xmrig | 2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58

Analysis

max time kernel
106s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
Size

2.5MB
MD5

fc7ea9c78660fb4362764eb73f22d7a7
SHA1

75e427bd81b22f1efdc60aa6c620c5f2721ceabc
SHA256

2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58
SHA512

ef6aa5030a83560f111c65a663d41c61a91732b8aa883f89dac262aac0ea3d8e07eb9492960ef8bb8197f477a2567c6fbd5af38ec688fdf6e8ad900d61ffc879
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8Dze7jcmWH/4Dc:w0GnJMOWPClFdx6e0EALKWVTffZiPAc1

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2912-0-0x00007FF6B4A30000-0x00007FF6B4E25000-memory.dmp	xmrig
behavioral2/files/0x0008000000023452-5.dat	xmrig
behavioral2/files/0x0007000000023457-7.dat	xmrig
behavioral2/memory/4164-14-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023456-12.dat	xmrig
behavioral2/files/0x000700000002345b-36.dat	xmrig
behavioral2/files/0x000700000002345e-54.dat	xmrig
behavioral2/files/0x0007000000023461-69.dat	xmrig
behavioral2/files/0x0007000000023462-74.dat	xmrig
behavioral2/files/0x0007000000023466-91.dat	xmrig
behavioral2/files/0x0007000000023467-99.dat	xmrig
behavioral2/files/0x000700000002346a-111.dat	xmrig
behavioral2/files/0x000700000002346b-117.dat	xmrig
behavioral2/files/0x000700000002346d-129.dat	xmrig
behavioral2/files/0x000700000002346f-142.dat	xmrig
behavioral2/files/0x0007000000023472-157.dat	xmrig
behavioral2/memory/3372-480-0x00007FF7958E0000-0x00007FF795CD5000-memory.dmp	xmrig
behavioral2/memory/4948-498-0x00007FF630C00000-0x00007FF630FF5000-memory.dmp	xmrig
behavioral2/memory/744-492-0x00007FF6F1800000-0x00007FF6F1BF5000-memory.dmp	xmrig
behavioral2/memory/4492-490-0x00007FF7347C0000-0x00007FF734BB5000-memory.dmp	xmrig
behavioral2/memory/1388-489-0x00007FF7E9830000-0x00007FF7E9C25000-memory.dmp	xmrig
behavioral2/memory/100-478-0x00007FF685260000-0x00007FF685655000-memory.dmp	xmrig
behavioral2/memory/4376-512-0x00007FF737A30000-0x00007FF737E25000-memory.dmp	xmrig
behavioral2/memory/3104-521-0x00007FF6698E0000-0x00007FF669CD5000-memory.dmp	xmrig
behavioral2/memory/4552-525-0x00007FF76E8F0000-0x00007FF76ECE5000-memory.dmp	xmrig
behavioral2/memory/2296-533-0x00007FF6070E0000-0x00007FF6074D5000-memory.dmp	xmrig
behavioral2/memory/532-562-0x00007FF690A70000-0x00007FF690E65000-memory.dmp	xmrig
behavioral2/memory/404-564-0x00007FF73E200000-0x00007FF73E5F5000-memory.dmp	xmrig
behavioral2/memory/2112-567-0x00007FF7B9810000-0x00007FF7B9C05000-memory.dmp	xmrig
behavioral2/memory/4072-569-0x00007FF6F0630000-0x00007FF6F0A25000-memory.dmp	xmrig
behavioral2/memory/2068-574-0x00007FF702B70000-0x00007FF702F65000-memory.dmp	xmrig
behavioral2/memory/3488-578-0x00007FF688BA0000-0x00007FF688F95000-memory.dmp	xmrig
behavioral2/memory/1144-576-0x00007FF773F90000-0x00007FF774385000-memory.dmp	xmrig
behavioral2/memory/1156-551-0x00007FF73BB50000-0x00007FF73BF45000-memory.dmp	xmrig
behavioral2/memory/4288-545-0x00007FF6B4300000-0x00007FF6B46F5000-memory.dmp	xmrig
behavioral2/memory/3452-539-0x00007FF6B3520000-0x00007FF6B3915000-memory.dmp	xmrig
behavioral2/memory/2528-536-0x00007FF6E1B40000-0x00007FF6E1F35000-memory.dmp	xmrig
behavioral2/files/0x0007000000023474-164.dat	xmrig
behavioral2/files/0x0007000000023473-162.dat	xmrig
behavioral2/files/0x0007000000023471-152.dat	xmrig
behavioral2/files/0x0007000000023470-144.dat	xmrig
behavioral2/files/0x000700000002346e-134.dat	xmrig
behavioral2/files/0x000700000002346c-127.dat	xmrig
behavioral2/files/0x0007000000023469-109.dat	xmrig
behavioral2/files/0x0007000000023468-104.dat	xmrig
behavioral2/files/0x0007000000023465-89.dat	xmrig
behavioral2/files/0x0007000000023464-84.dat	xmrig
behavioral2/files/0x0007000000023463-79.dat	xmrig
behavioral2/files/0x0007000000023460-64.dat	xmrig
behavioral2/files/0x000700000002345f-59.dat	xmrig
behavioral2/files/0x000700000002345d-49.dat	xmrig
behavioral2/files/0x000700000002345c-44.dat	xmrig
behavioral2/files/0x000700000002345a-34.dat	xmrig
behavioral2/memory/3236-30-0x00007FF753200000-0x00007FF7535F5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023459-28.dat	xmrig
behavioral2/files/0x0007000000023458-23.dat	xmrig
behavioral2/memory/2108-10-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp	xmrig
behavioral2/memory/2912-1260-0x00007FF6B4A30000-0x00007FF6B4E25000-memory.dmp	xmrig
behavioral2/memory/2108-1362-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp	xmrig
behavioral2/memory/3236-1499-0x00007FF753200000-0x00007FF7535F5000-memory.dmp	xmrig
behavioral2/memory/4164-1496-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp	xmrig
behavioral2/memory/2108-2079-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp	xmrig
behavioral2/memory/4164-2080-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp	xmrig
behavioral2/memory/3236-2081-0x00007FF753200000-0x00007FF7535F5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2108	jOyNrvP.exe
4164	fQssVIN.exe
3236	UuRzQCD.exe
1144	WWxbpcM.exe
100	nVJqJcK.exe
3488	YpNOhSG.exe
3372	ikZILUr.exe
1388	AJSAGue.exe
4492	DVLdueb.exe
744	BBdsgDl.exe
4948	RsRMdLP.exe
4376	cOIHknR.exe
3104	ldZlktF.exe
4552	qKuKKzp.exe
2296	inGxZWa.exe
2528	cMxvgWs.exe
3452	xwIbuDN.exe
4288	efeamkr.exe
1156	kdZWTKh.exe
532	wKdgxiv.exe
404	QTZbKwG.exe
2112	gTkEfQg.exe
4072	eUvahqc.exe
2068	EBGpQhz.exe
2704	OfvsSAu.exe
684	FPwyXpn.exe
3380	UVFQdHH.exe
3224	ivyjrqU.exe
3732	QPamjDP.exe
2372	KeIBAGl.exe
4712	NqQuiqQ.exe
4336	eVoFPBX.exe
3456	fWtyqDX.exe
1528	XSLGEqR.exe
4836	APGdbsr.exe
1224	UJHgWgU.exe
4528	hxCgvyg.exe
5020	yxFeuFf.exe
372	dDeGuOA.exe
2228	DAOXtvX.exe
1304	JQyDgjw.exe
1644	rMKpBWF.exe
1632	vPxjwOF.exe
3832	OUaqaDE.exe
1112	SuGlloH.exe
2204	dqZTEBf.exe
952	JnNBcfu.exe
4496	dEoNslU.exe
1380	rbPcgiM.exe
4892	hEQipdI.exe
1364	pfKTXxo.exe
64	EBYzWiz.exe
2252	UXccYbW.exe
4124	UprUzOs.exe
4880	fAhHTZI.exe
3364	qysLnSe.exe
4648	QJkDNEJ.exe
1936	MdnmSEo.exe
2220	LvmGjad.exe
2168	kvQryCs.exe
4596	FvOHExP.exe
2736	zTTdygq.exe
2884	dhLmwWb.exe
1360	KKVjfRk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2912-0-0x00007FF6B4A30000-0x00007FF6B4E25000-memory.dmp	upx
behavioral2/files/0x0008000000023452-5.dat	upx
behavioral2/files/0x0007000000023457-7.dat	upx
behavioral2/memory/4164-14-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp	upx
behavioral2/files/0x0007000000023456-12.dat	upx
behavioral2/files/0x000700000002345b-36.dat	upx
behavioral2/files/0x000700000002345e-54.dat	upx
behavioral2/files/0x0007000000023461-69.dat	upx
behavioral2/files/0x0007000000023462-74.dat	upx
behavioral2/files/0x0007000000023466-91.dat	upx
behavioral2/files/0x0007000000023467-99.dat	upx
behavioral2/files/0x000700000002346a-111.dat	upx
behavioral2/files/0x000700000002346b-117.dat	upx
behavioral2/files/0x000700000002346d-129.dat	upx
behavioral2/files/0x000700000002346f-142.dat	upx
behavioral2/files/0x0007000000023472-157.dat	upx
behavioral2/memory/3372-480-0x00007FF7958E0000-0x00007FF795CD5000-memory.dmp	upx
behavioral2/memory/4948-498-0x00007FF630C00000-0x00007FF630FF5000-memory.dmp	upx
behavioral2/memory/744-492-0x00007FF6F1800000-0x00007FF6F1BF5000-memory.dmp	upx
behavioral2/memory/4492-490-0x00007FF7347C0000-0x00007FF734BB5000-memory.dmp	upx
behavioral2/memory/1388-489-0x00007FF7E9830000-0x00007FF7E9C25000-memory.dmp	upx
behavioral2/memory/100-478-0x00007FF685260000-0x00007FF685655000-memory.dmp	upx
behavioral2/memory/4376-512-0x00007FF737A30000-0x00007FF737E25000-memory.dmp	upx
behavioral2/memory/3104-521-0x00007FF6698E0000-0x00007FF669CD5000-memory.dmp	upx
behavioral2/memory/4552-525-0x00007FF76E8F0000-0x00007FF76ECE5000-memory.dmp	upx
behavioral2/memory/2296-533-0x00007FF6070E0000-0x00007FF6074D5000-memory.dmp	upx
behavioral2/memory/532-562-0x00007FF690A70000-0x00007FF690E65000-memory.dmp	upx
behavioral2/memory/404-564-0x00007FF73E200000-0x00007FF73E5F5000-memory.dmp	upx
behavioral2/memory/2112-567-0x00007FF7B9810000-0x00007FF7B9C05000-memory.dmp	upx
behavioral2/memory/4072-569-0x00007FF6F0630000-0x00007FF6F0A25000-memory.dmp	upx
behavioral2/memory/2068-574-0x00007FF702B70000-0x00007FF702F65000-memory.dmp	upx
behavioral2/memory/3488-578-0x00007FF688BA0000-0x00007FF688F95000-memory.dmp	upx
behavioral2/memory/1144-576-0x00007FF773F90000-0x00007FF774385000-memory.dmp	upx
behavioral2/memory/1156-551-0x00007FF73BB50000-0x00007FF73BF45000-memory.dmp	upx
behavioral2/memory/4288-545-0x00007FF6B4300000-0x00007FF6B46F5000-memory.dmp	upx
behavioral2/memory/3452-539-0x00007FF6B3520000-0x00007FF6B3915000-memory.dmp	upx
behavioral2/memory/2528-536-0x00007FF6E1B40000-0x00007FF6E1F35000-memory.dmp	upx
behavioral2/files/0x0007000000023474-164.dat	upx
behavioral2/files/0x0007000000023473-162.dat	upx
behavioral2/files/0x0007000000023471-152.dat	upx
behavioral2/files/0x0007000000023470-144.dat	upx
behavioral2/files/0x000700000002346e-134.dat	upx
behavioral2/files/0x000700000002346c-127.dat	upx
behavioral2/files/0x0007000000023469-109.dat	upx
behavioral2/files/0x0007000000023468-104.dat	upx
behavioral2/files/0x0007000000023465-89.dat	upx
behavioral2/files/0x0007000000023464-84.dat	upx
behavioral2/files/0x0007000000023463-79.dat	upx
behavioral2/files/0x0007000000023460-64.dat	upx
behavioral2/files/0x000700000002345f-59.dat	upx
behavioral2/files/0x000700000002345d-49.dat	upx
behavioral2/files/0x000700000002345c-44.dat	upx
behavioral2/files/0x000700000002345a-34.dat	upx
behavioral2/memory/3236-30-0x00007FF753200000-0x00007FF7535F5000-memory.dmp	upx
behavioral2/files/0x0007000000023459-28.dat	upx
behavioral2/files/0x0007000000023458-23.dat	upx
behavioral2/memory/2108-10-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp	upx
behavioral2/memory/2912-1260-0x00007FF6B4A30000-0x00007FF6B4E25000-memory.dmp	upx
behavioral2/memory/2108-1362-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp	upx
behavioral2/memory/3236-1499-0x00007FF753200000-0x00007FF7535F5000-memory.dmp	upx
behavioral2/memory/4164-1496-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp	upx
behavioral2/memory/2108-2079-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp	upx
behavioral2/memory/4164-2080-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp	upx
behavioral2/memory/3236-2081-0x00007FF753200000-0x00007FF7535F5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\QfvRJEX.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\TavjAdA.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\angVvXA.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\AoDvUwz.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\jaeizgB.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\PewblBF.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\XOYFPvM.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\SUqvXKX.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\babJabk.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\hpSputI.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\kdZWTKh.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\vETZQjQ.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\WqFunuf.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\BbkTwnF.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\CussLLs.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\lsGKkot.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\rhihVfX.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\npXlbvn.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\ZawMCPp.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\HeLhRpV.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\tolOaJU.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\CYGuSPC.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\wtVzPQe.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\cphNeva.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\nVPeXuv.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\eVoFPBX.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\KRWIreZ.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\fMfriid.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\bgrZQiW.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\DJeUzQW.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\pOfkRPp.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\qRYSphr.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\cfAknpf.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\dhLmwWb.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\cRztoZy.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\oUKYlud.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\GKfLHzk.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\OfvsSAu.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\EIuqOlL.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\PerosKb.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\lkaCmaC.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\vdAOvwq.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\sADOEKj.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\ouLSdCu.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\XvZCGhY.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\lUyJhdR.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\GJDBBZs.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\jwQHTIZ.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\jsjOfLA.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\aihoMtb.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\BekfbNp.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\LlrMPzN.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\dwuVLnG.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\segXocq.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\fXnZdyt.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\AJSAGue.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\FPwyXpn.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\XuGFITo.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\ByioMnQ.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\cvkABAQ.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\mmXTCvC.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\biDhRKE.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\qkemTWt.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
File created	C:\Windows\System32\QJkDNEJ.exe	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14312	dwm.exe
Token: SeChangeNotifyPrivilege	14312	dwm.exe
Token: 33	14312	dwm.exe
Token: SeIncBasePriorityPrivilege	14312	dwm.exe
Token: SeShutdownPrivilege	14312	dwm.exe
Token: SeCreatePagefilePrivilege	14312	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2108	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	85
PID 2912 wrote to memory of 2108	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	85
PID 2912 wrote to memory of 4164	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	86
PID 2912 wrote to memory of 4164	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	86
PID 2912 wrote to memory of 3236	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	87
PID 2912 wrote to memory of 3236	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	87
PID 2912 wrote to memory of 1144	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	88
PID 2912 wrote to memory of 1144	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	88
PID 2912 wrote to memory of 100	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	89
PID 2912 wrote to memory of 100	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	89
PID 2912 wrote to memory of 3488	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	90
PID 2912 wrote to memory of 3488	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	90
PID 2912 wrote to memory of 3372	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	91
PID 2912 wrote to memory of 3372	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	91
PID 2912 wrote to memory of 1388	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	92
PID 2912 wrote to memory of 1388	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	92
PID 2912 wrote to memory of 4492	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	93
PID 2912 wrote to memory of 4492	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	93
PID 2912 wrote to memory of 744	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	94
PID 2912 wrote to memory of 744	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	94
PID 2912 wrote to memory of 4948	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	95
PID 2912 wrote to memory of 4948	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	95
PID 2912 wrote to memory of 4376	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	96
PID 2912 wrote to memory of 4376	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	96
PID 2912 wrote to memory of 3104	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	97
PID 2912 wrote to memory of 3104	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	97
PID 2912 wrote to memory of 4552	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	98
PID 2912 wrote to memory of 4552	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	98
PID 2912 wrote to memory of 2296	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	99
PID 2912 wrote to memory of 2296	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	99
PID 2912 wrote to memory of 2528	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	100
PID 2912 wrote to memory of 2528	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	100
PID 2912 wrote to memory of 3452	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	101
PID 2912 wrote to memory of 3452	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	101
PID 2912 wrote to memory of 4288	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	102
PID 2912 wrote to memory of 4288	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	102
PID 2912 wrote to memory of 1156	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	103
PID 2912 wrote to memory of 1156	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	103
PID 2912 wrote to memory of 532	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	104
PID 2912 wrote to memory of 532	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	104
PID 2912 wrote to memory of 404	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	105
PID 2912 wrote to memory of 404	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	105
PID 2912 wrote to memory of 2112	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	106
PID 2912 wrote to memory of 2112	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	106
PID 2912 wrote to memory of 4072	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	107
PID 2912 wrote to memory of 4072	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	107
PID 2912 wrote to memory of 2068	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	108
PID 2912 wrote to memory of 2068	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	108
PID 2912 wrote to memory of 2704	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	109
PID 2912 wrote to memory of 2704	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	109
PID 2912 wrote to memory of 684	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	110
PID 2912 wrote to memory of 684	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	110
PID 2912 wrote to memory of 3380	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	111
PID 2912 wrote to memory of 3380	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	111
PID 2912 wrote to memory of 3224	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	112
PID 2912 wrote to memory of 3224	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	112
PID 2912 wrote to memory of 3732	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	113
PID 2912 wrote to memory of 3732	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	113
PID 2912 wrote to memory of 2372	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	114
PID 2912 wrote to memory of 2372	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	114
PID 2912 wrote to memory of 4712	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	115
PID 2912 wrote to memory of 4712	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	115
PID 2912 wrote to memory of 4336	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	116
PID 2912 wrote to memory of 4336	2912	2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe	116

C:\Users\Admin\AppData\Local\Temp\2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe
"C:\Users\Admin\AppData\Local\Temp\2d4b759a34b168b007c55d47483b66ed1b789eafc8b35f11828932f87d85ef58.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\System32\jOyNrvP.exe
  C:\Windows\System32\jOyNrvP.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System32\fQssVIN.exe
  C:\Windows\System32\fQssVIN.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System32\UuRzQCD.exe
  C:\Windows\System32\UuRzQCD.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System32\WWxbpcM.exe
  C:\Windows\System32\WWxbpcM.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System32\nVJqJcK.exe
  C:\Windows\System32\nVJqJcK.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System32\YpNOhSG.exe
  C:\Windows\System32\YpNOhSG.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System32\ikZILUr.exe
  C:\Windows\System32\ikZILUr.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System32\AJSAGue.exe
  C:\Windows\System32\AJSAGue.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System32\DVLdueb.exe
  C:\Windows\System32\DVLdueb.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System32\BBdsgDl.exe
  C:\Windows\System32\BBdsgDl.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System32\RsRMdLP.exe
  C:\Windows\System32\RsRMdLP.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System32\cOIHknR.exe
  C:\Windows\System32\cOIHknR.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System32\ldZlktF.exe
  C:\Windows\System32\ldZlktF.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System32\qKuKKzp.exe
  C:\Windows\System32\qKuKKzp.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System32\inGxZWa.exe
  C:\Windows\System32\inGxZWa.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System32\cMxvgWs.exe
  C:\Windows\System32\cMxvgWs.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System32\xwIbuDN.exe
  C:\Windows\System32\xwIbuDN.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System32\efeamkr.exe
  C:\Windows\System32\efeamkr.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System32\kdZWTKh.exe
  C:\Windows\System32\kdZWTKh.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System32\wKdgxiv.exe
  C:\Windows\System32\wKdgxiv.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System32\QTZbKwG.exe
  C:\Windows\System32\QTZbKwG.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System32\gTkEfQg.exe
  C:\Windows\System32\gTkEfQg.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System32\eUvahqc.exe
  C:\Windows\System32\eUvahqc.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System32\EBGpQhz.exe
  C:\Windows\System32\EBGpQhz.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System32\OfvsSAu.exe
  C:\Windows\System32\OfvsSAu.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System32\FPwyXpn.exe
  C:\Windows\System32\FPwyXpn.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System32\UVFQdHH.exe
  C:\Windows\System32\UVFQdHH.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System32\ivyjrqU.exe
  C:\Windows\System32\ivyjrqU.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System32\QPamjDP.exe
  C:\Windows\System32\QPamjDP.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System32\KeIBAGl.exe
  C:\Windows\System32\KeIBAGl.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System32\NqQuiqQ.exe
  C:\Windows\System32\NqQuiqQ.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System32\eVoFPBX.exe
  C:\Windows\System32\eVoFPBX.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System32\fWtyqDX.exe
  C:\Windows\System32\fWtyqDX.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System32\XSLGEqR.exe
  C:\Windows\System32\XSLGEqR.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System32\APGdbsr.exe
  C:\Windows\System32\APGdbsr.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System32\UJHgWgU.exe
  C:\Windows\System32\UJHgWgU.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System32\hxCgvyg.exe
  C:\Windows\System32\hxCgvyg.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System32\yxFeuFf.exe
  C:\Windows\System32\yxFeuFf.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System32\dDeGuOA.exe
  C:\Windows\System32\dDeGuOA.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System32\DAOXtvX.exe
  C:\Windows\System32\DAOXtvX.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System32\JQyDgjw.exe
  C:\Windows\System32\JQyDgjw.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System32\rMKpBWF.exe
  C:\Windows\System32\rMKpBWF.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System32\vPxjwOF.exe
  C:\Windows\System32\vPxjwOF.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System32\OUaqaDE.exe
  C:\Windows\System32\OUaqaDE.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System32\SuGlloH.exe
  C:\Windows\System32\SuGlloH.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System32\dqZTEBf.exe
  C:\Windows\System32\dqZTEBf.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System32\JnNBcfu.exe
  C:\Windows\System32\JnNBcfu.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System32\dEoNslU.exe
  C:\Windows\System32\dEoNslU.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System32\rbPcgiM.exe
  C:\Windows\System32\rbPcgiM.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System32\hEQipdI.exe
  C:\Windows\System32\hEQipdI.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System32\pfKTXxo.exe
  C:\Windows\System32\pfKTXxo.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System32\EBYzWiz.exe
  C:\Windows\System32\EBYzWiz.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System32\UXccYbW.exe
  C:\Windows\System32\UXccYbW.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System32\UprUzOs.exe
  C:\Windows\System32\UprUzOs.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System32\fAhHTZI.exe
  C:\Windows\System32\fAhHTZI.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System32\qysLnSe.exe
  C:\Windows\System32\qysLnSe.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System32\QJkDNEJ.exe
  C:\Windows\System32\QJkDNEJ.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System32\MdnmSEo.exe
  C:\Windows\System32\MdnmSEo.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System32\LvmGjad.exe
  C:\Windows\System32\LvmGjad.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System32\kvQryCs.exe
  C:\Windows\System32\kvQryCs.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System32\FvOHExP.exe
  C:\Windows\System32\FvOHExP.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System32\zTTdygq.exe
  C:\Windows\System32\zTTdygq.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System32\dhLmwWb.exe
  C:\Windows\System32\dhLmwWb.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System32\KKVjfRk.exe
  C:\Windows\System32\KKVjfRk.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System32\wBFBgKC.exe
  C:\Windows\System32\wBFBgKC.exe
  2⤵
  PID:4456
- C:\Windows\System32\ZXVNBct.exe
  C:\Windows\System32\ZXVNBct.exe
  2⤵
  PID:1280
- C:\Windows\System32\AoLhIeE.exe
  C:\Windows\System32\AoLhIeE.exe
  2⤵
  PID:860
- C:\Windows\System32\drrMuOo.exe
  C:\Windows\System32\drrMuOo.exe
  2⤵
  PID:2240
- C:\Windows\System32\sakeOTS.exe
  C:\Windows\System32\sakeOTS.exe
  2⤵
  PID:2840
- C:\Windows\System32\UiJfhzg.exe
  C:\Windows\System32\UiJfhzg.exe
  2⤵
  PID:640
- C:\Windows\System32\znHMzaO.exe
  C:\Windows\System32\znHMzaO.exe
  2⤵
  PID:2744
- C:\Windows\System32\DAeTUxD.exe
  C:\Windows\System32\DAeTUxD.exe
  2⤵
  PID:4656
- C:\Windows\System32\BXLnlnq.exe
  C:\Windows\System32\BXLnlnq.exe
  2⤵
  PID:5132
- C:\Windows\System32\lzzhUGA.exe
  C:\Windows\System32\lzzhUGA.exe
  2⤵
  PID:5160
- C:\Windows\System32\XDewTEv.exe
  C:\Windows\System32\XDewTEv.exe
  2⤵
  PID:5188
- C:\Windows\System32\bLNTrdZ.exe
  C:\Windows\System32\bLNTrdZ.exe
  2⤵
  PID:5216
- C:\Windows\System32\qKjmnnP.exe
  C:\Windows\System32\qKjmnnP.exe
  2⤵
  PID:5240
- C:\Windows\System32\KRWIreZ.exe
  C:\Windows\System32\KRWIreZ.exe
  2⤵
  PID:5272
- C:\Windows\System32\ObDVBVy.exe
  C:\Windows\System32\ObDVBVy.exe
  2⤵
  PID:5300
- C:\Windows\System32\ipqmCMy.exe
  C:\Windows\System32\ipqmCMy.exe
  2⤵
  PID:5328
- C:\Windows\System32\UmlFjmx.exe
  C:\Windows\System32\UmlFjmx.exe
  2⤵
  PID:5356
- C:\Windows\System32\IWLeJkB.exe
  C:\Windows\System32\IWLeJkB.exe
  2⤵
  PID:5392
- C:\Windows\System32\mtBQPxD.exe
  C:\Windows\System32\mtBQPxD.exe
  2⤵
  PID:5412
- C:\Windows\System32\bguRUHd.exe
  C:\Windows\System32\bguRUHd.exe
  2⤵
  PID:5440
- C:\Windows\System32\UvctdKc.exe
  C:\Windows\System32\UvctdKc.exe
  2⤵
  PID:5468
- C:\Windows\System32\uUhMrJJ.exe
  C:\Windows\System32\uUhMrJJ.exe
  2⤵
  PID:5496
- C:\Windows\System32\FgYaatY.exe
  C:\Windows\System32\FgYaatY.exe
  2⤵
  PID:5528
- C:\Windows\System32\HvZbsdu.exe
  C:\Windows\System32\HvZbsdu.exe
  2⤵
  PID:5552
- C:\Windows\System32\CYGuSPC.exe
  C:\Windows\System32\CYGuSPC.exe
  2⤵
  PID:5584
- C:\Windows\System32\OVngyey.exe
  C:\Windows\System32\OVngyey.exe
  2⤵
  PID:5608
- C:\Windows\System32\mYzTjxm.exe
  C:\Windows\System32\mYzTjxm.exe
  2⤵
  PID:5636
- C:\Windows\System32\fMfriid.exe
  C:\Windows\System32\fMfriid.exe
  2⤵
  PID:5664
- C:\Windows\System32\CDYlYhn.exe
  C:\Windows\System32\CDYlYhn.exe
  2⤵
  PID:5692
- C:\Windows\System32\ktODuxW.exe
  C:\Windows\System32\ktODuxW.exe
  2⤵
  PID:5720
- C:\Windows\System32\KSztKxx.exe
  C:\Windows\System32\KSztKxx.exe
  2⤵
  PID:5744
- C:\Windows\System32\XRMKnuq.exe
  C:\Windows\System32\XRMKnuq.exe
  2⤵
  PID:5776
- C:\Windows\System32\dKitdoE.exe
  C:\Windows\System32\dKitdoE.exe
  2⤵
  PID:5804
- C:\Windows\System32\njbvotE.exe
  C:\Windows\System32\njbvotE.exe
  2⤵
  PID:5828
- C:\Windows\System32\LgXvubb.exe
  C:\Windows\System32\LgXvubb.exe
  2⤵
  PID:5860
- C:\Windows\System32\QfvRJEX.exe
  C:\Windows\System32\QfvRJEX.exe
  2⤵
  PID:5888
- C:\Windows\System32\GuyGCyB.exe
  C:\Windows\System32\GuyGCyB.exe
  2⤵
  PID:5916
- C:\Windows\System32\nqWSUAv.exe
  C:\Windows\System32\nqWSUAv.exe
  2⤵
  PID:5940
- C:\Windows\System32\xVDfKQq.exe
  C:\Windows\System32\xVDfKQq.exe
  2⤵
  PID:5968
- C:\Windows\System32\HsIHCxv.exe
  C:\Windows\System32\HsIHCxv.exe
  2⤵
  PID:6000
- C:\Windows\System32\WMuODUr.exe
  C:\Windows\System32\WMuODUr.exe
  2⤵
  PID:6024
- C:\Windows\System32\LqYEOyK.exe
  C:\Windows\System32\LqYEOyK.exe
  2⤵
  PID:6056
- C:\Windows\System32\QByVrLi.exe
  C:\Windows\System32\QByVrLi.exe
  2⤵
  PID:6084
- C:\Windows\System32\YzswFqk.exe
  C:\Windows\System32\YzswFqk.exe
  2⤵
  PID:6112
- C:\Windows\System32\KYPyrdA.exe
  C:\Windows\System32\KYPyrdA.exe
  2⤵
  PID:840
- C:\Windows\System32\YHIrVTU.exe
  C:\Windows\System32\YHIrVTU.exe
  2⤵
  PID:2124
- C:\Windows\System32\SIUJaUg.exe
  C:\Windows\System32\SIUJaUg.exe
  2⤵
  PID:1688
- C:\Windows\System32\vZpKnAe.exe
  C:\Windows\System32\vZpKnAe.exe
  2⤵
  PID:2900
- C:\Windows\System32\fGumvva.exe
  C:\Windows\System32\fGumvva.exe
  2⤵
  PID:5124
- C:\Windows\System32\BdsmXsC.exe
  C:\Windows\System32\BdsmXsC.exe
  2⤵
  PID:5140
- C:\Windows\System32\BlZCPmZ.exe
  C:\Windows\System32\BlZCPmZ.exe
  2⤵
  PID:5224
- C:\Windows\System32\wQXfTcM.exe
  C:\Windows\System32\wQXfTcM.exe
  2⤵
  PID:5292
- C:\Windows\System32\JPUhgCJ.exe
  C:\Windows\System32\JPUhgCJ.exe
  2⤵
  PID:5336
- C:\Windows\System32\eHvXpsI.exe
  C:\Windows\System32\eHvXpsI.exe
  2⤵
  PID:5400
- C:\Windows\System32\VPxoQcE.exe
  C:\Windows\System32\VPxoQcE.exe
  2⤵
  PID:5480
- C:\Windows\System32\mLSufgR.exe
  C:\Windows\System32\mLSufgR.exe
  2⤵
  PID:5536
- C:\Windows\System32\MJXJZrq.exe
  C:\Windows\System32\MJXJZrq.exe
  2⤵
  PID:5604
- C:\Windows\System32\JkqKrtZ.exe
  C:\Windows\System32\JkqKrtZ.exe
  2⤵
  PID:5656
- C:\Windows\System32\xCEcOgS.exe
  C:\Windows\System32\xCEcOgS.exe
  2⤵
  PID:5732
- C:\Windows\System32\NToNeOu.exe
  C:\Windows\System32\NToNeOu.exe
  2⤵
  PID:5784
- C:\Windows\System32\tlvvEjz.exe
  C:\Windows\System32\tlvvEjz.exe
  2⤵
  PID:5844
- C:\Windows\System32\YQBpgMs.exe
  C:\Windows\System32\YQBpgMs.exe
  2⤵
  PID:5900
- C:\Windows\System32\vFLNOuu.exe
  C:\Windows\System32\vFLNOuu.exe
  2⤵
  PID:5984
- C:\Windows\System32\eSOaojE.exe
  C:\Windows\System32\eSOaojE.exe
  2⤵
  PID:6040
- C:\Windows\System32\rpgfhVa.exe
  C:\Windows\System32\rpgfhVa.exe
  2⤵
  PID:4720
- C:\Windows\System32\wmATcRw.exe
  C:\Windows\System32\wmATcRw.exe
  2⤵
  PID:3808
- C:\Windows\System32\sumXpTc.exe
  C:\Windows\System32\sumXpTc.exe
  2⤵
  PID:2812
- C:\Windows\System32\OhbrHsx.exe
  C:\Windows\System32\OhbrHsx.exe
  2⤵
  PID:5172
- C:\Windows\System32\mEVuObF.exe
  C:\Windows\System32\mEVuObF.exe
  2⤵
  PID:5388
- C:\Windows\System32\qhormfu.exe
  C:\Windows\System32\qhormfu.exe
  2⤵
  PID:5420
- C:\Windows\System32\jwQHTIZ.exe
  C:\Windows\System32\jwQHTIZ.exe
  2⤵
  PID:5580
- C:\Windows\System32\tGuTgvO.exe
  C:\Windows\System32\tGuTgvO.exe
  2⤵
  PID:5712
- C:\Windows\System32\wyynshG.exe
  C:\Windows\System32\wyynshG.exe
  2⤵
  PID:5868
- C:\Windows\System32\VNlzWWG.exe
  C:\Windows\System32\VNlzWWG.exe
  2⤵
  PID:6012
- C:\Windows\System32\YVxsLRK.exe
  C:\Windows\System32\YVxsLRK.exe
  2⤵
  PID:6252
- C:\Windows\System32\EtaKdIB.exe
  C:\Windows\System32\EtaKdIB.exe
  2⤵
  PID:6268
- C:\Windows\System32\tWyvMTD.exe
  C:\Windows\System32\tWyvMTD.exe
  2⤵
  PID:6292
- C:\Windows\System32\wxUdEMe.exe
  C:\Windows\System32\wxUdEMe.exe
  2⤵
  PID:6308
- C:\Windows\System32\shPEpYU.exe
  C:\Windows\System32\shPEpYU.exe
  2⤵
  PID:6372
- C:\Windows\System32\vdAOvwq.exe
  C:\Windows\System32\vdAOvwq.exe
  2⤵
  PID:6392
- C:\Windows\System32\pKFXYIZ.exe
  C:\Windows\System32\pKFXYIZ.exe
  2⤵
  PID:6424
- C:\Windows\System32\HheHCyL.exe
  C:\Windows\System32\HheHCyL.exe
  2⤵
  PID:6456
- C:\Windows\System32\MBqgxgM.exe
  C:\Windows\System32\MBqgxgM.exe
  2⤵
  PID:6472
- C:\Windows\System32\vETZQjQ.exe
  C:\Windows\System32\vETZQjQ.exe
  2⤵
  PID:6548
- C:\Windows\System32\ZLkQBaQ.exe
  C:\Windows\System32\ZLkQBaQ.exe
  2⤵
  PID:6564
- C:\Windows\System32\VWuakpg.exe
  C:\Windows\System32\VWuakpg.exe
  2⤵
  PID:6580
- C:\Windows\System32\rNEgjfg.exe
  C:\Windows\System32\rNEgjfg.exe
  2⤵
  PID:6612
- C:\Windows\System32\pNyuzHp.exe
  C:\Windows\System32\pNyuzHp.exe
  2⤵
  PID:6644
- C:\Windows\System32\woISiRs.exe
  C:\Windows\System32\woISiRs.exe
  2⤵
  PID:6668
- C:\Windows\System32\jsjOfLA.exe
  C:\Windows\System32\jsjOfLA.exe
  2⤵
  PID:6708
- C:\Windows\System32\pbujvch.exe
  C:\Windows\System32\pbujvch.exe
  2⤵
  PID:6744
- C:\Windows\System32\zeCFGBP.exe
  C:\Windows\System32\zeCFGBP.exe
  2⤵
  PID:6804
- C:\Windows\System32\sADOEKj.exe
  C:\Windows\System32\sADOEKj.exe
  2⤵
  PID:6836
- C:\Windows\System32\YFgTwYt.exe
  C:\Windows\System32\YFgTwYt.exe
  2⤵
  PID:6860
- C:\Windows\System32\xisWyPD.exe
  C:\Windows\System32\xisWyPD.exe
  2⤵
  PID:6884
- C:\Windows\System32\cwGUVaI.exe
  C:\Windows\System32\cwGUVaI.exe
  2⤵
  PID:6916
- C:\Windows\System32\NjyvkYX.exe
  C:\Windows\System32\NjyvkYX.exe
  2⤵
  PID:6948
- C:\Windows\System32\jAUhmtf.exe
  C:\Windows\System32\jAUhmtf.exe
  2⤵
  PID:6984
- C:\Windows\System32\VPAOKff.exe
  C:\Windows\System32\VPAOKff.exe
  2⤵
  PID:7004
- C:\Windows\System32\KKdXMQu.exe
  C:\Windows\System32\KKdXMQu.exe
  2⤵
  PID:7052
- C:\Windows\System32\EHLMefK.exe
  C:\Windows\System32\EHLMefK.exe
  2⤵
  PID:7100
- C:\Windows\System32\CCjpOSI.exe
  C:\Windows\System32\CCjpOSI.exe
  2⤵
  PID:7128
- C:\Windows\System32\zZgnCOi.exe
  C:\Windows\System32\zZgnCOi.exe
  2⤵
  PID:7152
- C:\Windows\System32\osDPNVq.exe
  C:\Windows\System32\osDPNVq.exe
  2⤵
  PID:5928
- C:\Windows\System32\xysQGZM.exe
  C:\Windows\System32\xysQGZM.exe
  2⤵
  PID:3284
- C:\Windows\System32\LgbBYfa.exe
  C:\Windows\System32\LgbBYfa.exe
  2⤵
  PID:4976
- C:\Windows\System32\GPtQkKz.exe
  C:\Windows\System32\GPtQkKz.exe
  2⤵
  PID:2904
- C:\Windows\System32\gAclzQN.exe
  C:\Windows\System32\gAclzQN.exe
  2⤵
  PID:6164
- C:\Windows\System32\CTNLvYc.exe
  C:\Windows\System32\CTNLvYc.exe
  2⤵
  PID:6196
- C:\Windows\System32\lKztKlp.exe
  C:\Windows\System32\lKztKlp.exe
  2⤵
  PID:6212
- C:\Windows\System32\wWxzwkE.exe
  C:\Windows\System32\wWxzwkE.exe
  2⤵
  PID:6228
- C:\Windows\System32\UtoUdUQ.exe
  C:\Windows\System32\UtoUdUQ.exe
  2⤵
  PID:5852
- C:\Windows\System32\xHwnant.exe
  C:\Windows\System32\xHwnant.exe
  2⤵
  PID:6284
- C:\Windows\System32\xSmUMhY.exe
  C:\Windows\System32\xSmUMhY.exe
  2⤵
  PID:6368
- C:\Windows\System32\JKIqcIe.exe
  C:\Windows\System32\JKIqcIe.exe
  2⤵
  PID:3360
- C:\Windows\System32\JIhDxmO.exe
  C:\Windows\System32\JIhDxmO.exe
  2⤵
  PID:3576
- C:\Windows\System32\anASKvn.exe
  C:\Windows\System32\anASKvn.exe
  2⤵
  PID:620
- C:\Windows\System32\nilREiV.exe
  C:\Windows\System32\nilREiV.exe
  2⤵
  PID:6508
- C:\Windows\System32\ajRPmKZ.exe
  C:\Windows\System32\ajRPmKZ.exe
  2⤵
  PID:6572
- C:\Windows\System32\HfhRgNH.exe
  C:\Windows\System32\HfhRgNH.exe
  2⤵
  PID:1236
- C:\Windows\System32\BkdDlRE.exe
  C:\Windows\System32\BkdDlRE.exe
  2⤵
  PID:1676
- C:\Windows\System32\GGSmFEk.exe
  C:\Windows\System32\GGSmFEk.exe
  2⤵
  PID:1968
- C:\Windows\System32\Qpsyukr.exe
  C:\Windows\System32\Qpsyukr.exe
  2⤵
  PID:4740
- C:\Windows\System32\LhjJdZk.exe
  C:\Windows\System32\LhjJdZk.exe
  2⤵
  PID:2340
- C:\Windows\System32\NTJMzGe.exe
  C:\Windows\System32\NTJMzGe.exe
  2⤵
  PID:6784
- C:\Windows\System32\IkfiSyr.exe
  C:\Windows\System32\IkfiSyr.exe
  2⤵
  PID:6792
- C:\Windows\System32\THathLG.exe
  C:\Windows\System32\THathLG.exe
  2⤵
  PID:6936
- C:\Windows\System32\LxAXbzk.exe
  C:\Windows\System32\LxAXbzk.exe
  2⤵
  PID:5032
- C:\Windows\System32\IkeUKnT.exe
  C:\Windows\System32\IkeUKnT.exe
  2⤵
  PID:6892
- C:\Windows\System32\SBohdQj.exe
  C:\Windows\System32\SBohdQj.exe
  2⤵
  PID:6932
- C:\Windows\System32\MkSatOM.exe
  C:\Windows\System32\MkSatOM.exe
  2⤵
  PID:4432
- C:\Windows\System32\yprBAKP.exe
  C:\Windows\System32\yprBAKP.exe
  2⤵
  PID:4684
- C:\Windows\System32\YJrUzub.exe
  C:\Windows\System32\YJrUzub.exe
  2⤵
  PID:7136
- C:\Windows\System32\fhHxmzV.exe
  C:\Windows\System32\fhHxmzV.exe
  2⤵
  PID:7108
- C:\Windows\System32\MPkcXRq.exe
  C:\Windows\System32\MPkcXRq.exe
  2⤵
  PID:7048
- C:\Windows\System32\IUAfipl.exe
  C:\Windows\System32\IUAfipl.exe
  2⤵
  PID:4900
- C:\Windows\System32\WqFunuf.exe
  C:\Windows\System32\WqFunuf.exe
  2⤵
  PID:5144
- C:\Windows\System32\lGlaBkM.exe
  C:\Windows\System32\lGlaBkM.exe
  2⤵
  PID:1848
- C:\Windows\System32\ibcVRZg.exe
  C:\Windows\System32\ibcVRZg.exe
  2⤵
  PID:6380
- C:\Windows\System32\cNWcTuT.exe
  C:\Windows\System32\cNWcTuT.exe
  2⤵
  PID:448
- C:\Windows\System32\DCKxThD.exe
  C:\Windows\System32\DCKxThD.exe
  2⤵
  PID:6180
- C:\Windows\System32\IfXohyB.exe
  C:\Windows\System32\IfXohyB.exe
  2⤵
  PID:6976
- C:\Windows\System32\DkixlmK.exe
  C:\Windows\System32\DkixlmK.exe
  2⤵
  PID:6996
- C:\Windows\System32\ptvGNVh.exe
  C:\Windows\System32\ptvGNVh.exe
  2⤵
  PID:6068
- C:\Windows\System32\EYxupTP.exe
  C:\Windows\System32\EYxupTP.exe
  2⤵
  PID:3568
- C:\Windows\System32\ZzaMxlA.exe
  C:\Windows\System32\ZzaMxlA.exe
  2⤵
  PID:1216
- C:\Windows\System32\jRooiCU.exe
  C:\Windows\System32\jRooiCU.exe
  2⤵
  PID:4864
- C:\Windows\System32\uFqkDCZ.exe
  C:\Windows\System32\uFqkDCZ.exe
  2⤵
  PID:6680
- C:\Windows\System32\OHpHEAM.exe
  C:\Windows\System32\OHpHEAM.exe
  2⤵
  PID:3048
- C:\Windows\System32\TavjAdA.exe
  C:\Windows\System32\TavjAdA.exe
  2⤵
  PID:5064
- C:\Windows\System32\bgrZQiW.exe
  C:\Windows\System32\bgrZQiW.exe
  2⤵
  PID:6912
- C:\Windows\System32\sjcuLuy.exe
  C:\Windows\System32\sjcuLuy.exe
  2⤵
  PID:1428
- C:\Windows\System32\dFBxOPK.exe
  C:\Windows\System32\dFBxOPK.exe
  2⤵
  PID:7140
- C:\Windows\System32\QOMgPDt.exe
  C:\Windows\System32\QOMgPDt.exe
  2⤵
  PID:4228
- C:\Windows\System32\PWPMdBP.exe
  C:\Windows\System32\PWPMdBP.exe
  2⤵
  PID:3800
- C:\Windows\System32\FuFHdwu.exe
  C:\Windows\System32\FuFHdwu.exe
  2⤵
  PID:3632
- C:\Windows\System32\GQQXlwR.exe
  C:\Windows\System32\GQQXlwR.exe
  2⤵
  PID:1612
- C:\Windows\System32\nEteWzA.exe
  C:\Windows\System32\nEteWzA.exe
  2⤵
  PID:6104
- C:\Windows\System32\qhBiepd.exe
  C:\Windows\System32\qhBiepd.exe
  2⤵
  PID:6400
- C:\Windows\System32\kXcqxKV.exe
  C:\Windows\System32\kXcqxKV.exe
  2⤵
  PID:3940
- C:\Windows\System32\IaybcBL.exe
  C:\Windows\System32\IaybcBL.exe
  2⤵
  PID:6640
- C:\Windows\System32\ogywNPY.exe
  C:\Windows\System32\ogywNPY.exe
  2⤵
  PID:3684
- C:\Windows\System32\XXmFVJq.exe
  C:\Windows\System32\XXmFVJq.exe
  2⤵
  PID:6156
- C:\Windows\System32\GWyNUbX.exe
  C:\Windows\System32\GWyNUbX.exe
  2⤵
  PID:6280
- C:\Windows\System32\aURUVmd.exe
  C:\Windows\System32\aURUVmd.exe
  2⤵
  PID:3444
- C:\Windows\System32\EPPbBgi.exe
  C:\Windows\System32\EPPbBgi.exe
  2⤵
  PID:7020
- C:\Windows\System32\suUirnU.exe
  C:\Windows\System32\suUirnU.exe
  2⤵
  PID:6756
- C:\Windows\System32\wYLUGnw.exe
  C:\Windows\System32\wYLUGnw.exe
  2⤵
  PID:7116
- C:\Windows\System32\qGSEFKS.exe
  C:\Windows\System32\qGSEFKS.exe
  2⤵
  PID:2300
- C:\Windows\System32\vJPGBiF.exe
  C:\Windows\System32\vJPGBiF.exe
  2⤵
  PID:7196
- C:\Windows\System32\cMZLjGO.exe
  C:\Windows\System32\cMZLjGO.exe
  2⤵
  PID:7224
- C:\Windows\System32\ybIbuZv.exe
  C:\Windows\System32\ybIbuZv.exe
  2⤵
  PID:7252
- C:\Windows\System32\GhbBhZz.exe
  C:\Windows\System32\GhbBhZz.exe
  2⤵
  PID:7284
- C:\Windows\System32\ETUWQSs.exe
  C:\Windows\System32\ETUWQSs.exe
  2⤵
  PID:7308
- C:\Windows\System32\ROCMiQt.exe
  C:\Windows\System32\ROCMiQt.exe
  2⤵
  PID:7340
- C:\Windows\System32\WxLvQWt.exe
  C:\Windows\System32\WxLvQWt.exe
  2⤵
  PID:7376
- C:\Windows\System32\hVFumzt.exe
  C:\Windows\System32\hVFumzt.exe
  2⤵
  PID:7412
- C:\Windows\System32\aScRSjU.exe
  C:\Windows\System32\aScRSjU.exe
  2⤵
  PID:7436
- C:\Windows\System32\xsVGjBG.exe
  C:\Windows\System32\xsVGjBG.exe
  2⤵
  PID:7456
- C:\Windows\System32\BSyhifN.exe
  C:\Windows\System32\BSyhifN.exe
  2⤵
  PID:7492
- C:\Windows\System32\ffufiNw.exe
  C:\Windows\System32\ffufiNw.exe
  2⤵
  PID:7528
- C:\Windows\System32\eOjdyQL.exe
  C:\Windows\System32\eOjdyQL.exe
  2⤵
  PID:7556
- C:\Windows\System32\VZACHgQ.exe
  C:\Windows\System32\VZACHgQ.exe
  2⤵
  PID:7572
- C:\Windows\System32\XuGFITo.exe
  C:\Windows\System32\XuGFITo.exe
  2⤵
  PID:7620
- C:\Windows\System32\ZMtrJnX.exe
  C:\Windows\System32\ZMtrJnX.exe
  2⤵
  PID:7660
- C:\Windows\System32\rwYIRoT.exe
  C:\Windows\System32\rwYIRoT.exe
  2⤵
  PID:7676
- C:\Windows\System32\CLJJFmK.exe
  C:\Windows\System32\CLJJFmK.exe
  2⤵
  PID:7704
- C:\Windows\System32\kUhTlTj.exe
  C:\Windows\System32\kUhTlTj.exe
  2⤵
  PID:7744
- C:\Windows\System32\FxwBPfA.exe
  C:\Windows\System32\FxwBPfA.exe
  2⤵
  PID:7760
- C:\Windows\System32\tNLLAVA.exe
  C:\Windows\System32\tNLLAVA.exe
  2⤵
  PID:7788
- C:\Windows\System32\qCdtjGY.exe
  C:\Windows\System32\qCdtjGY.exe
  2⤵
  PID:7828
- C:\Windows\System32\AoDvUwz.exe
  C:\Windows\System32\AoDvUwz.exe
  2⤵
  PID:7864
- C:\Windows\System32\wPvwMJa.exe
  C:\Windows\System32\wPvwMJa.exe
  2⤵
  PID:7892
- C:\Windows\System32\ILgksZk.exe
  C:\Windows\System32\ILgksZk.exe
  2⤵
  PID:7924
- C:\Windows\System32\FlfuXnW.exe
  C:\Windows\System32\FlfuXnW.exe
  2⤵
  PID:7952
- C:\Windows\System32\LuSOmQj.exe
  C:\Windows\System32\LuSOmQj.exe
  2⤵
  PID:7980
- C:\Windows\System32\ylaJfNY.exe
  C:\Windows\System32\ylaJfNY.exe
  2⤵
  PID:8016
- C:\Windows\System32\ZXwuvfS.exe
  C:\Windows\System32\ZXwuvfS.exe
  2⤵
  PID:8032
- C:\Windows\System32\vHsoIeI.exe
  C:\Windows\System32\vHsoIeI.exe
  2⤵
  PID:8048
- C:\Windows\System32\udbUuKD.exe
  C:\Windows\System32\udbUuKD.exe
  2⤵
  PID:8108
- C:\Windows\System32\SVuEOLl.exe
  C:\Windows\System32\SVuEOLl.exe
  2⤵
  PID:8128
- C:\Windows\System32\djWpLsI.exe
  C:\Windows\System32\djWpLsI.exe
  2⤵
  PID:8156
- C:\Windows\System32\LoMCOuJ.exe
  C:\Windows\System32\LoMCOuJ.exe
  2⤵
  PID:8172
- C:\Windows\System32\dCNUurm.exe
  C:\Windows\System32\dCNUurm.exe
  2⤵
  PID:7208
- C:\Windows\System32\RGowwUh.exe
  C:\Windows\System32\RGowwUh.exe
  2⤵
  PID:7280
- C:\Windows\System32\WSkqKHA.exe
  C:\Windows\System32\WSkqKHA.exe
  2⤵
  PID:7368
- C:\Windows\System32\JZgVVra.exe
  C:\Windows\System32\JZgVVra.exe
  2⤵
  PID:7428
- C:\Windows\System32\nJcjuEI.exe
  C:\Windows\System32\nJcjuEI.exe
  2⤵
  PID:7524
- C:\Windows\System32\lbARntl.exe
  C:\Windows\System32\lbARntl.exe
  2⤵
  PID:7584
- C:\Windows\System32\UBnqPzU.exe
  C:\Windows\System32\UBnqPzU.exe
  2⤵
  PID:7672
- C:\Windows\System32\FAbNItr.exe
  C:\Windows\System32\FAbNItr.exe
  2⤵
  PID:7756
- C:\Windows\System32\HQhRiNv.exe
  C:\Windows\System32\HQhRiNv.exe
  2⤵
  PID:7800
- C:\Windows\System32\vPXTKfn.exe
  C:\Windows\System32\vPXTKfn.exe
  2⤵
  PID:7876
- C:\Windows\System32\HHGflME.exe
  C:\Windows\System32\HHGflME.exe
  2⤵
  PID:7912
- C:\Windows\System32\AJGhSvl.exe
  C:\Windows\System32\AJGhSvl.exe
  2⤵
  PID:7992
- C:\Windows\System32\OFPKyTj.exe
  C:\Windows\System32\OFPKyTj.exe
  2⤵
  PID:8140
- C:\Windows\System32\AodGGlK.exe
  C:\Windows\System32\AodGGlK.exe
  2⤵
  PID:7192
- C:\Windows\System32\pIKUkgN.exe
  C:\Windows\System32\pIKUkgN.exe
  2⤵
  PID:7324
- C:\Windows\System32\aoYeVUU.exe
  C:\Windows\System32\aoYeVUU.exe
  2⤵
  PID:7500
- C:\Windows\System32\ZYzPRWS.exe
  C:\Windows\System32\ZYzPRWS.exe
  2⤵
  PID:7716
- C:\Windows\System32\dbVcJEO.exe
  C:\Windows\System32\dbVcJEO.exe
  2⤵
  PID:7784
- C:\Windows\System32\zTJEVdJ.exe
  C:\Windows\System32\zTJEVdJ.exe
  2⤵
  PID:7964
- C:\Windows\System32\KhtFrbB.exe
  C:\Windows\System32\KhtFrbB.exe
  2⤵
  PID:8120
- C:\Windows\System32\JmPBgRm.exe
  C:\Windows\System32\JmPBgRm.exe
  2⤵
  PID:7656
- C:\Windows\System32\RrQivEw.exe
  C:\Windows\System32\RrQivEw.exe
  2⤵
  PID:7844
- C:\Windows\System32\gMeDXKR.exe
  C:\Windows\System32\gMeDXKR.exe
  2⤵
  PID:7772
- C:\Windows\System32\KmGhCUk.exe
  C:\Windows\System32\KmGhCUk.exe
  2⤵
  PID:7408
- C:\Windows\System32\wZTpfjh.exe
  C:\Windows\System32\wZTpfjh.exe
  2⤵
  PID:8228
- C:\Windows\System32\UchIZrM.exe
  C:\Windows\System32\UchIZrM.exe
  2⤵
  PID:8256
- C:\Windows\System32\veCDYVB.exe
  C:\Windows\System32\veCDYVB.exe
  2⤵
  PID:8284
- C:\Windows\System32\KVvPjby.exe
  C:\Windows\System32\KVvPjby.exe
  2⤵
  PID:8328
- C:\Windows\System32\ZIoVGme.exe
  C:\Windows\System32\ZIoVGme.exe
  2⤵
  PID:8348
- C:\Windows\System32\BbkTwnF.exe
  C:\Windows\System32\BbkTwnF.exe
  2⤵
  PID:8376
- C:\Windows\System32\DxpvYLX.exe
  C:\Windows\System32\DxpvYLX.exe
  2⤵
  PID:8404
- C:\Windows\System32\diSylkR.exe
  C:\Windows\System32\diSylkR.exe
  2⤵
  PID:8456
- C:\Windows\System32\TbCNUzz.exe
  C:\Windows\System32\TbCNUzz.exe
  2⤵
  PID:8472
- C:\Windows\System32\DaXItTR.exe
  C:\Windows\System32\DaXItTR.exe
  2⤵
  PID:8496
- C:\Windows\System32\tdJtpDs.exe
  C:\Windows\System32\tdJtpDs.exe
  2⤵
  PID:8540
- C:\Windows\System32\YMBHFLT.exe
  C:\Windows\System32\YMBHFLT.exe
  2⤵
  PID:8564
- C:\Windows\System32\kFoKqih.exe
  C:\Windows\System32\kFoKqih.exe
  2⤵
  PID:8604
- C:\Windows\System32\DhFLhvP.exe
  C:\Windows\System32\DhFLhvP.exe
  2⤵
  PID:8632
- C:\Windows\System32\CussLLs.exe
  C:\Windows\System32\CussLLs.exe
  2⤵
  PID:8660
- C:\Windows\System32\aIHXZbx.exe
  C:\Windows\System32\aIHXZbx.exe
  2⤵
  PID:8688
- C:\Windows\System32\jaeizgB.exe
  C:\Windows\System32\jaeizgB.exe
  2⤵
  PID:8708
- C:\Windows\System32\wqxJQBN.exe
  C:\Windows\System32\wqxJQBN.exe
  2⤵
  PID:8736
- C:\Windows\System32\PhoAJtP.exe
  C:\Windows\System32\PhoAJtP.exe
  2⤵
  PID:8772
- C:\Windows\System32\eAiDJKX.exe
  C:\Windows\System32\eAiDJKX.exe
  2⤵
  PID:8800
- C:\Windows\System32\saMlqvw.exe
  C:\Windows\System32\saMlqvw.exe
  2⤵
  PID:8828
- C:\Windows\System32\OVNyRYn.exe
  C:\Windows\System32\OVNyRYn.exe
  2⤵
  PID:8856
- C:\Windows\System32\hyelYix.exe
  C:\Windows\System32\hyelYix.exe
  2⤵
  PID:8880
- C:\Windows\System32\tZMxWBN.exe
  C:\Windows\System32\tZMxWBN.exe
  2⤵
  PID:8912
- C:\Windows\System32\Dcndtuo.exe
  C:\Windows\System32\Dcndtuo.exe
  2⤵
  PID:8928
- C:\Windows\System32\hXoHKuF.exe
  C:\Windows\System32\hXoHKuF.exe
  2⤵
  PID:8944
- C:\Windows\System32\lPKSHLl.exe
  C:\Windows\System32\lPKSHLl.exe
  2⤵
  PID:8964
- C:\Windows\System32\GfyTRWu.exe
  C:\Windows\System32\GfyTRWu.exe
  2⤵
  PID:8996
- C:\Windows\System32\xWblYsR.exe
  C:\Windows\System32\xWblYsR.exe
  2⤵
  PID:9040
- C:\Windows\System32\uBvKlje.exe
  C:\Windows\System32\uBvKlje.exe
  2⤵
  PID:9080
- C:\Windows\System32\XRSjJXI.exe
  C:\Windows\System32\XRSjJXI.exe
  2⤵
  PID:9108
- C:\Windows\System32\iOdKLhs.exe
  C:\Windows\System32\iOdKLhs.exe
  2⤵
  PID:9132
- C:\Windows\System32\eiUBnlP.exe
  C:\Windows\System32\eiUBnlP.exe
  2⤵
  PID:9152
- C:\Windows\System32\AlaTwPU.exe
  C:\Windows\System32\AlaTwPU.exe
  2⤵
  PID:9188
- C:\Windows\System32\OrRijuw.exe
  C:\Windows\System32\OrRijuw.exe
  2⤵
  PID:7852
- C:\Windows\System32\JdSLZne.exe
  C:\Windows\System32\JdSLZne.exe
  2⤵
  PID:8220
- C:\Windows\System32\pPzOdoY.exe
  C:\Windows\System32\pPzOdoY.exe
  2⤵
  PID:8272
- C:\Windows\System32\BRjdmvB.exe
  C:\Windows\System32\BRjdmvB.exe
  2⤵
  PID:8400
- C:\Windows\System32\SEkJDdA.exe
  C:\Windows\System32\SEkJDdA.exe
  2⤵
  PID:8488
- C:\Windows\System32\ZROcBlW.exe
  C:\Windows\System32\ZROcBlW.exe
  2⤵
  PID:8536
- C:\Windows\System32\YJjfNQC.exe
  C:\Windows\System32\YJjfNQC.exe
  2⤵
  PID:8624
- C:\Windows\System32\XtKPbJf.exe
  C:\Windows\System32\XtKPbJf.exe
  2⤵
  PID:8684
- C:\Windows\System32\yzcncQx.exe
  C:\Windows\System32\yzcncQx.exe
  2⤵
  PID:8744
- C:\Windows\System32\hPZYmxi.exe
  C:\Windows\System32\hPZYmxi.exe
  2⤵
  PID:8756
- C:\Windows\System32\FlpQlpq.exe
  C:\Windows\System32\FlpQlpq.exe
  2⤵
  PID:8864
- C:\Windows\System32\YQKmBut.exe
  C:\Windows\System32\YQKmBut.exe
  2⤵
  PID:8976
- C:\Windows\System32\GTyZuhn.exe
  C:\Windows\System32\GTyZuhn.exe
  2⤵
  PID:9012
- C:\Windows\System32\ouLSdCu.exe
  C:\Windows\System32\ouLSdCu.exe
  2⤵
  PID:9060
- C:\Windows\System32\OJbNmcm.exe
  C:\Windows\System32\OJbNmcm.exe
  2⤵
  PID:9124
- C:\Windows\System32\wWLvpMp.exe
  C:\Windows\System32\wWLvpMp.exe
  2⤵
  PID:9204
- C:\Windows\System32\iCEdGfm.exe
  C:\Windows\System32\iCEdGfm.exe
  2⤵
  PID:8324
- C:\Windows\System32\dnvrMBx.exe
  C:\Windows\System32\dnvrMBx.exe
  2⤵
  PID:8520
- C:\Windows\System32\VunXnWD.exe
  C:\Windows\System32\VunXnWD.exe
  2⤵
  PID:8672
- C:\Windows\System32\csZqeqC.exe
  C:\Windows\System32\csZqeqC.exe
  2⤵
  PID:8792
- C:\Windows\System32\uetocbF.exe
  C:\Windows\System32\uetocbF.exe
  2⤵
  PID:8972
- C:\Windows\System32\xyrkLcY.exe
  C:\Windows\System32\xyrkLcY.exe
  2⤵
  PID:9172
- C:\Windows\System32\rIQNRJr.exe
  C:\Windows\System32\rIQNRJr.exe
  2⤵
  PID:8336
- C:\Windows\System32\TbcXDxb.exe
  C:\Windows\System32\TbcXDxb.exe
  2⤵
  PID:8716
- C:\Windows\System32\uZQAnLz.exe
  C:\Windows\System32\uZQAnLz.exe
  2⤵
  PID:8068
- C:\Windows\System32\zLEyTEW.exe
  C:\Windows\System32\zLEyTEW.exe
  2⤵
  PID:8588
- C:\Windows\System32\SwopgBt.exe
  C:\Windows\System32\SwopgBt.exe
  2⤵
  PID:8652
- C:\Windows\System32\DJeUzQW.exe
  C:\Windows\System32\DJeUzQW.exe
  2⤵
  PID:9248
- C:\Windows\System32\lsGKkot.exe
  C:\Windows\System32\lsGKkot.exe
  2⤵
  PID:9276
- C:\Windows\System32\EwjhhBy.exe
  C:\Windows\System32\EwjhhBy.exe
  2⤵
  PID:9304
- C:\Windows\System32\dJOLLts.exe
  C:\Windows\System32\dJOLLts.exe
  2⤵
  PID:9332
- C:\Windows\System32\OMassJh.exe
  C:\Windows\System32\OMassJh.exe
  2⤵
  PID:9360
- C:\Windows\System32\NOYWquh.exe
  C:\Windows\System32\NOYWquh.exe
  2⤵
  PID:9380
- C:\Windows\System32\XSFHgEd.exe
  C:\Windows\System32\XSFHgEd.exe
  2⤵
  PID:9404
- C:\Windows\System32\yzTfjXa.exe
  C:\Windows\System32\yzTfjXa.exe
  2⤵
  PID:9444
- C:\Windows\System32\ieIdgXV.exe
  C:\Windows\System32\ieIdgXV.exe
  2⤵
  PID:9480
- C:\Windows\System32\UqbhpVM.exe
  C:\Windows\System32\UqbhpVM.exe
  2⤵
  PID:9500
- C:\Windows\System32\LCUHBkH.exe
  C:\Windows\System32\LCUHBkH.exe
  2⤵
  PID:9528
- C:\Windows\System32\ttYtfwP.exe
  C:\Windows\System32\ttYtfwP.exe
  2⤵
  PID:9552
- C:\Windows\System32\vTMXPST.exe
  C:\Windows\System32\vTMXPST.exe
  2⤵
  PID:9580
- C:\Windows\System32\wtVzPQe.exe
  C:\Windows\System32\wtVzPQe.exe
  2⤵
  PID:9600
- C:\Windows\System32\Zrwhbnr.exe
  C:\Windows\System32\Zrwhbnr.exe
  2⤵
  PID:9628
- C:\Windows\System32\ywyyioZ.exe
  C:\Windows\System32\ywyyioZ.exe
  2⤵
  PID:9676
- C:\Windows\System32\sXhHdKZ.exe
  C:\Windows\System32\sXhHdKZ.exe
  2⤵
  PID:9696
- C:\Windows\System32\zldLpln.exe
  C:\Windows\System32\zldLpln.exe
  2⤵
  PID:9724
- C:\Windows\System32\PpGxYaD.exe
  C:\Windows\System32\PpGxYaD.exe
  2⤵
  PID:9752
- C:\Windows\System32\zXGRJFf.exe
  C:\Windows\System32\zXGRJFf.exe
  2⤵
  PID:9776
- C:\Windows\System32\VNRoYXA.exe
  C:\Windows\System32\VNRoYXA.exe
  2⤵
  PID:9808
- C:\Windows\System32\SIYmwyP.exe
  C:\Windows\System32\SIYmwyP.exe
  2⤵
  PID:9836
- C:\Windows\System32\ByPSzXY.exe
  C:\Windows\System32\ByPSzXY.exe
  2⤵
  PID:9864
- C:\Windows\System32\ZxubmwM.exe
  C:\Windows\System32\ZxubmwM.exe
  2⤵
  PID:9880
- C:\Windows\System32\KUUjGxA.exe
  C:\Windows\System32\KUUjGxA.exe
  2⤵
  PID:9908
- C:\Windows\System32\mjmvUyh.exe
  C:\Windows\System32\mjmvUyh.exe
  2⤵
  PID:9936
- C:\Windows\System32\Abnuaqa.exe
  C:\Windows\System32\Abnuaqa.exe
  2⤵
  PID:9976
- C:\Windows\System32\wnfVZPS.exe
  C:\Windows\System32\wnfVZPS.exe
  2⤵
  PID:10008
- C:\Windows\System32\GANODKZ.exe
  C:\Windows\System32\GANODKZ.exe
  2⤵
  PID:10048
- C:\Windows\System32\HQRfhpr.exe
  C:\Windows\System32\HQRfhpr.exe
  2⤵
  PID:10076
- C:\Windows\System32\NGTwMtG.exe
  C:\Windows\System32\NGTwMtG.exe
  2⤵
  PID:10124
- C:\Windows\System32\SYkvxQu.exe
  C:\Windows\System32\SYkvxQu.exe
  2⤵
  PID:10176
- C:\Windows\System32\dUSjXwy.exe
  C:\Windows\System32\dUSjXwy.exe
  2⤵
  PID:10196
- C:\Windows\System32\ByioMnQ.exe
  C:\Windows\System32\ByioMnQ.exe
  2⤵
  PID:10216
- C:\Windows\System32\WWkKtxN.exe
  C:\Windows\System32\WWkKtxN.exe
  2⤵
  PID:9220
- C:\Windows\System32\EeVTlRl.exe
  C:\Windows\System32\EeVTlRl.exe
  2⤵
  PID:9296
- C:\Windows\System32\CRjCseI.exe
  C:\Windows\System32\CRjCseI.exe
  2⤵
  PID:9352
- C:\Windows\System32\hwpsEtC.exe
  C:\Windows\System32\hwpsEtC.exe
  2⤵
  PID:9396
- C:\Windows\System32\sdcsxDi.exe
  C:\Windows\System32\sdcsxDi.exe
  2⤵
  PID:9492
- C:\Windows\System32\cvkABAQ.exe
  C:\Windows\System32\cvkABAQ.exe
  2⤵
  PID:9564
- C:\Windows\System32\pOfkRPp.exe
  C:\Windows\System32\pOfkRPp.exe
  2⤵
  PID:9624
- C:\Windows\System32\eMvxiQK.exe
  C:\Windows\System32\eMvxiQK.exe
  2⤵
  PID:9688
- C:\Windows\System32\PewblBF.exe
  C:\Windows\System32\PewblBF.exe
  2⤵
  PID:9764
- C:\Windows\System32\aihoMtb.exe
  C:\Windows\System32\aihoMtb.exe
  2⤵
  PID:9828
- C:\Windows\System32\SIOuoPA.exe
  C:\Windows\System32\SIOuoPA.exe
  2⤵
  PID:9876
- C:\Windows\System32\wmDWykz.exe
  C:\Windows\System32\wmDWykz.exe
  2⤵
  PID:9972
- C:\Windows\System32\XfiuCBM.exe
  C:\Windows\System32\XfiuCBM.exe
  2⤵
  PID:10072
- C:\Windows\System32\HcbTCrO.exe
  C:\Windows\System32\HcbTCrO.exe
  2⤵
  PID:10168
- C:\Windows\System32\BXqdCXa.exe
  C:\Windows\System32\BXqdCXa.exe
  2⤵
  PID:10236
- C:\Windows\System32\hUpsoWC.exe
  C:\Windows\System32\hUpsoWC.exe
  2⤵
  PID:9376
- C:\Windows\System32\LFpEUwX.exe
  C:\Windows\System32\LFpEUwX.exe
  2⤵
  PID:9452
- C:\Windows\System32\rvcgVjp.exe
  C:\Windows\System32\rvcgVjp.exe
  2⤵
  PID:9616
- C:\Windows\System32\JYjkuGu.exe
  C:\Windows\System32\JYjkuGu.exe
  2⤵
  PID:9804
- C:\Windows\System32\ufCOLWh.exe
  C:\Windows\System32\ufCOLWh.exe
  2⤵
  PID:9948
- C:\Windows\System32\vTMIpGW.exe
  C:\Windows\System32\vTMIpGW.exe
  2⤵
  PID:8080
- C:\Windows\System32\UKVEiaK.exe
  C:\Windows\System32\UKVEiaK.exe
  2⤵
  PID:7236
- C:\Windows\System32\XOYFPvM.exe
  C:\Windows\System32\XOYFPvM.exe
  2⤵
  PID:9488
- C:\Windows\System32\IrhAGjb.exe
  C:\Windows\System32\IrhAGjb.exe
  2⤵
  PID:9924
- C:\Windows\System32\QgzrjZr.exe
  C:\Windows\System32\QgzrjZr.exe
  2⤵
  PID:10136
- C:\Windows\System32\LBkucOJ.exe
  C:\Windows\System32\LBkucOJ.exe
  2⤵
  PID:9788
- C:\Windows\System32\iuoBqsH.exe
  C:\Windows\System32\iuoBqsH.exe
  2⤵
  PID:10256
- C:\Windows\System32\jsCfOci.exe
  C:\Windows\System32\jsCfOci.exe
  2⤵
  PID:10284
- C:\Windows\System32\bXyaQoE.exe
  C:\Windows\System32\bXyaQoE.exe
  2⤵
  PID:10312
- C:\Windows\System32\YaClDKc.exe
  C:\Windows\System32\YaClDKc.exe
  2⤵
  PID:10328
- C:\Windows\System32\YRHcHrx.exe
  C:\Windows\System32\YRHcHrx.exe
  2⤵
  PID:10372
- C:\Windows\System32\pbUbSCI.exe
  C:\Windows\System32\pbUbSCI.exe
  2⤵
  PID:10404
- C:\Windows\System32\DugmLEu.exe
  C:\Windows\System32\DugmLEu.exe
  2⤵
  PID:10448
- C:\Windows\System32\cGFdukZ.exe
  C:\Windows\System32\cGFdukZ.exe
  2⤵
  PID:10480
- C:\Windows\System32\tsLmlBe.exe
  C:\Windows\System32\tsLmlBe.exe
  2⤵
  PID:10524
- C:\Windows\System32\FpqslLn.exe
  C:\Windows\System32\FpqslLn.exe
  2⤵
  PID:10556
- C:\Windows\System32\BRPClsq.exe
  C:\Windows\System32\BRPClsq.exe
  2⤵
  PID:10588
- C:\Windows\System32\vZGWjGG.exe
  C:\Windows\System32\vZGWjGG.exe
  2⤵
  PID:10628
- C:\Windows\System32\VenZfHK.exe
  C:\Windows\System32\VenZfHK.exe
  2⤵
  PID:10644
- C:\Windows\System32\sufkRIc.exe
  C:\Windows\System32\sufkRIc.exe
  2⤵
  PID:10680
- C:\Windows\System32\pTXMqhM.exe
  C:\Windows\System32\pTXMqhM.exe
  2⤵
  PID:10696
- C:\Windows\System32\uRZQykt.exe
  C:\Windows\System32\uRZQykt.exe
  2⤵
  PID:10732
- C:\Windows\System32\IUTgPkv.exe
  C:\Windows\System32\IUTgPkv.exe
  2⤵
  PID:10764
- C:\Windows\System32\BCwsgFM.exe
  C:\Windows\System32\BCwsgFM.exe
  2⤵
  PID:10784
- C:\Windows\System32\EIuqOlL.exe
  C:\Windows\System32\EIuqOlL.exe
  2⤵
  PID:10832
- C:\Windows\System32\wnpWZTP.exe
  C:\Windows\System32\wnpWZTP.exe
  2⤵
  PID:10860
- C:\Windows\System32\uyLCVpN.exe
  C:\Windows\System32\uyLCVpN.exe
  2⤵
  PID:10888
- C:\Windows\System32\glfCWEd.exe
  C:\Windows\System32\glfCWEd.exe
  2⤵
  PID:10936
- C:\Windows\System32\TpKnSLM.exe
  C:\Windows\System32\TpKnSLM.exe
  2⤵
  PID:10984
- C:\Windows\System32\BekfbNp.exe
  C:\Windows\System32\BekfbNp.exe
  2⤵
  PID:11024
- C:\Windows\System32\SUqvXKX.exe
  C:\Windows\System32\SUqvXKX.exe
  2⤵
  PID:11040
- C:\Windows\System32\gabmjbx.exe
  C:\Windows\System32\gabmjbx.exe
  2⤵
  PID:11092
- C:\Windows\System32\GQLkUwC.exe
  C:\Windows\System32\GQLkUwC.exe
  2⤵
  PID:11116
- C:\Windows\System32\SLOgEzu.exe
  C:\Windows\System32\SLOgEzu.exe
  2⤵
  PID:11132
- C:\Windows\System32\olrLSSn.exe
  C:\Windows\System32\olrLSSn.exe
  2⤵
  PID:11168
- C:\Windows\System32\koHmjvu.exe
  C:\Windows\System32\koHmjvu.exe
  2⤵
  PID:11192
- C:\Windows\System32\nQcPflj.exe
  C:\Windows\System32\nQcPflj.exe
  2⤵
  PID:11236
- C:\Windows\System32\jjzLFJB.exe
  C:\Windows\System32\jjzLFJB.exe
  2⤵
  PID:10252
- C:\Windows\System32\uEkBOvc.exe
  C:\Windows\System32\uEkBOvc.exe
  2⤵
  PID:10304
- C:\Windows\System32\PerosKb.exe
  C:\Windows\System32\PerosKb.exe
  2⤵
  PID:10384
- C:\Windows\System32\mmXTCvC.exe
  C:\Windows\System32\mmXTCvC.exe
  2⤵
  PID:10468
- C:\Windows\System32\TWSBpPK.exe
  C:\Windows\System32\TWSBpPK.exe
  2⤵
  PID:10568
- C:\Windows\System32\XlkzNdM.exe
  C:\Windows\System32\XlkzNdM.exe
  2⤵
  PID:10636
- C:\Windows\System32\MjCEBlD.exe
  C:\Windows\System32\MjCEBlD.exe
  2⤵
  PID:10656
- C:\Windows\System32\fSAcmvx.exe
  C:\Windows\System32\fSAcmvx.exe
  2⤵
  PID:10772
- C:\Windows\System32\EtekvRA.exe
  C:\Windows\System32\EtekvRA.exe
  2⤵
  PID:10900
- C:\Windows\System32\lkaCmaC.exe
  C:\Windows\System32\lkaCmaC.exe
  2⤵
  PID:11012
- C:\Windows\System32\hbwtRsm.exe
  C:\Windows\System32\hbwtRsm.exe
  2⤵
  PID:11068
- C:\Windows\System32\KmZoaDT.exe
  C:\Windows\System32\KmZoaDT.exe
  2⤵
  PID:11176
- C:\Windows\System32\TsuDcRo.exe
  C:\Windows\System32\TsuDcRo.exe
  2⤵
  PID:11232
- C:\Windows\System32\rhihVfX.exe
  C:\Windows\System32\rhihVfX.exe
  2⤵
  PID:10356
- C:\Windows\System32\XsjOaZg.exe
  C:\Windows\System32\XsjOaZg.exe
  2⤵
  PID:10492
- C:\Windows\System32\daMWQrE.exe
  C:\Windows\System32\daMWQrE.exe
  2⤵
  PID:10708
- C:\Windows\System32\qRJVTex.exe
  C:\Windows\System32\qRJVTex.exe
  2⤵
  PID:10964
- C:\Windows\System32\gzjjQTI.exe
  C:\Windows\System32\gzjjQTI.exe
  2⤵
  PID:10264
- C:\Windows\System32\AKywrlN.exe
  C:\Windows\System32\AKywrlN.exe
  2⤵
  PID:10668
- C:\Windows\System32\kVRZHOT.exe
  C:\Windows\System32\kVRZHOT.exe
  2⤵
  PID:11112
- C:\Windows\System32\uqbhhbu.exe
  C:\Windows\System32\uqbhhbu.exe
  2⤵
  PID:10440
- C:\Windows\System32\ZfLvMck.exe
  C:\Windows\System32\ZfLvMck.exe
  2⤵
  PID:11284
- C:\Windows\System32\QVakUwL.exe
  C:\Windows\System32\QVakUwL.exe
  2⤵
  PID:11312
- C:\Windows\System32\tPAmQIY.exe
  C:\Windows\System32\tPAmQIY.exe
  2⤵
  PID:11340
- C:\Windows\System32\ynwdBpj.exe
  C:\Windows\System32\ynwdBpj.exe
  2⤵
  PID:11368
- C:\Windows\System32\nXFeiOq.exe
  C:\Windows\System32\nXFeiOq.exe
  2⤵
  PID:11396
- C:\Windows\System32\cRztoZy.exe
  C:\Windows\System32\cRztoZy.exe
  2⤵
  PID:11420
- C:\Windows\System32\LlrMPzN.exe
  C:\Windows\System32\LlrMPzN.exe
  2⤵
  PID:11452
- C:\Windows\System32\vvvioUo.exe
  C:\Windows\System32\vvvioUo.exe
  2⤵
  PID:11468
- C:\Windows\System32\UStaorr.exe
  C:\Windows\System32\UStaorr.exe
  2⤵
  PID:11512
- C:\Windows\System32\FrfKJVN.exe
  C:\Windows\System32\FrfKJVN.exe
  2⤵
  PID:11564
- C:\Windows\System32\vpUaRla.exe
  C:\Windows\System32\vpUaRla.exe
  2⤵
  PID:11584
- C:\Windows\System32\hcniFId.exe
  C:\Windows\System32\hcniFId.exe
  2⤵
  PID:11604
- C:\Windows\System32\oMhNMEG.exe
  C:\Windows\System32\oMhNMEG.exe
  2⤵
  PID:11628
- C:\Windows\System32\yZntplW.exe
  C:\Windows\System32\yZntplW.exe
  2⤵
  PID:11688
- C:\Windows\System32\JkkRMVg.exe
  C:\Windows\System32\JkkRMVg.exe
  2⤵
  PID:11704
- C:\Windows\System32\NMBKsyZ.exe
  C:\Windows\System32\NMBKsyZ.exe
  2⤵
  PID:11732
- C:\Windows\System32\TfbjbSu.exe
  C:\Windows\System32\TfbjbSu.exe
  2⤵
  PID:11764
- C:\Windows\System32\OeLAunj.exe
  C:\Windows\System32\OeLAunj.exe
  2⤵
  PID:11792
- C:\Windows\System32\KwfMSsh.exe
  C:\Windows\System32\KwfMSsh.exe
  2⤵
  PID:11820
- C:\Windows\System32\givVyCe.exe
  C:\Windows\System32\givVyCe.exe
  2⤵
  PID:11848
- C:\Windows\System32\bDmbEmC.exe
  C:\Windows\System32\bDmbEmC.exe
  2⤵
  PID:11876
- C:\Windows\System32\vgSYQbR.exe
  C:\Windows\System32\vgSYQbR.exe
  2⤵
  PID:11904
- C:\Windows\System32\yhHXeHD.exe
  C:\Windows\System32\yhHXeHD.exe
  2⤵
  PID:11932
- C:\Windows\System32\sLjtdmZ.exe
  C:\Windows\System32\sLjtdmZ.exe
  2⤵
  PID:11964
- C:\Windows\System32\nsaInew.exe
  C:\Windows\System32\nsaInew.exe
  2⤵
  PID:11992
- C:\Windows\System32\ZVHHiSz.exe
  C:\Windows\System32\ZVHHiSz.exe
  2⤵
  PID:12020
- C:\Windows\System32\LrTpGkc.exe
  C:\Windows\System32\LrTpGkc.exe
  2⤵
  PID:12048
- C:\Windows\System32\BKJSNpb.exe
  C:\Windows\System32\BKJSNpb.exe
  2⤵
  PID:12076
- C:\Windows\System32\ckeceDn.exe
  C:\Windows\System32\ckeceDn.exe
  2⤵
  PID:12104
- C:\Windows\System32\pmODKtL.exe
  C:\Windows\System32\pmODKtL.exe
  2⤵
  PID:12132
- C:\Windows\System32\CObpVYB.exe
  C:\Windows\System32\CObpVYB.exe
  2⤵
  PID:12192
- C:\Windows\System32\LZhDlLE.exe
  C:\Windows\System32\LZhDlLE.exe
  2⤵
  PID:12220
- C:\Windows\System32\ivpMtQR.exe
  C:\Windows\System32\ivpMtQR.exe
  2⤵
  PID:12248
- C:\Windows\System32\VnSGdpG.exe
  C:\Windows\System32\VnSGdpG.exe
  2⤵
  PID:12276
- C:\Windows\System32\shnuyao.exe
  C:\Windows\System32\shnuyao.exe
  2⤵
  PID:11304
- C:\Windows\System32\aTSPFtB.exe
  C:\Windows\System32\aTSPFtB.exe
  2⤵
  PID:11364
- C:\Windows\System32\UqUDvzl.exe
  C:\Windows\System32\UqUDvzl.exe
  2⤵
  PID:11408
- C:\Windows\System32\HptZGrA.exe
  C:\Windows\System32\HptZGrA.exe
  2⤵
  PID:11480
- C:\Windows\System32\hpSputI.exe
  C:\Windows\System32\hpSputI.exe
  2⤵
  PID:11556
- C:\Windows\System32\XpPPBEM.exe
  C:\Windows\System32\XpPPBEM.exe
  2⤵
  PID:11636
- C:\Windows\System32\IHwOPKy.exe
  C:\Windows\System32\IHwOPKy.exe
  2⤵
  PID:11696
- C:\Windows\System32\RsdSAWp.exe
  C:\Windows\System32\RsdSAWp.exe
  2⤵
  PID:11724
- C:\Windows\System32\eRNoiZD.exe
  C:\Windows\System32\eRNoiZD.exe
  2⤵
  PID:11760
- C:\Windows\System32\oUKYlud.exe
  C:\Windows\System32\oUKYlud.exe
  2⤵
  PID:11840
- C:\Windows\System32\npXlbvn.exe
  C:\Windows\System32\npXlbvn.exe
  2⤵
  PID:11900
- C:\Windows\System32\FNELPjb.exe
  C:\Windows\System32\FNELPjb.exe
  2⤵
  PID:11976
- C:\Windows\System32\EgepJBI.exe
  C:\Windows\System32\EgepJBI.exe
  2⤵
  PID:12040
- C:\Windows\System32\JXiEDzp.exe
  C:\Windows\System32\JXiEDzp.exe
  2⤵
  PID:12096
- C:\Windows\System32\vzGZntX.exe
  C:\Windows\System32\vzGZntX.exe
  2⤵
  PID:12144
- C:\Windows\System32\ToHadcU.exe
  C:\Windows\System32\ToHadcU.exe
  2⤵
  PID:12216
- C:\Windows\System32\QGOicqw.exe
  C:\Windows\System32\QGOicqw.exe
  2⤵
  PID:12284
- C:\Windows\System32\WptboVb.exe
  C:\Windows\System32\WptboVb.exe
  2⤵
  PID:10672
- C:\Windows\System32\XvZCGhY.exe
  C:\Windows\System32\XvZCGhY.exe
  2⤵
  PID:11548
- C:\Windows\System32\EoGYKiz.exe
  C:\Windows\System32\EoGYKiz.exe
  2⤵
  PID:11648
- C:\Windows\System32\iNdGXym.exe
  C:\Windows\System32\iNdGXym.exe
  2⤵
  PID:11752
- C:\Windows\System32\yMlztAu.exe
  C:\Windows\System32\yMlztAu.exe
  2⤵
  PID:11960
- C:\Windows\System32\MSkdJmq.exe
  C:\Windows\System32\MSkdJmq.exe
  2⤵
  PID:12088
- C:\Windows\System32\TbsIYLZ.exe
  C:\Windows\System32\TbsIYLZ.exe
  2⤵
  PID:11500
- C:\Windows\System32\MuFWlnK.exe
  C:\Windows\System32\MuFWlnK.exe
  2⤵
  PID:12240
- C:\Windows\System32\YMdrOCE.exe
  C:\Windows\System32\YMdrOCE.exe
  2⤵
  PID:11328
- C:\Windows\System32\fFAUNZI.exe
  C:\Windows\System32\fFAUNZI.exe
  2⤵
  PID:12300
- C:\Windows\System32\fAkgVVl.exe
  C:\Windows\System32\fAkgVVl.exe
  2⤵
  PID:12328
- C:\Windows\System32\GAUEzSb.exe
  C:\Windows\System32\GAUEzSb.exe
  2⤵
  PID:12356
- C:\Windows\System32\IVYVjwt.exe
  C:\Windows\System32\IVYVjwt.exe
  2⤵
  PID:12384
- C:\Windows\System32\DQqsCFE.exe
  C:\Windows\System32\DQqsCFE.exe
  2⤵
  PID:12416
- C:\Windows\System32\babJabk.exe
  C:\Windows\System32\babJabk.exe
  2⤵
  PID:12444
- C:\Windows\System32\wMrBrxw.exe
  C:\Windows\System32\wMrBrxw.exe
  2⤵
  PID:12472
- C:\Windows\System32\MsnJNPJ.exe
  C:\Windows\System32\MsnJNPJ.exe
  2⤵
  PID:12500
- C:\Windows\System32\YtgoLkW.exe
  C:\Windows\System32\YtgoLkW.exe
  2⤵
  PID:12528
- C:\Windows\System32\dZKXdvf.exe
  C:\Windows\System32\dZKXdvf.exe
  2⤵
  PID:12556
- C:\Windows\System32\tYaqRXo.exe
  C:\Windows\System32\tYaqRXo.exe
  2⤵
  PID:12584
- C:\Windows\System32\GffVHzl.exe
  C:\Windows\System32\GffVHzl.exe
  2⤵
  PID:12612
- C:\Windows\System32\PXOuIbP.exe
  C:\Windows\System32\PXOuIbP.exe
  2⤵
  PID:12640
- C:\Windows\System32\nYBTjhZ.exe
  C:\Windows\System32\nYBTjhZ.exe
  2⤵
  PID:12668
- C:\Windows\System32\SqeGamz.exe
  C:\Windows\System32\SqeGamz.exe
  2⤵
  PID:12696
- C:\Windows\System32\lUyJhdR.exe
  C:\Windows\System32\lUyJhdR.exe
  2⤵
  PID:12728
- C:\Windows\System32\biDhRKE.exe
  C:\Windows\System32\biDhRKE.exe
  2⤵
  PID:12756
- C:\Windows\System32\nbIlbeH.exe
  C:\Windows\System32\nbIlbeH.exe
  2⤵
  PID:12792
- C:\Windows\System32\JmYqtNw.exe
  C:\Windows\System32\JmYqtNw.exe
  2⤵
  PID:12832
- C:\Windows\System32\yRRYurG.exe
  C:\Windows\System32\yRRYurG.exe
  2⤵
  PID:12868
- C:\Windows\System32\kaqcLoX.exe
  C:\Windows\System32\kaqcLoX.exe
  2⤵
  PID:12892
- C:\Windows\System32\HhPiRhM.exe
  C:\Windows\System32\HhPiRhM.exe
  2⤵
  PID:12924
- C:\Windows\System32\BWPmsSg.exe
  C:\Windows\System32\BWPmsSg.exe
  2⤵
  PID:12960
- C:\Windows\System32\LWgjaMU.exe
  C:\Windows\System32\LWgjaMU.exe
  2⤵
  PID:12980
- C:\Windows\System32\iuCmJuq.exe
  C:\Windows\System32\iuCmJuq.exe
  2⤵
  PID:13016
- C:\Windows\System32\PCWDkjV.exe
  C:\Windows\System32\PCWDkjV.exe
  2⤵
  PID:13044
- C:\Windows\System32\JGnXLPe.exe
  C:\Windows\System32\JGnXLPe.exe
  2⤵
  PID:13072
- C:\Windows\System32\BZNRBQj.exe
  C:\Windows\System32\BZNRBQj.exe
  2⤵
  PID:13100
- C:\Windows\System32\agLKjdU.exe
  C:\Windows\System32\agLKjdU.exe
  2⤵
  PID:13128
- C:\Windows\System32\KdBnJle.exe
  C:\Windows\System32\KdBnJle.exe
  2⤵
  PID:13156
- C:\Windows\System32\mvpnEUw.exe
  C:\Windows\System32\mvpnEUw.exe
  2⤵
  PID:13184
- C:\Windows\System32\qRYSphr.exe
  C:\Windows\System32\qRYSphr.exe
  2⤵
  PID:13212
- C:\Windows\System32\dwuVLnG.exe
  C:\Windows\System32\dwuVLnG.exe
  2⤵
  PID:13240
- C:\Windows\System32\DSDVYYU.exe
  C:\Windows\System32\DSDVYYU.exe
  2⤵
  PID:13268
- C:\Windows\System32\pWnzrSb.exe
  C:\Windows\System32\pWnzrSb.exe
  2⤵
  PID:13296
- C:\Windows\System32\lkalbNZ.exe
  C:\Windows\System32\lkalbNZ.exe
  2⤵
  PID:12312
- C:\Windows\System32\xKCAtWT.exe
  C:\Windows\System32\xKCAtWT.exe
  2⤵
  PID:12368
- C:\Windows\System32\qOSPOXi.exe
  C:\Windows\System32\qOSPOXi.exe
  2⤵
  PID:12440
- C:\Windows\System32\VMdJoyk.exe
  C:\Windows\System32\VMdJoyk.exe
  2⤵
  PID:12512
- C:\Windows\System32\QxLPnNG.exe
  C:\Windows\System32\QxLPnNG.exe
  2⤵
  PID:12576
- C:\Windows\System32\hfbUCWm.exe
  C:\Windows\System32\hfbUCWm.exe
  2⤵
  PID:12636
- C:\Windows\System32\lSuihTE.exe
  C:\Windows\System32\lSuihTE.exe
  2⤵
  PID:12712
- C:\Windows\System32\vDoNFRo.exe
  C:\Windows\System32\vDoNFRo.exe
  2⤵
  PID:12748
- C:\Windows\System32\QPaOTKh.exe
  C:\Windows\System32\QPaOTKh.exe
  2⤵
  PID:12816
- C:\Windows\System32\mrErQGv.exe
  C:\Windows\System32\mrErQGv.exe
  2⤵
  PID:12932
- C:\Windows\System32\rBsmjeL.exe
  C:\Windows\System32\rBsmjeL.exe
  2⤵
  PID:12968
- C:\Windows\System32\OOQbMPy.exe
  C:\Windows\System32\OOQbMPy.exe
  2⤵
  PID:13040
- C:\Windows\System32\Ajjwtnm.exe
  C:\Windows\System32\Ajjwtnm.exe
  2⤵
  PID:13124
- C:\Windows\System32\oJkBmgQ.exe
  C:\Windows\System32\oJkBmgQ.exe
  2⤵
  PID:13196
- C:\Windows\System32\ZawMCPp.exe
  C:\Windows\System32\ZawMCPp.exe
  2⤵
  PID:13264
- C:\Windows\System32\xfvlELr.exe
  C:\Windows\System32\xfvlELr.exe
  2⤵
  PID:12296
- C:\Windows\System32\OkCwTFE.exe
  C:\Windows\System32\OkCwTFE.exe
  2⤵
  PID:12468
- C:\Windows\System32\OXueRer.exe
  C:\Windows\System32\OXueRer.exe
  2⤵
  PID:12632
- C:\Windows\System32\aoGAWdJ.exe
  C:\Windows\System32\aoGAWdJ.exe
  2⤵
  PID:12740
- C:\Windows\System32\RNUtNWy.exe
  C:\Windows\System32\RNUtNWy.exe
  2⤵
  PID:4752
- C:\Windows\System32\ueYJKZF.exe
  C:\Windows\System32\ueYJKZF.exe
  2⤵
  PID:1944
- C:\Windows\System32\WCGzUhk.exe
  C:\Windows\System32\WCGzUhk.exe
  2⤵
  PID:13096
- C:\Windows\System32\yivmcXy.exe
  C:\Windows\System32\yivmcXy.exe
  2⤵
  PID:13224
- C:\Windows\System32\MNYUIBZ.exe
  C:\Windows\System32\MNYUIBZ.exe
  2⤵
  PID:12408
- C:\Windows\System32\FUGzEFc.exe
  C:\Windows\System32\FUGzEFc.exe
  2⤵
  PID:12684
- C:\Windows\System32\HNdEJlO.exe
  C:\Windows\System32\HNdEJlO.exe
  2⤵
  PID:13028
- C:\Windows\System32\IyqeBnN.exe
  C:\Windows\System32\IyqeBnN.exe
  2⤵
  PID:12436
- C:\Windows\System32\qlfyIwK.exe
  C:\Windows\System32\qlfyIwK.exe
  2⤵
  PID:1004
- C:\Windows\System32\HeLhRpV.exe
  C:\Windows\System32\HeLhRpV.exe
  2⤵
  PID:13280
- C:\Windows\System32\mPTtFlq.exe
  C:\Windows\System32\mPTtFlq.exe
  2⤵
  PID:13332
- C:\Windows\System32\IgUQrkG.exe
  C:\Windows\System32\IgUQrkG.exe
  2⤵
  PID:13364
- C:\Windows\System32\vFytsOZ.exe
  C:\Windows\System32\vFytsOZ.exe
  2⤵
  PID:13392
- C:\Windows\System32\zmhFWPU.exe
  C:\Windows\System32\zmhFWPU.exe
  2⤵
  PID:13420
- C:\Windows\System32\SEgwclU.exe
  C:\Windows\System32\SEgwclU.exe
  2⤵
  PID:13448
- C:\Windows\System32\Wqueatc.exe
  C:\Windows\System32\Wqueatc.exe
  2⤵
  PID:13476
- C:\Windows\System32\PRsxVZT.exe
  C:\Windows\System32\PRsxVZT.exe
  2⤵
  PID:13504
- C:\Windows\System32\fDpcVEU.exe
  C:\Windows\System32\fDpcVEU.exe
  2⤵
  PID:13532
- C:\Windows\System32\GKfLHzk.exe
  C:\Windows\System32\GKfLHzk.exe
  2⤵
  PID:13560
- C:\Windows\System32\DHZAeQS.exe
  C:\Windows\System32\DHZAeQS.exe
  2⤵
  PID:13588
- C:\Windows\System32\iZoCwrt.exe
  C:\Windows\System32\iZoCwrt.exe
  2⤵
  PID:13616
- C:\Windows\System32\VScQkkW.exe
  C:\Windows\System32\VScQkkW.exe
  2⤵
  PID:13652
- C:\Windows\System32\samclfx.exe
  C:\Windows\System32\samclfx.exe
  2⤵
  PID:13680
- C:\Windows\System32\dYparKd.exe
  C:\Windows\System32\dYparKd.exe
  2⤵
  PID:13708
- C:\Windows\System32\dWSfhIw.exe
  C:\Windows\System32\dWSfhIw.exe
  2⤵
  PID:13736
- C:\Windows\System32\IGfqhZL.exe
  C:\Windows\System32\IGfqhZL.exe
  2⤵
  PID:13756
- C:\Windows\System32\qkemTWt.exe
  C:\Windows\System32\qkemTWt.exe
  2⤵
  PID:13792
- C:\Windows\System32\WHTsWXG.exe
  C:\Windows\System32\WHTsWXG.exe
  2⤵
  PID:13820
- C:\Windows\System32\jrUGmJd.exe
  C:\Windows\System32\jrUGmJd.exe
  2⤵
  PID:13848
- C:\Windows\System32\UaKqrZe.exe
  C:\Windows\System32\UaKqrZe.exe
  2⤵
  PID:13876
- C:\Windows\System32\zzMYDWm.exe
  C:\Windows\System32\zzMYDWm.exe
  2⤵
  PID:13904
- C:\Windows\System32\ETMAlNx.exe
  C:\Windows\System32\ETMAlNx.exe
  2⤵
  PID:13932
- C:\Windows\System32\UjxVvem.exe
  C:\Windows\System32\UjxVvem.exe
  2⤵
  PID:13960
- C:\Windows\System32\YlQgiFk.exe
  C:\Windows\System32\YlQgiFk.exe
  2⤵
  PID:13988
- C:\Windows\System32\QgvdMmc.exe
  C:\Windows\System32\QgvdMmc.exe
  2⤵
  PID:14016
- C:\Windows\System32\hohQnbm.exe
  C:\Windows\System32\hohQnbm.exe
  2⤵
  PID:14044
- C:\Windows\System32\mONhkGK.exe
  C:\Windows\System32\mONhkGK.exe
  2⤵
  PID:14072
- C:\Windows\System32\angVvXA.exe
  C:\Windows\System32\angVvXA.exe
  2⤵
  PID:14104

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AJSAGue.exe

Filesize
2.5MB

MD5
818f5abd45d30bffe052c36dee4e09b9

SHA1
6a712de64b646ef6210416dcebfb8b2a1837c07f

SHA256
16c8a1e49b027a63c1cd3d4a3ecf4b30035fbf5f37484e04cb808874f46f62fc

SHA512
fa2327fa6b63f26d8960c309fde6a7725d5bdfe06147fe133b0556e4ea5ec6055315674dee725cf09642beab646a22d8a75438b448a5c050171e9de4b888dc57

Download Submit
C:\Windows\System32\BBdsgDl.exe

Filesize
2.5MB

MD5
9e49fee824cbbbf36093353d632866de

SHA1
08b9cc4a5783145b8a500b635fd2e7ef87274c63

SHA256
45e7ac2686cc9d5d287476f3fb17d2b2c80280ca41503eef2f6dc75904270c61

SHA512
c761d047187ee09c758d7cad28ca1e3f3eb79d94b86dcdd3a2a3dd0e87978fcc6700d09eda65517470b88a577e93323bfa548e6a0c43b04408ab29bcffbe1170

Download Submit
C:\Windows\System32\DVLdueb.exe

Filesize
2.5MB

MD5
ed0ce3050fff2863abe3b84a5d22eb87

SHA1
de1888ed64325e2910343291a71b7f7f28414d7c

SHA256
a9bcea7c9fa103b15f7fbdb1406fc719f0e176c665bf21095ac416592b84fc44

SHA512
5e36e2eaa4d8f3ddc9b543fc20e12053c12802ac0fdda2905c3805269b37bc20eba574b75f6aeeab345b60286cbd13734d5c8b9d2509b128bb1bc0b284e9d341

Download Submit
C:\Windows\System32\EBGpQhz.exe

Filesize
2.5MB

MD5
be01ad0c21e7a1f0fd35f59de483c0b4

SHA1
77378ce1b7796da49a90d7bce60cf83cba6f0522

SHA256
9455ac0da7a1360b8b91381112c37c9aec86a4a7c84c7ca15f5795292e8c8ae1

SHA512
bdbc2c445a7e21df83a642c09488c175e32587c8807a5058fd0c80e9f81df62730fbefe02e0c0f2dd125b9c91f22af7a984ba8f77802449a96de0525aea42a6a

Download Submit
C:\Windows\System32\FPwyXpn.exe

Filesize
2.5MB

MD5
3049d64be5c8244c877377bb0e3a6c1e

SHA1
f3d6e6cf44c39607bade8db456f5ce41e25f56da

SHA256
c625a01a8d6789cda37c30be9e2a3db2db3caf89842bce0922534d96d5b14a3c

SHA512
f3dacca1f179b2ef5c024902aab953d1a9ebfabaf33357ca11f3262d48f7bc9db36f443f23313214caea22211906d7948e833c20663fca6465af5bcc7b7c4e35

Download Submit
C:\Windows\System32\KeIBAGl.exe

Filesize
2.5MB

MD5
291d622c8ea2e05e2f7c28c507900e96

SHA1
3026356c24367817d06f4d818cca63fcff414a72

SHA256
02b4afc634116a104f02ece3e09dbd0dfe76e25c50fb2af311ba6a2c76545672

SHA512
79691006b2cdf56230d2cfdc0ba083b183e40cfa6601451d12ec9437b5210f2733d3f5642eb37ac2271b60e185c37a67cf2400260a2a338c42effe25b4696d17

Download Submit
C:\Windows\System32\NqQuiqQ.exe

Filesize
2.5MB

MD5
446bf4be8448c8ebc021b47e66a2b349

SHA1
fe7de831adfd4067eb9a49620b6a98355c87adc3

SHA256
480c1bd35ebbf5c36c5f4f70fb9ca816f2f69654dcb94b5c4eb4f75b8299c209

SHA512
d6e1ba91646f61fde8138d3b7a7c87e8519d4f95f1fdf729bf639130a5db2d4d65bae7dfaef13516f256c774bd3fd5804f9b559c32540ccf8210a452c786ef65

Download Submit
C:\Windows\System32\OfvsSAu.exe

Filesize
2.5MB

MD5
2b50cb7598532e5da314d39c50fe38dd

SHA1
9d31c501f8ff0c842f927698936fba0db3b067a3

SHA256
ee1c1591e1aa274817002600eff98caf4beea006650f50b744771ea8db192e50

SHA512
ca4629deacd525fb87ee69b25420fb671a3c17a325ba3723de1ce1b267ef32c13d0e1454ae471c4261f774b52209882b613f35747100d4b31eaa63ca9d4887e5

Download Submit
C:\Windows\System32\QPamjDP.exe

Filesize
2.5MB

MD5
c7ab7850f65785a3dc151bf4a89654a7

SHA1
778ea29f2384b4112e599f2e211c7b619e3539d9

SHA256
56dc1a80fb00fc54852fd6bc1f4b9cc14c4c5dd84098708110b46ffc3ba13796

SHA512
c21a0c1719beeceec4882ee65fa58b7e0f38bedffbb114acaf498bbd826de40d3a2b3a7697239e82b7323e4f06a022d4aff197686d5c4a26a6ca576e26485a7b

Download Submit
C:\Windows\System32\QTZbKwG.exe

Filesize
2.5MB

MD5
a7aa4388ec1047c16ec02c01d97ffed2

SHA1
07e0a64b39567c9bfd6e75c998827277e7241864

SHA256
cfaebe918857878b70035bca529c4912ad8580967cec9427846e0417ac36a2c1

SHA512
a58d129246b43b232c152f16512bb4d169979d28b7fd62a6d6f7e858b14a0263bdb4636154d5eb0898975fae5fddb6d013b211641852db3c86936f5265ba9bac

Download Submit
C:\Windows\System32\RsRMdLP.exe

Filesize
2.5MB

MD5
712ec9727fd7b7e13e335ef6da9bafe6

SHA1
a243eb1b987c2140210d3798433942d2bb06aa32

SHA256
b3c0f29e604e639aa9cc39fcb61482645e6736e92468b824d8f03126f9ad04f1

SHA512
136be0a41049aa964e0fcd9d551a3173eb5f3b00dbfabcc9f5be9dd85afc50be6471d9d3ff3a32042aebbd144918422a48bb0af6ba628f9370061db69435fbba

Download Submit
C:\Windows\System32\UVFQdHH.exe

Filesize
2.5MB

MD5
cd7e9c1fe97a97f2aafa2076c8a8b38a

SHA1
d2fc9d081ecb240e49e236c120b81ffd2815396a

SHA256
afa52bf81b6c51f79df5f4a5cb54d7bf42987b1bcc9da089418ee2f0711ba017

SHA512
bb19336d91bda1aebec43cb2f1dc57679d5489930bd0a47a6764e3f28e32ac2801844a5a0988f7f6644e8ad6899acaf471341b6c5d7f15db97fe0cb17fcba8a6

Download Submit
C:\Windows\System32\UuRzQCD.exe

Filesize
2.5MB

MD5
1ada088c0c9f39c534a9426017b8dd60

SHA1
f01f1b5155e2933b10b59f40dd0a6c2c3188ffef

SHA256
c72eec43cb3788b604060f9832c5f7961b612d129401bceb81a85712f14fd388

SHA512
fdf253b1569d286f3f46c1da73d12c6d76a51aff39bc7fc81d78220c8f811a099e853e49cdfb0a3330b7b9a171b35258a146320d318e1bdf065b6bddc61b7a8c

Download Submit
C:\Windows\System32\WWxbpcM.exe

Filesize
2.5MB

MD5
036b3b7e713c3e2be626b3d980e3ca93

SHA1
85457c42ecde838399d843fc71ffe9438d9af2a4

SHA256
3fbd7d0ccacb6c4c10887d4a4e5173dd3ce6205de8dfaf45298357074bfb8888

SHA512
8c2fb68e5dfbdf30ffbbad68e8b122fa4ab4e7ed4d1ac16593dd5e1f15e8e7cc30a35708029f2d200da35bad704711f2aca3c6c2cf3f99127a041c6ba02097c0

Download Submit
C:\Windows\System32\YpNOhSG.exe

Filesize
2.5MB

MD5
76f68bed1b794f91fef3587c4a3a8c3e

SHA1
a3dcae36fa1282da8ae1e5b999e2636b0533b052

SHA256
e97016036b5a8cb2813319094cab412c8bb33f2b33687768bd0e130a339510fa

SHA512
933384f89fdc2fae917d814bcb2c8489f1c0749ee39e5b317d1f36009496e7a56384b70ca08f70e49be63c059234d22e99b9bd6f49090bb08bfbce1aac608b1c

Download Submit
C:\Windows\System32\cMxvgWs.exe

Filesize
2.5MB

MD5
083add80b150cd37b231a02187457f2d

SHA1
77bf0958060523ce44f43199f323a14b89e59a4d

SHA256
02b6fbdcd705ff78b4b5540fd1fb366ecc6044b6bf5e3a886392b2a6915f77b2

SHA512
b57adbe38c27568a8501dc277c833fb6d0b900ba592959d293586a5a868bb53a6735c0e0c1e153ee0e37b089933ab8b9dabf8b1710fcb2d6e3bc4ef7dd200a5e

Download Submit
C:\Windows\System32\cOIHknR.exe

Filesize
2.5MB

MD5
95566067ae842aeab0895f45d0d62cfe

SHA1
4bc4c2dc73aa9c72ac2e2bbb3373ca22a7c5c0dd

SHA256
217e78d533e91ed56c40b9929e3b62ed4c98cd2acf8f5fd966fe9e8030882a42

SHA512
7ae7b0cdb76683504facc10d6d087fe943d9bb8b0b7e969e2b14be29af83786d1389d7412220a29efe52779126abda4a522da72f5ae5668519a0bf90805d958f

Download Submit
C:\Windows\System32\eUvahqc.exe

Filesize
2.5MB

MD5
74aab2cb98e68b02ebad07a88d2911c1

SHA1
96cf830a9fd5431abdfe2038fef2ef28da2e6dae

SHA256
a00e34d1a9555fa3369f2bc1aad9b6eff4bb07c9529c617e7a05a07d34373695

SHA512
40ba2f9365f2ac2db32dd22d6765c2b3152240a47f8a737dd67f92b51099aeae03d9ec7e423ede67b373bb078d45e1b2e06189edeeca01b5f7f4234cb7fa21d5

Download Submit
C:\Windows\System32\eVoFPBX.exe

Filesize
2.5MB

MD5
e360d77be994981a3a06225fa4a232b8

SHA1
83fe777091d908abd973fea55114b56e62cc16f4

SHA256
b026fe12273bbfdad2bf2f572fb0ddab15a946e16260433df194ac1b6b45af31

SHA512
95e68508abc8e223988860eea6a94d630affa3e4dc8ce4b84e42323883edac621dea85fb40d57aff0932c3ad54e41da797c5f7904d552dcdfff6fec028f7c036

Download Submit
C:\Windows\System32\efeamkr.exe

Filesize
2.5MB

MD5
8fd65bdf0e5ee4b704fde54b4f3980fd

SHA1
509c4f82cb7474f1827f911f46b5237d72c9c6be

SHA256
b32b7c81831c469030f1ffaa0aaf1dbeda420774241cfdbfa93cfb722f80a009

SHA512
c4288baf113179f61cbc228b973c2ad8080fa5d208e154536263f1264be6b878211af286307ece8fbdb1075b2fb880222ee5dd5c40889fd4d6af6f09f8873ab9

Download Submit
C:\Windows\System32\fQssVIN.exe

Filesize
2.5MB

MD5
227833d5d1ec9928451de5f2836e75d4

SHA1
c3279210eab6680779da3407ae618219957de04c

SHA256
930398116044637c47df1810fff8ec1cae7c3db36382669afe75395a9179529e

SHA512
ad1fa415787ffb09b2c75657b790718476013fdd68c978c34e87ff2cce0c407b4a4dbaad3252d9e392651bfc823b9f854c41c701d93632790573ce9c28901760

Download Submit
C:\Windows\System32\gTkEfQg.exe

Filesize
2.5MB

MD5
375c8f14fd3b4602e29b2ca1ead53f7a

SHA1
01d4ce3d5ed367c7ddb9b2afe877810ba8603e78

SHA256
e6416144339698a1f6ab6c02c4da780c31f3452f41986ef5cafb7b9a4d1f4e11

SHA512
1b0c30e05de7e50b1ac8106727ba88ed22c3a254de2f9ecf204aced8ae1cb35df09f1054495f38feb4e5b89ac926df2f51e7337b286e7e2f6e2bf702cfd1c4e1

Download Submit
C:\Windows\System32\ikZILUr.exe

Filesize
2.5MB

MD5
2e0f02156722689d799a7e8e153b8c04

SHA1
bb8fa1c883a69ee79d2e049ce1db9ba6382e5418

SHA256
55c3ad22315e06a0abc79f20a4e0e8767e4c722f0beeab453b532c80c3421cd9

SHA512
4510cf689e49e7a7d3fe31a8a1c21c3e1aab183a396625f22733495f7539536133e91605b507d00b3b5bc8069fd1fc22e8f1f2e5f283d370559a45812e4253ba

Download Submit
C:\Windows\System32\inGxZWa.exe

Filesize
2.5MB

MD5
3b446d13bdb5bb8a1037a3ae7ee6d891

SHA1
cf7924756925fbd0c28f92fced47a737c14592c4

SHA256
82ee6f6b25bec27af53238d23382741ecdd4422fee72d804f858406c999ba89a

SHA512
33886585801f6748641ff371861d034bb7ef30814e898a845774aca7e087cc55cff42c84bdd108b6205781930c6a1f7fc7a07a3b2722300a6f2a284373f50752

Download Submit
C:\Windows\System32\ivyjrqU.exe

Filesize
2.5MB

MD5
b8cd140aa80677df27112254106ebf3b

SHA1
d2c33655e64dbbeb74fa235c358c7aaa42e779f8

SHA256
1d07c704f725df6037d812430817f1ffb71611ac67fe3d4894d2ffde5c7678a0

SHA512
de0fbd1512d726025866da0e1279a6fe81be1f5adfda6eac5726324940a165f259e1c69fab4152bf14b9788624f3f30de199312e52899c0de46d28a2734b231f

Download Submit
C:\Windows\System32\jOyNrvP.exe

Filesize
2.5MB

MD5
beecdfac6f7077d2cbac2688ada7f71a

SHA1
c33f64991964901cfbf967ad6ec5998dd509d119

SHA256
acd646e6f61a1c73b39b971c495bd4417035ae0ef612b77ce1bb5b01ea2cfe37

SHA512
83da223e5d62e86976ad429089be6e100b8b04641a9759fc17bcf8cbc8b890b692627d739180b13e48922e5ca43c96c2f09491fe44094eff7967951ac07d44bc

Download Submit
C:\Windows\System32\kdZWTKh.exe

Filesize
2.5MB

MD5
4d858c8b84bf917196adfbf418feaf68

SHA1
bca7034d1c51f8c45bbc58151851caaba3a9797c

SHA256
ccb34d0e033cb724198c519f7e2b2c6fb17064580c9612012dcd8a5853ab976c

SHA512
58a7951b91b2ed802d3ea8df0c2743c8df4dbb095b0835c42b17d674a508a92ad8228aa4a86661f898364b7fd0428a7bd173df851954522d1e236a23251daac9

Download Submit
C:\Windows\System32\ldZlktF.exe

Filesize
2.5MB

MD5
1f933b5c7b0a9669f85edbeb5a7f46cf

SHA1
af0f3658b83b3c9a8ee78e527be7464d02cea68a

SHA256
674973b778fd2151f3812fd159b8153ad0ed54423bdf5b13eba442d7b9671be7

SHA512
6ae468fa426b465caeab1c4da093acba6d3331909f992ba2ea48bbd881ac26053755c8643b30791aa0e26264a4ccba9f83fc2b59fa97b8fbd6f477b1c726dd03

Download Submit
C:\Windows\System32\nVJqJcK.exe

Filesize
2.5MB

MD5
1db5018c7fc48ce828c43ff836aba351

SHA1
914fc7994b8e8058665d2607c4f708268fd717e3

SHA256
749cb70bf26b7af016616124c89f80dc4ae6e68672418d2f7eb7a65dfd768729

SHA512
bd313ae3d9d02a3806933060f20c6e3a26cbe728e6dae6e91452876afb66375474bd381cacbb6d2f361c6cdbafbfa19151a125f376c20d510c68d9baa0fd6800

Download Submit
C:\Windows\System32\qKuKKzp.exe

Filesize
2.5MB

MD5
43a16df79d262d1bbaa9cbb261982ea0

SHA1
cae9967e369eaffd213ed2734ac194f45f6e6964

SHA256
42b443b9f9bd424b19d4d47c2e967c0800db8a1e8d093ce32bd2ee84141f0169

SHA512
74f61fb4da51126db626507290c83ac19398e62bdbddd8533f053fac56bda801f97f5786853078fe1749b105b29a950024ee99f0f244190b1beace25802dc357

Download Submit
C:\Windows\System32\wKdgxiv.exe

Filesize
2.5MB

MD5
baacdc29ffe2fb4596029c9e2ec56c86

SHA1
80ffceeda2ef1d57f9ff1418a24084b9ebc55261

SHA256
3a90be09ee7aac6e10bc851bc2dc156556957b0a60ba1db2eb4c7fdf9b428b2d

SHA512
bd19ac9ac797212fe4838193d5019f85a31675c6977559744d16dcf144de194836eb9ac4f1e0f6966c93b5f2d674744a7e8b1ef431a0e6ed5e1742b35c976681

Download Submit
C:\Windows\System32\xwIbuDN.exe

Filesize
2.5MB

MD5
3c0bd4966266ab40e2303c0a824d2065

SHA1
de95388f8fa191d419cb7ef5f63db4e1812c1b8b

SHA256
ed5b786926a5250698d978c11f6d1eb5a7c9a3f0270299e94de38a0818408bed

SHA512
601761a844601aabaaaa121607c29976ac70c21b3bcccd703ed1eb90588617d7cc5ccb8d96f8b33d925597d98f380f59bb33d1a320730952d408eb51e6957889

Download Submit
memory/100-478-0x00007FF685260000-0x00007FF685655000-memory.dmp

Filesize
4.0MB

Download
memory/100-2082-0x00007FF685260000-0x00007FF685655000-memory.dmp

Filesize
4.0MB

Download
memory/404-564-0x00007FF73E200000-0x00007FF73E5F5000-memory.dmp

Filesize
4.0MB

Download
memory/404-2100-0x00007FF73E200000-0x00007FF73E5F5000-memory.dmp

Filesize
4.0MB

Download
memory/532-562-0x00007FF690A70000-0x00007FF690E65000-memory.dmp

Filesize
4.0MB

Download
memory/532-2097-0x00007FF690A70000-0x00007FF690E65000-memory.dmp

Filesize
4.0MB

Download
memory/744-492-0x00007FF6F1800000-0x00007FF6F1BF5000-memory.dmp

Filesize
4.0MB

Download
memory/744-2085-0x00007FF6F1800000-0x00007FF6F1BF5000-memory.dmp

Filesize
4.0MB

Download
memory/1144-576-0x00007FF773F90000-0x00007FF774385000-memory.dmp

Filesize
4.0MB

Download
memory/1144-2083-0x00007FF773F90000-0x00007FF774385000-memory.dmp

Filesize
4.0MB

Download
memory/1156-551-0x00007FF73BB50000-0x00007FF73BF45000-memory.dmp

Filesize
4.0MB

Download
memory/1156-2101-0x00007FF73BB50000-0x00007FF73BF45000-memory.dmp

Filesize
4.0MB

Download
memory/1388-489-0x00007FF7E9830000-0x00007FF7E9C25000-memory.dmp

Filesize
4.0MB

Download
memory/1388-2086-0x00007FF7E9830000-0x00007FF7E9C25000-memory.dmp

Filesize
4.0MB

Download
memory/2068-2095-0x00007FF702B70000-0x00007FF702F65000-memory.dmp

Filesize
4.0MB

Download
memory/2068-574-0x00007FF702B70000-0x00007FF702F65000-memory.dmp

Filesize
4.0MB

Download
memory/2108-10-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp

Filesize
4.0MB

Download
memory/2108-2079-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp

Filesize
4.0MB

Download
memory/2108-1362-0x00007FF7DC6C0000-0x00007FF7DCAB5000-memory.dmp

Filesize
4.0MB

Download
memory/2112-2096-0x00007FF7B9810000-0x00007FF7B9C05000-memory.dmp

Filesize
4.0MB

Download
memory/2112-567-0x00007FF7B9810000-0x00007FF7B9C05000-memory.dmp

Filesize
4.0MB

Download
memory/2296-2093-0x00007FF6070E0000-0x00007FF6074D5000-memory.dmp

Filesize
4.0MB

Download
memory/2296-533-0x00007FF6070E0000-0x00007FF6074D5000-memory.dmp

Filesize
4.0MB

Download
memory/2528-2094-0x00007FF6E1B40000-0x00007FF6E1F35000-memory.dmp

Filesize
4.0MB

Download
memory/2528-536-0x00007FF6E1B40000-0x00007FF6E1F35000-memory.dmp

Filesize
4.0MB

Download
memory/2912-0-0x00007FF6B4A30000-0x00007FF6B4E25000-memory.dmp

Filesize
4.0MB

Download
memory/2912-1260-0x00007FF6B4A30000-0x00007FF6B4E25000-memory.dmp

Filesize
4.0MB

Download
memory/2912-1-0x000002141F980000-0x000002141F990000-memory.dmp

Filesize
64KB

Download
memory/3104-2092-0x00007FF6698E0000-0x00007FF669CD5000-memory.dmp

Filesize
4.0MB

Download
memory/3104-521-0x00007FF6698E0000-0x00007FF669CD5000-memory.dmp

Filesize
4.0MB

Download
memory/3236-1499-0x00007FF753200000-0x00007FF7535F5000-memory.dmp

Filesize
4.0MB

Download
memory/3236-2081-0x00007FF753200000-0x00007FF7535F5000-memory.dmp

Filesize
4.0MB

Download
memory/3236-30-0x00007FF753200000-0x00007FF7535F5000-memory.dmp

Filesize
4.0MB

Download
memory/3372-480-0x00007FF7958E0000-0x00007FF795CD5000-memory.dmp

Filesize
4.0MB

Download
memory/3372-2088-0x00007FF7958E0000-0x00007FF795CD5000-memory.dmp

Filesize
4.0MB

Download
memory/3452-2099-0x00007FF6B3520000-0x00007FF6B3915000-memory.dmp

Filesize
4.0MB

Download
memory/3452-539-0x00007FF6B3520000-0x00007FF6B3915000-memory.dmp

Filesize
4.0MB

Download
memory/3488-2090-0x00007FF688BA0000-0x00007FF688F95000-memory.dmp

Filesize
4.0MB

Download
memory/3488-578-0x00007FF688BA0000-0x00007FF688F95000-memory.dmp

Filesize
4.0MB

Download
memory/4072-569-0x00007FF6F0630000-0x00007FF6F0A25000-memory.dmp

Filesize
4.0MB

Download
memory/4072-2102-0x00007FF6F0630000-0x00007FF6F0A25000-memory.dmp

Filesize
4.0MB

Download
memory/4164-14-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp

Filesize
4.0MB

Download
memory/4164-2080-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp

Filesize
4.0MB

Download
memory/4164-1496-0x00007FF61CFB0000-0x00007FF61D3A5000-memory.dmp

Filesize
4.0MB

Download
memory/4288-2098-0x00007FF6B4300000-0x00007FF6B46F5000-memory.dmp

Filesize
4.0MB

Download
memory/4288-545-0x00007FF6B4300000-0x00007FF6B46F5000-memory.dmp

Filesize
4.0MB

Download
memory/4376-2089-0x00007FF737A30000-0x00007FF737E25000-memory.dmp

Filesize
4.0MB

Download
memory/4376-512-0x00007FF737A30000-0x00007FF737E25000-memory.dmp

Filesize
4.0MB

Download
memory/4492-2087-0x00007FF7347C0000-0x00007FF734BB5000-memory.dmp

Filesize
4.0MB

Download
memory/4492-490-0x00007FF7347C0000-0x00007FF734BB5000-memory.dmp

Filesize
4.0MB

Download
memory/4552-525-0x00007FF76E8F0000-0x00007FF76ECE5000-memory.dmp

Filesize
4.0MB

Download
memory/4552-2091-0x00007FF76E8F0000-0x00007FF76ECE5000-memory.dmp

Filesize
4.0MB

Download
memory/4948-2084-0x00007FF630C00000-0x00007FF630FF5000-memory.dmp

Filesize
4.0MB

Download
memory/4948-498-0x00007FF630C00000-0x00007FF630FF5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads