xmrig | fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2

Analysis

max time kernel
101s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
Size

1.2MB
MD5

c89dc3006451c676e9d4d001bc24e260
SHA1

925f43afcf5c5030e6fb253d41095b084b0e8b93
SHA256

fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2
SHA512

1efcb96611ccfa946d9f06bbea2a4e3878ea6d84b3b62f63682c45a9bd09a2f487a52e4520b825ab1835c536ffdebc769e1d4be5163a6c822da99a3b157eb171
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbcXIC:knw9oUUEEDlGUJ8Y9cXIC

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/3940-337-0x00007FF711120000-0x00007FF711511000-memory.dmp	xmrig
behavioral2/memory/4616-351-0x00007FF658D70000-0x00007FF659161000-memory.dmp	xmrig
behavioral2/memory/820-359-0x00007FF7D1EC0000-0x00007FF7D22B1000-memory.dmp	xmrig
behavioral2/memory/3880-365-0x00007FF782310000-0x00007FF782701000-memory.dmp	xmrig
behavioral2/memory/4476-377-0x00007FF6449A0000-0x00007FF644D91000-memory.dmp	xmrig
behavioral2/memory/4392-383-0x00007FF68CF70000-0x00007FF68D361000-memory.dmp	xmrig
behavioral2/memory/2900-385-0x00007FF75D600000-0x00007FF75D9F1000-memory.dmp	xmrig
behavioral2/memory/1164-396-0x00007FF7CDBA0000-0x00007FF7CDF91000-memory.dmp	xmrig
behavioral2/memory/4628-375-0x00007FF7DED30000-0x00007FF7DF121000-memory.dmp	xmrig
behavioral2/memory/4428-339-0x00007FF7F6280000-0x00007FF7F6671000-memory.dmp	xmrig
behavioral2/memory/1616-399-0x00007FF786740000-0x00007FF786B31000-memory.dmp	xmrig
behavioral2/memory/2496-398-0x00007FF7917F0000-0x00007FF791BE1000-memory.dmp	xmrig
behavioral2/memory/1960-407-0x00007FF76FF30000-0x00007FF770321000-memory.dmp	xmrig
behavioral2/memory/2088-415-0x00007FF6A8650000-0x00007FF6A8A41000-memory.dmp	xmrig
behavioral2/memory/2084-430-0x00007FF60C720000-0x00007FF60CB11000-memory.dmp	xmrig
behavioral2/memory/552-433-0x00007FF61CFC0000-0x00007FF61D3B1000-memory.dmp	xmrig
behavioral2/memory/1364-428-0x00007FF6BE410000-0x00007FF6BE801000-memory.dmp	xmrig
behavioral2/memory/648-418-0x00007FF6A3700000-0x00007FF6A3AF1000-memory.dmp	xmrig
behavioral2/memory/936-61-0x00007FF7897D0000-0x00007FF789BC1000-memory.dmp	xmrig
behavioral2/memory/2740-1228-0x00007FF717BC0000-0x00007FF717FB1000-memory.dmp	xmrig
behavioral2/memory/556-1344-0x00007FF7A9390000-0x00007FF7A9781000-memory.dmp	xmrig
behavioral2/memory/4436-1347-0x00007FF65EA00000-0x00007FF65EDF1000-memory.dmp	xmrig
behavioral2/memory/5064-1349-0x00007FF657680000-0x00007FF657A71000-memory.dmp	xmrig
behavioral2/memory/1940-1345-0x00007FF6D8D20000-0x00007FF6D9111000-memory.dmp	xmrig
behavioral2/memory/4892-1401-0x00007FF78A670000-0x00007FF78AA61000-memory.dmp	xmrig
behavioral2/memory/556-2144-0x00007FF7A9390000-0x00007FF7A9781000-memory.dmp	xmrig
behavioral2/memory/1940-2146-0x00007FF6D8D20000-0x00007FF6D9111000-memory.dmp	xmrig
behavioral2/memory/2088-2148-0x00007FF6A8650000-0x00007FF6A8A41000-memory.dmp	xmrig
behavioral2/memory/4436-2150-0x00007FF65EA00000-0x00007FF65EDF1000-memory.dmp	xmrig
behavioral2/memory/4892-2152-0x00007FF78A670000-0x00007FF78AA61000-memory.dmp	xmrig
behavioral2/memory/2084-2160-0x00007FF60C720000-0x00007FF60CB11000-memory.dmp	xmrig
behavioral2/memory/3880-2206-0x00007FF782310000-0x00007FF782701000-memory.dmp	xmrig
behavioral2/memory/4392-2210-0x00007FF68CF70000-0x00007FF68D361000-memory.dmp	xmrig
behavioral2/memory/1164-2214-0x00007FF7CDBA0000-0x00007FF7CDF91000-memory.dmp	xmrig
behavioral2/memory/2900-2212-0x00007FF75D600000-0x00007FF75D9F1000-memory.dmp	xmrig
behavioral2/memory/4476-2208-0x00007FF6449A0000-0x00007FF644D91000-memory.dmp	xmrig
behavioral2/memory/820-2204-0x00007FF7D1EC0000-0x00007FF7D22B1000-memory.dmp	xmrig
behavioral2/memory/4628-2202-0x00007FF7DED30000-0x00007FF7DF121000-memory.dmp	xmrig
behavioral2/memory/4428-2168-0x00007FF7F6280000-0x00007FF7F6671000-memory.dmp	xmrig
behavioral2/memory/3940-2164-0x00007FF711120000-0x00007FF711511000-memory.dmp	xmrig
behavioral2/memory/1364-2162-0x00007FF6BE410000-0x00007FF6BE801000-memory.dmp	xmrig
behavioral2/memory/4616-2170-0x00007FF658D70000-0x00007FF659161000-memory.dmp	xmrig
behavioral2/memory/552-2166-0x00007FF61CFC0000-0x00007FF61D3B1000-memory.dmp	xmrig
behavioral2/memory/5064-2158-0x00007FF657680000-0x00007FF657A71000-memory.dmp	xmrig
behavioral2/memory/936-2156-0x00007FF7897D0000-0x00007FF789BC1000-memory.dmp	xmrig
behavioral2/memory/648-2154-0x00007FF6A3700000-0x00007FF6A3AF1000-memory.dmp	xmrig
behavioral2/memory/1960-2299-0x00007FF76FF30000-0x00007FF770321000-memory.dmp	xmrig
behavioral2/memory/1616-2231-0x00007FF786740000-0x00007FF786B31000-memory.dmp	xmrig
behavioral2/memory/2496-2225-0x00007FF7917F0000-0x00007FF791BE1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
556	bOwvpVn.exe
1940	QiBNfGU.exe
2088	UMYTMIX.exe
4892	PeoJkGU.exe
4436	GIlsDLf.exe
648	oiNYqmn.exe
5064	QqPWViM.exe
936	jXmnKUZ.exe
1364	eyLNVwX.exe
3940	iMsNnZc.exe
2084	wyRbwEK.exe
552	ecvzeXh.exe
4428	cIdMErT.exe
4616	NImizNF.exe
820	rOmvJJe.exe
3880	RMTIcLA.exe
4628	GMdLfAU.exe
4476	jWyZGDS.exe
4392	oDojhDA.exe
2900	ZCAIdBk.exe
1164	yxkZmBY.exe
2496	UFwmcne.exe
1616	RrIvtTi.exe
1960	WSVuwEO.exe
1200	jNhsNbi.exe
3576	VpumJZi.exe
4780	QXZvhPq.exe
4572	hrkXcyP.exe
912	FfqmXGN.exe
884	CjWPfIs.exe
644	WcgkNKP.exe
4180	EiwBhUV.exe
1160	vCWwaXg.exe
2844	QjFqTJq.exe
4480	YgsyLOs.exe
3892	FlfUjrn.exe
1892	WiXWeqT.exe
3980	Rkprbqi.exe
4976	bqURDLi.exe
3356	sckJZJG.exe
3040	slZWgnh.exe
3448	RPvczTc.exe
1168	xwnortw.exe
3052	niXPStG.exe
1080	HHTMFvc.exe
4644	vyCnLTd.exe
1404	vwNUndj.exe
4340	IGNQABw.exe
672	EnMMbNw.exe
3780	fPPTZDc.exe
1624	nUTTmXj.exe
2256	JMYIUGg.exe
4304	EIoQMVP.exe
2764	PazdRNk.exe
688	DwpYKCv.exe
3564	KNeenzO.exe
3872	JMNlGWW.exe
468	JQPkMrH.exe
720	KQswXbo.exe
212	PjPYFjG.exe
636	TdzVYxs.exe
5100	DiyjPTT.exe
5112	rsbNXRM.exe
180	dkQFFfn.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\SMTqmvL.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\bNMtGow.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\BhktAhR.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\VPdGUGm.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\ViOeiUL.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\dBgJrcl.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\MQnXzBc.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\yKUaFtb.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\DICFewh.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\mmECFsV.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\anhaacl.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\LwToyfn.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\xHjYyuZ.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\fKbPviB.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\dQjnuGj.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\QIcauYh.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\TdzVYxs.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\itEGfQq.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\qUgsuQN.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\eQgkiDI.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\zcxNhhD.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\PVPVvMF.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\TfgJAUr.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\iWTlYvO.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\bqURDLi.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\MBNKuRk.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\uzbKDci.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\vQgkjxO.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\OkEKjOn.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\QbcWrSq.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\kEijsXO.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\SeXvBwq.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\HslkUoB.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\sZfMBec.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\tbbueVb.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\tAXgnie.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\kLeprIP.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\fqzeGkE.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\jwNJzKb.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\ETTYrjj.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\vaarjzg.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\BcDzSVZ.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\vaRUyVg.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\ZYRMjCk.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\ELSrkkK.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\gxOMRZH.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\HnhFcEr.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\dOpVWqQ.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\sLAQSTf.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\ShNskhg.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\eXsSYtv.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\gfWdFBD.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\HhPzLAL.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\QjDyNev.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\dkQFFfn.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\geavNeh.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\YgsyLOs.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\PvFlqsV.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\HTcihYb.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\CbcfTik.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\mraqOlG.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\kpprRhK.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\jdMbRuA.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
File created	C:\Windows\System32\qnlsMtE.exe	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2740-0-0x00007FF717BC0000-0x00007FF717FB1000-memory.dmp	upx
behavioral2/files/0x0008000000023c90-4.dat	upx
behavioral2/files/0x0007000000023c94-14.dat	upx
behavioral2/files/0x0007000000023c95-18.dat	upx
behavioral2/files/0x0007000000023c9a-34.dat	upx
behavioral2/files/0x0007000000023c97-38.dat	upx
behavioral2/files/0x0007000000023c98-50.dat	upx
behavioral2/files/0x0007000000023c9b-57.dat	upx
behavioral2/files/0x0007000000023c9f-69.dat	upx
behavioral2/files/0x0007000000023ca0-74.dat	upx
behavioral2/files/0x0007000000023ca2-85.dat	upx
behavioral2/files/0x0007000000023ca4-93.dat	upx
behavioral2/files/0x0007000000023ca9-119.dat	upx
behavioral2/files/0x0007000000023caa-130.dat	upx
behavioral2/files/0x0007000000023cb0-153.dat	upx
behavioral2/files/0x0007000000023cb1-165.dat	upx
behavioral2/memory/3940-337-0x00007FF711120000-0x00007FF711511000-memory.dmp	upx
behavioral2/memory/4616-351-0x00007FF658D70000-0x00007FF659161000-memory.dmp	upx
behavioral2/memory/820-359-0x00007FF7D1EC0000-0x00007FF7D22B1000-memory.dmp	upx
behavioral2/memory/3880-365-0x00007FF782310000-0x00007FF782701000-memory.dmp	upx
behavioral2/memory/4476-377-0x00007FF6449A0000-0x00007FF644D91000-memory.dmp	upx
behavioral2/memory/4392-383-0x00007FF68CF70000-0x00007FF68D361000-memory.dmp	upx
behavioral2/memory/2900-385-0x00007FF75D600000-0x00007FF75D9F1000-memory.dmp	upx
behavioral2/memory/1164-396-0x00007FF7CDBA0000-0x00007FF7CDF91000-memory.dmp	upx
behavioral2/memory/4628-375-0x00007FF7DED30000-0x00007FF7DF121000-memory.dmp	upx
behavioral2/memory/4428-339-0x00007FF7F6280000-0x00007FF7F6671000-memory.dmp	upx
behavioral2/memory/1616-399-0x00007FF786740000-0x00007FF786B31000-memory.dmp	upx
behavioral2/memory/2496-398-0x00007FF7917F0000-0x00007FF791BE1000-memory.dmp	upx
behavioral2/files/0x0007000000023cb3-168.dat	upx
behavioral2/files/0x0007000000023cb2-163.dat	upx
behavioral2/files/0x0007000000023caf-155.dat	upx
behavioral2/files/0x0007000000023cae-150.dat	upx
behavioral2/files/0x0007000000023cad-145.dat	upx
behavioral2/files/0x0007000000023cac-140.dat	upx
behavioral2/files/0x0007000000023cab-135.dat	upx
behavioral2/memory/1960-407-0x00007FF76FF30000-0x00007FF770321000-memory.dmp	upx
behavioral2/memory/2088-415-0x00007FF6A8650000-0x00007FF6A8A41000-memory.dmp	upx
behavioral2/memory/2084-430-0x00007FF60C720000-0x00007FF60CB11000-memory.dmp	upx
behavioral2/memory/552-433-0x00007FF61CFC0000-0x00007FF61D3B1000-memory.dmp	upx
behavioral2/memory/1364-428-0x00007FF6BE410000-0x00007FF6BE801000-memory.dmp	upx
behavioral2/memory/648-418-0x00007FF6A3700000-0x00007FF6A3AF1000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-117.dat	upx
behavioral2/files/0x0007000000023ca7-115.dat	upx
behavioral2/files/0x0007000000023ca6-110.dat	upx
behavioral2/files/0x0007000000023ca5-105.dat	upx
behavioral2/files/0x0007000000023ca3-95.dat	upx
behavioral2/files/0x0007000000023ca1-82.dat	upx
behavioral2/files/0x0007000000023c9e-67.dat	upx
behavioral2/files/0x0007000000023c9d-62.dat	upx
behavioral2/memory/936-61-0x00007FF7897D0000-0x00007FF789BC1000-memory.dmp	upx
behavioral2/files/0x0007000000023c9c-58.dat	upx
behavioral2/memory/5064-52-0x00007FF657680000-0x00007FF657A71000-memory.dmp	upx
behavioral2/files/0x0007000000023c99-48.dat	upx
behavioral2/files/0x0007000000023c96-37.dat	upx
behavioral2/memory/4436-36-0x00007FF65EA00000-0x00007FF65EDF1000-memory.dmp	upx
behavioral2/memory/4892-25-0x00007FF78A670000-0x00007FF78AA61000-memory.dmp	upx
behavioral2/memory/1940-22-0x00007FF6D8D20000-0x00007FF6D9111000-memory.dmp	upx
behavioral2/memory/556-10-0x00007FF7A9390000-0x00007FF7A9781000-memory.dmp	upx
behavioral2/memory/2740-1228-0x00007FF717BC0000-0x00007FF717FB1000-memory.dmp	upx
behavioral2/memory/556-1344-0x00007FF7A9390000-0x00007FF7A9781000-memory.dmp	upx
behavioral2/memory/4436-1347-0x00007FF65EA00000-0x00007FF65EDF1000-memory.dmp	upx
behavioral2/memory/5064-1349-0x00007FF657680000-0x00007FF657A71000-memory.dmp	upx
behavioral2/memory/1940-1345-0x00007FF6D8D20000-0x00007FF6D9111000-memory.dmp	upx
behavioral2/memory/4892-1401-0x00007FF78A670000-0x00007FF78AA61000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14060	dwm.exe
Token: SeChangeNotifyPrivilege	14060	dwm.exe
Token: 33	14060	dwm.exe
Token: SeIncBasePriorityPrivilege	14060	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 556	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	85
PID 2740 wrote to memory of 556	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	85
PID 2740 wrote to memory of 2088	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	86
PID 2740 wrote to memory of 2088	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	86
PID 2740 wrote to memory of 1940	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	87
PID 2740 wrote to memory of 1940	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	87
PID 2740 wrote to memory of 4892	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	88
PID 2740 wrote to memory of 4892	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	88
PID 2740 wrote to memory of 4436	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	89
PID 2740 wrote to memory of 4436	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	89
PID 2740 wrote to memory of 648	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	90
PID 2740 wrote to memory of 648	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	90
PID 2740 wrote to memory of 5064	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	91
PID 2740 wrote to memory of 5064	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	91
PID 2740 wrote to memory of 936	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	92
PID 2740 wrote to memory of 936	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	92
PID 2740 wrote to memory of 1364	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	93
PID 2740 wrote to memory of 1364	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	93
PID 2740 wrote to memory of 3940	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	94
PID 2740 wrote to memory of 3940	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	94
PID 2740 wrote to memory of 2084	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	95
PID 2740 wrote to memory of 2084	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	95
PID 2740 wrote to memory of 552	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	96
PID 2740 wrote to memory of 552	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	96
PID 2740 wrote to memory of 4428	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	97
PID 2740 wrote to memory of 4428	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	97
PID 2740 wrote to memory of 4616	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	98
PID 2740 wrote to memory of 4616	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	98
PID 2740 wrote to memory of 820	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	99
PID 2740 wrote to memory of 820	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	99
PID 2740 wrote to memory of 3880	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	100
PID 2740 wrote to memory of 3880	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	100
PID 2740 wrote to memory of 4628	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	101
PID 2740 wrote to memory of 4628	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	101
PID 2740 wrote to memory of 4476	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	102
PID 2740 wrote to memory of 4476	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	102
PID 2740 wrote to memory of 4392	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	103
PID 2740 wrote to memory of 4392	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	103
PID 2740 wrote to memory of 2900	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	104
PID 2740 wrote to memory of 2900	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	104
PID 2740 wrote to memory of 1164	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	105
PID 2740 wrote to memory of 1164	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	105
PID 2740 wrote to memory of 2496	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	106
PID 2740 wrote to memory of 2496	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	106
PID 2740 wrote to memory of 1616	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	107
PID 2740 wrote to memory of 1616	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	107
PID 2740 wrote to memory of 1960	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	108
PID 2740 wrote to memory of 1960	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	108
PID 2740 wrote to memory of 1200	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	109
PID 2740 wrote to memory of 1200	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	109
PID 2740 wrote to memory of 3576	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	110
PID 2740 wrote to memory of 3576	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	110
PID 2740 wrote to memory of 4780	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	111
PID 2740 wrote to memory of 4780	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	111
PID 2740 wrote to memory of 4572	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	112
PID 2740 wrote to memory of 4572	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	112
PID 2740 wrote to memory of 912	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	113
PID 2740 wrote to memory of 912	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	113
PID 2740 wrote to memory of 884	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	114
PID 2740 wrote to memory of 884	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	114
PID 2740 wrote to memory of 644	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	115
PID 2740 wrote to memory of 644	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	115
PID 2740 wrote to memory of 4180	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	116
PID 2740 wrote to memory of 4180	2740	fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe	116

C:\Users\Admin\AppData\Local\Temp\fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe
"C:\Users\Admin\AppData\Local\Temp\fae56f0988f67a3b120bdb8c32e30754400e07701c4d3af63a449afe4a35fdc2N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\System32\bOwvpVn.exe
  C:\Windows\System32\bOwvpVn.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System32\UMYTMIX.exe
  C:\Windows\System32\UMYTMIX.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System32\QiBNfGU.exe
  C:\Windows\System32\QiBNfGU.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System32\PeoJkGU.exe
  C:\Windows\System32\PeoJkGU.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System32\GIlsDLf.exe
  C:\Windows\System32\GIlsDLf.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System32\oiNYqmn.exe
  C:\Windows\System32\oiNYqmn.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System32\QqPWViM.exe
  C:\Windows\System32\QqPWViM.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System32\jXmnKUZ.exe
  C:\Windows\System32\jXmnKUZ.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System32\eyLNVwX.exe
  C:\Windows\System32\eyLNVwX.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System32\iMsNnZc.exe
  C:\Windows\System32\iMsNnZc.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System32\wyRbwEK.exe
  C:\Windows\System32\wyRbwEK.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System32\ecvzeXh.exe
  C:\Windows\System32\ecvzeXh.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System32\cIdMErT.exe
  C:\Windows\System32\cIdMErT.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System32\NImizNF.exe
  C:\Windows\System32\NImizNF.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System32\rOmvJJe.exe
  C:\Windows\System32\rOmvJJe.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System32\RMTIcLA.exe
  C:\Windows\System32\RMTIcLA.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System32\GMdLfAU.exe
  C:\Windows\System32\GMdLfAU.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System32\jWyZGDS.exe
  C:\Windows\System32\jWyZGDS.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System32\oDojhDA.exe
  C:\Windows\System32\oDojhDA.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System32\ZCAIdBk.exe
  C:\Windows\System32\ZCAIdBk.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System32\yxkZmBY.exe
  C:\Windows\System32\yxkZmBY.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System32\UFwmcne.exe
  C:\Windows\System32\UFwmcne.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System32\RrIvtTi.exe
  C:\Windows\System32\RrIvtTi.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System32\WSVuwEO.exe
  C:\Windows\System32\WSVuwEO.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System32\jNhsNbi.exe
  C:\Windows\System32\jNhsNbi.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System32\VpumJZi.exe
  C:\Windows\System32\VpumJZi.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\QXZvhPq.exe
  C:\Windows\System32\QXZvhPq.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System32\hrkXcyP.exe
  C:\Windows\System32\hrkXcyP.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System32\FfqmXGN.exe
  C:\Windows\System32\FfqmXGN.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System32\CjWPfIs.exe
  C:\Windows\System32\CjWPfIs.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System32\WcgkNKP.exe
  C:\Windows\System32\WcgkNKP.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System32\EiwBhUV.exe
  C:\Windows\System32\EiwBhUV.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System32\vCWwaXg.exe
  C:\Windows\System32\vCWwaXg.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System32\QjFqTJq.exe
  C:\Windows\System32\QjFqTJq.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System32\YgsyLOs.exe
  C:\Windows\System32\YgsyLOs.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System32\FlfUjrn.exe
  C:\Windows\System32\FlfUjrn.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System32\WiXWeqT.exe
  C:\Windows\System32\WiXWeqT.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System32\Rkprbqi.exe
  C:\Windows\System32\Rkprbqi.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System32\bqURDLi.exe
  C:\Windows\System32\bqURDLi.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System32\sckJZJG.exe
  C:\Windows\System32\sckJZJG.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System32\slZWgnh.exe
  C:\Windows\System32\slZWgnh.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System32\RPvczTc.exe
  C:\Windows\System32\RPvczTc.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System32\xwnortw.exe
  C:\Windows\System32\xwnortw.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System32\niXPStG.exe
  C:\Windows\System32\niXPStG.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System32\HHTMFvc.exe
  C:\Windows\System32\HHTMFvc.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System32\vyCnLTd.exe
  C:\Windows\System32\vyCnLTd.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System32\vwNUndj.exe
  C:\Windows\System32\vwNUndj.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System32\IGNQABw.exe
  C:\Windows\System32\IGNQABw.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System32\EnMMbNw.exe
  C:\Windows\System32\EnMMbNw.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System32\fPPTZDc.exe
  C:\Windows\System32\fPPTZDc.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System32\nUTTmXj.exe
  C:\Windows\System32\nUTTmXj.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System32\JMYIUGg.exe
  C:\Windows\System32\JMYIUGg.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System32\EIoQMVP.exe
  C:\Windows\System32\EIoQMVP.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System32\PazdRNk.exe
  C:\Windows\System32\PazdRNk.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System32\DwpYKCv.exe
  C:\Windows\System32\DwpYKCv.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System32\KNeenzO.exe
  C:\Windows\System32\KNeenzO.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System32\JMNlGWW.exe
  C:\Windows\System32\JMNlGWW.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System32\JQPkMrH.exe
  C:\Windows\System32\JQPkMrH.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System32\KQswXbo.exe
  C:\Windows\System32\KQswXbo.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System32\PjPYFjG.exe
  C:\Windows\System32\PjPYFjG.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System32\TdzVYxs.exe
  C:\Windows\System32\TdzVYxs.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System32\DiyjPTT.exe
  C:\Windows\System32\DiyjPTT.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System32\rsbNXRM.exe
  C:\Windows\System32\rsbNXRM.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System32\dkQFFfn.exe
  C:\Windows\System32\dkQFFfn.exe
  2⤵
  - Executes dropped EXE
  PID:180
- C:\Windows\System32\MBNKuRk.exe
  C:\Windows\System32\MBNKuRk.exe
  2⤵
  PID:3428
- C:\Windows\System32\kttrfpD.exe
  C:\Windows\System32\kttrfpD.exe
  2⤵
  PID:4896
- C:\Windows\System32\CwzwhxJ.exe
  C:\Windows\System32\CwzwhxJ.exe
  2⤵
  PID:3524
- C:\Windows\System32\SeXvBwq.exe
  C:\Windows\System32\SeXvBwq.exe
  2⤵
  PID:544
- C:\Windows\System32\kGmqYjt.exe
  C:\Windows\System32\kGmqYjt.exe
  2⤵
  PID:1124
- C:\Windows\System32\HslkUoB.exe
  C:\Windows\System32\HslkUoB.exe
  2⤵
  PID:2440
- C:\Windows\System32\SkdfDPG.exe
  C:\Windows\System32\SkdfDPG.exe
  2⤵
  PID:4604
- C:\Windows\System32\pdgwwPL.exe
  C:\Windows\System32\pdgwwPL.exe
  2⤵
  PID:3868
- C:\Windows\System32\jwNJzKb.exe
  C:\Windows\System32\jwNJzKb.exe
  2⤵
  PID:1664
- C:\Windows\System32\gfWdFBD.exe
  C:\Windows\System32\gfWdFBD.exe
  2⤵
  PID:3840
- C:\Windows\System32\LwiTYnm.exe
  C:\Windows\System32\LwiTYnm.exe
  2⤵
  PID:3228
- C:\Windows\System32\JQXYIFy.exe
  C:\Windows\System32\JQXYIFy.exe
  2⤵
  PID:3140
- C:\Windows\System32\yWxrOqu.exe
  C:\Windows\System32\yWxrOqu.exe
  2⤵
  PID:4332
- C:\Windows\System32\TYWjqRx.exe
  C:\Windows\System32\TYWjqRx.exe
  2⤵
  PID:4160
- C:\Windows\System32\FFvkaiy.exe
  C:\Windows\System32\FFvkaiy.exe
  2⤵
  PID:2848
- C:\Windows\System32\nAmsLkr.exe
  C:\Windows\System32\nAmsLkr.exe
  2⤵
  PID:3592
- C:\Windows\System32\kfNwQMN.exe
  C:\Windows\System32\kfNwQMN.exe
  2⤵
  PID:4368
- C:\Windows\System32\oGNkgZt.exe
  C:\Windows\System32\oGNkgZt.exe
  2⤵
  PID:2208
- C:\Windows\System32\oyPvfQu.exe
  C:\Windows\System32\oyPvfQu.exe
  2⤵
  PID:4848
- C:\Windows\System32\kTAPgRd.exe
  C:\Windows\System32\kTAPgRd.exe
  2⤵
  PID:1572
- C:\Windows\System32\rDxKJwo.exe
  C:\Windows\System32\rDxKJwo.exe
  2⤵
  PID:2448
- C:\Windows\System32\IPOlTMH.exe
  C:\Windows\System32\IPOlTMH.exe
  2⤵
  PID:3132
- C:\Windows\System32\GVRTchB.exe
  C:\Windows\System32\GVRTchB.exe
  2⤵
  PID:4792
- C:\Windows\System32\IDTFgjE.exe
  C:\Windows\System32\IDTFgjE.exe
  2⤵
  PID:3912
- C:\Windows\System32\XouANfg.exe
  C:\Windows\System32\XouANfg.exe
  2⤵
  PID:2004
- C:\Windows\System32\AxhDrnR.exe
  C:\Windows\System32\AxhDrnR.exe
  2⤵
  PID:1564
- C:\Windows\System32\UxzfsHB.exe
  C:\Windows\System32\UxzfsHB.exe
  2⤵
  PID:2904
- C:\Windows\System32\XvLEfdO.exe
  C:\Windows\System32\XvLEfdO.exe
  2⤵
  PID:1184
- C:\Windows\System32\elydwNW.exe
  C:\Windows\System32\elydwNW.exe
  2⤵
  PID:4016
- C:\Windows\System32\zPhsohZ.exe
  C:\Windows\System32\zPhsohZ.exe
  2⤵
  PID:2620
- C:\Windows\System32\JWagbjj.exe
  C:\Windows\System32\JWagbjj.exe
  2⤵
  PID:1600
- C:\Windows\System32\hNejSce.exe
  C:\Windows\System32\hNejSce.exe
  2⤵
  PID:1760
- C:\Windows\System32\FTZGxRT.exe
  C:\Windows\System32\FTZGxRT.exe
  2⤵
  PID:2492
- C:\Windows\System32\TGVqRlu.exe
  C:\Windows\System32\TGVqRlu.exe
  2⤵
  PID:1560
- C:\Windows\System32\YCYocnA.exe
  C:\Windows\System32\YCYocnA.exe
  2⤵
  PID:1304
- C:\Windows\System32\xlYJWbs.exe
  C:\Windows\System32\xlYJWbs.exe
  2⤵
  PID:5044
- C:\Windows\System32\UJFfIaS.exe
  C:\Windows\System32\UJFfIaS.exe
  2⤵
  PID:540
- C:\Windows\System32\FPTzoiW.exe
  C:\Windows\System32\FPTzoiW.exe
  2⤵
  PID:3300
- C:\Windows\System32\VrGTdkR.exe
  C:\Windows\System32\VrGTdkR.exe
  2⤵
  PID:1972
- C:\Windows\System32\QnACaXx.exe
  C:\Windows\System32\QnACaXx.exe
  2⤵
  PID:4204
- C:\Windows\System32\QSXsfVO.exe
  C:\Windows\System32\QSXsfVO.exe
  2⤵
  PID:756
- C:\Windows\System32\gyxudoB.exe
  C:\Windows\System32\gyxudoB.exe
  2⤵
  PID:2032
- C:\Windows\System32\MlovgYd.exe
  C:\Windows\System32\MlovgYd.exe
  2⤵
  PID:5040
- C:\Windows\System32\mQCiNvB.exe
  C:\Windows\System32\mQCiNvB.exe
  2⤵
  PID:1104
- C:\Windows\System32\vLuYSVK.exe
  C:\Windows\System32\vLuYSVK.exe
  2⤵
  PID:964
- C:\Windows\System32\oNteSLO.exe
  C:\Windows\System32\oNteSLO.exe
  2⤵
  PID:5124
- C:\Windows\System32\BnzkHUu.exe
  C:\Windows\System32\BnzkHUu.exe
  2⤵
  PID:5144
- C:\Windows\System32\WecrMLJ.exe
  C:\Windows\System32\WecrMLJ.exe
  2⤵
  PID:5160
- C:\Windows\System32\sLAQSTf.exe
  C:\Windows\System32\sLAQSTf.exe
  2⤵
  PID:5180
- C:\Windows\System32\BKXWqoK.exe
  C:\Windows\System32\BKXWqoK.exe
  2⤵
  PID:5264
- C:\Windows\System32\VVlzXTU.exe
  C:\Windows\System32\VVlzXTU.exe
  2⤵
  PID:5280
- C:\Windows\System32\ViOeiUL.exe
  C:\Windows\System32\ViOeiUL.exe
  2⤵
  PID:5296
- C:\Windows\System32\ZRZTgAz.exe
  C:\Windows\System32\ZRZTgAz.exe
  2⤵
  PID:5348
- C:\Windows\System32\MZvMeNY.exe
  C:\Windows\System32\MZvMeNY.exe
  2⤵
  PID:5396
- C:\Windows\System32\POippEz.exe
  C:\Windows\System32\POippEz.exe
  2⤵
  PID:5412
- C:\Windows\System32\SFvCjif.exe
  C:\Windows\System32\SFvCjif.exe
  2⤵
  PID:5432
- C:\Windows\System32\QRyDOJd.exe
  C:\Windows\System32\QRyDOJd.exe
  2⤵
  PID:5452
- C:\Windows\System32\QsGPmBU.exe
  C:\Windows\System32\QsGPmBU.exe
  2⤵
  PID:5472
- C:\Windows\System32\aqjmIkF.exe
  C:\Windows\System32\aqjmIkF.exe
  2⤵
  PID:5500
- C:\Windows\System32\sedvhWi.exe
  C:\Windows\System32\sedvhWi.exe
  2⤵
  PID:5516
- C:\Windows\System32\HtagojV.exe
  C:\Windows\System32\HtagojV.exe
  2⤵
  PID:5552
- C:\Windows\System32\itEGfQq.exe
  C:\Windows\System32\itEGfQq.exe
  2⤵
  PID:5600
- C:\Windows\System32\fHbUngz.exe
  C:\Windows\System32\fHbUngz.exe
  2⤵
  PID:5704
- C:\Windows\System32\uzbKDci.exe
  C:\Windows\System32\uzbKDci.exe
  2⤵
  PID:5736
- C:\Windows\System32\HXeLHgS.exe
  C:\Windows\System32\HXeLHgS.exe
  2⤵
  PID:5752
- C:\Windows\System32\YFocMkD.exe
  C:\Windows\System32\YFocMkD.exe
  2⤵
  PID:5780
- C:\Windows\System32\wktHslZ.exe
  C:\Windows\System32\wktHslZ.exe
  2⤵
  PID:5800
- C:\Windows\System32\cXWYeRC.exe
  C:\Windows\System32\cXWYeRC.exe
  2⤵
  PID:5824
- C:\Windows\System32\dwhtXEB.exe
  C:\Windows\System32\dwhtXEB.exe
  2⤵
  PID:5844
- C:\Windows\System32\XUZLnKr.exe
  C:\Windows\System32\XUZLnKr.exe
  2⤵
  PID:5860
- C:\Windows\System32\vESblza.exe
  C:\Windows\System32\vESblza.exe
  2⤵
  PID:5884
- C:\Windows\System32\EzCRYsx.exe
  C:\Windows\System32\EzCRYsx.exe
  2⤵
  PID:5904
- C:\Windows\System32\DICFewh.exe
  C:\Windows\System32\DICFewh.exe
  2⤵
  PID:5968
- C:\Windows\System32\XutvlbC.exe
  C:\Windows\System32\XutvlbC.exe
  2⤵
  PID:5984
- C:\Windows\System32\qUgsuQN.exe
  C:\Windows\System32\qUgsuQN.exe
  2⤵
  PID:6004
- C:\Windows\System32\SSiBDDN.exe
  C:\Windows\System32\SSiBDDN.exe
  2⤵
  PID:6024
- C:\Windows\System32\wXyrzfQ.exe
  C:\Windows\System32\wXyrzfQ.exe
  2⤵
  PID:6052
- C:\Windows\System32\DFqDuYH.exe
  C:\Windows\System32\DFqDuYH.exe
  2⤵
  PID:6076
- C:\Windows\System32\UBunMzr.exe
  C:\Windows\System32\UBunMzr.exe
  2⤵
  PID:6132
- C:\Windows\System32\ZUfhDTq.exe
  C:\Windows\System32\ZUfhDTq.exe
  2⤵
  PID:4248
- C:\Windows\System32\FQLkFDf.exe
  C:\Windows\System32\FQLkFDf.exe
  2⤵
  PID:5200
- C:\Windows\System32\gKkIvMX.exe
  C:\Windows\System32\gKkIvMX.exe
  2⤵
  PID:5328
- C:\Windows\System32\IFojbrP.exe
  C:\Windows\System32\IFojbrP.exe
  2⤵
  PID:5276
- C:\Windows\System32\xGWNEMj.exe
  C:\Windows\System32\xGWNEMj.exe
  2⤵
  PID:5272
- C:\Windows\System32\XfCTxpy.exe
  C:\Windows\System32\XfCTxpy.exe
  2⤵
  PID:3360
- C:\Windows\System32\umDiluu.exe
  C:\Windows\System32\umDiluu.exe
  2⤵
  PID:5532
- C:\Windows\System32\SiAWzqy.exe
  C:\Windows\System32\SiAWzqy.exe
  2⤵
  PID:5568
- C:\Windows\System32\bhqdLss.exe
  C:\Windows\System32\bhqdLss.exe
  2⤵
  PID:5560
- C:\Windows\System32\xkGjVWL.exe
  C:\Windows\System32\xkGjVWL.exe
  2⤵
  PID:5612
- C:\Windows\System32\jVZcuiY.exe
  C:\Windows\System32\jVZcuiY.exe
  2⤵
  PID:5724
- C:\Windows\System32\cnnsmtc.exe
  C:\Windows\System32\cnnsmtc.exe
  2⤵
  PID:4296
- C:\Windows\System32\rJxUbru.exe
  C:\Windows\System32\rJxUbru.exe
  2⤵
  PID:5816
- C:\Windows\System32\AWbQbmv.exe
  C:\Windows\System32\AWbQbmv.exe
  2⤵
  PID:5856
- C:\Windows\System32\ptLMwhs.exe
  C:\Windows\System32\ptLMwhs.exe
  2⤵
  PID:5868
- C:\Windows\System32\mmECFsV.exe
  C:\Windows\System32\mmECFsV.exe
  2⤵
  PID:6044
- C:\Windows\System32\aYuSwfm.exe
  C:\Windows\System32\aYuSwfm.exe
  2⤵
  PID:6012
- C:\Windows\System32\ChHqQWY.exe
  C:\Windows\System32\ChHqQWY.exe
  2⤵
  PID:6100
- C:\Windows\System32\lofvVaF.exe
  C:\Windows\System32\lofvVaF.exe
  2⤵
  PID:4316
- C:\Windows\System32\EBBMmuI.exe
  C:\Windows\System32\EBBMmuI.exe
  2⤵
  PID:5288
- C:\Windows\System32\zoFtGqC.exe
  C:\Windows\System32\zoFtGqC.exe
  2⤵
  PID:5460
- C:\Windows\System32\xiEVYwB.exe
  C:\Windows\System32\xiEVYwB.exe
  2⤵
  PID:5304
- C:\Windows\System32\GwMxkhM.exe
  C:\Windows\System32\GwMxkhM.exe
  2⤵
  PID:5748
- C:\Windows\System32\RSOTjAN.exe
  C:\Windows\System32\RSOTjAN.exe
  2⤵
  PID:5732
- C:\Windows\System32\FbSkymy.exe
  C:\Windows\System32\FbSkymy.exe
  2⤵
  PID:6016
- C:\Windows\System32\zBokabk.exe
  C:\Windows\System32\zBokabk.exe
  2⤵
  PID:6112
- C:\Windows\System32\yxFGmXx.exe
  C:\Windows\System32\yxFGmXx.exe
  2⤵
  PID:5464
- C:\Windows\System32\zGmOfOx.exe
  C:\Windows\System32\zGmOfOx.exe
  2⤵
  PID:5880
- C:\Windows\System32\ShNskhg.exe
  C:\Windows\System32\ShNskhg.exe
  2⤵
  PID:6040
- C:\Windows\System32\vaRUyVg.exe
  C:\Windows\System32\vaRUyVg.exe
  2⤵
  PID:5492
- C:\Windows\System32\jdMbRuA.exe
  C:\Windows\System32\jdMbRuA.exe
  2⤵
  PID:5916
- C:\Windows\System32\CwMHzLd.exe
  C:\Windows\System32\CwMHzLd.exe
  2⤵
  PID:6176
- C:\Windows\System32\kqZKSbd.exe
  C:\Windows\System32\kqZKSbd.exe
  2⤵
  PID:6200
- C:\Windows\System32\pNQkRMQ.exe
  C:\Windows\System32\pNQkRMQ.exe
  2⤵
  PID:6216
- C:\Windows\System32\AcBHUaE.exe
  C:\Windows\System32\AcBHUaE.exe
  2⤵
  PID:6260
- C:\Windows\System32\XmsbCMp.exe
  C:\Windows\System32\XmsbCMp.exe
  2⤵
  PID:6312
- C:\Windows\System32\HWGvrlA.exe
  C:\Windows\System32\HWGvrlA.exe
  2⤵
  PID:6328
- C:\Windows\System32\pOUCpCr.exe
  C:\Windows\System32\pOUCpCr.exe
  2⤵
  PID:6352
- C:\Windows\System32\HZKJiAi.exe
  C:\Windows\System32\HZKJiAi.exe
  2⤵
  PID:6368
- C:\Windows\System32\WZVKchU.exe
  C:\Windows\System32\WZVKchU.exe
  2⤵
  PID:6396
- C:\Windows\System32\jIoPZhb.exe
  C:\Windows\System32\jIoPZhb.exe
  2⤵
  PID:6420
- C:\Windows\System32\VMprmYM.exe
  C:\Windows\System32\VMprmYM.exe
  2⤵
  PID:6440
- C:\Windows\System32\MQnXzBc.exe
  C:\Windows\System32\MQnXzBc.exe
  2⤵
  PID:6464
- C:\Windows\System32\KXbOqvx.exe
  C:\Windows\System32\KXbOqvx.exe
  2⤵
  PID:6484
- C:\Windows\System32\bzuoRsf.exe
  C:\Windows\System32\bzuoRsf.exe
  2⤵
  PID:6500
- C:\Windows\System32\zoCEWPS.exe
  C:\Windows\System32\zoCEWPS.exe
  2⤵
  PID:6524
- C:\Windows\System32\cquvHAh.exe
  C:\Windows\System32\cquvHAh.exe
  2⤵
  PID:6564
- C:\Windows\System32\BzyyanG.exe
  C:\Windows\System32\BzyyanG.exe
  2⤵
  PID:6592
- C:\Windows\System32\vaLcSsA.exe
  C:\Windows\System32\vaLcSsA.exe
  2⤵
  PID:6656
- C:\Windows\System32\UaeXEvp.exe
  C:\Windows\System32\UaeXEvp.exe
  2⤵
  PID:6684
- C:\Windows\System32\dBgJrcl.exe
  C:\Windows\System32\dBgJrcl.exe
  2⤵
  PID:6708
- C:\Windows\System32\iApDqTB.exe
  C:\Windows\System32\iApDqTB.exe
  2⤵
  PID:6728
- C:\Windows\System32\nSMfECi.exe
  C:\Windows\System32\nSMfECi.exe
  2⤵
  PID:6756
- C:\Windows\System32\nmdNFDN.exe
  C:\Windows\System32\nmdNFDN.exe
  2⤵
  PID:6788
- C:\Windows\System32\KqANhLP.exe
  C:\Windows\System32\KqANhLP.exe
  2⤵
  PID:6824
- C:\Windows\System32\eyqhbbW.exe
  C:\Windows\System32\eyqhbbW.exe
  2⤵
  PID:6868
- C:\Windows\System32\HQiqPSC.exe
  C:\Windows\System32\HQiqPSC.exe
  2⤵
  PID:6892
- C:\Windows\System32\lVPKBuk.exe
  C:\Windows\System32\lVPKBuk.exe
  2⤵
  PID:6912
- C:\Windows\System32\ZYRMjCk.exe
  C:\Windows\System32\ZYRMjCk.exe
  2⤵
  PID:6932
- C:\Windows\System32\CFfNaWP.exe
  C:\Windows\System32\CFfNaWP.exe
  2⤵
  PID:6948
- C:\Windows\System32\qdIMKgp.exe
  C:\Windows\System32\qdIMKgp.exe
  2⤵
  PID:6972
- C:\Windows\System32\lEsjSaS.exe
  C:\Windows\System32\lEsjSaS.exe
  2⤵
  PID:6996
- C:\Windows\System32\tUwWNHR.exe
  C:\Windows\System32\tUwWNHR.exe
  2⤵
  PID:7032
- C:\Windows\System32\anhaacl.exe
  C:\Windows\System32\anhaacl.exe
  2⤵
  PID:7084
- C:\Windows\System32\DPceqEn.exe
  C:\Windows\System32\DPceqEn.exe
  2⤵
  PID:7108
- C:\Windows\System32\oeQrKWf.exe
  C:\Windows\System32\oeQrKWf.exe
  2⤵
  PID:7132
- C:\Windows\System32\RCwBBZE.exe
  C:\Windows\System32\RCwBBZE.exe
  2⤵
  PID:7152
- C:\Windows\System32\QjikhXL.exe
  C:\Windows\System32\QjikhXL.exe
  2⤵
  PID:6156
- C:\Windows\System32\ceoJTPq.exe
  C:\Windows\System32\ceoJTPq.exe
  2⤵
  PID:6184
- C:\Windows\System32\ocplQjE.exe
  C:\Windows\System32\ocplQjE.exe
  2⤵
  PID:6236
- C:\Windows\System32\aUcPUHK.exe
  C:\Windows\System32\aUcPUHK.exe
  2⤵
  PID:6280
- C:\Windows\System32\LwToyfn.exe
  C:\Windows\System32\LwToyfn.exe
  2⤵
  PID:6320
- C:\Windows\System32\SmaCYmA.exe
  C:\Windows\System32\SmaCYmA.exe
  2⤵
  PID:6404
- C:\Windows\System32\leUEFMQ.exe
  C:\Windows\System32\leUEFMQ.exe
  2⤵
  PID:5576
- C:\Windows\System32\ipviUCV.exe
  C:\Windows\System32\ipviUCV.exe
  2⤵
  PID:6584
- C:\Windows\System32\YgXOhxB.exe
  C:\Windows\System32\YgXOhxB.exe
  2⤵
  PID:6628
- C:\Windows\System32\tguLntj.exe
  C:\Windows\System32\tguLntj.exe
  2⤵
  PID:6680
- C:\Windows\System32\qnlsMtE.exe
  C:\Windows\System32\qnlsMtE.exe
  2⤵
  PID:6800
- C:\Windows\System32\qwwihtA.exe
  C:\Windows\System32\qwwihtA.exe
  2⤵
  PID:6844
- C:\Windows\System32\JLIHjBv.exe
  C:\Windows\System32\JLIHjBv.exe
  2⤵
  PID:6968
- C:\Windows\System32\Xmeydre.exe
  C:\Windows\System32\Xmeydre.exe
  2⤵
  PID:7008
- C:\Windows\System32\cNQlzbZ.exe
  C:\Windows\System32\cNQlzbZ.exe
  2⤵
  PID:7092
- C:\Windows\System32\AtZhHxP.exe
  C:\Windows\System32\AtZhHxP.exe
  2⤵
  PID:7148
- C:\Windows\System32\ETTYrjj.exe
  C:\Windows\System32\ETTYrjj.exe
  2⤵
  PID:6232
- C:\Windows\System32\ccNgdZx.exe
  C:\Windows\System32\ccNgdZx.exe
  2⤵
  PID:6388
- C:\Windows\System32\vUsHWIe.exe
  C:\Windows\System32\vUsHWIe.exe
  2⤵
  PID:6612
- C:\Windows\System32\uCgOdIe.exe
  C:\Windows\System32\uCgOdIe.exe
  2⤵
  PID:6648
- C:\Windows\System32\zKajdsC.exe
  C:\Windows\System32\zKajdsC.exe
  2⤵
  PID:6808
- C:\Windows\System32\WKsiDPD.exe
  C:\Windows\System32\WKsiDPD.exe
  2⤵
  PID:6924
- C:\Windows\System32\sNHrddE.exe
  C:\Windows\System32\sNHrddE.exe
  2⤵
  PID:7024
- C:\Windows\System32\EzJiqnI.exe
  C:\Windows\System32\EzJiqnI.exe
  2⤵
  PID:7164
- C:\Windows\System32\aCWaBFF.exe
  C:\Windows\System32\aCWaBFF.exe
  2⤵
  PID:6340
- C:\Windows\System32\xHjYyuZ.exe
  C:\Windows\System32\xHjYyuZ.exe
  2⤵
  PID:6548
- C:\Windows\System32\HlSRbWp.exe
  C:\Windows\System32\HlSRbWp.exe
  2⤵
  PID:7176
- C:\Windows\System32\gDqfxVb.exe
  C:\Windows\System32\gDqfxVb.exe
  2⤵
  PID:7196
- C:\Windows\System32\UDBkvem.exe
  C:\Windows\System32\UDBkvem.exe
  2⤵
  PID:7212
- C:\Windows\System32\ONrmaFY.exe
  C:\Windows\System32\ONrmaFY.exe
  2⤵
  PID:7236
- C:\Windows\System32\hwvBkBa.exe
  C:\Windows\System32\hwvBkBa.exe
  2⤵
  PID:7256
- C:\Windows\System32\TZUgdpV.exe
  C:\Windows\System32\TZUgdpV.exe
  2⤵
  PID:7276
- C:\Windows\System32\ZutcTPc.exe
  C:\Windows\System32\ZutcTPc.exe
  2⤵
  PID:7300
- C:\Windows\System32\PTdiVdJ.exe
  C:\Windows\System32\PTdiVdJ.exe
  2⤵
  PID:7324
- C:\Windows\System32\uyjbZBS.exe
  C:\Windows\System32\uyjbZBS.exe
  2⤵
  PID:7348
- C:\Windows\System32\wLIUjjw.exe
  C:\Windows\System32\wLIUjjw.exe
  2⤵
  PID:7380
- C:\Windows\System32\mqbBEZy.exe
  C:\Windows\System32\mqbBEZy.exe
  2⤵
  PID:7476
- C:\Windows\System32\cPjEBTf.exe
  C:\Windows\System32\cPjEBTf.exe
  2⤵
  PID:7500
- C:\Windows\System32\RlcOGDN.exe
  C:\Windows\System32\RlcOGDN.exe
  2⤵
  PID:7540
- C:\Windows\System32\zThrJGf.exe
  C:\Windows\System32\zThrJGf.exe
  2⤵
  PID:7576
- C:\Windows\System32\HlDKDnY.exe
  C:\Windows\System32\HlDKDnY.exe
  2⤵
  PID:7592
- C:\Windows\System32\sZfMBec.exe
  C:\Windows\System32\sZfMBec.exe
  2⤵
  PID:7608
- C:\Windows\System32\jeaoalR.exe
  C:\Windows\System32\jeaoalR.exe
  2⤵
  PID:7640
- C:\Windows\System32\fQeWQEJ.exe
  C:\Windows\System32\fQeWQEJ.exe
  2⤵
  PID:7684
- C:\Windows\System32\VqoWieQ.exe
  C:\Windows\System32\VqoWieQ.exe
  2⤵
  PID:7712
- C:\Windows\System32\YYoygcZ.exe
  C:\Windows\System32\YYoygcZ.exe
  2⤵
  PID:7740
- C:\Windows\System32\wmERemZ.exe
  C:\Windows\System32\wmERemZ.exe
  2⤵
  PID:7756
- C:\Windows\System32\GgtzwGe.exe
  C:\Windows\System32\GgtzwGe.exe
  2⤵
  PID:7784
- C:\Windows\System32\wAhrxOH.exe
  C:\Windows\System32\wAhrxOH.exe
  2⤵
  PID:7824
- C:\Windows\System32\VbelZGQ.exe
  C:\Windows\System32\VbelZGQ.exe
  2⤵
  PID:7856
- C:\Windows\System32\FbVZQrI.exe
  C:\Windows\System32\FbVZQrI.exe
  2⤵
  PID:7876
- C:\Windows\System32\bNlZUkE.exe
  C:\Windows\System32\bNlZUkE.exe
  2⤵
  PID:7892
- C:\Windows\System32\btBSarv.exe
  C:\Windows\System32\btBSarv.exe
  2⤵
  PID:7916
- C:\Windows\System32\CVHhzNH.exe
  C:\Windows\System32\CVHhzNH.exe
  2⤵
  PID:7940
- C:\Windows\System32\FACTYUE.exe
  C:\Windows\System32\FACTYUE.exe
  2⤵
  PID:7972
- C:\Windows\System32\vaarjzg.exe
  C:\Windows\System32\vaarjzg.exe
  2⤵
  PID:8000
- C:\Windows\System32\RZDPgOn.exe
  C:\Windows\System32\RZDPgOn.exe
  2⤵
  PID:8020
- C:\Windows\System32\zWlltxu.exe
  C:\Windows\System32\zWlltxu.exe
  2⤵
  PID:8040
- C:\Windows\System32\DIXVvqe.exe
  C:\Windows\System32\DIXVvqe.exe
  2⤵
  PID:8068
- C:\Windows\System32\NZRbNGt.exe
  C:\Windows\System32\NZRbNGt.exe
  2⤵
  PID:8088
- C:\Windows\System32\dzbvAkR.exe
  C:\Windows\System32\dzbvAkR.exe
  2⤵
  PID:8104
- C:\Windows\System32\BmSggWY.exe
  C:\Windows\System32\BmSggWY.exe
  2⤵
  PID:8136
- C:\Windows\System32\haNMIFb.exe
  C:\Windows\System32\haNMIFb.exe
  2⤵
  PID:8152
- C:\Windows\System32\qlFqUHd.exe
  C:\Windows\System32\qlFqUHd.exe
  2⤵
  PID:8184
- C:\Windows\System32\MtJJpNa.exe
  C:\Windows\System32\MtJJpNa.exe
  2⤵
  PID:7228
- C:\Windows\System32\phpLHdK.exe
  C:\Windows\System32\phpLHdK.exe
  2⤵
  PID:7332
- C:\Windows\System32\VcBHxXQ.exe
  C:\Windows\System32\VcBHxXQ.exe
  2⤵
  PID:7652
- C:\Windows\System32\gybJTcT.exe
  C:\Windows\System32\gybJTcT.exe
  2⤵
  PID:7732
- C:\Windows\System32\zPlIhsS.exe
  C:\Windows\System32\zPlIhsS.exe
  2⤵
  PID:7748
- C:\Windows\System32\tjXYjHj.exe
  C:\Windows\System32\tjXYjHj.exe
  2⤵
  PID:7812
- C:\Windows\System32\MhjRlbR.exe
  C:\Windows\System32\MhjRlbR.exe
  2⤵
  PID:7884
- C:\Windows\System32\agttnVh.exe
  C:\Windows\System32\agttnVh.exe
  2⤵
  PID:7908
- C:\Windows\System32\JNAwHGy.exe
  C:\Windows\System32\JNAwHGy.exe
  2⤵
  PID:7912
- C:\Windows\System32\tZukbje.exe
  C:\Windows\System32\tZukbje.exe
  2⤵
  PID:7968
- C:\Windows\System32\gXlcExv.exe
  C:\Windows\System32\gXlcExv.exe
  2⤵
  PID:8084
- C:\Windows\System32\NaAnhAJ.exe
  C:\Windows\System32\NaAnhAJ.exe
  2⤵
  PID:7284
- C:\Windows\System32\yKUaFtb.exe
  C:\Windows\System32\yKUaFtb.exe
  2⤵
  PID:7224
- C:\Windows\System32\okkWbQQ.exe
  C:\Windows\System32\okkWbQQ.exe
  2⤵
  PID:7564
- C:\Windows\System32\oWZjvEU.exe
  C:\Windows\System32\oWZjvEU.exe
  2⤵
  PID:7484
- C:\Windows\System32\XvtETus.exe
  C:\Windows\System32\XvtETus.exe
  2⤵
  PID:7604
- C:\Windows\System32\cJvYNJZ.exe
  C:\Windows\System32\cJvYNJZ.exe
  2⤵
  PID:7356
- C:\Windows\System32\KNTtdvK.exe
  C:\Windows\System32\KNTtdvK.exe
  2⤵
  PID:7584
- C:\Windows\System32\RtxZGFa.exe
  C:\Windows\System32\RtxZGFa.exe
  2⤵
  PID:7692
- C:\Windows\System32\EmrGGnB.exe
  C:\Windows\System32\EmrGGnB.exe
  2⤵
  PID:7772
- C:\Windows\System32\rwJtgEg.exe
  C:\Windows\System32\rwJtgEg.exe
  2⤵
  PID:7956
- C:\Windows\System32\vQgkjxO.exe
  C:\Windows\System32\vQgkjxO.exe
  2⤵
  PID:6940
- C:\Windows\System32\HzyxoqV.exe
  C:\Windows\System32\HzyxoqV.exe
  2⤵
  PID:7448
- C:\Windows\System32\HhPzLAL.exe
  C:\Windows\System32\HhPzLAL.exe
  2⤵
  PID:7900
- C:\Windows\System32\WSXSsez.exe
  C:\Windows\System32\WSXSsez.exe
  2⤵
  PID:8080
- C:\Windows\System32\NKYPpia.exe
  C:\Windows\System32\NKYPpia.exe
  2⤵
  PID:7852
- C:\Windows\System32\XzzHPBp.exe
  C:\Windows\System32\XzzHPBp.exe
  2⤵
  PID:7532
- C:\Windows\System32\AuzOBHT.exe
  C:\Windows\System32\AuzOBHT.exe
  2⤵
  PID:8228
- C:\Windows\System32\FfEATkM.exe
  C:\Windows\System32\FfEATkM.exe
  2⤵
  PID:8268
- C:\Windows\System32\gkyaUcD.exe
  C:\Windows\System32\gkyaUcD.exe
  2⤵
  PID:8292
- C:\Windows\System32\rldSgpB.exe
  C:\Windows\System32\rldSgpB.exe
  2⤵
  PID:8312
- C:\Windows\System32\dOAlgyp.exe
  C:\Windows\System32\dOAlgyp.exe
  2⤵
  PID:8328
- C:\Windows\System32\ohuGGkD.exe
  C:\Windows\System32\ohuGGkD.exe
  2⤵
  PID:8352
- C:\Windows\System32\ZKAECab.exe
  C:\Windows\System32\ZKAECab.exe
  2⤵
  PID:8376
- C:\Windows\System32\fKbPviB.exe
  C:\Windows\System32\fKbPviB.exe
  2⤵
  PID:8444
- C:\Windows\System32\fatOcGo.exe
  C:\Windows\System32\fatOcGo.exe
  2⤵
  PID:8472
- C:\Windows\System32\pYhHDOm.exe
  C:\Windows\System32\pYhHDOm.exe
  2⤵
  PID:8488
- C:\Windows\System32\JpjeTql.exe
  C:\Windows\System32\JpjeTql.exe
  2⤵
  PID:8508
- C:\Windows\System32\qHFEaVz.exe
  C:\Windows\System32\qHFEaVz.exe
  2⤵
  PID:8536
- C:\Windows\System32\fGHsuFp.exe
  C:\Windows\System32\fGHsuFp.exe
  2⤵
  PID:8556
- C:\Windows\System32\nRhKqZu.exe
  C:\Windows\System32\nRhKqZu.exe
  2⤵
  PID:8608
- C:\Windows\System32\fFTfZoj.exe
  C:\Windows\System32\fFTfZoj.exe
  2⤵
  PID:8636
- C:\Windows\System32\TEgghwI.exe
  C:\Windows\System32\TEgghwI.exe
  2⤵
  PID:8672
- C:\Windows\System32\BwOEdrv.exe
  C:\Windows\System32\BwOEdrv.exe
  2⤵
  PID:8724
- C:\Windows\System32\LVhsLEy.exe
  C:\Windows\System32\LVhsLEy.exe
  2⤵
  PID:8752
- C:\Windows\System32\quKArfN.exe
  C:\Windows\System32\quKArfN.exe
  2⤵
  PID:8784
- C:\Windows\System32\NpyyrIS.exe
  C:\Windows\System32\NpyyrIS.exe
  2⤵
  PID:8804
- C:\Windows\System32\OkEKjOn.exe
  C:\Windows\System32\OkEKjOn.exe
  2⤵
  PID:8828
- C:\Windows\System32\LMPIXLI.exe
  C:\Windows\System32\LMPIXLI.exe
  2⤵
  PID:8856
- C:\Windows\System32\wKqSLLX.exe
  C:\Windows\System32\wKqSLLX.exe
  2⤵
  PID:8876
- C:\Windows\System32\fMDWJie.exe
  C:\Windows\System32\fMDWJie.exe
  2⤵
  PID:8896
- C:\Windows\System32\FGuATBu.exe
  C:\Windows\System32\FGuATBu.exe
  2⤵
  PID:8916
- C:\Windows\System32\HhEFkSG.exe
  C:\Windows\System32\HhEFkSG.exe
  2⤵
  PID:8964
- C:\Windows\System32\dxqUuTe.exe
  C:\Windows\System32\dxqUuTe.exe
  2⤵
  PID:8988
- C:\Windows\System32\eZkunNd.exe
  C:\Windows\System32\eZkunNd.exe
  2⤵
  PID:9004
- C:\Windows\System32\uMAKFWI.exe
  C:\Windows\System32\uMAKFWI.exe
  2⤵
  PID:9032
- C:\Windows\System32\hhQaYMQ.exe
  C:\Windows\System32\hhQaYMQ.exe
  2⤵
  PID:9064
- C:\Windows\System32\PEKVkFk.exe
  C:\Windows\System32\PEKVkFk.exe
  2⤵
  PID:9108
- C:\Windows\System32\GAbbaPe.exe
  C:\Windows\System32\GAbbaPe.exe
  2⤵
  PID:9136
- C:\Windows\System32\ELSrkkK.exe
  C:\Windows\System32\ELSrkkK.exe
  2⤵
  PID:9156
- C:\Windows\System32\zMECakN.exe
  C:\Windows\System32\zMECakN.exe
  2⤵
  PID:9172
- C:\Windows\System32\fVKfrCY.exe
  C:\Windows\System32\fVKfrCY.exe
  2⤵
  PID:9200
- C:\Windows\System32\kwsjlvd.exe
  C:\Windows\System32\kwsjlvd.exe
  2⤵
  PID:8012
- C:\Windows\System32\eQgkiDI.exe
  C:\Windows\System32\eQgkiDI.exe
  2⤵
  PID:8304
- C:\Windows\System32\UuNTzYo.exe
  C:\Windows\System32\UuNTzYo.exe
  2⤵
  PID:8360
- C:\Windows\System32\kgpIbTv.exe
  C:\Windows\System32\kgpIbTv.exe
  2⤵
  PID:8388
- C:\Windows\System32\NACbwpc.exe
  C:\Windows\System32\NACbwpc.exe
  2⤵
  PID:8416
- C:\Windows\System32\xGKDuEm.exe
  C:\Windows\System32\xGKDuEm.exe
  2⤵
  PID:8520
- C:\Windows\System32\pAyzVEy.exe
  C:\Windows\System32\pAyzVEy.exe
  2⤵
  PID:8616
- C:\Windows\System32\AnOSQox.exe
  C:\Windows\System32\AnOSQox.exe
  2⤵
  PID:8624
- C:\Windows\System32\UKUTBVA.exe
  C:\Windows\System32\UKUTBVA.exe
  2⤵
  PID:8736
- C:\Windows\System32\BCYgFpB.exe
  C:\Windows\System32\BCYgFpB.exe
  2⤵
  PID:8820
- C:\Windows\System32\WyDHTdy.exe
  C:\Windows\System32\WyDHTdy.exe
  2⤵
  PID:8892
- C:\Windows\System32\DcxYjEx.exe
  C:\Windows\System32\DcxYjEx.exe
  2⤵
  PID:8904
- C:\Windows\System32\eXdRVDx.exe
  C:\Windows\System32\eXdRVDx.exe
  2⤵
  PID:8984
- C:\Windows\System32\KgAfGPL.exe
  C:\Windows\System32\KgAfGPL.exe
  2⤵
  PID:9040
- C:\Windows\System32\xPTArNQ.exe
  C:\Windows\System32\xPTArNQ.exe
  2⤵
  PID:9096
- C:\Windows\System32\hVjXQgq.exe
  C:\Windows\System32\hVjXQgq.exe
  2⤵
  PID:9152
- C:\Windows\System32\rpcbGwY.exe
  C:\Windows\System32\rpcbGwY.exe
  2⤵
  PID:7488
- C:\Windows\System32\lDufdtc.exe
  C:\Windows\System32\lDufdtc.exe
  2⤵
  PID:8484
- C:\Windows\System32\kGTpaVC.exe
  C:\Windows\System32\kGTpaVC.exe
  2⤵
  PID:8652
- C:\Windows\System32\zcxNhhD.exe
  C:\Windows\System32\zcxNhhD.exe
  2⤵
  PID:8684
- C:\Windows\System32\yyjdJYu.exe
  C:\Windows\System32\yyjdJYu.exe
  2⤵
  PID:8884
- C:\Windows\System32\oYmszZm.exe
  C:\Windows\System32\oYmszZm.exe
  2⤵
  PID:8928
- C:\Windows\System32\SMTqmvL.exe
  C:\Windows\System32\SMTqmvL.exe
  2⤵
  PID:9076
- C:\Windows\System32\QDZHseR.exe
  C:\Windows\System32\QDZHseR.exe
  2⤵
  PID:9188
- C:\Windows\System32\kKIqvLa.exe
  C:\Windows\System32\kKIqvLa.exe
  2⤵
  PID:8568
- C:\Windows\System32\VbtUKIk.exe
  C:\Windows\System32\VbtUKIk.exe
  2⤵
  PID:8244
- C:\Windows\System32\GqgfNcV.exe
  C:\Windows\System32\GqgfNcV.exe
  2⤵
  PID:9080
- C:\Windows\System32\QXEcYmF.exe
  C:\Windows\System32\QXEcYmF.exe
  2⤵
  PID:9224
- C:\Windows\System32\rxudVJY.exe
  C:\Windows\System32\rxudVJY.exe
  2⤵
  PID:9252
- C:\Windows\System32\dwTDchN.exe
  C:\Windows\System32\dwTDchN.exe
  2⤵
  PID:9280
- C:\Windows\System32\UtvHvir.exe
  C:\Windows\System32\UtvHvir.exe
  2⤵
  PID:9300
- C:\Windows\System32\CaaXswU.exe
  C:\Windows\System32\CaaXswU.exe
  2⤵
  PID:9324
- C:\Windows\System32\nfmhXSJ.exe
  C:\Windows\System32\nfmhXSJ.exe
  2⤵
  PID:9344
- C:\Windows\System32\MnJzhdU.exe
  C:\Windows\System32\MnJzhdU.exe
  2⤵
  PID:9368
- C:\Windows\System32\icZooqx.exe
  C:\Windows\System32\icZooqx.exe
  2⤵
  PID:9428
- C:\Windows\System32\RbpIEmz.exe
  C:\Windows\System32\RbpIEmz.exe
  2⤵
  PID:9468
- C:\Windows\System32\guBZfMK.exe
  C:\Windows\System32\guBZfMK.exe
  2⤵
  PID:9484
- C:\Windows\System32\dvtbNAx.exe
  C:\Windows\System32\dvtbNAx.exe
  2⤵
  PID:9500
- C:\Windows\System32\aMiXeWy.exe
  C:\Windows\System32\aMiXeWy.exe
  2⤵
  PID:9516
- C:\Windows\System32\aQwYDqX.exe
  C:\Windows\System32\aQwYDqX.exe
  2⤵
  PID:9540
- C:\Windows\System32\evyMCDu.exe
  C:\Windows\System32\evyMCDu.exe
  2⤵
  PID:9568
- C:\Windows\System32\uNLlNqe.exe
  C:\Windows\System32\uNLlNqe.exe
  2⤵
  PID:9632
- C:\Windows\System32\citHztY.exe
  C:\Windows\System32\citHztY.exe
  2⤵
  PID:9652
- C:\Windows\System32\RTloFZj.exe
  C:\Windows\System32\RTloFZj.exe
  2⤵
  PID:9676
- C:\Windows\System32\TajGVFa.exe
  C:\Windows\System32\TajGVFa.exe
  2⤵
  PID:9696
- C:\Windows\System32\RmpxemW.exe
  C:\Windows\System32\RmpxemW.exe
  2⤵
  PID:9712
- C:\Windows\System32\AnlmbpR.exe
  C:\Windows\System32\AnlmbpR.exe
  2⤵
  PID:9740
- C:\Windows\System32\HLuzRrs.exe
  C:\Windows\System32\HLuzRrs.exe
  2⤵
  PID:9784
- C:\Windows\System32\RwXeUyl.exe
  C:\Windows\System32\RwXeUyl.exe
  2⤵
  PID:9804
- C:\Windows\System32\ruPJdPr.exe
  C:\Windows\System32\ruPJdPr.exe
  2⤵
  PID:9832
- C:\Windows\System32\hjWdbGN.exe
  C:\Windows\System32\hjWdbGN.exe
  2⤵
  PID:9848
- C:\Windows\System32\WSZZFzb.exe
  C:\Windows\System32\WSZZFzb.exe
  2⤵
  PID:9868
- C:\Windows\System32\gxOMRZH.exe
  C:\Windows\System32\gxOMRZH.exe
  2⤵
  PID:9892
- C:\Windows\System32\WwCRiFR.exe
  C:\Windows\System32\WwCRiFR.exe
  2⤵
  PID:9916
- C:\Windows\System32\Ychzfla.exe
  C:\Windows\System32\Ychzfla.exe
  2⤵
  PID:9988
- C:\Windows\System32\INRfXCs.exe
  C:\Windows\System32\INRfXCs.exe
  2⤵
  PID:10004
- C:\Windows\System32\bnaUCOE.exe
  C:\Windows\System32\bnaUCOE.exe
  2⤵
  PID:10032
- C:\Windows\System32\JKHmeeb.exe
  C:\Windows\System32\JKHmeeb.exe
  2⤵
  PID:10052
- C:\Windows\System32\IAnlHHf.exe
  C:\Windows\System32\IAnlHHf.exe
  2⤵
  PID:10096
- C:\Windows\System32\tgBkjBE.exe
  C:\Windows\System32\tgBkjBE.exe
  2⤵
  PID:10124
- C:\Windows\System32\UcMprah.exe
  C:\Windows\System32\UcMprah.exe
  2⤵
  PID:10152
- C:\Windows\System32\AfxyASU.exe
  C:\Windows\System32\AfxyASU.exe
  2⤵
  PID:10188
- C:\Windows\System32\rXQoZoz.exe
  C:\Windows\System32\rXQoZoz.exe
  2⤵
  PID:10208
- C:\Windows\System32\JnzTYPT.exe
  C:\Windows\System32\JnzTYPT.exe
  2⤵
  PID:10228
- C:\Windows\System32\tbbueVb.exe
  C:\Windows\System32\tbbueVb.exe
  2⤵
  PID:9212
- C:\Windows\System32\jfELuBv.exe
  C:\Windows\System32\jfELuBv.exe
  2⤵
  PID:9244
- C:\Windows\System32\VXSqsBR.exe
  C:\Windows\System32\VXSqsBR.exe
  2⤵
  PID:9316
- C:\Windows\System32\VmwMHVl.exe
  C:\Windows\System32\VmwMHVl.exe
  2⤵
  PID:9336
- C:\Windows\System32\HTcihYb.exe
  C:\Windows\System32\HTcihYb.exe
  2⤵
  PID:9580
- C:\Windows\System32\jQILtYZ.exe
  C:\Windows\System32\jQILtYZ.exe
  2⤵
  PID:9616
- C:\Windows\System32\RrTlIkP.exe
  C:\Windows\System32\RrTlIkP.exe
  2⤵
  PID:9660
- C:\Windows\System32\HnhFcEr.exe
  C:\Windows\System32\HnhFcEr.exe
  2⤵
  PID:9692
- C:\Windows\System32\bxYVlOP.exe
  C:\Windows\System32\bxYVlOP.exe
  2⤵
  PID:9844
- C:\Windows\System32\dJJMRiE.exe
  C:\Windows\System32\dJJMRiE.exe
  2⤵
  PID:9880
- C:\Windows\System32\qOWrpuV.exe
  C:\Windows\System32\qOWrpuV.exe
  2⤵
  PID:9996
- C:\Windows\System32\QxfWfJe.exe
  C:\Windows\System32\QxfWfJe.exe
  2⤵
  PID:10028
- C:\Windows\System32\BzXTxXD.exe
  C:\Windows\System32\BzXTxXD.exe
  2⤵
  PID:10064
- C:\Windows\System32\ptuZvOy.exe
  C:\Windows\System32\ptuZvOy.exe
  2⤵
  PID:10196
- C:\Windows\System32\bhJNJVS.exe
  C:\Windows\System32\bhJNJVS.exe
  2⤵
  PID:9340
- C:\Windows\System32\beLNnVj.exe
  C:\Windows\System32\beLNnVj.exe
  2⤵
  PID:9276
- C:\Windows\System32\rujKGQR.exe
  C:\Windows\System32\rujKGQR.exe
  2⤵
  PID:9576
- C:\Windows\System32\scUWSdc.exe
  C:\Windows\System32\scUWSdc.exe
  2⤵
  PID:9672
- C:\Windows\System32\djxHpyu.exe
  C:\Windows\System32\djxHpyu.exe
  2⤵
  PID:10000
- C:\Windows\System32\aFGzVzB.exe
  C:\Windows\System32\aFGzVzB.exe
  2⤵
  PID:10116
- C:\Windows\System32\BqHhJVk.exe
  C:\Windows\System32\BqHhJVk.exe
  2⤵
  PID:10180
- C:\Windows\System32\ebDpUvz.exe
  C:\Windows\System32\ebDpUvz.exe
  2⤵
  PID:9820
- C:\Windows\System32\mZwxFBj.exe
  C:\Windows\System32\mZwxFBj.exe
  2⤵
  PID:9724
- C:\Windows\System32\xlTbsnH.exe
  C:\Windows\System32\xlTbsnH.exe
  2⤵
  PID:9964
- C:\Windows\System32\PvFlqsV.exe
  C:\Windows\System32\PvFlqsV.exe
  2⤵
  PID:9792
- C:\Windows\System32\IsFSsJF.exe
  C:\Windows\System32\IsFSsJF.exe
  2⤵
  PID:10256
- C:\Windows\System32\hFvlVQy.exe
  C:\Windows\System32\hFvlVQy.exe
  2⤵
  PID:10276
- C:\Windows\System32\dmbgMeB.exe
  C:\Windows\System32\dmbgMeB.exe
  2⤵
  PID:10292
- C:\Windows\System32\kaGbxTn.exe
  C:\Windows\System32\kaGbxTn.exe
  2⤵
  PID:10312
- C:\Windows\System32\JqOHAzP.exe
  C:\Windows\System32\JqOHAzP.exe
  2⤵
  PID:10336
- C:\Windows\System32\dRBtPjP.exe
  C:\Windows\System32\dRBtPjP.exe
  2⤵
  PID:10352
- C:\Windows\System32\lwblHbZ.exe
  C:\Windows\System32\lwblHbZ.exe
  2⤵
  PID:10368
- C:\Windows\System32\lTuyDhr.exe
  C:\Windows\System32\lTuyDhr.exe
  2⤵
  PID:10388
- C:\Windows\System32\XsPGkee.exe
  C:\Windows\System32\XsPGkee.exe
  2⤵
  PID:10404
- C:\Windows\System32\JnlXnaC.exe
  C:\Windows\System32\JnlXnaC.exe
  2⤵
  PID:10428
- C:\Windows\System32\IpKMWdg.exe
  C:\Windows\System32\IpKMWdg.exe
  2⤵
  PID:10460
- C:\Windows\System32\ZVsLRUK.exe
  C:\Windows\System32\ZVsLRUK.exe
  2⤵
  PID:10480
- C:\Windows\System32\sqlDSKL.exe
  C:\Windows\System32\sqlDSKL.exe
  2⤵
  PID:10508
- C:\Windows\System32\RBGyOeg.exe
  C:\Windows\System32\RBGyOeg.exe
  2⤵
  PID:10524
- C:\Windows\System32\vlibCBE.exe
  C:\Windows\System32\vlibCBE.exe
  2⤵
  PID:10544
- C:\Windows\System32\DQuCiEK.exe
  C:\Windows\System32\DQuCiEK.exe
  2⤵
  PID:10576
- C:\Windows\System32\iLJrmBG.exe
  C:\Windows\System32\iLJrmBG.exe
  2⤵
  PID:10592
- C:\Windows\System32\dOpVWqQ.exe
  C:\Windows\System32\dOpVWqQ.exe
  2⤵
  PID:10612
- C:\Windows\System32\YCjsRak.exe
  C:\Windows\System32\YCjsRak.exe
  2⤵
  PID:10640
- C:\Windows\System32\HUEMQbr.exe
  C:\Windows\System32\HUEMQbr.exe
  2⤵
  PID:10660
- C:\Windows\System32\PVPVvMF.exe
  C:\Windows\System32\PVPVvMF.exe
  2⤵
  PID:10716
- C:\Windows\System32\iSBGTHp.exe
  C:\Windows\System32\iSBGTHp.exe
  2⤵
  PID:10792
- C:\Windows\System32\lwiDxxH.exe
  C:\Windows\System32\lwiDxxH.exe
  2⤵
  PID:10816
- C:\Windows\System32\SmLQKst.exe
  C:\Windows\System32\SmLQKst.exe
  2⤵
  PID:10836
- C:\Windows\System32\IlbtgeS.exe
  C:\Windows\System32\IlbtgeS.exe
  2⤵
  PID:10892
- C:\Windows\System32\geavNeh.exe
  C:\Windows\System32\geavNeh.exe
  2⤵
  PID:10956
- C:\Windows\System32\CbcfTik.exe
  C:\Windows\System32\CbcfTik.exe
  2⤵
  PID:10976
- C:\Windows\System32\nJuyTTD.exe
  C:\Windows\System32\nJuyTTD.exe
  2⤵
  PID:10992
- C:\Windows\System32\qNlFWJl.exe
  C:\Windows\System32\qNlFWJl.exe
  2⤵
  PID:11044
- C:\Windows\System32\cweIBMq.exe
  C:\Windows\System32\cweIBMq.exe
  2⤵
  PID:11060
- C:\Windows\System32\Pplzajm.exe
  C:\Windows\System32\Pplzajm.exe
  2⤵
  PID:11084
- C:\Windows\System32\VPbYeKb.exe
  C:\Windows\System32\VPbYeKb.exe
  2⤵
  PID:11108
- C:\Windows\System32\rfXSMwp.exe
  C:\Windows\System32\rfXSMwp.exe
  2⤵
  PID:11160
- C:\Windows\System32\YbWBPvl.exe
  C:\Windows\System32\YbWBPvl.exe
  2⤵
  PID:11196
- C:\Windows\System32\xpUdWds.exe
  C:\Windows\System32\xpUdWds.exe
  2⤵
  PID:11216
- C:\Windows\System32\mrncGrq.exe
  C:\Windows\System32\mrncGrq.exe
  2⤵
  PID:11256
- C:\Windows\System32\bREngTb.exe
  C:\Windows\System32\bREngTb.exe
  2⤵
  PID:9320
- C:\Windows\System32\NPstXjd.exe
  C:\Windows\System32\NPstXjd.exe
  2⤵
  PID:10308
- C:\Windows\System32\cdEToWV.exe
  C:\Windows\System32\cdEToWV.exe
  2⤵
  PID:10268
- C:\Windows\System32\kEhjwLf.exe
  C:\Windows\System32\kEhjwLf.exe
  2⤵
  PID:10416
- C:\Windows\System32\Epomgkl.exe
  C:\Windows\System32\Epomgkl.exe
  2⤵
  PID:10348
- C:\Windows\System32\JYBNGQK.exe
  C:\Windows\System32\JYBNGQK.exe
  2⤵
  PID:10448
- C:\Windows\System32\hVjjjeU.exe
  C:\Windows\System32\hVjjjeU.exe
  2⤵
  PID:10516
- C:\Windows\System32\IOsjAFF.exe
  C:\Windows\System32\IOsjAFF.exe
  2⤵
  PID:10584
- C:\Windows\System32\QAICRUd.exe
  C:\Windows\System32\QAICRUd.exe
  2⤵
  PID:10624
- C:\Windows\System32\jjWdEDJ.exe
  C:\Windows\System32\jjWdEDJ.exe
  2⤵
  PID:10668
- C:\Windows\System32\KnuQZlL.exe
  C:\Windows\System32\KnuQZlL.exe
  2⤵
  PID:10704
- C:\Windows\System32\bNMtGow.exe
  C:\Windows\System32\bNMtGow.exe
  2⤵
  PID:10852
- C:\Windows\System32\tHOkXFO.exe
  C:\Windows\System32\tHOkXFO.exe
  2⤵
  PID:10988
- C:\Windows\System32\nSLHBoL.exe
  C:\Windows\System32\nSLHBoL.exe
  2⤵
  PID:11020
- C:\Windows\System32\SLVPrGL.exe
  C:\Windows\System32\SLVPrGL.exe
  2⤵
  PID:11080
- C:\Windows\System32\LuyBKEH.exe
  C:\Windows\System32\LuyBKEH.exe
  2⤵
  PID:11204
- C:\Windows\System32\eXsSYtv.exe
  C:\Windows\System32\eXsSYtv.exe
  2⤵
  PID:11240
- C:\Windows\System32\GdSocAZ.exe
  C:\Windows\System32\GdSocAZ.exe
  2⤵
  PID:10400
- C:\Windows\System32\Evgnsrf.exe
  C:\Windows\System32\Evgnsrf.exe
  2⤵
  PID:10412
- C:\Windows\System32\mEYgprP.exe
  C:\Windows\System32\mEYgprP.exe
  2⤵
  PID:10572
- C:\Windows\System32\AUHbguC.exe
  C:\Windows\System32\AUHbguC.exe
  2⤵
  PID:10732
- C:\Windows\System32\OUHCblx.exe
  C:\Windows\System32\OUHCblx.exe
  2⤵
  PID:9900
- C:\Windows\System32\PYCgFEN.exe
  C:\Windows\System32\PYCgFEN.exe
  2⤵
  PID:10904
- C:\Windows\System32\TSYlwLm.exe
  C:\Windows\System32\TSYlwLm.exe
  2⤵
  PID:11000
- C:\Windows\System32\ScwcexC.exe
  C:\Windows\System32\ScwcexC.exe
  2⤵
  PID:10264
- C:\Windows\System32\FoQrEkA.exe
  C:\Windows\System32\FoQrEkA.exe
  2⤵
  PID:10564
- C:\Windows\System32\eKiomPM.exe
  C:\Windows\System32\eKiomPM.exe
  2⤵
  PID:10968
- C:\Windows\System32\gueKGkh.exe
  C:\Windows\System32\gueKGkh.exe
  2⤵
  PID:10588
- C:\Windows\System32\PpKlzrY.exe
  C:\Windows\System32\PpKlzrY.exe
  2⤵
  PID:11268
- C:\Windows\System32\BcDzSVZ.exe
  C:\Windows\System32\BcDzSVZ.exe
  2⤵
  PID:11288
- C:\Windows\System32\kWxrDCu.exe
  C:\Windows\System32\kWxrDCu.exe
  2⤵
  PID:11320
- C:\Windows\System32\sLjfoTI.exe
  C:\Windows\System32\sLjfoTI.exe
  2⤵
  PID:11348
- C:\Windows\System32\TfgJAUr.exe
  C:\Windows\System32\TfgJAUr.exe
  2⤵
  PID:11384
- C:\Windows\System32\oqpNQcl.exe
  C:\Windows\System32\oqpNQcl.exe
  2⤵
  PID:11416
- C:\Windows\System32\XOSzvyx.exe
  C:\Windows\System32\XOSzvyx.exe
  2⤵
  PID:11440
- C:\Windows\System32\xxaHSFp.exe
  C:\Windows\System32\xxaHSFp.exe
  2⤵
  PID:11468
- C:\Windows\System32\WMPihMP.exe
  C:\Windows\System32\WMPihMP.exe
  2⤵
  PID:11504
- C:\Windows\System32\XimDRjC.exe
  C:\Windows\System32\XimDRjC.exe
  2⤵
  PID:11532
- C:\Windows\System32\UlWtclm.exe
  C:\Windows\System32\UlWtclm.exe
  2⤵
  PID:11556
- C:\Windows\System32\eYEKSCO.exe
  C:\Windows\System32\eYEKSCO.exe
  2⤵
  PID:11572
- C:\Windows\System32\iWTlYvO.exe
  C:\Windows\System32\iWTlYvO.exe
  2⤵
  PID:11600
- C:\Windows\System32\GpcYGtm.exe
  C:\Windows\System32\GpcYGtm.exe
  2⤵
  PID:11648
- C:\Windows\System32\BXdLiYs.exe
  C:\Windows\System32\BXdLiYs.exe
  2⤵
  PID:11668
- C:\Windows\System32\rMRITxM.exe
  C:\Windows\System32\rMRITxM.exe
  2⤵
  PID:11692
- C:\Windows\System32\adTyFFq.exe
  C:\Windows\System32\adTyFFq.exe
  2⤵
  PID:11712
- C:\Windows\System32\aCiEzhA.exe
  C:\Windows\System32\aCiEzhA.exe
  2⤵
  PID:11760
- C:\Windows\System32\GXYalGX.exe
  C:\Windows\System32\GXYalGX.exe
  2⤵
  PID:11784
- C:\Windows\System32\UlNuxPT.exe
  C:\Windows\System32\UlNuxPT.exe
  2⤵
  PID:11816
- C:\Windows\System32\UuUvsLi.exe
  C:\Windows\System32\UuUvsLi.exe
  2⤵
  PID:11836
- C:\Windows\System32\TOQlMgL.exe
  C:\Windows\System32\TOQlMgL.exe
  2⤵
  PID:11852
- C:\Windows\System32\OFYgrcY.exe
  C:\Windows\System32\OFYgrcY.exe
  2⤵
  PID:11876
- C:\Windows\System32\ixStoBV.exe
  C:\Windows\System32\ixStoBV.exe
  2⤵
  PID:11900
- C:\Windows\System32\ijhCqeU.exe
  C:\Windows\System32\ijhCqeU.exe
  2⤵
  PID:11932
- C:\Windows\System32\SgIeJcL.exe
  C:\Windows\System32\SgIeJcL.exe
  2⤵
  PID:11960
- C:\Windows\System32\ArJHVJO.exe
  C:\Windows\System32\ArJHVJO.exe
  2⤵
  PID:11992
- C:\Windows\System32\ZZDxeuG.exe
  C:\Windows\System32\ZZDxeuG.exe
  2⤵
  PID:12012
- C:\Windows\System32\DGMsRYO.exe
  C:\Windows\System32\DGMsRYO.exe
  2⤵
  PID:12048
- C:\Windows\System32\BJaLMCY.exe
  C:\Windows\System32\BJaLMCY.exe
  2⤵
  PID:12080
- C:\Windows\System32\XYDADdj.exe
  C:\Windows\System32\XYDADdj.exe
  2⤵
  PID:12100
- C:\Windows\System32\FhajReM.exe
  C:\Windows\System32\FhajReM.exe
  2⤵
  PID:12120
- C:\Windows\System32\OrJHJjG.exe
  C:\Windows\System32\OrJHJjG.exe
  2⤵
  PID:12136
- C:\Windows\System32\sCLGGmH.exe
  C:\Windows\System32\sCLGGmH.exe
  2⤵
  PID:12160
- C:\Windows\System32\bZyBSMm.exe
  C:\Windows\System32\bZyBSMm.exe
  2⤵
  PID:12200
- C:\Windows\System32\VWmIvGP.exe
  C:\Windows\System32\VWmIvGP.exe
  2⤵
  PID:12216
- C:\Windows\System32\oEizlpf.exe
  C:\Windows\System32\oEizlpf.exe
  2⤵
  PID:12272
- C:\Windows\System32\pVOIZSl.exe
  C:\Windows\System32\pVOIZSl.exe
  2⤵
  PID:11296
- C:\Windows\System32\vDXDFfv.exe
  C:\Windows\System32\vDXDFfv.exe
  2⤵
  PID:11300
- C:\Windows\System32\xuWSGQI.exe
  C:\Windows\System32\xuWSGQI.exe
  2⤵
  PID:11436
- C:\Windows\System32\WvOidVB.exe
  C:\Windows\System32\WvOidVB.exe
  2⤵
  PID:11492
- C:\Windows\System32\OZIpDgF.exe
  C:\Windows\System32\OZIpDgF.exe
  2⤵
  PID:11540
- C:\Windows\System32\KWAYfjV.exe
  C:\Windows\System32\KWAYfjV.exe
  2⤵
  PID:11612
- C:\Windows\System32\xRIkFvm.exe
  C:\Windows\System32\xRIkFvm.exe
  2⤵
  PID:11608
- C:\Windows\System32\rRZbwLj.exe
  C:\Windows\System32\rRZbwLj.exe
  2⤵
  PID:11756
- C:\Windows\System32\PJJcseM.exe
  C:\Windows\System32\PJJcseM.exe
  2⤵
  PID:11768
- C:\Windows\System32\qWUAJrq.exe
  C:\Windows\System32\qWUAJrq.exe
  2⤵
  PID:11868
- C:\Windows\System32\OXyjeRO.exe
  C:\Windows\System32\OXyjeRO.exe
  2⤵
  PID:11948
- C:\Windows\System32\tktJPGn.exe
  C:\Windows\System32\tktJPGn.exe
  2⤵
  PID:12008
- C:\Windows\System32\odtUHAA.exe
  C:\Windows\System32\odtUHAA.exe
  2⤵
  PID:12056
- C:\Windows\System32\vGlXYui.exe
  C:\Windows\System32\vGlXYui.exe
  2⤵
  PID:12128
- C:\Windows\System32\mJqMWjD.exe
  C:\Windows\System32\mJqMWjD.exe
  2⤵
  PID:12192
- C:\Windows\System32\ZWwJdXo.exe
  C:\Windows\System32\ZWwJdXo.exe
  2⤵
  PID:12236
- C:\Windows\System32\gumurXl.exe
  C:\Windows\System32\gumurXl.exe
  2⤵
  PID:11284
- C:\Windows\System32\icWqfTC.exe
  C:\Windows\System32\icWqfTC.exe
  2⤵
  PID:11412
- C:\Windows\System32\LAFsZKi.exe
  C:\Windows\System32\LAFsZKi.exe
  2⤵
  PID:11580
- C:\Windows\System32\vQfXxeI.exe
  C:\Windows\System32\vQfXxeI.exe
  2⤵
  PID:11752
- C:\Windows\System32\OsfBiGj.exe
  C:\Windows\System32\OsfBiGj.exe
  2⤵
  PID:11860
- C:\Windows\System32\yEuQBJm.exe
  C:\Windows\System32\yEuQBJm.exe
  2⤵
  PID:12000
- C:\Windows\System32\BRlulbH.exe
  C:\Windows\System32\BRlulbH.exe
  2⤵
  PID:12208
- C:\Windows\System32\QbcWrSq.exe
  C:\Windows\System32\QbcWrSq.exe
  2⤵
  PID:2200
- C:\Windows\System32\dQjnuGj.exe
  C:\Windows\System32\dQjnuGj.exe
  2⤵
  PID:12036
- C:\Windows\System32\EPORXMp.exe
  C:\Windows\System32\EPORXMp.exe
  2⤵
  PID:11684
- C:\Windows\System32\ImZTRIu.exe
  C:\Windows\System32\ImZTRIu.exe
  2⤵
  PID:12300
- C:\Windows\System32\qewYpAL.exe
  C:\Windows\System32\qewYpAL.exe
  2⤵
  PID:12340
- C:\Windows\System32\dipmaIE.exe
  C:\Windows\System32\dipmaIE.exe
  2⤵
  PID:12364
- C:\Windows\System32\JQCQutg.exe
  C:\Windows\System32\JQCQutg.exe
  2⤵
  PID:12380
- C:\Windows\System32\lYZHgcJ.exe
  C:\Windows\System32\lYZHgcJ.exe
  2⤵
  PID:12396
- C:\Windows\System32\CZivFxE.exe
  C:\Windows\System32\CZivFxE.exe
  2⤵
  PID:12420
- C:\Windows\System32\VhVPQBD.exe
  C:\Windows\System32\VhVPQBD.exe
  2⤵
  PID:12452
- C:\Windows\System32\ObtmWgg.exe
  C:\Windows\System32\ObtmWgg.exe
  2⤵
  PID:12520
- C:\Windows\System32\QIcauYh.exe
  C:\Windows\System32\QIcauYh.exe
  2⤵
  PID:12536
- C:\Windows\System32\SbPiQLj.exe
  C:\Windows\System32\SbPiQLj.exe
  2⤵
  PID:12552
- C:\Windows\System32\GMcjlDV.exe
  C:\Windows\System32\GMcjlDV.exe
  2⤵
  PID:12580
- C:\Windows\System32\vDdCCTx.exe
  C:\Windows\System32\vDdCCTx.exe
  2⤵
  PID:12600
- C:\Windows\System32\QKNZcdF.exe
  C:\Windows\System32\QKNZcdF.exe
  2⤵
  PID:12624
- C:\Windows\System32\SIhFBki.exe
  C:\Windows\System32\SIhFBki.exe
  2⤵
  PID:12652
- C:\Windows\System32\pxPISYu.exe
  C:\Windows\System32\pxPISYu.exe
  2⤵
  PID:12684
- C:\Windows\System32\eQWDVOL.exe
  C:\Windows\System32\eQWDVOL.exe
  2⤵
  PID:12708
- C:\Windows\System32\tAXgnie.exe
  C:\Windows\System32\tAXgnie.exe
  2⤵
  PID:12728
- C:\Windows\System32\qeKKeSE.exe
  C:\Windows\System32\qeKKeSE.exe
  2⤵
  PID:12752
- C:\Windows\System32\vNhjyOv.exe
  C:\Windows\System32\vNhjyOv.exe
  2⤵
  PID:12784
- C:\Windows\System32\dpYfGee.exe
  C:\Windows\System32\dpYfGee.exe
  2⤵
  PID:12828
- C:\Windows\System32\EZPuPhf.exe
  C:\Windows\System32\EZPuPhf.exe
  2⤵
  PID:12872
- C:\Windows\System32\GUssdgE.exe
  C:\Windows\System32\GUssdgE.exe
  2⤵
  PID:12892
- C:\Windows\System32\yZhWQQu.exe
  C:\Windows\System32\yZhWQQu.exe
  2⤵
  PID:12920
- C:\Windows\System32\oFHVbxd.exe
  C:\Windows\System32\oFHVbxd.exe
  2⤵
  PID:12948
- C:\Windows\System32\ouNBeOL.exe
  C:\Windows\System32\ouNBeOL.exe
  2⤵
  PID:13024
- C:\Windows\System32\HEknyUt.exe
  C:\Windows\System32\HEknyUt.exe
  2⤵
  PID:13096
- C:\Windows\System32\lueygzB.exe
  C:\Windows\System32\lueygzB.exe
  2⤵
  PID:13124
- C:\Windows\System32\AjSbHMx.exe
  C:\Windows\System32\AjSbHMx.exe
  2⤵
  PID:13152
- C:\Windows\System32\vQSJgHF.exe
  C:\Windows\System32\vQSJgHF.exe
  2⤵
  PID:13168
- C:\Windows\System32\qyJlYfN.exe
  C:\Windows\System32\qyJlYfN.exe
  2⤵
  PID:13200
- C:\Windows\System32\tMAJrYI.exe
  C:\Windows\System32\tMAJrYI.exe
  2⤵
  PID:13220
- C:\Windows\System32\mraqOlG.exe
  C:\Windows\System32\mraqOlG.exe
  2⤵
  PID:13264
- C:\Windows\System32\bANlNhx.exe
  C:\Windows\System32\bANlNhx.exe
  2⤵
  PID:13284
- C:\Windows\System32\SUYIgIv.exe
  C:\Windows\System32\SUYIgIv.exe
  2⤵
  PID:12296
- C:\Windows\System32\YYFvDur.exe
  C:\Windows\System32\YYFvDur.exe
  2⤵
  PID:12392
- C:\Windows\System32\TKncBjc.exe
  C:\Windows\System32\TKncBjc.exe
  2⤵
  PID:12428
- C:\Windows\System32\vJbcXyA.exe
  C:\Windows\System32\vJbcXyA.exe
  2⤵
  PID:12488
- C:\Windows\System32\XVTRJdh.exe
  C:\Windows\System32\XVTRJdh.exe
  2⤵
  PID:12568
- C:\Windows\System32\rBryEdy.exe
  C:\Windows\System32\rBryEdy.exe
  2⤵
  PID:12592
- C:\Windows\System32\BoXtlFD.exe
  C:\Windows\System32\BoXtlFD.exe
  2⤵
  PID:12660
- C:\Windows\System32\tbGMYNu.exe
  C:\Windows\System32\tbGMYNu.exe
  2⤵
  PID:12724
- C:\Windows\System32\vBZSrrB.exe
  C:\Windows\System32\vBZSrrB.exe
  2⤵
  PID:12816
- C:\Windows\System32\jEVBKuk.exe
  C:\Windows\System32\jEVBKuk.exe
  2⤵
  PID:12888
- C:\Windows\System32\aspoXUS.exe
  C:\Windows\System32\aspoXUS.exe
  2⤵
  PID:12940
- C:\Windows\System32\aLaWtHq.exe
  C:\Windows\System32\aLaWtHq.exe
  2⤵
  PID:13008
- C:\Windows\System32\QQwnXKq.exe
  C:\Windows\System32\QQwnXKq.exe
  2⤵
  PID:13036
- C:\Windows\System32\BxmuUBw.exe
  C:\Windows\System32\BxmuUBw.exe
  2⤵
  PID:12980
- C:\Windows\System32\lpPkHwN.exe
  C:\Windows\System32\lpPkHwN.exe
  2⤵
  PID:13056
- C:\Windows\System32\LjINHJB.exe
  C:\Windows\System32\LjINHJB.exe
  2⤵
  PID:13104
- C:\Windows\System32\FdlLKZv.exe
  C:\Windows\System32\FdlLKZv.exe
  2⤵
  PID:5372
- C:\Windows\System32\BhktAhR.exe
  C:\Windows\System32\BhktAhR.exe
  2⤵
  PID:13148
- C:\Windows\System32\mzxRkWa.exe
  C:\Windows\System32\mzxRkWa.exe
  2⤵
  PID:13252
- C:\Windows\System32\sXnPksW.exe
  C:\Windows\System32\sXnPksW.exe
  2⤵
  PID:13300
- C:\Windows\System32\Hnwffor.exe
  C:\Windows\System32\Hnwffor.exe
  2⤵
  PID:12320
- C:\Windows\System32\kpprRhK.exe
  C:\Windows\System32\kpprRhK.exe
  2⤵
  PID:12548
- C:\Windows\System32\oMpxcxM.exe
  C:\Windows\System32\oMpxcxM.exe
  2⤵
  PID:12668
- C:\Windows\System32\KilvxxH.exe
  C:\Windows\System32\KilvxxH.exe
  2⤵
  PID:12744
- C:\Windows\System32\qLgRITI.exe
  C:\Windows\System32\qLgRITI.exe
  2⤵
  PID:12992
- C:\Windows\System32\bIwIDcx.exe
  C:\Windows\System32\bIwIDcx.exe
  2⤵
  PID:12996
- C:\Windows\System32\nFYDNuY.exe
  C:\Windows\System32\nFYDNuY.exe
  2⤵
  PID:2132
- C:\Windows\System32\PZYosdL.exe
  C:\Windows\System32\PZYosdL.exe
  2⤵
  PID:12460
- C:\Windows\System32\NfnvlDr.exe
  C:\Windows\System32\NfnvlDr.exe
  2⤵
  PID:12372
- C:\Windows\System32\ASOPlLe.exe
  C:\Windows\System32\ASOPlLe.exe
  2⤵
  PID:1728
- C:\Windows\System32\tAXvlPY.exe
  C:\Windows\System32\tAXvlPY.exe
  2⤵
  PID:216
- C:\Windows\System32\VsYapHV.exe
  C:\Windows\System32\VsYapHV.exe
  2⤵
  PID:13180
- C:\Windows\System32\NKHglGJ.exe
  C:\Windows\System32\NKHglGJ.exe
  2⤵
  PID:13060
- C:\Windows\System32\tYfFMhT.exe
  C:\Windows\System32\tYfFMhT.exe
  2⤵
  PID:13324
- C:\Windows\System32\EMjsmsj.exe
  C:\Windows\System32\EMjsmsj.exe
  2⤵
  PID:13360
- C:\Windows\System32\ZVUoTzQ.exe
  C:\Windows\System32\ZVUoTzQ.exe
  2⤵
  PID:13400
- C:\Windows\System32\MQSaJdG.exe
  C:\Windows\System32\MQSaJdG.exe
  2⤵
  PID:13428
- C:\Windows\System32\whAEltD.exe
  C:\Windows\System32\whAEltD.exe
  2⤵
  PID:13456
- C:\Windows\System32\Bgymnny.exe
  C:\Windows\System32\Bgymnny.exe
  2⤵
  PID:13472
- C:\Windows\System32\kNKDWCt.exe
  C:\Windows\System32\kNKDWCt.exe
  2⤵
  PID:13504
- C:\Windows\System32\BPtbRhP.exe
  C:\Windows\System32\BPtbRhP.exe
  2⤵
  PID:13544
- C:\Windows\System32\VevEvLP.exe
  C:\Windows\System32\VevEvLP.exe
  2⤵
  PID:13584
- C:\Windows\System32\IOLNxCt.exe
  C:\Windows\System32\IOLNxCt.exe
  2⤵
  PID:13608
- C:\Windows\System32\dErVkam.exe
  C:\Windows\System32\dErVkam.exe
  2⤵
  PID:13672

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\CjWPfIs.exe

Filesize
1.2MB

MD5
64fcd511eae47195283fdb8d922b4bc0

SHA1
323201582cfd80784ca51d10817d0d738ddc6472

SHA256
8013ffeb4d92e3cb0651ad8424f88fbaff45489db01bdbc3ca4123502abfdada

SHA512
d0f8b9e1ea268659a102e9af0f4f433bf5cdbe4f99312fb3c9a6ee518a932b7da7d6ac28b23d746fee42f54792aa4aa680412e05ef8bdd22ee148ec61d99f2f4

Download Submit
C:\Windows\System32\EiwBhUV.exe

Filesize
1.2MB

MD5
a66f58e50c259dfa995c1f893ccbe505

SHA1
a3df87fb6b61c8478fa7b469ffbaa6ca1e8902d3

SHA256
274ef6f477c584db93be3fdf8a8987160a06b270bfb9a5e8cf87e02b1c0aa660

SHA512
e46a88d4c09e7c944b467bf6a90d9b17048d64247a8d1acf916e5e2f2d6e342fb7bd2fb138ef406e9f84f11a1558fcf8e82e6a6583bcf5a81a550b2e2db6fe87

Download Submit
C:\Windows\System32\FfqmXGN.exe

Filesize
1.2MB

MD5
f3fa5dfe6d1fb4d6f0495ee7d2794470

SHA1
d33c486758873177dbdabdd6eb5c93d86712a3d6

SHA256
07db8b20a1cb373d9bd4b4b52cc76fb075fee58bfade948c1d2374fe79522458

SHA512
9de6b222e0b59fcc4c9bf5c6d3f7060d6648b501a53c4c48378693bba4507feccb6d04b22377c57c2fc41050e2fbbb99c2820e501beb9d84ee613dccb674e70e

Download Submit
C:\Windows\System32\GIlsDLf.exe

Filesize
1.2MB

MD5
a453e671439b72d4c3b57e44c69851ad

SHA1
db88fc8a3559aceedd15a2774931c51336a2eefb

SHA256
29bc804b01d9408a41be80234c44535db5f59858d93e8737d85eaa6160430b91

SHA512
98d70eab359203dcbc09e62e6b79f137abef7e6c19214ccfecd07e33224eda06f75db89564e0f7f2926474221d76f0118e501e1f0f05fbade4b1c3693ca5b6a3

Download Submit
C:\Windows\System32\GMdLfAU.exe

Filesize
1.2MB

MD5
3cd2bebec2409fdd472ccd934eebc40b

SHA1
dfbc328e7ac434ddf2e0d4646d9958a6b8b24665

SHA256
834dc1b5b6cba92f88a15265a36498b21770933a12aa04fdad5d7237c484f9f4

SHA512
b5830d8d5685ec55fa2e1c813b0e93cbf831c2443ccd7e562d2a7ac3356a91ab167f453239aff72062a8363ce33bf57d608eaa85bf567c006980bed484e8882c

Download Submit
C:\Windows\System32\NImizNF.exe

Filesize
1.2MB

MD5
6322c22c68dfc4877eed40fe6d015e55

SHA1
27bf9a6f8985ad7a354b7fa98a7ca8cb58ebd625

SHA256
c5d934805acc8425960d8c1ce1ac64cd437521eb0abb8defe0de39d58c5bd250

SHA512
09b53dbf96201b0a586cff5d064f764f6b01f232fd79d738be696aae849cc259952d4c083beaeb30dc38388bfc514b515c37ea75a7fda9cfe3a96f4068db6de8

Download Submit
C:\Windows\System32\PeoJkGU.exe

Filesize
1.2MB

MD5
4411349c1b87d4ca8d6f7b549dc6f29e

SHA1
8b5d8a0fe7264cc4e869be08eb8934b68846d60c

SHA256
5f38670d717b8f3dd512af22b430fb649dc637bf1b6af17e0b14842993b52769

SHA512
1b0ab479584c667f09a4692ab221343a8553f8823934bc222ba5c4716b6938eb2f6bdb2b36af687f129e835c284417c96c01d1da8c886afde14807e457f2ac89

Download Submit
C:\Windows\System32\QXZvhPq.exe

Filesize
1.2MB

MD5
8a21d9bbc61e66f651072ac3b9d278c9

SHA1
4b3978c2ec3082953c1c66775e13365de403ae95

SHA256
9e8a4987ebf29ab772c165844e6fd53fc61ec84c12a192902c4c522524a7bc2b

SHA512
b654e9b0399430c44b4a40cf18c16a2b37f137bec8c62a0a4af7ff780fe36a859266917fd8050da68e1223f3b95df8b860a545f42cbfa1bdd748da02fc4c79a3

Download Submit
C:\Windows\System32\QiBNfGU.exe

Filesize
1.2MB

MD5
be4c648529dccc3483a442028ee7ece8

SHA1
c83037d326f3b9e61933a37e52142059521ef218

SHA256
c8dfdc11dec8f9588fd6eb4a336ae3cc157d015c626fcee8f52bdb7eb2f15b1d

SHA512
76420c76b79bb1c5d4fa4c207c6ef7e41e2714c8f9d63bb2cccab921dce060e71f5e29c8a82df4e1f81c64c97a58f7a0aa66e1f89ab24cd6780373ddb388943c

Download Submit
C:\Windows\System32\QqPWViM.exe

Filesize
1.2MB

MD5
000639ddd772bd4e5d4bf2a1b9156f55

SHA1
b2b679465836a30679079fe67b2ab66de9f905ab

SHA256
dcd7c3afa4b6203be1e54d636e5f0005d2ca32cadc9648770c5cf6ae8b159de4

SHA512
eab28843a1381cbb655518ead3d1bb0ae89a7204a55d6794ff81a4a17efacf600a2ff566023c55851bba8456e5c9d9b3458432a3be6728d3d8a3a522bab6c040

Download Submit
C:\Windows\System32\RMTIcLA.exe

Filesize
1.2MB

MD5
59e08702b68165f9fc229dac32e30578

SHA1
b563de69ba89da9c201b52209f3f563418984416

SHA256
1aac7ad6b3bd2942f629ff7257a6b4136238dd8cd04b828144aa99457e147cc9

SHA512
921ef62618234032bdae8c8061f8fba90cba765eec013213ef5736b721eae20068fe835babca7419114c0332bd14c254540ca6ac5df0c295590f7d33783a56a9

Download Submit
C:\Windows\System32\RrIvtTi.exe

Filesize
1.2MB

MD5
9a07e8aca28a52996439e237bcf348b4

SHA1
f7e5879d6b61a89224f3eca467171e12930132a1

SHA256
d942267bb051b8b6269d392854a25c4fee759a10e34008e570ac36244ade9226

SHA512
66f2f350e73bfe1e1ff66e76ae569eba1f3a02ead9b27e74ffe7f68e100f3d8d5e872a4010b4d361979ee1f2fe4634c64b14e65a00bc836e117351098c8701a7

Download Submit
C:\Windows\System32\UFwmcne.exe

Filesize
1.2MB

MD5
367d81e08559c16f7e9775bb98c16e81

SHA1
e4f7fedaa32cc85a99b539a72f253f92308ad84f

SHA256
25d1750665204eb5fa30d28245e3949420b125c208f0c318af58fcbecc9cf0db

SHA512
65352c2e64fbcd978dd5c6de7549a18786baa65f734dc661e9cd3bb61f1a74816261db76dd0361ed4e6480b63919ea91ba66ced1cf2b5b93b3f0c8c406d064d6

Download Submit
C:\Windows\System32\UMYTMIX.exe

Filesize
1.2MB

MD5
6f86c03bf12bbb32527191f49ea169e2

SHA1
643d2b972f7d498c5e5067a6397baaf76f4b8cf0

SHA256
54ef384ff0df8ce556fd299a1e6fb17cb45646ec5688e9ad3dde1055a42e12dd

SHA512
bea53498dec64a3a1c10aef174dfd23a2e482ef0949b844dcda9d5ac51f804d40971089aca6d0895a2a9739019466948cb9e7e78852686e8a9286836f5784534

Download Submit
C:\Windows\System32\VpumJZi.exe

Filesize
1.2MB

MD5
9261b8e535fe1ebdaef0cbaa25e71d10

SHA1
c9d1eb1eb35f6db4c0d5f9f64d06bdefe62ba430

SHA256
1f810f8ff90c7f9117a1c80657d3e580bb452c1392cadcce9630851eed34701f

SHA512
9f831823a154f037aeb104b7db6d6723980682bec5a07fbc2f55dfff167c40721f338b317c2d0652216f0a7039854f346f83c820abec33be50422f921e87a056

Download Submit
C:\Windows\System32\WSVuwEO.exe

Filesize
1.2MB

MD5
82eb04dd335b9a73a489fdcee263bfc6

SHA1
8b10083c957ec25524c83ec78153726f7b551dfe

SHA256
364383a8df4f355e8b1f034093d6e061519c5eb9a0b68da9af7eccdc1298ae96

SHA512
09205f9423ad8b120d02fcd9e1e0ffe8cb1511751fbd63f48977fbeb86f556bdecb333ac1ca6f0665f6b05ec97c0d6c79e122b4c7db613c7b94cea4def7a097c

Download Submit
C:\Windows\System32\WcgkNKP.exe

Filesize
1.2MB

MD5
58b4e668dfc2f7c7328d949e8e23db3d

SHA1
247a6514ae5b7298eee09d900dd339b5893738d9

SHA256
d36f47e234a6c3b31b6634d9801895592e9d30273315b897d49cb5378d465479

SHA512
26e64876a06fbd85ec53dfafdc9a316be85f91771cd448e0f037d791a7e744a6e107ad98217cbeb9f77692f08d1051d2ead6c91367b472829a10346636f5aa4d

Download Submit
C:\Windows\System32\ZCAIdBk.exe

Filesize
1.2MB

MD5
341c2b3e08850322dc9f6d6cdd4ba760

SHA1
de4b646fc70878483da67b195a99a8ad9a18f7e7

SHA256
629feb60c78269b98c704bd39ef48f7ad1b960f83c3ee636e5996018864bab27

SHA512
ee44b9b43ee161320ba34f0902614ce578fcd0c6187e1b5f5eadfe633a040c230ae63c14bffef4d56d2413b4636a520e5a0cad5ea7cc6b5b48bf40ecc1af2d81

Download Submit
C:\Windows\System32\bOwvpVn.exe

Filesize
1.2MB

MD5
2a85ca8a652550dc637fc8468c7204d9

SHA1
18576d8f28ad5d4ec4f88ed891e9bde4c8e84612

SHA256
5940422c0d200d60649de859284372f23e23a3a409656dfc686714ed14f686a7

SHA512
3571ddebff5753ae71ba90d460e3b393b4bc8a2236b4508f4adbac63b2760c6550a38db3fbab8ed61107a2a586b65be587859d9c7a17a47ad65a05814670a769

Download Submit
C:\Windows\System32\cIdMErT.exe

Filesize
1.2MB

MD5
cee2827c35669f2106e244cee322195c

SHA1
00d74f200e0e9fb4267e030024ce08faef870b53

SHA256
97e250ed02c083699d023dacad9b3c4bc08b146ddd6f08807554f98e94be5460

SHA512
89bf550e2d04567c9457550820693b55f63d4126fb1f7af13fa4a39dd6ad48016f060d6141a4eb3be7da7fbbe420b42964fc03a9a05c459963e6664efa908860

Download Submit
C:\Windows\System32\ecvzeXh.exe

Filesize
1.2MB

MD5
a2377a0ee65058c3c0566e3a0f6c1ea8

SHA1
c19525fd72d35f995e6e4974247497cd60b33514

SHA256
c960a9eaad1b558f4d01f22a761ecd7d851a0618a85eeaaaec5d5dbedfb2806b

SHA512
6d045a560e91eed4909b5e5cd66d9ab334753fcc5e27f3f164812a7b6423c1c68981f702f3af91dd8ca6dd3d6cb69ff913f0402dc90400747c820e8f6afc8b6b

Download Submit
C:\Windows\System32\eyLNVwX.exe

Filesize
1.2MB

MD5
f6686c89193ccf1ad67cab3700812bdd

SHA1
4df61c0f6bf7d6b177520dc1a9070af067dbb246

SHA256
d3ed5c1834600a0473551131d05724fa8dfe77ef9a4cd69a174d9e33c29ab624

SHA512
30f41bec5eaabf5cd5c0fe0e6d5670cfb582eb3aa73cd4e09c9cbbd89ea54635c9cf5839bc048d20dcf22b87e2f1ffe5561b1f3695fb894d1912b4e3ad9dc733

Download Submit
C:\Windows\System32\hrkXcyP.exe

Filesize
1.2MB

MD5
e293a7c02789fecfac780ce23166bb58

SHA1
50ea3ee5280ba7d8530e4cf637f85ac2d6d5121f

SHA256
fabe6a31c6af99ee561f580da457de6be18a5788d12d9f1cdcb0304d71ed7f5b

SHA512
f023392f737cae8dc44711b55ffc7a96a1a2e1061b5b7bad86079ed2994262d403e451c9dd925aaba19ef8269604f64f88999be6cd9ad90ec9b7b0823dbf2136

Download Submit
C:\Windows\System32\iMsNnZc.exe

Filesize
1.2MB

MD5
6330efec4667abf0aeb66bebc67f62ac

SHA1
64c60f2ee0bfa097a67d27191614519c4f006082

SHA256
f6f3121189c515645f2fd71f66d44ec9adfb4fd3915312989b7f1f69cea7bdb8

SHA512
ed0fa35a1bfc0be3cd5d069f034219617d3698ac7700a2c2a4ca028c122961a557ce9224f757b2a97c0a57e36f86df506dfe42fc1f3bd34830d9cc7a0e19e888

Download Submit
C:\Windows\System32\jNhsNbi.exe

Filesize
1.2MB

MD5
7819979fa40a800ebdf692ed95c66dca

SHA1
7d6d008009de3335a1ecf34cacc83379c3661993

SHA256
10d2729397c0ffddd0fefd683dc67b679f60281a7c759c54eb7497e6ff0cb6c1

SHA512
333a5d70bc44bc337fc8b34c674f0fec5aa6a4b9b9a51f5ba6f3893578f32f2c10107d279f56c91e5fbe4804084507e3c35cd49c3625636deeeeae23ed62bb3f

Download Submit
C:\Windows\System32\jWyZGDS.exe

Filesize
1.2MB

MD5
aeffc991da5afb289f816da898df0ab7

SHA1
ea6a21b6cfeed5513b6534ef1ff42de4b255382a

SHA256
74b4e900a70a65b59510b7b6586879c870c8ed6c054cacad8ef5f33755739ad3

SHA512
aa9d92643b37966a6c26ae89e0269acf3e0e0981749a759d7d0a889e9aa6714f4d9dfb973894ea515fa7f18f77cf7480a4367cc9e15e3be629cd9feb60d0fc5e

Download Submit
C:\Windows\System32\jXmnKUZ.exe

Filesize
1.2MB

MD5
1dcf2fa08f0d842f39ecf8b245cf3b8f

SHA1
361ec6e0835864aa2e1798c5582270b10aa5be03

SHA256
8eb594dd14685ec919720d06b4b58111e518208072d5aab39c161ba649ed6f24

SHA512
fc244d85e4d292f8fcb0d244f58ede2a0ca508eeb82042dd2bc6827620f0cd2f0d1ed6a380255dffa3c3377b1349776bd2ee9d68ba90ba579453422472a69ee4

Download Submit
C:\Windows\System32\oDojhDA.exe

Filesize
1.2MB

MD5
86634ccf57799671dd90bc92090ee2b7

SHA1
e1cb0d9a5c8c66792f69d0d2c06626abac4382bd

SHA256
f4abb92518b667ae63c537d6bb84217dae26a1832f75bc51d87c83f2946de302

SHA512
5eb690a8e2907e44f268147a7ceca307ac8f936509fe3afd7c79fef27b68f50421cbf47284413eaca2ede85369d2bbe3583279f02370dd592e2801903a2e5e35

Download Submit
C:\Windows\System32\oiNYqmn.exe

Filesize
1.2MB

MD5
4341e098062544257c50558bec2d9b0c

SHA1
b00944e8a69aa57c4aa88a518609faa0219dde24

SHA256
16cdb51e446fce60423c6251373609383641b108a72c64049224e326fad00461

SHA512
653b8e91fc1974744d90c8c740fb47957b5221e3f06803b47e9ee693069d1af9ab81120fdda1196ae797a6d7f605617f4e7b52ecd2cd4779fd43bf2396d207f0

Download Submit
C:\Windows\System32\rOmvJJe.exe

Filesize
1.2MB

MD5
65854e5bb68a66ceb9819489e23a4bb9

SHA1
5f5343436c4e8c1b17fbbd8099c5cc9e5fc96dbf

SHA256
c3fc6b4586f82403f0ff49cd53eaf501589a9cfe7fa9ce077432d24690840846

SHA512
5a16b7f221c27ccee77437d178e81d11a0f1a40ff0eb7e548fba32882460252d54a3c2c51b0fb38bf9af38103ff03e49048b846e6f34408c634e7ee0045f8be2

Download Submit
C:\Windows\System32\vCWwaXg.exe

Filesize
1.2MB

MD5
63d23567c90d5de3b1f55786be016648

SHA1
7318bc425c441729cbaa29e96448ec740c2cb4c0

SHA256
b68cf261f3ebcb0bd517e12dd41e340a28c4cfa69d1c0e725d2f5f76b46f99df

SHA512
6a2ee25ae496994bd17804bd945a1957a546d34a33417e18f76485945f93d8b8b9c18bf4d475ba66303a670ef970a088b0893f798107740c7bd2e3926329c345

Download Submit
C:\Windows\System32\wyRbwEK.exe

Filesize
1.2MB

MD5
004f1e110a8ee150e1a305f87d2b01a3

SHA1
2490ab5f79e59c1dedfd264220ed54ecfc0777ba

SHA256
04d1b1cbaecbef7304336db36c4aed8a626b268f8130d83da8d989cf5833db78

SHA512
7a7a9927d6f7ca2b874c896453887c475711111e1d19370fa94630a0f2fc984339a5c4914fe9a506df84e126e1c284f695312d2fceadf841537f8398806261ed

Download Submit
C:\Windows\System32\yxkZmBY.exe

Filesize
1.2MB

MD5
ae950431e5a849d48ca3a9e02110dd70

SHA1
47a629381eca764cddd52112083be0127b6030c2

SHA256
2597c64a67a3793f5daf3031b1e8f5da2590369d77a1fc63beb9d054b1f583e1

SHA512
34adcbb8b1123013e017036ede6c9687a93ffb90be019a179545d24dd72abc25ffdaec5a686d5dd6fc2345ee825687363658b84757dc0f6c5ae68062a0602d13

Download Submit
memory/552-433-0x00007FF61CFC0000-0x00007FF61D3B1000-memory.dmp

Filesize
3.9MB

Download
memory/552-2166-0x00007FF61CFC0000-0x00007FF61D3B1000-memory.dmp

Filesize
3.9MB

Download
memory/556-1344-0x00007FF7A9390000-0x00007FF7A9781000-memory.dmp

Filesize
3.9MB

Download
memory/556-2144-0x00007FF7A9390000-0x00007FF7A9781000-memory.dmp

Filesize
3.9MB

Download
memory/556-10-0x00007FF7A9390000-0x00007FF7A9781000-memory.dmp

Filesize
3.9MB

Download
memory/648-2154-0x00007FF6A3700000-0x00007FF6A3AF1000-memory.dmp

Filesize
3.9MB

Download
memory/648-418-0x00007FF6A3700000-0x00007FF6A3AF1000-memory.dmp

Filesize
3.9MB

Download
memory/820-2204-0x00007FF7D1EC0000-0x00007FF7D22B1000-memory.dmp

Filesize
3.9MB

Download
memory/820-359-0x00007FF7D1EC0000-0x00007FF7D22B1000-memory.dmp

Filesize
3.9MB

Download
memory/936-61-0x00007FF7897D0000-0x00007FF789BC1000-memory.dmp

Filesize
3.9MB

Download
memory/936-2156-0x00007FF7897D0000-0x00007FF789BC1000-memory.dmp

Filesize
3.9MB

Download
memory/1164-396-0x00007FF7CDBA0000-0x00007FF7CDF91000-memory.dmp

Filesize
3.9MB

Download
memory/1164-2214-0x00007FF7CDBA0000-0x00007FF7CDF91000-memory.dmp

Filesize
3.9MB

Download
memory/1364-2162-0x00007FF6BE410000-0x00007FF6BE801000-memory.dmp

Filesize
3.9MB

Download
memory/1364-428-0x00007FF6BE410000-0x00007FF6BE801000-memory.dmp

Filesize
3.9MB

Download
memory/1616-2231-0x00007FF786740000-0x00007FF786B31000-memory.dmp

Filesize
3.9MB

Download
memory/1616-399-0x00007FF786740000-0x00007FF786B31000-memory.dmp

Filesize
3.9MB

Download
memory/1940-2146-0x00007FF6D8D20000-0x00007FF6D9111000-memory.dmp

Filesize
3.9MB

Download
memory/1940-1345-0x00007FF6D8D20000-0x00007FF6D9111000-memory.dmp

Filesize
3.9MB

Download
memory/1940-22-0x00007FF6D8D20000-0x00007FF6D9111000-memory.dmp

Filesize
3.9MB

Download
memory/1960-407-0x00007FF76FF30000-0x00007FF770321000-memory.dmp

Filesize
3.9MB

Download
memory/1960-2299-0x00007FF76FF30000-0x00007FF770321000-memory.dmp

Filesize
3.9MB

Download
memory/2084-2160-0x00007FF60C720000-0x00007FF60CB11000-memory.dmp

Filesize
3.9MB

Download
memory/2084-430-0x00007FF60C720000-0x00007FF60CB11000-memory.dmp

Filesize
3.9MB

Download
memory/2088-415-0x00007FF6A8650000-0x00007FF6A8A41000-memory.dmp

Filesize
3.9MB

Download
memory/2088-2148-0x00007FF6A8650000-0x00007FF6A8A41000-memory.dmp

Filesize
3.9MB

Download
memory/2496-2225-0x00007FF7917F0000-0x00007FF791BE1000-memory.dmp

Filesize
3.9MB

Download
memory/2496-398-0x00007FF7917F0000-0x00007FF791BE1000-memory.dmp

Filesize
3.9MB

Download
memory/2740-0-0x00007FF717BC0000-0x00007FF717FB1000-memory.dmp

Filesize
3.9MB

Download
memory/2740-1228-0x00007FF717BC0000-0x00007FF717FB1000-memory.dmp

Filesize
3.9MB

Download
memory/2740-1-0x0000028387420000-0x0000028387430000-memory.dmp

Filesize
64KB

Download
memory/2900-2212-0x00007FF75D600000-0x00007FF75D9F1000-memory.dmp

Filesize
3.9MB

Download
memory/2900-385-0x00007FF75D600000-0x00007FF75D9F1000-memory.dmp

Filesize
3.9MB

Download
memory/3880-365-0x00007FF782310000-0x00007FF782701000-memory.dmp

Filesize
3.9MB

Download
memory/3880-2206-0x00007FF782310000-0x00007FF782701000-memory.dmp

Filesize
3.9MB

Download
memory/3940-2164-0x00007FF711120000-0x00007FF711511000-memory.dmp

Filesize
3.9MB

Download
memory/3940-337-0x00007FF711120000-0x00007FF711511000-memory.dmp

Filesize
3.9MB

Download
memory/4392-383-0x00007FF68CF70000-0x00007FF68D361000-memory.dmp

Filesize
3.9MB

Download
memory/4392-2210-0x00007FF68CF70000-0x00007FF68D361000-memory.dmp

Filesize
3.9MB

Download
memory/4428-2168-0x00007FF7F6280000-0x00007FF7F6671000-memory.dmp

Filesize
3.9MB

Download
memory/4428-339-0x00007FF7F6280000-0x00007FF7F6671000-memory.dmp

Filesize
3.9MB

Download
memory/4436-2150-0x00007FF65EA00000-0x00007FF65EDF1000-memory.dmp

Filesize
3.9MB

Download
memory/4436-36-0x00007FF65EA00000-0x00007FF65EDF1000-memory.dmp

Filesize
3.9MB

Download
memory/4436-1347-0x00007FF65EA00000-0x00007FF65EDF1000-memory.dmp

Filesize
3.9MB

Download
memory/4476-377-0x00007FF6449A0000-0x00007FF644D91000-memory.dmp

Filesize
3.9MB

Download
memory/4476-2208-0x00007FF6449A0000-0x00007FF644D91000-memory.dmp

Filesize
3.9MB

Download
memory/4616-2170-0x00007FF658D70000-0x00007FF659161000-memory.dmp

Filesize
3.9MB

Download
memory/4616-351-0x00007FF658D70000-0x00007FF659161000-memory.dmp

Filesize
3.9MB

Download
memory/4628-2202-0x00007FF7DED30000-0x00007FF7DF121000-memory.dmp

Filesize
3.9MB

Download
memory/4628-375-0x00007FF7DED30000-0x00007FF7DF121000-memory.dmp

Filesize
3.9MB

Download
memory/4892-2152-0x00007FF78A670000-0x00007FF78AA61000-memory.dmp

Filesize
3.9MB

Download
memory/4892-1401-0x00007FF78A670000-0x00007FF78AA61000-memory.dmp

Filesize
3.9MB

Download
memory/4892-25-0x00007FF78A670000-0x00007FF78AA61000-memory.dmp

Filesize
3.9MB

Download
memory/5064-1349-0x00007FF657680000-0x00007FF657A71000-memory.dmp

Filesize
3.9MB

Download
memory/5064-2158-0x00007FF657680000-0x00007FF657A71000-memory.dmp

Filesize
3.9MB

Download
memory/5064-52-0x00007FF657680000-0x00007FF657A71000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads