xmrig | 0c1f668024e65270b6d09d48cbf7edb9b61b68bdfd0dbab16f18b20507d4522c

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
Size

2.6MB
MD5

5ef6dea88a179ecd97162f9493c51388
SHA1

115cc1fc16c7445533ce0ab1cc7758c42bbb4637
SHA256

0c1f668024e65270b6d09d48cbf7edb9b61b68bdfd0dbab16f18b20507d4522c
SHA512

a48a8f0d2f6654f1e14f60c553efbfc53c7365f13cfc6a7da74394eb9e9571795dc75c95da94a0aae14c5c5d2776e2d78fa8b5b3b600d6dcf5be2daf891c14ea
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8DzHUSuAVJT5:w0GnJMOWPClFdx6e0EALKWVTffZiPAch

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/5876-0-0x00007FF619DC0000-0x00007FF61A1B5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024271-21.dat	xmrig
behavioral1/files/0x000700000002426f-24.dat	xmrig
behavioral1/files/0x0007000000024270-29.dat	xmrig
behavioral1/files/0x0007000000024272-31.dat	xmrig
behavioral1/files/0x0007000000024273-40.dat	xmrig
behavioral1/memory/2072-47-0x00007FF783D50000-0x00007FF784145000-memory.dmp	xmrig
behavioral1/memory/2376-53-0x00007FF61FBD0000-0x00007FF61FFC5000-memory.dmp	xmrig
behavioral1/memory/4336-66-0x00007FF7E1450000-0x00007FF7E1845000-memory.dmp	xmrig
behavioral1/memory/4568-81-0x00007FF6648F0000-0x00007FF664CE5000-memory.dmp	xmrig
behavioral1/files/0x000700000002427a-94.dat	xmrig
behavioral1/memory/4864-102-0x00007FF620470000-0x00007FF620865000-memory.dmp	xmrig
behavioral1/files/0x000700000002427d-114.dat	xmrig
behavioral1/memory/5220-136-0x00007FF61CFD0000-0x00007FF61D3C5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024284-163.dat	xmrig
behavioral1/files/0x000700000002428b-191.dat	xmrig
behavioral1/files/0x000700000002428d-201.dat	xmrig
behavioral1/files/0x000700000002428c-199.dat	xmrig
behavioral1/files/0x000700000002428a-193.dat	xmrig
behavioral1/files/0x0007000000024289-185.dat	xmrig
behavioral1/files/0x0007000000024288-181.dat	xmrig
behavioral1/files/0x0007000000024287-175.dat	xmrig
behavioral1/files/0x0007000000024286-171.dat	xmrig
behavioral1/files/0x0007000000024285-168.dat	xmrig
behavioral1/memory/4972-160-0x00007FF7CEF10000-0x00007FF7CF305000-memory.dmp	xmrig
behavioral1/memory/4644-157-0x00007FF697B70000-0x00007FF697F65000-memory.dmp	xmrig
behavioral1/files/0x0007000000024283-156.dat	xmrig
behavioral1/memory/4776-153-0x00007FF7065F0000-0x00007FF7069E5000-memory.dmp	xmrig
behavioral1/memory/4568-150-0x00007FF6648F0000-0x00007FF664CE5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024282-149.dat	xmrig
behavioral1/memory/4840-146-0x00007FF64E840000-0x00007FF64EC35000-memory.dmp	xmrig
behavioral1/memory/2356-145-0x00007FF651460000-0x00007FF651855000-memory.dmp	xmrig
behavioral1/files/0x0007000000024281-142.dat	xmrig
behavioral1/memory/2132-139-0x00007FF6F3080000-0x00007FF6F3475000-memory.dmp	xmrig
behavioral1/files/0x0007000000024280-135.dat	xmrig
behavioral1/memory/5780-132-0x00007FF7A8700000-0x00007FF7A8AF5000-memory.dmp	xmrig
behavioral1/memory/5768-129-0x00007FF741D00000-0x00007FF7420F5000-memory.dmp	xmrig
behavioral1/files/0x000700000002427f-128.dat	xmrig
behavioral1/memory/3288-125-0x00007FF638650000-0x00007FF638A45000-memory.dmp	xmrig
behavioral1/memory/2376-122-0x00007FF61FBD0000-0x00007FF61FFC5000-memory.dmp	xmrig
behavioral1/files/0x000700000002427e-121.dat	xmrig
behavioral1/memory/5680-118-0x00007FF7BEC20000-0x00007FF7BF015000-memory.dmp	xmrig
behavioral1/memory/2072-115-0x00007FF783D50000-0x00007FF784145000-memory.dmp	xmrig
behavioral1/memory/5756-109-0x00007FF622430000-0x00007FF622825000-memory.dmp	xmrig
behavioral1/memory/5800-108-0x00007FF76D280000-0x00007FF76D675000-memory.dmp	xmrig
behavioral1/files/0x000700000002427c-107.dat	xmrig
behavioral1/memory/2112-101-0x00007FF6A5820000-0x00007FF6A5C15000-memory.dmp	xmrig
behavioral1/files/0x000700000002427b-100.dat	xmrig
behavioral1/memory/4692-95-0x00007FF697720000-0x00007FF697B15000-memory.dmp	xmrig
behavioral1/memory/4644-91-0x00007FF697B70000-0x00007FF697F65000-memory.dmp	xmrig
behavioral1/memory/2876-90-0x00007FF70ED10000-0x00007FF70F105000-memory.dmp	xmrig
behavioral1/memory/3536-89-0x00007FF622B80000-0x00007FF622F75000-memory.dmp	xmrig
behavioral1/files/0x0007000000024279-83.dat	xmrig
behavioral1/memory/4788-80-0x00007FF678F00000-0x00007FF6792F5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024278-79.dat	xmrig
behavioral1/memory/2356-76-0x00007FF651460000-0x00007FF651855000-memory.dmp	xmrig
behavioral1/files/0x0007000000024277-73.dat	xmrig
behavioral1/memory/5220-70-0x00007FF61CFD0000-0x00007FF61D3C5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024276-67.dat	xmrig
behavioral1/memory/5768-63-0x00007FF741D00000-0x00007FF7420F5000-memory.dmp	xmrig
behavioral1/memory/4124-61-0x00007FF797490000-0x00007FF797885000-memory.dmp	xmrig
behavioral1/memory/5876-60-0x00007FF619DC0000-0x00007FF61A1B5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024275-58.dat	xmrig
behavioral1/files/0x0007000000024274-52.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4124	nhWqfGd.exe
4336	ZEPSsov.exe
4788	xmVNVpk.exe
3536	JNHsdzk.exe
2876	QYWPXoj.exe
2112	GXdiQsC.exe
5800	LaOaWKL.exe
2072	pSNBhrn.exe
2376	sihggZd.exe
5768	EbrIlJw.exe
5220	HTYKNsk.exe
2356	jquTYPz.exe
4568	hKRUDmn.exe
4644	BvOaqjQ.exe
4692	AJdoEmK.exe
4864	sgeIYdN.exe
5756	ZLnGCTU.exe
5680	GCgqBui.exe
3288	ERogWlK.exe
5780	qdMKKsG.exe
2132	OXvyWiz.exe
4840	RpLQiOa.exe
4776	HTWpuxn.exe
4972	pWFRBCc.exe
3404	CLuFAWH.exe
1276	FdICuNe.exe
4044	QFYLdGU.exe
1272	vtjDidG.exe
2408	Iefudpl.exe
1512	ZinkWKj.exe
3724	VLQPYnI.exe
5376	hKKojps.exe
3908	hBsShzJ.exe
972	mrVesZY.exe
996	WqUyrFy.exe
2164	rwAjhCB.exe
2192	TzdQTzg.exe
5232	YPHRKPH.exe
1180	whPuRUb.exe
1564	asBcloi.exe
3984	dsJcytt.exe
5184	ERQAtIT.exe
4620	BcOlNns.exe
1640	NYIZESr.exe
1728	yCRzfBj.exe
6084	GnCLLvp.exe
1696	TvrVvcL.exe
756	qrtwqmK.exe
1256	fuVWzkp.exe
608	WCgJuSC.exe
544	RvlyiNo.exe
5292	gzKSOZi.exe
4912	Dgmgzey.exe
3440	yJUDXGd.exe
1040	XmImQed.exe
220	domPmKW.exe
1516	GkOpmbP.exe
4460	KcdaeIy.exe
4144	WnWlpdd.exe
5560	KDdKfOl.exe
3608	bqgJzPs.exe
3956	qncuGtu.exe
5892	rQXDaKr.exe
2860	tgTuDDE.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\VaRXPxw.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\fHSQqBn.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\WgOknYM.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\hyZwndO.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\hXtpAvj.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\XOVXvzJ.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\GGhRGXL.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\tgTuDDE.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\RWMbvGv.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\cmyGjgO.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\IxRmFdE.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\TAxLYpD.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\fhqvqIO.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\tLbVEkg.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\senMvBy.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\AfrvJHY.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\tbivPTT.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\vyIaoJB.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\nWOdexx.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\HblaglQ.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\ZQzvkqQ.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\EeEQvLC.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\jrfmocR.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\COfRJwf.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\XixOSTJ.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\PyNglZJ.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\YgaWJek.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\OXvyWiz.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\IVNKWMI.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\qDeeawv.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\wxdeBMH.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\mAhhAOL.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\YiJCbyr.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\entdMjI.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\LGTLASj.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\sihggZd.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\juNiJJs.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\DryzNXF.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\fykoFmL.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\rMWrosl.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\UoXSaTW.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\WWkAzYq.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\xLSvHXh.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\HXmbzbx.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\vrlRCpH.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\iiaEgCw.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\DyuGOAm.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\CgErOAO.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\fIjWKsB.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\XgbbABj.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\ciDfqhZ.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\hVtutcg.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\xAYcsTG.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\msBdEoX.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\wxcBrsg.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\GRLcIRr.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\GkOpmbP.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\vXvnbRD.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\EgzfrBG.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\qdMKKsG.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\WqUyrFy.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\ltnQalo.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\xWNDbGa.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
File created	C:\Windows\System32\kMiZaUJ.exe	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5876-0-0x00007FF619DC0000-0x00007FF61A1B5000-memory.dmp	upx
behavioral1/files/0x0007000000024271-21.dat	upx
behavioral1/files/0x000700000002426f-24.dat	upx
behavioral1/files/0x0007000000024270-29.dat	upx
behavioral1/files/0x0007000000024272-31.dat	upx
behavioral1/files/0x0007000000024273-40.dat	upx
behavioral1/memory/2072-47-0x00007FF783D50000-0x00007FF784145000-memory.dmp	upx
behavioral1/memory/2376-53-0x00007FF61FBD0000-0x00007FF61FFC5000-memory.dmp	upx
behavioral1/memory/4336-66-0x00007FF7E1450000-0x00007FF7E1845000-memory.dmp	upx
behavioral1/memory/4568-81-0x00007FF6648F0000-0x00007FF664CE5000-memory.dmp	upx
behavioral1/files/0x000700000002427a-94.dat	upx
behavioral1/memory/4864-102-0x00007FF620470000-0x00007FF620865000-memory.dmp	upx
behavioral1/files/0x000700000002427d-114.dat	upx
behavioral1/memory/5220-136-0x00007FF61CFD0000-0x00007FF61D3C5000-memory.dmp	upx
behavioral1/files/0x0007000000024284-163.dat	upx
behavioral1/files/0x000700000002428b-191.dat	upx
behavioral1/files/0x000700000002428d-201.dat	upx
behavioral1/files/0x000700000002428c-199.dat	upx
behavioral1/files/0x000700000002428a-193.dat	upx
behavioral1/files/0x0007000000024289-185.dat	upx
behavioral1/files/0x0007000000024288-181.dat	upx
behavioral1/files/0x0007000000024287-175.dat	upx
behavioral1/files/0x0007000000024286-171.dat	upx
behavioral1/files/0x0007000000024285-168.dat	upx
behavioral1/memory/4972-160-0x00007FF7CEF10000-0x00007FF7CF305000-memory.dmp	upx
behavioral1/memory/4644-157-0x00007FF697B70000-0x00007FF697F65000-memory.dmp	upx
behavioral1/files/0x0007000000024283-156.dat	upx
behavioral1/memory/4776-153-0x00007FF7065F0000-0x00007FF7069E5000-memory.dmp	upx
behavioral1/memory/4568-150-0x00007FF6648F0000-0x00007FF664CE5000-memory.dmp	upx
behavioral1/files/0x0007000000024282-149.dat	upx
behavioral1/memory/4840-146-0x00007FF64E840000-0x00007FF64EC35000-memory.dmp	upx
behavioral1/memory/2356-145-0x00007FF651460000-0x00007FF651855000-memory.dmp	upx
behavioral1/files/0x0007000000024281-142.dat	upx
behavioral1/memory/2132-139-0x00007FF6F3080000-0x00007FF6F3475000-memory.dmp	upx
behavioral1/files/0x0007000000024280-135.dat	upx
behavioral1/memory/5780-132-0x00007FF7A8700000-0x00007FF7A8AF5000-memory.dmp	upx
behavioral1/memory/5768-129-0x00007FF741D00000-0x00007FF7420F5000-memory.dmp	upx
behavioral1/files/0x000700000002427f-128.dat	upx
behavioral1/memory/3288-125-0x00007FF638650000-0x00007FF638A45000-memory.dmp	upx
behavioral1/memory/2376-122-0x00007FF61FBD0000-0x00007FF61FFC5000-memory.dmp	upx
behavioral1/files/0x000700000002427e-121.dat	upx
behavioral1/memory/5680-118-0x00007FF7BEC20000-0x00007FF7BF015000-memory.dmp	upx
behavioral1/memory/2072-115-0x00007FF783D50000-0x00007FF784145000-memory.dmp	upx
behavioral1/memory/5756-109-0x00007FF622430000-0x00007FF622825000-memory.dmp	upx
behavioral1/memory/5800-108-0x00007FF76D280000-0x00007FF76D675000-memory.dmp	upx
behavioral1/files/0x000700000002427c-107.dat	upx
behavioral1/memory/2112-101-0x00007FF6A5820000-0x00007FF6A5C15000-memory.dmp	upx
behavioral1/files/0x000700000002427b-100.dat	upx
behavioral1/memory/4692-95-0x00007FF697720000-0x00007FF697B15000-memory.dmp	upx
behavioral1/memory/4644-91-0x00007FF697B70000-0x00007FF697F65000-memory.dmp	upx
behavioral1/memory/2876-90-0x00007FF70ED10000-0x00007FF70F105000-memory.dmp	upx
behavioral1/memory/3536-89-0x00007FF622B80000-0x00007FF622F75000-memory.dmp	upx
behavioral1/files/0x0007000000024279-83.dat	upx
behavioral1/memory/4788-80-0x00007FF678F00000-0x00007FF6792F5000-memory.dmp	upx
behavioral1/files/0x0007000000024278-79.dat	upx
behavioral1/memory/2356-76-0x00007FF651460000-0x00007FF651855000-memory.dmp	upx
behavioral1/files/0x0007000000024277-73.dat	upx
behavioral1/memory/5220-70-0x00007FF61CFD0000-0x00007FF61D3C5000-memory.dmp	upx
behavioral1/files/0x0007000000024276-67.dat	upx
behavioral1/memory/5768-63-0x00007FF741D00000-0x00007FF7420F5000-memory.dmp	upx
behavioral1/memory/4124-61-0x00007FF797490000-0x00007FF797885000-memory.dmp	upx
behavioral1/memory/5876-60-0x00007FF619DC0000-0x00007FF61A1B5000-memory.dmp	upx
behavioral1/files/0x0007000000024275-58.dat	upx
behavioral1/files/0x0007000000024274-52.dat	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14264	dwm.exe
Token: SeChangeNotifyPrivilege	14264	dwm.exe
Token: 33	14264	dwm.exe
Token: SeIncBasePriorityPrivilege	14264	dwm.exe
Token: SeShutdownPrivilege	14264	dwm.exe
Token: SeCreatePagefilePrivilege	14264	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5876 wrote to memory of 4124	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	88
PID 5876 wrote to memory of 4124	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	88
PID 5876 wrote to memory of 4336	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	89
PID 5876 wrote to memory of 4336	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	89
PID 5876 wrote to memory of 4788	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	90
PID 5876 wrote to memory of 4788	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	90
PID 5876 wrote to memory of 3536	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	91
PID 5876 wrote to memory of 3536	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	91
PID 5876 wrote to memory of 2876	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	92
PID 5876 wrote to memory of 2876	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	92
PID 5876 wrote to memory of 2112	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	93
PID 5876 wrote to memory of 2112	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	93
PID 5876 wrote to memory of 5800	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	94
PID 5876 wrote to memory of 5800	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	94
PID 5876 wrote to memory of 2072	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	95
PID 5876 wrote to memory of 2072	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	95
PID 5876 wrote to memory of 2376	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	96
PID 5876 wrote to memory of 2376	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	96
PID 5876 wrote to memory of 5768	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	97
PID 5876 wrote to memory of 5768	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	97
PID 5876 wrote to memory of 5220	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	98
PID 5876 wrote to memory of 5220	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	98
PID 5876 wrote to memory of 2356	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	99
PID 5876 wrote to memory of 2356	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	99
PID 5876 wrote to memory of 4568	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	100
PID 5876 wrote to memory of 4568	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	100
PID 5876 wrote to memory of 4644	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	101
PID 5876 wrote to memory of 4644	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	101
PID 5876 wrote to memory of 4692	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	102
PID 5876 wrote to memory of 4692	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	102
PID 5876 wrote to memory of 4864	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	103
PID 5876 wrote to memory of 4864	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	103
PID 5876 wrote to memory of 5756	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	104
PID 5876 wrote to memory of 5756	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	104
PID 5876 wrote to memory of 5680	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	105
PID 5876 wrote to memory of 5680	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	105
PID 5876 wrote to memory of 3288	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	106
PID 5876 wrote to memory of 3288	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	106
PID 5876 wrote to memory of 5780	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	107
PID 5876 wrote to memory of 5780	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	107
PID 5876 wrote to memory of 2132	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	108
PID 5876 wrote to memory of 2132	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	108
PID 5876 wrote to memory of 4840	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	109
PID 5876 wrote to memory of 4840	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	109
PID 5876 wrote to memory of 4776	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	110
PID 5876 wrote to memory of 4776	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	110
PID 5876 wrote to memory of 4972	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	111
PID 5876 wrote to memory of 4972	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	111
PID 5876 wrote to memory of 3404	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	112
PID 5876 wrote to memory of 3404	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	112
PID 5876 wrote to memory of 1276	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	113
PID 5876 wrote to memory of 1276	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	113
PID 5876 wrote to memory of 4044	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	114
PID 5876 wrote to memory of 4044	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	114
PID 5876 wrote to memory of 1272	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	115
PID 5876 wrote to memory of 1272	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	115
PID 5876 wrote to memory of 2408	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	116
PID 5876 wrote to memory of 2408	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	116
PID 5876 wrote to memory of 1512	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	117
PID 5876 wrote to memory of 1512	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	117
PID 5876 wrote to memory of 3724	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	118
PID 5876 wrote to memory of 3724	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	118
PID 5876 wrote to memory of 5376	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	119
PID 5876 wrote to memory of 5376	5876	2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe	119

C:\Users\Admin\AppData\Local\Temp\2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_5ef6dea88a179ecd97162f9493c51388_black-basta_imuler_poison-ivy_xmrig.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:5876
- C:\Windows\System32\nhWqfGd.exe
  C:\Windows\System32\nhWqfGd.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System32\ZEPSsov.exe
  C:\Windows\System32\ZEPSsov.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System32\xmVNVpk.exe
  C:\Windows\System32\xmVNVpk.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System32\JNHsdzk.exe
  C:\Windows\System32\JNHsdzk.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System32\QYWPXoj.exe
  C:\Windows\System32\QYWPXoj.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System32\GXdiQsC.exe
  C:\Windows\System32\GXdiQsC.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System32\LaOaWKL.exe
  C:\Windows\System32\LaOaWKL.exe
  2⤵
  - Executes dropped EXE
  PID:5800
- C:\Windows\System32\pSNBhrn.exe
  C:\Windows\System32\pSNBhrn.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System32\sihggZd.exe
  C:\Windows\System32\sihggZd.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System32\EbrIlJw.exe
  C:\Windows\System32\EbrIlJw.exe
  2⤵
  - Executes dropped EXE
  PID:5768
- C:\Windows\System32\HTYKNsk.exe
  C:\Windows\System32\HTYKNsk.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System32\jquTYPz.exe
  C:\Windows\System32\jquTYPz.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System32\hKRUDmn.exe
  C:\Windows\System32\hKRUDmn.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System32\BvOaqjQ.exe
  C:\Windows\System32\BvOaqjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System32\AJdoEmK.exe
  C:\Windows\System32\AJdoEmK.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System32\sgeIYdN.exe
  C:\Windows\System32\sgeIYdN.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System32\ZLnGCTU.exe
  C:\Windows\System32\ZLnGCTU.exe
  2⤵
  - Executes dropped EXE
  PID:5756
- C:\Windows\System32\GCgqBui.exe
  C:\Windows\System32\GCgqBui.exe
  2⤵
  - Executes dropped EXE
  PID:5680
- C:\Windows\System32\ERogWlK.exe
  C:\Windows\System32\ERogWlK.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System32\qdMKKsG.exe
  C:\Windows\System32\qdMKKsG.exe
  2⤵
  - Executes dropped EXE
  PID:5780
- C:\Windows\System32\OXvyWiz.exe
  C:\Windows\System32\OXvyWiz.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System32\RpLQiOa.exe
  C:\Windows\System32\RpLQiOa.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System32\HTWpuxn.exe
  C:\Windows\System32\HTWpuxn.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System32\pWFRBCc.exe
  C:\Windows\System32\pWFRBCc.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System32\CLuFAWH.exe
  C:\Windows\System32\CLuFAWH.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System32\FdICuNe.exe
  C:\Windows\System32\FdICuNe.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System32\QFYLdGU.exe
  C:\Windows\System32\QFYLdGU.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System32\vtjDidG.exe
  C:\Windows\System32\vtjDidG.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System32\Iefudpl.exe
  C:\Windows\System32\Iefudpl.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System32\ZinkWKj.exe
  C:\Windows\System32\ZinkWKj.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System32\VLQPYnI.exe
  C:\Windows\System32\VLQPYnI.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System32\hKKojps.exe
  C:\Windows\System32\hKKojps.exe
  2⤵
  - Executes dropped EXE
  PID:5376
- C:\Windows\System32\hBsShzJ.exe
  C:\Windows\System32\hBsShzJ.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System32\mrVesZY.exe
  C:\Windows\System32\mrVesZY.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System32\WqUyrFy.exe
  C:\Windows\System32\WqUyrFy.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System32\rwAjhCB.exe
  C:\Windows\System32\rwAjhCB.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System32\TzdQTzg.exe
  C:\Windows\System32\TzdQTzg.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System32\YPHRKPH.exe
  C:\Windows\System32\YPHRKPH.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System32\whPuRUb.exe
  C:\Windows\System32\whPuRUb.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System32\asBcloi.exe
  C:\Windows\System32\asBcloi.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System32\dsJcytt.exe
  C:\Windows\System32\dsJcytt.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System32\ERQAtIT.exe
  C:\Windows\System32\ERQAtIT.exe
  2⤵
  - Executes dropped EXE
  PID:5184
- C:\Windows\System32\BcOlNns.exe
  C:\Windows\System32\BcOlNns.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System32\NYIZESr.exe
  C:\Windows\System32\NYIZESr.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System32\yCRzfBj.exe
  C:\Windows\System32\yCRzfBj.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System32\GnCLLvp.exe
  C:\Windows\System32\GnCLLvp.exe
  2⤵
  - Executes dropped EXE
  PID:6084
- C:\Windows\System32\TvrVvcL.exe
  C:\Windows\System32\TvrVvcL.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System32\qrtwqmK.exe
  C:\Windows\System32\qrtwqmK.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System32\fuVWzkp.exe
  C:\Windows\System32\fuVWzkp.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System32\WCgJuSC.exe
  C:\Windows\System32\WCgJuSC.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System32\RvlyiNo.exe
  C:\Windows\System32\RvlyiNo.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System32\gzKSOZi.exe
  C:\Windows\System32\gzKSOZi.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System32\Dgmgzey.exe
  C:\Windows\System32\Dgmgzey.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System32\yJUDXGd.exe
  C:\Windows\System32\yJUDXGd.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System32\XmImQed.exe
  C:\Windows\System32\XmImQed.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System32\domPmKW.exe
  C:\Windows\System32\domPmKW.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System32\GkOpmbP.exe
  C:\Windows\System32\GkOpmbP.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System32\KcdaeIy.exe
  C:\Windows\System32\KcdaeIy.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\WnWlpdd.exe
  C:\Windows\System32\WnWlpdd.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System32\KDdKfOl.exe
  C:\Windows\System32\KDdKfOl.exe
  2⤵
  - Executes dropped EXE
  PID:5560
- C:\Windows\System32\bqgJzPs.exe
  C:\Windows\System32\bqgJzPs.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System32\qncuGtu.exe
  C:\Windows\System32\qncuGtu.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System32\rQXDaKr.exe
  C:\Windows\System32\rQXDaKr.exe
  2⤵
  - Executes dropped EXE
  PID:5892
- C:\Windows\System32\tgTuDDE.exe
  C:\Windows\System32\tgTuDDE.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System32\jgHiBqt.exe
  C:\Windows\System32\jgHiBqt.exe
  2⤵
  PID:3360
- C:\Windows\System32\pNOtHFg.exe
  C:\Windows\System32\pNOtHFg.exe
  2⤵
  PID:3576
- C:\Windows\System32\qNbnijf.exe
  C:\Windows\System32\qNbnijf.exe
  2⤵
  PID:3016
- C:\Windows\System32\QRWOsoL.exe
  C:\Windows\System32\QRWOsoL.exe
  2⤵
  PID:6040
- C:\Windows\System32\XjSxPMy.exe
  C:\Windows\System32\XjSxPMy.exe
  2⤵
  PID:6064
- C:\Windows\System32\tmWQiZN.exe
  C:\Windows\System32\tmWQiZN.exe
  2⤵
  PID:5928
- C:\Windows\System32\zINsMnm.exe
  C:\Windows\System32\zINsMnm.exe
  2⤵
  PID:5724
- C:\Windows\System32\TevYbOe.exe
  C:\Windows\System32\TevYbOe.exe
  2⤵
  PID:2412
- C:\Windows\System32\TFccGYh.exe
  C:\Windows\System32\TFccGYh.exe
  2⤵
  PID:4724
- C:\Windows\System32\DyXqWvC.exe
  C:\Windows\System32\DyXqWvC.exe
  2⤵
  PID:3868
- C:\Windows\System32\jrfmocR.exe
  C:\Windows\System32\jrfmocR.exe
  2⤵
  PID:5032
- C:\Windows\System32\yHgeiPV.exe
  C:\Windows\System32\yHgeiPV.exe
  2⤵
  PID:5644
- C:\Windows\System32\NwZRLcy.exe
  C:\Windows\System32\NwZRLcy.exe
  2⤵
  PID:5916
- C:\Windows\System32\Dugfbuv.exe
  C:\Windows\System32\Dugfbuv.exe
  2⤵
  PID:4436
- C:\Windows\System32\qFxnLPj.exe
  C:\Windows\System32\qFxnLPj.exe
  2⤵
  PID:3176
- C:\Windows\System32\LiZhacf.exe
  C:\Windows\System32\LiZhacf.exe
  2⤵
  PID:3372
- C:\Windows\System32\JFufzvZ.exe
  C:\Windows\System32\JFufzvZ.exe
  2⤵
  PID:2792
- C:\Windows\System32\FTVGxfO.exe
  C:\Windows\System32\FTVGxfO.exe
  2⤵
  PID:2924
- C:\Windows\System32\KOVpFlH.exe
  C:\Windows\System32\KOVpFlH.exe
  2⤵
  PID:5488
- C:\Windows\System32\wSgjGeD.exe
  C:\Windows\System32\wSgjGeD.exe
  2⤵
  PID:2488
- C:\Windows\System32\mkPPtyY.exe
  C:\Windows\System32\mkPPtyY.exe
  2⤵
  PID:4664
- C:\Windows\System32\hwGbzfK.exe
  C:\Windows\System32\hwGbzfK.exe
  2⤵
  PID:5772
- C:\Windows\System32\ktQYkOE.exe
  C:\Windows\System32\ktQYkOE.exe
  2⤵
  PID:1444
- C:\Windows\System32\CygBENr.exe
  C:\Windows\System32\CygBENr.exe
  2⤵
  PID:4828
- C:\Windows\System32\jPWrxqR.exe
  C:\Windows\System32\jPWrxqR.exe
  2⤵
  PID:4964
- C:\Windows\System32\IVNKWMI.exe
  C:\Windows\System32\IVNKWMI.exe
  2⤵
  PID:5432
- C:\Windows\System32\PhgIBot.exe
  C:\Windows\System32\PhgIBot.exe
  2⤵
  PID:828
- C:\Windows\System32\qLZcjrW.exe
  C:\Windows\System32\qLZcjrW.exe
  2⤵
  PID:624
- C:\Windows\System32\jzYxbDQ.exe
  C:\Windows\System32\jzYxbDQ.exe
  2⤵
  PID:880
- C:\Windows\System32\FNOTuWE.exe
  C:\Windows\System32\FNOTuWE.exe
  2⤵
  PID:2104
- C:\Windows\System32\zWXHica.exe
  C:\Windows\System32\zWXHica.exe
  2⤵
  PID:4204
- C:\Windows\System32\ZPiKlEs.exe
  C:\Windows\System32\ZPiKlEs.exe
  2⤵
  PID:1208
- C:\Windows\System32\fIjWKsB.exe
  C:\Windows\System32\fIjWKsB.exe
  2⤵
  PID:5640
- C:\Windows\System32\SmQcPMm.exe
  C:\Windows\System32\SmQcPMm.exe
  2⤵
  PID:408
- C:\Windows\System32\vzTdExS.exe
  C:\Windows\System32\vzTdExS.exe
  2⤵
  PID:3876
- C:\Windows\System32\xISlUwI.exe
  C:\Windows\System32\xISlUwI.exe
  2⤵
  PID:5952
- C:\Windows\System32\DdnoVwm.exe
  C:\Windows\System32\DdnoVwm.exe
  2⤵
  PID:5412
- C:\Windows\System32\SbffIBn.exe
  C:\Windows\System32\SbffIBn.exe
  2⤵
  PID:3668
- C:\Windows\System32\UBfhsDc.exe
  C:\Windows\System32\UBfhsDc.exe
  2⤵
  PID:5536
- C:\Windows\System32\jWLjLKe.exe
  C:\Windows\System32\jWLjLKe.exe
  2⤵
  PID:3516
- C:\Windows\System32\uFWIYTb.exe
  C:\Windows\System32\uFWIYTb.exe
  2⤵
  PID:768
- C:\Windows\System32\BsugpCJ.exe
  C:\Windows\System32\BsugpCJ.exe
  2⤵
  PID:2872
- C:\Windows\System32\qDeeawv.exe
  C:\Windows\System32\qDeeawv.exe
  2⤵
  PID:5056
- C:\Windows\System32\wwQxAuL.exe
  C:\Windows\System32\wwQxAuL.exe
  2⤵
  PID:6092
- C:\Windows\System32\SZksEJL.exe
  C:\Windows\System32\SZksEJL.exe
  2⤵
  PID:6112
- C:\Windows\System32\JMaQilG.exe
  C:\Windows\System32\JMaQilG.exe
  2⤵
  PID:660
- C:\Windows\System32\jPCXCvN.exe
  C:\Windows\System32\jPCXCvN.exe
  2⤵
  PID:5320
- C:\Windows\System32\aZbsLqP.exe
  C:\Windows\System32\aZbsLqP.exe
  2⤵
  PID:3416
- C:\Windows\System32\xMXmTFS.exe
  C:\Windows\System32\xMXmTFS.exe
  2⤵
  PID:1928
- C:\Windows\System32\UwMEaqz.exe
  C:\Windows\System32\UwMEaqz.exe
  2⤵
  PID:2352
- C:\Windows\System32\fNbjOzm.exe
  C:\Windows\System32\fNbjOzm.exe
  2⤵
  PID:4604
- C:\Windows\System32\wxdeBMH.exe
  C:\Windows\System32\wxdeBMH.exe
  2⤵
  PID:1004
- C:\Windows\System32\UstvZCG.exe
  C:\Windows\System32\UstvZCG.exe
  2⤵
  PID:1476
- C:\Windows\System32\ksTFwwe.exe
  C:\Windows\System32\ksTFwwe.exe
  2⤵
  PID:3968
- C:\Windows\System32\RzXnnmM.exe
  C:\Windows\System32\RzXnnmM.exe
  2⤵
  PID:3732
- C:\Windows\System32\dSiueTB.exe
  C:\Windows\System32\dSiueTB.exe
  2⤵
  PID:1964
- C:\Windows\System32\nyyvher.exe
  C:\Windows\System32\nyyvher.exe
  2⤵
  PID:2776
- C:\Windows\System32\LEhMIjw.exe
  C:\Windows\System32\LEhMIjw.exe
  2⤵
  PID:3556
- C:\Windows\System32\HKIUIyV.exe
  C:\Windows\System32\HKIUIyV.exe
  2⤵
  PID:4252
- C:\Windows\System32\LzbjeHM.exe
  C:\Windows\System32\LzbjeHM.exe
  2⤵
  PID:6160
- C:\Windows\System32\ShVbJsQ.exe
  C:\Windows\System32\ShVbJsQ.exe
  2⤵
  PID:6188
- C:\Windows\System32\iYkpgsR.exe
  C:\Windows\System32\iYkpgsR.exe
  2⤵
  PID:6216
- C:\Windows\System32\ITEeEwJ.exe
  C:\Windows\System32\ITEeEwJ.exe
  2⤵
  PID:6244
- C:\Windows\System32\mAhhAOL.exe
  C:\Windows\System32\mAhhAOL.exe
  2⤵
  PID:6272
- C:\Windows\System32\UnxNaVh.exe
  C:\Windows\System32\UnxNaVh.exe
  2⤵
  PID:6300
- C:\Windows\System32\EleYHrn.exe
  C:\Windows\System32\EleYHrn.exe
  2⤵
  PID:6328
- C:\Windows\System32\erqGrJc.exe
  C:\Windows\System32\erqGrJc.exe
  2⤵
  PID:6356
- C:\Windows\System32\FlwjuPN.exe
  C:\Windows\System32\FlwjuPN.exe
  2⤵
  PID:6384
- C:\Windows\System32\gkjKvJH.exe
  C:\Windows\System32\gkjKvJH.exe
  2⤵
  PID:6412
- C:\Windows\System32\CeJRgRN.exe
  C:\Windows\System32\CeJRgRN.exe
  2⤵
  PID:6440
- C:\Windows\System32\UXuEJWt.exe
  C:\Windows\System32\UXuEJWt.exe
  2⤵
  PID:6468
- C:\Windows\System32\QhNLyKy.exe
  C:\Windows\System32\QhNLyKy.exe
  2⤵
  PID:6496
- C:\Windows\System32\wcadede.exe
  C:\Windows\System32\wcadede.exe
  2⤵
  PID:6524
- C:\Windows\System32\CxeDllf.exe
  C:\Windows\System32\CxeDllf.exe
  2⤵
  PID:6552
- C:\Windows\System32\CJdJPtn.exe
  C:\Windows\System32\CJdJPtn.exe
  2⤵
  PID:6580
- C:\Windows\System32\RWMbvGv.exe
  C:\Windows\System32\RWMbvGv.exe
  2⤵
  PID:6608
- C:\Windows\System32\dgkONer.exe
  C:\Windows\System32\dgkONer.exe
  2⤵
  PID:6632
- C:\Windows\System32\yBFuHHy.exe
  C:\Windows\System32\yBFuHHy.exe
  2⤵
  PID:6664
- C:\Windows\System32\SaPwlvV.exe
  C:\Windows\System32\SaPwlvV.exe
  2⤵
  PID:6692
- C:\Windows\System32\UjaHRAO.exe
  C:\Windows\System32\UjaHRAO.exe
  2⤵
  PID:6720
- C:\Windows\System32\zzTavpK.exe
  C:\Windows\System32\zzTavpK.exe
  2⤵
  PID:6748
- C:\Windows\System32\nWOdexx.exe
  C:\Windows\System32\nWOdexx.exe
  2⤵
  PID:6776
- C:\Windows\System32\TdTbWCS.exe
  C:\Windows\System32\TdTbWCS.exe
  2⤵
  PID:6804
- C:\Windows\System32\GkGSpfp.exe
  C:\Windows\System32\GkGSpfp.exe
  2⤵
  PID:6832
- C:\Windows\System32\KgDhuKk.exe
  C:\Windows\System32\KgDhuKk.exe
  2⤵
  PID:6860
- C:\Windows\System32\tfzYwjn.exe
  C:\Windows\System32\tfzYwjn.exe
  2⤵
  PID:6900
- C:\Windows\System32\bIVNNmt.exe
  C:\Windows\System32\bIVNNmt.exe
  2⤵
  PID:6916
- C:\Windows\System32\SUPcldX.exe
  C:\Windows\System32\SUPcldX.exe
  2⤵
  PID:6944
- C:\Windows\System32\COfRJwf.exe
  C:\Windows\System32\COfRJwf.exe
  2⤵
  PID:6972
- C:\Windows\System32\ONjRCUJ.exe
  C:\Windows\System32\ONjRCUJ.exe
  2⤵
  PID:7000
- C:\Windows\System32\iMdBLxI.exe
  C:\Windows\System32\iMdBLxI.exe
  2⤵
  PID:7024
- C:\Windows\System32\vSVaYiG.exe
  C:\Windows\System32\vSVaYiG.exe
  2⤵
  PID:7056
- C:\Windows\System32\dHojOBI.exe
  C:\Windows\System32\dHojOBI.exe
  2⤵
  PID:7084
- C:\Windows\System32\dtqymMR.exe
  C:\Windows\System32\dtqymMR.exe
  2⤵
  PID:7108
- C:\Windows\System32\LeDAXPx.exe
  C:\Windows\System32\LeDAXPx.exe
  2⤵
  PID:7152
- C:\Windows\System32\QDCbtLD.exe
  C:\Windows\System32\QDCbtLD.exe
  2⤵
  PID:4496
- C:\Windows\System32\TghnfsZ.exe
  C:\Windows\System32\TghnfsZ.exe
  2⤵
  PID:3368
- C:\Windows\System32\VnsvgsO.exe
  C:\Windows\System32\VnsvgsO.exe
  2⤵
  PID:2544
- C:\Windows\System32\vGNnuxV.exe
  C:\Windows\System32\vGNnuxV.exe
  2⤵
  PID:1228
- C:\Windows\System32\YxnMWcm.exe
  C:\Windows\System32\YxnMWcm.exe
  2⤵
  PID:4212
- C:\Windows\System32\KlpbYde.exe
  C:\Windows\System32\KlpbYde.exe
  2⤵
  PID:4940
- C:\Windows\System32\BMhiezj.exe
  C:\Windows\System32\BMhiezj.exe
  2⤵
  PID:3932
- C:\Windows\System32\aaxSjax.exe
  C:\Windows\System32\aaxSjax.exe
  2⤵
  PID:2128
- C:\Windows\System32\cSVljsk.exe
  C:\Windows\System32\cSVljsk.exe
  2⤵
  PID:6152
- C:\Windows\System32\jXduaXV.exe
  C:\Windows\System32\jXduaXV.exe
  2⤵
  PID:6236
- C:\Windows\System32\pWAsipk.exe
  C:\Windows\System32\pWAsipk.exe
  2⤵
  PID:6284
- C:\Windows\System32\LwvHLFV.exe
  C:\Windows\System32\LwvHLFV.exe
  2⤵
  PID:6348
- C:\Windows\System32\FdNnWYv.exe
  C:\Windows\System32\FdNnWYv.exe
  2⤵
  PID:6420
- C:\Windows\System32\JPndOGe.exe
  C:\Windows\System32\JPndOGe.exe
  2⤵
  PID:6508
- C:\Windows\System32\cuQcbmr.exe
  C:\Windows\System32\cuQcbmr.exe
  2⤵
  PID:6544
- C:\Windows\System32\NwXeIQP.exe
  C:\Windows\System32\NwXeIQP.exe
  2⤵
  PID:6616
- C:\Windows\System32\NSxzNaZ.exe
  C:\Windows\System32\NSxzNaZ.exe
  2⤵
  PID:6676
- C:\Windows\System32\xLvXjxr.exe
  C:\Windows\System32\xLvXjxr.exe
  2⤵
  PID:6740
- C:\Windows\System32\mVlowWP.exe
  C:\Windows\System32\mVlowWP.exe
  2⤵
  PID:6812
- C:\Windows\System32\LaZgUGq.exe
  C:\Windows\System32\LaZgUGq.exe
  2⤵
  PID:6872
- C:\Windows\System32\lLbrgGl.exe
  C:\Windows\System32\lLbrgGl.exe
  2⤵
  PID:6936
- C:\Windows\System32\tsLnYaB.exe
  C:\Windows\System32\tsLnYaB.exe
  2⤵
  PID:7008
- C:\Windows\System32\krohQhv.exe
  C:\Windows\System32\krohQhv.exe
  2⤵
  PID:7068
- C:\Windows\System32\wYxdydX.exe
  C:\Windows\System32\wYxdydX.exe
  2⤵
  PID:7116
- C:\Windows\System32\YiJCbyr.exe
  C:\Windows\System32\YiJCbyr.exe
  2⤵
  PID:6004
- C:\Windows\System32\WMsGyrX.exe
  C:\Windows\System32\WMsGyrX.exe
  2⤵
  PID:5720
- C:\Windows\System32\entdMjI.exe
  C:\Windows\System32\entdMjI.exe
  2⤵
  PID:5924
- C:\Windows\System32\XgbbABj.exe
  C:\Windows\System32\XgbbABj.exe
  2⤵
  PID:6172
- C:\Windows\System32\YwUCkiq.exe
  C:\Windows\System32\YwUCkiq.exe
  2⤵
  PID:6336
- C:\Windows\System32\UWNZIhy.exe
  C:\Windows\System32\UWNZIhy.exe
  2⤵
  PID:6448
- C:\Windows\System32\juNiJJs.exe
  C:\Windows\System32\juNiJJs.exe
  2⤵
  PID:7180
- C:\Windows\System32\GUsaINY.exe
  C:\Windows\System32\GUsaINY.exe
  2⤵
  PID:7212
- C:\Windows\System32\PzLgGaY.exe
  C:\Windows\System32\PzLgGaY.exe
  2⤵
  PID:7236
- C:\Windows\System32\KjWdyWd.exe
  C:\Windows\System32\KjWdyWd.exe
  2⤵
  PID:7272
- C:\Windows\System32\DTayQxE.exe
  C:\Windows\System32\DTayQxE.exe
  2⤵
  PID:7304
- C:\Windows\System32\ljJUhII.exe
  C:\Windows\System32\ljJUhII.exe
  2⤵
  PID:7320
- C:\Windows\System32\enABzww.exe
  C:\Windows\System32\enABzww.exe
  2⤵
  PID:7344
- C:\Windows\System32\FMfTpHf.exe
  C:\Windows\System32\FMfTpHf.exe
  2⤵
  PID:7376
- C:\Windows\System32\DryzNXF.exe
  C:\Windows\System32\DryzNXF.exe
  2⤵
  PID:7404
- C:\Windows\System32\XixOSTJ.exe
  C:\Windows\System32\XixOSTJ.exe
  2⤵
  PID:7428
- C:\Windows\System32\gvsVjGx.exe
  C:\Windows\System32\gvsVjGx.exe
  2⤵
  PID:7460
- C:\Windows\System32\HkGsuFu.exe
  C:\Windows\System32\HkGsuFu.exe
  2⤵
  PID:7488
- C:\Windows\System32\DyPhEAl.exe
  C:\Windows\System32\DyPhEAl.exe
  2⤵
  PID:7516
- C:\Windows\System32\UFocXSI.exe
  C:\Windows\System32\UFocXSI.exe
  2⤵
  PID:7544
- C:\Windows\System32\CBmxyca.exe
  C:\Windows\System32\CBmxyca.exe
  2⤵
  PID:7572
- C:\Windows\System32\vXvnbRD.exe
  C:\Windows\System32\vXvnbRD.exe
  2⤵
  PID:7612
- C:\Windows\System32\HidaCXV.exe
  C:\Windows\System32\HidaCXV.exe
  2⤵
  PID:7640
- C:\Windows\System32\mLDWyRe.exe
  C:\Windows\System32\mLDWyRe.exe
  2⤵
  PID:7656
- C:\Windows\System32\VnyQVME.exe
  C:\Windows\System32\VnyQVME.exe
  2⤵
  PID:7684
- C:\Windows\System32\taHiqiP.exe
  C:\Windows\System32\taHiqiP.exe
  2⤵
  PID:7708
- C:\Windows\System32\IcashrF.exe
  C:\Windows\System32\IcashrF.exe
  2⤵
  PID:7740
- C:\Windows\System32\TvxXgzD.exe
  C:\Windows\System32\TvxXgzD.exe
  2⤵
  PID:7764
- C:\Windows\System32\OaXmzeT.exe
  C:\Windows\System32\OaXmzeT.exe
  2⤵
  PID:7796
- C:\Windows\System32\YHQVEre.exe
  C:\Windows\System32\YHQVEre.exe
  2⤵
  PID:7824
- C:\Windows\System32\fHvHkNI.exe
  C:\Windows\System32\fHvHkNI.exe
  2⤵
  PID:7864
- C:\Windows\System32\qXnclwT.exe
  C:\Windows\System32\qXnclwT.exe
  2⤵
  PID:7880
- C:\Windows\System32\ciDfqhZ.exe
  C:\Windows\System32\ciDfqhZ.exe
  2⤵
  PID:7908
- C:\Windows\System32\ZHqissq.exe
  C:\Windows\System32\ZHqissq.exe
  2⤵
  PID:7948
- C:\Windows\System32\TetIUMo.exe
  C:\Windows\System32\TetIUMo.exe
  2⤵
  PID:7964
- C:\Windows\System32\MlGeOwm.exe
  C:\Windows\System32\MlGeOwm.exe
  2⤵
  PID:7992
- C:\Windows\System32\uVCucZb.exe
  C:\Windows\System32\uVCucZb.exe
  2⤵
  PID:8020
- C:\Windows\System32\mysAlJn.exe
  C:\Windows\System32\mysAlJn.exe
  2⤵
  PID:8048
- C:\Windows\System32\TFFYNge.exe
  C:\Windows\System32\TFFYNge.exe
  2⤵
  PID:8076
- C:\Windows\System32\UjCDTRX.exe
  C:\Windows\System32\UjCDTRX.exe
  2⤵
  PID:8100
- C:\Windows\System32\fpvQNmX.exe
  C:\Windows\System32\fpvQNmX.exe
  2⤵
  PID:8132
- C:\Windows\System32\cghuTPl.exe
  C:\Windows\System32\cghuTPl.exe
  2⤵
  PID:8156
- C:\Windows\System32\PPUxBBA.exe
  C:\Windows\System32\PPUxBBA.exe
  2⤵
  PID:8188
- C:\Windows\System32\twUNdjt.exe
  C:\Windows\System32\twUNdjt.exe
  2⤵
  PID:6728
- C:\Windows\System32\QeiNOjJ.exe
  C:\Windows\System32\QeiNOjJ.exe
  2⤵
  PID:6824
- C:\Windows\System32\VBcWYnN.exe
  C:\Windows\System32\VBcWYnN.exe
  2⤵
  PID:6952
- C:\Windows\System32\xppnWaH.exe
  C:\Windows\System32\xppnWaH.exe
  2⤵
  PID:7132
- C:\Windows\System32\ZrtoJTz.exe
  C:\Windows\System32\ZrtoJTz.exe
  2⤵
  PID:3628
- C:\Windows\System32\jxkrQyD.exe
  C:\Windows\System32\jxkrQyD.exe
  2⤵
  PID:6252
- C:\Windows\System32\qpSKvfg.exe
  C:\Windows\System32\qpSKvfg.exe
  2⤵
  PID:7192
- C:\Windows\System32\wmKfcAK.exe
  C:\Windows\System32\wmKfcAK.exe
  2⤵
  PID:7228
- C:\Windows\System32\GkgLmmA.exe
  C:\Windows\System32\GkgLmmA.exe
  2⤵
  PID:7296
- C:\Windows\System32\eGAmIJg.exe
  C:\Windows\System32\eGAmIJg.exe
  2⤵
  PID:7360
- C:\Windows\System32\rTzhxza.exe
  C:\Windows\System32\rTzhxza.exe
  2⤵
  PID:7424
- C:\Windows\System32\lQwJkRl.exe
  C:\Windows\System32\lQwJkRl.exe
  2⤵
  PID:7496
- C:\Windows\System32\MuSvNzQ.exe
  C:\Windows\System32\MuSvNzQ.exe
  2⤵
  PID:5248
- C:\Windows\System32\ntvGbfm.exe
  C:\Windows\System32\ntvGbfm.exe
  2⤵
  PID:7604
- C:\Windows\System32\WWGPRos.exe
  C:\Windows\System32\WWGPRos.exe
  2⤵
  PID:7664
- C:\Windows\System32\KJmSXOM.exe
  C:\Windows\System32\KJmSXOM.exe
  2⤵
  PID:7724
- C:\Windows\System32\zezxGNo.exe
  C:\Windows\System32\zezxGNo.exe
  2⤵
  PID:7772
- C:\Windows\System32\ctybmum.exe
  C:\Windows\System32\ctybmum.exe
  2⤵
  PID:7856
- C:\Windows\System32\WSyhdwW.exe
  C:\Windows\System32\WSyhdwW.exe
  2⤵
  PID:7928
- C:\Windows\System32\QAamvZA.exe
  C:\Windows\System32\QAamvZA.exe
  2⤵
  PID:7984
- C:\Windows\System32\FlAUvfz.exe
  C:\Windows\System32\FlAUvfz.exe
  2⤵
  PID:8032
- C:\Windows\System32\Wowtugi.exe
  C:\Windows\System32\Wowtugi.exe
  2⤵
  PID:8108
- C:\Windows\System32\ujhEDLb.exe
  C:\Windows\System32\ujhEDLb.exe
  2⤵
  PID:8172
- C:\Windows\System32\dkNWUnC.exe
  C:\Windows\System32\dkNWUnC.exe
  2⤵
  PID:6760
- C:\Windows\System32\ztRyBbf.exe
  C:\Windows\System32\ztRyBbf.exe
  2⤵
  PID:1936
- C:\Windows\System32\vmvjaLY.exe
  C:\Windows\System32\vmvjaLY.exe
  2⤵
  PID:6480
- C:\Windows\System32\AKROxaa.exe
  C:\Windows\System32\AKROxaa.exe
  2⤵
  PID:7256
- C:\Windows\System32\dxBwGNz.exe
  C:\Windows\System32\dxBwGNz.exe
  2⤵
  PID:7444
- C:\Windows\System32\hBNDUYP.exe
  C:\Windows\System32\hBNDUYP.exe
  2⤵
  PID:7508
- C:\Windows\System32\rtdLBmQ.exe
  C:\Windows\System32\rtdLBmQ.exe
  2⤵
  PID:7632
- C:\Windows\System32\VntTuvF.exe
  C:\Windows\System32\VntTuvF.exe
  2⤵
  PID:7788
- C:\Windows\System32\oVKArrr.exe
  C:\Windows\System32\oVKArrr.exe
  2⤵
  PID:8216
- C:\Windows\System32\wPINlQu.exe
  C:\Windows\System32\wPINlQu.exe
  2⤵
  PID:8244
- C:\Windows\System32\RsaRMJC.exe
  C:\Windows\System32\RsaRMJC.exe
  2⤵
  PID:8272
- C:\Windows\System32\JLEMvtU.exe
  C:\Windows\System32\JLEMvtU.exe
  2⤵
  PID:8296
- C:\Windows\System32\CMBXpkx.exe
  C:\Windows\System32\CMBXpkx.exe
  2⤵
  PID:8328
- C:\Windows\System32\GuKBlUk.exe
  C:\Windows\System32\GuKBlUk.exe
  2⤵
  PID:8352
- C:\Windows\System32\TXebwrC.exe
  C:\Windows\System32\TXebwrC.exe
  2⤵
  PID:8384
- C:\Windows\System32\ulwZAMK.exe
  C:\Windows\System32\ulwZAMK.exe
  2⤵
  PID:8408
- C:\Windows\System32\QOvqhse.exe
  C:\Windows\System32\QOvqhse.exe
  2⤵
  PID:8440
- C:\Windows\System32\NJmalwG.exe
  C:\Windows\System32\NJmalwG.exe
  2⤵
  PID:8468
- C:\Windows\System32\UZPaxYc.exe
  C:\Windows\System32\UZPaxYc.exe
  2⤵
  PID:8496
- C:\Windows\System32\JNenLtQ.exe
  C:\Windows\System32\JNenLtQ.exe
  2⤵
  PID:8524
- C:\Windows\System32\MSSYFOV.exe
  C:\Windows\System32\MSSYFOV.exe
  2⤵
  PID:8548
- C:\Windows\System32\PJNmbSU.exe
  C:\Windows\System32\PJNmbSU.exe
  2⤵
  PID:8580
- C:\Windows\System32\guGhPOg.exe
  C:\Windows\System32\guGhPOg.exe
  2⤵
  PID:8608
- C:\Windows\System32\dGkoMWc.exe
  C:\Windows\System32\dGkoMWc.exe
  2⤵
  PID:8632
- C:\Windows\System32\EZnHsac.exe
  C:\Windows\System32\EZnHsac.exe
  2⤵
  PID:8664
- C:\Windows\System32\TIfEWta.exe
  C:\Windows\System32\TIfEWta.exe
  2⤵
  PID:8692
- C:\Windows\System32\fllMQAI.exe
  C:\Windows\System32\fllMQAI.exe
  2⤵
  PID:8720
- C:\Windows\System32\KcFmzdu.exe
  C:\Windows\System32\KcFmzdu.exe
  2⤵
  PID:8748
- C:\Windows\System32\KoZjblh.exe
  C:\Windows\System32\KoZjblh.exe
  2⤵
  PID:8772
- C:\Windows\System32\rfclMps.exe
  C:\Windows\System32\rfclMps.exe
  2⤵
  PID:8804
- C:\Windows\System32\WyKSxmm.exe
  C:\Windows\System32\WyKSxmm.exe
  2⤵
  PID:8832
- C:\Windows\System32\lwMAfUc.exe
  C:\Windows\System32\lwMAfUc.exe
  2⤵
  PID:8872
- C:\Windows\System32\YnAXDlW.exe
  C:\Windows\System32\YnAXDlW.exe
  2⤵
  PID:8888
- C:\Windows\System32\cFGCBvZ.exe
  C:\Windows\System32\cFGCBvZ.exe
  2⤵
  PID:8916
- C:\Windows\System32\dhikeir.exe
  C:\Windows\System32\dhikeir.exe
  2⤵
  PID:8944
- C:\Windows\System32\CLsaqZs.exe
  C:\Windows\System32\CLsaqZs.exe
  2⤵
  PID:8968
- C:\Windows\System32\GaBHncT.exe
  C:\Windows\System32\GaBHncT.exe
  2⤵
  PID:9012
- C:\Windows\System32\tgmXrVO.exe
  C:\Windows\System32\tgmXrVO.exe
  2⤵
  PID:9028
- C:\Windows\System32\smHJHHS.exe
  C:\Windows\System32\smHJHHS.exe
  2⤵
  PID:9056
- C:\Windows\System32\GVDWaVh.exe
  C:\Windows\System32\GVDWaVh.exe
  2⤵
  PID:9084
- C:\Windows\System32\wtYmQOQ.exe
  C:\Windows\System32\wtYmQOQ.exe
  2⤵
  PID:9108
- C:\Windows\System32\vUDuRwc.exe
  C:\Windows\System32\vUDuRwc.exe
  2⤵
  PID:9140
- C:\Windows\System32\ltnQalo.exe
  C:\Windows\System32\ltnQalo.exe
  2⤵
  PID:9168
- C:\Windows\System32\SvPQuap.exe
  C:\Windows\System32\SvPQuap.exe
  2⤵
  PID:9196
- C:\Windows\System32\iyzyaxT.exe
  C:\Windows\System32\iyzyaxT.exe
  2⤵
  PID:7888
- C:\Windows\System32\ttXkKyl.exe
  C:\Windows\System32\ttXkKyl.exe
  2⤵
  PID:8000
- C:\Windows\System32\qnWxqBJ.exe
  C:\Windows\System32\qnWxqBJ.exe
  2⤵
  PID:8152
- C:\Windows\System32\ycFUUVy.exe
  C:\Windows\System32\ycFUUVy.exe
  2⤵
  PID:6840
- C:\Windows\System32\SJomTcu.exe
  C:\Windows\System32\SJomTcu.exe
  2⤵
  PID:7220
- C:\Windows\System32\lfcQKtW.exe
  C:\Windows\System32\lfcQKtW.exe
  2⤵
  PID:7388
- C:\Windows\System32\ocirUxg.exe
  C:\Windows\System32\ocirUxg.exe
  2⤵
  PID:5516
- C:\Windows\System32\oaGVZtJ.exe
  C:\Windows\System32\oaGVZtJ.exe
  2⤵
  PID:8264
- C:\Windows\System32\YfiTALW.exe
  C:\Windows\System32\YfiTALW.exe
  2⤵
  PID:8336
- C:\Windows\System32\URfqVRG.exe
  C:\Windows\System32\URfqVRG.exe
  2⤵
  PID:4952
- C:\Windows\System32\gCOwLsh.exe
  C:\Windows\System32\gCOwLsh.exe
  2⤵
  PID:8448
- C:\Windows\System32\EGifHBN.exe
  C:\Windows\System32\EGifHBN.exe
  2⤵
  PID:8504
- C:\Windows\System32\GfjZfQE.exe
  C:\Windows\System32\GfjZfQE.exe
  2⤵
  PID:8564
- C:\Windows\System32\OUlVlFQ.exe
  C:\Windows\System32\OUlVlFQ.exe
  2⤵
  PID:8620
- C:\Windows\System32\LRgcCqM.exe
  C:\Windows\System32\LRgcCqM.exe
  2⤵
  PID:8684
- C:\Windows\System32\JCwoutx.exe
  C:\Windows\System32\JCwoutx.exe
  2⤵
  PID:8732
- C:\Windows\System32\GoDhSfl.exe
  C:\Windows\System32\GoDhSfl.exe
  2⤵
  PID:8780
- C:\Windows\System32\eEmhMfH.exe
  C:\Windows\System32\eEmhMfH.exe
  2⤵
  PID:8840
- C:\Windows\System32\kKUUdAM.exe
  C:\Windows\System32\kKUUdAM.exe
  2⤵
  PID:8924
- C:\Windows\System32\feDnDGE.exe
  C:\Windows\System32\feDnDGE.exe
  2⤵
  PID:8992
- C:\Windows\System32\LYlHhoz.exe
  C:\Windows\System32\LYlHhoz.exe
  2⤵
  PID:9040
- C:\Windows\System32\BwEwvja.exe
  C:\Windows\System32\BwEwvja.exe
  2⤵
  PID:9092
- C:\Windows\System32\zUoZKkr.exe
  C:\Windows\System32\zUoZKkr.exe
  2⤵
  PID:9160
- C:\Windows\System32\UJqnOAQ.exe
  C:\Windows\System32\UJqnOAQ.exe
  2⤵
  PID:7876
- C:\Windows\System32\ZEjUlMH.exe
  C:\Windows\System32\ZEjUlMH.exe
  2⤵
  PID:6700
- C:\Windows\System32\xWNDbGa.exe
  C:\Windows\System32\xWNDbGa.exe
  2⤵
  PID:4876
- C:\Windows\System32\OdsiNCd.exe
  C:\Windows\System32\OdsiNCd.exe
  2⤵
  PID:7676
- C:\Windows\System32\KUSWIpp.exe
  C:\Windows\System32\KUSWIpp.exe
  2⤵
  PID:4648
- C:\Windows\System32\BUmFSDc.exe
  C:\Windows\System32\BUmFSDc.exe
  2⤵
  PID:8424
- C:\Windows\System32\NsfLKYx.exe
  C:\Windows\System32\NsfLKYx.exe
  2⤵
  PID:8536
- C:\Windows\System32\wXainAN.exe
  C:\Windows\System32\wXainAN.exe
  2⤵
  PID:8700
- C:\Windows\System32\EwJsfAo.exe
  C:\Windows\System32\EwJsfAo.exe
  2⤵
  PID:8852
- C:\Windows\System32\azrAFsZ.exe
  C:\Windows\System32\azrAFsZ.exe
  2⤵
  PID:8884
- C:\Windows\System32\TWJxQfo.exe
  C:\Windows\System32\TWJxQfo.exe
  2⤵
  PID:9020
- C:\Windows\System32\VelZzRN.exe
  C:\Windows\System32\VelZzRN.exe
  2⤵
  PID:9148
- C:\Windows\System32\SLcjSJf.exe
  C:\Windows\System32\SLcjSJf.exe
  2⤵
  PID:1188
- C:\Windows\System32\PMLqTYx.exe
  C:\Windows\System32\PMLqTYx.exe
  2⤵
  PID:7316
- C:\Windows\System32\VfRwfrn.exe
  C:\Windows\System32\VfRwfrn.exe
  2⤵
  PID:8404
- C:\Windows\System32\HVljwPn.exe
  C:\Windows\System32\HVljwPn.exe
  2⤵
  PID:8648
- C:\Windows\System32\dNanEVA.exe
  C:\Windows\System32\dNanEVA.exe
  2⤵
  PID:9240
- C:\Windows\System32\PIxvWPY.exe
  C:\Windows\System32\PIxvWPY.exe
  2⤵
  PID:9272
- C:\Windows\System32\ygVkTOi.exe
  C:\Windows\System32\ygVkTOi.exe
  2⤵
  PID:9300
- C:\Windows\System32\TDCVFri.exe
  C:\Windows\System32\TDCVFri.exe
  2⤵
  PID:9328
- C:\Windows\System32\maMYuQd.exe
  C:\Windows\System32\maMYuQd.exe
  2⤵
  PID:9356
- C:\Windows\System32\EVppduR.exe
  C:\Windows\System32\EVppduR.exe
  2⤵
  PID:9396
- C:\Windows\System32\lIFgnjL.exe
  C:\Windows\System32\lIFgnjL.exe
  2⤵
  PID:9412
- C:\Windows\System32\xJKIUIi.exe
  C:\Windows\System32\xJKIUIi.exe
  2⤵
  PID:9440
- C:\Windows\System32\fkZiXXw.exe
  C:\Windows\System32\fkZiXXw.exe
  2⤵
  PID:9464
- C:\Windows\System32\iRlNdlj.exe
  C:\Windows\System32\iRlNdlj.exe
  2⤵
  PID:9496
- C:\Windows\System32\VMXjOhK.exe
  C:\Windows\System32\VMXjOhK.exe
  2⤵
  PID:9524
- C:\Windows\System32\TAaNdIw.exe
  C:\Windows\System32\TAaNdIw.exe
  2⤵
  PID:9552
- C:\Windows\System32\XZvsMKT.exe
  C:\Windows\System32\XZvsMKT.exe
  2⤵
  PID:9580
- C:\Windows\System32\vyGefut.exe
  C:\Windows\System32\vyGefut.exe
  2⤵
  PID:9608
- C:\Windows\System32\UDbuWbK.exe
  C:\Windows\System32\UDbuWbK.exe
  2⤵
  PID:9636
- C:\Windows\System32\ZFFfkJU.exe
  C:\Windows\System32\ZFFfkJU.exe
  2⤵
  PID:9664
- C:\Windows\System32\GnhGAtf.exe
  C:\Windows\System32\GnhGAtf.exe
  2⤵
  PID:9688
- C:\Windows\System32\SjMYAiR.exe
  C:\Windows\System32\SjMYAiR.exe
  2⤵
  PID:9728
- C:\Windows\System32\oGxBFVB.exe
  C:\Windows\System32\oGxBFVB.exe
  2⤵
  PID:9748
- C:\Windows\System32\VOzdaUm.exe
  C:\Windows\System32\VOzdaUm.exe
  2⤵
  PID:9776
- C:\Windows\System32\NizlMdN.exe
  C:\Windows\System32\NizlMdN.exe
  2⤵
  PID:9800
- C:\Windows\System32\geEzwHD.exe
  C:\Windows\System32\geEzwHD.exe
  2⤵
  PID:9832
- C:\Windows\System32\xLSvHXh.exe
  C:\Windows\System32\xLSvHXh.exe
  2⤵
  PID:9856
- C:\Windows\System32\fHSQqBn.exe
  C:\Windows\System32\fHSQqBn.exe
  2⤵
  PID:9888
- C:\Windows\System32\HblaglQ.exe
  C:\Windows\System32\HblaglQ.exe
  2⤵
  PID:9928
- C:\Windows\System32\ddkSVaA.exe
  C:\Windows\System32\ddkSVaA.exe
  2⤵
  PID:9944
- C:\Windows\System32\TwYdCdy.exe
  C:\Windows\System32\TwYdCdy.exe
  2⤵
  PID:9972
- C:\Windows\System32\wrdzyly.exe
  C:\Windows\System32\wrdzyly.exe
  2⤵
  PID:10000
- C:\Windows\System32\LMWjXxV.exe
  C:\Windows\System32\LMWjXxV.exe
  2⤵
  PID:10024
- C:\Windows\System32\TjDszkw.exe
  C:\Windows\System32\TjDszkw.exe
  2⤵
  PID:10056
- C:\Windows\System32\iAlDAXy.exe
  C:\Windows\System32\iAlDAXy.exe
  2⤵
  PID:10080
- C:\Windows\System32\cLBiwPZ.exe
  C:\Windows\System32\cLBiwPZ.exe
  2⤵
  PID:10112
- C:\Windows\System32\kMiZaUJ.exe
  C:\Windows\System32\kMiZaUJ.exe
  2⤵
  PID:10136
- C:\Windows\System32\PLfjngM.exe
  C:\Windows\System32\PLfjngM.exe
  2⤵
  PID:10168
- C:\Windows\System32\ZQzvkqQ.exe
  C:\Windows\System32\ZQzvkqQ.exe
  2⤵
  PID:10196
- C:\Windows\System32\dzQqpri.exe
  C:\Windows\System32\dzQqpri.exe
  2⤵
  PID:10224
- C:\Windows\System32\Qjlektj.exe
  C:\Windows\System32\Qjlektj.exe
  2⤵
  PID:4720
- C:\Windows\System32\twsroVu.exe
  C:\Windows\System32\twsroVu.exe
  2⤵
  PID:8952
- C:\Windows\System32\YMjtqGH.exe
  C:\Windows\System32\YMjtqGH.exe
  2⤵
  PID:4732
- C:\Windows\System32\kVDKykq.exe
  C:\Windows\System32\kVDKykq.exe
  2⤵
  PID:8292
- C:\Windows\System32\vSzdpMu.exe
  C:\Windows\System32\vSzdpMu.exe
  2⤵
  PID:9228
- C:\Windows\System32\cmyGjgO.exe
  C:\Windows\System32\cmyGjgO.exe
  2⤵
  PID:9280
- C:\Windows\System32\ZnOUkGG.exe
  C:\Windows\System32\ZnOUkGG.exe
  2⤵
  PID:948
- C:\Windows\System32\UeQamMD.exe
  C:\Windows\System32\UeQamMD.exe
  2⤵
  PID:2928
- C:\Windows\System32\JCsLODJ.exe
  C:\Windows\System32\JCsLODJ.exe
  2⤵
  PID:9340
- C:\Windows\System32\UuCXUmx.exe
  C:\Windows\System32\UuCXUmx.exe
  2⤵
  PID:9388
- C:\Windows\System32\ribpPXS.exe
  C:\Windows\System32\ribpPXS.exe
  2⤵
  PID:376
- C:\Windows\System32\QSXhSLe.exe
  C:\Windows\System32\QSXhSLe.exe
  2⤵
  PID:5504
- C:\Windows\System32\nyiwtLo.exe
  C:\Windows\System32\nyiwtLo.exe
  2⤵
  PID:9628
- C:\Windows\System32\doXKEJu.exe
  C:\Windows\System32\doXKEJu.exe
  2⤵
  PID:9736
- C:\Windows\System32\nsPbpSR.exe
  C:\Windows\System32\nsPbpSR.exe
  2⤵
  PID:9840
- C:\Windows\System32\IAuwGTN.exe
  C:\Windows\System32\IAuwGTN.exe
  2⤵
  PID:9900
- C:\Windows\System32\bmJXyni.exe
  C:\Windows\System32\bmJXyni.exe
  2⤵
  PID:9964
- C:\Windows\System32\gjSmazE.exe
  C:\Windows\System32\gjSmazE.exe
  2⤵
  PID:10008
- C:\Windows\System32\Kdawgtn.exe
  C:\Windows\System32\Kdawgtn.exe
  2⤵
  PID:10032
- C:\Windows\System32\ZWshKhM.exe
  C:\Windows\System32\ZWshKhM.exe
  2⤵
  PID:10132
- C:\Windows\System32\GwhwUES.exe
  C:\Windows\System32\GwhwUES.exe
  2⤵
  PID:4812
- C:\Windows\System32\zRaTPeG.exe
  C:\Windows\System32\zRaTPeG.exe
  2⤵
  PID:10232
- C:\Windows\System32\xDPkNYU.exe
  C:\Windows\System32\xDPkNYU.exe
  2⤵
  PID:9064
- C:\Windows\System32\isHaPHy.exe
  C:\Windows\System32\isHaPHy.exe
  2⤵
  PID:6640
- C:\Windows\System32\IFuHnBb.exe
  C:\Windows\System32\IFuHnBb.exe
  2⤵
  PID:2484
- C:\Windows\System32\yxTaNhC.exe
  C:\Windows\System32\yxTaNhC.exe
  2⤵
  PID:6124
- C:\Windows\System32\IXAuLiW.exe
  C:\Windows\System32\IXAuLiW.exe
  2⤵
  PID:5264
- C:\Windows\System32\vyCfZdC.exe
  C:\Windows\System32\vyCfZdC.exe
  2⤵
  PID:4516
- C:\Windows\System32\pwyLVGJ.exe
  C:\Windows\System32\pwyLVGJ.exe
  2⤵
  PID:4216
- C:\Windows\System32\vijUjjU.exe
  C:\Windows\System32\vijUjjU.exe
  2⤵
  PID:2460
- C:\Windows\System32\qPszpIQ.exe
  C:\Windows\System32\qPszpIQ.exe
  2⤵
  PID:6044
- C:\Windows\System32\NurtFua.exe
  C:\Windows\System32\NurtFua.exe
  2⤵
  PID:5236
- C:\Windows\System32\nnFBGBy.exe
  C:\Windows\System32\nnFBGBy.exe
  2⤵
  PID:5616
- C:\Windows\System32\anyrnms.exe
  C:\Windows\System32\anyrnms.exe
  2⤵
  PID:4960
- C:\Windows\System32\CercweT.exe
  C:\Windows\System32\CercweT.exe
  2⤵
  PID:4832
- C:\Windows\System32\UlsZMzM.exe
  C:\Windows\System32\UlsZMzM.exe
  2⤵
  PID:9676
- C:\Windows\System32\zTyuINI.exe
  C:\Windows\System32\zTyuINI.exe
  2⤵
  PID:2920
- C:\Windows\System32\XnrsqfM.exe
  C:\Windows\System32\XnrsqfM.exe
  2⤵
  PID:10020
- C:\Windows\System32\cJcaMLY.exe
  C:\Windows\System32\cJcaMLY.exe
  2⤵
  PID:10088
- C:\Windows\System32\HyODKmN.exe
  C:\Windows\System32\HyODKmN.exe
  2⤵
  PID:10216
- C:\Windows\System32\ekBZFyB.exe
  C:\Windows\System32\ekBZFyB.exe
  2⤵
  PID:4656
- C:\Windows\System32\aMQswsS.exe
  C:\Windows\System32\aMQswsS.exe
  2⤵
  PID:4600
- C:\Windows\System32\gZESoze.exe
  C:\Windows\System32\gZESoze.exe
  2⤵
  PID:9376
- C:\Windows\System32\DbtcObN.exe
  C:\Windows\System32\DbtcObN.exe
  2⤵
  PID:1120
- C:\Windows\System32\ZGKLbGR.exe
  C:\Windows\System32\ZGKLbGR.exe
  2⤵
  PID:5736
- C:\Windows\System32\PltuNWD.exe
  C:\Windows\System32\PltuNWD.exe
  2⤵
  PID:9432
- C:\Windows\System32\EpaxjCU.exe
  C:\Windows\System32\EpaxjCU.exe
  2⤵
  PID:9920
- C:\Windows\System32\hUkdOBR.exe
  C:\Windows\System32\hUkdOBR.exe
  2⤵
  PID:1932
- C:\Windows\System32\xAZwFXC.exe
  C:\Windows\System32\xAZwFXC.exe
  2⤵
  PID:3636
- C:\Windows\System32\fykoFmL.exe
  C:\Windows\System32\fykoFmL.exe
  2⤵
  PID:2224
- C:\Windows\System32\xxiIxes.exe
  C:\Windows\System32\xxiIxes.exe
  2⤵
  PID:1972
- C:\Windows\System32\nrrVMoG.exe
  C:\Windows\System32\nrrVMoG.exe
  2⤵
  PID:3564
- C:\Windows\System32\rOkgcdd.exe
  C:\Windows\System32\rOkgcdd.exe
  2⤵
  PID:9704
- C:\Windows\System32\gsWAjSU.exe
  C:\Windows\System32\gsWAjSU.exe
  2⤵
  PID:10280
- C:\Windows\System32\NTWAJVY.exe
  C:\Windows\System32\NTWAJVY.exe
  2⤵
  PID:10312
- C:\Windows\System32\VikQOGk.exe
  C:\Windows\System32\VikQOGk.exe
  2⤵
  PID:10332
- C:\Windows\System32\NRJzppX.exe
  C:\Windows\System32\NRJzppX.exe
  2⤵
  PID:10360
- C:\Windows\System32\kfpShCf.exe
  C:\Windows\System32\kfpShCf.exe
  2⤵
  PID:10376
- C:\Windows\System32\vAmruDw.exe
  C:\Windows\System32\vAmruDw.exe
  2⤵
  PID:10400
- C:\Windows\System32\FqneTUS.exe
  C:\Windows\System32\FqneTUS.exe
  2⤵
  PID:10428
- C:\Windows\System32\gwtYdTk.exe
  C:\Windows\System32\gwtYdTk.exe
  2⤵
  PID:10468
- C:\Windows\System32\fDZFlDl.exe
  C:\Windows\System32\fDZFlDl.exe
  2⤵
  PID:10500
- C:\Windows\System32\LbwNjGe.exe
  C:\Windows\System32\LbwNjGe.exe
  2⤵
  PID:10524
- C:\Windows\System32\senMvBy.exe
  C:\Windows\System32\senMvBy.exe
  2⤵
  PID:10560
- C:\Windows\System32\gguSILY.exe
  C:\Windows\System32\gguSILY.exe
  2⤵
  PID:10596
- C:\Windows\System32\TTlBzUa.exe
  C:\Windows\System32\TTlBzUa.exe
  2⤵
  PID:10612
- C:\Windows\System32\tEZFUHb.exe
  C:\Windows\System32\tEZFUHb.exe
  2⤵
  PID:10640
- C:\Windows\System32\hVtutcg.exe
  C:\Windows\System32\hVtutcg.exe
  2⤵
  PID:10668
- C:\Windows\System32\hPyrNLm.exe
  C:\Windows\System32\hPyrNLm.exe
  2⤵
  PID:10688
- C:\Windows\System32\MAXUIbQ.exe
  C:\Windows\System32\MAXUIbQ.exe
  2⤵
  PID:10728
- C:\Windows\System32\kugVbXu.exe
  C:\Windows\System32\kugVbXu.exe
  2⤵
  PID:10764
- C:\Windows\System32\IQkIHkt.exe
  C:\Windows\System32\IQkIHkt.exe
  2⤵
  PID:10780
- C:\Windows\System32\hyXNUDp.exe
  C:\Windows\System32\hyXNUDp.exe
  2⤵
  PID:10812
- C:\Windows\System32\gbuLEgd.exe
  C:\Windows\System32\gbuLEgd.exe
  2⤵
  PID:10836
- C:\Windows\System32\HXmbzbx.exe
  C:\Windows\System32\HXmbzbx.exe
  2⤵
  PID:10876
- C:\Windows\System32\KWpjsER.exe
  C:\Windows\System32\KWpjsER.exe
  2⤵
  PID:10904
- C:\Windows\System32\ymnUYOG.exe
  C:\Windows\System32\ymnUYOG.exe
  2⤵
  PID:10920
- C:\Windows\System32\fIpZeVG.exe
  C:\Windows\System32\fIpZeVG.exe
  2⤵
  PID:10948
- C:\Windows\System32\tXDOuVU.exe
  C:\Windows\System32\tXDOuVU.exe
  2⤵
  PID:10976
- C:\Windows\System32\WCBRRlL.exe
  C:\Windows\System32\WCBRRlL.exe
  2⤵
  PID:10992
- C:\Windows\System32\GNzZvrC.exe
  C:\Windows\System32\GNzZvrC.exe
  2⤵
  PID:11016
- C:\Windows\System32\rMWrosl.exe
  C:\Windows\System32\rMWrosl.exe
  2⤵
  PID:11080
- C:\Windows\System32\eIZsfKI.exe
  C:\Windows\System32\eIZsfKI.exe
  2⤵
  PID:11104
- C:\Windows\System32\fyAFktf.exe
  C:\Windows\System32\fyAFktf.exe
  2⤵
  PID:11124
- C:\Windows\System32\EeOPmAJ.exe
  C:\Windows\System32\EeOPmAJ.exe
  2⤵
  PID:11152
- C:\Windows\System32\xAYcsTG.exe
  C:\Windows\System32\xAYcsTG.exe
  2⤵
  PID:11180
- C:\Windows\System32\Upqbisg.exe
  C:\Windows\System32\Upqbisg.exe
  2⤵
  PID:11204
- C:\Windows\System32\jgaXgBe.exe
  C:\Windows\System32\jgaXgBe.exe
  2⤵
  PID:11244
- C:\Windows\System32\WgOknYM.exe
  C:\Windows\System32\WgOknYM.exe
  2⤵
  PID:9796
- C:\Windows\System32\oRoONWN.exe
  C:\Windows\System32\oRoONWN.exe
  2⤵
  PID:9720
- C:\Windows\System32\LGTLASj.exe
  C:\Windows\System32\LGTLASj.exe
  2⤵
  PID:6072
- C:\Windows\System32\tTZkNdF.exe
  C:\Windows\System32\tTZkNdF.exe
  2⤵
  PID:10352
- C:\Windows\System32\YGVSsUF.exe
  C:\Windows\System32\YGVSsUF.exe
  2⤵
  PID:10388
- C:\Windows\System32\sEmvWqg.exe
  C:\Windows\System32\sEmvWqg.exe
  2⤵
  PID:10476
- C:\Windows\System32\TPAgfcG.exe
  C:\Windows\System32\TPAgfcG.exe
  2⤵
  PID:10588
- C:\Windows\System32\etTEOFR.exe
  C:\Windows\System32\etTEOFR.exe
  2⤵
  PID:10604
- C:\Windows\System32\CJhISlo.exe
  C:\Windows\System32\CJhISlo.exe
  2⤵
  PID:10680
- C:\Windows\System32\AUzIRrV.exe
  C:\Windows\System32\AUzIRrV.exe
  2⤵
  PID:10760
- C:\Windows\System32\rjZfeOU.exe
  C:\Windows\System32\rjZfeOU.exe
  2⤵
  PID:10832
- C:\Windows\System32\QqhYWlC.exe
  C:\Windows\System32\QqhYWlC.exe
  2⤵
  PID:10860
- C:\Windows\System32\mIXNjtv.exe
  C:\Windows\System32\mIXNjtv.exe
  2⤵
  PID:10956
- C:\Windows\System32\StnJuce.exe
  C:\Windows\System32\StnJuce.exe
  2⤵
  PID:10984
- C:\Windows\System32\lDzIIUG.exe
  C:\Windows\System32\lDzIIUG.exe
  2⤵
  PID:11096
- C:\Windows\System32\ypiRBlY.exe
  C:\Windows\System32\ypiRBlY.exe
  2⤵
  PID:11172
- C:\Windows\System32\iyZstCY.exe
  C:\Windows\System32\iyZstCY.exe
  2⤵
  PID:11228
- C:\Windows\System32\UoXSaTW.exe
  C:\Windows\System32\UoXSaTW.exe
  2⤵
  PID:10300
- C:\Windows\System32\msBdEoX.exe
  C:\Windows\System32\msBdEoX.exe
  2⤵
  PID:10424
- C:\Windows\System32\hsTqKIN.exe
  C:\Windows\System32\hsTqKIN.exe
  2⤵
  PID:10664
- C:\Windows\System32\evaTMEI.exe
  C:\Windows\System32\evaTMEI.exe
  2⤵
  PID:10736
- C:\Windows\System32\xMtWsWw.exe
  C:\Windows\System32\xMtWsWw.exe
  2⤵
  PID:10932
- C:\Windows\System32\xQxeHnv.exe
  C:\Windows\System32\xQxeHnv.exe
  2⤵
  PID:11008
- C:\Windows\System32\bxllzcO.exe
  C:\Windows\System32\bxllzcO.exe
  2⤵
  PID:11196
- C:\Windows\System32\uXKSaFq.exe
  C:\Windows\System32\uXKSaFq.exe
  2⤵
  PID:10444
- C:\Windows\System32\NwwhDNO.exe
  C:\Windows\System32\NwwhDNO.exe
  2⤵
  PID:10916
- C:\Windows\System32\oppcheJ.exe
  C:\Windows\System32\oppcheJ.exe
  2⤵
  PID:10964
- C:\Windows\System32\nvDRJNx.exe
  C:\Windows\System32\nvDRJNx.exe
  2⤵
  PID:10652
- C:\Windows\System32\KonBMBQ.exe
  C:\Windows\System32\KonBMBQ.exe
  2⤵
  PID:11276
- C:\Windows\System32\JvXUAMF.exe
  C:\Windows\System32\JvXUAMF.exe
  2⤵
  PID:11292
- C:\Windows\System32\BjnJkZq.exe
  C:\Windows\System32\BjnJkZq.exe
  2⤵
  PID:11324
- C:\Windows\System32\UnnwUrs.exe
  C:\Windows\System32\UnnwUrs.exe
  2⤵
  PID:11360
- C:\Windows\System32\Ayqirfu.exe
  C:\Windows\System32\Ayqirfu.exe
  2⤵
  PID:11388
- C:\Windows\System32\DeMALbe.exe
  C:\Windows\System32\DeMALbe.exe
  2⤵
  PID:11416
- C:\Windows\System32\nibGtjU.exe
  C:\Windows\System32\nibGtjU.exe
  2⤵
  PID:11448
- C:\Windows\System32\rajARMf.exe
  C:\Windows\System32\rajARMf.exe
  2⤵
  PID:11464
- C:\Windows\System32\mLNnYDd.exe
  C:\Windows\System32\mLNnYDd.exe
  2⤵
  PID:11480
- C:\Windows\System32\dIiRyZv.exe
  C:\Windows\System32\dIiRyZv.exe
  2⤵
  PID:11520
- C:\Windows\System32\HwQQIMJ.exe
  C:\Windows\System32\HwQQIMJ.exe
  2⤵
  PID:11548
- C:\Windows\System32\vrlRCpH.exe
  C:\Windows\System32\vrlRCpH.exe
  2⤵
  PID:11576
- C:\Windows\System32\WWkAzYq.exe
  C:\Windows\System32\WWkAzYq.exe
  2⤵
  PID:11612
- C:\Windows\System32\EBLOKzE.exe
  C:\Windows\System32\EBLOKzE.exe
  2⤵
  PID:11640
- C:\Windows\System32\ZCoYzty.exe
  C:\Windows\System32\ZCoYzty.exe
  2⤵
  PID:11660
- C:\Windows\System32\IaRcjrz.exe
  C:\Windows\System32\IaRcjrz.exe
  2⤵
  PID:11688
- C:\Windows\System32\ioVoeXf.exe
  C:\Windows\System32\ioVoeXf.exe
  2⤵
  PID:11716
- C:\Windows\System32\priwoxF.exe
  C:\Windows\System32\priwoxF.exe
  2⤵
  PID:11756
- C:\Windows\System32\NWcfNsm.exe
  C:\Windows\System32\NWcfNsm.exe
  2⤵
  PID:11788
- C:\Windows\System32\HBsuaZt.exe
  C:\Windows\System32\HBsuaZt.exe
  2⤵
  PID:11816
- C:\Windows\System32\NEwBeee.exe
  C:\Windows\System32\NEwBeee.exe
  2⤵
  PID:11852
- C:\Windows\System32\AfrvJHY.exe
  C:\Windows\System32\AfrvJHY.exe
  2⤵
  PID:11872
- C:\Windows\System32\PyNglZJ.exe
  C:\Windows\System32\PyNglZJ.exe
  2⤵
  PID:11888
- C:\Windows\System32\FyoiqUH.exe
  C:\Windows\System32\FyoiqUH.exe
  2⤵
  PID:11916
- C:\Windows\System32\vBooRuP.exe
  C:\Windows\System32\vBooRuP.exe
  2⤵
  PID:11944
- C:\Windows\System32\qltevcC.exe
  C:\Windows\System32\qltevcC.exe
  2⤵
  PID:11972
- C:\Windows\System32\pPhCqPr.exe
  C:\Windows\System32\pPhCqPr.exe
  2⤵
  PID:12020
- C:\Windows\System32\OKfTlQG.exe
  C:\Windows\System32\OKfTlQG.exe
  2⤵
  PID:12040
- C:\Windows\System32\yUeaHFz.exe
  C:\Windows\System32\yUeaHFz.exe
  2⤵
  PID:12068
- C:\Windows\System32\NEzrrtN.exe
  C:\Windows\System32\NEzrrtN.exe
  2⤵
  PID:12096
- C:\Windows\System32\hyZwndO.exe
  C:\Windows\System32\hyZwndO.exe
  2⤵
  PID:12116
- C:\Windows\System32\CuzQdcX.exe
  C:\Windows\System32\CuzQdcX.exe
  2⤵
  PID:12148
- C:\Windows\System32\oUcGedn.exe
  C:\Windows\System32\oUcGedn.exe
  2⤵
  PID:12172
- C:\Windows\System32\kYQClfT.exe
  C:\Windows\System32\kYQClfT.exe
  2⤵
  PID:12200
- C:\Windows\System32\cDoxWvE.exe
  C:\Windows\System32\cDoxWvE.exe
  2⤵
  PID:12220
- C:\Windows\System32\CLdIyZf.exe
  C:\Windows\System32\CLdIyZf.exe
  2⤵
  PID:12252
- C:\Windows\System32\KPxIWZd.exe
  C:\Windows\System32\KPxIWZd.exe
  2⤵
  PID:12284
- C:\Windows\System32\NXZqjYO.exe
  C:\Windows\System32\NXZqjYO.exe
  2⤵
  PID:10324
- C:\Windows\System32\ZUbciaz.exe
  C:\Windows\System32\ZUbciaz.exe
  2⤵
  PID:11332
- C:\Windows\System32\PmKqlok.exe
  C:\Windows\System32\PmKqlok.exe
  2⤵
  PID:11408
- C:\Windows\System32\OCtdxWr.exe
  C:\Windows\System32\OCtdxWr.exe
  2⤵
  PID:11472
- C:\Windows\System32\KMErVrj.exe
  C:\Windows\System32\KMErVrj.exe
  2⤵
  PID:11560
- C:\Windows\System32\ooHGkUp.exe
  C:\Windows\System32\ooHGkUp.exe
  2⤵
  PID:11628
- C:\Windows\System32\qyQoclV.exe
  C:\Windows\System32\qyQoclV.exe
  2⤵
  PID:11676
- C:\Windows\System32\qDfZhjm.exe
  C:\Windows\System32\qDfZhjm.exe
  2⤵
  PID:11740
- C:\Windows\System32\dXAixos.exe
  C:\Windows\System32\dXAixos.exe
  2⤵
  PID:11864
- C:\Windows\System32\PqwGtmE.exe
  C:\Windows\System32\PqwGtmE.exe
  2⤵
  PID:11904
- C:\Windows\System32\hLMlAKJ.exe
  C:\Windows\System32\hLMlAKJ.exe
  2⤵
  PID:11988
- C:\Windows\System32\kwcMKZP.exe
  C:\Windows\System32\kwcMKZP.exe
  2⤵
  PID:12036
- C:\Windows\System32\NQhwuff.exe
  C:\Windows\System32\NQhwuff.exe
  2⤵
  PID:12112
- C:\Windows\System32\qxoLwnQ.exe
  C:\Windows\System32\qxoLwnQ.exe
  2⤵
  PID:12136
- C:\Windows\System32\BEqOMll.exe
  C:\Windows\System32\BEqOMll.exe
  2⤵
  PID:12208
- C:\Windows\System32\fGrAkzP.exe
  C:\Windows\System32\fGrAkzP.exe
  2⤵
  PID:11136
- C:\Windows\System32\MzKTCCE.exe
  C:\Windows\System32\MzKTCCE.exe
  2⤵
  PID:11504
- C:\Windows\System32\rfLPMhr.exe
  C:\Windows\System32\rfLPMhr.exe
  2⤵
  PID:11652
- C:\Windows\System32\ZnsylIL.exe
  C:\Windows\System32\ZnsylIL.exe
  2⤵
  PID:11708
- C:\Windows\System32\jXzjBOG.exe
  C:\Windows\System32\jXzjBOG.exe
  2⤵
  PID:11884
- C:\Windows\System32\oIGMjwu.exe
  C:\Windows\System32\oIGMjwu.exe
  2⤵
  PID:11956
- C:\Windows\System32\sAChnGL.exe
  C:\Windows\System32\sAChnGL.exe
  2⤵
  PID:12080
- C:\Windows\System32\tBFkdSx.exe
  C:\Windows\System32\tBFkdSx.exe
  2⤵
  PID:11384
- C:\Windows\System32\pSQNRNn.exe
  C:\Windows\System32\pSQNRNn.exe
  2⤵
  PID:11804
- C:\Windows\System32\ndJJzwO.exe
  C:\Windows\System32\ndJJzwO.exe
  2⤵
  PID:11996
- C:\Windows\System32\vQpopqx.exe
  C:\Windows\System32\vQpopqx.exe
  2⤵
  PID:4384
- C:\Windows\System32\VkUqeNg.exe
  C:\Windows\System32\VkUqeNg.exe
  2⤵
  PID:532
- C:\Windows\System32\IRfqWLJ.exe
  C:\Windows\System32\IRfqWLJ.exe
  2⤵
  PID:4468
- C:\Windows\System32\zQCNUBV.exe
  C:\Windows\System32\zQCNUBV.exe
  2⤵
  PID:12292
- C:\Windows\System32\loubxng.exe
  C:\Windows\System32\loubxng.exe
  2⤵
  PID:12332
- C:\Windows\System32\kTKBasn.exe
  C:\Windows\System32\kTKBasn.exe
  2⤵
  PID:12364
- C:\Windows\System32\kDCKfbx.exe
  C:\Windows\System32\kDCKfbx.exe
  2⤵
  PID:12380
- C:\Windows\System32\GkDlnum.exe
  C:\Windows\System32\GkDlnum.exe
  2⤵
  PID:12420
- C:\Windows\System32\mDJoSsm.exe
  C:\Windows\System32\mDJoSsm.exe
  2⤵
  PID:12452
- C:\Windows\System32\quFTOeE.exe
  C:\Windows\System32\quFTOeE.exe
  2⤵
  PID:12476
- C:\Windows\System32\EohChME.exe
  C:\Windows\System32\EohChME.exe
  2⤵
  PID:12504
- C:\Windows\System32\XWZeLVB.exe
  C:\Windows\System32\XWZeLVB.exe
  2⤵
  PID:12524
- C:\Windows\System32\LJJuhVb.exe
  C:\Windows\System32\LJJuhVb.exe
  2⤵
  PID:12548
- C:\Windows\System32\BAoanND.exe
  C:\Windows\System32\BAoanND.exe
  2⤵
  PID:12592
- C:\Windows\System32\gMiPKIw.exe
  C:\Windows\System32\gMiPKIw.exe
  2⤵
  PID:12628
- C:\Windows\System32\liUDjbw.exe
  C:\Windows\System32\liUDjbw.exe
  2⤵
  PID:12656
- C:\Windows\System32\cXmPLAj.exe
  C:\Windows\System32\cXmPLAj.exe
  2⤵
  PID:12672
- C:\Windows\System32\AEjfhZd.exe
  C:\Windows\System32\AEjfhZd.exe
  2⤵
  PID:12688
- C:\Windows\System32\hXtpAvj.exe
  C:\Windows\System32\hXtpAvj.exe
  2⤵
  PID:12732
- C:\Windows\System32\nSgZjWf.exe
  C:\Windows\System32\nSgZjWf.exe
  2⤵
  PID:12768
- C:\Windows\System32\zLifCeK.exe
  C:\Windows\System32\zLifCeK.exe
  2⤵
  PID:12812
- C:\Windows\System32\xdwbOvH.exe
  C:\Windows\System32\xdwbOvH.exe
  2⤵
  PID:12864
- C:\Windows\System32\vJfmabT.exe
  C:\Windows\System32\vJfmabT.exe
  2⤵
  PID:12896
- C:\Windows\System32\ShICurl.exe
  C:\Windows\System32\ShICurl.exe
  2⤵
  PID:12944
- C:\Windows\System32\iXxMEzg.exe
  C:\Windows\System32\iXxMEzg.exe
  2⤵
  PID:12964
- C:\Windows\System32\tbivPTT.exe
  C:\Windows\System32\tbivPTT.exe
  2⤵
  PID:12988
- C:\Windows\System32\XOVXvzJ.exe
  C:\Windows\System32\XOVXvzJ.exe
  2⤵
  PID:13016
- C:\Windows\System32\eHDIDde.exe
  C:\Windows\System32\eHDIDde.exe
  2⤵
  PID:13032
- C:\Windows\System32\GvhQunu.exe
  C:\Windows\System32\GvhQunu.exe
  2⤵
  PID:13068
- C:\Windows\System32\aFaEZLk.exe
  C:\Windows\System32\aFaEZLk.exe
  2⤵
  PID:13112
- C:\Windows\System32\nTwPqfL.exe
  C:\Windows\System32\nTwPqfL.exe
  2⤵
  PID:13164
- C:\Windows\System32\uKXbXjf.exe
  C:\Windows\System32\uKXbXjf.exe
  2⤵
  PID:13192
- C:\Windows\System32\zOkgQHm.exe
  C:\Windows\System32\zOkgQHm.exe
  2⤵
  PID:13224
- C:\Windows\System32\GznzhRC.exe
  C:\Windows\System32\GznzhRC.exe
  2⤵
  PID:13252
- C:\Windows\System32\AztRKOr.exe
  C:\Windows\System32\AztRKOr.exe
  2⤵
  PID:13280
- C:\Windows\System32\IxRmFdE.exe
  C:\Windows\System32\IxRmFdE.exe
  2⤵
  PID:13308
- C:\Windows\System32\VeUwVRo.exe
  C:\Windows\System32\VeUwVRo.exe
  2⤵
  PID:12340
- C:\Windows\System32\BRwENlz.exe
  C:\Windows\System32\BRwENlz.exe
  2⤵
  PID:12376
- C:\Windows\System32\fXegAVO.exe
  C:\Windows\System32\fXegAVO.exe
  2⤵
  PID:12432
- C:\Windows\System32\hwalZTd.exe
  C:\Windows\System32\hwalZTd.exe
  2⤵
  PID:12460
- C:\Windows\System32\NIykdfY.exe
  C:\Windows\System32\NIykdfY.exe
  2⤵
  PID:12560
- C:\Windows\System32\TAxLYpD.exe
  C:\Windows\System32\TAxLYpD.exe
  2⤵
  PID:12640
- C:\Windows\System32\khZjWdP.exe
  C:\Windows\System32\khZjWdP.exe
  2⤵
  PID:12784
- C:\Windows\System32\ZHsdzbr.exe
  C:\Windows\System32\ZHsdzbr.exe
  2⤵
  PID:12832
- C:\Windows\System32\MpICpKj.exe
  C:\Windows\System32\MpICpKj.exe
  2⤵
  PID:12584
- C:\Windows\System32\ixdKnZw.exe
  C:\Windows\System32\ixdKnZw.exe
  2⤵
  PID:12984
- C:\Windows\System32\AuHPCkT.exe
  C:\Windows\System32\AuHPCkT.exe
  2⤵
  PID:13024
- C:\Windows\System32\kpKKHuF.exe
  C:\Windows\System32\kpKKHuF.exe
  2⤵
  PID:13076
- C:\Windows\System32\iEfdSLS.exe
  C:\Windows\System32\iEfdSLS.exe
  2⤵
  PID:13220
- C:\Windows\System32\gtVLxFf.exe
  C:\Windows\System32\gtVLxFf.exe
  2⤵
  PID:13300
- C:\Windows\System32\yuWfXlK.exe
  C:\Windows\System32\yuWfXlK.exe
  2⤵
  PID:12408
- C:\Windows\System32\CgmgspJ.exe
  C:\Windows\System32\CgmgspJ.exe
  2⤵
  PID:12564
- C:\Windows\System32\EgzfrBG.exe
  C:\Windows\System32\EgzfrBG.exe
  2⤵
  PID:12796
- C:\Windows\System32\aFuLkdA.exe
  C:\Windows\System32\aFuLkdA.exe
  2⤵
  PID:13128
- C:\Windows\System32\RKzqqoW.exe
  C:\Windows\System32\RKzqqoW.exe
  2⤵
  PID:13264
- C:\Windows\System32\sMBkuig.exe
  C:\Windows\System32\sMBkuig.exe
  2⤵
  PID:12648
- C:\Windows\System32\EEgWlEZ.exe
  C:\Windows\System32\EEgWlEZ.exe
  2⤵
  PID:13176
- C:\Windows\System32\iiaEgCw.exe
  C:\Windows\System32\iiaEgCw.exe
  2⤵
  PID:13028
- C:\Windows\System32\vyIaoJB.exe
  C:\Windows\System32\vyIaoJB.exe
  2⤵
  PID:13348
- C:\Windows\System32\NYhHAQc.exe
  C:\Windows\System32\NYhHAQc.exe
  2⤵
  PID:13372
- C:\Windows\System32\bEyqKUW.exe
  C:\Windows\System32\bEyqKUW.exe
  2⤵
  PID:13412
- C:\Windows\System32\rDSaNeu.exe
  C:\Windows\System32\rDSaNeu.exe
  2⤵
  PID:13448

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AJdoEmK.exe

Filesize
2.6MB

MD5
8636a2343df8ebd5f1086201b81251c8

SHA1
72e1c232724ab417e1ae2ed292c46108bf5d6584

SHA256
852c4ad5a7eba159e53cf91b1e3b277bc2ae2697a304d170e80b812f9afaccd1

SHA512
92cee6166f80019456ec75feebfb6d8aaad6b3842f59bbd32c2b44a293e5f6ffe58baf22961f588457bd53552bcaf4bbee1b633a539f909aa77359f27591844e

Download Submit
C:\Windows\System32\BvOaqjQ.exe

Filesize
2.6MB

MD5
9dc2f5c9846aac7fac4272546bd16e3d

SHA1
fe69de253884840243f50eead9f4c3f5fe848dd6

SHA256
5fc806cb17baafd70af4ef857e48dd838a54d1e01240146d96ce9c1a03c4e378

SHA512
3b047cc5e585158a20b5179a6c7f1ea03ac26b1500eeb048d949bf851f70c09bb36206e1a32a8913a4b130c7a3ef0c2e0745323dcfdb454890118c2a2fcb312e

Download Submit
C:\Windows\System32\CLuFAWH.exe

Filesize
2.6MB

MD5
abfafc7d542c73c288ad157a57a7ba88

SHA1
5fce2d70eca1964f738c5c6880d9e3270812e131

SHA256
a98b4a43024512d877f063bce244c7c6c08525dffae7c5f05a834d6dd8e489e5

SHA512
bb1e2dfdbd3e9a41575499659bf2e7a62285c8d7f25520c31d1b5533bb52d84b409f9539e8ca7828877bdaee7751533ffcae21c8f931bbfb1ea045ccb0a47edb

Download Submit
C:\Windows\System32\ERogWlK.exe

Filesize
2.6MB

MD5
c1eac5bc4f8e41f8e591a953f04232fb

SHA1
e43a9df49fd0d060679e0f4796b145cb3d31d6e0

SHA256
bfba71020874e4abe6747e14c3ae194d598fb8a2f23527f28489f6e9ec596d02

SHA512
6752bc4e03715b911734e5d65d0abfdc72f32f86501f73aa6e587f92f7a5f476b18e0aaf6feba638056d2b0f9707faf33c2819ca6f079ac0b18e9c5b3a01d9f9

Download Submit
C:\Windows\System32\EbrIlJw.exe

Filesize
2.6MB

MD5
892d2fdd2706121ba3f75dcac35c7369

SHA1
be2b3805151f85e09bc19c04925f1df5cbf102e7

SHA256
d6de9c4dea86388a2ed9548a78dbd83d4518f7639488bc17de7fe2a1ce4226be

SHA512
64c3d5e3799ace5fea9c46cdf40c4848c4b9a82a678cc4bd0024aa6edb11781dfe9ebc9f4127ab06a416072bf54a3a06763d12cdc094cab83782698d6f337ca9

Download Submit
C:\Windows\System32\FdICuNe.exe

Filesize
2.6MB

MD5
68aa08ca847478051e3525bac14f5455

SHA1
2ebaf88155f99719ba6cab526e990713f447cb2c

SHA256
c3a0f7f4612909acebf01f0ad52251ee851bb5829ee77ac5666315294e91d0c6

SHA512
907a6c81a7e697ce1fdd320b599f42051d2a3472bc2da14f9d832e99cb38d8b06657a7b277b712155097cb69578c489d6c13d44fae63321230e4509c0baaa65c

Download Submit
C:\Windows\System32\GCgqBui.exe

Filesize
2.6MB

MD5
22b72af563849fbc0204fbc534b7c94f

SHA1
68c2cb77fca7adba6647cf8d92675714597eeaa0

SHA256
30078ff8b7ff370ce4575cc4b9e9584b805c9ae91487493734852ddaa00824f9

SHA512
d85b918c0487fdd49095c5ee24b1c4b68f71b96c7789ce5a3fbd9e2a933e8d62057fe7d1049f3267e2ef09717adb60cca565b5fd3aa4e6ed7f586247bf52ffe7

Download Submit
C:\Windows\System32\GXdiQsC.exe

Filesize
2.6MB

MD5
1da706563705e7431598da0c40d53f43

SHA1
551af2413e46bc239d6cc06e767f988fe7608687

SHA256
103fa5a851ce2a2e8c880551ce3d2104298071cd2a545523b9f7a66093719a2e

SHA512
9ca9df39390524f6535b8165efe0c90baa8506e60610e393f0e54bd2c9496ab2bba8553a048942bbb0caa575e41f267f590259d4f836d4e2bdb43dc96d704bf8

Download Submit
C:\Windows\System32\HTWpuxn.exe

Filesize
2.6MB

MD5
737000c0e1b47932e5faacf7a3399647

SHA1
95f9307c20b4d57275342830fa94aa4282d8bae7

SHA256
343883004e178fab7114a389dae0908d1a559b2733d6bf97ed248ede9cd7c9dd

SHA512
18d0ed1a1e0f4ef8846a90253f43685095fc48f05016341037e2873ade9d8af913ee50d3a5d91d884c0406244c8f6e26b6f1dfaaac6ae263781c5ff2890bda32

Download Submit
C:\Windows\System32\HTYKNsk.exe

Filesize
2.6MB

MD5
af560f80dcb112d8bafe53184787d6b4

SHA1
21565918b607be60131cb0057def36d589bde794

SHA256
7c920ff54208d5ec528a6cd8f1f144bed895e5fe3dfb92b9e24cb9f78c9a5202

SHA512
27b1a98493e5f8c9481987939d268232d5ff57869ff8d8238dc2867683f5ae258db559cc33435f41211b0edb22207b9f9a1ea652d83fe22325bd2e15317fd380

Download Submit
C:\Windows\System32\Iefudpl.exe

Filesize
2.6MB

MD5
1c8f58d545e8aa014d2d42b8a6cf4b1e

SHA1
cef0364a68f636276186edab7c436ff5c12c6fbb

SHA256
84aea5df7cd6fc6631341000290844734093acb280d70e876a29774900abbdc4

SHA512
820197b283052e83dbbc6c3d751594a15c0ce44b25373e1bf2ac71c36e44379219fe111a724f933c30a3d1fbdc41ba24b4020898746db183e197acfdb7356f66

Download Submit
C:\Windows\System32\JNHsdzk.exe

Filesize
2.6MB

MD5
5862342688b93db61fc5ff474f0b4a9c

SHA1
bfcbba4fd845a9ff3ca6a10f17bec9f45cc21bd9

SHA256
f7005de63df76dc47e7f95b5e376e3f7662889724dd75153700971958ad1dfd5

SHA512
a9e540aebc0725938de9b79a3265287168c060a227a34424f167d80daba721e4613dbda0fec7462a114b9d8a07f2d8faea5f79a5058a1010c7e406705d5f4d51

Download Submit
C:\Windows\System32\LaOaWKL.exe

Filesize
2.6MB

MD5
4107f76ec5f1e14aa000b2b5152446f5

SHA1
99f0794b4bd166b54cce05dd68ce41556ee662d2

SHA256
4a7a5c7111f94f779616aba7712d6a4d826d7e36b7d95ee3657a4ec5053813da

SHA512
ffed9b2044b123e520495245153035a68589447368a24599ac23b179df7570b68e003ab893f6923cc516b5a7ec057020dae0f3545b0dc7d50657da4a4b19815d

Download Submit
C:\Windows\System32\OXvyWiz.exe

Filesize
2.6MB

MD5
64b13b4115367760ea4794b4da21d303

SHA1
400db06a7d79a5b4b3b14a3754ac5795b52a650e

SHA256
167a3fee3243b9d29333383bf5baead9af5c968bcd8039a9db72a06083d9d2a5

SHA512
c25b6e922805df6036c287771db6d280521ff6f9dbc11dd0e113351a1b6d1309a57fc88691a06f11ff69cfa4db88679a0347362299baf9303f434e4d1bdc4375

Download Submit
C:\Windows\System32\QFYLdGU.exe

Filesize
2.6MB

MD5
5b1f5c621364447138b3df82ffe1ebaa

SHA1
0e4829cef1c929d1bdb9a19cfeacd5fbbb1e26c8

SHA256
86552aaf56c248e66df4e6aa734817b92bf59d086e16144c86d100f2555dc505

SHA512
9cdecab60264560ed2eb7b7472fabae9cc9e356492c37eb7955b4483f31f851f12de24cfb437ceafdea31a7e38b2f9b28a722e21a44c437b705f0f5454f212b4

Download Submit
C:\Windows\System32\QYWPXoj.exe

Filesize
2.6MB

MD5
c5219138138e30a24146ba0ad43ccd45

SHA1
d8202506317a9ccb5e2e9c1990ddd7a244410c0d

SHA256
0ae910af53c94b3928569281eda180cfa5848413d818f044b9b0da1d26d77a51

SHA512
a717d5d5b5dd9a1ae5ae5a76119fd33d74a476e8e4bca388b2b8349b2586253616cb11ab73a1193a588bd148bd6ce90866523e1b050ec714f95cdd75eb935224

Download Submit
C:\Windows\System32\RpLQiOa.exe

Filesize
2.6MB

MD5
74c19b9857c25b05e998c3a72fde898c

SHA1
c2812d00573db26bbd9e62de63621594b20d693d

SHA256
f1c5eda3ff02668fb51dd596c3114ceaf33dba0f2fd17bcc06bde46ce79b3b0b

SHA512
abfd8dfe43855c306c5828eaf288d40466a5ff0dd40ba9917488877767fdad45f0f0ad81f97c47557ae9b0dc50756816d06ae97c1716c37a76c42b97b7f60c6c

Download Submit
C:\Windows\System32\VLQPYnI.exe

Filesize
2.6MB

MD5
c86fbe53910f3526dc714bc037051479

SHA1
b1540a8d92a5e1f5026e917bb240cfe120610918

SHA256
a6b6779a6e094714eac64f4b681b53cc4b77bcba964acc9576cc65cce1085788

SHA512
5cfd9106b110441b307fcd82039bb802756d45f3945aabc9b646a1654ad7f0e24f68d43eb8eecce06a8b80a8c5dd2c58e3b23d1c58974492fa910f02abeb70dd

Download Submit
C:\Windows\System32\ZEPSsov.exe

Filesize
2.6MB

MD5
6f0459c25e186bfcd99e9fb03291b6f2

SHA1
3d97c0a52e7d3888511c8d57600b61cfbc9b9aeb

SHA256
510bf75723be2702eb3723e1a596dcdf9409d6e01760d5107d39799ec083f970

SHA512
377a5f7fb0885d588ecdeaa67f83c10260855af314002860687f37a7784fc678e21b0cc99d4bdae153ac0cb53c2ff6d393b1a97058021e4a2b2e6c603846d061

Download Submit
C:\Windows\System32\ZLnGCTU.exe

Filesize
2.6MB

MD5
c5b4d983aa90506e93e931d9cbebe7e4

SHA1
ecad1de35ab29724b13d9c4f5182a91b45479c6b

SHA256
c5bf509c1e48c0608fa6651f8737c8a5751c2670bbde230efe073c8ddc97df5e

SHA512
aa9c74ad177dedc8ff4455600cfceeef2bf318c23483494ab4d7aa4260c72e3166ab7efc77ebe3c897dc144532d85ed4301a715b943b6c50a86fc278fb040c07

Download Submit
C:\Windows\System32\ZinkWKj.exe

Filesize
2.6MB

MD5
c5bec3f875e55f9ae42e3c44ea6be94e

SHA1
6593869d6326f3a00ce13b38ce8db4c78eee7bf2

SHA256
8c1660551cf8e5ff15f87a8b21f231c7fff0ce02d1e2db53b528fad674450737

SHA512
e264df356a45a5619f5bccefa70ae9d8d6445e774e9ea978ad4f9bbb09468591d8658bb8fec1c5194e78243a252bc0ce3f9702dc50a76c01e317e6889f37f50c

Download Submit
C:\Windows\System32\hBsShzJ.exe

Filesize
2.6MB

MD5
717c298d1925782bf69026b328e8be2e

SHA1
3bb4bf7ecb0c340c3c0fe0588457d135e1bac1fc

SHA256
e7373a9282d3331b8f6ab0b9cd0f055dc84f86c15401aff3d3feae5f1082c79e

SHA512
d8c3477510ed3755cc9951ef5477d0605c39c4a81d830a4d2ca8e9323a2af0f3985ea65862974e846bb407e3120dcfc7a1214c60945312c2c8949966bde9349c

Download Submit
C:\Windows\System32\hKKojps.exe

Filesize
2.6MB

MD5
46f298c13be737b1bd0bcd6631c9ba95

SHA1
a8be7d4e18d9efe0946d1a1dff971b10263dbfaf

SHA256
f1582175d830ededb5b3dc891aa1bc6f28d67d1f190d0457dd43e4b0335875b0

SHA512
c9e4d92eb2518747b4ea3479c20119a293808a9c286b80cb487937fd7743f42356f33cecad067ebea5cd8cee88fcf028703f724d8f9a2d1cd7e5d9dc0de02c49

Download Submit
C:\Windows\System32\hKRUDmn.exe

Filesize
2.6MB

MD5
85c360d4cf48b9167ab4ff7dfe5fb51c

SHA1
d97edbaa036fd8d4abb55de6d3328048f7af91fe

SHA256
1af496c17eb78388dc1d4c0a9d4b53ee8020d7e2dd9d3bb09c5d5b815b7e8352

SHA512
a5033faa56a52fb7bf8f86678c848b904040b25565d59c95279720a7addcc357adc3e8bae12a815dbbcf769a467bae4b19bec62d1878e3f5151f988fe1f4ccc4

Download Submit
C:\Windows\System32\jquTYPz.exe

Filesize
2.6MB

MD5
2a6aaed8340a5111dd910a302a394d58

SHA1
d8a018bda63494fc76c0b511eae2031fa50278ee

SHA256
d1868baad1bcee12e0b62fda18a18b381409ef480100353228860d877e7756d4

SHA512
47e9c9313b2a405998ab1e6e8583efacd061752d340af71d06120ca2ead1fad696743b747924eefe3a1081c70371a918378a5c0f190d991969a740b5fd0d48de

Download Submit
C:\Windows\System32\nhWqfGd.exe

Filesize
2.6MB

MD5
6457a4ce7043708a4538e27738a966b8

SHA1
d8fcc48be36098b2927a331def83eec480088612

SHA256
2dd766b4bd65b77b64645c521f74d07d041e84c95e28c144576bbf49624f9dde

SHA512
bd529529c806926c1cf41980ab14ae830ce19b9f31ef848a61bbf5d2eb7367ec1008e4b8fabd1ffdc2f26916552591e0368ec55dda78278c9430e1fe6e79ba81

Download Submit
C:\Windows\System32\pSNBhrn.exe

Filesize
2.6MB

MD5
37b5104f93778e26e3eb3679d2766841

SHA1
823f371276c340ebbcb813cd3c725d45286d3aa1

SHA256
5fe5269d1b18d90e3ce1863d859e2c1adb2f0f65bf04bb678edfecaeb48d9f84

SHA512
604ebd72158e740112361531487a10bd412e7a2dcbda3f59a5bf7fa7d228bdf26e236d6359e8f90a65d6c98c48f62d2c72b403e3760129f024a7bceb42884be7

Download Submit
C:\Windows\System32\pWFRBCc.exe

Filesize
2.6MB

MD5
026c54799d42fb69b321596bcc6a59ea

SHA1
02c8d563c7f5e86cb5cf94bd9d573bba85195a04

SHA256
249e9e536ddf678ae0384c63269023555fad62cfbdbcce63ec27c35181e5246c

SHA512
5193a97a03165c4082062427e29bd33bf292e186e9ffb5c53bae4f129a1de3cb57f5605859bc4c3d90c5dd4f02615119a80fd2650feeb08bf331e6944f26ba65

Download Submit
C:\Windows\System32\qdMKKsG.exe

Filesize
2.6MB

MD5
2243e9f5456c933d44ea04eb2320f0ea

SHA1
3a3e775b59aa964dc48c96773affaeee71649f30

SHA256
6f159209e69797880372c8af884ff6351a83425d615119854fb3519644e2de28

SHA512
60f419c490046c11a98095c3e6e334a24775a7810e3c9020c5846939c70e4a2ab68ed8bf111bd098c80af0b66fa9b03ff1a6b36627af45edd27fe70a9a996e93

Download Submit
C:\Windows\System32\sgeIYdN.exe

Filesize
2.6MB

MD5
002c6d2a383057a1b8b3c9f9279e745b

SHA1
0f4d3ac1fb0810e7750867483deb879baf8c21b8

SHA256
77af352ee5c269988a8f96aad125b67496cf93cc25b123b7d8a7f5f4a49ca8bf

SHA512
c76cd230ca5d3697b92f6b797ae3da3e0862bfcbd323024112d7c71e465103282a76db2a426cbbdf5e8f64c10e366139d821feb463b1528238f468a123ce4cbd

Download Submit
C:\Windows\System32\sihggZd.exe

Filesize
2.6MB

MD5
a2200881aadd2bfb52e3f03d9eb584a8

SHA1
79ee9733e2c7493bbd4e2db380f96dbe31a1e22e

SHA256
38bbd2a408ca081e7739cf3aea95c000ee697ffd95394108721cd6e9f30c4a0f

SHA512
4ebf168c61d61b21523bf11b8d3bcd2101cc6c03f4ccb09d1826348e48fbae349d5c7b7f60e6576804a1821f9c77ef294c7a4fb21db302e1816fe749e6f1841b

Download Submit
C:\Windows\System32\vtjDidG.exe

Filesize
2.6MB

MD5
673d2175798dcdb494504d6c59303c1f

SHA1
2a9294fbdc643f0f6b2d33cb0fcb32ba1ad8e6a9

SHA256
faa4b89b8caf63be85b095dc55ce17dd3f5e867ab75d4e919b14a62cc33e9799

SHA512
769fc6f62bd9ad300ed4a5c12cf24bee157937f1065e715a121caa0e6295a9e0cf02d112dfc16421346efc717a1969cc7985da674a53abf4b2dd7fc54ca07aab

Download Submit
C:\Windows\System32\xmVNVpk.exe

Filesize
2.6MB

MD5
7d1f1c129a73e7d4a370e63309a4db31

SHA1
30fcbc849a41eef13ee79b9540d259211f429bba

SHA256
3485cb821fcda258f440d992ec345deb290d6bba92c01d8530a87fa1e31e1be8

SHA512
699a025ec00efeb3048dec40f517b9aaa6d898244c484805b8997a3c4011e1069ff9b74f2fb8fcbb19f476e65950430062b38aa15a26b628035871896f919468

Download Submit
memory/2072-2072-0x00007FF783D50000-0x00007FF784145000-memory.dmp

Filesize
4.0MB

Download
memory/2072-115-0x00007FF783D50000-0x00007FF784145000-memory.dmp

Filesize
4.0MB

Download
memory/2072-47-0x00007FF783D50000-0x00007FF784145000-memory.dmp

Filesize
4.0MB

Download
memory/2112-101-0x00007FF6A5820000-0x00007FF6A5C15000-memory.dmp

Filesize
4.0MB

Download
memory/2112-2068-0x00007FF6A5820000-0x00007FF6A5C15000-memory.dmp

Filesize
4.0MB

Download
memory/2112-33-0x00007FF6A5820000-0x00007FF6A5C15000-memory.dmp

Filesize
4.0MB

Download
memory/2132-2085-0x00007FF6F3080000-0x00007FF6F3475000-memory.dmp

Filesize
4.0MB

Download
memory/2132-139-0x00007FF6F3080000-0x00007FF6F3475000-memory.dmp

Filesize
4.0MB

Download
memory/2356-2074-0x00007FF651460000-0x00007FF651855000-memory.dmp

Filesize
4.0MB

Download
memory/2356-145-0x00007FF651460000-0x00007FF651855000-memory.dmp

Filesize
4.0MB

Download
memory/2356-76-0x00007FF651460000-0x00007FF651855000-memory.dmp

Filesize
4.0MB

Download
memory/2376-53-0x00007FF61FBD0000-0x00007FF61FFC5000-memory.dmp

Filesize
4.0MB

Download
memory/2376-122-0x00007FF61FBD0000-0x00007FF61FFC5000-memory.dmp

Filesize
4.0MB

Download
memory/2376-2073-0x00007FF61FBD0000-0x00007FF61FFC5000-memory.dmp

Filesize
4.0MB

Download
memory/2876-28-0x00007FF70ED10000-0x00007FF70F105000-memory.dmp

Filesize
4.0MB

Download
memory/2876-90-0x00007FF70ED10000-0x00007FF70F105000-memory.dmp

Filesize
4.0MB

Download
memory/2876-2069-0x00007FF70ED10000-0x00007FF70F105000-memory.dmp

Filesize
4.0MB

Download
memory/3288-125-0x00007FF638650000-0x00007FF638A45000-memory.dmp

Filesize
4.0MB

Download
memory/3288-2083-0x00007FF638650000-0x00007FF638A45000-memory.dmp

Filesize
4.0MB

Download
memory/3288-1786-0x00007FF638650000-0x00007FF638A45000-memory.dmp

Filesize
4.0MB

Download
memory/3536-2071-0x00007FF622B80000-0x00007FF622F75000-memory.dmp

Filesize
4.0MB

Download
memory/3536-89-0x00007FF622B80000-0x00007FF622F75000-memory.dmp

Filesize
4.0MB

Download
memory/3536-23-0x00007FF622B80000-0x00007FF622F75000-memory.dmp

Filesize
4.0MB

Download
memory/4124-2065-0x00007FF797490000-0x00007FF797885000-memory.dmp

Filesize
4.0MB

Download
memory/4124-10-0x00007FF797490000-0x00007FF797885000-memory.dmp

Filesize
4.0MB

Download
memory/4124-61-0x00007FF797490000-0x00007FF797885000-memory.dmp

Filesize
4.0MB

Download
memory/4336-15-0x00007FF7E1450000-0x00007FF7E1845000-memory.dmp

Filesize
4.0MB

Download
memory/4336-66-0x00007FF7E1450000-0x00007FF7E1845000-memory.dmp

Filesize
4.0MB

Download
memory/4336-2066-0x00007FF7E1450000-0x00007FF7E1845000-memory.dmp

Filesize
4.0MB

Download
memory/4568-150-0x00007FF6648F0000-0x00007FF664CE5000-memory.dmp

Filesize
4.0MB

Download
memory/4568-81-0x00007FF6648F0000-0x00007FF664CE5000-memory.dmp

Filesize
4.0MB

Download
memory/4568-2076-0x00007FF6648F0000-0x00007FF664CE5000-memory.dmp

Filesize
4.0MB

Download
memory/4644-157-0x00007FF697B70000-0x00007FF697F65000-memory.dmp

Filesize
4.0MB

Download
memory/4644-2077-0x00007FF697B70000-0x00007FF697F65000-memory.dmp

Filesize
4.0MB

Download
memory/4644-91-0x00007FF697B70000-0x00007FF697F65000-memory.dmp

Filesize
4.0MB

Download
memory/4692-1243-0x00007FF697720000-0x00007FF697B15000-memory.dmp

Filesize
4.0MB

Download
memory/4692-2079-0x00007FF697720000-0x00007FF697B15000-memory.dmp

Filesize
4.0MB

Download
memory/4692-95-0x00007FF697720000-0x00007FF697B15000-memory.dmp

Filesize
4.0MB

Download
memory/4776-2087-0x00007FF7065F0000-0x00007FF7069E5000-memory.dmp

Filesize
4.0MB

Download
memory/4776-153-0x00007FF7065F0000-0x00007FF7069E5000-memory.dmp

Filesize
4.0MB

Download
memory/4776-2062-0x00007FF7065F0000-0x00007FF7069E5000-memory.dmp

Filesize
4.0MB

Download
memory/4788-18-0x00007FF678F00000-0x00007FF6792F5000-memory.dmp

Filesize
4.0MB

Download
memory/4788-80-0x00007FF678F00000-0x00007FF6792F5000-memory.dmp

Filesize
4.0MB

Download
memory/4788-2067-0x00007FF678F00000-0x00007FF6792F5000-memory.dmp

Filesize
4.0MB

Download
memory/4840-2088-0x00007FF64E840000-0x00007FF64EC35000-memory.dmp

Filesize
4.0MB

Download
memory/4840-146-0x00007FF64E840000-0x00007FF64EC35000-memory.dmp

Filesize
4.0MB

Download
memory/4864-1362-0x00007FF620470000-0x00007FF620865000-memory.dmp

Filesize
4.0MB

Download
memory/4864-102-0x00007FF620470000-0x00007FF620865000-memory.dmp

Filesize
4.0MB

Download
memory/4864-2084-0x00007FF620470000-0x00007FF620865000-memory.dmp

Filesize
4.0MB

Download
memory/4972-160-0x00007FF7CEF10000-0x00007FF7CF305000-memory.dmp

Filesize
4.0MB

Download
memory/4972-2063-0x00007FF7CEF10000-0x00007FF7CF305000-memory.dmp

Filesize
4.0MB

Download
memory/4972-2086-0x00007FF7CEF10000-0x00007FF7CF305000-memory.dmp

Filesize
4.0MB

Download
memory/5220-2075-0x00007FF61CFD0000-0x00007FF61D3C5000-memory.dmp

Filesize
4.0MB

Download
memory/5220-136-0x00007FF61CFD0000-0x00007FF61D3C5000-memory.dmp

Filesize
4.0MB

Download
memory/5220-70-0x00007FF61CFD0000-0x00007FF61D3C5000-memory.dmp

Filesize
4.0MB

Download
memory/5680-118-0x00007FF7BEC20000-0x00007FF7BF015000-memory.dmp

Filesize
4.0MB

Download
memory/5680-2082-0x00007FF7BEC20000-0x00007FF7BF015000-memory.dmp

Filesize
4.0MB

Download
memory/5680-1650-0x00007FF7BEC20000-0x00007FF7BF015000-memory.dmp

Filesize
4.0MB

Download
memory/5756-1509-0x00007FF622430000-0x00007FF622825000-memory.dmp

Filesize
4.0MB

Download
memory/5756-109-0x00007FF622430000-0x00007FF622825000-memory.dmp

Filesize
4.0MB

Download
memory/5756-2080-0x00007FF622430000-0x00007FF622825000-memory.dmp

Filesize
4.0MB

Download
memory/5768-63-0x00007FF741D00000-0x00007FF7420F5000-memory.dmp

Filesize
4.0MB

Download
memory/5768-2078-0x00007FF741D00000-0x00007FF7420F5000-memory.dmp

Filesize
4.0MB

Download
memory/5768-129-0x00007FF741D00000-0x00007FF7420F5000-memory.dmp

Filesize
4.0MB

Download
memory/5780-2081-0x00007FF7A8700000-0x00007FF7A8AF5000-memory.dmp

Filesize
4.0MB

Download
memory/5780-1884-0x00007FF7A8700000-0x00007FF7A8AF5000-memory.dmp

Filesize
4.0MB

Download
memory/5780-132-0x00007FF7A8700000-0x00007FF7A8AF5000-memory.dmp

Filesize
4.0MB

Download
memory/5800-108-0x00007FF76D280000-0x00007FF76D675000-memory.dmp

Filesize
4.0MB

Download
memory/5800-42-0x00007FF76D280000-0x00007FF76D675000-memory.dmp

Filesize
4.0MB

Download
memory/5800-2070-0x00007FF76D280000-0x00007FF76D675000-memory.dmp

Filesize
4.0MB

Download
memory/5876-0-0x00007FF619DC0000-0x00007FF61A1B5000-memory.dmp

Filesize
4.0MB

Download
memory/5876-2064-0x00007FF619DC0000-0x00007FF61A1B5000-memory.dmp

Filesize
4.0MB

Download
memory/5876-1-0x000001D70BAB0000-0x000001D70BAC0000-memory.dmp

Filesize
64KB

Download
memory/5876-60-0x00007FF619DC0000-0x00007FF61A1B5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads