xmrig | e4945e46312f4c449d17422e3cbaf80b3538a3a444d84a2738d269df49801257

Analysis

max time kernel
100s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aca8deb30af7677b941a50ce25d98300N.exe
Size

1.5MB
MD5

aca8deb30af7677b941a50ce25d98300
SHA1

54d1d8600a9fc7a156b31e5879b3e921a6c0f992
SHA256

e4945e46312f4c449d17422e3cbaf80b3538a3a444d84a2738d269df49801257
SHA512

f5d60111b860a27c9f19e2d7d26a35ad747fd364815755c45ee65378aab6cd78f484590708e98b464d0057719f3be36be6a830deca4724a56a8a89a4e265dfa8
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhn3AXXiuNmj6hviok92Uyy:knw9oUUEEDlGUJ8YhOXwoZy

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/1644-75-0x00007FF702680000-0x00007FF702A71000-memory.dmp	xmrig
behavioral2/memory/1724-80-0x00007FF624950000-0x00007FF624D41000-memory.dmp	xmrig
behavioral2/memory/4896-77-0x00007FF69B0E0000-0x00007FF69B4D1000-memory.dmp	xmrig
behavioral2/memory/3528-56-0x00007FF7E3980000-0x00007FF7E3D71000-memory.dmp	xmrig
behavioral2/memory/4884-46-0x00007FF7F5390000-0x00007FF7F5781000-memory.dmp	xmrig
behavioral2/memory/3040-116-0x00007FF75A7A0000-0x00007FF75AB91000-memory.dmp	xmrig
behavioral2/memory/4980-357-0x00007FF6E9B20000-0x00007FF6E9F11000-memory.dmp	xmrig
behavioral2/memory/4828-362-0x00007FF6E2810000-0x00007FF6E2C01000-memory.dmp	xmrig
behavioral2/memory/2488-368-0x00007FF6D8510000-0x00007FF6D8901000-memory.dmp	xmrig
behavioral2/memory/2872-136-0x00007FF7F67A0000-0x00007FF7F6B91000-memory.dmp	xmrig
behavioral2/memory/3020-132-0x00007FF7531C0000-0x00007FF7535B1000-memory.dmp	xmrig
behavioral2/memory/1752-378-0x00007FF6D1F60000-0x00007FF6D2351000-memory.dmp	xmrig
behavioral2/memory/3420-388-0x00007FF6681C0000-0x00007FF6685B1000-memory.dmp	xmrig
behavioral2/memory/1124-386-0x00007FF73B440000-0x00007FF73B831000-memory.dmp	xmrig
behavioral2/memory/2508-449-0x00007FF70D810000-0x00007FF70DC01000-memory.dmp	xmrig
behavioral2/memory/3376-452-0x00007FF7816B0000-0x00007FF781AA1000-memory.dmp	xmrig
behavioral2/memory/2864-603-0x00007FF70F550000-0x00007FF70F941000-memory.dmp	xmrig
behavioral2/memory/2440-591-0x00007FF696FC0000-0x00007FF6973B1000-memory.dmp	xmrig
behavioral2/memory/444-851-0x00007FF6ED060000-0x00007FF6ED451000-memory.dmp	xmrig
behavioral2/memory/3948-1273-0x00007FF7F37E0000-0x00007FF7F3BD1000-memory.dmp	xmrig
behavioral2/memory/3416-1278-0x00007FF7CE120000-0x00007FF7CE511000-memory.dmp	xmrig
behavioral2/memory/916-1284-0x00007FF672AE0000-0x00007FF672ED1000-memory.dmp	xmrig
behavioral2/memory/996-1277-0x00007FF73D540000-0x00007FF73D931000-memory.dmp	xmrig
behavioral2/memory/1972-1270-0x00007FF601FF0000-0x00007FF6023E1000-memory.dmp	xmrig
behavioral2/memory/4260-1370-0x00007FF7C6A30000-0x00007FF7C6E21000-memory.dmp	xmrig
behavioral2/memory/2872-2163-0x00007FF7F67A0000-0x00007FF7F6B91000-memory.dmp	xmrig
behavioral2/memory/2508-2165-0x00007FF70D810000-0x00007FF70DC01000-memory.dmp	xmrig
behavioral2/memory/1124-2167-0x00007FF73B440000-0x00007FF73B831000-memory.dmp	xmrig
behavioral2/memory/4884-2171-0x00007FF7F5390000-0x00007FF7F5781000-memory.dmp	xmrig
behavioral2/memory/3420-2169-0x00007FF6681C0000-0x00007FF6685B1000-memory.dmp	xmrig
behavioral2/memory/3528-2175-0x00007FF7E3980000-0x00007FF7E3D71000-memory.dmp	xmrig
behavioral2/memory/3376-2177-0x00007FF7816B0000-0x00007FF781AA1000-memory.dmp	xmrig
behavioral2/memory/2440-2173-0x00007FF696FC0000-0x00007FF6973B1000-memory.dmp	xmrig
behavioral2/memory/444-2185-0x00007FF6ED060000-0x00007FF6ED451000-memory.dmp	xmrig
behavioral2/memory/4896-2183-0x00007FF69B0E0000-0x00007FF69B4D1000-memory.dmp	xmrig
behavioral2/memory/1644-2182-0x00007FF702680000-0x00007FF702A71000-memory.dmp	xmrig
behavioral2/memory/2864-2179-0x00007FF70F550000-0x00007FF70F941000-memory.dmp	xmrig
behavioral2/memory/1724-2199-0x00007FF624950000-0x00007FF624D41000-memory.dmp	xmrig
behavioral2/memory/1972-2232-0x00007FF601FF0000-0x00007FF6023E1000-memory.dmp	xmrig
behavioral2/memory/3040-2237-0x00007FF75A7A0000-0x00007FF75AB91000-memory.dmp	xmrig
behavioral2/memory/996-2256-0x00007FF73D540000-0x00007FF73D931000-memory.dmp	xmrig
behavioral2/memory/4980-2258-0x00007FF6E9B20000-0x00007FF6E9F11000-memory.dmp	xmrig
behavioral2/memory/3948-2260-0x00007FF7F37E0000-0x00007FF7F3BD1000-memory.dmp	xmrig
behavioral2/memory/916-2264-0x00007FF672AE0000-0x00007FF672ED1000-memory.dmp	xmrig
behavioral2/memory/3416-2262-0x00007FF7CE120000-0x00007FF7CE511000-memory.dmp	xmrig
behavioral2/memory/4828-2268-0x00007FF6E2810000-0x00007FF6E2C01000-memory.dmp	xmrig
behavioral2/memory/2488-2273-0x00007FF6D8510000-0x00007FF6D8901000-memory.dmp	xmrig
behavioral2/memory/1752-2270-0x00007FF6D1F60000-0x00007FF6D2351000-memory.dmp	xmrig
behavioral2/memory/4260-2267-0x00007FF7C6A30000-0x00007FF7C6E21000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2872	GqOZzho.exe
2508	raBYOtO.exe
1124	OzFjHyx.exe
4884	ukmErhb.exe
2440	xRltKgv.exe
3420	KLfLzGY.exe
3528	UBYWyRt.exe
3376	fpLXIEL.exe
444	ZZxwCZG.exe
1644	xZmhdkr.exe
2864	mIZYhfn.exe
4896	tlocxTg.exe
1724	UdoySfC.exe
1972	XohxFzS.exe
996	QvqDpZz.exe
3040	uqwgvQr.exe
3416	aHahwGx.exe
3948	EuvzGiB.exe
4980	yjOIbKK.exe
4260	iYvULkQ.exe
4828	sYNbWhW.exe
916	SzVmPmO.exe
2488	EbyJibt.exe
1752	VBWHbrb.exe
4600	FGLdZIW.exe
4232	IgKJWvB.exe
2240	UIuUVlP.exe
1688	jgOLYCd.exe
4224	OTwnzZx.exe
1312	FrhEtaF.exe
2548	UmxdJOU.exe
1384	ibfMxlG.exe
2228	sLfOAiA.exe
4536	hdpYanR.exe
1816	oInpBJj.exe
2708	mjxYSFN.exe
4012	KYIuqER.exe
4036	HFZOphj.exe
2088	gScVdHz.exe
3048	XfHYWtb.exe
2988	nkQdXwE.exe
3320	SrkcOLe.exe
3584	YZHbFOd.exe
1164	JyyogLr.exe
2244	kcSKiOW.exe
3712	PIQRjWb.exe
5020	KHFlizF.exe
232	iBFIDVH.exe
3164	LdwkLOv.exe
4964	RKtVRCi.exe
5028	jEncYkU.exe
2588	CpHaSBR.exe
2660	kMBksEg.exe
5076	SecixJb.exe
4244	gkPlhnJ.exe
2160	LDnaqhz.exe
1264	teVJHHQ.exe
2808	LdoeMgC.exe
2284	bAJCJyT.exe
3580	prUFYmE.exe
4772	FxIxVht.exe
1340	IndsuSp.exe
1648	yklAoTw.exe
3960	ZGhjzEu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3020-0-0x00007FF7531C0000-0x00007FF7535B1000-memory.dmp	upx
behavioral2/files/0x00080000000234c1-5.dat	upx
behavioral2/memory/2872-9-0x00007FF7F67A0000-0x00007FF7F6B91000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-8.dat	upx
behavioral2/files/0x00070000000234c5-11.dat	upx
behavioral2/memory/2508-18-0x00007FF70D810000-0x00007FF70DC01000-memory.dmp	upx
behavioral2/files/0x00070000000234cc-47.dat	upx
behavioral2/files/0x00070000000234cb-52.dat	upx
behavioral2/memory/444-64-0x00007FF6ED060000-0x00007FF6ED451000-memory.dmp	upx
behavioral2/memory/1644-75-0x00007FF702680000-0x00007FF702A71000-memory.dmp	upx
behavioral2/files/0x00070000000234d0-78.dat	upx
behavioral2/memory/1724-80-0x00007FF624950000-0x00007FF624D41000-memory.dmp	upx
behavioral2/memory/4896-77-0x00007FF69B0E0000-0x00007FF69B4D1000-memory.dmp	upx
behavioral2/files/0x00070000000234cd-70.dat	upx
behavioral2/files/0x00070000000234cf-67.dat	upx
behavioral2/files/0x00070000000234ce-65.dat	upx
behavioral2/memory/2864-61-0x00007FF70F550000-0x00007FF70F941000-memory.dmp	upx
behavioral2/memory/3528-56-0x00007FF7E3980000-0x00007FF7E3D71000-memory.dmp	upx
behavioral2/files/0x00070000000234ca-48.dat	upx
behavioral2/memory/4884-46-0x00007FF7F5390000-0x00007FF7F5781000-memory.dmp	upx
behavioral2/memory/3376-45-0x00007FF7816B0000-0x00007FF781AA1000-memory.dmp	upx
behavioral2/files/0x00070000000234c9-40.dat	upx
behavioral2/files/0x00070000000234c8-39.dat	upx
behavioral2/files/0x00070000000234c7-38.dat	upx
behavioral2/memory/3420-37-0x00007FF6681C0000-0x00007FF6685B1000-memory.dmp	upx
behavioral2/memory/2440-33-0x00007FF696FC0000-0x00007FF6973B1000-memory.dmp	upx
behavioral2/memory/1124-27-0x00007FF73B440000-0x00007FF73B831000-memory.dmp	upx
behavioral2/files/0x0002000000022b25-93.dat	upx
behavioral2/files/0x000900000002341e-101.dat	upx
behavioral2/files/0x00080000000234c2-109.dat	upx
behavioral2/memory/3416-122-0x00007FF7CE120000-0x00007FF7CE511000-memory.dmp	upx
behavioral2/files/0x00070000000234d3-123.dat	upx
behavioral2/files/0x00070000000234d2-119.dat	upx
behavioral2/files/0x000a000000023421-118.dat	upx
behavioral2/memory/3040-116-0x00007FF75A7A0000-0x00007FF75AB91000-memory.dmp	upx
behavioral2/files/0x000c000000023426-114.dat	upx
behavioral2/memory/996-111-0x00007FF73D540000-0x00007FF73D931000-memory.dmp	upx
behavioral2/files/0x000b000000023424-108.dat	upx
behavioral2/memory/3948-102-0x00007FF7F37E0000-0x00007FF7F3BD1000-memory.dmp	upx
behavioral2/files/0x00070000000234d1-82.dat	upx
behavioral2/memory/1972-92-0x00007FF601FF0000-0x00007FF6023E1000-memory.dmp	upx
behavioral2/files/0x00070000000234d4-129.dat	upx
behavioral2/files/0x00070000000234d6-141.dat	upx
behavioral2/files/0x00070000000234d8-158.dat	upx
behavioral2/files/0x00070000000234dc-178.dat	upx
behavioral2/files/0x00070000000234dd-183.dat	upx
behavioral2/memory/4980-357-0x00007FF6E9B20000-0x00007FF6E9F11000-memory.dmp	upx
behavioral2/files/0x00070000000234db-176.dat	upx
behavioral2/memory/4828-362-0x00007FF6E2810000-0x00007FF6E2C01000-memory.dmp	upx
behavioral2/memory/2488-368-0x00007FF6D8510000-0x00007FF6D8901000-memory.dmp	upx
behavioral2/files/0x00070000000234da-168.dat	upx
behavioral2/files/0x00070000000234d9-163.dat	upx
behavioral2/files/0x00070000000234d7-153.dat	upx
behavioral2/files/0x00070000000234d5-148.dat	upx
behavioral2/memory/2872-136-0x00007FF7F67A0000-0x00007FF7F6B91000-memory.dmp	upx
behavioral2/memory/3020-132-0x00007FF7531C0000-0x00007FF7535B1000-memory.dmp	upx
behavioral2/memory/916-131-0x00007FF672AE0000-0x00007FF672ED1000-memory.dmp	upx
behavioral2/memory/4260-127-0x00007FF7C6A30000-0x00007FF7C6E21000-memory.dmp	upx
behavioral2/memory/1752-378-0x00007FF6D1F60000-0x00007FF6D2351000-memory.dmp	upx
behavioral2/memory/3420-388-0x00007FF6681C0000-0x00007FF6685B1000-memory.dmp	upx
behavioral2/memory/1124-386-0x00007FF73B440000-0x00007FF73B831000-memory.dmp	upx
behavioral2/memory/2508-449-0x00007FF70D810000-0x00007FF70DC01000-memory.dmp	upx
behavioral2/memory/3376-452-0x00007FF7816B0000-0x00007FF781AA1000-memory.dmp	upx
behavioral2/memory/2864-603-0x00007FF70F550000-0x00007FF70F941000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\KlSCcjq.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\dAqjUtp.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\mhGYRTM.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\lWQRUwB.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\nSaLzrF.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\zQpZepl.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\DTGukcE.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\qrcWSxZ.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\QCUEebR.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\jMlNEgz.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\SLmOzEi.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\zsjrbbf.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\rOQtVnT.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\egGWRYa.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\HfFBIGV.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\AmAQwNx.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\IounoMN.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\NfRdNsd.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\mNyPuEW.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\YcJSnlF.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\vgNXTud.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\wVUipSf.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\zvFZhLg.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\dAjFxKq.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\nNTYZQF.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\VqLPBKI.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\prUFYmE.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\FHsefyv.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\oyYNaJp.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\yfKtEgD.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\EzKqDVI.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\uRizQjV.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\EtRubGq.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\CvnBBLg.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\UdbrLOM.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\FBJCssQ.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\gkPlhnJ.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\ViloiiG.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\yTEzvQe.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\TUMUzBT.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\ZqVnxkt.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\TjhpZqz.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\htTKkds.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\KYIuqER.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\LVDMEEV.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\QcINpHN.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\pdkIoBK.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\VBWHbrb.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\Cvsirid.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\GqAzYsV.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\xrSBWov.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\EorRixR.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\YKwqQld.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\KLfLzGY.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\KFCrrfu.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\KlezjNF.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\HFssvkO.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\AwSCfgF.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\qialaRP.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\AhtYmUq.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\DGPgmVI.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\YAGCyCW.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\akyasex.exe	aca8deb30af7677b941a50ce25d98300N.exe
File created	C:\Windows\System32\rMuBNIt.exe	aca8deb30af7677b941a50ce25d98300N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13432	dwm.exe
Token: SeChangeNotifyPrivilege	13432	dwm.exe
Token: 33	13432	dwm.exe
Token: SeIncBasePriorityPrivilege	13432	dwm.exe
Token: SeShutdownPrivilege	13432	dwm.exe
Token: SeCreatePagefilePrivilege	13432	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2872	3020	aca8deb30af7677b941a50ce25d98300N.exe	85
PID 3020 wrote to memory of 2872	3020	aca8deb30af7677b941a50ce25d98300N.exe	85
PID 3020 wrote to memory of 2508	3020	aca8deb30af7677b941a50ce25d98300N.exe	86
PID 3020 wrote to memory of 2508	3020	aca8deb30af7677b941a50ce25d98300N.exe	86
PID 3020 wrote to memory of 1124	3020	aca8deb30af7677b941a50ce25d98300N.exe	87
PID 3020 wrote to memory of 1124	3020	aca8deb30af7677b941a50ce25d98300N.exe	87
PID 3020 wrote to memory of 4884	3020	aca8deb30af7677b941a50ce25d98300N.exe	88
PID 3020 wrote to memory of 4884	3020	aca8deb30af7677b941a50ce25d98300N.exe	88
PID 3020 wrote to memory of 2440	3020	aca8deb30af7677b941a50ce25d98300N.exe	89
PID 3020 wrote to memory of 2440	3020	aca8deb30af7677b941a50ce25d98300N.exe	89
PID 3020 wrote to memory of 3420	3020	aca8deb30af7677b941a50ce25d98300N.exe	90
PID 3020 wrote to memory of 3420	3020	aca8deb30af7677b941a50ce25d98300N.exe	90
PID 3020 wrote to memory of 3528	3020	aca8deb30af7677b941a50ce25d98300N.exe	91
PID 3020 wrote to memory of 3528	3020	aca8deb30af7677b941a50ce25d98300N.exe	91
PID 3020 wrote to memory of 3376	3020	aca8deb30af7677b941a50ce25d98300N.exe	93
PID 3020 wrote to memory of 3376	3020	aca8deb30af7677b941a50ce25d98300N.exe	93
PID 3020 wrote to memory of 444	3020	aca8deb30af7677b941a50ce25d98300N.exe	94
PID 3020 wrote to memory of 444	3020	aca8deb30af7677b941a50ce25d98300N.exe	94
PID 3020 wrote to memory of 1644	3020	aca8deb30af7677b941a50ce25d98300N.exe	95
PID 3020 wrote to memory of 1644	3020	aca8deb30af7677b941a50ce25d98300N.exe	95
PID 3020 wrote to memory of 2864	3020	aca8deb30af7677b941a50ce25d98300N.exe	96
PID 3020 wrote to memory of 2864	3020	aca8deb30af7677b941a50ce25d98300N.exe	96
PID 3020 wrote to memory of 4896	3020	aca8deb30af7677b941a50ce25d98300N.exe	97
PID 3020 wrote to memory of 4896	3020	aca8deb30af7677b941a50ce25d98300N.exe	97
PID 3020 wrote to memory of 1724	3020	aca8deb30af7677b941a50ce25d98300N.exe	98
PID 3020 wrote to memory of 1724	3020	aca8deb30af7677b941a50ce25d98300N.exe	98
PID 3020 wrote to memory of 1972	3020	aca8deb30af7677b941a50ce25d98300N.exe	99
PID 3020 wrote to memory of 1972	3020	aca8deb30af7677b941a50ce25d98300N.exe	99
PID 3020 wrote to memory of 996	3020	aca8deb30af7677b941a50ce25d98300N.exe	101
PID 3020 wrote to memory of 996	3020	aca8deb30af7677b941a50ce25d98300N.exe	101
PID 3020 wrote to memory of 3040	3020	aca8deb30af7677b941a50ce25d98300N.exe	102
PID 3020 wrote to memory of 3040	3020	aca8deb30af7677b941a50ce25d98300N.exe	102
PID 3020 wrote to memory of 3416	3020	aca8deb30af7677b941a50ce25d98300N.exe	103
PID 3020 wrote to memory of 3416	3020	aca8deb30af7677b941a50ce25d98300N.exe	103
PID 3020 wrote to memory of 3948	3020	aca8deb30af7677b941a50ce25d98300N.exe	104
PID 3020 wrote to memory of 3948	3020	aca8deb30af7677b941a50ce25d98300N.exe	104
PID 3020 wrote to memory of 4980	3020	aca8deb30af7677b941a50ce25d98300N.exe	105
PID 3020 wrote to memory of 4980	3020	aca8deb30af7677b941a50ce25d98300N.exe	105
PID 3020 wrote to memory of 4260	3020	aca8deb30af7677b941a50ce25d98300N.exe	106
PID 3020 wrote to memory of 4260	3020	aca8deb30af7677b941a50ce25d98300N.exe	106
PID 3020 wrote to memory of 4828	3020	aca8deb30af7677b941a50ce25d98300N.exe	107
PID 3020 wrote to memory of 4828	3020	aca8deb30af7677b941a50ce25d98300N.exe	107
PID 3020 wrote to memory of 916	3020	aca8deb30af7677b941a50ce25d98300N.exe	108
PID 3020 wrote to memory of 916	3020	aca8deb30af7677b941a50ce25d98300N.exe	108
PID 3020 wrote to memory of 2488	3020	aca8deb30af7677b941a50ce25d98300N.exe	109
PID 3020 wrote to memory of 2488	3020	aca8deb30af7677b941a50ce25d98300N.exe	109
PID 3020 wrote to memory of 1752	3020	aca8deb30af7677b941a50ce25d98300N.exe	110
PID 3020 wrote to memory of 1752	3020	aca8deb30af7677b941a50ce25d98300N.exe	110
PID 3020 wrote to memory of 4600	3020	aca8deb30af7677b941a50ce25d98300N.exe	111
PID 3020 wrote to memory of 4600	3020	aca8deb30af7677b941a50ce25d98300N.exe	111
PID 3020 wrote to memory of 4232	3020	aca8deb30af7677b941a50ce25d98300N.exe	112
PID 3020 wrote to memory of 4232	3020	aca8deb30af7677b941a50ce25d98300N.exe	112
PID 3020 wrote to memory of 2240	3020	aca8deb30af7677b941a50ce25d98300N.exe	113
PID 3020 wrote to memory of 2240	3020	aca8deb30af7677b941a50ce25d98300N.exe	113
PID 3020 wrote to memory of 1688	3020	aca8deb30af7677b941a50ce25d98300N.exe	114
PID 3020 wrote to memory of 1688	3020	aca8deb30af7677b941a50ce25d98300N.exe	114
PID 3020 wrote to memory of 4224	3020	aca8deb30af7677b941a50ce25d98300N.exe	115
PID 3020 wrote to memory of 4224	3020	aca8deb30af7677b941a50ce25d98300N.exe	115
PID 3020 wrote to memory of 1312	3020	aca8deb30af7677b941a50ce25d98300N.exe	116
PID 3020 wrote to memory of 1312	3020	aca8deb30af7677b941a50ce25d98300N.exe	116
PID 3020 wrote to memory of 2548	3020	aca8deb30af7677b941a50ce25d98300N.exe	117
PID 3020 wrote to memory of 2548	3020	aca8deb30af7677b941a50ce25d98300N.exe	117
PID 3020 wrote to memory of 1384	3020	aca8deb30af7677b941a50ce25d98300N.exe	118
PID 3020 wrote to memory of 1384	3020	aca8deb30af7677b941a50ce25d98300N.exe	118

C:\Users\Admin\AppData\Local\Temp\aca8deb30af7677b941a50ce25d98300N.exe
"C:\Users\Admin\AppData\Local\Temp\aca8deb30af7677b941a50ce25d98300N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\System32\GqOZzho.exe
  C:\Windows\System32\GqOZzho.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System32\raBYOtO.exe
  C:\Windows\System32\raBYOtO.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System32\OzFjHyx.exe
  C:\Windows\System32\OzFjHyx.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System32\ukmErhb.exe
  C:\Windows\System32\ukmErhb.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System32\xRltKgv.exe
  C:\Windows\System32\xRltKgv.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System32\KLfLzGY.exe
  C:\Windows\System32\KLfLzGY.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System32\UBYWyRt.exe
  C:\Windows\System32\UBYWyRt.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System32\fpLXIEL.exe
  C:\Windows\System32\fpLXIEL.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System32\ZZxwCZG.exe
  C:\Windows\System32\ZZxwCZG.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System32\xZmhdkr.exe
  C:\Windows\System32\xZmhdkr.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System32\mIZYhfn.exe
  C:\Windows\System32\mIZYhfn.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System32\tlocxTg.exe
  C:\Windows\System32\tlocxTg.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System32\UdoySfC.exe
  C:\Windows\System32\UdoySfC.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System32\XohxFzS.exe
  C:\Windows\System32\XohxFzS.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System32\QvqDpZz.exe
  C:\Windows\System32\QvqDpZz.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System32\uqwgvQr.exe
  C:\Windows\System32\uqwgvQr.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System32\aHahwGx.exe
  C:\Windows\System32\aHahwGx.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System32\EuvzGiB.exe
  C:\Windows\System32\EuvzGiB.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System32\yjOIbKK.exe
  C:\Windows\System32\yjOIbKK.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System32\iYvULkQ.exe
  C:\Windows\System32\iYvULkQ.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System32\sYNbWhW.exe
  C:\Windows\System32\sYNbWhW.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System32\SzVmPmO.exe
  C:\Windows\System32\SzVmPmO.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System32\EbyJibt.exe
  C:\Windows\System32\EbyJibt.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System32\VBWHbrb.exe
  C:\Windows\System32\VBWHbrb.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System32\FGLdZIW.exe
  C:\Windows\System32\FGLdZIW.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System32\IgKJWvB.exe
  C:\Windows\System32\IgKJWvB.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System32\UIuUVlP.exe
  C:\Windows\System32\UIuUVlP.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System32\jgOLYCd.exe
  C:\Windows\System32\jgOLYCd.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System32\OTwnzZx.exe
  C:\Windows\System32\OTwnzZx.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System32\FrhEtaF.exe
  C:\Windows\System32\FrhEtaF.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System32\UmxdJOU.exe
  C:\Windows\System32\UmxdJOU.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System32\ibfMxlG.exe
  C:\Windows\System32\ibfMxlG.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System32\sLfOAiA.exe
  C:\Windows\System32\sLfOAiA.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System32\hdpYanR.exe
  C:\Windows\System32\hdpYanR.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System32\oInpBJj.exe
  C:\Windows\System32\oInpBJj.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System32\mjxYSFN.exe
  C:\Windows\System32\mjxYSFN.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System32\KYIuqER.exe
  C:\Windows\System32\KYIuqER.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System32\HFZOphj.exe
  C:\Windows\System32\HFZOphj.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System32\gScVdHz.exe
  C:\Windows\System32\gScVdHz.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System32\XfHYWtb.exe
  C:\Windows\System32\XfHYWtb.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System32\nkQdXwE.exe
  C:\Windows\System32\nkQdXwE.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System32\SrkcOLe.exe
  C:\Windows\System32\SrkcOLe.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System32\YZHbFOd.exe
  C:\Windows\System32\YZHbFOd.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System32\JyyogLr.exe
  C:\Windows\System32\JyyogLr.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System32\kcSKiOW.exe
  C:\Windows\System32\kcSKiOW.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System32\PIQRjWb.exe
  C:\Windows\System32\PIQRjWb.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System32\KHFlizF.exe
  C:\Windows\System32\KHFlizF.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System32\iBFIDVH.exe
  C:\Windows\System32\iBFIDVH.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System32\LdwkLOv.exe
  C:\Windows\System32\LdwkLOv.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System32\RKtVRCi.exe
  C:\Windows\System32\RKtVRCi.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System32\jEncYkU.exe
  C:\Windows\System32\jEncYkU.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\CpHaSBR.exe
  C:\Windows\System32\CpHaSBR.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System32\kMBksEg.exe
  C:\Windows\System32\kMBksEg.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System32\SecixJb.exe
  C:\Windows\System32\SecixJb.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System32\gkPlhnJ.exe
  C:\Windows\System32\gkPlhnJ.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System32\LDnaqhz.exe
  C:\Windows\System32\LDnaqhz.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System32\teVJHHQ.exe
  C:\Windows\System32\teVJHHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System32\LdoeMgC.exe
  C:\Windows\System32\LdoeMgC.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System32\bAJCJyT.exe
  C:\Windows\System32\bAJCJyT.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System32\prUFYmE.exe
  C:\Windows\System32\prUFYmE.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System32\FxIxVht.exe
  C:\Windows\System32\FxIxVht.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System32\IndsuSp.exe
  C:\Windows\System32\IndsuSp.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System32\yklAoTw.exe
  C:\Windows\System32\yklAoTw.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System32\ZGhjzEu.exe
  C:\Windows\System32\ZGhjzEu.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System32\qsjAHeJ.exe
  C:\Windows\System32\qsjAHeJ.exe
  2⤵
  PID:3424
- C:\Windows\System32\WVmRERS.exe
  C:\Windows\System32\WVmRERS.exe
  2⤵
  PID:1308
- C:\Windows\System32\IounoMN.exe
  C:\Windows\System32\IounoMN.exe
  2⤵
  PID:1952
- C:\Windows\System32\dUVxgdI.exe
  C:\Windows\System32\dUVxgdI.exe
  2⤵
  PID:2876
- C:\Windows\System32\eljrGrb.exe
  C:\Windows\System32\eljrGrb.exe
  2⤵
  PID:4016
- C:\Windows\System32\fuOkLvQ.exe
  C:\Windows\System32\fuOkLvQ.exe
  2⤵
  PID:4952
- C:\Windows\System32\kmFUfUt.exe
  C:\Windows\System32\kmFUfUt.exe
  2⤵
  PID:4256
- C:\Windows\System32\rTtkScp.exe
  C:\Windows\System32\rTtkScp.exe
  2⤵
  PID:2572
- C:\Windows\System32\mPGYCQc.exe
  C:\Windows\System32\mPGYCQc.exe
  2⤵
  PID:408
- C:\Windows\System32\QCUEebR.exe
  C:\Windows\System32\QCUEebR.exe
  2⤵
  PID:4692
- C:\Windows\System32\jkOzlrd.exe
  C:\Windows\System32\jkOzlrd.exe
  2⤵
  PID:624
- C:\Windows\System32\wdGkkNG.exe
  C:\Windows\System32\wdGkkNG.exe
  2⤵
  PID:4712
- C:\Windows\System32\rDRLMSq.exe
  C:\Windows\System32\rDRLMSq.exe
  2⤵
  PID:3824
- C:\Windows\System32\vAqeotp.exe
  C:\Windows\System32\vAqeotp.exe
  2⤵
  PID:1988
- C:\Windows\System32\CNhRIjK.exe
  C:\Windows\System32\CNhRIjK.exe
  2⤵
  PID:2768
- C:\Windows\System32\HZQNJCk.exe
  C:\Windows\System32\HZQNJCk.exe
  2⤵
  PID:1032
- C:\Windows\System32\jZOBsgY.exe
  C:\Windows\System32\jZOBsgY.exe
  2⤵
  PID:4152
- C:\Windows\System32\nSaLzrF.exe
  C:\Windows\System32\nSaLzrF.exe
  2⤵
  PID:4360
- C:\Windows\System32\WKvfIUU.exe
  C:\Windows\System32\WKvfIUU.exe
  2⤵
  PID:4380
- C:\Windows\System32\IPbwuOh.exe
  C:\Windows\System32\IPbwuOh.exe
  2⤵
  PID:3884
- C:\Windows\System32\rAvWgQO.exe
  C:\Windows\System32\rAvWgQO.exe
  2⤵
  PID:1832
- C:\Windows\System32\oukZXIH.exe
  C:\Windows\System32\oukZXIH.exe
  2⤵
  PID:2252
- C:\Windows\System32\lyAiwvk.exe
  C:\Windows\System32\lyAiwvk.exe
  2⤵
  PID:2156
- C:\Windows\System32\YsadnYe.exe
  C:\Windows\System32\YsadnYe.exe
  2⤵
  PID:5036
- C:\Windows\System32\wUQQSwj.exe
  C:\Windows\System32\wUQQSwj.exe
  2⤵
  PID:836
- C:\Windows\System32\kCTEjQF.exe
  C:\Windows\System32\kCTEjQF.exe
  2⤵
  PID:3720
- C:\Windows\System32\KlSCcjq.exe
  C:\Windows\System32\KlSCcjq.exe
  2⤵
  PID:3308
- C:\Windows\System32\sWNBAqa.exe
  C:\Windows\System32\sWNBAqa.exe
  2⤵
  PID:1652
- C:\Windows\System32\hFziWsi.exe
  C:\Windows\System32\hFziWsi.exe
  2⤵
  PID:3988
- C:\Windows\System32\rNzAANM.exe
  C:\Windows\System32\rNzAANM.exe
  2⤵
  PID:428
- C:\Windows\System32\nxbcnEd.exe
  C:\Windows\System32\nxbcnEd.exe
  2⤵
  PID:3080
- C:\Windows\System32\uVYeJXP.exe
  C:\Windows\System32\uVYeJXP.exe
  2⤵
  PID:464
- C:\Windows\System32\YAGCyCW.exe
  C:\Windows\System32\YAGCyCW.exe
  2⤵
  PID:3260
- C:\Windows\System32\KEMkWzo.exe
  C:\Windows\System32\KEMkWzo.exe
  2⤵
  PID:5128
- C:\Windows\System32\fYCOlgC.exe
  C:\Windows\System32\fYCOlgC.exe
  2⤵
  PID:5156
- C:\Windows\System32\FBJCssQ.exe
  C:\Windows\System32\FBJCssQ.exe
  2⤵
  PID:5176
- C:\Windows\System32\PpRNzlT.exe
  C:\Windows\System32\PpRNzlT.exe
  2⤵
  PID:5228
- C:\Windows\System32\QGVIPxZ.exe
  C:\Windows\System32\QGVIPxZ.exe
  2⤵
  PID:5264
- C:\Windows\System32\qPkSeXT.exe
  C:\Windows\System32\qPkSeXT.exe
  2⤵
  PID:5328
- C:\Windows\System32\UdDyClE.exe
  C:\Windows\System32\UdDyClE.exe
  2⤵
  PID:5348
- C:\Windows\System32\OJYQCoF.exe
  C:\Windows\System32\OJYQCoF.exe
  2⤵
  PID:5388
- C:\Windows\System32\Vhenjcl.exe
  C:\Windows\System32\Vhenjcl.exe
  2⤵
  PID:5408
- C:\Windows\System32\cSoeNcD.exe
  C:\Windows\System32\cSoeNcD.exe
  2⤵
  PID:5424
- C:\Windows\System32\CTPfHWI.exe
  C:\Windows\System32\CTPfHWI.exe
  2⤵
  PID:5440
- C:\Windows\System32\xJsFCBy.exe
  C:\Windows\System32\xJsFCBy.exe
  2⤵
  PID:5456
- C:\Windows\System32\NFAlRAa.exe
  C:\Windows\System32\NFAlRAa.exe
  2⤵
  PID:5472
- C:\Windows\System32\EThEPsS.exe
  C:\Windows\System32\EThEPsS.exe
  2⤵
  PID:5492
- C:\Windows\System32\TZhFedB.exe
  C:\Windows\System32\TZhFedB.exe
  2⤵
  PID:5508
- C:\Windows\System32\ZaOtxfA.exe
  C:\Windows\System32\ZaOtxfA.exe
  2⤵
  PID:5528
- C:\Windows\System32\CZmXEXe.exe
  C:\Windows\System32\CZmXEXe.exe
  2⤵
  PID:5548
- C:\Windows\System32\AvOpAia.exe
  C:\Windows\System32\AvOpAia.exe
  2⤵
  PID:5620
- C:\Windows\System32\xNggmSh.exe
  C:\Windows\System32\xNggmSh.exe
  2⤵
  PID:5640
- C:\Windows\System32\bEbzmRI.exe
  C:\Windows\System32\bEbzmRI.exe
  2⤵
  PID:5672
- C:\Windows\System32\tPQqOKr.exe
  C:\Windows\System32\tPQqOKr.exe
  2⤵
  PID:5708
- C:\Windows\System32\oPYFfMM.exe
  C:\Windows\System32\oPYFfMM.exe
  2⤵
  PID:5724
- C:\Windows\System32\gtxGhKA.exe
  C:\Windows\System32\gtxGhKA.exe
  2⤵
  PID:5764
- C:\Windows\System32\WZNOrQB.exe
  C:\Windows\System32\WZNOrQB.exe
  2⤵
  PID:5816
- C:\Windows\System32\XdxlprL.exe
  C:\Windows\System32\XdxlprL.exe
  2⤵
  PID:5836
- C:\Windows\System32\JjJstGH.exe
  C:\Windows\System32\JjJstGH.exe
  2⤵
  PID:5880
- C:\Windows\System32\BtFzwnF.exe
  C:\Windows\System32\BtFzwnF.exe
  2⤵
  PID:5904
- C:\Windows\System32\OjYhLRJ.exe
  C:\Windows\System32\OjYhLRJ.exe
  2⤵
  PID:5952
- C:\Windows\System32\tRibZDr.exe
  C:\Windows\System32\tRibZDr.exe
  2⤵
  PID:5988
- C:\Windows\System32\ZMAsdNP.exe
  C:\Windows\System32\ZMAsdNP.exe
  2⤵
  PID:6028
- C:\Windows\System32\kaitXlE.exe
  C:\Windows\System32\kaitXlE.exe
  2⤵
  PID:6060
- C:\Windows\System32\DbLYTuF.exe
  C:\Windows\System32\DbLYTuF.exe
  2⤵
  PID:6076
- C:\Windows\System32\NjzjXFp.exe
  C:\Windows\System32\NjzjXFp.exe
  2⤵
  PID:6092
- C:\Windows\System32\loTCSQf.exe
  C:\Windows\System32\loTCSQf.exe
  2⤵
  PID:6108
- C:\Windows\System32\KFCrrfu.exe
  C:\Windows\System32\KFCrrfu.exe
  2⤵
  PID:2220
- C:\Windows\System32\Cvsirid.exe
  C:\Windows\System32\Cvsirid.exe
  2⤵
  PID:3556
- C:\Windows\System32\xhenibH.exe
  C:\Windows\System32\xhenibH.exe
  2⤵
  PID:3456
- C:\Windows\System32\EvlYjpd.exe
  C:\Windows\System32\EvlYjpd.exe
  2⤵
  PID:5148
- C:\Windows\System32\OcXQdQt.exe
  C:\Windows\System32\OcXQdQt.exe
  2⤵
  PID:5236
- C:\Windows\System32\zQpZepl.exe
  C:\Windows\System32\zQpZepl.exe
  2⤵
  PID:5280
- C:\Windows\System32\uFCPALq.exe
  C:\Windows\System32\uFCPALq.exe
  2⤵
  PID:4676
- C:\Windows\System32\jmLFGXA.exe
  C:\Windows\System32\jmLFGXA.exe
  2⤵
  PID:5364
- C:\Windows\System32\gSShvpP.exe
  C:\Windows\System32\gSShvpP.exe
  2⤵
  PID:5400
- C:\Windows\System32\qXJQKtp.exe
  C:\Windows\System32\qXJQKtp.exe
  2⤵
  PID:5416
- C:\Windows\System32\FqqSylF.exe
  C:\Windows\System32\FqqSylF.exe
  2⤵
  PID:5436
- C:\Windows\System32\ATypuXJ.exe
  C:\Windows\System32\ATypuXJ.exe
  2⤵
  PID:5516
- C:\Windows\System32\rWcLhJf.exe
  C:\Windows\System32\rWcLhJf.exe
  2⤵
  PID:5608
- C:\Windows\System32\aQhbjwn.exe
  C:\Windows\System32\aQhbjwn.exe
  2⤵
  PID:5680
- C:\Windows\System32\CdVOodA.exe
  C:\Windows\System32\CdVOodA.exe
  2⤵
  PID:5848
- C:\Windows\System32\MFgbTXx.exe
  C:\Windows\System32\MFgbTXx.exe
  2⤵
  PID:5868
- C:\Windows\System32\AWaCLzb.exe
  C:\Windows\System32\AWaCLzb.exe
  2⤵
  PID:5928
- C:\Windows\System32\mKiuWoI.exe
  C:\Windows\System32\mKiuWoI.exe
  2⤵
  PID:5996
- C:\Windows\System32\oyYNaJp.exe
  C:\Windows\System32\oyYNaJp.exe
  2⤵
  PID:6040
- C:\Windows\System32\UcMhxir.exe
  C:\Windows\System32\UcMhxir.exe
  2⤵
  PID:6128
- C:\Windows\System32\TxibtBG.exe
  C:\Windows\System32\TxibtBG.exe
  2⤵
  PID:5124
- C:\Windows\System32\orcESvv.exe
  C:\Windows\System32\orcESvv.exe
  2⤵
  PID:5252
- C:\Windows\System32\XLgCgiP.exe
  C:\Windows\System32\XLgCgiP.exe
  2⤵
  PID:5812
- C:\Windows\System32\bxynwKr.exe
  C:\Windows\System32\bxynwKr.exe
  2⤵
  PID:2264
- C:\Windows\System32\jMlNEgz.exe
  C:\Windows\System32\jMlNEgz.exe
  2⤵
  PID:5556
- C:\Windows\System32\PeNUfda.exe
  C:\Windows\System32\PeNUfda.exe
  2⤵
  PID:5684
- C:\Windows\System32\rfbSnDa.exe
  C:\Windows\System32\rfbSnDa.exe
  2⤵
  PID:6100
- C:\Windows\System32\fTwdhCS.exe
  C:\Windows\System32\fTwdhCS.exe
  2⤵
  PID:5272
- C:\Windows\System32\ViloiiG.exe
  C:\Windows\System32\ViloiiG.exe
  2⤵
  PID:5648
- C:\Windows\System32\KlezjNF.exe
  C:\Windows\System32\KlezjNF.exe
  2⤵
  PID:5544
- C:\Windows\System32\GqAzYsV.exe
  C:\Windows\System32\GqAzYsV.exe
  2⤵
  PID:6172
- C:\Windows\System32\ODVjJIr.exe
  C:\Windows\System32\ODVjJIr.exe
  2⤵
  PID:6188
- C:\Windows\System32\ekjVZFo.exe
  C:\Windows\System32\ekjVZFo.exe
  2⤵
  PID:6204
- C:\Windows\System32\OYfrcLG.exe
  C:\Windows\System32\OYfrcLG.exe
  2⤵
  PID:6220
- C:\Windows\System32\XYjbIgi.exe
  C:\Windows\System32\XYjbIgi.exe
  2⤵
  PID:6236
- C:\Windows\System32\JNnRuWT.exe
  C:\Windows\System32\JNnRuWT.exe
  2⤵
  PID:6256
- C:\Windows\System32\xlWYYtX.exe
  C:\Windows\System32\xlWYYtX.exe
  2⤵
  PID:6288
- C:\Windows\System32\aYisRCj.exe
  C:\Windows\System32\aYisRCj.exe
  2⤵
  PID:6396
- C:\Windows\System32\rpceKSD.exe
  C:\Windows\System32\rpceKSD.exe
  2⤵
  PID:6444
- C:\Windows\System32\oJGYyKs.exe
  C:\Windows\System32\oJGYyKs.exe
  2⤵
  PID:6468
- C:\Windows\System32\JouHuki.exe
  C:\Windows\System32\JouHuki.exe
  2⤵
  PID:6504
- C:\Windows\System32\tYLjPZg.exe
  C:\Windows\System32\tYLjPZg.exe
  2⤵
  PID:6524
- C:\Windows\System32\pzHfXiR.exe
  C:\Windows\System32\pzHfXiR.exe
  2⤵
  PID:6544
- C:\Windows\System32\fYLUuUn.exe
  C:\Windows\System32\fYLUuUn.exe
  2⤵
  PID:6568
- C:\Windows\System32\jIFKCGO.exe
  C:\Windows\System32\jIFKCGO.exe
  2⤵
  PID:6584
- C:\Windows\System32\swiTSnF.exe
  C:\Windows\System32\swiTSnF.exe
  2⤵
  PID:6600
- C:\Windows\System32\OrjgnZs.exe
  C:\Windows\System32\OrjgnZs.exe
  2⤵
  PID:6616
- C:\Windows\System32\pNdTRRp.exe
  C:\Windows\System32\pNdTRRp.exe
  2⤵
  PID:6632
- C:\Windows\System32\pfEKlWk.exe
  C:\Windows\System32\pfEKlWk.exe
  2⤵
  PID:6684
- C:\Windows\System32\hAmWoHn.exe
  C:\Windows\System32\hAmWoHn.exe
  2⤵
  PID:6712
- C:\Windows\System32\VhJviee.exe
  C:\Windows\System32\VhJviee.exe
  2⤵
  PID:6732
- C:\Windows\System32\VyPSDVD.exe
  C:\Windows\System32\VyPSDVD.exe
  2⤵
  PID:6808
- C:\Windows\System32\BpPypTQ.exe
  C:\Windows\System32\BpPypTQ.exe
  2⤵
  PID:6832
- C:\Windows\System32\NgIlzkS.exe
  C:\Windows\System32\NgIlzkS.exe
  2⤵
  PID:6852
- C:\Windows\System32\JXinHja.exe
  C:\Windows\System32\JXinHja.exe
  2⤵
  PID:6888
- C:\Windows\System32\popFVDp.exe
  C:\Windows\System32\popFVDp.exe
  2⤵
  PID:6908
- C:\Windows\System32\ukxJkey.exe
  C:\Windows\System32\ukxJkey.exe
  2⤵
  PID:6928
- C:\Windows\System32\ZvdGCSA.exe
  C:\Windows\System32\ZvdGCSA.exe
  2⤵
  PID:6956
- C:\Windows\System32\vgNXTud.exe
  C:\Windows\System32\vgNXTud.exe
  2⤵
  PID:6980
- C:\Windows\System32\CRGSMay.exe
  C:\Windows\System32\CRGSMay.exe
  2⤵
  PID:6996
- C:\Windows\System32\LkLPsKE.exe
  C:\Windows\System32\LkLPsKE.exe
  2⤵
  PID:7048
- C:\Windows\System32\tbYKaoW.exe
  C:\Windows\System32\tbYKaoW.exe
  2⤵
  PID:7068
- C:\Windows\System32\moxcbGl.exe
  C:\Windows\System32\moxcbGl.exe
  2⤵
  PID:7088
- C:\Windows\System32\xmoNOwv.exe
  C:\Windows\System32\xmoNOwv.exe
  2⤵
  PID:7108
- C:\Windows\System32\PLJfSPf.exe
  C:\Windows\System32\PLJfSPf.exe
  2⤵
  PID:7136
- C:\Windows\System32\JEZghKC.exe
  C:\Windows\System32\JEZghKC.exe
  2⤵
  PID:7152
- C:\Windows\System32\YOOcoKr.exe
  C:\Windows\System32\YOOcoKr.exe
  2⤵
  PID:6068
- C:\Windows\System32\RiKqnud.exe
  C:\Windows\System32\RiKqnud.exe
  2⤵
  PID:5260
- C:\Windows\System32\QfBsSYn.exe
  C:\Windows\System32\QfBsSYn.exe
  2⤵
  PID:1256
- C:\Windows\System32\yfKtEgD.exe
  C:\Windows\System32\yfKtEgD.exe
  2⤵
  PID:6164
- C:\Windows\System32\XOwWvXs.exe
  C:\Windows\System32\XOwWvXs.exe
  2⤵
  PID:6276
- C:\Windows\System32\yTEzvQe.exe
  C:\Windows\System32\yTEzvQe.exe
  2⤵
  PID:6268
- C:\Windows\System32\twIlmJd.exe
  C:\Windows\System32\twIlmJd.exe
  2⤵
  PID:6460
- C:\Windows\System32\rBSIOdG.exe
  C:\Windows\System32\rBSIOdG.exe
  2⤵
  PID:6512
- C:\Windows\System32\TQPKHgo.exe
  C:\Windows\System32\TQPKHgo.exe
  2⤵
  PID:6552
- C:\Windows\System32\sGRifiI.exe
  C:\Windows\System32\sGRifiI.exe
  2⤵
  PID:6608
- C:\Windows\System32\CCMoOwR.exe
  C:\Windows\System32\CCMoOwR.exe
  2⤵
  PID:6564
- C:\Windows\System32\doaiioK.exe
  C:\Windows\System32\doaiioK.exe
  2⤵
  PID:6676
- C:\Windows\System32\jKBBqnJ.exe
  C:\Windows\System32\jKBBqnJ.exe
  2⤵
  PID:6804
- C:\Windows\System32\SmJFvyQ.exe
  C:\Windows\System32\SmJFvyQ.exe
  2⤵
  PID:6964
- C:\Windows\System32\MxvJYmR.exe
  C:\Windows\System32\MxvJYmR.exe
  2⤵
  PID:6972
- C:\Windows\System32\wqglhMc.exe
  C:\Windows\System32\wqglhMc.exe
  2⤵
  PID:7064
- C:\Windows\System32\MaXXIkL.exe
  C:\Windows\System32\MaXXIkL.exe
  2⤵
  PID:7116
- C:\Windows\System32\zMCpaIK.exe
  C:\Windows\System32\zMCpaIK.exe
  2⤵
  PID:6120
- C:\Windows\System32\hJORjOR.exe
  C:\Windows\System32\hJORjOR.exe
  2⤵
  PID:6156
- C:\Windows\System32\hfpiRQQ.exe
  C:\Windows\System32\hfpiRQQ.exe
  2⤵
  PID:6532
- C:\Windows\System32\FmlnScP.exe
  C:\Windows\System32\FmlnScP.exe
  2⤵
  PID:6248
- C:\Windows\System32\vYvNhRf.exe
  C:\Windows\System32\vYvNhRf.exe
  2⤵
  PID:6428
- C:\Windows\System32\eLUzDRo.exe
  C:\Windows\System32\eLUzDRo.exe
  2⤵
  PID:6752
- C:\Windows\System32\wVUipSf.exe
  C:\Windows\System32\wVUipSf.exe
  2⤵
  PID:6916
- C:\Windows\System32\zvFZhLg.exe
  C:\Windows\System32\zvFZhLg.exe
  2⤵
  PID:7036
- C:\Windows\System32\Ueynidj.exe
  C:\Windows\System32\Ueynidj.exe
  2⤵
  PID:5888
- C:\Windows\System32\LpuiIts.exe
  C:\Windows\System32\LpuiIts.exe
  2⤵
  PID:6316
- C:\Windows\System32\lTJGffY.exe
  C:\Windows\System32\lTJGffY.exe
  2⤵
  PID:6536
- C:\Windows\System32\tWnmbNl.exe
  C:\Windows\System32\tWnmbNl.exe
  2⤵
  PID:7128
- C:\Windows\System32\HFssvkO.exe
  C:\Windows\System32\HFssvkO.exe
  2⤵
  PID:6336
- C:\Windows\System32\AwHmKxI.exe
  C:\Windows\System32\AwHmKxI.exe
  2⤵
  PID:7184
- C:\Windows\System32\droRHlE.exe
  C:\Windows\System32\droRHlE.exe
  2⤵
  PID:7208
- C:\Windows\System32\uyPogek.exe
  C:\Windows\System32\uyPogek.exe
  2⤵
  PID:7232
- C:\Windows\System32\tYnitYr.exe
  C:\Windows\System32\tYnitYr.exe
  2⤵
  PID:7248
- C:\Windows\System32\EzKqDVI.exe
  C:\Windows\System32\EzKqDVI.exe
  2⤵
  PID:7300
- C:\Windows\System32\DKerffd.exe
  C:\Windows\System32\DKerffd.exe
  2⤵
  PID:7320
- C:\Windows\System32\YEylGNG.exe
  C:\Windows\System32\YEylGNG.exe
  2⤵
  PID:7340
- C:\Windows\System32\aEXCdaX.exe
  C:\Windows\System32\aEXCdaX.exe
  2⤵
  PID:7372
- C:\Windows\System32\VOMRTYE.exe
  C:\Windows\System32\VOMRTYE.exe
  2⤵
  PID:7400
- C:\Windows\System32\AyeRxVQ.exe
  C:\Windows\System32\AyeRxVQ.exe
  2⤵
  PID:7444
- C:\Windows\System32\KljHHqp.exe
  C:\Windows\System32\KljHHqp.exe
  2⤵
  PID:7460
- C:\Windows\System32\bxDiRCA.exe
  C:\Windows\System32\bxDiRCA.exe
  2⤵
  PID:7480
- C:\Windows\System32\thuPMMp.exe
  C:\Windows\System32\thuPMMp.exe
  2⤵
  PID:7496
- C:\Windows\System32\gWcXCaC.exe
  C:\Windows\System32\gWcXCaC.exe
  2⤵
  PID:7520
- C:\Windows\System32\hUZNQDc.exe
  C:\Windows\System32\hUZNQDc.exe
  2⤵
  PID:7536
- C:\Windows\System32\gpgLsBv.exe
  C:\Windows\System32\gpgLsBv.exe
  2⤵
  PID:7580
- C:\Windows\System32\StWHQMM.exe
  C:\Windows\System32\StWHQMM.exe
  2⤵
  PID:7600
- C:\Windows\System32\bWAxFaR.exe
  C:\Windows\System32\bWAxFaR.exe
  2⤵
  PID:7616
- C:\Windows\System32\uslVmIW.exe
  C:\Windows\System32\uslVmIW.exe
  2⤵
  PID:7640
- C:\Windows\System32\zqwBXAH.exe
  C:\Windows\System32\zqwBXAH.exe
  2⤵
  PID:7656
- C:\Windows\System32\sgJBiBO.exe
  C:\Windows\System32\sgJBiBO.exe
  2⤵
  PID:7680
- C:\Windows\System32\UsouVre.exe
  C:\Windows\System32\UsouVre.exe
  2⤵
  PID:7700
- C:\Windows\System32\vskwCkz.exe
  C:\Windows\System32\vskwCkz.exe
  2⤵
  PID:7744
- C:\Windows\System32\AwSCfgF.exe
  C:\Windows\System32\AwSCfgF.exe
  2⤵
  PID:7800
- C:\Windows\System32\wjLGycP.exe
  C:\Windows\System32\wjLGycP.exe
  2⤵
  PID:7832
- C:\Windows\System32\EduKvzM.exe
  C:\Windows\System32\EduKvzM.exe
  2⤵
  PID:7852
- C:\Windows\System32\DTGukcE.exe
  C:\Windows\System32\DTGukcE.exe
  2⤵
  PID:7872
- C:\Windows\System32\LDltmth.exe
  C:\Windows\System32\LDltmth.exe
  2⤵
  PID:7892
- C:\Windows\System32\AphdfIG.exe
  C:\Windows\System32\AphdfIG.exe
  2⤵
  PID:7932
- C:\Windows\System32\FHsefyv.exe
  C:\Windows\System32\FHsefyv.exe
  2⤵
  PID:8008
- C:\Windows\System32\nzaxYkQ.exe
  C:\Windows\System32\nzaxYkQ.exe
  2⤵
  PID:8036
- C:\Windows\System32\oDJUetl.exe
  C:\Windows\System32\oDJUetl.exe
  2⤵
  PID:8060
- C:\Windows\System32\VVDpQqJ.exe
  C:\Windows\System32\VVDpQqJ.exe
  2⤵
  PID:8080
- C:\Windows\System32\nETyhLM.exe
  C:\Windows\System32\nETyhLM.exe
  2⤵
  PID:8104
- C:\Windows\System32\VGbiazv.exe
  C:\Windows\System32\VGbiazv.exe
  2⤵
  PID:8152
- C:\Windows\System32\spOVZEG.exe
  C:\Windows\System32\spOVZEG.exe
  2⤵
  PID:8172
- C:\Windows\System32\pdLHPhv.exe
  C:\Windows\System32\pdLHPhv.exe
  2⤵
  PID:6516
- C:\Windows\System32\imhGNil.exe
  C:\Windows\System32\imhGNil.exe
  2⤵
  PID:7204
- C:\Windows\System32\gjeBHEl.exe
  C:\Windows\System32\gjeBHEl.exe
  2⤵
  PID:7256
- C:\Windows\System32\sbiJyGS.exe
  C:\Windows\System32\sbiJyGS.exe
  2⤵
  PID:7276
- C:\Windows\System32\PfoNjyT.exe
  C:\Windows\System32\PfoNjyT.exe
  2⤵
  PID:7388
- C:\Windows\System32\fqzYiBi.exe
  C:\Windows\System32\fqzYiBi.exe
  2⤵
  PID:7476
- C:\Windows\System32\HmftvFQ.exe
  C:\Windows\System32\HmftvFQ.exe
  2⤵
  PID:7468
- C:\Windows\System32\pmylUgX.exe
  C:\Windows\System32\pmylUgX.exe
  2⤵
  PID:7636
- C:\Windows\System32\RodIAsh.exe
  C:\Windows\System32\RodIAsh.exe
  2⤵
  PID:7664
- C:\Windows\System32\ahODPFd.exe
  C:\Windows\System32\ahODPFd.exe
  2⤵
  PID:7772
- C:\Windows\System32\kisMqik.exe
  C:\Windows\System32\kisMqik.exe
  2⤵
  PID:7740
- C:\Windows\System32\DuHUoOs.exe
  C:\Windows\System32\DuHUoOs.exe
  2⤵
  PID:7860
- C:\Windows\System32\qxBDcYi.exe
  C:\Windows\System32\qxBDcYi.exe
  2⤵
  PID:8088
- C:\Windows\System32\FejDOJC.exe
  C:\Windows\System32\FejDOJC.exe
  2⤵
  PID:8096
- C:\Windows\System32\GHXeNSQ.exe
  C:\Windows\System32\GHXeNSQ.exe
  2⤵
  PID:8120
- C:\Windows\System32\okKiNUZ.exe
  C:\Windows\System32\okKiNUZ.exe
  2⤵
  PID:8184
- C:\Windows\System32\SLmOzEi.exe
  C:\Windows\System32\SLmOzEi.exe
  2⤵
  PID:6904
- C:\Windows\System32\LXVZjkl.exe
  C:\Windows\System32\LXVZjkl.exe
  2⤵
  PID:7308
- C:\Windows\System32\ugutKvN.exe
  C:\Windows\System32\ugutKvN.exe
  2⤵
  PID:7456
- C:\Windows\System32\elnpHdU.exe
  C:\Windows\System32\elnpHdU.exe
  2⤵
  PID:7632
- C:\Windows\System32\TrlSJEd.exe
  C:\Windows\System32\TrlSJEd.exe
  2⤵
  PID:7880
- C:\Windows\System32\QPPEcDz.exe
  C:\Windows\System32\QPPEcDz.exe
  2⤵
  PID:7904
- C:\Windows\System32\ZCdaGab.exe
  C:\Windows\System32\ZCdaGab.exe
  2⤵
  PID:8128
- C:\Windows\System32\WuLsyws.exe
  C:\Windows\System32\WuLsyws.exe
  2⤵
  PID:6880
- C:\Windows\System32\cfLUTBj.exe
  C:\Windows\System32\cfLUTBj.exe
  2⤵
  PID:7820
- C:\Windows\System32\RWhSKIY.exe
  C:\Windows\System32\RWhSKIY.exe
  2⤵
  PID:8168
- C:\Windows\System32\rQLdTTG.exe
  C:\Windows\System32\rQLdTTG.exe
  2⤵
  PID:8004
- C:\Windows\System32\kVslnBE.exe
  C:\Windows\System32\kVslnBE.exe
  2⤵
  PID:7808
- C:\Windows\System32\XsdpCgP.exe
  C:\Windows\System32\XsdpCgP.exe
  2⤵
  PID:8212
- C:\Windows\System32\HwKvXgM.exe
  C:\Windows\System32\HwKvXgM.exe
  2⤵
  PID:8232
- C:\Windows\System32\LutHHPW.exe
  C:\Windows\System32\LutHHPW.exe
  2⤵
  PID:8272
- C:\Windows\System32\SbiQbkA.exe
  C:\Windows\System32\SbiQbkA.exe
  2⤵
  PID:8308
- C:\Windows\System32\zsjrbbf.exe
  C:\Windows\System32\zsjrbbf.exe
  2⤵
  PID:8336
- C:\Windows\System32\BqIKceX.exe
  C:\Windows\System32\BqIKceX.exe
  2⤵
  PID:8360
- C:\Windows\System32\LOkvWAU.exe
  C:\Windows\System32\LOkvWAU.exe
  2⤵
  PID:8384
- C:\Windows\System32\AFJEsdr.exe
  C:\Windows\System32\AFJEsdr.exe
  2⤵
  PID:8400
- C:\Windows\System32\GdTJYbO.exe
  C:\Windows\System32\GdTJYbO.exe
  2⤵
  PID:8424
- C:\Windows\System32\yPxDZOy.exe
  C:\Windows\System32\yPxDZOy.exe
  2⤵
  PID:8444
- C:\Windows\System32\dkKkbkI.exe
  C:\Windows\System32\dkKkbkI.exe
  2⤵
  PID:8464
- C:\Windows\System32\xQqunXZ.exe
  C:\Windows\System32\xQqunXZ.exe
  2⤵
  PID:8488
- C:\Windows\System32\DMKbaCJ.exe
  C:\Windows\System32\DMKbaCJ.exe
  2⤵
  PID:8520
- C:\Windows\System32\OpsdRDn.exe
  C:\Windows\System32\OpsdRDn.exe
  2⤵
  PID:8540
- C:\Windows\System32\jnvdDOe.exe
  C:\Windows\System32\jnvdDOe.exe
  2⤵
  PID:8560
- C:\Windows\System32\TUMUzBT.exe
  C:\Windows\System32\TUMUzBT.exe
  2⤵
  PID:8628
- C:\Windows\System32\sPtxJGI.exe
  C:\Windows\System32\sPtxJGI.exe
  2⤵
  PID:8660
- C:\Windows\System32\bmHoyhI.exe
  C:\Windows\System32\bmHoyhI.exe
  2⤵
  PID:8676
- C:\Windows\System32\UDGZluK.exe
  C:\Windows\System32\UDGZluK.exe
  2⤵
  PID:8700
- C:\Windows\System32\yGwhGNq.exe
  C:\Windows\System32\yGwhGNq.exe
  2⤵
  PID:8716
- C:\Windows\System32\DazEdAN.exe
  C:\Windows\System32\DazEdAN.exe
  2⤵
  PID:8760
- C:\Windows\System32\JlHsTMT.exe
  C:\Windows\System32\JlHsTMT.exe
  2⤵
  PID:8784
- C:\Windows\System32\QndNieu.exe
  C:\Windows\System32\QndNieu.exe
  2⤵
  PID:8804
- C:\Windows\System32\bfubeSP.exe
  C:\Windows\System32\bfubeSP.exe
  2⤵
  PID:8840
- C:\Windows\System32\bbqAAhA.exe
  C:\Windows\System32\bbqAAhA.exe
  2⤵
  PID:8880
- C:\Windows\System32\yOviMxj.exe
  C:\Windows\System32\yOviMxj.exe
  2⤵
  PID:8908
- C:\Windows\System32\LbllxoO.exe
  C:\Windows\System32\LbllxoO.exe
  2⤵
  PID:8928
- C:\Windows\System32\ipvuoCM.exe
  C:\Windows\System32\ipvuoCM.exe
  2⤵
  PID:8952
- C:\Windows\System32\NUuujyO.exe
  C:\Windows\System32\NUuujyO.exe
  2⤵
  PID:8972
- C:\Windows\System32\dAqjUtp.exe
  C:\Windows\System32\dAqjUtp.exe
  2⤵
  PID:8996
- C:\Windows\System32\bxgFSOY.exe
  C:\Windows\System32\bxgFSOY.exe
  2⤵
  PID:9024
- C:\Windows\System32\iLHyoCm.exe
  C:\Windows\System32\iLHyoCm.exe
  2⤵
  PID:9068
- C:\Windows\System32\xrSBWov.exe
  C:\Windows\System32\xrSBWov.exe
  2⤵
  PID:9120
- C:\Windows\System32\ZqVnxkt.exe
  C:\Windows\System32\ZqVnxkt.exe
  2⤵
  PID:9136
- C:\Windows\System32\mIGVuri.exe
  C:\Windows\System32\mIGVuri.exe
  2⤵
  PID:9168
- C:\Windows\System32\PUYOnOW.exe
  C:\Windows\System32\PUYOnOW.exe
  2⤵
  PID:9200
- C:\Windows\System32\qJhSijZ.exe
  C:\Windows\System32\qJhSijZ.exe
  2⤵
  PID:8200
- C:\Windows\System32\mqSsGTn.exe
  C:\Windows\System32\mqSsGTn.exe
  2⤵
  PID:8248
- C:\Windows\System32\DmJDUSo.exe
  C:\Windows\System32\DmJDUSo.exe
  2⤵
  PID:8284
- C:\Windows\System32\uNIjzcc.exe
  C:\Windows\System32\uNIjzcc.exe
  2⤵
  PID:8392
- C:\Windows\System32\DGvEfry.exe
  C:\Windows\System32\DGvEfry.exe
  2⤵
  PID:8484
- C:\Windows\System32\LKMLUWT.exe
  C:\Windows\System32\LKMLUWT.exe
  2⤵
  PID:8532
- C:\Windows\System32\cGJBaFj.exe
  C:\Windows\System32\cGJBaFj.exe
  2⤵
  PID:8548
- C:\Windows\System32\vuClDsm.exe
  C:\Windows\System32\vuClDsm.exe
  2⤵
  PID:8644
- C:\Windows\System32\WZporxz.exe
  C:\Windows\System32\WZporxz.exe
  2⤵
  PID:8736
- C:\Windows\System32\QGrKAyw.exe
  C:\Windows\System32\QGrKAyw.exe
  2⤵
  PID:8828
- C:\Windows\System32\vJMWjJy.exe
  C:\Windows\System32\vJMWjJy.exe
  2⤵
  PID:8888
- C:\Windows\System32\LQIOuSr.exe
  C:\Windows\System32\LQIOuSr.exe
  2⤵
  PID:8936
- C:\Windows\System32\ZOylDBY.exe
  C:\Windows\System32\ZOylDBY.exe
  2⤵
  PID:9036
- C:\Windows\System32\RIhGwOG.exe
  C:\Windows\System32\RIhGwOG.exe
  2⤵
  PID:9064
- C:\Windows\System32\wkWfFLe.exe
  C:\Windows\System32\wkWfFLe.exe
  2⤵
  PID:9080
- C:\Windows\System32\uVBifHF.exe
  C:\Windows\System32\uVBifHF.exe
  2⤵
  PID:9152
- C:\Windows\System32\uRizQjV.exe
  C:\Windows\System32\uRizQjV.exe
  2⤵
  PID:9196
- C:\Windows\System32\KIrqxvy.exe
  C:\Windows\System32\KIrqxvy.exe
  2⤵
  PID:8264
- C:\Windows\System32\fRcWODh.exe
  C:\Windows\System32\fRcWODh.exe
  2⤵
  PID:8452
- C:\Windows\System32\ItQGGZb.exe
  C:\Windows\System32\ItQGGZb.exe
  2⤵
  PID:8516
- C:\Windows\System32\JzUvqai.exe
  C:\Windows\System32\JzUvqai.exe
  2⤵
  PID:8636
- C:\Windows\System32\IXyysFJ.exe
  C:\Windows\System32\IXyysFJ.exe
  2⤵
  PID:8992
- C:\Windows\System32\IfrgGwi.exe
  C:\Windows\System32\IfrgGwi.exe
  2⤵
  PID:8900
- C:\Windows\System32\qDGpRNN.exe
  C:\Windows\System32\qDGpRNN.exe
  2⤵
  PID:8508
- C:\Windows\System32\UkxNnek.exe
  C:\Windows\System32\UkxNnek.exe
  2⤵
  PID:9128
- C:\Windows\System32\eZAYZHT.exe
  C:\Windows\System32\eZAYZHT.exe
  2⤵
  PID:9052
- C:\Windows\System32\pdTrcqe.exe
  C:\Windows\System32\pdTrcqe.exe
  2⤵
  PID:9176
- C:\Windows\System32\UszhfnT.exe
  C:\Windows\System32\UszhfnT.exe
  2⤵
  PID:9232
- C:\Windows\System32\XhZBgpP.exe
  C:\Windows\System32\XhZBgpP.exe
  2⤵
  PID:9252
- C:\Windows\System32\UbcQgLV.exe
  C:\Windows\System32\UbcQgLV.exe
  2⤵
  PID:9280
- C:\Windows\System32\VtdAdKc.exe
  C:\Windows\System32\VtdAdKc.exe
  2⤵
  PID:9300
- C:\Windows\System32\cjHIBKo.exe
  C:\Windows\System32\cjHIBKo.exe
  2⤵
  PID:9348
- C:\Windows\System32\RQvAgdl.exe
  C:\Windows\System32\RQvAgdl.exe
  2⤵
  PID:9364
- C:\Windows\System32\lmocARp.exe
  C:\Windows\System32\lmocARp.exe
  2⤵
  PID:9400
- C:\Windows\System32\vGvtEwQ.exe
  C:\Windows\System32\vGvtEwQ.exe
  2⤵
  PID:9432
- C:\Windows\System32\dAjFxKq.exe
  C:\Windows\System32\dAjFxKq.exe
  2⤵
  PID:9448
- C:\Windows\System32\sYgKsxJ.exe
  C:\Windows\System32\sYgKsxJ.exe
  2⤵
  PID:9468
- C:\Windows\System32\rOQtVnT.exe
  C:\Windows\System32\rOQtVnT.exe
  2⤵
  PID:9492
- C:\Windows\System32\ELXzpSA.exe
  C:\Windows\System32\ELXzpSA.exe
  2⤵
  PID:9512
- C:\Windows\System32\UuenMnT.exe
  C:\Windows\System32\UuenMnT.exe
  2⤵
  PID:9536
- C:\Windows\System32\kjGbuZE.exe
  C:\Windows\System32\kjGbuZE.exe
  2⤵
  PID:9560
- C:\Windows\System32\wUmkTjE.exe
  C:\Windows\System32\wUmkTjE.exe
  2⤵
  PID:9608
- C:\Windows\System32\EFImqmi.exe
  C:\Windows\System32\EFImqmi.exe
  2⤵
  PID:9636
- C:\Windows\System32\kCrcgal.exe
  C:\Windows\System32\kCrcgal.exe
  2⤵
  PID:9684
- C:\Windows\System32\gKLUSyQ.exe
  C:\Windows\System32\gKLUSyQ.exe
  2⤵
  PID:9712
- C:\Windows\System32\HSuegst.exe
  C:\Windows\System32\HSuegst.exe
  2⤵
  PID:9764
- C:\Windows\System32\fjSXrFy.exe
  C:\Windows\System32\fjSXrFy.exe
  2⤵
  PID:9780
- C:\Windows\System32\PzJYwiS.exe
  C:\Windows\System32\PzJYwiS.exe
  2⤵
  PID:9796
- C:\Windows\System32\EXRDEDb.exe
  C:\Windows\System32\EXRDEDb.exe
  2⤵
  PID:9812
- C:\Windows\System32\biogMwU.exe
  C:\Windows\System32\biogMwU.exe
  2⤵
  PID:9828
- C:\Windows\System32\vRribsv.exe
  C:\Windows\System32\vRribsv.exe
  2⤵
  PID:9844
- C:\Windows\System32\lwDXupo.exe
  C:\Windows\System32\lwDXupo.exe
  2⤵
  PID:9880
- C:\Windows\System32\LvorAgq.exe
  C:\Windows\System32\LvorAgq.exe
  2⤵
  PID:9936
- C:\Windows\System32\fmMFvIM.exe
  C:\Windows\System32\fmMFvIM.exe
  2⤵
  PID:9968
- C:\Windows\System32\ZUfLAbt.exe
  C:\Windows\System32\ZUfLAbt.exe
  2⤵
  PID:9988
- C:\Windows\System32\eQrRtbM.exe
  C:\Windows\System32\eQrRtbM.exe
  2⤵
  PID:10012
- C:\Windows\System32\RSYPIlh.exe
  C:\Windows\System32\RSYPIlh.exe
  2⤵
  PID:10036
- C:\Windows\System32\HtWigsy.exe
  C:\Windows\System32\HtWigsy.exe
  2⤵
  PID:10084
- C:\Windows\System32\qialaRP.exe
  C:\Windows\System32\qialaRP.exe
  2⤵
  PID:10104
- C:\Windows\System32\Qpgsjoc.exe
  C:\Windows\System32\Qpgsjoc.exe
  2⤵
  PID:10124
- C:\Windows\System32\qrcWSxZ.exe
  C:\Windows\System32\qrcWSxZ.exe
  2⤵
  PID:10140
- C:\Windows\System32\pfbALCM.exe
  C:\Windows\System32\pfbALCM.exe
  2⤵
  PID:10156
- C:\Windows\System32\pOnqihX.exe
  C:\Windows\System32\pOnqihX.exe
  2⤵
  PID:10172
- C:\Windows\System32\sAcNYCj.exe
  C:\Windows\System32\sAcNYCj.exe
  2⤵
  PID:10196
- C:\Windows\System32\JMnEuxq.exe
  C:\Windows\System32\JMnEuxq.exe
  2⤵
  PID:10224
- C:\Windows\System32\ZuKFaLB.exe
  C:\Windows\System32\ZuKFaLB.exe
  2⤵
  PID:9240
- C:\Windows\System32\uDjgPok.exe
  C:\Windows\System32\uDjgPok.exe
  2⤵
  PID:9420
- C:\Windows\System32\GSNkkrk.exe
  C:\Windows\System32\GSNkkrk.exe
  2⤵
  PID:9548
- C:\Windows\System32\YtrILWg.exe
  C:\Windows\System32\YtrILWg.exe
  2⤵
  PID:9568
- C:\Windows\System32\KxxnTAi.exe
  C:\Windows\System32\KxxnTAi.exe
  2⤵
  PID:9624
- C:\Windows\System32\CBVLIzH.exe
  C:\Windows\System32\CBVLIzH.exe
  2⤵
  PID:9724
- C:\Windows\System32\CbbfRcW.exe
  C:\Windows\System32\CbbfRcW.exe
  2⤵
  PID:9776
- C:\Windows\System32\vlGIbaH.exe
  C:\Windows\System32\vlGIbaH.exe
  2⤵
  PID:9820
- C:\Windows\System32\HfeWkxY.exe
  C:\Windows\System32\HfeWkxY.exe
  2⤵
  PID:9932
- C:\Windows\System32\OGgUspZ.exe
  C:\Windows\System32\OGgUspZ.exe
  2⤵
  PID:10000
- C:\Windows\System32\mhGYRTM.exe
  C:\Windows\System32\mhGYRTM.exe
  2⤵
  PID:10044
- C:\Windows\System32\twNaxMK.exe
  C:\Windows\System32\twNaxMK.exe
  2⤵
  PID:10060
- C:\Windows\System32\JAcoWwN.exe
  C:\Windows\System32\JAcoWwN.exe
  2⤵
  PID:10120
- C:\Windows\System32\cbbmRGI.exe
  C:\Windows\System32\cbbmRGI.exe
  2⤵
  PID:10232
- C:\Windows\System32\JCtHlNp.exe
  C:\Windows\System32\JCtHlNp.exe
  2⤵
  PID:10164
- C:\Windows\System32\JYWsybe.exe
  C:\Windows\System32\JYWsybe.exe
  2⤵
  PID:9384
- C:\Windows\System32\HevlBMf.exe
  C:\Windows\System32\HevlBMf.exe
  2⤵
  PID:9652
- C:\Windows\System32\CkiCcQc.exe
  C:\Windows\System32\CkiCcQc.exe
  2⤵
  PID:9792
- C:\Windows\System32\ZcpSHWp.exe
  C:\Windows\System32\ZcpSHWp.exe
  2⤵
  PID:9896
- C:\Windows\System32\QollmLn.exe
  C:\Windows\System32\QollmLn.exe
  2⤵
  PID:10148
- C:\Windows\System32\uaJTpUB.exe
  C:\Windows\System32\uaJTpUB.exe
  2⤵
  PID:9444
- C:\Windows\System32\hIUwVUV.exe
  C:\Windows\System32\hIUwVUV.exe
  2⤵
  PID:9488
- C:\Windows\System32\mUzJbZP.exe
  C:\Windows\System32\mUzJbZP.exe
  2⤵
  PID:9408
- C:\Windows\System32\LPyRsvs.exe
  C:\Windows\System32\LPyRsvs.exe
  2⤵
  PID:9728
- C:\Windows\System32\AhtYmUq.exe
  C:\Windows\System32\AhtYmUq.exe
  2⤵
  PID:10244
- C:\Windows\System32\RdHdelY.exe
  C:\Windows\System32\RdHdelY.exe
  2⤵
  PID:10280
- C:\Windows\System32\fqjUEZh.exe
  C:\Windows\System32\fqjUEZh.exe
  2⤵
  PID:10304
- C:\Windows\System32\ovoPeYA.exe
  C:\Windows\System32\ovoPeYA.exe
  2⤵
  PID:10320
- C:\Windows\System32\AxaJKAR.exe
  C:\Windows\System32\AxaJKAR.exe
  2⤵
  PID:10352
- C:\Windows\System32\ECUOGIi.exe
  C:\Windows\System32\ECUOGIi.exe
  2⤵
  PID:10376
- C:\Windows\System32\rMuBNIt.exe
  C:\Windows\System32\rMuBNIt.exe
  2⤵
  PID:10424
- C:\Windows\System32\OOnMKws.exe
  C:\Windows\System32\OOnMKws.exe
  2⤵
  PID:10468
- C:\Windows\System32\lPnPrtz.exe
  C:\Windows\System32\lPnPrtz.exe
  2⤵
  PID:10496
- C:\Windows\System32\txuujRy.exe
  C:\Windows\System32\txuujRy.exe
  2⤵
  PID:10520
- C:\Windows\System32\BfomXjI.exe
  C:\Windows\System32\BfomXjI.exe
  2⤵
  PID:10540
- C:\Windows\System32\bYEBDNz.exe
  C:\Windows\System32\bYEBDNz.exe
  2⤵
  PID:10568
- C:\Windows\System32\DYbSvxx.exe
  C:\Windows\System32\DYbSvxx.exe
  2⤵
  PID:10588
- C:\Windows\System32\Akecjqc.exe
  C:\Windows\System32\Akecjqc.exe
  2⤵
  PID:10612
- C:\Windows\System32\HepqkWo.exe
  C:\Windows\System32\HepqkWo.exe
  2⤵
  PID:10640
- C:\Windows\System32\dAnLmAp.exe
  C:\Windows\System32\dAnLmAp.exe
  2⤵
  PID:10664
- C:\Windows\System32\wEHNJBa.exe
  C:\Windows\System32\wEHNJBa.exe
  2⤵
  PID:10720
- C:\Windows\System32\JVGZiaZ.exe
  C:\Windows\System32\JVGZiaZ.exe
  2⤵
  PID:10752
- C:\Windows\System32\VyHrVXF.exe
  C:\Windows\System32\VyHrVXF.exe
  2⤵
  PID:10772
- C:\Windows\System32\UWcSJsA.exe
  C:\Windows\System32\UWcSJsA.exe
  2⤵
  PID:10792
- C:\Windows\System32\OTBLDRZ.exe
  C:\Windows\System32\OTBLDRZ.exe
  2⤵
  PID:10840
- C:\Windows\System32\jbEXMQS.exe
  C:\Windows\System32\jbEXMQS.exe
  2⤵
  PID:10864
- C:\Windows\System32\ZNtzJVB.exe
  C:\Windows\System32\ZNtzJVB.exe
  2⤵
  PID:10892
- C:\Windows\System32\lKQZdjr.exe
  C:\Windows\System32\lKQZdjr.exe
  2⤵
  PID:10908
- C:\Windows\System32\eIjtMiO.exe
  C:\Windows\System32\eIjtMiO.exe
  2⤵
  PID:10944
- C:\Windows\System32\amoadeD.exe
  C:\Windows\System32\amoadeD.exe
  2⤵
  PID:10968
- C:\Windows\System32\KEkTPQr.exe
  C:\Windows\System32\KEkTPQr.exe
  2⤵
  PID:11020
- C:\Windows\System32\NotYwen.exe
  C:\Windows\System32\NotYwen.exe
  2⤵
  PID:11036
- C:\Windows\System32\XZBgbLb.exe
  C:\Windows\System32\XZBgbLb.exe
  2⤵
  PID:11064
- C:\Windows\System32\ctiGHEU.exe
  C:\Windows\System32\ctiGHEU.exe
  2⤵
  PID:11088
- C:\Windows\System32\TjhpZqz.exe
  C:\Windows\System32\TjhpZqz.exe
  2⤵
  PID:11112
- C:\Windows\System32\cLJYmlx.exe
  C:\Windows\System32\cLJYmlx.exe
  2⤵
  PID:11140
- C:\Windows\System32\KAAKbhb.exe
  C:\Windows\System32\KAAKbhb.exe
  2⤵
  PID:11176
- C:\Windows\System32\QNAVLtI.exe
  C:\Windows\System32\QNAVLtI.exe
  2⤵
  PID:11192
- C:\Windows\System32\oeGybjh.exe
  C:\Windows\System32\oeGybjh.exe
  2⤵
  PID:11216
- C:\Windows\System32\MXPcpUn.exe
  C:\Windows\System32\MXPcpUn.exe
  2⤵
  PID:11240
- C:\Windows\System32\NfRdNsd.exe
  C:\Windows\System32\NfRdNsd.exe
  2⤵
  PID:10268
- C:\Windows\System32\swztZmf.exe
  C:\Windows\System32\swztZmf.exe
  2⤵
  PID:10312
- C:\Windows\System32\qVSJEgr.exe
  C:\Windows\System32\qVSJEgr.exe
  2⤵
  PID:10384
- C:\Windows\System32\keuPmwc.exe
  C:\Windows\System32\keuPmwc.exe
  2⤵
  PID:9996
- C:\Windows\System32\kzDTwVX.exe
  C:\Windows\System32\kzDTwVX.exe
  2⤵
  PID:10476
- C:\Windows\System32\jICmOfj.exe
  C:\Windows\System32\jICmOfj.exe
  2⤵
  PID:10528
- C:\Windows\System32\KWHEOSG.exe
  C:\Windows\System32\KWHEOSG.exe
  2⤵
  PID:10604
- C:\Windows\System32\xGWJlAG.exe
  C:\Windows\System32\xGWJlAG.exe
  2⤵
  PID:10652
- C:\Windows\System32\fCqFHqc.exe
  C:\Windows\System32\fCqFHqc.exe
  2⤵
  PID:10648
- C:\Windows\System32\NSLiCNf.exe
  C:\Windows\System32\NSLiCNf.exe
  2⤵
  PID:9276
- C:\Windows\System32\bBbjbtF.exe
  C:\Windows\System32\bBbjbtF.exe
  2⤵
  PID:10852
- C:\Windows\System32\SnKgYYN.exe
  C:\Windows\System32\SnKgYYN.exe
  2⤵
  PID:10932
- C:\Windows\System32\PGsIXHT.exe
  C:\Windows\System32\PGsIXHT.exe
  2⤵
  PID:10996
- C:\Windows\System32\wOwRDWW.exe
  C:\Windows\System32\wOwRDWW.exe
  2⤵
  PID:11048
- C:\Windows\System32\MZnlpRU.exe
  C:\Windows\System32\MZnlpRU.exe
  2⤵
  PID:11120
- C:\Windows\System32\WSqUaWh.exe
  C:\Windows\System32\WSqUaWh.exe
  2⤵
  PID:11148
- C:\Windows\System32\bfnFqnV.exe
  C:\Windows\System32\bfnFqnV.exe
  2⤵
  PID:11212
- C:\Windows\System32\xVWKzQH.exe
  C:\Windows\System32\xVWKzQH.exe
  2⤵
  PID:11260
- C:\Windows\System32\VwAJCRk.exe
  C:\Windows\System32\VwAJCRk.exe
  2⤵
  PID:10316
- C:\Windows\System32\YjbUZvJ.exe
  C:\Windows\System32\YjbUZvJ.exe
  2⤵
  PID:10564
- C:\Windows\System32\UMFRRPY.exe
  C:\Windows\System32\UMFRRPY.exe
  2⤵
  PID:10632
- C:\Windows\System32\pejbnFs.exe
  C:\Windows\System32\pejbnFs.exe
  2⤵
  PID:10788
- C:\Windows\System32\qlCdZrV.exe
  C:\Windows\System32\qlCdZrV.exe
  2⤵
  PID:10920
- C:\Windows\System32\wtgFCet.exe
  C:\Windows\System32\wtgFCet.exe
  2⤵
  PID:11072
- C:\Windows\System32\oIwkTwD.exe
  C:\Windows\System32\oIwkTwD.exe
  2⤵
  PID:10728
- C:\Windows\System32\qNeCbPH.exe
  C:\Windows\System32\qNeCbPH.exe
  2⤵
  PID:4280
- C:\Windows\System32\MaKiNfE.exe
  C:\Windows\System32\MaKiNfE.exe
  2⤵
  PID:10736
- C:\Windows\System32\upcezNt.exe
  C:\Windows\System32\upcezNt.exe
  2⤵
  PID:10264
- C:\Windows\System32\Pdglrxq.exe
  C:\Windows\System32\Pdglrxq.exe
  2⤵
  PID:10832
- C:\Windows\System32\BEXOFFI.exe
  C:\Windows\System32\BEXOFFI.exe
  2⤵
  PID:11124
- C:\Windows\System32\xqWMDUh.exe
  C:\Windows\System32\xqWMDUh.exe
  2⤵
  PID:11316
- C:\Windows\System32\jlZabHI.exe
  C:\Windows\System32\jlZabHI.exe
  2⤵
  PID:11332
- C:\Windows\System32\DWYtJQs.exe
  C:\Windows\System32\DWYtJQs.exe
  2⤵
  PID:11352
- C:\Windows\System32\knwteEo.exe
  C:\Windows\System32\knwteEo.exe
  2⤵
  PID:11376
- C:\Windows\System32\gNTYBPG.exe
  C:\Windows\System32\gNTYBPG.exe
  2⤵
  PID:11408
- C:\Windows\System32\uTsYmfi.exe
  C:\Windows\System32\uTsYmfi.exe
  2⤵
  PID:11436
- C:\Windows\System32\bcXwdZR.exe
  C:\Windows\System32\bcXwdZR.exe
  2⤵
  PID:11452
- C:\Windows\System32\qLcbLie.exe
  C:\Windows\System32\qLcbLie.exe
  2⤵
  PID:11488
- C:\Windows\System32\RXiTKRv.exe
  C:\Windows\System32\RXiTKRv.exe
  2⤵
  PID:11508
- C:\Windows\System32\TJmFZIa.exe
  C:\Windows\System32\TJmFZIa.exe
  2⤵
  PID:11552
- C:\Windows\System32\egGWRYa.exe
  C:\Windows\System32\egGWRYa.exe
  2⤵
  PID:11572
- C:\Windows\System32\iUPWQEE.exe
  C:\Windows\System32\iUPWQEE.exe
  2⤵
  PID:11604
- C:\Windows\System32\EtRubGq.exe
  C:\Windows\System32\EtRubGq.exe
  2⤵
  PID:11636
- C:\Windows\System32\gTIyMoh.exe
  C:\Windows\System32\gTIyMoh.exe
  2⤵
  PID:11660
- C:\Windows\System32\wtlsteb.exe
  C:\Windows\System32\wtlsteb.exe
  2⤵
  PID:11680
- C:\Windows\System32\wsgBwvR.exe
  C:\Windows\System32\wsgBwvR.exe
  2⤵
  PID:11696
- C:\Windows\System32\htTKkds.exe
  C:\Windows\System32\htTKkds.exe
  2⤵
  PID:11716
- C:\Windows\System32\qvyhURw.exe
  C:\Windows\System32\qvyhURw.exe
  2⤵
  PID:11740
- C:\Windows\System32\UAsBMGW.exe
  C:\Windows\System32\UAsBMGW.exe
  2⤵
  PID:11768
- C:\Windows\System32\pdkIoBK.exe
  C:\Windows\System32\pdkIoBK.exe
  2⤵
  PID:11784
- C:\Windows\System32\LjiJaSd.exe
  C:\Windows\System32\LjiJaSd.exe
  2⤵
  PID:11808
- C:\Windows\System32\pLivWTW.exe
  C:\Windows\System32\pLivWTW.exe
  2⤵
  PID:11840
- C:\Windows\System32\yOwlXDb.exe
  C:\Windows\System32\yOwlXDb.exe
  2⤵
  PID:11900
- C:\Windows\System32\oZeXECw.exe
  C:\Windows\System32\oZeXECw.exe
  2⤵
  PID:11932
- C:\Windows\System32\ySJCNAf.exe
  C:\Windows\System32\ySJCNAf.exe
  2⤵
  PID:11952
- C:\Windows\System32\TWfrbDc.exe
  C:\Windows\System32\TWfrbDc.exe
  2⤵
  PID:11984
- C:\Windows\System32\iqXmHzA.exe
  C:\Windows\System32\iqXmHzA.exe
  2⤵
  PID:12000
- C:\Windows\System32\jrcaBkf.exe
  C:\Windows\System32\jrcaBkf.exe
  2⤵
  PID:12028
- C:\Windows\System32\JbWnwMv.exe
  C:\Windows\System32\JbWnwMv.exe
  2⤵
  PID:12056
- C:\Windows\System32\GevAZpI.exe
  C:\Windows\System32\GevAZpI.exe
  2⤵
  PID:12156
- C:\Windows\System32\OKYUCop.exe
  C:\Windows\System32\OKYUCop.exe
  2⤵
  PID:12176
- C:\Windows\System32\VnWsktD.exe
  C:\Windows\System32\VnWsktD.exe
  2⤵
  PID:12192
- C:\Windows\System32\sCMHoCE.exe
  C:\Windows\System32\sCMHoCE.exe
  2⤵
  PID:12212
- C:\Windows\System32\HfFBIGV.exe
  C:\Windows\System32\HfFBIGV.exe
  2⤵
  PID:12236
- C:\Windows\System32\AdPBtXs.exe
  C:\Windows\System32\AdPBtXs.exe
  2⤵
  PID:12252
- C:\Windows\System32\JEVmrSv.exe
  C:\Windows\System32\JEVmrSv.exe
  2⤵
  PID:11284
- C:\Windows\System32\NHWXHZA.exe
  C:\Windows\System32\NHWXHZA.exe
  2⤵
  PID:11344
- C:\Windows\System32\lWQRUwB.exe
  C:\Windows\System32\lWQRUwB.exe
  2⤵
  PID:11388
- C:\Windows\System32\YxbWyZe.exe
  C:\Windows\System32\YxbWyZe.exe
  2⤵
  PID:11468
- C:\Windows\System32\YXRHvCQ.exe
  C:\Windows\System32\YXRHvCQ.exe
  2⤵
  PID:11444
- C:\Windows\System32\pwxhOSG.exe
  C:\Windows\System32\pwxhOSG.exe
  2⤵
  PID:11536
- C:\Windows\System32\MizxbAZ.exe
  C:\Windows\System32\MizxbAZ.exe
  2⤵
  PID:11592
- C:\Windows\System32\cCTEYtL.exe
  C:\Windows\System32\cCTEYtL.exe
  2⤵
  PID:11648
- C:\Windows\System32\djnnGMD.exe
  C:\Windows\System32\djnnGMD.exe
  2⤵
  PID:11804
- C:\Windows\System32\gHYcMtZ.exe
  C:\Windows\System32\gHYcMtZ.exe
  2⤵
  PID:11752
- C:\Windows\System32\BEDnOWh.exe
  C:\Windows\System32\BEDnOWh.exe
  2⤵
  PID:11872
- C:\Windows\System32\YxkTJnT.exe
  C:\Windows\System32\YxkTJnT.exe
  2⤵
  PID:11908
- C:\Windows\System32\ddMfjbO.exe
  C:\Windows\System32\ddMfjbO.exe
  2⤵
  PID:12068
- C:\Windows\System32\mzdeqwl.exe
  C:\Windows\System32\mzdeqwl.exe
  2⤵
  PID:12172
- C:\Windows\System32\oJKYTSn.exe
  C:\Windows\System32\oJKYTSn.exe
  2⤵
  PID:12220
- C:\Windows\System32\hJiyveg.exe
  C:\Windows\System32\hJiyveg.exe
  2⤵
  PID:12248
- C:\Windows\System32\nNTYZQF.exe
  C:\Windows\System32\nNTYZQF.exe
  2⤵
  PID:11428
- C:\Windows\System32\THdtSwE.exe
  C:\Windows\System32\THdtSwE.exe
  2⤵
  PID:11480
- C:\Windows\System32\tszYBMC.exe
  C:\Windows\System32\tszYBMC.exe
  2⤵
  PID:11708
- C:\Windows\System32\LWFbnCa.exe
  C:\Windows\System32\LWFbnCa.exe
  2⤵
  PID:11756
- C:\Windows\System32\WyxOfWf.exe
  C:\Windows\System32\WyxOfWf.exe
  2⤵
  PID:11996
- C:\Windows\System32\tVnpzun.exe
  C:\Windows\System32\tVnpzun.exe
  2⤵
  PID:12124
- C:\Windows\System32\JPdnYQC.exe
  C:\Windows\System32\JPdnYQC.exe
  2⤵
  PID:12232
- C:\Windows\System32\ExMYbUr.exe
  C:\Windows\System32\ExMYbUr.exe
  2⤵
  PID:11364
- C:\Windows\System32\gEruQUD.exe
  C:\Windows\System32\gEruQUD.exe
  2⤵
  PID:11692
- C:\Windows\System32\GErZBMa.exe
  C:\Windows\System32\GErZBMa.exe
  2⤵
  PID:12184
- C:\Windows\System32\sRGqTEl.exe
  C:\Windows\System32\sRGqTEl.exe
  2⤵
  PID:11668
- C:\Windows\System32\squkfMp.exe
  C:\Windows\System32\squkfMp.exe
  2⤵
  PID:12304
- C:\Windows\System32\gJTjxFy.exe
  C:\Windows\System32\gJTjxFy.exe
  2⤵
  PID:12320
- C:\Windows\System32\mNyPuEW.exe
  C:\Windows\System32\mNyPuEW.exe
  2⤵
  PID:12352
- C:\Windows\System32\uYQfvcQ.exe
  C:\Windows\System32\uYQfvcQ.exe
  2⤵
  PID:12376
- C:\Windows\System32\GmGxpqY.exe
  C:\Windows\System32\GmGxpqY.exe
  2⤵
  PID:12476
- C:\Windows\System32\igrvqDX.exe
  C:\Windows\System32\igrvqDX.exe
  2⤵
  PID:12508
- C:\Windows\System32\CfLJraz.exe
  C:\Windows\System32\CfLJraz.exe
  2⤵
  PID:12528
- C:\Windows\System32\SnQUeXK.exe
  C:\Windows\System32\SnQUeXK.exe
  2⤵
  PID:12552
- C:\Windows\System32\OmKqnbo.exe
  C:\Windows\System32\OmKqnbo.exe
  2⤵
  PID:12584
- C:\Windows\System32\uLXwxwI.exe
  C:\Windows\System32\uLXwxwI.exe
  2⤵
  PID:12608
- C:\Windows\System32\LvxzeHw.exe
  C:\Windows\System32\LvxzeHw.exe
  2⤵
  PID:12624
- C:\Windows\System32\ZaJzLqo.exe
  C:\Windows\System32\ZaJzLqo.exe
  2⤵
  PID:12644
- C:\Windows\System32\VnqTlHZ.exe
  C:\Windows\System32\VnqTlHZ.exe
  2⤵
  PID:12668
- C:\Windows\System32\BySKshY.exe
  C:\Windows\System32\BySKshY.exe
  2⤵
  PID:12740
- C:\Windows\System32\GSUwlSD.exe
  C:\Windows\System32\GSUwlSD.exe
  2⤵
  PID:12760
- C:\Windows\System32\iipRztm.exe
  C:\Windows\System32\iipRztm.exe
  2⤵
  PID:12780
- C:\Windows\System32\yCGYBhZ.exe
  C:\Windows\System32\yCGYBhZ.exe
  2⤵
  PID:12804
- C:\Windows\System32\DGPgmVI.exe
  C:\Windows\System32\DGPgmVI.exe
  2⤵
  PID:12820
- C:\Windows\System32\wyzpokk.exe
  C:\Windows\System32\wyzpokk.exe
  2⤵
  PID:12848
- C:\Windows\System32\tUetKFN.exe
  C:\Windows\System32\tUetKFN.exe
  2⤵
  PID:12876
- C:\Windows\System32\xHHuxHW.exe
  C:\Windows\System32\xHHuxHW.exe
  2⤵
  PID:12892
- C:\Windows\System32\reHfTVD.exe
  C:\Windows\System32\reHfTVD.exe
  2⤵
  PID:12924
- C:\Windows\System32\byawxmZ.exe
  C:\Windows\System32\byawxmZ.exe
  2⤵
  PID:12988
- C:\Windows\System32\MUtZdUm.exe
  C:\Windows\System32\MUtZdUm.exe
  2⤵
  PID:13028
- C:\Windows\System32\rVTVhTg.exe
  C:\Windows\System32\rVTVhTg.exe
  2⤵
  PID:13052
- C:\Windows\System32\WXYOhWI.exe
  C:\Windows\System32\WXYOhWI.exe
  2⤵
  PID:13076
- C:\Windows\System32\FgytIxm.exe
  C:\Windows\System32\FgytIxm.exe
  2⤵
  PID:13096
- C:\Windows\System32\jNfUdmi.exe
  C:\Windows\System32\jNfUdmi.exe
  2⤵
  PID:13144
- C:\Windows\System32\ktgYVjH.exe
  C:\Windows\System32\ktgYVjH.exe
  2⤵
  PID:13160
- C:\Windows\System32\ECwkiTa.exe
  C:\Windows\System32\ECwkiTa.exe
  2⤵
  PID:13180
- C:\Windows\System32\IwgaOsW.exe
  C:\Windows\System32\IwgaOsW.exe
  2⤵
  PID:13208
- C:\Windows\System32\nYRkpCt.exe
  C:\Windows\System32\nYRkpCt.exe
  2⤵
  PID:13224
- C:\Windows\System32\naicnjj.exe
  C:\Windows\System32\naicnjj.exe
  2⤵
  PID:13244
- C:\Windows\System32\BrELfZJ.exe
  C:\Windows\System32\BrELfZJ.exe
  2⤵
  PID:13260
- C:\Windows\System32\LIKQOCF.exe
  C:\Windows\System32\LIKQOCF.exe
  2⤵
  PID:13288
- C:\Windows\System32\HBBPyqA.exe
  C:\Windows\System32\HBBPyqA.exe
  2⤵
  PID:12208
- C:\Windows\System32\ONlJOLS.exe
  C:\Windows\System32\ONlJOLS.exe
  2⤵
  PID:12368
- C:\Windows\System32\zsIoQIb.exe
  C:\Windows\System32\zsIoQIb.exe
  2⤵
  PID:12424
- C:\Windows\System32\FZteBlZ.exe
  C:\Windows\System32\FZteBlZ.exe
  2⤵
  PID:12388
- C:\Windows\System32\uVDmoQg.exe
  C:\Windows\System32\uVDmoQg.exe
  2⤵
  PID:12444
- C:\Windows\System32\tbRXHBI.exe
  C:\Windows\System32\tbRXHBI.exe
  2⤵
  PID:12524
- C:\Windows\System32\QwobNKU.exe
  C:\Windows\System32\QwobNKU.exe
  2⤵
  PID:12620
- C:\Windows\System32\HRotunZ.exe
  C:\Windows\System32\HRotunZ.exe
  2⤵
  PID:12664
- C:\Windows\System32\YAetkXg.exe
  C:\Windows\System32\YAetkXg.exe
  2⤵
  PID:12844
- C:\Windows\System32\YcJSnlF.exe
  C:\Windows\System32\YcJSnlF.exe
  2⤵
  PID:12884
- C:\Windows\System32\KVlWSHv.exe
  C:\Windows\System32\KVlWSHv.exe
  2⤵
  PID:12920
- C:\Windows\System32\HyMbcYp.exe
  C:\Windows\System32\HyMbcYp.exe
  2⤵
  PID:12968
- C:\Windows\System32\vwcJKdP.exe
  C:\Windows\System32\vwcJKdP.exe
  2⤵
  PID:13040
- C:\Windows\System32\icVwiqb.exe
  C:\Windows\System32\icVwiqb.exe
  2⤵
  PID:13092
- C:\Windows\System32\VCMTBNw.exe
  C:\Windows\System32\VCMTBNw.exe
  2⤵
  PID:13216
- C:\Windows\System32\OoDTBrI.exe
  C:\Windows\System32\OoDTBrI.exe
  2⤵
  PID:13272
- C:\Windows\System32\EorRixR.exe
  C:\Windows\System32\EorRixR.exe
  2⤵
  PID:13308
- C:\Windows\System32\FiyveqJ.exe
  C:\Windows\System32\FiyveqJ.exe
  2⤵
  PID:12416
- C:\Windows\System32\ClbgaDL.exe
  C:\Windows\System32\ClbgaDL.exe
  2⤵
  PID:12492
- C:\Windows\System32\VqLPBKI.exe
  C:\Windows\System32\VqLPBKI.exe
  2⤵
  PID:12520
- C:\Windows\System32\qXAbjxt.exe
  C:\Windows\System32\qXAbjxt.exe
  2⤵
  PID:12712
- C:\Windows\System32\qiDTNHb.exe
  C:\Windows\System32\qiDTNHb.exe
  2⤵
  PID:13020
- C:\Windows\System32\zOrqoQY.exe
  C:\Windows\System32\zOrqoQY.exe
  2⤵
  PID:13220
- C:\Windows\System32\kPcvTVr.exe
  C:\Windows\System32\kPcvTVr.exe
  2⤵
  PID:11948
- C:\Windows\System32\fKRuiNY.exe
  C:\Windows\System32\fKRuiNY.exe
  2⤵
  PID:12436
- C:\Windows\System32\wYLAnld.exe
  C:\Windows\System32\wYLAnld.exe
  2⤵
  PID:12984
- C:\Windows\System32\EqWDFxG.exe
  C:\Windows\System32\EqWDFxG.exe
  2⤵
  PID:13296
- C:\Windows\System32\CvnBBLg.exe
  C:\Windows\System32\CvnBBLg.exe
  2⤵
  PID:12640
- C:\Windows\System32\gpYBzDj.exe
  C:\Windows\System32\gpYBzDj.exe
  2⤵
  PID:13064
- C:\Windows\System32\lstkuBR.exe
  C:\Windows\System32\lstkuBR.exe
  2⤵
  PID:13328
- C:\Windows\System32\uZnsbWS.exe
  C:\Windows\System32\uZnsbWS.exe
  2⤵
  PID:13372
- C:\Windows\System32\ibuxvMu.exe
  C:\Windows\System32\ibuxvMu.exe
  2⤵
  PID:13392
- C:\Windows\System32\TsAGDwx.exe
  C:\Windows\System32\TsAGDwx.exe
  2⤵
  PID:13416
- C:\Windows\System32\vYslDoW.exe
  C:\Windows\System32\vYslDoW.exe
  2⤵
  PID:13444
- C:\Windows\System32\YKwqQld.exe
  C:\Windows\System32\YKwqQld.exe
  2⤵
  PID:13460
- C:\Windows\System32\cBYbdDw.exe
  C:\Windows\System32\cBYbdDw.exe
  2⤵
  PID:13520
- C:\Windows\System32\MhJrEbE.exe
  C:\Windows\System32\MhJrEbE.exe
  2⤵
  PID:13540
- C:\Windows\System32\GcnmYPe.exe
  C:\Windows\System32\GcnmYPe.exe
  2⤵
  PID:13560
- C:\Windows\System32\OyqAfyU.exe
  C:\Windows\System32\OyqAfyU.exe
  2⤵
  PID:13588
- C:\Windows\System32\UdbrLOM.exe
  C:\Windows\System32\UdbrLOM.exe
  2⤵
  PID:13608
- C:\Windows\System32\XIHXfGP.exe
  C:\Windows\System32\XIHXfGP.exe
  2⤵
  PID:13632
- C:\Windows\System32\OdxGqDt.exe
  C:\Windows\System32\OdxGqDt.exe
  2⤵
  PID:13660
- C:\Windows\System32\JkMfURo.exe
  C:\Windows\System32\JkMfURo.exe
  2⤵
  PID:13712
- C:\Windows\System32\RvZgPYd.exe
  C:\Windows\System32\RvZgPYd.exe
  2⤵
  PID:13748
- C:\Windows\System32\EueXrvN.exe
  C:\Windows\System32\EueXrvN.exe
  2⤵
  PID:13764
- C:\Windows\System32\tkBigQn.exe
  C:\Windows\System32\tkBigQn.exe
  2⤵
  PID:13792
- C:\Windows\System32\ADtGCXl.exe
  C:\Windows\System32\ADtGCXl.exe
  2⤵
  PID:13812

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\EbyJibt.exe

Filesize
1.5MB

MD5
0e180d0231ec588c2aec71284b5d1fa3

SHA1
67200c12c2bf627ac38e6cb6c947ac03640bd0cd

SHA256
4a5be16f51bb789277db98696a2a8a3864a0bcee3d9c15b6c67d68c34b42a445

SHA512
959d6a3c1c0cac0d0e47f88f50884a65a78a8c31c39d7f31347e9ef8633616928b18508f1372de32ce55c861935e32806de049208d6a099bd0dadcec09e34d4f

Download Submit
C:\Windows\System32\EuvzGiB.exe

Filesize
1.5MB

MD5
7837904151cff3e526d4f762b594adef

SHA1
cf38512afaea8f586ef714333b901c2809cd1702

SHA256
cd277926c68aed5aee4ce20df7058cea65ccb22299310594372fd7bd23116d4d

SHA512
1dc4a5ef9a91fb1fdac12ca5fbce5762e6ed199598a1d132e7966db00c119d256c95e796de2f673d0b205fd878b6b8217af11a30232180bdd7e351a218a4f3cc

Download Submit
C:\Windows\System32\FGLdZIW.exe

Filesize
1.5MB

MD5
0f31783fa6917e43b86ef364b358f7b6

SHA1
2b77369d5aa808d9061c9e90fb340d16350ebaef

SHA256
edce8eedf6ae3eba15b796f9dffa6947103022cea93edc4beb7adf7e4089b4c2

SHA512
661cb7e14fddf896a11cc112684561922055d18b367ccba7646d482f9a7d974d2267033602d771437d196512fe8ba0b109242415dee5acfa82e5649b4d37e4ac

Download Submit
C:\Windows\System32\FrhEtaF.exe

Filesize
1.5MB

MD5
ef907d67612ff854945c6c83d281a1dd

SHA1
f2ac7bb1f6da4e3b03dc1307e6e932c5608a9f53

SHA256
121150df960803e50087d979cb65ee222346ac6933378f26408bb997629169bc

SHA512
aa713a50937aa2d418de6eb72a449c9cbe63479ec4dd874ee1d9f0f05dc71146b66ad664b341c64b7d46baa21fa11b57ef814064ce9ea85ede76957cf2f2eaed

Download Submit
C:\Windows\System32\GqOZzho.exe

Filesize
1.5MB

MD5
ea537146c597df9bec94d039f9a75fcf

SHA1
d3747bfcd1c707864a471dc4969734f10a51f787

SHA256
4a078659f8177c198417e72dbf565151070aef7bdbce7c974332b1bbd4d5cdd8

SHA512
2a71a1f7b38f74dc44ae46c8cb71d51d821fd76e7c9a957adb7d8435f75818c287ccbc83c1c666d12120efb22710d9a0b9d79e3f3d8abba92d0d2f4554ae1698

Download Submit
C:\Windows\System32\IgKJWvB.exe

Filesize
1.5MB

MD5
81c832c670d30b05643bb0659f9384a1

SHA1
1bc87d4e82d9d6ce92c28bd00863ad3331c8f921

SHA256
c47b1662e30751fe6b4656b8794bdbb10a755581f76e8f010d5ae5738d7b79d8

SHA512
9b9b7ef9908fef159df9969259ba35bf1c0810d0cec71609ca1db773bc0efea4cbd8d2bb62212e3598de31cbe52bf16c1fb99e36eb76e90143f562dc8d1215ce

Download Submit
C:\Windows\System32\KLfLzGY.exe

Filesize
1.5MB

MD5
1ee5bbe1290d5a705894cc8b51679942

SHA1
10caa857702e630a7e9b33d04939eddd97a02ac7

SHA256
c752e5b51505b18318bd47f1113c5108e8bbace7805b445b24e61069ca44434e

SHA512
d618945a32a85a415696624b1c342213f8405ce044be8335e51fcf3c01f1d0596b1df1c00c08aa7aee583eb73cffb8a0a76792be9930d65b0aed102744343539

Download Submit
C:\Windows\System32\OTwnzZx.exe

Filesize
1.5MB

MD5
70e9c68394b3152fcd8db9d4a674a641

SHA1
a885911ab175521d9d43e017e514b62914910daf

SHA256
f68972f05f2270ce6fb8dd34432d9aa707379496b5335cea37e55c8636cb690c

SHA512
8f4ed394799e2c79d5e42b643e08f528b5b2f9cb449f97b088911dde366e552e0f799d27f6c78e12ff1a52f1c17ac92a92611accd28a975ad16719998d104448

Download Submit
C:\Windows\System32\OzFjHyx.exe

Filesize
1.5MB

MD5
d6756415309e14d84d1571cc704cf2db

SHA1
cb8f1f052c70f20ca6742a2d61a148a16031d077

SHA256
7b1bdc46fe6263024727d5eb818bbc647f5050f7c1650264d0cc2640acb081ad

SHA512
f2e014c7686a6a27f4109fe2fc804eec322e9a18c06811417fd7f3c1661b8ef8dd1340f9df29e4103e975bf28b88e8e3235cf260cbfa0e74a95078e689b4be43

Download Submit
C:\Windows\System32\QvqDpZz.exe

Filesize
1.5MB

MD5
b7647bcd14650a2b138ca39d99498245

SHA1
0a360704c455a49f9a9d02e0001b4c7cde8eb179

SHA256
5e30082447d8cb27ad0fa8cae462dd07af8d735b9493c5b72a486dd16c4de9f0

SHA512
d057b42f26ff29d075a526d81dd6ccd19a75579b7b05027f19861c9a3644d3670cb2c6215c4922b113046e32a475dc6a9caffa3f889d939f981defaa26900f64

Download Submit
C:\Windows\System32\SzVmPmO.exe

Filesize
1.5MB

MD5
bede48ffede4802fb87f2b1864395251

SHA1
bab39cce92b0858c5bd020b5cc844064c02ab4ef

SHA256
555518e315a32d8403657e0692b46663ab4a30ed2ba937e1c15679959ee8b3e9

SHA512
7ae81b9c6e9b22fac2843557317ea6fff192289f4047f736327545e834e7d870d1e88096ddf73a4754dc18d26cb2a813b0c8c61d223adb0d05ae8c15a75e49e0

Download Submit
C:\Windows\System32\UBYWyRt.exe

Filesize
1.5MB

MD5
a81ea9ec272e7dd037200689e666cb52

SHA1
fd7486d0170ffe5bd652f00a6087cd9ed9e02da2

SHA256
d06a0e15da6c13e826bd9400c7da68775e95600e8f752fec79d3e07000ef69f0

SHA512
580c02409bd0f893e8a94698389fd6e5edd9aa6c83d89a397356dc9be82776853d6b0d6fee58f6e68319b5be467663eeef41cffbef567f9310d48cf5f7f6e5b4

Download Submit
C:\Windows\System32\UIuUVlP.exe

Filesize
1.5MB

MD5
c151aeb7e45f03197c8c94729362eec7

SHA1
3a10041e77a0b51db54b8b480ab22e7be09ac348

SHA256
b9638d7608a433bf59be5b7c7b2df98a228abd263607cc60705aedb566ad166e

SHA512
6f72005089563bce154d75bc412a0f68cf494bbb156120225c39064e69e74d0e1ab35d692313051b6b94b45552a6f5732b0f6353a8de89dd035e48963baf1735

Download Submit
C:\Windows\System32\UdoySfC.exe

Filesize
1.5MB

MD5
88bbf3569baa320915a3879c2e7965f0

SHA1
9c5c541901939bd76d536a33a5ca27e5656bfabd

SHA256
23e0463c96074d8c50e8b3b923f4d5c2540f18fcd340e40b810ab240100e41cd

SHA512
f34ae9a6e42fd6c9611bae7ad5862ad27d99922765111e4a6fbe0278d9449ba1684331a810af88efef9f2dda4560085e097ec9a405e80b61862784d704153e3a

Download Submit
C:\Windows\System32\UmxdJOU.exe

Filesize
1.5MB

MD5
812ea3693617cd4bdec749e6c1a527a6

SHA1
d49a67a11bcf52b441b701de38bb8b77adb2dbc5

SHA256
eead769f2dacb800acf3392728ae61912d0809d7c35727d6282691168b536507

SHA512
f5e74702305bb7090aeb3c2a7a8aaf50085190f5ee65a84fa38569dbb538cf1b57b156ffc98b9c354202c3625fb95149f5d95ddd200de2425c533143aa2a23fd

Download Submit
C:\Windows\System32\VBWHbrb.exe

Filesize
1.5MB

MD5
d1cc8e201c2c67a5a4d2e4021cb28a02

SHA1
c5cb350249e6bdc9ccd34ef3d93ccae990e654be

SHA256
18dfe8f67816e63f0fa2d85259a8c18699293df3143ad2fec64d2ee4a90f0aed

SHA512
9657c5ccc682a6058b62a250940ade28ba2c3fd7621b96e92a3f06fbee8076530180bc0422010c1acc85d54c3c3faef68507d8b7acc3c46976c556a008205168

Download Submit
C:\Windows\System32\XohxFzS.exe

Filesize
1.5MB

MD5
10b4fd63c594d5f2263fac0ffa6b2940

SHA1
3b89b976ee519f15bfa75a4389239a686c530dad

SHA256
cc25cfcd30a3eff541d5eb98b69b1f7fe55a895d6d71a03a2bb33bd1802cd3ef

SHA512
08b17d31531cd3c3b6b03e718371d1c87ff0e26fb4b12aeeedc9ad2c79da34f7dee563f5430b737a9f9434fe09cef8d503159ab4429d0be6674463cf9f4d5bcb

Download Submit
C:\Windows\System32\ZZxwCZG.exe

Filesize
1.5MB

MD5
fe6e0300f6f74a0c22aab40bd4fd8165

SHA1
0d0a50ec62465e45b843bbe64eabbb289f7802ea

SHA256
3e4fb4aedb17d52a62e20f08589705f9bbc2340b3d3665995c37b72897d27385

SHA512
5aa6459dac9b99629ddc24fef293a030474d5b13b3acbf0a625abbedaa7f9e5c8a43be263b1454d53b91d8411e0009aeb96baf06e9b3bf9d14938df5f4e994c5

Download Submit
C:\Windows\System32\aHahwGx.exe

Filesize
1.5MB

MD5
45b5f37ce23f5cead92979f43d570eb6

SHA1
0780caeaac26705c6ce03fdbf655583eed1925fe

SHA256
a75c1f181056fa590f9ae4dac5611e4461267c4302f47eb62aa44923c6af492d

SHA512
c9fe19b1b5cb254054f32fb14cd9fea39fc3e119e6557e51d90a8a6867160d790f185d18ec36aa6f40be4e29ca7b1829ea0e388ad8f67fd24d06756a25052c41

Download Submit
C:\Windows\System32\fpLXIEL.exe

Filesize
1.5MB

MD5
ed15eeb7d390e86a5782259621edfa1a

SHA1
f2ac73bcbf906fa10082aab8298b7b6aadc34759

SHA256
18987d683c9b1aaf769a49021adb7c5ed637801add466a7e27439f5b2cfc8e51

SHA512
34b8c8860545c319bda20b19ba72f4a09bfa6735166a5de4c3a6dd2d32db4f92eb60a63d8fc1e7eaa6363119f83cb9ae995a34ad56c8d5ec0c26e49fbaf4eb73

Download Submit
C:\Windows\System32\iYvULkQ.exe

Filesize
1.5MB

MD5
6894c2b085b4e45b0dbecc9b3bc3f600

SHA1
2ccf086247b637e9a5d2bb4e0b3c2f17eab0efd6

SHA256
66812e9801465587a38f4fda4c14d3910fd4ff6c1d9017d2cc575783870320b3

SHA512
1b8cbb544f61ada3e226454792931df67447a00a2faea9e647462136371d73329a7d8600cae14bca3ed79165cdd4190e3c12ad009b61cca1004517b023f75a15

Download Submit
C:\Windows\System32\ibfMxlG.exe

Filesize
1.5MB

MD5
78f250c88bdbf03b8e2c9657120ee09a

SHA1
974616bef9265c25d2e277397567ada7c2dbeb43

SHA256
7879091c349ca63faf115bf07c03c42dfd6098f40a9e5e801913fd5b06a63b0f

SHA512
e3420c9b724836ba29721aee498c7b77bfc4d25db0877b960873616be3857f17719c9327fb2c0a0ee1fbcaf32ff134f7963c4bac79e1c4457ce5aac28239af6b

Download Submit
C:\Windows\System32\jgOLYCd.exe

Filesize
1.5MB

MD5
d98135135d423cceb2d13ff5ae6128e8

SHA1
133023e342a0d05abb7a5b9566f266e83e4e299b

SHA256
b3b6e52b54268f371b669f9824191aa6c028ae4120079ccad5ac1e3f4ffbf300

SHA512
3a8be58675db1ae62807fd2d8958e4da37f159a9ebb021271ffc5ab6dd2bf1fcf0e0cb37c575343f43e180f2f5c52ec2e6ffc834e3e2686157ec75b42be6ddbb

Download Submit
C:\Windows\System32\mIZYhfn.exe

Filesize
1.5MB

MD5
e31747c6a2a0bd6d2fe5fb4ca2409abd

SHA1
a54c101163caf4adff484ae6e8b3bc1753061e87

SHA256
a28c352b82c4ee5a3eb025ffb54d8c6108709a1f23b9602af2adf11b027e8e33

SHA512
95ba13205c934c55924f940ddf1f766ba287c7b5aaa7e6a7ba021f54c0c96d0554613688f40fba98d2fd6c8ec5e9f4e542e944f765a97c08c6222b3d71a669ca

Download Submit
C:\Windows\System32\raBYOtO.exe

Filesize
1.5MB

MD5
2c52cf62e88a413d87d02f35cb108b3b

SHA1
8b8e15398ca7fc984a68cfe92cbbab468db574e0

SHA256
f471da74ba663da1b3579f6a3cd9c641e8fc9d74e974e509a3fe446aa5f2203c

SHA512
1c76e67af720f002bf387f89c269fcb1d8b3054d33f5a208fd39dbcb03a5a9c05cad33763c673068fa1feceacceb6343fe558f51f946e490ddb603e408b0dd53

Download Submit
C:\Windows\System32\sYNbWhW.exe

Filesize
1.5MB

MD5
41897e003a9f1231ff9547240b2bbeff

SHA1
75617203e377d72756cd9309bd48bedcb01d477d

SHA256
09a9a97c58e8dd0df1ee5a03170c13d6bff7cb1156f12148fa76681c2e325d61

SHA512
ed8a2086dfc9288c8fd5d0bdcce4a0296afe09a4d2e8478a2e2b174fadea19f472bb8f8dd59e2f341980fe9b76bbd23bb9cbbcb56bb672137d759366baec6acd

Download Submit
C:\Windows\System32\tlocxTg.exe

Filesize
1.5MB

MD5
d36be607553589e1eb63f993fde909c0

SHA1
cbd9d6d2d11c4b68a1e880131e9815b4d730ff45

SHA256
ca2d751dc3d1e3dbf8852b8d87e2a5b8aac2f79de36f5f85a83c54208b598edd

SHA512
5ecb27a0d1d6becccf09c0c1ae7615fb39786b5fe97a4a2d13c28528988ba15536f1b109905ce92a9a231b6797594eb45824ddf822fe19e90205d9f18866877d

Download Submit
C:\Windows\System32\ukmErhb.exe

Filesize
1.5MB

MD5
d37674b1e47e7fc95f1c5e38efaec94c

SHA1
20db98da5d08211da04c81b8ff05aea6c07df801

SHA256
3c5461ac72972af3939816d492c97cacfa39c707d46197c93065622e71974497

SHA512
cfb80bd1ad71b66706d132d5fec22a7bff1999898671a6aef7dce656a284dddf61bbc35ba4f22e19b07fc0e084a82fc07e1871679c75ecc8366b4304dbee04dc

Download Submit
C:\Windows\System32\uqwgvQr.exe

Filesize
1.5MB

MD5
d1fb937318a5cda7ae6052760c09ac56

SHA1
a8c1802e5f297d2211f6819ed539965f8b4c0d09

SHA256
03af24f75efef1447eb3565376a45ac8e71a2ca3e2d0cfeb25f2c10d0443dcaf

SHA512
fc27f86992a0ea422b45b52ce0798bb9be9713b12451cc25ad06c6ae1fbde1530b5311b8a862383b7eb068542a32e23866617bd5bc26d58ae1a08ec942a961f4

Download Submit
C:\Windows\System32\xRltKgv.exe

Filesize
1.5MB

MD5
c59f3482016ae411f5f6b015f8b3329d

SHA1
72645eb55c3f0ea1efb99162160446d7d7db6cd9

SHA256
e2af6407a5d7f1d7c3ff17a98c76f9f13a7ee4c2fcefa67a4eebccb94e97c753

SHA512
5fa034096e222ee06538d1a123009f2811c9bcd3e3746d4a827fc9a174aabd545013f860f40a0beec38e260e66e0236eb74a55d1c38668db401434c2fe6fe962

Download Submit
C:\Windows\System32\xZmhdkr.exe

Filesize
1.5MB

MD5
b160ab1b7fe939b02fdf1260a760f687

SHA1
fc1e74d4777f34ea47cf4b4f45e330935d4ae115

SHA256
4b3d550eaf4ea2fa6bcc64e9ba301705c9a09fa581d51719491c642e1768fba0

SHA512
6c6abfcedcb3e52873524600f13af4d449344463071c39e2b17656cb538ed8e405b60b250b8d264dda6b26d382861358753a1038099301e9a59f4ce6b6d06d04

Download Submit
C:\Windows\System32\yjOIbKK.exe

Filesize
1.5MB

MD5
426666afa434c268f7d2185b6675ce00

SHA1
92a789090e086e52f9f1cd1aa0758f9f8a68ebed

SHA256
79ea278d698e8f70ed4dcd2e107e7296df2376af9d59887aee3ffa66d1cc82c1

SHA512
3da308426677636c0d28a453ce60acd74f976b63a556c4cbd6fbcf9cfac4b3be5205b74b7a7d99ded46a68cbcf5687e86060a4a417c403897af64b413c2587c2

Download Submit
memory/444-2185-0x00007FF6ED060000-0x00007FF6ED451000-memory.dmp

Filesize
3.9MB

Download
memory/444-851-0x00007FF6ED060000-0x00007FF6ED451000-memory.dmp

Filesize
3.9MB

Download
memory/444-64-0x00007FF6ED060000-0x00007FF6ED451000-memory.dmp

Filesize
3.9MB

Download
memory/916-2264-0x00007FF672AE0000-0x00007FF672ED1000-memory.dmp

Filesize
3.9MB

Download
memory/916-131-0x00007FF672AE0000-0x00007FF672ED1000-memory.dmp

Filesize
3.9MB

Download
memory/916-1284-0x00007FF672AE0000-0x00007FF672ED1000-memory.dmp

Filesize
3.9MB

Download
memory/996-111-0x00007FF73D540000-0x00007FF73D931000-memory.dmp

Filesize
3.9MB

Download
memory/996-2256-0x00007FF73D540000-0x00007FF73D931000-memory.dmp

Filesize
3.9MB

Download
memory/996-1277-0x00007FF73D540000-0x00007FF73D931000-memory.dmp

Filesize
3.9MB

Download
memory/1124-386-0x00007FF73B440000-0x00007FF73B831000-memory.dmp

Filesize
3.9MB

Download
memory/1124-27-0x00007FF73B440000-0x00007FF73B831000-memory.dmp

Filesize
3.9MB

Download
memory/1124-2167-0x00007FF73B440000-0x00007FF73B831000-memory.dmp

Filesize
3.9MB

Download
memory/1644-75-0x00007FF702680000-0x00007FF702A71000-memory.dmp

Filesize
3.9MB

Download
memory/1644-2182-0x00007FF702680000-0x00007FF702A71000-memory.dmp

Filesize
3.9MB

Download
memory/1724-2199-0x00007FF624950000-0x00007FF624D41000-memory.dmp

Filesize
3.9MB

Download
memory/1724-80-0x00007FF624950000-0x00007FF624D41000-memory.dmp

Filesize
3.9MB

Download
memory/1752-378-0x00007FF6D1F60000-0x00007FF6D2351000-memory.dmp

Filesize
3.9MB

Download
memory/1752-2270-0x00007FF6D1F60000-0x00007FF6D2351000-memory.dmp

Filesize
3.9MB

Download
memory/1972-92-0x00007FF601FF0000-0x00007FF6023E1000-memory.dmp

Filesize
3.9MB

Download
memory/1972-2232-0x00007FF601FF0000-0x00007FF6023E1000-memory.dmp

Filesize
3.9MB

Download
memory/1972-1270-0x00007FF601FF0000-0x00007FF6023E1000-memory.dmp

Filesize
3.9MB

Download
memory/2440-33-0x00007FF696FC0000-0x00007FF6973B1000-memory.dmp

Filesize
3.9MB

Download
memory/2440-591-0x00007FF696FC0000-0x00007FF6973B1000-memory.dmp

Filesize
3.9MB

Download
memory/2440-2173-0x00007FF696FC0000-0x00007FF6973B1000-memory.dmp

Filesize
3.9MB

Download
memory/2488-368-0x00007FF6D8510000-0x00007FF6D8901000-memory.dmp

Filesize
3.9MB

Download
memory/2488-2273-0x00007FF6D8510000-0x00007FF6D8901000-memory.dmp

Filesize
3.9MB

Download
memory/2508-18-0x00007FF70D810000-0x00007FF70DC01000-memory.dmp

Filesize
3.9MB

Download
memory/2508-2165-0x00007FF70D810000-0x00007FF70DC01000-memory.dmp

Filesize
3.9MB

Download
memory/2508-449-0x00007FF70D810000-0x00007FF70DC01000-memory.dmp

Filesize
3.9MB

Download
memory/2864-2179-0x00007FF70F550000-0x00007FF70F941000-memory.dmp

Filesize
3.9MB

Download
memory/2864-603-0x00007FF70F550000-0x00007FF70F941000-memory.dmp

Filesize
3.9MB

Download
memory/2864-61-0x00007FF70F550000-0x00007FF70F941000-memory.dmp

Filesize
3.9MB

Download
memory/2872-2163-0x00007FF7F67A0000-0x00007FF7F6B91000-memory.dmp

Filesize
3.9MB

Download
memory/2872-9-0x00007FF7F67A0000-0x00007FF7F6B91000-memory.dmp

Filesize
3.9MB

Download
memory/2872-136-0x00007FF7F67A0000-0x00007FF7F6B91000-memory.dmp

Filesize
3.9MB

Download
memory/3020-132-0x00007FF7531C0000-0x00007FF7535B1000-memory.dmp

Filesize
3.9MB

Download
memory/3020-1-0x000001A593860000-0x000001A593870000-memory.dmp

Filesize
64KB

Download
memory/3020-0-0x00007FF7531C0000-0x00007FF7535B1000-memory.dmp

Filesize
3.9MB

Download
memory/3040-116-0x00007FF75A7A0000-0x00007FF75AB91000-memory.dmp

Filesize
3.9MB

Download
memory/3040-2237-0x00007FF75A7A0000-0x00007FF75AB91000-memory.dmp

Filesize
3.9MB

Download
memory/3376-2177-0x00007FF7816B0000-0x00007FF781AA1000-memory.dmp

Filesize
3.9MB

Download
memory/3376-45-0x00007FF7816B0000-0x00007FF781AA1000-memory.dmp

Filesize
3.9MB

Download
memory/3376-452-0x00007FF7816B0000-0x00007FF781AA1000-memory.dmp

Filesize
3.9MB

Download
memory/3416-2262-0x00007FF7CE120000-0x00007FF7CE511000-memory.dmp

Filesize
3.9MB

Download
memory/3416-1278-0x00007FF7CE120000-0x00007FF7CE511000-memory.dmp

Filesize
3.9MB

Download
memory/3416-122-0x00007FF7CE120000-0x00007FF7CE511000-memory.dmp

Filesize
3.9MB

Download
memory/3420-2169-0x00007FF6681C0000-0x00007FF6685B1000-memory.dmp

Filesize
3.9MB

Download
memory/3420-37-0x00007FF6681C0000-0x00007FF6685B1000-memory.dmp

Filesize
3.9MB

Download
memory/3420-388-0x00007FF6681C0000-0x00007FF6685B1000-memory.dmp

Filesize
3.9MB

Download
memory/3528-2175-0x00007FF7E3980000-0x00007FF7E3D71000-memory.dmp

Filesize
3.9MB

Download
memory/3528-56-0x00007FF7E3980000-0x00007FF7E3D71000-memory.dmp

Filesize
3.9MB

Download
memory/3948-102-0x00007FF7F37E0000-0x00007FF7F3BD1000-memory.dmp

Filesize
3.9MB

Download
memory/3948-1273-0x00007FF7F37E0000-0x00007FF7F3BD1000-memory.dmp

Filesize
3.9MB

Download
memory/3948-2260-0x00007FF7F37E0000-0x00007FF7F3BD1000-memory.dmp

Filesize
3.9MB

Download
memory/4260-1370-0x00007FF7C6A30000-0x00007FF7C6E21000-memory.dmp

Filesize
3.9MB

Download
memory/4260-127-0x00007FF7C6A30000-0x00007FF7C6E21000-memory.dmp

Filesize
3.9MB

Download
memory/4260-2267-0x00007FF7C6A30000-0x00007FF7C6E21000-memory.dmp

Filesize
3.9MB

Download
memory/4828-362-0x00007FF6E2810000-0x00007FF6E2C01000-memory.dmp

Filesize
3.9MB

Download
memory/4828-2268-0x00007FF6E2810000-0x00007FF6E2C01000-memory.dmp

Filesize
3.9MB

Download
memory/4884-2171-0x00007FF7F5390000-0x00007FF7F5781000-memory.dmp

Filesize
3.9MB

Download
memory/4884-46-0x00007FF7F5390000-0x00007FF7F5781000-memory.dmp

Filesize
3.9MB

Download
memory/4896-77-0x00007FF69B0E0000-0x00007FF69B4D1000-memory.dmp

Filesize
3.9MB

Download
memory/4896-2183-0x00007FF69B0E0000-0x00007FF69B4D1000-memory.dmp

Filesize
3.9MB

Download
memory/4980-2258-0x00007FF6E9B20000-0x00007FF6E9F11000-memory.dmp

Filesize
3.9MB

Download
memory/4980-357-0x00007FF6E9B20000-0x00007FF6E9F11000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads