xmrig | 301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82

Analysis

max time kernel
144s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
Size

2.3MB
MD5

b1379b66fd5dc7d73f2eb942b2044df0
SHA1

10bcdbd4da72c03e92ac874e8c952f3049d99149
SHA256

301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82
SHA512

041e5123d5a4d2f8e306d8693a2e2baccfbc4b2f36be2a281e777edc26847ab9351df65fc6c550c570041d2ffe106d89b6084ea64423ac2523338a5d00ae438f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+A4VBqxGLI9ePh:BemTLkNdfE0pZrV

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3200-0-0x00007FF68B000000-0x00007FF68B354000-memory.dmp	xmrig
behavioral2/files/0x00060000000233cd-5.dat	xmrig
behavioral2/files/0x0008000000023581-11.dat	xmrig
behavioral2/memory/2896-10-0x00007FF615450000-0x00007FF6157A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023585-17.dat	xmrig
behavioral2/files/0x000700000002358a-38.dat	xmrig
behavioral2/files/0x000700000002358c-47.dat	xmrig
behavioral2/files/0x000700000002358e-57.dat	xmrig
behavioral2/files/0x000700000002358f-66.dat	xmrig
behavioral2/files/0x0007000000023591-75.dat	xmrig
behavioral2/files/0x0007000000023598-111.dat	xmrig
behavioral2/files/0x000700000002359c-125.dat	xmrig
behavioral2/files/0x000700000002359e-141.dat	xmrig
behavioral2/files/0x00070000000235a2-161.dat	xmrig
behavioral2/memory/4544-643-0x00007FF78DA10000-0x00007FF78DD64000-memory.dmp	xmrig
behavioral2/memory/3208-644-0x00007FF787DE0000-0x00007FF788134000-memory.dmp	xmrig
behavioral2/memory/4120-645-0x00007FF6DFF10000-0x00007FF6E0264000-memory.dmp	xmrig
behavioral2/memory/624-646-0x00007FF70CBC0000-0x00007FF70CF14000-memory.dmp	xmrig
behavioral2/memory/1296-647-0x00007FF7404E0000-0x00007FF740834000-memory.dmp	xmrig
behavioral2/memory/376-648-0x00007FF69AE30000-0x00007FF69B184000-memory.dmp	xmrig
behavioral2/memory/1764-650-0x00007FF7E7610000-0x00007FF7E7964000-memory.dmp	xmrig
behavioral2/memory/2920-653-0x00007FF770880000-0x00007FF770BD4000-memory.dmp	xmrig
behavioral2/memory/868-654-0x00007FF6B3700000-0x00007FF6B3A54000-memory.dmp	xmrig
behavioral2/memory/1936-655-0x00007FF67DFC0000-0x00007FF67E314000-memory.dmp	xmrig
behavioral2/memory/1436-652-0x00007FF6482F0000-0x00007FF648644000-memory.dmp	xmrig
behavioral2/memory/2280-651-0x00007FF64FE60000-0x00007FF6501B4000-memory.dmp	xmrig
behavioral2/memory/2480-649-0x00007FF6DC9C0000-0x00007FF6DCD14000-memory.dmp	xmrig
behavioral2/files/0x00070000000235a3-165.dat	xmrig
behavioral2/files/0x00070000000235a1-156.dat	xmrig
behavioral2/files/0x00070000000235a0-151.dat	xmrig
behavioral2/files/0x000700000002359f-145.dat	xmrig
behavioral2/files/0x000700000002359d-136.dat	xmrig
behavioral2/files/0x000700000002359b-126.dat	xmrig
behavioral2/files/0x000700000002359a-121.dat	xmrig
behavioral2/files/0x0007000000023599-115.dat	xmrig
behavioral2/files/0x0007000000023597-106.dat	xmrig
behavioral2/files/0x0007000000023596-101.dat	xmrig
behavioral2/files/0x0007000000023595-95.dat	xmrig
behavioral2/files/0x0007000000023594-91.dat	xmrig
behavioral2/files/0x0007000000023593-86.dat	xmrig
behavioral2/files/0x0007000000023592-81.dat	xmrig
behavioral2/files/0x0007000000023590-71.dat	xmrig
behavioral2/files/0x000700000002358d-55.dat	xmrig
behavioral2/files/0x000700000002358b-45.dat	xmrig
behavioral2/files/0x0007000000023589-33.dat	xmrig
behavioral2/files/0x0007000000023587-27.dat	xmrig
behavioral2/files/0x0007000000023586-23.dat	xmrig
behavioral2/memory/1060-18-0x00007FF6F4530000-0x00007FF6F4884000-memory.dmp	xmrig
behavioral2/memory/4036-12-0x00007FF737D50000-0x00007FF7380A4000-memory.dmp	xmrig
behavioral2/memory/3712-656-0x00007FF713E70000-0x00007FF7141C4000-memory.dmp	xmrig
behavioral2/memory/2248-657-0x00007FF7F4BA0000-0x00007FF7F4EF4000-memory.dmp	xmrig
behavioral2/memory/2756-659-0x00007FF7A1140000-0x00007FF7A1494000-memory.dmp	xmrig
behavioral2/memory/3864-658-0x00007FF6FDD00000-0x00007FF6FE054000-memory.dmp	xmrig
behavioral2/memory/1688-660-0x00007FF76C290000-0x00007FF76C5E4000-memory.dmp	xmrig
behavioral2/memory/3812-670-0x00007FF7DF170000-0x00007FF7DF4C4000-memory.dmp	xmrig
behavioral2/memory/2676-668-0x00007FF617D10000-0x00007FF618064000-memory.dmp	xmrig
behavioral2/memory/4228-661-0x00007FF6DBE10000-0x00007FF6DC164000-memory.dmp	xmrig
behavioral2/memory/696-680-0x00007FF6BBA10000-0x00007FF6BBD64000-memory.dmp	xmrig
behavioral2/memory/932-689-0x00007FF6D6660000-0x00007FF6D69B4000-memory.dmp	xmrig
behavioral2/memory/2604-687-0x00007FF7F6980000-0x00007FF7F6CD4000-memory.dmp	xmrig
behavioral2/memory/1056-677-0x00007FF7AB270000-0x00007FF7AB5C4000-memory.dmp	xmrig
behavioral2/memory/5016-676-0x00007FF710260000-0x00007FF7105B4000-memory.dmp	xmrig
behavioral2/memory/3200-2122-0x00007FF68B000000-0x00007FF68B354000-memory.dmp	xmrig
behavioral2/memory/4036-2123-0x00007FF737D50000-0x00007FF7380A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2896	XsAefll.exe
4036	rFCNGzm.exe
1060	ABdjGcY.exe
4544	WmPNMsN.exe
3208	HtDweVP.exe
4120	DdDPLxv.exe
624	vvYWrRW.exe
1296	ImwzfHu.exe
376	sjLDdws.exe
2480	vwfMkzF.exe
1764	YroeHPy.exe
2280	BdvESjE.exe
1436	VjxxQlm.exe
2920	kXHgzDG.exe
868	rueJMTF.exe
1936	WQFjoxH.exe
3712	cXPFAOZ.exe
2248	nsEvHiZ.exe
3864	HHIoNrZ.exe
2756	SraArAm.exe
1688	KgBSQfE.exe
4228	vspIGtD.exe
2676	ClsPrzt.exe
3812	goRAzgW.exe
5016	sSpitQe.exe
1056	eXmRlqh.exe
696	YfUfCgI.exe
2604	rJliRGu.exe
932	erIRGjy.exe
3996	liNpEOR.exe
1624	LAWcutp.exe
1944	yhqVYiZ.exe
2304	oRuXvly.exe
1072	tKmdjWS.exe
1940	nznUunK.exe
5064	gLgOyaG.exe
3944	CVIOSWU.exe
3532	suhbFcD.exe
3412	lwkhvbO.exe
5076	MpomfyN.exe
4408	UFSScrH.exe
2656	EgNaGim.exe
2552	xzdoMBi.exe
4796	cLGBVFw.exe
2636	BCEfDCQ.exe
1272	vrCMwbz.exe
4316	VHBsFyF.exe
4304	AkxMJcq.exe
3476	UQGnIWa.exe
2688	iQUWlOU.exe
1004	HJkagvi.exe
2420	cNerBPZ.exe
4360	NlqZYmk.exe
2992	nJItchf.exe
2488	Dpiikjd.exe
4912	ogirYTh.exe
3772	BULjrsk.exe
644	yHHPHZE.exe
2764	XUcdfeW.exe
1504	AHHwPok.exe
1580	BaTLyYj.exe
4904	nocJNUL.exe
4952	EtuJHcd.exe
2168	wDuOePj.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3200-0-0x00007FF68B000000-0x00007FF68B354000-memory.dmp	upx
behavioral2/files/0x00060000000233cd-5.dat	upx
behavioral2/files/0x0008000000023581-11.dat	upx
behavioral2/memory/2896-10-0x00007FF615450000-0x00007FF6157A4000-memory.dmp	upx
behavioral2/files/0x0007000000023585-17.dat	upx
behavioral2/files/0x000700000002358a-38.dat	upx
behavioral2/files/0x000700000002358c-47.dat	upx
behavioral2/files/0x000700000002358e-57.dat	upx
behavioral2/files/0x000700000002358f-66.dat	upx
behavioral2/files/0x0007000000023591-75.dat	upx
behavioral2/files/0x0007000000023598-111.dat	upx
behavioral2/files/0x000700000002359c-125.dat	upx
behavioral2/files/0x000700000002359e-141.dat	upx
behavioral2/files/0x00070000000235a2-161.dat	upx
behavioral2/memory/4544-643-0x00007FF78DA10000-0x00007FF78DD64000-memory.dmp	upx
behavioral2/memory/3208-644-0x00007FF787DE0000-0x00007FF788134000-memory.dmp	upx
behavioral2/memory/4120-645-0x00007FF6DFF10000-0x00007FF6E0264000-memory.dmp	upx
behavioral2/memory/624-646-0x00007FF70CBC0000-0x00007FF70CF14000-memory.dmp	upx
behavioral2/memory/1296-647-0x00007FF7404E0000-0x00007FF740834000-memory.dmp	upx
behavioral2/memory/376-648-0x00007FF69AE30000-0x00007FF69B184000-memory.dmp	upx
behavioral2/memory/1764-650-0x00007FF7E7610000-0x00007FF7E7964000-memory.dmp	upx
behavioral2/memory/2920-653-0x00007FF770880000-0x00007FF770BD4000-memory.dmp	upx
behavioral2/memory/868-654-0x00007FF6B3700000-0x00007FF6B3A54000-memory.dmp	upx
behavioral2/memory/1936-655-0x00007FF67DFC0000-0x00007FF67E314000-memory.dmp	upx
behavioral2/memory/1436-652-0x00007FF6482F0000-0x00007FF648644000-memory.dmp	upx
behavioral2/memory/2280-651-0x00007FF64FE60000-0x00007FF6501B4000-memory.dmp	upx
behavioral2/memory/2480-649-0x00007FF6DC9C0000-0x00007FF6DCD14000-memory.dmp	upx
behavioral2/files/0x00070000000235a3-165.dat	upx
behavioral2/files/0x00070000000235a1-156.dat	upx
behavioral2/files/0x00070000000235a0-151.dat	upx
behavioral2/files/0x000700000002359f-145.dat	upx
behavioral2/files/0x000700000002359d-136.dat	upx
behavioral2/files/0x000700000002359b-126.dat	upx
behavioral2/files/0x000700000002359a-121.dat	upx
behavioral2/files/0x0007000000023599-115.dat	upx
behavioral2/files/0x0007000000023597-106.dat	upx
behavioral2/files/0x0007000000023596-101.dat	upx
behavioral2/files/0x0007000000023595-95.dat	upx
behavioral2/files/0x0007000000023594-91.dat	upx
behavioral2/files/0x0007000000023593-86.dat	upx
behavioral2/files/0x0007000000023592-81.dat	upx
behavioral2/files/0x0007000000023590-71.dat	upx
behavioral2/files/0x000700000002358d-55.dat	upx
behavioral2/files/0x000700000002358b-45.dat	upx
behavioral2/files/0x0007000000023589-33.dat	upx
behavioral2/files/0x0007000000023587-27.dat	upx
behavioral2/files/0x0007000000023586-23.dat	upx
behavioral2/memory/1060-18-0x00007FF6F4530000-0x00007FF6F4884000-memory.dmp	upx
behavioral2/memory/4036-12-0x00007FF737D50000-0x00007FF7380A4000-memory.dmp	upx
behavioral2/memory/3712-656-0x00007FF713E70000-0x00007FF7141C4000-memory.dmp	upx
behavioral2/memory/2248-657-0x00007FF7F4BA0000-0x00007FF7F4EF4000-memory.dmp	upx
behavioral2/memory/2756-659-0x00007FF7A1140000-0x00007FF7A1494000-memory.dmp	upx
behavioral2/memory/3864-658-0x00007FF6FDD00000-0x00007FF6FE054000-memory.dmp	upx
behavioral2/memory/1688-660-0x00007FF76C290000-0x00007FF76C5E4000-memory.dmp	upx
behavioral2/memory/3812-670-0x00007FF7DF170000-0x00007FF7DF4C4000-memory.dmp	upx
behavioral2/memory/2676-668-0x00007FF617D10000-0x00007FF618064000-memory.dmp	upx
behavioral2/memory/4228-661-0x00007FF6DBE10000-0x00007FF6DC164000-memory.dmp	upx
behavioral2/memory/696-680-0x00007FF6BBA10000-0x00007FF6BBD64000-memory.dmp	upx
behavioral2/memory/932-689-0x00007FF6D6660000-0x00007FF6D69B4000-memory.dmp	upx
behavioral2/memory/2604-687-0x00007FF7F6980000-0x00007FF7F6CD4000-memory.dmp	upx
behavioral2/memory/1056-677-0x00007FF7AB270000-0x00007FF7AB5C4000-memory.dmp	upx
behavioral2/memory/5016-676-0x00007FF710260000-0x00007FF7105B4000-memory.dmp	upx
behavioral2/memory/3200-2122-0x00007FF68B000000-0x00007FF68B354000-memory.dmp	upx
behavioral2/memory/4036-2123-0x00007FF737D50000-0x00007FF7380A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PUFkTEf.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\HtDweVP.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\RiCgpub.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\SefWcfV.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\COyQqhA.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\RbKtJjT.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\gymmTTC.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\fDcBrly.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\vpVXUqJ.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\xjAvGYb.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\qxtHDrK.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\UFRmVdK.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\tuRtokN.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\gDVIOAN.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\zBvgFdH.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\uslbUqB.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\kjDCafE.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\erIRGjy.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\VHBsFyF.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\qmQoEAk.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\yTNIlXl.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\THekVQl.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\LpwIroy.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\BZhBEwN.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\jgxlouB.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\HibOPTq.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\NFIumIY.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\NVODZdn.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\CwaYiBG.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\PXrbjvz.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\fkGvnYf.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\bcAEiXW.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\DmdvZEu.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\dBXjkRm.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\SGjrhhq.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\kXHgzDG.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\cLGBVFw.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\prRBQYC.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\atiSxet.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\pifGyUU.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\evXUFOq.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\IQMbnLr.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\RUZJEYV.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\vISgKqD.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\eGUywbt.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\rdvfzjO.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\FtKfxie.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\WmPNMsN.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\AkuWhuI.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\OBSzwnK.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\EdRPKuW.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\DakuwyO.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\BNIDNZc.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\ZiZApSx.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\oEdkAGs.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\BaTLyYj.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\xkaOJCl.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\YAnYOgp.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\HClAKzB.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\TvoxPqe.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\uHLyZLQ.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\Rvyoyye.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\wFMaCuZ.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
File created	C:\Windows\System\lwkhvbO.exe	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15136	dwm.exe
Token: SeChangeNotifyPrivilege	15136	dwm.exe
Token: 33	15136	dwm.exe
Token: SeIncBasePriorityPrivilege	15136	dwm.exe
Token: SeShutdownPrivilege	15136	dwm.exe
Token: SeCreatePagefilePrivilege	15136	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 2896	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	84
PID 3200 wrote to memory of 2896	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	84
PID 3200 wrote to memory of 4036	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	85
PID 3200 wrote to memory of 4036	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	85
PID 3200 wrote to memory of 1060	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	86
PID 3200 wrote to memory of 1060	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	86
PID 3200 wrote to memory of 4544	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	87
PID 3200 wrote to memory of 4544	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	87
PID 3200 wrote to memory of 3208	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	88
PID 3200 wrote to memory of 3208	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	88
PID 3200 wrote to memory of 4120	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	89
PID 3200 wrote to memory of 4120	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	89
PID 3200 wrote to memory of 624	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	90
PID 3200 wrote to memory of 624	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	90
PID 3200 wrote to memory of 1296	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	91
PID 3200 wrote to memory of 1296	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	91
PID 3200 wrote to memory of 376	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	92
PID 3200 wrote to memory of 376	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	92
PID 3200 wrote to memory of 2480	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	93
PID 3200 wrote to memory of 2480	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	93
PID 3200 wrote to memory of 1764	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	94
PID 3200 wrote to memory of 1764	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	94
PID 3200 wrote to memory of 2280	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	95
PID 3200 wrote to memory of 2280	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	95
PID 3200 wrote to memory of 1436	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	96
PID 3200 wrote to memory of 1436	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	96
PID 3200 wrote to memory of 2920	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	97
PID 3200 wrote to memory of 2920	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	97
PID 3200 wrote to memory of 868	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	98
PID 3200 wrote to memory of 868	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	98
PID 3200 wrote to memory of 1936	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	99
PID 3200 wrote to memory of 1936	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	99
PID 3200 wrote to memory of 3712	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	100
PID 3200 wrote to memory of 3712	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	100
PID 3200 wrote to memory of 2248	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	101
PID 3200 wrote to memory of 2248	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	101
PID 3200 wrote to memory of 3864	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	102
PID 3200 wrote to memory of 3864	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	102
PID 3200 wrote to memory of 2756	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	103
PID 3200 wrote to memory of 2756	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	103
PID 3200 wrote to memory of 1688	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	104
PID 3200 wrote to memory of 1688	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	104
PID 3200 wrote to memory of 4228	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	105
PID 3200 wrote to memory of 4228	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	105
PID 3200 wrote to memory of 2676	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	106
PID 3200 wrote to memory of 2676	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	106
PID 3200 wrote to memory of 3812	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	107
PID 3200 wrote to memory of 3812	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	107
PID 3200 wrote to memory of 5016	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	108
PID 3200 wrote to memory of 5016	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	108
PID 3200 wrote to memory of 1056	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	109
PID 3200 wrote to memory of 1056	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	109
PID 3200 wrote to memory of 696	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	110
PID 3200 wrote to memory of 696	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	110
PID 3200 wrote to memory of 2604	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	111
PID 3200 wrote to memory of 2604	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	111
PID 3200 wrote to memory of 932	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	112
PID 3200 wrote to memory of 932	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	112
PID 3200 wrote to memory of 3996	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	113
PID 3200 wrote to memory of 3996	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	113
PID 3200 wrote to memory of 1624	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	114
PID 3200 wrote to memory of 1624	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	114
PID 3200 wrote to memory of 1944	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	115
PID 3200 wrote to memory of 1944	3200	301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe	115

C:\Users\Admin\AppData\Local\Temp\301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe
"C:\Users\Admin\AppData\Local\Temp\301d7c38a83f0e62dea1db6f78a644bc450f2ad8c2dab12397c6cbff17d05f82.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Windows\System\XsAefll.exe
  C:\Windows\System\XsAefll.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\rFCNGzm.exe
  C:\Windows\System\rFCNGzm.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\ABdjGcY.exe
  C:\Windows\System\ABdjGcY.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\WmPNMsN.exe
  C:\Windows\System\WmPNMsN.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\HtDweVP.exe
  C:\Windows\System\HtDweVP.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\DdDPLxv.exe
  C:\Windows\System\DdDPLxv.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\vvYWrRW.exe
  C:\Windows\System\vvYWrRW.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\ImwzfHu.exe
  C:\Windows\System\ImwzfHu.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\sjLDdws.exe
  C:\Windows\System\sjLDdws.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\vwfMkzF.exe
  C:\Windows\System\vwfMkzF.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\YroeHPy.exe
  C:\Windows\System\YroeHPy.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\BdvESjE.exe
  C:\Windows\System\BdvESjE.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\VjxxQlm.exe
  C:\Windows\System\VjxxQlm.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\kXHgzDG.exe
  C:\Windows\System\kXHgzDG.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\rueJMTF.exe
  C:\Windows\System\rueJMTF.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\WQFjoxH.exe
  C:\Windows\System\WQFjoxH.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\cXPFAOZ.exe
  C:\Windows\System\cXPFAOZ.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\nsEvHiZ.exe
  C:\Windows\System\nsEvHiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\HHIoNrZ.exe
  C:\Windows\System\HHIoNrZ.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\SraArAm.exe
  C:\Windows\System\SraArAm.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\KgBSQfE.exe
  C:\Windows\System\KgBSQfE.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\vspIGtD.exe
  C:\Windows\System\vspIGtD.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\ClsPrzt.exe
  C:\Windows\System\ClsPrzt.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\goRAzgW.exe
  C:\Windows\System\goRAzgW.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\sSpitQe.exe
  C:\Windows\System\sSpitQe.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\eXmRlqh.exe
  C:\Windows\System\eXmRlqh.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\YfUfCgI.exe
  C:\Windows\System\YfUfCgI.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\rJliRGu.exe
  C:\Windows\System\rJliRGu.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\erIRGjy.exe
  C:\Windows\System\erIRGjy.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\liNpEOR.exe
  C:\Windows\System\liNpEOR.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\LAWcutp.exe
  C:\Windows\System\LAWcutp.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\yhqVYiZ.exe
  C:\Windows\System\yhqVYiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\oRuXvly.exe
  C:\Windows\System\oRuXvly.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\tKmdjWS.exe
  C:\Windows\System\tKmdjWS.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\nznUunK.exe
  C:\Windows\System\nznUunK.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\gLgOyaG.exe
  C:\Windows\System\gLgOyaG.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\CVIOSWU.exe
  C:\Windows\System\CVIOSWU.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\suhbFcD.exe
  C:\Windows\System\suhbFcD.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\lwkhvbO.exe
  C:\Windows\System\lwkhvbO.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\MpomfyN.exe
  C:\Windows\System\MpomfyN.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\UFSScrH.exe
  C:\Windows\System\UFSScrH.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\EgNaGim.exe
  C:\Windows\System\EgNaGim.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\xzdoMBi.exe
  C:\Windows\System\xzdoMBi.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\cLGBVFw.exe
  C:\Windows\System\cLGBVFw.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\BCEfDCQ.exe
  C:\Windows\System\BCEfDCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\vrCMwbz.exe
  C:\Windows\System\vrCMwbz.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\VHBsFyF.exe
  C:\Windows\System\VHBsFyF.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\AkxMJcq.exe
  C:\Windows\System\AkxMJcq.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\UQGnIWa.exe
  C:\Windows\System\UQGnIWa.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\iQUWlOU.exe
  C:\Windows\System\iQUWlOU.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\HJkagvi.exe
  C:\Windows\System\HJkagvi.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\cNerBPZ.exe
  C:\Windows\System\cNerBPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\NlqZYmk.exe
  C:\Windows\System\NlqZYmk.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\nJItchf.exe
  C:\Windows\System\nJItchf.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\Dpiikjd.exe
  C:\Windows\System\Dpiikjd.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\ogirYTh.exe
  C:\Windows\System\ogirYTh.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\BULjrsk.exe
  C:\Windows\System\BULjrsk.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\yHHPHZE.exe
  C:\Windows\System\yHHPHZE.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\XUcdfeW.exe
  C:\Windows\System\XUcdfeW.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\AHHwPok.exe
  C:\Windows\System\AHHwPok.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\BaTLyYj.exe
  C:\Windows\System\BaTLyYj.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\nocJNUL.exe
  C:\Windows\System\nocJNUL.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\EtuJHcd.exe
  C:\Windows\System\EtuJHcd.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\wDuOePj.exe
  C:\Windows\System\wDuOePj.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\YijPxiM.exe
  C:\Windows\System\YijPxiM.exe
  2⤵
  PID:1928
- C:\Windows\System\pLTJfvl.exe
  C:\Windows\System\pLTJfvl.exe
  2⤵
  PID:4464
- C:\Windows\System\zxTOGLH.exe
  C:\Windows\System\zxTOGLH.exe
  2⤵
  PID:464
- C:\Windows\System\EkBxwdV.exe
  C:\Windows\System\EkBxwdV.exe
  2⤵
  PID:2320
- C:\Windows\System\RIunBDP.exe
  C:\Windows\System\RIunBDP.exe
  2⤵
  PID:4456
- C:\Windows\System\gzreAYf.exe
  C:\Windows\System\gzreAYf.exe
  2⤵
  PID:1968
- C:\Windows\System\EqHKcBv.exe
  C:\Windows\System\EqHKcBv.exe
  2⤵
  PID:2396
- C:\Windows\System\TcQzwQC.exe
  C:\Windows\System\TcQzwQC.exe
  2⤵
  PID:4984
- C:\Windows\System\sssSyMw.exe
  C:\Windows\System\sssSyMw.exe
  2⤵
  PID:2684
- C:\Windows\System\EuBthvf.exe
  C:\Windows\System\EuBthvf.exe
  2⤵
  PID:4940
- C:\Windows\System\WzPIzMU.exe
  C:\Windows\System\WzPIzMU.exe
  2⤵
  PID:2796
- C:\Windows\System\FUWZYKB.exe
  C:\Windows\System\FUWZYKB.exe
  2⤵
  PID:5140
- C:\Windows\System\tGcihAZ.exe
  C:\Windows\System\tGcihAZ.exe
  2⤵
  PID:5168
- C:\Windows\System\tgkdmlG.exe
  C:\Windows\System\tgkdmlG.exe
  2⤵
  PID:5196
- C:\Windows\System\ICdylxQ.exe
  C:\Windows\System\ICdylxQ.exe
  2⤵
  PID:5224
- C:\Windows\System\YePxXRW.exe
  C:\Windows\System\YePxXRW.exe
  2⤵
  PID:5252
- C:\Windows\System\FeiakYj.exe
  C:\Windows\System\FeiakYj.exe
  2⤵
  PID:5280
- C:\Windows\System\QQXIoNV.exe
  C:\Windows\System\QQXIoNV.exe
  2⤵
  PID:5304
- C:\Windows\System\vuzyPzW.exe
  C:\Windows\System\vuzyPzW.exe
  2⤵
  PID:5340
- C:\Windows\System\SZSHLly.exe
  C:\Windows\System\SZSHLly.exe
  2⤵
  PID:5364
- C:\Windows\System\GEOFOLo.exe
  C:\Windows\System\GEOFOLo.exe
  2⤵
  PID:5388
- C:\Windows\System\PwkHIHy.exe
  C:\Windows\System\PwkHIHy.exe
  2⤵
  PID:5416
- C:\Windows\System\LSQlPSA.exe
  C:\Windows\System\LSQlPSA.exe
  2⤵
  PID:5444
- C:\Windows\System\dRseBjw.exe
  C:\Windows\System\dRseBjw.exe
  2⤵
  PID:5472
- C:\Windows\System\sWnjZfy.exe
  C:\Windows\System\sWnjZfy.exe
  2⤵
  PID:5504
- C:\Windows\System\KYbtrFl.exe
  C:\Windows\System\KYbtrFl.exe
  2⤵
  PID:5532
- C:\Windows\System\ljqHXAA.exe
  C:\Windows\System\ljqHXAA.exe
  2⤵
  PID:5556
- C:\Windows\System\HClAKzB.exe
  C:\Windows\System\HClAKzB.exe
  2⤵
  PID:5584
- C:\Windows\System\TUJXnUm.exe
  C:\Windows\System\TUJXnUm.exe
  2⤵
  PID:5616
- C:\Windows\System\PZWEhft.exe
  C:\Windows\System\PZWEhft.exe
  2⤵
  PID:5644
- C:\Windows\System\DaRihoT.exe
  C:\Windows\System\DaRihoT.exe
  2⤵
  PID:5668
- C:\Windows\System\mweDqQc.exe
  C:\Windows\System\mweDqQc.exe
  2⤵
  PID:5696
- C:\Windows\System\PXrbjvz.exe
  C:\Windows\System\PXrbjvz.exe
  2⤵
  PID:5724
- C:\Windows\System\KSxBeGo.exe
  C:\Windows\System\KSxBeGo.exe
  2⤵
  PID:5752
- C:\Windows\System\tAofhJA.exe
  C:\Windows\System\tAofhJA.exe
  2⤵
  PID:5784
- C:\Windows\System\IBcJYdp.exe
  C:\Windows\System\IBcJYdp.exe
  2⤵
  PID:5812
- C:\Windows\System\dclraZi.exe
  C:\Windows\System\dclraZi.exe
  2⤵
  PID:5840
- C:\Windows\System\axLAoxW.exe
  C:\Windows\System\axLAoxW.exe
  2⤵
  PID:5868
- C:\Windows\System\lKQuQHf.exe
  C:\Windows\System\lKQuQHf.exe
  2⤵
  PID:5892
- C:\Windows\System\QqnnXdq.exe
  C:\Windows\System\QqnnXdq.exe
  2⤵
  PID:5920
- C:\Windows\System\WpSvNbo.exe
  C:\Windows\System\WpSvNbo.exe
  2⤵
  PID:5952
- C:\Windows\System\pOftMDm.exe
  C:\Windows\System\pOftMDm.exe
  2⤵
  PID:5980
- C:\Windows\System\fktkMnZ.exe
  C:\Windows\System\fktkMnZ.exe
  2⤵
  PID:6008
- C:\Windows\System\vpIXsnh.exe
  C:\Windows\System\vpIXsnh.exe
  2⤵
  PID:6036
- C:\Windows\System\mfRlrIr.exe
  C:\Windows\System\mfRlrIr.exe
  2⤵
  PID:6064
- C:\Windows\System\DfCieVs.exe
  C:\Windows\System\DfCieVs.exe
  2⤵
  PID:6088
- C:\Windows\System\TYGJkWu.exe
  C:\Windows\System\TYGJkWu.exe
  2⤵
  PID:6116
- C:\Windows\System\vVIjhFq.exe
  C:\Windows\System\vVIjhFq.exe
  2⤵
  PID:3128
- C:\Windows\System\CATHbqy.exe
  C:\Windows\System\CATHbqy.exe
  2⤵
  PID:1892
- C:\Windows\System\gTunBDT.exe
  C:\Windows\System\gTunBDT.exe
  2⤵
  PID:4488
- C:\Windows\System\RiCgpub.exe
  C:\Windows\System\RiCgpub.exe
  2⤵
  PID:5024
- C:\Windows\System\RjXAbSj.exe
  C:\Windows\System\RjXAbSj.exe
  2⤵
  PID:5096
- C:\Windows\System\UgUTQru.exe
  C:\Windows\System\UgUTQru.exe
  2⤵
  PID:4652
- C:\Windows\System\waFLwcU.exe
  C:\Windows\System\waFLwcU.exe
  2⤵
  PID:5180
- C:\Windows\System\HVWJwuV.exe
  C:\Windows\System\HVWJwuV.exe
  2⤵
  PID:5240
- C:\Windows\System\PKvFJVW.exe
  C:\Windows\System\PKvFJVW.exe
  2⤵
  PID:5300
- C:\Windows\System\sXUiHfM.exe
  C:\Windows\System\sXUiHfM.exe
  2⤵
  PID:5376
- C:\Windows\System\KEkpWWK.exe
  C:\Windows\System\KEkpWWK.exe
  2⤵
  PID:5436
- C:\Windows\System\hTGzsTf.exe
  C:\Windows\System\hTGzsTf.exe
  2⤵
  PID:5496
- C:\Windows\System\LbLEQpE.exe
  C:\Windows\System\LbLEQpE.exe
  2⤵
  PID:5572
- C:\Windows\System\tlnCfUq.exe
  C:\Windows\System\tlnCfUq.exe
  2⤵
  PID:5632
- C:\Windows\System\waNNuZP.exe
  C:\Windows\System\waNNuZP.exe
  2⤵
  PID:5692
- C:\Windows\System\xkaOJCl.exe
  C:\Windows\System\xkaOJCl.exe
  2⤵
  PID:5768
- C:\Windows\System\UBTSuOv.exe
  C:\Windows\System\UBTSuOv.exe
  2⤵
  PID:5828
- C:\Windows\System\MhWKbqc.exe
  C:\Windows\System\MhWKbqc.exe
  2⤵
  PID:5888
- C:\Windows\System\YtxhNpK.exe
  C:\Windows\System\YtxhNpK.exe
  2⤵
  PID:5936
- C:\Windows\System\XgPJrAk.exe
  C:\Windows\System\XgPJrAk.exe
  2⤵
  PID:5996
- C:\Windows\System\hTKwlea.exe
  C:\Windows\System\hTKwlea.exe
  2⤵
  PID:6080
- C:\Windows\System\UrXzKIL.exe
  C:\Windows\System\UrXzKIL.exe
  2⤵
  PID:6140
- C:\Windows\System\PDeDRwB.exe
  C:\Windows\System\PDeDRwB.exe
  2⤵
  PID:2356
- C:\Windows\System\gSmAdEY.exe
  C:\Windows\System\gSmAdEY.exe
  2⤵
  PID:2312
- C:\Windows\System\NilxAuP.exe
  C:\Windows\System\NilxAuP.exe
  2⤵
  PID:5216
- C:\Windows\System\lXIpqAO.exe
  C:\Windows\System\lXIpqAO.exe
  2⤵
  PID:5404
- C:\Windows\System\JcXvbtV.exe
  C:\Windows\System\JcXvbtV.exe
  2⤵
  PID:5544
- C:\Windows\System\IIvuEWu.exe
  C:\Windows\System\IIvuEWu.exe
  2⤵
  PID:5684
- C:\Windows\System\LpwIroy.exe
  C:\Windows\System\LpwIroy.exe
  2⤵
  PID:5856
- C:\Windows\System\FZgPYxH.exe
  C:\Windows\System\FZgPYxH.exe
  2⤵
  PID:5968
- C:\Windows\System\FnnkAfw.exe
  C:\Windows\System\FnnkAfw.exe
  2⤵
  PID:6148
- C:\Windows\System\HAcVzmM.exe
  C:\Windows\System\HAcVzmM.exe
  2⤵
  PID:6176
- C:\Windows\System\TnXDMvE.exe
  C:\Windows\System\TnXDMvE.exe
  2⤵
  PID:6208
- C:\Windows\System\wTMmsqR.exe
  C:\Windows\System\wTMmsqR.exe
  2⤵
  PID:6232
- C:\Windows\System\QEXprdn.exe
  C:\Windows\System\QEXprdn.exe
  2⤵
  PID:6260
- C:\Windows\System\rJTsUEm.exe
  C:\Windows\System\rJTsUEm.exe
  2⤵
  PID:6288
- C:\Windows\System\gIZgvyY.exe
  C:\Windows\System\gIZgvyY.exe
  2⤵
  PID:6316
- C:\Windows\System\VvQFaRA.exe
  C:\Windows\System\VvQFaRA.exe
  2⤵
  PID:6344
- C:\Windows\System\SerQXYi.exe
  C:\Windows\System\SerQXYi.exe
  2⤵
  PID:6372
- C:\Windows\System\PREpTpB.exe
  C:\Windows\System\PREpTpB.exe
  2⤵
  PID:6400
- C:\Windows\System\xpPhJQE.exe
  C:\Windows\System\xpPhJQE.exe
  2⤵
  PID:6428
- C:\Windows\System\GXXvZee.exe
  C:\Windows\System\GXXvZee.exe
  2⤵
  PID:6456
- C:\Windows\System\KclYTzh.exe
  C:\Windows\System\KclYTzh.exe
  2⤵
  PID:6484
- C:\Windows\System\CGBkKaf.exe
  C:\Windows\System\CGBkKaf.exe
  2⤵
  PID:6512
- C:\Windows\System\SxgggYC.exe
  C:\Windows\System\SxgggYC.exe
  2⤵
  PID:6540
- C:\Windows\System\llcWHIF.exe
  C:\Windows\System\llcWHIF.exe
  2⤵
  PID:6568
- C:\Windows\System\byyATcx.exe
  C:\Windows\System\byyATcx.exe
  2⤵
  PID:6596
- C:\Windows\System\uafOFox.exe
  C:\Windows\System\uafOFox.exe
  2⤵
  PID:6624
- C:\Windows\System\SijNHkh.exe
  C:\Windows\System\SijNHkh.exe
  2⤵
  PID:6652
- C:\Windows\System\vsbundW.exe
  C:\Windows\System\vsbundW.exe
  2⤵
  PID:6680
- C:\Windows\System\SRdOoqd.exe
  C:\Windows\System\SRdOoqd.exe
  2⤵
  PID:6708
- C:\Windows\System\PhnjWJx.exe
  C:\Windows\System\PhnjWJx.exe
  2⤵
  PID:6736
- C:\Windows\System\pifGyUU.exe
  C:\Windows\System\pifGyUU.exe
  2⤵
  PID:6764
- C:\Windows\System\biOSMPj.exe
  C:\Windows\System\biOSMPj.exe
  2⤵
  PID:6792
- C:\Windows\System\LWXNGvB.exe
  C:\Windows\System\LWXNGvB.exe
  2⤵
  PID:6820
- C:\Windows\System\kemqpWN.exe
  C:\Windows\System\kemqpWN.exe
  2⤵
  PID:6848
- C:\Windows\System\xdDQarN.exe
  C:\Windows\System\xdDQarN.exe
  2⤵
  PID:6876
- C:\Windows\System\TyeLiDW.exe
  C:\Windows\System\TyeLiDW.exe
  2⤵
  PID:6904
- C:\Windows\System\rDmVbVp.exe
  C:\Windows\System\rDmVbVp.exe
  2⤵
  PID:6932
- C:\Windows\System\FkFEiaQ.exe
  C:\Windows\System\FkFEiaQ.exe
  2⤵
  PID:6960
- C:\Windows\System\UoGjaVr.exe
  C:\Windows\System\UoGjaVr.exe
  2⤵
  PID:6988
- C:\Windows\System\oMgvtAk.exe
  C:\Windows\System\oMgvtAk.exe
  2⤵
  PID:7016
- C:\Windows\System\usxmRrS.exe
  C:\Windows\System\usxmRrS.exe
  2⤵
  PID:7044
- C:\Windows\System\XHqEkpd.exe
  C:\Windows\System\XHqEkpd.exe
  2⤵
  PID:7072
- C:\Windows\System\xidswHK.exe
  C:\Windows\System\xidswHK.exe
  2⤵
  PID:7100
- C:\Windows\System\yNKHpts.exe
  C:\Windows\System\yNKHpts.exe
  2⤵
  PID:7128
- C:\Windows\System\TAQZzPh.exe
  C:\Windows\System\TAQZzPh.exe
  2⤵
  PID:7156
- C:\Windows\System\HzkLYaD.exe
  C:\Windows\System\HzkLYaD.exe
  2⤵
  PID:4532
- C:\Windows\System\gnLVKhz.exe
  C:\Windows\System\gnLVKhz.exe
  2⤵
  PID:5292
- C:\Windows\System\ogHtxhy.exe
  C:\Windows\System\ogHtxhy.exe
  2⤵
  PID:5608
- C:\Windows\System\gspIBfT.exe
  C:\Windows\System\gspIBfT.exe
  2⤵
  PID:5916
- C:\Windows\System\uPRWMte.exe
  C:\Windows\System\uPRWMte.exe
  2⤵
  PID:6168
- C:\Windows\System\hgxkMdC.exe
  C:\Windows\System\hgxkMdC.exe
  2⤵
  PID:6244
- C:\Windows\System\JjBbvFV.exe
  C:\Windows\System\JjBbvFV.exe
  2⤵
  PID:2120
- C:\Windows\System\fkGvnYf.exe
  C:\Windows\System\fkGvnYf.exe
  2⤵
  PID:6360
- C:\Windows\System\KimicaI.exe
  C:\Windows\System\KimicaI.exe
  2⤵
  PID:6416
- C:\Windows\System\wEVOuuW.exe
  C:\Windows\System\wEVOuuW.exe
  2⤵
  PID:6476
- C:\Windows\System\RvkFJuJ.exe
  C:\Windows\System\RvkFJuJ.exe
  2⤵
  PID:6552
- C:\Windows\System\wKFPomQ.exe
  C:\Windows\System\wKFPomQ.exe
  2⤵
  PID:6612
- C:\Windows\System\tkOiyLC.exe
  C:\Windows\System\tkOiyLC.exe
  2⤵
  PID:6644
- C:\Windows\System\gHQvDCK.exe
  C:\Windows\System\gHQvDCK.exe
  2⤵
  PID:6720
- C:\Windows\System\GaLUZJe.exe
  C:\Windows\System\GaLUZJe.exe
  2⤵
  PID:6776
- C:\Windows\System\WrQyeJr.exe
  C:\Windows\System\WrQyeJr.exe
  2⤵
  PID:7056
- C:\Windows\System\TuMhDid.exe
  C:\Windows\System\TuMhDid.exe
  2⤵
  PID:7148
- C:\Windows\System\QoKRtuc.exe
  C:\Windows\System\QoKRtuc.exe
  2⤵
  PID:2164
- C:\Windows\System\vpVXUqJ.exe
  C:\Windows\System\vpVXUqJ.exe
  2⤵
  PID:5488
- C:\Windows\System\gZQWVTT.exe
  C:\Windows\System\gZQWVTT.exe
  2⤵
  PID:5800
- C:\Windows\System\NoMGSse.exe
  C:\Windows\System\NoMGSse.exe
  2⤵
  PID:1208
- C:\Windows\System\wsQzWma.exe
  C:\Windows\System\wsQzWma.exe
  2⤵
  PID:2036
- C:\Windows\System\gPLmPvg.exe
  C:\Windows\System\gPLmPvg.exe
  2⤵
  PID:6696
- C:\Windows\System\ulXBgkO.exe
  C:\Windows\System\ulXBgkO.exe
  2⤵
  PID:1132
- C:\Windows\System\TvoxPqe.exe
  C:\Windows\System\TvoxPqe.exe
  2⤵
  PID:2032
- C:\Windows\System\eDZNCxB.exe
  C:\Windows\System\eDZNCxB.exe
  2⤵
  PID:4068
- C:\Windows\System\FYSKaIZ.exe
  C:\Windows\System\FYSKaIZ.exe
  2⤵
  PID:7036
- C:\Windows\System\XPalfxy.exe
  C:\Windows\System\XPalfxy.exe
  2⤵
  PID:7116
- C:\Windows\System\YUVYVfW.exe
  C:\Windows\System\YUVYVfW.exe
  2⤵
  PID:4988
- C:\Windows\System\KcsqUWo.exe
  C:\Windows\System\KcsqUWo.exe
  2⤵
  PID:7000
- C:\Windows\System\tuRtokN.exe
  C:\Windows\System\tuRtokN.exe
  2⤵
  PID:6160
- C:\Windows\System\pjADsnN.exe
  C:\Windows\System\pjADsnN.exe
  2⤵
  PID:3644
- C:\Windows\System\bcAEiXW.exe
  C:\Windows\System\bcAEiXW.exe
  2⤵
  PID:1488
- C:\Windows\System\oIKkcmy.exe
  C:\Windows\System\oIKkcmy.exe
  2⤵
  PID:436
- C:\Windows\System\FOgSoUC.exe
  C:\Windows\System\FOgSoUC.exe
  2⤵
  PID:7028
- C:\Windows\System\vFFBSVH.exe
  C:\Windows\System\vFFBSVH.exe
  2⤵
  PID:5468
- C:\Windows\System\xeSQjzP.exe
  C:\Windows\System\xeSQjzP.exe
  2⤵
  PID:6980
- C:\Windows\System\SUAALDc.exe
  C:\Windows\System\SUAALDc.exe
  2⤵
  PID:4424
- C:\Windows\System\JCDGxUk.exe
  C:\Windows\System\JCDGxUk.exe
  2⤵
  PID:6056
- C:\Windows\System\PospGdY.exe
  C:\Windows\System\PospGdY.exe
  2⤵
  PID:6468
- C:\Windows\System\jESZDJO.exe
  C:\Windows\System\jESZDJO.exe
  2⤵
  PID:4960
- C:\Windows\System\aFCUeVo.exe
  C:\Windows\System\aFCUeVo.exe
  2⤵
  PID:7188
- C:\Windows\System\fNLaNcb.exe
  C:\Windows\System\fNLaNcb.exe
  2⤵
  PID:7216
- C:\Windows\System\NVODZdn.exe
  C:\Windows\System\NVODZdn.exe
  2⤵
  PID:7240
- C:\Windows\System\ijcFRnt.exe
  C:\Windows\System\ijcFRnt.exe
  2⤵
  PID:7284
- C:\Windows\System\CwaYiBG.exe
  C:\Windows\System\CwaYiBG.exe
  2⤵
  PID:7312
- C:\Windows\System\OBSzwnK.exe
  C:\Windows\System\OBSzwnK.exe
  2⤵
  PID:7344
- C:\Windows\System\bVXfPZR.exe
  C:\Windows\System\bVXfPZR.exe
  2⤵
  PID:7368
- C:\Windows\System\FBKstKN.exe
  C:\Windows\System\FBKstKN.exe
  2⤵
  PID:7384
- C:\Windows\System\RDoTNON.exe
  C:\Windows\System\RDoTNON.exe
  2⤵
  PID:7400
- C:\Windows\System\iMJsMVb.exe
  C:\Windows\System\iMJsMVb.exe
  2⤵
  PID:7424
- C:\Windows\System\JJfURPH.exe
  C:\Windows\System\JJfURPH.exe
  2⤵
  PID:7460
- C:\Windows\System\QnrIiFM.exe
  C:\Windows\System\QnrIiFM.exe
  2⤵
  PID:7520
- C:\Windows\System\mtgnfZs.exe
  C:\Windows\System\mtgnfZs.exe
  2⤵
  PID:7548
- C:\Windows\System\hNxyHqZ.exe
  C:\Windows\System\hNxyHqZ.exe
  2⤵
  PID:7576
- C:\Windows\System\AkuWhuI.exe
  C:\Windows\System\AkuWhuI.exe
  2⤵
  PID:7592
- C:\Windows\System\APrCXbC.exe
  C:\Windows\System\APrCXbC.exe
  2⤵
  PID:7620
- C:\Windows\System\TNTKVGS.exe
  C:\Windows\System\TNTKVGS.exe
  2⤵
  PID:7648
- C:\Windows\System\zUgBiFd.exe
  C:\Windows\System\zUgBiFd.exe
  2⤵
  PID:7688
- C:\Windows\System\nbLdvxZ.exe
  C:\Windows\System\nbLdvxZ.exe
  2⤵
  PID:7720
- C:\Windows\System\JcVxEoF.exe
  C:\Windows\System\JcVxEoF.exe
  2⤵
  PID:7752
- C:\Windows\System\kbeNwgQ.exe
  C:\Windows\System\kbeNwgQ.exe
  2⤵
  PID:7772
- C:\Windows\System\NQtJvRm.exe
  C:\Windows\System\NQtJvRm.exe
  2⤵
  PID:7804
- C:\Windows\System\GxUkHXC.exe
  C:\Windows\System\GxUkHXC.exe
  2⤵
  PID:7836
- C:\Windows\System\xjAvGYb.exe
  C:\Windows\System\xjAvGYb.exe
  2⤵
  PID:7864
- C:\Windows\System\dwrQEnI.exe
  C:\Windows\System\dwrQEnI.exe
  2⤵
  PID:7892
- C:\Windows\System\AbzYcyS.exe
  C:\Windows\System\AbzYcyS.exe
  2⤵
  PID:7920
- C:\Windows\System\uQtXGaS.exe
  C:\Windows\System\uQtXGaS.exe
  2⤵
  PID:7956
- C:\Windows\System\fKDGwDl.exe
  C:\Windows\System\fKDGwDl.exe
  2⤵
  PID:7992
- C:\Windows\System\EdRPKuW.exe
  C:\Windows\System\EdRPKuW.exe
  2⤵
  PID:8020
- C:\Windows\System\IQMbnLr.exe
  C:\Windows\System\IQMbnLr.exe
  2⤵
  PID:8056
- C:\Windows\System\zwqCrcT.exe
  C:\Windows\System\zwqCrcT.exe
  2⤵
  PID:8088
- C:\Windows\System\TRTliyc.exe
  C:\Windows\System\TRTliyc.exe
  2⤵
  PID:8116
- C:\Windows\System\LMTyTuo.exe
  C:\Windows\System\LMTyTuo.exe
  2⤵
  PID:8144
- C:\Windows\System\lleJaia.exe
  C:\Windows\System\lleJaia.exe
  2⤵
  PID:8172
- C:\Windows\System\ZjonNDC.exe
  C:\Windows\System\ZjonNDC.exe
  2⤵
  PID:1856
- C:\Windows\System\iulQwLs.exe
  C:\Windows\System\iulQwLs.exe
  2⤵
  PID:7172
- C:\Windows\System\EdHgHIE.exe
  C:\Windows\System\EdHgHIE.exe
  2⤵
  PID:7236
- C:\Windows\System\OxcNjZc.exe
  C:\Windows\System\OxcNjZc.exe
  2⤵
  PID:7340
- C:\Windows\System\dwoooyn.exe
  C:\Windows\System\dwoooyn.exe
  2⤵
  PID:7356
- C:\Windows\System\LNpWODh.exe
  C:\Windows\System\LNpWODh.exe
  2⤵
  PID:7456
- C:\Windows\System\NfNYSez.exe
  C:\Windows\System\NfNYSez.exe
  2⤵
  PID:7544
- C:\Windows\System\yDslRRj.exe
  C:\Windows\System\yDslRRj.exe
  2⤵
  PID:7604
- C:\Windows\System\cBhkqdv.exe
  C:\Windows\System\cBhkqdv.exe
  2⤵
  PID:7684
- C:\Windows\System\RgJRDvK.exe
  C:\Windows\System\RgJRDvK.exe
  2⤵
  PID:7748
- C:\Windows\System\WRbNqsM.exe
  C:\Windows\System\WRbNqsM.exe
  2⤵
  PID:7796
- C:\Windows\System\SJquJKY.exe
  C:\Windows\System\SJquJKY.exe
  2⤵
  PID:7856
- C:\Windows\System\kqgonRK.exe
  C:\Windows\System\kqgonRK.exe
  2⤵
  PID:7888
- C:\Windows\System\ZjOJpoK.exe
  C:\Windows\System\ZjOJpoK.exe
  2⤵
  PID:8004
- C:\Windows\System\MeamorM.exe
  C:\Windows\System\MeamorM.exe
  2⤵
  PID:8084
- C:\Windows\System\laQldUl.exe
  C:\Windows\System\laQldUl.exe
  2⤵
  PID:8156
- C:\Windows\System\aBMGGaS.exe
  C:\Windows\System\aBMGGaS.exe
  2⤵
  PID:7228
- C:\Windows\System\bReofAA.exe
  C:\Windows\System\bReofAA.exe
  2⤵
  PID:4704
- C:\Windows\System\FUmhpsg.exe
  C:\Windows\System\FUmhpsg.exe
  2⤵
  PID:7496
- C:\Windows\System\NmGmdNC.exe
  C:\Windows\System\NmGmdNC.exe
  2⤵
  PID:7560
- C:\Windows\System\SefWcfV.exe
  C:\Windows\System\SefWcfV.exe
  2⤵
  PID:996
- C:\Windows\System\HGGMPkl.exe
  C:\Windows\System\HGGMPkl.exe
  2⤵
  PID:7612
- C:\Windows\System\DakuwyO.exe
  C:\Windows\System\DakuwyO.exe
  2⤵
  PID:7980
- C:\Windows\System\BNIDNZc.exe
  C:\Windows\System\BNIDNZc.exe
  2⤵
  PID:8128
- C:\Windows\System\ZiZApSx.exe
  C:\Windows\System\ZiZApSx.exe
  2⤵
  PID:7636
- C:\Windows\System\NkcJjRp.exe
  C:\Windows\System\NkcJjRp.exe
  2⤵
  PID:7736
- C:\Windows\System\zrunoTj.exe
  C:\Windows\System\zrunoTj.exe
  2⤵
  PID:7324
- C:\Windows\System\zuKbBOH.exe
  C:\Windows\System\zuKbBOH.exe
  2⤵
  PID:7272
- C:\Windows\System\HYYyqed.exe
  C:\Windows\System\HYYyqed.exe
  2⤵
  PID:8204
- C:\Windows\System\pLXHOSL.exe
  C:\Windows\System\pLXHOSL.exe
  2⤵
  PID:8232
- C:\Windows\System\QzXmjRL.exe
  C:\Windows\System\QzXmjRL.exe
  2⤵
  PID:8260
- C:\Windows\System\qFQWhTw.exe
  C:\Windows\System\qFQWhTw.exe
  2⤵
  PID:8292
- C:\Windows\System\upoVuJG.exe
  C:\Windows\System\upoVuJG.exe
  2⤵
  PID:8320
- C:\Windows\System\FqYeptl.exe
  C:\Windows\System\FqYeptl.exe
  2⤵
  PID:8344
- C:\Windows\System\qxtHDrK.exe
  C:\Windows\System\qxtHDrK.exe
  2⤵
  PID:8372
- C:\Windows\System\LxUXQgT.exe
  C:\Windows\System\LxUXQgT.exe
  2⤵
  PID:8400
- C:\Windows\System\IApRVVZ.exe
  C:\Windows\System\IApRVVZ.exe
  2⤵
  PID:8428
- C:\Windows\System\HFKBCJN.exe
  C:\Windows\System\HFKBCJN.exe
  2⤵
  PID:8460
- C:\Windows\System\PbNOTMb.exe
  C:\Windows\System\PbNOTMb.exe
  2⤵
  PID:8480
- C:\Windows\System\xSwUSSS.exe
  C:\Windows\System\xSwUSSS.exe
  2⤵
  PID:8516
- C:\Windows\System\BZhBEwN.exe
  C:\Windows\System\BZhBEwN.exe
  2⤵
  PID:8532
- C:\Windows\System\bpgZfUU.exe
  C:\Windows\System\bpgZfUU.exe
  2⤵
  PID:8572
- C:\Windows\System\uwCOOye.exe
  C:\Windows\System\uwCOOye.exe
  2⤵
  PID:8600
- C:\Windows\System\iSKrItZ.exe
  C:\Windows\System\iSKrItZ.exe
  2⤵
  PID:8620
- C:\Windows\System\OpcLhcl.exe
  C:\Windows\System\OpcLhcl.exe
  2⤵
  PID:8656
- C:\Windows\System\COyQqhA.exe
  C:\Windows\System\COyQqhA.exe
  2⤵
  PID:8684
- C:\Windows\System\obzEwzD.exe
  C:\Windows\System\obzEwzD.exe
  2⤵
  PID:8712
- C:\Windows\System\RUZJEYV.exe
  C:\Windows\System\RUZJEYV.exe
  2⤵
  PID:8736
- C:\Windows\System\CwYHKeV.exe
  C:\Windows\System\CwYHKeV.exe
  2⤵
  PID:8760
- C:\Windows\System\Zebhwbi.exe
  C:\Windows\System\Zebhwbi.exe
  2⤵
  PID:8792
- C:\Windows\System\rTFqfeZ.exe
  C:\Windows\System\rTFqfeZ.exe
  2⤵
  PID:8824
- C:\Windows\System\lZPBOMN.exe
  C:\Windows\System\lZPBOMN.exe
  2⤵
  PID:8852
- C:\Windows\System\deJraea.exe
  C:\Windows\System\deJraea.exe
  2⤵
  PID:8884
- C:\Windows\System\XjoPuvx.exe
  C:\Windows\System\XjoPuvx.exe
  2⤵
  PID:8908
- C:\Windows\System\xfZSTVy.exe
  C:\Windows\System\xfZSTVy.exe
  2⤵
  PID:8932
- C:\Windows\System\ABwAezR.exe
  C:\Windows\System\ABwAezR.exe
  2⤵
  PID:8972
- C:\Windows\System\GyLZnQa.exe
  C:\Windows\System\GyLZnQa.exe
  2⤵
  PID:8992
- C:\Windows\System\qDJBIgI.exe
  C:\Windows\System\qDJBIgI.exe
  2⤵
  PID:9016
- C:\Windows\System\HuRjlhd.exe
  C:\Windows\System\HuRjlhd.exe
  2⤵
  PID:9048
- C:\Windows\System\tsLCjBq.exe
  C:\Windows\System\tsLCjBq.exe
  2⤵
  PID:9076
- C:\Windows\System\UQjdoRH.exe
  C:\Windows\System\UQjdoRH.exe
  2⤵
  PID:9112
- C:\Windows\System\RbdBjUD.exe
  C:\Windows\System\RbdBjUD.exe
  2⤵
  PID:9128
- C:\Windows\System\dYkaNmw.exe
  C:\Windows\System\dYkaNmw.exe
  2⤵
  PID:9156
- C:\Windows\System\RbKtJjT.exe
  C:\Windows\System\RbKtJjT.exe
  2⤵
  PID:9200
- C:\Windows\System\gymmTTC.exe
  C:\Windows\System\gymmTTC.exe
  2⤵
  PID:8200
- C:\Windows\System\uWLJesM.exe
  C:\Windows\System\uWLJesM.exe
  2⤵
  PID:8284
- C:\Windows\System\UuXWJPu.exe
  C:\Windows\System\UuXWJPu.exe
  2⤵
  PID:8328
- C:\Windows\System\oNLwGgc.exe
  C:\Windows\System\oNLwGgc.exe
  2⤵
  PID:8468
- C:\Windows\System\UFRmVdK.exe
  C:\Windows\System\UFRmVdK.exe
  2⤵
  PID:8524
- C:\Windows\System\EKMoqgw.exe
  C:\Windows\System\EKMoqgw.exe
  2⤵
  PID:8556
- C:\Windows\System\cvgziWs.exe
  C:\Windows\System\cvgziWs.exe
  2⤵
  PID:8652
- C:\Windows\System\BYYasbU.exe
  C:\Windows\System\BYYasbU.exe
  2⤵
  PID:8720
- C:\Windows\System\ZmZVjXg.exe
  C:\Windows\System\ZmZVjXg.exe
  2⤵
  PID:8776
- C:\Windows\System\SyBwYVb.exe
  C:\Windows\System\SyBwYVb.exe
  2⤵
  PID:8848
- C:\Windows\System\dSEcozF.exe
  C:\Windows\System\dSEcozF.exe
  2⤵
  PID:8892
- C:\Windows\System\ttbMWJM.exe
  C:\Windows\System\ttbMWJM.exe
  2⤵
  PID:8896
- C:\Windows\System\KSWDMAd.exe
  C:\Windows\System\KSWDMAd.exe
  2⤵
  PID:9012
- C:\Windows\System\jKKdtXg.exe
  C:\Windows\System\jKKdtXg.exe
  2⤵
  PID:9060
- C:\Windows\System\Modpjsx.exe
  C:\Windows\System\Modpjsx.exe
  2⤵
  PID:9120
- C:\Windows\System\pbcYLBJ.exe
  C:\Windows\System\pbcYLBJ.exe
  2⤵
  PID:9212
- C:\Windows\System\AwsVMTm.exe
  C:\Windows\System\AwsVMTm.exe
  2⤵
  PID:8280
- C:\Windows\System\EktAdQY.exe
  C:\Windows\System\EktAdQY.exe
  2⤵
  PID:8608
- C:\Windows\System\swFNNiH.exe
  C:\Windows\System\swFNNiH.exe
  2⤵
  PID:8748
- C:\Windows\System\PDVKRSQ.exe
  C:\Windows\System\PDVKRSQ.exe
  2⤵
  PID:8836
- C:\Windows\System\vZuplot.exe
  C:\Windows\System\vZuplot.exe
  2⤵
  PID:9028
- C:\Windows\System\vISgKqD.exe
  C:\Windows\System\vISgKqD.exe
  2⤵
  PID:9152
- C:\Windows\System\geEndGq.exe
  C:\Windows\System\geEndGq.exe
  2⤵
  PID:8452
- C:\Windows\System\dvFlwIY.exe
  C:\Windows\System\dvFlwIY.exe
  2⤵
  PID:9032
- C:\Windows\System\mFtNESk.exe
  C:\Windows\System\mFtNESk.exe
  2⤵
  PID:8708
- C:\Windows\System\jgxlouB.exe
  C:\Windows\System\jgxlouB.exe
  2⤵
  PID:8916
- C:\Windows\System\UOhUOli.exe
  C:\Windows\System\UOhUOli.exe
  2⤵
  PID:9224
- C:\Windows\System\EldAxYH.exe
  C:\Windows\System\EldAxYH.exe
  2⤵
  PID:9252
- C:\Windows\System\UzBYsIi.exe
  C:\Windows\System\UzBYsIi.exe
  2⤵
  PID:9284
- C:\Windows\System\CJWdkFc.exe
  C:\Windows\System\CJWdkFc.exe
  2⤵
  PID:9320
- C:\Windows\System\lXQWpBn.exe
  C:\Windows\System\lXQWpBn.exe
  2⤵
  PID:9336
- C:\Windows\System\IYqjzzY.exe
  C:\Windows\System\IYqjzzY.exe
  2⤵
  PID:9376
- C:\Windows\System\AjiagVq.exe
  C:\Windows\System\AjiagVq.exe
  2⤵
  PID:9392
- C:\Windows\System\VyYHRff.exe
  C:\Windows\System\VyYHRff.exe
  2⤵
  PID:9420
- C:\Windows\System\eWdjmXk.exe
  C:\Windows\System\eWdjmXk.exe
  2⤵
  PID:9444
- C:\Windows\System\CudSdAK.exe
  C:\Windows\System\CudSdAK.exe
  2⤵
  PID:9488
- C:\Windows\System\ZKFfhaT.exe
  C:\Windows\System\ZKFfhaT.exe
  2⤵
  PID:9516
- C:\Windows\System\NlUzBVE.exe
  C:\Windows\System\NlUzBVE.exe
  2⤵
  PID:9544
- C:\Windows\System\zYRzqhS.exe
  C:\Windows\System\zYRzqhS.exe
  2⤵
  PID:9572
- C:\Windows\System\gDVIOAN.exe
  C:\Windows\System\gDVIOAN.exe
  2⤵
  PID:9600
- C:\Windows\System\oLXBfUc.exe
  C:\Windows\System\oLXBfUc.exe
  2⤵
  PID:9628
- C:\Windows\System\XyjxNSa.exe
  C:\Windows\System\XyjxNSa.exe
  2⤵
  PID:9656
- C:\Windows\System\DfOpvEb.exe
  C:\Windows\System\DfOpvEb.exe
  2⤵
  PID:9684
- C:\Windows\System\kJrGGLq.exe
  C:\Windows\System\kJrGGLq.exe
  2⤵
  PID:9712
- C:\Windows\System\EViFnba.exe
  C:\Windows\System\EViFnba.exe
  2⤵
  PID:9740
- C:\Windows\System\dhOqmaA.exe
  C:\Windows\System\dhOqmaA.exe
  2⤵
  PID:9764
- C:\Windows\System\jQmknsQ.exe
  C:\Windows\System\jQmknsQ.exe
  2⤵
  PID:9784
- C:\Windows\System\LPXxhkI.exe
  C:\Windows\System\LPXxhkI.exe
  2⤵
  PID:9820
- C:\Windows\System\TSgTdfu.exe
  C:\Windows\System\TSgTdfu.exe
  2⤵
  PID:9852
- C:\Windows\System\riwkIlA.exe
  C:\Windows\System\riwkIlA.exe
  2⤵
  PID:9880
- C:\Windows\System\fDcBrly.exe
  C:\Windows\System\fDcBrly.exe
  2⤵
  PID:9896
- C:\Windows\System\IIkxYKu.exe
  C:\Windows\System\IIkxYKu.exe
  2⤵
  PID:9912
- C:\Windows\System\kXPaCKS.exe
  C:\Windows\System\kXPaCKS.exe
  2⤵
  PID:9928
- C:\Windows\System\GTWkzES.exe
  C:\Windows\System\GTWkzES.exe
  2⤵
  PID:9960
- C:\Windows\System\PrPmyql.exe
  C:\Windows\System\PrPmyql.exe
  2⤵
  PID:10012
- C:\Windows\System\UnuACXI.exe
  C:\Windows\System\UnuACXI.exe
  2⤵
  PID:10044
- C:\Windows\System\gtFesWQ.exe
  C:\Windows\System\gtFesWQ.exe
  2⤵
  PID:10084
- C:\Windows\System\EaxiJmJ.exe
  C:\Windows\System\EaxiJmJ.exe
  2⤵
  PID:10112
- C:\Windows\System\CnTsDim.exe
  C:\Windows\System\CnTsDim.exe
  2⤵
  PID:10140
- C:\Windows\System\gNMErOj.exe
  C:\Windows\System\gNMErOj.exe
  2⤵
  PID:10168
- C:\Windows\System\NfBlvYB.exe
  C:\Windows\System\NfBlvYB.exe
  2⤵
  PID:10196
- C:\Windows\System\ShxGZQN.exe
  C:\Windows\System\ShxGZQN.exe
  2⤵
  PID:10224
- C:\Windows\System\JHUvfCQ.exe
  C:\Windows\System\JHUvfCQ.exe
  2⤵
  PID:9236
- C:\Windows\System\KteCjeL.exe
  C:\Windows\System\KteCjeL.exe
  2⤵
  PID:9304
- C:\Windows\System\evXUFOq.exe
  C:\Windows\System\evXUFOq.exe
  2⤵
  PID:9356
- C:\Windows\System\zPEMMEM.exe
  C:\Windows\System\zPEMMEM.exe
  2⤵
  PID:9432
- C:\Windows\System\AvQQVgW.exe
  C:\Windows\System\AvQQVgW.exe
  2⤵
  PID:9472
- C:\Windows\System\gXOOJCZ.exe
  C:\Windows\System\gXOOJCZ.exe
  2⤵
  PID:9564
- C:\Windows\System\DdTRIVM.exe
  C:\Windows\System\DdTRIVM.exe
  2⤵
  PID:9648
- C:\Windows\System\swFWEwP.exe
  C:\Windows\System\swFWEwP.exe
  2⤵
  PID:9696
- C:\Windows\System\tBBEfVN.exe
  C:\Windows\System\tBBEfVN.exe
  2⤵
  PID:9772
- C:\Windows\System\cputado.exe
  C:\Windows\System\cputado.exe
  2⤵
  PID:9836
- C:\Windows\System\JlMVlZS.exe
  C:\Windows\System\JlMVlZS.exe
  2⤵
  PID:9908
- C:\Windows\System\WBkVhUF.exe
  C:\Windows\System\WBkVhUF.exe
  2⤵
  PID:9944
- C:\Windows\System\EuWoggS.exe
  C:\Windows\System\EuWoggS.exe
  2⤵
  PID:9992
- C:\Windows\System\zCANjHG.exe
  C:\Windows\System\zCANjHG.exe
  2⤵
  PID:10096
- C:\Windows\System\XWdPLJQ.exe
  C:\Windows\System\XWdPLJQ.exe
  2⤵
  PID:10152
- C:\Windows\System\KUaivEa.exe
  C:\Windows\System\KUaivEa.exe
  2⤵
  PID:10192
- C:\Windows\System\XfoiykD.exe
  C:\Windows\System\XfoiykD.exe
  2⤵
  PID:9268
- C:\Windows\System\uYgxrRL.exe
  C:\Windows\System\uYgxrRL.exe
  2⤵
  PID:9408
- C:\Windows\System\RiouvIs.exe
  C:\Windows\System\RiouvIs.exe
  2⤵
  PID:9620
- C:\Windows\System\zpgyrkk.exe
  C:\Windows\System\zpgyrkk.exe
  2⤵
  PID:9776
- C:\Windows\System\nEKmifO.exe
  C:\Windows\System\nEKmifO.exe
  2⤵
  PID:9904
- C:\Windows\System\WPEdKSD.exe
  C:\Windows\System\WPEdKSD.exe
  2⤵
  PID:10072
- C:\Windows\System\kTORJDw.exe
  C:\Windows\System\kTORJDw.exe
  2⤵
  PID:10188
- C:\Windows\System\DhKlXeQ.exe
  C:\Windows\System\DhKlXeQ.exe
  2⤵
  PID:9596
- C:\Windows\System\izTupJU.exe
  C:\Windows\System\izTupJU.exe
  2⤵
  PID:9924
- C:\Windows\System\NhsYMEg.exe
  C:\Windows\System\NhsYMEg.exe
  2⤵
  PID:9364
- C:\Windows\System\aNllnaI.exe
  C:\Windows\System\aNllnaI.exe
  2⤵
  PID:10136
- C:\Windows\System\EqdAAvn.exe
  C:\Windows\System\EqdAAvn.exe
  2⤵
  PID:10248
- C:\Windows\System\pBBtDQT.exe
  C:\Windows\System\pBBtDQT.exe
  2⤵
  PID:10276
- C:\Windows\System\moOSWFo.exe
  C:\Windows\System\moOSWFo.exe
  2⤵
  PID:10292
- C:\Windows\System\ZKUOhMT.exe
  C:\Windows\System\ZKUOhMT.exe
  2⤵
  PID:10312
- C:\Windows\System\MeuczNL.exe
  C:\Windows\System\MeuczNL.exe
  2⤵
  PID:10360
- C:\Windows\System\MkvdjgU.exe
  C:\Windows\System\MkvdjgU.exe
  2⤵
  PID:10388
- C:\Windows\System\yMZQcNE.exe
  C:\Windows\System\yMZQcNE.exe
  2⤵
  PID:10404
- C:\Windows\System\xLqluwf.exe
  C:\Windows\System\xLqluwf.exe
  2⤵
  PID:10444
- C:\Windows\System\gUeBZFC.exe
  C:\Windows\System\gUeBZFC.exe
  2⤵
  PID:10464
- C:\Windows\System\CjXAnBW.exe
  C:\Windows\System\CjXAnBW.exe
  2⤵
  PID:10496
- C:\Windows\System\YdiLJtF.exe
  C:\Windows\System\YdiLJtF.exe
  2⤵
  PID:10516
- C:\Windows\System\WtiPXiJ.exe
  C:\Windows\System\WtiPXiJ.exe
  2⤵
  PID:10548
- C:\Windows\System\wgHpjkx.exe
  C:\Windows\System\wgHpjkx.exe
  2⤵
  PID:10584
- C:\Windows\System\xLcchOW.exe
  C:\Windows\System\xLcchOW.exe
  2⤵
  PID:10612
- C:\Windows\System\TMrNcnC.exe
  C:\Windows\System\TMrNcnC.exe
  2⤵
  PID:10640
- C:\Windows\System\oTocTQJ.exe
  C:\Windows\System\oTocTQJ.exe
  2⤵
  PID:10668
- C:\Windows\System\qQyvCFA.exe
  C:\Windows\System\qQyvCFA.exe
  2⤵
  PID:10696
- C:\Windows\System\slypucT.exe
  C:\Windows\System\slypucT.exe
  2⤵
  PID:10724
- C:\Windows\System\thPRrlc.exe
  C:\Windows\System\thPRrlc.exe
  2⤵
  PID:10740
- C:\Windows\System\xBiLrYK.exe
  C:\Windows\System\xBiLrYK.exe
  2⤵
  PID:10780
- C:\Windows\System\vIHBNvr.exe
  C:\Windows\System\vIHBNvr.exe
  2⤵
  PID:10808
- C:\Windows\System\chMvyMG.exe
  C:\Windows\System\chMvyMG.exe
  2⤵
  PID:10836
- C:\Windows\System\iabBYeK.exe
  C:\Windows\System\iabBYeK.exe
  2⤵
  PID:10864
- C:\Windows\System\eGUywbt.exe
  C:\Windows\System\eGUywbt.exe
  2⤵
  PID:10880
- C:\Windows\System\wTJqpKE.exe
  C:\Windows\System\wTJqpKE.exe
  2⤵
  PID:10912
- C:\Windows\System\KnRcOLu.exe
  C:\Windows\System\KnRcOLu.exe
  2⤵
  PID:10940
- C:\Windows\System\NkcPvNo.exe
  C:\Windows\System\NkcPvNo.exe
  2⤵
  PID:10976
- C:\Windows\System\HXOTlQk.exe
  C:\Windows\System\HXOTlQk.exe
  2⤵
  PID:11004
- C:\Windows\System\waVNbPf.exe
  C:\Windows\System\waVNbPf.exe
  2⤵
  PID:11032
- C:\Windows\System\KGAVkXK.exe
  C:\Windows\System\KGAVkXK.exe
  2⤵
  PID:11064
- C:\Windows\System\IZtxvIF.exe
  C:\Windows\System\IZtxvIF.exe
  2⤵
  PID:11092
- C:\Windows\System\witylgr.exe
  C:\Windows\System\witylgr.exe
  2⤵
  PID:11120
- C:\Windows\System\bqsalTv.exe
  C:\Windows\System\bqsalTv.exe
  2⤵
  PID:11148
- C:\Windows\System\tvVhfMr.exe
  C:\Windows\System\tvVhfMr.exe
  2⤵
  PID:11176
- C:\Windows\System\tnBogrd.exe
  C:\Windows\System\tnBogrd.exe
  2⤵
  PID:11204
- C:\Windows\System\ZKbWJhH.exe
  C:\Windows\System\ZKbWJhH.exe
  2⤵
  PID:11232
- C:\Windows\System\EahjRtC.exe
  C:\Windows\System\EahjRtC.exe
  2⤵
  PID:11248
- C:\Windows\System\uTDYdZe.exe
  C:\Windows\System\uTDYdZe.exe
  2⤵
  PID:10244
- C:\Windows\System\mVMwWPO.exe
  C:\Windows\System\mVMwWPO.exe
  2⤵
  PID:10348
- C:\Windows\System\WBIpbek.exe
  C:\Windows\System\WBIpbek.exe
  2⤵
  PID:10396
- C:\Windows\System\zZgqDDe.exe
  C:\Windows\System\zZgqDDe.exe
  2⤵
  PID:10488
- C:\Windows\System\wHuzMvl.exe
  C:\Windows\System\wHuzMvl.exe
  2⤵
  PID:10560
- C:\Windows\System\uLUTzgz.exe
  C:\Windows\System\uLUTzgz.exe
  2⤵
  PID:10060
- C:\Windows\System\CxSUhfm.exe
  C:\Windows\System\CxSUhfm.exe
  2⤵
  PID:10684
- C:\Windows\System\UpSIxNg.exe
  C:\Windows\System\UpSIxNg.exe
  2⤵
  PID:10760
- C:\Windows\System\IZOPsww.exe
  C:\Windows\System\IZOPsww.exe
  2⤵
  PID:10856
- C:\Windows\System\zagQhKD.exe
  C:\Windows\System\zagQhKD.exe
  2⤵
  PID:10900
- C:\Windows\System\blfnWHt.exe
  C:\Windows\System\blfnWHt.exe
  2⤵
  PID:10968
- C:\Windows\System\keOcXxM.exe
  C:\Windows\System\keOcXxM.exe
  2⤵
  PID:11048
- C:\Windows\System\fzFgqXO.exe
  C:\Windows\System\fzFgqXO.exe
  2⤵
  PID:11116
- C:\Windows\System\DpTthJN.exe
  C:\Windows\System\DpTthJN.exe
  2⤵
  PID:11216
- C:\Windows\System\BepcwDl.exe
  C:\Windows\System\BepcwDl.exe
  2⤵
  PID:10340
- C:\Windows\System\FngArzL.exe
  C:\Windows\System\FngArzL.exe
  2⤵
  PID:10480
- C:\Windows\System\fLmiFgC.exe
  C:\Windows\System\fLmiFgC.exe
  2⤵
  PID:10624
- C:\Windows\System\atiSxet.exe
  C:\Windows\System\atiSxet.exe
  2⤵
  PID:10800
- C:\Windows\System\DAUanQr.exe
  C:\Windows\System\DAUanQr.exe
  2⤵
  PID:11016
- C:\Windows\System\hzGjJUi.exe
  C:\Windows\System\hzGjJUi.exe
  2⤵
  PID:11188
- C:\Windows\System\rTjbapT.exe
  C:\Windows\System\rTjbapT.exe
  2⤵
  PID:10436
- C:\Windows\System\YzGebuv.exe
  C:\Windows\System\YzGebuv.exe
  2⤵
  PID:10804
- C:\Windows\System\FZMiisG.exe
  C:\Windows\System\FZMiisG.exe
  2⤵
  PID:11240
- C:\Windows\System\QSUjWTA.exe
  C:\Windows\System\QSUjWTA.exe
  2⤵
  PID:10732
- C:\Windows\System\DmxhqEz.exe
  C:\Windows\System\DmxhqEz.exe
  2⤵
  PID:11268
- C:\Windows\System\ifkTDWT.exe
  C:\Windows\System\ifkTDWT.exe
  2⤵
  PID:11308
- C:\Windows\System\XGnEvlV.exe
  C:\Windows\System\XGnEvlV.exe
  2⤵
  PID:11328
- C:\Windows\System\SlQltIt.exe
  C:\Windows\System\SlQltIt.exe
  2⤵
  PID:11364
- C:\Windows\System\GznWWFH.exe
  C:\Windows\System\GznWWFH.exe
  2⤵
  PID:11392
- C:\Windows\System\aWSESlG.exe
  C:\Windows\System\aWSESlG.exe
  2⤵
  PID:11420
- C:\Windows\System\SBDVQpi.exe
  C:\Windows\System\SBDVQpi.exe
  2⤵
  PID:11444
- C:\Windows\System\yrbUwny.exe
  C:\Windows\System\yrbUwny.exe
  2⤵
  PID:11460
- C:\Windows\System\JTWjdbK.exe
  C:\Windows\System\JTWjdbK.exe
  2⤵
  PID:11504
- C:\Windows\System\NSBeqAe.exe
  C:\Windows\System\NSBeqAe.exe
  2⤵
  PID:11532
- C:\Windows\System\woSroPt.exe
  C:\Windows\System\woSroPt.exe
  2⤵
  PID:11560
- C:\Windows\System\lbcLdbf.exe
  C:\Windows\System\lbcLdbf.exe
  2⤵
  PID:11576
- C:\Windows\System\PHqeTZL.exe
  C:\Windows\System\PHqeTZL.exe
  2⤵
  PID:11604
- C:\Windows\System\nRVnyhC.exe
  C:\Windows\System\nRVnyhC.exe
  2⤵
  PID:11636
- C:\Windows\System\zCkKrXC.exe
  C:\Windows\System\zCkKrXC.exe
  2⤵
  PID:11672
- C:\Windows\System\CjioGka.exe
  C:\Windows\System\CjioGka.exe
  2⤵
  PID:11700
- C:\Windows\System\Kzuqkzv.exe
  C:\Windows\System\Kzuqkzv.exe
  2⤵
  PID:11716
- C:\Windows\System\XkKakRj.exe
  C:\Windows\System\XkKakRj.exe
  2⤵
  PID:11756
- C:\Windows\System\zgMNKHC.exe
  C:\Windows\System\zgMNKHC.exe
  2⤵
  PID:11784
- C:\Windows\System\bfsUsiY.exe
  C:\Windows\System\bfsUsiY.exe
  2⤵
  PID:11800
- C:\Windows\System\tvMaQFC.exe
  C:\Windows\System\tvMaQFC.exe
  2⤵
  PID:11836
- C:\Windows\System\IPvidHo.exe
  C:\Windows\System\IPvidHo.exe
  2⤵
  PID:11856
- C:\Windows\System\XdHelDV.exe
  C:\Windows\System\XdHelDV.exe
  2⤵
  PID:11876
- C:\Windows\System\aKFdyLG.exe
  C:\Windows\System\aKFdyLG.exe
  2⤵
  PID:11904
- C:\Windows\System\fBVUxEe.exe
  C:\Windows\System\fBVUxEe.exe
  2⤵
  PID:11944
- C:\Windows\System\kdfqJCQ.exe
  C:\Windows\System\kdfqJCQ.exe
  2⤵
  PID:11980
- C:\Windows\System\DEHbXvs.exe
  C:\Windows\System\DEHbXvs.exe
  2⤵
  PID:12012
- C:\Windows\System\iawmZUE.exe
  C:\Windows\System\iawmZUE.exe
  2⤵
  PID:12040
- C:\Windows\System\BCnnTCt.exe
  C:\Windows\System\BCnnTCt.exe
  2⤵
  PID:12068
- C:\Windows\System\gVoLmXK.exe
  C:\Windows\System\gVoLmXK.exe
  2⤵
  PID:12096
- C:\Windows\System\azicVja.exe
  C:\Windows\System\azicVja.exe
  2⤵
  PID:12124
- C:\Windows\System\PJdPKff.exe
  C:\Windows\System\PJdPKff.exe
  2⤵
  PID:12144
- C:\Windows\System\EGUiDQL.exe
  C:\Windows\System\EGUiDQL.exe
  2⤵
  PID:12164
- C:\Windows\System\FGJqDXx.exe
  C:\Windows\System\FGJqDXx.exe
  2⤵
  PID:12184
- C:\Windows\System\OFdwDxX.exe
  C:\Windows\System\OFdwDxX.exe
  2⤵
  PID:12232
- C:\Windows\System\RYrxajZ.exe
  C:\Windows\System\RYrxajZ.exe
  2⤵
  PID:12256
- C:\Windows\System\cHdrVcP.exe
  C:\Windows\System\cHdrVcP.exe
  2⤵
  PID:10572
- C:\Windows\System\pXdeREf.exe
  C:\Windows\System\pXdeREf.exe
  2⤵
  PID:11340
- C:\Windows\System\SUInhPb.exe
  C:\Windows\System\SUInhPb.exe
  2⤵
  PID:11428
- C:\Windows\System\evLNoPv.exe
  C:\Windows\System\evLNoPv.exe
  2⤵
  PID:11492
- C:\Windows\System\iNlrvYJ.exe
  C:\Windows\System\iNlrvYJ.exe
  2⤵
  PID:11556
- C:\Windows\System\TaKyfBA.exe
  C:\Windows\System\TaKyfBA.exe
  2⤵
  PID:11596
- C:\Windows\System\zBvgFdH.exe
  C:\Windows\System\zBvgFdH.exe
  2⤵
  PID:11664
- C:\Windows\System\denvVzF.exe
  C:\Windows\System\denvVzF.exe
  2⤵
  PID:11752
- C:\Windows\System\RHNbcvA.exe
  C:\Windows\System\RHNbcvA.exe
  2⤵
  PID:11864
- C:\Windows\System\HINqSOi.exe
  C:\Windows\System\HINqSOi.exe
  2⤵
  PID:11884
- C:\Windows\System\dZnYBfS.exe
  C:\Windows\System\dZnYBfS.exe
  2⤵
  PID:12032
- C:\Windows\System\dqAYjAM.exe
  C:\Windows\System\dqAYjAM.exe
  2⤵
  PID:12120
- C:\Windows\System\yaORlXj.exe
  C:\Windows\System\yaORlXj.exe
  2⤵
  PID:12204
- C:\Windows\System\iGAoiMl.exe
  C:\Windows\System\iGAoiMl.exe
  2⤵
  PID:12240
- C:\Windows\System\GLczzsx.exe
  C:\Windows\System\GLczzsx.exe
  2⤵
  PID:11416
- C:\Windows\System\skHvFrw.exe
  C:\Windows\System\skHvFrw.exe
  2⤵
  PID:11568
- C:\Windows\System\faFRDjE.exe
  C:\Windows\System\faFRDjE.exe
  2⤵
  PID:11824
- C:\Windows\System\luGHXvZ.exe
  C:\Windows\System\luGHXvZ.exe
  2⤵
  PID:12080
- C:\Windows\System\fOfefqS.exe
  C:\Windows\System\fOfefqS.exe
  2⤵
  PID:11544
- C:\Windows\System\EBfGZvP.exe
  C:\Windows\System\EBfGZvP.exe
  2⤵
  PID:12300
- C:\Windows\System\VdvpJEC.exe
  C:\Windows\System\VdvpJEC.exe
  2⤵
  PID:12332
- C:\Windows\System\DmdvZEu.exe
  C:\Windows\System\DmdvZEu.exe
  2⤵
  PID:12368
- C:\Windows\System\DRqlegP.exe
  C:\Windows\System\DRqlegP.exe
  2⤵
  PID:12400
- C:\Windows\System\oXPigDB.exe
  C:\Windows\System\oXPigDB.exe
  2⤵
  PID:12416
- C:\Windows\System\KSKZMtf.exe
  C:\Windows\System\KSKZMtf.exe
  2⤵
  PID:12452
- C:\Windows\System\cSvaUqd.exe
  C:\Windows\System\cSvaUqd.exe
  2⤵
  PID:12484
- C:\Windows\System\WzXvOeD.exe
  C:\Windows\System\WzXvOeD.exe
  2⤵
  PID:12516
- C:\Windows\System\hPSSHif.exe
  C:\Windows\System\hPSSHif.exe
  2⤵
  PID:12544
- C:\Windows\System\mbzBzmv.exe
  C:\Windows\System\mbzBzmv.exe
  2⤵
  PID:12572
- C:\Windows\System\qElTEhJ.exe
  C:\Windows\System\qElTEhJ.exe
  2⤵
  PID:12604
- C:\Windows\System\KyEZGEs.exe
  C:\Windows\System\KyEZGEs.exe
  2⤵
  PID:12620
- C:\Windows\System\XaGhtcE.exe
  C:\Windows\System\XaGhtcE.exe
  2⤵
  PID:12644
- C:\Windows\System\PUFkTEf.exe
  C:\Windows\System\PUFkTEf.exe
  2⤵
  PID:12680
- C:\Windows\System\VtaDXWN.exe
  C:\Windows\System\VtaDXWN.exe
  2⤵
  PID:12716
- C:\Windows\System\jHckQxw.exe
  C:\Windows\System\jHckQxw.exe
  2⤵
  PID:12744
- C:\Windows\System\oEdkAGs.exe
  C:\Windows\System\oEdkAGs.exe
  2⤵
  PID:12760
- C:\Windows\System\wQrfEqu.exe
  C:\Windows\System\wQrfEqu.exe
  2⤵
  PID:12788
- C:\Windows\System\kZLhulg.exe
  C:\Windows\System\kZLhulg.exe
  2⤵
  PID:12816
- C:\Windows\System\tnFnPuQ.exe
  C:\Windows\System\tnFnPuQ.exe
  2⤵
  PID:12852
- C:\Windows\System\gJRrukU.exe
  C:\Windows\System\gJRrukU.exe
  2⤵
  PID:12872
- C:\Windows\System\LXRwQmk.exe
  C:\Windows\System\LXRwQmk.exe
  2⤵
  PID:12900
- C:\Windows\System\tLgVPIX.exe
  C:\Windows\System\tLgVPIX.exe
  2⤵
  PID:12932
- C:\Windows\System\RQrLmdu.exe
  C:\Windows\System\RQrLmdu.exe
  2⤵
  PID:12972
- C:\Windows\System\dBXjkRm.exe
  C:\Windows\System\dBXjkRm.exe
  2⤵
  PID:12988
- C:\Windows\System\wlwwvQJ.exe
  C:\Windows\System\wlwwvQJ.exe
  2⤵
  PID:13008
- C:\Windows\System\uwOwrAr.exe
  C:\Windows\System\uwOwrAr.exe
  2⤵
  PID:13048
- C:\Windows\System\MSTJSCx.exe
  C:\Windows\System\MSTJSCx.exe
  2⤵
  PID:13080
- C:\Windows\System\SotYWjE.exe
  C:\Windows\System\SotYWjE.exe
  2⤵
  PID:13120
- C:\Windows\System\fhePTdo.exe
  C:\Windows\System\fhePTdo.exe
  2⤵
  PID:13144
- C:\Windows\System\paFZOwM.exe
  C:\Windows\System\paFZOwM.exe
  2⤵
  PID:13176
- C:\Windows\System\eIxmREn.exe
  C:\Windows\System\eIxmREn.exe
  2⤵
  PID:13204
- C:\Windows\System\JbQuank.exe
  C:\Windows\System\JbQuank.exe
  2⤵
  PID:13228
- C:\Windows\System\tGeEgcD.exe
  C:\Windows\System\tGeEgcD.exe
  2⤵
  PID:13268
- C:\Windows\System\nXdwowk.exe
  C:\Windows\System\nXdwowk.exe
  2⤵
  PID:13296
- C:\Windows\System\PLZfaPV.exe
  C:\Windows\System\PLZfaPV.exe
  2⤵
  PID:12316
- C:\Windows\System\jjLYthC.exe
  C:\Windows\System\jjLYthC.exe
  2⤵
  PID:12388
- C:\Windows\System\tBCzmOD.exe
  C:\Windows\System\tBCzmOD.exe
  2⤵
  PID:12444
- C:\Windows\System\ZBqmJcC.exe
  C:\Windows\System\ZBqmJcC.exe
  2⤵
  PID:12504
- C:\Windows\System\tiDJcQb.exe
  C:\Windows\System\tiDJcQb.exe
  2⤵
  PID:12612
- C:\Windows\System\FrfaGdh.exe
  C:\Windows\System\FrfaGdh.exe
  2⤵
  PID:12632
- C:\Windows\System\UDDKCgW.exe
  C:\Windows\System\UDDKCgW.exe
  2⤵
  PID:12712
- C:\Windows\System\BLjQZDl.exe
  C:\Windows\System\BLjQZDl.exe
  2⤵
  PID:12772
- C:\Windows\System\HhoMEKc.exe
  C:\Windows\System\HhoMEKc.exe
  2⤵
  PID:12860
- C:\Windows\System\UoFGLLt.exe
  C:\Windows\System\UoFGLLt.exe
  2⤵
  PID:12912
- C:\Windows\System\PHimlxC.exe
  C:\Windows\System\PHimlxC.exe
  2⤵
  PID:12996
- C:\Windows\System\qJMfBgT.exe
  C:\Windows\System\qJMfBgT.exe
  2⤵
  PID:13064
- C:\Windows\System\UOZRzjL.exe
  C:\Windows\System\UOZRzjL.exe
  2⤵
  PID:13128
- C:\Windows\System\McVEhEK.exe
  C:\Windows\System\McVEhEK.exe
  2⤵
  PID:13200
- C:\Windows\System\QUKJiON.exe
  C:\Windows\System\QUKJiON.exe
  2⤵
  PID:13280
- C:\Windows\System\LCiJbQZ.exe
  C:\Windows\System\LCiJbQZ.exe
  2⤵
  PID:12364
- C:\Windows\System\HHmZkrn.exe
  C:\Windows\System\HHmZkrn.exe
  2⤵
  PID:12560
- C:\Windows\System\SMeioiM.exe
  C:\Windows\System\SMeioiM.exe
  2⤵
  PID:12704
- C:\Windows\System\RvOLHJG.exe
  C:\Windows\System\RvOLHJG.exe
  2⤵
  PID:12800
- C:\Windows\System\xWeQNoG.exe
  C:\Windows\System\xWeQNoG.exe
  2⤵
  PID:13016
- C:\Windows\System\VQgdaQC.exe
  C:\Windows\System\VQgdaQC.exe
  2⤵
  PID:13168
- C:\Windows\System\qmQoEAk.exe
  C:\Windows\System\qmQoEAk.exe
  2⤵
  PID:12004
- C:\Windows\System\tdgSeVE.exe
  C:\Windows\System\tdgSeVE.exe
  2⤵
  PID:12688
- C:\Windows\System\muVUysb.exe
  C:\Windows\System\muVUysb.exe
  2⤵
  PID:13060
- C:\Windows\System\sqVLdxy.exe
  C:\Windows\System\sqVLdxy.exe
  2⤵
  PID:12636
- C:\Windows\System\OsIojAV.exe
  C:\Windows\System\OsIojAV.exe
  2⤵
  PID:12460
- C:\Windows\System\SGjrhhq.exe
  C:\Windows\System\SGjrhhq.exe
  2⤵
  PID:13328
- C:\Windows\System\RIMYoYy.exe
  C:\Windows\System\RIMYoYy.exe
  2⤵
  PID:13356
- C:\Windows\System\aJpQwcx.exe
  C:\Windows\System\aJpQwcx.exe
  2⤵
  PID:13384
- C:\Windows\System\HaXNBlD.exe
  C:\Windows\System\HaXNBlD.exe
  2⤵
  PID:13412
- C:\Windows\System\KNvqALc.exe
  C:\Windows\System\KNvqALc.exe
  2⤵
  PID:13440
- C:\Windows\System\oSFhrYW.exe
  C:\Windows\System\oSFhrYW.exe
  2⤵
  PID:13468
- C:\Windows\System\uHLyZLQ.exe
  C:\Windows\System\uHLyZLQ.exe
  2⤵
  PID:13504
- C:\Windows\System\mUbwqGp.exe
  C:\Windows\System\mUbwqGp.exe
  2⤵
  PID:13532
- C:\Windows\System\uJVrQmj.exe
  C:\Windows\System\uJVrQmj.exe
  2⤵
  PID:13560
- C:\Windows\System\euHkJZX.exe
  C:\Windows\System\euHkJZX.exe
  2⤵
  PID:13576
- C:\Windows\System\jYXVcZM.exe
  C:\Windows\System\jYXVcZM.exe
  2⤵
  PID:13644
- C:\Windows\System\hDGterN.exe
  C:\Windows\System\hDGterN.exe
  2⤵
  PID:13668
- C:\Windows\System\bpsJABQ.exe
  C:\Windows\System\bpsJABQ.exe
  2⤵
  PID:13696
- C:\Windows\System\rdvfzjO.exe
  C:\Windows\System\rdvfzjO.exe
  2⤵
  PID:13728
- C:\Windows\System\wfVpqDf.exe
  C:\Windows\System\wfVpqDf.exe
  2⤵
  PID:13756
- C:\Windows\System\JgbYOsx.exe
  C:\Windows\System\JgbYOsx.exe
  2⤵
  PID:13784
- C:\Windows\System\MaZbuMm.exe
  C:\Windows\System\MaZbuMm.exe
  2⤵
  PID:13812
- C:\Windows\System\hBEOIiF.exe
  C:\Windows\System\hBEOIiF.exe
  2⤵
  PID:13840
- C:\Windows\System\IJOBHRx.exe
  C:\Windows\System\IJOBHRx.exe
  2⤵
  PID:13868
- C:\Windows\System\CVYheIJ.exe
  C:\Windows\System\CVYheIJ.exe
  2⤵
  PID:13900
- C:\Windows\System\pCIrWYK.exe
  C:\Windows\System\pCIrWYK.exe
  2⤵
  PID:13928
- C:\Windows\System\yTNIlXl.exe
  C:\Windows\System\yTNIlXl.exe
  2⤵
  PID:13960
- C:\Windows\System\EjoqFMx.exe
  C:\Windows\System\EjoqFMx.exe
  2⤵
  PID:13988
- C:\Windows\System\xwVpbQK.exe
  C:\Windows\System\xwVpbQK.exe
  2⤵
  PID:14016
- C:\Windows\System\wyKOcZL.exe
  C:\Windows\System\wyKOcZL.exe
  2⤵
  PID:14044
- C:\Windows\System\wSeaQcy.exe
  C:\Windows\System\wSeaQcy.exe
  2⤵
  PID:14072
- C:\Windows\System\eVbAaZh.exe
  C:\Windows\System\eVbAaZh.exe
  2⤵
  PID:14100
- C:\Windows\System\QTZsQsB.exe
  C:\Windows\System\QTZsQsB.exe
  2⤵
  PID:14128
- C:\Windows\System\BVQEyAx.exe
  C:\Windows\System\BVQEyAx.exe
  2⤵
  PID:14156
- C:\Windows\System\GsfHIEq.exe
  C:\Windows\System\GsfHIEq.exe
  2⤵
  PID:14184
- C:\Windows\System\THekVQl.exe
  C:\Windows\System\THekVQl.exe
  2⤵
  PID:14212
- C:\Windows\System\kXJqbwK.exe
  C:\Windows\System\kXJqbwK.exe
  2⤵
  PID:14240
- C:\Windows\System\IOiJtpS.exe
  C:\Windows\System\IOiJtpS.exe
  2⤵
  PID:14268
- C:\Windows\System\IveUQpK.exe
  C:\Windows\System\IveUQpK.exe
  2⤵
  PID:14296
- C:\Windows\System\gfwiImg.exe
  C:\Windows\System\gfwiImg.exe
  2⤵
  PID:14324
- C:\Windows\System\EVFzLKo.exe
  C:\Windows\System\EVFzLKo.exe
  2⤵
  PID:13348
- C:\Windows\System\MYKXUPh.exe
  C:\Windows\System\MYKXUPh.exe
  2⤵
  PID:3972
- C:\Windows\System\CxHLNuk.exe
  C:\Windows\System\CxHLNuk.exe
  2⤵
  PID:13396
- C:\Windows\System\kcdaKCq.exe
  C:\Windows\System\kcdaKCq.exe
  2⤵
  PID:13460
- C:\Windows\System\iZYaWRw.exe
  C:\Windows\System\iZYaWRw.exe
  2⤵
  PID:13528
- C:\Windows\System\hnLUTsE.exe
  C:\Windows\System\hnLUTsE.exe
  2⤵
  PID:13596
- C:\Windows\System\QuQoMlX.exe
  C:\Windows\System\QuQoMlX.exe
  2⤵
  PID:13660
- C:\Windows\System\FtKfxie.exe
  C:\Windows\System\FtKfxie.exe
  2⤵
  PID:13752
- C:\Windows\System\EVpugNX.exe
  C:\Windows\System\EVpugNX.exe
  2⤵
  PID:13808
- C:\Windows\System\COhpisS.exe
  C:\Windows\System\COhpisS.exe
  2⤵
  PID:13884
- C:\Windows\System\GgZvmFI.exe
  C:\Windows\System\GgZvmFI.exe
  2⤵
  PID:13952
- C:\Windows\System\Rvyoyye.exe
  C:\Windows\System\Rvyoyye.exe
  2⤵
  PID:14012
- C:\Windows\System\itSGgjq.exe
  C:\Windows\System\itSGgjq.exe
  2⤵
  PID:14088
- C:\Windows\System\XWgJHUl.exe
  C:\Windows\System\XWgJHUl.exe
  2⤵
  PID:14148
- C:\Windows\System\aZuLmgA.exe
  C:\Windows\System\aZuLmgA.exe
  2⤵
  PID:14208
- C:\Windows\System\VIDDDoW.exe
  C:\Windows\System\VIDDDoW.exe
  2⤵
  PID:14284
- C:\Windows\System\uslbUqB.exe
  C:\Windows\System\uslbUqB.exe
  2⤵
  PID:13324
- C:\Windows\System\ZFSxMFy.exe
  C:\Windows\System\ZFSxMFy.exe
  2⤵
  PID:1020
- C:\Windows\System\kqLxBSe.exe
  C:\Windows\System\kqLxBSe.exe
  2⤵
  PID:13556
- C:\Windows\System\aunOilE.exe
  C:\Windows\System\aunOilE.exe
  2⤵
  PID:13692
- C:\Windows\System\YAnYOgp.exe
  C:\Windows\System\YAnYOgp.exe
  2⤵
  PID:13864
- C:\Windows\System\iubwnEP.exe
  C:\Windows\System\iubwnEP.exe
  2⤵
  PID:14040
- C:\Windows\System\ufdcQhs.exe
  C:\Windows\System\ufdcQhs.exe
  2⤵
  PID:14196
- C:\Windows\System\kjDCafE.exe
  C:\Windows\System\kjDCafE.exe
  2⤵
  PID:4776
- C:\Windows\System\fmkcvSL.exe
  C:\Windows\System\fmkcvSL.exe
  2⤵
  PID:13796
- C:\Windows\System\HibOPTq.exe
  C:\Windows\System\HibOPTq.exe
  2⤵
  PID:2624
- C:\Windows\System\CGiBYpn.exe
  C:\Windows\System\CGiBYpn.exe
  2⤵
  PID:14344
- C:\Windows\System\oANhTNZ.exe
  C:\Windows\System\oANhTNZ.exe
  2⤵
  PID:14380
- C:\Windows\System\OqYjstX.exe
  C:\Windows\System\OqYjstX.exe
  2⤵
  PID:14412
- C:\Windows\System\BZppeZL.exe
  C:\Windows\System\BZppeZL.exe
  2⤵
  PID:14440
- C:\Windows\System\DABIaME.exe
  C:\Windows\System\DABIaME.exe
  2⤵
  PID:14468
- C:\Windows\System\QPRKoDA.exe
  C:\Windows\System\QPRKoDA.exe
  2⤵
  PID:14496
- C:\Windows\System\mjAgfAR.exe
  C:\Windows\System\mjAgfAR.exe
  2⤵
  PID:14524
- C:\Windows\System\RzCqrGS.exe
  C:\Windows\System\RzCqrGS.exe
  2⤵
  PID:14552
- C:\Windows\System\lCfcnqx.exe
  C:\Windows\System\lCfcnqx.exe
  2⤵
  PID:14580

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ABdjGcY.exe

Filesize
2.3MB

MD5
96af928f1353cc0c8dd12b8702cfd6c0

SHA1
7cb8dbfd6d937267869fd12db6bd6c4611d9b819

SHA256
789966966564f927dd0ab5d9703532c4b744c7eebbc13a1ec27a6b4ede619a58

SHA512
30a83c8e1d9f437eaa579579818188812bb0cb7b1436e88a6f2a5bf66ed3501bcbdfd3de940ee499328a06f17b3f9f66a30b65063c0cd03d1383614e5156f4c9

Download Submit
C:\Windows\System\BdvESjE.exe

Filesize
2.3MB

MD5
76379ca25ac2580741591e1b4c0cfccc

SHA1
3026b713d43a916654eb2d8f1fe0397d7e528c98

SHA256
c757117e156a1e506fdd08cce8a02d8d598bed670110a83823485b2e55630698

SHA512
85bd4e271639c2f3ea43ca8f1954fa199e1033a5c3e580f85e5c2cbbeb4bd0fd87cab650ad634e5bec3168cb3d4af23095026d9f2bd845c9c86582d2d501fb2b

Download Submit
C:\Windows\System\ClsPrzt.exe

Filesize
2.3MB

MD5
d60e7a64334019364be03ee700a417e0

SHA1
c48245fa5fe87574cc980aa8bc66978aace21b62

SHA256
a896bee3568a5d6ea17b6c006a5698573fa07648b50a21ea0a0dddd78327b54b

SHA512
6200feb3842e6f59406107da2f8e3d13ef3c19ded58074b51b937645bce214a8590b952a0cb278d64d853a40fca2068af9d3026a004839298d04e36383e8d3d5

Download Submit
C:\Windows\System\DdDPLxv.exe

Filesize
2.3MB

MD5
58e41ad33cd3d48ed5751746b586fcaa

SHA1
36d4a3db75bf4b87de21384a01c52b15dd68a264

SHA256
d1e61a0af2121200865eae3f79652c1e8067b6f622a89090623f986849770fed

SHA512
69864749ef2c7863414c72742ec1f51bd6a0917929ea2c42b4cd6330cbdcda53f25c7937bf043ce9f401967fb95465f7f3a0b68fe29d1920011ebd08b57a47d9

Download Submit
C:\Windows\System\HHIoNrZ.exe

Filesize
2.3MB

MD5
916acb42a7ce63e998b514d00beefd4e

SHA1
772ec16f9b515759fb197b73bbebe80a10b7e8c9

SHA256
2f76867acbd3b91d183715d49050ac9e3975d5e9e869bf9dce0d4e1571afee35

SHA512
93c6d2c149626e62089b629ee7853701af6400d441d2622b69c5b908bb86cc4345cec9f29fe6c8ece06adb1b4b31af74263512990c2e3a8c33c46ce9ed7c16ce

Download Submit
C:\Windows\System\HtDweVP.exe

Filesize
2.3MB

MD5
a089de19dac16965d8fd47a5d1ab674f

SHA1
a43300719b543b3fc1dc0338d0ea4084b16ecbe6

SHA256
b547ef641ff2c4e224e779b5da3e49cf33463a12c8178f71fbf1e89cb63f89be

SHA512
1cfdfcf88bb92be4d0f0e471b614879e2a5f0a5cdb4730061e1479c909c3a8ec5b184d1ed4f3f488b5d441c01bdd7a0bdfa48d5330e7ea1ccbd0b89100c25186

Download Submit
C:\Windows\System\ImwzfHu.exe

Filesize
2.3MB

MD5
b49182ac2364cad2057d8e9bec857602

SHA1
a166f616eea259284214a7f974926c2a73e862d2

SHA256
38bda9bd71db437198d5c0a13ad54b7b63ea956634f2b48d1420dcd08c5c0f79

SHA512
5a67af80192440a1193225427bbd30ec0f7f12bfc8df74ebad5ddcd1cf0e82e55a0a5d260b3b651425ed6fe63fecd8ab3c8a7a0e18c896b1fe9d2355f78aad3f

Download Submit
C:\Windows\System\KgBSQfE.exe

Filesize
2.3MB

MD5
1a2d84e0de12cdf131a0769a9fd3dbae

SHA1
eec9a2470ff0fed2222446cf69ff9b3141267a45

SHA256
e4abbc9605c3f66e2d4682f0b499f5d4d0595daef8bb6e23f186b9aeac785d8f

SHA512
ab3d8a3c96910d816479b9b788e4cac79db8f9f24cecf1bd4bbea11a6772110efdb33e5a4d5c278891ef95bdf244b8aa8f0b44846c6366c68b2227d9973ac754

Download Submit
C:\Windows\System\LAWcutp.exe

Filesize
2.3MB

MD5
1624a01d81933e7037bf17c5174cf2f4

SHA1
21f1e4a35af9ef28c8a773160784eb8859aeb9aa

SHA256
6c5bd730cf98e3b33a4eb9de0a2cd809f9a5c8127b6607f68a977b79d531dbc3

SHA512
9d3d0d73b814504adce3e980a8d18a6d2e304dd0cc4ba94ff57936a23c8128e38873152f90eb1fb77e20e93e80a1849ee56e8f1968903f66945fa101efec910a

Download Submit
C:\Windows\System\SraArAm.exe

Filesize
2.3MB

MD5
b70e462d152a77bbb386d03937db83db

SHA1
8aebe3f57a26fb5af04be6e816c8d8400f1bfc0b

SHA256
9900616e0d854c1c378a2798bbbf42baa3882f1ba9ae474b9fadfe6d477ed977

SHA512
15445100fccf1cee1f76913436ed12e091c475024aa674ceaf3e896e4106f228dd7b71fdda3a6b385c32fb76a06a02f92628c43114e027126a9a2abe449c7671

Download Submit
C:\Windows\System\VjxxQlm.exe

Filesize
2.3MB

MD5
77a109e22d278b03f1a27b6c2716a541

SHA1
052c2939e97f051baba3359fdb0014f8d873605f

SHA256
e174d1dd8d105ecf5f54160d3049a17eb51c427aaff6d70691dbe5454b1a61d0

SHA512
c74066d3091dfb6159fa67351e24f04960d7fe1eeb170d34a2d89a403efeb7b97de71e813b606535043650377d1b8a3393333956c3567e1ac3b1de7c3a2265c7

Download Submit
C:\Windows\System\WQFjoxH.exe

Filesize
2.3MB

MD5
cde7d80754878bda8ca9795b8827ddf0

SHA1
b867e627cc0aa2f4efe06aff93eb7d3e64b89f01

SHA256
c83af44df27b768618fc4526128c4dfdf6a039f551c20571c795c11adf598b59

SHA512
77ceaa8ccc6ce8296cff8c05806c829897253e20e1e6b86df58753dedc265048825daf01835c8ba72e3bb019770aa021a179ae3bac0ad07dbe529c6bd3075f9c

Download Submit
C:\Windows\System\WmPNMsN.exe

Filesize
2.3MB

MD5
461dbfd1c6005ade0c0f0d62f0d05e00

SHA1
ca53936fa10367478b254cbb4416784b9d4d32dc

SHA256
bb3a95aa36576b6603283dd59d3b9190dc1e493baf8e5aebd229e5a5d51a8473

SHA512
e9d47a50f9e78c29a15698a22106ab5fb6d5eccdf6d3ad0081ce7d5378ca0b360f1b9fbfd2651ec1976c89336a6d56d094b67caaaf49edd1506ccf2a6c801411

Download Submit
C:\Windows\System\XsAefll.exe

Filesize
2.3MB

MD5
e1f79c92475d0c95382875aee31c2dbf

SHA1
0d4d7c8d277c892794b120a8ddc683896645b6af

SHA256
40e24fd29af2b2b40d30fc434a9f4edea551639feab3173594dcc0987908fbac

SHA512
2a0fc3fb849e6b798ebaf1ea24e6bd5827792490e542eeb6c58623f6b1bc23753b70b1219cfaf880e0375baeae9c4d5abfb3ce79b98c7813e21bce8c1a668cfb

Download Submit
C:\Windows\System\YfUfCgI.exe

Filesize
2.3MB

MD5
5bc308a160e50bc68e49956e1b73d716

SHA1
cc12392fb450e48a1cfe8a145196b65034ff01cf

SHA256
0736ffd097ef251bdc398763c1c11acf4f1224f0969ae32fbce43eeab388e177

SHA512
1159b5341fa0195999d1b2525b789ff6ec78e22814fb0c2654a4a2b7bd25acdae36f2fb83ae72e37e48e1b7aaf06e94ddca0dcfbb4c2a7d985b21dbe949e80ae

Download Submit
C:\Windows\System\YroeHPy.exe

Filesize
2.3MB

MD5
111d4df714f41e29163f9375367cc55f

SHA1
bc0f821c724e83761562628de6ad55cbe1990eae

SHA256
069c1477c363b3701c9a2902d92a3429b628bb1251783dda1e715051c95b2182

SHA512
f0eaccfc94452dd37adbabe3ab267eb24e1c3cd521ea79752332f794f68579c9b86fd50eeaa6e6e50ab035a9ce30eeb684a2d32bdcad9253077383a041b01a0d

Download Submit
C:\Windows\System\cXPFAOZ.exe

Filesize
2.3MB

MD5
3b61962fb9563cb061ce88fd9804fae9

SHA1
f6a885c001a8d0342e0c46635380a0f01e19a778

SHA256
3f6a9f1c236fe13165f53d11989dc4c637da0f89c498bd01fa5808040f1a50d2

SHA512
ec018e93db526a99109d8384d625efdb1502a31d401404aa99abc533d32d2cf54b49a7e86dc3b4fef5d9f124f7d0246da4b453d0c7f30448af186e1011cdd3ff

Download Submit
C:\Windows\System\eXmRlqh.exe

Filesize
2.3MB

MD5
9a962ff828f08cc2e24c1385ca81938a

SHA1
21a083b68f47bd8752add742e4fa6204b8f7b7ee

SHA256
d8b1bbeafb6206e6eaa7dc70091f6ed44d883c7923df5b7ca0d07ffc08aa95ef

SHA512
bcdef6fb2bc1be9b4141b798ea2f2c1badddd52d3d76ef2e0d9612a35fd58e2c21e49b8bc4e729a801a63c22ae22cbc810d8bd54b5ca795e8f9c0c48f4749de7

Download Submit
C:\Windows\System\erIRGjy.exe

Filesize
2.3MB

MD5
27817a6023b79c6de6abaae02400c567

SHA1
63e8a5544303063d6a208537b85613ccf6fd765b

SHA256
b7959442845fe6955e858277b33c4dbf42f7ac3b1a732198ec8a078ec11fc4bf

SHA512
a620e6619d7cf771b0299efb1a8e4835070bef4d5bf8518f955baa91023190bff36dc9ab1ffb8162b5534814a9c165329925b6954c548a05c6cc36bd60b665e4

Download Submit
C:\Windows\System\goRAzgW.exe

Filesize
2.3MB

MD5
3ddb60a5c0af0d01c793a504d08459e1

SHA1
6c250490d3ede1304818675ca6bae5a0bb9b24d0

SHA256
c2318a754f6b263fca1ddedb0cac6beaf12ac2ea79d30b448005999428442b1a

SHA512
cd8896f96b7c92792c1ab611347d2e8a97c3ba8dbf749c795fbc6825813d87d013baab61f941b76c809cdd8f3fc497e6af4c271b503a67f246d13d0e7d63da7d

Download Submit
C:\Windows\System\kXHgzDG.exe

Filesize
2.3MB

MD5
1837eea30918f8de686ae3530bc72574

SHA1
9d61c72d49cee392aaca991b7f1bb37d73b6e3d9

SHA256
e26846750fbb7b735bed0ac72f99246782182298a939397a63c6f5b20af9a8b1

SHA512
a99b04e7b5890ad806ab5857a3eeb3f77292a04165615b7e682853207b31febc395ab3618627fe9bf791e51b7bc52356ffc1ebc2b1f2e59457b1600c6cdd81f5

Download Submit
C:\Windows\System\liNpEOR.exe

Filesize
2.3MB

MD5
5c641ae84ddcbfc67f4fa51312d666b2

SHA1
21c927a15c79d422bd113ae47845d45e97d8e1c0

SHA256
a9438455dcef52108fc9b61d245899d7b903da8a30a85e965a4be3d43e736808

SHA512
97180d9b01675ddbec43af888135a0c0bd42880907f7828a4fa99a3f21126b50d7f214ca78ae005985a84081574d4f204985425f19afdc6fd63e4769c98875a3

Download Submit
C:\Windows\System\nsEvHiZ.exe

Filesize
2.3MB

MD5
eb1a2235555c732c201073d7bbf83b92

SHA1
4c56dbea233ecf104b413e86cbf7270df95a8f9d

SHA256
e9915891ab5fb8d164a31bece8cc45f6412e54e7ecfc01a91666fee6a748d265

SHA512
df9d3cbafadc9539b1337ded6e07ca004c55805b6dea8300a5f038f962aff5b70f7281cc8b93e9872fa668b75d71ad0d1cc608a6104a24fd4089c3af755f80d6

Download Submit
C:\Windows\System\rFCNGzm.exe

Filesize
2.3MB

MD5
6d7552fdcb07ca6fe41542da78376db9

SHA1
0712e9eb2966f77b27ba0151db5085bb48e91c4b

SHA256
fa642fbd93aa97871767ebbd94978f5b07191984135d3ce7064756426c1b8a6f

SHA512
2900e0e592710ca4fd29b1f784b7778902afb681807717824551955adbb970b2cbf8ccbfefe69cbfae23967b9e0348a1299a804d8f7ee789b48863b37b70943f

Download Submit
C:\Windows\System\rJliRGu.exe

Filesize
2.3MB

MD5
3b8acdb50e8cb38228235b46a8b43ebe

SHA1
ff5864a465b85cb70e76ef01392bea544438732b

SHA256
d13004dccb867239b91cbb51700faa7c04c1e24cf0a5e28a6eb85ee332aee0cf

SHA512
a99b79af503080d53dd76fd5d5ef73f69b9598328b3c0b687b075a2133cd5d864c2b185d39beddf10e90b6b105c522a3a633911cfb6a9860895a4755eda78d98

Download Submit
C:\Windows\System\rueJMTF.exe

Filesize
2.3MB

MD5
2f9d370cd555a9ff176c65334307f683

SHA1
614381c073cce6b31b2ef0c8cf51627cb6ea1999

SHA256
59d92044faa71b8e7bacad6ce0d33ca0b0fdca92ced04a06ff2d3950909e094e

SHA512
cffdc20e7748ee2ac445c28834fd2f2bb3049401196124f0117881ff3d9db8f1b08e78fcde3f1ef60c7a38f34f4932f8b2fb70e35e908391ecd13f19acb19215

Download Submit
C:\Windows\System\sSpitQe.exe

Filesize
2.3MB

MD5
ffda5cdb170710906cd26cf3bf089630

SHA1
9f57fde9cba191a95f0ff1b73e9d74c0d7381cdb

SHA256
47fcf045229d32718277f933ab8f666715e169add6150ae81207051399bb917f

SHA512
b3688a62d5b71722d5210098f251da229bdef0e175516abc40e3601847cd9f73ff94dd7fdcd569d12c55f29dd47979e29aed7aa8e098d9fd5a667d91d4a431b2

Download Submit
C:\Windows\System\sjLDdws.exe

Filesize
2.3MB

MD5
cf08e68383770d71fd05a29111c62394

SHA1
8c2908340c80ec973b980e3032b1abab9a44d738

SHA256
2105cd333719d623447f0f4654afc93d47123890d472c57180185877dba5a749

SHA512
f9845df28233fd80e53101b4795ecd33e187a83adebdd3757ad41d064df31b8ece0a428a65737eb4ca676a8730d2113ce33bb5747923c41097aa5157f9c7b7d6

Download Submit
C:\Windows\System\vspIGtD.exe

Filesize
2.3MB

MD5
15335ca1eebcb4921015d75723587be9

SHA1
76a3a472f34f69195200db3942b09fa4a51e41b5

SHA256
f187c05f2d338b90608c7b8a6c79368ef09f401867b4886d9bf7595aa4cf1670

SHA512
9c7b14d3e127735cf60a89cdb9d578e794190e7d689a45c5342bdd41e29da1996da8b4add37566cf5438b7e3fcbe09e5cf79cf7b8ffac2a5aa5d8a14f3a3ea0c

Download Submit
C:\Windows\System\vvYWrRW.exe

Filesize
2.3MB

MD5
a96a9da093ca7108eb7f127827778428

SHA1
eb54002020c7346063ecbc2c049c2037d2b73d0a

SHA256
11b0a014f7f21fc329356011cbf8dca84adcb6e54e8f5ea3afdb80a394080805

SHA512
bb57c06b916fa00774a468c8c14ec1a36ed3c8a96f7fe416d56416af6a6c7bb1c705ee35535dbaf5f51d7c9b5a4f61dd998ec6c641a5c1c280cf7d179cab6147

Download Submit
C:\Windows\System\vwfMkzF.exe

Filesize
2.3MB

MD5
9ea7df1738895abdffc29b90d82b981c

SHA1
22cba500b9e487204578a7c1c157c0553385ddf3

SHA256
afcb7b6cb9144ef08c65e8ccb6d3fcb7fd35f000ab3e966d9c8791fe6baba193

SHA512
2176b059ffa6b0a8c997868bb73c0a69b0ed7a0a60a4b9e16fef3f2bd760567c8cef9ed3699aba6a8f0c7932eef3d8ddddafdc986d32a99d4d393bd0cb15b54b

Download Submit
C:\Windows\System\yhqVYiZ.exe

Filesize
2.3MB

MD5
b6a62cc4c60f86525c3b399b48430619

SHA1
6f03851c0efbabf2aabdfc4b0f54215906d25acb

SHA256
3ab2178ba0dc26005947d0bd4430a77ab292123a704f053ee6e22d83153005e7

SHA512
b04e3be0b0c6bcf60fff3187f6d767ba9d0ab2a9dc3f9112224395a84dd90bc9ff8675714dcd98768830944431c1656030f0c86b31a7004196190f2947921345

Download Submit
memory/376-648-0x00007FF69AE30000-0x00007FF69B184000-memory.dmp

Filesize
3.3MB

Download
memory/376-2132-0x00007FF69AE30000-0x00007FF69B184000-memory.dmp

Filesize
3.3MB

Download
memory/624-2129-0x00007FF70CBC0000-0x00007FF70CF14000-memory.dmp

Filesize
3.3MB

Download
memory/624-646-0x00007FF70CBC0000-0x00007FF70CF14000-memory.dmp

Filesize
3.3MB

Download
memory/696-680-0x00007FF6BBA10000-0x00007FF6BBD64000-memory.dmp

Filesize
3.3MB

Download
memory/696-2148-0x00007FF6BBA10000-0x00007FF6BBD64000-memory.dmp

Filesize
3.3MB

Download
memory/868-2137-0x00007FF6B3700000-0x00007FF6B3A54000-memory.dmp

Filesize
3.3MB

Download
memory/868-654-0x00007FF6B3700000-0x00007FF6B3A54000-memory.dmp

Filesize
3.3MB

Download
memory/932-689-0x00007FF6D6660000-0x00007FF6D69B4000-memory.dmp

Filesize
3.3MB

Download
memory/932-2152-0x00007FF6D6660000-0x00007FF6D69B4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-677-0x00007FF7AB270000-0x00007FF7AB5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-2150-0x00007FF7AB270000-0x00007FF7AB5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1060-2124-0x00007FF6F4530000-0x00007FF6F4884000-memory.dmp

Filesize
3.3MB

Download
memory/1060-2153-0x00007FF6F4530000-0x00007FF6F4884000-memory.dmp

Filesize
3.3MB

Download
memory/1060-18-0x00007FF6F4530000-0x00007FF6F4884000-memory.dmp

Filesize
3.3MB

Download
memory/1296-647-0x00007FF7404E0000-0x00007FF740834000-memory.dmp

Filesize
3.3MB

Download
memory/1296-2130-0x00007FF7404E0000-0x00007FF740834000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2139-0x00007FF6482F0000-0x00007FF648644000-memory.dmp

Filesize
3.3MB

Download
memory/1436-652-0x00007FF6482F0000-0x00007FF648644000-memory.dmp

Filesize
3.3MB

Download
memory/1688-2143-0x00007FF76C290000-0x00007FF76C5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-660-0x00007FF76C290000-0x00007FF76C5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-650-0x00007FF7E7610000-0x00007FF7E7964000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2133-0x00007FF7E7610000-0x00007FF7E7964000-memory.dmp

Filesize
3.3MB

Download
memory/1936-655-0x00007FF67DFC0000-0x00007FF67E314000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2136-0x00007FF67DFC0000-0x00007FF67E314000-memory.dmp

Filesize
3.3MB

Download
memory/2248-657-0x00007FF7F4BA0000-0x00007FF7F4EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2146-0x00007FF7F4BA0000-0x00007FF7F4EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-2140-0x00007FF64FE60000-0x00007FF6501B4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-651-0x00007FF64FE60000-0x00007FF6501B4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2135-0x00007FF6DC9C0000-0x00007FF6DCD14000-memory.dmp

Filesize
3.3MB

Download
memory/2480-649-0x00007FF6DC9C0000-0x00007FF6DCD14000-memory.dmp

Filesize
3.3MB

Download
memory/2604-687-0x00007FF7F6980000-0x00007FF7F6CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2151-0x00007FF7F6980000-0x00007FF7F6CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-668-0x00007FF617D10000-0x00007FF618064000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2141-0x00007FF617D10000-0x00007FF618064000-memory.dmp

Filesize
3.3MB

Download
memory/2756-659-0x00007FF7A1140000-0x00007FF7A1494000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2144-0x00007FF7A1140000-0x00007FF7A1494000-memory.dmp

Filesize
3.3MB

Download
memory/2896-2125-0x00007FF615450000-0x00007FF6157A4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-10-0x00007FF615450000-0x00007FF6157A4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2138-0x00007FF770880000-0x00007FF770BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-653-0x00007FF770880000-0x00007FF770BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3200-0-0x00007FF68B000000-0x00007FF68B354000-memory.dmp

Filesize
3.3MB

Download
memory/3200-1-0x0000023A8EBA0000-0x0000023A8EBB0000-memory.dmp

Filesize
64KB

Download
memory/3200-2122-0x00007FF68B000000-0x00007FF68B354000-memory.dmp

Filesize
3.3MB

Download
memory/3208-644-0x00007FF787DE0000-0x00007FF788134000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2128-0x00007FF787DE0000-0x00007FF788134000-memory.dmp

Filesize
3.3MB

Download
memory/3712-656-0x00007FF713E70000-0x00007FF7141C4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2134-0x00007FF713E70000-0x00007FF7141C4000-memory.dmp

Filesize
3.3MB

Download
memory/3812-670-0x00007FF7DF170000-0x00007FF7DF4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3812-2147-0x00007FF7DF170000-0x00007FF7DF4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-658-0x00007FF6FDD00000-0x00007FF6FE054000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2145-0x00007FF6FDD00000-0x00007FF6FE054000-memory.dmp

Filesize
3.3MB

Download
memory/4036-12-0x00007FF737D50000-0x00007FF7380A4000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2126-0x00007FF737D50000-0x00007FF7380A4000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2123-0x00007FF737D50000-0x00007FF7380A4000-memory.dmp

Filesize
3.3MB

Download
memory/4120-645-0x00007FF6DFF10000-0x00007FF6E0264000-memory.dmp

Filesize
3.3MB

Download
memory/4120-2131-0x00007FF6DFF10000-0x00007FF6E0264000-memory.dmp

Filesize
3.3MB

Download
memory/4228-2142-0x00007FF6DBE10000-0x00007FF6DC164000-memory.dmp

Filesize
3.3MB

Download
memory/4228-661-0x00007FF6DBE10000-0x00007FF6DC164000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2127-0x00007FF78DA10000-0x00007FF78DD64000-memory.dmp

Filesize
3.3MB

Download
memory/4544-643-0x00007FF78DA10000-0x00007FF78DD64000-memory.dmp

Filesize
3.3MB

Download
memory/5016-676-0x00007FF710260000-0x00007FF7105B4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2149-0x00007FF710260000-0x00007FF7105B4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads