xmrig | b28f197322e554a4170f1fba6121a910e5eb31068671bf0fbd666f059dbc4028

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 10:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
Size

1.3MB
MD5

3a5c31ca0c75db9d90c2a1ed877432b0
SHA1

6f7afa9225dc1fb7626bdc176d2b0496786004ad
SHA256

b28f197322e554a4170f1fba6121a910e5eb31068671bf0fbd666f059dbc4028
SHA512

0a41e57b9b0e7601ccf3f3a733f377239d43944cd611933ac1d05a86a4e8414c31217b595153b92e18ea6e784dde0d33a07269e36a7f1beb3cca944995381cf8
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727uROGdN1W/x5qrWHptxyOZ/9hIdxohrZO35:ROdWCCi7/rahwNGx5/eTN35

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/4208-24-0x00007FF743940000-0x00007FF743C91000-memory.dmp	xmrig
behavioral2/memory/4276-77-0x00007FF76A4C0000-0x00007FF76A811000-memory.dmp	xmrig
behavioral2/memory/1232-132-0x00007FF697840000-0x00007FF697B91000-memory.dmp	xmrig
behavioral2/memory/3136-134-0x00007FF7A2970000-0x00007FF7A2CC1000-memory.dmp	xmrig
behavioral2/memory/1896-133-0x00007FF65B6D0000-0x00007FF65BA21000-memory.dmp	xmrig
behavioral2/memory/1900-131-0x00007FF753CD0000-0x00007FF754021000-memory.dmp	xmrig
behavioral2/memory/1064-130-0x00007FF6EFFD0000-0x00007FF6F0321000-memory.dmp	xmrig
behavioral2/memory/2044-124-0x00007FF790190000-0x00007FF7904E1000-memory.dmp	xmrig
behavioral2/memory/2376-119-0x00007FF610520000-0x00007FF610871000-memory.dmp	xmrig
behavioral2/memory/4436-118-0x00007FF69E0D0000-0x00007FF69E421000-memory.dmp	xmrig
behavioral2/memory/4572-96-0x00007FF733E60000-0x00007FF7341B1000-memory.dmp	xmrig
behavioral2/memory/1984-83-0x00007FF7974E0000-0x00007FF797831000-memory.dmp	xmrig
behavioral2/memory/4088-58-0x00007FF7826E0000-0x00007FF782A31000-memory.dmp	xmrig
behavioral2/memory/1952-200-0x00007FF60C240000-0x00007FF60C591000-memory.dmp	xmrig
behavioral2/memory/3928-206-0x00007FF65A7E0000-0x00007FF65AB31000-memory.dmp	xmrig
behavioral2/memory/3168-179-0x00007FF7C20C0000-0x00007FF7C2411000-memory.dmp	xmrig
behavioral2/memory/4216-156-0x00007FF7BB6C0000-0x00007FF7BBA11000-memory.dmp	xmrig
behavioral2/memory/2556-1768-0x00007FF754180000-0x00007FF7544D1000-memory.dmp	xmrig
behavioral2/memory/532-2177-0x00007FF74A590000-0x00007FF74A8E1000-memory.dmp	xmrig
behavioral2/memory/4976-2178-0x00007FF6A9C60000-0x00007FF6A9FB1000-memory.dmp	xmrig
behavioral2/memory/1380-2179-0x00007FF6B7010000-0x00007FF6B7361000-memory.dmp	xmrig
behavioral2/memory/5228-2180-0x00007FF7DC710000-0x00007FF7DCA61000-memory.dmp	xmrig
behavioral2/memory/4220-2181-0x00007FF6688B0000-0x00007FF668C01000-memory.dmp	xmrig
behavioral2/memory/3884-2182-0x00007FF74E990000-0x00007FF74ECE1000-memory.dmp	xmrig
behavioral2/memory/2024-2206-0x00007FF698C00000-0x00007FF698F51000-memory.dmp	xmrig
behavioral2/memory/3512-2207-0x00007FF6C6A20000-0x00007FF6C6D71000-memory.dmp	xmrig
behavioral2/memory/396-2218-0x00007FF72A1D0000-0x00007FF72A521000-memory.dmp	xmrig
behavioral2/memory/4672-2217-0x00007FF789E80000-0x00007FF78A1D1000-memory.dmp	xmrig
behavioral2/memory/5124-2228-0x00007FF6E67D0000-0x00007FF6E6B21000-memory.dmp	xmrig
behavioral2/memory/3928-2231-0x00007FF65A7E0000-0x00007FF65AB31000-memory.dmp	xmrig
behavioral2/memory/2556-2234-0x00007FF754180000-0x00007FF7544D1000-memory.dmp	xmrig
behavioral2/memory/4208-2237-0x00007FF743940000-0x00007FF743C91000-memory.dmp	xmrig
behavioral2/memory/4272-2236-0x00007FF6D1540000-0x00007FF6D1891000-memory.dmp	xmrig
behavioral2/memory/532-2241-0x00007FF74A590000-0x00007FF74A8E1000-memory.dmp	xmrig
behavioral2/memory/4088-2239-0x00007FF7826E0000-0x00007FF782A31000-memory.dmp	xmrig
behavioral2/memory/4276-2247-0x00007FF76A4C0000-0x00007FF76A811000-memory.dmp	xmrig
behavioral2/memory/4976-2245-0x00007FF6A9C60000-0x00007FF6A9FB1000-memory.dmp	xmrig
behavioral2/memory/1984-2243-0x00007FF7974E0000-0x00007FF797831000-memory.dmp	xmrig
behavioral2/memory/2044-2257-0x00007FF790190000-0x00007FF7904E1000-memory.dmp	xmrig
behavioral2/memory/1900-2249-0x00007FF753CD0000-0x00007FF754021000-memory.dmp	xmrig
behavioral2/memory/1896-2259-0x00007FF65B6D0000-0x00007FF65BA21000-memory.dmp	xmrig
behavioral2/memory/3136-2271-0x00007FF7A2970000-0x00007FF7A2CC1000-memory.dmp	xmrig
behavioral2/memory/1064-2255-0x00007FF6EFFD0000-0x00007FF6F0321000-memory.dmp	xmrig
behavioral2/memory/4572-2253-0x00007FF733E60000-0x00007FF7341B1000-memory.dmp	xmrig
behavioral2/memory/4436-2269-0x00007FF69E0D0000-0x00007FF69E421000-memory.dmp	xmrig
behavioral2/memory/5228-2267-0x00007FF7DC710000-0x00007FF7DCA61000-memory.dmp	xmrig
behavioral2/memory/4220-2265-0x00007FF6688B0000-0x00007FF668C01000-memory.dmp	xmrig
behavioral2/memory/2376-2263-0x00007FF610520000-0x00007FF610871000-memory.dmp	xmrig
behavioral2/memory/1232-2261-0x00007FF697840000-0x00007FF697B91000-memory.dmp	xmrig
behavioral2/memory/1380-2251-0x00007FF6B7010000-0x00007FF6B7361000-memory.dmp	xmrig
behavioral2/memory/3884-2273-0x00007FF74E990000-0x00007FF74ECE1000-memory.dmp	xmrig
behavioral2/memory/4216-2319-0x00007FF7BB6C0000-0x00007FF7BBA11000-memory.dmp	xmrig
behavioral2/memory/3512-2321-0x00007FF6C6A20000-0x00007FF6C6D71000-memory.dmp	xmrig
behavioral2/memory/4672-2323-0x00007FF789E80000-0x00007FF78A1D1000-memory.dmp	xmrig
behavioral2/memory/2024-2325-0x00007FF698C00000-0x00007FF698F51000-memory.dmp	xmrig
behavioral2/memory/5124-2327-0x00007FF6E67D0000-0x00007FF6E6B21000-memory.dmp	xmrig
behavioral2/memory/396-2329-0x00007FF72A1D0000-0x00007FF72A521000-memory.dmp	xmrig
behavioral2/memory/1952-2335-0x00007FF60C240000-0x00007FF60C591000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3928	BInylPq.exe
2556	XwSdkDf.exe
4272	PKIaflC.exe
4208	KVMwDBa.exe
532	mzcbOMv.exe
4976	jAKRBdT.exe
4088	obRbrfp.exe
4276	YUWZgrY.exe
1064	lEgmLIs.exe
1900	UGYHGPY.exe
1984	vHhDwQm.exe
1380	iGJNROr.exe
4572	rzPzvvv.exe
5228	ScwEkZp.exe
4220	pWsgMeJ.exe
4436	QKUgtSA.exe
1232	ZUpGIIf.exe
2376	zPXglQf.exe
1896	qcmNbTt.exe
2044	lkgtTdc.exe
3136	bmbYHtW.exe
3884	QLrAvle.exe
2024	eCjzuWS.exe
4216	zSNFfHl.exe
396	IWOctAY.exe
3512	dpcPbSb.exe
4672	YDEjtgV.exe
5124	ubwApNk.exe
1952	nriLauQ.exe
5556	uyCFzui.exe
3084	ZOFoukN.exe
5516	zXuGYpy.exe
2684	MEHcqWu.exe
5536	MDtXSCz.exe
6132	iFpMOCT.exe
5900	xGAskom.exe
4816	FBwayAk.exe
6136	NiGfLxX.exe
5268	fAhlFBq.exe
1540	GOxCFVr.exe
1456	fnHHIQb.exe
3376	mLrcFAq.exe
4708	EltSMLm.exe
5008	GbCzaxF.exe
5128	TKdVkUO.exe
2660	Vvzmgpb.exe
4428	KiNMHcq.exe
2224	ZsZIFTi.exe
5160	MXXGVax.exe
2428	RrdFdFm.exe
1596	GWTTRla.exe
5288	uFRNrNO.exe
3724	NUIkzNT.exe
2752	DsYFKUr.exe
3172	oQgBAxL.exe
3744	CUJDJMP.exe
1200	zQokcTB.exe
5912	uIIkSbi.exe
2636	sLzpVos.exe
2868	arRBCFW.exe
2844	mHmgIqm.exe
4292	hrrSsqP.exe
4488	GBEoyEV.exe
3288	pbBsZjr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3168-0-0x00007FF7C20C0000-0x00007FF7C2411000-memory.dmp	upx
behavioral2/files/0x00090000000233fa-5.dat	upx
behavioral2/files/0x0007000000023406-8.dat	upx
behavioral2/files/0x0007000000023407-15.dat	upx
behavioral2/files/0x0007000000023408-20.dat	upx
behavioral2/memory/4208-24-0x00007FF743940000-0x00007FF743C91000-memory.dmp	upx
behavioral2/memory/4272-22-0x00007FF6D1540000-0x00007FF6D1891000-memory.dmp	upx
behavioral2/memory/3928-10-0x00007FF65A7E0000-0x00007FF65AB31000-memory.dmp	upx
behavioral2/memory/2556-14-0x00007FF754180000-0x00007FF7544D1000-memory.dmp	upx
behavioral2/files/0x0008000000023403-46.dat	upx
behavioral2/memory/4976-56-0x00007FF6A9C60000-0x00007FF6A9FB1000-memory.dmp	upx
behavioral2/files/0x000700000002340d-62.dat	upx
behavioral2/files/0x0007000000023413-75.dat	upx
behavioral2/memory/4276-77-0x00007FF76A4C0000-0x00007FF76A811000-memory.dmp	upx
behavioral2/files/0x0007000000023415-93.dat	upx
behavioral2/files/0x0007000000023412-98.dat	upx
behavioral2/files/0x0007000000023416-107.dat	upx
behavioral2/files/0x0007000000023414-112.dat	upx
behavioral2/files/0x0007000000023419-123.dat	upx
behavioral2/memory/1232-132-0x00007FF697840000-0x00007FF697B91000-memory.dmp	upx
behavioral2/memory/3136-134-0x00007FF7A2970000-0x00007FF7A2CC1000-memory.dmp	upx
behavioral2/memory/1896-133-0x00007FF65B6D0000-0x00007FF65BA21000-memory.dmp	upx
behavioral2/memory/1900-131-0x00007FF753CD0000-0x00007FF754021000-memory.dmp	upx
behavioral2/memory/1064-130-0x00007FF6EFFD0000-0x00007FF6F0321000-memory.dmp	upx
behavioral2/files/0x0007000000023418-126.dat	upx
behavioral2/memory/3884-125-0x00007FF74E990000-0x00007FF74ECE1000-memory.dmp	upx
behavioral2/memory/2044-124-0x00007FF790190000-0x00007FF7904E1000-memory.dmp	upx
behavioral2/files/0x0007000000023417-121.dat	upx
behavioral2/memory/2376-119-0x00007FF610520000-0x00007FF610871000-memory.dmp	upx
behavioral2/memory/4436-118-0x00007FF69E0D0000-0x00007FF69E421000-memory.dmp	upx
behavioral2/memory/4220-109-0x00007FF6688B0000-0x00007FF668C01000-memory.dmp	upx
behavioral2/memory/5228-103-0x00007FF7DC710000-0x00007FF7DCA61000-memory.dmp	upx
behavioral2/files/0x0007000000023410-100.dat	upx
behavioral2/memory/4572-96-0x00007FF733E60000-0x00007FF7341B1000-memory.dmp	upx
behavioral2/memory/1380-94-0x00007FF6B7010000-0x00007FF6B7361000-memory.dmp	upx
behavioral2/files/0x0007000000023411-90.dat	upx
behavioral2/files/0x000700000002340e-86.dat	upx
behavioral2/memory/1984-83-0x00007FF7974E0000-0x00007FF797831000-memory.dmp	upx
behavioral2/files/0x000700000002340f-76.dat	upx
behavioral2/files/0x000700000002340c-79.dat	upx
behavioral2/memory/4088-58-0x00007FF7826E0000-0x00007FF782A31000-memory.dmp	upx
behavioral2/files/0x000700000002340b-49.dat	upx
behavioral2/files/0x000700000002340a-41.dat	upx
behavioral2/memory/532-35-0x00007FF74A590000-0x00007FF74A8E1000-memory.dmp	upx
behavioral2/files/0x0007000000023409-32.dat	upx
behavioral2/files/0x000700000002341d-140.dat	upx
behavioral2/files/0x0007000000023421-157.dat	upx
behavioral2/files/0x0007000000023420-168.dat	upx
behavioral2/memory/1952-200-0x00007FF60C240000-0x00007FF60C591000-memory.dmp	upx
behavioral2/memory/3928-206-0x00007FF65A7E0000-0x00007FF65AB31000-memory.dmp	upx
behavioral2/memory/5124-199-0x00007FF6E67D0000-0x00007FF6E6B21000-memory.dmp	upx
behavioral2/files/0x0007000000023424-196.dat	upx
behavioral2/files/0x0007000000023422-185.dat	upx
behavioral2/files/0x0007000000023426-181.dat	upx
behavioral2/files/0x0007000000023425-180.dat	upx
behavioral2/files/0x0007000000023427-201.dat	upx
behavioral2/files/0x0007000000023423-176.dat	upx
behavioral2/files/0x000700000002341f-167.dat	upx
behavioral2/memory/3168-179-0x00007FF7C20C0000-0x00007FF7C2411000-memory.dmp	upx
behavioral2/memory/396-178-0x00007FF72A1D0000-0x00007FF72A521000-memory.dmp	upx
behavioral2/memory/3512-158-0x00007FF6C6A20000-0x00007FF6C6D71000-memory.dmp	upx
behavioral2/files/0x000700000002341e-166.dat	upx
behavioral2/memory/4672-161-0x00007FF789E80000-0x00007FF78A1D1000-memory.dmp	upx
behavioral2/memory/4216-156-0x00007FF7BB6C0000-0x00007FF7BBA11000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zPXglQf.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\MDtXSCz.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\bCSDnFm.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\tZVIXMv.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\EltSMLm.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\JCPJYso.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\jGHPvhm.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\kXFcUnk.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\irlJdew.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\ZUpGIIf.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\YDEjtgV.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\xMXbpIq.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\NypXlFf.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\KXlJxon.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\JMjwkrQ.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\bwNBcNM.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\LlCFZPl.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\UQkVeae.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\mQCjxfI.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\RsEEdkj.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\kXhpjPD.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\kXBkdGn.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\QOALjmg.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\ervyBQV.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\hEtOfkz.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\JMJMAIf.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\BzwClIT.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\AKveJLa.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\rysGBTw.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\uIIkSbi.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\IZVcTxY.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\lvWJdDe.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\hwCKnXV.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\UpvHxhE.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\psqDBKf.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\GKcaiLZ.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\RZhRqGW.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\kVaUIql.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\YEvMyVT.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\tTsarqQ.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\PeqKRQB.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\GXKBfLU.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\xGAskom.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\PPYFJXG.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\IDrYGpK.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\jawwVjD.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\aBVfyqB.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\EXntMuJ.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\GWTTRla.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\bGdcnLJ.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\gpUYbNr.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\eGnQzuH.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\kktKURP.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\WlxqiSJ.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\FpCWTMQ.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\NTdFsss.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\KiNMHcq.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\ANdgNkE.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\jxkvgPt.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\uuiQYON.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\aKoEhaA.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\CIHhFlT.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\LzCzsEG.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
File created	C:\Windows\System\VyvSjAg.exe	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15328	dwm.exe
Token: SeChangeNotifyPrivilege	15328	dwm.exe
Token: 33	15328	dwm.exe
Token: SeIncBasePriorityPrivilege	15328	dwm.exe
Token: SeShutdownPrivilege	15328	dwm.exe
Token: SeCreatePagefilePrivilege	15328	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 3928	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	84
PID 3168 wrote to memory of 3928	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	84
PID 3168 wrote to memory of 2556	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	85
PID 3168 wrote to memory of 2556	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	85
PID 3168 wrote to memory of 4272	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	86
PID 3168 wrote to memory of 4272	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	86
PID 3168 wrote to memory of 4208	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	87
PID 3168 wrote to memory of 4208	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	87
PID 3168 wrote to memory of 532	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	88
PID 3168 wrote to memory of 532	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	88
PID 3168 wrote to memory of 4976	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	91
PID 3168 wrote to memory of 4976	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	91
PID 3168 wrote to memory of 4088	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	92
PID 3168 wrote to memory of 4088	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	92
PID 3168 wrote to memory of 4276	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	93
PID 3168 wrote to memory of 4276	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	93
PID 3168 wrote to memory of 1064	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	94
PID 3168 wrote to memory of 1064	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	94
PID 3168 wrote to memory of 1984	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	95
PID 3168 wrote to memory of 1984	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	95
PID 3168 wrote to memory of 4572	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	96
PID 3168 wrote to memory of 4572	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	96
PID 3168 wrote to memory of 1900	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	97
PID 3168 wrote to memory of 1900	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	97
PID 3168 wrote to memory of 1380	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	98
PID 3168 wrote to memory of 1380	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	98
PID 3168 wrote to memory of 5228	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	99
PID 3168 wrote to memory of 5228	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	99
PID 3168 wrote to memory of 4220	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	101
PID 3168 wrote to memory of 4220	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	101
PID 3168 wrote to memory of 4436	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	102
PID 3168 wrote to memory of 4436	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	102
PID 3168 wrote to memory of 1232	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	103
PID 3168 wrote to memory of 1232	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	103
PID 3168 wrote to memory of 2376	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	104
PID 3168 wrote to memory of 2376	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	104
PID 3168 wrote to memory of 1896	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	105
PID 3168 wrote to memory of 1896	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	105
PID 3168 wrote to memory of 2044	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	106
PID 3168 wrote to memory of 2044	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	106
PID 3168 wrote to memory of 3136	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	107
PID 3168 wrote to memory of 3136	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	107
PID 3168 wrote to memory of 3884	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	108
PID 3168 wrote to memory of 3884	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	108
PID 3168 wrote to memory of 2024	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	109
PID 3168 wrote to memory of 2024	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	109
PID 3168 wrote to memory of 4216	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	110
PID 3168 wrote to memory of 4216	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	110
PID 3168 wrote to memory of 396	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	111
PID 3168 wrote to memory of 396	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	111
PID 3168 wrote to memory of 3512	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	112
PID 3168 wrote to memory of 3512	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	112
PID 3168 wrote to memory of 4672	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	113
PID 3168 wrote to memory of 4672	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	113
PID 3168 wrote to memory of 5124	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	114
PID 3168 wrote to memory of 5124	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	114
PID 3168 wrote to memory of 1952	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	115
PID 3168 wrote to memory of 1952	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	115
PID 3168 wrote to memory of 5556	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	116
PID 3168 wrote to memory of 5556	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	116
PID 3168 wrote to memory of 2684	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	117
PID 3168 wrote to memory of 2684	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	117
PID 3168 wrote to memory of 3084	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	118
PID 3168 wrote to memory of 3084	3168	virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe	118

C:\Users\Admin\AppData\Local\Temp\virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_3a5c31ca0c75db9d90c2a1ed877432b0.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Windows\System\BInylPq.exe
  C:\Windows\System\BInylPq.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\XwSdkDf.exe
  C:\Windows\System\XwSdkDf.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\PKIaflC.exe
  C:\Windows\System\PKIaflC.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\KVMwDBa.exe
  C:\Windows\System\KVMwDBa.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\mzcbOMv.exe
  C:\Windows\System\mzcbOMv.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\jAKRBdT.exe
  C:\Windows\System\jAKRBdT.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\obRbrfp.exe
  C:\Windows\System\obRbrfp.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\YUWZgrY.exe
  C:\Windows\System\YUWZgrY.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\lEgmLIs.exe
  C:\Windows\System\lEgmLIs.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\vHhDwQm.exe
  C:\Windows\System\vHhDwQm.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\rzPzvvv.exe
  C:\Windows\System\rzPzvvv.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\UGYHGPY.exe
  C:\Windows\System\UGYHGPY.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\iGJNROr.exe
  C:\Windows\System\iGJNROr.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\ScwEkZp.exe
  C:\Windows\System\ScwEkZp.exe
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Windows\System\pWsgMeJ.exe
  C:\Windows\System\pWsgMeJ.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\QKUgtSA.exe
  C:\Windows\System\QKUgtSA.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\ZUpGIIf.exe
  C:\Windows\System\ZUpGIIf.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\zPXglQf.exe
  C:\Windows\System\zPXglQf.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\qcmNbTt.exe
  C:\Windows\System\qcmNbTt.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\lkgtTdc.exe
  C:\Windows\System\lkgtTdc.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\bmbYHtW.exe
  C:\Windows\System\bmbYHtW.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\QLrAvle.exe
  C:\Windows\System\QLrAvle.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\eCjzuWS.exe
  C:\Windows\System\eCjzuWS.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\zSNFfHl.exe
  C:\Windows\System\zSNFfHl.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\IWOctAY.exe
  C:\Windows\System\IWOctAY.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\dpcPbSb.exe
  C:\Windows\System\dpcPbSb.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\YDEjtgV.exe
  C:\Windows\System\YDEjtgV.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\ubwApNk.exe
  C:\Windows\System\ubwApNk.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\nriLauQ.exe
  C:\Windows\System\nriLauQ.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\uyCFzui.exe
  C:\Windows\System\uyCFzui.exe
  2⤵
  - Executes dropped EXE
  PID:5556
- C:\Windows\System\MEHcqWu.exe
  C:\Windows\System\MEHcqWu.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ZOFoukN.exe
  C:\Windows\System\ZOFoukN.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\zXuGYpy.exe
  C:\Windows\System\zXuGYpy.exe
  2⤵
  - Executes dropped EXE
  PID:5516
- C:\Windows\System\MDtXSCz.exe
  C:\Windows\System\MDtXSCz.exe
  2⤵
  - Executes dropped EXE
  PID:5536
- C:\Windows\System\iFpMOCT.exe
  C:\Windows\System\iFpMOCT.exe
  2⤵
  - Executes dropped EXE
  PID:6132
- C:\Windows\System\xGAskom.exe
  C:\Windows\System\xGAskom.exe
  2⤵
  - Executes dropped EXE
  PID:5900
- C:\Windows\System\NiGfLxX.exe
  C:\Windows\System\NiGfLxX.exe
  2⤵
  - Executes dropped EXE
  PID:6136
- C:\Windows\System\FBwayAk.exe
  C:\Windows\System\FBwayAk.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\fAhlFBq.exe
  C:\Windows\System\fAhlFBq.exe
  2⤵
  - Executes dropped EXE
  PID:5268
- C:\Windows\System\GOxCFVr.exe
  C:\Windows\System\GOxCFVr.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\fnHHIQb.exe
  C:\Windows\System\fnHHIQb.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\mLrcFAq.exe
  C:\Windows\System\mLrcFAq.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\EltSMLm.exe
  C:\Windows\System\EltSMLm.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\GbCzaxF.exe
  C:\Windows\System\GbCzaxF.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\TKdVkUO.exe
  C:\Windows\System\TKdVkUO.exe
  2⤵
  - Executes dropped EXE
  PID:5128
- C:\Windows\System\Vvzmgpb.exe
  C:\Windows\System\Vvzmgpb.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\KiNMHcq.exe
  C:\Windows\System\KiNMHcq.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\ZsZIFTi.exe
  C:\Windows\System\ZsZIFTi.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\MXXGVax.exe
  C:\Windows\System\MXXGVax.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System\GWTTRla.exe
  C:\Windows\System\GWTTRla.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\RrdFdFm.exe
  C:\Windows\System\RrdFdFm.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\uFRNrNO.exe
  C:\Windows\System\uFRNrNO.exe
  2⤵
  - Executes dropped EXE
  PID:5288
- C:\Windows\System\NUIkzNT.exe
  C:\Windows\System\NUIkzNT.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\DsYFKUr.exe
  C:\Windows\System\DsYFKUr.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\oQgBAxL.exe
  C:\Windows\System\oQgBAxL.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\CUJDJMP.exe
  C:\Windows\System\CUJDJMP.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\zQokcTB.exe
  C:\Windows\System\zQokcTB.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\uIIkSbi.exe
  C:\Windows\System\uIIkSbi.exe
  2⤵
  - Executes dropped EXE
  PID:5912
- C:\Windows\System\sLzpVos.exe
  C:\Windows\System\sLzpVos.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\arRBCFW.exe
  C:\Windows\System\arRBCFW.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\mHmgIqm.exe
  C:\Windows\System\mHmgIqm.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\hrrSsqP.exe
  C:\Windows\System\hrrSsqP.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\GBEoyEV.exe
  C:\Windows\System\GBEoyEV.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\pbBsZjr.exe
  C:\Windows\System\pbBsZjr.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\sjQLgsG.exe
  C:\Windows\System\sjQLgsG.exe
  2⤵
  PID:5920
- C:\Windows\System\hVbrRrm.exe
  C:\Windows\System\hVbrRrm.exe
  2⤵
  PID:1576
- C:\Windows\System\iMdwpKA.exe
  C:\Windows\System\iMdwpKA.exe
  2⤵
  PID:6120
- C:\Windows\System\rbvECvB.exe
  C:\Windows\System\rbvECvB.exe
  2⤵
  PID:3976
- C:\Windows\System\DkWZfYS.exe
  C:\Windows\System\DkWZfYS.exe
  2⤵
  PID:3024
- C:\Windows\System\bPJnnQk.exe
  C:\Windows\System\bPJnnQk.exe
  2⤵
  PID:4812
- C:\Windows\System\wruCqwZ.exe
  C:\Windows\System\wruCqwZ.exe
  2⤵
  PID:1156
- C:\Windows\System\autDkcf.exe
  C:\Windows\System\autDkcf.exe
  2⤵
  PID:3860
- C:\Windows\System\WhVaGpn.exe
  C:\Windows\System\WhVaGpn.exe
  2⤵
  PID:5020
- C:\Windows\System\yEphrXi.exe
  C:\Windows\System\yEphrXi.exe
  2⤵
  PID:5384
- C:\Windows\System\FJsvAgg.exe
  C:\Windows\System\FJsvAgg.exe
  2⤵
  PID:4992
- C:\Windows\System\fguCUlr.exe
  C:\Windows\System\fguCUlr.exe
  2⤵
  PID:3116
- C:\Windows\System\JCPJYso.exe
  C:\Windows\System\JCPJYso.exe
  2⤵
  PID:5412
- C:\Windows\System\ZCGUazg.exe
  C:\Windows\System\ZCGUazg.exe
  2⤵
  PID:488
- C:\Windows\System\QyPynlp.exe
  C:\Windows\System\QyPynlp.exe
  2⤵
  PID:2852
- C:\Windows\System\vWxfCcH.exe
  C:\Windows\System\vWxfCcH.exe
  2⤵
  PID:3368
- C:\Windows\System\VqVpXSL.exe
  C:\Windows\System\VqVpXSL.exe
  2⤵
  PID:4560
- C:\Windows\System\qqUWQXi.exe
  C:\Windows\System\qqUWQXi.exe
  2⤵
  PID:3592
- C:\Windows\System\NZNAZfR.exe
  C:\Windows\System\NZNAZfR.exe
  2⤵
  PID:2516
- C:\Windows\System\kHWIFTp.exe
  C:\Windows\System\kHWIFTp.exe
  2⤵
  PID:3752
- C:\Windows\System\oslENEx.exe
  C:\Windows\System\oslENEx.exe
  2⤵
  PID:5596
- C:\Windows\System\MMSQaFy.exe
  C:\Windows\System\MMSQaFy.exe
  2⤵
  PID:4072
- C:\Windows\System\bWYsjOD.exe
  C:\Windows\System\bWYsjOD.exe
  2⤵
  PID:1584
- C:\Windows\System\qJsfoYJ.exe
  C:\Windows\System\qJsfoYJ.exe
  2⤵
  PID:2600
- C:\Windows\System\lGMOqIM.exe
  C:\Windows\System\lGMOqIM.exe
  2⤵
  PID:4240
- C:\Windows\System\mRCOwOp.exe
  C:\Windows\System\mRCOwOp.exe
  2⤵
  PID:6044
- C:\Windows\System\tDeUpVr.exe
  C:\Windows\System\tDeUpVr.exe
  2⤵
  PID:2288
- C:\Windows\System\uuiQYON.exe
  C:\Windows\System\uuiQYON.exe
  2⤵
  PID:1836
- C:\Windows\System\jdYWzbF.exe
  C:\Windows\System\jdYWzbF.exe
  2⤵
  PID:428
- C:\Windows\System\fUZHLKa.exe
  C:\Windows\System\fUZHLKa.exe
  2⤵
  PID:3052
- C:\Windows\System\oXCQaGC.exe
  C:\Windows\System\oXCQaGC.exe
  2⤵
  PID:1960
- C:\Windows\System\zvyKngL.exe
  C:\Windows\System\zvyKngL.exe
  2⤵
  PID:3796
- C:\Windows\System\dCdQjys.exe
  C:\Windows\System\dCdQjys.exe
  2⤵
  PID:6008
- C:\Windows\System\asVfAzR.exe
  C:\Windows\System\asVfAzR.exe
  2⤵
  PID:5132
- C:\Windows\System\WXgOtpg.exe
  C:\Windows\System\WXgOtpg.exe
  2⤵
  PID:5904
- C:\Windows\System\YjBpzbv.exe
  C:\Windows\System\YjBpzbv.exe
  2⤵
  PID:3212
- C:\Windows\System\oyVkbML.exe
  C:\Windows\System\oyVkbML.exe
  2⤵
  PID:4780
- C:\Windows\System\bOAhzcH.exe
  C:\Windows\System\bOAhzcH.exe
  2⤵
  PID:2448
- C:\Windows\System\onhBjJt.exe
  C:\Windows\System\onhBjJt.exe
  2⤵
  PID:4600
- C:\Windows\System\UQuhRkt.exe
  C:\Windows\System\UQuhRkt.exe
  2⤵
  PID:4212
- C:\Windows\System\oBDlusK.exe
  C:\Windows\System\oBDlusK.exe
  2⤵
  PID:1004
- C:\Windows\System\XHEOjGr.exe
  C:\Windows\System\XHEOjGr.exe
  2⤵
  PID:1920
- C:\Windows\System\AdSCEjY.exe
  C:\Windows\System\AdSCEjY.exe
  2⤵
  PID:5936
- C:\Windows\System\SrToVlk.exe
  C:\Windows\System\SrToVlk.exe
  2⤵
  PID:3812
- C:\Windows\System\yaBeFTe.exe
  C:\Windows\System\yaBeFTe.exe
  2⤵
  PID:4880
- C:\Windows\System\dLxssSB.exe
  C:\Windows\System\dLxssSB.exe
  2⤵
  PID:1144
- C:\Windows\System\gRuztgZ.exe
  C:\Windows\System\gRuztgZ.exe
  2⤵
  PID:5348
- C:\Windows\System\dummsVi.exe
  C:\Windows\System\dummsVi.exe
  2⤵
  PID:2668
- C:\Windows\System\XAdNIlf.exe
  C:\Windows\System\XAdNIlf.exe
  2⤵
  PID:1516
- C:\Windows\System\gxbqFOJ.exe
  C:\Windows\System\gxbqFOJ.exe
  2⤵
  PID:3584
- C:\Windows\System\nRjpDOa.exe
  C:\Windows\System\nRjpDOa.exe
  2⤵
  PID:1860
- C:\Windows\System\YMPFBnJ.exe
  C:\Windows\System\YMPFBnJ.exe
  2⤵
  PID:6060
- C:\Windows\System\UxqnQHn.exe
  C:\Windows\System\UxqnQHn.exe
  2⤵
  PID:1568
- C:\Windows\System\KwcZoVy.exe
  C:\Windows\System\KwcZoVy.exe
  2⤵
  PID:888
- C:\Windows\System\SikTQLo.exe
  C:\Windows\System\SikTQLo.exe
  2⤵
  PID:556
- C:\Windows\System\FYSlDui.exe
  C:\Windows\System\FYSlDui.exe
  2⤵
  PID:1580
- C:\Windows\System\ZBubvdl.exe
  C:\Windows\System\ZBubvdl.exe
  2⤵
  PID:1936
- C:\Windows\System\diOSuKh.exe
  C:\Windows\System\diOSuKh.exe
  2⤵
  PID:5376
- C:\Windows\System\mJmhPGn.exe
  C:\Windows\System\mJmhPGn.exe
  2⤵
  PID:3544
- C:\Windows\System\bHjEwAr.exe
  C:\Windows\System\bHjEwAr.exe
  2⤵
  PID:5424
- C:\Windows\System\ShKcJla.exe
  C:\Windows\System\ShKcJla.exe
  2⤵
  PID:5044
- C:\Windows\System\LmSaVaL.exe
  C:\Windows\System\LmSaVaL.exe
  2⤵
  PID:1532
- C:\Windows\System\YTwMWRD.exe
  C:\Windows\System\YTwMWRD.exe
  2⤵
  PID:5004
- C:\Windows\System\BqCxAYT.exe
  C:\Windows\System\BqCxAYT.exe
  2⤵
  PID:2300
- C:\Windows\System\JCUQieK.exe
  C:\Windows\System\JCUQieK.exe
  2⤵
  PID:4324
- C:\Windows\System\fgWkkhE.exe
  C:\Windows\System\fgWkkhE.exe
  2⤵
  PID:756
- C:\Windows\System\JHTHlnM.exe
  C:\Windows\System\JHTHlnM.exe
  2⤵
  PID:2440
- C:\Windows\System\ZYOhNHp.exe
  C:\Windows\System\ZYOhNHp.exe
  2⤵
  PID:5440
- C:\Windows\System\MfhFXPY.exe
  C:\Windows\System\MfhFXPY.exe
  2⤵
  PID:5240
- C:\Windows\System\HcueYsd.exe
  C:\Windows\System\HcueYsd.exe
  2⤵
  PID:6096
- C:\Windows\System\OXuAOep.exe
  C:\Windows\System\OXuAOep.exe
  2⤵
  PID:5908
- C:\Windows\System\ANdgNkE.exe
  C:\Windows\System\ANdgNkE.exe
  2⤵
  PID:2052
- C:\Windows\System\jsRlGse.exe
  C:\Windows\System\jsRlGse.exe
  2⤵
  PID:3716
- C:\Windows\System\JjeKEdZ.exe
  C:\Windows\System\JjeKEdZ.exe
  2⤵
  PID:820
- C:\Windows\System\ToSWHQq.exe
  C:\Windows\System\ToSWHQq.exe
  2⤵
  PID:1624
- C:\Windows\System\vGaxZBH.exe
  C:\Windows\System\vGaxZBH.exe
  2⤵
  PID:1488
- C:\Windows\System\rHhOuxT.exe
  C:\Windows\System\rHhOuxT.exe
  2⤵
  PID:3496
- C:\Windows\System\xvLAfDP.exe
  C:\Windows\System\xvLAfDP.exe
  2⤵
  PID:1116
- C:\Windows\System\RZhRqGW.exe
  C:\Windows\System\RZhRqGW.exe
  2⤵
  PID:2264
- C:\Windows\System\FTIccWh.exe
  C:\Windows\System\FTIccWh.exe
  2⤵
  PID:496
- C:\Windows\System\efpfays.exe
  C:\Windows\System\efpfays.exe
  2⤵
  PID:2004
- C:\Windows\System\hmrScJJ.exe
  C:\Windows\System\hmrScJJ.exe
  2⤵
  PID:4968
- C:\Windows\System\PTVxgFk.exe
  C:\Windows\System\PTVxgFk.exe
  2⤵
  PID:5680
- C:\Windows\System\pJCIzJv.exe
  C:\Windows\System\pJCIzJv.exe
  2⤵
  PID:5676
- C:\Windows\System\NjbKIeO.exe
  C:\Windows\System\NjbKIeO.exe
  2⤵
  PID:6180
- C:\Windows\System\JMjwkrQ.exe
  C:\Windows\System\JMjwkrQ.exe
  2⤵
  PID:6208
- C:\Windows\System\aKoEhaA.exe
  C:\Windows\System\aKoEhaA.exe
  2⤵
  PID:6252
- C:\Windows\System\MKMmjkP.exe
  C:\Windows\System\MKMmjkP.exe
  2⤵
  PID:6272
- C:\Windows\System\IZVcTxY.exe
  C:\Windows\System\IZVcTxY.exe
  2⤵
  PID:6296
- C:\Windows\System\zygzzVx.exe
  C:\Windows\System\zygzzVx.exe
  2⤵
  PID:6320
- C:\Windows\System\cUlbqGH.exe
  C:\Windows\System\cUlbqGH.exe
  2⤵
  PID:6336
- C:\Windows\System\ILLVsva.exe
  C:\Windows\System\ILLVsva.exe
  2⤵
  PID:6364
- C:\Windows\System\qUCTKsh.exe
  C:\Windows\System\qUCTKsh.exe
  2⤵
  PID:6392
- C:\Windows\System\FRPxuAy.exe
  C:\Windows\System\FRPxuAy.exe
  2⤵
  PID:6456
- C:\Windows\System\RsEEdkj.exe
  C:\Windows\System\RsEEdkj.exe
  2⤵
  PID:6480
- C:\Windows\System\tMXdVAZ.exe
  C:\Windows\System\tMXdVAZ.exe
  2⤵
  PID:6540
- C:\Windows\System\cEyVdBD.exe
  C:\Windows\System\cEyVdBD.exe
  2⤵
  PID:6596
- C:\Windows\System\ETdwAnO.exe
  C:\Windows\System\ETdwAnO.exe
  2⤵
  PID:6620
- C:\Windows\System\tXwjCIA.exe
  C:\Windows\System\tXwjCIA.exe
  2⤵
  PID:6636
- C:\Windows\System\ZwNyWvV.exe
  C:\Windows\System\ZwNyWvV.exe
  2⤵
  PID:6656
- C:\Windows\System\mLMXxPr.exe
  C:\Windows\System\mLMXxPr.exe
  2⤵
  PID:6684
- C:\Windows\System\PXTsAEa.exe
  C:\Windows\System\PXTsAEa.exe
  2⤵
  PID:6720
- C:\Windows\System\SgEKAaq.exe
  C:\Windows\System\SgEKAaq.exe
  2⤵
  PID:6760
- C:\Windows\System\tAomHlV.exe
  C:\Windows\System\tAomHlV.exe
  2⤵
  PID:6780
- C:\Windows\System\jGHPvhm.exe
  C:\Windows\System\jGHPvhm.exe
  2⤵
  PID:6796
- C:\Windows\System\YAVFakz.exe
  C:\Windows\System\YAVFakz.exe
  2⤵
  PID:6820
- C:\Windows\System\MapLGXE.exe
  C:\Windows\System\MapLGXE.exe
  2⤵
  PID:6840
- C:\Windows\System\zyDxwzU.exe
  C:\Windows\System\zyDxwzU.exe
  2⤵
  PID:6876
- C:\Windows\System\UIZRTGo.exe
  C:\Windows\System\UIZRTGo.exe
  2⤵
  PID:6896
- C:\Windows\System\GutebkN.exe
  C:\Windows\System\GutebkN.exe
  2⤵
  PID:6916
- C:\Windows\System\bwNBcNM.exe
  C:\Windows\System\bwNBcNM.exe
  2⤵
  PID:6936
- C:\Windows\System\lyhuBmZ.exe
  C:\Windows\System\lyhuBmZ.exe
  2⤵
  PID:6972
- C:\Windows\System\XdpXjpq.exe
  C:\Windows\System\XdpXjpq.exe
  2⤵
  PID:6992
- C:\Windows\System\HpAXKqa.exe
  C:\Windows\System\HpAXKqa.exe
  2⤵
  PID:7016
- C:\Windows\System\xwtzQSw.exe
  C:\Windows\System\xwtzQSw.exe
  2⤵
  PID:7036
- C:\Windows\System\fJIRPWV.exe
  C:\Windows\System\fJIRPWV.exe
  2⤵
  PID:7064
- C:\Windows\System\CukZmwa.exe
  C:\Windows\System\CukZmwa.exe
  2⤵
  PID:7080
- C:\Windows\System\KcHpKHa.exe
  C:\Windows\System\KcHpKHa.exe
  2⤵
  PID:7100
- C:\Windows\System\qvoqXWB.exe
  C:\Windows\System\qvoqXWB.exe
  2⤵
  PID:7124
- C:\Windows\System\fhlircL.exe
  C:\Windows\System\fhlircL.exe
  2⤵
  PID:7144
- C:\Windows\System\ZamnGoa.exe
  C:\Windows\System\ZamnGoa.exe
  2⤵
  PID:7164
- C:\Windows\System\MWIOLVD.exe
  C:\Windows\System\MWIOLVD.exe
  2⤵
  PID:6160
- C:\Windows\System\IRZTrqN.exe
  C:\Windows\System\IRZTrqN.exe
  2⤵
  PID:2476
- C:\Windows\System\euTDdcY.exe
  C:\Windows\System\euTDdcY.exe
  2⤵
  PID:6344
- C:\Windows\System\xMXbpIq.exe
  C:\Windows\System\xMXbpIq.exe
  2⤵
  PID:6384
- C:\Windows\System\GJnCyWb.exe
  C:\Windows\System\GJnCyWb.exe
  2⤵
  PID:6496
- C:\Windows\System\oQbvBLT.exe
  C:\Windows\System\oQbvBLT.exe
  2⤵
  PID:6444
- C:\Windows\System\ZaznqvJ.exe
  C:\Windows\System\ZaznqvJ.exe
  2⤵
  PID:6576
- C:\Windows\System\XrOaUpb.exe
  C:\Windows\System\XrOaUpb.exe
  2⤵
  PID:6648
- C:\Windows\System\oHgXNfs.exe
  C:\Windows\System\oHgXNfs.exe
  2⤵
  PID:6696
- C:\Windows\System\kXhpjPD.exe
  C:\Windows\System\kXhpjPD.exe
  2⤵
  PID:6768
- C:\Windows\System\lJKqrDl.exe
  C:\Windows\System\lJKqrDl.exe
  2⤵
  PID:6412
- C:\Windows\System\MSlSXtQ.exe
  C:\Windows\System\MSlSXtQ.exe
  2⤵
  PID:6788
- C:\Windows\System\CIHhFlT.exe
  C:\Windows\System\CIHhFlT.exe
  2⤵
  PID:6860
- C:\Windows\System\tqgaFlR.exe
  C:\Windows\System\tqgaFlR.exe
  2⤵
  PID:6956
- C:\Windows\System\VNtaoDg.exe
  C:\Windows\System\VNtaoDg.exe
  2⤵
  PID:6980
- C:\Windows\System\PPYFJXG.exe
  C:\Windows\System\PPYFJXG.exe
  2⤵
  PID:7028
- C:\Windows\System\bHYsWDe.exe
  C:\Windows\System\bHYsWDe.exe
  2⤵
  PID:7060
- C:\Windows\System\QIVygXA.exe
  C:\Windows\System\QIVygXA.exe
  2⤵
  PID:7092
- C:\Windows\System\RzRIuhv.exe
  C:\Windows\System\RzRIuhv.exe
  2⤵
  PID:6176
- C:\Windows\System\JeMeQFV.exe
  C:\Windows\System\JeMeQFV.exe
  2⤵
  PID:6428
- C:\Windows\System\oIvQcje.exe
  C:\Windows\System\oIvQcje.exe
  2⤵
  PID:6356
- C:\Windows\System\HOKkQLf.exe
  C:\Windows\System\HOKkQLf.exe
  2⤵
  PID:6680
- C:\Windows\System\DuWXvGy.exe
  C:\Windows\System\DuWXvGy.exe
  2⤵
  PID:7152
- C:\Windows\System\pHHWtCl.exe
  C:\Windows\System\pHHWtCl.exe
  2⤵
  PID:7112
- C:\Windows\System\fPmVivO.exe
  C:\Windows\System\fPmVivO.exe
  2⤵
  PID:6216
- C:\Windows\System\lvWJdDe.exe
  C:\Windows\System\lvWJdDe.exe
  2⤵
  PID:2364
- C:\Windows\System\DuUEUJZ.exe
  C:\Windows\System\DuUEUJZ.exe
  2⤵
  PID:6932
- C:\Windows\System\FzqDevS.exe
  C:\Windows\System\FzqDevS.exe
  2⤵
  PID:6968
- C:\Windows\System\IDrYGpK.exe
  C:\Windows\System\IDrYGpK.exe
  2⤵
  PID:7200
- C:\Windows\System\DcTtqoi.exe
  C:\Windows\System\DcTtqoi.exe
  2⤵
  PID:7216
- C:\Windows\System\OUMszbn.exe
  C:\Windows\System\OUMszbn.exe
  2⤵
  PID:7236
- C:\Windows\System\VsJegjF.exe
  C:\Windows\System\VsJegjF.exe
  2⤵
  PID:7256
- C:\Windows\System\oRfOznM.exe
  C:\Windows\System\oRfOznM.exe
  2⤵
  PID:7288
- C:\Windows\System\cjhUNyi.exe
  C:\Windows\System\cjhUNyi.exe
  2⤵
  PID:7308
- C:\Windows\System\ccCuvSr.exe
  C:\Windows\System\ccCuvSr.exe
  2⤵
  PID:7328
- C:\Windows\System\xTNHysA.exe
  C:\Windows\System\xTNHysA.exe
  2⤵
  PID:7360
- C:\Windows\System\tmQXlXL.exe
  C:\Windows\System\tmQXlXL.exe
  2⤵
  PID:7404
- C:\Windows\System\jxkvgPt.exe
  C:\Windows\System\jxkvgPt.exe
  2⤵
  PID:7460
- C:\Windows\System\XrFXFAp.exe
  C:\Windows\System\XrFXFAp.exe
  2⤵
  PID:7476
- C:\Windows\System\GEhHmVS.exe
  C:\Windows\System\GEhHmVS.exe
  2⤵
  PID:7496
- C:\Windows\System\tAjNZyq.exe
  C:\Windows\System\tAjNZyq.exe
  2⤵
  PID:7532
- C:\Windows\System\PLpZYlK.exe
  C:\Windows\System\PLpZYlK.exe
  2⤵
  PID:7548
- C:\Windows\System\DjHTwsA.exe
  C:\Windows\System\DjHTwsA.exe
  2⤵
  PID:7568
- C:\Windows\System\VNYApwc.exe
  C:\Windows\System\VNYApwc.exe
  2⤵
  PID:7588
- C:\Windows\System\QXdnhaX.exe
  C:\Windows\System\QXdnhaX.exe
  2⤵
  PID:7636
- C:\Windows\System\GERGxcb.exe
  C:\Windows\System\GERGxcb.exe
  2⤵
  PID:7656
- C:\Windows\System\KpzSvWE.exe
  C:\Windows\System\KpzSvWE.exe
  2⤵
  PID:7680
- C:\Windows\System\rCVpgvG.exe
  C:\Windows\System\rCVpgvG.exe
  2⤵
  PID:7700
- C:\Windows\System\QfvHrBi.exe
  C:\Windows\System\QfvHrBi.exe
  2⤵
  PID:7720
- C:\Windows\System\zZcfFBu.exe
  C:\Windows\System\zZcfFBu.exe
  2⤵
  PID:7740
- C:\Windows\System\qJpRTqZ.exe
  C:\Windows\System\qJpRTqZ.exe
  2⤵
  PID:7784
- C:\Windows\System\KrKmife.exe
  C:\Windows\System\KrKmife.exe
  2⤵
  PID:7832
- C:\Windows\System\pMdAqoM.exe
  C:\Windows\System\pMdAqoM.exe
  2⤵
  PID:7860
- C:\Windows\System\IFfYaos.exe
  C:\Windows\System\IFfYaos.exe
  2⤵
  PID:7880
- C:\Windows\System\BTkQDSP.exe
  C:\Windows\System\BTkQDSP.exe
  2⤵
  PID:7928
- C:\Windows\System\kdZKVyh.exe
  C:\Windows\System\kdZKVyh.exe
  2⤵
  PID:7952
- C:\Windows\System\NypXlFf.exe
  C:\Windows\System\NypXlFf.exe
  2⤵
  PID:8000
- C:\Windows\System\GgsLFZN.exe
  C:\Windows\System\GgsLFZN.exe
  2⤵
  PID:8016
- C:\Windows\System\MGEKgnW.exe
  C:\Windows\System\MGEKgnW.exe
  2⤵
  PID:8032
- C:\Windows\System\YEvMyVT.exe
  C:\Windows\System\YEvMyVT.exe
  2⤵
  PID:8056
- C:\Windows\System\zvYVnyO.exe
  C:\Windows\System\zvYVnyO.exe
  2⤵
  PID:8076
- C:\Windows\System\kYyImWv.exe
  C:\Windows\System\kYyImWv.exe
  2⤵
  PID:8092
- C:\Windows\System\BfwxnQX.exe
  C:\Windows\System\BfwxnQX.exe
  2⤵
  PID:8112
- C:\Windows\System\bCJHxUL.exe
  C:\Windows\System\bCJHxUL.exe
  2⤵
  PID:8164
- C:\Windows\System\mvLcHLz.exe
  C:\Windows\System\mvLcHLz.exe
  2⤵
  PID:8184
- C:\Windows\System\JGZcZlZ.exe
  C:\Windows\System\JGZcZlZ.exe
  2⤵
  PID:6964
- C:\Windows\System\WwSqapy.exe
  C:\Windows\System\WwSqapy.exe
  2⤵
  PID:7228
- C:\Windows\System\ntQzmtQ.exe
  C:\Windows\System\ntQzmtQ.exe
  2⤵
  PID:7248
- C:\Windows\System\qDOGzcQ.exe
  C:\Windows\System\qDOGzcQ.exe
  2⤵
  PID:7356
- C:\Windows\System\GUgrUPf.exe
  C:\Windows\System\GUgrUPf.exe
  2⤵
  PID:7396
- C:\Windows\System\kXBkdGn.exe
  C:\Windows\System\kXBkdGn.exe
  2⤵
  PID:7440
- C:\Windows\System\rcfMBNl.exe
  C:\Windows\System\rcfMBNl.exe
  2⤵
  PID:7436
- C:\Windows\System\dkYQDQz.exe
  C:\Windows\System\dkYQDQz.exe
  2⤵
  PID:6440
- C:\Windows\System\fMgpCWE.exe
  C:\Windows\System\fMgpCWE.exe
  2⤵
  PID:7584
- C:\Windows\System\ekOohhC.exe
  C:\Windows\System\ekOohhC.exe
  2⤵
  PID:7716
- C:\Windows\System\UPVOyen.exe
  C:\Windows\System\UPVOyen.exe
  2⤵
  PID:7768
- C:\Windows\System\mgVsVvx.exe
  C:\Windows\System\mgVsVvx.exe
  2⤵
  PID:7920
- C:\Windows\System\yIYVkdb.exe
  C:\Windows\System\yIYVkdb.exe
  2⤵
  PID:7944
- C:\Windows\System\hfuiAue.exe
  C:\Windows\System\hfuiAue.exe
  2⤵
  PID:8008
- C:\Windows\System\bYChTMO.exe
  C:\Windows\System\bYChTMO.exe
  2⤵
  PID:8064
- C:\Windows\System\VUGZtrS.exe
  C:\Windows\System\VUGZtrS.exe
  2⤵
  PID:8072
- C:\Windows\System\FhAZqlw.exe
  C:\Windows\System\FhAZqlw.exe
  2⤵
  PID:8136
- C:\Windows\System\VfSKffJ.exe
  C:\Windows\System\VfSKffJ.exe
  2⤵
  PID:7004
- C:\Windows\System\nNIcBoi.exe
  C:\Windows\System\nNIcBoi.exe
  2⤵
  PID:7192
- C:\Windows\System\gcSNllD.exe
  C:\Windows\System\gcSNllD.exe
  2⤵
  PID:7792
- C:\Windows\System\LghmiaF.exe
  C:\Windows\System\LghmiaF.exe
  2⤵
  PID:7284
- C:\Windows\System\MdGRhtV.exe
  C:\Windows\System\MdGRhtV.exe
  2⤵
  PID:8084
- C:\Windows\System\RGHgfkn.exe
  C:\Windows\System\RGHgfkn.exe
  2⤵
  PID:8108
- C:\Windows\System\FNhRGUx.exe
  C:\Windows\System\FNhRGUx.exe
  2⤵
  PID:7448
- C:\Windows\System\KjzKkgW.exe
  C:\Windows\System\KjzKkgW.exe
  2⤵
  PID:7412
- C:\Windows\System\rCthhGQ.exe
  C:\Windows\System\rCthhGQ.exe
  2⤵
  PID:8148
- C:\Windows\System\pUNRQix.exe
  C:\Windows\System\pUNRQix.exe
  2⤵
  PID:8212
- C:\Windows\System\ICawflA.exe
  C:\Windows\System\ICawflA.exe
  2⤵
  PID:8236
- C:\Windows\System\luYBGGE.exe
  C:\Windows\System\luYBGGE.exe
  2⤵
  PID:8256
- C:\Windows\System\TaOEVNa.exe
  C:\Windows\System\TaOEVNa.exe
  2⤵
  PID:8292
- C:\Windows\System\HJTIRpD.exe
  C:\Windows\System\HJTIRpD.exe
  2⤵
  PID:8308
- C:\Windows\System\YMaHhQG.exe
  C:\Windows\System\YMaHhQG.exe
  2⤵
  PID:8344
- C:\Windows\System\fuyLulM.exe
  C:\Windows\System\fuyLulM.exe
  2⤵
  PID:8364
- C:\Windows\System\VUxXlmV.exe
  C:\Windows\System\VUxXlmV.exe
  2⤵
  PID:8396
- C:\Windows\System\YkxUoDJ.exe
  C:\Windows\System\YkxUoDJ.exe
  2⤵
  PID:8440
- C:\Windows\System\uhzZgbo.exe
  C:\Windows\System\uhzZgbo.exe
  2⤵
  PID:8460
- C:\Windows\System\zZrXPnP.exe
  C:\Windows\System\zZrXPnP.exe
  2⤵
  PID:8480
- C:\Windows\System\QOALjmg.exe
  C:\Windows\System\QOALjmg.exe
  2⤵
  PID:8500
- C:\Windows\System\gZYNveS.exe
  C:\Windows\System\gZYNveS.exe
  2⤵
  PID:8528
- C:\Windows\System\CJAfwZo.exe
  C:\Windows\System\CJAfwZo.exe
  2⤵
  PID:8576
- C:\Windows\System\GRGiwGX.exe
  C:\Windows\System\GRGiwGX.exe
  2⤵
  PID:8608
- C:\Windows\System\AqsQyWD.exe
  C:\Windows\System\AqsQyWD.exe
  2⤵
  PID:8628
- C:\Windows\System\mQgDSFV.exe
  C:\Windows\System\mQgDSFV.exe
  2⤵
  PID:8652
- C:\Windows\System\biVupxX.exe
  C:\Windows\System\biVupxX.exe
  2⤵
  PID:8668
- C:\Windows\System\QcZbxfA.exe
  C:\Windows\System\QcZbxfA.exe
  2⤵
  PID:8692
- C:\Windows\System\PvGXgqm.exe
  C:\Windows\System\PvGXgqm.exe
  2⤵
  PID:8720
- C:\Windows\System\BtOfoSj.exe
  C:\Windows\System\BtOfoSj.exe
  2⤵
  PID:8756
- C:\Windows\System\ojaephL.exe
  C:\Windows\System\ojaephL.exe
  2⤵
  PID:8792
- C:\Windows\System\GgzJufc.exe
  C:\Windows\System\GgzJufc.exe
  2⤵
  PID:8820
- C:\Windows\System\HiKuWGa.exe
  C:\Windows\System\HiKuWGa.exe
  2⤵
  PID:8844
- C:\Windows\System\TkUBAoS.exe
  C:\Windows\System\TkUBAoS.exe
  2⤵
  PID:8864
- C:\Windows\System\euymIgJ.exe
  C:\Windows\System\euymIgJ.exe
  2⤵
  PID:8884
- C:\Windows\System\DuvPsng.exe
  C:\Windows\System\DuvPsng.exe
  2⤵
  PID:8924
- C:\Windows\System\AtcJztn.exe
  C:\Windows\System\AtcJztn.exe
  2⤵
  PID:8944
- C:\Windows\System\EHbtvsi.exe
  C:\Windows\System\EHbtvsi.exe
  2⤵
  PID:8964
- C:\Windows\System\iBnlRnS.exe
  C:\Windows\System\iBnlRnS.exe
  2⤵
  PID:8988
- C:\Windows\System\fNHRNTs.exe
  C:\Windows\System\fNHRNTs.exe
  2⤵
  PID:9012
- C:\Windows\System\TeryEAH.exe
  C:\Windows\System\TeryEAH.exe
  2⤵
  PID:9032
- C:\Windows\System\aAfOscr.exe
  C:\Windows\System\aAfOscr.exe
  2⤵
  PID:9052
- C:\Windows\System\SUMpYmL.exe
  C:\Windows\System\SUMpYmL.exe
  2⤵
  PID:9072
- C:\Windows\System\LzCzsEG.exe
  C:\Windows\System\LzCzsEG.exe
  2⤵
  PID:9152
- C:\Windows\System\iiDSWAJ.exe
  C:\Windows\System\iiDSWAJ.exe
  2⤵
  PID:9168
- C:\Windows\System\KRCzbih.exe
  C:\Windows\System\KRCzbih.exe
  2⤵
  PID:9208
- C:\Windows\System\swDUgDu.exe
  C:\Windows\System\swDUgDu.exe
  2⤵
  PID:7668
- C:\Windows\System\OoOeEcA.exe
  C:\Windows\System\OoOeEcA.exe
  2⤵
  PID:8248
- C:\Windows\System\wqTdqbd.exe
  C:\Windows\System\wqTdqbd.exe
  2⤵
  PID:8316
- C:\Windows\System\KCKykmw.exe
  C:\Windows\System\KCKykmw.exe
  2⤵
  PID:8336
- C:\Windows\System\gohvXSW.exe
  C:\Windows\System\gohvXSW.exe
  2⤵
  PID:8616
- C:\Windows\System\twpDPAH.exe
  C:\Windows\System\twpDPAH.exe
  2⤵
  PID:8676
- C:\Windows\System\DtcPNwT.exe
  C:\Windows\System\DtcPNwT.exe
  2⤵
  PID:8788
- C:\Windows\System\NfHVSyj.exe
  C:\Windows\System\NfHVSyj.exe
  2⤵
  PID:8856
- C:\Windows\System\OiEUHAN.exe
  C:\Windows\System\OiEUHAN.exe
  2⤵
  PID:8936
- C:\Windows\System\VyvSjAg.exe
  C:\Windows\System\VyvSjAg.exe
  2⤵
  PID:9004
- C:\Windows\System\djsVfXP.exe
  C:\Windows\System\djsVfXP.exe
  2⤵
  PID:9104
- C:\Windows\System\vpelWeZ.exe
  C:\Windows\System\vpelWeZ.exe
  2⤵
  PID:9112
- C:\Windows\System\LKTzdvc.exe
  C:\Windows\System\LKTzdvc.exe
  2⤵
  PID:9188
- C:\Windows\System\QVXsiDo.exe
  C:\Windows\System\QVXsiDo.exe
  2⤵
  PID:7816
- C:\Windows\System\idwBKvX.exe
  C:\Windows\System\idwBKvX.exe
  2⤵
  PID:8220
- C:\Windows\System\iFWlaCX.exe
  C:\Windows\System\iFWlaCX.exe
  2⤵
  PID:8420
- C:\Windows\System\bGdcnLJ.exe
  C:\Windows\System\bGdcnLJ.exe
  2⤵
  PID:8648
- C:\Windows\System\ODouKSm.exe
  C:\Windows\System\ODouKSm.exe
  2⤵
  PID:8416
- C:\Windows\System\LCbGztu.exe
  C:\Windows\System\LCbGztu.exe
  2⤵
  PID:8548
- C:\Windows\System\kuIYbjh.exe
  C:\Windows\System\kuIYbjh.exe
  2⤵
  PID:9068
- C:\Windows\System\RiDNtoH.exe
  C:\Windows\System\RiDNtoH.exe
  2⤵
  PID:8972
- C:\Windows\System\sMHdvmA.exe
  C:\Windows\System\sMHdvmA.exe
  2⤵
  PID:9200
- C:\Windows\System\dpWsQQC.exe
  C:\Windows\System\dpWsQQC.exe
  2⤵
  PID:8376
- C:\Windows\System\fprnJSp.exe
  C:\Windows\System\fprnJSp.exe
  2⤵
  PID:8832
- C:\Windows\System\qwmwXXo.exe
  C:\Windows\System\qwmwXXo.exe
  2⤵
  PID:8752
- C:\Windows\System\LBYBAAV.exe
  C:\Windows\System\LBYBAAV.exe
  2⤵
  PID:8476
- C:\Windows\System\wVRdmAf.exe
  C:\Windows\System\wVRdmAf.exe
  2⤵
  PID:9228
- C:\Windows\System\cahyVOm.exe
  C:\Windows\System\cahyVOm.exe
  2⤵
  PID:9260
- C:\Windows\System\unjcQWf.exe
  C:\Windows\System\unjcQWf.exe
  2⤵
  PID:9284
- C:\Windows\System\tTsarqQ.exe
  C:\Windows\System\tTsarqQ.exe
  2⤵
  PID:9304
- C:\Windows\System\BWwGMyQ.exe
  C:\Windows\System\BWwGMyQ.exe
  2⤵
  PID:9324
- C:\Windows\System\vaQaJKB.exe
  C:\Windows\System\vaQaJKB.exe
  2⤵
  PID:9344
- C:\Windows\System\LUiKxJa.exe
  C:\Windows\System\LUiKxJa.exe
  2⤵
  PID:9360
- C:\Windows\System\FHjNITk.exe
  C:\Windows\System\FHjNITk.exe
  2⤵
  PID:9388
- C:\Windows\System\kXFcUnk.exe
  C:\Windows\System\kXFcUnk.exe
  2⤵
  PID:9404
- C:\Windows\System\CWtwDaJ.exe
  C:\Windows\System\CWtwDaJ.exe
  2⤵
  PID:9472
- C:\Windows\System\hokMqsq.exe
  C:\Windows\System\hokMqsq.exe
  2⤵
  PID:9500
- C:\Windows\System\lkpLSke.exe
  C:\Windows\System\lkpLSke.exe
  2⤵
  PID:9516
- C:\Windows\System\FjHxXnh.exe
  C:\Windows\System\FjHxXnh.exe
  2⤵
  PID:9540
- C:\Windows\System\RYUWYkf.exe
  C:\Windows\System\RYUWYkf.exe
  2⤵
  PID:9580
- C:\Windows\System\uvvjlGJ.exe
  C:\Windows\System\uvvjlGJ.exe
  2⤵
  PID:9596
- C:\Windows\System\wQstiey.exe
  C:\Windows\System\wQstiey.exe
  2⤵
  PID:9644
- C:\Windows\System\eAfSLxm.exe
  C:\Windows\System\eAfSLxm.exe
  2⤵
  PID:9668
- C:\Windows\System\YpZYVBf.exe
  C:\Windows\System\YpZYVBf.exe
  2⤵
  PID:9696
- C:\Windows\System\jhsZhtt.exe
  C:\Windows\System\jhsZhtt.exe
  2⤵
  PID:9724
- C:\Windows\System\jawwVjD.exe
  C:\Windows\System\jawwVjD.exe
  2⤵
  PID:9744
- C:\Windows\System\bCSDnFm.exe
  C:\Windows\System\bCSDnFm.exe
  2⤵
  PID:9780
- C:\Windows\System\cQeZAes.exe
  C:\Windows\System\cQeZAes.exe
  2⤵
  PID:9796
- C:\Windows\System\DXxIRgf.exe
  C:\Windows\System\DXxIRgf.exe
  2⤵
  PID:9828
- C:\Windows\System\NhLNNIQ.exe
  C:\Windows\System\NhLNNIQ.exe
  2⤵
  PID:9864
- C:\Windows\System\pbtsIrc.exe
  C:\Windows\System\pbtsIrc.exe
  2⤵
  PID:9892
- C:\Windows\System\wxDeWYM.exe
  C:\Windows\System\wxDeWYM.exe
  2⤵
  PID:9912
- C:\Windows\System\sKnxWNi.exe
  C:\Windows\System\sKnxWNi.exe
  2⤵
  PID:9940
- C:\Windows\System\PeqKRQB.exe
  C:\Windows\System\PeqKRQB.exe
  2⤵
  PID:9956
- C:\Windows\System\rwQztzG.exe
  C:\Windows\System\rwQztzG.exe
  2⤵
  PID:9996
- C:\Windows\System\opHodLa.exe
  C:\Windows\System\opHodLa.exe
  2⤵
  PID:10044
- C:\Windows\System\klWIzQb.exe
  C:\Windows\System\klWIzQb.exe
  2⤵
  PID:10080
- C:\Windows\System\YXzKexy.exe
  C:\Windows\System\YXzKexy.exe
  2⤵
  PID:10104
- C:\Windows\System\bMIeRTx.exe
  C:\Windows\System\bMIeRTx.exe
  2⤵
  PID:10128
- C:\Windows\System\PJPFzPG.exe
  C:\Windows\System\PJPFzPG.exe
  2⤵
  PID:10164
- C:\Windows\System\LlCFZPl.exe
  C:\Windows\System\LlCFZPl.exe
  2⤵
  PID:10188
- C:\Windows\System\vZuuqOF.exe
  C:\Windows\System\vZuuqOF.exe
  2⤵
  PID:10228
- C:\Windows\System\fvfpuzi.exe
  C:\Windows\System\fvfpuzi.exe
  2⤵
  PID:8588
- C:\Windows\System\bjyflhD.exe
  C:\Windows\System\bjyflhD.exe
  2⤵
  PID:8524
- C:\Windows\System\GgYiWrc.exe
  C:\Windows\System\GgYiWrc.exe
  2⤵
  PID:9252
- C:\Windows\System\KbnrpdG.exe
  C:\Windows\System\KbnrpdG.exe
  2⤵
  PID:9380
- C:\Windows\System\wKrAyjo.exe
  C:\Windows\System\wKrAyjo.exe
  2⤵
  PID:9400
- C:\Windows\System\MFleVSH.exe
  C:\Windows\System\MFleVSH.exe
  2⤵
  PID:9372
- C:\Windows\System\csCnTmQ.exe
  C:\Windows\System\csCnTmQ.exe
  2⤵
  PID:9424
- C:\Windows\System\FKXDJxl.exe
  C:\Windows\System\FKXDJxl.exe
  2⤵
  PID:9560
- C:\Windows\System\uIgYTVd.exe
  C:\Windows\System\uIgYTVd.exe
  2⤵
  PID:9664
- C:\Windows\System\QKVTDNG.exe
  C:\Windows\System\QKVTDNG.exe
  2⤵
  PID:9736
- C:\Windows\System\yhpZkLN.exe
  C:\Windows\System\yhpZkLN.exe
  2⤵
  PID:9804
- C:\Windows\System\CKPLZWj.exe
  C:\Windows\System\CKPLZWj.exe
  2⤵
  PID:9860
- C:\Windows\System\KsFeIPZ.exe
  C:\Windows\System\KsFeIPZ.exe
  2⤵
  PID:9908
- C:\Windows\System\vInJMyV.exe
  C:\Windows\System\vInJMyV.exe
  2⤵
  PID:9952
- C:\Windows\System\SsLfZPA.exe
  C:\Windows\System\SsLfZPA.exe
  2⤵
  PID:10056
- C:\Windows\System\cVhnwuL.exe
  C:\Windows\System\cVhnwuL.exe
  2⤵
  PID:10100
- C:\Windows\System\GtqZucb.exe
  C:\Windows\System\GtqZucb.exe
  2⤵
  PID:10180
- C:\Windows\System\eVpCbQp.exe
  C:\Windows\System\eVpCbQp.exe
  2⤵
  PID:9224
- C:\Windows\System\xKZwmui.exe
  C:\Windows\System\xKZwmui.exe
  2⤵
  PID:9468
- C:\Windows\System\HHdJjzw.exe
  C:\Windows\System\HHdJjzw.exe
  2⤵
  PID:9536
- C:\Windows\System\CMVNjBs.exe
  C:\Windows\System\CMVNjBs.exe
  2⤵
  PID:9764
- C:\Windows\System\RENDqgn.exe
  C:\Windows\System\RENDqgn.exe
  2⤵
  PID:9980
- C:\Windows\System\YEumVgV.exe
  C:\Windows\System\YEumVgV.exe
  2⤵
  PID:9880
- C:\Windows\System\LzDRlPg.exe
  C:\Windows\System\LzDRlPg.exe
  2⤵
  PID:10072
- C:\Windows\System\yTGmsCH.exe
  C:\Windows\System\yTGmsCH.exe
  2⤵
  PID:10156
- C:\Windows\System\jSgeHys.exe
  C:\Windows\System\jSgeHys.exe
  2⤵
  PID:9292
- C:\Windows\System\jUDVaik.exe
  C:\Windows\System\jUDVaik.exe
  2⤵
  PID:9592
- C:\Windows\System\XYHzCbq.exe
  C:\Windows\System\XYHzCbq.exe
  2⤵
  PID:10252
- C:\Windows\System\XnnNuHo.exe
  C:\Windows\System\XnnNuHo.exe
  2⤵
  PID:10288
- C:\Windows\System\XZdJfsG.exe
  C:\Windows\System\XZdJfsG.exe
  2⤵
  PID:10304
- C:\Windows\System\KAeEMUT.exe
  C:\Windows\System\KAeEMUT.exe
  2⤵
  PID:10324
- C:\Windows\System\mzPfKTb.exe
  C:\Windows\System\mzPfKTb.exe
  2⤵
  PID:10400
- C:\Windows\System\mnSyNis.exe
  C:\Windows\System\mnSyNis.exe
  2⤵
  PID:10420
- C:\Windows\System\RSXolHA.exe
  C:\Windows\System\RSXolHA.exe
  2⤵
  PID:10440
- C:\Windows\System\zWPUOol.exe
  C:\Windows\System\zWPUOol.exe
  2⤵
  PID:10472
- C:\Windows\System\kIEIcQv.exe
  C:\Windows\System\kIEIcQv.exe
  2⤵
  PID:10488
- C:\Windows\System\kNNVlVI.exe
  C:\Windows\System\kNNVlVI.exe
  2⤵
  PID:10508
- C:\Windows\System\keaqwLn.exe
  C:\Windows\System\keaqwLn.exe
  2⤵
  PID:10560
- C:\Windows\System\ypxGTTN.exe
  C:\Windows\System\ypxGTTN.exe
  2⤵
  PID:10584
- C:\Windows\System\leZfonG.exe
  C:\Windows\System\leZfonG.exe
  2⤵
  PID:10632
- C:\Windows\System\SJTBsMF.exe
  C:\Windows\System\SJTBsMF.exe
  2⤵
  PID:10652
- C:\Windows\System\DOEABvQ.exe
  C:\Windows\System\DOEABvQ.exe
  2⤵
  PID:10684
- C:\Windows\System\GXKBfLU.exe
  C:\Windows\System\GXKBfLU.exe
  2⤵
  PID:10700
- C:\Windows\System\hAeqNIs.exe
  C:\Windows\System\hAeqNIs.exe
  2⤵
  PID:10716
- C:\Windows\System\ByJfwan.exe
  C:\Windows\System\ByJfwan.exe
  2⤵
  PID:10740
- C:\Windows\System\RXDnSYZ.exe
  C:\Windows\System\RXDnSYZ.exe
  2⤵
  PID:10764
- C:\Windows\System\NaBIgKD.exe
  C:\Windows\System\NaBIgKD.exe
  2⤵
  PID:10796
- C:\Windows\System\AcxwRAS.exe
  C:\Windows\System\AcxwRAS.exe
  2⤵
  PID:10836
- C:\Windows\System\eOvADjt.exe
  C:\Windows\System\eOvADjt.exe
  2⤵
  PID:10856
- C:\Windows\System\xVYzssC.exe
  C:\Windows\System\xVYzssC.exe
  2⤵
  PID:10936
- C:\Windows\System\jZtAPzu.exe
  C:\Windows\System\jZtAPzu.exe
  2⤵
  PID:10952
- C:\Windows\System\TXYvtwa.exe
  C:\Windows\System\TXYvtwa.exe
  2⤵
  PID:10972
- C:\Windows\System\VjLFmef.exe
  C:\Windows\System\VjLFmef.exe
  2⤵
  PID:11000
- C:\Windows\System\hwCKnXV.exe
  C:\Windows\System\hwCKnXV.exe
  2⤵
  PID:11028
- C:\Windows\System\QeOsgkk.exe
  C:\Windows\System\QeOsgkk.exe
  2⤵
  PID:11052
- C:\Windows\System\xNsVCxD.exe
  C:\Windows\System\xNsVCxD.exe
  2⤵
  PID:11072
- C:\Windows\System\xANYpIA.exe
  C:\Windows\System\xANYpIA.exe
  2⤵
  PID:11092
- C:\Windows\System\XjCPjrc.exe
  C:\Windows\System\XjCPjrc.exe
  2⤵
  PID:11112
- C:\Windows\System\lJJSLJf.exe
  C:\Windows\System\lJJSLJf.exe
  2⤵
  PID:11140
- C:\Windows\System\ViYcUar.exe
  C:\Windows\System\ViYcUar.exe
  2⤵
  PID:11192
- C:\Windows\System\RyXTRyj.exe
  C:\Windows\System\RyXTRyj.exe
  2⤵
  PID:11232
- C:\Windows\System\gvwTIRX.exe
  C:\Windows\System\gvwTIRX.exe
  2⤵
  PID:11256
- C:\Windows\System\KCPdRWT.exe
  C:\Windows\System\KCPdRWT.exe
  2⤵
  PID:10236
- C:\Windows\System\CfLBIZN.exe
  C:\Windows\System\CfLBIZN.exe
  2⤵
  PID:10076
- C:\Windows\System\EgECQtS.exe
  C:\Windows\System\EgECQtS.exe
  2⤵
  PID:9576
- C:\Windows\System\tZVIXMv.exe
  C:\Windows\System\tZVIXMv.exe
  2⤵
  PID:10280
- C:\Windows\System\PMJbyWM.exe
  C:\Windows\System\PMJbyWM.exe
  2⤵
  PID:10320
- C:\Windows\System\qbJJAOK.exe
  C:\Windows\System\qbJJAOK.exe
  2⤵
  PID:10464
- C:\Windows\System\tSeDisY.exe
  C:\Windows\System\tSeDisY.exe
  2⤵
  PID:10436
- C:\Windows\System\tdslyxh.exe
  C:\Windows\System\tdslyxh.exe
  2⤵
  PID:10504
- C:\Windows\System\VfJQvjb.exe
  C:\Windows\System\VfJQvjb.exe
  2⤵
  PID:10596
- C:\Windows\System\DQJjLMa.exe
  C:\Windows\System\DQJjLMa.exe
  2⤵
  PID:10616
- C:\Windows\System\gpUYbNr.exe
  C:\Windows\System\gpUYbNr.exe
  2⤵
  PID:10752
- C:\Windows\System\JQyljFe.exe
  C:\Windows\System\JQyljFe.exe
  2⤵
  PID:10760
- C:\Windows\System\ipWYPNo.exe
  C:\Windows\System\ipWYPNo.exe
  2⤵
  PID:10852
- C:\Windows\System\EOkhJGU.exe
  C:\Windows\System\EOkhJGU.exe
  2⤵
  PID:10884
- C:\Windows\System\sdQERwv.exe
  C:\Windows\System\sdQERwv.exe
  2⤵
  PID:10932
- C:\Windows\System\BQlTPkk.exe
  C:\Windows\System\BQlTPkk.exe
  2⤵
  PID:11024
- C:\Windows\System\bpWCIJo.exe
  C:\Windows\System\bpWCIJo.exe
  2⤵
  PID:2304
- C:\Windows\System\eQmVNBO.exe
  C:\Windows\System\eQmVNBO.exe
  2⤵
  PID:9716
- C:\Windows\System\tqhsvgt.exe
  C:\Windows\System\tqhsvgt.exe
  2⤵
  PID:8600
- C:\Windows\System\wYeqdhQ.exe
  C:\Windows\System\wYeqdhQ.exe
  2⤵
  PID:10496
- C:\Windows\System\KCNvqoK.exe
  C:\Windows\System\KCNvqoK.exe
  2⤵
  PID:10576
- C:\Windows\System\nzaKWWY.exe
  C:\Windows\System\nzaKWWY.exe
  2⤵
  PID:10676
- C:\Windows\System\eGnQzuH.exe
  C:\Windows\System\eGnQzuH.exe
  2⤵
  PID:10824
- C:\Windows\System\djiXwJf.exe
  C:\Windows\System\djiXwJf.exe
  2⤵
  PID:10876
- C:\Windows\System\NaFuMpj.exe
  C:\Windows\System\NaFuMpj.exe
  2⤵
  PID:11088
- C:\Windows\System\IuOsNlI.exe
  C:\Windows\System\IuOsNlI.exe
  2⤵
  PID:10212
- C:\Windows\System\GKcaiLZ.exe
  C:\Windows\System\GKcaiLZ.exe
  2⤵
  PID:10388
- C:\Windows\System\snJpsrM.exe
  C:\Windows\System\snJpsrM.exe
  2⤵
  PID:10692
- C:\Windows\System\UtYYioA.exe
  C:\Windows\System\UtYYioA.exe
  2⤵
  PID:10244
- C:\Windows\System\EDCbZZa.exe
  C:\Windows\System\EDCbZZa.exe
  2⤵
  PID:11048
- C:\Windows\System\sVoamTo.exe
  C:\Windows\System\sVoamTo.exe
  2⤵
  PID:11276
- C:\Windows\System\aGXKjhk.exe
  C:\Windows\System\aGXKjhk.exe
  2⤵
  PID:11292
- C:\Windows\System\fPNdwDA.exe
  C:\Windows\System\fPNdwDA.exe
  2⤵
  PID:11312
- C:\Windows\System\VSwQSxg.exe
  C:\Windows\System\VSwQSxg.exe
  2⤵
  PID:11340
- C:\Windows\System\eJxIMWL.exe
  C:\Windows\System\eJxIMWL.exe
  2⤵
  PID:11356
- C:\Windows\System\kktKURP.exe
  C:\Windows\System\kktKURP.exe
  2⤵
  PID:11376
- C:\Windows\System\uRMDZrS.exe
  C:\Windows\System\uRMDZrS.exe
  2⤵
  PID:11396
- C:\Windows\System\ervyBQV.exe
  C:\Windows\System\ervyBQV.exe
  2⤵
  PID:11444
- C:\Windows\System\iCDLPEA.exe
  C:\Windows\System\iCDLPEA.exe
  2⤵
  PID:11492
- C:\Windows\System\tejGfvd.exe
  C:\Windows\System\tejGfvd.exe
  2⤵
  PID:11512
- C:\Windows\System\sCoxFeE.exe
  C:\Windows\System\sCoxFeE.exe
  2⤵
  PID:11536
- C:\Windows\System\GrYMJWK.exe
  C:\Windows\System\GrYMJWK.exe
  2⤵
  PID:11564
- C:\Windows\System\esXbqbf.exe
  C:\Windows\System\esXbqbf.exe
  2⤵
  PID:11624
- C:\Windows\System\zAOTVLq.exe
  C:\Windows\System\zAOTVLq.exe
  2⤵
  PID:11644
- C:\Windows\System\KbtGbLy.exe
  C:\Windows\System\KbtGbLy.exe
  2⤵
  PID:11668
- C:\Windows\System\WlxqiSJ.exe
  C:\Windows\System\WlxqiSJ.exe
  2⤵
  PID:11684
- C:\Windows\System\OCeZVTr.exe
  C:\Windows\System\OCeZVTr.exe
  2⤵
  PID:11708
- C:\Windows\System\xhtZUqR.exe
  C:\Windows\System\xhtZUqR.exe
  2⤵
  PID:11724
- C:\Windows\System\JmNwLJR.exe
  C:\Windows\System\JmNwLJR.exe
  2⤵
  PID:11768
- C:\Windows\System\fFxCVKh.exe
  C:\Windows\System\fFxCVKh.exe
  2⤵
  PID:11812
- C:\Windows\System\aQkchRz.exe
  C:\Windows\System\aQkchRz.exe
  2⤵
  PID:11836
- C:\Windows\System\IWUGLCR.exe
  C:\Windows\System\IWUGLCR.exe
  2⤵
  PID:11856
- C:\Windows\System\hEtOfkz.exe
  C:\Windows\System\hEtOfkz.exe
  2⤵
  PID:11884
- C:\Windows\System\hSZLvjP.exe
  C:\Windows\System\hSZLvjP.exe
  2⤵
  PID:11912
- C:\Windows\System\mugCPFi.exe
  C:\Windows\System\mugCPFi.exe
  2⤵
  PID:11936
- C:\Windows\System\dTVfhGF.exe
  C:\Windows\System\dTVfhGF.exe
  2⤵
  PID:11956
- C:\Windows\System\SkHKtMu.exe
  C:\Windows\System\SkHKtMu.exe
  2⤵
  PID:11976
- C:\Windows\System\wjxUnUt.exe
  C:\Windows\System\wjxUnUt.exe
  2⤵
  PID:12000
- C:\Windows\System\zpeHGpE.exe
  C:\Windows\System\zpeHGpE.exe
  2⤵
  PID:12020
- C:\Windows\System\LnwOwBS.exe
  C:\Windows\System\LnwOwBS.exe
  2⤵
  PID:12052
- C:\Windows\System\drlGYYK.exe
  C:\Windows\System\drlGYYK.exe
  2⤵
  PID:12092
- C:\Windows\System\RXhBVdC.exe
  C:\Windows\System\RXhBVdC.exe
  2⤵
  PID:12120
- C:\Windows\System\EzeDYjS.exe
  C:\Windows\System\EzeDYjS.exe
  2⤵
  PID:12136
- C:\Windows\System\MexXPFz.exe
  C:\Windows\System\MexXPFz.exe
  2⤵
  PID:12152
- C:\Windows\System\exnOBue.exe
  C:\Windows\System\exnOBue.exe
  2⤵
  PID:12180
- C:\Windows\System\SEQolOC.exe
  C:\Windows\System\SEQolOC.exe
  2⤵
  PID:12200
- C:\Windows\System\oXllsCE.exe
  C:\Windows\System\oXllsCE.exe
  2⤵
  PID:12220
- C:\Windows\System\JVuoINa.exe
  C:\Windows\System\JVuoINa.exe
  2⤵
  PID:12240
- C:\Windows\System\XpaNAhX.exe
  C:\Windows\System\XpaNAhX.exe
  2⤵
  PID:10644
- C:\Windows\System\KYQuACp.exe
  C:\Windows\System\KYQuACp.exe
  2⤵
  PID:11368
- C:\Windows\System\UpvHxhE.exe
  C:\Windows\System\UpvHxhE.exe
  2⤵
  PID:11436
- C:\Windows\System\uVsSCra.exe
  C:\Windows\System\uVsSCra.exe
  2⤵
  PID:11508
- C:\Windows\System\USklupb.exe
  C:\Windows\System\USklupb.exe
  2⤵
  PID:11548
- C:\Windows\System\bRFYkUx.exe
  C:\Windows\System\bRFYkUx.exe
  2⤵
  PID:11616
- C:\Windows\System\KXlJxon.exe
  C:\Windows\System\KXlJxon.exe
  2⤵
  PID:11640
- C:\Windows\System\wxxYjhS.exe
  C:\Windows\System\wxxYjhS.exe
  2⤵
  PID:11720
- C:\Windows\System\NKAysrF.exe
  C:\Windows\System\NKAysrF.exe
  2⤵
  PID:11784
- C:\Windows\System\FcWpjVo.exe
  C:\Windows\System\FcWpjVo.exe
  2⤵
  PID:11832
- C:\Windows\System\IdeWBSL.exe
  C:\Windows\System\IdeWBSL.exe
  2⤵
  PID:11896
- C:\Windows\System\QGokgOJ.exe
  C:\Windows\System\QGokgOJ.exe
  2⤵
  PID:11952
- C:\Windows\System\Olvynwl.exe
  C:\Windows\System\Olvynwl.exe
  2⤵
  PID:11928
- C:\Windows\System\uXZlzim.exe
  C:\Windows\System\uXZlzim.exe
  2⤵
  PID:12048
- C:\Windows\System\UQkVeae.exe
  C:\Windows\System\UQkVeae.exe
  2⤵
  PID:3120
- C:\Windows\System\waWeiyn.exe
  C:\Windows\System\waWeiyn.exe
  2⤵
  PID:12232
- C:\Windows\System\CAmBcRV.exe
  C:\Windows\System\CAmBcRV.exe
  2⤵
  PID:12260
- C:\Windows\System\GFfWTFa.exe
  C:\Windows\System\GFfWTFa.exe
  2⤵
  PID:11408
- C:\Windows\System\pevLOsH.exe
  C:\Windows\System\pevLOsH.exe
  2⤵
  PID:11504
- C:\Windows\System\hjQSvBu.exe
  C:\Windows\System\hjQSvBu.exe
  2⤵
  PID:11700
- C:\Windows\System\UmJDrrS.exe
  C:\Windows\System\UmJDrrS.exe
  2⤵
  PID:11764
- C:\Windows\System\qLALuBg.exe
  C:\Windows\System\qLALuBg.exe
  2⤵
  PID:12012
- C:\Windows\System\CetbWnr.exe
  C:\Windows\System\CetbWnr.exe
  2⤵
  PID:11288
- C:\Windows\System\jDAAxds.exe
  C:\Windows\System\jDAAxds.exe
  2⤵
  PID:12268
- C:\Windows\System\kUKFhFK.exe
  C:\Windows\System\kUKFhFK.exe
  2⤵
  PID:11388
- C:\Windows\System\YAxAOOY.exe
  C:\Windows\System\YAxAOOY.exe
  2⤵
  PID:11620
- C:\Windows\System\yqITVty.exe
  C:\Windows\System\yqITVty.exe
  2⤵
  PID:12256
- C:\Windows\System\kvQpIha.exe
  C:\Windows\System\kvQpIha.exe
  2⤵
  PID:11904
- C:\Windows\System\SKWhMrd.exe
  C:\Windows\System\SKWhMrd.exe
  2⤵
  PID:12212
- C:\Windows\System\qssddsB.exe
  C:\Windows\System\qssddsB.exe
  2⤵
  PID:12312
- C:\Windows\System\ulhNAoR.exe
  C:\Windows\System\ulhNAoR.exe
  2⤵
  PID:12328
- C:\Windows\System\Vyypjpc.exe
  C:\Windows\System\Vyypjpc.exe
  2⤵
  PID:12348
- C:\Windows\System\kxuxqsX.exe
  C:\Windows\System\kxuxqsX.exe
  2⤵
  PID:12376
- C:\Windows\System\vjNOwcl.exe
  C:\Windows\System\vjNOwcl.exe
  2⤵
  PID:12408
- C:\Windows\System\iCzAsYg.exe
  C:\Windows\System\iCzAsYg.exe
  2⤵
  PID:12432
- C:\Windows\System\KXKQDbU.exe
  C:\Windows\System\KXKQDbU.exe
  2⤵
  PID:12452
- C:\Windows\System\AOZUmLE.exe
  C:\Windows\System\AOZUmLE.exe
  2⤵
  PID:12492
- C:\Windows\System\gMhwXHD.exe
  C:\Windows\System\gMhwXHD.exe
  2⤵
  PID:12516
- C:\Windows\System\yUswuiA.exe
  C:\Windows\System\yUswuiA.exe
  2⤵
  PID:12540
- C:\Windows\System\kUTpRgN.exe
  C:\Windows\System\kUTpRgN.exe
  2⤵
  PID:12560
- C:\Windows\System\RJyVphX.exe
  C:\Windows\System\RJyVphX.exe
  2⤵
  PID:12576
- C:\Windows\System\LLNfIjk.exe
  C:\Windows\System\LLNfIjk.exe
  2⤵
  PID:12712
- C:\Windows\System\hhpqpux.exe
  C:\Windows\System\hhpqpux.exe
  2⤵
  PID:12728
- C:\Windows\System\lBsssvU.exe
  C:\Windows\System\lBsssvU.exe
  2⤵
  PID:12744
- C:\Windows\System\WyMrOgQ.exe
  C:\Windows\System\WyMrOgQ.exe
  2⤵
  PID:12760
- C:\Windows\System\LhLPsOJ.exe
  C:\Windows\System\LhLPsOJ.exe
  2⤵
  PID:12776
- C:\Windows\System\lmuaBlv.exe
  C:\Windows\System\lmuaBlv.exe
  2⤵
  PID:12816
- C:\Windows\System\YVgUmik.exe
  C:\Windows\System\YVgUmik.exe
  2⤵
  PID:12832
- C:\Windows\System\AEOCwtj.exe
  C:\Windows\System\AEOCwtj.exe
  2⤵
  PID:12912
- C:\Windows\System\uKEmuNT.exe
  C:\Windows\System\uKEmuNT.exe
  2⤵
  PID:12936
- C:\Windows\System\awvkwua.exe
  C:\Windows\System\awvkwua.exe
  2⤵
  PID:12988
- C:\Windows\System\xIafxDv.exe
  C:\Windows\System\xIafxDv.exe
  2⤵
  PID:13008
- C:\Windows\System\BufBWwh.exe
  C:\Windows\System\BufBWwh.exe
  2⤵
  PID:13024
- C:\Windows\System\RkAknwQ.exe
  C:\Windows\System\RkAknwQ.exe
  2⤵
  PID:13068
- C:\Windows\System\JMJMAIf.exe
  C:\Windows\System\JMJMAIf.exe
  2⤵
  PID:13092
- C:\Windows\System\RmchsLk.exe
  C:\Windows\System\RmchsLk.exe
  2⤵
  PID:13112
- C:\Windows\System\puFhHbf.exe
  C:\Windows\System\puFhHbf.exe
  2⤵
  PID:13132
- C:\Windows\System\osXAmMs.exe
  C:\Windows\System\osXAmMs.exe
  2⤵
  PID:13156
- C:\Windows\System\RcbUTZW.exe
  C:\Windows\System\RcbUTZW.exe
  2⤵
  PID:13172
- C:\Windows\System\VCExLJd.exe
  C:\Windows\System\VCExLJd.exe
  2⤵
  PID:13212
- C:\Windows\System\rLRDFuZ.exe
  C:\Windows\System\rLRDFuZ.exe
  2⤵
  PID:13268
- C:\Windows\System\vznDuAT.exe
  C:\Windows\System\vznDuAT.exe
  2⤵
  PID:13292
- C:\Windows\System\kTzPpqF.exe
  C:\Windows\System\kTzPpqF.exe
  2⤵
  PID:11676
- C:\Windows\System\fIiBVfn.exe
  C:\Windows\System\fIiBVfn.exe
  2⤵
  PID:12324
- C:\Windows\System\ELxyfWZ.exe
  C:\Windows\System\ELxyfWZ.exe
  2⤵
  PID:12404
- C:\Windows\System\lfDpmZW.exe
  C:\Windows\System\lfDpmZW.exe
  2⤵
  PID:12488
- C:\Windows\System\tezygkF.exe
  C:\Windows\System\tezygkF.exe
  2⤵
  PID:12532
- C:\Windows\System\LvoBjMR.exe
  C:\Windows\System\LvoBjMR.exe
  2⤵
  PID:12568
- C:\Windows\System\BzwClIT.exe
  C:\Windows\System\BzwClIT.exe
  2⤵
  PID:12636
- C:\Windows\System\VxIkhxE.exe
  C:\Windows\System\VxIkhxE.exe
  2⤵
  PID:12656
- C:\Windows\System\kVaUIql.exe
  C:\Windows\System\kVaUIql.exe
  2⤵
  PID:12708
- C:\Windows\System\YFrCKfv.exe
  C:\Windows\System\YFrCKfv.exe
  2⤵
  PID:12768
- C:\Windows\System\QgDmuXl.exe
  C:\Windows\System\QgDmuXl.exe
  2⤵
  PID:12792
- C:\Windows\System\RrwfSUb.exe
  C:\Windows\System\RrwfSUb.exe
  2⤵
  PID:12872
- C:\Windows\System\psqDBKf.exe
  C:\Windows\System\psqDBKf.exe
  2⤵
  PID:12976
- C:\Windows\System\KgXSTbp.exe
  C:\Windows\System\KgXSTbp.exe
  2⤵
  PID:13076
- C:\Windows\System\qYjRVkP.exe
  C:\Windows\System\qYjRVkP.exe
  2⤵
  PID:13088
- C:\Windows\System\ncfArkm.exe
  C:\Windows\System\ncfArkm.exe
  2⤵
  PID:13100
- C:\Windows\System\zjBojEa.exe
  C:\Windows\System\zjBojEa.exe
  2⤵
  PID:13148
- C:\Windows\System\pYVHjAm.exe
  C:\Windows\System\pYVHjAm.exe
  2⤵
  PID:13204
- C:\Windows\System\uezMgVu.exe
  C:\Windows\System\uezMgVu.exe
  2⤵
  PID:13288
- C:\Windows\System\ujOXJnv.exe
  C:\Windows\System\ujOXJnv.exe
  2⤵
  PID:12608
- C:\Windows\System\VGJjZfT.exe
  C:\Windows\System\VGJjZfT.exe
  2⤵
  PID:12724
- C:\Windows\System\FpCWTMQ.exe
  C:\Windows\System\FpCWTMQ.exe
  2⤵
  PID:12652
- C:\Windows\System\oVNEGnN.exe
  C:\Windows\System\oVNEGnN.exe
  2⤵
  PID:13000
- C:\Windows\System\mgwDSZp.exe
  C:\Windows\System\mgwDSZp.exe
  2⤵
  PID:12904
- C:\Windows\System\BfULQCv.exe
  C:\Windows\System\BfULQCv.exe
  2⤵
  PID:13244
- C:\Windows\System\UCSQxYh.exe
  C:\Windows\System\UCSQxYh.exe
  2⤵
  PID:12400
- C:\Windows\System\sfRoQKb.exe
  C:\Windows\System\sfRoQKb.exe
  2⤵
  PID:12756
- C:\Windows\System\XHFcNTO.exe
  C:\Windows\System\XHFcNTO.exe
  2⤵
  PID:12956
- C:\Windows\System\KFWAQHE.exe
  C:\Windows\System\KFWAQHE.exe
  2⤵
  PID:12468
- C:\Windows\System\iijefhl.exe
  C:\Windows\System\iijefhl.exe
  2⤵
  PID:13064
- C:\Windows\System\yApqcoe.exe
  C:\Windows\System\yApqcoe.exe
  2⤵
  PID:13328
- C:\Windows\System\BVmGIBe.exe
  C:\Windows\System\BVmGIBe.exe
  2⤵
  PID:13352
- C:\Windows\System\aBVfyqB.exe
  C:\Windows\System\aBVfyqB.exe
  2⤵
  PID:13376
- C:\Windows\System\LjNHitg.exe
  C:\Windows\System\LjNHitg.exe
  2⤵
  PID:13392
- C:\Windows\System\GtZJoRV.exe
  C:\Windows\System\GtZJoRV.exe
  2⤵
  PID:13412
- C:\Windows\System\wQlAFiU.exe
  C:\Windows\System\wQlAFiU.exe
  2⤵
  PID:13444
- C:\Windows\System\AZjqlpC.exe
  C:\Windows\System\AZjqlpC.exe
  2⤵
  PID:13484
- C:\Windows\System\DSgIReL.exe
  C:\Windows\System\DSgIReL.exe
  2⤵
  PID:13512
- C:\Windows\System\NNtTCMw.exe
  C:\Windows\System\NNtTCMw.exe
  2⤵
  PID:13532
- C:\Windows\System\NTdFsss.exe
  C:\Windows\System\NTdFsss.exe
  2⤵
  PID:13552
- C:\Windows\System\pmWWYUc.exe
  C:\Windows\System\pmWWYUc.exe
  2⤵
  PID:13612
- C:\Windows\System\jUCLErU.exe
  C:\Windows\System\jUCLErU.exe
  2⤵
  PID:13644
- C:\Windows\System\swjFYQv.exe
  C:\Windows\System\swjFYQv.exe
  2⤵
  PID:13668
- C:\Windows\System\rXFGkUS.exe
  C:\Windows\System\rXFGkUS.exe
  2⤵
  PID:13704
- C:\Windows\System\hArcJSH.exe
  C:\Windows\System\hArcJSH.exe
  2⤵
  PID:13732
- C:\Windows\System\JiIOdIW.exe
  C:\Windows\System\JiIOdIW.exe
  2⤵
  PID:13748
- C:\Windows\System\ZlVjoVQ.exe
  C:\Windows\System\ZlVjoVQ.exe
  2⤵
  PID:13788
- C:\Windows\System\JUcoSmO.exe
  C:\Windows\System\JUcoSmO.exe
  2⤵
  PID:13812
- C:\Windows\System\HGsGuBy.exe
  C:\Windows\System\HGsGuBy.exe
  2⤵
  PID:13836
- C:\Windows\System\mQCjxfI.exe
  C:\Windows\System\mQCjxfI.exe
  2⤵
  PID:13856
- C:\Windows\System\qmUFeoV.exe
  C:\Windows\System\qmUFeoV.exe
  2⤵
  PID:13876
- C:\Windows\System\IwGOzKm.exe
  C:\Windows\System\IwGOzKm.exe
  2⤵
  PID:13908
- C:\Windows\System\mNdVxDC.exe
  C:\Windows\System\mNdVxDC.exe
  2⤵
  PID:13928
- C:\Windows\System\hKHwqkl.exe
  C:\Windows\System\hKHwqkl.exe
  2⤵
  PID:13976
- C:\Windows\System\evqkPud.exe
  C:\Windows\System\evqkPud.exe
  2⤵
  PID:14000
- C:\Windows\System\YIhbrtU.exe
  C:\Windows\System\YIhbrtU.exe
  2⤵
  PID:14040
- C:\Windows\System\ubrHhbQ.exe
  C:\Windows\System\ubrHhbQ.exe
  2⤵
  PID:14064
- C:\Windows\System\UZTNoXA.exe
  C:\Windows\System\UZTNoXA.exe
  2⤵
  PID:14080
- C:\Windows\System\pKeRcNH.exe
  C:\Windows\System\pKeRcNH.exe
  2⤵
  PID:14096
- C:\Windows\System\cLpBiGl.exe
  C:\Windows\System\cLpBiGl.exe
  2⤵
  PID:14120
- C:\Windows\System\AzexKEy.exe
  C:\Windows\System\AzexKEy.exe
  2⤵
  PID:14156
- C:\Windows\System\wTSahlG.exe
  C:\Windows\System\wTSahlG.exe
  2⤵
  PID:14196
- C:\Windows\System\PVaXoAZ.exe
  C:\Windows\System\PVaXoAZ.exe
  2⤵
  PID:14248
- C:\Windows\System\iChCujd.exe
  C:\Windows\System\iChCujd.exe
  2⤵
  PID:14296
- C:\Windows\System\XICCbFR.exe
  C:\Windows\System\XICCbFR.exe
  2⤵
  PID:14320
- C:\Windows\System\irlJdew.exe
  C:\Windows\System\irlJdew.exe
  2⤵
  PID:12676
- C:\Windows\System\EXntMuJ.exe
  C:\Windows\System\EXntMuJ.exe
  2⤵
  PID:13336
- C:\Windows\System\AKveJLa.exe
  C:\Windows\System\AKveJLa.exe
  2⤵
  PID:13384
- C:\Windows\System\LjmiSAf.exe
  C:\Windows\System\LjmiSAf.exe
  2⤵
  PID:13372
- C:\Windows\System\MDZXyIi.exe
  C:\Windows\System\MDZXyIi.exe
  2⤵
  PID:13456
- C:\Windows\System\zgcbTsM.exe
  C:\Windows\System\zgcbTsM.exe
  2⤵
  PID:13624
- C:\Windows\System\QIhdCEI.exe
  C:\Windows\System\QIhdCEI.exe
  2⤵
  PID:13716
- C:\Windows\System\ppMCAci.exe
  C:\Windows\System\ppMCAci.exe
  2⤵
  PID:13696
- C:\Windows\System\pQUIhiQ.exe
  C:\Windows\System\pQUIhiQ.exe
  2⤵
  PID:6052
- C:\Windows\System\ncOAuXg.exe
  C:\Windows\System\ncOAuXg.exe
  2⤵
  PID:13828
- C:\Windows\System\NbSQbGQ.exe
  C:\Windows\System\NbSQbGQ.exe
  2⤵
  PID:13804
- C:\Windows\System\AemdJeP.exe
  C:\Windows\System\AemdJeP.exe
  2⤵
  PID:13888
- C:\Windows\System\QLjXrCs.exe
  C:\Windows\System\QLjXrCs.exe
  2⤵
  PID:13972
- C:\Windows\System\kbyVHRl.exe
  C:\Windows\System\kbyVHRl.exe
  2⤵
  PID:14016
- C:\Windows\System\ZtbfsDf.exe
  C:\Windows\System\ZtbfsDf.exe
  2⤵
  PID:14104
- C:\Windows\System\urpNNOQ.exe
  C:\Windows\System\urpNNOQ.exe
  2⤵
  PID:14152
- C:\Windows\System\rECkPHy.exe
  C:\Windows\System\rECkPHy.exe
  2⤵
  PID:14240
- C:\Windows\System\KmVBWwO.exe
  C:\Windows\System\KmVBWwO.exe
  2⤵
  PID:14308
- C:\Windows\System\IbZTZUb.exe
  C:\Windows\System\IbZTZUb.exe
  2⤵
  PID:13492
- C:\Windows\System\GJDPnLI.exe
  C:\Windows\System\GJDPnLI.exe
  2⤵
  PID:13652
- C:\Windows\System\ozmNBaZ.exe
  C:\Windows\System\ozmNBaZ.exe
  2⤵
  PID:4896
- C:\Windows\System\hHjJkrJ.exe
  C:\Windows\System\hHjJkrJ.exe
  2⤵
  PID:13768
- C:\Windows\System\gQrCpDT.exe
  C:\Windows\System\gQrCpDT.exe
  2⤵
  PID:14036
- C:\Windows\System\kFLqfsS.exe
  C:\Windows\System\kFLqfsS.exe
  2⤵
  PID:13320
- C:\Windows\System\OQCHdcH.exe
  C:\Windows\System\OQCHdcH.exe
  2⤵
  PID:13476
- C:\Windows\System\QYEOWxS.exe
  C:\Windows\System\QYEOWxS.exe
  2⤵
  PID:13744
- C:\Windows\System\WaGOBKu.exe
  C:\Windows\System\WaGOBKu.exe
  2⤵
  PID:14356
- C:\Windows\System\HgzpLDu.exe
  C:\Windows\System\HgzpLDu.exe
  2⤵
  PID:14388
- C:\Windows\System\AWKRIQQ.exe
  C:\Windows\System\AWKRIQQ.exe
  2⤵
  PID:14412
- C:\Windows\System\cBIbTul.exe
  C:\Windows\System\cBIbTul.exe
  2⤵
  PID:14440
- C:\Windows\System\hKbkmio.exe
  C:\Windows\System\hKbkmio.exe
  2⤵
  PID:14468
- C:\Windows\System\JzyYNnc.exe
  C:\Windows\System\JzyYNnc.exe
  2⤵
  PID:14492

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BInylPq.exe

Filesize
1.3MB

MD5
3702e5bc1403295e39a8a99ccbe41ce8

SHA1
cc539332f83eeeb652c0b56c5d50000e368a3e2e

SHA256
faeff98dcceb52226054a06df57ac1abca44500c53ccfab2985683d308e1d060

SHA512
ca373d61d210d3c57a128c8f9f7b8136a72435dc8b9c0d43d15e64d6625cd726bfdbb133d1ced1ed33556979e5ce72ab52725180e9d9ad05e579a3b6f26ed37f

Download Submit
C:\Windows\System\IWOctAY.exe

Filesize
1.3MB

MD5
26621b12c4d8cc4d50ee94eba39a2006

SHA1
67597debc8f34c20c1ed7bc17a7f232a8198c5d6

SHA256
338c198e1dcb883d6cf9562ed68fd5c173a33a51c154b2335d04a2d7e7be989c

SHA512
5558bf9f372c6abe2a2e2d368af18b1aae5f206246d1544a28d5ab0fa3aaf9d45807ee11481e5fcbdaf8510bee41101007dfc8268b3dc027de1784a6766f208f

Download Submit
C:\Windows\System\KVMwDBa.exe

Filesize
1.3MB

MD5
4a3caac2d4483ebfef65b303a3b20a65

SHA1
34dd673ff2127ffa3beaf71d138e09242c94e1fa

SHA256
a892bd64591afb15140213dddec9f24d90ca7f2aeb87c085869968735c18f589

SHA512
cb97f5a2a34e0928684f37f979c133d3a3f4fb93af22b8bca2633406758ff15bd1cf962cf449b4c49dea1b8c2d1a1e2cc59e7e58afe2ac02d5fd7546e066a8e5

Download Submit
C:\Windows\System\MDtXSCz.exe

Filesize
1.3MB

MD5
14239fcd556894544475f29766bcd789

SHA1
798cc51ed904f63c9e2e15aba55e4fafc6029399

SHA256
e28991a004ff370777664e3842c432a3bcedc8c202933b12c552979c4d63c03e

SHA512
4108e4895372cf2734c46aaf36b56c61c5a78c1dfbfa013852ac582afa134bc5e734f868b54b35716be2f2ed42711435b059bbaad544edeb857f640360d37711

Download Submit
C:\Windows\System\MEHcqWu.exe

Filesize
1.3MB

MD5
ace42d350d23f1bca90f1b4134662514

SHA1
0c43af5ebd7b41c6ecafa73434a2257e6f69190e

SHA256
e534a7bb6d83cb896b88c2dbae7aa823c27d4da5d77a9405764635f530959d52

SHA512
1d386af7b36435646970ef45794e50c047f2793a9fa547dc2e914d3536e5d1fb1a225a9b69f9c2f47d11349dbec030723916fc0b1435c871e703cd226d66f86b

Download Submit
C:\Windows\System\PKIaflC.exe

Filesize
1.3MB

MD5
bc08f7404e3b1faed1510d83927b41ce

SHA1
b4cdc7a42b24011e66c1bb9ab843b5a619969c93

SHA256
111e73ca1a97a76c5126d689eb663897dea06946284044e4be455b5891fc0096

SHA512
a80699f9c20bb1552e55e4e9ce88d0af94af1608b09d7cd045b5dc2f0081b0adde1305d9579c8d1a59e9eae8efa1056bee059f3c0b12399f2ca97b85c18d9ec9

Download Submit
C:\Windows\System\QKUgtSA.exe

Filesize
1.3MB

MD5
c0e2061cd9989da4ee95ee33e8aa7c81

SHA1
c2e39636227230a28f23f5b037e1f0836cb1f68d

SHA256
7ea150533d9312b3b4111e6189d993e93d9013e7be0263e4c09a596f5c3daa85

SHA512
2e47db5926c53f44a73d81ac42403a9298745ffe55c598a8b0570b421bcbea5a81f1cf1a24ce0f9be0684afa024471e3ccf65502b8de2c62762d3e121720e7d4

Download Submit
C:\Windows\System\QLrAvle.exe

Filesize
1.3MB

MD5
9f7fc2de62f11c3db1ac59b67110b2ba

SHA1
7cdcbade061b1759b9126d305e8a41cc805c9a60

SHA256
d463eba36f3de8078bdd38d65ad373298a926f1fa092500ad319195a2b575ae9

SHA512
ca3af9c5b354d30afd6a21f3221d80aa227c7ca47ffb8ce622a32a19ab94a188fd0377aa94efab06371a85f6a9f861560b8166b5e73ae6b491d51cb393f2ce49

Download Submit
C:\Windows\System\ScwEkZp.exe

Filesize
1.3MB

MD5
7510378a2739e504fe4ecdb856f58df5

SHA1
15b92da7d560fa12693c5fc6755d89111873fe12

SHA256
a808e5b015ea4c9eea80b6c7a3ad663495371110633f4fb0420a066f173aec70

SHA512
3efaa0d53e57639fb9d6aaa3e51cc78c2008abc3e3e18499792ea5092262c750063db0dff969d625ba9adb987eeb86d1f61fb92fd126ed16b6223f0205fd5a3a

Download Submit
C:\Windows\System\UGYHGPY.exe

Filesize
1.3MB

MD5
46f9dd451fbaa91dc28f16db608c5551

SHA1
56228ad38aa0d3ea3214c271e2e14d284c1ff99b

SHA256
89f8770a34f24c8d28d70d36930f556f0e38bc20656734d8d98699672563c428

SHA512
46db471131aba4e3f4a60531066175400a2964511005a9507626029e07daad6f3114ce377675f68961874cf804181896b12d3080e0ce6acd42eaa294c54bc473

Download Submit
C:\Windows\System\XwSdkDf.exe

Filesize
1.3MB

MD5
0f898ab08f68737c59b2005818595aa8

SHA1
5dfd67eb207e19677db48f9cd60c61bcc64868ee

SHA256
087591eaace77dc6e4b0932adcd6eea2e65fcf62f82154d08b92feeb3cce9ce5

SHA512
6e12e13f909904e7bd1cd368769214560bf2072be84567a4c7860dcad12ad9d0a1fb57403955539a80eca4832440a96fb848e9b5598f767d0c136546e0562282

Download Submit
C:\Windows\System\YDEjtgV.exe

Filesize
1.3MB

MD5
07f65c25ce3e0047ee05f7c9088124a6

SHA1
ea6cf973efa7c79728c1f09f5cd0fdf25b61719b

SHA256
6b72f8778efa6d22525e617d98e4df9830694107d604f874b8896dd6ef40e04e

SHA512
6b81553e5d4e7d98908c1d3032d9bc3319333f6a9dce20f5a548f907a72e04af44c35f80d61992f417cd0bbd1ce19b787721a35d123fd86f755be717562a80d0

Download Submit
C:\Windows\System\YUWZgrY.exe

Filesize
1.3MB

MD5
b072aa02f67289c90587a9b083e34405

SHA1
67d77ab6f563dd0cd804a963f3d383a739cdf83a

SHA256
01706754f1dff28a2c449c0c1f71b3249c9cb94d45101bbd4af7a34db2410b63

SHA512
dd451723dde47b280d90ce226f6f7005a80fe96b31c4aa212c0ef99ab2e7826a8fc9bb4fec7dd7428c80a8d28df097a2675ae77af2d491ffcc165b4b4b537eef

Download Submit
C:\Windows\System\ZOFoukN.exe

Filesize
1.3MB

MD5
f621ffd48556580ab03564537d389292

SHA1
6f6efaa554aa9ad34c7478092ccca21b417f32ae

SHA256
4fbf07f51f5a9c0cfb82a31f4733d27d4f6fb7b59bcecb6dc9544eb1563f4577

SHA512
51ae760e87d72c79752f71a1c2b81e60648ea72d5c97179eb493b1d2240bccfae251635f0326e46bbaee2cd8faa0a9cdda1aecb784d5ee605b18681e261bfa9b

Download Submit
C:\Windows\System\ZUpGIIf.exe

Filesize
1.3MB

MD5
2e93801906ed6465ad9bc0334eb60ecc

SHA1
8056a1f0b3dd51fb8396506c5ee5924f1ac31f0e

SHA256
7237edbb4a09f72f3d095fdccedbd1bd031e4b5905d39c1d68b78d00282367ca

SHA512
62473578284e170c5cbc0eec94e187871c828b637d798c29f5637cc2b570138935222ead2b72da305db27c7b11b997c64befe7da5249be7b3197990b0f0e0d56

Download Submit
C:\Windows\System\bmbYHtW.exe

Filesize
1.3MB

MD5
7e2b6a3587e909fe49ca17ac0aef591f

SHA1
e1381d0048ac9d43755268c1877a475221fbc70e

SHA256
2145d27f6270d89d6ff31b9d0ce0bb9828fc0ee48d9696490f7a9a0dc90e83fc

SHA512
8a59ba5c5a7cf7171bc85ed85f5cc919e29210fd62975f0bcf21875a194a576d0fd803c326c67edd3f02a8c7ea3ddcc17b2367777ab795622aacca4546a59dc9

Download Submit
C:\Windows\System\dpcPbSb.exe

Filesize
1.3MB

MD5
066c31ed8b2ea000f2f430fbce4c8889

SHA1
3d71a324f70af1ea130ab0e49b1fbe5a69a4ba7b

SHA256
35046d69b7389dc9c5d467c058e6f10ce50d1f36a85ec935f1a50400fad3de08

SHA512
466040af5c439f2196865a58c04c126c8663138110d371de6afd2f48e48146adb788410048186a0bd5b559e9edd1c45edafab4b2e00a4d1a09c6e4627772a6a7

Download Submit
C:\Windows\System\eCjzuWS.exe

Filesize
1.3MB

MD5
8fd02becf89de34e5542130f54e6ab1c

SHA1
2975d7c53618a253165334867d168805b6b3ad68

SHA256
d0d74b07324a4e3c2e56a77c2efc52bfe84db0c69b2bf7addfc8c08e85ce8d00

SHA512
06f62d2907c1f27fc1c357e55189a347a47a33254407991777dd852aa83fd67de7fa869524f3a312d9eecc30e38092f577066093e9baf42bc69add113e63b6d3

Download Submit
C:\Windows\System\iGJNROr.exe

Filesize
1.3MB

MD5
6cf143e89d89d4455913aaed7bb89755

SHA1
0cf254e8e812cbabe3f6fff0097979e1111aec87

SHA256
c0aafc45f91f03e17d4d2f2d1fb12749c031deb80018160374aa6d1301599f14

SHA512
92338c36c0d37d4452e84061f3c9fa14628e71dc740a2be309db4102ae87aa9ba5a2119d0db0b67842e3a7a8a8c122ec75cbaf693d1ef1b504dc37ddb4be9f18

Download Submit
C:\Windows\System\jAKRBdT.exe

Filesize
1.3MB

MD5
77846beab373ffe514aa65b80687c201

SHA1
7a3c560f7a9bafd3bf93ea5f49fda8645962dba8

SHA256
e1986495bab2d12c97ae29758c3b0c968e5a6600e64dbafbfe8dd3271109c50b

SHA512
3ff378e83e72ddc577b2f3252af79c11ca1723e99d61ca9b9093dbac4aad7bef8020c47f46edb59409092235e8d599b701d230e0558f41ffe581ae6e44bee74d

Download Submit
C:\Windows\System\lEgmLIs.exe

Filesize
1.3MB

MD5
faca8d890ee0cbf778882e1d42819edc

SHA1
1ce751bd1f2302cb619d5b2cd5d482e202c71131

SHA256
9746930e35c9a543bc20e3eec80386eb5e8474df05c1dba97eefe7a8cbc62eea

SHA512
b01eadc6505e7e46d8d4047f200d9fdedc9c7b86a61a3b6b341388cbb17cd82280d073f8fffb55662dddb150e335e8a1c68e84ceae11c51b858e35bc52a40c03

Download Submit
C:\Windows\System\lkgtTdc.exe

Filesize
1.3MB

MD5
9b7378f4a88e472e1a84b87ee5d8b9d7

SHA1
05f7c4b9945b1319e7edf30fe2a9d81c9df826b3

SHA256
7b406f1ba55e01e68b68e04cd2760b186475c98bfd213f0f53d410ce8b6a2029

SHA512
15500c908b4a2a4bd3d86fcf565bc3875568e20922fd5060a702455d3b820188407f6f72acab24813e44cfe426dd521f4097b2c324c7d3aad76facfc6bc701d7

Download Submit
C:\Windows\System\mzcbOMv.exe

Filesize
1.3MB

MD5
b708887fd1d9ce1d60c7c855e365b323

SHA1
b1b84db31d5df11001997679ff8782cae0c5acff

SHA256
28d038e52c0373f28ffa2841b2f18d2c58c52ff974a916f01af91b9241e39fa5

SHA512
355acde45e5568703ebee0a6e9ed399e58f5f34e2d3f4c039bcb51597bbd7ee7993ea27938723512a65fe8e39cbd8f18b63512ad9ca04b85a6ad06e21051866a

Download Submit
C:\Windows\System\nriLauQ.exe

Filesize
1.3MB

MD5
11af047bc68ad3e135bf5a038c4cb07d

SHA1
b3e80940ca9fa3e81544f0ea30b95e33dc0c9792

SHA256
31361d3711e74ecf5484843c3629abdf38e718f101526d74b71a46acda594951

SHA512
f3ab55784ac62277c7f94c4a30b8e4d5a3712677ac25475b96e33bca3c593d54e6a486e83195c417fb5ace9d17033f08bc5bf668c380f8f8b4140638485038c6

Download Submit
C:\Windows\System\obRbrfp.exe

Filesize
1.3MB

MD5
256464a6b8ca4b60c41f304e391cdcc6

SHA1
df3aa9608b069e22a984d53849e7d9f7f023f2c2

SHA256
45de917578244202d301a53a4fc64c4f77482a83e9140d726e35f9537d127618

SHA512
0b692d3778b99220f9d5d7853189a6c43fe72f922ee1f3e50c55c833febb80437d85df4d3abe88cf99ec4a80bec365b51ff51f2b9dda8de6c996ea2dd2bd38a4

Download Submit
C:\Windows\System\pWsgMeJ.exe

Filesize
1.3MB

MD5
05ebcfc93624a0878b17d05cd8e18833

SHA1
b7d0261a5c8694c0ddbacd6e1ce54a764ec1268c

SHA256
04b0cb2b02d8ec80991db8ac485493f69d26c15c164154b441a827a2334efb2f

SHA512
a6a035815dcfce84a8bf41d00674e4fd94c0efa6272c21cd8d9fb62cc3d6a3f9cf3bd0b1b2f98d6407a8e98f3a4668499411964ee8853ee49bba419d435df97a

Download Submit
C:\Windows\System\qcmNbTt.exe

Filesize
1.3MB

MD5
04fffad0f6d4ba2abad787f8f42c59b5

SHA1
c75563b0a0516304f5eab041bf5624f27f582e84

SHA256
ef779dc7f40b0fcba4550dfc33d369a61bc9c6f679b31281098cedbd037f07e6

SHA512
009f7777924d950bfe400bee4daf828070b06adcd043f2e3179b7ed585314c004ff1de4b0ecbae3dc87667388904ec858660072fa7a1eb7130b6f9a3e9415dc5

Download Submit
C:\Windows\System\rzPzvvv.exe

Filesize
1.3MB

MD5
9c0da37e1ce9aa8f790bb4c82dfaae09

SHA1
8f57352bdabcbeaff6c49c4a3cf38290ac4a8d0f

SHA256
5a40938cc6bf08a45aa51267e750c538030b7ebd6b0d15113cd9856780d77943

SHA512
d1bc641cd0a2b02e768f799de38b5f7a6d172c502ff433a38c77b03952d323f129ca096aba1277ea45c2173d11f03779d6429de793a3b573773fc7f991be7ad5

Download Submit
C:\Windows\System\ubwApNk.exe

Filesize
1.3MB

MD5
04c4e7a5d9dc86fbe4cdfb7f0e2af8fd

SHA1
57168172e25439486db4a6093892c4f2a77ffa0d

SHA256
8d11638b450a032a981c25b2c93002c5045f2ee65dbf51e427d0a743e1c79549

SHA512
d7136f7b5cdbd9e9437e8bcf555a3038c664f12a601fb76c791fb953ac56cce579b6e49edfe0ec1f4593cbfdd32fe4021c9d311dc6db094f3b5af07da313f37e

Download Submit
C:\Windows\System\uyCFzui.exe

Filesize
1.3MB

MD5
4df995b3da0b1a9f342d0d4f57ad996a

SHA1
2cfcfb3a34411e261d142848467f2de5411d9129

SHA256
eff1782149fac00d36aeace6de29638e10ad683bd83150696e290212db7acdac

SHA512
e996d062adfeb21aa33ad04536d877ccca98073b22ba4c8d2ab420623b041d29a54d34a92b9abf2ff50740f49a3756d4d7989d0e8ede8cb02b38a61229dd30c3

Download Submit
C:\Windows\System\vHhDwQm.exe

Filesize
1.3MB

MD5
8fca48683d0c6360f3b6b25ca40ddc65

SHA1
bcacd791d5610c631332bc52d776e6e45bc61853

SHA256
ead08740b23903e4092620ad9da03c5c71b5372eceab4d52abcd85945e3a50fa

SHA512
4029018f68edcc936b9565fa0b234db72aacf2ea680de6abe518e8ad969dfce216d502d3589207fe780d7c5d4e60b046fc09f9630b561110330a5cd8b0107990

Download Submit
C:\Windows\System\zPXglQf.exe

Filesize
1.3MB

MD5
5696fcd74906c48cfa49dd893c7772a7

SHA1
6635934c10fb062b4c5f444c0050639eb11178cc

SHA256
9d98e28c554f9fedf7dde2f155874b87783a629737e7e1eae9eb7899151abac1

SHA512
d3fbcc82c5c418c4ec89e244384126cff7310ec0104dcbc3aff852e6bf8543cb9d5c152b9534ed54a5b83e9daa3db751e034cc4c2d5c03d67b1637f757de790d

Download Submit
C:\Windows\System\zSNFfHl.exe

Filesize
1.3MB

MD5
736ee7a930896d8fce168f231fe8c48d

SHA1
36dc5152af0a803c97b6d86b90331d4a024f07df

SHA256
40c67c92ec7a6fd9771c173ff04ef23c2c01cb4049b11872539982c5d1c25829

SHA512
cd02f00cc923a67c7677b96301e8f7653c91bd33bbb3d6bd6ccf9f025207e5b7bcde7d7faa46c1611d6303713003d447b64f70d38022df2950dc687a7fc1ec9f

Download Submit
C:\Windows\System\zXuGYpy.exe

Filesize
1.3MB

MD5
bea0f8768620988f40c61b3f24ea1ac3

SHA1
edbda78ae3a1be0748ef02b047dd59abb637e6ed

SHA256
52b0db9d96b6c7bed833e8134769539c587a5c7ee8e99e69b51bc60565f43c60

SHA512
3b960ec778cbad9d850f821b29bd21c1d10c0984d3e4685f7ebf55eb8f0fdf56b57b8ab85add29019fa181a43a14c4d0f83dc2629025858c81652841edb95e64

Download Submit
memory/396-2329-0x00007FF72A1D0000-0x00007FF72A521000-memory.dmp

Filesize
3.3MB

Download
memory/396-178-0x00007FF72A1D0000-0x00007FF72A521000-memory.dmp

Filesize
3.3MB

Download
memory/396-2218-0x00007FF72A1D0000-0x00007FF72A521000-memory.dmp

Filesize
3.3MB

Download
memory/532-35-0x00007FF74A590000-0x00007FF74A8E1000-memory.dmp

Filesize
3.3MB

Download
memory/532-2241-0x00007FF74A590000-0x00007FF74A8E1000-memory.dmp

Filesize
3.3MB

Download
memory/532-2177-0x00007FF74A590000-0x00007FF74A8E1000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2255-0x00007FF6EFFD0000-0x00007FF6F0321000-memory.dmp

Filesize
3.3MB

Download
memory/1064-130-0x00007FF6EFFD0000-0x00007FF6F0321000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2261-0x00007FF697840000-0x00007FF697B91000-memory.dmp

Filesize
3.3MB

Download
memory/1232-132-0x00007FF697840000-0x00007FF697B91000-memory.dmp

Filesize
3.3MB

Download
memory/1380-94-0x00007FF6B7010000-0x00007FF6B7361000-memory.dmp

Filesize
3.3MB

Download
memory/1380-2179-0x00007FF6B7010000-0x00007FF6B7361000-memory.dmp

Filesize
3.3MB

Download
memory/1380-2251-0x00007FF6B7010000-0x00007FF6B7361000-memory.dmp

Filesize
3.3MB

Download
memory/1896-133-0x00007FF65B6D0000-0x00007FF65BA21000-memory.dmp

Filesize
3.3MB

Download
memory/1896-2259-0x00007FF65B6D0000-0x00007FF65BA21000-memory.dmp

Filesize
3.3MB

Download
memory/1900-2249-0x00007FF753CD0000-0x00007FF754021000-memory.dmp

Filesize
3.3MB

Download
memory/1900-131-0x00007FF753CD0000-0x00007FF754021000-memory.dmp

Filesize
3.3MB

Download
memory/1952-200-0x00007FF60C240000-0x00007FF60C591000-memory.dmp

Filesize
3.3MB

Download
memory/1952-2335-0x00007FF60C240000-0x00007FF60C591000-memory.dmp

Filesize
3.3MB

Download
memory/1984-83-0x00007FF7974E0000-0x00007FF797831000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2243-0x00007FF7974E0000-0x00007FF797831000-memory.dmp

Filesize
3.3MB

Download
memory/2024-147-0x00007FF698C00000-0x00007FF698F51000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2206-0x00007FF698C00000-0x00007FF698F51000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2325-0x00007FF698C00000-0x00007FF698F51000-memory.dmp

Filesize
3.3MB

Download
memory/2044-124-0x00007FF790190000-0x00007FF7904E1000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2257-0x00007FF790190000-0x00007FF7904E1000-memory.dmp

Filesize
3.3MB

Download
memory/2376-119-0x00007FF610520000-0x00007FF610871000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2263-0x00007FF610520000-0x00007FF610871000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1768-0x00007FF754180000-0x00007FF7544D1000-memory.dmp

Filesize
3.3MB

Download
memory/2556-14-0x00007FF754180000-0x00007FF7544D1000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2234-0x00007FF754180000-0x00007FF7544D1000-memory.dmp

Filesize
3.3MB

Download
memory/3136-134-0x00007FF7A2970000-0x00007FF7A2CC1000-memory.dmp

Filesize
3.3MB

Download
memory/3136-2271-0x00007FF7A2970000-0x00007FF7A2CC1000-memory.dmp

Filesize
3.3MB

Download
memory/3168-179-0x00007FF7C20C0000-0x00007FF7C2411000-memory.dmp

Filesize
3.3MB

Download
memory/3168-1-0x000001DDFEAD0000-0x000001DDFEAE0000-memory.dmp

Filesize
64KB

Download
memory/3168-0-0x00007FF7C20C0000-0x00007FF7C2411000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2207-0x00007FF6C6A20000-0x00007FF6C6D71000-memory.dmp

Filesize
3.3MB

Download
memory/3512-158-0x00007FF6C6A20000-0x00007FF6C6D71000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2321-0x00007FF6C6A20000-0x00007FF6C6D71000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2182-0x00007FF74E990000-0x00007FF74ECE1000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2273-0x00007FF74E990000-0x00007FF74ECE1000-memory.dmp

Filesize
3.3MB

Download
memory/3884-125-0x00007FF74E990000-0x00007FF74ECE1000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2231-0x00007FF65A7E0000-0x00007FF65AB31000-memory.dmp

Filesize
3.3MB

Download
memory/3928-10-0x00007FF65A7E0000-0x00007FF65AB31000-memory.dmp

Filesize
3.3MB

Download
memory/3928-206-0x00007FF65A7E0000-0x00007FF65AB31000-memory.dmp

Filesize
3.3MB

Download
memory/4088-58-0x00007FF7826E0000-0x00007FF782A31000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2239-0x00007FF7826E0000-0x00007FF782A31000-memory.dmp

Filesize
3.3MB

Download
memory/4208-24-0x00007FF743940000-0x00007FF743C91000-memory.dmp

Filesize
3.3MB

Download
memory/4208-2237-0x00007FF743940000-0x00007FF743C91000-memory.dmp

Filesize
3.3MB

Download
memory/4216-156-0x00007FF7BB6C0000-0x00007FF7BBA11000-memory.dmp

Filesize
3.3MB

Download
memory/4216-2319-0x00007FF7BB6C0000-0x00007FF7BBA11000-memory.dmp

Filesize
3.3MB

Download
memory/4220-109-0x00007FF6688B0000-0x00007FF668C01000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2265-0x00007FF6688B0000-0x00007FF668C01000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2181-0x00007FF6688B0000-0x00007FF668C01000-memory.dmp

Filesize
3.3MB

Download
memory/4272-22-0x00007FF6D1540000-0x00007FF6D1891000-memory.dmp

Filesize
3.3MB

Download
memory/4272-2236-0x00007FF6D1540000-0x00007FF6D1891000-memory.dmp

Filesize
3.3MB

Download
memory/4276-77-0x00007FF76A4C0000-0x00007FF76A811000-memory.dmp

Filesize
3.3MB

Download
memory/4276-2247-0x00007FF76A4C0000-0x00007FF76A811000-memory.dmp

Filesize
3.3MB

Download
memory/4436-118-0x00007FF69E0D0000-0x00007FF69E421000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2269-0x00007FF69E0D0000-0x00007FF69E421000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2253-0x00007FF733E60000-0x00007FF7341B1000-memory.dmp

Filesize
3.3MB

Download
memory/4572-96-0x00007FF733E60000-0x00007FF7341B1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-2217-0x00007FF789E80000-0x00007FF78A1D1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-161-0x00007FF789E80000-0x00007FF78A1D1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-2323-0x00007FF789E80000-0x00007FF78A1D1000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2245-0x00007FF6A9C60000-0x00007FF6A9FB1000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2178-0x00007FF6A9C60000-0x00007FF6A9FB1000-memory.dmp

Filesize
3.3MB

Download
memory/4976-56-0x00007FF6A9C60000-0x00007FF6A9FB1000-memory.dmp

Filesize
3.3MB

Download
memory/5124-2228-0x00007FF6E67D0000-0x00007FF6E6B21000-memory.dmp

Filesize
3.3MB

Download
memory/5124-2327-0x00007FF6E67D0000-0x00007FF6E6B21000-memory.dmp

Filesize
3.3MB

Download
memory/5124-199-0x00007FF6E67D0000-0x00007FF6E6B21000-memory.dmp

Filesize
3.3MB

Download
memory/5228-2180-0x00007FF7DC710000-0x00007FF7DCA61000-memory.dmp

Filesize
3.3MB

Download
memory/5228-2267-0x00007FF7DC710000-0x00007FF7DCA61000-memory.dmp

Filesize
3.3MB

Download
memory/5228-103-0x00007FF7DC710000-0x00007FF7DCA61000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads