xmrig | fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf

Analysis

max time kernel
137s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
Size

1.7MB
MD5

7f059b1cdfbb11e13cf9dffd7afaeca7
SHA1

851a150bb0a335226086344d6fe79fa9f2d7b5e4
SHA256

fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf
SHA512

eca38330519a15a0104e174f3fd29478ecbb93516b0bd1ce51ab6f5ecab9ff56c606a44f2886c50152ce9b07b7fc35c58a52ed94047375401e4d791fea98dc5b
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlia+zzDwd+t56p6aGu4DORZwTkhj0LQ0oK2ggETIyd:knw9oUUEEDlnd+XRqJZwTKjnp8

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/736-53-0x00007FF6FE170000-0x00007FF6FE561000-memory.dmp	xmrig
behavioral2/memory/1788-466-0x00007FF754E70000-0x00007FF755261000-memory.dmp	xmrig
behavioral2/memory/4660-56-0x00007FF74FE70000-0x00007FF750261000-memory.dmp	xmrig
behavioral2/memory/4968-468-0x00007FF6887F0000-0x00007FF688BE1000-memory.dmp	xmrig
behavioral2/memory/3588-467-0x00007FF7A7BC0000-0x00007FF7A7FB1000-memory.dmp	xmrig
behavioral2/memory/2272-469-0x00007FF719000000-0x00007FF7193F1000-memory.dmp	xmrig
behavioral2/memory/3944-470-0x00007FF7EB480000-0x00007FF7EB871000-memory.dmp	xmrig
behavioral2/memory/4356-472-0x00007FF69D4E0000-0x00007FF69D8D1000-memory.dmp	xmrig
behavioral2/memory/4700-473-0x00007FF6A6BC0000-0x00007FF6A6FB1000-memory.dmp	xmrig
behavioral2/memory/2404-471-0x00007FF6579D0000-0x00007FF657DC1000-memory.dmp	xmrig
behavioral2/memory/5100-474-0x00007FF65B4A0000-0x00007FF65B891000-memory.dmp	xmrig
behavioral2/memory/2504-475-0x00007FF633DC0000-0x00007FF6341B1000-memory.dmp	xmrig
behavioral2/memory/2548-476-0x00007FF79F630000-0x00007FF79FA21000-memory.dmp	xmrig
behavioral2/memory/880-485-0x00007FF6DD030000-0x00007FF6DD421000-memory.dmp	xmrig
behavioral2/memory/4284-477-0x00007FF607D80000-0x00007FF608171000-memory.dmp	xmrig
behavioral2/memory/544-497-0x00007FF6B9AA0000-0x00007FF6B9E91000-memory.dmp	xmrig
behavioral2/memory/1720-502-0x00007FF708AB0000-0x00007FF708EA1000-memory.dmp	xmrig
behavioral2/memory/4944-504-0x00007FF7A1C90000-0x00007FF7A2081000-memory.dmp	xmrig
behavioral2/memory/676-1071-0x00007FF684290000-0x00007FF684681000-memory.dmp	xmrig
behavioral2/memory/1980-1198-0x00007FF650020000-0x00007FF650411000-memory.dmp	xmrig
behavioral2/memory/4828-1195-0x00007FF748170000-0x00007FF748561000-memory.dmp	xmrig
behavioral2/memory/1992-1336-0x00007FF77A930000-0x00007FF77AD21000-memory.dmp	xmrig
behavioral2/memory/3048-1334-0x00007FF759EC0000-0x00007FF75A2B1000-memory.dmp	xmrig
behavioral2/memory/2628-1436-0x00007FF61C230000-0x00007FF61C621000-memory.dmp	xmrig
behavioral2/memory/3716-1443-0x00007FF793280000-0x00007FF793671000-memory.dmp	xmrig
behavioral2/memory/4828-2114-0x00007FF748170000-0x00007FF748561000-memory.dmp	xmrig
behavioral2/memory/3048-2136-0x00007FF759EC0000-0x00007FF75A2B1000-memory.dmp	xmrig
behavioral2/memory/1980-2134-0x00007FF650020000-0x00007FF650411000-memory.dmp	xmrig
behavioral2/memory/736-2142-0x00007FF6FE170000-0x00007FF6FE561000-memory.dmp	xmrig
behavioral2/memory/2628-2140-0x00007FF61C230000-0x00007FF61C621000-memory.dmp	xmrig
behavioral2/memory/1992-2138-0x00007FF77A930000-0x00007FF77AD21000-memory.dmp	xmrig
behavioral2/memory/544-2146-0x00007FF6B9AA0000-0x00007FF6B9E91000-memory.dmp	xmrig
behavioral2/memory/4660-2144-0x00007FF74FE70000-0x00007FF750261000-memory.dmp	xmrig
behavioral2/memory/3716-2148-0x00007FF793280000-0x00007FF793671000-memory.dmp	xmrig
behavioral2/memory/1720-2150-0x00007FF708AB0000-0x00007FF708EA1000-memory.dmp	xmrig
behavioral2/memory/3588-2156-0x00007FF7A7BC0000-0x00007FF7A7FB1000-memory.dmp	xmrig
behavioral2/memory/4944-2154-0x00007FF7A1C90000-0x00007FF7A2081000-memory.dmp	xmrig
behavioral2/memory/1788-2152-0x00007FF754E70000-0x00007FF755261000-memory.dmp	xmrig
behavioral2/memory/2272-2160-0x00007FF719000000-0x00007FF7193F1000-memory.dmp	xmrig
behavioral2/memory/4968-2158-0x00007FF6887F0000-0x00007FF688BE1000-memory.dmp	xmrig
behavioral2/memory/3944-2162-0x00007FF7EB480000-0x00007FF7EB871000-memory.dmp	xmrig
behavioral2/memory/2404-2164-0x00007FF6579D0000-0x00007FF657DC1000-memory.dmp	xmrig
behavioral2/memory/5100-2177-0x00007FF65B4A0000-0x00007FF65B891000-memory.dmp	xmrig
behavioral2/memory/2504-2199-0x00007FF633DC0000-0x00007FF6341B1000-memory.dmp	xmrig
behavioral2/memory/2548-2201-0x00007FF79F630000-0x00007FF79FA21000-memory.dmp	xmrig
behavioral2/memory/4356-2166-0x00007FF69D4E0000-0x00007FF69D8D1000-memory.dmp	xmrig
behavioral2/memory/880-2206-0x00007FF6DD030000-0x00007FF6DD421000-memory.dmp	xmrig
behavioral2/memory/4284-2203-0x00007FF607D80000-0x00007FF608171000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4828	jKCOGFB.exe
1980	ZQUsziH.exe
3048	srepXaj.exe
2628	hoQmMLB.exe
1992	nifCGLu.exe
736	uqBwviX.exe
544	iTIzPez.exe
4660	QPMuPTc.exe
1720	AwbMoIy.exe
3716	sqPwztM.exe
4944	TKdaeuf.exe
1788	VnRDZha.exe
3588	TSDRMff.exe
4968	xImqbxA.exe
2272	tKwRmVI.exe
3944	QKENcna.exe
2404	gavSlyZ.exe
4356	WTkvwZL.exe
4700	XcGhuOw.exe
5100	QIBoWep.exe
2504	HxFAiXS.exe
2548	BwYkasj.exe
4284	qQxjdqM.exe
880	sxkCXtb.exe
2872	zucvxoP.exe
4484	nKwymOZ.exe
1708	pjyObKg.exe
4852	tCemWkY.exe
1584	wZcQELS.exe
2512	vbEuFij.exe
4160	ycVMUbl.exe
2584	XQZVVEh.exe
3756	pDAxRAH.exe
1168	hYbHRIN.exe
2484	baDhVBK.exe
2336	arGIdOn.exe
4900	rMlMtrs.exe
448	HKfTGzZ.exe
4636	vUORGxz.exe
2860	FSZBmks.exe
3720	aXKAKEu.exe
3404	nsbkFtt.exe
2924	YcKcrGc.exe
1656	orQeMIZ.exe
5000	dmmkyNY.exe
4816	YNzayuJ.exe
4436	pflTSgy.exe
1612	kmrbPBO.exe
2196	mOwMFSO.exe
2252	IUDsDVZ.exe
2940	yfXECzu.exe
2004	mHblzqc.exe
2184	nrgpgQx.exe
5048	ROWyHVA.exe
4268	iYClxGi.exe
4240	rswMOvv.exe
3876	yzuZSgW.exe
3564	aicHiif.exe
396	BzDYsJx.exe
2144	FsdPQxL.exe
1292	dybNzoS.exe
1644	IIrOZAl.exe
4208	uUuhriT.exe
2780	SDddGMa.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/676-0-0x00007FF684290000-0x00007FF684681000-memory.dmp	upx
behavioral2/files/0x000900000002346c-4.dat	upx
behavioral2/memory/4828-8-0x00007FF748170000-0x00007FF748561000-memory.dmp	upx
behavioral2/files/0x00070000000234d5-14.dat	upx
behavioral2/files/0x00070000000234d7-20.dat	upx
behavioral2/files/0x00070000000234d4-24.dat	upx
behavioral2/files/0x00070000000234d6-19.dat	upx
behavioral2/files/0x00070000000234d8-37.dat	upx
behavioral2/files/0x00070000000234dc-52.dat	upx
behavioral2/memory/736-53-0x00007FF6FE170000-0x00007FF6FE561000-memory.dmp	upx
behavioral2/files/0x00070000000234db-61.dat	upx
behavioral2/files/0x00070000000234e0-81.dat	upx
behavioral2/files/0x00070000000234e4-101.dat	upx
behavioral2/files/0x00070000000234f2-168.dat	upx
behavioral2/memory/1788-466-0x00007FF754E70000-0x00007FF755261000-memory.dmp	upx
behavioral2/memory/3716-465-0x00007FF793280000-0x00007FF793671000-memory.dmp	upx
behavioral2/files/0x00070000000234f1-164.dat	upx
behavioral2/files/0x00070000000234f0-161.dat	upx
behavioral2/files/0x00070000000234ef-156.dat	upx
behavioral2/files/0x00070000000234ee-151.dat	upx
behavioral2/files/0x00070000000234ed-146.dat	upx
behavioral2/files/0x00070000000234ec-138.dat	upx
behavioral2/files/0x00070000000234eb-136.dat	upx
behavioral2/files/0x00070000000234ea-131.dat	upx
behavioral2/files/0x00070000000234e9-126.dat	upx
behavioral2/files/0x00070000000234e8-121.dat	upx
behavioral2/files/0x00070000000234e7-113.dat	upx
behavioral2/files/0x00070000000234e6-111.dat	upx
behavioral2/files/0x00070000000234e5-106.dat	upx
behavioral2/files/0x00070000000234e3-94.dat	upx
behavioral2/files/0x00070000000234e2-88.dat	upx
behavioral2/files/0x00070000000234e1-86.dat	upx
behavioral2/files/0x00070000000234df-76.dat	upx
behavioral2/files/0x00070000000234de-68.dat	upx
behavioral2/files/0x00070000000234dd-63.dat	upx
behavioral2/memory/4660-56-0x00007FF74FE70000-0x00007FF750261000-memory.dmp	upx
behavioral2/files/0x00070000000234d9-50.dat	upx
behavioral2/files/0x00070000000234da-47.dat	upx
behavioral2/memory/2628-44-0x00007FF61C230000-0x00007FF61C621000-memory.dmp	upx
behavioral2/memory/1992-33-0x00007FF77A930000-0x00007FF77AD21000-memory.dmp	upx
behavioral2/memory/3048-28-0x00007FF759EC0000-0x00007FF75A2B1000-memory.dmp	upx
behavioral2/memory/1980-17-0x00007FF650020000-0x00007FF650411000-memory.dmp	upx
behavioral2/memory/4968-468-0x00007FF6887F0000-0x00007FF688BE1000-memory.dmp	upx
behavioral2/memory/3588-467-0x00007FF7A7BC0000-0x00007FF7A7FB1000-memory.dmp	upx
behavioral2/memory/2272-469-0x00007FF719000000-0x00007FF7193F1000-memory.dmp	upx
behavioral2/memory/3944-470-0x00007FF7EB480000-0x00007FF7EB871000-memory.dmp	upx
behavioral2/memory/4356-472-0x00007FF69D4E0000-0x00007FF69D8D1000-memory.dmp	upx
behavioral2/memory/4700-473-0x00007FF6A6BC0000-0x00007FF6A6FB1000-memory.dmp	upx
behavioral2/memory/2404-471-0x00007FF6579D0000-0x00007FF657DC1000-memory.dmp	upx
behavioral2/memory/5100-474-0x00007FF65B4A0000-0x00007FF65B891000-memory.dmp	upx
behavioral2/memory/2504-475-0x00007FF633DC0000-0x00007FF6341B1000-memory.dmp	upx
behavioral2/memory/2548-476-0x00007FF79F630000-0x00007FF79FA21000-memory.dmp	upx
behavioral2/memory/880-485-0x00007FF6DD030000-0x00007FF6DD421000-memory.dmp	upx
behavioral2/memory/4284-477-0x00007FF607D80000-0x00007FF608171000-memory.dmp	upx
behavioral2/memory/544-497-0x00007FF6B9AA0000-0x00007FF6B9E91000-memory.dmp	upx
behavioral2/memory/1720-502-0x00007FF708AB0000-0x00007FF708EA1000-memory.dmp	upx
behavioral2/memory/4944-504-0x00007FF7A1C90000-0x00007FF7A2081000-memory.dmp	upx
behavioral2/memory/676-1071-0x00007FF684290000-0x00007FF684681000-memory.dmp	upx
behavioral2/memory/1980-1198-0x00007FF650020000-0x00007FF650411000-memory.dmp	upx
behavioral2/memory/4828-1195-0x00007FF748170000-0x00007FF748561000-memory.dmp	upx
behavioral2/memory/1992-1336-0x00007FF77A930000-0x00007FF77AD21000-memory.dmp	upx
behavioral2/memory/3048-1334-0x00007FF759EC0000-0x00007FF75A2B1000-memory.dmp	upx
behavioral2/memory/2628-1436-0x00007FF61C230000-0x00007FF61C621000-memory.dmp	upx
behavioral2/memory/3716-1443-0x00007FF793280000-0x00007FF793671000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\wFzdErJ.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\YPJzVWK.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\PhEoTOB.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\BJjgmzw.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\fgGayMD.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\SmHogYD.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\qqfrnKw.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\TgHajMc.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\cyjZTHi.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\DKrmuRH.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\Dvlazyu.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\SDddGMa.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\yofayTC.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\UWPsPqe.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\jTMcHHp.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\hxQDZCa.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\PrMMvQi.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\tobvBwU.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\zVBshjF.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\ISkUJzj.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\QjryYGv.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\tKwRmVI.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\huSeYli.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\hoQmMLB.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\fITtKGV.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\fcLFNLd.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\gjaJFwg.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\PVCtDBz.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\TKdaeuf.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\ffcXuwC.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\zdAMJHk.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\GGAXjSR.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\gokgLvz.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\WJIlMrw.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\invZxbb.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\SZFRfDU.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\IZPqvBR.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\uYeqdGC.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\jcPRuVg.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\fniubUZ.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\JCdgFhc.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\ELtSMCm.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\jfPqJRw.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\cvlLZah.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\kneSfdJ.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\MbKkdmo.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\EVNCHtG.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\tlQCVwV.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\rApPgjy.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\mMsaCww.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\fxpWTtv.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\cIoZyBa.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\xjqssll.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\aoSCHSR.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\HThtjvw.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\ymAHKsK.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\JMEwwly.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\HKfTGzZ.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\pfVnMyU.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\bIZspQY.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\hQwzCul.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\jtVNmxt.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\QojwKBa.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
File created	C:\Windows\System32\JLudBkL.exe	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13472	dwm.exe
Token: SeChangeNotifyPrivilege	13472	dwm.exe
Token: 33	13472	dwm.exe
Token: SeIncBasePriorityPrivilege	13472	dwm.exe
Token: SeShutdownPrivilege	13472	dwm.exe
Token: SeCreatePagefilePrivilege	13472	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 676 wrote to memory of 4828	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	85
PID 676 wrote to memory of 4828	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	85
PID 676 wrote to memory of 1980	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	86
PID 676 wrote to memory of 1980	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	86
PID 676 wrote to memory of 3048	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	87
PID 676 wrote to memory of 3048	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	87
PID 676 wrote to memory of 2628	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	88
PID 676 wrote to memory of 2628	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	88
PID 676 wrote to memory of 1992	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	89
PID 676 wrote to memory of 1992	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	89
PID 676 wrote to memory of 736	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	90
PID 676 wrote to memory of 736	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	90
PID 676 wrote to memory of 544	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	91
PID 676 wrote to memory of 544	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	91
PID 676 wrote to memory of 4660	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	92
PID 676 wrote to memory of 4660	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	92
PID 676 wrote to memory of 1720	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	93
PID 676 wrote to memory of 1720	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	93
PID 676 wrote to memory of 3716	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	94
PID 676 wrote to memory of 3716	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	94
PID 676 wrote to memory of 4944	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	95
PID 676 wrote to memory of 4944	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	95
PID 676 wrote to memory of 1788	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	96
PID 676 wrote to memory of 1788	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	96
PID 676 wrote to memory of 3588	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	97
PID 676 wrote to memory of 3588	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	97
PID 676 wrote to memory of 4968	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	98
PID 676 wrote to memory of 4968	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	98
PID 676 wrote to memory of 2272	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	99
PID 676 wrote to memory of 2272	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	99
PID 676 wrote to memory of 3944	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	100
PID 676 wrote to memory of 3944	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	100
PID 676 wrote to memory of 2404	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	101
PID 676 wrote to memory of 2404	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	101
PID 676 wrote to memory of 4356	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	102
PID 676 wrote to memory of 4356	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	102
PID 676 wrote to memory of 4700	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	103
PID 676 wrote to memory of 4700	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	103
PID 676 wrote to memory of 5100	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	104
PID 676 wrote to memory of 5100	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	104
PID 676 wrote to memory of 2504	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	105
PID 676 wrote to memory of 2504	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	105
PID 676 wrote to memory of 2548	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	106
PID 676 wrote to memory of 2548	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	106
PID 676 wrote to memory of 4284	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	107
PID 676 wrote to memory of 4284	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	107
PID 676 wrote to memory of 880	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	108
PID 676 wrote to memory of 880	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	108
PID 676 wrote to memory of 2872	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	109
PID 676 wrote to memory of 2872	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	109
PID 676 wrote to memory of 4484	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	110
PID 676 wrote to memory of 4484	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	110
PID 676 wrote to memory of 1708	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	111
PID 676 wrote to memory of 1708	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	111
PID 676 wrote to memory of 4852	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	112
PID 676 wrote to memory of 4852	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	112
PID 676 wrote to memory of 1584	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	113
PID 676 wrote to memory of 1584	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	113
PID 676 wrote to memory of 2512	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	114
PID 676 wrote to memory of 2512	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	114
PID 676 wrote to memory of 4160	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	115
PID 676 wrote to memory of 4160	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	115
PID 676 wrote to memory of 2584	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	116
PID 676 wrote to memory of 2584	676	fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe	116

C:\Users\Admin\AppData\Local\Temp\fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe
"C:\Users\Admin\AppData\Local\Temp\fad93f4fa6ff46911ee604111717538773e32d0e4c291a50fa826115188b6ebf.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:676
- C:\Windows\System32\jKCOGFB.exe
  C:\Windows\System32\jKCOGFB.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System32\ZQUsziH.exe
  C:\Windows\System32\ZQUsziH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System32\srepXaj.exe
  C:\Windows\System32\srepXaj.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System32\hoQmMLB.exe
  C:\Windows\System32\hoQmMLB.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System32\nifCGLu.exe
  C:\Windows\System32\nifCGLu.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System32\uqBwviX.exe
  C:\Windows\System32\uqBwviX.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System32\iTIzPez.exe
  C:\Windows\System32\iTIzPez.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System32\QPMuPTc.exe
  C:\Windows\System32\QPMuPTc.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System32\AwbMoIy.exe
  C:\Windows\System32\AwbMoIy.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System32\sqPwztM.exe
  C:\Windows\System32\sqPwztM.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System32\TKdaeuf.exe
  C:\Windows\System32\TKdaeuf.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System32\VnRDZha.exe
  C:\Windows\System32\VnRDZha.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System32\TSDRMff.exe
  C:\Windows\System32\TSDRMff.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System32\xImqbxA.exe
  C:\Windows\System32\xImqbxA.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System32\tKwRmVI.exe
  C:\Windows\System32\tKwRmVI.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System32\QKENcna.exe
  C:\Windows\System32\QKENcna.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System32\gavSlyZ.exe
  C:\Windows\System32\gavSlyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System32\WTkvwZL.exe
  C:\Windows\System32\WTkvwZL.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System32\XcGhuOw.exe
  C:\Windows\System32\XcGhuOw.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System32\QIBoWep.exe
  C:\Windows\System32\QIBoWep.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System32\HxFAiXS.exe
  C:\Windows\System32\HxFAiXS.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System32\BwYkasj.exe
  C:\Windows\System32\BwYkasj.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System32\qQxjdqM.exe
  C:\Windows\System32\qQxjdqM.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System32\sxkCXtb.exe
  C:\Windows\System32\sxkCXtb.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System32\zucvxoP.exe
  C:\Windows\System32\zucvxoP.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System32\nKwymOZ.exe
  C:\Windows\System32\nKwymOZ.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System32\pjyObKg.exe
  C:\Windows\System32\pjyObKg.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System32\tCemWkY.exe
  C:\Windows\System32\tCemWkY.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System32\wZcQELS.exe
  C:\Windows\System32\wZcQELS.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System32\vbEuFij.exe
  C:\Windows\System32\vbEuFij.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System32\ycVMUbl.exe
  C:\Windows\System32\ycVMUbl.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System32\XQZVVEh.exe
  C:\Windows\System32\XQZVVEh.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System32\pDAxRAH.exe
  C:\Windows\System32\pDAxRAH.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System32\hYbHRIN.exe
  C:\Windows\System32\hYbHRIN.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System32\baDhVBK.exe
  C:\Windows\System32\baDhVBK.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System32\arGIdOn.exe
  C:\Windows\System32\arGIdOn.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System32\rMlMtrs.exe
  C:\Windows\System32\rMlMtrs.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System32\HKfTGzZ.exe
  C:\Windows\System32\HKfTGzZ.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System32\vUORGxz.exe
  C:\Windows\System32\vUORGxz.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System32\FSZBmks.exe
  C:\Windows\System32\FSZBmks.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System32\aXKAKEu.exe
  C:\Windows\System32\aXKAKEu.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System32\nsbkFtt.exe
  C:\Windows\System32\nsbkFtt.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System32\YcKcrGc.exe
  C:\Windows\System32\YcKcrGc.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System32\orQeMIZ.exe
  C:\Windows\System32\orQeMIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System32\dmmkyNY.exe
  C:\Windows\System32\dmmkyNY.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System32\YNzayuJ.exe
  C:\Windows\System32\YNzayuJ.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System32\pflTSgy.exe
  C:\Windows\System32\pflTSgy.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System32\kmrbPBO.exe
  C:\Windows\System32\kmrbPBO.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System32\mOwMFSO.exe
  C:\Windows\System32\mOwMFSO.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System32\IUDsDVZ.exe
  C:\Windows\System32\IUDsDVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System32\yfXECzu.exe
  C:\Windows\System32\yfXECzu.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System32\mHblzqc.exe
  C:\Windows\System32\mHblzqc.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System32\nrgpgQx.exe
  C:\Windows\System32\nrgpgQx.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System32\ROWyHVA.exe
  C:\Windows\System32\ROWyHVA.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System32\iYClxGi.exe
  C:\Windows\System32\iYClxGi.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System32\rswMOvv.exe
  C:\Windows\System32\rswMOvv.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System32\yzuZSgW.exe
  C:\Windows\System32\yzuZSgW.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System32\aicHiif.exe
  C:\Windows\System32\aicHiif.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System32\BzDYsJx.exe
  C:\Windows\System32\BzDYsJx.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System32\FsdPQxL.exe
  C:\Windows\System32\FsdPQxL.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System32\dybNzoS.exe
  C:\Windows\System32\dybNzoS.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System32\IIrOZAl.exe
  C:\Windows\System32\IIrOZAl.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System32\uUuhriT.exe
  C:\Windows\System32\uUuhriT.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System32\SDddGMa.exe
  C:\Windows\System32\SDddGMa.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System32\cvlLZah.exe
  C:\Windows\System32\cvlLZah.exe
  2⤵
  PID:3560
- C:\Windows\System32\XqmbKac.exe
  C:\Windows\System32\XqmbKac.exe
  2⤵
  PID:4696
- C:\Windows\System32\dpHmOUg.exe
  C:\Windows\System32\dpHmOUg.exe
  2⤵
  PID:4300
- C:\Windows\System32\NRjEUDZ.exe
  C:\Windows\System32\NRjEUDZ.exe
  2⤵
  PID:2500
- C:\Windows\System32\oPKcTih.exe
  C:\Windows\System32\oPKcTih.exe
  2⤵
  PID:4492
- C:\Windows\System32\cIoZyBa.exe
  C:\Windows\System32\cIoZyBa.exe
  2⤵
  PID:3160
- C:\Windows\System32\RWrqKaZ.exe
  C:\Windows\System32\RWrqKaZ.exe
  2⤵
  PID:3544
- C:\Windows\System32\GxQMmXK.exe
  C:\Windows\System32\GxQMmXK.exe
  2⤵
  PID:5076
- C:\Windows\System32\TPYxbsZ.exe
  C:\Windows\System32\TPYxbsZ.exe
  2⤵
  PID:1872
- C:\Windows\System32\ucoXMpI.exe
  C:\Windows\System32\ucoXMpI.exe
  2⤵
  PID:212
- C:\Windows\System32\WPSadss.exe
  C:\Windows\System32\WPSadss.exe
  2⤵
  PID:3816
- C:\Windows\System32\sVFgvLf.exe
  C:\Windows\System32\sVFgvLf.exe
  2⤵
  PID:2492
- C:\Windows\System32\lhkVkwh.exe
  C:\Windows\System32\lhkVkwh.exe
  2⤵
  PID:3436
- C:\Windows\System32\cLUSNap.exe
  C:\Windows\System32\cLUSNap.exe
  2⤵
  PID:1104
- C:\Windows\System32\BYQlTKX.exe
  C:\Windows\System32\BYQlTKX.exe
  2⤵
  PID:5132
- C:\Windows\System32\yxSwlBP.exe
  C:\Windows\System32\yxSwlBP.exe
  2⤵
  PID:5180
- C:\Windows\System32\vHGzClx.exe
  C:\Windows\System32\vHGzClx.exe
  2⤵
  PID:5196
- C:\Windows\System32\fITtKGV.exe
  C:\Windows\System32\fITtKGV.exe
  2⤵
  PID:5224
- C:\Windows\System32\dKpnOrj.exe
  C:\Windows\System32\dKpnOrj.exe
  2⤵
  PID:5252
- C:\Windows\System32\USGAXyw.exe
  C:\Windows\System32\USGAXyw.exe
  2⤵
  PID:5268
- C:\Windows\System32\KcHAaiR.exe
  C:\Windows\System32\KcHAaiR.exe
  2⤵
  PID:5296
- C:\Windows\System32\pKQCAeH.exe
  C:\Windows\System32\pKQCAeH.exe
  2⤵
  PID:5324
- C:\Windows\System32\lvqTUtk.exe
  C:\Windows\System32\lvqTUtk.exe
  2⤵
  PID:5348
- C:\Windows\System32\hxQDZCa.exe
  C:\Windows\System32\hxQDZCa.exe
  2⤵
  PID:5380
- C:\Windows\System32\SCytYUP.exe
  C:\Windows\System32\SCytYUP.exe
  2⤵
  PID:5404
- C:\Windows\System32\SmHogYD.exe
  C:\Windows\System32\SmHogYD.exe
  2⤵
  PID:5436
- C:\Windows\System32\EWhBlij.exe
  C:\Windows\System32\EWhBlij.exe
  2⤵
  PID:5464
- C:\Windows\System32\MRTNsFq.exe
  C:\Windows\System32\MRTNsFq.exe
  2⤵
  PID:5492
- C:\Windows\System32\ZeeyYeR.exe
  C:\Windows\System32\ZeeyYeR.exe
  2⤵
  PID:5520
- C:\Windows\System32\KXvofzy.exe
  C:\Windows\System32\KXvofzy.exe
  2⤵
  PID:5548
- C:\Windows\System32\UWBZsjg.exe
  C:\Windows\System32\UWBZsjg.exe
  2⤵
  PID:5572
- C:\Windows\System32\PbDWoSG.exe
  C:\Windows\System32\PbDWoSG.exe
  2⤵
  PID:5604
- C:\Windows\System32\xfMJXIC.exe
  C:\Windows\System32\xfMJXIC.exe
  2⤵
  PID:5632
- C:\Windows\System32\nuJyFFe.exe
  C:\Windows\System32\nuJyFFe.exe
  2⤵
  PID:5660
- C:\Windows\System32\dWLCFPG.exe
  C:\Windows\System32\dWLCFPG.exe
  2⤵
  PID:5688
- C:\Windows\System32\xqTASsK.exe
  C:\Windows\System32\xqTASsK.exe
  2⤵
  PID:5716
- C:\Windows\System32\mzMkxMV.exe
  C:\Windows\System32\mzMkxMV.exe
  2⤵
  PID:5744
- C:\Windows\System32\UWEaxVb.exe
  C:\Windows\System32\UWEaxVb.exe
  2⤵
  PID:5772
- C:\Windows\System32\IuxZbHi.exe
  C:\Windows\System32\IuxZbHi.exe
  2⤵
  PID:5800
- C:\Windows\System32\ffcXuwC.exe
  C:\Windows\System32\ffcXuwC.exe
  2⤵
  PID:5824
- C:\Windows\System32\SCzufRZ.exe
  C:\Windows\System32\SCzufRZ.exe
  2⤵
  PID:5852
- C:\Windows\System32\UaGQCjb.exe
  C:\Windows\System32\UaGQCjb.exe
  2⤵
  PID:5884
- C:\Windows\System32\NGEhESz.exe
  C:\Windows\System32\NGEhESz.exe
  2⤵
  PID:5912
- C:\Windows\System32\BRbQIfL.exe
  C:\Windows\System32\BRbQIfL.exe
  2⤵
  PID:5940
- C:\Windows\System32\joqHkjG.exe
  C:\Windows\System32\joqHkjG.exe
  2⤵
  PID:5964
- C:\Windows\System32\sYkiHlG.exe
  C:\Windows\System32\sYkiHlG.exe
  2⤵
  PID:5996
- C:\Windows\System32\knLGIsU.exe
  C:\Windows\System32\knLGIsU.exe
  2⤵
  PID:6024
- C:\Windows\System32\cNKYvdQ.exe
  C:\Windows\System32\cNKYvdQ.exe
  2⤵
  PID:6052
- C:\Windows\System32\NaEsDIZ.exe
  C:\Windows\System32\NaEsDIZ.exe
  2⤵
  PID:6080
- C:\Windows\System32\eIBaCaj.exe
  C:\Windows\System32\eIBaCaj.exe
  2⤵
  PID:6108
- C:\Windows\System32\BtxWTky.exe
  C:\Windows\System32\BtxWTky.exe
  2⤵
  PID:6136
- C:\Windows\System32\xjqssll.exe
  C:\Windows\System32\xjqssll.exe
  2⤵
  PID:2164
- C:\Windows\System32\kneSfdJ.exe
  C:\Windows\System32\kneSfdJ.exe
  2⤵
  PID:3020
- C:\Windows\System32\RqbCJGj.exe
  C:\Windows\System32\RqbCJGj.exe
  2⤵
  PID:2824
- C:\Windows\System32\OrqtzXG.exe
  C:\Windows\System32\OrqtzXG.exe
  2⤵
  PID:3068
- C:\Windows\System32\BgUAekm.exe
  C:\Windows\System32\BgUAekm.exe
  2⤵
  PID:5172
- C:\Windows\System32\PrMMvQi.exe
  C:\Windows\System32\PrMMvQi.exe
  2⤵
  PID:5208
- C:\Windows\System32\aYkDvaD.exe
  C:\Windows\System32\aYkDvaD.exe
  2⤵
  PID:5288
- C:\Windows\System32\yofayTC.exe
  C:\Windows\System32\yofayTC.exe
  2⤵
  PID:5336
- C:\Windows\System32\NXxycQi.exe
  C:\Windows\System32\NXxycQi.exe
  2⤵
  PID:1652
- C:\Windows\System32\SawPoqx.exe
  C:\Windows\System32\SawPoqx.exe
  2⤵
  PID:5476
- C:\Windows\System32\AsVgSuY.exe
  C:\Windows\System32\AsVgSuY.exe
  2⤵
  PID:5500
- C:\Windows\System32\LUUQkZl.exe
  C:\Windows\System32\LUUQkZl.exe
  2⤵
  PID:5556
- C:\Windows\System32\IQYjgbd.exe
  C:\Windows\System32\IQYjgbd.exe
  2⤵
  PID:5616
- C:\Windows\System32\IVTScxK.exe
  C:\Windows\System32\IVTScxK.exe
  2⤵
  PID:5672
- C:\Windows\System32\NnbSLjt.exe
  C:\Windows\System32\NnbSLjt.exe
  2⤵
  PID:5736
- C:\Windows\System32\npyzWaI.exe
  C:\Windows\System32\npyzWaI.exe
  2⤵
  PID:5784
- C:\Windows\System32\jeObZEm.exe
  C:\Windows\System32\jeObZEm.exe
  2⤵
  PID:6016
- C:\Windows\System32\hnZFGBT.exe
  C:\Windows\System32\hnZFGBT.exe
  2⤵
  PID:3668
- C:\Windows\System32\VqPzRbD.exe
  C:\Windows\System32\VqPzRbD.exe
  2⤵
  PID:6072
- C:\Windows\System32\nIKiech.exe
  C:\Windows\System32\nIKiech.exe
  2⤵
  PID:6120
- C:\Windows\System32\ZhulDDw.exe
  C:\Windows\System32\ZhulDDw.exe
  2⤵
  PID:612
- C:\Windows\System32\FuJXLit.exe
  C:\Windows\System32\FuJXLit.exe
  2⤵
  PID:4036
- C:\Windows\System32\UPUwXeU.exe
  C:\Windows\System32\UPUwXeU.exe
  2⤵
  PID:1908
- C:\Windows\System32\RRxhqKd.exe
  C:\Windows\System32\RRxhqKd.exe
  2⤵
  PID:2172
- C:\Windows\System32\iDoqyHJ.exe
  C:\Windows\System32\iDoqyHJ.exe
  2⤵
  PID:3780
- C:\Windows\System32\zajMuGT.exe
  C:\Windows\System32\zajMuGT.exe
  2⤵
  PID:4520
- C:\Windows\System32\SeUHsmA.exe
  C:\Windows\System32\SeUHsmA.exe
  2⤵
  PID:5356
- C:\Windows\System32\jHjXxJT.exe
  C:\Windows\System32\jHjXxJT.exe
  2⤵
  PID:4880
- C:\Windows\System32\EVvKweD.exe
  C:\Windows\System32\EVvKweD.exe
  2⤵
  PID:3540
- C:\Windows\System32\iBfyBrv.exe
  C:\Windows\System32\iBfyBrv.exe
  2⤵
  PID:1404
- C:\Windows\System32\QPETbgm.exe
  C:\Windows\System32\QPETbgm.exe
  2⤵
  PID:4000
- C:\Windows\System32\YPaYFIe.exe
  C:\Windows\System32\YPaYFIe.exe
  2⤵
  PID:1444
- C:\Windows\System32\nBvFNIw.exe
  C:\Windows\System32\nBvFNIw.exe
  2⤵
  PID:2948
- C:\Windows\System32\SxGXvlP.exe
  C:\Windows\System32\SxGXvlP.exe
  2⤵
  PID:2640
- C:\Windows\System32\AMTIiWw.exe
  C:\Windows\System32\AMTIiWw.exe
  2⤵
  PID:6032
- C:\Windows\System32\iXioMnR.exe
  C:\Windows\System32\iXioMnR.exe
  2⤵
  PID:6092
- C:\Windows\System32\PjrzSvt.exe
  C:\Windows\System32\PjrzSvt.exe
  2⤵
  PID:3388
- C:\Windows\System32\QPkxsWw.exe
  C:\Windows\System32\QPkxsWw.exe
  2⤵
  PID:5188
- C:\Windows\System32\wljyErN.exe
  C:\Windows\System32\wljyErN.exe
  2⤵
  PID:468
- C:\Windows\System32\XcdcDeG.exe
  C:\Windows\System32\XcdcDeG.exe
  2⤵
  PID:3440
- C:\Windows\System32\toTcXkS.exe
  C:\Windows\System32\toTcXkS.exe
  2⤵
  PID:1692
- C:\Windows\System32\LWuQFIE.exe
  C:\Windows\System32\LWuQFIE.exe
  2⤵
  PID:5920
- C:\Windows\System32\TPEGGmO.exe
  C:\Windows\System32\TPEGGmO.exe
  2⤵
  PID:5952
- C:\Windows\System32\BxFjlRV.exe
  C:\Windows\System32\BxFjlRV.exe
  2⤵
  PID:3476
- C:\Windows\System32\zZDaCsf.exe
  C:\Windows\System32\zZDaCsf.exe
  2⤵
  PID:5484
- C:\Windows\System32\UeMGvnW.exe
  C:\Windows\System32\UeMGvnW.exe
  2⤵
  PID:4716
- C:\Windows\System32\aRYgTtP.exe
  C:\Windows\System32\aRYgTtP.exe
  2⤵
  PID:5980
- C:\Windows\System32\DJUOnJO.exe
  C:\Windows\System32\DJUOnJO.exe
  2⤵
  PID:5892
- C:\Windows\System32\KFnSzNi.exe
  C:\Windows\System32\KFnSzNi.exe
  2⤵
  PID:6100
- C:\Windows\System32\OfJDUBB.exe
  C:\Windows\System32\OfJDUBB.exe
  2⤵
  PID:1000
- C:\Windows\System32\PaRzcye.exe
  C:\Windows\System32\PaRzcye.exe
  2⤵
  PID:6184
- C:\Windows\System32\npIhhaa.exe
  C:\Windows\System32\npIhhaa.exe
  2⤵
  PID:6212
- C:\Windows\System32\yelQlck.exe
  C:\Windows\System32\yelQlck.exe
  2⤵
  PID:6228
- C:\Windows\System32\GuXlRpy.exe
  C:\Windows\System32\GuXlRpy.exe
  2⤵
  PID:6256
- C:\Windows\System32\FPKsxOh.exe
  C:\Windows\System32\FPKsxOh.exe
  2⤵
  PID:6276
- C:\Windows\System32\zBsWwmS.exe
  C:\Windows\System32\zBsWwmS.exe
  2⤵
  PID:6296
- C:\Windows\System32\QHGTxMm.exe
  C:\Windows\System32\QHGTxMm.exe
  2⤵
  PID:6320
- C:\Windows\System32\GAAGvlM.exe
  C:\Windows\System32\GAAGvlM.exe
  2⤵
  PID:6348
- C:\Windows\System32\HbpAUly.exe
  C:\Windows\System32\HbpAUly.exe
  2⤵
  PID:6368
- C:\Windows\System32\RPoWGKI.exe
  C:\Windows\System32\RPoWGKI.exe
  2⤵
  PID:6420
- C:\Windows\System32\sfkLVNL.exe
  C:\Windows\System32\sfkLVNL.exe
  2⤵
  PID:6448
- C:\Windows\System32\ahMdmRS.exe
  C:\Windows\System32\ahMdmRS.exe
  2⤵
  PID:6476
- C:\Windows\System32\raxXUXE.exe
  C:\Windows\System32\raxXUXE.exe
  2⤵
  PID:6520
- C:\Windows\System32\AkNXjyt.exe
  C:\Windows\System32\AkNXjyt.exe
  2⤵
  PID:6560
- C:\Windows\System32\gIJIHSg.exe
  C:\Windows\System32\gIJIHSg.exe
  2⤵
  PID:6612
- C:\Windows\System32\iJKaoqJ.exe
  C:\Windows\System32\iJKaoqJ.exe
  2⤵
  PID:6640
- C:\Windows\System32\rKMbUBz.exe
  C:\Windows\System32\rKMbUBz.exe
  2⤵
  PID:6660
- C:\Windows\System32\pfVnMyU.exe
  C:\Windows\System32\pfVnMyU.exe
  2⤵
  PID:6720
- C:\Windows\System32\bJlwQZU.exe
  C:\Windows\System32\bJlwQZU.exe
  2⤵
  PID:6740
- C:\Windows\System32\BAewtTJ.exe
  C:\Windows\System32\BAewtTJ.exe
  2⤵
  PID:6756
- C:\Windows\System32\IwNKTXC.exe
  C:\Windows\System32\IwNKTXC.exe
  2⤵
  PID:6772
- C:\Windows\System32\EHIOHhf.exe
  C:\Windows\System32\EHIOHhf.exe
  2⤵
  PID:6792
- C:\Windows\System32\ceYeREC.exe
  C:\Windows\System32\ceYeREC.exe
  2⤵
  PID:6808
- C:\Windows\System32\kpusfBY.exe
  C:\Windows\System32\kpusfBY.exe
  2⤵
  PID:6828
- C:\Windows\System32\aoSCHSR.exe
  C:\Windows\System32\aoSCHSR.exe
  2⤵
  PID:6852
- C:\Windows\System32\fUVxtGF.exe
  C:\Windows\System32\fUVxtGF.exe
  2⤵
  PID:6908
- C:\Windows\System32\PzRVmPz.exe
  C:\Windows\System32\PzRVmPz.exe
  2⤵
  PID:6928
- C:\Windows\System32\ivZdced.exe
  C:\Windows\System32\ivZdced.exe
  2⤵
  PID:6952
- C:\Windows\System32\gRsgHvV.exe
  C:\Windows\System32\gRsgHvV.exe
  2⤵
  PID:6984
- C:\Windows\System32\VbGLmYw.exe
  C:\Windows\System32\VbGLmYw.exe
  2⤵
  PID:7016
- C:\Windows\System32\cLYrSDS.exe
  C:\Windows\System32\cLYrSDS.exe
  2⤵
  PID:7124
- C:\Windows\System32\wFzdErJ.exe
  C:\Windows\System32\wFzdErJ.exe
  2⤵
  PID:7164
- C:\Windows\System32\cUGiZuB.exe
  C:\Windows\System32\cUGiZuB.exe
  2⤵
  PID:6156
- C:\Windows\System32\kDQuOQm.exe
  C:\Windows\System32\kDQuOQm.exe
  2⤵
  PID:6152
- C:\Windows\System32\EzWCrzm.exe
  C:\Windows\System32\EzWCrzm.exe
  2⤵
  PID:6308
- C:\Windows\System32\lVNXHqn.exe
  C:\Windows\System32\lVNXHqn.exe
  2⤵
  PID:6248
- C:\Windows\System32\MBAiyLD.exe
  C:\Windows\System32\MBAiyLD.exe
  2⤵
  PID:6208
- C:\Windows\System32\xaeYlkO.exe
  C:\Windows\System32\xaeYlkO.exe
  2⤵
  PID:6364
- C:\Windows\System32\GpHGlxV.exe
  C:\Windows\System32\GpHGlxV.exe
  2⤵
  PID:6356
- C:\Windows\System32\yhIavbp.exe
  C:\Windows\System32\yhIavbp.exe
  2⤵
  PID:6464
- C:\Windows\System32\SZFRfDU.exe
  C:\Windows\System32\SZFRfDU.exe
  2⤵
  PID:6492
- C:\Windows\System32\TZGCjTx.exe
  C:\Windows\System32\TZGCjTx.exe
  2⤵
  PID:6620
- C:\Windows\System32\vPlvSUv.exe
  C:\Windows\System32\vPlvSUv.exe
  2⤵
  PID:6668
- C:\Windows\System32\HDxezCi.exe
  C:\Windows\System32\HDxezCi.exe
  2⤵
  PID:6780
- C:\Windows\System32\fgOvGdU.exe
  C:\Windows\System32\fgOvGdU.exe
  2⤵
  PID:6692
- C:\Windows\System32\jtVNmxt.exe
  C:\Windows\System32\jtVNmxt.exe
  2⤵
  PID:6824
- C:\Windows\System32\UQnQgoB.exe
  C:\Windows\System32\UQnQgoB.exe
  2⤵
  PID:6920
- C:\Windows\System32\ykXZgYh.exe
  C:\Windows\System32\ykXZgYh.exe
  2⤵
  PID:6924
- C:\Windows\System32\CahDFUr.exe
  C:\Windows\System32\CahDFUr.exe
  2⤵
  PID:7048
- C:\Windows\System32\brZSsfw.exe
  C:\Windows\System32\brZSsfw.exe
  2⤵
  PID:7064
- C:\Windows\System32\tobvBwU.exe
  C:\Windows\System32\tobvBwU.exe
  2⤵
  PID:7092
- C:\Windows\System32\EbFWods.exe
  C:\Windows\System32\EbFWods.exe
  2⤵
  PID:6272
- C:\Windows\System32\IOOLXGi.exe
  C:\Windows\System32\IOOLXGi.exe
  2⤵
  PID:6428
- C:\Windows\System32\cNnaLSF.exe
  C:\Windows\System32\cNnaLSF.exe
  2⤵
  PID:6652
- C:\Windows\System32\ZsKJaKD.exe
  C:\Windows\System32\ZsKJaKD.exe
  2⤵
  PID:6876
- C:\Windows\System32\xrXUuDO.exe
  C:\Windows\System32\xrXUuDO.exe
  2⤵
  PID:6872
- C:\Windows\System32\jPKttTj.exe
  C:\Windows\System32\jPKttTj.exe
  2⤵
  PID:7012
- C:\Windows\System32\ILgyrBo.exe
  C:\Windows\System32\ILgyrBo.exe
  2⤵
  PID:3872
- C:\Windows\System32\opxZnaX.exe
  C:\Windows\System32\opxZnaX.exe
  2⤵
  PID:6288
- C:\Windows\System32\qegcLzH.exe
  C:\Windows\System32\qegcLzH.exe
  2⤵
  PID:6436
- C:\Windows\System32\lLhGQZP.exe
  C:\Windows\System32\lLhGQZP.exe
  2⤵
  PID:6768
- C:\Windows\System32\tnflocm.exe
  C:\Windows\System32\tnflocm.exe
  2⤵
  PID:7132
- C:\Windows\System32\PswwYfA.exe
  C:\Windows\System32\PswwYfA.exe
  2⤵
  PID:7180
- C:\Windows\System32\fCXMJxs.exe
  C:\Windows\System32\fCXMJxs.exe
  2⤵
  PID:7232
- C:\Windows\System32\OyWZwhj.exe
  C:\Windows\System32\OyWZwhj.exe
  2⤵
  PID:7252
- C:\Windows\System32\dDfGnHA.exe
  C:\Windows\System32\dDfGnHA.exe
  2⤵
  PID:7272
- C:\Windows\System32\urwYmQh.exe
  C:\Windows\System32\urwYmQh.exe
  2⤵
  PID:7296
- C:\Windows\System32\nBLhoqt.exe
  C:\Windows\System32\nBLhoqt.exe
  2⤵
  PID:7312
- C:\Windows\System32\ihHGGxm.exe
  C:\Windows\System32\ihHGGxm.exe
  2⤵
  PID:7348
- C:\Windows\System32\lbKCPKB.exe
  C:\Windows\System32\lbKCPKB.exe
  2⤵
  PID:7376
- C:\Windows\System32\ydVXePW.exe
  C:\Windows\System32\ydVXePW.exe
  2⤵
  PID:7428
- C:\Windows\System32\RTcfZeN.exe
  C:\Windows\System32\RTcfZeN.exe
  2⤵
  PID:7468
- C:\Windows\System32\AapOZsH.exe
  C:\Windows\System32\AapOZsH.exe
  2⤵
  PID:7484
- C:\Windows\System32\NIpzsjJ.exe
  C:\Windows\System32\NIpzsjJ.exe
  2⤵
  PID:7512
- C:\Windows\System32\ienCjpN.exe
  C:\Windows\System32\ienCjpN.exe
  2⤵
  PID:7540
- C:\Windows\System32\CFLURgQ.exe
  C:\Windows\System32\CFLURgQ.exe
  2⤵
  PID:7560
- C:\Windows\System32\GeKLFFt.exe
  C:\Windows\System32\GeKLFFt.exe
  2⤵
  PID:7588
- C:\Windows\System32\fSeXNLz.exe
  C:\Windows\System32\fSeXNLz.exe
  2⤵
  PID:7612
- C:\Windows\System32\wJDVlJA.exe
  C:\Windows\System32\wJDVlJA.exe
  2⤵
  PID:7632
- C:\Windows\System32\xqsywjN.exe
  C:\Windows\System32\xqsywjN.exe
  2⤵
  PID:7680
- C:\Windows\System32\AbAxvaQ.exe
  C:\Windows\System32\AbAxvaQ.exe
  2⤵
  PID:7700
- C:\Windows\System32\HThtjvw.exe
  C:\Windows\System32\HThtjvw.exe
  2⤵
  PID:7748
- C:\Windows\System32\VUIHpWH.exe
  C:\Windows\System32\VUIHpWH.exe
  2⤵
  PID:7772
- C:\Windows\System32\fgzpsgB.exe
  C:\Windows\System32\fgzpsgB.exe
  2⤵
  PID:7792
- C:\Windows\System32\pWkMZEN.exe
  C:\Windows\System32\pWkMZEN.exe
  2⤵
  PID:7812
- C:\Windows\System32\CsbOvjP.exe
  C:\Windows\System32\CsbOvjP.exe
  2⤵
  PID:7836
- C:\Windows\System32\pxYIvmQ.exe
  C:\Windows\System32\pxYIvmQ.exe
  2⤵
  PID:7864
- C:\Windows\System32\XuiwhPu.exe
  C:\Windows\System32\XuiwhPu.exe
  2⤵
  PID:7892
- C:\Windows\System32\fsPmcZU.exe
  C:\Windows\System32\fsPmcZU.exe
  2⤵
  PID:7916
- C:\Windows\System32\qJaqfpP.exe
  C:\Windows\System32\qJaqfpP.exe
  2⤵
  PID:7956
- C:\Windows\System32\fcLFNLd.exe
  C:\Windows\System32\fcLFNLd.exe
  2⤵
  PID:7988
- C:\Windows\System32\rkmaQJl.exe
  C:\Windows\System32\rkmaQJl.exe
  2⤵
  PID:8004
- C:\Windows\System32\wOMBtAV.exe
  C:\Windows\System32\wOMBtAV.exe
  2⤵
  PID:8024
- C:\Windows\System32\THApIvz.exe
  C:\Windows\System32\THApIvz.exe
  2⤵
  PID:8064
- C:\Windows\System32\LMqYIdq.exe
  C:\Windows\System32\LMqYIdq.exe
  2⤵
  PID:8080
- C:\Windows\System32\zEuAEiG.exe
  C:\Windows\System32\zEuAEiG.exe
  2⤵
  PID:8100
- C:\Windows\System32\qTpDycB.exe
  C:\Windows\System32\qTpDycB.exe
  2⤵
  PID:8148
- C:\Windows\System32\LirUubx.exe
  C:\Windows\System32\LirUubx.exe
  2⤵
  PID:8168
- C:\Windows\System32\IfDiJzP.exe
  C:\Windows\System32\IfDiJzP.exe
  2⤵
  PID:6700
- C:\Windows\System32\EZRjvIr.exe
  C:\Windows\System32\EZRjvIr.exe
  2⤵
  PID:7172
- C:\Windows\System32\wUTSPQy.exe
  C:\Windows\System32\wUTSPQy.exe
  2⤵
  PID:7288
- C:\Windows\System32\OdclDOu.exe
  C:\Windows\System32\OdclDOu.exe
  2⤵
  PID:7308
- C:\Windows\System32\tflaNJG.exe
  C:\Windows\System32\tflaNJG.exe
  2⤵
  PID:7336
- C:\Windows\System32\aCXrDNS.exe
  C:\Windows\System32\aCXrDNS.exe
  2⤵
  PID:7420
- C:\Windows\System32\xUdwLDO.exe
  C:\Windows\System32\xUdwLDO.exe
  2⤵
  PID:7424
- C:\Windows\System32\zERSuyl.exe
  C:\Windows\System32\zERSuyl.exe
  2⤵
  PID:7508
- C:\Windows\System32\LoNAzSj.exe
  C:\Windows\System32\LoNAzSj.exe
  2⤵
  PID:7576
- C:\Windows\System32\yEeHvkT.exe
  C:\Windows\System32\yEeHvkT.exe
  2⤵
  PID:7604
- C:\Windows\System32\FfmnoTw.exe
  C:\Windows\System32\FfmnoTw.exe
  2⤵
  PID:7664
- C:\Windows\System32\nqFZdTk.exe
  C:\Windows\System32\nqFZdTk.exe
  2⤵
  PID:7736
- C:\Windows\System32\YIvrrqB.exe
  C:\Windows\System32\YIvrrqB.exe
  2⤵
  PID:7808
- C:\Windows\System32\HJhKTXW.exe
  C:\Windows\System32\HJhKTXW.exe
  2⤵
  PID:7888
- C:\Windows\System32\qtYYJUX.exe
  C:\Windows\System32\qtYYJUX.exe
  2⤵
  PID:7924
- C:\Windows\System32\BKAtRNU.exe
  C:\Windows\System32\BKAtRNU.exe
  2⤵
  PID:8032
- C:\Windows\System32\kztNvxC.exe
  C:\Windows\System32\kztNvxC.exe
  2⤵
  PID:8136
- C:\Windows\System32\mgyPpnV.exe
  C:\Windows\System32\mgyPpnV.exe
  2⤵
  PID:7188
- C:\Windows\System32\guSjJNL.exe
  C:\Windows\System32\guSjJNL.exe
  2⤵
  PID:7384
- C:\Windows\System32\ELPkeqb.exe
  C:\Windows\System32\ELPkeqb.exe
  2⤵
  PID:7440
- C:\Windows\System32\UXRLKSp.exe
  C:\Windows\System32\UXRLKSp.exe
  2⤵
  PID:7568
- C:\Windows\System32\MbKkdmo.exe
  C:\Windows\System32\MbKkdmo.exe
  2⤵
  PID:7852
- C:\Windows\System32\lTvWtfP.exe
  C:\Windows\System32\lTvWtfP.exe
  2⤵
  PID:8016
- C:\Windows\System32\eiPyRTc.exe
  C:\Windows\System32\eiPyRTc.exe
  2⤵
  PID:8092
- C:\Windows\System32\GfoPOva.exe
  C:\Windows\System32\GfoPOva.exe
  2⤵
  PID:7320
- C:\Windows\System32\CCHDMJX.exe
  C:\Windows\System32\CCHDMJX.exe
  2⤵
  PID:7644
- C:\Windows\System32\Rbrqoyy.exe
  C:\Windows\System32\Rbrqoyy.exe
  2⤵
  PID:8048
- C:\Windows\System32\IOwQbKt.exe
  C:\Windows\System32\IOwQbKt.exe
  2⤵
  PID:7708
- C:\Windows\System32\hbkMrkI.exe
  C:\Windows\System32\hbkMrkI.exe
  2⤵
  PID:8200
- C:\Windows\System32\ULHtNbc.exe
  C:\Windows\System32\ULHtNbc.exe
  2⤵
  PID:8228
- C:\Windows\System32\nvSUlya.exe
  C:\Windows\System32\nvSUlya.exe
  2⤵
  PID:8248
- C:\Windows\System32\SWFJyrQ.exe
  C:\Windows\System32\SWFJyrQ.exe
  2⤵
  PID:8272
- C:\Windows\System32\ymAHKsK.exe
  C:\Windows\System32\ymAHKsK.exe
  2⤵
  PID:8292
- C:\Windows\System32\IZPqvBR.exe
  C:\Windows\System32\IZPqvBR.exe
  2⤵
  PID:8316
- C:\Windows\System32\cCzAzHz.exe
  C:\Windows\System32\cCzAzHz.exe
  2⤵
  PID:8352
- C:\Windows\System32\EXtZNGz.exe
  C:\Windows\System32\EXtZNGz.exe
  2⤵
  PID:8376
- C:\Windows\System32\uQfYkUY.exe
  C:\Windows\System32\uQfYkUY.exe
  2⤵
  PID:8400
- C:\Windows\System32\tXxkSUq.exe
  C:\Windows\System32\tXxkSUq.exe
  2⤵
  PID:8432
- C:\Windows\System32\EVNCHtG.exe
  C:\Windows\System32\EVNCHtG.exe
  2⤵
  PID:8468
- C:\Windows\System32\MRixMBn.exe
  C:\Windows\System32\MRixMBn.exe
  2⤵
  PID:8496
- C:\Windows\System32\QojwKBa.exe
  C:\Windows\System32\QojwKBa.exe
  2⤵
  PID:8516
- C:\Windows\System32\lROvVMw.exe
  C:\Windows\System32\lROvVMw.exe
  2⤵
  PID:8540
- C:\Windows\System32\NIcXIuW.exe
  C:\Windows\System32\NIcXIuW.exe
  2⤵
  PID:8584
- C:\Windows\System32\DyVSWAi.exe
  C:\Windows\System32\DyVSWAi.exe
  2⤵
  PID:8608
- C:\Windows\System32\YPJzVWK.exe
  C:\Windows\System32\YPJzVWK.exe
  2⤵
  PID:8632
- C:\Windows\System32\FsTByos.exe
  C:\Windows\System32\FsTByos.exe
  2⤵
  PID:8676
- C:\Windows\System32\wjcwrSb.exe
  C:\Windows\System32\wjcwrSb.exe
  2⤵
  PID:8700
- C:\Windows\System32\PqDVOWh.exe
  C:\Windows\System32\PqDVOWh.exe
  2⤵
  PID:8720
- C:\Windows\System32\lKcFATo.exe
  C:\Windows\System32\lKcFATo.exe
  2⤵
  PID:8740
- C:\Windows\System32\jFvwnnb.exe
  C:\Windows\System32\jFvwnnb.exe
  2⤵
  PID:8772
- C:\Windows\System32\IihWehQ.exe
  C:\Windows\System32\IihWehQ.exe
  2⤵
  PID:8796
- C:\Windows\System32\dUDthJX.exe
  C:\Windows\System32\dUDthJX.exe
  2⤵
  PID:8824
- C:\Windows\System32\hJLGpLD.exe
  C:\Windows\System32\hJLGpLD.exe
  2⤵
  PID:8852
- C:\Windows\System32\aUEAuGU.exe
  C:\Windows\System32\aUEAuGU.exe
  2⤵
  PID:8892
- C:\Windows\System32\HssPLNc.exe
  C:\Windows\System32\HssPLNc.exe
  2⤵
  PID:8924
- C:\Windows\System32\Dmrldie.exe
  C:\Windows\System32\Dmrldie.exe
  2⤵
  PID:8940
- C:\Windows\System32\PXLNkzv.exe
  C:\Windows\System32\PXLNkzv.exe
  2⤵
  PID:8972
- C:\Windows\System32\XWLEtXQ.exe
  C:\Windows\System32\XWLEtXQ.exe
  2⤵
  PID:8992
- C:\Windows\System32\clRZSgk.exe
  C:\Windows\System32\clRZSgk.exe
  2⤵
  PID:9020
- C:\Windows\System32\jGDLJRr.exe
  C:\Windows\System32\jGDLJRr.exe
  2⤵
  PID:9040
- C:\Windows\System32\NJYLLJp.exe
  C:\Windows\System32\NJYLLJp.exe
  2⤵
  PID:9100
- C:\Windows\System32\qqfrnKw.exe
  C:\Windows\System32\qqfrnKw.exe
  2⤵
  PID:9128
- C:\Windows\System32\yFjAvAj.exe
  C:\Windows\System32\yFjAvAj.exe
  2⤵
  PID:9148
- C:\Windows\System32\xJYHAUm.exe
  C:\Windows\System32\xJYHAUm.exe
  2⤵
  PID:9164
- C:\Windows\System32\IxCFHUM.exe
  C:\Windows\System32\IxCFHUM.exe
  2⤵
  PID:9184
- C:\Windows\System32\KRxNhpY.exe
  C:\Windows\System32\KRxNhpY.exe
  2⤵
  PID:9204
- C:\Windows\System32\sqTBeQh.exe
  C:\Windows\System32\sqTBeQh.exe
  2⤵
  PID:8000
- C:\Windows\System32\jNEKogG.exe
  C:\Windows\System32\jNEKogG.exe
  2⤵
  PID:8300
- C:\Windows\System32\HeLIdLl.exe
  C:\Windows\System32\HeLIdLl.exe
  2⤵
  PID:8440
- C:\Windows\System32\GOXftbr.exe
  C:\Windows\System32\GOXftbr.exe
  2⤵
  PID:8488
- C:\Windows\System32\GzpUjNO.exe
  C:\Windows\System32\GzpUjNO.exe
  2⤵
  PID:8564
- C:\Windows\System32\tiUqSED.exe
  C:\Windows\System32\tiUqSED.exe
  2⤵
  PID:8592
- C:\Windows\System32\HjOzmEb.exe
  C:\Windows\System32\HjOzmEb.exe
  2⤵
  PID:8648
- C:\Windows\System32\UebpnkO.exe
  C:\Windows\System32\UebpnkO.exe
  2⤵
  PID:8708
- C:\Windows\System32\tlQCVwV.exe
  C:\Windows\System32\tlQCVwV.exe
  2⤵
  PID:8792
- C:\Windows\System32\oNXDsca.exe
  C:\Windows\System32\oNXDsca.exe
  2⤵
  PID:8056
- C:\Windows\System32\vjbYXul.exe
  C:\Windows\System32\vjbYXul.exe
  2⤵
  PID:8932
- C:\Windows\System32\lhlORCT.exe
  C:\Windows\System32\lhlORCT.exe
  2⤵
  PID:9016
- C:\Windows\System32\tzSORvV.exe
  C:\Windows\System32\tzSORvV.exe
  2⤵
  PID:9048
- C:\Windows\System32\fqndOxK.exe
  C:\Windows\System32\fqndOxK.exe
  2⤵
  PID:9116
- C:\Windows\System32\wPEzgGb.exe
  C:\Windows\System32\wPEzgGb.exe
  2⤵
  PID:9172
- C:\Windows\System32\PQGeCTH.exe
  C:\Windows\System32\PQGeCTH.exe
  2⤵
  PID:8348
- C:\Windows\System32\ZXPSVYo.exe
  C:\Windows\System32\ZXPSVYo.exe
  2⤵
  PID:8512
- C:\Windows\System32\uXIMjqE.exe
  C:\Windows\System32\uXIMjqE.exe
  2⤵
  PID:8620
- C:\Windows\System32\JvImPzi.exe
  C:\Windows\System32\JvImPzi.exe
  2⤵
  PID:8748
- C:\Windows\System32\kJnXvhK.exe
  C:\Windows\System32\kJnXvhK.exe
  2⤵
  PID:8904
- C:\Windows\System32\esnPSQz.exe
  C:\Windows\System32\esnPSQz.exe
  2⤵
  PID:9120
- C:\Windows\System32\rApPgjy.exe
  C:\Windows\System32\rApPgjy.exe
  2⤵
  PID:9200
- C:\Windows\System32\JMEwwly.exe
  C:\Windows\System32\JMEwwly.exe
  2⤵
  PID:8696
- C:\Windows\System32\NaZXNWM.exe
  C:\Windows\System32\NaZXNWM.exe
  2⤵
  PID:9064
- C:\Windows\System32\llXamnq.exe
  C:\Windows\System32\llXamnq.exe
  2⤵
  PID:9224
- C:\Windows\System32\gjaJFwg.exe
  C:\Windows\System32\gjaJFwg.exe
  2⤵
  PID:9240
- C:\Windows\System32\DrzlGjN.exe
  C:\Windows\System32\DrzlGjN.exe
  2⤵
  PID:9260
- C:\Windows\System32\uuwBTAq.exe
  C:\Windows\System32\uuwBTAq.exe
  2⤵
  PID:9288
- C:\Windows\System32\zXuIntP.exe
  C:\Windows\System32\zXuIntP.exe
  2⤵
  PID:9304
- C:\Windows\System32\pZKAWdd.exe
  C:\Windows\System32\pZKAWdd.exe
  2⤵
  PID:9328
- C:\Windows\System32\rjGCkZz.exe
  C:\Windows\System32\rjGCkZz.exe
  2⤵
  PID:9360
- C:\Windows\System32\eIvwurb.exe
  C:\Windows\System32\eIvwurb.exe
  2⤵
  PID:9384
- C:\Windows\System32\DVwphyo.exe
  C:\Windows\System32\DVwphyo.exe
  2⤵
  PID:9408
- C:\Windows\System32\rxmbNKQ.exe
  C:\Windows\System32\rxmbNKQ.exe
  2⤵
  PID:9424
- C:\Windows\System32\RiFiLvA.exe
  C:\Windows\System32\RiFiLvA.exe
  2⤵
  PID:9448
- C:\Windows\System32\yCcbiCr.exe
  C:\Windows\System32\yCcbiCr.exe
  2⤵
  PID:9480
- C:\Windows\System32\vpkrWga.exe
  C:\Windows\System32\vpkrWga.exe
  2⤵
  PID:9500
- C:\Windows\System32\ZhexkKU.exe
  C:\Windows\System32\ZhexkKU.exe
  2⤵
  PID:9576
- C:\Windows\System32\eIlNhZM.exe
  C:\Windows\System32\eIlNhZM.exe
  2⤵
  PID:9620
- C:\Windows\System32\zVBshjF.exe
  C:\Windows\System32\zVBshjF.exe
  2⤵
  PID:9644
- C:\Windows\System32\pBxFOIC.exe
  C:\Windows\System32\pBxFOIC.exe
  2⤵
  PID:9668
- C:\Windows\System32\okiEKeT.exe
  C:\Windows\System32\okiEKeT.exe
  2⤵
  PID:9684
- C:\Windows\System32\uYeqdGC.exe
  C:\Windows\System32\uYeqdGC.exe
  2⤵
  PID:9712
- C:\Windows\System32\scEKfVD.exe
  C:\Windows\System32\scEKfVD.exe
  2⤵
  PID:9728
- C:\Windows\System32\ukcFQsI.exe
  C:\Windows\System32\ukcFQsI.exe
  2⤵
  PID:9744
- C:\Windows\System32\aCSaabA.exe
  C:\Windows\System32\aCSaabA.exe
  2⤵
  PID:9772
- C:\Windows\System32\xODSSZa.exe
  C:\Windows\System32\xODSSZa.exe
  2⤵
  PID:9796
- C:\Windows\System32\FWwLrYi.exe
  C:\Windows\System32\FWwLrYi.exe
  2⤵
  PID:9820
- C:\Windows\System32\XhvTqqP.exe
  C:\Windows\System32\XhvTqqP.exe
  2⤵
  PID:9836
- C:\Windows\System32\ZNOGWYX.exe
  C:\Windows\System32\ZNOGWYX.exe
  2⤵
  PID:9892
- C:\Windows\System32\swqKsqs.exe
  C:\Windows\System32\swqKsqs.exe
  2⤵
  PID:9956
- C:\Windows\System32\ayPCdFe.exe
  C:\Windows\System32\ayPCdFe.exe
  2⤵
  PID:9984
- C:\Windows\System32\uRZRase.exe
  C:\Windows\System32\uRZRase.exe
  2⤵
  PID:10012
- C:\Windows\System32\Tevlcue.exe
  C:\Windows\System32\Tevlcue.exe
  2⤵
  PID:10052
- C:\Windows\System32\zdAMJHk.exe
  C:\Windows\System32\zdAMJHk.exe
  2⤵
  PID:10076
- C:\Windows\System32\BMTfryv.exe
  C:\Windows\System32\BMTfryv.exe
  2⤵
  PID:10096
- C:\Windows\System32\VWwZJJL.exe
  C:\Windows\System32\VWwZJJL.exe
  2⤵
  PID:10112
- C:\Windows\System32\ratYoQB.exe
  C:\Windows\System32\ratYoQB.exe
  2⤵
  PID:10128
- C:\Windows\System32\inVKmyN.exe
  C:\Windows\System32\inVKmyN.exe
  2⤵
  PID:10160
- C:\Windows\System32\OuxwVhk.exe
  C:\Windows\System32\OuxwVhk.exe
  2⤵
  PID:10212
- C:\Windows\System32\BcIrVWO.exe
  C:\Windows\System32\BcIrVWO.exe
  2⤵
  PID:9232
- C:\Windows\System32\hEeoJqg.exe
  C:\Windows\System32\hEeoJqg.exe
  2⤵
  PID:9256
- C:\Windows\System32\NBOSmoI.exe
  C:\Windows\System32\NBOSmoI.exe
  2⤵
  PID:9300
- C:\Windows\System32\qcIEjTP.exe
  C:\Windows\System32\qcIEjTP.exe
  2⤵
  PID:9456
- C:\Windows\System32\NmFUEaz.exe
  C:\Windows\System32\NmFUEaz.exe
  2⤵
  PID:9420
- C:\Windows\System32\tsaNnfV.exe
  C:\Windows\System32\tsaNnfV.exe
  2⤵
  PID:8716
- C:\Windows\System32\zNwLSnh.exe
  C:\Windows\System32\zNwLSnh.exe
  2⤵
  PID:9660
- C:\Windows\System32\nHVGONX.exe
  C:\Windows\System32\nHVGONX.exe
  2⤵
  PID:8820
- C:\Windows\System32\qacyMxj.exe
  C:\Windows\System32\qacyMxj.exe
  2⤵
  PID:9708
- C:\Windows\System32\ddaFKsS.exe
  C:\Windows\System32\ddaFKsS.exe
  2⤵
  PID:9828
- C:\Windows\System32\ELtSMCm.exe
  C:\Windows\System32\ELtSMCm.exe
  2⤵
  PID:9880
- C:\Windows\System32\xMzMUeG.exe
  C:\Windows\System32\xMzMUeG.exe
  2⤵
  PID:9904
- C:\Windows\System32\VIvooeF.exe
  C:\Windows\System32\VIvooeF.exe
  2⤵
  PID:9996
- C:\Windows\System32\FinRZWP.exe
  C:\Windows\System32\FinRZWP.exe
  2⤵
  PID:10028
- C:\Windows\System32\gSONjdk.exe
  C:\Windows\System32\gSONjdk.exe
  2⤵
  PID:10044
- C:\Windows\System32\jfPqJRw.exe
  C:\Windows\System32\jfPqJRw.exe
  2⤵
  PID:10108
- C:\Windows\System32\baHNqwB.exe
  C:\Windows\System32\baHNqwB.exe
  2⤵
  PID:10180
- C:\Windows\System32\beNHoAx.exe
  C:\Windows\System32\beNHoAx.exe
  2⤵
  PID:10208
- C:\Windows\System32\oCNEPQQ.exe
  C:\Windows\System32\oCNEPQQ.exe
  2⤵
  PID:9296
- C:\Windows\System32\vtHPJJL.exe
  C:\Windows\System32\vtHPJJL.exe
  2⤵
  PID:9320
- C:\Windows\System32\CLWoQnM.exe
  C:\Windows\System32\CLWoQnM.exe
  2⤵
  PID:9736
- C:\Windows\System32\UWPsPqe.exe
  C:\Windows\System32\UWPsPqe.exe
  2⤵
  PID:9832
- C:\Windows\System32\pOviQXw.exe
  C:\Windows\System32\pOviQXw.exe
  2⤵
  PID:10020
- C:\Windows\System32\YZZZgUH.exe
  C:\Windows\System32\YZZZgUH.exe
  2⤵
  PID:9464
- C:\Windows\System32\mEsirIW.exe
  C:\Windows\System32\mEsirIW.exe
  2⤵
  PID:9368
- C:\Windows\System32\iXzarZW.exe
  C:\Windows\System32\iXzarZW.exe
  2⤵
  PID:10220
- C:\Windows\System32\sqXAcUN.exe
  C:\Windows\System32\sqXAcUN.exe
  2⤵
  PID:10248
- C:\Windows\System32\uyotDcK.exe
  C:\Windows\System32\uyotDcK.exe
  2⤵
  PID:10264
- C:\Windows\System32\HFIJfoJ.exe
  C:\Windows\System32\HFIJfoJ.exe
  2⤵
  PID:10308
- C:\Windows\System32\wDiSebD.exe
  C:\Windows\System32\wDiSebD.exe
  2⤵
  PID:10328
- C:\Windows\System32\nKebNQI.exe
  C:\Windows\System32\nKebNQI.exe
  2⤵
  PID:10352
- C:\Windows\System32\cjAkMtp.exe
  C:\Windows\System32\cjAkMtp.exe
  2⤵
  PID:10372
- C:\Windows\System32\FIdxhKl.exe
  C:\Windows\System32\FIdxhKl.exe
  2⤵
  PID:10396
- C:\Windows\System32\jcPRuVg.exe
  C:\Windows\System32\jcPRuVg.exe
  2⤵
  PID:10468
- C:\Windows\System32\knlnxpn.exe
  C:\Windows\System32\knlnxpn.exe
  2⤵
  PID:10492
- C:\Windows\System32\swysDKr.exe
  C:\Windows\System32\swysDKr.exe
  2⤵
  PID:10508
- C:\Windows\System32\bOyxLio.exe
  C:\Windows\System32\bOyxLio.exe
  2⤵
  PID:10528
- C:\Windows\System32\PhEoTOB.exe
  C:\Windows\System32\PhEoTOB.exe
  2⤵
  PID:10552
- C:\Windows\System32\rlCiTIF.exe
  C:\Windows\System32\rlCiTIF.exe
  2⤵
  PID:10600
- C:\Windows\System32\LmZWMgj.exe
  C:\Windows\System32\LmZWMgj.exe
  2⤵
  PID:10624
- C:\Windows\System32\gcUFmBQ.exe
  C:\Windows\System32\gcUFmBQ.exe
  2⤵
  PID:10648
- C:\Windows\System32\huSeYli.exe
  C:\Windows\System32\huSeYli.exe
  2⤵
  PID:10676
- C:\Windows\System32\ZGNlOlw.exe
  C:\Windows\System32\ZGNlOlw.exe
  2⤵
  PID:10692
- C:\Windows\System32\XJfCjBQ.exe
  C:\Windows\System32\XJfCjBQ.exe
  2⤵
  PID:10724
- C:\Windows\System32\VLrnWGa.exe
  C:\Windows\System32\VLrnWGa.exe
  2⤵
  PID:10744
- C:\Windows\System32\qIRSkMJ.exe
  C:\Windows\System32\qIRSkMJ.exe
  2⤵
  PID:10788
- C:\Windows\System32\bOXSeHX.exe
  C:\Windows\System32\bOXSeHX.exe
  2⤵
  PID:10820
- C:\Windows\System32\tzPjDfF.exe
  C:\Windows\System32\tzPjDfF.exe
  2⤵
  PID:10844
- C:\Windows\System32\TxjSpTO.exe
  C:\Windows\System32\TxjSpTO.exe
  2⤵
  PID:10860
- C:\Windows\System32\PqgMKPQ.exe
  C:\Windows\System32\PqgMKPQ.exe
  2⤵
  PID:10904
- C:\Windows\System32\JkOTnWv.exe
  C:\Windows\System32\JkOTnWv.exe
  2⤵
  PID:10924
- C:\Windows\System32\SiMQvrT.exe
  C:\Windows\System32\SiMQvrT.exe
  2⤵
  PID:10960
- C:\Windows\System32\mpHCIPp.exe
  C:\Windows\System32\mpHCIPp.exe
  2⤵
  PID:11000
- C:\Windows\System32\BtJLhGO.exe
  C:\Windows\System32\BtJLhGO.exe
  2⤵
  PID:11016
- C:\Windows\System32\hcAajPn.exe
  C:\Windows\System32\hcAajPn.exe
  2⤵
  PID:11036
- C:\Windows\System32\OBwMzUT.exe
  C:\Windows\System32\OBwMzUT.exe
  2⤵
  PID:11056
- C:\Windows\System32\LhJVdsV.exe
  C:\Windows\System32\LhJVdsV.exe
  2⤵
  PID:11084
- C:\Windows\System32\ybHKEjh.exe
  C:\Windows\System32\ybHKEjh.exe
  2⤵
  PID:11108
- C:\Windows\System32\tIQCVLg.exe
  C:\Windows\System32\tIQCVLg.exe
  2⤵
  PID:11152
- C:\Windows\System32\OmLTxAx.exe
  C:\Windows\System32\OmLTxAx.exe
  2⤵
  PID:11212
- C:\Windows\System32\mtMrQqq.exe
  C:\Windows\System32\mtMrQqq.exe
  2⤵
  PID:11256
- C:\Windows\System32\jVTxGyg.exe
  C:\Windows\System32\jVTxGyg.exe
  2⤵
  PID:10168
- C:\Windows\System32\lAuniWn.exe
  C:\Windows\System32\lAuniWn.exe
  2⤵
  PID:10280
- C:\Windows\System32\nxxdlEh.exe
  C:\Windows\System32\nxxdlEh.exe
  2⤵
  PID:10368
- C:\Windows\System32\OzCGnzX.exe
  C:\Windows\System32\OzCGnzX.exe
  2⤵
  PID:10364
- C:\Windows\System32\oLnBkjD.exe
  C:\Windows\System32\oLnBkjD.exe
  2⤵
  PID:9528
- C:\Windows\System32\bIZspQY.exe
  C:\Windows\System32\bIZspQY.exe
  2⤵
  PID:10520
- C:\Windows\System32\tMPwlkX.exe
  C:\Windows\System32\tMPwlkX.exe
  2⤵
  PID:10588
- C:\Windows\System32\TgQtZTV.exe
  C:\Windows\System32\TgQtZTV.exe
  2⤵
  PID:10664
- C:\Windows\System32\TRVQJJA.exe
  C:\Windows\System32\TRVQJJA.exe
  2⤵
  PID:10712
- C:\Windows\System32\OTKLMOv.exe
  C:\Windows\System32\OTKLMOv.exe
  2⤵
  PID:10736
- C:\Windows\System32\NvsotDv.exe
  C:\Windows\System32\NvsotDv.exe
  2⤵
  PID:10832
- C:\Windows\System32\tmjsuIp.exe
  C:\Windows\System32\tmjsuIp.exe
  2⤵
  PID:10872
- C:\Windows\System32\AYYULqH.exe
  C:\Windows\System32\AYYULqH.exe
  2⤵
  PID:10976
- C:\Windows\System32\qGmXQdE.exe
  C:\Windows\System32\qGmXQdE.exe
  2⤵
  PID:11068
- C:\Windows\System32\RinYVPw.exe
  C:\Windows\System32\RinYVPw.exe
  2⤵
  PID:11104
- C:\Windows\System32\NaEliAc.exe
  C:\Windows\System32\NaEliAc.exe
  2⤵
  PID:11204
- C:\Windows\System32\rxsGkDl.exe
  C:\Windows\System32\rxsGkDl.exe
  2⤵
  PID:11232
- C:\Windows\System32\ICdkcNc.exe
  C:\Windows\System32\ICdkcNc.exe
  2⤵
  PID:9900
- C:\Windows\System32\iqrYktM.exe
  C:\Windows\System32\iqrYktM.exe
  2⤵
  PID:10340
- C:\Windows\System32\HcUZESm.exe
  C:\Windows\System32\HcUZESm.exe
  2⤵
  PID:10144
- C:\Windows\System32\KrndjUr.exe
  C:\Windows\System32\KrndjUr.exe
  2⤵
  PID:10540
- C:\Windows\System32\tTTfBJR.exe
  C:\Windows\System32\tTTfBJR.exe
  2⤵
  PID:11008
- C:\Windows\System32\CueovVZ.exe
  C:\Windows\System32\CueovVZ.exe
  2⤵
  PID:11160
- C:\Windows\System32\gsjVtqI.exe
  C:\Windows\System32\gsjVtqI.exe
  2⤵
  PID:11120
- C:\Windows\System32\KuEeyfj.exe
  C:\Windows\System32\KuEeyfj.exe
  2⤵
  PID:10348
- C:\Windows\System32\oOtvSNX.exe
  C:\Windows\System32\oOtvSNX.exe
  2⤵
  PID:10548
- C:\Windows\System32\FkNuDHs.exe
  C:\Windows\System32\FkNuDHs.exe
  2⤵
  PID:11140
- C:\Windows\System32\oBbyFaa.exe
  C:\Windows\System32\oBbyFaa.exe
  2⤵
  PID:11244
- C:\Windows\System32\oSxFDeH.exe
  C:\Windows\System32\oSxFDeH.exe
  2⤵
  PID:11272
- C:\Windows\System32\LDHELSX.exe
  C:\Windows\System32\LDHELSX.exe
  2⤵
  PID:11292
- C:\Windows\System32\CymwepD.exe
  C:\Windows\System32\CymwepD.exe
  2⤵
  PID:11312
- C:\Windows\System32\YDvTLdL.exe
  C:\Windows\System32\YDvTLdL.exe
  2⤵
  PID:11332
- C:\Windows\System32\RgcdtKp.exe
  C:\Windows\System32\RgcdtKp.exe
  2⤵
  PID:11348
- C:\Windows\System32\FCZGpzx.exe
  C:\Windows\System32\FCZGpzx.exe
  2⤵
  PID:11372
- C:\Windows\System32\DTQjMHH.exe
  C:\Windows\System32\DTQjMHH.exe
  2⤵
  PID:11412
- C:\Windows\System32\CxRjwxs.exe
  C:\Windows\System32\CxRjwxs.exe
  2⤵
  PID:11460
- C:\Windows\System32\bHgPLPZ.exe
  C:\Windows\System32\bHgPLPZ.exe
  2⤵
  PID:11496
- C:\Windows\System32\qAWIJyD.exe
  C:\Windows\System32\qAWIJyD.exe
  2⤵
  PID:11512
- C:\Windows\System32\IMYcncs.exe
  C:\Windows\System32\IMYcncs.exe
  2⤵
  PID:11548
- C:\Windows\System32\nJukbBM.exe
  C:\Windows\System32\nJukbBM.exe
  2⤵
  PID:11584
- C:\Windows\System32\wzQxpru.exe
  C:\Windows\System32\wzQxpru.exe
  2⤵
  PID:11604
- C:\Windows\System32\TgHajMc.exe
  C:\Windows\System32\TgHajMc.exe
  2⤵
  PID:11644
- C:\Windows\System32\ZljUBmL.exe
  C:\Windows\System32\ZljUBmL.exe
  2⤵
  PID:11680
- C:\Windows\System32\oAaQSJz.exe
  C:\Windows\System32\oAaQSJz.exe
  2⤵
  PID:11708
- C:\Windows\System32\fbCTtGV.exe
  C:\Windows\System32\fbCTtGV.exe
  2⤵
  PID:11728
- C:\Windows\System32\tKjUqph.exe
  C:\Windows\System32\tKjUqph.exe
  2⤵
  PID:11760
- C:\Windows\System32\CdVhgcN.exe
  C:\Windows\System32\CdVhgcN.exe
  2⤵
  PID:11784
- C:\Windows\System32\aoGImIx.exe
  C:\Windows\System32\aoGImIx.exe
  2⤵
  PID:11804
- C:\Windows\System32\EeZaxFO.exe
  C:\Windows\System32\EeZaxFO.exe
  2⤵
  PID:11828
- C:\Windows\System32\GjobvbC.exe
  C:\Windows\System32\GjobvbC.exe
  2⤵
  PID:11864
- C:\Windows\System32\SULrxwj.exe
  C:\Windows\System32\SULrxwj.exe
  2⤵
  PID:11880
- C:\Windows\System32\TRaNHtW.exe
  C:\Windows\System32\TRaNHtW.exe
  2⤵
  PID:11940
- C:\Windows\System32\frSjrYC.exe
  C:\Windows\System32\frSjrYC.exe
  2⤵
  PID:11960
- C:\Windows\System32\mMsaCww.exe
  C:\Windows\System32\mMsaCww.exe
  2⤵
  PID:11980
- C:\Windows\System32\ubHyssW.exe
  C:\Windows\System32\ubHyssW.exe
  2⤵
  PID:12000
- C:\Windows\System32\HEJthcu.exe
  C:\Windows\System32\HEJthcu.exe
  2⤵
  PID:12040
- C:\Windows\System32\mKHsDNB.exe
  C:\Windows\System32\mKHsDNB.exe
  2⤵
  PID:12072
- C:\Windows\System32\VUqgoqc.exe
  C:\Windows\System32\VUqgoqc.exe
  2⤵
  PID:12092
- C:\Windows\System32\vCfwPQQ.exe
  C:\Windows\System32\vCfwPQQ.exe
  2⤵
  PID:12140
- C:\Windows\System32\meMtyLa.exe
  C:\Windows\System32\meMtyLa.exe
  2⤵
  PID:12176
- C:\Windows\System32\jsCIYal.exe
  C:\Windows\System32\jsCIYal.exe
  2⤵
  PID:12192
- C:\Windows\System32\zykvHYd.exe
  C:\Windows\System32\zykvHYd.exe
  2⤵
  PID:12220
- C:\Windows\System32\ZRzsYAw.exe
  C:\Windows\System32\ZRzsYAw.exe
  2⤵
  PID:12236
- C:\Windows\System32\ZWmpIHw.exe
  C:\Windows\System32\ZWmpIHw.exe
  2⤵
  PID:12280
- C:\Windows\System32\ZZsMupa.exe
  C:\Windows\System32\ZZsMupa.exe
  2⤵
  PID:11304
- C:\Windows\System32\LqbArQm.exe
  C:\Windows\System32\LqbArQm.exe
  2⤵
  PID:11364
- C:\Windows\System32\UVKJYoh.exe
  C:\Windows\System32\UVKJYoh.exe
  2⤵
  PID:11392
- C:\Windows\System32\HGizmtJ.exe
  C:\Windows\System32\HGizmtJ.exe
  2⤵
  PID:11424
- C:\Windows\System32\GGAXjSR.exe
  C:\Windows\System32\GGAXjSR.exe
  2⤵
  PID:11472
- C:\Windows\System32\lIgUqRb.exe
  C:\Windows\System32\lIgUqRb.exe
  2⤵
  PID:11544
- C:\Windows\System32\eURVFHB.exe
  C:\Windows\System32\eURVFHB.exe
  2⤵
  PID:11616
- C:\Windows\System32\GUFGIwD.exe
  C:\Windows\System32\GUFGIwD.exe
  2⤵
  PID:11716
- C:\Windows\System32\WVyqyIL.exe
  C:\Windows\System32\WVyqyIL.exe
  2⤵
  PID:11692
- C:\Windows\System32\YiSQGfv.exe
  C:\Windows\System32\YiSQGfv.exe
  2⤵
  PID:11888
- C:\Windows\System32\fxpWTtv.exe
  C:\Windows\System32\fxpWTtv.exe
  2⤵
  PID:12028
- C:\Windows\System32\uZiolMa.exe
  C:\Windows\System32\uZiolMa.exe
  2⤵
  PID:12056
- C:\Windows\System32\ufRoECR.exe
  C:\Windows\System32\ufRoECR.exe
  2⤵
  PID:12080
- C:\Windows\System32\gokgLvz.exe
  C:\Windows\System32\gokgLvz.exe
  2⤵
  PID:12172
- C:\Windows\System32\rpzSfBD.exe
  C:\Windows\System32\rpzSfBD.exe
  2⤵
  PID:12216
- C:\Windows\System32\jVOqKGM.exe
  C:\Windows\System32\jVOqKGM.exe
  2⤵
  PID:12268
- C:\Windows\System32\dCfSyBx.exe
  C:\Windows\System32\dCfSyBx.exe
  2⤵
  PID:10688
- C:\Windows\System32\TBcUKUW.exe
  C:\Windows\System32\TBcUKUW.exe
  2⤵
  PID:11560
- C:\Windows\System32\OUjeKcM.exe
  C:\Windows\System32\OUjeKcM.exe
  2⤵
  PID:11972
- C:\Windows\System32\mjZqKPl.exe
  C:\Windows\System32\mjZqKPl.exe
  2⤵
  PID:11904
- C:\Windows\System32\nLZJCTN.exe
  C:\Windows\System32\nLZJCTN.exe
  2⤵
  PID:11920
- C:\Windows\System32\COHGuXa.exe
  C:\Windows\System32\COHGuXa.exe
  2⤵
  PID:12052
- C:\Windows\System32\fniubUZ.exe
  C:\Windows\System32\fniubUZ.exe
  2⤵
  PID:12184
- C:\Windows\System32\vMBOpVY.exe
  C:\Windows\System32\vMBOpVY.exe
  2⤵
  PID:10912
- C:\Windows\System32\KxGgPcr.exe
  C:\Windows\System32\KxGgPcr.exe
  2⤵
  PID:11668
- C:\Windows\System32\pqnFclY.exe
  C:\Windows\System32\pqnFclY.exe
  2⤵
  PID:11908
- C:\Windows\System32\iQuSsCB.exe
  C:\Windows\System32\iQuSsCB.exe
  2⤵
  PID:12088
- C:\Windows\System32\tFnzHuc.exe
  C:\Windows\System32\tFnzHuc.exe
  2⤵
  PID:1676
- C:\Windows\System32\IhKOAVS.exe
  C:\Windows\System32\IhKOAVS.exe
  2⤵
  PID:11600
- C:\Windows\System32\Ixgutoh.exe
  C:\Windows\System32\Ixgutoh.exe
  2⤵
  PID:12296
- C:\Windows\System32\FKDfRkN.exe
  C:\Windows\System32\FKDfRkN.exe
  2⤵
  PID:12348
- C:\Windows\System32\bzUsFSB.exe
  C:\Windows\System32\bzUsFSB.exe
  2⤵
  PID:12368
- C:\Windows\System32\bUPInZv.exe
  C:\Windows\System32\bUPInZv.exe
  2⤵
  PID:12412
- C:\Windows\System32\PhoSWYL.exe
  C:\Windows\System32\PhoSWYL.exe
  2⤵
  PID:12448
- C:\Windows\System32\jEzwGgB.exe
  C:\Windows\System32\jEzwGgB.exe
  2⤵
  PID:12472
- C:\Windows\System32\pVDnnmx.exe
  C:\Windows\System32\pVDnnmx.exe
  2⤵
  PID:12496
- C:\Windows\System32\SDdKsTb.exe
  C:\Windows\System32\SDdKsTb.exe
  2⤵
  PID:12520
- C:\Windows\System32\RkYTPye.exe
  C:\Windows\System32\RkYTPye.exe
  2⤵
  PID:12540
- C:\Windows\System32\vozGFcf.exe
  C:\Windows\System32\vozGFcf.exe
  2⤵
  PID:12560
- C:\Windows\System32\wWMOiwr.exe
  C:\Windows\System32\wWMOiwr.exe
  2⤵
  PID:12612
- C:\Windows\System32\ujuUFgX.exe
  C:\Windows\System32\ujuUFgX.exe
  2⤵
  PID:12652
- C:\Windows\System32\WPosHGR.exe
  C:\Windows\System32\WPosHGR.exe
  2⤵
  PID:12668
- C:\Windows\System32\kWLtoBW.exe
  C:\Windows\System32\kWLtoBW.exe
  2⤵
  PID:12720
- C:\Windows\System32\TjBEqmF.exe
  C:\Windows\System32\TjBEqmF.exe
  2⤵
  PID:12776
- C:\Windows\System32\lUVmHty.exe
  C:\Windows\System32\lUVmHty.exe
  2⤵
  PID:12848
- C:\Windows\System32\SYWjAOp.exe
  C:\Windows\System32\SYWjAOp.exe
  2⤵
  PID:12864
- C:\Windows\System32\PVCtDBz.exe
  C:\Windows\System32\PVCtDBz.exe
  2⤵
  PID:12884
- C:\Windows\System32\YTrYrqs.exe
  C:\Windows\System32\YTrYrqs.exe
  2⤵
  PID:12900
- C:\Windows\System32\TKiiZrL.exe
  C:\Windows\System32\TKiiZrL.exe
  2⤵
  PID:12916
- C:\Windows\System32\gZgqlAT.exe
  C:\Windows\System32\gZgqlAT.exe
  2⤵
  PID:12932
- C:\Windows\System32\kbFLWqx.exe
  C:\Windows\System32\kbFLWqx.exe
  2⤵
  PID:12952
- C:\Windows\System32\JCdgFhc.exe
  C:\Windows\System32\JCdgFhc.exe
  2⤵
  PID:13016
- C:\Windows\System32\yPjTpoa.exe
  C:\Windows\System32\yPjTpoa.exe
  2⤵
  PID:13060
- C:\Windows\System32\QGPpoiw.exe
  C:\Windows\System32\QGPpoiw.exe
  2⤵
  PID:13084
- C:\Windows\System32\FFahOsi.exe
  C:\Windows\System32\FFahOsi.exe
  2⤵
  PID:13112
- C:\Windows\System32\cdAXoBY.exe
  C:\Windows\System32\cdAXoBY.exe
  2⤵
  PID:13140
- C:\Windows\System32\keCvoDj.exe
  C:\Windows\System32\keCvoDj.exe
  2⤵
  PID:13160
- C:\Windows\System32\YgvLYjm.exe
  C:\Windows\System32\YgvLYjm.exe
  2⤵
  PID:13196
- C:\Windows\System32\BJjgmzw.exe
  C:\Windows\System32\BJjgmzw.exe
  2⤵
  PID:13212
- C:\Windows\System32\szkvSYQ.exe
  C:\Windows\System32\szkvSYQ.exe
  2⤵
  PID:13236
- C:\Windows\System32\XFlvVcq.exe
  C:\Windows\System32\XFlvVcq.exe
  2⤵
  PID:13252
- C:\Windows\System32\NhjbkwN.exe
  C:\Windows\System32\NhjbkwN.exe
  2⤵
  PID:13276
- C:\Windows\System32\znGKECt.exe
  C:\Windows\System32\znGKECt.exe
  2⤵
  PID:13300
- C:\Windows\System32\LpKhwoG.exe
  C:\Windows\System32\LpKhwoG.exe
  2⤵
  PID:11488
- C:\Windows\System32\fgGayMD.exe
  C:\Windows\System32\fgGayMD.exe
  2⤵
  PID:12316
- C:\Windows\System32\MgXzMpr.exe
  C:\Windows\System32\MgXzMpr.exe
  2⤵
  PID:12460
- C:\Windows\System32\KnqAGfw.exe
  C:\Windows\System32\KnqAGfw.exe
  2⤵
  PID:12580
- C:\Windows\System32\JsbpKdh.exe
  C:\Windows\System32\JsbpKdh.exe
  2⤵
  PID:12608
- C:\Windows\System32\LFYPLnU.exe
  C:\Windows\System32\LFYPLnU.exe
  2⤵
  PID:4496
- C:\Windows\System32\sLSDhiL.exe
  C:\Windows\System32\sLSDhiL.exe
  2⤵
  PID:12728
- C:\Windows\System32\iwMzEQF.exe
  C:\Windows\System32\iwMzEQF.exe
  2⤵
  PID:12788
- C:\Windows\System32\dPfSTJY.exe
  C:\Windows\System32\dPfSTJY.exe
  2⤵
  PID:12736
- C:\Windows\System32\OqgXFWN.exe
  C:\Windows\System32\OqgXFWN.exe
  2⤵
  PID:12784
- C:\Windows\System32\kFLmFBN.exe
  C:\Windows\System32\kFLmFBN.exe
  2⤵
  PID:12880
- C:\Windows\System32\OZcGAAm.exe
  C:\Windows\System32\OZcGAAm.exe
  2⤵
  PID:12924
- C:\Windows\System32\WJIlMrw.exe
  C:\Windows\System32\WJIlMrw.exe
  2⤵
  PID:12996
- C:\Windows\System32\rGeWWkt.exe
  C:\Windows\System32\rGeWWkt.exe
  2⤵
  PID:13092
- C:\Windows\System32\LTEwVNp.exe
  C:\Windows\System32\LTEwVNp.exe
  2⤵
  PID:13128
- C:\Windows\System32\DDCVCdQ.exe
  C:\Windows\System32\DDCVCdQ.exe
  2⤵
  PID:13188
- C:\Windows\System32\JLudBkL.exe
  C:\Windows\System32\JLudBkL.exe
  2⤵
  PID:13224
- C:\Windows\System32\cyjZTHi.exe
  C:\Windows\System32\cyjZTHi.exe
  2⤵
  PID:12260
- C:\Windows\System32\UtKxEot.exe
  C:\Windows\System32\UtKxEot.exe
  2⤵
  PID:12304
- C:\Windows\System32\KEOqiIP.exe
  C:\Windows\System32\KEOqiIP.exe
  2⤵
  PID:12364
- C:\Windows\System32\biywBOx.exe
  C:\Windows\System32\biywBOx.exe
  2⤵
  PID:12648
- C:\Windows\System32\HbiembO.exe
  C:\Windows\System32\HbiembO.exe
  2⤵
  PID:12708
- C:\Windows\System32\sfRMBha.exe
  C:\Windows\System32\sfRMBha.exe
  2⤵
  PID:12768
- C:\Windows\System32\zYtujQa.exe
  C:\Windows\System32\zYtujQa.exe
  2⤵
  PID:12992
- C:\Windows\System32\uydCwZT.exe
  C:\Windows\System32\uydCwZT.exe
  2⤵
  PID:13076
- C:\Windows\System32\xGypDAQ.exe
  C:\Windows\System32\xGypDAQ.exe
  2⤵
  PID:13176
- C:\Windows\System32\BOwtLvX.exe
  C:\Windows\System32\BOwtLvX.exe
  2⤵
  PID:13244
- C:\Windows\System32\IWBitGR.exe
  C:\Windows\System32\IWBitGR.exe
  2⤵
  PID:11800
- C:\Windows\System32\puepzgz.exe
  C:\Windows\System32\puepzgz.exe
  2⤵
  PID:12908
- C:\Windows\System32\LozPdhq.exe
  C:\Windows\System32\LozPdhq.exe
  2⤵
  PID:13292
- C:\Windows\System32\ISkUJzj.exe
  C:\Windows\System32\ISkUJzj.exe
  2⤵
  PID:13228
- C:\Windows\System32\fnREBlM.exe
  C:\Windows\System32\fnREBlM.exe
  2⤵
  PID:13152
- C:\Windows\System32\CdTwKXf.exe
  C:\Windows\System32\CdTwKXf.exe
  2⤵
  PID:13344
- C:\Windows\System32\dagGHUU.exe
  C:\Windows\System32\dagGHUU.exe
  2⤵
  PID:13396
- C:\Windows\System32\XxSMPza.exe
  C:\Windows\System32\XxSMPza.exe
  2⤵
  PID:13412
- C:\Windows\System32\rPDFniW.exe
  C:\Windows\System32\rPDFniW.exe
  2⤵
  PID:13432
- C:\Windows\System32\zzmbjCE.exe
  C:\Windows\System32\zzmbjCE.exe
  2⤵
  PID:13460
- C:\Windows\System32\sutyjBn.exe
  C:\Windows\System32\sutyjBn.exe
  2⤵
  PID:13484
- C:\Windows\System32\EFdyArR.exe
  C:\Windows\System32\EFdyArR.exe
  2⤵
  PID:13500
- C:\Windows\System32\EkMVvOf.exe
  C:\Windows\System32\EkMVvOf.exe
  2⤵
  PID:13520
- C:\Windows\System32\tKvsrAK.exe
  C:\Windows\System32\tKvsrAK.exe
  2⤵
  PID:13552
- C:\Windows\System32\YGtXXsX.exe
  C:\Windows\System32\YGtXXsX.exe
  2⤵
  PID:13596
- C:\Windows\System32\XmEHMlr.exe
  C:\Windows\System32\XmEHMlr.exe
  2⤵
  PID:13624
- C:\Windows\System32\nBoFCDG.exe
  C:\Windows\System32\nBoFCDG.exe
  2⤵
  PID:13640
- C:\Windows\System32\QjryYGv.exe
  C:\Windows\System32\QjryYGv.exe
  2⤵
  PID:13672
- C:\Windows\System32\sVEqGGJ.exe
  C:\Windows\System32\sVEqGGJ.exe
  2⤵
  PID:13696
- C:\Windows\System32\TQyQJuB.exe
  C:\Windows\System32\TQyQJuB.exe
  2⤵
  PID:13724
- C:\Windows\System32\DKrmuRH.exe
  C:\Windows\System32\DKrmuRH.exe
  2⤵
  PID:13740

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AwbMoIy.exe

Filesize
1.7MB

MD5
1a5cae0143bb4dbe71aa615582497187

SHA1
4f18f3c55bb36a8a63e1313b220d5feb480471cc

SHA256
ff7f077ad3b3fc2b045e8a6470603bc404d748c55a65ca5053c75b7364cea43e

SHA512
b4a2f8297d8081eb6f8456a5f43b25dc580a8b14e2e3e2072fdfb4bba51b043eeb1583f207887fbf53cf6bc51cb83ec0854c284095d9f37cc01aa62d0bd4a321

Download Submit
C:\Windows\System32\BwYkasj.exe

Filesize
1.7MB

MD5
e236c798a0b56ec2546e16a512e5b816

SHA1
e15eab36e2c8b00f3e74c012dab480fb3432d361

SHA256
24ec7352f2b6ec0ba8f8b96b5c532bad4d3c7ba6ba685d5690d1155b582d4304

SHA512
b2d956568029d562eea7cac6cdac502be6161be8db566aa36edc14cb7aa90937d92b708b690d7c72086f9a99c2ecd6d44aad251773333b2d1168a659b7d2f737

Download Submit
C:\Windows\System32\HxFAiXS.exe

Filesize
1.7MB

MD5
21d8cacb3e2c6cf2c31d033b528e77e3

SHA1
9759b3440064c8e44d2289b2c361831cba9c0a92

SHA256
bf798a94cd4553d43bfe88e3168d1776f380ae72a5d825ed114481e7ac2f988c

SHA512
c2e02d8914015ce3e75aaf1b7a4aeddcaff7ffb0c0b1a76af55d64da680dbd544b5464a32953117123abe2747c06dd06908abae0c9ca6fb471e42d595d93616a

Download Submit
C:\Windows\System32\QIBoWep.exe

Filesize
1.7MB

MD5
448d3945f4506ef2c7072395b4948200

SHA1
b95905092c9db928a510fd3ae8e800d691de407c

SHA256
10c2726dd02645fd167249b8857f42a826555a3af7bbfd1dfa90295aec939b53

SHA512
1859f4c59cd9e3708d9e36ed6ea02946774fc49fca2c54cce72fa242ee4aa786bdef7803685d165500fa882a94a18704aa901d348c3c62d7a306b2940d18e4b8

Download Submit
C:\Windows\System32\QKENcna.exe

Filesize
1.7MB

MD5
a95d4b08e67e34810f88b68bb91496f8

SHA1
e8dd06a223b7702b82710c84a178bd43e59c2026

SHA256
53e3655f0e0d0f51bc047944b5c6a783642030a773c268db5ab703782dc590e2

SHA512
82386aef68a03a040a03b98d10c7d4e2f4056b611cdb672ace75fc18c5426caa87acdd4b4155bea9d5a8b672f4282c43b5204fb98fa154e92137eff19d7d3c20

Download Submit
C:\Windows\System32\QPMuPTc.exe

Filesize
1.7MB

MD5
679ac71606fa3dfc8ea047ca46eb88a7

SHA1
aa9d51c975cd78599b5c3ec9f0f99c0605849fce

SHA256
ed3d98894c6b5517870f7bc27edc31abe50c01151369007ec9ca3f5e3c5cc4bc

SHA512
bcba1b6c4b47b077bfddae35e0531f1a04f476be897429c7083af6910107779f61347cc0f4d366f59534c0379765d9f9149413523c21214e42b9f4b317f6994f

Download Submit
C:\Windows\System32\TKdaeuf.exe

Filesize
1.7MB

MD5
e9b6255eb00df8e9b6f792786f3e7c8e

SHA1
8e61ebd20e562889df659edec904863438a03be2

SHA256
9e942067341fc07d0377b3b50ffdabcd79c9ff277c4ddae415f480fa497d4bdb

SHA512
494a8922dece981f7424bdcf3c4fd07e5a327371956e8683d62712b377883d7bbf9831de0fa2b4b383aedc9ee5bb89d7f2739ad225b1e4ad577530cc066c6c76

Download Submit
C:\Windows\System32\TSDRMff.exe

Filesize
1.7MB

MD5
e0e375bdd5b372e746236bd01e155f49

SHA1
e8618ad4de0fdb987e7732a2a21aa28238181878

SHA256
be881932b904c3176ed9517c26e15de6ca95543eb00621dc70d0b9e979e39050

SHA512
ddc678ebc6b31e0bf1333796a863e4e37873a8d7dbb8d0587f7ca19268edc8f5ad9944b4f5e931a492a383a494bac4e0868ac97cc8af9136c3c30678069c9eaf

Download Submit
C:\Windows\System32\VnRDZha.exe

Filesize
1.7MB

MD5
987d43c15e3447ea38232d6582edee51

SHA1
556035d5a53d5f0360f9fe27589a017c0accbe30

SHA256
b373ee40ac416086f8bae8bbae42d87d745290d7a9924aee450bcfbe4b025126

SHA512
4adc931de1a897f2a4f47db4ab964e7536e2f847f20ba05d51459d177bea642aca05775ddd0a0420c5688dbb2c9b08c66c3237c26f147009deb803b5556eaff6

Download Submit
C:\Windows\System32\WTkvwZL.exe

Filesize
1.7MB

MD5
4c582a16e2a09ca6902f633855573d5c

SHA1
4596e500c5e313f0457af7087bbdc6c82607b3ff

SHA256
538bbda7525ece66c1f94a824f328560a938c08dc6af3eee6f4583ad432c6405

SHA512
7c46dd448824f049f939a338798dcc93731574b224a76c7bee2a8cce0a6ed6860882cd297dc3de76e1243fd9c70b26aa3fd0fdcfa7cd194b83eff7a52f830f9e

Download Submit
C:\Windows\System32\XQZVVEh.exe

Filesize
1.7MB

MD5
b4099e65665c7a09e8e40856cbd1315f

SHA1
5d57617e0bdd4c68e85a341e74ceb4526af1ff65

SHA256
f64d80ca24de93e392207cef8f53ff4453f086e1b8838e78451bdfae96067609

SHA512
904d3e9faeee1e30577591ef2f7652037c340656010e7ed94c45d72bbcfef8d984bd7ac54dcbfd14d5f0fca46e00e14ad0e44476765046a13a84bf1ccbbed91e

Download Submit
C:\Windows\System32\XcGhuOw.exe

Filesize
1.7MB

MD5
0349d11fbee4227b584b287313696bb2

SHA1
a29b3341bf467a1fbf09f2200677431498b9a882

SHA256
95988c701b52e8d91b5239e233ce467ff20ace48643b39f1814272a6ff9ef7ec

SHA512
55feced8800d8546d1587380d854382770317c831b161da63a36c4cb1972d82714235c4eca393d2a6d78efc9127b1c05a2b54ce3c63aec82b10c860d913de26e

Download Submit
C:\Windows\System32\ZQUsziH.exe

Filesize
1.7MB

MD5
3c831007b2a8dfb5c6dadf5415888be6

SHA1
dedfa104ff099b14424dff261b45ac648677d3b7

SHA256
04f75f3d8f8295198c39056a6105a1a77367d4e46a402613eae5359f06cada17

SHA512
3ceb011b2889bf6967dab35baac0944617bef748c37f5a0de37e4c6788cde91f16ff79c6fdc826c3af9dd47c9c50087022035ca6db3afa0923d66dd959031d17

Download Submit
C:\Windows\System32\gavSlyZ.exe

Filesize
1.7MB

MD5
973740365db69f58f996b598db742a67

SHA1
f0c96b583ca70126f6f911f8839b7bcd82e86872

SHA256
d5e694803778967833d3445a070ab697d227c383dbe50248d7c0eb153837e3d3

SHA512
571696b48e2a36e52581a428edde29e470ce947cb021e0688a12eb28125f77caafd9fbcda80e466d6090ad81995ac1817f33e8ddf3a95e6eb6445e856234122c

Download Submit
C:\Windows\System32\hoQmMLB.exe

Filesize
1.7MB

MD5
bf70705fc4d4bf9a6df8401fd98739ce

SHA1
ab34092b1958b68e63afc8a5d2d105c56de862ef

SHA256
ab44f2318b22f6498213afe50c2c2462ef29dbb1144fad02f12f0308091dd8d9

SHA512
c1338b74e5f03976fd73f845e5a03cee5881b212847949cf29cbcfa3c351f90f488ce5138239e135ad6904257b2fd43f46fab504c2fca26845770c2e283b2659

Download Submit
C:\Windows\System32\iTIzPez.exe

Filesize
1.7MB

MD5
ce6c39f3759eff93933464e356fd8b35

SHA1
db61ecac54d9a767cf83a24847b12e1c4bcc221d

SHA256
36513ea6e91e4e6eadb70eca069ba0f35187dfc8ad6a8199e4b418654af479e1

SHA512
972a8e6ae324a14c4ac9332d4ebfd75d066013f29e1c170ba01eaae79f7ce109ceb5aba24b84d1051480815d405a37b8cb3e8f4b9491211ed0e01f1c971e8eae

Download Submit
C:\Windows\System32\jKCOGFB.exe

Filesize
1.7MB

MD5
31efea805270ebcc97b2208274b0b663

SHA1
b4e1afe2e00b762a2b6306114c96b0e02df0f77f

SHA256
2de208eac53c79dda41dc481b2fcb53ec87c71c18449230c66a10b51392c269b

SHA512
cd34e3cbd7500ac96386fe82141ff29acc4e898b70e869bd669a648dbaf69f888e1f490ea96aaeac3b478b435ca445a3108722d49e62288b1e19d417b25f6c1f

Download Submit
C:\Windows\System32\nKwymOZ.exe

Filesize
1.7MB

MD5
f192f9a556021b597a0c90f90c7071dc

SHA1
c376409a9fe0a01c9213d639e7d48c05b252b147

SHA256
1d2de68d7a4913954373dee083b7fe3e38f0f96f19d718e49a99109fc868c7a6

SHA512
84fd9bf5cdbb6600e565942666e9b7404259b4a2e6f8759faf54a72f8c9bce58347faeac4f6da50dc6a92febb8945c73b3716c16e69c7e5f606c2bf7ae4a666c

Download Submit
C:\Windows\System32\nifCGLu.exe

Filesize
1.7MB

MD5
5d03ceb265faf3487de2d84489013f4f

SHA1
4ac374b8993a5eb719d9dbbae85063fc4f0d5ef7

SHA256
e1efbb7224bdc1a773329860473fd2e3b4f0b56df82c12292c970db4cf3d187b

SHA512
6fe9bab64fd67ad6cbcbbf3456cd9cab898882af6c24f78461c66b2d97eaee51768a4104f35c080c0ee537712d50142fabc041a1a14c5957de19ce8d1b76fb5e

Download Submit
C:\Windows\System32\pjyObKg.exe

Filesize
1.7MB

MD5
a72a5fd064e71e8dfc2ffe5c91ced505

SHA1
a40600f55bf79f27e7c2a1c4ad8c37fdd206f647

SHA256
fae9488c48754c1414571d722d283d50c10da9694706a30d3b2398841959d6a9

SHA512
2cd63464810877f8221d7a2b88a6deb748d37937cb590e6ef917f6208e48a46da93dde279d2bb9117716ebf641dd6763ab74d751c0f2194d7397359189db3474

Download Submit
C:\Windows\System32\qQxjdqM.exe

Filesize
1.7MB

MD5
e688d89a49fee6010792646d99bcaf64

SHA1
bd08d25e0d38502acba2a0fab951687ccdac9e85

SHA256
05fd9755cd4b46eedc21fa2f58e8ac54822b564278689cb3762d6c3418916327

SHA512
64490d5ed04dbcf32c5d14d56a934c7b5c123c33d190ae5ce800bfc9b9d723c50d9e78cf8378f2faf5500acc27e7f795b440e47abb537861598477b7588cf4b2

Download Submit
C:\Windows\System32\sqPwztM.exe

Filesize
1.7MB

MD5
c89c0ada75208e5cf9d3b93e08064ae4

SHA1
7666958b29a70be4088168263ddb118e051f26c3

SHA256
e387396c6179a15de05908f21532b77b2ceb90b782d2428e8d4a02e1677811f8

SHA512
9a9a2d4fd34ce9d5cdb8d40dca89cdea8e910da5a54385b09fa9423c1388b50f59d9e10be321fc03c2613c4c3796422cf7d4b3647bd0c6bef493b1bfa0a4a52a

Download Submit
C:\Windows\System32\srepXaj.exe

Filesize
1.7MB

MD5
9a5e5cc20740046365b56510542f0630

SHA1
136736ce802d53806df15252855a210ae435b59c

SHA256
bb86542e63574729d158f12e6867b700c0206969bb9502e33ac77b2ddfb8ff58

SHA512
0f549f05bc1740ce0229a5244aa91bf3f21673060a1c89bbf2147b6a0a050edbd96ebf60c1bd710e9ab6764a46e170484b34ba9603a0b77cf5d03ee6265ee08d

Download Submit
C:\Windows\System32\sxkCXtb.exe

Filesize
1.7MB

MD5
775e1479a25cbf0a26b4c49b2973a805

SHA1
c9282441416daebf81c9d94628f23971b26cee9c

SHA256
f7b3456a84506ba1830074add065588983d144a9cfd895944eeed83035892ab8

SHA512
c20560aeb5b58d32c6fbacba49efe9f4f108a7b40605514bebf19e6b2364fc6b0de052ed85f09c17e691bcdf11b9e75f994a6688bdd283540eef0aa945f9c7f5

Download Submit
C:\Windows\System32\tCemWkY.exe

Filesize
1.7MB

MD5
20c918dc917608d4eaf3a5ee74ead87c

SHA1
1a1c003978ce89a43846bba0b960f0e018cb26e6

SHA256
f1a09417c7bd22c3b0dc84e360f77ca3cdc7785f4ccb10576b146bb8db066327

SHA512
c632dcb0e903eb21beaeb124542d416215b754a83ae3d1b168f22eb3964e3f11f7c06c4a8f553d51182a27b573476498a8eee9859fc2140b156ad3ee49251500

Download Submit
C:\Windows\System32\tKwRmVI.exe

Filesize
1.7MB

MD5
33b0723b488429b462b571905c8f6ebb

SHA1
f3f35251ea83feeec3c8a3b49b868236fe796ab1

SHA256
4ec7a7610bfbc274a52f78aca31fcf279f3cbbe24a729a187417f8e0b3f7eb83

SHA512
18ba618b3fabfaa2625d8cd5994ef2a8418af5568dfa99cf4ad53e78474f8b12226752ed9e6635c034a3cfbdd91f26a49428d4579b640efc4bc288345fef3442

Download Submit
C:\Windows\System32\uqBwviX.exe

Filesize
1.7MB

MD5
8a000b438817f4b787e369128e67e788

SHA1
90bd34a4a1261d1811aa5bfb09fe53b2e2021e4f

SHA256
f8d66fad9e5a78e68a22b40d9a13ba971b6398dd55bf0aa9bace55f62f7a1b11

SHA512
3fa55860119978f0b7e36b80025ab9e8e2c088d7898a2623a587ebb4572afbb8ecddb1b1f479ee21e9c58a2bd12db835f69d258fdeea24b1b9b1cd6b974c4d9f

Download Submit
C:\Windows\System32\vbEuFij.exe

Filesize
1.7MB

MD5
6b26063eccf0d6bfe9befb00d678d56a

SHA1
547f8a1e85a28ab8624598e8b79d3ca04706789f

SHA256
609484cd73cc25bc533bc1fe72160fcc05723cd86c6fd301a67f9402655e792b

SHA512
38d15a4d72bc612033d0947563262ce998578c856ee1bbb28a8c5bf2d1343625eb82dfd76455064f27eafb804dc31fa44fd04fe2c0797be582050b46e3a4f336

Download Submit
C:\Windows\System32\wZcQELS.exe

Filesize
1.7MB

MD5
10b3f70172233569615b332ad9af6594

SHA1
0aaf5fc70e7764e71437c54ff42e0ef83ba7d1dd

SHA256
481f494afde4683a774cb354706ea7840e50b03fa978593394b61ae1da78db41

SHA512
d23bf45772618746d117c06063751993b622e5421fc05f2bbdbb22adb62f80b508c369dba447093b05ab25d78b32d874748af654283780c7a404d5fd50451a89

Download Submit
C:\Windows\System32\xImqbxA.exe

Filesize
1.7MB

MD5
fe8710355b8e46c5502b947b86694a89

SHA1
20596d6f2d8a81569c4428f9d6e6251b3d1dd051

SHA256
8335f7171ce27eae4c0c729749d02f40abb879812993ff154319b6f69f3cb0a7

SHA512
a0985d7a0335057e5846ff763b42b934df29d4754606bee03a77d7e2f5db525840c8fd497aa84fbf59d7460128c2b9b7c961a482735444b7f921dd36b290bf06

Download Submit
C:\Windows\System32\ycVMUbl.exe

Filesize
1.7MB

MD5
b810118f1f386fe10a569451de1c4308

SHA1
76b2733b3cc7866fd78fb94635c1c848d7fb266e

SHA256
b7538118d0e8e64470e9f813f5f770623373223b1016da88da0ba71a00570b89

SHA512
0159775e718e54671935b3d90bf947154aa3760ffc34c3efaa67e89db6235c1c05536eba133ea6f0ef9ee9e0fbaa3f545843558b78c13b95a69eab3905ad73a6

Download Submit
C:\Windows\System32\zucvxoP.exe

Filesize
1.7MB

MD5
812ea1c6e84db6cca194687f22fb874b

SHA1
f1473247bb7a294bfe7d7191ad100170c0ff9b9d

SHA256
a262392dc34972fa43f71d92d34a1b4eb31c8394c5bfa704a17efe40de6da8d3

SHA512
4828af929cc389fab182bcc144982fce9b10aa37e4956246d431ebf828900fb904b21ce16b5ecd90c40686f54d4c78b6e48c008741dc01834923f963a5b8e662

Download Submit
memory/544-497-0x00007FF6B9AA0000-0x00007FF6B9E91000-memory.dmp

Filesize
3.9MB

Download
memory/544-2146-0x00007FF6B9AA0000-0x00007FF6B9E91000-memory.dmp

Filesize
3.9MB

Download
memory/676-0-0x00007FF684290000-0x00007FF684681000-memory.dmp

Filesize
3.9MB

Download
memory/676-1071-0x00007FF684290000-0x00007FF684681000-memory.dmp

Filesize
3.9MB

Download
memory/676-1-0x000002CB700C0000-0x000002CB700D0000-memory.dmp

Filesize
64KB

Download
memory/736-53-0x00007FF6FE170000-0x00007FF6FE561000-memory.dmp

Filesize
3.9MB

Download
memory/736-2142-0x00007FF6FE170000-0x00007FF6FE561000-memory.dmp

Filesize
3.9MB

Download
memory/880-2206-0x00007FF6DD030000-0x00007FF6DD421000-memory.dmp

Filesize
3.9MB

Download
memory/880-485-0x00007FF6DD030000-0x00007FF6DD421000-memory.dmp

Filesize
3.9MB

Download
memory/1720-2150-0x00007FF708AB0000-0x00007FF708EA1000-memory.dmp

Filesize
3.9MB

Download
memory/1720-502-0x00007FF708AB0000-0x00007FF708EA1000-memory.dmp

Filesize
3.9MB

Download
memory/1788-466-0x00007FF754E70000-0x00007FF755261000-memory.dmp

Filesize
3.9MB

Download
memory/1788-2152-0x00007FF754E70000-0x00007FF755261000-memory.dmp

Filesize
3.9MB

Download
memory/1980-17-0x00007FF650020000-0x00007FF650411000-memory.dmp

Filesize
3.9MB

Download
memory/1980-1198-0x00007FF650020000-0x00007FF650411000-memory.dmp

Filesize
3.9MB

Download
memory/1980-2134-0x00007FF650020000-0x00007FF650411000-memory.dmp

Filesize
3.9MB

Download
memory/1992-2138-0x00007FF77A930000-0x00007FF77AD21000-memory.dmp

Filesize
3.9MB

Download
memory/1992-1336-0x00007FF77A930000-0x00007FF77AD21000-memory.dmp

Filesize
3.9MB

Download
memory/1992-33-0x00007FF77A930000-0x00007FF77AD21000-memory.dmp

Filesize
3.9MB

Download
memory/2272-469-0x00007FF719000000-0x00007FF7193F1000-memory.dmp

Filesize
3.9MB

Download
memory/2272-2160-0x00007FF719000000-0x00007FF7193F1000-memory.dmp

Filesize
3.9MB

Download
memory/2404-471-0x00007FF6579D0000-0x00007FF657DC1000-memory.dmp

Filesize
3.9MB

Download
memory/2404-2164-0x00007FF6579D0000-0x00007FF657DC1000-memory.dmp

Filesize
3.9MB

Download
memory/2504-2199-0x00007FF633DC0000-0x00007FF6341B1000-memory.dmp

Filesize
3.9MB

Download
memory/2504-475-0x00007FF633DC0000-0x00007FF6341B1000-memory.dmp

Filesize
3.9MB

Download
memory/2548-476-0x00007FF79F630000-0x00007FF79FA21000-memory.dmp

Filesize
3.9MB

Download
memory/2548-2201-0x00007FF79F630000-0x00007FF79FA21000-memory.dmp

Filesize
3.9MB

Download
memory/2628-44-0x00007FF61C230000-0x00007FF61C621000-memory.dmp

Filesize
3.9MB

Download
memory/2628-1436-0x00007FF61C230000-0x00007FF61C621000-memory.dmp

Filesize
3.9MB

Download
memory/2628-2140-0x00007FF61C230000-0x00007FF61C621000-memory.dmp

Filesize
3.9MB

Download
memory/3048-2136-0x00007FF759EC0000-0x00007FF75A2B1000-memory.dmp

Filesize
3.9MB

Download
memory/3048-1334-0x00007FF759EC0000-0x00007FF75A2B1000-memory.dmp

Filesize
3.9MB

Download
memory/3048-28-0x00007FF759EC0000-0x00007FF75A2B1000-memory.dmp

Filesize
3.9MB

Download
memory/3588-2156-0x00007FF7A7BC0000-0x00007FF7A7FB1000-memory.dmp

Filesize
3.9MB

Download
memory/3588-467-0x00007FF7A7BC0000-0x00007FF7A7FB1000-memory.dmp

Filesize
3.9MB

Download
memory/3716-1443-0x00007FF793280000-0x00007FF793671000-memory.dmp

Filesize
3.9MB

Download
memory/3716-465-0x00007FF793280000-0x00007FF793671000-memory.dmp

Filesize
3.9MB

Download
memory/3716-2148-0x00007FF793280000-0x00007FF793671000-memory.dmp

Filesize
3.9MB

Download
memory/3944-470-0x00007FF7EB480000-0x00007FF7EB871000-memory.dmp

Filesize
3.9MB

Download
memory/3944-2162-0x00007FF7EB480000-0x00007FF7EB871000-memory.dmp

Filesize
3.9MB

Download
memory/4284-477-0x00007FF607D80000-0x00007FF608171000-memory.dmp

Filesize
3.9MB

Download
memory/4284-2203-0x00007FF607D80000-0x00007FF608171000-memory.dmp

Filesize
3.9MB

Download
memory/4356-2166-0x00007FF69D4E0000-0x00007FF69D8D1000-memory.dmp

Filesize
3.9MB

Download
memory/4356-472-0x00007FF69D4E0000-0x00007FF69D8D1000-memory.dmp

Filesize
3.9MB

Download
memory/4660-56-0x00007FF74FE70000-0x00007FF750261000-memory.dmp

Filesize
3.9MB

Download
memory/4660-2144-0x00007FF74FE70000-0x00007FF750261000-memory.dmp

Filesize
3.9MB

Download
memory/4700-473-0x00007FF6A6BC0000-0x00007FF6A6FB1000-memory.dmp

Filesize
3.9MB

Download
memory/4828-8-0x00007FF748170000-0x00007FF748561000-memory.dmp

Filesize
3.9MB

Download
memory/4828-1195-0x00007FF748170000-0x00007FF748561000-memory.dmp

Filesize
3.9MB

Download
memory/4828-2114-0x00007FF748170000-0x00007FF748561000-memory.dmp

Filesize
3.9MB

Download
memory/4944-2154-0x00007FF7A1C90000-0x00007FF7A2081000-memory.dmp

Filesize
3.9MB

Download
memory/4944-504-0x00007FF7A1C90000-0x00007FF7A2081000-memory.dmp

Filesize
3.9MB

Download
memory/4968-468-0x00007FF6887F0000-0x00007FF688BE1000-memory.dmp

Filesize
3.9MB

Download
memory/4968-2158-0x00007FF6887F0000-0x00007FF688BE1000-memory.dmp

Filesize
3.9MB

Download
memory/5100-2177-0x00007FF65B4A0000-0x00007FF65B891000-memory.dmp

Filesize
3.9MB

Download
memory/5100-474-0x00007FF65B4A0000-0x00007FF65B891000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads