xmrig | d724b08f26b4b4206511fe471c08e1aa7974e86da0e5c17fefb25c6669e5dc61

Analysis

max time kernel
104s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2025, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
Size

2.4MB
MD5

060017b839c46c5a381e0e544eb68bfe
SHA1

e232cbad8f7d04fba0b60ab9567717b8b3180bc8
SHA256

d724b08f26b4b4206511fe471c08e1aa7974e86da0e5c17fefb25c6669e5dc61
SHA512

912e7de62dab395969edfc730769cead355649fe36054f2e9d2f820495aa471fce2fd197cca81c03f3db272d0dbde27585f2938fe0a02da4eb94974622465bde
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8Dze7jcmnONjQ:w0GnJMOWPClFdx6e0EALKWVTffZiPAcU

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/5352-0-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp	xmrig
behavioral1/files/0x0004000000023106-4.dat	xmrig
behavioral1/files/0x000700000002422c-9.dat	xmrig
behavioral1/files/0x000800000002422b-11.dat	xmrig
behavioral1/memory/3992-12-0x00007FF76C2D0000-0x00007FF76C6C5000-memory.dmp	xmrig
behavioral1/memory/6072-10-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp	xmrig
behavioral1/files/0x000700000002422d-23.dat	xmrig
behavioral1/files/0x000700000002422e-31.dat	xmrig
behavioral1/files/0x000700000002422f-36.dat	xmrig
behavioral1/files/0x0007000000024232-44.dat	xmrig
behavioral1/files/0x0007000000024231-52.dat	xmrig
behavioral1/files/0x0007000000024233-56.dat	xmrig
behavioral1/files/0x0007000000024234-64.dat	xmrig
behavioral1/files/0x0007000000024236-74.dat	xmrig
behavioral1/files/0x000700000002423b-99.dat	xmrig
behavioral1/files/0x000700000002423e-111.dat	xmrig
behavioral1/files/0x0007000000024245-149.dat	xmrig
behavioral1/memory/5612-769-0x00007FF7C46B0000-0x00007FF7C4AA5000-memory.dmp	xmrig
behavioral1/files/0x0007000000024249-165.dat	xmrig
behavioral1/files/0x0007000000024248-161.dat	xmrig
behavioral1/files/0x0007000000024247-159.dat	xmrig
behavioral1/files/0x0007000000024246-154.dat	xmrig
behavioral1/files/0x0007000000024244-145.dat	xmrig
behavioral1/files/0x0007000000024243-140.dat	xmrig
behavioral1/files/0x0007000000024242-134.dat	xmrig
behavioral1/files/0x0007000000024241-132.dat	xmrig
behavioral1/files/0x0007000000024240-125.dat	xmrig
behavioral1/files/0x000700000002423f-119.dat	xmrig
behavioral1/files/0x000700000002423d-109.dat	xmrig
behavioral1/files/0x000700000002423c-105.dat	xmrig
behavioral1/files/0x000700000002423a-94.dat	xmrig
behavioral1/files/0x0007000000024239-89.dat	xmrig
behavioral1/files/0x0007000000024238-86.dat	xmrig
behavioral1/files/0x0007000000024237-79.dat	xmrig
behavioral1/files/0x0007000000024235-70.dat	xmrig
behavioral1/files/0x0008000000024229-59.dat	xmrig
behavioral1/files/0x0007000000024230-50.dat	xmrig
behavioral1/memory/4420-41-0x00007FF692060000-0x00007FF692455000-memory.dmp	xmrig
behavioral1/memory/3988-777-0x00007FF769DC0000-0x00007FF76A1B5000-memory.dmp	xmrig
behavioral1/memory/3408-785-0x00007FF7ACEE0000-0x00007FF7AD2D5000-memory.dmp	xmrig
behavioral1/memory/6100-792-0x00007FF7D4890000-0x00007FF7D4C85000-memory.dmp	xmrig
behavioral1/memory/4620-810-0x00007FF73E930000-0x00007FF73ED25000-memory.dmp	xmrig
behavioral1/memory/4552-801-0x00007FF7C05C0000-0x00007FF7C09B5000-memory.dmp	xmrig
behavioral1/memory/4800-820-0x00007FF684220000-0x00007FF684615000-memory.dmp	xmrig
behavioral1/memory/4668-832-0x00007FF6378C0000-0x00007FF637CB5000-memory.dmp	xmrig
behavioral1/memory/5828-843-0x00007FF6993E0000-0x00007FF6997D5000-memory.dmp	xmrig
behavioral1/memory/4780-828-0x00007FF6028B0000-0x00007FF602CA5000-memory.dmp	xmrig
behavioral1/memory/3060-848-0x00007FF6EB1A0000-0x00007FF6EB595000-memory.dmp	xmrig
behavioral1/memory/5032-859-0x00007FF779000000-0x00007FF7793F5000-memory.dmp	xmrig
behavioral1/memory/1796-868-0x00007FF745AD0000-0x00007FF745EC5000-memory.dmp	xmrig
behavioral1/memory/1920-873-0x00007FF7AB4F0000-0x00007FF7AB8E5000-memory.dmp	xmrig
behavioral1/memory/4492-884-0x00007FF645170000-0x00007FF645565000-memory.dmp	xmrig
behavioral1/memory/2380-886-0x00007FF778B10000-0x00007FF778F05000-memory.dmp	xmrig
behavioral1/memory/876-870-0x00007FF6310C0000-0x00007FF6314B5000-memory.dmp	xmrig
behavioral1/memory/3752-864-0x00007FF692DD0000-0x00007FF6931C5000-memory.dmp	xmrig
behavioral1/memory/4864-862-0x00007FF7B6E00000-0x00007FF7B71F5000-memory.dmp	xmrig
behavioral1/memory/5004-857-0x00007FF613EC0000-0x00007FF6142B5000-memory.dmp	xmrig
behavioral1/memory/4844-852-0x00007FF68EA30000-0x00007FF68EE25000-memory.dmp	xmrig
behavioral1/memory/5352-1547-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp	xmrig
behavioral1/memory/6072-1649-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp	xmrig
behavioral1/memory/4420-1778-0x00007FF692060000-0x00007FF692455000-memory.dmp	xmrig
behavioral1/memory/3992-1775-0x00007FF76C2D0000-0x00007FF76C6C5000-memory.dmp	xmrig
behavioral1/memory/5352-1886-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp	xmrig
behavioral1/memory/6072-1887-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
6072	QWOepqm.exe
3992	tqUeKKC.exe
4420	WsnNCKF.exe
4492	LpxtqQL.exe
5612	IPWRNHV.exe
3988	OlpQTys.exe
3408	ggwaYqz.exe
2380	ZFwBkji.exe
6100	ASxDvtD.exe
4552	kRPGaZB.exe
4620	HWopxcn.exe
4800	aIVbPpc.exe
4780	PtoFjfm.exe
4668	RijWqWO.exe
5828	YYvdFfV.exe
3060	TsLCoWW.exe
4844	TCAGFSh.exe
5004	gkbkygh.exe
5032	mircjIj.exe
4864	afxTHhP.exe
3752	dkjlDDu.exe
1796	cnNIDBc.exe
876	YEjLxzo.exe
1920	OwDgpIa.exe
3644	RJQsUwQ.exe
1312	heZwDMT.exe
2512	cNCzoaB.exe
2252	QYSbjiL.exe
4884	vjtkhwO.exe
5680	ZqZMUXz.exe
1332	VCirahx.exe
3248	UorziXC.exe
1632	QuoLuTh.exe
3212	dYvzxhE.exe
624	seIDfdf.exe
2184	efWmMjI.exe
1448	eTBieFr.exe
3740	jAuQMtE.exe
5576	EvHMhjZ.exe
1340	pDGJECB.exe
4508	UNvdluj.exe
3448	OKUmBDh.exe
5332	BmHPsAb.exe
3596	jESBMKj.exe
5564	ldwczNe.exe
5236	HLJiPIF.exe
5552	fYoViGL.exe
232	jtKGEHs.exe
4556	WBQJDHN.exe
2596	ffWrxKF.exe
4144	EWCNJPL.exe
2084	RJIjwGq.exe
5524	TlUmqoy.exe
3300	AaaKPZY.exe
5584	foOGniK.exe
1120	JDJdGiG.exe
5716	eqXChbu.exe
5408	trbsnWJ.exe
1440	kMqRojy.exe
1100	pKIyjHH.exe
1968	HQiHmMD.exe
5116	GoCbafV.exe
2680	kpLJYtg.exe
628	olZUkbX.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\WBQJDHN.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\EqpdsPv.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\RJfhSfm.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\Wgkaugz.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\nxRvFjY.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\clhYGpN.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\kSYMNoM.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\kpPHaPd.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\QJvuAwl.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\OqqoWxQ.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\xdqJysJ.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\yykEZXs.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\VqGXJRX.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\zrIDZGT.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\IOEzchK.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\UPzSNpw.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\vjtkhwO.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\gBTUVwy.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\RAzPQva.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\itQYtog.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\plpJEhw.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\LZDymSs.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\EQwgfJm.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\NwqbfVl.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\XVxixGG.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\gsUFQUy.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\aIVbPpc.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\jESBMKj.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\HQiHmMD.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\iNVPktc.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\gcMKAMF.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\Ipshjww.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\xOtragj.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\ZUgfiZL.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\UZGRBkc.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\qYocfQY.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\RmmuXxx.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\lWrwAIS.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\lvYAyTl.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\IjWcNNj.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\cVlZfry.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\wObpWaj.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\BqSkVuP.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\dkjlDDu.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\mMLcPZJ.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\YainqKc.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\mircjIj.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\foOGniK.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\DFPVlRt.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\PHINyum.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\ZdOTVpU.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\jvrNRxV.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\kNaRlFF.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\YVGwjyk.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\hiwJwzD.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\TJMtlRh.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\DLvOlPT.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\seIDfdf.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\OWiOOxz.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\CykAroY.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\xEEdqqM.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\qlRzWBQ.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\sYpZsEF.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
File created	C:\Windows\System32\sPcfSwL.exe	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5352-0-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp	upx
behavioral1/files/0x0004000000023106-4.dat	upx
behavioral1/files/0x000700000002422c-9.dat	upx
behavioral1/files/0x000800000002422b-11.dat	upx
behavioral1/memory/3992-12-0x00007FF76C2D0000-0x00007FF76C6C5000-memory.dmp	upx
behavioral1/memory/6072-10-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp	upx
behavioral1/files/0x000700000002422d-23.dat	upx
behavioral1/files/0x000700000002422e-31.dat	upx
behavioral1/files/0x000700000002422f-36.dat	upx
behavioral1/files/0x0007000000024232-44.dat	upx
behavioral1/files/0x0007000000024231-52.dat	upx
behavioral1/files/0x0007000000024233-56.dat	upx
behavioral1/files/0x0007000000024234-64.dat	upx
behavioral1/files/0x0007000000024236-74.dat	upx
behavioral1/files/0x000700000002423b-99.dat	upx
behavioral1/files/0x000700000002423e-111.dat	upx
behavioral1/files/0x0007000000024245-149.dat	upx
behavioral1/memory/5612-769-0x00007FF7C46B0000-0x00007FF7C4AA5000-memory.dmp	upx
behavioral1/files/0x0007000000024249-165.dat	upx
behavioral1/files/0x0007000000024248-161.dat	upx
behavioral1/files/0x0007000000024247-159.dat	upx
behavioral1/files/0x0007000000024246-154.dat	upx
behavioral1/files/0x0007000000024244-145.dat	upx
behavioral1/files/0x0007000000024243-140.dat	upx
behavioral1/files/0x0007000000024242-134.dat	upx
behavioral1/files/0x0007000000024241-132.dat	upx
behavioral1/files/0x0007000000024240-125.dat	upx
behavioral1/files/0x000700000002423f-119.dat	upx
behavioral1/files/0x000700000002423d-109.dat	upx
behavioral1/files/0x000700000002423c-105.dat	upx
behavioral1/files/0x000700000002423a-94.dat	upx
behavioral1/files/0x0007000000024239-89.dat	upx
behavioral1/files/0x0007000000024238-86.dat	upx
behavioral1/files/0x0007000000024237-79.dat	upx
behavioral1/files/0x0007000000024235-70.dat	upx
behavioral1/files/0x0008000000024229-59.dat	upx
behavioral1/files/0x0007000000024230-50.dat	upx
behavioral1/memory/4420-41-0x00007FF692060000-0x00007FF692455000-memory.dmp	upx
behavioral1/memory/3988-777-0x00007FF769DC0000-0x00007FF76A1B5000-memory.dmp	upx
behavioral1/memory/3408-785-0x00007FF7ACEE0000-0x00007FF7AD2D5000-memory.dmp	upx
behavioral1/memory/6100-792-0x00007FF7D4890000-0x00007FF7D4C85000-memory.dmp	upx
behavioral1/memory/4620-810-0x00007FF73E930000-0x00007FF73ED25000-memory.dmp	upx
behavioral1/memory/4552-801-0x00007FF7C05C0000-0x00007FF7C09B5000-memory.dmp	upx
behavioral1/memory/4800-820-0x00007FF684220000-0x00007FF684615000-memory.dmp	upx
behavioral1/memory/4668-832-0x00007FF6378C0000-0x00007FF637CB5000-memory.dmp	upx
behavioral1/memory/5828-843-0x00007FF6993E0000-0x00007FF6997D5000-memory.dmp	upx
behavioral1/memory/4780-828-0x00007FF6028B0000-0x00007FF602CA5000-memory.dmp	upx
behavioral1/memory/3060-848-0x00007FF6EB1A0000-0x00007FF6EB595000-memory.dmp	upx
behavioral1/memory/5032-859-0x00007FF779000000-0x00007FF7793F5000-memory.dmp	upx
behavioral1/memory/1796-868-0x00007FF745AD0000-0x00007FF745EC5000-memory.dmp	upx
behavioral1/memory/1920-873-0x00007FF7AB4F0000-0x00007FF7AB8E5000-memory.dmp	upx
behavioral1/memory/4492-884-0x00007FF645170000-0x00007FF645565000-memory.dmp	upx
behavioral1/memory/2380-886-0x00007FF778B10000-0x00007FF778F05000-memory.dmp	upx
behavioral1/memory/876-870-0x00007FF6310C0000-0x00007FF6314B5000-memory.dmp	upx
behavioral1/memory/3752-864-0x00007FF692DD0000-0x00007FF6931C5000-memory.dmp	upx
behavioral1/memory/4864-862-0x00007FF7B6E00000-0x00007FF7B71F5000-memory.dmp	upx
behavioral1/memory/5004-857-0x00007FF613EC0000-0x00007FF6142B5000-memory.dmp	upx
behavioral1/memory/4844-852-0x00007FF68EA30000-0x00007FF68EE25000-memory.dmp	upx
behavioral1/memory/5352-1547-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp	upx
behavioral1/memory/6072-1649-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp	upx
behavioral1/memory/4420-1778-0x00007FF692060000-0x00007FF692455000-memory.dmp	upx
behavioral1/memory/3992-1775-0x00007FF76C2D0000-0x00007FF76C6C5000-memory.dmp	upx
behavioral1/memory/5352-1886-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp	upx
behavioral1/memory/6072-1887-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12960	dwm.exe
Token: SeChangeNotifyPrivilege	12960	dwm.exe
Token: 33	12960	dwm.exe
Token: SeIncBasePriorityPrivilege	12960	dwm.exe
Token: SeShutdownPrivilege	12960	dwm.exe
Token: SeCreatePagefilePrivilege	12960	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5352 wrote to memory of 6072	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	86
PID 5352 wrote to memory of 6072	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	86
PID 5352 wrote to memory of 3992	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	87
PID 5352 wrote to memory of 3992	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	87
PID 5352 wrote to memory of 4420	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	88
PID 5352 wrote to memory of 4420	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	88
PID 5352 wrote to memory of 4492	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	89
PID 5352 wrote to memory of 4492	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	89
PID 5352 wrote to memory of 5612	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	90
PID 5352 wrote to memory of 5612	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	90
PID 5352 wrote to memory of 3988	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	91
PID 5352 wrote to memory of 3988	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	91
PID 5352 wrote to memory of 3408	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	93
PID 5352 wrote to memory of 3408	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	93
PID 5352 wrote to memory of 2380	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	94
PID 5352 wrote to memory of 2380	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	94
PID 5352 wrote to memory of 6100	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	95
PID 5352 wrote to memory of 6100	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	95
PID 5352 wrote to memory of 4552	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	96
PID 5352 wrote to memory of 4552	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	96
PID 5352 wrote to memory of 4620	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	97
PID 5352 wrote to memory of 4620	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	97
PID 5352 wrote to memory of 4800	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	98
PID 5352 wrote to memory of 4800	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	98
PID 5352 wrote to memory of 4780	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	99
PID 5352 wrote to memory of 4780	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	99
PID 5352 wrote to memory of 4668	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	100
PID 5352 wrote to memory of 4668	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	100
PID 5352 wrote to memory of 5828	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	101
PID 5352 wrote to memory of 5828	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	101
PID 5352 wrote to memory of 3060	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	102
PID 5352 wrote to memory of 3060	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	102
PID 5352 wrote to memory of 4844	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	103
PID 5352 wrote to memory of 4844	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	103
PID 5352 wrote to memory of 5004	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	104
PID 5352 wrote to memory of 5004	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	104
PID 5352 wrote to memory of 5032	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	105
PID 5352 wrote to memory of 5032	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	105
PID 5352 wrote to memory of 4864	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	106
PID 5352 wrote to memory of 4864	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	106
PID 5352 wrote to memory of 3752	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	107
PID 5352 wrote to memory of 3752	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	107
PID 5352 wrote to memory of 1796	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	108
PID 5352 wrote to memory of 1796	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	108
PID 5352 wrote to memory of 876	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	109
PID 5352 wrote to memory of 876	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	109
PID 5352 wrote to memory of 1920	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	110
PID 5352 wrote to memory of 1920	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	110
PID 5352 wrote to memory of 3644	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	111
PID 5352 wrote to memory of 3644	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	111
PID 5352 wrote to memory of 1312	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	112
PID 5352 wrote to memory of 1312	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	112
PID 5352 wrote to memory of 2512	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	113
PID 5352 wrote to memory of 2512	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	113
PID 5352 wrote to memory of 2252	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	114
PID 5352 wrote to memory of 2252	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	114
PID 5352 wrote to memory of 4884	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	115
PID 5352 wrote to memory of 4884	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	115
PID 5352 wrote to memory of 5680	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	116
PID 5352 wrote to memory of 5680	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	116
PID 5352 wrote to memory of 1332	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	117
PID 5352 wrote to memory of 1332	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	117
PID 5352 wrote to memory of 3248	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	118
PID 5352 wrote to memory of 3248	5352	2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-12_060017b839c46c5a381e0e544eb68bfe_aspxspy_black-basta_xmrig.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:5352
- C:\Windows\System32\QWOepqm.exe
  C:\Windows\System32\QWOepqm.exe
  2⤵
  - Executes dropped EXE
  PID:6072
- C:\Windows\System32\tqUeKKC.exe
  C:\Windows\System32\tqUeKKC.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System32\WsnNCKF.exe
  C:\Windows\System32\WsnNCKF.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System32\LpxtqQL.exe
  C:\Windows\System32\LpxtqQL.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System32\IPWRNHV.exe
  C:\Windows\System32\IPWRNHV.exe
  2⤵
  - Executes dropped EXE
  PID:5612
- C:\Windows\System32\OlpQTys.exe
  C:\Windows\System32\OlpQTys.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System32\ggwaYqz.exe
  C:\Windows\System32\ggwaYqz.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System32\ZFwBkji.exe
  C:\Windows\System32\ZFwBkji.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System32\ASxDvtD.exe
  C:\Windows\System32\ASxDvtD.exe
  2⤵
  - Executes dropped EXE
  PID:6100
- C:\Windows\System32\kRPGaZB.exe
  C:\Windows\System32\kRPGaZB.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System32\HWopxcn.exe
  C:\Windows\System32\HWopxcn.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System32\aIVbPpc.exe
  C:\Windows\System32\aIVbPpc.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System32\PtoFjfm.exe
  C:\Windows\System32\PtoFjfm.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System32\RijWqWO.exe
  C:\Windows\System32\RijWqWO.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System32\YYvdFfV.exe
  C:\Windows\System32\YYvdFfV.exe
  2⤵
  - Executes dropped EXE
  PID:5828
- C:\Windows\System32\TsLCoWW.exe
  C:\Windows\System32\TsLCoWW.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System32\TCAGFSh.exe
  C:\Windows\System32\TCAGFSh.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System32\gkbkygh.exe
  C:\Windows\System32\gkbkygh.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System32\mircjIj.exe
  C:\Windows\System32\mircjIj.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System32\afxTHhP.exe
  C:\Windows\System32\afxTHhP.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System32\dkjlDDu.exe
  C:\Windows\System32\dkjlDDu.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System32\cnNIDBc.exe
  C:\Windows\System32\cnNIDBc.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System32\YEjLxzo.exe
  C:\Windows\System32\YEjLxzo.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System32\OwDgpIa.exe
  C:\Windows\System32\OwDgpIa.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System32\RJQsUwQ.exe
  C:\Windows\System32\RJQsUwQ.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System32\heZwDMT.exe
  C:\Windows\System32\heZwDMT.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System32\cNCzoaB.exe
  C:\Windows\System32\cNCzoaB.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System32\QYSbjiL.exe
  C:\Windows\System32\QYSbjiL.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System32\vjtkhwO.exe
  C:\Windows\System32\vjtkhwO.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System32\ZqZMUXz.exe
  C:\Windows\System32\ZqZMUXz.exe
  2⤵
  - Executes dropped EXE
  PID:5680
- C:\Windows\System32\VCirahx.exe
  C:\Windows\System32\VCirahx.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System32\UorziXC.exe
  C:\Windows\System32\UorziXC.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System32\QuoLuTh.exe
  C:\Windows\System32\QuoLuTh.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System32\dYvzxhE.exe
  C:\Windows\System32\dYvzxhE.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System32\seIDfdf.exe
  C:\Windows\System32\seIDfdf.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System32\efWmMjI.exe
  C:\Windows\System32\efWmMjI.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System32\eTBieFr.exe
  C:\Windows\System32\eTBieFr.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System32\jAuQMtE.exe
  C:\Windows\System32\jAuQMtE.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System32\EvHMhjZ.exe
  C:\Windows\System32\EvHMhjZ.exe
  2⤵
  - Executes dropped EXE
  PID:5576
- C:\Windows\System32\pDGJECB.exe
  C:\Windows\System32\pDGJECB.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System32\UNvdluj.exe
  C:\Windows\System32\UNvdluj.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System32\OKUmBDh.exe
  C:\Windows\System32\OKUmBDh.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System32\BmHPsAb.exe
  C:\Windows\System32\BmHPsAb.exe
  2⤵
  - Executes dropped EXE
  PID:5332
- C:\Windows\System32\jESBMKj.exe
  C:\Windows\System32\jESBMKj.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System32\ldwczNe.exe
  C:\Windows\System32\ldwczNe.exe
  2⤵
  - Executes dropped EXE
  PID:5564
- C:\Windows\System32\HLJiPIF.exe
  C:\Windows\System32\HLJiPIF.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System32\fYoViGL.exe
  C:\Windows\System32\fYoViGL.exe
  2⤵
  - Executes dropped EXE
  PID:5552
- C:\Windows\System32\jtKGEHs.exe
  C:\Windows\System32\jtKGEHs.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System32\WBQJDHN.exe
  C:\Windows\System32\WBQJDHN.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System32\ffWrxKF.exe
  C:\Windows\System32\ffWrxKF.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System32\EWCNJPL.exe
  C:\Windows\System32\EWCNJPL.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System32\RJIjwGq.exe
  C:\Windows\System32\RJIjwGq.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System32\TlUmqoy.exe
  C:\Windows\System32\TlUmqoy.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System32\AaaKPZY.exe
  C:\Windows\System32\AaaKPZY.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System32\foOGniK.exe
  C:\Windows\System32\foOGniK.exe
  2⤵
  - Executes dropped EXE
  PID:5584
- C:\Windows\System32\JDJdGiG.exe
  C:\Windows\System32\JDJdGiG.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System32\eqXChbu.exe
  C:\Windows\System32\eqXChbu.exe
  2⤵
  - Executes dropped EXE
  PID:5716
- C:\Windows\System32\trbsnWJ.exe
  C:\Windows\System32\trbsnWJ.exe
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Windows\System32\kMqRojy.exe
  C:\Windows\System32\kMqRojy.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System32\pKIyjHH.exe
  C:\Windows\System32\pKIyjHH.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System32\HQiHmMD.exe
  C:\Windows\System32\HQiHmMD.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System32\GoCbafV.exe
  C:\Windows\System32\GoCbafV.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System32\kpLJYtg.exe
  C:\Windows\System32\kpLJYtg.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System32\olZUkbX.exe
  C:\Windows\System32\olZUkbX.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System32\EqpdsPv.exe
  C:\Windows\System32\EqpdsPv.exe
  2⤵
  PID:5984
- C:\Windows\System32\cVUcmya.exe
  C:\Windows\System32\cVUcmya.exe
  2⤵
  PID:1704
- C:\Windows\System32\vTkutKk.exe
  C:\Windows\System32\vTkutKk.exe
  2⤵
  PID:4332
- C:\Windows\System32\iNVPktc.exe
  C:\Windows\System32\iNVPktc.exe
  2⤵
  PID:1452
- C:\Windows\System32\pMFBohq.exe
  C:\Windows\System32\pMFBohq.exe
  2⤵
  PID:4712
- C:\Windows\System32\gfENnby.exe
  C:\Windows\System32\gfENnby.exe
  2⤵
  PID:4076
- C:\Windows\System32\RJfhSfm.exe
  C:\Windows\System32\RJfhSfm.exe
  2⤵
  PID:2136
- C:\Windows\System32\xycqdOx.exe
  C:\Windows\System32\xycqdOx.exe
  2⤵
  PID:3320
- C:\Windows\System32\iNpkVOE.exe
  C:\Windows\System32\iNpkVOE.exe
  2⤵
  PID:4416
- C:\Windows\System32\OvgOknS.exe
  C:\Windows\System32\OvgOknS.exe
  2⤵
  PID:3280
- C:\Windows\System32\PAjUMEN.exe
  C:\Windows\System32\PAjUMEN.exe
  2⤵
  PID:6032
- C:\Windows\System32\kvvwaNM.exe
  C:\Windows\System32\kvvwaNM.exe
  2⤵
  PID:1240
- C:\Windows\System32\JocZiYV.exe
  C:\Windows\System32\JocZiYV.exe
  2⤵
  PID:5944
- C:\Windows\System32\fCmVGKQ.exe
  C:\Windows\System32\fCmVGKQ.exe
  2⤵
  PID:1652
- C:\Windows\System32\JuBAOGm.exe
  C:\Windows\System32\JuBAOGm.exe
  2⤵
  PID:836
- C:\Windows\System32\euWLvga.exe
  C:\Windows\System32\euWLvga.exe
  2⤵
  PID:2640
- C:\Windows\System32\hnrnOuq.exe
  C:\Windows\System32\hnrnOuq.exe
  2⤵
  PID:3236
- C:\Windows\System32\enHfJHy.exe
  C:\Windows\System32\enHfJHy.exe
  2⤵
  PID:3096
- C:\Windows\System32\BbOcHJd.exe
  C:\Windows\System32\BbOcHJd.exe
  2⤵
  PID:1996
- C:\Windows\System32\UDHOJAS.exe
  C:\Windows\System32\UDHOJAS.exe
  2⤵
  PID:3176
- C:\Windows\System32\ARVstzH.exe
  C:\Windows\System32\ARVstzH.exe
  2⤵
  PID:2316
- C:\Windows\System32\YjAPSiS.exe
  C:\Windows\System32\YjAPSiS.exe
  2⤵
  PID:2004
- C:\Windows\System32\UcbkLNU.exe
  C:\Windows\System32\UcbkLNU.exe
  2⤵
  PID:2168
- C:\Windows\System32\VBWFxeO.exe
  C:\Windows\System32\VBWFxeO.exe
  2⤵
  PID:1144
- C:\Windows\System32\uKogihq.exe
  C:\Windows\System32\uKogihq.exe
  2⤵
  PID:2988
- C:\Windows\System32\DFPVlRt.exe
  C:\Windows\System32\DFPVlRt.exe
  2⤵
  PID:4164
- C:\Windows\System32\jgOXnSY.exe
  C:\Windows\System32\jgOXnSY.exe
  2⤵
  PID:2384
- C:\Windows\System32\IVVCyYL.exe
  C:\Windows\System32\IVVCyYL.exe
  2⤵
  PID:4796
- C:\Windows\System32\TSRYfYl.exe
  C:\Windows\System32\TSRYfYl.exe
  2⤵
  PID:4912
- C:\Windows\System32\TsYOwQN.exe
  C:\Windows\System32\TsYOwQN.exe
  2⤵
  PID:5328
- C:\Windows\System32\gBTUVwy.exe
  C:\Windows\System32\gBTUVwy.exe
  2⤵
  PID:4992
- C:\Windows\System32\hZlnEnZ.exe
  C:\Windows\System32\hZlnEnZ.exe
  2⤵
  PID:4944
- C:\Windows\System32\CuwcUSQ.exe
  C:\Windows\System32\CuwcUSQ.exe
  2⤵
  PID:5156
- C:\Windows\System32\YRVIdpP.exe
  C:\Windows\System32\YRVIdpP.exe
  2⤵
  PID:2700
- C:\Windows\System32\ZHrDaoZ.exe
  C:\Windows\System32\ZHrDaoZ.exe
  2⤵
  PID:5440
- C:\Windows\System32\agXqCCP.exe
  C:\Windows\System32\agXqCCP.exe
  2⤵
  PID:2368
- C:\Windows\System32\gcMKAMF.exe
  C:\Windows\System32\gcMKAMF.exe
  2⤵
  PID:2240
- C:\Windows\System32\bTWToMD.exe
  C:\Windows\System32\bTWToMD.exe
  2⤵
  PID:4040
- C:\Windows\System32\ynVykhM.exe
  C:\Windows\System32\ynVykhM.exe
  2⤵
  PID:2116
- C:\Windows\System32\MuDpSNz.exe
  C:\Windows\System32\MuDpSNz.exe
  2⤵
  PID:3524
- C:\Windows\System32\qKKpNys.exe
  C:\Windows\System32\qKKpNys.exe
  2⤵
  PID:3688
- C:\Windows\System32\itFSxRv.exe
  C:\Windows\System32\itFSxRv.exe
  2⤵
  PID:3164
- C:\Windows\System32\RUKitVp.exe
  C:\Windows\System32\RUKitVp.exe
  2⤵
  PID:3336
- C:\Windows\System32\JdrOZba.exe
  C:\Windows\System32\JdrOZba.exe
  2⤵
  PID:1028
- C:\Windows\System32\OWiOOxz.exe
  C:\Windows\System32\OWiOOxz.exe
  2⤵
  PID:1512
- C:\Windows\System32\qWSBYwu.exe
  C:\Windows\System32\qWSBYwu.exe
  2⤵
  PID:2644
- C:\Windows\System32\qOSmhrP.exe
  C:\Windows\System32\qOSmhrP.exe
  2⤵
  PID:5812
- C:\Windows\System32\oDmoFKU.exe
  C:\Windows\System32\oDmoFKU.exe
  2⤵
  PID:5444
- C:\Windows\System32\TsjDcOf.exe
  C:\Windows\System32\TsjDcOf.exe
  2⤵
  PID:4256
- C:\Windows\System32\QklYJsI.exe
  C:\Windows\System32\QklYJsI.exe
  2⤵
  PID:3696
- C:\Windows\System32\tBbriWU.exe
  C:\Windows\System32\tBbriWU.exe
  2⤵
  PID:2568
- C:\Windows\System32\WyLfSTP.exe
  C:\Windows\System32\WyLfSTP.exe
  2⤵
  PID:2556
- C:\Windows\System32\TleeiQI.exe
  C:\Windows\System32\TleeiQI.exe
  2⤵
  PID:3528
- C:\Windows\System32\izGvSMo.exe
  C:\Windows\System32\izGvSMo.exe
  2⤵
  PID:1400
- C:\Windows\System32\QCMsSsy.exe
  C:\Windows\System32\QCMsSsy.exe
  2⤵
  PID:4316
- C:\Windows\System32\maCFfTd.exe
  C:\Windows\System32\maCFfTd.exe
  2⤵
  PID:6064
- C:\Windows\System32\HiGhgtc.exe
  C:\Windows\System32\HiGhgtc.exe
  2⤵
  PID:3208
- C:\Windows\System32\ZmtNcos.exe
  C:\Windows\System32\ZmtNcos.exe
  2⤵
  PID:4252
- C:\Windows\System32\QsOJlIW.exe
  C:\Windows\System32\QsOJlIW.exe
  2⤵
  PID:1764
- C:\Windows\System32\iqqRgpL.exe
  C:\Windows\System32\iqqRgpL.exe
  2⤵
  PID:4520
- C:\Windows\System32\PeYSUnB.exe
  C:\Windows\System32\PeYSUnB.exe
  2⤵
  PID:412
- C:\Windows\System32\Ipshjww.exe
  C:\Windows\System32\Ipshjww.exe
  2⤵
  PID:964
- C:\Windows\System32\xSNQvav.exe
  C:\Windows\System32\xSNQvav.exe
  2⤵
  PID:4716
- C:\Windows\System32\qKXNQbb.exe
  C:\Windows\System32\qKXNQbb.exe
  2⤵
  PID:2920
- C:\Windows\System32\NEOLBUv.exe
  C:\Windows\System32\NEOLBUv.exe
  2⤵
  PID:4088
- C:\Windows\System32\ZUgfiZL.exe
  C:\Windows\System32\ZUgfiZL.exe
  2⤵
  PID:4828
- C:\Windows\System32\IelAJzK.exe
  C:\Windows\System32\IelAJzK.exe
  2⤵
  PID:1932
- C:\Windows\System32\ZIbRVfx.exe
  C:\Windows\System32\ZIbRVfx.exe
  2⤵
  PID:5232
- C:\Windows\System32\tuwdYMZ.exe
  C:\Windows\System32\tuwdYMZ.exe
  2⤵
  PID:2540
- C:\Windows\System32\jgVCfEs.exe
  C:\Windows\System32\jgVCfEs.exe
  2⤵
  PID:4876
- C:\Windows\System32\jUwvXoA.exe
  C:\Windows\System32\jUwvXoA.exe
  2⤵
  PID:1044
- C:\Windows\System32\bvPpvvq.exe
  C:\Windows\System32\bvPpvvq.exe
  2⤵
  PID:2328
- C:\Windows\System32\YVGwjyk.exe
  C:\Windows\System32\YVGwjyk.exe
  2⤵
  PID:5144
- C:\Windows\System32\keNTufw.exe
  C:\Windows\System32\keNTufw.exe
  2⤵
  PID:1840
- C:\Windows\System32\ZXeXcKM.exe
  C:\Windows\System32\ZXeXcKM.exe
  2⤵
  PID:3276
- C:\Windows\System32\anfzYaf.exe
  C:\Windows\System32\anfzYaf.exe
  2⤵
  PID:4004
- C:\Windows\System32\RkDvRsV.exe
  C:\Windows\System32\RkDvRsV.exe
  2⤵
  PID:1220
- C:\Windows\System32\rrynZCR.exe
  C:\Windows\System32\rrynZCR.exe
  2⤵
  PID:700
- C:\Windows\System32\epoftRU.exe
  C:\Windows\System32\epoftRU.exe
  2⤵
  PID:5308
- C:\Windows\System32\AgNhbgz.exe
  C:\Windows\System32\AgNhbgz.exe
  2⤵
  PID:1692
- C:\Windows\System32\AXXiWbi.exe
  C:\Windows\System32\AXXiWbi.exe
  2⤵
  PID:264
- C:\Windows\System32\GSbqUUw.exe
  C:\Windows\System32\GSbqUUw.exe
  2⤵
  PID:6168
- C:\Windows\System32\CVRkUDc.exe
  C:\Windows\System32\CVRkUDc.exe
  2⤵
  PID:6200
- C:\Windows\System32\rBWbnEp.exe
  C:\Windows\System32\rBWbnEp.exe
  2⤵
  PID:6228
- C:\Windows\System32\lhegfEF.exe
  C:\Windows\System32\lhegfEF.exe
  2⤵
  PID:6256
- C:\Windows\System32\YNUKdTn.exe
  C:\Windows\System32\YNUKdTn.exe
  2⤵
  PID:6284
- C:\Windows\System32\hiwJwzD.exe
  C:\Windows\System32\hiwJwzD.exe
  2⤵
  PID:6312
- C:\Windows\System32\qCtEreD.exe
  C:\Windows\System32\qCtEreD.exe
  2⤵
  PID:6340
- C:\Windows\System32\QNGDPLk.exe
  C:\Windows\System32\QNGDPLk.exe
  2⤵
  PID:6368
- C:\Windows\System32\AJVsoIB.exe
  C:\Windows\System32\AJVsoIB.exe
  2⤵
  PID:6392
- C:\Windows\System32\EUqMaMB.exe
  C:\Windows\System32\EUqMaMB.exe
  2⤵
  PID:6424
- C:\Windows\System32\KsJxMSz.exe
  C:\Windows\System32\KsJxMSz.exe
  2⤵
  PID:6452
- C:\Windows\System32\WKIadyu.exe
  C:\Windows\System32\WKIadyu.exe
  2⤵
  PID:6476
- C:\Windows\System32\qlRzWBQ.exe
  C:\Windows\System32\qlRzWBQ.exe
  2⤵
  PID:6504
- C:\Windows\System32\wnSAvEr.exe
  C:\Windows\System32\wnSAvEr.exe
  2⤵
  PID:6532
- C:\Windows\System32\wqjdiwO.exe
  C:\Windows\System32\wqjdiwO.exe
  2⤵
  PID:6564
- C:\Windows\System32\lpGbMtF.exe
  C:\Windows\System32\lpGbMtF.exe
  2⤵
  PID:6588
- C:\Windows\System32\wObpWaj.exe
  C:\Windows\System32\wObpWaj.exe
  2⤵
  PID:6616
- C:\Windows\System32\oUJAyIB.exe
  C:\Windows\System32\oUJAyIB.exe
  2⤵
  PID:6648
- C:\Windows\System32\YcilKyt.exe
  C:\Windows\System32\YcilKyt.exe
  2⤵
  PID:6676
- C:\Windows\System32\NdKziRs.exe
  C:\Windows\System32\NdKziRs.exe
  2⤵
  PID:6704
- C:\Windows\System32\gRrRTLL.exe
  C:\Windows\System32\gRrRTLL.exe
  2⤵
  PID:6728
- C:\Windows\System32\sBpLDym.exe
  C:\Windows\System32\sBpLDym.exe
  2⤵
  PID:6756
- C:\Windows\System32\ORYCQZL.exe
  C:\Windows\System32\ORYCQZL.exe
  2⤵
  PID:6788
- C:\Windows\System32\NlOBLjZ.exe
  C:\Windows\System32\NlOBLjZ.exe
  2⤵
  PID:6816
- C:\Windows\System32\xMZYKuu.exe
  C:\Windows\System32\xMZYKuu.exe
  2⤵
  PID:6844
- C:\Windows\System32\ZrITPIm.exe
  C:\Windows\System32\ZrITPIm.exe
  2⤵
  PID:6872
- C:\Windows\System32\fBtZJgN.exe
  C:\Windows\System32\fBtZJgN.exe
  2⤵
  PID:6900
- C:\Windows\System32\Wgkaugz.exe
  C:\Windows\System32\Wgkaugz.exe
  2⤵
  PID:6924
- C:\Windows\System32\uXZfEQI.exe
  C:\Windows\System32\uXZfEQI.exe
  2⤵
  PID:6952
- C:\Windows\System32\OnaGsQa.exe
  C:\Windows\System32\OnaGsQa.exe
  2⤵
  PID:6980
- C:\Windows\System32\PpleIvr.exe
  C:\Windows\System32\PpleIvr.exe
  2⤵
  PID:7012
- C:\Windows\System32\AgssTlt.exe
  C:\Windows\System32\AgssTlt.exe
  2⤵
  PID:7036
- C:\Windows\System32\zNCuwIJ.exe
  C:\Windows\System32\zNCuwIJ.exe
  2⤵
  PID:7068
- C:\Windows\System32\CBgTXTW.exe
  C:\Windows\System32\CBgTXTW.exe
  2⤵
  PID:7096
- C:\Windows\System32\QNTWrNs.exe
  C:\Windows\System32\QNTWrNs.exe
  2⤵
  PID:7124
- C:\Windows\System32\edrOzqP.exe
  C:\Windows\System32\edrOzqP.exe
  2⤵
  PID:7148
- C:\Windows\System32\xNXTHTf.exe
  C:\Windows\System32\xNXTHTf.exe
  2⤵
  PID:4056
- C:\Windows\System32\tbYMcGt.exe
  C:\Windows\System32\tbYMcGt.exe
  2⤵
  PID:5336
- C:\Windows\System32\jRrLkfV.exe
  C:\Windows\System32\jRrLkfV.exe
  2⤵
  PID:3168
- C:\Windows\System32\drDMqPK.exe
  C:\Windows\System32\drDMqPK.exe
  2⤵
  PID:5040
- C:\Windows\System32\YGaoRdR.exe
  C:\Windows\System32\YGaoRdR.exe
  2⤵
  PID:6148
- C:\Windows\System32\vwKzbXs.exe
  C:\Windows\System32\vwKzbXs.exe
  2⤵
  PID:6208
- C:\Windows\System32\gEZnjnD.exe
  C:\Windows\System32\gEZnjnD.exe
  2⤵
  PID:6264
- C:\Windows\System32\pTCWycg.exe
  C:\Windows\System32\pTCWycg.exe
  2⤵
  PID:6348
- C:\Windows\System32\rgklOVq.exe
  C:\Windows\System32\rgklOVq.exe
  2⤵
  PID:6408
- C:\Windows\System32\PYVKgge.exe
  C:\Windows\System32\PYVKgge.exe
  2⤵
  PID:6460
- C:\Windows\System32\nsZLMSM.exe
  C:\Windows\System32\nsZLMSM.exe
  2⤵
  PID:6528
- C:\Windows\System32\rskIpFf.exe
  C:\Windows\System32\rskIpFf.exe
  2⤵
  PID:6596
- C:\Windows\System32\pLIfTtv.exe
  C:\Windows\System32\pLIfTtv.exe
  2⤵
  PID:6696
- C:\Windows\System32\nxRvFjY.exe
  C:\Windows\System32\nxRvFjY.exe
  2⤵
  PID:6724
- C:\Windows\System32\QJvuAwl.exe
  C:\Windows\System32\QJvuAwl.exe
  2⤵
  PID:6808
- C:\Windows\System32\nTqrhuy.exe
  C:\Windows\System32\nTqrhuy.exe
  2⤵
  PID:6856
- C:\Windows\System32\WKMyVyx.exe
  C:\Windows\System32\WKMyVyx.exe
  2⤵
  PID:6908
- C:\Windows\System32\dRzEXGq.exe
  C:\Windows\System32\dRzEXGq.exe
  2⤵
  PID:6960
- C:\Windows\System32\cshsqrZ.exe
  C:\Windows\System32\cshsqrZ.exe
  2⤵
  PID:7020
- C:\Windows\System32\YfNMvPl.exe
  C:\Windows\System32\YfNMvPl.exe
  2⤵
  PID:7076
- C:\Windows\System32\UZGRBkc.exe
  C:\Windows\System32\UZGRBkc.exe
  2⤵
  PID:7136
- C:\Windows\System32\FNRgAHO.exe
  C:\Windows\System32\FNRgAHO.exe
  2⤵
  PID:1628
- C:\Windows\System32\NKtepzF.exe
  C:\Windows\System32\NKtepzF.exe
  2⤵
  PID:2128
- C:\Windows\System32\UXbVENT.exe
  C:\Windows\System32\UXbVENT.exe
  2⤵
  PID:6240
- C:\Windows\System32\PHINyum.exe
  C:\Windows\System32\PHINyum.exe
  2⤵
  PID:3040
- C:\Windows\System32\QHNUbcw.exe
  C:\Windows\System32\QHNUbcw.exe
  2⤵
  PID:6492
- C:\Windows\System32\gSQgDWy.exe
  C:\Windows\System32\gSQgDWy.exe
  2⤵
  PID:6612
- C:\Windows\System32\sYpZsEF.exe
  C:\Windows\System32\sYpZsEF.exe
  2⤵
  PID:6772
- C:\Windows\System32\UtTmIPD.exe
  C:\Windows\System32\UtTmIPD.exe
  2⤵
  PID:6920
- C:\Windows\System32\NuLmNfi.exe
  C:\Windows\System32\NuLmNfi.exe
  2⤵
  PID:7032
- C:\Windows\System32\XtnIHDX.exe
  C:\Windows\System32\XtnIHDX.exe
  2⤵
  PID:5468
- C:\Windows\System32\dFwheYF.exe
  C:\Windows\System32\dFwheYF.exe
  2⤵
  PID:7196
- C:\Windows\System32\ZdOTVpU.exe
  C:\Windows\System32\ZdOTVpU.exe
  2⤵
  PID:7232
- C:\Windows\System32\rGTorGm.exe
  C:\Windows\System32\rGTorGm.exe
  2⤵
  PID:7252
- C:\Windows\System32\hjzwkwW.exe
  C:\Windows\System32\hjzwkwW.exe
  2⤵
  PID:7276
- C:\Windows\System32\filBDIB.exe
  C:\Windows\System32\filBDIB.exe
  2⤵
  PID:7304
- C:\Windows\System32\YhqXriv.exe
  C:\Windows\System32\YhqXriv.exe
  2⤵
  PID:7332
- C:\Windows\System32\VfWerws.exe
  C:\Windows\System32\VfWerws.exe
  2⤵
  PID:7360
- C:\Windows\System32\sVzXxIW.exe
  C:\Windows\System32\sVzXxIW.exe
  2⤵
  PID:7388
- C:\Windows\System32\sigAAOA.exe
  C:\Windows\System32\sigAAOA.exe
  2⤵
  PID:7416
- C:\Windows\System32\xDbjLHV.exe
  C:\Windows\System32\xDbjLHV.exe
  2⤵
  PID:7444
- C:\Windows\System32\omWkTbQ.exe
  C:\Windows\System32\omWkTbQ.exe
  2⤵
  PID:7472
- C:\Windows\System32\ubNnsoN.exe
  C:\Windows\System32\ubNnsoN.exe
  2⤵
  PID:7504
- C:\Windows\System32\xuttLEr.exe
  C:\Windows\System32\xuttLEr.exe
  2⤵
  PID:7528
- C:\Windows\System32\AQYEfOh.exe
  C:\Windows\System32\AQYEfOh.exe
  2⤵
  PID:7560
- C:\Windows\System32\HCkGWPL.exe
  C:\Windows\System32\HCkGWPL.exe
  2⤵
  PID:7588
- C:\Windows\System32\ieuPkKk.exe
  C:\Windows\System32\ieuPkKk.exe
  2⤵
  PID:7616
- C:\Windows\System32\tToCZYi.exe
  C:\Windows\System32\tToCZYi.exe
  2⤵
  PID:7644
- C:\Windows\System32\RAzPQva.exe
  C:\Windows\System32\RAzPQva.exe
  2⤵
  PID:7668
- C:\Windows\System32\GdaooAE.exe
  C:\Windows\System32\GdaooAE.exe
  2⤵
  PID:7696
- C:\Windows\System32\qYocfQY.exe
  C:\Windows\System32\qYocfQY.exe
  2⤵
  PID:7728
- C:\Windows\System32\hfcMtjJ.exe
  C:\Windows\System32\hfcMtjJ.exe
  2⤵
  PID:7764
- C:\Windows\System32\GnmrEZL.exe
  C:\Windows\System32\GnmrEZL.exe
  2⤵
  PID:7784
- C:\Windows\System32\rOXsBuQ.exe
  C:\Windows\System32\rOXsBuQ.exe
  2⤵
  PID:7836
- C:\Windows\System32\jSibDBT.exe
  C:\Windows\System32\jSibDBT.exe
  2⤵
  PID:7876
- C:\Windows\System32\MGhLBsL.exe
  C:\Windows\System32\MGhLBsL.exe
  2⤵
  PID:7896
- C:\Windows\System32\OqqoWxQ.exe
  C:\Windows\System32\OqqoWxQ.exe
  2⤵
  PID:7916
- C:\Windows\System32\GSwdJhQ.exe
  C:\Windows\System32\GSwdJhQ.exe
  2⤵
  PID:7936
- C:\Windows\System32\pAzqefa.exe
  C:\Windows\System32\pAzqefa.exe
  2⤵
  PID:7968
- C:\Windows\System32\WTnxhom.exe
  C:\Windows\System32\WTnxhom.exe
  2⤵
  PID:8008
- C:\Windows\System32\lvINhCb.exe
  C:\Windows\System32\lvINhCb.exe
  2⤵
  PID:8032
- C:\Windows\System32\pcQjMvm.exe
  C:\Windows\System32\pcQjMvm.exe
  2⤵
  PID:8052
- C:\Windows\System32\eTNgenE.exe
  C:\Windows\System32\eTNgenE.exe
  2⤵
  PID:8116
- C:\Windows\System32\bqEwkLc.exe
  C:\Windows\System32\bqEwkLc.exe
  2⤵
  PID:8144
- C:\Windows\System32\hqWufje.exe
  C:\Windows\System32\hqWufje.exe
  2⤵
  PID:8164
- C:\Windows\System32\jGenhxU.exe
  C:\Windows\System32\jGenhxU.exe
  2⤵
  PID:8180
- C:\Windows\System32\VwXxmYX.exe
  C:\Windows\System32\VwXxmYX.exe
  2⤵
  PID:2320
- C:\Windows\System32\UQdqXIX.exe
  C:\Windows\System32\UQdqXIX.exe
  2⤵
  PID:6164
- C:\Windows\System32\FGQQanH.exe
  C:\Windows\System32\FGQQanH.exe
  2⤵
  PID:6684
- C:\Windows\System32\dTtiakQ.exe
  C:\Windows\System32\dTtiakQ.exe
  2⤵
  PID:7004
- C:\Windows\System32\aEWQJpe.exe
  C:\Windows\System32\aEWQJpe.exe
  2⤵
  PID:7208
- C:\Windows\System32\mtvrqvt.exe
  C:\Windows\System32\mtvrqvt.exe
  2⤵
  PID:7264
- C:\Windows\System32\eBBNsyP.exe
  C:\Windows\System32\eBBNsyP.exe
  2⤵
  PID:7292
- C:\Windows\System32\GEWLAFd.exe
  C:\Windows\System32\GEWLAFd.exe
  2⤵
  PID:7348
- C:\Windows\System32\nZbpVXf.exe
  C:\Windows\System32\nZbpVXf.exe
  2⤵
  PID:7368
- C:\Windows\System32\tyJIPKa.exe
  C:\Windows\System32\tyJIPKa.exe
  2⤵
  PID:7468
- C:\Windows\System32\cbcQxYI.exe
  C:\Windows\System32\cbcQxYI.exe
  2⤵
  PID:2484
- C:\Windows\System32\clhYGpN.exe
  C:\Windows\System32\clhYGpN.exe
  2⤵
  PID:7536
- C:\Windows\System32\ULEdKmx.exe
  C:\Windows\System32\ULEdKmx.exe
  2⤵
  PID:7628
- C:\Windows\System32\MxkWzTE.exe
  C:\Windows\System32\MxkWzTE.exe
  2⤵
  PID:5200
- C:\Windows\System32\RaQZGPW.exe
  C:\Windows\System32\RaQZGPW.exe
  2⤵
  PID:4896
- C:\Windows\System32\IZrMNfA.exe
  C:\Windows\System32\IZrMNfA.exe
  2⤵
  PID:7792
- C:\Windows\System32\TJMtlRh.exe
  C:\Windows\System32\TJMtlRh.exe
  2⤵
  PID:7740
- C:\Windows\System32\owKvhgF.exe
  C:\Windows\System32\owKvhgF.exe
  2⤵
  PID:2324
- C:\Windows\System32\HUSgpce.exe
  C:\Windows\System32\HUSgpce.exe
  2⤵
  PID:5824
- C:\Windows\System32\sQbuolF.exe
  C:\Windows\System32\sQbuolF.exe
  2⤵
  PID:544
- C:\Windows\System32\kSYMNoM.exe
  C:\Windows\System32\kSYMNoM.exe
  2⤵
  PID:4208
- C:\Windows\System32\ivysdVr.exe
  C:\Windows\System32\ivysdVr.exe
  2⤵
  PID:5140
- C:\Windows\System32\LNUdlvv.exe
  C:\Windows\System32\LNUdlvv.exe
  2⤵
  PID:1524
- C:\Windows\System32\TTUFnfB.exe
  C:\Windows\System32\TTUFnfB.exe
  2⤵
  PID:5808
- C:\Windows\System32\ARLkkKP.exe
  C:\Windows\System32\ARLkkKP.exe
  2⤵
  PID:7884
- C:\Windows\System32\MMZjtBQ.exe
  C:\Windows\System32\MMZjtBQ.exe
  2⤵
  PID:8080
- C:\Windows\System32\eByIRpZ.exe
  C:\Windows\System32\eByIRpZ.exe
  2⤵
  PID:7828
- C:\Windows\System32\AMdFneM.exe
  C:\Windows\System32\AMdFneM.exe
  2⤵
  PID:8152
- C:\Windows\System32\rPOzxPV.exe
  C:\Windows\System32\rPOzxPV.exe
  2⤵
  PID:5960
- C:\Windows\System32\YqkXKZX.exe
  C:\Windows\System32\YqkXKZX.exe
  2⤵
  PID:5288
- C:\Windows\System32\jfCMRWJ.exe
  C:\Windows\System32\jfCMRWJ.exe
  2⤵
  PID:7284
- C:\Windows\System32\ZQYXFwZ.exe
  C:\Windows\System32\ZQYXFwZ.exe
  2⤵
  PID:7424
- C:\Windows\System32\PYKhHNL.exe
  C:\Windows\System32\PYKhHNL.exe
  2⤵
  PID:7544
- C:\Windows\System32\uRKDRGG.exe
  C:\Windows\System32\uRKDRGG.exe
  2⤵
  PID:7664
- C:\Windows\System32\PyvsDty.exe
  C:\Windows\System32\PyvsDty.exe
  2⤵
  PID:7760
- C:\Windows\System32\rbNhDuY.exe
  C:\Windows\System32\rbNhDuY.exe
  2⤵
  PID:1160
- C:\Windows\System32\vhTnMSK.exe
  C:\Windows\System32\vhTnMSK.exe
  2⤵
  PID:8188
- C:\Windows\System32\QuvkToQ.exe
  C:\Windows\System32\QuvkToQ.exe
  2⤵
  PID:4136
- C:\Windows\System32\sPcfSwL.exe
  C:\Windows\System32\sPcfSwL.exe
  2⤵
  PID:5404
- C:\Windows\System32\FfoSiqo.exe
  C:\Windows\System32\FfoSiqo.exe
  2⤵
  PID:5256
- C:\Windows\System32\DNeSbeV.exe
  C:\Windows\System32\DNeSbeV.exe
  2⤵
  PID:7852
- C:\Windows\System32\ayqHJjg.exe
  C:\Windows\System32\ayqHJjg.exe
  2⤵
  PID:4220
- C:\Windows\System32\qFekJsl.exe
  C:\Windows\System32\qFekJsl.exe
  2⤵
  PID:8064
- C:\Windows\System32\wbVtnVe.exe
  C:\Windows\System32\wbVtnVe.exe
  2⤵
  PID:1200
- C:\Windows\System32\IJcNJut.exe
  C:\Windows\System32\IJcNJut.exe
  2⤵
  PID:7404
- C:\Windows\System32\fcWtxxp.exe
  C:\Windows\System32\fcWtxxp.exe
  2⤵
  PID:7748
- C:\Windows\System32\jxMnsDU.exe
  C:\Windows\System32\jxMnsDU.exe
  2⤵
  PID:7172
- C:\Windows\System32\OQRHHdC.exe
  C:\Windows\System32\OQRHHdC.exe
  2⤵
  PID:3508
- C:\Windows\System32\JToTLdT.exe
  C:\Windows\System32\JToTLdT.exe
  2⤵
  PID:2788
- C:\Windows\System32\JjnvBEZ.exe
  C:\Windows\System32\JjnvBEZ.exe
  2⤵
  PID:5848
- C:\Windows\System32\yKSGmqS.exe
  C:\Windows\System32\yKSGmqS.exe
  2⤵
  PID:3532
- C:\Windows\System32\vAJjYho.exe
  C:\Windows\System32\vAJjYho.exe
  2⤵
  PID:4360
- C:\Windows\System32\KCkxMiC.exe
  C:\Windows\System32\KCkxMiC.exe
  2⤵
  PID:5008
- C:\Windows\System32\pgWhKXS.exe
  C:\Windows\System32\pgWhKXS.exe
  2⤵
  PID:7248
- C:\Windows\System32\bnxwvhd.exe
  C:\Windows\System32\bnxwvhd.exe
  2⤵
  PID:8220
- C:\Windows\System32\vTYIZHS.exe
  C:\Windows\System32\vTYIZHS.exe
  2⤵
  PID:8248
- C:\Windows\System32\ZGmyuMg.exe
  C:\Windows\System32\ZGmyuMg.exe
  2⤵
  PID:8280
- C:\Windows\System32\ZnbARLH.exe
  C:\Windows\System32\ZnbARLH.exe
  2⤵
  PID:8300
- C:\Windows\System32\ecNxynT.exe
  C:\Windows\System32\ecNxynT.exe
  2⤵
  PID:8328
- C:\Windows\System32\SwTYnEE.exe
  C:\Windows\System32\SwTYnEE.exe
  2⤵
  PID:8376
- C:\Windows\System32\AiUNQRr.exe
  C:\Windows\System32\AiUNQRr.exe
  2⤵
  PID:8392
- C:\Windows\System32\rGsLqua.exe
  C:\Windows\System32\rGsLqua.exe
  2⤵
  PID:8420
- C:\Windows\System32\pZKFmvh.exe
  C:\Windows\System32\pZKFmvh.exe
  2⤵
  PID:8452
- C:\Windows\System32\dTtBAYu.exe
  C:\Windows\System32\dTtBAYu.exe
  2⤵
  PID:8480
- C:\Windows\System32\XrfdNLm.exe
  C:\Windows\System32\XrfdNLm.exe
  2⤵
  PID:8512
- C:\Windows\System32\kWtfXaX.exe
  C:\Windows\System32\kWtfXaX.exe
  2⤵
  PID:8536
- C:\Windows\System32\xLsRJrv.exe
  C:\Windows\System32\xLsRJrv.exe
  2⤵
  PID:8564
- C:\Windows\System32\BvctZnR.exe
  C:\Windows\System32\BvctZnR.exe
  2⤵
  PID:8584
- C:\Windows\System32\BroUtDx.exe
  C:\Windows\System32\BroUtDx.exe
  2⤵
  PID:8620
- C:\Windows\System32\tDIOlhM.exe
  C:\Windows\System32\tDIOlhM.exe
  2⤵
  PID:8644
- C:\Windows\System32\itQYtog.exe
  C:\Windows\System32\itQYtog.exe
  2⤵
  PID:8676
- C:\Windows\System32\BrFLiOv.exe
  C:\Windows\System32\BrFLiOv.exe
  2⤵
  PID:8704
- C:\Windows\System32\RigpfWE.exe
  C:\Windows\System32\RigpfWE.exe
  2⤵
  PID:8732
- C:\Windows\System32\guGLRTl.exe
  C:\Windows\System32\guGLRTl.exe
  2⤵
  PID:8756
- C:\Windows\System32\ZiLLfRK.exe
  C:\Windows\System32\ZiLLfRK.exe
  2⤵
  PID:8800
- C:\Windows\System32\JNBKLtX.exe
  C:\Windows\System32\JNBKLtX.exe
  2⤵
  PID:8844
- C:\Windows\System32\xkPQrQl.exe
  C:\Windows\System32\xkPQrQl.exe
  2⤵
  PID:8892
- C:\Windows\System32\YWxKlxs.exe
  C:\Windows\System32\YWxKlxs.exe
  2⤵
  PID:8908
- C:\Windows\System32\OZqTFZW.exe
  C:\Windows\System32\OZqTFZW.exe
  2⤵
  PID:8936
- C:\Windows\System32\wSEvGZl.exe
  C:\Windows\System32\wSEvGZl.exe
  2⤵
  PID:8972
- C:\Windows\System32\VqGXJRX.exe
  C:\Windows\System32\VqGXJRX.exe
  2⤵
  PID:8996
- C:\Windows\System32\srIgmFV.exe
  C:\Windows\System32\srIgmFV.exe
  2⤵
  PID:9024
- C:\Windows\System32\wcdhGWi.exe
  C:\Windows\System32\wcdhGWi.exe
  2⤵
  PID:9052
- C:\Windows\System32\qXlhmGx.exe
  C:\Windows\System32\qXlhmGx.exe
  2⤵
  PID:9080
- C:\Windows\System32\FdVhTRR.exe
  C:\Windows\System32\FdVhTRR.exe
  2⤵
  PID:9108
- C:\Windows\System32\SXJlCjI.exe
  C:\Windows\System32\SXJlCjI.exe
  2⤵
  PID:9128
- C:\Windows\System32\otVNUnD.exe
  C:\Windows\System32\otVNUnD.exe
  2⤵
  PID:9156
- C:\Windows\System32\jRgVenx.exe
  C:\Windows\System32\jRgVenx.exe
  2⤵
  PID:9192
- C:\Windows\System32\BbRtaEp.exe
  C:\Windows\System32\BbRtaEp.exe
  2⤵
  PID:8204
- C:\Windows\System32\BqSkVuP.exe
  C:\Windows\System32\BqSkVuP.exe
  2⤵
  PID:8268
- C:\Windows\System32\iMlLWUc.exe
  C:\Windows\System32\iMlLWUc.exe
  2⤵
  PID:5756
- C:\Windows\System32\VxnFybt.exe
  C:\Windows\System32\VxnFybt.exe
  2⤵
  PID:8336
- C:\Windows\System32\wTKmyrX.exe
  C:\Windows\System32\wTKmyrX.exe
  2⤵
  PID:5248
- C:\Windows\System32\JndTiNC.exe
  C:\Windows\System32\JndTiNC.exe
  2⤵
  PID:8404
- C:\Windows\System32\ivDYWkl.exe
  C:\Windows\System32\ivDYWkl.exe
  2⤵
  PID:8472
- C:\Windows\System32\EkSFSPL.exe
  C:\Windows\System32\EkSFSPL.exe
  2⤵
  PID:8552
- C:\Windows\System32\kpPHaPd.exe
  C:\Windows\System32\kpPHaPd.exe
  2⤵
  PID:8604
- C:\Windows\System32\xOtragj.exe
  C:\Windows\System32\xOtragj.exe
  2⤵
  PID:8668
- C:\Windows\System32\YectgiP.exe
  C:\Windows\System32\YectgiP.exe
  2⤵
  PID:8740
- C:\Windows\System32\tzoGBqu.exe
  C:\Windows\System32\tzoGBqu.exe
  2⤵
  PID:8828
- C:\Windows\System32\uqUrKIM.exe
  C:\Windows\System32\uqUrKIM.exe
  2⤵
  PID:8920
- C:\Windows\System32\TudhDAS.exe
  C:\Windows\System32\TudhDAS.exe
  2⤵
  PID:8980
- C:\Windows\System32\FmRpAes.exe
  C:\Windows\System32\FmRpAes.exe
  2⤵
  PID:9044
- C:\Windows\System32\nTggACA.exe
  C:\Windows\System32\nTggACA.exe
  2⤵
  PID:9120
- C:\Windows\System32\rWHHvyi.exe
  C:\Windows\System32\rWHHvyi.exe
  2⤵
  PID:9152
- C:\Windows\System32\nHVcyaB.exe
  C:\Windows\System32\nHVcyaB.exe
  2⤵
  PID:8260
- C:\Windows\System32\CHfVTAG.exe
  C:\Windows\System32\CHfVTAG.exe
  2⤵
  PID:7928
- C:\Windows\System32\LZLVNgP.exe
  C:\Windows\System32\LZLVNgP.exe
  2⤵
  PID:8444
- C:\Windows\System32\jHcNBqr.exe
  C:\Windows\System32\jHcNBqr.exe
  2⤵
  PID:8688
- C:\Windows\System32\YWnSudN.exe
  C:\Windows\System32\YWnSudN.exe
  2⤵
  PID:8852
- C:\Windows\System32\uxqvran.exe
  C:\Windows\System32\uxqvran.exe
  2⤵
  PID:9068
- C:\Windows\System32\SsBmyPb.exe
  C:\Windows\System32\SsBmyPb.exe
  2⤵
  PID:9168
- C:\Windows\System32\CykAroY.exe
  C:\Windows\System32\CykAroY.exe
  2⤵
  PID:8408
- C:\Windows\System32\ukgkjNY.exe
  C:\Windows\System32\ukgkjNY.exe
  2⤵
  PID:8592
- C:\Windows\System32\ZxZvJNm.exe
  C:\Windows\System32\ZxZvJNm.exe
  2⤵
  PID:9180
- C:\Windows\System32\qLGmEjp.exe
  C:\Windows\System32\qLGmEjp.exe
  2⤵
  PID:5368
- C:\Windows\System32\TAvWLDH.exe
  C:\Windows\System32\TAvWLDH.exe
  2⤵
  PID:9016
- C:\Windows\System32\MaOwDkG.exe
  C:\Windows\System32\MaOwDkG.exe
  2⤵
  PID:5464
- C:\Windows\System32\EmhwrZJ.exe
  C:\Windows\System32\EmhwrZJ.exe
  2⤵
  PID:9232
- C:\Windows\System32\pSphboE.exe
  C:\Windows\System32\pSphboE.exe
  2⤵
  PID:9260
- C:\Windows\System32\spEsKrH.exe
  C:\Windows\System32\spEsKrH.exe
  2⤵
  PID:9288
- C:\Windows\System32\sidOQCc.exe
  C:\Windows\System32\sidOQCc.exe
  2⤵
  PID:9316
- C:\Windows\System32\RmmuXxx.exe
  C:\Windows\System32\RmmuXxx.exe
  2⤵
  PID:9336
- C:\Windows\System32\rwjTaYj.exe
  C:\Windows\System32\rwjTaYj.exe
  2⤵
  PID:9368
- C:\Windows\System32\sfBiIjT.exe
  C:\Windows\System32\sfBiIjT.exe
  2⤵
  PID:9396
- C:\Windows\System32\GnlLRnG.exe
  C:\Windows\System32\GnlLRnG.exe
  2⤵
  PID:9432
- C:\Windows\System32\mbESzWv.exe
  C:\Windows\System32\mbESzWv.exe
  2⤵
  PID:9456
- C:\Windows\System32\YainqKc.exe
  C:\Windows\System32\YainqKc.exe
  2⤵
  PID:9484
- C:\Windows\System32\Hnzhslb.exe
  C:\Windows\System32\Hnzhslb.exe
  2⤵
  PID:9512
- C:\Windows\System32\giCHpwo.exe
  C:\Windows\System32\giCHpwo.exe
  2⤵
  PID:9540
- C:\Windows\System32\zzdLUeZ.exe
  C:\Windows\System32\zzdLUeZ.exe
  2⤵
  PID:9568
- C:\Windows\System32\wbjCQEk.exe
  C:\Windows\System32\wbjCQEk.exe
  2⤵
  PID:9596
- C:\Windows\System32\xDMgkRk.exe
  C:\Windows\System32\xDMgkRk.exe
  2⤵
  PID:9624
- C:\Windows\System32\MFEtGAp.exe
  C:\Windows\System32\MFEtGAp.exe
  2⤵
  PID:9652
- C:\Windows\System32\bTUuIhB.exe
  C:\Windows\System32\bTUuIhB.exe
  2⤵
  PID:9680
- C:\Windows\System32\dctaPsd.exe
  C:\Windows\System32\dctaPsd.exe
  2⤵
  PID:9704
- C:\Windows\System32\FwRPZff.exe
  C:\Windows\System32\FwRPZff.exe
  2⤵
  PID:9732
- C:\Windows\System32\PkWxEMM.exe
  C:\Windows\System32\PkWxEMM.exe
  2⤵
  PID:9760
- C:\Windows\System32\lClqOci.exe
  C:\Windows\System32\lClqOci.exe
  2⤵
  PID:9792
- C:\Windows\System32\YcokNEf.exe
  C:\Windows\System32\YcokNEf.exe
  2⤵
  PID:9824
- C:\Windows\System32\HTrnuus.exe
  C:\Windows\System32\HTrnuus.exe
  2⤵
  PID:9840
- C:\Windows\System32\yEeYPVB.exe
  C:\Windows\System32\yEeYPVB.exe
  2⤵
  PID:9880
- C:\Windows\System32\bmBkzrq.exe
  C:\Windows\System32\bmBkzrq.exe
  2⤵
  PID:9912
- C:\Windows\System32\kKkxija.exe
  C:\Windows\System32\kKkxija.exe
  2⤵
  PID:9940
- C:\Windows\System32\qTzWlPS.exe
  C:\Windows\System32\qTzWlPS.exe
  2⤵
  PID:9968
- C:\Windows\System32\xEEdqqM.exe
  C:\Windows\System32\xEEdqqM.exe
  2⤵
  PID:9996
- C:\Windows\System32\wHZeDOj.exe
  C:\Windows\System32\wHZeDOj.exe
  2⤵
  PID:10024
- C:\Windows\System32\LeShcFH.exe
  C:\Windows\System32\LeShcFH.exe
  2⤵
  PID:10056
- C:\Windows\System32\pabKUXT.exe
  C:\Windows\System32\pabKUXT.exe
  2⤵
  PID:10088
- C:\Windows\System32\VnzSDfT.exe
  C:\Windows\System32\VnzSDfT.exe
  2⤵
  PID:10112
- C:\Windows\System32\mMkYhMW.exe
  C:\Windows\System32\mMkYhMW.exe
  2⤵
  PID:10128
- C:\Windows\System32\fFmwceR.exe
  C:\Windows\System32\fFmwceR.exe
  2⤵
  PID:10156
- C:\Windows\System32\dCabdhF.exe
  C:\Windows\System32\dCabdhF.exe
  2⤵
  PID:10192
- C:\Windows\System32\Smhkjkq.exe
  C:\Windows\System32\Smhkjkq.exe
  2⤵
  PID:10224
- C:\Windows\System32\IIYXsqk.exe
  C:\Windows\System32\IIYXsqk.exe
  2⤵
  PID:9244
- C:\Windows\System32\YLgOdFf.exe
  C:\Windows\System32\YLgOdFf.exe
  2⤵
  PID:9312
- C:\Windows\System32\OiYoerU.exe
  C:\Windows\System32\OiYoerU.exe
  2⤵
  PID:9388
- C:\Windows\System32\VcNfHjr.exe
  C:\Windows\System32\VcNfHjr.exe
  2⤵
  PID:9480
- C:\Windows\System32\NVejzuJ.exe
  C:\Windows\System32\NVejzuJ.exe
  2⤵
  PID:9552
- C:\Windows\System32\zGSOVOV.exe
  C:\Windows\System32\zGSOVOV.exe
  2⤵
  PID:9608
- C:\Windows\System32\zDRPNUx.exe
  C:\Windows\System32\zDRPNUx.exe
  2⤵
  PID:9696
- C:\Windows\System32\CONXNqD.exe
  C:\Windows\System32\CONXNqD.exe
  2⤵
  PID:9784
- C:\Windows\System32\TmgEhuu.exe
  C:\Windows\System32\TmgEhuu.exe
  2⤵
  PID:9832
- C:\Windows\System32\FzqDXES.exe
  C:\Windows\System32\FzqDXES.exe
  2⤵
  PID:9908
- C:\Windows\System32\KKLuCDr.exe
  C:\Windows\System32\KKLuCDr.exe
  2⤵
  PID:9992
- C:\Windows\System32\YivTATN.exe
  C:\Windows\System32\YivTATN.exe
  2⤵
  PID:10048
- C:\Windows\System32\WbEPFHB.exe
  C:\Windows\System32\WbEPFHB.exe
  2⤵
  PID:10124
- C:\Windows\System32\plpJEhw.exe
  C:\Windows\System32\plpJEhw.exe
  2⤵
  PID:10208
- C:\Windows\System32\gsUFQUy.exe
  C:\Windows\System32\gsUFQUy.exe
  2⤵
  PID:9380
- C:\Windows\System32\kCJPthx.exe
  C:\Windows\System32\kCJPthx.exe
  2⤵
  PID:9588
- C:\Windows\System32\eITrqWd.exe
  C:\Windows\System32\eITrqWd.exe
  2⤵
  PID:9740
- C:\Windows\System32\qrAHfNO.exe
  C:\Windows\System32\qrAHfNO.exe
  2⤵
  PID:9952
- C:\Windows\System32\LfttYqQ.exe
  C:\Windows\System32\LfttYqQ.exe
  2⤵
  PID:10172
- C:\Windows\System32\cYccTmz.exe
  C:\Windows\System32\cYccTmz.exe
  2⤵
  PID:9344
- C:\Windows\System32\pPzKIid.exe
  C:\Windows\System32\pPzKIid.exe
  2⤵
  PID:9752
- C:\Windows\System32\inMsKFQ.exe
  C:\Windows\System32\inMsKFQ.exe
  2⤵
  PID:9228
- C:\Windows\System32\aCbJMRO.exe
  C:\Windows\System32\aCbJMRO.exe
  2⤵
  PID:10248
- C:\Windows\System32\vEjYQqv.exe
  C:\Windows\System32\vEjYQqv.exe
  2⤵
  PID:10280
- C:\Windows\System32\ydEhcGU.exe
  C:\Windows\System32\ydEhcGU.exe
  2⤵
  PID:10300
- C:\Windows\System32\oaYrwzQ.exe
  C:\Windows\System32\oaYrwzQ.exe
  2⤵
  PID:10336
- C:\Windows\System32\MERJlcZ.exe
  C:\Windows\System32\MERJlcZ.exe
  2⤵
  PID:10368
- C:\Windows\System32\rICsJnf.exe
  C:\Windows\System32\rICsJnf.exe
  2⤵
  PID:10396
- C:\Windows\System32\iXSKNWI.exe
  C:\Windows\System32\iXSKNWI.exe
  2⤵
  PID:10424
- C:\Windows\System32\knXuAqq.exe
  C:\Windows\System32\knXuAqq.exe
  2⤵
  PID:10452
- C:\Windows\System32\uPFrCNk.exe
  C:\Windows\System32\uPFrCNk.exe
  2⤵
  PID:10480
- C:\Windows\System32\IPxAuCg.exe
  C:\Windows\System32\IPxAuCg.exe
  2⤵
  PID:10500
- C:\Windows\System32\nPSUKaF.exe
  C:\Windows\System32\nPSUKaF.exe
  2⤵
  PID:10540
- C:\Windows\System32\FnqidCk.exe
  C:\Windows\System32\FnqidCk.exe
  2⤵
  PID:10568
- C:\Windows\System32\wPodwNW.exe
  C:\Windows\System32\wPodwNW.exe
  2⤵
  PID:10608
- C:\Windows\System32\XEoYAeg.exe
  C:\Windows\System32\XEoYAeg.exe
  2⤵
  PID:10636
- C:\Windows\System32\raMvDyB.exe
  C:\Windows\System32\raMvDyB.exe
  2⤵
  PID:10652
- C:\Windows\System32\UXFIOpu.exe
  C:\Windows\System32\UXFIOpu.exe
  2⤵
  PID:10684
- C:\Windows\System32\OWuPAQa.exe
  C:\Windows\System32\OWuPAQa.exe
  2⤵
  PID:10712
- C:\Windows\System32\QFNqaPA.exe
  C:\Windows\System32\QFNqaPA.exe
  2⤵
  PID:10740
- C:\Windows\System32\gzlDDLB.exe
  C:\Windows\System32\gzlDDLB.exe
  2⤵
  PID:10764
- C:\Windows\System32\BTJElXo.exe
  C:\Windows\System32\BTJElXo.exe
  2⤵
  PID:10780
- C:\Windows\System32\tSuDKQu.exe
  C:\Windows\System32\tSuDKQu.exe
  2⤵
  PID:10820
- C:\Windows\System32\AzsmPRX.exe
  C:\Windows\System32\AzsmPRX.exe
  2⤵
  PID:10848
- C:\Windows\System32\EGeTeTe.exe
  C:\Windows\System32\EGeTeTe.exe
  2⤵
  PID:10872
- C:\Windows\System32\uyTcvCG.exe
  C:\Windows\System32\uyTcvCG.exe
  2⤵
  PID:10904
- C:\Windows\System32\cihdQWL.exe
  C:\Windows\System32\cihdQWL.exe
  2⤵
  PID:10932
- C:\Windows\System32\DBXSHau.exe
  C:\Windows\System32\DBXSHau.exe
  2⤵
  PID:10976
- C:\Windows\System32\siULdyQ.exe
  C:\Windows\System32\siULdyQ.exe
  2⤵
  PID:11000
- C:\Windows\System32\VoXAEAI.exe
  C:\Windows\System32\VoXAEAI.exe
  2⤵
  PID:11020
- C:\Windows\System32\pYlQPov.exe
  C:\Windows\System32\pYlQPov.exe
  2⤵
  PID:11048
- C:\Windows\System32\jGnenEU.exe
  C:\Windows\System32\jGnenEU.exe
  2⤵
  PID:11084
- C:\Windows\System32\YMOIzhm.exe
  C:\Windows\System32\YMOIzhm.exe
  2⤵
  PID:11100
- C:\Windows\System32\pQFbwJD.exe
  C:\Windows\System32\pQFbwJD.exe
  2⤵
  PID:11136
- C:\Windows\System32\NpUGjjX.exe
  C:\Windows\System32\NpUGjjX.exe
  2⤵
  PID:11160
- C:\Windows\System32\PzqVJnn.exe
  C:\Windows\System32\PzqVJnn.exe
  2⤵
  PID:11196
- C:\Windows\System32\XDshdhG.exe
  C:\Windows\System32\XDshdhG.exe
  2⤵
  PID:11224
- C:\Windows\System32\GRjvKOD.exe
  C:\Windows\System32\GRjvKOD.exe
  2⤵
  PID:11252
- C:\Windows\System32\jSPNnEo.exe
  C:\Windows\System32\jSPNnEo.exe
  2⤵
  PID:10260
- C:\Windows\System32\yDxVdFv.exe
  C:\Windows\System32\yDxVdFv.exe
  2⤵
  PID:10288
- C:\Windows\System32\wosiwwq.exe
  C:\Windows\System32\wosiwwq.exe
  2⤵
  PID:10352
- C:\Windows\System32\oIByQqQ.exe
  C:\Windows\System32\oIByQqQ.exe
  2⤵
  PID:10464
- C:\Windows\System32\YVYTbsz.exe
  C:\Windows\System32\YVYTbsz.exe
  2⤵
  PID:10532
- C:\Windows\System32\tIxzNxg.exe
  C:\Windows\System32\tIxzNxg.exe
  2⤵
  PID:10592
- C:\Windows\System32\qkegjSi.exe
  C:\Windows\System32\qkegjSi.exe
  2⤵
  PID:10668
- C:\Windows\System32\uJVUpaz.exe
  C:\Windows\System32\uJVUpaz.exe
  2⤵
  PID:10720
- C:\Windows\System32\kvMphDp.exe
  C:\Windows\System32\kvMphDp.exe
  2⤵
  PID:10800
- C:\Windows\System32\cZARYbR.exe
  C:\Windows\System32\cZARYbR.exe
  2⤵
  PID:10884
- C:\Windows\System32\xdqJysJ.exe
  C:\Windows\System32\xdqJysJ.exe
  2⤵
  PID:10920
- C:\Windows\System32\bGXrXJr.exe
  C:\Windows\System32\bGXrXJr.exe
  2⤵
  PID:10948
- C:\Windows\System32\BQejOqe.exe
  C:\Windows\System32\BQejOqe.exe
  2⤵
  PID:11036
- C:\Windows\System32\TzPOLpf.exe
  C:\Windows\System32\TzPOLpf.exe
  2⤵
  PID:11068
- C:\Windows\System32\mjAEjIa.exe
  C:\Windows\System32\mjAEjIa.exe
  2⤵
  PID:11188
- C:\Windows\System32\QHAGylb.exe
  C:\Windows\System32\QHAGylb.exe
  2⤵
  PID:11248
- C:\Windows\System32\jvrNRxV.exe
  C:\Windows\System32\jvrNRxV.exe
  2⤵
  PID:10328
- C:\Windows\System32\wKViRni.exe
  C:\Windows\System32\wKViRni.exe
  2⤵
  PID:10528
- C:\Windows\System32\bCpoIVJ.exe
  C:\Windows\System32\bCpoIVJ.exe
  2⤵
  PID:10700
- C:\Windows\System32\wVcljRH.exe
  C:\Windows\System32\wVcljRH.exe
  2⤵
  PID:10772
- C:\Windows\System32\JaUrtsb.exe
  C:\Windows\System32\JaUrtsb.exe
  2⤵
  PID:10968
- C:\Windows\System32\LkviaFl.exe
  C:\Windows\System32\LkviaFl.exe
  2⤵
  PID:11120
- C:\Windows\System32\EyrqWzS.exe
  C:\Windows\System32\EyrqWzS.exe
  2⤵
  PID:10076
- C:\Windows\System32\mNhhixa.exe
  C:\Windows\System32\mNhhixa.exe
  2⤵
  PID:10664
- C:\Windows\System32\EKMYJSZ.exe
  C:\Windows\System32\EKMYJSZ.exe
  2⤵
  PID:10648
- C:\Windows\System32\miYzIiL.exe
  C:\Windows\System32\miYzIiL.exe
  2⤵
  PID:11268
- C:\Windows\System32\JbxEcOa.exe
  C:\Windows\System32\JbxEcOa.exe
  2⤵
  PID:11292
- C:\Windows\System32\rUkxabs.exe
  C:\Windows\System32\rUkxabs.exe
  2⤵
  PID:11308
- C:\Windows\System32\JRyEdgG.exe
  C:\Windows\System32\JRyEdgG.exe
  2⤵
  PID:11332
- C:\Windows\System32\lWrwAIS.exe
  C:\Windows\System32\lWrwAIS.exe
  2⤵
  PID:11380
- C:\Windows\System32\OAfgktg.exe
  C:\Windows\System32\OAfgktg.exe
  2⤵
  PID:11404
- C:\Windows\System32\dOhRZNB.exe
  C:\Windows\System32\dOhRZNB.exe
  2⤵
  PID:11436
- C:\Windows\System32\WSXgKiB.exe
  C:\Windows\System32\WSXgKiB.exe
  2⤵
  PID:11468
- C:\Windows\System32\fOmWAob.exe
  C:\Windows\System32\fOmWAob.exe
  2⤵
  PID:11484
- C:\Windows\System32\FGuUKXb.exe
  C:\Windows\System32\FGuUKXb.exe
  2⤵
  PID:11524
- C:\Windows\System32\fLkNDsj.exe
  C:\Windows\System32\fLkNDsj.exe
  2⤵
  PID:11544
- C:\Windows\System32\aGubwtK.exe
  C:\Windows\System32\aGubwtK.exe
  2⤵
  PID:11588
- C:\Windows\System32\kSyFGlg.exe
  C:\Windows\System32\kSyFGlg.exe
  2⤵
  PID:11616
- C:\Windows\System32\YNiskBe.exe
  C:\Windows\System32\YNiskBe.exe
  2⤵
  PID:11644
- C:\Windows\System32\zrIDZGT.exe
  C:\Windows\System32\zrIDZGT.exe
  2⤵
  PID:11660
- C:\Windows\System32\wlIIBPs.exe
  C:\Windows\System32\wlIIBPs.exe
  2⤵
  PID:11680
- C:\Windows\System32\LRceYXr.exe
  C:\Windows\System32\LRceYXr.exe
  2⤵
  PID:11728
- C:\Windows\System32\pPxediG.exe
  C:\Windows\System32\pPxediG.exe
  2⤵
  PID:11744
- C:\Windows\System32\hvBbFUP.exe
  C:\Windows\System32\hvBbFUP.exe
  2⤵
  PID:11760
- C:\Windows\System32\XVxixGG.exe
  C:\Windows\System32\XVxixGG.exe
  2⤵
  PID:11824
- C:\Windows\System32\WBCtBRf.exe
  C:\Windows\System32\WBCtBRf.exe
  2⤵
  PID:11840
- C:\Windows\System32\ModXIOu.exe
  C:\Windows\System32\ModXIOu.exe
  2⤵
  PID:11868
- C:\Windows\System32\hUvISNC.exe
  C:\Windows\System32\hUvISNC.exe
  2⤵
  PID:11896
- C:\Windows\System32\uOBYKWk.exe
  C:\Windows\System32\uOBYKWk.exe
  2⤵
  PID:11920
- C:\Windows\System32\IOEzchK.exe
  C:\Windows\System32\IOEzchK.exe
  2⤵
  PID:11952
- C:\Windows\System32\aImUrVu.exe
  C:\Windows\System32\aImUrVu.exe
  2⤵
  PID:11992
- C:\Windows\System32\DLvOlPT.exe
  C:\Windows\System32\DLvOlPT.exe
  2⤵
  PID:12012
- C:\Windows\System32\CElsjnZ.exe
  C:\Windows\System32\CElsjnZ.exe
  2⤵
  PID:12044
- C:\Windows\System32\MnyfIzg.exe
  C:\Windows\System32\MnyfIzg.exe
  2⤵
  PID:12064
- C:\Windows\System32\RaNBNNX.exe
  C:\Windows\System32\RaNBNNX.exe
  2⤵
  PID:12100
- C:\Windows\System32\tcBZbXb.exe
  C:\Windows\System32\tcBZbXb.exe
  2⤵
  PID:12116
- C:\Windows\System32\sYBIsnx.exe
  C:\Windows\System32\sYBIsnx.exe
  2⤵
  PID:12156
- C:\Windows\System32\uoDuHEZ.exe
  C:\Windows\System32\uoDuHEZ.exe
  2⤵
  PID:12176
- C:\Windows\System32\WVVgOPl.exe
  C:\Windows\System32\WVVgOPl.exe
  2⤵
  PID:12208
- C:\Windows\System32\mkoLVjv.exe
  C:\Windows\System32\mkoLVjv.exe
  2⤵
  PID:12240
- C:\Windows\System32\HjhvIZq.exe
  C:\Windows\System32\HjhvIZq.exe
  2⤵
  PID:12268
- C:\Windows\System32\eItsKkh.exe
  C:\Windows\System32\eItsKkh.exe
  2⤵
  PID:5028
- C:\Windows\System32\QemYTlm.exe
  C:\Windows\System32\QemYTlm.exe
  2⤵
  PID:11320
- C:\Windows\System32\QwApFJt.exe
  C:\Windows\System32\QwApFJt.exe
  2⤵
  PID:11356
- C:\Windows\System32\BfREhuF.exe
  C:\Windows\System32\BfREhuF.exe
  2⤵
  PID:11444
- C:\Windows\System32\moipsdN.exe
  C:\Windows\System32\moipsdN.exe
  2⤵
  PID:11568
- C:\Windows\System32\PaTnzVF.exe
  C:\Windows\System32\PaTnzVF.exe
  2⤵
  PID:11632
- C:\Windows\System32\VYqfrqn.exe
  C:\Windows\System32\VYqfrqn.exe
  2⤵
  PID:11692
- C:\Windows\System32\SrhYHMS.exe
  C:\Windows\System32\SrhYHMS.exe
  2⤵
  PID:11316
- C:\Windows\System32\PoPVEbW.exe
  C:\Windows\System32\PoPVEbW.exe
  2⤵
  PID:11784
- C:\Windows\System32\OMfSGgO.exe
  C:\Windows\System32\OMfSGgO.exe
  2⤵
  PID:11864
- C:\Windows\System32\rfFwuBo.exe
  C:\Windows\System32\rfFwuBo.exe
  2⤵
  PID:11936
- C:\Windows\System32\LZBtGMF.exe
  C:\Windows\System32\LZBtGMF.exe
  2⤵
  PID:12024
- C:\Windows\System32\JerQedd.exe
  C:\Windows\System32\JerQedd.exe
  2⤵
  PID:3144
- C:\Windows\System32\NodSYGs.exe
  C:\Windows\System32\NodSYGs.exe
  2⤵
  PID:12092
- C:\Windows\System32\oRauHAE.exe
  C:\Windows\System32\oRauHAE.exe
  2⤵
  PID:12140
- C:\Windows\System32\WyyJnDd.exe
  C:\Windows\System32\WyyJnDd.exe
  2⤵
  PID:12172
- C:\Windows\System32\oLOUsrO.exe
  C:\Windows\System32\oLOUsrO.exe
  2⤵
  PID:12264
- C:\Windows\System32\vTHtdws.exe
  C:\Windows\System32\vTHtdws.exe
  2⤵
  PID:10512
- C:\Windows\System32\hUVqRPS.exe
  C:\Windows\System32\hUVqRPS.exe
  2⤵
  PID:11532
- C:\Windows\System32\wnSyLsO.exe
  C:\Windows\System32\wnSyLsO.exe
  2⤵
  PID:12280
- C:\Windows\System32\zCrmneA.exe
  C:\Windows\System32\zCrmneA.exe
  2⤵
  PID:11796
- C:\Windows\System32\lvYAyTl.exe
  C:\Windows\System32\lvYAyTl.exe
  2⤵
  PID:11988
- C:\Windows\System32\fnNMgJW.exe
  C:\Windows\System32\fnNMgJW.exe
  2⤵
  PID:2140
- C:\Windows\System32\AbAvrSR.exe
  C:\Windows\System32\AbAvrSR.exe
  2⤵
  PID:12108
- C:\Windows\System32\mMLcPZJ.exe
  C:\Windows\System32\mMLcPZJ.exe
  2⤵
  PID:11456
- C:\Windows\System32\EUbHiZI.exe
  C:\Windows\System32\EUbHiZI.exe
  2⤵
  PID:11672
- C:\Windows\System32\iXlFymg.exe
  C:\Windows\System32\iXlFymg.exe
  2⤵
  PID:12076
- C:\Windows\System32\JuVWgGB.exe
  C:\Windows\System32\JuVWgGB.exe
  2⤵
  PID:11600
- C:\Windows\System32\nIEnGXJ.exe
  C:\Windows\System32\nIEnGXJ.exe
  2⤵
  PID:12060
- C:\Windows\System32\ltYxmSf.exe
  C:\Windows\System32\ltYxmSf.exe
  2⤵
  PID:12300
- C:\Windows\System32\tDdZkpY.exe
  C:\Windows\System32\tDdZkpY.exe
  2⤵
  PID:12316
- C:\Windows\System32\eJZITmz.exe
  C:\Windows\System32\eJZITmz.exe
  2⤵
  PID:12356
- C:\Windows\System32\MrxnyVI.exe
  C:\Windows\System32\MrxnyVI.exe
  2⤵
  PID:12384
- C:\Windows\System32\VwSFJPx.exe
  C:\Windows\System32\VwSFJPx.exe
  2⤵
  PID:12412
- C:\Windows\System32\EdZgLVL.exe
  C:\Windows\System32\EdZgLVL.exe
  2⤵
  PID:12432
- C:\Windows\System32\oTcixcK.exe
  C:\Windows\System32\oTcixcK.exe
  2⤵
  PID:12464
- C:\Windows\System32\vgpEbDc.exe
  C:\Windows\System32\vgpEbDc.exe
  2⤵
  PID:12496
- C:\Windows\System32\wMLUewq.exe
  C:\Windows\System32\wMLUewq.exe
  2⤵
  PID:12524
- C:\Windows\System32\OwuUWmk.exe
  C:\Windows\System32\OwuUWmk.exe
  2⤵
  PID:12552
- C:\Windows\System32\hFzIObK.exe
  C:\Windows\System32\hFzIObK.exe
  2⤵
  PID:12580
- C:\Windows\System32\BoRhFdI.exe
  C:\Windows\System32\BoRhFdI.exe
  2⤵
  PID:12612
- C:\Windows\System32\vTiRoGw.exe
  C:\Windows\System32\vTiRoGw.exe
  2⤵
  PID:12640
- C:\Windows\System32\TzCZKIj.exe
  C:\Windows\System32\TzCZKIj.exe
  2⤵
  PID:12660
- C:\Windows\System32\RputKGT.exe
  C:\Windows\System32\RputKGT.exe
  2⤵
  PID:12680
- C:\Windows\System32\VWvpUiw.exe
  C:\Windows\System32\VWvpUiw.exe
  2⤵
  PID:12696
- C:\Windows\System32\kXwleib.exe
  C:\Windows\System32\kXwleib.exe
  2⤵
  PID:12728
- C:\Windows\System32\CUXCTcY.exe
  C:\Windows\System32\CUXCTcY.exe
  2⤵
  PID:12776
- C:\Windows\System32\LZDymSs.exe
  C:\Windows\System32\LZDymSs.exe
  2⤵
  PID:12804
- C:\Windows\System32\zcYCPHz.exe
  C:\Windows\System32\zcYCPHz.exe
  2⤵
  PID:12848
- C:\Windows\System32\aJMpMnM.exe
  C:\Windows\System32\aJMpMnM.exe
  2⤵
  PID:12864
- C:\Windows\System32\EQwgfJm.exe
  C:\Windows\System32\EQwgfJm.exe
  2⤵
  PID:12896
- C:\Windows\System32\kNaRlFF.exe
  C:\Windows\System32\kNaRlFF.exe
  2⤵
  PID:12932
- C:\Windows\System32\awrOrnw.exe
  C:\Windows\System32\awrOrnw.exe
  2⤵
  PID:12948
- C:\Windows\System32\VAbLeXu.exe
  C:\Windows\System32\VAbLeXu.exe
  2⤵
  PID:12976
- C:\Windows\System32\VqoCCJw.exe
  C:\Windows\System32\VqoCCJw.exe
  2⤵
  PID:13000
- C:\Windows\System32\bNRJfuc.exe
  C:\Windows\System32\bNRJfuc.exe
  2⤵
  PID:13028
- C:\Windows\System32\NwqbfVl.exe
  C:\Windows\System32\NwqbfVl.exe
  2⤵
  PID:13080
- C:\Windows\System32\pajwqvl.exe
  C:\Windows\System32\pajwqvl.exe
  2⤵
  PID:13096
- C:\Windows\System32\MofEznk.exe
  C:\Windows\System32\MofEznk.exe
  2⤵
  PID:13112
- C:\Windows\System32\DNSgvxA.exe
  C:\Windows\System32\DNSgvxA.exe
  2⤵
  PID:13136
- C:\Windows\System32\QyPeLfj.exe
  C:\Windows\System32\QyPeLfj.exe
  2⤵
  PID:13164
- C:\Windows\System32\RsNawdQ.exe
  C:\Windows\System32\RsNawdQ.exe
  2⤵
  PID:13192
- C:\Windows\System32\sWIPApP.exe
  C:\Windows\System32\sWIPApP.exe
  2⤵
  PID:13220
- C:\Windows\System32\oQZOHCy.exe
  C:\Windows\System32\oQZOHCy.exe
  2⤵
  PID:13256
- C:\Windows\System32\pXJPFSr.exe
  C:\Windows\System32\pXJPFSr.exe
  2⤵
  PID:13288
- C:\Windows\System32\UKhRGzk.exe
  C:\Windows\System32\UKhRGzk.exe
  2⤵
  PID:11496

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12960

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ASxDvtD.exe

Filesize
2.4MB

MD5
cd1a0a2da98437a3c9410373e24925ef

SHA1
09ae50a32d05f9f3672f10b922bdf0e1847e85eb

SHA256
0b36450a12d860df72000cee31ea196d773f59e6b8f5a5e14c3102c96633d370

SHA512
c3fb60709836aa31063be52dde4a4f7e081b8bd6270302a1406815697ce5ed76e75e4558d76e99a74d18d91769f72f5dd90608780c147187bd1e396c410d4be8

Download Submit
C:\Windows\System32\HWopxcn.exe

Filesize
2.4MB

MD5
5dc919d31d061ce25a1031295f1094c1

SHA1
6e75f54a2530893ab3af07ff006b5739ee5213a3

SHA256
45b56caebcfa79611e7bf426c99a650ba7aaf3d80899912ac7ae07cf72140c50

SHA512
a61edcd8ddb6611eb14140c46452bf78cf87b2e012c430d22b12f12fd85fab6f3c26506208be1189b951bd7d460189df95a4f06fd6c66a654d3249550ab05e4d

Download Submit
C:\Windows\System32\IPWRNHV.exe

Filesize
2.4MB

MD5
1d04f188f0a7e70bc95f139f4061aa63

SHA1
1a905b7cb8e93be2f53c358eaa16349502811ad0

SHA256
7d80fa7ca88878776fc8a7172371e93786cadc3d62c104232ef714b7c7a60893

SHA512
1e0ada8afd4e7c6d670f84c917ce0ab8c6f3a53100a647f348e10cdc4b948fe5e5e4853e4d8828b8e70be9db5f19ba6021d522df1dc5339019899b60d59050b7

Download Submit
C:\Windows\System32\LpxtqQL.exe

Filesize
2.4MB

MD5
ff3f1bf840a71f81960977f77a6cc0f8

SHA1
0f9102644bf86cd580b2eabf99fbc6de1af637fc

SHA256
3bbd769da6c14689be1e2b9b1b630dbc0e0ccc1f1e4c50d7c564875d2641fa79

SHA512
54c65b407fec5f3bd8318916a2620c03af547f91e10e5fc658057412db65662cf1c3daacb2dd2234b81bf53486b70dd809fdab47c3f24975fe3a2763deb70916

Download Submit
C:\Windows\System32\OlpQTys.exe

Filesize
2.4MB

MD5
421153282784122caf921318326f03b7

SHA1
4ec203ce7607d3e68c51dfa99cdc16586b7565e2

SHA256
b73e0943a988b01a31a917f57fedd424cab5355e97d368d50ff710cad633e198

SHA512
e5a260d3356a199f8fa87a44113ed345b9210340f3815ad12d78f2c208ab8a222b35c2e1b009abefe3b3ba3c029173ae733aba120d4db78c99e9585e22971b26

Download Submit
C:\Windows\System32\OwDgpIa.exe

Filesize
2.5MB

MD5
a998a3788b3c551a01e3bff95acbd603

SHA1
448a9cc6d477656ac2c31ff685318ea4bde0d955

SHA256
872eeed7d8fd866e24964352749c514217be248abadf3856ab5cef260ef150b7

SHA512
d68762dd17834066df13013428a683b3dabc6a9727190327257494e36a5ac9e36e9f4fce77c50dde1d9afb336a588a0c49b0f98bd1d9f1896d32c11d2afdbbee

Download Submit
C:\Windows\System32\PtoFjfm.exe

Filesize
2.4MB

MD5
8c48f2b40f9f0481cb4f4f99e7bdecfa

SHA1
7b5c312ffc689dcc514db8c3b5efa897097f44be

SHA256
a3a2ddfaa28540c0c99d8840b82f85a7d6269045343d86bf73a0e7a2594a5d7d

SHA512
495c75974ec5dede8c1f1b85bf8bad6695b36e6793361de048b198970e16ea306f940fcd7d3f15a59899772c33d7fee86fd84180d821b3d3cc5ad5fa0d21af66

Download Submit
C:\Windows\System32\QWOepqm.exe

Filesize
2.4MB

MD5
fe8fff2793b3198599ca103aed898609

SHA1
ee1f62b7293b8b72204e34c819c7ca311817167e

SHA256
fb2813df6f24ec6d714f4e24a606db7b8b2c63c0234aef15be6618345c5813b2

SHA512
047b870664bddf928e13011e2e141b9d922db5f69e146aeda4c4241fed481b6064b35db7a2fc4b62ae078309ea10da033880edba551b22944640c94766d89b82

Download Submit
C:\Windows\System32\QYSbjiL.exe

Filesize
2.5MB

MD5
a2c396aeb57e8020dc240e07e328de39

SHA1
a5d299efdd888ac7937c8711d2afaa93662466af

SHA256
5658d93fa67f067e1ba8a0e855ecedfb337a5d6a44679decd5e2070d3ddf1b1d

SHA512
59ebefd2f1a6fe124a599735b6c5729ec1bd7342e72f476c4a75b9f154a5edde0b576cb17737f76e4b871c76f81b158f8ce52440bfd813e7e2a8155878dc1a21

Download Submit
C:\Windows\System32\QuoLuTh.exe

Filesize
2.5MB

MD5
2a557effeceda6ccd7f8b90787e42cda

SHA1
697f93bb1e4e0dd2c423de20e397e72e0034ddd3

SHA256
677e2f7931db38ad34a85c40d49bd9a9a4c226a3187ae24eaa68771ac1852f0c

SHA512
64f4291949a36917413eb5509ce24752ddf3ffb45eaf6dd5ce99e901312afe975b3165d84e999d9fc8cebf2f2b3a16816dd8f6d622328bd79fc3db34a8f2b868

Download Submit
C:\Windows\System32\RJQsUwQ.exe

Filesize
2.5MB

MD5
7ccbe4a81667553eaf97792892c5e82d

SHA1
ccf050a3b74fdc5e0a9a180ce5fcbfaa2a0eb999

SHA256
2512f77a79abc0b20643fe701ea0edff9918435bb2a53004c976f88d9c96415b

SHA512
886f966995166d4269a272fe95cd4f8c91bd27aad8fa2619b84dbd4650d72ae20da4c65645e00fe8c78a52d6789a3e59991c43fabc39ad67090f8aff8ead02e5

Download Submit
C:\Windows\System32\RijWqWO.exe

Filesize
2.4MB

MD5
2d54acba28e08ade2d5b2ab20b97b356

SHA1
bbe5b781103c5ca3cf0064dc486ac0308a89dbbc

SHA256
e4c5dc85171c9a8514cf4af0c8b524328cd806c5b7775aefea8a180f7016cb0f

SHA512
ffa69d3778c0e1ce4fd78e068d9a9c0e778ad171d9b0d2c7cd904760bf4476dadd7c3163b14fb048481987750e0367d0e14f33ec9e65ff3ba097e54441a39fd3

Download Submit
C:\Windows\System32\TCAGFSh.exe

Filesize
2.4MB

MD5
09389d2b3696de7a07dd8dd790149a3d

SHA1
16043c58df51ad705f0a048a7e248696b2351032

SHA256
7819750fd633ef8454dae528ae613e1d54e7c1fc055ac9a5a1f78452c70b68bc

SHA512
b140625f9cb17c51de56390b8f0e521d72f1963ba7025ae116c270061c98f844bdf125d2dbfcd929a686f35b38229665ec834ab0a5f24ce633d39671500f4a5b

Download Submit
C:\Windows\System32\TsLCoWW.exe

Filesize
2.4MB

MD5
0c29ba3fc218c5cfe99dae282d0ff3d7

SHA1
766ee8d3981e1e46956e5f50427e6076b1ae90b1

SHA256
dbb73c1abd8db718f3b0b66aa4cdd5072615211be20d3809e278eb111f40e6a9

SHA512
6bd9eb994979d10b67db8027dbedf721ef02d2636df7f2fea60a72813a8d0796aad953f9819c363ce101c5f48de2b5c35113040fb650255e2c459542d27362f2

Download Submit
C:\Windows\System32\UorziXC.exe

Filesize
2.5MB

MD5
1cea2e1af4dc3e59f3b55aa38881284a

SHA1
491748b7125c03625854dbda004f4b6ad60d2e4a

SHA256
2e230cc7941b4fd5b7e4452a0af5481d4c75138423ed07f5ced7b1f2a2086dfb

SHA512
398c45423d3df81b31553861cc32e7eb0d26ce5a7dacc8b41564dfdca2ec4d1d9e188c056a18adc60cf7e977fd682f2a27fb7f873db50d04f5c7f6d75077d641

Download Submit
C:\Windows\System32\VCirahx.exe

Filesize
2.5MB

MD5
ba634892f1195fddc7f1bfa71bae864e

SHA1
81a76ceae56c19849765a3985718379e1e486695

SHA256
c27941bf3f65ae1d7e6771df9f3fff2097bea745d090a980f50b04b747cbcd14

SHA512
1c86837eea7bc6069ccc01e6f7b80e5056da03e0e25329cbbc3c7d8c3bd11fb59fda9dfa88ab5147f30e943d4f102be4fde870efc41db2f8a2cc20c4e7a75a09

Download Submit
C:\Windows\System32\WsnNCKF.exe

Filesize
2.4MB

MD5
15fab3028c94e6d4497a4180319e5b17

SHA1
8eb53be81145b0b6edf4616427c3da2788ba40e3

SHA256
68c35b35012765c0d32f644dd65e84574fcc542c134ebfd804acc3914a9ecf3f

SHA512
27b5bf8d3d384872d1be1dfb0ea37d92f4fd2e908e571e3b8ac1fe5a6f0188ff5985cb730927bf94d1aea86c9eee4c81ef5214c20a3691bbeb724da0dd50834c

Download Submit
C:\Windows\System32\YEjLxzo.exe

Filesize
2.5MB

MD5
6ee269aadb67cf9608b3b85240fb7161

SHA1
b642ba5c40be2046d8b0e2d861188dfcbd82f16e

SHA256
dc2ca002f204b9516a7a7b2248b6d45d486ce66bced834f1071dc76eaac999f9

SHA512
4c7ad576eb0b1afdc1a2e181b39108cfc7b699a0be1db6cf636cb2352898ea390fbfd01441fdfadcd3e6a86f914e79883d835d0a6e0d5a104b852b1fda65ea3e

Download Submit
C:\Windows\System32\YYvdFfV.exe

Filesize
2.4MB

MD5
6a689719058062bfe997f401d4a414ba

SHA1
94533cb22f92c9938e6e62f6eae6417d4a42792c

SHA256
9f88908c1720e7f36d3162b57117eccff2953d211cfc3a58c7ce5a45eb491efa

SHA512
38d8b63c18b847327a55b9b796e1b3e07097d4fbf6831fbc42d66e27a7ecfe06041e3df4c6924895ef3b2220033ff2a66119af7d3bc9a0634aa38041d4ac027c

Download Submit
C:\Windows\System32\ZFwBkji.exe

Filesize
2.4MB

MD5
419210b445a15f41830d4b5fbc8dfa65

SHA1
caa4d7e3038feb827028b88bcd11461dabf0b304

SHA256
e27a0ab4c4653366eb4e2d1489eecb1d8c0ec0238a34bf80d9fbb0e1fe560854

SHA512
918501e45135581ac94dc26e62ba861d1f5e9cb8a39288501eff91386bf961c449ac7db7aa97a5bc41c603e8365282b4c0471f2e5e7a3448f0d737b1c0c80112

Download Submit
C:\Windows\System32\ZqZMUXz.exe

Filesize
2.5MB

MD5
f2311da97025b7d17d0b2a8e6d324ce0

SHA1
a78a466b9660782b6b7a4e4b4e8b5ba5ca459216

SHA256
dc3915f3b62debdf7fa18f708d3e026ca424016126c817ae82b135d4ecf3c8e6

SHA512
da3c83d3135e391e06ddc7c279f122c8517601b82fb4f9bb856f359d545343e39994e288eb63175113bfcdbb35e4a96c0773a99d9e9251e1fee08ce57dd64a17

Download Submit
C:\Windows\System32\aIVbPpc.exe

Filesize
2.4MB

MD5
375e4177fee055f52829fdc25665f3ef

SHA1
89c0287591e4f21d6a3a1f8a387c4f5bcf2ae082

SHA256
d8c86d11c97f7bbb0c362d390d926b61cd165e77b9ffccf578de0aae73fb71ab

SHA512
a90218508a7fd855dc89ab588fa06d1b8b1f25dc30d0f26e84b92da159f3ed072bcad5bfda965686e7771376bf67614066fe5a00b1feb4f2df437f2454b5fee7

Download Submit
C:\Windows\System32\afxTHhP.exe

Filesize
2.5MB

MD5
a8f52ba2594db10ecc9729ed6e86279b

SHA1
afda35c2921026691105a6ac3248795d95987ccd

SHA256
50243e338e2605027302aeaaf04811c7819aa91bb7c78671acce9fb70327d9ec

SHA512
48812bd2927af6bcf26527d33c410782a7a0bb040f7e892daa902331561ba44dee85ca694918af41b18026404bb99f2a2eec92ef0f78f12cd79adbba00e71867

Download Submit
C:\Windows\System32\cNCzoaB.exe

Filesize
2.5MB

MD5
e49e79f0f08f332b249565c46521a629

SHA1
1a27e788dbf147849e5df03e6fc75b81cb0fe655

SHA256
e549d26fe1509245ba13e8fcc590f7895c22e8b57e5689c935e49f0eadd3fede

SHA512
0aa0eb1e1d3f93ea677c14669833253e1e4ee7c413570c5f63a7dcbe50cc29b7be76a3b8db4e27f81faee77793cfcc2d83e479eb800e669838cf75a4472d6c9a

Download Submit
C:\Windows\System32\cnNIDBc.exe

Filesize
2.5MB

MD5
572de334afb23c853041f9cb0934bc77

SHA1
69d543755092d1ebd608df66d0063c2908714774

SHA256
64418a623e0b3bad30180bec441b2843beddf6cff1c8f694798f0196c9b87fa7

SHA512
6b8ea46fcd12ecbf7248779c353fa85a8725347f414b9ca6918377be98883933d075dd511a34dad1f198b17fe3ab02bf0414db7c7903b4267f45b69b3e576ced

Download Submit
C:\Windows\System32\dkjlDDu.exe

Filesize
2.5MB

MD5
f53741d183ff95139e98a019aa32428c

SHA1
ca318280aec43293df9f265481adffabc091cf06

SHA256
9b56d88cd60b850f836770769b2999333a5046ec591e7c764ba0ea4709aec0f5

SHA512
06fb254200a05e40dc4562ddb720de9bb991bebbe9f74df3280b65c013ad8ad7293a980e73e69379b0f3b79df49675d24b669a947e90c249e2720744957b5b04

Download Submit
C:\Windows\System32\ggwaYqz.exe

Filesize
2.4MB

MD5
bd60c5e3aa908b04d0bfb750664785ae

SHA1
4923573c6e0f188bb515399b9f3530c083dd6e6e

SHA256
d122f0b2e272c8520c6ddbbbe61b2e1821c07980448bebc87de8c56669b7fe68

SHA512
df6cec06210bde356a696486bc8fbbebc4fd3c216d3995575e5174b14a1d1fa02b2e6d0dda3aac6e157816af17ffe19776fe645272193831d193055cba80798e

Download Submit
C:\Windows\System32\gkbkygh.exe

Filesize
2.4MB

MD5
fad590dc7eeec138270d6c605e8a3f21

SHA1
34dc7adddc7d90f9a97e14d43ab2e50578576bf7

SHA256
7cf0ca69ba888b01a99f64669d67e622103413c60a614a7d2f887164f52b78e8

SHA512
479f93f6906174479053271b038aa9b124f9b120ec1e380faf7be3273008531eab7b3880c07b5fde75418dc196dfab2e20e447461027aaf1479c7a501af6a239

Download Submit
C:\Windows\System32\heZwDMT.exe

Filesize
2.5MB

MD5
18d8346135f8771629172ac644690d7a

SHA1
4cf83a6c76fa2fbbea41025988f62dd8e54e7189

SHA256
4d91d6d4aada1df8e81b9da67766f64f6ba03dd0d8bb51b6560fdab87ab129fe

SHA512
672eb7da9de167c0b71e3a7ec1f82a07835b524faf446a55b50ff38388a214406802975de4aa3dd738a5521f034f9a90e06d5cc4ff007749bce196939f88af93

Download Submit
C:\Windows\System32\kRPGaZB.exe

Filesize
2.4MB

MD5
744145dd8e471c9416ab10933a34a190

SHA1
00d0cd0004a8e7506ae892c9b695dba7cc1827b6

SHA256
77699215034d202d21753d387f26a0c423bf0c9bbb25e55bbd85c09e62eac61e

SHA512
2cf311c408e551914a9ce9741d31ab91ce330bd01defb3158cfdafc563dc8af0e1d106fef222ac4043e0b4840a2f850ac5addd6531545c231be49f1d7ff78c89

Download Submit
C:\Windows\System32\mircjIj.exe

Filesize
2.4MB

MD5
6e17445fcbbbdf168a0fb140c1efb482

SHA1
77a2439f93a099db81dbd27166df4e01b98e3826

SHA256
a5af8b0fb4828c5157aef2f48f7503c6d79638acac71e3354df8175f9df2bcc0

SHA512
f5461ae11c992fc89b162a8612af420357c8f027b5de2b6236b89c6f641e6ca3b75ddb8ba7a2c95469d94e5ca1731b3d6a90071e9e5481d871e340de44982719

Download Submit
C:\Windows\System32\tqUeKKC.exe

Filesize
2.4MB

MD5
e119510d1fd8baefd4019c06c9bc97c0

SHA1
90b7d0702f140fc089891b815c6150ed2b948345

SHA256
3bac29427008bc53eeaa71a7c591737e00288419a125505288e002b5b7402eba

SHA512
525eb084442bb4745aad2cf88f05e058ca2063966c612ed5b853412fb89203ea8d07917c9383f2ec42e1099b59ecf0cd6314fbff19503980f489dda75c3d1594

Download Submit
C:\Windows\System32\vjtkhwO.exe

Filesize
2.5MB

MD5
9d0f7bd253f8aa459e414e423c09afef

SHA1
7efc4c777461be2a950afeb463977108838167bd

SHA256
54dfbbacc927abc2f46e9f8b381f927c0697a11a072cd06d8a9c13c8a12a532e

SHA512
c00e68007889e01a5c2efaa39cae332c27c20aaa0167e51bec727da8ff7a73b9e6d173e8a706a692e8a1b7fa7609816d26fc0f92bd3a9f529658c64cebcd1b8b

Download Submit
memory/876-870-0x00007FF6310C0000-0x00007FF6314B5000-memory.dmp

Filesize
4.0MB

Download
memory/876-1907-0x00007FF6310C0000-0x00007FF6314B5000-memory.dmp

Filesize
4.0MB

Download
memory/1796-1910-0x00007FF745AD0000-0x00007FF745EC5000-memory.dmp

Filesize
4.0MB

Download
memory/1796-868-0x00007FF745AD0000-0x00007FF745EC5000-memory.dmp

Filesize
4.0MB

Download
memory/1920-873-0x00007FF7AB4F0000-0x00007FF7AB8E5000-memory.dmp

Filesize
4.0MB

Download
memory/1920-1906-0x00007FF7AB4F0000-0x00007FF7AB8E5000-memory.dmp

Filesize
4.0MB

Download
memory/2380-1898-0x00007FF778B10000-0x00007FF778F05000-memory.dmp

Filesize
4.0MB

Download
memory/2380-886-0x00007FF778B10000-0x00007FF778F05000-memory.dmp

Filesize
4.0MB

Download
memory/3060-848-0x00007FF6EB1A0000-0x00007FF6EB595000-memory.dmp

Filesize
4.0MB

Download
memory/3060-1900-0x00007FF6EB1A0000-0x00007FF6EB595000-memory.dmp

Filesize
4.0MB

Download
memory/3408-1899-0x00007FF7ACEE0000-0x00007FF7AD2D5000-memory.dmp

Filesize
4.0MB

Download
memory/3408-785-0x00007FF7ACEE0000-0x00007FF7AD2D5000-memory.dmp

Filesize
4.0MB

Download
memory/3752-864-0x00007FF692DD0000-0x00007FF6931C5000-memory.dmp

Filesize
4.0MB

Download
memory/3752-1904-0x00007FF692DD0000-0x00007FF6931C5000-memory.dmp

Filesize
4.0MB

Download
memory/3988-1894-0x00007FF769DC0000-0x00007FF76A1B5000-memory.dmp

Filesize
4.0MB

Download
memory/3988-777-0x00007FF769DC0000-0x00007FF76A1B5000-memory.dmp

Filesize
4.0MB

Download
memory/3992-1888-0x00007FF76C2D0000-0x00007FF76C6C5000-memory.dmp

Filesize
4.0MB

Download
memory/3992-1775-0x00007FF76C2D0000-0x00007FF76C6C5000-memory.dmp

Filesize
4.0MB

Download
memory/3992-12-0x00007FF76C2D0000-0x00007FF76C6C5000-memory.dmp

Filesize
4.0MB

Download
memory/4420-1889-0x00007FF692060000-0x00007FF692455000-memory.dmp

Filesize
4.0MB

Download
memory/4420-1778-0x00007FF692060000-0x00007FF692455000-memory.dmp

Filesize
4.0MB

Download
memory/4420-41-0x00007FF692060000-0x00007FF692455000-memory.dmp

Filesize
4.0MB

Download
memory/4492-884-0x00007FF645170000-0x00007FF645565000-memory.dmp

Filesize
4.0MB

Download
memory/4492-1890-0x00007FF645170000-0x00007FF645565000-memory.dmp

Filesize
4.0MB

Download
memory/4552-1893-0x00007FF7C05C0000-0x00007FF7C09B5000-memory.dmp

Filesize
4.0MB

Download
memory/4552-801-0x00007FF7C05C0000-0x00007FF7C09B5000-memory.dmp

Filesize
4.0MB

Download
memory/4620-1897-0x00007FF73E930000-0x00007FF73ED25000-memory.dmp

Filesize
4.0MB

Download
memory/4620-810-0x00007FF73E930000-0x00007FF73ED25000-memory.dmp

Filesize
4.0MB

Download
memory/4668-832-0x00007FF6378C0000-0x00007FF637CB5000-memory.dmp

Filesize
4.0MB

Download
memory/4668-1895-0x00007FF6378C0000-0x00007FF637CB5000-memory.dmp

Filesize
4.0MB

Download
memory/4780-1896-0x00007FF6028B0000-0x00007FF602CA5000-memory.dmp

Filesize
4.0MB

Download
memory/4780-828-0x00007FF6028B0000-0x00007FF602CA5000-memory.dmp

Filesize
4.0MB

Download
memory/4800-1892-0x00007FF684220000-0x00007FF684615000-memory.dmp

Filesize
4.0MB

Download
memory/4800-820-0x00007FF684220000-0x00007FF684615000-memory.dmp

Filesize
4.0MB

Download
memory/4844-1903-0x00007FF68EA30000-0x00007FF68EE25000-memory.dmp

Filesize
4.0MB

Download
memory/4844-852-0x00007FF68EA30000-0x00007FF68EE25000-memory.dmp

Filesize
4.0MB

Download
memory/4864-862-0x00007FF7B6E00000-0x00007FF7B71F5000-memory.dmp

Filesize
4.0MB

Download
memory/4864-1905-0x00007FF7B6E00000-0x00007FF7B71F5000-memory.dmp

Filesize
4.0MB

Download
memory/5004-857-0x00007FF613EC0000-0x00007FF6142B5000-memory.dmp

Filesize
4.0MB

Download
memory/5004-1908-0x00007FF613EC0000-0x00007FF6142B5000-memory.dmp

Filesize
4.0MB

Download
memory/5032-1909-0x00007FF779000000-0x00007FF7793F5000-memory.dmp

Filesize
4.0MB

Download
memory/5032-859-0x00007FF779000000-0x00007FF7793F5000-memory.dmp

Filesize
4.0MB

Download
memory/5352-1-0x0000020816280000-0x0000020816290000-memory.dmp

Filesize
64KB

Download
memory/5352-1547-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp

Filesize
4.0MB

Download
memory/5352-0-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp

Filesize
4.0MB

Download
memory/5352-1886-0x00007FF6AD480000-0x00007FF6AD875000-memory.dmp

Filesize
4.0MB

Download
memory/5612-769-0x00007FF7C46B0000-0x00007FF7C4AA5000-memory.dmp

Filesize
4.0MB

Download
memory/5612-1891-0x00007FF7C46B0000-0x00007FF7C4AA5000-memory.dmp

Filesize
4.0MB

Download
memory/5828-1901-0x00007FF6993E0000-0x00007FF6997D5000-memory.dmp

Filesize
4.0MB

Download
memory/5828-843-0x00007FF6993E0000-0x00007FF6997D5000-memory.dmp

Filesize
4.0MB

Download
memory/6072-1649-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp

Filesize
4.0MB

Download
memory/6072-1887-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp

Filesize
4.0MB

Download
memory/6072-10-0x00007FF6B5FA0000-0x00007FF6B6395000-memory.dmp

Filesize
4.0MB

Download
memory/6100-792-0x00007FF7D4890000-0x00007FF7D4C85000-memory.dmp

Filesize
4.0MB

Download
memory/6100-1902-0x00007FF7D4890000-0x00007FF7D4C85000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads