xmrig | c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08

Analysis

max time kernel
105s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
Size

939KB
MD5

a20d51878eb01551e4af3d32260bab50
SHA1

bb9434e69c9b373cc7e982f2220e086ffa2d0905
SHA256

c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08
SHA512

5493817e501eed6c477cddba7375b21d35a94dcc620efd287cc45f4f1d52f35ad4c1ef2b265f56b0226c804f8ca964baee07331837dcec189b82e6f5a2df5c02
SSDEEP

24576:JanwhSe11QSONCpGJCjETPl+Me7bPMS8YkgcoEj:knw9oUUEEDl+xTMS8TgHa

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 41 IoCs

miner

resource	yara_rule
behavioral2/memory/4356-398-0x00007FF635630000-0x00007FF635A21000-memory.dmp	xmrig
behavioral2/memory/4416-399-0x00007FF6B00B0000-0x00007FF6B04A1000-memory.dmp	xmrig
behavioral2/memory/4248-422-0x00007FF608CC0000-0x00007FF6090B1000-memory.dmp	xmrig
behavioral2/memory/4360-410-0x00007FF6428C0000-0x00007FF642CB1000-memory.dmp	xmrig
behavioral2/memory/1364-405-0x00007FF785D30000-0x00007FF786121000-memory.dmp	xmrig
behavioral2/memory/1556-428-0x00007FF727E50000-0x00007FF728241000-memory.dmp	xmrig
behavioral2/memory/2776-432-0x00007FF701100000-0x00007FF7014F1000-memory.dmp	xmrig
behavioral2/memory/2260-441-0x00007FF636370000-0x00007FF636761000-memory.dmp	xmrig
behavioral2/memory/3436-444-0x00007FF610350000-0x00007FF610741000-memory.dmp	xmrig
behavioral2/memory/4732-496-0x00007FF723470000-0x00007FF723861000-memory.dmp	xmrig
behavioral2/memory/4592-501-0x00007FF7D0500000-0x00007FF7D08F1000-memory.dmp	xmrig
behavioral2/memory/2320-523-0x00007FF762860000-0x00007FF762C51000-memory.dmp	xmrig
behavioral2/memory/668-510-0x00007FF794360000-0x00007FF794751000-memory.dmp	xmrig
behavioral2/memory/3724-507-0x00007FF6D0400000-0x00007FF6D07F1000-memory.dmp	xmrig
behavioral2/memory/1524-495-0x00007FF63B090000-0x00007FF63B481000-memory.dmp	xmrig
behavioral2/memory/3592-442-0x00007FF702180000-0x00007FF702571000-memory.dmp	xmrig
behavioral2/memory/3612-426-0x00007FF7ADFA0000-0x00007FF7AE391000-memory.dmp	xmrig
behavioral2/memory/552-424-0x00007FF6C61D0000-0x00007FF6C65C1000-memory.dmp	xmrig
behavioral2/memory/2872-1332-0x00007FF70A740000-0x00007FF70AB31000-memory.dmp	xmrig
behavioral2/memory/3976-1333-0x00007FF798430000-0x00007FF798821000-memory.dmp	xmrig
behavioral2/memory/3656-1334-0x00007FF7DF950000-0x00007FF7DFD41000-memory.dmp	xmrig
behavioral2/memory/3124-1335-0x00007FF6B4350000-0x00007FF6B4741000-memory.dmp	xmrig
behavioral2/memory/2876-1383-0x00007FF613280000-0x00007FF613671000-memory.dmp	xmrig
behavioral2/memory/4544-1390-0x00007FF6F83A0000-0x00007FF6F8791000-memory.dmp	xmrig
behavioral2/memory/1856-1389-0x00007FF614AA0000-0x00007FF614E91000-memory.dmp	xmrig
behavioral2/memory/3976-2145-0x00007FF798430000-0x00007FF798821000-memory.dmp	xmrig
behavioral2/memory/3656-2147-0x00007FF7DF950000-0x00007FF7DFD41000-memory.dmp	xmrig
behavioral2/memory/1364-2151-0x00007FF785D30000-0x00007FF786121000-memory.dmp	xmrig
behavioral2/memory/2320-2149-0x00007FF762860000-0x00007FF762C51000-memory.dmp	xmrig
behavioral2/memory/4360-2156-0x00007FF6428C0000-0x00007FF642CB1000-memory.dmp	xmrig
behavioral2/memory/4356-2158-0x00007FF635630000-0x00007FF635A21000-memory.dmp	xmrig
behavioral2/memory/2260-2198-0x00007FF636370000-0x00007FF636761000-memory.dmp	xmrig
behavioral2/memory/3592-2202-0x00007FF702180000-0x00007FF702571000-memory.dmp	xmrig
behavioral2/memory/4732-2210-0x00007FF723470000-0x00007FF723861000-memory.dmp	xmrig
behavioral2/memory/4592-2208-0x00007FF7D0500000-0x00007FF7D08F1000-memory.dmp	xmrig
behavioral2/memory/668-2204-0x00007FF794360000-0x00007FF794751000-memory.dmp	xmrig
behavioral2/memory/3436-2212-0x00007FF610350000-0x00007FF610741000-memory.dmp	xmrig
behavioral2/memory/3724-2206-0x00007FF6D0400000-0x00007FF6D07F1000-memory.dmp	xmrig
behavioral2/memory/1524-2200-0x00007FF63B090000-0x00007FF63B481000-memory.dmp	xmrig
behavioral2/memory/1556-2167-0x00007FF727E50000-0x00007FF728241000-memory.dmp	xmrig
behavioral2/memory/4416-2154-0x00007FF6B00B0000-0x00007FF6B04A1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3976	peMsABz.exe
4356	UDmphiD.exe
3656	cqmWCCh.exe
4416	BRwNkoe.exe
2876	rvooUZt.exe
1856	wIbGvJA.exe
4544	PpdAHVx.exe
3124	TYYTZFW.exe
1364	WGmdMJJ.exe
2320	wOdvYth.exe
4360	mcQsbTp.exe
4248	PqxGYAi.exe
552	QqugTZv.exe
3612	vuQYcDF.exe
1556	nGkowHI.exe
2776	QSzrqyh.exe
2260	tHdODvM.exe
3592	guqFYNy.exe
3436	CjFNwdU.exe
1524	mzKgPxr.exe
4732	QjHQcAw.exe
4592	gibcBjs.exe
3724	HyKBveH.exe
668	EGrWydu.exe
1036	unzqDsZ.exe
804	jGDJrEc.exe
1344	gSDqzUc.exe
5024	RuGiyir.exe
1640	jzQzILQ.exe
2092	vAyCvGq.exe
1992	JOMRqMZ.exe
2520	IijoxLZ.exe
540	HFQfCeh.exe
4140	DuZZBZW.exe
3548	qZSEzPK.exe
2760	fQBcAHa.exe
876	rfJlJWP.exe
5020	mJsjieG.exe
3048	aJIpgCr.exe
760	AHxetGW.exe
3168	GnxlvKN.exe
3224	cxizbUY.exe
2820	nyjvxsi.exe
2228	NSJrOeJ.exe
5064	XjmstVe.exe
3948	dcmOnjv.exe
2968	KafVUnz.exe
4340	NikwXsG.exe
4056	WMQzero.exe
3388	hneOQUf.exe
348	zmQlCXs.exe
1968	odPOZxP.exe
4932	fyIirVO.exe
3456	GFTDjnw.exe
4368	jlVBEDO.exe
2248	ntaKCTc.exe
4836	mBAfgMQ.exe
4444	yefhOOm.exe
3980	bidZhYD.exe
2976	XyEAunt.exe
3768	PoaVaDd.exe
4812	Dpketax.exe
3868	vENonMi.exe
3760	wInuLRK.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\AAgctJt.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\fyIirVO.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\iVBHHti.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\HVItRDP.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\OQKfCHB.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\IJGHjkQ.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\eAHpujF.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\rfJlJWP.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\Ljbljlh.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\utYmDHM.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\mPIlGsY.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\roXyATM.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\DYAZYhF.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\cPNFtAe.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\LwSqCSq.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\fGMkTue.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\dQcxkHz.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\TWDnsRt.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\QqugTZv.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\jGDJrEc.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\WTiMPHn.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\PmlcDUj.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\jtqzJWW.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\FADwbwu.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\zOWHgCT.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\YLFFOTM.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\BzSbagT.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\CRBUhOu.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\gakiOTu.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\zNDmDyR.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\TFjyyJS.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\UvPxeHZ.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\sKtcZgK.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\knvzteB.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\DwiqauZ.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\DeCXMvn.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\XjmstVe.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\ccKhyAe.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\WENITLx.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\LVHRFEg.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\nWRNTVg.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\unzqDsZ.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\HFQfCeh.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\ZISBHlE.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\pcJzyeG.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\OQLTPwf.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\ECtZuuw.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\eZGZRkw.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\yibfjtw.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\PSPxunk.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\nIfmQHl.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\LxfPJJO.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\WcmPOFH.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\bhzpAXE.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\Smizybn.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\WcpsUCu.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\rbckaQZ.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\UDmphiD.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\qNHsEeO.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\SSbGzro.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\eHFMGxd.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\CXbwdgN.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\peMsABz.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
File created	C:\Windows\System32\nyjvxsi.exe	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2872-0-0x00007FF70A740000-0x00007FF70AB31000-memory.dmp	upx
behavioral2/files/0x0009000000023c9c-4.dat	upx
behavioral2/files/0x0007000000023ca1-7.dat	upx
behavioral2/files/0x0007000000023ca3-25.dat	upx
behavioral2/files/0x0007000000023ca2-40.dat	upx
behavioral2/files/0x0007000000023ca9-59.dat	upx
behavioral2/files/0x0007000000023cab-75.dat	upx
behavioral2/files/0x0007000000023cae-84.dat	upx
behavioral2/files/0x0007000000023cb2-105.dat	upx
behavioral2/files/0x0007000000023cbd-162.dat	upx
behavioral2/memory/4356-398-0x00007FF635630000-0x00007FF635A21000-memory.dmp	upx
behavioral2/memory/4416-399-0x00007FF6B00B0000-0x00007FF6B04A1000-memory.dmp	upx
behavioral2/memory/4248-422-0x00007FF608CC0000-0x00007FF6090B1000-memory.dmp	upx
behavioral2/memory/4360-410-0x00007FF6428C0000-0x00007FF642CB1000-memory.dmp	upx
behavioral2/memory/1364-405-0x00007FF785D30000-0x00007FF786121000-memory.dmp	upx
behavioral2/memory/1556-428-0x00007FF727E50000-0x00007FF728241000-memory.dmp	upx
behavioral2/memory/2776-432-0x00007FF701100000-0x00007FF7014F1000-memory.dmp	upx
behavioral2/memory/2260-441-0x00007FF636370000-0x00007FF636761000-memory.dmp	upx
behavioral2/memory/3436-444-0x00007FF610350000-0x00007FF610741000-memory.dmp	upx
behavioral2/memory/4732-496-0x00007FF723470000-0x00007FF723861000-memory.dmp	upx
behavioral2/memory/4592-501-0x00007FF7D0500000-0x00007FF7D08F1000-memory.dmp	upx
behavioral2/memory/2320-523-0x00007FF762860000-0x00007FF762C51000-memory.dmp	upx
behavioral2/memory/668-510-0x00007FF794360000-0x00007FF794751000-memory.dmp	upx
behavioral2/memory/3724-507-0x00007FF6D0400000-0x00007FF6D07F1000-memory.dmp	upx
behavioral2/memory/1524-495-0x00007FF63B090000-0x00007FF63B481000-memory.dmp	upx
behavioral2/memory/3592-442-0x00007FF702180000-0x00007FF702571000-memory.dmp	upx
behavioral2/memory/3612-426-0x00007FF7ADFA0000-0x00007FF7AE391000-memory.dmp	upx
behavioral2/memory/552-424-0x00007FF6C61D0000-0x00007FF6C65C1000-memory.dmp	upx
behavioral2/files/0x0007000000023cbe-167.dat	upx
behavioral2/files/0x0007000000023cbc-157.dat	upx
behavioral2/files/0x0007000000023cbb-155.dat	upx
behavioral2/files/0x0007000000023cba-147.dat	upx
behavioral2/files/0x0007000000023cb9-145.dat	upx
behavioral2/files/0x0007000000023cb8-137.dat	upx
behavioral2/files/0x0007000000023cb7-135.dat	upx
behavioral2/files/0x0007000000023cb6-127.dat	upx
behavioral2/files/0x0007000000023cb5-122.dat	upx
behavioral2/files/0x0007000000023cb4-120.dat	upx
behavioral2/files/0x0007000000023cb3-115.dat	upx
behavioral2/files/0x0007000000023cb1-102.dat	upx
behavioral2/files/0x0007000000023cb0-100.dat	upx
behavioral2/files/0x0007000000023caf-92.dat	upx
behavioral2/files/0x0007000000023cad-82.dat	upx
behavioral2/files/0x0007000000023cac-80.dat	upx
behavioral2/files/0x0007000000023caa-67.dat	upx
behavioral2/files/0x0007000000023ca8-57.dat	upx
behavioral2/files/0x0007000000023ca7-55.dat	upx
behavioral2/memory/3124-49-0x00007FF6B4350000-0x00007FF6B4741000-memory.dmp	upx
behavioral2/files/0x0007000000023ca5-46.dat	upx
behavioral2/files/0x0007000000023ca6-44.dat	upx
behavioral2/files/0x0007000000023ca4-42.dat	upx
behavioral2/memory/4544-38-0x00007FF6F83A0000-0x00007FF6F8791000-memory.dmp	upx
behavioral2/memory/1856-36-0x00007FF614AA0000-0x00007FF614E91000-memory.dmp	upx
behavioral2/memory/2876-34-0x00007FF613280000-0x00007FF613671000-memory.dmp	upx
behavioral2/files/0x0007000000023ca0-33.dat	upx
behavioral2/memory/3656-31-0x00007FF7DF950000-0x00007FF7DFD41000-memory.dmp	upx
behavioral2/memory/3976-14-0x00007FF798430000-0x00007FF798821000-memory.dmp	upx
behavioral2/memory/2872-1332-0x00007FF70A740000-0x00007FF70AB31000-memory.dmp	upx
behavioral2/memory/3976-1333-0x00007FF798430000-0x00007FF798821000-memory.dmp	upx
behavioral2/memory/3656-1334-0x00007FF7DF950000-0x00007FF7DFD41000-memory.dmp	upx
behavioral2/memory/3124-1335-0x00007FF6B4350000-0x00007FF6B4741000-memory.dmp	upx
behavioral2/memory/2876-1383-0x00007FF613280000-0x00007FF613671000-memory.dmp	upx
behavioral2/memory/4544-1390-0x00007FF6F83A0000-0x00007FF6F8791000-memory.dmp	upx
behavioral2/memory/1856-1389-0x00007FF614AA0000-0x00007FF614E91000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13840	dwm.exe
Token: SeChangeNotifyPrivilege	13840	dwm.exe
Token: 33	13840	dwm.exe
Token: SeIncBasePriorityPrivilege	13840	dwm.exe
Token: SeShutdownPrivilege	13840	dwm.exe
Token: SeCreatePagefilePrivilege	13840	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 3976	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	84
PID 2872 wrote to memory of 3976	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	84
PID 2872 wrote to memory of 4356	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	85
PID 2872 wrote to memory of 4356	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	85
PID 2872 wrote to memory of 3656	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	86
PID 2872 wrote to memory of 3656	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	86
PID 2872 wrote to memory of 4416	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	87
PID 2872 wrote to memory of 4416	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	87
PID 2872 wrote to memory of 2876	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	88
PID 2872 wrote to memory of 2876	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	88
PID 2872 wrote to memory of 1856	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	89
PID 2872 wrote to memory of 1856	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	89
PID 2872 wrote to memory of 4544	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	90
PID 2872 wrote to memory of 4544	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	90
PID 2872 wrote to memory of 3124	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	91
PID 2872 wrote to memory of 3124	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	91
PID 2872 wrote to memory of 1364	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	92
PID 2872 wrote to memory of 1364	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	92
PID 2872 wrote to memory of 2320	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	93
PID 2872 wrote to memory of 2320	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	93
PID 2872 wrote to memory of 4360	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	94
PID 2872 wrote to memory of 4360	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	94
PID 2872 wrote to memory of 4248	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	95
PID 2872 wrote to memory of 4248	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	95
PID 2872 wrote to memory of 552	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	96
PID 2872 wrote to memory of 552	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	96
PID 2872 wrote to memory of 3612	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	97
PID 2872 wrote to memory of 3612	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	97
PID 2872 wrote to memory of 1556	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	98
PID 2872 wrote to memory of 1556	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	98
PID 2872 wrote to memory of 2776	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	99
PID 2872 wrote to memory of 2776	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	99
PID 2872 wrote to memory of 2260	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	100
PID 2872 wrote to memory of 2260	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	100
PID 2872 wrote to memory of 3592	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	101
PID 2872 wrote to memory of 3592	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	101
PID 2872 wrote to memory of 3436	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	102
PID 2872 wrote to memory of 3436	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	102
PID 2872 wrote to memory of 1524	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	103
PID 2872 wrote to memory of 1524	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	103
PID 2872 wrote to memory of 4732	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	104
PID 2872 wrote to memory of 4732	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	104
PID 2872 wrote to memory of 4592	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	105
PID 2872 wrote to memory of 4592	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	105
PID 2872 wrote to memory of 3724	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	106
PID 2872 wrote to memory of 3724	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	106
PID 2872 wrote to memory of 668	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	107
PID 2872 wrote to memory of 668	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	107
PID 2872 wrote to memory of 1036	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	108
PID 2872 wrote to memory of 1036	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	108
PID 2872 wrote to memory of 804	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	109
PID 2872 wrote to memory of 804	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	109
PID 2872 wrote to memory of 1344	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	110
PID 2872 wrote to memory of 1344	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	110
PID 2872 wrote to memory of 5024	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	111
PID 2872 wrote to memory of 5024	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	111
PID 2872 wrote to memory of 1640	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	112
PID 2872 wrote to memory of 1640	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	112
PID 2872 wrote to memory of 2092	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	113
PID 2872 wrote to memory of 2092	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	113
PID 2872 wrote to memory of 1992	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	114
PID 2872 wrote to memory of 1992	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	114
PID 2872 wrote to memory of 2520	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	115
PID 2872 wrote to memory of 2520	2872	c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe	115

C:\Users\Admin\AppData\Local\Temp\c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe
"C:\Users\Admin\AppData\Local\Temp\c5a5a54b7d022c763e42ad69332f88496812b1827f07053a0c369c784929ea08N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\System32\peMsABz.exe
  C:\Windows\System32\peMsABz.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System32\UDmphiD.exe
  C:\Windows\System32\UDmphiD.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System32\cqmWCCh.exe
  C:\Windows\System32\cqmWCCh.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System32\BRwNkoe.exe
  C:\Windows\System32\BRwNkoe.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System32\rvooUZt.exe
  C:\Windows\System32\rvooUZt.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System32\wIbGvJA.exe
  C:\Windows\System32\wIbGvJA.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System32\PpdAHVx.exe
  C:\Windows\System32\PpdAHVx.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System32\TYYTZFW.exe
  C:\Windows\System32\TYYTZFW.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System32\WGmdMJJ.exe
  C:\Windows\System32\WGmdMJJ.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System32\wOdvYth.exe
  C:\Windows\System32\wOdvYth.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System32\mcQsbTp.exe
  C:\Windows\System32\mcQsbTp.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System32\PqxGYAi.exe
  C:\Windows\System32\PqxGYAi.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System32\QqugTZv.exe
  C:\Windows\System32\QqugTZv.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System32\vuQYcDF.exe
  C:\Windows\System32\vuQYcDF.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System32\nGkowHI.exe
  C:\Windows\System32\nGkowHI.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System32\QSzrqyh.exe
  C:\Windows\System32\QSzrqyh.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System32\tHdODvM.exe
  C:\Windows\System32\tHdODvM.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System32\guqFYNy.exe
  C:\Windows\System32\guqFYNy.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System32\CjFNwdU.exe
  C:\Windows\System32\CjFNwdU.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System32\mzKgPxr.exe
  C:\Windows\System32\mzKgPxr.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System32\QjHQcAw.exe
  C:\Windows\System32\QjHQcAw.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System32\gibcBjs.exe
  C:\Windows\System32\gibcBjs.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System32\HyKBveH.exe
  C:\Windows\System32\HyKBveH.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System32\EGrWydu.exe
  C:\Windows\System32\EGrWydu.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System32\unzqDsZ.exe
  C:\Windows\System32\unzqDsZ.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System32\jGDJrEc.exe
  C:\Windows\System32\jGDJrEc.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System32\gSDqzUc.exe
  C:\Windows\System32\gSDqzUc.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System32\RuGiyir.exe
  C:\Windows\System32\RuGiyir.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System32\jzQzILQ.exe
  C:\Windows\System32\jzQzILQ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System32\vAyCvGq.exe
  C:\Windows\System32\vAyCvGq.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System32\JOMRqMZ.exe
  C:\Windows\System32\JOMRqMZ.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System32\IijoxLZ.exe
  C:\Windows\System32\IijoxLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System32\HFQfCeh.exe
  C:\Windows\System32\HFQfCeh.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System32\DuZZBZW.exe
  C:\Windows\System32\DuZZBZW.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System32\qZSEzPK.exe
  C:\Windows\System32\qZSEzPK.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System32\fQBcAHa.exe
  C:\Windows\System32\fQBcAHa.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System32\rfJlJWP.exe
  C:\Windows\System32\rfJlJWP.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System32\mJsjieG.exe
  C:\Windows\System32\mJsjieG.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System32\aJIpgCr.exe
  C:\Windows\System32\aJIpgCr.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System32\AHxetGW.exe
  C:\Windows\System32\AHxetGW.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System32\GnxlvKN.exe
  C:\Windows\System32\GnxlvKN.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System32\cxizbUY.exe
  C:\Windows\System32\cxizbUY.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System32\nyjvxsi.exe
  C:\Windows\System32\nyjvxsi.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System32\NSJrOeJ.exe
  C:\Windows\System32\NSJrOeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System32\XjmstVe.exe
  C:\Windows\System32\XjmstVe.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System32\dcmOnjv.exe
  C:\Windows\System32\dcmOnjv.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System32\KafVUnz.exe
  C:\Windows\System32\KafVUnz.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System32\NikwXsG.exe
  C:\Windows\System32\NikwXsG.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System32\WMQzero.exe
  C:\Windows\System32\WMQzero.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System32\hneOQUf.exe
  C:\Windows\System32\hneOQUf.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System32\zmQlCXs.exe
  C:\Windows\System32\zmQlCXs.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System32\odPOZxP.exe
  C:\Windows\System32\odPOZxP.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System32\fyIirVO.exe
  C:\Windows\System32\fyIirVO.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System32\GFTDjnw.exe
  C:\Windows\System32\GFTDjnw.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System32\jlVBEDO.exe
  C:\Windows\System32\jlVBEDO.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System32\ntaKCTc.exe
  C:\Windows\System32\ntaKCTc.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System32\mBAfgMQ.exe
  C:\Windows\System32\mBAfgMQ.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System32\yefhOOm.exe
  C:\Windows\System32\yefhOOm.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System32\bidZhYD.exe
  C:\Windows\System32\bidZhYD.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System32\XyEAunt.exe
  C:\Windows\System32\XyEAunt.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System32\PoaVaDd.exe
  C:\Windows\System32\PoaVaDd.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System32\Dpketax.exe
  C:\Windows\System32\Dpketax.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System32\vENonMi.exe
  C:\Windows\System32\vENonMi.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System32\wInuLRK.exe
  C:\Windows\System32\wInuLRK.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System32\JdSfQrv.exe
  C:\Windows\System32\JdSfQrv.exe
  2⤵
  PID:612
- C:\Windows\System32\DnYgCZK.exe
  C:\Windows\System32\DnYgCZK.exe
  2⤵
  PID:2444
- C:\Windows\System32\xCkpRiM.exe
  C:\Windows\System32\xCkpRiM.exe
  2⤵
  PID:4060
- C:\Windows\System32\hokATiB.exe
  C:\Windows\System32\hokATiB.exe
  2⤵
  PID:3452
- C:\Windows\System32\ttrYfka.exe
  C:\Windows\System32\ttrYfka.exe
  2⤵
  PID:4528
- C:\Windows\System32\YfXtOiC.exe
  C:\Windows\System32\YfXtOiC.exe
  2⤵
  PID:2364
- C:\Windows\System32\zOWHgCT.exe
  C:\Windows\System32\zOWHgCT.exe
  2⤵
  PID:4208
- C:\Windows\System32\bEurEQh.exe
  C:\Windows\System32\bEurEQh.exe
  2⤵
  PID:1368
- C:\Windows\System32\QamoDxM.exe
  C:\Windows\System32\QamoDxM.exe
  2⤵
  PID:4224
- C:\Windows\System32\uIFoTOK.exe
  C:\Windows\System32\uIFoTOK.exe
  2⤵
  PID:3088
- C:\Windows\System32\rmGUFSU.exe
  C:\Windows\System32\rmGUFSU.exe
  2⤵
  PID:1884
- C:\Windows\System32\ylsAAbM.exe
  C:\Windows\System32\ylsAAbM.exe
  2⤵
  PID:2336
- C:\Windows\System32\qNHsEeO.exe
  C:\Windows\System32\qNHsEeO.exe
  2⤵
  PID:2340
- C:\Windows\System32\vhtOeBU.exe
  C:\Windows\System32\vhtOeBU.exe
  2⤵
  PID:3492
- C:\Windows\System32\qZNgTUe.exe
  C:\Windows\System32\qZNgTUe.exe
  2⤵
  PID:4508
- C:\Windows\System32\TFjyyJS.exe
  C:\Windows\System32\TFjyyJS.exe
  2⤵
  PID:2100
- C:\Windows\System32\eEFAYBf.exe
  C:\Windows\System32\eEFAYBf.exe
  2⤵
  PID:5132
- C:\Windows\System32\TySITXQ.exe
  C:\Windows\System32\TySITXQ.exe
  2⤵
  PID:5156
- C:\Windows\System32\ZqnvSes.exe
  C:\Windows\System32\ZqnvSes.exe
  2⤵
  PID:5184
- C:\Windows\System32\MyeTNWa.exe
  C:\Windows\System32\MyeTNWa.exe
  2⤵
  PID:5208
- C:\Windows\System32\HdzcAtT.exe
  C:\Windows\System32\HdzcAtT.exe
  2⤵
  PID:5244
- C:\Windows\System32\tfJRyZE.exe
  C:\Windows\System32\tfJRyZE.exe
  2⤵
  PID:5264
- C:\Windows\System32\NRHwCZc.exe
  C:\Windows\System32\NRHwCZc.exe
  2⤵
  PID:5308
- C:\Windows\System32\hHUWHGo.exe
  C:\Windows\System32\hHUWHGo.exe
  2⤵
  PID:5324
- C:\Windows\System32\xKtowen.exe
  C:\Windows\System32\xKtowen.exe
  2⤵
  PID:5356
- C:\Windows\System32\jGuUdSd.exe
  C:\Windows\System32\jGuUdSd.exe
  2⤵
  PID:5380
- C:\Windows\System32\rKMwkSG.exe
  C:\Windows\System32\rKMwkSG.exe
  2⤵
  PID:5412
- C:\Windows\System32\CsEvkPJ.exe
  C:\Windows\System32\CsEvkPJ.exe
  2⤵
  PID:5436
- C:\Windows\System32\uLXMfTS.exe
  C:\Windows\System32\uLXMfTS.exe
  2⤵
  PID:5464
- C:\Windows\System32\lmtraFt.exe
  C:\Windows\System32\lmtraFt.exe
  2⤵
  PID:5492
- C:\Windows\System32\sDjQJSt.exe
  C:\Windows\System32\sDjQJSt.exe
  2⤵
  PID:5520
- C:\Windows\System32\vMAXGIr.exe
  C:\Windows\System32\vMAXGIr.exe
  2⤵
  PID:5560
- C:\Windows\System32\PKgNiXM.exe
  C:\Windows\System32\PKgNiXM.exe
  2⤵
  PID:5576
- C:\Windows\System32\KttfYro.exe
  C:\Windows\System32\KttfYro.exe
  2⤵
  PID:5604
- C:\Windows\System32\nIfmQHl.exe
  C:\Windows\System32\nIfmQHl.exe
  2⤵
  PID:5632
- C:\Windows\System32\LJnerEc.exe
  C:\Windows\System32\LJnerEc.exe
  2⤵
  PID:5656
- C:\Windows\System32\rXxKcrO.exe
  C:\Windows\System32\rXxKcrO.exe
  2⤵
  PID:5692
- C:\Windows\System32\WCitqKf.exe
  C:\Windows\System32\WCitqKf.exe
  2⤵
  PID:5716
- C:\Windows\System32\bqlpbJK.exe
  C:\Windows\System32\bqlpbJK.exe
  2⤵
  PID:5748
- C:\Windows\System32\oeLVaRA.exe
  C:\Windows\System32\oeLVaRA.exe
  2⤵
  PID:5772
- C:\Windows\System32\RGkQMfc.exe
  C:\Windows\System32\RGkQMfc.exe
  2⤵
  PID:5804
- C:\Windows\System32\ccKhyAe.exe
  C:\Windows\System32\ccKhyAe.exe
  2⤵
  PID:5836
- C:\Windows\System32\zoRMGFj.exe
  C:\Windows\System32\zoRMGFj.exe
  2⤵
  PID:5868
- C:\Windows\System32\pZwJQzw.exe
  C:\Windows\System32\pZwJQzw.exe
  2⤵
  PID:5888
- C:\Windows\System32\diiMfCB.exe
  C:\Windows\System32\diiMfCB.exe
  2⤵
  PID:5912
- C:\Windows\System32\WTiMPHn.exe
  C:\Windows\System32\WTiMPHn.exe
  2⤵
  PID:5980
- C:\Windows\System32\Mjmrbjo.exe
  C:\Windows\System32\Mjmrbjo.exe
  2⤵
  PID:6000
- C:\Windows\System32\OSNUSJN.exe
  C:\Windows\System32\OSNUSJN.exe
  2⤵
  PID:6032
- C:\Windows\System32\jrRAvFN.exe
  C:\Windows\System32\jrRAvFN.exe
  2⤵
  PID:6064
- C:\Windows\System32\dHxJlmY.exe
  C:\Windows\System32\dHxJlmY.exe
  2⤵
  PID:6088
- C:\Windows\System32\SYKCysA.exe
  C:\Windows\System32\SYKCysA.exe
  2⤵
  PID:6104
- C:\Windows\System32\iiwkUkV.exe
  C:\Windows\System32\iiwkUkV.exe
  2⤵
  PID:6120
- C:\Windows\System32\fVhbOEn.exe
  C:\Windows\System32\fVhbOEn.exe
  2⤵
  PID:6140
- C:\Windows\System32\KRKzUQD.exe
  C:\Windows\System32\KRKzUQD.exe
  2⤵
  PID:2136
- C:\Windows\System32\OoCkmXU.exe
  C:\Windows\System32\OoCkmXU.exe
  2⤵
  PID:116
- C:\Windows\System32\wMeigkS.exe
  C:\Windows\System32\wMeigkS.exe
  2⤵
  PID:1320
- C:\Windows\System32\rLONzem.exe
  C:\Windows\System32\rLONzem.exe
  2⤵
  PID:5152
- C:\Windows\System32\ojSlbmx.exe
  C:\Windows\System32\ojSlbmx.exe
  2⤵
  PID:5204
- C:\Windows\System32\cmOwNwY.exe
  C:\Windows\System32\cmOwNwY.exe
  2⤵
  PID:5300
- C:\Windows\System32\ZISBHlE.exe
  C:\Windows\System32\ZISBHlE.exe
  2⤵
  PID:5332
- C:\Windows\System32\PjkOGvX.exe
  C:\Windows\System32\PjkOGvX.exe
  2⤵
  PID:1328
- C:\Windows\System32\iXfPbvw.exe
  C:\Windows\System32\iXfPbvw.exe
  2⤵
  PID:2704
- C:\Windows\System32\SfylblR.exe
  C:\Windows\System32\SfylblR.exe
  2⤵
  PID:3080
- C:\Windows\System32\RPevQQK.exe
  C:\Windows\System32\RPevQQK.exe
  2⤵
  PID:4988
- C:\Windows\System32\IMPYInp.exe
  C:\Windows\System32\IMPYInp.exe
  2⤵
  PID:5532
- C:\Windows\System32\SSbGzro.exe
  C:\Windows\System32\SSbGzro.exe
  2⤵
  PID:5612
- C:\Windows\System32\FdAmjBr.exe
  C:\Windows\System32\FdAmjBr.exe
  2⤵
  PID:5644
- C:\Windows\System32\gfLVrWG.exe
  C:\Windows\System32\gfLVrWG.exe
  2⤵
  PID:5664
- C:\Windows\System32\oGEjFbv.exe
  C:\Windows\System32\oGEjFbv.exe
  2⤵
  PID:5724
- C:\Windows\System32\veOeelG.exe
  C:\Windows\System32\veOeelG.exe
  2⤵
  PID:4996
- C:\Windows\System32\aKkPiKy.exe
  C:\Windows\System32\aKkPiKy.exe
  2⤵
  PID:5816
- C:\Windows\System32\wOyFGiQ.exe
  C:\Windows\System32\wOyFGiQ.exe
  2⤵
  PID:5896
- C:\Windows\System32\wNZLjDw.exe
  C:\Windows\System32\wNZLjDw.exe
  2⤵
  PID:1052
- C:\Windows\System32\ssCftAq.exe
  C:\Windows\System32\ssCftAq.exe
  2⤵
  PID:5904
- C:\Windows\System32\leFfGZH.exe
  C:\Windows\System32\leFfGZH.exe
  2⤵
  PID:5960
- C:\Windows\System32\fFvDghV.exe
  C:\Windows\System32\fFvDghV.exe
  2⤵
  PID:5996
- C:\Windows\System32\suKEQrK.exe
  C:\Windows\System32\suKEQrK.exe
  2⤵
  PID:6076
- C:\Windows\System32\CwdwsxZ.exe
  C:\Windows\System32\CwdwsxZ.exe
  2⤵
  PID:6112
- C:\Windows\System32\kcuWKgF.exe
  C:\Windows\System32\kcuWKgF.exe
  2⤵
  PID:896
- C:\Windows\System32\KzJEpIW.exe
  C:\Windows\System32\KzJEpIW.exe
  2⤵
  PID:1784
- C:\Windows\System32\WhEjpKD.exe
  C:\Windows\System32\WhEjpKD.exe
  2⤵
  PID:1960
- C:\Windows\System32\YxnnxEN.exe
  C:\Windows\System32\YxnnxEN.exe
  2⤵
  PID:1656
- C:\Windows\System32\RrLfQyE.exe
  C:\Windows\System32\RrLfQyE.exe
  2⤵
  PID:1444
- C:\Windows\System32\SxqIAhv.exe
  C:\Windows\System32\SxqIAhv.exe
  2⤵
  PID:5196
- C:\Windows\System32\pFVKSPa.exe
  C:\Windows\System32\pFVKSPa.exe
  2⤵
  PID:5344
- C:\Windows\System32\AxTQDlq.exe
  C:\Windows\System32\AxTQDlq.exe
  2⤵
  PID:5420
- C:\Windows\System32\hRTTaer.exe
  C:\Windows\System32\hRTTaer.exe
  2⤵
  PID:5528
- C:\Windows\System32\bpqFyoK.exe
  C:\Windows\System32\bpqFyoK.exe
  2⤵
  PID:4828
- C:\Windows\System32\LxfPJJO.exe
  C:\Windows\System32\LxfPJJO.exe
  2⤵
  PID:3600
- C:\Windows\System32\UvPxeHZ.exe
  C:\Windows\System32\UvPxeHZ.exe
  2⤵
  PID:3968
- C:\Windows\System32\Ljbljlh.exe
  C:\Windows\System32\Ljbljlh.exe
  2⤵
  PID:3000
- C:\Windows\System32\ZPuOmXl.exe
  C:\Windows\System32\ZPuOmXl.exe
  2⤵
  PID:5000
- C:\Windows\System32\uRlxkDA.exe
  C:\Windows\System32\uRlxkDA.exe
  2⤵
  PID:6052
- C:\Windows\System32\WENITLx.exe
  C:\Windows\System32\WENITLx.exe
  2⤵
  PID:1132
- C:\Windows\System32\LomLNzX.exe
  C:\Windows\System32\LomLNzX.exe
  2⤵
  PID:4244
- C:\Windows\System32\HxLhZtC.exe
  C:\Windows\System32\HxLhZtC.exe
  2⤵
  PID:2556
- C:\Windows\System32\lTrtSyJ.exe
  C:\Windows\System32\lTrtSyJ.exe
  2⤵
  PID:5428
- C:\Windows\System32\pGLYWxi.exe
  C:\Windows\System32\pGLYWxi.exe
  2⤵
  PID:5584
- C:\Windows\System32\UNyzGeT.exe
  C:\Windows\System32\UNyzGeT.exe
  2⤵
  PID:3476
- C:\Windows\System32\JTsRzfM.exe
  C:\Windows\System32\JTsRzfM.exe
  2⤵
  PID:4376
- C:\Windows\System32\okaPdZE.exe
  C:\Windows\System32\okaPdZE.exe
  2⤵
  PID:2004
- C:\Windows\System32\gLIwXMi.exe
  C:\Windows\System32\gLIwXMi.exe
  2⤵
  PID:212
- C:\Windows\System32\HOCeXhL.exe
  C:\Windows\System32\HOCeXhL.exe
  2⤵
  PID:3580
- C:\Windows\System32\dbWPFrv.exe
  C:\Windows\System32\dbWPFrv.exe
  2⤵
  PID:1472
- C:\Windows\System32\fCTxGjZ.exe
  C:\Windows\System32\fCTxGjZ.exe
  2⤵
  PID:5472
- C:\Windows\System32\ldUDnQJ.exe
  C:\Windows\System32\ldUDnQJ.exe
  2⤵
  PID:1220
- C:\Windows\System32\fJJtCBX.exe
  C:\Windows\System32\fJJtCBX.exe
  2⤵
  PID:3856
- C:\Windows\System32\QBzdLCh.exe
  C:\Windows\System32\QBzdLCh.exe
  2⤵
  PID:4284
- C:\Windows\System32\UyMTZnM.exe
  C:\Windows\System32\UyMTZnM.exe
  2⤵
  PID:5852
- C:\Windows\System32\CGyjrkB.exe
  C:\Windows\System32\CGyjrkB.exe
  2⤵
  PID:3160
- C:\Windows\System32\pcJzyeG.exe
  C:\Windows\System32\pcJzyeG.exe
  2⤵
  PID:2584
- C:\Windows\System32\jMMYRmz.exe
  C:\Windows\System32\jMMYRmz.exe
  2⤵
  PID:2812
- C:\Windows\System32\WqeFNco.exe
  C:\Windows\System32\WqeFNco.exe
  2⤵
  PID:6148
- C:\Windows\System32\dpNrAfl.exe
  C:\Windows\System32\dpNrAfl.exe
  2⤵
  PID:6164
- C:\Windows\System32\OTkSIZL.exe
  C:\Windows\System32\OTkSIZL.exe
  2⤵
  PID:6180
- C:\Windows\System32\LPWwrOh.exe
  C:\Windows\System32\LPWwrOh.exe
  2⤵
  PID:6196
- C:\Windows\System32\wSUXccX.exe
  C:\Windows\System32\wSUXccX.exe
  2⤵
  PID:6212
- C:\Windows\System32\hIyAdzo.exe
  C:\Windows\System32\hIyAdzo.exe
  2⤵
  PID:6228
- C:\Windows\System32\gLOwExk.exe
  C:\Windows\System32\gLOwExk.exe
  2⤵
  PID:6244
- C:\Windows\System32\OhAJZhr.exe
  C:\Windows\System32\OhAJZhr.exe
  2⤵
  PID:6260
- C:\Windows\System32\iCERXvr.exe
  C:\Windows\System32\iCERXvr.exe
  2⤵
  PID:6276
- C:\Windows\System32\jysILCz.exe
  C:\Windows\System32\jysILCz.exe
  2⤵
  PID:6292
- C:\Windows\System32\eYuTHFw.exe
  C:\Windows\System32\eYuTHFw.exe
  2⤵
  PID:6308
- C:\Windows\System32\hLfUURc.exe
  C:\Windows\System32\hLfUURc.exe
  2⤵
  PID:6324
- C:\Windows\System32\XEZyxnh.exe
  C:\Windows\System32\XEZyxnh.exe
  2⤵
  PID:6340
- C:\Windows\System32\wZOVqqV.exe
  C:\Windows\System32\wZOVqqV.exe
  2⤵
  PID:6356
- C:\Windows\System32\ACfLsAq.exe
  C:\Windows\System32\ACfLsAq.exe
  2⤵
  PID:6372
- C:\Windows\System32\DRKmCHm.exe
  C:\Windows\System32\DRKmCHm.exe
  2⤵
  PID:6388
- C:\Windows\System32\uToqwJB.exe
  C:\Windows\System32\uToqwJB.exe
  2⤵
  PID:6404
- C:\Windows\System32\pmITimK.exe
  C:\Windows\System32\pmITimK.exe
  2⤵
  PID:6420
- C:\Windows\System32\DZJbTOh.exe
  C:\Windows\System32\DZJbTOh.exe
  2⤵
  PID:6436
- C:\Windows\System32\lrrngAg.exe
  C:\Windows\System32\lrrngAg.exe
  2⤵
  PID:6452
- C:\Windows\System32\jBqhZzr.exe
  C:\Windows\System32\jBqhZzr.exe
  2⤵
  PID:6468
- C:\Windows\System32\oJOTDHr.exe
  C:\Windows\System32\oJOTDHr.exe
  2⤵
  PID:6484
- C:\Windows\System32\vGhVMcf.exe
  C:\Windows\System32\vGhVMcf.exe
  2⤵
  PID:6500
- C:\Windows\System32\lWknOca.exe
  C:\Windows\System32\lWknOca.exe
  2⤵
  PID:6516
- C:\Windows\System32\LlvsPTl.exe
  C:\Windows\System32\LlvsPTl.exe
  2⤵
  PID:6532
- C:\Windows\System32\PCJSSqy.exe
  C:\Windows\System32\PCJSSqy.exe
  2⤵
  PID:6548
- C:\Windows\System32\PgiKVDt.exe
  C:\Windows\System32\PgiKVDt.exe
  2⤵
  PID:6564
- C:\Windows\System32\fVOfJpP.exe
  C:\Windows\System32\fVOfJpP.exe
  2⤵
  PID:6580
- C:\Windows\System32\nhbGqlM.exe
  C:\Windows\System32\nhbGqlM.exe
  2⤵
  PID:6596
- C:\Windows\System32\HDRHLTX.exe
  C:\Windows\System32\HDRHLTX.exe
  2⤵
  PID:6612
- C:\Windows\System32\lXfgJae.exe
  C:\Windows\System32\lXfgJae.exe
  2⤵
  PID:6628
- C:\Windows\System32\WyNpGje.exe
  C:\Windows\System32\WyNpGje.exe
  2⤵
  PID:6644
- C:\Windows\System32\sXrbPJR.exe
  C:\Windows\System32\sXrbPJR.exe
  2⤵
  PID:6660
- C:\Windows\System32\JaHIWiK.exe
  C:\Windows\System32\JaHIWiK.exe
  2⤵
  PID:6676
- C:\Windows\System32\yWNDXwT.exe
  C:\Windows\System32\yWNDXwT.exe
  2⤵
  PID:6696
- C:\Windows\System32\uNBmAZS.exe
  C:\Windows\System32\uNBmAZS.exe
  2⤵
  PID:6724
- C:\Windows\System32\hHpcvME.exe
  C:\Windows\System32\hHpcvME.exe
  2⤵
  PID:6768
- C:\Windows\System32\KWoclLa.exe
  C:\Windows\System32\KWoclLa.exe
  2⤵
  PID:6792
- C:\Windows\System32\QQzATVI.exe
  C:\Windows\System32\QQzATVI.exe
  2⤵
  PID:6812
- C:\Windows\System32\NZjkolf.exe
  C:\Windows\System32\NZjkolf.exe
  2⤵
  PID:6828
- C:\Windows\System32\sMcLQXb.exe
  C:\Windows\System32\sMcLQXb.exe
  2⤵
  PID:6844
- C:\Windows\System32\hzhSNtp.exe
  C:\Windows\System32\hzhSNtp.exe
  2⤵
  PID:6868
- C:\Windows\System32\nOvJxML.exe
  C:\Windows\System32\nOvJxML.exe
  2⤵
  PID:6884
- C:\Windows\System32\ORHVuoC.exe
  C:\Windows\System32\ORHVuoC.exe
  2⤵
  PID:6908
- C:\Windows\System32\KVsosPW.exe
  C:\Windows\System32\KVsosPW.exe
  2⤵
  PID:7060
- C:\Windows\System32\FiUPwjK.exe
  C:\Windows\System32\FiUPwjK.exe
  2⤵
  PID:7100
- C:\Windows\System32\QFlQyRj.exe
  C:\Windows\System32\QFlQyRj.exe
  2⤵
  PID:6384
- C:\Windows\System32\zEUWHzv.exe
  C:\Windows\System32\zEUWHzv.exe
  2⤵
  PID:6416
- C:\Windows\System32\OlOpHbL.exe
  C:\Windows\System32\OlOpHbL.exe
  2⤵
  PID:6464
- C:\Windows\System32\WlPluMw.exe
  C:\Windows\System32\WlPluMw.exe
  2⤵
  PID:5192
- C:\Windows\System32\mxaDcrl.exe
  C:\Windows\System32\mxaDcrl.exe
  2⤵
  PID:6736
- C:\Windows\System32\RAWyYBt.exe
  C:\Windows\System32\RAWyYBt.exe
  2⤵
  PID:7036
- C:\Windows\System32\dYZmdWe.exe
  C:\Windows\System32\dYZmdWe.exe
  2⤵
  PID:6892
- C:\Windows\System32\glNYgtq.exe
  C:\Windows\System32\glNYgtq.exe
  2⤵
  PID:6952
- C:\Windows\System32\abLYkQd.exe
  C:\Windows\System32\abLYkQd.exe
  2⤵
  PID:6448
- C:\Windows\System32\DWKEyKZ.exe
  C:\Windows\System32\DWKEyKZ.exe
  2⤵
  PID:6156
- C:\Windows\System32\jadWIkg.exe
  C:\Windows\System32\jadWIkg.exe
  2⤵
  PID:6252
- C:\Windows\System32\fgonzLu.exe
  C:\Windows\System32\fgonzLu.exe
  2⤵
  PID:4912
- C:\Windows\System32\PELlsGD.exe
  C:\Windows\System32\PELlsGD.exe
  2⤵
  PID:7068
- C:\Windows\System32\JoZpnzU.exe
  C:\Windows\System32\JoZpnzU.exe
  2⤵
  PID:6496
- C:\Windows\System32\vgXlkQP.exe
  C:\Windows\System32\vgXlkQP.exe
  2⤵
  PID:7180
- C:\Windows\System32\hZqrJjw.exe
  C:\Windows\System32\hZqrJjw.exe
  2⤵
  PID:7224
- C:\Windows\System32\hlMICHW.exe
  C:\Windows\System32\hlMICHW.exe
  2⤵
  PID:7248
- C:\Windows\System32\CBoHBbp.exe
  C:\Windows\System32\CBoHBbp.exe
  2⤵
  PID:7272
- C:\Windows\System32\UGPEzKt.exe
  C:\Windows\System32\UGPEzKt.exe
  2⤵
  PID:7332
- C:\Windows\System32\iUPEiNW.exe
  C:\Windows\System32\iUPEiNW.exe
  2⤵
  PID:7348
- C:\Windows\System32\PRZthea.exe
  C:\Windows\System32\PRZthea.exe
  2⤵
  PID:7368
- C:\Windows\System32\adrkHOb.exe
  C:\Windows\System32\adrkHOb.exe
  2⤵
  PID:7396
- C:\Windows\System32\KZQaIbL.exe
  C:\Windows\System32\KZQaIbL.exe
  2⤵
  PID:7436
- C:\Windows\System32\SzRbHgP.exe
  C:\Windows\System32\SzRbHgP.exe
  2⤵
  PID:7480
- C:\Windows\System32\cXWObmC.exe
  C:\Windows\System32\cXWObmC.exe
  2⤵
  PID:7536
- C:\Windows\System32\ttTfUfo.exe
  C:\Windows\System32\ttTfUfo.exe
  2⤵
  PID:7560
- C:\Windows\System32\UNZNzWp.exe
  C:\Windows\System32\UNZNzWp.exe
  2⤵
  PID:7584
- C:\Windows\System32\yPDaCek.exe
  C:\Windows\System32\yPDaCek.exe
  2⤵
  PID:7604
- C:\Windows\System32\NdyVoCA.exe
  C:\Windows\System32\NdyVoCA.exe
  2⤵
  PID:7620
- C:\Windows\System32\sKtcZgK.exe
  C:\Windows\System32\sKtcZgK.exe
  2⤵
  PID:7636
- C:\Windows\System32\zHqJqfP.exe
  C:\Windows\System32\zHqJqfP.exe
  2⤵
  PID:7664
- C:\Windows\System32\YLFFOTM.exe
  C:\Windows\System32\YLFFOTM.exe
  2⤵
  PID:7684
- C:\Windows\System32\URHSlBt.exe
  C:\Windows\System32\URHSlBt.exe
  2⤵
  PID:7744
- C:\Windows\System32\aVzlUbe.exe
  C:\Windows\System32\aVzlUbe.exe
  2⤵
  PID:7780
- C:\Windows\System32\XzUJqVS.exe
  C:\Windows\System32\XzUJqVS.exe
  2⤵
  PID:7828
- C:\Windows\System32\OQLTPwf.exe
  C:\Windows\System32\OQLTPwf.exe
  2⤵
  PID:7852
- C:\Windows\System32\ZQUfmmr.exe
  C:\Windows\System32\ZQUfmmr.exe
  2⤵
  PID:7868
- C:\Windows\System32\tuxudVk.exe
  C:\Windows\System32\tuxudVk.exe
  2⤵
  PID:7904
- C:\Windows\System32\XaxKwmK.exe
  C:\Windows\System32\XaxKwmK.exe
  2⤵
  PID:7928
- C:\Windows\System32\sthKsWS.exe
  C:\Windows\System32\sthKsWS.exe
  2⤵
  PID:7944
- C:\Windows\System32\DbOXXrq.exe
  C:\Windows\System32\DbOXXrq.exe
  2⤵
  PID:7964
- C:\Windows\System32\XwgMBbg.exe
  C:\Windows\System32\XwgMBbg.exe
  2⤵
  PID:7984
- C:\Windows\System32\oxhOnaw.exe
  C:\Windows\System32\oxhOnaw.exe
  2⤵
  PID:8000
- C:\Windows\System32\PnhJtge.exe
  C:\Windows\System32\PnhJtge.exe
  2⤵
  PID:8036
- C:\Windows\System32\usErjWK.exe
  C:\Windows\System32\usErjWK.exe
  2⤵
  PID:8052
- C:\Windows\System32\JIwczje.exe
  C:\Windows\System32\JIwczje.exe
  2⤵
  PID:8072
- C:\Windows\System32\DXZoPSj.exe
  C:\Windows\System32\DXZoPSj.exe
  2⤵
  PID:8128
- C:\Windows\System32\PmlcDUj.exe
  C:\Windows\System32\PmlcDUj.exe
  2⤵
  PID:8184
- C:\Windows\System32\knvzteB.exe
  C:\Windows\System32\knvzteB.exe
  2⤵
  PID:6856
- C:\Windows\System32\LwSqCSq.exe
  C:\Windows\System32\LwSqCSq.exe
  2⤵
  PID:6984
- C:\Windows\System32\hAtRRih.exe
  C:\Windows\System32\hAtRRih.exe
  2⤵
  PID:6544
- C:\Windows\System32\SRXxBoq.exe
  C:\Windows\System32\SRXxBoq.exe
  2⤵
  PID:6400
- C:\Windows\System32\nnkJmla.exe
  C:\Windows\System32\nnkJmla.exe
  2⤵
  PID:6540
- C:\Windows\System32\IcTdkYT.exe
  C:\Windows\System32\IcTdkYT.exe
  2⤵
  PID:6968
- C:\Windows\System32\twCtDGt.exe
  C:\Windows\System32\twCtDGt.exe
  2⤵
  PID:7244
- C:\Windows\System32\HENNcDX.exe
  C:\Windows\System32\HENNcDX.exe
  2⤵
  PID:7232
- C:\Windows\System32\RcKOIPq.exe
  C:\Windows\System32\RcKOIPq.exe
  2⤵
  PID:7312
- C:\Windows\System32\owpRFvM.exe
  C:\Windows\System32\owpRFvM.exe
  2⤵
  PID:7388
- C:\Windows\System32\PjZECXK.exe
  C:\Windows\System32\PjZECXK.exe
  2⤵
  PID:7524
- C:\Windows\System32\zdlCPLl.exe
  C:\Windows\System32\zdlCPLl.exe
  2⤵
  PID:7596
- C:\Windows\System32\AMRdOzg.exe
  C:\Windows\System32\AMRdOzg.exe
  2⤵
  PID:7672
- C:\Windows\System32\yYQtSQV.exe
  C:\Windows\System32\yYQtSQV.exe
  2⤵
  PID:7700
- C:\Windows\System32\DKwDjvT.exe
  C:\Windows\System32\DKwDjvT.exe
  2⤵
  PID:7760
- C:\Windows\System32\DQefCVu.exe
  C:\Windows\System32\DQefCVu.exe
  2⤵
  PID:7860
- C:\Windows\System32\gXnpHRM.exe
  C:\Windows\System32\gXnpHRM.exe
  2⤵
  PID:7912
- C:\Windows\System32\opnbkMZ.exe
  C:\Windows\System32\opnbkMZ.exe
  2⤵
  PID:7996
- C:\Windows\System32\qiYHtrz.exe
  C:\Windows\System32\qiYHtrz.exe
  2⤵
  PID:8024
- C:\Windows\System32\eSQQJTJ.exe
  C:\Windows\System32\eSQQJTJ.exe
  2⤵
  PID:8064
- C:\Windows\System32\gyLrEPL.exe
  C:\Windows\System32\gyLrEPL.exe
  2⤵
  PID:8140
- C:\Windows\System32\BKaPVsY.exe
  C:\Windows\System32\BKaPVsY.exe
  2⤵
  PID:6708
- C:\Windows\System32\UGipbAo.exe
  C:\Windows\System32\UGipbAo.exe
  2⤵
  PID:6976
- C:\Windows\System32\UGKNVvA.exe
  C:\Windows\System32\UGKNVvA.exe
  2⤵
  PID:6904
- C:\Windows\System32\HrgTFto.exe
  C:\Windows\System32\HrgTFto.exe
  2⤵
  PID:7360
- C:\Windows\System32\ZfhljwP.exe
  C:\Windows\System32\ZfhljwP.exe
  2⤵
  PID:7512
- C:\Windows\System32\qzXQXgU.exe
  C:\Windows\System32\qzXQXgU.exe
  2⤵
  PID:7568
- C:\Windows\System32\tOpzdkw.exe
  C:\Windows\System32\tOpzdkw.exe
  2⤵
  PID:7800
- C:\Windows\System32\wVCgFrb.exe
  C:\Windows\System32\wVCgFrb.exe
  2⤵
  PID:7880
- C:\Windows\System32\VkrXXaZ.exe
  C:\Windows\System32\VkrXXaZ.exe
  2⤵
  PID:7976
- C:\Windows\System32\jhgLDuN.exe
  C:\Windows\System32\jhgLDuN.exe
  2⤵
  PID:8176
- C:\Windows\System32\qtawjZd.exe
  C:\Windows\System32\qtawjZd.exe
  2⤵
  PID:7256
- C:\Windows\System32\wbGmjGY.exe
  C:\Windows\System32\wbGmjGY.exe
  2⤵
  PID:7812
- C:\Windows\System32\xbGRxxS.exe
  C:\Windows\System32\xbGRxxS.exe
  2⤵
  PID:6460
- C:\Windows\System32\clvAaWI.exe
  C:\Windows\System32\clvAaWI.exe
  2⤵
  PID:6808
- C:\Windows\System32\syfIijS.exe
  C:\Windows\System32\syfIijS.exe
  2⤵
  PID:8008
- C:\Windows\System32\ZqXTlbV.exe
  C:\Windows\System32\ZqXTlbV.exe
  2⤵
  PID:7612
- C:\Windows\System32\EGfKLcW.exe
  C:\Windows\System32\EGfKLcW.exe
  2⤵
  PID:8244
- C:\Windows\System32\sLyNLjK.exe
  C:\Windows\System32\sLyNLjK.exe
  2⤵
  PID:8268
- C:\Windows\System32\CfAeyHr.exe
  C:\Windows\System32\CfAeyHr.exe
  2⤵
  PID:8288
- C:\Windows\System32\bvJkKAl.exe
  C:\Windows\System32\bvJkKAl.exe
  2⤵
  PID:8320
- C:\Windows\System32\YuEUiBV.exe
  C:\Windows\System32\YuEUiBV.exe
  2⤵
  PID:8344
- C:\Windows\System32\oBGzZrU.exe
  C:\Windows\System32\oBGzZrU.exe
  2⤵
  PID:8376
- C:\Windows\System32\fGMkTue.exe
  C:\Windows\System32\fGMkTue.exe
  2⤵
  PID:8392
- C:\Windows\System32\IQpCQzr.exe
  C:\Windows\System32\IQpCQzr.exe
  2⤵
  PID:8412
- C:\Windows\System32\axNxEAK.exe
  C:\Windows\System32\axNxEAK.exe
  2⤵
  PID:8428
- C:\Windows\System32\skSzWAY.exe
  C:\Windows\System32\skSzWAY.exe
  2⤵
  PID:8452
- C:\Windows\System32\rSPNCyE.exe
  C:\Windows\System32\rSPNCyE.exe
  2⤵
  PID:8480
- C:\Windows\System32\XRvqSFl.exe
  C:\Windows\System32\XRvqSFl.exe
  2⤵
  PID:8500
- C:\Windows\System32\FbSvgGN.exe
  C:\Windows\System32\FbSvgGN.exe
  2⤵
  PID:8528
- C:\Windows\System32\mSgpoIx.exe
  C:\Windows\System32\mSgpoIx.exe
  2⤵
  PID:8580
- C:\Windows\System32\roXyATM.exe
  C:\Windows\System32\roXyATM.exe
  2⤵
  PID:8596
- C:\Windows\System32\LwQyvGZ.exe
  C:\Windows\System32\LwQyvGZ.exe
  2⤵
  PID:8616
- C:\Windows\System32\gakiOTu.exe
  C:\Windows\System32\gakiOTu.exe
  2⤵
  PID:8648
- C:\Windows\System32\zZPHpKG.exe
  C:\Windows\System32\zZPHpKG.exe
  2⤵
  PID:8692
- C:\Windows\System32\bBHqmAq.exe
  C:\Windows\System32\bBHqmAq.exe
  2⤵
  PID:8748
- C:\Windows\System32\WcmPOFH.exe
  C:\Windows\System32\WcmPOFH.exe
  2⤵
  PID:8764
- C:\Windows\System32\tIBgzFZ.exe
  C:\Windows\System32\tIBgzFZ.exe
  2⤵
  PID:8780
- C:\Windows\System32\IOTNNGh.exe
  C:\Windows\System32\IOTNNGh.exe
  2⤵
  PID:8812
- C:\Windows\System32\zNDmDyR.exe
  C:\Windows\System32\zNDmDyR.exe
  2⤵
  PID:8872
- C:\Windows\System32\dWQIEhc.exe
  C:\Windows\System32\dWQIEhc.exe
  2⤵
  PID:8912
- C:\Windows\System32\bcyTSPb.exe
  C:\Windows\System32\bcyTSPb.exe
  2⤵
  PID:8948
- C:\Windows\System32\zSZVHEt.exe
  C:\Windows\System32\zSZVHEt.exe
  2⤵
  PID:8964
- C:\Windows\System32\utYmDHM.exe
  C:\Windows\System32\utYmDHM.exe
  2⤵
  PID:8988
- C:\Windows\System32\pKbweYe.exe
  C:\Windows\System32\pKbweYe.exe
  2⤵
  PID:9008
- C:\Windows\System32\ELsltil.exe
  C:\Windows\System32\ELsltil.exe
  2⤵
  PID:9040
- C:\Windows\System32\thfjhNG.exe
  C:\Windows\System32\thfjhNG.exe
  2⤵
  PID:9064
- C:\Windows\System32\AKyBbRC.exe
  C:\Windows\System32\AKyBbRC.exe
  2⤵
  PID:9092
- C:\Windows\System32\xGBHTGA.exe
  C:\Windows\System32\xGBHTGA.exe
  2⤵
  PID:9140
- C:\Windows\System32\iAyqBal.exe
  C:\Windows\System32\iAyqBal.exe
  2⤵
  PID:9168
- C:\Windows\System32\dGtNdnW.exe
  C:\Windows\System32\dGtNdnW.exe
  2⤵
  PID:9184
- C:\Windows\System32\iVBHHti.exe
  C:\Windows\System32\iVBHHti.exe
  2⤵
  PID:9204
- C:\Windows\System32\eIylpKq.exe
  C:\Windows\System32\eIylpKq.exe
  2⤵
  PID:8200
- C:\Windows\System32\MAgyIMI.exe
  C:\Windows\System32\MAgyIMI.exe
  2⤵
  PID:8256
- C:\Windows\System32\QiWvihq.exe
  C:\Windows\System32\QiWvihq.exe
  2⤵
  PID:8340
- C:\Windows\System32\FBDdvBM.exe
  C:\Windows\System32\FBDdvBM.exe
  2⤵
  PID:8388
- C:\Windows\System32\aoYXZiV.exe
  C:\Windows\System32\aoYXZiV.exe
  2⤵
  PID:8420
- C:\Windows\System32\pDZLyFm.exe
  C:\Windows\System32\pDZLyFm.exe
  2⤵
  PID:8508
- C:\Windows\System32\ojjBYQo.exe
  C:\Windows\System32\ojjBYQo.exe
  2⤵
  PID:8568
- C:\Windows\System32\DXkwQVr.exe
  C:\Windows\System32\DXkwQVr.exe
  2⤵
  PID:8676
- C:\Windows\System32\CctcNkH.exe
  C:\Windows\System32\CctcNkH.exe
  2⤵
  PID:8740
- C:\Windows\System32\dMXqbNK.exe
  C:\Windows\System32\dMXqbNK.exe
  2⤵
  PID:8792
- C:\Windows\System32\hHSVrZR.exe
  C:\Windows\System32\hHSVrZR.exe
  2⤵
  PID:8848
- C:\Windows\System32\sCXbHiy.exe
  C:\Windows\System32\sCXbHiy.exe
  2⤵
  PID:8888
- C:\Windows\System32\XOnNbfc.exe
  C:\Windows\System32\XOnNbfc.exe
  2⤵
  PID:9016
- C:\Windows\System32\zvrJPON.exe
  C:\Windows\System32\zvrJPON.exe
  2⤵
  PID:9048
- C:\Windows\System32\uOUvUyF.exe
  C:\Windows\System32\uOUvUyF.exe
  2⤵
  PID:9160
- C:\Windows\System32\lEukYIf.exe
  C:\Windows\System32\lEukYIf.exe
  2⤵
  PID:9200
- C:\Windows\System32\DEsTzEW.exe
  C:\Windows\System32\DEsTzEW.exe
  2⤵
  PID:8384
- C:\Windows\System32\YSxsqXQ.exe
  C:\Windows\System32\YSxsqXQ.exe
  2⤵
  PID:8520
- C:\Windows\System32\bzdQDdx.exe
  C:\Windows\System32\bzdQDdx.exe
  2⤵
  PID:8688
- C:\Windows\System32\nlUmOcp.exe
  C:\Windows\System32\nlUmOcp.exe
  2⤵
  PID:8824
- C:\Windows\System32\mlCzZMC.exe
  C:\Windows\System32\mlCzZMC.exe
  2⤵
  PID:9024
- C:\Windows\System32\jYwmATf.exe
  C:\Windows\System32\jYwmATf.exe
  2⤵
  PID:8296
- C:\Windows\System32\IrbzUXj.exe
  C:\Windows\System32\IrbzUXj.exe
  2⤵
  PID:8552
- C:\Windows\System32\KABGhZz.exe
  C:\Windows\System32\KABGhZz.exe
  2⤵
  PID:8884
- C:\Windows\System32\dQcxkHz.exe
  C:\Windows\System32\dQcxkHz.exe
  2⤵
  PID:9060
- C:\Windows\System32\cQZSbav.exe
  C:\Windows\System32\cQZSbav.exe
  2⤵
  PID:9112
- C:\Windows\System32\LVHRFEg.exe
  C:\Windows\System32\LVHRFEg.exe
  2⤵
  PID:9224
- C:\Windows\System32\rOYImIe.exe
  C:\Windows\System32\rOYImIe.exe
  2⤵
  PID:9252
- C:\Windows\System32\DUndTRD.exe
  C:\Windows\System32\DUndTRD.exe
  2⤵
  PID:9308
- C:\Windows\System32\RwvBAcz.exe
  C:\Windows\System32\RwvBAcz.exe
  2⤵
  PID:9348
- C:\Windows\System32\PvKzZXB.exe
  C:\Windows\System32\PvKzZXB.exe
  2⤵
  PID:9368
- C:\Windows\System32\QHCLZch.exe
  C:\Windows\System32\QHCLZch.exe
  2⤵
  PID:9384
- C:\Windows\System32\ZnsbSNe.exe
  C:\Windows\System32\ZnsbSNe.exe
  2⤵
  PID:9428
- C:\Windows\System32\wCaEPGV.exe
  C:\Windows\System32\wCaEPGV.exe
  2⤵
  PID:9444
- C:\Windows\System32\DwiqauZ.exe
  C:\Windows\System32\DwiqauZ.exe
  2⤵
  PID:9468
- C:\Windows\System32\jLCsXWH.exe
  C:\Windows\System32\jLCsXWH.exe
  2⤵
  PID:9484
- C:\Windows\System32\oIhSDQa.exe
  C:\Windows\System32\oIhSDQa.exe
  2⤵
  PID:9508
- C:\Windows\System32\GkuLDvM.exe
  C:\Windows\System32\GkuLDvM.exe
  2⤵
  PID:9536
- C:\Windows\System32\CXbwdgN.exe
  C:\Windows\System32\CXbwdgN.exe
  2⤵
  PID:9568
- C:\Windows\System32\JwhbCbK.exe
  C:\Windows\System32\JwhbCbK.exe
  2⤵
  PID:9628
- C:\Windows\System32\dEngFCy.exe
  C:\Windows\System32\dEngFCy.exe
  2⤵
  PID:9660
- C:\Windows\System32\BAXoyKQ.exe
  C:\Windows\System32\BAXoyKQ.exe
  2⤵
  PID:9680
- C:\Windows\System32\XCsnWFC.exe
  C:\Windows\System32\XCsnWFC.exe
  2⤵
  PID:9700
- C:\Windows\System32\IXdMSWF.exe
  C:\Windows\System32\IXdMSWF.exe
  2⤵
  PID:9724
- C:\Windows\System32\yfGsnOO.exe
  C:\Windows\System32\yfGsnOO.exe
  2⤵
  PID:9768
- C:\Windows\System32\pyqvVgF.exe
  C:\Windows\System32\pyqvVgF.exe
  2⤵
  PID:9792
- C:\Windows\System32\hKSWCCN.exe
  C:\Windows\System32\hKSWCCN.exe
  2⤵
  PID:9828
- C:\Windows\System32\Estfdgd.exe
  C:\Windows\System32\Estfdgd.exe
  2⤵
  PID:9872
- C:\Windows\System32\rVmMiuF.exe
  C:\Windows\System32\rVmMiuF.exe
  2⤵
  PID:9900
- C:\Windows\System32\gCcTTUH.exe
  C:\Windows\System32\gCcTTUH.exe
  2⤵
  PID:9928
- C:\Windows\System32\nWRNTVg.exe
  C:\Windows\System32\nWRNTVg.exe
  2⤵
  PID:9952
- C:\Windows\System32\saPWrcA.exe
  C:\Windows\System32\saPWrcA.exe
  2⤵
  PID:9972
- C:\Windows\System32\RGZIrhJ.exe
  C:\Windows\System32\RGZIrhJ.exe
  2⤵
  PID:10008
- C:\Windows\System32\mozKRBW.exe
  C:\Windows\System32\mozKRBW.exe
  2⤵
  PID:10028
- C:\Windows\System32\sAKhFta.exe
  C:\Windows\System32\sAKhFta.exe
  2⤵
  PID:10052
- C:\Windows\System32\bhzpAXE.exe
  C:\Windows\System32\bhzpAXE.exe
  2⤵
  PID:10092
- C:\Windows\System32\WqzisIg.exe
  C:\Windows\System32\WqzisIg.exe
  2⤵
  PID:10120
- C:\Windows\System32\iVQgmBw.exe
  C:\Windows\System32\iVQgmBw.exe
  2⤵
  PID:10136
- C:\Windows\System32\TPRTgSp.exe
  C:\Windows\System32\TPRTgSp.exe
  2⤵
  PID:10156
- C:\Windows\System32\zVSsrvd.exe
  C:\Windows\System32\zVSsrvd.exe
  2⤵
  PID:10208
- C:\Windows\System32\XnooHMi.exe
  C:\Windows\System32\XnooHMi.exe
  2⤵
  PID:10236
- C:\Windows\System32\OkUnaVl.exe
  C:\Windows\System32\OkUnaVl.exe
  2⤵
  PID:9260
- C:\Windows\System32\nzNdmVP.exe
  C:\Windows\System32\nzNdmVP.exe
  2⤵
  PID:9364
- C:\Windows\System32\sThuypX.exe
  C:\Windows\System32\sThuypX.exe
  2⤵
  PID:9400
- C:\Windows\System32\psAVsks.exe
  C:\Windows\System32\psAVsks.exe
  2⤵
  PID:9436
- C:\Windows\System32\QzyWOSM.exe
  C:\Windows\System32\QzyWOSM.exe
  2⤵
  PID:9476
- C:\Windows\System32\RCCmqGs.exe
  C:\Windows\System32\RCCmqGs.exe
  2⤵
  PID:9556
- C:\Windows\System32\EbyrSfX.exe
  C:\Windows\System32\EbyrSfX.exe
  2⤵
  PID:9624
- C:\Windows\System32\gdFdmhK.exe
  C:\Windows\System32\gdFdmhK.exe
  2⤵
  PID:9672
- C:\Windows\System32\fWtioBY.exe
  C:\Windows\System32\fWtioBY.exe
  2⤵
  PID:4152
- C:\Windows\System32\CVuxgRJ.exe
  C:\Windows\System32\CVuxgRJ.exe
  2⤵
  PID:9776
- C:\Windows\System32\qhmOQUN.exe
  C:\Windows\System32\qhmOQUN.exe
  2⤵
  PID:9860
- C:\Windows\System32\fGKcsND.exe
  C:\Windows\System32\fGKcsND.exe
  2⤵
  PID:9916
- C:\Windows\System32\HVItRDP.exe
  C:\Windows\System32\HVItRDP.exe
  2⤵
  PID:9960
- C:\Windows\System32\RtDdGYQ.exe
  C:\Windows\System32\RtDdGYQ.exe
  2⤵
  PID:10040
- C:\Windows\System32\GwoFXdu.exe
  C:\Windows\System32\GwoFXdu.exe
  2⤵
  PID:10100
- C:\Windows\System32\CUoPEQu.exe
  C:\Windows\System32\CUoPEQu.exe
  2⤵
  PID:10148
- C:\Windows\System32\PFDZKSj.exe
  C:\Windows\System32\PFDZKSj.exe
  2⤵
  PID:9276
- C:\Windows\System32\SkEInfR.exe
  C:\Windows\System32\SkEInfR.exe
  2⤵
  PID:9416
- C:\Windows\System32\eGGPync.exe
  C:\Windows\System32\eGGPync.exe
  2⤵
  PID:9452
- C:\Windows\System32\JJkIdxl.exe
  C:\Windows\System32\JJkIdxl.exe
  2⤵
  PID:9756
- C:\Windows\System32\zbOzzqt.exe
  C:\Windows\System32\zbOzzqt.exe
  2⤵
  PID:9820
- C:\Windows\System32\bzihzRl.exe
  C:\Windows\System32\bzihzRl.exe
  2⤵
  PID:9980
- C:\Windows\System32\yPszuga.exe
  C:\Windows\System32\yPszuga.exe
  2⤵
  PID:9280
- C:\Windows\System32\UqtskuA.exe
  C:\Windows\System32\UqtskuA.exe
  2⤵
  PID:9544
- C:\Windows\System32\gsFudOy.exe
  C:\Windows\System32\gsFudOy.exe
  2⤵
  PID:9464
- C:\Windows\System32\hoDrDJs.exe
  C:\Windows\System32\hoDrDJs.exe
  2⤵
  PID:9940
- C:\Windows\System32\NoTdRjz.exe
  C:\Windows\System32\NoTdRjz.exe
  2⤵
  PID:10076
- C:\Windows\System32\ECtZuuw.exe
  C:\Windows\System32\ECtZuuw.exe
  2⤵
  PID:9104
- C:\Windows\System32\VfmjHgo.exe
  C:\Windows\System32\VfmjHgo.exe
  2⤵
  PID:9836
- C:\Windows\System32\RcCjypG.exe
  C:\Windows\System32\RcCjypG.exe
  2⤵
  PID:10276
- C:\Windows\System32\OFPmrKV.exe
  C:\Windows\System32\OFPmrKV.exe
  2⤵
  PID:10296
- C:\Windows\System32\GAIFYWV.exe
  C:\Windows\System32\GAIFYWV.exe
  2⤵
  PID:10316
- C:\Windows\System32\sKjBKTC.exe
  C:\Windows\System32\sKjBKTC.exe
  2⤵
  PID:10348
- C:\Windows\System32\XwPLhHY.exe
  C:\Windows\System32\XwPLhHY.exe
  2⤵
  PID:10372
- C:\Windows\System32\mPIlGsY.exe
  C:\Windows\System32\mPIlGsY.exe
  2⤵
  PID:10400
- C:\Windows\System32\BTrUywY.exe
  C:\Windows\System32\BTrUywY.exe
  2⤵
  PID:10428
- C:\Windows\System32\hQisCUZ.exe
  C:\Windows\System32\hQisCUZ.exe
  2⤵
  PID:10460
- C:\Windows\System32\hbSKlzI.exe
  C:\Windows\System32\hbSKlzI.exe
  2⤵
  PID:10484
- C:\Windows\System32\lSesRaz.exe
  C:\Windows\System32\lSesRaz.exe
  2⤵
  PID:10500
- C:\Windows\System32\dTnFsRJ.exe
  C:\Windows\System32\dTnFsRJ.exe
  2⤵
  PID:10544
- C:\Windows\System32\BzSbagT.exe
  C:\Windows\System32\BzSbagT.exe
  2⤵
  PID:10572
- C:\Windows\System32\FEmpKBR.exe
  C:\Windows\System32\FEmpKBR.exe
  2⤵
  PID:10596
- C:\Windows\System32\lHLOQTF.exe
  C:\Windows\System32\lHLOQTF.exe
  2⤵
  PID:10616
- C:\Windows\System32\RkjCkyO.exe
  C:\Windows\System32\RkjCkyO.exe
  2⤵
  PID:10660
- C:\Windows\System32\ZaOMcFv.exe
  C:\Windows\System32\ZaOMcFv.exe
  2⤵
  PID:10680
- C:\Windows\System32\PSPxunk.exe
  C:\Windows\System32\PSPxunk.exe
  2⤵
  PID:10712
- C:\Windows\System32\DYAZYhF.exe
  C:\Windows\System32\DYAZYhF.exe
  2⤵
  PID:10740
- C:\Windows\System32\yAmKOjz.exe
  C:\Windows\System32\yAmKOjz.exe
  2⤵
  PID:10756
- C:\Windows\System32\lagRHva.exe
  C:\Windows\System32\lagRHva.exe
  2⤵
  PID:10776
- C:\Windows\System32\KxGVoSn.exe
  C:\Windows\System32\KxGVoSn.exe
  2⤵
  PID:10796
- C:\Windows\System32\osfdwGN.exe
  C:\Windows\System32\osfdwGN.exe
  2⤵
  PID:10824
- C:\Windows\System32\XCxJHMp.exe
  C:\Windows\System32\XCxJHMp.exe
  2⤵
  PID:10840
- C:\Windows\System32\EqMNOvz.exe
  C:\Windows\System32\EqMNOvz.exe
  2⤵
  PID:10856
- C:\Windows\System32\APyftmQ.exe
  C:\Windows\System32\APyftmQ.exe
  2⤵
  PID:10900
- C:\Windows\System32\SkYeibO.exe
  C:\Windows\System32\SkYeibO.exe
  2⤵
  PID:10952
- C:\Windows\System32\iANjYEZ.exe
  C:\Windows\System32\iANjYEZ.exe
  2⤵
  PID:10968
- C:\Windows\System32\ZlsbItP.exe
  C:\Windows\System32\ZlsbItP.exe
  2⤵
  PID:10988
- C:\Windows\System32\isGkufw.exe
  C:\Windows\System32\isGkufw.exe
  2⤵
  PID:11016
- C:\Windows\System32\nBmFeOo.exe
  C:\Windows\System32\nBmFeOo.exe
  2⤵
  PID:11032
- C:\Windows\System32\sOSIiSI.exe
  C:\Windows\System32\sOSIiSI.exe
  2⤵
  PID:11088
- C:\Windows\System32\Uteympi.exe
  C:\Windows\System32\Uteympi.exe
  2⤵
  PID:11108
- C:\Windows\System32\IVujpxu.exe
  C:\Windows\System32\IVujpxu.exe
  2⤵
  PID:11140
- C:\Windows\System32\rKUOmSB.exe
  C:\Windows\System32\rKUOmSB.exe
  2⤵
  PID:11160
- C:\Windows\System32\SfwINds.exe
  C:\Windows\System32\SfwINds.exe
  2⤵
  PID:11196
- C:\Windows\System32\UYidkyu.exe
  C:\Windows\System32\UYidkyu.exe
  2⤵
  PID:11212
- C:\Windows\System32\EmrjyXo.exe
  C:\Windows\System32\EmrjyXo.exe
  2⤵
  PID:11244
- C:\Windows\System32\lNJPrwh.exe
  C:\Windows\System32\lNJPrwh.exe
  2⤵
  PID:10288
- C:\Windows\System32\isHSXcn.exe
  C:\Windows\System32\isHSXcn.exe
  2⤵
  PID:10332
- C:\Windows\System32\xokhHIo.exe
  C:\Windows\System32\xokhHIo.exe
  2⤵
  PID:10368
- C:\Windows\System32\IJGHjkQ.exe
  C:\Windows\System32\IJGHjkQ.exe
  2⤵
  PID:10444
- C:\Windows\System32\YDiAkmt.exe
  C:\Windows\System32\YDiAkmt.exe
  2⤵
  PID:10496
- C:\Windows\System32\nFneLVj.exe
  C:\Windows\System32\nFneLVj.exe
  2⤵
  PID:10564
- C:\Windows\System32\jFheujI.exe
  C:\Windows\System32\jFheujI.exe
  2⤵
  PID:10676
- C:\Windows\System32\NtEpvBN.exe
  C:\Windows\System32\NtEpvBN.exe
  2⤵
  PID:10728
- C:\Windows\System32\DEcNXEd.exe
  C:\Windows\System32\DEcNXEd.exe
  2⤵
  PID:10784
- C:\Windows\System32\SsYlbXl.exe
  C:\Windows\System32\SsYlbXl.exe
  2⤵
  PID:10916
- C:\Windows\System32\aBkyWFz.exe
  C:\Windows\System32\aBkyWFz.exe
  2⤵
  PID:10892
- C:\Windows\System32\BnYapqV.exe
  C:\Windows\System32\BnYapqV.exe
  2⤵
  PID:11060
- C:\Windows\System32\gfOSGsC.exe
  C:\Windows\System32\gfOSGsC.exe
  2⤵
  PID:11040
- C:\Windows\System32\aImMEwO.exe
  C:\Windows\System32\aImMEwO.exe
  2⤵
  PID:11104
- C:\Windows\System32\KXyWRMn.exe
  C:\Windows\System32\KXyWRMn.exe
  2⤵
  PID:11156
- C:\Windows\System32\CRBUhOu.exe
  C:\Windows\System32\CRBUhOu.exe
  2⤵
  PID:9788
- C:\Windows\System32\Rgiwqsn.exe
  C:\Windows\System32\Rgiwqsn.exe
  2⤵
  PID:10380
- C:\Windows\System32\TWDnsRt.exe
  C:\Windows\System32\TWDnsRt.exe
  2⤵
  PID:10468
- C:\Windows\System32\PPapfNm.exe
  C:\Windows\System32\PPapfNm.exe
  2⤵
  PID:10492
- C:\Windows\System32\GMDjMfm.exe
  C:\Windows\System32\GMDjMfm.exe
  2⤵
  PID:10852
- C:\Windows\System32\eHzBAMG.exe
  C:\Windows\System32\eHzBAMG.exe
  2⤵
  PID:11096
- C:\Windows\System32\rCVMxXT.exe
  C:\Windows\System32\rCVMxXT.exe
  2⤵
  PID:11124
- C:\Windows\System32\QxmXfjL.exe
  C:\Windows\System32\QxmXfjL.exe
  2⤵
  PID:10456
- C:\Windows\System32\jzhWlvx.exe
  C:\Windows\System32\jzhWlvx.exe
  2⤵
  PID:10688
- C:\Windows\System32\ebGCkvY.exe
  C:\Windows\System32\ebGCkvY.exe
  2⤵
  PID:11120
- C:\Windows\System32\GsabwYf.exe
  C:\Windows\System32\GsabwYf.exe
  2⤵
  PID:10308
- C:\Windows\System32\dwtGvRE.exe
  C:\Windows\System32\dwtGvRE.exe
  2⤵
  PID:11272
- C:\Windows\System32\xwFTqbF.exe
  C:\Windows\System32\xwFTqbF.exe
  2⤵
  PID:11308
- C:\Windows\System32\CZUYcto.exe
  C:\Windows\System32\CZUYcto.exe
  2⤵
  PID:11328
- C:\Windows\System32\NLThsQP.exe
  C:\Windows\System32\NLThsQP.exe
  2⤵
  PID:11376
- C:\Windows\System32\qkzSoXy.exe
  C:\Windows\System32\qkzSoXy.exe
  2⤵
  PID:11396
- C:\Windows\System32\fUmPEDu.exe
  C:\Windows\System32\fUmPEDu.exe
  2⤵
  PID:11416
- C:\Windows\System32\eHFMGxd.exe
  C:\Windows\System32\eHFMGxd.exe
  2⤵
  PID:11448
- C:\Windows\System32\EjFSsME.exe
  C:\Windows\System32\EjFSsME.exe
  2⤵
  PID:11468
- C:\Windows\System32\KcsukWE.exe
  C:\Windows\System32\KcsukWE.exe
  2⤵
  PID:11484
- C:\Windows\System32\RPifQnQ.exe
  C:\Windows\System32\RPifQnQ.exe
  2⤵
  PID:11512
- C:\Windows\System32\rLLXGLM.exe
  C:\Windows\System32\rLLXGLM.exe
  2⤵
  PID:11528
- C:\Windows\System32\iIyPbLf.exe
  C:\Windows\System32\iIyPbLf.exe
  2⤵
  PID:11580
- C:\Windows\System32\Smizybn.exe
  C:\Windows\System32\Smizybn.exe
  2⤵
  PID:11608
- C:\Windows\System32\oASECWl.exe
  C:\Windows\System32\oASECWl.exe
  2⤵
  PID:11648
- C:\Windows\System32\opYZmsu.exe
  C:\Windows\System32\opYZmsu.exe
  2⤵
  PID:11664
- C:\Windows\System32\sARmzIT.exe
  C:\Windows\System32\sARmzIT.exe
  2⤵
  PID:11704
- C:\Windows\System32\OuuHYxh.exe
  C:\Windows\System32\OuuHYxh.exe
  2⤵
  PID:11732
- C:\Windows\System32\eZGZRkw.exe
  C:\Windows\System32\eZGZRkw.exe
  2⤵
  PID:11760
- C:\Windows\System32\mvJegIp.exe
  C:\Windows\System32\mvJegIp.exe
  2⤵
  PID:11788
- C:\Windows\System32\fzQGzEX.exe
  C:\Windows\System32\fzQGzEX.exe
  2⤵
  PID:11816
- C:\Windows\System32\AeRIDYp.exe
  C:\Windows\System32\AeRIDYp.exe
  2⤵
  PID:11836
- C:\Windows\System32\pjRemax.exe
  C:\Windows\System32\pjRemax.exe
  2⤵
  PID:11852
- C:\Windows\System32\WcpsUCu.exe
  C:\Windows\System32\WcpsUCu.exe
  2⤵
  PID:11872
- C:\Windows\System32\hXMMYIW.exe
  C:\Windows\System32\hXMMYIW.exe
  2⤵
  PID:11896
- C:\Windows\System32\RNaGHOQ.exe
  C:\Windows\System32\RNaGHOQ.exe
  2⤵
  PID:11952
- C:\Windows\System32\wfGVIMy.exe
  C:\Windows\System32\wfGVIMy.exe
  2⤵
  PID:11968
- C:\Windows\System32\YFPsIJY.exe
  C:\Windows\System32\YFPsIJY.exe
  2⤵
  PID:11996
- C:\Windows\System32\rZdJVzh.exe
  C:\Windows\System32\rZdJVzh.exe
  2⤵
  PID:12044
- C:\Windows\System32\yVxIlwJ.exe
  C:\Windows\System32\yVxIlwJ.exe
  2⤵
  PID:12060
- C:\Windows\System32\QaivKNd.exe
  C:\Windows\System32\QaivKNd.exe
  2⤵
  PID:12084
- C:\Windows\System32\mooiMDP.exe
  C:\Windows\System32\mooiMDP.exe
  2⤵
  PID:12100
- C:\Windows\System32\uZREEqV.exe
  C:\Windows\System32\uZREEqV.exe
  2⤵
  PID:12136
- C:\Windows\System32\kzyzZxh.exe
  C:\Windows\System32\kzyzZxh.exe
  2⤵
  PID:12152
- C:\Windows\System32\UfTFCfs.exe
  C:\Windows\System32\UfTFCfs.exe
  2⤵
  PID:12196
- C:\Windows\System32\vFvTAov.exe
  C:\Windows\System32\vFvTAov.exe
  2⤵
  PID:12212
- C:\Windows\System32\OQKfCHB.exe
  C:\Windows\System32\OQKfCHB.exe
  2⤵
  PID:12260
- C:\Windows\System32\lczNvCR.exe
  C:\Windows\System32\lczNvCR.exe
  2⤵
  PID:12280
- C:\Windows\System32\jXLAYGQ.exe
  C:\Windows\System32\jXLAYGQ.exe
  2⤵
  PID:10632
- C:\Windows\System32\AfkgMQx.exe
  C:\Windows\System32\AfkgMQx.exe
  2⤵
  PID:11336
- C:\Windows\System32\agxsGuL.exe
  C:\Windows\System32\agxsGuL.exe
  2⤵
  PID:11412
- C:\Windows\System32\fHdrGqv.exe
  C:\Windows\System32\fHdrGqv.exe
  2⤵
  PID:11508
- C:\Windows\System32\ZpyIUgV.exe
  C:\Windows\System32\ZpyIUgV.exe
  2⤵
  PID:11520
- C:\Windows\System32\JWJpsgf.exe
  C:\Windows\System32\JWJpsgf.exe
  2⤵
  PID:11600
- C:\Windows\System32\GkwFWUr.exe
  C:\Windows\System32\GkwFWUr.exe
  2⤵
  PID:11632
- C:\Windows\System32\qFYncDB.exe
  C:\Windows\System32\qFYncDB.exe
  2⤵
  PID:11752
- C:\Windows\System32\csrcoyJ.exe
  C:\Windows\System32\csrcoyJ.exe
  2⤵
  PID:11772
- C:\Windows\System32\UHxysrz.exe
  C:\Windows\System32\UHxysrz.exe
  2⤵
  PID:11848
- C:\Windows\System32\BaQcbgZ.exe
  C:\Windows\System32\BaQcbgZ.exe
  2⤵
  PID:11844
- C:\Windows\System32\BmpjxSj.exe
  C:\Windows\System32\BmpjxSj.exe
  2⤵
  PID:11904
- C:\Windows\System32\TZhAOSY.exe
  C:\Windows\System32\TZhAOSY.exe
  2⤵
  PID:12052
- C:\Windows\System32\XZCSTDm.exe
  C:\Windows\System32\XZCSTDm.exe
  2⤵
  PID:12144
- C:\Windows\System32\TuSEmZC.exe
  C:\Windows\System32\TuSEmZC.exe
  2⤵
  PID:12176
- C:\Windows\System32\sddsdss.exe
  C:\Windows\System32\sddsdss.exe
  2⤵
  PID:12228
- C:\Windows\System32\rXNrOEG.exe
  C:\Windows\System32\rXNrOEG.exe
  2⤵
  PID:12268
- C:\Windows\System32\fmpCKDH.exe
  C:\Windows\System32\fmpCKDH.exe
  2⤵
  PID:11636
- C:\Windows\System32\azWWEGz.exe
  C:\Windows\System32\azWWEGz.exe
  2⤵
  PID:11988
- C:\Windows\System32\YQTWmcy.exe
  C:\Windows\System32\YQTWmcy.exe
  2⤵
  PID:12148
- C:\Windows\System32\DkIqOzA.exe
  C:\Windows\System32\DkIqOzA.exe
  2⤵
  PID:11556
- C:\Windows\System32\bAmNpBi.exe
  C:\Windows\System32\bAmNpBi.exe
  2⤵
  PID:11460
- C:\Windows\System32\XzHsgFp.exe
  C:\Windows\System32\XzHsgFp.exe
  2⤵
  PID:11432
- C:\Windows\System32\iRDCurC.exe
  C:\Windows\System32\iRDCurC.exe
  2⤵
  PID:11592
- C:\Windows\System32\tsFkaJm.exe
  C:\Windows\System32\tsFkaJm.exe
  2⤵
  PID:12096
- C:\Windows\System32\uTEQtdw.exe
  C:\Windows\System32\uTEQtdw.exe
  2⤵
  PID:12188
- C:\Windows\System32\TOjhHXf.exe
  C:\Windows\System32\TOjhHXf.exe
  2⤵
  PID:11320
- C:\Windows\System32\DLRJwnw.exe
  C:\Windows\System32\DLRJwnw.exe
  2⤵
  PID:12248
- C:\Windows\System32\oggjwoK.exe
  C:\Windows\System32\oggjwoK.exe
  2⤵
  PID:12328
- C:\Windows\System32\KXaNTTb.exe
  C:\Windows\System32\KXaNTTb.exe
  2⤵
  PID:12372
- C:\Windows\System32\VjIIuKg.exe
  C:\Windows\System32\VjIIuKg.exe
  2⤵
  PID:12400
- C:\Windows\System32\OaasvuU.exe
  C:\Windows\System32\OaasvuU.exe
  2⤵
  PID:12432
- C:\Windows\System32\QSeGNLA.exe
  C:\Windows\System32\QSeGNLA.exe
  2⤵
  PID:12456
- C:\Windows\System32\EjGIoRM.exe
  C:\Windows\System32\EjGIoRM.exe
  2⤵
  PID:12472
- C:\Windows\System32\Zbvpizx.exe
  C:\Windows\System32\Zbvpizx.exe
  2⤵
  PID:12512
- C:\Windows\System32\gebUocA.exe
  C:\Windows\System32\gebUocA.exe
  2⤵
  PID:12528
- C:\Windows\System32\QfmuzUy.exe
  C:\Windows\System32\QfmuzUy.exe
  2⤵
  PID:12548
- C:\Windows\System32\KjfFmnz.exe
  C:\Windows\System32\KjfFmnz.exe
  2⤵
  PID:12564
- C:\Windows\System32\EDDQysh.exe
  C:\Windows\System32\EDDQysh.exe
  2⤵
  PID:12592
- C:\Windows\System32\CRBZfgN.exe
  C:\Windows\System32\CRBZfgN.exe
  2⤵
  PID:12628
- C:\Windows\System32\DdMrBDc.exe
  C:\Windows\System32\DdMrBDc.exe
  2⤵
  PID:12652
- C:\Windows\System32\GIZCsEp.exe
  C:\Windows\System32\GIZCsEp.exe
  2⤵
  PID:12684
- C:\Windows\System32\NcgvnoV.exe
  C:\Windows\System32\NcgvnoV.exe
  2⤵
  PID:12720
- C:\Windows\System32\klMVWxP.exe
  C:\Windows\System32\klMVWxP.exe
  2⤵
  PID:12736
- C:\Windows\System32\EhRxirV.exe
  C:\Windows\System32\EhRxirV.exe
  2⤵
  PID:12764
- C:\Windows\System32\FIUdngx.exe
  C:\Windows\System32\FIUdngx.exe
  2⤵
  PID:12784
- C:\Windows\System32\MIfmnsz.exe
  C:\Windows\System32\MIfmnsz.exe
  2⤵
  PID:12800
- C:\Windows\System32\dqCxrnJ.exe
  C:\Windows\System32\dqCxrnJ.exe
  2⤵
  PID:12840
- C:\Windows\System32\siBPyef.exe
  C:\Windows\System32\siBPyef.exe
  2⤵
  PID:12864
- C:\Windows\System32\PQupUAJ.exe
  C:\Windows\System32\PQupUAJ.exe
  2⤵
  PID:12964
- C:\Windows\System32\eAHpujF.exe
  C:\Windows\System32\eAHpujF.exe
  2⤵
  PID:12980
- C:\Windows\System32\xFCDTdI.exe
  C:\Windows\System32\xFCDTdI.exe
  2⤵
  PID:13020
- C:\Windows\System32\noTBoKZ.exe
  C:\Windows\System32\noTBoKZ.exe
  2⤵
  PID:13040
- C:\Windows\System32\TAoaogO.exe
  C:\Windows\System32\TAoaogO.exe
  2⤵
  PID:13084
- C:\Windows\System32\tUoOsjV.exe
  C:\Windows\System32\tUoOsjV.exe
  2⤵
  PID:13144
- C:\Windows\System32\WdlPylc.exe
  C:\Windows\System32\WdlPylc.exe
  2⤵
  PID:13176
- C:\Windows\System32\fOpQgbZ.exe
  C:\Windows\System32\fOpQgbZ.exe
  2⤵
  PID:13192
- C:\Windows\System32\rkVQbrL.exe
  C:\Windows\System32\rkVQbrL.exe
  2⤵
  PID:13212
- C:\Windows\System32\SpctIlE.exe
  C:\Windows\System32\SpctIlE.exe
  2⤵
  PID:13228
- C:\Windows\System32\XjLTyhi.exe
  C:\Windows\System32\XjLTyhi.exe
  2⤵
  PID:13300
- C:\Windows\System32\ylkonyc.exe
  C:\Windows\System32\ylkonyc.exe
  2⤵
  PID:11756
- C:\Windows\System32\vrEgpqe.exe
  C:\Windows\System32\vrEgpqe.exe
  2⤵
  PID:12308
- C:\Windows\System32\yoFyFxO.exe
  C:\Windows\System32\yoFyFxO.exe
  2⤵
  PID:12356
- C:\Windows\System32\VYQSWDa.exe
  C:\Windows\System32\VYQSWDa.exe
  2⤵
  PID:12392
- C:\Windows\System32\iKYZNIr.exe
  C:\Windows\System32\iKYZNIr.exe
  2⤵
  PID:12452
- C:\Windows\System32\WZHXxrC.exe
  C:\Windows\System32\WZHXxrC.exe
  2⤵
  PID:12600
- C:\Windows\System32\BsvUCya.exe
  C:\Windows\System32\BsvUCya.exe
  2⤵
  PID:12616
- C:\Windows\System32\FADwbwu.exe
  C:\Windows\System32\FADwbwu.exe
  2⤵
  PID:12680
- C:\Windows\System32\yhNvmXE.exe
  C:\Windows\System32\yhNvmXE.exe
  2⤵
  PID:12752
- C:\Windows\System32\OilUvbt.exe
  C:\Windows\System32\OilUvbt.exe
  2⤵
  PID:12728
- C:\Windows\System32\aMqQLcC.exe
  C:\Windows\System32\aMqQLcC.exe
  2⤵
  PID:12860
- C:\Windows\System32\nIPVbZU.exe
  C:\Windows\System32\nIPVbZU.exe
  2⤵
  PID:12876
- C:\Windows\System32\MQMHgTc.exe
  C:\Windows\System32\MQMHgTc.exe
  2⤵
  PID:12888
- C:\Windows\System32\veRPYPP.exe
  C:\Windows\System32\veRPYPP.exe
  2⤵
  PID:12972
- C:\Windows\System32\BwRjsHm.exe
  C:\Windows\System32\BwRjsHm.exe
  2⤵
  PID:12924
- C:\Windows\System32\hWrzHAj.exe
  C:\Windows\System32\hWrzHAj.exe
  2⤵
  PID:13072
- C:\Windows\System32\EbusiwA.exe
  C:\Windows\System32\EbusiwA.exe
  2⤵
  PID:13224
- C:\Windows\System32\TZPJveB.exe
  C:\Windows\System32\TZPJveB.exe
  2⤵
  PID:13268
- C:\Windows\System32\lugfMGy.exe
  C:\Windows\System32\lugfMGy.exe
  2⤵
  PID:11868
- C:\Windows\System32\xskjtmn.exe
  C:\Windows\System32\xskjtmn.exe
  2⤵
  PID:11924
- C:\Windows\System32\wchCOuJ.exe
  C:\Windows\System32\wchCOuJ.exe
  2⤵
  PID:12700
- C:\Windows\System32\ngQNrAB.exe
  C:\Windows\System32\ngQNrAB.exe
  2⤵
  PID:12852
- C:\Windows\System32\tpMrwqH.exe
  C:\Windows\System32\tpMrwqH.exe
  2⤵
  PID:12996
- C:\Windows\System32\JIpGsvy.exe
  C:\Windows\System32\JIpGsvy.exe
  2⤵
  PID:12912
- C:\Windows\System32\HZQqsBM.exe
  C:\Windows\System32\HZQqsBM.exe
  2⤵
  PID:13060
- C:\Windows\System32\AAgctJt.exe
  C:\Windows\System32\AAgctJt.exe
  2⤵
  PID:13236
- C:\Windows\System32\HnyfzOO.exe
  C:\Windows\System32\HnyfzOO.exe
  2⤵
  PID:12384
- C:\Windows\System32\TOTtxJr.exe
  C:\Windows\System32\TOTtxJr.exe
  2⤵
  PID:12796
- C:\Windows\System32\snetqrW.exe
  C:\Windows\System32\snetqrW.exe
  2⤵
  PID:13276
- C:\Windows\System32\xHpvapE.exe
  C:\Windows\System32\xHpvapE.exe
  2⤵
  PID:12524
- C:\Windows\System32\rcHZvtM.exe
  C:\Windows\System32\rcHZvtM.exe
  2⤵
  PID:12884
- C:\Windows\System32\lsDaxpE.exe
  C:\Windows\System32\lsDaxpE.exe
  2⤵
  PID:13328
- C:\Windows\System32\ZMSwqup.exe
  C:\Windows\System32\ZMSwqup.exe
  2⤵
  PID:13348
- C:\Windows\System32\XsyFBlV.exe
  C:\Windows\System32\XsyFBlV.exe
  2⤵
  PID:13396
- C:\Windows\System32\BeuRXgF.exe
  C:\Windows\System32\BeuRXgF.exe
  2⤵
  PID:13428
- C:\Windows\System32\ZwhbbaP.exe
  C:\Windows\System32\ZwhbbaP.exe
  2⤵
  PID:13460
- C:\Windows\System32\pmwkJnq.exe
  C:\Windows\System32\pmwkJnq.exe
  2⤵
  PID:13500
- C:\Windows\System32\NnzdJiU.exe
  C:\Windows\System32\NnzdJiU.exe
  2⤵
  PID:13520

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BRwNkoe.exe

Filesize
940KB

MD5
3b726a048b2a0259b62e1839be7b4e47

SHA1
316bcf6dbca1741524123679b5d9f84f3051a3a3

SHA256
4f05aa676a117ebee2e375c0ac11dfe5bd12f5cc34b6df3dffec02cd9a1b88b2

SHA512
5b95a0db7f341738bd532c68bc535266f5c095de904a94bfa800978d2678bbc3540480bc2d548d5e948cc16573074c9e562cec43de371567b8e646b9edcf7e61

Download Submit
C:\Windows\System32\CjFNwdU.exe

Filesize
943KB

MD5
09702c95a22f6f4e480029db7e227a65

SHA1
72e265c0d8c9e7829f4e5395e16079e6d7cbb718

SHA256
d88c1601c21e8395d217401ceb77df407d23119f7c5c607672de4e4e4efd91ba

SHA512
fb498bff9a2d7432f61117d0ff71b9858f527b18d7aa57dfb91b46c7271f390233a523814a7b0123f59e7711b6d502eb2196c1d7260f8bea762fa06d0a947fd7

Download Submit
C:\Windows\System32\EGrWydu.exe

Filesize
945KB

MD5
148600b0f11976f2dd574ed6e3e67fd7

SHA1
96c949091968ad540069bf05694c664985ae1546

SHA256
9ce070a25bfc085dedbb384e1d68f8ae40e65ff241222a81167ffb318c0757e1

SHA512
423cc827065a605fd5e50bf1b7fd2c918909d5206340b53d3aee510a3583ee2e95958edd5bb28a3739bc051109d930161e736b080712031f98dbe3307eae19e4

Download Submit
C:\Windows\System32\HyKBveH.exe

Filesize
944KB

MD5
9b0c3cdad4e0702187cfce1fcc1bf5ce

SHA1
4d97054f125a28e972c4d8578b0d4324d735b7a0

SHA256
72d77ed434982459a00c97c3c20919bec942d0575670dcb54ebb3e5445de65ff

SHA512
4a6531dd0ab61cb458a3b7a766158015f5a2a019b7288195cdb7d8839492cbb1aa1d957a63418ab11ccb63b4b44af57140e470de73198a26fb3db38c5c49735e

Download Submit
C:\Windows\System32\IijoxLZ.exe

Filesize
947KB

MD5
fb189bba8095015a0df8b41e1ebd78f5

SHA1
ab092781d09fca1f0d06b91deb494601d3a66e68

SHA256
382049dfb2107f91934f2e8ca0e734fb8290eeaef0715492f67b8f0e09d487d5

SHA512
ad9a2ba498030f94bd88bf01473414a3582a6b9487174a02bad2899c02a6990476b9d264037498e4bc2b7f867ea56493ffd404f8799a58b3464d0319861c9c19

Download Submit
C:\Windows\System32\JOMRqMZ.exe

Filesize
946KB

MD5
c591c7d34af79e9ca12c985fbb44a002

SHA1
8b7e44aaaae47158eb67758ea787505c607bfa8d

SHA256
55c1691f8692aa6a0b01f3b558a75c59cf07ece388540f2f8d55b7e30a2fac87

SHA512
a9b000c1dfb9e571da9db1b7e40b4a7c43855c37e4e4368fd43627ff3e8e445e8c827b9f68654ab0cba172f9ea544e85c9d423570b8ddfccce9f3da7b7776150

Download Submit
C:\Windows\System32\PpdAHVx.exe

Filesize
941KB

MD5
6a6bd6bc0de17c28bf9e5d28e721d6b5

SHA1
1b656dd7555d2232f973e4127f001f0657e7fb31

SHA256
0739b447d081fcdcb34a40ef27abc69b657770d0f79b756018a368947537ca3d

SHA512
f32bcb9d12069f73cb7271b88c5a106fa4c42a426bac8c6aa7d54c493e66dcbaf1911466694134514a1613d77b9b6d608adf308d8fa0b023de74d4253ee9fe15

Download Submit
C:\Windows\System32\PqxGYAi.exe

Filesize
942KB

MD5
73471ba92c6627496f06c9d371642f5b

SHA1
479ed30a5ee39b2f1f133c46d9831ea1d4fb31cf

SHA256
dcb00a20a82fdb869c52d2f4a0760bde208e888094b9fbd81ba658d33fd48ffa

SHA512
138e838d93118e43be831e20e74e9de089ca774e444efb289244e57a865d5a1e31fbd3e8287f3edcc1bd43d9bc07d229e7137823f73d652d73c15933974eb3f3

Download Submit
C:\Windows\System32\QSzrqyh.exe

Filesize
943KB

MD5
da25c558b42e32577a9c0f1d71d12201

SHA1
1069d34148899f8dd61bc21ae65a25a78390b39b

SHA256
bd0ab10418d9a5847642177fb6172c99072712cebe51f05579e905c7a0e76635

SHA512
bc900f91f23a3d5866828079d5d360058cc805954c8458203386107f87b177a67ab7fbb5ee00485273c39dfaa9f752c3e53b9c6a0eb90539e13974d9762899ec

Download Submit
C:\Windows\System32\QjHQcAw.exe

Filesize
944KB

MD5
e06edb1c3f61ef13d534ae0bf987b98a

SHA1
f2c1b62b30d5cc431891c567bea5e325451c5b3e

SHA256
0eff276a0f3782fbfe6323b3bf8406ecaa81dce48b3bea77efe0ff2555efa342

SHA512
0d9bebda64f6a1826dc13947f4bd5314e11e07e018d06d74e03c502709cd8fc97735684fd3b084ddf6a96dfa15a5b35835dea91b8157952ec3d0ae346ced9459

Download Submit
C:\Windows\System32\QqugTZv.exe

Filesize
942KB

MD5
f48b7616dbe51fe98454d95ec6e97574

SHA1
94843bdf842c6daf01ace7815470b5a4c3708888

SHA256
9899e81b3980fe2751d803153dc1d07162636d3b32aba17f9d05ea4321dc5779

SHA512
b309212183e6e0552cc4263f0f7cf23b27286b4fba7b4d57b812fabc36f39792661e5281d7159bd17457015ab1496a8476bded3cf9e340586d1a0dc0316d72d1

Download Submit
C:\Windows\System32\RuGiyir.exe

Filesize
946KB

MD5
56b988d3c3d97c0162d786f16025321e

SHA1
b32781f3073d871a463369e362af8de403768f5c

SHA256
b6e5fd13e3aa2ea7fe620fc3e45dd88568fcf0cb2218e93709ef61bd36d4a213

SHA512
74b3d063905b8009e4e610c67cb339d74801c25c6e04353d3834c4a5f7767ae7fe01a14a68f0aadbb85bfd23a9e0394f34c0d394994f77c2890ffe3632e9a427

Download Submit
C:\Windows\System32\TYYTZFW.exe

Filesize
941KB

MD5
7d51e84d4e21528d8ff26090415f0aa2

SHA1
6497bd6d5b6d1f21eea9a9b29e7715675fe47ec6

SHA256
b93a0c941ceab068ee1daaabc2b2d363cf2735c4e64cf347227d8745038fe6c6

SHA512
92a509d2dfc6192117b765671662c07c3fe60bb2d1ab45c956b3683eca54949597aad8a4954c24751829ac8073ab7814a78a0edf754a86b08dd862187224835b

Download Submit
C:\Windows\System32\UDmphiD.exe

Filesize
939KB

MD5
72374c6ae542e1d5a1981e2f51e65c34

SHA1
b76261894a39c814b415b4f882e032088cbbfe2a

SHA256
b10b96061dbf9d5b55988b26c92a0f38e84981fa7a15eac542a323146dc81e97

SHA512
d9b15be9a3b404eb3320a583d8ca001a8c5c70762aba93c8a17ba5afbd3c772d5687c4f4e8c7e53df7f9b49d195ce9cdae2d77a445b390326ea5d73851e762a5

Download Submit
C:\Windows\System32\WGmdMJJ.exe

Filesize
941KB

MD5
449833abab8cd35af3b86aa1169af866

SHA1
15715e1e9fb3cf2647b4ccff7df49af2357c65d1

SHA256
c4dac29a44d569f6f1803dc4126fcd2fca823c4d82bf79d4c629a945419aaafe

SHA512
b9ec952c6ae3b96cfcda94698e818277142c549a1dd845ee959068e32b6b972fafba76b354ad448d5eafc8e0a82aec392dadd815ab27fff85e3adc751264d279

Download Submit
C:\Windows\System32\cqmWCCh.exe

Filesize
940KB

MD5
cc18a7b6e8241fecd0284ed255a855db

SHA1
bee23f01c5de3c7f3cca85cbbc3eff9436ebc01d

SHA256
5c9fded316c7f60c2c576ceb5ae0023f623f6fc2e11098197663718e9046b731

SHA512
14c1b7cd4be840f37a536b3f9072806f864733090efde7d1191a2932631fea653b8bf0c2b0a59bc5593087b0dba15fa143b5e19d935170ecac5ae0bab088065e

Download Submit
C:\Windows\System32\gSDqzUc.exe

Filesize
945KB

MD5
59bff103725cc9175dafea895dc460b5

SHA1
f7bcbeba51123bbc42df144b7ca5e0fa66ee5b25

SHA256
b1782bd18956fe841d3df2b2715b7e27c435e4f369792fd06e4b9938b43d0dca

SHA512
6b1ca424e27f8e19940a094db2d7379e027b563cf1e8431105a669066d11876d8d132536b82a1c1f0cf66d589ad7d6efa1d1c663049c49479dc52b601847f715

Download Submit
C:\Windows\System32\gibcBjs.exe

Filesize
944KB

MD5
7e854ba6b2446087ea67ade69def920e

SHA1
82e854ed26dcd4b8444de436173c65144c6ca17d

SHA256
d31a8a770eacd19ac57d9122f1bc06f0aa66be8f4fbaf95308a5f6d2b9ae2eb7

SHA512
762f44473150bd4edc089fc5d8bd5e4af9a09c4769ea72ed2c69d6df7e73a406aa8435e9c412776738fc77665fcfdbfca9ea9f27471c8ce8ec12c84d1f5ca665

Download Submit
C:\Windows\System32\guqFYNy.exe

Filesize
943KB

MD5
6e2fba3c9010f38273bc019a8fa4cf2e

SHA1
7225aa8f25f70622231b2b878f8262f28870e281

SHA256
ca44df82dd910b4bce4b10468510acd9f807a809f20fc92a6933cb79f372157c

SHA512
71161809c516bad06bfdc8a8b00914e342dc5c15597bb545456be2b87a3abb7d727c4664d70f21d93d928490a7716180d450daa9931d2d94651474a3fa70b78f

Download Submit
C:\Windows\System32\jGDJrEc.exe

Filesize
945KB

MD5
4b23806bdf489c6c45b8f1c8cf4e5d4c

SHA1
2a5ea634feb3f7ce641d6bdb143525fb37c1fb3c

SHA256
01d8b7d856f298cfa037d87bbd026cd2dd6cc7a41dbe8063b3bb6b2ed0dd11f6

SHA512
a8d0c2e7d4eac54624769d4ccadd5655b8bea4d200969c477d0d4f42dbc3af8e592e6b5d78c27636f3e32a208738085b3ec8aca93d494262505879f1f52139ac

Download Submit
C:\Windows\System32\jzQzILQ.exe

Filesize
946KB

MD5
b6375753a97aaa606814ee6c7ce9213d

SHA1
765010323a6285602e052ce24fed29ec2b9938f3

SHA256
6b6120750206cfdfcd5bb3ca0c3f26a3b5e61e44fd5cf0f01996c8865a24b76f

SHA512
eac7f4a2e2ca7eb6d7253c65e89ab6eeedf882e302f696b13fa4c614b919da27aa284188e76a048ad20affc627562768f85d58fec4253ba51cd8b194ebf67123

Download Submit
C:\Windows\System32\mcQsbTp.exe

Filesize
942KB

MD5
3d6e2d694cfad606939ac5b25225624b

SHA1
d9fe7f56226d38a4e790e8a1b73d18266290fd8a

SHA256
425325aabc5479f67ce1ea88ed6d9d320e4b6a3afcaf8f70dafb1569d6dea88f

SHA512
cf70e5260039b9fb058f4b80e348614701abfb2a1903529bb2971478aa74f07bed8425524d05404b3d2a720682899b80f8aa4bd4c1d8aff3554a42b0cfde4eec

Download Submit
C:\Windows\System32\mzKgPxr.exe

Filesize
944KB

MD5
8bb6cc26266a5a857c0378583c4ec7b6

SHA1
e769284e94a3dacc2d104b9f89f1c8b868978981

SHA256
7bcc741a167f16ea9e89feab24a32173c66c04051982ac484fbbeb0b66c6e91c

SHA512
52cfc104188e14bd88c83327b9785ed6e7ee34572bb751a9ca6cedce3d34ae686ea80348859ba7ebdb1facb08aafb3fc267918f37e132522464e3c2f4c393efd

Download Submit
C:\Windows\System32\nGkowHI.exe

Filesize
942KB

MD5
21c9c02ed63513582a50aeb0f616a182

SHA1
84d2d4d1d264031cb00f95bb2b048f26ac5b7a3c

SHA256
630e19c24da401081849012acfd6c595613720db92eefb8fd61c5431bd45441a

SHA512
05d310815cc86178a0cbb4dec8383c62580a0c092ebb3f91021904c4b71dc2112227ffcffc9196a9d0b0becfcfbc5b4dc9f04ad97f8d444469c761ea0588d277

Download Submit
C:\Windows\System32\peMsABz.exe

Filesize
939KB

MD5
17bd851f2bc60efb4236d274a96454d1

SHA1
fcc773817b5f413293047f477830a0bce7442541

SHA256
678745e53027e333c24b9e325430fdb8220be2b2cef11c290739380c16f3f683

SHA512
1a36724d3288e37e089416f5963fccb1659708fc4df3b4a15fb5176303fcdd4b8c3d4d7f4fc755c1da60958c8e5169041de29cd3c2093a9bd9855c821df6c054

Download Submit
C:\Windows\System32\rvooUZt.exe

Filesize
940KB

MD5
dae5c673bd869b4e0f02ed9082ea1745

SHA1
4b62ecda60948e4ae9e175666a527ee671cc37ed

SHA256
9cfb0ae9a0f6adaa7eefbfc385ef39d16ee071f304b1b6d165b61137518341ec

SHA512
e708cfe830bbe5dd09f66d61633239bf30a00b26c83e1b07c080e2e8f18918672263cf41e1973275f3c374e5708f624faad8449b7f54f4e3a64f1c5f4c204e62

Download Submit
C:\Windows\System32\tHdODvM.exe

Filesize
943KB

MD5
a3f691ed77ac0503be9978b89ba01d60

SHA1
259452b59be2987862aef4838f37490d8f0776fb

SHA256
5675aa3ed9c256bc52b5597cd3b53f35ebd6caee676165023cbc411cac63b475

SHA512
9e2e3c5ce767c76598f93f4c6d2f9965a591416b2079a05f5baac8192ce9e408eab706f24fcf60ab8b916ea3988174c3591480787a172318a46e503db7679649

Download Submit
C:\Windows\System32\unzqDsZ.exe

Filesize
945KB

MD5
02d4ab3bb2187dc3f2292181a01b93e5

SHA1
aab801bd2ca55ad227f6c8c1247142572d9cecd3

SHA256
a3818ae96d41d6d6fab574055e98b5d5421017dcf1ec0b3012c8e33a3f72c713

SHA512
36f7cf050bd702e37a75da56484ab2f06ff568342dc537fb49ba40a19f65555608436c38031fe39af3d15665831fcfb577a121159c98e8f3bff3f6cbf394cf68

Download Submit
C:\Windows\System32\vAyCvGq.exe

Filesize
946KB

MD5
010fdf4a8e7df61023de0a6fe4070151

SHA1
e496d7866c2483689ca2f2c54db5ba23ca1ebf54

SHA256
7d26413eca38dd129c04542c68e7032842da13e679b32989b92be4b8b604e101

SHA512
2f3896eb9a7aacec9f6726815f6e273434915248ac44bc62b848d5acadc40f1276ca36f579165146893bea78b17e5b2eee071e16a71bdffca1eb3b2b9eb51289

Download Submit
C:\Windows\System32\vuQYcDF.exe

Filesize
942KB

MD5
a84781666982f531b44698c42be1050a

SHA1
91dff80d62724e7c5ff1d9ded1bbec2977f15b14

SHA256
6df99c09f52bb4a10502efcfd8f2a6055d039efacbb4e6fd07f03b4374b24d68

SHA512
c6fa8b1530f550c79c05911a6a1203c3f865ebd67cd52918b50012d1507bad55e477e6ee8a4db905af9c9ce2d080bf0d8fba0d6e73bfffd5f0e61e9fbb213927

Download Submit
C:\Windows\System32\wIbGvJA.exe

Filesize
940KB

MD5
eb65655185e25e22f75aa44393e84a9d

SHA1
d075e5a04429e7061d82c7fdd6f027bd7773a4f4

SHA256
03d9967360f1e4f37583e530a1699aec886520df881e483a67c052235c1916af

SHA512
35b61e485c93c68005ec74bcd0e99b7edb95df761364513f08ab2fabf7dab2ae5cfa3115ea241580d4fdada0cf487fcdb524ac99ece0b638c0578c90d5054681

Download Submit
C:\Windows\System32\wOdvYth.exe

Filesize
941KB

MD5
88d5941eab076a802e69c04af99183a2

SHA1
9f253f495d9ae1069cdaedb45c6fbacd02e4c9f5

SHA256
1e643b4c0b3f28f4938a2195a05958b44dcd105166e18879737410f68226b837

SHA512
10e4bcb3586533da7ad0fdd56c853e62395fb195829498acd091ec112473578df09208db2a33d24dc5f8a9c4a221d364b09bbb0636414fcccda0c3130e613c6b

Download Submit
memory/552-424-0x00007FF6C61D0000-0x00007FF6C65C1000-memory.dmp

Filesize
3.9MB

Download
memory/668-2204-0x00007FF794360000-0x00007FF794751000-memory.dmp

Filesize
3.9MB

Download
memory/668-510-0x00007FF794360000-0x00007FF794751000-memory.dmp

Filesize
3.9MB

Download
memory/1364-405-0x00007FF785D30000-0x00007FF786121000-memory.dmp

Filesize
3.9MB

Download
memory/1364-2151-0x00007FF785D30000-0x00007FF786121000-memory.dmp

Filesize
3.9MB

Download
memory/1524-495-0x00007FF63B090000-0x00007FF63B481000-memory.dmp

Filesize
3.9MB

Download
memory/1524-2200-0x00007FF63B090000-0x00007FF63B481000-memory.dmp

Filesize
3.9MB

Download
memory/1556-2167-0x00007FF727E50000-0x00007FF728241000-memory.dmp

Filesize
3.9MB

Download
memory/1556-428-0x00007FF727E50000-0x00007FF728241000-memory.dmp

Filesize
3.9MB

Download
memory/1856-36-0x00007FF614AA0000-0x00007FF614E91000-memory.dmp

Filesize
3.9MB

Download
memory/1856-1389-0x00007FF614AA0000-0x00007FF614E91000-memory.dmp

Filesize
3.9MB

Download
memory/2260-2198-0x00007FF636370000-0x00007FF636761000-memory.dmp

Filesize
3.9MB

Download
memory/2260-441-0x00007FF636370000-0x00007FF636761000-memory.dmp

Filesize
3.9MB

Download
memory/2320-523-0x00007FF762860000-0x00007FF762C51000-memory.dmp

Filesize
3.9MB

Download
memory/2320-2149-0x00007FF762860000-0x00007FF762C51000-memory.dmp

Filesize
3.9MB

Download
memory/2776-432-0x00007FF701100000-0x00007FF7014F1000-memory.dmp

Filesize
3.9MB

Download
memory/2872-1332-0x00007FF70A740000-0x00007FF70AB31000-memory.dmp

Filesize
3.9MB

Download
memory/2872-0-0x00007FF70A740000-0x00007FF70AB31000-memory.dmp

Filesize
3.9MB

Download
memory/2872-1-0x0000023CC6600000-0x0000023CC6610000-memory.dmp

Filesize
64KB

Download
memory/2876-34-0x00007FF613280000-0x00007FF613671000-memory.dmp

Filesize
3.9MB

Download
memory/2876-1383-0x00007FF613280000-0x00007FF613671000-memory.dmp

Filesize
3.9MB

Download
memory/3124-49-0x00007FF6B4350000-0x00007FF6B4741000-memory.dmp

Filesize
3.9MB

Download
memory/3124-1335-0x00007FF6B4350000-0x00007FF6B4741000-memory.dmp

Filesize
3.9MB

Download
memory/3436-444-0x00007FF610350000-0x00007FF610741000-memory.dmp

Filesize
3.9MB

Download
memory/3436-2212-0x00007FF610350000-0x00007FF610741000-memory.dmp

Filesize
3.9MB

Download
memory/3592-442-0x00007FF702180000-0x00007FF702571000-memory.dmp

Filesize
3.9MB

Download
memory/3592-2202-0x00007FF702180000-0x00007FF702571000-memory.dmp

Filesize
3.9MB

Download
memory/3612-426-0x00007FF7ADFA0000-0x00007FF7AE391000-memory.dmp

Filesize
3.9MB

Download
memory/3656-1334-0x00007FF7DF950000-0x00007FF7DFD41000-memory.dmp

Filesize
3.9MB

Download
memory/3656-31-0x00007FF7DF950000-0x00007FF7DFD41000-memory.dmp

Filesize
3.9MB

Download
memory/3656-2147-0x00007FF7DF950000-0x00007FF7DFD41000-memory.dmp

Filesize
3.9MB

Download
memory/3724-507-0x00007FF6D0400000-0x00007FF6D07F1000-memory.dmp

Filesize
3.9MB

Download
memory/3724-2206-0x00007FF6D0400000-0x00007FF6D07F1000-memory.dmp

Filesize
3.9MB

Download
memory/3976-14-0x00007FF798430000-0x00007FF798821000-memory.dmp

Filesize
3.9MB

Download
memory/3976-2145-0x00007FF798430000-0x00007FF798821000-memory.dmp

Filesize
3.9MB

Download
memory/3976-1333-0x00007FF798430000-0x00007FF798821000-memory.dmp

Filesize
3.9MB

Download
memory/4248-422-0x00007FF608CC0000-0x00007FF6090B1000-memory.dmp

Filesize
3.9MB

Download
memory/4356-2158-0x00007FF635630000-0x00007FF635A21000-memory.dmp

Filesize
3.9MB

Download
memory/4356-398-0x00007FF635630000-0x00007FF635A21000-memory.dmp

Filesize
3.9MB

Download
memory/4360-2156-0x00007FF6428C0000-0x00007FF642CB1000-memory.dmp

Filesize
3.9MB

Download
memory/4360-410-0x00007FF6428C0000-0x00007FF642CB1000-memory.dmp

Filesize
3.9MB

Download
memory/4416-399-0x00007FF6B00B0000-0x00007FF6B04A1000-memory.dmp

Filesize
3.9MB

Download
memory/4416-2154-0x00007FF6B00B0000-0x00007FF6B04A1000-memory.dmp

Filesize
3.9MB

Download
memory/4544-38-0x00007FF6F83A0000-0x00007FF6F8791000-memory.dmp

Filesize
3.9MB

Download
memory/4544-1390-0x00007FF6F83A0000-0x00007FF6F8791000-memory.dmp

Filesize
3.9MB

Download
memory/4592-501-0x00007FF7D0500000-0x00007FF7D08F1000-memory.dmp

Filesize
3.9MB

Download
memory/4592-2208-0x00007FF7D0500000-0x00007FF7D08F1000-memory.dmp

Filesize
3.9MB

Download
memory/4732-496-0x00007FF723470000-0x00007FF723861000-memory.dmp

Filesize
3.9MB

Download
memory/4732-2210-0x00007FF723470000-0x00007FF723861000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads