xmrig | 271665f192c4ea996cba44fef20806accb4fb02954c85128e362a5ab39f512af

Analysis

max time kernel
103s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe1f9ce6c70a5970969b6a3874d7ff70N.exe
Size

1.4MB
MD5

fe1f9ce6c70a5970969b6a3874d7ff70
SHA1

d41dd46e43d6094bcf91ab117b2e75dbc3af538e
SHA256

271665f192c4ea996cba44fef20806accb4fb02954c85128e362a5ab39f512af
SHA512

f1d7f53d9b879d29d873bd122cace16ddc7e01ed6ee9d1c95c12e1933435d0a45d2a4686489858bb86ac2b09727f6742ac4d915ac9169060b9f47879dc05d79f
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/8lkKJhlsr3Pznq82FD/v8F6V:knw9oUUEEDl37jcmWH8SKJhSnq8u3TV

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/1376-65-0x00007FF75D410000-0x00007FF75D801000-memory.dmp	xmrig
behavioral2/memory/216-68-0x00007FF7D4E70000-0x00007FF7D5261000-memory.dmp	xmrig
behavioral2/memory/632-72-0x00007FF794AF0000-0x00007FF794EE1000-memory.dmp	xmrig
behavioral2/memory/4552-410-0x00007FF605370000-0x00007FF605761000-memory.dmp	xmrig
behavioral2/memory/4412-411-0x00007FF789CA0000-0x00007FF78A091000-memory.dmp	xmrig
behavioral2/memory/3764-412-0x00007FF7B6B00000-0x00007FF7B6EF1000-memory.dmp	xmrig
behavioral2/memory/1960-413-0x00007FF71F660000-0x00007FF71FA51000-memory.dmp	xmrig
behavioral2/memory/804-73-0x00007FF6D9E40000-0x00007FF6DA231000-memory.dmp	xmrig
behavioral2/memory/2832-62-0x00007FF6BEEE0000-0x00007FF6BF2D1000-memory.dmp	xmrig
behavioral2/memory/940-58-0x00007FF60FF90000-0x00007FF610381000-memory.dmp	xmrig
behavioral2/memory/1984-414-0x00007FF71AA10000-0x00007FF71AE01000-memory.dmp	xmrig
behavioral2/memory/3128-415-0x00007FF7CB9E0000-0x00007FF7CBDD1000-memory.dmp	xmrig
behavioral2/memory/3136-416-0x00007FF785140000-0x00007FF785531000-memory.dmp	xmrig
behavioral2/memory/3352-418-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp	xmrig
behavioral2/memory/2944-420-0x00007FF702B20000-0x00007FF702F11000-memory.dmp	xmrig
behavioral2/memory/2312-419-0x00007FF6F1090000-0x00007FF6F1481000-memory.dmp	xmrig
behavioral2/memory/1340-421-0x00007FF72D880000-0x00007FF72DC71000-memory.dmp	xmrig
behavioral2/memory/2064-422-0x00007FF690510000-0x00007FF690901000-memory.dmp	xmrig
behavioral2/memory/3132-417-0x00007FF622CE0000-0x00007FF6230D1000-memory.dmp	xmrig
behavioral2/memory/4824-903-0x00007FF74D6B0000-0x00007FF74DAA1000-memory.dmp	xmrig
behavioral2/memory/4324-1067-0x00007FF79AEC0000-0x00007FF79B2B1000-memory.dmp	xmrig
behavioral2/memory/1928-1206-0x00007FF70C5A0000-0x00007FF70C991000-memory.dmp	xmrig
behavioral2/memory/1600-1203-0x00007FF737C00000-0x00007FF737FF1000-memory.dmp	xmrig
behavioral2/memory/4836-1320-0x00007FF78BD00000-0x00007FF78C0F1000-memory.dmp	xmrig
behavioral2/memory/1048-1323-0x00007FF6C8170000-0x00007FF6C8561000-memory.dmp	xmrig
behavioral2/memory/4552-1467-0x00007FF605370000-0x00007FF605761000-memory.dmp	xmrig
behavioral2/memory/4324-2160-0x00007FF79AEC0000-0x00007FF79B2B1000-memory.dmp	xmrig
behavioral2/memory/1600-2162-0x00007FF737C00000-0x00007FF737FF1000-memory.dmp	xmrig
behavioral2/memory/1048-2168-0x00007FF6C8170000-0x00007FF6C8561000-memory.dmp	xmrig
behavioral2/memory/216-2176-0x00007FF7D4E70000-0x00007FF7D5261000-memory.dmp	xmrig
behavioral2/memory/1376-2178-0x00007FF75D410000-0x00007FF75D801000-memory.dmp	xmrig
behavioral2/memory/1960-2188-0x00007FF71F660000-0x00007FF71FA51000-memory.dmp	xmrig
behavioral2/memory/3128-2194-0x00007FF7CB9E0000-0x00007FF7CBDD1000-memory.dmp	xmrig
behavioral2/memory/3132-2200-0x00007FF622CE0000-0x00007FF6230D1000-memory.dmp	xmrig
behavioral2/memory/2944-2232-0x00007FF702B20000-0x00007FF702F11000-memory.dmp	xmrig
behavioral2/memory/3352-2230-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp	xmrig
behavioral2/memory/3136-2196-0x00007FF785140000-0x00007FF785531000-memory.dmp	xmrig
behavioral2/memory/1984-2192-0x00007FF71AA10000-0x00007FF71AE01000-memory.dmp	xmrig
behavioral2/memory/3764-2190-0x00007FF7B6B00000-0x00007FF7B6EF1000-memory.dmp	xmrig
behavioral2/memory/2064-2184-0x00007FF690510000-0x00007FF690901000-memory.dmp	xmrig
behavioral2/memory/4552-2186-0x00007FF605370000-0x00007FF605761000-memory.dmp	xmrig
behavioral2/memory/804-2180-0x00007FF6D9E40000-0x00007FF6DA231000-memory.dmp	xmrig
behavioral2/memory/4412-2182-0x00007FF789CA0000-0x00007FF78A091000-memory.dmp	xmrig
behavioral2/memory/632-2172-0x00007FF794AF0000-0x00007FF794EE1000-memory.dmp	xmrig
behavioral2/memory/2832-2174-0x00007FF6BEEE0000-0x00007FF6BF2D1000-memory.dmp	xmrig
behavioral2/memory/940-2170-0x00007FF60FF90000-0x00007FF610381000-memory.dmp	xmrig
behavioral2/memory/4836-2166-0x00007FF78BD00000-0x00007FF78C0F1000-memory.dmp	xmrig
behavioral2/memory/1928-2164-0x00007FF70C5A0000-0x00007FF70C991000-memory.dmp	xmrig
behavioral2/memory/1340-2235-0x00007FF72D880000-0x00007FF72DC71000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4324	CDICShP.exe
1600	PiUPqfC.exe
4836	CbdhGll.exe
1928	tzZOgmw.exe
1048	EVCUxLZ.exe
632	tWtsrDP.exe
940	tkSZUep.exe
2832	MJQfPok.exe
1376	wohRJMd.exe
804	CnqSMpY.exe
216	JYVoExF.exe
4552	ChUTVGx.exe
2064	MTvhZfC.exe
4412	FkirhFS.exe
3764	JBSKtFY.exe
1960	epBaoNQ.exe
1984	UVUGLzc.exe
3128	KFOEXYo.exe
3136	baTYvAT.exe
3132	hCygaxT.exe
3352	cJQIFgs.exe
2312	wnxSYpC.exe
2944	phKxlWX.exe
1340	BWOcQYf.exe
3312	jAWpPMa.exe
4508	tNAniHY.exe
4464	rlvTlnz.exe
3140	FKwlnvV.exe
2328	vWCFzkR.exe
2524	uaxSzCj.exe
2848	HfSCUCx.exe
3924	QIhIAYH.exe
1196	bfBHPkT.exe
1244	iXjQFzo.exe
3804	drZZEYC.exe
412	lRmHwzP.exe
1616	PbZAjvi.exe
440	jqgQBWO.exe
1848	CblxwrJ.exe
3704	fjWRhAn.exe
4676	VgLVpRR.exe
1608	cLhGvYB.exe
2704	tpRTFOs.exe
1484	YKxVaEw.exe
4480	QBvKWIq.exe
1576	tMXxxPf.exe
3068	omATSqy.exe
2096	DSUBYIP.exe
4056	QTTteFZ.exe
2528	KZDzmQU.exe
4364	IuSyDlA.exe
2760	NnKhxPd.exe
4668	uOjAYEt.exe
1208	OOPsMkf.exe
4524	nyCsxrc.exe
4236	eoOkihU.exe
3580	UcWdNgh.exe
2604	VGibmlb.exe
4828	xwOuDvW.exe
1472	rUbDCbX.exe
1964	sXswbFn.exe
3328	ssqbiLd.exe
4012	lFaerfy.exe
3152	osXrWjh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4824-0-0x00007FF74D6B0000-0x00007FF74DAA1000-memory.dmp	upx
behavioral2/files/0x0009000000023489-4.dat	upx
behavioral2/files/0x0007000000023491-11.dat	upx
behavioral2/memory/4324-7-0x00007FF79AEC0000-0x00007FF79B2B1000-memory.dmp	upx
behavioral2/files/0x0007000000023490-10.dat	upx
behavioral2/memory/1928-30-0x00007FF70C5A0000-0x00007FF70C991000-memory.dmp	upx
behavioral2/files/0x0007000000023497-38.dat	upx
behavioral2/files/0x0007000000023492-40.dat	upx
behavioral2/files/0x0007000000023495-44.dat	upx
behavioral2/memory/1376-65-0x00007FF75D410000-0x00007FF75D801000-memory.dmp	upx
behavioral2/memory/216-68-0x00007FF7D4E70000-0x00007FF7D5261000-memory.dmp	upx
behavioral2/memory/632-72-0x00007FF794AF0000-0x00007FF794EE1000-memory.dmp	upx
behavioral2/files/0x000700000002349c-85.dat	upx
behavioral2/files/0x000700000002349f-100.dat	upx
behavioral2/files/0x00070000000234a3-114.dat	upx
behavioral2/files/0x00070000000234ab-160.dat	upx
behavioral2/memory/4552-410-0x00007FF605370000-0x00007FF605761000-memory.dmp	upx
behavioral2/memory/4412-411-0x00007FF789CA0000-0x00007FF78A091000-memory.dmp	upx
behavioral2/memory/3764-412-0x00007FF7B6B00000-0x00007FF7B6EF1000-memory.dmp	upx
behavioral2/memory/1960-413-0x00007FF71F660000-0x00007FF71FA51000-memory.dmp	upx
behavioral2/files/0x00070000000234af-173.dat	upx
behavioral2/files/0x00070000000234ad-170.dat	upx
behavioral2/files/0x00070000000234ae-168.dat	upx
behavioral2/files/0x00070000000234ac-165.dat	upx
behavioral2/files/0x00070000000234aa-155.dat	upx
behavioral2/files/0x00070000000234a9-150.dat	upx
behavioral2/files/0x00070000000234a8-145.dat	upx
behavioral2/files/0x00070000000234a7-137.dat	upx
behavioral2/files/0x00070000000234a6-132.dat	upx
behavioral2/files/0x00070000000234a5-130.dat	upx
behavioral2/files/0x00070000000234a4-125.dat	upx
behavioral2/files/0x00070000000234a2-112.dat	upx
behavioral2/files/0x00070000000234a1-107.dat	upx
behavioral2/files/0x00070000000234a0-105.dat	upx
behavioral2/files/0x000700000002349e-95.dat	upx
behavioral2/files/0x000700000002349d-90.dat	upx
behavioral2/files/0x000700000002349b-77.dat	upx
behavioral2/memory/804-73-0x00007FF6D9E40000-0x00007FF6DA231000-memory.dmp	upx
behavioral2/files/0x000700000002349a-69.dat	upx
behavioral2/files/0x0007000000023498-66.dat	upx
behavioral2/memory/2832-62-0x00007FF6BEEE0000-0x00007FF6BF2D1000-memory.dmp	upx
behavioral2/files/0x0007000000023499-60.dat	upx
behavioral2/memory/940-58-0x00007FF60FF90000-0x00007FF610381000-memory.dmp	upx
behavioral2/files/0x0007000000023496-47.dat	upx
behavioral2/memory/1048-45-0x00007FF6C8170000-0x00007FF6C8561000-memory.dmp	upx
behavioral2/files/0x0007000000023493-42.dat	upx
behavioral2/files/0x0007000000023494-51.dat	upx
behavioral2/memory/4836-23-0x00007FF78BD00000-0x00007FF78C0F1000-memory.dmp	upx
behavioral2/memory/1600-15-0x00007FF737C00000-0x00007FF737FF1000-memory.dmp	upx
behavioral2/memory/1984-414-0x00007FF71AA10000-0x00007FF71AE01000-memory.dmp	upx
behavioral2/memory/3128-415-0x00007FF7CB9E0000-0x00007FF7CBDD1000-memory.dmp	upx
behavioral2/memory/3136-416-0x00007FF785140000-0x00007FF785531000-memory.dmp	upx
behavioral2/memory/3352-418-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp	upx
behavioral2/memory/2944-420-0x00007FF702B20000-0x00007FF702F11000-memory.dmp	upx
behavioral2/memory/2312-419-0x00007FF6F1090000-0x00007FF6F1481000-memory.dmp	upx
behavioral2/memory/1340-421-0x00007FF72D880000-0x00007FF72DC71000-memory.dmp	upx
behavioral2/memory/2064-422-0x00007FF690510000-0x00007FF690901000-memory.dmp	upx
behavioral2/memory/3132-417-0x00007FF622CE0000-0x00007FF6230D1000-memory.dmp	upx
behavioral2/memory/4824-903-0x00007FF74D6B0000-0x00007FF74DAA1000-memory.dmp	upx
behavioral2/memory/4324-1067-0x00007FF79AEC0000-0x00007FF79B2B1000-memory.dmp	upx
behavioral2/memory/1928-1206-0x00007FF70C5A0000-0x00007FF70C991000-memory.dmp	upx
behavioral2/memory/1600-1203-0x00007FF737C00000-0x00007FF737FF1000-memory.dmp	upx
behavioral2/memory/4836-1320-0x00007FF78BD00000-0x00007FF78C0F1000-memory.dmp	upx
behavioral2/memory/1048-1323-0x00007FF6C8170000-0x00007FF6C8561000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\dEXTsig.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\KLkoOyL.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\pnzEkAe.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\VnIQBNx.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\kgOhpod.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\WyJcvLz.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\YNAcELj.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\LkoMoCO.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\KMhrzif.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\vmFSJBI.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\UaRMPXr.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\EvaFVBf.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\eaxFjrB.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\kOUXjMg.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\PLnPGtp.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\pEvMmRA.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\dsZbjAP.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\IIrCCBy.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\TNtBTZu.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\rLKKdbh.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\FYArjnJ.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\aVERrJh.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\XtKvZfw.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\qPaZQUI.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\xNKfHIr.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\EiNwibg.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\sKdWNlu.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\zvMZYxZ.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\gnvcTOB.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\APnBsMf.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\npddfYv.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\QoCtItc.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\VLmogMN.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\GowGWnQ.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\QmKtJev.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\VtPoGoV.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\PfTwIVY.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\OTmAmcH.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\RiZKFug.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\jqJQoJX.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\kphhoOk.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\TGpsbVD.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\RknNHKX.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\eAGbmTi.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\fyAhSxg.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\ikoVSxv.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\HODiJZx.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\qLnhsiM.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\ghLSaOw.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\OMeXZtv.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\ZnJStnA.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\ZgVyywu.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\EXlzVfM.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\fajXLrS.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\rUbDCbX.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\PLleSmA.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\aaTOkeE.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\ImKHCDo.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\UGHQxJK.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\uCtJMBq.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\tEjFmMQ.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\qlqDBrJ.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\XGMbMvj.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe
File created	C:\Windows\System32\bFqsdmp.exe	fe1f9ce6c70a5970969b6a3874d7ff70N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14196	dwm.exe
Token: SeChangeNotifyPrivilege	14196	dwm.exe
Token: 33	14196	dwm.exe
Token: SeIncBasePriorityPrivilege	14196	dwm.exe
Token: SeShutdownPrivilege	14196	dwm.exe
Token: SeCreatePagefilePrivilege	14196	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 4324	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	85
PID 4824 wrote to memory of 4324	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	85
PID 4824 wrote to memory of 1600	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	86
PID 4824 wrote to memory of 1600	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	86
PID 4824 wrote to memory of 4836	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	87
PID 4824 wrote to memory of 4836	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	87
PID 4824 wrote to memory of 1928	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	88
PID 4824 wrote to memory of 1928	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	88
PID 4824 wrote to memory of 1048	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	89
PID 4824 wrote to memory of 1048	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	89
PID 4824 wrote to memory of 632	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	90
PID 4824 wrote to memory of 632	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	90
PID 4824 wrote to memory of 940	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	91
PID 4824 wrote to memory of 940	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	91
PID 4824 wrote to memory of 2832	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	92
PID 4824 wrote to memory of 2832	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	92
PID 4824 wrote to memory of 1376	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	93
PID 4824 wrote to memory of 1376	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	93
PID 4824 wrote to memory of 804	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	94
PID 4824 wrote to memory of 804	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	94
PID 4824 wrote to memory of 216	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	95
PID 4824 wrote to memory of 216	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	95
PID 4824 wrote to memory of 4552	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	96
PID 4824 wrote to memory of 4552	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	96
PID 4824 wrote to memory of 2064	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	97
PID 4824 wrote to memory of 2064	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	97
PID 4824 wrote to memory of 4412	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	98
PID 4824 wrote to memory of 4412	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	98
PID 4824 wrote to memory of 3764	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	99
PID 4824 wrote to memory of 3764	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	99
PID 4824 wrote to memory of 1960	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	100
PID 4824 wrote to memory of 1960	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	100
PID 4824 wrote to memory of 1984	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	101
PID 4824 wrote to memory of 1984	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	101
PID 4824 wrote to memory of 3128	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	102
PID 4824 wrote to memory of 3128	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	102
PID 4824 wrote to memory of 3136	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	103
PID 4824 wrote to memory of 3136	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	103
PID 4824 wrote to memory of 3132	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	104
PID 4824 wrote to memory of 3132	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	104
PID 4824 wrote to memory of 3352	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	105
PID 4824 wrote to memory of 3352	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	105
PID 4824 wrote to memory of 2312	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	106
PID 4824 wrote to memory of 2312	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	106
PID 4824 wrote to memory of 2944	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	107
PID 4824 wrote to memory of 2944	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	107
PID 4824 wrote to memory of 1340	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	108
PID 4824 wrote to memory of 1340	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	108
PID 4824 wrote to memory of 3312	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	109
PID 4824 wrote to memory of 3312	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	109
PID 4824 wrote to memory of 4508	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	110
PID 4824 wrote to memory of 4508	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	110
PID 4824 wrote to memory of 4464	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	111
PID 4824 wrote to memory of 4464	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	111
PID 4824 wrote to memory of 3140	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	112
PID 4824 wrote to memory of 3140	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	112
PID 4824 wrote to memory of 2328	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	113
PID 4824 wrote to memory of 2328	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	113
PID 4824 wrote to memory of 2524	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	114
PID 4824 wrote to memory of 2524	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	114
PID 4824 wrote to memory of 2848	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	115
PID 4824 wrote to memory of 2848	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	115
PID 4824 wrote to memory of 3924	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	116
PID 4824 wrote to memory of 3924	4824	fe1f9ce6c70a5970969b6a3874d7ff70N.exe	116

C:\Users\Admin\AppData\Local\Temp\fe1f9ce6c70a5970969b6a3874d7ff70N.exe
"C:\Users\Admin\AppData\Local\Temp\fe1f9ce6c70a5970969b6a3874d7ff70N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\System32\CDICShP.exe
  C:\Windows\System32\CDICShP.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System32\PiUPqfC.exe
  C:\Windows\System32\PiUPqfC.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System32\CbdhGll.exe
  C:\Windows\System32\CbdhGll.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System32\tzZOgmw.exe
  C:\Windows\System32\tzZOgmw.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System32\EVCUxLZ.exe
  C:\Windows\System32\EVCUxLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System32\tWtsrDP.exe
  C:\Windows\System32\tWtsrDP.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System32\tkSZUep.exe
  C:\Windows\System32\tkSZUep.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System32\MJQfPok.exe
  C:\Windows\System32\MJQfPok.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System32\wohRJMd.exe
  C:\Windows\System32\wohRJMd.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System32\CnqSMpY.exe
  C:\Windows\System32\CnqSMpY.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System32\JYVoExF.exe
  C:\Windows\System32\JYVoExF.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System32\ChUTVGx.exe
  C:\Windows\System32\ChUTVGx.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System32\MTvhZfC.exe
  C:\Windows\System32\MTvhZfC.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System32\FkirhFS.exe
  C:\Windows\System32\FkirhFS.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System32\JBSKtFY.exe
  C:\Windows\System32\JBSKtFY.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System32\epBaoNQ.exe
  C:\Windows\System32\epBaoNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System32\UVUGLzc.exe
  C:\Windows\System32\UVUGLzc.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System32\KFOEXYo.exe
  C:\Windows\System32\KFOEXYo.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System32\baTYvAT.exe
  C:\Windows\System32\baTYvAT.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System32\hCygaxT.exe
  C:\Windows\System32\hCygaxT.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System32\cJQIFgs.exe
  C:\Windows\System32\cJQIFgs.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System32\wnxSYpC.exe
  C:\Windows\System32\wnxSYpC.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System32\phKxlWX.exe
  C:\Windows\System32\phKxlWX.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System32\BWOcQYf.exe
  C:\Windows\System32\BWOcQYf.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System32\jAWpPMa.exe
  C:\Windows\System32\jAWpPMa.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System32\tNAniHY.exe
  C:\Windows\System32\tNAniHY.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System32\rlvTlnz.exe
  C:\Windows\System32\rlvTlnz.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System32\FKwlnvV.exe
  C:\Windows\System32\FKwlnvV.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System32\vWCFzkR.exe
  C:\Windows\System32\vWCFzkR.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System32\uaxSzCj.exe
  C:\Windows\System32\uaxSzCj.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System32\HfSCUCx.exe
  C:\Windows\System32\HfSCUCx.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System32\QIhIAYH.exe
  C:\Windows\System32\QIhIAYH.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System32\bfBHPkT.exe
  C:\Windows\System32\bfBHPkT.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System32\iXjQFzo.exe
  C:\Windows\System32\iXjQFzo.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System32\drZZEYC.exe
  C:\Windows\System32\drZZEYC.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System32\lRmHwzP.exe
  C:\Windows\System32\lRmHwzP.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System32\PbZAjvi.exe
  C:\Windows\System32\PbZAjvi.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System32\jqgQBWO.exe
  C:\Windows\System32\jqgQBWO.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System32\CblxwrJ.exe
  C:\Windows\System32\CblxwrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System32\fjWRhAn.exe
  C:\Windows\System32\fjWRhAn.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System32\VgLVpRR.exe
  C:\Windows\System32\VgLVpRR.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System32\cLhGvYB.exe
  C:\Windows\System32\cLhGvYB.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System32\tpRTFOs.exe
  C:\Windows\System32\tpRTFOs.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System32\YKxVaEw.exe
  C:\Windows\System32\YKxVaEw.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System32\QBvKWIq.exe
  C:\Windows\System32\QBvKWIq.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System32\tMXxxPf.exe
  C:\Windows\System32\tMXxxPf.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System32\omATSqy.exe
  C:\Windows\System32\omATSqy.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System32\DSUBYIP.exe
  C:\Windows\System32\DSUBYIP.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System32\QTTteFZ.exe
  C:\Windows\System32\QTTteFZ.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System32\KZDzmQU.exe
  C:\Windows\System32\KZDzmQU.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System32\IuSyDlA.exe
  C:\Windows\System32\IuSyDlA.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System32\NnKhxPd.exe
  C:\Windows\System32\NnKhxPd.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System32\uOjAYEt.exe
  C:\Windows\System32\uOjAYEt.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System32\OOPsMkf.exe
  C:\Windows\System32\OOPsMkf.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System32\nyCsxrc.exe
  C:\Windows\System32\nyCsxrc.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System32\eoOkihU.exe
  C:\Windows\System32\eoOkihU.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System32\UcWdNgh.exe
  C:\Windows\System32\UcWdNgh.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System32\VGibmlb.exe
  C:\Windows\System32\VGibmlb.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System32\xwOuDvW.exe
  C:\Windows\System32\xwOuDvW.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System32\rUbDCbX.exe
  C:\Windows\System32\rUbDCbX.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System32\sXswbFn.exe
  C:\Windows\System32\sXswbFn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System32\ssqbiLd.exe
  C:\Windows\System32\ssqbiLd.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System32\lFaerfy.exe
  C:\Windows\System32\lFaerfy.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System32\osXrWjh.exe
  C:\Windows\System32\osXrWjh.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System32\rEzlADz.exe
  C:\Windows\System32\rEzlADz.exe
  2⤵
  PID:2960
- C:\Windows\System32\APnBsMf.exe
  C:\Windows\System32\APnBsMf.exe
  2⤵
  PID:4960
- C:\Windows\System32\cCSsoal.exe
  C:\Windows\System32\cCSsoal.exe
  2⤵
  PID:1720
- C:\Windows\System32\IIEiQQz.exe
  C:\Windows\System32\IIEiQQz.exe
  2⤵
  PID:1952
- C:\Windows\System32\VUUJEwH.exe
  C:\Windows\System32\VUUJEwH.exe
  2⤵
  PID:3648
- C:\Windows\System32\pwVZoxr.exe
  C:\Windows\System32\pwVZoxr.exe
  2⤵
  PID:3932
- C:\Windows\System32\xpYWDPS.exe
  C:\Windows\System32\xpYWDPS.exe
  2⤵
  PID:2268
- C:\Windows\System32\twLxSwy.exe
  C:\Windows\System32\twLxSwy.exe
  2⤵
  PID:3536
- C:\Windows\System32\bSmDaUv.exe
  C:\Windows\System32\bSmDaUv.exe
  2⤵
  PID:1620
- C:\Windows\System32\zuTKcCV.exe
  C:\Windows\System32\zuTKcCV.exe
  2⤵
  PID:2412
- C:\Windows\System32\ExdUmxc.exe
  C:\Windows\System32\ExdUmxc.exe
  2⤵
  PID:2972
- C:\Windows\System32\YzRemBQ.exe
  C:\Windows\System32\YzRemBQ.exe
  2⤵
  PID:3112
- C:\Windows\System32\YKQKreQ.exe
  C:\Windows\System32\YKQKreQ.exe
  2⤵
  PID:2556
- C:\Windows\System32\uOaSdAu.exe
  C:\Windows\System32\uOaSdAu.exe
  2⤵
  PID:4456
- C:\Windows\System32\EBscFZQ.exe
  C:\Windows\System32\EBscFZQ.exe
  2⤵
  PID:5004
- C:\Windows\System32\SEekLyA.exe
  C:\Windows\System32\SEekLyA.exe
  2⤵
  PID:2196
- C:\Windows\System32\SAlDvJq.exe
  C:\Windows\System32\SAlDvJq.exe
  2⤵
  PID:772
- C:\Windows\System32\kOUXjMg.exe
  C:\Windows\System32\kOUXjMg.exe
  2⤵
  PID:1212
- C:\Windows\System32\ILAexuA.exe
  C:\Windows\System32\ILAexuA.exe
  2⤵
  PID:4864
- C:\Windows\System32\DPUBdqz.exe
  C:\Windows\System32\DPUBdqz.exe
  2⤵
  PID:2152
- C:\Windows\System32\JkoFJIF.exe
  C:\Windows\System32\JkoFJIF.exe
  2⤵
  PID:1504
- C:\Windows\System32\FPvdnwc.exe
  C:\Windows\System32\FPvdnwc.exe
  2⤵
  PID:2508
- C:\Windows\System32\StcVGsr.exe
  C:\Windows\System32\StcVGsr.exe
  2⤵
  PID:3488
- C:\Windows\System32\XGMbMvj.exe
  C:\Windows\System32\XGMbMvj.exe
  2⤵
  PID:2476
- C:\Windows\System32\PhiGbur.exe
  C:\Windows\System32\PhiGbur.exe
  2⤵
  PID:2188
- C:\Windows\System32\QZNRBkI.exe
  C:\Windows\System32\QZNRBkI.exe
  2⤵
  PID:4972
- C:\Windows\System32\IIbpZHT.exe
  C:\Windows\System32\IIbpZHT.exe
  2⤵
  PID:5132
- C:\Windows\System32\BjZfOgs.exe
  C:\Windows\System32\BjZfOgs.exe
  2⤵
  PID:5168
- C:\Windows\System32\YlxciuJ.exe
  C:\Windows\System32\YlxciuJ.exe
  2⤵
  PID:5188
- C:\Windows\System32\YXINBqf.exe
  C:\Windows\System32\YXINBqf.exe
  2⤵
  PID:5216
- C:\Windows\System32\XtKvZfw.exe
  C:\Windows\System32\XtKvZfw.exe
  2⤵
  PID:5244
- C:\Windows\System32\kLCKYXo.exe
  C:\Windows\System32\kLCKYXo.exe
  2⤵
  PID:5272
- C:\Windows\System32\bOKABZN.exe
  C:\Windows\System32\bOKABZN.exe
  2⤵
  PID:5300
- C:\Windows\System32\LXsOgkl.exe
  C:\Windows\System32\LXsOgkl.exe
  2⤵
  PID:5328
- C:\Windows\System32\zJQHwpC.exe
  C:\Windows\System32\zJQHwpC.exe
  2⤵
  PID:5356
- C:\Windows\System32\HxaKNUV.exe
  C:\Windows\System32\HxaKNUV.exe
  2⤵
  PID:5384
- C:\Windows\System32\iDkKeeO.exe
  C:\Windows\System32\iDkKeeO.exe
  2⤵
  PID:5412
- C:\Windows\System32\XKavgbw.exe
  C:\Windows\System32\XKavgbw.exe
  2⤵
  PID:5440
- C:\Windows\System32\LsLXVZL.exe
  C:\Windows\System32\LsLXVZL.exe
  2⤵
  PID:5476
- C:\Windows\System32\lWMblkE.exe
  C:\Windows\System32\lWMblkE.exe
  2⤵
  PID:5496
- C:\Windows\System32\xGMrFTs.exe
  C:\Windows\System32\xGMrFTs.exe
  2⤵
  PID:5524
- C:\Windows\System32\CKLkCjL.exe
  C:\Windows\System32\CKLkCjL.exe
  2⤵
  PID:5552
- C:\Windows\System32\ajFliUG.exe
  C:\Windows\System32\ajFliUG.exe
  2⤵
  PID:5580
- C:\Windows\System32\bDeIJlQ.exe
  C:\Windows\System32\bDeIJlQ.exe
  2⤵
  PID:5604
- C:\Windows\System32\pPPnhvn.exe
  C:\Windows\System32\pPPnhvn.exe
  2⤵
  PID:5632
- C:\Windows\System32\LuvlvHk.exe
  C:\Windows\System32\LuvlvHk.exe
  2⤵
  PID:5664
- C:\Windows\System32\eUIEfue.exe
  C:\Windows\System32\eUIEfue.exe
  2⤵
  PID:5692
- C:\Windows\System32\WyJcvLz.exe
  C:\Windows\System32\WyJcvLz.exe
  2⤵
  PID:5824
- C:\Windows\System32\OkCBSTD.exe
  C:\Windows\System32\OkCBSTD.exe
  2⤵
  PID:5868
- C:\Windows\System32\YhnyvQh.exe
  C:\Windows\System32\YhnyvQh.exe
  2⤵
  PID:5892
- C:\Windows\System32\iLNHqbo.exe
  C:\Windows\System32\iLNHqbo.exe
  2⤵
  PID:5924
- C:\Windows\System32\PaSEcqc.exe
  C:\Windows\System32\PaSEcqc.exe
  2⤵
  PID:5948
- C:\Windows\System32\txMzQaH.exe
  C:\Windows\System32\txMzQaH.exe
  2⤵
  PID:5968
- C:\Windows\System32\mYaiHhM.exe
  C:\Windows\System32\mYaiHhM.exe
  2⤵
  PID:5992
- C:\Windows\System32\qLnhsiM.exe
  C:\Windows\System32\qLnhsiM.exe
  2⤵
  PID:6036
- C:\Windows\System32\tLbOXsA.exe
  C:\Windows\System32\tLbOXsA.exe
  2⤵
  PID:6060
- C:\Windows\System32\ZpOLLHL.exe
  C:\Windows\System32\ZpOLLHL.exe
  2⤵
  PID:6076
- C:\Windows\System32\yfAPXzJ.exe
  C:\Windows\System32\yfAPXzJ.exe
  2⤵
  PID:6092
- C:\Windows\System32\MUmCSBf.exe
  C:\Windows\System32\MUmCSBf.exe
  2⤵
  PID:6116
- C:\Windows\System32\goQZIWG.exe
  C:\Windows\System32\goQZIWG.exe
  2⤵
  PID:6132
- C:\Windows\System32\OqGyYDr.exe
  C:\Windows\System32\OqGyYDr.exe
  2⤵
  PID:208
- C:\Windows\System32\bJNeTMa.exe
  C:\Windows\System32\bJNeTMa.exe
  2⤵
  PID:1760
- C:\Windows\System32\odklELc.exe
  C:\Windows\System32\odklELc.exe
  2⤵
  PID:516
- C:\Windows\System32\LoqftwI.exe
  C:\Windows\System32\LoqftwI.exe
  2⤵
  PID:5128
- C:\Windows\System32\bledPTJ.exe
  C:\Windows\System32\bledPTJ.exe
  2⤵
  PID:5164
- C:\Windows\System32\aiLDlSN.exe
  C:\Windows\System32\aiLDlSN.exe
  2⤵
  PID:5196
- C:\Windows\System32\uokClTE.exe
  C:\Windows\System32\uokClTE.exe
  2⤵
  PID:5264
- C:\Windows\System32\CuWjiYJ.exe
  C:\Windows\System32\CuWjiYJ.exe
  2⤵
  PID:5308
- C:\Windows\System32\aVERrJh.exe
  C:\Windows\System32\aVERrJh.exe
  2⤵
  PID:5404
- C:\Windows\System32\gGYnXFg.exe
  C:\Windows\System32\gGYnXFg.exe
  2⤵
  PID:5424
- C:\Windows\System32\TLWdSGE.exe
  C:\Windows\System32\TLWdSGE.exe
  2⤵
  PID:5484
- C:\Windows\System32\PysjjAX.exe
  C:\Windows\System32\PysjjAX.exe
  2⤵
  PID:5516
- C:\Windows\System32\jwXSAWP.exe
  C:\Windows\System32\jwXSAWP.exe
  2⤵
  PID:5588
- C:\Windows\System32\PLleSmA.exe
  C:\Windows\System32\PLleSmA.exe
  2⤵
  PID:4340
- C:\Windows\System32\rcDcyJU.exe
  C:\Windows\System32\rcDcyJU.exe
  2⤵
  PID:4724
- C:\Windows\System32\NYnyMPM.exe
  C:\Windows\System32\NYnyMPM.exe
  2⤵
  PID:1940
- C:\Windows\System32\ZTLjTyw.exe
  C:\Windows\System32\ZTLjTyw.exe
  2⤵
  PID:2520
- C:\Windows\System32\BsmOqyI.exe
  C:\Windows\System32\BsmOqyI.exe
  2⤵
  PID:2968
- C:\Windows\System32\lSKLeIa.exe
  C:\Windows\System32\lSKLeIa.exe
  2⤵
  PID:4964
- C:\Windows\System32\LtcNtzy.exe
  C:\Windows\System32\LtcNtzy.exe
  2⤵
  PID:5764
- C:\Windows\System32\vMquLGq.exe
  C:\Windows\System32\vMquLGq.exe
  2⤵
  PID:336
- C:\Windows\System32\HODiJZx.exe
  C:\Windows\System32\HODiJZx.exe
  2⤵
  PID:2588
- C:\Windows\System32\xrWWWUk.exe
  C:\Windows\System32\xrWWWUk.exe
  2⤵
  PID:5012
- C:\Windows\System32\AgOfGJk.exe
  C:\Windows\System32\AgOfGJk.exe
  2⤵
  PID:3808
- C:\Windows\System32\uoulYnB.exe
  C:\Windows\System32\uoulYnB.exe
  2⤵
  PID:5856
- C:\Windows\System32\tLUCyZk.exe
  C:\Windows\System32\tLUCyZk.exe
  2⤵
  PID:5884
- C:\Windows\System32\aCpXztM.exe
  C:\Windows\System32\aCpXztM.exe
  2⤵
  PID:5912
- C:\Windows\System32\qwrVfGv.exe
  C:\Windows\System32\qwrVfGv.exe
  2⤵
  PID:6140
- C:\Windows\System32\KKtEDqO.exe
  C:\Windows\System32\KKtEDqO.exe
  2⤵
  PID:3736
- C:\Windows\System32\Tonnagj.exe
  C:\Windows\System32\Tonnagj.exe
  2⤵
  PID:5800
- C:\Windows\System32\ZkgzIOO.exe
  C:\Windows\System32\ZkgzIOO.exe
  2⤵
  PID:5256
- C:\Windows\System32\rvBGrvI.exe
  C:\Windows\System32\rvBGrvI.exe
  2⤵
  PID:5816
- C:\Windows\System32\qPaZQUI.exe
  C:\Windows\System32\qPaZQUI.exe
  2⤵
  PID:5336
- C:\Windows\System32\NUCkstZ.exe
  C:\Windows\System32\NUCkstZ.exe
  2⤵
  PID:5448
- C:\Windows\System32\RnqsXaB.exe
  C:\Windows\System32\RnqsXaB.exe
  2⤵
  PID:5620
- C:\Windows\System32\tPeCjWl.exe
  C:\Windows\System32\tPeCjWl.exe
  2⤵
  PID:1488
- C:\Windows\System32\KpOPslq.exe
  C:\Windows\System32\KpOPslq.exe
  2⤵
  PID:5744
- C:\Windows\System32\BFUPmyX.exe
  C:\Windows\System32\BFUPmyX.exe
  2⤵
  PID:396
- C:\Windows\System32\NuCMvCZ.exe
  C:\Windows\System32\NuCMvCZ.exe
  2⤵
  PID:3636
- C:\Windows\System32\dImGWbl.exe
  C:\Windows\System32\dImGWbl.exe
  2⤵
  PID:2956
- C:\Windows\System32\tVVwPKa.exe
  C:\Windows\System32\tVVwPKa.exe
  2⤵
  PID:6052
- C:\Windows\System32\dTTAWaE.exe
  C:\Windows\System32\dTTAWaE.exe
  2⤵
  PID:4932
- C:\Windows\System32\iNNWOZK.exe
  C:\Windows\System32\iNNWOZK.exe
  2⤵
  PID:2440
- C:\Windows\System32\TfvUfAx.exe
  C:\Windows\System32\TfvUfAx.exe
  2⤵
  PID:5236
- C:\Windows\System32\HgwGFWI.exe
  C:\Windows\System32\HgwGFWI.exe
  2⤵
  PID:3612
- C:\Windows\System32\uteVEFx.exe
  C:\Windows\System32\uteVEFx.exe
  2⤵
  PID:5752
- C:\Windows\System32\zDYiaeG.exe
  C:\Windows\System32\zDYiaeG.exe
  2⤵
  PID:5144
- C:\Windows\System32\JRTUCvl.exe
  C:\Windows\System32\JRTUCvl.exe
  2⤵
  PID:5504
- C:\Windows\System32\KbAnSSk.exe
  C:\Windows\System32\KbAnSSk.exe
  2⤵
  PID:3532
- C:\Windows\System32\TUrWqpz.exe
  C:\Windows\System32\TUrWqpz.exe
  2⤵
  PID:1700
- C:\Windows\System32\OeHGPIf.exe
  C:\Windows\System32\OeHGPIf.exe
  2⤵
  PID:6156
- C:\Windows\System32\hUcHFmM.exe
  C:\Windows\System32\hUcHFmM.exe
  2⤵
  PID:6176
- C:\Windows\System32\NGRuOTS.exe
  C:\Windows\System32\NGRuOTS.exe
  2⤵
  PID:6196
- C:\Windows\System32\DUtkill.exe
  C:\Windows\System32\DUtkill.exe
  2⤵
  PID:6236
- C:\Windows\System32\ruTHtFs.exe
  C:\Windows\System32\ruTHtFs.exe
  2⤵
  PID:6260
- C:\Windows\System32\HRKphMw.exe
  C:\Windows\System32\HRKphMw.exe
  2⤵
  PID:6276
- C:\Windows\System32\wzqIqrR.exe
  C:\Windows\System32\wzqIqrR.exe
  2⤵
  PID:6316
- C:\Windows\System32\OCBVHpG.exe
  C:\Windows\System32\OCBVHpG.exe
  2⤵
  PID:6344
- C:\Windows\System32\bbILvEP.exe
  C:\Windows\System32\bbILvEP.exe
  2⤵
  PID:6384
- C:\Windows\System32\EcQcPnc.exe
  C:\Windows\System32\EcQcPnc.exe
  2⤵
  PID:6432
- C:\Windows\System32\tytByrD.exe
  C:\Windows\System32\tytByrD.exe
  2⤵
  PID:6452
- C:\Windows\System32\zbauUiS.exe
  C:\Windows\System32\zbauUiS.exe
  2⤵
  PID:6472
- C:\Windows\System32\YNAcELj.exe
  C:\Windows\System32\YNAcELj.exe
  2⤵
  PID:6488
- C:\Windows\System32\gBIpKKH.exe
  C:\Windows\System32\gBIpKKH.exe
  2⤵
  PID:6524
- C:\Windows\System32\tGSjnmW.exe
  C:\Windows\System32\tGSjnmW.exe
  2⤵
  PID:6544
- C:\Windows\System32\lKcyksc.exe
  C:\Windows\System32\lKcyksc.exe
  2⤵
  PID:6568
- C:\Windows\System32\VSxZmlj.exe
  C:\Windows\System32\VSxZmlj.exe
  2⤵
  PID:6632
- C:\Windows\System32\uVqdAhj.exe
  C:\Windows\System32\uVqdAhj.exe
  2⤵
  PID:6656
- C:\Windows\System32\yWIaGao.exe
  C:\Windows\System32\yWIaGao.exe
  2⤵
  PID:6676
- C:\Windows\System32\kLyrIve.exe
  C:\Windows\System32\kLyrIve.exe
  2⤵
  PID:6696
- C:\Windows\System32\lHwLlsb.exe
  C:\Windows\System32\lHwLlsb.exe
  2⤵
  PID:6716
- C:\Windows\System32\vXXyvmj.exe
  C:\Windows\System32\vXXyvmj.exe
  2⤵
  PID:6740
- C:\Windows\System32\cEypQjH.exe
  C:\Windows\System32\cEypQjH.exe
  2⤵
  PID:6788
- C:\Windows\System32\eAGbmTi.exe
  C:\Windows\System32\eAGbmTi.exe
  2⤵
  PID:6820
- C:\Windows\System32\cEIkuSY.exe
  C:\Windows\System32\cEIkuSY.exe
  2⤵
  PID:6840
- C:\Windows\System32\xNKfHIr.exe
  C:\Windows\System32\xNKfHIr.exe
  2⤵
  PID:6876
- C:\Windows\System32\fSLSXnk.exe
  C:\Windows\System32\fSLSXnk.exe
  2⤵
  PID:6896
- C:\Windows\System32\RGSNPnA.exe
  C:\Windows\System32\RGSNPnA.exe
  2⤵
  PID:6920
- C:\Windows\System32\rleiVNe.exe
  C:\Windows\System32\rleiVNe.exe
  2⤵
  PID:6952
- C:\Windows\System32\ESjvSqb.exe
  C:\Windows\System32\ESjvSqb.exe
  2⤵
  PID:6968
- C:\Windows\System32\PLnPGtp.exe
  C:\Windows\System32\PLnPGtp.exe
  2⤵
  PID:6996
- C:\Windows\System32\DyFIfBo.exe
  C:\Windows\System32\DyFIfBo.exe
  2⤵
  PID:7032
- C:\Windows\System32\ZOzIjFS.exe
  C:\Windows\System32\ZOzIjFS.exe
  2⤵
  PID:7064
- C:\Windows\System32\EgTeCcl.exe
  C:\Windows\System32\EgTeCcl.exe
  2⤵
  PID:7088
- C:\Windows\System32\KLbJXFM.exe
  C:\Windows\System32\KLbJXFM.exe
  2⤵
  PID:7120
- C:\Windows\System32\urDjmJZ.exe
  C:\Windows\System32\urDjmJZ.exe
  2⤵
  PID:7140
- C:\Windows\System32\ghLSaOw.exe
  C:\Windows\System32\ghLSaOw.exe
  2⤵
  PID:7160
- C:\Windows\System32\vFMWDtA.exe
  C:\Windows\System32\vFMWDtA.exe
  2⤵
  PID:5208
- C:\Windows\System32\EiNwibg.exe
  C:\Windows\System32\EiNwibg.exe
  2⤵
  PID:6208
- C:\Windows\System32\csIcDbR.exe
  C:\Windows\System32\csIcDbR.exe
  2⤵
  PID:6244
- C:\Windows\System32\JOhytHY.exe
  C:\Windows\System32\JOhytHY.exe
  2⤵
  PID:6328
- C:\Windows\System32\GkTnIqr.exe
  C:\Windows\System32\GkTnIqr.exe
  2⤵
  PID:6368
- C:\Windows\System32\DPIvgIj.exe
  C:\Windows\System32\DPIvgIj.exe
  2⤵
  PID:6420
- C:\Windows\System32\OMeXZtv.exe
  C:\Windows\System32\OMeXZtv.exe
  2⤵
  PID:6484
- C:\Windows\System32\PvHTyGQ.exe
  C:\Windows\System32\PvHTyGQ.exe
  2⤵
  PID:6480
- C:\Windows\System32\owoOnZN.exe
  C:\Windows\System32\owoOnZN.exe
  2⤵
  PID:6536
- C:\Windows\System32\ZnJStnA.exe
  C:\Windows\System32\ZnJStnA.exe
  2⤵
  PID:6600
- C:\Windows\System32\kphhoOk.exe
  C:\Windows\System32\kphhoOk.exe
  2⤵
  PID:6692
- C:\Windows\System32\yBhPZgT.exe
  C:\Windows\System32\yBhPZgT.exe
  2⤵
  PID:6752
- C:\Windows\System32\fKvGIhp.exe
  C:\Windows\System32\fKvGIhp.exe
  2⤵
  PID:6812
- C:\Windows\System32\QojKAyI.exe
  C:\Windows\System32\QojKAyI.exe
  2⤵
  PID:6856
- C:\Windows\System32\HRFTzzI.exe
  C:\Windows\System32\HRFTzzI.exe
  2⤵
  PID:6980
- C:\Windows\System32\JsIRcrA.exe
  C:\Windows\System32\JsIRcrA.exe
  2⤵
  PID:7156
- C:\Windows\System32\NXdjYBX.exe
  C:\Windows\System32\NXdjYBX.exe
  2⤵
  PID:6332
- C:\Windows\System32\GRwAkRd.exe
  C:\Windows\System32\GRwAkRd.exe
  2⤵
  PID:6504
- C:\Windows\System32\mrzmiwi.exe
  C:\Windows\System32\mrzmiwi.exe
  2⤵
  PID:6444
- C:\Windows\System32\BzbShzG.exe
  C:\Windows\System32\BzbShzG.exe
  2⤵
  PID:6672
- C:\Windows\System32\uOkUEwt.exe
  C:\Windows\System32\uOkUEwt.exe
  2⤵
  PID:6712
- C:\Windows\System32\ISQjGMS.exe
  C:\Windows\System32\ISQjGMS.exe
  2⤵
  PID:7132
- C:\Windows\System32\NZraQEW.exe
  C:\Windows\System32\NZraQEW.exe
  2⤵
  PID:5368
- C:\Windows\System32\aJsGMgv.exe
  C:\Windows\System32\aJsGMgv.exe
  2⤵
  PID:6828
- C:\Windows\System32\WXoWWUA.exe
  C:\Windows\System32\WXoWWUA.exe
  2⤵
  PID:6188
- C:\Windows\System32\omPmLCc.exe
  C:\Windows\System32\omPmLCc.exe
  2⤵
  PID:6560
- C:\Windows\System32\zGKkiFv.exe
  C:\Windows\System32\zGKkiFv.exe
  2⤵
  PID:7176
- C:\Windows\System32\OFydVEV.exe
  C:\Windows\System32\OFydVEV.exe
  2⤵
  PID:7196
- C:\Windows\System32\lhdlBds.exe
  C:\Windows\System32\lhdlBds.exe
  2⤵
  PID:7220
- C:\Windows\System32\MDbnPZG.exe
  C:\Windows\System32\MDbnPZG.exe
  2⤵
  PID:7240
- C:\Windows\System32\LwttVFV.exe
  C:\Windows\System32\LwttVFV.exe
  2⤵
  PID:7272
- C:\Windows\System32\WbWrFPs.exe
  C:\Windows\System32\WbWrFPs.exe
  2⤵
  PID:7292
- C:\Windows\System32\ZgVyywu.exe
  C:\Windows\System32\ZgVyywu.exe
  2⤵
  PID:7312
- C:\Windows\System32\NWmtDNq.exe
  C:\Windows\System32\NWmtDNq.exe
  2⤵
  PID:7328
- C:\Windows\System32\PwDtcvK.exe
  C:\Windows\System32\PwDtcvK.exe
  2⤵
  PID:7352
- C:\Windows\System32\DoknIrf.exe
  C:\Windows\System32\DoknIrf.exe
  2⤵
  PID:7380
- C:\Windows\System32\wbwZmuT.exe
  C:\Windows\System32\wbwZmuT.exe
  2⤵
  PID:7448
- C:\Windows\System32\rbkJtSE.exe
  C:\Windows\System32\rbkJtSE.exe
  2⤵
  PID:7480
- C:\Windows\System32\pEvMmRA.exe
  C:\Windows\System32\pEvMmRA.exe
  2⤵
  PID:7504
- C:\Windows\System32\ARQSRBk.exe
  C:\Windows\System32\ARQSRBk.exe
  2⤵
  PID:7528
- C:\Windows\System32\apPChAe.exe
  C:\Windows\System32\apPChAe.exe
  2⤵
  PID:7556
- C:\Windows\System32\UhLPxQV.exe
  C:\Windows\System32\UhLPxQV.exe
  2⤵
  PID:7576
- C:\Windows\System32\evWMGuo.exe
  C:\Windows\System32\evWMGuo.exe
  2⤵
  PID:7600
- C:\Windows\System32\xiCuBao.exe
  C:\Windows\System32\xiCuBao.exe
  2⤵
  PID:7624
- C:\Windows\System32\KtkbIyV.exe
  C:\Windows\System32\KtkbIyV.exe
  2⤵
  PID:7640
- C:\Windows\System32\XYuQCWx.exe
  C:\Windows\System32\XYuQCWx.exe
  2⤵
  PID:7664
- C:\Windows\System32\rmpDqxX.exe
  C:\Windows\System32\rmpDqxX.exe
  2⤵
  PID:7696
- C:\Windows\System32\BNqPrpy.exe
  C:\Windows\System32\BNqPrpy.exe
  2⤵
  PID:7732
- C:\Windows\System32\GowGWnQ.exe
  C:\Windows\System32\GowGWnQ.exe
  2⤵
  PID:7756
- C:\Windows\System32\WBCfDRw.exe
  C:\Windows\System32\WBCfDRw.exe
  2⤵
  PID:7780
- C:\Windows\System32\rnlvuYj.exe
  C:\Windows\System32\rnlvuYj.exe
  2⤵
  PID:7836
- C:\Windows\System32\wCFtKxR.exe
  C:\Windows\System32\wCFtKxR.exe
  2⤵
  PID:7864
- C:\Windows\System32\BjezFlr.exe
  C:\Windows\System32\BjezFlr.exe
  2⤵
  PID:7884
- C:\Windows\System32\lUTTSRj.exe
  C:\Windows\System32\lUTTSRj.exe
  2⤵
  PID:7908
- C:\Windows\System32\DAXnrkj.exe
  C:\Windows\System32\DAXnrkj.exe
  2⤵
  PID:7924
- C:\Windows\System32\HYLgLFM.exe
  C:\Windows\System32\HYLgLFM.exe
  2⤵
  PID:7952
- C:\Windows\System32\GXYZmYP.exe
  C:\Windows\System32\GXYZmYP.exe
  2⤵
  PID:8072
- C:\Windows\System32\pIdSYIp.exe
  C:\Windows\System32\pIdSYIp.exe
  2⤵
  PID:8104
- C:\Windows\System32\HccqtiZ.exe
  C:\Windows\System32\HccqtiZ.exe
  2⤵
  PID:8136
- C:\Windows\System32\UrMdNYo.exe
  C:\Windows\System32\UrMdNYo.exe
  2⤵
  PID:8156
- C:\Windows\System32\mRhZyBr.exe
  C:\Windows\System32\mRhZyBr.exe
  2⤵
  PID:8176
- C:\Windows\System32\jmDFcST.exe
  C:\Windows\System32\jmDFcST.exe
  2⤵
  PID:6168
- C:\Windows\System32\qjyYqah.exe
  C:\Windows\System32\qjyYqah.exe
  2⤵
  PID:7208
- C:\Windows\System32\OyRVkQE.exe
  C:\Windows\System32\OyRVkQE.exe
  2⤵
  PID:7232
- C:\Windows\System32\VXBmYct.exe
  C:\Windows\System32\VXBmYct.exe
  2⤵
  PID:7284
- C:\Windows\System32\rfSGirU.exe
  C:\Windows\System32\rfSGirU.exe
  2⤵
  PID:7360
- C:\Windows\System32\dsZbjAP.exe
  C:\Windows\System32\dsZbjAP.exe
  2⤵
  PID:7524
- C:\Windows\System32\eHpKMwF.exe
  C:\Windows\System32\eHpKMwF.exe
  2⤵
  PID:7572
- C:\Windows\System32\fOSPEZq.exe
  C:\Windows\System32\fOSPEZq.exe
  2⤵
  PID:7656
- C:\Windows\System32\nMrApsV.exe
  C:\Windows\System32\nMrApsV.exe
  2⤵
  PID:7800
- C:\Windows\System32\GjwznKV.exe
  C:\Windows\System32\GjwznKV.exe
  2⤵
  PID:7824
- C:\Windows\System32\WHPaaam.exe
  C:\Windows\System32\WHPaaam.exe
  2⤵
  PID:7920
- C:\Windows\System32\UxcLpEB.exe
  C:\Windows\System32\UxcLpEB.exe
  2⤵
  PID:7916
- C:\Windows\System32\hdVpgJz.exe
  C:\Windows\System32\hdVpgJz.exe
  2⤵
  PID:8036
- C:\Windows\System32\SmXjQRQ.exe
  C:\Windows\System32\SmXjQRQ.exe
  2⤵
  PID:8084
- C:\Windows\System32\FMgLEHn.exe
  C:\Windows\System32\FMgLEHn.exe
  2⤵
  PID:8008
- C:\Windows\System32\ZbumIQx.exe
  C:\Windows\System32\ZbumIQx.exe
  2⤵
  PID:8032
- C:\Windows\System32\dEXTsig.exe
  C:\Windows\System32\dEXTsig.exe
  2⤵
  PID:8116
- C:\Windows\System32\iLELutA.exe
  C:\Windows\System32\iLELutA.exe
  2⤵
  PID:8124
- C:\Windows\System32\tJIJkVS.exe
  C:\Windows\System32\tJIJkVS.exe
  2⤵
  PID:7432
- C:\Windows\System32\PjoRXAm.exe
  C:\Windows\System32\PjoRXAm.exe
  2⤵
  PID:7552
- C:\Windows\System32\SPcUzBI.exe
  C:\Windows\System32\SPcUzBI.exe
  2⤵
  PID:7808
- C:\Windows\System32\WnzGSzV.exe
  C:\Windows\System32\WnzGSzV.exe
  2⤵
  PID:7816
- C:\Windows\System32\OpcEPPR.exe
  C:\Windows\System32\OpcEPPR.exe
  2⤵
  PID:8040
- C:\Windows\System32\GCPDQhR.exe
  C:\Windows\System32\GCPDQhR.exe
  2⤵
  PID:7976
- C:\Windows\System32\noEdgLO.exe
  C:\Windows\System32\noEdgLO.exe
  2⤵
  PID:8096
- C:\Windows\System32\OrqVbbS.exe
  C:\Windows\System32\OrqVbbS.exe
  2⤵
  PID:7172
- C:\Windows\System32\QmKtJev.exe
  C:\Windows\System32\QmKtJev.exe
  2⤵
  PID:7844
- C:\Windows\System32\doEUMXx.exe
  C:\Windows\System32\doEUMXx.exe
  2⤵
  PID:7876
- C:\Windows\System32\fyAhSxg.exe
  C:\Windows\System32\fyAhSxg.exe
  2⤵
  PID:8172
- C:\Windows\System32\IkVXSIV.exe
  C:\Windows\System32\IkVXSIV.exe
  2⤵
  PID:8244
- C:\Windows\System32\QrxpHCe.exe
  C:\Windows\System32\QrxpHCe.exe
  2⤵
  PID:8280
- C:\Windows\System32\lHnqMAU.exe
  C:\Windows\System32\lHnqMAU.exe
  2⤵
  PID:8304
- C:\Windows\System32\BppGQhk.exe
  C:\Windows\System32\BppGQhk.exe
  2⤵
  PID:8340
- C:\Windows\System32\nHiNyKk.exe
  C:\Windows\System32\nHiNyKk.exe
  2⤵
  PID:8360
- C:\Windows\System32\NePVtqn.exe
  C:\Windows\System32\NePVtqn.exe
  2⤵
  PID:8384
- C:\Windows\System32\LkoMoCO.exe
  C:\Windows\System32\LkoMoCO.exe
  2⤵
  PID:8412
- C:\Windows\System32\iMEQyvz.exe
  C:\Windows\System32\iMEQyvz.exe
  2⤵
  PID:8440
- C:\Windows\System32\EXlzVfM.exe
  C:\Windows\System32\EXlzVfM.exe
  2⤵
  PID:8492
- C:\Windows\System32\KBATBZZ.exe
  C:\Windows\System32\KBATBZZ.exe
  2⤵
  PID:8520
- C:\Windows\System32\hFJBjiC.exe
  C:\Windows\System32\hFJBjiC.exe
  2⤵
  PID:8536
- C:\Windows\System32\UlmiRwz.exe
  C:\Windows\System32\UlmiRwz.exe
  2⤵
  PID:8580
- C:\Windows\System32\TQhxYcU.exe
  C:\Windows\System32\TQhxYcU.exe
  2⤵
  PID:8604
- C:\Windows\System32\hvJvdzU.exe
  C:\Windows\System32\hvJvdzU.exe
  2⤵
  PID:8624
- C:\Windows\System32\zmuYdxa.exe
  C:\Windows\System32\zmuYdxa.exe
  2⤵
  PID:8684
- C:\Windows\System32\AvOWqLE.exe
  C:\Windows\System32\AvOWqLE.exe
  2⤵
  PID:8740
- C:\Windows\System32\BNjiRGd.exe
  C:\Windows\System32\BNjiRGd.exe
  2⤵
  PID:8776
- C:\Windows\System32\orXhQYT.exe
  C:\Windows\System32\orXhQYT.exe
  2⤵
  PID:8796
- C:\Windows\System32\TfwPkna.exe
  C:\Windows\System32\TfwPkna.exe
  2⤵
  PID:8816
- C:\Windows\System32\epgneFM.exe
  C:\Windows\System32\epgneFM.exe
  2⤵
  PID:8840
- C:\Windows\System32\qffyPvX.exe
  C:\Windows\System32\qffyPvX.exe
  2⤵
  PID:8864
- C:\Windows\System32\NZRmMDg.exe
  C:\Windows\System32\NZRmMDg.exe
  2⤵
  PID:8884
- C:\Windows\System32\sKdWNlu.exe
  C:\Windows\System32\sKdWNlu.exe
  2⤵
  PID:8904
- C:\Windows\System32\hsvMKTx.exe
  C:\Windows\System32\hsvMKTx.exe
  2⤵
  PID:8948
- C:\Windows\System32\NNzNiqZ.exe
  C:\Windows\System32\NNzNiqZ.exe
  2⤵
  PID:8972
- C:\Windows\System32\WAuborA.exe
  C:\Windows\System32\WAuborA.exe
  2⤵
  PID:8988
- C:\Windows\System32\tvwKKJv.exe
  C:\Windows\System32\tvwKKJv.exe
  2⤵
  PID:9008
- C:\Windows\System32\qeqlOOP.exe
  C:\Windows\System32\qeqlOOP.exe
  2⤵
  PID:9040
- C:\Windows\System32\ijjQVhV.exe
  C:\Windows\System32\ijjQVhV.exe
  2⤵
  PID:9112
- C:\Windows\System32\AuBZrNa.exe
  C:\Windows\System32\AuBZrNa.exe
  2⤵
  PID:9132
- C:\Windows\System32\jVgYWQE.exe
  C:\Windows\System32\jVgYWQE.exe
  2⤵
  PID:9152
- C:\Windows\System32\gsdoIUc.exe
  C:\Windows\System32\gsdoIUc.exe
  2⤵
  PID:9168
- C:\Windows\System32\aaTOkeE.exe
  C:\Windows\System32\aaTOkeE.exe
  2⤵
  PID:9200
- C:\Windows\System32\BbFQbZv.exe
  C:\Windows\System32\BbFQbZv.exe
  2⤵
  PID:8120
- C:\Windows\System32\JZATAKw.exe
  C:\Windows\System32\JZATAKw.exe
  2⤵
  PID:7544
- C:\Windows\System32\siCHCuE.exe
  C:\Windows\System32\siCHCuE.exe
  2⤵
  PID:7788
- C:\Windows\System32\yZSgIuk.exe
  C:\Windows\System32\yZSgIuk.exe
  2⤵
  PID:8316
- C:\Windows\System32\SAArUnP.exe
  C:\Windows\System32\SAArUnP.exe
  2⤵
  PID:8352
- C:\Windows\System32\mkCHedj.exe
  C:\Windows\System32\mkCHedj.exe
  2⤵
  PID:8400
- C:\Windows\System32\OScThmS.exe
  C:\Windows\System32\OScThmS.exe
  2⤵
  PID:8504
- C:\Windows\System32\oJUDhDQ.exe
  C:\Windows\System32\oJUDhDQ.exe
  2⤵
  PID:8612
- C:\Windows\System32\KMhrzif.exe
  C:\Windows\System32\KMhrzif.exe
  2⤵
  PID:8632
- C:\Windows\System32\IbSPndc.exe
  C:\Windows\System32\IbSPndc.exe
  2⤵
  PID:7608
- C:\Windows\System32\thONTeF.exe
  C:\Windows\System32\thONTeF.exe
  2⤵
  PID:8732
- C:\Windows\System32\zAiWMPo.exe
  C:\Windows\System32\zAiWMPo.exe
  2⤵
  PID:8752
- C:\Windows\System32\JONhdHk.exe
  C:\Windows\System32\JONhdHk.exe
  2⤵
  PID:8824
- C:\Windows\System32\axHyDGG.exe
  C:\Windows\System32\axHyDGG.exe
  2⤵
  PID:8944
- C:\Windows\System32\VtPoGoV.exe
  C:\Windows\System32\VtPoGoV.exe
  2⤵
  PID:9020
- C:\Windows\System32\rPAJReP.exe
  C:\Windows\System32\rPAJReP.exe
  2⤵
  PID:9084
- C:\Windows\System32\PfTwIVY.exe
  C:\Windows\System32\PfTwIVY.exe
  2⤵
  PID:9176
- C:\Windows\System32\MCiwjLN.exe
  C:\Windows\System32\MCiwjLN.exe
  2⤵
  PID:8164
- C:\Windows\System32\XISdVoN.exe
  C:\Windows\System32\XISdVoN.exe
  2⤵
  PID:8296
- C:\Windows\System32\aHAdAOM.exe
  C:\Windows\System32\aHAdAOM.exe
  2⤵
  PID:8312
- C:\Windows\System32\RcGvCyk.exe
  C:\Windows\System32\RcGvCyk.exe
  2⤵
  PID:8664
- C:\Windows\System32\ZOPNGOP.exe
  C:\Windows\System32\ZOPNGOP.exe
  2⤵
  PID:8620
- C:\Windows\System32\snmvoNH.exe
  C:\Windows\System32\snmvoNH.exe
  2⤵
  PID:8676
- C:\Windows\System32\IIrCCBy.exe
  C:\Windows\System32\IIrCCBy.exe
  2⤵
  PID:8996
- C:\Windows\System32\tztqTZh.exe
  C:\Windows\System32\tztqTZh.exe
  2⤵
  PID:9148
- C:\Windows\System32\ytTWapZ.exe
  C:\Windows\System32\ytTWapZ.exe
  2⤵
  PID:9180
- C:\Windows\System32\tbPrKxn.exe
  C:\Windows\System32\tbPrKxn.exe
  2⤵
  PID:8392
- C:\Windows\System32\jzGIlSj.exe
  C:\Windows\System32\jzGIlSj.exe
  2⤵
  PID:8764
- C:\Windows\System32\IcZvIAb.exe
  C:\Windows\System32\IcZvIAb.exe
  2⤵
  PID:9236
- C:\Windows\System32\DiMImIk.exe
  C:\Windows\System32\DiMImIk.exe
  2⤵
  PID:9260
- C:\Windows\System32\ipWqPZH.exe
  C:\Windows\System32\ipWqPZH.exe
  2⤵
  PID:9320
- C:\Windows\System32\FWPLnUp.exe
  C:\Windows\System32\FWPLnUp.exe
  2⤵
  PID:9348
- C:\Windows\System32\YqEqGyX.exe
  C:\Windows\System32\YqEqGyX.exe
  2⤵
  PID:9372
- C:\Windows\System32\evzmBwr.exe
  C:\Windows\System32\evzmBwr.exe
  2⤵
  PID:9388
- C:\Windows\System32\ImKHCDo.exe
  C:\Windows\System32\ImKHCDo.exe
  2⤵
  PID:9424
- C:\Windows\System32\osFsVbb.exe
  C:\Windows\System32\osFsVbb.exe
  2⤵
  PID:9460
- C:\Windows\System32\tfFLvMK.exe
  C:\Windows\System32\tfFLvMK.exe
  2⤵
  PID:9476
- C:\Windows\System32\ffDcDaz.exe
  C:\Windows\System32\ffDcDaz.exe
  2⤵
  PID:9504
- C:\Windows\System32\vYLLVpI.exe
  C:\Windows\System32\vYLLVpI.exe
  2⤵
  PID:9524
- C:\Windows\System32\fWvpvdr.exe
  C:\Windows\System32\fWvpvdr.exe
  2⤵
  PID:9588
- C:\Windows\System32\vucJaUc.exe
  C:\Windows\System32\vucJaUc.exe
  2⤵
  PID:9616
- C:\Windows\System32\SkoQPVl.exe
  C:\Windows\System32\SkoQPVl.exe
  2⤵
  PID:9632
- C:\Windows\System32\AyNoRjY.exe
  C:\Windows\System32\AyNoRjY.exe
  2⤵
  PID:9648
- C:\Windows\System32\fSNWIrh.exe
  C:\Windows\System32\fSNWIrh.exe
  2⤵
  PID:9664
- C:\Windows\System32\eSUDrdP.exe
  C:\Windows\System32\eSUDrdP.exe
  2⤵
  PID:9680
- C:\Windows\System32\SLhrJzo.exe
  C:\Windows\System32\SLhrJzo.exe
  2⤵
  PID:9752
- C:\Windows\System32\UGHQxJK.exe
  C:\Windows\System32\UGHQxJK.exe
  2⤵
  PID:9784
- C:\Windows\System32\vqpdMAs.exe
  C:\Windows\System32\vqpdMAs.exe
  2⤵
  PID:9800
- C:\Windows\System32\lrnYcxb.exe
  C:\Windows\System32\lrnYcxb.exe
  2⤵
  PID:9820
- C:\Windows\System32\sLpTuRA.exe
  C:\Windows\System32\sLpTuRA.exe
  2⤵
  PID:9844
- C:\Windows\System32\Qbdgwuc.exe
  C:\Windows\System32\Qbdgwuc.exe
  2⤵
  PID:9860
- C:\Windows\System32\OTmAmcH.exe
  C:\Windows\System32\OTmAmcH.exe
  2⤵
  PID:9884
- C:\Windows\System32\WaFUsUy.exe
  C:\Windows\System32\WaFUsUy.exe
  2⤵
  PID:9916
- C:\Windows\System32\NYeMYyG.exe
  C:\Windows\System32\NYeMYyG.exe
  2⤵
  PID:9952
- C:\Windows\System32\BtZxydO.exe
  C:\Windows\System32\BtZxydO.exe
  2⤵
  PID:10004
- C:\Windows\System32\fIwozno.exe
  C:\Windows\System32\fIwozno.exe
  2⤵
  PID:10036
- C:\Windows\System32\LizmpyJ.exe
  C:\Windows\System32\LizmpyJ.exe
  2⤵
  PID:10056
- C:\Windows\System32\NpPAVmj.exe
  C:\Windows\System32\NpPAVmj.exe
  2⤵
  PID:10080
- C:\Windows\System32\FNZELdl.exe
  C:\Windows\System32\FNZELdl.exe
  2⤵
  PID:10112
- C:\Windows\System32\xookKab.exe
  C:\Windows\System32\xookKab.exe
  2⤵
  PID:10136
- C:\Windows\System32\KJqJNNQ.exe
  C:\Windows\System32\KJqJNNQ.exe
  2⤵
  PID:10160
- C:\Windows\System32\aDUFqmz.exe
  C:\Windows\System32\aDUFqmz.exe
  2⤵
  PID:10176
- C:\Windows\System32\oOOdTEg.exe
  C:\Windows\System32\oOOdTEg.exe
  2⤵
  PID:10216
- C:\Windows\System32\QNJXjzl.exe
  C:\Windows\System32\QNJXjzl.exe
  2⤵
  PID:8984
- C:\Windows\System32\dklUCgE.exe
  C:\Windows\System32\dklUCgE.exe
  2⤵
  PID:9232
- C:\Windows\System32\ofRxYAl.exe
  C:\Windows\System32\ofRxYAl.exe
  2⤵
  PID:9248
- C:\Windows\System32\veRGgfv.exe
  C:\Windows\System32\veRGgfv.exe
  2⤵
  PID:9304
- C:\Windows\System32\oVXyxXv.exe
  C:\Windows\System32\oVXyxXv.exe
  2⤵
  PID:9448
- C:\Windows\System32\aAFYYOZ.exe
  C:\Windows\System32\aAFYYOZ.exe
  2⤵
  PID:9468
- C:\Windows\System32\xGiNdcL.exe
  C:\Windows\System32\xGiNdcL.exe
  2⤵
  PID:9532
- C:\Windows\System32\WqMgWuZ.exe
  C:\Windows\System32\WqMgWuZ.exe
  2⤵
  PID:9548
- C:\Windows\System32\bNkAPEm.exe
  C:\Windows\System32\bNkAPEm.exe
  2⤵
  PID:9628
- C:\Windows\System32\MtdlXDX.exe
  C:\Windows\System32\MtdlXDX.exe
  2⤵
  PID:9692
- C:\Windows\System32\pyvJUET.exe
  C:\Windows\System32\pyvJUET.exe
  2⤵
  PID:9672
- C:\Windows\System32\KLkoOyL.exe
  C:\Windows\System32\KLkoOyL.exe
  2⤵
  PID:9776
- C:\Windows\System32\pnzEkAe.exe
  C:\Windows\System32\pnzEkAe.exe
  2⤵
  PID:9880
- C:\Windows\System32\NXdLmXW.exe
  C:\Windows\System32\NXdLmXW.exe
  2⤵
  PID:9924
- C:\Windows\System32\vmFSJBI.exe
  C:\Windows\System32\vmFSJBI.exe
  2⤵
  PID:10068
- C:\Windows\System32\CsTqXnT.exe
  C:\Windows\System32\CsTqXnT.exe
  2⤵
  PID:10132
- C:\Windows\System32\KZBuuNj.exe
  C:\Windows\System32\KZBuuNj.exe
  2⤵
  PID:10224
- C:\Windows\System32\zdJusdk.exe
  C:\Windows\System32\zdJusdk.exe
  2⤵
  PID:10212
- C:\Windows\System32\LDAJkPw.exe
  C:\Windows\System32\LDAJkPw.exe
  2⤵
  PID:9228
- C:\Windows\System32\hLpUrjk.exe
  C:\Windows\System32\hLpUrjk.exe
  2⤵
  PID:9328
- C:\Windows\System32\GyKfdMk.exe
  C:\Windows\System32\GyKfdMk.exe
  2⤵
  PID:9584
- C:\Windows\System32\upSFjMi.exe
  C:\Windows\System32\upSFjMi.exe
  2⤵
  PID:9936
- C:\Windows\System32\hSpdCRS.exe
  C:\Windows\System32\hSpdCRS.exe
  2⤵
  PID:10064
- C:\Windows\System32\uCtJMBq.exe
  C:\Windows\System32\uCtJMBq.exe
  2⤵
  PID:9244
- C:\Windows\System32\FNafssw.exe
  C:\Windows\System32\FNafssw.exe
  2⤵
  PID:9560
- C:\Windows\System32\TNtBTZu.exe
  C:\Windows\System32\TNtBTZu.exe
  2⤵
  PID:9812
- C:\Windows\System32\CLdbXOM.exe
  C:\Windows\System32\CLdbXOM.exe
  2⤵
  PID:10100
- C:\Windows\System32\utGfNlm.exe
  C:\Windows\System32\utGfNlm.exe
  2⤵
  PID:10232
- C:\Windows\System32\cSYyRxD.exe
  C:\Windows\System32\cSYyRxD.exe
  2⤵
  PID:9896
- C:\Windows\System32\INqZivC.exe
  C:\Windows\System32\INqZivC.exe
  2⤵
  PID:10260
- C:\Windows\System32\rsPVlrE.exe
  C:\Windows\System32\rsPVlrE.exe
  2⤵
  PID:10300
- C:\Windows\System32\yGunsZq.exe
  C:\Windows\System32\yGunsZq.exe
  2⤵
  PID:10332
- C:\Windows\System32\glxchza.exe
  C:\Windows\System32\glxchza.exe
  2⤵
  PID:10356
- C:\Windows\System32\EFSgNAP.exe
  C:\Windows\System32\EFSgNAP.exe
  2⤵
  PID:10384
- C:\Windows\System32\IyMllPy.exe
  C:\Windows\System32\IyMllPy.exe
  2⤵
  PID:10404
- C:\Windows\System32\OATgJMN.exe
  C:\Windows\System32\OATgJMN.exe
  2⤵
  PID:10428
- C:\Windows\System32\ZjNbPMW.exe
  C:\Windows\System32\ZjNbPMW.exe
  2⤵
  PID:10464
- C:\Windows\System32\hrVLTbl.exe
  C:\Windows\System32\hrVLTbl.exe
  2⤵
  PID:10488
- C:\Windows\System32\FbpZiIi.exe
  C:\Windows\System32\FbpZiIi.exe
  2⤵
  PID:10532
- C:\Windows\System32\qmspdvg.exe
  C:\Windows\System32\qmspdvg.exe
  2⤵
  PID:10564
- C:\Windows\System32\woMRxtQ.exe
  C:\Windows\System32\woMRxtQ.exe
  2⤵
  PID:10600
- C:\Windows\System32\rLXEpCx.exe
  C:\Windows\System32\rLXEpCx.exe
  2⤵
  PID:10616
- C:\Windows\System32\EGIzONr.exe
  C:\Windows\System32\EGIzONr.exe
  2⤵
  PID:10636
- C:\Windows\System32\uEyLKsG.exe
  C:\Windows\System32\uEyLKsG.exe
  2⤵
  PID:10672
- C:\Windows\System32\WqCBfSd.exe
  C:\Windows\System32\WqCBfSd.exe
  2⤵
  PID:10712
- C:\Windows\System32\YxovHED.exe
  C:\Windows\System32\YxovHED.exe
  2⤵
  PID:10728
- C:\Windows\System32\EcgnSwv.exe
  C:\Windows\System32\EcgnSwv.exe
  2⤵
  PID:10752
- C:\Windows\System32\ZLNyngA.exe
  C:\Windows\System32\ZLNyngA.exe
  2⤵
  PID:10768
- C:\Windows\System32\APKmoEN.exe
  C:\Windows\System32\APKmoEN.exe
  2⤵
  PID:10788
- C:\Windows\System32\tgPJpYZ.exe
  C:\Windows\System32\tgPJpYZ.exe
  2⤵
  PID:10804
- C:\Windows\System32\iJEeGCh.exe
  C:\Windows\System32\iJEeGCh.exe
  2⤵
  PID:10820
- C:\Windows\System32\JRKRidS.exe
  C:\Windows\System32\JRKRidS.exe
  2⤵
  PID:10860
- C:\Windows\System32\HsTCYGr.exe
  C:\Windows\System32\HsTCYGr.exe
  2⤵
  PID:10928
- C:\Windows\System32\bisSimM.exe
  C:\Windows\System32\bisSimM.exe
  2⤵
  PID:10948
- C:\Windows\System32\MNmbxMX.exe
  C:\Windows\System32\MNmbxMX.exe
  2⤵
  PID:10984
- C:\Windows\System32\GFStOrO.exe
  C:\Windows\System32\GFStOrO.exe
  2⤵
  PID:11028
- C:\Windows\System32\fPJcIip.exe
  C:\Windows\System32\fPJcIip.exe
  2⤵
  PID:11048
- C:\Windows\System32\SUTmonr.exe
  C:\Windows\System32\SUTmonr.exe
  2⤵
  PID:11072
- C:\Windows\System32\SWDFQnC.exe
  C:\Windows\System32\SWDFQnC.exe
  2⤵
  PID:11116
- C:\Windows\System32\zvMZYxZ.exe
  C:\Windows\System32\zvMZYxZ.exe
  2⤵
  PID:11140
- C:\Windows\System32\pgDoRHF.exe
  C:\Windows\System32\pgDoRHF.exe
  2⤵
  PID:11156
- C:\Windows\System32\gnvcTOB.exe
  C:\Windows\System32\gnvcTOB.exe
  2⤵
  PID:11172
- C:\Windows\System32\slDinbI.exe
  C:\Windows\System32\slDinbI.exe
  2⤵
  PID:11192
- C:\Windows\System32\YeEZZob.exe
  C:\Windows\System32\YeEZZob.exe
  2⤵
  PID:11236
- C:\Windows\System32\YHXxfbj.exe
  C:\Windows\System32\YHXxfbj.exe
  2⤵
  PID:9296
- C:\Windows\System32\QppFmmW.exe
  C:\Windows\System32\QppFmmW.exe
  2⤵
  PID:10344
- C:\Windows\System32\AyDqEZm.exe
  C:\Windows\System32\AyDqEZm.exe
  2⤵
  PID:10440
- C:\Windows\System32\UKQRPKP.exe
  C:\Windows\System32\UKQRPKP.exe
  2⤵
  PID:10416
- C:\Windows\System32\VLmogMN.exe
  C:\Windows\System32\VLmogMN.exe
  2⤵
  PID:10480
- C:\Windows\System32\OrUsykA.exe
  C:\Windows\System32\OrUsykA.exe
  2⤵
  PID:10592
- C:\Windows\System32\TgKsduh.exe
  C:\Windows\System32\TgKsduh.exe
  2⤵
  PID:10608
- C:\Windows\System32\KpWXGTn.exe
  C:\Windows\System32\KpWXGTn.exe
  2⤵
  PID:10696
- C:\Windows\System32\fqzuysN.exe
  C:\Windows\System32\fqzuysN.exe
  2⤵
  PID:10720
- C:\Windows\System32\CuoRLip.exe
  C:\Windows\System32\CuoRLip.exe
  2⤵
  PID:10836
- C:\Windows\System32\LGPTIQB.exe
  C:\Windows\System32\LGPTIQB.exe
  2⤵
  PID:10880
- C:\Windows\System32\qVVPBdq.exe
  C:\Windows\System32\qVVPBdq.exe
  2⤵
  PID:11008
- C:\Windows\System32\PYJxehw.exe
  C:\Windows\System32\PYJxehw.exe
  2⤵
  PID:11068
- C:\Windows\System32\ZeuDSwv.exe
  C:\Windows\System32\ZeuDSwv.exe
  2⤵
  PID:11080
- C:\Windows\System32\DHEuFLY.exe
  C:\Windows\System32\DHEuFLY.exe
  2⤵
  PID:11164
- C:\Windows\System32\zoYbmuF.exe
  C:\Windows\System32\zoYbmuF.exe
  2⤵
  PID:11184
- C:\Windows\System32\oyWnAaE.exe
  C:\Windows\System32\oyWnAaE.exe
  2⤵
  PID:11232
- C:\Windows\System32\nITRFrU.exe
  C:\Windows\System32\nITRFrU.exe
  2⤵
  PID:10280
- C:\Windows\System32\vCsGAWy.exe
  C:\Windows\System32\vCsGAWy.exe
  2⤵
  PID:10444
- C:\Windows\System32\VnIQBNx.exe
  C:\Windows\System32\VnIQBNx.exe
  2⤵
  PID:10660
- C:\Windows\System32\XjZswCI.exe
  C:\Windows\System32\XjZswCI.exe
  2⤵
  PID:10828
- C:\Windows\System32\MMvayKD.exe
  C:\Windows\System32\MMvayKD.exe
  2⤵
  PID:10908
- C:\Windows\System32\fajXLrS.exe
  C:\Windows\System32\fajXLrS.exe
  2⤵
  PID:11040
- C:\Windows\System32\gOSnntw.exe
  C:\Windows\System32\gOSnntw.exe
  2⤵
  PID:11208
- C:\Windows\System32\RiZKFug.exe
  C:\Windows\System32\RiZKFug.exe
  2⤵
  PID:10324
- C:\Windows\System32\ELZuEQx.exe
  C:\Windows\System32\ELZuEQx.exe
  2⤵
  PID:10816
- C:\Windows\System32\UaRMPXr.exe
  C:\Windows\System32\UaRMPXr.exe
  2⤵
  PID:10748
- C:\Windows\System32\ZIUYQvT.exe
  C:\Windows\System32\ZIUYQvT.exe
  2⤵
  PID:11044
- C:\Windows\System32\bnIPTQz.exe
  C:\Windows\System32\bnIPTQz.exe
  2⤵
  PID:11268
- C:\Windows\System32\sXtJTVd.exe
  C:\Windows\System32\sXtJTVd.exe
  2⤵
  PID:11284
- C:\Windows\System32\PiPrwMt.exe
  C:\Windows\System32\PiPrwMt.exe
  2⤵
  PID:11308
- C:\Windows\System32\GJYbPBR.exe
  C:\Windows\System32\GJYbPBR.exe
  2⤵
  PID:11380
- C:\Windows\System32\BfvvTkl.exe
  C:\Windows\System32\BfvvTkl.exe
  2⤵
  PID:11412
- C:\Windows\System32\RoXQttA.exe
  C:\Windows\System32\RoXQttA.exe
  2⤵
  PID:11444
- C:\Windows\System32\yrXLkbd.exe
  C:\Windows\System32\yrXLkbd.exe
  2⤵
  PID:11472
- C:\Windows\System32\rOgeAKY.exe
  C:\Windows\System32\rOgeAKY.exe
  2⤵
  PID:11492
- C:\Windows\System32\HEbAsxt.exe
  C:\Windows\System32\HEbAsxt.exe
  2⤵
  PID:11520
- C:\Windows\System32\OVTjvmf.exe
  C:\Windows\System32\OVTjvmf.exe
  2⤵
  PID:11556
- C:\Windows\System32\ybTjuoz.exe
  C:\Windows\System32\ybTjuoz.exe
  2⤵
  PID:11572
- C:\Windows\System32\sizWdhI.exe
  C:\Windows\System32\sizWdhI.exe
  2⤵
  PID:11592
- C:\Windows\System32\wHRWcYO.exe
  C:\Windows\System32\wHRWcYO.exe
  2⤵
  PID:11612
- C:\Windows\System32\RMuoLWA.exe
  C:\Windows\System32\RMuoLWA.exe
  2⤵
  PID:11636
- C:\Windows\System32\DaWsbVB.exe
  C:\Windows\System32\DaWsbVB.exe
  2⤵
  PID:11656
- C:\Windows\System32\PRwkkIO.exe
  C:\Windows\System32\PRwkkIO.exe
  2⤵
  PID:11680
- C:\Windows\System32\PYxMUNo.exe
  C:\Windows\System32\PYxMUNo.exe
  2⤵
  PID:11700
- C:\Windows\System32\TZitPOC.exe
  C:\Windows\System32\TZitPOC.exe
  2⤵
  PID:11752
- C:\Windows\System32\FxWAEfs.exe
  C:\Windows\System32\FxWAEfs.exe
  2⤵
  PID:11784
- C:\Windows\System32\nfdXPzu.exe
  C:\Windows\System32\nfdXPzu.exe
  2⤵
  PID:11804
- C:\Windows\System32\zFukcnj.exe
  C:\Windows\System32\zFukcnj.exe
  2⤵
  PID:11820
- C:\Windows\System32\oxbzixR.exe
  C:\Windows\System32\oxbzixR.exe
  2⤵
  PID:11844
- C:\Windows\System32\saBECoR.exe
  C:\Windows\System32\saBECoR.exe
  2⤵
  PID:11892
- C:\Windows\System32\tHLMUaR.exe
  C:\Windows\System32\tHLMUaR.exe
  2⤵
  PID:11948
- C:\Windows\System32\kkFewIm.exe
  C:\Windows\System32\kkFewIm.exe
  2⤵
  PID:11968
- C:\Windows\System32\NNsaHYl.exe
  C:\Windows\System32\NNsaHYl.exe
  2⤵
  PID:11992
- C:\Windows\System32\CbuQatK.exe
  C:\Windows\System32\CbuQatK.exe
  2⤵
  PID:12040
- C:\Windows\System32\LyjvAxG.exe
  C:\Windows\System32\LyjvAxG.exe
  2⤵
  PID:12064
- C:\Windows\System32\yKmNXew.exe
  C:\Windows\System32\yKmNXew.exe
  2⤵
  PID:12084
- C:\Windows\System32\MaLDXrT.exe
  C:\Windows\System32\MaLDXrT.exe
  2⤵
  PID:12104
- C:\Windows\System32\kgOhpod.exe
  C:\Windows\System32\kgOhpod.exe
  2⤵
  PID:12132
- C:\Windows\System32\gmeeGJr.exe
  C:\Windows\System32\gmeeGJr.exe
  2⤵
  PID:12156
- C:\Windows\System32\mWPmrVz.exe
  C:\Windows\System32\mWPmrVz.exe
  2⤵
  PID:12192
- C:\Windows\System32\veTyPme.exe
  C:\Windows\System32\veTyPme.exe
  2⤵
  PID:12212
- C:\Windows\System32\EvaFVBf.exe
  C:\Windows\System32\EvaFVBf.exe
  2⤵
  PID:12248
- C:\Windows\System32\ZoZVlkd.exe
  C:\Windows\System32\ZoZVlkd.exe
  2⤵
  PID:12268
- C:\Windows\System32\jqJQoJX.exe
  C:\Windows\System32\jqJQoJX.exe
  2⤵
  PID:10964
- C:\Windows\System32\FmJbqZG.exe
  C:\Windows\System32\FmJbqZG.exe
  2⤵
  PID:11316
- C:\Windows\System32\JIPqmrz.exe
  C:\Windows\System32\JIPqmrz.exe
  2⤵
  PID:11328
- C:\Windows\System32\IqvSTYd.exe
  C:\Windows\System32\IqvSTYd.exe
  2⤵
  PID:11408
- C:\Windows\System32\ArzqvNA.exe
  C:\Windows\System32\ArzqvNA.exe
  2⤵
  PID:11484
- C:\Windows\System32\gYkMGrW.exe
  C:\Windows\System32\gYkMGrW.exe
  2⤵
  PID:11512
- C:\Windows\System32\sOaVJVY.exe
  C:\Windows\System32\sOaVJVY.exe
  2⤵
  PID:11588
- C:\Windows\System32\EeVyJnl.exe
  C:\Windows\System32\EeVyJnl.exe
  2⤵
  PID:11668
- C:\Windows\System32\vDCBJpz.exe
  C:\Windows\System32\vDCBJpz.exe
  2⤵
  PID:11836
- C:\Windows\System32\RwSNJvp.exe
  C:\Windows\System32\RwSNJvp.exe
  2⤵
  PID:11800
- C:\Windows\System32\CNnsnIX.exe
  C:\Windows\System32\CNnsnIX.exe
  2⤵
  PID:11904
- C:\Windows\System32\MeOgphH.exe
  C:\Windows\System32\MeOgphH.exe
  2⤵
  PID:11924
- C:\Windows\System32\yPFObbN.exe
  C:\Windows\System32\yPFObbN.exe
  2⤵
  PID:12028
- C:\Windows\System32\mgZXlwn.exe
  C:\Windows\System32\mgZXlwn.exe
  2⤵
  PID:12076
- C:\Windows\System32\JpSIAjW.exe
  C:\Windows\System32\JpSIAjW.exe
  2⤵
  PID:12144
- C:\Windows\System32\dbeQAFP.exe
  C:\Windows\System32\dbeQAFP.exe
  2⤵
  PID:12236
- C:\Windows\System32\RknNHKX.exe
  C:\Windows\System32\RknNHKX.exe
  2⤵
  PID:11356
- C:\Windows\System32\UfMZnzv.exe
  C:\Windows\System32\UfMZnzv.exe
  2⤵
  PID:11464
- C:\Windows\System32\IIdlTGV.exe
  C:\Windows\System32\IIdlTGV.exe
  2⤵
  PID:11580
- C:\Windows\System32\kjDZwVj.exe
  C:\Windows\System32\kjDZwVj.exe
  2⤵
  PID:11632
- C:\Windows\System32\pBDcCgP.exe
  C:\Windows\System32\pBDcCgP.exe
  2⤵
  PID:11780
- C:\Windows\System32\DZiWRgU.exe
  C:\Windows\System32\DZiWRgU.exe
  2⤵
  PID:12056
- C:\Windows\System32\calugzA.exe
  C:\Windows\System32\calugzA.exe
  2⤵
  PID:12180
- C:\Windows\System32\YRJDFil.exe
  C:\Windows\System32\YRJDFil.exe
  2⤵
  PID:11148
- C:\Windows\System32\zTopQeS.exe
  C:\Windows\System32\zTopQeS.exe
  2⤵
  PID:11716
- C:\Windows\System32\LZwYBYK.exe
  C:\Windows\System32\LZwYBYK.exe
  2⤵
  PID:12072
- C:\Windows\System32\uDmodAq.exe
  C:\Windows\System32\uDmodAq.exe
  2⤵
  PID:11772
- C:\Windows\System32\rLKKdbh.exe
  C:\Windows\System32\rLKKdbh.exe
  2⤵
  PID:12096
- C:\Windows\System32\KZdXdYy.exe
  C:\Windows\System32\KZdXdYy.exe
  2⤵
  PID:12320
- C:\Windows\System32\GMNRyIM.exe
  C:\Windows\System32\GMNRyIM.exe
  2⤵
  PID:12360
- C:\Windows\System32\EklGwck.exe
  C:\Windows\System32\EklGwck.exe
  2⤵
  PID:12384
- C:\Windows\System32\nmTWAZH.exe
  C:\Windows\System32\nmTWAZH.exe
  2⤵
  PID:12408
- C:\Windows\System32\eWMWmfm.exe
  C:\Windows\System32\eWMWmfm.exe
  2⤵
  PID:12448
- C:\Windows\System32\yrFZunb.exe
  C:\Windows\System32\yrFZunb.exe
  2⤵
  PID:12476
- C:\Windows\System32\hScJdXr.exe
  C:\Windows\System32\hScJdXr.exe
  2⤵
  PID:12492
- C:\Windows\System32\DoJuQHN.exe
  C:\Windows\System32\DoJuQHN.exe
  2⤵
  PID:12512
- C:\Windows\System32\aXjhsOT.exe
  C:\Windows\System32\aXjhsOT.exe
  2⤵
  PID:12548
- C:\Windows\System32\kYSKQVN.exe
  C:\Windows\System32\kYSKQVN.exe
  2⤵
  PID:12568
- C:\Windows\System32\eHwOivB.exe
  C:\Windows\System32\eHwOivB.exe
  2⤵
  PID:12588
- C:\Windows\System32\QsDCTAA.exe
  C:\Windows\System32\QsDCTAA.exe
  2⤵
  PID:12620
- C:\Windows\System32\LKxcAsu.exe
  C:\Windows\System32\LKxcAsu.exe
  2⤵
  PID:12636
- C:\Windows\System32\KlBFPok.exe
  C:\Windows\System32\KlBFPok.exe
  2⤵
  PID:12660
- C:\Windows\System32\mQSUTha.exe
  C:\Windows\System32\mQSUTha.exe
  2⤵
  PID:12680
- C:\Windows\System32\DbhJuhY.exe
  C:\Windows\System32\DbhJuhY.exe
  2⤵
  PID:12700
- C:\Windows\System32\ItNukhH.exe
  C:\Windows\System32\ItNukhH.exe
  2⤵
  PID:12760
- C:\Windows\System32\XXeHVdc.exe
  C:\Windows\System32\XXeHVdc.exe
  2⤵
  PID:12800
- C:\Windows\System32\xWfDyYv.exe
  C:\Windows\System32\xWfDyYv.exe
  2⤵
  PID:12828
- C:\Windows\System32\dsfWLKj.exe
  C:\Windows\System32\dsfWLKj.exe
  2⤵
  PID:12856
- C:\Windows\System32\BzLipHn.exe
  C:\Windows\System32\BzLipHn.exe
  2⤵
  PID:12876
- C:\Windows\System32\ZqWVUsy.exe
  C:\Windows\System32\ZqWVUsy.exe
  2⤵
  PID:12892
- C:\Windows\System32\LgPNwKZ.exe
  C:\Windows\System32\LgPNwKZ.exe
  2⤵
  PID:12928
- C:\Windows\System32\TJHYbBW.exe
  C:\Windows\System32\TJHYbBW.exe
  2⤵
  PID:12948
- C:\Windows\System32\eaxFjrB.exe
  C:\Windows\System32\eaxFjrB.exe
  2⤵
  PID:12968
- C:\Windows\System32\QRhePyB.exe
  C:\Windows\System32\QRhePyB.exe
  2⤵
  PID:13000
- C:\Windows\System32\npddfYv.exe
  C:\Windows\System32\npddfYv.exe
  2⤵
  PID:13020
- C:\Windows\System32\YKzxhbp.exe
  C:\Windows\System32\YKzxhbp.exe
  2⤵
  PID:13048
- C:\Windows\System32\sJXvSmV.exe
  C:\Windows\System32\sJXvSmV.exe
  2⤵
  PID:13072
- C:\Windows\System32\xZityYZ.exe
  C:\Windows\System32\xZityYZ.exe
  2⤵
  PID:13104
- C:\Windows\System32\SQCIsZn.exe
  C:\Windows\System32\SQCIsZn.exe
  2⤵
  PID:13168
- C:\Windows\System32\HZQNEiu.exe
  C:\Windows\System32\HZQNEiu.exe
  2⤵
  PID:13188
- C:\Windows\System32\XeJccuM.exe
  C:\Windows\System32\XeJccuM.exe
  2⤵
  PID:13208
- C:\Windows\System32\jsULVXa.exe
  C:\Windows\System32\jsULVXa.exe
  2⤵
  PID:13232
- C:\Windows\System32\TGpsbVD.exe
  C:\Windows\System32\TGpsbVD.exe
  2⤵
  PID:13252
- C:\Windows\System32\ycfnEMv.exe
  C:\Windows\System32\ycfnEMv.exe
  2⤵
  PID:13296
- C:\Windows\System32\dNaExBA.exe
  C:\Windows\System32\dNaExBA.exe
  2⤵
  PID:11928
- C:\Windows\System32\FnUeDLj.exe
  C:\Windows\System32\FnUeDLj.exe
  2⤵
  PID:12328
- C:\Windows\System32\ikoVSxv.exe
  C:\Windows\System32\ikoVSxv.exe
  2⤵
  PID:12392
- C:\Windows\System32\TqxAvgw.exe
  C:\Windows\System32\TqxAvgw.exe
  2⤵
  PID:12420
- C:\Windows\System32\HhhuLLh.exe
  C:\Windows\System32\HhhuLLh.exe
  2⤵
  PID:12520
- C:\Windows\System32\CSamJyf.exe
  C:\Windows\System32\CSamJyf.exe
  2⤵
  PID:12564
- C:\Windows\System32\HcpCRSR.exe
  C:\Windows\System32\HcpCRSR.exe
  2⤵
  PID:12732
- C:\Windows\System32\ByiPObG.exe
  C:\Windows\System32\ByiPObG.exe
  2⤵
  PID:12672
- C:\Windows\System32\pYACpRN.exe
  C:\Windows\System32\pYACpRN.exe
  2⤵
  PID:12796
- C:\Windows\System32\QdFvKqW.exe
  C:\Windows\System32\QdFvKqW.exe
  2⤵
  PID:12824
- C:\Windows\System32\ueScEks.exe
  C:\Windows\System32\ueScEks.exe
  2⤵
  PID:12888
- C:\Windows\System32\RMTSWgB.exe
  C:\Windows\System32\RMTSWgB.exe
  2⤵
  PID:12984
- C:\Windows\System32\VtKJisa.exe
  C:\Windows\System32\VtKJisa.exe
  2⤵
  PID:13044
- C:\Windows\System32\MvtGGls.exe
  C:\Windows\System32\MvtGGls.exe
  2⤵
  PID:3512
- C:\Windows\System32\pKPrpZG.exe
  C:\Windows\System32\pKPrpZG.exe
  2⤵
  PID:13220
- C:\Windows\System32\rnjfIsw.exe
  C:\Windows\System32\rnjfIsw.exe
  2⤵
  PID:13244
- C:\Windows\System32\AqvIGbE.exe
  C:\Windows\System32\AqvIGbE.exe
  2⤵
  PID:13308
- C:\Windows\System32\ZSxTNtn.exe
  C:\Windows\System32\ZSxTNtn.exe
  2⤵
  PID:12300
- C:\Windows\System32\RbAoQir.exe
  C:\Windows\System32\RbAoQir.exe
  2⤵
  PID:12508
- C:\Windows\System32\uQRMDsL.exe
  C:\Windows\System32\uQRMDsL.exe
  2⤵
  PID:12784
- C:\Windows\System32\XqxjyDm.exe
  C:\Windows\System32\XqxjyDm.exe
  2⤵
  PID:12820
- C:\Windows\System32\KwSliGJ.exe
  C:\Windows\System32\KwSliGJ.exe
  2⤵
  PID:13064
- C:\Windows\System32\UiumuFj.exe
  C:\Windows\System32\UiumuFj.exe
  2⤵
  PID:13112
- C:\Windows\System32\sZRKVmW.exe
  C:\Windows\System32\sZRKVmW.exe
  2⤵
  PID:13180
- C:\Windows\System32\sgKWzoF.exe
  C:\Windows\System32\sgKWzoF.exe
  2⤵
  PID:13284
- C:\Windows\System32\FYArjnJ.exe
  C:\Windows\System32\FYArjnJ.exe
  2⤵
  PID:12580
- C:\Windows\System32\RDRTKRQ.exe
  C:\Windows\System32\RDRTKRQ.exe
  2⤵
  PID:12280
- C:\Windows\System32\bhIOxRR.exe
  C:\Windows\System32\bhIOxRR.exe
  2⤵
  PID:12936
- C:\Windows\System32\BSsiBHR.exe
  C:\Windows\System32\BSsiBHR.exe
  2⤵
  PID:13328
- C:\Windows\System32\IHbIITy.exe
  C:\Windows\System32\IHbIITy.exe
  2⤵
  PID:13352
- C:\Windows\System32\drUbVRN.exe
  C:\Windows\System32\drUbVRN.exe
  2⤵
  PID:13376
- C:\Windows\System32\ddQUExl.exe
  C:\Windows\System32\ddQUExl.exe
  2⤵
  PID:13392
- C:\Windows\System32\EdBLxUU.exe
  C:\Windows\System32\EdBLxUU.exe
  2⤵
  PID:13412
- C:\Windows\System32\tayaPkv.exe
  C:\Windows\System32\tayaPkv.exe
  2⤵
  PID:13428
- C:\Windows\System32\YDnVpeZ.exe
  C:\Windows\System32\YDnVpeZ.exe
  2⤵
  PID:13464
- C:\Windows\System32\RCoCJGj.exe
  C:\Windows\System32\RCoCJGj.exe
  2⤵
  PID:13508
- C:\Windows\System32\SJENanM.exe
  C:\Windows\System32\SJENanM.exe
  2⤵
  PID:13524
- C:\Windows\System32\yqDoxkq.exe
  C:\Windows\System32\yqDoxkq.exe
  2⤵
  PID:13548
- C:\Windows\System32\ZXpuTzl.exe
  C:\Windows\System32\ZXpuTzl.exe
  2⤵
  PID:13592
- C:\Windows\System32\ooABUKr.exe
  C:\Windows\System32\ooABUKr.exe
  2⤵
  PID:13616
- C:\Windows\System32\ZJVfQXI.exe
  C:\Windows\System32\ZJVfQXI.exe
  2⤵
  PID:13640

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BWOcQYf.exe

Filesize
1.4MB

MD5
b4c9636ab3ce1b6999a646eb73b421d6

SHA1
990449ebff93b5e02a24f8b7274a5681b7e9854e

SHA256
a6d83ad2a263eb726104392ccb44f441fff2ac841cb6059405bda86e7093d7da

SHA512
a332397a7137c3f05defb6ac057a15645a62283d60c5be65cb1e5e37bbf2023133a1d6a59761cb4311b514dc4cd9a363e35a1731e483a0f29f890722f193280a

Download Submit
C:\Windows\System32\CDICShP.exe

Filesize
1.4MB

MD5
266facd155798a7a1ee4d043a737edec

SHA1
1c4138f3f011c110292344a71e75ccbb133a98ff

SHA256
b0fe0a084a13fe2b67095fbc2fd24a4d287bd89f733ee9a0c849ce16ac6bc98a

SHA512
23473438c5b78bacfb580b18ce7b5872b2701df97c1f8cfddd7fc4c90957d5bbe24b27f7e3ad1e50e81a0852f4a4c6ada1ffa49d37261fecde860d7c32ba15f5

Download Submit
C:\Windows\System32\CbdhGll.exe

Filesize
1.4MB

MD5
6db99e099d25bf36ca1d3b957601d4d0

SHA1
63d53a8bddfe38f26219d0f8943c2ffd26ae2a80

SHA256
48c90199432f28c63650703c577f41c5d45e2cf1ef425cee975eee3c5dc28c5f

SHA512
066f574438880fe134d9cf138bf4e6e187a37e11bb36ac2b178fb8a4662737622329f18f7e93b7ab992776f3f5382a7ee8bc78e9e700d5ba26fe16490222b6c2

Download Submit
C:\Windows\System32\ChUTVGx.exe

Filesize
1.4MB

MD5
e1f826708d7d35bb6f835289bfc11f0f

SHA1
cc6c66efc7ca25fb3f42caa8aefcda3d7737efa9

SHA256
8d3d9c9542a55aa133a14a3a44e15bf1da20755afa73eabb2f2b9d365a2598ac

SHA512
25d4de880220e867b1b3a4892c90b4a1cc11acdfa060364094217cd05b64070120cb4c82e5ad96dd1cded53f457dc4c3f9a030927953c9d2d4aa69b2ec9971bd

Download Submit
C:\Windows\System32\CnqSMpY.exe

Filesize
1.4MB

MD5
eb42875f7bf40e3f10ee0bcb4fc94c8c

SHA1
e27267413b37482feda9b417277e98a6b6851707

SHA256
34766424aebc4b6b588a5cf6c5ea92e3d93e05662daa0e8fe1fef6057d750d28

SHA512
b130430c939a243808768ab444574ef18ad08efab0ca93282083cdebe65efd500606b7295f90a96a6943cdbcb51c125f550f11ebdec63ee55c85e566aafa35a5

Download Submit
C:\Windows\System32\EVCUxLZ.exe

Filesize
1.4MB

MD5
ccbf8672b07b0563e316698df49dd774

SHA1
ea1fd51b7586f0c3b2afec35e63cd5ce46be1425

SHA256
d7ba483908aa9eee69ea1853bd38810eb99e1a564aedb6f0dad418ed6da07284

SHA512
d3ee5f604d83564f2ce73587aac50a0128bc24204889128833239a21de52209ccef0eee4f534b18a4d50b9932a40cbe88ce5e10649d43bba6ad4dc22be9e4e52

Download Submit
C:\Windows\System32\FKwlnvV.exe

Filesize
1.5MB

MD5
19184917ebeba975706635aed761c041

SHA1
49becb67f9b1c452d19b5848865516bc79bafbd7

SHA256
59ba0969bf80713b52ce9a0671b57231c1a40b9bc24ed44fbe622fc3ec3b195a

SHA512
ddf85b50e81924b74aebfe08fd26ab33f5359e0e5b8ae8072b75d1062fc5f39ca33a56f3fd1d927f242203beb607883a65b5f2103d0d355f02ddea915fad6549

Download Submit
C:\Windows\System32\FkirhFS.exe

Filesize
1.4MB

MD5
14f4c43766e7db2be8223610c65cc4fb

SHA1
5f0fe31d2f1492072dca9ef1d836d0cb535ec97b

SHA256
044a5f7c73fbb1c655f8c850047c0c495cd62de4eefeb14905873e766be419bd

SHA512
46279f60c20fb85aebfc7aaf2a5db28d3b50663ef375a6602c0e802871892a78e32baa616a8058ee8ef1f1c86372c8c3f475077d9ac855f3e05e6ae8c67fb7db

Download Submit
C:\Windows\System32\HfSCUCx.exe

Filesize
1.5MB

MD5
b37ca603062fc93054257096a6f08f84

SHA1
b60ad06dd0fd8601a12a077e75e90d7f27951287

SHA256
dcce9de7e34dada2a101ce5e79fb60ed7b8796f4769f189095b20f881600334a

SHA512
29fc44141772a3ca4678bf43402311b8e02ae879acf0bccce565924aaf8edea77c3f5f06b8ebbc49d53a7a64e6b8ba55a40f09fa8fe3aac06194d5cd01c9fdbf

Download Submit
C:\Windows\System32\JBSKtFY.exe

Filesize
1.4MB

MD5
c85f3b97738a4f59f5d57dfd00995e7a

SHA1
bfbe58265b97b2264e7f7455ca90888094a5d19f

SHA256
463e7623c7ccec58c914074ca8f0d86937f0f4d73658c10d82a74d4c117e42a8

SHA512
19ec571edaa29c29752148c2312a2179a4bcb1045b6ddf24b4a173fc8aa57d27ade7f17d9f29da65b7f2ba7c48426453b8bd14b595142283e0a7be5ac3574789

Download Submit
C:\Windows\System32\JYVoExF.exe

Filesize
1.4MB

MD5
017ddc6e2edf990736d2da9be7cf60d1

SHA1
74c6c635b781ca51838fb227e8e939d8338d2463

SHA256
d13d25d890a2218c7387d4d72f4828be15c5d09642f5addb0c37ed1b5d9ddd45

SHA512
68cc7dc7152e8dca15055895bfe95523e8fcf806bada36818224cf8e5c050bed2d84f8ff46071578adbdccc129abf79621a0ee8ebe7090affde71fc25efcf7c1

Download Submit
C:\Windows\System32\KFOEXYo.exe

Filesize
1.4MB

MD5
16fd11b436d1bd21ddb6c37a978e987d

SHA1
42eaf9b675b61d1b29912452b3f8f970fb716023

SHA256
198534526d003c173df84a82721ea5d4dcb2f63c571505ec5fbd189e8f6b26d8

SHA512
2abb94c5dcd4764df1f0d4044734630cf16478dadb76b3d7cd170635a3d5186d01ed4647fd00cd1cf29c8cf1c394a0faff7ca3b20ac09fe8fc9937766367bef0

Download Submit
C:\Windows\System32\MJQfPok.exe

Filesize
1.4MB

MD5
d0eae601250d1d9e8969fe667deedb78

SHA1
a9491bb6a221e6b2b9006d0d1c9fdd3c27610a95

SHA256
f8c17abfe9b01500a014fcab1aa1dbcb7ccb131478b6e3a898d86cfab1c4dee0

SHA512
3d223ae5faf55ddd4b9d3e08dd51e0657d111a96b7994369e5da5b5f8077cd3de1d521f4cf842a08d7dc51ee715dc8addb3e1fdffa92698fcbc72ad50abe949c

Download Submit
C:\Windows\System32\MTvhZfC.exe

Filesize
1.4MB

MD5
1f2c70290dc02580438d4e1cefe14577

SHA1
847e9d8e78acf7d26e7c07507efecc4693ea84c7

SHA256
cdddf7a0d2b7442ad9ac8bd140f974fe5fc8c4428f4eb28a831fc7e98021d603

SHA512
02dc62e9db5936e84bc3d6e4673f1ccfacf77d622d6fdd673b852ec5a2c03ee5a525bf04b7e1e8a70a3bf15e0eb38234f772cb5da9658fc6a1af14f4b10f86fd

Download Submit
C:\Windows\System32\PiUPqfC.exe

Filesize
1.4MB

MD5
5cad02349e3d5b288810be211adac0b6

SHA1
699ccd70f032a23e4f04a47da1ed6b0ee895723d

SHA256
79faa15105a340099cefcd73dfa9af67b4d67748bc57ee939c692eadcd6c0b72

SHA512
d811c68756a674e8d3fc43a1dfe3c9961a6315455505f43a05c0680a548796d5d9713d63119e4f2457830436453389706c9953f0f511f0be67d6b259714352c2

Download Submit
C:\Windows\System32\QIhIAYH.exe

Filesize
1.5MB

MD5
0867afc7c79685719afc178fa51378bb

SHA1
b8ff70bd398f9b128c51697ff13da47adc63bd78

SHA256
512daa2740d36a867eea2e2f9fe3ee83cd780449d9414032d37869cc0ee9e460

SHA512
563e936108ebe78fd7565b5fd42ab19a2039173e058be95757692dcce123a2a9b4222e2b11b4b9438f92c94a11805e516a2f126ef6e6110998c9ab65a4c7ed1c

Download Submit
C:\Windows\System32\UVUGLzc.exe

Filesize
1.4MB

MD5
5795fdbc618801ebb236b60c51385563

SHA1
5f5a38c9a7eb90585fd421718c06d6731995f5b6

SHA256
700acafa6d5b1c3d017abb6168331019b8bf9ea2d618aa1d01624b9a4da61177

SHA512
3f4e3d1612ccc4987f71b4e8a7c3c6cf2d4acebdeb481f46a990d42d32c2a80b67e97c106fa087e774f3dc1ee8b96f770131dc9040f69641656c20c3453892c6

Download Submit
C:\Windows\System32\baTYvAT.exe

Filesize
1.4MB

MD5
5de3979e627504001185a902600049b7

SHA1
0066f2b9232d5f15eb75e1b519ed6d9c48424a9e

SHA256
d26329ee1adc9a752e425327b9c08d449b4126ca760bfe5cc0369ab1f15b6046

SHA512
196fd8042122900d6785153fe8c06639fbfe4fa7ceb4a694a370de5f6caed5293adfc4df1de53e0b325c3da69ccad569722dec5df67b3c4966190abdb701b28f

Download Submit
C:\Windows\System32\bfBHPkT.exe

Filesize
1.5MB

MD5
0a4bd2b0a91d0284724721cb158e823f

SHA1
ae1959dedb7e72d36f364526b771fcbe6f1480ad

SHA256
684fc0e7e54601be0325388b662de3a1ffa923c2ba45ba17140da5106295c279

SHA512
eb22cd9b53d7696de8a5e1517bddb60d04388ae41d209fd2c13d2e70e7cafe1f0b3ab715d8775711f50d912e70d270eef18aa01e7b59a1306f3a8b52d9772b44

Download Submit
C:\Windows\System32\cJQIFgs.exe

Filesize
1.4MB

MD5
aa87db22352181bc07e59e4f3caba2a6

SHA1
bdd8d4b6acd6a17f0cb0215c198ccd8dbdb2f7e1

SHA256
2dea54e2187b3fe93ba54062d35f6afe1d94047e291ae3d6af1c502a76fa5e83

SHA512
1e0688e68c468ba36e3c3aeff905f2606c4ec4ed9bb08687dae5ef19b661c0524bc806fd8a226f844ac79893557591068a435ac494b01ab6c096630daba4c79c

Download Submit
C:\Windows\System32\epBaoNQ.exe

Filesize
1.4MB

MD5
a89990629f872bc7383101dc74996fda

SHA1
ce14d27000207046d404b00f9082919d18b5c000

SHA256
94a009018ce46f8504b591f7b7b0854556ae81f6ba985facf00d6bbbf9fa71aa

SHA512
46ef7f69ad19a057bc85ae55021e55ce6ee6a45094b33a5d13ba3c169409fab6e4232afb72c8d94d9488db773b21163d619171895150243176a1245a15f5fff1

Download Submit
C:\Windows\System32\hCygaxT.exe

Filesize
1.4MB

MD5
8d9926066f9fa44cfb1e0b22797aaed8

SHA1
010b89d341e65061d5619e0abcf980cfbfd41bf5

SHA256
4f873bdea84b50e3ab73666c831a6f11c3a419aa1fb6ea5c69145a79b54e36dd

SHA512
8e580916a368893942d77a9e68ebbc7adf3ea8f9fa521f03c5107f64fb0c3915086eddb28e9476bebc965f46bbce3ee1338dd717fc402f3b0c67095c29f07674

Download Submit
C:\Windows\System32\jAWpPMa.exe

Filesize
1.4MB

MD5
bc782e487b6034d6a89b441babec0007

SHA1
cd835a8a66035bbcf01ff733e6611885cea58264

SHA256
e2d6d6faa2e3de3cdbb1c42567b8e2c296b4f86b6bdc8418aea9d3ceb98ff13f

SHA512
f59cfc3c95a4e3598e578bc3a87b23c56b12a8aab617e7bb75ad3ebf23ebf0af3fece32e9b8b42b83524139da6140fa4a98cc76d1bf68426e09c01fa8f9fb2ef

Download Submit
C:\Windows\System32\phKxlWX.exe

Filesize
1.4MB

MD5
0ca0fe1d78dcd12cf37e09b383c19c7a

SHA1
dd6a5c66df43cf6d4ebe5cda657537036477bcac

SHA256
d780d9c889b02dd394c9c6b28de00b29278cd00e08dd80f4f051cfaca2234e1b

SHA512
75513caefa09a84c90317e454052edec9167008e81c74f527f46684ade80ee203e46137de04aa03099bf3284c35d3026afcb4b52fa994f8e25448d755160b1b3

Download Submit
C:\Windows\System32\rlvTlnz.exe

Filesize
1.5MB

MD5
bed0ffb5a4271f06ee6b7b5c99dd2560

SHA1
d159dbb08c9cd983c0aabc9fa359cfa1841cfd0e

SHA256
f5a3f87fcb7458ef1f57a9898e2626af1588583306678a1335189a0c58e7a85f

SHA512
c094d44ff8c0020d4725e1fd4ff641b4d566a4bb7de2bcdb42dde6c60c1f56e31660a5486217e478a58230c20448f9526be07c3a4efec326a6e5da69084cfe85

Download Submit
C:\Windows\System32\tNAniHY.exe

Filesize
1.5MB

MD5
1e6af9564a7e22ed46148b1cdc7db9fa

SHA1
b0ea04a4281cff634bc70b0603acfae6084dbeb4

SHA256
1a0d67098db513bf5d84c9c13f100d2aca701c9d51ff9a8e35fed854ab81bf46

SHA512
18481b58f5407c4d28aa0c5a948ce8926fce2d429ac8392cb3a2bc6d02623e573d5e1071697fe41377d54ba95bc2aea6d85abd5b05227de6b8f05a6ecbe21ca3

Download Submit
C:\Windows\System32\tWtsrDP.exe

Filesize
1.4MB

MD5
96624102e9c2032ef6cc57ba7982ffc6

SHA1
c535744bda94cc3f069cffbde4bb1c9e3e0183fb

SHA256
1813d4669efe3f4e94debd194881d3dcd84935f6cfac3e3f2aa27679d80ffb1e

SHA512
f3221316e693ee5024f2fb8117929d33976a56904c5eaccb661bdfd53467c71a75e8e3d7a446878bf10e9cb4a8be7e133ae1ab74c0021391e71e60916e248657

Download Submit
C:\Windows\System32\tkSZUep.exe

Filesize
1.4MB

MD5
73060e028c42c4d38ad3b49b7252b20b

SHA1
f7edb2987aa004a2233dd212c84947518e4e3d31

SHA256
1c71280de751918fab3ba831716aecadc4c67fa6c5a3f3e9df524677df3cb671

SHA512
a16d2e817547e4b594874f145c1fc8c1d7bac4993ef854714e66d43d9573fe67db4a691b5ed4e75593b92c5041ddc62d6354068da236367e33305bcd4fba75b1

Download Submit
C:\Windows\System32\tzZOgmw.exe

Filesize
1.4MB

MD5
8f6b1fe20200767d0cd43408dbb4651b

SHA1
6a602feca9a3127d2ddcffcb3ae618542b465bdb

SHA256
f5fa342b2c7e377d05f45af464e93c11a487e8432f6ec43a1aecb2a5fc09e6db

SHA512
479484c3efbe137f14bbf3e8c0ea4d2c4a485419c3dbe076b19866e2dbd3ef5e1dfd079bcf7aad9431d685964be15cee6573005f008092a218d791a5337e6bbd

Download Submit
C:\Windows\System32\uaxSzCj.exe

Filesize
1.5MB

MD5
0e2f59feeebee60fff40638d3f4e4968

SHA1
0182d57ef38af91ca575575d934e90600817a059

SHA256
bb4698456736eba3c2d31c4dbe28f9365cb31d6f765d2ca35392e7720560c232

SHA512
29bb4d26d1c18602ade01efb0c42d5eeb1d870a027d1a5e7019f3bf4f01942b95f9f735daa3f5f11632faad1052574c5c77b9613a526e802a5515c228013a2a0

Download Submit
C:\Windows\System32\vWCFzkR.exe

Filesize
1.5MB

MD5
0c28678d2af4e0d7a93e326960966924

SHA1
56544c03f0bfac07f2e017e5de6e4904cbc8bed2

SHA256
f590e898d1ab7240fa2d23f0119c82df5f97ccbc28369df021b81dfd87e3d575

SHA512
2bbedc5f2574424cdd9e424a38efd0607872bc038e3a81407275e23f1d182ee448cd5a4d79d882b34e2a17f73e9eb6da4e3f6d19c89aa69c0b0e9cbd9a4a68b3

Download Submit
C:\Windows\System32\wnxSYpC.exe

Filesize
1.4MB

MD5
c9760b35ebf04381acbdc027c48a182b

SHA1
105cd8cf4e32b0f35397960f9ec2f0d97f7d1a01

SHA256
cf64b54581ea642a84e9aee485f236f0fac25b963ea47564162be95160eaa048

SHA512
7f8f619c99a751b38c88e3e432c5b4aa07cf85000b2fd295f7edd18086c84b4828452b2728be155c83ee53d8a7f9997a8560b261a0a102bcad6664d91fbc9bc4

Download Submit
C:\Windows\System32\wohRJMd.exe

Filesize
1.4MB

MD5
6f02cebb9955d71dd1673624e410be73

SHA1
6f113c5c0945c76ef1d6f5e75bb1aec539ced79e

SHA256
34d41ad02e0daa3a3eb271a71c0e148b8a99c38ab875aa59fbb4d5f1c0786b0a

SHA512
19cb1896ea5ea05703f256dc7bdd7181941b65d88a551144308d501c7e276507895780e7e8bd44be2495cc243d987203efc75f2abaf1e290b304920ea5b25a1a

Download Submit
memory/216-68-0x00007FF7D4E70000-0x00007FF7D5261000-memory.dmp

Filesize
3.9MB

Download
memory/216-2176-0x00007FF7D4E70000-0x00007FF7D5261000-memory.dmp

Filesize
3.9MB

Download
memory/632-72-0x00007FF794AF0000-0x00007FF794EE1000-memory.dmp

Filesize
3.9MB

Download
memory/632-2172-0x00007FF794AF0000-0x00007FF794EE1000-memory.dmp

Filesize
3.9MB

Download
memory/804-2180-0x00007FF6D9E40000-0x00007FF6DA231000-memory.dmp

Filesize
3.9MB

Download
memory/804-73-0x00007FF6D9E40000-0x00007FF6DA231000-memory.dmp

Filesize
3.9MB

Download
memory/940-58-0x00007FF60FF90000-0x00007FF610381000-memory.dmp

Filesize
3.9MB

Download
memory/940-2170-0x00007FF60FF90000-0x00007FF610381000-memory.dmp

Filesize
3.9MB

Download
memory/1048-2168-0x00007FF6C8170000-0x00007FF6C8561000-memory.dmp

Filesize
3.9MB

Download
memory/1048-45-0x00007FF6C8170000-0x00007FF6C8561000-memory.dmp

Filesize
3.9MB

Download
memory/1048-1323-0x00007FF6C8170000-0x00007FF6C8561000-memory.dmp

Filesize
3.9MB

Download
memory/1340-421-0x00007FF72D880000-0x00007FF72DC71000-memory.dmp

Filesize
3.9MB

Download
memory/1340-2235-0x00007FF72D880000-0x00007FF72DC71000-memory.dmp

Filesize
3.9MB

Download
memory/1376-2178-0x00007FF75D410000-0x00007FF75D801000-memory.dmp

Filesize
3.9MB

Download
memory/1376-65-0x00007FF75D410000-0x00007FF75D801000-memory.dmp

Filesize
3.9MB

Download
memory/1600-2162-0x00007FF737C00000-0x00007FF737FF1000-memory.dmp

Filesize
3.9MB

Download
memory/1600-15-0x00007FF737C00000-0x00007FF737FF1000-memory.dmp

Filesize
3.9MB

Download
memory/1600-1203-0x00007FF737C00000-0x00007FF737FF1000-memory.dmp

Filesize
3.9MB

Download
memory/1928-1206-0x00007FF70C5A0000-0x00007FF70C991000-memory.dmp

Filesize
3.9MB

Download
memory/1928-2164-0x00007FF70C5A0000-0x00007FF70C991000-memory.dmp

Filesize
3.9MB

Download
memory/1928-30-0x00007FF70C5A0000-0x00007FF70C991000-memory.dmp

Filesize
3.9MB

Download
memory/1960-2188-0x00007FF71F660000-0x00007FF71FA51000-memory.dmp

Filesize
3.9MB

Download
memory/1960-413-0x00007FF71F660000-0x00007FF71FA51000-memory.dmp

Filesize
3.9MB

Download
memory/1984-2192-0x00007FF71AA10000-0x00007FF71AE01000-memory.dmp

Filesize
3.9MB

Download
memory/1984-414-0x00007FF71AA10000-0x00007FF71AE01000-memory.dmp

Filesize
3.9MB

Download
memory/2064-2184-0x00007FF690510000-0x00007FF690901000-memory.dmp

Filesize
3.9MB

Download
memory/2064-422-0x00007FF690510000-0x00007FF690901000-memory.dmp

Filesize
3.9MB

Download
memory/2312-419-0x00007FF6F1090000-0x00007FF6F1481000-memory.dmp

Filesize
3.9MB

Download
memory/2832-62-0x00007FF6BEEE0000-0x00007FF6BF2D1000-memory.dmp

Filesize
3.9MB

Download
memory/2832-2174-0x00007FF6BEEE0000-0x00007FF6BF2D1000-memory.dmp

Filesize
3.9MB

Download
memory/2944-2232-0x00007FF702B20000-0x00007FF702F11000-memory.dmp

Filesize
3.9MB

Download
memory/2944-420-0x00007FF702B20000-0x00007FF702F11000-memory.dmp

Filesize
3.9MB

Download
memory/3128-415-0x00007FF7CB9E0000-0x00007FF7CBDD1000-memory.dmp

Filesize
3.9MB

Download
memory/3128-2194-0x00007FF7CB9E0000-0x00007FF7CBDD1000-memory.dmp

Filesize
3.9MB

Download
memory/3132-2200-0x00007FF622CE0000-0x00007FF6230D1000-memory.dmp

Filesize
3.9MB

Download
memory/3132-417-0x00007FF622CE0000-0x00007FF6230D1000-memory.dmp

Filesize
3.9MB

Download
memory/3136-416-0x00007FF785140000-0x00007FF785531000-memory.dmp

Filesize
3.9MB

Download
memory/3136-2196-0x00007FF785140000-0x00007FF785531000-memory.dmp

Filesize
3.9MB

Download
memory/3352-2230-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp

Filesize
3.9MB

Download
memory/3352-418-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp

Filesize
3.9MB

Download
memory/3764-2190-0x00007FF7B6B00000-0x00007FF7B6EF1000-memory.dmp

Filesize
3.9MB

Download
memory/3764-412-0x00007FF7B6B00000-0x00007FF7B6EF1000-memory.dmp

Filesize
3.9MB

Download
memory/4324-2160-0x00007FF79AEC0000-0x00007FF79B2B1000-memory.dmp

Filesize
3.9MB

Download
memory/4324-1067-0x00007FF79AEC0000-0x00007FF79B2B1000-memory.dmp

Filesize
3.9MB

Download
memory/4324-7-0x00007FF79AEC0000-0x00007FF79B2B1000-memory.dmp

Filesize
3.9MB

Download
memory/4412-2182-0x00007FF789CA0000-0x00007FF78A091000-memory.dmp

Filesize
3.9MB

Download
memory/4412-411-0x00007FF789CA0000-0x00007FF78A091000-memory.dmp

Filesize
3.9MB

Download
memory/4552-2186-0x00007FF605370000-0x00007FF605761000-memory.dmp

Filesize
3.9MB

Download
memory/4552-410-0x00007FF605370000-0x00007FF605761000-memory.dmp

Filesize
3.9MB

Download
memory/4552-1467-0x00007FF605370000-0x00007FF605761000-memory.dmp

Filesize
3.9MB

Download
memory/4824-903-0x00007FF74D6B0000-0x00007FF74DAA1000-memory.dmp

Filesize
3.9MB

Download
memory/4824-1-0x000001E9636E0000-0x000001E9636F0000-memory.dmp

Filesize
64KB

Download
memory/4824-0-0x00007FF74D6B0000-0x00007FF74DAA1000-memory.dmp

Filesize
3.9MB

Download
memory/4836-23-0x00007FF78BD00000-0x00007FF78C0F1000-memory.dmp

Filesize
3.9MB

Download
memory/4836-1320-0x00007FF78BD00000-0x00007FF78C0F1000-memory.dmp

Filesize
3.9MB

Download
memory/4836-2166-0x00007FF78BD00000-0x00007FF78C0F1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads