xmrig | 42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
Size

1.2MB
MD5

ed687e2d506cfeb6b833c4a5ef2dc01f
SHA1

5fdca386459d608e221137f17d07b19cbd99047a
SHA256

42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f
SHA512

c8d8ea2e147afec8353f5ea2b8c8707fe4801d4ec4179df8cbfd4aa9327589835d4ed8a55d3e19ac5f92dd6915ef49a2a8eda4a232f6190593eb14ae90f0c096
SSDEEP

24576:JanwhSe11QSONCpGJCjETPl+Me7bPMS5f4hEIJx48hsj+nwCr:knw9oUUEEDl+xTMS5sX/wi

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2652-47-0x00007FF7742B0000-0x00007FF7746A1000-memory.dmp	xmrig
behavioral2/memory/1596-54-0x00007FF7B63B0000-0x00007FF7B67A1000-memory.dmp	xmrig
behavioral2/memory/2980-62-0x00007FF777760000-0x00007FF777B51000-memory.dmp	xmrig
behavioral2/memory/5800-379-0x00007FF70B1E0000-0x00007FF70B5D1000-memory.dmp	xmrig
behavioral2/memory/4544-383-0x00007FF6766B0000-0x00007FF676AA1000-memory.dmp	xmrig
behavioral2/memory/4580-386-0x00007FF6B13F0000-0x00007FF6B17E1000-memory.dmp	xmrig
behavioral2/memory/2888-48-0x00007FF792F40000-0x00007FF793331000-memory.dmp	xmrig
behavioral2/memory/3320-45-0x00007FF673AE0000-0x00007FF673ED1000-memory.dmp	xmrig
behavioral2/memory/4676-397-0x00007FF64E6C0000-0x00007FF64EAB1000-memory.dmp	xmrig
behavioral2/memory/4636-404-0x00007FF6B3FE0000-0x00007FF6B43D1000-memory.dmp	xmrig
behavioral2/memory/3144-405-0x00007FF63EBD0000-0x00007FF63EFC1000-memory.dmp	xmrig
behavioral2/memory/4420-406-0x00007FF73A0F0000-0x00007FF73A4E1000-memory.dmp	xmrig
behavioral2/memory/4584-417-0x00007FF77ABD0000-0x00007FF77AFC1000-memory.dmp	xmrig
behavioral2/memory/3520-418-0x00007FF7D9EA0000-0x00007FF7DA291000-memory.dmp	xmrig
behavioral2/memory/4460-424-0x00007FF6B1AE0000-0x00007FF6B1ED1000-memory.dmp	xmrig
behavioral2/memory/4788-422-0x00007FF609C20000-0x00007FF60A011000-memory.dmp	xmrig
behavioral2/memory/4776-443-0x00007FF611E80000-0x00007FF612271000-memory.dmp	xmrig
behavioral2/memory/1416-440-0x00007FF6876C0000-0x00007FF687AB1000-memory.dmp	xmrig
behavioral2/memory/3480-412-0x00007FF75A150000-0x00007FF75A541000-memory.dmp	xmrig
behavioral2/memory/4652-403-0x00007FF7C6CB0000-0x00007FF7C70A1000-memory.dmp	xmrig
behavioral2/memory/552-1259-0x00007FF7C6470000-0x00007FF7C6861000-memory.dmp	xmrig
behavioral2/memory/1892-1258-0x00007FF7DD810000-0x00007FF7DDC01000-memory.dmp	xmrig
behavioral2/memory/2224-1396-0x00007FF75B330000-0x00007FF75B721000-memory.dmp	xmrig
behavioral2/memory/5020-1395-0x00007FF7FD0B0000-0x00007FF7FD4A1000-memory.dmp	xmrig
behavioral2/memory/5956-1554-0x00007FF7B0900000-0x00007FF7B0CF1000-memory.dmp	xmrig
behavioral2/memory/552-2161-0x00007FF7C6470000-0x00007FF7C6861000-memory.dmp	xmrig
behavioral2/memory/1596-2163-0x00007FF7B63B0000-0x00007FF7B67A1000-memory.dmp	xmrig
behavioral2/memory/5020-2165-0x00007FF7FD0B0000-0x00007FF7FD4A1000-memory.dmp	xmrig
behavioral2/memory/2224-2167-0x00007FF75B330000-0x00007FF75B721000-memory.dmp	xmrig
behavioral2/memory/2652-2169-0x00007FF7742B0000-0x00007FF7746A1000-memory.dmp	xmrig
behavioral2/memory/3320-2171-0x00007FF673AE0000-0x00007FF673ED1000-memory.dmp	xmrig
behavioral2/memory/2888-2175-0x00007FF792F40000-0x00007FF793331000-memory.dmp	xmrig
behavioral2/memory/2980-2173-0x00007FF777760000-0x00007FF777B51000-memory.dmp	xmrig
behavioral2/memory/1416-2177-0x00007FF6876C0000-0x00007FF687AB1000-memory.dmp	xmrig
behavioral2/memory/4460-2181-0x00007FF6B1AE0000-0x00007FF6B1ED1000-memory.dmp	xmrig
behavioral2/memory/4652-2224-0x00007FF7C6CB0000-0x00007FF7C70A1000-memory.dmp	xmrig
behavioral2/memory/4420-2228-0x00007FF73A0F0000-0x00007FF73A4E1000-memory.dmp	xmrig
behavioral2/memory/4584-2232-0x00007FF77ABD0000-0x00007FF77AFC1000-memory.dmp	xmrig
behavioral2/memory/3480-2235-0x00007FF75A150000-0x00007FF75A541000-memory.dmp	xmrig
behavioral2/memory/3520-2230-0x00007FF7D9EA0000-0x00007FF7DA291000-memory.dmp	xmrig
behavioral2/memory/4636-2222-0x00007FF6B3FE0000-0x00007FF6B43D1000-memory.dmp	xmrig
behavioral2/memory/4676-2220-0x00007FF64E6C0000-0x00007FF64EAB1000-memory.dmp	xmrig
behavioral2/memory/3144-2226-0x00007FF63EBD0000-0x00007FF63EFC1000-memory.dmp	xmrig
behavioral2/memory/4544-2218-0x00007FF6766B0000-0x00007FF676AA1000-memory.dmp	xmrig
behavioral2/memory/4776-2216-0x00007FF611E80000-0x00007FF612271000-memory.dmp	xmrig
behavioral2/memory/4580-2215-0x00007FF6B13F0000-0x00007FF6B17E1000-memory.dmp	xmrig
behavioral2/memory/5800-2180-0x00007FF70B1E0000-0x00007FF70B5D1000-memory.dmp	xmrig
behavioral2/memory/5956-2183-0x00007FF7B0900000-0x00007FF7B0CF1000-memory.dmp	xmrig
behavioral2/memory/4788-2237-0x00007FF609C20000-0x00007FF60A011000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
552	TgGeaai.exe
5020	hqZDEPb.exe
1596	iadFChM.exe
2224	ZyuXKKg.exe
3320	MrBOXIo.exe
2652	QrmGGTw.exe
2888	vPdiyue.exe
2980	AzVTzvy.exe
4460	jnCyIdo.exe
1416	GirXSGN.exe
5956	ZBfwijU.exe
5800	useKQky.exe
4776	kIHoXht.exe
4544	eCIURLV.exe
4580	PzrfGFN.exe
4676	BWwBLHM.exe
4652	aBZQgyU.exe
4636	fxRtrxQ.exe
3144	WCSBbCn.exe
4420	KeiinpY.exe
3480	hRCLeTy.exe
4584	wJiWDFp.exe
3520	wlASawT.exe
4788	DhvxIcy.exe
4744	RJtrLsS.exe
4876	tXvRNXX.exe
4916	datGnVD.exe
4628	KHJuQER.exe
2716	Rbgugmf.exe
5268	YMtZXdj.exe
5128	raPAtUe.exe
6104	FyrNJiv.exe
5588	vdByqUF.exe
5004	OFshRTg.exe
5604	wpFvxOc.exe
5448	jqPiqud.exe
4960	McNAPAI.exe
1452	BZOObro.exe
5552	zwpSISD.exe
1188	FHaNZxW.exe
5240	LagfXCu.exe
2632	awpkbQr.exe
2468	xhvujAm.exe
2432	lZXBdhy.exe
960	PJQzQBB.exe
64	bwbHZYA.exe
2876	mdsOEBT.exe
5732	QlitwDK.exe
2216	NdCiAcR.exe
3164	dnvQCsX.exe
1968	xAtMNjK.exe
5480	uljCnUv.exe
3056	rkPDgmg.exe
4240	QSBkBhD.exe
4952	JAnSUBz.exe
1880	VYuEXZD.exe
2404	fstfBAg.exe
1740	AAhnmsZ.exe
2784	MXVqpet.exe
5568	vIJQsAe.exe
6024	EQgVTpN.exe
1964	gEAMTwh.exe
5208	VjHyAfz.exe
2728	gmKMLOv.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\PmTraaE.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\Vhltysz.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\cdZYNDV.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\aUKvwFF.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\tdrFyes.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\FRxIgSV.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\xSqmleN.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\uxAwOOO.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\DISpaHT.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\RontIYG.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\zgDbkOC.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\KeiinpY.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\QHAtvqk.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\wVDnwfV.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\qadFKiV.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\xaMlgEV.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\gmKMLOv.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\INVGEvW.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\KceTSjz.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\WCSBbCn.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\stROBJb.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\LbEcsQm.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\cFskNcG.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\hfQqDFo.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\iZdWHpz.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\MroKyDZ.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\MtBswot.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\isamRyz.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\uQfxWYg.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\vSLoOzb.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\GAXsQZK.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\raPAtUe.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\TemBghp.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\TfldIxu.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\aHvJBXD.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\VlozOIQ.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\QASqFoZ.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\qzoBCQz.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\uDftkCn.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\NeCOzpl.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\dsawkmB.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\MLgAUhm.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\MyNGvsq.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\WhXQDVZ.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\EPyYbxR.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\yKSrSuq.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\oCEgSoQ.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\xgIzNEd.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\okMAips.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\kKbfkWz.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\dgqiYjX.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\bXzolvd.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\zwpSISD.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\RUcfLsY.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\RTSvuAg.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\kVKPGDu.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\JdGopJm.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\xhvujAm.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\NdCiAcR.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\BBXekZn.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\hNhjUBh.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\oIUeEeD.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\VjHyAfz.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
File created	C:\Windows\System32\lKADciU.exe	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1892-0-0x00007FF7DD810000-0x00007FF7DDC01000-memory.dmp	upx
behavioral2/files/0x00080000000241ee-8.dat	upx
behavioral2/files/0x00070000000241f1-22.dat	upx
behavioral2/memory/5020-28-0x00007FF7FD0B0000-0x00007FF7FD4A1000-memory.dmp	upx
behavioral2/files/0x00070000000241ef-30.dat	upx
behavioral2/files/0x00070000000241f2-35.dat	upx
behavioral2/memory/2224-44-0x00007FF75B330000-0x00007FF75B721000-memory.dmp	upx
behavioral2/memory/2652-47-0x00007FF7742B0000-0x00007FF7746A1000-memory.dmp	upx
behavioral2/memory/1596-54-0x00007FF7B63B0000-0x00007FF7B67A1000-memory.dmp	upx
behavioral2/memory/2980-62-0x00007FF777760000-0x00007FF777B51000-memory.dmp	upx
behavioral2/files/0x00070000000241fa-72.dat	upx
behavioral2/files/0x00070000000241fc-81.dat	upx
behavioral2/files/0x00070000000241fd-92.dat	upx
behavioral2/files/0x0007000000024208-144.dat	upx
behavioral2/memory/5956-375-0x00007FF7B0900000-0x00007FF7B0CF1000-memory.dmp	upx
behavioral2/memory/5800-379-0x00007FF70B1E0000-0x00007FF70B5D1000-memory.dmp	upx
behavioral2/memory/4544-383-0x00007FF6766B0000-0x00007FF676AA1000-memory.dmp	upx
behavioral2/memory/4580-386-0x00007FF6B13F0000-0x00007FF6B17E1000-memory.dmp	upx
behavioral2/files/0x000700000002420d-169.dat	upx
behavioral2/files/0x000700000002420c-164.dat	upx
behavioral2/files/0x000700000002420b-162.dat	upx
behavioral2/files/0x000700000002420a-154.dat	upx
behavioral2/files/0x0007000000024209-152.dat	upx
behavioral2/files/0x0007000000024207-142.dat	upx
behavioral2/files/0x0007000000024206-137.dat	upx
behavioral2/files/0x0007000000024205-129.dat	upx
behavioral2/files/0x0007000000024204-127.dat	upx
behavioral2/files/0x0007000000024203-119.dat	upx
behavioral2/files/0x0007000000024202-114.dat	upx
behavioral2/files/0x0007000000024201-112.dat	upx
behavioral2/files/0x0007000000024200-107.dat	upx
behavioral2/files/0x00070000000241ff-102.dat	upx
behavioral2/files/0x00070000000241fe-94.dat	upx
behavioral2/files/0x00070000000241fb-79.dat	upx
behavioral2/files/0x00070000000241f7-69.dat	upx
behavioral2/files/0x00070000000241f9-67.dat	upx
behavioral2/files/0x00070000000241f8-65.dat	upx
behavioral2/files/0x00070000000241f6-63.dat	upx
behavioral2/memory/2888-48-0x00007FF792F40000-0x00007FF793331000-memory.dmp	upx
behavioral2/files/0x00070000000241f5-49.dat	upx
behavioral2/memory/3320-45-0x00007FF673AE0000-0x00007FF673ED1000-memory.dmp	upx
behavioral2/files/0x00070000000241f4-41.dat	upx
behavioral2/files/0x00070000000241f3-37.dat	upx
behavioral2/files/0x00070000000241f0-27.dat	upx
behavioral2/memory/552-17-0x00007FF7C6470000-0x00007FF7C6861000-memory.dmp	upx
behavioral2/memory/4676-397-0x00007FF64E6C0000-0x00007FF64EAB1000-memory.dmp	upx
behavioral2/memory/4636-404-0x00007FF6B3FE0000-0x00007FF6B43D1000-memory.dmp	upx
behavioral2/memory/3144-405-0x00007FF63EBD0000-0x00007FF63EFC1000-memory.dmp	upx
behavioral2/memory/4420-406-0x00007FF73A0F0000-0x00007FF73A4E1000-memory.dmp	upx
behavioral2/memory/4584-417-0x00007FF77ABD0000-0x00007FF77AFC1000-memory.dmp	upx
behavioral2/memory/3520-418-0x00007FF7D9EA0000-0x00007FF7DA291000-memory.dmp	upx
behavioral2/memory/4460-424-0x00007FF6B1AE0000-0x00007FF6B1ED1000-memory.dmp	upx
behavioral2/memory/4788-422-0x00007FF609C20000-0x00007FF60A011000-memory.dmp	upx
behavioral2/memory/4776-443-0x00007FF611E80000-0x00007FF612271000-memory.dmp	upx
behavioral2/memory/1416-440-0x00007FF6876C0000-0x00007FF687AB1000-memory.dmp	upx
behavioral2/memory/3480-412-0x00007FF75A150000-0x00007FF75A541000-memory.dmp	upx
behavioral2/memory/4652-403-0x00007FF7C6CB0000-0x00007FF7C70A1000-memory.dmp	upx
behavioral2/memory/552-1259-0x00007FF7C6470000-0x00007FF7C6861000-memory.dmp	upx
behavioral2/memory/1892-1258-0x00007FF7DD810000-0x00007FF7DDC01000-memory.dmp	upx
behavioral2/memory/2224-1396-0x00007FF75B330000-0x00007FF75B721000-memory.dmp	upx
behavioral2/memory/5020-1395-0x00007FF7FD0B0000-0x00007FF7FD4A1000-memory.dmp	upx
behavioral2/memory/5956-1554-0x00007FF7B0900000-0x00007FF7B0CF1000-memory.dmp	upx
behavioral2/memory/552-2161-0x00007FF7C6470000-0x00007FF7C6861000-memory.dmp	upx
behavioral2/memory/1596-2163-0x00007FF7B63B0000-0x00007FF7B67A1000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14160	dwm.exe
Token: SeChangeNotifyPrivilege	14160	dwm.exe
Token: 33	14160	dwm.exe
Token: SeIncBasePriorityPrivilege	14160	dwm.exe
Token: SeShutdownPrivilege	14160	dwm.exe
Token: SeCreatePagefilePrivilege	14160	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 552	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	86
PID 1892 wrote to memory of 552	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	86
PID 1892 wrote to memory of 5020	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	87
PID 1892 wrote to memory of 5020	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	87
PID 1892 wrote to memory of 1596	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	88
PID 1892 wrote to memory of 1596	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	88
PID 1892 wrote to memory of 3320	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	89
PID 1892 wrote to memory of 3320	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	89
PID 1892 wrote to memory of 2224	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	90
PID 1892 wrote to memory of 2224	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	90
PID 1892 wrote to memory of 2652	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	91
PID 1892 wrote to memory of 2652	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	91
PID 1892 wrote to memory of 2888	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	92
PID 1892 wrote to memory of 2888	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	92
PID 1892 wrote to memory of 2980	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	93
PID 1892 wrote to memory of 2980	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	93
PID 1892 wrote to memory of 4460	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	94
PID 1892 wrote to memory of 4460	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	94
PID 1892 wrote to memory of 1416	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	95
PID 1892 wrote to memory of 1416	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	95
PID 1892 wrote to memory of 5956	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	96
PID 1892 wrote to memory of 5956	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	96
PID 1892 wrote to memory of 5800	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	97
PID 1892 wrote to memory of 5800	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	97
PID 1892 wrote to memory of 4776	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	98
PID 1892 wrote to memory of 4776	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	98
PID 1892 wrote to memory of 4544	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	99
PID 1892 wrote to memory of 4544	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	99
PID 1892 wrote to memory of 4580	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	100
PID 1892 wrote to memory of 4580	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	100
PID 1892 wrote to memory of 4676	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	101
PID 1892 wrote to memory of 4676	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	101
PID 1892 wrote to memory of 4652	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	102
PID 1892 wrote to memory of 4652	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	102
PID 1892 wrote to memory of 4636	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	103
PID 1892 wrote to memory of 4636	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	103
PID 1892 wrote to memory of 3144	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	104
PID 1892 wrote to memory of 3144	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	104
PID 1892 wrote to memory of 4420	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	105
PID 1892 wrote to memory of 4420	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	105
PID 1892 wrote to memory of 3480	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	106
PID 1892 wrote to memory of 3480	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	106
PID 1892 wrote to memory of 4584	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	107
PID 1892 wrote to memory of 4584	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	107
PID 1892 wrote to memory of 3520	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	108
PID 1892 wrote to memory of 3520	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	108
PID 1892 wrote to memory of 4788	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	109
PID 1892 wrote to memory of 4788	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	109
PID 1892 wrote to memory of 4744	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	110
PID 1892 wrote to memory of 4744	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	110
PID 1892 wrote to memory of 4876	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	111
PID 1892 wrote to memory of 4876	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	111
PID 1892 wrote to memory of 4916	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	112
PID 1892 wrote to memory of 4916	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	112
PID 1892 wrote to memory of 4628	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	113
PID 1892 wrote to memory of 4628	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	113
PID 1892 wrote to memory of 2716	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	114
PID 1892 wrote to memory of 2716	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	114
PID 1892 wrote to memory of 5268	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	115
PID 1892 wrote to memory of 5268	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	115
PID 1892 wrote to memory of 5128	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	116
PID 1892 wrote to memory of 5128	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	116
PID 1892 wrote to memory of 6104	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	117
PID 1892 wrote to memory of 6104	1892	42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe	117

C:\Users\Admin\AppData\Local\Temp\42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe
"C:\Users\Admin\AppData\Local\Temp\42706b409c0d8293af0e82ee8505688cf08f288ff3d646b625e23ef20a95333f.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\System32\TgGeaai.exe
  C:\Windows\System32\TgGeaai.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System32\hqZDEPb.exe
  C:\Windows\System32\hqZDEPb.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System32\iadFChM.exe
  C:\Windows\System32\iadFChM.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System32\MrBOXIo.exe
  C:\Windows\System32\MrBOXIo.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System32\ZyuXKKg.exe
  C:\Windows\System32\ZyuXKKg.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System32\QrmGGTw.exe
  C:\Windows\System32\QrmGGTw.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System32\vPdiyue.exe
  C:\Windows\System32\vPdiyue.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System32\AzVTzvy.exe
  C:\Windows\System32\AzVTzvy.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System32\jnCyIdo.exe
  C:\Windows\System32\jnCyIdo.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\GirXSGN.exe
  C:\Windows\System32\GirXSGN.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System32\ZBfwijU.exe
  C:\Windows\System32\ZBfwijU.exe
  2⤵
  - Executes dropped EXE
  PID:5956
- C:\Windows\System32\useKQky.exe
  C:\Windows\System32\useKQky.exe
  2⤵
  - Executes dropped EXE
  PID:5800
- C:\Windows\System32\kIHoXht.exe
  C:\Windows\System32\kIHoXht.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System32\eCIURLV.exe
  C:\Windows\System32\eCIURLV.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System32\PzrfGFN.exe
  C:\Windows\System32\PzrfGFN.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System32\BWwBLHM.exe
  C:\Windows\System32\BWwBLHM.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System32\aBZQgyU.exe
  C:\Windows\System32\aBZQgyU.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System32\fxRtrxQ.exe
  C:\Windows\System32\fxRtrxQ.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System32\WCSBbCn.exe
  C:\Windows\System32\WCSBbCn.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System32\KeiinpY.exe
  C:\Windows\System32\KeiinpY.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System32\hRCLeTy.exe
  C:\Windows\System32\hRCLeTy.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System32\wJiWDFp.exe
  C:\Windows\System32\wJiWDFp.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System32\wlASawT.exe
  C:\Windows\System32\wlASawT.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System32\DhvxIcy.exe
  C:\Windows\System32\DhvxIcy.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System32\RJtrLsS.exe
  C:\Windows\System32\RJtrLsS.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System32\tXvRNXX.exe
  C:\Windows\System32\tXvRNXX.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System32\datGnVD.exe
  C:\Windows\System32\datGnVD.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System32\KHJuQER.exe
  C:\Windows\System32\KHJuQER.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System32\Rbgugmf.exe
  C:\Windows\System32\Rbgugmf.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System32\YMtZXdj.exe
  C:\Windows\System32\YMtZXdj.exe
  2⤵
  - Executes dropped EXE
  PID:5268
- C:\Windows\System32\raPAtUe.exe
  C:\Windows\System32\raPAtUe.exe
  2⤵
  - Executes dropped EXE
  PID:5128
- C:\Windows\System32\FyrNJiv.exe
  C:\Windows\System32\FyrNJiv.exe
  2⤵
  - Executes dropped EXE
  PID:6104
- C:\Windows\System32\vdByqUF.exe
  C:\Windows\System32\vdByqUF.exe
  2⤵
  - Executes dropped EXE
  PID:5588
- C:\Windows\System32\OFshRTg.exe
  C:\Windows\System32\OFshRTg.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System32\wpFvxOc.exe
  C:\Windows\System32\wpFvxOc.exe
  2⤵
  - Executes dropped EXE
  PID:5604
- C:\Windows\System32\jqPiqud.exe
  C:\Windows\System32\jqPiqud.exe
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Windows\System32\McNAPAI.exe
  C:\Windows\System32\McNAPAI.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System32\BZOObro.exe
  C:\Windows\System32\BZOObro.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System32\zwpSISD.exe
  C:\Windows\System32\zwpSISD.exe
  2⤵
  - Executes dropped EXE
  PID:5552
- C:\Windows\System32\FHaNZxW.exe
  C:\Windows\System32\FHaNZxW.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System32\LagfXCu.exe
  C:\Windows\System32\LagfXCu.exe
  2⤵
  - Executes dropped EXE
  PID:5240
- C:\Windows\System32\awpkbQr.exe
  C:\Windows\System32\awpkbQr.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System32\xhvujAm.exe
  C:\Windows\System32\xhvujAm.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System32\lZXBdhy.exe
  C:\Windows\System32\lZXBdhy.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System32\PJQzQBB.exe
  C:\Windows\System32\PJQzQBB.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System32\bwbHZYA.exe
  C:\Windows\System32\bwbHZYA.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System32\mdsOEBT.exe
  C:\Windows\System32\mdsOEBT.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System32\QlitwDK.exe
  C:\Windows\System32\QlitwDK.exe
  2⤵
  - Executes dropped EXE
  PID:5732
- C:\Windows\System32\NdCiAcR.exe
  C:\Windows\System32\NdCiAcR.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System32\dnvQCsX.exe
  C:\Windows\System32\dnvQCsX.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System32\xAtMNjK.exe
  C:\Windows\System32\xAtMNjK.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System32\uljCnUv.exe
  C:\Windows\System32\uljCnUv.exe
  2⤵
  - Executes dropped EXE
  PID:5480
- C:\Windows\System32\rkPDgmg.exe
  C:\Windows\System32\rkPDgmg.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System32\QSBkBhD.exe
  C:\Windows\System32\QSBkBhD.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System32\JAnSUBz.exe
  C:\Windows\System32\JAnSUBz.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\VYuEXZD.exe
  C:\Windows\System32\VYuEXZD.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System32\fstfBAg.exe
  C:\Windows\System32\fstfBAg.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System32\AAhnmsZ.exe
  C:\Windows\System32\AAhnmsZ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System32\MXVqpet.exe
  C:\Windows\System32\MXVqpet.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System32\vIJQsAe.exe
  C:\Windows\System32\vIJQsAe.exe
  2⤵
  - Executes dropped EXE
  PID:5568
- C:\Windows\System32\EQgVTpN.exe
  C:\Windows\System32\EQgVTpN.exe
  2⤵
  - Executes dropped EXE
  PID:6024
- C:\Windows\System32\gEAMTwh.exe
  C:\Windows\System32\gEAMTwh.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System32\VjHyAfz.exe
  C:\Windows\System32\VjHyAfz.exe
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Windows\System32\gmKMLOv.exe
  C:\Windows\System32\gmKMLOv.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System32\XMzvLNJ.exe
  C:\Windows\System32\XMzvLNJ.exe
  2⤵
  PID:4184
- C:\Windows\System32\sSVSrjJ.exe
  C:\Windows\System32\sSVSrjJ.exe
  2⤵
  PID:6028
- C:\Windows\System32\nyCHVOt.exe
  C:\Windows\System32\nyCHVOt.exe
  2⤵
  PID:1800
- C:\Windows\System32\WhowWwT.exe
  C:\Windows\System32\WhowWwT.exe
  2⤵
  PID:1708
- C:\Windows\System32\zshwneU.exe
  C:\Windows\System32\zshwneU.exe
  2⤵
  PID:3068
- C:\Windows\System32\ZuhPefK.exe
  C:\Windows\System32\ZuhPefK.exe
  2⤵
  PID:2836
- C:\Windows\System32\SreDlPM.exe
  C:\Windows\System32\SreDlPM.exe
  2⤵
  PID:736
- C:\Windows\System32\tUOpMUM.exe
  C:\Windows\System32\tUOpMUM.exe
  2⤵
  PID:4404
- C:\Windows\System32\cJjbUcq.exe
  C:\Windows\System32\cJjbUcq.exe
  2⤵
  PID:2256
- C:\Windows\System32\sZNMNqS.exe
  C:\Windows\System32\sZNMNqS.exe
  2⤵
  PID:5432
- C:\Windows\System32\BBXekZn.exe
  C:\Windows\System32\BBXekZn.exe
  2⤵
  PID:5340
- C:\Windows\System32\CRoNScb.exe
  C:\Windows\System32\CRoNScb.exe
  2⤵
  PID:5416
- C:\Windows\System32\HtMlaJZ.exe
  C:\Windows\System32\HtMlaJZ.exe
  2⤵
  PID:1084
- C:\Windows\System32\TemBghp.exe
  C:\Windows\System32\TemBghp.exe
  2⤵
  PID:4152
- C:\Windows\System32\CQeOKPM.exe
  C:\Windows\System32\CQeOKPM.exe
  2⤵
  PID:5032
- C:\Windows\System32\vxGJCzq.exe
  C:\Windows\System32\vxGJCzq.exe
  2⤵
  PID:5384
- C:\Windows\System32\FRxIgSV.exe
  C:\Windows\System32\FRxIgSV.exe
  2⤵
  PID:224
- C:\Windows\System32\lKADciU.exe
  C:\Windows\System32\lKADciU.exe
  2⤵
  PID:2884
- C:\Windows\System32\vwoEFyT.exe
  C:\Windows\System32\vwoEFyT.exe
  2⤵
  PID:4964
- C:\Windows\System32\LKrxScH.exe
  C:\Windows\System32\LKrxScH.exe
  2⤵
  PID:4328
- C:\Windows\System32\QKnnnzu.exe
  C:\Windows\System32\QKnnnzu.exe
  2⤵
  PID:5696
- C:\Windows\System32\pcZXOmm.exe
  C:\Windows\System32\pcZXOmm.exe
  2⤵
  PID:5096
- C:\Windows\System32\xSqmleN.exe
  C:\Windows\System32\xSqmleN.exe
  2⤵
  PID:3980
- C:\Windows\System32\IWneqOt.exe
  C:\Windows\System32\IWneqOt.exe
  2⤵
  PID:5640
- C:\Windows\System32\DpfJvbD.exe
  C:\Windows\System32\DpfJvbD.exe
  2⤵
  PID:6100
- C:\Windows\System32\XjpjSMS.exe
  C:\Windows\System32\XjpjSMS.exe
  2⤵
  PID:3176
- C:\Windows\System32\wgJtYxI.exe
  C:\Windows\System32\wgJtYxI.exe
  2⤵
  PID:4528
- C:\Windows\System32\XOoquqm.exe
  C:\Windows\System32\XOoquqm.exe
  2⤵
  PID:4848
- C:\Windows\System32\ntLiEfZ.exe
  C:\Windows\System32\ntLiEfZ.exe
  2⤵
  PID:4596
- C:\Windows\System32\XdQNllT.exe
  C:\Windows\System32\XdQNllT.exe
  2⤵
  PID:5136
- C:\Windows\System32\OvuCwmJ.exe
  C:\Windows\System32\OvuCwmJ.exe
  2⤵
  PID:4792
- C:\Windows\System32\RVqMctl.exe
  C:\Windows\System32\RVqMctl.exe
  2⤵
  PID:4864
- C:\Windows\System32\pWQHeev.exe
  C:\Windows\System32\pWQHeev.exe
  2⤵
  PID:5184
- C:\Windows\System32\AjLZFzH.exe
  C:\Windows\System32\AjLZFzH.exe
  2⤵
  PID:2140
- C:\Windows\System32\wjeiwzV.exe
  C:\Windows\System32\wjeiwzV.exe
  2⤵
  PID:4532
- C:\Windows\System32\YqEkIlH.exe
  C:\Windows\System32\YqEkIlH.exe
  2⤵
  PID:3680
- C:\Windows\System32\GLSlmCW.exe
  C:\Windows\System32\GLSlmCW.exe
  2⤵
  PID:372
- C:\Windows\System32\MGXTzjW.exe
  C:\Windows\System32\MGXTzjW.exe
  2⤵
  PID:4568
- C:\Windows\System32\LgCtMHn.exe
  C:\Windows\System32\LgCtMHn.exe
  2⤵
  PID:5796
- C:\Windows\System32\dSOFqFg.exe
  C:\Windows\System32\dSOFqFg.exe
  2⤵
  PID:2040
- C:\Windows\System32\hNhjUBh.exe
  C:\Windows\System32\hNhjUBh.exe
  2⤵
  PID:2900
- C:\Windows\System32\FjlwwhK.exe
  C:\Windows\System32\FjlwwhK.exe
  2⤵
  PID:4132
- C:\Windows\System32\ZSFEIgf.exe
  C:\Windows\System32\ZSFEIgf.exe
  2⤵
  PID:3340
- C:\Windows\System32\VvqLLiZ.exe
  C:\Windows\System32\VvqLLiZ.exe
  2⤵
  PID:3096
- C:\Windows\System32\FVBdUgS.exe
  C:\Windows\System32\FVBdUgS.exe
  2⤵
  PID:2384
- C:\Windows\System32\kFBqxDh.exe
  C:\Windows\System32\kFBqxDh.exe
  2⤵
  PID:5872
- C:\Windows\System32\TfldIxu.exe
  C:\Windows\System32\TfldIxu.exe
  2⤵
  PID:5972
- C:\Windows\System32\QNdQuIa.exe
  C:\Windows\System32\QNdQuIa.exe
  2⤵
  PID:2796
- C:\Windows\System32\bSWPjeq.exe
  C:\Windows\System32\bSWPjeq.exe
  2⤵
  PID:4956
- C:\Windows\System32\dydTTlf.exe
  C:\Windows\System32\dydTTlf.exe
  2⤵
  PID:4428
- C:\Windows\System32\ltPJvjH.exe
  C:\Windows\System32\ltPJvjH.exe
  2⤵
  PID:5748
- C:\Windows\System32\xTPhxlO.exe
  C:\Windows\System32\xTPhxlO.exe
  2⤵
  PID:3012
- C:\Windows\System32\MyNGvsq.exe
  C:\Windows\System32\MyNGvsq.exe
  2⤵
  PID:3384
- C:\Windows\System32\zHCFPZc.exe
  C:\Windows\System32\zHCFPZc.exe
  2⤵
  PID:5124
- C:\Windows\System32\hkiBcAu.exe
  C:\Windows\System32\hkiBcAu.exe
  2⤵
  PID:1364
- C:\Windows\System32\gwKzGOz.exe
  C:\Windows\System32\gwKzGOz.exe
  2⤵
  PID:2748
- C:\Windows\System32\NLvXhBj.exe
  C:\Windows\System32\NLvXhBj.exe
  2⤵
  PID:5816
- C:\Windows\System32\mRloRbS.exe
  C:\Windows\System32\mRloRbS.exe
  2⤵
  PID:2588
- C:\Windows\System32\IlrsQcE.exe
  C:\Windows\System32\IlrsQcE.exe
  2⤵
  PID:4572
- C:\Windows\System32\MroKyDZ.exe
  C:\Windows\System32\MroKyDZ.exe
  2⤵
  PID:4648
- C:\Windows\System32\BMzbIyb.exe
  C:\Windows\System32\BMzbIyb.exe
  2⤵
  PID:4768
- C:\Windows\System32\TlDLGQi.exe
  C:\Windows\System32\TlDLGQi.exe
  2⤵
  PID:6040
- C:\Windows\System32\nFJAGYV.exe
  C:\Windows\System32\nFJAGYV.exe
  2⤵
  PID:6140
- C:\Windows\System32\hirKITL.exe
  C:\Windows\System32\hirKITL.exe
  2⤵
  PID:4828
- C:\Windows\System32\yUEReuW.exe
  C:\Windows\System32\yUEReuW.exe
  2⤵
  PID:2132
- C:\Windows\System32\dQsrmDR.exe
  C:\Windows\System32\dQsrmDR.exe
  2⤵
  PID:2228
- C:\Windows\System32\CDHzgja.exe
  C:\Windows\System32\CDHzgja.exe
  2⤵
  PID:5540
- C:\Windows\System32\xGfirSF.exe
  C:\Windows\System32\xGfirSF.exe
  2⤵
  PID:4624
- C:\Windows\System32\HITQgqF.exe
  C:\Windows\System32\HITQgqF.exe
  2⤵
  PID:3524
- C:\Windows\System32\yVRdVVr.exe
  C:\Windows\System32\yVRdVVr.exe
  2⤵
  PID:4284
- C:\Windows\System32\qXwQXty.exe
  C:\Windows\System32\qXwQXty.exe
  2⤵
  PID:3016
- C:\Windows\System32\JCeRegz.exe
  C:\Windows\System32\JCeRegz.exe
  2⤵
  PID:2000
- C:\Windows\System32\tsUtjYP.exe
  C:\Windows\System32\tsUtjYP.exe
  2⤵
  PID:1820
- C:\Windows\System32\ciXARBj.exe
  C:\Windows\System32\ciXARBj.exe
  2⤵
  PID:2648
- C:\Windows\System32\jaDTbOP.exe
  C:\Windows\System32\jaDTbOP.exe
  2⤵
  PID:4936
- C:\Windows\System32\aHvJBXD.exe
  C:\Windows\System32\aHvJBXD.exe
  2⤵
  PID:2972
- C:\Windows\System32\dIoQWcP.exe
  C:\Windows\System32\dIoQWcP.exe
  2⤵
  PID:4440
- C:\Windows\System32\VTVesNl.exe
  C:\Windows\System32\VTVesNl.exe
  2⤵
  PID:1256
- C:\Windows\System32\ysuBBaz.exe
  C:\Windows\System32\ysuBBaz.exe
  2⤵
  PID:3268
- C:\Windows\System32\PmTraaE.exe
  C:\Windows\System32\PmTraaE.exe
  2⤵
  PID:632
- C:\Windows\System32\NJTZJkq.exe
  C:\Windows\System32\NJTZJkq.exe
  2⤵
  PID:4644
- C:\Windows\System32\JQdAcHo.exe
  C:\Windows\System32\JQdAcHo.exe
  2⤵
  PID:4548
- C:\Windows\System32\DsVuHGI.exe
  C:\Windows\System32\DsVuHGI.exe
  2⤵
  PID:5424
- C:\Windows\System32\MtBswot.exe
  C:\Windows\System32\MtBswot.exe
  2⤵
  PID:5912
- C:\Windows\System32\GxvVgTM.exe
  C:\Windows\System32\GxvVgTM.exe
  2⤵
  PID:4812
- C:\Windows\System32\uXJTzNW.exe
  C:\Windows\System32\uXJTzNW.exe
  2⤵
  PID:4924
- C:\Windows\System32\yTBnSGe.exe
  C:\Windows\System32\yTBnSGe.exe
  2⤵
  PID:5596
- C:\Windows\System32\ylaCRnV.exe
  C:\Windows\System32\ylaCRnV.exe
  2⤵
  PID:6096
- C:\Windows\System32\GwZfgVE.exe
  C:\Windows\System32\GwZfgVE.exe
  2⤵
  PID:1684
- C:\Windows\System32\LxvrvJm.exe
  C:\Windows\System32\LxvrvJm.exe
  2⤵
  PID:3984
- C:\Windows\System32\yLUCREm.exe
  C:\Windows\System32\yLUCREm.exe
  2⤵
  PID:4140
- C:\Windows\System32\IMlupyO.exe
  C:\Windows\System32\IMlupyO.exe
  2⤵
  PID:880
- C:\Windows\System32\bsiMRTA.exe
  C:\Windows\System32\bsiMRTA.exe
  2⤵
  PID:4884
- C:\Windows\System32\ZGFCdSe.exe
  C:\Windows\System32\ZGFCdSe.exe
  2⤵
  PID:5628
- C:\Windows\System32\qLWotOC.exe
  C:\Windows\System32\qLWotOC.exe
  2⤵
  PID:3548
- C:\Windows\System32\eBhtssI.exe
  C:\Windows\System32\eBhtssI.exe
  2⤵
  PID:3088
- C:\Windows\System32\TUEZoNI.exe
  C:\Windows\System32\TUEZoNI.exe
  2⤵
  PID:1960
- C:\Windows\System32\ksqAMrT.exe
  C:\Windows\System32\ksqAMrT.exe
  2⤵
  PID:4268
- C:\Windows\System32\SDiMQYI.exe
  C:\Windows\System32\SDiMQYI.exe
  2⤵
  PID:1884
- C:\Windows\System32\ZFaGkGg.exe
  C:\Windows\System32\ZFaGkGg.exe
  2⤵
  PID:2676
- C:\Windows\System32\jreABky.exe
  C:\Windows\System32\jreABky.exe
  2⤵
  PID:4752
- C:\Windows\System32\TmetUID.exe
  C:\Windows\System32\TmetUID.exe
  2⤵
  PID:6152
- C:\Windows\System32\LLcguGm.exe
  C:\Windows\System32\LLcguGm.exe
  2⤵
  PID:6192
- C:\Windows\System32\EPCSQlX.exe
  C:\Windows\System32\EPCSQlX.exe
  2⤵
  PID:6212
- C:\Windows\System32\uLXTzmH.exe
  C:\Windows\System32\uLXTzmH.exe
  2⤵
  PID:6272
- C:\Windows\System32\uxAwOOO.exe
  C:\Windows\System32\uxAwOOO.exe
  2⤵
  PID:6308
- C:\Windows\System32\klBXZvS.exe
  C:\Windows\System32\klBXZvS.exe
  2⤵
  PID:6324
- C:\Windows\System32\dIOBEWS.exe
  C:\Windows\System32\dIOBEWS.exe
  2⤵
  PID:6340
- C:\Windows\System32\NykVkAZ.exe
  C:\Windows\System32\NykVkAZ.exe
  2⤵
  PID:6356
- C:\Windows\System32\OZtZisP.exe
  C:\Windows\System32\OZtZisP.exe
  2⤵
  PID:6424
- C:\Windows\System32\VVoRFgU.exe
  C:\Windows\System32\VVoRFgU.exe
  2⤵
  PID:6440
- C:\Windows\System32\xDzWTxI.exe
  C:\Windows\System32\xDzWTxI.exe
  2⤵
  PID:6464
- C:\Windows\System32\skSEoqS.exe
  C:\Windows\System32\skSEoqS.exe
  2⤵
  PID:6484
- C:\Windows\System32\IfmOruM.exe
  C:\Windows\System32\IfmOruM.exe
  2⤵
  PID:6512
- C:\Windows\System32\gYQZxaY.exe
  C:\Windows\System32\gYQZxaY.exe
  2⤵
  PID:6532
- C:\Windows\System32\okMAips.exe
  C:\Windows\System32\okMAips.exe
  2⤵
  PID:6580
- C:\Windows\System32\aRvYySG.exe
  C:\Windows\System32\aRvYySG.exe
  2⤵
  PID:6604
- C:\Windows\System32\mzJWnKI.exe
  C:\Windows\System32\mzJWnKI.exe
  2⤵
  PID:6680
- C:\Windows\System32\ixJlmhJ.exe
  C:\Windows\System32\ixJlmhJ.exe
  2⤵
  PID:6704
- C:\Windows\System32\dBAZBnH.exe
  C:\Windows\System32\dBAZBnH.exe
  2⤵
  PID:6724
- C:\Windows\System32\seqcEXx.exe
  C:\Windows\System32\seqcEXx.exe
  2⤵
  PID:6744
- C:\Windows\System32\nTFIlCJ.exe
  C:\Windows\System32\nTFIlCJ.exe
  2⤵
  PID:6780
- C:\Windows\System32\WhXQDVZ.exe
  C:\Windows\System32\WhXQDVZ.exe
  2⤵
  PID:6796
- C:\Windows\System32\Vhltysz.exe
  C:\Windows\System32\Vhltysz.exe
  2⤵
  PID:6820
- C:\Windows\System32\UqpnECL.exe
  C:\Windows\System32\UqpnECL.exe
  2⤵
  PID:6844
- C:\Windows\System32\yWIHEzr.exe
  C:\Windows\System32\yWIHEzr.exe
  2⤵
  PID:6876
- C:\Windows\System32\wrbrarO.exe
  C:\Windows\System32\wrbrarO.exe
  2⤵
  PID:6904
- C:\Windows\System32\oDUySMA.exe
  C:\Windows\System32\oDUySMA.exe
  2⤵
  PID:6932
- C:\Windows\System32\WLfQkET.exe
  C:\Windows\System32\WLfQkET.exe
  2⤵
  PID:6968
- C:\Windows\System32\lbxIpPt.exe
  C:\Windows\System32\lbxIpPt.exe
  2⤵
  PID:6988
- C:\Windows\System32\rCPnfot.exe
  C:\Windows\System32\rCPnfot.exe
  2⤵
  PID:7004
- C:\Windows\System32\gfgwCBt.exe
  C:\Windows\System32\gfgwCBt.exe
  2⤵
  PID:7028
- C:\Windows\System32\stROBJb.exe
  C:\Windows\System32\stROBJb.exe
  2⤵
  PID:7044
- C:\Windows\System32\TzWTdxw.exe
  C:\Windows\System32\TzWTdxw.exe
  2⤵
  PID:7072
- C:\Windows\System32\taPdalz.exe
  C:\Windows\System32\taPdalz.exe
  2⤵
  PID:7088
- C:\Windows\System32\jeqUUoP.exe
  C:\Windows\System32\jeqUUoP.exe
  2⤵
  PID:7156
- C:\Windows\System32\nKzcnZL.exe
  C:\Windows\System32\nKzcnZL.exe
  2⤵
  PID:1152
- C:\Windows\System32\rYAPEAG.exe
  C:\Windows\System32\rYAPEAG.exe
  2⤵
  PID:544
- C:\Windows\System32\KKliacw.exe
  C:\Windows\System32\KKliacw.exe
  2⤵
  PID:5952
- C:\Windows\System32\iQnaDPS.exe
  C:\Windows\System32\iQnaDPS.exe
  2⤵
  PID:6296
- C:\Windows\System32\QsGtxfS.exe
  C:\Windows\System32\QsGtxfS.exe
  2⤵
  PID:6332
- C:\Windows\System32\rrVDLvT.exe
  C:\Windows\System32\rrVDLvT.exe
  2⤵
  PID:6348
- C:\Windows\System32\hovVJfd.exe
  C:\Windows\System32\hovVJfd.exe
  2⤵
  PID:6480
- C:\Windows\System32\ZEzFqcU.exe
  C:\Windows\System32\ZEzFqcU.exe
  2⤵
  PID:6528
- C:\Windows\System32\VQufhyV.exe
  C:\Windows\System32\VQufhyV.exe
  2⤵
  PID:6596
- C:\Windows\System32\jjOgAnC.exe
  C:\Windows\System32\jjOgAnC.exe
  2⤵
  PID:6648
- C:\Windows\System32\sxSzGtj.exe
  C:\Windows\System32\sxSzGtj.exe
  2⤵
  PID:6676
- C:\Windows\System32\tgwgIiX.exe
  C:\Windows\System32\tgwgIiX.exe
  2⤵
  PID:6740
- C:\Windows\System32\NuSPdyW.exe
  C:\Windows\System32\NuSPdyW.exe
  2⤵
  PID:6840
- C:\Windows\System32\LlHdmNN.exe
  C:\Windows\System32\LlHdmNN.exe
  2⤵
  PID:6928
- C:\Windows\System32\KLuJRDL.exe
  C:\Windows\System32\KLuJRDL.exe
  2⤵
  PID:7064
- C:\Windows\System32\WNspYka.exe
  C:\Windows\System32\WNspYka.exe
  2⤵
  PID:7100
- C:\Windows\System32\oLNCwPk.exe
  C:\Windows\System32\oLNCwPk.exe
  2⤵
  PID:7128
- C:\Windows\System32\tIrjFOL.exe
  C:\Windows\System32\tIrjFOL.exe
  2⤵
  PID:4364
- C:\Windows\System32\RwSiCfN.exe
  C:\Windows\System32\RwSiCfN.exe
  2⤵
  PID:984
- C:\Windows\System32\NWinSPq.exe
  C:\Windows\System32\NWinSPq.exe
  2⤵
  PID:6364
- C:\Windows\System32\IBcuSXg.exe
  C:\Windows\System32\IBcuSXg.exe
  2⤵
  PID:6316
- C:\Windows\System32\EPyYbxR.exe
  C:\Windows\System32\EPyYbxR.exe
  2⤵
  PID:6672
- C:\Windows\System32\BLTTUHf.exe
  C:\Windows\System32\BLTTUHf.exe
  2⤵
  PID:6792
- C:\Windows\System32\yDDZPuM.exe
  C:\Windows\System32\yDDZPuM.exe
  2⤵
  PID:6636
- C:\Windows\System32\VlRMRjk.exe
  C:\Windows\System32\VlRMRjk.exe
  2⤵
  PID:6868
- C:\Windows\System32\XSruzTA.exe
  C:\Windows\System32\XSruzTA.exe
  2⤵
  PID:6996
- C:\Windows\System32\aVJIbEn.exe
  C:\Windows\System32\aVJIbEn.exe
  2⤵
  PID:7060
- C:\Windows\System32\uYqFSEc.exe
  C:\Windows\System32\uYqFSEc.exe
  2⤵
  PID:6376
- C:\Windows\System32\SlAWAhH.exe
  C:\Windows\System32\SlAWAhH.exe
  2⤵
  PID:6548
- C:\Windows\System32\aGVQIyH.exe
  C:\Windows\System32\aGVQIyH.exe
  2⤵
  PID:6664
- C:\Windows\System32\mKkcjLM.exe
  C:\Windows\System32\mKkcjLM.exe
  2⤵
  PID:7176
- C:\Windows\System32\hqVjKps.exe
  C:\Windows\System32\hqVjKps.exe
  2⤵
  PID:7208
- C:\Windows\System32\ENmohEV.exe
  C:\Windows\System32\ENmohEV.exe
  2⤵
  PID:7232
- C:\Windows\System32\OQDKLHY.exe
  C:\Windows\System32\OQDKLHY.exe
  2⤵
  PID:7248
- C:\Windows\System32\VRZmLvN.exe
  C:\Windows\System32\VRZmLvN.exe
  2⤵
  PID:7268
- C:\Windows\System32\ltbgXej.exe
  C:\Windows\System32\ltbgXej.exe
  2⤵
  PID:7288
- C:\Windows\System32\MavYrrI.exe
  C:\Windows\System32\MavYrrI.exe
  2⤵
  PID:7424
- C:\Windows\System32\cIhReqf.exe
  C:\Windows\System32\cIhReqf.exe
  2⤵
  PID:7444
- C:\Windows\System32\KHHpdDS.exe
  C:\Windows\System32\KHHpdDS.exe
  2⤵
  PID:7464
- C:\Windows\System32\cuhjdZC.exe
  C:\Windows\System32\cuhjdZC.exe
  2⤵
  PID:7496
- C:\Windows\System32\KNciOod.exe
  C:\Windows\System32\KNciOod.exe
  2⤵
  PID:7516
- C:\Windows\System32\BNKrrTj.exe
  C:\Windows\System32\BNKrrTj.exe
  2⤵
  PID:7536
- C:\Windows\System32\ZokngCv.exe
  C:\Windows\System32\ZokngCv.exe
  2⤵
  PID:7584
- C:\Windows\System32\XoJMhxJ.exe
  C:\Windows\System32\XoJMhxJ.exe
  2⤵
  PID:7632
- C:\Windows\System32\WWHdpff.exe
  C:\Windows\System32\WWHdpff.exe
  2⤵
  PID:7648
- C:\Windows\System32\ZHZMZJK.exe
  C:\Windows\System32\ZHZMZJK.exe
  2⤵
  PID:7664
- C:\Windows\System32\XpipiXr.exe
  C:\Windows\System32\XpipiXr.exe
  2⤵
  PID:7684
- C:\Windows\System32\dhqRngl.exe
  C:\Windows\System32\dhqRngl.exe
  2⤵
  PID:7752
- C:\Windows\System32\SNDtJuD.exe
  C:\Windows\System32\SNDtJuD.exe
  2⤵
  PID:7768
- C:\Windows\System32\qAPnYhV.exe
  C:\Windows\System32\qAPnYhV.exe
  2⤵
  PID:7796
- C:\Windows\System32\iXvTfiL.exe
  C:\Windows\System32\iXvTfiL.exe
  2⤵
  PID:7828
- C:\Windows\System32\Crwspef.exe
  C:\Windows\System32\Crwspef.exe
  2⤵
  PID:7856
- C:\Windows\System32\ZqWNZWI.exe
  C:\Windows\System32\ZqWNZWI.exe
  2⤵
  PID:7880
- C:\Windows\System32\BiiDbbH.exe
  C:\Windows\System32\BiiDbbH.exe
  2⤵
  PID:7916
- C:\Windows\System32\CRjGsnu.exe
  C:\Windows\System32\CRjGsnu.exe
  2⤵
  PID:7940
- C:\Windows\System32\xBjVMgn.exe
  C:\Windows\System32\xBjVMgn.exe
  2⤵
  PID:7988
- C:\Windows\System32\ayzTHFf.exe
  C:\Windows\System32\ayzTHFf.exe
  2⤵
  PID:8004
- C:\Windows\System32\isamRyz.exe
  C:\Windows\System32\isamRyz.exe
  2⤵
  PID:8024
- C:\Windows\System32\nDKIvcm.exe
  C:\Windows\System32\nDKIvcm.exe
  2⤵
  PID:8040
- C:\Windows\System32\TnKMMjJ.exe
  C:\Windows\System32\TnKMMjJ.exe
  2⤵
  PID:8072
- C:\Windows\System32\QnpXuYa.exe
  C:\Windows\System32\QnpXuYa.exe
  2⤵
  PID:8100
- C:\Windows\System32\FAkKASj.exe
  C:\Windows\System32\FAkKASj.exe
  2⤵
  PID:8136
- C:\Windows\System32\JFHMMfG.exe
  C:\Windows\System32\JFHMMfG.exe
  2⤵
  PID:8184
- C:\Windows\System32\focCWQw.exe
  C:\Windows\System32\focCWQw.exe
  2⤵
  PID:6984
- C:\Windows\System32\JLCrJkG.exe
  C:\Windows\System32\JLCrJkG.exe
  2⤵
  PID:6752
- C:\Windows\System32\fAMYUSX.exe
  C:\Windows\System32\fAMYUSX.exe
  2⤵
  PID:6540
- C:\Windows\System32\cHrACQG.exe
  C:\Windows\System32\cHrACQG.exe
  2⤵
  PID:7204
- C:\Windows\System32\PBFDnUp.exe
  C:\Windows\System32\PBFDnUp.exe
  2⤵
  PID:7244
- C:\Windows\System32\piRFtCq.exe
  C:\Windows\System32\piRFtCq.exe
  2⤵
  PID:7380
- C:\Windows\System32\xqWeouh.exe
  C:\Windows\System32\xqWeouh.exe
  2⤵
  PID:7488
- C:\Windows\System32\VDFScBq.exe
  C:\Windows\System32\VDFScBq.exe
  2⤵
  PID:7544
- C:\Windows\System32\ywaFJOV.exe
  C:\Windows\System32\ywaFJOV.exe
  2⤵
  PID:7604
- C:\Windows\System32\hnudbfo.exe
  C:\Windows\System32\hnudbfo.exe
  2⤵
  PID:7680
- C:\Windows\System32\fEdCkAN.exe
  C:\Windows\System32\fEdCkAN.exe
  2⤵
  PID:7696
- C:\Windows\System32\QoOTQkK.exe
  C:\Windows\System32\QoOTQkK.exe
  2⤵
  PID:7732
- C:\Windows\System32\qqERCGQ.exe
  C:\Windows\System32\qqERCGQ.exe
  2⤵
  PID:7840
- C:\Windows\System32\aUkaSdJ.exe
  C:\Windows\System32\aUkaSdJ.exe
  2⤵
  PID:7900
- C:\Windows\System32\YWlLsnY.exe
  C:\Windows\System32\YWlLsnY.exe
  2⤵
  PID:7948
- C:\Windows\System32\HKXIqaP.exe
  C:\Windows\System32\HKXIqaP.exe
  2⤵
  PID:7996
- C:\Windows\System32\hXejrUl.exe
  C:\Windows\System32\hXejrUl.exe
  2⤵
  PID:8116
- C:\Windows\System32\HxWlGgD.exe
  C:\Windows\System32\HxWlGgD.exe
  2⤵
  PID:8168
- C:\Windows\System32\dSfJLyW.exe
  C:\Windows\System32\dSfJLyW.exe
  2⤵
  PID:6188
- C:\Windows\System32\CWXcouO.exe
  C:\Windows\System32\CWXcouO.exe
  2⤵
  PID:7172
- C:\Windows\System32\XoZIyyc.exe
  C:\Windows\System32\XoZIyyc.exe
  2⤵
  PID:2516
- C:\Windows\System32\EUkJXDe.exe
  C:\Windows\System32\EUkJXDe.exe
  2⤵
  PID:7644
- C:\Windows\System32\rIcSrOC.exe
  C:\Windows\System32\rIcSrOC.exe
  2⤵
  PID:2036
- C:\Windows\System32\pCqnBKj.exe
  C:\Windows\System32\pCqnBKj.exe
  2⤵
  PID:7656
- C:\Windows\System32\UKQYPAB.exe
  C:\Windows\System32\UKQYPAB.exe
  2⤵
  PID:8036
- C:\Windows\System32\KecfnmE.exe
  C:\Windows\System32\KecfnmE.exe
  2⤵
  PID:6956
- C:\Windows\System32\flTavai.exe
  C:\Windows\System32\flTavai.exe
  2⤵
  PID:7260
- C:\Windows\System32\RUcfLsY.exe
  C:\Windows\System32\RUcfLsY.exe
  2⤵
  PID:7400
- C:\Windows\System32\vSCtTQo.exe
  C:\Windows\System32\vSCtTQo.exe
  2⤵
  PID:1628
- C:\Windows\System32\fYSWruo.exe
  C:\Windows\System32\fYSWruo.exe
  2⤵
  PID:7600
- C:\Windows\System32\yKSrSuq.exe
  C:\Windows\System32\yKSrSuq.exe
  2⤵
  PID:3264
- C:\Windows\System32\qlkAqBO.exe
  C:\Windows\System32\qlkAqBO.exe
  2⤵
  PID:7216
- C:\Windows\System32\UvvWcMq.exe
  C:\Windows\System32\UvvWcMq.exe
  2⤵
  PID:7924
- C:\Windows\System32\VCDOIwO.exe
  C:\Windows\System32\VCDOIwO.exe
  2⤵
  PID:8200
- C:\Windows\System32\TYEyxDT.exe
  C:\Windows\System32\TYEyxDT.exe
  2⤵
  PID:8220
- C:\Windows\System32\EHhPsRi.exe
  C:\Windows\System32\EHhPsRi.exe
  2⤵
  PID:8248
- C:\Windows\System32\WSNTEVb.exe
  C:\Windows\System32\WSNTEVb.exe
  2⤵
  PID:8292
- C:\Windows\System32\QDUCfNF.exe
  C:\Windows\System32\QDUCfNF.exe
  2⤵
  PID:8312
- C:\Windows\System32\CMHuUye.exe
  C:\Windows\System32\CMHuUye.exe
  2⤵
  PID:8356
- C:\Windows\System32\cYXOuca.exe
  C:\Windows\System32\cYXOuca.exe
  2⤵
  PID:8392
- C:\Windows\System32\ezGunRt.exe
  C:\Windows\System32\ezGunRt.exe
  2⤵
  PID:8412
- C:\Windows\System32\MpiwzjD.exe
  C:\Windows\System32\MpiwzjD.exe
  2⤵
  PID:8432
- C:\Windows\System32\INVGEvW.exe
  C:\Windows\System32\INVGEvW.exe
  2⤵
  PID:8456
- C:\Windows\System32\EVrvmJz.exe
  C:\Windows\System32\EVrvmJz.exe
  2⤵
  PID:8476
- C:\Windows\System32\yhkdeAy.exe
  C:\Windows\System32\yhkdeAy.exe
  2⤵
  PID:8516
- C:\Windows\System32\FxHkMox.exe
  C:\Windows\System32\FxHkMox.exe
  2⤵
  PID:8564
- C:\Windows\System32\EHOyqZQ.exe
  C:\Windows\System32\EHOyqZQ.exe
  2⤵
  PID:8592
- C:\Windows\System32\sgkeMTR.exe
  C:\Windows\System32\sgkeMTR.exe
  2⤵
  PID:8620
- C:\Windows\System32\WJjQHQw.exe
  C:\Windows\System32\WJjQHQw.exe
  2⤵
  PID:8652
- C:\Windows\System32\VDMvUUH.exe
  C:\Windows\System32\VDMvUUH.exe
  2⤵
  PID:8680
- C:\Windows\System32\PKwMwzK.exe
  C:\Windows\System32\PKwMwzK.exe
  2⤵
  PID:8704
- C:\Windows\System32\VyKdana.exe
  C:\Windows\System32\VyKdana.exe
  2⤵
  PID:8720
- C:\Windows\System32\LcrXxSf.exe
  C:\Windows\System32\LcrXxSf.exe
  2⤵
  PID:8748
- C:\Windows\System32\oXLGaGW.exe
  C:\Windows\System32\oXLGaGW.exe
  2⤵
  PID:8780
- C:\Windows\System32\kzlrgcK.exe
  C:\Windows\System32\kzlrgcK.exe
  2⤵
  PID:8812
- C:\Windows\System32\buAKEYJ.exe
  C:\Windows\System32\buAKEYJ.exe
  2⤵
  PID:8836
- C:\Windows\System32\wWyvyMX.exe
  C:\Windows\System32\wWyvyMX.exe
  2⤵
  PID:8860
- C:\Windows\System32\iwMuBSu.exe
  C:\Windows\System32\iwMuBSu.exe
  2⤵
  PID:8884
- C:\Windows\System32\yqOEUpC.exe
  C:\Windows\System32\yqOEUpC.exe
  2⤵
  PID:8908
- C:\Windows\System32\AtERKYD.exe
  C:\Windows\System32\AtERKYD.exe
  2⤵
  PID:8984
- C:\Windows\System32\ebxozRw.exe
  C:\Windows\System32\ebxozRw.exe
  2⤵
  PID:9052
- C:\Windows\System32\GgRXPna.exe
  C:\Windows\System32\GgRXPna.exe
  2⤵
  PID:9068
- C:\Windows\System32\SGsKpxy.exe
  C:\Windows\System32\SGsKpxy.exe
  2⤵
  PID:9088
- C:\Windows\System32\xfEHIqW.exe
  C:\Windows\System32\xfEHIqW.exe
  2⤵
  PID:9116
- C:\Windows\System32\tHyfEHG.exe
  C:\Windows\System32\tHyfEHG.exe
  2⤵
  PID:9140
- C:\Windows\System32\KlDDGRA.exe
  C:\Windows\System32\KlDDGRA.exe
  2⤵
  PID:9164
- C:\Windows\System32\yljwkQE.exe
  C:\Windows\System32\yljwkQE.exe
  2⤵
  PID:9192
- C:\Windows\System32\MlHgNpF.exe
  C:\Windows\System32\MlHgNpF.exe
  2⤵
  PID:2988
- C:\Windows\System32\fNTBhYz.exe
  C:\Windows\System32\fNTBhYz.exe
  2⤵
  PID:8276
- C:\Windows\System32\NKGUZZo.exe
  C:\Windows\System32\NKGUZZo.exe
  2⤵
  PID:8380
- C:\Windows\System32\zZgZXDa.exe
  C:\Windows\System32\zZgZXDa.exe
  2⤵
  PID:8452
- C:\Windows\System32\hGETRZW.exe
  C:\Windows\System32\hGETRZW.exe
  2⤵
  PID:8524
- C:\Windows\System32\sqoTtYP.exe
  C:\Windows\System32\sqoTtYP.exe
  2⤵
  PID:8572
- C:\Windows\System32\VBUYXZW.exe
  C:\Windows\System32\VBUYXZW.exe
  2⤵
  PID:8584
- C:\Windows\System32\lfIvVvm.exe
  C:\Windows\System32\lfIvVvm.exe
  2⤵
  PID:8668
- C:\Windows\System32\KYtlbzv.exe
  C:\Windows\System32\KYtlbzv.exe
  2⤵
  PID:8692
- C:\Windows\System32\LMCiyfD.exe
  C:\Windows\System32\LMCiyfD.exe
  2⤵
  PID:8744
- C:\Windows\System32\yrJxLki.exe
  C:\Windows\System32\yrJxLki.exe
  2⤵
  PID:8788
- C:\Windows\System32\NINSXut.exe
  C:\Windows\System32\NINSXut.exe
  2⤵
  PID:8820
- C:\Windows\System32\wSmPRre.exe
  C:\Windows\System32\wSmPRre.exe
  2⤵
  PID:9016
- C:\Windows\System32\RTSvuAg.exe
  C:\Windows\System32\RTSvuAg.exe
  2⤵
  PID:9004
- C:\Windows\System32\acUKGqZ.exe
  C:\Windows\System32\acUKGqZ.exe
  2⤵
  PID:9112
- C:\Windows\System32\XVutIat.exe
  C:\Windows\System32\XVutIat.exe
  2⤵
  PID:9076
- C:\Windows\System32\uKYtNNr.exe
  C:\Windows\System32\uKYtNNr.exe
  2⤵
  PID:9156
- C:\Windows\System32\QVlifbB.exe
  C:\Windows\System32\QVlifbB.exe
  2⤵
  PID:9208
- C:\Windows\System32\acwIgSQ.exe
  C:\Windows\System32\acwIgSQ.exe
  2⤵
  PID:1796
- C:\Windows\System32\WYwBygj.exe
  C:\Windows\System32\WYwBygj.exe
  2⤵
  PID:8472
- C:\Windows\System32\ZJFgNmO.exe
  C:\Windows\System32\ZJFgNmO.exe
  2⤵
  PID:8560
- C:\Windows\System32\QHAtvqk.exe
  C:\Windows\System32\QHAtvqk.exe
  2⤵
  PID:3092
- C:\Windows\System32\kKbfkWz.exe
  C:\Windows\System32\kKbfkWz.exe
  2⤵
  PID:8764
- C:\Windows\System32\KvfMGEi.exe
  C:\Windows\System32\KvfMGEi.exe
  2⤵
  PID:8872
- C:\Windows\System32\tRhNGzS.exe
  C:\Windows\System32\tRhNGzS.exe
  2⤵
  PID:8928
- C:\Windows\System32\sQARJei.exe
  C:\Windows\System32\sQARJei.exe
  2⤵
  PID:9108
- C:\Windows\System32\eRMJLfP.exe
  C:\Windows\System32\eRMJLfP.exe
  2⤵
  PID:8344
- C:\Windows\System32\VlozOIQ.exe
  C:\Windows\System32\VlozOIQ.exe
  2⤵
  PID:3128
- C:\Windows\System32\anWqmRG.exe
  C:\Windows\System32\anWqmRG.exe
  2⤵
  PID:8760
- C:\Windows\System32\BRlsWHw.exe
  C:\Windows\System32\BRlsWHw.exe
  2⤵
  PID:8948
- C:\Windows\System32\TToUSqV.exe
  C:\Windows\System32\TToUSqV.exe
  2⤵
  PID:5672
- C:\Windows\System32\jKFafjq.exe
  C:\Windows\System32\jKFafjq.exe
  2⤵
  PID:8096
- C:\Windows\System32\teHTtXf.exe
  C:\Windows\System32\teHTtXf.exe
  2⤵
  PID:9228
- C:\Windows\System32\myAUHBb.exe
  C:\Windows\System32\myAUHBb.exe
  2⤵
  PID:9272
- C:\Windows\System32\jZVOXwX.exe
  C:\Windows\System32\jZVOXwX.exe
  2⤵
  PID:9292
- C:\Windows\System32\seuPgQV.exe
  C:\Windows\System32\seuPgQV.exe
  2⤵
  PID:9308
- C:\Windows\System32\WFhkSrG.exe
  C:\Windows\System32\WFhkSrG.exe
  2⤵
  PID:9328
- C:\Windows\System32\JdGopJm.exe
  C:\Windows\System32\JdGopJm.exe
  2⤵
  PID:9352
- C:\Windows\System32\eSWXDBh.exe
  C:\Windows\System32\eSWXDBh.exe
  2⤵
  PID:9372
- C:\Windows\System32\uDftkCn.exe
  C:\Windows\System32\uDftkCn.exe
  2⤵
  PID:9396
- C:\Windows\System32\lFGeJvA.exe
  C:\Windows\System32\lFGeJvA.exe
  2⤵
  PID:9416
- C:\Windows\System32\xgIzNEd.exe
  C:\Windows\System32\xgIzNEd.exe
  2⤵
  PID:9484
- C:\Windows\System32\OOapQQw.exe
  C:\Windows\System32\OOapQQw.exe
  2⤵
  PID:9512
- C:\Windows\System32\cKURMEe.exe
  C:\Windows\System32\cKURMEe.exe
  2⤵
  PID:9536
- C:\Windows\System32\tLvPxYV.exe
  C:\Windows\System32\tLvPxYV.exe
  2⤵
  PID:9552
- C:\Windows\System32\uQfxWYg.exe
  C:\Windows\System32\uQfxWYg.exe
  2⤵
  PID:9580
- C:\Windows\System32\kNrdVHL.exe
  C:\Windows\System32\kNrdVHL.exe
  2⤵
  PID:9604
- C:\Windows\System32\fiJYYJg.exe
  C:\Windows\System32\fiJYYJg.exe
  2⤵
  PID:9628
- C:\Windows\System32\JPstdrG.exe
  C:\Windows\System32\JPstdrG.exe
  2⤵
  PID:9644
- C:\Windows\System32\xxLsEIa.exe
  C:\Windows\System32\xxLsEIa.exe
  2⤵
  PID:9672
- C:\Windows\System32\NeCOzpl.exe
  C:\Windows\System32\NeCOzpl.exe
  2⤵
  PID:9804
- C:\Windows\System32\LihdQDF.exe
  C:\Windows\System32\LihdQDF.exe
  2⤵
  PID:9832
- C:\Windows\System32\djCPjgU.exe
  C:\Windows\System32\djCPjgU.exe
  2⤵
  PID:9848
- C:\Windows\System32\REfEUvM.exe
  C:\Windows\System32\REfEUvM.exe
  2⤵
  PID:9884
- C:\Windows\System32\GeSDQmd.exe
  C:\Windows\System32\GeSDQmd.exe
  2⤵
  PID:9900
- C:\Windows\System32\YOGPEvy.exe
  C:\Windows\System32\YOGPEvy.exe
  2⤵
  PID:9928
- C:\Windows\System32\kZNTqDN.exe
  C:\Windows\System32\kZNTqDN.exe
  2⤵
  PID:9944
- C:\Windows\System32\JLGoZqG.exe
  C:\Windows\System32\JLGoZqG.exe
  2⤵
  PID:9984
- C:\Windows\System32\PinFBlE.exe
  C:\Windows\System32\PinFBlE.exe
  2⤵
  PID:10032
- C:\Windows\System32\XLcqgWo.exe
  C:\Windows\System32\XLcqgWo.exe
  2⤵
  PID:10048
- C:\Windows\System32\exCSqPQ.exe
  C:\Windows\System32\exCSqPQ.exe
  2⤵
  PID:10064
- C:\Windows\System32\FcjeGhB.exe
  C:\Windows\System32\FcjeGhB.exe
  2⤵
  PID:10080
- C:\Windows\System32\cdZYNDV.exe
  C:\Windows\System32\cdZYNDV.exe
  2⤵
  PID:10100
- C:\Windows\System32\vcWfYme.exe
  C:\Windows\System32\vcWfYme.exe
  2⤵
  PID:10140
- C:\Windows\System32\ytHDRBV.exe
  C:\Windows\System32\ytHDRBV.exe
  2⤵
  PID:10188
- C:\Windows\System32\ENLrJlk.exe
  C:\Windows\System32\ENLrJlk.exe
  2⤵
  PID:10212
- C:\Windows\System32\nEiCOTK.exe
  C:\Windows\System32\nEiCOTK.exe
  2⤵
  PID:10236
- C:\Windows\System32\dcPsEOu.exe
  C:\Windows\System32\dcPsEOu.exe
  2⤵
  PID:9300
- C:\Windows\System32\wpEpgHB.exe
  C:\Windows\System32\wpEpgHB.exe
  2⤵
  PID:9344
- C:\Windows\System32\RxuApmO.exe
  C:\Windows\System32\RxuApmO.exe
  2⤵
  PID:9412
- C:\Windows\System32\hvejaxD.exe
  C:\Windows\System32\hvejaxD.exe
  2⤵
  PID:9504
- C:\Windows\System32\KceTSjz.exe
  C:\Windows\System32\KceTSjz.exe
  2⤵
  PID:9576
- C:\Windows\System32\WznlNtI.exe
  C:\Windows\System32\WznlNtI.exe
  2⤵
  PID:9612
- C:\Windows\System32\gSAYwyC.exe
  C:\Windows\System32\gSAYwyC.exe
  2⤵
  PID:9700
- C:\Windows\System32\ENWahew.exe
  C:\Windows\System32\ENWahew.exe
  2⤵
  PID:9796
- C:\Windows\System32\LFtdpby.exe
  C:\Windows\System32\LFtdpby.exe
  2⤵
  PID:9716
- C:\Windows\System32\iZdWHpz.exe
  C:\Windows\System32\iZdWHpz.exe
  2⤵
  PID:9840
- C:\Windows\System32\QASqFoZ.exe
  C:\Windows\System32\QASqFoZ.exe
  2⤵
  PID:9896
- C:\Windows\System32\wtkWFCG.exe
  C:\Windows\System32\wtkWFCG.exe
  2⤵
  PID:9892
- C:\Windows\System32\PBQgKaS.exe
  C:\Windows\System32\PBQgKaS.exe
  2⤵
  PID:9992
- C:\Windows\System32\fQbBXuO.exe
  C:\Windows\System32\fQbBXuO.exe
  2⤵
  PID:10020
- C:\Windows\System32\WeegTtS.exe
  C:\Windows\System32\WeegTtS.exe
  2⤵
  PID:10076
- C:\Windows\System32\TOoJlZw.exe
  C:\Windows\System32\TOoJlZw.exe
  2⤵
  PID:10132
- C:\Windows\System32\qzoBCQz.exe
  C:\Windows\System32\qzoBCQz.exe
  2⤵
  PID:10228
- C:\Windows\System32\dQNdShk.exe
  C:\Windows\System32\dQNdShk.exe
  2⤵
  PID:9280
- C:\Windows\System32\bCLBDbH.exe
  C:\Windows\System32\bCLBDbH.exe
  2⤵
  PID:9384
- C:\Windows\System32\fKYUrRo.exe
  C:\Windows\System32\fKYUrRo.exe
  2⤵
  PID:9424
- C:\Windows\System32\DGKRyLS.exe
  C:\Windows\System32\DGKRyLS.exe
  2⤵
  PID:9776
- C:\Windows\System32\AYiRiTd.exe
  C:\Windows\System32\AYiRiTd.exe
  2⤵
  PID:9752
- C:\Windows\System32\hVfCKBY.exe
  C:\Windows\System32\hVfCKBY.exe
  2⤵
  PID:9708
- C:\Windows\System32\nsQDGbL.exe
  C:\Windows\System32\nsQDGbL.exe
  2⤵
  PID:9788
- C:\Windows\System32\xgrngju.exe
  C:\Windows\System32\xgrngju.exe
  2⤵
  PID:10056
- C:\Windows\System32\nRJQRPW.exe
  C:\Windows\System32\nRJQRPW.exe
  2⤵
  PID:9936
- C:\Windows\System32\MtBEhuw.exe
  C:\Windows\System32\MtBEhuw.exe
  2⤵
  PID:10148
- C:\Windows\System32\BUHXuhM.exe
  C:\Windows\System32\BUHXuhM.exe
  2⤵
  PID:10220
- C:\Windows\System32\NmpjVaL.exe
  C:\Windows\System32\NmpjVaL.exe
  2⤵
  PID:6056
- C:\Windows\System32\QfoBfBu.exe
  C:\Windows\System32\QfoBfBu.exe
  2⤵
  PID:10268
- C:\Windows\System32\TaIgMPd.exe
  C:\Windows\System32\TaIgMPd.exe
  2⤵
  PID:10292
- C:\Windows\System32\QRNEsdm.exe
  C:\Windows\System32\QRNEsdm.exe
  2⤵
  PID:10308
- C:\Windows\System32\fJGhubG.exe
  C:\Windows\System32\fJGhubG.exe
  2⤵
  PID:10332
- C:\Windows\System32\cWMmEAd.exe
  C:\Windows\System32\cWMmEAd.exe
  2⤵
  PID:10356
- C:\Windows\System32\LiFgzIA.exe
  C:\Windows\System32\LiFgzIA.exe
  2⤵
  PID:10384
- C:\Windows\System32\wVDnwfV.exe
  C:\Windows\System32\wVDnwfV.exe
  2⤵
  PID:10420
- C:\Windows\System32\FiBqRVp.exe
  C:\Windows\System32\FiBqRVp.exe
  2⤵
  PID:10440
- C:\Windows\System32\EWzUklG.exe
  C:\Windows\System32\EWzUklG.exe
  2⤵
  PID:10468
- C:\Windows\System32\UshhvtL.exe
  C:\Windows\System32\UshhvtL.exe
  2⤵
  PID:10492
- C:\Windows\System32\UkUGbAN.exe
  C:\Windows\System32\UkUGbAN.exe
  2⤵
  PID:10512
- C:\Windows\System32\XcYRBzK.exe
  C:\Windows\System32\XcYRBzK.exe
  2⤵
  PID:10568
- C:\Windows\System32\WirNHrR.exe
  C:\Windows\System32\WirNHrR.exe
  2⤵
  PID:10592
- C:\Windows\System32\ooaxxPd.exe
  C:\Windows\System32\ooaxxPd.exe
  2⤵
  PID:10612
- C:\Windows\System32\bXzolvd.exe
  C:\Windows\System32\bXzolvd.exe
  2⤵
  PID:10636
- C:\Windows\System32\kTdqQCn.exe
  C:\Windows\System32\kTdqQCn.exe
  2⤵
  PID:10656
- C:\Windows\System32\QFRAtTD.exe
  C:\Windows\System32\QFRAtTD.exe
  2⤵
  PID:10716
- C:\Windows\System32\HGVMlzU.exe
  C:\Windows\System32\HGVMlzU.exe
  2⤵
  PID:10748
- C:\Windows\System32\wvFdxMR.exe
  C:\Windows\System32\wvFdxMR.exe
  2⤵
  PID:10764
- C:\Windows\System32\KOKvJkK.exe
  C:\Windows\System32\KOKvJkK.exe
  2⤵
  PID:10784
- C:\Windows\System32\bbxUPNC.exe
  C:\Windows\System32\bbxUPNC.exe
  2⤵
  PID:10804
- C:\Windows\System32\gnkviqS.exe
  C:\Windows\System32\gnkviqS.exe
  2⤵
  PID:10824
- C:\Windows\System32\KsJHyPu.exe
  C:\Windows\System32\KsJHyPu.exe
  2⤵
  PID:10840
- C:\Windows\System32\oIUeEeD.exe
  C:\Windows\System32\oIUeEeD.exe
  2⤵
  PID:10884
- C:\Windows\System32\qadFKiV.exe
  C:\Windows\System32\qadFKiV.exe
  2⤵
  PID:10924
- C:\Windows\System32\ViHOJwE.exe
  C:\Windows\System32\ViHOJwE.exe
  2⤵
  PID:10952
- C:\Windows\System32\FlJKqDS.exe
  C:\Windows\System32\FlJKqDS.exe
  2⤵
  PID:10972
- C:\Windows\System32\NnqfBol.exe
  C:\Windows\System32\NnqfBol.exe
  2⤵
  PID:10988
- C:\Windows\System32\KDWmSRV.exe
  C:\Windows\System32\KDWmSRV.exe
  2⤵
  PID:11016
- C:\Windows\System32\vzbLRUd.exe
  C:\Windows\System32\vzbLRUd.exe
  2⤵
  PID:11056
- C:\Windows\System32\GaYxOfm.exe
  C:\Windows\System32\GaYxOfm.exe
  2⤵
  PID:11072
- C:\Windows\System32\GJfUoru.exe
  C:\Windows\System32\GJfUoru.exe
  2⤵
  PID:11140
- C:\Windows\System32\uzSFIlL.exe
  C:\Windows\System32\uzSFIlL.exe
  2⤵
  PID:11160
- C:\Windows\System32\oQwmYfj.exe
  C:\Windows\System32\oQwmYfj.exe
  2⤵
  PID:11180
- C:\Windows\System32\SbWCqot.exe
  C:\Windows\System32\SbWCqot.exe
  2⤵
  PID:11224
- C:\Windows\System32\sycwLKV.exe
  C:\Windows\System32\sycwLKV.exe
  2⤵
  PID:11252
- C:\Windows\System32\gYxzNiE.exe
  C:\Windows\System32\gYxzNiE.exe
  2⤵
  PID:10248
- C:\Windows\System32\UqiYtfL.exe
  C:\Windows\System32\UqiYtfL.exe
  2⤵
  PID:10276
- C:\Windows\System32\JtmbqLv.exe
  C:\Windows\System32\JtmbqLv.exe
  2⤵
  PID:10340
- C:\Windows\System32\EGHdTSV.exe
  C:\Windows\System32\EGHdTSV.exe
  2⤵
  PID:10436
- C:\Windows\System32\VWEgwfX.exe
  C:\Windows\System32\VWEgwfX.exe
  2⤵
  PID:10508
- C:\Windows\System32\ubMKkeU.exe
  C:\Windows\System32\ubMKkeU.exe
  2⤵
  PID:10520
- C:\Windows\System32\fwJhakH.exe
  C:\Windows\System32\fwJhakH.exe
  2⤵
  PID:10648
- C:\Windows\System32\dRbBoZC.exe
  C:\Windows\System32\dRbBoZC.exe
  2⤵
  PID:10588
- C:\Windows\System32\LfeDaZE.exe
  C:\Windows\System32\LfeDaZE.exe
  2⤵
  PID:10732
- C:\Windows\System32\JjMbpnm.exe
  C:\Windows\System32\JjMbpnm.exe
  2⤵
  PID:10780
- C:\Windows\System32\IHcwpbq.exe
  C:\Windows\System32\IHcwpbq.exe
  2⤵
  PID:10800
- C:\Windows\System32\ajCiBBg.exe
  C:\Windows\System32\ajCiBBg.exe
  2⤵
  PID:10832
- C:\Windows\System32\fDCbUsN.exe
  C:\Windows\System32\fDCbUsN.exe
  2⤵
  PID:10872
- C:\Windows\System32\DagUNZm.exe
  C:\Windows\System32\DagUNZm.exe
  2⤵
  PID:10916
- C:\Windows\System32\dhaBeEN.exe
  C:\Windows\System32\dhaBeEN.exe
  2⤵
  PID:10944
- C:\Windows\System32\ViyZJaq.exe
  C:\Windows\System32\ViyZJaq.exe
  2⤵
  PID:11008
- C:\Windows\System32\JeHOWUt.exe
  C:\Windows\System32\JeHOWUt.exe
  2⤵
  PID:11032
- C:\Windows\System32\PrGfjcw.exe
  C:\Windows\System32\PrGfjcw.exe
  2⤵
  PID:11080
- C:\Windows\System32\RtBNPZl.exe
  C:\Windows\System32\RtBNPZl.exe
  2⤵
  PID:11204
- C:\Windows\System32\yqwlSVA.exe
  C:\Windows\System32\yqwlSVA.exe
  2⤵
  PID:10416
- C:\Windows\System32\VEycqtZ.exe
  C:\Windows\System32\VEycqtZ.exe
  2⤵
  PID:10488
- C:\Windows\System32\zPfPNKd.exe
  C:\Windows\System32\zPfPNKd.exe
  2⤵
  PID:10760
- C:\Windows\System32\zsnjGnY.exe
  C:\Windows\System32\zsnjGnY.exe
  2⤵
  PID:10996
- C:\Windows\System32\ASrEYEK.exe
  C:\Windows\System32\ASrEYEK.exe
  2⤵
  PID:11028
- C:\Windows\System32\bPdajax.exe
  C:\Windows\System32\bPdajax.exe
  2⤵
  PID:11172
- C:\Windows\System32\euJznYV.exe
  C:\Windows\System32\euJznYV.exe
  2⤵
  PID:10260
- C:\Windows\System32\roanceG.exe
  C:\Windows\System32\roanceG.exe
  2⤵
  PID:10392
- C:\Windows\System32\JUMoPCZ.exe
  C:\Windows\System32\JUMoPCZ.exe
  2⤵
  PID:11308
- C:\Windows\System32\RCBaEzq.exe
  C:\Windows\System32\RCBaEzq.exe
  2⤵
  PID:11340
- C:\Windows\System32\oVNGwOz.exe
  C:\Windows\System32\oVNGwOz.exe
  2⤵
  PID:11372
- C:\Windows\System32\DLAOoXW.exe
  C:\Windows\System32\DLAOoXW.exe
  2⤵
  PID:11388
- C:\Windows\System32\hXHvSQb.exe
  C:\Windows\System32\hXHvSQb.exe
  2⤵
  PID:11404
- C:\Windows\System32\aGwREar.exe
  C:\Windows\System32\aGwREar.exe
  2⤵
  PID:11428
- C:\Windows\System32\rbPfBfH.exe
  C:\Windows\System32\rbPfBfH.exe
  2⤵
  PID:11476
- C:\Windows\System32\PFxQPjl.exe
  C:\Windows\System32\PFxQPjl.exe
  2⤵
  PID:11512
- C:\Windows\System32\nbqReUU.exe
  C:\Windows\System32\nbqReUU.exe
  2⤵
  PID:11548
- C:\Windows\System32\NYIhvHu.exe
  C:\Windows\System32\NYIhvHu.exe
  2⤵
  PID:11564
- C:\Windows\System32\gfczGRJ.exe
  C:\Windows\System32\gfczGRJ.exe
  2⤵
  PID:11588
- C:\Windows\System32\FcFZvEK.exe
  C:\Windows\System32\FcFZvEK.exe
  2⤵
  PID:11632
- C:\Windows\System32\XHcZXlJ.exe
  C:\Windows\System32\XHcZXlJ.exe
  2⤵
  PID:11672
- C:\Windows\System32\scBEMEn.exe
  C:\Windows\System32\scBEMEn.exe
  2⤵
  PID:11728
- C:\Windows\System32\YWFYtuo.exe
  C:\Windows\System32\YWFYtuo.exe
  2⤵
  PID:11744
- C:\Windows\System32\OgsUiWn.exe
  C:\Windows\System32\OgsUiWn.exe
  2⤵
  PID:11760
- C:\Windows\System32\EOrjIvQ.exe
  C:\Windows\System32\EOrjIvQ.exe
  2⤵
  PID:11784
- C:\Windows\System32\NtOKpmt.exe
  C:\Windows\System32\NtOKpmt.exe
  2⤵
  PID:11800
- C:\Windows\System32\oaceIYK.exe
  C:\Windows\System32\oaceIYK.exe
  2⤵
  PID:11840
- C:\Windows\System32\itzaCKz.exe
  C:\Windows\System32\itzaCKz.exe
  2⤵
  PID:11884
- C:\Windows\System32\GZQpNOu.exe
  C:\Windows\System32\GZQpNOu.exe
  2⤵
  PID:11904
- C:\Windows\System32\tYtWCrO.exe
  C:\Windows\System32\tYtWCrO.exe
  2⤵
  PID:11932
- C:\Windows\System32\OEQpgdN.exe
  C:\Windows\System32\OEQpgdN.exe
  2⤵
  PID:11960
- C:\Windows\System32\rqlxqqS.exe
  C:\Windows\System32\rqlxqqS.exe
  2⤵
  PID:12000
- C:\Windows\System32\SQdDMDB.exe
  C:\Windows\System32\SQdDMDB.exe
  2⤵
  PID:12016
- C:\Windows\System32\RhVpOhh.exe
  C:\Windows\System32\RhVpOhh.exe
  2⤵
  PID:12032
- C:\Windows\System32\UFyvnoM.exe
  C:\Windows\System32\UFyvnoM.exe
  2⤵
  PID:12052
- C:\Windows\System32\VqOSINe.exe
  C:\Windows\System32\VqOSINe.exe
  2⤵
  PID:12080
- C:\Windows\System32\rUUIgkl.exe
  C:\Windows\System32\rUUIgkl.exe
  2⤵
  PID:12100
- C:\Windows\System32\aUKvwFF.exe
  C:\Windows\System32\aUKvwFF.exe
  2⤵
  PID:12144
- C:\Windows\System32\wnqsXav.exe
  C:\Windows\System32\wnqsXav.exe
  2⤵
  PID:12164
- C:\Windows\System32\IuIbcBR.exe
  C:\Windows\System32\IuIbcBR.exe
  2⤵
  PID:12184
- C:\Windows\System32\LbEcsQm.exe
  C:\Windows\System32\LbEcsQm.exe
  2⤵
  PID:12228
- C:\Windows\System32\pLspswJ.exe
  C:\Windows\System32\pLspswJ.exe
  2⤵
  PID:12268
- C:\Windows\System32\dgqiYjX.exe
  C:\Windows\System32\dgqiYjX.exe
  2⤵
  PID:11188
- C:\Windows\System32\knwgGOS.exe
  C:\Windows\System32\knwgGOS.exe
  2⤵
  PID:10404
- C:\Windows\System32\SAORoTX.exe
  C:\Windows\System32\SAORoTX.exe
  2⤵
  PID:10812
- C:\Windows\System32\FaMGgfx.exe
  C:\Windows\System32\FaMGgfx.exe
  2⤵
  PID:11288
- C:\Windows\System32\tdCOunA.exe
  C:\Windows\System32\tdCOunA.exe
  2⤵
  PID:11384
- C:\Windows\System32\xGSAgaC.exe
  C:\Windows\System32\xGSAgaC.exe
  2⤵
  PID:11380
- C:\Windows\System32\pSIKYgR.exe
  C:\Windows\System32\pSIKYgR.exe
  2⤵
  PID:11508
- C:\Windows\System32\pgkyjID.exe
  C:\Windows\System32\pgkyjID.exe
  2⤵
  PID:11556
- C:\Windows\System32\LsphPFW.exe
  C:\Windows\System32\LsphPFW.exe
  2⤵
  PID:11664
- C:\Windows\System32\tYwUQtD.exe
  C:\Windows\System32\tYwUQtD.exe
  2⤵
  PID:11740
- C:\Windows\System32\ixGCOaQ.exe
  C:\Windows\System32\ixGCOaQ.exe
  2⤵
  PID:11792
- C:\Windows\System32\oNscISd.exe
  C:\Windows\System32\oNscISd.exe
  2⤵
  PID:11816
- C:\Windows\System32\MkKPwaZ.exe
  C:\Windows\System32\MkKPwaZ.exe
  2⤵
  PID:11860
- C:\Windows\System32\LIlWMuN.exe
  C:\Windows\System32\LIlWMuN.exe
  2⤵
  PID:12024
- C:\Windows\System32\OLebXML.exe
  C:\Windows\System32\OLebXML.exe
  2⤵
  PID:12040
- C:\Windows\System32\NcwEyJK.exe
  C:\Windows\System32\NcwEyJK.exe
  2⤵
  PID:12140
- C:\Windows\System32\ZSDEtnF.exe
  C:\Windows\System32\ZSDEtnF.exe
  2⤵
  PID:12248
- C:\Windows\System32\CKTjwSb.exe
  C:\Windows\System32\CKTjwSb.exe
  2⤵
  PID:10548
- C:\Windows\System32\FFpSyJs.exe
  C:\Windows\System32\FFpSyJs.exe
  2⤵
  PID:11100
- C:\Windows\System32\dsawkmB.exe
  C:\Windows\System32\dsawkmB.exe
  2⤵
  PID:11532
- C:\Windows\System32\FVfkUdx.exe
  C:\Windows\System32\FVfkUdx.exe
  2⤵
  PID:11612
- C:\Windows\System32\nREPaCt.exe
  C:\Windows\System32\nREPaCt.exe
  2⤵
  PID:11852
- C:\Windows\System32\zMNYKGn.exe
  C:\Windows\System32\zMNYKGn.exe
  2⤵
  PID:11924
- C:\Windows\System32\UGhxOEC.exe
  C:\Windows\System32\UGhxOEC.exe
  2⤵
  PID:11980
- C:\Windows\System32\oXQGmJB.exe
  C:\Windows\System32\oXQGmJB.exe
  2⤵
  PID:12152
- C:\Windows\System32\MayaliX.exe
  C:\Windows\System32\MayaliX.exe
  2⤵
  PID:11320
- C:\Windows\System32\gEVqOHW.exe
  C:\Windows\System32\gEVqOHW.exe
  2⤵
  PID:11284
- C:\Windows\System32\DISpaHT.exe
  C:\Windows\System32\DISpaHT.exe
  2⤵
  PID:11704
- C:\Windows\System32\dNnhmuX.exe
  C:\Windows\System32\dNnhmuX.exe
  2⤵
  PID:11940
- C:\Windows\System32\lYjLkAX.exe
  C:\Windows\System32\lYjLkAX.exe
  2⤵
  PID:12156
- C:\Windows\System32\rbmLpYZ.exe
  C:\Windows\System32\rbmLpYZ.exe
  2⤵
  PID:11832
- C:\Windows\System32\xicWWof.exe
  C:\Windows\System32\xicWWof.exe
  2⤵
  PID:12292
- C:\Windows\System32\gEEQhfT.exe
  C:\Windows\System32\gEEQhfT.exe
  2⤵
  PID:12312
- C:\Windows\System32\wfqicMP.exe
  C:\Windows\System32\wfqicMP.exe
  2⤵
  PID:12328
- C:\Windows\System32\cBNucDX.exe
  C:\Windows\System32\cBNucDX.exe
  2⤵
  PID:12352
- C:\Windows\System32\gGtAXGM.exe
  C:\Windows\System32\gGtAXGM.exe
  2⤵
  PID:12376
- C:\Windows\System32\tjsNflb.exe
  C:\Windows\System32\tjsNflb.exe
  2⤵
  PID:12404
- C:\Windows\System32\JcQVhtk.exe
  C:\Windows\System32\JcQVhtk.exe
  2⤵
  PID:12428
- C:\Windows\System32\iChDjPo.exe
  C:\Windows\System32\iChDjPo.exe
  2⤵
  PID:12492
- C:\Windows\System32\clAYCgC.exe
  C:\Windows\System32\clAYCgC.exe
  2⤵
  PID:12520
- C:\Windows\System32\HWvzrei.exe
  C:\Windows\System32\HWvzrei.exe
  2⤵
  PID:12556
- C:\Windows\System32\klKeaDR.exe
  C:\Windows\System32\klKeaDR.exe
  2⤵
  PID:12592
- C:\Windows\System32\vBmiMIk.exe
  C:\Windows\System32\vBmiMIk.exe
  2⤵
  PID:12648
- C:\Windows\System32\xqfDTyd.exe
  C:\Windows\System32\xqfDTyd.exe
  2⤵
  PID:12684
- C:\Windows\System32\ShWpQVT.exe
  C:\Windows\System32\ShWpQVT.exe
  2⤵
  PID:12700
- C:\Windows\System32\NtWMWZg.exe
  C:\Windows\System32\NtWMWZg.exe
  2⤵
  PID:12720
- C:\Windows\System32\JaRXQox.exe
  C:\Windows\System32\JaRXQox.exe
  2⤵
  PID:12736
- C:\Windows\System32\gPtGQdI.exe
  C:\Windows\System32\gPtGQdI.exe
  2⤵
  PID:12752
- C:\Windows\System32\SOnchCy.exe
  C:\Windows\System32\SOnchCy.exe
  2⤵
  PID:12780
- C:\Windows\System32\NVsBrox.exe
  C:\Windows\System32\NVsBrox.exe
  2⤵
  PID:12800
- C:\Windows\System32\KkkhDqa.exe
  C:\Windows\System32\KkkhDqa.exe
  2⤵
  PID:12868
- C:\Windows\System32\wHeVTAW.exe
  C:\Windows\System32\wHeVTAW.exe
  2⤵
  PID:12904
- C:\Windows\System32\dXTZiMt.exe
  C:\Windows\System32\dXTZiMt.exe
  2⤵
  PID:12928
- C:\Windows\System32\PXTTgGy.exe
  C:\Windows\System32\PXTTgGy.exe
  2⤵
  PID:12952
- C:\Windows\System32\eJqfAJh.exe
  C:\Windows\System32\eJqfAJh.exe
  2⤵
  PID:12972
- C:\Windows\System32\vSLoOzb.exe
  C:\Windows\System32\vSLoOzb.exe
  2⤵
  PID:12992
- C:\Windows\System32\cslijNQ.exe
  C:\Windows\System32\cslijNQ.exe
  2⤵
  PID:13020
- C:\Windows\System32\MVyUiuv.exe
  C:\Windows\System32\MVyUiuv.exe
  2⤵
  PID:13036
- C:\Windows\System32\xUwWuls.exe
  C:\Windows\System32\xUwWuls.exe
  2⤵
  PID:13060
- C:\Windows\System32\vtMUonp.exe
  C:\Windows\System32\vtMUonp.exe
  2⤵
  PID:13084
- C:\Windows\System32\WEEXyHi.exe
  C:\Windows\System32\WEEXyHi.exe
  2⤵
  PID:13104
- C:\Windows\System32\PSeuyQY.exe
  C:\Windows\System32\PSeuyQY.exe
  2⤵
  PID:13132
- C:\Windows\System32\qPvScFk.exe
  C:\Windows\System32\qPvScFk.exe
  2⤵
  PID:13160
- C:\Windows\System32\VoxEgvl.exe
  C:\Windows\System32\VoxEgvl.exe
  2⤵
  PID:13220
- C:\Windows\System32\iKteHZV.exe
  C:\Windows\System32\iKteHZV.exe
  2⤵
  PID:13248
- C:\Windows\System32\ciqWLiM.exe
  C:\Windows\System32\ciqWLiM.exe
  2⤵
  PID:13272
- C:\Windows\System32\BaIGfLl.exe
  C:\Windows\System32\BaIGfLl.exe
  2⤵
  PID:13308
- C:\Windows\System32\dPbOhiu.exe
  C:\Windows\System32\dPbOhiu.exe
  2⤵
  PID:12348
- C:\Windows\System32\QFVjeMr.exe
  C:\Windows\System32\QFVjeMr.exe
  2⤵
  PID:12412
- C:\Windows\System32\ivUBZyd.exe
  C:\Windows\System32\ivUBZyd.exe
  2⤵
  PID:12320
- C:\Windows\System32\zzzdxHl.exe
  C:\Windows\System32\zzzdxHl.exe
  2⤵
  PID:12436
- C:\Windows\System32\fDLjqKU.exe
  C:\Windows\System32\fDLjqKU.exe
  2⤵
  PID:12500
- C:\Windows\System32\RontIYG.exe
  C:\Windows\System32\RontIYG.exe
  2⤵
  PID:12540
- C:\Windows\System32\KrOhaKc.exe
  C:\Windows\System32\KrOhaKc.exe
  2⤵
  PID:12644
- C:\Windows\System32\kVKPGDu.exe
  C:\Windows\System32\kVKPGDu.exe
  2⤵
  PID:12744
- C:\Windows\System32\ePPJIKU.exe
  C:\Windows\System32\ePPJIKU.exe
  2⤵
  PID:12824
- C:\Windows\System32\FWPmcAl.exe
  C:\Windows\System32\FWPmcAl.exe
  2⤵
  PID:12808
- C:\Windows\System32\ikYskXI.exe
  C:\Windows\System32\ikYskXI.exe
  2⤵
  PID:12944
- C:\Windows\System32\hgBOpuT.exe
  C:\Windows\System32\hgBOpuT.exe
  2⤵
  PID:12964
- C:\Windows\System32\BeRoIeM.exe
  C:\Windows\System32\BeRoIeM.exe
  2⤵
  PID:13048
- C:\Windows\System32\zisgvCK.exe
  C:\Windows\System32\zisgvCK.exe
  2⤵
  PID:13072
- C:\Windows\System32\cFskNcG.exe
  C:\Windows\System32\cFskNcG.exe
  2⤵
  PID:13096
- C:\Windows\System32\EYBwcSV.exe
  C:\Windows\System32\EYBwcSV.exe
  2⤵
  PID:13156
- C:\Windows\System32\hpODzBl.exe
  C:\Windows\System32\hpODzBl.exe
  2⤵
  PID:13232
- C:\Windows\System32\GAcwwtY.exe
  C:\Windows\System32\GAcwwtY.exe
  2⤵
  PID:13268
- C:\Windows\System32\CgstYlY.exe
  C:\Windows\System32\CgstYlY.exe
  2⤵
  PID:10448
- C:\Windows\System32\CUBZKvP.exe
  C:\Windows\System32\CUBZKvP.exe
  2⤵
  PID:12504
- C:\Windows\System32\tdrFyes.exe
  C:\Windows\System32\tdrFyes.exe
  2⤵
  PID:12528
- C:\Windows\System32\eYaMJVg.exe
  C:\Windows\System32\eYaMJVg.exe
  2⤵
  PID:12656
- C:\Windows\System32\MWLwRVC.exe
  C:\Windows\System32\MWLwRVC.exe
  2⤵
  PID:13012
- C:\Windows\System32\sencvHl.exe
  C:\Windows\System32\sencvHl.exe
  2⤵
  PID:7508
- C:\Windows\System32\YYEBrJE.exe
  C:\Windows\System32\YYEBrJE.exe
  2⤵
  PID:12392
- C:\Windows\System32\Xhphkna.exe
  C:\Windows\System32\Xhphkna.exe
  2⤵
  PID:12716
- C:\Windows\System32\UvtwqIQ.exe
  C:\Windows\System32\UvtwqIQ.exe
  2⤵
  PID:13124
- C:\Windows\System32\bQIxEHB.exe
  C:\Windows\System32\bQIxEHB.exe
  2⤵
  PID:12760
- C:\Windows\System32\GAXsQZK.exe
  C:\Windows\System32\GAXsQZK.exe
  2⤵
  PID:13340
- C:\Windows\System32\FnAOxFD.exe
  C:\Windows\System32\FnAOxFD.exe
  2⤵
  PID:13364
- C:\Windows\System32\PcXgJxR.exe
  C:\Windows\System32\PcXgJxR.exe
  2⤵
  PID:13388
- C:\Windows\System32\eSMWVPW.exe
  C:\Windows\System32\eSMWVPW.exe
  2⤵
  PID:13408
- C:\Windows\System32\fxTUfHU.exe
  C:\Windows\System32\fxTUfHU.exe
  2⤵
  PID:13436
- C:\Windows\System32\lABROXQ.exe
  C:\Windows\System32\lABROXQ.exe
  2⤵
  PID:13460
- C:\Windows\System32\gXFqJRS.exe
  C:\Windows\System32\gXFqJRS.exe
  2⤵
  PID:13500
- C:\Windows\System32\cagEgRd.exe
  C:\Windows\System32\cagEgRd.exe
  2⤵
  PID:13520
- C:\Windows\System32\ySHKhVY.exe
  C:\Windows\System32\ySHKhVY.exe
  2⤵
  PID:13536

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AzVTzvy.exe

Filesize
1.2MB

MD5
994f9e3091bd72664931abe6c4a6a44d

SHA1
e7723e6c0cb40f86a30dd6a9a3aa0b855c4bcd64

SHA256
cabee103b79ccdca02e752b45a8e5d94dd09c7f046d9e61468b220bd902cb6f4

SHA512
10c3f541e680b2427e0ba889f2e60650c89bcd611c2beebb3940bed4ccaac2f6f1c412a19d6af1b2848d3b736fcab35425af302abdef409f555bb29bd1e97709

Download Submit
C:\Windows\System32\BWwBLHM.exe

Filesize
1.2MB

MD5
7caf21d8f4b61f3cc10a9cae35a1de3c

SHA1
ec1c426902b49e8eb4ac284affeddd434c29d3a2

SHA256
bb7d4e2680c8b5f254c60cef2fcdd9f939fa4a7ea645d211e45e3dabea5544c8

SHA512
394061b321289965416c24903f9da344e84386ef98fc5c9eaf3c296a1e9afe5872b048752cf4695a87bc4efb203f9520ba20a508729e9acd718a1540341a27da

Download Submit
C:\Windows\System32\DhvxIcy.exe

Filesize
1.2MB

MD5
09f00629fd9e5baaf66339ad13596935

SHA1
bd47c5900f138e4f71e132029893e578f9e1d28d

SHA256
7b0e5f8bf8f7caad9c422a389a6a6a1fd7e179f2acbc7a177adb10e0b307be6b

SHA512
09e1c86872713ee482e62b7e0c022f95b69b847d92b8f1409e84e032bdbfe39727762f81e0a223102fecdf1df382b6bcb1de2933191b8b31b9f4782409edaa99

Download Submit
C:\Windows\System32\FyrNJiv.exe

Filesize
1.2MB

MD5
ea7b3ed79e07267c1f7057607981d9c8

SHA1
1f2f9233d767e936b7b2f33b8ce2c9a562a455dd

SHA256
83e31142a7bdd98b63eb5f3d52e0ec882066d41af49ce1a5b3f8b489debe6e82

SHA512
11017a44356fc56a2e1198a0f517d3eeef7e155b2f8f2bc08559270f0faf895773d071ed8b95c8952199a9532221038538e9969061286be549dac655f44e5f7d

Download Submit
C:\Windows\System32\GirXSGN.exe

Filesize
1.2MB

MD5
4dcf7e90ce23473a557542fde317fd82

SHA1
6d2fa044b51d9934181e7b1f54fa0e057e7caec2

SHA256
8efdbfa09286787889e679d6ecca023dbeca2f02172e5f95ba1b58fe2d66c152

SHA512
b2cb76b1122a3245b3ef19623761e44669aac9cdf63054841c15f72bf0c04328e9c86987a5192543a3fcc6214d93a0bd8df6995b4975e899f6353cf8fe5ca0e2

Download Submit
C:\Windows\System32\KHJuQER.exe

Filesize
1.2MB

MD5
24a6a998260ba357a1e5abafb3570c6d

SHA1
048db560f7686c7e072035c1b89f7777a693cc31

SHA256
34498a784d1cf7e78bd2b3a57db8d07aafd7f7965529e3e2f53e8dc69691be06

SHA512
abf5695e44d6bc5113f39747e6286ceeba19c529d255f8bdf8aab16ea8ba71541a2682a4af46087b3316d53ad484070b95a627497b1ee220a968c2b37b75a5d7

Download Submit
C:\Windows\System32\KeiinpY.exe

Filesize
1.2MB

MD5
6b42bcda79a33ff2f6f2df397175046a

SHA1
e5a6afaa6d7725a89eef060e9fefc5e53e67a969

SHA256
d7c84bccf98a62dd2938026ba4451edf4979e427e4fda612b2e7a24459c037a5

SHA512
1c6c4970047a9add5c9c66253afdef0975e543b4909152ec8589a62745e0bc289ab70ff52a1cd05f9578b035f295e44d498a64242373302b9ce20df8f1d338ff

Download Submit
C:\Windows\System32\MrBOXIo.exe

Filesize
1.2MB

MD5
c67059ab1dd2e605b7ef0397eb057424

SHA1
1a182e44377106c65cdda3abd5da95492b30500f

SHA256
cbfc4589c5084787f15b9b80b40602c0391a2edfb6f0570f46a0dc6d7d6fc3b2

SHA512
2796b502829dce5738d6787da9f59eeab13b44711014584bf960b33eaf32cfaf7b5868a100ceca853bfde92f397c9a88a67bc3b504c251ba8122224ce0d28e29

Download Submit
C:\Windows\System32\PzrfGFN.exe

Filesize
1.2MB

MD5
3f5a1f0e33771bf1af9edc89f2a657a3

SHA1
124ccf534be69246fe66286a81d6db10d4b35ef1

SHA256
365554ebd4bc672f98ffb17bc2d5a19cb0cfc43582fa596c7782c8b0a22ff10c

SHA512
f993409591972637e39ceb49c98551dab6f700c59b573f5601a6f39144dc7dd974e63ca9ee39d95c572fa51689f4d16a68f30e4202856cb533d1ddd5c58b659c

Download Submit
C:\Windows\System32\QrmGGTw.exe

Filesize
1.2MB

MD5
cb4f802588dd7a5e95876b101bfd5978

SHA1
8f9d9d31280f2b01be747a85948c6fee35b32385

SHA256
8beff6a00738f5edf0046cd5d7d43ea4de9250b41d21c34bec3742a4f9b811b1

SHA512
3ee2e9de4d1e30eee98763271bed4f60d886f475f6b2fe51f7f063bae1b8d9195ad91c580a0fe25bbefc328cd7f1dd6cb009e01bdbd0ecfd16aa2eb44615c22d

Download Submit
C:\Windows\System32\RJtrLsS.exe

Filesize
1.2MB

MD5
0d45e3f24c1e01441bf0553ef9cf05bc

SHA1
941079f4ba6ee1c32e910bc985255ff3f273e069

SHA256
a3563fa61b01df94c74c91c103ee99c55cc5f4fc97748b5e26210eb3894ec01d

SHA512
aca8ec97ce963311ff06abaa3147480d1282a678e01b49605e0025ab84f241bfdc7287209632a388a207e9c0c787ccfef1d3bfd95491bc3baf01e1996e42be62

Download Submit
C:\Windows\System32\Rbgugmf.exe

Filesize
1.2MB

MD5
58fa7626537f9d665e692e9b8f59c875

SHA1
efb28babdade08688f6108fadcd9d00f277f6797

SHA256
8b740c350f59b465a93e3f3a04f38461a99c5cb2441a4705f9ce0036f320dea3

SHA512
d0eb77a684b060f4b112579e85642f89f2203d28921943a9f014a6dd4e4513ea0cda2c1a4f6eae7ec0d68daca96d31dd5a4fa16e6bc9676013c7650a40dd6082

Download Submit
C:\Windows\System32\TgGeaai.exe

Filesize
1.2MB

MD5
084579a35f8bba88e70e6d18465a1e58

SHA1
28d9de748f6d510db4620fc6d47f471c23ce4037

SHA256
5cb62fd79068eca078bc2bfce113b6e8e44c2e49c19f2dac27660c5c1c5fd5c5

SHA512
6094f54ccede5d9999513bece5327992136e6b779ebcd2c20169b382473bc191704f72141a8e7a41f1333e8eb3408acfb9c4a8d2686cffaf96325a55542029da

Download Submit
C:\Windows\System32\WCSBbCn.exe

Filesize
1.2MB

MD5
21f429b175f341750986413741ee6fb5

SHA1
e9c3c9f641fdcb15295f40e5a56d937a21b93212

SHA256
3aaecd29eedd803b0f99b7797769a9926b906fa1445b295ab442f5722097c58c

SHA512
dacac16c412ed704e345c81c3151b6ed177014abde79ac07c95e54363b5cecbedfb2b614c93b3f855ada336cde4469e85bca492ef5bee764fa6de30ffac67bb4

Download Submit
C:\Windows\System32\YMtZXdj.exe

Filesize
1.2MB

MD5
968a326ae27421b2d96e43b94364dd82

SHA1
7bc324e151adaa97dfb6748afd55e0b988c11300

SHA256
1af23060f8ef66d89e889bbc531b555486acad30ea4133075dc91d54cbb05b5f

SHA512
6dbffa81e1fd13d503ab38d65c2f440b4cc40135ddc7c2b66b4ffda2a37012c9e6ea9b731c5e57be36cfe091255e8a39be068ba0d1bf0563f37988d3f0b32f14

Download Submit
C:\Windows\System32\ZBfwijU.exe

Filesize
1.2MB

MD5
40a37140b634eb328f477d15f05d92de

SHA1
65bca787f90550c33da6198ca1873c058393af35

SHA256
783b3054a4e911421d763981cc7de94d270f5bb64355c6a74c0a126414281d39

SHA512
ed2f0ea0ae9efbd9ab245c6713d79edf1eb24f406bd8f950527464513579a9f72375486da103410913b08fc96948d605eee1b8ba9fdb6812f0dea72f29672613

Download Submit
C:\Windows\System32\ZyuXKKg.exe

Filesize
1.2MB

MD5
3deab52af5f4b0e74254aa9835978485

SHA1
6665917d393a190b501addac43ae11225f127099

SHA256
71d3f35e54a03bc6e1c72c1662a5985d8fa4c8c50aca381d5400a7c3a31edab1

SHA512
1bceeec15b3e3c5f75836b4373843d6abc23eabc0f40e3a9436074deb0048388319b429f39592b576c5633e6342191b4e0faceab8644c0474e373437adce3604

Download Submit
C:\Windows\System32\aBZQgyU.exe

Filesize
1.2MB

MD5
7512a3fe2597e39de4fd9b27e1e1cf50

SHA1
5f65da8985f8331aac2352bcb1aa1bcfe86fd378

SHA256
aebbba6b8c7f5573e9c85689aae2337adc7f84e87edbe30f9a024336c5ef07d2

SHA512
495997cb07fd42bb549729884383c9e8d42df6f1d785bdc461c48b229232332396c6e4624978d5b04d3c45ed364f34ab3b69b16e6330e7474db01337db59de32

Download Submit
C:\Windows\System32\datGnVD.exe

Filesize
1.2MB

MD5
99359c8a940a7a3bd4a701a1e0b0597e

SHA1
f5a8b6d3bad00e80089019b612418ab7745bdfe9

SHA256
2c57079b098b95a1ccb877e1a3324589809c8bacc2a16111b6427a4e91cfb1a5

SHA512
420bdb984084fba8ccab4270b2c87984f3a851db0ac7a7f9360901e86fb630ecad9e5e7af1e8fb5f13697a9d01612b762d17ce20b92ac6904d9e8637d6733e1f

Download Submit
C:\Windows\System32\eCIURLV.exe

Filesize
1.2MB

MD5
a937aec73dda63cb30ec26b488cf03ea

SHA1
59c35b388e6458de0d31c7b112dc01f2dcea8570

SHA256
c8be09a14190a14f48f880600e4d367f2f5f57c63ab2cf1a1410b0ac05ef55ce

SHA512
a20e3309d9075443c4393d9319e7a8b273a74f67ca851f1849e6845b8d653bb72eab44db43f1f1b6445e779482a50088e69ac4b43e5e0a4bf69308bf7d54ce66

Download Submit
C:\Windows\System32\fxRtrxQ.exe

Filesize
1.2MB

MD5
022c31c338ccf7237c3ac90f7e8565c8

SHA1
c88dc99987166d06d2e8b73571dfb448a1d9064a

SHA256
c05e4601240722db28c335f600bb7368c85db5c67f8fe1d43ded4838b77a13ae

SHA512
181eeae288e6c10f9d14faba319eaad2cea5f79138369eb6bdaae01eb68d915643fceb7891b173d30f901ca0fa60fbad17451420d158c7abba943bd4a74df7bf

Download Submit
C:\Windows\System32\hRCLeTy.exe

Filesize
1.2MB

MD5
60d7078c622448587e7d8122ad5e84df

SHA1
09695e376164c89d14df562ca5d13550ba3ea4a7

SHA256
0c25a5902eebba71fd78e3de83c52c757383bf19c8a600815821abb0d230381f

SHA512
257a25163a3f479b10abdc356343133fb7d8f7cb79a0701499d791f80b2defa372a8540f4a4d5426cc42ad1ffcee0d2e46d5799e365b3ca377c404a1f04e49a1

Download Submit
C:\Windows\System32\hqZDEPb.exe

Filesize
1.2MB

MD5
76664a78cead3a24a8ce9ae55eb20cdb

SHA1
a3af352efdf50030d9a404bcb7e04b8781cb8be3

SHA256
852b11bb3ed8cefc943f87883df34c08ff9a18e4ff754568a7866e1d5ba6a769

SHA512
f309bd390f59e17c24166dd4374d58effaa7ee5432aa9baafb4235344e432a05b0f04aaacf1beff30953473a707157f2213738fc68ff90bb01a55c9011c3459d

Download Submit
C:\Windows\System32\iadFChM.exe

Filesize
1.2MB

MD5
e2f766bddbee079f6e7999fc8ffc09fd

SHA1
ab8ae4ae3168e928c936d38c38ee6e90c7c068f1

SHA256
1c8970a6113b6589c646bd92f4180b3cfb5d75a48534a4fcaf846007d135f0e2

SHA512
f1ff3379a8134b3438d695c7f89ba60f9290a1a167cc0364956871f9f574c9a26230721105b347a7ea23da92b1ea8607200ee90ce509c8d78c6d700922fcea7b

Download Submit
C:\Windows\System32\jnCyIdo.exe

Filesize
1.2MB

MD5
a1a62393f0050bdefbc408e8200842bd

SHA1
b9c35af3fe6de0ca295482681c8bcf67ef7e2351

SHA256
4b36b1f37c74030e6da9bd9ca99bd7effcc3276cd2aacc6ef366f030dcee8001

SHA512
591eaf242fda7950132ed43ac6763da627f56f59288f924d30d6d02ae959eee8b50c45d360fabfc5eb6a9149c679915ebadb34d99be257c0861dc69327bd6443

Download Submit
C:\Windows\System32\kIHoXht.exe

Filesize
1.2MB

MD5
e85c9f05f87c884b3719c4043790a576

SHA1
0ffe3b3481c835cfbac702282ad752d6a25230d8

SHA256
60a10a1fb632d173b52307418eab3c12d86a0ebd0a8ec40ea8d3b005225f84a1

SHA512
35b295d273ec554b8b71b22126615d3030b5ff28beece916c137a2b6c946407fa6da72bed72b732dac38d9730d0e581c201cec5a3f3af0361f3016e1ea1f08b5

Download Submit
C:\Windows\System32\raPAtUe.exe

Filesize
1.2MB

MD5
585a227745e4aeeacfd51aff93113ea2

SHA1
030e6d39b91fe12ffe16f4dfd6559fed81c6c473

SHA256
0e8c119d07d22894402071a85846ef04b1afe15bfcd9a9de85afe16108a2b5f0

SHA512
5c70fe5d03eefc50552dc2738431f710275ab2da42c04e31633c79cbb661bc9559b51f748e4664e0c38539301ef0c3335b468ebacc9e3c8c55a758e540921df4

Download Submit
C:\Windows\System32\tXvRNXX.exe

Filesize
1.2MB

MD5
b6200d8aa6f07b044921d403bfd4b27e

SHA1
18ab967fea06afdb85d7fa03779f05ebba02af8c

SHA256
2d363b5d10cd982dbcfa99fbdfcbfd5d1058e01bd289a39367edd56ed23a5461

SHA512
4192489c90f437d15cae3bef8ab106f33af93c5a8350bc17a975a61a2649d2bc38f8a28f6c1335fb4ca972904be23ed20e9e40bac38b191d034cbea89803188d

Download Submit
C:\Windows\System32\useKQky.exe

Filesize
1.2MB

MD5
11071ff08b141c3d01b9c73e95c0921a

SHA1
5dc7e034f55a0f256ee68b072bf907fa0f86891e

SHA256
ba1b90e342723767d1650614cf8154c41bf497e1e2c2b6541f66eddbf8cf18dd

SHA512
faadded5a9a426319919c482442c93c0e49a944581d79f6aca3d257cd36b57ae2c8c9750a8421e579b95148c38ad4f997619432ade32cfcdfed979621173b060

Download Submit
C:\Windows\System32\vPdiyue.exe

Filesize
1.2MB

MD5
024265bf9a1bbd7a10601765f63c3af9

SHA1
ba2f6963013a3aa6b4274e6a942d40fa78efee56

SHA256
381a17f9a4a0261084d70fd447a505766a4429fb6d22e181b29584870ce78b1d

SHA512
dc4ac5a8438bed2c9a9674e9d0428d35dc3c56ad53c149e4ff03b2a54b29f98d2dbeef9900907e487e90ac2f7b51b0a7a718bdb036beb120ad327a0b3b9041dd

Download Submit
C:\Windows\System32\wJiWDFp.exe

Filesize
1.2MB

MD5
872c35e11583862b1e48105b8fbdcfbd

SHA1
5f3c8a92db8e7961a08ee7340cf8e55b2ec91cba

SHA256
e9f417e49f049815158a096f0a32b49307dbdbe6f0203dd52d813d51fbb671bd

SHA512
f4d06b98acaf9613c38501f68904515cbaf9981cfb8b1e073e7a0a7467b15bd20952f7a9b715b739dc79025c5db8cfafcae5af0e1139a23f8e29b806ac478d1e

Download Submit
C:\Windows\System32\wlASawT.exe

Filesize
1.2MB

MD5
634b37472ae448fa12e923b6d9f0bc19

SHA1
30ea4a5bc334cf3da9bda26ced71ac458bf8ee1e

SHA256
5f210d7ab82492e39b22b084b922d9025bdd0245ce5a1932ac4fe0af57378d4b

SHA512
c349381a37a35ec749f3943dc2f6846daa9c4d8feaba5b5d2716344b185a14985c9a701189289e5aeb850a37b173ce4fa9623babfff292bcf2a383689b6a4b27

Download Submit
memory/552-17-0x00007FF7C6470000-0x00007FF7C6861000-memory.dmp

Filesize
3.9MB

Download
memory/552-2161-0x00007FF7C6470000-0x00007FF7C6861000-memory.dmp

Filesize
3.9MB

Download
memory/552-1259-0x00007FF7C6470000-0x00007FF7C6861000-memory.dmp

Filesize
3.9MB

Download
memory/1416-2177-0x00007FF6876C0000-0x00007FF687AB1000-memory.dmp

Filesize
3.9MB

Download
memory/1416-440-0x00007FF6876C0000-0x00007FF687AB1000-memory.dmp

Filesize
3.9MB

Download
memory/1596-2163-0x00007FF7B63B0000-0x00007FF7B67A1000-memory.dmp

Filesize
3.9MB

Download
memory/1596-54-0x00007FF7B63B0000-0x00007FF7B67A1000-memory.dmp

Filesize
3.9MB

Download
memory/1892-1258-0x00007FF7DD810000-0x00007FF7DDC01000-memory.dmp

Filesize
3.9MB

Download
memory/1892-0-0x00007FF7DD810000-0x00007FF7DDC01000-memory.dmp

Filesize
3.9MB

Download
memory/1892-1-0x000001E1C8E00000-0x000001E1C8E10000-memory.dmp

Filesize
64KB

Download
memory/2224-2167-0x00007FF75B330000-0x00007FF75B721000-memory.dmp

Filesize
3.9MB

Download
memory/2224-1396-0x00007FF75B330000-0x00007FF75B721000-memory.dmp

Filesize
3.9MB

Download
memory/2224-44-0x00007FF75B330000-0x00007FF75B721000-memory.dmp

Filesize
3.9MB

Download
memory/2652-2169-0x00007FF7742B0000-0x00007FF7746A1000-memory.dmp

Filesize
3.9MB

Download
memory/2652-47-0x00007FF7742B0000-0x00007FF7746A1000-memory.dmp

Filesize
3.9MB

Download
memory/2888-48-0x00007FF792F40000-0x00007FF793331000-memory.dmp

Filesize
3.9MB

Download
memory/2888-2175-0x00007FF792F40000-0x00007FF793331000-memory.dmp

Filesize
3.9MB

Download
memory/2980-62-0x00007FF777760000-0x00007FF777B51000-memory.dmp

Filesize
3.9MB

Download
memory/2980-2173-0x00007FF777760000-0x00007FF777B51000-memory.dmp

Filesize
3.9MB

Download
memory/3144-405-0x00007FF63EBD0000-0x00007FF63EFC1000-memory.dmp

Filesize
3.9MB

Download
memory/3144-2226-0x00007FF63EBD0000-0x00007FF63EFC1000-memory.dmp

Filesize
3.9MB

Download
memory/3320-2171-0x00007FF673AE0000-0x00007FF673ED1000-memory.dmp

Filesize
3.9MB

Download
memory/3320-45-0x00007FF673AE0000-0x00007FF673ED1000-memory.dmp

Filesize
3.9MB

Download
memory/3480-2235-0x00007FF75A150000-0x00007FF75A541000-memory.dmp

Filesize
3.9MB

Download
memory/3480-412-0x00007FF75A150000-0x00007FF75A541000-memory.dmp

Filesize
3.9MB

Download
memory/3520-2230-0x00007FF7D9EA0000-0x00007FF7DA291000-memory.dmp

Filesize
3.9MB

Download
memory/3520-418-0x00007FF7D9EA0000-0x00007FF7DA291000-memory.dmp

Filesize
3.9MB

Download
memory/4420-2228-0x00007FF73A0F0000-0x00007FF73A4E1000-memory.dmp

Filesize
3.9MB

Download
memory/4420-406-0x00007FF73A0F0000-0x00007FF73A4E1000-memory.dmp

Filesize
3.9MB

Download
memory/4460-424-0x00007FF6B1AE0000-0x00007FF6B1ED1000-memory.dmp

Filesize
3.9MB

Download
memory/4460-2181-0x00007FF6B1AE0000-0x00007FF6B1ED1000-memory.dmp

Filesize
3.9MB

Download
memory/4544-383-0x00007FF6766B0000-0x00007FF676AA1000-memory.dmp

Filesize
3.9MB

Download
memory/4544-2218-0x00007FF6766B0000-0x00007FF676AA1000-memory.dmp

Filesize
3.9MB

Download
memory/4580-386-0x00007FF6B13F0000-0x00007FF6B17E1000-memory.dmp

Filesize
3.9MB

Download
memory/4580-2215-0x00007FF6B13F0000-0x00007FF6B17E1000-memory.dmp

Filesize
3.9MB

Download
memory/4584-417-0x00007FF77ABD0000-0x00007FF77AFC1000-memory.dmp

Filesize
3.9MB

Download
memory/4584-2232-0x00007FF77ABD0000-0x00007FF77AFC1000-memory.dmp

Filesize
3.9MB

Download
memory/4636-404-0x00007FF6B3FE0000-0x00007FF6B43D1000-memory.dmp

Filesize
3.9MB

Download
memory/4636-2222-0x00007FF6B3FE0000-0x00007FF6B43D1000-memory.dmp

Filesize
3.9MB

Download
memory/4652-2224-0x00007FF7C6CB0000-0x00007FF7C70A1000-memory.dmp

Filesize
3.9MB

Download
memory/4652-403-0x00007FF7C6CB0000-0x00007FF7C70A1000-memory.dmp

Filesize
3.9MB

Download
memory/4676-397-0x00007FF64E6C0000-0x00007FF64EAB1000-memory.dmp

Filesize
3.9MB

Download
memory/4676-2220-0x00007FF64E6C0000-0x00007FF64EAB1000-memory.dmp

Filesize
3.9MB

Download
memory/4776-443-0x00007FF611E80000-0x00007FF612271000-memory.dmp

Filesize
3.9MB

Download
memory/4776-2216-0x00007FF611E80000-0x00007FF612271000-memory.dmp

Filesize
3.9MB

Download
memory/4788-422-0x00007FF609C20000-0x00007FF60A011000-memory.dmp

Filesize
3.9MB

Download
memory/4788-2237-0x00007FF609C20000-0x00007FF60A011000-memory.dmp

Filesize
3.9MB

Download
memory/5020-1395-0x00007FF7FD0B0000-0x00007FF7FD4A1000-memory.dmp

Filesize
3.9MB

Download
memory/5020-2165-0x00007FF7FD0B0000-0x00007FF7FD4A1000-memory.dmp

Filesize
3.9MB

Download
memory/5020-28-0x00007FF7FD0B0000-0x00007FF7FD4A1000-memory.dmp

Filesize
3.9MB

Download
memory/5800-379-0x00007FF70B1E0000-0x00007FF70B5D1000-memory.dmp

Filesize
3.9MB

Download
memory/5800-2180-0x00007FF70B1E0000-0x00007FF70B5D1000-memory.dmp

Filesize
3.9MB

Download
memory/5956-375-0x00007FF7B0900000-0x00007FF7B0CF1000-memory.dmp

Filesize
3.9MB

Download
memory/5956-1554-0x00007FF7B0900000-0x00007FF7B0CF1000-memory.dmp

Filesize
3.9MB

Download
memory/5956-2183-0x00007FF7B0900000-0x00007FF7B0CF1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads