xmrig | 30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30

Analysis

max time kernel
144s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
Size

2.0MB
MD5

f4e0bbae2c2820d7c062b9c908afe871
SHA1

5d13f6ba19457d4033bc88b335516ce6c80496f6
SHA256

30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30
SHA512

3f4b72d986226355289e39f8794eadfc7e10d8580e5f389fa7cf9449d477980b352d98a47b870e41ec585a8ff3ddb0b568a10574b053e6abd78dc57c03faea34
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXIHDjVgTd6DkpTTeHk:BemTLkNdfE0pZrP

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/5024-0-0x00007FF67A5F0000-0x00007FF67A944000-memory.dmp	UPX
behavioral2/files/0x0008000000023210-6.dat	UPX
behavioral2/memory/3772-8-0x00007FF7C24B0000-0x00007FF7C2804000-memory.dmp	UPX
behavioral2/files/0x0008000000023210-5.dat	UPX
behavioral2/files/0x0007000000023214-11.dat	UPX
behavioral2/files/0x0007000000023214-14.dat	UPX
behavioral2/files/0x0007000000023218-19.dat	UPX
behavioral2/files/0x0007000000023216-20.dat	UPX
behavioral2/memory/1020-22-0x00007FF7AB280000-0x00007FF7AB5D4000-memory.dmp	UPX
behavioral2/memory/3728-27-0x00007FF641F80000-0x00007FF6422D4000-memory.dmp	UPX
behavioral2/files/0x000700000002321b-31.dat	UPX
behavioral2/memory/3412-34-0x00007FF798480000-0x00007FF7987D4000-memory.dmp	UPX
behavioral2/files/0x000700000002321c-39.dat	UPX
behavioral2/files/0x000700000002321e-48.dat	UPX
behavioral2/files/0x000700000002321d-53.dat	UPX
behavioral2/files/0x0008000000023211-76.dat	UPX
behavioral2/files/0x0007000000023223-92.dat	UPX
behavioral2/memory/4712-104-0x00007FF76FE20000-0x00007FF770174000-memory.dmp	UPX
behavioral2/memory/1908-107-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp	UPX
behavioral2/memory/4032-109-0x00007FF760CF0000-0x00007FF761044000-memory.dmp	UPX
behavioral2/memory/4920-108-0x00007FF660F40000-0x00007FF661294000-memory.dmp	UPX
behavioral2/memory/2464-106-0x00007FF633980000-0x00007FF633CD4000-memory.dmp	UPX
behavioral2/memory/1168-105-0x00007FF781940000-0x00007FF781C94000-memory.dmp	UPX
behavioral2/memory/4724-103-0x00007FF7685F0000-0x00007FF768944000-memory.dmp	UPX
behavioral2/memory/4512-98-0x00007FF6FD9E0000-0x00007FF6FDD34000-memory.dmp	UPX
behavioral2/files/0x0007000000023226-97.dat	UPX
behavioral2/files/0x0007000000023225-91.dat	UPX
behavioral2/memory/1512-90-0x00007FF6BDBD0000-0x00007FF6BDF24000-memory.dmp	UPX
behavioral2/files/0x0007000000023223-86.dat	UPX
behavioral2/files/0x0007000000023222-84.dat	UPX
behavioral2/memory/1996-81-0x00007FF70FB90000-0x00007FF70FEE4000-memory.dmp	UPX
behavioral2/files/0x0008000000023211-72.dat	UPX
behavioral2/files/0x0007000000023221-71.dat	UPX
behavioral2/memory/4832-69-0x00007FF7C86F0000-0x00007FF7C8A44000-memory.dmp	UPX
behavioral2/files/0x0007000000023220-63.dat	UPX
behavioral2/files/0x000700000002321e-58.dat	UPX
behavioral2/memory/3748-57-0x00007FF6F7690000-0x00007FF6F79E4000-memory.dmp	UPX
behavioral2/files/0x000700000002321f-52.dat	UPX
behavioral2/memory/3644-51-0x00007FF649C00000-0x00007FF649F54000-memory.dmp	UPX
behavioral2/files/0x000700000002321d-47.dat	UPX
behavioral2/memory/4976-46-0x00007FF797DF0000-0x00007FF798144000-memory.dmp	UPX
behavioral2/files/0x000700000002321c-44.dat	UPX
behavioral2/files/0x000700000002321b-37.dat	UPX
behavioral2/files/0x0007000000023219-35.dat	UPX
behavioral2/files/0x0007000000023218-23.dat	UPX
behavioral2/files/0x0007000000023216-13.dat	UPX
behavioral2/files/0x0007000000023227-112.dat	UPX
behavioral2/memory/1540-119-0x00007FF6748F0000-0x00007FF674C44000-memory.dmp	UPX
behavioral2/files/0x0007000000023228-124.dat	UPX
behavioral2/memory/4636-128-0x00007FF7EAED0000-0x00007FF7EB224000-memory.dmp	UPX
behavioral2/memory/2912-136-0x00007FF6AC300000-0x00007FF6AC654000-memory.dmp	UPX
behavioral2/memory/3276-143-0x00007FF7757B0000-0x00007FF775B04000-memory.dmp	UPX
behavioral2/memory/4220-165-0x00007FF757400000-0x00007FF757754000-memory.dmp	UPX
behavioral2/memory/3772-169-0x00007FF7C24B0000-0x00007FF7C2804000-memory.dmp	UPX
behavioral2/memory/1020-174-0x00007FF7AB280000-0x00007FF7AB5D4000-memory.dmp	UPX
behavioral2/memory/4832-180-0x00007FF7C86F0000-0x00007FF7C8A44000-memory.dmp	UPX
behavioral2/memory/3016-182-0x00007FF6D1F30000-0x00007FF6D2284000-memory.dmp	UPX
behavioral2/memory/4512-185-0x00007FF6FD9E0000-0x00007FF6FDD34000-memory.dmp	UPX
behavioral2/memory/1512-184-0x00007FF6BDBD0000-0x00007FF6BDF24000-memory.dmp	UPX
behavioral2/memory/1996-183-0x00007FF70FB90000-0x00007FF70FEE4000-memory.dmp	UPX
behavioral2/memory/3488-181-0x00007FF7E5C50000-0x00007FF7E5FA4000-memory.dmp	UPX
behavioral2/memory/3412-177-0x00007FF798480000-0x00007FF7987D4000-memory.dmp	UPX
behavioral2/memory/3728-176-0x00007FF641F80000-0x00007FF6422D4000-memory.dmp	UPX
behavioral2/memory/4936-168-0x00007FF702C10000-0x00007FF702F64000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5024-0-0x00007FF67A5F0000-0x00007FF67A944000-memory.dmp	xmrig
behavioral2/files/0x0008000000023210-6.dat	xmrig
behavioral2/memory/3772-8-0x00007FF7C24B0000-0x00007FF7C2804000-memory.dmp	xmrig
behavioral2/files/0x0008000000023210-5.dat	xmrig
behavioral2/files/0x0007000000023214-11.dat	xmrig
behavioral2/files/0x0007000000023214-14.dat	xmrig
behavioral2/files/0x0007000000023218-19.dat	xmrig
behavioral2/files/0x0007000000023216-20.dat	xmrig
behavioral2/memory/1020-22-0x00007FF7AB280000-0x00007FF7AB5D4000-memory.dmp	xmrig
behavioral2/memory/3728-27-0x00007FF641F80000-0x00007FF6422D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002321b-31.dat	xmrig
behavioral2/memory/3412-34-0x00007FF798480000-0x00007FF7987D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002321c-39.dat	xmrig
behavioral2/files/0x000700000002321e-48.dat	xmrig
behavioral2/files/0x000700000002321d-53.dat	xmrig
behavioral2/files/0x0008000000023211-76.dat	xmrig
behavioral2/files/0x0007000000023223-92.dat	xmrig
behavioral2/memory/4712-104-0x00007FF76FE20000-0x00007FF770174000-memory.dmp	xmrig
behavioral2/memory/1908-107-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp	xmrig
behavioral2/memory/4032-109-0x00007FF760CF0000-0x00007FF761044000-memory.dmp	xmrig
behavioral2/memory/4920-108-0x00007FF660F40000-0x00007FF661294000-memory.dmp	xmrig
behavioral2/memory/2464-106-0x00007FF633980000-0x00007FF633CD4000-memory.dmp	xmrig
behavioral2/memory/1168-105-0x00007FF781940000-0x00007FF781C94000-memory.dmp	xmrig
behavioral2/memory/4724-103-0x00007FF7685F0000-0x00007FF768944000-memory.dmp	xmrig
behavioral2/memory/4512-98-0x00007FF6FD9E0000-0x00007FF6FDD34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023226-97.dat	xmrig
behavioral2/files/0x0007000000023225-91.dat	xmrig
behavioral2/memory/1512-90-0x00007FF6BDBD0000-0x00007FF6BDF24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023223-86.dat	xmrig
behavioral2/files/0x0007000000023222-84.dat	xmrig
behavioral2/memory/1996-81-0x00007FF70FB90000-0x00007FF70FEE4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023211-72.dat	xmrig
behavioral2/files/0x0007000000023221-71.dat	xmrig
behavioral2/memory/4832-69-0x00007FF7C86F0000-0x00007FF7C8A44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023220-63.dat	xmrig
behavioral2/files/0x000700000002321e-58.dat	xmrig
behavioral2/memory/3748-57-0x00007FF6F7690000-0x00007FF6F79E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002321f-52.dat	xmrig
behavioral2/memory/3644-51-0x00007FF649C00000-0x00007FF649F54000-memory.dmp	xmrig
behavioral2/files/0x000700000002321d-47.dat	xmrig
behavioral2/memory/4976-46-0x00007FF797DF0000-0x00007FF798144000-memory.dmp	xmrig
behavioral2/files/0x000700000002321c-44.dat	xmrig
behavioral2/files/0x000700000002321b-37.dat	xmrig
behavioral2/files/0x0007000000023219-35.dat	xmrig
behavioral2/files/0x0007000000023218-23.dat	xmrig
behavioral2/files/0x0007000000023216-13.dat	xmrig
behavioral2/files/0x0007000000023227-112.dat	xmrig
behavioral2/memory/1540-119-0x00007FF6748F0000-0x00007FF674C44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023228-124.dat	xmrig
behavioral2/memory/4636-128-0x00007FF7EAED0000-0x00007FF7EB224000-memory.dmp	xmrig
behavioral2/memory/2912-136-0x00007FF6AC300000-0x00007FF6AC654000-memory.dmp	xmrig
behavioral2/memory/3276-143-0x00007FF7757B0000-0x00007FF775B04000-memory.dmp	xmrig
behavioral2/memory/4220-165-0x00007FF757400000-0x00007FF757754000-memory.dmp	xmrig
behavioral2/memory/3772-169-0x00007FF7C24B0000-0x00007FF7C2804000-memory.dmp	xmrig
behavioral2/memory/1020-174-0x00007FF7AB280000-0x00007FF7AB5D4000-memory.dmp	xmrig
behavioral2/memory/4832-180-0x00007FF7C86F0000-0x00007FF7C8A44000-memory.dmp	xmrig
behavioral2/memory/3016-182-0x00007FF6D1F30000-0x00007FF6D2284000-memory.dmp	xmrig
behavioral2/memory/4512-185-0x00007FF6FD9E0000-0x00007FF6FDD34000-memory.dmp	xmrig
behavioral2/memory/1512-184-0x00007FF6BDBD0000-0x00007FF6BDF24000-memory.dmp	xmrig
behavioral2/memory/1996-183-0x00007FF70FB90000-0x00007FF70FEE4000-memory.dmp	xmrig
behavioral2/memory/3488-181-0x00007FF7E5C50000-0x00007FF7E5FA4000-memory.dmp	xmrig
behavioral2/memory/3412-177-0x00007FF798480000-0x00007FF7987D4000-memory.dmp	xmrig
behavioral2/memory/3728-176-0x00007FF641F80000-0x00007FF6422D4000-memory.dmp	xmrig
behavioral2/memory/4936-168-0x00007FF702C10000-0x00007FF702F64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3772	ulYUXFM.exe
1020	qYitarY.exe
4976	rSwPUlM.exe
3728	ozLKdbz.exe
3644	hkyDRzv.exe
3412	NjxuGMz.exe
3748	OkqQsgr.exe
4724	IHYEjya.exe
4832	hqEMxig.exe
4712	xqDpPWX.exe
1168	YJzXulc.exe
2464	BliGtlD.exe
1996	NYQTEhc.exe
1512	btrBPkx.exe
1908	PgOJnaw.exe
4512	INJyOGn.exe
4920	EIxptMc.exe
4032	hVLpWcy.exe
1540	GuMkVCn.exe
2432	yPfjPLT.exe
4636	OVPbMHP.exe
2912	vpmXUmR.exe
3276	VYqRKzn.exe
4540	YuiWCEv.exe
4220	TNWIRDR.exe
1188	GLeqLue.exe
4936	CVjfVEM.exe
3488	cFWNSvO.exe
3016	CUVxtDf.exe
216	ZTyyYHk.exe
1420	QeOShnW.exe
3616	xzSWLRB.exe
4960	NqnKEHx.exe
4480	XsimgYD.exe
1944	QHJRIly.exe
3540	atPHJLh.exe
3460	odLerVa.exe
1760	mbKqOnR.exe
4316	PdxdBIB.exe
2776	OKtrbTD.exe
2152	KgdkUrB.exe
2788	USjPgXM.exe
4796	oRfXLAw.exe
4884	kWwgInX.exe
1244	IuDSxYG.exe
1884	CUMdIaw.exe
2332	ftLDhrD.exe
4188	geebrlq.exe
5080	AsnyAIZ.exe
3712	ggFdUbE.exe
4492	KCAKTNA.exe
1708	hnaCTiC.exe
4060	RmAxQYb.exe
1636	sKWvYBP.exe
3880	wWyhvEM.exe
880	wiRDbSi.exe
2012	ZtpHDlC.exe
5072	TMlqJVP.exe
4368	fVOkDzK.exe
3268	AuaGjSv.exe
3048	DbhVpxI.exe
4184	AsOJoje.exe
2084	JnugEXS.exe
4648	jKKcrsD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5024-0-0x00007FF67A5F0000-0x00007FF67A944000-memory.dmp	upx
behavioral2/files/0x0008000000023210-6.dat	upx
behavioral2/memory/3772-8-0x00007FF7C24B0000-0x00007FF7C2804000-memory.dmp	upx
behavioral2/files/0x0008000000023210-5.dat	upx
behavioral2/files/0x0007000000023214-11.dat	upx
behavioral2/files/0x0007000000023214-14.dat	upx
behavioral2/files/0x0007000000023218-19.dat	upx
behavioral2/files/0x0007000000023216-20.dat	upx
behavioral2/memory/1020-22-0x00007FF7AB280000-0x00007FF7AB5D4000-memory.dmp	upx
behavioral2/memory/3728-27-0x00007FF641F80000-0x00007FF6422D4000-memory.dmp	upx
behavioral2/files/0x000700000002321b-31.dat	upx
behavioral2/memory/3412-34-0x00007FF798480000-0x00007FF7987D4000-memory.dmp	upx
behavioral2/files/0x000700000002321c-39.dat	upx
behavioral2/files/0x000700000002321e-48.dat	upx
behavioral2/files/0x000700000002321d-53.dat	upx
behavioral2/files/0x0008000000023211-76.dat	upx
behavioral2/files/0x0007000000023223-92.dat	upx
behavioral2/memory/4712-104-0x00007FF76FE20000-0x00007FF770174000-memory.dmp	upx
behavioral2/memory/1908-107-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp	upx
behavioral2/memory/4032-109-0x00007FF760CF0000-0x00007FF761044000-memory.dmp	upx
behavioral2/memory/4920-108-0x00007FF660F40000-0x00007FF661294000-memory.dmp	upx
behavioral2/memory/2464-106-0x00007FF633980000-0x00007FF633CD4000-memory.dmp	upx
behavioral2/memory/1168-105-0x00007FF781940000-0x00007FF781C94000-memory.dmp	upx
behavioral2/memory/4724-103-0x00007FF7685F0000-0x00007FF768944000-memory.dmp	upx
behavioral2/memory/4512-98-0x00007FF6FD9E0000-0x00007FF6FDD34000-memory.dmp	upx
behavioral2/files/0x0007000000023226-97.dat	upx
behavioral2/files/0x0007000000023225-91.dat	upx
behavioral2/memory/1512-90-0x00007FF6BDBD0000-0x00007FF6BDF24000-memory.dmp	upx
behavioral2/files/0x0007000000023223-86.dat	upx
behavioral2/files/0x0007000000023222-84.dat	upx
behavioral2/memory/1996-81-0x00007FF70FB90000-0x00007FF70FEE4000-memory.dmp	upx
behavioral2/files/0x0008000000023211-72.dat	upx
behavioral2/files/0x0007000000023221-71.dat	upx
behavioral2/memory/4832-69-0x00007FF7C86F0000-0x00007FF7C8A44000-memory.dmp	upx
behavioral2/files/0x0007000000023220-63.dat	upx
behavioral2/files/0x000700000002321e-58.dat	upx
behavioral2/memory/3748-57-0x00007FF6F7690000-0x00007FF6F79E4000-memory.dmp	upx
behavioral2/files/0x000700000002321f-52.dat	upx
behavioral2/memory/3644-51-0x00007FF649C00000-0x00007FF649F54000-memory.dmp	upx
behavioral2/files/0x000700000002321d-47.dat	upx
behavioral2/memory/4976-46-0x00007FF797DF0000-0x00007FF798144000-memory.dmp	upx
behavioral2/files/0x000700000002321c-44.dat	upx
behavioral2/files/0x000700000002321b-37.dat	upx
behavioral2/files/0x0007000000023219-35.dat	upx
behavioral2/files/0x0007000000023218-23.dat	upx
behavioral2/files/0x0007000000023216-13.dat	upx
behavioral2/files/0x0007000000023227-112.dat	upx
behavioral2/memory/1540-119-0x00007FF6748F0000-0x00007FF674C44000-memory.dmp	upx
behavioral2/files/0x0007000000023228-124.dat	upx
behavioral2/memory/4636-128-0x00007FF7EAED0000-0x00007FF7EB224000-memory.dmp	upx
behavioral2/memory/2912-136-0x00007FF6AC300000-0x00007FF6AC654000-memory.dmp	upx
behavioral2/memory/3276-143-0x00007FF7757B0000-0x00007FF775B04000-memory.dmp	upx
behavioral2/memory/4220-165-0x00007FF757400000-0x00007FF757754000-memory.dmp	upx
behavioral2/memory/3772-169-0x00007FF7C24B0000-0x00007FF7C2804000-memory.dmp	upx
behavioral2/memory/1020-174-0x00007FF7AB280000-0x00007FF7AB5D4000-memory.dmp	upx
behavioral2/memory/4832-180-0x00007FF7C86F0000-0x00007FF7C8A44000-memory.dmp	upx
behavioral2/memory/3016-182-0x00007FF6D1F30000-0x00007FF6D2284000-memory.dmp	upx
behavioral2/memory/4512-185-0x00007FF6FD9E0000-0x00007FF6FDD34000-memory.dmp	upx
behavioral2/memory/1512-184-0x00007FF6BDBD0000-0x00007FF6BDF24000-memory.dmp	upx
behavioral2/memory/1996-183-0x00007FF70FB90000-0x00007FF70FEE4000-memory.dmp	upx
behavioral2/memory/3488-181-0x00007FF7E5C50000-0x00007FF7E5FA4000-memory.dmp	upx
behavioral2/memory/3412-177-0x00007FF798480000-0x00007FF7987D4000-memory.dmp	upx
behavioral2/memory/3728-176-0x00007FF641F80000-0x00007FF6422D4000-memory.dmp	upx
behavioral2/memory/4936-168-0x00007FF702C10000-0x00007FF702F64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GDSgXoV.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\HIejSBo.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\FwiSwLr.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\olyNVxg.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\EMruMvO.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\zZeNXZK.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\vhBwXty.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\IiyVULW.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\MFczUNU.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\hAyePoS.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\ERKYJEW.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\zcKEFjc.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\khWFWOP.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\GslVkDC.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\pjMKyIR.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\cCFOlec.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\TXdoWuH.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\heKVifA.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\UAgZAMp.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\UwjvKnb.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\PTNtmAM.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\cTYOGrL.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\atPHJLh.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\aVkNUBs.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\NwfdqNi.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\HrYpagU.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\pNqVWSs.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\FMvsACu.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\WkPTCaA.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\LvbSJlC.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\VNBerBQ.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\XsqJWMv.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\USjPgXM.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\zXmceos.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\yxZcAHN.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\TMlqJVP.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\hjpNVXP.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\eTTNZCs.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\uskcFMf.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\SPmDijF.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\wjNceHx.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\YJzXulc.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\CUMdIaw.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\NphDfNW.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\VXsHqjQ.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\ggFdUbE.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\KCAKTNA.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\jMXSNtv.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\TsjSdoM.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\VJsVfBW.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\hnaCTiC.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\GrcFgFu.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\DoGdTSC.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\rEZGliB.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\fiCRvhW.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\nzPjhfA.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\EcaUppq.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\xhnCHed.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\rSwPUlM.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\ftLDhrD.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\awzjIeJ.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\VCDovUK.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\ybhCKOH.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
File created	C:\Windows\System\YipUaEG.exe	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13784	dwm.exe
Token: SeChangeNotifyPrivilege	13784	dwm.exe
Token: 33	13784	dwm.exe
Token: SeIncBasePriorityPrivilege	13784	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 3772	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	89
PID 5024 wrote to memory of 3772	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	89
PID 5024 wrote to memory of 1020	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	90
PID 5024 wrote to memory of 1020	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	90
PID 5024 wrote to memory of 4976	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	91
PID 5024 wrote to memory of 4976	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	91
PID 5024 wrote to memory of 3728	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	92
PID 5024 wrote to memory of 3728	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	92
PID 5024 wrote to memory of 3644	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	93
PID 5024 wrote to memory of 3644	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	93
PID 5024 wrote to memory of 3412	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	94
PID 5024 wrote to memory of 3412	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	94
PID 5024 wrote to memory of 3748	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	95
PID 5024 wrote to memory of 3748	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	95
PID 5024 wrote to memory of 4724	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	96
PID 5024 wrote to memory of 4724	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	96
PID 5024 wrote to memory of 4832	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	97
PID 5024 wrote to memory of 4832	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	97
PID 5024 wrote to memory of 4712	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	98
PID 5024 wrote to memory of 4712	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	98
PID 5024 wrote to memory of 1168	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	99
PID 5024 wrote to memory of 1168	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	99
PID 5024 wrote to memory of 1996	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	100
PID 5024 wrote to memory of 1996	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	100
PID 5024 wrote to memory of 2464	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	101
PID 5024 wrote to memory of 2464	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	101
PID 5024 wrote to memory of 1512	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	102
PID 5024 wrote to memory of 1512	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	102
PID 5024 wrote to memory of 1908	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	103
PID 5024 wrote to memory of 1908	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	103
PID 5024 wrote to memory of 4512	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	104
PID 5024 wrote to memory of 4512	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	104
PID 5024 wrote to memory of 4920	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	105
PID 5024 wrote to memory of 4920	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	105
PID 5024 wrote to memory of 4032	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	106
PID 5024 wrote to memory of 4032	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	106
PID 5024 wrote to memory of 1540	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	108
PID 5024 wrote to memory of 1540	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	108
PID 5024 wrote to memory of 2432	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	109
PID 5024 wrote to memory of 2432	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	109
PID 5024 wrote to memory of 4636	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	110
PID 5024 wrote to memory of 4636	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	110
PID 5024 wrote to memory of 2912	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	111
PID 5024 wrote to memory of 2912	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	111
PID 5024 wrote to memory of 3276	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	112
PID 5024 wrote to memory of 3276	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	112
PID 5024 wrote to memory of 4540	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	113
PID 5024 wrote to memory of 4540	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	113
PID 5024 wrote to memory of 4220	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	114
PID 5024 wrote to memory of 4220	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	114
PID 5024 wrote to memory of 1188	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	115
PID 5024 wrote to memory of 1188	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	115
PID 5024 wrote to memory of 3488	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	116
PID 5024 wrote to memory of 3488	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	116
PID 5024 wrote to memory of 4936	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	117
PID 5024 wrote to memory of 4936	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	117
PID 5024 wrote to memory of 3016	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	118
PID 5024 wrote to memory of 3016	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	118
PID 5024 wrote to memory of 216	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	119
PID 5024 wrote to memory of 216	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	119
PID 5024 wrote to memory of 1420	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	121
PID 5024 wrote to memory of 1420	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	121
PID 5024 wrote to memory of 3616	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	122
PID 5024 wrote to memory of 3616	5024	30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe	122

C:\Users\Admin\AppData\Local\Temp\30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe
"C:\Users\Admin\AppData\Local\Temp\30f8cd3a31d7e70158407ad7dc42b51590aca7aadcda8a0963e86f6ac39a2d30.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Windows\System\ulYUXFM.exe
  C:\Windows\System\ulYUXFM.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\qYitarY.exe
  C:\Windows\System\qYitarY.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\rSwPUlM.exe
  C:\Windows\System\rSwPUlM.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\ozLKdbz.exe
  C:\Windows\System\ozLKdbz.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\hkyDRzv.exe
  C:\Windows\System\hkyDRzv.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\NjxuGMz.exe
  C:\Windows\System\NjxuGMz.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\OkqQsgr.exe
  C:\Windows\System\OkqQsgr.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\IHYEjya.exe
  C:\Windows\System\IHYEjya.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\hqEMxig.exe
  C:\Windows\System\hqEMxig.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\xqDpPWX.exe
  C:\Windows\System\xqDpPWX.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\YJzXulc.exe
  C:\Windows\System\YJzXulc.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\NYQTEhc.exe
  C:\Windows\System\NYQTEhc.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\BliGtlD.exe
  C:\Windows\System\BliGtlD.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\btrBPkx.exe
  C:\Windows\System\btrBPkx.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\PgOJnaw.exe
  C:\Windows\System\PgOJnaw.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\INJyOGn.exe
  C:\Windows\System\INJyOGn.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\EIxptMc.exe
  C:\Windows\System\EIxptMc.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\hVLpWcy.exe
  C:\Windows\System\hVLpWcy.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\GuMkVCn.exe
  C:\Windows\System\GuMkVCn.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\yPfjPLT.exe
  C:\Windows\System\yPfjPLT.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\OVPbMHP.exe
  C:\Windows\System\OVPbMHP.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\vpmXUmR.exe
  C:\Windows\System\vpmXUmR.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\VYqRKzn.exe
  C:\Windows\System\VYqRKzn.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\YuiWCEv.exe
  C:\Windows\System\YuiWCEv.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\TNWIRDR.exe
  C:\Windows\System\TNWIRDR.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\GLeqLue.exe
  C:\Windows\System\GLeqLue.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\cFWNSvO.exe
  C:\Windows\System\cFWNSvO.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\CVjfVEM.exe
  C:\Windows\System\CVjfVEM.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\CUVxtDf.exe
  C:\Windows\System\CUVxtDf.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ZTyyYHk.exe
  C:\Windows\System\ZTyyYHk.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\QeOShnW.exe
  C:\Windows\System\QeOShnW.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\xzSWLRB.exe
  C:\Windows\System\xzSWLRB.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\NqnKEHx.exe
  C:\Windows\System\NqnKEHx.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\XsimgYD.exe
  C:\Windows\System\XsimgYD.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\QHJRIly.exe
  C:\Windows\System\QHJRIly.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\atPHJLh.exe
  C:\Windows\System\atPHJLh.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\odLerVa.exe
  C:\Windows\System\odLerVa.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\mbKqOnR.exe
  C:\Windows\System\mbKqOnR.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\PdxdBIB.exe
  C:\Windows\System\PdxdBIB.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\OKtrbTD.exe
  C:\Windows\System\OKtrbTD.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\KgdkUrB.exe
  C:\Windows\System\KgdkUrB.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\USjPgXM.exe
  C:\Windows\System\USjPgXM.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\oRfXLAw.exe
  C:\Windows\System\oRfXLAw.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\kWwgInX.exe
  C:\Windows\System\kWwgInX.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\IuDSxYG.exe
  C:\Windows\System\IuDSxYG.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\geebrlq.exe
  C:\Windows\System\geebrlq.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\AsnyAIZ.exe
  C:\Windows\System\AsnyAIZ.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\CUMdIaw.exe
  C:\Windows\System\CUMdIaw.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ftLDhrD.exe
  C:\Windows\System\ftLDhrD.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ggFdUbE.exe
  C:\Windows\System\ggFdUbE.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\KCAKTNA.exe
  C:\Windows\System\KCAKTNA.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\hnaCTiC.exe
  C:\Windows\System\hnaCTiC.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\RmAxQYb.exe
  C:\Windows\System\RmAxQYb.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\wiRDbSi.exe
  C:\Windows\System\wiRDbSi.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\sKWvYBP.exe
  C:\Windows\System\sKWvYBP.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\wWyhvEM.exe
  C:\Windows\System\wWyhvEM.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\ZtpHDlC.exe
  C:\Windows\System\ZtpHDlC.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\TMlqJVP.exe
  C:\Windows\System\TMlqJVP.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\fVOkDzK.exe
  C:\Windows\System\fVOkDzK.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\AuaGjSv.exe
  C:\Windows\System\AuaGjSv.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\DbhVpxI.exe
  C:\Windows\System\DbhVpxI.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\AsOJoje.exe
  C:\Windows\System\AsOJoje.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\JnugEXS.exe
  C:\Windows\System\JnugEXS.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\jKKcrsD.exe
  C:\Windows\System\jKKcrsD.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\VNBerBQ.exe
  C:\Windows\System\VNBerBQ.exe
  2⤵
  PID:2016
- C:\Windows\System\WdjqkXs.exe
  C:\Windows\System\WdjqkXs.exe
  2⤵
  PID:1396
- C:\Windows\System\GcHjOjb.exe
  C:\Windows\System\GcHjOjb.exe
  2⤵
  PID:3720
- C:\Windows\System\ZGMLvEi.exe
  C:\Windows\System\ZGMLvEi.exe
  2⤵
  PID:4688
- C:\Windows\System\oVEMvdz.exe
  C:\Windows\System\oVEMvdz.exe
  2⤵
  PID:3216
- C:\Windows\System\UZgnstq.exe
  C:\Windows\System\UZgnstq.exe
  2⤵
  PID:1228
- C:\Windows\System\wcZgjcE.exe
  C:\Windows\System\wcZgjcE.exe
  2⤵
  PID:2516
- C:\Windows\System\UAgZAMp.exe
  C:\Windows\System\UAgZAMp.exe
  2⤵
  PID:1632
- C:\Windows\System\lxHnFOa.exe
  C:\Windows\System\lxHnFOa.exe
  2⤵
  PID:772
- C:\Windows\System\pILnckx.exe
  C:\Windows\System\pILnckx.exe
  2⤵
  PID:4864
- C:\Windows\System\YMujwEe.exe
  C:\Windows\System\YMujwEe.exe
  2⤵
  PID:4112
- C:\Windows\System\aVkNUBs.exe
  C:\Windows\System\aVkNUBs.exe
  2⤵
  PID:3508
- C:\Windows\System\UwjvKnb.exe
  C:\Windows\System\UwjvKnb.exe
  2⤵
  PID:3888
- C:\Windows\System\bxfTgAe.exe
  C:\Windows\System\bxfTgAe.exe
  2⤵
  PID:4312
- C:\Windows\System\IBtUURG.exe
  C:\Windows\System\IBtUURG.exe
  2⤵
  PID:4736
- C:\Windows\System\HQyNUnl.exe
  C:\Windows\System\HQyNUnl.exe
  2⤵
  PID:1680
- C:\Windows\System\letCUJD.exe
  C:\Windows\System\letCUJD.exe
  2⤵
  PID:8
- C:\Windows\System\WNvzfMS.exe
  C:\Windows\System\WNvzfMS.exe
  2⤵
  PID:4056
- C:\Windows\System\dsMEkRP.exe
  C:\Windows\System\dsMEkRP.exe
  2⤵
  PID:3316
- C:\Windows\System\PTNtmAM.exe
  C:\Windows\System\PTNtmAM.exe
  2⤵
  PID:1312
- C:\Windows\System\uxUBLwH.exe
  C:\Windows\System\uxUBLwH.exe
  2⤵
  PID:4420
- C:\Windows\System\beMHhgA.exe
  C:\Windows\System\beMHhgA.exe
  2⤵
  PID:4080
- C:\Windows\System\JchtoSx.exe
  C:\Windows\System\JchtoSx.exe
  2⤵
  PID:3956
- C:\Windows\System\FkFsBev.exe
  C:\Windows\System\FkFsBev.exe
  2⤵
  PID:5144
- C:\Windows\System\yvRIMaM.exe
  C:\Windows\System\yvRIMaM.exe
  2⤵
  PID:5220
- C:\Windows\System\cYGGfud.exe
  C:\Windows\System\cYGGfud.exe
  2⤵
  PID:5244
- C:\Windows\System\UixQTTG.exe
  C:\Windows\System\UixQTTG.exe
  2⤵
  PID:5264
- C:\Windows\System\ZPARPHR.exe
  C:\Windows\System\ZPARPHR.exe
  2⤵
  PID:5288
- C:\Windows\System\LdGrIFK.exe
  C:\Windows\System\LdGrIFK.exe
  2⤵
  PID:5332
- C:\Windows\System\LXroMyp.exe
  C:\Windows\System\LXroMyp.exe
  2⤵
  PID:5352
- C:\Windows\System\mOEYIDM.exe
  C:\Windows\System\mOEYIDM.exe
  2⤵
  PID:5392
- C:\Windows\System\VWOpnJq.exe
  C:\Windows\System\VWOpnJq.exe
  2⤵
  PID:5408
- C:\Windows\System\ZpooLLm.exe
  C:\Windows\System\ZpooLLm.exe
  2⤵
  PID:5436
- C:\Windows\System\hzbkCmA.exe
  C:\Windows\System\hzbkCmA.exe
  2⤵
  PID:5488
- C:\Windows\System\iSEXWci.exe
  C:\Windows\System\iSEXWci.exe
  2⤵
  PID:5504
- C:\Windows\System\NwfdqNi.exe
  C:\Windows\System\NwfdqNi.exe
  2⤵
  PID:5532
- C:\Windows\System\ggkTvTm.exe
  C:\Windows\System\ggkTvTm.exe
  2⤵
  PID:5556
- C:\Windows\System\KdZrbkB.exe
  C:\Windows\System\KdZrbkB.exe
  2⤵
  PID:5624
- C:\Windows\System\YrikIPZ.exe
  C:\Windows\System\YrikIPZ.exe
  2⤵
  PID:5648
- C:\Windows\System\wUSBrHN.exe
  C:\Windows\System\wUSBrHN.exe
  2⤵
  PID:5676
- C:\Windows\System\ORZuAGW.exe
  C:\Windows\System\ORZuAGW.exe
  2⤵
  PID:5724
- C:\Windows\System\TPRteVi.exe
  C:\Windows\System\TPRteVi.exe
  2⤵
  PID:5744
- C:\Windows\System\NTJLyCy.exe
  C:\Windows\System\NTJLyCy.exe
  2⤵
  PID:5768
- C:\Windows\System\reyAYDy.exe
  C:\Windows\System\reyAYDy.exe
  2⤵
  PID:5796
- C:\Windows\System\JmNwFBz.exe
  C:\Windows\System\JmNwFBz.exe
  2⤵
  PID:5820
- C:\Windows\System\zogbYIJ.exe
  C:\Windows\System\zogbYIJ.exe
  2⤵
  PID:5836
- C:\Windows\System\vBmSTED.exe
  C:\Windows\System\vBmSTED.exe
  2⤵
  PID:5856
- C:\Windows\System\hyAvfXG.exe
  C:\Windows\System\hyAvfXG.exe
  2⤵
  PID:5916
- C:\Windows\System\BbTdilH.exe
  C:\Windows\System\BbTdilH.exe
  2⤵
  PID:5944
- C:\Windows\System\AQKJFaZ.exe
  C:\Windows\System\AQKJFaZ.exe
  2⤵
  PID:5992
- C:\Windows\System\khxoNnO.exe
  C:\Windows\System\khxoNnO.exe
  2⤵
  PID:6020
- C:\Windows\System\UncBQHE.exe
  C:\Windows\System\UncBQHE.exe
  2⤵
  PID:6048
- C:\Windows\System\hmMbFpa.exe
  C:\Windows\System\hmMbFpa.exe
  2⤵
  PID:6064
- C:\Windows\System\WzbIaBu.exe
  C:\Windows\System\WzbIaBu.exe
  2⤵
  PID:6096
- C:\Windows\System\AUrmObn.exe
  C:\Windows\System\AUrmObn.exe
  2⤵
  PID:6116
- C:\Windows\System\oyeAdwN.exe
  C:\Windows\System\oyeAdwN.exe
  2⤵
  PID:6132
- C:\Windows\System\nOueanv.exe
  C:\Windows\System\nOueanv.exe
  2⤵
  PID:2684
- C:\Windows\System\pjMKyIR.exe
  C:\Windows\System\pjMKyIR.exe
  2⤵
  PID:1324
- C:\Windows\System\DFkaajx.exe
  C:\Windows\System\DFkaajx.exe
  2⤵
  PID:5132
- C:\Windows\System\vqAfWFG.exe
  C:\Windows\System\vqAfWFG.exe
  2⤵
  PID:5280
- C:\Windows\System\aVbUkpG.exe
  C:\Windows\System\aVbUkpG.exe
  2⤵
  PID:5340
- C:\Windows\System\GrcFgFu.exe
  C:\Windows\System\GrcFgFu.exe
  2⤵
  PID:5400
- C:\Windows\System\hnMrBQg.exe
  C:\Windows\System\hnMrBQg.exe
  2⤵
  PID:5428
- C:\Windows\System\XZofYwD.exe
  C:\Windows\System\XZofYwD.exe
  2⤵
  PID:5500
- C:\Windows\System\GslVkDC.exe
  C:\Windows\System\GslVkDC.exe
  2⤵
  PID:2872
- C:\Windows\System\hRmfFgv.exe
  C:\Windows\System\hRmfFgv.exe
  2⤵
  PID:5576
- C:\Windows\System\mBsrXwo.exe
  C:\Windows\System\mBsrXwo.exe
  2⤵
  PID:324
- C:\Windows\System\dxwtSnA.exe
  C:\Windows\System\dxwtSnA.exe
  2⤵
  PID:5664
- C:\Windows\System\nfIRwTr.exe
  C:\Windows\System\nfIRwTr.exe
  2⤵
  PID:5716
- C:\Windows\System\uLTCrwH.exe
  C:\Windows\System\uLTCrwH.exe
  2⤵
  PID:6104
- C:\Windows\System\IcndOvb.exe
  C:\Windows\System\IcndOvb.exe
  2⤵
  PID:6128
- C:\Windows\System\smhMXyR.exe
  C:\Windows\System\smhMXyR.exe
  2⤵
  PID:1272
- C:\Windows\System\FnusCMG.exe
  C:\Windows\System\FnusCMG.exe
  2⤵
  PID:5380
- C:\Windows\System\AoEEnDL.exe
  C:\Windows\System\AoEEnDL.exe
  2⤵
  PID:5328
- C:\Windows\System\eZCylzU.exe
  C:\Windows\System\eZCylzU.exe
  2⤵
  PID:5596
- C:\Windows\System\dTtEUwx.exe
  C:\Windows\System\dTtEUwx.exe
  2⤵
  PID:5732
- C:\Windows\System\sBqutRO.exe
  C:\Windows\System\sBqutRO.exe
  2⤵
  PID:5908
- C:\Windows\System\BSUdGqU.exe
  C:\Windows\System\BSUdGqU.exe
  2⤵
  PID:5988
- C:\Windows\System\YODdVuh.exe
  C:\Windows\System\YODdVuh.exe
  2⤵
  PID:4740
- C:\Windows\System\CRmGlkr.exe
  C:\Windows\System\CRmGlkr.exe
  2⤵
  PID:5232
- C:\Windows\System\EERxnAc.exe
  C:\Windows\System\EERxnAc.exe
  2⤵
  PID:5136
- C:\Windows\System\giVdmNx.exe
  C:\Windows\System\giVdmNx.exe
  2⤵
  PID:5784
- C:\Windows\System\qZWjmVO.exe
  C:\Windows\System\qZWjmVO.exe
  2⤵
  PID:3912
- C:\Windows\System\nHmlNaT.exe
  C:\Windows\System\nHmlNaT.exe
  2⤵
  PID:4436
- C:\Windows\System\vwKKmNq.exe
  C:\Windows\System\vwKKmNq.exe
  2⤵
  PID:6148
- C:\Windows\System\zXmceos.exe
  C:\Windows\System\zXmceos.exe
  2⤵
  PID:6212
- C:\Windows\System\IwjqLjN.exe
  C:\Windows\System\IwjqLjN.exe
  2⤵
  PID:6232
- C:\Windows\System\QwqlTcX.exe
  C:\Windows\System\QwqlTcX.exe
  2⤵
  PID:6288
- C:\Windows\System\IWUlkXk.exe
  C:\Windows\System\IWUlkXk.exe
  2⤵
  PID:6308
- C:\Windows\System\jWTqals.exe
  C:\Windows\System\jWTqals.exe
  2⤵
  PID:6328
- C:\Windows\System\FJaqMWQ.exe
  C:\Windows\System\FJaqMWQ.exe
  2⤵
  PID:6360
- C:\Windows\System\ngYUjIO.exe
  C:\Windows\System\ngYUjIO.exe
  2⤵
  PID:6384
- C:\Windows\System\RMYtuHK.exe
  C:\Windows\System\RMYtuHK.exe
  2⤵
  PID:6412
- C:\Windows\System\AQHLlTU.exe
  C:\Windows\System\AQHLlTU.exe
  2⤵
  PID:6432
- C:\Windows\System\crNIjCL.exe
  C:\Windows\System\crNIjCL.exe
  2⤵
  PID:6460
- C:\Windows\System\ajUAOhf.exe
  C:\Windows\System\ajUAOhf.exe
  2⤵
  PID:6476
- C:\Windows\System\MtMYKus.exe
  C:\Windows\System\MtMYKus.exe
  2⤵
  PID:6496
- C:\Windows\System\Ljuaqtp.exe
  C:\Windows\System\Ljuaqtp.exe
  2⤵
  PID:6520
- C:\Windows\System\cMxPuUK.exe
  C:\Windows\System\cMxPuUK.exe
  2⤵
  PID:6536
- C:\Windows\System\PfLsfdg.exe
  C:\Windows\System\PfLsfdg.exe
  2⤵
  PID:6560
- C:\Windows\System\HBCnxdq.exe
  C:\Windows\System\HBCnxdq.exe
  2⤵
  PID:6576
- C:\Windows\System\aLsuwEr.exe
  C:\Windows\System\aLsuwEr.exe
  2⤵
  PID:6600
- C:\Windows\System\jRqPIlL.exe
  C:\Windows\System\jRqPIlL.exe
  2⤵
  PID:6620
- C:\Windows\System\nMAmWrO.exe
  C:\Windows\System\nMAmWrO.exe
  2⤵
  PID:6636
- C:\Windows\System\xluFtfB.exe
  C:\Windows\System\xluFtfB.exe
  2⤵
  PID:6660
- C:\Windows\System\fLVhSgn.exe
  C:\Windows\System\fLVhSgn.exe
  2⤵
  PID:6712
- C:\Windows\System\SuQagBk.exe
  C:\Windows\System\SuQagBk.exe
  2⤵
  PID:6740
- C:\Windows\System\OeYWIRq.exe
  C:\Windows\System\OeYWIRq.exe
  2⤵
  PID:6804
- C:\Windows\System\DMlJwhE.exe
  C:\Windows\System\DMlJwhE.exe
  2⤵
  PID:6896
- C:\Windows\System\xzSkSGK.exe
  C:\Windows\System\xzSkSGK.exe
  2⤵
  PID:6916
- C:\Windows\System\sfpLWmP.exe
  C:\Windows\System\sfpLWmP.exe
  2⤵
  PID:6936
- C:\Windows\System\hZDQFlr.exe
  C:\Windows\System\hZDQFlr.exe
  2⤵
  PID:6956
- C:\Windows\System\eKeIzpF.exe
  C:\Windows\System\eKeIzpF.exe
  2⤵
  PID:6980
- C:\Windows\System\kmUBAJK.exe
  C:\Windows\System\kmUBAJK.exe
  2⤵
  PID:7004
- C:\Windows\System\yOHASUM.exe
  C:\Windows\System\yOHASUM.exe
  2⤵
  PID:7036
- C:\Windows\System\hjpNVXP.exe
  C:\Windows\System\hjpNVXP.exe
  2⤵
  PID:7060
- C:\Windows\System\qMVcdiN.exe
  C:\Windows\System\qMVcdiN.exe
  2⤵
  PID:7084
- C:\Windows\System\WoBGNyr.exe
  C:\Windows\System\WoBGNyr.exe
  2⤵
  PID:7140
- C:\Windows\System\qunWtLZ.exe
  C:\Windows\System\qunWtLZ.exe
  2⤵
  PID:7164
- C:\Windows\System\dHgrSgf.exe
  C:\Windows\System\dHgrSgf.exe
  2⤵
  PID:6164
- C:\Windows\System\tLGBXyC.exe
  C:\Windows\System\tLGBXyC.exe
  2⤵
  PID:6224
- C:\Windows\System\FRYeSEc.exe
  C:\Windows\System\FRYeSEc.exe
  2⤵
  PID:6284
- C:\Windows\System\MbXIAaM.exe
  C:\Windows\System\MbXIAaM.exe
  2⤵
  PID:6344
- C:\Windows\System\kWCFqVq.exe
  C:\Windows\System\kWCFqVq.exe
  2⤵
  PID:6376
- C:\Windows\System\HdSjxiD.exe
  C:\Windows\System\HdSjxiD.exe
  2⤵
  PID:6348
- C:\Windows\System\CJOOeJD.exe
  C:\Windows\System\CJOOeJD.exe
  2⤵
  PID:6572
- C:\Windows\System\QAlTOUQ.exe
  C:\Windows\System\QAlTOUQ.exe
  2⤵
  PID:6456
- C:\Windows\System\EhttcQg.exe
  C:\Windows\System\EhttcQg.exe
  2⤵
  PID:6472
- C:\Windows\System\vwZtJmh.exe
  C:\Windows\System\vwZtJmh.exe
  2⤵
  PID:6596
- C:\Windows\System\qbCaZlW.exe
  C:\Windows\System\qbCaZlW.exe
  2⤵
  PID:6628
- C:\Windows\System\DoGdTSC.exe
  C:\Windows\System\DoGdTSC.exe
  2⤵
  PID:6656
- C:\Windows\System\MUscxXf.exe
  C:\Windows\System\MUscxXf.exe
  2⤵
  PID:6700
- C:\Windows\System\LzKcLyz.exe
  C:\Windows\System\LzKcLyz.exe
  2⤵
  PID:6796
- C:\Windows\System\udWRyVh.exe
  C:\Windows\System\udWRyVh.exe
  2⤵
  PID:6852
- C:\Windows\System\bsanyfY.exe
  C:\Windows\System\bsanyfY.exe
  2⤵
  PID:6820
- C:\Windows\System\xTgzMVY.exe
  C:\Windows\System\xTgzMVY.exe
  2⤵
  PID:6948
- C:\Windows\System\mCkmXMn.exe
  C:\Windows\System\mCkmXMn.exe
  2⤵
  PID:6884
- C:\Windows\System\VnWgUdA.exe
  C:\Windows\System\VnWgUdA.exe
  2⤵
  PID:6964
- C:\Windows\System\XzEhMuq.exe
  C:\Windows\System\XzEhMuq.exe
  2⤵
  PID:7052
- C:\Windows\System\TlEllRU.exe
  C:\Windows\System\TlEllRU.exe
  2⤵
  PID:6392
- C:\Windows\System\sMTxPYN.exe
  C:\Windows\System\sMTxPYN.exe
  2⤵
  PID:6260
- C:\Windows\System\CKMZAnU.exe
  C:\Windows\System\CKMZAnU.exe
  2⤵
  PID:6316
- C:\Windows\System\mrymHNa.exe
  C:\Windows\System\mrymHNa.exe
  2⤵
  PID:6588
- C:\Windows\System\PwzHwNg.exe
  C:\Windows\System\PwzHwNg.exe
  2⤵
  PID:7136
- C:\Windows\System\ezowvlu.exe
  C:\Windows\System\ezowvlu.exe
  2⤵
  PID:6768
- C:\Windows\System\DxAzsmz.exe
  C:\Windows\System\DxAzsmz.exe
  2⤵
  PID:7028
- C:\Windows\System\ijptOde.exe
  C:\Windows\System\ijptOde.exe
  2⤵
  PID:7172
- C:\Windows\System\eTTNZCs.exe
  C:\Windows\System\eTTNZCs.exe
  2⤵
  PID:7192
- C:\Windows\System\cVeTDno.exe
  C:\Windows\System\cVeTDno.exe
  2⤵
  PID:7220
- C:\Windows\System\xtArUrS.exe
  C:\Windows\System\xtArUrS.exe
  2⤵
  PID:7240
- C:\Windows\System\hkxZKWK.exe
  C:\Windows\System\hkxZKWK.exe
  2⤵
  PID:7264
- C:\Windows\System\fGoWfqp.exe
  C:\Windows\System\fGoWfqp.exe
  2⤵
  PID:7288
- C:\Windows\System\dBaPFiy.exe
  C:\Windows\System\dBaPFiy.exe
  2⤵
  PID:7304
- C:\Windows\System\OTaZDJG.exe
  C:\Windows\System\OTaZDJG.exe
  2⤵
  PID:7348
- C:\Windows\System\KnwbWWH.exe
  C:\Windows\System\KnwbWWH.exe
  2⤵
  PID:7372
- C:\Windows\System\TicZHje.exe
  C:\Windows\System\TicZHje.exe
  2⤵
  PID:7388
- C:\Windows\System\kdsJXKw.exe
  C:\Windows\System\kdsJXKw.exe
  2⤵
  PID:7420
- C:\Windows\System\IQbziCU.exe
  C:\Windows\System\IQbziCU.exe
  2⤵
  PID:7440
- C:\Windows\System\oXHJfvf.exe
  C:\Windows\System\oXHJfvf.exe
  2⤵
  PID:7464
- C:\Windows\System\Lefpnqz.exe
  C:\Windows\System\Lefpnqz.exe
  2⤵
  PID:7480
- C:\Windows\System\WQcVavU.exe
  C:\Windows\System\WQcVavU.exe
  2⤵
  PID:7496
- C:\Windows\System\SCDfpQZ.exe
  C:\Windows\System\SCDfpQZ.exe
  2⤵
  PID:7520
- C:\Windows\System\TMMPNHB.exe
  C:\Windows\System\TMMPNHB.exe
  2⤵
  PID:7576
- C:\Windows\System\nzPjhfA.exe
  C:\Windows\System\nzPjhfA.exe
  2⤵
  PID:7616
- C:\Windows\System\QofSqoS.exe
  C:\Windows\System\QofSqoS.exe
  2⤵
  PID:7644
- C:\Windows\System\LpSeiuC.exe
  C:\Windows\System\LpSeiuC.exe
  2⤵
  PID:7740
- C:\Windows\System\RvucgNi.exe
  C:\Windows\System\RvucgNi.exe
  2⤵
  PID:7764
- C:\Windows\System\iFIKHHr.exe
  C:\Windows\System\iFIKHHr.exe
  2⤵
  PID:7784
- C:\Windows\System\KGOtDrB.exe
  C:\Windows\System\KGOtDrB.exe
  2⤵
  PID:7804
- C:\Windows\System\oMOFNHB.exe
  C:\Windows\System\oMOFNHB.exe
  2⤵
  PID:7832
- C:\Windows\System\lEFMkUp.exe
  C:\Windows\System\lEFMkUp.exe
  2⤵
  PID:7848
- C:\Windows\System\vuuxpAQ.exe
  C:\Windows\System\vuuxpAQ.exe
  2⤵
  PID:7872
- C:\Windows\System\ilHqBup.exe
  C:\Windows\System\ilHqBup.exe
  2⤵
  PID:7892
- C:\Windows\System\tJYiBNl.exe
  C:\Windows\System\tJYiBNl.exe
  2⤵
  PID:7912
- C:\Windows\System\cgzxuSN.exe
  C:\Windows\System\cgzxuSN.exe
  2⤵
  PID:7932
- C:\Windows\System\CjusmSA.exe
  C:\Windows\System\CjusmSA.exe
  2⤵
  PID:7956
- C:\Windows\System\dwxAdAk.exe
  C:\Windows\System\dwxAdAk.exe
  2⤵
  PID:8024
- C:\Windows\System\djVbtwm.exe
  C:\Windows\System\djVbtwm.exe
  2⤵
  PID:8048
- C:\Windows\System\VuscaOJ.exe
  C:\Windows\System\VuscaOJ.exe
  2⤵
  PID:8076
- C:\Windows\System\lnSqnkh.exe
  C:\Windows\System\lnSqnkh.exe
  2⤵
  PID:8092
- C:\Windows\System\IYkAAXQ.exe
  C:\Windows\System\IYkAAXQ.exe
  2⤵
  PID:8108
- C:\Windows\System\WdWxRSm.exe
  C:\Windows\System\WdWxRSm.exe
  2⤵
  PID:8132
- C:\Windows\System\awzjIeJ.exe
  C:\Windows\System\awzjIeJ.exe
  2⤵
  PID:8156
- C:\Windows\System\aqXNGAL.exe
  C:\Windows\System\aqXNGAL.exe
  2⤵
  PID:7100
- C:\Windows\System\UHWSnwz.exe
  C:\Windows\System\UHWSnwz.exe
  2⤵
  PID:7204
- C:\Windows\System\ERKYJEW.exe
  C:\Windows\System\ERKYJEW.exe
  2⤵
  PID:7300
- C:\Windows\System\tAQBozy.exe
  C:\Windows\System\tAQBozy.exe
  2⤵
  PID:7356
- C:\Windows\System\UiIEanx.exe
  C:\Windows\System\UiIEanx.exe
  2⤵
  PID:7396
- C:\Windows\System\ETvmdjz.exe
  C:\Windows\System\ETvmdjz.exe
  2⤵
  PID:7568
- C:\Windows\System\ZYQhrLT.exe
  C:\Windows\System\ZYQhrLT.exe
  2⤵
  PID:7700
- C:\Windows\System\lQSRoKt.exe
  C:\Windows\System\lQSRoKt.exe
  2⤵
  PID:7612
- C:\Windows\System\aDrymJc.exe
  C:\Windows\System\aDrymJc.exe
  2⤵
  PID:7756
- C:\Windows\System\KLRjoMB.exe
  C:\Windows\System\KLRjoMB.exe
  2⤵
  PID:7800
- C:\Windows\System\LbnEfyg.exe
  C:\Windows\System\LbnEfyg.exe
  2⤵
  PID:7824
- C:\Windows\System\QNlqpML.exe
  C:\Windows\System\QNlqpML.exe
  2⤵
  PID:7908
- C:\Windows\System\mHYxyaP.exe
  C:\Windows\System\mHYxyaP.exe
  2⤵
  PID:7880
- C:\Windows\System\IdpvZAO.exe
  C:\Windows\System\IdpvZAO.exe
  2⤵
  PID:8088
- C:\Windows\System\RXkFSIV.exe
  C:\Windows\System\RXkFSIV.exe
  2⤵
  PID:8056
- C:\Windows\System\MkbHyWK.exe
  C:\Windows\System\MkbHyWK.exe
  2⤵
  PID:8020
- C:\Windows\System\OSMkZDL.exe
  C:\Windows\System\OSMkZDL.exe
  2⤵
  PID:8124
- C:\Windows\System\bZqsJzP.exe
  C:\Windows\System\bZqsJzP.exe
  2⤵
  PID:6928
- C:\Windows\System\CfqfpwJ.exe
  C:\Windows\System\CfqfpwJ.exe
  2⤵
  PID:7228
- C:\Windows\System\iYkKCtn.exe
  C:\Windows\System\iYkKCtn.exe
  2⤵
  PID:7212
- C:\Windows\System\HPsqWQN.exe
  C:\Windows\System\HPsqWQN.exe
  2⤵
  PID:7384
- C:\Windows\System\pqpLUbQ.exe
  C:\Windows\System\pqpLUbQ.exe
  2⤵
  PID:7596
- C:\Windows\System\KTXGHqF.exe
  C:\Windows\System\KTXGHqF.exe
  2⤵
  PID:8032
- C:\Windows\System\jNQphKJ.exe
  C:\Windows\System\jNQphKJ.exe
  2⤵
  PID:7864
- C:\Windows\System\XhlfSPN.exe
  C:\Windows\System\XhlfSPN.exe
  2⤵
  PID:7492
- C:\Windows\System\fiCRvhW.exe
  C:\Windows\System\fiCRvhW.exe
  2⤵
  PID:7820
- C:\Windows\System\WTyjhPi.exe
  C:\Windows\System\WTyjhPi.exe
  2⤵
  PID:6608
- C:\Windows\System\cTbyhEp.exe
  C:\Windows\System\cTbyhEp.exe
  2⤵
  PID:1700
- C:\Windows\System\XXknRti.exe
  C:\Windows\System\XXknRti.exe
  2⤵
  PID:3324
- C:\Windows\System\KwcDDUr.exe
  C:\Windows\System\KwcDDUr.exe
  2⤵
  PID:4260
- C:\Windows\System\aihPagi.exe
  C:\Windows\System\aihPagi.exe
  2⤵
  PID:2756
- C:\Windows\System\lgzEhrY.exe
  C:\Windows\System\lgzEhrY.exe
  2⤵
  PID:1256
- C:\Windows\System\KLgVbFQ.exe
  C:\Windows\System\KLgVbFQ.exe
  2⤵
  PID:2380
- C:\Windows\System\obIquHq.exe
  C:\Windows\System\obIquHq.exe
  2⤵
  PID:1764
- C:\Windows\System\XyDPjJY.exe
  C:\Windows\System\XyDPjJY.exe
  2⤵
  PID:4616
- C:\Windows\System\DCowwzl.exe
  C:\Windows\System\DCowwzl.exe
  2⤵
  PID:1136
- C:\Windows\System\ScXOnpL.exe
  C:\Windows\System\ScXOnpL.exe
  2⤵
  PID:1816
- C:\Windows\System\XsqJWMv.exe
  C:\Windows\System\XsqJWMv.exe
  2⤵
  PID:5016
- C:\Windows\System\mtmUpnu.exe
  C:\Windows\System\mtmUpnu.exe
  2⤵
  PID:4176
- C:\Windows\System\HgznTBZ.exe
  C:\Windows\System\HgznTBZ.exe
  2⤵
  PID:3480
- C:\Windows\System\FkYCqmT.exe
  C:\Windows\System\FkYCqmT.exe
  2⤵
  PID:4228
- C:\Windows\System\uMPzuGF.exe
  C:\Windows\System\uMPzuGF.exe
  2⤵
  PID:4552
- C:\Windows\System\SPmDijF.exe
  C:\Windows\System\SPmDijF.exe
  2⤵
  PID:4284
- C:\Windows\System\CyxSDjk.exe
  C:\Windows\System\CyxSDjk.exe
  2⤵
  PID:1904
- C:\Windows\System\FSDQPvR.exe
  C:\Windows\System\FSDQPvR.exe
  2⤵
  PID:4996
- C:\Windows\System\JWNAVGN.exe
  C:\Windows\System\JWNAVGN.exe
  2⤵
  PID:2696
- C:\Windows\System\osMHgbz.exe
  C:\Windows\System\osMHgbz.exe
  2⤵
  PID:3248
- C:\Windows\System\mayGNHr.exe
  C:\Windows\System\mayGNHr.exe
  2⤵
  PID:1484
- C:\Windows\System\qyVtjHD.exe
  C:\Windows\System\qyVtjHD.exe
  2⤵
  PID:3504
- C:\Windows\System\aXGDRMX.exe
  C:\Windows\System\aXGDRMX.exe
  2⤵
  PID:3828
- C:\Windows\System\lXhLPqZ.exe
  C:\Windows\System\lXhLPqZ.exe
  2⤵
  PID:2472
- C:\Windows\System\nsMVwbO.exe
  C:\Windows\System\nsMVwbO.exe
  2⤵
  PID:8200
- C:\Windows\System\XCDtjaH.exe
  C:\Windows\System\XCDtjaH.exe
  2⤵
  PID:8288
- C:\Windows\System\ZPClZOh.exe
  C:\Windows\System\ZPClZOh.exe
  2⤵
  PID:8312
- C:\Windows\System\owhhgDN.exe
  C:\Windows\System\owhhgDN.exe
  2⤵
  PID:8328
- C:\Windows\System\WepVLxJ.exe
  C:\Windows\System\WepVLxJ.exe
  2⤵
  PID:8356
- C:\Windows\System\LrkEpAB.exe
  C:\Windows\System\LrkEpAB.exe
  2⤵
  PID:8380
- C:\Windows\System\vXLOgYp.exe
  C:\Windows\System\vXLOgYp.exe
  2⤵
  PID:8404
- C:\Windows\System\PBHVpfu.exe
  C:\Windows\System\PBHVpfu.exe
  2⤵
  PID:8428
- C:\Windows\System\trmTMMS.exe
  C:\Windows\System\trmTMMS.exe
  2⤵
  PID:8448
- C:\Windows\System\TrSgGMn.exe
  C:\Windows\System\TrSgGMn.exe
  2⤵
  PID:8472
- C:\Windows\System\KiUjhVy.exe
  C:\Windows\System\KiUjhVy.exe
  2⤵
  PID:8496
- C:\Windows\System\gbbVeki.exe
  C:\Windows\System\gbbVeki.exe
  2⤵
  PID:8516
- C:\Windows\System\CrypFuj.exe
  C:\Windows\System\CrypFuj.exe
  2⤵
  PID:8568
- C:\Windows\System\cIwuNwM.exe
  C:\Windows\System\cIwuNwM.exe
  2⤵
  PID:8600
- C:\Windows\System\PQyDloO.exe
  C:\Windows\System\PQyDloO.exe
  2⤵
  PID:8624
- C:\Windows\System\hfNZqMY.exe
  C:\Windows\System\hfNZqMY.exe
  2⤵
  PID:8680
- C:\Windows\System\HWrBDzU.exe
  C:\Windows\System\HWrBDzU.exe
  2⤵
  PID:8700
- C:\Windows\System\yulQrMU.exe
  C:\Windows\System\yulQrMU.exe
  2⤵
  PID:8716
- C:\Windows\System\JvhLEbM.exe
  C:\Windows\System\JvhLEbM.exe
  2⤵
  PID:8740
- C:\Windows\System\nfBVOvj.exe
  C:\Windows\System\nfBVOvj.exe
  2⤵
  PID:8764
- C:\Windows\System\BNnLLSs.exe
  C:\Windows\System\BNnLLSs.exe
  2⤵
  PID:8780
- C:\Windows\System\sQLaTZX.exe
  C:\Windows\System\sQLaTZX.exe
  2⤵
  PID:8800
- C:\Windows\System\vXYpaEk.exe
  C:\Windows\System\vXYpaEk.exe
  2⤵
  PID:8828
- C:\Windows\System\BtrmUTy.exe
  C:\Windows\System\BtrmUTy.exe
  2⤵
  PID:8852
- C:\Windows\System\WkPTCaA.exe
  C:\Windows\System\WkPTCaA.exe
  2⤵
  PID:8928
- C:\Windows\System\CjTWCTq.exe
  C:\Windows\System\CjTWCTq.exe
  2⤵
  PID:8944
- C:\Windows\System\FuCZaWt.exe
  C:\Windows\System\FuCZaWt.exe
  2⤵
  PID:8968
- C:\Windows\System\LKGvfxr.exe
  C:\Windows\System\LKGvfxr.exe
  2⤵
  PID:8992
- C:\Windows\System\sANDATm.exe
  C:\Windows\System\sANDATm.exe
  2⤵
  PID:9068
- C:\Windows\System\tjLlYBB.exe
  C:\Windows\System\tjLlYBB.exe
  2⤵
  PID:9092
- C:\Windows\System\Kcsksjf.exe
  C:\Windows\System\Kcsksjf.exe
  2⤵
  PID:9112
- C:\Windows\System\TCkxnjK.exe
  C:\Windows\System\TCkxnjK.exe
  2⤵
  PID:9140
- C:\Windows\System\dfBPqQE.exe
  C:\Windows\System\dfBPqQE.exe
  2⤵
  PID:9160
- C:\Windows\System\mtbwElj.exe
  C:\Windows\System\mtbwElj.exe
  2⤵
  PID:9192
- C:\Windows\System\vhBwXty.exe
  C:\Windows\System\vhBwXty.exe
  2⤵
  PID:1012
- C:\Windows\System\AEqgXqx.exe
  C:\Windows\System\AEqgXqx.exe
  2⤵
  PID:2816
- C:\Windows\System\bnlVwmR.exe
  C:\Windows\System\bnlVwmR.exe
  2⤵
  PID:8444
- C:\Windows\System\lopKHhR.exe
  C:\Windows\System\lopKHhR.exe
  2⤵
  PID:8664
- C:\Windows\System\GccPQek.exe
  C:\Windows\System\GccPQek.exe
  2⤵
  PID:8692
- C:\Windows\System\eqcmpIr.exe
  C:\Windows\System\eqcmpIr.exe
  2⤵
  PID:8756
- C:\Windows\System\GGxqWoX.exe
  C:\Windows\System\GGxqWoX.exe
  2⤵
  PID:8792
- C:\Windows\System\usgyuxp.exe
  C:\Windows\System\usgyuxp.exe
  2⤵
  PID:8868
- C:\Windows\System\kdzVFqZ.exe
  C:\Windows\System\kdzVFqZ.exe
  2⤵
  PID:8936
- C:\Windows\System\BEykZav.exe
  C:\Windows\System\BEykZav.exe
  2⤵
  PID:8904
- C:\Windows\System\MIIBOig.exe
  C:\Windows\System\MIIBOig.exe
  2⤵
  PID:8952
- C:\Windows\System\PFOwwLK.exe
  C:\Windows\System\PFOwwLK.exe
  2⤵
  PID:9084
- C:\Windows\System\uWZuEav.exe
  C:\Windows\System\uWZuEav.exe
  2⤵
  PID:9148
- C:\Windows\System\fvBoCNe.exe
  C:\Windows\System\fvBoCNe.exe
  2⤵
  PID:9180
- C:\Windows\System\GECjozH.exe
  C:\Windows\System\GECjozH.exe
  2⤵
  PID:3692
- C:\Windows\System\ATyRNtF.exe
  C:\Windows\System\ATyRNtF.exe
  2⤵
  PID:1112
- C:\Windows\System\yxZcAHN.exe
  C:\Windows\System\yxZcAHN.exe
  2⤵
  PID:8244
- C:\Windows\System\PWFujrG.exe
  C:\Windows\System\PWFujrG.exe
  2⤵
  PID:8296
- C:\Windows\System\MYAeFeZ.exe
  C:\Windows\System\MYAeFeZ.exe
  2⤵
  PID:4448
- C:\Windows\System\EMruMvO.exe
  C:\Windows\System\EMruMvO.exe
  2⤵
  PID:8388
- C:\Windows\System\ZYrCYHt.exe
  C:\Windows\System\ZYrCYHt.exe
  2⤵
  PID:7016
- C:\Windows\System\CeKiHDF.exe
  C:\Windows\System\CeKiHDF.exe
  2⤵
  PID:2060
- C:\Windows\System\aiTgbjK.exe
  C:\Windows\System\aiTgbjK.exe
  2⤵
  PID:764
- C:\Windows\System\XpePepk.exe
  C:\Windows\System\XpePepk.exe
  2⤵
  PID:3836
- C:\Windows\System\eaNCrhw.exe
  C:\Windows\System\eaNCrhw.exe
  2⤵
  PID:944
- C:\Windows\System\PWOpjNp.exe
  C:\Windows\System\PWOpjNp.exe
  2⤵
  PID:4232
- C:\Windows\System\FkBxSzu.exe
  C:\Windows\System\FkBxSzu.exe
  2⤵
  PID:8508
- C:\Windows\System\uskcFMf.exe
  C:\Windows\System\uskcFMf.exe
  2⤵
  PID:8556
- C:\Windows\System\QktBcMX.exe
  C:\Windows\System\QktBcMX.exe
  2⤵
  PID:4328
- C:\Windows\System\zZeNXZK.exe
  C:\Windows\System\zZeNXZK.exe
  2⤵
  PID:1092
- C:\Windows\System\zGwlhzj.exe
  C:\Windows\System\zGwlhzj.exe
  2⤵
  PID:8648
- C:\Windows\System\tKEqWHc.exe
  C:\Windows\System\tKEqWHc.exe
  2⤵
  PID:2396
- C:\Windows\System\JsegbDx.exe
  C:\Windows\System\JsegbDx.exe
  2⤵
  PID:1500
- C:\Windows\System\BHWSszD.exe
  C:\Windows\System\BHWSszD.exe
  2⤵
  PID:8708
- C:\Windows\System\vHGlwRq.exe
  C:\Windows\System\vHGlwRq.exe
  2⤵
  PID:8724
- C:\Windows\System\xhnCHed.exe
  C:\Windows\System\xhnCHed.exe
  2⤵
  PID:4776
- C:\Windows\System\caNEzzg.exe
  C:\Windows\System\caNEzzg.exe
  2⤵
  PID:8988
- C:\Windows\System\NSOmwKK.exe
  C:\Windows\System\NSOmwKK.exe
  2⤵
  PID:9128
- C:\Windows\System\djlZZOW.exe
  C:\Windows\System\djlZZOW.exe
  2⤵
  PID:4376
- C:\Windows\System\kcigJtU.exe
  C:\Windows\System\kcigJtU.exe
  2⤵
  PID:3024
- C:\Windows\System\tCONsuj.exe
  C:\Windows\System\tCONsuj.exe
  2⤵
  PID:5612
- C:\Windows\System\tgQWLEA.exe
  C:\Windows\System\tgQWLEA.exe
  2⤵
  PID:2068
- C:\Windows\System\YVJMxkS.exe
  C:\Windows\System\YVJMxkS.exe
  2⤵
  PID:8324
- C:\Windows\System\TQueipc.exe
  C:\Windows\System\TQueipc.exe
  2⤵
  PID:3104
- C:\Windows\System\oJxermS.exe
  C:\Windows\System\oJxermS.exe
  2⤵
  PID:5056
- C:\Windows\System\OLOqyUd.exe
  C:\Windows\System\OLOqyUd.exe
  2⤵
  PID:2896
- C:\Windows\System\anwoYnO.exe
  C:\Windows\System\anwoYnO.exe
  2⤵
  PID:2156
- C:\Windows\System\wmCFdru.exe
  C:\Windows\System\wmCFdru.exe
  2⤵
  PID:652
- C:\Windows\System\bxxXFMU.exe
  C:\Windows\System\bxxXFMU.exe
  2⤵
  PID:3744
- C:\Windows\System\LeqVNKG.exe
  C:\Windows\System\LeqVNKG.exe
  2⤵
  PID:3628
- C:\Windows\System\HGffbAc.exe
  C:\Windows\System\HGffbAc.exe
  2⤵
  PID:9120
- C:\Windows\System\jnIxfiz.exe
  C:\Windows\System\jnIxfiz.exe
  2⤵
  PID:1408
- C:\Windows\System\QnzZaHI.exe
  C:\Windows\System\QnzZaHI.exe
  2⤵
  PID:9020
- C:\Windows\System\DtwvPNb.exe
  C:\Windows\System\DtwvPNb.exe
  2⤵
  PID:1756
- C:\Windows\System\IROvVEQ.exe
  C:\Windows\System\IROvVEQ.exe
  2⤵
  PID:4756
- C:\Windows\System\IiyVULW.exe
  C:\Windows\System\IiyVULW.exe
  2⤵
  PID:2220
- C:\Windows\System\rZROtZU.exe
  C:\Windows\System\rZROtZU.exe
  2⤵
  PID:9004
- C:\Windows\System\HZYOwFi.exe
  C:\Windows\System\HZYOwFi.exe
  2⤵
  PID:9236
- C:\Windows\System\HxKNNav.exe
  C:\Windows\System\HxKNNav.exe
  2⤵
  PID:9256
- C:\Windows\System\vDjlecT.exe
  C:\Windows\System\vDjlecT.exe
  2⤵
  PID:9384
- C:\Windows\System\UXZtvCK.exe
  C:\Windows\System\UXZtvCK.exe
  2⤵
  PID:9408
- C:\Windows\System\KSXLRGW.exe
  C:\Windows\System\KSXLRGW.exe
  2⤵
  PID:9472
- C:\Windows\System\VdYDpDU.exe
  C:\Windows\System\VdYDpDU.exe
  2⤵
  PID:9488
- C:\Windows\System\AHtYDIr.exe
  C:\Windows\System\AHtYDIr.exe
  2⤵
  PID:9512
- C:\Windows\System\RjOUlgk.exe
  C:\Windows\System\RjOUlgk.exe
  2⤵
  PID:9528
- C:\Windows\System\NphDfNW.exe
  C:\Windows\System\NphDfNW.exe
  2⤵
  PID:9552
- C:\Windows\System\FwiSwLr.exe
  C:\Windows\System\FwiSwLr.exe
  2⤵
  PID:9568
- C:\Windows\System\PBHoyyp.exe
  C:\Windows\System\PBHoyyp.exe
  2⤵
  PID:9592
- C:\Windows\System\YXmqyeo.exe
  C:\Windows\System\YXmqyeo.exe
  2⤵
  PID:9620
- C:\Windows\System\fItFrWl.exe
  C:\Windows\System\fItFrWl.exe
  2⤵
  PID:9636
- C:\Windows\System\YvmyytB.exe
  C:\Windows\System\YvmyytB.exe
  2⤵
  PID:9660
- C:\Windows\System\dYwiIML.exe
  C:\Windows\System\dYwiIML.exe
  2⤵
  PID:9704
- C:\Windows\System\vEcbqzO.exe
  C:\Windows\System\vEcbqzO.exe
  2⤵
  PID:9772
- C:\Windows\System\zdGWwHF.exe
  C:\Windows\System\zdGWwHF.exe
  2⤵
  PID:9796
- C:\Windows\System\xdJHrMS.exe
  C:\Windows\System\xdJHrMS.exe
  2⤵
  PID:9824
- C:\Windows\System\cCFOlec.exe
  C:\Windows\System\cCFOlec.exe
  2⤵
  PID:9872
- C:\Windows\System\WeObmPi.exe
  C:\Windows\System\WeObmPi.exe
  2⤵
  PID:9892
- C:\Windows\System\NrhsbFL.exe
  C:\Windows\System\NrhsbFL.exe
  2⤵
  PID:9908
- C:\Windows\System\dHpevzE.exe
  C:\Windows\System\dHpevzE.exe
  2⤵
  PID:9932
- C:\Windows\System\pNUtPSK.exe
  C:\Windows\System\pNUtPSK.exe
  2⤵
  PID:9956
- C:\Windows\System\vsKKNmD.exe
  C:\Windows\System\vsKKNmD.exe
  2⤵
  PID:9972
- C:\Windows\System\njEGnMj.exe
  C:\Windows\System\njEGnMj.exe
  2⤵
  PID:9992
- C:\Windows\System\oNIamVi.exe
  C:\Windows\System\oNIamVi.exe
  2⤵
  PID:10012
- C:\Windows\System\PdjIdUl.exe
  C:\Windows\System\PdjIdUl.exe
  2⤵
  PID:10028
- C:\Windows\System\rEZGliB.exe
  C:\Windows\System\rEZGliB.exe
  2⤵
  PID:10048
- C:\Windows\System\eMsslqZ.exe
  C:\Windows\System\eMsslqZ.exe
  2⤵
  PID:10068
- C:\Windows\System\jkTiCfw.exe
  C:\Windows\System\jkTiCfw.exe
  2⤵
  PID:10096
- C:\Windows\System\PJJqqRd.exe
  C:\Windows\System\PJJqqRd.exe
  2⤵
  PID:10112
- C:\Windows\System\VryignK.exe
  C:\Windows\System\VryignK.exe
  2⤵
  PID:10200
- C:\Windows\System\QBEdXVS.exe
  C:\Windows\System\QBEdXVS.exe
  2⤵
  PID:436
- C:\Windows\System\PbjhRxi.exe
  C:\Windows\System\PbjhRxi.exe
  2⤵
  PID:8392
- C:\Windows\System\zcdBeJT.exe
  C:\Windows\System\zcdBeJT.exe
  2⤵
  PID:8688
- C:\Windows\System\thwRcWw.exe
  C:\Windows\System\thwRcWw.exe
  2⤵
  PID:5360
- C:\Windows\System\OBwGmgu.exe
  C:\Windows\System\OBwGmgu.exe
  2⤵
  PID:9320
- C:\Windows\System\TXdoWuH.exe
  C:\Windows\System\TXdoWuH.exe
  2⤵
  PID:5704
- C:\Windows\System\KekEFFr.exe
  C:\Windows\System\KekEFFr.exe
  2⤵
  PID:9544
- C:\Windows\System\mLMGRYt.exe
  C:\Windows\System\mLMGRYt.exe
  2⤵
  PID:9628
- C:\Windows\System\KiDYUVj.exe
  C:\Windows\System\KiDYUVj.exe
  2⤵
  PID:5752
- C:\Windows\System\OdPaSop.exe
  C:\Windows\System\OdPaSop.exe
  2⤵
  PID:9540
- C:\Windows\System\LyrQkrp.exe
  C:\Windows\System\LyrQkrp.exe
  2⤵
  PID:5844
- C:\Windows\System\zhXYjcE.exe
  C:\Windows\System\zhXYjcE.exe
  2⤵
  PID:9604
- C:\Windows\System\AZzyBSh.exe
  C:\Windows\System\AZzyBSh.exe
  2⤵
  PID:9692
- C:\Windows\System\utaSwka.exe
  C:\Windows\System\utaSwka.exe
  2⤵
  PID:9720
- C:\Windows\System\EcaUppq.exe
  C:\Windows\System\EcaUppq.exe
  2⤵
  PID:9700
- C:\Windows\System\oUeTiAN.exe
  C:\Windows\System\oUeTiAN.exe
  2⤵
  PID:5936
- C:\Windows\System\EGEVFqT.exe
  C:\Windows\System\EGEVFqT.exe
  2⤵
  PID:9820
- C:\Windows\System\MEwNihe.exe
  C:\Windows\System\MEwNihe.exe
  2⤵
  PID:9868
- C:\Windows\System\axyyZWj.exe
  C:\Windows\System\axyyZWj.exe
  2⤵
  PID:9924
- C:\Windows\System\cTYOGrL.exe
  C:\Windows\System\cTYOGrL.exe
  2⤵
  PID:5152
- C:\Windows\System\ceZOsMK.exe
  C:\Windows\System\ceZOsMK.exe
  2⤵
  PID:9980
- C:\Windows\System\FqayEjr.exe
  C:\Windows\System\FqayEjr.exe
  2⤵
  PID:10008
- C:\Windows\System\HXGwfXh.exe
  C:\Windows\System\HXGwfXh.exe
  2⤵
  PID:64
- C:\Windows\System\ONTrpJT.exe
  C:\Windows\System\ONTrpJT.exe
  2⤵
  PID:10084
- C:\Windows\System\mNTbRiO.exe
  C:\Windows\System\mNTbRiO.exe
  2⤵
  PID:5636
- C:\Windows\System\VCDovUK.exe
  C:\Windows\System\VCDovUK.exe
  2⤵
  PID:10020
- C:\Windows\System\DYznFba.exe
  C:\Windows\System\DYznFba.exe
  2⤵
  PID:10040
- C:\Windows\System\ubuWmXZ.exe
  C:\Windows\System\ubuWmXZ.exe
  2⤵
  PID:10092
- C:\Windows\System\KrqHpKR.exe
  C:\Windows\System\KrqHpKR.exe
  2⤵
  PID:10212
- C:\Windows\System\fkWxDac.exe
  C:\Windows\System\fkWxDac.exe
  2⤵
  PID:5272
- C:\Windows\System\mWJxWYf.exe
  C:\Windows\System\mWJxWYf.exe
  2⤵
  PID:5444
- C:\Windows\System\atJKrMe.exe
  C:\Windows\System\atJKrMe.exe
  2⤵
  PID:5376
- C:\Windows\System\ybhCKOH.exe
  C:\Windows\System\ybhCKOH.exe
  2⤵
  PID:9372
- C:\Windows\System\QCejQvu.exe
  C:\Windows\System\QCejQvu.exe
  2⤵
  PID:9416
- C:\Windows\System\TgEsCag.exe
  C:\Windows\System\TgEsCag.exe
  2⤵
  PID:5260
- C:\Windows\System\QiykXru.exe
  C:\Windows\System\QiykXru.exe
  2⤵
  PID:9496
- C:\Windows\System\wJMLZtK.exe
  C:\Windows\System\wJMLZtK.exe
  2⤵
  PID:5464
- C:\Windows\System\FMQSLHM.exe
  C:\Windows\System\FMQSLHM.exe
  2⤵
  PID:5892
- C:\Windows\System\kuUpjZZ.exe
  C:\Windows\System\kuUpjZZ.exe
  2⤵
  PID:5632
- C:\Windows\System\wjNceHx.exe
  C:\Windows\System\wjNceHx.exe
  2⤵
  PID:5684
- C:\Windows\System\AaDTMmo.exe
  C:\Windows\System\AaDTMmo.exe
  2⤵
  PID:4728
- C:\Windows\System\CanEIXT.exe
  C:\Windows\System\CanEIXT.exe
  2⤵
  PID:5808
- C:\Windows\System\ywjdQsl.exe
  C:\Windows\System\ywjdQsl.exe
  2⤵
  PID:6452
- C:\Windows\System\MiouIsx.exe
  C:\Windows\System\MiouIsx.exe
  2⤵
  PID:9520
- C:\Windows\System\AUvCPvu.exe
  C:\Windows\System\AUvCPvu.exe
  2⤵
  PID:5852
- C:\Windows\System\HCgkNBf.exe
  C:\Windows\System\HCgkNBf.exe
  2⤵
  PID:6204
- C:\Windows\System\uhHXytK.exe
  C:\Windows\System\uhHXytK.exe
  2⤵
  PID:5572
- C:\Windows\System\vmnkCpL.exe
  C:\Windows\System\vmnkCpL.exe
  2⤵
  PID:6684
- C:\Windows\System\nHPlEaO.exe
  C:\Windows\System\nHPlEaO.exe
  2⤵
  PID:9760
- C:\Windows\System\luGekEm.exe
  C:\Windows\System\luGekEm.exe
  2⤵
  PID:5324
- C:\Windows\System\BhSSPsK.exe
  C:\Windows\System\BhSSPsK.exe
  2⤵
  PID:9724
- C:\Windows\System\NNXSFyq.exe
  C:\Windows\System\NNXSFyq.exe
  2⤵
  PID:6668
- C:\Windows\System\HIejSBo.exe
  C:\Windows\System\HIejSBo.exe
  2⤵
  PID:10172
- C:\Windows\System\gtuUwcR.exe
  C:\Windows\System\gtuUwcR.exe
  2⤵
  PID:9864
- C:\Windows\System\EjOOBqQ.exe
  C:\Windows\System\EjOOBqQ.exe
  2⤵
  PID:10136
- C:\Windows\System\MFczUNU.exe
  C:\Windows\System\MFczUNU.exe
  2⤵
  PID:9920
- C:\Windows\System\hAyePoS.exe
  C:\Windows\System\hAyePoS.exe
  2⤵
  PID:6140
- C:\Windows\System\KeIslXh.exe
  C:\Windows\System\KeIslXh.exe
  2⤵
  PID:5544
- C:\Windows\System\fxpmBZs.exe
  C:\Windows\System\fxpmBZs.exe
  2⤵
  PID:9964
- C:\Windows\System\TYUYcAU.exe
  C:\Windows\System\TYUYcAU.exe
  2⤵
  PID:5928
- C:\Windows\System\cbruzxU.exe
  C:\Windows\System\cbruzxU.exe
  2⤵
  PID:9984
- C:\Windows\System\INwajwm.exe
  C:\Windows\System\INwajwm.exe
  2⤵
  PID:5420
- C:\Windows\System\JVTyfrf.exe
  C:\Windows\System\JVTyfrf.exe
  2⤵
  PID:2668
- C:\Windows\System\EbVKPCE.exe
  C:\Windows\System\EbVKPCE.exe
  2⤵
  PID:3496
- C:\Windows\System\sYVNXMX.exe
  C:\Windows\System\sYVNXMX.exe
  2⤵
  PID:6720
- C:\Windows\System\UBOmXdA.exe
  C:\Windows\System\UBOmXdA.exe
  2⤵
  PID:6812
- C:\Windows\System\VyjWpBf.exe
  C:\Windows\System\VyjWpBf.exe
  2⤵
  PID:6000
- C:\Windows\System\dHSugdb.exe
  C:\Windows\System\dHSugdb.exe
  2⤵
  PID:9768
- C:\Windows\System\pfIirzO.exe
  C:\Windows\System\pfIirzO.exe
  2⤵
  PID:5788
- C:\Windows\System\EZxDJOP.exe
  C:\Windows\System\EZxDJOP.exe
  2⤵
  PID:5384
- C:\Windows\System\KLgrgdr.exe
  C:\Windows\System\KLgrgdr.exe
  2⤵
  PID:6324
- C:\Windows\System\bLwfUVY.exe
  C:\Windows\System\bLwfUVY.exe
  2⤵
  PID:5864
- C:\Windows\System\QZvehVQ.exe
  C:\Windows\System\QZvehVQ.exe
  2⤵
  PID:8248
- C:\Windows\System\oPgldcB.exe
  C:\Windows\System\oPgldcB.exe
  2⤵
  PID:8212
- C:\Windows\System\eIRQDFJ.exe
  C:\Windows\System\eIRQDFJ.exe
  2⤵
  PID:10108
- C:\Windows\System\FQUUIXK.exe
  C:\Windows\System\FQUUIXK.exe
  2⤵
  PID:6856
- C:\Windows\System\olyNVxg.exe
  C:\Windows\System\olyNVxg.exe
  2⤵
  PID:5540
- C:\Windows\System\wdlmKOG.exe
  C:\Windows\System\wdlmKOG.exe
  2⤵
  PID:1252
- C:\Windows\System\SRJeGTi.exe
  C:\Windows\System\SRJeGTi.exe
  2⤵
  PID:6516
- C:\Windows\System\QhrTvSC.exe
  C:\Windows\System\QhrTvSC.exe
  2⤵
  PID:5792
- C:\Windows\System\GoABret.exe
  C:\Windows\System\GoABret.exe
  2⤵
  PID:6924
- C:\Windows\System\QXaCUQh.exe
  C:\Windows\System\QXaCUQh.exe
  2⤵
  PID:6944
- C:\Windows\System\mxwcPub.exe
  C:\Windows\System\mxwcPub.exe
  2⤵
  PID:6492
- C:\Windows\System\eIrTBhP.exe
  C:\Windows\System\eIrTBhP.exe
  2⤵
  PID:7180
- C:\Windows\System\qqhgdUz.exe
  C:\Windows\System\qqhgdUz.exe
  2⤵
  PID:6396
- C:\Windows\System\pPSTboE.exe
  C:\Windows\System\pPSTboE.exe
  2⤵
  PID:6504
- C:\Windows\System\CPSvaqe.exe
  C:\Windows\System\CPSvaqe.exe
  2⤵
  PID:6876
- C:\Windows\System\NouSjCm.exe
  C:\Windows\System\NouSjCm.exe
  2⤵
  PID:7552
- C:\Windows\System\jMXSNtv.exe
  C:\Windows\System\jMXSNtv.exe
  2⤵
  PID:7760
- C:\Windows\System\cfySsWq.exe
  C:\Windows\System\cfySsWq.exe
  2⤵
  PID:7672
- C:\Windows\System\HrYpagU.exe
  C:\Windows\System\HrYpagU.exe
  2⤵
  PID:6408
- C:\Windows\System\kDksvtJ.exe
  C:\Windows\System\kDksvtJ.exe
  2⤵
  PID:6044
- C:\Windows\System\OcSFCQV.exe
  C:\Windows\System\OcSFCQV.exe
  2⤵
  PID:6932
- C:\Windows\System\DyYrIoP.exe
  C:\Windows\System\DyYrIoP.exe
  2⤵
  PID:5832
- C:\Windows\System\qKPOpje.exe
  C:\Windows\System\qKPOpje.exe
  2⤵
  PID:10120
- C:\Windows\System\pQCanXI.exe
  C:\Windows\System\pQCanXI.exe
  2⤵
  PID:7536
- C:\Windows\System\Aqybhme.exe
  C:\Windows\System\Aqybhme.exe
  2⤵
  PID:9332
- C:\Windows\System\ASarvWL.exe
  C:\Windows\System\ASarvWL.exe
  2⤵
  PID:5188
- C:\Windows\System\LvbSJlC.exe
  C:\Windows\System\LvbSJlC.exe
  2⤵
  PID:6972
- C:\Windows\System\rOCHHmD.exe
  C:\Windows\System\rOCHHmD.exe
  2⤵
  PID:7924
- C:\Windows\System\wWzfgll.exe
  C:\Windows\System\wWzfgll.exe
  2⤵
  PID:6092
- C:\Windows\System\CVKwXOE.exe
  C:\Windows\System\CVKwXOE.exe
  2⤵
  PID:5212
- C:\Windows\System\fQVrbBU.exe
  C:\Windows\System\fQVrbBU.exe
  2⤵
  PID:7200
- C:\Windows\System\vNGKBSq.exe
  C:\Windows\System\vNGKBSq.exe
  2⤵
  PID:7232
- C:\Windows\System\eXeNlhE.exe
  C:\Windows\System\eXeNlhE.exe
  2⤵
  PID:7868
- C:\Windows\System\ukIjdVY.exe
  C:\Windows\System\ukIjdVY.exe
  2⤵
  PID:8000
- C:\Windows\System\tSoWZqp.exe
  C:\Windows\System\tSoWZqp.exe
  2⤵
  PID:8164
- C:\Windows\System\jpBLTkv.exe
  C:\Windows\System\jpBLTkv.exe
  2⤵
  PID:376
- C:\Windows\System\CyGHXxD.exe
  C:\Windows\System\CyGHXxD.exe
  2⤵
  PID:8176
- C:\Windows\System\LOfCHxh.exe
  C:\Windows\System\LOfCHxh.exe
  2⤵
  PID:6584
- C:\Windows\System\pOTxhQm.exe
  C:\Windows\System\pOTxhQm.exe
  2⤵
  PID:7692
- C:\Windows\System\HxHUQLw.exe
  C:\Windows\System\HxHUQLw.exe
  2⤵
  PID:7476
- C:\Windows\System\bJetFPw.exe
  C:\Windows\System\bJetFPw.exe
  2⤵
  PID:7312
- C:\Windows\System\AWKqLFz.exe
  C:\Windows\System\AWKqLFz.exe
  2⤵
  PID:7512
- C:\Windows\System\LiYKJHH.exe
  C:\Windows\System\LiYKJHH.exe
  2⤵
  PID:9432
- C:\Windows\System\TsjSdoM.exe
  C:\Windows\System\TsjSdoM.exe
  2⤵
  PID:6012
- C:\Windows\System\NzpphRk.exe
  C:\Windows\System\NzpphRk.exe
  2⤵
  PID:4336
- C:\Windows\System\wRxggwu.exe
  C:\Windows\System\wRxggwu.exe
  2⤵
  PID:8152
- C:\Windows\System\FicgMEj.exe
  C:\Windows\System\FicgMEj.exe
  2⤵
  PID:7816
- C:\Windows\System\adoTWcx.exe
  C:\Windows\System\adoTWcx.exe
  2⤵
  PID:6484
- C:\Windows\System\OBwkbJm.exe
  C:\Windows\System\OBwkbJm.exe
  2⤵
  PID:9424
- C:\Windows\System\ffzaUOC.exe
  C:\Windows\System\ffzaUOC.exe
  2⤵
  PID:7360
- C:\Windows\System\fHEHLam.exe
  C:\Windows\System\fHEHLam.exe
  2⤵
  PID:8188
- C:\Windows\System\iUSWDjw.exe
  C:\Windows\System\iUSWDjw.exe
  2⤵
  PID:7944
- C:\Windows\System\udEyrZS.exe
  C:\Windows\System\udEyrZS.exe
  2⤵
  PID:7076
- C:\Windows\System\ePXRTkT.exe
  C:\Windows\System\ePXRTkT.exe
  2⤵
  PID:7256
- C:\Windows\System\PtFssED.exe
  C:\Windows\System\PtFssED.exe
  2⤵
  PID:6248
- C:\Windows\System\LptlphS.exe
  C:\Windows\System\LptlphS.exe
  2⤵
  PID:6824
- C:\Windows\System\jrdaAhr.exe
  C:\Windows\System\jrdaAhr.exe
  2⤵
  PID:4908
- C:\Windows\System\DswZbPY.exe
  C:\Windows\System\DswZbPY.exe
  2⤵
  PID:7884
- C:\Windows\System\HnDyAWy.exe
  C:\Windows\System\HnDyAWy.exe
  2⤵
  PID:7920
- C:\Windows\System\LYRDNAD.exe
  C:\Windows\System\LYRDNAD.exe
  2⤵
  PID:7952
- C:\Windows\System\xbpVPiF.exe
  C:\Windows\System\xbpVPiF.exe
  2⤵
  PID:10244
- C:\Windows\System\xVOMOBX.exe
  C:\Windows\System\xVOMOBX.exe
  2⤵
  PID:10260
- C:\Windows\System\wzULJQx.exe
  C:\Windows\System\wzULJQx.exe
  2⤵
  PID:10280
- C:\Windows\System\RWmTrHr.exe
  C:\Windows\System\RWmTrHr.exe
  2⤵
  PID:10296
- C:\Windows\System\yUvSPHn.exe
  C:\Windows\System\yUvSPHn.exe
  2⤵
  PID:10332
- C:\Windows\System\VRMdkbr.exe
  C:\Windows\System\VRMdkbr.exe
  2⤵
  PID:10352
- C:\Windows\System\qFhYNrQ.exe
  C:\Windows\System\qFhYNrQ.exe
  2⤵
  PID:10372
- C:\Windows\System\JnVORcJ.exe
  C:\Windows\System\JnVORcJ.exe
  2⤵
  PID:10408
- C:\Windows\System\YVTbUdO.exe
  C:\Windows\System\YVTbUdO.exe
  2⤵
  PID:10428
- C:\Windows\System\ujmtjFt.exe
  C:\Windows\System\ujmtjFt.exe
  2⤵
  PID:10472
- C:\Windows\System\jOUpnvz.exe
  C:\Windows\System\jOUpnvz.exe
  2⤵
  PID:10492
- C:\Windows\System\lTufjse.exe
  C:\Windows\System\lTufjse.exe
  2⤵
  PID:10512
- C:\Windows\System\meweOgw.exe
  C:\Windows\System\meweOgw.exe
  2⤵
  PID:10536
- C:\Windows\System\qJERnFd.exe
  C:\Windows\System\qJERnFd.exe
  2⤵
  PID:10572
- C:\Windows\System\CjziAfS.exe
  C:\Windows\System\CjziAfS.exe
  2⤵
  PID:10596
- C:\Windows\System\TClFJSH.exe
  C:\Windows\System\TClFJSH.exe
  2⤵
  PID:10616
- C:\Windows\System\JxjKZZD.exe
  C:\Windows\System\JxjKZZD.exe
  2⤵
  PID:10636
- C:\Windows\System\maTvMJc.exe
  C:\Windows\System\maTvMJc.exe
  2⤵
  PID:10656
- C:\Windows\System\zcKEFjc.exe
  C:\Windows\System\zcKEFjc.exe
  2⤵
  PID:10676
- C:\Windows\System\lojLUTJ.exe
  C:\Windows\System\lojLUTJ.exe
  2⤵
  PID:10696
- C:\Windows\System\nHObuBb.exe
  C:\Windows\System\nHObuBb.exe
  2⤵
  PID:10720
- C:\Windows\System\HNuFlOn.exe
  C:\Windows\System\HNuFlOn.exe
  2⤵
  PID:10744
- C:\Windows\System\gYiiFJi.exe
  C:\Windows\System\gYiiFJi.exe
  2⤵
  PID:10796
- C:\Windows\System\szizgSl.exe
  C:\Windows\System\szizgSl.exe
  2⤵
  PID:10816
- C:\Windows\System\qCkAZpa.exe
  C:\Windows\System\qCkAZpa.exe
  2⤵
  PID:10856
- C:\Windows\System\PlIsUvq.exe
  C:\Windows\System\PlIsUvq.exe
  2⤵
  PID:10904
- C:\Windows\System\QyBIAJP.exe
  C:\Windows\System\QyBIAJP.exe
  2⤵
  PID:10932
- C:\Windows\System\ZBGErCi.exe
  C:\Windows\System\ZBGErCi.exe
  2⤵
  PID:10992
- C:\Windows\System\oJvhEoC.exe
  C:\Windows\System\oJvhEoC.exe
  2⤵
  PID:11012
- C:\Windows\System\GDSgXoV.exe
  C:\Windows\System\GDSgXoV.exe
  2⤵
  PID:11040
- C:\Windows\System\rZUUqwe.exe
  C:\Windows\System\rZUUqwe.exe
  2⤵
  PID:11064
- C:\Windows\System\xFWTsDD.exe
  C:\Windows\System\xFWTsDD.exe
  2⤵
  PID:11084
- C:\Windows\System\QZrRVIB.exe
  C:\Windows\System\QZrRVIB.exe
  2⤵
  PID:11108
- C:\Windows\System\khWFWOP.exe
  C:\Windows\System\khWFWOP.exe
  2⤵
  PID:11164
- C:\Windows\System\pDDyTOU.exe
  C:\Windows\System\pDDyTOU.exe
  2⤵
  PID:11200
- C:\Windows\System\XJAIuur.exe
  C:\Windows\System\XJAIuur.exe
  2⤵
  PID:11220
- C:\Windows\System\LMHTbvW.exe
  C:\Windows\System\LMHTbvW.exe
  2⤵
  PID:10252
- C:\Windows\System\EGAzaoj.exe
  C:\Windows\System\EGAzaoj.exe
  2⤵
  PID:10308
- C:\Windows\System\dRyFINA.exe
  C:\Windows\System\dRyFINA.exe
  2⤵
  PID:10324
- C:\Windows\System\ttVRquv.exe
  C:\Windows\System\ttVRquv.exe
  2⤵
  PID:10368
- C:\Windows\System\hajHRir.exe
  C:\Windows\System\hajHRir.exe
  2⤵
  PID:10400
- C:\Windows\System\YWojvOu.exe
  C:\Windows\System\YWojvOu.exe
  2⤵
  PID:10508
- C:\Windows\System\zDRZMNE.exe
  C:\Windows\System\zDRZMNE.exe
  2⤵
  PID:10560
- C:\Windows\System\IbBnNpB.exe
  C:\Windows\System\IbBnNpB.exe
  2⤵
  PID:10608
- C:\Windows\System\YPuCLzo.exe
  C:\Windows\System\YPuCLzo.exe
  2⤵
  PID:6764
- C:\Windows\System\JfavdhK.exe
  C:\Windows\System\JfavdhK.exe
  2⤵
  PID:10704
- C:\Windows\System\yVpetqj.exe
  C:\Windows\System\yVpetqj.exe
  2⤵
  PID:10760
- C:\Windows\System\jkTaFzQ.exe
  C:\Windows\System\jkTaFzQ.exe
  2⤵
  PID:10896
- C:\Windows\System\xtyXWGE.exe
  C:\Windows\System\xtyXWGE.exe
  2⤵
  PID:10920
- C:\Windows\System\lLhcPZu.exe
  C:\Windows\System\lLhcPZu.exe
  2⤵
  PID:11076
- C:\Windows\System\mZirskU.exe
  C:\Windows\System\mZirskU.exe
  2⤵
  PID:11152
- C:\Windows\System\geevmsm.exe
  C:\Windows\System\geevmsm.exe
  2⤵
  PID:11188
- C:\Windows\System\JuqXQJZ.exe
  C:\Windows\System\JuqXQJZ.exe
  2⤵
  PID:11172
- C:\Windows\System\XkSWknA.exe
  C:\Windows\System\XkSWknA.exe
  2⤵
  PID:10276
- C:\Windows\System\FDpEADI.exe
  C:\Windows\System\FDpEADI.exe
  2⤵
  PID:10268
- C:\Windows\System\nMTGudC.exe
  C:\Windows\System\nMTGudC.exe
  2⤵
  PID:10448
- C:\Windows\System\ssfGZRd.exe
  C:\Windows\System\ssfGZRd.exe
  2⤵
  PID:10320
- C:\Windows\System\VgwAChs.exe
  C:\Windows\System\VgwAChs.exe
  2⤵
  PID:10552
- C:\Windows\System\CZrKFvN.exe
  C:\Windows\System\CZrKFvN.exe
  2⤵
  PID:10712
- C:\Windows\System\TlHTpMn.exe
  C:\Windows\System\TlHTpMn.exe
  2⤵
  PID:10864
- C:\Windows\System\heKVifA.exe
  C:\Windows\System\heKVifA.exe
  2⤵
  PID:10868
- C:\Windows\System\FHSQrYd.exe
  C:\Windows\System\FHSQrYd.exe
  2⤵
  PID:11156
- C:\Windows\System\OSRVZPY.exe
  C:\Windows\System\OSRVZPY.exe
  2⤵
  PID:10824
- C:\Windows\System\sSaiaYq.exe
  C:\Windows\System\sSaiaYq.exe
  2⤵
  PID:10444
- C:\Windows\System\xVRPiCw.exe
  C:\Windows\System\xVRPiCw.exe
  2⤵
  PID:10804
- C:\Windows\System\zsIFbNC.exe
  C:\Windows\System\zsIFbNC.exe
  2⤵
  PID:11000
- C:\Windows\System\poPVWIZ.exe
  C:\Windows\System\poPVWIZ.exe
  2⤵
  PID:11248
- C:\Windows\System\XMJiMMi.exe
  C:\Windows\System\XMJiMMi.exe
  2⤵
  PID:11284
- C:\Windows\System\mrGrGYU.exe
  C:\Windows\System\mrGrGYU.exe
  2⤵
  PID:11352
- C:\Windows\System\xEgmkob.exe
  C:\Windows\System\xEgmkob.exe
  2⤵
  PID:11372
- C:\Windows\System\CrfDRSX.exe
  C:\Windows\System\CrfDRSX.exe
  2⤵
  PID:11396
- C:\Windows\System\kGuxPHG.exe
  C:\Windows\System\kGuxPHG.exe
  2⤵
  PID:11416
- C:\Windows\System\ZmVdpdd.exe
  C:\Windows\System\ZmVdpdd.exe
  2⤵
  PID:11440
- C:\Windows\System\VXsHqjQ.exe
  C:\Windows\System\VXsHqjQ.exe
  2⤵
  PID:11456
- C:\Windows\System\qriBpJC.exe
  C:\Windows\System\qriBpJC.exe
  2⤵
  PID:11520
- C:\Windows\System\eMvONOn.exe
  C:\Windows\System\eMvONOn.exe
  2⤵
  PID:11564
- C:\Windows\System\RorLmMI.exe
  C:\Windows\System\RorLmMI.exe
  2⤵
  PID:11588
- C:\Windows\System\iAaVWEW.exe
  C:\Windows\System\iAaVWEW.exe
  2⤵
  PID:11616
- C:\Windows\System\HskSogo.exe
  C:\Windows\System\HskSogo.exe
  2⤵
  PID:11676
- C:\Windows\System\bruFyMG.exe
  C:\Windows\System\bruFyMG.exe
  2⤵
  PID:11700
- C:\Windows\System\BtmbLVn.exe
  C:\Windows\System\BtmbLVn.exe
  2⤵
  PID:11720
- C:\Windows\System\nDeHsxo.exe
  C:\Windows\System\nDeHsxo.exe
  2⤵
  PID:11744
- C:\Windows\System\GJhWNXE.exe
  C:\Windows\System\GJhWNXE.exe
  2⤵
  PID:11800
- C:\Windows\System\OvZQUNA.exe
  C:\Windows\System\OvZQUNA.exe
  2⤵
  PID:11816
- C:\Windows\System\uSyMbok.exe
  C:\Windows\System\uSyMbok.exe
  2⤵
  PID:11836
- C:\Windows\System\EWgVjhO.exe
  C:\Windows\System\EWgVjhO.exe
  2⤵
  PID:11856
- C:\Windows\System\dPGuXWg.exe
  C:\Windows\System\dPGuXWg.exe
  2⤵
  PID:11880
- C:\Windows\System\PfnniMU.exe
  C:\Windows\System\PfnniMU.exe
  2⤵
  PID:11896
- C:\Windows\System\TLMFHja.exe
  C:\Windows\System\TLMFHja.exe
  2⤵
  PID:11916
- C:\Windows\System\gfCVthF.exe
  C:\Windows\System\gfCVthF.exe
  2⤵
  PID:11940
- C:\Windows\System\NqWbYJt.exe
  C:\Windows\System\NqWbYJt.exe
  2⤵
  PID:11964
- C:\Windows\System\BxXCAhD.exe
  C:\Windows\System\BxXCAhD.exe
  2⤵
  PID:11996
- C:\Windows\System\WsvQIMs.exe
  C:\Windows\System\WsvQIMs.exe
  2⤵
  PID:12020
- C:\Windows\System\IAmGbbB.exe
  C:\Windows\System\IAmGbbB.exe
  2⤵
  PID:12092
- C:\Windows\System\RlCsunP.exe
  C:\Windows\System\RlCsunP.exe
  2⤵
  PID:12116
- C:\Windows\System\pNqVWSs.exe
  C:\Windows\System\pNqVWSs.exe
  2⤵
  PID:12132
- C:\Windows\System\VCdHVwz.exe
  C:\Windows\System\VCdHVwz.exe
  2⤵
  PID:12152
- C:\Windows\System\GXgdwSu.exe
  C:\Windows\System\GXgdwSu.exe
  2⤵
  PID:12176
- C:\Windows\System\FKoqYOn.exe
  C:\Windows\System\FKoqYOn.exe
  2⤵
  PID:12244
- C:\Windows\System\kfsFPpb.exe
  C:\Windows\System\kfsFPpb.exe
  2⤵
  PID:10360
- C:\Windows\System\mtYLeGd.exe
  C:\Windows\System\mtYLeGd.exe
  2⤵
  PID:11052
- C:\Windows\System\IxXdRbT.exe
  C:\Windows\System\IxXdRbT.exe
  2⤵
  PID:11276
- C:\Windows\System\GXfgFLq.exe
  C:\Windows\System\GXfgFLq.exe
  2⤵
  PID:11304
- C:\Windows\System\qIqFuOV.exe
  C:\Windows\System\qIqFuOV.exe
  2⤵
  PID:11368
- C:\Windows\System\sEmaJIX.exe
  C:\Windows\System\sEmaJIX.exe
  2⤵
  PID:11392
- C:\Windows\System\pHrvFeb.exe
  C:\Windows\System\pHrvFeb.exe
  2⤵
  PID:11532
- C:\Windows\System\AooRsQc.exe
  C:\Windows\System\AooRsQc.exe
  2⤵
  PID:11604
- C:\Windows\System\SCsGITl.exe
  C:\Windows\System\SCsGITl.exe
  2⤵
  PID:11592
- C:\Windows\System\hZBtFkJ.exe
  C:\Windows\System\hZBtFkJ.exe
  2⤵
  PID:11572
- C:\Windows\System\topGxTG.exe
  C:\Windows\System\topGxTG.exe
  2⤵
  PID:11660
- C:\Windows\System\SauAYpw.exe
  C:\Windows\System\SauAYpw.exe
  2⤵
  PID:11708
- C:\Windows\System\qzXsClF.exe
  C:\Windows\System\qzXsClF.exe
  2⤵
  PID:11752
- C:\Windows\System\RhcgpWU.exe
  C:\Windows\System\RhcgpWU.exe
  2⤵
  PID:11828
- C:\Windows\System\XEXfcOm.exe
  C:\Windows\System\XEXfcOm.exe
  2⤵
  PID:11892
- C:\Windows\System\EjPAFLH.exe
  C:\Windows\System\EjPAFLH.exe
  2⤵
  PID:12072
- C:\Windows\System\fehBdTu.exe
  C:\Windows\System\fehBdTu.exe
  2⤵
  PID:12012
- C:\Windows\System\bjfOurk.exe
  C:\Windows\System\bjfOurk.exe
  2⤵
  PID:12148
- C:\Windows\System\axZGIHI.exe
  C:\Windows\System\axZGIHI.exe
  2⤵
  PID:12124
- C:\Windows\System\WqonXIy.exe
  C:\Windows\System\WqonXIy.exe
  2⤵
  PID:12084
- C:\Windows\System\rZNfHtp.exe
  C:\Windows\System\rZNfHtp.exe
  2⤵
  PID:11364
- C:\Windows\System\AyHBKFK.exe
  C:\Windows\System\AyHBKFK.exe
  2⤵
  PID:11324
- C:\Windows\System\wGWmPFh.exe
  C:\Windows\System\wGWmPFh.exe
  2⤵
  PID:11484
- C:\Windows\System\VRUqDDY.exe
  C:\Windows\System\VRUqDDY.exe
  2⤵
  PID:12104
- C:\Windows\System\YbHgALc.exe
  C:\Windows\System\YbHgALc.exe
  2⤵
  PID:11868
- C:\Windows\System\ZtOBUcj.exe
  C:\Windows\System\ZtOBUcj.exe
  2⤵
  PID:12232
- C:\Windows\System\CGjVHer.exe
  C:\Windows\System\CGjVHer.exe
  2⤵
  PID:12108
- C:\Windows\System\OCUHMwW.exe
  C:\Windows\System\OCUHMwW.exe
  2⤵
  PID:11388
- C:\Windows\System\MDsnwqR.exe
  C:\Windows\System\MDsnwqR.exe
  2⤵
  PID:11844
- C:\Windows\System\nBxhPOn.exe
  C:\Windows\System\nBxhPOn.exe
  2⤵
  PID:11448
- C:\Windows\System\mtkNxRp.exe
  C:\Windows\System\mtkNxRp.exe
  2⤵
  PID:12344
- C:\Windows\System\htqwzvW.exe
  C:\Windows\System\htqwzvW.exe
  2⤵
  PID:12368
- C:\Windows\System\OHegIRg.exe
  C:\Windows\System\OHegIRg.exe
  2⤵
  PID:12420
- C:\Windows\System\JTSWpWi.exe
  C:\Windows\System\JTSWpWi.exe
  2⤵
  PID:12436
- C:\Windows\System\TyPcUDc.exe
  C:\Windows\System\TyPcUDc.exe
  2⤵
  PID:12460
- C:\Windows\System\zoiKwoV.exe
  C:\Windows\System\zoiKwoV.exe
  2⤵
  PID:12484
- C:\Windows\System\uaexdQB.exe
  C:\Windows\System\uaexdQB.exe
  2⤵
  PID:12500
- C:\Windows\System\WxoZxFW.exe
  C:\Windows\System\WxoZxFW.exe
  2⤵
  PID:12524
- C:\Windows\System\cdPtcCu.exe
  C:\Windows\System\cdPtcCu.exe
  2⤵
  PID:12540
- C:\Windows\System\VwZuXSr.exe
  C:\Windows\System\VwZuXSr.exe
  2⤵
  PID:12568
- C:\Windows\System\YipUaEG.exe
  C:\Windows\System\YipUaEG.exe
  2⤵
  PID:12624
- C:\Windows\System\TOOKeXC.exe
  C:\Windows\System\TOOKeXC.exe
  2⤵
  PID:12648
- C:\Windows\System\dTfWCdJ.exe
  C:\Windows\System\dTfWCdJ.exe
  2⤵
  PID:12668
- C:\Windows\System\piLGWBm.exe
  C:\Windows\System\piLGWBm.exe
  2⤵
  PID:12684
- C:\Windows\System\VJsVfBW.exe
  C:\Windows\System\VJsVfBW.exe
  2⤵
  PID:12704
- C:\Windows\System\FMvsACu.exe
  C:\Windows\System\FMvsACu.exe
  2⤵
  PID:12728
- C:\Windows\System\FKLWamk.exe
  C:\Windows\System\FKLWamk.exe
  2⤵
  PID:12752
- C:\Windows\System\opMpmkx.exe
  C:\Windows\System\opMpmkx.exe
  2⤵
  PID:12808
- C:\Windows\System\fQWcSmi.exe
  C:\Windows\System\fQWcSmi.exe
  2⤵
  PID:12840
- C:\Windows\System\YGNCdxW.exe
  C:\Windows\System\YGNCdxW.exe
  2⤵
  PID:12856
- C:\Windows\System\gTPiaFf.exe
  C:\Windows\System\gTPiaFf.exe
  2⤵
  PID:12876
- C:\Windows\System\XEkgggl.exe
  C:\Windows\System\XEkgggl.exe
  2⤵
  PID:12892
- C:\Windows\System\wckMMJw.exe
  C:\Windows\System\wckMMJw.exe
  2⤵
  PID:12916
- C:\Windows\System\RmVZrxi.exe
  C:\Windows\System\RmVZrxi.exe
  2⤵
  PID:12940
- C:\Windows\System\KrVECwc.exe
  C:\Windows\System\KrVECwc.exe
  2⤵
  PID:12956
- C:\Windows\System\hWzrIyB.exe
  C:\Windows\System\hWzrIyB.exe
  2⤵
  PID:12980
- C:\Windows\System\zGNyVks.exe
  C:\Windows\System\zGNyVks.exe
  2⤵
  PID:13064
- C:\Windows\System\MQyEdSQ.exe
  C:\Windows\System\MQyEdSQ.exe
  2⤵
  PID:13084
- C:\Windows\System\rFdJEBX.exe
  C:\Windows\System\rFdJEBX.exe
  2⤵
  PID:13112
- C:\Windows\System\iGqgJav.exe
  C:\Windows\System\iGqgJav.exe
  2⤵
  PID:13128
- C:\Windows\System\Idpwxny.exe
  C:\Windows\System\Idpwxny.exe
  2⤵
  PID:13152
- C:\Windows\System\uOtwsra.exe
  C:\Windows\System\uOtwsra.exe
  2⤵
  PID:13172
- C:\Windows\System\xzPdAKF.exe
  C:\Windows\System\xzPdAKF.exe
  2⤵
  PID:13196
- C:\Windows\System\MlFPSMD.exe
  C:\Windows\System\MlFPSMD.exe
  2⤵
  PID:13264
- C:\Windows\System\urCYqlL.exe
  C:\Windows\System\urCYqlL.exe
  2⤵
  PID:12188
- C:\Windows\System\MvVMRAO.exe
  C:\Windows\System\MvVMRAO.exe
  2⤵
  PID:12280
- C:\Windows\System\ITTjLnh.exe
  C:\Windows\System\ITTjLnh.exe
  2⤵
  PID:11808
- C:\Windows\System\bnFFipB.exe
  C:\Windows\System\bnFFipB.exe
  2⤵
  PID:11560
- C:\Windows\System\hTClPhV.exe
  C:\Windows\System\hTClPhV.exe
  2⤵
  PID:12364
- C:\Windows\System\XczEoiL.exe
  C:\Windows\System\XczEoiL.exe
  2⤵
  PID:12448
- C:\Windows\System\HyUKPrz.exe
  C:\Windows\System\HyUKPrz.exe
  2⤵
  PID:12328
- C:\Windows\System\AxCrteO.exe
  C:\Windows\System\AxCrteO.exe
  2⤵
  PID:12472
- C:\Windows\System\QsFzWRc.exe
  C:\Windows\System\QsFzWRc.exe
  2⤵
  PID:12792
- C:\Windows\System\gXbcrQk.exe
  C:\Windows\System\gXbcrQk.exe
  2⤵
  PID:12952
- C:\Windows\System\zGsFNUs.exe
  C:\Windows\System\zGsFNUs.exe
  2⤵
  PID:12996
- C:\Windows\System\GGCNNAo.exe
  C:\Windows\System\GGCNNAo.exe
  2⤵
  PID:12924
- C:\Windows\System\YPmDAxg.exe
  C:\Windows\System\YPmDAxg.exe
  2⤵
  PID:13120
- C:\Windows\System\NXEXUPL.exe
  C:\Windows\System\NXEXUPL.exe
  2⤵
  PID:13192
- C:\Windows\System\lSuycTu.exe
  C:\Windows\System\lSuycTu.exe
  2⤵
  PID:13184
- C:\Windows\System\yeTtqjn.exe
  C:\Windows\System\yeTtqjn.exe
  2⤵
  PID:13280
- C:\Windows\System\OwGrDDS.exe
  C:\Windows\System\OwGrDDS.exe
  2⤵
  PID:12296
- C:\Windows\System\UJIrpDm.exe
  C:\Windows\System\UJIrpDm.exe
  2⤵
  PID:12040
- C:\Windows\System\DLvYNJR.exe
  C:\Windows\System\DLvYNJR.exe
  2⤵
  PID:12432
- C:\Windows\System\BiAuZqj.exe
  C:\Windows\System\BiAuZqj.exe
  2⤵
  PID:12868
- C:\Windows\System\KJVgHWK.exe
  C:\Windows\System\KJVgHWK.exe
  2⤵
  PID:12828
- C:\Windows\System\kCVumRQ.exe
  C:\Windows\System\kCVumRQ.exe
  2⤵
  PID:3328
- C:\Windows\System\YLqjveV.exe
  C:\Windows\System\YLqjveV.exe
  2⤵
  PID:12932
- C:\Windows\System\ellPuyh.exe
  C:\Windows\System\ellPuyh.exe
  2⤵
  PID:12900
- C:\Windows\System\xsNhSHV.exe
  C:\Windows\System\xsNhSHV.exe
  2⤵
  PID:13164
- C:\Windows\System\owFKHjv.exe
  C:\Windows\System\owFKHjv.exe
  2⤵
  PID:12304
- C:\Windows\System\JmYbtfU.exe
  C:\Windows\System\JmYbtfU.exe
  2⤵
  PID:12588
- C:\Windows\System\GJRQKxo.exe
  C:\Windows\System\GJRQKxo.exe
  2⤵
  PID:12832
- C:\Windows\System\OlFwTir.exe
  C:\Windows\System\OlFwTir.exe
  2⤵
  PID:12948
- C:\Windows\System\EokhXRN.exe
  C:\Windows\System\EokhXRN.exe
  2⤵
  PID:13080
- C:\Windows\System\tcuUDNH.exe
  C:\Windows\System\tcuUDNH.exe
  2⤵
  PID:12560
- C:\Windows\System\XOBnhER.exe
  C:\Windows\System\XOBnhER.exe
  2⤵
  PID:12516
- C:\Windows\System\CEwKiLS.exe
  C:\Windows\System\CEwKiLS.exe
  2⤵
  PID:13336
- C:\Windows\System\OSIpwLS.exe
  C:\Windows\System\OSIpwLS.exe
  2⤵
  PID:13376
- C:\Windows\System\zQeHNVD.exe
  C:\Windows\System\zQeHNVD.exe
  2⤵
  PID:13400
- C:\Windows\System\lzXrCGv.exe
  C:\Windows\System\lzXrCGv.exe
  2⤵
  PID:13420
- C:\Windows\System\qtiSQcV.exe
  C:\Windows\System\qtiSQcV.exe
  2⤵
  PID:13516
- C:\Windows\System\EmldThM.exe
  C:\Windows\System\EmldThM.exe
  2⤵
  PID:13532
- C:\Windows\System\wCxuZRk.exe
  C:\Windows\System\wCxuZRk.exe
  2⤵
  PID:13564
- C:\Windows\System\FliEmIJ.exe
  C:\Windows\System\FliEmIJ.exe
  2⤵
  PID:13592
- C:\Windows\System\uHRBpvS.exe
  C:\Windows\System\uHRBpvS.exe
  2⤵
  PID:13608
- C:\Windows\System\LFwfHXm.exe
  C:\Windows\System\LFwfHXm.exe
  2⤵
  PID:13652

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BliGtlD.exe

Filesize
2.0MB

MD5
3654bd23076dbf37f9aa01f903969993

SHA1
0b8adf6d2c10b093e0e5f479c9d4246635570739

SHA256
5bb2f0a76802be20b32ae30634842dc2ebcc76b7839ce3ba833cc95a711a11e1

SHA512
a4e7e497d247452fb85d13ea1b0672dce352ef46b0de1e0885b6ac98a4636f57234b4b667787726c9d8c5cfa45901d5a8c6212a2e4f75e5111f7fdc4bc323f73

Download Submit
C:\Windows\System\CVjfVEM.exe

Filesize
1.8MB

MD5
3c92ebf2de3a0432b982f2c515d783f5

SHA1
679398c6a96d6cebdbf4008c5df397c3a372fb65

SHA256
bb7237a9f364d4ee0d9840eb0345a66dd154ae520df9146f1d0eb800f3259e93

SHA512
1afbcfbdcadca9826fa784f5b6e6dad54643171bf52433a04017f346f6a42fea714acaf4d711080f63c0b5516a34d25d0db303b7a3a782ab3cb5effdac7fa485

Download Submit
C:\Windows\System\EIxptMc.exe

Filesize
832KB

MD5
fe23d8f2a683ea3c37e211db5c47c198

SHA1
c8d98757080f758fa71fe2947f967f4c2ba26b77

SHA256
e791fb8dbe7f5a7d384dc32653c49cf355982fbc2394ea1e3030cd6ebb798cb8

SHA512
ff5ab31bffe4dcd555455f3d81b2d9fca6cd687b604f37f4aa99e780677c84919321fd43b5fd13f9cb6081978b182fef58c2564f773d39cf2fefe33142ce3656

Download Submit
C:\Windows\System\GLeqLue.exe

Filesize
1.9MB

MD5
198f22ee2b057f0f1d39c3abaabbed46

SHA1
f6b8df6f3efd7eaacc66ae803336424e975523db

SHA256
f3c7f01744341a1cd8350fee861d27d56f5a031264b4363444405bbfc1db5ee6

SHA512
2fb95f64b0756c3dd43995cd8ee861ddea721df323eecf7ce32331a0b510be9e54a279249dd34c9f740893d4c2016ef4e7ec8acc177e59edbd3b6765be8556eb

Download Submit
C:\Windows\System\GuMkVCn.exe

Filesize
1.1MB

MD5
72bc850535a13e8c4b1af8eff9a7a1e0

SHA1
bb2bec7f85c8adeec9c3786628c75890ff7737d2

SHA256
020ac333befc368336c404e9fc5efd5190f0e53f5c271c31a39d8f6b74374e86

SHA512
ca980ce6ecc1daaba9de001d8909ad299da9db2f3e04511e22ef739b0e48ea81323bbc2ff1f85bc911059e9d19402d11f09b725a9fa42bfbb558f539ae2a0692

Download Submit
C:\Windows\System\IHYEjya.exe

Filesize
2.0MB

MD5
94d89270d8baea42e4cd85e6ce8bea44

SHA1
a6506837fabbeb9c8ef28cecde5cecb52ac29933

SHA256
169132ac14fb45359bf805c7b7f4a1dc055c2287dced999402a9d6f22a1bc3ea

SHA512
6e36298a0d12889c42e420c876346cf460f02b00ddbb9dacd8423707e24ba806f3241d2a10be772880c767af61cc914fed9d7ec0035c8286b002e66dbe8a2e05

Download Submit
C:\Windows\System\IHYEjya.exe

Filesize
576KB

MD5
2b325ba998218e1724cf0adeb30ee980

SHA1
91c91f972b93ca21c02dbae5cc375d4e1212c0a0

SHA256
3b509ef9edb2905d68e114a86a101a00bf7ea4fa51d16ade0566e14bca5a50a9

SHA512
d7398cce9bbdb945487f66d7ab2c5fc7624933379c2058d1b197daa7f380b66de5a2145bdf0033355e795b1072c67b0031b7045307d04119888457779d707df5

Download Submit
C:\Windows\System\NYQTEhc.exe

Filesize
2.0MB

MD5
abf8941e1a29f4478c34b6bb8a62f774

SHA1
e5394fb4e781697cc3178824d99af809b2893af6

SHA256
1e15ffc89ee41440c824724c858fe7892756e28561da76716809de1667a0fa94

SHA512
716b9f69a98760de6d15d88d81a7624b7104640001b4f60ffc9cbd2a795b14f410d63941522f4fcc4526c7072f713521fd32962c9d5216f75508c92f99afeedc

Download Submit
C:\Windows\System\NYQTEhc.exe

Filesize
384KB

MD5
6207c08555e637186de329c9179e16d9

SHA1
09098b1d2cbfb2ab317439f6c4fc0121d5b8f70a

SHA256
90e60744ec9da51fba847be626db348bca6bdaf98ac91b116446f5b42433003b

SHA512
a17015ce5be9dbe107f45a5361c78d0722d3574d1684f1ab5a78044304a8f13b281179a8bde4be29c0529678da2d8332817db568d46fd1e81541274c1a2a6ea7

Download Submit
C:\Windows\System\NjxuGMz.exe

Filesize
64KB

MD5
51e4020b90426a266032ae5bcb74e5b3

SHA1
242fa8dc7d05d7b78f629fe2652627274810a122

SHA256
5984cb4794a67b4fd33c39a8582f294030d387db17fdb4933391142fb7f614c6

SHA512
5acda5a7b0ce962164cbb0c2fe75fb43a2d35d269fbb33e0eda06f3daf5a3cc37b11c0b76c58b3b3846604a879813821c87b0ead541065090905bfc897125758

Download Submit
C:\Windows\System\NjxuGMz.exe

Filesize
2.0MB

MD5
48cd490cacb850db50edf53fb1adaaad

SHA1
4bcff396d2aa0bcf55e4779139626af1e5cfdc47

SHA256
abb8cc8eb21f9e0085ff398c86281f53ed214aa01569d88f07c8b8991004b261

SHA512
545f9c88c48c5c344f2ad06e0195634fb670ae6ade6088ebb7f75b5d7edd5405a4bff038938a332cd325190ec73222293328dd0d8463a75a44d4f56f248fcf07

Download Submit
C:\Windows\System\OkqQsgr.exe

Filesize
2.0MB

MD5
c2bf871da88e4cc89c53c6af64eb9e4e

SHA1
7ef86490208597bf1af2121541e01ae12abefeda

SHA256
bb272d10953b67cc041bc95dcdc4afe0677858a7df332ef2ee4366cdaf1eeb9b

SHA512
506c5467e92a8985d9c4e9274194e18c6acfd3aee4ad49ad8d8d542c83de8431e1a69f8bfec61fa702fd54b7e2a25ee96f463a708e575db274bda6ab6d607a57

Download Submit
C:\Windows\System\PgOJnaw.exe

Filesize
2.0MB

MD5
a566d3c153a5f7cf8feb6f0619bbe7ac

SHA1
39d44dfa0b85cbd5cb34dbc1aad1a114bd1da066

SHA256
62388d7f902abb434c0c61c99fe8aa997d82bcbd2c76c0247970f34e911a3191

SHA512
9d34bc6e75682415c15fa36d20c3feeb85c7398784125fb7cd16f98af2cb6496c7e8c80eac3eb0335680de05517a0cc40b82ffe35a8976ef13bccb26d0f9d842

Download Submit
C:\Windows\System\PgOJnaw.exe

Filesize
128KB

MD5
7ce4ba1725e83a50f64ba525f8815dcf

SHA1
b1714a2d23cfc42c18c37e1546ac0908d8252c04

SHA256
9f7e171000696500dfb6a966f2c3ddf12dc1a77b8276ef660f14f7b7188d2908

SHA512
2dff777f276295d96892e5749316e2e8892ba50f8398f9972ecc2f6e5378213e3cdd31c7c6ab8360d3490d1ec9e77be4e73ac137e108b2eddff2feaaf600be19

Download Submit
C:\Windows\System\QeOShnW.exe

Filesize
2.0MB

MD5
65d9acdd7e879a9a1a55cf88075adb95

SHA1
1dc4fcba7296edb8e324cc627c9b87863d0c7e00

SHA256
2c6eca8238672df4de02737167aa7e9d571b14316f12739e717a777351c691d2

SHA512
d27da72b77e23a24572827869787b3326646768f6e815121399b3fd9b5f24022a7f5b7c62f9de1ab999c46489ef5bc2a40a7cee7cfa911a96036478069675503

Download Submit
C:\Windows\System\QeOShnW.exe

Filesize
192KB

MD5
4a486a2a371d8db348dc0ad03e9fd9f0

SHA1
edd912c5d606628022dc3216eaf2db7c93554ff7

SHA256
93ebf2ea35e05e71e9c9884bcb76799c1b9f2b81bf8decfe1ec83807b911916b

SHA512
deb1d7cb48c961fa18e748db8dfc9769c6fcedd4b7a26b044181e535fbdb31d7ead7b8ae69fab463473bcf0bbda0affdeecb9deffc51a89c74001f68a98bf60b

Download Submit
C:\Windows\System\TNWIRDR.exe

Filesize
1.9MB

MD5
f0f357f8dcbc448f51ec1093b301a11e

SHA1
2613aac0f940aaa33dcef41ed6bb32e1a68e51d3

SHA256
06a95a3fdaa1b7b96b38a63e0fcf0b94de7ed65d79c4123952538d443b51f8be

SHA512
4b9aa030328d9b0ec0deb5bf361404a4a7df7b7e21bcd38358a2dfbffe7e7d828d39b4ac81fcb175bfed4e05fb9d3331c5af96523ae056f94b39e1ea4ebe2903

Download Submit
C:\Windows\System\TNWIRDR.exe

Filesize
2.0MB

MD5
8d539de6cc366534f98d0cabdca74ee2

SHA1
8b67bd3c2ec2d99c98f13f4feb165d4eccb6e866

SHA256
df40f294116a55af332f994f221ffed073217ae140dcb4871bf394cb9ed9e705

SHA512
1f2c537a6286df57e613b694298975eb6984ec141dbe4b9ee4610952adcb52f62c92f3923fce9b8d8fa8c47363f8c835f20df5bc969ede76eba284db1d651dc6

Download Submit
C:\Windows\System\VYqRKzn.exe

Filesize
2.0MB

MD5
5e03019d4dd5cd9ea395d3289f105f25

SHA1
4b063208f8665dfbfbe22cf014afc7d2097e38cb

SHA256
e42551448cf6eb5d802b690b45de1b021925bfd6726f441d39fa4885fcfe5390

SHA512
015557ed043acc4647330a7475aa9a7c39beccbd4704bcfb8f34d64b0d52a3927e2806a6daacd95f2a0410a4b8185cd24dbb30964e18f1e1ad226bfe3236417e

Download Submit
C:\Windows\System\YJzXulc.exe

Filesize
2.0MB

MD5
b817ea1f489588637f246bdd4597b738

SHA1
64ba32a22aaadde046ee716c5bf59d0f45225e8d

SHA256
8bf1102ca3484b3237df17e7ca95e1d8fd687302d3774deb03ade0234e5de1df

SHA512
d8933bef9274c78a7073cd2b25caa6d1c5ef92884bbfce554e7d0958fea12ec40df5ac9a4586bc758c66a6a16636196787db234089936b4c14e2c647679e201b

Download Submit
C:\Windows\System\YuiWCEv.exe

Filesize
2.0MB

MD5
c02034dde4ab4619813b6d80391ac9f3

SHA1
72bd4c8bd142874b4151af04fe440164a9bddb8f

SHA256
e52f478f0c06d65b9ddb483904ecfd3c463daedd9181046c3cd75f08806be69a

SHA512
932f009f654b93f11358607db30cc5df94677ecefcb1280c34bd2ecc9ed81b4172f3857f2fe47c7136707e5e104de62494773bc6688d3345bc8786b6e5112ab6

Download Submit
C:\Windows\System\ZTyyYHk.exe

Filesize
2.0MB

MD5
dd1c78a23ca982bb5634d2dee549781b

SHA1
7c730b62e0fd27700982d70cb8b47762d25ec48f

SHA256
950b2a1d4343cf87db570fdaac6c5eed7612e6f252e425817d7d95dda4844694

SHA512
87910164369413a56056ee018b9cd3a8dcc0f097b750d1c28f2da464bafca97b80ebe5a5ad36365909abdf1f68dc1522cff4a723de0b0ab5fcfd958b103e846e

Download Submit
C:\Windows\System\btrBPkx.exe

Filesize
2.0MB

MD5
35f0d711aa52d7e99fd879b637d197d1

SHA1
9cb427e8a974078ab661289ff2fda24319bd4380

SHA256
c1c8867449aff6e5d067447c6a696c9f2cff0d755b7b077a55dc702d292da657

SHA512
20a9fca9c82977b311aaedccc542cf9fdadf029bfbf5456aec9ce07bde1fb27f43a52a92abc2ba442d53288383de85f89511fdd11d0e589e2707179d78de3ed3

Download Submit
C:\Windows\System\cFWNSvO.exe

Filesize
1.6MB

MD5
9686640725af284e3c07c463ef4bf8a3

SHA1
61d0f637576bcae77ba559ba68e3df0058f8f156

SHA256
4ece60a903d9a88bb9c777a67599c29e00bf2dcde3ddcfedb1426ec81389d7a2

SHA512
fa8809d613ac4d62c73625effe13dba479dd28429b6bd631081a0c9777b0ec474a1e0b0bba2dbc3db301be67a504ba29bdca927938d43059b524c76511c2ac9e

Download Submit
C:\Windows\System\hVLpWcy.exe

Filesize
768KB

MD5
096410221e55421e5c4c4275c7d21513

SHA1
a9a3350bb5b616aee4d0c922dc225694f8027702

SHA256
1162e04ab5acff6cf895e753ad87619013ecfffc06f47ed477cf1c201c040e66

SHA512
b442b0d589e49e95f8c072f6f97ae946c91e082ea0e6557eeef4f55282d6675cb325a5ba42eb1799fb9bff049919d0eef469abfd200cb35fe59f78974905588c

Download Submit
C:\Windows\System\hkyDRzv.exe

Filesize
2.0MB

MD5
0c6731a5668c6ce4faa63ea3ef7c05d9

SHA1
5133fafa29740a657cdc2fa8bf674c4ed42413cb

SHA256
caecb0b27a6a10fe2787cd6ecde5325a202d1b738064d0c7048242ba96d5f40a

SHA512
d67b2c18eb4e00c5cdf1549ba6b1cfa07321105587fad41c57251df48f30f5d9bf69f573fb115b4f1c87f66a520485367ae9231f05f19f554d7c0d8cf93cead1

Download Submit
C:\Windows\System\hqEMxig.exe

Filesize
704KB

MD5
27f1ae58c0e7ea96c463a8f0329d13e3

SHA1
a5352f33f2a7ec676e07aa36bd587f2a910b1502

SHA256
570ef729e78067f9e824a09ee84a0b44c24671dfe07947eaca970f453f235334

SHA512
51c2e61154a9cf7b8c51728bee23d084e40467a64fc74544ed07917de5c42cd2c4f093dc4dba57e475be140334b7f9d2f8c2784d353f9bec4fe5fc6098f5ad70

Download Submit
C:\Windows\System\hqEMxig.exe

Filesize
2.0MB

MD5
92356fd5ecab02da9b5aafc6a53e2c12

SHA1
f8b69342315e4717cf6bc1195b240a583d74f0a0

SHA256
4e56f5a30f2c9ac22e6a1ad3088feed6fe1d88ded775d065c4d9ebd626e83667

SHA512
2798bc2b1d31beaae24d9116aaf229e8ae2226600a397cd6f1b90efbd507d3e9786716e0433ca507e0e069342dedbd50f7c797c3ac9653fa921765f3dfce4e61

Download Submit
C:\Windows\System\ozLKdbz.exe

Filesize
640KB

MD5
469aca0e2abc33bcc5100f89b3196890

SHA1
b77c2be76b0bcd5c1640c82143bf4ae8abf6ed35

SHA256
8e4d419e754f89fae1d30741df9483d06709f6d20541cbce976b97c6b74f264f

SHA512
bb8f27156094a7b200e5c1844466de9827240ad5c62598ca983899918fcfddc76480438ab7ff457f4059655d26f5dee65f9d3ba57dc850a7e0c1c267d7e2bdae

Download Submit
C:\Windows\System\ozLKdbz.exe

Filesize
2.0MB

MD5
ed97c7e26e70ad62a07463f6fbbe9271

SHA1
122ed6d2523f3856698f86e8e659f4569a905ba8

SHA256
2433417bb323423940dfa262722f3c579a84a37d98f8cbb8986bb2695430ab2a

SHA512
3fe231167f985407ed7008e53cae5cb3f81b60098e51c0bbbddb833b8a1d305c0c42add2f68552dda1721c7d2019bc308afd7fd459b2b6c496fff4dc7c8e7507

Download Submit
C:\Windows\System\qYitarY.exe

Filesize
512KB

MD5
6b5887af4274a78686a788865765637c

SHA1
5afc15e6fcbc11377bbabbda47ff43f6ebedd369

SHA256
ecdfed9bc02368fefbebe0d02090e93826b7e5cc1043e339dd245299c8b23006

SHA512
4f563e539f8ec68bbc27d4cc59c42ea4897bb131085e08433f745cc558ab7a030701a601ddb711cda19dfa6cd9086b458fb74762092be15aaa4190c05134d077

Download Submit
C:\Windows\System\qYitarY.exe

Filesize
448KB

MD5
0642442db4acbbfb6037e06789624264

SHA1
923aee440a6887c7a7a8a78085aa492b2cdcee65

SHA256
5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85

SHA512
7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

Download Submit
C:\Windows\System\rSwPUlM.exe

Filesize
2.0MB

MD5
5cec61406d2ab58e8750334da694a4c2

SHA1
54535f2c16dfc5169546090e637cacdf2901a780

SHA256
c55c5de837857d87594cc13ce2307fb31f869ee99ca269e4dc31fb161f1a51f6

SHA512
b92a16f09f3356c16e573e4557198c7e52a25ca0faa1c1a1332876ea5db90c6d2abd3cd11472c35e81d4330ae66a446c559ad395603accda2b5fa5c96ba56b3b

Download Submit
C:\Windows\System\rSwPUlM.exe

Filesize
256KB

MD5
c852d0de044ecfdc8164664b8ea3dc6f

SHA1
cfc38798bcbec8419f442fddcbe34cb37971445d

SHA256
32715d7c1c8dcbb10f1add6b003e18def383412f1b6c48f4d9670b8e3ef1d0b7

SHA512
e03bd3ea4470974d8087b8d17ce90233e5a96284236038a869c3b63a693e9a7c9719f6671b6b5d0dbeb167dd4786cd1b7a4b214b02967aac04fad66c8195132f

Download Submit
C:\Windows\System\ulYUXFM.exe

Filesize
1.2MB

MD5
5dcbb81ad900a441cb1a8812aa91766e

SHA1
ba32c55531657be2b1688145cd7adb1f4978f45e

SHA256
ab2480ddcf0a5b8a823f95dba08da1de11e51b51c9fd1779386316bc09fb9739

SHA512
19e85321598bfc861badc05dd19a73936bb82b36aa7d134ce9411fc76f64cf63530b4137e7a48142939e672c900d20c4e7388ddb5df652a6d4dd0e3411fe3edf

Download Submit
C:\Windows\System\ulYUXFM.exe

Filesize
1.4MB

MD5
030b05d48325c045a59d3b73832a2ab8

SHA1
18fae126266015b313ba7cb59d4bad7354349cba

SHA256
5fa491fa26e0bcaff5f59fac651c145eed1bf14dd772163d69f7e4ed7b263e59

SHA512
1bb1b2f76974c3967940a59426b7f11e262891eed8a455c5540ef12193f8c9b389c5ad9e7d905b76c3bf99d179bca50bbb57aa0cb911f0957ebe610829758493

Download Submit
C:\Windows\System\xqDpPWX.exe

Filesize
2.0MB

MD5
d531cdb86cdaf2e046466aa39282418c

SHA1
5a27e04b0867610ba254c14c751b430150acd55a

SHA256
d612a8f90400e2c7822817a35f22b5a6d41550a2d5c01f4e8852158330bfcb9a

SHA512
a37a30b431eee978c4591880f024fa67336f17a7f32b61af93ad7bb44ab716bb8ace783183c7eb1292d2a3a2635c7da39444c804e012f6c07077d0bfec9733d2

Download Submit
C:\Windows\System\xzSWLRB.exe

Filesize
2.0MB

MD5
7983f31af9980d62e6ef25f4757e8f52

SHA1
924ea52841b6cf2de969b58aba84ba8617f4e4c1

SHA256
91f67dc2477377f597618e1f574d669950f04b41197f1e04cdb7cd886506df71

SHA512
0b676b20287bc47a6c06e23594f746adcd1dc8e1285b1460a1c1d9531d56da2a76cad66bf1c3ec15b6458689a6db666351bffb6cddf06c007b64055729145067

Download Submit
C:\Windows\System\yPfjPLT.exe

Filesize
1.3MB

MD5
be014828cb823fe59e8d638b05da549c

SHA1
318450696250080f50029b8c4a2e100d14747209

SHA256
fde25543d46ffe8d3ba24fc954752fa61337194be69accc761ef41c5737e2cf2

SHA512
5cec7fb68b6f2f66ac56ec995e1500b57560174418b8b80795b20f2722240e5be89efbfec7156f48cc25ed9bd47d96842ba87ac1fdea5b46be5777b83bd95c44

Download Submit
memory/216-224-0x00007FF7889C0000-0x00007FF788D14000-memory.dmp

Filesize
3.3MB

Download
memory/880-325-0x00007FF7E9B10000-0x00007FF7E9E64000-memory.dmp

Filesize
3.3MB

Download
memory/1020-22-0x00007FF7AB280000-0x00007FF7AB5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-174-0x00007FF7AB280000-0x00007FF7AB5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-105-0x00007FF781940000-0x00007FF781C94000-memory.dmp

Filesize
3.3MB

Download
memory/1188-152-0x00007FF6FC270000-0x00007FF6FC5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1420-227-0x00007FF63C190000-0x00007FF63C4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1512-184-0x00007FF6BDBD0000-0x00007FF6BDF24000-memory.dmp

Filesize
3.3MB

Download
memory/1512-90-0x00007FF6BDBD0000-0x00007FF6BDF24000-memory.dmp

Filesize
3.3MB

Download
memory/1540-119-0x00007FF6748F0000-0x00007FF674C44000-memory.dmp

Filesize
3.3MB

Download
memory/1760-239-0x00007FF769170000-0x00007FF7694C4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-267-0x00007FF738120000-0x00007FF738474000-memory.dmp

Filesize
3.3MB

Download
memory/1908-107-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp

Filesize
3.3MB

Download
memory/1944-235-0x00007FF7F0500000-0x00007FF7F0854000-memory.dmp

Filesize
3.3MB

Download
memory/1996-183-0x00007FF70FB90000-0x00007FF70FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-81-0x00007FF70FB90000-0x00007FF70FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-242-0x00007FF6ABAA0000-0x00007FF6ABDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-273-0x00007FF6607A0000-0x00007FF660AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-122-0x00007FF60C550000-0x00007FF60C8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-247-0x00007FF60C550000-0x00007FF60C8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-106-0x00007FF633980000-0x00007FF633CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-241-0x00007FF7B43E0000-0x00007FF7B4734000-memory.dmp

Filesize
3.3MB

Download
memory/2788-243-0x00007FF702810000-0x00007FF702B64000-memory.dmp

Filesize
3.3MB

Download
memory/2912-136-0x00007FF6AC300000-0x00007FF6AC654000-memory.dmp

Filesize
3.3MB

Download
memory/3016-182-0x00007FF6D1F30000-0x00007FF6D2284000-memory.dmp

Filesize
3.3MB

Download
memory/3276-143-0x00007FF7757B0000-0x00007FF775B04000-memory.dmp

Filesize
3.3MB

Download
memory/3412-34-0x00007FF798480000-0x00007FF7987D4000-memory.dmp

Filesize
3.3MB

Download
memory/3412-177-0x00007FF798480000-0x00007FF7987D4000-memory.dmp

Filesize
3.3MB

Download
memory/3460-238-0x00007FF78BDF0000-0x00007FF78C144000-memory.dmp

Filesize
3.3MB

Download
memory/3488-181-0x00007FF7E5C50000-0x00007FF7E5FA4000-memory.dmp

Filesize
3.3MB

Download
memory/3540-237-0x00007FF715390000-0x00007FF7156E4000-memory.dmp

Filesize
3.3MB

Download
memory/3616-229-0x00007FF7D7F10000-0x00007FF7D8264000-memory.dmp

Filesize
3.3MB

Download
memory/3644-51-0x00007FF649C00000-0x00007FF649F54000-memory.dmp

Filesize
3.3MB

Download
memory/3712-286-0x00007FF6A3AC0000-0x00007FF6A3E14000-memory.dmp

Filesize
3.3MB

Download
memory/3728-27-0x00007FF641F80000-0x00007FF6422D4000-memory.dmp

Filesize
3.3MB

Download
memory/3728-176-0x00007FF641F80000-0x00007FF6422D4000-memory.dmp

Filesize
3.3MB

Download
memory/3748-57-0x00007FF6F7690000-0x00007FF6F79E4000-memory.dmp

Filesize
3.3MB

Download
memory/3772-169-0x00007FF7C24B0000-0x00007FF7C2804000-memory.dmp

Filesize
3.3MB

Download
memory/3772-8-0x00007FF7C24B0000-0x00007FF7C2804000-memory.dmp

Filesize
3.3MB

Download
memory/3880-320-0x00007FF7E5BD0000-0x00007FF7E5F24000-memory.dmp

Filesize
3.3MB

Download
memory/4032-109-0x00007FF760CF0000-0x00007FF761044000-memory.dmp

Filesize
3.3MB

Download
memory/4060-313-0x00007FF697F10000-0x00007FF698264000-memory.dmp

Filesize
3.3MB

Download
memory/4188-276-0x00007FF7835D0000-0x00007FF783924000-memory.dmp

Filesize
3.3MB

Download
memory/4220-165-0x00007FF757400000-0x00007FF757754000-memory.dmp

Filesize
3.3MB

Download
memory/4316-240-0x00007FF6FCEE0000-0x00007FF6FD234000-memory.dmp

Filesize
3.3MB

Download
memory/4368-349-0x00007FF692710000-0x00007FF692A64000-memory.dmp

Filesize
3.3MB

Download
memory/4480-234-0x00007FF695FB0000-0x00007FF696304000-memory.dmp

Filesize
3.3MB

Download
memory/4492-295-0x00007FF64DE90000-0x00007FF64E1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-185-0x00007FF6FD9E0000-0x00007FF6FDD34000-memory.dmp

Filesize
3.3MB

Download
memory/4512-98-0x00007FF6FD9E0000-0x00007FF6FDD34000-memory.dmp

Filesize
3.3MB

Download
memory/4540-149-0x00007FF728AE0000-0x00007FF728E34000-memory.dmp

Filesize
3.3MB

Download
memory/4636-128-0x00007FF7EAED0000-0x00007FF7EB224000-memory.dmp

Filesize
3.3MB

Download
memory/4712-104-0x00007FF76FE20000-0x00007FF770174000-memory.dmp

Filesize
3.3MB

Download
memory/4724-103-0x00007FF7685F0000-0x00007FF768944000-memory.dmp

Filesize
3.3MB

Download
memory/4796-262-0x00007FF7CB1A0000-0x00007FF7CB4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-180-0x00007FF7C86F0000-0x00007FF7C8A44000-memory.dmp

Filesize
3.3MB

Download
memory/4832-69-0x00007FF7C86F0000-0x00007FF7C8A44000-memory.dmp

Filesize
3.3MB

Download
memory/4920-108-0x00007FF660F40000-0x00007FF661294000-memory.dmp

Filesize
3.3MB

Download
memory/4936-168-0x00007FF702C10000-0x00007FF702F64000-memory.dmp

Filesize
3.3MB

Download
memory/4960-230-0x00007FF6DAC40000-0x00007FF6DAF94000-memory.dmp

Filesize
3.3MB

Download
memory/4976-46-0x00007FF797DF0000-0x00007FF798144000-memory.dmp

Filesize
3.3MB

Download
memory/5024-160-0x00007FF67A5F0000-0x00007FF67A944000-memory.dmp

Filesize
3.3MB

Download
memory/5024-0-0x00007FF67A5F0000-0x00007FF67A944000-memory.dmp

Filesize
3.3MB

Download
memory/5024-1-0x00000253B6760000-0x00000253B6770000-memory.dmp

Filesize
64KB

Download
memory/5072-334-0x00007FF7E82B0000-0x00007FF7E8604000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads