xmrig | 8fd13beb04d893e9b0a5ceb351a29abd795015b24911888a1510f55b6c7253c8

Analysis

max time kernel
116s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa1bd8e7a1509259b026c618a6404310N.exe
Size

1.4MB
MD5

aa1bd8e7a1509259b026c618a6404310
SHA1

df691629f1be374d2bb6ed395944a396b8b63c1e
SHA256

8fd13beb04d893e9b0a5ceb351a29abd795015b24911888a1510f55b6c7253c8
SHA512

716905712a3ac1b34323b17ec007ebc6c41a8adf934a41bac30ae578c8e647bfc0cfd668cb6bd50b3343c28c89c0ed2e1f692dbb19723fb6fa980e79a9af0b2a
SSDEEP

24576:JanwhSe11QSONCpGJCjETPl+Me7bPMS8Ykgcn/y8OYX82iyRlPV1V4s6jggxwNy3:knw9oUUEEDl+xTMS8Tgw/5v82iyHNEq+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/3920-16-0x00007FF695DB0000-0x00007FF6961A1000-memory.dmp	xmrig
behavioral2/memory/3004-126-0x00007FF6758E0000-0x00007FF675CD1000-memory.dmp	xmrig
behavioral2/memory/3472-155-0x00007FF7E3E10000-0x00007FF7E4201000-memory.dmp	xmrig
behavioral2/memory/1300-148-0x00007FF60A3D0000-0x00007FF60A7C1000-memory.dmp	xmrig
behavioral2/memory/3980-141-0x00007FF61C000000-0x00007FF61C3F1000-memory.dmp	xmrig
behavioral2/memory/1724-134-0x00007FF60FA40000-0x00007FF60FE31000-memory.dmp	xmrig
behavioral2/memory/912-119-0x00007FF64F790000-0x00007FF64FB81000-memory.dmp	xmrig
behavioral2/memory/2460-113-0x00007FF6164F0000-0x00007FF6168E1000-memory.dmp	xmrig
behavioral2/memory/1628-108-0x00007FF662DE0000-0x00007FF6631D1000-memory.dmp	xmrig
behavioral2/memory/3624-104-0x00007FF722CA0000-0x00007FF723091000-memory.dmp	xmrig
behavioral2/memory/4220-103-0x00007FF77E540000-0x00007FF77E931000-memory.dmp	xmrig
behavioral2/memory/1620-97-0x00007FF625BB0000-0x00007FF625FA1000-memory.dmp	xmrig
behavioral2/memory/3576-90-0x00007FF6DBE10000-0x00007FF6DC201000-memory.dmp	xmrig
behavioral2/memory/2352-83-0x00007FF7571A0000-0x00007FF757591000-memory.dmp	xmrig
behavioral2/memory/4592-43-0x00007FF7F57D0000-0x00007FF7F5BC1000-memory.dmp	xmrig
behavioral2/memory/1624-987-0x00007FF6F7EC0000-0x00007FF6F82B1000-memory.dmp	xmrig
behavioral2/memory/2380-1099-0x00007FF789860000-0x00007FF789C51000-memory.dmp	xmrig
behavioral2/memory/2428-1216-0x00007FF7B32A0000-0x00007FF7B3691000-memory.dmp	xmrig
behavioral2/memory/4584-1340-0x00007FF7C0E50000-0x00007FF7C1241000-memory.dmp	xmrig
behavioral2/memory/4456-1460-0x00007FF7A6E20000-0x00007FF7A7211000-memory.dmp	xmrig
behavioral2/memory/4980-1546-0x00007FF7C84E0000-0x00007FF7C88D1000-memory.dmp	xmrig
behavioral2/memory/3988-1670-0x00007FF730870000-0x00007FF730C61000-memory.dmp	xmrig
behavioral2/memory/3036-1769-0x00007FF715780000-0x00007FF715B71000-memory.dmp	xmrig
behavioral2/memory/3656-1863-0x00007FF7F2350000-0x00007FF7F2741000-memory.dmp	xmrig
behavioral2/memory/1580-1974-0x00007FF78D640000-0x00007FF78DA31000-memory.dmp	xmrig
behavioral2/memory/3920-2110-0x00007FF695DB0000-0x00007FF6961A1000-memory.dmp	xmrig
behavioral2/memory/3576-2112-0x00007FF6DBE10000-0x00007FF6DC201000-memory.dmp	xmrig
behavioral2/memory/4592-2116-0x00007FF7F57D0000-0x00007FF7F5BC1000-memory.dmp	xmrig
behavioral2/memory/1620-2115-0x00007FF625BB0000-0x00007FF625FA1000-memory.dmp	xmrig
behavioral2/memory/4220-2118-0x00007FF77E540000-0x00007FF77E931000-memory.dmp	xmrig
behavioral2/memory/1628-2122-0x00007FF662DE0000-0x00007FF6631D1000-memory.dmp	xmrig
behavioral2/memory/2460-2124-0x00007FF6164F0000-0x00007FF6168E1000-memory.dmp	xmrig
behavioral2/memory/3624-2120-0x00007FF722CA0000-0x00007FF723091000-memory.dmp	xmrig
behavioral2/memory/4980-2159-0x00007FF7C84E0000-0x00007FF7C88D1000-memory.dmp	xmrig
behavioral2/memory/3472-2177-0x00007FF7E3E10000-0x00007FF7E4201000-memory.dmp	xmrig
behavioral2/memory/4456-2175-0x00007FF7A6E20000-0x00007FF7A7211000-memory.dmp	xmrig
behavioral2/memory/4584-2174-0x00007FF7C0E50000-0x00007FF7C1241000-memory.dmp	xmrig
behavioral2/memory/2380-2172-0x00007FF789860000-0x00007FF789C51000-memory.dmp	xmrig
behavioral2/memory/912-2168-0x00007FF64F790000-0x00007FF64FB81000-memory.dmp	xmrig
behavioral2/memory/1724-2166-0x00007FF60FA40000-0x00007FF60FE31000-memory.dmp	xmrig
behavioral2/memory/3988-2164-0x00007FF730870000-0x00007FF730C61000-memory.dmp	xmrig
behavioral2/memory/1624-2158-0x00007FF6F7EC0000-0x00007FF6F82B1000-memory.dmp	xmrig
behavioral2/memory/3980-2155-0x00007FF61C000000-0x00007FF61C3F1000-memory.dmp	xmrig
behavioral2/memory/1300-2154-0x00007FF60A3D0000-0x00007FF60A7C1000-memory.dmp	xmrig
behavioral2/memory/2428-2170-0x00007FF7B32A0000-0x00007FF7B3691000-memory.dmp	xmrig
behavioral2/memory/3004-2162-0x00007FF6758E0000-0x00007FF675CD1000-memory.dmp	xmrig
behavioral2/memory/1580-2246-0x00007FF78D640000-0x00007FF78DA31000-memory.dmp	xmrig
behavioral2/memory/3036-2181-0x00007FF715780000-0x00007FF715B71000-memory.dmp	xmrig
behavioral2/memory/3656-2188-0x00007FF7F2350000-0x00007FF7F2741000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3576	GUKmLiB.exe
3920	mWIbVnK.exe
4220	OtQjamO.exe
1620	UAiHjyt.exe
3624	JDLQFwn.exe
4592	xMtGAez.exe
2460	NTdzLDR.exe
1628	bJBYTzp.exe
912	KdTWTPC.exe
3004	eIKvZKe.exe
1724	vwSnAvE.exe
3980	HRVEjWT.exe
1300	dOUAwaH.exe
3472	sntHZUZ.exe
1624	CFgwzGx.exe
2380	GKnCrlK.exe
2428	IWXELcg.exe
4584	CHJySLT.exe
4456	rBjqHRI.exe
4980	vmRZHXa.exe
3988	fEsXuDH.exe
3036	NsxWnrw.exe
3656	KPGvYCH.exe
1580	rkFpvwm.exe
696	UjROfxu.exe
1996	ibUBDQw.exe
1896	OOBWxQM.exe
824	KBXebyA.exe
4520	OQyGEXi.exe
4640	FIainQd.exe
4032	vftVsuP.exe
4188	hgfvZqa.exe
3256	cYmYxZq.exe
3008	DRVdqdm.exe
5116	kFYkjnm.exe
1100	WXdwxVx.exe
2000	YwzRIlm.exe
1568	nYfKUkC.exe
3916	lkjQKRP.exe
4780	fkGYUfy.exe
3548	TYGrFiG.exe
400	UCxbVBV.exe
3660	RNLzKyV.exe
3704	BROXmnQ.exe
3288	jZPguKe.exe
5136	kkBEljV.exe
5172	CwMeDaX.exe
5192	QUZypgi.exe
5220	odbZdNb.exe
5244	YjwyamT.exe
5276	msXbaaI.exe
5308	HxmlndA.exe
5336	NIWzVKg.exe
5360	drHJkXg.exe
5388	cmFRTVk.exe
5416	HdIrjRO.exe
5444	FjfBUFK.exe
5472	vbvhWAE.exe
5524	QqeNBwK.exe
5540	XajYAJh.exe
5568	dxzYjvv.exe
5584	YgzsUjb.exe
5612	NGtylUH.exe
5640	PxfyzPQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2352-0-0x00007FF7571A0000-0x00007FF757591000-memory.dmp	upx
behavioral2/files/0x0009000000023589-6.dat	upx
behavioral2/files/0x000800000002358c-8.dat	upx
behavioral2/memory/3920-16-0x00007FF695DB0000-0x00007FF6961A1000-memory.dmp	upx
behavioral2/files/0x0007000000023593-28.dat	upx
behavioral2/files/0x0007000000023590-30.dat	upx
behavioral2/memory/3624-42-0x00007FF722CA0000-0x00007FF723091000-memory.dmp	upx
behavioral2/files/0x0007000000023594-46.dat	upx
behavioral2/files/0x0007000000023596-52.dat	upx
behavioral2/memory/1724-65-0x00007FF60FA40000-0x00007FF60FE31000-memory.dmp	upx
behavioral2/memory/3980-71-0x00007FF61C000000-0x00007FF61C3F1000-memory.dmp	upx
behavioral2/memory/2380-99-0x00007FF789860000-0x00007FF789C51000-memory.dmp	upx
behavioral2/files/0x000700000002359f-110.dat	upx
behavioral2/memory/3004-126-0x00007FF6758E0000-0x00007FF675CD1000-memory.dmp	upx
behavioral2/files/0x00070000000235a2-140.dat	upx
behavioral2/files/0x00070000000235ae-199.dat	upx
behavioral2/files/0x00070000000235ac-196.dat	upx
behavioral2/files/0x00070000000235ad-194.dat	upx
behavioral2/files/0x00070000000235ab-191.dat	upx
behavioral2/files/0x00070000000235aa-184.dat	upx
behavioral2/files/0x00070000000235a9-179.dat	upx
behavioral2/files/0x00070000000235a8-176.dat	upx
behavioral2/files/0x00070000000235a7-171.dat	upx
behavioral2/files/0x00070000000235a6-166.dat	upx
behavioral2/files/0x00070000000235a5-161.dat	upx
behavioral2/memory/1580-158-0x00007FF78D640000-0x00007FF78DA31000-memory.dmp	upx
behavioral2/memory/3472-155-0x00007FF7E3E10000-0x00007FF7E4201000-memory.dmp	upx
behavioral2/files/0x00070000000235a4-154.dat	upx
behavioral2/memory/3656-151-0x00007FF7F2350000-0x00007FF7F2741000-memory.dmp	upx
behavioral2/memory/1300-148-0x00007FF60A3D0000-0x00007FF60A7C1000-memory.dmp	upx
behavioral2/files/0x00070000000235a3-147.dat	upx
behavioral2/memory/3036-144-0x00007FF715780000-0x00007FF715B71000-memory.dmp	upx
behavioral2/memory/3980-141-0x00007FF61C000000-0x00007FF61C3F1000-memory.dmp	upx
behavioral2/memory/3988-137-0x00007FF730870000-0x00007FF730C61000-memory.dmp	upx
behavioral2/memory/1724-134-0x00007FF60FA40000-0x00007FF60FE31000-memory.dmp	upx
behavioral2/files/0x00070000000235a1-133.dat	upx
behavioral2/memory/4980-130-0x00007FF7C84E0000-0x00007FF7C88D1000-memory.dmp	upx
behavioral2/files/0x00070000000235a0-127.dat	upx
behavioral2/memory/4456-122-0x00007FF7A6E20000-0x00007FF7A7211000-memory.dmp	upx
behavioral2/memory/912-119-0x00007FF64F790000-0x00007FF64FB81000-memory.dmp	upx
behavioral2/memory/4584-114-0x00007FF7C0E50000-0x00007FF7C1241000-memory.dmp	upx
behavioral2/memory/2460-113-0x00007FF6164F0000-0x00007FF6168E1000-memory.dmp	upx
behavioral2/files/0x000700000002359e-112.dat	upx
behavioral2/memory/2428-109-0x00007FF7B32A0000-0x00007FF7B3691000-memory.dmp	upx
behavioral2/memory/1628-108-0x00007FF662DE0000-0x00007FF6631D1000-memory.dmp	upx
behavioral2/files/0x000700000002359d-105.dat	upx
behavioral2/memory/3624-104-0x00007FF722CA0000-0x00007FF723091000-memory.dmp	upx
behavioral2/memory/4220-103-0x00007FF77E540000-0x00007FF77E931000-memory.dmp	upx
behavioral2/memory/1620-97-0x00007FF625BB0000-0x00007FF625FA1000-memory.dmp	upx
behavioral2/files/0x000700000002359c-96.dat	upx
behavioral2/memory/1624-93-0x00007FF6F7EC0000-0x00007FF6F82B1000-memory.dmp	upx
behavioral2/memory/3576-90-0x00007FF6DBE10000-0x00007FF6DC201000-memory.dmp	upx
behavioral2/files/0x000700000002359b-89.dat	upx
behavioral2/memory/3472-86-0x00007FF7E3E10000-0x00007FF7E4201000-memory.dmp	upx
behavioral2/memory/2352-83-0x00007FF7571A0000-0x00007FF757591000-memory.dmp	upx
behavioral2/files/0x000700000002359a-82.dat	upx
behavioral2/memory/1300-79-0x00007FF60A3D0000-0x00007FF60A7C1000-memory.dmp	upx
behavioral2/files/0x0007000000023599-76.dat	upx
behavioral2/files/0x0007000000023598-70.dat	upx
behavioral2/files/0x0007000000023597-64.dat	upx
behavioral2/memory/3004-59-0x00007FF6758E0000-0x00007FF675CD1000-memory.dmp	upx
behavioral2/memory/912-54-0x00007FF64F790000-0x00007FF64FB81000-memory.dmp	upx
behavioral2/memory/2460-51-0x00007FF6164F0000-0x00007FF6168E1000-memory.dmp	upx
behavioral2/memory/1628-48-0x00007FF662DE0000-0x00007FF6631D1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\uiRAijR.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\JRnGLJZ.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\bQzIJkO.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\RZdrfpZ.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\OCEDvrG.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\AqSCWjw.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\RwbeTOV.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\XShUvZe.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\RtXGQZw.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\XxXeLKP.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\GmigmHY.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\UyTGYUc.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\kNwYeQU.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\QpKQVvd.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\UcokDYX.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\nPWIJVf.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\srGkOon.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\qYGJpZd.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\jIccVyh.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\ztRZOKO.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\xRFRfcd.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\qhCRacg.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\eUONKtp.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\DcIsUJI.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\Zadfmff.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\PczXTzO.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\VdIZzUt.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\gHswdOF.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\QHfKYLH.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\zkzmyjy.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\TYGrFiG.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\WGVbMKu.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\uCOSumJ.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\bfTjIeJ.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\pcNqcvX.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\YGErDZN.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\qZlSZui.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\KevZXvO.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\gXjfGIn.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\FtxWCjR.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\kLwFGLN.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\notVpWH.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\ZgzHreu.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\LevdlxI.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\hgfvZqa.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\ucyprPF.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\qHYnlQS.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\FpCHwBQ.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\VysLuOJ.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\idWSzkc.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\AEmhacr.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\WawJEVG.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\dxzYjvv.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\nUBlaRX.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\MLbuuVn.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\IRZzfAh.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\QSHUycN.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\XGDNqep.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\lhWDzDz.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\jUerkLy.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\frARNcW.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\mWIbVnK.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\lbABvJl.exe	aa1bd8e7a1509259b026c618a6404310N.exe
File created	C:\Windows\System32\AtEXiCH.exe	aa1bd8e7a1509259b026c618a6404310N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14116	dwm.exe
Token: SeChangeNotifyPrivilege	14116	dwm.exe
Token: 33	14116	dwm.exe
Token: SeIncBasePriorityPrivilege	14116	dwm.exe
Token: SeShutdownPrivilege	14116	dwm.exe
Token: SeCreatePagefilePrivilege	14116	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 3576	2352	aa1bd8e7a1509259b026c618a6404310N.exe	92
PID 2352 wrote to memory of 3576	2352	aa1bd8e7a1509259b026c618a6404310N.exe	92
PID 2352 wrote to memory of 3920	2352	aa1bd8e7a1509259b026c618a6404310N.exe	93
PID 2352 wrote to memory of 3920	2352	aa1bd8e7a1509259b026c618a6404310N.exe	93
PID 2352 wrote to memory of 4220	2352	aa1bd8e7a1509259b026c618a6404310N.exe	94
PID 2352 wrote to memory of 4220	2352	aa1bd8e7a1509259b026c618a6404310N.exe	94
PID 2352 wrote to memory of 1620	2352	aa1bd8e7a1509259b026c618a6404310N.exe	95
PID 2352 wrote to memory of 1620	2352	aa1bd8e7a1509259b026c618a6404310N.exe	95
PID 2352 wrote to memory of 3624	2352	aa1bd8e7a1509259b026c618a6404310N.exe	96
PID 2352 wrote to memory of 3624	2352	aa1bd8e7a1509259b026c618a6404310N.exe	96
PID 2352 wrote to memory of 4592	2352	aa1bd8e7a1509259b026c618a6404310N.exe	97
PID 2352 wrote to memory of 4592	2352	aa1bd8e7a1509259b026c618a6404310N.exe	97
PID 2352 wrote to memory of 2460	2352	aa1bd8e7a1509259b026c618a6404310N.exe	98
PID 2352 wrote to memory of 2460	2352	aa1bd8e7a1509259b026c618a6404310N.exe	98
PID 2352 wrote to memory of 1628	2352	aa1bd8e7a1509259b026c618a6404310N.exe	99
PID 2352 wrote to memory of 1628	2352	aa1bd8e7a1509259b026c618a6404310N.exe	99
PID 2352 wrote to memory of 912	2352	aa1bd8e7a1509259b026c618a6404310N.exe	100
PID 2352 wrote to memory of 912	2352	aa1bd8e7a1509259b026c618a6404310N.exe	100
PID 2352 wrote to memory of 3004	2352	aa1bd8e7a1509259b026c618a6404310N.exe	101
PID 2352 wrote to memory of 3004	2352	aa1bd8e7a1509259b026c618a6404310N.exe	101
PID 2352 wrote to memory of 1724	2352	aa1bd8e7a1509259b026c618a6404310N.exe	102
PID 2352 wrote to memory of 1724	2352	aa1bd8e7a1509259b026c618a6404310N.exe	102
PID 2352 wrote to memory of 3980	2352	aa1bd8e7a1509259b026c618a6404310N.exe	103
PID 2352 wrote to memory of 3980	2352	aa1bd8e7a1509259b026c618a6404310N.exe	103
PID 2352 wrote to memory of 1300	2352	aa1bd8e7a1509259b026c618a6404310N.exe	104
PID 2352 wrote to memory of 1300	2352	aa1bd8e7a1509259b026c618a6404310N.exe	104
PID 2352 wrote to memory of 3472	2352	aa1bd8e7a1509259b026c618a6404310N.exe	105
PID 2352 wrote to memory of 3472	2352	aa1bd8e7a1509259b026c618a6404310N.exe	105
PID 2352 wrote to memory of 1624	2352	aa1bd8e7a1509259b026c618a6404310N.exe	106
PID 2352 wrote to memory of 1624	2352	aa1bd8e7a1509259b026c618a6404310N.exe	106
PID 2352 wrote to memory of 2380	2352	aa1bd8e7a1509259b026c618a6404310N.exe	107
PID 2352 wrote to memory of 2380	2352	aa1bd8e7a1509259b026c618a6404310N.exe	107
PID 2352 wrote to memory of 2428	2352	aa1bd8e7a1509259b026c618a6404310N.exe	108
PID 2352 wrote to memory of 2428	2352	aa1bd8e7a1509259b026c618a6404310N.exe	108
PID 2352 wrote to memory of 4584	2352	aa1bd8e7a1509259b026c618a6404310N.exe	109
PID 2352 wrote to memory of 4584	2352	aa1bd8e7a1509259b026c618a6404310N.exe	109
PID 2352 wrote to memory of 4456	2352	aa1bd8e7a1509259b026c618a6404310N.exe	110
PID 2352 wrote to memory of 4456	2352	aa1bd8e7a1509259b026c618a6404310N.exe	110
PID 2352 wrote to memory of 4980	2352	aa1bd8e7a1509259b026c618a6404310N.exe	111
PID 2352 wrote to memory of 4980	2352	aa1bd8e7a1509259b026c618a6404310N.exe	111
PID 2352 wrote to memory of 3988	2352	aa1bd8e7a1509259b026c618a6404310N.exe	112
PID 2352 wrote to memory of 3988	2352	aa1bd8e7a1509259b026c618a6404310N.exe	112
PID 2352 wrote to memory of 3036	2352	aa1bd8e7a1509259b026c618a6404310N.exe	113
PID 2352 wrote to memory of 3036	2352	aa1bd8e7a1509259b026c618a6404310N.exe	113
PID 2352 wrote to memory of 3656	2352	aa1bd8e7a1509259b026c618a6404310N.exe	114
PID 2352 wrote to memory of 3656	2352	aa1bd8e7a1509259b026c618a6404310N.exe	114
PID 2352 wrote to memory of 1580	2352	aa1bd8e7a1509259b026c618a6404310N.exe	115
PID 2352 wrote to memory of 1580	2352	aa1bd8e7a1509259b026c618a6404310N.exe	115
PID 2352 wrote to memory of 696	2352	aa1bd8e7a1509259b026c618a6404310N.exe	116
PID 2352 wrote to memory of 696	2352	aa1bd8e7a1509259b026c618a6404310N.exe	116
PID 2352 wrote to memory of 1996	2352	aa1bd8e7a1509259b026c618a6404310N.exe	117
PID 2352 wrote to memory of 1996	2352	aa1bd8e7a1509259b026c618a6404310N.exe	117
PID 2352 wrote to memory of 1896	2352	aa1bd8e7a1509259b026c618a6404310N.exe	118
PID 2352 wrote to memory of 1896	2352	aa1bd8e7a1509259b026c618a6404310N.exe	118
PID 2352 wrote to memory of 824	2352	aa1bd8e7a1509259b026c618a6404310N.exe	119
PID 2352 wrote to memory of 824	2352	aa1bd8e7a1509259b026c618a6404310N.exe	119
PID 2352 wrote to memory of 4520	2352	aa1bd8e7a1509259b026c618a6404310N.exe	120
PID 2352 wrote to memory of 4520	2352	aa1bd8e7a1509259b026c618a6404310N.exe	120
PID 2352 wrote to memory of 4640	2352	aa1bd8e7a1509259b026c618a6404310N.exe	121
PID 2352 wrote to memory of 4640	2352	aa1bd8e7a1509259b026c618a6404310N.exe	121
PID 2352 wrote to memory of 4032	2352	aa1bd8e7a1509259b026c618a6404310N.exe	122
PID 2352 wrote to memory of 4032	2352	aa1bd8e7a1509259b026c618a6404310N.exe	122
PID 2352 wrote to memory of 4188	2352	aa1bd8e7a1509259b026c618a6404310N.exe	123
PID 2352 wrote to memory of 4188	2352	aa1bd8e7a1509259b026c618a6404310N.exe	123

C:\Users\Admin\AppData\Local\Temp\aa1bd8e7a1509259b026c618a6404310N.exe
"C:\Users\Admin\AppData\Local\Temp\aa1bd8e7a1509259b026c618a6404310N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\System32\GUKmLiB.exe
  C:\Windows\System32\GUKmLiB.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\mWIbVnK.exe
  C:\Windows\System32\mWIbVnK.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System32\OtQjamO.exe
  C:\Windows\System32\OtQjamO.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System32\UAiHjyt.exe
  C:\Windows\System32\UAiHjyt.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\JDLQFwn.exe
  C:\Windows\System32\JDLQFwn.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System32\xMtGAez.exe
  C:\Windows\System32\xMtGAez.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System32\NTdzLDR.exe
  C:\Windows\System32\NTdzLDR.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System32\bJBYTzp.exe
  C:\Windows\System32\bJBYTzp.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System32\KdTWTPC.exe
  C:\Windows\System32\KdTWTPC.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System32\eIKvZKe.exe
  C:\Windows\System32\eIKvZKe.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System32\vwSnAvE.exe
  C:\Windows\System32\vwSnAvE.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System32\HRVEjWT.exe
  C:\Windows\System32\HRVEjWT.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System32\dOUAwaH.exe
  C:\Windows\System32\dOUAwaH.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System32\sntHZUZ.exe
  C:\Windows\System32\sntHZUZ.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System32\CFgwzGx.exe
  C:\Windows\System32\CFgwzGx.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System32\GKnCrlK.exe
  C:\Windows\System32\GKnCrlK.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System32\IWXELcg.exe
  C:\Windows\System32\IWXELcg.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System32\CHJySLT.exe
  C:\Windows\System32\CHJySLT.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System32\rBjqHRI.exe
  C:\Windows\System32\rBjqHRI.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System32\vmRZHXa.exe
  C:\Windows\System32\vmRZHXa.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System32\fEsXuDH.exe
  C:\Windows\System32\fEsXuDH.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System32\NsxWnrw.exe
  C:\Windows\System32\NsxWnrw.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System32\KPGvYCH.exe
  C:\Windows\System32\KPGvYCH.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System32\rkFpvwm.exe
  C:\Windows\System32\rkFpvwm.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System32\UjROfxu.exe
  C:\Windows\System32\UjROfxu.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System32\ibUBDQw.exe
  C:\Windows\System32\ibUBDQw.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System32\OOBWxQM.exe
  C:\Windows\System32\OOBWxQM.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System32\KBXebyA.exe
  C:\Windows\System32\KBXebyA.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System32\OQyGEXi.exe
  C:\Windows\System32\OQyGEXi.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System32\FIainQd.exe
  C:\Windows\System32\FIainQd.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System32\vftVsuP.exe
  C:\Windows\System32\vftVsuP.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System32\hgfvZqa.exe
  C:\Windows\System32\hgfvZqa.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System32\cYmYxZq.exe
  C:\Windows\System32\cYmYxZq.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System32\DRVdqdm.exe
  C:\Windows\System32\DRVdqdm.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System32\kFYkjnm.exe
  C:\Windows\System32\kFYkjnm.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System32\WXdwxVx.exe
  C:\Windows\System32\WXdwxVx.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System32\YwzRIlm.exe
  C:\Windows\System32\YwzRIlm.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System32\nYfKUkC.exe
  C:\Windows\System32\nYfKUkC.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System32\lkjQKRP.exe
  C:\Windows\System32\lkjQKRP.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System32\fkGYUfy.exe
  C:\Windows\System32\fkGYUfy.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System32\TYGrFiG.exe
  C:\Windows\System32\TYGrFiG.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System32\UCxbVBV.exe
  C:\Windows\System32\UCxbVBV.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System32\RNLzKyV.exe
  C:\Windows\System32\RNLzKyV.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System32\BROXmnQ.exe
  C:\Windows\System32\BROXmnQ.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System32\jZPguKe.exe
  C:\Windows\System32\jZPguKe.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System32\kkBEljV.exe
  C:\Windows\System32\kkBEljV.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System32\CwMeDaX.exe
  C:\Windows\System32\CwMeDaX.exe
  2⤵
  - Executes dropped EXE
  PID:5172
- C:\Windows\System32\QUZypgi.exe
  C:\Windows\System32\QUZypgi.exe
  2⤵
  - Executes dropped EXE
  PID:5192
- C:\Windows\System32\odbZdNb.exe
  C:\Windows\System32\odbZdNb.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System32\YjwyamT.exe
  C:\Windows\System32\YjwyamT.exe
  2⤵
  - Executes dropped EXE
  PID:5244
- C:\Windows\System32\msXbaaI.exe
  C:\Windows\System32\msXbaaI.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System32\HxmlndA.exe
  C:\Windows\System32\HxmlndA.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System32\NIWzVKg.exe
  C:\Windows\System32\NIWzVKg.exe
  2⤵
  - Executes dropped EXE
  PID:5336
- C:\Windows\System32\drHJkXg.exe
  C:\Windows\System32\drHJkXg.exe
  2⤵
  - Executes dropped EXE
  PID:5360
- C:\Windows\System32\cmFRTVk.exe
  C:\Windows\System32\cmFRTVk.exe
  2⤵
  - Executes dropped EXE
  PID:5388
- C:\Windows\System32\HdIrjRO.exe
  C:\Windows\System32\HdIrjRO.exe
  2⤵
  - Executes dropped EXE
  PID:5416
- C:\Windows\System32\FjfBUFK.exe
  C:\Windows\System32\FjfBUFK.exe
  2⤵
  - Executes dropped EXE
  PID:5444
- C:\Windows\System32\vbvhWAE.exe
  C:\Windows\System32\vbvhWAE.exe
  2⤵
  - Executes dropped EXE
  PID:5472
- C:\Windows\System32\QqeNBwK.exe
  C:\Windows\System32\QqeNBwK.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System32\XajYAJh.exe
  C:\Windows\System32\XajYAJh.exe
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Windows\System32\dxzYjvv.exe
  C:\Windows\System32\dxzYjvv.exe
  2⤵
  - Executes dropped EXE
  PID:5568
- C:\Windows\System32\YgzsUjb.exe
  C:\Windows\System32\YgzsUjb.exe
  2⤵
  - Executes dropped EXE
  PID:5584
- C:\Windows\System32\NGtylUH.exe
  C:\Windows\System32\NGtylUH.exe
  2⤵
  - Executes dropped EXE
  PID:5612
- C:\Windows\System32\PxfyzPQ.exe
  C:\Windows\System32\PxfyzPQ.exe
  2⤵
  - Executes dropped EXE
  PID:5640
- C:\Windows\System32\DcIsUJI.exe
  C:\Windows\System32\DcIsUJI.exe
  2⤵
  PID:5668
- C:\Windows\System32\vwKpGZd.exe
  C:\Windows\System32\vwKpGZd.exe
  2⤵
  PID:5692
- C:\Windows\System32\QyhAykN.exe
  C:\Windows\System32\QyhAykN.exe
  2⤵
  PID:5724
- C:\Windows\System32\YZDGdpJ.exe
  C:\Windows\System32\YZDGdpJ.exe
  2⤵
  PID:5752
- C:\Windows\System32\XxXeLKP.exe
  C:\Windows\System32\XxXeLKP.exe
  2⤵
  PID:5780
- C:\Windows\System32\ucyprPF.exe
  C:\Windows\System32\ucyprPF.exe
  2⤵
  PID:5816
- C:\Windows\System32\kQimyfo.exe
  C:\Windows\System32\kQimyfo.exe
  2⤵
  PID:5836
- C:\Windows\System32\KadVrfs.exe
  C:\Windows\System32\KadVrfs.exe
  2⤵
  PID:5860
- C:\Windows\System32\xqEHOGe.exe
  C:\Windows\System32\xqEHOGe.exe
  2⤵
  PID:5896
- C:\Windows\System32\Zadfmff.exe
  C:\Windows\System32\Zadfmff.exe
  2⤵
  PID:5932
- C:\Windows\System32\VOjActM.exe
  C:\Windows\System32\VOjActM.exe
  2⤵
  PID:5952
- C:\Windows\System32\dFVbyHc.exe
  C:\Windows\System32\dFVbyHc.exe
  2⤵
  PID:5976
- C:\Windows\System32\LQHlRHE.exe
  C:\Windows\System32\LQHlRHE.exe
  2⤵
  PID:6008
- C:\Windows\System32\qHYnlQS.exe
  C:\Windows\System32\qHYnlQS.exe
  2⤵
  PID:6032
- C:\Windows\System32\llbEQcT.exe
  C:\Windows\System32\llbEQcT.exe
  2⤵
  PID:6060
- C:\Windows\System32\EXpgEKJ.exe
  C:\Windows\System32\EXpgEKJ.exe
  2⤵
  PID:6088
- C:\Windows\System32\lbABvJl.exe
  C:\Windows\System32\lbABvJl.exe
  2⤵
  PID:6128
- C:\Windows\System32\KXtjkRD.exe
  C:\Windows\System32\KXtjkRD.exe
  2⤵
  PID:1824
- C:\Windows\System32\WawBPrV.exe
  C:\Windows\System32\WawBPrV.exe
  2⤵
  PID:3076
- C:\Windows\System32\KevZXvO.exe
  C:\Windows\System32\KevZXvO.exe
  2⤵
  PID:776
- C:\Windows\System32\PjZXOvO.exe
  C:\Windows\System32\PjZXOvO.exe
  2⤵
  PID:3984
- C:\Windows\System32\zRJIGuj.exe
  C:\Windows\System32\zRJIGuj.exe
  2⤵
  PID:1028
- C:\Windows\System32\bzHmKuh.exe
  C:\Windows\System32\bzHmKuh.exe
  2⤵
  PID:4516
- C:\Windows\System32\JvfwoTe.exe
  C:\Windows\System32\JvfwoTe.exe
  2⤵
  PID:5180
- C:\Windows\System32\MzuiiOF.exe
  C:\Windows\System32\MzuiiOF.exe
  2⤵
  PID:5260
- C:\Windows\System32\xUpCoRG.exe
  C:\Windows\System32\xUpCoRG.exe
  2⤵
  PID:5284
- C:\Windows\System32\lbJgMiA.exe
  C:\Windows\System32\lbJgMiA.exe
  2⤵
  PID:5344
- C:\Windows\System32\hgKNGuj.exe
  C:\Windows\System32\hgKNGuj.exe
  2⤵
  PID:5424
- C:\Windows\System32\nsryILS.exe
  C:\Windows\System32\nsryILS.exe
  2⤵
  PID:5480
- C:\Windows\System32\hHhOaah.exe
  C:\Windows\System32\hHhOaah.exe
  2⤵
  PID:5560
- C:\Windows\System32\HtbopTP.exe
  C:\Windows\System32\HtbopTP.exe
  2⤵
  PID:5624
- C:\Windows\System32\FpCHwBQ.exe
  C:\Windows\System32\FpCHwBQ.exe
  2⤵
  PID:3804
- C:\Windows\System32\NhYmKev.exe
  C:\Windows\System32\NhYmKev.exe
  2⤵
  PID:5732
- C:\Windows\System32\RtsoUfQ.exe
  C:\Windows\System32\RtsoUfQ.exe
  2⤵
  PID:5788
- C:\Windows\System32\nsTmNsX.exe
  C:\Windows\System32\nsTmNsX.exe
  2⤵
  PID:5868
- C:\Windows\System32\yNarHjy.exe
  C:\Windows\System32\yNarHjy.exe
  2⤵
  PID:5944
- C:\Windows\System32\kCaxaxb.exe
  C:\Windows\System32\kCaxaxb.exe
  2⤵
  PID:1980
- C:\Windows\System32\gQARgzk.exe
  C:\Windows\System32\gQARgzk.exe
  2⤵
  PID:6068
- C:\Windows\System32\eUONKtp.exe
  C:\Windows\System32\eUONKtp.exe
  2⤵
  PID:6136
- C:\Windows\System32\GcPdIqw.exe
  C:\Windows\System32\GcPdIqw.exe
  2⤵
  PID:4156
- C:\Windows\System32\oxBSWtF.exe
  C:\Windows\System32\oxBSWtF.exe
  2⤵
  PID:3832
- C:\Windows\System32\JUXnSPi.exe
  C:\Windows\System32\JUXnSPi.exe
  2⤵
  PID:5200
- C:\Windows\System32\zzcjSoI.exe
  C:\Windows\System32\zzcjSoI.exe
  2⤵
  PID:5288
- C:\Windows\System32\UcokDYX.exe
  C:\Windows\System32\UcokDYX.exe
  2⤵
  PID:6152
- C:\Windows\System32\lBotBzV.exe
  C:\Windows\System32\lBotBzV.exe
  2⤵
  PID:6180
- C:\Windows\System32\AofhXnx.exe
  C:\Windows\System32\AofhXnx.exe
  2⤵
  PID:6208
- C:\Windows\System32\JSatBSy.exe
  C:\Windows\System32\JSatBSy.exe
  2⤵
  PID:6240
- C:\Windows\System32\kAzWOTV.exe
  C:\Windows\System32\kAzWOTV.exe
  2⤵
  PID:6264
- C:\Windows\System32\pwAuOpG.exe
  C:\Windows\System32\pwAuOpG.exe
  2⤵
  PID:6304
- C:\Windows\System32\pVJpGfU.exe
  C:\Windows\System32\pVJpGfU.exe
  2⤵
  PID:6320
- C:\Windows\System32\KjZHXQH.exe
  C:\Windows\System32\KjZHXQH.exe
  2⤵
  PID:6344
- C:\Windows\System32\eHkxDEK.exe
  C:\Windows\System32\eHkxDEK.exe
  2⤵
  PID:6376
- C:\Windows\System32\MnieUHA.exe
  C:\Windows\System32\MnieUHA.exe
  2⤵
  PID:6400
- C:\Windows\System32\mavmfYs.exe
  C:\Windows\System32\mavmfYs.exe
  2⤵
  PID:6432
- C:\Windows\System32\ClNCchh.exe
  C:\Windows\System32\ClNCchh.exe
  2⤵
  PID:6456
- C:\Windows\System32\GXTzmTQ.exe
  C:\Windows\System32\GXTzmTQ.exe
  2⤵
  PID:6484
- C:\Windows\System32\vmegyUX.exe
  C:\Windows\System32\vmegyUX.exe
  2⤵
  PID:6512
- C:\Windows\System32\VsLoiGT.exe
  C:\Windows\System32\VsLoiGT.exe
  2⤵
  PID:6540
- C:\Windows\System32\trCqgGv.exe
  C:\Windows\System32\trCqgGv.exe
  2⤵
  PID:6572
- C:\Windows\System32\sUlVWKL.exe
  C:\Windows\System32\sUlVWKL.exe
  2⤵
  PID:6600
- C:\Windows\System32\mDVBEPS.exe
  C:\Windows\System32\mDVBEPS.exe
  2⤵
  PID:6628
- C:\Windows\System32\puQVOSe.exe
  C:\Windows\System32\puQVOSe.exe
  2⤵
  PID:6652
- C:\Windows\System32\tGSIXzb.exe
  C:\Windows\System32\tGSIXzb.exe
  2⤵
  PID:6680
- C:\Windows\System32\VGVRYkS.exe
  C:\Windows\System32\VGVRYkS.exe
  2⤵
  PID:6708
- C:\Windows\System32\LWZGTky.exe
  C:\Windows\System32\LWZGTky.exe
  2⤵
  PID:6740
- C:\Windows\System32\qSLVWzV.exe
  C:\Windows\System32\qSLVWzV.exe
  2⤵
  PID:6776
- C:\Windows\System32\jwZLBdM.exe
  C:\Windows\System32\jwZLBdM.exe
  2⤵
  PID:6796
- C:\Windows\System32\ENkdASE.exe
  C:\Windows\System32\ENkdASE.exe
  2⤵
  PID:6820
- C:\Windows\System32\qLNiFYs.exe
  C:\Windows\System32\qLNiFYs.exe
  2⤵
  PID:6848
- C:\Windows\System32\lmbLrgp.exe
  C:\Windows\System32\lmbLrgp.exe
  2⤵
  PID:6880
- C:\Windows\System32\mYXhBQu.exe
  C:\Windows\System32\mYXhBQu.exe
  2⤵
  PID:6904
- C:\Windows\System32\eEAGRdA.exe
  C:\Windows\System32\eEAGRdA.exe
  2⤵
  PID:6936
- C:\Windows\System32\HepXFmp.exe
  C:\Windows\System32\HepXFmp.exe
  2⤵
  PID:6964
- C:\Windows\System32\RwbeTOV.exe
  C:\Windows\System32\RwbeTOV.exe
  2⤵
  PID:6992
- C:\Windows\System32\JVXTQdb.exe
  C:\Windows\System32\JVXTQdb.exe
  2⤵
  PID:7016
- C:\Windows\System32\eXEyeFe.exe
  C:\Windows\System32\eXEyeFe.exe
  2⤵
  PID:7048
- C:\Windows\System32\pHVUuvw.exe
  C:\Windows\System32\pHVUuvw.exe
  2⤵
  PID:7076
- C:\Windows\System32\ziErloN.exe
  C:\Windows\System32\ziErloN.exe
  2⤵
  PID:7104
- C:\Windows\System32\PdNjDjQ.exe
  C:\Windows\System32\PdNjDjQ.exe
  2⤵
  PID:7132
- C:\Windows\System32\bUGYhrs.exe
  C:\Windows\System32\bUGYhrs.exe
  2⤵
  PID:7160
- C:\Windows\System32\yjAmVjR.exe
  C:\Windows\System32\yjAmVjR.exe
  2⤵
  PID:5532
- C:\Windows\System32\MLbuuVn.exe
  C:\Windows\System32\MLbuuVn.exe
  2⤵
  PID:5660
- C:\Windows\System32\SzQtqVS.exe
  C:\Windows\System32\SzQtqVS.exe
  2⤵
  PID:5792
- C:\Windows\System32\MBNtnfY.exe
  C:\Windows\System32\MBNtnfY.exe
  2⤵
  PID:5988
- C:\Windows\System32\ECMFkit.exe
  C:\Windows\System32\ECMFkit.exe
  2⤵
  PID:6108
- C:\Windows\System32\bJJZZBY.exe
  C:\Windows\System32\bJJZZBY.exe
  2⤵
  PID:5068
- C:\Windows\System32\ztRZOKO.exe
  C:\Windows\System32\ztRZOKO.exe
  2⤵
  PID:1136
- C:\Windows\System32\xnnNIQG.exe
  C:\Windows\System32\xnnNIQG.exe
  2⤵
  PID:6200
- C:\Windows\System32\UineOVq.exe
  C:\Windows\System32\UineOVq.exe
  2⤵
  PID:6220
- C:\Windows\System32\xRFRfcd.exe
  C:\Windows\System32\xRFRfcd.exe
  2⤵
  PID:6272
- C:\Windows\System32\VysLuOJ.exe
  C:\Windows\System32\VysLuOJ.exe
  2⤵
  PID:6332
- C:\Windows\System32\EVqQaXk.exe
  C:\Windows\System32\EVqQaXk.exe
  2⤵
  PID:6424
- C:\Windows\System32\hxSQnWT.exe
  C:\Windows\System32\hxSQnWT.exe
  2⤵
  PID:6464
- C:\Windows\System32\YsoaXmS.exe
  C:\Windows\System32\YsoaXmS.exe
  2⤵
  PID:6520
- C:\Windows\System32\SOsOTYM.exe
  C:\Windows\System32\SOsOTYM.exe
  2⤵
  PID:6584
- C:\Windows\System32\TUHphPi.exe
  C:\Windows\System32\TUHphPi.exe
  2⤵
  PID:6648
- C:\Windows\System32\AhlMdAq.exe
  C:\Windows\System32\AhlMdAq.exe
  2⤵
  PID:6724
- C:\Windows\System32\oBuceQR.exe
  C:\Windows\System32\oBuceQR.exe
  2⤵
  PID:6772
- C:\Windows\System32\OooKWQQ.exe
  C:\Windows\System32\OooKWQQ.exe
  2⤵
  PID:6828
- C:\Windows\System32\JKDJfiu.exe
  C:\Windows\System32\JKDJfiu.exe
  2⤵
  PID:6900
- C:\Windows\System32\toUIUbD.exe
  C:\Windows\System32\toUIUbD.exe
  2⤵
  PID:720
- C:\Windows\System32\jUBvUbB.exe
  C:\Windows\System32\jUBvUbB.exe
  2⤵
  PID:7024
- C:\Windows\System32\tUmagzC.exe
  C:\Windows\System32\tUmagzC.exe
  2⤵
  PID:7088
- C:\Windows\System32\nbrEUcy.exe
  C:\Windows\System32\nbrEUcy.exe
  2⤵
  PID:7144
- C:\Windows\System32\rIwskFG.exe
  C:\Windows\System32\rIwskFG.exe
  2⤵
  PID:5604
- C:\Windows\System32\DWDkKIT.exe
  C:\Windows\System32\DWDkKIT.exe
  2⤵
  PID:5844
- C:\Windows\System32\hHuBRWZ.exe
  C:\Windows\System32\hHuBRWZ.exe
  2⤵
  PID:4740
- C:\Windows\System32\TKqQWKF.exe
  C:\Windows\System32\TKqQWKF.exe
  2⤵
  PID:572
- C:\Windows\System32\QyWxMSP.exe
  C:\Windows\System32\QyWxMSP.exe
  2⤵
  PID:5020
- C:\Windows\System32\WuoDmHf.exe
  C:\Windows\System32\WuoDmHf.exe
  2⤵
  PID:6408
- C:\Windows\System32\zmcVITj.exe
  C:\Windows\System32\zmcVITj.exe
  2⤵
  PID:3300
- C:\Windows\System32\lxShmVw.exe
  C:\Windows\System32\lxShmVw.exe
  2⤵
  PID:1984
- C:\Windows\System32\dJsagFu.exe
  C:\Windows\System32\dJsagFu.exe
  2⤵
  PID:6804
- C:\Windows\System32\PIUBVea.exe
  C:\Windows\System32\PIUBVea.exe
  2⤵
  PID:6856
- C:\Windows\System32\ffRMEJR.exe
  C:\Windows\System32\ffRMEJR.exe
  2⤵
  PID:6976
- C:\Windows\System32\jbiQAOR.exe
  C:\Windows\System32\jbiQAOR.exe
  2⤵
  PID:7116
- C:\Windows\System32\gXjfGIn.exe
  C:\Windows\System32\gXjfGIn.exe
  2⤵
  PID:7208
- C:\Windows\System32\uDvDHRn.exe
  C:\Windows\System32\uDvDHRn.exe
  2⤵
  PID:7224
- C:\Windows\System32\YbMPClk.exe
  C:\Windows\System32\YbMPClk.exe
  2⤵
  PID:7252
- C:\Windows\System32\yhEprzq.exe
  C:\Windows\System32\yhEprzq.exe
  2⤵
  PID:7292
- C:\Windows\System32\FIMacPv.exe
  C:\Windows\System32\FIMacPv.exe
  2⤵
  PID:7316
- C:\Windows\System32\jKWGZGt.exe
  C:\Windows\System32\jKWGZGt.exe
  2⤵
  PID:7344
- C:\Windows\System32\UGvQODA.exe
  C:\Windows\System32\UGvQODA.exe
  2⤵
  PID:7364
- C:\Windows\System32\hwPRhLL.exe
  C:\Windows\System32\hwPRhLL.exe
  2⤵
  PID:7392
- C:\Windows\System32\AiRnocI.exe
  C:\Windows\System32\AiRnocI.exe
  2⤵
  PID:7420
- C:\Windows\System32\FTRfdxy.exe
  C:\Windows\System32\FTRfdxy.exe
  2⤵
  PID:7444
- C:\Windows\System32\EcAexiy.exe
  C:\Windows\System32\EcAexiy.exe
  2⤵
  PID:7476
- C:\Windows\System32\xdButnI.exe
  C:\Windows\System32\xdButnI.exe
  2⤵
  PID:7504
- C:\Windows\System32\GvnkioS.exe
  C:\Windows\System32\GvnkioS.exe
  2⤵
  PID:7532
- C:\Windows\System32\FtxWCjR.exe
  C:\Windows\System32\FtxWCjR.exe
  2⤵
  PID:7560
- C:\Windows\System32\renIrUr.exe
  C:\Windows\System32\renIrUr.exe
  2⤵
  PID:7584
- C:\Windows\System32\KrNnQzE.exe
  C:\Windows\System32\KrNnQzE.exe
  2⤵
  PID:7612
- C:\Windows\System32\OuSLiUY.exe
  C:\Windows\System32\OuSLiUY.exe
  2⤵
  PID:7644
- C:\Windows\System32\gTYJQmn.exe
  C:\Windows\System32\gTYJQmn.exe
  2⤵
  PID:7672
- C:\Windows\System32\fPdIJNJ.exe
  C:\Windows\System32\fPdIJNJ.exe
  2⤵
  PID:7688
- C:\Windows\System32\nmcKyWE.exe
  C:\Windows\System32\nmcKyWE.exe
  2⤵
  PID:7728
- C:\Windows\System32\IMqHaSd.exe
  C:\Windows\System32\IMqHaSd.exe
  2⤵
  PID:7756
- C:\Windows\System32\SDShnEW.exe
  C:\Windows\System32\SDShnEW.exe
  2⤵
  PID:7784
- C:\Windows\System32\mQRMCAE.exe
  C:\Windows\System32\mQRMCAE.exe
  2⤵
  PID:7808
- C:\Windows\System32\CxAgHjz.exe
  C:\Windows\System32\CxAgHjz.exe
  2⤵
  PID:7840
- C:\Windows\System32\dmEcyCh.exe
  C:\Windows\System32\dmEcyCh.exe
  2⤵
  PID:7864
- C:\Windows\System32\Lrrqndb.exe
  C:\Windows\System32\Lrrqndb.exe
  2⤵
  PID:7896
- C:\Windows\System32\xPoOufm.exe
  C:\Windows\System32\xPoOufm.exe
  2⤵
  PID:7924
- C:\Windows\System32\rlANgls.exe
  C:\Windows\System32\rlANgls.exe
  2⤵
  PID:7948
- C:\Windows\System32\SahDURi.exe
  C:\Windows\System32\SahDURi.exe
  2⤵
  PID:7980
- C:\Windows\System32\PczXTzO.exe
  C:\Windows\System32\PczXTzO.exe
  2⤵
  PID:8004
- C:\Windows\System32\TaRDEMu.exe
  C:\Windows\System32\TaRDEMu.exe
  2⤵
  PID:8036
- C:\Windows\System32\RnHMhYs.exe
  C:\Windows\System32\RnHMhYs.exe
  2⤵
  PID:8064
- C:\Windows\System32\qGlZSYF.exe
  C:\Windows\System32\qGlZSYF.exe
  2⤵
  PID:8092
- C:\Windows\System32\LYGeeZI.exe
  C:\Windows\System32\LYGeeZI.exe
  2⤵
  PID:8128
- C:\Windows\System32\GmigmHY.exe
  C:\Windows\System32\GmigmHY.exe
  2⤵
  PID:8148
- C:\Windows\System32\dLFMDoq.exe
  C:\Windows\System32\dLFMDoq.exe
  2⤵
  PID:8164
- C:\Windows\System32\kbTSDUR.exe
  C:\Windows\System32\kbTSDUR.exe
  2⤵
  PID:5464
- C:\Windows\System32\zjvtuRb.exe
  C:\Windows\System32\zjvtuRb.exe
  2⤵
  PID:6044
- C:\Windows\System32\iMUAnAb.exe
  C:\Windows\System32\iMUAnAb.exe
  2⤵
  PID:6328
- C:\Windows\System32\idWSzkc.exe
  C:\Windows\System32\idWSzkc.exe
  2⤵
  PID:6612
- C:\Windows\System32\MWSfkjb.exe
  C:\Windows\System32\MWSfkjb.exe
  2⤵
  PID:6792
- C:\Windows\System32\tAAhRNq.exe
  C:\Windows\System32\tAAhRNq.exe
  2⤵
  PID:7068
- C:\Windows\System32\BKOAytQ.exe
  C:\Windows\System32\BKOAytQ.exe
  2⤵
  PID:7220
- C:\Windows\System32\hyuNlvM.exe
  C:\Windows\System32\hyuNlvM.exe
  2⤵
  PID:7272
- C:\Windows\System32\fLTmVWr.exe
  C:\Windows\System32\fLTmVWr.exe
  2⤵
  PID:7304
- C:\Windows\System32\cbWmmTj.exe
  C:\Windows\System32\cbWmmTj.exe
  2⤵
  PID:7376
- C:\Windows\System32\btXYaGk.exe
  C:\Windows\System32\btXYaGk.exe
  2⤵
  PID:7404
- C:\Windows\System32\XBwfYJv.exe
  C:\Windows\System32\XBwfYJv.exe
  2⤵
  PID:7468
- C:\Windows\System32\YDHowtL.exe
  C:\Windows\System32\YDHowtL.exe
  2⤵
  PID:7516
- C:\Windows\System32\JaqtCzM.exe
  C:\Windows\System32\JaqtCzM.exe
  2⤵
  PID:7540
- C:\Windows\System32\IRZzfAh.exe
  C:\Windows\System32\IRZzfAh.exe
  2⤵
  PID:7600
- C:\Windows\System32\EENYnMw.exe
  C:\Windows\System32\EENYnMw.exe
  2⤵
  PID:7628
- C:\Windows\System32\qaLNYZO.exe
  C:\Windows\System32\qaLNYZO.exe
  2⤵
  PID:7680
- C:\Windows\System32\HdSjyfJ.exe
  C:\Windows\System32\HdSjyfJ.exe
  2⤵
  PID:7700
- C:\Windows\System32\NCLcTKt.exe
  C:\Windows\System32\NCLcTKt.exe
  2⤵
  PID:7740
- C:\Windows\System32\QjYEtcR.exe
  C:\Windows\System32\QjYEtcR.exe
  2⤵
  PID:7824
- C:\Windows\System32\cjHuRIC.exe
  C:\Windows\System32\cjHuRIC.exe
  2⤵
  PID:7888
- C:\Windows\System32\kzxkCwI.exe
  C:\Windows\System32\kzxkCwI.exe
  2⤵
  PID:7936
- C:\Windows\System32\AGvbZBj.exe
  C:\Windows\System32\AGvbZBj.exe
  2⤵
  PID:8000
- C:\Windows\System32\MrUVdFv.exe
  C:\Windows\System32\MrUVdFv.exe
  2⤵
  PID:8044
- C:\Windows\System32\RZdrfpZ.exe
  C:\Windows\System32\RZdrfpZ.exe
  2⤵
  PID:8136
- C:\Windows\System32\KPdSEsg.exe
  C:\Windows\System32\KPdSEsg.exe
  2⤵
  PID:8176
- C:\Windows\System32\RgcbgEg.exe
  C:\Windows\System32\RgcbgEg.exe
  2⤵
  PID:6256
- C:\Windows\System32\UuQMOee.exe
  C:\Windows\System32\UuQMOee.exe
  2⤵
  PID:6676
- C:\Windows\System32\cvXCzvi.exe
  C:\Windows\System32\cvXCzvi.exe
  2⤵
  PID:2496
- C:\Windows\System32\ODoQQkz.exe
  C:\Windows\System32\ODoQQkz.exe
  2⤵
  PID:7332
- C:\Windows\System32\pzXAtuV.exe
  C:\Windows\System32\pzXAtuV.exe
  2⤵
  PID:7428
- C:\Windows\System32\jjTFQaE.exe
  C:\Windows\System32\jjTFQaE.exe
  2⤵
  PID:3348
- C:\Windows\System32\RpXzcGR.exe
  C:\Windows\System32\RpXzcGR.exe
  2⤵
  PID:7708
- C:\Windows\System32\LoTxrFE.exe
  C:\Windows\System32\LoTxrFE.exe
  2⤵
  PID:7748
- C:\Windows\System32\QlHYHPN.exe
  C:\Windows\System32\QlHYHPN.exe
  2⤵
  PID:7908
- C:\Windows\System32\EYoVlcN.exe
  C:\Windows\System32\EYoVlcN.exe
  2⤵
  PID:8028
- C:\Windows\System32\clDAndn.exe
  C:\Windows\System32\clDAndn.exe
  2⤵
  PID:3476
- C:\Windows\System32\cyjQWWt.exe
  C:\Windows\System32\cyjQWWt.exe
  2⤵
  PID:4792
- C:\Windows\System32\FxFIxqP.exe
  C:\Windows\System32\FxFIxqP.exe
  2⤵
  PID:7384
- C:\Windows\System32\OIHJxZC.exe
  C:\Windows\System32\OIHJxZC.exe
  2⤵
  PID:7572
- C:\Windows\System32\IjFVjdI.exe
  C:\Windows\System32\IjFVjdI.exe
  2⤵
  PID:7972
- C:\Windows\System32\GJuxQBV.exe
  C:\Windows\System32\GJuxQBV.exe
  2⤵
  PID:8208
- C:\Windows\System32\MhbWxWx.exe
  C:\Windows\System32\MhbWxWx.exe
  2⤵
  PID:8236
- C:\Windows\System32\AEmhacr.exe
  C:\Windows\System32\AEmhacr.exe
  2⤵
  PID:8264
- C:\Windows\System32\fpoOeCF.exe
  C:\Windows\System32\fpoOeCF.exe
  2⤵
  PID:8300
- C:\Windows\System32\CCOzOVD.exe
  C:\Windows\System32\CCOzOVD.exe
  2⤵
  PID:8320
- C:\Windows\System32\cQiOyAD.exe
  C:\Windows\System32\cQiOyAD.exe
  2⤵
  PID:8356
- C:\Windows\System32\SVrXLmM.exe
  C:\Windows\System32\SVrXLmM.exe
  2⤵
  PID:8376
- C:\Windows\System32\VRTHYKY.exe
  C:\Windows\System32\VRTHYKY.exe
  2⤵
  PID:8404
- C:\Windows\System32\ISPLalg.exe
  C:\Windows\System32\ISPLalg.exe
  2⤵
  PID:8432
- C:\Windows\System32\cBZeghU.exe
  C:\Windows\System32\cBZeghU.exe
  2⤵
  PID:8460
- C:\Windows\System32\JNoOZyG.exe
  C:\Windows\System32\JNoOZyG.exe
  2⤵
  PID:8488
- C:\Windows\System32\yByKNre.exe
  C:\Windows\System32\yByKNre.exe
  2⤵
  PID:8516
- C:\Windows\System32\KzjdRCq.exe
  C:\Windows\System32\KzjdRCq.exe
  2⤵
  PID:8544
- C:\Windows\System32\ObKFzbW.exe
  C:\Windows\System32\ObKFzbW.exe
  2⤵
  PID:8568
- C:\Windows\System32\QsVYrjf.exe
  C:\Windows\System32\QsVYrjf.exe
  2⤵
  PID:8600
- C:\Windows\System32\JDajrgu.exe
  C:\Windows\System32\JDajrgu.exe
  2⤵
  PID:8624
- C:\Windows\System32\LqmObQi.exe
  C:\Windows\System32\LqmObQi.exe
  2⤵
  PID:8656
- C:\Windows\System32\KJdrKPr.exe
  C:\Windows\System32\KJdrKPr.exe
  2⤵
  PID:8684
- C:\Windows\System32\RolDfCG.exe
  C:\Windows\System32\RolDfCG.exe
  2⤵
  PID:8712
- C:\Windows\System32\qasOiko.exe
  C:\Windows\System32\qasOiko.exe
  2⤵
  PID:8740
- C:\Windows\System32\qhCfDWV.exe
  C:\Windows\System32\qhCfDWV.exe
  2⤵
  PID:8768
- C:\Windows\System32\UyTGYUc.exe
  C:\Windows\System32\UyTGYUc.exe
  2⤵
  PID:8796
- C:\Windows\System32\nBawmGy.exe
  C:\Windows\System32\nBawmGy.exe
  2⤵
  PID:8824
- C:\Windows\System32\OnAymwK.exe
  C:\Windows\System32\OnAymwK.exe
  2⤵
  PID:8848
- C:\Windows\System32\JdXXIqa.exe
  C:\Windows\System32\JdXXIqa.exe
  2⤵
  PID:8888
- C:\Windows\System32\pcPjQdU.exe
  C:\Windows\System32\pcPjQdU.exe
  2⤵
  PID:9028
- C:\Windows\System32\DUiTmaN.exe
  C:\Windows\System32\DUiTmaN.exe
  2⤵
  PID:9092
- C:\Windows\System32\EsOxZHM.exe
  C:\Windows\System32\EsOxZHM.exe
  2⤵
  PID:9112
- C:\Windows\System32\SDvkASY.exe
  C:\Windows\System32\SDvkASY.exe
  2⤵
  PID:9212
- C:\Windows\System32\eEzlWbK.exe
  C:\Windows\System32\eEzlWbK.exe
  2⤵
  PID:4340
- C:\Windows\System32\oeQiROP.exe
  C:\Windows\System32\oeQiROP.exe
  2⤵
  PID:1648
- C:\Windows\System32\BglbyRS.exe
  C:\Windows\System32\BglbyRS.exe
  2⤵
  PID:8196
- C:\Windows\System32\JITeqlh.exe
  C:\Windows\System32\JITeqlh.exe
  2⤵
  PID:8248
- C:\Windows\System32\VaojVQx.exe
  C:\Windows\System32\VaojVQx.exe
  2⤵
  PID:8328
- C:\Windows\System32\czdFmFv.exe
  C:\Windows\System32\czdFmFv.exe
  2⤵
  PID:8388
- C:\Windows\System32\jTBOLlA.exe
  C:\Windows\System32\jTBOLlA.exe
  2⤵
  PID:3872
- C:\Windows\System32\zvHbJkF.exe
  C:\Windows\System32\zvHbJkF.exe
  2⤵
  PID:8608
- C:\Windows\System32\OCEDvrG.exe
  C:\Windows\System32\OCEDvrG.exe
  2⤵
  PID:8632
- C:\Windows\System32\zNcyJLi.exe
  C:\Windows\System32\zNcyJLi.exe
  2⤵
  PID:3684
- C:\Windows\System32\cjqDgyj.exe
  C:\Windows\System32\cjqDgyj.exe
  2⤵
  PID:8748
- C:\Windows\System32\UJWbIBX.exe
  C:\Windows\System32\UJWbIBX.exe
  2⤵
  PID:8804
- C:\Windows\System32\VTfBdxt.exe
  C:\Windows\System32\VTfBdxt.exe
  2⤵
  PID:3440
- C:\Windows\System32\hymYasy.exe
  C:\Windows\System32\hymYasy.exe
  2⤵
  PID:4008
- C:\Windows\System32\GFVgSAt.exe
  C:\Windows\System32\GFVgSAt.exe
  2⤵
  PID:1732
- C:\Windows\System32\peTZAyC.exe
  C:\Windows\System32\peTZAyC.exe
  2⤵
  PID:4684
- C:\Windows\System32\ZsSiOLA.exe
  C:\Windows\System32\ZsSiOLA.exe
  2⤵
  PID:3844
- C:\Windows\System32\saUbTTX.exe
  C:\Windows\System32\saUbTTX.exe
  2⤵
  PID:9000
- C:\Windows\System32\gsaHord.exe
  C:\Windows\System32\gsaHord.exe
  2⤵
  PID:8996
- C:\Windows\System32\bnZpitG.exe
  C:\Windows\System32\bnZpitG.exe
  2⤵
  PID:9152
- C:\Windows\System32\AtEXiCH.exe
  C:\Windows\System32\AtEXiCH.exe
  2⤵
  PID:8992
- C:\Windows\System32\wYyWdKJ.exe
  C:\Windows\System32\wYyWdKJ.exe
  2⤵
  PID:9160
- C:\Windows\System32\qMuOHYq.exe
  C:\Windows\System32\qMuOHYq.exe
  2⤵
  PID:9148
- C:\Windows\System32\cVYRyLi.exe
  C:\Windows\System32\cVYRyLi.exe
  2⤵
  PID:7636
- C:\Windows\System32\QSHUycN.exe
  C:\Windows\System32\QSHUycN.exe
  2⤵
  PID:8452
- C:\Windows\System32\BzdCcEW.exe
  C:\Windows\System32\BzdCcEW.exe
  2⤵
  PID:4896
- C:\Windows\System32\pEzZtaV.exe
  C:\Windows\System32\pEzZtaV.exe
  2⤵
  PID:8948
- C:\Windows\System32\craaAXv.exe
  C:\Windows\System32\craaAXv.exe
  2⤵
  PID:8556
- C:\Windows\System32\JcwOniD.exe
  C:\Windows\System32\JcwOniD.exe
  2⤵
  PID:8720
- C:\Windows\System32\flKBCzK.exe
  C:\Windows\System32\flKBCzK.exe
  2⤵
  PID:4016
- C:\Windows\System32\VJTuWoi.exe
  C:\Windows\System32\VJTuWoi.exe
  2⤵
  PID:4176
- C:\Windows\System32\vApxnOL.exe
  C:\Windows\System32\vApxnOL.exe
  2⤵
  PID:9016
- C:\Windows\System32\iUrRFmu.exe
  C:\Windows\System32\iUrRFmu.exe
  2⤵
  PID:9144
- C:\Windows\System32\ksERMFZ.exe
  C:\Windows\System32\ksERMFZ.exe
  2⤵
  PID:9184
- C:\Windows\System32\WJOuQTQ.exe
  C:\Windows\System32\WJOuQTQ.exe
  2⤵
  PID:8276
- C:\Windows\System32\PhNuluB.exe
  C:\Windows\System32\PhNuluB.exe
  2⤵
  PID:8396
- C:\Windows\System32\zgBumXl.exe
  C:\Windows\System32\zgBumXl.exe
  2⤵
  PID:8496
- C:\Windows\System32\RPTHUKc.exe
  C:\Windows\System32\RPTHUKc.exe
  2⤵
  PID:8836
- C:\Windows\System32\ZdxXRwR.exe
  C:\Windows\System32\ZdxXRwR.exe
  2⤵
  PID:8832
- C:\Windows\System32\oIDNagR.exe
  C:\Windows\System32\oIDNagR.exe
  2⤵
  PID:9040
- C:\Windows\System32\sbQIVyj.exe
  C:\Windows\System32\sbQIVyj.exe
  2⤵
  PID:8444
- C:\Windows\System32\VdIZzUt.exe
  C:\Windows\System32\VdIZzUt.exe
  2⤵
  PID:9068
- C:\Windows\System32\UtYOPQw.exe
  C:\Windows\System32\UtYOPQw.exe
  2⤵
  PID:9264
- C:\Windows\System32\fqfGwca.exe
  C:\Windows\System32\fqfGwca.exe
  2⤵
  PID:9284
- C:\Windows\System32\fZLKVZY.exe
  C:\Windows\System32\fZLKVZY.exe
  2⤵
  PID:9308
- C:\Windows\System32\MbYvwNf.exe
  C:\Windows\System32\MbYvwNf.exe
  2⤵
  PID:9344
- C:\Windows\System32\EiRpbrT.exe
  C:\Windows\System32\EiRpbrT.exe
  2⤵
  PID:9364
- C:\Windows\System32\UCSLRkw.exe
  C:\Windows\System32\UCSLRkw.exe
  2⤵
  PID:9392
- C:\Windows\System32\tiVTxDJ.exe
  C:\Windows\System32\tiVTxDJ.exe
  2⤵
  PID:9408
- C:\Windows\System32\SuYtFff.exe
  C:\Windows\System32\SuYtFff.exe
  2⤵
  PID:9428
- C:\Windows\System32\ofeTYof.exe
  C:\Windows\System32\ofeTYof.exe
  2⤵
  PID:9456
- C:\Windows\System32\oEquPgS.exe
  C:\Windows\System32\oEquPgS.exe
  2⤵
  PID:9480
- C:\Windows\System32\SIzseoU.exe
  C:\Windows\System32\SIzseoU.exe
  2⤵
  PID:9500
- C:\Windows\System32\NbveDIn.exe
  C:\Windows\System32\NbveDIn.exe
  2⤵
  PID:9516
- C:\Windows\System32\enNxqHg.exe
  C:\Windows\System32\enNxqHg.exe
  2⤵
  PID:9552
- C:\Windows\System32\EgCTOvt.exe
  C:\Windows\System32\EgCTOvt.exe
  2⤵
  PID:9576
- C:\Windows\System32\FINAzGX.exe
  C:\Windows\System32\FINAzGX.exe
  2⤵
  PID:9612
- C:\Windows\System32\heYubsm.exe
  C:\Windows\System32\heYubsm.exe
  2⤵
  PID:9628
- C:\Windows\System32\jxGpdkd.exe
  C:\Windows\System32\jxGpdkd.exe
  2⤵
  PID:9676
- C:\Windows\System32\gRFmQsd.exe
  C:\Windows\System32\gRFmQsd.exe
  2⤵
  PID:9772
- C:\Windows\System32\ArrzrRt.exe
  C:\Windows\System32\ArrzrRt.exe
  2⤵
  PID:9796
- C:\Windows\System32\zxuptds.exe
  C:\Windows\System32\zxuptds.exe
  2⤵
  PID:9812
- C:\Windows\System32\qGnHhZl.exe
  C:\Windows\System32\qGnHhZl.exe
  2⤵
  PID:9844
- C:\Windows\System32\iMbiYrI.exe
  C:\Windows\System32\iMbiYrI.exe
  2⤵
  PID:9860
- C:\Windows\System32\zJZvnOS.exe
  C:\Windows\System32\zJZvnOS.exe
  2⤵
  PID:9904
- C:\Windows\System32\teTBjYR.exe
  C:\Windows\System32\teTBjYR.exe
  2⤵
  PID:9924
- C:\Windows\System32\mLWHRBj.exe
  C:\Windows\System32\mLWHRBj.exe
  2⤵
  PID:9940
- C:\Windows\System32\gLzENlj.exe
  C:\Windows\System32\gLzENlj.exe
  2⤵
  PID:9956
- C:\Windows\System32\LMPoLrL.exe
  C:\Windows\System32\LMPoLrL.exe
  2⤵
  PID:10004
- C:\Windows\System32\VQrvFtp.exe
  C:\Windows\System32\VQrvFtp.exe
  2⤵
  PID:10048
- C:\Windows\System32\kLwFGLN.exe
  C:\Windows\System32\kLwFGLN.exe
  2⤵
  PID:10100
- C:\Windows\System32\wGpIltw.exe
  C:\Windows\System32\wGpIltw.exe
  2⤵
  PID:10116
- C:\Windows\System32\EJgbgal.exe
  C:\Windows\System32\EJgbgal.exe
  2⤵
  PID:10136
- C:\Windows\System32\vvqNDlA.exe
  C:\Windows\System32\vvqNDlA.exe
  2⤵
  PID:10152
- C:\Windows\System32\pypoGXP.exe
  C:\Windows\System32\pypoGXP.exe
  2⤵
  PID:10176
- C:\Windows\System32\hRFVWyd.exe
  C:\Windows\System32\hRFVWyd.exe
  2⤵
  PID:10216
- C:\Windows\System32\jIccVyh.exe
  C:\Windows\System32\jIccVyh.exe
  2⤵
  PID:10236
- C:\Windows\System32\VkMzcHq.exe
  C:\Windows\System32\VkMzcHq.exe
  2⤵
  PID:9240
- C:\Windows\System32\hLiBikc.exe
  C:\Windows\System32\hLiBikc.exe
  2⤵
  PID:9332
- C:\Windows\System32\YQJRqIr.exe
  C:\Windows\System32\YQJRqIr.exe
  2⤵
  PID:9356
- C:\Windows\System32\kYQcRqs.exe
  C:\Windows\System32\kYQcRqs.exe
  2⤵
  PID:9416
- C:\Windows\System32\UtquNVC.exe
  C:\Windows\System32\UtquNVC.exe
  2⤵
  PID:9464
- C:\Windows\System32\JBjrxFQ.exe
  C:\Windows\System32\JBjrxFQ.exe
  2⤵
  PID:9548
- C:\Windows\System32\NgCmWgc.exe
  C:\Windows\System32\NgCmWgc.exe
  2⤵
  PID:9668
- C:\Windows\System32\gLzOcmb.exe
  C:\Windows\System32\gLzOcmb.exe
  2⤵
  PID:9672
- C:\Windows\System32\notVpWH.exe
  C:\Windows\System32\notVpWH.exe
  2⤵
  PID:9760
- C:\Windows\System32\VBGDHRi.exe
  C:\Windows\System32\VBGDHRi.exe
  2⤵
  PID:9868
- C:\Windows\System32\uSVxuSK.exe
  C:\Windows\System32\uSVxuSK.exe
  2⤵
  PID:9912
- C:\Windows\System32\jYObTeK.exe
  C:\Windows\System32\jYObTeK.exe
  2⤵
  PID:9980
- C:\Windows\System32\IrMFzhB.exe
  C:\Windows\System32\IrMFzhB.exe
  2⤵
  PID:10024
- C:\Windows\System32\AqSCWjw.exe
  C:\Windows\System32\AqSCWjw.exe
  2⤵
  PID:10112
- C:\Windows\System32\eePwlvF.exe
  C:\Windows\System32\eePwlvF.exe
  2⤵
  PID:10160
- C:\Windows\System32\LNAhuTM.exe
  C:\Windows\System32\LNAhuTM.exe
  2⤵
  PID:10204
- C:\Windows\System32\IaZcMmY.exe
  C:\Windows\System32\IaZcMmY.exe
  2⤵
  PID:10224
- C:\Windows\System32\HadCXix.exe
  C:\Windows\System32\HadCXix.exe
  2⤵
  PID:9324
- C:\Windows\System32\NpSNiAW.exe
  C:\Windows\System32\NpSNiAW.exe
  2⤵
  PID:9508
- C:\Windows\System32\DPxunbL.exe
  C:\Windows\System32\DPxunbL.exe
  2⤵
  PID:9664
- C:\Windows\System32\vYazSEg.exe
  C:\Windows\System32\vYazSEg.exe
  2⤵
  PID:9880
- C:\Windows\System32\GCQfzxL.exe
  C:\Windows\System32\GCQfzxL.exe
  2⤵
  PID:9992
- C:\Windows\System32\CymQOuB.exe
  C:\Windows\System32\CymQOuB.exe
  2⤵
  PID:10196
- C:\Windows\System32\OoOIJSg.exe
  C:\Windows\System32\OoOIJSg.exe
  2⤵
  PID:10148
- C:\Windows\System32\AFBUAdj.exe
  C:\Windows\System32\AFBUAdj.exe
  2⤵
  PID:4904
- C:\Windows\System32\cpohXky.exe
  C:\Windows\System32\cpohXky.exe
  2⤵
  PID:9272
- C:\Windows\System32\QBoFKzN.exe
  C:\Windows\System32\QBoFKzN.exe
  2⤵
  PID:2936
- C:\Windows\System32\iCxiZeC.exe
  C:\Windows\System32\iCxiZeC.exe
  2⤵
  PID:9916
- C:\Windows\System32\FRHhNVp.exe
  C:\Windows\System32\FRHhNVp.exe
  2⤵
  PID:9756
- C:\Windows\System32\LQlxcpT.exe
  C:\Windows\System32\LQlxcpT.exe
  2⤵
  PID:10268
- C:\Windows\System32\DfwPVOg.exe
  C:\Windows\System32\DfwPVOg.exe
  2⤵
  PID:10288
- C:\Windows\System32\gXIvBMR.exe
  C:\Windows\System32\gXIvBMR.exe
  2⤵
  PID:10312
- C:\Windows\System32\NcUoRWi.exe
  C:\Windows\System32\NcUoRWi.exe
  2⤵
  PID:10332
- C:\Windows\System32\DWjGhOo.exe
  C:\Windows\System32\DWjGhOo.exe
  2⤵
  PID:10376
- C:\Windows\System32\WzCqueY.exe
  C:\Windows\System32\WzCqueY.exe
  2⤵
  PID:10392
- C:\Windows\System32\IQQBchp.exe
  C:\Windows\System32\IQQBchp.exe
  2⤵
  PID:10416
- C:\Windows\System32\iChbSJq.exe
  C:\Windows\System32\iChbSJq.exe
  2⤵
  PID:10432
- C:\Windows\System32\xNTyisz.exe
  C:\Windows\System32\xNTyisz.exe
  2⤵
  PID:10456
- C:\Windows\System32\WHtDxzX.exe
  C:\Windows\System32\WHtDxzX.exe
  2⤵
  PID:10476
- C:\Windows\System32\eJKDyAW.exe
  C:\Windows\System32\eJKDyAW.exe
  2⤵
  PID:10528
- C:\Windows\System32\fgOsUre.exe
  C:\Windows\System32\fgOsUre.exe
  2⤵
  PID:10576
- C:\Windows\System32\YNUhNhQ.exe
  C:\Windows\System32\YNUhNhQ.exe
  2⤵
  PID:10616
- C:\Windows\System32\VfzfGxj.exe
  C:\Windows\System32\VfzfGxj.exe
  2⤵
  PID:10632
- C:\Windows\System32\KdHOnNv.exe
  C:\Windows\System32\KdHOnNv.exe
  2⤵
  PID:10652
- C:\Windows\System32\pcNqcvX.exe
  C:\Windows\System32\pcNqcvX.exe
  2⤵
  PID:10672
- C:\Windows\System32\wKXfdRa.exe
  C:\Windows\System32\wKXfdRa.exe
  2⤵
  PID:10696
- C:\Windows\System32\xEdTAeg.exe
  C:\Windows\System32\xEdTAeg.exe
  2⤵
  PID:10740
- C:\Windows\System32\FciRCjP.exe
  C:\Windows\System32\FciRCjP.exe
  2⤵
  PID:10760
- C:\Windows\System32\OJeKGYO.exe
  C:\Windows\System32\OJeKGYO.exe
  2⤵
  PID:10776
- C:\Windows\System32\gVKogbS.exe
  C:\Windows\System32\gVKogbS.exe
  2⤵
  PID:10816
- C:\Windows\System32\CADkBxP.exe
  C:\Windows\System32\CADkBxP.exe
  2⤵
  PID:10840
- C:\Windows\System32\eRfHNWU.exe
  C:\Windows\System32\eRfHNWU.exe
  2⤵
  PID:10864
- C:\Windows\System32\OepWhgQ.exe
  C:\Windows\System32\OepWhgQ.exe
  2⤵
  PID:10880
- C:\Windows\System32\ettckmf.exe
  C:\Windows\System32\ettckmf.exe
  2⤵
  PID:10904
- C:\Windows\System32\jSGroIu.exe
  C:\Windows\System32\jSGroIu.exe
  2⤵
  PID:10920
- C:\Windows\System32\TWBChGc.exe
  C:\Windows\System32\TWBChGc.exe
  2⤵
  PID:10964
- C:\Windows\System32\gHswdOF.exe
  C:\Windows\System32\gHswdOF.exe
  2⤵
  PID:11016
- C:\Windows\System32\WUGichJ.exe
  C:\Windows\System32\WUGichJ.exe
  2⤵
  PID:11032
- C:\Windows\System32\YEeFmry.exe
  C:\Windows\System32\YEeFmry.exe
  2⤵
  PID:11060
- C:\Windows\System32\IaUOyuu.exe
  C:\Windows\System32\IaUOyuu.exe
  2⤵
  PID:11092
- C:\Windows\System32\kevCjpD.exe
  C:\Windows\System32\kevCjpD.exe
  2⤵
  PID:11112
- C:\Windows\System32\GrgQtap.exe
  C:\Windows\System32\GrgQtap.exe
  2⤵
  PID:11184
- C:\Windows\System32\kGFsDxT.exe
  C:\Windows\System32\kGFsDxT.exe
  2⤵
  PID:11208
- C:\Windows\System32\OuDMZqq.exe
  C:\Windows\System32\OuDMZqq.exe
  2⤵
  PID:11228
- C:\Windows\System32\sgieXIl.exe
  C:\Windows\System32\sgieXIl.exe
  2⤵
  PID:10228
- C:\Windows\System32\YnVnMlj.exe
  C:\Windows\System32\YnVnMlj.exe
  2⤵
  PID:10260
- C:\Windows\System32\TcLRmDm.exe
  C:\Windows\System32\TcLRmDm.exe
  2⤵
  PID:10300
- C:\Windows\System32\GvTVcmm.exe
  C:\Windows\System32\GvTVcmm.exe
  2⤵
  PID:10340
- C:\Windows\System32\CtyfRIq.exe
  C:\Windows\System32\CtyfRIq.exe
  2⤵
  PID:10424
- C:\Windows\System32\WxIiUPN.exe
  C:\Windows\System32\WxIiUPN.exe
  2⤵
  PID:10448
- C:\Windows\System32\zpatmFK.exe
  C:\Windows\System32\zpatmFK.exe
  2⤵
  PID:1888
- C:\Windows\System32\dhsFaBa.exe
  C:\Windows\System32\dhsFaBa.exe
  2⤵
  PID:10564
- C:\Windows\System32\przTbgb.exe
  C:\Windows\System32\przTbgb.exe
  2⤵
  PID:10596
- C:\Windows\System32\FzEfhQq.exe
  C:\Windows\System32\FzEfhQq.exe
  2⤵
  PID:10680
- C:\Windows\System32\uiRAijR.exe
  C:\Windows\System32\uiRAijR.exe
  2⤵
  PID:10800
- C:\Windows\System32\FEuDadi.exe
  C:\Windows\System32\FEuDadi.exe
  2⤵
  PID:10784
- C:\Windows\System32\ULmhdMj.exe
  C:\Windows\System32\ULmhdMj.exe
  2⤵
  PID:10828
- C:\Windows\System32\iKROSAU.exe
  C:\Windows\System32\iKROSAU.exe
  2⤵
  PID:10900
- C:\Windows\System32\hzqQsWU.exe
  C:\Windows\System32\hzqQsWU.exe
  2⤵
  PID:10888
- C:\Windows\System32\mlSlsyZ.exe
  C:\Windows\System32\mlSlsyZ.exe
  2⤵
  PID:11028
- C:\Windows\System32\JRnGLJZ.exe
  C:\Windows\System32\JRnGLJZ.exe
  2⤵
  PID:4836
- C:\Windows\System32\arGbons.exe
  C:\Windows\System32\arGbons.exe
  2⤵
  PID:11108
- C:\Windows\System32\xQYBqGb.exe
  C:\Windows\System32\xQYBqGb.exe
  2⤵
  PID:11200
- C:\Windows\System32\eLDOiRG.exe
  C:\Windows\System32\eLDOiRG.exe
  2⤵
  PID:10232
- C:\Windows\System32\nlHCcde.exe
  C:\Windows\System32\nlHCcde.exe
  2⤵
  PID:10328
- C:\Windows\System32\SRHLXjP.exe
  C:\Windows\System32\SRHLXjP.exe
  2⤵
  PID:1564
- C:\Windows\System32\OTJUaUV.exe
  C:\Windows\System32\OTJUaUV.exe
  2⤵
  PID:10604
- C:\Windows\System32\PZMXQnr.exe
  C:\Windows\System32\PZMXQnr.exe
  2⤵
  PID:10708
- C:\Windows\System32\fmeZslQ.exe
  C:\Windows\System32\fmeZslQ.exe
  2⤵
  PID:10804
- C:\Windows\System32\JDJEwWP.exe
  C:\Windows\System32\JDJEwWP.exe
  2⤵
  PID:9440
- C:\Windows\System32\DcKuwUD.exe
  C:\Windows\System32\DcKuwUD.exe
  2⤵
  PID:11160
- C:\Windows\System32\gGvnqGa.exe
  C:\Windows\System32\gGvnqGa.exe
  2⤵
  PID:11224
- C:\Windows\System32\LhEPrRO.exe
  C:\Windows\System32\LhEPrRO.exe
  2⤵
  PID:10484
- C:\Windows\System32\xFOvRQw.exe
  C:\Windows\System32\xFOvRQw.exe
  2⤵
  PID:10648
- C:\Windows\System32\AsgNCzy.exe
  C:\Windows\System32\AsgNCzy.exe
  2⤵
  PID:10936
- C:\Windows\System32\BVaLYtB.exe
  C:\Windows\System32\BVaLYtB.exe
  2⤵
  PID:11088
- C:\Windows\System32\aMhpSaP.exe
  C:\Windows\System32\aMhpSaP.exe
  2⤵
  PID:10280
- C:\Windows\System32\kgPNtfV.exe
  C:\Windows\System32\kgPNtfV.exe
  2⤵
  PID:10348
- C:\Windows\System32\SvyHomF.exe
  C:\Windows\System32\SvyHomF.exe
  2⤵
  PID:11268
- C:\Windows\System32\iNDyAiU.exe
  C:\Windows\System32\iNDyAiU.exe
  2⤵
  PID:11284
- C:\Windows\System32\WiFzqqe.exe
  C:\Windows\System32\WiFzqqe.exe
  2⤵
  PID:11332
- C:\Windows\System32\tCVRyBh.exe
  C:\Windows\System32\tCVRyBh.exe
  2⤵
  PID:11360
- C:\Windows\System32\lvtLSQz.exe
  C:\Windows\System32\lvtLSQz.exe
  2⤵
  PID:11392
- C:\Windows\System32\oBsIUCv.exe
  C:\Windows\System32\oBsIUCv.exe
  2⤵
  PID:11448
- C:\Windows\System32\NRUKare.exe
  C:\Windows\System32\NRUKare.exe
  2⤵
  PID:11488
- C:\Windows\System32\aPmPbBM.exe
  C:\Windows\System32\aPmPbBM.exe
  2⤵
  PID:11524
- C:\Windows\System32\hQMybPa.exe
  C:\Windows\System32\hQMybPa.exe
  2⤵
  PID:11540
- C:\Windows\System32\uZUfcwO.exe
  C:\Windows\System32\uZUfcwO.exe
  2⤵
  PID:11584
- C:\Windows\System32\CzMrzmf.exe
  C:\Windows\System32\CzMrzmf.exe
  2⤵
  PID:11600
- C:\Windows\System32\LmIWPPu.exe
  C:\Windows\System32\LmIWPPu.exe
  2⤵
  PID:11624
- C:\Windows\System32\PlHegmj.exe
  C:\Windows\System32\PlHegmj.exe
  2⤵
  PID:11656
- C:\Windows\System32\TZPBcsY.exe
  C:\Windows\System32\TZPBcsY.exe
  2⤵
  PID:11692
- C:\Windows\System32\JnGeYsi.exe
  C:\Windows\System32\JnGeYsi.exe
  2⤵
  PID:11708
- C:\Windows\System32\UVkOSiD.exe
  C:\Windows\System32\UVkOSiD.exe
  2⤵
  PID:11724
- C:\Windows\System32\QHfKYLH.exe
  C:\Windows\System32\QHfKYLH.exe
  2⤵
  PID:11788
- C:\Windows\System32\xfVwBql.exe
  C:\Windows\System32\xfVwBql.exe
  2⤵
  PID:11804
- C:\Windows\System32\FwNoqXX.exe
  C:\Windows\System32\FwNoqXX.exe
  2⤵
  PID:11820
- C:\Windows\System32\VuDQkbE.exe
  C:\Windows\System32\VuDQkbE.exe
  2⤵
  PID:11860
- C:\Windows\System32\UimUFGY.exe
  C:\Windows\System32\UimUFGY.exe
  2⤵
  PID:11880
- C:\Windows\System32\pJUGZzB.exe
  C:\Windows\System32\pJUGZzB.exe
  2⤵
  PID:11904
- C:\Windows\System32\qhCRacg.exe
  C:\Windows\System32\qhCRacg.exe
  2⤵
  PID:11952
- C:\Windows\System32\thKAJIS.exe
  C:\Windows\System32\thKAJIS.exe
  2⤵
  PID:11972
- C:\Windows\System32\jBoZMSV.exe
  C:\Windows\System32\jBoZMSV.exe
  2⤵
  PID:11996
- C:\Windows\System32\XGDNqep.exe
  C:\Windows\System32\XGDNqep.exe
  2⤵
  PID:12040
- C:\Windows\System32\SZdZXYh.exe
  C:\Windows\System32\SZdZXYh.exe
  2⤵
  PID:12068
- C:\Windows\System32\VMcYoYx.exe
  C:\Windows\System32\VMcYoYx.exe
  2⤵
  PID:12092
- C:\Windows\System32\AYkmmDR.exe
  C:\Windows\System32\AYkmmDR.exe
  2⤵
  PID:12112
- C:\Windows\System32\aQZabRq.exe
  C:\Windows\System32\aQZabRq.exe
  2⤵
  PID:12132
- C:\Windows\System32\mjgAHdF.exe
  C:\Windows\System32\mjgAHdF.exe
  2⤵
  PID:12164
- C:\Windows\System32\FWmeDSm.exe
  C:\Windows\System32\FWmeDSm.exe
  2⤵
  PID:12188
- C:\Windows\System32\modFeHL.exe
  C:\Windows\System32\modFeHL.exe
  2⤵
  PID:12224
- C:\Windows\System32\UtfDZil.exe
  C:\Windows\System32\UtfDZil.exe
  2⤵
  PID:12256
- C:\Windows\System32\RRsadHi.exe
  C:\Windows\System32\RRsadHi.exe
  2⤵
  PID:12284
- C:\Windows\System32\qrFxgWM.exe
  C:\Windows\System32\qrFxgWM.exe
  2⤵
  PID:11312
- C:\Windows\System32\bLkNpKN.exe
  C:\Windows\System32\bLkNpKN.exe
  2⤵
  PID:11344
- C:\Windows\System32\gdvDOXR.exe
  C:\Windows\System32\gdvDOXR.exe
  2⤵
  PID:11416
- C:\Windows\System32\jxmkpSs.exe
  C:\Windows\System32\jxmkpSs.exe
  2⤵
  PID:11404
- C:\Windows\System32\XShUvZe.exe
  C:\Windows\System32\XShUvZe.exe
  2⤵
  PID:11472
- C:\Windows\System32\aUWokHm.exe
  C:\Windows\System32\aUWokHm.exe
  2⤵
  PID:11564
- C:\Windows\System32\rnCuRxU.exe
  C:\Windows\System32\rnCuRxU.exe
  2⤵
  PID:11632
- C:\Windows\System32\mVSfOle.exe
  C:\Windows\System32\mVSfOle.exe
  2⤵
  PID:11800
- C:\Windows\System32\PhRmCiH.exe
  C:\Windows\System32\PhRmCiH.exe
  2⤵
  PID:11872
- C:\Windows\System32\VvXSDfY.exe
  C:\Windows\System32\VvXSDfY.exe
  2⤵
  PID:11876
- C:\Windows\System32\nPWIJVf.exe
  C:\Windows\System32\nPWIJVf.exe
  2⤵
  PID:11936
- C:\Windows\System32\BvZhoac.exe
  C:\Windows\System32\BvZhoac.exe
  2⤵
  PID:12048
- C:\Windows\System32\KVIuwyX.exe
  C:\Windows\System32\KVIuwyX.exe
  2⤵
  PID:11468
- C:\Windows\System32\BueAvhv.exe
  C:\Windows\System32\BueAvhv.exe
  2⤵
  PID:12108
- C:\Windows\System32\IXBjuvs.exe
  C:\Windows\System32\IXBjuvs.exe
  2⤵
  PID:12204
- C:\Windows\System32\QKanwqV.exe
  C:\Windows\System32\QKanwqV.exe
  2⤵
  PID:11388
- C:\Windows\System32\lgFrYzO.exe
  C:\Windows\System32\lgFrYzO.exe
  2⤵
  PID:11512
- C:\Windows\System32\QNvaBly.exe
  C:\Windows\System32\QNvaBly.exe
  2⤵
  PID:11688
- C:\Windows\System32\dqtwSQi.exe
  C:\Windows\System32\dqtwSQi.exe
  2⤵
  PID:11716
- C:\Windows\System32\pVoiilQ.exe
  C:\Windows\System32\pVoiilQ.exe
  2⤵
  PID:11652
- C:\Windows\System32\iMwKJnE.exe
  C:\Windows\System32\iMwKJnE.exe
  2⤵
  PID:11684
- C:\Windows\System32\CCQeLFM.exe
  C:\Windows\System32\CCQeLFM.exe
  2⤵
  PID:11968
- C:\Windows\System32\pOVAPrU.exe
  C:\Windows\System32\pOVAPrU.exe
  2⤵
  PID:11912
- C:\Windows\System32\WHIjVvy.exe
  C:\Windows\System32\WHIjVvy.exe
  2⤵
  PID:12196
- C:\Windows\System32\ioYRLnj.exe
  C:\Windows\System32\ioYRLnj.exe
  2⤵
  PID:11444
- C:\Windows\System32\vGqZpuI.exe
  C:\Windows\System32\vGqZpuI.exe
  2⤵
  PID:11636
- C:\Windows\System32\QDrvWxK.exe
  C:\Windows\System32\QDrvWxK.exe
  2⤵
  PID:11848
- C:\Windows\System32\dyRplIW.exe
  C:\Windows\System32\dyRplIW.exe
  2⤵
  PID:12052
- C:\Windows\System32\pqRthbu.exe
  C:\Windows\System32\pqRthbu.exe
  2⤵
  PID:12344
- C:\Windows\System32\WSChESy.exe
  C:\Windows\System32\WSChESy.exe
  2⤵
  PID:12376
- C:\Windows\System32\LwiHCxt.exe
  C:\Windows\System32\LwiHCxt.exe
  2⤵
  PID:12396
- C:\Windows\System32\EDiEFGe.exe
  C:\Windows\System32\EDiEFGe.exe
  2⤵
  PID:12428
- C:\Windows\System32\VWGMeHF.exe
  C:\Windows\System32\VWGMeHF.exe
  2⤵
  PID:12456
- C:\Windows\System32\CHcgXTj.exe
  C:\Windows\System32\CHcgXTj.exe
  2⤵
  PID:12472
- C:\Windows\System32\XXIOaDQ.exe
  C:\Windows\System32\XXIOaDQ.exe
  2⤵
  PID:12504
- C:\Windows\System32\WQrPpvJ.exe
  C:\Windows\System32\WQrPpvJ.exe
  2⤵
  PID:12540
- C:\Windows\System32\uCdzxEo.exe
  C:\Windows\System32\uCdzxEo.exe
  2⤵
  PID:12624
- C:\Windows\System32\oPkBtjI.exe
  C:\Windows\System32\oPkBtjI.exe
  2⤵
  PID:12644
- C:\Windows\System32\srGkOon.exe
  C:\Windows\System32\srGkOon.exe
  2⤵
  PID:12672
- C:\Windows\System32\gPgWSvM.exe
  C:\Windows\System32\gPgWSvM.exe
  2⤵
  PID:12692
- C:\Windows\System32\GUCgOpf.exe
  C:\Windows\System32\GUCgOpf.exe
  2⤵
  PID:12712
- C:\Windows\System32\BuPraxm.exe
  C:\Windows\System32\BuPraxm.exe
  2⤵
  PID:12736
- C:\Windows\System32\CDOOhMS.exe
  C:\Windows\System32\CDOOhMS.exe
  2⤵
  PID:12784
- C:\Windows\System32\CcjiHpY.exe
  C:\Windows\System32\CcjiHpY.exe
  2⤵
  PID:12816
- C:\Windows\System32\RtXGQZw.exe
  C:\Windows\System32\RtXGQZw.exe
  2⤵
  PID:12848
- C:\Windows\System32\ZgzHreu.exe
  C:\Windows\System32\ZgzHreu.exe
  2⤵
  PID:12864
- C:\Windows\System32\TkjUGWT.exe
  C:\Windows\System32\TkjUGWT.exe
  2⤵
  PID:12884
- C:\Windows\System32\VxGQCBi.exe
  C:\Windows\System32\VxGQCBi.exe
  2⤵
  PID:12900
- C:\Windows\System32\MCRzOcE.exe
  C:\Windows\System32\MCRzOcE.exe
  2⤵
  PID:12924
- C:\Windows\System32\SaYitSH.exe
  C:\Windows\System32\SaYitSH.exe
  2⤵
  PID:12952
- C:\Windows\System32\vdCsVyL.exe
  C:\Windows\System32\vdCsVyL.exe
  2⤵
  PID:12984
- C:\Windows\System32\YOkZgDk.exe
  C:\Windows\System32\YOkZgDk.exe
  2⤵
  PID:13004
- C:\Windows\System32\hUEIhjP.exe
  C:\Windows\System32\hUEIhjP.exe
  2⤵
  PID:13036
- C:\Windows\System32\ZsOJolH.exe
  C:\Windows\System32\ZsOJolH.exe
  2⤵
  PID:13056
- C:\Windows\System32\CZvwOPb.exe
  C:\Windows\System32\CZvwOPb.exe
  2⤵
  PID:13088
- C:\Windows\System32\NgRZROs.exe
  C:\Windows\System32\NgRZROs.exe
  2⤵
  PID:13124
- C:\Windows\System32\YjjgRAH.exe
  C:\Windows\System32\YjjgRAH.exe
  2⤵
  PID:13176
- C:\Windows\System32\NydMVTn.exe
  C:\Windows\System32\NydMVTn.exe
  2⤵
  PID:13212
- C:\Windows\System32\LnUutCL.exe
  C:\Windows\System32\LnUutCL.exe
  2⤵
  PID:13240
- C:\Windows\System32\HdTqMjT.exe
  C:\Windows\System32\HdTqMjT.exe
  2⤵
  PID:13256
- C:\Windows\System32\nntrEJZ.exe
  C:\Windows\System32\nntrEJZ.exe
  2⤵
  PID:13272
- C:\Windows\System32\TtjEkvq.exe
  C:\Windows\System32\TtjEkvq.exe
  2⤵
  PID:13300
- C:\Windows\System32\lhWDzDz.exe
  C:\Windows\System32\lhWDzDz.exe
  2⤵
  PID:11888
- C:\Windows\System32\dahWwEa.exe
  C:\Windows\System32\dahWwEa.exe
  2⤵
  PID:11836
- C:\Windows\System32\VkzTdyZ.exe
  C:\Windows\System32\VkzTdyZ.exe
  2⤵
  PID:12448
- C:\Windows\System32\UKfXTdn.exe
  C:\Windows\System32\UKfXTdn.exe
  2⤵
  PID:12484
- C:\Windows\System32\voMGRbl.exe
  C:\Windows\System32\voMGRbl.exe
  2⤵
  PID:12572
- C:\Windows\System32\bthWVsw.exe
  C:\Windows\System32\bthWVsw.exe
  2⤵
  PID:12568
- C:\Windows\System32\ltTSYhW.exe
  C:\Windows\System32\ltTSYhW.exe
  2⤵
  PID:12612
- C:\Windows\System32\xlLDiJd.exe
  C:\Windows\System32\xlLDiJd.exe
  2⤵
  PID:12708
- C:\Windows\System32\rFCYCpc.exe
  C:\Windows\System32\rFCYCpc.exe
  2⤵
  PID:12700
- C:\Windows\System32\YGErDZN.exe
  C:\Windows\System32\YGErDZN.exe
  2⤵
  PID:12240
- C:\Windows\System32\HHYaHhT.exe
  C:\Windows\System32\HHYaHhT.exe
  2⤵
  PID:1948
- C:\Windows\System32\zJnptDn.exe
  C:\Windows\System32\zJnptDn.exe
  2⤵
  PID:12860
- C:\Windows\System32\IVAgytJ.exe
  C:\Windows\System32\IVAgytJ.exe
  2⤵
  PID:12912
- C:\Windows\System32\ELUHZil.exe
  C:\Windows\System32\ELUHZil.exe
  2⤵
  PID:12968
- C:\Windows\System32\jklqbvb.exe
  C:\Windows\System32\jklqbvb.exe
  2⤵
  PID:13064
- C:\Windows\System32\YuUrdoI.exe
  C:\Windows\System32\YuUrdoI.exe
  2⤵
  PID:13084
- C:\Windows\System32\CVLSjOH.exe
  C:\Windows\System32\CVLSjOH.exe
  2⤵
  PID:13156
- C:\Windows\System32\vFHioUo.exe
  C:\Windows\System32\vFHioUo.exe
  2⤵
  PID:13252
- C:\Windows\System32\zkzmyjy.exe
  C:\Windows\System32\zkzmyjy.exe
  2⤵
  PID:13296
- C:\Windows\System32\aciZrNG.exe
  C:\Windows\System32\aciZrNG.exe
  2⤵
  PID:12564
- C:\Windows\System32\AknGgPm.exe
  C:\Windows\System32\AknGgPm.exe
  2⤵
  PID:12552
- C:\Windows\System32\rHJmhVt.exe
  C:\Windows\System32\rHJmhVt.exe
  2⤵
  PID:12664
- C:\Windows\System32\NHpNIjJ.exe
  C:\Windows\System32\NHpNIjJ.exe
  2⤵
  PID:2532
- C:\Windows\System32\rHSCbSu.exe
  C:\Windows\System32\rHSCbSu.exe
  2⤵
  PID:12780
- C:\Windows\System32\dYbwbUt.exe
  C:\Windows\System32\dYbwbUt.exe
  2⤵
  PID:12828
- C:\Windows\System32\hFZglYr.exe
  C:\Windows\System32\hFZglYr.exe
  2⤵
  PID:13152
- C:\Windows\System32\Gfpfnjo.exe
  C:\Windows\System32\Gfpfnjo.exe
  2⤵
  PID:12620
- C:\Windows\System32\jUerkLy.exe
  C:\Windows\System32\jUerkLy.exe
  2⤵
  PID:12668
- C:\Windows\System32\kjqKjAT.exe
  C:\Windows\System32\kjqKjAT.exe
  2⤵
  PID:13228
- C:\Windows\System32\cPFRxuE.exe
  C:\Windows\System32\cPFRxuE.exe
  2⤵
  PID:12772
- C:\Windows\System32\IBxzLNb.exe
  C:\Windows\System32\IBxzLNb.exe
  2⤵
  PID:13328
- C:\Windows\System32\hvOGAGg.exe
  C:\Windows\System32\hvOGAGg.exe
  2⤵
  PID:13348
- C:\Windows\System32\YGBIoYM.exe
  C:\Windows\System32\YGBIoYM.exe
  2⤵
  PID:13384
- C:\Windows\System32\ichzYVq.exe
  C:\Windows\System32\ichzYVq.exe
  2⤵
  PID:13432
- C:\Windows\System32\ERfyghz.exe
  C:\Windows\System32\ERfyghz.exe
  2⤵
  PID:13456
- C:\Windows\System32\jYBKjqU.exe
  C:\Windows\System32\jYBKjqU.exe
  2⤵
  PID:13476
- C:\Windows\System32\bhjOzje.exe
  C:\Windows\System32\bhjOzje.exe
  2⤵
  PID:13496
- C:\Windows\System32\qFewlQS.exe
  C:\Windows\System32\qFewlQS.exe
  2⤵
  PID:13520
- C:\Windows\System32\LevdlxI.exe
  C:\Windows\System32\LevdlxI.exe
  2⤵
  PID:13536
- C:\Windows\System32\HZdAIix.exe
  C:\Windows\System32\HZdAIix.exe
  2⤵
  PID:13564
- C:\Windows\System32\OoIERwG.exe
  C:\Windows\System32\OoIERwG.exe
  2⤵
  PID:13584
- C:\Windows\System32\bfTjIeJ.exe
  C:\Windows\System32\bfTjIeJ.exe
  2⤵
  PID:13624
- C:\Windows\System32\ABvxaEL.exe
  C:\Windows\System32\ABvxaEL.exe
  2⤵
  PID:13648
- C:\Windows\System32\pgOJziG.exe
  C:\Windows\System32\pgOJziG.exe
  2⤵
  PID:13664
- C:\Windows\System32\KZYVRWk.exe
  C:\Windows\System32\KZYVRWk.exe
  2⤵
  PID:13700
- C:\Windows\System32\PsQKzqU.exe
  C:\Windows\System32\PsQKzqU.exe
  2⤵
  PID:13768
- C:\Windows\System32\WGVbMKu.exe
  C:\Windows\System32\WGVbMKu.exe
  2⤵
  PID:13808
- C:\Windows\System32\mcnocOm.exe
  C:\Windows\System32\mcnocOm.exe
  2⤵
  PID:13832
- C:\Windows\System32\AbNbLkk.exe
  C:\Windows\System32\AbNbLkk.exe
  2⤵
  PID:13856
- C:\Windows\System32\qYGJpZd.exe
  C:\Windows\System32\qYGJpZd.exe
  2⤵
  PID:13872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4376,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=1420 /prefetch:8
1⤵
PID:8980

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\CFgwzGx.exe

Filesize
1.4MB

MD5
1498f813cd2b70f7e3aa71a31e22bbbd

SHA1
c6694cfa9cc45086af7d7d744218c1ca3e7e7721

SHA256
1b8498e1e55f0b80a928ede67bd5da948aaf01eee362002f3c5ad2ea85202a55

SHA512
b11da4c928704587e57fc3dc1ea3489a3394ef65a8ac90f066e5f444c09cf908ef8939429e24d944bb96a24a990bf3c67f50b4cc1d0b36d25f4165e2d845261d

Download Submit
C:\Windows\System32\CHJySLT.exe

Filesize
1.4MB

MD5
a125bead9a0f3aaa97dae0abfc51ec9e

SHA1
685a113b48990d7827f422f9cc8357a6a2089118

SHA256
e5e6b16ab5dc0f8dd5b6dc35d7c6cefa8792af1846d80dbb66365b4b88ad7b9b

SHA512
e592369ef9f266271c4de32ea19a9756d3169dda4f680eb4f7e456f4efeb62427aad3d76c1348df1ed952402b4de48420075a91f698dbe69dff41889e6ee7363

Download Submit
C:\Windows\System32\FIainQd.exe

Filesize
1.4MB

MD5
5d48faa18329ce3a4d0580296296d5f4

SHA1
c898e7e3816a59af8907c133807c34d768fefb12

SHA256
16bf4cd57ec48413e5de166341eda770c013ef7e1e223681351569507348b4b1

SHA512
f35577b926913221f2ef82971f960f9db765b12d15165f143955172a89850f0cf236eddc41feb5d7ad3a7c5308613c0b16cd792f229962bd436f76d86fb111db

Download Submit
C:\Windows\System32\GKnCrlK.exe

Filesize
1.4MB

MD5
95e7b13da9978f7d5d27591b98197da3

SHA1
198889f4f3d323a8398b5fec1ac0d899f9fd1fdd

SHA256
12e7ace9eec070d969e8d6a72167bb1b0a4ed110a3736ad95e97102c8639c69a

SHA512
b860a9517d28ee6803e9e4f514fa68e004a884231581fedb84892e4c6c3d46a9416223da3185b1973dafc16bc74ce4522ae9a9af5e2b77a0ac26130286b9faec

Download Submit
C:\Windows\System32\GUKmLiB.exe

Filesize
1.4MB

MD5
7c878b8d31ca3baf730fe6e976d5f7c2

SHA1
c8dbf7c1c825f1c8262787adce13f2e6f34da8e2

SHA256
686f9520fea5fa0417127a83e7491df16911d84ae8a2034c448f11c19b73571c

SHA512
e7abeb260c285e866b84d2375e386ccf44327b2df700104b272ce34f9e67d9669b34dd243a1bbc12eca8828f9a94ad99cf985bd7f7fdf23dfc6866074e04d4ef

Download Submit
C:\Windows\System32\HRVEjWT.exe

Filesize
1.4MB

MD5
1fe3a73d21698704703af7d5830763c3

SHA1
b43febe161c810a1952d30caad6d09781c30aea5

SHA256
37ba38f7d226907042046283d7db3c073d3f385068056373cbcf8329aa377f51

SHA512
343a725d280397f0d0bf8a382f8ec175989858523e2220495f36f524d321de2ec001e847f5c9d73d9b301b668001a7aca1d434cae49fb391c603b4c46c7f7640

Download Submit
C:\Windows\System32\IWXELcg.exe

Filesize
1.4MB

MD5
0a3013eed989cb490176abf161a1bbdb

SHA1
f9f382137ee2edafee65071d025225091dee322a

SHA256
332e7cc287ac59dd3e1888b235dbbe0847f432e66891930340af95ff3bbad695

SHA512
447f8f0f9889d69626698124a837a3d360acd36bab920c38faccd50d42bd5cf425a761aaf8a0c6faefa8994280498db5d8f220aced91c8b836d33ac59ba6b69f

Download Submit
C:\Windows\System32\JDLQFwn.exe

Filesize
1.4MB

MD5
caab5d3bc61c4fe866c103a515b7cc40

SHA1
9efdea3145cd7b23a02b35fbef27c0f9606e1d70

SHA256
f618ca1a69aedb8488b4f05374660f34a8f85094a9b319d830b5dc794ad133f5

SHA512
450de1fc9733f9857b8de84b09709b18b920641117cbb9e95b798438e1830ba8a69613621700c38206f36a45546118ebfe9dce4d3325cb04bad647c87419bcc9

Download Submit
C:\Windows\System32\KBXebyA.exe

Filesize
1.4MB

MD5
57c4746a66940f61f9c4a70bf6f9f2de

SHA1
81a06aad282acdc225f9abd09b8cdbaaf75aea9b

SHA256
1f7edce01918fadba68c4433a6a64930b1ad3ad70dafeed67d36c3a176fd46f6

SHA512
ed0b1ba921f07a151ab68b600a4fa17c86ad6aa9d9d8d4bcd59bd376f739f0c5d0d9199f0c01069c3200ef516771e0bcfd7afc5ed6b96910b7cc28f53a6264eb

Download Submit
C:\Windows\System32\KPGvYCH.exe

Filesize
1.4MB

MD5
5b79d6722c4703e7d4435833b618811d

SHA1
88ebe34bd1ef61a632f877275ed32cd4607b39b6

SHA256
760beaf76a23bc343b419d832d20e8f4217e87ade3ac5c171ae777113126e1ba

SHA512
4695d40b1a2833b0d9d03dd327dbb5ac650e9d936ef9aac2d324cc1ad6b4e642c1e3a21732f9a401eaf4ca83e7ebc5a263e3ab90678a490f47da8ca2de53a9d3

Download Submit
C:\Windows\System32\KdTWTPC.exe

Filesize
1.4MB

MD5
d4c2101fceb18010872461048c77a083

SHA1
c2582e64aa10762eb8b4088a7735e72e739dfda0

SHA256
f55051812a33e6927eceb00ee7ec2f6fa79c83293ecce64829f682d18dc93d57

SHA512
9b1f7e937ba156e89e40b5f271401d3b6800b684bef2c3ef07d12e981c202cbf109ee3ca3b131a7817f4571d7c13aa17d91ac825a94a0ac468b065ac099c2fec

Download Submit
C:\Windows\System32\NTdzLDR.exe

Filesize
1.4MB

MD5
040c8939c9a39ce06b45f85669d69549

SHA1
147a71c419d1d505555c408aa39364bd6b78b70d

SHA256
09987158d824cb5681f7da77d2a43ad3da2a8c8e2e031586532977fe50f4c9bf

SHA512
3fffdbeadf2ed0cac62b4a8dad51ab50e9f208cd7604b7299a46e86abfab99b68e64f6c220053ca9138cb0676a8f6214aff2245046a5c5bc736dd3b9916651da

Download Submit
C:\Windows\System32\NsxWnrw.exe

Filesize
1.4MB

MD5
923cd04c311d968ffdf36727d57cd0d7

SHA1
3865b3eba21b4b1d8a5fffbf83a829053527bee2

SHA256
6b0fc37d222326a6aaa36659591135d473ddd04918cce8f0204bb0e20480d195

SHA512
e19a27c255943c700717fdb1f056138bb27b10a8712737ee3e1711b91c04bfcbe417cb4f8d6d8f2a0af568f2bc9d2b004524233399b76b69d8c6385e81cceaac

Download Submit
C:\Windows\System32\OOBWxQM.exe

Filesize
1.4MB

MD5
b061fd195ef09dec08c2265d34a8fec1

SHA1
3baf25cdeca1b278ecd28c7bc25847faa126d581

SHA256
4ed5cb075a534d4c67c2c896dd714bc3ad90cceae9b499dcd41730d629c3da4b

SHA512
5b321ca3dfe2fbeaee99c445ad830a4cc53015f3ebd6122200c0df61065b3a28414740f71977127d6ba9e1f963f4fe2f7fa81a5d4c62b24375d556352ceb9a92

Download Submit
C:\Windows\System32\OQyGEXi.exe

Filesize
1.4MB

MD5
4fb10b51241c865fc51caca72571240b

SHA1
bff5f60bb07562483125187aaff2e27d8be6938a

SHA256
c4e470f35529c47dd82ac1489f0cd5c5f38a1113a3003479c5ce86e65e12c79f

SHA512
95e59e7b0ac28ef01ca07ede163e3c0a573373851a72f9b0e22727a1e2e9aa771cbf5a8a6790d6c868d2c20c5bf5848e078c816dc94dbfefacc70c0b693a3c02

Download Submit
C:\Windows\System32\OtQjamO.exe

Filesize
1.4MB

MD5
ef42a0d9ec71b21d1ddc54792d2ff3a5

SHA1
8d91bcb504204bdc3309d3597d8267f8569fa5a6

SHA256
ad7aa619b1a4247fb4648f1540014e937dcbf8d78b2876feeb78cd9bc2af54f9

SHA512
462007553da388bd8a10afd9141ebbdc57f5002863e9519c5bed57ac9153342dd935bd38f17ead94016cb9cbbc56bf41a7814f6b7a61616ea63543ce1305bd4d

Download Submit
C:\Windows\System32\UAiHjyt.exe

Filesize
1.4MB

MD5
a6b574a65dcc278b4ddcc9e0a6b7b514

SHA1
5cbcacf3f1c4544678dbb2d03b052ad5f44dfc4b

SHA256
376093689822e094dc831d77081d5a27c46732c226e691c270d47a4b1a03b8c2

SHA512
9aef14f5922bf86348e6aa56d532f1a5ef53c3272d13a24c34f8694d59a8b5b5f9737d77e5e5ff324060562c83128fe85dd15ff34ae43734fbbf26dcac656b77

Download Submit
C:\Windows\System32\UjROfxu.exe

Filesize
1.4MB

MD5
e137e5d3548ee68c11c634edc8a59d38

SHA1
3c4c2f1794a36cd03a8a0ccaefba7ce4ebc17f21

SHA256
122e7ce49e69d016fe96b81d80988ca5d58b6dcea6e134918a0b2cb566fe09f4

SHA512
d222328e829d497ed21e49e8dbd95afc990a02934f282f0771c5038b38a550469d51dfc9d0c3b4868b233203e6c2a44b762cddc807805406faee09ddc190d1ee

Download Submit
C:\Windows\System32\bJBYTzp.exe

Filesize
1.4MB

MD5
6b16ea522daddefac6bc24bc614a5dcf

SHA1
20883b5e5164d021e8821ed07136c14d8bd6b9a1

SHA256
8de3c463e99a6bfa5074c5662aebd7897e4165fc5614e4182c2726e3cf5bc932

SHA512
632d77d645cf1361ca174065f71c0180b0429abba0ada27c75214348ea28783be51f9080c1236d4665e9c7129944882046e5a3443f583a042b359b6534d83dcd

Download Submit
C:\Windows\System32\cYmYxZq.exe

Filesize
1.4MB

MD5
a425c710ad2c867b6c58b534f2ad0c8c

SHA1
ec5d9636932308b57b6d4de6a3229331ef5eae9b

SHA256
3c2428f018e4bab7c4ca7ee617f456fef258f8a90c3e89aea564f0a6370a7f04

SHA512
a5f936a252d2c0c33d7beaf8cd35eba32f4b460f574e53edb3c62cb13c964fe74292d927b23c53e3f66c690a62036f4b23e918791df84b1e80361a07ec731598

Download Submit
C:\Windows\System32\dOUAwaH.exe

Filesize
1.4MB

MD5
a05129f48ed1afe987c3e957dc1295cf

SHA1
4dbe0c694723e709ae1488f5824507169cefe43a

SHA256
cd145528b780b82a5df1c69112c31bbdd0f6761f2f8413686658bf42ca4429be

SHA512
db1f39cbbe47566969bd4c5d41762fd0ebf62579e1d7c003e16d6e8e821a4b86754a95623c94c3a1c86c424686f856cc20da4878442894f89e2df5a48c4b6377

Download Submit
C:\Windows\System32\eIKvZKe.exe

Filesize
1.4MB

MD5
8e98941d87e5597ea8946d4fb171d64d

SHA1
61788767c27374844bdd7e5b5f208470c1ff07d7

SHA256
c01d8e49e5d33f92a17645019c7b0d53faa46d7cc470ce8cf37a0fa65e6b0c69

SHA512
c352037d5701fe7c33c64f2cd5b2d6f1f0e98ec2249a211da40c25bb051972e3a33fb2597525ccce816ddd1b76b0de543995abebe89a5e2ad917d61d7528d3c0

Download Submit
C:\Windows\System32\fEsXuDH.exe

Filesize
1.4MB

MD5
f279dc41c285cf4b0cd161ea574b8ca6

SHA1
b956bd2a012567e541f825d5f45b7b36c12aa457

SHA256
9ddc4d80e6f0c5ed7408de51b63fa464b18efe146ef0a29d4102e1a3bdc5b201

SHA512
dd074e9a6fb76c64554d5f8a6896a6ee31f8ce64601a77c7757550a5bbe7466809a2b7cbbe50df7416bfab9253ee8fe95a08dd370b200568557c3f5c78a56f5f

Download Submit
C:\Windows\System32\hgfvZqa.exe

Filesize
1.4MB

MD5
154abca270c1e2471549ddc0ffb30d30

SHA1
c9d7350898a81b14f62b3769a1be7bd59e19d491

SHA256
eaeee2d4d8b4381caaf32bb019760c1003aaac9bc04d8e44845269b6824c9e79

SHA512
a8240b220593d699f69e6ad501f6ef5464235e5c50c7452dea34ff1415cf65abe252015a925948e91530798e844bf83741c621f96a17c07a38e2fe2f7febab76

Download Submit
C:\Windows\System32\ibUBDQw.exe

Filesize
1.4MB

MD5
abe1da6dc592fa3e79b2d80a134a81af

SHA1
a7fbade542d381e17da588a57aa6a9eb02f928f7

SHA256
7909105a5f04727bf147f064b482debb68ff85ac5fd06f423053287bf6531c8a

SHA512
341451abbec2995e3d5c9e2b32f7583a12fe769890421f0de6f5937c64263f410eb1fd49bd59942f818afe3fb911fd603f131f13dc6998b4ac48102725e460f4

Download Submit
C:\Windows\System32\mWIbVnK.exe

Filesize
1.4MB

MD5
214cfca0142e4822f5d12bec76143bd7

SHA1
046ae60983b733c708e9b44b71927e409d8d83e6

SHA256
2cc821c3ea022ca50e3b64d9924effd6ec2f10b298e0e38102fff553ad280449

SHA512
6ece0a8a968460364dfc968cb40f5fee16eaa65933c74103b9460b2e21337ea228fba96637baf329d01cad64672baedcd0a60a05f95b97780edfb4dca91014ca

Download Submit
C:\Windows\System32\rBjqHRI.exe

Filesize
1.4MB

MD5
32695ce8802e83308a125734ea6317ae

SHA1
a8735f7af01ed515c4fde02679d32fcebc2ce0a5

SHA256
d19edc462158cb4e96944bb3648f22983177f625dba5c19c9c1414d964f5df93

SHA512
e6167fce60ee4b450640c0d62d777c86de9db9f3852aba5e67ee627c570f8b4f6ae9fd487846db43ed263909699fd7d825e3f960b070e7fe5894d17416f352c2

Download Submit
C:\Windows\System32\rkFpvwm.exe

Filesize
1.4MB

MD5
a5a99bd55e9e50f61a4e2919e77f51c7

SHA1
d49e60a845afb79e3570819b11d4ebc4dd87c6cd

SHA256
6988e288ea4ce25b55f0ea60ec16aeef78a84d5965622f8db68e0982cd20ffa6

SHA512
2997de560f8dc253ff274bec2731230b0b0f9bb53a3760e91e9bc91708e934c1106e5600b2974a7d9e5f7e12f2f88c1ce35f43b8fba0030eccd4d050061598ec

Download Submit
C:\Windows\System32\sntHZUZ.exe

Filesize
1.4MB

MD5
2aa9a146a90e3f838dcaa1002c737429

SHA1
32ebe9aea286c1eabf0c42c0009c096cc4afeaaf

SHA256
044fcee0f44850d52d3e33de8faff706ef2b79485047281a6f52a4afc16e1ca6

SHA512
2390408c549781cded0984f189059eaa36049739327538205aafdf8bb945a1f37699da2b03fc5642ed5edb5b7b195a0490831f97cac537e0d2fcdb5395434341

Download Submit
C:\Windows\System32\vftVsuP.exe

Filesize
1.4MB

MD5
f19ec4d50deff32f13eac1591730703f

SHA1
1049d3c01fb4807d7462472f05b161e3751e6e15

SHA256
fd15813423da6dd287b121a2fcf782d366cae4f632a4d19a05481da1c64911f6

SHA512
e47be5fd335ec1e87bd12022c124fdf7db15ea012e59f487f33ffba65af536e2497d9e8cdb942e7b29fec9f5b3c68021307a21a5f3dbaef75381e59d44a19e09

Download Submit
C:\Windows\System32\vmRZHXa.exe

Filesize
1.4MB

MD5
d124793dfae22e4e86125b2561079318

SHA1
cd6078f6c6130003db3afc49ab473fa7dc18cbde

SHA256
26755159ccb083582c14301ff829634ef5209a164ef13892681eed60831d9d95

SHA512
611e0dee2889b7cc0f8529aa034ab23198212023d93fd28afe095f05274c46f1039a2334c3bc27c195b4443a31a8b2ecea0bfa279f0dc0befd3a1368142f26ff

Download Submit
C:\Windows\System32\vwSnAvE.exe

Filesize
1.4MB

MD5
a5d8bedb822c199dd5e5e83b496e96af

SHA1
419e26a4576472b1ac26eb135857ceba6d34cf98

SHA256
72de3fc4506e9cb53f72dfbe2de9fe4ba57061f606f7095d9ffc88e96cf85fab

SHA512
b4bfcf45786b64dd3bef703fc343b5ebd3d7b5d479ac48835619b26531d7905d7b3c6489f04e025fab74889894a37d54ebd1e7789a5174c321b46e4b838314b7

Download Submit
C:\Windows\System32\xMtGAez.exe

Filesize
1.4MB

MD5
08facc611821b4f4323e75be313d8009

SHA1
a5a431c28956c3608569622eb42c4eba59e5d6bf

SHA256
42ba6f6c169a6f7912dc9011ac489e5f852f9cbc23b676b63d6683093c0bc9bd

SHA512
bbca8bb58ed86c1df2f1a89ec18ebd3ab44af7d1b34b842e20dfea61be2ef74c9392ebbea98ecea093cc542ce22dcd38b48482536fa7e3ac18ac815d6d83f5f0

Download Submit
memory/912-119-0x00007FF64F790000-0x00007FF64FB81000-memory.dmp

Filesize
3.9MB

Download
memory/912-54-0x00007FF64F790000-0x00007FF64FB81000-memory.dmp

Filesize
3.9MB

Download
memory/912-2168-0x00007FF64F790000-0x00007FF64FB81000-memory.dmp

Filesize
3.9MB

Download
memory/1300-79-0x00007FF60A3D0000-0x00007FF60A7C1000-memory.dmp

Filesize
3.9MB

Download
memory/1300-148-0x00007FF60A3D0000-0x00007FF60A7C1000-memory.dmp

Filesize
3.9MB

Download
memory/1300-2154-0x00007FF60A3D0000-0x00007FF60A7C1000-memory.dmp

Filesize
3.9MB

Download
memory/1580-1974-0x00007FF78D640000-0x00007FF78DA31000-memory.dmp

Filesize
3.9MB

Download
memory/1580-158-0x00007FF78D640000-0x00007FF78DA31000-memory.dmp

Filesize
3.9MB

Download
memory/1580-2246-0x00007FF78D640000-0x00007FF78DA31000-memory.dmp

Filesize
3.9MB

Download
memory/1620-2115-0x00007FF625BB0000-0x00007FF625FA1000-memory.dmp

Filesize
3.9MB

Download
memory/1620-39-0x00007FF625BB0000-0x00007FF625FA1000-memory.dmp

Filesize
3.9MB

Download
memory/1620-97-0x00007FF625BB0000-0x00007FF625FA1000-memory.dmp

Filesize
3.9MB

Download
memory/1624-93-0x00007FF6F7EC0000-0x00007FF6F82B1000-memory.dmp

Filesize
3.9MB

Download
memory/1624-2158-0x00007FF6F7EC0000-0x00007FF6F82B1000-memory.dmp

Filesize
3.9MB

Download
memory/1624-987-0x00007FF6F7EC0000-0x00007FF6F82B1000-memory.dmp

Filesize
3.9MB

Download
memory/1628-2122-0x00007FF662DE0000-0x00007FF6631D1000-memory.dmp

Filesize
3.9MB

Download
memory/1628-48-0x00007FF662DE0000-0x00007FF6631D1000-memory.dmp

Filesize
3.9MB

Download
memory/1628-108-0x00007FF662DE0000-0x00007FF6631D1000-memory.dmp

Filesize
3.9MB

Download
memory/1724-65-0x00007FF60FA40000-0x00007FF60FE31000-memory.dmp

Filesize
3.9MB

Download
memory/1724-2166-0x00007FF60FA40000-0x00007FF60FE31000-memory.dmp

Filesize
3.9MB

Download
memory/1724-134-0x00007FF60FA40000-0x00007FF60FE31000-memory.dmp

Filesize
3.9MB

Download
memory/2352-83-0x00007FF7571A0000-0x00007FF757591000-memory.dmp

Filesize
3.9MB

Download
memory/2352-1-0x0000020950BB0000-0x0000020950BC0000-memory.dmp

Filesize
64KB

Download
memory/2352-0-0x00007FF7571A0000-0x00007FF757591000-memory.dmp

Filesize
3.9MB

Download
memory/2380-99-0x00007FF789860000-0x00007FF789C51000-memory.dmp

Filesize
3.9MB

Download
memory/2380-2172-0x00007FF789860000-0x00007FF789C51000-memory.dmp

Filesize
3.9MB

Download
memory/2380-1099-0x00007FF789860000-0x00007FF789C51000-memory.dmp

Filesize
3.9MB

Download
memory/2428-109-0x00007FF7B32A0000-0x00007FF7B3691000-memory.dmp

Filesize
3.9MB

Download
memory/2428-2170-0x00007FF7B32A0000-0x00007FF7B3691000-memory.dmp

Filesize
3.9MB

Download
memory/2428-1216-0x00007FF7B32A0000-0x00007FF7B3691000-memory.dmp

Filesize
3.9MB

Download
memory/2460-113-0x00007FF6164F0000-0x00007FF6168E1000-memory.dmp

Filesize
3.9MB

Download
memory/2460-51-0x00007FF6164F0000-0x00007FF6168E1000-memory.dmp

Filesize
3.9MB

Download
memory/2460-2124-0x00007FF6164F0000-0x00007FF6168E1000-memory.dmp

Filesize
3.9MB

Download
memory/3004-2162-0x00007FF6758E0000-0x00007FF675CD1000-memory.dmp

Filesize
3.9MB

Download
memory/3004-59-0x00007FF6758E0000-0x00007FF675CD1000-memory.dmp

Filesize
3.9MB

Download
memory/3004-126-0x00007FF6758E0000-0x00007FF675CD1000-memory.dmp

Filesize
3.9MB

Download
memory/3036-144-0x00007FF715780000-0x00007FF715B71000-memory.dmp

Filesize
3.9MB

Download
memory/3036-2181-0x00007FF715780000-0x00007FF715B71000-memory.dmp

Filesize
3.9MB

Download
memory/3036-1769-0x00007FF715780000-0x00007FF715B71000-memory.dmp

Filesize
3.9MB

Download
memory/3472-155-0x00007FF7E3E10000-0x00007FF7E4201000-memory.dmp

Filesize
3.9MB

Download
memory/3472-86-0x00007FF7E3E10000-0x00007FF7E4201000-memory.dmp

Filesize
3.9MB

Download
memory/3472-2177-0x00007FF7E3E10000-0x00007FF7E4201000-memory.dmp

Filesize
3.9MB

Download
memory/3576-13-0x00007FF6DBE10000-0x00007FF6DC201000-memory.dmp

Filesize
3.9MB

Download
memory/3576-2112-0x00007FF6DBE10000-0x00007FF6DC201000-memory.dmp

Filesize
3.9MB

Download
memory/3576-90-0x00007FF6DBE10000-0x00007FF6DC201000-memory.dmp

Filesize
3.9MB

Download
memory/3624-2120-0x00007FF722CA0000-0x00007FF723091000-memory.dmp

Filesize
3.9MB

Download
memory/3624-104-0x00007FF722CA0000-0x00007FF723091000-memory.dmp

Filesize
3.9MB

Download
memory/3624-42-0x00007FF722CA0000-0x00007FF723091000-memory.dmp

Filesize
3.9MB

Download
memory/3656-2188-0x00007FF7F2350000-0x00007FF7F2741000-memory.dmp

Filesize
3.9MB

Download
memory/3656-1863-0x00007FF7F2350000-0x00007FF7F2741000-memory.dmp

Filesize
3.9MB

Download
memory/3656-151-0x00007FF7F2350000-0x00007FF7F2741000-memory.dmp

Filesize
3.9MB

Download
memory/3920-2110-0x00007FF695DB0000-0x00007FF6961A1000-memory.dmp

Filesize
3.9MB

Download
memory/3920-16-0x00007FF695DB0000-0x00007FF6961A1000-memory.dmp

Filesize
3.9MB

Download
memory/3980-71-0x00007FF61C000000-0x00007FF61C3F1000-memory.dmp

Filesize
3.9MB

Download
memory/3980-2155-0x00007FF61C000000-0x00007FF61C3F1000-memory.dmp

Filesize
3.9MB

Download
memory/3980-141-0x00007FF61C000000-0x00007FF61C3F1000-memory.dmp

Filesize
3.9MB

Download
memory/3988-1670-0x00007FF730870000-0x00007FF730C61000-memory.dmp

Filesize
3.9MB

Download
memory/3988-2164-0x00007FF730870000-0x00007FF730C61000-memory.dmp

Filesize
3.9MB

Download
memory/3988-137-0x00007FF730870000-0x00007FF730C61000-memory.dmp

Filesize
3.9MB

Download
memory/4220-2118-0x00007FF77E540000-0x00007FF77E931000-memory.dmp

Filesize
3.9MB

Download
memory/4220-29-0x00007FF77E540000-0x00007FF77E931000-memory.dmp

Filesize
3.9MB

Download
memory/4220-103-0x00007FF77E540000-0x00007FF77E931000-memory.dmp

Filesize
3.9MB

Download
memory/4456-2175-0x00007FF7A6E20000-0x00007FF7A7211000-memory.dmp

Filesize
3.9MB

Download
memory/4456-1460-0x00007FF7A6E20000-0x00007FF7A7211000-memory.dmp

Filesize
3.9MB

Download
memory/4456-122-0x00007FF7A6E20000-0x00007FF7A7211000-memory.dmp

Filesize
3.9MB

Download
memory/4584-2174-0x00007FF7C0E50000-0x00007FF7C1241000-memory.dmp

Filesize
3.9MB

Download
memory/4584-1340-0x00007FF7C0E50000-0x00007FF7C1241000-memory.dmp

Filesize
3.9MB

Download
memory/4584-114-0x00007FF7C0E50000-0x00007FF7C1241000-memory.dmp

Filesize
3.9MB

Download
memory/4592-2116-0x00007FF7F57D0000-0x00007FF7F5BC1000-memory.dmp

Filesize
3.9MB

Download
memory/4592-43-0x00007FF7F57D0000-0x00007FF7F5BC1000-memory.dmp

Filesize
3.9MB

Download
memory/4980-2159-0x00007FF7C84E0000-0x00007FF7C88D1000-memory.dmp

Filesize
3.9MB

Download
memory/4980-1546-0x00007FF7C84E0000-0x00007FF7C88D1000-memory.dmp

Filesize
3.9MB

Download
memory/4980-130-0x00007FF7C84E0000-0x00007FF7C88D1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads