ed5db768e18426347bcbec3f2a62

SHA256
88dcba5878901fd7b21469c0549e61532d3fb1de727dc2fc43a9182c3866abdd

SHA512
8b8f3d53c424f6f5a158e7383baf89b0667c075fe241e89dd03639c1857f680e9d1b1a57d93ce01f0d059f02dbcd139d0ff7e44f7c999a76cb03edb3d54f2c19

Download Submit
C:\Windows\System32\tdsMzhk.exe

Filesize
2.0MB

MD5
3a72adfbecf8f9e1475eb4e2c2bc6129

SHA1
666f009a58708b3048f3a23a89dfe3021aa468b3

SHA256
7e8d205e6c6bd2a5a776a1256ad3b139c8734ebe523d5e489a5ffd58ba19320a

SHA512
ac6c8438cd21cd983dcf8204278e966df2facd2275dbdf042a43c757bb03948ba7d4f3cda9ba86b964e6d1d5e25c8ca7d15367088f6ff06b1842e7f573a7fbc5

Download Submit
C:\Windows\System32\vESUtTu.exe

Filesize
2.0MB

MD5
54612b471b5b4bfbda0c311bfc99f80e

SHA1
46b08afd4bbc52035d254cd2d1c3f872a0bdd44c

SHA256
f2b6b20930aee8409a7de6bb121897a11ccd806ba0b15a0171f32a7a593249aa

SHA512
b4943fc4adb3f82b7a81d5f8643b65500ddb5215c076b72553a7f73f3b00714f1b13e4b10480f0590b1790636763e6b75ce4877de36b4a913cc615348d810397

Download Submit
C:\Windows\System32\wOLQVLA.exe

Filesize
2.0MB

MD5
a676d670afc965e090152e48b06e1b77

SHA1
38fc41f263e18425ade9c831c01471ad27fff9a0

SHA256
abe12f601a6fa73be02b904fada5744e20961853c7b8e10f6fc435f995d22bfb

SHA512
d5571e463ec21ad979ba6ed77e2e48804c8ce25cc41c006df4adb2f47c5a2aa78986a38f88409fe8eabdee46d89c1a9898d2927511d32f9a2f69b131cc68a95e

Download Submit
C:\Windows\System32\whVgNyb.exe

Filesize
2.0MB

MD5
a0288ee6a5b3da38c2576a3b5bfa1503

SHA1
9690f91d4e94cec5e08de442bfd8254a426d2376

SHA256
b65331e8cddc872f3979a2ae16ccc42e54d82d7e6129bcfa0ea2a68c1f2ad6d6

SHA512
da43ebc0ed52802f612f64634910217e9fe0506f0deac9441e488f404f8a7a5713437b61693b7e7ee4c0a2872987f6ea7e71d10948fb44ec8c831073e366af71

Download Submit
C:\Windows\System32\xVckvBe.exe

Filesize
2.0MB

MD5
f577af16399f1a28b4c1d81f62d7f9f7

SHA1
c8ff0bb4b08a320b66ce76c88b9b9f6e7a35d861

SHA256
d11b93f58d4e5244f7c164ed02e4e1d383f13341740d041c58d3fe7dbeafb6fc

SHA512
63fb579291f701290064a6191714e14c59c68ee57638e40e444d373d7d86a19e17baedc476979339049f39aa9561acfa2a5012b88a54d4d2c00fc3652812b3d6

Download Submit
C:\Windows\System32\xmfUDKa.exe

Filesize
2.0MB

MD5
30955581193b3bf1ddbb393054190179

SHA1
0ca204cb2b666e12130bc849aeb8860cdbb00caa

SHA256
4b10f192d09293200f1d49f33ff0093b55d27f6ce22cc823b209296cda96c6d2

SHA512
d02fca7252d6b818b1ca592b4a15ccca62040567ca06abc6514ed344e67da06db86420d23ba71d1a1c498f9b5f6b195dff9abfef7b715be7a06ddbc654295cd2

Download Submit
C:\Windows\System32\yZLeipZ.exe

Filesize
2.0MB

MD5
6a865ddca4a9ccecc1c154e48ba9ddcf

SHA1
462cd699aae8e59b77c7838212ff4f92efed5cc8

SHA256
a0a5b129561ff543c19455b11623f6a0d94a3326828ba40b7764b889e495065e

SHA512
730e710125e28eb6fe0223a48863c961a781ea727b0d71bb820303a187baf0adb555d164134d3d7fe18b8b6093c83a396d4f6b4b0519dee12c70845a94dc9247

Download Submit
C:\Windows\System32\yrCPKQz.exe

Filesize
2.0MB

MD5
5ddd03d97c23ca646c64c09cbbf141a5

SHA1
d6db938732cc834f91f390279f05703a9e7a6a0f

SHA256
5bc03daaa61f6dc1299339f33c9cc62a37c7b038731746251b89dac70b816f80

SHA512
cb648ccb866f24181be89e88c844756f327405fc7b7e38099c571e58a80a2da761efdaaec56c6a8dfa377e7120df8c8eef48b5ab5a15d4352523e003e9de3f1e

Download Submit
memory/228-411-0x00007FF613AE0000-0x00007FF613ED1000-memory.dmp

Filesize
3.9MB

Download
memory/228-2182-0x00007FF613AE0000-0x00007FF613ED1000-memory.dmp

Filesize
3.9MB

Download
memory/760-2213-0x00007FF7402C0000-0x00007FF7406B1000-memory.dmp

Filesize
3.9MB

Download
memory/760-444-0x00007FF7402C0000-0x00007FF7406B1000-memory.dmp

Filesize
3.9MB

Download
memory/1684-2215-0x00007FF7CDBD0000-0x00007FF7CDFC1000-memory.dmp

Filesize
3.9MB

Download
memory/1684-461-0x00007FF7CDBD0000-0x00007FF7CDFC1000-memory.dmp

Filesize
3.9MB

Download
memory/1736-2178-0x00007FF6E95C0000-0x00007FF6E99B1000-memory.dmp

Filesize
3.9MB

Download
memory/1736-412-0x00007FF6E95C0000-0x00007FF6E99B1000-memory.dmp

Filesize
3.9MB

Download
memory/1928-413-0x00007FF7016A0000-0x00007FF701A91000-memory.dmp

Filesize
3.9MB

Download
memory/1928-2176-0x00007FF7016A0000-0x00007FF701A91000-memory.dmp

Filesize
3.9MB

Download
memory/2200-2174-0x00007FF7ED8F0000-0x00007FF7EDCE1000-memory.dmp

Filesize
3.9MB

Download
memory/2200-415-0x00007FF7ED8F0000-0x00007FF7EDCE1000-memory.dmp

Filesize
3.9MB

Download
memory/2328-2184-0x00007FF631E10000-0x00007FF632201000-memory.dmp

Filesize
3.9MB

Download
memory/2328-434-0x00007FF631E10000-0x00007FF632201000-memory.dmp

Filesize
3.9MB

Download
memory/2424-2172-0x00007FF60DD20000-0x00007FF60E111000-memory.dmp

Filesize
3.9MB

Download
memory/2424-423-0x00007FF60DD20000-0x00007FF60E111000-memory.dmp

Filesize
3.9MB

Download
memory/2848-471-0x00007FF6CE830000-0x00007FF6CEC21000-memory.dmp

Filesize
3.9MB

Download
memory/2848-2227-0x00007FF6CE830000-0x00007FF6CEC21000-memory.dmp

Filesize
3.9MB

Download
memory/2920-2154-0x00007FF7E2100000-0x00007FF7E24F1000-memory.dmp

Filesize
3.9MB

Download
memory/2920-1591-0x00007FF7E2100000-0x00007FF7E24F1000-memory.dmp

Filesize
3.9MB

Download
memory/2920-10-0x00007FF7E2100000-0x00007FF7E24F1000-memory.dmp

Filesize
3.9MB

Download
memory/3040-409-0x00007FF67D2B0000-0x00007FF67D6A1000-memory.dmp

Filesize
3.9MB

Download
memory/3040-2166-0x00007FF67D2B0000-0x00007FF67D6A1000-memory.dmp

Filesize
3.9MB

Download
memory/3156-1-0x0000012A70530000-0x0000012A70540000-memory.dmp

Filesize
64KB

Download
memory/3156-0-0x00007FF607C80000-0x00007FF608071000-memory.dmp

Filesize
3.9MB

Download
memory/3156-1460-0x00007FF607C80000-0x00007FF608071000-memory.dmp

Filesize
3.9MB

Download
memory/3156-2125-0x00007FF607C80000-0x00007FF608071000-memory.dmp

Filesize
3.9MB

Download
memory/3188-2219-0x00007FF7E6890000-0x00007FF7E6C81000-memory.dmp

Filesize
3.9MB

Download
memory/3188-455-0x00007FF7E6890000-0x00007FF7E6C81000-memory.dmp

Filesize
3.9MB

Download
memory/3420-467-0x00007FF63EB70000-0x00007FF63EF61000-memory.dmp

Filesize
3.9MB

Download
memory/3420-2221-0x00007FF63EB70000-0x00007FF63EF61000-memory.dmp

Filesize
3.9MB

Download
memory/3564-2170-0x00007FF6ABE60000-0x00007FF6AC251000-memory.dmp

Filesize
3.9MB

Download
memory/3564-414-0x00007FF6ABE60000-0x00007FF6AC251000-memory.dmp

Filesize
3.9MB

Download
memory/3636-407-0x00007FF6849E0000-0x00007FF684DD1000-memory.dmp

Filesize
3.9MB

Download
memory/3636-2158-0x00007FF6849E0000-0x00007FF684DD1000-memory.dmp

Filesize
3.9MB

Download
memory/3740-2156-0x00007FF6D1F30000-0x00007FF6D2321000-memory.dmp

Filesize
3.9MB

Download
memory/3740-1594-0x00007FF6D1F30000-0x00007FF6D2321000-memory.dmp

Filesize
3.9MB

Download
memory/3740-24-0x00007FF6D1F30000-0x00007FF6D2321000-memory.dmp

Filesize
3.9MB

Download
memory/3876-433-0x00007FF65A3C0000-0x00007FF65A7B1000-memory.dmp

Filesize
3.9MB

Download
memory/3876-2168-0x00007FF65A3C0000-0x00007FF65A7B1000-memory.dmp

Filesize
3.9MB

Download
memory/4028-2162-0x00007FF760CC0000-0x00007FF7610B1000-memory.dmp

Filesize
3.9MB

Download
memory/4028-481-0x00007FF760CC0000-0x00007FF7610B1000-memory.dmp

Filesize
3.9MB

Download
memory/4132-479-0x00007FF7ADA70000-0x00007FF7ADE61000-memory.dmp

Filesize
3.9MB

Download
memory/4132-2152-0x00007FF7ADA70000-0x00007FF7ADE61000-memory.dmp

Filesize
3.9MB

Download
memory/4300-410-0x00007FF60CD00000-0x00007FF60D0F1000-memory.dmp

Filesize
3.9MB

Download
memory/4300-2180-0x00007FF60CD00000-0x00007FF60D0F1000-memory.dmp

Filesize
3.9MB

Download
memory/4600-2217-0x00007FF783520000-0x00007FF783911000-memory.dmp

Filesize
3.9MB

Download
memory/4600-459-0x00007FF783520000-0x00007FF783911000-memory.dmp

Filesize
3.9MB

Download
memory/4808-2164-0x00007FF6BF8E0000-0x00007FF6BFCD1000-memory.dmp

Filesize
3.9MB

Download
memory/4808-408-0x00007FF6BF8E0000-0x00007FF6BFCD1000-memory.dmp

Filesize
3.9MB

Download
memory/4816-474-0x00007FF7398C0000-0x00007FF739CB1000-memory.dmp

Filesize
3.9MB

Download
memory/4816-2225-0x00007FF7398C0000-0x00007FF739CB1000-memory.dmp

Filesize
3.9MB

Download
memory/4872-1599-0x00007FF7F4AC0000-0x00007FF7F4EB1000-memory.dmp

Filesize
3.9MB

Download
memory/4872-2160-0x00007FF7F4AC0000-0x00007FF7F4EB1000-memory.dmp

Filesize
3.9MB

Download
memory/4872-406-0x00007FF7F4AC0000-0x00007FF7F4EB1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads