xmrig | db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86

Analysis

max time kernel
111s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 09:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
Size

1.6MB
MD5

d85018eec7b503fb5929d63a200ca370
SHA1

71d8f5add231b557f91ee099e247ab465423ed94
SHA256

db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86
SHA512

dc9673c26e501d3f9b58fe747ad0305640224da3e8fad4afd74be7b1e25978d59e63ba8439072e99258a70c8e079965c5cce60cdceaedbf1361bb475c5068991
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XCej4qDQidfgq+AUwbJS5vXYCbFiQ4:knw9oUUEEDlGUrMTUNXlF+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 40 IoCs

miner

resource	yara_rule
behavioral2/memory/2188-426-0x00007FF7E6680000-0x00007FF7E6A71000-memory.dmp	xmrig
behavioral2/memory/2240-427-0x00007FF7F59D0000-0x00007FF7F5DC1000-memory.dmp	xmrig
behavioral2/memory/2924-440-0x00007FF79C8E0000-0x00007FF79CCD1000-memory.dmp	xmrig
behavioral2/memory/3036-443-0x00007FF7A9A50000-0x00007FF7A9E41000-memory.dmp	xmrig
behavioral2/memory/1848-434-0x00007FF79DCC0000-0x00007FF79E0B1000-memory.dmp	xmrig
behavioral2/memory/4412-446-0x00007FF788100000-0x00007FF7884F1000-memory.dmp	xmrig
behavioral2/memory/5056-449-0x00007FF60A8E0000-0x00007FF60ACD1000-memory.dmp	xmrig
behavioral2/memory/2356-460-0x00007FF779500000-0x00007FF7798F1000-memory.dmp	xmrig
behavioral2/memory/3960-466-0x00007FF65B830000-0x00007FF65BC21000-memory.dmp	xmrig
behavioral2/memory/1180-472-0x00007FF70B5F0000-0x00007FF70B9E1000-memory.dmp	xmrig
behavioral2/memory/1508-457-0x00007FF75A890000-0x00007FF75AC81000-memory.dmp	xmrig
behavioral2/memory/1880-453-0x00007FF60AD30000-0x00007FF60B121000-memory.dmp	xmrig
behavioral2/memory/1728-433-0x00007FF7E6BE0000-0x00007FF7E6FD1000-memory.dmp	xmrig
behavioral2/memory/4892-509-0x00007FF6937E0000-0x00007FF693BD1000-memory.dmp	xmrig
behavioral2/memory/4796-77-0x00007FF69EE00000-0x00007FF69F1F1000-memory.dmp	xmrig
behavioral2/memory/1860-72-0x00007FF720020000-0x00007FF720411000-memory.dmp	xmrig
behavioral2/memory/4908-608-0x00007FF77DFE0000-0x00007FF77E3D1000-memory.dmp	xmrig
behavioral2/memory/3772-738-0x00007FF7099B0000-0x00007FF709DA1000-memory.dmp	xmrig
behavioral2/memory/644-741-0x00007FF7BD9A0000-0x00007FF7BDD91000-memory.dmp	xmrig
behavioral2/memory/1736-735-0x00007FF7ACC30000-0x00007FF7AD021000-memory.dmp	xmrig
behavioral2/memory/4748-842-0x00007FF74AA90000-0x00007FF74AE81000-memory.dmp	xmrig
behavioral2/memory/4724-963-0x00007FF6B4870000-0x00007FF6B4C61000-memory.dmp	xmrig
behavioral2/memory/4144-966-0x00007FF711F10000-0x00007FF712301000-memory.dmp	xmrig
behavioral2/memory/4440-1201-0x00007FF680420000-0x00007FF680811000-memory.dmp	xmrig
behavioral2/memory/2888-1408-0x00007FF696920000-0x00007FF696D11000-memory.dmp	xmrig
behavioral2/memory/4908-2107-0x00007FF77DFE0000-0x00007FF77E3D1000-memory.dmp	xmrig
behavioral2/memory/1736-2109-0x00007FF7ACC30000-0x00007FF7AD021000-memory.dmp	xmrig
behavioral2/memory/644-2116-0x00007FF7BD9A0000-0x00007FF7BDD91000-memory.dmp	xmrig
behavioral2/memory/3772-2115-0x00007FF7099B0000-0x00007FF709DA1000-memory.dmp	xmrig
behavioral2/memory/4724-2138-0x00007FF6B4870000-0x00007FF6B4C61000-memory.dmp	xmrig
behavioral2/memory/4796-2145-0x00007FF69EE00000-0x00007FF69F1F1000-memory.dmp	xmrig
behavioral2/memory/1860-2143-0x00007FF720020000-0x00007FF720411000-memory.dmp	xmrig
behavioral2/memory/4748-2141-0x00007FF74AA90000-0x00007FF74AE81000-memory.dmp	xmrig
behavioral2/memory/4144-2139-0x00007FF711F10000-0x00007FF712301000-memory.dmp	xmrig
behavioral2/memory/1728-2196-0x00007FF7E6BE0000-0x00007FF7E6FD1000-memory.dmp	xmrig
behavioral2/memory/2188-2187-0x00007FF7E6680000-0x00007FF7E6A71000-memory.dmp	xmrig
behavioral2/memory/3960-2185-0x00007FF65B830000-0x00007FF65BC21000-memory.dmp	xmrig
behavioral2/memory/3036-2180-0x00007FF7A9A50000-0x00007FF7A9E41000-memory.dmp	xmrig
behavioral2/memory/2924-2176-0x00007FF79C8E0000-0x00007FF79CCD1000-memory.dmp	xmrig
behavioral2/memory/4412-2174-0x00007FF788100000-0x00007FF7884F1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4908	YZYISQE.exe
1736	DWbuZTq.exe
3772	HwLtVoj.exe
644	PBYOZal.exe
4724	nhZsMPi.exe
4748	MEvFAhr.exe
4144	ietvfow.exe
4440	SRbdhuG.exe
1860	MKGNNAT.exe
4796	ppKchew.exe
2356	lQGbjvM.exe
2888	rYWjnTh.exe
2188	hEpwaDb.exe
3960	hBERVEA.exe
2240	EDMgIqI.exe
1180	RkhXvjb.exe
1728	HtrbTsY.exe
1848	ptDTQnk.exe
2924	pusrgLS.exe
3036	weNRITX.exe
4412	pGqHTxs.exe
5056	PEYkhEu.exe
1880	JHtGlaK.exe
1508	tyxxZgA.exe
2392	aHLGzWN.exe
4700	LdkiuUT.exe
812	YOlwgnD.exe
3868	nrHOqUp.exe
4424	LOOjerw.exe
5068	QwUVqNZ.exe
2936	xmAULCB.exe
1644	URqzduh.exe
4480	bYIoJyS.exe
4528	EmDtHjB.exe
4464	cawaBxO.exe
1560	ypEoYyo.exe
1784	mDVPesG.exe
2248	zKQWrNo.exe
3080	BycngjM.exe
1496	hXPkVUp.exe
960	kUBfvcT.exe
2000	kyPNGsk.exe
2744	dNiLVlL.exe
1724	ysSajGQ.exe
2484	HXUhbog.exe
1536	FSQWEQb.exe
3848	mpIMdQH.exe
576	DpKTanW.exe
1616	gfjOcMf.exe
5016	wHAOssH.exe
2172	VUYUXuV.exe
3996	xSauyut.exe
1360	MCFqtTR.exe
4388	QUtSCiY.exe
1944	JPDlKge.exe
2316	SLsgMcy.exe
3412	DLRdgxa.exe
996	ZezUVhh.exe
4396	BPfyxpp.exe
3808	MlTxFPi.exe
2632	nPjgtJs.exe
2696	hdatxzs.exe
5012	NXwPOiy.exe
1820	FIyxBge.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\lrTHTAY.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\ScnXyWC.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\FeiUYMg.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\BPXevJF.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\HwLtVoj.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\LgDsGCL.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\IVUwNBE.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\oQADiKl.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\Zobudhe.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\LdPWUeB.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\PNQWpJx.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\gqrqRJo.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\wDsjhhM.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\pPhLCEi.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\JoICjYA.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\XykFgnn.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\gyBgYJz.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\XrkuiZY.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\Lvqaqbs.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\mpZqaOI.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\rsxvmPK.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\JQOgOMr.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\aXYbppB.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\kxmEAkO.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\UgUUwXF.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\VbOgieB.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\XLmqtdM.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\ERgMpuW.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\YxOJoRo.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\ptYtMQy.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\SflahWR.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\AvziYaG.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\THNAHDY.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\yAurvwF.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\BIQkEln.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\qbkfrTQ.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\CdQGjwx.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\ExGPDoe.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\MNqYmlm.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\cBnHvaG.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\hfQFBup.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\SFDYxrg.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\EjWEQRp.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\neVVbDy.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\RTBpkba.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\VRWFbtK.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\DBDvabO.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\AbBLhcg.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\EyQEATb.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\ndhfGmN.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\EconEsH.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\zjNAUuC.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\rYWjnTh.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\kdZKcjF.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\OWfQjFG.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\yysEFpn.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\FbholYv.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\kockKJr.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\kGUiskx.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\xSauyut.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\vfjVyrI.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\fzrQeIe.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\tyZovXb.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
File created	C:\Windows\System32\zhLvUma.exe	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4892-0-0x00007FF6937E0000-0x00007FF693BD1000-memory.dmp	upx
behavioral2/files/0x0008000000023c88-4.dat	upx
behavioral2/memory/4908-7-0x00007FF77DFE0000-0x00007FF77E3D1000-memory.dmp	upx
behavioral2/memory/1736-16-0x00007FF7ACC30000-0x00007FF7AD021000-memory.dmp	upx
behavioral2/files/0x0007000000023c8f-23.dat	upx
behavioral2/files/0x0007000000023c8e-28.dat	upx
behavioral2/files/0x0007000000023c91-36.dat	upx
behavioral2/files/0x0007000000023c92-40.dat	upx
behavioral2/memory/4440-42-0x00007FF680420000-0x00007FF680811000-memory.dmp	upx
behavioral2/memory/4144-41-0x00007FF711F10000-0x00007FF712301000-memory.dmp	upx
behavioral2/memory/4748-38-0x00007FF74AA90000-0x00007FF74AE81000-memory.dmp	upx
behavioral2/memory/4724-35-0x00007FF6B4870000-0x00007FF6B4C61000-memory.dmp	upx
behavioral2/memory/644-34-0x00007FF7BD9A0000-0x00007FF7BDD91000-memory.dmp	upx
behavioral2/files/0x0007000000023c90-33.dat	upx
behavioral2/files/0x0007000000023c8d-25.dat	upx
behavioral2/memory/3772-24-0x00007FF7099B0000-0x00007FF709DA1000-memory.dmp	upx
behavioral2/files/0x0007000000023c8c-19.dat	upx
behavioral2/files/0x0007000000023c93-57.dat	upx
behavioral2/files/0x0007000000023c95-66.dat	upx
behavioral2/files/0x0007000000023c98-76.dat	upx
behavioral2/files/0x0007000000023c94-79.dat	upx
behavioral2/files/0x0007000000023c9a-97.dat	upx
behavioral2/files/0x0007000000023c9c-105.dat	upx
behavioral2/files/0x0007000000023c9d-112.dat	upx
behavioral2/files/0x0007000000023c9f-122.dat	upx
behavioral2/files/0x0007000000023ca1-132.dat	upx
behavioral2/files/0x0007000000023ca5-152.dat	upx
behavioral2/memory/2188-426-0x00007FF7E6680000-0x00007FF7E6A71000-memory.dmp	upx
behavioral2/memory/2240-427-0x00007FF7F59D0000-0x00007FF7F5DC1000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-173.dat	upx
behavioral2/memory/2924-440-0x00007FF79C8E0000-0x00007FF79CCD1000-memory.dmp	upx
behavioral2/memory/3036-443-0x00007FF7A9A50000-0x00007FF7A9E41000-memory.dmp	upx
behavioral2/memory/1848-434-0x00007FF79DCC0000-0x00007FF79E0B1000-memory.dmp	upx
behavioral2/memory/4412-446-0x00007FF788100000-0x00007FF7884F1000-memory.dmp	upx
behavioral2/memory/5056-449-0x00007FF60A8E0000-0x00007FF60ACD1000-memory.dmp	upx
behavioral2/memory/2356-460-0x00007FF779500000-0x00007FF7798F1000-memory.dmp	upx
behavioral2/memory/3960-466-0x00007FF65B830000-0x00007FF65BC21000-memory.dmp	upx
behavioral2/memory/1180-472-0x00007FF70B5F0000-0x00007FF70B9E1000-memory.dmp	upx
behavioral2/memory/1508-457-0x00007FF75A890000-0x00007FF75AC81000-memory.dmp	upx
behavioral2/memory/1880-453-0x00007FF60AD30000-0x00007FF60B121000-memory.dmp	upx
behavioral2/memory/1728-433-0x00007FF7E6BE0000-0x00007FF7E6FD1000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-170.dat	upx
behavioral2/files/0x0007000000023ca9-168.dat	upx
behavioral2/files/0x0007000000023ca7-165.dat	upx
behavioral2/files/0x0007000000023ca6-157.dat	upx
behavioral2/files/0x0007000000023ca4-147.dat	upx
behavioral2/files/0x0007000000023ca3-145.dat	upx
behavioral2/files/0x0007000000023ca2-140.dat	upx
behavioral2/files/0x0007000000023ca0-127.dat	upx
behavioral2/files/0x0007000000023c9e-117.dat	upx
behavioral2/files/0x0007000000023c9b-102.dat	upx
behavioral2/files/0x0007000000023c99-95.dat	upx
behavioral2/memory/4892-509-0x00007FF6937E0000-0x00007FF693BD1000-memory.dmp	upx
behavioral2/files/0x0007000000023c97-88.dat	upx
behavioral2/memory/2888-87-0x00007FF696920000-0x00007FF696D11000-memory.dmp	upx
behavioral2/files/0x0007000000023c96-81.dat	upx
behavioral2/memory/4796-77-0x00007FF69EE00000-0x00007FF69F1F1000-memory.dmp	upx
behavioral2/memory/1860-72-0x00007FF720020000-0x00007FF720411000-memory.dmp	upx
behavioral2/files/0x0008000000023c89-51.dat	upx
behavioral2/memory/4908-608-0x00007FF77DFE0000-0x00007FF77E3D1000-memory.dmp	upx
behavioral2/memory/3772-738-0x00007FF7099B0000-0x00007FF709DA1000-memory.dmp	upx
behavioral2/memory/644-741-0x00007FF7BD9A0000-0x00007FF7BDD91000-memory.dmp	upx
behavioral2/memory/1736-735-0x00007FF7ACC30000-0x00007FF7AD021000-memory.dmp	upx
behavioral2/memory/4748-842-0x00007FF74AA90000-0x00007FF74AE81000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13564	dwm.exe
Token: SeChangeNotifyPrivilege	13564	dwm.exe
Token: 33	13564	dwm.exe
Token: SeIncBasePriorityPrivilege	13564	dwm.exe
Token: SeShutdownPrivilege	13564	dwm.exe
Token: SeCreatePagefilePrivilege	13564	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 4908	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	84
PID 4892 wrote to memory of 4908	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	84
PID 4892 wrote to memory of 1736	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	85
PID 4892 wrote to memory of 1736	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	85
PID 4892 wrote to memory of 3772	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	86
PID 4892 wrote to memory of 3772	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	86
PID 4892 wrote to memory of 644	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	87
PID 4892 wrote to memory of 644	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	87
PID 4892 wrote to memory of 4724	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	88
PID 4892 wrote to memory of 4724	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	88
PID 4892 wrote to memory of 4748	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	89
PID 4892 wrote to memory of 4748	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	89
PID 4892 wrote to memory of 4144	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	90
PID 4892 wrote to memory of 4144	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	90
PID 4892 wrote to memory of 4440	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	91
PID 4892 wrote to memory of 4440	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	91
PID 4892 wrote to memory of 4796	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	92
PID 4892 wrote to memory of 4796	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	92
PID 4892 wrote to memory of 1860	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	93
PID 4892 wrote to memory of 1860	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	93
PID 4892 wrote to memory of 2356	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	94
PID 4892 wrote to memory of 2356	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	94
PID 4892 wrote to memory of 2888	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	95
PID 4892 wrote to memory of 2888	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	95
PID 4892 wrote to memory of 2188	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	96
PID 4892 wrote to memory of 2188	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	96
PID 4892 wrote to memory of 3960	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	97
PID 4892 wrote to memory of 3960	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	97
PID 4892 wrote to memory of 2240	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	98
PID 4892 wrote to memory of 2240	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	98
PID 4892 wrote to memory of 1180	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	99
PID 4892 wrote to memory of 1180	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	99
PID 4892 wrote to memory of 1728	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	100
PID 4892 wrote to memory of 1728	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	100
PID 4892 wrote to memory of 1848	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	101
PID 4892 wrote to memory of 1848	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	101
PID 4892 wrote to memory of 2924	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	102
PID 4892 wrote to memory of 2924	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	102
PID 4892 wrote to memory of 3036	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	103
PID 4892 wrote to memory of 3036	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	103
PID 4892 wrote to memory of 4412	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	104
PID 4892 wrote to memory of 4412	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	104
PID 4892 wrote to memory of 5056	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	105
PID 4892 wrote to memory of 5056	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	105
PID 4892 wrote to memory of 1880	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	106
PID 4892 wrote to memory of 1880	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	106
PID 4892 wrote to memory of 1508	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	107
PID 4892 wrote to memory of 1508	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	107
PID 4892 wrote to memory of 2392	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	108
PID 4892 wrote to memory of 2392	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	108
PID 4892 wrote to memory of 4700	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	109
PID 4892 wrote to memory of 4700	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	109
PID 4892 wrote to memory of 812	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	110
PID 4892 wrote to memory of 812	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	110
PID 4892 wrote to memory of 3868	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	111
PID 4892 wrote to memory of 3868	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	111
PID 4892 wrote to memory of 4424	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	112
PID 4892 wrote to memory of 4424	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	112
PID 4892 wrote to memory of 5068	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	113
PID 4892 wrote to memory of 5068	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	113
PID 4892 wrote to memory of 2936	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	114
PID 4892 wrote to memory of 2936	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	114
PID 4892 wrote to memory of 1644	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	115
PID 4892 wrote to memory of 1644	4892	db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe	115

C:\Users\Admin\AppData\Local\Temp\db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe
"C:\Users\Admin\AppData\Local\Temp\db3c15d24e67452cc14bc10f162eea7b0c1dfed3c501ca6eafd1728b7e803c86N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Windows\System32\YZYISQE.exe
  C:\Windows\System32\YZYISQE.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System32\DWbuZTq.exe
  C:\Windows\System32\DWbuZTq.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System32\HwLtVoj.exe
  C:\Windows\System32\HwLtVoj.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System32\PBYOZal.exe
  C:\Windows\System32\PBYOZal.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System32\nhZsMPi.exe
  C:\Windows\System32\nhZsMPi.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System32\MEvFAhr.exe
  C:\Windows\System32\MEvFAhr.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System32\ietvfow.exe
  C:\Windows\System32\ietvfow.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System32\SRbdhuG.exe
  C:\Windows\System32\SRbdhuG.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System32\ppKchew.exe
  C:\Windows\System32\ppKchew.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System32\MKGNNAT.exe
  C:\Windows\System32\MKGNNAT.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System32\lQGbjvM.exe
  C:\Windows\System32\lQGbjvM.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System32\rYWjnTh.exe
  C:\Windows\System32\rYWjnTh.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System32\hEpwaDb.exe
  C:\Windows\System32\hEpwaDb.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System32\hBERVEA.exe
  C:\Windows\System32\hBERVEA.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System32\EDMgIqI.exe
  C:\Windows\System32\EDMgIqI.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System32\RkhXvjb.exe
  C:\Windows\System32\RkhXvjb.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System32\HtrbTsY.exe
  C:\Windows\System32\HtrbTsY.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System32\ptDTQnk.exe
  C:\Windows\System32\ptDTQnk.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System32\pusrgLS.exe
  C:\Windows\System32\pusrgLS.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System32\weNRITX.exe
  C:\Windows\System32\weNRITX.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System32\pGqHTxs.exe
  C:\Windows\System32\pGqHTxs.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System32\PEYkhEu.exe
  C:\Windows\System32\PEYkhEu.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System32\JHtGlaK.exe
  C:\Windows\System32\JHtGlaK.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System32\tyxxZgA.exe
  C:\Windows\System32\tyxxZgA.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System32\aHLGzWN.exe
  C:\Windows\System32\aHLGzWN.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System32\LdkiuUT.exe
  C:\Windows\System32\LdkiuUT.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System32\YOlwgnD.exe
  C:\Windows\System32\YOlwgnD.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System32\nrHOqUp.exe
  C:\Windows\System32\nrHOqUp.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System32\LOOjerw.exe
  C:\Windows\System32\LOOjerw.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System32\QwUVqNZ.exe
  C:\Windows\System32\QwUVqNZ.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System32\xmAULCB.exe
  C:\Windows\System32\xmAULCB.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System32\URqzduh.exe
  C:\Windows\System32\URqzduh.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System32\bYIoJyS.exe
  C:\Windows\System32\bYIoJyS.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System32\EmDtHjB.exe
  C:\Windows\System32\EmDtHjB.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System32\cawaBxO.exe
  C:\Windows\System32\cawaBxO.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System32\ypEoYyo.exe
  C:\Windows\System32\ypEoYyo.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System32\mDVPesG.exe
  C:\Windows\System32\mDVPesG.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System32\zKQWrNo.exe
  C:\Windows\System32\zKQWrNo.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System32\BycngjM.exe
  C:\Windows\System32\BycngjM.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System32\hXPkVUp.exe
  C:\Windows\System32\hXPkVUp.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System32\kUBfvcT.exe
  C:\Windows\System32\kUBfvcT.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System32\kyPNGsk.exe
  C:\Windows\System32\kyPNGsk.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System32\dNiLVlL.exe
  C:\Windows\System32\dNiLVlL.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System32\ysSajGQ.exe
  C:\Windows\System32\ysSajGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System32\HXUhbog.exe
  C:\Windows\System32\HXUhbog.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System32\FSQWEQb.exe
  C:\Windows\System32\FSQWEQb.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System32\mpIMdQH.exe
  C:\Windows\System32\mpIMdQH.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System32\DpKTanW.exe
  C:\Windows\System32\DpKTanW.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System32\gfjOcMf.exe
  C:\Windows\System32\gfjOcMf.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System32\wHAOssH.exe
  C:\Windows\System32\wHAOssH.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System32\VUYUXuV.exe
  C:\Windows\System32\VUYUXuV.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System32\xSauyut.exe
  C:\Windows\System32\xSauyut.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System32\MCFqtTR.exe
  C:\Windows\System32\MCFqtTR.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System32\QUtSCiY.exe
  C:\Windows\System32\QUtSCiY.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System32\JPDlKge.exe
  C:\Windows\System32\JPDlKge.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System32\SLsgMcy.exe
  C:\Windows\System32\SLsgMcy.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System32\DLRdgxa.exe
  C:\Windows\System32\DLRdgxa.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System32\ZezUVhh.exe
  C:\Windows\System32\ZezUVhh.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System32\BPfyxpp.exe
  C:\Windows\System32\BPfyxpp.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System32\MlTxFPi.exe
  C:\Windows\System32\MlTxFPi.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System32\nPjgtJs.exe
  C:\Windows\System32\nPjgtJs.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System32\hdatxzs.exe
  C:\Windows\System32\hdatxzs.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System32\NXwPOiy.exe
  C:\Windows\System32\NXwPOiy.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System32\FIyxBge.exe
  C:\Windows\System32\FIyxBge.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System32\XrkuiZY.exe
  C:\Windows\System32\XrkuiZY.exe
  2⤵
  PID:3568
- C:\Windows\System32\CnHlLmB.exe
  C:\Windows\System32\CnHlLmB.exe
  2⤵
  PID:3052
- C:\Windows\System32\OeJKzud.exe
  C:\Windows\System32\OeJKzud.exe
  2⤵
  PID:4752
- C:\Windows\System32\JoICjYA.exe
  C:\Windows\System32\JoICjYA.exe
  2⤵
  PID:3328
- C:\Windows\System32\BOfdVsS.exe
  C:\Windows\System32\BOfdVsS.exe
  2⤵
  PID:2544
- C:\Windows\System32\aKcnzdw.exe
  C:\Windows\System32\aKcnzdw.exe
  2⤵
  PID:3820
- C:\Windows\System32\URLgpyA.exe
  C:\Windows\System32\URLgpyA.exe
  2⤵
  PID:3316
- C:\Windows\System32\bZathQh.exe
  C:\Windows\System32\bZathQh.exe
  2⤵
  PID:4296
- C:\Windows\System32\Resfvaf.exe
  C:\Windows\System32\Resfvaf.exe
  2⤵
  PID:3800
- C:\Windows\System32\dReSNCE.exe
  C:\Windows\System32\dReSNCE.exe
  2⤵
  PID:984
- C:\Windows\System32\ANxuwOd.exe
  C:\Windows\System32\ANxuwOd.exe
  2⤵
  PID:2192
- C:\Windows\System32\rOEAEsh.exe
  C:\Windows\System32\rOEAEsh.exe
  2⤵
  PID:2608
- C:\Windows\System32\GHHSBlp.exe
  C:\Windows\System32\GHHSBlp.exe
  2⤵
  PID:1156
- C:\Windows\System32\neSilyM.exe
  C:\Windows\System32\neSilyM.exe
  2⤵
  PID:4872
- C:\Windows\System32\Czugdyd.exe
  C:\Windows\System32\Czugdyd.exe
  2⤵
  PID:2072
- C:\Windows\System32\zhYbcJf.exe
  C:\Windows\System32\zhYbcJf.exe
  2⤵
  PID:1376
- C:\Windows\System32\fXUgJjV.exe
  C:\Windows\System32\fXUgJjV.exe
  2⤵
  PID:2160
- C:\Windows\System32\hwgGgLV.exe
  C:\Windows\System32\hwgGgLV.exe
  2⤵
  PID:2856
- C:\Windows\System32\IBubyje.exe
  C:\Windows\System32\IBubyje.exe
  2⤵
  PID:2028
- C:\Windows\System32\VXEBmZZ.exe
  C:\Windows\System32\VXEBmZZ.exe
  2⤵
  PID:1188
- C:\Windows\System32\NttdOKU.exe
  C:\Windows\System32\NttdOKU.exe
  2⤵
  PID:4236
- C:\Windows\System32\CCfELOY.exe
  C:\Windows\System32\CCfELOY.exe
  2⤵
  PID:1584
- C:\Windows\System32\RCNWWsM.exe
  C:\Windows\System32\RCNWWsM.exe
  2⤵
  PID:3592
- C:\Windows\System32\UVqSobl.exe
  C:\Windows\System32\UVqSobl.exe
  2⤵
  PID:3780
- C:\Windows\System32\ABaoghW.exe
  C:\Windows\System32\ABaoghW.exe
  2⤵
  PID:3580
- C:\Windows\System32\ijegwUH.exe
  C:\Windows\System32\ijegwUH.exe
  2⤵
  PID:2956
- C:\Windows\System32\pLThlAu.exe
  C:\Windows\System32\pLThlAu.exe
  2⤵
  PID:3144
- C:\Windows\System32\eHXxCgn.exe
  C:\Windows\System32\eHXxCgn.exe
  2⤵
  PID:3188
- C:\Windows\System32\BDqGEtj.exe
  C:\Windows\System32\BDqGEtj.exe
  2⤵
  PID:4764
- C:\Windows\System32\ROvxBOv.exe
  C:\Windows\System32\ROvxBOv.exe
  2⤵
  PID:2768
- C:\Windows\System32\ACrOKsL.exe
  C:\Windows\System32\ACrOKsL.exe
  2⤵
  PID:456
- C:\Windows\System32\PXVKpMW.exe
  C:\Windows\System32\PXVKpMW.exe
  2⤵
  PID:4360
- C:\Windows\System32\CIscTye.exe
  C:\Windows\System32\CIscTye.exe
  2⤵
  PID:4500
- C:\Windows\System32\cBnHvaG.exe
  C:\Windows\System32\cBnHvaG.exe
  2⤵
  PID:5028
- C:\Windows\System32\dcrOuCw.exe
  C:\Windows\System32\dcrOuCw.exe
  2⤵
  PID:1580
- C:\Windows\System32\IGLWvrT.exe
  C:\Windows\System32\IGLWvrT.exe
  2⤵
  PID:2008
- C:\Windows\System32\kdZKcjF.exe
  C:\Windows\System32\kdZKcjF.exe
  2⤵
  PID:3936
- C:\Windows\System32\ZaJepbV.exe
  C:\Windows\System32\ZaJepbV.exe
  2⤵
  PID:884
- C:\Windows\System32\iBIRumG.exe
  C:\Windows\System32\iBIRumG.exe
  2⤵
  PID:4348
- C:\Windows\System32\objrsyZ.exe
  C:\Windows\System32\objrsyZ.exe
  2⤵
  PID:5140
- C:\Windows\System32\PNQWpJx.exe
  C:\Windows\System32\PNQWpJx.exe
  2⤵
  PID:5176
- C:\Windows\System32\XmJLaDh.exe
  C:\Windows\System32\XmJLaDh.exe
  2⤵
  PID:5204
- C:\Windows\System32\TmonEmW.exe
  C:\Windows\System32\TmonEmW.exe
  2⤵
  PID:5228
- C:\Windows\System32\pOFKkjy.exe
  C:\Windows\System32\pOFKkjy.exe
  2⤵
  PID:5252
- C:\Windows\System32\lRjbhRW.exe
  C:\Windows\System32\lRjbhRW.exe
  2⤵
  PID:5280
- C:\Windows\System32\qboghqZ.exe
  C:\Windows\System32\qboghqZ.exe
  2⤵
  PID:5304
- C:\Windows\System32\kKxzpCU.exe
  C:\Windows\System32\kKxzpCU.exe
  2⤵
  PID:5344
- C:\Windows\System32\lDTktHp.exe
  C:\Windows\System32\lDTktHp.exe
  2⤵
  PID:5372
- C:\Windows\System32\YfTIUWw.exe
  C:\Windows\System32\YfTIUWw.exe
  2⤵
  PID:5396
- C:\Windows\System32\uIWsvYG.exe
  C:\Windows\System32\uIWsvYG.exe
  2⤵
  PID:5420
- C:\Windows\System32\uiCXJWH.exe
  C:\Windows\System32\uiCXJWH.exe
  2⤵
  PID:5448
- C:\Windows\System32\XcModsT.exe
  C:\Windows\System32\XcModsT.exe
  2⤵
  PID:5472
- C:\Windows\System32\neasBlg.exe
  C:\Windows\System32\neasBlg.exe
  2⤵
  PID:5540
- C:\Windows\System32\LgDsGCL.exe
  C:\Windows\System32\LgDsGCL.exe
  2⤵
  PID:5560
- C:\Windows\System32\ESQObyW.exe
  C:\Windows\System32\ESQObyW.exe
  2⤵
  PID:5592
- C:\Windows\System32\iklUCeA.exe
  C:\Windows\System32\iklUCeA.exe
  2⤵
  PID:5624
- C:\Windows\System32\EpyDUdN.exe
  C:\Windows\System32\EpyDUdN.exe
  2⤵
  PID:5644
- C:\Windows\System32\zRvvsFQ.exe
  C:\Windows\System32\zRvvsFQ.exe
  2⤵
  PID:5664
- C:\Windows\System32\LATAvAI.exe
  C:\Windows\System32\LATAvAI.exe
  2⤵
  PID:5712
- C:\Windows\System32\xUkslbW.exe
  C:\Windows\System32\xUkslbW.exe
  2⤵
  PID:5760
- C:\Windows\System32\Lvqaqbs.exe
  C:\Windows\System32\Lvqaqbs.exe
  2⤵
  PID:5780
- C:\Windows\System32\gqrqRJo.exe
  C:\Windows\System32\gqrqRJo.exe
  2⤵
  PID:5800
- C:\Windows\System32\klRvcfc.exe
  C:\Windows\System32\klRvcfc.exe
  2⤵
  PID:5820
- C:\Windows\System32\QGzGtza.exe
  C:\Windows\System32\QGzGtza.exe
  2⤵
  PID:5852
- C:\Windows\System32\WggotLZ.exe
  C:\Windows\System32\WggotLZ.exe
  2⤵
  PID:5900
- C:\Windows\System32\wgYhulP.exe
  C:\Windows\System32\wgYhulP.exe
  2⤵
  PID:5936
- C:\Windows\System32\NSsCLLA.exe
  C:\Windows\System32\NSsCLLA.exe
  2⤵
  PID:5964
- C:\Windows\System32\ACeidjr.exe
  C:\Windows\System32\ACeidjr.exe
  2⤵
  PID:6004
- C:\Windows\System32\TlKtsAc.exe
  C:\Windows\System32\TlKtsAc.exe
  2⤵
  PID:6036
- C:\Windows\System32\RstprPe.exe
  C:\Windows\System32\RstprPe.exe
  2⤵
  PID:6052
- C:\Windows\System32\veQSSaw.exe
  C:\Windows\System32\veQSSaw.exe
  2⤵
  PID:6080
- C:\Windows\System32\HXbnfGH.exe
  C:\Windows\System32\HXbnfGH.exe
  2⤵
  PID:6140
- C:\Windows\System32\iXsKQuT.exe
  C:\Windows\System32\iXsKQuT.exe
  2⤵
  PID:2928
- C:\Windows\System32\QpSJOen.exe
  C:\Windows\System32\QpSJOen.exe
  2⤵
  PID:1396
- C:\Windows\System32\GsBLgFT.exe
  C:\Windows\System32\GsBLgFT.exe
  2⤵
  PID:5160
- C:\Windows\System32\hYZQMqJ.exe
  C:\Windows\System32\hYZQMqJ.exe
  2⤵
  PID:5224
- C:\Windows\System32\qTebylt.exe
  C:\Windows\System32\qTebylt.exe
  2⤵
  PID:5268
- C:\Windows\System32\PDOoaBw.exe
  C:\Windows\System32\PDOoaBw.exe
  2⤵
  PID:5316
- C:\Windows\System32\lrCZvCC.exe
  C:\Windows\System32\lrCZvCC.exe
  2⤵
  PID:5352
- C:\Windows\System32\lPvZYmq.exe
  C:\Windows\System32\lPvZYmq.exe
  2⤵
  PID:4248
- C:\Windows\System32\kXAUSbu.exe
  C:\Windows\System32\kXAUSbu.exe
  2⤵
  PID:5408
- C:\Windows\System32\VbOgieB.exe
  C:\Windows\System32\VbOgieB.exe
  2⤵
  PID:5456
- C:\Windows\System32\zdklvLS.exe
  C:\Windows\System32\zdklvLS.exe
  2⤵
  PID:4000
- C:\Windows\System32\vftFjZk.exe
  C:\Windows\System32\vftFjZk.exe
  2⤵
  PID:536
- C:\Windows\System32\UdIgmaz.exe
  C:\Windows\System32\UdIgmaz.exe
  2⤵
  PID:3016
- C:\Windows\System32\zbAUASn.exe
  C:\Windows\System32\zbAUASn.exe
  2⤵
  PID:5580
- C:\Windows\System32\DBDvabO.exe
  C:\Windows\System32\DBDvabO.exe
  2⤵
  PID:5656
- C:\Windows\System32\KJAdQps.exe
  C:\Windows\System32\KJAdQps.exe
  2⤵
  PID:5704
- C:\Windows\System32\QTYaYVI.exe
  C:\Windows\System32\QTYaYVI.exe
  2⤵
  PID:5792
- C:\Windows\System32\hfQFBup.exe
  C:\Windows\System32\hfQFBup.exe
  2⤵
  PID:5816
- C:\Windows\System32\GEMTAVT.exe
  C:\Windows\System32\GEMTAVT.exe
  2⤵
  PID:5840
- C:\Windows\System32\KNmBFZq.exe
  C:\Windows\System32\KNmBFZq.exe
  2⤵
  PID:6016
- C:\Windows\System32\zFVzTXA.exe
  C:\Windows\System32\zFVzTXA.exe
  2⤵
  PID:6104
- C:\Windows\System32\TnyCwAV.exe
  C:\Windows\System32\TnyCwAV.exe
  2⤵
  PID:6132
- C:\Windows\System32\BmLNuLJ.exe
  C:\Windows\System32\BmLNuLJ.exe
  2⤵
  PID:5024
- C:\Windows\System32\SmUQWZF.exe
  C:\Windows\System32\SmUQWZF.exe
  2⤵
  PID:3940
- C:\Windows\System32\fmnFMmb.exe
  C:\Windows\System32\fmnFMmb.exe
  2⤵
  PID:3632
- C:\Windows\System32\YhUXhMx.exe
  C:\Windows\System32\YhUXhMx.exe
  2⤵
  PID:5188
- C:\Windows\System32\KmqBpzx.exe
  C:\Windows\System32\KmqBpzx.exe
  2⤵
  PID:5788
- C:\Windows\System32\YdVIXRr.exe
  C:\Windows\System32\YdVIXRr.exe
  2⤵
  PID:5808
- C:\Windows\System32\KkaLEsa.exe
  C:\Windows\System32\KkaLEsa.exe
  2⤵
  PID:5412
- C:\Windows\System32\NNtWWLj.exe
  C:\Windows\System32\NNtWWLj.exe
  2⤵
  PID:5528
- C:\Windows\System32\MCefLaE.exe
  C:\Windows\System32\MCefLaE.exe
  2⤵
  PID:432
- C:\Windows\System32\CTIxtfA.exe
  C:\Windows\System32\CTIxtfA.exe
  2⤵
  PID:5812
- C:\Windows\System32\vNpRien.exe
  C:\Windows\System32\vNpRien.exe
  2⤵
  PID:5724
- C:\Windows\System32\fHwLAGc.exe
  C:\Windows\System32\fHwLAGc.exe
  2⤵
  PID:6120
- C:\Windows\System32\JlKhYWU.exe
  C:\Windows\System32\JlKhYWU.exe
  2⤵
  PID:2404
- C:\Windows\System32\OXEGRJU.exe
  C:\Windows\System32\OXEGRJU.exe
  2⤵
  PID:5060
- C:\Windows\System32\XLmqtdM.exe
  C:\Windows\System32\XLmqtdM.exe
  2⤵
  PID:5260
- C:\Windows\System32\NPSSdSU.exe
  C:\Windows\System32\NPSSdSU.exe
  2⤵
  PID:2648
- C:\Windows\System32\EDktwpO.exe
  C:\Windows\System32\EDktwpO.exe
  2⤵
  PID:5608
- C:\Windows\System32\KtNPxZP.exe
  C:\Windows\System32\KtNPxZP.exe
  2⤵
  PID:5884
- C:\Windows\System32\qtvvDQW.exe
  C:\Windows\System32\qtvvDQW.exe
  2⤵
  PID:6076
- C:\Windows\System32\zqxNnmv.exe
  C:\Windows\System32\zqxNnmv.exe
  2⤵
  PID:1052
- C:\Windows\System32\nYsYwdQ.exe
  C:\Windows\System32\nYsYwdQ.exe
  2⤵
  PID:6012
- C:\Windows\System32\quoKsmG.exe
  C:\Windows\System32\quoKsmG.exe
  2⤵
  PID:6160
- C:\Windows\System32\aaHxiXG.exe
  C:\Windows\System32\aaHxiXG.exe
  2⤵
  PID:6188
- C:\Windows\System32\hfrCRhK.exe
  C:\Windows\System32\hfrCRhK.exe
  2⤵
  PID:6232
- C:\Windows\System32\BQEaIFG.exe
  C:\Windows\System32\BQEaIFG.exe
  2⤵
  PID:6260
- C:\Windows\System32\fvDyBAN.exe
  C:\Windows\System32\fvDyBAN.exe
  2⤵
  PID:6308
- C:\Windows\System32\PuKSYyq.exe
  C:\Windows\System32\PuKSYyq.exe
  2⤵
  PID:6336
- C:\Windows\System32\ytQttxu.exe
  C:\Windows\System32\ytQttxu.exe
  2⤵
  PID:6360
- C:\Windows\System32\jCbjfyo.exe
  C:\Windows\System32\jCbjfyo.exe
  2⤵
  PID:6380
- C:\Windows\System32\RekbgNP.exe
  C:\Windows\System32\RekbgNP.exe
  2⤵
  PID:6432
- C:\Windows\System32\jPrycIT.exe
  C:\Windows\System32\jPrycIT.exe
  2⤵
  PID:6448
- C:\Windows\System32\VXjfbQB.exe
  C:\Windows\System32\VXjfbQB.exe
  2⤵
  PID:6464
- C:\Windows\System32\xBhMVAv.exe
  C:\Windows\System32\xBhMVAv.exe
  2⤵
  PID:6484
- C:\Windows\System32\zKAMbBM.exe
  C:\Windows\System32\zKAMbBM.exe
  2⤵
  PID:6504
- C:\Windows\System32\YUmToqO.exe
  C:\Windows\System32\YUmToqO.exe
  2⤵
  PID:6548
- C:\Windows\System32\FrxcSyw.exe
  C:\Windows\System32\FrxcSyw.exe
  2⤵
  PID:6588
- C:\Windows\System32\YvIPdLf.exe
  C:\Windows\System32\YvIPdLf.exe
  2⤵
  PID:6616
- C:\Windows\System32\oAHeGwr.exe
  C:\Windows\System32\oAHeGwr.exe
  2⤵
  PID:6652
- C:\Windows\System32\MMaLwno.exe
  C:\Windows\System32\MMaLwno.exe
  2⤵
  PID:6680
- C:\Windows\System32\mRgTSBp.exe
  C:\Windows\System32\mRgTSBp.exe
  2⤵
  PID:6708
- C:\Windows\System32\UnPTMaw.exe
  C:\Windows\System32\UnPTMaw.exe
  2⤵
  PID:6724
- C:\Windows\System32\omYkPuv.exe
  C:\Windows\System32\omYkPuv.exe
  2⤵
  PID:6752
- C:\Windows\System32\ZbDdJhb.exe
  C:\Windows\System32\ZbDdJhb.exe
  2⤵
  PID:6780
- C:\Windows\System32\AvziYaG.exe
  C:\Windows\System32\AvziYaG.exe
  2⤵
  PID:6824
- C:\Windows\System32\cbSytXp.exe
  C:\Windows\System32\cbSytXp.exe
  2⤵
  PID:6844
- C:\Windows\System32\FAFspxK.exe
  C:\Windows\System32\FAFspxK.exe
  2⤵
  PID:6868
- C:\Windows\System32\qEJdZlH.exe
  C:\Windows\System32\qEJdZlH.exe
  2⤵
  PID:6900
- C:\Windows\System32\wuyuJBJ.exe
  C:\Windows\System32\wuyuJBJ.exe
  2⤵
  PID:6940
- C:\Windows\System32\JZdNMoQ.exe
  C:\Windows\System32\JZdNMoQ.exe
  2⤵
  PID:6956
- C:\Windows\System32\qqbNBCD.exe
  C:\Windows\System32\qqbNBCD.exe
  2⤵
  PID:6984
- C:\Windows\System32\jfLVPlM.exe
  C:\Windows\System32\jfLVPlM.exe
  2⤵
  PID:7008
- C:\Windows\System32\pIFflMH.exe
  C:\Windows\System32\pIFflMH.exe
  2⤵
  PID:7024
- C:\Windows\System32\iOXlFew.exe
  C:\Windows\System32\iOXlFew.exe
  2⤵
  PID:7040
- C:\Windows\System32\vWlNMez.exe
  C:\Windows\System32\vWlNMez.exe
  2⤵
  PID:7100
- C:\Windows\System32\WWnGgRk.exe
  C:\Windows\System32\WWnGgRk.exe
  2⤵
  PID:7156
- C:\Windows\System32\xUEIZOn.exe
  C:\Windows\System32\xUEIZOn.exe
  2⤵
  PID:6152
- C:\Windows\System32\THNAHDY.exe
  C:\Windows\System32\THNAHDY.exe
  2⤵
  PID:6268
- C:\Windows\System32\IqqKfua.exe
  C:\Windows\System32\IqqKfua.exe
  2⤵
  PID:6248
- C:\Windows\System32\RTBpkba.exe
  C:\Windows\System32\RTBpkba.exe
  2⤵
  PID:6372
- C:\Windows\System32\jUjnnwG.exe
  C:\Windows\System32\jUjnnwG.exe
  2⤵
  PID:6420
- C:\Windows\System32\zrrAkcn.exe
  C:\Windows\System32\zrrAkcn.exe
  2⤵
  PID:6440
- C:\Windows\System32\UmjMADh.exe
  C:\Windows\System32\UmjMADh.exe
  2⤵
  PID:6500
- C:\Windows\System32\ZBmGJHN.exe
  C:\Windows\System32\ZBmGJHN.exe
  2⤵
  PID:6480
- C:\Windows\System32\zkTLDYs.exe
  C:\Windows\System32\zkTLDYs.exe
  2⤵
  PID:6576
- C:\Windows\System32\zorTpqg.exe
  C:\Windows\System32\zorTpqg.exe
  2⤵
  PID:6644
- C:\Windows\System32\cHIbgpr.exe
  C:\Windows\System32\cHIbgpr.exe
  2⤵
  PID:6672
- C:\Windows\System32\RkQltYo.exe
  C:\Windows\System32\RkQltYo.exe
  2⤵
  PID:6760
- C:\Windows\System32\jaeptlP.exe
  C:\Windows\System32\jaeptlP.exe
  2⤵
  PID:6820
- C:\Windows\System32\GWyFlCx.exe
  C:\Windows\System32\GWyFlCx.exe
  2⤵
  PID:7032
- C:\Windows\System32\NcdKRUw.exe
  C:\Windows\System32\NcdKRUw.exe
  2⤵
  PID:7064
- C:\Windows\System32\DoYqVhe.exe
  C:\Windows\System32\DoYqVhe.exe
  2⤵
  PID:7080
- C:\Windows\System32\zzfmLkO.exe
  C:\Windows\System32\zzfmLkO.exe
  2⤵
  PID:7148
- C:\Windows\System32\wvTcoTj.exe
  C:\Windows\System32\wvTcoTj.exe
  2⤵
  PID:6444
- C:\Windows\System32\IEhVADl.exe
  C:\Windows\System32\IEhVADl.exe
  2⤵
  PID:6492
- C:\Windows\System32\BcScKVh.exe
  C:\Windows\System32\BcScKVh.exe
  2⤵
  PID:6628
- C:\Windows\System32\qZPpvnN.exe
  C:\Windows\System32\qZPpvnN.exe
  2⤵
  PID:5604
- C:\Windows\System32\GhBtiil.exe
  C:\Windows\System32\GhBtiil.exe
  2⤵
  PID:6748
- C:\Windows\System32\AbBLhcg.exe
  C:\Windows\System32\AbBLhcg.exe
  2⤵
  PID:7016
- C:\Windows\System32\BrRwPdI.exe
  C:\Windows\System32\BrRwPdI.exe
  2⤵
  PID:6280
- C:\Windows\System32\VGuMETv.exe
  C:\Windows\System32\VGuMETv.exe
  2⤵
  PID:6796
- C:\Windows\System32\tUWondA.exe
  C:\Windows\System32\tUWondA.exe
  2⤵
  PID:7172
- C:\Windows\System32\ctHwnLc.exe
  C:\Windows\System32\ctHwnLc.exe
  2⤵
  PID:7188
- C:\Windows\System32\SKJhewU.exe
  C:\Windows\System32\SKJhewU.exe
  2⤵
  PID:7216
- C:\Windows\System32\lCgvpov.exe
  C:\Windows\System32\lCgvpov.exe
  2⤵
  PID:7236
- C:\Windows\System32\rMTkxYP.exe
  C:\Windows\System32\rMTkxYP.exe
  2⤵
  PID:7256
- C:\Windows\System32\LbzQzVS.exe
  C:\Windows\System32\LbzQzVS.exe
  2⤵
  PID:7300
- C:\Windows\System32\wTdroUX.exe
  C:\Windows\System32\wTdroUX.exe
  2⤵
  PID:7324
- C:\Windows\System32\kxmEAkO.exe
  C:\Windows\System32\kxmEAkO.exe
  2⤵
  PID:7344
- C:\Windows\System32\bdyXIiP.exe
  C:\Windows\System32\bdyXIiP.exe
  2⤵
  PID:7392
- C:\Windows\System32\XCJCKdk.exe
  C:\Windows\System32\XCJCKdk.exe
  2⤵
  PID:7440
- C:\Windows\System32\vCMkHsu.exe
  C:\Windows\System32\vCMkHsu.exe
  2⤵
  PID:7472
- C:\Windows\System32\YHBQsgq.exe
  C:\Windows\System32\YHBQsgq.exe
  2⤵
  PID:7504
- C:\Windows\System32\kKgxcDE.exe
  C:\Windows\System32\kKgxcDE.exe
  2⤵
  PID:7524
- C:\Windows\System32\lrTHTAY.exe
  C:\Windows\System32\lrTHTAY.exe
  2⤵
  PID:7544
- C:\Windows\System32\qZHwIAZ.exe
  C:\Windows\System32\qZHwIAZ.exe
  2⤵
  PID:7580
- C:\Windows\System32\MOlYeYC.exe
  C:\Windows\System32\MOlYeYC.exe
  2⤵
  PID:7608
- C:\Windows\System32\ERgMpuW.exe
  C:\Windows\System32\ERgMpuW.exe
  2⤵
  PID:7636
- C:\Windows\System32\tfLlWzx.exe
  C:\Windows\System32\tfLlWzx.exe
  2⤵
  PID:7668
- C:\Windows\System32\LTudLnD.exe
  C:\Windows\System32\LTudLnD.exe
  2⤵
  PID:7696
- C:\Windows\System32\XDDtlDL.exe
  C:\Windows\System32\XDDtlDL.exe
  2⤵
  PID:7720
- C:\Windows\System32\aBIrkOU.exe
  C:\Windows\System32\aBIrkOU.exe
  2⤵
  PID:7740
- C:\Windows\System32\vQHryVE.exe
  C:\Windows\System32\vQHryVE.exe
  2⤵
  PID:7760
- C:\Windows\System32\mxyYKCP.exe
  C:\Windows\System32\mxyYKCP.exe
  2⤵
  PID:7784
- C:\Windows\System32\hVCeBYg.exe
  C:\Windows\System32\hVCeBYg.exe
  2⤵
  PID:7812
- C:\Windows\System32\zUqVpwR.exe
  C:\Windows\System32\zUqVpwR.exe
  2⤵
  PID:7832
- C:\Windows\System32\LyFrICq.exe
  C:\Windows\System32\LyFrICq.exe
  2⤵
  PID:7848
- C:\Windows\System32\SqRBtcs.exe
  C:\Windows\System32\SqRBtcs.exe
  2⤵
  PID:7912
- C:\Windows\System32\qFQlgRW.exe
  C:\Windows\System32\qFQlgRW.exe
  2⤵
  PID:7960
- C:\Windows\System32\RnXTvfd.exe
  C:\Windows\System32\RnXTvfd.exe
  2⤵
  PID:7984
- C:\Windows\System32\uoLNQxw.exe
  C:\Windows\System32\uoLNQxw.exe
  2⤵
  PID:8012
- C:\Windows\System32\xSlaOcl.exe
  C:\Windows\System32\xSlaOcl.exe
  2⤵
  PID:8044
- C:\Windows\System32\jlLgxKG.exe
  C:\Windows\System32\jlLgxKG.exe
  2⤵
  PID:8060
- C:\Windows\System32\MvuOIqy.exe
  C:\Windows\System32\MvuOIqy.exe
  2⤵
  PID:8100
- C:\Windows\System32\jzbPMlT.exe
  C:\Windows\System32\jzbPMlT.exe
  2⤵
  PID:8120
- C:\Windows\System32\XykFgnn.exe
  C:\Windows\System32\XykFgnn.exe
  2⤵
  PID:8160
- C:\Windows\System32\saQBByY.exe
  C:\Windows\System32\saQBByY.exe
  2⤵
  PID:8180
- C:\Windows\System32\AteDQop.exe
  C:\Windows\System32\AteDQop.exe
  2⤵
  PID:6560
- C:\Windows\System32\FcriJgT.exe
  C:\Windows\System32\FcriJgT.exe
  2⤵
  PID:6520
- C:\Windows\System32\sIIhTnA.exe
  C:\Windows\System32\sIIhTnA.exe
  2⤵
  PID:6840
- C:\Windows\System32\JQOgOMr.exe
  C:\Windows\System32\JQOgOMr.exe
  2⤵
  PID:4408
- C:\Windows\System32\YfptWIg.exe
  C:\Windows\System32\YfptWIg.exe
  2⤵
  PID:7252
- C:\Windows\System32\mMVdinO.exe
  C:\Windows\System32\mMVdinO.exe
  2⤵
  PID:7340
- C:\Windows\System32\EnlHPlp.exe
  C:\Windows\System32\EnlHPlp.exe
  2⤵
  PID:7320
- C:\Windows\System32\NaHgicO.exe
  C:\Windows\System32\NaHgicO.exe
  2⤵
  PID:7400
- C:\Windows\System32\rnCTife.exe
  C:\Windows\System32\rnCTife.exe
  2⤵
  PID:7512
- C:\Windows\System32\YrXAbil.exe
  C:\Windows\System32\YrXAbil.exe
  2⤵
  PID:7552
- C:\Windows\System32\GRfTgTM.exe
  C:\Windows\System32\GRfTgTM.exe
  2⤵
  PID:7684
- C:\Windows\System32\MvKMZEz.exe
  C:\Windows\System32\MvKMZEz.exe
  2⤵
  PID:7736
- C:\Windows\System32\CKsirPQ.exe
  C:\Windows\System32\CKsirPQ.exe
  2⤵
  PID:7776
- C:\Windows\System32\mIoNcwz.exe
  C:\Windows\System32\mIoNcwz.exe
  2⤵
  PID:7900
- C:\Windows\System32\JRgiCve.exe
  C:\Windows\System32\JRgiCve.exe
  2⤵
  PID:7976
- C:\Windows\System32\TVpxClk.exe
  C:\Windows\System32\TVpxClk.exe
  2⤵
  PID:8032
- C:\Windows\System32\OWCMnJD.exe
  C:\Windows\System32\OWCMnJD.exe
  2⤵
  PID:8084
- C:\Windows\System32\wbNcQMB.exe
  C:\Windows\System32\wbNcQMB.exe
  2⤵
  PID:8148
- C:\Windows\System32\QaXzchU.exe
  C:\Windows\System32\QaXzchU.exe
  2⤵
  PID:7108
- C:\Windows\System32\mlMKzqh.exe
  C:\Windows\System32\mlMKzqh.exe
  2⤵
  PID:6880
- C:\Windows\System32\eGjWlKK.exe
  C:\Windows\System32\eGjWlKK.exe
  2⤵
  PID:7316
- C:\Windows\System32\GTHeUaF.exe
  C:\Windows\System32\GTHeUaF.exe
  2⤵
  PID:7540
- C:\Windows\System32\wzFPbdY.exe
  C:\Windows\System32\wzFPbdY.exe
  2⤵
  PID:7296
- C:\Windows\System32\BgnNgjx.exe
  C:\Windows\System32\BgnNgjx.exe
  2⤵
  PID:7664
- C:\Windows\System32\jKcQBYR.exe
  C:\Windows\System32\jKcQBYR.exe
  2⤵
  PID:7956
- C:\Windows\System32\AKUPMFw.exe
  C:\Windows\System32\AKUPMFw.exe
  2⤵
  PID:8004
- C:\Windows\System32\yfFXyge.exe
  C:\Windows\System32\yfFXyge.exe
  2⤵
  PID:6416
- C:\Windows\System32\zEFCfJK.exe
  C:\Windows\System32\zEFCfJK.exe
  2⤵
  PID:7432
- C:\Windows\System32\EfDnJDP.exe
  C:\Windows\System32\EfDnJDP.exe
  2⤵
  PID:8088
- C:\Windows\System32\tWBTzIv.exe
  C:\Windows\System32\tWBTzIv.exe
  2⤵
  PID:7084
- C:\Windows\System32\TnNAQqY.exe
  C:\Windows\System32\TnNAQqY.exe
  2⤵
  PID:8188
- C:\Windows\System32\GWjEhlB.exe
  C:\Windows\System32\GWjEhlB.exe
  2⤵
  PID:8116
- C:\Windows\System32\XNvJTpJ.exe
  C:\Windows\System32\XNvJTpJ.exe
  2⤵
  PID:8212
- C:\Windows\System32\mHRmhpC.exe
  C:\Windows\System32\mHRmhpC.exe
  2⤵
  PID:8232
- C:\Windows\System32\WSHsBzu.exe
  C:\Windows\System32\WSHsBzu.exe
  2⤵
  PID:8256
- C:\Windows\System32\BnkzucL.exe
  C:\Windows\System32\BnkzucL.exe
  2⤵
  PID:8276
- C:\Windows\System32\PaMwXUB.exe
  C:\Windows\System32\PaMwXUB.exe
  2⤵
  PID:8320
- C:\Windows\System32\yPocUxl.exe
  C:\Windows\System32\yPocUxl.exe
  2⤵
  PID:8352
- C:\Windows\System32\tiournY.exe
  C:\Windows\System32\tiournY.exe
  2⤵
  PID:8372
- C:\Windows\System32\RNPihHN.exe
  C:\Windows\System32\RNPihHN.exe
  2⤵
  PID:8396
- C:\Windows\System32\EmKtDTW.exe
  C:\Windows\System32\EmKtDTW.exe
  2⤵
  PID:8412
- C:\Windows\System32\ETAvlQS.exe
  C:\Windows\System32\ETAvlQS.exe
  2⤵
  PID:8472
- C:\Windows\System32\NEJQCwh.exe
  C:\Windows\System32\NEJQCwh.exe
  2⤵
  PID:8492
- C:\Windows\System32\YxOJoRo.exe
  C:\Windows\System32\YxOJoRo.exe
  2⤵
  PID:8516
- C:\Windows\System32\lRpdGuO.exe
  C:\Windows\System32\lRpdGuO.exe
  2⤵
  PID:8552
- C:\Windows\System32\TSGoDPd.exe
  C:\Windows\System32\TSGoDPd.exe
  2⤵
  PID:8576
- C:\Windows\System32\gyyoNIx.exe
  C:\Windows\System32\gyyoNIx.exe
  2⤵
  PID:8608
- C:\Windows\System32\HUeNgXB.exe
  C:\Windows\System32\HUeNgXB.exe
  2⤵
  PID:8636
- C:\Windows\System32\PYJJgYf.exe
  C:\Windows\System32\PYJJgYf.exe
  2⤵
  PID:8664
- C:\Windows\System32\yAurvwF.exe
  C:\Windows\System32\yAurvwF.exe
  2⤵
  PID:8688
- C:\Windows\System32\Lzueyjd.exe
  C:\Windows\System32\Lzueyjd.exe
  2⤵
  PID:8744
- C:\Windows\System32\tYuIbhD.exe
  C:\Windows\System32\tYuIbhD.exe
  2⤵
  PID:8768
- C:\Windows\System32\UfSLpjn.exe
  C:\Windows\System32\UfSLpjn.exe
  2⤵
  PID:8796
- C:\Windows\System32\bTHgvkL.exe
  C:\Windows\System32\bTHgvkL.exe
  2⤵
  PID:8820
- C:\Windows\System32\sIpYJIe.exe
  C:\Windows\System32\sIpYJIe.exe
  2⤵
  PID:8844
- C:\Windows\System32\Fhmmmre.exe
  C:\Windows\System32\Fhmmmre.exe
  2⤵
  PID:8864
- C:\Windows\System32\ypATvPY.exe
  C:\Windows\System32\ypATvPY.exe
  2⤵
  PID:8900
- C:\Windows\System32\RXoeICu.exe
  C:\Windows\System32\RXoeICu.exe
  2⤵
  PID:8936
- C:\Windows\System32\MSSBErl.exe
  C:\Windows\System32\MSSBErl.exe
  2⤵
  PID:8960
- C:\Windows\System32\Eucyodc.exe
  C:\Windows\System32\Eucyodc.exe
  2⤵
  PID:8980
- C:\Windows\System32\noeSRKV.exe
  C:\Windows\System32\noeSRKV.exe
  2⤵
  PID:9000
- C:\Windows\System32\UgUUwXF.exe
  C:\Windows\System32\UgUUwXF.exe
  2⤵
  PID:9028
- C:\Windows\System32\ZxouQjS.exe
  C:\Windows\System32\ZxouQjS.exe
  2⤵
  PID:9072
- C:\Windows\System32\yacMoXI.exe
  C:\Windows\System32\yacMoXI.exe
  2⤵
  PID:9088
- C:\Windows\System32\xkGAxlo.exe
  C:\Windows\System32\xkGAxlo.exe
  2⤵
  PID:9136
- C:\Windows\System32\cuYqpjc.exe
  C:\Windows\System32\cuYqpjc.exe
  2⤵
  PID:9156
- C:\Windows\System32\qTQbYwe.exe
  C:\Windows\System32\qTQbYwe.exe
  2⤵
  PID:9188
- C:\Windows\System32\vfjVyrI.exe
  C:\Windows\System32\vfjVyrI.exe
  2⤵
  PID:9212
- C:\Windows\System32\vPnuWqU.exe
  C:\Windows\System32\vPnuWqU.exe
  2⤵
  PID:8228
- C:\Windows\System32\zAszwSZ.exe
  C:\Windows\System32\zAszwSZ.exe
  2⤵
  PID:8300
- C:\Windows\System32\FmbmShB.exe
  C:\Windows\System32\FmbmShB.exe
  2⤵
  PID:8348
- C:\Windows\System32\mhXWUUA.exe
  C:\Windows\System32\mhXWUUA.exe
  2⤵
  PID:8456
- C:\Windows\System32\DzKwqUv.exe
  C:\Windows\System32\DzKwqUv.exe
  2⤵
  PID:8528
- C:\Windows\System32\xmawVvp.exe
  C:\Windows\System32\xmawVvp.exe
  2⤵
  PID:8592
- C:\Windows\System32\TvdnQOt.exe
  C:\Windows\System32\TvdnQOt.exe
  2⤵
  PID:8620
- C:\Windows\System32\TaglHaM.exe
  C:\Windows\System32\TaglHaM.exe
  2⤵
  PID:8672
- C:\Windows\System32\omJpVVE.exe
  C:\Windows\System32\omJpVVE.exe
  2⤵
  PID:8780
- C:\Windows\System32\bfedGea.exe
  C:\Windows\System32\bfedGea.exe
  2⤵
  PID:8804
- C:\Windows\System32\vxDnenJ.exe
  C:\Windows\System32\vxDnenJ.exe
  2⤵
  PID:8872
- C:\Windows\System32\BIQkEln.exe
  C:\Windows\System32\BIQkEln.exe
  2⤵
  PID:8948
- C:\Windows\System32\CscVXHQ.exe
  C:\Windows\System32\CscVXHQ.exe
  2⤵
  PID:9008
- C:\Windows\System32\pcqHOZa.exe
  C:\Windows\System32\pcqHOZa.exe
  2⤵
  PID:9044
- C:\Windows\System32\dIKXgwy.exe
  C:\Windows\System32\dIKXgwy.exe
  2⤵
  PID:9144
- C:\Windows\System32\ndsbftB.exe
  C:\Windows\System32\ndsbftB.exe
  2⤵
  PID:8272
- C:\Windows\System32\BJlItNT.exe
  C:\Windows\System32\BJlItNT.exe
  2⤵
  PID:8304
- C:\Windows\System32\TPSmacs.exe
  C:\Windows\System32\TPSmacs.exe
  2⤵
  PID:8436
- C:\Windows\System32\tdTLCSc.exe
  C:\Windows\System32\tdTLCSc.exe
  2⤵
  PID:8676
- C:\Windows\System32\nhnbPnQ.exe
  C:\Windows\System32\nhnbPnQ.exe
  2⤵
  PID:8852
- C:\Windows\System32\kockKJr.exe
  C:\Windows\System32\kockKJr.exe
  2⤵
  PID:8924
- C:\Windows\System32\yBXQsXM.exe
  C:\Windows\System32\yBXQsXM.exe
  2⤵
  PID:9100
- C:\Windows\System32\nFmRnho.exe
  C:\Windows\System32\nFmRnho.exe
  2⤵
  PID:8444
- C:\Windows\System32\SNjACkr.exe
  C:\Windows\System32\SNjACkr.exe
  2⤵
  PID:8504
- C:\Windows\System32\VRWFbtK.exe
  C:\Windows\System32\VRWFbtK.exe
  2⤵
  PID:8968
- C:\Windows\System32\psBxEcx.exe
  C:\Windows\System32\psBxEcx.exe
  2⤵
  PID:7496
- C:\Windows\System32\ujMzKoj.exe
  C:\Windows\System32\ujMzKoj.exe
  2⤵
  PID:9224
- C:\Windows\System32\ScnXyWC.exe
  C:\Windows\System32\ScnXyWC.exe
  2⤵
  PID:9252
- C:\Windows\System32\yrXgPau.exe
  C:\Windows\System32\yrXgPau.exe
  2⤵
  PID:9272
- C:\Windows\System32\OmlRffD.exe
  C:\Windows\System32\OmlRffD.exe
  2⤵
  PID:9308
- C:\Windows\System32\siTXGys.exe
  C:\Windows\System32\siTXGys.exe
  2⤵
  PID:9348
- C:\Windows\System32\fbMpQxc.exe
  C:\Windows\System32\fbMpQxc.exe
  2⤵
  PID:9372
- C:\Windows\System32\dFXtGqf.exe
  C:\Windows\System32\dFXtGqf.exe
  2⤵
  PID:9436
- C:\Windows\System32\ptYtMQy.exe
  C:\Windows\System32\ptYtMQy.exe
  2⤵
  PID:9452
- C:\Windows\System32\QEIZFbK.exe
  C:\Windows\System32\QEIZFbK.exe
  2⤵
  PID:9476
- C:\Windows\System32\TZqWHcq.exe
  C:\Windows\System32\TZqWHcq.exe
  2⤵
  PID:9504
- C:\Windows\System32\gLwzTCv.exe
  C:\Windows\System32\gLwzTCv.exe
  2⤵
  PID:9536
- C:\Windows\System32\kGUiskx.exe
  C:\Windows\System32\kGUiskx.exe
  2⤵
  PID:9560
- C:\Windows\System32\ooXvlak.exe
  C:\Windows\System32\ooXvlak.exe
  2⤵
  PID:9580
- C:\Windows\System32\uTleyEa.exe
  C:\Windows\System32\uTleyEa.exe
  2⤵
  PID:9596
- C:\Windows\System32\fjxiWCS.exe
  C:\Windows\System32\fjxiWCS.exe
  2⤵
  PID:9616
- C:\Windows\System32\sZxRKLj.exe
  C:\Windows\System32\sZxRKLj.exe
  2⤵
  PID:9644
- C:\Windows\System32\qbkfrTQ.exe
  C:\Windows\System32\qbkfrTQ.exe
  2⤵
  PID:9660
- C:\Windows\System32\geaumOS.exe
  C:\Windows\System32\geaumOS.exe
  2⤵
  PID:9712
- C:\Windows\System32\JpGxvxC.exe
  C:\Windows\System32\JpGxvxC.exe
  2⤵
  PID:9756
- C:\Windows\System32\InXsWUP.exe
  C:\Windows\System32\InXsWUP.exe
  2⤵
  PID:9784
- C:\Windows\System32\LGUeTYW.exe
  C:\Windows\System32\LGUeTYW.exe
  2⤵
  PID:9816
- C:\Windows\System32\muVHBzo.exe
  C:\Windows\System32\muVHBzo.exe
  2⤵
  PID:9840
- C:\Windows\System32\mBuVRzR.exe
  C:\Windows\System32\mBuVRzR.exe
  2⤵
  PID:9860
- C:\Windows\System32\eNGDwGX.exe
  C:\Windows\System32\eNGDwGX.exe
  2⤵
  PID:9880
- C:\Windows\System32\IVUwNBE.exe
  C:\Windows\System32\IVUwNBE.exe
  2⤵
  PID:9908
- C:\Windows\System32\fepdGsM.exe
  C:\Windows\System32\fepdGsM.exe
  2⤵
  PID:9948
- C:\Windows\System32\KkPwxmF.exe
  C:\Windows\System32\KkPwxmF.exe
  2⤵
  PID:9968
- C:\Windows\System32\CdQGjwx.exe
  C:\Windows\System32\CdQGjwx.exe
  2⤵
  PID:10008
- C:\Windows\System32\riPGcwr.exe
  C:\Windows\System32\riPGcwr.exe
  2⤵
  PID:10024
- C:\Windows\System32\ibfIqxH.exe
  C:\Windows\System32\ibfIqxH.exe
  2⤵
  PID:10052
- C:\Windows\System32\dwgnQrx.exe
  C:\Windows\System32\dwgnQrx.exe
  2⤵
  PID:10076
- C:\Windows\System32\wjqymdK.exe
  C:\Windows\System32\wjqymdK.exe
  2⤵
  PID:10120
- C:\Windows\System32\JevvEsO.exe
  C:\Windows\System32\JevvEsO.exe
  2⤵
  PID:10144
- C:\Windows\System32\pmtqTSK.exe
  C:\Windows\System32\pmtqTSK.exe
  2⤵
  PID:10168
- C:\Windows\System32\TdTSgZu.exe
  C:\Windows\System32\TdTSgZu.exe
  2⤵
  PID:10184
- C:\Windows\System32\dKwfpHF.exe
  C:\Windows\System32\dKwfpHF.exe
  2⤵
  PID:10212
- C:\Windows\System32\LvKLHZz.exe
  C:\Windows\System32\LvKLHZz.exe
  2⤵
  PID:4804
- C:\Windows\System32\KsPRuPq.exe
  C:\Windows\System32\KsPRuPq.exe
  2⤵
  PID:9264
- C:\Windows\System32\wDsjhhM.exe
  C:\Windows\System32\wDsjhhM.exe
  2⤵
  PID:9328
- C:\Windows\System32\sUwOvhL.exe
  C:\Windows\System32\sUwOvhL.exe
  2⤵
  PID:9340
- C:\Windows\System32\PknoRdq.exe
  C:\Windows\System32\PknoRdq.exe
  2⤵
  PID:9404
- C:\Windows\System32\fBoryPJ.exe
  C:\Windows\System32\fBoryPJ.exe
  2⤵
  PID:9448
- C:\Windows\System32\GZDXjlr.exe
  C:\Windows\System32\GZDXjlr.exe
  2⤵
  PID:9524
- C:\Windows\System32\oVfTbwi.exe
  C:\Windows\System32\oVfTbwi.exe
  2⤵
  PID:9608
- C:\Windows\System32\QxLwSMh.exe
  C:\Windows\System32\QxLwSMh.exe
  2⤵
  PID:9688
- C:\Windows\System32\ITFLMFQ.exe
  C:\Windows\System32\ITFLMFQ.exe
  2⤵
  PID:9752
- C:\Windows\System32\raIsPNV.exe
  C:\Windows\System32\raIsPNV.exe
  2⤵
  PID:9900
- C:\Windows\System32\lrMTeLc.exe
  C:\Windows\System32\lrMTeLc.exe
  2⤵
  PID:9928
- C:\Windows\System32\SkAwmYM.exe
  C:\Windows\System32\SkAwmYM.exe
  2⤵
  PID:10036
- C:\Windows\System32\rBPURbV.exe
  C:\Windows\System32\rBPURbV.exe
  2⤵
  PID:10044
- C:\Windows\System32\JPJwcEc.exe
  C:\Windows\System32\JPJwcEc.exe
  2⤵
  PID:10096
- C:\Windows\System32\TEPxsoN.exe
  C:\Windows\System32\TEPxsoN.exe
  2⤵
  PID:10176
- C:\Windows\System32\lQBIOrh.exe
  C:\Windows\System32\lQBIOrh.exe
  2⤵
  PID:9240
- C:\Windows\System32\OpyPDRu.exe
  C:\Windows\System32\OpyPDRu.exe
  2⤵
  PID:9360
- C:\Windows\System32\WrKfFCP.exe
  C:\Windows\System32\WrKfFCP.exe
  2⤵
  PID:9492
- C:\Windows\System32\cTRoFmR.exe
  C:\Windows\System32\cTRoFmR.exe
  2⤵
  PID:9592
- C:\Windows\System32\ghLriUh.exe
  C:\Windows\System32\ghLriUh.exe
  2⤵
  PID:9748
- C:\Windows\System32\ZOoMHWu.exe
  C:\Windows\System32\ZOoMHWu.exe
  2⤵
  PID:9828
- C:\Windows\System32\hkRjdiz.exe
  C:\Windows\System32\hkRjdiz.exe
  2⤵
  PID:10060
- C:\Windows\System32\ZacZqlZ.exe
  C:\Windows\System32\ZacZqlZ.exe
  2⤵
  PID:10232
- C:\Windows\System32\kgIBair.exe
  C:\Windows\System32\kgIBair.exe
  2⤵
  PID:10160
- C:\Windows\System32\LhzLRIE.exe
  C:\Windows\System32\LhzLRIE.exe
  2⤵
  PID:9484
- C:\Windows\System32\bjIsVhW.exe
  C:\Windows\System32\bjIsVhW.exe
  2⤵
  PID:9988
- C:\Windows\System32\NLdUrvF.exe
  C:\Windows\System32\NLdUrvF.exe
  2⤵
  PID:9652
- C:\Windows\System32\GGOCULQ.exe
  C:\Windows\System32\GGOCULQ.exe
  2⤵
  PID:9808
- C:\Windows\System32\aXYbppB.exe
  C:\Windows\System32\aXYbppB.exe
  2⤵
  PID:10312
- C:\Windows\System32\mKAKUCZ.exe
  C:\Windows\System32\mKAKUCZ.exe
  2⤵
  PID:10340
- C:\Windows\System32\AkEcBmR.exe
  C:\Windows\System32\AkEcBmR.exe
  2⤵
  PID:10380
- C:\Windows\System32\tPCEKgM.exe
  C:\Windows\System32\tPCEKgM.exe
  2⤵
  PID:10396
- C:\Windows\System32\fzrQeIe.exe
  C:\Windows\System32\fzrQeIe.exe
  2⤵
  PID:10416
- C:\Windows\System32\ccmmxiq.exe
  C:\Windows\System32\ccmmxiq.exe
  2⤵
  PID:10440
- C:\Windows\System32\oQADiKl.exe
  C:\Windows\System32\oQADiKl.exe
  2⤵
  PID:10456
- C:\Windows\System32\FeiUYMg.exe
  C:\Windows\System32\FeiUYMg.exe
  2⤵
  PID:10476
- C:\Windows\System32\UChgSga.exe
  C:\Windows\System32\UChgSga.exe
  2⤵
  PID:10500
- C:\Windows\System32\HODXhxO.exe
  C:\Windows\System32\HODXhxO.exe
  2⤵
  PID:10560
- C:\Windows\System32\OIXKVPU.exe
  C:\Windows\System32\OIXKVPU.exe
  2⤵
  PID:10592
- C:\Windows\System32\fCyPage.exe
  C:\Windows\System32\fCyPage.exe
  2⤵
  PID:10612
- C:\Windows\System32\dxbDPjC.exe
  C:\Windows\System32\dxbDPjC.exe
  2⤵
  PID:10640
- C:\Windows\System32\bcPDRgs.exe
  C:\Windows\System32\bcPDRgs.exe
  2⤵
  PID:10656
- C:\Windows\System32\pttISWR.exe
  C:\Windows\System32\pttISWR.exe
  2⤵
  PID:10680
- C:\Windows\System32\ikAWhSg.exe
  C:\Windows\System32\ikAWhSg.exe
  2⤵
  PID:10708
- C:\Windows\System32\wRyRlwt.exe
  C:\Windows\System32\wRyRlwt.exe
  2⤵
  PID:10728
- C:\Windows\System32\mSRXbmv.exe
  C:\Windows\System32\mSRXbmv.exe
  2⤵
  PID:10756
- C:\Windows\System32\rFuQqFG.exe
  C:\Windows\System32\rFuQqFG.exe
  2⤵
  PID:10776
- C:\Windows\System32\DCaBSwF.exe
  C:\Windows\System32\DCaBSwF.exe
  2⤵
  PID:10796
- C:\Windows\System32\WjnBCGd.exe
  C:\Windows\System32\WjnBCGd.exe
  2⤵
  PID:10820
- C:\Windows\System32\dXYkBkc.exe
  C:\Windows\System32\dXYkBkc.exe
  2⤵
  PID:10856
- C:\Windows\System32\BtaQKXi.exe
  C:\Windows\System32\BtaQKXi.exe
  2⤵
  PID:10888
- C:\Windows\System32\hFCQYcT.exe
  C:\Windows\System32\hFCQYcT.exe
  2⤵
  PID:10924
- C:\Windows\System32\ZEcLXwF.exe
  C:\Windows\System32\ZEcLXwF.exe
  2⤵
  PID:10972
- C:\Windows\System32\LYqwdVp.exe
  C:\Windows\System32\LYqwdVp.exe
  2⤵
  PID:10996
- C:\Windows\System32\MaKrybd.exe
  C:\Windows\System32\MaKrybd.exe
  2⤵
  PID:11040
- C:\Windows\System32\hQhBBIA.exe
  C:\Windows\System32\hQhBBIA.exe
  2⤵
  PID:11064
- C:\Windows\System32\qnlzppq.exe
  C:\Windows\System32\qnlzppq.exe
  2⤵
  PID:11080
- C:\Windows\System32\EjWEQRp.exe
  C:\Windows\System32\EjWEQRp.exe
  2⤵
  PID:11100
- C:\Windows\System32\QiITmNG.exe
  C:\Windows\System32\QiITmNG.exe
  2⤵
  PID:11124
- C:\Windows\System32\WGYMjqv.exe
  C:\Windows\System32\WGYMjqv.exe
  2⤵
  PID:11172
- C:\Windows\System32\rneutJH.exe
  C:\Windows\System32\rneutJH.exe
  2⤵
  PID:11196
- C:\Windows\System32\zPAXcwy.exe
  C:\Windows\System32\zPAXcwy.exe
  2⤵
  PID:11236
- C:\Windows\System32\IySTEEb.exe
  C:\Windows\System32\IySTEEb.exe
  2⤵
  PID:10252
- C:\Windows\System32\INktXkT.exe
  C:\Windows\System32\INktXkT.exe
  2⤵
  PID:10268
- C:\Windows\System32\zStiRcg.exe
  C:\Windows\System32\zStiRcg.exe
  2⤵
  PID:10348
- C:\Windows\System32\uZcUMWd.exe
  C:\Windows\System32\uZcUMWd.exe
  2⤵
  PID:10368
- C:\Windows\System32\tyZovXb.exe
  C:\Windows\System32\tyZovXb.exe
  2⤵
  PID:10428
- C:\Windows\System32\HluXDHK.exe
  C:\Windows\System32\HluXDHK.exe
  2⤵
  PID:10436
- C:\Windows\System32\gWNKDhE.exe
  C:\Windows\System32\gWNKDhE.exe
  2⤵
  PID:10496
- C:\Windows\System32\xBYImBW.exe
  C:\Windows\System32\xBYImBW.exe
  2⤵
  PID:10544
- C:\Windows\System32\dnPjFDs.exe
  C:\Windows\System32\dnPjFDs.exe
  2⤵
  PID:10572
- C:\Windows\System32\AZCYqOk.exe
  C:\Windows\System32\AZCYqOk.exe
  2⤵
  PID:10672
- C:\Windows\System32\iEYoOVa.exe
  C:\Windows\System32\iEYoOVa.exe
  2⤵
  PID:10932
- C:\Windows\System32\vtSPMRa.exe
  C:\Windows\System32\vtSPMRa.exe
  2⤵
  PID:10984
- C:\Windows\System32\ZAiXHjp.exe
  C:\Windows\System32\ZAiXHjp.exe
  2⤵
  PID:11036
- C:\Windows\System32\uWwBNmM.exe
  C:\Windows\System32\uWwBNmM.exe
  2⤵
  PID:11072
- C:\Windows\System32\JWEerxW.exe
  C:\Windows\System32\JWEerxW.exe
  2⤵
  PID:11136
- C:\Windows\System32\EXQCfMm.exe
  C:\Windows\System32\EXQCfMm.exe
  2⤵
  PID:11152
- C:\Windows\System32\LwVotrA.exe
  C:\Windows\System32\LwVotrA.exe
  2⤵
  PID:11256
- C:\Windows\System32\BFKkeMk.exe
  C:\Windows\System32\BFKkeMk.exe
  2⤵
  PID:10288
- C:\Windows\System32\KAbkvXz.exe
  C:\Windows\System32\KAbkvXz.exe
  2⤵
  PID:10328
- C:\Windows\System32\AAJFFfF.exe
  C:\Windows\System32\AAJFFfF.exe
  2⤵
  PID:10600
- C:\Windows\System32\AFdxWSJ.exe
  C:\Windows\System32\AFdxWSJ.exe
  2⤵
  PID:10772
- C:\Windows\System32\QFmGdry.exe
  C:\Windows\System32\QFmGdry.exe
  2⤵
  PID:10764
- C:\Windows\System32\XVymtra.exe
  C:\Windows\System32\XVymtra.exe
  2⤵
  PID:11024
- C:\Windows\System32\lwCXVOr.exe
  C:\Windows\System32\lwCXVOr.exe
  2⤵
  PID:9960
- C:\Windows\System32\mDbWpNT.exe
  C:\Windows\System32\mDbWpNT.exe
  2⤵
  PID:10244
- C:\Windows\System32\sMyXqOa.exe
  C:\Windows\System32\sMyXqOa.exe
  2⤵
  PID:11008
- C:\Windows\System32\iFmNLVl.exe
  C:\Windows\System32\iFmNLVl.exe
  2⤵
  PID:11108
- C:\Windows\System32\rIFTqdn.exe
  C:\Windows\System32\rIFTqdn.exe
  2⤵
  PID:10004
- C:\Windows\System32\ZcZmHBU.exe
  C:\Windows\System32\ZcZmHBU.exe
  2⤵
  PID:10272
- C:\Windows\System32\BELlNsR.exe
  C:\Windows\System32\BELlNsR.exe
  2⤵
  PID:11280
- C:\Windows\System32\GnezZXg.exe
  C:\Windows\System32\GnezZXg.exe
  2⤵
  PID:11304
- C:\Windows\System32\oyWSYxn.exe
  C:\Windows\System32\oyWSYxn.exe
  2⤵
  PID:11352
- C:\Windows\System32\XdyuuVf.exe
  C:\Windows\System32\XdyuuVf.exe
  2⤵
  PID:11380
- C:\Windows\System32\yJffvJT.exe
  C:\Windows\System32\yJffvJT.exe
  2⤵
  PID:11404
- C:\Windows\System32\tdtTrss.exe
  C:\Windows\System32\tdtTrss.exe
  2⤵
  PID:11420
- C:\Windows\System32\RWLMUfi.exe
  C:\Windows\System32\RWLMUfi.exe
  2⤵
  PID:11444
- C:\Windows\System32\HkpwufS.exe
  C:\Windows\System32\HkpwufS.exe
  2⤵
  PID:11492
- C:\Windows\System32\IKCiOPE.exe
  C:\Windows\System32\IKCiOPE.exe
  2⤵
  PID:11512
- C:\Windows\System32\swRswER.exe
  C:\Windows\System32\swRswER.exe
  2⤵
  PID:11536
- C:\Windows\System32\GSqdpqo.exe
  C:\Windows\System32\GSqdpqo.exe
  2⤵
  PID:11556
- C:\Windows\System32\lWkSTOI.exe
  C:\Windows\System32\lWkSTOI.exe
  2⤵
  PID:11576
- C:\Windows\System32\FMtytdK.exe
  C:\Windows\System32\FMtytdK.exe
  2⤵
  PID:11604
- C:\Windows\System32\OBYdIMJ.exe
  C:\Windows\System32\OBYdIMJ.exe
  2⤵
  PID:11620
- C:\Windows\System32\wVQIofZ.exe
  C:\Windows\System32\wVQIofZ.exe
  2⤵
  PID:11652
- C:\Windows\System32\SPmREIc.exe
  C:\Windows\System32\SPmREIc.exe
  2⤵
  PID:11668
- C:\Windows\System32\vjrNKrk.exe
  C:\Windows\System32\vjrNKrk.exe
  2⤵
  PID:11712
- C:\Windows\System32\YJOPmBP.exe
  C:\Windows\System32\YJOPmBP.exe
  2⤵
  PID:11752
- C:\Windows\System32\zhLvUma.exe
  C:\Windows\System32\zhLvUma.exe
  2⤵
  PID:11780
- C:\Windows\System32\EeEZRrB.exe
  C:\Windows\System32\EeEZRrB.exe
  2⤵
  PID:11800
- C:\Windows\System32\DbElHjK.exe
  C:\Windows\System32\DbElHjK.exe
  2⤵
  PID:11824
- C:\Windows\System32\fIzYYVu.exe
  C:\Windows\System32\fIzYYVu.exe
  2⤵
  PID:11852
- C:\Windows\System32\fvVyYzM.exe
  C:\Windows\System32\fvVyYzM.exe
  2⤵
  PID:11900
- C:\Windows\System32\TBWLCHD.exe
  C:\Windows\System32\TBWLCHD.exe
  2⤵
  PID:11944
- C:\Windows\System32\ExGPDoe.exe
  C:\Windows\System32\ExGPDoe.exe
  2⤵
  PID:11968
- C:\Windows\System32\arUWCrc.exe
  C:\Windows\System32\arUWCrc.exe
  2⤵
  PID:11996
- C:\Windows\System32\mpZqaOI.exe
  C:\Windows\System32\mpZqaOI.exe
  2⤵
  PID:12024
- C:\Windows\System32\sifkQER.exe
  C:\Windows\System32\sifkQER.exe
  2⤵
  PID:12040
- C:\Windows\System32\neLeMok.exe
  C:\Windows\System32\neLeMok.exe
  2⤵
  PID:12060
- C:\Windows\System32\neVVbDy.exe
  C:\Windows\System32\neVVbDy.exe
  2⤵
  PID:12080
- C:\Windows\System32\phpBfEG.exe
  C:\Windows\System32\phpBfEG.exe
  2⤵
  PID:12140
- C:\Windows\System32\AvnCHdM.exe
  C:\Windows\System32\AvnCHdM.exe
  2⤵
  PID:12168
- C:\Windows\System32\tKUdOFU.exe
  C:\Windows\System32\tKUdOFU.exe
  2⤵
  PID:12192
- C:\Windows\System32\EyQEATb.exe
  C:\Windows\System32\EyQEATb.exe
  2⤵
  PID:12216
- C:\Windows\System32\MOCuCfm.exe
  C:\Windows\System32\MOCuCfm.exe
  2⤵
  PID:12240
- C:\Windows\System32\MhbczOB.exe
  C:\Windows\System32\MhbczOB.exe
  2⤵
  PID:12256
- C:\Windows\System32\RXjZVvt.exe
  C:\Windows\System32\RXjZVvt.exe
  2⤵
  PID:12280
- C:\Windows\System32\ROezAnK.exe
  C:\Windows\System32\ROezAnK.exe
  2⤵
  PID:11300
- C:\Windows\System32\laaVebj.exe
  C:\Windows\System32\laaVebj.exe
  2⤵
  PID:11400
- C:\Windows\System32\BluAFEW.exe
  C:\Windows\System32\BluAFEW.exe
  2⤵
  PID:11456
- C:\Windows\System32\AtISFSg.exe
  C:\Windows\System32\AtISFSg.exe
  2⤵
  PID:11524
- C:\Windows\System32\MdTLdCe.exe
  C:\Windows\System32\MdTLdCe.exe
  2⤵
  PID:11592
- C:\Windows\System32\kNtfiAH.exe
  C:\Windows\System32\kNtfiAH.exe
  2⤵
  PID:11680
- C:\Windows\System32\rsxvmPK.exe
  C:\Windows\System32\rsxvmPK.exe
  2⤵
  PID:11776
- C:\Windows\System32\YOGlbGy.exe
  C:\Windows\System32\YOGlbGy.exe
  2⤵
  PID:11848
- C:\Windows\System32\SYKuOOw.exe
  C:\Windows\System32\SYKuOOw.exe
  2⤵
  PID:11792
- C:\Windows\System32\VTbqJis.exe
  C:\Windows\System32\VTbqJis.exe
  2⤵
  PID:11924
- C:\Windows\System32\eSZdprz.exe
  C:\Windows\System32\eSZdprz.exe
  2⤵
  PID:12004
- C:\Windows\System32\RAGiQeg.exe
  C:\Windows\System32\RAGiQeg.exe
  2⤵
  PID:12048
- C:\Windows\System32\ndhfGmN.exe
  C:\Windows\System32\ndhfGmN.exe
  2⤵
  PID:12104
- C:\Windows\System32\mcLZDTP.exe
  C:\Windows\System32\mcLZDTP.exe
  2⤵
  PID:12200
- C:\Windows\System32\hKjzOAD.exe
  C:\Windows\System32\hKjzOAD.exe
  2⤵
  PID:12224
- C:\Windows\System32\BPXevJF.exe
  C:\Windows\System32\BPXevJF.exe
  2⤵
  PID:11360
- C:\Windows\System32\QCfxqFZ.exe
  C:\Windows\System32\QCfxqFZ.exe
  2⤵
  PID:11368
- C:\Windows\System32\YMTncKm.exe
  C:\Windows\System32\YMTncKm.exe
  2⤵
  PID:11572
- C:\Windows\System32\BAVjtGb.exe
  C:\Windows\System32\BAVjtGb.exe
  2⤵
  PID:11660
- C:\Windows\System32\SYfaczo.exe
  C:\Windows\System32\SYfaczo.exe
  2⤵
  PID:11892
- C:\Windows\System32\EEYDVkV.exe
  C:\Windows\System32\EEYDVkV.exe
  2⤵
  PID:12036
- C:\Windows\System32\MusurZw.exe
  C:\Windows\System32\MusurZw.exe
  2⤵
  PID:12208
- C:\Windows\System32\dvdjful.exe
  C:\Windows\System32\dvdjful.exe
  2⤵
  PID:11320
- C:\Windows\System32\gyBgYJz.exe
  C:\Windows\System32\gyBgYJz.exe
  2⤵
  PID:11648
- C:\Windows\System32\CvksYPE.exe
  C:\Windows\System32\CvksYPE.exe
  2⤵
  PID:11964
- C:\Windows\System32\lfczLDU.exe
  C:\Windows\System32\lfczLDU.exe
  2⤵
  PID:12152
- C:\Windows\System32\ItLOleu.exe
  C:\Windows\System32\ItLOleu.exe
  2⤵
  PID:12328
- C:\Windows\System32\MNqYmlm.exe
  C:\Windows\System32\MNqYmlm.exe
  2⤵
  PID:12348
- C:\Windows\System32\OIUUvNM.exe
  C:\Windows\System32\OIUUvNM.exe
  2⤵
  PID:12372
- C:\Windows\System32\zIckRfH.exe
  C:\Windows\System32\zIckRfH.exe
  2⤵
  PID:12412
- C:\Windows\System32\MuSdzOF.exe
  C:\Windows\System32\MuSdzOF.exe
  2⤵
  PID:12436
- C:\Windows\System32\uIYIWix.exe
  C:\Windows\System32\uIYIWix.exe
  2⤵
  PID:12468
- C:\Windows\System32\MfZKwtb.exe
  C:\Windows\System32\MfZKwtb.exe
  2⤵
  PID:12492
- C:\Windows\System32\HrilCVm.exe
  C:\Windows\System32\HrilCVm.exe
  2⤵
  PID:12516
- C:\Windows\System32\ZWvTfoj.exe
  C:\Windows\System32\ZWvTfoj.exe
  2⤵
  PID:12540
- C:\Windows\System32\gmlxnmI.exe
  C:\Windows\System32\gmlxnmI.exe
  2⤵
  PID:12556
- C:\Windows\System32\QzZuDfH.exe
  C:\Windows\System32\QzZuDfH.exe
  2⤵
  PID:12576
- C:\Windows\System32\EyGyiXs.exe
  C:\Windows\System32\EyGyiXs.exe
  2⤵
  PID:12604
- C:\Windows\System32\qiAWIeR.exe
  C:\Windows\System32\qiAWIeR.exe
  2⤵
  PID:12668
- C:\Windows\System32\OsVTldE.exe
  C:\Windows\System32\OsVTldE.exe
  2⤵
  PID:12684
- C:\Windows\System32\Zobudhe.exe
  C:\Windows\System32\Zobudhe.exe
  2⤵
  PID:12712
- C:\Windows\System32\zQEFbjI.exe
  C:\Windows\System32\zQEFbjI.exe
  2⤵
  PID:12728
- C:\Windows\System32\OWfQjFG.exe
  C:\Windows\System32\OWfQjFG.exe
  2⤵
  PID:12780
- C:\Windows\System32\LGJYHhh.exe
  C:\Windows\System32\LGJYHhh.exe
  2⤵
  PID:12804
- C:\Windows\System32\bvHDQCA.exe
  C:\Windows\System32\bvHDQCA.exe
  2⤵
  PID:12824
- C:\Windows\System32\jhrmUUo.exe
  C:\Windows\System32\jhrmUUo.exe
  2⤵
  PID:12848
- C:\Windows\System32\uedKImp.exe
  C:\Windows\System32\uedKImp.exe
  2⤵
  PID:12868
- C:\Windows\System32\yysEFpn.exe
  C:\Windows\System32\yysEFpn.exe
  2⤵
  PID:12904
- C:\Windows\System32\yDyfYXI.exe
  C:\Windows\System32\yDyfYXI.exe
  2⤵
  PID:13024
- C:\Windows\System32\KXEJPWU.exe
  C:\Windows\System32\KXEJPWU.exe
  2⤵
  PID:13040
- C:\Windows\System32\RbWQTaP.exe
  C:\Windows\System32\RbWQTaP.exe
  2⤵
  PID:13056
- C:\Windows\System32\pPhLCEi.exe
  C:\Windows\System32\pPhLCEi.exe
  2⤵
  PID:13072
- C:\Windows\System32\UgNAOCz.exe
  C:\Windows\System32\UgNAOCz.exe
  2⤵
  PID:13104
- C:\Windows\System32\SflahWR.exe
  C:\Windows\System32\SflahWR.exe
  2⤵
  PID:13120
- C:\Windows\System32\RVqaOZZ.exe
  C:\Windows\System32\RVqaOZZ.exe
  2⤵
  PID:13136
- C:\Windows\System32\lKultvn.exe
  C:\Windows\System32\lKultvn.exe
  2⤵
  PID:13152
- C:\Windows\System32\ewkIcqu.exe
  C:\Windows\System32\ewkIcqu.exe
  2⤵
  PID:13168
- C:\Windows\System32\zmsHSxc.exe
  C:\Windows\System32\zmsHSxc.exe
  2⤵
  PID:13204
- C:\Windows\System32\Dxvrikh.exe
  C:\Windows\System32\Dxvrikh.exe
  2⤵
  PID:13228
- C:\Windows\System32\KdiGVhC.exe
  C:\Windows\System32\KdiGVhC.exe
  2⤵
  PID:13256
- C:\Windows\System32\yiiBBIJ.exe
  C:\Windows\System32\yiiBBIJ.exe
  2⤵
  PID:13284
- C:\Windows\System32\UWsnCEj.exe
  C:\Windows\System32\UWsnCEj.exe
  2⤵
  PID:11940
- C:\Windows\System32\mbSRKqQ.exe
  C:\Windows\System32\mbSRKqQ.exe
  2⤵
  PID:12324
- C:\Windows\System32\drSMJpm.exe
  C:\Windows\System32\drSMJpm.exe
  2⤵
  PID:12384
- C:\Windows\System32\tZuQTuO.exe
  C:\Windows\System32\tZuQTuO.exe
  2⤵
  PID:12524
- C:\Windows\System32\LDLjwap.exe
  C:\Windows\System32\LDLjwap.exe
  2⤵
  PID:12644
- C:\Windows\System32\hAEpdMY.exe
  C:\Windows\System32\hAEpdMY.exe
  2⤵
  PID:12708
- C:\Windows\System32\PpphmKm.exe
  C:\Windows\System32\PpphmKm.exe
  2⤵
  PID:12756
- C:\Windows\System32\wwqvZib.exe
  C:\Windows\System32\wwqvZib.exe
  2⤵
  PID:12820
- C:\Windows\System32\OmQZYuD.exe
  C:\Windows\System32\OmQZYuD.exe
  2⤵
  PID:12832
- C:\Windows\System32\jAeEfgt.exe
  C:\Windows\System32\jAeEfgt.exe
  2⤵
  PID:12948
- C:\Windows\System32\kIixapK.exe
  C:\Windows\System32\kIixapK.exe
  2⤵
  PID:13068
- C:\Windows\System32\HbjLftz.exe
  C:\Windows\System32\HbjLftz.exe
  2⤵
  PID:12976
- C:\Windows\System32\VYaZWdj.exe
  C:\Windows\System32\VYaZWdj.exe
  2⤵
  PID:13012
- C:\Windows\System32\yBVKCRh.exe
  C:\Windows\System32\yBVKCRh.exe
  2⤵
  PID:13064
- C:\Windows\System32\hMLbHiJ.exe
  C:\Windows\System32\hMLbHiJ.exe
  2⤵
  PID:13236
- C:\Windows\System32\gxaeIVb.exe
  C:\Windows\System32\gxaeIVb.exe
  2⤵
  PID:13196
- C:\Windows\System32\cSnGBpC.exe
  C:\Windows\System32\cSnGBpC.exe
  2⤵
  PID:12300
- C:\Windows\System32\YUXKrdb.exe
  C:\Windows\System32\YUXKrdb.exe
  2⤵
  PID:12460
- C:\Windows\System32\AKERqUk.exe
  C:\Windows\System32\AKERqUk.exe
  2⤵
  PID:12592
- C:\Windows\System32\UnxOAZQ.exe
  C:\Windows\System32\UnxOAZQ.exe
  2⤵
  PID:12800
- C:\Windows\System32\KLMWbaJ.exe
  C:\Windows\System32\KLMWbaJ.exe
  2⤵
  PID:12836
- C:\Windows\System32\kUOvdth.exe
  C:\Windows\System32\kUOvdth.exe
  2⤵
  PID:12940
- C:\Windows\System32\pirqWkC.exe
  C:\Windows\System32\pirqWkC.exe
  2⤵
  PID:12944
- C:\Windows\System32\ZVHCeoG.exe
  C:\Windows\System32\ZVHCeoG.exe
  2⤵
  PID:13084
- C:\Windows\System32\QAurqHR.exe
  C:\Windows\System32\QAurqHR.exe
  2⤵
  PID:11296
- C:\Windows\System32\lOWEpoc.exe
  C:\Windows\System32\lOWEpoc.exe
  2⤵
  PID:12844
- C:\Windows\System32\bkkybAn.exe
  C:\Windows\System32\bkkybAn.exe
  2⤵
  PID:13052
- C:\Windows\System32\QBMKWHm.exe
  C:\Windows\System32\QBMKWHm.exe
  2⤵
  PID:13128

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\DWbuZTq.exe

Filesize
1.6MB

MD5
9a42557a204c8eb9333875bb62fdf941

SHA1
489063a0c71e0af9962c5b283b21ef67bc9a5fcf

SHA256
56db92cf7b4d341abd564181ca1422b9d6cea5744c22570e29b41d1eab4e7145

SHA512
f64f0ddd43f615fb193167996ef109d232cef5c72b7ee777cae9840e94487a83232efc9542bc6e6d842783917f458f4656281e35ba94813fc96e4ecabe560e34

Download Submit
C:\Windows\System32\EDMgIqI.exe

Filesize
1.6MB

MD5
221d91f7ec957bed980229922c950153

SHA1
f7c94eb2b76da2762a3b5a607e8e226bfe304fc7

SHA256
a799eae67b1599016d1e410a02f3b0883a4e7f415438ed7e7b5b30f022ce6f45

SHA512
da61f339a13499c7a14535c1518771cac1c66496f2e1b5975f7683d73d6e8736ff085949cdc063dd8ce1a8fcd11c44bc8c8e56980c1c9208412c79d73cf7613f

Download Submit
C:\Windows\System32\HtrbTsY.exe

Filesize
1.6MB

MD5
3c6110281888eae93bcff5582dea113b

SHA1
f3b1cfd0eb97c288cacca05825601546ab1e9ea3

SHA256
42c970dfdca20b6bd0094917fc2b2f535313976923dc5cc9069309a2975bd3b2

SHA512
d59d887edf7fe0da2ed139991011d87c807472822e3b1f7b000850544198372b88e78c24c905048cf0bf3b1700333ce195408eba67aa7386402036eb9115d847

Download Submit
C:\Windows\System32\HwLtVoj.exe

Filesize
1.6MB

MD5
1d487b54f5af3fc297361c7956dff3cb

SHA1
11e99c72335b130e95bfc4cfef8b2b3ffb948ae7

SHA256
b30af96da2c1fb996c0182029970f3fe4358763a2c6276c308e7278a3684b95f

SHA512
f9f8055f0fce59e8e74e4c21be5efa913f5a5414760c060b6d3be2579bd9e1d9b89f61822ce463b86edc589021beb069aaaf229f21df8bc9392ca3682ec98a49

Download Submit
C:\Windows\System32\JHtGlaK.exe

Filesize
1.6MB

MD5
402a7bfb9355af1ccc0bc2bf384165df

SHA1
b9cabb9119fc13686d7992e5bf1923844443a6dc

SHA256
898ee54122f2ff025002b42e70ab171409957fd79a204b05f17e4d9a8ae11ab0

SHA512
0e8fccb28cc6e9d6f2d828e5da79fb21762881c9814475ddb8dd5c99ca0aeed2fb1998d9cdcabbcfe447b280d6bfcc19b4e70baf0043869f77c43b41cbb0ff70

Download Submit
C:\Windows\System32\LOOjerw.exe

Filesize
1.6MB

MD5
00bb726bf3c7af56ce752d7e531f69e3

SHA1
ae62c8b122d31452f39b211ea63824c28d00cd37

SHA256
70d48ab9e014399355aefa432df3bb96501c1cfcfa7b21cd66cbb3a780e59dd6

SHA512
f0121fcedc80c1d3ff50495a620f2a5b5a292ff381dac54ee0ec068b7fd91b12ba445d77b5274d50b94e9dd03be6a404cb547067014be51373254de12f2dcdc4

Download Submit
C:\Windows\System32\LdkiuUT.exe

Filesize
1.6MB

MD5
ed7c7bf31b3ce8d0b0820e746dcd34b3

SHA1
7ff030e8a74b2373b9f160693ffb16390dd6a9c9

SHA256
de22a1e9a7d9a222e9f266bf3450e4922e67de7c6bd36b148534ef76e18aef1b

SHA512
b2920035f0f2617a026c676b497790018059bf3cc3f3d7c7ba4e447b0fc6c4c5d136d8a19899bff5d23b52f799120a18a61d4a44416181e30b13310b1120efeb

Download Submit
C:\Windows\System32\MEvFAhr.exe

Filesize
1.6MB

MD5
52ab33ee1fea46e53e1c5d1304fe3a61

SHA1
7faea25fda321396a98a280091d4ce8b970d8eb4

SHA256
48f50978e48d409b562ebc30c7744dc7eb9dd3b34b89cc51130be660d9e05f29

SHA512
04cdc378c859c2f2b6fa8826446a6ceb2426672d6936f85fb3af740626725e9cd756fe2cf15c731f08a118cc3b9dd1e5d16dbda3d6b8fb5e1b2ca6ff5faa296d

Download Submit
C:\Windows\System32\MKGNNAT.exe

Filesize
1.6MB

MD5
018d139c7aa8041393bc74dccb275e57

SHA1
3d99d26fecb31eb2fc3346892b578b01a76b29e0

SHA256
6bfba901c94a213bac1269d2587ccabe56a51e835358a64e6772a0b9df6fde3c

SHA512
2966d25b12c4ea5dfc4a2942835c1ed2775cb5cdece88ba9fb91de344ca8c3e7d03e7a2f59a9b9b4b4718f6ba52f394c90496e01fe3c3cdc0d10110b264f4f21

Download Submit
C:\Windows\System32\PBYOZal.exe

Filesize
1.6MB

MD5
2aa5f86c589d9de0ee54569d4deb7676

SHA1
1afa02cd20f110422cbdd55003dab1bb914d43ea

SHA256
e0f0bc2c2115109d4ced301543854e66615f5d2faaf347ee67e5087c4318bc3a

SHA512
ee662ff9af2cd7425abe848b43cef6f741ef60bbecc51166faf26032a5d5c7aa3b90aaa0c708387ecaec66ba247072620436ffb26cdde62f9c133ffaf66c3047

Download Submit
C:\Windows\System32\PEYkhEu.exe

Filesize
1.6MB

MD5
9866ee3dabe48c7fc7e9cbe4749740e3

SHA1
84a3c1366e0a2751c8be98353b6b72be4f0bef4e

SHA256
356755f80fa9ddb4f986eb4b9652407f36d0f89351d03fd4eab9cbdc713816c3

SHA512
28255b151ffcf2e22aa325a6d667b1589b42e7956c53ce201ab911b201179575fbbb3d9938ff0049b718f740cfcbffe10e2578f4994b4e6a56e4473dca5fc6f5

Download Submit
C:\Windows\System32\QwUVqNZ.exe

Filesize
1.6MB

MD5
40336ccf5a4c38bedf85f091bce9cc3e

SHA1
373bec7d01bd50df3c149129b3bb51a92bc45027

SHA256
b2eebbaab7a303e7d4fb70508a07fed6bc2b27f1cb749a26558748fffe26ec9c

SHA512
ae48603d0029f2708a655ab1e55dcf208788ae1bfa8613f1090e430d149f208c60685195ad49bfd3827ccc792696efda0086bcc7c33aa4f011bbaaaa9f07e000

Download Submit
C:\Windows\System32\RkhXvjb.exe

Filesize
1.6MB

MD5
f2b120e45f1baec0729f4ceb093e2888

SHA1
3a71986e71829ca0b9b32df40df5d85987971222

SHA256
2b5aeab1f85a7717104b8361cf5eba4565052f0969ef75d992372e9be0badb4a

SHA512
14d00199312de413e4295ce7a3323efc5e6fcd5afb191e336d936cfc571f9891a0f7cf9b98e9b7c75804034dd1d5e4b3bd036eb45edab11cbbff2da9e460a141

Download Submit
C:\Windows\System32\SRbdhuG.exe

Filesize
1.6MB

MD5
1b64653be14172610c02c1eba956d6de

SHA1
402ec984e5d5cda5c6a98dedd0bc9e1bf91d08ce

SHA256
686690c7b308677bca642d4f49b5f6a7fc7099b8519fe5bcb6d11290c708720d

SHA512
34056ab632225c589de84259a8d23f3585fdcb0cfd365b42dd82c9ed5591d0526b3eaf28bb997f9f010056bd31a796a14b1fdbe16d644ad9bf9f531ff3809037

Download Submit
C:\Windows\System32\URqzduh.exe

Filesize
1.6MB

MD5
759c33aa466e86f342ecc9e2d9d1e3e1

SHA1
83038077b440f2fb0d99a785a7e28d3e4661db2e

SHA256
38b56dd3af9c3eb6610b6b06be4d8a728f67fdf1b35cc5a46bed92a6a39d701e

SHA512
da446661cd5db36cc8caad1253c9cbc4ed597e21024ed5f9abae0f15185081f54c5271a8337811952e6049d0f153013671392216a3637e580bfc4c137babffc8

Download Submit
C:\Windows\System32\YOlwgnD.exe

Filesize
1.6MB

MD5
8eca91dbf3006fb943d6cdd29afa73d4

SHA1
4c22944c876236406aa2427298b1e7b4c6764ae8

SHA256
de8f2a0a28609223af9230ebbfd161fd4a133d3e75d7070ae1c1e4e6502d3bc2

SHA512
baea6b538479bf75daf610f5563a014dc1e0b4c59558d054d5dae4eb37425f26743fff716920a6ed889f64dafca0f8acefb1b9493f089d4d88dc0adb34d72342

Download Submit
C:\Windows\System32\YZYISQE.exe

Filesize
1.6MB

MD5
feeb644524db62083f686f8709809613

SHA1
796d1212f5b14bfb186fcd2eee26d8cccf7b4c40

SHA256
2c8efcba1d011cd73b79c69574fe7751e9be481d579b01b060b47e89d6fc0bc3

SHA512
dfeac8b92200494f96710ea5df9337234516a13ee182a170e075b07df3c8fbec3b16aa5675563bf19a42dbe318aef50e56c9403c4cba5cdc53256b929792ee63

Download Submit
C:\Windows\System32\aHLGzWN.exe

Filesize
1.6MB

MD5
f0ed95023e4d91f246056158915b9c4b

SHA1
a3534c27f88ead0f8bf6e6223be45f6fc72b1989

SHA256
52932dea6551304a7702a67f7df2da2a8d15615b19dd89bd9f023202f466d7e0

SHA512
6ae3c281a442cb21033b2beace2ffadb6c4cac761b83834e1b3fc372a32155dd3eaaa3599178669950a7eee77a04c164cd9722184a58cad8305bc229b167ccc1

Download Submit
C:\Windows\System32\bYIoJyS.exe

Filesize
1.6MB

MD5
d20aab71db5369901caf3626c5035296

SHA1
0ed5a93666471d3dd14f279fc44fde833c44b233

SHA256
bd6baeb87fa428fc62fed16305556d24e3c4e9e3622bfe7c2591d2b46923338b

SHA512
4f1a22c441752e9b431cadaf26beb0ebc4645afa76fd55a28578e06a468bd2644f87eb291157252c14a5d7885f55cf093cf721f055b25f59cbc8126c78a8a30a

Download Submit
C:\Windows\System32\hBERVEA.exe

Filesize
1.6MB

MD5
254950e5541140b03a46b57a2d0f76b1

SHA1
2457f0768a91858417034cbe1071b5aede4b08e7

SHA256
d756d74daff929cafd14408fb8f0fea1aeb8afbf8e35725c1cf0b1b34b974031

SHA512
11096ccf844d8e4c230f638392b2b965d81a7a8b2ca094e299b40bb2b3b843a1b695f77259bc8f50311d341b9138e2b0ebefe73a2ab35a5326d925124816005e

Download Submit
C:\Windows\System32\hEpwaDb.exe

Filesize
1.6MB

MD5
fe2fe3c0873b09d33ebd507e01bbec47

SHA1
f0b760150873df91f9e9c282fa85eaa501d60793

SHA256
8b073324878d29455b099579dd19a12d9af9c261ca730c4419036111485adeb6

SHA512
d7d22103cfd2ba5743cbbbe7d6be91333ae850a9467efa75edf1db0eabfb5834b1054e69ccd681cb998926fa47def8d2a65d944ad2b426e575245948f7fadb79

Download Submit
C:\Windows\System32\ietvfow.exe

Filesize
1.6MB

MD5
fbacd1ee17ce9e99d8c39d878a3114dc

SHA1
0635f14f7645fbc297e588d0cfe59f4df8b0e436

SHA256
d641d6ffd90ccf3550e1cbefa88cb34f512b5eab7376bc813802639ff3b1b606

SHA512
195ff1d78723610957e14832f2839d9b7c980a1982db0d435cf9f0c300e5df187e66affb443fd16d65d8950ed693e81cddad7aa7cc61501da81f9aece4adc0c2

Download Submit
C:\Windows\System32\lQGbjvM.exe

Filesize
1.6MB

MD5
a6cc14031e496ef4b0a79093d4d8bd3b

SHA1
50fbd946b4129e7e29ae08f9e27fe915d801face

SHA256
4faba9dd4c4a57313871d0bba21af9097e508f2b580e8a6e349193619d3caeda

SHA512
6e54da08797ce1010c2952e7b5684afe41dd802b3d8db3ad63b3ece52b6b9c616b2ac2b33e776e4d1f70bd0531cdcddc3f22d9f68b466a96373c1ac7ca1cefa9

Download Submit
C:\Windows\System32\nhZsMPi.exe

Filesize
1.6MB

MD5
06266cdc5135ead4c05a1d69ad45ea7e

SHA1
f8594f3dafc1196618a28617b753dfaa7a3a0008

SHA256
1b6a88533820e4aa3ebe5235acc00fe5c5ff7ed5abfe5a7aea54cb11dc963791

SHA512
3bffcd31bb74bbbc7a664f00bb87e709afffe8ee5a46f211e8cddca329505b9106a87bf557aaea2c8540bb9b74a99b5fa6067a6c9276fb92297623dfd04ed185

Download Submit
C:\Windows\System32\nrHOqUp.exe

Filesize
1.6MB

MD5
501730d866c1db0eb540dcff94633146

SHA1
23c30cd895f6cc96cad706e131aafd8ce8113842

SHA256
681cd561f1f2e8061eecfa462c64a7ff8be0b81286d8027512e1b44548b471c9

SHA512
4ed975412c1beaadf4854d3f8003fef53e997be8f7c72a337a4fd8f188142965cd7426bc763381257cba7da82266b015cf4b1fbd083a181b691a61e53c3d3771

Download Submit
C:\Windows\System32\pGqHTxs.exe

Filesize
1.6MB

MD5
bb3be59eb1a3b6b0e48c1235d4a7dce7

SHA1
4346342c3323f40a0e333fedb606817af7ead769

SHA256
8a6fb9bc804f19b5584fd39bde240971d63be3de5724cc0fe9256ce5aece5fcd

SHA512
e32cb53588117eec49d568de4ca62032554f6a0b1022c76a4c89df8047f5edd3ba0138347d832cef498e3794da79826b4688e5afd59abc55fbd917a804c4e836

Download Submit
C:\Windows\System32\ppKchew.exe

Filesize
1.6MB

MD5
66461c10fbd5ec7230bf57ff9d29ff02

SHA1
ac20519681c162f746d4ce675fb8bfaf78eefcea

SHA256
4e280a32b4fb8de2a7b43b76a00900a9413cccb57e0634eeca33d6d29207f14d

SHA512
809751af63c613721b25fef451055af95f29e310bf13b121a36d94e640e5a5c5b12603b6e66cb8a0d392c3481c6a4e777047f639824465c992f1c469c941b6ce

Download Submit
C:\Windows\System32\ptDTQnk.exe

Filesize
1.6MB

MD5
5b592a33d84783c94021c967bb2f246d

SHA1
66d50e0a80a6d06e58952868b11d63ce5d62cc49

SHA256
39386cdb0f4ef41d9f467c2116ae68cb6bd62b6418b0de87d3a0356f6a67de46

SHA512
16b41eeb62020b1ee681544d4b5cb566beeaf506bd29913d0810dc7c29f13c47f26295692b76a1cac9611e485c2714e65766347bdaf97024b9c86d6388d37779

Download Submit
C:\Windows\System32\pusrgLS.exe

Filesize
1.6MB

MD5
1e473f508250f139ddf75a4604e694e4

SHA1
bea214cdd4e1527cf4da7a7bfdcac479d37bd018

SHA256
b3939997dd2e0ecd87db4d20e8fc8bf2eb746cdbd52f4d2670ab2eece8140d26

SHA512
e8d2d79774ff9ba6679855c0c627ade5486975477a4ee811c204b778cdfabebb3269779c678af8a280f11b45d35984eef5de1e3ac1a80e8f4d7803aa90e17276

Download Submit
C:\Windows\System32\rYWjnTh.exe

Filesize
1.6MB

MD5
561ee7db0705bd1c67b9c6bf06857405

SHA1
2f1e4edadfdab77e17caa5f4dccc0272d62749e2

SHA256
10287d575a6a7a1b560ad22dff7634bfec82d40a48375e9fe472166f0ab797d7

SHA512
ff9f16054d5ba17481d9b6815e76718d4edf273f1b6345ba1acd28747c8b0365e2c7f842c675f67eabdf6265fb45cb832f20c6e91d20d4800c3664144435650e

Download Submit
C:\Windows\System32\tyxxZgA.exe

Filesize
1.6MB

MD5
369e03de4e20b9832ed7949f1d5bdbc0

SHA1
d0ba6a5803b561259eb6ad22ca2a816300c86809

SHA256
c3f80943fa8c6bd4908338701339231a5eac7f6e5e2f97d1ff5505629cb0c1a2

SHA512
57e1cc594f00ed23ddb6eb84f887c1b374fdec46822f41d6bf509601251ffee2d658e3fbac16ce3ce84f5174799eeda6e733e4b72975fe9851e6d3925bffb807

Download Submit
C:\Windows\System32\weNRITX.exe

Filesize
1.6MB

MD5
823f4ea6d6aa6b492b4f21fa32e1b55b

SHA1
718bf4dd1e38505426cee7e61708e149ab8621ad

SHA256
b06403e1904cac21784794db9823dc74792ee071fbdb3d03fb2a527e8e449661

SHA512
a23967ed5eec2fdd49c61ac7871bdea8b5382bbec9ab9bf77fb579ddd7f820071dec8712acfcbb2fd1e4a56244d0af4f7a59f16b3796a92b929ca4f6f89d0d76

Download Submit
C:\Windows\System32\xmAULCB.exe

Filesize
1.6MB

MD5
9ccac9155b330672e1fd0f70b9adbabd

SHA1
fd8893a9f5b339be7dee86ef88f346bb698f1401

SHA256
143569895c33a8035b56f23a882158746a0ac4eb1754ed31ac4d9827ff59372f

SHA512
37f90000580e162e82c152fb0de0ad86c8ea34c333a07c6e6d6e525e9f8a1018cdee310087bc61f4b7d3e18adad79487c462cd4fdef0a86efbd6c0db66c568ed

Download Submit
memory/644-741-0x00007FF7BD9A0000-0x00007FF7BDD91000-memory.dmp

Filesize
3.9MB

Download
memory/644-34-0x00007FF7BD9A0000-0x00007FF7BDD91000-memory.dmp

Filesize
3.9MB

Download
memory/644-2116-0x00007FF7BD9A0000-0x00007FF7BDD91000-memory.dmp

Filesize
3.9MB

Download
memory/1180-472-0x00007FF70B5F0000-0x00007FF70B9E1000-memory.dmp

Filesize
3.9MB

Download
memory/1508-457-0x00007FF75A890000-0x00007FF75AC81000-memory.dmp

Filesize
3.9MB

Download
memory/1728-2196-0x00007FF7E6BE0000-0x00007FF7E6FD1000-memory.dmp

Filesize
3.9MB

Download
memory/1728-433-0x00007FF7E6BE0000-0x00007FF7E6FD1000-memory.dmp

Filesize
3.9MB

Download
memory/1736-16-0x00007FF7ACC30000-0x00007FF7AD021000-memory.dmp

Filesize
3.9MB

Download
memory/1736-735-0x00007FF7ACC30000-0x00007FF7AD021000-memory.dmp

Filesize
3.9MB

Download
memory/1736-2109-0x00007FF7ACC30000-0x00007FF7AD021000-memory.dmp

Filesize
3.9MB

Download
memory/1848-434-0x00007FF79DCC0000-0x00007FF79E0B1000-memory.dmp

Filesize
3.9MB

Download
memory/1860-2143-0x00007FF720020000-0x00007FF720411000-memory.dmp

Filesize
3.9MB

Download
memory/1860-72-0x00007FF720020000-0x00007FF720411000-memory.dmp

Filesize
3.9MB

Download
memory/1880-453-0x00007FF60AD30000-0x00007FF60B121000-memory.dmp

Filesize
3.9MB

Download
memory/2188-426-0x00007FF7E6680000-0x00007FF7E6A71000-memory.dmp

Filesize
3.9MB

Download
memory/2188-2187-0x00007FF7E6680000-0x00007FF7E6A71000-memory.dmp

Filesize
3.9MB

Download
memory/2240-427-0x00007FF7F59D0000-0x00007FF7F5DC1000-memory.dmp

Filesize
3.9MB

Download
memory/2356-460-0x00007FF779500000-0x00007FF7798F1000-memory.dmp

Filesize
3.9MB

Download
memory/2888-1408-0x00007FF696920000-0x00007FF696D11000-memory.dmp

Filesize
3.9MB

Download
memory/2888-87-0x00007FF696920000-0x00007FF696D11000-memory.dmp

Filesize
3.9MB

Download
memory/2924-440-0x00007FF79C8E0000-0x00007FF79CCD1000-memory.dmp

Filesize
3.9MB

Download
memory/2924-2176-0x00007FF79C8E0000-0x00007FF79CCD1000-memory.dmp

Filesize
3.9MB

Download
memory/3036-2180-0x00007FF7A9A50000-0x00007FF7A9E41000-memory.dmp

Filesize
3.9MB

Download
memory/3036-443-0x00007FF7A9A50000-0x00007FF7A9E41000-memory.dmp

Filesize
3.9MB

Download
memory/3772-738-0x00007FF7099B0000-0x00007FF709DA1000-memory.dmp

Filesize
3.9MB

Download
memory/3772-2115-0x00007FF7099B0000-0x00007FF709DA1000-memory.dmp

Filesize
3.9MB

Download
memory/3772-24-0x00007FF7099B0000-0x00007FF709DA1000-memory.dmp

Filesize
3.9MB

Download
memory/3960-2185-0x00007FF65B830000-0x00007FF65BC21000-memory.dmp

Filesize
3.9MB

Download
memory/3960-466-0x00007FF65B830000-0x00007FF65BC21000-memory.dmp

Filesize
3.9MB

Download
memory/4144-2139-0x00007FF711F10000-0x00007FF712301000-memory.dmp

Filesize
3.9MB

Download
memory/4144-41-0x00007FF711F10000-0x00007FF712301000-memory.dmp

Filesize
3.9MB

Download
memory/4144-966-0x00007FF711F10000-0x00007FF712301000-memory.dmp

Filesize
3.9MB

Download
memory/4412-446-0x00007FF788100000-0x00007FF7884F1000-memory.dmp

Filesize
3.9MB

Download
memory/4412-2174-0x00007FF788100000-0x00007FF7884F1000-memory.dmp

Filesize
3.9MB

Download
memory/4440-1201-0x00007FF680420000-0x00007FF680811000-memory.dmp

Filesize
3.9MB

Download
memory/4440-42-0x00007FF680420000-0x00007FF680811000-memory.dmp

Filesize
3.9MB

Download
memory/4724-963-0x00007FF6B4870000-0x00007FF6B4C61000-memory.dmp

Filesize
3.9MB

Download
memory/4724-35-0x00007FF6B4870000-0x00007FF6B4C61000-memory.dmp

Filesize
3.9MB

Download
memory/4724-2138-0x00007FF6B4870000-0x00007FF6B4C61000-memory.dmp

Filesize
3.9MB

Download
memory/4748-2141-0x00007FF74AA90000-0x00007FF74AE81000-memory.dmp

Filesize
3.9MB

Download
memory/4748-842-0x00007FF74AA90000-0x00007FF74AE81000-memory.dmp

Filesize
3.9MB

Download
memory/4748-38-0x00007FF74AA90000-0x00007FF74AE81000-memory.dmp

Filesize
3.9MB

Download
memory/4796-2145-0x00007FF69EE00000-0x00007FF69F1F1000-memory.dmp

Filesize
3.9MB

Download
memory/4796-77-0x00007FF69EE00000-0x00007FF69F1F1000-memory.dmp

Filesize
3.9MB

Download
memory/4892-0-0x00007FF6937E0000-0x00007FF693BD1000-memory.dmp

Filesize
3.9MB

Download
memory/4892-1-0x000002110A110000-0x000002110A120000-memory.dmp

Filesize
64KB

Download
memory/4892-509-0x00007FF6937E0000-0x00007FF693BD1000-memory.dmp

Filesize
3.9MB

Download
memory/4908-2107-0x00007FF77DFE0000-0x00007FF77E3D1000-memory.dmp

Filesize
3.9MB

Download
memory/4908-608-0x00007FF77DFE0000-0x00007FF77E3D1000-memory.dmp

Filesize
3.9MB

Download
memory/4908-7-0x00007FF77DFE0000-0x00007FF77E3D1000-memory.dmp

Filesize
3.9MB

Download
memory/5056-449-0x00007FF60A8E0000-0x00007FF60ACD1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads