xmrig | b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 02:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
Size

1.6MB
MD5

9de99c61e20225544c27d91fe06812f0
SHA1

5fe837f3cf281d6c676b246c541ba83c30277cd8
SHA256

b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b
SHA512

9a5d8e13898fe04ed0f7a8ede4cc47f0e44936232f12fa6c404a2408c5076402c84ea5c2e59ff32b2eea9c5e4b84839f5c12ab52766862365b87e8d1e4881acf
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AX53:BemTLkNdfE0pZr2

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4500-0-0x00007FF7D4500000-0x00007FF7D4854000-memory.dmp	xmrig
behavioral2/memory/936-16-0x00007FF6381C0000-0x00007FF638514000-memory.dmp	xmrig
behavioral2/files/0x00070000000234fa-28.dat	xmrig
behavioral2/memory/2928-43-0x00007FF703750000-0x00007FF703AA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234fb-46.dat	xmrig
behavioral2/files/0x00070000000234ff-51.dat	xmrig
behavioral2/memory/984-60-0x00007FF6CABF0000-0x00007FF6CAF44000-memory.dmp	xmrig
behavioral2/memory/2640-66-0x00007FF6E4B00000-0x00007FF6E4E54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023501-71.dat	xmrig
behavioral2/files/0x0007000000023505-89.dat	xmrig
behavioral2/files/0x0007000000023506-102.dat	xmrig
behavioral2/files/0x000700000002350b-119.dat	xmrig
behavioral2/files/0x000700000002350e-142.dat	xmrig
behavioral2/files/0x0007000000023514-172.dat	xmrig
behavioral2/memory/4632-669-0x00007FF754F00000-0x00007FF755254000-memory.dmp	xmrig
behavioral2/memory/4620-685-0x00007FF663F90000-0x00007FF6642E4000-memory.dmp	xmrig
behavioral2/memory/220-704-0x00007FF7D4400000-0x00007FF7D4754000-memory.dmp	xmrig
behavioral2/memory/116-713-0x00007FF7977C0000-0x00007FF797B14000-memory.dmp	xmrig
behavioral2/memory/2888-695-0x00007FF7B8050000-0x00007FF7B83A4000-memory.dmp	xmrig
behavioral2/memory/2012-721-0x00007FF7303C0000-0x00007FF730714000-memory.dmp	xmrig
behavioral2/memory/2228-734-0x00007FF6B7700000-0x00007FF6B7A54000-memory.dmp	xmrig
behavioral2/memory/2040-758-0x00007FF6B06C0000-0x00007FF6B0A14000-memory.dmp	xmrig
behavioral2/memory/3568-763-0x00007FF7B4970000-0x00007FF7B4CC4000-memory.dmp	xmrig
behavioral2/memory/3312-792-0x00007FF66EB90000-0x00007FF66EEE4000-memory.dmp	xmrig
behavioral2/memory/892-770-0x00007FF691670000-0x00007FF6919C4000-memory.dmp	xmrig
behavioral2/memory/3940-815-0x00007FF7FA750000-0x00007FF7FAAA4000-memory.dmp	xmrig
behavioral2/memory/592-821-0x00007FF6CD460000-0x00007FF6CD7B4000-memory.dmp	xmrig
behavioral2/memory/3224-803-0x00007FF7A8C60000-0x00007FF7A8FB4000-memory.dmp	xmrig
behavioral2/memory/4960-798-0x00007FF6D29F0000-0x00007FF6D2D44000-memory.dmp	xmrig
behavioral2/memory/4244-751-0x00007FF75CF40000-0x00007FF75D294000-memory.dmp	xmrig
behavioral2/memory/788-744-0x00007FF799870000-0x00007FF799BC4000-memory.dmp	xmrig
behavioral2/memory/5024-725-0x00007FF7C8860000-0x00007FF7C8BB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023516-174.dat	xmrig
behavioral2/files/0x0007000000023515-169.dat	xmrig
behavioral2/files/0x0007000000023513-167.dat	xmrig
behavioral2/files/0x0007000000023512-162.dat	xmrig
behavioral2/files/0x0007000000023511-157.dat	xmrig
behavioral2/files/0x0007000000023510-152.dat	xmrig
behavioral2/files/0x000700000002350f-147.dat	xmrig
behavioral2/files/0x000700000002350d-137.dat	xmrig
behavioral2/files/0x000700000002350c-132.dat	xmrig
behavioral2/files/0x000700000002350a-122.dat	xmrig
behavioral2/files/0x0007000000023509-117.dat	xmrig
behavioral2/files/0x0007000000023508-112.dat	xmrig
behavioral2/files/0x0007000000023507-107.dat	xmrig
behavioral2/files/0x0007000000023504-92.dat	xmrig
behavioral2/files/0x0007000000023503-87.dat	xmrig
behavioral2/files/0x0007000000023502-82.dat	xmrig
behavioral2/memory/4656-70-0x00007FF6869A0000-0x00007FF686CF4000-memory.dmp	xmrig
behavioral2/memory/2168-67-0x00007FF749CC0000-0x00007FF74A014000-memory.dmp	xmrig
behavioral2/files/0x0007000000023500-64.dat	xmrig
behavioral2/memory/4396-63-0x00007FF7EAF50000-0x00007FF7EB2A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234fe-58.dat	xmrig
behavioral2/files/0x00070000000234fd-56.dat	xmrig
behavioral2/memory/4760-54-0x00007FF74F430000-0x00007FF74F784000-memory.dmp	xmrig
behavioral2/memory/2588-50-0x00007FF751950000-0x00007FF751CA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234f9-39.dat	xmrig
behavioral2/memory/5004-37-0x00007FF620150000-0x00007FF6204A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234fc-36.dat	xmrig
behavioral2/memory/2480-23-0x00007FF7B0030000-0x00007FF7B0384000-memory.dmp	xmrig
behavioral2/files/0x00070000000234f8-17.dat	xmrig
behavioral2/files/0x00080000000234f7-21.dat	xmrig
behavioral2/files/0x00080000000234f1-8.dat	xmrig
behavioral2/memory/4500-2119-0x00007FF7D4500000-0x00007FF7D4854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
936	icIkbxN.exe
5004	KeqbQFA.exe
2480	WZaVXgD.exe
2928	DeUAEWU.exe
4396	Ssmarny.exe
2588	NiOkfzn.exe
4760	ZGdvvOX.exe
2640	IvzxqGK.exe
984	ofOzDja.exe
2168	iQYRKIM.exe
4656	zbLQTSG.exe
4632	pJmErgl.exe
4620	XLrJFeh.exe
2888	khubnxC.exe
220	XRJksON.exe
116	oYLRJbr.exe
2012	AFkSgGU.exe
5024	ZAlIeoc.exe
2228	FYMvhJd.exe
788	VyvtlaX.exe
4244	kbGEXcw.exe
2040	qHszNWr.exe
3568	hdJxNfU.exe
892	cewLxoO.exe
3312	HipsBcv.exe
4960	Cbeoqvp.exe
3224	PZxJYLF.exe
3940	jOfzFDD.exe
592	CjygXUE.exe
3100	nIxjPAT.exe
1452	jOIWZmM.exe
3484	SvUzQFn.exe
3020	fHRAkiK.exe
1680	yRQKrNN.exe
4376	ZEElAtD.exe
1520	crqhvjA.exe
3804	Lsudvmd.exe
3460	kCtxizv.exe
1804	RoQvfYK.exe
4004	jZEUOZO.exe
3416	yhVZUKI.exe
2608	nuAYTES.exe
3336	JKHJygo.exe
1808	aZOcERu.exe
1884	kaSCBIw.exe
4540	ijICMzJ.exe
3496	GMZpegv.exe
212	sIqQdpd.exe
4452	boqfhia.exe
4260	RykyMQY.exe
3512	dCNOhaS.exe
4892	alPnVql.exe
4568	YZtETqp.exe
1132	TAPBVIU.exe
640	mgMLYHO.exe
364	JvGGHLk.exe
2164	oUVazBj.exe
3296	PKPiHsN.exe
1532	iBzIbCR.exe
4040	DNUufCr.exe
4752	bJeCSOl.exe
680	WYiwukW.exe
4644	EVAYAGs.exe
3600	QFlioCv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4500-0-0x00007FF7D4500000-0x00007FF7D4854000-memory.dmp	upx
behavioral2/memory/936-16-0x00007FF6381C0000-0x00007FF638514000-memory.dmp	upx
behavioral2/files/0x00070000000234fa-28.dat	upx
behavioral2/memory/2928-43-0x00007FF703750000-0x00007FF703AA4000-memory.dmp	upx
behavioral2/files/0x00070000000234fb-46.dat	upx
behavioral2/files/0x00070000000234ff-51.dat	upx
behavioral2/memory/984-60-0x00007FF6CABF0000-0x00007FF6CAF44000-memory.dmp	upx
behavioral2/memory/2640-66-0x00007FF6E4B00000-0x00007FF6E4E54000-memory.dmp	upx
behavioral2/files/0x0007000000023501-71.dat	upx
behavioral2/files/0x0007000000023505-89.dat	upx
behavioral2/files/0x0007000000023506-102.dat	upx
behavioral2/files/0x000700000002350b-119.dat	upx
behavioral2/files/0x000700000002350e-142.dat	upx
behavioral2/files/0x0007000000023514-172.dat	upx
behavioral2/memory/4632-669-0x00007FF754F00000-0x00007FF755254000-memory.dmp	upx
behavioral2/memory/4620-685-0x00007FF663F90000-0x00007FF6642E4000-memory.dmp	upx
behavioral2/memory/220-704-0x00007FF7D4400000-0x00007FF7D4754000-memory.dmp	upx
behavioral2/memory/116-713-0x00007FF7977C0000-0x00007FF797B14000-memory.dmp	upx
behavioral2/memory/2888-695-0x00007FF7B8050000-0x00007FF7B83A4000-memory.dmp	upx
behavioral2/memory/2012-721-0x00007FF7303C0000-0x00007FF730714000-memory.dmp	upx
behavioral2/memory/2228-734-0x00007FF6B7700000-0x00007FF6B7A54000-memory.dmp	upx
behavioral2/memory/2040-758-0x00007FF6B06C0000-0x00007FF6B0A14000-memory.dmp	upx
behavioral2/memory/3568-763-0x00007FF7B4970000-0x00007FF7B4CC4000-memory.dmp	upx
behavioral2/memory/3312-792-0x00007FF66EB90000-0x00007FF66EEE4000-memory.dmp	upx
behavioral2/memory/892-770-0x00007FF691670000-0x00007FF6919C4000-memory.dmp	upx
behavioral2/memory/3940-815-0x00007FF7FA750000-0x00007FF7FAAA4000-memory.dmp	upx
behavioral2/memory/592-821-0x00007FF6CD460000-0x00007FF6CD7B4000-memory.dmp	upx
behavioral2/memory/3224-803-0x00007FF7A8C60000-0x00007FF7A8FB4000-memory.dmp	upx
behavioral2/memory/4960-798-0x00007FF6D29F0000-0x00007FF6D2D44000-memory.dmp	upx
behavioral2/memory/4244-751-0x00007FF75CF40000-0x00007FF75D294000-memory.dmp	upx
behavioral2/memory/788-744-0x00007FF799870000-0x00007FF799BC4000-memory.dmp	upx
behavioral2/memory/5024-725-0x00007FF7C8860000-0x00007FF7C8BB4000-memory.dmp	upx
behavioral2/files/0x0007000000023516-174.dat	upx
behavioral2/files/0x0007000000023515-169.dat	upx
behavioral2/files/0x0007000000023513-167.dat	upx
behavioral2/files/0x0007000000023512-162.dat	upx
behavioral2/files/0x0007000000023511-157.dat	upx
behavioral2/files/0x0007000000023510-152.dat	upx
behavioral2/files/0x000700000002350f-147.dat	upx
behavioral2/files/0x000700000002350d-137.dat	upx
behavioral2/files/0x000700000002350c-132.dat	upx
behavioral2/files/0x000700000002350a-122.dat	upx
behavioral2/files/0x0007000000023509-117.dat	upx
behavioral2/files/0x0007000000023508-112.dat	upx
behavioral2/files/0x0007000000023507-107.dat	upx
behavioral2/files/0x0007000000023504-92.dat	upx
behavioral2/files/0x0007000000023503-87.dat	upx
behavioral2/files/0x0007000000023502-82.dat	upx
behavioral2/memory/4656-70-0x00007FF6869A0000-0x00007FF686CF4000-memory.dmp	upx
behavioral2/memory/2168-67-0x00007FF749CC0000-0x00007FF74A014000-memory.dmp	upx
behavioral2/files/0x0007000000023500-64.dat	upx
behavioral2/memory/4396-63-0x00007FF7EAF50000-0x00007FF7EB2A4000-memory.dmp	upx
behavioral2/files/0x00070000000234fe-58.dat	upx
behavioral2/files/0x00070000000234fd-56.dat	upx
behavioral2/memory/4760-54-0x00007FF74F430000-0x00007FF74F784000-memory.dmp	upx
behavioral2/memory/2588-50-0x00007FF751950000-0x00007FF751CA4000-memory.dmp	upx
behavioral2/files/0x00070000000234f9-39.dat	upx
behavioral2/memory/5004-37-0x00007FF620150000-0x00007FF6204A4000-memory.dmp	upx
behavioral2/files/0x00070000000234fc-36.dat	upx
behavioral2/memory/2480-23-0x00007FF7B0030000-0x00007FF7B0384000-memory.dmp	upx
behavioral2/files/0x00070000000234f8-17.dat	upx
behavioral2/files/0x00080000000234f7-21.dat	upx
behavioral2/files/0x00080000000234f1-8.dat	upx
behavioral2/memory/4500-2119-0x00007FF7D4500000-0x00007FF7D4854000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cjVWiML.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\NhchSxL.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\QCRIgPT.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\WZdIcPX.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\DBPielG.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\unZCjQS.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\yJOIalT.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\NPQNDIM.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\SmTaPhI.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\wTAIgdg.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\tSyLJiM.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\BGvQqnH.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\hdaYruo.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\VVqFKMl.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\khubnxC.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\oUVazBj.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\YhELkgK.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\GEFAxFK.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\jBaUzOe.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\BEOfXMt.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\USZcaxe.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\NDiSzAI.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\JiyIEqK.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\ZuopTip.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\YsDiihW.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\gyVAsea.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\eCKStGw.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\CUgyDRC.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\aKijrvH.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\fLdDHct.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\NASiyih.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\mgMLYHO.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\zndMuqw.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\IKUHQRt.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\RglkZBm.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\dvWByRl.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\fTmNXxG.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\IlugzKC.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\gzcdmGs.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\Ashpjvf.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\dcNaVPJ.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\QqcGPOj.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\mLNmhqH.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\FDWuJtm.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\TzzyOEg.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\DHFYWnD.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\cfHYqWL.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\PZWHBQh.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\khUzoPP.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\zbLQTSG.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\kzdRFuI.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\KSycwOd.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\LlGZDeE.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\dReshNY.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\gwQhaTj.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\DRGQUyu.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\ZqLbaZT.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\yKDOxzp.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\nYXEJud.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\UvUsOHH.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\fhtTKIN.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\qHszNWr.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\XAhTful.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
File created	C:\Windows\System\qKailsM.exe	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13480	dwm.exe
Token: SeChangeNotifyPrivilege	13480	dwm.exe
Token: 33	13480	dwm.exe
Token: SeIncBasePriorityPrivilege	13480	dwm.exe
Token: SeShutdownPrivilege	13480	dwm.exe
Token: SeCreatePagefilePrivilege	13480	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 936	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	85
PID 4500 wrote to memory of 936	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	85
PID 4500 wrote to memory of 2480	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	86
PID 4500 wrote to memory of 2480	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	86
PID 4500 wrote to memory of 5004	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	87
PID 4500 wrote to memory of 5004	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	87
PID 4500 wrote to memory of 2928	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	88
PID 4500 wrote to memory of 2928	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	88
PID 4500 wrote to memory of 4396	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	89
PID 4500 wrote to memory of 4396	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	89
PID 4500 wrote to memory of 2588	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	90
PID 4500 wrote to memory of 2588	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	90
PID 4500 wrote to memory of 4760	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	91
PID 4500 wrote to memory of 4760	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	91
PID 4500 wrote to memory of 2640	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	92
PID 4500 wrote to memory of 2640	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	92
PID 4500 wrote to memory of 984	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	93
PID 4500 wrote to memory of 984	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	93
PID 4500 wrote to memory of 2168	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	94
PID 4500 wrote to memory of 2168	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	94
PID 4500 wrote to memory of 4656	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	95
PID 4500 wrote to memory of 4656	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	95
PID 4500 wrote to memory of 4632	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	96
PID 4500 wrote to memory of 4632	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	96
PID 4500 wrote to memory of 4620	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	97
PID 4500 wrote to memory of 4620	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	97
PID 4500 wrote to memory of 2888	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	98
PID 4500 wrote to memory of 2888	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	98
PID 4500 wrote to memory of 220	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	99
PID 4500 wrote to memory of 220	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	99
PID 4500 wrote to memory of 116	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	100
PID 4500 wrote to memory of 116	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	100
PID 4500 wrote to memory of 2012	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	101
PID 4500 wrote to memory of 2012	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	101
PID 4500 wrote to memory of 5024	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	102
PID 4500 wrote to memory of 5024	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	102
PID 4500 wrote to memory of 2228	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	103
PID 4500 wrote to memory of 2228	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	103
PID 4500 wrote to memory of 788	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	104
PID 4500 wrote to memory of 788	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	104
PID 4500 wrote to memory of 4244	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	105
PID 4500 wrote to memory of 4244	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	105
PID 4500 wrote to memory of 2040	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	106
PID 4500 wrote to memory of 2040	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	106
PID 4500 wrote to memory of 3568	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	107
PID 4500 wrote to memory of 3568	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	107
PID 4500 wrote to memory of 892	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	108
PID 4500 wrote to memory of 892	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	108
PID 4500 wrote to memory of 3312	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	109
PID 4500 wrote to memory of 3312	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	109
PID 4500 wrote to memory of 4960	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	110
PID 4500 wrote to memory of 4960	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	110
PID 4500 wrote to memory of 3224	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	111
PID 4500 wrote to memory of 3224	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	111
PID 4500 wrote to memory of 3940	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	112
PID 4500 wrote to memory of 3940	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	112
PID 4500 wrote to memory of 592	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	113
PID 4500 wrote to memory of 592	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	113
PID 4500 wrote to memory of 3100	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	114
PID 4500 wrote to memory of 3100	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	114
PID 4500 wrote to memory of 1452	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	115
PID 4500 wrote to memory of 1452	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	115
PID 4500 wrote to memory of 3484	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	116
PID 4500 wrote to memory of 3484	4500	b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe	116

C:\Users\Admin\AppData\Local\Temp\b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe
"C:\Users\Admin\AppData\Local\Temp\b79edf0510a2b0cc0cb299568934224b7943762477e3e3c732479b1c7085863b.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Windows\System\icIkbxN.exe
  C:\Windows\System\icIkbxN.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\WZaVXgD.exe
  C:\Windows\System\WZaVXgD.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\KeqbQFA.exe
  C:\Windows\System\KeqbQFA.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\DeUAEWU.exe
  C:\Windows\System\DeUAEWU.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\Ssmarny.exe
  C:\Windows\System\Ssmarny.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\NiOkfzn.exe
  C:\Windows\System\NiOkfzn.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\ZGdvvOX.exe
  C:\Windows\System\ZGdvvOX.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\IvzxqGK.exe
  C:\Windows\System\IvzxqGK.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ofOzDja.exe
  C:\Windows\System\ofOzDja.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\iQYRKIM.exe
  C:\Windows\System\iQYRKIM.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\zbLQTSG.exe
  C:\Windows\System\zbLQTSG.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\pJmErgl.exe
  C:\Windows\System\pJmErgl.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\XLrJFeh.exe
  C:\Windows\System\XLrJFeh.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\khubnxC.exe
  C:\Windows\System\khubnxC.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\XRJksON.exe
  C:\Windows\System\XRJksON.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\oYLRJbr.exe
  C:\Windows\System\oYLRJbr.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\AFkSgGU.exe
  C:\Windows\System\AFkSgGU.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\ZAlIeoc.exe
  C:\Windows\System\ZAlIeoc.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\FYMvhJd.exe
  C:\Windows\System\FYMvhJd.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\VyvtlaX.exe
  C:\Windows\System\VyvtlaX.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\kbGEXcw.exe
  C:\Windows\System\kbGEXcw.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\qHszNWr.exe
  C:\Windows\System\qHszNWr.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\hdJxNfU.exe
  C:\Windows\System\hdJxNfU.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\cewLxoO.exe
  C:\Windows\System\cewLxoO.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\HipsBcv.exe
  C:\Windows\System\HipsBcv.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\Cbeoqvp.exe
  C:\Windows\System\Cbeoqvp.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\PZxJYLF.exe
  C:\Windows\System\PZxJYLF.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\jOfzFDD.exe
  C:\Windows\System\jOfzFDD.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\CjygXUE.exe
  C:\Windows\System\CjygXUE.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\nIxjPAT.exe
  C:\Windows\System\nIxjPAT.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\jOIWZmM.exe
  C:\Windows\System\jOIWZmM.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\SvUzQFn.exe
  C:\Windows\System\SvUzQFn.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\fHRAkiK.exe
  C:\Windows\System\fHRAkiK.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\yRQKrNN.exe
  C:\Windows\System\yRQKrNN.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\ZEElAtD.exe
  C:\Windows\System\ZEElAtD.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\crqhvjA.exe
  C:\Windows\System\crqhvjA.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\Lsudvmd.exe
  C:\Windows\System\Lsudvmd.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\kCtxizv.exe
  C:\Windows\System\kCtxizv.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\RoQvfYK.exe
  C:\Windows\System\RoQvfYK.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\jZEUOZO.exe
  C:\Windows\System\jZEUOZO.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\yhVZUKI.exe
  C:\Windows\System\yhVZUKI.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\nuAYTES.exe
  C:\Windows\System\nuAYTES.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\JKHJygo.exe
  C:\Windows\System\JKHJygo.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\aZOcERu.exe
  C:\Windows\System\aZOcERu.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\kaSCBIw.exe
  C:\Windows\System\kaSCBIw.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ijICMzJ.exe
  C:\Windows\System\ijICMzJ.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\GMZpegv.exe
  C:\Windows\System\GMZpegv.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\sIqQdpd.exe
  C:\Windows\System\sIqQdpd.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\boqfhia.exe
  C:\Windows\System\boqfhia.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\RykyMQY.exe
  C:\Windows\System\RykyMQY.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\dCNOhaS.exe
  C:\Windows\System\dCNOhaS.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\alPnVql.exe
  C:\Windows\System\alPnVql.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\YZtETqp.exe
  C:\Windows\System\YZtETqp.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\TAPBVIU.exe
  C:\Windows\System\TAPBVIU.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\mgMLYHO.exe
  C:\Windows\System\mgMLYHO.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\JvGGHLk.exe
  C:\Windows\System\JvGGHLk.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\oUVazBj.exe
  C:\Windows\System\oUVazBj.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\PKPiHsN.exe
  C:\Windows\System\PKPiHsN.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\iBzIbCR.exe
  C:\Windows\System\iBzIbCR.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\DNUufCr.exe
  C:\Windows\System\DNUufCr.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\bJeCSOl.exe
  C:\Windows\System\bJeCSOl.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\WYiwukW.exe
  C:\Windows\System\WYiwukW.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\EVAYAGs.exe
  C:\Windows\System\EVAYAGs.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\QFlioCv.exe
  C:\Windows\System\QFlioCv.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\ehmjOdq.exe
  C:\Windows\System\ehmjOdq.exe
  2⤵
  PID:4440
- C:\Windows\System\UiBsBSr.exe
  C:\Windows\System\UiBsBSr.exe
  2⤵
  PID:1304
- C:\Windows\System\XJDYLpm.exe
  C:\Windows\System\XJDYLpm.exe
  2⤵
  PID:2848
- C:\Windows\System\nswJoeY.exe
  C:\Windows\System\nswJoeY.exe
  2⤵
  PID:4392
- C:\Windows\System\TBwagfO.exe
  C:\Windows\System\TBwagfO.exe
  2⤵
  PID:3440
- C:\Windows\System\YsDiihW.exe
  C:\Windows\System\YsDiihW.exe
  2⤵
  PID:3564
- C:\Windows\System\VHuCwij.exe
  C:\Windows\System\VHuCwij.exe
  2⤵
  PID:3080
- C:\Windows\System\DXNjqvQ.exe
  C:\Windows\System\DXNjqvQ.exe
  2⤵
  PID:4340
- C:\Windows\System\YLMQcUP.exe
  C:\Windows\System\YLMQcUP.exe
  2⤵
  PID:1968
- C:\Windows\System\mWcOcZp.exe
  C:\Windows\System\mWcOcZp.exe
  2⤵
  PID:3036
- C:\Windows\System\gimuDty.exe
  C:\Windows\System\gimuDty.exe
  2⤵
  PID:916
- C:\Windows\System\XDMKzTi.exe
  C:\Windows\System\XDMKzTi.exe
  2⤵
  PID:3776
- C:\Windows\System\rwEhsyX.exe
  C:\Windows\System\rwEhsyX.exe
  2⤵
  PID:5148
- C:\Windows\System\mleWjjc.exe
  C:\Windows\System\mleWjjc.exe
  2⤵
  PID:5172
- C:\Windows\System\dEZzlJg.exe
  C:\Windows\System\dEZzlJg.exe
  2⤵
  PID:5196
- C:\Windows\System\qGRSNwz.exe
  C:\Windows\System\qGRSNwz.exe
  2⤵
  PID:5248
- C:\Windows\System\CNWZahV.exe
  C:\Windows\System\CNWZahV.exe
  2⤵
  PID:5272
- C:\Windows\System\mTALvDd.exe
  C:\Windows\System\mTALvDd.exe
  2⤵
  PID:5288
- C:\Windows\System\OsXhekF.exe
  C:\Windows\System\OsXhekF.exe
  2⤵
  PID:5316
- C:\Windows\System\OiFjWWV.exe
  C:\Windows\System\OiFjWWV.exe
  2⤵
  PID:5344
- C:\Windows\System\HaAOTEY.exe
  C:\Windows\System\HaAOTEY.exe
  2⤵
  PID:5372
- C:\Windows\System\MBotEaD.exe
  C:\Windows\System\MBotEaD.exe
  2⤵
  PID:5400
- C:\Windows\System\ZXKCCGB.exe
  C:\Windows\System\ZXKCCGB.exe
  2⤵
  PID:5432
- C:\Windows\System\DRGQUyu.exe
  C:\Windows\System\DRGQUyu.exe
  2⤵
  PID:5456
- C:\Windows\System\zrUyeqG.exe
  C:\Windows\System\zrUyeqG.exe
  2⤵
  PID:5484
- C:\Windows\System\WRflBZs.exe
  C:\Windows\System\WRflBZs.exe
  2⤵
  PID:5512
- C:\Windows\System\EAaeBfL.exe
  C:\Windows\System\EAaeBfL.exe
  2⤵
  PID:5532
- C:\Windows\System\NomShCL.exe
  C:\Windows\System\NomShCL.exe
  2⤵
  PID:5564
- C:\Windows\System\ZqLbaZT.exe
  C:\Windows\System\ZqLbaZT.exe
  2⤵
  PID:5596
- C:\Windows\System\ReaLPqo.exe
  C:\Windows\System\ReaLPqo.exe
  2⤵
  PID:5628
- C:\Windows\System\UUryFXH.exe
  C:\Windows\System\UUryFXH.exe
  2⤵
  PID:5656
- C:\Windows\System\CTFNueC.exe
  C:\Windows\System\CTFNueC.exe
  2⤵
  PID:5684
- C:\Windows\System\qxBpmWR.exe
  C:\Windows\System\qxBpmWR.exe
  2⤵
  PID:5716
- C:\Windows\System\xllpqLJ.exe
  C:\Windows\System\xllpqLJ.exe
  2⤵
  PID:5740
- C:\Windows\System\uTUBsOp.exe
  C:\Windows\System\uTUBsOp.exe
  2⤵
  PID:5772
- C:\Windows\System\YnMkvKD.exe
  C:\Windows\System\YnMkvKD.exe
  2⤵
  PID:5796
- C:\Windows\System\nztLYPf.exe
  C:\Windows\System\nztLYPf.exe
  2⤵
  PID:5820
- C:\Windows\System\HpbONwU.exe
  C:\Windows\System\HpbONwU.exe
  2⤵
  PID:5852
- C:\Windows\System\OwZbCcP.exe
  C:\Windows\System\OwZbCcP.exe
  2⤵
  PID:5880
- C:\Windows\System\UgoayWZ.exe
  C:\Windows\System\UgoayWZ.exe
  2⤵
  PID:5908
- C:\Windows\System\clDqHpa.exe
  C:\Windows\System\clDqHpa.exe
  2⤵
  PID:5936
- C:\Windows\System\RlMjJSJ.exe
  C:\Windows\System\RlMjJSJ.exe
  2⤵
  PID:5964
- C:\Windows\System\jDoEaYy.exe
  C:\Windows\System\jDoEaYy.exe
  2⤵
  PID:5984
- C:\Windows\System\FGkGSix.exe
  C:\Windows\System\FGkGSix.exe
  2⤵
  PID:6008
- C:\Windows\System\ZSxalxq.exe
  C:\Windows\System\ZSxalxq.exe
  2⤵
  PID:6036
- C:\Windows\System\WkIyWiB.exe
  C:\Windows\System\WkIyWiB.exe
  2⤵
  PID:6064
- C:\Windows\System\XAhTful.exe
  C:\Windows\System\XAhTful.exe
  2⤵
  PID:6092
- C:\Windows\System\cLZWUTK.exe
  C:\Windows\System\cLZWUTK.exe
  2⤵
  PID:6120
- C:\Windows\System\pCWYngZ.exe
  C:\Windows\System\pCWYngZ.exe
  2⤵
  PID:2372
- C:\Windows\System\noqonvR.exe
  C:\Windows\System\noqonvR.exe
  2⤵
  PID:4588
- C:\Windows\System\nBHUXVS.exe
  C:\Windows\System\nBHUXVS.exe
  2⤵
  PID:1536
- C:\Windows\System\ibXpvtW.exe
  C:\Windows\System\ibXpvtW.exe
  2⤵
  PID:2560
- C:\Windows\System\upELbrP.exe
  C:\Windows\System\upELbrP.exe
  2⤵
  PID:1088
- C:\Windows\System\xzuebAv.exe
  C:\Windows\System\xzuebAv.exe
  2⤵
  PID:412
- C:\Windows\System\fCFQbDR.exe
  C:\Windows\System\fCFQbDR.exe
  2⤵
  PID:1324
- C:\Windows\System\wMXfEhA.exe
  C:\Windows\System\wMXfEhA.exe
  2⤵
  PID:5136
- C:\Windows\System\WFxYKrX.exe
  C:\Windows\System\WFxYKrX.exe
  2⤵
  PID:5204
- C:\Windows\System\GEFAxFK.exe
  C:\Windows\System\GEFAxFK.exe
  2⤵
  PID:5268
- C:\Windows\System\BeZTMga.exe
  C:\Windows\System\BeZTMga.exe
  2⤵
  PID:5332
- C:\Windows\System\ykHalar.exe
  C:\Windows\System\ykHalar.exe
  2⤵
  PID:5392
- C:\Windows\System\DHFYWnD.exe
  C:\Windows\System\DHFYWnD.exe
  2⤵
  PID:5468
- C:\Windows\System\pRXgxbw.exe
  C:\Windows\System\pRXgxbw.exe
  2⤵
  PID:5520
- C:\Windows\System\ciwTAuW.exe
  C:\Windows\System\ciwTAuW.exe
  2⤵
  PID:5580
- C:\Windows\System\qesmaZE.exe
  C:\Windows\System\qesmaZE.exe
  2⤵
  PID:5644
- C:\Windows\System\hNjThkQ.exe
  C:\Windows\System\hNjThkQ.exe
  2⤵
  PID:5704
- C:\Windows\System\nCVHBgf.exe
  C:\Windows\System\nCVHBgf.exe
  2⤵
  PID:5780
- C:\Windows\System\AKxdkOn.exe
  C:\Windows\System\AKxdkOn.exe
  2⤵
  PID:5840
- C:\Windows\System\yKDOxzp.exe
  C:\Windows\System\yKDOxzp.exe
  2⤵
  PID:5920
- C:\Windows\System\EltBRiy.exe
  C:\Windows\System\EltBRiy.exe
  2⤵
  PID:5992
- C:\Windows\System\eCDpOxq.exe
  C:\Windows\System\eCDpOxq.exe
  2⤵
  PID:6052
- C:\Windows\System\DEyjFjd.exe
  C:\Windows\System\DEyjFjd.exe
  2⤵
  PID:6104
- C:\Windows\System\oNJYckL.exe
  C:\Windows\System\oNJYckL.exe
  2⤵
  PID:4800
- C:\Windows\System\nHqNNcy.exe
  C:\Windows\System\nHqNNcy.exe
  2⤵
  PID:4204
- C:\Windows\System\kipmtlm.exe
  C:\Windows\System\kipmtlm.exe
  2⤵
  PID:2836
- C:\Windows\System\wYDDfTa.exe
  C:\Windows\System\wYDDfTa.exe
  2⤵
  PID:5184
- C:\Windows\System\UEhZbFK.exe
  C:\Windows\System\UEhZbFK.exe
  2⤵
  PID:5308
- C:\Windows\System\kSJsxHE.exe
  C:\Windows\System\kSJsxHE.exe
  2⤵
  PID:5496
- C:\Windows\System\rKqGNEV.exe
  C:\Windows\System\rKqGNEV.exe
  2⤵
  PID:5616
- C:\Windows\System\WeDPCOE.exe
  C:\Windows\System\WeDPCOE.exe
  2⤵
  PID:5756
- C:\Windows\System\VDdBDYG.exe
  C:\Windows\System\VDdBDYG.exe
  2⤵
  PID:5892
- C:\Windows\System\ctjRYbj.exe
  C:\Windows\System\ctjRYbj.exe
  2⤵
  PID:6080
- C:\Windows\System\YVtlLKq.exe
  C:\Windows\System\YVtlLKq.exe
  2⤵
  PID:4504
- C:\Windows\System\hGwzhId.exe
  C:\Windows\System\hGwzhId.exe
  2⤵
  PID:4300
- C:\Windows\System\mKePAQs.exe
  C:\Windows\System\mKePAQs.exe
  2⤵
  PID:3248
- C:\Windows\System\bLsXiUz.exe
  C:\Windows\System\bLsXiUz.exe
  2⤵
  PID:1832
- C:\Windows\System\xPMlbNg.exe
  C:\Windows\System\xPMlbNg.exe
  2⤵
  PID:6160
- C:\Windows\System\blLjDzs.exe
  C:\Windows\System\blLjDzs.exe
  2⤵
  PID:6192
- C:\Windows\System\zFyneYp.exe
  C:\Windows\System\zFyneYp.exe
  2⤵
  PID:6216
- C:\Windows\System\pQbdTte.exe
  C:\Windows\System\pQbdTte.exe
  2⤵
  PID:6244
- C:\Windows\System\Ashpjvf.exe
  C:\Windows\System\Ashpjvf.exe
  2⤵
  PID:6272
- C:\Windows\System\VKsvdvl.exe
  C:\Windows\System\VKsvdvl.exe
  2⤵
  PID:6300
- C:\Windows\System\lnMaRYH.exe
  C:\Windows\System\lnMaRYH.exe
  2⤵
  PID:6328
- C:\Windows\System\JDZVLvt.exe
  C:\Windows\System\JDZVLvt.exe
  2⤵
  PID:6356
- C:\Windows\System\SXGwBJO.exe
  C:\Windows\System\SXGwBJO.exe
  2⤵
  PID:6388
- C:\Windows\System\THlCdiY.exe
  C:\Windows\System\THlCdiY.exe
  2⤵
  PID:6412
- C:\Windows\System\jldXrLl.exe
  C:\Windows\System\jldXrLl.exe
  2⤵
  PID:6440
- C:\Windows\System\tAYwuEu.exe
  C:\Windows\System\tAYwuEu.exe
  2⤵
  PID:6468
- C:\Windows\System\wTAIgdg.exe
  C:\Windows\System\wTAIgdg.exe
  2⤵
  PID:6496
- C:\Windows\System\nTmZnqi.exe
  C:\Windows\System\nTmZnqi.exe
  2⤵
  PID:6524
- C:\Windows\System\KndkQyq.exe
  C:\Windows\System\KndkQyq.exe
  2⤵
  PID:6552
- C:\Windows\System\zbusPlU.exe
  C:\Windows\System\zbusPlU.exe
  2⤵
  PID:6580
- C:\Windows\System\QxlMVDw.exe
  C:\Windows\System\QxlMVDw.exe
  2⤵
  PID:6612
- C:\Windows\System\GFkodXi.exe
  C:\Windows\System\GFkodXi.exe
  2⤵
  PID:6644
- C:\Windows\System\AZvWOPX.exe
  C:\Windows\System\AZvWOPX.exe
  2⤵
  PID:6672
- C:\Windows\System\QRNNPOu.exe
  C:\Windows\System\QRNNPOu.exe
  2⤵
  PID:6700
- C:\Windows\System\ROCwtJc.exe
  C:\Windows\System\ROCwtJc.exe
  2⤵
  PID:6732
- C:\Windows\System\DWWrNsY.exe
  C:\Windows\System\DWWrNsY.exe
  2⤵
  PID:6756
- C:\Windows\System\fIZORNJ.exe
  C:\Windows\System\fIZORNJ.exe
  2⤵
  PID:6776
- C:\Windows\System\dolQIJz.exe
  C:\Windows\System\dolQIJz.exe
  2⤵
  PID:6808
- C:\Windows\System\UMUGyXu.exe
  C:\Windows\System\UMUGyXu.exe
  2⤵
  PID:6832
- C:\Windows\System\TludFll.exe
  C:\Windows\System\TludFll.exe
  2⤵
  PID:6860
- C:\Windows\System\UhyTOqD.exe
  C:\Windows\System\UhyTOqD.exe
  2⤵
  PID:6888
- C:\Windows\System\iptTtNy.exe
  C:\Windows\System\iptTtNy.exe
  2⤵
  PID:6916
- C:\Windows\System\pFJBcqF.exe
  C:\Windows\System\pFJBcqF.exe
  2⤵
  PID:6940
- C:\Windows\System\eezxvVm.exe
  C:\Windows\System\eezxvVm.exe
  2⤵
  PID:6976
- C:\Windows\System\tSyLJiM.exe
  C:\Windows\System\tSyLJiM.exe
  2⤵
  PID:7004
- C:\Windows\System\kjFWtpB.exe
  C:\Windows\System\kjFWtpB.exe
  2⤵
  PID:7028
- C:\Windows\System\cfHYqWL.exe
  C:\Windows\System\cfHYqWL.exe
  2⤵
  PID:7056
- C:\Windows\System\CkFHexg.exe
  C:\Windows\System\CkFHexg.exe
  2⤵
  PID:7080
- C:\Windows\System\UotOffz.exe
  C:\Windows\System\UotOffz.exe
  2⤵
  PID:7112
- C:\Windows\System\pesMqgw.exe
  C:\Windows\System\pesMqgw.exe
  2⤵
  PID:7140
- C:\Windows\System\SRsKnJP.exe
  C:\Windows\System\SRsKnJP.exe
  2⤵
  PID:3056
- C:\Windows\System\cwACfbx.exe
  C:\Windows\System\cwACfbx.exe
  2⤵
  PID:5836
- C:\Windows\System\zOZXQVd.exe
  C:\Windows\System\zOZXQVd.exe
  2⤵
  PID:4928
- C:\Windows\System\rPbtMUB.exe
  C:\Windows\System\rPbtMUB.exe
  2⤵
  PID:5440
- C:\Windows\System\rvsOFky.exe
  C:\Windows\System\rvsOFky.exe
  2⤵
  PID:6176
- C:\Windows\System\nDlCVYO.exe
  C:\Windows\System\nDlCVYO.exe
  2⤵
  PID:6236
- C:\Windows\System\JpEhKgl.exe
  C:\Windows\System\JpEhKgl.exe
  2⤵
  PID:6312
- C:\Windows\System\qFtIlFX.exe
  C:\Windows\System\qFtIlFX.exe
  2⤵
  PID:6372
- C:\Windows\System\nnbCEGa.exe
  C:\Windows\System\nnbCEGa.exe
  2⤵
  PID:1076
- C:\Windows\System\BVOAUqs.exe
  C:\Windows\System\BVOAUqs.exe
  2⤵
  PID:6484
- C:\Windows\System\EEGZWTL.exe
  C:\Windows\System\EEGZWTL.exe
  2⤵
  PID:1472
- C:\Windows\System\rSDokqV.exe
  C:\Windows\System\rSDokqV.exe
  2⤵
  PID:6568
- C:\Windows\System\fUnJqnp.exe
  C:\Windows\System\fUnJqnp.exe
  2⤵
  PID:6640
- C:\Windows\System\BtpQaHo.exe
  C:\Windows\System\BtpQaHo.exe
  2⤵
  PID:6712
- C:\Windows\System\RxygJlh.exe
  C:\Windows\System\RxygJlh.exe
  2⤵
  PID:6824
- C:\Windows\System\AjQsLGy.exe
  C:\Windows\System\AjQsLGy.exe
  2⤵
  PID:6880
- C:\Windows\System\BJzBBFu.exe
  C:\Windows\System\BJzBBFu.exe
  2⤵
  PID:6908
- C:\Windows\System\yQufRle.exe
  C:\Windows\System\yQufRle.exe
  2⤵
  PID:6984
- C:\Windows\System\vBeRkWn.exe
  C:\Windows\System\vBeRkWn.exe
  2⤵
  PID:7012
- C:\Windows\System\dcNaVPJ.exe
  C:\Windows\System\dcNaVPJ.exe
  2⤵
  PID:7068
- C:\Windows\System\DbWPqOr.exe
  C:\Windows\System\DbWPqOr.exe
  2⤵
  PID:3856
- C:\Windows\System\hheZQIX.exe
  C:\Windows\System\hheZQIX.exe
  2⤵
  PID:5812
- C:\Windows\System\HmXcIFk.exe
  C:\Windows\System\HmXcIFk.exe
  2⤵
  PID:3632
- C:\Windows\System\QqcGPOj.exe
  C:\Windows\System\QqcGPOj.exe
  2⤵
  PID:2464
- C:\Windows\System\DBPielG.exe
  C:\Windows\System\DBPielG.exe
  2⤵
  PID:6152
- C:\Windows\System\HujPSXJ.exe
  C:\Windows\System\HujPSXJ.exe
  2⤵
  PID:408
- C:\Windows\System\UyLsSAR.exe
  C:\Windows\System\UyLsSAR.exe
  2⤵
  PID:1128
- C:\Windows\System\QCRIgPT.exe
  C:\Windows\System\QCRIgPT.exe
  2⤵
  PID:6344
- C:\Windows\System\UlAJyaL.exe
  C:\Windows\System\UlAJyaL.exe
  2⤵
  PID:4328
- C:\Windows\System\IXAqByt.exe
  C:\Windows\System\IXAqByt.exe
  2⤵
  PID:760
- C:\Windows\System\ncAPmmg.exe
  C:\Windows\System\ncAPmmg.exe
  2⤵
  PID:6632
- C:\Windows\System\SyWdiTY.exe
  C:\Windows\System\SyWdiTY.exe
  2⤵
  PID:6744
- C:\Windows\System\KSycwOd.exe
  C:\Windows\System\KSycwOd.exe
  2⤵
  PID:6872
- C:\Windows\System\qhhfgnf.exe
  C:\Windows\System\qhhfgnf.exe
  2⤵
  PID:6904
- C:\Windows\System\cdSwbcS.exe
  C:\Windows\System\cdSwbcS.exe
  2⤵
  PID:6960
- C:\Windows\System\lzlaDEv.exe
  C:\Windows\System\lzlaDEv.exe
  2⤵
  PID:7072
- C:\Windows\System\FJPfWHd.exe
  C:\Windows\System\FJPfWHd.exe
  2⤵
  PID:5116
- C:\Windows\System\BGvQqnH.exe
  C:\Windows\System\BGvQqnH.exe
  2⤵
  PID:6208
- C:\Windows\System\UtWHLcU.exe
  C:\Windows\System\UtWHLcU.exe
  2⤵
  PID:6320
- C:\Windows\System\xmHvSwM.exe
  C:\Windows\System\xmHvSwM.exe
  2⤵
  PID:6512
- C:\Windows\System\AYVtULv.exe
  C:\Windows\System\AYVtULv.exe
  2⤵
  PID:2572
- C:\Windows\System\WZdIcPX.exe
  C:\Windows\System\WZdIcPX.exe
  2⤵
  PID:1764
- C:\Windows\System\EMmhOVQ.exe
  C:\Windows\System\EMmhOVQ.exe
  2⤵
  PID:532
- C:\Windows\System\AyZcuft.exe
  C:\Windows\System\AyZcuft.exe
  2⤵
  PID:7204
- C:\Windows\System\UlnveNx.exe
  C:\Windows\System\UlnveNx.exe
  2⤵
  PID:7236
- C:\Windows\System\oewPtsa.exe
  C:\Windows\System\oewPtsa.exe
  2⤵
  PID:7276
- C:\Windows\System\SFDKUJE.exe
  C:\Windows\System\SFDKUJE.exe
  2⤵
  PID:7304
- C:\Windows\System\rZHMvpD.exe
  C:\Windows\System\rZHMvpD.exe
  2⤵
  PID:7332
- C:\Windows\System\tqRtIXa.exe
  C:\Windows\System\tqRtIXa.exe
  2⤵
  PID:7360
- C:\Windows\System\iDNwOpi.exe
  C:\Windows\System\iDNwOpi.exe
  2⤵
  PID:7392
- C:\Windows\System\oxyWRuz.exe
  C:\Windows\System\oxyWRuz.exe
  2⤵
  PID:7436
- C:\Windows\System\DMUShqU.exe
  C:\Windows\System\DMUShqU.exe
  2⤵
  PID:7456
- C:\Windows\System\RNPQaPB.exe
  C:\Windows\System\RNPQaPB.exe
  2⤵
  PID:7480
- C:\Windows\System\aeyOnHu.exe
  C:\Windows\System\aeyOnHu.exe
  2⤵
  PID:7500
- C:\Windows\System\idoAeNP.exe
  C:\Windows\System\idoAeNP.exe
  2⤵
  PID:7528
- C:\Windows\System\RfALxLF.exe
  C:\Windows\System\RfALxLF.exe
  2⤵
  PID:7552
- C:\Windows\System\IACmQaF.exe
  C:\Windows\System\IACmQaF.exe
  2⤵
  PID:7568
- C:\Windows\System\thRtiga.exe
  C:\Windows\System\thRtiga.exe
  2⤵
  PID:7592
- C:\Windows\System\jAATrdk.exe
  C:\Windows\System\jAATrdk.exe
  2⤵
  PID:7632
- C:\Windows\System\zDDwGHu.exe
  C:\Windows\System\zDDwGHu.exe
  2⤵
  PID:7664
- C:\Windows\System\zndMuqw.exe
  C:\Windows\System\zndMuqw.exe
  2⤵
  PID:7708
- C:\Windows\System\UCOSqCK.exe
  C:\Windows\System\UCOSqCK.exe
  2⤵
  PID:7736
- C:\Windows\System\dJKJldN.exe
  C:\Windows\System\dJKJldN.exe
  2⤵
  PID:7772
- C:\Windows\System\ALeZHWu.exe
  C:\Windows\System\ALeZHWu.exe
  2⤵
  PID:7796
- C:\Windows\System\iUdqihf.exe
  C:\Windows\System\iUdqihf.exe
  2⤵
  PID:8000
- C:\Windows\System\MhZbZRt.exe
  C:\Windows\System\MhZbZRt.exe
  2⤵
  PID:8016
- C:\Windows\System\YELFwVU.exe
  C:\Windows\System\YELFwVU.exe
  2⤵
  PID:8044
- C:\Windows\System\PGhylST.exe
  C:\Windows\System\PGhylST.exe
  2⤵
  PID:8072
- C:\Windows\System\TFEehHP.exe
  C:\Windows\System\TFEehHP.exe
  2⤵
  PID:8148
- C:\Windows\System\cjVWiML.exe
  C:\Windows\System\cjVWiML.exe
  2⤵
  PID:8168
- C:\Windows\System\giWDhfR.exe
  C:\Windows\System\giWDhfR.exe
  2⤵
  PID:6264
- C:\Windows\System\WOxelYg.exe
  C:\Windows\System\WOxelYg.exe
  2⤵
  PID:6956
- C:\Windows\System\fGqrGVR.exe
  C:\Windows\System\fGqrGVR.exe
  2⤵
  PID:7224
- C:\Windows\System\ATkHvHN.exe
  C:\Windows\System\ATkHvHN.exe
  2⤵
  PID:4560
- C:\Windows\System\RKIRkhg.exe
  C:\Windows\System\RKIRkhg.exe
  2⤵
  PID:7320
- C:\Windows\System\eCKStGw.exe
  C:\Windows\System\eCKStGw.exe
  2⤵
  PID:7400
- C:\Windows\System\yuWvHok.exe
  C:\Windows\System\yuWvHok.exe
  2⤵
  PID:7536
- C:\Windows\System\IKUHQRt.exe
  C:\Windows\System\IKUHQRt.exe
  2⤵
  PID:7516
- C:\Windows\System\DYZoUeG.exe
  C:\Windows\System\DYZoUeG.exe
  2⤵
  PID:7624
- C:\Windows\System\wUKwuns.exe
  C:\Windows\System\wUKwuns.exe
  2⤵
  PID:7716
- C:\Windows\System\kxkcjWC.exe
  C:\Windows\System\kxkcjWC.exe
  2⤵
  PID:7804
- C:\Windows\System\AKrqibN.exe
  C:\Windows\System\AKrqibN.exe
  2⤵
  PID:7848
- C:\Windows\System\NrTWKci.exe
  C:\Windows\System\NrTWKci.exe
  2⤵
  PID:2436
- C:\Windows\System\DrKgIUO.exe
  C:\Windows\System\DrKgIUO.exe
  2⤵
  PID:8036
- C:\Windows\System\dHZZdrT.exe
  C:\Windows\System\dHZZdrT.exe
  2⤵
  PID:1788
- C:\Windows\System\fogsCNn.exe
  C:\Windows\System\fogsCNn.exe
  2⤵
  PID:8160
- C:\Windows\System\vyaqfCj.exe
  C:\Windows\System\vyaqfCj.exe
  2⤵
  PID:7324
- C:\Windows\System\ySRwDAw.exe
  C:\Windows\System\ySRwDAw.exe
  2⤵
  PID:7420
- C:\Windows\System\aPvugQq.exe
  C:\Windows\System\aPvugQq.exe
  2⤵
  PID:6516
- C:\Windows\System\LMvSXzN.exe
  C:\Windows\System\LMvSXzN.exe
  2⤵
  PID:7540
- C:\Windows\System\dPTrFug.exe
  C:\Windows\System\dPTrFug.exe
  2⤵
  PID:7788
- C:\Windows\System\BLMfovm.exe
  C:\Windows\System\BLMfovm.exe
  2⤵
  PID:8032
- C:\Windows\System\GbzHutD.exe
  C:\Windows\System\GbzHutD.exe
  2⤵
  PID:8028
- C:\Windows\System\vFgKbnD.exe
  C:\Windows\System\vFgKbnD.exe
  2⤵
  PID:8144
- C:\Windows\System\wVDRRNP.exe
  C:\Windows\System\wVDRRNP.exe
  2⤵
  PID:7348
- C:\Windows\System\mLNmhqH.exe
  C:\Windows\System\mLNmhqH.exe
  2⤵
  PID:7560
- C:\Windows\System\Imrqncr.exe
  C:\Windows\System\Imrqncr.exe
  2⤵
  PID:7780
- C:\Windows\System\FPuquEM.exe
  C:\Windows\System\FPuquEM.exe
  2⤵
  PID:8128
- C:\Windows\System\CkkmgFq.exe
  C:\Windows\System\CkkmgFq.exe
  2⤵
  PID:8216
- C:\Windows\System\eFHylSF.exe
  C:\Windows\System\eFHylSF.exe
  2⤵
  PID:8244
- C:\Windows\System\rLPPJMa.exe
  C:\Windows\System\rLPPJMa.exe
  2⤵
  PID:8268
- C:\Windows\System\RsZjczv.exe
  C:\Windows\System\RsZjczv.exe
  2⤵
  PID:8300
- C:\Windows\System\KPAHRRy.exe
  C:\Windows\System\KPAHRRy.exe
  2⤵
  PID:8336
- C:\Windows\System\hdaYruo.exe
  C:\Windows\System\hdaYruo.exe
  2⤵
  PID:8360
- C:\Windows\System\cenObyW.exe
  C:\Windows\System\cenObyW.exe
  2⤵
  PID:8388
- C:\Windows\System\sGODoTX.exe
  C:\Windows\System\sGODoTX.exe
  2⤵
  PID:8416
- C:\Windows\System\rsmUUif.exe
  C:\Windows\System\rsmUUif.exe
  2⤵
  PID:8452
- C:\Windows\System\VCagSwO.exe
  C:\Windows\System\VCagSwO.exe
  2⤵
  PID:8472
- C:\Windows\System\ulwrPln.exe
  C:\Windows\System\ulwrPln.exe
  2⤵
  PID:8504
- C:\Windows\System\dELGFTc.exe
  C:\Windows\System\dELGFTc.exe
  2⤵
  PID:8532
- C:\Windows\System\cyIRZGq.exe
  C:\Windows\System\cyIRZGq.exe
  2⤵
  PID:8560
- C:\Windows\System\gyVAsea.exe
  C:\Windows\System\gyVAsea.exe
  2⤵
  PID:8588
- C:\Windows\System\WjzpedU.exe
  C:\Windows\System\WjzpedU.exe
  2⤵
  PID:8616
- C:\Windows\System\HmSRqtH.exe
  C:\Windows\System\HmSRqtH.exe
  2⤵
  PID:8644
- C:\Windows\System\rfGUVOH.exe
  C:\Windows\System\rfGUVOH.exe
  2⤵
  PID:8672
- C:\Windows\System\NTkjteM.exe
  C:\Windows\System\NTkjteM.exe
  2⤵
  PID:8696
- C:\Windows\System\IOKfaJy.exe
  C:\Windows\System\IOKfaJy.exe
  2⤵
  PID:8724
- C:\Windows\System\zDSnqjF.exe
  C:\Windows\System\zDSnqjF.exe
  2⤵
  PID:8756
- C:\Windows\System\wPoPFkf.exe
  C:\Windows\System\wPoPFkf.exe
  2⤵
  PID:8788
- C:\Windows\System\bGnvJUF.exe
  C:\Windows\System\bGnvJUF.exe
  2⤵
  PID:8820
- C:\Windows\System\kdddnJM.exe
  C:\Windows\System\kdddnJM.exe
  2⤵
  PID:8848
- C:\Windows\System\JOooIUF.exe
  C:\Windows\System\JOooIUF.exe
  2⤵
  PID:8876
- C:\Windows\System\nGfcPDO.exe
  C:\Windows\System\nGfcPDO.exe
  2⤵
  PID:8904
- C:\Windows\System\CanthBH.exe
  C:\Windows\System\CanthBH.exe
  2⤵
  PID:8932
- C:\Windows\System\MEuAngb.exe
  C:\Windows\System\MEuAngb.exe
  2⤵
  PID:8960
- C:\Windows\System\BEOfXMt.exe
  C:\Windows\System\BEOfXMt.exe
  2⤵
  PID:8984
- C:\Windows\System\GBQCZAo.exe
  C:\Windows\System\GBQCZAo.exe
  2⤵
  PID:9012
- C:\Windows\System\FdRCwXT.exe
  C:\Windows\System\FdRCwXT.exe
  2⤵
  PID:9032
- C:\Windows\System\zdkutSm.exe
  C:\Windows\System\zdkutSm.exe
  2⤵
  PID:9072
- C:\Windows\System\FrYgWPc.exe
  C:\Windows\System\FrYgWPc.exe
  2⤵
  PID:9100
- C:\Windows\System\zPgkMsx.exe
  C:\Windows\System\zPgkMsx.exe
  2⤵
  PID:9124
- C:\Windows\System\JDFCpUB.exe
  C:\Windows\System\JDFCpUB.exe
  2⤵
  PID:9152
- C:\Windows\System\DLbqqkl.exe
  C:\Windows\System\DLbqqkl.exe
  2⤵
  PID:9176
- C:\Windows\System\UsxQcrG.exe
  C:\Windows\System\UsxQcrG.exe
  2⤵
  PID:7768
- C:\Windows\System\QhJgiOd.exe
  C:\Windows\System\QhJgiOd.exe
  2⤵
  PID:3424
- C:\Windows\System\NXmJqqn.exe
  C:\Windows\System\NXmJqqn.exe
  2⤵
  PID:8276
- C:\Windows\System\LMrjnfn.exe
  C:\Windows\System\LMrjnfn.exe
  2⤵
  PID:8324
- C:\Windows\System\nvPwkAl.exe
  C:\Windows\System\nvPwkAl.exe
  2⤵
  PID:8400
- C:\Windows\System\klOybYm.exe
  C:\Windows\System\klOybYm.exe
  2⤵
  PID:8464
- C:\Windows\System\FEgOdyj.exe
  C:\Windows\System\FEgOdyj.exe
  2⤵
  PID:8548
- C:\Windows\System\kENihvq.exe
  C:\Windows\System\kENihvq.exe
  2⤵
  PID:8604
- C:\Windows\System\DfnPPZU.exe
  C:\Windows\System\DfnPPZU.exe
  2⤵
  PID:8668
- C:\Windows\System\FUleeMD.exe
  C:\Windows\System\FUleeMD.exe
  2⤵
  PID:8704
- C:\Windows\System\LMbJmFc.exe
  C:\Windows\System\LMbJmFc.exe
  2⤵
  PID:8800
- C:\Windows\System\LYCtESW.exe
  C:\Windows\System\LYCtESW.exe
  2⤵
  PID:8868
- C:\Windows\System\nyNNhWc.exe
  C:\Windows\System\nyNNhWc.exe
  2⤵
  PID:8928
- C:\Windows\System\ixUskoO.exe
  C:\Windows\System\ixUskoO.exe
  2⤵
  PID:8992
- C:\Windows\System\RglkZBm.exe
  C:\Windows\System\RglkZBm.exe
  2⤵
  PID:9048
- C:\Windows\System\qobZbpE.exe
  C:\Windows\System\qobZbpE.exe
  2⤵
  PID:9116
- C:\Windows\System\XLhzWwY.exe
  C:\Windows\System\XLhzWwY.exe
  2⤵
  PID:9172
- C:\Windows\System\DxnztEV.exe
  C:\Windows\System\DxnztEV.exe
  2⤵
  PID:8228
- C:\Windows\System\QDtcHMj.exe
  C:\Windows\System\QDtcHMj.exe
  2⤵
  PID:8380
- C:\Windows\System\KXUhoId.exe
  C:\Windows\System\KXUhoId.exe
  2⤵
  PID:8500
- C:\Windows\System\jUhROHA.exe
  C:\Windows\System\jUhROHA.exe
  2⤵
  PID:8720
- C:\Windows\System\JTjapjA.exe
  C:\Windows\System\JTjapjA.exe
  2⤵
  PID:8844
- C:\Windows\System\XrJKDPU.exe
  C:\Windows\System\XrJKDPU.exe
  2⤵
  PID:8980
- C:\Windows\System\ONimjjd.exe
  C:\Windows\System\ONimjjd.exe
  2⤵
  PID:9164
- C:\Windows\System\eTskWDX.exe
  C:\Windows\System\eTskWDX.exe
  2⤵
  PID:7888
- C:\Windows\System\CYQWLPB.exe
  C:\Windows\System\CYQWLPB.exe
  2⤵
  PID:8632
- C:\Windows\System\QQHBQck.exe
  C:\Windows\System\QQHBQck.exe
  2⤵
  PID:8920
- C:\Windows\System\vATnQnx.exe
  C:\Windows\System\vATnQnx.exe
  2⤵
  PID:8212
- C:\Windows\System\IaGECEh.exe
  C:\Windows\System\IaGECEh.exe
  2⤵
  PID:9052
- C:\Windows\System\GjxmvVo.exe
  C:\Windows\System\GjxmvVo.exe
  2⤵
  PID:9224
- C:\Windows\System\HoeVmIq.exe
  C:\Windows\System\HoeVmIq.exe
  2⤵
  PID:9252
- C:\Windows\System\bdObMux.exe
  C:\Windows\System\bdObMux.exe
  2⤵
  PID:9280
- C:\Windows\System\MHbDCot.exe
  C:\Windows\System\MHbDCot.exe
  2⤵
  PID:9308
- C:\Windows\System\IYxCCaA.exe
  C:\Windows\System\IYxCCaA.exe
  2⤵
  PID:9324
- C:\Windows\System\mYEhQrp.exe
  C:\Windows\System\mYEhQrp.exe
  2⤵
  PID:9348
- C:\Windows\System\RHzetAI.exe
  C:\Windows\System\RHzetAI.exe
  2⤵
  PID:9372
- C:\Windows\System\LNssjgP.exe
  C:\Windows\System\LNssjgP.exe
  2⤵
  PID:9392
- C:\Windows\System\edGXXxQ.exe
  C:\Windows\System\edGXXxQ.exe
  2⤵
  PID:9424
- C:\Windows\System\fdcqiCz.exe
  C:\Windows\System\fdcqiCz.exe
  2⤵
  PID:9472
- C:\Windows\System\byxsJms.exe
  C:\Windows\System\byxsJms.exe
  2⤵
  PID:9504
- C:\Windows\System\NZSGiQz.exe
  C:\Windows\System\NZSGiQz.exe
  2⤵
  PID:9528
- C:\Windows\System\rhfjcYn.exe
  C:\Windows\System\rhfjcYn.exe
  2⤵
  PID:9568
- C:\Windows\System\IOOuqyu.exe
  C:\Windows\System\IOOuqyu.exe
  2⤵
  PID:9600
- C:\Windows\System\rXBEqEp.exe
  C:\Windows\System\rXBEqEp.exe
  2⤵
  PID:9624
- C:\Windows\System\kzdRFuI.exe
  C:\Windows\System\kzdRFuI.exe
  2⤵
  PID:9656
- C:\Windows\System\BZDzRHg.exe
  C:\Windows\System\BZDzRHg.exe
  2⤵
  PID:9684
- C:\Windows\System\QfNrEXd.exe
  C:\Windows\System\QfNrEXd.exe
  2⤵
  PID:9708
- C:\Windows\System\ajMjkwY.exe
  C:\Windows\System\ajMjkwY.exe
  2⤵
  PID:9724
- C:\Windows\System\XAZpppB.exe
  C:\Windows\System\XAZpppB.exe
  2⤵
  PID:9768
- C:\Windows\System\SiGyqsv.exe
  C:\Windows\System\SiGyqsv.exe
  2⤵
  PID:9792
- C:\Windows\System\ERdNxHv.exe
  C:\Windows\System\ERdNxHv.exe
  2⤵
  PID:9828
- C:\Windows\System\gYxIdET.exe
  C:\Windows\System\gYxIdET.exe
  2⤵
  PID:9856
- C:\Windows\System\tJdasoM.exe
  C:\Windows\System\tJdasoM.exe
  2⤵
  PID:9884
- C:\Windows\System\OVEtvip.exe
  C:\Windows\System\OVEtvip.exe
  2⤵
  PID:9912
- C:\Windows\System\OmwZEfP.exe
  C:\Windows\System\OmwZEfP.exe
  2⤵
  PID:9940
- C:\Windows\System\wEnNIkA.exe
  C:\Windows\System\wEnNIkA.exe
  2⤵
  PID:9968
- C:\Windows\System\FaNZIdi.exe
  C:\Windows\System\FaNZIdi.exe
  2⤵
  PID:9988
- C:\Windows\System\czfDkmJ.exe
  C:\Windows\System\czfDkmJ.exe
  2⤵
  PID:10028
- C:\Windows\System\EqmhWGI.exe
  C:\Windows\System\EqmhWGI.exe
  2⤵
  PID:10052
- C:\Windows\System\lYoptnq.exe
  C:\Windows\System\lYoptnq.exe
  2⤵
  PID:10080
- C:\Windows\System\qIkXxii.exe
  C:\Windows\System\qIkXxii.exe
  2⤵
  PID:10108
- C:\Windows\System\gSOodFL.exe
  C:\Windows\System\gSOodFL.exe
  2⤵
  PID:10152
- C:\Windows\System\iergHRa.exe
  C:\Windows\System\iergHRa.exe
  2⤵
  PID:10168
- C:\Windows\System\ExPfDEg.exe
  C:\Windows\System\ExPfDEg.exe
  2⤵
  PID:10196
- C:\Windows\System\iOUuLTT.exe
  C:\Windows\System\iOUuLTT.exe
  2⤵
  PID:10224
- C:\Windows\System\dvWByRl.exe
  C:\Windows\System\dvWByRl.exe
  2⤵
  PID:9220
- C:\Windows\System\iLaJIpj.exe
  C:\Windows\System\iLaJIpj.exe
  2⤵
  PID:9320
- C:\Windows\System\lHebWJV.exe
  C:\Windows\System\lHebWJV.exe
  2⤵
  PID:9340
- C:\Windows\System\WAYhMRB.exe
  C:\Windows\System\WAYhMRB.exe
  2⤵
  PID:9400
- C:\Windows\System\RPQgySt.exe
  C:\Windows\System\RPQgySt.exe
  2⤵
  PID:9492
- C:\Windows\System\JLmucGd.exe
  C:\Windows\System\JLmucGd.exe
  2⤵
  PID:9548
- C:\Windows\System\oOEdHPZ.exe
  C:\Windows\System\oOEdHPZ.exe
  2⤵
  PID:9620
- C:\Windows\System\AsWszrU.exe
  C:\Windows\System\AsWszrU.exe
  2⤵
  PID:9192
- C:\Windows\System\UKXUvVY.exe
  C:\Windows\System\UKXUvVY.exe
  2⤵
  PID:9744
- C:\Windows\System\IZMPOph.exe
  C:\Windows\System\IZMPOph.exe
  2⤵
  PID:9800
- C:\Windows\System\aoVawvZ.exe
  C:\Windows\System\aoVawvZ.exe
  2⤵
  PID:9880
- C:\Windows\System\CUgyDRC.exe
  C:\Windows\System\CUgyDRC.exe
  2⤵
  PID:9936
- C:\Windows\System\ZGsAjvU.exe
  C:\Windows\System\ZGsAjvU.exe
  2⤵
  PID:9984
- C:\Windows\System\wfpgFxW.exe
  C:\Windows\System\wfpgFxW.exe
  2⤵
  PID:10072
- C:\Windows\System\iBSmfSw.exe
  C:\Windows\System\iBSmfSw.exe
  2⤵
  PID:10132
- C:\Windows\System\emycpZj.exe
  C:\Windows\System\emycpZj.exe
  2⤵
  PID:10216
- C:\Windows\System\USZcaxe.exe
  C:\Windows\System\USZcaxe.exe
  2⤵
  PID:9304
- C:\Windows\System\jEFcceM.exe
  C:\Windows\System\jEFcceM.exe
  2⤵
  PID:9484
- C:\Windows\System\SZTTirk.exe
  C:\Windows\System\SZTTirk.exe
  2⤵
  PID:9592
- C:\Windows\System\wKZuLDP.exe
  C:\Windows\System\wKZuLDP.exe
  2⤵
  PID:9736
- C:\Windows\System\nErmFNK.exe
  C:\Windows\System\nErmFNK.exe
  2⤵
  PID:9900
- C:\Windows\System\JoLjojW.exe
  C:\Windows\System\JoLjojW.exe
  2⤵
  PID:10048
- C:\Windows\System\FUYeQew.exe
  C:\Windows\System\FUYeQew.exe
  2⤵
  PID:10208
- C:\Windows\System\yJfymZl.exe
  C:\Windows\System\yJfymZl.exe
  2⤵
  PID:9496
- C:\Windows\System\MBSevmS.exe
  C:\Windows\System\MBSevmS.exe
  2⤵
  PID:9848
- C:\Windows\System\NuskAwP.exe
  C:\Windows\System\NuskAwP.exe
  2⤵
  PID:10192
- C:\Windows\System\nscrQKa.exe
  C:\Windows\System\nscrQKa.exe
  2⤵
  PID:10036
- C:\Windows\System\nsvKYhl.exe
  C:\Windows\System\nsvKYhl.exe
  2⤵
  PID:9760
- C:\Windows\System\BhSvuzr.exe
  C:\Windows\System\BhSvuzr.exe
  2⤵
  PID:10268
- C:\Windows\System\KWKrdhf.exe
  C:\Windows\System\KWKrdhf.exe
  2⤵
  PID:10296
- C:\Windows\System\yXNtEmO.exe
  C:\Windows\System\yXNtEmO.exe
  2⤵
  PID:10328
- C:\Windows\System\unoItkR.exe
  C:\Windows\System\unoItkR.exe
  2⤵
  PID:10356
- C:\Windows\System\DqWYFsR.exe
  C:\Windows\System\DqWYFsR.exe
  2⤵
  PID:10380
- C:\Windows\System\vaisOht.exe
  C:\Windows\System\vaisOht.exe
  2⤵
  PID:10404
- C:\Windows\System\PJolpDa.exe
  C:\Windows\System\PJolpDa.exe
  2⤵
  PID:10428
- C:\Windows\System\bKUIoBb.exe
  C:\Windows\System\bKUIoBb.exe
  2⤵
  PID:10472
- C:\Windows\System\jBaUzOe.exe
  C:\Windows\System\jBaUzOe.exe
  2⤵
  PID:10500
- C:\Windows\System\NiLrsxz.exe
  C:\Windows\System\NiLrsxz.exe
  2⤵
  PID:10528
- C:\Windows\System\LaFygiC.exe
  C:\Windows\System\LaFygiC.exe
  2⤵
  PID:10552
- C:\Windows\System\zOoIsLw.exe
  C:\Windows\System\zOoIsLw.exe
  2⤵
  PID:10584
- C:\Windows\System\WrwISFn.exe
  C:\Windows\System\WrwISFn.exe
  2⤵
  PID:10612
- C:\Windows\System\fLKpUbQ.exe
  C:\Windows\System\fLKpUbQ.exe
  2⤵
  PID:10640
- C:\Windows\System\VMKipPe.exe
  C:\Windows\System\VMKipPe.exe
  2⤵
  PID:10668
- C:\Windows\System\yiagmSk.exe
  C:\Windows\System\yiagmSk.exe
  2⤵
  PID:10696
- C:\Windows\System\aKijrvH.exe
  C:\Windows\System\aKijrvH.exe
  2⤵
  PID:10724
- C:\Windows\System\HFIGVsI.exe
  C:\Windows\System\HFIGVsI.exe
  2⤵
  PID:10752
- C:\Windows\System\PMXMKao.exe
  C:\Windows\System\PMXMKao.exe
  2⤵
  PID:10780
- C:\Windows\System\NhchSxL.exe
  C:\Windows\System\NhchSxL.exe
  2⤵
  PID:10796
- C:\Windows\System\RVVIyTq.exe
  C:\Windows\System\RVVIyTq.exe
  2⤵
  PID:10824
- C:\Windows\System\nAzBeIT.exe
  C:\Windows\System\nAzBeIT.exe
  2⤵
  PID:10864
- C:\Windows\System\JtviFwW.exe
  C:\Windows\System\JtviFwW.exe
  2⤵
  PID:10892
- C:\Windows\System\aCzXDkD.exe
  C:\Windows\System\aCzXDkD.exe
  2⤵
  PID:10920
- C:\Windows\System\cHGUrMh.exe
  C:\Windows\System\cHGUrMh.exe
  2⤵
  PID:10948
- C:\Windows\System\DkHwUlj.exe
  C:\Windows\System\DkHwUlj.exe
  2⤵
  PID:10976
- C:\Windows\System\eQPoZPi.exe
  C:\Windows\System\eQPoZPi.exe
  2⤵
  PID:11004
- C:\Windows\System\jhgvKLF.exe
  C:\Windows\System\jhgvKLF.exe
  2⤵
  PID:11032
- C:\Windows\System\OXwbKFL.exe
  C:\Windows\System\OXwbKFL.exe
  2⤵
  PID:11060
- C:\Windows\System\rkQpkXE.exe
  C:\Windows\System\rkQpkXE.exe
  2⤵
  PID:11088
- C:\Windows\System\PZWHBQh.exe
  C:\Windows\System\PZWHBQh.exe
  2⤵
  PID:11108
- C:\Windows\System\ULeePdd.exe
  C:\Windows\System\ULeePdd.exe
  2⤵
  PID:11140
- C:\Windows\System\wNKFiYX.exe
  C:\Windows\System\wNKFiYX.exe
  2⤵
  PID:11164
- C:\Windows\System\dzDuATK.exe
  C:\Windows\System\dzDuATK.exe
  2⤵
  PID:11200
- C:\Windows\System\FDWuJtm.exe
  C:\Windows\System\FDWuJtm.exe
  2⤵
  PID:11228
- C:\Windows\System\szTKeWq.exe
  C:\Windows\System\szTKeWq.exe
  2⤵
  PID:11256
- C:\Windows\System\OCNkBpA.exe
  C:\Windows\System\OCNkBpA.exe
  2⤵
  PID:10284
- C:\Windows\System\CsqiTXF.exe
  C:\Windows\System\CsqiTXF.exe
  2⤵
  PID:10348
- C:\Windows\System\jVOxXoz.exe
  C:\Windows\System\jVOxXoz.exe
  2⤵
  PID:10424
- C:\Windows\System\uQjdqKo.exe
  C:\Windows\System\uQjdqKo.exe
  2⤵
  PID:10496
- C:\Windows\System\uqqHlzm.exe
  C:\Windows\System\uqqHlzm.exe
  2⤵
  PID:10536
- C:\Windows\System\ihTNWqj.exe
  C:\Windows\System\ihTNWqj.exe
  2⤵
  PID:10604
- C:\Windows\System\npmyOii.exe
  C:\Windows\System\npmyOii.exe
  2⤵
  PID:10652
- C:\Windows\System\MGMmzby.exe
  C:\Windows\System\MGMmzby.exe
  2⤵
  PID:10740
- C:\Windows\System\ULOtKXF.exe
  C:\Windows\System\ULOtKXF.exe
  2⤵
  PID:10776
- C:\Windows\System\cxgiuMk.exe
  C:\Windows\System\cxgiuMk.exe
  2⤵
  PID:10880
- C:\Windows\System\TzzyOEg.exe
  C:\Windows\System\TzzyOEg.exe
  2⤵
  PID:10940
- C:\Windows\System\eVCPznQ.exe
  C:\Windows\System\eVCPznQ.exe
  2⤵
  PID:11020
- C:\Windows\System\DUnxvDI.exe
  C:\Windows\System\DUnxvDI.exe
  2⤵
  PID:11072
- C:\Windows\System\EdnWTqq.exe
  C:\Windows\System\EdnWTqq.exe
  2⤵
  PID:11132
- C:\Windows\System\kbzXbRE.exe
  C:\Windows\System\kbzXbRE.exe
  2⤵
  PID:11212
- C:\Windows\System\ktDKKpU.exe
  C:\Windows\System\ktDKKpU.exe
  2⤵
  PID:10320
- C:\Windows\System\uBpHuWL.exe
  C:\Windows\System\uBpHuWL.exe
  2⤵
  PID:10440
- C:\Windows\System\axZuNOX.exe
  C:\Windows\System\axZuNOX.exe
  2⤵
  PID:10628
- C:\Windows\System\bdwwoHO.exe
  C:\Windows\System\bdwwoHO.exe
  2⤵
  PID:10764
- C:\Windows\System\BiGrTLt.exe
  C:\Windows\System\BiGrTLt.exe
  2⤵
  PID:10460
- C:\Windows\System\AYSsKKG.exe
  C:\Windows\System\AYSsKKG.exe
  2⤵
  PID:11052
- C:\Windows\System\grDQozE.exe
  C:\Windows\System\grDQozE.exe
  2⤵
  PID:11216
- C:\Windows\System\femfmbF.exe
  C:\Windows\System\femfmbF.exe
  2⤵
  PID:10544
- C:\Windows\System\eIKJyAU.exe
  C:\Windows\System\eIKJyAU.exe
  2⤵
  PID:10860
- C:\Windows\System\bcOCmkQ.exe
  C:\Windows\System\bcOCmkQ.exe
  2⤵
  PID:11044
- C:\Windows\System\lsKVJyP.exe
  C:\Windows\System\lsKVJyP.exe
  2⤵
  PID:10748
- C:\Windows\System\LmGPfxD.exe
  C:\Windows\System\LmGPfxD.exe
  2⤵
  PID:11284
- C:\Windows\System\rQmWdmZ.exe
  C:\Windows\System\rQmWdmZ.exe
  2⤵
  PID:11308
- C:\Windows\System\WsrEygQ.exe
  C:\Windows\System\WsrEygQ.exe
  2⤵
  PID:11360
- C:\Windows\System\IWJtDjI.exe
  C:\Windows\System\IWJtDjI.exe
  2⤵
  PID:11396
- C:\Windows\System\AhUgMtk.exe
  C:\Windows\System\AhUgMtk.exe
  2⤵
  PID:11424
- C:\Windows\System\nKtrJOu.exe
  C:\Windows\System\nKtrJOu.exe
  2⤵
  PID:11444
- C:\Windows\System\fTmNXxG.exe
  C:\Windows\System\fTmNXxG.exe
  2⤵
  PID:11480
- C:\Windows\System\elkIhmZ.exe
  C:\Windows\System\elkIhmZ.exe
  2⤵
  PID:11508
- C:\Windows\System\RenzUxI.exe
  C:\Windows\System\RenzUxI.exe
  2⤵
  PID:11536
- C:\Windows\System\IlugzKC.exe
  C:\Windows\System\IlugzKC.exe
  2⤵
  PID:11564
- C:\Windows\System\qCJubVa.exe
  C:\Windows\System\qCJubVa.exe
  2⤵
  PID:11592
- C:\Windows\System\cphYhXv.exe
  C:\Windows\System\cphYhXv.exe
  2⤵
  PID:11620
- C:\Windows\System\pWFGnch.exe
  C:\Windows\System\pWFGnch.exe
  2⤵
  PID:11640
- C:\Windows\System\MYWbXIn.exe
  C:\Windows\System\MYWbXIn.exe
  2⤵
  PID:11664
- C:\Windows\System\KfWpiTo.exe
  C:\Windows\System\KfWpiTo.exe
  2⤵
  PID:11696
- C:\Windows\System\AkCsLfM.exe
  C:\Windows\System\AkCsLfM.exe
  2⤵
  PID:11732
- C:\Windows\System\jkosvSb.exe
  C:\Windows\System\jkosvSb.exe
  2⤵
  PID:11748
- C:\Windows\System\kgIPqjA.exe
  C:\Windows\System\kgIPqjA.exe
  2⤵
  PID:11788
- C:\Windows\System\FAiQlBX.exe
  C:\Windows\System\FAiQlBX.exe
  2⤵
  PID:11816
- C:\Windows\System\jKFEtdk.exe
  C:\Windows\System\jKFEtdk.exe
  2⤵
  PID:11844
- C:\Windows\System\jpgXMSp.exe
  C:\Windows\System\jpgXMSp.exe
  2⤵
  PID:11872
- C:\Windows\System\LerhyTD.exe
  C:\Windows\System\LerhyTD.exe
  2⤵
  PID:11900
- C:\Windows\System\hRmhpzl.exe
  C:\Windows\System\hRmhpzl.exe
  2⤵
  PID:11928
- C:\Windows\System\JjchUTQ.exe
  C:\Windows\System\JjchUTQ.exe
  2⤵
  PID:11948
- C:\Windows\System\mFbnXAx.exe
  C:\Windows\System\mFbnXAx.exe
  2⤵
  PID:11976
- C:\Windows\System\QaPvosF.exe
  C:\Windows\System\QaPvosF.exe
  2⤵
  PID:12000
- C:\Windows\System\omjEFPY.exe
  C:\Windows\System\omjEFPY.exe
  2⤵
  PID:12028
- C:\Windows\System\cRorsbn.exe
  C:\Windows\System\cRorsbn.exe
  2⤵
  PID:12056
- C:\Windows\System\zNHgUPS.exe
  C:\Windows\System\zNHgUPS.exe
  2⤵
  PID:12092
- C:\Windows\System\nDvXFQl.exe
  C:\Windows\System\nDvXFQl.exe
  2⤵
  PID:12112
- C:\Windows\System\liXGSEA.exe
  C:\Windows\System\liXGSEA.exe
  2⤵
  PID:12152
- C:\Windows\System\waZmvmV.exe
  C:\Windows\System\waZmvmV.exe
  2⤵
  PID:12180
- C:\Windows\System\xQlEbNH.exe
  C:\Windows\System\xQlEbNH.exe
  2⤵
  PID:12208
- C:\Windows\System\CUeEzIW.exe
  C:\Windows\System\CUeEzIW.exe
  2⤵
  PID:12228
- C:\Windows\System\nYXEJud.exe
  C:\Windows\System\nYXEJud.exe
  2⤵
  PID:12264
- C:\Windows\System\kWYvQhX.exe
  C:\Windows\System\kWYvQhX.exe
  2⤵
  PID:10452
- C:\Windows\System\IBkBIVV.exe
  C:\Windows\System\IBkBIVV.exe
  2⤵
  PID:11272
- C:\Windows\System\HgZDCnq.exe
  C:\Windows\System\HgZDCnq.exe
  2⤵
  PID:11348
- C:\Windows\System\EwJnysb.exe
  C:\Windows\System\EwJnysb.exe
  2⤵
  PID:11420
- C:\Windows\System\ExtdRqh.exe
  C:\Windows\System\ExtdRqh.exe
  2⤵
  PID:11440
- C:\Windows\System\BRErPvg.exe
  C:\Windows\System\BRErPvg.exe
  2⤵
  PID:11520
- C:\Windows\System\beQAXff.exe
  C:\Windows\System\beQAXff.exe
  2⤵
  PID:11580
- C:\Windows\System\URrfaZN.exe
  C:\Windows\System\URrfaZN.exe
  2⤵
  PID:11604
- C:\Windows\System\oqJjurl.exe
  C:\Windows\System\oqJjurl.exe
  2⤵
  PID:11772
- C:\Windows\System\pzEouDM.exe
  C:\Windows\System\pzEouDM.exe
  2⤵
  PID:11804
- C:\Windows\System\CgeZsGS.exe
  C:\Windows\System\CgeZsGS.exe
  2⤵
  PID:11868
- C:\Windows\System\EmgIspV.exe
  C:\Windows\System\EmgIspV.exe
  2⤵
  PID:11956
- C:\Windows\System\XewrYcF.exe
  C:\Windows\System\XewrYcF.exe
  2⤵
  PID:11984
- C:\Windows\System\jwpILZj.exe
  C:\Windows\System\jwpILZj.exe
  2⤵
  PID:12044
- C:\Windows\System\DLYDDmy.exe
  C:\Windows\System\DLYDDmy.exe
  2⤵
  PID:12104
- C:\Windows\System\jayePKV.exe
  C:\Windows\System\jayePKV.exe
  2⤵
  PID:12176
- C:\Windows\System\osSApDh.exe
  C:\Windows\System\osSApDh.exe
  2⤵
  PID:12216
- C:\Windows\System\QwVuAiT.exe
  C:\Windows\System\QwVuAiT.exe
  2⤵
  PID:10996
- C:\Windows\System\BQoRbub.exe
  C:\Windows\System\BQoRbub.exe
  2⤵
  PID:11456
- C:\Windows\System\EjfWIsw.exe
  C:\Windows\System\EjfWIsw.exe
  2⤵
  PID:11548
- C:\Windows\System\DSslDoT.exe
  C:\Windows\System\DSslDoT.exe
  2⤵
  PID:11744
- C:\Windows\System\ZPidDnZ.exe
  C:\Windows\System\ZPidDnZ.exe
  2⤵
  PID:11860
- C:\Windows\System\TNRfyLn.exe
  C:\Windows\System\TNRfyLn.exe
  2⤵
  PID:12072
- C:\Windows\System\oFBScFL.exe
  C:\Windows\System\oFBScFL.exe
  2⤵
  PID:12196
- C:\Windows\System\Qpdkrsm.exe
  C:\Windows\System\Qpdkrsm.exe
  2⤵
  PID:10772
- C:\Windows\System\rNoaFrA.exe
  C:\Windows\System\rNoaFrA.exe
  2⤵
  PID:11612
- C:\Windows\System\gyVGPaB.exe
  C:\Windows\System\gyVGPaB.exe
  2⤵
  PID:11916
- C:\Windows\System\OBQpILR.exe
  C:\Windows\System\OBQpILR.exe
  2⤵
  PID:12236
- C:\Windows\System\XKrODmx.exe
  C:\Windows\System\XKrODmx.exe
  2⤵
  PID:12124
- C:\Windows\System\QXzudEn.exe
  C:\Windows\System\QXzudEn.exe
  2⤵
  PID:11840
- C:\Windows\System\cSuRVjV.exe
  C:\Windows\System\cSuRVjV.exe
  2⤵
  PID:12316
- C:\Windows\System\TILfeiP.exe
  C:\Windows\System\TILfeiP.exe
  2⤵
  PID:12344
- C:\Windows\System\gVdBoOE.exe
  C:\Windows\System\gVdBoOE.exe
  2⤵
  PID:12372
- C:\Windows\System\MHTUBZw.exe
  C:\Windows\System\MHTUBZw.exe
  2⤵
  PID:12400
- C:\Windows\System\adVSRql.exe
  C:\Windows\System\adVSRql.exe
  2⤵
  PID:12424
- C:\Windows\System\zObSYHr.exe
  C:\Windows\System\zObSYHr.exe
  2⤵
  PID:12460
- C:\Windows\System\AltJQcs.exe
  C:\Windows\System\AltJQcs.exe
  2⤵
  PID:12480
- C:\Windows\System\ohQFKQt.exe
  C:\Windows\System\ohQFKQt.exe
  2⤵
  PID:12516
- C:\Windows\System\FmFfewx.exe
  C:\Windows\System\FmFfewx.exe
  2⤵
  PID:12544
- C:\Windows\System\IzkBTSz.exe
  C:\Windows\System\IzkBTSz.exe
  2⤵
  PID:12568
- C:\Windows\System\oGQMcNC.exe
  C:\Windows\System\oGQMcNC.exe
  2⤵
  PID:12588
- C:\Windows\System\unZCjQS.exe
  C:\Windows\System\unZCjQS.exe
  2⤵
  PID:12628
- C:\Windows\System\cxXyWYL.exe
  C:\Windows\System\cxXyWYL.exe
  2⤵
  PID:12656
- C:\Windows\System\yJOIalT.exe
  C:\Windows\System\yJOIalT.exe
  2⤵
  PID:12672
- C:\Windows\System\gZCdTYS.exe
  C:\Windows\System\gZCdTYS.exe
  2⤵
  PID:12696
- C:\Windows\System\TWYQLRH.exe
  C:\Windows\System\TWYQLRH.exe
  2⤵
  PID:12720
- C:\Windows\System\DXjohAD.exe
  C:\Windows\System\DXjohAD.exe
  2⤵
  PID:12756
- C:\Windows\System\fLdDHct.exe
  C:\Windows\System\fLdDHct.exe
  2⤵
  PID:12772
- C:\Windows\System\olDCreD.exe
  C:\Windows\System\olDCreD.exe
  2⤵
  PID:12808
- C:\Windows\System\NDiSzAI.exe
  C:\Windows\System\NDiSzAI.exe
  2⤵
  PID:12848
- C:\Windows\System\asJjIIE.exe
  C:\Windows\System\asJjIIE.exe
  2⤵
  PID:12872
- C:\Windows\System\NjQlyKI.exe
  C:\Windows\System\NjQlyKI.exe
  2⤵
  PID:12912
- C:\Windows\System\VqdWHgT.exe
  C:\Windows\System\VqdWHgT.exe
  2⤵
  PID:12928
- C:\Windows\System\UuQbAgb.exe
  C:\Windows\System\UuQbAgb.exe
  2⤵
  PID:12948
- C:\Windows\System\KsZDIMb.exe
  C:\Windows\System\KsZDIMb.exe
  2⤵
  PID:12984
- C:\Windows\System\DRIiXlU.exe
  C:\Windows\System\DRIiXlU.exe
  2⤵
  PID:13000
- C:\Windows\System\eEGAaVy.exe
  C:\Windows\System\eEGAaVy.exe
  2⤵
  PID:13028
- C:\Windows\System\LlGZDeE.exe
  C:\Windows\System\LlGZDeE.exe
  2⤵
  PID:13064
- C:\Windows\System\HCipQzu.exe
  C:\Windows\System\HCipQzu.exe
  2⤵
  PID:13108
- C:\Windows\System\xqgZxTJ.exe
  C:\Windows\System\xqgZxTJ.exe
  2⤵
  PID:13136
- C:\Windows\System\HwqBvjs.exe
  C:\Windows\System\HwqBvjs.exe
  2⤵
  PID:13160
- C:\Windows\System\JiyIEqK.exe
  C:\Windows\System\JiyIEqK.exe
  2⤵
  PID:13188
- C:\Windows\System\hLnxzvg.exe
  C:\Windows\System\hLnxzvg.exe
  2⤵
  PID:13208
- C:\Windows\System\FLzXnZd.exe
  C:\Windows\System\FLzXnZd.exe
  2⤵
  PID:13240
- C:\Windows\System\YnvjCsr.exe
  C:\Windows\System\YnvjCsr.exe
  2⤵
  PID:13268
- C:\Windows\System\OkDuvSd.exe
  C:\Windows\System\OkDuvSd.exe
  2⤵
  PID:13304
- C:\Windows\System\OtMFaiX.exe
  C:\Windows\System\OtMFaiX.exe
  2⤵
  PID:12328
- C:\Windows\System\HkLRiEO.exe
  C:\Windows\System\HkLRiEO.exe
  2⤵
  PID:12408
- C:\Windows\System\NXkpRwm.exe
  C:\Windows\System\NXkpRwm.exe
  2⤵
  PID:12468
- C:\Windows\System\wDwUyyl.exe
  C:\Windows\System\wDwUyyl.exe
  2⤵
  PID:12536
- C:\Windows\System\RCiDzUa.exe
  C:\Windows\System\RCiDzUa.exe
  2⤵
  PID:12600
- C:\Windows\System\OsTVfFt.exe
  C:\Windows\System\OsTVfFt.exe
  2⤵
  PID:12664
- C:\Windows\System\ycdFsnK.exe
  C:\Windows\System\ycdFsnK.exe
  2⤵
  PID:12708
- C:\Windows\System\xahvWrQ.exe
  C:\Windows\System\xahvWrQ.exe
  2⤵
  PID:12792
- C:\Windows\System\bdjytqX.exe
  C:\Windows\System\bdjytqX.exe
  2⤵
  PID:12856
- C:\Windows\System\tvyLInY.exe
  C:\Windows\System\tvyLInY.exe
  2⤵
  PID:12920
- C:\Windows\System\UvUsOHH.exe
  C:\Windows\System\UvUsOHH.exe
  2⤵
  PID:12972
- C:\Windows\System\FfmWqSl.exe
  C:\Windows\System\FfmWqSl.exe
  2⤵
  PID:13036
- C:\Windows\System\scJakNM.exe
  C:\Windows\System\scJakNM.exe
  2⤵
  PID:13124
- C:\Windows\System\OJVtMjo.exe
  C:\Windows\System\OJVtMjo.exe
  2⤵
  PID:13200
- C:\Windows\System\lWsxItk.exe
  C:\Windows\System\lWsxItk.exe
  2⤵
  PID:13280
- C:\Windows\System\kJKCZpK.exe
  C:\Windows\System\kJKCZpK.exe
  2⤵
  PID:12340
- C:\Windows\System\EcMOZlv.exe
  C:\Windows\System\EcMOZlv.exe
  2⤵
  PID:12436
- C:\Windows\System\uiefgqQ.exe
  C:\Windows\System\uiefgqQ.exe
  2⤵
  PID:12580
- C:\Windows\System\TbfZmAo.exe
  C:\Windows\System\TbfZmAo.exe
  2⤵
  PID:12748
- C:\Windows\System\fgaBuvT.exe
  C:\Windows\System\fgaBuvT.exe
  2⤵
  PID:12896
- C:\Windows\System\uCSmvPE.exe
  C:\Windows\System\uCSmvPE.exe
  2⤵
  PID:12944
- C:\Windows\System\imsyCSC.exe
  C:\Windows\System\imsyCSC.exe
  2⤵
  PID:13088
- C:\Windows\System\UFsfkAj.exe
  C:\Windows\System\UFsfkAj.exe
  2⤵
  PID:13180
- C:\Windows\System\SHVpsJk.exe
  C:\Windows\System\SHVpsJk.exe
  2⤵
  PID:4820
- C:\Windows\System\cJTkoWA.exe
  C:\Windows\System\cJTkoWA.exe
  2⤵
  PID:12560
- C:\Windows\System\qoHmMyJ.exe
  C:\Windows\System\qoHmMyJ.exe
  2⤵
  PID:13156
- C:\Windows\System\UAHplNd.exe
  C:\Windows\System\UAHplNd.exe
  2⤵
  PID:4168
- C:\Windows\System\eJlvlPz.exe
  C:\Windows\System\eJlvlPz.exe
  2⤵
  PID:12680
- C:\Windows\System\aeUsEUQ.exe
  C:\Windows\System\aeUsEUQ.exe
  2⤵
  PID:12824
- C:\Windows\System\xXuILmr.exe
  C:\Windows\System\xXuILmr.exe
  2⤵
  PID:12448
- C:\Windows\System\YlWxYMk.exe
  C:\Windows\System\YlWxYMk.exe
  2⤵
  PID:13332
- C:\Windows\System\Tatyrgt.exe
  C:\Windows\System\Tatyrgt.exe
  2⤵
  PID:13352
- C:\Windows\System\fhtTKIN.exe
  C:\Windows\System\fhtTKIN.exe
  2⤵
  PID:13404
- C:\Windows\System\QjGFjBT.exe
  C:\Windows\System\QjGFjBT.exe
  2⤵
  PID:13432
- C:\Windows\System\UIOHApE.exe
  C:\Windows\System\UIOHApE.exe
  2⤵
  PID:13460
- C:\Windows\System\LyDhyvZ.exe
  C:\Windows\System\LyDhyvZ.exe
  2⤵
  PID:13488
- C:\Windows\System\nxeJXdr.exe
  C:\Windows\System\nxeJXdr.exe
  2⤵
  PID:13516
- C:\Windows\System\ZIyBlWD.exe
  C:\Windows\System\ZIyBlWD.exe
  2⤵
  PID:13544
- C:\Windows\System\BaEWaMp.exe
  C:\Windows\System\BaEWaMp.exe
  2⤵
  PID:13572
- C:\Windows\System\uAwITrB.exe
  C:\Windows\System\uAwITrB.exe
  2⤵
  PID:13608
- C:\Windows\System\ibRXVpN.exe
  C:\Windows\System\ibRXVpN.exe
  2⤵
  PID:13636
- C:\Windows\System\khUzoPP.exe
  C:\Windows\System\khUzoPP.exe
  2⤵
  PID:13664
- C:\Windows\System\qSqwLsB.exe
  C:\Windows\System\qSqwLsB.exe
  2⤵
  PID:13692
- C:\Windows\System\OqdAaIv.exe
  C:\Windows\System\OqdAaIv.exe
  2⤵
  PID:13720
- C:\Windows\System\rFhwGhb.exe
  C:\Windows\System\rFhwGhb.exe
  2⤵
  PID:13748
- C:\Windows\System\DtAWuqF.exe
  C:\Windows\System\DtAWuqF.exe
  2⤵
  PID:13776
- C:\Windows\System\hpDCgbZ.exe
  C:\Windows\System\hpDCgbZ.exe
  2⤵
  PID:13804
- C:\Windows\System\BQLfTlZ.exe
  C:\Windows\System\BQLfTlZ.exe
  2⤵
  PID:13832
- C:\Windows\System\RhnKyeL.exe
  C:\Windows\System\RhnKyeL.exe
  2⤵
  PID:13860
- C:\Windows\System\uQsAaGG.exe
  C:\Windows\System\uQsAaGG.exe
  2⤵
  PID:13888
- C:\Windows\System\QxutuMr.exe
  C:\Windows\System\QxutuMr.exe
  2⤵
  PID:13916
- C:\Windows\System\DavqsjU.exe
  C:\Windows\System\DavqsjU.exe
  2⤵
  PID:13944
- C:\Windows\System\NPQNDIM.exe
  C:\Windows\System\NPQNDIM.exe
  2⤵
  PID:13972
- C:\Windows\System\FIYoxFp.exe
  C:\Windows\System\FIYoxFp.exe
  2⤵
  PID:14000
- C:\Windows\System\VVqFKMl.exe
  C:\Windows\System\VVqFKMl.exe
  2⤵
  PID:14028
- C:\Windows\System\dGOTijb.exe
  C:\Windows\System\dGOTijb.exe
  2⤵
  PID:14056
- C:\Windows\System\YhELkgK.exe
  C:\Windows\System\YhELkgK.exe
  2⤵
  PID:14084
- C:\Windows\System\NASiyih.exe
  C:\Windows\System\NASiyih.exe
  2⤵
  PID:14112
- C:\Windows\System\tOCcXXQ.exe
  C:\Windows\System\tOCcXXQ.exe
  2⤵
  PID:14140
- C:\Windows\System\dpNQDzT.exe
  C:\Windows\System\dpNQDzT.exe
  2⤵
  PID:14168
- C:\Windows\System\NcVCYCB.exe
  C:\Windows\System\NcVCYCB.exe
  2⤵
  PID:14196
- C:\Windows\System\dGuszCy.exe
  C:\Windows\System\dGuszCy.exe
  2⤵
  PID:14216
- C:\Windows\System\YqrzWiq.exe
  C:\Windows\System\YqrzWiq.exe
  2⤵
  PID:14252
- C:\Windows\System\iyxQzaf.exe
  C:\Windows\System\iyxQzaf.exe
  2⤵
  PID:14280
- C:\Windows\System\frJELjH.exe
  C:\Windows\System\frJELjH.exe
  2⤵
  PID:14308
- C:\Windows\System\qKailsM.exe
  C:\Windows\System\qKailsM.exe
  2⤵
  PID:13316
- C:\Windows\System\JgONZcp.exe
  C:\Windows\System\JgONZcp.exe
  2⤵
  PID:13372
- C:\Windows\System\ITRUYFW.exe
  C:\Windows\System\ITRUYFW.exe
  2⤵
  PID:13448
- C:\Windows\System\TVhYdCU.exe
  C:\Windows\System\TVhYdCU.exe
  2⤵
  PID:13512
- C:\Windows\System\CPIgpsX.exe
  C:\Windows\System\CPIgpsX.exe
  2⤵
  PID:13564
- C:\Windows\System\csiJyMn.exe
  C:\Windows\System\csiJyMn.exe
  2⤵
  PID:13620
- C:\Windows\System\MpyEOoa.exe
  C:\Windows\System\MpyEOoa.exe
  2⤵
  PID:13716
- C:\Windows\System\SHEfHpt.exe
  C:\Windows\System\SHEfHpt.exe
  2⤵
  PID:13788
- C:\Windows\System\SmTaPhI.exe
  C:\Windows\System\SmTaPhI.exe
  2⤵
  PID:13824
- C:\Windows\System\wcHrwsj.exe
  C:\Windows\System\wcHrwsj.exe
  2⤵
  PID:13872
- C:\Windows\System\DQcYtve.exe
  C:\Windows\System\DQcYtve.exe
  2⤵
  PID:13940
- C:\Windows\System\SbjwlEd.exe
  C:\Windows\System\SbjwlEd.exe
  2⤵
  PID:14020
- C:\Windows\System\gzcdmGs.exe
  C:\Windows\System\gzcdmGs.exe
  2⤵
  PID:14080
- C:\Windows\System\HCXpnaj.exe
  C:\Windows\System\HCXpnaj.exe
  2⤵
  PID:14160

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AFkSgGU.exe

Filesize
1.6MB

MD5
b75774d8c3d103e990a41a9b38e033fd

SHA1
58550b7204085280e430218ed226757d695ea55f

SHA256
1b0968ac3fe4b717051e5a7c5de9778f99568bb68edf71b89b9645b969c09d30

SHA512
6e3e10c8b29efd8d0947a14c18038f3981170ad647250fb28d5978490532f2ad8abd2919b58b2bed10ad28ff969984f6f74cc970e8e23ddb1f749b39f8d25d12

Download Submit
C:\Windows\System\Cbeoqvp.exe

Filesize
1.6MB

MD5
8aec3bcbe78706175991c674618e9b5f

SHA1
0338ae9fad59e5ed501fef7f5573885d2e461810

SHA256
f7ba051939f073d8dfca4f828e7b12909d8e3321c5396688a651c099dfa31b24

SHA512
e4447871da1237ad8ca4e6dc10c9642cde3e00720f0e0661688960704e18cdfe3c1e3a212da9dc88e443c4c5dba1cd7a043459cad54a74893363731ec76b99f2

Download Submit
C:\Windows\System\CjygXUE.exe

Filesize
1.6MB

MD5
571d3b8ab490409e61d05c004d7227ac

SHA1
a118d462de917f40db422ff0a703de60a2b2dada

SHA256
707f6e3c6938e94367cce9339fb402c7f2a31bd63daf34a986d191091c70e415

SHA512
3bd51a351506f334ce6f89d0e613cf1cb90512d314e365188b5fdcf2446cde4ddfe5d0166ae08b5b3c6d7b658ff29e9222f7e87b67ee0d112e051b2f1e51aa2d

Download Submit
C:\Windows\System\DeUAEWU.exe

Filesize
1.6MB

MD5
64689e059d0955aa2aabef2f0e018123

SHA1
c4eae79c22622b087a64c15142c55ce78c932d45

SHA256
054780fd5a9bbb6326336def101060150eaed3125368d2be6854fe57ffe01de8

SHA512
1e4ef978641c7369682df97c520b2fa3c72334db7a7882bf70c0accf32cb1f0f1030dea34f35175f1954a7946d19790678166e9a20d2e3c8167bc75b565a33be

Download Submit
C:\Windows\System\FYMvhJd.exe

Filesize
1.6MB

MD5
5b770ed6953665ddb88081b36dc45575

SHA1
bbf08820f5965f01ce37726c557bbbd459ac8492

SHA256
18c568837afbe140f6c62ba3eb15a24ba98f3d91fa544436df98efda4c5f4ab7

SHA512
4a61f1dcec926fbd57ad51c5c57d4bfcc472ea8421a32c27ea0cdbcac4b60ef59aa94607331eeac8d2cac1a199e45970c6ff02d085c7c9389f3b7ae1024740f0

Download Submit
C:\Windows\System\HipsBcv.exe

Filesize
1.6MB

MD5
c71278bee1c6cfc3353c590651e50b59

SHA1
fb87cf8341cd048a68dd982d96c4449189414748

SHA256
81d48efbf1c4ad068de285f58e0f9f24d81e231590b615f30291dedd81104637

SHA512
4035c2a8eb781c5976523c8cb17cff30127b60b7139a3c1ad4a26ae8a552bd257a62965437c54ad3cb4dea35a664249d5598b124c878b3652253fcd45d9b71a3

Download Submit
C:\Windows\System\IvzxqGK.exe

Filesize
1.6MB

MD5
0765679403c425312101902aa11ec339

SHA1
7d385e61eaee234857324b00d2addd8a4886d274

SHA256
d87e54868ce0f46f990bdc8d5675b47e2ef6e670f651a3fed92377be7d024da7

SHA512
ef8a01669362a1f3eb6c08a20897e0b599d24c825729ff1b1fb396b59dca514ab4b291da7c489dfc7601f75ac789fb968ada8b6196dd4ed88681b28d4b394cc6

Download Submit
C:\Windows\System\KeqbQFA.exe

Filesize
1.6MB

MD5
0eac2b688310068178ed22948dbc41cf

SHA1
179d1083d6387ef2783fe9e98699c96ea78bf4eb

SHA256
4d6346dacf5f54d492c85600c5879f451d85d93416adc4469a456fe5ba224bf1

SHA512
6efe63360a090a327870b8b607c7c85e69d84e2e4cc1667b63f8e4d8778e2af631b80569d76935930eae7163e3417b241a05df53d82501607979fb3543a06181

Download Submit
C:\Windows\System\NiOkfzn.exe

Filesize
1.6MB

MD5
ae92b19b83f8ad727a661176728a1428

SHA1
85845fab89f883124b8d0f955f4ee17fb1728a9a

SHA256
0f12dc409e55c478f74d1ae2c225f6e1e6de373c01f1edf323471d4ef2fd5dff

SHA512
8e67407f638feca345f5746cfc4414a8465d957600915a73dcc6d7c9093efb88491f8e8260def47c6eebdacaefafd12e276a81dcd436c51b850a88f3a20267f6

Download Submit
C:\Windows\System\PZxJYLF.exe

Filesize
1.6MB

MD5
918082c6f27719925ca53268015b99ec

SHA1
a954a3578a05eb17493da5fae330ff4cbfcefd52

SHA256
e2ea5b65d3a053db9ea6c0b12f67fdeb26b3127f80dbebf80aa4d91ed85f8aea

SHA512
3d9cac0c400840f71c41385db4a25fcc655e77206742de65d4c954150031d7225a100f56edd66e38d5add161408c8b97ada59a2d1ebfeda61b211da45b097aa5

Download Submit
C:\Windows\System\Ssmarny.exe

Filesize
1.6MB

MD5
30b6edb64d3b747a94edbce8317ec662

SHA1
5f48aa2f99178df88fdb980842793341f15e43b6

SHA256
b2606a340b1e4dd9cf3d3bc68fa945c719eaf3b776392b5b8b97573eaab6d687

SHA512
c58f2dcfe7f1c56822affee8b79da2723fbe52ad1aeb2028ff8bc63613604876e540ea75e1ef5bc0f373372863c3476620dc78c75dbaa4ccbbcc3ac75219dded

Download Submit
C:\Windows\System\SvUzQFn.exe

Filesize
1.6MB

MD5
11f347982e34613e8e5252a8342d0a86

SHA1
f51791d93f39745625a2b8645d16dcaef9a3b60a

SHA256
f34bf0856ce5a8591d1ffbab57e5c054fc34d14753a978bad131da915b74736e

SHA512
8a9a26773e2b9e121cbd2a2a79f60d2880702df772836ed3496c8327c7c215dfe88e482d96a44fce7624d4dad894d2f26d1b4325badbfcc70617e0eb7d7f1ec3

Download Submit
C:\Windows\System\VyvtlaX.exe

Filesize
1.6MB

MD5
751e5e8b7a50053df7a058a4230607b3

SHA1
8287302a99c6be5d813d44756df326922e1427ea

SHA256
130717ef774e3d3664c79e0bf31322509aa61e57cdc8af61b856c052a89b61d9

SHA512
aaf65b8d7e93ea7176eb8fe0a0f4ad4f4d7d513e0093653ef19fc1c3780d2caa22aa3cf0c4961d368ce2128350d07af4162b5bafd6fb1af68b435fe3c5d8c1ed

Download Submit
C:\Windows\System\WZaVXgD.exe

Filesize
1.6MB

MD5
9947200625086cd9a81ed87b8d264229

SHA1
1ea684689f7f3a2e38937f3b79644c675208aade

SHA256
162e5f6a5fc7b9527d13c57c56632a66a6dd9196c5882ed812116d3b97a7513e

SHA512
06ecf6eede0d248776f8dce55be9d4e304f12b4402b3d1ff7ab44463e31f1950b5ee4506c013614f44f22f669a812c256f1b88a4ef8b571d4dcd80f25308c020

Download Submit
C:\Windows\System\XLrJFeh.exe

Filesize
1.6MB

MD5
b476df86861ffd5263cb18e95ffb3253

SHA1
893637458c569c932b7f7265be307bf14513ad10

SHA256
e36a0bdfa23e66c7092a61294a88fa534393100803c9538d6c61634ca8ba7e6a

SHA512
7ded2e5c6409fdb9c82ca1c0d8a262223de55d9d76b67fd9960836e0f6eb1231d944b844e209299e86111d0a1975c03ec6f157dc209436783e64644e86485d2f

Download Submit
C:\Windows\System\XRJksON.exe

Filesize
1.6MB

MD5
dae1932fc9e56f43581716ae09fe1eed

SHA1
83ce77c610a0026780b789ff2c74c5b120697f81

SHA256
73041be3ead706bb528af739d3ba07829f2cd0a32b8bac4a19c09d2f15987ab4

SHA512
69d677a5e4d93956689a1d6e171e75860d17f453e26a70d55122e8bffe22f98146e35427c67020557fe5e4367b9455c7bd8ae9cd77cf47656bddc8f9b488914a

Download Submit
C:\Windows\System\ZAlIeoc.exe

Filesize
1.6MB

MD5
44fc87d5045b34f09e5fccbbdb9ca868

SHA1
68ca6088813e81e1a45612f7021ae8cc05a83f69

SHA256
4d1dd81ac7c41a77e5e9443b0c3dda2e4a0c4ba7178296a4edac3b7b26c64083

SHA512
7a7e6109edcb5ac40249de3d2f848f9d3c00644187ba42459420a8d5dbc9b0005808047c25a268c8323efd9444e3df7c8cf18bbddbed27b713b2e96cadcf96f3

Download Submit
C:\Windows\System\ZGdvvOX.exe

Filesize
1.6MB

MD5
60a39c99f2b7c3b45b7c97748ed8f35c

SHA1
4cabad43531217a61a71261e773a02841b3ef294

SHA256
217a281b1dbb2e7634e41ad871fc4780f3ec2861b788c241cbd7b81962c0d157

SHA512
e7ebf622238757d9f25ef5623d1eefea1f1acaada5d9e8bd22739452633ae9f42805583708d2542d264064891938ed5e3883a3284addca56c049b8903a84c5fc

Download Submit
C:\Windows\System\cewLxoO.exe

Filesize
1.6MB

MD5
6ff06a2a0572d3906f02033197540d86

SHA1
a5020bfd7003304a401b1e02c8eb8d4761567a61

SHA256
b667c4780c2e4998c8f51636f7e4b01d0c8cc42e93c7f3f61061eb4d7dc2bb55

SHA512
6aac2e116a3bd4a7d1e316d6068fa252e4f01a449d1604fbc68d923704d80762592910c39d71923bfae08c041a271f152ddebbbbd09e4fa74534f762f65a7281

Download Submit
C:\Windows\System\fHRAkiK.exe

Filesize
1.6MB

MD5
ef2bd1f5194e7322f4bbacac518eb02f

SHA1
e71be57db5338434810ba3493795586ef21ccbc2

SHA256
95a78925273ebf31cf644d982683317c96870f974a4863eabaaa51447ab25bc0

SHA512
89413886b869f2df3ff540769d4b9250f6f0f5120693ed5d3845067a3492ad3a8734c86efc58373ce4f828459df433457b5d02a95d2089322a7c7e057805a794

Download Submit
C:\Windows\System\hdJxNfU.exe

Filesize
1.6MB

MD5
30ff96a0ee82ca7f8bc274b4cf57809b

SHA1
86caa438513752066b73880a045b1ea348d238c8

SHA256
3e6d31e7ddd9df6fd04ed4daa249f8e53ea23a8aa42414137adbb51146d7b6ec

SHA512
5a4ac8543672db631511b36853f68d72dd146e015c83930b1390c31c6dda6b06ef0886b79ec6fd4f8739bdd10a6a989065a70e58f672edd517f2b571452a84dc

Download Submit
C:\Windows\System\iQYRKIM.exe

Filesize
1.6MB

MD5
8204bee40a8582a71928e8fce323d89d

SHA1
2139742fd65e58dfa3a7ed04bbd5d74081e60521

SHA256
50a34649dbcb4ed5f93fa763d74c855144abf3aa47a16fd4cc762c9e77658ebc

SHA512
9592d9c2f2714dde5aa0e0757776aadf6441ee5adab9ec8a95a0e3ae736a26eb583c2f87dbcee2c42c0faaf9559bd5f7fdd16944f98617ec60601366f4b27b38

Download Submit
C:\Windows\System\icIkbxN.exe

Filesize
1.6MB

MD5
b33a3f31a6dfb97dcdd6cb071305f1ed

SHA1
b0f8f19d797d80cda8de22edc28204af28c7e300

SHA256
72606c793d9530688442155fcea0fb3e263992cca8de69702ad4018576da09ea

SHA512
5ccf26ec8aeb53dd09dd877512b41ebbeaf0a56d0139ad3874f519165c64d2a30676e5e111e75a449f04ab48dc19b192aaa4e0ac6a9d518c4c97052e5985872d

Download Submit
C:\Windows\System\jOIWZmM.exe

Filesize
1.6MB

MD5
3bfe56cb6cd20fabf7beb961c9ee0278

SHA1
67fade1891f63b7b0b571b6766826ebeb35e6c38

SHA256
4c38646e82518b01cfbf299acba0b8bd5dc70c929061ade380d4742a17a6236c

SHA512
aef8a0c8201745caa98c89e73af919689e2902c6009d336448f9de0a1d01bf2038b52504a61b2a4d38be9a7078eb1fe6e10e62dc56f676e10957f612d0dad859

Download Submit
C:\Windows\System\jOfzFDD.exe

Filesize
1.6MB

MD5
85db998a2a90e859334e3cddd799925c

SHA1
af40fb205ce54d930facfaf248df535542faa69d

SHA256
cb27d7d60c7774b255824be31535030669850efecb76462768c0911ef685eae1

SHA512
3803267e214770b807e2622c3291462ee43be31b32769457dbecad35ed1c508dc1581528528d654bccde13eb975cea3e52b8d8151392cf79f1b05d6cb9562fa2

Download Submit
C:\Windows\System\kbGEXcw.exe

Filesize
1.6MB

MD5
a9c65ae6edf91910980bba4e683ad5b2

SHA1
e8aef645f63d9fbdd20afa1f34d7bc4997a8a7ba

SHA256
e278fc4c83dcc9a622b6343d7610046f89d98b7a302b4942de1e2fa846a4a14a

SHA512
9c6ca2eaa860935f4f0358b5441402a041d78685eae9807e112d5b48c7b553b900ad8f4395ae552d1ca41d4a8314faaaa87be939eeac8530a8a9cf69efbb63e9

Download Submit
C:\Windows\System\khubnxC.exe

Filesize
1.6MB

MD5
1be47744abce9cdbd5dbed043e2390c8

SHA1
c2b4b7d1867883603ad87cc10aee25f7304ebada

SHA256
5b010993020734a371ba0adc81dd4a14f1aa77e7cac9ca7887b963415fed0226

SHA512
c0e564f6b916aa8ae99368ba418e047d5abdcef2e7cf85edd1ec8f70d27cab2d25b5661aca717189f268237f53b05ed37a258baf9b7393c66cbbcf1894788252

Download Submit
C:\Windows\System\nIxjPAT.exe

Filesize
1.6MB

MD5
7c0ef672ae841b736b95cf4ff1f4dfaf

SHA1
09d1c2344802936916fe9bf0bf17b56bb0f556c7

SHA256
b138a730421b9c9f8002a0c1a979914438d96cc3bc5a0678766974b33bb8ac43

SHA512
ea1106323c076d53a240525406bc9f5201d30f3cb1e9521136a8a30dc57c3b373c44de8cd7afc7991a34820cf05a5a619f7020f51ec223d14987fb1c4c9242fc

Download Submit
C:\Windows\System\oYLRJbr.exe

Filesize
1.6MB

MD5
264ee4f121728d8e20d398ece444ef4f

SHA1
912bfe6c3a7207c0993e7b7d0327368473e6fd2f

SHA256
58c4ea70200112817cc37074aca71f2a1cb22cb8cf5d41911cf1309f4b3ce3ae

SHA512
a22e604f0fa64a4b0902a0f728963c4416f4554f238c15fd8cd5cbb3dfd1e59a3371cf077e234307fd2f14efb03a51135d5b0c9118cf0c0e13ece179556e5d66

Download Submit
C:\Windows\System\ofOzDja.exe

Filesize
1.6MB

MD5
6823933231464813bffa0eb302feda41

SHA1
522776de54656d1656189dc2e43e1bb886f5e0ca

SHA256
c8badd95575b01e2dfe1ff058cbddf314e1d4babd0ef86dbae54c57854ac1d65

SHA512
478d8bea25d2f1cd45d00d28199a09388dc782209c7754a676d766f801374ceeae53035f88cf2fbc1f74cc37e7d9730e1ba452c3335edf8943646b9b042c3c2b

Download Submit
C:\Windows\System\pJmErgl.exe

Filesize
1.6MB

MD5
461ba1e43df7c1145fb62c515d7bf1fb

SHA1
f889712aa975410ec6d903ef168691a2d659a759

SHA256
70b91ac10042f2de942a9befe80d90a901950b25710a680748e46feb3b0f2a70

SHA512
6d3f060f19554c1a991ae6ad2ffcb5ae734185777805807d208f9c4e8f35cbdc3dddc7f1d42134f0a92a2fd2dc86887f01b8bb6ff5a229a1d4c2800ce237271c

Download Submit
C:\Windows\System\qHszNWr.exe

Filesize
1.6MB

MD5
0952e16182427f741569928a526196a3

SHA1
8ae396d8f2155a52748350e173da2d13279cd2a1

SHA256
a140741c1893d616de0f992895c513f3e46935e999ec51f615407cd1e5d2289f

SHA512
7ef5bea6f4cee96e63aae6bc560706f018fa441e2561b27383654ed798299e49fc7dcbd01038c5c9b9e1880bce8edbaf02a7c3d9bcca679b7cce6f4069d0c138

Download Submit
C:\Windows\System\zbLQTSG.exe

Filesize
1.6MB

MD5
1dce841cb1d55052762f248e0dc15c38

SHA1
e39bb6834359f77e40b07ded05a9784e0ba0735c

SHA256
b6a719a366a0cdf95f0021a7c0e6f6df5093de8919bb8ffdc78bbed1e27b2a4b

SHA512
a313db411bca4b733431d851965e5d391958878760b8d2e6a590d2acc4ac312f6231c7e992c13f5d8acdc7df27aeb961e4cd9c5c54480d6284c7fad11f63478b

Download Submit
memory/116-2143-0x00007FF7977C0000-0x00007FF797B14000-memory.dmp

Filesize
3.3MB

Download
memory/116-713-0x00007FF7977C0000-0x00007FF797B14000-memory.dmp

Filesize
3.3MB

Download
memory/220-704-0x00007FF7D4400000-0x00007FF7D4754000-memory.dmp

Filesize
3.3MB

Download
memory/220-2142-0x00007FF7D4400000-0x00007FF7D4754000-memory.dmp

Filesize
3.3MB

Download
memory/592-821-0x00007FF6CD460000-0x00007FF6CD7B4000-memory.dmp

Filesize
3.3MB

Download
memory/592-2153-0x00007FF6CD460000-0x00007FF6CD7B4000-memory.dmp

Filesize
3.3MB

Download
memory/788-744-0x00007FF799870000-0x00007FF799BC4000-memory.dmp

Filesize
3.3MB

Download
memory/788-2138-0x00007FF799870000-0x00007FF799BC4000-memory.dmp

Filesize
3.3MB

Download
memory/892-770-0x00007FF691670000-0x00007FF6919C4000-memory.dmp

Filesize
3.3MB

Download
memory/892-2150-0x00007FF691670000-0x00007FF6919C4000-memory.dmp

Filesize
3.3MB

Download
memory/936-2121-0x00007FF6381C0000-0x00007FF638514000-memory.dmp

Filesize
3.3MB

Download
memory/936-2125-0x00007FF6381C0000-0x00007FF638514000-memory.dmp

Filesize
3.3MB

Download
memory/936-16-0x00007FF6381C0000-0x00007FF638514000-memory.dmp

Filesize
3.3MB

Download
memory/984-2123-0x00007FF6CABF0000-0x00007FF6CAF44000-memory.dmp

Filesize
3.3MB

Download
memory/984-2131-0x00007FF6CABF0000-0x00007FF6CAF44000-memory.dmp

Filesize
3.3MB

Download
memory/984-60-0x00007FF6CABF0000-0x00007FF6CAF44000-memory.dmp

Filesize
3.3MB

Download
memory/2012-721-0x00007FF7303C0000-0x00007FF730714000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2145-0x00007FF7303C0000-0x00007FF730714000-memory.dmp

Filesize
3.3MB

Download
memory/2040-758-0x00007FF6B06C0000-0x00007FF6B0A14000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2136-0x00007FF6B06C0000-0x00007FF6B0A14000-memory.dmp

Filesize
3.3MB

Download
memory/2168-67-0x00007FF749CC0000-0x00007FF74A014000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2134-0x00007FF749CC0000-0x00007FF74A014000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2139-0x00007FF6B7700000-0x00007FF6B7A54000-memory.dmp

Filesize
3.3MB

Download
memory/2228-734-0x00007FF6B7700000-0x00007FF6B7A54000-memory.dmp

Filesize
3.3MB

Download
memory/2480-23-0x00007FF7B0030000-0x00007FF7B0384000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2127-0x00007FF7B0030000-0x00007FF7B0384000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2132-0x00007FF751950000-0x00007FF751CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-50-0x00007FF751950000-0x00007FF751CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2122-0x00007FF751950000-0x00007FF751CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2133-0x00007FF6E4B00000-0x00007FF6E4E54000-memory.dmp

Filesize
3.3MB

Download
memory/2640-66-0x00007FF6E4B00000-0x00007FF6E4E54000-memory.dmp

Filesize
3.3MB

Download
memory/2888-695-0x00007FF7B8050000-0x00007FF7B83A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2146-0x00007FF7B8050000-0x00007FF7B83A4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-43-0x00007FF703750000-0x00007FF703AA4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2124-0x00007FF703750000-0x00007FF703AA4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2130-0x00007FF703750000-0x00007FF703AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3224-2151-0x00007FF7A8C60000-0x00007FF7A8FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3224-803-0x00007FF7A8C60000-0x00007FF7A8FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3312-792-0x00007FF66EB90000-0x00007FF66EEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3312-2148-0x00007FF66EB90000-0x00007FF66EEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3568-2149-0x00007FF7B4970000-0x00007FF7B4CC4000-memory.dmp

Filesize
3.3MB

Download
memory/3568-763-0x00007FF7B4970000-0x00007FF7B4CC4000-memory.dmp

Filesize
3.3MB

Download
memory/3940-2152-0x00007FF7FA750000-0x00007FF7FAAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3940-815-0x00007FF7FA750000-0x00007FF7FAAA4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-2137-0x00007FF75CF40000-0x00007FF75D294000-memory.dmp

Filesize
3.3MB

Download
memory/4244-751-0x00007FF75CF40000-0x00007FF75D294000-memory.dmp

Filesize
3.3MB

Download
memory/4396-63-0x00007FF7EAF50000-0x00007FF7EB2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2129-0x00007FF7EAF50000-0x00007FF7EB2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-1-0x0000023D9C3B0000-0x0000023D9C3C0000-memory.dmp

Filesize
64KB

Download
memory/4500-2119-0x00007FF7D4500000-0x00007FF7D4854000-memory.dmp

Filesize
3.3MB

Download
memory/4500-0-0x00007FF7D4500000-0x00007FF7D4854000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2140-0x00007FF663F90000-0x00007FF6642E4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-685-0x00007FF663F90000-0x00007FF6642E4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-669-0x00007FF754F00000-0x00007FF755254000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2141-0x00007FF754F00000-0x00007FF755254000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2135-0x00007FF6869A0000-0x00007FF686CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-70-0x00007FF6869A0000-0x00007FF686CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4760-2128-0x00007FF74F430000-0x00007FF74F784000-memory.dmp

Filesize
3.3MB

Download
memory/4760-54-0x00007FF74F430000-0x00007FF74F784000-memory.dmp

Filesize
3.3MB

Download
memory/4960-798-0x00007FF6D29F0000-0x00007FF6D2D44000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2147-0x00007FF6D29F0000-0x00007FF6D2D44000-memory.dmp

Filesize
3.3MB

Download
memory/5004-37-0x00007FF620150000-0x00007FF6204A4000-memory.dmp

Filesize
3.3MB

Download
memory/5004-2126-0x00007FF620150000-0x00007FF6204A4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2144-0x00007FF7C8860000-0x00007FF7C8BB4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-725-0x00007FF7C8860000-0x00007FF7C8BB4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads