xmrig | f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306

Analysis

max time kernel
112s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
Size

1.3MB
MD5

d921d6276327242930e061622a955190
SHA1

6377e25b8b1740a2b03c6e1d83ccaab2169669bb
SHA256

f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306
SHA512

e04f0d697964afc0dc726c65a698c7837a8aed310bed81328e21108e9eb6cdd3642839a0e9003f6b3535161c7160a9938ca5919d93e97808e3696b9eefdc50e9
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5Pbcqa7MZt+XRK4FgTQn:knw9oUUEEDl37jcqa7V/gsn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral2/memory/1860-91-0x00007FF64F150000-0x00007FF64F541000-memory.dmp	xmrig
behavioral2/memory/4968-88-0x00007FF69EBA0000-0x00007FF69EF91000-memory.dmp	xmrig
behavioral2/memory/2728-84-0x00007FF7D74B0000-0x00007FF7D78A1000-memory.dmp	xmrig
behavioral2/memory/2328-73-0x00007FF7D3330000-0x00007FF7D3721000-memory.dmp	xmrig
behavioral2/memory/4972-72-0x00007FF74ED70000-0x00007FF74F161000-memory.dmp	xmrig
behavioral2/memory/2944-67-0x00007FF6CDF00000-0x00007FF6CE2F1000-memory.dmp	xmrig
behavioral2/memory/4176-56-0x00007FF64DD20000-0x00007FF64E111000-memory.dmp	xmrig
behavioral2/memory/4488-92-0x00007FF72E7A0000-0x00007FF72EB91000-memory.dmp	xmrig
behavioral2/memory/2320-145-0x00007FF739A80000-0x00007FF739E71000-memory.dmp	xmrig
behavioral2/memory/4840-128-0x00007FF70BCF0000-0x00007FF70C0E1000-memory.dmp	xmrig
behavioral2/memory/4544-153-0x00007FF624DF0000-0x00007FF6251E1000-memory.dmp	xmrig
behavioral2/memory/4436-157-0x00007FF7563C0000-0x00007FF7567B1000-memory.dmp	xmrig
behavioral2/memory/2400-161-0x00007FF6B0A70000-0x00007FF6B0E61000-memory.dmp	xmrig
behavioral2/memory/4884-345-0x00007FF7C9FD0000-0x00007FF7CA3C1000-memory.dmp	xmrig
behavioral2/memory/2216-160-0x00007FF79AA60000-0x00007FF79AE51000-memory.dmp	xmrig
behavioral2/memory/4700-350-0x00007FF7422A0000-0x00007FF742691000-memory.dmp	xmrig
behavioral2/memory/460-500-0x00007FF64C700000-0x00007FF64CAF1000-memory.dmp	xmrig
behavioral2/memory/1176-608-0x00007FF67E960000-0x00007FF67ED51000-memory.dmp	xmrig
behavioral2/memory/1120-771-0x00007FF7F2690000-0x00007FF7F2A81000-memory.dmp	xmrig
behavioral2/memory/4000-914-0x00007FF763A20000-0x00007FF763E11000-memory.dmp	xmrig
behavioral2/memory/4748-1061-0x00007FF646F50000-0x00007FF647341000-memory.dmp	xmrig
behavioral2/memory/3828-1220-0x00007FF64AC00000-0x00007FF64AFF1000-memory.dmp	xmrig
behavioral2/memory/4600-1383-0x00007FF743B30000-0x00007FF743F21000-memory.dmp	xmrig
behavioral2/memory/4444-1379-0x00007FF64AEA0000-0x00007FF64B291000-memory.dmp	xmrig
behavioral2/memory/1156-1387-0x00007FF6EFFB0000-0x00007FF6F03A1000-memory.dmp	xmrig
behavioral2/memory/4176-2125-0x00007FF64DD20000-0x00007FF64E111000-memory.dmp	xmrig
behavioral2/memory/4972-2137-0x00007FF74ED70000-0x00007FF74F161000-memory.dmp	xmrig
behavioral2/memory/2328-2139-0x00007FF7D3330000-0x00007FF7D3721000-memory.dmp	xmrig
behavioral2/memory/1860-2141-0x00007FF64F150000-0x00007FF64F541000-memory.dmp	xmrig
behavioral2/memory/4884-2145-0x00007FF7C9FD0000-0x00007FF7CA3C1000-memory.dmp	xmrig
behavioral2/memory/4544-2147-0x00007FF624DF0000-0x00007FF6251E1000-memory.dmp	xmrig
behavioral2/memory/4488-2143-0x00007FF72E7A0000-0x00007FF72EB91000-memory.dmp	xmrig
behavioral2/memory/4700-2162-0x00007FF7422A0000-0x00007FF742691000-memory.dmp	xmrig
behavioral2/memory/460-2164-0x00007FF64C700000-0x00007FF64CAF1000-memory.dmp	xmrig
behavioral2/memory/2944-2166-0x00007FF6CDF00000-0x00007FF6CE2F1000-memory.dmp	xmrig
behavioral2/memory/4968-2181-0x00007FF69EBA0000-0x00007FF69EF91000-memory.dmp	xmrig
behavioral2/memory/2728-2179-0x00007FF7D74B0000-0x00007FF7D78A1000-memory.dmp	xmrig
behavioral2/memory/4840-2224-0x00007FF70BCF0000-0x00007FF70C0E1000-memory.dmp	xmrig
behavioral2/memory/1176-2222-0x00007FF67E960000-0x00007FF67ED51000-memory.dmp	xmrig
behavioral2/memory/1120-2220-0x00007FF7F2690000-0x00007FF7F2A81000-memory.dmp	xmrig
behavioral2/memory/4000-2218-0x00007FF763A20000-0x00007FF763E11000-memory.dmp	xmrig
behavioral2/memory/4600-2230-0x00007FF743B30000-0x00007FF743F21000-memory.dmp	xmrig
behavioral2/memory/2216-2228-0x00007FF79AA60000-0x00007FF79AE51000-memory.dmp	xmrig
behavioral2/memory/4748-2226-0x00007FF646F50000-0x00007FF647341000-memory.dmp	xmrig
behavioral2/memory/2400-2232-0x00007FF6B0A70000-0x00007FF6B0E61000-memory.dmp	xmrig
behavioral2/memory/4444-2267-0x00007FF64AEA0000-0x00007FF64B291000-memory.dmp	xmrig
behavioral2/memory/1156-2262-0x00007FF6EFFB0000-0x00007FF6F03A1000-memory.dmp	xmrig
behavioral2/memory/4436-2238-0x00007FF7563C0000-0x00007FF7567B1000-memory.dmp	xmrig
behavioral2/memory/3828-2236-0x00007FF64AC00000-0x00007FF64AFF1000-memory.dmp	xmrig
behavioral2/memory/2320-2234-0x00007FF739A80000-0x00007FF739E71000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4972	eevTxVP.exe
2328	PwTPFUh.exe
1860	JsBDuuV.exe
4488	efqWXJv.exe
4544	SWsHGoh.exe
4884	LBHvKkR.exe
4700	MwBmRAg.exe
460	OurPIlk.exe
2944	QBkJajL.exe
1120	OerjXss.exe
2728	UVTJtAo.exe
4968	BEflMpE.exe
1176	uthVMyE.exe
4000	mgiqgAb.exe
4748	LUwfMOX.exe
4444	OHzQjpc.exe
4600	VFcBAwW.exe
3828	ZSVrYFb.exe
4840	UrqCtiF.exe
4436	FQQQZUD.exe
2216	WLhADem.exe
2320	iRmdItb.exe
2400	dKfUYfj.exe
1156	dNypzTc.exe
3688	pFTVZPB.exe
3612	hEEyLHj.exe
2420	InfjUIA.exe
1312	lKdeDQY.exe
3092	BxLXGdp.exe
1772	hLOallF.exe
4828	nijadRA.exe
1620	cQqFUUA.exe
4256	wqxaFmG.exe
1192	JQNGjYl.exe
4092	tpUvAwk.exe
4836	NXetGxZ.exe
3736	uVdVFIV.exe
4388	LymjspJ.exe
1704	Ozwzqfm.exe
3920	YnRUpve.exe
3804	YrsLqlK.exe
1080	heRTqKA.exe
2144	YGQhfRr.exe
3032	LVzKSjJ.exe
3412	NrtWydG.exe
908	lmRJjel.exe
2384	OMOwoJv.exe
3292	KctYmZT.exe
4520	VlAmBjU.exe
4928	VgyTnho.exe
1980	TqFVeoR.exe
5004	jlbdTfK.exe
4584	bpsefKK.exe
2832	harHEHj.exe
3328	yfsVMLh.exe
4560	cILBVVr.exe
2156	jPcRmQq.exe
2124	sIdCyFD.exe
968	TJSgIyC.exe
3560	hGSCglL.exe
412	DBVCiJs.exe
2364	zGNqSVp.exe
4808	FVHFnFo.exe
4832	ZMHZQdn.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\bNCIMyF.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\zmArlVM.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\GZRmLiO.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\xiDrgTs.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\VnIlIsZ.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\BjdcmwW.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\DagqRIA.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\TrfJxzH.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\miFPpLy.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\WOopWlt.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\atkngOq.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\hGSCglL.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\DbkWWcQ.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\NCRXWcb.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\InfjUIA.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\kFhFdBO.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\yvaWlsq.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\tyhRRWo.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\EgcOwXj.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\RUFOFEx.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\MzUKJPz.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\eJUZcPx.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\SftVpmk.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\iZGGuHy.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\sSnQTaW.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\Dicvfwt.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\JNuiJzR.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\JsVLkzy.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\xpkuHLT.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\hZdUCal.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\XvvbdUa.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\NrtWydG.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\hKvLBVE.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\cvePHTv.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\CcLWXmV.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\uGhFQpb.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\JsBDuuV.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\MAUWfno.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\UAqGVfC.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\IgEtmcY.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\FkUQuQd.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\SkGVQJz.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\sIXDYEw.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\BpfyOjm.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\kumaZGo.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\jholvNI.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\NCKxCIa.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\JnYjaNh.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\hcPwquE.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\SbzGWvQ.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\sEliTAN.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\BuyUaNV.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\oGmkZdw.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\VsQVrBB.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\xhKbeQX.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\vAywniO.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\ZtqTryG.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\zHbzkiO.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\kGvbAst.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\OogDENq.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\adGPapC.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\SksvQPy.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\iFwdzjE.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
File created	C:\Windows\System32\ZSVrYFb.exe	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4176-0-0x00007FF64DD20000-0x00007FF64E111000-memory.dmp	upx
behavioral2/files/0x000a000000023c07-4.dat	upx
behavioral2/files/0x0007000000023cae-7.dat	upx
behavioral2/files/0x0008000000023caa-11.dat	upx
behavioral2/memory/4972-13-0x00007FF74ED70000-0x00007FF74F161000-memory.dmp	upx
behavioral2/memory/2328-17-0x00007FF7D3330000-0x00007FF7D3721000-memory.dmp	upx
behavioral2/memory/1860-23-0x00007FF64F150000-0x00007FF64F541000-memory.dmp	upx
behavioral2/files/0x0007000000023cb1-30.dat	upx
behavioral2/memory/4884-33-0x00007FF7C9FD0000-0x00007FF7CA3C1000-memory.dmp	upx
behavioral2/files/0x0007000000023cb0-37.dat	upx
behavioral2/files/0x0007000000023caf-32.dat	upx
behavioral2/memory/4544-29-0x00007FF624DF0000-0x00007FF6251E1000-memory.dmp	upx
behavioral2/memory/4488-28-0x00007FF72E7A0000-0x00007FF72EB91000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-41.dat	upx
behavioral2/memory/4700-46-0x00007FF7422A0000-0x00007FF742691000-memory.dmp	upx
behavioral2/files/0x0008000000023cab-59.dat	upx
behavioral2/files/0x0007000000023cb7-69.dat	upx
behavioral2/files/0x0007000000023cb8-70.dat	upx
behavioral2/memory/1176-80-0x00007FF67E960000-0x00007FF67ED51000-memory.dmp	upx
behavioral2/memory/4000-89-0x00007FF763A20000-0x00007FF763E11000-memory.dmp	upx
behavioral2/memory/1860-91-0x00007FF64F150000-0x00007FF64F541000-memory.dmp	upx
behavioral2/memory/4748-90-0x00007FF646F50000-0x00007FF647341000-memory.dmp	upx
behavioral2/memory/4968-88-0x00007FF69EBA0000-0x00007FF69EF91000-memory.dmp	upx
behavioral2/files/0x0007000000023cb9-87.dat	upx
behavioral2/files/0x0007000000023cb4-85.dat	upx
behavioral2/memory/2728-84-0x00007FF7D74B0000-0x00007FF7D78A1000-memory.dmp	upx
behavioral2/files/0x0007000000023cb5-83.dat	upx
behavioral2/files/0x0007000000023cb6-76.dat	upx
behavioral2/memory/1120-74-0x00007FF7F2690000-0x00007FF7F2A81000-memory.dmp	upx
behavioral2/memory/2328-73-0x00007FF7D3330000-0x00007FF7D3721000-memory.dmp	upx
behavioral2/memory/4972-72-0x00007FF74ED70000-0x00007FF74F161000-memory.dmp	upx
behavioral2/memory/2944-67-0x00007FF6CDF00000-0x00007FF6CE2F1000-memory.dmp	upx
behavioral2/files/0x0007000000023cb3-62.dat	upx
behavioral2/memory/4176-56-0x00007FF64DD20000-0x00007FF64E111000-memory.dmp	upx
behavioral2/memory/460-53-0x00007FF64C700000-0x00007FF64CAF1000-memory.dmp	upx
behavioral2/memory/4488-92-0x00007FF72E7A0000-0x00007FF72EB91000-memory.dmp	upx
behavioral2/files/0x0007000000023cba-104.dat	upx
behavioral2/files/0x0007000000023cbd-108.dat	upx
behavioral2/files/0x0007000000023cbe-114.dat	upx
behavioral2/files/0x0007000000023cbf-120.dat	upx
behavioral2/files/0x0007000000023cbb-123.dat	upx
behavioral2/files/0x0007000000023cc1-140.dat	upx
behavioral2/files/0x0007000000023cc5-146.dat	upx
behavioral2/memory/2320-145-0x00007FF739A80000-0x00007FF739E71000-memory.dmp	upx
behavioral2/files/0x0007000000023cc4-144.dat	upx
behavioral2/files/0x0007000000023cc3-143.dat	upx
behavioral2/files/0x0007000000023cc2-142.dat	upx
behavioral2/files/0x0007000000023cbc-137.dat	upx
behavioral2/files/0x0007000000023cc0-129.dat	upx
behavioral2/memory/4840-128-0x00007FF70BCF0000-0x00007FF70C0E1000-memory.dmp	upx
behavioral2/memory/3828-116-0x00007FF64AC00000-0x00007FF64AFF1000-memory.dmp	upx
behavioral2/memory/4600-113-0x00007FF743B30000-0x00007FF743F21000-memory.dmp	upx
behavioral2/memory/4444-112-0x00007FF64AEA0000-0x00007FF64B291000-memory.dmp	upx
behavioral2/memory/4544-153-0x00007FF624DF0000-0x00007FF6251E1000-memory.dmp	upx
behavioral2/memory/4436-157-0x00007FF7563C0000-0x00007FF7567B1000-memory.dmp	upx
behavioral2/memory/2400-161-0x00007FF6B0A70000-0x00007FF6B0E61000-memory.dmp	upx
behavioral2/files/0x0007000000023cc6-171.dat	upx
behavioral2/files/0x0007000000023cc8-178.dat	upx
behavioral2/files/0x0007000000023cca-189.dat	upx
behavioral2/memory/4884-345-0x00007FF7C9FD0000-0x00007FF7CA3C1000-memory.dmp	upx
behavioral2/files/0x0007000000023ccb-192.dat	upx
behavioral2/files/0x0007000000023cc9-186.dat	upx
behavioral2/files/0x0007000000023cc7-176.dat	upx
behavioral2/memory/2216-160-0x00007FF79AA60000-0x00007FF79AE51000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14008	dwm.exe
Token: SeChangeNotifyPrivilege	14008	dwm.exe
Token: 33	14008	dwm.exe
Token: SeIncBasePriorityPrivilege	14008	dwm.exe
Token: SeShutdownPrivilege	14008	dwm.exe
Token: SeCreatePagefilePrivilege	14008	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 4972	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	84
PID 4176 wrote to memory of 4972	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	84
PID 4176 wrote to memory of 2328	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	85
PID 4176 wrote to memory of 2328	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	85
PID 4176 wrote to memory of 1860	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	86
PID 4176 wrote to memory of 1860	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	86
PID 4176 wrote to memory of 4488	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	87
PID 4176 wrote to memory of 4488	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	87
PID 4176 wrote to memory of 4544	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	88
PID 4176 wrote to memory of 4544	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	88
PID 4176 wrote to memory of 4884	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	89
PID 4176 wrote to memory of 4884	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	89
PID 4176 wrote to memory of 4700	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	90
PID 4176 wrote to memory of 4700	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	90
PID 4176 wrote to memory of 460	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	91
PID 4176 wrote to memory of 460	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	91
PID 4176 wrote to memory of 2944	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	92
PID 4176 wrote to memory of 2944	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	92
PID 4176 wrote to memory of 4000	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	93
PID 4176 wrote to memory of 4000	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	93
PID 4176 wrote to memory of 1120	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	94
PID 4176 wrote to memory of 1120	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	94
PID 4176 wrote to memory of 2728	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	95
PID 4176 wrote to memory of 2728	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	95
PID 4176 wrote to memory of 4968	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	96
PID 4176 wrote to memory of 4968	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	96
PID 4176 wrote to memory of 1176	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	97
PID 4176 wrote to memory of 1176	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	97
PID 4176 wrote to memory of 4748	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	98
PID 4176 wrote to memory of 4748	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	98
PID 4176 wrote to memory of 4444	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	99
PID 4176 wrote to memory of 4444	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	99
PID 4176 wrote to memory of 4600	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	100
PID 4176 wrote to memory of 4600	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	100
PID 4176 wrote to memory of 3828	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	101
PID 4176 wrote to memory of 3828	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	101
PID 4176 wrote to memory of 4840	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	102
PID 4176 wrote to memory of 4840	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	102
PID 4176 wrote to memory of 4436	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	103
PID 4176 wrote to memory of 4436	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	103
PID 4176 wrote to memory of 2216	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	104
PID 4176 wrote to memory of 2216	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	104
PID 4176 wrote to memory of 2320	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	105
PID 4176 wrote to memory of 2320	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	105
PID 4176 wrote to memory of 2400	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	106
PID 4176 wrote to memory of 2400	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	106
PID 4176 wrote to memory of 1156	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	107
PID 4176 wrote to memory of 1156	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	107
PID 4176 wrote to memory of 3688	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	108
PID 4176 wrote to memory of 3688	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	108
PID 4176 wrote to memory of 3612	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	109
PID 4176 wrote to memory of 3612	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	109
PID 4176 wrote to memory of 2420	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	110
PID 4176 wrote to memory of 2420	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	110
PID 4176 wrote to memory of 1312	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	111
PID 4176 wrote to memory of 1312	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	111
PID 4176 wrote to memory of 3092	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	112
PID 4176 wrote to memory of 3092	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	112
PID 4176 wrote to memory of 1772	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	113
PID 4176 wrote to memory of 1772	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	113
PID 4176 wrote to memory of 4828	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	114
PID 4176 wrote to memory of 4828	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	114
PID 4176 wrote to memory of 1620	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	115
PID 4176 wrote to memory of 1620	4176	f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe	115

C:\Users\Admin\AppData\Local\Temp\f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe
"C:\Users\Admin\AppData\Local\Temp\f257bc60f0888c6da9d72fc9b43e31e70a2e27e80d8df0cc12d0c135b19dd306N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Windows\System32\eevTxVP.exe
  C:\Windows\System32\eevTxVP.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System32\PwTPFUh.exe
  C:\Windows\System32\PwTPFUh.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System32\JsBDuuV.exe
  C:\Windows\System32\JsBDuuV.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System32\efqWXJv.exe
  C:\Windows\System32\efqWXJv.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System32\SWsHGoh.exe
  C:\Windows\System32\SWsHGoh.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System32\LBHvKkR.exe
  C:\Windows\System32\LBHvKkR.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System32\MwBmRAg.exe
  C:\Windows\System32\MwBmRAg.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System32\OurPIlk.exe
  C:\Windows\System32\OurPIlk.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System32\QBkJajL.exe
  C:\Windows\System32\QBkJajL.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System32\mgiqgAb.exe
  C:\Windows\System32\mgiqgAb.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System32\OerjXss.exe
  C:\Windows\System32\OerjXss.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System32\UVTJtAo.exe
  C:\Windows\System32\UVTJtAo.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System32\BEflMpE.exe
  C:\Windows\System32\BEflMpE.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System32\uthVMyE.exe
  C:\Windows\System32\uthVMyE.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System32\LUwfMOX.exe
  C:\Windows\System32\LUwfMOX.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System32\OHzQjpc.exe
  C:\Windows\System32\OHzQjpc.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System32\VFcBAwW.exe
  C:\Windows\System32\VFcBAwW.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System32\ZSVrYFb.exe
  C:\Windows\System32\ZSVrYFb.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System32\UrqCtiF.exe
  C:\Windows\System32\UrqCtiF.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System32\FQQQZUD.exe
  C:\Windows\System32\FQQQZUD.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System32\WLhADem.exe
  C:\Windows\System32\WLhADem.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System32\iRmdItb.exe
  C:\Windows\System32\iRmdItb.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System32\dKfUYfj.exe
  C:\Windows\System32\dKfUYfj.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System32\dNypzTc.exe
  C:\Windows\System32\dNypzTc.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System32\pFTVZPB.exe
  C:\Windows\System32\pFTVZPB.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System32\hEEyLHj.exe
  C:\Windows\System32\hEEyLHj.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System32\InfjUIA.exe
  C:\Windows\System32\InfjUIA.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System32\lKdeDQY.exe
  C:\Windows\System32\lKdeDQY.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System32\BxLXGdp.exe
  C:\Windows\System32\BxLXGdp.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System32\hLOallF.exe
  C:\Windows\System32\hLOallF.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System32\nijadRA.exe
  C:\Windows\System32\nijadRA.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System32\cQqFUUA.exe
  C:\Windows\System32\cQqFUUA.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\wqxaFmG.exe
  C:\Windows\System32\wqxaFmG.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System32\JQNGjYl.exe
  C:\Windows\System32\JQNGjYl.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System32\tpUvAwk.exe
  C:\Windows\System32\tpUvAwk.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System32\NXetGxZ.exe
  C:\Windows\System32\NXetGxZ.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System32\uVdVFIV.exe
  C:\Windows\System32\uVdVFIV.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System32\LymjspJ.exe
  C:\Windows\System32\LymjspJ.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System32\Ozwzqfm.exe
  C:\Windows\System32\Ozwzqfm.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System32\YnRUpve.exe
  C:\Windows\System32\YnRUpve.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System32\YrsLqlK.exe
  C:\Windows\System32\YrsLqlK.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System32\heRTqKA.exe
  C:\Windows\System32\heRTqKA.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System32\YGQhfRr.exe
  C:\Windows\System32\YGQhfRr.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System32\LVzKSjJ.exe
  C:\Windows\System32\LVzKSjJ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System32\NrtWydG.exe
  C:\Windows\System32\NrtWydG.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System32\lmRJjel.exe
  C:\Windows\System32\lmRJjel.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System32\OMOwoJv.exe
  C:\Windows\System32\OMOwoJv.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System32\KctYmZT.exe
  C:\Windows\System32\KctYmZT.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System32\VlAmBjU.exe
  C:\Windows\System32\VlAmBjU.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System32\VgyTnho.exe
  C:\Windows\System32\VgyTnho.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System32\TqFVeoR.exe
  C:\Windows\System32\TqFVeoR.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System32\jlbdTfK.exe
  C:\Windows\System32\jlbdTfK.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System32\bpsefKK.exe
  C:\Windows\System32\bpsefKK.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System32\harHEHj.exe
  C:\Windows\System32\harHEHj.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System32\yfsVMLh.exe
  C:\Windows\System32\yfsVMLh.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System32\cILBVVr.exe
  C:\Windows\System32\cILBVVr.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System32\jPcRmQq.exe
  C:\Windows\System32\jPcRmQq.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System32\sIdCyFD.exe
  C:\Windows\System32\sIdCyFD.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System32\TJSgIyC.exe
  C:\Windows\System32\TJSgIyC.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System32\hGSCglL.exe
  C:\Windows\System32\hGSCglL.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System32\DBVCiJs.exe
  C:\Windows\System32\DBVCiJs.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System32\zGNqSVp.exe
  C:\Windows\System32\zGNqSVp.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System32\FVHFnFo.exe
  C:\Windows\System32\FVHFnFo.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System32\ZMHZQdn.exe
  C:\Windows\System32\ZMHZQdn.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System32\DagqRIA.exe
  C:\Windows\System32\DagqRIA.exe
  2⤵
  PID:4924
- C:\Windows\System32\lRKGppH.exe
  C:\Windows\System32\lRKGppH.exe
  2⤵
  PID:5016
- C:\Windows\System32\CFGgWmd.exe
  C:\Windows\System32\CFGgWmd.exe
  2⤵
  PID:396
- C:\Windows\System32\bQTJqBK.exe
  C:\Windows\System32\bQTJqBK.exe
  2⤵
  PID:640
- C:\Windows\System32\OEVrGLS.exe
  C:\Windows\System32\OEVrGLS.exe
  2⤵
  PID:2680
- C:\Windows\System32\vAywniO.exe
  C:\Windows\System32\vAywniO.exe
  2⤵
  PID:4736
- C:\Windows\System32\ZtqTryG.exe
  C:\Windows\System32\ZtqTryG.exe
  2⤵
  PID:2356
- C:\Windows\System32\oLEgflM.exe
  C:\Windows\System32\oLEgflM.exe
  2⤵
  PID:3188
- C:\Windows\System32\NByCVFW.exe
  C:\Windows\System32\NByCVFW.exe
  2⤵
  PID:4980
- C:\Windows\System32\yJIKCSI.exe
  C:\Windows\System32\yJIKCSI.exe
  2⤵
  PID:3308
- C:\Windows\System32\eUBHmvz.exe
  C:\Windows\System32\eUBHmvz.exe
  2⤵
  PID:4312
- C:\Windows\System32\fEQbjJV.exe
  C:\Windows\System32\fEQbjJV.exe
  2⤵
  PID:2116
- C:\Windows\System32\PBgQMGD.exe
  C:\Windows\System32\PBgQMGD.exe
  2⤵
  PID:3040
- C:\Windows\System32\wcLSniq.exe
  C:\Windows\System32\wcLSniq.exe
  2⤵
  PID:452
- C:\Windows\System32\apvUXeh.exe
  C:\Windows\System32\apvUXeh.exe
  2⤵
  PID:2236
- C:\Windows\System32\cmoXKuB.exe
  C:\Windows\System32\cmoXKuB.exe
  2⤵
  PID:520
- C:\Windows\System32\COPuWQD.exe
  C:\Windows\System32\COPuWQD.exe
  2⤵
  PID:1108
- C:\Windows\System32\JhxnRPM.exe
  C:\Windows\System32\JhxnRPM.exe
  2⤵
  PID:4576
- C:\Windows\System32\GIBjdyS.exe
  C:\Windows\System32\GIBjdyS.exe
  2⤵
  PID:2492
- C:\Windows\System32\vkJGNri.exe
  C:\Windows\System32\vkJGNri.exe
  2⤵
  PID:3888
- C:\Windows\System32\XhByHNJ.exe
  C:\Windows\System32\XhByHNJ.exe
  2⤵
  PID:4956
- C:\Windows\System32\JYDAgYY.exe
  C:\Windows\System32\JYDAgYY.exe
  2⤵
  PID:1584
- C:\Windows\System32\EhvwxIP.exe
  C:\Windows\System32\EhvwxIP.exe
  2⤵
  PID:228
- C:\Windows\System32\dvYhbUr.exe
  C:\Windows\System32\dvYhbUr.exe
  2⤵
  PID:872
- C:\Windows\System32\CMAAbrl.exe
  C:\Windows\System32\CMAAbrl.exe
  2⤵
  PID:4704
- C:\Windows\System32\cjQmzbs.exe
  C:\Windows\System32\cjQmzbs.exe
  2⤵
  PID:3972
- C:\Windows\System32\wfWgUaL.exe
  C:\Windows\System32\wfWgUaL.exe
  2⤵
  PID:4248
- C:\Windows\System32\NXNjwjP.exe
  C:\Windows\System32\NXNjwjP.exe
  2⤵
  PID:2872
- C:\Windows\System32\hLNgsvH.exe
  C:\Windows\System32\hLNgsvH.exe
  2⤵
  PID:2708
- C:\Windows\System32\MAUWfno.exe
  C:\Windows\System32\MAUWfno.exe
  2⤵
  PID:656
- C:\Windows\System32\CjwIhKP.exe
  C:\Windows\System32\CjwIhKP.exe
  2⤵
  PID:3744
- C:\Windows\System32\XHKZDtz.exe
  C:\Windows\System32\XHKZDtz.exe
  2⤵
  PID:940
- C:\Windows\System32\yBZqnxd.exe
  C:\Windows\System32\yBZqnxd.exe
  2⤵
  PID:2196
- C:\Windows\System32\BOXbTyz.exe
  C:\Windows\System32\BOXbTyz.exe
  2⤵
  PID:892
- C:\Windows\System32\hKvLBVE.exe
  C:\Windows\System32\hKvLBVE.exe
  2⤵
  PID:3756
- C:\Windows\System32\DMlqnhg.exe
  C:\Windows\System32\DMlqnhg.exe
  2⤵
  PID:2544
- C:\Windows\System32\HNvKntR.exe
  C:\Windows\System32\HNvKntR.exe
  2⤵
  PID:2200
- C:\Windows\System32\VxnWYjh.exe
  C:\Windows\System32\VxnWYjh.exe
  2⤵
  PID:3912
- C:\Windows\System32\reEEckY.exe
  C:\Windows\System32\reEEckY.exe
  2⤵
  PID:4692
- C:\Windows\System32\AQdMXUO.exe
  C:\Windows\System32\AQdMXUO.exe
  2⤵
  PID:3904
- C:\Windows\System32\IdinKeF.exe
  C:\Windows\System32\IdinKeF.exe
  2⤵
  PID:4524
- C:\Windows\System32\GFowWEP.exe
  C:\Windows\System32\GFowWEP.exe
  2⤵
  PID:1604
- C:\Windows\System32\cKLejMc.exe
  C:\Windows\System32\cKLejMc.exe
  2⤵
  PID:3824
- C:\Windows\System32\SetgYiv.exe
  C:\Windows\System32\SetgYiv.exe
  2⤵
  PID:1896
- C:\Windows\System32\BEKDqfO.exe
  C:\Windows\System32\BEKDqfO.exe
  2⤵
  PID:4140
- C:\Windows\System32\DbkWWcQ.exe
  C:\Windows\System32\DbkWWcQ.exe
  2⤵
  PID:800
- C:\Windows\System32\zIQmVRQ.exe
  C:\Windows\System32\zIQmVRQ.exe
  2⤵
  PID:2648
- C:\Windows\System32\cCroHJO.exe
  C:\Windows\System32\cCroHJO.exe
  2⤵
  PID:5136
- C:\Windows\System32\IIpxCTH.exe
  C:\Windows\System32\IIpxCTH.exe
  2⤵
  PID:5152
- C:\Windows\System32\IbuLwgt.exe
  C:\Windows\System32\IbuLwgt.exe
  2⤵
  PID:5192
- C:\Windows\System32\QPvVZGG.exe
  C:\Windows\System32\QPvVZGG.exe
  2⤵
  PID:5208
- C:\Windows\System32\rIqeBer.exe
  C:\Windows\System32\rIqeBer.exe
  2⤵
  PID:5268
- C:\Windows\System32\GVyUgxr.exe
  C:\Windows\System32\GVyUgxr.exe
  2⤵
  PID:5364
- C:\Windows\System32\aFeXmfr.exe
  C:\Windows\System32\aFeXmfr.exe
  2⤵
  PID:5400
- C:\Windows\System32\RrQZZOt.exe
  C:\Windows\System32\RrQZZOt.exe
  2⤵
  PID:5436
- C:\Windows\System32\HKwjlgm.exe
  C:\Windows\System32\HKwjlgm.exe
  2⤵
  PID:5452
- C:\Windows\System32\gPVgVWH.exe
  C:\Windows\System32\gPVgVWH.exe
  2⤵
  PID:5496
- C:\Windows\System32\gxBOcRq.exe
  C:\Windows\System32\gxBOcRq.exe
  2⤵
  PID:5516
- C:\Windows\System32\TrfJxzH.exe
  C:\Windows\System32\TrfJxzH.exe
  2⤵
  PID:5540
- C:\Windows\System32\FJKWOeb.exe
  C:\Windows\System32\FJKWOeb.exe
  2⤵
  PID:5568
- C:\Windows\System32\igKevMO.exe
  C:\Windows\System32\igKevMO.exe
  2⤵
  PID:5592
- C:\Windows\System32\iMGWYOe.exe
  C:\Windows\System32\iMGWYOe.exe
  2⤵
  PID:5608
- C:\Windows\System32\qprxamt.exe
  C:\Windows\System32\qprxamt.exe
  2⤵
  PID:5636
- C:\Windows\System32\dWwqUus.exe
  C:\Windows\System32\dWwqUus.exe
  2⤵
  PID:5652
- C:\Windows\System32\btqEGTa.exe
  C:\Windows\System32\btqEGTa.exe
  2⤵
  PID:5676
- C:\Windows\System32\rHwmNQK.exe
  C:\Windows\System32\rHwmNQK.exe
  2⤵
  PID:5728
- C:\Windows\System32\JnYjaNh.exe
  C:\Windows\System32\JnYjaNh.exe
  2⤵
  PID:5788
- C:\Windows\System32\qLEUOGE.exe
  C:\Windows\System32\qLEUOGE.exe
  2⤵
  PID:5824
- C:\Windows\System32\bVsROog.exe
  C:\Windows\System32\bVsROog.exe
  2⤵
  PID:5860
- C:\Windows\System32\xNhVOtR.exe
  C:\Windows\System32\xNhVOtR.exe
  2⤵
  PID:5884
- C:\Windows\System32\idfMJBu.exe
  C:\Windows\System32\idfMJBu.exe
  2⤵
  PID:5908
- C:\Windows\System32\HIXzpTg.exe
  C:\Windows\System32\HIXzpTg.exe
  2⤵
  PID:5940
- C:\Windows\System32\UZcONnG.exe
  C:\Windows\System32\UZcONnG.exe
  2⤵
  PID:5988
- C:\Windows\System32\ACgEoDm.exe
  C:\Windows\System32\ACgEoDm.exe
  2⤵
  PID:6008
- C:\Windows\System32\vrRWHFK.exe
  C:\Windows\System32\vrRWHFK.exe
  2⤵
  PID:6036
- C:\Windows\System32\eaNshOM.exe
  C:\Windows\System32\eaNshOM.exe
  2⤵
  PID:6056
- C:\Windows\System32\unHYERa.exe
  C:\Windows\System32\unHYERa.exe
  2⤵
  PID:6072
- C:\Windows\System32\SqaHoIu.exe
  C:\Windows\System32\SqaHoIu.exe
  2⤵
  PID:6096
- C:\Windows\System32\hcPwquE.exe
  C:\Windows\System32\hcPwquE.exe
  2⤵
  PID:364
- C:\Windows\System32\zHbzkiO.exe
  C:\Windows\System32\zHbzkiO.exe
  2⤵
  PID:5124
- C:\Windows\System32\utGjFAW.exe
  C:\Windows\System32\utGjFAW.exe
  2⤵
  PID:5164
- C:\Windows\System32\ioDaZkO.exe
  C:\Windows\System32\ioDaZkO.exe
  2⤵
  PID:5220
- C:\Windows\System32\RlGqrwX.exe
  C:\Windows\System32\RlGqrwX.exe
  2⤵
  PID:5264
- C:\Windows\System32\weysxLy.exe
  C:\Windows\System32\weysxLy.exe
  2⤵
  PID:5388
- C:\Windows\System32\KfXpKSd.exe
  C:\Windows\System32\KfXpKSd.exe
  2⤵
  PID:5468
- C:\Windows\System32\IXcCIUs.exe
  C:\Windows\System32\IXcCIUs.exe
  2⤵
  PID:5508
- C:\Windows\System32\FWGoTRo.exe
  C:\Windows\System32\FWGoTRo.exe
  2⤵
  PID:5580
- C:\Windows\System32\ulkXuhO.exe
  C:\Windows\System32\ulkXuhO.exe
  2⤵
  PID:5660
- C:\Windows\System32\rtlAbIP.exe
  C:\Windows\System32\rtlAbIP.exe
  2⤵
  PID:5716
- C:\Windows\System32\xKJnHXC.exe
  C:\Windows\System32\xKJnHXC.exe
  2⤵
  PID:5736
- C:\Windows\System32\wskRImC.exe
  C:\Windows\System32\wskRImC.exe
  2⤵
  PID:5812
- C:\Windows\System32\wfVsKPc.exe
  C:\Windows\System32\wfVsKPc.exe
  2⤵
  PID:5868
- C:\Windows\System32\mSFbYkd.exe
  C:\Windows\System32\mSFbYkd.exe
  2⤵
  PID:5880
- C:\Windows\System32\SHBKmPe.exe
  C:\Windows\System32\SHBKmPe.exe
  2⤵
  PID:5924
- C:\Windows\System32\cvePHTv.exe
  C:\Windows\System32\cvePHTv.exe
  2⤵
  PID:6000
- C:\Windows\System32\EYhzYmy.exe
  C:\Windows\System32\EYhzYmy.exe
  2⤵
  PID:6048
- C:\Windows\System32\gDEPLVb.exe
  C:\Windows\System32\gDEPLVb.exe
  2⤵
  PID:6112
- C:\Windows\System32\TkQmWyW.exe
  C:\Windows\System32\TkQmWyW.exe
  2⤵
  PID:6128
- C:\Windows\System32\flJVYhk.exe
  C:\Windows\System32\flJVYhk.exe
  2⤵
  PID:5144
- C:\Windows\System32\AqUWCmp.exe
  C:\Windows\System32\AqUWCmp.exe
  2⤵
  PID:5428
- C:\Windows\System32\VFjoPSo.exe
  C:\Windows\System32\VFjoPSo.exe
  2⤵
  PID:5708
- C:\Windows\System32\BRwgRCP.exe
  C:\Windows\System32\BRwgRCP.exe
  2⤵
  PID:5836
- C:\Windows\System32\DHpUbxZ.exe
  C:\Windows\System32\DHpUbxZ.exe
  2⤵
  PID:5928
- C:\Windows\System32\NmYOdse.exe
  C:\Windows\System32\NmYOdse.exe
  2⤵
  PID:6016
- C:\Windows\System32\Qeobyzb.exe
  C:\Windows\System32\Qeobyzb.exe
  2⤵
  PID:1460
- C:\Windows\System32\sgJuiQP.exe
  C:\Windows\System32\sgJuiQP.exe
  2⤵
  PID:5148
- C:\Windows\System32\iHoxWJR.exe
  C:\Windows\System32\iHoxWJR.exe
  2⤵
  PID:5800
- C:\Windows\System32\gNqxLqM.exe
  C:\Windows\System32\gNqxLqM.exe
  2⤵
  PID:5832
- C:\Windows\System32\risqaTp.exe
  C:\Windows\System32\risqaTp.exe
  2⤵
  PID:6156
- C:\Windows\System32\QRbXrwp.exe
  C:\Windows\System32\QRbXrwp.exe
  2⤵
  PID:6172
- C:\Windows\System32\DeBJXtv.exe
  C:\Windows\System32\DeBJXtv.exe
  2⤵
  PID:6188
- C:\Windows\System32\wcPVWUB.exe
  C:\Windows\System32\wcPVWUB.exe
  2⤵
  PID:6204
- C:\Windows\System32\NHrbkAJ.exe
  C:\Windows\System32\NHrbkAJ.exe
  2⤵
  PID:6236
- C:\Windows\System32\nWHYIee.exe
  C:\Windows\System32\nWHYIee.exe
  2⤵
  PID:6260
- C:\Windows\System32\txTTcBE.exe
  C:\Windows\System32\txTTcBE.exe
  2⤵
  PID:6284
- C:\Windows\System32\tyRylOv.exe
  C:\Windows\System32\tyRylOv.exe
  2⤵
  PID:6300
- C:\Windows\System32\tNRAwGJ.exe
  C:\Windows\System32\tNRAwGJ.exe
  2⤵
  PID:6324
- C:\Windows\System32\miFPpLy.exe
  C:\Windows\System32\miFPpLy.exe
  2⤵
  PID:6340
- C:\Windows\System32\CaTEHhb.exe
  C:\Windows\System32\CaTEHhb.exe
  2⤵
  PID:6356
- C:\Windows\System32\WdLkAGF.exe
  C:\Windows\System32\WdLkAGF.exe
  2⤵
  PID:6376
- C:\Windows\System32\YlSbVtO.exe
  C:\Windows\System32\YlSbVtO.exe
  2⤵
  PID:6392
- C:\Windows\System32\uXEgZoG.exe
  C:\Windows\System32\uXEgZoG.exe
  2⤵
  PID:6432
- C:\Windows\System32\YCuwGrg.exe
  C:\Windows\System32\YCuwGrg.exe
  2⤵
  PID:6500
- C:\Windows\System32\kGvbAst.exe
  C:\Windows\System32\kGvbAst.exe
  2⤵
  PID:6516
- C:\Windows\System32\OzFzrig.exe
  C:\Windows\System32\OzFzrig.exe
  2⤵
  PID:6544
- C:\Windows\System32\vlAuMbN.exe
  C:\Windows\System32\vlAuMbN.exe
  2⤵
  PID:6560
- C:\Windows\System32\OcitesF.exe
  C:\Windows\System32\OcitesF.exe
  2⤵
  PID:6584
- C:\Windows\System32\OBIZrhR.exe
  C:\Windows\System32\OBIZrhR.exe
  2⤵
  PID:6612
- C:\Windows\System32\ruPaxLX.exe
  C:\Windows\System32\ruPaxLX.exe
  2⤵
  PID:6632
- C:\Windows\System32\PpUPXOA.exe
  C:\Windows\System32\PpUPXOA.exe
  2⤵
  PID:6680
- C:\Windows\System32\FCJsVyp.exe
  C:\Windows\System32\FCJsVyp.exe
  2⤵
  PID:6700
- C:\Windows\System32\YtlmETt.exe
  C:\Windows\System32\YtlmETt.exe
  2⤵
  PID:6780
- C:\Windows\System32\ekRkArC.exe
  C:\Windows\System32\ekRkArC.exe
  2⤵
  PID:6820
- C:\Windows\System32\bNIJpYm.exe
  C:\Windows\System32\bNIJpYm.exe
  2⤵
  PID:6844
- C:\Windows\System32\qHjktkM.exe
  C:\Windows\System32\qHjktkM.exe
  2⤵
  PID:6860
- C:\Windows\System32\DydkLgY.exe
  C:\Windows\System32\DydkLgY.exe
  2⤵
  PID:6884
- C:\Windows\System32\LLGCKHM.exe
  C:\Windows\System32\LLGCKHM.exe
  2⤵
  PID:6956
- C:\Windows\System32\OMqXwOn.exe
  C:\Windows\System32\OMqXwOn.exe
  2⤵
  PID:6980
- C:\Windows\System32\RnTioRd.exe
  C:\Windows\System32\RnTioRd.exe
  2⤵
  PID:7024
- C:\Windows\System32\PHXWREi.exe
  C:\Windows\System32\PHXWREi.exe
  2⤵
  PID:7044
- C:\Windows\System32\GZRmLiO.exe
  C:\Windows\System32\GZRmLiO.exe
  2⤵
  PID:7060
- C:\Windows\System32\WutoZZw.exe
  C:\Windows\System32\WutoZZw.exe
  2⤵
  PID:7088
- C:\Windows\System32\SCysfnC.exe
  C:\Windows\System32\SCysfnC.exe
  2⤵
  PID:7112
- C:\Windows\System32\vzAptsz.exe
  C:\Windows\System32\vzAptsz.exe
  2⤵
  PID:7128
- C:\Windows\System32\hemvKST.exe
  C:\Windows\System32\hemvKST.exe
  2⤵
  PID:6068
- C:\Windows\System32\MzUKJPz.exe
  C:\Windows\System32\MzUKJPz.exe
  2⤵
  PID:6164
- C:\Windows\System32\pHCHJtQ.exe
  C:\Windows\System32\pHCHJtQ.exe
  2⤵
  PID:6224
- C:\Windows\System32\UvLmzXJ.exe
  C:\Windows\System32\UvLmzXJ.exe
  2⤵
  PID:6200
- C:\Windows\System32\eJUZcPx.exe
  C:\Windows\System32\eJUZcPx.exe
  2⤵
  PID:6256
- C:\Windows\System32\OnKgipe.exe
  C:\Windows\System32\OnKgipe.exe
  2⤵
  PID:6384
- C:\Windows\System32\ebKbGjf.exe
  C:\Windows\System32\ebKbGjf.exe
  2⤵
  PID:6452
- C:\Windows\System32\UAqGVfC.exe
  C:\Windows\System32\UAqGVfC.exe
  2⤵
  PID:6424
- C:\Windows\System32\qNribaX.exe
  C:\Windows\System32\qNribaX.exe
  2⤵
  PID:6768
- C:\Windows\System32\fmVqZRT.exe
  C:\Windows\System32\fmVqZRT.exe
  2⤵
  PID:6508
- C:\Windows\System32\WOopWlt.exe
  C:\Windows\System32\WOopWlt.exe
  2⤵
  PID:6672
- C:\Windows\System32\HZSoZPb.exe
  C:\Windows\System32\HZSoZPb.exe
  2⤵
  PID:6880
- C:\Windows\System32\xiDrgTs.exe
  C:\Windows\System32\xiDrgTs.exe
  2⤵
  PID:6828
- C:\Windows\System32\HpfKzrq.exe
  C:\Windows\System32\HpfKzrq.exe
  2⤵
  PID:6904
- C:\Windows\System32\GhrFCBa.exe
  C:\Windows\System32\GhrFCBa.exe
  2⤵
  PID:6976
- C:\Windows\System32\RxZHhEh.exe
  C:\Windows\System32\RxZHhEh.exe
  2⤵
  PID:6184
- C:\Windows\System32\gMMXoBi.exe
  C:\Windows\System32\gMMXoBi.exe
  2⤵
  PID:6536
- C:\Windows\System32\FbHWUlo.exe
  C:\Windows\System32\FbHWUlo.exe
  2⤵
  PID:6556
- C:\Windows\System32\RENgDog.exe
  C:\Windows\System32\RENgDog.exe
  2⤵
  PID:6852
- C:\Windows\System32\AkrCKYE.exe
  C:\Windows\System32\AkrCKYE.exe
  2⤵
  PID:7056
- C:\Windows\System32\QGJcXFg.exe
  C:\Windows\System32\QGJcXFg.exe
  2⤵
  PID:6572
- C:\Windows\System32\QNBWPOc.exe
  C:\Windows\System32\QNBWPOc.exe
  2⤵
  PID:6856
- C:\Windows\System32\DDKEPDs.exe
  C:\Windows\System32\DDKEPDs.exe
  2⤵
  PID:7068
- C:\Windows\System32\fochCTO.exe
  C:\Windows\System32\fochCTO.exe
  2⤵
  PID:7156
- C:\Windows\System32\udrvooj.exe
  C:\Windows\System32\udrvooj.exe
  2⤵
  PID:6512
- C:\Windows\System32\HFknMCr.exe
  C:\Windows\System32\HFknMCr.exe
  2⤵
  PID:7176
- C:\Windows\System32\VdsKUNO.exe
  C:\Windows\System32\VdsKUNO.exe
  2⤵
  PID:7192
- C:\Windows\System32\tfDyUyf.exe
  C:\Windows\System32\tfDyUyf.exe
  2⤵
  PID:7220
- C:\Windows\System32\axpXUSF.exe
  C:\Windows\System32\axpXUSF.exe
  2⤵
  PID:7248
- C:\Windows\System32\ETeHRwU.exe
  C:\Windows\System32\ETeHRwU.exe
  2⤵
  PID:7272
- C:\Windows\System32\SbzGWvQ.exe
  C:\Windows\System32\SbzGWvQ.exe
  2⤵
  PID:7292
- C:\Windows\System32\NUtwlmU.exe
  C:\Windows\System32\NUtwlmU.exe
  2⤵
  PID:7312
- C:\Windows\System32\JMUpHtu.exe
  C:\Windows\System32\JMUpHtu.exe
  2⤵
  PID:7340
- C:\Windows\System32\zWazbnc.exe
  C:\Windows\System32\zWazbnc.exe
  2⤵
  PID:7356
- C:\Windows\System32\QDlTdgB.exe
  C:\Windows\System32\QDlTdgB.exe
  2⤵
  PID:7376
- C:\Windows\System32\HyouNSN.exe
  C:\Windows\System32\HyouNSN.exe
  2⤵
  PID:7416
- C:\Windows\System32\CSnmMxv.exe
  C:\Windows\System32\CSnmMxv.exe
  2⤵
  PID:7488
- C:\Windows\System32\NCRXWcb.exe
  C:\Windows\System32\NCRXWcb.exe
  2⤵
  PID:7524
- C:\Windows\System32\SUDHrhk.exe
  C:\Windows\System32\SUDHrhk.exe
  2⤵
  PID:7544
- C:\Windows\System32\rUhVlmg.exe
  C:\Windows\System32\rUhVlmg.exe
  2⤵
  PID:7564
- C:\Windows\System32\fGDBWxv.exe
  C:\Windows\System32\fGDBWxv.exe
  2⤵
  PID:7584
- C:\Windows\System32\URoIxJO.exe
  C:\Windows\System32\URoIxJO.exe
  2⤵
  PID:7604
- C:\Windows\System32\OaqMSlJ.exe
  C:\Windows\System32\OaqMSlJ.exe
  2⤵
  PID:7628
- C:\Windows\System32\SqXTUnJ.exe
  C:\Windows\System32\SqXTUnJ.exe
  2⤵
  PID:7660
- C:\Windows\System32\fHSuCrj.exe
  C:\Windows\System32\fHSuCrj.exe
  2⤵
  PID:7704
- C:\Windows\System32\wcyZdpJ.exe
  C:\Windows\System32\wcyZdpJ.exe
  2⤵
  PID:7740
- C:\Windows\System32\lWaNPqW.exe
  C:\Windows\System32\lWaNPqW.exe
  2⤵
  PID:7772
- C:\Windows\System32\sAthKrO.exe
  C:\Windows\System32\sAthKrO.exe
  2⤵
  PID:7788
- C:\Windows\System32\RNlEEgJ.exe
  C:\Windows\System32\RNlEEgJ.exe
  2⤵
  PID:7804
- C:\Windows\System32\oEuXpqG.exe
  C:\Windows\System32\oEuXpqG.exe
  2⤵
  PID:7828
- C:\Windows\System32\mdgasqC.exe
  C:\Windows\System32\mdgasqC.exe
  2⤵
  PID:7876
- C:\Windows\System32\SOGPydP.exe
  C:\Windows\System32\SOGPydP.exe
  2⤵
  PID:7896
- C:\Windows\System32\abAhxpc.exe
  C:\Windows\System32\abAhxpc.exe
  2⤵
  PID:7916
- C:\Windows\System32\kkvkJcl.exe
  C:\Windows\System32\kkvkJcl.exe
  2⤵
  PID:7960
- C:\Windows\System32\xNYAStA.exe
  C:\Windows\System32\xNYAStA.exe
  2⤵
  PID:8000
- C:\Windows\System32\sEliTAN.exe
  C:\Windows\System32\sEliTAN.exe
  2⤵
  PID:8028
- C:\Windows\System32\VodtozZ.exe
  C:\Windows\System32\VodtozZ.exe
  2⤵
  PID:8048
- C:\Windows\System32\GOqNgkV.exe
  C:\Windows\System32\GOqNgkV.exe
  2⤵
  PID:8068
- C:\Windows\System32\dbDDEcY.exe
  C:\Windows\System32\dbDDEcY.exe
  2⤵
  PID:8084
- C:\Windows\System32\YOIXOzG.exe
  C:\Windows\System32\YOIXOzG.exe
  2⤵
  PID:8100
- C:\Windows\System32\DsBWhTV.exe
  C:\Windows\System32\DsBWhTV.exe
  2⤵
  PID:8120
- C:\Windows\System32\qRgczkg.exe
  C:\Windows\System32\qRgczkg.exe
  2⤵
  PID:8144
- C:\Windows\System32\fmWMogz.exe
  C:\Windows\System32\fmWMogz.exe
  2⤵
  PID:8172
- C:\Windows\System32\xdPVSZs.exe
  C:\Windows\System32\xdPVSZs.exe
  2⤵
  PID:6744
- C:\Windows\System32\bHeKLnS.exe
  C:\Windows\System32\bHeKLnS.exe
  2⤵
  PID:7204
- C:\Windows\System32\XMrwPVE.exe
  C:\Windows\System32\XMrwPVE.exe
  2⤵
  PID:7324
- C:\Windows\System32\TlrOepS.exe
  C:\Windows\System32\TlrOepS.exe
  2⤵
  PID:7444
- C:\Windows\System32\vuVsuca.exe
  C:\Windows\System32\vuVsuca.exe
  2⤵
  PID:7580
- C:\Windows\System32\PsXUNKo.exe
  C:\Windows\System32\PsXUNKo.exe
  2⤵
  PID:7616
- C:\Windows\System32\KfvJFKx.exe
  C:\Windows\System32\KfvJFKx.exe
  2⤵
  PID:7668
- C:\Windows\System32\uJyuCNZ.exe
  C:\Windows\System32\uJyuCNZ.exe
  2⤵
  PID:7724
- C:\Windows\System32\bgWPyhN.exe
  C:\Windows\System32\bgWPyhN.exe
  2⤵
  PID:7812
- C:\Windows\System32\VnIlIsZ.exe
  C:\Windows\System32\VnIlIsZ.exe
  2⤵
  PID:7780
- C:\Windows\System32\GnOfXpR.exe
  C:\Windows\System32\GnOfXpR.exe
  2⤵
  PID:7848
- C:\Windows\System32\lQyqkTA.exe
  C:\Windows\System32\lQyqkTA.exe
  2⤵
  PID:7892
- C:\Windows\System32\UGCbdkg.exe
  C:\Windows\System32\UGCbdkg.exe
  2⤵
  PID:8012
- C:\Windows\System32\Qezlbpm.exe
  C:\Windows\System32\Qezlbpm.exe
  2⤵
  PID:8076
- C:\Windows\System32\fCJhEXP.exe
  C:\Windows\System32\fCJhEXP.exe
  2⤵
  PID:8040
- C:\Windows\System32\COlyygO.exe
  C:\Windows\System32\COlyygO.exe
  2⤵
  PID:8128
- C:\Windows\System32\waIkZic.exe
  C:\Windows\System32\waIkZic.exe
  2⤵
  PID:7372
- C:\Windows\System32\IeHetuw.exe
  C:\Windows\System32\IeHetuw.exe
  2⤵
  PID:7556
- C:\Windows\System32\sCMoSPb.exe
  C:\Windows\System32\sCMoSPb.exe
  2⤵
  PID:7640
- C:\Windows\System32\VLGhQxN.exe
  C:\Windows\System32\VLGhQxN.exe
  2⤵
  PID:7868
- C:\Windows\System32\HcDRHmN.exe
  C:\Windows\System32\HcDRHmN.exe
  2⤵
  PID:8024
- C:\Windows\System32\UbNaaCc.exe
  C:\Windows\System32\UbNaaCc.exe
  2⤵
  PID:8184
- C:\Windows\System32\PbmruGG.exe
  C:\Windows\System32\PbmruGG.exe
  2⤵
  PID:7200
- C:\Windows\System32\xZbQdhC.exe
  C:\Windows\System32\xZbQdhC.exe
  2⤵
  PID:7500
- C:\Windows\System32\fnDCecb.exe
  C:\Windows\System32\fnDCecb.exe
  2⤵
  PID:7800
- C:\Windows\System32\EjhOTic.exe
  C:\Windows\System32\EjhOTic.exe
  2⤵
  PID:8060
- C:\Windows\System32\jpRlBIu.exe
  C:\Windows\System32\jpRlBIu.exe
  2⤵
  PID:8204
- C:\Windows\System32\RENJqDL.exe
  C:\Windows\System32\RENJqDL.exe
  2⤵
  PID:8220
- C:\Windows\System32\FcJXVXX.exe
  C:\Windows\System32\FcJXVXX.exe
  2⤵
  PID:8244
- C:\Windows\System32\ZwwRawc.exe
  C:\Windows\System32\ZwwRawc.exe
  2⤵
  PID:8276
- C:\Windows\System32\HrRwEJl.exe
  C:\Windows\System32\HrRwEJl.exe
  2⤵
  PID:8300
- C:\Windows\System32\QucMKUL.exe
  C:\Windows\System32\QucMKUL.exe
  2⤵
  PID:8368
- C:\Windows\System32\XTZRPCr.exe
  C:\Windows\System32\XTZRPCr.exe
  2⤵
  PID:8404
- C:\Windows\System32\FbyqDfw.exe
  C:\Windows\System32\FbyqDfw.exe
  2⤵
  PID:8424
- C:\Windows\System32\RPETBCZ.exe
  C:\Windows\System32\RPETBCZ.exe
  2⤵
  PID:8452
- C:\Windows\System32\UpKsNNv.exe
  C:\Windows\System32\UpKsNNv.exe
  2⤵
  PID:8472
- C:\Windows\System32\IgEtmcY.exe
  C:\Windows\System32\IgEtmcY.exe
  2⤵
  PID:8496
- C:\Windows\System32\vwblPPl.exe
  C:\Windows\System32\vwblPPl.exe
  2⤵
  PID:8528
- C:\Windows\System32\ItgTnii.exe
  C:\Windows\System32\ItgTnii.exe
  2⤵
  PID:8564
- C:\Windows\System32\hkTmPaj.exe
  C:\Windows\System32\hkTmPaj.exe
  2⤵
  PID:8592
- C:\Windows\System32\ZcUJOAg.exe
  C:\Windows\System32\ZcUJOAg.exe
  2⤵
  PID:8628
- C:\Windows\System32\lCZkIty.exe
  C:\Windows\System32\lCZkIty.exe
  2⤵
  PID:8656
- C:\Windows\System32\IIbCEdJ.exe
  C:\Windows\System32\IIbCEdJ.exe
  2⤵
  PID:8672
- C:\Windows\System32\xnheeTO.exe
  C:\Windows\System32\xnheeTO.exe
  2⤵
  PID:8688
- C:\Windows\System32\nUECpak.exe
  C:\Windows\System32\nUECpak.exe
  2⤵
  PID:8720
- C:\Windows\System32\VDdztuK.exe
  C:\Windows\System32\VDdztuK.exe
  2⤵
  PID:8764
- C:\Windows\System32\AuYNQQk.exe
  C:\Windows\System32\AuYNQQk.exe
  2⤵
  PID:8792
- C:\Windows\System32\bGNAOpO.exe
  C:\Windows\System32\bGNAOpO.exe
  2⤵
  PID:8816
- C:\Windows\System32\QERnnUz.exe
  C:\Windows\System32\QERnnUz.exe
  2⤵
  PID:8844
- C:\Windows\System32\GPnBAxK.exe
  C:\Windows\System32\GPnBAxK.exe
  2⤵
  PID:8884
- C:\Windows\System32\aIKzmxl.exe
  C:\Windows\System32\aIKzmxl.exe
  2⤵
  PID:8924
- C:\Windows\System32\kFhFdBO.exe
  C:\Windows\System32\kFhFdBO.exe
  2⤵
  PID:8940
- C:\Windows\System32\fJgUKDL.exe
  C:\Windows\System32\fJgUKDL.exe
  2⤵
  PID:8960
- C:\Windows\System32\HvlYGyW.exe
  C:\Windows\System32\HvlYGyW.exe
  2⤵
  PID:9000
- C:\Windows\System32\cBbsXpW.exe
  C:\Windows\System32\cBbsXpW.exe
  2⤵
  PID:9016
- C:\Windows\System32\DdRwkVO.exe
  C:\Windows\System32\DdRwkVO.exe
  2⤵
  PID:9044
- C:\Windows\System32\CcLWXmV.exe
  C:\Windows\System32\CcLWXmV.exe
  2⤵
  PID:9068
- C:\Windows\System32\GnvMjTY.exe
  C:\Windows\System32\GnvMjTY.exe
  2⤵
  PID:9084
- C:\Windows\System32\DmAQnhz.exe
  C:\Windows\System32\DmAQnhz.exe
  2⤵
  PID:9100
- C:\Windows\System32\NHiqvao.exe
  C:\Windows\System32\NHiqvao.exe
  2⤵
  PID:9120
- C:\Windows\System32\wAGnIKI.exe
  C:\Windows\System32\wAGnIKI.exe
  2⤵
  PID:9144
- C:\Windows\System32\lICriWB.exe
  C:\Windows\System32\lICriWB.exe
  2⤵
  PID:9184
- C:\Windows\System32\kCDozbT.exe
  C:\Windows\System32\kCDozbT.exe
  2⤵
  PID:9204
- C:\Windows\System32\LRSTjKN.exe
  C:\Windows\System32\LRSTjKN.exe
  2⤵
  PID:7672
- C:\Windows\System32\THkyZMN.exe
  C:\Windows\System32\THkyZMN.exe
  2⤵
  PID:8228
- C:\Windows\System32\oqteCuL.exe
  C:\Windows\System32\oqteCuL.exe
  2⤵
  PID:8292
- C:\Windows\System32\bNnrdue.exe
  C:\Windows\System32\bNnrdue.exe
  2⤵
  PID:8364
- C:\Windows\System32\NgCuOzT.exe
  C:\Windows\System32\NgCuOzT.exe
  2⤵
  PID:8416
- C:\Windows\System32\mMeRuKF.exe
  C:\Windows\System32\mMeRuKF.exe
  2⤵
  PID:8440
- C:\Windows\System32\WYLEZDk.exe
  C:\Windows\System32\WYLEZDk.exe
  2⤵
  PID:8536
- C:\Windows\System32\WJQLVYT.exe
  C:\Windows\System32\WJQLVYT.exe
  2⤵
  PID:8620
- C:\Windows\System32\VLiIHoJ.exe
  C:\Windows\System32\VLiIHoJ.exe
  2⤵
  PID:8652
- C:\Windows\System32\zFtZeJg.exe
  C:\Windows\System32\zFtZeJg.exe
  2⤵
  PID:8752
- C:\Windows\System32\zUdLLaq.exe
  C:\Windows\System32\zUdLLaq.exe
  2⤵
  PID:8892
- C:\Windows\System32\SkGVQJz.exe
  C:\Windows\System32\SkGVQJz.exe
  2⤵
  PID:8980
- C:\Windows\System32\wveQQMv.exe
  C:\Windows\System32\wveQQMv.exe
  2⤵
  PID:8988
- C:\Windows\System32\pGzvnFb.exe
  C:\Windows\System32\pGzvnFb.exe
  2⤵
  PID:9064
- C:\Windows\System32\JDlhZut.exe
  C:\Windows\System32\JDlhZut.exe
  2⤵
  PID:9096
- C:\Windows\System32\rdEYjUz.exe
  C:\Windows\System32\rdEYjUz.exe
  2⤵
  PID:9164
- C:\Windows\System32\yyDjbzh.exe
  C:\Windows\System32\yyDjbzh.exe
  2⤵
  PID:9212
- C:\Windows\System32\YgVHkuT.exe
  C:\Windows\System32\YgVHkuT.exe
  2⤵
  PID:8260
- C:\Windows\System32\TcjlkUI.exe
  C:\Windows\System32\TcjlkUI.exe
  2⤵
  PID:8492
- C:\Windows\System32\ZmkAefB.exe
  C:\Windows\System32\ZmkAefB.exe
  2⤵
  PID:8432
- C:\Windows\System32\tfqPdJe.exe
  C:\Windows\System32\tfqPdJe.exe
  2⤵
  PID:8684
- C:\Windows\System32\BuyUaNV.exe
  C:\Windows\System32\BuyUaNV.exe
  2⤵
  PID:8772
- C:\Windows\System32\GFEysCw.exe
  C:\Windows\System32\GFEysCw.exe
  2⤵
  PID:8872
- C:\Windows\System32\cMoBWze.exe
  C:\Windows\System32\cMoBWze.exe
  2⤵
  PID:9008
- C:\Windows\System32\Dicvfwt.exe
  C:\Windows\System32\Dicvfwt.exe
  2⤵
  PID:9136
- C:\Windows\System32\ILMxGLv.exe
  C:\Windows\System32\ILMxGLv.exe
  2⤵
  PID:8252
- C:\Windows\System32\cUcFLFE.exe
  C:\Windows\System32\cUcFLFE.exe
  2⤵
  PID:8640
- C:\Windows\System32\tbkFmXO.exe
  C:\Windows\System32\tbkFmXO.exe
  2⤵
  PID:8932
- C:\Windows\System32\qPpJyMJ.exe
  C:\Windows\System32\qPpJyMJ.exe
  2⤵
  PID:9260
- C:\Windows\System32\tHDLoQq.exe
  C:\Windows\System32\tHDLoQq.exe
  2⤵
  PID:9400
- C:\Windows\System32\CQBJDIM.exe
  C:\Windows\System32\CQBJDIM.exe
  2⤵
  PID:9416
- C:\Windows\System32\BuQjICx.exe
  C:\Windows\System32\BuQjICx.exe
  2⤵
  PID:9432
- C:\Windows\System32\edCxTPQ.exe
  C:\Windows\System32\edCxTPQ.exe
  2⤵
  PID:9448
- C:\Windows\System32\OogDENq.exe
  C:\Windows\System32\OogDENq.exe
  2⤵
  PID:9464
- C:\Windows\System32\QdkkAOk.exe
  C:\Windows\System32\QdkkAOk.exe
  2⤵
  PID:9480
- C:\Windows\System32\YEUmiUr.exe
  C:\Windows\System32\YEUmiUr.exe
  2⤵
  PID:9496
- C:\Windows\System32\xZIXlkQ.exe
  C:\Windows\System32\xZIXlkQ.exe
  2⤵
  PID:9512
- C:\Windows\System32\wmvAVyq.exe
  C:\Windows\System32\wmvAVyq.exe
  2⤵
  PID:9528
- C:\Windows\System32\mGFCJkH.exe
  C:\Windows\System32\mGFCJkH.exe
  2⤵
  PID:9544
- C:\Windows\System32\pqUSBoX.exe
  C:\Windows\System32\pqUSBoX.exe
  2⤵
  PID:9560
- C:\Windows\System32\wDDoxTA.exe
  C:\Windows\System32\wDDoxTA.exe
  2⤵
  PID:9576
- C:\Windows\System32\QhdeWmn.exe
  C:\Windows\System32\QhdeWmn.exe
  2⤵
  PID:9592
- C:\Windows\System32\ugWFHDI.exe
  C:\Windows\System32\ugWFHDI.exe
  2⤵
  PID:9608
- C:\Windows\System32\sYABykp.exe
  C:\Windows\System32\sYABykp.exe
  2⤵
  PID:9624
- C:\Windows\System32\CQuBESM.exe
  C:\Windows\System32\CQuBESM.exe
  2⤵
  PID:9656
- C:\Windows\System32\jholvNI.exe
  C:\Windows\System32\jholvNI.exe
  2⤵
  PID:9680
- C:\Windows\System32\Usrxmsx.exe
  C:\Windows\System32\Usrxmsx.exe
  2⤵
  PID:9700
- C:\Windows\System32\LGrPPoh.exe
  C:\Windows\System32\LGrPPoh.exe
  2⤵
  PID:9724
- C:\Windows\System32\cNFTWtU.exe
  C:\Windows\System32\cNFTWtU.exe
  2⤵
  PID:9740
- C:\Windows\System32\sIXDYEw.exe
  C:\Windows\System32\sIXDYEw.exe
  2⤵
  PID:9764
- C:\Windows\System32\fQsyend.exe
  C:\Windows\System32\fQsyend.exe
  2⤵
  PID:9816
- C:\Windows\System32\FhVmWbo.exe
  C:\Windows\System32\FhVmWbo.exe
  2⤵
  PID:10000
- C:\Windows\System32\kGknJif.exe
  C:\Windows\System32\kGknJif.exe
  2⤵
  PID:10064
- C:\Windows\System32\eLllLmW.exe
  C:\Windows\System32\eLllLmW.exe
  2⤵
  PID:10096
- C:\Windows\System32\dThQNKQ.exe
  C:\Windows\System32\dThQNKQ.exe
  2⤵
  PID:10128
- C:\Windows\System32\nRqemOW.exe
  C:\Windows\System32\nRqemOW.exe
  2⤵
  PID:10148
- C:\Windows\System32\ZbObPLi.exe
  C:\Windows\System32\ZbObPLi.exe
  2⤵
  PID:10180
- C:\Windows\System32\pkDMaXO.exe
  C:\Windows\System32\pkDMaXO.exe
  2⤵
  PID:10204
- C:\Windows\System32\KpSfYtV.exe
  C:\Windows\System32\KpSfYtV.exe
  2⤵
  PID:10224
- C:\Windows\System32\txFERYN.exe
  C:\Windows\System32\txFERYN.exe
  2⤵
  PID:8700
- C:\Windows\System32\TtyzJaf.exe
  C:\Windows\System32\TtyzJaf.exe
  2⤵
  PID:9132
- C:\Windows\System32\LdAvMug.exe
  C:\Windows\System32\LdAvMug.exe
  2⤵
  PID:8420
- C:\Windows\System32\lYOtzjZ.exe
  C:\Windows\System32\lYOtzjZ.exe
  2⤵
  PID:9296
- C:\Windows\System32\aeHInGv.exe
  C:\Windows\System32\aeHInGv.exe
  2⤵
  PID:9332
- C:\Windows\System32\myGufhF.exe
  C:\Windows\System32\myGufhF.exe
  2⤵
  PID:9508
- C:\Windows\System32\besNvCm.exe
  C:\Windows\System32\besNvCm.exe
  2⤵
  PID:9604
- C:\Windows\System32\gLpcSFz.exe
  C:\Windows\System32\gLpcSFz.exe
  2⤵
  PID:9616
- C:\Windows\System32\oGmkZdw.exe
  C:\Windows\System32\oGmkZdw.exe
  2⤵
  PID:9536
- C:\Windows\System32\FkUQuQd.exe
  C:\Windows\System32\FkUQuQd.exe
  2⤵
  PID:9676
- C:\Windows\System32\HhweTsm.exe
  C:\Windows\System32\HhweTsm.exe
  2⤵
  PID:9716
- C:\Windows\System32\JNuiJzR.exe
  C:\Windows\System32\JNuiJzR.exe
  2⤵
  PID:9792
- C:\Windows\System32\dRWIaqv.exe
  C:\Windows\System32\dRWIaqv.exe
  2⤵
  PID:9844
- C:\Windows\System32\fPKuBbH.exe
  C:\Windows\System32\fPKuBbH.exe
  2⤵
  PID:9912
- C:\Windows\System32\VmpVSHA.exe
  C:\Windows\System32\VmpVSHA.exe
  2⤵
  PID:9824
- C:\Windows\System32\wYXwryU.exe
  C:\Windows\System32\wYXwryU.exe
  2⤵
  PID:10088
- C:\Windows\System32\TuspEel.exe
  C:\Windows\System32\TuspEel.exe
  2⤵
  PID:10116
- C:\Windows\System32\uKUAUDD.exe
  C:\Windows\System32\uKUAUDD.exe
  2⤵
  PID:10220
- C:\Windows\System32\VMMeRvZ.exe
  C:\Windows\System32\VMMeRvZ.exe
  2⤵
  PID:7984
- C:\Windows\System32\mQqqmNs.exe
  C:\Windows\System32\mQqqmNs.exe
  2⤵
  PID:4724
- C:\Windows\System32\dWyuzWp.exe
  C:\Windows\System32\dWyuzWp.exe
  2⤵
  PID:9460
- C:\Windows\System32\pgpYxfm.exe
  C:\Windows\System32\pgpYxfm.exe
  2⤵
  PID:9328
- C:\Windows\System32\IjYjnFS.exe
  C:\Windows\System32\IjYjnFS.exe
  2⤵
  PID:9472
- C:\Windows\System32\dovEVKq.exe
  C:\Windows\System32\dovEVKq.exe
  2⤵
  PID:9696
- C:\Windows\System32\SftVpmk.exe
  C:\Windows\System32\SftVpmk.exe
  2⤵
  PID:9776
- C:\Windows\System32\bkoUFgu.exe
  C:\Windows\System32\bkoUFgu.exe
  2⤵
  PID:9896
- C:\Windows\System32\XwejBsq.exe
  C:\Windows\System32\XwejBsq.exe
  2⤵
  PID:9980
- C:\Windows\System32\ksITZFQ.exe
  C:\Windows\System32\ksITZFQ.exe
  2⤵
  PID:3396
- C:\Windows\System32\tLlZjlh.exe
  C:\Windows\System32\tLlZjlh.exe
  2⤵
  PID:10236
- C:\Windows\System32\AONuvMe.exe
  C:\Windows\System32\AONuvMe.exe
  2⤵
  PID:9620
- C:\Windows\System32\xLHVIqg.exe
  C:\Windows\System32\xLHVIqg.exe
  2⤵
  PID:10252
- C:\Windows\System32\InCLotO.exe
  C:\Windows\System32\InCLotO.exe
  2⤵
  PID:10332
- C:\Windows\System32\Hduqqiu.exe
  C:\Windows\System32\Hduqqiu.exe
  2⤵
  PID:10352
- C:\Windows\System32\QaKumcW.exe
  C:\Windows\System32\QaKumcW.exe
  2⤵
  PID:10388
- C:\Windows\System32\jpFTgTz.exe
  C:\Windows\System32\jpFTgTz.exe
  2⤵
  PID:10404
- C:\Windows\System32\ogsHuTw.exe
  C:\Windows\System32\ogsHuTw.exe
  2⤵
  PID:10420
- C:\Windows\System32\HffbxkG.exe
  C:\Windows\System32\HffbxkG.exe
  2⤵
  PID:10444
- C:\Windows\System32\SGYmeOU.exe
  C:\Windows\System32\SGYmeOU.exe
  2⤵
  PID:10468
- C:\Windows\System32\atkngOq.exe
  C:\Windows\System32\atkngOq.exe
  2⤵
  PID:10504
- C:\Windows\System32\quuMjGn.exe
  C:\Windows\System32\quuMjGn.exe
  2⤵
  PID:10524
- C:\Windows\System32\YWWpSdN.exe
  C:\Windows\System32\YWWpSdN.exe
  2⤵
  PID:10556
- C:\Windows\System32\TpFQUDy.exe
  C:\Windows\System32\TpFQUDy.exe
  2⤵
  PID:10596
- C:\Windows\System32\ravHpUu.exe
  C:\Windows\System32\ravHpUu.exe
  2⤵
  PID:10628
- C:\Windows\System32\aNpwqwd.exe
  C:\Windows\System32\aNpwqwd.exe
  2⤵
  PID:10660
- C:\Windows\System32\uSLsBbq.exe
  C:\Windows\System32\uSLsBbq.exe
  2⤵
  PID:10684
- C:\Windows\System32\SUfCYRv.exe
  C:\Windows\System32\SUfCYRv.exe
  2⤵
  PID:10700
- C:\Windows\System32\QGNVWmf.exe
  C:\Windows\System32\QGNVWmf.exe
  2⤵
  PID:10740
- C:\Windows\System32\bZcnnYD.exe
  C:\Windows\System32\bZcnnYD.exe
  2⤵
  PID:10780
- C:\Windows\System32\OgDxMNp.exe
  C:\Windows\System32\OgDxMNp.exe
  2⤵
  PID:10796
- C:\Windows\System32\PeludFV.exe
  C:\Windows\System32\PeludFV.exe
  2⤵
  PID:10824
- C:\Windows\System32\KoBwqCr.exe
  C:\Windows\System32\KoBwqCr.exe
  2⤵
  PID:10860
- C:\Windows\System32\AqepLxE.exe
  C:\Windows\System32\AqepLxE.exe
  2⤵
  PID:10884
- C:\Windows\System32\hlNazUU.exe
  C:\Windows\System32\hlNazUU.exe
  2⤵
  PID:10904
- C:\Windows\System32\wDtyOJw.exe
  C:\Windows\System32\wDtyOJw.exe
  2⤵
  PID:10928
- C:\Windows\System32\JlPggmW.exe
  C:\Windows\System32\JlPggmW.exe
  2⤵
  PID:10944
- C:\Windows\System32\qUOvxtO.exe
  C:\Windows\System32\qUOvxtO.exe
  2⤵
  PID:10960
- C:\Windows\System32\daBKFTK.exe
  C:\Windows\System32\daBKFTK.exe
  2⤵
  PID:11036
- C:\Windows\System32\wLVmNaE.exe
  C:\Windows\System32\wLVmNaE.exe
  2⤵
  PID:11052
- C:\Windows\System32\JonahmO.exe
  C:\Windows\System32\JonahmO.exe
  2⤵
  PID:11080
- C:\Windows\System32\QcOOwsi.exe
  C:\Windows\System32\QcOOwsi.exe
  2⤵
  PID:11096
- C:\Windows\System32\CEaZOUo.exe
  C:\Windows\System32\CEaZOUo.exe
  2⤵
  PID:11116
- C:\Windows\System32\VsQVrBB.exe
  C:\Windows\System32\VsQVrBB.exe
  2⤵
  PID:11184
- C:\Windows\System32\JsVLkzy.exe
  C:\Windows\System32\JsVLkzy.exe
  2⤵
  PID:11204
- C:\Windows\System32\tyhRRWo.exe
  C:\Windows\System32\tyhRRWo.exe
  2⤵
  PID:11220
- C:\Windows\System32\sSTGvCP.exe
  C:\Windows\System32\sSTGvCP.exe
  2⤵
  PID:11240
- C:\Windows\System32\uvBGiRf.exe
  C:\Windows\System32\uvBGiRf.exe
  2⤵
  PID:11256
- C:\Windows\System32\dgKzkau.exe
  C:\Windows\System32\dgKzkau.exe
  2⤵
  PID:9364
- C:\Windows\System32\JtEqeDd.exe
  C:\Windows\System32\JtEqeDd.exe
  2⤵
  PID:10284
- C:\Windows\System32\LNujhrO.exe
  C:\Windows\System32\LNujhrO.exe
  2⤵
  PID:9584
- C:\Windows\System32\wmKMgAA.exe
  C:\Windows\System32\wmKMgAA.exe
  2⤵
  PID:2840
- C:\Windows\System32\ENCulvc.exe
  C:\Windows\System32\ENCulvc.exe
  2⤵
  PID:10428
- C:\Windows\System32\APVDbwI.exe
  C:\Windows\System32\APVDbwI.exe
  2⤵
  PID:10476
- C:\Windows\System32\DIDStHC.exe
  C:\Windows\System32\DIDStHC.exe
  2⤵
  PID:10516
- C:\Windows\System32\tEIDkgL.exe
  C:\Windows\System32\tEIDkgL.exe
  2⤵
  PID:10552
- C:\Windows\System32\okZyVON.exe
  C:\Windows\System32\okZyVON.exe
  2⤵
  PID:10624
- C:\Windows\System32\JinRzeh.exe
  C:\Windows\System32\JinRzeh.exe
  2⤵
  PID:10792
- C:\Windows\System32\jRQIoFK.exe
  C:\Windows\System32\jRQIoFK.exe
  2⤵
  PID:10832
- C:\Windows\System32\oCXwZLT.exe
  C:\Windows\System32\oCXwZLT.exe
  2⤵
  PID:10880
- C:\Windows\System32\AjkKhpE.exe
  C:\Windows\System32\AjkKhpE.exe
  2⤵
  PID:10876
- C:\Windows\System32\IWplYWJ.exe
  C:\Windows\System32\IWplYWJ.exe
  2⤵
  PID:10976
- C:\Windows\System32\xpkuHLT.exe
  C:\Windows\System32\xpkuHLT.exe
  2⤵
  PID:10996
- C:\Windows\System32\YagaLEG.exe
  C:\Windows\System32\YagaLEG.exe
  2⤵
  PID:9712
- C:\Windows\System32\AtNoZKJ.exe
  C:\Windows\System32\AtNoZKJ.exe
  2⤵
  PID:11216
- C:\Windows\System32\lKwQWfz.exe
  C:\Windows\System32\lKwQWfz.exe
  2⤵
  PID:9880
- C:\Windows\System32\TDodUxO.exe
  C:\Windows\System32\TDodUxO.exe
  2⤵
  PID:4220
- C:\Windows\System32\DFLEpzl.exe
  C:\Windows\System32\DFLEpzl.exe
  2⤵
  PID:10436
- C:\Windows\System32\ivxBQGe.exe
  C:\Windows\System32\ivxBQGe.exe
  2⤵
  PID:10668
- C:\Windows\System32\ePTfqZe.exe
  C:\Windows\System32\ePTfqZe.exe
  2⤵
  PID:10608
- C:\Windows\System32\pERoMAT.exe
  C:\Windows\System32\pERoMAT.exe
  2⤵
  PID:10912
- C:\Windows\System32\uGhFQpb.exe
  C:\Windows\System32\uGhFQpb.exe
  2⤵
  PID:10940
- C:\Windows\System32\joZuSIO.exe
  C:\Windows\System32\joZuSIO.exe
  2⤵
  PID:7908
- C:\Windows\System32\gHTiaip.exe
  C:\Windows\System32\gHTiaip.exe
  2⤵
  PID:10348
- C:\Windows\System32\BpfyOjm.exe
  C:\Windows\System32\BpfyOjm.exe
  2⤵
  PID:10720
- C:\Windows\System32\sVKhboi.exe
  C:\Windows\System32\sVKhboi.exe
  2⤵
  PID:10588
- C:\Windows\System32\gDcTCfZ.exe
  C:\Windows\System32\gDcTCfZ.exe
  2⤵
  PID:11236
- C:\Windows\System32\PlJlaBm.exe
  C:\Windows\System32\PlJlaBm.exe
  2⤵
  PID:11272
- C:\Windows\System32\bvFJkHy.exe
  C:\Windows\System32\bvFJkHy.exe
  2⤵
  PID:11288
- C:\Windows\System32\kumaZGo.exe
  C:\Windows\System32\kumaZGo.exe
  2⤵
  PID:11324
- C:\Windows\System32\pRDjNFr.exe
  C:\Windows\System32\pRDjNFr.exe
  2⤵
  PID:11344
- C:\Windows\System32\nttShMk.exe
  C:\Windows\System32\nttShMk.exe
  2⤵
  PID:11376
- C:\Windows\System32\njjCrDS.exe
  C:\Windows\System32\njjCrDS.exe
  2⤵
  PID:11396
- C:\Windows\System32\KNumCxV.exe
  C:\Windows\System32\KNumCxV.exe
  2⤵
  PID:11424
- C:\Windows\System32\PqvYrix.exe
  C:\Windows\System32\PqvYrix.exe
  2⤵
  PID:11448
- C:\Windows\System32\fqMRWFr.exe
  C:\Windows\System32\fqMRWFr.exe
  2⤵
  PID:11468
- C:\Windows\System32\xhKbeQX.exe
  C:\Windows\System32\xhKbeQX.exe
  2⤵
  PID:11520
- C:\Windows\System32\PtICqDM.exe
  C:\Windows\System32\PtICqDM.exe
  2⤵
  PID:11544
- C:\Windows\System32\mIPVZXp.exe
  C:\Windows\System32\mIPVZXp.exe
  2⤵
  PID:11580
- C:\Windows\System32\zUfgyeD.exe
  C:\Windows\System32\zUfgyeD.exe
  2⤵
  PID:11612
- C:\Windows\System32\ttHDeOX.exe
  C:\Windows\System32\ttHDeOX.exe
  2⤵
  PID:11628
- C:\Windows\System32\bksIsDk.exe
  C:\Windows\System32\bksIsDk.exe
  2⤵
  PID:11648
- C:\Windows\System32\FkLtMkr.exe
  C:\Windows\System32\FkLtMkr.exe
  2⤵
  PID:11668
- C:\Windows\System32\bNCIMyF.exe
  C:\Windows\System32\bNCIMyF.exe
  2⤵
  PID:11684
- C:\Windows\System32\ldYgAdC.exe
  C:\Windows\System32\ldYgAdC.exe
  2⤵
  PID:11708
- C:\Windows\System32\SoPxyJn.exe
  C:\Windows\System32\SoPxyJn.exe
  2⤵
  PID:11752
- C:\Windows\System32\NCqfmXr.exe
  C:\Windows\System32\NCqfmXr.exe
  2⤵
  PID:11792
- C:\Windows\System32\qoIPDYD.exe
  C:\Windows\System32\qoIPDYD.exe
  2⤵
  PID:11820
- C:\Windows\System32\GPUcBBO.exe
  C:\Windows\System32\GPUcBBO.exe
  2⤵
  PID:11836
- C:\Windows\System32\IHhsMSG.exe
  C:\Windows\System32\IHhsMSG.exe
  2⤵
  PID:11860
- C:\Windows\System32\MXRPzWf.exe
  C:\Windows\System32\MXRPzWf.exe
  2⤵
  PID:11896
- C:\Windows\System32\VmIDEpN.exe
  C:\Windows\System32\VmIDEpN.exe
  2⤵
  PID:11952
- C:\Windows\System32\ynEkrCF.exe
  C:\Windows\System32\ynEkrCF.exe
  2⤵
  PID:11976
- C:\Windows\System32\CkcqrRt.exe
  C:\Windows\System32\CkcqrRt.exe
  2⤵
  PID:11996
- C:\Windows\System32\gbpSMad.exe
  C:\Windows\System32\gbpSMad.exe
  2⤵
  PID:12016
- C:\Windows\System32\IWKOmNY.exe
  C:\Windows\System32\IWKOmNY.exe
  2⤵
  PID:12044
- C:\Windows\System32\rRRLrvv.exe
  C:\Windows\System32\rRRLrvv.exe
  2⤵
  PID:12068
- C:\Windows\System32\pcZEgbl.exe
  C:\Windows\System32\pcZEgbl.exe
  2⤵
  PID:12084
- C:\Windows\System32\LZxkxtT.exe
  C:\Windows\System32\LZxkxtT.exe
  2⤵
  PID:12104
- C:\Windows\System32\IZPbcNh.exe
  C:\Windows\System32\IZPbcNh.exe
  2⤵
  PID:12128
- C:\Windows\System32\czQCDmh.exe
  C:\Windows\System32\czQCDmh.exe
  2⤵
  PID:12188
- C:\Windows\System32\iZGGuHy.exe
  C:\Windows\System32\iZGGuHy.exe
  2⤵
  PID:12216
- C:\Windows\System32\iCUOpTi.exe
  C:\Windows\System32\iCUOpTi.exe
  2⤵
  PID:12236
- C:\Windows\System32\XSIQJuJ.exe
  C:\Windows\System32\XSIQJuJ.exe
  2⤵
  PID:12256
- C:\Windows\System32\zOSKUIz.exe
  C:\Windows\System32\zOSKUIz.exe
  2⤵
  PID:9732
- C:\Windows\System32\xhWWGYo.exe
  C:\Windows\System32\xhWWGYo.exe
  2⤵
  PID:11320
- C:\Windows\System32\hZdUCal.exe
  C:\Windows\System32\hZdUCal.exe
  2⤵
  PID:11372
- C:\Windows\System32\yWlFpNw.exe
  C:\Windows\System32\yWlFpNw.exe
  2⤵
  PID:11440
- C:\Windows\System32\WHuWkQs.exe
  C:\Windows\System32\WHuWkQs.exe
  2⤵
  PID:11464
- C:\Windows\System32\HhpAxeV.exe
  C:\Windows\System32\HhpAxeV.exe
  2⤵
  PID:11528
- C:\Windows\System32\MuPaxmO.exe
  C:\Windows\System32\MuPaxmO.exe
  2⤵
  PID:11644
- C:\Windows\System32\zAzytjp.exe
  C:\Windows\System32\zAzytjp.exe
  2⤵
  PID:11680
- C:\Windows\System32\AjlMnxW.exe
  C:\Windows\System32\AjlMnxW.exe
  2⤵
  PID:11696
- C:\Windows\System32\lHDxlsh.exe
  C:\Windows\System32\lHDxlsh.exe
  2⤵
  PID:11872
- C:\Windows\System32\nZxKTxE.exe
  C:\Windows\System32\nZxKTxE.exe
  2⤵
  PID:11932
- C:\Windows\System32\nbTiWyH.exe
  C:\Windows\System32\nbTiWyH.exe
  2⤵
  PID:11988
- C:\Windows\System32\xUahFCh.exe
  C:\Windows\System32\xUahFCh.exe
  2⤵
  PID:12004
- C:\Windows\System32\TzaCZoK.exe
  C:\Windows\System32\TzaCZoK.exe
  2⤵
  PID:12064
- C:\Windows\System32\adGPapC.exe
  C:\Windows\System32\adGPapC.exe
  2⤵
  PID:12080
- C:\Windows\System32\BVZBRXm.exe
  C:\Windows\System32\BVZBRXm.exe
  2⤵
  PID:12180
- C:\Windows\System32\MCHCCww.exe
  C:\Windows\System32\MCHCCww.exe
  2⤵
  PID:11332
- C:\Windows\System32\QIBItJS.exe
  C:\Windows\System32\QIBItJS.exe
  2⤵
  PID:11364
- C:\Windows\System32\unglled.exe
  C:\Windows\System32\unglled.exe
  2⤵
  PID:11636
- C:\Windows\System32\XdrFgAg.exe
  C:\Windows\System32\XdrFgAg.exe
  2⤵
  PID:11844
- C:\Windows\System32\NCKxCIa.exe
  C:\Windows\System32\NCKxCIa.exe
  2⤵
  PID:11964
- C:\Windows\System32\TAnNqdc.exe
  C:\Windows\System32\TAnNqdc.exe
  2⤵
  PID:11888
- C:\Windows\System32\TSVLvYn.exe
  C:\Windows\System32\TSVLvYn.exe
  2⤵
  PID:12164
- C:\Windows\System32\hvLatSd.exe
  C:\Windows\System32\hvLatSd.exe
  2⤵
  PID:12264
- C:\Windows\System32\shxGtuB.exe
  C:\Windows\System32\shxGtuB.exe
  2⤵
  PID:11716
- C:\Windows\System32\zmArlVM.exe
  C:\Windows\System32\zmArlVM.exe
  2⤵
  PID:11800
- C:\Windows\System32\cZbTGup.exe
  C:\Windows\System32\cZbTGup.exe
  2⤵
  PID:11416
- C:\Windows\System32\hFQLVyI.exe
  C:\Windows\System32\hFQLVyI.exe
  2⤵
  PID:12156
- C:\Windows\System32\MnLZifT.exe
  C:\Windows\System32\MnLZifT.exe
  2⤵
  PID:12304
- C:\Windows\System32\QnwCaXe.exe
  C:\Windows\System32\QnwCaXe.exe
  2⤵
  PID:12324
- C:\Windows\System32\mFBGjlY.exe
  C:\Windows\System32\mFBGjlY.exe
  2⤵
  PID:12348
- C:\Windows\System32\sTcfAsQ.exe
  C:\Windows\System32\sTcfAsQ.exe
  2⤵
  PID:12368
- C:\Windows\System32\DCCtzOY.exe
  C:\Windows\System32\DCCtzOY.exe
  2⤵
  PID:12392
- C:\Windows\System32\hfwWGmx.exe
  C:\Windows\System32\hfwWGmx.exe
  2⤵
  PID:12412
- C:\Windows\System32\mkcnNFN.exe
  C:\Windows\System32\mkcnNFN.exe
  2⤵
  PID:12460
- C:\Windows\System32\boulbOi.exe
  C:\Windows\System32\boulbOi.exe
  2⤵
  PID:12496
- C:\Windows\System32\ngouIGB.exe
  C:\Windows\System32\ngouIGB.exe
  2⤵
  PID:12540
- C:\Windows\System32\rWFSLLW.exe
  C:\Windows\System32\rWFSLLW.exe
  2⤵
  PID:12556
- C:\Windows\System32\jtjXfjp.exe
  C:\Windows\System32\jtjXfjp.exe
  2⤵
  PID:12584
- C:\Windows\System32\BQjeFuu.exe
  C:\Windows\System32\BQjeFuu.exe
  2⤵
  PID:12604
- C:\Windows\System32\UaToTuC.exe
  C:\Windows\System32\UaToTuC.exe
  2⤵
  PID:12636
- C:\Windows\System32\iLsddKL.exe
  C:\Windows\System32\iLsddKL.exe
  2⤵
  PID:12668
- C:\Windows\System32\bXarxNq.exe
  C:\Windows\System32\bXarxNq.exe
  2⤵
  PID:12696
- C:\Windows\System32\pPcEzRd.exe
  C:\Windows\System32\pPcEzRd.exe
  2⤵
  PID:12716
- C:\Windows\System32\tarUcXy.exe
  C:\Windows\System32\tarUcXy.exe
  2⤵
  PID:12740
- C:\Windows\System32\WraJtdV.exe
  C:\Windows\System32\WraJtdV.exe
  2⤵
  PID:12764
- C:\Windows\System32\ePgJYkO.exe
  C:\Windows\System32\ePgJYkO.exe
  2⤵
  PID:12796
- C:\Windows\System32\wHQuSWK.exe
  C:\Windows\System32\wHQuSWK.exe
  2⤵
  PID:12820
- C:\Windows\System32\jPaxYyd.exe
  C:\Windows\System32\jPaxYyd.exe
  2⤵
  PID:12852
- C:\Windows\System32\OVlafLK.exe
  C:\Windows\System32\OVlafLK.exe
  2⤵
  PID:12872
- C:\Windows\System32\UeiDNGh.exe
  C:\Windows\System32\UeiDNGh.exe
  2⤵
  PID:12908
- C:\Windows\System32\XvvbdUa.exe
  C:\Windows\System32\XvvbdUa.exe
  2⤵
  PID:12928
- C:\Windows\System32\NWcXoLs.exe
  C:\Windows\System32\NWcXoLs.exe
  2⤵
  PID:12952
- C:\Windows\System32\tnqBdmy.exe
  C:\Windows\System32\tnqBdmy.exe
  2⤵
  PID:13012
- C:\Windows\System32\NJzqAHS.exe
  C:\Windows\System32\NJzqAHS.exe
  2⤵
  PID:13032
- C:\Windows\System32\aswrfkn.exe
  C:\Windows\System32\aswrfkn.exe
  2⤵
  PID:13084
- C:\Windows\System32\npRRxKd.exe
  C:\Windows\System32\npRRxKd.exe
  2⤵
  PID:13100
- C:\Windows\System32\QyOWzvM.exe
  C:\Windows\System32\QyOWzvM.exe
  2⤵
  PID:13116
- C:\Windows\System32\prbepeo.exe
  C:\Windows\System32\prbepeo.exe
  2⤵
  PID:13136
- C:\Windows\System32\FbGRQEA.exe
  C:\Windows\System32\FbGRQEA.exe
  2⤵
  PID:13152
- C:\Windows\System32\BwqnOFH.exe
  C:\Windows\System32\BwqnOFH.exe
  2⤵
  PID:13184
- C:\Windows\System32\XsJTWLi.exe
  C:\Windows\System32\XsJTWLi.exe
  2⤵
  PID:13204
- C:\Windows\System32\PWaRQtk.exe
  C:\Windows\System32\PWaRQtk.exe
  2⤵
  PID:13228
- C:\Windows\System32\ugnDOHp.exe
  C:\Windows\System32\ugnDOHp.exe
  2⤵
  PID:13248
- C:\Windows\System32\WytFUli.exe
  C:\Windows\System32\WytFUli.exe
  2⤵
  PID:13264
- C:\Windows\System32\KnKoaFb.exe
  C:\Windows\System32\KnKoaFb.exe
  2⤵
  PID:13284
- C:\Windows\System32\YVXIqwT.exe
  C:\Windows\System32\YVXIqwT.exe
  2⤵
  PID:13304
- C:\Windows\System32\APSbkaK.exe
  C:\Windows\System32\APSbkaK.exe
  2⤵
  PID:12408
- C:\Windows\System32\bSXQafC.exe
  C:\Windows\System32\bSXQafC.exe
  2⤵
  PID:12532
- C:\Windows\System32\amlbWvT.exe
  C:\Windows\System32\amlbWvT.exe
  2⤵
  PID:12592
- C:\Windows\System32\jXxClWZ.exe
  C:\Windows\System32\jXxClWZ.exe
  2⤵
  PID:12656
- C:\Windows\System32\WKUsKrG.exe
  C:\Windows\System32\WKUsKrG.exe
  2⤵
  PID:12752
- C:\Windows\System32\dHjUnCI.exe
  C:\Windows\System32\dHjUnCI.exe
  2⤵
  PID:12776
- C:\Windows\System32\gnsSXqd.exe
  C:\Windows\System32\gnsSXqd.exe
  2⤵
  PID:12816
- C:\Windows\System32\EgcOwXj.exe
  C:\Windows\System32\EgcOwXj.exe
  2⤵
  PID:12880
- C:\Windows\System32\hGJblgE.exe
  C:\Windows\System32\hGJblgE.exe
  2⤵
  PID:12936
- C:\Windows\System32\tcySGoY.exe
  C:\Windows\System32\tcySGoY.exe
  2⤵
  PID:12996
- C:\Windows\System32\HhTvWLW.exe
  C:\Windows\System32\HhTvWLW.exe
  2⤵
  PID:13040
- C:\Windows\System32\TPzFEBq.exe
  C:\Windows\System32\TPzFEBq.exe
  2⤵
  PID:13124
- C:\Windows\System32\SksvQPy.exe
  C:\Windows\System32\SksvQPy.exe
  2⤵
  PID:13240
- C:\Windows\System32\IvmIGnM.exe
  C:\Windows\System32\IvmIGnM.exe
  2⤵
  PID:13256
- C:\Windows\System32\sSnQTaW.exe
  C:\Windows\System32\sSnQTaW.exe
  2⤵
  PID:12356
- C:\Windows\System32\yvOSAFx.exe
  C:\Windows\System32\yvOSAFx.exe
  2⤵
  PID:12596
- C:\Windows\System32\iZrGscQ.exe
  C:\Windows\System32\iZrGscQ.exe
  2⤵
  PID:12680
- C:\Windows\System32\iJqjbrl.exe
  C:\Windows\System32\iJqjbrl.exe
  2⤵
  PID:12840
- C:\Windows\System32\casuoXZ.exe
  C:\Windows\System32\casuoXZ.exe
  2⤵
  PID:12944
- C:\Windows\System32\hDpZuKD.exe
  C:\Windows\System32\hDpZuKD.exe
  2⤵
  PID:12960
- C:\Windows\System32\nQGQUll.exe
  C:\Windows\System32\nQGQUll.exe
  2⤵
  PID:13272
- C:\Windows\System32\CNjRCyC.exe
  C:\Windows\System32\CNjRCyC.exe
  2⤵
  PID:12748
- C:\Windows\System32\OtxtQLj.exe
  C:\Windows\System32\OtxtQLj.exe
  2⤵
  PID:12924
- C:\Windows\System32\BjdcmwW.exe
  C:\Windows\System32\BjdcmwW.exe
  2⤵
  PID:13260
- C:\Windows\System32\OxXshjB.exe
  C:\Windows\System32\OxXshjB.exe
  2⤵
  PID:12860
- C:\Windows\System32\tLLvfNv.exe
  C:\Windows\System32\tLLvfNv.exe
  2⤵
  PID:13340
- C:\Windows\System32\iFwdzjE.exe
  C:\Windows\System32\iFwdzjE.exe
  2⤵
  PID:13376
- C:\Windows\System32\HEnhsLv.exe
  C:\Windows\System32\HEnhsLv.exe
  2⤵
  PID:13456
- C:\Windows\System32\RPfYTus.exe
  C:\Windows\System32\RPfYTus.exe
  2⤵
  PID:13484
- C:\Windows\System32\GtUcJDj.exe
  C:\Windows\System32\GtUcJDj.exe
  2⤵
  PID:13504
- C:\Windows\System32\yToGSWf.exe
  C:\Windows\System32\yToGSWf.exe
  2⤵
  PID:13536
- C:\Windows\System32\VAQrLNs.exe
  C:\Windows\System32\VAQrLNs.exe
  2⤵
  PID:13568
- C:\Windows\System32\wpHsCfb.exe
  C:\Windows\System32\wpHsCfb.exe
  2⤵
  PID:13588

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BEflMpE.exe

Filesize
1.3MB

MD5
95781be8f128a72071b03b22d083501d

SHA1
54b04df2ae5e59d182c1b58eedc674b643e61121

SHA256
b1d56a8d06ed52031d8b67f498ba3a159cebb0c97506686dd590ea796617149f

SHA512
6d3fc00860b4c8cf576b4fd08e82da8648351971e785a8efd46c4ad287b3fddf69ece91f77f86d0856a100a086e13132a566bda14a60f376dbc867702edf6c44

Download Submit
C:\Windows\System32\BxLXGdp.exe

Filesize
1.3MB

MD5
30db449d1cab6e231696b861d05fb4be

SHA1
96475303ceb9dd3b59c3cda125637bd92eafa8eb

SHA256
af275d8c885532c36ca2b02b67fa4b475e21fb126b9b91dce136ae5ae0545e1d

SHA512
dd667a7485b63f425579b37d7e1d8f2d9bf2180f0d3f94bee4545c3a2bfb2cb72bede87842605e9c5bece9b35127f4b7fd100c10c65b7347738cc95619bce5b1

Download Submit
C:\Windows\System32\FQQQZUD.exe

Filesize
1.3MB

MD5
47bd5c5ff7c8d6a19e9fa57e9c8db68a

SHA1
60c7bb614df256a57e981ad80b20ab41dcb9c7b3

SHA256
89e0292ec163ea5b19a04a7ad5078b70cff88dc2a58b2f3639b007b7037ca721

SHA512
94f3bfc81a81fc146baa6c6b7eb535fa307c9058f1d3b2e85ed3f4cd30f57cdb1e95124446f18e7ce31d9638df7730045c466b7c2c7b5f3de9b0efc632e82c6c

Download Submit
C:\Windows\System32\InfjUIA.exe

Filesize
1.3MB

MD5
d89d56c9b83789d5a7f5fbe61cb3e271

SHA1
057855766dbfd2812952e81e9172136f5e3c6e79

SHA256
169b78f4b22ca87c584ddddf7aceb199a1aefbc9da14f3ef643712c6601bc8bc

SHA512
7b8b6efd47ac09db50c81b0814db7ba384b2dd759c479f2260a16ad0cd5bb9058bb096e14f924a028d51f2f5c6bdecc0375cda6a519f40cfb4a124c62a4aa18b

Download Submit
C:\Windows\System32\JsBDuuV.exe

Filesize
1.3MB

MD5
f172c8cc05b3348624b3f07ff612b470

SHA1
781d3e34c9015faa3e7c6ce64da0162e995f12ff

SHA256
242a38dee8fbf48d1e0ebfd5a3482b7d31f5718e4b4116709d04a05293b788d0

SHA512
e57e3badfe8a96908d9bb70977ec7581ce84847f55c2a46dbd6ed44c17891cad43b96b2269585862266d730b228b020ebe90ba9b89fe34ce5db029d33ab26fd5

Download Submit
C:\Windows\System32\LBHvKkR.exe

Filesize
1.3MB

MD5
3d39d3ae80ea574d0694be1d028c18ce

SHA1
67e9108974948b00f98bd3cec0d59d96c87f89c2

SHA256
bd339ac3ae9e4949938aef55f8fa44842808e59da21e6197ccd4e376e90d3c16

SHA512
aaa193f0f56e93f3dc62b5f9e3e5b545fd4797b6cfd8c63f9e06ebc8c8aeca80eae2e4c670fbe801bd6becfaa6957aa6c09b8655f752e145fe2fd2c3c8a9fdeb

Download Submit
C:\Windows\System32\LUwfMOX.exe

Filesize
1.3MB

MD5
8e78fe81caab2ba597f795ff82b237d1

SHA1
b815787b2e6a6426ddb180eac11fcf821c7ca647

SHA256
90e2dd2dbc434e2a86bc41739fa0a62f10a2b561058ac4cc3fdd74ac8591bf76

SHA512
67fcc6669bebfa58b3bf93c5c662fa5c9044ce951fc1130f2128baf9e0e6da285209405e545ea6c9115d6f4a177f1938e29a4756fd70a916674582f16cd470c4

Download Submit
C:\Windows\System32\MwBmRAg.exe

Filesize
1.3MB

MD5
62e536a54382d47b10989355750af551

SHA1
87737ba23acd2b6b9ffc1685785d16fb795404b0

SHA256
a6afa4da26078d25f5764feb296b4fa94d181295fd2776e17e24626f9e892d75

SHA512
db59861f33870398a81022db535a52404b977aac57efb453104af8dee05812dc4758a4108d3d7de8014a47f7f97129d2ec349448a6733e6069820c3ef2382635

Download Submit
C:\Windows\System32\OHzQjpc.exe

Filesize
1.3MB

MD5
dc0e02e3ef38575b047847928aa80b5a

SHA1
d7a2ba1664df23ed3e090210a1be34d3bf031721

SHA256
8d7b577121feda29d05d996169c3d9266379c3b5a479bb38e708485128d7e835

SHA512
66fcf1d4faed4bee6c308080dce08e51788f9d50c26aa3956783d4137d34f71e601f1da21ede4470c406fc10fa08de4eb1600928751eea873debef81d7b577a5

Download Submit
C:\Windows\System32\OerjXss.exe

Filesize
1.3MB

MD5
25c98a14efbc48cb604c092545840668

SHA1
cc0eac19081885143cd724ce7f365722606e541e

SHA256
993e0a976a20a72013d15c1b4d165c6e8461bc4b2b04af37d79c20069ccdf833

SHA512
123c19b082c956cf30bc19df570623d52aab01178fba460981d8c654e0df73ff1b020cd1cb30e512fdde19fd5d7e30dd904277ab03fb64d7b24aab8788227c64

Download Submit
C:\Windows\System32\OurPIlk.exe

Filesize
1.3MB

MD5
b018007fd94a54ade46f4c772c92d48b

SHA1
56eff88036a777bd3099e3b62b4b75128c7b0d21

SHA256
8b894508ccde4668160c5d367792fe94d9d1173ba5455a6ca6444d04cfd4bb5f

SHA512
64e0db479fb2c93cd90d4d8185bd79dc52348263121d96d3c14c4b36d9aa89887179f7225a231637cc270434bbdfcaab6d439a8b404a9c849f52e998d65b91d6

Download Submit
C:\Windows\System32\PwTPFUh.exe

Filesize
1.3MB

MD5
3ff34a94ed3a8c01118d8bb62abed30b

SHA1
efdbe2c2da0c6f3299f598caae63c8e9bfc59632

SHA256
1e37fa2c43fde1b383e82cf392aa3d887ffd78ade14d24b97b97c0f083125889

SHA512
3e0ec77de04f92bc841180f288fe2ee32209db2ec5d9e3aebf6adb4179d09277cf640e0983a1a2033825ca136961b3dd26cf321d36b17ea78ed2dd59ca626ce2

Download Submit
C:\Windows\System32\QBkJajL.exe

Filesize
1.3MB

MD5
4d16d8f74e95bd8de7d39e38d8e39bcf

SHA1
f59489652d65e4375a1123f5346b83757e02e633

SHA256
500ccc04ddd680ad68acaed68f32e4b221847c8a64c84945dfe9108f94893090

SHA512
9e0bba2953735f3ad2082a5e6382b323679f8fbfba053d5443457821f9cc13b54226d2d662c57766c6e4513e7517beef15381383dafbb1306148f6ba92713ae3

Download Submit
C:\Windows\System32\SWsHGoh.exe

Filesize
1.3MB

MD5
857356a4a6f9f1b8e3e220bf1b6f7a2c

SHA1
9af3dd8a6a66cc56feb36f34c024826e2ce4e5d1

SHA256
5662f92c02263d04bf6af5209c29a7e99a43aa483ceec0982aabf2ac1a574e55

SHA512
9ae42912708aa7c80c2875b73053987d61d147de8dec7e53785fce934db47fb81d993942429f6bd69694e80d72561948c1fbd424bfc1f80f809810aecd6ea505

Download Submit
C:\Windows\System32\UVTJtAo.exe

Filesize
1.3MB

MD5
da067c8a1c8d38a5cd8547e1adfa21a3

SHA1
3baeaea4913670b407166f253d77fce8bae35a1c

SHA256
8990dd3f6341ac21670d2b92d5f5f14e93fbf36547e973255d92e177a4ed5363

SHA512
99c28b0e4d0252fdb66defb9d928df54a98ddb7c28291f05fd6a22f73422615e8b799e8a700792712a043ffb12fe40882e4a4cbf94ade0c83219ea0348f4b154

Download Submit
C:\Windows\System32\UrqCtiF.exe

Filesize
1.3MB

MD5
092fa1fd333490287a81243ff71d62a7

SHA1
40976fb7edcc392de42cb96eae32d2673955cfde

SHA256
69c39c84c002da853e1398ee41b41f62a656bfbe171c9f4d827caa1e705c64aa

SHA512
52a81fb93b1db18aec74b2aff07d4ad64ab7fd059694a5bf1d362383c32e33bae84ffc60cc811ef3c1d1d723560fd741356af77589be179622eaf38443b96822

Download Submit
C:\Windows\System32\VFcBAwW.exe

Filesize
1.3MB

MD5
ab0684c13113a72666dc2217fa1469c2

SHA1
7083495e8ef4e347685f837569536ac1d61c1e2c

SHA256
d84a920fadfd899724aea0edb9454ba2cdaf7d2a342157fe21a287be00d97eeb

SHA512
6c80064db5568821e94aadec990ed2a7338b4f6bd8e017d36677ea20e4da5d24f5c6eda36702e6514eb5f9e55b6009e32b626c2eac83039bd3e23993512cdcf7

Download Submit
C:\Windows\System32\WLhADem.exe

Filesize
1.3MB

MD5
6d4cbebdcbe8343ea3d4eadda63a0724

SHA1
d2b347e171b979d26454a2405b3f07c36602a4f6

SHA256
c7f5556579b4f357603e7bbe3cdc5a570f5f107b15e69bf26b21ab35683d7630

SHA512
283daedf671f7a34e747f6a93cbb3bbaf8686d985023f8fbf0c8a0a0ba74eeec1971dfaff806599856941ce6983312c050cc3c9eaf9305e2cc7d6a383839a903

Download Submit
C:\Windows\System32\ZSVrYFb.exe

Filesize
1.3MB

MD5
622a2eaa71179ae1cdde4e1ad1c64d21

SHA1
467f45955e68b1748e093bdea31a20f8e422694b

SHA256
b967348198f53479a83cb5fcca408dc864b7734f72bc27fee9f5f54c114b0172

SHA512
d0772fc88edbdfc7d69f8f169ebe66818d34c8a4608ce96bee51b34b667eb5e3ac1f3375d058cf7f1568f736df27c5c31ba83588d474449efe09e34becf383f2

Download Submit
C:\Windows\System32\cQqFUUA.exe

Filesize
1.3MB

MD5
05507dda43efdc98728f602c00100d3d

SHA1
cb0eb0cb96c27d4121148792690a46905f205b24

SHA256
6107afdee6422750152a8e2d3daa0f0a7a8ce1197c977d33b9e427f4136d42fc

SHA512
2c99a5ec5c5146489cb34f5653a4df12efb6d5fbfb13c671ad5bd23ae249172c77384afd38e443f1ee2777ef91ea4d1345ed03bd223effad73fa233421e79a83

Download Submit
C:\Windows\System32\dKfUYfj.exe

Filesize
1.3MB

MD5
933b9ca490a9a682412b60988334888e

SHA1
ce1947f9fd6cc57ff91755a8f792de2027aef157

SHA256
57967ea1055a7548855ed74658cc8218db4d2fac2ff545623089c478dccc1246

SHA512
f53d64eaee09c86b9d4b9741e22c492b408f7702b05ada8a9b6e9cd4bd264c05a7d1e16b455b5d5aa0d7b20e4f7144ed29f5c577816d81b1731f1c1ba7689028

Download Submit
C:\Windows\System32\dNypzTc.exe

Filesize
1.3MB

MD5
7356e6463846f0c7c81167c9765b9a55

SHA1
31f6cca844e7bdc612a92ef584387b525e39a386

SHA256
7c76750b0d35b12f2571eed55b7b1a0a357fc7dfd1abb9862d6bbee21cfa9c16

SHA512
187efeb206f28520c410501aa9d0e3b059a4ce5bfabc190e13e3d91d886c6aeb6e03fd44abdac953edd17ecb1aec7518ec4bfc0391a0bbb61eb4cd41e9717953

Download Submit
C:\Windows\System32\eevTxVP.exe

Filesize
1.3MB

MD5
074db993413d8e83f4476d31d23b360f

SHA1
cb2efd0cfed30e382d13deec08079345adeccfeb

SHA256
7c70bf54e5112a67fee22c900bcd9c1eece983bc20046312e0878a533f0e30a7

SHA512
5cc4cbdcef56820ec17746e2ba5a094fe5005ceb518d9c6c2d8a2ff32c7fb034da969b7fa44b1d56468f38f6c0ea96d1c76543f1795af7a65a76acdc8d342a91

Download Submit
C:\Windows\System32\efqWXJv.exe

Filesize
1.3MB

MD5
083da85e88b43053840eac3842f750ec

SHA1
c64402e9003dad1b0cf6d10d685b8baa8e308125

SHA256
c081685eec5c797f1ed6ad68e20b5bd31d046d2e597bbd3c76e16d12d662e7d5

SHA512
eff36b9119ab22ccf680436936bb7bc2cc29c15e9f603b6171c599342f5e9add31af67e42bdd050088c4540a9add245d136a177c6fed8e433197dc88e73eeb30

Download Submit
C:\Windows\System32\hEEyLHj.exe

Filesize
1.3MB

MD5
3fea13b15f661f6a6581e0cb30af1c17

SHA1
85e966d1178aa34676bd01657b82d64b83c0dbf5

SHA256
fb1cf3b43b52cd2d6d5e1d110620d6c9c2ba0193f7f371ff057c64978f18a058

SHA512
73b8e40b9524b4b812bd0578b47f80e4f88cdfceda4e81a87b9bf8eb738d8909a2ffb2fc3613d5c4982603f2e3df017e9dc3b2c7ba576e138750e604bb2607c8

Download Submit
C:\Windows\System32\hLOallF.exe

Filesize
1.3MB

MD5
23c2cda0f4037928b0e3df713c6a7b00

SHA1
8e9a5eef769071ff9b61ae2ca0f754e806241e72

SHA256
478c356aecdfc9a160d55ce9278c962d7a4631397abe70baa8d02a5577d90a95

SHA512
693b0a2e6a24a70862aea32ca2861c401d1c8acd2dfbe4477e00563a963817b339fb718f3934db9a45bda4bc8d938680b1bd7e230fe6774283f71b6da17aae77

Download Submit
C:\Windows\System32\iRmdItb.exe

Filesize
1.3MB

MD5
c6d0e8837726d3afa0d8f844f9584235

SHA1
88c6c8fc7ce542753808b113ffc8b194b4a9e478

SHA256
4419091a2cafe611a04a048f281ef85f4647f27a7d7961578bb44349c960bc24

SHA512
44ce2f421fd14105ce8a1f3edfd5e1421c70192a4d201cc0abb37a7a958f4f9152a88043ca7eaf705a40ee0ff37ea178b89b7e317695dd7e42bb705247fe563c

Download Submit
C:\Windows\System32\lKdeDQY.exe

Filesize
1.3MB

MD5
f9725fe9fa264a6f76a690b74e2f99a5

SHA1
9cb37b339b0982ee890baf7df8a797d188836a04

SHA256
b03058e36631aaec55d1524a562ad4bd26f1814a6c11ce65a8f3a16379aa3242

SHA512
1edd197ae163d7001adae988ec9a11f13d8855b8688a37f4a5ddacff6a00c38a9b9970866cd45f4beecc0ac9e6bba27f0741aca40ce653f3744eeee809dda24f

Download Submit
C:\Windows\System32\mgiqgAb.exe

Filesize
1.3MB

MD5
8db8d80f72366e39cb1512969239caeb

SHA1
10e88a36c89df58b5d7b312fddc12c6457893943

SHA256
34b21ea4787a0156a35cb8c2b0f434b1898147dbd2cad9c98b2ea536aab54db5

SHA512
e73a379298ab37921800e3575ab14ccbc14363443e281d14985b6ce450aae62de9bf87dd0b9387af8abce9017356bc9aa8baba121cef76d4c978b8272ba543dc

Download Submit
C:\Windows\System32\nijadRA.exe

Filesize
1.3MB

MD5
768d178705cbbb74056171559ada95b4

SHA1
c95a8639accd909eb923a70d01842cb892f5607d

SHA256
3a71c8b37b1c46c6712ab7fb191a5cf9f57f6b4ba599877327a3aaefbf43b0a8

SHA512
a6b789099b68abc7c4ac00cd0e4b6b98ef13f816e907a097e7fef8ef7dbd6cf412ec47e06f3db70647635d43cf061ae86889cb2ee3002e0a9b408e63d20daabe

Download Submit
C:\Windows\System32\pFTVZPB.exe

Filesize
1.3MB

MD5
065f9cc500e94034632d6825eb098d4d

SHA1
d65408b82b43e42927d2d517ed0537559f72f472

SHA256
c2507ec65da5caffe60c5d3806d75bd4b511bd0edf2d5577245f584122c9a7c4

SHA512
96fe0ef0a4b5d987d24575ea93f1acbbbcf7b0503d3f05a891c45c1cedbb2e4128cde413cf86a3b85dd95c1b13443ed184843c43b0331653b43c3333fda948b0

Download Submit
C:\Windows\System32\uthVMyE.exe

Filesize
1.3MB

MD5
170c0d7770cf7d526a5cfd9c1949a6b0

SHA1
e313a6140db8506e095a7b0e2ae4e48030cb64df

SHA256
94fdb74630a978b2c6f17f00cfa97ff6ea1d884ace9075622bfed3bc67f4d884

SHA512
a20a0296020528f1a222b508e24c88b75897d517973758959906c7bf80ac13a50056797e41100118d08ef5b059e2000283416b78e638d682d23ae6e247adb480

Download Submit
C:\Windows\System32\wqxaFmG.exe

Filesize
1.3MB

MD5
2533ee83c160f45a3ecbf81eb29ecbf3

SHA1
721ca77107f375c9c27a3c11053987fa263df666

SHA256
9e683973d3b611623a0e7fff7de7804944531c8a11b70529934031252fd2be7a

SHA512
0e07ba7ec885538330261af0aa240c26d70c8de0f347fe335eff973fc08fadffadf08099cfdc655995b6cf5c01e4128f79212eaa7d09f19f62aad7f94f6e0507

Download Submit
memory/460-500-0x00007FF64C700000-0x00007FF64CAF1000-memory.dmp

Filesize
3.9MB

Download
memory/460-2164-0x00007FF64C700000-0x00007FF64CAF1000-memory.dmp

Filesize
3.9MB

Download
memory/460-53-0x00007FF64C700000-0x00007FF64CAF1000-memory.dmp

Filesize
3.9MB

Download
memory/1120-771-0x00007FF7F2690000-0x00007FF7F2A81000-memory.dmp

Filesize
3.9MB

Download
memory/1120-74-0x00007FF7F2690000-0x00007FF7F2A81000-memory.dmp

Filesize
3.9MB

Download
memory/1120-2220-0x00007FF7F2690000-0x00007FF7F2A81000-memory.dmp

Filesize
3.9MB

Download
memory/1156-152-0x00007FF6EFFB0000-0x00007FF6F03A1000-memory.dmp

Filesize
3.9MB

Download
memory/1156-2262-0x00007FF6EFFB0000-0x00007FF6F03A1000-memory.dmp

Filesize
3.9MB

Download
memory/1156-1387-0x00007FF6EFFB0000-0x00007FF6F03A1000-memory.dmp

Filesize
3.9MB

Download
memory/1176-80-0x00007FF67E960000-0x00007FF67ED51000-memory.dmp

Filesize
3.9MB

Download
memory/1176-608-0x00007FF67E960000-0x00007FF67ED51000-memory.dmp

Filesize
3.9MB

Download
memory/1176-2222-0x00007FF67E960000-0x00007FF67ED51000-memory.dmp

Filesize
3.9MB

Download
memory/1860-23-0x00007FF64F150000-0x00007FF64F541000-memory.dmp

Filesize
3.9MB

Download
memory/1860-91-0x00007FF64F150000-0x00007FF64F541000-memory.dmp

Filesize
3.9MB

Download
memory/1860-2141-0x00007FF64F150000-0x00007FF64F541000-memory.dmp

Filesize
3.9MB

Download
memory/2216-160-0x00007FF79AA60000-0x00007FF79AE51000-memory.dmp

Filesize
3.9MB

Download
memory/2216-2228-0x00007FF79AA60000-0x00007FF79AE51000-memory.dmp

Filesize
3.9MB

Download
memory/2320-145-0x00007FF739A80000-0x00007FF739E71000-memory.dmp

Filesize
3.9MB

Download
memory/2320-2234-0x00007FF739A80000-0x00007FF739E71000-memory.dmp

Filesize
3.9MB

Download
memory/2328-17-0x00007FF7D3330000-0x00007FF7D3721000-memory.dmp

Filesize
3.9MB

Download
memory/2328-2139-0x00007FF7D3330000-0x00007FF7D3721000-memory.dmp

Filesize
3.9MB

Download
memory/2328-73-0x00007FF7D3330000-0x00007FF7D3721000-memory.dmp

Filesize
3.9MB

Download
memory/2400-2232-0x00007FF6B0A70000-0x00007FF6B0E61000-memory.dmp

Filesize
3.9MB

Download
memory/2400-161-0x00007FF6B0A70000-0x00007FF6B0E61000-memory.dmp

Filesize
3.9MB

Download
memory/2728-2179-0x00007FF7D74B0000-0x00007FF7D78A1000-memory.dmp

Filesize
3.9MB

Download
memory/2728-84-0x00007FF7D74B0000-0x00007FF7D78A1000-memory.dmp

Filesize
3.9MB

Download
memory/2944-2166-0x00007FF6CDF00000-0x00007FF6CE2F1000-memory.dmp

Filesize
3.9MB

Download
memory/2944-67-0x00007FF6CDF00000-0x00007FF6CE2F1000-memory.dmp

Filesize
3.9MB

Download
memory/3828-116-0x00007FF64AC00000-0x00007FF64AFF1000-memory.dmp

Filesize
3.9MB

Download
memory/3828-2236-0x00007FF64AC00000-0x00007FF64AFF1000-memory.dmp

Filesize
3.9MB

Download
memory/3828-1220-0x00007FF64AC00000-0x00007FF64AFF1000-memory.dmp

Filesize
3.9MB

Download
memory/4000-89-0x00007FF763A20000-0x00007FF763E11000-memory.dmp

Filesize
3.9MB

Download
memory/4000-2218-0x00007FF763A20000-0x00007FF763E11000-memory.dmp

Filesize
3.9MB

Download
memory/4000-914-0x00007FF763A20000-0x00007FF763E11000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2125-0x00007FF64DD20000-0x00007FF64E111000-memory.dmp

Filesize
3.9MB

Download
memory/4176-56-0x00007FF64DD20000-0x00007FF64E111000-memory.dmp

Filesize
3.9MB

Download
memory/4176-0-0x00007FF64DD20000-0x00007FF64E111000-memory.dmp

Filesize
3.9MB

Download
memory/4176-1-0x0000027A16260000-0x0000027A16270000-memory.dmp

Filesize
64KB

Download
memory/4436-157-0x00007FF7563C0000-0x00007FF7567B1000-memory.dmp

Filesize
3.9MB

Download
memory/4436-2238-0x00007FF7563C0000-0x00007FF7567B1000-memory.dmp

Filesize
3.9MB

Download
memory/4444-1379-0x00007FF64AEA0000-0x00007FF64B291000-memory.dmp

Filesize
3.9MB

Download
memory/4444-112-0x00007FF64AEA0000-0x00007FF64B291000-memory.dmp

Filesize
3.9MB

Download
memory/4444-2267-0x00007FF64AEA0000-0x00007FF64B291000-memory.dmp

Filesize
3.9MB

Download
memory/4488-2143-0x00007FF72E7A0000-0x00007FF72EB91000-memory.dmp

Filesize
3.9MB

Download
memory/4488-92-0x00007FF72E7A0000-0x00007FF72EB91000-memory.dmp

Filesize
3.9MB

Download
memory/4488-28-0x00007FF72E7A0000-0x00007FF72EB91000-memory.dmp

Filesize
3.9MB

Download
memory/4544-153-0x00007FF624DF0000-0x00007FF6251E1000-memory.dmp

Filesize
3.9MB

Download
memory/4544-29-0x00007FF624DF0000-0x00007FF6251E1000-memory.dmp

Filesize
3.9MB

Download
memory/4544-2147-0x00007FF624DF0000-0x00007FF6251E1000-memory.dmp

Filesize
3.9MB

Download
memory/4600-113-0x00007FF743B30000-0x00007FF743F21000-memory.dmp

Filesize
3.9MB

Download
memory/4600-2230-0x00007FF743B30000-0x00007FF743F21000-memory.dmp

Filesize
3.9MB

Download
memory/4600-1383-0x00007FF743B30000-0x00007FF743F21000-memory.dmp

Filesize
3.9MB

Download
memory/4700-2162-0x00007FF7422A0000-0x00007FF742691000-memory.dmp

Filesize
3.9MB

Download
memory/4700-350-0x00007FF7422A0000-0x00007FF742691000-memory.dmp

Filesize
3.9MB

Download
memory/4700-46-0x00007FF7422A0000-0x00007FF742691000-memory.dmp

Filesize
3.9MB

Download
memory/4748-1061-0x00007FF646F50000-0x00007FF647341000-memory.dmp

Filesize
3.9MB

Download
memory/4748-90-0x00007FF646F50000-0x00007FF647341000-memory.dmp

Filesize
3.9MB

Download
memory/4748-2226-0x00007FF646F50000-0x00007FF647341000-memory.dmp

Filesize
3.9MB

Download
memory/4840-2224-0x00007FF70BCF0000-0x00007FF70C0E1000-memory.dmp

Filesize
3.9MB

Download
memory/4840-128-0x00007FF70BCF0000-0x00007FF70C0E1000-memory.dmp

Filesize
3.9MB

Download
memory/4884-2145-0x00007FF7C9FD0000-0x00007FF7CA3C1000-memory.dmp

Filesize
3.9MB

Download
memory/4884-33-0x00007FF7C9FD0000-0x00007FF7CA3C1000-memory.dmp

Filesize
3.9MB

Download
memory/4884-345-0x00007FF7C9FD0000-0x00007FF7CA3C1000-memory.dmp

Filesize
3.9MB

Download
memory/4968-2181-0x00007FF69EBA0000-0x00007FF69EF91000-memory.dmp

Filesize
3.9MB

Download
memory/4968-88-0x00007FF69EBA0000-0x00007FF69EF91000-memory.dmp

Filesize
3.9MB

Download
memory/4972-72-0x00007FF74ED70000-0x00007FF74F161000-memory.dmp

Filesize
3.9MB

Download
memory/4972-13-0x00007FF74ED70000-0x00007FF74F161000-memory.dmp

Filesize
3.9MB

Download
memory/4972-2137-0x00007FF74ED70000-0x00007FF74F161000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads