xmrig | d4a68fa817130a25b2697dd28e72a999ed3edf8fa02a9e4bd6a8a7ab447728e9

Analysis

max time kernel
98s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
Size

2.6MB
MD5

d171b503d62b72f7927cd024b7e958bd
SHA1

60f9a0fdb6ddef36b844382d7443a46f4c0e486e
SHA256

d4a68fa817130a25b2697dd28e72a999ed3edf8fa02a9e4bd6a8a7ab447728e9
SHA512

c380a65542ad530ebfc423061c17be8dd74c702618c9fa00b9dafda410e64f9734f92f6e568b2b7e0a35892e7ec792f0d7adfc3b5f9f077f25881e7cbbb628c7
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8DzzxTMS5sZGLeD:w0GnJMOWPClFdx6e0EALKWVTffZiPAcM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/784-0-0x00007FF74BEE0000-0x00007FF74C2D5000-memory.dmp	xmrig
behavioral1/files/0x00080000000240c7-6.dat	xmrig
behavioral1/files/0x00070000000240c9-9.dat	xmrig
behavioral1/files/0x00070000000240c8-11.dat	xmrig
behavioral1/files/0x00070000000240ca-20.dat	xmrig
behavioral1/memory/4140-21-0x00007FF700DF0000-0x00007FF7011E5000-memory.dmp	xmrig
behavioral1/files/0x00070000000240cd-35.dat	xmrig
behavioral1/files/0x00070000000240cc-34.dat	xmrig
behavioral1/memory/2436-36-0x00007FF616F40000-0x00007FF617335000-memory.dmp	xmrig
behavioral1/files/0x00070000000240cf-45.dat	xmrig
behavioral1/memory/4660-47-0x00007FF77AC60000-0x00007FF77B055000-memory.dmp	xmrig
behavioral1/files/0x00070000000240d3-73.dat	xmrig
behavioral1/files/0x00070000000240d6-85.dat	xmrig
behavioral1/files/0x00070000000240d8-98.dat	xmrig
behavioral1/files/0x00070000000240db-113.dat	xmrig
behavioral1/files/0x00070000000240e2-148.dat	xmrig
behavioral1/memory/4884-766-0x00007FF6EA310000-0x00007FF6EA705000-memory.dmp	xmrig
behavioral1/memory/516-767-0x00007FF725B90000-0x00007FF725F85000-memory.dmp	xmrig
behavioral1/memory/4244-768-0x00007FF633FC0000-0x00007FF6343B5000-memory.dmp	xmrig
behavioral1/memory/4184-769-0x00007FF7D2090000-0x00007FF7D2485000-memory.dmp	xmrig
behavioral1/memory/5004-765-0x00007FF73E030000-0x00007FF73E425000-memory.dmp	xmrig
behavioral1/memory/2636-771-0x00007FF689760000-0x00007FF689B55000-memory.dmp	xmrig
behavioral1/memory/1688-770-0x00007FF69F630000-0x00007FF69FA25000-memory.dmp	xmrig
behavioral1/memory/2900-772-0x00007FF79CD60000-0x00007FF79D155000-memory.dmp	xmrig
behavioral1/memory/4396-774-0x00007FF6FE6C0000-0x00007FF6FEAB5000-memory.dmp	xmrig
behavioral1/memory/5056-773-0x00007FF635B60000-0x00007FF635F55000-memory.dmp	xmrig
behavioral1/memory/4720-775-0x00007FF6F43C0000-0x00007FF6F47B5000-memory.dmp	xmrig
behavioral1/memory/4540-776-0x00007FF726DC0000-0x00007FF7271B5000-memory.dmp	xmrig
behavioral1/memory/3676-778-0x00007FF615000000-0x00007FF6153F5000-memory.dmp	xmrig
behavioral1/memory/1532-777-0x00007FF6541E0000-0x00007FF6545D5000-memory.dmp	xmrig
behavioral1/memory/2348-781-0x00007FF7AE450000-0x00007FF7AE845000-memory.dmp	xmrig
behavioral1/memory/3036-789-0x00007FF6E3D90000-0x00007FF6E4185000-memory.dmp	xmrig
behavioral1/memory/184-784-0x00007FF6E1E90000-0x00007FF6E2285000-memory.dmp	xmrig
behavioral1/memory/784-1051-0x00007FF74BEE0000-0x00007FF74C2D5000-memory.dmp	xmrig
behavioral1/memory/4632-1193-0x00007FF7577E0000-0x00007FF757BD5000-memory.dmp	xmrig
behavioral1/memory/5028-1320-0x00007FF668EE0000-0x00007FF6692D5000-memory.dmp	xmrig
behavioral1/memory/3948-1447-0x00007FF666010000-0x00007FF666405000-memory.dmp	xmrig
behavioral1/memory/4140-1444-0x00007FF700DF0000-0x00007FF7011E5000-memory.dmp	xmrig
behavioral1/memory/1180-1564-0x00007FF73BCB0000-0x00007FF73C0A5000-memory.dmp	xmrig
behavioral1/memory/2436-1561-0x00007FF616F40000-0x00007FF617335000-memory.dmp	xmrig
behavioral1/memory/5004-1687-0x00007FF73E030000-0x00007FF73E425000-memory.dmp	xmrig
behavioral1/memory/4660-1683-0x00007FF77AC60000-0x00007FF77B055000-memory.dmp	xmrig
behavioral1/files/0x00070000000240e6-168.dat	xmrig
behavioral1/files/0x00070000000240e5-163.dat	xmrig
behavioral1/files/0x00070000000240e4-158.dat	xmrig
behavioral1/files/0x00070000000240e3-153.dat	xmrig
behavioral1/files/0x00070000000240e1-143.dat	xmrig
behavioral1/files/0x00070000000240e0-138.dat	xmrig
behavioral1/files/0x00070000000240df-133.dat	xmrig
behavioral1/files/0x00070000000240de-128.dat	xmrig
behavioral1/files/0x00070000000240dd-123.dat	xmrig
behavioral1/files/0x00070000000240dc-118.dat	xmrig
behavioral1/files/0x00070000000240da-108.dat	xmrig
behavioral1/files/0x00070000000240d9-103.dat	xmrig
behavioral1/files/0x00070000000240d7-93.dat	xmrig
behavioral1/files/0x00070000000240d5-83.dat	xmrig
behavioral1/files/0x00070000000240d4-78.dat	xmrig
behavioral1/files/0x00070000000240d2-68.dat	xmrig
behavioral1/files/0x00070000000240d1-63.dat	xmrig
behavioral1/files/0x00070000000240d0-58.dat	xmrig
behavioral1/files/0x00070000000240ce-53.dat	xmrig
behavioral1/memory/1180-44-0x00007FF73BCB0000-0x00007FF73C0A5000-memory.dmp	xmrig
behavioral1/files/0x00070000000240cb-39.dat	xmrig
behavioral1/memory/3948-27-0x00007FF666010000-0x00007FF666405000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4632	iPGORDr.exe
5028	WqLDlwE.exe
4140	ZFSrkil.exe
3948	ZNXrZqj.exe
2436	uEyCWqw.exe
1180	JGFFQGk.exe
4660	HvTNEoC.exe
5004	NBuXZqx.exe
184	XjZUFqz.exe
3036	IVXUoak.exe
4884	fEGxiYl.exe
516	BhvnIoY.exe
4244	fMhFCwa.exe
4184	knQzRoI.exe
1688	ulfihnQ.exe
2636	tQbFlNy.exe
2900	ZbyAhhg.exe
5056	gjJQjnA.exe
4396	WTZWHbN.exe
4720	OIjepSL.exe
4540	IBNmlVg.exe
1532	mFtkrjG.exe
3676	kTLLAee.exe
2348	kJzopyi.exe
2956	QlRWCPk.exe
4956	rLJHHHU.exe
5116	srjaHLX.exe
60	IHAwbMP.exe
4048	LOWwmJv.exe
876	dKgLTxG.exe
4764	hQMENHJ.exe
4472	MVkwHLV.exe
5100	BvIcuop.exe
4880	bjfZwYi.exe
4896	fxxEFJi.exe
4536	uiceQxQ.exe
1240	bGGncqc.exe
3044	qQGZSwH.exe
1296	ZbcGEfB.exe
3324	cXrVExE.exe
4656	qwUpcui.exe
2252	kAETRIM.exe
1520	XLbOVZC.exe
5096	WgrHUKn.exe
1208	ygAqWJn.exe
3664	HBkWnlZ.exe
4792	mwspBfO.exe
3172	zboMvUG.exe
2808	MZKenYj.exe
964	iATYzbJ.exe
2724	WptyTXG.exe
2288	EkrXpbB.exe
4072	XUcROol.exe
3476	kFpVqDa.exe
2136	VBAOfbU.exe
4612	YZRrJNk.exe
1824	nHXbGSE.exe
2488	ASjEyYb.exe
4776	qdNYQnH.exe
3320	amAEdiL.exe
216	PfaKyGG.exe
4872	PTFSoLS.exe
4040	KtDkWIj.exe
4180	MozlfOs.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\EMjZMqF.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\OKNoVaz.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\lDoyLBB.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\krjcasL.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\vwjBVST.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\EMvXzVg.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\GweRFSU.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\AKASHlP.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\aHadiyi.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\jjSWkJR.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\woINmiw.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\mNkESQF.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\IKmqkVk.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\EkrXpbB.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\VBAOfbU.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\wzSFhBl.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\dOAuJep.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\yBKDCtY.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\ffYpPRF.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\MsNQbis.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\MeJhwBI.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\mFtkrjG.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\qXPcTDA.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\wOjmlAE.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\NednyBV.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\OGwtysb.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\zWJPqKn.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\tyGFWEu.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\zIQvFCA.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\fxxEFJi.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\ygAqWJn.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\xPKzMYT.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\nBmdLnt.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\MGwiZKy.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\Spwmaxb.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\AHYQBgl.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\fuWWFYW.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\udePeXB.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\cEjdBbE.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\zDJszUa.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\pwMseZH.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\vKTvpME.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\MVkwHLV.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\WSmgmub.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\lzaFDyt.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\JGFFQGk.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\zmgFsmu.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\JvrIlON.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\erYyQLe.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\QFFEJni.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\tFJlBFK.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\usFulYE.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\TadiUNX.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\tXYQmjl.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\sKptKPh.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\XLUTPaN.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\QNeXXxb.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\GdDUCBa.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\PjFXhnC.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\QJkWkPS.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\ZLvgqfk.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\sJvdYbJ.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\LpxQFdP.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\xxXlsqf.exe	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/784-0-0x00007FF74BEE0000-0x00007FF74C2D5000-memory.dmp	upx
behavioral1/files/0x00080000000240c7-6.dat	upx
behavioral1/files/0x00070000000240c9-9.dat	upx
behavioral1/files/0x00070000000240c8-11.dat	upx
behavioral1/files/0x00070000000240ca-20.dat	upx
behavioral1/memory/4140-21-0x00007FF700DF0000-0x00007FF7011E5000-memory.dmp	upx
behavioral1/files/0x00070000000240cd-35.dat	upx
behavioral1/files/0x00070000000240cc-34.dat	upx
behavioral1/memory/2436-36-0x00007FF616F40000-0x00007FF617335000-memory.dmp	upx
behavioral1/files/0x00070000000240cf-45.dat	upx
behavioral1/memory/4660-47-0x00007FF77AC60000-0x00007FF77B055000-memory.dmp	upx
behavioral1/files/0x00070000000240d3-73.dat	upx
behavioral1/files/0x00070000000240d6-85.dat	upx
behavioral1/files/0x00070000000240d8-98.dat	upx
behavioral1/files/0x00070000000240db-113.dat	upx
behavioral1/files/0x00070000000240e2-148.dat	upx
behavioral1/memory/4884-766-0x00007FF6EA310000-0x00007FF6EA705000-memory.dmp	upx
behavioral1/memory/516-767-0x00007FF725B90000-0x00007FF725F85000-memory.dmp	upx
behavioral1/memory/4244-768-0x00007FF633FC0000-0x00007FF6343B5000-memory.dmp	upx
behavioral1/memory/4184-769-0x00007FF7D2090000-0x00007FF7D2485000-memory.dmp	upx
behavioral1/memory/5004-765-0x00007FF73E030000-0x00007FF73E425000-memory.dmp	upx
behavioral1/memory/2636-771-0x00007FF689760000-0x00007FF689B55000-memory.dmp	upx
behavioral1/memory/1688-770-0x00007FF69F630000-0x00007FF69FA25000-memory.dmp	upx
behavioral1/memory/2900-772-0x00007FF79CD60000-0x00007FF79D155000-memory.dmp	upx
behavioral1/memory/4396-774-0x00007FF6FE6C0000-0x00007FF6FEAB5000-memory.dmp	upx
behavioral1/memory/5056-773-0x00007FF635B60000-0x00007FF635F55000-memory.dmp	upx
behavioral1/memory/4720-775-0x00007FF6F43C0000-0x00007FF6F47B5000-memory.dmp	upx
behavioral1/memory/4540-776-0x00007FF726DC0000-0x00007FF7271B5000-memory.dmp	upx
behavioral1/memory/3676-778-0x00007FF615000000-0x00007FF6153F5000-memory.dmp	upx
behavioral1/memory/1532-777-0x00007FF6541E0000-0x00007FF6545D5000-memory.dmp	upx
behavioral1/memory/2348-781-0x00007FF7AE450000-0x00007FF7AE845000-memory.dmp	upx
behavioral1/memory/3036-789-0x00007FF6E3D90000-0x00007FF6E4185000-memory.dmp	upx
behavioral1/memory/184-784-0x00007FF6E1E90000-0x00007FF6E2285000-memory.dmp	upx
behavioral1/memory/784-1051-0x00007FF74BEE0000-0x00007FF74C2D5000-memory.dmp	upx
behavioral1/memory/4632-1193-0x00007FF7577E0000-0x00007FF757BD5000-memory.dmp	upx
behavioral1/memory/5028-1320-0x00007FF668EE0000-0x00007FF6692D5000-memory.dmp	upx
behavioral1/memory/3948-1447-0x00007FF666010000-0x00007FF666405000-memory.dmp	upx
behavioral1/memory/4140-1444-0x00007FF700DF0000-0x00007FF7011E5000-memory.dmp	upx
behavioral1/memory/1180-1564-0x00007FF73BCB0000-0x00007FF73C0A5000-memory.dmp	upx
behavioral1/memory/2436-1561-0x00007FF616F40000-0x00007FF617335000-memory.dmp	upx
behavioral1/memory/5004-1687-0x00007FF73E030000-0x00007FF73E425000-memory.dmp	upx
behavioral1/memory/4660-1683-0x00007FF77AC60000-0x00007FF77B055000-memory.dmp	upx
behavioral1/files/0x00070000000240e6-168.dat	upx
behavioral1/files/0x00070000000240e5-163.dat	upx
behavioral1/files/0x00070000000240e4-158.dat	upx
behavioral1/files/0x00070000000240e3-153.dat	upx
behavioral1/files/0x00070000000240e1-143.dat	upx
behavioral1/files/0x00070000000240e0-138.dat	upx
behavioral1/files/0x00070000000240df-133.dat	upx
behavioral1/files/0x00070000000240de-128.dat	upx
behavioral1/files/0x00070000000240dd-123.dat	upx
behavioral1/files/0x00070000000240dc-118.dat	upx
behavioral1/files/0x00070000000240da-108.dat	upx
behavioral1/files/0x00070000000240d9-103.dat	upx
behavioral1/files/0x00070000000240d7-93.dat	upx
behavioral1/files/0x00070000000240d5-83.dat	upx
behavioral1/files/0x00070000000240d4-78.dat	upx
behavioral1/files/0x00070000000240d2-68.dat	upx
behavioral1/files/0x00070000000240d1-63.dat	upx
behavioral1/files/0x00070000000240d0-58.dat	upx
behavioral1/files/0x00070000000240ce-53.dat	upx
behavioral1/memory/1180-44-0x00007FF73BCB0000-0x00007FF73C0A5000-memory.dmp	upx
behavioral1/files/0x00070000000240cb-39.dat	upx
behavioral1/memory/3948-27-0x00007FF666010000-0x00007FF666405000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13504	dwm.exe
Token: SeChangeNotifyPrivilege	13504	dwm.exe
Token: 33	13504	dwm.exe
Token: SeIncBasePriorityPrivilege	13504	dwm.exe
Token: SeShutdownPrivilege	13504	dwm.exe
Token: SeCreatePagefilePrivilege	13504	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 4632	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	88
PID 784 wrote to memory of 4632	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	88
PID 784 wrote to memory of 5028	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	89
PID 784 wrote to memory of 5028	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	89
PID 784 wrote to memory of 4140	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	90
PID 784 wrote to memory of 4140	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	90
PID 784 wrote to memory of 3948	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	91
PID 784 wrote to memory of 3948	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	91
PID 784 wrote to memory of 2436	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	92
PID 784 wrote to memory of 2436	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	92
PID 784 wrote to memory of 1180	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	93
PID 784 wrote to memory of 1180	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	93
PID 784 wrote to memory of 4660	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	94
PID 784 wrote to memory of 4660	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	94
PID 784 wrote to memory of 5004	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	95
PID 784 wrote to memory of 5004	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	95
PID 784 wrote to memory of 184	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	96
PID 784 wrote to memory of 184	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	96
PID 784 wrote to memory of 3036	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	97
PID 784 wrote to memory of 3036	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	97
PID 784 wrote to memory of 4884	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	98
PID 784 wrote to memory of 4884	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	98
PID 784 wrote to memory of 516	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	99
PID 784 wrote to memory of 516	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	99
PID 784 wrote to memory of 4244	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	100
PID 784 wrote to memory of 4244	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	100
PID 784 wrote to memory of 4184	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	101
PID 784 wrote to memory of 4184	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	101
PID 784 wrote to memory of 1688	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	102
PID 784 wrote to memory of 1688	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	102
PID 784 wrote to memory of 2636	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	103
PID 784 wrote to memory of 2636	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	103
PID 784 wrote to memory of 2900	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	104
PID 784 wrote to memory of 2900	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	104
PID 784 wrote to memory of 5056	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	105
PID 784 wrote to memory of 5056	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	105
PID 784 wrote to memory of 4396	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	106
PID 784 wrote to memory of 4396	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	106
PID 784 wrote to memory of 4720	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	107
PID 784 wrote to memory of 4720	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	107
PID 784 wrote to memory of 4540	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	108
PID 784 wrote to memory of 4540	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	108
PID 784 wrote to memory of 1532	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	109
PID 784 wrote to memory of 1532	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	109
PID 784 wrote to memory of 3676	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	110
PID 784 wrote to memory of 3676	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	110
PID 784 wrote to memory of 2348	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	111
PID 784 wrote to memory of 2348	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	111
PID 784 wrote to memory of 2956	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	112
PID 784 wrote to memory of 2956	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	112
PID 784 wrote to memory of 4956	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	113
PID 784 wrote to memory of 4956	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	113
PID 784 wrote to memory of 5116	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	114
PID 784 wrote to memory of 5116	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	114
PID 784 wrote to memory of 60	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	115
PID 784 wrote to memory of 60	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	115
PID 784 wrote to memory of 4048	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	116
PID 784 wrote to memory of 4048	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	116
PID 784 wrote to memory of 876	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	117
PID 784 wrote to memory of 876	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	117
PID 784 wrote to memory of 4764	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	118
PID 784 wrote to memory of 4764	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	118
PID 784 wrote to memory of 4472	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	119
PID 784 wrote to memory of 4472	784	2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe	119

C:\Users\Admin\AppData\Local\Temp\2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_d171b503d62b72f7927cd024b7e958bd_black-basta_imuler_xmrig.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:784
- C:\Windows\System32\iPGORDr.exe
  C:\Windows\System32\iPGORDr.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System32\WqLDlwE.exe
  C:\Windows\System32\WqLDlwE.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\ZFSrkil.exe
  C:\Windows\System32\ZFSrkil.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System32\ZNXrZqj.exe
  C:\Windows\System32\ZNXrZqj.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System32\uEyCWqw.exe
  C:\Windows\System32\uEyCWqw.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System32\JGFFQGk.exe
  C:\Windows\System32\JGFFQGk.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System32\HvTNEoC.exe
  C:\Windows\System32\HvTNEoC.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System32\NBuXZqx.exe
  C:\Windows\System32\NBuXZqx.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System32\XjZUFqz.exe
  C:\Windows\System32\XjZUFqz.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System32\IVXUoak.exe
  C:\Windows\System32\IVXUoak.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System32\fEGxiYl.exe
  C:\Windows\System32\fEGxiYl.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System32\BhvnIoY.exe
  C:\Windows\System32\BhvnIoY.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System32\fMhFCwa.exe
  C:\Windows\System32\fMhFCwa.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System32\knQzRoI.exe
  C:\Windows\System32\knQzRoI.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System32\ulfihnQ.exe
  C:\Windows\System32\ulfihnQ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System32\tQbFlNy.exe
  C:\Windows\System32\tQbFlNy.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System32\ZbyAhhg.exe
  C:\Windows\System32\ZbyAhhg.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System32\gjJQjnA.exe
  C:\Windows\System32\gjJQjnA.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System32\WTZWHbN.exe
  C:\Windows\System32\WTZWHbN.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System32\OIjepSL.exe
  C:\Windows\System32\OIjepSL.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System32\IBNmlVg.exe
  C:\Windows\System32\IBNmlVg.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System32\mFtkrjG.exe
  C:\Windows\System32\mFtkrjG.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System32\kTLLAee.exe
  C:\Windows\System32\kTLLAee.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System32\kJzopyi.exe
  C:\Windows\System32\kJzopyi.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System32\QlRWCPk.exe
  C:\Windows\System32\QlRWCPk.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System32\rLJHHHU.exe
  C:\Windows\System32\rLJHHHU.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System32\srjaHLX.exe
  C:\Windows\System32\srjaHLX.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System32\IHAwbMP.exe
  C:\Windows\System32\IHAwbMP.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System32\LOWwmJv.exe
  C:\Windows\System32\LOWwmJv.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System32\dKgLTxG.exe
  C:\Windows\System32\dKgLTxG.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System32\hQMENHJ.exe
  C:\Windows\System32\hQMENHJ.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System32\MVkwHLV.exe
  C:\Windows\System32\MVkwHLV.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System32\BvIcuop.exe
  C:\Windows\System32\BvIcuop.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System32\bjfZwYi.exe
  C:\Windows\System32\bjfZwYi.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System32\fxxEFJi.exe
  C:\Windows\System32\fxxEFJi.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System32\uiceQxQ.exe
  C:\Windows\System32\uiceQxQ.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System32\bGGncqc.exe
  C:\Windows\System32\bGGncqc.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System32\qQGZSwH.exe
  C:\Windows\System32\qQGZSwH.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System32\ZbcGEfB.exe
  C:\Windows\System32\ZbcGEfB.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System32\cXrVExE.exe
  C:\Windows\System32\cXrVExE.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System32\qwUpcui.exe
  C:\Windows\System32\qwUpcui.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System32\kAETRIM.exe
  C:\Windows\System32\kAETRIM.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System32\XLbOVZC.exe
  C:\Windows\System32\XLbOVZC.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System32\WgrHUKn.exe
  C:\Windows\System32\WgrHUKn.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System32\ygAqWJn.exe
  C:\Windows\System32\ygAqWJn.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System32\HBkWnlZ.exe
  C:\Windows\System32\HBkWnlZ.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System32\mwspBfO.exe
  C:\Windows\System32\mwspBfO.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System32\zboMvUG.exe
  C:\Windows\System32\zboMvUG.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System32\MZKenYj.exe
  C:\Windows\System32\MZKenYj.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System32\iATYzbJ.exe
  C:\Windows\System32\iATYzbJ.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System32\WptyTXG.exe
  C:\Windows\System32\WptyTXG.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System32\EkrXpbB.exe
  C:\Windows\System32\EkrXpbB.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System32\XUcROol.exe
  C:\Windows\System32\XUcROol.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System32\kFpVqDa.exe
  C:\Windows\System32\kFpVqDa.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System32\VBAOfbU.exe
  C:\Windows\System32\VBAOfbU.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System32\YZRrJNk.exe
  C:\Windows\System32\YZRrJNk.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System32\nHXbGSE.exe
  C:\Windows\System32\nHXbGSE.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System32\ASjEyYb.exe
  C:\Windows\System32\ASjEyYb.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System32\qdNYQnH.exe
  C:\Windows\System32\qdNYQnH.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System32\amAEdiL.exe
  C:\Windows\System32\amAEdiL.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System32\PfaKyGG.exe
  C:\Windows\System32\PfaKyGG.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System32\PTFSoLS.exe
  C:\Windows\System32\PTFSoLS.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\KtDkWIj.exe
  C:\Windows\System32\KtDkWIj.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System32\MozlfOs.exe
  C:\Windows\System32\MozlfOs.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System32\GdDUCBa.exe
  C:\Windows\System32\GdDUCBa.exe
  2⤵
  PID:2204
- C:\Windows\System32\QjWUeWn.exe
  C:\Windows\System32\QjWUeWn.exe
  2⤵
  PID:3136
- C:\Windows\System32\ksqmihW.exe
  C:\Windows\System32\ksqmihW.exe
  2⤵
  PID:4044
- C:\Windows\System32\SYjoOrL.exe
  C:\Windows\System32\SYjoOrL.exe
  2⤵
  PID:1528
- C:\Windows\System32\prblMSC.exe
  C:\Windows\System32\prblMSC.exe
  2⤵
  PID:2684
- C:\Windows\System32\KHhPMeY.exe
  C:\Windows\System32\KHhPMeY.exe
  2⤵
  PID:3516
- C:\Windows\System32\wzSFhBl.exe
  C:\Windows\System32\wzSFhBl.exe
  2⤵
  PID:4220
- C:\Windows\System32\ArBigog.exe
  C:\Windows\System32\ArBigog.exe
  2⤵
  PID:452
- C:\Windows\System32\zHKRXnl.exe
  C:\Windows\System32\zHKRXnl.exe
  2⤵
  PID:3760
- C:\Windows\System32\nMVyzCb.exe
  C:\Windows\System32\nMVyzCb.exe
  2⤵
  PID:3956
- C:\Windows\System32\FoxQWMl.exe
  C:\Windows\System32\FoxQWMl.exe
  2⤵
  PID:4408
- C:\Windows\System32\bKsiXmT.exe
  C:\Windows\System32\bKsiXmT.exe
  2⤵
  PID:4824
- C:\Windows\System32\QQBslIC.exe
  C:\Windows\System32\QQBslIC.exe
  2⤵
  PID:392
- C:\Windows\System32\pdjcEmS.exe
  C:\Windows\System32\pdjcEmS.exe
  2⤵
  PID:5012
- C:\Windows\System32\SaUINok.exe
  C:\Windows\System32\SaUINok.exe
  2⤵
  PID:4796
- C:\Windows\System32\dOAuJep.exe
  C:\Windows\System32\dOAuJep.exe
  2⤵
  PID:996
- C:\Windows\System32\QGNmhoX.exe
  C:\Windows\System32\QGNmhoX.exe
  2⤵
  PID:5152
- C:\Windows\System32\qYYoJMK.exe
  C:\Windows\System32\qYYoJMK.exe
  2⤵
  PID:5180
- C:\Windows\System32\DIZKPbs.exe
  C:\Windows\System32\DIZKPbs.exe
  2⤵
  PID:5204
- C:\Windows\System32\vnvkzFn.exe
  C:\Windows\System32\vnvkzFn.exe
  2⤵
  PID:5232
- C:\Windows\System32\enNOKKd.exe
  C:\Windows\System32\enNOKKd.exe
  2⤵
  PID:5264
- C:\Windows\System32\mzAKTgy.exe
  C:\Windows\System32\mzAKTgy.exe
  2⤵
  PID:5288
- C:\Windows\System32\mZlpGQt.exe
  C:\Windows\System32\mZlpGQt.exe
  2⤵
  PID:5316
- C:\Windows\System32\bjJVhDd.exe
  C:\Windows\System32\bjJVhDd.exe
  2⤵
  PID:5348
- C:\Windows\System32\cJppkka.exe
  C:\Windows\System32\cJppkka.exe
  2⤵
  PID:5372
- C:\Windows\System32\rHblnSw.exe
  C:\Windows\System32\rHblnSw.exe
  2⤵
  PID:5400
- C:\Windows\System32\vwjBVST.exe
  C:\Windows\System32\vwjBVST.exe
  2⤵
  PID:5428
- C:\Windows\System32\nPVFPri.exe
  C:\Windows\System32\nPVFPri.exe
  2⤵
  PID:5460
- C:\Windows\System32\EdidVgy.exe
  C:\Windows\System32\EdidVgy.exe
  2⤵
  PID:5484
- C:\Windows\System32\qXPcTDA.exe
  C:\Windows\System32\qXPcTDA.exe
  2⤵
  PID:5516
- C:\Windows\System32\YPfDVAL.exe
  C:\Windows\System32\YPfDVAL.exe
  2⤵
  PID:5540
- C:\Windows\System32\rufemGu.exe
  C:\Windows\System32\rufemGu.exe
  2⤵
  PID:5568
- C:\Windows\System32\BXYzUBp.exe
  C:\Windows\System32\BXYzUBp.exe
  2⤵
  PID:5596
- C:\Windows\System32\PuvhcqK.exe
  C:\Windows\System32\PuvhcqK.exe
  2⤵
  PID:5632
- C:\Windows\System32\cmwaWfF.exe
  C:\Windows\System32\cmwaWfF.exe
  2⤵
  PID:5656
- C:\Windows\System32\zPLIzsX.exe
  C:\Windows\System32\zPLIzsX.exe
  2⤵
  PID:5684
- C:\Windows\System32\iySLePu.exe
  C:\Windows\System32\iySLePu.exe
  2⤵
  PID:5712
- C:\Windows\System32\MqihkHP.exe
  C:\Windows\System32\MqihkHP.exe
  2⤵
  PID:5740
- C:\Windows\System32\pGEWtlS.exe
  C:\Windows\System32\pGEWtlS.exe
  2⤵
  PID:5768
- C:\Windows\System32\JoOWKHd.exe
  C:\Windows\System32\JoOWKHd.exe
  2⤵
  PID:5792
- C:\Windows\System32\UIHmxrq.exe
  C:\Windows\System32\UIHmxrq.exe
  2⤵
  PID:5820
- C:\Windows\System32\CTsDVBH.exe
  C:\Windows\System32\CTsDVBH.exe
  2⤵
  PID:5852
- C:\Windows\System32\xIADivN.exe
  C:\Windows\System32\xIADivN.exe
  2⤵
  PID:5880
- C:\Windows\System32\WNijjdc.exe
  C:\Windows\System32\WNijjdc.exe
  2⤵
  PID:5908
- C:\Windows\System32\kyFnrUE.exe
  C:\Windows\System32\kyFnrUE.exe
  2⤵
  PID:5936
- C:\Windows\System32\qTFOSjV.exe
  C:\Windows\System32\qTFOSjV.exe
  2⤵
  PID:5960
- C:\Windows\System32\TyodOCp.exe
  C:\Windows\System32\TyodOCp.exe
  2⤵
  PID:5988
- C:\Windows\System32\utEifLQ.exe
  C:\Windows\System32\utEifLQ.exe
  2⤵
  PID:6020
- C:\Windows\System32\gyNKBRi.exe
  C:\Windows\System32\gyNKBRi.exe
  2⤵
  PID:6044
- C:\Windows\System32\iwZHscp.exe
  C:\Windows\System32\iwZHscp.exe
  2⤵
  PID:6076
- C:\Windows\System32\RohJqim.exe
  C:\Windows\System32\RohJqim.exe
  2⤵
  PID:6112
- C:\Windows\System32\jBPTeMB.exe
  C:\Windows\System32\jBPTeMB.exe
  2⤵
  PID:6132
- C:\Windows\System32\Zqmijjd.exe
  C:\Windows\System32\Zqmijjd.exe
  2⤵
  PID:3000
- C:\Windows\System32\RlDJsmm.exe
  C:\Windows\System32\RlDJsmm.exe
  2⤵
  PID:232
- C:\Windows\System32\OfoAlKR.exe
  C:\Windows\System32\OfoAlKR.exe
  2⤵
  PID:4136
- C:\Windows\System32\xuQDYqA.exe
  C:\Windows\System32\xuQDYqA.exe
  2⤵
  PID:3140
- C:\Windows\System32\jmVCkgN.exe
  C:\Windows\System32\jmVCkgN.exe
  2⤵
  PID:2588
- C:\Windows\System32\IeHLbZr.exe
  C:\Windows\System32\IeHLbZr.exe
  2⤵
  PID:2264
- C:\Windows\System32\EDDYPcf.exe
  C:\Windows\System32\EDDYPcf.exe
  2⤵
  PID:5144
- C:\Windows\System32\TqyhVWU.exe
  C:\Windows\System32\TqyhVWU.exe
  2⤵
  PID:5192
- C:\Windows\System32\ppOHVkL.exe
  C:\Windows\System32\ppOHVkL.exe
  2⤵
  PID:5256
- C:\Windows\System32\TjuURGX.exe
  C:\Windows\System32\TjuURGX.exe
  2⤵
  PID:5340
- C:\Windows\System32\eluMXsC.exe
  C:\Windows\System32\eluMXsC.exe
  2⤵
  PID:5388
- C:\Windows\System32\jZhIPbR.exe
  C:\Windows\System32\jZhIPbR.exe
  2⤵
  PID:5468
- C:\Windows\System32\TOaeuEK.exe
  C:\Windows\System32\TOaeuEK.exe
  2⤵
  PID:5556
- C:\Windows\System32\udePeXB.exe
  C:\Windows\System32\udePeXB.exe
  2⤵
  PID:5592
- C:\Windows\System32\PjFXhnC.exe
  C:\Windows\System32\PjFXhnC.exe
  2⤵
  PID:5676
- C:\Windows\System32\jLxYfZX.exe
  C:\Windows\System32\jLxYfZX.exe
  2⤵
  PID:5724
- C:\Windows\System32\AfOizdP.exe
  C:\Windows\System32\AfOizdP.exe
  2⤵
  PID:5788
- C:\Windows\System32\ReFZnLh.exe
  C:\Windows\System32\ReFZnLh.exe
  2⤵
  PID:5872
- C:\Windows\System32\gSTGeXt.exe
  C:\Windows\System32\gSTGeXt.exe
  2⤵
  PID:5920
- C:\Windows\System32\DakiBGm.exe
  C:\Windows\System32\DakiBGm.exe
  2⤵
  PID:5976
- C:\Windows\System32\xPKzMYT.exe
  C:\Windows\System32\xPKzMYT.exe
  2⤵
  PID:6052
- C:\Windows\System32\avvCzkG.exe
  C:\Windows\System32\avvCzkG.exe
  2⤵
  PID:6108
- C:\Windows\System32\exhWMmv.exe
  C:\Windows\System32\exhWMmv.exe
  2⤵
  PID:4524
- C:\Windows\System32\fXcGWeH.exe
  C:\Windows\System32\fXcGWeH.exe
  2⤵
  PID:556
- C:\Windows\System32\cEjdBbE.exe
  C:\Windows\System32\cEjdBbE.exe
  2⤵
  PID:3208
- C:\Windows\System32\veuZXcE.exe
  C:\Windows\System32\veuZXcE.exe
  2⤵
  PID:5248
- C:\Windows\System32\MJfrUmM.exe
  C:\Windows\System32\MJfrUmM.exe
  2⤵
  PID:5356
- C:\Windows\System32\DgKpyqW.exe
  C:\Windows\System32\DgKpyqW.exe
  2⤵
  PID:5584
- C:\Windows\System32\RtXwSgG.exe
  C:\Windows\System32\RtXwSgG.exe
  2⤵
  PID:5664
- C:\Windows\System32\wOjmlAE.exe
  C:\Windows\System32\wOjmlAE.exe
  2⤵
  PID:5892
- C:\Windows\System32\wWGTtai.exe
  C:\Windows\System32\wWGTtai.exe
  2⤵
  PID:6012
- C:\Windows\System32\yBKDCtY.exe
  C:\Windows\System32\yBKDCtY.exe
  2⤵
  PID:6120
- C:\Windows\System32\MyylBTd.exe
  C:\Windows\System32\MyylBTd.exe
  2⤵
  PID:5160
- C:\Windows\System32\cFmoyme.exe
  C:\Windows\System32\cFmoyme.exe
  2⤵
  PID:6164
- C:\Windows\System32\yvWeULd.exe
  C:\Windows\System32\yvWeULd.exe
  2⤵
  PID:6192
- C:\Windows\System32\qjUbeXu.exe
  C:\Windows\System32\qjUbeXu.exe
  2⤵
  PID:6224
- C:\Windows\System32\OrtAGvY.exe
  C:\Windows\System32\OrtAGvY.exe
  2⤵
  PID:6252
- C:\Windows\System32\bcpVFQn.exe
  C:\Windows\System32\bcpVFQn.exe
  2⤵
  PID:6280
- C:\Windows\System32\VmWyYxG.exe
  C:\Windows\System32\VmWyYxG.exe
  2⤵
  PID:6304
- C:\Windows\System32\fLFRHgO.exe
  C:\Windows\System32\fLFRHgO.exe
  2⤵
  PID:6332
- C:\Windows\System32\sKSYKZs.exe
  C:\Windows\System32\sKSYKZs.exe
  2⤵
  PID:6364
- C:\Windows\System32\lvZCbjS.exe
  C:\Windows\System32\lvZCbjS.exe
  2⤵
  PID:6392
- C:\Windows\System32\NMhhdHq.exe
  C:\Windows\System32\NMhhdHq.exe
  2⤵
  PID:6432
- C:\Windows\System32\EzHmqwy.exe
  C:\Windows\System32\EzHmqwy.exe
  2⤵
  PID:6448
- C:\Windows\System32\XFfsvft.exe
  C:\Windows\System32\XFfsvft.exe
  2⤵
  PID:6472
- C:\Windows\System32\TvLDDKh.exe
  C:\Windows\System32\TvLDDKh.exe
  2⤵
  PID:6500
- C:\Windows\System32\FkZuklm.exe
  C:\Windows\System32\FkZuklm.exe
  2⤵
  PID:6528
- C:\Windows\System32\WPhDBhw.exe
  C:\Windows\System32\WPhDBhw.exe
  2⤵
  PID:6560
- C:\Windows\System32\EODZakS.exe
  C:\Windows\System32\EODZakS.exe
  2⤵
  PID:6584
- C:\Windows\System32\QLVxdXR.exe
  C:\Windows\System32\QLVxdXR.exe
  2⤵
  PID:6616
- C:\Windows\System32\LtDLtsp.exe
  C:\Windows\System32\LtDLtsp.exe
  2⤵
  PID:6640
- C:\Windows\System32\mCzdlcz.exe
  C:\Windows\System32\mCzdlcz.exe
  2⤵
  PID:6668
- C:\Windows\System32\NjMEKRb.exe
  C:\Windows\System32\NjMEKRb.exe
  2⤵
  PID:6696
- C:\Windows\System32\tcBYytQ.exe
  C:\Windows\System32\tcBYytQ.exe
  2⤵
  PID:6728
- C:\Windows\System32\ytKhdjW.exe
  C:\Windows\System32\ytKhdjW.exe
  2⤵
  PID:6752
- C:\Windows\System32\tZLDatC.exe
  C:\Windows\System32\tZLDatC.exe
  2⤵
  PID:6784
- C:\Windows\System32\Clujbrn.exe
  C:\Windows\System32\Clujbrn.exe
  2⤵
  PID:6812
- C:\Windows\System32\HPpndWm.exe
  C:\Windows\System32\HPpndWm.exe
  2⤵
  PID:6840
- C:\Windows\System32\ZzTtLPC.exe
  C:\Windows\System32\ZzTtLPC.exe
  2⤵
  PID:6868
- C:\Windows\System32\FQLqdJQ.exe
  C:\Windows\System32\FQLqdJQ.exe
  2⤵
  PID:6896
- C:\Windows\System32\dXGuvTu.exe
  C:\Windows\System32\dXGuvTu.exe
  2⤵
  PID:6920
- C:\Windows\System32\WtZgLfs.exe
  C:\Windows\System32\WtZgLfs.exe
  2⤵
  PID:6948
- C:\Windows\System32\wJvtCVq.exe
  C:\Windows\System32\wJvtCVq.exe
  2⤵
  PID:6980
- C:\Windows\System32\rkZTSzb.exe
  C:\Windows\System32\rkZTSzb.exe
  2⤵
  PID:7008
- C:\Windows\System32\mSdCDag.exe
  C:\Windows\System32\mSdCDag.exe
  2⤵
  PID:7036
- C:\Windows\System32\MvJVVOe.exe
  C:\Windows\System32\MvJVVOe.exe
  2⤵
  PID:7064
- C:\Windows\System32\YZSJyej.exe
  C:\Windows\System32\YZSJyej.exe
  2⤵
  PID:7088
- C:\Windows\System32\CQrRruy.exe
  C:\Windows\System32\CQrRruy.exe
  2⤵
  PID:7120
- C:\Windows\System32\PURhSgJ.exe
  C:\Windows\System32\PURhSgJ.exe
  2⤵
  PID:7144
- C:\Windows\System32\zAUsZUl.exe
  C:\Windows\System32\zAUsZUl.exe
  2⤵
  PID:5360
- C:\Windows\System32\eaZfrQd.exe
  C:\Windows\System32\eaZfrQd.exe
  2⤵
  PID:5752
- C:\Windows\System32\WhjhxXa.exe
  C:\Windows\System32\WhjhxXa.exe
  2⤵
  PID:6084
- C:\Windows\System32\PoztUSi.exe
  C:\Windows\System32\PoztUSi.exe
  2⤵
  PID:6152
- C:\Windows\System32\gmlGImH.exe
  C:\Windows\System32\gmlGImH.exe
  2⤵
  PID:6244
- C:\Windows\System32\MkbRhVB.exe
  C:\Windows\System32\MkbRhVB.exe
  2⤵
  PID:6292
- C:\Windows\System32\EMjZMqF.exe
  C:\Windows\System32\EMjZMqF.exe
  2⤵
  PID:6340
- C:\Windows\System32\KWcwqlC.exe
  C:\Windows\System32\KWcwqlC.exe
  2⤵
  PID:6400
- C:\Windows\System32\zMrBnzJ.exe
  C:\Windows\System32\zMrBnzJ.exe
  2⤵
  PID:6480
- C:\Windows\System32\CIaGSAd.exe
  C:\Windows\System32\CIaGSAd.exe
  2⤵
  PID:6544
- C:\Windows\System32\nIOQbcf.exe
  C:\Windows\System32\nIOQbcf.exe
  2⤵
  PID:6600
- C:\Windows\System32\CsNtPMj.exe
  C:\Windows\System32\CsNtPMj.exe
  2⤵
  PID:6684
- C:\Windows\System32\NdSDWCj.exe
  C:\Windows\System32\NdSDWCj.exe
  2⤵
  PID:6740
- C:\Windows\System32\YcLqyrp.exe
  C:\Windows\System32\YcLqyrp.exe
  2⤵
  PID:6796
- C:\Windows\System32\puxYzei.exe
  C:\Windows\System32\puxYzei.exe
  2⤵
  PID:6848
- C:\Windows\System32\kKgdIvu.exe
  C:\Windows\System32\kKgdIvu.exe
  2⤵
  PID:6928
- C:\Windows\System32\MQWVZVL.exe
  C:\Windows\System32\MQWVZVL.exe
  2⤵
  PID:6988
- C:\Windows\System32\zPdVssw.exe
  C:\Windows\System32\zPdVssw.exe
  2⤵
  PID:7056
- C:\Windows\System32\cHLRoCn.exe
  C:\Windows\System32\cHLRoCn.exe
  2⤵
  PID:7112
- C:\Windows\System32\jNQrIgV.exe
  C:\Windows\System32\jNQrIgV.exe
  2⤵
  PID:7152
- C:\Windows\System32\LqfyCzb.exe
  C:\Windows\System32\LqfyCzb.exe
  2⤵
  PID:5836
- C:\Windows\System32\DgqlXNY.exe
  C:\Windows\System32\DgqlXNY.exe
  2⤵
  PID:6172
- C:\Windows\System32\ywomMdi.exe
  C:\Windows\System32\ywomMdi.exe
  2⤵
  PID:6312
- C:\Windows\System32\jHoKmJa.exe
  C:\Windows\System32\jHoKmJa.exe
  2⤵
  PID:6468
- C:\Windows\System32\dNnCaXo.exe
  C:\Windows\System32\dNnCaXo.exe
  2⤵
  PID:6608
- C:\Windows\System32\QhsLFEm.exe
  C:\Windows\System32\QhsLFEm.exe
  2⤵
  PID:3996
- C:\Windows\System32\zmgFsmu.exe
  C:\Windows\System32\zmgFsmu.exe
  2⤵
  PID:6908
- C:\Windows\System32\tLXaNjr.exe
  C:\Windows\System32\tLXaNjr.exe
  2⤵
  PID:7020
- C:\Windows\System32\oVPjhhf.exe
  C:\Windows\System32\oVPjhhf.exe
  2⤵
  PID:7128
- C:\Windows\System32\nsigFIV.exe
  C:\Windows\System32\nsigFIV.exe
  2⤵
  PID:4508
- C:\Windows\System32\MQAsFeh.exe
  C:\Windows\System32\MQAsFeh.exe
  2⤵
  PID:1928
- C:\Windows\System32\GhSzYDf.exe
  C:\Windows\System32\GhSzYDf.exe
  2⤵
  PID:6648
- C:\Windows\System32\GecbgxE.exe
  C:\Windows\System32\GecbgxE.exe
  2⤵
  PID:7184
- C:\Windows\System32\TFHtBGg.exe
  C:\Windows\System32\TFHtBGg.exe
  2⤵
  PID:7220
- C:\Windows\System32\FtrWuGS.exe
  C:\Windows\System32\FtrWuGS.exe
  2⤵
  PID:7252
- C:\Windows\System32\rYMNMOM.exe
  C:\Windows\System32\rYMNMOM.exe
  2⤵
  PID:7268
- C:\Windows\System32\hGGsToO.exe
  C:\Windows\System32\hGGsToO.exe
  2⤵
  PID:7308
- C:\Windows\System32\wNqwzCi.exe
  C:\Windows\System32\wNqwzCi.exe
  2⤵
  PID:7324
- C:\Windows\System32\aCrxJdR.exe
  C:\Windows\System32\aCrxJdR.exe
  2⤵
  PID:7352
- C:\Windows\System32\XjcoMOS.exe
  C:\Windows\System32\XjcoMOS.exe
  2⤵
  PID:7376
- C:\Windows\System32\SwkseSD.exe
  C:\Windows\System32\SwkseSD.exe
  2⤵
  PID:7404
- C:\Windows\System32\hPpMQKK.exe
  C:\Windows\System32\hPpMQKK.exe
  2⤵
  PID:7432
- C:\Windows\System32\GORVPSx.exe
  C:\Windows\System32\GORVPSx.exe
  2⤵
  PID:7460
- C:\Windows\System32\foUGnsh.exe
  C:\Windows\System32\foUGnsh.exe
  2⤵
  PID:7488
- C:\Windows\System32\pTuVuAv.exe
  C:\Windows\System32\pTuVuAv.exe
  2⤵
  PID:7520
- C:\Windows\System32\ffosOcf.exe
  C:\Windows\System32\ffosOcf.exe
  2⤵
  PID:7556
- C:\Windows\System32\uZffbcV.exe
  C:\Windows\System32\uZffbcV.exe
  2⤵
  PID:7588
- C:\Windows\System32\zezuiMo.exe
  C:\Windows\System32\zezuiMo.exe
  2⤵
  PID:7708
- C:\Windows\System32\zJyQJUN.exe
  C:\Windows\System32\zJyQJUN.exe
  2⤵
  PID:7740
- C:\Windows\System32\qoNuZeD.exe
  C:\Windows\System32\qoNuZeD.exe
  2⤵
  PID:7768
- C:\Windows\System32\xMLCMiR.exe
  C:\Windows\System32\xMLCMiR.exe
  2⤵
  PID:7788
- C:\Windows\System32\kpdNkcB.exe
  C:\Windows\System32\kpdNkcB.exe
  2⤵
  PID:7808
- C:\Windows\System32\GzHMvqL.exe
  C:\Windows\System32\GzHMvqL.exe
  2⤵
  PID:7828
- C:\Windows\System32\tUYucNn.exe
  C:\Windows\System32\tUYucNn.exe
  2⤵
  PID:7852
- C:\Windows\System32\TscoUJY.exe
  C:\Windows\System32\TscoUJY.exe
  2⤵
  PID:7888
- C:\Windows\System32\EiyDtfK.exe
  C:\Windows\System32\EiyDtfK.exe
  2⤵
  PID:7948
- C:\Windows\System32\dmFvLqV.exe
  C:\Windows\System32\dmFvLqV.exe
  2⤵
  PID:7968
- C:\Windows\System32\OKNoVaz.exe
  C:\Windows\System32\OKNoVaz.exe
  2⤵
  PID:8000
- C:\Windows\System32\EfuMGPJ.exe
  C:\Windows\System32\EfuMGPJ.exe
  2⤵
  PID:8048
- C:\Windows\System32\MHlwQcy.exe
  C:\Windows\System32\MHlwQcy.exe
  2⤵
  PID:8064
- C:\Windows\System32\EpoVRgL.exe
  C:\Windows\System32\EpoVRgL.exe
  2⤵
  PID:8096
- C:\Windows\System32\cJfTQny.exe
  C:\Windows\System32\cJfTQny.exe
  2⤵
  PID:8140
- C:\Windows\System32\CnPdtdb.exe
  C:\Windows\System32\CnPdtdb.exe
  2⤵
  PID:8176
- C:\Windows\System32\eBUIfwP.exe
  C:\Windows\System32\eBUIfwP.exe
  2⤵
  PID:6972
- C:\Windows\System32\qWKDiDG.exe
  C:\Windows\System32\qWKDiDG.exe
  2⤵
  PID:5072
- C:\Windows\System32\bGoHgMi.exe
  C:\Windows\System32\bGoHgMi.exe
  2⤵
  PID:3056
- C:\Windows\System32\jjSWkJR.exe
  C:\Windows\System32\jjSWkJR.exe
  2⤵
  PID:7176
- C:\Windows\System32\woINmiw.exe
  C:\Windows\System32\woINmiw.exe
  2⤵
  PID:7228
- C:\Windows\System32\vdTkgAV.exe
  C:\Windows\System32\vdTkgAV.exe
  2⤵
  PID:7276
- C:\Windows\System32\rWfpxjd.exe
  C:\Windows\System32\rWfpxjd.exe
  2⤵
  PID:4008
- C:\Windows\System32\ZvxNjgH.exe
  C:\Windows\System32\ZvxNjgH.exe
  2⤵
  PID:7384
- C:\Windows\System32\eNVHejU.exe
  C:\Windows\System32\eNVHejU.exe
  2⤵
  PID:7428
- C:\Windows\System32\McYEaPg.exe
  C:\Windows\System32\McYEaPg.exe
  2⤵
  PID:5020
- C:\Windows\System32\gSDvtpa.exe
  C:\Windows\System32\gSDvtpa.exe
  2⤵
  PID:4916
- C:\Windows\System32\QhOFbwE.exe
  C:\Windows\System32\QhOFbwE.exe
  2⤵
  PID:7528
- C:\Windows\System32\NednyBV.exe
  C:\Windows\System32\NednyBV.exe
  2⤵
  PID:4288
- C:\Windows\System32\bWzGIKp.exe
  C:\Windows\System32\bWzGIKp.exe
  2⤵
  PID:1916
- C:\Windows\System32\LBWXuDO.exe
  C:\Windows\System32\LBWXuDO.exe
  2⤵
  PID:2620
- C:\Windows\System32\voOpXSI.exe
  C:\Windows\System32\voOpXSI.exe
  2⤵
  PID:7684
- C:\Windows\System32\RLFjJyi.exe
  C:\Windows\System32\RLFjJyi.exe
  2⤵
  PID:680
- C:\Windows\System32\CiyFpqW.exe
  C:\Windows\System32\CiyFpqW.exe
  2⤵
  PID:1324
- C:\Windows\System32\rmqDphv.exe
  C:\Windows\System32\rmqDphv.exe
  2⤵
  PID:3984
- C:\Windows\System32\LJspWPA.exe
  C:\Windows\System32\LJspWPA.exe
  2⤵
  PID:7780
- C:\Windows\System32\fgjQDdA.exe
  C:\Windows\System32\fgjQDdA.exe
  2⤵
  PID:7824
- C:\Windows\System32\cWKDQkf.exe
  C:\Windows\System32\cWKDQkf.exe
  2⤵
  PID:7880
- C:\Windows\System32\smOoGmu.exe
  C:\Windows\System32\smOoGmu.exe
  2⤵
  PID:8012
- C:\Windows\System32\EZTFhQR.exe
  C:\Windows\System32\EZTFhQR.exe
  2⤵
  PID:2020
- C:\Windows\System32\fggMBXW.exe
  C:\Windows\System32\fggMBXW.exe
  2⤵
  PID:8156
- C:\Windows\System32\yVPkNJz.exe
  C:\Windows\System32\yVPkNJz.exe
  2⤵
  PID:3708
- C:\Windows\System32\pReBiFN.exe
  C:\Windows\System32\pReBiFN.exe
  2⤵
  PID:1012
- C:\Windows\System32\ursMmVI.exe
  C:\Windows\System32\ursMmVI.exe
  2⤵
  PID:7364
- C:\Windows\System32\ewZhPzA.exe
  C:\Windows\System32\ewZhPzA.exe
  2⤵
  PID:7496
- C:\Windows\System32\tdOhDVM.exe
  C:\Windows\System32\tdOhDVM.exe
  2⤵
  PID:7564
- C:\Windows\System32\qIIWGGy.exe
  C:\Windows\System32\qIIWGGy.exe
  2⤵
  PID:7692
- C:\Windows\System32\GpYTxRM.exe
  C:\Windows\System32\GpYTxRM.exe
  2⤵
  PID:7872
- C:\Windows\System32\nBfGNkT.exe
  C:\Windows\System32\nBfGNkT.exe
  2⤵
  PID:1040
- C:\Windows\System32\oxAvVeB.exe
  C:\Windows\System32\oxAvVeB.exe
  2⤵
  PID:7912
- C:\Windows\System32\kewnMjg.exe
  C:\Windows\System32\kewnMjg.exe
  2⤵
  PID:8084
- C:\Windows\System32\knYnNAn.exe
  C:\Windows\System32\knYnNAn.exe
  2⤵
  PID:6260
- C:\Windows\System32\KHhddmw.exe
  C:\Windows\System32\KHhddmw.exe
  2⤵
  PID:1428
- C:\Windows\System32\GoRiOKV.exe
  C:\Windows\System32\GoRiOKV.exe
  2⤵
  PID:7756
- C:\Windows\System32\MBBiePL.exe
  C:\Windows\System32\MBBiePL.exe
  2⤵
  PID:2968
- C:\Windows\System32\HrQtIZS.exe
  C:\Windows\System32\HrQtIZS.exe
  2⤵
  PID:6792
- C:\Windows\System32\AgEwaTj.exe
  C:\Windows\System32\AgEwaTj.exe
  2⤵
  PID:8212
- C:\Windows\System32\JfaqwRv.exe
  C:\Windows\System32\JfaqwRv.exe
  2⤵
  PID:8272
- C:\Windows\System32\JvrIlON.exe
  C:\Windows\System32\JvrIlON.exe
  2⤵
  PID:8304
- C:\Windows\System32\UIkQlpC.exe
  C:\Windows\System32\UIkQlpC.exe
  2⤵
  PID:8328
- C:\Windows\System32\kPuoPzj.exe
  C:\Windows\System32\kPuoPzj.exe
  2⤵
  PID:8364
- C:\Windows\System32\sKptKPh.exe
  C:\Windows\System32\sKptKPh.exe
  2⤵
  PID:8392
- C:\Windows\System32\EYYFlFa.exe
  C:\Windows\System32\EYYFlFa.exe
  2⤵
  PID:8408
- C:\Windows\System32\SdFWdPJ.exe
  C:\Windows\System32\SdFWdPJ.exe
  2⤵
  PID:8432
- C:\Windows\System32\zDJszUa.exe
  C:\Windows\System32\zDJszUa.exe
  2⤵
  PID:8488
- C:\Windows\System32\lMwJpjc.exe
  C:\Windows\System32\lMwJpjc.exe
  2⤵
  PID:8528
- C:\Windows\System32\ffYpPRF.exe
  C:\Windows\System32\ffYpPRF.exe
  2⤵
  PID:8544
- C:\Windows\System32\HqpSyQc.exe
  C:\Windows\System32\HqpSyQc.exe
  2⤵
  PID:8584
- C:\Windows\System32\ZafBuFa.exe
  C:\Windows\System32\ZafBuFa.exe
  2⤵
  PID:8612
- C:\Windows\System32\eCwhhzN.exe
  C:\Windows\System32\eCwhhzN.exe
  2⤵
  PID:8640
- C:\Windows\System32\PHIrpQw.exe
  C:\Windows\System32\PHIrpQw.exe
  2⤵
  PID:8688
- C:\Windows\System32\hGVgCZO.exe
  C:\Windows\System32\hGVgCZO.exe
  2⤵
  PID:8720
- C:\Windows\System32\dxdTCAm.exe
  C:\Windows\System32\dxdTCAm.exe
  2⤵
  PID:8756
- C:\Windows\System32\MJqIFYp.exe
  C:\Windows\System32\MJqIFYp.exe
  2⤵
  PID:8784
- C:\Windows\System32\EJPJVrs.exe
  C:\Windows\System32\EJPJVrs.exe
  2⤵
  PID:8824
- C:\Windows\System32\DVOZSUY.exe
  C:\Windows\System32\DVOZSUY.exe
  2⤵
  PID:8840
- C:\Windows\System32\UFtQOAm.exe
  C:\Windows\System32\UFtQOAm.exe
  2⤵
  PID:8876
- C:\Windows\System32\OKrOSjV.exe
  C:\Windows\System32\OKrOSjV.exe
  2⤵
  PID:8912
- C:\Windows\System32\uljhgxK.exe
  C:\Windows\System32\uljhgxK.exe
  2⤵
  PID:8940
- C:\Windows\System32\NTrLkbr.exe
  C:\Windows\System32\NTrLkbr.exe
  2⤵
  PID:8968
- C:\Windows\System32\GFejkZN.exe
  C:\Windows\System32\GFejkZN.exe
  2⤵
  PID:9000
- C:\Windows\System32\ROMMUNx.exe
  C:\Windows\System32\ROMMUNx.exe
  2⤵
  PID:9028
- C:\Windows\System32\NPrZgOZ.exe
  C:\Windows\System32\NPrZgOZ.exe
  2⤵
  PID:9064
- C:\Windows\System32\ZodfKMZ.exe
  C:\Windows\System32\ZodfKMZ.exe
  2⤵
  PID:9092
- C:\Windows\System32\ZOecFBM.exe
  C:\Windows\System32\ZOecFBM.exe
  2⤵
  PID:9120
- C:\Windows\System32\HHTKzyr.exe
  C:\Windows\System32\HHTKzyr.exe
  2⤵
  PID:9148
- C:\Windows\System32\UcpKeSq.exe
  C:\Windows\System32\UcpKeSq.exe
  2⤵
  PID:9172
- C:\Windows\System32\ugBykGL.exe
  C:\Windows\System32\ugBykGL.exe
  2⤵
  PID:9204
- C:\Windows\System32\UPFNlGV.exe
  C:\Windows\System32\UPFNlGV.exe
  2⤵
  PID:8256
- C:\Windows\System32\RtSSOOS.exe
  C:\Windows\System32\RtSSOOS.exe
  2⤵
  PID:8324
- C:\Windows\System32\acJvlAO.exe
  C:\Windows\System32\acJvlAO.exe
  2⤵
  PID:8404
- C:\Windows\System32\atsSGVW.exe
  C:\Windows\System32\atsSGVW.exe
  2⤵
  PID:8452
- C:\Windows\System32\uWJyCNy.exe
  C:\Windows\System32\uWJyCNy.exe
  2⤵
  PID:4952
- C:\Windows\System32\TLmwTXs.exe
  C:\Windows\System32\TLmwTXs.exe
  2⤵
  PID:3260
- C:\Windows\System32\rqnIOlQ.exe
  C:\Windows\System32\rqnIOlQ.exe
  2⤵
  PID:8596
- C:\Windows\System32\dzXHRkF.exe
  C:\Windows\System32\dzXHRkF.exe
  2⤵
  PID:8652
- C:\Windows\System32\QJkWkPS.exe
  C:\Windows\System32\QJkWkPS.exe
  2⤵
  PID:8780
- C:\Windows\System32\ndqAWeF.exe
  C:\Windows\System32\ndqAWeF.exe
  2⤵
  PID:8832
- C:\Windows\System32\gnzvcBt.exe
  C:\Windows\System32\gnzvcBt.exe
  2⤵
  PID:8900
- C:\Windows\System32\cvoVQyq.exe
  C:\Windows\System32\cvoVQyq.exe
  2⤵
  PID:8956
- C:\Windows\System32\GkqXdqO.exe
  C:\Windows\System32\GkqXdqO.exe
  2⤵
  PID:9024
- C:\Windows\System32\fQEMGKf.exe
  C:\Windows\System32\fQEMGKf.exe
  2⤵
  PID:9084
- C:\Windows\System32\XPdGobr.exe
  C:\Windows\System32\XPdGobr.exe
  2⤵
  PID:7696
- C:\Windows\System32\ejWqThy.exe
  C:\Windows\System32\ejWqThy.exe
  2⤵
  PID:9188
- C:\Windows\System32\IcyTIOj.exe
  C:\Windows\System32\IcyTIOj.exe
  2⤵
  PID:8360
- C:\Windows\System32\froAWbM.exe
  C:\Windows\System32\froAWbM.exe
  2⤵
  PID:8476
- C:\Windows\System32\YmxpxZr.exe
  C:\Windows\System32\YmxpxZr.exe
  2⤵
  PID:8536
- C:\Windows\System32\OCveLwf.exe
  C:\Windows\System32\OCveLwf.exe
  2⤵
  PID:8752
- C:\Windows\System32\LjEWyBw.exe
  C:\Windows\System32\LjEWyBw.exe
  2⤵
  PID:8704
- C:\Windows\System32\AXDzhyy.exe
  C:\Windows\System32\AXDzhyy.exe
  2⤵
  PID:7644
- C:\Windows\System32\CkpgGlk.exe
  C:\Windows\System32\CkpgGlk.exe
  2⤵
  PID:7668
- C:\Windows\System32\MsNQbis.exe
  C:\Windows\System32\MsNQbis.exe
  2⤵
  PID:8312
- C:\Windows\System32\WZClyir.exe
  C:\Windows\System32\WZClyir.exe
  2⤵
  PID:8624
- C:\Windows\System32\feFaglY.exe
  C:\Windows\System32\feFaglY.exe
  2⤵
  PID:7656
- C:\Windows\System32\FoieILn.exe
  C:\Windows\System32\FoieILn.exe
  2⤵
  PID:7632
- C:\Windows\System32\drkoIcR.exe
  C:\Windows\System32\drkoIcR.exe
  2⤵
  PID:7648
- C:\Windows\System32\lDoyLBB.exe
  C:\Windows\System32\lDoyLBB.exe
  2⤵
  PID:9224
- C:\Windows\System32\OhTURVm.exe
  C:\Windows\System32\OhTURVm.exe
  2⤵
  PID:9252
- C:\Windows\System32\GbPBYJQ.exe
  C:\Windows\System32\GbPBYJQ.exe
  2⤵
  PID:9284
- C:\Windows\System32\MYuwKgq.exe
  C:\Windows\System32\MYuwKgq.exe
  2⤵
  PID:9316
- C:\Windows\System32\LEHVHIO.exe
  C:\Windows\System32\LEHVHIO.exe
  2⤵
  PID:9344
- C:\Windows\System32\kDoHDgy.exe
  C:\Windows\System32\kDoHDgy.exe
  2⤵
  PID:9372
- C:\Windows\System32\hpxfBVC.exe
  C:\Windows\System32\hpxfBVC.exe
  2⤵
  PID:9400
- C:\Windows\System32\LeuWelE.exe
  C:\Windows\System32\LeuWelE.exe
  2⤵
  PID:9428
- C:\Windows\System32\qDRRXxf.exe
  C:\Windows\System32\qDRRXxf.exe
  2⤵
  PID:9456
- C:\Windows\System32\EhUOWCE.exe
  C:\Windows\System32\EhUOWCE.exe
  2⤵
  PID:9484
- C:\Windows\System32\DUryVzi.exe
  C:\Windows\System32\DUryVzi.exe
  2⤵
  PID:9512
- C:\Windows\System32\dSKMutv.exe
  C:\Windows\System32\dSKMutv.exe
  2⤵
  PID:9540
- C:\Windows\System32\QMCfWSZ.exe
  C:\Windows\System32\QMCfWSZ.exe
  2⤵
  PID:9568
- C:\Windows\System32\OrzdrYZ.exe
  C:\Windows\System32\OrzdrYZ.exe
  2⤵
  PID:9596
- C:\Windows\System32\GMUiDXn.exe
  C:\Windows\System32\GMUiDXn.exe
  2⤵
  PID:9624
- C:\Windows\System32\GIWejTc.exe
  C:\Windows\System32\GIWejTc.exe
  2⤵
  PID:9652
- C:\Windows\System32\txrTjUZ.exe
  C:\Windows\System32\txrTjUZ.exe
  2⤵
  PID:9680
- C:\Windows\System32\EMvXzVg.exe
  C:\Windows\System32\EMvXzVg.exe
  2⤵
  PID:9708
- C:\Windows\System32\ayrnJIT.exe
  C:\Windows\System32\ayrnJIT.exe
  2⤵
  PID:9736
- C:\Windows\System32\XovOVcH.exe
  C:\Windows\System32\XovOVcH.exe
  2⤵
  PID:9768
- C:\Windows\System32\HfqnrVY.exe
  C:\Windows\System32\HfqnrVY.exe
  2⤵
  PID:9792
- C:\Windows\System32\vBTIsdv.exe
  C:\Windows\System32\vBTIsdv.exe
  2⤵
  PID:9812
- C:\Windows\System32\OxiUazf.exe
  C:\Windows\System32\OxiUazf.exe
  2⤵
  PID:9852
- C:\Windows\System32\wqcthSb.exe
  C:\Windows\System32\wqcthSb.exe
  2⤵
  PID:9884
- C:\Windows\System32\BoSKqMZ.exe
  C:\Windows\System32\BoSKqMZ.exe
  2⤵
  PID:9920
- C:\Windows\System32\uPACqqj.exe
  C:\Windows\System32\uPACqqj.exe
  2⤵
  PID:9948
- C:\Windows\System32\lUhXltO.exe
  C:\Windows\System32\lUhXltO.exe
  2⤵
  PID:9980
- C:\Windows\System32\htQLhsd.exe
  C:\Windows\System32\htQLhsd.exe
  2⤵
  PID:10008
- C:\Windows\System32\gFyCxwL.exe
  C:\Windows\System32\gFyCxwL.exe
  2⤵
  PID:10036
- C:\Windows\System32\zzzLXWY.exe
  C:\Windows\System32\zzzLXWY.exe
  2⤵
  PID:10064
- C:\Windows\System32\FRXuRbb.exe
  C:\Windows\System32\FRXuRbb.exe
  2⤵
  PID:10104
- C:\Windows\System32\QwdQppR.exe
  C:\Windows\System32\QwdQppR.exe
  2⤵
  PID:10140
- C:\Windows\System32\ehVESwr.exe
  C:\Windows\System32\ehVESwr.exe
  2⤵
  PID:10168
- C:\Windows\System32\uEKVVah.exe
  C:\Windows\System32\uEKVVah.exe
  2⤵
  PID:10200
- C:\Windows\System32\PUPrSvs.exe
  C:\Windows\System32\PUPrSvs.exe
  2⤵
  PID:10224
- C:\Windows\System32\DGoCeXj.exe
  C:\Windows\System32\DGoCeXj.exe
  2⤵
  PID:8952
- C:\Windows\System32\Exfcoaw.exe
  C:\Windows\System32\Exfcoaw.exe
  2⤵
  PID:9276
- C:\Windows\System32\erYyQLe.exe
  C:\Windows\System32\erYyQLe.exe
  2⤵
  PID:9384
- C:\Windows\System32\TRfAbrV.exe
  C:\Windows\System32\TRfAbrV.exe
  2⤵
  PID:9448
- C:\Windows\System32\usFulYE.exe
  C:\Windows\System32\usFulYE.exe
  2⤵
  PID:9508
- C:\Windows\System32\omiMDRS.exe
  C:\Windows\System32\omiMDRS.exe
  2⤵
  PID:7676
- C:\Windows\System32\QvzLEtn.exe
  C:\Windows\System32\QvzLEtn.exe
  2⤵
  PID:9648
- C:\Windows\System32\INPplga.exe
  C:\Windows\System32\INPplga.exe
  2⤵
  PID:9704
- C:\Windows\System32\KGiUIKJ.exe
  C:\Windows\System32\KGiUIKJ.exe
  2⤵
  PID:9784
- C:\Windows\System32\ANaoghG.exe
  C:\Windows\System32\ANaoghG.exe
  2⤵
  PID:9892
- C:\Windows\System32\kCzZlxp.exe
  C:\Windows\System32\kCzZlxp.exe
  2⤵
  PID:9944
- C:\Windows\System32\rsRJYlq.exe
  C:\Windows\System32\rsRJYlq.exe
  2⤵
  PID:10020
- C:\Windows\System32\GweRFSU.exe
  C:\Windows\System32\GweRFSU.exe
  2⤵
  PID:10076
- C:\Windows\System32\INSkcNz.exe
  C:\Windows\System32\INSkcNz.exe
  2⤵
  PID:10156
- C:\Windows\System32\MeJhwBI.exe
  C:\Windows\System32\MeJhwBI.exe
  2⤵
  PID:10220
- C:\Windows\System32\DTjRGqa.exe
  C:\Windows\System32\DTjRGqa.exe
  2⤵
  PID:9364
- C:\Windows\System32\USypjWK.exe
  C:\Windows\System32\USypjWK.exe
  2⤵
  PID:9504
- C:\Windows\System32\jQqxHSl.exe
  C:\Windows\System32\jQqxHSl.exe
  2⤵
  PID:9672
- C:\Windows\System32\bFiLkzw.exe
  C:\Windows\System32\bFiLkzw.exe
  2⤵
  PID:9880
- C:\Windows\System32\oYEfZIv.exe
  C:\Windows\System32\oYEfZIv.exe
  2⤵
  PID:10052
- C:\Windows\System32\rBxFUVr.exe
  C:\Windows\System32\rBxFUVr.exe
  2⤵
  PID:10212
- C:\Windows\System32\PPPlHKy.exe
  C:\Windows\System32\PPPlHKy.exe
  2⤵
  PID:9476
- C:\Windows\System32\pZcGDAt.exe
  C:\Windows\System32\pZcGDAt.exe
  2⤵
  PID:9828
- C:\Windows\System32\AKASHlP.exe
  C:\Windows\System32\AKASHlP.exe
  2⤵
  PID:9440
- C:\Windows\System32\ZcmUKzs.exe
  C:\Windows\System32\ZcmUKzs.exe
  2⤵
  PID:9272
- C:\Windows\System32\fgQRuZw.exe
  C:\Windows\System32\fgQRuZw.exe
  2⤵
  PID:10256
- C:\Windows\System32\VvCKQgR.exe
  C:\Windows\System32\VvCKQgR.exe
  2⤵
  PID:10272
- C:\Windows\System32\KqAQyWI.exe
  C:\Windows\System32\KqAQyWI.exe
  2⤵
  PID:10296
- C:\Windows\System32\nzydmpc.exe
  C:\Windows\System32\nzydmpc.exe
  2⤵
  PID:10320
- C:\Windows\System32\gAuaynN.exe
  C:\Windows\System32\gAuaynN.exe
  2⤵
  PID:10348
- C:\Windows\System32\PCDLnRf.exe
  C:\Windows\System32\PCDLnRf.exe
  2⤵
  PID:10372
- C:\Windows\System32\mNkESQF.exe
  C:\Windows\System32\mNkESQF.exe
  2⤵
  PID:10424
- C:\Windows\System32\omMZdOl.exe
  C:\Windows\System32\omMZdOl.exe
  2⤵
  PID:10460
- C:\Windows\System32\rTERPrI.exe
  C:\Windows\System32\rTERPrI.exe
  2⤵
  PID:10480
- C:\Windows\System32\GTDGoJc.exe
  C:\Windows\System32\GTDGoJc.exe
  2⤵
  PID:10516
- C:\Windows\System32\IEfvBfu.exe
  C:\Windows\System32\IEfvBfu.exe
  2⤵
  PID:10548
- C:\Windows\System32\cySdDeb.exe
  C:\Windows\System32\cySdDeb.exe
  2⤵
  PID:10572
- C:\Windows\System32\DwsrGSG.exe
  C:\Windows\System32\DwsrGSG.exe
  2⤵
  PID:10592
- C:\Windows\System32\iCZuSjU.exe
  C:\Windows\System32\iCZuSjU.exe
  2⤵
  PID:10628
- C:\Windows\System32\bPwrcWz.exe
  C:\Windows\System32\bPwrcWz.exe
  2⤵
  PID:10656
- C:\Windows\System32\AshoUPE.exe
  C:\Windows\System32\AshoUPE.exe
  2⤵
  PID:10684
- C:\Windows\System32\XbxZWwE.exe
  C:\Windows\System32\XbxZWwE.exe
  2⤵
  PID:10712
- C:\Windows\System32\bkCrvYl.exe
  C:\Windows\System32\bkCrvYl.exe
  2⤵
  PID:10740
- C:\Windows\System32\SSsFQcj.exe
  C:\Windows\System32\SSsFQcj.exe
  2⤵
  PID:10768
- C:\Windows\System32\HMCOEfp.exe
  C:\Windows\System32\HMCOEfp.exe
  2⤵
  PID:10800
- C:\Windows\System32\SETjRjT.exe
  C:\Windows\System32\SETjRjT.exe
  2⤵
  PID:10828
- C:\Windows\System32\PFdIsBL.exe
  C:\Windows\System32\PFdIsBL.exe
  2⤵
  PID:10860
- C:\Windows\System32\rgMsNFl.exe
  C:\Windows\System32\rgMsNFl.exe
  2⤵
  PID:10888
- C:\Windows\System32\gYhTRWK.exe
  C:\Windows\System32\gYhTRWK.exe
  2⤵
  PID:10916
- C:\Windows\System32\HvGMAUy.exe
  C:\Windows\System32\HvGMAUy.exe
  2⤵
  PID:10944
- C:\Windows\System32\VTppVRx.exe
  C:\Windows\System32\VTppVRx.exe
  2⤵
  PID:10972
- C:\Windows\System32\TtihxGg.exe
  C:\Windows\System32\TtihxGg.exe
  2⤵
  PID:11000
- C:\Windows\System32\TadiUNX.exe
  C:\Windows\System32\TadiUNX.exe
  2⤵
  PID:11028
- C:\Windows\System32\BxXWMzW.exe
  C:\Windows\System32\BxXWMzW.exe
  2⤵
  PID:11056
- C:\Windows\System32\QSvvFLq.exe
  C:\Windows\System32\QSvvFLq.exe
  2⤵
  PID:11072
- C:\Windows\System32\OiqhJZC.exe
  C:\Windows\System32\OiqhJZC.exe
  2⤵
  PID:11112
- C:\Windows\System32\cTGeXwq.exe
  C:\Windows\System32\cTGeXwq.exe
  2⤵
  PID:11140
- C:\Windows\System32\fHaBJsT.exe
  C:\Windows\System32\fHaBJsT.exe
  2⤵
  PID:11168
- C:\Windows\System32\JtGJUOM.exe
  C:\Windows\System32\JtGJUOM.exe
  2⤵
  PID:11212
- C:\Windows\System32\GoMQLYM.exe
  C:\Windows\System32\GoMQLYM.exe
  2⤵
  PID:11252
- C:\Windows\System32\aQtBXqW.exe
  C:\Windows\System32\aQtBXqW.exe
  2⤵
  PID:10288
- C:\Windows\System32\esQXoll.exe
  C:\Windows\System32\esQXoll.exe
  2⤵
  PID:10340
- C:\Windows\System32\mzMHoOl.exe
  C:\Windows\System32\mzMHoOl.exe
  2⤵
  PID:10452
- C:\Windows\System32\LUfIxwa.exe
  C:\Windows\System32\LUfIxwa.exe
  2⤵
  PID:10536
- C:\Windows\System32\fRdsKHh.exe
  C:\Windows\System32\fRdsKHh.exe
  2⤵
  PID:10612
- C:\Windows\System32\NObWKrv.exe
  C:\Windows\System32\NObWKrv.exe
  2⤵
  PID:10696
- C:\Windows\System32\Kfkkfct.exe
  C:\Windows\System32\Kfkkfct.exe
  2⤵
  PID:10764
- C:\Windows\System32\cuGgrxy.exe
  C:\Windows\System32\cuGgrxy.exe
  2⤵
  PID:10784
- C:\Windows\System32\MikPYrT.exe
  C:\Windows\System32\MikPYrT.exe
  2⤵
  PID:10872
- C:\Windows\System32\FIwfDUE.exe
  C:\Windows\System32\FIwfDUE.exe
  2⤵
  PID:2852
- C:\Windows\System32\OGwtysb.exe
  C:\Windows\System32\OGwtysb.exe
  2⤵
  PID:10964
- C:\Windows\System32\YIZPsfV.exe
  C:\Windows\System32\YIZPsfV.exe
  2⤵
  PID:11012
- C:\Windows\System32\ffVfpPA.exe
  C:\Windows\System32\ffVfpPA.exe
  2⤵
  PID:11088
- C:\Windows\System32\hwLizYg.exe
  C:\Windows\System32\hwLizYg.exe
  2⤵
  PID:11180
- C:\Windows\System32\tXYQmjl.exe
  C:\Windows\System32\tXYQmjl.exe
  2⤵
  PID:10252
- C:\Windows\System32\qHIteTd.exe
  C:\Windows\System32\qHIteTd.exe
  2⤵
  PID:10568
- C:\Windows\System32\ycTaCPX.exe
  C:\Windows\System32\ycTaCPX.exe
  2⤵
  PID:10752
- C:\Windows\System32\KTGENnW.exe
  C:\Windows\System32\KTGENnW.exe
  2⤵
  PID:10956
- C:\Windows\System32\ifsbdZN.exe
  C:\Windows\System32\ifsbdZN.exe
  2⤵
  PID:10844
- C:\Windows\System32\czcYwmp.exe
  C:\Windows\System32\czcYwmp.exe
  2⤵
  PID:11208
- C:\Windows\System32\NefbUFR.exe
  C:\Windows\System32\NefbUFR.exe
  2⤵
  PID:10388
- C:\Windows\System32\kqqIRLv.exe
  C:\Windows\System32\kqqIRLv.exe
  2⤵
  PID:10796
- C:\Windows\System32\vFEDULe.exe
  C:\Windows\System32\vFEDULe.exe
  2⤵
  PID:11244
- C:\Windows\System32\bUgLLja.exe
  C:\Windows\System32\bUgLLja.exe
  2⤵
  PID:10788
- C:\Windows\System32\yvlYUvL.exe
  C:\Windows\System32\yvlYUvL.exe
  2⤵
  PID:11276
- C:\Windows\System32\XHKKmHv.exe
  C:\Windows\System32\XHKKmHv.exe
  2⤵
  PID:11328
- C:\Windows\System32\DCDpcjo.exe
  C:\Windows\System32\DCDpcjo.exe
  2⤵
  PID:11344
- C:\Windows\System32\gPaAaSu.exe
  C:\Windows\System32\gPaAaSu.exe
  2⤵
  PID:11372
- C:\Windows\System32\WWkxIXe.exe
  C:\Windows\System32\WWkxIXe.exe
  2⤵
  PID:11400
- C:\Windows\System32\FeEweli.exe
  C:\Windows\System32\FeEweli.exe
  2⤵
  PID:11428
- C:\Windows\System32\qSfUCWN.exe
  C:\Windows\System32\qSfUCWN.exe
  2⤵
  PID:11456
- C:\Windows\System32\ayrrVsY.exe
  C:\Windows\System32\ayrrVsY.exe
  2⤵
  PID:11500
- C:\Windows\System32\UCfWjAP.exe
  C:\Windows\System32\UCfWjAP.exe
  2⤵
  PID:11528
- C:\Windows\System32\GayYTgc.exe
  C:\Windows\System32\GayYTgc.exe
  2⤵
  PID:11556
- C:\Windows\System32\GJKxauo.exe
  C:\Windows\System32\GJKxauo.exe
  2⤵
  PID:11576
- C:\Windows\System32\rrnnwYs.exe
  C:\Windows\System32\rrnnwYs.exe
  2⤵
  PID:11612
- C:\Windows\System32\gSHwOwe.exe
  C:\Windows\System32\gSHwOwe.exe
  2⤵
  PID:11628
- C:\Windows\System32\lhQaMaU.exe
  C:\Windows\System32\lhQaMaU.exe
  2⤵
  PID:11648
- C:\Windows\System32\AaSTWFE.exe
  C:\Windows\System32\AaSTWFE.exe
  2⤵
  PID:11700
- C:\Windows\System32\TfvqswF.exe
  C:\Windows\System32\TfvqswF.exe
  2⤵
  PID:11752
- C:\Windows\System32\HqtcDsG.exe
  C:\Windows\System32\HqtcDsG.exe
  2⤵
  PID:11784
- C:\Windows\System32\oiIsOKP.exe
  C:\Windows\System32\oiIsOKP.exe
  2⤵
  PID:11824
- C:\Windows\System32\eHsXBkx.exe
  C:\Windows\System32\eHsXBkx.exe
  2⤵
  PID:11868
- C:\Windows\System32\BdYgHbo.exe
  C:\Windows\System32\BdYgHbo.exe
  2⤵
  PID:11900
- C:\Windows\System32\nIgKzPw.exe
  C:\Windows\System32\nIgKzPw.exe
  2⤵
  PID:11932
- C:\Windows\System32\DCvIlMz.exe
  C:\Windows\System32\DCvIlMz.exe
  2⤵
  PID:11972
- C:\Windows\System32\rCCDcwE.exe
  C:\Windows\System32\rCCDcwE.exe
  2⤵
  PID:12020
- C:\Windows\System32\FVdSzft.exe
  C:\Windows\System32\FVdSzft.exe
  2⤵
  PID:12040
- C:\Windows\System32\qclfFVS.exe
  C:\Windows\System32\qclfFVS.exe
  2⤵
  PID:12060
- C:\Windows\System32\GdEuQVw.exe
  C:\Windows\System32\GdEuQVw.exe
  2⤵
  PID:12100
- C:\Windows\System32\gKqlRBj.exe
  C:\Windows\System32\gKqlRBj.exe
  2⤵
  PID:12184
- C:\Windows\System32\utwhEYR.exe
  C:\Windows\System32\utwhEYR.exe
  2⤵
  PID:12204
- C:\Windows\System32\RdQpjHQ.exe
  C:\Windows\System32\RdQpjHQ.exe
  2⤵
  PID:12236
- C:\Windows\System32\hnZFkQE.exe
  C:\Windows\System32\hnZFkQE.exe
  2⤵
  PID:12268
- C:\Windows\System32\vxchgEJ.exe
  C:\Windows\System32\vxchgEJ.exe
  2⤵
  PID:10984
- C:\Windows\System32\sXXsuEI.exe
  C:\Windows\System32\sXXsuEI.exe
  2⤵
  PID:11324
- C:\Windows\System32\zWJPqKn.exe
  C:\Windows\System32\zWJPqKn.exe
  2⤵
  PID:11384
- C:\Windows\System32\EOVAQNn.exe
  C:\Windows\System32\EOVAQNn.exe
  2⤵
  PID:11448
- C:\Windows\System32\fQyUgdK.exe
  C:\Windows\System32\fQyUgdK.exe
  2⤵
  PID:11512
- C:\Windows\System32\ZfpQgPQ.exe
  C:\Windows\System32\ZfpQgPQ.exe
  2⤵
  PID:11596
- C:\Windows\System32\SzkmTjd.exe
  C:\Windows\System32\SzkmTjd.exe
  2⤵
  PID:11656
- C:\Windows\System32\UdjRhdm.exe
  C:\Windows\System32\UdjRhdm.exe
  2⤵
  PID:11748
- C:\Windows\System32\KAilLCo.exe
  C:\Windows\System32\KAilLCo.exe
  2⤵
  PID:11844
- C:\Windows\System32\KAFFkMv.exe
  C:\Windows\System32\KAFFkMv.exe
  2⤵
  PID:11928
- C:\Windows\System32\NOvXkZn.exe
  C:\Windows\System32\NOvXkZn.exe
  2⤵
  PID:12008
- C:\Windows\System32\SBEUsGl.exe
  C:\Windows\System32\SBEUsGl.exe
  2⤵
  PID:12076
- C:\Windows\System32\vfgqJwF.exe
  C:\Windows\System32\vfgqJwF.exe
  2⤵
  PID:244
- C:\Windows\System32\NatdNjU.exe
  C:\Windows\System32\NatdNjU.exe
  2⤵
  PID:12212
- C:\Windows\System32\LdmQIaB.exe
  C:\Windows\System32\LdmQIaB.exe
  2⤵
  PID:12276
- C:\Windows\System32\YRiZANL.exe
  C:\Windows\System32\YRiZANL.exe
  2⤵
  PID:11288
- C:\Windows\System32\hTbQcAW.exe
  C:\Windows\System32\hTbQcAW.exe
  2⤵
  PID:11492
- C:\Windows\System32\xciCwGK.exe
  C:\Windows\System32\xciCwGK.exe
  2⤵
  PID:11712
- C:\Windows\System32\krjcasL.exe
  C:\Windows\System32\krjcasL.exe
  2⤵
  PID:11924
- C:\Windows\System32\lfGhQih.exe
  C:\Windows\System32\lfGhQih.exe
  2⤵
  PID:7940
- C:\Windows\System32\TwvUnEg.exe
  C:\Windows\System32\TwvUnEg.exe
  2⤵
  PID:12216
- C:\Windows\System32\VaecPYY.exe
  C:\Windows\System32\VaecPYY.exe
  2⤵
  PID:11440
- C:\Windows\System32\stgAbTt.exe
  C:\Windows\System32\stgAbTt.exe
  2⤵
  PID:12124
- C:\Windows\System32\tyGFWEu.exe
  C:\Windows\System32\tyGFWEu.exe
  2⤵
  PID:11412
- C:\Windows\System32\VdGxQYz.exe
  C:\Windows\System32\VdGxQYz.exe
  2⤵
  PID:12200
- C:\Windows\System32\pSUQOhr.exe
  C:\Windows\System32\pSUQOhr.exe
  2⤵
  PID:12304
- C:\Windows\System32\PobeCpG.exe
  C:\Windows\System32\PobeCpG.exe
  2⤵
  PID:12332
- C:\Windows\System32\wSjlbVs.exe
  C:\Windows\System32\wSjlbVs.exe
  2⤵
  PID:12360
- C:\Windows\System32\WSmgmub.exe
  C:\Windows\System32\WSmgmub.exe
  2⤵
  PID:12388
- C:\Windows\System32\spHblDl.exe
  C:\Windows\System32\spHblDl.exe
  2⤵
  PID:12420
- C:\Windows\System32\lMMurUe.exe
  C:\Windows\System32\lMMurUe.exe
  2⤵
  PID:12448
- C:\Windows\System32\GQHvjWy.exe
  C:\Windows\System32\GQHvjWy.exe
  2⤵
  PID:12476
- C:\Windows\System32\TCLWmiP.exe
  C:\Windows\System32\TCLWmiP.exe
  2⤵
  PID:12504
- C:\Windows\System32\pkVRTdn.exe
  C:\Windows\System32\pkVRTdn.exe
  2⤵
  PID:12524
- C:\Windows\System32\zIQvFCA.exe
  C:\Windows\System32\zIQvFCA.exe
  2⤵
  PID:12544
- C:\Windows\System32\GFjtSKm.exe
  C:\Windows\System32\GFjtSKm.exe
  2⤵
  PID:12568
- C:\Windows\System32\rWIYJQo.exe
  C:\Windows\System32\rWIYJQo.exe
  2⤵
  PID:12620
- C:\Windows\System32\xMXbqQd.exe
  C:\Windows\System32\xMXbqQd.exe
  2⤵
  PID:12648
- C:\Windows\System32\uEfFbxH.exe
  C:\Windows\System32\uEfFbxH.exe
  2⤵
  PID:12672
- C:\Windows\System32\ZLvgqfk.exe
  C:\Windows\System32\ZLvgqfk.exe
  2⤵
  PID:12696
- C:\Windows\System32\kNmpCPA.exe
  C:\Windows\System32\kNmpCPA.exe
  2⤵
  PID:12712
- C:\Windows\System32\aHadiyi.exe
  C:\Windows\System32\aHadiyi.exe
  2⤵
  PID:12752
- C:\Windows\System32\NcqHFva.exe
  C:\Windows\System32\NcqHFva.exe
  2⤵
  PID:12780
- C:\Windows\System32\DCuAGMS.exe
  C:\Windows\System32\DCuAGMS.exe
  2⤵
  PID:12832
- C:\Windows\System32\igQcHxa.exe
  C:\Windows\System32\igQcHxa.exe
  2⤵
  PID:12852
- C:\Windows\System32\WXFKttz.exe
  C:\Windows\System32\WXFKttz.exe
  2⤵
  PID:12880
- C:\Windows\System32\UnnBcUK.exe
  C:\Windows\System32\UnnBcUK.exe
  2⤵
  PID:12912
- C:\Windows\System32\NuOnkLE.exe
  C:\Windows\System32\NuOnkLE.exe
  2⤵
  PID:12940
- C:\Windows\System32\xdDWiJf.exe
  C:\Windows\System32\xdDWiJf.exe
  2⤵
  PID:12968
- C:\Windows\System32\qgXPQRq.exe
  C:\Windows\System32\qgXPQRq.exe
  2⤵
  PID:12996
- C:\Windows\System32\jcibMjq.exe
  C:\Windows\System32\jcibMjq.exe
  2⤵
  PID:13024
- C:\Windows\System32\kFtPUif.exe
  C:\Windows\System32\kFtPUif.exe
  2⤵
  PID:13052
- C:\Windows\System32\zDLIwzm.exe
  C:\Windows\System32\zDLIwzm.exe
  2⤵
  PID:13080
- C:\Windows\System32\hCuaNEi.exe
  C:\Windows\System32\hCuaNEi.exe
  2⤵
  PID:13096
- C:\Windows\System32\REoqNfb.exe
  C:\Windows\System32\REoqNfb.exe
  2⤵
  PID:13124
- C:\Windows\System32\WEwiXxU.exe
  C:\Windows\System32\WEwiXxU.exe
  2⤵
  PID:13156
- C:\Windows\System32\nBmdLnt.exe
  C:\Windows\System32\nBmdLnt.exe
  2⤵
  PID:13188
- C:\Windows\System32\suDxPTD.exe
  C:\Windows\System32\suDxPTD.exe
  2⤵
  PID:13220
- C:\Windows\System32\GLGnRbY.exe
  C:\Windows\System32\GLGnRbY.exe
  2⤵
  PID:13240
- C:\Windows\System32\lDlKdyP.exe
  C:\Windows\System32\lDlKdyP.exe
  2⤵
  PID:13264
- C:\Windows\System32\XRRfCPv.exe
  C:\Windows\System32\XRRfCPv.exe
  2⤵
  PID:13296
- C:\Windows\System32\ipuSnHd.exe
  C:\Windows\System32\ipuSnHd.exe
  2⤵
  PID:12328
- C:\Windows\System32\KLACvws.exe
  C:\Windows\System32\KLACvws.exe
  2⤵
  PID:12404
- C:\Windows\System32\UOuCgBL.exe
  C:\Windows\System32\UOuCgBL.exe
  2⤵
  PID:12460
- C:\Windows\System32\EoXSNrv.exe
  C:\Windows\System32\EoXSNrv.exe
  2⤵
  PID:12540
- C:\Windows\System32\EbICNpz.exe
  C:\Windows\System32\EbICNpz.exe
  2⤵
  PID:12596
- C:\Windows\System32\MMTAUfs.exe
  C:\Windows\System32\MMTAUfs.exe
  2⤵
  PID:12660
- C:\Windows\System32\wxARFiN.exe
  C:\Windows\System32\wxARFiN.exe
  2⤵
  PID:12688
- C:\Windows\System32\jOmcfoy.exe
  C:\Windows\System32\jOmcfoy.exe
  2⤵
  PID:12728
- C:\Windows\System32\NfvuTKm.exe
  C:\Windows\System32\NfvuTKm.exe
  2⤵
  PID:10936
- C:\Windows\System32\NsDBpKz.exe
  C:\Windows\System32\NsDBpKz.exe
  2⤵
  PID:12844
- C:\Windows\System32\HSLNwLP.exe
  C:\Windows\System32\HSLNwLP.exe
  2⤵
  PID:12876
- C:\Windows\System32\rZzmPAy.exe
  C:\Windows\System32\rZzmPAy.exe
  2⤵
  PID:12936
- C:\Windows\System32\JaTcund.exe
  C:\Windows\System32\JaTcund.exe
  2⤵
  PID:13072
- C:\Windows\System32\RcMsBhh.exe
  C:\Windows\System32\RcMsBhh.exe
  2⤵
  PID:13108
- C:\Windows\System32\ezRHhaw.exe
  C:\Windows\System32\ezRHhaw.exe
  2⤵
  PID:13144
- C:\Windows\System32\CFPQDvZ.exe
  C:\Windows\System32\CFPQDvZ.exe
  2⤵
  PID:13168
- C:\Windows\System32\hMCqYiD.exe
  C:\Windows\System32\hMCqYiD.exe
  2⤵
  PID:13228
- C:\Windows\System32\GukabgQ.exe
  C:\Windows\System32\GukabgQ.exe
  2⤵
  PID:13292
- C:\Windows\System32\pwMseZH.exe
  C:\Windows\System32\pwMseZH.exe
  2⤵
  PID:12380
- C:\Windows\System32\lNsSjLS.exe
  C:\Windows\System32\lNsSjLS.exe
  2⤵
  PID:12664
- C:\Windows\System32\lzaFDyt.exe
  C:\Windows\System32\lzaFDyt.exe
  2⤵
  PID:12772
- C:\Windows\System32\xnPWEhz.exe
  C:\Windows\System32\xnPWEhz.exe
  2⤵
  PID:13136
- C:\Windows\System32\RTxFWHQ.exe
  C:\Windows\System32\RTxFWHQ.exe
  2⤵
  PID:12296
- C:\Windows\System32\ZWwfMll.exe
  C:\Windows\System32\ZWwfMll.exe
  2⤵
  PID:12372
- C:\Windows\System32\TzeFRzw.exe
  C:\Windows\System32\TzeFRzw.exe
  2⤵
  PID:12704
- C:\Windows\System32\oQgzrXR.exe
  C:\Windows\System32\oQgzrXR.exe
  2⤵
  PID:13076
- C:\Windows\System32\KAUcwht.exe
  C:\Windows\System32\KAUcwht.exe
  2⤵
  PID:12724
- C:\Windows\System32\lVRYjsY.exe
  C:\Windows\System32\lVRYjsY.exe
  2⤵
  PID:12356
- C:\Windows\System32\gDIMLhQ.exe
  C:\Windows\System32\gDIMLhQ.exe
  2⤵
  PID:13328
- C:\Windows\System32\eCtKGsv.exe
  C:\Windows\System32\eCtKGsv.exe
  2⤵
  PID:13356
- C:\Windows\System32\dOZhTeZ.exe
  C:\Windows\System32\dOZhTeZ.exe
  2⤵
  PID:13388
- C:\Windows\System32\otvGWAa.exe
  C:\Windows\System32\otvGWAa.exe
  2⤵
  PID:13436
- C:\Windows\System32\ZfVbGlJ.exe
  C:\Windows\System32\ZfVbGlJ.exe
  2⤵
  PID:13480
- C:\Windows\System32\SCWUPmC.exe
  C:\Windows\System32\SCWUPmC.exe
  2⤵
  PID:13508
- C:\Windows\System32\WcESRad.exe
  C:\Windows\System32\WcESRad.exe
  2⤵
  PID:13536
- C:\Windows\System32\CkLHtzP.exe
  C:\Windows\System32\CkLHtzP.exe
  2⤵
  PID:13564
- C:\Windows\System32\IKmqkVk.exe
  C:\Windows\System32\IKmqkVk.exe
  2⤵
  PID:13580
- C:\Windows\System32\CwFjcmB.exe
  C:\Windows\System32\CwFjcmB.exe
  2⤵
  PID:13632
- C:\Windows\System32\VFMzUNA.exe
  C:\Windows\System32\VFMzUNA.exe
  2⤵
  PID:13648
- C:\Windows\System32\EpwqKic.exe
  C:\Windows\System32\EpwqKic.exe
  2⤵
  PID:13676
- C:\Windows\System32\YkSBVYZ.exe
  C:\Windows\System32\YkSBVYZ.exe
  2⤵
  PID:13704
- C:\Windows\System32\CDyCLUG.exe
  C:\Windows\System32\CDyCLUG.exe
  2⤵
  PID:13732
- C:\Windows\System32\BaWYkdp.exe
  C:\Windows\System32\BaWYkdp.exe
  2⤵
  PID:13940
- C:\Windows\System32\vidbUfa.exe
  C:\Windows\System32\vidbUfa.exe
  2⤵
  PID:13956

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BhvnIoY.exe

Filesize
2.6MB

MD5
ffc4de795f5e0a31cc27dd0522a2496c

SHA1
1b5245f7646c1a25858acb28438812be5b841d5a

SHA256
d3c4ec8d0674a857f59214a5e4f835c59835649b27e363d8f83d060ed5641c4d

SHA512
b7dc08085f126ce86a7c649f4b2969f19033cac14ca61aa0ea13d7ca56e1d2441879cf70db4819faa76ebe94c93f126fa0c66dab606aee3bf8a3ba8633962c77

Download Submit
C:\Windows\System32\HvTNEoC.exe

Filesize
2.6MB

MD5
32504799dbb353141b2ff87ae835e5ef

SHA1
ebfd5611cdb8b1381e27962f2f814d784c6040a0

SHA256
7b4738b541a2945a48e09f1491d3bd0c26cea7c09a06845fcdfe7f9130a44c67

SHA512
2aed3b77b1f8785790258d409fe41f90de64964704f35b6f101ccf5bed7fa52c470e8b47143a4058935697db8c1d5e26f6d93cc2d3f702142d2286908b37137f

Download Submit
C:\Windows\System32\IBNmlVg.exe

Filesize
2.6MB

MD5
7f616bff13c7c0236bc75426ac736840

SHA1
9ed6732636c06711512b589d0ad7e08164f7d242

SHA256
f9b878bc6ffe3313b28445f51391b304e5cc0a58806c5d368b25beeb0d1c5c92

SHA512
62aebc3f7817a742f1e1f900c0af3f614ddcdb3bccabb571ae071a7b3869c41b9f3d97f0f54a16b05b666f2655892bcb78702eb71dc145edeb940c9eedb8e4ad

Download Submit
C:\Windows\System32\IHAwbMP.exe

Filesize
2.6MB

MD5
aecda74ed8434d742b35fadc3d60a8d6

SHA1
548af5915977dfa724f85611e0ab7b2a1e12891f

SHA256
bcc69056c915d954c7265e4f25fce604557eb18de051cb6926c767b5ada5e0be

SHA512
a4d2dc2d61d9eca414c43849b534e491db007ba69ad54de108ef739d78120fc88e075063c5545d280936096fab0f900925349152595effdcb603f907296b5af8

Download Submit
C:\Windows\System32\IVXUoak.exe

Filesize
2.6MB

MD5
f86e12cecafde13c2c7d51cb5df65291

SHA1
56bd6017cbf5582801e2fe8e402d1b4c7710f083

SHA256
6cc9ef11e863262304489499897e4d8cd9d62c96534fca1ca9e973cedf2449a9

SHA512
2e6555d20ab00e68ed06e6dc1282bc540a6de14e645ce9660fe6eb6bc8d204a7dc6cdb5d9dd68303e8a4b12e869cef2982d13716975b5af0e228a37a12aba770

Download Submit
C:\Windows\System32\JGFFQGk.exe

Filesize
2.6MB

MD5
cd95afdcdaea29c09eae82b5a58c9c12

SHA1
d0ea481bb56520620e596d875ce6615bdf5bffc4

SHA256
b124a276b2d4679403e369ac57e5f38dc2accdb4f172f6b7e42fba871a93115d

SHA512
1b8bf11515dbda9d7e2b220eb34dd26b60ed2856474de15f900ba78c1742bdd4cf168327aaa3d758201606f282ce1c415dbc9eef4096c7cb86fee659f727274b

Download Submit
C:\Windows\System32\LOWwmJv.exe

Filesize
2.6MB

MD5
b7b406c338789835fe35b55167b0bbb9

SHA1
a02b49ea4931a7e8060f8f93f441d0db920d561d

SHA256
999304407bb2f6cb2f68a89a2d8592c49a0ff7099a5fdd3a7cb6c6bc7a911299

SHA512
feeb6a5a84d0432f0fb2efa3f797134de04537bbdb0499976bb59e319c7131282f00e53344d08fd0570aa55d6ba861e2f589bc9bdc6d270e4a9ccf4ea48127ba

Download Submit
C:\Windows\System32\MVkwHLV.exe

Filesize
2.6MB

MD5
c16b4593c751d47f7d76a4a4aa030e72

SHA1
d73935132cf2c6e8029d22290b0713a1cfefd3d1

SHA256
8c300eacd4a5cf3e2b2c546b674b94feace3b7e144c63de99e7d5dabcd54d913

SHA512
35763e5db33abd4cc6d23b6764b8c422557a5d7b41668e90c1e6ff66dfe7fd43faae33acbd56e7d2433e95bab76ecfd181a4acbdc1b6d5ae9730124631fe413f

Download Submit
C:\Windows\System32\NBuXZqx.exe

Filesize
2.6MB

MD5
b460c356ad642fa2b029a7c6b2f38b0f

SHA1
9809a2589b3c3ee99c3ae4a9547da5a0a2af7e0f

SHA256
9636a00bfdb094d7c040b8c24cd19ff323c9ee368d849a1f067024e87ffe20f4

SHA512
da9b17a01a62d1346017dc298575f99c434ff1e8d36ced2f6f8334056093c8a878a8bcedf5aa0669272e1145aa2f6d51e681867752dc688dc2278522a6bd32c3

Download Submit
C:\Windows\System32\OIjepSL.exe

Filesize
2.6MB

MD5
637ca9718106e0622bc1c9f569693265

SHA1
67aac49cdfb206505bd7c4af012e2b77ac5806f6

SHA256
c381d5cec1050d1d0fd01f18fe58b3733ee63a33732e06e25160182047bc1fab

SHA512
cacc7473e16287d6029f12a1ec2f492aad3984cc6a73682beb458987cff782ccd42b6d12b25e0327d23f23438c79c325fecd414dab4e473850f3d026225c0b32

Download Submit
C:\Windows\System32\QlRWCPk.exe

Filesize
2.6MB

MD5
6b31c92e13b267bc1bcf244173dd4d4f

SHA1
ffdbd48ec12b8fa35e7ffa05386a521a0a848e5e

SHA256
35e6882f8e1b201c0da83e3b5b1783898b8302d2bd38aa076edda4ea449becf5

SHA512
0b226bd2e2fb4200b1c3fb5fc219c93f6bb9c1430d00262df0cf47bc1bdb19f5cf70c0e03d6a0f9b7556256f8b873d93c31da6096063e39cbb1768120f803059

Download Submit
C:\Windows\System32\WTZWHbN.exe

Filesize
2.6MB

MD5
8c5303cd8f668e5eb373fee082d1adef

SHA1
26416cd7dbcaa6feb8bb4cc5a89fe67d3e6e92b8

SHA256
21b3447b3838424d8afc728221954dc28ba8d5b22520006dfc1fe763305d93fe

SHA512
0ad7014258eba3120097834d241861b9d5e2d766ac9393ca34736e7173e0bedaf15263a2575daded37f2332c126a489ac39ae65f8bece3f75c992edea889a746

Download Submit
C:\Windows\System32\WqLDlwE.exe

Filesize
2.6MB

MD5
e6b5f18c6aba6c74ef63791d97a5c9da

SHA1
99bb6f6a854d3f6346d531f02d5b04c5788b9fd5

SHA256
57c14d61e5aee11284461c579030f350a3d40f39635f7f376b2a22e2099ae6a8

SHA512
9025f732877a39dcb9a96f3a7e9a501e4a4cc1c238ee2fa6cdb265ac0732a06e000f2956c135b6f2e06df7427ad531dd47abaf2f9ae89499719e89f4614aef6e

Download Submit
C:\Windows\System32\XjZUFqz.exe

Filesize
2.6MB

MD5
784fccd678bbc63f5c2a3f9b0aaeaf86

SHA1
422d2d297f993d33a9e6022a075daeea1f7175a7

SHA256
cc3a4e8e10020244b794a10983f4cb0a57149ee5088eddce88a41bc9e5391706

SHA512
6d3a6c18983e60cae22bf24dd110e50d745e27d4997a1cc82f859557ef253898d76a25d5a5b508359aa67842097a2849a76c13b5feacee27f8b35dfab7632382

Download Submit
C:\Windows\System32\ZFSrkil.exe

Filesize
2.6MB

MD5
9b00ba64e3752c20737f91669e871c45

SHA1
b1b2b5fc167497c36c0f004012e303db41f04d3d

SHA256
2283cdd3a49c3eae5904675b1c6dbf7b8dafb5c1457e1e6428abec3e8ec0774e

SHA512
0f5549225fc04e6eb69e3a63b38da086546a8c27a0fd04992ccb0a5c64c1d72674c12bade9b1f97aef4bbb749a535bbdfaec68709bd059d8dd3f2df520e96b4c

Download Submit
C:\Windows\System32\ZNXrZqj.exe

Filesize
2.6MB

MD5
10f3b970b7064144225824919d57b208

SHA1
c78c3d62ad6f3f8d36004a27fab5f7059f86d008

SHA256
6bf93069eb2228f0461443eaafe31bc12e5ef6c4ec78cb6ffbbb5600e09cad89

SHA512
61dfc0f47b86e08b04dde12d56b1cb6a6dfc707d0a6b2ac0092325fd01c831ed6533c3c65dd306cc561f7a8d1d7e0966550bcb28715a3695478ec07fb7f001d3

Download Submit
C:\Windows\System32\ZbyAhhg.exe

Filesize
2.6MB

MD5
86488bf038f0f47b463b44fd84a5b9cc

SHA1
4f63f35d9850d12fd79255b5a48de7db6b60da87

SHA256
f32d8275c99e01fc0c4dee95646ab72d6096cc71cae68aaf11b6e461475a3e6a

SHA512
42a3a4fd619ecdfd829a8815345db6cf96da27e655f15a84abcdb91a2d8ee97d7b54ae33d0e05b76df49f738e226f7087f5d282d5995e70d5347b117902b28fe

Download Submit
C:\Windows\System32\dKgLTxG.exe

Filesize
2.6MB

MD5
f634a960d72685bcdb06cf6c326911e0

SHA1
8611e1a2f66d9a9057ceccf3c5b2b3e012ed8d34

SHA256
b47d8e24789688bfe617a9d514e07df21c0322da69cb5f82960d24945adcdc4d

SHA512
88a3f8426a2a8472c19cf4d397ba61b9d3ec25635c5e12b472b84e5f520065481d8fa249eb0d22ff106fb126f63dd3d6bb429c672e8f6cdb165c82d532d4823a

Download Submit
C:\Windows\System32\fEGxiYl.exe

Filesize
2.6MB

MD5
1eb414b0ff6e67ed57df860dff38a4ae

SHA1
da288ec4bb29aec092ef769c86dffd93d1fe7cc1

SHA256
6b627e5f68e4afa45bdec564c62f4bb02173e60a9c238b961dcea6508ccc8dde

SHA512
8b0e158f4eb3ae2fc5d72e047ed392ad7da2788c3bfcf523e2ea8325ed0e5e5f56af74d07b91a77225bc0bbaea99878647626feedea0e85091cd00ff0db7c898

Download Submit
C:\Windows\System32\fMhFCwa.exe

Filesize
2.6MB

MD5
7c8eb5aad9d7a01597e6d9c5c5bfe3f7

SHA1
65ecb57bdc3a286899b3c2e448e092be598e1353

SHA256
3081fac3fbcaaa48a7ed0426b133a616bd7eb825903456a28bbb81b73836aa47

SHA512
686865bd781c8a2137742d820787373231298d750c1c34b778e80ac73427544016470952f83aa80381d6626bc188222b1ca6e8ea916487c20e8424dee17e5490

Download Submit
C:\Windows\System32\gjJQjnA.exe

Filesize
2.6MB

MD5
fdc32e1d63f78e14f5415d5f8c4de707

SHA1
1068209eb9344e84e9fec62164c3a9a7a87a4beb

SHA256
6f41bfc558c8ac90664437e72a9f8605c999c5d3d70135442c63e5223bdc9cbe

SHA512
cfd010e54c1cd467c85e3b366efa189118d747355620a38dbfbd319739a2c2752945166c4e65ef184bf9d6bc5ed14e34f6a0b5b08142e4f1667eac418d79a81f

Download Submit
C:\Windows\System32\hQMENHJ.exe

Filesize
2.6MB

MD5
f21784d9f3b83d2925c0f7ceb86a63d2

SHA1
87a9ef19bbd987b0d16352ce7e24f0c1731aeaa8

SHA256
48976c397ca06e8e03a6130b8a4083c77e2f8a1c70c3fec82f8ebd5cbba9ceab

SHA512
7afae80d5efcb00572c772c1a3e2ae6a4ae4b469998f92a218f3561eb7e1d321fc471b9323606eee4b76b15f738c2e2f78a89644438c34a9cd39d87119236722

Download Submit
C:\Windows\System32\iPGORDr.exe

Filesize
2.6MB

MD5
81abb78182547af713eafa7ebd536f87

SHA1
84d0c23057788f36560de264e6cf71d36268a838

SHA256
5de2c1786e45031f1df5303847a274228c9c9e4e49e0e4693d3290ee8ed465e0

SHA512
96d466eccf071a0570a44765e1d09556b867559d096ec3c2cd8d8ccce2f289e9077973e407956d0ac1d3a53c957d588acf41feedf9000e83938f9310add43cf3

Download Submit
C:\Windows\System32\kJzopyi.exe

Filesize
2.6MB

MD5
289d3f29b255e1aa2d365a5c6756fdde

SHA1
a73024c1314907b8a1fea8e560cbdd11a2bea2a3

SHA256
2dcd871ac66ed56fd4cb4d37f7d44fa3d4490d9a464cfa84f3f9003703e9cdfd

SHA512
f8c634d145fccfce1c372c106d18db5c92a2a971bc79bb3470903de66e8c72778f1aa53c2eb6443dbd8a244177b955f659d83729ed4646cc49043eedc6a26d07

Download Submit
C:\Windows\System32\kTLLAee.exe

Filesize
2.6MB

MD5
34b5920481ddacdd943f26d4a87276b2

SHA1
bc507103d1b054c255abe8753023e50cfbbbf45b

SHA256
0592b3e97eedcb87a5c25b6fc65b928764b4de4f64005301e7c4ec82e6357905

SHA512
646d0a71a3347ff23309f14d7f1dbdf4a4b60ed9c8198c4b0c95834a02c178fd954adfcc9f9ea990cb77cf189f1844f47c91aa6014002d142b1465510636f958

Download Submit
C:\Windows\System32\knQzRoI.exe

Filesize
2.6MB

MD5
03d78095190fe57f80ff3864ce549738

SHA1
ea89e9e4ae968e01fcb23a85aaa1bee3ddd2df7d

SHA256
d7b4091774b4f1716ec987ee4d5e23a904b84890a3672883439af20845d3d5b4

SHA512
79e350930b4696f19981756d28b8dfc7f75073dba30a0361a9b4ba2b428b007df4755d6cd320be49548596ac34432511e120e201891c38d80f8e131ab6fbe765

Download Submit
C:\Windows\System32\mFtkrjG.exe

Filesize
2.6MB

MD5
c9777c54dfcf843d90219bf1a6f0fb48

SHA1
bea6ff80db98292836cf020b7424978a78123661

SHA256
99e193e2e866b02837b974745788a1126e8ffd167751b384184ad2e0de56f37e

SHA512
0b281bf14151d79753272ebfcf11e92eb4a7f1b5635d980334e9a3fe1ca50738c5ce67a6fb24ca4d644e3dedcfb8f67e6640042633ab5224a5fe846da2fd6866

Download Submit
C:\Windows\System32\rLJHHHU.exe

Filesize
2.6MB

MD5
29c0abeeb6165d73803f6e9e8f3bf404

SHA1
843bf9af7620bda9d535448baa9298b79d32d07c

SHA256
49f4f5eebc55afe7253380b112d6cebfd1edbff47cbce71af97506607a153218

SHA512
e4e85e12120e7e177e94b88696940a5a2d1c764f523a5d9c0dd134b2217575112eb873bded04f3272792282532081257e7cc77ab966503c0a5ae59b8b9ea4991

Download Submit
C:\Windows\System32\srjaHLX.exe

Filesize
2.6MB

MD5
bb5a6fe00d075f3e079770d324d47207

SHA1
5a6ee4b5e1ca40d9821c9a615f9f5f8576a556ce

SHA256
eec6273ffa69cd41c75b7de166c99c6b2a74babb8d446d576715be06346ec5d4

SHA512
483efe78eced59cc66a53145de0d23b0327a17744382f213c5a8b135314a8be8edf2eeebc8eb4e0f5a716eaff2ae9695aa8c0d01061945714c38ebe871fd4218

Download Submit
C:\Windows\System32\tQbFlNy.exe

Filesize
2.6MB

MD5
bf27fd3b5cef7ea9bcd45793769f2f43

SHA1
e4f52f080ced2a475f6f79f7a6510d93a1fc5c10

SHA256
f8f037ad4ddfc60aa256f258c45938955ce262f57d97546e6891ac41121767e8

SHA512
7408566a0240a772a6eca856adf960740e79b53367c82c5630f57264ff06c77f5fc818caf1ddc549f7a14f62d2c3ad12d7adf18de2261b6f856630317264c6e9

Download Submit
C:\Windows\System32\uEyCWqw.exe

Filesize
2.6MB

MD5
9e80c495918b6a5918a9cc7fabe7c93f

SHA1
aaa8278d47f0514ef21e16a41a1b0fe80cc568a6

SHA256
a17a5c88cf58a7602d9e4fd444b565eda78ebc08cef8c9fa8803f81e6a1325a4

SHA512
3adec4f4d655d097851f5ba75b5f341677fe39563b75242cf3ba501164cccfc42a6a7f75ba174508f5b216d1fd3d33782d2e657d8db62203c51991f4ec52fefa

Download Submit
C:\Windows\System32\ulfihnQ.exe

Filesize
2.6MB

MD5
4e252387e78f15b2a69dd9a04086e2fe

SHA1
63807a20c1bea35076cef293faebc9569e740968

SHA256
1bac585425db72c8b7fd7e2246a37a4f505b59ae77fc21984dadf1a5b02c3782

SHA512
8dd1d845f871b9a91dd045ed2b3b1dca77b687f3929bcd5d522ed021bc4245e9a40174f0cf930f878fc7bda6b3a8b3320d3d6737654e9305bcfa4a735804f8e5

Download Submit
memory/184-2046-0x00007FF6E1E90000-0x00007FF6E2285000-memory.dmp

Filesize
4.0MB

Download
memory/184-784-0x00007FF6E1E90000-0x00007FF6E2285000-memory.dmp

Filesize
4.0MB

Download
memory/516-767-0x00007FF725B90000-0x00007FF725F85000-memory.dmp

Filesize
4.0MB

Download
memory/516-2056-0x00007FF725B90000-0x00007FF725F85000-memory.dmp

Filesize
4.0MB

Download
memory/784-2040-0x00007FF74BEE0000-0x00007FF74C2D5000-memory.dmp

Filesize
4.0MB

Download
memory/784-1-0x00000120F68B0000-0x00000120F68C0000-memory.dmp

Filesize
64KB

Download
memory/784-1051-0x00007FF74BEE0000-0x00007FF74C2D5000-memory.dmp

Filesize
4.0MB

Download
memory/784-0-0x00007FF74BEE0000-0x00007FF74C2D5000-memory.dmp

Filesize
4.0MB

Download
memory/1180-2048-0x00007FF73BCB0000-0x00007FF73C0A5000-memory.dmp

Filesize
4.0MB

Download
memory/1180-1564-0x00007FF73BCB0000-0x00007FF73C0A5000-memory.dmp

Filesize
4.0MB

Download
memory/1180-44-0x00007FF73BCB0000-0x00007FF73C0A5000-memory.dmp

Filesize
4.0MB

Download
memory/1532-2064-0x00007FF6541E0000-0x00007FF6545D5000-memory.dmp

Filesize
4.0MB

Download
memory/1532-777-0x00007FF6541E0000-0x00007FF6545D5000-memory.dmp

Filesize
4.0MB

Download
memory/1688-770-0x00007FF69F630000-0x00007FF69FA25000-memory.dmp

Filesize
4.0MB

Download
memory/1688-2059-0x00007FF69F630000-0x00007FF69FA25000-memory.dmp

Filesize
4.0MB

Download
memory/2348-2063-0x00007FF7AE450000-0x00007FF7AE845000-memory.dmp

Filesize
4.0MB

Download
memory/2348-781-0x00007FF7AE450000-0x00007FF7AE845000-memory.dmp

Filesize
4.0MB

Download
memory/2436-2045-0x00007FF616F40000-0x00007FF617335000-memory.dmp

Filesize
4.0MB

Download
memory/2436-1561-0x00007FF616F40000-0x00007FF617335000-memory.dmp

Filesize
4.0MB

Download
memory/2436-36-0x00007FF616F40000-0x00007FF617335000-memory.dmp

Filesize
4.0MB

Download
memory/2636-771-0x00007FF689760000-0x00007FF689B55000-memory.dmp

Filesize
4.0MB

Download
memory/2636-2053-0x00007FF689760000-0x00007FF689B55000-memory.dmp

Filesize
4.0MB

Download
memory/2900-2051-0x00007FF79CD60000-0x00007FF79D155000-memory.dmp

Filesize
4.0MB

Download
memory/2900-772-0x00007FF79CD60000-0x00007FF79D155000-memory.dmp

Filesize
4.0MB

Download
memory/3036-789-0x00007FF6E3D90000-0x00007FF6E4185000-memory.dmp

Filesize
4.0MB

Download
memory/3036-2050-0x00007FF6E3D90000-0x00007FF6E4185000-memory.dmp

Filesize
4.0MB

Download
memory/3676-2058-0x00007FF615000000-0x00007FF6153F5000-memory.dmp

Filesize
4.0MB

Download
memory/3676-778-0x00007FF615000000-0x00007FF6153F5000-memory.dmp

Filesize
4.0MB

Download
memory/3948-2043-0x00007FF666010000-0x00007FF666405000-memory.dmp

Filesize
4.0MB

Download
memory/3948-1447-0x00007FF666010000-0x00007FF666405000-memory.dmp

Filesize
4.0MB

Download
memory/3948-27-0x00007FF666010000-0x00007FF666405000-memory.dmp

Filesize
4.0MB

Download
memory/4140-21-0x00007FF700DF0000-0x00007FF7011E5000-memory.dmp

Filesize
4.0MB

Download
memory/4140-2044-0x00007FF700DF0000-0x00007FF7011E5000-memory.dmp

Filesize
4.0MB

Download
memory/4140-1444-0x00007FF700DF0000-0x00007FF7011E5000-memory.dmp

Filesize
4.0MB

Download
memory/4184-2060-0x00007FF7D2090000-0x00007FF7D2485000-memory.dmp

Filesize
4.0MB

Download
memory/4184-769-0x00007FF7D2090000-0x00007FF7D2485000-memory.dmp

Filesize
4.0MB

Download
memory/4244-768-0x00007FF633FC0000-0x00007FF6343B5000-memory.dmp

Filesize
4.0MB

Download
memory/4244-2055-0x00007FF633FC0000-0x00007FF6343B5000-memory.dmp

Filesize
4.0MB

Download
memory/4396-2052-0x00007FF6FE6C0000-0x00007FF6FEAB5000-memory.dmp

Filesize
4.0MB

Download
memory/4396-774-0x00007FF6FE6C0000-0x00007FF6FEAB5000-memory.dmp

Filesize
4.0MB

Download
memory/4540-776-0x00007FF726DC0000-0x00007FF7271B5000-memory.dmp

Filesize
4.0MB

Download
memory/4540-2061-0x00007FF726DC0000-0x00007FF7271B5000-memory.dmp

Filesize
4.0MB

Download
memory/4632-7-0x00007FF7577E0000-0x00007FF757BD5000-memory.dmp

Filesize
4.0MB

Download
memory/4632-1193-0x00007FF7577E0000-0x00007FF757BD5000-memory.dmp

Filesize
4.0MB

Download
memory/4632-2041-0x00007FF7577E0000-0x00007FF757BD5000-memory.dmp

Filesize
4.0MB

Download
memory/4660-47-0x00007FF77AC60000-0x00007FF77B055000-memory.dmp

Filesize
4.0MB

Download
memory/4660-1683-0x00007FF77AC60000-0x00007FF77B055000-memory.dmp

Filesize
4.0MB

Download
memory/4660-2049-0x00007FF77AC60000-0x00007FF77B055000-memory.dmp

Filesize
4.0MB

Download
memory/4720-2062-0x00007FF6F43C0000-0x00007FF6F47B5000-memory.dmp

Filesize
4.0MB

Download
memory/4720-775-0x00007FF6F43C0000-0x00007FF6F47B5000-memory.dmp

Filesize
4.0MB

Download
memory/4884-766-0x00007FF6EA310000-0x00007FF6EA705000-memory.dmp

Filesize
4.0MB

Download
memory/4884-2054-0x00007FF6EA310000-0x00007FF6EA705000-memory.dmp

Filesize
4.0MB

Download
memory/5004-765-0x00007FF73E030000-0x00007FF73E425000-memory.dmp

Filesize
4.0MB

Download
memory/5004-2047-0x00007FF73E030000-0x00007FF73E425000-memory.dmp

Filesize
4.0MB

Download
memory/5004-1687-0x00007FF73E030000-0x00007FF73E425000-memory.dmp

Filesize
4.0MB

Download
memory/5028-2042-0x00007FF668EE0000-0x00007FF6692D5000-memory.dmp

Filesize
4.0MB

Download
memory/5028-14-0x00007FF668EE0000-0x00007FF6692D5000-memory.dmp

Filesize
4.0MB

Download
memory/5028-1320-0x00007FF668EE0000-0x00007FF6692D5000-memory.dmp

Filesize
4.0MB

Download
memory/5056-773-0x00007FF635B60000-0x00007FF635F55000-memory.dmp

Filesize
4.0MB

Download
memory/5056-2057-0x00007FF635B60000-0x00007FF635F55000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads