xmrig | 129a6f74d124ab78b9edd6cc5485c3f893d04840116c62e23e7db686adda7978

Analysis

max time kernel
137s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
Size

2.6MB
MD5

7de581f5e1bcec6cb2dddda70710d078
SHA1

f46e27feef527905b34da2ec8cec13fd22b92ab4
SHA256

129a6f74d124ab78b9edd6cc5485c3f893d04840116c62e23e7db686adda7978
SHA512

356921a0c826e98937ba6ab6de50a7e230f9426c83226b5f2442a02738df3eed68271a5d34a51d4293f93c7b1b968fe409f63c681b87243768f9b17a2c35ddb0
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8DzzxTMS5sZGL9:w0GnJMOWPClFdx6e0EALKWVTffZiPAc1

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/232-0-0x00007FF720720000-0x00007FF720B15000-memory.dmp	xmrig
behavioral1/files/0x00040000000233b9-4.dat	xmrig
behavioral1/memory/3732-8-0x00007FF60ECD0000-0x00007FF60F0C5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024274-10.dat	xmrig
behavioral1/files/0x0007000000024275-11.dat	xmrig
behavioral1/files/0x0007000000024276-22.dat	xmrig
behavioral1/files/0x0007000000024277-28.dat	xmrig
behavioral1/memory/1032-32-0x00007FF72F6B0000-0x00007FF72FAA5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024278-31.dat	xmrig
behavioral1/memory/860-38-0x00007FF7A27A0000-0x00007FF7A2B95000-memory.dmp	xmrig
behavioral1/memory/2356-35-0x00007FF6970E0000-0x00007FF6974D5000-memory.dmp	xmrig
behavioral1/memory/5532-34-0x00007FF6D5300000-0x00007FF6D56F5000-memory.dmp	xmrig
behavioral1/memory/4616-14-0x00007FF718A50000-0x00007FF718E45000-memory.dmp	xmrig
behavioral1/files/0x0007000000024279-41.dat	xmrig
behavioral1/files/0x0008000000024271-47.dat	xmrig
behavioral1/files/0x000700000002427a-53.dat	xmrig
behavioral1/files/0x000700000002427b-59.dat	xmrig
behavioral1/memory/5300-57-0x00007FF608D00000-0x00007FF6090F5000-memory.dmp	xmrig
behavioral1/memory/3200-60-0x00007FF76BD20000-0x00007FF76C115000-memory.dmp	xmrig
behavioral1/memory/3756-52-0x00007FF7CACD0000-0x00007FF7CB0C5000-memory.dmp	xmrig
behavioral1/files/0x000700000002427c-66.dat	xmrig
behavioral1/memory/4464-44-0x00007FF7D0440000-0x00007FF7D0835000-memory.dmp	xmrig
behavioral1/memory/1964-68-0x00007FF7681B0000-0x00007FF7685A5000-memory.dmp	xmrig
behavioral1/files/0x000700000002427f-77.dat	xmrig
behavioral1/files/0x0007000000024280-88.dat	xmrig
behavioral1/memory/4664-87-0x00007FF7FD0D0000-0x00007FF7FD4C5000-memory.dmp	xmrig
behavioral1/memory/4560-81-0x00007FF7324A0000-0x00007FF732895000-memory.dmp	xmrig
behavioral1/files/0x0007000000024281-91.dat	xmrig
behavioral1/memory/4804-93-0x00007FF6C7040000-0x00007FF6C7435000-memory.dmp	xmrig
behavioral1/files/0x0007000000024283-102.dat	xmrig
behavioral1/memory/3756-111-0x00007FF7CACD0000-0x00007FF7CB0C5000-memory.dmp	xmrig
behavioral1/memory/5300-118-0x00007FF608D00000-0x00007FF6090F5000-memory.dmp	xmrig
behavioral1/memory/4452-126-0x00007FF646700000-0x00007FF646AF5000-memory.dmp	xmrig
behavioral1/memory/4756-136-0x00007FF6EBC90000-0x00007FF6EC085000-memory.dmp	xmrig
behavioral1/memory/4560-146-0x00007FF7324A0000-0x00007FF732895000-memory.dmp	xmrig
behavioral1/memory/4924-156-0x00007FF6B89F0000-0x00007FF6B8DE5000-memory.dmp	xmrig
behavioral1/files/0x000700000002428e-177.dat	xmrig
behavioral1/memory/4804-768-0x00007FF6C7040000-0x00007FF6C7435000-memory.dmp	xmrig
behavioral1/memory/4532-888-0x00007FF636160000-0x00007FF636555000-memory.dmp	xmrig
behavioral1/memory/5100-1010-0x00007FF6EA670000-0x00007FF6EAA65000-memory.dmp	xmrig
behavioral1/memory/2312-1130-0x00007FF77C060000-0x00007FF77C455000-memory.dmp	xmrig
behavioral1/memory/5088-1249-0x00007FF7FA9B0000-0x00007FF7FADA5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024292-197.dat	xmrig
behavioral1/files/0x0007000000024291-192.dat	xmrig
behavioral1/files/0x0007000000024290-187.dat	xmrig
behavioral1/files/0x000700000002428f-182.dat	xmrig
behavioral1/files/0x000700000002428d-172.dat	xmrig
behavioral1/files/0x000700000002428c-167.dat	xmrig
behavioral1/files/0x000700000002428b-162.dat	xmrig
behavioral1/files/0x000700000002428a-160.dat	xmrig
behavioral1/files/0x0007000000024289-154.dat	xmrig
behavioral1/memory/4664-153-0x00007FF7FD0D0000-0x00007FF7FD4C5000-memory.dmp	xmrig
behavioral1/memory/2708-149-0x00007FF692E80000-0x00007FF693275000-memory.dmp	xmrig
behavioral1/files/0x0007000000024288-147.dat	xmrig
behavioral1/files/0x0007000000024287-141.dat	xmrig
behavioral1/memory/4864-140-0x00007FF7756A0000-0x00007FF775A95000-memory.dmp	xmrig
behavioral1/files/0x0007000000024286-134.dat	xmrig
behavioral1/memory/1964-133-0x00007FF7681B0000-0x00007FF7685A5000-memory.dmp	xmrig
behavioral1/memory/4744-129-0x00007FF73B8E0000-0x00007FF73BCD5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024285-127.dat	xmrig
behavioral1/memory/3200-125-0x00007FF76BD20000-0x00007FF76C115000-memory.dmp	xmrig
behavioral1/memory/5088-121-0x00007FF7FA9B0000-0x00007FF7FADA5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024284-119.dat	xmrig
behavioral1/memory/2312-114-0x00007FF77C060000-0x00007FF77C455000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3732	RzSDAbp.exe
4616	ZIGeFyH.exe
1032	MKGdtpu.exe
860	NEOVIxU.exe
5532	ByRKUVs.exe
2356	amvMJVh.exe
4464	csXiBXz.exe
3756	tmCoBJO.exe
5300	dJnmTHG.exe
3200	jGTbBMX.exe
1964	gBLEBqs.exe
4452	JtDWdeD.exe
4560	bIRJUTs.exe
4664	hSWJguL.exe
4804	vRbBBeq.exe
4532	ReUfFGu.exe
5100	JhxYtrH.exe
2312	jVQqaGd.exe
5088	LguJoCD.exe
4744	IBwHHMR.exe
4756	YAdlUDw.exe
4864	dAGWRxF.exe
2708	XzhGveS.exe
4924	UqdApUN.exe
1420	IZgmYkI.exe
2588	BRpUCXD.exe
1544	bcvqZbL.exe
4000	htlfZKb.exe
868	VjIKHpY.exe
4052	kJocSCZ.exe
3032	zxWZKlg.exe
2924	qSzyvsq.exe
1132	CPDQNJK.exe
736	KvcNVvf.exe
1692	PKZqDtD.exe
2800	bxyFMLk.exe
2596	niOeXHc.exe
4132	YxqMowJ.exe
2704	kdsZwdc.exe
1920	NwgkKEs.exe
3988	WLLKXIL.exe
3552	oqMLqiF.exe
4088	UUBoJCX.exe
5596	aGCeKjR.exe
2020	HNyTWfd.exe
956	KGJjNhj.exe
5260	KFpBzKc.exe
5868	UPlTWOq.exe
2044	GWamdrx.exe
2368	zHzujUl.exe
1152	GwRUjLB.exe
2276	pwkaTCJ.exe
5676	XbQJGFN.exe
5412	BNhwHXg.exe
5396	aGgvAHR.exe
3576	HHixUzz.exe
1620	bnwiUnN.exe
820	aKPggQd.exe
5976	HIuuyBS.exe
5072	gaAfqpa.exe
4272	QAJxjFB.exe
4216	UnykgYT.exe
2188	TnYDecW.exe
2124	lmiWCTA.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\JaMqmAR.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\OnHffGo.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\ckEGsHB.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\XRQeOjQ.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\GWcRSEH.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\eIjBjfC.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\cnokZEZ.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\tccGDiK.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\fMAyBlm.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\cfHFFIQ.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\TJRBdos.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\ZIGeFyH.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\eSYPfmp.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\pZWFTdD.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\znZVGEd.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\RPnxWHE.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\fCOmNXb.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\pElfWJl.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\hgjBRws.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\WFfeOum.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\aPNfIMZ.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\cLqsxur.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\cZezNwq.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\QCZIviS.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\iqblwnm.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\NzLJbaP.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\kdsZwdc.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\GhTIowB.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\xaaYrqx.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\tIiMsgC.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\rIuHvhC.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\DmMeMhO.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\aWhgjRW.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\lNeatDP.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\wbRbVXm.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\mHEYEaq.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\ffMHdFL.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\PKZqDtD.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\hOUhKKQ.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\bxLontO.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\QWgROKD.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\GWamdrx.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\Hbcpazx.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\wXrdxAq.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\GgmzaUu.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\qtGBxyr.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\mIfKPbE.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\cZwgRcq.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\lhyTOlJ.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\dZEGona.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\wGFTsQf.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\nCrIdvX.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\xEHbRyW.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\XfcnRTg.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\dLjkvEU.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\KMZTcgQ.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\jTPoWOv.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\dKumVKS.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\OoevYgU.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\NFKOpwA.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\MNJtyQu.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\uOgdkVp.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\jNNjLHg.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
File created	C:\Windows\System32\AftKkFM.exe	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/232-0-0x00007FF720720000-0x00007FF720B15000-memory.dmp	upx
behavioral1/files/0x00040000000233b9-4.dat	upx
behavioral1/memory/3732-8-0x00007FF60ECD0000-0x00007FF60F0C5000-memory.dmp	upx
behavioral1/files/0x0007000000024274-10.dat	upx
behavioral1/files/0x0007000000024275-11.dat	upx
behavioral1/files/0x0007000000024276-22.dat	upx
behavioral1/files/0x0007000000024277-28.dat	upx
behavioral1/memory/1032-32-0x00007FF72F6B0000-0x00007FF72FAA5000-memory.dmp	upx
behavioral1/files/0x0007000000024278-31.dat	upx
behavioral1/memory/860-38-0x00007FF7A27A0000-0x00007FF7A2B95000-memory.dmp	upx
behavioral1/memory/2356-35-0x00007FF6970E0000-0x00007FF6974D5000-memory.dmp	upx
behavioral1/memory/5532-34-0x00007FF6D5300000-0x00007FF6D56F5000-memory.dmp	upx
behavioral1/memory/4616-14-0x00007FF718A50000-0x00007FF718E45000-memory.dmp	upx
behavioral1/files/0x0007000000024279-41.dat	upx
behavioral1/files/0x0008000000024271-47.dat	upx
behavioral1/files/0x000700000002427a-53.dat	upx
behavioral1/files/0x000700000002427b-59.dat	upx
behavioral1/memory/5300-57-0x00007FF608D00000-0x00007FF6090F5000-memory.dmp	upx
behavioral1/memory/3200-60-0x00007FF76BD20000-0x00007FF76C115000-memory.dmp	upx
behavioral1/memory/3756-52-0x00007FF7CACD0000-0x00007FF7CB0C5000-memory.dmp	upx
behavioral1/files/0x000700000002427c-66.dat	upx
behavioral1/memory/4464-44-0x00007FF7D0440000-0x00007FF7D0835000-memory.dmp	upx
behavioral1/memory/1964-68-0x00007FF7681B0000-0x00007FF7685A5000-memory.dmp	upx
behavioral1/files/0x000700000002427f-77.dat	upx
behavioral1/files/0x0007000000024280-88.dat	upx
behavioral1/memory/4664-87-0x00007FF7FD0D0000-0x00007FF7FD4C5000-memory.dmp	upx
behavioral1/memory/4560-81-0x00007FF7324A0000-0x00007FF732895000-memory.dmp	upx
behavioral1/files/0x0007000000024281-91.dat	upx
behavioral1/memory/4804-93-0x00007FF6C7040000-0x00007FF6C7435000-memory.dmp	upx
behavioral1/files/0x0007000000024283-102.dat	upx
behavioral1/memory/3756-111-0x00007FF7CACD0000-0x00007FF7CB0C5000-memory.dmp	upx
behavioral1/memory/5300-118-0x00007FF608D00000-0x00007FF6090F5000-memory.dmp	upx
behavioral1/memory/4452-126-0x00007FF646700000-0x00007FF646AF5000-memory.dmp	upx
behavioral1/memory/4756-136-0x00007FF6EBC90000-0x00007FF6EC085000-memory.dmp	upx
behavioral1/memory/4560-146-0x00007FF7324A0000-0x00007FF732895000-memory.dmp	upx
behavioral1/memory/4924-156-0x00007FF6B89F0000-0x00007FF6B8DE5000-memory.dmp	upx
behavioral1/files/0x000700000002428e-177.dat	upx
behavioral1/memory/4804-768-0x00007FF6C7040000-0x00007FF6C7435000-memory.dmp	upx
behavioral1/memory/4532-888-0x00007FF636160000-0x00007FF636555000-memory.dmp	upx
behavioral1/memory/5100-1010-0x00007FF6EA670000-0x00007FF6EAA65000-memory.dmp	upx
behavioral1/memory/2312-1130-0x00007FF77C060000-0x00007FF77C455000-memory.dmp	upx
behavioral1/memory/5088-1249-0x00007FF7FA9B0000-0x00007FF7FADA5000-memory.dmp	upx
behavioral1/files/0x0007000000024292-197.dat	upx
behavioral1/files/0x0007000000024291-192.dat	upx
behavioral1/files/0x0007000000024290-187.dat	upx
behavioral1/files/0x000700000002428f-182.dat	upx
behavioral1/files/0x000700000002428d-172.dat	upx
behavioral1/files/0x000700000002428c-167.dat	upx
behavioral1/files/0x000700000002428b-162.dat	upx
behavioral1/files/0x000700000002428a-160.dat	upx
behavioral1/files/0x0007000000024289-154.dat	upx
behavioral1/memory/4664-153-0x00007FF7FD0D0000-0x00007FF7FD4C5000-memory.dmp	upx
behavioral1/memory/2708-149-0x00007FF692E80000-0x00007FF693275000-memory.dmp	upx
behavioral1/files/0x0007000000024288-147.dat	upx
behavioral1/files/0x0007000000024287-141.dat	upx
behavioral1/memory/4864-140-0x00007FF7756A0000-0x00007FF775A95000-memory.dmp	upx
behavioral1/files/0x0007000000024286-134.dat	upx
behavioral1/memory/1964-133-0x00007FF7681B0000-0x00007FF7685A5000-memory.dmp	upx
behavioral1/memory/4744-129-0x00007FF73B8E0000-0x00007FF73BCD5000-memory.dmp	upx
behavioral1/files/0x0007000000024285-127.dat	upx
behavioral1/memory/3200-125-0x00007FF76BD20000-0x00007FF76C115000-memory.dmp	upx
behavioral1/memory/5088-121-0x00007FF7FA9B0000-0x00007FF7FADA5000-memory.dmp	upx
behavioral1/files/0x0007000000024284-119.dat	upx
behavioral1/memory/2312-114-0x00007FF77C060000-0x00007FF77C455000-memory.dmp	upx

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14304	dwm.exe
Token: SeChangeNotifyPrivilege	14304	dwm.exe
Token: 33	14304	dwm.exe
Token: SeIncBasePriorityPrivilege	14304	dwm.exe
Token: SeShutdownPrivilege	14304	dwm.exe
Token: SeCreatePagefilePrivilege	14304	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 3732	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	88
PID 232 wrote to memory of 3732	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	88
PID 232 wrote to memory of 4616	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	89
PID 232 wrote to memory of 4616	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	89
PID 232 wrote to memory of 1032	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	90
PID 232 wrote to memory of 1032	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	90
PID 232 wrote to memory of 860	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	91
PID 232 wrote to memory of 860	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	91
PID 232 wrote to memory of 5532	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	92
PID 232 wrote to memory of 5532	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	92
PID 232 wrote to memory of 2356	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	93
PID 232 wrote to memory of 2356	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	93
PID 232 wrote to memory of 4464	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	94
PID 232 wrote to memory of 4464	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	94
PID 232 wrote to memory of 3756	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	95
PID 232 wrote to memory of 3756	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	95
PID 232 wrote to memory of 5300	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	96
PID 232 wrote to memory of 5300	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	96
PID 232 wrote to memory of 3200	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	97
PID 232 wrote to memory of 3200	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	97
PID 232 wrote to memory of 1964	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	98
PID 232 wrote to memory of 1964	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	98
PID 232 wrote to memory of 4452	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	99
PID 232 wrote to memory of 4452	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	99
PID 232 wrote to memory of 4560	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	100
PID 232 wrote to memory of 4560	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	100
PID 232 wrote to memory of 4664	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	101
PID 232 wrote to memory of 4664	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	101
PID 232 wrote to memory of 4804	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	102
PID 232 wrote to memory of 4804	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	102
PID 232 wrote to memory of 4532	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	104
PID 232 wrote to memory of 4532	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	104
PID 232 wrote to memory of 5100	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	105
PID 232 wrote to memory of 5100	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	105
PID 232 wrote to memory of 2312	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	106
PID 232 wrote to memory of 2312	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	106
PID 232 wrote to memory of 5088	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	107
PID 232 wrote to memory of 5088	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	107
PID 232 wrote to memory of 4744	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	108
PID 232 wrote to memory of 4744	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	108
PID 232 wrote to memory of 4756	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	109
PID 232 wrote to memory of 4756	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	109
PID 232 wrote to memory of 4864	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	110
PID 232 wrote to memory of 4864	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	110
PID 232 wrote to memory of 2708	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	111
PID 232 wrote to memory of 2708	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	111
PID 232 wrote to memory of 4924	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	112
PID 232 wrote to memory of 4924	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	112
PID 232 wrote to memory of 1420	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	113
PID 232 wrote to memory of 1420	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	113
PID 232 wrote to memory of 2588	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	114
PID 232 wrote to memory of 2588	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	114
PID 232 wrote to memory of 1544	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	115
PID 232 wrote to memory of 1544	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	115
PID 232 wrote to memory of 4000	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	116
PID 232 wrote to memory of 4000	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	116
PID 232 wrote to memory of 868	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	117
PID 232 wrote to memory of 868	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	117
PID 232 wrote to memory of 4052	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	118
PID 232 wrote to memory of 4052	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	118
PID 232 wrote to memory of 3032	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	119
PID 232 wrote to memory of 3032	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	119
PID 232 wrote to memory of 2924	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	120
PID 232 wrote to memory of 2924	232	2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_7de581f5e1bcec6cb2dddda70710d078_black-basta_imuler_xmrig.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:232
- C:\Windows\System32\RzSDAbp.exe
  C:\Windows\System32\RzSDAbp.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System32\ZIGeFyH.exe
  C:\Windows\System32\ZIGeFyH.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System32\MKGdtpu.exe
  C:\Windows\System32\MKGdtpu.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System32\NEOVIxU.exe
  C:\Windows\System32\NEOVIxU.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System32\ByRKUVs.exe
  C:\Windows\System32\ByRKUVs.exe
  2⤵
  - Executes dropped EXE
  PID:5532
- C:\Windows\System32\amvMJVh.exe
  C:\Windows\System32\amvMJVh.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System32\csXiBXz.exe
  C:\Windows\System32\csXiBXz.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System32\tmCoBJO.exe
  C:\Windows\System32\tmCoBJO.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System32\dJnmTHG.exe
  C:\Windows\System32\dJnmTHG.exe
  2⤵
  - Executes dropped EXE
  PID:5300
- C:\Windows\System32\jGTbBMX.exe
  C:\Windows\System32\jGTbBMX.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System32\gBLEBqs.exe
  C:\Windows\System32\gBLEBqs.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System32\JtDWdeD.exe
  C:\Windows\System32\JtDWdeD.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System32\bIRJUTs.exe
  C:\Windows\System32\bIRJUTs.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System32\hSWJguL.exe
  C:\Windows\System32\hSWJguL.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System32\vRbBBeq.exe
  C:\Windows\System32\vRbBBeq.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System32\ReUfFGu.exe
  C:\Windows\System32\ReUfFGu.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System32\JhxYtrH.exe
  C:\Windows\System32\JhxYtrH.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System32\jVQqaGd.exe
  C:\Windows\System32\jVQqaGd.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System32\LguJoCD.exe
  C:\Windows\System32\LguJoCD.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System32\IBwHHMR.exe
  C:\Windows\System32\IBwHHMR.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System32\YAdlUDw.exe
  C:\Windows\System32\YAdlUDw.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System32\dAGWRxF.exe
  C:\Windows\System32\dAGWRxF.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System32\XzhGveS.exe
  C:\Windows\System32\XzhGveS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System32\UqdApUN.exe
  C:\Windows\System32\UqdApUN.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System32\IZgmYkI.exe
  C:\Windows\System32\IZgmYkI.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System32\BRpUCXD.exe
  C:\Windows\System32\BRpUCXD.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System32\bcvqZbL.exe
  C:\Windows\System32\bcvqZbL.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System32\htlfZKb.exe
  C:\Windows\System32\htlfZKb.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System32\VjIKHpY.exe
  C:\Windows\System32\VjIKHpY.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System32\kJocSCZ.exe
  C:\Windows\System32\kJocSCZ.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System32\zxWZKlg.exe
  C:\Windows\System32\zxWZKlg.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System32\qSzyvsq.exe
  C:\Windows\System32\qSzyvsq.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System32\CPDQNJK.exe
  C:\Windows\System32\CPDQNJK.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System32\KvcNVvf.exe
  C:\Windows\System32\KvcNVvf.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System32\PKZqDtD.exe
  C:\Windows\System32\PKZqDtD.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System32\bxyFMLk.exe
  C:\Windows\System32\bxyFMLk.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System32\niOeXHc.exe
  C:\Windows\System32\niOeXHc.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System32\YxqMowJ.exe
  C:\Windows\System32\YxqMowJ.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System32\kdsZwdc.exe
  C:\Windows\System32\kdsZwdc.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System32\NwgkKEs.exe
  C:\Windows\System32\NwgkKEs.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System32\WLLKXIL.exe
  C:\Windows\System32\WLLKXIL.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System32\oqMLqiF.exe
  C:\Windows\System32\oqMLqiF.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System32\UUBoJCX.exe
  C:\Windows\System32\UUBoJCX.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System32\aGCeKjR.exe
  C:\Windows\System32\aGCeKjR.exe
  2⤵
  - Executes dropped EXE
  PID:5596
- C:\Windows\System32\HNyTWfd.exe
  C:\Windows\System32\HNyTWfd.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System32\KGJjNhj.exe
  C:\Windows\System32\KGJjNhj.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System32\KFpBzKc.exe
  C:\Windows\System32\KFpBzKc.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System32\UPlTWOq.exe
  C:\Windows\System32\UPlTWOq.exe
  2⤵
  - Executes dropped EXE
  PID:5868
- C:\Windows\System32\GWamdrx.exe
  C:\Windows\System32\GWamdrx.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System32\zHzujUl.exe
  C:\Windows\System32\zHzujUl.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System32\GwRUjLB.exe
  C:\Windows\System32\GwRUjLB.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System32\pwkaTCJ.exe
  C:\Windows\System32\pwkaTCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System32\XbQJGFN.exe
  C:\Windows\System32\XbQJGFN.exe
  2⤵
  - Executes dropped EXE
  PID:5676
- C:\Windows\System32\BNhwHXg.exe
  C:\Windows\System32\BNhwHXg.exe
  2⤵
  - Executes dropped EXE
  PID:5412
- C:\Windows\System32\aGgvAHR.exe
  C:\Windows\System32\aGgvAHR.exe
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Windows\System32\HHixUzz.exe
  C:\Windows\System32\HHixUzz.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\bnwiUnN.exe
  C:\Windows\System32\bnwiUnN.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\aKPggQd.exe
  C:\Windows\System32\aKPggQd.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System32\HIuuyBS.exe
  C:\Windows\System32\HIuuyBS.exe
  2⤵
  - Executes dropped EXE
  PID:5976
- C:\Windows\System32\gaAfqpa.exe
  C:\Windows\System32\gaAfqpa.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System32\QAJxjFB.exe
  C:\Windows\System32\QAJxjFB.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System32\UnykgYT.exe
  C:\Windows\System32\UnykgYT.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System32\TnYDecW.exe
  C:\Windows\System32\TnYDecW.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System32\lmiWCTA.exe
  C:\Windows\System32\lmiWCTA.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System32\pfESsUc.exe
  C:\Windows\System32\pfESsUc.exe
  2⤵
  PID:1832
- C:\Windows\System32\vtPeYyk.exe
  C:\Windows\System32\vtPeYyk.exe
  2⤵
  PID:888
- C:\Windows\System32\dZEGona.exe
  C:\Windows\System32\dZEGona.exe
  2⤵
  PID:5776
- C:\Windows\System32\dKmurEw.exe
  C:\Windows\System32\dKmurEw.exe
  2⤵
  PID:1864
- C:\Windows\System32\rUHEcpf.exe
  C:\Windows\System32\rUHEcpf.exe
  2⤵
  PID:1000
- C:\Windows\System32\CtSIGOx.exe
  C:\Windows\System32\CtSIGOx.exe
  2⤵
  PID:3936
- C:\Windows\System32\dRAsOYV.exe
  C:\Windows\System32\dRAsOYV.exe
  2⤵
  PID:4396
- C:\Windows\System32\ynDVJKd.exe
  C:\Windows\System32\ynDVJKd.exe
  2⤵
  PID:3052
- C:\Windows\System32\fFEqHdZ.exe
  C:\Windows\System32\fFEqHdZ.exe
  2⤵
  PID:5708
- C:\Windows\System32\yBbAjPc.exe
  C:\Windows\System32\yBbAjPc.exe
  2⤵
  PID:4212
- C:\Windows\System32\TJiCPLt.exe
  C:\Windows\System32\TJiCPLt.exe
  2⤵
  PID:3236
- C:\Windows\System32\hOUhKKQ.exe
  C:\Windows\System32\hOUhKKQ.exe
  2⤵
  PID:6048
- C:\Windows\System32\GhDbLAr.exe
  C:\Windows\System32\GhDbLAr.exe
  2⤵
  PID:5200
- C:\Windows\System32\jMCedTh.exe
  C:\Windows\System32\jMCedTh.exe
  2⤵
  PID:32
- C:\Windows\System32\dIVTFPh.exe
  C:\Windows\System32\dIVTFPh.exe
  2⤵
  PID:1440
- C:\Windows\System32\zlwbTzQ.exe
  C:\Windows\System32\zlwbTzQ.exe
  2⤵
  PID:3776
- C:\Windows\System32\QqkThIw.exe
  C:\Windows\System32\QqkThIw.exe
  2⤵
  PID:4444
- C:\Windows\System32\NCfOhIM.exe
  C:\Windows\System32\NCfOhIM.exe
  2⤵
  PID:4540
- C:\Windows\System32\mADolwT.exe
  C:\Windows\System32\mADolwT.exe
  2⤵
  PID:4740
- C:\Windows\System32\GiGbwtc.exe
  C:\Windows\System32\GiGbwtc.exe
  2⤵
  PID:4320
- C:\Windows\System32\tIkSoMw.exe
  C:\Windows\System32\tIkSoMw.exe
  2⤵
  PID:5172
- C:\Windows\System32\ZghHPlO.exe
  C:\Windows\System32\ZghHPlO.exe
  2⤵
  PID:4852
- C:\Windows\System32\diEyBkO.exe
  C:\Windows\System32\diEyBkO.exe
  2⤵
  PID:3092
- C:\Windows\System32\tSvVNLq.exe
  C:\Windows\System32\tSvVNLq.exe
  2⤵
  PID:4296
- C:\Windows\System32\rzjFWXG.exe
  C:\Windows\System32\rzjFWXG.exe
  2⤵
  PID:3172
- C:\Windows\System32\NwMipJb.exe
  C:\Windows\System32\NwMipJb.exe
  2⤵
  PID:4816
- C:\Windows\System32\AIlNxWX.exe
  C:\Windows\System32\AIlNxWX.exe
  2⤵
  PID:1804
- C:\Windows\System32\fFXMjPX.exe
  C:\Windows\System32\fFXMjPX.exe
  2⤵
  PID:1140
- C:\Windows\System32\tskwUgx.exe
  C:\Windows\System32\tskwUgx.exe
  2⤵
  PID:2140
- C:\Windows\System32\GhTIowB.exe
  C:\Windows\System32\GhTIowB.exe
  2⤵
  PID:2540
- C:\Windows\System32\BxpZKyd.exe
  C:\Windows\System32\BxpZKyd.exe
  2⤵
  PID:4936
- C:\Windows\System32\yQAYEXt.exe
  C:\Windows\System32\yQAYEXt.exe
  2⤵
  PID:408
- C:\Windows\System32\DbdLvDf.exe
  C:\Windows\System32\DbdLvDf.exe
  2⤵
  PID:4064
- C:\Windows\System32\bNqmKdT.exe
  C:\Windows\System32\bNqmKdT.exe
  2⤵
  PID:1944
- C:\Windows\System32\uOgdkVp.exe
  C:\Windows\System32\uOgdkVp.exe
  2⤵
  PID:3252
- C:\Windows\System32\tjynFnx.exe
  C:\Windows\System32\tjynFnx.exe
  2⤵
  PID:5404
- C:\Windows\System32\SXXQJTe.exe
  C:\Windows\System32\SXXQJTe.exe
  2⤵
  PID:3916
- C:\Windows\System32\CkxgfSp.exe
  C:\Windows\System32\CkxgfSp.exe
  2⤵
  PID:5268
- C:\Windows\System32\BjrSWdl.exe
  C:\Windows\System32\BjrSWdl.exe
  2⤵
  PID:3512
- C:\Windows\System32\wVtiRPd.exe
  C:\Windows\System32\wVtiRPd.exe
  2⤵
  PID:5548
- C:\Windows\System32\UJaVEOx.exe
  C:\Windows\System32\UJaVEOx.exe
  2⤵
  PID:4260
- C:\Windows\System32\rIAMhJd.exe
  C:\Windows\System32\rIAMhJd.exe
  2⤵
  PID:1848
- C:\Windows\System32\zvDyRHU.exe
  C:\Windows\System32\zvDyRHU.exe
  2⤵
  PID:5252
- C:\Windows\System32\eSYPfmp.exe
  C:\Windows\System32\eSYPfmp.exe
  2⤵
  PID:6056
- C:\Windows\System32\lsZulXq.exe
  C:\Windows\System32\lsZulXq.exe
  2⤵
  PID:1996
- C:\Windows\System32\XWoDiZQ.exe
  C:\Windows\System32\XWoDiZQ.exe
  2⤵
  PID:116
- C:\Windows\System32\pcnIFYV.exe
  C:\Windows\System32\pcnIFYV.exe
  2⤵
  PID:5936
- C:\Windows\System32\quADJzX.exe
  C:\Windows\System32\quADJzX.exe
  2⤵
  PID:3560
- C:\Windows\System32\DjUKzhu.exe
  C:\Windows\System32\DjUKzhu.exe
  2⤵
  PID:5028
- C:\Windows\System32\cZezNwq.exe
  C:\Windows\System32\cZezNwq.exe
  2⤵
  PID:4356
- C:\Windows\System32\HVcNMHX.exe
  C:\Windows\System32\HVcNMHX.exe
  2⤵
  PID:4984
- C:\Windows\System32\UFaTuMJ.exe
  C:\Windows\System32\UFaTuMJ.exe
  2⤵
  PID:2432
- C:\Windows\System32\QidOnyE.exe
  C:\Windows\System32\QidOnyE.exe
  2⤵
  PID:3232
- C:\Windows\System32\usoqXka.exe
  C:\Windows\System32\usoqXka.exe
  2⤵
  PID:1220
- C:\Windows\System32\XLQWzFd.exe
  C:\Windows\System32\XLQWzFd.exe
  2⤵
  PID:3224
- C:\Windows\System32\mHhfvsV.exe
  C:\Windows\System32\mHhfvsV.exe
  2⤵
  PID:5800
- C:\Windows\System32\dDlraxO.exe
  C:\Windows\System32\dDlraxO.exe
  2⤵
  PID:772
- C:\Windows\System32\ykNupxx.exe
  C:\Windows\System32\ykNupxx.exe
  2⤵
  PID:5560
- C:\Windows\System32\kgeZQhu.exe
  C:\Windows\System32\kgeZQhu.exe
  2⤵
  PID:5696
- C:\Windows\System32\FEMCcoQ.exe
  C:\Windows\System32\FEMCcoQ.exe
  2⤵
  PID:5888
- C:\Windows\System32\XmxUmWr.exe
  C:\Windows\System32\XmxUmWr.exe
  2⤵
  PID:3816
- C:\Windows\System32\atSTWtG.exe
  C:\Windows\System32\atSTWtG.exe
  2⤵
  PID:1600
- C:\Windows\System32\aTufFio.exe
  C:\Windows\System32\aTufFio.exe
  2⤵
  PID:5344
- C:\Windows\System32\yvFsFeu.exe
  C:\Windows\System32\yvFsFeu.exe
  2⤵
  PID:4512
- C:\Windows\System32\ojJVFjy.exe
  C:\Windows\System32\ojJVFjy.exe
  2⤵
  PID:1532
- C:\Windows\System32\GlupNWO.exe
  C:\Windows\System32\GlupNWO.exe
  2⤵
  PID:312
- C:\Windows\System32\yuEvoRm.exe
  C:\Windows\System32\yuEvoRm.exe
  2⤵
  PID:5584
- C:\Windows\System32\QgNMqte.exe
  C:\Windows\System32\QgNMqte.exe
  2⤵
  PID:5176
- C:\Windows\System32\ivbajBO.exe
  C:\Windows\System32\ivbajBO.exe
  2⤵
  PID:4416
- C:\Windows\System32\xDkhjNu.exe
  C:\Windows\System32\xDkhjNu.exe
  2⤵
  PID:5324
- C:\Windows\System32\hZwvkYA.exe
  C:\Windows\System32\hZwvkYA.exe
  2⤵
  PID:1680
- C:\Windows\System32\MtyJjvv.exe
  C:\Windows\System32\MtyJjvv.exe
  2⤵
  PID:6164
- C:\Windows\System32\pmZElSK.exe
  C:\Windows\System32\pmZElSK.exe
  2⤵
  PID:6192
- C:\Windows\System32\xaaYrqx.exe
  C:\Windows\System32\xaaYrqx.exe
  2⤵
  PID:6232
- C:\Windows\System32\ebTwNTe.exe
  C:\Windows\System32\ebTwNTe.exe
  2⤵
  PID:6256
- C:\Windows\System32\AschLgq.exe
  C:\Windows\System32\AschLgq.exe
  2⤵
  PID:6276
- C:\Windows\System32\TdzsyWu.exe
  C:\Windows\System32\TdzsyWu.exe
  2⤵
  PID:6304
- C:\Windows\System32\bBnRzrF.exe
  C:\Windows\System32\bBnRzrF.exe
  2⤵
  PID:6332
- C:\Windows\System32\yTPTeea.exe
  C:\Windows\System32\yTPTeea.exe
  2⤵
  PID:6360
- C:\Windows\System32\BeuaQpd.exe
  C:\Windows\System32\BeuaQpd.exe
  2⤵
  PID:6388
- C:\Windows\System32\jTPoWOv.exe
  C:\Windows\System32\jTPoWOv.exe
  2⤵
  PID:6416
- C:\Windows\System32\wJHUvPv.exe
  C:\Windows\System32\wJHUvPv.exe
  2⤵
  PID:6444
- C:\Windows\System32\xHniAui.exe
  C:\Windows\System32\xHniAui.exe
  2⤵
  PID:6484
- C:\Windows\System32\Hbcpazx.exe
  C:\Windows\System32\Hbcpazx.exe
  2⤵
  PID:6512
- C:\Windows\System32\YjkOSFj.exe
  C:\Windows\System32\YjkOSFj.exe
  2⤵
  PID:6528
- C:\Windows\System32\kPceQPd.exe
  C:\Windows\System32\kPceQPd.exe
  2⤵
  PID:6556
- C:\Windows\System32\GBinQUY.exe
  C:\Windows\System32\GBinQUY.exe
  2⤵
  PID:6584
- C:\Windows\System32\LgzEoGW.exe
  C:\Windows\System32\LgzEoGW.exe
  2⤵
  PID:6620
- C:\Windows\System32\dGmlhNF.exe
  C:\Windows\System32\dGmlhNF.exe
  2⤵
  PID:6640
- C:\Windows\System32\WixoLez.exe
  C:\Windows\System32\WixoLez.exe
  2⤵
  PID:6668
- C:\Windows\System32\UfVogFn.exe
  C:\Windows\System32\UfVogFn.exe
  2⤵
  PID:6696
- C:\Windows\System32\CNZeGew.exe
  C:\Windows\System32\CNZeGew.exe
  2⤵
  PID:6724
- C:\Windows\System32\BwxNTnF.exe
  C:\Windows\System32\BwxNTnF.exe
  2⤵
  PID:6764
- C:\Windows\System32\TdNhDQT.exe
  C:\Windows\System32\TdNhDQT.exe
  2⤵
  PID:6780
- C:\Windows\System32\BFIpzpj.exe
  C:\Windows\System32\BFIpzpj.exe
  2⤵
  PID:6808
- C:\Windows\System32\jYCCZhv.exe
  C:\Windows\System32\jYCCZhv.exe
  2⤵
  PID:6836
- C:\Windows\System32\zfuHiHt.exe
  C:\Windows\System32\zfuHiHt.exe
  2⤵
  PID:6876
- C:\Windows\System32\UquGbLt.exe
  C:\Windows\System32\UquGbLt.exe
  2⤵
  PID:6904
- C:\Windows\System32\hktrQCb.exe
  C:\Windows\System32\hktrQCb.exe
  2⤵
  PID:6932
- C:\Windows\System32\adBtSOE.exe
  C:\Windows\System32\adBtSOE.exe
  2⤵
  PID:6960
- C:\Windows\System32\VZdhNTd.exe
  C:\Windows\System32\VZdhNTd.exe
  2⤵
  PID:6976
- C:\Windows\System32\umHejGf.exe
  C:\Windows\System32\umHejGf.exe
  2⤵
  PID:7004
- C:\Windows\System32\wGFTsQf.exe
  C:\Windows\System32\wGFTsQf.exe
  2⤵
  PID:7032
- C:\Windows\System32\QJNEqGV.exe
  C:\Windows\System32\QJNEqGV.exe
  2⤵
  PID:7072
- C:\Windows\System32\NgpVZiN.exe
  C:\Windows\System32\NgpVZiN.exe
  2⤵
  PID:7088
- C:\Windows\System32\zYBIGEO.exe
  C:\Windows\System32\zYBIGEO.exe
  2⤵
  PID:7128
- C:\Windows\System32\HIbEXbJ.exe
  C:\Windows\System32\HIbEXbJ.exe
  2⤵
  PID:7156
- C:\Windows\System32\YuqyaYD.exe
  C:\Windows\System32\YuqyaYD.exe
  2⤵
  PID:5212
- C:\Windows\System32\sIJhmmy.exe
  C:\Windows\System32\sIJhmmy.exe
  2⤵
  PID:4448
- C:\Windows\System32\nCyssDL.exe
  C:\Windows\System32\nCyssDL.exe
  2⤵
  PID:6148
- C:\Windows\System32\frxQIoe.exe
  C:\Windows\System32\frxQIoe.exe
  2⤵
  PID:6216
- C:\Windows\System32\ciohbgZ.exe
  C:\Windows\System32\ciohbgZ.exe
  2⤵
  PID:6272
- C:\Windows\System32\XVTHqZW.exe
  C:\Windows\System32\XVTHqZW.exe
  2⤵
  PID:6328
- C:\Windows\System32\ttvbCET.exe
  C:\Windows\System32\ttvbCET.exe
  2⤵
  PID:6384
- C:\Windows\System32\gxkxmEl.exe
  C:\Windows\System32\gxkxmEl.exe
  2⤵
  PID:6440
- C:\Windows\System32\GWcRSEH.exe
  C:\Windows\System32\GWcRSEH.exe
  2⤵
  PID:6504
- C:\Windows\System32\jPQtbjn.exe
  C:\Windows\System32\jPQtbjn.exe
  2⤵
  PID:6572
- C:\Windows\System32\eIjBjfC.exe
  C:\Windows\System32\eIjBjfC.exe
  2⤵
  PID:6664
- C:\Windows\System32\znZVGEd.exe
  C:\Windows\System32\znZVGEd.exe
  2⤵
  PID:6684
- C:\Windows\System32\feywttf.exe
  C:\Windows\System32\feywttf.exe
  2⤵
  PID:6740
- C:\Windows\System32\HMdGNxc.exe
  C:\Windows\System32\HMdGNxc.exe
  2⤵
  PID:4492
- C:\Windows\System32\HVgvoXN.exe
  C:\Windows\System32\HVgvoXN.exe
  2⤵
  PID:6852
- C:\Windows\System32\xhsPYgG.exe
  C:\Windows\System32\xhsPYgG.exe
  2⤵
  PID:6952
- C:\Windows\System32\sKrfACU.exe
  C:\Windows\System32\sKrfACU.exe
  2⤵
  PID:7000
- C:\Windows\System32\VubPxYq.exe
  C:\Windows\System32\VubPxYq.exe
  2⤵
  PID:7048
- C:\Windows\System32\PrGShUn.exe
  C:\Windows\System32\PrGShUn.exe
  2⤵
  PID:7104
- C:\Windows\System32\rbFAAWX.exe
  C:\Windows\System32\rbFAAWX.exe
  2⤵
  PID:4236
- C:\Windows\System32\TKuaXAE.exe
  C:\Windows\System32\TKuaXAE.exe
  2⤵
  PID:6176
- C:\Windows\System32\dMLhCdZ.exe
  C:\Windows\System32\dMLhCdZ.exe
  2⤵
  PID:4388
- C:\Windows\System32\dKumVKS.exe
  C:\Windows\System32\dKumVKS.exe
  2⤵
  PID:6404
- C:\Windows\System32\kNeaMDh.exe
  C:\Windows\System32\kNeaMDh.exe
  2⤵
  PID:6540
- C:\Windows\System32\mqYvKFt.exe
  C:\Windows\System32\mqYvKFt.exe
  2⤵
  PID:6692
- C:\Windows\System32\SdUWJZk.exe
  C:\Windows\System32\SdUWJZk.exe
  2⤵
  PID:6868
- C:\Windows\System32\fWZwtaJ.exe
  C:\Windows\System32\fWZwtaJ.exe
  2⤵
  PID:6896
- C:\Windows\System32\Imkvyum.exe
  C:\Windows\System32\Imkvyum.exe
  2⤵
  PID:4888
- C:\Windows\System32\WRykwYh.exe
  C:\Windows\System32\WRykwYh.exe
  2⤵
  PID:7136
- C:\Windows\System32\tLiDbxE.exe
  C:\Windows\System32\tLiDbxE.exe
  2⤵
  PID:3352
- C:\Windows\System32\ZlmMeNV.exe
  C:\Windows\System32\ZlmMeNV.exe
  2⤵
  PID:6636
- C:\Windows\System32\ufGNhkH.exe
  C:\Windows\System32\ufGNhkH.exe
  2⤵
  PID:7188
- C:\Windows\System32\OOXGaZO.exe
  C:\Windows\System32\OOXGaZO.exe
  2⤵
  PID:7228
- C:\Windows\System32\cvYdXvY.exe
  C:\Windows\System32\cvYdXvY.exe
  2⤵
  PID:7244
- C:\Windows\System32\aPqFdoq.exe
  C:\Windows\System32\aPqFdoq.exe
  2⤵
  PID:7272
- C:\Windows\System32\pWgXDjF.exe
  C:\Windows\System32\pWgXDjF.exe
  2⤵
  PID:7300
- C:\Windows\System32\QCZIviS.exe
  C:\Windows\System32\QCZIviS.exe
  2⤵
  PID:7328
- C:\Windows\System32\YxVRHTf.exe
  C:\Windows\System32\YxVRHTf.exe
  2⤵
  PID:7356
- C:\Windows\System32\LutSQVm.exe
  C:\Windows\System32\LutSQVm.exe
  2⤵
  PID:7384
- C:\Windows\System32\dPskWIC.exe
  C:\Windows\System32\dPskWIC.exe
  2⤵
  PID:7412
- C:\Windows\System32\OoevYgU.exe
  C:\Windows\System32\OoevYgU.exe
  2⤵
  PID:7440
- C:\Windows\System32\GvCdAyy.exe
  C:\Windows\System32\GvCdAyy.exe
  2⤵
  PID:7468
- C:\Windows\System32\djXqjQV.exe
  C:\Windows\System32\djXqjQV.exe
  2⤵
  PID:7496
- C:\Windows\System32\FjUNzvU.exe
  C:\Windows\System32\FjUNzvU.exe
  2⤵
  PID:7536
- C:\Windows\System32\pElfWJl.exe
  C:\Windows\System32\pElfWJl.exe
  2⤵
  PID:7552
- C:\Windows\System32\eBkqsku.exe
  C:\Windows\System32\eBkqsku.exe
  2⤵
  PID:7592
- C:\Windows\System32\bxLontO.exe
  C:\Windows\System32\bxLontO.exe
  2⤵
  PID:7608
- C:\Windows\System32\ablxqBi.exe
  C:\Windows\System32\ablxqBi.exe
  2⤵
  PID:7636
- C:\Windows\System32\hRyRhLm.exe
  C:\Windows\System32\hRyRhLm.exe
  2⤵
  PID:7664
- C:\Windows\System32\bNcJxPt.exe
  C:\Windows\System32\bNcJxPt.exe
  2⤵
  PID:7692
- C:\Windows\System32\vUvbOyr.exe
  C:\Windows\System32\vUvbOyr.exe
  2⤵
  PID:7720
- C:\Windows\System32\UZqfcCf.exe
  C:\Windows\System32\UZqfcCf.exe
  2⤵
  PID:7752
- C:\Windows\System32\NaBzkMd.exe
  C:\Windows\System32\NaBzkMd.exe
  2⤵
  PID:7788
- C:\Windows\System32\uAbQZhJ.exe
  C:\Windows\System32\uAbQZhJ.exe
  2⤵
  PID:7824
- C:\Windows\System32\FVnGaqs.exe
  C:\Windows\System32\FVnGaqs.exe
  2⤵
  PID:7852
- C:\Windows\System32\pgnwnao.exe
  C:\Windows\System32\pgnwnao.exe
  2⤵
  PID:7880
- C:\Windows\System32\lbThNeg.exe
  C:\Windows\System32\lbThNeg.exe
  2⤵
  PID:7920
- C:\Windows\System32\dSeFnQi.exe
  C:\Windows\System32\dSeFnQi.exe
  2⤵
  PID:7948
- C:\Windows\System32\BVwpTwT.exe
  C:\Windows\System32\BVwpTwT.exe
  2⤵
  PID:7980
- C:\Windows\System32\KpLOSlH.exe
  C:\Windows\System32\KpLOSlH.exe
  2⤵
  PID:8016
- C:\Windows\System32\lyqIaZs.exe
  C:\Windows\System32\lyqIaZs.exe
  2⤵
  PID:8064
- C:\Windows\System32\wCXCUbK.exe
  C:\Windows\System32\wCXCUbK.exe
  2⤵
  PID:8104
- C:\Windows\System32\kOUvSbi.exe
  C:\Windows\System32\kOUvSbi.exe
  2⤵
  PID:8136
- C:\Windows\System32\cnokZEZ.exe
  C:\Windows\System32\cnokZEZ.exe
  2⤵
  PID:8164
- C:\Windows\System32\iqblwnm.exe
  C:\Windows\System32\iqblwnm.exe
  2⤵
  PID:6820
- C:\Windows\System32\jXrPrpi.exe
  C:\Windows\System32\jXrPrpi.exe
  2⤵
  PID:7044
- C:\Windows\System32\qmcjacP.exe
  C:\Windows\System32\qmcjacP.exe
  2⤵
  PID:5992
- C:\Windows\System32\MKqxXne.exe
  C:\Windows\System32\MKqxXne.exe
  2⤵
  PID:6608
- C:\Windows\System32\vpGXYOh.exe
  C:\Windows\System32\vpGXYOh.exe
  2⤵
  PID:7240
- C:\Windows\System32\dGdGqmD.exe
  C:\Windows\System32\dGdGqmD.exe
  2⤵
  PID:7312
- C:\Windows\System32\iTuKytz.exe
  C:\Windows\System32\iTuKytz.exe
  2⤵
  PID:7368
- C:\Windows\System32\XyGswoK.exe
  C:\Windows\System32\XyGswoK.exe
  2⤵
  PID:4768
- C:\Windows\System32\nkyojyX.exe
  C:\Windows\System32\nkyojyX.exe
  2⤵
  PID:7492
- C:\Windows\System32\uaBwxIO.exe
  C:\Windows\System32\uaBwxIO.exe
  2⤵
  PID:4040
- C:\Windows\System32\pMNRYRf.exe
  C:\Windows\System32\pMNRYRf.exe
  2⤵
  PID:7624
- C:\Windows\System32\SEQuVxI.exe
  C:\Windows\System32\SEQuVxI.exe
  2⤵
  PID:7688
- C:\Windows\System32\XbYpyqh.exe
  C:\Windows\System32\XbYpyqh.exe
  2⤵
  PID:6084
- C:\Windows\System32\nwGhpUn.exe
  C:\Windows\System32\nwGhpUn.exe
  2⤵
  PID:2212
- C:\Windows\System32\xstTSyA.exe
  C:\Windows\System32\xstTSyA.exe
  2⤵
  PID:5572
- C:\Windows\System32\XhgkvEh.exe
  C:\Windows\System32\XhgkvEh.exe
  2⤵
  PID:3976
- C:\Windows\System32\iEqtLaG.exe
  C:\Windows\System32\iEqtLaG.exe
  2⤵
  PID:7764
- C:\Windows\System32\JQnNWNQ.exe
  C:\Windows\System32\JQnNWNQ.exe
  2⤵
  PID:7812
- C:\Windows\System32\mpSXpFC.exe
  C:\Windows\System32\mpSXpFC.exe
  2⤵
  PID:1064
- C:\Windows\System32\DLvWjMA.exe
  C:\Windows\System32\DLvWjMA.exe
  2⤵
  PID:7836
- C:\Windows\System32\JHwufze.exe
  C:\Windows\System32\JHwufze.exe
  2⤵
  PID:7912
- C:\Windows\System32\ZIEXjYh.exe
  C:\Windows\System32\ZIEXjYh.exe
  2⤵
  PID:4800
- C:\Windows\System32\FuUjrGP.exe
  C:\Windows\System32\FuUjrGP.exe
  2⤵
  PID:8092
- C:\Windows\System32\yeFZSyE.exe
  C:\Windows\System32\yeFZSyE.exe
  2⤵
  PID:8156
- C:\Windows\System32\CZCnjeC.exe
  C:\Windows\System32\CZCnjeC.exe
  2⤵
  PID:4528
- C:\Windows\System32\mtbxFWB.exe
  C:\Windows\System32\mtbxFWB.exe
  2⤵
  PID:7172
- C:\Windows\System32\PAzjYdK.exe
  C:\Windows\System32\PAzjYdK.exe
  2⤵
  PID:7296
- C:\Windows\System32\BTgotWQ.exe
  C:\Windows\System32\BTgotWQ.exe
  2⤵
  PID:5228
- C:\Windows\System32\tccGDiK.exe
  C:\Windows\System32\tccGDiK.exe
  2⤵
  PID:856
- C:\Windows\System32\nPiThuI.exe
  C:\Windows\System32\nPiThuI.exe
  2⤵
  PID:7904
- C:\Windows\System32\WmfHPUZ.exe
  C:\Windows\System32\WmfHPUZ.exe
  2⤵
  PID:3544
- C:\Windows\System32\vdeVLAn.exe
  C:\Windows\System32\vdeVLAn.exe
  2⤵
  PID:1988
- C:\Windows\System32\DYGIJfw.exe
  C:\Windows\System32\DYGIJfw.exe
  2⤵
  PID:6096
- C:\Windows\System32\FqbwuFa.exe
  C:\Windows\System32\FqbwuFa.exe
  2⤵
  PID:6008
- C:\Windows\System32\URGeXPl.exe
  C:\Windows\System32\URGeXPl.exe
  2⤵
  PID:7780
- C:\Windows\System32\jBldcjV.exe
  C:\Windows\System32\jBldcjV.exe
  2⤵
  PID:7892
- C:\Windows\System32\DjyBVwL.exe
  C:\Windows\System32\DjyBVwL.exe
  2⤵
  PID:5384
- C:\Windows\System32\oajolSV.exe
  C:\Windows\System32\oajolSV.exe
  2⤵
  PID:6912
- C:\Windows\System32\jNNjLHg.exe
  C:\Windows\System32\jNNjLHg.exe
  2⤵
  PID:5504
- C:\Windows\System32\OeewfLB.exe
  C:\Windows\System32\OeewfLB.exe
  2⤵
  PID:7600
- C:\Windows\System32\MarPnjk.exe
  C:\Windows\System32\MarPnjk.exe
  2⤵
  PID:384
- C:\Windows\System32\ChBrnII.exe
  C:\Windows\System32\ChBrnII.exe
  2⤵
  PID:7868
- C:\Windows\System32\xGlDaWX.exe
  C:\Windows\System32\xGlDaWX.exe
  2⤵
  PID:448
- C:\Windows\System32\HSulzjR.exe
  C:\Windows\System32\HSulzjR.exe
  2⤵
  PID:7528
- C:\Windows\System32\NCslaJF.exe
  C:\Windows\System32\NCslaJF.exe
  2⤵
  PID:8160
- C:\Windows\System32\dDuYktE.exe
  C:\Windows\System32\dDuYktE.exe
  2⤵
  PID:2152
- C:\Windows\System32\NvHXKXJ.exe
  C:\Windows\System32\NvHXKXJ.exe
  2⤵
  PID:8200
- C:\Windows\System32\EGoyila.exe
  C:\Windows\System32\EGoyila.exe
  2⤵
  PID:8228
- C:\Windows\System32\WFfeOum.exe
  C:\Windows\System32\WFfeOum.exe
  2⤵
  PID:8256
- C:\Windows\System32\oYkpBqF.exe
  C:\Windows\System32\oYkpBqF.exe
  2⤵
  PID:8284
- C:\Windows\System32\GRIqeWJ.exe
  C:\Windows\System32\GRIqeWJ.exe
  2⤵
  PID:8312
- C:\Windows\System32\VBgKypx.exe
  C:\Windows\System32\VBgKypx.exe
  2⤵
  PID:8340
- C:\Windows\System32\IGunFef.exe
  C:\Windows\System32\IGunFef.exe
  2⤵
  PID:8380
- C:\Windows\System32\fMAyBlm.exe
  C:\Windows\System32\fMAyBlm.exe
  2⤵
  PID:8408
- C:\Windows\System32\TemQcMK.exe
  C:\Windows\System32\TemQcMK.exe
  2⤵
  PID:8444
- C:\Windows\System32\mabxkDB.exe
  C:\Windows\System32\mabxkDB.exe
  2⤵
  PID:8476
- C:\Windows\System32\HGxaQpR.exe
  C:\Windows\System32\HGxaQpR.exe
  2⤵
  PID:8500
- C:\Windows\System32\xlcQRgQ.exe
  C:\Windows\System32\xlcQRgQ.exe
  2⤵
  PID:8528
- C:\Windows\System32\TMlxsIc.exe
  C:\Windows\System32\TMlxsIc.exe
  2⤵
  PID:8560
- C:\Windows\System32\yIMiREx.exe
  C:\Windows\System32\yIMiREx.exe
  2⤵
  PID:8604
- C:\Windows\System32\WqgMZVb.exe
  C:\Windows\System32\WqgMZVb.exe
  2⤵
  PID:8628
- C:\Windows\System32\ipxhfvo.exe
  C:\Windows\System32\ipxhfvo.exe
  2⤵
  PID:8656
- C:\Windows\System32\teMGVvS.exe
  C:\Windows\System32\teMGVvS.exe
  2⤵
  PID:8688
- C:\Windows\System32\lUjbJJx.exe
  C:\Windows\System32\lUjbJJx.exe
  2⤵
  PID:8720
- C:\Windows\System32\VOQCHpa.exe
  C:\Windows\System32\VOQCHpa.exe
  2⤵
  PID:8748
- C:\Windows\System32\nQLYyNi.exe
  C:\Windows\System32\nQLYyNi.exe
  2⤵
  PID:8776
- C:\Windows\System32\Dqtmdeh.exe
  C:\Windows\System32\Dqtmdeh.exe
  2⤵
  PID:8804
- C:\Windows\System32\fNirDPP.exe
  C:\Windows\System32\fNirDPP.exe
  2⤵
  PID:8832
- C:\Windows\System32\DduMfke.exe
  C:\Windows\System32\DduMfke.exe
  2⤵
  PID:8856
- C:\Windows\System32\usLhSCW.exe
  C:\Windows\System32\usLhSCW.exe
  2⤵
  PID:8892
- C:\Windows\System32\ZUCwhVv.exe
  C:\Windows\System32\ZUCwhVv.exe
  2⤵
  PID:8928
- C:\Windows\System32\OWtuYZL.exe
  C:\Windows\System32\OWtuYZL.exe
  2⤵
  PID:8948
- C:\Windows\System32\uNzUEKg.exe
  C:\Windows\System32\uNzUEKg.exe
  2⤵
  PID:8980
- C:\Windows\System32\KUPqGpN.exe
  C:\Windows\System32\KUPqGpN.exe
  2⤵
  PID:9008
- C:\Windows\System32\qLXeRUC.exe
  C:\Windows\System32\qLXeRUC.exe
  2⤵
  PID:9044
- C:\Windows\System32\jtEQypQ.exe
  C:\Windows\System32\jtEQypQ.exe
  2⤵
  PID:9064
- C:\Windows\System32\hSYMFwu.exe
  C:\Windows\System32\hSYMFwu.exe
  2⤵
  PID:9100
- C:\Windows\System32\NFKOpwA.exe
  C:\Windows\System32\NFKOpwA.exe
  2⤵
  PID:9120
- C:\Windows\System32\jQsiqEK.exe
  C:\Windows\System32\jQsiqEK.exe
  2⤵
  PID:9148
- C:\Windows\System32\lqlIhcQ.exe
  C:\Windows\System32\lqlIhcQ.exe
  2⤵
  PID:9176
- C:\Windows\System32\CLdAolx.exe
  C:\Windows\System32\CLdAolx.exe
  2⤵
  PID:9208
- C:\Windows\System32\lBwitXt.exe
  C:\Windows\System32\lBwitXt.exe
  2⤵
  PID:8240
- C:\Windows\System32\YfplRoG.exe
  C:\Windows\System32\YfplRoG.exe
  2⤵
  PID:8300
- C:\Windows\System32\GzRavAG.exe
  C:\Windows\System32\GzRavAG.exe
  2⤵
  PID:8360
- C:\Windows\System32\QWgROKD.exe
  C:\Windows\System32\QWgROKD.exe
  2⤵
  PID:8436
- C:\Windows\System32\AZMWOFr.exe
  C:\Windows\System32\AZMWOFr.exe
  2⤵
  PID:8520
- C:\Windows\System32\twMwkTy.exe
  C:\Windows\System32\twMwkTy.exe
  2⤵
  PID:8592
- C:\Windows\System32\JhqLOIP.exe
  C:\Windows\System32\JhqLOIP.exe
  2⤵
  PID:8652
- C:\Windows\System32\dfkNwal.exe
  C:\Windows\System32\dfkNwal.exe
  2⤵
  PID:8740
- C:\Windows\System32\PTYwgCD.exe
  C:\Windows\System32\PTYwgCD.exe
  2⤵
  PID:8796
- C:\Windows\System32\WzcEAKw.exe
  C:\Windows\System32\WzcEAKw.exe
  2⤵
  PID:8864
- C:\Windows\System32\JUsvEQl.exe
  C:\Windows\System32\JUsvEQl.exe
  2⤵
  PID:8936
- C:\Windows\System32\NtjvNvj.exe
  C:\Windows\System32\NtjvNvj.exe
  2⤵
  PID:9000
- C:\Windows\System32\tIiMsgC.exe
  C:\Windows\System32\tIiMsgC.exe
  2⤵
  PID:9060
- C:\Windows\System32\HqeofXh.exe
  C:\Windows\System32\HqeofXh.exe
  2⤵
  PID:9140
- C:\Windows\System32\NtMUoBz.exe
  C:\Windows\System32\NtMUoBz.exe
  2⤵
  PID:9196
- C:\Windows\System32\yjNzcIw.exe
  C:\Windows\System32\yjNzcIw.exe
  2⤵
  PID:8336
- C:\Windows\System32\zIXDpqT.exe
  C:\Windows\System32\zIXDpqT.exe
  2⤵
  PID:8468
- C:\Windows\System32\hPhEvlu.exe
  C:\Windows\System32\hPhEvlu.exe
  2⤵
  PID:8640
- C:\Windows\System32\PcCXbUz.exe
  C:\Windows\System32\PcCXbUz.exe
  2⤵
  PID:8792
- C:\Windows\System32\DTIWeOX.exe
  C:\Windows\System32\DTIWeOX.exe
  2⤵
  PID:8960
- C:\Windows\System32\mcMocDh.exe
  C:\Windows\System32\mcMocDh.exe
  2⤵
  PID:9052
- C:\Windows\System32\szKzYKe.exe
  C:\Windows\System32\szKzYKe.exe
  2⤵
  PID:9188
- C:\Windows\System32\nvvsySb.exe
  C:\Windows\System32\nvvsySb.exe
  2⤵
  PID:8424
- C:\Windows\System32\Jjonmla.exe
  C:\Windows\System32\Jjonmla.exe
  2⤵
  PID:8772
- C:\Windows\System32\COmtexz.exe
  C:\Windows\System32\COmtexz.exe
  2⤵
  PID:9172
- C:\Windows\System32\nCrIdvX.exe
  C:\Windows\System32\nCrIdvX.exe
  2⤵
  PID:8712
- C:\Windows\System32\ndzZUmY.exe
  C:\Windows\System32\ndzZUmY.exe
  2⤵
  PID:7768
- C:\Windows\System32\cqNikIw.exe
  C:\Windows\System32\cqNikIw.exe
  2⤵
  PID:9248
- C:\Windows\System32\LWIXspM.exe
  C:\Windows\System32\LWIXspM.exe
  2⤵
  PID:9272
- C:\Windows\System32\AftKkFM.exe
  C:\Windows\System32\AftKkFM.exe
  2⤵
  PID:9304
- C:\Windows\System32\OzsmhdQ.exe
  C:\Windows\System32\OzsmhdQ.exe
  2⤵
  PID:9328
- C:\Windows\System32\qFITunQ.exe
  C:\Windows\System32\qFITunQ.exe
  2⤵
  PID:9356
- C:\Windows\System32\bqinEGQ.exe
  C:\Windows\System32\bqinEGQ.exe
  2⤵
  PID:9384
- C:\Windows\System32\HVlyCwc.exe
  C:\Windows\System32\HVlyCwc.exe
  2⤵
  PID:9420
- C:\Windows\System32\ptFKwqY.exe
  C:\Windows\System32\ptFKwqY.exe
  2⤵
  PID:9440
- C:\Windows\System32\vkBCqZE.exe
  C:\Windows\System32\vkBCqZE.exe
  2⤵
  PID:9468
- C:\Windows\System32\bhVBaQp.exe
  C:\Windows\System32\bhVBaQp.exe
  2⤵
  PID:9496
- C:\Windows\System32\SpvCILQ.exe
  C:\Windows\System32\SpvCILQ.exe
  2⤵
  PID:9524
- C:\Windows\System32\cqlEUDq.exe
  C:\Windows\System32\cqlEUDq.exe
  2⤵
  PID:9552
- C:\Windows\System32\rMXIrJV.exe
  C:\Windows\System32\rMXIrJV.exe
  2⤵
  PID:9580
- C:\Windows\System32\HyzixQJ.exe
  C:\Windows\System32\HyzixQJ.exe
  2⤵
  PID:9608
- C:\Windows\System32\fzmTayo.exe
  C:\Windows\System32\fzmTayo.exe
  2⤵
  PID:9636
- C:\Windows\System32\tfWrpVg.exe
  C:\Windows\System32\tfWrpVg.exe
  2⤵
  PID:9664
- C:\Windows\System32\UANbaYi.exe
  C:\Windows\System32\UANbaYi.exe
  2⤵
  PID:9692
- C:\Windows\System32\rMfteVl.exe
  C:\Windows\System32\rMfteVl.exe
  2⤵
  PID:9720
- C:\Windows\System32\ytuPuWa.exe
  C:\Windows\System32\ytuPuWa.exe
  2⤵
  PID:9748
- C:\Windows\System32\DfYizWh.exe
  C:\Windows\System32\DfYizWh.exe
  2⤵
  PID:9776
- C:\Windows\System32\IClErhg.exe
  C:\Windows\System32\IClErhg.exe
  2⤵
  PID:9804
- C:\Windows\System32\XrAtTxp.exe
  C:\Windows\System32\XrAtTxp.exe
  2⤵
  PID:9832
- C:\Windows\System32\uOWPkHA.exe
  C:\Windows\System32\uOWPkHA.exe
  2⤵
  PID:9864
- C:\Windows\System32\sljaAyB.exe
  C:\Windows\System32\sljaAyB.exe
  2⤵
  PID:9892
- C:\Windows\System32\TsvAdFq.exe
  C:\Windows\System32\TsvAdFq.exe
  2⤵
  PID:9924
- C:\Windows\System32\iqUWHgi.exe
  C:\Windows\System32\iqUWHgi.exe
  2⤵
  PID:9952
- C:\Windows\System32\keAaZKn.exe
  C:\Windows\System32\keAaZKn.exe
  2⤵
  PID:9980
- C:\Windows\System32\hsiDetj.exe
  C:\Windows\System32\hsiDetj.exe
  2⤵
  PID:10008
- C:\Windows\System32\wXrdxAq.exe
  C:\Windows\System32\wXrdxAq.exe
  2⤵
  PID:10036
- C:\Windows\System32\mHbPKjf.exe
  C:\Windows\System32\mHbPKjf.exe
  2⤵
  PID:10072
- C:\Windows\System32\SHthfem.exe
  C:\Windows\System32\SHthfem.exe
  2⤵
  PID:10092
- C:\Windows\System32\DCzQfaJ.exe
  C:\Windows\System32\DCzQfaJ.exe
  2⤵
  PID:10120
- C:\Windows\System32\rIuHvhC.exe
  C:\Windows\System32\rIuHvhC.exe
  2⤵
  PID:10148
- C:\Windows\System32\iGZAJLn.exe
  C:\Windows\System32\iGZAJLn.exe
  2⤵
  PID:10176
- C:\Windows\System32\yHtMpmx.exe
  C:\Windows\System32\yHtMpmx.exe
  2⤵
  PID:10204
- C:\Windows\System32\Quokxkf.exe
  C:\Windows\System32\Quokxkf.exe
  2⤵
  PID:10232
- C:\Windows\System32\NhcARdJ.exe
  C:\Windows\System32\NhcARdJ.exe
  2⤵
  PID:9256
- C:\Windows\System32\NrTikpa.exe
  C:\Windows\System32\NrTikpa.exe
  2⤵
  PID:9320
- C:\Windows\System32\IJUsqFg.exe
  C:\Windows\System32\IJUsqFg.exe
  2⤵
  PID:9396
- C:\Windows\System32\rQmygmS.exe
  C:\Windows\System32\rQmygmS.exe
  2⤵
  PID:9452
- C:\Windows\System32\vYagwoI.exe
  C:\Windows\System32\vYagwoI.exe
  2⤵
  PID:9520
- C:\Windows\System32\RyFydFT.exe
  C:\Windows\System32\RyFydFT.exe
  2⤵
  PID:9592
- C:\Windows\System32\moCfoku.exe
  C:\Windows\System32\moCfoku.exe
  2⤵
  PID:9648
- C:\Windows\System32\xSwIanx.exe
  C:\Windows\System32\xSwIanx.exe
  2⤵
  PID:9716
- C:\Windows\System32\POmvGcV.exe
  C:\Windows\System32\POmvGcV.exe
  2⤵
  PID:7424
- C:\Windows\System32\QfmOdHb.exe
  C:\Windows\System32\QfmOdHb.exe
  2⤵
  PID:9844
- C:\Windows\System32\zuceUdQ.exe
  C:\Windows\System32\zuceUdQ.exe
  2⤵
  PID:9912
- C:\Windows\System32\DJbOMAL.exe
  C:\Windows\System32\DJbOMAL.exe
  2⤵
  PID:9976
- C:\Windows\System32\RLgvmFI.exe
  C:\Windows\System32\RLgvmFI.exe
  2⤵
  PID:10052
- C:\Windows\System32\sVZWIGJ.exe
  C:\Windows\System32\sVZWIGJ.exe
  2⤵
  PID:10112
- C:\Windows\System32\RPnxWHE.exe
  C:\Windows\System32\RPnxWHE.exe
  2⤵
  PID:10172
- C:\Windows\System32\LfPaoKD.exe
  C:\Windows\System32\LfPaoKD.exe
  2⤵
  PID:8620
- C:\Windows\System32\bJnstrd.exe
  C:\Windows\System32\bJnstrd.exe
  2⤵
  PID:9376
- C:\Windows\System32\GouFGkY.exe
  C:\Windows\System32\GouFGkY.exe
  2⤵
  PID:9516
- C:\Windows\System32\klMTDtw.exe
  C:\Windows\System32\klMTDtw.exe
  2⤵
  PID:9704
- C:\Windows\System32\GgmzaUu.exe
  C:\Windows\System32\GgmzaUu.exe
  2⤵
  PID:9828
- C:\Windows\System32\XxcBdjT.exe
  C:\Windows\System32\XxcBdjT.exe
  2⤵
  PID:10024
- C:\Windows\System32\TepVPOO.exe
  C:\Windows\System32\TepVPOO.exe
  2⤵
  PID:10200
- C:\Windows\System32\FClWINT.exe
  C:\Windows\System32\FClWINT.exe
  2⤵
  PID:9492
- C:\Windows\System32\dxtXAQq.exe
  C:\Windows\System32\dxtXAQq.exe
  2⤵
  PID:10088
- C:\Windows\System32\MFhVOYp.exe
  C:\Windows\System32\MFhVOYp.exe
  2⤵
  PID:9904
- C:\Windows\System32\ucdxHvU.exe
  C:\Windows\System32\ucdxHvU.exe
  2⤵
  PID:10256
- C:\Windows\System32\JeUsCJU.exe
  C:\Windows\System32\JeUsCJU.exe
  2⤵
  PID:10284
- C:\Windows\System32\WxAfZPo.exe
  C:\Windows\System32\WxAfZPo.exe
  2⤵
  PID:10312
- C:\Windows\System32\pMnuGYK.exe
  C:\Windows\System32\pMnuGYK.exe
  2⤵
  PID:10340
- C:\Windows\System32\PtVclSu.exe
  C:\Windows\System32\PtVclSu.exe
  2⤵
  PID:10368
- C:\Windows\System32\HBQkkvC.exe
  C:\Windows\System32\HBQkkvC.exe
  2⤵
  PID:10396
- C:\Windows\System32\lKKBWlH.exe
  C:\Windows\System32\lKKBWlH.exe
  2⤵
  PID:10424
- C:\Windows\System32\gGMqQmE.exe
  C:\Windows\System32\gGMqQmE.exe
  2⤵
  PID:10452
- C:\Windows\System32\qtGBxyr.exe
  C:\Windows\System32\qtGBxyr.exe
  2⤵
  PID:10480
- C:\Windows\System32\vlmYLME.exe
  C:\Windows\System32\vlmYLME.exe
  2⤵
  PID:10508
- C:\Windows\System32\UGOjTZZ.exe
  C:\Windows\System32\UGOjTZZ.exe
  2⤵
  PID:10536
- C:\Windows\System32\GpWgUsl.exe
  C:\Windows\System32\GpWgUsl.exe
  2⤵
  PID:10564
- C:\Windows\System32\WOBWzkJ.exe
  C:\Windows\System32\WOBWzkJ.exe
  2⤵
  PID:10580
- C:\Windows\System32\madjvNp.exe
  C:\Windows\System32\madjvNp.exe
  2⤵
  PID:10604
- C:\Windows\System32\ypEbbcO.exe
  C:\Windows\System32\ypEbbcO.exe
  2⤵
  PID:10648
- C:\Windows\System32\aPNfIMZ.exe
  C:\Windows\System32\aPNfIMZ.exe
  2⤵
  PID:10676
- C:\Windows\System32\spwHIVO.exe
  C:\Windows\System32\spwHIVO.exe
  2⤵
  PID:10704
- C:\Windows\System32\KOCxRaA.exe
  C:\Windows\System32\KOCxRaA.exe
  2⤵
  PID:10732
- C:\Windows\System32\nKiBigx.exe
  C:\Windows\System32\nKiBigx.exe
  2⤵
  PID:10760
- C:\Windows\System32\TUqBOsx.exe
  C:\Windows\System32\TUqBOsx.exe
  2⤵
  PID:10788
- C:\Windows\System32\eboVOlL.exe
  C:\Windows\System32\eboVOlL.exe
  2⤵
  PID:10816
- C:\Windows\System32\RBSbuxl.exe
  C:\Windows\System32\RBSbuxl.exe
  2⤵
  PID:10832
- C:\Windows\System32\pVycUHI.exe
  C:\Windows\System32\pVycUHI.exe
  2⤵
  PID:10852
- C:\Windows\System32\xrZbIzk.exe
  C:\Windows\System32\xrZbIzk.exe
  2⤵
  PID:10904
- C:\Windows\System32\woDwjBo.exe
  C:\Windows\System32\woDwjBo.exe
  2⤵
  PID:10920
- C:\Windows\System32\xCHJVyJ.exe
  C:\Windows\System32\xCHJVyJ.exe
  2⤵
  PID:10960
- C:\Windows\System32\xEHbRyW.exe
  C:\Windows\System32\xEHbRyW.exe
  2⤵
  PID:10976
- C:\Windows\System32\QZqbtHB.exe
  C:\Windows\System32\QZqbtHB.exe
  2⤵
  PID:11012
- C:\Windows\System32\EjNjkgg.exe
  C:\Windows\System32\EjNjkgg.exe
  2⤵
  PID:11032
- C:\Windows\System32\bXAmlHe.exe
  C:\Windows\System32\bXAmlHe.exe
  2⤵
  PID:11060
- C:\Windows\System32\xglEjyn.exe
  C:\Windows\System32\xglEjyn.exe
  2⤵
  PID:11116
- C:\Windows\System32\NpUkYUD.exe
  C:\Windows\System32\NpUkYUD.exe
  2⤵
  PID:11136
- C:\Windows\System32\TVMvskU.exe
  C:\Windows\System32\TVMvskU.exe
  2⤵
  PID:11164
- C:\Windows\System32\cDGZZKw.exe
  C:\Windows\System32\cDGZZKw.exe
  2⤵
  PID:11188
- C:\Windows\System32\Joqwoyo.exe
  C:\Windows\System32\Joqwoyo.exe
  2⤵
  PID:11220
- C:\Windows\System32\GzpMwfP.exe
  C:\Windows\System32\GzpMwfP.exe
  2⤵
  PID:11248
- C:\Windows\System32\ePgbXXA.exe
  C:\Windows\System32\ePgbXXA.exe
  2⤵
  PID:10272
- C:\Windows\System32\NVPxHRT.exe
  C:\Windows\System32\NVPxHRT.exe
  2⤵
  PID:9852
- C:\Windows\System32\PIZickB.exe
  C:\Windows\System32\PIZickB.exe
  2⤵
  PID:10388
- C:\Windows\System32\fTmtDfw.exe
  C:\Windows\System32\fTmtDfw.exe
  2⤵
  PID:10448
- C:\Windows\System32\nYHhJur.exe
  C:\Windows\System32\nYHhJur.exe
  2⤵
  PID:10520
- C:\Windows\System32\XAvsLZU.exe
  C:\Windows\System32\XAvsLZU.exe
  2⤵
  PID:10560
- C:\Windows\System32\rgzMOGE.exe
  C:\Windows\System32\rgzMOGE.exe
  2⤵
  PID:10592
- C:\Windows\System32\cfdusPp.exe
  C:\Windows\System32\cfdusPp.exe
  2⤵
  PID:10664
- C:\Windows\System32\BOAiUjM.exe
  C:\Windows\System32\BOAiUjM.exe
  2⤵
  PID:10752
- C:\Windows\System32\UChhKAh.exe
  C:\Windows\System32\UChhKAh.exe
  2⤵
  PID:10808
- C:\Windows\System32\ZyZIYaj.exe
  C:\Windows\System32\ZyZIYaj.exe
  2⤵
  PID:10900
- C:\Windows\System32\zYXnssj.exe
  C:\Windows\System32\zYXnssj.exe
  2⤵
  PID:10936
- C:\Windows\System32\apaTlns.exe
  C:\Windows\System32\apaTlns.exe
  2⤵
  PID:11028
- C:\Windows\System32\LxoFBSt.exe
  C:\Windows\System32\LxoFBSt.exe
  2⤵
  PID:11024
- C:\Windows\System32\oSRvVKe.exe
  C:\Windows\System32\oSRvVKe.exe
  2⤵
  PID:11128
- C:\Windows\System32\WUHPxjo.exe
  C:\Windows\System32\WUHPxjo.exe
  2⤵
  PID:11216
- C:\Windows\System32\DmMeMhO.exe
  C:\Windows\System32\DmMeMhO.exe
  2⤵
  PID:10304
- C:\Windows\System32\MbOJTGH.exe
  C:\Windows\System32\MbOJTGH.exe
  2⤵
  PID:10436
- C:\Windows\System32\xsUbjXS.exe
  C:\Windows\System32\xsUbjXS.exe
  2⤵
  PID:10600
- C:\Windows\System32\ALNRBov.exe
  C:\Windows\System32\ALNRBov.exe
  2⤵
  PID:10640
- C:\Windows\System32\iTuqVWx.exe
  C:\Windows\System32\iTuqVWx.exe
  2⤵
  PID:10748
- C:\Windows\System32\eMWTjzg.exe
  C:\Windows\System32\eMWTjzg.exe
  2⤵
  PID:11004
- C:\Windows\System32\cLqsxur.exe
  C:\Windows\System32\cLqsxur.exe
  2⤵
  PID:11152
- C:\Windows\System32\RNWkXlC.exe
  C:\Windows\System32\RNWkXlC.exe
  2⤵
  PID:10500
- C:\Windows\System32\OnGUGbV.exe
  C:\Windows\System32\OnGUGbV.exe
  2⤵
  PID:10700
- C:\Windows\System32\bEVszHc.exe
  C:\Windows\System32\bEVszHc.exe
  2⤵
  PID:11052
- C:\Windows\System32\vWwxtTf.exe
  C:\Windows\System32\vWwxtTf.exe
  2⤵
  PID:10364
- C:\Windows\System32\aWhgjRW.exe
  C:\Windows\System32\aWhgjRW.exe
  2⤵
  PID:11200
- C:\Windows\System32\MNJtyQu.exe
  C:\Windows\System32\MNJtyQu.exe
  2⤵
  PID:11284
- C:\Windows\System32\omKsKOn.exe
  C:\Windows\System32\omKsKOn.exe
  2⤵
  PID:11312
- C:\Windows\System32\cQoaTFW.exe
  C:\Windows\System32\cQoaTFW.exe
  2⤵
  PID:11340
- C:\Windows\System32\mRbZRIU.exe
  C:\Windows\System32\mRbZRIU.exe
  2⤵
  PID:11368
- C:\Windows\System32\OVGaeeJ.exe
  C:\Windows\System32\OVGaeeJ.exe
  2⤵
  PID:11396
- C:\Windows\System32\SJJUTWA.exe
  C:\Windows\System32\SJJUTWA.exe
  2⤵
  PID:11424
- C:\Windows\System32\VrizChB.exe
  C:\Windows\System32\VrizChB.exe
  2⤵
  PID:11460
- C:\Windows\System32\JaMqmAR.exe
  C:\Windows\System32\JaMqmAR.exe
  2⤵
  PID:11480
- C:\Windows\System32\NPLyliO.exe
  C:\Windows\System32\NPLyliO.exe
  2⤵
  PID:11512
- C:\Windows\System32\lNeatDP.exe
  C:\Windows\System32\lNeatDP.exe
  2⤵
  PID:11540
- C:\Windows\System32\NzLJbaP.exe
  C:\Windows\System32\NzLJbaP.exe
  2⤵
  PID:11568
- C:\Windows\System32\HXElOPh.exe
  C:\Windows\System32\HXElOPh.exe
  2⤵
  PID:11596
- C:\Windows\System32\XfcnRTg.exe
  C:\Windows\System32\XfcnRTg.exe
  2⤵
  PID:11616
- C:\Windows\System32\SppHssK.exe
  C:\Windows\System32\SppHssK.exe
  2⤵
  PID:11652
- C:\Windows\System32\EFthIxa.exe
  C:\Windows\System32\EFthIxa.exe
  2⤵
  PID:11684
- C:\Windows\System32\rmWbshM.exe
  C:\Windows\System32\rmWbshM.exe
  2⤵
  PID:11736
- C:\Windows\System32\XzbsNeS.exe
  C:\Windows\System32\XzbsNeS.exe
  2⤵
  PID:11764
- C:\Windows\System32\jRmZwBu.exe
  C:\Windows\System32\jRmZwBu.exe
  2⤵
  PID:11792
- C:\Windows\System32\vOngfSD.exe
  C:\Windows\System32\vOngfSD.exe
  2⤵
  PID:11820
- C:\Windows\System32\ayiZJMD.exe
  C:\Windows\System32\ayiZJMD.exe
  2⤵
  PID:11840
- C:\Windows\System32\DmFznYX.exe
  C:\Windows\System32\DmFznYX.exe
  2⤵
  PID:11864
- C:\Windows\System32\LAvXtZb.exe
  C:\Windows\System32\LAvXtZb.exe
  2⤵
  PID:11880
- C:\Windows\System32\YMiRAcH.exe
  C:\Windows\System32\YMiRAcH.exe
  2⤵
  PID:11920
- C:\Windows\System32\wbRbVXm.exe
  C:\Windows\System32\wbRbVXm.exe
  2⤵
  PID:11960
- C:\Windows\System32\CYcvCZn.exe
  C:\Windows\System32\CYcvCZn.exe
  2⤵
  PID:11988
- C:\Windows\System32\yffruXg.exe
  C:\Windows\System32\yffruXg.exe
  2⤵
  PID:12016
- C:\Windows\System32\UADIvxY.exe
  C:\Windows\System32\UADIvxY.exe
  2⤵
  PID:12032
- C:\Windows\System32\BITRxdN.exe
  C:\Windows\System32\BITRxdN.exe
  2⤵
  PID:12056
- C:\Windows\System32\tVRiqzE.exe
  C:\Windows\System32\tVRiqzE.exe
  2⤵
  PID:12092
- C:\Windows\System32\EWRmvXd.exe
  C:\Windows\System32\EWRmvXd.exe
  2⤵
  PID:12112
- C:\Windows\System32\WKNrHDL.exe
  C:\Windows\System32\WKNrHDL.exe
  2⤵
  PID:12132
- C:\Windows\System32\sGYHDHd.exe
  C:\Windows\System32\sGYHDHd.exe
  2⤵
  PID:12164
- C:\Windows\System32\IpziRaZ.exe
  C:\Windows\System32\IpziRaZ.exe
  2⤵
  PID:12188
- C:\Windows\System32\hgjBRws.exe
  C:\Windows\System32\hgjBRws.exe
  2⤵
  PID:12236
- C:\Windows\System32\yBgtKUx.exe
  C:\Windows\System32\yBgtKUx.exe
  2⤵
  PID:12256
- C:\Windows\System32\pZWFTdD.exe
  C:\Windows\System32\pZWFTdD.exe
  2⤵
  PID:10756
- C:\Windows\System32\EBfLEyq.exe
  C:\Windows\System32\EBfLEyq.exe
  2⤵
  PID:11336
- C:\Windows\System32\mIfKPbE.exe
  C:\Windows\System32\mIfKPbE.exe
  2⤵
  PID:11392
- C:\Windows\System32\DEPkVQv.exe
  C:\Windows\System32\DEPkVQv.exe
  2⤵
  PID:11444
- C:\Windows\System32\LKcYdAM.exe
  C:\Windows\System32\LKcYdAM.exe
  2⤵
  PID:11536
- C:\Windows\System32\JXZfQEY.exe
  C:\Windows\System32\JXZfQEY.exe
  2⤵
  PID:11592
- C:\Windows\System32\duhlpid.exe
  C:\Windows\System32\duhlpid.exe
  2⤵
  PID:11644
- C:\Windows\System32\aJXrgxL.exe
  C:\Windows\System32\aJXrgxL.exe
  2⤵
  PID:11784
- C:\Windows\System32\ExODXXl.exe
  C:\Windows\System32\ExODXXl.exe
  2⤵
  PID:11812
- C:\Windows\System32\fvQJZGr.exe
  C:\Windows\System32\fvQJZGr.exe
  2⤵
  PID:11856
- C:\Windows\System32\byJrPlM.exe
  C:\Windows\System32\byJrPlM.exe
  2⤵
  PID:11952
- C:\Windows\System32\WHSYQFJ.exe
  C:\Windows\System32\WHSYQFJ.exe
  2⤵
  PID:12040
- C:\Windows\System32\mHEYEaq.exe
  C:\Windows\System32\mHEYEaq.exe
  2⤵
  PID:12108
- C:\Windows\System32\pKbHjck.exe
  C:\Windows\System32\pKbHjck.exe
  2⤵
  PID:12176
- C:\Windows\System32\qRQlCSs.exe
  C:\Windows\System32\qRQlCSs.exe
  2⤵
  PID:12264
- C:\Windows\System32\IEPUKGz.exe
  C:\Windows\System32\IEPUKGz.exe
  2⤵
  PID:11324
- C:\Windows\System32\jXLdDQM.exe
  C:\Windows\System32\jXLdDQM.exe
  2⤵
  PID:11440
- C:\Windows\System32\oobGmGM.exe
  C:\Windows\System32\oobGmGM.exe
  2⤵
  PID:11636
- C:\Windows\System32\DZCtLCd.exe
  C:\Windows\System32\DZCtLCd.exe
  2⤵
  PID:11776
- C:\Windows\System32\pOXUgtZ.exe
  C:\Windows\System32\pOXUgtZ.exe
  2⤵
  PID:11976
- C:\Windows\System32\bGPUvvg.exe
  C:\Windows\System32\bGPUvvg.exe
  2⤵
  PID:12080
- C:\Windows\System32\yPruzsN.exe
  C:\Windows\System32\yPruzsN.exe
  2⤵
  PID:12252
- C:\Windows\System32\eywZwLG.exe
  C:\Windows\System32\eywZwLG.exe
  2⤵
  PID:3844
- C:\Windows\System32\cfFSxmu.exe
  C:\Windows\System32\cfFSxmu.exe
  2⤵
  PID:11748
- C:\Windows\System32\eHBhPMl.exe
  C:\Windows\System32\eHBhPMl.exe
  2⤵
  PID:11496
- C:\Windows\System32\MpaXjHx.exe
  C:\Windows\System32\MpaXjHx.exe
  2⤵
  PID:11944
- C:\Windows\System32\KcPBlil.exe
  C:\Windows\System32\KcPBlil.exe
  2⤵
  PID:12296
- C:\Windows\System32\KqJqsCt.exe
  C:\Windows\System32\KqJqsCt.exe
  2⤵
  PID:12312
- C:\Windows\System32\nYpgUpR.exe
  C:\Windows\System32\nYpgUpR.exe
  2⤵
  PID:12352
- C:\Windows\System32\usnHseD.exe
  C:\Windows\System32\usnHseD.exe
  2⤵
  PID:12380
- C:\Windows\System32\znapwVj.exe
  C:\Windows\System32\znapwVj.exe
  2⤵
  PID:12408
- C:\Windows\System32\MTtaKKy.exe
  C:\Windows\System32\MTtaKKy.exe
  2⤵
  PID:12424
- C:\Windows\System32\jnJgELq.exe
  C:\Windows\System32\jnJgELq.exe
  2⤵
  PID:12456
- C:\Windows\System32\MgHohwO.exe
  C:\Windows\System32\MgHohwO.exe
  2⤵
  PID:12492
- C:\Windows\System32\XMLIdhN.exe
  C:\Windows\System32\XMLIdhN.exe
  2⤵
  PID:12520
- C:\Windows\System32\iuHAJpb.exe
  C:\Windows\System32\iuHAJpb.exe
  2⤵
  PID:12552
- C:\Windows\System32\xXcHIPY.exe
  C:\Windows\System32\xXcHIPY.exe
  2⤵
  PID:12572
- C:\Windows\System32\VTeSIak.exe
  C:\Windows\System32\VTeSIak.exe
  2⤵
  PID:12596
- C:\Windows\System32\CeqqjDj.exe
  C:\Windows\System32\CeqqjDj.exe
  2⤵
  PID:12632
- C:\Windows\System32\dXolPKD.exe
  C:\Windows\System32\dXolPKD.exe
  2⤵
  PID:12660
- C:\Windows\System32\gEfiyOB.exe
  C:\Windows\System32\gEfiyOB.exe
  2⤵
  PID:12708
- C:\Windows\System32\zMMyjAH.exe
  C:\Windows\System32\zMMyjAH.exe
  2⤵
  PID:12748
- C:\Windows\System32\fCOmNXb.exe
  C:\Windows\System32\fCOmNXb.exe
  2⤵
  PID:12788
- C:\Windows\System32\UYcaUeZ.exe
  C:\Windows\System32\UYcaUeZ.exe
  2⤵
  PID:12820
- C:\Windows\System32\IpjgKQw.exe
  C:\Windows\System32\IpjgKQw.exe
  2⤵
  PID:12840
- C:\Windows\System32\eujDlbS.exe
  C:\Windows\System32\eujDlbS.exe
  2⤵
  PID:12876
- C:\Windows\System32\McmRXFO.exe
  C:\Windows\System32\McmRXFO.exe
  2⤵
  PID:12904
- C:\Windows\System32\ChnIcVX.exe
  C:\Windows\System32\ChnIcVX.exe
  2⤵
  PID:12932
- C:\Windows\System32\KWbqGwQ.exe
  C:\Windows\System32\KWbqGwQ.exe
  2⤵
  PID:12960
- C:\Windows\System32\EutycAM.exe
  C:\Windows\System32\EutycAM.exe
  2⤵
  PID:12988
- C:\Windows\System32\zZGeWZW.exe
  C:\Windows\System32\zZGeWZW.exe
  2⤵
  PID:13004
- C:\Windows\System32\kCMxilC.exe
  C:\Windows\System32\kCMxilC.exe
  2⤵
  PID:13048
- C:\Windows\System32\zcwYbdF.exe
  C:\Windows\System32\zcwYbdF.exe
  2⤵
  PID:13072
- C:\Windows\System32\AhKEsJJ.exe
  C:\Windows\System32\AhKEsJJ.exe
  2⤵
  PID:13100
- C:\Windows\System32\OnHffGo.exe
  C:\Windows\System32\OnHffGo.exe
  2⤵
  PID:13128
- C:\Windows\System32\FQGXJCf.exe
  C:\Windows\System32\FQGXJCf.exe
  2⤵
  PID:13156
- C:\Windows\System32\MlhCucw.exe
  C:\Windows\System32\MlhCucw.exe
  2⤵
  PID:13172
- C:\Windows\System32\IsmepjR.exe
  C:\Windows\System32\IsmepjR.exe
  2⤵
  PID:13200
- C:\Windows\System32\VWEVwIg.exe
  C:\Windows\System32\VWEVwIg.exe
  2⤵
  PID:13232
- C:\Windows\System32\YuLauEe.exe
  C:\Windows\System32\YuLauEe.exe
  2⤵
  PID:13268
- C:\Windows\System32\CkrkSME.exe
  C:\Windows\System32\CkrkSME.exe
  2⤵
  PID:13296
- C:\Windows\System32\fDcExAe.exe
  C:\Windows\System32\fDcExAe.exe
  2⤵
  PID:12308
- C:\Windows\System32\ZYADscV.exe
  C:\Windows\System32\ZYADscV.exe
  2⤵
  PID:12372
- C:\Windows\System32\GnusJsk.exe
  C:\Windows\System32\GnusJsk.exe
  2⤵
  PID:12404
- C:\Windows\System32\VchJBjO.exe
  C:\Windows\System32\VchJBjO.exe
  2⤵
  PID:12504
- C:\Windows\System32\GWFpjrp.exe
  C:\Windows\System32\GWFpjrp.exe
  2⤵
  PID:12564
- C:\Windows\System32\aFcdqaG.exe
  C:\Windows\System32\aFcdqaG.exe
  2⤵
  PID:12644
- C:\Windows\System32\cfHFFIQ.exe
  C:\Windows\System32\cfHFFIQ.exe
  2⤵
  PID:4300
- C:\Windows\System32\CpBXgOF.exe
  C:\Windows\System32\CpBXgOF.exe
  2⤵
  PID:12736
- C:\Windows\System32\LINZKbg.exe
  C:\Windows\System32\LINZKbg.exe
  2⤵
  PID:12832
- C:\Windows\System32\xFSTcaA.exe
  C:\Windows\System32\xFSTcaA.exe
  2⤵
  PID:12888
- C:\Windows\System32\PKUvipQ.exe
  C:\Windows\System32\PKUvipQ.exe
  2⤵
  PID:12980
- C:\Windows\System32\BkUrYex.exe
  C:\Windows\System32\BkUrYex.exe
  2⤵
  PID:13028
- C:\Windows\System32\dNjMVUg.exe
  C:\Windows\System32\dNjMVUg.exe
  2⤵
  PID:13112
- C:\Windows\System32\aNMACiW.exe
  C:\Windows\System32\aNMACiW.exe
  2⤵
  PID:13152
- C:\Windows\System32\cDOivUu.exe
  C:\Windows\System32\cDOivUu.exe
  2⤵
  PID:13188
- C:\Windows\System32\EyleHaz.exe
  C:\Windows\System32\EyleHaz.exe
  2⤵
  PID:1416
- C:\Windows\System32\JkOiRVE.exe
  C:\Windows\System32\JkOiRVE.exe
  2⤵
  PID:13280
- C:\Windows\System32\ckEGsHB.exe
  C:\Windows\System32\ckEGsHB.exe
  2⤵
  PID:11732
- C:\Windows\System32\OlFzcde.exe
  C:\Windows\System32\OlFzcde.exe
  2⤵
  PID:12488
- C:\Windows\System32\lBVvXCI.exe
  C:\Windows\System32\lBVvXCI.exe
  2⤵
  PID:12696
- C:\Windows\System32\wdtkvet.exe
  C:\Windows\System32\wdtkvet.exe
  2⤵
  PID:12800
- C:\Windows\System32\nFwHOSk.exe
  C:\Windows\System32\nFwHOSk.exe
  2⤵
  PID:12972
- C:\Windows\System32\lvPooyz.exe
  C:\Windows\System32\lvPooyz.exe
  2⤵
  PID:13212
- C:\Windows\System32\cZwgRcq.exe
  C:\Windows\System32\cZwgRcq.exe
  2⤵
  PID:13248
- C:\Windows\System32\yxeNQqt.exe
  C:\Windows\System32\yxeNQqt.exe
  2⤵
  PID:12400
- C:\Windows\System32\lhyTOlJ.exe
  C:\Windows\System32\lhyTOlJ.exe
  2⤵
  PID:12924
- C:\Windows\System32\bbgGqwG.exe
  C:\Windows\System32\bbgGqwG.exe
  2⤵
  PID:12344
- C:\Windows\System32\dzemOOw.exe
  C:\Windows\System32\dzemOOw.exe
  2⤵
  PID:12860
- C:\Windows\System32\pUaAsof.exe
  C:\Windows\System32\pUaAsof.exe
  2⤵
  PID:13320
- C:\Windows\System32\JirOldV.exe
  C:\Windows\System32\JirOldV.exe
  2⤵
  PID:13344
- C:\Windows\System32\SrYCyRu.exe
  C:\Windows\System32\SrYCyRu.exe
  2⤵
  PID:13376
- C:\Windows\System32\qOoZSvi.exe
  C:\Windows\System32\qOoZSvi.exe
  2⤵
  PID:13420
- C:\Windows\System32\oFWlpcY.exe
  C:\Windows\System32\oFWlpcY.exe
  2⤵
  PID:13448
- C:\Windows\System32\cDbwaSC.exe
  C:\Windows\System32\cDbwaSC.exe
  2⤵
  PID:13500
- C:\Windows\System32\ffMHdFL.exe
  C:\Windows\System32\ffMHdFL.exe
  2⤵
  PID:13544
- C:\Windows\System32\mUwBdHs.exe
  C:\Windows\System32\mUwBdHs.exe
  2⤵
  PID:13584
- C:\Windows\System32\dLjkvEU.exe
  C:\Windows\System32\dLjkvEU.exe
  2⤵
  PID:13616
- C:\Windows\System32\gUAUVsK.exe
  C:\Windows\System32\gUAUVsK.exe
  2⤵
  PID:13652
- C:\Windows\System32\PTRliWU.exe
  C:\Windows\System32\PTRliWU.exe
  2⤵
  PID:13692
- C:\Windows\System32\rQPVgJU.exe
  C:\Windows\System32\rQPVgJU.exe
  2⤵
  PID:13756
- C:\Windows\System32\ityNyyK.exe
  C:\Windows\System32\ityNyyK.exe
  2⤵
  PID:13776
- C:\Windows\System32\uXqvyuc.exe
  C:\Windows\System32\uXqvyuc.exe
  2⤵
  PID:13808
- C:\Windows\System32\wEkNgbp.exe
  C:\Windows\System32\wEkNgbp.exe
  2⤵
  PID:13840
- C:\Windows\System32\ZWFipNh.exe
  C:\Windows\System32\ZWFipNh.exe
  2⤵
  PID:13860
- C:\Windows\System32\NBSKTTF.exe
  C:\Windows\System32\NBSKTTF.exe
  2⤵
  PID:13884
- C:\Windows\System32\sGFIHGr.exe
  C:\Windows\System32\sGFIHGr.exe
  2⤵
  PID:13928

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BRpUCXD.exe

Filesize
2.6MB

MD5
deb269aeca66d9b5f4e04e9775b21627

SHA1
766755f957b051ebb5f8826c8e78f3498c6e7f78

SHA256
0b98042f25dc96126331af4c7b66cd8a385530f89239c327e3672ea1af4c92f2

SHA512
eb0a4a7420582485af0959fa0887debcb374cd35e9a7c2ce705b2c08caefc58f445b0b2ac7b1089f8d62b0c836a10422c7c2e3ca27cad539f6cb849fc0e120e0

Download Submit
C:\Windows\System32\ByRKUVs.exe

Filesize
2.6MB

MD5
85648b008cdb3f871c3b23deea67ce06

SHA1
b7d797d086e8a547d4445556b6a7661b4800977f

SHA256
d8030d559006a99997b726ebd0a4df8b7febda69ea9b57d00c8b9c0856974a20

SHA512
4d7ec4b05885889c29b860ebd725950fe2a97aad4bcfdbc51d8a82135ac5c9ff165a19d9047e651dd44699c0f901b0263e17e05a894f159b5e87bdf970a290a7

Download Submit
C:\Windows\System32\IBwHHMR.exe

Filesize
2.6MB

MD5
612801d9ba9a925902226b0f43cce340

SHA1
cbd36a129c8cf90fa93f79286a11c7598b2f3207

SHA256
697f0a8209cbe2740ccfa02b37e69de011b711ef1ef84103ca1c8d15cc6a9121

SHA512
867f0033f065da7f03c95d7ffcda27ff5f325256454ba43d0819ed5c5ff04359fe752f0e2377ad0c4a98b66996b2231624759dae91ec36186b07186a9b6d0ef6

Download Submit
C:\Windows\System32\IZgmYkI.exe

Filesize
2.6MB

MD5
2db050f4395a8b7723598462993419e3

SHA1
5ea8119df2039b00d31ed5264f9957f042cac570

SHA256
26bd02d35cc97d04ffd63a2cd5895f8384888c5e9b48571ee0f1b6aa13962240

SHA512
72fde4e9dc0a9a2f1424e91168cd805e2036db6fa6abe9f5b5734d83f53d5dd8ec781457123d73709b82e3e5820f8c6bbe36774e311264caa83e78d16edc121c

Download Submit
C:\Windows\System32\JhxYtrH.exe

Filesize
2.6MB

MD5
28344e6a5e8edae3f82492602cdaa092

SHA1
1984543eb86613f8896c92ca9a16e42e6c73ef07

SHA256
5546ae9a20d9020a0f36ecc496e5181afca25e3d70a818d540c10789a496ba7a

SHA512
c65f77acd2e97d2c3e7586cb94a28c8df4af778c72efe6e91aebd233b7f9e43baef2e0ef4b7992bfd5080963061ac05139ce9739c2a127134d8c113ea00921bb

Download Submit
C:\Windows\System32\JtDWdeD.exe

Filesize
2.6MB

MD5
9a394edcec475a9d4d49d00231a10e09

SHA1
ac4c19c36ceeaba8f8d163262c5b48c7eb7f1263

SHA256
e8bfa94f121b2bc3005b3c5c9f03f6c5da086240e6c2534e97fe00604fe7f062

SHA512
1ec83b8a9ad748c4ff75761cab6c95476c1a55713c6b4399393cb90c8fe405bffd94cfadf4e84a4a8df5371dacad3c032031aa15c89d19887d63a7b1de249e55

Download Submit
C:\Windows\System32\LguJoCD.exe

Filesize
2.6MB

MD5
12771687affa7472b9a85c6f4a9be184

SHA1
6e0a5e2b3f7f2686fc999f4f2450ac90bb5fe9e5

SHA256
a9aab48208815f5ec82ea17db39a2cf64721719b807b58304dbef019e3f6ff7b

SHA512
045642878698fc69be29c2fe4bbc2666ddd7b071a74332b0c4e011c2395a5cfcb6d7d0ecaf649b20a01407fe2edb28d147cf58a6755b35bfdee4f8e6be707150

Download Submit
C:\Windows\System32\MKGdtpu.exe

Filesize
2.6MB

MD5
799b1681f0addca1d36cf25e9309ed7b

SHA1
a35db49b672231a879f48e34a18db0077afaf75e

SHA256
4dd7cc698d60c3c644f762918219df683b823ccc1800350013a02f01d296dea5

SHA512
252d22ccb5abd92eb62c7e7331164b3793bc2e21bdca4613a418a64b5a22b4b88273b3b24bbca1142f260d01bb2ced9c191b8195fe9124c34941b2d9fdc88e58

Download Submit
C:\Windows\System32\NEOVIxU.exe

Filesize
2.6MB

MD5
fa05eaf170e51ac983a0bf5129eea574

SHA1
7bb5cb0489d3a44fa3be5667fb5b7c0a6b8cd063

SHA256
78d2851146f30af6eafef51d331d5e562995123021a92d6ee16553e89fb9329f

SHA512
58e2cbaec63ed8d7809e0e790d576855dc34b7d02cf5e0e6fa2958d42e9ce2053377f2efcb60942aaad5c184009ba44e60f5551ba69a07784b22fe6beeb5966f

Download Submit
C:\Windows\System32\ReUfFGu.exe

Filesize
2.6MB

MD5
8eac9833ef4d0ed366f998949bfad5a1

SHA1
8fee54c1fc2fd29a74b0754eee4cadaa7f8d5136

SHA256
fa10a264329488af5d4e35272e9d2efa9e33d847e0c729c7690a4f429f4738c1

SHA512
a9c1cf4b96d4a975868afeadaecb9e4285bc0a291f076153e419ab6da42722c8d2fa2e5bcd1f6d6a042a07ea6f02040e1c5bae3e27a6120a2838eac3049d6023

Download Submit
C:\Windows\System32\RzSDAbp.exe

Filesize
2.6MB

MD5
779305e2774a8a8e1bd0187a3a92772d

SHA1
a2473eede17dbc9dfd857994859b8d88b44411e6

SHA256
10464cacdecb0d3f562b553ea944652c25e4d8b747d84d59307a7796ec48dbc8

SHA512
e1c49cb3e0b762aa691abf904757bd589504ce807870ea0d9f6fee97943e245dae79c9ad496ee14bbc25aa069eb6edb92bbf9c98dc89f068c4a0ff472bcc8f6a

Download Submit
C:\Windows\System32\UqdApUN.exe

Filesize
2.6MB

MD5
e528fe32df077576625097666f5a0cf6

SHA1
44ff11d43adcbbd4d9711fc26d87809e88effb91

SHA256
58500a00825e1de796a885782164216d4b0ac40b730c72cbb455a7d4c53bfd0e

SHA512
1c638ae101da844707b8a856eee2583b4561f55a1668a308b4aa6127d5f8cd2e0a7354d01ac1ab32c9715e02795f82170f70df6428b3defce1c36b599d35595e

Download Submit
C:\Windows\System32\VjIKHpY.exe

Filesize
2.6MB

MD5
7590e970b6410e1881fc4aae6b50764e

SHA1
61c4f3fcef0357b654eca2e03bbda16649d67aef

SHA256
e2f414c2aa308b8abf5701d6d68d97ddafc5c2f77519445d033b5226ce420dc4

SHA512
45dd209aeaf63b28db7429153a767b38af0da10d79132151b0c2c73a054db2c9d9f3d67954e47b365a267e210768109777654f34f6e0b8273f3a79e32b40c24b

Download Submit
C:\Windows\System32\XzhGveS.exe

Filesize
2.6MB

MD5
7ce8a706d128bca5a5ac9d125d3e0a07

SHA1
c871df62037d5e1f6a2431a5697bc216d3f9ffa6

SHA256
8b094a4d7a6899fd1b7c13aac30f5991efad08a182c32f5882f7e441e361a9aa

SHA512
02f03b1544522a363c59bb4ccfdb4eb8e01f5b809f2ea0d39f2b9fd58c048bc185ea2d45321704e4e12825157266fc1de2b51c8d271bd02fab91829f917f7016

Download Submit
C:\Windows\System32\YAdlUDw.exe

Filesize
2.6MB

MD5
f622433a67a3105a5c6e2c84ac74d09d

SHA1
6c1f7cf7c54254be9ac4533103fd9b191ddede08

SHA256
b694ab495ef0a50359cdc070a6abcd7828032d5f24a6a0ec82806ea760490759

SHA512
929142d52d6263b8a01164d8a77a8075c77bb7b3e2af9cdaf50aeca5d319cc60577e0d68e16bfdd3f6eb3078ac718bec43a4c50a7f1400949bc311108e06eca3

Download Submit
C:\Windows\System32\ZIGeFyH.exe

Filesize
2.6MB

MD5
d28ccc8d7a07f8fe5fed91925a07613a

SHA1
6bd9273ea1955ca4711c3efd83e5d7882e680453

SHA256
6a101579005d6979b6e1f7000fe7b123ac5da9efaf8150c274b5e8257ba9321d

SHA512
d7e7c71eeecf42aca2a5452b8bb6c82b872455b225f465f5af18d848758545db9b59bb9968d59378cdcd1dd676c63ebe3b6162b6f65b6c25d9f0e006868af21e

Download Submit
C:\Windows\System32\amvMJVh.exe

Filesize
2.6MB

MD5
66f7bd7bd85b0641d8c7b58341c34acc

SHA1
8e35dbc254d9184e874ed75212f8d9fd39962a2f

SHA256
228bf4493c33735c689620ee52eac82c2f71b6c1206823e8c08e96779bfbcf44

SHA512
034735a284ff22b4db6f9a9c841314800aa35ccd3b9e7e63237b3774969d50cf543a8b3c15aad242a0fb14ede7da988c36ac7c90a54da69092439d2a71a9f1a1

Download Submit
C:\Windows\System32\bIRJUTs.exe

Filesize
2.6MB

MD5
9d2b7827d2f1a0f5ac5d417dd5242b83

SHA1
38e6cac7c6320aaaf2d2ebdd559ea013b5921868

SHA256
9a15342748fcdfff29025618e0758985da1e8bec2ea4f27a38770ee8345b7479

SHA512
4a408ad6f7650a61f53d6551431b05b607dfc2702f1d1f80e3ace06a9694badf6eb0c77d2ec5da6c51c1bcf4009111236727d98fe34321252de87ca3cad0eb8e

Download Submit
C:\Windows\System32\bcvqZbL.exe

Filesize
2.6MB

MD5
31eea773745e9be40b8c8f2203270552

SHA1
7dfd9ba0bf49068458f87292f69d4b2ae6276830

SHA256
24235b3d14d1474d153956e8188af40473703290c2ca582b17f6fd29f7e4c7d9

SHA512
05ce50181db810ece525725783e23dbc3cbe312e6616f1b98f9b10c9a0573c9ebf2c391ca4404aeb2302680b7e2419b8c3d8d848fe41a483cb230740339f4489

Download Submit
C:\Windows\System32\csXiBXz.exe

Filesize
2.6MB

MD5
0d817a8baf81d58864f2fe34dc4dcd64

SHA1
213f3d0fecffc595eac1791ceb258e9ac90632cc

SHA256
fe265a190a8ac212e887ec63a1a92ab35c40e62d525cdb7337f0b0303afb78f5

SHA512
43fd333d70fedcda54dcd7a898bd8fd1b9c2ff7890f7aff6d3486470e795c53ae79372060ef3243cfb15b0eaf13c944043ceb2918b4e755ffa3375e92ea101dc

Download Submit
C:\Windows\System32\dAGWRxF.exe

Filesize
2.6MB

MD5
bbd03ce6781c438f28a7252bf6b12536

SHA1
b54efe9dda767ed907240ee256079bde2f1769f2

SHA256
ef54eacfd56d40fb08637376764fbe9d2df213e146c7c2ce1a259253a33a5aa6

SHA512
4e3371051b9bf715d85f995f9be6664227161f70e0f736de4544d0d2a1f3b532e6dd7a042eb11eecb78dc2974fdf757550f155a31e131cbcf601d31aaf274962

Download Submit
C:\Windows\System32\dJnmTHG.exe

Filesize
2.6MB

MD5
42ce73846e0d9e255ba3e7bc60d925d7

SHA1
4c625b62073d92bc0c76328b249c2199649289c3

SHA256
107d3cacb54070f6b7eec75de3e268babe5faa46d490c98683b612406a1b65d2

SHA512
7bceb86cf0692ccebd4e2777cf4183a697a5da02307a5cd8dafd91ef77c2b710b8209c0ea191968f22160e3bfce6dceae03b9e8fac1541d913e9a9198d48359d

Download Submit
C:\Windows\System32\gBLEBqs.exe

Filesize
2.6MB

MD5
e23ef0276a05f7c3a2bfd0b5f39f9679

SHA1
dca56ccd59b304a4e1f54b6a9571d9e53d535b30

SHA256
c2ea0823c2e680111f2e153dfbabd53d7bb2167b3a0950b7053c36f44f28a776

SHA512
e86b29e62c6d6fecd0e176b6da765d7fc82506c389e6fc10d23f6ec1ceee59b6b6a98967271ab0f9d633198f9429d3a0ba2a6c433325c6915688a24e1b013e20

Download Submit
C:\Windows\System32\hSWJguL.exe

Filesize
2.6MB

MD5
69f040434e434b3b06eee35772898b98

SHA1
1f762346686395a7faef42088077a0981c35e3bc

SHA256
8b3407c19d51193568c293d4f5c6acfb5d537e9074b5b7970ec1a2293bf27528

SHA512
299639c69c75526f3ba3656dbbaf637fdf8ea4a5fbbc1e7a4d7897c27d8b81f557331d6312cfa71845605c36714a033211eefbe8a5879e7e13fd96c219a4b664

Download Submit
C:\Windows\System32\htlfZKb.exe

Filesize
2.6MB

MD5
ba7668bdaf72e9dadd344736ebbbd027

SHA1
0a50f3c52611af7ffb601e2f6255a50b722be48a

SHA256
42067c5b727c36b7fc6464fbe377df0f4421e65d8344efe92952978b7af1e857

SHA512
18aee62e912384a331bcb6b115ee81aeed9044929f6853c02804a2d4ca5128589deecedb7ba01c7c6ac8152c6a7a594576b2113d5bed1d5e98570f17a5c8fcae

Download Submit
C:\Windows\System32\jGTbBMX.exe

Filesize
2.6MB

MD5
aeb4474e923993d54087f3a21139c417

SHA1
da51e7d3f3bd104c707d74b0a8d1d837d41142c2

SHA256
0ef151cda80b3c60891990b25e84c15d2b015becabee700e2277e22bf28b829d

SHA512
a32394b510bccd6ddff028c16fc7f8c7f1987683f59f6920548ab5226b8caa723a44f29a4c0b59fd2df43d983bded78131531bcd891e5d017641391955f4914e

Download Submit
C:\Windows\System32\jVQqaGd.exe

Filesize
2.6MB

MD5
0ae1e5998e04e45c544350ba673bb4f8

SHA1
7b09f9e9e4245d3d936c863348dec0725b4407fd

SHA256
a3953d525aeafe6432185bf3a18ffbc04576f7a519de173fb94a9d02642b73d9

SHA512
367d53fb2b8c7dd8e4f38af29a44b1259005c11e628a2961b5a3107bb0ef725ad62f0bcc3b94f405bb17eee5dace25942c39613615306387936f1131b4d72dc6

Download Submit
C:\Windows\System32\kJocSCZ.exe

Filesize
2.6MB

MD5
807f1fc838dda769479cf28fb66985ec

SHA1
6b23f3e63522c1d6235183877e82c3f5c02faba9

SHA256
df62fa2b4ace1f6c7fa0c1ced1126a867e38656468e73bde83e21200d7d800ab

SHA512
d8406c4390e96720071593a279a96de6e02d5bce8821502494400c50d5543327cb11f987a449d8f748e9551773b18effa28f5f9af9a07e960137b2da9245fa63

Download Submit
C:\Windows\System32\qSzyvsq.exe

Filesize
2.6MB

MD5
32f609506c9be3081aac7ddde8c9b7a6

SHA1
30bb5926ddfcd212adfd35054f1194f5f2d643ce

SHA256
24f1230fbcb3b766bdb361edc547407b9fdff149c98df9f5c431b246af2ef692

SHA512
4aaf009d6f6e1825fe0d050ac1deabd8e0a26ae612d57ca67f6b867df08eab2d4618e3ef9aa726e3ff926101e46c1bbd1ac91c614dad369064aed938b46f0d14

Download Submit
C:\Windows\System32\tmCoBJO.exe

Filesize
2.6MB

MD5
df909cf174a3cce4a2a3c92ccd6d7b4b

SHA1
052a0dea5d7aecdebb15a7a83ebc6463049a12ec

SHA256
5f9e4dcac8714811231759419a6aa869acf21d0c90624c33175c96fb312900ac

SHA512
c09b8f8c69d42cfd6bcf663f65e5f795d05f550a44e7be23216a6ad8b91da690ec439765d7837f7eff273c98c3045f5debcaeddf1b3d78d5c8e95f3ac913b996

Download Submit
C:\Windows\System32\vRbBBeq.exe

Filesize
2.6MB

MD5
68d524690451eae5e1e5b87bb14adce7

SHA1
72f10ddacf84607748a93e64497a97c9d4afadd0

SHA256
41222478c5cdd1b93bedbf80d700807199881904fe4460d66355503fa61c1cd3

SHA512
723315591d2352af7d261f61c69bb2296db013d7b410411a087af8440a2d459c871ea77e2a77fb012917206d378db87f39f99da20cce5d32ed0d9dc594d7246e

Download Submit
C:\Windows\System32\zxWZKlg.exe

Filesize
2.6MB

MD5
032e96d661f636a589527bcbc0d5b2c9

SHA1
1155a161ddf436c0681ac79e3928cb3b3f464181

SHA256
6145f7dd4dd914aab923c806cf4fdc5faa7c60e3c4ba08c21a57d35265a7b4e8

SHA512
578082e06f333374afc70b3b465e9ddbd2486a1ce31b74b10b41268296dcdeb2a7c0e02aa9f1846ff70f7ba2874f2390f7cf0f19e6714b0ffcb9389767cdc75f

Download Submit
memory/232-0-0x00007FF720720000-0x00007FF720B15000-memory.dmp

Filesize
4.0MB

Download
memory/232-72-0x00007FF720720000-0x00007FF720B15000-memory.dmp

Filesize
4.0MB

Download
memory/232-1-0x00000205804E0000-0x00000205804F0000-memory.dmp

Filesize
64KB

Download
memory/232-2001-0x00007FF720720000-0x00007FF720B15000-memory.dmp

Filesize
4.0MB

Download
memory/860-38-0x00007FF7A27A0000-0x00007FF7A2B95000-memory.dmp

Filesize
4.0MB

Download
memory/860-2005-0x00007FF7A27A0000-0x00007FF7A2B95000-memory.dmp

Filesize
4.0MB

Download
memory/1032-2004-0x00007FF72F6B0000-0x00007FF72FAA5000-memory.dmp

Filesize
4.0MB

Download
memory/1032-32-0x00007FF72F6B0000-0x00007FF72FAA5000-memory.dmp

Filesize
4.0MB

Download
memory/1964-133-0x00007FF7681B0000-0x00007FF7685A5000-memory.dmp

Filesize
4.0MB

Download
memory/1964-68-0x00007FF7681B0000-0x00007FF7685A5000-memory.dmp

Filesize
4.0MB

Download
memory/1964-2012-0x00007FF7681B0000-0x00007FF7685A5000-memory.dmp

Filesize
4.0MB

Download
memory/2312-114-0x00007FF77C060000-0x00007FF77C455000-memory.dmp

Filesize
4.0MB

Download
memory/2312-1130-0x00007FF77C060000-0x00007FF77C455000-memory.dmp

Filesize
4.0MB

Download
memory/2312-2019-0x00007FF77C060000-0x00007FF77C455000-memory.dmp

Filesize
4.0MB

Download
memory/2356-92-0x00007FF6970E0000-0x00007FF6974D5000-memory.dmp

Filesize
4.0MB

Download
memory/2356-35-0x00007FF6970E0000-0x00007FF6974D5000-memory.dmp

Filesize
4.0MB

Download
memory/2356-2007-0x00007FF6970E0000-0x00007FF6974D5000-memory.dmp

Filesize
4.0MB

Download
memory/2708-1722-0x00007FF692E80000-0x00007FF693275000-memory.dmp

Filesize
4.0MB

Download
memory/2708-149-0x00007FF692E80000-0x00007FF693275000-memory.dmp

Filesize
4.0MB

Download
memory/2708-2024-0x00007FF692E80000-0x00007FF693275000-memory.dmp

Filesize
4.0MB

Download
memory/3200-125-0x00007FF76BD20000-0x00007FF76C115000-memory.dmp

Filesize
4.0MB

Download
memory/3200-2011-0x00007FF76BD20000-0x00007FF76C115000-memory.dmp

Filesize
4.0MB

Download
memory/3200-60-0x00007FF76BD20000-0x00007FF76C115000-memory.dmp

Filesize
4.0MB

Download
memory/3732-2002-0x00007FF60ECD0000-0x00007FF60F0C5000-memory.dmp

Filesize
4.0MB

Download
memory/3732-79-0x00007FF60ECD0000-0x00007FF60F0C5000-memory.dmp

Filesize
4.0MB

Download
memory/3732-8-0x00007FF60ECD0000-0x00007FF60F0C5000-memory.dmp

Filesize
4.0MB

Download
memory/3756-52-0x00007FF7CACD0000-0x00007FF7CB0C5000-memory.dmp

Filesize
4.0MB

Download
memory/3756-2009-0x00007FF7CACD0000-0x00007FF7CB0C5000-memory.dmp

Filesize
4.0MB

Download
memory/3756-111-0x00007FF7CACD0000-0x00007FF7CB0C5000-memory.dmp

Filesize
4.0MB

Download
memory/4452-2013-0x00007FF646700000-0x00007FF646AF5000-memory.dmp

Filesize
4.0MB

Download
memory/4452-126-0x00007FF646700000-0x00007FF646AF5000-memory.dmp

Filesize
4.0MB

Download
memory/4452-78-0x00007FF646700000-0x00007FF646AF5000-memory.dmp

Filesize
4.0MB

Download
memory/4464-44-0x00007FF7D0440000-0x00007FF7D0835000-memory.dmp

Filesize
4.0MB

Download
memory/4464-104-0x00007FF7D0440000-0x00007FF7D0835000-memory.dmp

Filesize
4.0MB

Download
memory/4464-2008-0x00007FF7D0440000-0x00007FF7D0835000-memory.dmp

Filesize
4.0MB

Download
memory/4532-2017-0x00007FF636160000-0x00007FF636555000-memory.dmp

Filesize
4.0MB

Download
memory/4532-888-0x00007FF636160000-0x00007FF636555000-memory.dmp

Filesize
4.0MB

Download
memory/4532-100-0x00007FF636160000-0x00007FF636555000-memory.dmp

Filesize
4.0MB

Download
memory/4560-81-0x00007FF7324A0000-0x00007FF732895000-memory.dmp

Filesize
4.0MB

Download
memory/4560-2014-0x00007FF7324A0000-0x00007FF732895000-memory.dmp

Filesize
4.0MB

Download
memory/4560-146-0x00007FF7324A0000-0x00007FF732895000-memory.dmp

Filesize
4.0MB

Download
memory/4616-14-0x00007FF718A50000-0x00007FF718E45000-memory.dmp

Filesize
4.0MB

Download
memory/4616-2003-0x00007FF718A50000-0x00007FF718E45000-memory.dmp

Filesize
4.0MB

Download
memory/4616-80-0x00007FF718A50000-0x00007FF718E45000-memory.dmp

Filesize
4.0MB

Download
memory/4664-153-0x00007FF7FD0D0000-0x00007FF7FD4C5000-memory.dmp

Filesize
4.0MB

Download
memory/4664-2015-0x00007FF7FD0D0000-0x00007FF7FD4C5000-memory.dmp

Filesize
4.0MB

Download
memory/4664-87-0x00007FF7FD0D0000-0x00007FF7FD4C5000-memory.dmp

Filesize
4.0MB

Download
memory/4744-1386-0x00007FF73B8E0000-0x00007FF73BCD5000-memory.dmp

Filesize
4.0MB

Download
memory/4744-129-0x00007FF73B8E0000-0x00007FF73BCD5000-memory.dmp

Filesize
4.0MB

Download
memory/4744-2021-0x00007FF73B8E0000-0x00007FF73BCD5000-memory.dmp

Filesize
4.0MB

Download
memory/4756-1482-0x00007FF6EBC90000-0x00007FF6EC085000-memory.dmp

Filesize
4.0MB

Download
memory/4756-2022-0x00007FF6EBC90000-0x00007FF6EC085000-memory.dmp

Filesize
4.0MB

Download
memory/4756-136-0x00007FF6EBC90000-0x00007FF6EC085000-memory.dmp

Filesize
4.0MB

Download
memory/4804-2016-0x00007FF6C7040000-0x00007FF6C7435000-memory.dmp

Filesize
4.0MB

Download
memory/4804-93-0x00007FF6C7040000-0x00007FF6C7435000-memory.dmp

Filesize
4.0MB

Download
memory/4804-768-0x00007FF6C7040000-0x00007FF6C7435000-memory.dmp

Filesize
4.0MB

Download
memory/4864-2023-0x00007FF7756A0000-0x00007FF775A95000-memory.dmp

Filesize
4.0MB

Download
memory/4864-1599-0x00007FF7756A0000-0x00007FF775A95000-memory.dmp

Filesize
4.0MB

Download
memory/4864-140-0x00007FF7756A0000-0x00007FF775A95000-memory.dmp

Filesize
4.0MB

Download
memory/4924-1840-0x00007FF6B89F0000-0x00007FF6B8DE5000-memory.dmp

Filesize
4.0MB

Download
memory/4924-156-0x00007FF6B89F0000-0x00007FF6B8DE5000-memory.dmp

Filesize
4.0MB

Download
memory/4924-2025-0x00007FF6B89F0000-0x00007FF6B8DE5000-memory.dmp

Filesize
4.0MB

Download
memory/5088-121-0x00007FF7FA9B0000-0x00007FF7FADA5000-memory.dmp

Filesize
4.0MB

Download
memory/5088-1249-0x00007FF7FA9B0000-0x00007FF7FADA5000-memory.dmp

Filesize
4.0MB

Download
memory/5088-2020-0x00007FF7FA9B0000-0x00007FF7FADA5000-memory.dmp

Filesize
4.0MB

Download
memory/5100-1010-0x00007FF6EA670000-0x00007FF6EAA65000-memory.dmp

Filesize
4.0MB

Download
memory/5100-2018-0x00007FF6EA670000-0x00007FF6EAA65000-memory.dmp

Filesize
4.0MB

Download
memory/5100-107-0x00007FF6EA670000-0x00007FF6EAA65000-memory.dmp

Filesize
4.0MB

Download
memory/5300-118-0x00007FF608D00000-0x00007FF6090F5000-memory.dmp

Filesize
4.0MB

Download
memory/5300-2010-0x00007FF608D00000-0x00007FF6090F5000-memory.dmp

Filesize
4.0MB

Download
memory/5300-57-0x00007FF608D00000-0x00007FF6090F5000-memory.dmp

Filesize
4.0MB

Download
memory/5532-2006-0x00007FF6D5300000-0x00007FF6D56F5000-memory.dmp

Filesize
4.0MB

Download
memory/5532-34-0x00007FF6D5300000-0x00007FF6D56F5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads