xmrig | 43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89c

Analysis

max time kernel
116s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
Size

1.8MB
MD5

6520cbc85a944d1f896ccfd1b91b9370
SHA1

22e92ee5f4a2d0afb49c28442c958ec079344d35
SHA256

43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89c
SHA512

7109a92b99db96aeaccceeff99dc4ac05ba4167f08d6eddd5e2bb398e4b0971bc7f7414f117b5f177aadecbc8daf8f0d02dd8956f5b62e109c8d355b022a5b44
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlOqzJO0RAISLzV/vdH5e1BeA5gLDqsPTupL6k6hGNw:knw9oUUEEDlOuJkIQTAVsPYIgC6ET

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/2052-488-0x00007FF7C13B0000-0x00007FF7C17A1000-memory.dmp	xmrig
behavioral2/memory/212-489-0x00007FF7BA450000-0x00007FF7BA841000-memory.dmp	xmrig
behavioral2/memory/3900-506-0x00007FF78B0A0000-0x00007FF78B491000-memory.dmp	xmrig
behavioral2/memory/4052-503-0x00007FF634500000-0x00007FF6348F1000-memory.dmp	xmrig
behavioral2/memory/3404-511-0x00007FF68D550000-0x00007FF68D941000-memory.dmp	xmrig
behavioral2/memory/1464-499-0x00007FF714FE0000-0x00007FF7153D1000-memory.dmp	xmrig
behavioral2/memory/1468-513-0x00007FF7D9190000-0x00007FF7D9581000-memory.dmp	xmrig
behavioral2/memory/2256-517-0x00007FF799F00000-0x00007FF79A2F1000-memory.dmp	xmrig
behavioral2/memory/4460-519-0x00007FF718C80000-0x00007FF719071000-memory.dmp	xmrig
behavioral2/memory/2140-521-0x00007FF7586F0000-0x00007FF758AE1000-memory.dmp	xmrig
behavioral2/memory/1256-559-0x00007FF66C350000-0x00007FF66C741000-memory.dmp	xmrig
behavioral2/memory/5048-567-0x00007FF64F8D0000-0x00007FF64FCC1000-memory.dmp	xmrig
behavioral2/memory/4316-562-0x00007FF6974B0000-0x00007FF6978A1000-memory.dmp	xmrig
behavioral2/memory/3760-560-0x00007FF755090000-0x00007FF755481000-memory.dmp	xmrig
behavioral2/memory/2912-550-0x00007FF728F40000-0x00007FF729331000-memory.dmp	xmrig
behavioral2/memory/4976-60-0x00007FF7ADFD0000-0x00007FF7AE3C1000-memory.dmp	xmrig
behavioral2/memory/2064-50-0x00007FF6C2DD0000-0x00007FF6C31C1000-memory.dmp	xmrig
behavioral2/memory/1940-976-0x00007FF7925D0000-0x00007FF7929C1000-memory.dmp	xmrig
behavioral2/memory/1040-1096-0x00007FF643B20000-0x00007FF643F11000-memory.dmp	xmrig
behavioral2/memory/3160-1100-0x00007FF63D500000-0x00007FF63D8F1000-memory.dmp	xmrig
behavioral2/memory/4992-1183-0x00007FF6EAE10000-0x00007FF6EB201000-memory.dmp	xmrig
behavioral2/memory/3844-1303-0x00007FF678B00000-0x00007FF678EF1000-memory.dmp	xmrig
behavioral2/memory/964-1296-0x00007FF766BB0000-0x00007FF766FA1000-memory.dmp	xmrig
behavioral2/memory/2388-1434-0x00007FF70AE80000-0x00007FF70B271000-memory.dmp	xmrig
behavioral2/memory/3284-1423-0x00007FF77F3B0000-0x00007FF77F7A1000-memory.dmp	xmrig
behavioral2/memory/3160-2116-0x00007FF63D500000-0x00007FF63D8F1000-memory.dmp	xmrig
behavioral2/memory/3844-2118-0x00007FF678B00000-0x00007FF678EF1000-memory.dmp	xmrig
behavioral2/memory/964-2120-0x00007FF766BB0000-0x00007FF766FA1000-memory.dmp	xmrig
behavioral2/memory/2064-2142-0x00007FF6C2DD0000-0x00007FF6C31C1000-memory.dmp	xmrig
behavioral2/memory/2052-2146-0x00007FF7C13B0000-0x00007FF7C17A1000-memory.dmp	xmrig
behavioral2/memory/5048-2150-0x00007FF64F8D0000-0x00007FF64FCC1000-memory.dmp	xmrig
behavioral2/memory/1464-2154-0x00007FF714FE0000-0x00007FF7153D1000-memory.dmp	xmrig
behavioral2/memory/4052-2156-0x00007FF634500000-0x00007FF6348F1000-memory.dmp	xmrig
behavioral2/memory/212-2152-0x00007FF7BA450000-0x00007FF7BA841000-memory.dmp	xmrig
behavioral2/memory/2388-2148-0x00007FF70AE80000-0x00007FF70B271000-memory.dmp	xmrig
behavioral2/memory/3900-2195-0x00007FF78B0A0000-0x00007FF78B491000-memory.dmp	xmrig
behavioral2/memory/2912-2193-0x00007FF728F40000-0x00007FF729331000-memory.dmp	xmrig
behavioral2/memory/1468-2190-0x00007FF7D9190000-0x00007FF7D9581000-memory.dmp	xmrig
behavioral2/memory/4460-2188-0x00007FF718C80000-0x00007FF719071000-memory.dmp	xmrig
behavioral2/memory/2256-2186-0x00007FF799F00000-0x00007FF79A2F1000-memory.dmp	xmrig
behavioral2/memory/1256-2183-0x00007FF66C350000-0x00007FF66C741000-memory.dmp	xmrig
behavioral2/memory/2140-2182-0x00007FF7586F0000-0x00007FF758AE1000-memory.dmp	xmrig
behavioral2/memory/3404-2192-0x00007FF68D550000-0x00007FF68D941000-memory.dmp	xmrig
behavioral2/memory/3760-2180-0x00007FF755090000-0x00007FF755481000-memory.dmp	xmrig
behavioral2/memory/1940-2261-0x00007FF7925D0000-0x00007FF7929C1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1040	AmPepSr.exe
3160	eATFzXK.exe
4992	iksppTP.exe
964	VVGyvaA.exe
3844	GQxtVUM.exe
4976	jEouUkE.exe
2064	ikTeiKH.exe
3284	TlAQiSC.exe
2388	DyfLeMF.exe
2052	DHOOphn.exe
5048	zNtDAzr.exe
212	xzhKkBx.exe
1464	nBVjyMU.exe
4052	dWlofvG.exe
3900	kJQJDJK.exe
3404	pdTkkdq.exe
1468	BawSaoP.exe
2256	DNQYjdt.exe
4460	wzIchuv.exe
2140	wlWbhgw.exe
2912	lsPTukn.exe
1256	zujnlkK.exe
3760	ShUIOpa.exe
4316	OulJNdf.exe
1584	GIWtJnm.exe
4108	zVszZwG.exe
3976	EEInmdo.exe
3988	WukaeXt.exe
3304	mgQxSlZ.exe
864	iNTjaPO.exe
60	BLpChVj.exe
1988	wDbXCvZ.exe
3156	MjksrUr.exe
2816	lPBzkDQ.exe
4536	ZvRYoZi.exe
3472	cWFgXCa.exe
4560	DdJGLkT.exe
3692	whMVWyV.exe
4436	CNtMUxI.exe
2524	MuVWfUi.exe
2648	FXoLCsZ.exe
2572	lIgdsPJ.exe
4984	eGUReIT.exe
4032	UTPDELN.exe
4556	cBSUhzj.exe
5036	nhAzecY.exe
3552	UpkfaUG.exe
1192	DFGDhvx.exe
2284	mBgUSMF.exe
3560	pmAcYvE.exe
4216	BlHVEgo.exe
2664	pgpFQfq.exe
4788	osdzSUb.exe
3592	FkuJigd.exe
3056	wmKrPca.exe
4388	RJXKmOF.exe
3896	vPtpaib.exe
5084	FsHktxI.exe
3628	MYnbeso.exe
2416	gQPIGgS.exe
220	xdrEVeB.exe
2380	RDRQEEu.exe
2596	ahjTBTh.exe
3004	cnMFLBI.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\ooyaqtv.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\iRmoHYB.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\ruOZVmK.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\TlQyUtF.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\ZioKPUS.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\tOsmCZQ.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\GiVPXdQ.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\HrooHmY.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\bBNvHOc.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\ithMbdG.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\UzUGcjh.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\rSKeits.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\JnzpDGZ.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\iNTjaPO.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\UTPDELN.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\uRdooLX.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\nVlLswk.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\NxzyqpN.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\NhfWkRM.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\PkNOnYV.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\YywFwBU.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\KRaOhUR.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\TOlfjxT.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\vOMUrAk.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\jcCXhtJ.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\alafEAl.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\UpkfaUG.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\vVxpgRg.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\YNfvAjw.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\CmthZbf.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\hYunAIm.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\voPBFiL.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\UXSzAlR.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\QoQrddP.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\rTDdKHQ.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\fySfuHK.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\nFEsidK.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\iEDjmkX.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\DzHFDUD.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\quVgsGq.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\buwDeqp.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\uLpDZtj.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\jAndbPE.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\JIrtaIg.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\jymkQJV.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\RfdZRuX.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\cYJhcVP.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\SJJvOZd.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\BddhoFR.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\wmKrPca.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\MYnbeso.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\MBmFDtA.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\WPvfokl.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\JgsPLzA.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\lTzTHXv.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\kuVEQAt.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\wFiyQnx.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\GJPIRqx.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\oKHajUQ.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\gyZfJhY.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\IsbjETs.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\whMVWyV.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\rXUAafz.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
File created	C:\Windows\System32\xzSaMsJ.exe	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1940-0-0x00007FF7925D0000-0x00007FF7929C1000-memory.dmp	upx
behavioral2/files/0x0009000000023c82-4.dat	upx
behavioral2/files/0x0008000000023c87-8.dat	upx
behavioral2/files/0x0008000000023c86-13.dat	upx
behavioral2/files/0x0008000000023c88-16.dat	upx
behavioral2/files/0x0008000000023c89-26.dat	upx
behavioral2/files/0x0007000000023c93-43.dat	upx
behavioral2/memory/3844-45-0x00007FF678B00000-0x00007FF678EF1000-memory.dmp	upx
behavioral2/files/0x0007000000023c94-53.dat	upx
behavioral2/memory/3284-54-0x00007FF77F3B0000-0x00007FF77F7A1000-memory.dmp	upx
behavioral2/files/0x0007000000023c97-65.dat	upx
behavioral2/files/0x0009000000023c83-73.dat	upx
behavioral2/files/0x0007000000023c99-80.dat	upx
behavioral2/files/0x0007000000023c9b-93.dat	upx
behavioral2/files/0x0007000000023c9d-103.dat	upx
behavioral2/files/0x0007000000023ca3-133.dat	upx
behavioral2/memory/2052-488-0x00007FF7C13B0000-0x00007FF7C17A1000-memory.dmp	upx
behavioral2/memory/212-489-0x00007FF7BA450000-0x00007FF7BA841000-memory.dmp	upx
behavioral2/memory/3900-506-0x00007FF78B0A0000-0x00007FF78B491000-memory.dmp	upx
behavioral2/memory/4052-503-0x00007FF634500000-0x00007FF6348F1000-memory.dmp	upx
behavioral2/memory/3404-511-0x00007FF68D550000-0x00007FF68D941000-memory.dmp	upx
behavioral2/memory/1464-499-0x00007FF714FE0000-0x00007FF7153D1000-memory.dmp	upx
behavioral2/files/0x0007000000023cac-171.dat	upx
behavioral2/files/0x0007000000023caa-168.dat	upx
behavioral2/files/0x0007000000023cab-166.dat	upx
behavioral2/files/0x0007000000023ca9-163.dat	upx
behavioral2/files/0x0007000000023ca8-158.dat	upx
behavioral2/files/0x0007000000023ca7-150.dat	upx
behavioral2/files/0x0007000000023ca6-148.dat	upx
behavioral2/files/0x0007000000023ca5-143.dat	upx
behavioral2/files/0x0007000000023ca4-138.dat	upx
behavioral2/memory/1468-513-0x00007FF7D9190000-0x00007FF7D9581000-memory.dmp	upx
behavioral2/files/0x0007000000023ca2-128.dat	upx
behavioral2/memory/2256-517-0x00007FF799F00000-0x00007FF79A2F1000-memory.dmp	upx
behavioral2/memory/4460-519-0x00007FF718C80000-0x00007FF719071000-memory.dmp	upx
behavioral2/memory/2140-521-0x00007FF7586F0000-0x00007FF758AE1000-memory.dmp	upx
behavioral2/files/0x0007000000023ca1-123.dat	upx
behavioral2/memory/1256-559-0x00007FF66C350000-0x00007FF66C741000-memory.dmp	upx
behavioral2/memory/5048-567-0x00007FF64F8D0000-0x00007FF64FCC1000-memory.dmp	upx
behavioral2/memory/4316-562-0x00007FF6974B0000-0x00007FF6978A1000-memory.dmp	upx
behavioral2/memory/3760-560-0x00007FF755090000-0x00007FF755481000-memory.dmp	upx
behavioral2/memory/2912-550-0x00007FF728F40000-0x00007FF729331000-memory.dmp	upx
behavioral2/files/0x0007000000023ca0-118.dat	upx
behavioral2/files/0x0007000000023c9f-113.dat	upx
behavioral2/files/0x0007000000023c9e-108.dat	upx
behavioral2/files/0x0007000000023c9c-98.dat	upx
behavioral2/files/0x0007000000023c9a-88.dat	upx
behavioral2/files/0x0007000000023c98-78.dat	upx
behavioral2/memory/4976-60-0x00007FF7ADFD0000-0x00007FF7AE3C1000-memory.dmp	upx
behavioral2/files/0x0007000000023c95-59.dat	upx
behavioral2/files/0x0007000000023c96-57.dat	upx
behavioral2/memory/2388-56-0x00007FF70AE80000-0x00007FF70B271000-memory.dmp	upx
behavioral2/memory/2064-50-0x00007FF6C2DD0000-0x00007FF6C31C1000-memory.dmp	upx
behavioral2/files/0x0008000000023c8a-38.dat	upx
behavioral2/memory/964-21-0x00007FF766BB0000-0x00007FF766FA1000-memory.dmp	upx
behavioral2/memory/4992-18-0x00007FF6EAE10000-0x00007FF6EB201000-memory.dmp	upx
behavioral2/memory/3160-17-0x00007FF63D500000-0x00007FF63D8F1000-memory.dmp	upx
behavioral2/memory/1040-10-0x00007FF643B20000-0x00007FF643F11000-memory.dmp	upx
behavioral2/memory/1940-976-0x00007FF7925D0000-0x00007FF7929C1000-memory.dmp	upx
behavioral2/memory/1040-1096-0x00007FF643B20000-0x00007FF643F11000-memory.dmp	upx
behavioral2/memory/3160-1100-0x00007FF63D500000-0x00007FF63D8F1000-memory.dmp	upx
behavioral2/memory/4992-1183-0x00007FF6EAE10000-0x00007FF6EB201000-memory.dmp	upx
behavioral2/memory/3844-1303-0x00007FF678B00000-0x00007FF678EF1000-memory.dmp	upx
behavioral2/memory/964-1296-0x00007FF766BB0000-0x00007FF766FA1000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14164	dwm.exe
Token: SeChangeNotifyPrivilege	14164	dwm.exe
Token: 33	14164	dwm.exe
Token: SeIncBasePriorityPrivilege	14164	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1040	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	83
PID 1940 wrote to memory of 1040	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	83
PID 1940 wrote to memory of 3160	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	84
PID 1940 wrote to memory of 3160	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	84
PID 1940 wrote to memory of 4992	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	85
PID 1940 wrote to memory of 4992	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	85
PID 1940 wrote to memory of 964	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	86
PID 1940 wrote to memory of 964	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	86
PID 1940 wrote to memory of 3844	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	87
PID 1940 wrote to memory of 3844	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	87
PID 1940 wrote to memory of 4976	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	88
PID 1940 wrote to memory of 4976	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	88
PID 1940 wrote to memory of 2064	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	89
PID 1940 wrote to memory of 2064	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	89
PID 1940 wrote to memory of 3284	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	90
PID 1940 wrote to memory of 3284	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	90
PID 1940 wrote to memory of 2388	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	91
PID 1940 wrote to memory of 2388	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	91
PID 1940 wrote to memory of 2052	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	92
PID 1940 wrote to memory of 2052	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	92
PID 1940 wrote to memory of 5048	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	93
PID 1940 wrote to memory of 5048	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	93
PID 1940 wrote to memory of 212	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	94
PID 1940 wrote to memory of 212	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	94
PID 1940 wrote to memory of 1464	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	95
PID 1940 wrote to memory of 1464	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	95
PID 1940 wrote to memory of 4052	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	96
PID 1940 wrote to memory of 4052	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	96
PID 1940 wrote to memory of 3900	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	97
PID 1940 wrote to memory of 3900	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	97
PID 1940 wrote to memory of 3404	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	98
PID 1940 wrote to memory of 3404	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	98
PID 1940 wrote to memory of 1468	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	99
PID 1940 wrote to memory of 1468	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	99
PID 1940 wrote to memory of 2256	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	100
PID 1940 wrote to memory of 2256	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	100
PID 1940 wrote to memory of 4460	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	101
PID 1940 wrote to memory of 4460	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	101
PID 1940 wrote to memory of 2140	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	102
PID 1940 wrote to memory of 2140	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	102
PID 1940 wrote to memory of 2912	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	103
PID 1940 wrote to memory of 2912	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	103
PID 1940 wrote to memory of 1256	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	104
PID 1940 wrote to memory of 1256	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	104
PID 1940 wrote to memory of 3760	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	105
PID 1940 wrote to memory of 3760	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	105
PID 1940 wrote to memory of 4316	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	106
PID 1940 wrote to memory of 4316	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	106
PID 1940 wrote to memory of 1584	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	107
PID 1940 wrote to memory of 1584	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	107
PID 1940 wrote to memory of 4108	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	108
PID 1940 wrote to memory of 4108	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	108
PID 1940 wrote to memory of 3976	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	109
PID 1940 wrote to memory of 3976	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	109
PID 1940 wrote to memory of 3988	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	110
PID 1940 wrote to memory of 3988	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	110
PID 1940 wrote to memory of 3304	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	111
PID 1940 wrote to memory of 3304	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	111
PID 1940 wrote to memory of 864	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	112
PID 1940 wrote to memory of 864	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	112
PID 1940 wrote to memory of 60	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	113
PID 1940 wrote to memory of 60	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	113
PID 1940 wrote to memory of 1988	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	114
PID 1940 wrote to memory of 1988	1940	43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe	114

C:\Users\Admin\AppData\Local\Temp\43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe
"C:\Users\Admin\AppData\Local\Temp\43449815f7383cc693c56a96b04feb3ce63d0e861a034f091433d7d8a053d89cN.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\System32\AmPepSr.exe
  C:\Windows\System32\AmPepSr.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System32\eATFzXK.exe
  C:\Windows\System32\eATFzXK.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System32\iksppTP.exe
  C:\Windows\System32\iksppTP.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System32\VVGyvaA.exe
  C:\Windows\System32\VVGyvaA.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System32\GQxtVUM.exe
  C:\Windows\System32\GQxtVUM.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System32\jEouUkE.exe
  C:\Windows\System32\jEouUkE.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System32\ikTeiKH.exe
  C:\Windows\System32\ikTeiKH.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System32\TlAQiSC.exe
  C:\Windows\System32\TlAQiSC.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System32\DyfLeMF.exe
  C:\Windows\System32\DyfLeMF.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System32\DHOOphn.exe
  C:\Windows\System32\DHOOphn.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System32\zNtDAzr.exe
  C:\Windows\System32\zNtDAzr.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System32\xzhKkBx.exe
  C:\Windows\System32\xzhKkBx.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System32\nBVjyMU.exe
  C:\Windows\System32\nBVjyMU.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System32\dWlofvG.exe
  C:\Windows\System32\dWlofvG.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System32\kJQJDJK.exe
  C:\Windows\System32\kJQJDJK.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System32\pdTkkdq.exe
  C:\Windows\System32\pdTkkdq.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System32\BawSaoP.exe
  C:\Windows\System32\BawSaoP.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System32\DNQYjdt.exe
  C:\Windows\System32\DNQYjdt.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System32\wzIchuv.exe
  C:\Windows\System32\wzIchuv.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\wlWbhgw.exe
  C:\Windows\System32\wlWbhgw.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System32\lsPTukn.exe
  C:\Windows\System32\lsPTukn.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System32\zujnlkK.exe
  C:\Windows\System32\zujnlkK.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System32\ShUIOpa.exe
  C:\Windows\System32\ShUIOpa.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System32\OulJNdf.exe
  C:\Windows\System32\OulJNdf.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System32\GIWtJnm.exe
  C:\Windows\System32\GIWtJnm.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System32\zVszZwG.exe
  C:\Windows\System32\zVszZwG.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System32\EEInmdo.exe
  C:\Windows\System32\EEInmdo.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System32\WukaeXt.exe
  C:\Windows\System32\WukaeXt.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System32\mgQxSlZ.exe
  C:\Windows\System32\mgQxSlZ.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System32\iNTjaPO.exe
  C:\Windows\System32\iNTjaPO.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System32\BLpChVj.exe
  C:\Windows\System32\BLpChVj.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System32\wDbXCvZ.exe
  C:\Windows\System32\wDbXCvZ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System32\MjksrUr.exe
  C:\Windows\System32\MjksrUr.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System32\lPBzkDQ.exe
  C:\Windows\System32\lPBzkDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System32\ZvRYoZi.exe
  C:\Windows\System32\ZvRYoZi.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System32\cWFgXCa.exe
  C:\Windows\System32\cWFgXCa.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System32\DdJGLkT.exe
  C:\Windows\System32\DdJGLkT.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System32\whMVWyV.exe
  C:\Windows\System32\whMVWyV.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System32\CNtMUxI.exe
  C:\Windows\System32\CNtMUxI.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System32\MuVWfUi.exe
  C:\Windows\System32\MuVWfUi.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System32\FXoLCsZ.exe
  C:\Windows\System32\FXoLCsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System32\lIgdsPJ.exe
  C:\Windows\System32\lIgdsPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System32\eGUReIT.exe
  C:\Windows\System32\eGUReIT.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System32\UTPDELN.exe
  C:\Windows\System32\UTPDELN.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System32\cBSUhzj.exe
  C:\Windows\System32\cBSUhzj.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System32\nhAzecY.exe
  C:\Windows\System32\nhAzecY.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System32\UpkfaUG.exe
  C:\Windows\System32\UpkfaUG.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System32\DFGDhvx.exe
  C:\Windows\System32\DFGDhvx.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System32\mBgUSMF.exe
  C:\Windows\System32\mBgUSMF.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System32\pmAcYvE.exe
  C:\Windows\System32\pmAcYvE.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System32\BlHVEgo.exe
  C:\Windows\System32\BlHVEgo.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System32\pgpFQfq.exe
  C:\Windows\System32\pgpFQfq.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System32\osdzSUb.exe
  C:\Windows\System32\osdzSUb.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System32\FkuJigd.exe
  C:\Windows\System32\FkuJigd.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System32\wmKrPca.exe
  C:\Windows\System32\wmKrPca.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System32\RJXKmOF.exe
  C:\Windows\System32\RJXKmOF.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System32\vPtpaib.exe
  C:\Windows\System32\vPtpaib.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System32\FsHktxI.exe
  C:\Windows\System32\FsHktxI.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System32\MYnbeso.exe
  C:\Windows\System32\MYnbeso.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System32\gQPIGgS.exe
  C:\Windows\System32\gQPIGgS.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System32\xdrEVeB.exe
  C:\Windows\System32\xdrEVeB.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System32\RDRQEEu.exe
  C:\Windows\System32\RDRQEEu.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System32\ahjTBTh.exe
  C:\Windows\System32\ahjTBTh.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System32\cnMFLBI.exe
  C:\Windows\System32\cnMFLBI.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System32\bBNvHOc.exe
  C:\Windows\System32\bBNvHOc.exe
  2⤵
  PID:436
- C:\Windows\System32\OvLRFgh.exe
  C:\Windows\System32\OvLRFgh.exe
  2⤵
  PID:4412
- C:\Windows\System32\UjzQTRN.exe
  C:\Windows\System32\UjzQTRN.exe
  2⤵
  PID:1284
- C:\Windows\System32\GjSybce.exe
  C:\Windows\System32\GjSybce.exe
  2⤵
  PID:3288
- C:\Windows\System32\MGiLzRB.exe
  C:\Windows\System32\MGiLzRB.exe
  2⤵
  PID:3372
- C:\Windows\System32\waTAOEA.exe
  C:\Windows\System32\waTAOEA.exe
  2⤵
  PID:3096
- C:\Windows\System32\xGtVbcm.exe
  C:\Windows\System32\xGtVbcm.exe
  2⤵
  PID:3172
- C:\Windows\System32\HGhzKKM.exe
  C:\Windows\System32\HGhzKKM.exe
  2⤵
  PID:516
- C:\Windows\System32\dCRthOM.exe
  C:\Windows\System32\dCRthOM.exe
  2⤵
  PID:3836
- C:\Windows\System32\kbpOmAw.exe
  C:\Windows\System32\kbpOmAw.exe
  2⤵
  PID:4224
- C:\Windows\System32\RfGWXpe.exe
  C:\Windows\System32\RfGWXpe.exe
  2⤵
  PID:1836
- C:\Windows\System32\ljbIcmC.exe
  C:\Windows\System32\ljbIcmC.exe
  2⤵
  PID:4724
- C:\Windows\System32\ZuItsQy.exe
  C:\Windows\System32\ZuItsQy.exe
  2⤵
  PID:3432
- C:\Windows\System32\IMamALQ.exe
  C:\Windows\System32\IMamALQ.exe
  2⤵
  PID:5020
- C:\Windows\System32\UzUGcjh.exe
  C:\Windows\System32\UzUGcjh.exe
  2⤵
  PID:4528
- C:\Windows\System32\wnAPvHU.exe
  C:\Windows\System32\wnAPvHU.exe
  2⤵
  PID:116
- C:\Windows\System32\cadXaWm.exe
  C:\Windows\System32\cadXaWm.exe
  2⤵
  PID:4384
- C:\Windows\System32\NxzyqpN.exe
  C:\Windows\System32\NxzyqpN.exe
  2⤵
  PID:1600
- C:\Windows\System32\CCvZdJP.exe
  C:\Windows\System32\CCvZdJP.exe
  2⤵
  PID:1196
- C:\Windows\System32\HeHBVKr.exe
  C:\Windows\System32\HeHBVKr.exe
  2⤵
  PID:3632
- C:\Windows\System32\MTqVrfj.exe
  C:\Windows\System32\MTqVrfj.exe
  2⤵
  PID:3448
- C:\Windows\System32\LlVphmg.exe
  C:\Windows\System32\LlVphmg.exe
  2⤵
  PID:1788
- C:\Windows\System32\qFEImyA.exe
  C:\Windows\System32\qFEImyA.exe
  2⤵
  PID:1992
- C:\Windows\System32\odACqQO.exe
  C:\Windows\System32\odACqQO.exe
  2⤵
  PID:2348
- C:\Windows\System32\RyVQjop.exe
  C:\Windows\System32\RyVQjop.exe
  2⤵
  PID:4716
- C:\Windows\System32\nUyEvih.exe
  C:\Windows\System32\nUyEvih.exe
  2⤵
  PID:1944
- C:\Windows\System32\CyRoHKx.exe
  C:\Windows\System32\CyRoHKx.exe
  2⤵
  PID:1792
- C:\Windows\System32\uIvOZTR.exe
  C:\Windows\System32\uIvOZTR.exe
  2⤵
  PID:1608
- C:\Windows\System32\CmthZbf.exe
  C:\Windows\System32\CmthZbf.exe
  2⤵
  PID:3648
- C:\Windows\System32\GdxDyqL.exe
  C:\Windows\System32\GdxDyqL.exe
  2⤵
  PID:1656
- C:\Windows\System32\FKdoXVB.exe
  C:\Windows\System32\FKdoXVB.exe
  2⤵
  PID:5136
- C:\Windows\System32\YutWqOj.exe
  C:\Windows\System32\YutWqOj.exe
  2⤵
  PID:5164
- C:\Windows\System32\susgEGm.exe
  C:\Windows\System32\susgEGm.exe
  2⤵
  PID:5192
- C:\Windows\System32\rXUAafz.exe
  C:\Windows\System32\rXUAafz.exe
  2⤵
  PID:5216
- C:\Windows\System32\BcKPtCj.exe
  C:\Windows\System32\BcKPtCj.exe
  2⤵
  PID:5244
- C:\Windows\System32\WUlEhWT.exe
  C:\Windows\System32\WUlEhWT.exe
  2⤵
  PID:5276
- C:\Windows\System32\uvbLOyV.exe
  C:\Windows\System32\uvbLOyV.exe
  2⤵
  PID:5304
- C:\Windows\System32\yTsmaLE.exe
  C:\Windows\System32\yTsmaLE.exe
  2⤵
  PID:5328
- C:\Windows\System32\cCfUuCL.exe
  C:\Windows\System32\cCfUuCL.exe
  2⤵
  PID:5356
- C:\Windows\System32\mAYKCAE.exe
  C:\Windows\System32\mAYKCAE.exe
  2⤵
  PID:5384
- C:\Windows\System32\qBheZaq.exe
  C:\Windows\System32\qBheZaq.exe
  2⤵
  PID:5416
- C:\Windows\System32\ZkEXxfc.exe
  C:\Windows\System32\ZkEXxfc.exe
  2⤵
  PID:5444
- C:\Windows\System32\FshXaeg.exe
  C:\Windows\System32\FshXaeg.exe
  2⤵
  PID:5472
- C:\Windows\System32\oSlDwQn.exe
  C:\Windows\System32\oSlDwQn.exe
  2⤵
  PID:5500
- C:\Windows\System32\cnPDCxU.exe
  C:\Windows\System32\cnPDCxU.exe
  2⤵
  PID:5528
- C:\Windows\System32\GSRSgxW.exe
  C:\Windows\System32\GSRSgxW.exe
  2⤵
  PID:5552
- C:\Windows\System32\xzGzcgU.exe
  C:\Windows\System32\xzGzcgU.exe
  2⤵
  PID:5580
- C:\Windows\System32\OHUYOWU.exe
  C:\Windows\System32\OHUYOWU.exe
  2⤵
  PID:5612
- C:\Windows\System32\JhjptbX.exe
  C:\Windows\System32\JhjptbX.exe
  2⤵
  PID:5640
- C:\Windows\System32\IQJOiac.exe
  C:\Windows\System32\IQJOiac.exe
  2⤵
  PID:5664
- C:\Windows\System32\GiVPXdQ.exe
  C:\Windows\System32\GiVPXdQ.exe
  2⤵
  PID:5696
- C:\Windows\System32\NujjGzD.exe
  C:\Windows\System32\NujjGzD.exe
  2⤵
  PID:5724
- C:\Windows\System32\vPRINwV.exe
  C:\Windows\System32\vPRINwV.exe
  2⤵
  PID:5752
- C:\Windows\System32\jECPcve.exe
  C:\Windows\System32\jECPcve.exe
  2⤵
  PID:5780
- C:\Windows\System32\vVxpgRg.exe
  C:\Windows\System32\vVxpgRg.exe
  2⤵
  PID:5808
- C:\Windows\System32\FeJftAr.exe
  C:\Windows\System32\FeJftAr.exe
  2⤵
  PID:5836
- C:\Windows\System32\hwPaYaf.exe
  C:\Windows\System32\hwPaYaf.exe
  2⤵
  PID:5864
- C:\Windows\System32\AnaYIQJ.exe
  C:\Windows\System32\AnaYIQJ.exe
  2⤵
  PID:5888
- C:\Windows\System32\aBsXgmn.exe
  C:\Windows\System32\aBsXgmn.exe
  2⤵
  PID:5920
- C:\Windows\System32\EyqtuoO.exe
  C:\Windows\System32\EyqtuoO.exe
  2⤵
  PID:5948
- C:\Windows\System32\HOuvvHb.exe
  C:\Windows\System32\HOuvvHb.exe
  2⤵
  PID:5976
- C:\Windows\System32\xindlwY.exe
  C:\Windows\System32\xindlwY.exe
  2⤵
  PID:6004
- C:\Windows\System32\zcdsOcZ.exe
  C:\Windows\System32\zcdsOcZ.exe
  2⤵
  PID:6028
- C:\Windows\System32\ruvOLVM.exe
  C:\Windows\System32\ruvOLVM.exe
  2⤵
  PID:6060
- C:\Windows\System32\oEiKBGe.exe
  C:\Windows\System32\oEiKBGe.exe
  2⤵
  PID:6088
- C:\Windows\System32\RVdaiLU.exe
  C:\Windows\System32\RVdaiLU.exe
  2⤵
  PID:6116
- C:\Windows\System32\zCHfmVe.exe
  C:\Windows\System32\zCHfmVe.exe
  2⤵
  PID:6140
- C:\Windows\System32\OawdLxK.exe
  C:\Windows\System32\OawdLxK.exe
  2⤵
  PID:4672
- C:\Windows\System32\PkNOnYV.exe
  C:\Windows\System32\PkNOnYV.exe
  2⤵
  PID:3708
- C:\Windows\System32\bpIoEzZ.exe
  C:\Windows\System32\bpIoEzZ.exe
  2⤵
  PID:4508
- C:\Windows\System32\qyvOxpl.exe
  C:\Windows\System32\qyvOxpl.exe
  2⤵
  PID:3972
- C:\Windows\System32\Yizoggy.exe
  C:\Windows\System32\Yizoggy.exe
  2⤵
  PID:5156
- C:\Windows\System32\ibxBgPh.exe
  C:\Windows\System32\ibxBgPh.exe
  2⤵
  PID:5212
- C:\Windows\System32\hvNaJJZ.exe
  C:\Windows\System32\hvNaJJZ.exe
  2⤵
  PID:3680
- C:\Windows\System32\sZFOQYg.exe
  C:\Windows\System32\sZFOQYg.exe
  2⤵
  PID:5392
- C:\Windows\System32\sxhBZqU.exe
  C:\Windows\System32\sxhBZqU.exe
  2⤵
  PID:5484
- C:\Windows\System32\XisMolv.exe
  C:\Windows\System32\XisMolv.exe
  2⤵
  PID:5520
- C:\Windows\System32\iEDjmkX.exe
  C:\Windows\System32\iEDjmkX.exe
  2⤵
  PID:5588
- C:\Windows\System32\zOUuUwy.exe
  C:\Windows\System32\zOUuUwy.exe
  2⤵
  PID:5620
- C:\Windows\System32\GlGmRnB.exe
  C:\Windows\System32\GlGmRnB.exe
  2⤵
  PID:5672
- C:\Windows\System32\svavezP.exe
  C:\Windows\System32\svavezP.exe
  2⤵
  PID:1376
- C:\Windows\System32\DNPgHic.exe
  C:\Windows\System32\DNPgHic.exe
  2⤵
  PID:5792
- C:\Windows\System32\hNzPXhn.exe
  C:\Windows\System32\hNzPXhn.exe
  2⤵
  PID:5872
- C:\Windows\System32\AUIqNbS.exe
  C:\Windows\System32\AUIqNbS.exe
  2⤵
  PID:5956
- C:\Windows\System32\AySwvrj.exe
  C:\Windows\System32\AySwvrj.exe
  2⤵
  PID:2512
- C:\Windows\System32\yijOtTs.exe
  C:\Windows\System32\yijOtTs.exe
  2⤵
  PID:448
- C:\Windows\System32\fDrefSv.exe
  C:\Windows\System32\fDrefSv.exe
  2⤵
  PID:6072
- C:\Windows\System32\TMUQpxQ.exe
  C:\Windows\System32\TMUQpxQ.exe
  2⤵
  PID:3608
- C:\Windows\System32\KRaOhUR.exe
  C:\Windows\System32\KRaOhUR.exe
  2⤵
  PID:4320
- C:\Windows\System32\SWyPYvk.exe
  C:\Windows\System32\SWyPYvk.exe
  2⤵
  PID:2680
- C:\Windows\System32\UbKGCxx.exe
  C:\Windows\System32\UbKGCxx.exe
  2⤵
  PID:1016
- C:\Windows\System32\BtxBIqa.exe
  C:\Windows\System32\BtxBIqa.exe
  2⤵
  PID:2360
- C:\Windows\System32\HcngKfF.exe
  C:\Windows\System32\HcngKfF.exe
  2⤵
  PID:5144
- C:\Windows\System32\JjaxTBq.exe
  C:\Windows\System32\JjaxTBq.exe
  2⤵
  PID:4212
- C:\Windows\System32\nvsUlwj.exe
  C:\Windows\System32\nvsUlwj.exe
  2⤵
  PID:5540
- C:\Windows\System32\zlQJDjf.exe
  C:\Windows\System32\zlQJDjf.exe
  2⤵
  PID:2660
- C:\Windows\System32\OvuvQTT.exe
  C:\Windows\System32\OvuvQTT.exe
  2⤵
  PID:5716
- C:\Windows\System32\RvsJitl.exe
  C:\Windows\System32\RvsJitl.exe
  2⤵
  PID:4496
- C:\Windows\System32\eZJmbNc.exe
  C:\Windows\System32\eZJmbNc.exe
  2⤵
  PID:840
- C:\Windows\System32\PwZlPVh.exe
  C:\Windows\System32\PwZlPVh.exe
  2⤵
  PID:6080
- C:\Windows\System32\dZGQCWj.exe
  C:\Windows\System32\dZGQCWj.exe
  2⤵
  PID:4960
- C:\Windows\System32\XHnCqsE.exe
  C:\Windows\System32\XHnCqsE.exe
  2⤵
  PID:2892
- C:\Windows\System32\QMZigwn.exe
  C:\Windows\System32\QMZigwn.exe
  2⤵
  PID:2708
- C:\Windows\System32\MHNHwoV.exe
  C:\Windows\System32\MHNHwoV.exe
  2⤵
  PID:5260
- C:\Windows\System32\lOaQkrr.exe
  C:\Windows\System32\lOaQkrr.exe
  2⤵
  PID:5452
- C:\Windows\System32\WYFWVZe.exe
  C:\Windows\System32\WYFWVZe.exe
  2⤵
  PID:3860
- C:\Windows\System32\oOYNMak.exe
  C:\Windows\System32\oOYNMak.exe
  2⤵
  PID:6044
- C:\Windows\System32\xXumNlN.exe
  C:\Windows\System32\xXumNlN.exe
  2⤵
  PID:3476
- C:\Windows\System32\MZKeaxZ.exe
  C:\Windows\System32\MZKeaxZ.exe
  2⤵
  PID:5604
- C:\Windows\System32\ucEsWUi.exe
  C:\Windows\System32\ucEsWUi.exe
  2⤵
  PID:5912
- C:\Windows\System32\lTzTHXv.exe
  C:\Windows\System32\lTzTHXv.exe
  2⤵
  PID:4900
- C:\Windows\System32\UtPphmz.exe
  C:\Windows\System32\UtPphmz.exe
  2⤵
  PID:6156
- C:\Windows\System32\zjuQnaW.exe
  C:\Windows\System32\zjuQnaW.exe
  2⤵
  PID:6172
- C:\Windows\System32\AtEgGSq.exe
  C:\Windows\System32\AtEgGSq.exe
  2⤵
  PID:6208
- C:\Windows\System32\OrQicRP.exe
  C:\Windows\System32\OrQicRP.exe
  2⤵
  PID:6224
- C:\Windows\System32\DptLseJ.exe
  C:\Windows\System32\DptLseJ.exe
  2⤵
  PID:6252
- C:\Windows\System32\HSlZZdr.exe
  C:\Windows\System32\HSlZZdr.exe
  2⤵
  PID:6272
- C:\Windows\System32\XehHavk.exe
  C:\Windows\System32\XehHavk.exe
  2⤵
  PID:6292
- C:\Windows\System32\XmgUAxY.exe
  C:\Windows\System32\XmgUAxY.exe
  2⤵
  PID:6316
- C:\Windows\System32\FGblYbF.exe
  C:\Windows\System32\FGblYbF.exe
  2⤵
  PID:6404
- C:\Windows\System32\lSMxmaM.exe
  C:\Windows\System32\lSMxmaM.exe
  2⤵
  PID:6436
- C:\Windows\System32\IhWxSuV.exe
  C:\Windows\System32\IhWxSuV.exe
  2⤵
  PID:6456
- C:\Windows\System32\keajgOQ.exe
  C:\Windows\System32\keajgOQ.exe
  2⤵
  PID:6476
- C:\Windows\System32\ulAdxng.exe
  C:\Windows\System32\ulAdxng.exe
  2⤵
  PID:6496
- C:\Windows\System32\VSbkfGI.exe
  C:\Windows\System32\VSbkfGI.exe
  2⤵
  PID:6524
- C:\Windows\System32\izTYeyv.exe
  C:\Windows\System32\izTYeyv.exe
  2⤵
  PID:6548
- C:\Windows\System32\ytScmtn.exe
  C:\Windows\System32\ytScmtn.exe
  2⤵
  PID:6596
- C:\Windows\System32\TIeciSq.exe
  C:\Windows\System32\TIeciSq.exe
  2⤵
  PID:6616
- C:\Windows\System32\jymkQJV.exe
  C:\Windows\System32\jymkQJV.exe
  2⤵
  PID:6632
- C:\Windows\System32\NuIEhcd.exe
  C:\Windows\System32\NuIEhcd.exe
  2⤵
  PID:6664
- C:\Windows\System32\SZsuISW.exe
  C:\Windows\System32\SZsuISW.exe
  2⤵
  PID:6720
- C:\Windows\System32\Hutmwmu.exe
  C:\Windows\System32\Hutmwmu.exe
  2⤵
  PID:6764
- C:\Windows\System32\SakFtkM.exe
  C:\Windows\System32\SakFtkM.exe
  2⤵
  PID:6796
- C:\Windows\System32\RmpHqOE.exe
  C:\Windows\System32\RmpHqOE.exe
  2⤵
  PID:6816
- C:\Windows\System32\BbcBCLO.exe
  C:\Windows\System32\BbcBCLO.exe
  2⤵
  PID:6852
- C:\Windows\System32\EumlVUa.exe
  C:\Windows\System32\EumlVUa.exe
  2⤵
  PID:6876
- C:\Windows\System32\cWxcvYX.exe
  C:\Windows\System32\cWxcvYX.exe
  2⤵
  PID:6900
- C:\Windows\System32\xCfzWHU.exe
  C:\Windows\System32\xCfzWHU.exe
  2⤵
  PID:6924
- C:\Windows\System32\jTEfDhK.exe
  C:\Windows\System32\jTEfDhK.exe
  2⤵
  PID:6948
- C:\Windows\System32\QhGNRzy.exe
  C:\Windows\System32\QhGNRzy.exe
  2⤵
  PID:6964
- C:\Windows\System32\pWNzLAz.exe
  C:\Windows\System32\pWNzLAz.exe
  2⤵
  PID:6988
- C:\Windows\System32\epySknX.exe
  C:\Windows\System32\epySknX.exe
  2⤵
  PID:7032
- C:\Windows\System32\AyuJdlj.exe
  C:\Windows\System32\AyuJdlj.exe
  2⤵
  PID:7056
- C:\Windows\System32\lutWCod.exe
  C:\Windows\System32\lutWCod.exe
  2⤵
  PID:7084
- C:\Windows\System32\vqeyfsw.exe
  C:\Windows\System32\vqeyfsw.exe
  2⤵
  PID:7100
- C:\Windows\System32\ttcyXJy.exe
  C:\Windows\System32\ttcyXJy.exe
  2⤵
  PID:7120
- C:\Windows\System32\fAIOfHC.exe
  C:\Windows\System32\fAIOfHC.exe
  2⤵
  PID:5652
- C:\Windows\System32\fIjqOIL.exe
  C:\Windows\System32\fIjqOIL.exe
  2⤵
  PID:5688
- C:\Windows\System32\IYzAsNC.exe
  C:\Windows\System32\IYzAsNC.exe
  2⤵
  PID:6164
- C:\Windows\System32\TEHeNks.exe
  C:\Windows\System32\TEHeNks.exe
  2⤵
  PID:6152
- C:\Windows\System32\zucjorf.exe
  C:\Windows\System32\zucjorf.exe
  2⤵
  PID:6232
- C:\Windows\System32\VmlmiDK.exe
  C:\Windows\System32\VmlmiDK.exe
  2⤵
  PID:6264
- C:\Windows\System32\xvPHjUP.exe
  C:\Windows\System32\xvPHjUP.exe
  2⤵
  PID:6324
- C:\Windows\System32\WMfKadF.exe
  C:\Windows\System32\WMfKadF.exe
  2⤵
  PID:6428
- C:\Windows\System32\OPtVOlt.exe
  C:\Windows\System32\OPtVOlt.exe
  2⤵
  PID:6468
- C:\Windows\System32\LvLmUhI.exe
  C:\Windows\System32\LvLmUhI.exe
  2⤵
  PID:6532
- C:\Windows\System32\XueNhEm.exe
  C:\Windows\System32\XueNhEm.exe
  2⤵
  PID:6560
- C:\Windows\System32\xzSaMsJ.exe
  C:\Windows\System32\xzSaMsJ.exe
  2⤵
  PID:6672
- C:\Windows\System32\rRKUcLj.exe
  C:\Windows\System32\rRKUcLj.exe
  2⤵
  PID:6700
- C:\Windows\System32\LLppvWX.exe
  C:\Windows\System32\LLppvWX.exe
  2⤵
  PID:6760
- C:\Windows\System32\alQBIEs.exe
  C:\Windows\System32\alQBIEs.exe
  2⤵
  PID:6824
- C:\Windows\System32\XLpzYMu.exe
  C:\Windows\System32\XLpzYMu.exe
  2⤵
  PID:6908
- C:\Windows\System32\HVkOsFT.exe
  C:\Windows\System32\HVkOsFT.exe
  2⤵
  PID:6980
- C:\Windows\System32\ytgihYk.exe
  C:\Windows\System32\ytgihYk.exe
  2⤵
  PID:6996
- C:\Windows\System32\wGnWePc.exe
  C:\Windows\System32\wGnWePc.exe
  2⤵
  PID:7064
- C:\Windows\System32\lZiczJp.exe
  C:\Windows\System32\lZiczJp.exe
  2⤵
  PID:3872
- C:\Windows\System32\fQlXVtg.exe
  C:\Windows\System32\fQlXVtg.exe
  2⤵
  PID:1616
- C:\Windows\System32\ThqIgXl.exe
  C:\Windows\System32\ThqIgXl.exe
  2⤵
  PID:6300
- C:\Windows\System32\bnZNQTK.exe
  C:\Windows\System32\bnZNQTK.exe
  2⤵
  PID:6452
- C:\Windows\System32\DzHFDUD.exe
  C:\Windows\System32\DzHFDUD.exe
  2⤵
  PID:6652
- C:\Windows\System32\TcIcgsz.exe
  C:\Windows\System32\TcIcgsz.exe
  2⤵
  PID:6644
- C:\Windows\System32\NmjTNZc.exe
  C:\Windows\System32\NmjTNZc.exe
  2⤵
  PID:6836
- C:\Windows\System32\oftBEXY.exe
  C:\Windows\System32\oftBEXY.exe
  2⤵
  PID:7008
- C:\Windows\System32\OEvhEQH.exe
  C:\Windows\System32\OEvhEQH.exe
  2⤵
  PID:7068
- C:\Windows\System32\voPBFiL.exe
  C:\Windows\System32\voPBFiL.exe
  2⤵
  PID:5464
- C:\Windows\System32\zyGbSMp.exe
  C:\Windows\System32\zyGbSMp.exe
  2⤵
  PID:5372
- C:\Windows\System32\XbHeCtu.exe
  C:\Windows\System32\XbHeCtu.exe
  2⤵
  PID:6956
- C:\Windows\System32\EfXLJQc.exe
  C:\Windows\System32\EfXLJQc.exe
  2⤵
  PID:7160
- C:\Windows\System32\jnEFzxu.exe
  C:\Windows\System32\jnEFzxu.exe
  2⤵
  PID:6268
- C:\Windows\System32\rSKeits.exe
  C:\Windows\System32\rSKeits.exe
  2⤵
  PID:6628
- C:\Windows\System32\bwrzAXH.exe
  C:\Windows\System32\bwrzAXH.exe
  2⤵
  PID:7184
- C:\Windows\System32\NhfWkRM.exe
  C:\Windows\System32\NhfWkRM.exe
  2⤵
  PID:7260
- C:\Windows\System32\CMVPhhY.exe
  C:\Windows\System32\CMVPhhY.exe
  2⤵
  PID:7276
- C:\Windows\System32\eWnrska.exe
  C:\Windows\System32\eWnrska.exe
  2⤵
  PID:7292
- C:\Windows\System32\HyETZhO.exe
  C:\Windows\System32\HyETZhO.exe
  2⤵
  PID:7336
- C:\Windows\System32\QnIiZIg.exe
  C:\Windows\System32\QnIiZIg.exe
  2⤵
  PID:7360
- C:\Windows\System32\GSKEhbJ.exe
  C:\Windows\System32\GSKEhbJ.exe
  2⤵
  PID:7392
- C:\Windows\System32\COxEZWv.exe
  C:\Windows\System32\COxEZWv.exe
  2⤵
  PID:7424
- C:\Windows\System32\UFBAFmt.exe
  C:\Windows\System32\UFBAFmt.exe
  2⤵
  PID:7448
- C:\Windows\System32\GyLnDlP.exe
  C:\Windows\System32\GyLnDlP.exe
  2⤵
  PID:7472
- C:\Windows\System32\PcGnHmV.exe
  C:\Windows\System32\PcGnHmV.exe
  2⤵
  PID:7500
- C:\Windows\System32\PKcKCCX.exe
  C:\Windows\System32\PKcKCCX.exe
  2⤵
  PID:7524
- C:\Windows\System32\QJJVWYh.exe
  C:\Windows\System32\QJJVWYh.exe
  2⤵
  PID:7556
- C:\Windows\System32\aMjaaSW.exe
  C:\Windows\System32\aMjaaSW.exe
  2⤵
  PID:7576
- C:\Windows\System32\UXSzAlR.exe
  C:\Windows\System32\UXSzAlR.exe
  2⤵
  PID:7612
- C:\Windows\System32\TVaZIjo.exe
  C:\Windows\System32\TVaZIjo.exe
  2⤵
  PID:7660
- C:\Windows\System32\RfdZRuX.exe
  C:\Windows\System32\RfdZRuX.exe
  2⤵
  PID:7684
- C:\Windows\System32\cYJhcVP.exe
  C:\Windows\System32\cYJhcVP.exe
  2⤵
  PID:7700
- C:\Windows\System32\Wqofcrs.exe
  C:\Windows\System32\Wqofcrs.exe
  2⤵
  PID:7720
- C:\Windows\System32\haKeINO.exe
  C:\Windows\System32\haKeINO.exe
  2⤵
  PID:7744
- C:\Windows\System32\dysOaAT.exe
  C:\Windows\System32\dysOaAT.exe
  2⤵
  PID:7764
- C:\Windows\System32\KtqUlkL.exe
  C:\Windows\System32\KtqUlkL.exe
  2⤵
  PID:7800
- C:\Windows\System32\uRdooLX.exe
  C:\Windows\System32\uRdooLX.exe
  2⤵
  PID:7820
- C:\Windows\System32\DGhPOqK.exe
  C:\Windows\System32\DGhPOqK.exe
  2⤵
  PID:7856
- C:\Windows\System32\cBzvsYe.exe
  C:\Windows\System32\cBzvsYe.exe
  2⤵
  PID:7876
- C:\Windows\System32\cUtwqfl.exe
  C:\Windows\System32\cUtwqfl.exe
  2⤵
  PID:7900
- C:\Windows\System32\asQeRyq.exe
  C:\Windows\System32\asQeRyq.exe
  2⤵
  PID:7952
- C:\Windows\System32\QTSmYvR.exe
  C:\Windows\System32\QTSmYvR.exe
  2⤵
  PID:7972
- C:\Windows\System32\TOlfjxT.exe
  C:\Windows\System32\TOlfjxT.exe
  2⤵
  PID:8008
- C:\Windows\System32\bkWagmY.exe
  C:\Windows\System32\bkWagmY.exe
  2⤵
  PID:8028
- C:\Windows\System32\KGOldPs.exe
  C:\Windows\System32\KGOldPs.exe
  2⤵
  PID:8052
- C:\Windows\System32\MuZEKIp.exe
  C:\Windows\System32\MuZEKIp.exe
  2⤵
  PID:8072
- C:\Windows\System32\kuVEQAt.exe
  C:\Windows\System32\kuVEQAt.exe
  2⤵
  PID:8104
- C:\Windows\System32\HcjQmtq.exe
  C:\Windows\System32\HcjQmtq.exe
  2⤵
  PID:8124
- C:\Windows\System32\kYZXFig.exe
  C:\Windows\System32\kYZXFig.exe
  2⤵
  PID:8144
- C:\Windows\System32\scnldni.exe
  C:\Windows\System32\scnldni.exe
  2⤵
  PID:8168
- C:\Windows\System32\OxXWKPF.exe
  C:\Windows\System32\OxXWKPF.exe
  2⤵
  PID:8188
- C:\Windows\System32\KORdLIG.exe
  C:\Windows\System32\KORdLIG.exe
  2⤵
  PID:7232
- C:\Windows\System32\IoxcdTb.exe
  C:\Windows\System32\IoxcdTb.exe
  2⤵
  PID:7208
- C:\Windows\System32\SXDWjwn.exe
  C:\Windows\System32\SXDWjwn.exe
  2⤵
  PID:7284
- C:\Windows\System32\nnXqqrl.exe
  C:\Windows\System32\nnXqqrl.exe
  2⤵
  PID:7344
- C:\Windows\System32\Akiqhqa.exe
  C:\Windows\System32\Akiqhqa.exe
  2⤵
  PID:7432
- C:\Windows\System32\uYMqChY.exe
  C:\Windows\System32\uYMqChY.exe
  2⤵
  PID:7468
- C:\Windows\System32\TdziliG.exe
  C:\Windows\System32\TdziliG.exe
  2⤵
  PID:7588
- C:\Windows\System32\YVNAlsr.exe
  C:\Windows\System32\YVNAlsr.exe
  2⤵
  PID:7784
- C:\Windows\System32\RiTtUJm.exe
  C:\Windows\System32\RiTtUJm.exe
  2⤵
  PID:7812
- C:\Windows\System32\HFRHbrO.exe
  C:\Windows\System32\HFRHbrO.exe
  2⤵
  PID:7868
- C:\Windows\System32\XInxkGQ.exe
  C:\Windows\System32\XInxkGQ.exe
  2⤵
  PID:7992
- C:\Windows\System32\HrooHmY.exe
  C:\Windows\System32\HrooHmY.exe
  2⤵
  PID:8036
- C:\Windows\System32\mgTNrSL.exe
  C:\Windows\System32\mgTNrSL.exe
  2⤵
  PID:8040
- C:\Windows\System32\PyZubmL.exe
  C:\Windows\System32\PyZubmL.exe
  2⤵
  PID:8120
- C:\Windows\System32\tqtWZHs.exe
  C:\Windows\System32\tqtWZHs.exe
  2⤵
  PID:7328
- C:\Windows\System32\rjnczUi.exe
  C:\Windows\System32\rjnczUi.exe
  2⤵
  PID:7376
- C:\Windows\System32\MBmFDtA.exe
  C:\Windows\System32\MBmFDtA.exe
  2⤵
  PID:7568
- C:\Windows\System32\qNVvjHu.exe
  C:\Windows\System32\qNVvjHu.exe
  2⤵
  PID:7508
- C:\Windows\System32\vuKmqMx.exe
  C:\Windows\System32\vuKmqMx.exe
  2⤵
  PID:7836
- C:\Windows\System32\RwilbOT.exe
  C:\Windows\System32\RwilbOT.exe
  2⤵
  PID:7980
- C:\Windows\System32\fquMunZ.exe
  C:\Windows\System32\fquMunZ.exe
  2⤵
  PID:8116
- C:\Windows\System32\WLSlcIQ.exe
  C:\Windows\System32\WLSlcIQ.exe
  2⤵
  PID:7268
- C:\Windows\System32\OnXSSop.exe
  C:\Windows\System32\OnXSSop.exe
  2⤵
  PID:7412
- C:\Windows\System32\oYYqgQj.exe
  C:\Windows\System32\oYYqgQj.exe
  2⤵
  PID:8084
- C:\Windows\System32\JkoXSjR.exe
  C:\Windows\System32\JkoXSjR.exe
  2⤵
  PID:8200
- C:\Windows\System32\oDIYRoD.exe
  C:\Windows\System32\oDIYRoD.exe
  2⤵
  PID:8244
- C:\Windows\System32\OpaURDR.exe
  C:\Windows\System32\OpaURDR.exe
  2⤵
  PID:8268
- C:\Windows\System32\rWxuEDP.exe
  C:\Windows\System32\rWxuEDP.exe
  2⤵
  PID:8304
- C:\Windows\System32\ReAwOUg.exe
  C:\Windows\System32\ReAwOUg.exe
  2⤵
  PID:8328
- C:\Windows\System32\votsKRu.exe
  C:\Windows\System32\votsKRu.exe
  2⤵
  PID:8348
- C:\Windows\System32\fyIaOqW.exe
  C:\Windows\System32\fyIaOqW.exe
  2⤵
  PID:8372
- C:\Windows\System32\vcbgXRV.exe
  C:\Windows\System32\vcbgXRV.exe
  2⤵
  PID:8400
- C:\Windows\System32\sxSYrtS.exe
  C:\Windows\System32\sxSYrtS.exe
  2⤵
  PID:8424
- C:\Windows\System32\UDKKpGG.exe
  C:\Windows\System32\UDKKpGG.exe
  2⤵
  PID:8444
- C:\Windows\System32\hcJlUMq.exe
  C:\Windows\System32\hcJlUMq.exe
  2⤵
  PID:8472
- C:\Windows\System32\SkkWhDY.exe
  C:\Windows\System32\SkkWhDY.exe
  2⤵
  PID:8496
- C:\Windows\System32\wqujoPY.exe
  C:\Windows\System32\wqujoPY.exe
  2⤵
  PID:8520
- C:\Windows\System32\uhdgTCN.exe
  C:\Windows\System32\uhdgTCN.exe
  2⤵
  PID:8548
- C:\Windows\System32\DcuxJLQ.exe
  C:\Windows\System32\DcuxJLQ.exe
  2⤵
  PID:8576
- C:\Windows\System32\PqDQFCP.exe
  C:\Windows\System32\PqDQFCP.exe
  2⤵
  PID:8592
- C:\Windows\System32\GZUNBae.exe
  C:\Windows\System32\GZUNBae.exe
  2⤵
  PID:8612
- C:\Windows\System32\HlpPWqD.exe
  C:\Windows\System32\HlpPWqD.exe
  2⤵
  PID:8660
- C:\Windows\System32\hZKIkLe.exe
  C:\Windows\System32\hZKIkLe.exe
  2⤵
  PID:8680
- C:\Windows\System32\RMTWHKA.exe
  C:\Windows\System32\RMTWHKA.exe
  2⤵
  PID:8708
- C:\Windows\System32\qZMdLLI.exe
  C:\Windows\System32\qZMdLLI.exe
  2⤵
  PID:8764
- C:\Windows\System32\diYcaoq.exe
  C:\Windows\System32\diYcaoq.exe
  2⤵
  PID:8780
- C:\Windows\System32\tqvMtYc.exe
  C:\Windows\System32\tqvMtYc.exe
  2⤵
  PID:8800
- C:\Windows\System32\ooyaqtv.exe
  C:\Windows\System32\ooyaqtv.exe
  2⤵
  PID:8840
- C:\Windows\System32\TsdyWxV.exe
  C:\Windows\System32\TsdyWxV.exe
  2⤵
  PID:8864
- C:\Windows\System32\tpmhkcL.exe
  C:\Windows\System32\tpmhkcL.exe
  2⤵
  PID:8908
- C:\Windows\System32\oJwEiag.exe
  C:\Windows\System32\oJwEiag.exe
  2⤵
  PID:8936
- C:\Windows\System32\iQSIaeg.exe
  C:\Windows\System32\iQSIaeg.exe
  2⤵
  PID:8960
- C:\Windows\System32\lNqkwKv.exe
  C:\Windows\System32\lNqkwKv.exe
  2⤵
  PID:8976
- C:\Windows\System32\rIBSmyK.exe
  C:\Windows\System32\rIBSmyK.exe
  2⤵
  PID:8996
- C:\Windows\System32\DUTzUXH.exe
  C:\Windows\System32\DUTzUXH.exe
  2⤵
  PID:9036
- C:\Windows\System32\uYgzMNm.exe
  C:\Windows\System32\uYgzMNm.exe
  2⤵
  PID:9060
- C:\Windows\System32\JXBeoIl.exe
  C:\Windows\System32\JXBeoIl.exe
  2⤵
  PID:9116
- C:\Windows\System32\VbexWod.exe
  C:\Windows\System32\VbexWod.exe
  2⤵
  PID:9148
- C:\Windows\System32\rabJOUQ.exe
  C:\Windows\System32\rabJOUQ.exe
  2⤵
  PID:9184
- C:\Windows\System32\RcUBetW.exe
  C:\Windows\System32\RcUBetW.exe
  2⤵
  PID:9204
- C:\Windows\System32\AGeNupR.exe
  C:\Windows\System32\AGeNupR.exe
  2⤵
  PID:7484
- C:\Windows\System32\MyhqquO.exe
  C:\Windows\System32\MyhqquO.exe
  2⤵
  PID:8236
- C:\Windows\System32\DluwrEt.exe
  C:\Windows\System32\DluwrEt.exe
  2⤵
  PID:8292
- C:\Windows\System32\yCJAQSl.exe
  C:\Windows\System32\yCJAQSl.exe
  2⤵
  PID:8340
- C:\Windows\System32\CwQmSCR.exe
  C:\Windows\System32\CwQmSCR.exe
  2⤵
  PID:8380
- C:\Windows\System32\yPxsirx.exe
  C:\Windows\System32\yPxsirx.exe
  2⤵
  PID:8416
- C:\Windows\System32\jAndbPE.exe
  C:\Windows\System32\jAndbPE.exe
  2⤵
  PID:8588
- C:\Windows\System32\cEocWfc.exe
  C:\Windows\System32\cEocWfc.exe
  2⤵
  PID:8564
- C:\Windows\System32\VvIcukb.exe
  C:\Windows\System32\VvIcukb.exe
  2⤵
  PID:8688
- C:\Windows\System32\aCFypAq.exe
  C:\Windows\System32\aCFypAq.exe
  2⤵
  PID:8676
- C:\Windows\System32\TDRfUII.exe
  C:\Windows\System32\TDRfUII.exe
  2⤵
  PID:8772
- C:\Windows\System32\BfJPykX.exe
  C:\Windows\System32\BfJPykX.exe
  2⤵
  PID:8880
- C:\Windows\System32\zovQSoW.exe
  C:\Windows\System32\zovQSoW.exe
  2⤵
  PID:8972
- C:\Windows\System32\MVXgsrA.exe
  C:\Windows\System32\MVXgsrA.exe
  2⤵
  PID:8948
- C:\Windows\System32\FVweihO.exe
  C:\Windows\System32\FVweihO.exe
  2⤵
  PID:9016
- C:\Windows\System32\mMyPemj.exe
  C:\Windows\System32\mMyPemj.exe
  2⤵
  PID:9136
- C:\Windows\System32\xpUFvCS.exe
  C:\Windows\System32\xpUFvCS.exe
  2⤵
  PID:9192
- C:\Windows\System32\FRENtay.exe
  C:\Windows\System32\FRENtay.exe
  2⤵
  PID:7936
- C:\Windows\System32\MsYppBW.exe
  C:\Windows\System32\MsYppBW.exe
  2⤵
  PID:8364
- C:\Windows\System32\JMthTXq.exe
  C:\Windows\System32\JMthTXq.exe
  2⤵
  PID:8532
- C:\Windows\System32\pQPBKEn.exe
  C:\Windows\System32\pQPBKEn.exe
  2⤵
  PID:8792
- C:\Windows\System32\pyfrzsj.exe
  C:\Windows\System32\pyfrzsj.exe
  2⤵
  PID:8700
- C:\Windows\System32\TfcwbkD.exe
  C:\Windows\System32\TfcwbkD.exe
  2⤵
  PID:8904
- C:\Windows\System32\thwShjN.exe
  C:\Windows\System32\thwShjN.exe
  2⤵
  PID:9088
- C:\Windows\System32\ixDaUqQ.exe
  C:\Windows\System32\ixDaUqQ.exe
  2⤵
  PID:8024
- C:\Windows\System32\IcxQvOb.exe
  C:\Windows\System32\IcxQvOb.exe
  2⤵
  PID:8776
- C:\Windows\System32\ZrdRDxx.exe
  C:\Windows\System32\ZrdRDxx.exe
  2⤵
  PID:8808
- C:\Windows\System32\AjQODWZ.exe
  C:\Windows\System32\AjQODWZ.exe
  2⤵
  PID:8620
- C:\Windows\System32\hYunAIm.exe
  C:\Windows\System32\hYunAIm.exe
  2⤵
  PID:9224
- C:\Windows\System32\hzfNEkY.exe
  C:\Windows\System32\hzfNEkY.exe
  2⤵
  PID:9240
- C:\Windows\System32\ithMbdG.exe
  C:\Windows\System32\ithMbdG.exe
  2⤵
  PID:9276
- C:\Windows\System32\AMRZTRi.exe
  C:\Windows\System32\AMRZTRi.exe
  2⤵
  PID:9296
- C:\Windows\System32\PUMIJqZ.exe
  C:\Windows\System32\PUMIJqZ.exe
  2⤵
  PID:9316
- C:\Windows\System32\GWtUnEp.exe
  C:\Windows\System32\GWtUnEp.exe
  2⤵
  PID:9348
- C:\Windows\System32\ThairLR.exe
  C:\Windows\System32\ThairLR.exe
  2⤵
  PID:9388
- C:\Windows\System32\VbhrafJ.exe
  C:\Windows\System32\VbhrafJ.exe
  2⤵
  PID:9408
- C:\Windows\System32\YyuXDLI.exe
  C:\Windows\System32\YyuXDLI.exe
  2⤵
  PID:9432
- C:\Windows\System32\mmvcfGN.exe
  C:\Windows\System32\mmvcfGN.exe
  2⤵
  PID:9448
- C:\Windows\System32\hloNsjf.exe
  C:\Windows\System32\hloNsjf.exe
  2⤵
  PID:9488
- C:\Windows\System32\FLUAkHv.exe
  C:\Windows\System32\FLUAkHv.exe
  2⤵
  PID:9508
- C:\Windows\System32\QoQrddP.exe
  C:\Windows\System32\QoQrddP.exe
  2⤵
  PID:9528
- C:\Windows\System32\MnDgoCB.exe
  C:\Windows\System32\MnDgoCB.exe
  2⤵
  PID:9544
- C:\Windows\System32\blVdWhg.exe
  C:\Windows\System32\blVdWhg.exe
  2⤵
  PID:9568
- C:\Windows\System32\tspCokZ.exe
  C:\Windows\System32\tspCokZ.exe
  2⤵
  PID:9624
- C:\Windows\System32\iRmoHYB.exe
  C:\Windows\System32\iRmoHYB.exe
  2⤵
  PID:9644
- C:\Windows\System32\OmRpWsU.exe
  C:\Windows\System32\OmRpWsU.exe
  2⤵
  PID:9664
- C:\Windows\System32\tWFppLG.exe
  C:\Windows\System32\tWFppLG.exe
  2⤵
  PID:9688
- C:\Windows\System32\wUSHQvl.exe
  C:\Windows\System32\wUSHQvl.exe
  2⤵
  PID:9712
- C:\Windows\System32\GuiQhdF.exe
  C:\Windows\System32\GuiQhdF.exe
  2⤵
  PID:9776
- C:\Windows\System32\vESQEoO.exe
  C:\Windows\System32\vESQEoO.exe
  2⤵
  PID:9812
- C:\Windows\System32\OdBnkle.exe
  C:\Windows\System32\OdBnkle.exe
  2⤵
  PID:9828
- C:\Windows\System32\JIrtaIg.exe
  C:\Windows\System32\JIrtaIg.exe
  2⤵
  PID:9860
- C:\Windows\System32\ouSVWFG.exe
  C:\Windows\System32\ouSVWFG.exe
  2⤵
  PID:9876
- C:\Windows\System32\BmdYZRm.exe
  C:\Windows\System32\BmdYZRm.exe
  2⤵
  PID:9916
- C:\Windows\System32\vxikrte.exe
  C:\Windows\System32\vxikrte.exe
  2⤵
  PID:9976
- C:\Windows\System32\JnzpDGZ.exe
  C:\Windows\System32\JnzpDGZ.exe
  2⤵
  PID:9996
- C:\Windows\System32\XvTUXkL.exe
  C:\Windows\System32\XvTUXkL.exe
  2⤵
  PID:10064
- C:\Windows\System32\iKtozan.exe
  C:\Windows\System32\iKtozan.exe
  2⤵
  PID:10092
- C:\Windows\System32\qweBPlA.exe
  C:\Windows\System32\qweBPlA.exe
  2⤵
  PID:10124
- C:\Windows\System32\jMBmVBH.exe
  C:\Windows\System32\jMBmVBH.exe
  2⤵
  PID:10160
- C:\Windows\System32\IdhiCUE.exe
  C:\Windows\System32\IdhiCUE.exe
  2⤵
  PID:10192
- C:\Windows\System32\wFiyQnx.exe
  C:\Windows\System32\wFiyQnx.exe
  2⤵
  PID:10212
- C:\Windows\System32\FWTNbkQ.exe
  C:\Windows\System32\FWTNbkQ.exe
  2⤵
  PID:9268
- C:\Windows\System32\tSYuywa.exe
  C:\Windows\System32\tSYuywa.exe
  2⤵
  PID:9308
- C:\Windows\System32\XBQlfZZ.exe
  C:\Windows\System32\XBQlfZZ.exe
  2⤵
  PID:9396
- C:\Windows\System32\qrsPzJB.exe
  C:\Windows\System32\qrsPzJB.exe
  2⤵
  PID:9416
- C:\Windows\System32\pCnAmDo.exe
  C:\Windows\System32\pCnAmDo.exe
  2⤵
  PID:9540
- C:\Windows\System32\zwnJXJN.exe
  C:\Windows\System32\zwnJXJN.exe
  2⤵
  PID:9640
- C:\Windows\System32\OZYHbtY.exe
  C:\Windows\System32\OZYHbtY.exe
  2⤵
  PID:9596
- C:\Windows\System32\wTPxBom.exe
  C:\Windows\System32\wTPxBom.exe
  2⤵
  PID:9720
- C:\Windows\System32\jrBCXVx.exe
  C:\Windows\System32\jrBCXVx.exe
  2⤵
  PID:9788
- C:\Windows\System32\EhTSPJP.exe
  C:\Windows\System32\EhTSPJP.exe
  2⤵
  PID:9764
- C:\Windows\System32\gcyoUdq.exe
  C:\Windows\System32\gcyoUdq.exe
  2⤵
  PID:9784
- C:\Windows\System32\scIhARp.exe
  C:\Windows\System32\scIhARp.exe
  2⤵
  PID:9852
- C:\Windows\System32\fgVpCHS.exe
  C:\Windows\System32\fgVpCHS.exe
  2⤵
  PID:9972
- C:\Windows\System32\vOMUrAk.exe
  C:\Windows\System32\vOMUrAk.exe
  2⤵
  PID:10100
- C:\Windows\System32\uvXgfQo.exe
  C:\Windows\System32\uvXgfQo.exe
  2⤵
  PID:10144
- C:\Windows\System32\pgRKHAd.exe
  C:\Windows\System32\pgRKHAd.exe
  2⤵
  PID:9292
- C:\Windows\System32\qHYPFWQ.exe
  C:\Windows\System32\qHYPFWQ.exe
  2⤵
  PID:9288
- C:\Windows\System32\mEWrgEZ.exe
  C:\Windows\System32\mEWrgEZ.exe
  2⤵
  PID:9560
- C:\Windows\System32\uEXfsOy.exe
  C:\Windows\System32\uEXfsOy.exe
  2⤵
  PID:9796
- C:\Windows\System32\myGJYKT.exe
  C:\Windows\System32\myGJYKT.exe
  2⤵
  PID:9760
- C:\Windows\System32\vZJAXQA.exe
  C:\Windows\System32\vZJAXQA.exe
  2⤵
  PID:10168
- C:\Windows\System32\BSiSqPI.exe
  C:\Windows\System32\BSiSqPI.exe
  2⤵
  PID:9464
- C:\Windows\System32\aOUuKEG.exe
  C:\Windows\System32\aOUuKEG.exe
  2⤵
  PID:10208
- C:\Windows\System32\AODgabM.exe
  C:\Windows\System32\AODgabM.exe
  2⤵
  PID:10020
- C:\Windows\System32\djmRvKB.exe
  C:\Windows\System32\djmRvKB.exe
  2⤵
  PID:9472
- C:\Windows\System32\GJPIRqx.exe
  C:\Windows\System32\GJPIRqx.exe
  2⤵
  PID:9892
- C:\Windows\System32\oKHajUQ.exe
  C:\Windows\System32\oKHajUQ.exe
  2⤵
  PID:9444
- C:\Windows\System32\oOGeKge.exe
  C:\Windows\System32\oOGeKge.exe
  2⤵
  PID:10256
- C:\Windows\System32\cHdFzcM.exe
  C:\Windows\System32\cHdFzcM.exe
  2⤵
  PID:10324
- C:\Windows\System32\uMToyct.exe
  C:\Windows\System32\uMToyct.exe
  2⤵
  PID:10348
- C:\Windows\System32\BdkwBvp.exe
  C:\Windows\System32\BdkwBvp.exe
  2⤵
  PID:10424
- C:\Windows\System32\SieGWVc.exe
  C:\Windows\System32\SieGWVc.exe
  2⤵
  PID:10456
- C:\Windows\System32\VvzTmKJ.exe
  C:\Windows\System32\VvzTmKJ.exe
  2⤵
  PID:10500
- C:\Windows\System32\YZGpsRk.exe
  C:\Windows\System32\YZGpsRk.exe
  2⤵
  PID:10516
- C:\Windows\System32\QMInPfE.exe
  C:\Windows\System32\QMInPfE.exe
  2⤵
  PID:10556
- C:\Windows\System32\rdkOgjs.exe
  C:\Windows\System32\rdkOgjs.exe
  2⤵
  PID:10576
- C:\Windows\System32\cAxmdwn.exe
  C:\Windows\System32\cAxmdwn.exe
  2⤵
  PID:10600
- C:\Windows\System32\iQjRway.exe
  C:\Windows\System32\iQjRway.exe
  2⤵
  PID:10632
- C:\Windows\System32\QjbGRnQ.exe
  C:\Windows\System32\QjbGRnQ.exe
  2⤵
  PID:10652
- C:\Windows\System32\cGOaLkf.exe
  C:\Windows\System32\cGOaLkf.exe
  2⤵
  PID:10680
- C:\Windows\System32\kWbngMh.exe
  C:\Windows\System32\kWbngMh.exe
  2⤵
  PID:10712
- C:\Windows\System32\nVlLswk.exe
  C:\Windows\System32\nVlLswk.exe
  2⤵
  PID:10768
- C:\Windows\System32\qfdRyaC.exe
  C:\Windows\System32\qfdRyaC.exe
  2⤵
  PID:10788
- C:\Windows\System32\IbMyBSP.exe
  C:\Windows\System32\IbMyBSP.exe
  2⤵
  PID:10812
- C:\Windows\System32\ruOZVmK.exe
  C:\Windows\System32\ruOZVmK.exe
  2⤵
  PID:10832
- C:\Windows\System32\IAOSrWV.exe
  C:\Windows\System32\IAOSrWV.exe
  2⤵
  PID:10880
- C:\Windows\System32\jlmESvP.exe
  C:\Windows\System32\jlmESvP.exe
  2⤵
  PID:10896
- C:\Windows\System32\WPvfokl.exe
  C:\Windows\System32\WPvfokl.exe
  2⤵
  PID:10924
- C:\Windows\System32\PZXglWH.exe
  C:\Windows\System32\PZXglWH.exe
  2⤵
  PID:10944
- C:\Windows\System32\voKdayx.exe
  C:\Windows\System32\voKdayx.exe
  2⤵
  PID:10960
- C:\Windows\System32\ceQCUPw.exe
  C:\Windows\System32\ceQCUPw.exe
  2⤵
  PID:10992
- C:\Windows\System32\eoDeHgM.exe
  C:\Windows\System32\eoDeHgM.exe
  2⤵
  PID:11012
- C:\Windows\System32\HToDhrL.exe
  C:\Windows\System32\HToDhrL.exe
  2⤵
  PID:11040
- C:\Windows\System32\cSIfZgv.exe
  C:\Windows\System32\cSIfZgv.exe
  2⤵
  PID:11060
- C:\Windows\System32\Jsoojyv.exe
  C:\Windows\System32\Jsoojyv.exe
  2⤵
  PID:11084
- C:\Windows\System32\gyZfJhY.exe
  C:\Windows\System32\gyZfJhY.exe
  2⤵
  PID:11100
- C:\Windows\System32\QzTyccR.exe
  C:\Windows\System32\QzTyccR.exe
  2⤵
  PID:11140
- C:\Windows\System32\oFsvCPa.exe
  C:\Windows\System32\oFsvCPa.exe
  2⤵
  PID:11184
- C:\Windows\System32\AvTVxrw.exe
  C:\Windows\System32\AvTVxrw.exe
  2⤵
  PID:11216
- C:\Windows\System32\TlQyUtF.exe
  C:\Windows\System32\TlQyUtF.exe
  2⤵
  PID:11232
- C:\Windows\System32\dAiLXxZ.exe
  C:\Windows\System32\dAiLXxZ.exe
  2⤵
  PID:10116
- C:\Windows\System32\SJJvOZd.exe
  C:\Windows\System32\SJJvOZd.exe
  2⤵
  PID:10308
- C:\Windows\System32\SfHbGOj.exe
  C:\Windows\System32\SfHbGOj.exe
  2⤵
  PID:10392
- C:\Windows\System32\TekfVnA.exe
  C:\Windows\System32\TekfVnA.exe
  2⤵
  PID:10400
- C:\Windows\System32\Fdbfssd.exe
  C:\Windows\System32\Fdbfssd.exe
  2⤵
  PID:10480
- C:\Windows\System32\uTOhwUq.exe
  C:\Windows\System32\uTOhwUq.exe
  2⤵
  PID:10548
- C:\Windows\System32\tKNPLNi.exe
  C:\Windows\System32\tKNPLNi.exe
  2⤵
  PID:10584
- C:\Windows\System32\jNnjQMq.exe
  C:\Windows\System32\jNnjQMq.exe
  2⤵
  PID:9940
- C:\Windows\System32\ATkhAbu.exe
  C:\Windows\System32\ATkhAbu.exe
  2⤵
  PID:10676
- C:\Windows\System32\jEMUWPL.exe
  C:\Windows\System32\jEMUWPL.exe
  2⤵
  PID:10692
- C:\Windows\System32\mKVEGhC.exe
  C:\Windows\System32\mKVEGhC.exe
  2⤵
  PID:10808
- C:\Windows\System32\nuXyCja.exe
  C:\Windows\System32\nuXyCja.exe
  2⤵
  PID:10852
- C:\Windows\System32\UDHGfqA.exe
  C:\Windows\System32\UDHGfqA.exe
  2⤵
  PID:10904
- C:\Windows\System32\dpTNrFw.exe
  C:\Windows\System32\dpTNrFw.exe
  2⤵
  PID:10968
- C:\Windows\System32\BaXEZTe.exe
  C:\Windows\System32\BaXEZTe.exe
  2⤵
  PID:10932
- C:\Windows\System32\Rtjzzfy.exe
  C:\Windows\System32\Rtjzzfy.exe
  2⤵
  PID:11080
- C:\Windows\System32\jhSrXAC.exe
  C:\Windows\System32\jhSrXAC.exe
  2⤵
  PID:11212
- C:\Windows\System32\cjGYsMf.exe
  C:\Windows\System32\cjGYsMf.exe
  2⤵
  PID:11224
- C:\Windows\System32\MFZoFem.exe
  C:\Windows\System32\MFZoFem.exe
  2⤵
  PID:9984
- C:\Windows\System32\LHBgAnJ.exe
  C:\Windows\System32\LHBgAnJ.exe
  2⤵
  PID:10416
- C:\Windows\System32\qfQqDMD.exe
  C:\Windows\System32\qfQqDMD.exe
  2⤵
  PID:10596
- C:\Windows\System32\ZwXvDkj.exe
  C:\Windows\System32\ZwXvDkj.exe
  2⤵
  PID:10796
- C:\Windows\System32\ZUicpVA.exe
  C:\Windows\System32\ZUicpVA.exe
  2⤵
  PID:10844
- C:\Windows\System32\pljxaSZ.exe
  C:\Windows\System32\pljxaSZ.exe
  2⤵
  PID:11092
- C:\Windows\System32\KFfccpI.exe
  C:\Windows\System32\KFfccpI.exe
  2⤵
  PID:11160
- C:\Windows\System32\fCiIays.exe
  C:\Windows\System32\fCiIays.exe
  2⤵
  PID:9824
- C:\Windows\System32\HPnQhmM.exe
  C:\Windows\System32\HPnQhmM.exe
  2⤵
  PID:10608
- C:\Windows\System32\gWndPPn.exe
  C:\Windows\System32\gWndPPn.exe
  2⤵
  PID:10828
- C:\Windows\System32\RMqpgVB.exe
  C:\Windows\System32\RMqpgVB.exe
  2⤵
  PID:9840
- C:\Windows\System32\eibWvGF.exe
  C:\Windows\System32\eibWvGF.exe
  2⤵
  PID:11272
- C:\Windows\System32\PxPFJPl.exe
  C:\Windows\System32\PxPFJPl.exe
  2⤵
  PID:11296
- C:\Windows\System32\vyPDZJv.exe
  C:\Windows\System32\vyPDZJv.exe
  2⤵
  PID:11324
- C:\Windows\System32\cvdaMQP.exe
  C:\Windows\System32\cvdaMQP.exe
  2⤵
  PID:11344
- C:\Windows\System32\OCxgBBJ.exe
  C:\Windows\System32\OCxgBBJ.exe
  2⤵
  PID:11380
- C:\Windows\System32\iEslkIz.exe
  C:\Windows\System32\iEslkIz.exe
  2⤵
  PID:11408
- C:\Windows\System32\fQCLaAH.exe
  C:\Windows\System32\fQCLaAH.exe
  2⤵
  PID:11428
- C:\Windows\System32\hGUJYsd.exe
  C:\Windows\System32\hGUJYsd.exe
  2⤵
  PID:11460
- C:\Windows\System32\JawBreZ.exe
  C:\Windows\System32\JawBreZ.exe
  2⤵
  PID:11488
- C:\Windows\System32\XGDpKNw.exe
  C:\Windows\System32\XGDpKNw.exe
  2⤵
  PID:11520
- C:\Windows\System32\eOxbaeO.exe
  C:\Windows\System32\eOxbaeO.exe
  2⤵
  PID:11536
- C:\Windows\System32\BeNHeEk.exe
  C:\Windows\System32\BeNHeEk.exe
  2⤵
  PID:11576
- C:\Windows\System32\tHkuXkB.exe
  C:\Windows\System32\tHkuXkB.exe
  2⤵
  PID:11596
- C:\Windows\System32\AclmxMI.exe
  C:\Windows\System32\AclmxMI.exe
  2⤵
  PID:11624
- C:\Windows\System32\bgeSqEx.exe
  C:\Windows\System32\bgeSqEx.exe
  2⤵
  PID:11652
- C:\Windows\System32\ZqQhEut.exe
  C:\Windows\System32\ZqQhEut.exe
  2⤵
  PID:11680
- C:\Windows\System32\aHEuvCJ.exe
  C:\Windows\System32\aHEuvCJ.exe
  2⤵
  PID:11700
- C:\Windows\System32\WESNgrb.exe
  C:\Windows\System32\WESNgrb.exe
  2⤵
  PID:11752
- C:\Windows\System32\lUNAStm.exe
  C:\Windows\System32\lUNAStm.exe
  2⤵
  PID:11788
- C:\Windows\System32\rTDdKHQ.exe
  C:\Windows\System32\rTDdKHQ.exe
  2⤵
  PID:11808
- C:\Windows\System32\GhVhWfu.exe
  C:\Windows\System32\GhVhWfu.exe
  2⤵
  PID:11832
- C:\Windows\System32\XtmRkPA.exe
  C:\Windows\System32\XtmRkPA.exe
  2⤵
  PID:11848
- C:\Windows\System32\BMFKcmN.exe
  C:\Windows\System32\BMFKcmN.exe
  2⤵
  PID:11868
- C:\Windows\System32\buwDeqp.exe
  C:\Windows\System32\buwDeqp.exe
  2⤵
  PID:11900
- C:\Windows\System32\fAUsHOQ.exe
  C:\Windows\System32\fAUsHOQ.exe
  2⤵
  PID:11924
- C:\Windows\System32\AboqLok.exe
  C:\Windows\System32\AboqLok.exe
  2⤵
  PID:11960
- C:\Windows\System32\QNAStDi.exe
  C:\Windows\System32\QNAStDi.exe
  2⤵
  PID:11980
- C:\Windows\System32\gqtzkXb.exe
  C:\Windows\System32\gqtzkXb.exe
  2⤵
  PID:12000
- C:\Windows\System32\lNXvRqr.exe
  C:\Windows\System32\lNXvRqr.exe
  2⤵
  PID:12052
- C:\Windows\System32\jhTQrti.exe
  C:\Windows\System32\jhTQrti.exe
  2⤵
  PID:12072
- C:\Windows\System32\sWmGLuF.exe
  C:\Windows\System32\sWmGLuF.exe
  2⤵
  PID:12092
- C:\Windows\System32\zLHDpyy.exe
  C:\Windows\System32\zLHDpyy.exe
  2⤵
  PID:12128
- C:\Windows\System32\yPXhAil.exe
  C:\Windows\System32\yPXhAil.exe
  2⤵
  PID:12160
- C:\Windows\System32\KRyKfMx.exe
  C:\Windows\System32\KRyKfMx.exe
  2⤵
  PID:12188
- C:\Windows\System32\PCyJxEo.exe
  C:\Windows\System32\PCyJxEo.exe
  2⤵
  PID:12212
- C:\Windows\System32\YMCCCCl.exe
  C:\Windows\System32\YMCCCCl.exe
  2⤵
  PID:12256
- C:\Windows\System32\zEtnrgw.exe
  C:\Windows\System32\zEtnrgw.exe
  2⤵
  PID:12276
- C:\Windows\System32\BddhoFR.exe
  C:\Windows\System32\BddhoFR.exe
  2⤵
  PID:10952
- C:\Windows\System32\jKvlIxH.exe
  C:\Windows\System32\jKvlIxH.exe
  2⤵
  PID:9384
- C:\Windows\System32\CFmkUXI.exe
  C:\Windows\System32\CFmkUXI.exe
  2⤵
  PID:11352
- C:\Windows\System32\uPAvION.exe
  C:\Windows\System32\uPAvION.exe
  2⤵
  PID:11472
- C:\Windows\System32\hchIMMc.exe
  C:\Windows\System32\hchIMMc.exe
  2⤵
  PID:11528
- C:\Windows\System32\xJwhZuj.exe
  C:\Windows\System32\xJwhZuj.exe
  2⤵
  PID:11636
- C:\Windows\System32\PjnafGz.exe
  C:\Windows\System32\PjnafGz.exe
  2⤵
  PID:11608
- C:\Windows\System32\kJtuRVu.exe
  C:\Windows\System32\kJtuRVu.exe
  2⤵
  PID:11716
- C:\Windows\System32\bCImrXc.exe
  C:\Windows\System32\bCImrXc.exe
  2⤵
  PID:11780
- C:\Windows\System32\FtbvOvx.exe
  C:\Windows\System32\FtbvOvx.exe
  2⤵
  PID:11824
- C:\Windows\System32\IdcYDzE.exe
  C:\Windows\System32\IdcYDzE.exe
  2⤵
  PID:11876
- C:\Windows\System32\GVkpkvU.exe
  C:\Windows\System32\GVkpkvU.exe
  2⤵
  PID:11932
- C:\Windows\System32\AWWubbs.exe
  C:\Windows\System32\AWWubbs.exe
  2⤵
  PID:12100
- C:\Windows\System32\sLZYWUP.exe
  C:\Windows\System32\sLZYWUP.exe
  2⤵
  PID:12120
- C:\Windows\System32\khkbRnd.exe
  C:\Windows\System32\khkbRnd.exe
  2⤵
  PID:12200
- C:\Windows\System32\Tdrzxjq.exe
  C:\Windows\System32\Tdrzxjq.exe
  2⤵
  PID:12240
- C:\Windows\System32\PKQpeeD.exe
  C:\Windows\System32\PKQpeeD.exe
  2⤵
  PID:11312
- C:\Windows\System32\YNfvAjw.exe
  C:\Windows\System32\YNfvAjw.exe
  2⤵
  PID:11444
- C:\Windows\System32\ndWfqNk.exe
  C:\Windows\System32\ndWfqNk.exe
  2⤵
  PID:11604
- C:\Windows\System32\dIxQJxL.exe
  C:\Windows\System32\dIxQJxL.exe
  2⤵
  PID:11664
- C:\Windows\System32\CicYNYq.exe
  C:\Windows\System32\CicYNYq.exe
  2⤵
  PID:11816
- C:\Windows\System32\VFHDERc.exe
  C:\Windows\System32\VFHDERc.exe
  2⤵
  PID:12068
- C:\Windows\System32\NFGEiQQ.exe
  C:\Windows\System32\NFGEiQQ.exe
  2⤵
  PID:12268
- C:\Windows\System32\LAVSidI.exe
  C:\Windows\System32\LAVSidI.exe
  2⤵
  PID:11644
- C:\Windows\System32\wduGJqp.exe
  C:\Windows\System32\wduGJqp.exe
  2⤵
  PID:11840
- C:\Windows\System32\TmFzKNm.exe
  C:\Windows\System32\TmFzKNm.exe
  2⤵
  PID:11912
- C:\Windows\System32\fySfuHK.exe
  C:\Windows\System32\fySfuHK.exe
  2⤵
  PID:12176
- C:\Windows\System32\HVwRkUl.exe
  C:\Windows\System32\HVwRkUl.exe
  2⤵
  PID:11696
- C:\Windows\System32\ZFxLgEs.exe
  C:\Windows\System32\ZFxLgEs.exe
  2⤵
  PID:11364
- C:\Windows\System32\rsPScWd.exe
  C:\Windows\System32\rsPScWd.exe
  2⤵
  PID:12300
- C:\Windows\System32\vqSnIGg.exe
  C:\Windows\System32\vqSnIGg.exe
  2⤵
  PID:12352
- C:\Windows\System32\xFmPcyj.exe
  C:\Windows\System32\xFmPcyj.exe
  2⤵
  PID:12396
- C:\Windows\System32\jcCXhtJ.exe
  C:\Windows\System32\jcCXhtJ.exe
  2⤵
  PID:12424
- C:\Windows\System32\VzHxUtJ.exe
  C:\Windows\System32\VzHxUtJ.exe
  2⤵
  PID:12440
- C:\Windows\System32\QnxhLVS.exe
  C:\Windows\System32\QnxhLVS.exe
  2⤵
  PID:12468
- C:\Windows\System32\NCnyRFJ.exe
  C:\Windows\System32\NCnyRFJ.exe
  2⤵
  PID:12496
- C:\Windows\System32\ftctdVI.exe
  C:\Windows\System32\ftctdVI.exe
  2⤵
  PID:12524
- C:\Windows\System32\fZevvcQ.exe
  C:\Windows\System32\fZevvcQ.exe
  2⤵
  PID:12544
- C:\Windows\System32\WkqNZZF.exe
  C:\Windows\System32\WkqNZZF.exe
  2⤵
  PID:12584
- C:\Windows\System32\tzntSxc.exe
  C:\Windows\System32\tzntSxc.exe
  2⤵
  PID:12612
- C:\Windows\System32\JEkCrLm.exe
  C:\Windows\System32\JEkCrLm.exe
  2⤵
  PID:12636
- C:\Windows\System32\qrSyGpt.exe
  C:\Windows\System32\qrSyGpt.exe
  2⤵
  PID:12684
- C:\Windows\System32\fXxkIvZ.exe
  C:\Windows\System32\fXxkIvZ.exe
  2⤵
  PID:12704
- C:\Windows\System32\JNXWAOt.exe
  C:\Windows\System32\JNXWAOt.exe
  2⤵
  PID:12732
- C:\Windows\System32\AzpZhUx.exe
  C:\Windows\System32\AzpZhUx.exe
  2⤵
  PID:12752
- C:\Windows\System32\djYLwMS.exe
  C:\Windows\System32\djYLwMS.exe
  2⤵
  PID:12776
- C:\Windows\System32\EvavGDR.exe
  C:\Windows\System32\EvavGDR.exe
  2⤵
  PID:12792
- C:\Windows\System32\WpsXhsg.exe
  C:\Windows\System32\WpsXhsg.exe
  2⤵
  PID:12836
- C:\Windows\System32\YUTSPmZ.exe
  C:\Windows\System32\YUTSPmZ.exe
  2⤵
  PID:12860
- C:\Windows\System32\IIxtrZX.exe
  C:\Windows\System32\IIxtrZX.exe
  2⤵
  PID:12884
- C:\Windows\System32\hYgUjAs.exe
  C:\Windows\System32\hYgUjAs.exe
  2⤵
  PID:12908
- C:\Windows\System32\fAWTClK.exe
  C:\Windows\System32\fAWTClK.exe
  2⤵
  PID:12952
- C:\Windows\System32\jVThFlF.exe
  C:\Windows\System32\jVThFlF.exe
  2⤵
  PID:12988
- C:\Windows\System32\cwkCgWB.exe
  C:\Windows\System32\cwkCgWB.exe
  2⤵
  PID:13004
- C:\Windows\System32\tcaDdAD.exe
  C:\Windows\System32\tcaDdAD.exe
  2⤵
  PID:13044
- C:\Windows\System32\QBGqpNn.exe
  C:\Windows\System32\QBGqpNn.exe
  2⤵
  PID:13068
- C:\Windows\System32\YywFwBU.exe
  C:\Windows\System32\YywFwBU.exe
  2⤵
  PID:13108
- C:\Windows\System32\ficWbxK.exe
  C:\Windows\System32\ficWbxK.exe
  2⤵
  PID:13124
- C:\Windows\System32\RxLGSkb.exe
  C:\Windows\System32\RxLGSkb.exe
  2⤵
  PID:13144
- C:\Windows\System32\ZJPcHTY.exe
  C:\Windows\System32\ZJPcHTY.exe
  2⤵
  PID:13164
- C:\Windows\System32\vUwkqqU.exe
  C:\Windows\System32\vUwkqqU.exe
  2⤵
  PID:13196
- C:\Windows\System32\UgwECfQ.exe
  C:\Windows\System32\UgwECfQ.exe
  2⤵
  PID:13216
- C:\Windows\System32\oLARbBY.exe
  C:\Windows\System32\oLARbBY.exe
  2⤵
  PID:13232
- C:\Windows\System32\eRsFszh.exe
  C:\Windows\System32\eRsFszh.exe
  2⤵
  PID:13252
- C:\Windows\System32\rqdPgme.exe
  C:\Windows\System32\rqdPgme.exe
  2⤵
  PID:13296
- C:\Windows\System32\umLshVM.exe
  C:\Windows\System32\umLshVM.exe
  2⤵
  PID:11640
- C:\Windows\System32\eTsohBr.exe
  C:\Windows\System32\eTsohBr.exe
  2⤵
  PID:12348
- C:\Windows\System32\PAsPyWT.exe
  C:\Windows\System32\PAsPyWT.exe
  2⤵
  PID:12416
- C:\Windows\System32\ukAohWQ.exe
  C:\Windows\System32\ukAohWQ.exe
  2⤵
  PID:12480
- C:\Windows\System32\ZioKPUS.exe
  C:\Windows\System32\ZioKPUS.exe
  2⤵
  PID:12572
- C:\Windows\System32\HzPENdf.exe
  C:\Windows\System32\HzPENdf.exe
  2⤵
  PID:12676
- C:\Windows\System32\EJMDsqO.exe
  C:\Windows\System32\EJMDsqO.exe
  2⤵
  PID:12700
- C:\Windows\System32\LiExaXM.exe
  C:\Windows\System32\LiExaXM.exe
  2⤵
  PID:12760
- C:\Windows\System32\obgOTxz.exe
  C:\Windows\System32\obgOTxz.exe
  2⤵
  PID:12800
- C:\Windows\System32\mVQxrwI.exe
  C:\Windows\System32\mVQxrwI.exe
  2⤵
  PID:12868
- C:\Windows\System32\nQutAek.exe
  C:\Windows\System32\nQutAek.exe
  2⤵
  PID:12972
- C:\Windows\System32\tEFeQsu.exe
  C:\Windows\System32\tEFeQsu.exe
  2⤵
  PID:13028
- C:\Windows\System32\lrWvWIG.exe
  C:\Windows\System32\lrWvWIG.exe
  2⤵
  PID:13088
- C:\Windows\System32\ERISJjQ.exe
  C:\Windows\System32\ERISJjQ.exe
  2⤵
  PID:13152
- C:\Windows\System32\nFEsidK.exe
  C:\Windows\System32\nFEsidK.exe
  2⤵
  PID:13248
- C:\Windows\System32\mPAbhvP.exe
  C:\Windows\System32\mPAbhvP.exe
  2⤵
  PID:13284
- C:\Windows\System32\uLpDZtj.exe
  C:\Windows\System32\uLpDZtj.exe
  2⤵
  PID:12360
- C:\Windows\System32\WcYDFFq.exe
  C:\Windows\System32\WcYDFFq.exe
  2⤵
  PID:12628
- C:\Windows\System32\RvwShkD.exe
  C:\Windows\System32\RvwShkD.exe
  2⤵
  PID:12728
- C:\Windows\System32\lZxiuby.exe
  C:\Windows\System32\lZxiuby.exe
  2⤵
  PID:12844
- C:\Windows\System32\QSSzTsT.exe
  C:\Windows\System32\QSSzTsT.exe
  2⤵
  PID:12960
- C:\Windows\System32\wRulucP.exe
  C:\Windows\System32\wRulucP.exe
  2⤵
  PID:12980
- C:\Windows\System32\psHKGfF.exe
  C:\Windows\System32\psHKGfF.exe
  2⤵
  PID:13136
- C:\Windows\System32\eGPRkHV.exe
  C:\Windows\System32\eGPRkHV.exe
  2⤵
  PID:12308
- C:\Windows\System32\LNjdvlI.exe
  C:\Windows\System32\LNjdvlI.exe
  2⤵
  PID:13060
- C:\Windows\System32\wqFUzxc.exe
  C:\Windows\System32\wqFUzxc.exe
  2⤵
  PID:12388
- C:\Windows\System32\IBXoOrv.exe
  C:\Windows\System32\IBXoOrv.exe
  2⤵
  PID:13180
- C:\Windows\System32\RvnLLWr.exe
  C:\Windows\System32\RvnLLWr.exe
  2⤵
  PID:13344

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AmPepSr.exe

Filesize
1.8MB

MD5
8c7c080ce0dc7ccf56d39188c7d66405

SHA1
7bd7aa45d5c5c9ac16ac0bb8c48c002549c295a1

SHA256
cbb5bc3ae21e9314f72d109b4abf4eddc50371c8f70c867de87ee236d0246a5e

SHA512
0f67b645de2f5ea287d86ddf5d786d962ed9ead3776493774d4dc128f75a4235bb2ff008699b33bf05924ddd140052240e47ae751e1a76b12ca66acf00b75a32

Download Submit
C:\Windows\System32\BLpChVj.exe

Filesize
1.8MB

MD5
b458cba0bf5d9d208df7cbf3abdc2af4

SHA1
0465167a35e06c6878ffa6ef45f5d07db36d7031

SHA256
4eef522ef0e1432034eb37b78f6e7c1cd13db5483bc3ab0f2fe4ab74d4607c6b

SHA512
445e23ab65be08f0433181a1f5054f68ae52dc3caa366f020adf71c331b72348b8fa072cfe81ecfe99bbae3884c6bba238c6f83b138b041d2ea1aaba3263626f

Download Submit
C:\Windows\System32\BawSaoP.exe

Filesize
1.8MB

MD5
4a659adfcf4ecebc3af6d2a0972f4d11

SHA1
7cd1234f355a13b80f65ebef0df260a589ee5b54

SHA256
47d80e1c90996e3037ad0374083af0d06d9d90bccebb1320dc342270893ef31f

SHA512
b6c0776f8d4ba92084c7ddff444bade92b088d882310474ebdbbe6ffad8a0d585c4b2c7a46c90e134745bed20d66628ad255a1ef2a1c1fcddb8f83d19e1cd66b

Download Submit
C:\Windows\System32\DHOOphn.exe

Filesize
1.8MB

MD5
323f8124ff9308e3a5af400cbea48837

SHA1
2211219856d754d89fedf5776c4a5f4e405d474b

SHA256
41b9122378618c0f41af40457dd3ffa0af168e431339afc4f0f78ea3ed284b32

SHA512
0c9908cb8e6219c94748742713b18e9a64fa1e7daf8e039526a006a6ae2489236fc4cea4abfad5cce10524d1156d87385d535fe51aa9088afe6ec8153370782a

Download Submit
C:\Windows\System32\DNQYjdt.exe

Filesize
1.8MB

MD5
63ab8d1ee2e19079b8db78b34914376f

SHA1
649c47dee34c45d509427503c843cd280a7a0663

SHA256
eee959d92e384269b55ff5a528ed4e331c223b3ea92df7e58477800ef81ad06d

SHA512
0ade9f48162ded25379cba44987523cde81f09baa1ab2e560b36f42632b8d781c33684e28cad80af8e9f3a89a0faf5dab79043de353a711f0ebfb2e3d7844b33

Download Submit
C:\Windows\System32\DyfLeMF.exe

Filesize
1.8MB

MD5
dfe266cc4cd19ce243cc4bbefe96191f

SHA1
8ca7ac78410d12eee39e121fcf87ec26bac7b7b8

SHA256
392652ff1d3af7f7c33a958eb6aae5e54d96fd32dc6396a2e8200cd414c79963

SHA512
7b096b1c821b7f56d20697cac7c9440a9c69fded8d04c8fb6a8c97a1dc3137bbd13ad196692e6f73e84de76e7de4a24fdbd91119b3e3423f816065e84aa1177e

Download Submit
C:\Windows\System32\EEInmdo.exe

Filesize
1.8MB

MD5
6bff9208500c844257d7682f51535072

SHA1
a4e9aa5d6c59bc0aa4b9bf7150c2fa706dd788b2

SHA256
d82fa3959f36a46f8da5ba1c757989b5ef7af5cb230d0150532bf31ed4a8f8cd

SHA512
c3908734c563c67d5359625c5168165b1413bec99786f2231fdf6ea21d51ae1f7cc11f57f3da8df1fbfe8b0d7cfd5e383ad74827f962a878e4318b38205dc24c

Download Submit
C:\Windows\System32\GIWtJnm.exe

Filesize
1.8MB

MD5
3ace43f3718856a8f8611eace9c895cd

SHA1
76ca4f33592292337b23ea05a7aba3a46fc29f26

SHA256
c682054d4811bdedfc01283c613d6ca7eb51b881b7a131bb3126e6e037e4b55d

SHA512
1bb788fcd838a1480fed47dfd95e28c732bc7b1b9380b1769435fb499bff02a5bb11aa1695d47330dedbb9a17332f76d789f69c8e574f5d1dba35a07241a06cd

Download Submit
C:\Windows\System32\GQxtVUM.exe

Filesize
1.8MB

MD5
f0d65f99224f8c4df770c1f9a791d367

SHA1
6ee96521ed43e832857bef7ccd3f4ab4dcf7c432

SHA256
f483269c92c4a7b808dbe1f0786c973d4ec060a0a809baa237b0d485c69690c5

SHA512
818c4313ac25aeed2d30cbe015b9bd369900af7eec337b2acfd444ea6fd36fa0d20dd13521c2b54716858685519de8cff56fc6144bda649cdec6643f9cde5266

Download Submit
C:\Windows\System32\MjksrUr.exe

Filesize
1.8MB

MD5
1b4e52ec4507d0bd08c017c495f5f310

SHA1
a5ee1ff5b11860364be9d2f374a8c987b803ffb1

SHA256
21eb60c7a4fbc8f047c905b528309be2e13b4220fc8cab408fd05e6f39ba4acd

SHA512
60328a68121c64b246d3c3486893b6b0674c69213488d2bd1a20b60424694a86bae34eb59abea4e6b26b702bcb73d0aaa1efb7a5ef2df6141208d2dba7873ffb

Download Submit
C:\Windows\System32\OulJNdf.exe

Filesize
1.8MB

MD5
6c16122d034c2b1da6e5021de3f2638b

SHA1
a0b2e3099c8b93f22b756ea9de9632721ccf21fa

SHA256
996f2b2b41fcf73f7f5520d418f327d97d0f64e1a3fa56201dd4b477886f83c8

SHA512
792c96b8d82c4cf0b468273bce6e454391e7f91f56ae733958a5e478409d1f7c5e75ba67970e531f86d3804d48b9c300a23fbccf98ec4086482b5ee2349d931b

Download Submit
C:\Windows\System32\ShUIOpa.exe

Filesize
1.8MB

MD5
42c633a47f952b1a7d226c51e2019f6a

SHA1
8c0e256ca06d2d93ef5d07e4150fb301d942acce

SHA256
71dba6a328c5abb297812f9edb5200fb977d9057489bf0f80aceb05ea2c704a7

SHA512
fecc4ebf3b8e4e8b66818de5f2658b98198a775b4fe0d068f6044f398a0e3d8ff77c3ddfa403d3fa305a8cbd52f32e5d2112e65c6258866e01b40ac11ae5b787

Download Submit
C:\Windows\System32\TlAQiSC.exe

Filesize
1.8MB

MD5
488b748f78567bd32180c419d7da869d

SHA1
70685eeb2df5ece6edc185ed71988cd5c2ba5de5

SHA256
c5eae3d55c3397c9de978b0b2ace71edf0cb543e671f7a81f8c776dd1bd1d47c

SHA512
b1d6b0c48a39efa57c0d0fe8fed986319e47b09cd400b24fb992c258f22a1202201bf544c6ba00efd6a2bc0f21ce1b79da02367fbe19c10b92b65fa25804fb8b

Download Submit
C:\Windows\System32\VVGyvaA.exe

Filesize
1.8MB

MD5
6d31f913ca72120a99406ff3ad7e3b11

SHA1
fae69672800c03343593a9dd8eb864e4be756d28

SHA256
bc745e361d4dbe89445500d6defedb6007135c8cceceae0185a6df49cff07ca0

SHA512
faa877bfbcfc9a1900c7d131081df59be29f6473660bc2836a3d1f0f7f33216a3a7ec07ea834108d1d6e1911aed1513d1030c9247653844ffa42b62eda56a8ea

Download Submit
C:\Windows\System32\WukaeXt.exe

Filesize
1.8MB

MD5
6a63a910f057d3649a85f14a2c843cc4

SHA1
0f42fe3d5980b8cd0b4197e25d02c46b218013e3

SHA256
a346e93fc73da03a951722f73017abdffbd3f642ca21b2b65546708a4333bcc1

SHA512
397097f267de57fcb31634dcd18e29f4c6a54197b894c30c1e35cf0fcc0a8bf3bc8707bd8c6b7463a2e6e7eb90190e709460b34d9714a9ff5e4ee5b23c3e59b2

Download Submit
C:\Windows\System32\dWlofvG.exe

Filesize
1.8MB

MD5
1a1e279ff435dae29e33bb28cbe08343

SHA1
6dfc6b9f3238e01ed9a3f502c2ff81db781135c9

SHA256
3617dabd772904dee62a9f396926ea6685d0b61a4e7303596558418c1142480f

SHA512
f2c94ff1a3002ca2928b1b44ef68ccba9f3896485603e8b9685ce145a81f2970f70f01654d2538977453434de7031b3a5074a29277fe4928d9f29c94211b0b3f

Download Submit
C:\Windows\System32\eATFzXK.exe

Filesize
1.8MB

MD5
b5238cbd99a9f9fb459f392d90223f1d

SHA1
a8976a5981c929f105df37cc0f3cab7b63a6bc82

SHA256
80f5d7f1e67b1a63aca594ec86174f317cb3f4f201a684bbbc4418cd314252db

SHA512
28c04c826dfeb0dff39609f6d2e6314306171fa5bb8f06c6ab4cbde24b685a91351be3366490aaac40f7f154459ccbe51a60dee86d8890261feed6f478bae954

Download Submit
C:\Windows\System32\iNTjaPO.exe

Filesize
1.8MB

MD5
ab35ca9e159d4b383bba07a2ed97d818

SHA1
8761dfb1d5c47e7b2306ac3ad0696fd0299ad510

SHA256
a58c793bc93a7da680954dc2db2353f2eb24808253f65e0477241accaa155f73

SHA512
62761176be2e7081a676a57911d2de065d552e6b0fd760df9752b8ad3b9f87e2034bccce600362ce09cb7becf42d3d1a00132673d7f5a37dcec8bc693eb0fd91

Download Submit
C:\Windows\System32\ikTeiKH.exe

Filesize
1.8MB

MD5
bd6a66afe7dfb48f771c29cb9e150f4e

SHA1
4af233366ecba5a4a6bd7d6dc55f9d35971ed70e

SHA256
b20e926ec5d5f798714b8a191262eae4b763813eb8ddc2219fb6f8085240357f

SHA512
44a5e1b5d7925eb3740fd5eb87300504b7e716d6e55bf0700fae390e30585a04148041377a4ad285e232764ef14d8d4edc162f61e957689cf4fda48817a6db86

Download Submit
C:\Windows\System32\iksppTP.exe

Filesize
1.8MB

MD5
01bdf8b7b3718d6b017ae06b662b878d

SHA1
8db050fc00f51ac28fb5ed653849685c7dc3f022

SHA256
85415ca8c324830032bfa7af361306da754a408ed9ff469affc20d959e8b2ca2

SHA512
b56df2dab7c8148a251f42a1ada20c968f160c6fb39b0158b14884d1c654c65928a1dc43cc3cfcb5fce01ffe741f2f96cffb3dcce875310c1c8a1db365160815

Download Submit
C:\Windows\System32\jEouUkE.exe

Filesize
1.8MB

MD5
d1ff494440768062ced54d93cd666fa9

SHA1
3e6cfd8722907d81c40ed467befe23b52d7be897

SHA256
0fbd90cf3d6d9a35c8e5c58c81b606027c4c52b39130dcb68c1a3ff38d416855

SHA512
f406313d13d2e4c4b1d90dc26b53e86cf331b0492a9a99ae0b986c46bbbd264e4a6f44e6f3f3ad8b3a54ef6bb6f9b26fdfe1f81d3fbe52eac10bb26d6b9e79de

Download Submit
C:\Windows\System32\kJQJDJK.exe

Filesize
1.8MB

MD5
980d1ca31def0578002919b0b35e7cbd

SHA1
9d423f3f67380a1c43f078ece237a7da51ecea7b

SHA256
18a33b6ef26cc7433679f4dfc906b0945e0051b71ca2882596344b3f2023244f

SHA512
2fc55c54f30e5c49f528f0d0312a01ce31ee4c84cf81464c7b528d47776e93c83f6bd1f1ee31222d9815bdcb0fe00ba587672a1161b7bfa124b3fab208eaf508

Download Submit
C:\Windows\System32\lsPTukn.exe

Filesize
1.8MB

MD5
01af47816cb943d2a4a783db579544a8

SHA1
84253330c43a2cb0309dd99f9b39e8851b6b5e14

SHA256
ef1629398d0189da2492f1791b030d2aa282cba26dfb1b3fa25282f784929994

SHA512
5d96790d5b9b1d18d2cfcdef7fcdde12b0b250796f28013758792f013ae17b553013989d4563f8135b86dd8b56070da46e9548b46f27eb6fbc89614cc1dfe24c

Download Submit
C:\Windows\System32\mgQxSlZ.exe

Filesize
1.8MB

MD5
319ae2b2fd55571bba5a52b481c20aaf

SHA1
7dfb5441dd73f0aab271e4c29e8d6015744bc0d4

SHA256
c9128590e26f573b973be8738ae2606130a585e5f46c7ff9bb04260f913542fa

SHA512
ddbc4b7e5244979ffbfcd6094e96252c80c829f44a77a9bd6e46b66fe382a0d66c23c5cc6e2517ec4d98097cab5d0a7eb2d53a2333c459227e6c67c1eeae17e3

Download Submit
C:\Windows\System32\nBVjyMU.exe

Filesize
1.8MB

MD5
89b359c14656c532915cfd63c47d3e90

SHA1
888279456c4bd5a3f626318ccb4fdc2924bbb298

SHA256
52c7c734fa396a8f88638e0292dad45e58ebc3a5a4deb48ca33d0347f6fe579e

SHA512
b6fe32bcde8e65dd00b195dd37707cd8201835f3ab3a7a5aa6a08e438f2331cf6a2ec2df4d97db89a66fe20b8a2bfcaec564be153b280908397319ac97a514f9

Download Submit
C:\Windows\System32\pdTkkdq.exe

Filesize
1.8MB

MD5
6615d92294405ceac2c3f0877f17de16

SHA1
34f5d928566b54c662abe12bf0d2d24909bad6c8

SHA256
da561fa74127df83e7f44319a831a8af700452054e5bae483e029e2c502a4530

SHA512
86d9e3ac27bfac8be53fd13ede08bbe7c0ea29ba5771e40d798fe21a9bf5bf89a5717a94391ae8407cf3beb82f8c1e730b07d3603cf110d073e1ca8a8dbaee30

Download Submit
C:\Windows\System32\wDbXCvZ.exe

Filesize
1.8MB

MD5
86e4f119760f3cd8cfba8e3acc90cc58

SHA1
e289c21730ce5921561d60b1b9553167138186dd

SHA256
dfe077eb02d3100f9f75e26ddf303362ffbfa330b36bda0d390a1264634dd298

SHA512
0828720ae98d6f426143f2aca3510046bfb98e977adc2d31fcc6489188e2cfc69a304bbce30146fd92475ccb2818f2fd3a3c9d3c69be197617a5a3f6e3c6190a

Download Submit
C:\Windows\System32\wlWbhgw.exe

Filesize
1.8MB

MD5
c9e8eccb984f60cb648cc7c6f31c4703

SHA1
684d171644e8990b504cf563f97bbac7f8b3dda4

SHA256
9832329bc113d19321fa8ed2ff3c195df730ae559bfab8b2d31ed43a12da06fa

SHA512
26921ffbe40304c28cec2dc9729bc744744d38ed0f0b8f82dfee4e95ddcd41fdcc44a2a21e2dd5e6b5d94ae07c6cbda523fc509ce985759474e8dfb9521ea660

Download Submit
C:\Windows\System32\wzIchuv.exe

Filesize
1.8MB

MD5
0152b282966a3d3b9b4dae7bf998044a

SHA1
2722583049d7204b61f753cdddee454f98c5160a

SHA256
c6009793f2536d232538dd1d2835b6fc99dac5354f6ce781447888a75d4f0800

SHA512
751bf7d524603b2d21210c220ce1add2a3bd5f70ce1ea87371b504dabfa76f7ef8e9205cbfaf6d57f7dce519f0efe96b4df7d16e6ae38d9ce69f9a95129dd8f4

Download Submit
C:\Windows\System32\xzhKkBx.exe

Filesize
1.8MB

MD5
bfac0d1bae4033854acbf9e3d4253bb0

SHA1
1c44075d3cfa7516795323d14deb031cc496723f

SHA256
d608b5041be2762fddeeedb40cd8200c9a8ab6d983e0e5950ba6c79ea6c3595f

SHA512
e0ee6d5980e85a314def4dcf2696db7adf7218c0da56980893379ce1981bf0d3fdb6d9c51b517bc52f3fc484d11c056e4a29b3197c4fc8fa71f41366458fcd6c

Download Submit
C:\Windows\System32\zNtDAzr.exe

Filesize
1.8MB

MD5
0ca7c5e83998ee8486553db3be402a3d

SHA1
871c7043e4c2bd060ba390cdcf0a449caed8ad73

SHA256
32505fbbe622386c454f44dee2abee591aae06408a4e24c1bd52329db962a6d9

SHA512
092bf62ad928c0131b77cc480a60191aacfc682920c80089ff65327d0c5d1ffefd26ff2857f76be3a670f600d19c5dca5b49791b320bdedc6af07d0118e95996

Download Submit
C:\Windows\System32\zVszZwG.exe

Filesize
1.8MB

MD5
6dae680f6b592650b7827bda8067be85

SHA1
b23f0bbfebc944da7bba5243171524efbc0b2b9d

SHA256
f4348b5c005737d95a384eff4de6d33728aff52f6ca33e06829201d3af41300d

SHA512
338b2a3e2d0071ae14e696e43d21d9c5ad6c76686f02c6e397ec21f00ff210ce9626448f57d4aa4a13edb017815aaacf220dbc4c2fed539dd0decf62973be887

Download Submit
C:\Windows\System32\zujnlkK.exe

Filesize
1.8MB

MD5
ccc46745091624607b521d15c7e16a97

SHA1
acb8d6b53e98ad8a17e9a97a944c97c30b4c0bb4

SHA256
328213bfa5fe2fe01f7219763865764a86cd075b1fa0d03c5bb0251e78b743d9

SHA512
f95322e9565d280a85a0c726a9a4933b04c80538ff90a66a0d4c7cb63e32eca08ac80eb2461f479926bf3abaad35e25eb8e66e19f62ce0e450e98ffd0b3b1c22

Download Submit
memory/212-489-0x00007FF7BA450000-0x00007FF7BA841000-memory.dmp

Filesize
3.9MB

Download
memory/212-2152-0x00007FF7BA450000-0x00007FF7BA841000-memory.dmp

Filesize
3.9MB

Download
memory/964-2120-0x00007FF766BB0000-0x00007FF766FA1000-memory.dmp

Filesize
3.9MB

Download
memory/964-21-0x00007FF766BB0000-0x00007FF766FA1000-memory.dmp

Filesize
3.9MB

Download
memory/964-1296-0x00007FF766BB0000-0x00007FF766FA1000-memory.dmp

Filesize
3.9MB

Download
memory/1040-10-0x00007FF643B20000-0x00007FF643F11000-memory.dmp

Filesize
3.9MB

Download
memory/1040-1096-0x00007FF643B20000-0x00007FF643F11000-memory.dmp

Filesize
3.9MB

Download
memory/1256-559-0x00007FF66C350000-0x00007FF66C741000-memory.dmp

Filesize
3.9MB

Download
memory/1256-2183-0x00007FF66C350000-0x00007FF66C741000-memory.dmp

Filesize
3.9MB

Download
memory/1464-2154-0x00007FF714FE0000-0x00007FF7153D1000-memory.dmp

Filesize
3.9MB

Download
memory/1464-499-0x00007FF714FE0000-0x00007FF7153D1000-memory.dmp

Filesize
3.9MB

Download
memory/1468-513-0x00007FF7D9190000-0x00007FF7D9581000-memory.dmp

Filesize
3.9MB

Download
memory/1468-2190-0x00007FF7D9190000-0x00007FF7D9581000-memory.dmp

Filesize
3.9MB

Download
memory/1940-1-0x0000013D3E520000-0x0000013D3E530000-memory.dmp

Filesize
64KB

Download
memory/1940-976-0x00007FF7925D0000-0x00007FF7929C1000-memory.dmp

Filesize
3.9MB

Download
memory/1940-2261-0x00007FF7925D0000-0x00007FF7929C1000-memory.dmp

Filesize
3.9MB

Download
memory/1940-0-0x00007FF7925D0000-0x00007FF7929C1000-memory.dmp

Filesize
3.9MB

Download
memory/2052-2146-0x00007FF7C13B0000-0x00007FF7C17A1000-memory.dmp

Filesize
3.9MB

Download
memory/2052-488-0x00007FF7C13B0000-0x00007FF7C17A1000-memory.dmp

Filesize
3.9MB

Download
memory/2064-50-0x00007FF6C2DD0000-0x00007FF6C31C1000-memory.dmp

Filesize
3.9MB

Download
memory/2064-2142-0x00007FF6C2DD0000-0x00007FF6C31C1000-memory.dmp

Filesize
3.9MB

Download
memory/2140-2182-0x00007FF7586F0000-0x00007FF758AE1000-memory.dmp

Filesize
3.9MB

Download
memory/2140-521-0x00007FF7586F0000-0x00007FF758AE1000-memory.dmp

Filesize
3.9MB

Download
memory/2256-517-0x00007FF799F00000-0x00007FF79A2F1000-memory.dmp

Filesize
3.9MB

Download
memory/2256-2186-0x00007FF799F00000-0x00007FF79A2F1000-memory.dmp

Filesize
3.9MB

Download
memory/2388-1434-0x00007FF70AE80000-0x00007FF70B271000-memory.dmp

Filesize
3.9MB

Download
memory/2388-56-0x00007FF70AE80000-0x00007FF70B271000-memory.dmp

Filesize
3.9MB

Download
memory/2388-2148-0x00007FF70AE80000-0x00007FF70B271000-memory.dmp

Filesize
3.9MB

Download
memory/2912-550-0x00007FF728F40000-0x00007FF729331000-memory.dmp

Filesize
3.9MB

Download
memory/2912-2193-0x00007FF728F40000-0x00007FF729331000-memory.dmp

Filesize
3.9MB

Download
memory/3160-1100-0x00007FF63D500000-0x00007FF63D8F1000-memory.dmp

Filesize
3.9MB

Download
memory/3160-17-0x00007FF63D500000-0x00007FF63D8F1000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2116-0x00007FF63D500000-0x00007FF63D8F1000-memory.dmp

Filesize
3.9MB

Download
memory/3284-54-0x00007FF77F3B0000-0x00007FF77F7A1000-memory.dmp

Filesize
3.9MB

Download
memory/3284-1423-0x00007FF77F3B0000-0x00007FF77F7A1000-memory.dmp

Filesize
3.9MB

Download
memory/3404-511-0x00007FF68D550000-0x00007FF68D941000-memory.dmp

Filesize
3.9MB

Download
memory/3404-2192-0x00007FF68D550000-0x00007FF68D941000-memory.dmp

Filesize
3.9MB

Download
memory/3760-2180-0x00007FF755090000-0x00007FF755481000-memory.dmp

Filesize
3.9MB

Download
memory/3760-560-0x00007FF755090000-0x00007FF755481000-memory.dmp

Filesize
3.9MB

Download
memory/3844-2118-0x00007FF678B00000-0x00007FF678EF1000-memory.dmp

Filesize
3.9MB

Download
memory/3844-1303-0x00007FF678B00000-0x00007FF678EF1000-memory.dmp

Filesize
3.9MB

Download
memory/3844-45-0x00007FF678B00000-0x00007FF678EF1000-memory.dmp

Filesize
3.9MB

Download
memory/3900-506-0x00007FF78B0A0000-0x00007FF78B491000-memory.dmp

Filesize
3.9MB

Download
memory/3900-2195-0x00007FF78B0A0000-0x00007FF78B491000-memory.dmp

Filesize
3.9MB

Download
memory/4052-2156-0x00007FF634500000-0x00007FF6348F1000-memory.dmp

Filesize
3.9MB

Download
memory/4052-503-0x00007FF634500000-0x00007FF6348F1000-memory.dmp

Filesize
3.9MB

Download
memory/4316-562-0x00007FF6974B0000-0x00007FF6978A1000-memory.dmp

Filesize
3.9MB

Download
memory/4460-519-0x00007FF718C80000-0x00007FF719071000-memory.dmp

Filesize
3.9MB

Download
memory/4460-2188-0x00007FF718C80000-0x00007FF719071000-memory.dmp

Filesize
3.9MB

Download
memory/4976-60-0x00007FF7ADFD0000-0x00007FF7AE3C1000-memory.dmp

Filesize
3.9MB

Download
memory/4992-18-0x00007FF6EAE10000-0x00007FF6EB201000-memory.dmp

Filesize
3.9MB

Download
memory/4992-1183-0x00007FF6EAE10000-0x00007FF6EB201000-memory.dmp

Filesize
3.9MB

Download
memory/5048-567-0x00007FF64F8D0000-0x00007FF64FCC1000-memory.dmp

Filesize
3.9MB

Download
memory/5048-2150-0x00007FF64F8D0000-0x00007FF64FCC1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads