xmrig | 43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5

Analysis

max time kernel
127s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
Size

3.1MB
MD5

bb7cc116b4bbf4c5861898bb6f8dc44e
SHA1

225267730bd7a18594b63afd85cdbb60c4f1063e
SHA256

43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5
SHA512

03403f87a3938198174e2b35ba97f8e3e633341a5a330c6a4e4f898768c5d3b4da6af5f52d8a564c00d7bc2b43670c8f8211d3f1e0fcffde7b756f9a06bad08c
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc4p:wFWPClFZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/348-0-0x00007FF79E3A0000-0x00007FF79E795000-memory.dmp	xmrig
behavioral2/files/0x00070000000242cc-9.dat	xmrig
behavioral2/files/0x00070000000242cd-22.dat	xmrig
behavioral2/files/0x00070000000242ce-30.dat	xmrig
behavioral2/files/0x00070000000242d0-38.dat	xmrig
behavioral2/files/0x00070000000242d1-43.dat	xmrig
behavioral2/files/0x00070000000242d2-50.dat	xmrig
behavioral2/files/0x00070000000242d4-59.dat	xmrig
behavioral2/files/0x00070000000242d5-65.dat	xmrig
behavioral2/files/0x00070000000242d8-77.dat	xmrig
behavioral2/files/0x00070000000242df-115.dat	xmrig
behavioral2/files/0x00070000000242e6-150.dat	xmrig
behavioral2/memory/6124-837-0x00007FF7F0B50000-0x00007FF7F0F45000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e9-165.dat	xmrig
behavioral2/files/0x00070000000242e8-160.dat	xmrig
behavioral2/files/0x00070000000242e7-155.dat	xmrig
behavioral2/files/0x00070000000242e5-145.dat	xmrig
behavioral2/files/0x00070000000242e4-140.dat	xmrig
behavioral2/files/0x00070000000242e3-135.dat	xmrig
behavioral2/files/0x00070000000242e2-130.dat	xmrig
behavioral2/files/0x00070000000242e1-125.dat	xmrig
behavioral2/files/0x00070000000242e0-120.dat	xmrig
behavioral2/files/0x00070000000242de-110.dat	xmrig
behavioral2/files/0x00070000000242dd-105.dat	xmrig
behavioral2/files/0x00070000000242dc-100.dat	xmrig
behavioral2/files/0x00070000000242db-95.dat	xmrig
behavioral2/files/0x00070000000242da-90.dat	xmrig
behavioral2/files/0x00070000000242d9-85.dat	xmrig
behavioral2/files/0x00070000000242d7-75.dat	xmrig
behavioral2/files/0x00070000000242d6-70.dat	xmrig
behavioral2/files/0x00070000000242d3-55.dat	xmrig
behavioral2/files/0x00070000000242cf-35.dat	xmrig
behavioral2/memory/3348-24-0x00007FF693640000-0x00007FF693A35000-memory.dmp	xmrig
behavioral2/files/0x00080000000242c8-17.dat	xmrig
behavioral2/memory/3524-16-0x00007FF607AC0000-0x00007FF607EB5000-memory.dmp	xmrig
behavioral2/memory/6088-14-0x00007FF6A10E0000-0x00007FF6A14D5000-memory.dmp	xmrig
behavioral2/files/0x00050000000227b2-10.dat	xmrig
behavioral2/memory/5584-6-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp	xmrig
behavioral2/memory/5500-843-0x00007FF71EEE0000-0x00007FF71F2D5000-memory.dmp	xmrig
behavioral2/memory/3476-846-0x00007FF7A4E70000-0x00007FF7A5265000-memory.dmp	xmrig
behavioral2/memory/5548-868-0x00007FF766B20000-0x00007FF766F15000-memory.dmp	xmrig
behavioral2/memory/4672-895-0x00007FF7B5F00000-0x00007FF7B62F5000-memory.dmp	xmrig
behavioral2/memory/4712-889-0x00007FF73FA50000-0x00007FF73FE45000-memory.dmp	xmrig
behavioral2/memory/4176-886-0x00007FF7FEDA0000-0x00007FF7FF195000-memory.dmp	xmrig
behavioral2/memory/5516-880-0x00007FF7DE5F0000-0x00007FF7DE9E5000-memory.dmp	xmrig
behavioral2/memory/5524-857-0x00007FF7B8FE0000-0x00007FF7B93D5000-memory.dmp	xmrig
behavioral2/memory/4788-909-0x00007FF768CB0000-0x00007FF7690A5000-memory.dmp	xmrig
behavioral2/memory/2800-919-0x00007FF63EAA0000-0x00007FF63EE95000-memory.dmp	xmrig
behavioral2/memory/4896-924-0x00007FF7FBF20000-0x00007FF7FC315000-memory.dmp	xmrig
behavioral2/memory/4752-911-0x00007FF6B7F90000-0x00007FF6B8385000-memory.dmp	xmrig
behavioral2/memory/960-908-0x00007FF7B5C90000-0x00007FF7B6085000-memory.dmp	xmrig
behavioral2/memory/4836-937-0x00007FF7936E0000-0x00007FF793AD5000-memory.dmp	xmrig
behavioral2/memory/1104-941-0x00007FF628600000-0x00007FF6289F5000-memory.dmp	xmrig
behavioral2/memory/5012-945-0x00007FF6553F0000-0x00007FF6557E5000-memory.dmp	xmrig
behavioral2/memory/6096-951-0x00007FF70C380000-0x00007FF70C775000-memory.dmp	xmrig
behavioral2/memory/3124-946-0x00007FF7F1660000-0x00007FF7F1A55000-memory.dmp	xmrig
behavioral2/memory/844-943-0x00007FF6A7780000-0x00007FF6A7B75000-memory.dmp	xmrig
behavioral2/memory/348-1362-0x00007FF79E3A0000-0x00007FF79E795000-memory.dmp	xmrig
behavioral2/memory/5584-1365-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp	xmrig
behavioral2/memory/6088-1576-0x00007FF6A10E0000-0x00007FF6A14D5000-memory.dmp	xmrig
behavioral2/memory/3524-1709-0x00007FF607AC0000-0x00007FF607EB5000-memory.dmp	xmrig
behavioral2/memory/6124-1826-0x00007FF7F0B50000-0x00007FF7F0F45000-memory.dmp	xmrig
behavioral2/memory/3348-1818-0x00007FF693640000-0x00007FF693A35000-memory.dmp	xmrig
behavioral2/memory/5584-2113-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5584	pUCVyAr.exe
6088	uMtjZsi.exe
3524	vxgveWl.exe
3348	cwplTQH.exe
6124	yNBkOGb.exe
6096	GHpwjKB.exe
5500	qdJvOfC.exe
3476	HtZZunr.exe
5524	XKXkVew.exe
5548	bKtadEK.exe
5516	QPMoERY.exe
4176	jYUhRER.exe
4712	YIkBGhU.exe
4672	xZkwHqb.exe
960	anTqyER.exe
4788	kJIYeBJ.exe
4752	EFJLbbW.exe
2800	GnVaEkn.exe
4896	InICVvC.exe
4836	mUuvDvI.exe
1104	tipXLet.exe
844	miYUXww.exe
5012	vgwcSaM.exe
3124	CoxyVzp.exe
5084	Fhcfzny.exe
4868	YTQDNuq.exe
4924	kTvxlSU.exe
1096	HcEbdcp.exe
2044	GBgQZPm.exe
2600	jfYLWmy.exe
5308	eyzjpGR.exe
5556	LGPEaJv.exe
5540	noYLiFR.exe
456	BWGuICZ.exe
2248	vzsXgiS.exe
1288	WhCeNgB.exe
1172	foZwGSO.exe
2384	ISbEtRE.exe
668	XnJYJld.exe
3496	PuTrJdV.exe
3360	ZZuUKBG.exe
2396	ruSzIke.exe
1136	lBvmPpI.exe
4960	wohQBSX.exe
5772	RSafSNS.exe
3080	dQLbuTz.exe
2224	MRyrldL.exe
1696	LmziEFN.exe
3388	BJYihuy.exe
5232	bTZzldH.exe
5764	bcIhJkY.exe
3576	vthXspn.exe
2816	UwMmcTZ.exe
4244	GIMacRH.exe
5400	MIqZpsj.exe
3420	ILazSlw.exe
5856	AfXRpkG.exe
5320	MxruwGo.exe
4544	SnHufHo.exe
1832	uMCohdh.exe
2984	idNVKnk.exe
3024	jLSXPjd.exe
2900	HncaNpy.exe
4196	UWhaNOT.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\AKyMkDW.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\dsnDnrv.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\REpjIOw.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\fgCoydT.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\EqUQWEE.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\ealyYwl.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\TMqyIzR.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\rCzabXm.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\HUPXzJK.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\IxhXpHe.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\JqsMZDR.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\UChQyvY.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\VfTMQoB.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\zhPvMPD.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\RppnKAZ.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\caXHCTE.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\TadFZWi.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\mjoLCmh.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\coTeOpE.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\WrWQFfl.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\oFUTShF.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\xdjuEEU.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\emMFOSH.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\jYUhRER.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\eyzjpGR.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\hCdZIWI.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\dyaHGHW.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\baSidFA.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\qNxFBaV.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\kVWHnbO.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\InICVvC.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\SIBvHbW.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\UpxHtFJ.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\eopTzyZ.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\sAsUNyd.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\HVlhYKF.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\GFViRNw.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\sgeFKJB.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\XnJYJld.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\epQlEFK.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\aXOcrLv.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\FsRyhAy.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\PZhnQhJ.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\hPXiLdt.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\AJfQblK.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\mnXNzDq.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\xCxyYIr.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\sszyUQA.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\jdUqbtK.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\ebFOlqj.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\myMRksT.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\CgAZngh.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\BhpsgsW.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\OPsRsba.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\gNkFobl.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\fMoJqFo.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\tWSolYU.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\xDDWGYQ.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\zNbgIYE.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\WZoUgtp.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\bTZzldH.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\IJvUBVo.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\cboyuaM.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
File created	C:\Windows\System32\sJWLIrN.exe	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/348-0-0x00007FF79E3A0000-0x00007FF79E795000-memory.dmp	upx
behavioral2/files/0x00070000000242cc-9.dat	upx
behavioral2/files/0x00070000000242cd-22.dat	upx
behavioral2/files/0x00070000000242ce-30.dat	upx
behavioral2/files/0x00070000000242d0-38.dat	upx
behavioral2/files/0x00070000000242d1-43.dat	upx
behavioral2/files/0x00070000000242d2-50.dat	upx
behavioral2/files/0x00070000000242d4-59.dat	upx
behavioral2/files/0x00070000000242d5-65.dat	upx
behavioral2/files/0x00070000000242d8-77.dat	upx
behavioral2/files/0x00070000000242df-115.dat	upx
behavioral2/files/0x00070000000242e6-150.dat	upx
behavioral2/memory/6124-837-0x00007FF7F0B50000-0x00007FF7F0F45000-memory.dmp	upx
behavioral2/files/0x00070000000242e9-165.dat	upx
behavioral2/files/0x00070000000242e8-160.dat	upx
behavioral2/files/0x00070000000242e7-155.dat	upx
behavioral2/files/0x00070000000242e5-145.dat	upx
behavioral2/files/0x00070000000242e4-140.dat	upx
behavioral2/files/0x00070000000242e3-135.dat	upx
behavioral2/files/0x00070000000242e2-130.dat	upx
behavioral2/files/0x00070000000242e1-125.dat	upx
behavioral2/files/0x00070000000242e0-120.dat	upx
behavioral2/files/0x00070000000242de-110.dat	upx
behavioral2/files/0x00070000000242dd-105.dat	upx
behavioral2/files/0x00070000000242dc-100.dat	upx
behavioral2/files/0x00070000000242db-95.dat	upx
behavioral2/files/0x00070000000242da-90.dat	upx
behavioral2/files/0x00070000000242d9-85.dat	upx
behavioral2/files/0x00070000000242d7-75.dat	upx
behavioral2/files/0x00070000000242d6-70.dat	upx
behavioral2/files/0x00070000000242d3-55.dat	upx
behavioral2/files/0x00070000000242cf-35.dat	upx
behavioral2/memory/3348-24-0x00007FF693640000-0x00007FF693A35000-memory.dmp	upx
behavioral2/files/0x00080000000242c8-17.dat	upx
behavioral2/memory/3524-16-0x00007FF607AC0000-0x00007FF607EB5000-memory.dmp	upx
behavioral2/memory/6088-14-0x00007FF6A10E0000-0x00007FF6A14D5000-memory.dmp	upx
behavioral2/files/0x00050000000227b2-10.dat	upx
behavioral2/memory/5584-6-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp	upx
behavioral2/memory/5500-843-0x00007FF71EEE0000-0x00007FF71F2D5000-memory.dmp	upx
behavioral2/memory/3476-846-0x00007FF7A4E70000-0x00007FF7A5265000-memory.dmp	upx
behavioral2/memory/5548-868-0x00007FF766B20000-0x00007FF766F15000-memory.dmp	upx
behavioral2/memory/4672-895-0x00007FF7B5F00000-0x00007FF7B62F5000-memory.dmp	upx
behavioral2/memory/4712-889-0x00007FF73FA50000-0x00007FF73FE45000-memory.dmp	upx
behavioral2/memory/4176-886-0x00007FF7FEDA0000-0x00007FF7FF195000-memory.dmp	upx
behavioral2/memory/5516-880-0x00007FF7DE5F0000-0x00007FF7DE9E5000-memory.dmp	upx
behavioral2/memory/5524-857-0x00007FF7B8FE0000-0x00007FF7B93D5000-memory.dmp	upx
behavioral2/memory/4788-909-0x00007FF768CB0000-0x00007FF7690A5000-memory.dmp	upx
behavioral2/memory/2800-919-0x00007FF63EAA0000-0x00007FF63EE95000-memory.dmp	upx
behavioral2/memory/4896-924-0x00007FF7FBF20000-0x00007FF7FC315000-memory.dmp	upx
behavioral2/memory/4752-911-0x00007FF6B7F90000-0x00007FF6B8385000-memory.dmp	upx
behavioral2/memory/960-908-0x00007FF7B5C90000-0x00007FF7B6085000-memory.dmp	upx
behavioral2/memory/4836-937-0x00007FF7936E0000-0x00007FF793AD5000-memory.dmp	upx
behavioral2/memory/1104-941-0x00007FF628600000-0x00007FF6289F5000-memory.dmp	upx
behavioral2/memory/5012-945-0x00007FF6553F0000-0x00007FF6557E5000-memory.dmp	upx
behavioral2/memory/6096-951-0x00007FF70C380000-0x00007FF70C775000-memory.dmp	upx
behavioral2/memory/3124-946-0x00007FF7F1660000-0x00007FF7F1A55000-memory.dmp	upx
behavioral2/memory/844-943-0x00007FF6A7780000-0x00007FF6A7B75000-memory.dmp	upx
behavioral2/memory/348-1362-0x00007FF79E3A0000-0x00007FF79E795000-memory.dmp	upx
behavioral2/memory/5584-1365-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp	upx
behavioral2/memory/6088-1576-0x00007FF6A10E0000-0x00007FF6A14D5000-memory.dmp	upx
behavioral2/memory/3524-1709-0x00007FF607AC0000-0x00007FF607EB5000-memory.dmp	upx
behavioral2/memory/6124-1826-0x00007FF7F0B50000-0x00007FF7F0F45000-memory.dmp	upx
behavioral2/memory/3348-1818-0x00007FF693640000-0x00007FF693A35000-memory.dmp	upx
behavioral2/memory/5584-2113-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13816	dwm.exe
Token: SeChangeNotifyPrivilege	13816	dwm.exe
Token: 33	13816	dwm.exe
Token: SeIncBasePriorityPrivilege	13816	dwm.exe
Token: SeShutdownPrivilege	13816	dwm.exe
Token: SeCreatePagefilePrivilege	13816	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 5584	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	87
PID 348 wrote to memory of 5584	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	87
PID 348 wrote to memory of 6088	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	88
PID 348 wrote to memory of 6088	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	88
PID 348 wrote to memory of 3524	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	89
PID 348 wrote to memory of 3524	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	89
PID 348 wrote to memory of 3348	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	90
PID 348 wrote to memory of 3348	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	90
PID 348 wrote to memory of 6124	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	91
PID 348 wrote to memory of 6124	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	91
PID 348 wrote to memory of 6096	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	92
PID 348 wrote to memory of 6096	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	92
PID 348 wrote to memory of 5500	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	93
PID 348 wrote to memory of 5500	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	93
PID 348 wrote to memory of 3476	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	94
PID 348 wrote to memory of 3476	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	94
PID 348 wrote to memory of 5524	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	95
PID 348 wrote to memory of 5524	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	95
PID 348 wrote to memory of 5548	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	96
PID 348 wrote to memory of 5548	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	96
PID 348 wrote to memory of 5516	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	97
PID 348 wrote to memory of 5516	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	97
PID 348 wrote to memory of 4176	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	98
PID 348 wrote to memory of 4176	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	98
PID 348 wrote to memory of 4712	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	99
PID 348 wrote to memory of 4712	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	99
PID 348 wrote to memory of 4672	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	100
PID 348 wrote to memory of 4672	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	100
PID 348 wrote to memory of 960	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	101
PID 348 wrote to memory of 960	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	101
PID 348 wrote to memory of 4788	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	102
PID 348 wrote to memory of 4788	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	102
PID 348 wrote to memory of 4752	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	103
PID 348 wrote to memory of 4752	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	103
PID 348 wrote to memory of 2800	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	104
PID 348 wrote to memory of 2800	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	104
PID 348 wrote to memory of 4896	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	105
PID 348 wrote to memory of 4896	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	105
PID 348 wrote to memory of 4836	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	106
PID 348 wrote to memory of 4836	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	106
PID 348 wrote to memory of 1104	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	107
PID 348 wrote to memory of 1104	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	107
PID 348 wrote to memory of 844	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	108
PID 348 wrote to memory of 844	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	108
PID 348 wrote to memory of 5012	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	109
PID 348 wrote to memory of 5012	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	109
PID 348 wrote to memory of 3124	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	110
PID 348 wrote to memory of 3124	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	110
PID 348 wrote to memory of 5084	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	111
PID 348 wrote to memory of 5084	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	111
PID 348 wrote to memory of 4868	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	112
PID 348 wrote to memory of 4868	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	112
PID 348 wrote to memory of 4924	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	113
PID 348 wrote to memory of 4924	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	113
PID 348 wrote to memory of 1096	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	114
PID 348 wrote to memory of 1096	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	114
PID 348 wrote to memory of 2044	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	115
PID 348 wrote to memory of 2044	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	115
PID 348 wrote to memory of 2600	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	116
PID 348 wrote to memory of 2600	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	116
PID 348 wrote to memory of 5308	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	117
PID 348 wrote to memory of 5308	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	117
PID 348 wrote to memory of 5556	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	118
PID 348 wrote to memory of 5556	348	43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe	118

C:\Users\Admin\AppData\Local\Temp\43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe
"C:\Users\Admin\AppData\Local\Temp\43023e9b4c321874cc185757c6bdda5043dbf76d038d4e70ec1950d649dae8d5.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:348
- C:\Windows\System32\pUCVyAr.exe
  C:\Windows\System32\pUCVyAr.exe
  2⤵
  - Executes dropped EXE
  PID:5584
- C:\Windows\System32\uMtjZsi.exe
  C:\Windows\System32\uMtjZsi.exe
  2⤵
  - Executes dropped EXE
  PID:6088
- C:\Windows\System32\vxgveWl.exe
  C:\Windows\System32\vxgveWl.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System32\cwplTQH.exe
  C:\Windows\System32\cwplTQH.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System32\yNBkOGb.exe
  C:\Windows\System32\yNBkOGb.exe
  2⤵
  - Executes dropped EXE
  PID:6124
- C:\Windows\System32\GHpwjKB.exe
  C:\Windows\System32\GHpwjKB.exe
  2⤵
  - Executes dropped EXE
  PID:6096
- C:\Windows\System32\qdJvOfC.exe
  C:\Windows\System32\qdJvOfC.exe
  2⤵
  - Executes dropped EXE
  PID:5500
- C:\Windows\System32\HtZZunr.exe
  C:\Windows\System32\HtZZunr.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System32\XKXkVew.exe
  C:\Windows\System32\XKXkVew.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System32\bKtadEK.exe
  C:\Windows\System32\bKtadEK.exe
  2⤵
  - Executes dropped EXE
  PID:5548
- C:\Windows\System32\QPMoERY.exe
  C:\Windows\System32\QPMoERY.exe
  2⤵
  - Executes dropped EXE
  PID:5516
- C:\Windows\System32\jYUhRER.exe
  C:\Windows\System32\jYUhRER.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System32\YIkBGhU.exe
  C:\Windows\System32\YIkBGhU.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System32\xZkwHqb.exe
  C:\Windows\System32\xZkwHqb.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System32\anTqyER.exe
  C:\Windows\System32\anTqyER.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System32\kJIYeBJ.exe
  C:\Windows\System32\kJIYeBJ.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System32\EFJLbbW.exe
  C:\Windows\System32\EFJLbbW.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System32\GnVaEkn.exe
  C:\Windows\System32\GnVaEkn.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System32\InICVvC.exe
  C:\Windows\System32\InICVvC.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System32\mUuvDvI.exe
  C:\Windows\System32\mUuvDvI.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System32\tipXLet.exe
  C:\Windows\System32\tipXLet.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System32\miYUXww.exe
  C:\Windows\System32\miYUXww.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System32\vgwcSaM.exe
  C:\Windows\System32\vgwcSaM.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System32\CoxyVzp.exe
  C:\Windows\System32\CoxyVzp.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System32\Fhcfzny.exe
  C:\Windows\System32\Fhcfzny.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System32\YTQDNuq.exe
  C:\Windows\System32\YTQDNuq.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System32\kTvxlSU.exe
  C:\Windows\System32\kTvxlSU.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System32\HcEbdcp.exe
  C:\Windows\System32\HcEbdcp.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System32\GBgQZPm.exe
  C:\Windows\System32\GBgQZPm.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System32\jfYLWmy.exe
  C:\Windows\System32\jfYLWmy.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System32\eyzjpGR.exe
  C:\Windows\System32\eyzjpGR.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System32\LGPEaJv.exe
  C:\Windows\System32\LGPEaJv.exe
  2⤵
  - Executes dropped EXE
  PID:5556
- C:\Windows\System32\noYLiFR.exe
  C:\Windows\System32\noYLiFR.exe
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Windows\System32\BWGuICZ.exe
  C:\Windows\System32\BWGuICZ.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System32\vzsXgiS.exe
  C:\Windows\System32\vzsXgiS.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System32\WhCeNgB.exe
  C:\Windows\System32\WhCeNgB.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System32\foZwGSO.exe
  C:\Windows\System32\foZwGSO.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System32\ISbEtRE.exe
  C:\Windows\System32\ISbEtRE.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System32\XnJYJld.exe
  C:\Windows\System32\XnJYJld.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System32\PuTrJdV.exe
  C:\Windows\System32\PuTrJdV.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System32\ZZuUKBG.exe
  C:\Windows\System32\ZZuUKBG.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System32\ruSzIke.exe
  C:\Windows\System32\ruSzIke.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System32\lBvmPpI.exe
  C:\Windows\System32\lBvmPpI.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System32\wohQBSX.exe
  C:\Windows\System32\wohQBSX.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System32\RSafSNS.exe
  C:\Windows\System32\RSafSNS.exe
  2⤵
  - Executes dropped EXE
  PID:5772
- C:\Windows\System32\dQLbuTz.exe
  C:\Windows\System32\dQLbuTz.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System32\MRyrldL.exe
  C:\Windows\System32\MRyrldL.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System32\LmziEFN.exe
  C:\Windows\System32\LmziEFN.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System32\BJYihuy.exe
  C:\Windows\System32\BJYihuy.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System32\bTZzldH.exe
  C:\Windows\System32\bTZzldH.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System32\bcIhJkY.exe
  C:\Windows\System32\bcIhJkY.exe
  2⤵
  - Executes dropped EXE
  PID:5764
- C:\Windows\System32\vthXspn.exe
  C:\Windows\System32\vthXspn.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\UwMmcTZ.exe
  C:\Windows\System32\UwMmcTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System32\GIMacRH.exe
  C:\Windows\System32\GIMacRH.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System32\MIqZpsj.exe
  C:\Windows\System32\MIqZpsj.exe
  2⤵
  - Executes dropped EXE
  PID:5400
- C:\Windows\System32\ILazSlw.exe
  C:\Windows\System32\ILazSlw.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System32\AfXRpkG.exe
  C:\Windows\System32\AfXRpkG.exe
  2⤵
  - Executes dropped EXE
  PID:5856
- C:\Windows\System32\MxruwGo.exe
  C:\Windows\System32\MxruwGo.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System32\SnHufHo.exe
  C:\Windows\System32\SnHufHo.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System32\uMCohdh.exe
  C:\Windows\System32\uMCohdh.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System32\idNVKnk.exe
  C:\Windows\System32\idNVKnk.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System32\jLSXPjd.exe
  C:\Windows\System32\jLSXPjd.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System32\HncaNpy.exe
  C:\Windows\System32\HncaNpy.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System32\UWhaNOT.exe
  C:\Windows\System32\UWhaNOT.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System32\kAipQHC.exe
  C:\Windows\System32\kAipQHC.exe
  2⤵
  PID:5952
- C:\Windows\System32\tRKJTka.exe
  C:\Windows\System32\tRKJTka.exe
  2⤵
  PID:5240
- C:\Windows\System32\DyrVdis.exe
  C:\Windows\System32\DyrVdis.exe
  2⤵
  PID:4200
- C:\Windows\System32\qJEjgbM.exe
  C:\Windows\System32\qJEjgbM.exe
  2⤵
  PID:1544
- C:\Windows\System32\JCQBUdf.exe
  C:\Windows\System32\JCQBUdf.exe
  2⤵
  PID:532
- C:\Windows\System32\DVxRFMz.exe
  C:\Windows\System32\DVxRFMz.exe
  2⤵
  PID:1608
- C:\Windows\System32\GbohGuW.exe
  C:\Windows\System32\GbohGuW.exe
  2⤵
  PID:5932
- C:\Windows\System32\itUyjqk.exe
  C:\Windows\System32\itUyjqk.exe
  2⤵
  PID:5636
- C:\Windows\System32\qokBeVV.exe
  C:\Windows\System32\qokBeVV.exe
  2⤵
  PID:5940
- C:\Windows\System32\JysCVWZ.exe
  C:\Windows\System32\JysCVWZ.exe
  2⤵
  PID:2488
- C:\Windows\System32\fuoVRFm.exe
  C:\Windows\System32\fuoVRFm.exe
  2⤵
  PID:6016
- C:\Windows\System32\UPziMAc.exe
  C:\Windows\System32\UPziMAc.exe
  2⤵
  PID:5292
- C:\Windows\System32\UZAIlWZ.exe
  C:\Windows\System32\UZAIlWZ.exe
  2⤵
  PID:1880
- C:\Windows\System32\cgolMyL.exe
  C:\Windows\System32\cgolMyL.exe
  2⤵
  PID:3892
- C:\Windows\System32\ksZszcx.exe
  C:\Windows\System32\ksZszcx.exe
  2⤵
  PID:4512
- C:\Windows\System32\rAuXGSD.exe
  C:\Windows\System32\rAuXGSD.exe
  2⤵
  PID:2296
- C:\Windows\System32\LCWAfDp.exe
  C:\Windows\System32\LCWAfDp.exe
  2⤵
  PID:3160
- C:\Windows\System32\HdXbvlq.exe
  C:\Windows\System32\HdXbvlq.exe
  2⤵
  PID:4608
- C:\Windows\System32\sQhAjXe.exe
  C:\Windows\System32\sQhAjXe.exe
  2⤵
  PID:4404
- C:\Windows\System32\urMhgNo.exe
  C:\Windows\System32\urMhgNo.exe
  2⤵
  PID:4396
- C:\Windows\System32\psUpNBn.exe
  C:\Windows\System32\psUpNBn.exe
  2⤵
  PID:4288
- C:\Windows\System32\zlGmADj.exe
  C:\Windows\System32\zlGmADj.exe
  2⤵
  PID:1320
- C:\Windows\System32\QcGwtXC.exe
  C:\Windows\System32\QcGwtXC.exe
  2⤵
  PID:2068
- C:\Windows\System32\IaUuSsm.exe
  C:\Windows\System32\IaUuSsm.exe
  2⤵
  PID:1252
- C:\Windows\System32\hoLXroc.exe
  C:\Windows\System32\hoLXroc.exe
  2⤵
  PID:632
- C:\Windows\System32\ZVpWCqQ.exe
  C:\Windows\System32\ZVpWCqQ.exe
  2⤵
  PID:4696
- C:\Windows\System32\isVFPdy.exe
  C:\Windows\System32\isVFPdy.exe
  2⤵
  PID:4724
- C:\Windows\System32\dASznaa.exe
  C:\Windows\System32\dASznaa.exe
  2⤵
  PID:4808
- C:\Windows\System32\dEQVFCv.exe
  C:\Windows\System32\dEQVFCv.exe
  2⤵
  PID:5052
- C:\Windows\System32\oXTvpoX.exe
  C:\Windows\System32\oXTvpoX.exe
  2⤵
  PID:5004
- C:\Windows\System32\rAGykHe.exe
  C:\Windows\System32\rAGykHe.exe
  2⤵
  PID:5092
- C:\Windows\System32\MZtEiTX.exe
  C:\Windows\System32\MZtEiTX.exe
  2⤵
  PID:5860
- C:\Windows\System32\osVUDNL.exe
  C:\Windows\System32\osVUDNL.exe
  2⤵
  PID:100
- C:\Windows\System32\SnOyNXc.exe
  C:\Windows\System32\SnOyNXc.exe
  2⤵
  PID:840
- C:\Windows\System32\NmaUqcs.exe
  C:\Windows\System32\NmaUqcs.exe
  2⤵
  PID:5692
- C:\Windows\System32\RgGSwnG.exe
  C:\Windows\System32\RgGSwnG.exe
  2⤵
  PID:1080
- C:\Windows\System32\HMKKSAB.exe
  C:\Windows\System32\HMKKSAB.exe
  2⤵
  PID:1712
- C:\Windows\System32\eEtuXfh.exe
  C:\Windows\System32\eEtuXfh.exe
  2⤵
  PID:1524
- C:\Windows\System32\DqUyiyS.exe
  C:\Windows\System32\DqUyiyS.exe
  2⤵
  PID:2668
- C:\Windows\System32\sHFPiCP.exe
  C:\Windows\System32\sHFPiCP.exe
  2⤵
  PID:3536
- C:\Windows\System32\oPLxcSo.exe
  C:\Windows\System32\oPLxcSo.exe
  2⤵
  PID:1304
- C:\Windows\System32\VsmQCdH.exe
  C:\Windows\System32\VsmQCdH.exe
  2⤵
  PID:4400
- C:\Windows\System32\EqUQWEE.exe
  C:\Windows\System32\EqUQWEE.exe
  2⤵
  PID:2996
- C:\Windows\System32\JZQpcBz.exe
  C:\Windows\System32\JZQpcBz.exe
  2⤵
  PID:4456
- C:\Windows\System32\wUFhNon.exe
  C:\Windows\System32\wUFhNon.exe
  2⤵
  PID:1968
- C:\Windows\System32\YMfAvKr.exe
  C:\Windows\System32\YMfAvKr.exe
  2⤵
  PID:3168
- C:\Windows\System32\MZyTEpO.exe
  C:\Windows\System32\MZyTEpO.exe
  2⤵
  PID:2028
- C:\Windows\System32\zcSdisB.exe
  C:\Windows\System32\zcSdisB.exe
  2⤵
  PID:5268
- C:\Windows\System32\WNEltPB.exe
  C:\Windows\System32\WNEltPB.exe
  2⤵
  PID:2708
- C:\Windows\System32\zaOCrkp.exe
  C:\Windows\System32\zaOCrkp.exe
  2⤵
  PID:5864
- C:\Windows\System32\qxYyjdn.exe
  C:\Windows\System32\qxYyjdn.exe
  2⤵
  PID:3824
- C:\Windows\System32\UTuPbwq.exe
  C:\Windows\System32\UTuPbwq.exe
  2⤵
  PID:5848
- C:\Windows\System32\dUIdket.exe
  C:\Windows\System32\dUIdket.exe
  2⤵
  PID:2720
- C:\Windows\System32\MvIKLUt.exe
  C:\Windows\System32\MvIKLUt.exe
  2⤵
  PID:1688
- C:\Windows\System32\gNkFobl.exe
  C:\Windows\System32\gNkFobl.exe
  2⤵
  PID:5392
- C:\Windows\System32\sURlznh.exe
  C:\Windows\System32\sURlznh.exe
  2⤵
  PID:4428
- C:\Windows\System32\HkjFmTd.exe
  C:\Windows\System32\HkjFmTd.exe
  2⤵
  PID:1392
- C:\Windows\System32\eFZCYex.exe
  C:\Windows\System32\eFZCYex.exe
  2⤵
  PID:2200
- C:\Windows\System32\VOiPAAb.exe
  C:\Windows\System32\VOiPAAb.exe
  2⤵
  PID:5720
- C:\Windows\System32\bCsEQFP.exe
  C:\Windows\System32\bCsEQFP.exe
  2⤵
  PID:5036
- C:\Windows\System32\DEdRqjh.exe
  C:\Windows\System32\DEdRqjh.exe
  2⤵
  PID:4992
- C:\Windows\System32\zdVGYMz.exe
  C:\Windows\System32\zdVGYMz.exe
  2⤵
  PID:1824
- C:\Windows\System32\awOjvuy.exe
  C:\Windows\System32\awOjvuy.exe
  2⤵
  PID:884
- C:\Windows\System32\VnUOzbh.exe
  C:\Windows\System32\VnUOzbh.exe
  2⤵
  PID:2244
- C:\Windows\System32\DnacAbz.exe
  C:\Windows\System32\DnacAbz.exe
  2⤵
  PID:5192
- C:\Windows\System32\huCRsPZ.exe
  C:\Windows\System32\huCRsPZ.exe
  2⤵
  PID:3752
- C:\Windows\System32\VpwcvCj.exe
  C:\Windows\System32\VpwcvCj.exe
  2⤵
  PID:3532
- C:\Windows\System32\XQWpuDj.exe
  C:\Windows\System32\XQWpuDj.exe
  2⤵
  PID:2640
- C:\Windows\System32\FtWTybj.exe
  C:\Windows\System32\FtWTybj.exe
  2⤵
  PID:3356
- C:\Windows\System32\YeipRio.exe
  C:\Windows\System32\YeipRio.exe
  2⤵
  PID:944
- C:\Windows\System32\hPXiLdt.exe
  C:\Windows\System32\hPXiLdt.exe
  2⤵
  PID:2440
- C:\Windows\System32\aGcAesW.exe
  C:\Windows\System32\aGcAesW.exe
  2⤵
  PID:3996
- C:\Windows\System32\NUACZQs.exe
  C:\Windows\System32\NUACZQs.exe
  2⤵
  PID:4880
- C:\Windows\System32\MDNsEaI.exe
  C:\Windows\System32\MDNsEaI.exe
  2⤵
  PID:4092
- C:\Windows\System32\GVLwBrr.exe
  C:\Windows\System32\GVLwBrr.exe
  2⤵
  PID:5448
- C:\Windows\System32\AxanVJt.exe
  C:\Windows\System32\AxanVJt.exe
  2⤵
  PID:6172
- C:\Windows\System32\hnSwgin.exe
  C:\Windows\System32\hnSwgin.exe
  2⤵
  PID:6200
- C:\Windows\System32\TxIhlvc.exe
  C:\Windows\System32\TxIhlvc.exe
  2⤵
  PID:6228
- C:\Windows\System32\FUPsZRI.exe
  C:\Windows\System32\FUPsZRI.exe
  2⤵
  PID:6268
- C:\Windows\System32\sUzrOZF.exe
  C:\Windows\System32\sUzrOZF.exe
  2⤵
  PID:6284
- C:\Windows\System32\WpEFdcK.exe
  C:\Windows\System32\WpEFdcK.exe
  2⤵
  PID:6312
- C:\Windows\System32\NATBdxR.exe
  C:\Windows\System32\NATBdxR.exe
  2⤵
  PID:6340
- C:\Windows\System32\eFNwsmt.exe
  C:\Windows\System32\eFNwsmt.exe
  2⤵
  PID:6368
- C:\Windows\System32\ANvXSwS.exe
  C:\Windows\System32\ANvXSwS.exe
  2⤵
  PID:6396
- C:\Windows\System32\CORorHC.exe
  C:\Windows\System32\CORorHC.exe
  2⤵
  PID:6424
- C:\Windows\System32\PmRACDw.exe
  C:\Windows\System32\PmRACDw.exe
  2⤵
  PID:6452
- C:\Windows\System32\ACwQCoW.exe
  C:\Windows\System32\ACwQCoW.exe
  2⤵
  PID:6480
- C:\Windows\System32\SIBvHbW.exe
  C:\Windows\System32\SIBvHbW.exe
  2⤵
  PID:6508
- C:\Windows\System32\wWHbxxt.exe
  C:\Windows\System32\wWHbxxt.exe
  2⤵
  PID:6536
- C:\Windows\System32\zogLXBb.exe
  C:\Windows\System32\zogLXBb.exe
  2⤵
  PID:6564
- C:\Windows\System32\lhlnNGL.exe
  C:\Windows\System32\lhlnNGL.exe
  2⤵
  PID:6592
- C:\Windows\System32\KwQnLhA.exe
  C:\Windows\System32\KwQnLhA.exe
  2⤵
  PID:6620
- C:\Windows\System32\BbLcwHM.exe
  C:\Windows\System32\BbLcwHM.exe
  2⤵
  PID:6648
- C:\Windows\System32\whrWmbm.exe
  C:\Windows\System32\whrWmbm.exe
  2⤵
  PID:6676
- C:\Windows\System32\YwmVwlx.exe
  C:\Windows\System32\YwmVwlx.exe
  2⤵
  PID:6704
- C:\Windows\System32\GlZJiys.exe
  C:\Windows\System32\GlZJiys.exe
  2⤵
  PID:6732
- C:\Windows\System32\YSPhGxz.exe
  C:\Windows\System32\YSPhGxz.exe
  2⤵
  PID:6760
- C:\Windows\System32\ttpxSvY.exe
  C:\Windows\System32\ttpxSvY.exe
  2⤵
  PID:6788
- C:\Windows\System32\hUeWMcz.exe
  C:\Windows\System32\hUeWMcz.exe
  2⤵
  PID:6816
- C:\Windows\System32\YvXVVog.exe
  C:\Windows\System32\YvXVVog.exe
  2⤵
  PID:6844
- C:\Windows\System32\jFYddRH.exe
  C:\Windows\System32\jFYddRH.exe
  2⤵
  PID:6872
- C:\Windows\System32\IEQsZWJ.exe
  C:\Windows\System32\IEQsZWJ.exe
  2⤵
  PID:6900
- C:\Windows\System32\WkPbjoW.exe
  C:\Windows\System32\WkPbjoW.exe
  2⤵
  PID:6936
- C:\Windows\System32\jwdktdk.exe
  C:\Windows\System32\jwdktdk.exe
  2⤵
  PID:6968
- C:\Windows\System32\NpUxrIY.exe
  C:\Windows\System32\NpUxrIY.exe
  2⤵
  PID:6984
- C:\Windows\System32\wnhmPxY.exe
  C:\Windows\System32\wnhmPxY.exe
  2⤵
  PID:7012
- C:\Windows\System32\pkcQzKn.exe
  C:\Windows\System32\pkcQzKn.exe
  2⤵
  PID:7040
- C:\Windows\System32\EbLuBEF.exe
  C:\Windows\System32\EbLuBEF.exe
  2⤵
  PID:7068
- C:\Windows\System32\graprgJ.exe
  C:\Windows\System32\graprgJ.exe
  2⤵
  PID:7096
- C:\Windows\System32\SXrhVBy.exe
  C:\Windows\System32\SXrhVBy.exe
  2⤵
  PID:7124
- C:\Windows\System32\CIupVzP.exe
  C:\Windows\System32\CIupVzP.exe
  2⤵
  PID:7152
- C:\Windows\System32\cRkebbp.exe
  C:\Windows\System32\cRkebbp.exe
  2⤵
  PID:5432
- C:\Windows\System32\qIQQFQV.exe
  C:\Windows\System32\qIQQFQV.exe
  2⤵
  PID:3120
- C:\Windows\System32\sIZHYmQ.exe
  C:\Windows\System32\sIZHYmQ.exe
  2⤵
  PID:6120
- C:\Windows\System32\aPvhbtD.exe
  C:\Windows\System32\aPvhbtD.exe
  2⤵
  PID:4828
- C:\Windows\System32\ZYaesrX.exe
  C:\Windows\System32\ZYaesrX.exe
  2⤵
  PID:1092
- C:\Windows\System32\XJeCfrZ.exe
  C:\Windows\System32\XJeCfrZ.exe
  2⤵
  PID:6192
- C:\Windows\System32\WARhoMl.exe
  C:\Windows\System32\WARhoMl.exe
  2⤵
  PID:6260
- C:\Windows\System32\MUiVhLi.exe
  C:\Windows\System32\MUiVhLi.exe
  2⤵
  PID:6324
- C:\Windows\System32\VDVdLgK.exe
  C:\Windows\System32\VDVdLgK.exe
  2⤵
  PID:6404
- C:\Windows\System32\aOvMEaf.exe
  C:\Windows\System32\aOvMEaf.exe
  2⤵
  PID:6472
- C:\Windows\System32\QOpcSwO.exe
  C:\Windows\System32\QOpcSwO.exe
  2⤵
  PID:6520
- C:\Windows\System32\AKTqfpz.exe
  C:\Windows\System32\AKTqfpz.exe
  2⤵
  PID:6584
- C:\Windows\System32\AKyMkDW.exe
  C:\Windows\System32\AKyMkDW.exe
  2⤵
  PID:6656
- C:\Windows\System32\qsGTJOi.exe
  C:\Windows\System32\qsGTJOi.exe
  2⤵
  PID:6716
- C:\Windows\System32\KRUmRpb.exe
  C:\Windows\System32\KRUmRpb.exe
  2⤵
  PID:6780
- C:\Windows\System32\tEAcugw.exe
  C:\Windows\System32\tEAcugw.exe
  2⤵
  PID:6880
- C:\Windows\System32\PZRhTCL.exe
  C:\Windows\System32\PZRhTCL.exe
  2⤵
  PID:6952
- C:\Windows\System32\MtWOpvq.exe
  C:\Windows\System32\MtWOpvq.exe
  2⤵
  PID:6980
- C:\Windows\System32\aUDWwol.exe
  C:\Windows\System32\aUDWwol.exe
  2⤵
  PID:7020
- C:\Windows\System32\XAzhFvl.exe
  C:\Windows\System32\XAzhFvl.exe
  2⤵
  PID:7104
- C:\Windows\System32\flZfVsZ.exe
  C:\Windows\System32\flZfVsZ.exe
  2⤵
  PID:7164
- C:\Windows\System32\uEZzHHr.exe
  C:\Windows\System32\uEZzHHr.exe
  2⤵
  PID:2416
- C:\Windows\System32\fODYmZm.exe
  C:\Windows\System32\fODYmZm.exe
  2⤵
  PID:5564
- C:\Windows\System32\YuSLlJx.exe
  C:\Windows\System32\YuSLlJx.exe
  2⤵
  PID:6280
- C:\Windows\System32\TsgEFRf.exe
  C:\Windows\System32\TsgEFRf.exe
  2⤵
  PID:6432
- C:\Windows\System32\CeZKEoB.exe
  C:\Windows\System32\CeZKEoB.exe
  2⤵
  PID:6548
- C:\Windows\System32\YQtDeJX.exe
  C:\Windows\System32\YQtDeJX.exe
  2⤵
  PID:6740
- C:\Windows\System32\jlXwwIl.exe
  C:\Windows\System32\jlXwwIl.exe
  2⤵
  PID:6856
- C:\Windows\System32\rlQAaSk.exe
  C:\Windows\System32\rlQAaSk.exe
  2⤵
  PID:6992
- C:\Windows\System32\UCuvtcl.exe
  C:\Windows\System32\UCuvtcl.exe
  2⤵
  PID:7116
- C:\Windows\System32\dVxCUUA.exe
  C:\Windows\System32\dVxCUUA.exe
  2⤵
  PID:7184
- C:\Windows\System32\hCdZIWI.exe
  C:\Windows\System32\hCdZIWI.exe
  2⤵
  PID:7208
- C:\Windows\System32\CQSIdSs.exe
  C:\Windows\System32\CQSIdSs.exe
  2⤵
  PID:7240
- C:\Windows\System32\voieEOK.exe
  C:\Windows\System32\voieEOK.exe
  2⤵
  PID:7268
- C:\Windows\System32\FHZAGUk.exe
  C:\Windows\System32\FHZAGUk.exe
  2⤵
  PID:7296
- C:\Windows\System32\xIuZdwB.exe
  C:\Windows\System32\xIuZdwB.exe
  2⤵
  PID:7324
- C:\Windows\System32\uNNkxQu.exe
  C:\Windows\System32\uNNkxQu.exe
  2⤵
  PID:7352
- C:\Windows\System32\lRMeTQY.exe
  C:\Windows\System32\lRMeTQY.exe
  2⤵
  PID:7380
- C:\Windows\System32\KPwxNTn.exe
  C:\Windows\System32\KPwxNTn.exe
  2⤵
  PID:7408
- C:\Windows\System32\DjqkLSc.exe
  C:\Windows\System32\DjqkLSc.exe
  2⤵
  PID:7436
- C:\Windows\System32\iihpnGv.exe
  C:\Windows\System32\iihpnGv.exe
  2⤵
  PID:7464
- C:\Windows\System32\qiXOUbn.exe
  C:\Windows\System32\qiXOUbn.exe
  2⤵
  PID:7492
- C:\Windows\System32\KcpZHyf.exe
  C:\Windows\System32\KcpZHyf.exe
  2⤵
  PID:7520
- C:\Windows\System32\pTTzaVB.exe
  C:\Windows\System32\pTTzaVB.exe
  2⤵
  PID:7544
- C:\Windows\System32\FFmrTpp.exe
  C:\Windows\System32\FFmrTpp.exe
  2⤵
  PID:7576
- C:\Windows\System32\qHHlXLR.exe
  C:\Windows\System32\qHHlXLR.exe
  2⤵
  PID:7604
- C:\Windows\System32\yLKJEqP.exe
  C:\Windows\System32\yLKJEqP.exe
  2⤵
  PID:7632
- C:\Windows\System32\ILWUZke.exe
  C:\Windows\System32\ILWUZke.exe
  2⤵
  PID:7660
- C:\Windows\System32\xRTcYlg.exe
  C:\Windows\System32\xRTcYlg.exe
  2⤵
  PID:7688
- C:\Windows\System32\fndBVqh.exe
  C:\Windows\System32\fndBVqh.exe
  2⤵
  PID:7716
- C:\Windows\System32\xUxYWhk.exe
  C:\Windows\System32\xUxYWhk.exe
  2⤵
  PID:7744
- C:\Windows\System32\iMIWlzy.exe
  C:\Windows\System32\iMIWlzy.exe
  2⤵
  PID:7772
- C:\Windows\System32\tcUNWFN.exe
  C:\Windows\System32\tcUNWFN.exe
  2⤵
  PID:7800
- C:\Windows\System32\JaJeXcR.exe
  C:\Windows\System32\JaJeXcR.exe
  2⤵
  PID:7828
- C:\Windows\System32\lPPxMZD.exe
  C:\Windows\System32\lPPxMZD.exe
  2⤵
  PID:7856
- C:\Windows\System32\wwuXaqb.exe
  C:\Windows\System32\wwuXaqb.exe
  2⤵
  PID:7884
- C:\Windows\System32\ruXnoDW.exe
  C:\Windows\System32\ruXnoDW.exe
  2⤵
  PID:7912
- C:\Windows\System32\GwINzGG.exe
  C:\Windows\System32\GwINzGG.exe
  2⤵
  PID:7940
- C:\Windows\System32\dTtCSHd.exe
  C:\Windows\System32\dTtCSHd.exe
  2⤵
  PID:7968
- C:\Windows\System32\GethIuX.exe
  C:\Windows\System32\GethIuX.exe
  2⤵
  PID:7992
- C:\Windows\System32\TVOqDkx.exe
  C:\Windows\System32\TVOqDkx.exe
  2⤵
  PID:8024
- C:\Windows\System32\xCxyYIr.exe
  C:\Windows\System32\xCxyYIr.exe
  2⤵
  PID:8052
- C:\Windows\System32\UUAZVcn.exe
  C:\Windows\System32\UUAZVcn.exe
  2⤵
  PID:8080
- C:\Windows\System32\saenDQT.exe
  C:\Windows\System32\saenDQT.exe
  2⤵
  PID:8108
- C:\Windows\System32\iQgNLUa.exe
  C:\Windows\System32\iQgNLUa.exe
  2⤵
  PID:8148
- C:\Windows\System32\hRQmjGU.exe
  C:\Windows\System32\hRQmjGU.exe
  2⤵
  PID:8164
- C:\Windows\System32\mgCxNuz.exe
  C:\Windows\System32\mgCxNuz.exe
  2⤵
  PID:1516
- C:\Windows\System32\TeDJfAj.exe
  C:\Windows\System32\TeDJfAj.exe
  2⤵
  PID:6348
- C:\Windows\System32\QHThSXa.exe
  C:\Windows\System32\QHThSXa.exe
  2⤵
  PID:6684
- C:\Windows\System32\WrWQFfl.exe
  C:\Windows\System32\WrWQFfl.exe
  2⤵
  PID:7052
- C:\Windows\System32\OzSZKcP.exe
  C:\Windows\System32\OzSZKcP.exe
  2⤵
  PID:7196
- C:\Windows\System32\PCAoXbW.exe
  C:\Windows\System32\PCAoXbW.exe
  2⤵
  PID:7252
- C:\Windows\System32\waITiIW.exe
  C:\Windows\System32\waITiIW.exe
  2⤵
  PID:7304
- C:\Windows\System32\gozDsnC.exe
  C:\Windows\System32\gozDsnC.exe
  2⤵
  PID:7332
- C:\Windows\System32\cQjfExU.exe
  C:\Windows\System32\cQjfExU.exe
  2⤵
  PID:7420
- C:\Windows\System32\FKLbiIq.exe
  C:\Windows\System32\FKLbiIq.exe
  2⤵
  PID:7484
- C:\Windows\System32\bdcoZQs.exe
  C:\Windows\System32\bdcoZQs.exe
  2⤵
  PID:7540
- C:\Windows\System32\lQKuSXT.exe
  C:\Windows\System32\lQKuSXT.exe
  2⤵
  PID:7596
- C:\Windows\System32\QTUNArx.exe
  C:\Windows\System32\QTUNArx.exe
  2⤵
  PID:7680
- C:\Windows\System32\OGeYaTc.exe
  C:\Windows\System32\OGeYaTc.exe
  2⤵
  PID:7724
- C:\Windows\System32\HMkkjju.exe
  C:\Windows\System32\HMkkjju.exe
  2⤵
  PID:7752
- C:\Windows\System32\hJClqxT.exe
  C:\Windows\System32\hJClqxT.exe
  2⤵
  PID:7960
- C:\Windows\System32\gfDNrQt.exe
  C:\Windows\System32\gfDNrQt.exe
  2⤵
  PID:8016
- C:\Windows\System32\HkUcako.exe
  C:\Windows\System32\HkUcako.exe
  2⤵
  PID:8044
- C:\Windows\System32\GuwYFhl.exe
  C:\Windows\System32\GuwYFhl.exe
  2⤵
  PID:5780
- C:\Windows\System32\oHjdjBs.exe
  C:\Windows\System32\oHjdjBs.exe
  2⤵
  PID:8140
- C:\Windows\System32\NITbkxr.exe
  C:\Windows\System32\NITbkxr.exe
  2⤵
  PID:8172
- C:\Windows\System32\dEKTMmM.exe
  C:\Windows\System32\dEKTMmM.exe
  2⤵
  PID:6604
- C:\Windows\System32\ealyYwl.exe
  C:\Windows\System32\ealyYwl.exe
  2⤵
  PID:4684
- C:\Windows\System32\KTWeFcw.exe
  C:\Windows\System32\KTWeFcw.exe
  2⤵
  PID:7276
- C:\Windows\System32\tGeQXWi.exe
  C:\Windows\System32\tGeQXWi.exe
  2⤵
  PID:3628
- C:\Windows\System32\daOSjQu.exe
  C:\Windows\System32\daOSjQu.exe
  2⤵
  PID:7392
- C:\Windows\System32\VEoYMwZ.exe
  C:\Windows\System32\VEoYMwZ.exe
  2⤵
  PID:7472
- C:\Windows\System32\kOgLKJn.exe
  C:\Windows\System32\kOgLKJn.exe
  2⤵
  PID:4832
- C:\Windows\System32\CrtComm.exe
  C:\Windows\System32\CrtComm.exe
  2⤵
  PID:4564
- C:\Windows\System32\cPDpcIz.exe
  C:\Windows\System32\cPDpcIz.exe
  2⤵
  PID:5804
- C:\Windows\System32\JdmHuzy.exe
  C:\Windows\System32\JdmHuzy.exe
  2⤵
  PID:5988
- C:\Windows\System32\MooSIkU.exe
  C:\Windows\System32\MooSIkU.exe
  2⤵
  PID:3544
- C:\Windows\System32\BntdKSP.exe
  C:\Windows\System32\BntdKSP.exe
  2⤵
  PID:5372
- C:\Windows\System32\xuSgYIV.exe
  C:\Windows\System32\xuSgYIV.exe
  2⤵
  PID:5376
- C:\Windows\System32\fMoJqFo.exe
  C:\Windows\System32\fMoJqFo.exe
  2⤵
  PID:7904
- C:\Windows\System32\YRlJrki.exe
  C:\Windows\System32\YRlJrki.exe
  2⤵
  PID:7808
- C:\Windows\System32\kqrLNEJ.exe
  C:\Windows\System32\kqrLNEJ.exe
  2⤵
  PID:7988
- C:\Windows\System32\eGETOxo.exe
  C:\Windows\System32\eGETOxo.exe
  2⤵
  PID:8160
- C:\Windows\System32\jdDJNiQ.exe
  C:\Windows\System32\jdDJNiQ.exe
  2⤵
  PID:2636
- C:\Windows\System32\jBrVgaU.exe
  C:\Windows\System32\jBrVgaU.exe
  2⤵
  PID:5968
- C:\Windows\System32\PAQibOG.exe
  C:\Windows\System32\PAQibOG.exe
  2⤵
  PID:1772
- C:\Windows\System32\jqTpCkL.exe
  C:\Windows\System32\jqTpCkL.exe
  2⤵
  PID:7840
- C:\Windows\System32\sWYWtVw.exe
  C:\Windows\System32\sWYWtVw.exe
  2⤵
  PID:5572
- C:\Windows\System32\YfOvAqG.exe
  C:\Windows\System32\YfOvAqG.exe
  2⤵
  PID:8120
- C:\Windows\System32\MbmMPWG.exe
  C:\Windows\System32\MbmMPWG.exe
  2⤵
  PID:3140
- C:\Windows\System32\TMqyIzR.exe
  C:\Windows\System32\TMqyIzR.exe
  2⤵
  PID:3128
- C:\Windows\System32\NeoRBOZ.exe
  C:\Windows\System32\NeoRBOZ.exe
  2⤵
  PID:7512
- C:\Windows\System32\SOQJFDN.exe
  C:\Windows\System32\SOQJFDN.exe
  2⤵
  PID:4804
- C:\Windows\System32\tmwmMnA.exe
  C:\Windows\System32\tmwmMnA.exe
  2⤵
  PID:3132
- C:\Windows\System32\IkMPiBR.exe
  C:\Windows\System32\IkMPiBR.exe
  2⤵
  PID:4496
- C:\Windows\System32\KfpUNWQ.exe
  C:\Windows\System32\KfpUNWQ.exe
  2⤵
  PID:6800
- C:\Windows\System32\IcXwZmP.exe
  C:\Windows\System32\IcXwZmP.exe
  2⤵
  PID:8216
- C:\Windows\System32\FlxatFf.exe
  C:\Windows\System32\FlxatFf.exe
  2⤵
  PID:8256
- C:\Windows\System32\ljVvOlX.exe
  C:\Windows\System32\ljVvOlX.exe
  2⤵
  PID:8284
- C:\Windows\System32\QYsgBPw.exe
  C:\Windows\System32\QYsgBPw.exe
  2⤵
  PID:8300
- C:\Windows\System32\SfxpZMu.exe
  C:\Windows\System32\SfxpZMu.exe
  2⤵
  PID:8332
- C:\Windows\System32\XPoIVsm.exe
  C:\Windows\System32\XPoIVsm.exe
  2⤵
  PID:8356
- C:\Windows\System32\xxdAkNz.exe
  C:\Windows\System32\xxdAkNz.exe
  2⤵
  PID:8396
- C:\Windows\System32\tlRLGAX.exe
  C:\Windows\System32\tlRLGAX.exe
  2⤵
  PID:8416
- C:\Windows\System32\jCLVQmG.exe
  C:\Windows\System32\jCLVQmG.exe
  2⤵
  PID:8440
- C:\Windows\System32\oPUwhFZ.exe
  C:\Windows\System32\oPUwhFZ.exe
  2⤵
  PID:8480
- C:\Windows\System32\xmyBJiJ.exe
  C:\Windows\System32\xmyBJiJ.exe
  2⤵
  PID:8496
- C:\Windows\System32\ePtleXm.exe
  C:\Windows\System32\ePtleXm.exe
  2⤵
  PID:8536
- C:\Windows\System32\vBkEFZF.exe
  C:\Windows\System32\vBkEFZF.exe
  2⤵
  PID:8568
- C:\Windows\System32\NgtFwFm.exe
  C:\Windows\System32\NgtFwFm.exe
  2⤵
  PID:8592
- C:\Windows\System32\SNaXuKD.exe
  C:\Windows\System32\SNaXuKD.exe
  2⤵
  PID:8624
- C:\Windows\System32\WecAVwY.exe
  C:\Windows\System32\WecAVwY.exe
  2⤵
  PID:8668
- C:\Windows\System32\ytAsqSO.exe
  C:\Windows\System32\ytAsqSO.exe
  2⤵
  PID:8692
- C:\Windows\System32\KpmPxxQ.exe
  C:\Windows\System32\KpmPxxQ.exe
  2⤵
  PID:8708
- C:\Windows\System32\BnHAikX.exe
  C:\Windows\System32\BnHAikX.exe
  2⤵
  PID:8760
- C:\Windows\System32\bFpGBmj.exe
  C:\Windows\System32\bFpGBmj.exe
  2⤵
  PID:8792
- C:\Windows\System32\sszyUQA.exe
  C:\Windows\System32\sszyUQA.exe
  2⤵
  PID:8816
- C:\Windows\System32\VfTMQoB.exe
  C:\Windows\System32\VfTMQoB.exe
  2⤵
  PID:8844
- C:\Windows\System32\rzUJTJS.exe
  C:\Windows\System32\rzUJTJS.exe
  2⤵
  PID:8872
- C:\Windows\System32\iXifLfE.exe
  C:\Windows\System32\iXifLfE.exe
  2⤵
  PID:8904
- C:\Windows\System32\mBcsTjd.exe
  C:\Windows\System32\mBcsTjd.exe
  2⤵
  PID:8932
- C:\Windows\System32\GBIrPFC.exe
  C:\Windows\System32\GBIrPFC.exe
  2⤵
  PID:8960
- C:\Windows\System32\HnokTHa.exe
  C:\Windows\System32\HnokTHa.exe
  2⤵
  PID:8988
- C:\Windows\System32\MMlOKcF.exe
  C:\Windows\System32\MMlOKcF.exe
  2⤵
  PID:9016
- C:\Windows\System32\ZsCKdyb.exe
  C:\Windows\System32\ZsCKdyb.exe
  2⤵
  PID:9040
- C:\Windows\System32\oyQZRup.exe
  C:\Windows\System32\oyQZRup.exe
  2⤵
  PID:9076
- C:\Windows\System32\LYIMRPH.exe
  C:\Windows\System32\LYIMRPH.exe
  2⤵
  PID:9112
- C:\Windows\System32\sMKVCrD.exe
  C:\Windows\System32\sMKVCrD.exe
  2⤵
  PID:9128
- C:\Windows\System32\gMqEWHA.exe
  C:\Windows\System32\gMqEWHA.exe
  2⤵
  PID:9156
- C:\Windows\System32\jdUqbtK.exe
  C:\Windows\System32\jdUqbtK.exe
  2⤵
  PID:9196
- C:\Windows\System32\qVtLkzx.exe
  C:\Windows\System32\qVtLkzx.exe
  2⤵
  PID:3424
- C:\Windows\System32\hFYBNuT.exe
  C:\Windows\System32\hFYBNuT.exe
  2⤵
  PID:3616
- C:\Windows\System32\evDOLml.exe
  C:\Windows\System32\evDOLml.exe
  2⤵
  PID:8244
- C:\Windows\System32\HRqeQWG.exe
  C:\Windows\System32\HRqeQWG.exe
  2⤵
  PID:8252
- C:\Windows\System32\APvawuU.exe
  C:\Windows\System32\APvawuU.exe
  2⤵
  PID:8292
- C:\Windows\System32\WxTQAXg.exe
  C:\Windows\System32\WxTQAXg.exe
  2⤵
  PID:4284
- C:\Windows\System32\kOUYBsq.exe
  C:\Windows\System32\kOUYBsq.exe
  2⤵
  PID:8424
- C:\Windows\System32\mAipNcy.exe
  C:\Windows\System32\mAipNcy.exe
  2⤵
  PID:8516
- C:\Windows\System32\KaJxGLY.exe
  C:\Windows\System32\KaJxGLY.exe
  2⤵
  PID:8584
- C:\Windows\System32\FvpwTCB.exe
  C:\Windows\System32\FvpwTCB.exe
  2⤵
  PID:8648
- C:\Windows\System32\XIjWaXf.exe
  C:\Windows\System32\XIjWaXf.exe
  2⤵
  PID:8740
- C:\Windows\System32\PvnAxaO.exe
  C:\Windows\System32\PvnAxaO.exe
  2⤵
  PID:8812
- C:\Windows\System32\iiYlzfl.exe
  C:\Windows\System32\iiYlzfl.exe
  2⤵
  PID:8864
- C:\Windows\System32\DdbKXGs.exe
  C:\Windows\System32\DdbKXGs.exe
  2⤵
  PID:8888
- C:\Windows\System32\FFMZSOV.exe
  C:\Windows\System32\FFMZSOV.exe
  2⤵
  PID:9012
- C:\Windows\System32\xDpDTZA.exe
  C:\Windows\System32\xDpDTZA.exe
  2⤵
  PID:9108
- C:\Windows\System32\bYrKRNa.exe
  C:\Windows\System32\bYrKRNa.exe
  2⤵
  PID:9168
- C:\Windows\System32\FNDvrmZ.exe
  C:\Windows\System32\FNDvrmZ.exe
  2⤵
  PID:8100
- C:\Windows\System32\DiXrNBH.exe
  C:\Windows\System32\DiXrNBH.exe
  2⤵
  PID:8376
- C:\Windows\System32\UpxHtFJ.exe
  C:\Windows\System32\UpxHtFJ.exe
  2⤵
  PID:8620
- C:\Windows\System32\tWSolYU.exe
  C:\Windows\System32\tWSolYU.exe
  2⤵
  PID:8808
- C:\Windows\System32\jhilQyV.exe
  C:\Windows\System32\jhilQyV.exe
  2⤵
  PID:8860
- C:\Windows\System32\zhPvMPD.exe
  C:\Windows\System32\zhPvMPD.exe
  2⤵
  PID:9124
- C:\Windows\System32\RFdqInI.exe
  C:\Windows\System32\RFdqInI.exe
  2⤵
  PID:8204
- C:\Windows\System32\dsHDLzH.exe
  C:\Windows\System32\dsHDLzH.exe
  2⤵
  PID:8776
- C:\Windows\System32\igufCNx.exe
  C:\Windows\System32\igufCNx.exe
  2⤵
  PID:8700
- C:\Windows\System32\zASxbxM.exe
  C:\Windows\System32\zASxbxM.exe
  2⤵
  PID:9192
- C:\Windows\System32\rOFFGGQ.exe
  C:\Windows\System32\rOFFGGQ.exe
  2⤵
  PID:9248
- C:\Windows\System32\wkjCZio.exe
  C:\Windows\System32\wkjCZio.exe
  2⤵
  PID:9264
- C:\Windows\System32\aFlugst.exe
  C:\Windows\System32\aFlugst.exe
  2⤵
  PID:9304
- C:\Windows\System32\wOQEdne.exe
  C:\Windows\System32\wOQEdne.exe
  2⤵
  PID:9332
- C:\Windows\System32\oFUTShF.exe
  C:\Windows\System32\oFUTShF.exe
  2⤵
  PID:9360
- C:\Windows\System32\FBhfrlt.exe
  C:\Windows\System32\FBhfrlt.exe
  2⤵
  PID:9400
- C:\Windows\System32\mLyemza.exe
  C:\Windows\System32\mLyemza.exe
  2⤵
  PID:9416
- C:\Windows\System32\hUaJLkt.exe
  C:\Windows\System32\hUaJLkt.exe
  2⤵
  PID:9432
- C:\Windows\System32\aspbjDQ.exe
  C:\Windows\System32\aspbjDQ.exe
  2⤵
  PID:9472
- C:\Windows\System32\gMLsDnD.exe
  C:\Windows\System32\gMLsDnD.exe
  2⤵
  PID:9500
- C:\Windows\System32\OkAeipI.exe
  C:\Windows\System32\OkAeipI.exe
  2⤵
  PID:9516
- C:\Windows\System32\DqKpHXE.exe
  C:\Windows\System32\DqKpHXE.exe
  2⤵
  PID:9540
- C:\Windows\System32\YRVovJa.exe
  C:\Windows\System32\YRVovJa.exe
  2⤵
  PID:9580
- C:\Windows\System32\xMbDxFU.exe
  C:\Windows\System32\xMbDxFU.exe
  2⤵
  PID:9600
- C:\Windows\System32\ebFOlqj.exe
  C:\Windows\System32\ebFOlqj.exe
  2⤵
  PID:9616
- C:\Windows\System32\MgQWFQY.exe
  C:\Windows\System32\MgQWFQY.exe
  2⤵
  PID:9644
- C:\Windows\System32\FxiHnWx.exe
  C:\Windows\System32\FxiHnWx.exe
  2⤵
  PID:9676
- C:\Windows\System32\NJviIKH.exe
  C:\Windows\System32\NJviIKH.exe
  2⤵
  PID:9724
- C:\Windows\System32\AiVXFVr.exe
  C:\Windows\System32\AiVXFVr.exe
  2⤵
  PID:9740
- C:\Windows\System32\zXpVOPq.exe
  C:\Windows\System32\zXpVOPq.exe
  2⤵
  PID:9776
- C:\Windows\System32\VyvWwPW.exe
  C:\Windows\System32\VyvWwPW.exe
  2⤵
  PID:9808
- C:\Windows\System32\eyVGreO.exe
  C:\Windows\System32\eyVGreO.exe
  2⤵
  PID:9836
- C:\Windows\System32\XpcmmHY.exe
  C:\Windows\System32\XpcmmHY.exe
  2⤵
  PID:9864
- C:\Windows\System32\gjPceVs.exe
  C:\Windows\System32\gjPceVs.exe
  2⤵
  PID:9896
- C:\Windows\System32\QqeTguG.exe
  C:\Windows\System32\QqeTguG.exe
  2⤵
  PID:9924
- C:\Windows\System32\epQlEFK.exe
  C:\Windows\System32\epQlEFK.exe
  2⤵
  PID:9952
- C:\Windows\System32\zXIlHeW.exe
  C:\Windows\System32\zXIlHeW.exe
  2⤵
  PID:9972
- C:\Windows\System32\TLwSrpq.exe
  C:\Windows\System32\TLwSrpq.exe
  2⤵
  PID:10008
- C:\Windows\System32\KZbiwwY.exe
  C:\Windows\System32\KZbiwwY.exe
  2⤵
  PID:10032
- C:\Windows\System32\OWuzVPH.exe
  C:\Windows\System32\OWuzVPH.exe
  2⤵
  PID:10052
- C:\Windows\System32\ZsRFBDX.exe
  C:\Windows\System32\ZsRFBDX.exe
  2⤵
  PID:10092
- C:\Windows\System32\IJvUBVo.exe
  C:\Windows\System32\IJvUBVo.exe
  2⤵
  PID:10108
- C:\Windows\System32\siMDXbp.exe
  C:\Windows\System32\siMDXbp.exe
  2⤵
  PID:10148
- C:\Windows\System32\NFdGghv.exe
  C:\Windows\System32\NFdGghv.exe
  2⤵
  PID:10180
- C:\Windows\System32\iWCVcWP.exe
  C:\Windows\System32\iWCVcWP.exe
  2⤵
  PID:10204
- C:\Windows\System32\QkwJQzx.exe
  C:\Windows\System32\QkwJQzx.exe
  2⤵
  PID:10232
- C:\Windows\System32\csxRjuj.exe
  C:\Windows\System32\csxRjuj.exe
  2⤵
  PID:9228
- C:\Windows\System32\GXtbqxk.exe
  C:\Windows\System32\GXtbqxk.exe
  2⤵
  PID:9324
- C:\Windows\System32\mserVql.exe
  C:\Windows\System32\mserVql.exe
  2⤵
  PID:9356
- C:\Windows\System32\JGEFqrx.exe
  C:\Windows\System32\JGEFqrx.exe
  2⤵
  PID:9452
- C:\Windows\System32\uQcaIdV.exe
  C:\Windows\System32\uQcaIdV.exe
  2⤵
  PID:9512
- C:\Windows\System32\EZCHhLK.exe
  C:\Windows\System32\EZCHhLK.exe
  2⤵
  PID:9596
- C:\Windows\System32\nlywJeO.exe
  C:\Windows\System32\nlywJeO.exe
  2⤵
  PID:9636
- C:\Windows\System32\KmvQoyE.exe
  C:\Windows\System32\KmvQoyE.exe
  2⤵
  PID:9712
- C:\Windows\System32\SYzIPAY.exe
  C:\Windows\System32\SYzIPAY.exe
  2⤵
  PID:9760
- C:\Windows\System32\YAXkImj.exe
  C:\Windows\System32\YAXkImj.exe
  2⤵
  PID:9820
- C:\Windows\System32\mtyHnHU.exe
  C:\Windows\System32\mtyHnHU.exe
  2⤵
  PID:9880
- C:\Windows\System32\yiZRoDB.exe
  C:\Windows\System32\yiZRoDB.exe
  2⤵
  PID:9964
- C:\Windows\System32\KcHpfBN.exe
  C:\Windows\System32\KcHpfBN.exe
  2⤵
  PID:10024
- C:\Windows\System32\kWoLsEN.exe
  C:\Windows\System32\kWoLsEN.exe
  2⤵
  PID:10100
- C:\Windows\System32\mdqWqrT.exe
  C:\Windows\System32\mdqWqrT.exe
  2⤵
  PID:10144
- C:\Windows\System32\PuOXsGj.exe
  C:\Windows\System32\PuOXsGj.exe
  2⤵
  PID:10216
- C:\Windows\System32\uTkApTK.exe
  C:\Windows\System32\uTkApTK.exe
  2⤵
  PID:9284
- C:\Windows\System32\gVqJmtv.exe
  C:\Windows\System32\gVqJmtv.exe
  2⤵
  PID:9496
- C:\Windows\System32\MaJLFIG.exe
  C:\Windows\System32\MaJLFIG.exe
  2⤵
  PID:9552
- C:\Windows\System32\nWbZvtA.exe
  C:\Windows\System32\nWbZvtA.exe
  2⤵
  PID:9848
- C:\Windows\System32\fSJbKuB.exe
  C:\Windows\System32\fSJbKuB.exe
  2⤵
  PID:9944
- C:\Windows\System32\ohmhYcS.exe
  C:\Windows\System32\ohmhYcS.exe
  2⤵
  PID:10064
- C:\Windows\System32\QbBsscI.exe
  C:\Windows\System32\QbBsscI.exe
  2⤵
  PID:9276
- C:\Windows\System32\fjuhEyF.exe
  C:\Windows\System32\fjuhEyF.exe
  2⤵
  PID:9756
- C:\Windows\System32\ZvNkBcz.exe
  C:\Windows\System32\ZvNkBcz.exe
  2⤵
  PID:10016
- C:\Windows\System32\qHfwMXe.exe
  C:\Windows\System32\qHfwMXe.exe
  2⤵
  PID:10192
- C:\Windows\System32\dyaHGHW.exe
  C:\Windows\System32\dyaHGHW.exe
  2⤵
  PID:9752
- C:\Windows\System32\chwkhQY.exe
  C:\Windows\System32\chwkhQY.exe
  2⤵
  PID:10260
- C:\Windows\System32\mWcWvdZ.exe
  C:\Windows\System32\mWcWvdZ.exe
  2⤵
  PID:10288
- C:\Windows\System32\kevzTtf.exe
  C:\Windows\System32\kevzTtf.exe
  2⤵
  PID:10316
- C:\Windows\System32\UmDMBrU.exe
  C:\Windows\System32\UmDMBrU.exe
  2⤵
  PID:10344
- C:\Windows\System32\tWXaRWl.exe
  C:\Windows\System32\tWXaRWl.exe
  2⤵
  PID:10372
- C:\Windows\System32\agbLRXZ.exe
  C:\Windows\System32\agbLRXZ.exe
  2⤵
  PID:10396
- C:\Windows\System32\dxlbxFJ.exe
  C:\Windows\System32\dxlbxFJ.exe
  2⤵
  PID:10420
- C:\Windows\System32\xDDWGYQ.exe
  C:\Windows\System32\xDDWGYQ.exe
  2⤵
  PID:10444
- C:\Windows\System32\AMDMLUl.exe
  C:\Windows\System32\AMDMLUl.exe
  2⤵
  PID:10476
- C:\Windows\System32\ShsDFRR.exe
  C:\Windows\System32\ShsDFRR.exe
  2⤵
  PID:10504
- C:\Windows\System32\RwnfNHX.exe
  C:\Windows\System32\RwnfNHX.exe
  2⤵
  PID:10532
- C:\Windows\System32\ylIaAPi.exe
  C:\Windows\System32\ylIaAPi.exe
  2⤵
  PID:10548
- C:\Windows\System32\TPbPNmi.exe
  C:\Windows\System32\TPbPNmi.exe
  2⤵
  PID:10568
- C:\Windows\System32\fWWvVrC.exe
  C:\Windows\System32\fWWvVrC.exe
  2⤵
  PID:10604
- C:\Windows\System32\wGLYOJa.exe
  C:\Windows\System32\wGLYOJa.exe
  2⤵
  PID:10668
- C:\Windows\System32\wYXeODw.exe
  C:\Windows\System32\wYXeODw.exe
  2⤵
  PID:10704
- C:\Windows\System32\RppnKAZ.exe
  C:\Windows\System32\RppnKAZ.exe
  2⤵
  PID:10720
- C:\Windows\System32\KaOCNiJ.exe
  C:\Windows\System32\KaOCNiJ.exe
  2⤵
  PID:10792
- C:\Windows\System32\SpHbCFQ.exe
  C:\Windows\System32\SpHbCFQ.exe
  2⤵
  PID:10840
- C:\Windows\System32\NieVqLE.exe
  C:\Windows\System32\NieVqLE.exe
  2⤵
  PID:10900
- C:\Windows\System32\hnDMibX.exe
  C:\Windows\System32\hnDMibX.exe
  2⤵
  PID:10928
- C:\Windows\System32\nqZQOlz.exe
  C:\Windows\System32\nqZQOlz.exe
  2⤵
  PID:10960
- C:\Windows\System32\OgAxYUA.exe
  C:\Windows\System32\OgAxYUA.exe
  2⤵
  PID:10988
- C:\Windows\System32\VKZlvSh.exe
  C:\Windows\System32\VKZlvSh.exe
  2⤵
  PID:11020
- C:\Windows\System32\zkrOZvK.exe
  C:\Windows\System32\zkrOZvK.exe
  2⤵
  PID:11048
- C:\Windows\System32\PBejPXU.exe
  C:\Windows\System32\PBejPXU.exe
  2⤵
  PID:11064
- C:\Windows\System32\WPNXIkO.exe
  C:\Windows\System32\WPNXIkO.exe
  2⤵
  PID:11096
- C:\Windows\System32\wjHsfWW.exe
  C:\Windows\System32\wjHsfWW.exe
  2⤵
  PID:11120
- C:\Windows\System32\GJqPPmn.exe
  C:\Windows\System32\GJqPPmn.exe
  2⤵
  PID:11160
- C:\Windows\System32\yLLjaUZ.exe
  C:\Windows\System32\yLLjaUZ.exe
  2⤵
  PID:11188
- C:\Windows\System32\lkhOAjt.exe
  C:\Windows\System32\lkhOAjt.exe
  2⤵
  PID:11204
- C:\Windows\System32\wEXeWUG.exe
  C:\Windows\System32\wEXeWUG.exe
  2⤵
  PID:11232
- C:\Windows\System32\WVrNKcI.exe
  C:\Windows\System32\WVrNKcI.exe
  2⤵
  PID:10256
- C:\Windows\System32\erSLTnq.exe
  C:\Windows\System32\erSLTnq.exe
  2⤵
  PID:10312
- C:\Windows\System32\YnNRKpm.exe
  C:\Windows\System32\YnNRKpm.exe
  2⤵
  PID:10352
- C:\Windows\System32\uyVVkVF.exe
  C:\Windows\System32\uyVVkVF.exe
  2⤵
  PID:10460
- C:\Windows\System32\mKkXtxF.exe
  C:\Windows\System32\mKkXtxF.exe
  2⤵
  PID:10484
- C:\Windows\System32\jSWnhzC.exe
  C:\Windows\System32\jSWnhzC.exe
  2⤵
  PID:10544
- C:\Windows\System32\xptCFMJ.exe
  C:\Windows\System32\xptCFMJ.exe
  2⤵
  PID:10648
- C:\Windows\System32\ocZRxlv.exe
  C:\Windows\System32\ocZRxlv.exe
  2⤵
  PID:10688
- C:\Windows\System32\KndwGCC.exe
  C:\Windows\System32\KndwGCC.exe
  2⤵
  PID:8492
- C:\Windows\System32\fIofSip.exe
  C:\Windows\System32\fIofSip.exe
  2⤵
  PID:10832
- C:\Windows\System32\qXrOkKw.exe
  C:\Windows\System32\qXrOkKw.exe
  2⤵
  PID:8752
- C:\Windows\System32\eopTzyZ.exe
  C:\Windows\System32\eopTzyZ.exe
  2⤵
  PID:10984
- C:\Windows\System32\BIrMuvj.exe
  C:\Windows\System32\BIrMuvj.exe
  2⤵
  PID:11028
- C:\Windows\System32\caXHCTE.exe
  C:\Windows\System32\caXHCTE.exe
  2⤵
  PID:11156
- C:\Windows\System32\wtKboqE.exe
  C:\Windows\System32\wtKboqE.exe
  2⤵
  PID:11244
- C:\Windows\System32\YsdbynP.exe
  C:\Windows\System32\YsdbynP.exe
  2⤵
  PID:10308
- C:\Windows\System32\cuPsTnt.exe
  C:\Windows\System32\cuPsTnt.exe
  2⤵
  PID:10436
- C:\Windows\System32\WymvEWs.exe
  C:\Windows\System32\WymvEWs.exe
  2⤵
  PID:10584
- C:\Windows\System32\TvmbNoS.exe
  C:\Windows\System32\TvmbNoS.exe
  2⤵
  PID:9096
- C:\Windows\System32\UMlqOus.exe
  C:\Windows\System32\UMlqOus.exe
  2⤵
  PID:11000
- C:\Windows\System32\aQhPRtO.exe
  C:\Windows\System32\aQhPRtO.exe
  2⤵
  PID:10248
- C:\Windows\System32\FagAhut.exe
  C:\Windows\System32\FagAhut.exe
  2⤵
  PID:10800
- C:\Windows\System32\gcQrUBp.exe
  C:\Windows\System32\gcQrUBp.exe
  2⤵
  PID:11200
- C:\Windows\System32\YHtUBdv.exe
  C:\Windows\System32\YHtUBdv.exe
  2⤵
  PID:11288
- C:\Windows\System32\VVDDmxD.exe
  C:\Windows\System32\VVDDmxD.exe
  2⤵
  PID:11328
- C:\Windows\System32\bsiwDaY.exe
  C:\Windows\System32\bsiwDaY.exe
  2⤵
  PID:11360
- C:\Windows\System32\tqxHVqR.exe
  C:\Windows\System32\tqxHVqR.exe
  2⤵
  PID:11380
- C:\Windows\System32\APjCpiJ.exe
  C:\Windows\System32\APjCpiJ.exe
  2⤵
  PID:11412
- C:\Windows\System32\AJfQblK.exe
  C:\Windows\System32\AJfQblK.exe
  2⤵
  PID:11468
- C:\Windows\System32\EWBqQKZ.exe
  C:\Windows\System32\EWBqQKZ.exe
  2⤵
  PID:11516
- C:\Windows\System32\bEkReoM.exe
  C:\Windows\System32\bEkReoM.exe
  2⤵
  PID:11544
- C:\Windows\System32\UtdhhQz.exe
  C:\Windows\System32\UtdhhQz.exe
  2⤵
  PID:11588
- C:\Windows\System32\HQfLhXT.exe
  C:\Windows\System32\HQfLhXT.exe
  2⤵
  PID:11624
- C:\Windows\System32\TvpxbyR.exe
  C:\Windows\System32\TvpxbyR.exe
  2⤵
  PID:11656
- C:\Windows\System32\SwuplSX.exe
  C:\Windows\System32\SwuplSX.exe
  2⤵
  PID:11688
- C:\Windows\System32\KGcWLLh.exe
  C:\Windows\System32\KGcWLLh.exe
  2⤵
  PID:11716
- C:\Windows\System32\HZcNUcf.exe
  C:\Windows\System32\HZcNUcf.exe
  2⤵
  PID:11744
- C:\Windows\System32\TVbvtcj.exe
  C:\Windows\System32\TVbvtcj.exe
  2⤵
  PID:11772
- C:\Windows\System32\PUlKcyj.exe
  C:\Windows\System32\PUlKcyj.exe
  2⤵
  PID:11800
- C:\Windows\System32\OPtUpNi.exe
  C:\Windows\System32\OPtUpNi.exe
  2⤵
  PID:11836
- C:\Windows\System32\hSxKDMU.exe
  C:\Windows\System32\hSxKDMU.exe
  2⤵
  PID:11864
- C:\Windows\System32\rkZypRL.exe
  C:\Windows\System32\rkZypRL.exe
  2⤵
  PID:11888
- C:\Windows\System32\LRGaSVf.exe
  C:\Windows\System32\LRGaSVf.exe
  2⤵
  PID:11920
- C:\Windows\System32\ZpDVOtj.exe
  C:\Windows\System32\ZpDVOtj.exe
  2⤵
  PID:11956
- C:\Windows\System32\txjDHAx.exe
  C:\Windows\System32\txjDHAx.exe
  2⤵
  PID:11984
- C:\Windows\System32\teXNtFr.exe
  C:\Windows\System32\teXNtFr.exe
  2⤵
  PID:12020
- C:\Windows\System32\emQNMhq.exe
  C:\Windows\System32\emQNMhq.exe
  2⤵
  PID:12040
- C:\Windows\System32\XxkrDCh.exe
  C:\Windows\System32\XxkrDCh.exe
  2⤵
  PID:12068
- C:\Windows\System32\QthooUg.exe
  C:\Windows\System32\QthooUg.exe
  2⤵
  PID:12088
- C:\Windows\System32\JgzTWdM.exe
  C:\Windows\System32\JgzTWdM.exe
  2⤵
  PID:12116
- C:\Windows\System32\cboyuaM.exe
  C:\Windows\System32\cboyuaM.exe
  2⤵
  PID:12160
- C:\Windows\System32\AwgPYWI.exe
  C:\Windows\System32\AwgPYWI.exe
  2⤵
  PID:12200
- C:\Windows\System32\tHAtZKc.exe
  C:\Windows\System32\tHAtZKc.exe
  2⤵
  PID:12220
- C:\Windows\System32\cAOyggF.exe
  C:\Windows\System32\cAOyggF.exe
  2⤵
  PID:12244
- C:\Windows\System32\dsnDnrv.exe
  C:\Windows\System32\dsnDnrv.exe
  2⤵
  PID:12272
- C:\Windows\System32\QkcUrEn.exe
  C:\Windows\System32\QkcUrEn.exe
  2⤵
  PID:11316
- C:\Windows\System32\JdrkhGm.exe
  C:\Windows\System32\JdrkhGm.exe
  2⤵
  PID:11352
- C:\Windows\System32\TadFZWi.exe
  C:\Windows\System32\TadFZWi.exe
  2⤵
  PID:11480
- C:\Windows\System32\bWVOrKG.exe
  C:\Windows\System32\bWVOrKG.exe
  2⤵
  PID:11564
- C:\Windows\System32\MgxCluE.exe
  C:\Windows\System32\MgxCluE.exe
  2⤵
  PID:11636
- C:\Windows\System32\SnyNJOV.exe
  C:\Windows\System32\SnyNJOV.exe
  2⤵
  PID:11684
- C:\Windows\System32\FIbRpsk.exe
  C:\Windows\System32\FIbRpsk.exe
  2⤵
  PID:11740
- C:\Windows\System32\TlLZlFG.exe
  C:\Windows\System32\TlLZlFG.exe
  2⤵
  PID:11828
- C:\Windows\System32\IyyUCgN.exe
  C:\Windows\System32\IyyUCgN.exe
  2⤵
  PID:11944
- C:\Windows\System32\TgAKxbV.exe
  C:\Windows\System32\TgAKxbV.exe
  2⤵
  PID:12008
- C:\Windows\System32\ZgKkDVm.exe
  C:\Windows\System32\ZgKkDVm.exe
  2⤵
  PID:12056
- C:\Windows\System32\YtHqIUJ.exe
  C:\Windows\System32\YtHqIUJ.exe
  2⤵
  PID:12184
- C:\Windows\System32\ONkJoNh.exe
  C:\Windows\System32\ONkJoNh.exe
  2⤵
  PID:12256
- C:\Windows\System32\ZsrHWba.exe
  C:\Windows\System32\ZsrHWba.exe
  2⤵
  PID:11344
- C:\Windows\System32\OrwonRv.exe
  C:\Windows\System32\OrwonRv.exe
  2⤵
  PID:11368
- C:\Windows\System32\jdEdkTE.exe
  C:\Windows\System32\jdEdkTE.exe
  2⤵
  PID:11700
- C:\Windows\System32\LInunrx.exe
  C:\Windows\System32\LInunrx.exe
  2⤵
  PID:11900
- C:\Windows\System32\jSuajRy.exe
  C:\Windows\System32\jSuajRy.exe
  2⤵
  PID:12156
- C:\Windows\System32\hEGLAGo.exe
  C:\Windows\System32\hEGLAGo.exe
  2⤵
  PID:11580
- C:\Windows\System32\AWnTjsi.exe
  C:\Windows\System32\AWnTjsi.exe
  2⤵
  PID:11876
- C:\Windows\System32\JVtyaLH.exe
  C:\Windows\System32\JVtyaLH.exe
  2⤵
  PID:11420
- C:\Windows\System32\iyebfiB.exe
  C:\Windows\System32\iyebfiB.exe
  2⤵
  PID:12300
- C:\Windows\System32\ibwVXUS.exe
  C:\Windows\System32\ibwVXUS.exe
  2⤵
  PID:12324
- C:\Windows\System32\wEdOIeb.exe
  C:\Windows\System32\wEdOIeb.exe
  2⤵
  PID:12352
- C:\Windows\System32\nXvhYOq.exe
  C:\Windows\System32\nXvhYOq.exe
  2⤵
  PID:12384
- C:\Windows\System32\FeyHkbY.exe
  C:\Windows\System32\FeyHkbY.exe
  2⤵
  PID:12404
- C:\Windows\System32\ToOGNOQ.exe
  C:\Windows\System32\ToOGNOQ.exe
  2⤵
  PID:12432
- C:\Windows\System32\vEzgVvu.exe
  C:\Windows\System32\vEzgVvu.exe
  2⤵
  PID:12472
- C:\Windows\System32\KRpaeQC.exe
  C:\Windows\System32\KRpaeQC.exe
  2⤵
  PID:12504
- C:\Windows\System32\ySrBNjB.exe
  C:\Windows\System32\ySrBNjB.exe
  2⤵
  PID:12520
- C:\Windows\System32\QXPTChD.exe
  C:\Windows\System32\QXPTChD.exe
  2⤵
  PID:12548
- C:\Windows\System32\OWXljLO.exe
  C:\Windows\System32\OWXljLO.exe
  2⤵
  PID:12576
- C:\Windows\System32\xdjuEEU.exe
  C:\Windows\System32\xdjuEEU.exe
  2⤵
  PID:12620
- C:\Windows\System32\bTzgDiQ.exe
  C:\Windows\System32\bTzgDiQ.exe
  2⤵
  PID:12672
- C:\Windows\System32\AXiWmxU.exe
  C:\Windows\System32\AXiWmxU.exe
  2⤵
  PID:12696
- C:\Windows\System32\HvSbeLj.exe
  C:\Windows\System32\HvSbeLj.exe
  2⤵
  PID:12712
- C:\Windows\System32\MiewHAo.exe
  C:\Windows\System32\MiewHAo.exe
  2⤵
  PID:12736
- C:\Windows\System32\Xcyhhus.exe
  C:\Windows\System32\Xcyhhus.exe
  2⤵
  PID:12760
- C:\Windows\System32\zZRnzlB.exe
  C:\Windows\System32\zZRnzlB.exe
  2⤵
  PID:12792
- C:\Windows\System32\SYEuFxX.exe
  C:\Windows\System32\SYEuFxX.exe
  2⤵
  PID:12808
- C:\Windows\System32\NpqEDAA.exe
  C:\Windows\System32\NpqEDAA.exe
  2⤵
  PID:12832
- C:\Windows\System32\aixZCrL.exe
  C:\Windows\System32\aixZCrL.exe
  2⤵
  PID:12880
- C:\Windows\System32\sJIJfiB.exe
  C:\Windows\System32\sJIJfiB.exe
  2⤵
  PID:12928
- C:\Windows\System32\wmrFOzK.exe
  C:\Windows\System32\wmrFOzK.exe
  2⤵
  PID:12948
- C:\Windows\System32\cItUaDg.exe
  C:\Windows\System32\cItUaDg.exe
  2⤵
  PID:12968
- C:\Windows\System32\rWHeuVi.exe
  C:\Windows\System32\rWHeuVi.exe
  2⤵
  PID:13008
- C:\Windows\System32\oZmrKrr.exe
  C:\Windows\System32\oZmrKrr.exe
  2⤵
  PID:13084
- C:\Windows\System32\lBsIJPj.exe
  C:\Windows\System32\lBsIJPj.exe
  2⤵
  PID:13104
- C:\Windows\System32\boKHzYN.exe
  C:\Windows\System32\boKHzYN.exe
  2⤵
  PID:13136
- C:\Windows\System32\NPKkpqV.exe
  C:\Windows\System32\NPKkpqV.exe
  2⤵
  PID:13164
- C:\Windows\System32\ZGUqQZh.exe
  C:\Windows\System32\ZGUqQZh.exe
  2⤵
  PID:13180
- C:\Windows\System32\aXOcrLv.exe
  C:\Windows\System32\aXOcrLv.exe
  2⤵
  PID:13216
- C:\Windows\System32\vwzHZka.exe
  C:\Windows\System32\vwzHZka.exe
  2⤵
  PID:13240
- C:\Windows\System32\kvxIXhU.exe
  C:\Windows\System32\kvxIXhU.exe
  2⤵
  PID:13284
- C:\Windows\System32\mMgfWIC.exe
  C:\Windows\System32\mMgfWIC.exe
  2⤵
  PID:3756
- C:\Windows\System32\XkUtUut.exe
  C:\Windows\System32\XkUtUut.exe
  2⤵
  PID:2368
- C:\Windows\System32\KTaVfIi.exe
  C:\Windows\System32\KTaVfIi.exe
  2⤵
  PID:12336
- C:\Windows\System32\DQKMThd.exe
  C:\Windows\System32\DQKMThd.exe
  2⤵
  PID:12396
- C:\Windows\System32\ADPpWOg.exe
  C:\Windows\System32\ADPpWOg.exe
  2⤵
  PID:12468
- C:\Windows\System32\rQXSOKF.exe
  C:\Windows\System32\rQXSOKF.exe
  2⤵
  PID:12532
- C:\Windows\System32\TZxYAVa.exe
  C:\Windows\System32\TZxYAVa.exe
  2⤵
  PID:12616
- C:\Windows\System32\SvfXmzJ.exe
  C:\Windows\System32\SvfXmzJ.exe
  2⤵
  PID:12684
- C:\Windows\System32\VdjTjQS.exe
  C:\Windows\System32\VdjTjQS.exe
  2⤵
  PID:12752
- C:\Windows\System32\cguwGrJ.exe
  C:\Windows\System32\cguwGrJ.exe
  2⤵
  PID:12828
- C:\Windows\System32\baSidFA.exe
  C:\Windows\System32\baSidFA.exe
  2⤵
  PID:12916
- C:\Windows\System32\znwdyZY.exe
  C:\Windows\System32\znwdyZY.exe
  2⤵
  PID:12960
- C:\Windows\System32\VXdAekT.exe
  C:\Windows\System32\VXdAekT.exe
  2⤵
  PID:13092
- C:\Windows\System32\VWTDVCO.exe
  C:\Windows\System32\VWTDVCO.exe
  2⤵
  PID:13148
- C:\Windows\System32\bIMPcoo.exe
  C:\Windows\System32\bIMPcoo.exe
  2⤵
  PID:13196
- C:\Windows\System32\TTkJCUT.exe
  C:\Windows\System32\TTkJCUT.exe
  2⤵
  PID:13276
- C:\Windows\System32\XQvWeVx.exe
  C:\Windows\System32\XQvWeVx.exe
  2⤵
  PID:12308
- C:\Windows\System32\ssyMqTg.exe
  C:\Windows\System32\ssyMqTg.exe
  2⤵
  PID:12416
- C:\Windows\System32\mbUkmTs.exe
  C:\Windows\System32\mbUkmTs.exe
  2⤵
  PID:12560
- C:\Windows\System32\oRoqEHd.exe
  C:\Windows\System32\oRoqEHd.exe
  2⤵
  PID:12748
- C:\Windows\System32\BtVXqCz.exe
  C:\Windows\System32\BtVXqCz.exe
  2⤵
  PID:12856
- C:\Windows\System32\GgfNECV.exe
  C:\Windows\System32\GgfNECV.exe
  2⤵
  PID:12984
- C:\Windows\System32\sWnMGBX.exe
  C:\Windows\System32\sWnMGBX.exe
  2⤵
  PID:1632
- C:\Windows\System32\MSScNRM.exe
  C:\Windows\System32\MSScNRM.exe
  2⤵
  PID:12912
- C:\Windows\System32\YaUNFhh.exe
  C:\Windows\System32\YaUNFhh.exe
  2⤵
  PID:11880
- C:\Windows\System32\PmJmJct.exe
  C:\Windows\System32\PmJmJct.exe
  2⤵
  PID:13020
- C:\Windows\System32\dEvBlQT.exe
  C:\Windows\System32\dEvBlQT.exe
  2⤵
  PID:13328
- C:\Windows\System32\zRTqtmO.exe
  C:\Windows\System32\zRTqtmO.exe
  2⤵
  PID:13344
- C:\Windows\System32\BSfNJwQ.exe
  C:\Windows\System32\BSfNJwQ.exe
  2⤵
  PID:13360
- C:\Windows\System32\tsfCAZO.exe
  C:\Windows\System32\tsfCAZO.exe
  2⤵
  PID:13412
- C:\Windows\System32\MoNmBJt.exe
  C:\Windows\System32\MoNmBJt.exe
  2⤵
  PID:13452
- C:\Windows\System32\fOzeCrp.exe
  C:\Windows\System32\fOzeCrp.exe
  2⤵
  PID:13476
- C:\Windows\System32\WPLMSYB.exe
  C:\Windows\System32\WPLMSYB.exe
  2⤵
  PID:13496
- C:\Windows\System32\ABEWiDh.exe
  C:\Windows\System32\ABEWiDh.exe
  2⤵
  PID:13524
- C:\Windows\System32\cTTXgfQ.exe
  C:\Windows\System32\cTTXgfQ.exe
  2⤵
  PID:13552
- C:\Windows\System32\JLUOEwv.exe
  C:\Windows\System32\JLUOEwv.exe
  2⤵
  PID:13568
- C:\Windows\System32\nLkgToT.exe
  C:\Windows\System32\nLkgToT.exe
  2⤵
  PID:13608
- C:\Windows\System32\azvZHDH.exe
  C:\Windows\System32\azvZHDH.exe
  2⤵
  PID:13636
- C:\Windows\System32\dWNqEus.exe
  C:\Windows\System32\dWNqEus.exe
  2⤵
  PID:13660
- C:\Windows\System32\GLYSNny.exe
  C:\Windows\System32\GLYSNny.exe
  2⤵
  PID:13688
- C:\Windows\System32\mjoLCmh.exe
  C:\Windows\System32\mjoLCmh.exe
  2⤵
  PID:13704
- C:\Windows\System32\BhpsgsW.exe
  C:\Windows\System32\BhpsgsW.exe
  2⤵
  PID:13740
- C:\Windows\System32\tmLiCZu.exe
  C:\Windows\System32\tmLiCZu.exe
  2⤵
  PID:13764
- C:\Windows\System32\HyubmuP.exe
  C:\Windows\System32\HyubmuP.exe
  2⤵
  PID:13804
- C:\Windows\System32\BrsFRLB.exe
  C:\Windows\System32\BrsFRLB.exe
  2⤵
  PID:13820
- C:\Windows\System32\FwtvTpS.exe
  C:\Windows\System32\FwtvTpS.exe
  2⤵
  PID:13844
- C:\Windows\System32\TieRZTD.exe
  C:\Windows\System32\TieRZTD.exe
  2⤵
  PID:13888
- C:\Windows\System32\lwDgiod.exe
  C:\Windows\System32\lwDgiod.exe
  2⤵
  PID:13916
- C:\Windows\System32\DCjuzHy.exe
  C:\Windows\System32\DCjuzHy.exe
  2⤵
  PID:13936

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\CoxyVzp.exe

Filesize
3.1MB

MD5
7064e5448779bc41b9d71699d65e2d78

SHA1
3620499f2e83c468865814b0e6b0c87d532b95bc

SHA256
394449348a76cfca4e7fa1e093bea40a860dcc726a8b8be199c10eeb666af4e8

SHA512
abb2e068955644b8c40c0bb1bdbc10d3ca966e19acca876018aae38fc0996126730f01da1ae236fc9bc01ff3f8a457f9b568c8ab39c7164bae777e31cbe0fd5a

Download Submit
C:\Windows\System32\EFJLbbW.exe

Filesize
3.1MB

MD5
68661ce1aa6c109bf3a61279fe1e974f

SHA1
bce3af2d325d3020116b0f61e1d63850b11c6879

SHA256
426861ec1cb358d90d988b5fe545e7f838b562dbf066e6f7f76f19f0b035f1da

SHA512
4220c7cd17470f6ce93c0ff857a92d4ea6394bc7f31002352c3dbd183abef6009fd58094fb3eb62121fb49ad369015295b19466efb56e29aef3be539f2f53363

Download Submit
C:\Windows\System32\Fhcfzny.exe

Filesize
3.1MB

MD5
a96188eb47a150b254bd36ac335d2550

SHA1
1b93986ef05ba306ef8cd1a2825037a43bfe6048

SHA256
c317a6956e9f8511862a9db85f269d14a28d11e95f4f4f0e79d58d7812d1e7fb

SHA512
390e71218403b8bc616e62cf3efe99a4309149db0002e42fe66a4fd5e7bc065852668e5c6cfdd6ad3bb5e62ed23e6a9759e25793a7e9ae6304eaf2c6d1f86a49

Download Submit
C:\Windows\System32\GBgQZPm.exe

Filesize
3.1MB

MD5
eff292dcb36836568e02cd4ad846a94a

SHA1
1d0ea628c41fc195c0661816c5e69d449f123f2f

SHA256
d83c0ee92c9ec779371bdad019f003b6250e6549ea5fb02fce232f6924ff6c50

SHA512
a1d8776a705f70dc2e6a1f49c3a378c0800d59d21cc0a63592041504a55f02742490b46fe675719cce053b089be1fde7c982a0d07d7de835215d230619d125da

Download Submit
C:\Windows\System32\GHpwjKB.exe

Filesize
3.1MB

MD5
a3d44b2a5d284c42e8d218fd8504794c

SHA1
bcdf86a1c71a35e88f434b9d586255dcc572aefa

SHA256
020e0653983c7ff1936751b545ea94e6ce8005b7829bf5365ea8a91498726170

SHA512
6a54486331c8a1b7016f3c3a3e701a8c0fe0f4ed13b8f0f168dcbe5f9bd8a36d1c248df7014c662ded626bb9bf5a9d9e4a31342e2c7683eaf98e3fa7ed74b942

Download Submit
C:\Windows\System32\GnVaEkn.exe

Filesize
3.1MB

MD5
d991138aafc5193afa147e910a1b8c77

SHA1
f7845a0621f91c13d9c7ce1a3085b3f1875a8406

SHA256
778d35d323762d46693bfe7a4524325d4dbefac98edd4d030661f6ca48e19fa4

SHA512
0a5f25180a3541ca349ae3ea8403cafca893cffa4dadc7231903cb47d899a26dcaa9aebdeae9859d7a68b12c9b090946f02581a19a255905d5f677ae453c296f

Download Submit
C:\Windows\System32\HcEbdcp.exe

Filesize
3.1MB

MD5
023c10526c5f4b3210389b13bb36ba7e

SHA1
c2826cdb395b641bac99b6cb91a831c53255e9ef

SHA256
3e4ea01fcdab9b0b9effe627346e4eb0e29b2d9c662faac51c61104b756f618a

SHA512
59d5719067f26f995544b4265f1378e31849242f2e53f3d1eecbadaae265ecb9e528a474de51f15be774be664bec6d3e2e2cea9e11b6299f224998d03b2e5d83

Download Submit
C:\Windows\System32\HtZZunr.exe

Filesize
3.1MB

MD5
3c2b4d481b5c50f85dd9a8b03cf370e8

SHA1
42e8a2132708913d62b2647337e431e68c848546

SHA256
238a5173f3a0d2c869adcf513f4edb890c93ca7bc2b11afd8fa9e09fc54295a8

SHA512
90cec4cfb6f0ee6f08afff704a6eec9a324b9faf131ec1ca9da1b594a6c3fa53042ab9c92491b0a16b9d738cbfa83f6b3618910cb7efbea7057a3a1e0a674ed3

Download Submit
C:\Windows\System32\InICVvC.exe

Filesize
3.1MB

MD5
b1b379919616ce3fb2c6c317aabe00b5

SHA1
335d6e71ef6beceb2bf129ab1b5ce07974b0c130

SHA256
9acd73049b29513d487de0ae25269ae5c28937cf2dfca40f9b46945ca601a8e1

SHA512
ca2a33166f41485329adea7f3997b4081f5bb74f3e721f9bc2e93f9625774359b7bfe98e9ca391a93b1793a8d9449ddd8925f1ef45b4bc4178906bf888c67704

Download Submit
C:\Windows\System32\LGPEaJv.exe

Filesize
3.1MB

MD5
d9492b62cca702a3ef525a3252841adc

SHA1
32c12a9c2dcc35dcf328f0d454b18d081bb53f08

SHA256
c7c5e35eaa537c19e752d503f86fb036195a97711314cf9a4a229ad42e68f7f3

SHA512
a24ba3145ccc97a9c08015f7fd334999b309c8d6ac872b19c387c2059ae1e0416e59af3f863a179387763d05625f10c1d00ca3166e6b98522c26689baa6591b8

Download Submit
C:\Windows\System32\QPMoERY.exe

Filesize
3.1MB

MD5
1f85a90cf46688db2c8ab40ab53997fb

SHA1
5d63e8618828d2ca49743b291e0c98f2f9f82baf

SHA256
98b7dbd519768710e892a23fa774e21cbca88292c89e3994147d90a98a363005

SHA512
20d2a21d3fde5b4449d971f46e4beee921f74bd864f4239f114d50ceb0139db177e117a515f7b32505da809a5b4b27db9349d25f48bafae76cd502d1e6c25084

Download Submit
C:\Windows\System32\XKXkVew.exe

Filesize
3.1MB

MD5
0624c3c9f16145252873ab8984ae5d58

SHA1
bf49e4cdf0549929e823a6cdc2abbe1fb17dead4

SHA256
e0be1b3b1d3a2b839673375d98fd8fe170742a3cbf7c7ac60f71c5ca2722c34d

SHA512
2719e238002e4bfac0da2141f62610ca9139f0d0e0337526ffc6fa6007d8a4a9ede762a9de0b9b991bc11724b133f1cfd2e3c1cadc616195b16db0706fb39dbb

Download Submit
C:\Windows\System32\YIkBGhU.exe

Filesize
3.1MB

MD5
a190a68ab769ee772d271d3129b196f9

SHA1
2c612e3b605dfe77d4366c1fe5f8457b499afff8

SHA256
af4b168c36de4168efac9b0227585dc27ae20f00d08ca0dbafd19f3f163a4eea

SHA512
95f7ce39f768797f3e7c1b8a8d605f3e73584ce9069167368c0c620895570a3889a361f15763e649818f451f355601a8bad8ff51ab790b6254aff7e2e7215acd

Download Submit
C:\Windows\System32\YTQDNuq.exe

Filesize
3.1MB

MD5
7149fc34f6bbac3517ae1aca9c022282

SHA1
236ca769133fc42a124c2238b755871ea4115651

SHA256
1010e1ed4e48c0860141f268d3c065b0a731dbafb0bec1176f6b08c3ff44f557

SHA512
716c73ed5ae4beea95ad62625849ca3aa03e9a1b9d8e04784914323e0795a70b0b5e3f8776a5288a26da0c4c0e4c76e09480d31365c6d985e52a34937113355a

Download Submit
C:\Windows\System32\anTqyER.exe

Filesize
3.1MB

MD5
caa3f9f4ff2558deb0168cce6a4f2119

SHA1
af2a485e629ba3412d6d044686b5ce1385e3adb9

SHA256
618560185dcdf306e729c5b09a6e57360c65f2f04be2a395829c236fc83a8f8d

SHA512
ad002506cea1c7dcb9d7e69485d807b9fff692db3eabfef779fd5f7ad3054f403b23ba193deab36225c78fbc83d9cc82adbaf270e3eb2cd8b918e080bbbd2d91

Download Submit
C:\Windows\System32\bKtadEK.exe

Filesize
3.1MB

MD5
dd9d69750f1ba6270b82d36b5d83c844

SHA1
d9dc60b002761b18be2fc1dafa21d340a0d4b7fc

SHA256
6be0fad761af3b89f3ac9a39724e0530be780ec07b6301ed0190e2ec4a882126

SHA512
9c875e3803d01f82e3523cee637b683ac095785d0c3bf4ef346ee8808eff07692ae08d49b7431a52e320f811e6cf835604d11f368a2ccbb1fa2d9b12ee34ae51

Download Submit
C:\Windows\System32\cwplTQH.exe

Filesize
3.1MB

MD5
87df000daf18a11c493b9bfe96ad58f2

SHA1
3cc19acc7d313b04a9b1479e7965c6e647b550fb

SHA256
9742ae2adcfa20dba1edd81eac6518bcdff14c65cb1ba9561356c6bad581fe6d

SHA512
30132847943f4d31e941017f3217e17298e2afa5b3f368f3d3ceef9d1cdc06bd3a1ca6cee221fb55bbed8cc034b6260de5a38b45670c6278eda2d1cdbb9bd223

Download Submit
C:\Windows\System32\eyzjpGR.exe

Filesize
3.1MB

MD5
34fc683525a4a7e5ae621e61395ae9f1

SHA1
ace68fdff2b252a648d3bc9a425f29f25d18facd

SHA256
6b581bd1d5a48947e6fcc1adfd8ec7c00bda53b1ab8f6a28aca288f952dab328

SHA512
81f1ff13b636584267dc821b0d7f2e91e23eb293cc46f0f38a5adb173462fcf6ef6b5fff444f29a2dff4cbe745d4d902b2fe47eae76050f562d47b7327b0b271

Download Submit
C:\Windows\System32\jYUhRER.exe

Filesize
3.1MB

MD5
366adbfed3fc212547a7f2189d1d1767

SHA1
39af6b05bc830c6a31ba2c7c4e8174200d2dfdc4

SHA256
bd11c302b719cafdc9af6d995668a7a2fde92fceab4c6b022f7421bfd70beb59

SHA512
13fcfd0aa868768207189304a8e12c5d65cfec7bd66e74810fcaaf73fbba6432e25d6fbb83a7dcf1b8bb26e6db0cbd17a27b06d4227399bd9e532f4bc1c36bbb

Download Submit
C:\Windows\System32\jfYLWmy.exe

Filesize
3.1MB

MD5
58e64369abfa154d064d86a076c16fd6

SHA1
d0e64e79f628f94c55dd0624a2ea6f098bbc8cae

SHA256
ef3fc0dd5ee9d4d18099580b476c71d347b490ef4f63c59b266534db4e3806ad

SHA512
5c0c9a080c9ec07df62a4baf8e786dcd9c17f599d2aedcf7c3352d9013084a8c7690b21822a570fe513e92d2c7b0928bebecbdd1f4a0175a6b6d8ff142c28ca1

Download Submit
C:\Windows\System32\kJIYeBJ.exe

Filesize
3.1MB

MD5
2bcbba4f8dbece6d2d0e91c8487fe634

SHA1
8a558810b1cf743d7c5448eddebbcd5f4d863329

SHA256
879c8ca5c3d41f17fa71bdbf73b2ec3ed5339a3a541a6ebad1f813096b91cd1b

SHA512
99f6afd37524ba775d1b2a1cb45b5fe7fad76e3c94e726dec44a2f5d55ff004ecf1e87f5e7241f79dfb70465360b599a01a13048180e654a6fd1ca998830724f

Download Submit
C:\Windows\System32\kTvxlSU.exe

Filesize
3.1MB

MD5
dfe454717dca3d93e709c3929adb0e76

SHA1
59c4f8a8b0459eba7f49ed3fce85dc5263dd7588

SHA256
e16c547d7d21dda5b81a6454dc90404efba4b6334883c1039e6517a8524edce2

SHA512
c29f0d0496b270b1906c8c35c7118407e902493df9e7170c63ef6b909a37539464b17f58f904c48956187df8f48e2a93ac312203fe135c95b5571b8e865abf6c

Download Submit
C:\Windows\System32\mUuvDvI.exe

Filesize
3.1MB

MD5
cd2a0bfc1b2ef61e6b3444e859b4f5cc

SHA1
3a98296d3f22f75b5ccf8dc1855f500609215317

SHA256
e5cf5f34372f6922b5484396820aad63479e5e31681002786cb00383a2a83495

SHA512
53f3993c76fba854d47b1333a514981819ef1c2a6e57acf7238b129db6a6bb6d5e882b638e0c83831a755a0599b3f16916aa37ac6f4871f0a9823fed89c0d8c5

Download Submit
C:\Windows\System32\miYUXww.exe

Filesize
3.1MB

MD5
169ba98e6a58409adcca5ff255b96dbb

SHA1
65bde1d55084d67ba5acd697da93a8088682d21c

SHA256
09278bef03057f8a8dc20d74dcb604b73632ad4b6347e0aaf190183d94894f24

SHA512
5cd77dc2eda1c8760eb616d3504cd1573073f3c6e3c5944a1adde92ea53b376eded8d7116297951c2af2de47aefd423215f0b994d0f2d061aa617fbad71f1318

Download Submit
C:\Windows\System32\pUCVyAr.exe

Filesize
3.1MB

MD5
c0ed3e6e0d5d89275d7cc9f1b1631264

SHA1
d526eb43fcd5b2d0645371bae95084f88bf7fdd9

SHA256
d7bd45aa701508a545a558ea7619e163ec11cac3a339253c54eda10d3ffe4ba9

SHA512
ac55c90b41efa1116ce47275f6535dff076f5e1a09b939854c6034eba35b8f021d1836f586a5f30d41c948df456199b93d53ee2f90937aee109e870f79c06d93

Download Submit
C:\Windows\System32\qdJvOfC.exe

Filesize
3.1MB

MD5
75f5c3998ee7a83a0f0640f85fb524d2

SHA1
5ef03f5282bfc5b6dd41df24c8c11b5f4f85bc7d

SHA256
8440bdaee14f0473a46f0188bc4c6efd62817be233d4aed547a4336ef47bd7bf

SHA512
abf9f7cf8c31237ea55fffc11ea0c8aad1d5b55a934f50cdeed43dbcc8d64bf17e2af21b629c961d3c7e0d889562d832c8a306e26be44eed46488e15a5d78e34

Download Submit
C:\Windows\System32\tipXLet.exe

Filesize
3.1MB

MD5
ac4488eadc8eb3ba49c54db4b8926616

SHA1
04b237c11a2f2daff11f878a259d0f55a25a09d0

SHA256
b2995fe9ec30b375061e353a3e1297509cde77e1ff9ffb5cf3ec8fdd309b2c77

SHA512
a4616d8034b5a2654cb89282573e4e336a64a60decf0cc8554e7762a48618a8e4ae44ba7634a222f6fc31c275cea9e87e27d6a8b01255b5e7509e08b60256622

Download Submit
C:\Windows\System32\uMtjZsi.exe

Filesize
3.1MB

MD5
d1e50fed5181e4839ba12a3db079fdde

SHA1
f6a70271f424af36a4e80e3c47e35e0db6198d56

SHA256
42bb8d729c63788d984b247816201182bc8e283899f7f118f5849f7aa2f219e2

SHA512
85b988d76ab2029e023a8aeeb560545fd5603e9e56966ae3317b39d782b0ac4b55f3c99d0c50e48a26348e9634624a7314faeb837ec719df86f563287ec9095b

Download Submit
C:\Windows\System32\vgwcSaM.exe

Filesize
3.1MB

MD5
6ff6602990e98cbe13b4615b868d51b4

SHA1
25fed68ad7b04ebcfc2c0838bab8fe2b28e90156

SHA256
7e799903827646405af358b871a460aabe747c463ce0c28bf27f9e92855f177c

SHA512
b669eb297942d34bbd4eaff4ef0894447a9fc660026d21e06abae7b0b60ba406edd0b15c68330101c653be955e7efd03d8e088d36cfa4038c583dac272a84516

Download Submit
C:\Windows\System32\vxgveWl.exe

Filesize
3.1MB

MD5
01502bac72895bfebccf2b6b3f516099

SHA1
674e22f3c7c9ebb3b9e2b66cfe52275a0f69071d

SHA256
ec465f71f638ee34554d6fcc7565beec6858f64b3522dc8725dcb2cef273fcf6

SHA512
595623b0dc611779f9cf59fc7597660b3660ec55a8edd01f145d106d1240bcad1802aa2e0a71eb60249ff644788922f049992670bd4479b36480a7ad89a5d6b1

Download Submit
C:\Windows\System32\xZkwHqb.exe

Filesize
3.1MB

MD5
cc68224d5be0c0912c3c1668bdc98195

SHA1
8764a2c4dca40f95844deecc9b942e14cc76b5b7

SHA256
0137ff77df339cbc3009ad1c85f0d978f881f9f129dd4e6e16acbbbd89b06c10

SHA512
68837e1a3b3e0b103eceeaf5b3876a5a2999217b2b577f13a542c9152276390e8a2a2d2ea0d93b0200ce885b96a416768239366de7d3d6863f277da3de63ccb7

Download Submit
C:\Windows\System32\yNBkOGb.exe

Filesize
3.1MB

MD5
0f666a5e52678fe141330ebc851109c2

SHA1
20059ebb0599bdec088a41707ed7f84bbad525bd

SHA256
4b7195b15958744bc7425320fd4be5086a908709db0b1d8b1216cfb50104dc78

SHA512
6e94c35b7d1e5c3c35f2fcda982d58715b4db3ecc67de011cf6f2305eed86fcbb452bd7cf5ae32d4ee8333546a37e85749e89b8a2b6edfdc0500e2a1ed7db3a0

Download Submit
memory/348-1362-0x00007FF79E3A0000-0x00007FF79E795000-memory.dmp

Filesize
4.0MB

Download
memory/348-0-0x00007FF79E3A0000-0x00007FF79E795000-memory.dmp

Filesize
4.0MB

Download
memory/348-1-0x000002B54C750000-0x000002B54C760000-memory.dmp

Filesize
64KB

Download
memory/844-2134-0x00007FF6A7780000-0x00007FF6A7B75000-memory.dmp

Filesize
4.0MB

Download
memory/844-943-0x00007FF6A7780000-0x00007FF6A7B75000-memory.dmp

Filesize
4.0MB

Download
memory/960-2135-0x00007FF7B5C90000-0x00007FF7B6085000-memory.dmp

Filesize
4.0MB

Download
memory/960-908-0x00007FF7B5C90000-0x00007FF7B6085000-memory.dmp

Filesize
4.0MB

Download
memory/1104-2133-0x00007FF628600000-0x00007FF6289F5000-memory.dmp

Filesize
4.0MB

Download
memory/1104-941-0x00007FF628600000-0x00007FF6289F5000-memory.dmp

Filesize
4.0MB

Download
memory/2800-2121-0x00007FF63EAA0000-0x00007FF63EE95000-memory.dmp

Filesize
4.0MB

Download
memory/2800-919-0x00007FF63EAA0000-0x00007FF63EE95000-memory.dmp

Filesize
4.0MB

Download
memory/3124-2130-0x00007FF7F1660000-0x00007FF7F1A55000-memory.dmp

Filesize
4.0MB

Download
memory/3124-946-0x00007FF7F1660000-0x00007FF7F1A55000-memory.dmp

Filesize
4.0MB

Download
memory/3348-2116-0x00007FF693640000-0x00007FF693A35000-memory.dmp

Filesize
4.0MB

Download
memory/3348-24-0x00007FF693640000-0x00007FF693A35000-memory.dmp

Filesize
4.0MB

Download
memory/3348-1818-0x00007FF693640000-0x00007FF693A35000-memory.dmp

Filesize
4.0MB

Download
memory/3476-846-0x00007FF7A4E70000-0x00007FF7A5265000-memory.dmp

Filesize
4.0MB

Download
memory/3476-2120-0x00007FF7A4E70000-0x00007FF7A5265000-memory.dmp

Filesize
4.0MB

Download
memory/3524-2114-0x00007FF607AC0000-0x00007FF607EB5000-memory.dmp

Filesize
4.0MB

Download
memory/3524-16-0x00007FF607AC0000-0x00007FF607EB5000-memory.dmp

Filesize
4.0MB

Download
memory/3524-1709-0x00007FF607AC0000-0x00007FF607EB5000-memory.dmp

Filesize
4.0MB

Download
memory/4176-886-0x00007FF7FEDA0000-0x00007FF7FF195000-memory.dmp

Filesize
4.0MB

Download
memory/4176-2122-0x00007FF7FEDA0000-0x00007FF7FF195000-memory.dmp

Filesize
4.0MB

Download
memory/4672-2129-0x00007FF7B5F00000-0x00007FF7B62F5000-memory.dmp

Filesize
4.0MB

Download
memory/4672-895-0x00007FF7B5F00000-0x00007FF7B62F5000-memory.dmp

Filesize
4.0MB

Download
memory/4712-2125-0x00007FF73FA50000-0x00007FF73FE45000-memory.dmp

Filesize
4.0MB

Download
memory/4712-889-0x00007FF73FA50000-0x00007FF73FE45000-memory.dmp

Filesize
4.0MB

Download
memory/4752-911-0x00007FF6B7F90000-0x00007FF6B8385000-memory.dmp

Filesize
4.0MB

Download
memory/4752-2126-0x00007FF6B7F90000-0x00007FF6B8385000-memory.dmp

Filesize
4.0MB

Download
memory/4788-2123-0x00007FF768CB0000-0x00007FF7690A5000-memory.dmp

Filesize
4.0MB

Download
memory/4788-909-0x00007FF768CB0000-0x00007FF7690A5000-memory.dmp

Filesize
4.0MB

Download
memory/4836-937-0x00007FF7936E0000-0x00007FF793AD5000-memory.dmp

Filesize
4.0MB

Download
memory/4836-2132-0x00007FF7936E0000-0x00007FF793AD5000-memory.dmp

Filesize
4.0MB

Download
memory/4896-924-0x00007FF7FBF20000-0x00007FF7FC315000-memory.dmp

Filesize
4.0MB

Download
memory/4896-2136-0x00007FF7FBF20000-0x00007FF7FC315000-memory.dmp

Filesize
4.0MB

Download
memory/5012-2131-0x00007FF6553F0000-0x00007FF6557E5000-memory.dmp

Filesize
4.0MB

Download
memory/5012-945-0x00007FF6553F0000-0x00007FF6557E5000-memory.dmp

Filesize
4.0MB

Download
memory/5500-843-0x00007FF71EEE0000-0x00007FF71F2D5000-memory.dmp

Filesize
4.0MB

Download
memory/5500-2118-0x00007FF71EEE0000-0x00007FF71F2D5000-memory.dmp

Filesize
4.0MB

Download
memory/5516-2127-0x00007FF7DE5F0000-0x00007FF7DE9E5000-memory.dmp

Filesize
4.0MB

Download
memory/5516-880-0x00007FF7DE5F0000-0x00007FF7DE9E5000-memory.dmp

Filesize
4.0MB

Download
memory/5524-2124-0x00007FF7B8FE0000-0x00007FF7B93D5000-memory.dmp

Filesize
4.0MB

Download
memory/5524-857-0x00007FF7B8FE0000-0x00007FF7B93D5000-memory.dmp

Filesize
4.0MB

Download
memory/5548-868-0x00007FF766B20000-0x00007FF766F15000-memory.dmp

Filesize
4.0MB

Download
memory/5548-2128-0x00007FF766B20000-0x00007FF766F15000-memory.dmp

Filesize
4.0MB

Download
memory/5584-6-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp

Filesize
4.0MB

Download
memory/5584-2113-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp

Filesize
4.0MB

Download
memory/5584-1365-0x00007FF7E1D40000-0x00007FF7E2135000-memory.dmp

Filesize
4.0MB

Download
memory/6088-1576-0x00007FF6A10E0000-0x00007FF6A14D5000-memory.dmp

Filesize
4.0MB

Download
memory/6088-14-0x00007FF6A10E0000-0x00007FF6A14D5000-memory.dmp

Filesize
4.0MB

Download
memory/6088-2115-0x00007FF6A10E0000-0x00007FF6A14D5000-memory.dmp

Filesize
4.0MB

Download
memory/6096-2119-0x00007FF70C380000-0x00007FF70C775000-memory.dmp

Filesize
4.0MB

Download
memory/6096-951-0x00007FF70C380000-0x00007FF70C775000-memory.dmp

Filesize
4.0MB

Download
memory/6124-2117-0x00007FF7F0B50000-0x00007FF7F0F45000-memory.dmp

Filesize
4.0MB

Download
memory/6124-1826-0x00007FF7F0B50000-0x00007FF7F0F45000-memory.dmp

Filesize
4.0MB

Download
memory/6124-837-0x00007FF7F0B50000-0x00007FF7F0F45000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads