xmrig | f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5

Analysis

max time kernel
103s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
Size

960KB
MD5

c1b0e929b0aa6f16e0054a64232bd330
SHA1

6ef5477eabdf566c87f4b7d096ab36cd0b541dc2
SHA256

f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5
SHA512

a6cdabaf994fcde490c71af069f7aa0ec679dd1d62f9284df04c7b4be2e680d866812ae60ea1acfdd85f7b90a859f9830f9fa329e31a689264372ad71205d2d9
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XCRBCe:knw9oUUEEDlGUrRce

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2124-30-0x00007FF675DD0000-0x00007FF6761C1000-memory.dmp	xmrig
behavioral2/memory/4144-356-0x00007FF7556A0000-0x00007FF755A91000-memory.dmp	xmrig
behavioral2/memory/1032-361-0x00007FF6121A0000-0x00007FF612591000-memory.dmp	xmrig
behavioral2/memory/3780-370-0x00007FF7936B0000-0x00007FF793AA1000-memory.dmp	xmrig
behavioral2/memory/2196-373-0x00007FF76A240000-0x00007FF76A631000-memory.dmp	xmrig
behavioral2/memory/5092-385-0x00007FF7685B0000-0x00007FF7689A1000-memory.dmp	xmrig
behavioral2/memory/4424-390-0x00007FF605CD0000-0x00007FF6060C1000-memory.dmp	xmrig
behavioral2/memory/5068-394-0x00007FF753CB0000-0x00007FF7540A1000-memory.dmp	xmrig
behavioral2/memory/4996-403-0x00007FF649C80000-0x00007FF64A071000-memory.dmp	xmrig
behavioral2/memory/5000-405-0x00007FF7BBED0000-0x00007FF7BC2C1000-memory.dmp	xmrig
behavioral2/memory/3500-400-0x00007FF637A70000-0x00007FF637E61000-memory.dmp	xmrig
behavioral2/memory/1476-398-0x00007FF6B32D0000-0x00007FF6B36C1000-memory.dmp	xmrig
behavioral2/memory/2696-415-0x00007FF7244B0000-0x00007FF7248A1000-memory.dmp	xmrig
behavioral2/memory/3372-421-0x00007FF68B4A0000-0x00007FF68B891000-memory.dmp	xmrig
behavioral2/memory/4508-424-0x00007FF6DA0A0000-0x00007FF6DA491000-memory.dmp	xmrig
behavioral2/memory/3096-422-0x00007FF640190000-0x00007FF640581000-memory.dmp	xmrig
behavioral2/memory/1988-420-0x00007FF686A80000-0x00007FF686E71000-memory.dmp	xmrig
behavioral2/memory/3092-412-0x00007FF7E4670000-0x00007FF7E4A61000-memory.dmp	xmrig
behavioral2/memory/3508-935-0x00007FF7A9630000-0x00007FF7A9A21000-memory.dmp	xmrig
behavioral2/memory/4764-1083-0x00007FF643FE0000-0x00007FF6443D1000-memory.dmp	xmrig
behavioral2/memory/4804-1085-0x00007FF626F00000-0x00007FF6272F1000-memory.dmp	xmrig
behavioral2/memory/3312-1183-0x00007FF6785D0000-0x00007FF6789C1000-memory.dmp	xmrig
behavioral2/memory/3232-1187-0x00007FF7E7CC0000-0x00007FF7E80B1000-memory.dmp	xmrig
behavioral2/memory/3384-1444-0x00007FF7AA640000-0x00007FF7AAA31000-memory.dmp	xmrig
behavioral2/memory/3796-1449-0x00007FF63F740000-0x00007FF63FB31000-memory.dmp	xmrig
behavioral2/memory/4764-2159-0x00007FF643FE0000-0x00007FF6443D1000-memory.dmp	xmrig
behavioral2/memory/4804-2161-0x00007FF626F00000-0x00007FF6272F1000-memory.dmp	xmrig
behavioral2/memory/2124-2163-0x00007FF675DD0000-0x00007FF6761C1000-memory.dmp	xmrig
behavioral2/memory/3232-2169-0x00007FF7E7CC0000-0x00007FF7E80B1000-memory.dmp	xmrig
behavioral2/memory/3384-2171-0x00007FF7AA640000-0x00007FF7AAA31000-memory.dmp	xmrig
behavioral2/memory/1032-2177-0x00007FF6121A0000-0x00007FF612591000-memory.dmp	xmrig
behavioral2/memory/5092-2183-0x00007FF7685B0000-0x00007FF7689A1000-memory.dmp	xmrig
behavioral2/memory/4424-2185-0x00007FF605CD0000-0x00007FF6060C1000-memory.dmp	xmrig
behavioral2/memory/4996-2220-0x00007FF649C80000-0x00007FF64A071000-memory.dmp	xmrig
behavioral2/memory/3096-2224-0x00007FF640190000-0x00007FF640581000-memory.dmp	xmrig
behavioral2/memory/5000-2222-0x00007FF7BBED0000-0x00007FF7BC2C1000-memory.dmp	xmrig
behavioral2/memory/3500-2218-0x00007FF637A70000-0x00007FF637E61000-memory.dmp	xmrig
behavioral2/memory/1476-2189-0x00007FF6B32D0000-0x00007FF6B36C1000-memory.dmp	xmrig
behavioral2/memory/5068-2187-0x00007FF753CB0000-0x00007FF7540A1000-memory.dmp	xmrig
behavioral2/memory/3780-2179-0x00007FF7936B0000-0x00007FF793AA1000-memory.dmp	xmrig
behavioral2/memory/2196-2181-0x00007FF76A240000-0x00007FF76A631000-memory.dmp	xmrig
behavioral2/memory/4144-2175-0x00007FF7556A0000-0x00007FF755A91000-memory.dmp	xmrig
behavioral2/memory/3796-2173-0x00007FF63F740000-0x00007FF63FB31000-memory.dmp	xmrig
behavioral2/memory/3312-2167-0x00007FF6785D0000-0x00007FF6789C1000-memory.dmp	xmrig
behavioral2/memory/4508-2165-0x00007FF6DA0A0000-0x00007FF6DA491000-memory.dmp	xmrig
behavioral2/memory/1988-2249-0x00007FF686A80000-0x00007FF686E71000-memory.dmp	xmrig
behavioral2/memory/3372-2248-0x00007FF68B4A0000-0x00007FF68B891000-memory.dmp	xmrig
behavioral2/memory/3092-2253-0x00007FF7E4670000-0x00007FF7E4A61000-memory.dmp	xmrig
behavioral2/memory/2696-2251-0x00007FF7244B0000-0x00007FF7248A1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4764	tmoOoni.exe
4804	LJfALEX.exe
3312	xUUxErQ.exe
2124	poGsrNF.exe
3232	iUhPiMC.exe
3384	fsloVLE.exe
3796	PEskZcv.exe
4508	ccEvFYl.exe
4144	QfQBFjL.exe
1032	YTPbNdX.exe
3780	fRBqLSI.exe
2196	vuPDZqU.exe
5092	WCotGKR.exe
4424	dVrltNO.exe
5068	YSOerWx.exe
1476	gBAwyEp.exe
3500	fGJCsTX.exe
4996	TFijlCP.exe
5000	ZyOJDlH.exe
3092	FTKFMcU.exe
2696	sypdPMm.exe
1988	rGSPkwB.exe
3372	EaCanwm.exe
3096	yoyOZKS.exe
372	DAJSJRh.exe
376	sdKcFEV.exe
4432	JZiMZmS.exe
4604	nDbinOy.exe
4872	RYjPCiV.exe
3576	VflJeim.exe
1696	xBZaSky.exe
2948	TKCJMQp.exe
4696	JaxeXXo.exe
232	mifqxOu.exe
1360	bcdkZqB.exe
2444	ndEENWE.exe
5028	ngwBhGQ.exe
2928	SlYwQYh.exe
4956	XTCMQSr.exe
4516	FURddSN.exe
2868	DFhAslu.exe
1524	blgretm.exe
4928	UfjIJiK.exe
1860	PRAIWfN.exe
2760	gsbPqGX.exe
1108	CidmnMY.exe
2128	puljEDU.exe
1088	QeTHUhe.exe
1516	wZkrBrj.exe
2964	fRsYFIW.exe
2812	KfBfgdS.exe
3040	EUnOsNt.exe
4396	qLVMZzl.exe
100	yCoAUTM.exe
1192	RTCucIw.exe
4364	RfFXjEj.exe
4016	hmrlTrw.exe
2044	mnUzPTv.exe
116	xDoxQzA.exe
4600	iuNIffr.exe
1204	deYRwRY.exe
2284	LGypuzZ.exe
2020	rYiQAAm.exe
880	ttKpIez.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\TdQHoXU.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\vLwFQDk.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\fGJCsTX.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\dokuzLu.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\jqUpjjZ.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\YGHZAtU.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\dGVvDjw.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\Yzxbugd.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\oldVbXk.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\ULxRMOf.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\zNnMlWx.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\JhtgXLU.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\caIrUqV.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\SpiLTgC.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\xxtozrP.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\hiwDFkX.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\aqVMXEo.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\sOqtmxS.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\fAOAUcz.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\SPQrzUg.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\lVzqjpT.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\BMAquTV.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\AgEyVKX.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\wmqubaD.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\jxEYWik.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\LJfALEX.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\mifqxOu.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\rWMGiqz.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\CdQtqhm.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\cdHqfld.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\rmfcTNP.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\JZiMZmS.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\HNsrgcx.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\sAmnmqg.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\IuZzsxZ.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\OMLWzah.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\BZoWjYA.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\DAJSJRh.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\RTCucIw.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\WiISZvN.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\zaZHHyb.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\ANXuwyX.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\wHmLteX.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\eMWWGqC.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\HtLpHkB.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\SlYwQYh.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\EUnOsNt.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\lrsmKlD.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\BuWKYJm.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\QtDgmuB.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\RMfkNcN.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\pmhfXjW.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\yvAogax.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\jgFeYhq.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\yqhmUAx.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\NnxjhbA.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\iKTVJuT.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\EVpcKCs.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\XdPDmdQ.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\HWUtmHe.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\UbbTEEG.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\pqVROBE.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\VMvUIkp.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
File created	C:\Windows\System32\DIUTbnu.exe	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3508-0-0x00007FF7A9630000-0x00007FF7A9A21000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-7.dat	upx
behavioral2/files/0x000d000000023b83-10.dat	upx
behavioral2/files/0x000a000000023b9a-18.dat	upx
behavioral2/files/0x000a000000023b9c-23.dat	upx
behavioral2/memory/2124-30-0x00007FF675DD0000-0x00007FF6761C1000-memory.dmp	upx
behavioral2/files/0x000a000000023ba0-50.dat	upx
behavioral2/files/0x000a000000023ba2-60.dat	upx
behavioral2/files/0x0031000000023ba4-70.dat	upx
behavioral2/files/0x0058000000023ba6-80.dat	upx
behavioral2/files/0x000a000000023ba8-90.dat	upx
behavioral2/files/0x000a000000023bab-99.dat	upx
behavioral2/files/0x000a000000023baf-122.dat	upx
behavioral2/files/0x000a000000023bb2-134.dat	upx
behavioral2/files/0x000a000000023bb5-148.dat	upx
behavioral2/files/0x000a000000023bb6-160.dat	upx
behavioral2/memory/3796-352-0x00007FF63F740000-0x00007FF63FB31000-memory.dmp	upx
behavioral2/memory/4144-356-0x00007FF7556A0000-0x00007FF755A91000-memory.dmp	upx
behavioral2/memory/1032-361-0x00007FF6121A0000-0x00007FF612591000-memory.dmp	upx
behavioral2/memory/3780-370-0x00007FF7936B0000-0x00007FF793AA1000-memory.dmp	upx
behavioral2/memory/2196-373-0x00007FF76A240000-0x00007FF76A631000-memory.dmp	upx
behavioral2/memory/5092-385-0x00007FF7685B0000-0x00007FF7689A1000-memory.dmp	upx
behavioral2/memory/4424-390-0x00007FF605CD0000-0x00007FF6060C1000-memory.dmp	upx
behavioral2/memory/5068-394-0x00007FF753CB0000-0x00007FF7540A1000-memory.dmp	upx
behavioral2/memory/4996-403-0x00007FF649C80000-0x00007FF64A071000-memory.dmp	upx
behavioral2/memory/5000-405-0x00007FF7BBED0000-0x00007FF7BC2C1000-memory.dmp	upx
behavioral2/memory/3500-400-0x00007FF637A70000-0x00007FF637E61000-memory.dmp	upx
behavioral2/memory/1476-398-0x00007FF6B32D0000-0x00007FF6B36C1000-memory.dmp	upx
behavioral2/memory/2696-415-0x00007FF7244B0000-0x00007FF7248A1000-memory.dmp	upx
behavioral2/memory/3372-421-0x00007FF68B4A0000-0x00007FF68B891000-memory.dmp	upx
behavioral2/memory/4508-424-0x00007FF6DA0A0000-0x00007FF6DA491000-memory.dmp	upx
behavioral2/memory/3096-422-0x00007FF640190000-0x00007FF640581000-memory.dmp	upx
behavioral2/memory/1988-420-0x00007FF686A80000-0x00007FF686E71000-memory.dmp	upx
behavioral2/memory/3092-412-0x00007FF7E4670000-0x00007FF7E4A61000-memory.dmp	upx
behavioral2/files/0x000a000000023bb9-168.dat	upx
behavioral2/files/0x000a000000023bb7-165.dat	upx
behavioral2/files/0x000a000000023bb8-163.dat	upx
behavioral2/files/0x000a000000023bb4-150.dat	upx
behavioral2/files/0x000a000000023bb3-145.dat	upx
behavioral2/files/0x000a000000023bb1-133.dat	upx
behavioral2/files/0x000a000000023bb0-130.dat	upx
behavioral2/files/0x000a000000023bae-117.dat	upx
behavioral2/files/0x000a000000023bad-115.dat	upx
behavioral2/files/0x000a000000023bac-110.dat	upx
behavioral2/files/0x000a000000023baa-98.dat	upx
behavioral2/files/0x000a000000023ba9-95.dat	upx
behavioral2/files/0x000a000000023ba7-85.dat	upx
behavioral2/files/0x000a000000023ba5-75.dat	upx
behavioral2/files/0x000a000000023ba3-65.dat	upx
behavioral2/files/0x000a000000023ba1-55.dat	upx
behavioral2/files/0x000a000000023b9f-45.dat	upx
behavioral2/files/0x000a000000023b9e-40.dat	upx
behavioral2/memory/3384-37-0x00007FF7AA640000-0x00007FF7AAA31000-memory.dmp	upx
behavioral2/files/0x000a000000023b9d-34.dat	upx
behavioral2/memory/3232-29-0x00007FF7E7CC0000-0x00007FF7E80B1000-memory.dmp	upx
behavioral2/memory/3312-27-0x00007FF6785D0000-0x00007FF6789C1000-memory.dmp	upx
behavioral2/memory/4804-26-0x00007FF626F00000-0x00007FF6272F1000-memory.dmp	upx
behavioral2/memory/4764-11-0x00007FF643FE0000-0x00007FF6443D1000-memory.dmp	upx
behavioral2/memory/3508-935-0x00007FF7A9630000-0x00007FF7A9A21000-memory.dmp	upx
behavioral2/memory/4764-1083-0x00007FF643FE0000-0x00007FF6443D1000-memory.dmp	upx
behavioral2/memory/4804-1085-0x00007FF626F00000-0x00007FF6272F1000-memory.dmp	upx
behavioral2/memory/3312-1183-0x00007FF6785D0000-0x00007FF6789C1000-memory.dmp	upx
behavioral2/memory/3232-1187-0x00007FF7E7CC0000-0x00007FF7E80B1000-memory.dmp	upx
behavioral2/memory/3384-1444-0x00007FF7AA640000-0x00007FF7AAA31000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14088	dwm.exe
Token: SeChangeNotifyPrivilege	14088	dwm.exe
Token: 33	14088	dwm.exe
Token: SeIncBasePriorityPrivilege	14088	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 4764	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	84
PID 3508 wrote to memory of 4764	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	84
PID 3508 wrote to memory of 4804	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	85
PID 3508 wrote to memory of 4804	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	85
PID 3508 wrote to memory of 3312	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	86
PID 3508 wrote to memory of 3312	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	86
PID 3508 wrote to memory of 2124	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	87
PID 3508 wrote to memory of 2124	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	87
PID 3508 wrote to memory of 3232	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	88
PID 3508 wrote to memory of 3232	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	88
PID 3508 wrote to memory of 3384	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	89
PID 3508 wrote to memory of 3384	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	89
PID 3508 wrote to memory of 3796	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	90
PID 3508 wrote to memory of 3796	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	90
PID 3508 wrote to memory of 4508	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	91
PID 3508 wrote to memory of 4508	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	91
PID 3508 wrote to memory of 4144	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	92
PID 3508 wrote to memory of 4144	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	92
PID 3508 wrote to memory of 1032	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	93
PID 3508 wrote to memory of 1032	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	93
PID 3508 wrote to memory of 3780	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	94
PID 3508 wrote to memory of 3780	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	94
PID 3508 wrote to memory of 2196	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	95
PID 3508 wrote to memory of 2196	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	95
PID 3508 wrote to memory of 5092	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	96
PID 3508 wrote to memory of 5092	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	96
PID 3508 wrote to memory of 4424	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	97
PID 3508 wrote to memory of 4424	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	97
PID 3508 wrote to memory of 5068	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	98
PID 3508 wrote to memory of 5068	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	98
PID 3508 wrote to memory of 1476	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	99
PID 3508 wrote to memory of 1476	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	99
PID 3508 wrote to memory of 3500	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	100
PID 3508 wrote to memory of 3500	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	100
PID 3508 wrote to memory of 4996	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	101
PID 3508 wrote to memory of 4996	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	101
PID 3508 wrote to memory of 5000	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	102
PID 3508 wrote to memory of 5000	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	102
PID 3508 wrote to memory of 3092	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	103
PID 3508 wrote to memory of 3092	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	103
PID 3508 wrote to memory of 2696	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	104
PID 3508 wrote to memory of 2696	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	104
PID 3508 wrote to memory of 1988	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	105
PID 3508 wrote to memory of 1988	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	105
PID 3508 wrote to memory of 3372	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	106
PID 3508 wrote to memory of 3372	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	106
PID 3508 wrote to memory of 3096	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	107
PID 3508 wrote to memory of 3096	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	107
PID 3508 wrote to memory of 372	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	108
PID 3508 wrote to memory of 372	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	108
PID 3508 wrote to memory of 376	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	109
PID 3508 wrote to memory of 376	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	109
PID 3508 wrote to memory of 4432	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	110
PID 3508 wrote to memory of 4432	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	110
PID 3508 wrote to memory of 4604	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	111
PID 3508 wrote to memory of 4604	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	111
PID 3508 wrote to memory of 4872	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	112
PID 3508 wrote to memory of 4872	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	112
PID 3508 wrote to memory of 3576	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	113
PID 3508 wrote to memory of 3576	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	113
PID 3508 wrote to memory of 1696	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	114
PID 3508 wrote to memory of 1696	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	114
PID 3508 wrote to memory of 2948	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	115
PID 3508 wrote to memory of 2948	3508	f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe	115

C:\Users\Admin\AppData\Local\Temp\f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe
"C:\Users\Admin\AppData\Local\Temp\f379a7119a0f3c27baf19c1254f3de619ae98d191e0c25d2098591f57015fbf5N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Windows\System32\tmoOoni.exe
  C:\Windows\System32\tmoOoni.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System32\LJfALEX.exe
  C:\Windows\System32\LJfALEX.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System32\xUUxErQ.exe
  C:\Windows\System32\xUUxErQ.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System32\poGsrNF.exe
  C:\Windows\System32\poGsrNF.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System32\iUhPiMC.exe
  C:\Windows\System32\iUhPiMC.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System32\fsloVLE.exe
  C:\Windows\System32\fsloVLE.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System32\PEskZcv.exe
  C:\Windows\System32\PEskZcv.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System32\ccEvFYl.exe
  C:\Windows\System32\ccEvFYl.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System32\QfQBFjL.exe
  C:\Windows\System32\QfQBFjL.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System32\YTPbNdX.exe
  C:\Windows\System32\YTPbNdX.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System32\fRBqLSI.exe
  C:\Windows\System32\fRBqLSI.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System32\vuPDZqU.exe
  C:\Windows\System32\vuPDZqU.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System32\WCotGKR.exe
  C:\Windows\System32\WCotGKR.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System32\dVrltNO.exe
  C:\Windows\System32\dVrltNO.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System32\YSOerWx.exe
  C:\Windows\System32\YSOerWx.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System32\gBAwyEp.exe
  C:\Windows\System32\gBAwyEp.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System32\fGJCsTX.exe
  C:\Windows\System32\fGJCsTX.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System32\TFijlCP.exe
  C:\Windows\System32\TFijlCP.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System32\ZyOJDlH.exe
  C:\Windows\System32\ZyOJDlH.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System32\FTKFMcU.exe
  C:\Windows\System32\FTKFMcU.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System32\sypdPMm.exe
  C:\Windows\System32\sypdPMm.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System32\rGSPkwB.exe
  C:\Windows\System32\rGSPkwB.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System32\EaCanwm.exe
  C:\Windows\System32\EaCanwm.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System32\yoyOZKS.exe
  C:\Windows\System32\yoyOZKS.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System32\DAJSJRh.exe
  C:\Windows\System32\DAJSJRh.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System32\sdKcFEV.exe
  C:\Windows\System32\sdKcFEV.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System32\JZiMZmS.exe
  C:\Windows\System32\JZiMZmS.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System32\nDbinOy.exe
  C:\Windows\System32\nDbinOy.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System32\RYjPCiV.exe
  C:\Windows\System32\RYjPCiV.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\VflJeim.exe
  C:\Windows\System32\VflJeim.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\xBZaSky.exe
  C:\Windows\System32\xBZaSky.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System32\TKCJMQp.exe
  C:\Windows\System32\TKCJMQp.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System32\JaxeXXo.exe
  C:\Windows\System32\JaxeXXo.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System32\mifqxOu.exe
  C:\Windows\System32\mifqxOu.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System32\bcdkZqB.exe
  C:\Windows\System32\bcdkZqB.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System32\ndEENWE.exe
  C:\Windows\System32\ndEENWE.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System32\ngwBhGQ.exe
  C:\Windows\System32\ngwBhGQ.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\SlYwQYh.exe
  C:\Windows\System32\SlYwQYh.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System32\XTCMQSr.exe
  C:\Windows\System32\XTCMQSr.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System32\FURddSN.exe
  C:\Windows\System32\FURddSN.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System32\DFhAslu.exe
  C:\Windows\System32\DFhAslu.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System32\blgretm.exe
  C:\Windows\System32\blgretm.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System32\UfjIJiK.exe
  C:\Windows\System32\UfjIJiK.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System32\PRAIWfN.exe
  C:\Windows\System32\PRAIWfN.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System32\gsbPqGX.exe
  C:\Windows\System32\gsbPqGX.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System32\CidmnMY.exe
  C:\Windows\System32\CidmnMY.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System32\puljEDU.exe
  C:\Windows\System32\puljEDU.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System32\QeTHUhe.exe
  C:\Windows\System32\QeTHUhe.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System32\wZkrBrj.exe
  C:\Windows\System32\wZkrBrj.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System32\fRsYFIW.exe
  C:\Windows\System32\fRsYFIW.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System32\KfBfgdS.exe
  C:\Windows\System32\KfBfgdS.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System32\EUnOsNt.exe
  C:\Windows\System32\EUnOsNt.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System32\qLVMZzl.exe
  C:\Windows\System32\qLVMZzl.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System32\yCoAUTM.exe
  C:\Windows\System32\yCoAUTM.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System32\RTCucIw.exe
  C:\Windows\System32\RTCucIw.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System32\RfFXjEj.exe
  C:\Windows\System32\RfFXjEj.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System32\hmrlTrw.exe
  C:\Windows\System32\hmrlTrw.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System32\mnUzPTv.exe
  C:\Windows\System32\mnUzPTv.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System32\xDoxQzA.exe
  C:\Windows\System32\xDoxQzA.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System32\iuNIffr.exe
  C:\Windows\System32\iuNIffr.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System32\deYRwRY.exe
  C:\Windows\System32\deYRwRY.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System32\LGypuzZ.exe
  C:\Windows\System32\LGypuzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System32\rYiQAAm.exe
  C:\Windows\System32\rYiQAAm.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System32\ttKpIez.exe
  C:\Windows\System32\ttKpIez.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System32\HlwIywy.exe
  C:\Windows\System32\HlwIywy.exe
  2⤵
  PID:4944
- C:\Windows\System32\peoXKFz.exe
  C:\Windows\System32\peoXKFz.exe
  2⤵
  PID:4836
- C:\Windows\System32\KJyZBtV.exe
  C:\Windows\System32\KJyZBtV.exe
  2⤵
  PID:1004
- C:\Windows\System32\vpfWQKn.exe
  C:\Windows\System32\vpfWQKn.exe
  2⤵
  PID:4692
- C:\Windows\System32\IgeZjfY.exe
  C:\Windows\System32\IgeZjfY.exe
  2⤵
  PID:2416
- C:\Windows\System32\SpiLTgC.exe
  C:\Windows\System32\SpiLTgC.exe
  2⤵
  PID:3724
- C:\Windows\System32\AAUKiXa.exe
  C:\Windows\System32\AAUKiXa.exe
  2⤵
  PID:672
- C:\Windows\System32\IhgIenl.exe
  C:\Windows\System32\IhgIenl.exe
  2⤵
  PID:440
- C:\Windows\System32\dokuzLu.exe
  C:\Windows\System32\dokuzLu.exe
  2⤵
  PID:1772
- C:\Windows\System32\OnKTauV.exe
  C:\Windows\System32\OnKTauV.exe
  2⤵
  PID:1888
- C:\Windows\System32\IrFwFVS.exe
  C:\Windows\System32\IrFwFVS.exe
  2⤵
  PID:4292
- C:\Windows\System32\XTySCDE.exe
  C:\Windows\System32\XTySCDE.exe
  2⤵
  PID:3364
- C:\Windows\System32\zuyxrWQ.exe
  C:\Windows\System32\zuyxrWQ.exe
  2⤵
  PID:1620
- C:\Windows\System32\WcGKiMG.exe
  C:\Windows\System32\WcGKiMG.exe
  2⤵
  PID:4484
- C:\Windows\System32\uXkRymp.exe
  C:\Windows\System32\uXkRymp.exe
  2⤵
  PID:4688
- C:\Windows\System32\SFIKWrk.exe
  C:\Windows\System32\SFIKWrk.exe
  2⤵
  PID:3012
- C:\Windows\System32\QBUUrNm.exe
  C:\Windows\System32\QBUUrNm.exe
  2⤵
  PID:4420
- C:\Windows\System32\uzMmvVO.exe
  C:\Windows\System32\uzMmvVO.exe
  2⤵
  PID:2992
- C:\Windows\System32\xivXmbC.exe
  C:\Windows\System32\xivXmbC.exe
  2⤵
  PID:5012
- C:\Windows\System32\jqUpjjZ.exe
  C:\Windows\System32\jqUpjjZ.exe
  2⤵
  PID:2108
- C:\Windows\System32\mOKbOvg.exe
  C:\Windows\System32\mOKbOvg.exe
  2⤵
  PID:952
- C:\Windows\System32\owFKHhx.exe
  C:\Windows\System32\owFKHhx.exe
  2⤵
  PID:5052
- C:\Windows\System32\AAepuho.exe
  C:\Windows\System32\AAepuho.exe
  2⤵
  PID:3496
- C:\Windows\System32\jmcfZfe.exe
  C:\Windows\System32\jmcfZfe.exe
  2⤵
  PID:636
- C:\Windows\System32\ETAfRgP.exe
  C:\Windows\System32\ETAfRgP.exe
  2⤵
  PID:4700
- C:\Windows\System32\XLINGbH.exe
  C:\Windows\System32\XLINGbH.exe
  2⤵
  PID:3540
- C:\Windows\System32\HNsrgcx.exe
  C:\Windows\System32\HNsrgcx.exe
  2⤵
  PID:3120
- C:\Windows\System32\fGyGddh.exe
  C:\Windows\System32\fGyGddh.exe
  2⤵
  PID:1420
- C:\Windows\System32\oFXLWLs.exe
  C:\Windows\System32\oFXLWLs.exe
  2⤵
  PID:2624
- C:\Windows\System32\ZYcelzs.exe
  C:\Windows\System32\ZYcelzs.exe
  2⤵
  PID:2708
- C:\Windows\System32\KCkJfVn.exe
  C:\Windows\System32\KCkJfVn.exe
  2⤵
  PID:556
- C:\Windows\System32\RyqmaLz.exe
  C:\Windows\System32\RyqmaLz.exe
  2⤵
  PID:2552
- C:\Windows\System32\LYNZpcJ.exe
  C:\Windows\System32\LYNZpcJ.exe
  2⤵
  PID:1936
- C:\Windows\System32\zTFfVoM.exe
  C:\Windows\System32\zTFfVoM.exe
  2⤵
  PID:1900
- C:\Windows\System32\cVoyrxg.exe
  C:\Windows\System32\cVoyrxg.exe
  2⤵
  PID:2692
- C:\Windows\System32\UhsXyOD.exe
  C:\Windows\System32\UhsXyOD.exe
  2⤵
  PID:3488
- C:\Windows\System32\kuwIqQO.exe
  C:\Windows\System32\kuwIqQO.exe
  2⤵
  PID:1784
- C:\Windows\System32\IsRQeMg.exe
  C:\Windows\System32\IsRQeMg.exe
  2⤵
  PID:1388
- C:\Windows\System32\ZArOInN.exe
  C:\Windows\System32\ZArOInN.exe
  2⤵
  PID:1520
- C:\Windows\System32\xxtozrP.exe
  C:\Windows\System32\xxtozrP.exe
  2⤵
  PID:1868
- C:\Windows\System32\eMhkUfv.exe
  C:\Windows\System32\eMhkUfv.exe
  2⤵
  PID:3296
- C:\Windows\System32\jaiTBMP.exe
  C:\Windows\System32\jaiTBMP.exe
  2⤵
  PID:920
- C:\Windows\System32\OyKCzgs.exe
  C:\Windows\System32\OyKCzgs.exe
  2⤵
  PID:2916
- C:\Windows\System32\ULxRMOf.exe
  C:\Windows\System32\ULxRMOf.exe
  2⤵
  PID:4676
- C:\Windows\System32\KfRpweX.exe
  C:\Windows\System32\KfRpweX.exe
  2⤵
  PID:3148
- C:\Windows\System32\omJOahW.exe
  C:\Windows\System32\omJOahW.exe
  2⤵
  PID:2320
- C:\Windows\System32\WlKzfTB.exe
  C:\Windows\System32\WlKzfTB.exe
  2⤵
  PID:1588
- C:\Windows\System32\kkqJHaN.exe
  C:\Windows\System32\kkqJHaN.exe
  2⤵
  PID:5160
- C:\Windows\System32\wnfqQNK.exe
  C:\Windows\System32\wnfqQNK.exe
  2⤵
  PID:5180
- C:\Windows\System32\inLNZLs.exe
  C:\Windows\System32\inLNZLs.exe
  2⤵
  PID:5232
- C:\Windows\System32\anjfgUm.exe
  C:\Windows\System32\anjfgUm.exe
  2⤵
  PID:5252
- C:\Windows\System32\JGsockf.exe
  C:\Windows\System32\JGsockf.exe
  2⤵
  PID:5268
- C:\Windows\System32\bxhujtm.exe
  C:\Windows\System32\bxhujtm.exe
  2⤵
  PID:5284
- C:\Windows\System32\KDvAzJl.exe
  C:\Windows\System32\KDvAzJl.exe
  2⤵
  PID:5300
- C:\Windows\System32\eVkQFCU.exe
  C:\Windows\System32\eVkQFCU.exe
  2⤵
  PID:5320
- C:\Windows\System32\KRnqFmg.exe
  C:\Windows\System32\KRnqFmg.exe
  2⤵
  PID:5336
- C:\Windows\System32\kizuJbM.exe
  C:\Windows\System32\kizuJbM.exe
  2⤵
  PID:5352
- C:\Windows\System32\obEdPRd.exe
  C:\Windows\System32\obEdPRd.exe
  2⤵
  PID:5388
- C:\Windows\System32\mIhtanX.exe
  C:\Windows\System32\mIhtanX.exe
  2⤵
  PID:5544
- C:\Windows\System32\nSWbjEs.exe
  C:\Windows\System32\nSWbjEs.exe
  2⤵
  PID:5592
- C:\Windows\System32\gWsbCvt.exe
  C:\Windows\System32\gWsbCvt.exe
  2⤵
  PID:5612
- C:\Windows\System32\oTiaDtK.exe
  C:\Windows\System32\oTiaDtK.exe
  2⤵
  PID:5628
- C:\Windows\System32\CodgBFM.exe
  C:\Windows\System32\CodgBFM.exe
  2⤵
  PID:5652
- C:\Windows\System32\xKlttkU.exe
  C:\Windows\System32\xKlttkU.exe
  2⤵
  PID:5708
- C:\Windows\System32\YGHZAtU.exe
  C:\Windows\System32\YGHZAtU.exe
  2⤵
  PID:5744
- C:\Windows\System32\KvqPXUv.exe
  C:\Windows\System32\KvqPXUv.exe
  2⤵
  PID:5764
- C:\Windows\System32\GpeZIlF.exe
  C:\Windows\System32\GpeZIlF.exe
  2⤵
  PID:5788
- C:\Windows\System32\GsjHsSb.exe
  C:\Windows\System32\GsjHsSb.exe
  2⤵
  PID:5804
- C:\Windows\System32\SDBESwe.exe
  C:\Windows\System32\SDBESwe.exe
  2⤵
  PID:5824
- C:\Windows\System32\DPaVhEW.exe
  C:\Windows\System32\DPaVhEW.exe
  2⤵
  PID:5852
- C:\Windows\System32\TOHXoaX.exe
  C:\Windows\System32\TOHXoaX.exe
  2⤵
  PID:5880
- C:\Windows\System32\AeRJYNN.exe
  C:\Windows\System32\AeRJYNN.exe
  2⤵
  PID:5900
- C:\Windows\System32\lUyhBXS.exe
  C:\Windows\System32\lUyhBXS.exe
  2⤵
  PID:5936
- C:\Windows\System32\UbbTEEG.exe
  C:\Windows\System32\UbbTEEG.exe
  2⤵
  PID:5984
- C:\Windows\System32\sAmnmqg.exe
  C:\Windows\System32\sAmnmqg.exe
  2⤵
  PID:6004
- C:\Windows\System32\uupLyom.exe
  C:\Windows\System32\uupLyom.exe
  2⤵
  PID:6020
- C:\Windows\System32\IdhVLyy.exe
  C:\Windows\System32\IdhVLyy.exe
  2⤵
  PID:6052
- C:\Windows\System32\FAUSTWX.exe
  C:\Windows\System32\FAUSTWX.exe
  2⤵
  PID:6068
- C:\Windows\System32\KygyCeS.exe
  C:\Windows\System32\KygyCeS.exe
  2⤵
  PID:6092
- C:\Windows\System32\YEpIPnu.exe
  C:\Windows\System32\YEpIPnu.exe
  2⤵
  PID:6112
- C:\Windows\System32\PeChGTx.exe
  C:\Windows\System32\PeChGTx.exe
  2⤵
  PID:6128
- C:\Windows\System32\AtzOzll.exe
  C:\Windows\System32\AtzOzll.exe
  2⤵
  PID:60
- C:\Windows\System32\FtqBrvQ.exe
  C:\Windows\System32\FtqBrvQ.exe
  2⤵
  PID:5212
- C:\Windows\System32\XjZHXiU.exe
  C:\Windows\System32\XjZHXiU.exe
  2⤵
  PID:5280
- C:\Windows\System32\JRlZEFx.exe
  C:\Windows\System32\JRlZEFx.exe
  2⤵
  PID:4056
- C:\Windows\System32\QLoTyyW.exe
  C:\Windows\System32\QLoTyyW.exe
  2⤵
  PID:3024
- C:\Windows\System32\zDErFhG.exe
  C:\Windows\System32\zDErFhG.exe
  2⤵
  PID:2352
- C:\Windows\System32\FMWBrCt.exe
  C:\Windows\System32\FMWBrCt.exe
  2⤵
  PID:5532
- C:\Windows\System32\nsDLBOR.exe
  C:\Windows\System32\nsDLBOR.exe
  2⤵
  PID:5560
- C:\Windows\System32\HpnChDB.exe
  C:\Windows\System32\HpnChDB.exe
  2⤵
  PID:5580
- C:\Windows\System32\JAQDhcb.exe
  C:\Windows\System32\JAQDhcb.exe
  2⤵
  PID:5620
- C:\Windows\System32\dGVvDjw.exe
  C:\Windows\System32\dGVvDjw.exe
  2⤵
  PID:5640
- C:\Windows\System32\CFnsxxK.exe
  C:\Windows\System32\CFnsxxK.exe
  2⤵
  PID:5216
- C:\Windows\System32\YlNLALo.exe
  C:\Windows\System32\YlNLALo.exe
  2⤵
  PID:5812
- C:\Windows\System32\kRsaPVF.exe
  C:\Windows\System32\kRsaPVF.exe
  2⤵
  PID:5796
- C:\Windows\System32\jFcTekE.exe
  C:\Windows\System32\jFcTekE.exe
  2⤵
  PID:5864
- C:\Windows\System32\GDTwPlc.exe
  C:\Windows\System32\GDTwPlc.exe
  2⤵
  PID:5948
- C:\Windows\System32\NXvNzEs.exe
  C:\Windows\System32\NXvNzEs.exe
  2⤵
  PID:5996
- C:\Windows\System32\tlIUAOa.exe
  C:\Windows\System32\tlIUAOa.exe
  2⤵
  PID:5980
- C:\Windows\System32\rWMGiqz.exe
  C:\Windows\System32\rWMGiqz.exe
  2⤵
  PID:5328
- C:\Windows\System32\wThvggA.exe
  C:\Windows\System32\wThvggA.exe
  2⤵
  PID:5332
- C:\Windows\System32\YCgQMIs.exe
  C:\Windows\System32\YCgQMIs.exe
  2⤵
  PID:1324
- C:\Windows\System32\VnAbbQI.exe
  C:\Windows\System32\VnAbbQI.exe
  2⤵
  PID:5540
- C:\Windows\System32\RNzceNf.exe
  C:\Windows\System32\RNzceNf.exe
  2⤵
  PID:5644
- C:\Windows\System32\jgFeYhq.exe
  C:\Windows\System32\jgFeYhq.exe
  2⤵
  PID:5704
- C:\Windows\System32\rcJAzxY.exe
  C:\Windows\System32\rcJAzxY.exe
  2⤵
  PID:5752
- C:\Windows\System32\ZpuROkN.exe
  C:\Windows\System32\ZpuROkN.exe
  2⤵
  PID:5820
- C:\Windows\System32\znaKigP.exe
  C:\Windows\System32\znaKigP.exe
  2⤵
  PID:6060
- C:\Windows\System32\rmRMkHD.exe
  C:\Windows\System32\rmRMkHD.exe
  2⤵
  PID:1356
- C:\Windows\System32\kTRZNNa.exe
  C:\Windows\System32\kTRZNNa.exe
  2⤵
  PID:6136
- C:\Windows\System32\JniCbru.exe
  C:\Windows\System32\JniCbru.exe
  2⤵
  PID:5608
- C:\Windows\System32\gpWnvCj.exe
  C:\Windows\System32\gpWnvCj.exe
  2⤵
  PID:2972
- C:\Windows\System32\WrUovaG.exe
  C:\Windows\System32\WrUovaG.exe
  2⤵
  PID:5860
- C:\Windows\System32\FoGLCkE.exe
  C:\Windows\System32\FoGLCkE.exe
  2⤵
  PID:5148
- C:\Windows\System32\ayvAOcO.exe
  C:\Windows\System32\ayvAOcO.exe
  2⤵
  PID:6156
- C:\Windows\System32\oWFwrGP.exe
  C:\Windows\System32\oWFwrGP.exe
  2⤵
  PID:6176
- C:\Windows\System32\vquYchX.exe
  C:\Windows\System32\vquYchX.exe
  2⤵
  PID:6192
- C:\Windows\System32\poxfOtu.exe
  C:\Windows\System32\poxfOtu.exe
  2⤵
  PID:6252
- C:\Windows\System32\CdQtqhm.exe
  C:\Windows\System32\CdQtqhm.exe
  2⤵
  PID:6272
- C:\Windows\System32\vWOeceJ.exe
  C:\Windows\System32\vWOeceJ.exe
  2⤵
  PID:6296
- C:\Windows\System32\wsrubbO.exe
  C:\Windows\System32\wsrubbO.exe
  2⤵
  PID:6312
- C:\Windows\System32\OaFqZNu.exe
  C:\Windows\System32\OaFqZNu.exe
  2⤵
  PID:6336
- C:\Windows\System32\ORkRmdU.exe
  C:\Windows\System32\ORkRmdU.exe
  2⤵
  PID:6368
- C:\Windows\System32\VjqIQEG.exe
  C:\Windows\System32\VjqIQEG.exe
  2⤵
  PID:6388
- C:\Windows\System32\yehqRSs.exe
  C:\Windows\System32\yehqRSs.exe
  2⤵
  PID:6508
- C:\Windows\System32\wuZtoLs.exe
  C:\Windows\System32\wuZtoLs.exe
  2⤵
  PID:6528
- C:\Windows\System32\zuALSir.exe
  C:\Windows\System32\zuALSir.exe
  2⤵
  PID:6548
- C:\Windows\System32\pbFDpEB.exe
  C:\Windows\System32\pbFDpEB.exe
  2⤵
  PID:6572
- C:\Windows\System32\TIZxmZb.exe
  C:\Windows\System32\TIZxmZb.exe
  2⤵
  PID:6620
- C:\Windows\System32\Yzxbugd.exe
  C:\Windows\System32\Yzxbugd.exe
  2⤵
  PID:6640
- C:\Windows\System32\jBGyinR.exe
  C:\Windows\System32\jBGyinR.exe
  2⤵
  PID:6656
- C:\Windows\System32\sMOrNyz.exe
  C:\Windows\System32\sMOrNyz.exe
  2⤵
  PID:6692
- C:\Windows\System32\hSUoLST.exe
  C:\Windows\System32\hSUoLST.exe
  2⤵
  PID:6768
- C:\Windows\System32\WjBVrLz.exe
  C:\Windows\System32\WjBVrLz.exe
  2⤵
  PID:6792
- C:\Windows\System32\IaSXRQp.exe
  C:\Windows\System32\IaSXRQp.exe
  2⤵
  PID:6808
- C:\Windows\System32\ZywEhUH.exe
  C:\Windows\System32\ZywEhUH.exe
  2⤵
  PID:6828
- C:\Windows\System32\TdQHoXU.exe
  C:\Windows\System32\TdQHoXU.exe
  2⤵
  PID:6848
- C:\Windows\System32\KSYoBAe.exe
  C:\Windows\System32\KSYoBAe.exe
  2⤵
  PID:6872
- C:\Windows\System32\NBtiUxU.exe
  C:\Windows\System32\NBtiUxU.exe
  2⤵
  PID:6896
- C:\Windows\System32\CLjGWIY.exe
  C:\Windows\System32\CLjGWIY.exe
  2⤵
  PID:6924
- C:\Windows\System32\VXCWwpv.exe
  C:\Windows\System32\VXCWwpv.exe
  2⤵
  PID:6948
- C:\Windows\System32\eGJIoUJ.exe
  C:\Windows\System32\eGJIoUJ.exe
  2⤵
  PID:7008
- C:\Windows\System32\sSXbiBc.exe
  C:\Windows\System32\sSXbiBc.exe
  2⤵
  PID:7036
- C:\Windows\System32\SjTqDVw.exe
  C:\Windows\System32\SjTqDVw.exe
  2⤵
  PID:7056
- C:\Windows\System32\YpbctgZ.exe
  C:\Windows\System32\YpbctgZ.exe
  2⤵
  PID:7072
- C:\Windows\System32\vWoiWfP.exe
  C:\Windows\System32\vWoiWfP.exe
  2⤵
  PID:7088
- C:\Windows\System32\VsSMGEN.exe
  C:\Windows\System32\VsSMGEN.exe
  2⤵
  PID:7128
- C:\Windows\System32\pqVROBE.exe
  C:\Windows\System32\pqVROBE.exe
  2⤵
  PID:5892
- C:\Windows\System32\jgFoYfg.exe
  C:\Windows\System32\jgFoYfg.exe
  2⤵
  PID:6204
- C:\Windows\System32\ynOXJSo.exe
  C:\Windows\System32\ynOXJSo.exe
  2⤵
  PID:6152
- C:\Windows\System32\LweDJlC.exe
  C:\Windows\System32\LweDJlC.exe
  2⤵
  PID:6264
- C:\Windows\System32\iNWbfub.exe
  C:\Windows\System32\iNWbfub.exe
  2⤵
  PID:6308
- C:\Windows\System32\JOwyxfF.exe
  C:\Windows\System32\JOwyxfF.exe
  2⤵
  PID:6352
- C:\Windows\System32\nyuYamS.exe
  C:\Windows\System32\nyuYamS.exe
  2⤵
  PID:6492
- C:\Windows\System32\IuZzsxZ.exe
  C:\Windows\System32\IuZzsxZ.exe
  2⤵
  PID:6524
- C:\Windows\System32\FcTAlmt.exe
  C:\Windows\System32\FcTAlmt.exe
  2⤵
  PID:6636
- C:\Windows\System32\YcNhKRP.exe
  C:\Windows\System32\YcNhKRP.exe
  2⤵
  PID:6596
- C:\Windows\System32\AteBfDc.exe
  C:\Windows\System32\AteBfDc.exe
  2⤵
  PID:6688
- C:\Windows\System32\ZKGagaZ.exe
  C:\Windows\System32\ZKGagaZ.exe
  2⤵
  PID:6716
- C:\Windows\System32\poCRFyU.exe
  C:\Windows\System32\poCRFyU.exe
  2⤵
  PID:6840
- C:\Windows\System32\skRYxhX.exe
  C:\Windows\System32\skRYxhX.exe
  2⤵
  PID:6888
- C:\Windows\System32\vvfgnFc.exe
  C:\Windows\System32\vvfgnFc.exe
  2⤵
  PID:6904
- C:\Windows\System32\itBsXEy.exe
  C:\Windows\System32\itBsXEy.exe
  2⤵
  PID:7080
- C:\Windows\System32\zNXzftY.exe
  C:\Windows\System32\zNXzftY.exe
  2⤵
  PID:6228
- C:\Windows\System32\JozXIBc.exe
  C:\Windows\System32\JozXIBc.exe
  2⤵
  PID:7160
- C:\Windows\System32\ihbeyrO.exe
  C:\Windows\System32\ihbeyrO.exe
  2⤵
  PID:6248
- C:\Windows\System32\DjEiOAB.exe
  C:\Windows\System32\DjEiOAB.exe
  2⤵
  PID:6460
- C:\Windows\System32\aaupIRD.exe
  C:\Windows\System32\aaupIRD.exe
  2⤵
  PID:6536
- C:\Windows\System32\euAAQmW.exe
  C:\Windows\System32\euAAQmW.exe
  2⤵
  PID:6560
- C:\Windows\System32\bBdliIb.exe
  C:\Windows\System32\bBdliIb.exe
  2⤵
  PID:6668
- C:\Windows\System32\knLBYOJ.exe
  C:\Windows\System32\knLBYOJ.exe
  2⤵
  PID:6864
- C:\Windows\System32\VolhVeM.exe
  C:\Windows\System32\VolhVeM.exe
  2⤵
  PID:7124
- C:\Windows\System32\sNeXurS.exe
  C:\Windows\System32\sNeXurS.exe
  2⤵
  PID:7112
- C:\Windows\System32\WmseQky.exe
  C:\Windows\System32\WmseQky.exe
  2⤵
  PID:6468
- C:\Windows\System32\SadoiKx.exe
  C:\Windows\System32\SadoiKx.exe
  2⤵
  PID:6908
- C:\Windows\System32\FiHqimY.exe
  C:\Windows\System32\FiHqimY.exe
  2⤵
  PID:6780
- C:\Windows\System32\WUBVWPz.exe
  C:\Windows\System32\WUBVWPz.exe
  2⤵
  PID:7180
- C:\Windows\System32\QVnWOfU.exe
  C:\Windows\System32\QVnWOfU.exe
  2⤵
  PID:7196
- C:\Windows\System32\OMLWzah.exe
  C:\Windows\System32\OMLWzah.exe
  2⤵
  PID:7224
- C:\Windows\System32\qTASzBD.exe
  C:\Windows\System32\qTASzBD.exe
  2⤵
  PID:7260
- C:\Windows\System32\AixDrHq.exe
  C:\Windows\System32\AixDrHq.exe
  2⤵
  PID:7280
- C:\Windows\System32\iQSslxd.exe
  C:\Windows\System32\iQSslxd.exe
  2⤵
  PID:7336
- C:\Windows\System32\vLwFQDk.exe
  C:\Windows\System32\vLwFQDk.exe
  2⤵
  PID:7360
- C:\Windows\System32\Vvqftfw.exe
  C:\Windows\System32\Vvqftfw.exe
  2⤵
  PID:7384
- C:\Windows\System32\uLaYaas.exe
  C:\Windows\System32\uLaYaas.exe
  2⤵
  PID:7408
- C:\Windows\System32\UFvxFWH.exe
  C:\Windows\System32\UFvxFWH.exe
  2⤵
  PID:7440
- C:\Windows\System32\vlnStFd.exe
  C:\Windows\System32\vlnStFd.exe
  2⤵
  PID:7468
- C:\Windows\System32\mmyXYwl.exe
  C:\Windows\System32\mmyXYwl.exe
  2⤵
  PID:7516
- C:\Windows\System32\EVrZbLe.exe
  C:\Windows\System32\EVrZbLe.exe
  2⤵
  PID:7544
- C:\Windows\System32\pOoXeZn.exe
  C:\Windows\System32\pOoXeZn.exe
  2⤵
  PID:7568
- C:\Windows\System32\jmeEWiX.exe
  C:\Windows\System32\jmeEWiX.exe
  2⤵
  PID:7584
- C:\Windows\System32\lMyJCpl.exe
  C:\Windows\System32\lMyJCpl.exe
  2⤵
  PID:7604
- C:\Windows\System32\ILfDYNI.exe
  C:\Windows\System32\ILfDYNI.exe
  2⤵
  PID:7648
- C:\Windows\System32\KPJbfOW.exe
  C:\Windows\System32\KPJbfOW.exe
  2⤵
  PID:7664
- C:\Windows\System32\EdsoWaT.exe
  C:\Windows\System32\EdsoWaT.exe
  2⤵
  PID:7776
- C:\Windows\System32\optRiZF.exe
  C:\Windows\System32\optRiZF.exe
  2⤵
  PID:7800
- C:\Windows\System32\vwdQbTz.exe
  C:\Windows\System32\vwdQbTz.exe
  2⤵
  PID:7816
- C:\Windows\System32\zNnMlWx.exe
  C:\Windows\System32\zNnMlWx.exe
  2⤵
  PID:7832
- C:\Windows\System32\rnzOfyM.exe
  C:\Windows\System32\rnzOfyM.exe
  2⤵
  PID:7848
- C:\Windows\System32\hyrnEhU.exe
  C:\Windows\System32\hyrnEhU.exe
  2⤵
  PID:7864
- C:\Windows\System32\LTcsqae.exe
  C:\Windows\System32\LTcsqae.exe
  2⤵
  PID:7880
- C:\Windows\System32\cdHqfld.exe
  C:\Windows\System32\cdHqfld.exe
  2⤵
  PID:7896
- C:\Windows\System32\uVguVxM.exe
  C:\Windows\System32\uVguVxM.exe
  2⤵
  PID:7912
- C:\Windows\System32\MpkBrAA.exe
  C:\Windows\System32\MpkBrAA.exe
  2⤵
  PID:7928
- C:\Windows\System32\rmfcTNP.exe
  C:\Windows\System32\rmfcTNP.exe
  2⤵
  PID:7944
- C:\Windows\System32\VuJwSht.exe
  C:\Windows\System32\VuJwSht.exe
  2⤵
  PID:7960
- C:\Windows\System32\sYmaVBg.exe
  C:\Windows\System32\sYmaVBg.exe
  2⤵
  PID:7976
- C:\Windows\System32\UCPJhxg.exe
  C:\Windows\System32\UCPJhxg.exe
  2⤵
  PID:7992
- C:\Windows\System32\MJzmYBP.exe
  C:\Windows\System32\MJzmYBP.exe
  2⤵
  PID:8008
- C:\Windows\System32\CiZjzmp.exe
  C:\Windows\System32\CiZjzmp.exe
  2⤵
  PID:8024
- C:\Windows\System32\BTzUHLN.exe
  C:\Windows\System32\BTzUHLN.exe
  2⤵
  PID:8040
- C:\Windows\System32\KGYJuHB.exe
  C:\Windows\System32\KGYJuHB.exe
  2⤵
  PID:8132
- C:\Windows\System32\CKeLCYT.exe
  C:\Windows\System32\CKeLCYT.exe
  2⤵
  PID:8188
- C:\Windows\System32\BezGkWE.exe
  C:\Windows\System32\BezGkWE.exe
  2⤵
  PID:7204
- C:\Windows\System32\uqMWspE.exe
  C:\Windows\System32\uqMWspE.exe
  2⤵
  PID:7176
- C:\Windows\System32\QaDmOlY.exe
  C:\Windows\System32\QaDmOlY.exe
  2⤵
  PID:7320
- C:\Windows\System32\oCovuha.exe
  C:\Windows\System32\oCovuha.exe
  2⤵
  PID:7656
- C:\Windows\System32\wLvnZxW.exe
  C:\Windows\System32\wLvnZxW.exe
  2⤵
  PID:7792
- C:\Windows\System32\LpusJXx.exe
  C:\Windows\System32\LpusJXx.exe
  2⤵
  PID:7716
- C:\Windows\System32\XATLobz.exe
  C:\Windows\System32\XATLobz.exe
  2⤵
  PID:7748
- C:\Windows\System32\CIIfpbP.exe
  C:\Windows\System32\CIIfpbP.exe
  2⤵
  PID:8032
- C:\Windows\System32\LqGrLmm.exe
  C:\Windows\System32\LqGrLmm.exe
  2⤵
  PID:8036
- C:\Windows\System32\vYDEZGp.exe
  C:\Windows\System32\vYDEZGp.exe
  2⤵
  PID:8104
- C:\Windows\System32\wHmLteX.exe
  C:\Windows\System32\wHmLteX.exe
  2⤵
  PID:8000
- C:\Windows\System32\EGaMrdk.exe
  C:\Windows\System32\EGaMrdk.exe
  2⤵
  PID:7920
- C:\Windows\System32\hiwDFkX.exe
  C:\Windows\System32\hiwDFkX.exe
  2⤵
  PID:7824
- C:\Windows\System32\bIfjvgS.exe
  C:\Windows\System32\bIfjvgS.exe
  2⤵
  PID:7840
- C:\Windows\System32\yJRGMUO.exe
  C:\Windows\System32\yJRGMUO.exe
  2⤵
  PID:7256
- C:\Windows\System32\toOYjYw.exe
  C:\Windows\System32\toOYjYw.exe
  2⤵
  PID:7624
- C:\Windows\System32\ydoOASU.exe
  C:\Windows\System32\ydoOASU.exe
  2⤵
  PID:7628
- C:\Windows\System32\LFvHubm.exe
  C:\Windows\System32\LFvHubm.exe
  2⤵
  PID:7812
- C:\Windows\System32\KNOqgne.exe
  C:\Windows\System32\KNOqgne.exe
  2⤵
  PID:7904
- C:\Windows\System32\PRLkpLA.exe
  C:\Windows\System32\PRLkpLA.exe
  2⤵
  PID:7908
- C:\Windows\System32\naWHgkS.exe
  C:\Windows\System32\naWHgkS.exe
  2⤵
  PID:6732
- C:\Windows\System32\OhBNUNo.exe
  C:\Windows\System32\OhBNUNo.exe
  2⤵
  PID:7740
- C:\Windows\System32\cLcmwgC.exe
  C:\Windows\System32\cLcmwgC.exe
  2⤵
  PID:7796
- C:\Windows\System32\SPQrzUg.exe
  C:\Windows\System32\SPQrzUg.exe
  2⤵
  PID:8072
- C:\Windows\System32\GremsPY.exe
  C:\Windows\System32\GremsPY.exe
  2⤵
  PID:7696
- C:\Windows\System32\qDbkOld.exe
  C:\Windows\System32\qDbkOld.exe
  2⤵
  PID:7352
- C:\Windows\System32\lrpxzpI.exe
  C:\Windows\System32\lrpxzpI.exe
  2⤵
  PID:8216
- C:\Windows\System32\tbpstkt.exe
  C:\Windows\System32\tbpstkt.exe
  2⤵
  PID:8248
- C:\Windows\System32\zWxpMPK.exe
  C:\Windows\System32\zWxpMPK.exe
  2⤵
  PID:8272
- C:\Windows\System32\qbBkxGS.exe
  C:\Windows\System32\qbBkxGS.exe
  2⤵
  PID:8296
- C:\Windows\System32\puHfzTx.exe
  C:\Windows\System32\puHfzTx.exe
  2⤵
  PID:8324
- C:\Windows\System32\pboXIqM.exe
  C:\Windows\System32\pboXIqM.exe
  2⤵
  PID:8352
- C:\Windows\System32\MBvoQlR.exe
  C:\Windows\System32\MBvoQlR.exe
  2⤵
  PID:8372
- C:\Windows\System32\PWGvlAM.exe
  C:\Windows\System32\PWGvlAM.exe
  2⤵
  PID:8400
- C:\Windows\System32\zwYIxCP.exe
  C:\Windows\System32\zwYIxCP.exe
  2⤵
  PID:8416
- C:\Windows\System32\jYQIcZL.exe
  C:\Windows\System32\jYQIcZL.exe
  2⤵
  PID:8452
- C:\Windows\System32\CITMjxC.exe
  C:\Windows\System32\CITMjxC.exe
  2⤵
  PID:8500
- C:\Windows\System32\wNDLljB.exe
  C:\Windows\System32\wNDLljB.exe
  2⤵
  PID:8520
- C:\Windows\System32\VyMGpQO.exe
  C:\Windows\System32\VyMGpQO.exe
  2⤵
  PID:8544
- C:\Windows\System32\zoTirJA.exe
  C:\Windows\System32\zoTirJA.exe
  2⤵
  PID:8576
- C:\Windows\System32\lsxcrGr.exe
  C:\Windows\System32\lsxcrGr.exe
  2⤵
  PID:8604
- C:\Windows\System32\tTSEXus.exe
  C:\Windows\System32\tTSEXus.exe
  2⤵
  PID:8624
- C:\Windows\System32\tctfiAM.exe
  C:\Windows\System32\tctfiAM.exe
  2⤵
  PID:8640
- C:\Windows\System32\vhDYeBt.exe
  C:\Windows\System32\vhDYeBt.exe
  2⤵
  PID:8664
- C:\Windows\System32\ASntGWj.exe
  C:\Windows\System32\ASntGWj.exe
  2⤵
  PID:8680
- C:\Windows\System32\RAXWMnx.exe
  C:\Windows\System32\RAXWMnx.exe
  2⤵
  PID:8700
- C:\Windows\System32\OpCGaYI.exe
  C:\Windows\System32\OpCGaYI.exe
  2⤵
  PID:8744
- C:\Windows\System32\GLHJAkH.exe
  C:\Windows\System32\GLHJAkH.exe
  2⤵
  PID:8860
- C:\Windows\System32\TJUSjJs.exe
  C:\Windows\System32\TJUSjJs.exe
  2⤵
  PID:8876
- C:\Windows\System32\UZoeswg.exe
  C:\Windows\System32\UZoeswg.exe
  2⤵
  PID:8904
- C:\Windows\System32\WiISZvN.exe
  C:\Windows\System32\WiISZvN.exe
  2⤵
  PID:8932
- C:\Windows\System32\dwUzdpO.exe
  C:\Windows\System32\dwUzdpO.exe
  2⤵
  PID:8948
- C:\Windows\System32\nUqkgNr.exe
  C:\Windows\System32\nUqkgNr.exe
  2⤵
  PID:8968
- C:\Windows\System32\WtlLAvD.exe
  C:\Windows\System32\WtlLAvD.exe
  2⤵
  PID:8996
- C:\Windows\System32\BZoWjYA.exe
  C:\Windows\System32\BZoWjYA.exe
  2⤵
  PID:9012
- C:\Windows\System32\kkGaNTX.exe
  C:\Windows\System32\kkGaNTX.exe
  2⤵
  PID:9044
- C:\Windows\System32\uYlUHeB.exe
  C:\Windows\System32\uYlUHeB.exe
  2⤵
  PID:9060
- C:\Windows\System32\XfXvBPE.exe
  C:\Windows\System32\XfXvBPE.exe
  2⤵
  PID:9080
- C:\Windows\System32\jgzZZaE.exe
  C:\Windows\System32\jgzZZaE.exe
  2⤵
  PID:9136
- C:\Windows\System32\CSieEed.exe
  C:\Windows\System32\CSieEed.exe
  2⤵
  PID:9160
- C:\Windows\System32\ZzYclnZ.exe
  C:\Windows\System32\ZzYclnZ.exe
  2⤵
  PID:9184
- C:\Windows\System32\JhtgXLU.exe
  C:\Windows\System32\JhtgXLU.exe
  2⤵
  PID:9200
- C:\Windows\System32\cMWXmhD.exe
  C:\Windows\System32\cMWXmhD.exe
  2⤵
  PID:8200
- C:\Windows\System32\RIgDWGx.exe
  C:\Windows\System32\RIgDWGx.exe
  2⤵
  PID:8224
- C:\Windows\System32\jhDkHSE.exe
  C:\Windows\System32\jhDkHSE.exe
  2⤵
  PID:8312
- C:\Windows\System32\byoMcIS.exe
  C:\Windows\System32\byoMcIS.exe
  2⤵
  PID:8364
- C:\Windows\System32\Zmxemgl.exe
  C:\Windows\System32\Zmxemgl.exe
  2⤵
  PID:8484
- C:\Windows\System32\ioonaVc.exe
  C:\Windows\System32\ioonaVc.exe
  2⤵
  PID:8536
- C:\Windows\System32\UEZjDXZ.exe
  C:\Windows\System32\UEZjDXZ.exe
  2⤵
  PID:8588
- C:\Windows\System32\yqhmUAx.exe
  C:\Windows\System32\yqhmUAx.exe
  2⤵
  PID:8720
- C:\Windows\System32\fdjEThG.exe
  C:\Windows\System32\fdjEThG.exe
  2⤵
  PID:8712
- C:\Windows\System32\FWwhCWm.exe
  C:\Windows\System32\FWwhCWm.exe
  2⤵
  PID:8824
- C:\Windows\System32\kdhPWpA.exe
  C:\Windows\System32\kdhPWpA.exe
  2⤵
  PID:8716
- C:\Windows\System32\gZHGaFz.exe
  C:\Windows\System32\gZHGaFz.exe
  2⤵
  PID:8924
- C:\Windows\System32\ypfCEUO.exe
  C:\Windows\System32\ypfCEUO.exe
  2⤵
  PID:9024
- C:\Windows\System32\eTeWhpm.exe
  C:\Windows\System32\eTeWhpm.exe
  2⤵
  PID:9004
- C:\Windows\System32\HCCyexV.exe
  C:\Windows\System32\HCCyexV.exe
  2⤵
  PID:9104
- C:\Windows\System32\Ubqoiam.exe
  C:\Windows\System32\Ubqoiam.exe
  2⤵
  PID:9180
- C:\Windows\System32\cYOEZHt.exe
  C:\Windows\System32\cYOEZHt.exe
  2⤵
  PID:8112
- C:\Windows\System32\mAftnsv.exe
  C:\Windows\System32\mAftnsv.exe
  2⤵
  PID:7756
- C:\Windows\System32\dvJhiRw.exe
  C:\Windows\System32\dvJhiRw.exe
  2⤵
  PID:8292
- C:\Windows\System32\ZwZLaXM.exe
  C:\Windows\System32\ZwZLaXM.exe
  2⤵
  PID:8560
- C:\Windows\System32\jxEYWik.exe
  C:\Windows\System32\jxEYWik.exe
  2⤵
  PID:8852
- C:\Windows\System32\WKMnhQK.exe
  C:\Windows\System32\WKMnhQK.exe
  2⤵
  PID:8736
- C:\Windows\System32\PmgqsWQ.exe
  C:\Windows\System32\PmgqsWQ.exe
  2⤵
  PID:9144
- C:\Windows\System32\lrsmKlD.exe
  C:\Windows\System32\lrsmKlD.exe
  2⤵
  PID:9148
- C:\Windows\System32\OUlvmeZ.exe
  C:\Windows\System32\OUlvmeZ.exe
  2⤵
  PID:8660
- C:\Windows\System32\fJQsGmw.exe
  C:\Windows\System32\fJQsGmw.exe
  2⤵
  PID:9172
- C:\Windows\System32\tZGtfin.exe
  C:\Windows\System32\tZGtfin.exe
  2⤵
  PID:8556
- C:\Windows\System32\HBofarm.exe
  C:\Windows\System32\HBofarm.exe
  2⤵
  PID:9220
- C:\Windows\System32\JzABKxD.exe
  C:\Windows\System32\JzABKxD.exe
  2⤵
  PID:9236
- C:\Windows\System32\WjYVcBc.exe
  C:\Windows\System32\WjYVcBc.exe
  2⤵
  PID:9260
- C:\Windows\System32\GSZVIpA.exe
  C:\Windows\System32\GSZVIpA.exe
  2⤵
  PID:9276
- C:\Windows\System32\yhDGRjv.exe
  C:\Windows\System32\yhDGRjv.exe
  2⤵
  PID:9300
- C:\Windows\System32\jOBLfUv.exe
  C:\Windows\System32\jOBLfUv.exe
  2⤵
  PID:9316
- C:\Windows\System32\GjJIrzu.exe
  C:\Windows\System32\GjJIrzu.exe
  2⤵
  PID:9352
- C:\Windows\System32\FjSHAZt.exe
  C:\Windows\System32\FjSHAZt.exe
  2⤵
  PID:9396
- C:\Windows\System32\hPckXuN.exe
  C:\Windows\System32\hPckXuN.exe
  2⤵
  PID:9412
- C:\Windows\System32\UVKmOrl.exe
  C:\Windows\System32\UVKmOrl.exe
  2⤵
  PID:9496
- C:\Windows\System32\aqVMXEo.exe
  C:\Windows\System32\aqVMXEo.exe
  2⤵
  PID:9512
- C:\Windows\System32\BmrcUph.exe
  C:\Windows\System32\BmrcUph.exe
  2⤵
  PID:9536
- C:\Windows\System32\ppdZXKc.exe
  C:\Windows\System32\ppdZXKc.exe
  2⤵
  PID:9600
- C:\Windows\System32\uACPqXL.exe
  C:\Windows\System32\uACPqXL.exe
  2⤵
  PID:9620
- C:\Windows\System32\pboiiVx.exe
  C:\Windows\System32\pboiiVx.exe
  2⤵
  PID:9640
- C:\Windows\System32\XMGLtfl.exe
  C:\Windows\System32\XMGLtfl.exe
  2⤵
  PID:9656
- C:\Windows\System32\BuWKYJm.exe
  C:\Windows\System32\BuWKYJm.exe
  2⤵
  PID:9672
- C:\Windows\System32\WhEzfUO.exe
  C:\Windows\System32\WhEzfUO.exe
  2⤵
  PID:9688
- C:\Windows\System32\oUTPVsH.exe
  C:\Windows\System32\oUTPVsH.exe
  2⤵
  PID:9708
- C:\Windows\System32\OptDYjb.exe
  C:\Windows\System32\OptDYjb.exe
  2⤵
  PID:9740
- C:\Windows\System32\eDehnaF.exe
  C:\Windows\System32\eDehnaF.exe
  2⤵
  PID:9764
- C:\Windows\System32\uiPFbWg.exe
  C:\Windows\System32\uiPFbWg.exe
  2⤵
  PID:9812
- C:\Windows\System32\JlSDwgp.exe
  C:\Windows\System32\JlSDwgp.exe
  2⤵
  PID:9844
- C:\Windows\System32\cGwnFUk.exe
  C:\Windows\System32\cGwnFUk.exe
  2⤵
  PID:9872
- C:\Windows\System32\nSHKyxN.exe
  C:\Windows\System32\nSHKyxN.exe
  2⤵
  PID:9892
- C:\Windows\System32\CNSOMfB.exe
  C:\Windows\System32\CNSOMfB.exe
  2⤵
  PID:9912
- C:\Windows\System32\pKLZPMv.exe
  C:\Windows\System32\pKLZPMv.exe
  2⤵
  PID:9936
- C:\Windows\System32\VqLLPtU.exe
  C:\Windows\System32\VqLLPtU.exe
  2⤵
  PID:9984
- C:\Windows\System32\boLkVbI.exe
  C:\Windows\System32\boLkVbI.exe
  2⤵
  PID:10000
- C:\Windows\System32\kCbtEDC.exe
  C:\Windows\System32\kCbtEDC.exe
  2⤵
  PID:10036
- C:\Windows\System32\iFehZyB.exe
  C:\Windows\System32\iFehZyB.exe
  2⤵
  PID:10068
- C:\Windows\System32\aTDydXz.exe
  C:\Windows\System32\aTDydXz.exe
  2⤵
  PID:10116
- C:\Windows\System32\bZwjdiF.exe
  C:\Windows\System32\bZwjdiF.exe
  2⤵
  PID:10132
- C:\Windows\System32\FiVuDBz.exe
  C:\Windows\System32\FiVuDBz.exe
  2⤵
  PID:10152
- C:\Windows\System32\FqxpfKF.exe
  C:\Windows\System32\FqxpfKF.exe
  2⤵
  PID:10196
- C:\Windows\System32\ZbcnaCE.exe
  C:\Windows\System32\ZbcnaCE.exe
  2⤵
  PID:10232
- C:\Windows\System32\pzMxAxH.exe
  C:\Windows\System32\pzMxAxH.exe
  2⤵
  PID:9072
- C:\Windows\System32\tzYouqK.exe
  C:\Windows\System32\tzYouqK.exe
  2⤵
  PID:8872
- C:\Windows\System32\XKPgoae.exe
  C:\Windows\System32\XKPgoae.exe
  2⤵
  PID:9296
- C:\Windows\System32\PrakaGp.exe
  C:\Windows\System32\PrakaGp.exe
  2⤵
  PID:9372
- C:\Windows\System32\CIHUogR.exe
  C:\Windows\System32\CIHUogR.exe
  2⤵
  PID:9528
- C:\Windows\System32\TvQeZyA.exe
  C:\Windows\System32\TvQeZyA.exe
  2⤵
  PID:9520
- C:\Windows\System32\yPKKHej.exe
  C:\Windows\System32\yPKKHej.exe
  2⤵
  PID:9568
- C:\Windows\System32\dsdXeiH.exe
  C:\Windows\System32\dsdXeiH.exe
  2⤵
  PID:9652
- C:\Windows\System32\JEJMCqb.exe
  C:\Windows\System32\JEJMCqb.exe
  2⤵
  PID:9668
- C:\Windows\System32\xgbVliq.exe
  C:\Windows\System32\xgbVliq.exe
  2⤵
  PID:9788
- C:\Windows\System32\QBZkFew.exe
  C:\Windows\System32\QBZkFew.exe
  2⤵
  PID:9824
- C:\Windows\System32\PlEBmXk.exe
  C:\Windows\System32\PlEBmXk.exe
  2⤵
  PID:9900
- C:\Windows\System32\nuTRrFB.exe
  C:\Windows\System32\nuTRrFB.exe
  2⤵
  PID:10028
- C:\Windows\System32\JzVKcrn.exe
  C:\Windows\System32\JzVKcrn.exe
  2⤵
  PID:10044
- C:\Windows\System32\nEyvAQt.exe
  C:\Windows\System32\nEyvAQt.exe
  2⤵
  PID:10100
- C:\Windows\System32\JYZvYLb.exe
  C:\Windows\System32\JYZvYLb.exe
  2⤵
  PID:10180
- C:\Windows\System32\pyzhbSs.exe
  C:\Windows\System32\pyzhbSs.exe
  2⤵
  PID:10184
- C:\Windows\System32\nDiBihe.exe
  C:\Windows\System32\nDiBihe.exe
  2⤵
  PID:8940
- C:\Windows\System32\XwoHqfR.exe
  C:\Windows\System32\XwoHqfR.exe
  2⤵
  PID:9364
- C:\Windows\System32\NnxjhbA.exe
  C:\Windows\System32\NnxjhbA.exe
  2⤵
  PID:9544
- C:\Windows\System32\mZmCiWE.exe
  C:\Windows\System32\mZmCiWE.exe
  2⤵
  PID:9908
- C:\Windows\System32\kgiyTSC.exe
  C:\Windows\System32\kgiyTSC.exe
  2⤵
  PID:10008
- C:\Windows\System32\zdgUeEx.exe
  C:\Windows\System32\zdgUeEx.exe
  2⤵
  PID:10076
- C:\Windows\System32\gWkBamt.exe
  C:\Windows\System32\gWkBamt.exe
  2⤵
  PID:10376
- C:\Windows\System32\QFYgaYo.exe
  C:\Windows\System32\QFYgaYo.exe
  2⤵
  PID:10392
- C:\Windows\System32\aOCOBjm.exe
  C:\Windows\System32\aOCOBjm.exe
  2⤵
  PID:10416
- C:\Windows\System32\FqoReGI.exe
  C:\Windows\System32\FqoReGI.exe
  2⤵
  PID:10436
- C:\Windows\System32\lVzqjpT.exe
  C:\Windows\System32\lVzqjpT.exe
  2⤵
  PID:10452
- C:\Windows\System32\GZsUKKY.exe
  C:\Windows\System32\GZsUKKY.exe
  2⤵
  PID:10472
- C:\Windows\System32\iWQOwrW.exe
  C:\Windows\System32\iWQOwrW.exe
  2⤵
  PID:10508
- C:\Windows\System32\IuKCIpw.exe
  C:\Windows\System32\IuKCIpw.exe
  2⤵
  PID:10572
- C:\Windows\System32\Zxptmtl.exe
  C:\Windows\System32\Zxptmtl.exe
  2⤵
  PID:10588
- C:\Windows\System32\SKLeAeX.exe
  C:\Windows\System32\SKLeAeX.exe
  2⤵
  PID:10604
- C:\Windows\System32\jFCajCr.exe
  C:\Windows\System32\jFCajCr.exe
  2⤵
  PID:10632
- C:\Windows\System32\iKTVJuT.exe
  C:\Windows\System32\iKTVJuT.exe
  2⤵
  PID:10648
- C:\Windows\System32\QMNFjMv.exe
  C:\Windows\System32\QMNFjMv.exe
  2⤵
  PID:10668
- C:\Windows\System32\ZtVwNSf.exe
  C:\Windows\System32\ZtVwNSf.exe
  2⤵
  PID:10704
- C:\Windows\System32\qMilOhW.exe
  C:\Windows\System32\qMilOhW.exe
  2⤵
  PID:10732
- C:\Windows\System32\yCpGSem.exe
  C:\Windows\System32\yCpGSem.exe
  2⤵
  PID:10752
- C:\Windows\System32\jUNkanO.exe
  C:\Windows\System32\jUNkanO.exe
  2⤵
  PID:10780
- C:\Windows\System32\CoDIsra.exe
  C:\Windows\System32\CoDIsra.exe
  2⤵
  PID:10812
- C:\Windows\System32\eMWWGqC.exe
  C:\Windows\System32\eMWWGqC.exe
  2⤵
  PID:10856
- C:\Windows\System32\EVpcKCs.exe
  C:\Windows\System32\EVpcKCs.exe
  2⤵
  PID:10884
- C:\Windows\System32\vVahyDD.exe
  C:\Windows\System32\vVahyDD.exe
  2⤵
  PID:10900
- C:\Windows\System32\juajFsh.exe
  C:\Windows\System32\juajFsh.exe
  2⤵
  PID:10924
- C:\Windows\System32\KYJPvuH.exe
  C:\Windows\System32\KYJPvuH.exe
  2⤵
  PID:10940
- C:\Windows\System32\bkyhHbH.exe
  C:\Windows\System32\bkyhHbH.exe
  2⤵
  PID:10984
- C:\Windows\System32\UclKnqd.exe
  C:\Windows\System32\UclKnqd.exe
  2⤵
  PID:11032
- C:\Windows\System32\QtDgmuB.exe
  C:\Windows\System32\QtDgmuB.exe
  2⤵
  PID:11060
- C:\Windows\System32\VMvUIkp.exe
  C:\Windows\System32\VMvUIkp.exe
  2⤵
  PID:11088
- C:\Windows\System32\sOqtmxS.exe
  C:\Windows\System32\sOqtmxS.exe
  2⤵
  PID:11116
- C:\Windows\System32\oMIeQax.exe
  C:\Windows\System32\oMIeQax.exe
  2⤵
  PID:11132
- C:\Windows\System32\dXKgIRD.exe
  C:\Windows\System32\dXKgIRD.exe
  2⤵
  PID:11160
- C:\Windows\System32\zYRPuMX.exe
  C:\Windows\System32\zYRPuMX.exe
  2⤵
  PID:11184
- C:\Windows\System32\wltCymR.exe
  C:\Windows\System32\wltCymR.exe
  2⤵
  PID:11216
- C:\Windows\System32\YwVPAYJ.exe
  C:\Windows\System32\YwVPAYJ.exe
  2⤵
  PID:11232
- C:\Windows\System32\gsWGgsN.exe
  C:\Windows\System32\gsWGgsN.exe
  2⤵
  PID:9628
- C:\Windows\System32\YFmUleZ.exe
  C:\Windows\System32\YFmUleZ.exe
  2⤵
  PID:9776
- C:\Windows\System32\AmvhXrb.exe
  C:\Windows\System32\AmvhXrb.exe
  2⤵
  PID:10256
- C:\Windows\System32\QXReXfR.exe
  C:\Windows\System32\QXReXfR.exe
  2⤵
  PID:9608
- C:\Windows\System32\GwwiicA.exe
  C:\Windows\System32\GwwiicA.exe
  2⤵
  PID:10368
- C:\Windows\System32\wUkjkWF.exe
  C:\Windows\System32\wUkjkWF.exe
  2⤵
  PID:10324
- C:\Windows\System32\fvbbvSq.exe
  C:\Windows\System32\fvbbvSq.exe
  2⤵
  PID:10360
- C:\Windows\System32\kKZRtur.exe
  C:\Windows\System32\kKZRtur.exe
  2⤵
  PID:10408
- C:\Windows\System32\lQsLQJJ.exe
  C:\Windows\System32\lQsLQJJ.exe
  2⤵
  PID:10444
- C:\Windows\System32\UoskinO.exe
  C:\Windows\System32\UoskinO.exe
  2⤵
  PID:10548
- C:\Windows\System32\nPoBcbn.exe
  C:\Windows\System32\nPoBcbn.exe
  2⤵
  PID:10600
- C:\Windows\System32\ZGEOSBw.exe
  C:\Windows\System32\ZGEOSBw.exe
  2⤵
  PID:10644
- C:\Windows\System32\DXmfkeq.exe
  C:\Windows\System32\DXmfkeq.exe
  2⤵
  PID:10660
- C:\Windows\System32\VugrqZv.exe
  C:\Windows\System32\VugrqZv.exe
  2⤵
  PID:10720
- C:\Windows\System32\QIoLIGD.exe
  C:\Windows\System32\QIoLIGD.exe
  2⤵
  PID:10776
- C:\Windows\System32\hnVjgjk.exe
  C:\Windows\System32\hnVjgjk.exe
  2⤵
  PID:10896
- C:\Windows\System32\UtDHGpJ.exe
  C:\Windows\System32\UtDHGpJ.exe
  2⤵
  PID:10956
- C:\Windows\System32\BAxXcLH.exe
  C:\Windows\System32\BAxXcLH.exe
  2⤵
  PID:11012
- C:\Windows\System32\SbzYHVq.exe
  C:\Windows\System32\SbzYHVq.exe
  2⤵
  PID:11068
- C:\Windows\System32\MHFXaqV.exe
  C:\Windows\System32\MHFXaqV.exe
  2⤵
  PID:11124
- C:\Windows\System32\cVqIkoh.exe
  C:\Windows\System32\cVqIkoh.exe
  2⤵
  PID:11228
- C:\Windows\System32\PwAOHkE.exe
  C:\Windows\System32\PwAOHkE.exe
  2⤵
  PID:10060
- C:\Windows\System32\BMAquTV.exe
  C:\Windows\System32\BMAquTV.exe
  2⤵
  PID:9884
- C:\Windows\System32\MrRoNGv.exe
  C:\Windows\System32\MrRoNGv.exe
  2⤵
  PID:10108
- C:\Windows\System32\OUQTSXt.exe
  C:\Windows\System32\OUQTSXt.exe
  2⤵
  PID:10272
- C:\Windows\System32\oldVbXk.exe
  C:\Windows\System32\oldVbXk.exe
  2⤵
  PID:10460
- C:\Windows\System32\kvXyzaq.exe
  C:\Windows\System32\kvXyzaq.exe
  2⤵
  PID:10516
- C:\Windows\System32\AlwXHVO.exe
  C:\Windows\System32\AlwXHVO.exe
  2⤵
  PID:10676
- C:\Windows\System32\RMfkNcN.exe
  C:\Windows\System32\RMfkNcN.exe
  2⤵
  PID:10840
- C:\Windows\System32\tWhxVpq.exe
  C:\Windows\System32\tWhxVpq.exe
  2⤵
  PID:10908
- C:\Windows\System32\PNwgTsa.exe
  C:\Windows\System32\PNwgTsa.exe
  2⤵
  PID:10936
- C:\Windows\System32\EmMZSfB.exe
  C:\Windows\System32\EmMZSfB.exe
  2⤵
  PID:11168
- C:\Windows\System32\ISmOMUN.exe
  C:\Windows\System32\ISmOMUN.exe
  2⤵
  PID:9852
- C:\Windows\System32\gqyzATb.exe
  C:\Windows\System32\gqyzATb.exe
  2⤵
  PID:10744
- C:\Windows\System32\znCbVUM.exe
  C:\Windows\System32\znCbVUM.exe
  2⤵
  PID:10296
- C:\Windows\System32\cOSCfrl.exe
  C:\Windows\System32\cOSCfrl.exe
  2⤵
  PID:11112
- C:\Windows\System32\YDosnTT.exe
  C:\Windows\System32\YDosnTT.exe
  2⤵
  PID:1060
- C:\Windows\System32\zaZHHyb.exe
  C:\Windows\System32\zaZHHyb.exe
  2⤵
  PID:11300
- C:\Windows\System32\ZRXFjMq.exe
  C:\Windows\System32\ZRXFjMq.exe
  2⤵
  PID:11316
- C:\Windows\System32\tZuzOKN.exe
  C:\Windows\System32\tZuzOKN.exe
  2⤵
  PID:11392
- C:\Windows\System32\ffAmtqb.exe
  C:\Windows\System32\ffAmtqb.exe
  2⤵
  PID:11424
- C:\Windows\System32\VEOfjPc.exe
  C:\Windows\System32\VEOfjPc.exe
  2⤵
  PID:11440
- C:\Windows\System32\IJOyguq.exe
  C:\Windows\System32\IJOyguq.exe
  2⤵
  PID:11480
- C:\Windows\System32\SWPxTzX.exe
  C:\Windows\System32\SWPxTzX.exe
  2⤵
  PID:11500
- C:\Windows\System32\npVifbG.exe
  C:\Windows\System32\npVifbG.exe
  2⤵
  PID:11520
- C:\Windows\System32\MkqsQZe.exe
  C:\Windows\System32\MkqsQZe.exe
  2⤵
  PID:11552
- C:\Windows\System32\RQIytkQ.exe
  C:\Windows\System32\RQIytkQ.exe
  2⤵
  PID:11576
- C:\Windows\System32\CmYdjin.exe
  C:\Windows\System32\CmYdjin.exe
  2⤵
  PID:11596
- C:\Windows\System32\vnPnrhg.exe
  C:\Windows\System32\vnPnrhg.exe
  2⤵
  PID:11632
- C:\Windows\System32\DlaYzdB.exe
  C:\Windows\System32\DlaYzdB.exe
  2⤵
  PID:11664
- C:\Windows\System32\jvkqcKX.exe
  C:\Windows\System32\jvkqcKX.exe
  2⤵
  PID:11708
- C:\Windows\System32\ycxWMTf.exe
  C:\Windows\System32\ycxWMTf.exe
  2⤵
  PID:11732
- C:\Windows\System32\DIUTbnu.exe
  C:\Windows\System32\DIUTbnu.exe
  2⤵
  PID:11748
- C:\Windows\System32\DjGDxyL.exe
  C:\Windows\System32\DjGDxyL.exe
  2⤵
  PID:11768
- C:\Windows\System32\JusCquI.exe
  C:\Windows\System32\JusCquI.exe
  2⤵
  PID:11784
- C:\Windows\System32\buxRxHH.exe
  C:\Windows\System32\buxRxHH.exe
  2⤵
  PID:11808
- C:\Windows\System32\NrShOgk.exe
  C:\Windows\System32\NrShOgk.exe
  2⤵
  PID:11848
- C:\Windows\System32\ZpugqWH.exe
  C:\Windows\System32\ZpugqWH.exe
  2⤵
  PID:11892
- C:\Windows\System32\XDXMaTr.exe
  C:\Windows\System32\XDXMaTr.exe
  2⤵
  PID:11952
- C:\Windows\System32\pxqTHsM.exe
  C:\Windows\System32\pxqTHsM.exe
  2⤵
  PID:11968
- C:\Windows\System32\hXshuey.exe
  C:\Windows\System32\hXshuey.exe
  2⤵
  PID:11984
- C:\Windows\System32\AHxspIV.exe
  C:\Windows\System32\AHxspIV.exe
  2⤵
  PID:12012
- C:\Windows\System32\IWOptAA.exe
  C:\Windows\System32\IWOptAA.exe
  2⤵
  PID:12048
- C:\Windows\System32\edkbXYM.exe
  C:\Windows\System32\edkbXYM.exe
  2⤵
  PID:12064
- C:\Windows\System32\GiSoZHV.exe
  C:\Windows\System32\GiSoZHV.exe
  2⤵
  PID:12084
- C:\Windows\System32\TarkKIl.exe
  C:\Windows\System32\TarkKIl.exe
  2⤵
  PID:12120
- C:\Windows\System32\mPZNCur.exe
  C:\Windows\System32\mPZNCur.exe
  2⤵
  PID:12148
- C:\Windows\System32\LNuegrl.exe
  C:\Windows\System32\LNuegrl.exe
  2⤵
  PID:12168
- C:\Windows\System32\egTXqNc.exe
  C:\Windows\System32\egTXqNc.exe
  2⤵
  PID:12200
- C:\Windows\System32\WRowSUy.exe
  C:\Windows\System32\WRowSUy.exe
  2⤵
  PID:12220
- C:\Windows\System32\XdPDmdQ.exe
  C:\Windows\System32\XdPDmdQ.exe
  2⤵
  PID:12252
- C:\Windows\System32\HtLpHkB.exe
  C:\Windows\System32\HtLpHkB.exe
  2⤵
  PID:12280
- C:\Windows\System32\qpmxOel.exe
  C:\Windows\System32\qpmxOel.exe
  2⤵
  PID:11280
- C:\Windows\System32\huomOUk.exe
  C:\Windows\System32\huomOUk.exe
  2⤵
  PID:11340
- C:\Windows\System32\yghbvKq.exe
  C:\Windows\System32\yghbvKq.exe
  2⤵
  PID:11408
- C:\Windows\System32\eLdcxvo.exe
  C:\Windows\System32\eLdcxvo.exe
  2⤵
  PID:11512
- C:\Windows\System32\OYUpgEr.exe
  C:\Windows\System32\OYUpgEr.exe
  2⤵
  PID:11516
- C:\Windows\System32\fmxNJVI.exe
  C:\Windows\System32\fmxNJVI.exe
  2⤵
  PID:11584
- C:\Windows\System32\bqRvlOl.exe
  C:\Windows\System32\bqRvlOl.exe
  2⤵
  PID:11620
- C:\Windows\System32\yrCRIpc.exe
  C:\Windows\System32\yrCRIpc.exe
  2⤵
  PID:11744
- C:\Windows\System32\HyZLfCu.exe
  C:\Windows\System32\HyZLfCu.exe
  2⤵
  PID:11820
- C:\Windows\System32\wmCZvbp.exe
  C:\Windows\System32\wmCZvbp.exe
  2⤵
  PID:11876
- C:\Windows\System32\NtLZGtS.exe
  C:\Windows\System32\NtLZGtS.exe
  2⤵
  PID:11920
- C:\Windows\System32\YHeyGvD.exe
  C:\Windows\System32\YHeyGvD.exe
  2⤵
  PID:11976
- C:\Windows\System32\DmkJlGO.exe
  C:\Windows\System32\DmkJlGO.exe
  2⤵
  PID:12080
- C:\Windows\System32\GZAfMvk.exe
  C:\Windows\System32\GZAfMvk.exe
  2⤵
  PID:12136
- C:\Windows\System32\axioRdj.exe
  C:\Windows\System32\axioRdj.exe
  2⤵
  PID:12176
- C:\Windows\System32\idmhjEe.exe
  C:\Windows\System32\idmhjEe.exe
  2⤵
  PID:12232
- C:\Windows\System32\AKvJodK.exe
  C:\Windows\System32\AKvJodK.exe
  2⤵
  PID:12276
- C:\Windows\System32\cQMjoJS.exe
  C:\Windows\System32\cQMjoJS.exe
  2⤵
  PID:11308
- C:\Windows\System32\JCPdSwm.exe
  C:\Windows\System32\JCPdSwm.exe
  2⤵
  PID:11508
- C:\Windows\System32\NcGiqGh.exe
  C:\Windows\System32\NcGiqGh.exe
  2⤵
  PID:11604
- C:\Windows\System32\dQOAaSv.exe
  C:\Windows\System32\dQOAaSv.exe
  2⤵
  PID:11756
- C:\Windows\System32\GdOFBRR.exe
  C:\Windows\System32\GdOFBRR.exe
  2⤵
  PID:11840
- C:\Windows\System32\AHCeMQv.exe
  C:\Windows\System32\AHCeMQv.exe
  2⤵
  PID:10388
- C:\Windows\System32\NJedYqA.exe
  C:\Windows\System32\NJedYqA.exe
  2⤵
  PID:10276
- C:\Windows\System32\PuIcghY.exe
  C:\Windows\System32\PuIcghY.exe
  2⤵
  PID:2340
- C:\Windows\System32\MgFrbkm.exe
  C:\Windows\System32\MgFrbkm.exe
  2⤵
  PID:11656
- C:\Windows\System32\NLASujq.exe
  C:\Windows\System32\NLASujq.exe
  2⤵
  PID:11804
- C:\Windows\System32\BhgNDoL.exe
  C:\Windows\System32\BhgNDoL.exe
  2⤵
  PID:12132
- C:\Windows\System32\ESavPlb.exe
  C:\Windows\System32\ESavPlb.exe
  2⤵
  PID:11644
- C:\Windows\System32\rFghBvI.exe
  C:\Windows\System32\rFghBvI.exe
  2⤵
  PID:12328
- C:\Windows\System32\kjLGTAo.exe
  C:\Windows\System32\kjLGTAo.exe
  2⤵
  PID:12344
- C:\Windows\System32\YMtAwdp.exe
  C:\Windows\System32\YMtAwdp.exe
  2⤵
  PID:12376
- C:\Windows\System32\vYKOjol.exe
  C:\Windows\System32\vYKOjol.exe
  2⤵
  PID:12400
- C:\Windows\System32\pmhfXjW.exe
  C:\Windows\System32\pmhfXjW.exe
  2⤵
  PID:12416
- C:\Windows\System32\FAytCsl.exe
  C:\Windows\System32\FAytCsl.exe
  2⤵
  PID:12444
- C:\Windows\System32\BBoTWdD.exe
  C:\Windows\System32\BBoTWdD.exe
  2⤵
  PID:12476
- C:\Windows\System32\LzdLBnO.exe
  C:\Windows\System32\LzdLBnO.exe
  2⤵
  PID:12492
- C:\Windows\System32\yvAogax.exe
  C:\Windows\System32\yvAogax.exe
  2⤵
  PID:12508
- C:\Windows\System32\urblkSQ.exe
  C:\Windows\System32\urblkSQ.exe
  2⤵
  PID:12560
- C:\Windows\System32\NXAiOIT.exe
  C:\Windows\System32\NXAiOIT.exe
  2⤵
  PID:12616
- C:\Windows\System32\MJszwJI.exe
  C:\Windows\System32\MJszwJI.exe
  2⤵
  PID:12676
- C:\Windows\System32\XoJpsfi.exe
  C:\Windows\System32\XoJpsfi.exe
  2⤵
  PID:12700
- C:\Windows\System32\OkwsZuC.exe
  C:\Windows\System32\OkwsZuC.exe
  2⤵
  PID:12736
- C:\Windows\System32\ygPlOrf.exe
  C:\Windows\System32\ygPlOrf.exe
  2⤵
  PID:12764
- C:\Windows\System32\pIlJwln.exe
  C:\Windows\System32\pIlJwln.exe
  2⤵
  PID:12784
- C:\Windows\System32\kaJEVPj.exe
  C:\Windows\System32\kaJEVPj.exe
  2⤵
  PID:12808
- C:\Windows\System32\QGRBRIK.exe
  C:\Windows\System32\QGRBRIK.exe
  2⤵
  PID:12828
- C:\Windows\System32\poTdpFY.exe
  C:\Windows\System32\poTdpFY.exe
  2⤵
  PID:12852
- C:\Windows\System32\HFptIrS.exe
  C:\Windows\System32\HFptIrS.exe
  2⤵
  PID:12872
- C:\Windows\System32\QKMcnsS.exe
  C:\Windows\System32\QKMcnsS.exe
  2⤵
  PID:12912
- C:\Windows\System32\fAOAUcz.exe
  C:\Windows\System32\fAOAUcz.exe
  2⤵
  PID:12936
- C:\Windows\System32\xDAPplf.exe
  C:\Windows\System32\xDAPplf.exe
  2⤵
  PID:12964
- C:\Windows\System32\SQhQQaT.exe
  C:\Windows\System32\SQhQQaT.exe
  2⤵
  PID:12992
- C:\Windows\System32\dtGSCYa.exe
  C:\Windows\System32\dtGSCYa.exe
  2⤵
  PID:13012
- C:\Windows\System32\TZqvgdg.exe
  C:\Windows\System32\TZqvgdg.exe
  2⤵
  PID:13040
- C:\Windows\System32\JSxrFFH.exe
  C:\Windows\System32\JSxrFFH.exe
  2⤵
  PID:13060
- C:\Windows\System32\LFDfhPF.exe
  C:\Windows\System32\LFDfhPF.exe
  2⤵
  PID:13084
- C:\Windows\System32\YYIYviq.exe
  C:\Windows\System32\YYIYviq.exe
  2⤵
  PID:13120
- C:\Windows\System32\AgEyVKX.exe
  C:\Windows\System32\AgEyVKX.exe
  2⤵
  PID:13144
- C:\Windows\System32\lRNzKLa.exe
  C:\Windows\System32\lRNzKLa.exe
  2⤵
  PID:13184
- C:\Windows\System32\tqxvmOp.exe
  C:\Windows\System32\tqxvmOp.exe
  2⤵
  PID:13204
- C:\Windows\System32\diRPLgK.exe
  C:\Windows\System32\diRPLgK.exe
  2⤵
  PID:13228
- C:\Windows\System32\pGTKiUD.exe
  C:\Windows\System32\pGTKiUD.exe
  2⤵
  PID:13276
- C:\Windows\System32\XIOVCPa.exe
  C:\Windows\System32\XIOVCPa.exe
  2⤵
  PID:13304
- C:\Windows\System32\iKUAqhF.exe
  C:\Windows\System32\iKUAqhF.exe
  2⤵
  PID:12340
- C:\Windows\System32\UjLnXsG.exe
  C:\Windows\System32\UjLnXsG.exe
  2⤵
  PID:12408
- C:\Windows\System32\dNwmkLo.exe
  C:\Windows\System32\dNwmkLo.exe
  2⤵
  PID:12432
- C:\Windows\System32\oZSfpRE.exe
  C:\Windows\System32\oZSfpRE.exe
  2⤵
  PID:12488
- C:\Windows\System32\fzMJYeG.exe
  C:\Windows\System32\fzMJYeG.exe
  2⤵
  PID:12528
- C:\Windows\System32\FFQjmPJ.exe
  C:\Windows\System32\FFQjmPJ.exe
  2⤵
  PID:12636
- C:\Windows\System32\OfdlKpX.exe
  C:\Windows\System32\OfdlKpX.exe
  2⤵
  PID:12656
- C:\Windows\System32\rGdiZFY.exe
  C:\Windows\System32\rGdiZFY.exe
  2⤵
  PID:12772
- C:\Windows\System32\XSwnPtu.exe
  C:\Windows\System32\XSwnPtu.exe
  2⤵
  PID:12896
- C:\Windows\System32\AunBTjd.exe
  C:\Windows\System32\AunBTjd.exe
  2⤵
  PID:12884
- C:\Windows\System32\MeHREWi.exe
  C:\Windows\System32\MeHREWi.exe
  2⤵
  PID:13020
- C:\Windows\System32\hcplelC.exe
  C:\Windows\System32\hcplelC.exe
  2⤵
  PID:13080
- C:\Windows\System32\JNVhDsk.exe
  C:\Windows\System32\JNVhDsk.exe
  2⤵
  PID:13096
- C:\Windows\System32\Fqpkjrf.exe
  C:\Windows\System32\Fqpkjrf.exe
  2⤵
  PID:13212
- C:\Windows\System32\QvGUsvR.exe
  C:\Windows\System32\QvGUsvR.exe
  2⤵
  PID:12336
- C:\Windows\System32\tLdfILp.exe
  C:\Windows\System32\tLdfILp.exe
  2⤵
  PID:12516
- C:\Windows\System32\WQLQDWt.exe
  C:\Windows\System32\WQLQDWt.exe
  2⤵
  PID:12692
- C:\Windows\System32\BIdDKiW.exe
  C:\Windows\System32\BIdDKiW.exe
  2⤵
  PID:12596
- C:\Windows\System32\zZoVLPV.exe
  C:\Windows\System32\zZoVLPV.exe
  2⤵
  PID:12836
- C:\Windows\System32\AlAwhHJ.exe
  C:\Windows\System32\AlAwhHJ.exe
  2⤵
  PID:12928
- C:\Windows\System32\gmZvKwq.exe
  C:\Windows\System32\gmZvKwq.exe
  2⤵
  PID:13052
- C:\Windows\System32\XXAxUas.exe
  C:\Windows\System32\XXAxUas.exe
  2⤵
  PID:13288
- C:\Windows\System32\gzcnZby.exe
  C:\Windows\System32\gzcnZby.exe
  2⤵
  PID:12456
- C:\Windows\System32\GgxGFKm.exe
  C:\Windows\System32\GgxGFKm.exe
  2⤵
  PID:12860
- C:\Windows\System32\eyskTJT.exe
  C:\Windows\System32\eyskTJT.exe
  2⤵
  PID:12660
- C:\Windows\System32\mjgmisi.exe
  C:\Windows\System32\mjgmisi.exe
  2⤵
  PID:12972
- C:\Windows\System32\LcspVRT.exe
  C:\Windows\System32\LcspVRT.exe
  2⤵
  PID:13324
- C:\Windows\System32\wmqubaD.exe
  C:\Windows\System32\wmqubaD.exe
  2⤵
  PID:13348
- C:\Windows\System32\mrIcISA.exe
  C:\Windows\System32\mrIcISA.exe
  2⤵
  PID:13364
- C:\Windows\System32\ofzIkiQ.exe
  C:\Windows\System32\ofzIkiQ.exe
  2⤵
  PID:13388
- C:\Windows\System32\amjHTfQ.exe
  C:\Windows\System32\amjHTfQ.exe
  2⤵
  PID:13428
- C:\Windows\System32\sOBfgRr.exe
  C:\Windows\System32\sOBfgRr.exe
  2⤵
  PID:13460
- C:\Windows\System32\IBpvAAa.exe
  C:\Windows\System32\IBpvAAa.exe
  2⤵
  PID:13480
- C:\Windows\System32\zlUlIrB.exe
  C:\Windows\System32\zlUlIrB.exe
  2⤵
  PID:13496
- C:\Windows\System32\ernIdon.exe
  C:\Windows\System32\ernIdon.exe
  2⤵
  PID:13520
- C:\Windows\System32\OKIsajk.exe
  C:\Windows\System32\OKIsajk.exe
  2⤵
  PID:13540
- C:\Windows\System32\enzaQHr.exe
  C:\Windows\System32\enzaQHr.exe
  2⤵
  PID:13584
- C:\Windows\System32\AuvkWpk.exe
  C:\Windows\System32\AuvkWpk.exe
  2⤵
  PID:13652

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\DAJSJRh.exe

Filesize
966KB

MD5
255dbb77e82cd2bbf23c49830bae8e09

SHA1
109bea557817ae9116fdd8a5443afb15391c00e3

SHA256
5b29069aa224a0f3578f983cb203a1100e58d7dbd175f12cccc8362c46658d0c

SHA512
00095a4bfb5d3b5340d5b84d322c2de4e8625a4c336951ef90790b668259fb4646a86d82a9004f9aa4b00cac4c857fb886a16b3c1146bde68caa2b88d6c7c289

Download Submit
C:\Windows\System32\EaCanwm.exe

Filesize
966KB

MD5
af38bbb293668bff4b24febb0c93f362

SHA1
f1aec3af4e5160ce3dc4e3df151c2bc70f2ef6f6

SHA256
34edd331268e7c448bf2c0e388b12111bef47daed19230099a21b5370dd668a8

SHA512
475ee0e471dfcb17b94aa09206610104d412c39807253893334dffa9b872aa5a8b168c63277b75c36aec3fa2f599dae58e8b06f433d39cd6ff1787a11cb15a23

Download Submit
C:\Windows\System32\FTKFMcU.exe

Filesize
965KB

MD5
0c18d64dc6d87d774a9e0b1e8563c8bf

SHA1
75226a71bc29dc4c217dc32216023cbcd990039b

SHA256
4abb792d70f98a10c5b0a61a29bda42bf5a64e1bb5bae0e337850d5ff14bb8ff

SHA512
f9f9feb881aaad44122869c10c1a1f11f2a9f1e2775b6ca58f90a23a933df1195a3cc5ef26a4b76e37f4f9e9d096bfc319866022fb3d6f7ebebd36f2c5826cd7

Download Submit
C:\Windows\System32\JZiMZmS.exe

Filesize
967KB

MD5
499d18ae1e6b0d1d078f27e9cfc917ba

SHA1
40266d953820b27856d539b39ed21f3230b0ac83

SHA256
4c6fb21ec26c23208273914353fd827462b30e834167d058b7f234d2478e30c8

SHA512
7db3d786f9e19c50c6e44ac6db5fc8cb3808847a7174b82ea2f5df1af127779a66e976505f47d815ece288ce09bea5a6bba6195da15f16880308a5eb5280cfbb

Download Submit
C:\Windows\System32\JaxeXXo.exe

Filesize
968KB

MD5
564ded54c02fe7a5c455b182766b80e0

SHA1
5a4a4b4e64603b5d2d7006a003a118d25b2b4e33

SHA256
3e981a125b0f76c7c470edc3635547e77fc40c2f689d514905bbd00f57c0f728

SHA512
ac262a082e93ffeaddcd019a74bff553c0caa3a39cde99200deb54f1244169b63681fe082119b9ccdeaaaf92388ad1e51936117891fc3096efd12e8253588563

Download Submit
C:\Windows\System32\LJfALEX.exe

Filesize
961KB

MD5
427e72aa36f1b8d6403039d3d5799ac0

SHA1
07c08c580b8d612692cd4032229d65c807bf100a

SHA256
84aa5b484bcced26bd95e2cfe5f48abc19717dc0233165bf3d9694e8ff97dd6c

SHA512
84b58dfbb67fc0c44f129fb36723f113ff725fe6df4aa5d787a0cd37934907e2cbe4858d3f31e3b7dfd636c31801e0d1eeb14b480a830cd7d32bfea01ef3bf0e

Download Submit
C:\Windows\System32\PEskZcv.exe

Filesize
962KB

MD5
36b07f0e7039ac0b356249fe0405b8a4

SHA1
525e42a6bd6dc5a8d046a32ffd75dc6f648381ea

SHA256
704f7b00a1fcb37f2402ab31248874a70aa1b605d1ed0a425bed3b2dff1a990a

SHA512
59c9ad4cc1a8df904da541c1f7933b77e0cf63092b73fc31b4344fd9cdc4fe408e3ed3d9f50642941c7897186e5d81268ab3c7d97ab026ee38e40245c3c6b8aa

Download Submit
C:\Windows\System32\QfQBFjL.exe

Filesize
962KB

MD5
c7da7390ca858be8afc4ac65be256ef8

SHA1
56ddfde3b53f5385295a774e5d0e4dcc8111214f

SHA256
c134adb81f15c60b5a0c9b28cba14d55f1c32ac76ca0557b0d186b8aa2c5d112

SHA512
0bb0d915e942909168d2df88d6d6d81e91b51fa86fd0131bcaf0ddb73a1f7255b0d1019ab5cd97378653a06df5d207d12c1a3f061fa705d6a94a78b69c95944e

Download Submit
C:\Windows\System32\RYjPCiV.exe

Filesize
967KB

MD5
6e27f39308579656ccb2bed3cf1c2cea

SHA1
6bea502d24abca215bdb8093937fe28d677901b2

SHA256
ede9619992cd19d30f72bb76e5def31d75f3a90f5b105afd589611447df98dd8

SHA512
7ac4bba657789a24ff212a9e55cf8f0b912d57aeb766b45f0991c9b91bd9e1b66bd6de88f2c5db739a5803896f8c750be9c5e678477286c878d402c0dcc7095c

Download Submit
C:\Windows\System32\TFijlCP.exe

Filesize
965KB

MD5
196852143cccc9b55b56dc2a7ac86c47

SHA1
298f5b4a70c5bb58aa5573fc2869785bd083a6a8

SHA256
7e0321670b05a806616141a3e5b5c4a038384d09e4f65f7ee369c9a54dceba35

SHA512
e08c288c84b5cb941d221885b7fda562846a868116ac4aa87504e809e1cce38fcc5c50b52af972a70d09f64a93c43e43b59a29bb917085654e8632a96dd13d57

Download Submit
C:\Windows\System32\TKCJMQp.exe

Filesize
968KB

MD5
b9ebaac7898cb2b7aa428f19411650d0

SHA1
32efdd6f3f6883f74ad52954156ba4f39eaee2ed

SHA256
9ded8cfa04b013e50b74bf520125dda6fd23160903711d51ac75ea20449766d3

SHA512
5f16ec7eb335185c136892cb9057a4607b30eb5a09c261fde2c9cd5950c13c56b22039afe1b1b3d833d529690b6c720fee45726df7dd16fea10a2fdb31b4a90d

Download Submit
C:\Windows\System32\VflJeim.exe

Filesize
967KB

MD5
30ef518380abd97d895a793aa789ce2f

SHA1
a8f6feb8e40b25886ba34ededc4783defaccaf67

SHA256
30a9a1018b182d348e147d62dc9fd3a60fbf5ad44bf06ed82ca1484d04818877

SHA512
bcc669f890018d94572ec9317c946b77fc9f2280d8da28b5bb4aefb31251ad81e769471bd7becd00eb6a3d9c078eb4d9b48547a54b93b8166e1db0f59e9fa57c

Download Submit
C:\Windows\System32\WCotGKR.exe

Filesize
963KB

MD5
6d9115136f347b7b3060cb3bb598b269

SHA1
0f390bf851b09b10ec558fb213dcdd0268aa5fce

SHA256
25c118b177e2352ad965e8f4bae40100936efd5e86960e033783383bc5c52501

SHA512
dc847162105798b202b13cc4eb723423e563828a27502746e653db3fd5964bdb437b4f4f0db9fcf46c94f1fef362682b001dd3b1a63acf57883980e18dbda71c

Download Submit
C:\Windows\System32\YSOerWx.exe

Filesize
964KB

MD5
8fc1ba6e9ff3a748ee44efaa9f802830

SHA1
f668520ee13404871c1d135de90ec81b6d7e442b

SHA256
121e7c714d39482e46eb8279e600b04ad437855784c1d1b4090a1db1ed6e9e71

SHA512
b92cc55806a087dd9b1d6ec302df19e85ea63d01453f487253379e876da817ac11bf7fb2f5bf8824b0419d6c1e0ac719b8b7df52fbcdf20f80773267a2fb4a6d

Download Submit
C:\Windows\System32\YTPbNdX.exe

Filesize
963KB

MD5
75f557c8660c5ec3efb45105e7ca774e

SHA1
5bd32032633acced30d6c79ff76447be513a39e4

SHA256
23e37d04ee5ac92ba9f2a523141897c5ffe3756184a50bf084733b0b09ec0a66

SHA512
8631edf0124a8ea5a83fce1f0a989006c87663dccb3c68107db2f2f01fa531c5ec23d43174fcf5ccabc396f82a1cea21f7da73a5d90f161fb71e159ac772f696

Download Submit
C:\Windows\System32\ZyOJDlH.exe

Filesize
965KB

MD5
348378c09b20399dbc118dfaed9f3137

SHA1
eed2387d302bb858347a0946774584b88067048d

SHA256
280c301c9ef63d9f1f63f9437c05aeb2a4779e84d9b0db0c9a78fcbf7deb6362

SHA512
3c65f08158701f9d038a36a731f330068b49fc5bdc90a8a9ec6e0b85cdb572db9441b43aeced509bc7528323ff48e75bbfeb361598c14e8e6ee1068acbc36ca8

Download Submit
C:\Windows\System32\ccEvFYl.exe

Filesize
962KB

MD5
54bf63ffc6b5056fa7021d321d333f54

SHA1
1b58f67391c6e4c411629b7c08a2a26e48eb0d97

SHA256
64628d31cc7c282ad3708a2bdb4517093d5be00017e52d1f49be31cb82dfb1cc

SHA512
d2707f20af645d9f700ea3d39b35767c830a4186a538c4c3887faaa661c13b1b9a15cc11588d6f9344ce6c3c1e0b6da215cb5e7a613745a98828f9fc2f4d5d7f

Download Submit
C:\Windows\System32\dVrltNO.exe

Filesize
964KB

MD5
4c31c596529fcb1382c6bf2835f7b4c3

SHA1
ca835513d53e2e981ca8f752af4bdc5d4cfa9f5a

SHA256
8bf9dafcdb3c68e55a532c87dfa0d29deefab4bf26d6c8848270273fed7f40d5

SHA512
f5dc19c8f371e3956513bce25e9142e4cf970ddf659ac77c2619e82efa85b4f3dd363fcf39b5230aba57072a10cff4ce11b3c22c27d25831c49c73c008617027

Download Submit
C:\Windows\System32\fGJCsTX.exe

Filesize
964KB

MD5
a90eb3e39a2466e35700bc22cce9f90c

SHA1
8777003b4f463db3c06d1d19333f5e0c989bf7ef

SHA256
beb858211fc6b3c7ed8fddc8f01287c30c25bb737ddf5edabc78dab8c6c87103

SHA512
013c4c6f30eca30728cdf2e3223600a5489c4bbbaf99b6b84a03a3d800482660dee597c7220d0fc2997fadb1f641813374a470ab26a100b0e628cff7b3f13ead

Download Submit
C:\Windows\System32\fRBqLSI.exe

Filesize
963KB

MD5
029850dde9fc6c7576530b2ae4b92a16

SHA1
c8c57a8c22d16272d150d620148f9b9fa69d1b57

SHA256
65359837711d3693cae55cdb1435f172d40e55d2debdd72ad9322bc419413f20

SHA512
938397c732f0655d62fec0f685177280696bcdab0dcbbac4bdaae15bf628c444fdadd4640ba4e7e9a11fe04de37999523fc00f4526f9bc0572fc774063cc4b75

Download Submit
C:\Windows\System32\fsloVLE.exe

Filesize
962KB

MD5
296c64eaee0f4898e5ec709ec2644427

SHA1
a687f4ca48256dd76d263c9b1f4978c6404dc914

SHA256
65358944e7ba7f54ab91ba48b869a653ef5db01f9f4e4864cce22608fd607796

SHA512
a7dcdb84663cbd3a1b05398099918866fd2af8ce4fcafda978e62d4e1a9103a594ec2a93cf1af63860cbf9a66504f4ef77e3869ed14d6352e506493f7b80942a

Download Submit
C:\Windows\System32\gBAwyEp.exe

Filesize
964KB

MD5
54fc2fce1cc8161e390607e6911f1199

SHA1
d1dac22b05ac12c8f5a039273a6e0109e2535e06

SHA256
3c89c846dd876dd9ba79c8875e8be4da433f0685ac2705a0f2a845fe31b51eec

SHA512
4f0855de631344680fd9492ce39e2f609923b534656081c91db1296e023544b10f07c91605ac8a0849ac26ba01993fef20bc6abfa020e0fc87e1a85660af705c

Download Submit
C:\Windows\System32\iUhPiMC.exe

Filesize
961KB

MD5
f790d678b24b70636147377e67c24c1c

SHA1
29584101bbb182d85025dd3a62cd7c0935917041

SHA256
70510f5e1639a951635e48a1101171dce7c7b143b251fe2a92db044f5b7fc7ee

SHA512
d79844ad21c397e4e77d397dd4f500fc9ebb6d9641cd897eed4087dd59ae108d0df8097f71c5d5afd3d324e5dc4350ca2e63fcff369852450c7ef93980c99346

Download Submit
C:\Windows\System32\nDbinOy.exe

Filesize
967KB

MD5
e3355bf94a4d9d545c0aa20b4efd4a8c

SHA1
92937ef2ded7da720407aa868290aa3acc8a9633

SHA256
60cb288e0420564789921c5a2b41c90099adcc3be8d8f7ceef66e206605ed06a

SHA512
8aa6f2257b365b078d7758c4b8aadd9fe9e9183aa7ed31fe5b7f0d2a5545c10a582788f28f177b89e5a7a05d486042d72d6d06d317dd6b88b7df5b326eb1c50c

Download Submit
C:\Windows\System32\poGsrNF.exe

Filesize
961KB

MD5
92361c0a0f9892da2268c59370897603

SHA1
dec2f08fbc8a4f9b488da865ce1a84eb44fffb1a

SHA256
30755ab99efda4fd40fd381d455df07f4b9c7ffa3a52fda86ce7101038989f4d

SHA512
5b12dc7f997e90db861f004f8415a67bc71d263b3561482ef8f988d089f58301a6b2a90cbce85181ee814f54269015557c6d493dbf966869e19bcefa35a00152

Download Submit
C:\Windows\System32\rGSPkwB.exe

Filesize
966KB

MD5
a88128999c0131472c9fdac7ef825334

SHA1
8198c2d405078e578769c9016a9af071733d957c

SHA256
45e92aadd9285bcf8068cf8c4279002fb636dbd0c19d3424c70712be2ecd265c

SHA512
eca905c09014c4a234b3162e86278530f5054c77aeddadb90a4b1f36047eef1a9cf8dc1ac6f28b376bf2e6490ddc42aab7a739eb130a6b921ff1cf5ab4b7167c

Download Submit
C:\Windows\System32\sdKcFEV.exe

Filesize
967KB

MD5
b3ac4f422f30c5b6f9ead42c701d1c0a

SHA1
add574d96ed40c12f3bf0f8a78e5e9693612d6be

SHA256
c8c765a5500aa36836238e4c6bc26ff431e72a91381857108918ce4120a41112

SHA512
2f7e6714cda36eeaebd2c532b13435d5e2a333110f03cd8906f6d6f47cfdadb6f93c7d6be088dc95ae25248f79d3e75a87ef8dff2e5a97c663379874e694e8c6

Download Submit
C:\Windows\System32\sypdPMm.exe

Filesize
965KB

MD5
a80943e977ac4a9c572e691087d9306f

SHA1
c59c38d56a5eec93471cfac29f89113f7a37aa81

SHA256
883ef64d1ab0fb966ad80dab16fc34047120e081ab3288140a28839a6b66a083

SHA512
da490cc432f55fb425d0e2a0f1c65f605f7edf84fb10c58ea3e80c55c64b70faa9b386679c12d6a769b6b4a7c02800a9eaa96507f485996905b391195a1a7192

Download Submit
C:\Windows\System32\tmoOoni.exe

Filesize
960KB

MD5
9943b7b3a62bd11fbbf82ddea67ad193

SHA1
b2cf437058f3821626acab39bada5ec47633d41e

SHA256
8f818df68bb6e43ae0f521ad7272aa750e40908a578775eb2a4ce87ed740d5ea

SHA512
da04e7826d2af59275be568cdbdbdbd4b193d174446d5b9a993a931e091f820791e3dabe39f11e4fcc52f9752f591fd3645bd89501028cc53515e60b8d95a0ce

Download Submit
C:\Windows\System32\vuPDZqU.exe

Filesize
963KB

MD5
5aa4227d13d783091245183b06d2aa2f

SHA1
ba683f1cd86b756f3262250d5e94966484c80848

SHA256
be39d7d92fa6ce7b5dc6d6b61c1f3b45ec28861a844e42109be33517265f3624

SHA512
3caf54630eb6cd705249a12b0d8e7dec133a716c0c653dcfb6c140f8ee518e3dd881d0c5d1bed5e1b09389aa3b9cbd0625d4e3c7d33a069eccd55eb65452643a

Download Submit
C:\Windows\System32\xBZaSky.exe

Filesize
968KB

MD5
3576d29accc69bc9eb026bdda778a306

SHA1
f8f3b1cc234d01b5215bcd059e888bf21f7c8c29

SHA256
c104ddcbff9413a81519fb10ea3c1404aed387dc204f00375985bb54d7b51ab6

SHA512
b47679decfd65c211011144c63863eb92064d9a510c8dc7f0baf7bd96b2580694062230ceb292e1a2301eee559eff818e31d964c1ecbd05e15311bb3959edca6

Download Submit
C:\Windows\System32\xUUxErQ.exe

Filesize
961KB

MD5
34f106b800ce0448511081e31894b881

SHA1
312ebb78d123dbb616ebf6a2a7c6d0a697808d3c

SHA256
f5718ff8a8e352cb9c90a562d268a8719bfda6ef987955eb9621450f8794758e

SHA512
8eb7682982da750e75b892c853e5bcb2a0176e3ffd43faa1b47ab18196a4978631ec906c0650284af21d098fb31fadff0bca6a816635fd4379da25871ac1af53

Download Submit
C:\Windows\System32\yoyOZKS.exe

Filesize
966KB

MD5
cf0e31b9fbc4ae22c503fc53192d2775

SHA1
5a101552df5206273ee8972b4524af7b051e9c1d

SHA256
058ae8ed4a2c0bb1af02e79cbae7bb04825ea119364cf8f13fa6b0155c76516a

SHA512
630a216adc43d5df63ba2a240137c82b81cb2ccf3e05a76984011c85123eea357b87055cf7e9a16b9aafd7906fa099ed81ce81182f2fad0d7a7e989c0c200a2f

Download Submit
memory/1032-2177-0x00007FF6121A0000-0x00007FF612591000-memory.dmp

Filesize
3.9MB

Download
memory/1032-361-0x00007FF6121A0000-0x00007FF612591000-memory.dmp

Filesize
3.9MB

Download
memory/1476-398-0x00007FF6B32D0000-0x00007FF6B36C1000-memory.dmp

Filesize
3.9MB

Download
memory/1476-2189-0x00007FF6B32D0000-0x00007FF6B36C1000-memory.dmp

Filesize
3.9MB

Download
memory/1988-2249-0x00007FF686A80000-0x00007FF686E71000-memory.dmp

Filesize
3.9MB

Download
memory/1988-420-0x00007FF686A80000-0x00007FF686E71000-memory.dmp

Filesize
3.9MB

Download
memory/2124-30-0x00007FF675DD0000-0x00007FF6761C1000-memory.dmp

Filesize
3.9MB

Download
memory/2124-2163-0x00007FF675DD0000-0x00007FF6761C1000-memory.dmp

Filesize
3.9MB

Download
memory/2196-2181-0x00007FF76A240000-0x00007FF76A631000-memory.dmp

Filesize
3.9MB

Download
memory/2196-373-0x00007FF76A240000-0x00007FF76A631000-memory.dmp

Filesize
3.9MB

Download
memory/2696-415-0x00007FF7244B0000-0x00007FF7248A1000-memory.dmp

Filesize
3.9MB

Download
memory/2696-2251-0x00007FF7244B0000-0x00007FF7248A1000-memory.dmp

Filesize
3.9MB

Download
memory/3092-412-0x00007FF7E4670000-0x00007FF7E4A61000-memory.dmp

Filesize
3.9MB

Download
memory/3092-2253-0x00007FF7E4670000-0x00007FF7E4A61000-memory.dmp

Filesize
3.9MB

Download
memory/3096-2224-0x00007FF640190000-0x00007FF640581000-memory.dmp

Filesize
3.9MB

Download
memory/3096-422-0x00007FF640190000-0x00007FF640581000-memory.dmp

Filesize
3.9MB

Download
memory/3232-29-0x00007FF7E7CC0000-0x00007FF7E80B1000-memory.dmp

Filesize
3.9MB

Download
memory/3232-1187-0x00007FF7E7CC0000-0x00007FF7E80B1000-memory.dmp

Filesize
3.9MB

Download
memory/3232-2169-0x00007FF7E7CC0000-0x00007FF7E80B1000-memory.dmp

Filesize
3.9MB

Download
memory/3312-2167-0x00007FF6785D0000-0x00007FF6789C1000-memory.dmp

Filesize
3.9MB

Download
memory/3312-1183-0x00007FF6785D0000-0x00007FF6789C1000-memory.dmp

Filesize
3.9MB

Download
memory/3312-27-0x00007FF6785D0000-0x00007FF6789C1000-memory.dmp

Filesize
3.9MB

Download
memory/3372-421-0x00007FF68B4A0000-0x00007FF68B891000-memory.dmp

Filesize
3.9MB

Download
memory/3372-2248-0x00007FF68B4A0000-0x00007FF68B891000-memory.dmp

Filesize
3.9MB

Download
memory/3384-37-0x00007FF7AA640000-0x00007FF7AAA31000-memory.dmp

Filesize
3.9MB

Download
memory/3384-2171-0x00007FF7AA640000-0x00007FF7AAA31000-memory.dmp

Filesize
3.9MB

Download
memory/3384-1444-0x00007FF7AA640000-0x00007FF7AAA31000-memory.dmp

Filesize
3.9MB

Download
memory/3500-2218-0x00007FF637A70000-0x00007FF637E61000-memory.dmp

Filesize
3.9MB

Download
memory/3500-400-0x00007FF637A70000-0x00007FF637E61000-memory.dmp

Filesize
3.9MB

Download
memory/3508-935-0x00007FF7A9630000-0x00007FF7A9A21000-memory.dmp

Filesize
3.9MB

Download
memory/3508-1-0x000002DC4D900000-0x000002DC4D910000-memory.dmp

Filesize
64KB

Download
memory/3508-0-0x00007FF7A9630000-0x00007FF7A9A21000-memory.dmp

Filesize
3.9MB

Download
memory/3780-370-0x00007FF7936B0000-0x00007FF793AA1000-memory.dmp

Filesize
3.9MB

Download
memory/3780-2179-0x00007FF7936B0000-0x00007FF793AA1000-memory.dmp

Filesize
3.9MB

Download
memory/3796-1449-0x00007FF63F740000-0x00007FF63FB31000-memory.dmp

Filesize
3.9MB

Download
memory/3796-352-0x00007FF63F740000-0x00007FF63FB31000-memory.dmp

Filesize
3.9MB

Download
memory/3796-2173-0x00007FF63F740000-0x00007FF63FB31000-memory.dmp

Filesize
3.9MB

Download
memory/4144-356-0x00007FF7556A0000-0x00007FF755A91000-memory.dmp

Filesize
3.9MB

Download
memory/4144-2175-0x00007FF7556A0000-0x00007FF755A91000-memory.dmp

Filesize
3.9MB

Download
memory/4424-390-0x00007FF605CD0000-0x00007FF6060C1000-memory.dmp

Filesize
3.9MB

Download
memory/4424-2185-0x00007FF605CD0000-0x00007FF6060C1000-memory.dmp

Filesize
3.9MB

Download
memory/4508-2165-0x00007FF6DA0A0000-0x00007FF6DA491000-memory.dmp

Filesize
3.9MB

Download
memory/4508-424-0x00007FF6DA0A0000-0x00007FF6DA491000-memory.dmp

Filesize
3.9MB

Download
memory/4764-1083-0x00007FF643FE0000-0x00007FF6443D1000-memory.dmp

Filesize
3.9MB

Download
memory/4764-11-0x00007FF643FE0000-0x00007FF6443D1000-memory.dmp

Filesize
3.9MB

Download
memory/4764-2159-0x00007FF643FE0000-0x00007FF6443D1000-memory.dmp

Filesize
3.9MB

Download
memory/4804-26-0x00007FF626F00000-0x00007FF6272F1000-memory.dmp

Filesize
3.9MB

Download
memory/4804-1085-0x00007FF626F00000-0x00007FF6272F1000-memory.dmp

Filesize
3.9MB

Download
memory/4804-2161-0x00007FF626F00000-0x00007FF6272F1000-memory.dmp

Filesize
3.9MB

Download
memory/4996-2220-0x00007FF649C80000-0x00007FF64A071000-memory.dmp

Filesize
3.9MB

Download
memory/4996-403-0x00007FF649C80000-0x00007FF64A071000-memory.dmp

Filesize
3.9MB

Download
memory/5000-2222-0x00007FF7BBED0000-0x00007FF7BC2C1000-memory.dmp

Filesize
3.9MB

Download
memory/5000-405-0x00007FF7BBED0000-0x00007FF7BC2C1000-memory.dmp

Filesize
3.9MB

Download
memory/5068-2187-0x00007FF753CB0000-0x00007FF7540A1000-memory.dmp

Filesize
3.9MB

Download
memory/5068-394-0x00007FF753CB0000-0x00007FF7540A1000-memory.dmp

Filesize
3.9MB

Download
memory/5092-2183-0x00007FF7685B0000-0x00007FF7689A1000-memory.dmp

Filesize
3.9MB

Download
memory/5092-385-0x00007FF7685B0000-0x00007FF7689A1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads