xmrig | d21dc429a8c3d8871d37345f43ccdb4ff791e40b4b97c605a7434f020ec051c9

Analysis

max time kernel
119s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f01374c9e3f296bf81fa9a1972b4330N.exe
Size

1.9MB
MD5

4f01374c9e3f296bf81fa9a1972b4330
SHA1

102fd9e830aff47de2d736bd2921cb672fed9e0c
SHA256

d21dc429a8c3d8871d37345f43ccdb4ff791e40b4b97c605a7434f020ec051c9
SHA512

20f0188d96ba04425a80b3a998b0bbfa1be2f6e728fe2df3cd5c2f9d925d101b3a22007c076d738d2b672be9c9f2294ba556a76ade62a57afd6b90639e595db5
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEdM/Gta7riy5zXNX9GEW:RWWBib356utgj

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral2/memory/4128-35-0x00007FF751780000-0x00007FF751AD1000-memory.dmp	xmrig
behavioral2/memory/3196-19-0x00007FF6F3C40000-0x00007FF6F3F91000-memory.dmp	xmrig
behavioral2/memory/3756-16-0x00007FF660380000-0x00007FF6606D1000-memory.dmp	xmrig
behavioral2/memory/620-119-0x00007FF6F87B0000-0x00007FF6F8B01000-memory.dmp	xmrig
behavioral2/memory/4368-165-0x00007FF789F30000-0x00007FF78A281000-memory.dmp	xmrig
behavioral2/memory/4696-191-0x00007FF7348A0000-0x00007FF734BF1000-memory.dmp	xmrig
behavioral2/memory/2976-204-0x00007FF792890000-0x00007FF792BE1000-memory.dmp	xmrig
behavioral2/memory/1928-198-0x00007FF70AEE0000-0x00007FF70B231000-memory.dmp	xmrig
behavioral2/memory/2744-197-0x00007FF77CAD0000-0x00007FF77CE21000-memory.dmp	xmrig
behavioral2/memory/1240-190-0x00007FF651610000-0x00007FF651961000-memory.dmp	xmrig
behavioral2/memory/2536-184-0x00007FF61DD20000-0x00007FF61E071000-memory.dmp	xmrig
behavioral2/memory/3000-178-0x00007FF6B05A0000-0x00007FF6B08F1000-memory.dmp	xmrig
behavioral2/memory/2824-177-0x00007FF646110000-0x00007FF646461000-memory.dmp	xmrig
behavioral2/memory/3196-159-0x00007FF6F3C40000-0x00007FF6F3F91000-memory.dmp	xmrig
behavioral2/memory/2880-146-0x00007FF6FBC90000-0x00007FF6FBFE1000-memory.dmp	xmrig
behavioral2/memory/1324-145-0x00007FF6D0110000-0x00007FF6D0461000-memory.dmp	xmrig
behavioral2/memory/3756-132-0x00007FF660380000-0x00007FF6606D1000-memory.dmp	xmrig
behavioral2/memory/5056-109-0x00007FF61CD80000-0x00007FF61D0D1000-memory.dmp	xmrig
behavioral2/memory/2512-101-0x00007FF6BF760000-0x00007FF6BFAB1000-memory.dmp	xmrig
behavioral2/memory/2916-97-0x00007FF7ADAF0000-0x00007FF7ADE41000-memory.dmp	xmrig
behavioral2/memory/1432-94-0x00007FF63AFA0000-0x00007FF63B2F1000-memory.dmp	xmrig
behavioral2/memory/2712-64-0x00007FF76C130000-0x00007FF76C481000-memory.dmp	xmrig
behavioral2/memory/1752-1257-0x00007FF695800000-0x00007FF695B51000-memory.dmp	xmrig
behavioral2/memory/3684-1809-0x00007FF798830000-0x00007FF798B81000-memory.dmp	xmrig
behavioral2/memory/3264-2229-0x00007FF68CEC0000-0x00007FF68D211000-memory.dmp	xmrig
behavioral2/memory/1580-2228-0x00007FF6542C0000-0x00007FF654611000-memory.dmp	xmrig
behavioral2/memory/3268-2255-0x00007FF664A60000-0x00007FF664DB1000-memory.dmp	xmrig
behavioral2/memory/2144-2256-0x00007FF7FC680000-0x00007FF7FC9D1000-memory.dmp	xmrig
behavioral2/memory/4392-2263-0x00007FF6D3200000-0x00007FF6D3551000-memory.dmp	xmrig
behavioral2/memory/3652-2265-0x00007FF662F40000-0x00007FF663291000-memory.dmp	xmrig
behavioral2/memory/4988-2264-0x00007FF6B4460000-0x00007FF6B47B1000-memory.dmp	xmrig
behavioral2/memory/4072-2266-0x00007FF7679D0000-0x00007FF767D21000-memory.dmp	xmrig
behavioral2/memory/3756-2270-0x00007FF660380000-0x00007FF6606D1000-memory.dmp	xmrig
behavioral2/memory/3196-2272-0x00007FF6F3C40000-0x00007FF6F3F91000-memory.dmp	xmrig
behavioral2/memory/1324-2278-0x00007FF6D0110000-0x00007FF6D0461000-memory.dmp	xmrig
behavioral2/memory/4128-2277-0x00007FF751780000-0x00007FF751AD1000-memory.dmp	xmrig
behavioral2/memory/2880-2275-0x00007FF6FBC90000-0x00007FF6FBFE1000-memory.dmp	xmrig
behavioral2/memory/2824-2280-0x00007FF646110000-0x00007FF646461000-memory.dmp	xmrig
behavioral2/memory/1240-2283-0x00007FF651610000-0x00007FF651961000-memory.dmp	xmrig
behavioral2/memory/2712-2285-0x00007FF76C130000-0x00007FF76C481000-memory.dmp	xmrig
behavioral2/memory/2744-2287-0x00007FF77CAD0000-0x00007FF77CE21000-memory.dmp	xmrig
behavioral2/memory/2916-2295-0x00007FF7ADAF0000-0x00007FF7ADE41000-memory.dmp	xmrig
behavioral2/memory/3684-2303-0x00007FF798830000-0x00007FF798B81000-memory.dmp	xmrig
behavioral2/memory/2976-2299-0x00007FF792890000-0x00007FF792BE1000-memory.dmp	xmrig
behavioral2/memory/5056-2301-0x00007FF61CD80000-0x00007FF61D0D1000-memory.dmp	xmrig
behavioral2/memory/2512-2297-0x00007FF6BF760000-0x00007FF6BFAB1000-memory.dmp	xmrig
behavioral2/memory/3268-2305-0x00007FF664A60000-0x00007FF664DB1000-memory.dmp	xmrig
behavioral2/memory/1432-2293-0x00007FF63AFA0000-0x00007FF63B2F1000-memory.dmp	xmrig
behavioral2/memory/1928-2289-0x00007FF70AEE0000-0x00007FF70B231000-memory.dmp	xmrig
behavioral2/memory/1752-2291-0x00007FF695800000-0x00007FF695B51000-memory.dmp	xmrig
behavioral2/memory/3264-2309-0x00007FF68CEC0000-0x00007FF68D211000-memory.dmp	xmrig
behavioral2/memory/4392-2327-0x00007FF6D3200000-0x00007FF6D3551000-memory.dmp	xmrig
behavioral2/memory/4368-2317-0x00007FF789F30000-0x00007FF78A281000-memory.dmp	xmrig
behavioral2/memory/2144-2315-0x00007FF7FC680000-0x00007FF7FC9D1000-memory.dmp	xmrig
behavioral2/memory/2536-2331-0x00007FF61DD20000-0x00007FF61E071000-memory.dmp	xmrig
behavioral2/memory/3652-2311-0x00007FF662F40000-0x00007FF663291000-memory.dmp	xmrig
behavioral2/memory/4072-2325-0x00007FF7679D0000-0x00007FF767D21000-memory.dmp	xmrig
behavioral2/memory/4988-2322-0x00007FF6B4460000-0x00007FF6B47B1000-memory.dmp	xmrig
behavioral2/memory/3000-2319-0x00007FF6B05A0000-0x00007FF6B08F1000-memory.dmp	xmrig
behavioral2/memory/1580-2307-0x00007FF6542C0000-0x00007FF654611000-memory.dmp	xmrig
behavioral2/memory/4696-2313-0x00007FF7348A0000-0x00007FF734BF1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3756	HvViTeL.exe
3196	eoQTBey.exe
1324	RwKThIe.exe
4128	aNyPtem.exe
2880	gHtddlz.exe
2824	wZrKfrJ.exe
1240	UuhkYGZ.exe
2744	nvXSxiA.exe
2712	orCPDZr.exe
1752	FarkWqK.exe
1928	BVPmdZW.exe
1432	UHaMUvC.exe
2976	hfTEXoe.exe
2916	PONagig.exe
2512	WIIOSHV.exe
5056	yERGZxW.exe
3684	FwItNmA.exe
1580	JDgrSaq.exe
3268	ScGiYUG.exe
3264	isUsDNv.exe
4392	BUPFPvD.exe
2144	qCvVQXg.exe
4988	gXcJwhn.exe
3652	fXwckTl.exe
4368	XUgmChQ.exe
4072	UOMmHVz.exe
3000	CACafvm.exe
2536	eGOqqeB.exe
4696	nBrrlgb.exe
1496	WQXUfgU.exe
1784	uMszOFe.exe
848	BrXDgSO.exe
460	KvcrPpU.exe
1392	fWqixlp.exe
2800	wMPSZMM.exe
3868	OHQxuQc.exe
3480	xThXRRB.exe
4624	YzlSkft.exe
4584	ZCkneCp.exe
2272	bvUPKVD.exe
5064	OezfCkb.exe
2440	pNoyOkf.exe
2608	UDbAdqF.exe
3832	TldWgYu.exe
712	oifJWif.exe
4352	RhhkrQb.exe
3148	XSHrQGh.exe
968	WuDiZjp.exe
1100	vVjELwI.exe
3968	sZqlSjH.exe
964	nowFBCT.exe
2984	NsepONi.exe
4216	yeTHrXb.exe
4132	tGEIbHx.exe
4372	XHWBror.exe
2520	BGAIqgT.exe
1960	lpolown.exe
1448	gBATSxE.exe
4456	dasDaaV.exe
952	ijerCPA.exe
1404	XlUaFMV.exe
3444	LTWfsQs.exe
4524	STbmuIv.exe
816	riyULjQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/620-0-0x00007FF6F87B0000-0x00007FF6F8B01000-memory.dmp	upx
behavioral2/files/0x00080000000234ae-6.dat	upx
behavioral2/files/0x00070000000234b2-9.dat	upx
behavioral2/files/0x00070000000234b3-15.dat	upx
behavioral2/files/0x00070000000234b4-26.dat	upx
behavioral2/memory/1324-27-0x00007FF6D0110000-0x00007FF6D0461000-memory.dmp	upx
behavioral2/memory/2880-34-0x00007FF6FBC90000-0x00007FF6FBFE1000-memory.dmp	upx
behavioral2/files/0x00070000000234b6-37.dat	upx
behavioral2/memory/2824-36-0x00007FF646110000-0x00007FF646461000-memory.dmp	upx
behavioral2/memory/4128-35-0x00007FF751780000-0x00007FF751AD1000-memory.dmp	upx
behavioral2/files/0x00070000000234b5-32.dat	upx
behavioral2/memory/3196-19-0x00007FF6F3C40000-0x00007FF6F3F91000-memory.dmp	upx
behavioral2/memory/3756-16-0x00007FF660380000-0x00007FF6606D1000-memory.dmp	upx
behavioral2/files/0x00070000000234b7-42.dat	upx
behavioral2/memory/1240-43-0x00007FF651610000-0x00007FF651961000-memory.dmp	upx
behavioral2/files/0x00070000000234ba-58.dat	upx
behavioral2/memory/2744-57-0x00007FF77CAD0000-0x00007FF77CE21000-memory.dmp	upx
behavioral2/files/0x00070000000234bd-67.dat	upx
behavioral2/files/0x00070000000234bf-77.dat	upx
behavioral2/memory/1752-88-0x00007FF695800000-0x00007FF695B51000-memory.dmp	upx
behavioral2/files/0x00070000000234c1-102.dat	upx
behavioral2/files/0x00070000000234c3-110.dat	upx
behavioral2/memory/620-119-0x00007FF6F87B0000-0x00007FF6F8B01000-memory.dmp	upx
behavioral2/memory/4988-152-0x00007FF6B4460000-0x00007FF6B47B1000-memory.dmp	upx
behavioral2/memory/4368-165-0x00007FF789F30000-0x00007FF78A281000-memory.dmp	upx
behavioral2/files/0x00070000000234cd-174.dat	upx
behavioral2/memory/4696-191-0x00007FF7348A0000-0x00007FF734BF1000-memory.dmp	upx
behavioral2/memory/2976-204-0x00007FF792890000-0x00007FF792BE1000-memory.dmp	upx
behavioral2/files/0x00070000000234d1-201.dat	upx
behavioral2/files/0x00070000000234cf-199.dat	upx
behavioral2/memory/1928-198-0x00007FF70AEE0000-0x00007FF70B231000-memory.dmp	upx
behavioral2/memory/2744-197-0x00007FF77CAD0000-0x00007FF77CE21000-memory.dmp	upx
behavioral2/files/0x00070000000234d0-194.dat	upx
behavioral2/files/0x00070000000234ce-192.dat	upx
behavioral2/memory/1240-190-0x00007FF651610000-0x00007FF651961000-memory.dmp	upx
behavioral2/memory/2536-184-0x00007FF61DD20000-0x00007FF61E071000-memory.dmp	upx
behavioral2/files/0x00070000000234cc-179.dat	upx
behavioral2/memory/3000-178-0x00007FF6B05A0000-0x00007FF6B08F1000-memory.dmp	upx
behavioral2/memory/2824-177-0x00007FF646110000-0x00007FF646461000-memory.dmp	upx
behavioral2/files/0x00070000000234cb-172.dat	upx
behavioral2/memory/4072-171-0x00007FF7679D0000-0x00007FF767D21000-memory.dmp	upx
behavioral2/files/0x00070000000234ca-166.dat	upx
behavioral2/files/0x00070000000234c9-160.dat	upx
behavioral2/memory/3196-159-0x00007FF6F3C40000-0x00007FF6F3F91000-memory.dmp	upx
behavioral2/memory/3652-158-0x00007FF662F40000-0x00007FF663291000-memory.dmp	upx
behavioral2/files/0x00070000000234c8-153.dat	upx
behavioral2/files/0x00070000000234c7-147.dat	upx
behavioral2/memory/2880-146-0x00007FF6FBC90000-0x00007FF6FBFE1000-memory.dmp	upx
behavioral2/memory/1324-145-0x00007FF6D0110000-0x00007FF6D0461000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-140.dat	upx
behavioral2/memory/2144-139-0x00007FF7FC680000-0x00007FF7FC9D1000-memory.dmp	upx
behavioral2/files/0x00070000000234c5-134.dat	upx
behavioral2/memory/4392-133-0x00007FF6D3200000-0x00007FF6D3551000-memory.dmp	upx
behavioral2/memory/3756-132-0x00007FF660380000-0x00007FF6606D1000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-127.dat	upx
behavioral2/memory/3264-126-0x00007FF68CEC0000-0x00007FF68D211000-memory.dmp	upx
behavioral2/memory/3268-120-0x00007FF664A60000-0x00007FF664DB1000-memory.dmp	upx
behavioral2/files/0x00070000000234c2-114.dat	upx
behavioral2/memory/1580-113-0x00007FF6542C0000-0x00007FF654611000-memory.dmp	upx
behavioral2/memory/5056-109-0x00007FF61CD80000-0x00007FF61D0D1000-memory.dmp	upx
behavioral2/files/0x00070000000234c0-104.dat	upx
behavioral2/memory/2512-101-0x00007FF6BF760000-0x00007FF6BFAB1000-memory.dmp	upx
behavioral2/memory/3684-100-0x00007FF798830000-0x00007FF798B81000-memory.dmp	upx
behavioral2/memory/2916-97-0x00007FF7ADAF0000-0x00007FF7ADE41000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JdDzBaq.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\GmBuVAh.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\dovwryH.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\nBrrlgb.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\YzlSkft.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\QMnnRaz.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\ltupjiZ.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\kIHKsKL.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\BXLNhWT.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\VnfVGHa.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\sXLRPIM.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\tRMKDzs.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\DwbVpjR.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\uoddLor.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\BHQLOPG.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\PaDLvdt.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\PokFFLd.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\papgAlf.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\LGxdhwj.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\JnVPOnY.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\aCIzUQi.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\bOoKaPe.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\khHfqMu.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\GsezIll.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\ZVbkOVP.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\DOREZHB.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\RefSJwU.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\jIimbSu.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\HWYOzWf.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\WQXUfgU.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\QuuJVuY.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\RxIhKmc.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\eEeXdaH.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\kEaUoTQ.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\vhEhkYQ.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\OSzAaLU.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\WZLaXuT.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\fAahPfR.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\MZnkEuK.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\IodEKIu.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\klQxewA.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\QZiGQvY.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\Owksqnp.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\TsbDUdo.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\USIICyL.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\YGTOMja.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\hjdJBaw.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\cDBxhDV.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\Vmdznqe.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\JRgzuta.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\rVAbpTg.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\NVYZQwg.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\nvXSxiA.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\UOMmHVz.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\lUKkxzF.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\QjFVlyW.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\UTDOXCz.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\XiSzUgy.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\MovgBAU.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\FrLYLoD.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\nhUtgLf.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\TZfjHdq.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\GSqlmnj.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe
File created	C:\Windows\System\YOMuLEJ.exe	4f01374c9e3f296bf81fa9a1972b4330N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14360	dwm.exe
Token: SeChangeNotifyPrivilege	14360	dwm.exe
Token: 33	14360	dwm.exe
Token: SeIncBasePriorityPrivilege	14360	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 3756	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	85
PID 620 wrote to memory of 3756	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	85
PID 620 wrote to memory of 3196	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	86
PID 620 wrote to memory of 3196	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	86
PID 620 wrote to memory of 1324	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	87
PID 620 wrote to memory of 1324	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	87
PID 620 wrote to memory of 4128	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	88
PID 620 wrote to memory of 4128	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	88
PID 620 wrote to memory of 2880	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	89
PID 620 wrote to memory of 2880	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	89
PID 620 wrote to memory of 2824	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	90
PID 620 wrote to memory of 2824	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	90
PID 620 wrote to memory of 1240	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	91
PID 620 wrote to memory of 1240	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	91
PID 620 wrote to memory of 2744	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	92
PID 620 wrote to memory of 2744	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	92
PID 620 wrote to memory of 2712	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	93
PID 620 wrote to memory of 2712	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	93
PID 620 wrote to memory of 1752	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	94
PID 620 wrote to memory of 1752	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	94
PID 620 wrote to memory of 1928	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	95
PID 620 wrote to memory of 1928	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	95
PID 620 wrote to memory of 1432	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	96
PID 620 wrote to memory of 1432	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	96
PID 620 wrote to memory of 2976	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	97
PID 620 wrote to memory of 2976	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	97
PID 620 wrote to memory of 2916	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	98
PID 620 wrote to memory of 2916	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	98
PID 620 wrote to memory of 2512	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	99
PID 620 wrote to memory of 2512	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	99
PID 620 wrote to memory of 3684	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	100
PID 620 wrote to memory of 3684	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	100
PID 620 wrote to memory of 5056	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	101
PID 620 wrote to memory of 5056	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	101
PID 620 wrote to memory of 1580	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	102
PID 620 wrote to memory of 1580	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	102
PID 620 wrote to memory of 3268	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	103
PID 620 wrote to memory of 3268	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	103
PID 620 wrote to memory of 3264	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	104
PID 620 wrote to memory of 3264	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	104
PID 620 wrote to memory of 4392	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	105
PID 620 wrote to memory of 4392	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	105
PID 620 wrote to memory of 2144	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	106
PID 620 wrote to memory of 2144	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	106
PID 620 wrote to memory of 4988	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	107
PID 620 wrote to memory of 4988	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	107
PID 620 wrote to memory of 3652	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	108
PID 620 wrote to memory of 3652	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	108
PID 620 wrote to memory of 4368	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	109
PID 620 wrote to memory of 4368	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	109
PID 620 wrote to memory of 4072	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	110
PID 620 wrote to memory of 4072	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	110
PID 620 wrote to memory of 3000	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	111
PID 620 wrote to memory of 3000	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	111
PID 620 wrote to memory of 2536	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	112
PID 620 wrote to memory of 2536	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	112
PID 620 wrote to memory of 4696	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	113
PID 620 wrote to memory of 4696	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	113
PID 620 wrote to memory of 1496	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	114
PID 620 wrote to memory of 1496	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	114
PID 620 wrote to memory of 1784	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	115
PID 620 wrote to memory of 1784	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	115
PID 620 wrote to memory of 848	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	116
PID 620 wrote to memory of 848	620	4f01374c9e3f296bf81fa9a1972b4330N.exe	116

C:\Users\Admin\AppData\Local\Temp\4f01374c9e3f296bf81fa9a1972b4330N.exe
"C:\Users\Admin\AppData\Local\Temp\4f01374c9e3f296bf81fa9a1972b4330N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\System\HvViTeL.exe
  C:\Windows\System\HvViTeL.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\eoQTBey.exe
  C:\Windows\System\eoQTBey.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\RwKThIe.exe
  C:\Windows\System\RwKThIe.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\aNyPtem.exe
  C:\Windows\System\aNyPtem.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\gHtddlz.exe
  C:\Windows\System\gHtddlz.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\wZrKfrJ.exe
  C:\Windows\System\wZrKfrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\UuhkYGZ.exe
  C:\Windows\System\UuhkYGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\nvXSxiA.exe
  C:\Windows\System\nvXSxiA.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\orCPDZr.exe
  C:\Windows\System\orCPDZr.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\FarkWqK.exe
  C:\Windows\System\FarkWqK.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\BVPmdZW.exe
  C:\Windows\System\BVPmdZW.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\UHaMUvC.exe
  C:\Windows\System\UHaMUvC.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\hfTEXoe.exe
  C:\Windows\System\hfTEXoe.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\PONagig.exe
  C:\Windows\System\PONagig.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\WIIOSHV.exe
  C:\Windows\System\WIIOSHV.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\FwItNmA.exe
  C:\Windows\System\FwItNmA.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\yERGZxW.exe
  C:\Windows\System\yERGZxW.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\JDgrSaq.exe
  C:\Windows\System\JDgrSaq.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\ScGiYUG.exe
  C:\Windows\System\ScGiYUG.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\isUsDNv.exe
  C:\Windows\System\isUsDNv.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\BUPFPvD.exe
  C:\Windows\System\BUPFPvD.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\qCvVQXg.exe
  C:\Windows\System\qCvVQXg.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gXcJwhn.exe
  C:\Windows\System\gXcJwhn.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\fXwckTl.exe
  C:\Windows\System\fXwckTl.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\XUgmChQ.exe
  C:\Windows\System\XUgmChQ.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\UOMmHVz.exe
  C:\Windows\System\UOMmHVz.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\CACafvm.exe
  C:\Windows\System\CACafvm.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\eGOqqeB.exe
  C:\Windows\System\eGOqqeB.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\nBrrlgb.exe
  C:\Windows\System\nBrrlgb.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\WQXUfgU.exe
  C:\Windows\System\WQXUfgU.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\uMszOFe.exe
  C:\Windows\System\uMszOFe.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\BrXDgSO.exe
  C:\Windows\System\BrXDgSO.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\KvcrPpU.exe
  C:\Windows\System\KvcrPpU.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\fWqixlp.exe
  C:\Windows\System\fWqixlp.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\wMPSZMM.exe
  C:\Windows\System\wMPSZMM.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\OHQxuQc.exe
  C:\Windows\System\OHQxuQc.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\xThXRRB.exe
  C:\Windows\System\xThXRRB.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\YzlSkft.exe
  C:\Windows\System\YzlSkft.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\ZCkneCp.exe
  C:\Windows\System\ZCkneCp.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\bvUPKVD.exe
  C:\Windows\System\bvUPKVD.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\OezfCkb.exe
  C:\Windows\System\OezfCkb.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\pNoyOkf.exe
  C:\Windows\System\pNoyOkf.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\UDbAdqF.exe
  C:\Windows\System\UDbAdqF.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\TldWgYu.exe
  C:\Windows\System\TldWgYu.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\oifJWif.exe
  C:\Windows\System\oifJWif.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\RhhkrQb.exe
  C:\Windows\System\RhhkrQb.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\XSHrQGh.exe
  C:\Windows\System\XSHrQGh.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\WuDiZjp.exe
  C:\Windows\System\WuDiZjp.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\vVjELwI.exe
  C:\Windows\System\vVjELwI.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\sZqlSjH.exe
  C:\Windows\System\sZqlSjH.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\nowFBCT.exe
  C:\Windows\System\nowFBCT.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\NsepONi.exe
  C:\Windows\System\NsepONi.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\yeTHrXb.exe
  C:\Windows\System\yeTHrXb.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\tGEIbHx.exe
  C:\Windows\System\tGEIbHx.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\XHWBror.exe
  C:\Windows\System\XHWBror.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\BGAIqgT.exe
  C:\Windows\System\BGAIqgT.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\lpolown.exe
  C:\Windows\System\lpolown.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\gBATSxE.exe
  C:\Windows\System\gBATSxE.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\dasDaaV.exe
  C:\Windows\System\dasDaaV.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\ijerCPA.exe
  C:\Windows\System\ijerCPA.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\XlUaFMV.exe
  C:\Windows\System\XlUaFMV.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\LTWfsQs.exe
  C:\Windows\System\LTWfsQs.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\STbmuIv.exe
  C:\Windows\System\STbmuIv.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\riyULjQ.exe
  C:\Windows\System\riyULjQ.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\FrLYLoD.exe
  C:\Windows\System\FrLYLoD.exe
  2⤵
  PID:4844
- C:\Windows\System\VZaHvUh.exe
  C:\Windows\System\VZaHvUh.exe
  2⤵
  PID:4684
- C:\Windows\System\jUKAWcP.exe
  C:\Windows\System\jUKAWcP.exe
  2⤵
  PID:5000
- C:\Windows\System\PwRxCcE.exe
  C:\Windows\System\PwRxCcE.exe
  2⤵
  PID:1648
- C:\Windows\System\coCNmBu.exe
  C:\Windows\System\coCNmBu.exe
  2⤵
  PID:3900
- C:\Windows\System\OViwgwf.exe
  C:\Windows\System\OViwgwf.exe
  2⤵
  PID:2284
- C:\Windows\System\RWxCqqp.exe
  C:\Windows\System\RWxCqqp.exe
  2⤵
  PID:3964
- C:\Windows\System\RsctRsN.exe
  C:\Windows\System\RsctRsN.exe
  2⤵
  PID:4232
- C:\Windows\System\WaNeZpP.exe
  C:\Windows\System\WaNeZpP.exe
  2⤵
  PID:5088
- C:\Windows\System\uBELdUW.exe
  C:\Windows\System\uBELdUW.exe
  2⤵
  PID:2788
- C:\Windows\System\lQnLDGX.exe
  C:\Windows\System\lQnLDGX.exe
  2⤵
  PID:3932
- C:\Windows\System\vHKVPIz.exe
  C:\Windows\System\vHKVPIz.exe
  2⤵
  PID:3708
- C:\Windows\System\TahfMVM.exe
  C:\Windows\System\TahfMVM.exe
  2⤵
  PID:2304
- C:\Windows\System\WxZRPHZ.exe
  C:\Windows\System\WxZRPHZ.exe
  2⤵
  PID:508
- C:\Windows\System\oCYkMPu.exe
  C:\Windows\System\oCYkMPu.exe
  2⤵
  PID:5148
- C:\Windows\System\jmRyAXE.exe
  C:\Windows\System\jmRyAXE.exe
  2⤵
  PID:5176
- C:\Windows\System\rlHqmFW.exe
  C:\Windows\System\rlHqmFW.exe
  2⤵
  PID:5204
- C:\Windows\System\RtRnvLL.exe
  C:\Windows\System\RtRnvLL.exe
  2⤵
  PID:5232
- C:\Windows\System\fErwKAS.exe
  C:\Windows\System\fErwKAS.exe
  2⤵
  PID:5260
- C:\Windows\System\kShSvTi.exe
  C:\Windows\System\kShSvTi.exe
  2⤵
  PID:5288
- C:\Windows\System\ZuCDqkD.exe
  C:\Windows\System\ZuCDqkD.exe
  2⤵
  PID:5316
- C:\Windows\System\GXiKjxh.exe
  C:\Windows\System\GXiKjxh.exe
  2⤵
  PID:5344
- C:\Windows\System\AJmTzsb.exe
  C:\Windows\System\AJmTzsb.exe
  2⤵
  PID:5380
- C:\Windows\System\XlXXzvk.exe
  C:\Windows\System\XlXXzvk.exe
  2⤵
  PID:5400
- C:\Windows\System\omJJNgP.exe
  C:\Windows\System\omJJNgP.exe
  2⤵
  PID:5428
- C:\Windows\System\vjxcnKR.exe
  C:\Windows\System\vjxcnKR.exe
  2⤵
  PID:5456
- C:\Windows\System\oSVWdXW.exe
  C:\Windows\System\oSVWdXW.exe
  2⤵
  PID:5484
- C:\Windows\System\VMzDuum.exe
  C:\Windows\System\VMzDuum.exe
  2⤵
  PID:5512
- C:\Windows\System\RaJUFne.exe
  C:\Windows\System\RaJUFne.exe
  2⤵
  PID:5540
- C:\Windows\System\tRMKDzs.exe
  C:\Windows\System\tRMKDzs.exe
  2⤵
  PID:5568
- C:\Windows\System\WaJjtXC.exe
  C:\Windows\System\WaJjtXC.exe
  2⤵
  PID:5596
- C:\Windows\System\YpGLdUe.exe
  C:\Windows\System\YpGLdUe.exe
  2⤵
  PID:5624
- C:\Windows\System\znJXSZQ.exe
  C:\Windows\System\znJXSZQ.exe
  2⤵
  PID:5652
- C:\Windows\System\GEsKUmO.exe
  C:\Windows\System\GEsKUmO.exe
  2⤵
  PID:5680
- C:\Windows\System\qpDrqSy.exe
  C:\Windows\System\qpDrqSy.exe
  2⤵
  PID:5708
- C:\Windows\System\qmdWDAq.exe
  C:\Windows\System\qmdWDAq.exe
  2⤵
  PID:5736
- C:\Windows\System\DAwhoZX.exe
  C:\Windows\System\DAwhoZX.exe
  2⤵
  PID:5764
- C:\Windows\System\FweLJpr.exe
  C:\Windows\System\FweLJpr.exe
  2⤵
  PID:5792
- C:\Windows\System\iZdaVyb.exe
  C:\Windows\System\iZdaVyb.exe
  2⤵
  PID:5816
- C:\Windows\System\OpgLfpC.exe
  C:\Windows\System\OpgLfpC.exe
  2⤵
  PID:5844
- C:\Windows\System\wHIjtEp.exe
  C:\Windows\System\wHIjtEp.exe
  2⤵
  PID:5876
- C:\Windows\System\YGTOMja.exe
  C:\Windows\System\YGTOMja.exe
  2⤵
  PID:5900
- C:\Windows\System\FhovdjN.exe
  C:\Windows\System\FhovdjN.exe
  2⤵
  PID:5932
- C:\Windows\System\DUKJkYU.exe
  C:\Windows\System\DUKJkYU.exe
  2⤵
  PID:5960
- C:\Windows\System\VLKLHBW.exe
  C:\Windows\System\VLKLHBW.exe
  2⤵
  PID:5988
- C:\Windows\System\JOlkgYh.exe
  C:\Windows\System\JOlkgYh.exe
  2⤵
  PID:6016
- C:\Windows\System\jwKQqDb.exe
  C:\Windows\System\jwKQqDb.exe
  2⤵
  PID:6040
- C:\Windows\System\iwOReJk.exe
  C:\Windows\System\iwOReJk.exe
  2⤵
  PID:6072
- C:\Windows\System\CKRvzVs.exe
  C:\Windows\System\CKRvzVs.exe
  2⤵
  PID:6100
- C:\Windows\System\UwroIWG.exe
  C:\Windows\System\UwroIWG.exe
  2⤵
  PID:6128
- C:\Windows\System\slqHshU.exe
  C:\Windows\System\slqHshU.exe
  2⤵
  PID:1224
- C:\Windows\System\NyGLJvd.exe
  C:\Windows\System\NyGLJvd.exe
  2⤵
  PID:4280
- C:\Windows\System\gbcqlgh.exe
  C:\Windows\System\gbcqlgh.exe
  2⤵
  PID:1108
- C:\Windows\System\HjuLhqa.exe
  C:\Windows\System\HjuLhqa.exe
  2⤵
  PID:4288
- C:\Windows\System\oQxHlGS.exe
  C:\Windows\System\oQxHlGS.exe
  2⤵
  PID:4704
- C:\Windows\System\cCkvWvT.exe
  C:\Windows\System\cCkvWvT.exe
  2⤵
  PID:5132
- C:\Windows\System\yBeFKPN.exe
  C:\Windows\System\yBeFKPN.exe
  2⤵
  PID:5196
- C:\Windows\System\hdPDNDa.exe
  C:\Windows\System\hdPDNDa.exe
  2⤵
  PID:5252
- C:\Windows\System\InJZTTD.exe
  C:\Windows\System\InJZTTD.exe
  2⤵
  PID:5328
- C:\Windows\System\RPdFsmf.exe
  C:\Windows\System\RPdFsmf.exe
  2⤵
  PID:5396
- C:\Windows\System\wjWfJZG.exe
  C:\Windows\System\wjWfJZG.exe
  2⤵
  PID:5468
- C:\Windows\System\bOoKaPe.exe
  C:\Windows\System\bOoKaPe.exe
  2⤵
  PID:5528
- C:\Windows\System\QuuJVuY.exe
  C:\Windows\System\QuuJVuY.exe
  2⤵
  PID:5584
- C:\Windows\System\vALiHiL.exe
  C:\Windows\System\vALiHiL.exe
  2⤵
  PID:5664
- C:\Windows\System\FjPPWuA.exe
  C:\Windows\System\FjPPWuA.exe
  2⤵
  PID:5720
- C:\Windows\System\DMQTqkP.exe
  C:\Windows\System\DMQTqkP.exe
  2⤵
  PID:5780
- C:\Windows\System\kTflkRZ.exe
  C:\Windows\System\kTflkRZ.exe
  2⤵
  PID:5840
- C:\Windows\System\dUpFnwK.exe
  C:\Windows\System\dUpFnwK.exe
  2⤵
  PID:5916
- C:\Windows\System\AwrJjaE.exe
  C:\Windows\System\AwrJjaE.exe
  2⤵
  PID:5976
- C:\Windows\System\RWKblvB.exe
  C:\Windows\System\RWKblvB.exe
  2⤵
  PID:6032
- C:\Windows\System\DXryPVt.exe
  C:\Windows\System\DXryPVt.exe
  2⤵
  PID:6088
- C:\Windows\System\PoQpheZ.exe
  C:\Windows\System\PoQpheZ.exe
  2⤵
  PID:6140
- C:\Windows\System\khHfqMu.exe
  C:\Windows\System\khHfqMu.exe
  2⤵
  PID:432
- C:\Windows\System\GdJFeDU.exe
  C:\Windows\System\GdJFeDU.exe
  2⤵
  PID:4268
- C:\Windows\System\EuSHpQO.exe
  C:\Windows\System\EuSHpQO.exe
  2⤵
  PID:5188
- C:\Windows\System\bPUMRkb.exe
  C:\Windows\System\bPUMRkb.exe
  2⤵
  PID:5360
- C:\Windows\System\PokFFLd.exe
  C:\Windows\System\PokFFLd.exe
  2⤵
  PID:5500
- C:\Windows\System\DwbVpjR.exe
  C:\Windows\System\DwbVpjR.exe
  2⤵
  PID:5616
- C:\Windows\System\uwmPOlz.exe
  C:\Windows\System\uwmPOlz.exe
  2⤵
  PID:2480
- C:\Windows\System\hDXPAlV.exe
  C:\Windows\System\hDXPAlV.exe
  2⤵
  PID:5888
- C:\Windows\System\AWbbecZ.exe
  C:\Windows\System\AWbbecZ.exe
  2⤵
  PID:4244
- C:\Windows\System\YiGOWlS.exe
  C:\Windows\System\YiGOWlS.exe
  2⤵
  PID:4812
- C:\Windows\System\ryBKipx.exe
  C:\Windows\System\ryBKipx.exe
  2⤵
  PID:4088
- C:\Windows\System\OBQmWPh.exe
  C:\Windows\System\OBQmWPh.exe
  2⤵
  PID:5164
- C:\Windows\System\cOVdSHR.exe
  C:\Windows\System\cOVdSHR.exe
  2⤵
  PID:5044
- C:\Windows\System\MZnkEuK.exe
  C:\Windows\System\MZnkEuK.exe
  2⤵
  PID:4872
- C:\Windows\System\NwRKaun.exe
  C:\Windows\System\NwRKaun.exe
  2⤵
  PID:5948
- C:\Windows\System\djDZjQC.exe
  C:\Windows\System\djDZjQC.exe
  2⤵
  PID:2236
- C:\Windows\System\VPdlQpj.exe
  C:\Windows\System\VPdlQpj.exe
  2⤵
  PID:6164
- C:\Windows\System\hSCaYty.exe
  C:\Windows\System\hSCaYty.exe
  2⤵
  PID:6192
- C:\Windows\System\xKlzMAn.exe
  C:\Windows\System\xKlzMAn.exe
  2⤵
  PID:6220
- C:\Windows\System\snzFeAe.exe
  C:\Windows\System\snzFeAe.exe
  2⤵
  PID:6248
- C:\Windows\System\iujKyeE.exe
  C:\Windows\System\iujKyeE.exe
  2⤵
  PID:6276
- C:\Windows\System\dCjObqM.exe
  C:\Windows\System\dCjObqM.exe
  2⤵
  PID:6300
- C:\Windows\System\nhUtgLf.exe
  C:\Windows\System\nhUtgLf.exe
  2⤵
  PID:6328
- C:\Windows\System\Fbiirfw.exe
  C:\Windows\System\Fbiirfw.exe
  2⤵
  PID:6360
- C:\Windows\System\NvsBpHR.exe
  C:\Windows\System\NvsBpHR.exe
  2⤵
  PID:6388
- C:\Windows\System\QZiGQvY.exe
  C:\Windows\System\QZiGQvY.exe
  2⤵
  PID:6416
- C:\Windows\System\ehAswRC.exe
  C:\Windows\System\ehAswRC.exe
  2⤵
  PID:6444
- C:\Windows\System\WOttvFE.exe
  C:\Windows\System\WOttvFE.exe
  2⤵
  PID:6468
- C:\Windows\System\wXPmAbo.exe
  C:\Windows\System\wXPmAbo.exe
  2⤵
  PID:6500
- C:\Windows\System\KNCNtRF.exe
  C:\Windows\System\KNCNtRF.exe
  2⤵
  PID:6528
- C:\Windows\System\sUsLUcR.exe
  C:\Windows\System\sUsLUcR.exe
  2⤵
  PID:6576
- C:\Windows\System\vWBnIiG.exe
  C:\Windows\System\vWBnIiG.exe
  2⤵
  PID:6616
- C:\Windows\System\fFLRkiD.exe
  C:\Windows\System\fFLRkiD.exe
  2⤵
  PID:6640
- C:\Windows\System\GKaCDSs.exe
  C:\Windows\System\GKaCDSs.exe
  2⤵
  PID:6676
- C:\Windows\System\hiFRXtq.exe
  C:\Windows\System\hiFRXtq.exe
  2⤵
  PID:6700
- C:\Windows\System\EypdwXT.exe
  C:\Windows\System\EypdwXT.exe
  2⤵
  PID:6720
- C:\Windows\System\AaQNlJX.exe
  C:\Windows\System\AaQNlJX.exe
  2⤵
  PID:6736
- C:\Windows\System\zEgZrPT.exe
  C:\Windows\System\zEgZrPT.exe
  2⤵
  PID:6764
- C:\Windows\System\hqkyvKo.exe
  C:\Windows\System\hqkyvKo.exe
  2⤵
  PID:6784
- C:\Windows\System\lUKkxzF.exe
  C:\Windows\System\lUKkxzF.exe
  2⤵
  PID:6804
- C:\Windows\System\WsYbPKj.exe
  C:\Windows\System\WsYbPKj.exe
  2⤵
  PID:6828
- C:\Windows\System\mfgnUii.exe
  C:\Windows\System\mfgnUii.exe
  2⤵
  PID:6868
- C:\Windows\System\vhEhkYQ.exe
  C:\Windows\System\vhEhkYQ.exe
  2⤵
  PID:6892
- C:\Windows\System\yJkBktE.exe
  C:\Windows\System\yJkBktE.exe
  2⤵
  PID:6932
- C:\Windows\System\ZXxSfnC.exe
  C:\Windows\System\ZXxSfnC.exe
  2⤵
  PID:6952
- C:\Windows\System\zGukaZn.exe
  C:\Windows\System\zGukaZn.exe
  2⤵
  PID:6980
- C:\Windows\System\xNyPFvk.exe
  C:\Windows\System\xNyPFvk.exe
  2⤵
  PID:7000
- C:\Windows\System\CYIJvul.exe
  C:\Windows\System\CYIJvul.exe
  2⤵
  PID:7016
- C:\Windows\System\AtCGaUS.exe
  C:\Windows\System\AtCGaUS.exe
  2⤵
  PID:7036
- C:\Windows\System\wUeTxGS.exe
  C:\Windows\System\wUeTxGS.exe
  2⤵
  PID:7108
- C:\Windows\System\mHHrxQQ.exe
  C:\Windows\System\mHHrxQQ.exe
  2⤵
  PID:7136
- C:\Windows\System\yIJMhXt.exe
  C:\Windows\System\yIJMhXt.exe
  2⤵
  PID:7160
- C:\Windows\System\FkYMnrp.exe
  C:\Windows\System\FkYMnrp.exe
  2⤵
  PID:2664
- C:\Windows\System\fiIPTIo.exe
  C:\Windows\System\fiIPTIo.exe
  2⤵
  PID:5580
- C:\Windows\System\sRgaaMk.exe
  C:\Windows\System\sRgaaMk.exe
  2⤵
  PID:3588
- C:\Windows\System\axlPIhI.exe
  C:\Windows\System\axlPIhI.exe
  2⤵
  PID:6060
- C:\Windows\System\BMswMWU.exe
  C:\Windows\System\BMswMWU.exe
  2⤵
  PID:6156
- C:\Windows\System\AyezHQL.exe
  C:\Windows\System\AyezHQL.exe
  2⤵
  PID:6180
- C:\Windows\System\FofBDCq.exe
  C:\Windows\System\FofBDCq.exe
  2⤵
  PID:6208
- C:\Windows\System\MwwGyHo.exe
  C:\Windows\System\MwwGyHo.exe
  2⤵
  PID:6264
- C:\Windows\System\DugYWQf.exe
  C:\Windows\System\DugYWQf.exe
  2⤵
  PID:6320
- C:\Windows\System\psZtlhb.exe
  C:\Windows\System\psZtlhb.exe
  2⤵
  PID:4952
- C:\Windows\System\ecIYAKJ.exe
  C:\Windows\System\ecIYAKJ.exe
  2⤵
  PID:6400
- C:\Windows\System\papgAlf.exe
  C:\Windows\System\papgAlf.exe
  2⤵
  PID:2164
- C:\Windows\System\vavaXJy.exe
  C:\Windows\System\vavaXJy.exe
  2⤵
  PID:3036
- C:\Windows\System\GhyLUPk.exe
  C:\Windows\System\GhyLUPk.exe
  2⤵
  PID:6596
- C:\Windows\System\mmlAlLf.exe
  C:\Windows\System\mmlAlLf.exe
  2⤵
  PID:2008
- C:\Windows\System\RxIhKmc.exe
  C:\Windows\System\RxIhKmc.exe
  2⤵
  PID:6656
- C:\Windows\System\GUTXgJz.exe
  C:\Windows\System\GUTXgJz.exe
  2⤵
  PID:6772
- C:\Windows\System\BMOjiRJ.exe
  C:\Windows\System\BMOjiRJ.exe
  2⤵
  PID:6728
- C:\Windows\System\mCftGOR.exe
  C:\Windows\System\mCftGOR.exe
  2⤵
  PID:6884
- C:\Windows\System\uSUIZMF.exe
  C:\Windows\System\uSUIZMF.exe
  2⤵
  PID:6996
- C:\Windows\System\HAGSZmh.exe
  C:\Windows\System\HAGSZmh.exe
  2⤵
  PID:7012
- C:\Windows\System\OSzAaLU.exe
  C:\Windows\System\OSzAaLU.exe
  2⤵
  PID:7088
- C:\Windows\System\CDGDGCp.exe
  C:\Windows\System\CDGDGCp.exe
  2⤵
  PID:7156
- C:\Windows\System\hoNowmw.exe
  C:\Windows\System\hoNowmw.exe
  2⤵
  PID:6236
- C:\Windows\System\zxQeYOp.exe
  C:\Windows\System\zxQeYOp.exe
  2⤵
  PID:6056
- C:\Windows\System\eEeXdaH.exe
  C:\Windows\System\eEeXdaH.exe
  2⤵
  PID:2080
- C:\Windows\System\QMnnRaz.exe
  C:\Windows\System\QMnnRaz.exe
  2⤵
  PID:6204
- C:\Windows\System\rLHfltd.exe
  C:\Windows\System\rLHfltd.exe
  2⤵
  PID:2368
- C:\Windows\System\gqebDmv.exe
  C:\Windows\System\gqebDmv.exe
  2⤵
  PID:6484
- C:\Windows\System\mdHQKsZ.exe
  C:\Windows\System\mdHQKsZ.exe
  2⤵
  PID:1940
- C:\Windows\System\AZQPUWW.exe
  C:\Windows\System\AZQPUWW.exe
  2⤵
  PID:6520
- C:\Windows\System\NCxdlFX.exe
  C:\Windows\System\NCxdlFX.exe
  2⤵
  PID:4304
- C:\Windows\System\qoduoXs.exe
  C:\Windows\System\qoduoXs.exe
  2⤵
  PID:3584
- C:\Windows\System\Owksqnp.exe
  C:\Windows\System\Owksqnp.exe
  2⤵
  PID:6964
- C:\Windows\System\eJRBhhv.exe
  C:\Windows\System\eJRBhhv.exe
  2⤵
  PID:4460
- C:\Windows\System\CjNtynI.exe
  C:\Windows\System\CjNtynI.exe
  2⤵
  PID:7148
- C:\Windows\System\wYBAndO.exe
  C:\Windows\System\wYBAndO.exe
  2⤵
  PID:4904
- C:\Windows\System\IYQitpl.exe
  C:\Windows\System\IYQitpl.exe
  2⤵
  PID:4680
- C:\Windows\System\GflEwcM.exe
  C:\Windows\System\GflEwcM.exe
  2⤵
  PID:4588
- C:\Windows\System\YCPtqOK.exe
  C:\Windows\System\YCPtqOK.exe
  2⤵
  PID:6672
- C:\Windows\System\cduzKtK.exe
  C:\Windows\System\cduzKtK.exe
  2⤵
  PID:624
- C:\Windows\System\hHQFBMb.exe
  C:\Windows\System\hHQFBMb.exe
  2⤵
  PID:6852
- C:\Windows\System\sTuRuoT.exe
  C:\Windows\System\sTuRuoT.exe
  2⤵
  PID:4796
- C:\Windows\System\gVuljcB.exe
  C:\Windows\System\gVuljcB.exe
  2⤵
  PID:6176
- C:\Windows\System\jPkZKHt.exe
  C:\Windows\System\jPkZKHt.exe
  2⤵
  PID:6684
- C:\Windows\System\zNxKkyP.exe
  C:\Windows\System\zNxKkyP.exe
  2⤵
  PID:7172
- C:\Windows\System\Fezbxgm.exe
  C:\Windows\System\Fezbxgm.exe
  2⤵
  PID:7220
- C:\Windows\System\mCuqaxK.exe
  C:\Windows\System\mCuqaxK.exe
  2⤵
  PID:7244
- C:\Windows\System\HQHXNRL.exe
  C:\Windows\System\HQHXNRL.exe
  2⤵
  PID:7292
- C:\Windows\System\ZKtkalW.exe
  C:\Windows\System\ZKtkalW.exe
  2⤵
  PID:7312
- C:\Windows\System\TZfjHdq.exe
  C:\Windows\System\TZfjHdq.exe
  2⤵
  PID:7332
- C:\Windows\System\bGxzcWP.exe
  C:\Windows\System\bGxzcWP.exe
  2⤵
  PID:7364
- C:\Windows\System\LGxdhwj.exe
  C:\Windows\System\LGxdhwj.exe
  2⤵
  PID:7388
- C:\Windows\System\gHNVEWM.exe
  C:\Windows\System\gHNVEWM.exe
  2⤵
  PID:7412
- C:\Windows\System\ifVKFzR.exe
  C:\Windows\System\ifVKFzR.exe
  2⤵
  PID:7432
- C:\Windows\System\YVceutn.exe
  C:\Windows\System\YVceutn.exe
  2⤵
  PID:7456
- C:\Windows\System\ltupjiZ.exe
  C:\Windows\System\ltupjiZ.exe
  2⤵
  PID:7480
- C:\Windows\System\sdsKapQ.exe
  C:\Windows\System\sdsKapQ.exe
  2⤵
  PID:7508
- C:\Windows\System\QjFVlyW.exe
  C:\Windows\System\QjFVlyW.exe
  2⤵
  PID:7528
- C:\Windows\System\sqwLVFZ.exe
  C:\Windows\System\sqwLVFZ.exe
  2⤵
  PID:7548
- C:\Windows\System\AtZVWTM.exe
  C:\Windows\System\AtZVWTM.exe
  2⤵
  PID:7600
- C:\Windows\System\PlxiVRH.exe
  C:\Windows\System\PlxiVRH.exe
  2⤵
  PID:7628
- C:\Windows\System\jVwxcWS.exe
  C:\Windows\System\jVwxcWS.exe
  2⤵
  PID:7652
- C:\Windows\System\vBgpWoE.exe
  C:\Windows\System\vBgpWoE.exe
  2⤵
  PID:7676
- C:\Windows\System\ZXKdZpK.exe
  C:\Windows\System\ZXKdZpK.exe
  2⤵
  PID:7696
- C:\Windows\System\RyHpwBb.exe
  C:\Windows\System\RyHpwBb.exe
  2⤵
  PID:7720
- C:\Windows\System\hRMNXkN.exe
  C:\Windows\System\hRMNXkN.exe
  2⤵
  PID:7744
- C:\Windows\System\UsebZlA.exe
  C:\Windows\System\UsebZlA.exe
  2⤵
  PID:7768
- C:\Windows\System\rtgaJkV.exe
  C:\Windows\System\rtgaJkV.exe
  2⤵
  PID:7792
- C:\Windows\System\wHgqhwQ.exe
  C:\Windows\System\wHgqhwQ.exe
  2⤵
  PID:7816
- C:\Windows\System\wUwtrcR.exe
  C:\Windows\System\wUwtrcR.exe
  2⤵
  PID:7836
- C:\Windows\System\YtJhlJq.exe
  C:\Windows\System\YtJhlJq.exe
  2⤵
  PID:7868
- C:\Windows\System\oLRXmGt.exe
  C:\Windows\System\oLRXmGt.exe
  2⤵
  PID:7888
- C:\Windows\System\iiCnMdV.exe
  C:\Windows\System\iiCnMdV.exe
  2⤵
  PID:7912
- C:\Windows\System\mOWzPme.exe
  C:\Windows\System\mOWzPme.exe
  2⤵
  PID:7928
- C:\Windows\System\dXOLzRC.exe
  C:\Windows\System\dXOLzRC.exe
  2⤵
  PID:7976
- C:\Windows\System\UytimKe.exe
  C:\Windows\System\UytimKe.exe
  2⤵
  PID:8044
- C:\Windows\System\AzLsfbX.exe
  C:\Windows\System\AzLsfbX.exe
  2⤵
  PID:8072
- C:\Windows\System\bJpjnqW.exe
  C:\Windows\System\bJpjnqW.exe
  2⤵
  PID:8112
- C:\Windows\System\TiToGPR.exe
  C:\Windows\System\TiToGPR.exe
  2⤵
  PID:8164
- C:\Windows\System\kEaUoTQ.exe
  C:\Windows\System\kEaUoTQ.exe
  2⤵
  PID:8184
- C:\Windows\System\kRcnmeO.exe
  C:\Windows\System\kRcnmeO.exe
  2⤵
  PID:7184
- C:\Windows\System\bWtkeWS.exe
  C:\Windows\System\bWtkeWS.exe
  2⤵
  PID:7200
- C:\Windows\System\uQeJDTP.exe
  C:\Windows\System\uQeJDTP.exe
  2⤵
  PID:7228
- C:\Windows\System\bDyvvup.exe
  C:\Windows\System\bDyvvup.exe
  2⤵
  PID:7300
- C:\Windows\System\HUwaTxX.exe
  C:\Windows\System\HUwaTxX.exe
  2⤵
  PID:7384
- C:\Windows\System\gCwEoEo.exe
  C:\Windows\System\gCwEoEo.exe
  2⤵
  PID:7468
- C:\Windows\System\mcNXWbb.exe
  C:\Windows\System\mcNXWbb.exe
  2⤵
  PID:7544
- C:\Windows\System\YzHmeVL.exe
  C:\Windows\System\YzHmeVL.exe
  2⤵
  PID:7624
- C:\Windows\System\xoghtwl.exe
  C:\Windows\System\xoghtwl.exe
  2⤵
  PID:7580
- C:\Windows\System\LMbReMo.exe
  C:\Windows\System\LMbReMo.exe
  2⤵
  PID:7668
- C:\Windows\System\kRLRPzy.exe
  C:\Windows\System\kRLRPzy.exe
  2⤵
  PID:7740
- C:\Windows\System\otCrQkL.exe
  C:\Windows\System\otCrQkL.exe
  2⤵
  PID:7692
- C:\Windows\System\LBQuiPG.exe
  C:\Windows\System\LBQuiPG.exe
  2⤵
  PID:7828
- C:\Windows\System\rPoDCko.exe
  C:\Windows\System\rPoDCko.exe
  2⤵
  PID:7856
- C:\Windows\System\nqpfPgw.exe
  C:\Windows\System\nqpfPgw.exe
  2⤵
  PID:7920
- C:\Windows\System\hhLrLjW.exe
  C:\Windows\System\hhLrLjW.exe
  2⤵
  PID:8036
- C:\Windows\System\oDgzcOF.exe
  C:\Windows\System\oDgzcOF.exe
  2⤵
  PID:8096
- C:\Windows\System\tOwedLM.exe
  C:\Windows\System\tOwedLM.exe
  2⤵
  PID:8156
- C:\Windows\System\tRJXirX.exe
  C:\Windows\System\tRJXirX.exe
  2⤵
  PID:8176
- C:\Windows\System\oywWbom.exe
  C:\Windows\System\oywWbom.exe
  2⤵
  PID:7428
- C:\Windows\System\MOuxXwE.exe
  C:\Windows\System\MOuxXwE.exe
  2⤵
  PID:7660
- C:\Windows\System\mNOEtto.exe
  C:\Windows\System\mNOEtto.exe
  2⤵
  PID:7804
- C:\Windows\System\TsbDUdo.exe
  C:\Windows\System\TsbDUdo.exe
  2⤵
  PID:7940
- C:\Windows\System\rltEsHz.exe
  C:\Windows\System\rltEsHz.exe
  2⤵
  PID:7832
- C:\Windows\System\shobPOR.exe
  C:\Windows\System\shobPOR.exe
  2⤵
  PID:7308
- C:\Windows\System\BoFtXYS.exe
  C:\Windows\System\BoFtXYS.exe
  2⤵
  PID:7728
- C:\Windows\System\EnDAHSW.exe
  C:\Windows\System\EnDAHSW.exe
  2⤵
  PID:7712
- C:\Windows\System\UTDOXCz.exe
  C:\Windows\System\UTDOXCz.exe
  2⤵
  PID:8200
- C:\Windows\System\TmttWDs.exe
  C:\Windows\System\TmttWDs.exe
  2⤵
  PID:8228
- C:\Windows\System\MkoVlsx.exe
  C:\Windows\System\MkoVlsx.exe
  2⤵
  PID:8268
- C:\Windows\System\lWqCsxd.exe
  C:\Windows\System\lWqCsxd.exe
  2⤵
  PID:8312
- C:\Windows\System\tgKkFmV.exe
  C:\Windows\System\tgKkFmV.exe
  2⤵
  PID:8340
- C:\Windows\System\pdkFXNl.exe
  C:\Windows\System\pdkFXNl.exe
  2⤵
  PID:8356
- C:\Windows\System\PhhguKb.exe
  C:\Windows\System\PhhguKb.exe
  2⤵
  PID:8372
- C:\Windows\System\hjdJBaw.exe
  C:\Windows\System\hjdJBaw.exe
  2⤵
  PID:8428
- C:\Windows\System\uFVRPyb.exe
  C:\Windows\System\uFVRPyb.exe
  2⤵
  PID:8448
- C:\Windows\System\oHGveHQ.exe
  C:\Windows\System\oHGveHQ.exe
  2⤵
  PID:8472
- C:\Windows\System\YwzjjEZ.exe
  C:\Windows\System\YwzjjEZ.exe
  2⤵
  PID:8520
- C:\Windows\System\btrUjQC.exe
  C:\Windows\System\btrUjQC.exe
  2⤵
  PID:8540
- C:\Windows\System\MWbzsOm.exe
  C:\Windows\System\MWbzsOm.exe
  2⤵
  PID:8572
- C:\Windows\System\qEViadZ.exe
  C:\Windows\System\qEViadZ.exe
  2⤵
  PID:8600
- C:\Windows\System\ASuwAkh.exe
  C:\Windows\System\ASuwAkh.exe
  2⤵
  PID:8616
- C:\Windows\System\AxckAyA.exe
  C:\Windows\System\AxckAyA.exe
  2⤵
  PID:8636
- C:\Windows\System\EXNqplT.exe
  C:\Windows\System\EXNqplT.exe
  2⤵
  PID:8660
- C:\Windows\System\JRpGTxT.exe
  C:\Windows\System\JRpGTxT.exe
  2⤵
  PID:8684
- C:\Windows\System\AaeXjhP.exe
  C:\Windows\System\AaeXjhP.exe
  2⤵
  PID:8708
- C:\Windows\System\FkxUtWT.exe
  C:\Windows\System\FkxUtWT.exe
  2⤵
  PID:8724
- C:\Windows\System\LlsdphF.exe
  C:\Windows\System\LlsdphF.exe
  2⤵
  PID:8780
- C:\Windows\System\sLfFnkN.exe
  C:\Windows\System\sLfFnkN.exe
  2⤵
  PID:8804
- C:\Windows\System\HeaxnKh.exe
  C:\Windows\System\HeaxnKh.exe
  2⤵
  PID:8824
- C:\Windows\System\NSATwqB.exe
  C:\Windows\System\NSATwqB.exe
  2⤵
  PID:8856
- C:\Windows\System\WXjmRlq.exe
  C:\Windows\System\WXjmRlq.exe
  2⤵
  PID:8880
- C:\Windows\System\ESWJPVk.exe
  C:\Windows\System\ESWJPVk.exe
  2⤵
  PID:8904
- C:\Windows\System\rqJhNSf.exe
  C:\Windows\System\rqJhNSf.exe
  2⤵
  PID:8964
- C:\Windows\System\COEiGZl.exe
  C:\Windows\System\COEiGZl.exe
  2⤵
  PID:8992
- C:\Windows\System\prTtYtM.exe
  C:\Windows\System\prTtYtM.exe
  2⤵
  PID:9012
- C:\Windows\System\kBRoCEr.exe
  C:\Windows\System\kBRoCEr.exe
  2⤵
  PID:9032
- C:\Windows\System\INzLSRm.exe
  C:\Windows\System\INzLSRm.exe
  2⤵
  PID:9068
- C:\Windows\System\QTPBbug.exe
  C:\Windows\System\QTPBbug.exe
  2⤵
  PID:9088
- C:\Windows\System\OwxINUm.exe
  C:\Windows\System\OwxINUm.exe
  2⤵
  PID:9132
- C:\Windows\System\uoddLor.exe
  C:\Windows\System\uoddLor.exe
  2⤵
  PID:9152
- C:\Windows\System\jLxLtyL.exe
  C:\Windows\System\jLxLtyL.exe
  2⤵
  PID:9192
- C:\Windows\System\nlvQZiO.exe
  C:\Windows\System\nlvQZiO.exe
  2⤵
  PID:9208
- C:\Windows\System\WVhupHy.exe
  C:\Windows\System\WVhupHy.exe
  2⤵
  PID:7536
- C:\Windows\System\kWsVZSS.exe
  C:\Windows\System\kWsVZSS.exe
  2⤵
  PID:8056
- C:\Windows\System\yGiMVsg.exe
  C:\Windows\System\yGiMVsg.exe
  2⤵
  PID:8248
- C:\Windows\System\clENiXf.exe
  C:\Windows\System\clENiXf.exe
  2⤵
  PID:8424
- C:\Windows\System\QGFBsNh.exe
  C:\Windows\System\QGFBsNh.exe
  2⤵
  PID:8416
- C:\Windows\System\LVlwFBY.exe
  C:\Windows\System\LVlwFBY.exe
  2⤵
  PID:8468
- C:\Windows\System\ShyFyes.exe
  C:\Windows\System\ShyFyes.exe
  2⤵
  PID:8560
- C:\Windows\System\PtqAeHC.exe
  C:\Windows\System\PtqAeHC.exe
  2⤵
  PID:8652
- C:\Windows\System\ZjirFVL.exe
  C:\Windows\System\ZjirFVL.exe
  2⤵
  PID:8716
- C:\Windows\System\eYPoocq.exe
  C:\Windows\System\eYPoocq.exe
  2⤵
  PID:8796
- C:\Windows\System\kBxdmec.exe
  C:\Windows\System\kBxdmec.exe
  2⤵
  PID:8820
- C:\Windows\System\keraDea.exe
  C:\Windows\System\keraDea.exe
  2⤵
  PID:8896
- C:\Windows\System\pEodESD.exe
  C:\Windows\System\pEodESD.exe
  2⤵
  PID:8948
- C:\Windows\System\qlOfCbx.exe
  C:\Windows\System\qlOfCbx.exe
  2⤵
  PID:9004
- C:\Windows\System\ZvnGcrw.exe
  C:\Windows\System\ZvnGcrw.exe
  2⤵
  PID:9080
- C:\Windows\System\CSvfsSd.exe
  C:\Windows\System\CSvfsSd.exe
  2⤵
  PID:9168
- C:\Windows\System\EIlXgFS.exe
  C:\Windows\System\EIlXgFS.exe
  2⤵
  PID:9188
- C:\Windows\System\gmxohZK.exe
  C:\Windows\System\gmxohZK.exe
  2⤵
  PID:8152
- C:\Windows\System\pHFtJzl.exe
  C:\Windows\System\pHFtJzl.exe
  2⤵
  PID:8536
- C:\Windows\System\saRRsEn.exe
  C:\Windows\System\saRRsEn.exe
  2⤵
  PID:8648
- C:\Windows\System\lNBYfTz.exe
  C:\Windows\System\lNBYfTz.exe
  2⤵
  PID:8752
- C:\Windows\System\XeELqIF.exe
  C:\Windows\System\XeELqIF.exe
  2⤵
  PID:8876
- C:\Windows\System\AVucnha.exe
  C:\Windows\System\AVucnha.exe
  2⤵
  PID:8956
- C:\Windows\System\mVhGdbb.exe
  C:\Windows\System\mVhGdbb.exe
  2⤵
  PID:7372
- C:\Windows\System\aUVAAnS.exe
  C:\Windows\System\aUVAAnS.exe
  2⤵
  PID:8500
- C:\Windows\System\hRuWtXs.exe
  C:\Windows\System\hRuWtXs.exe
  2⤵
  PID:8552
- C:\Windows\System\LZXqLOY.exe
  C:\Windows\System\LZXqLOY.exe
  2⤵
  PID:9204
- C:\Windows\System\OAUKkxB.exe
  C:\Windows\System\OAUKkxB.exe
  2⤵
  PID:8308
- C:\Windows\System\iuAVHkh.exe
  C:\Windows\System\iuAVHkh.exe
  2⤵
  PID:9236
- C:\Windows\System\WqosgcQ.exe
  C:\Windows\System\WqosgcQ.exe
  2⤵
  PID:9272
- C:\Windows\System\uJuKOQF.exe
  C:\Windows\System\uJuKOQF.exe
  2⤵
  PID:9288
- C:\Windows\System\RefSJwU.exe
  C:\Windows\System\RefSJwU.exe
  2⤵
  PID:9316
- C:\Windows\System\OHKFLMc.exe
  C:\Windows\System\OHKFLMc.exe
  2⤵
  PID:9356
- C:\Windows\System\NIdPYcb.exe
  C:\Windows\System\NIdPYcb.exe
  2⤵
  PID:9388
- C:\Windows\System\cVcMJxN.exe
  C:\Windows\System\cVcMJxN.exe
  2⤵
  PID:9408
- C:\Windows\System\ZTJHvWP.exe
  C:\Windows\System\ZTJHvWP.exe
  2⤵
  PID:9456
- C:\Windows\System\WZLaXuT.exe
  C:\Windows\System\WZLaXuT.exe
  2⤵
  PID:9504
- C:\Windows\System\MFwtcdr.exe
  C:\Windows\System\MFwtcdr.exe
  2⤵
  PID:9536
- C:\Windows\System\hMxrWsv.exe
  C:\Windows\System\hMxrWsv.exe
  2⤵
  PID:9552
- C:\Windows\System\LOXczdK.exe
  C:\Windows\System\LOXczdK.exe
  2⤵
  PID:9568
- C:\Windows\System\SylxGKW.exe
  C:\Windows\System\SylxGKW.exe
  2⤵
  PID:9584
- C:\Windows\System\FBLkYHT.exe
  C:\Windows\System\FBLkYHT.exe
  2⤵
  PID:9600
- C:\Windows\System\yhdJehX.exe
  C:\Windows\System\yhdJehX.exe
  2⤵
  PID:9700
- C:\Windows\System\MEMqUvs.exe
  C:\Windows\System\MEMqUvs.exe
  2⤵
  PID:9736
- C:\Windows\System\eVcAWKl.exe
  C:\Windows\System\eVcAWKl.exe
  2⤵
  PID:9756
- C:\Windows\System\OIYgmKh.exe
  C:\Windows\System\OIYgmKh.exe
  2⤵
  PID:9776
- C:\Windows\System\kuwIpki.exe
  C:\Windows\System\kuwIpki.exe
  2⤵
  PID:9828
- C:\Windows\System\RaAIkUi.exe
  C:\Windows\System\RaAIkUi.exe
  2⤵
  PID:9852
- C:\Windows\System\tySJSwi.exe
  C:\Windows\System\tySJSwi.exe
  2⤵
  PID:9908
- C:\Windows\System\YtuzGxU.exe
  C:\Windows\System\YtuzGxU.exe
  2⤵
  PID:9944
- C:\Windows\System\asfjmXG.exe
  C:\Windows\System\asfjmXG.exe
  2⤵
  PID:9996
- C:\Windows\System\CXqzcnp.exe
  C:\Windows\System\CXqzcnp.exe
  2⤵
  PID:10020
- C:\Windows\System\GqTkpNn.exe
  C:\Windows\System\GqTkpNn.exe
  2⤵
  PID:10044
- C:\Windows\System\DvMwrzC.exe
  C:\Windows\System\DvMwrzC.exe
  2⤵
  PID:10064
- C:\Windows\System\ZbSoLlW.exe
  C:\Windows\System\ZbSoLlW.exe
  2⤵
  PID:10088
- C:\Windows\System\wVZcnVH.exe
  C:\Windows\System\wVZcnVH.exe
  2⤵
  PID:10136
- C:\Windows\System\JRgzuta.exe
  C:\Windows\System\JRgzuta.exe
  2⤵
  PID:10160
- C:\Windows\System\jIimbSu.exe
  C:\Windows\System\jIimbSu.exe
  2⤵
  PID:10192
- C:\Windows\System\msGRPmz.exe
  C:\Windows\System\msGRPmz.exe
  2⤵
  PID:10216
- C:\Windows\System\rVAbpTg.exe
  C:\Windows\System\rVAbpTg.exe
  2⤵
  PID:10236
- C:\Windows\System\USIICyL.exe
  C:\Windows\System\USIICyL.exe
  2⤵
  PID:9260
- C:\Windows\System\LXbSham.exe
  C:\Windows\System\LXbSham.exe
  2⤵
  PID:9304
- C:\Windows\System\rHsiYae.exe
  C:\Windows\System\rHsiYae.exe
  2⤵
  PID:9340
- C:\Windows\System\MQSBURb.exe
  C:\Windows\System\MQSBURb.exe
  2⤵
  PID:9496
- C:\Windows\System\HWYOzWf.exe
  C:\Windows\System\HWYOzWf.exe
  2⤵
  PID:9428
- C:\Windows\System\RsOocof.exe
  C:\Windows\System\RsOocof.exe
  2⤵
  PID:9424
- C:\Windows\System\JqdzrdK.exe
  C:\Windows\System\JqdzrdK.exe
  2⤵
  PID:9624
- C:\Windows\System\fAahPfR.exe
  C:\Windows\System\fAahPfR.exe
  2⤵
  PID:9560
- C:\Windows\System\auOOZip.exe
  C:\Windows\System\auOOZip.exe
  2⤵
  PID:9612
- C:\Windows\System\rkOiARc.exe
  C:\Windows\System\rkOiARc.exe
  2⤵
  PID:9696
- C:\Windows\System\aBgZSeT.exe
  C:\Windows\System\aBgZSeT.exe
  2⤵
  PID:9752
- C:\Windows\System\OeGLOSa.exe
  C:\Windows\System\OeGLOSa.exe
  2⤵
  PID:9800
- C:\Windows\System\dmOvaaW.exe
  C:\Windows\System\dmOvaaW.exe
  2⤵
  PID:9876
- C:\Windows\System\jctUiEX.exe
  C:\Windows\System\jctUiEX.exe
  2⤵
  PID:9932
- C:\Windows\System\euCnmmh.exe
  C:\Windows\System\euCnmmh.exe
  2⤵
  PID:9988
- C:\Windows\System\QCLXvhz.exe
  C:\Windows\System\QCLXvhz.exe
  2⤵
  PID:10108
- C:\Windows\System\fcbkweL.exe
  C:\Windows\System\fcbkweL.exe
  2⤵
  PID:10156
- C:\Windows\System\BTcDIkG.exe
  C:\Windows\System\BTcDIkG.exe
  2⤵
  PID:10204
- C:\Windows\System\XOvtcLy.exe
  C:\Windows\System\XOvtcLy.exe
  2⤵
  PID:8668
- C:\Windows\System\GHfIEbi.exe
  C:\Windows\System\GHfIEbi.exe
  2⤵
  PID:9332
- C:\Windows\System\hPHiJrB.exe
  C:\Windows\System\hPHiJrB.exe
  2⤵
  PID:9400
- C:\Windows\System\IuxGRqf.exe
  C:\Windows\System\IuxGRqf.exe
  2⤵
  PID:9708
- C:\Windows\System\HpcKzxa.exe
  C:\Windows\System\HpcKzxa.exe
  2⤵
  PID:9768
- C:\Windows\System\yKhLKWi.exe
  C:\Windows\System\yKhLKWi.exe
  2⤵
  PID:9816
- C:\Windows\System\MoMxiQY.exe
  C:\Windows\System\MoMxiQY.exe
  2⤵
  PID:9936
- C:\Windows\System\yhCKPsY.exe
  C:\Windows\System\yhCKPsY.exe
  2⤵
  PID:10228
- C:\Windows\System\BHQLOPG.exe
  C:\Windows\System\BHQLOPG.exe
  2⤵
  PID:10176
- C:\Windows\System\XgBzNHl.exe
  C:\Windows\System\XgBzNHl.exe
  2⤵
  PID:4416
- C:\Windows\System\PmQwVnC.exe
  C:\Windows\System\PmQwVnC.exe
  2⤵
  PID:9576
- C:\Windows\System\vMKHuRK.exe
  C:\Windows\System\vMKHuRK.exe
  2⤵
  PID:9848
- C:\Windows\System\WCrtqqn.exe
  C:\Windows\System\WCrtqqn.exe
  2⤵
  PID:9528
- C:\Windows\System\IodEKIu.exe
  C:\Windows\System\IodEKIu.exe
  2⤵
  PID:10120
- C:\Windows\System\VXsZCdH.exe
  C:\Windows\System\VXsZCdH.exe
  2⤵
  PID:10260
- C:\Windows\System\UpojUaV.exe
  C:\Windows\System\UpojUaV.exe
  2⤵
  PID:10284
- C:\Windows\System\XtYTkgD.exe
  C:\Windows\System\XtYTkgD.exe
  2⤵
  PID:10304
- C:\Windows\System\HAfRdpL.exe
  C:\Windows\System\HAfRdpL.exe
  2⤵
  PID:10332
- C:\Windows\System\zRZCqSu.exe
  C:\Windows\System\zRZCqSu.exe
  2⤵
  PID:10364
- C:\Windows\System\fgIPAGe.exe
  C:\Windows\System\fgIPAGe.exe
  2⤵
  PID:10384
- C:\Windows\System\GSqlmnj.exe
  C:\Windows\System\GSqlmnj.exe
  2⤵
  PID:10408
- C:\Windows\System\RSRhyjk.exe
  C:\Windows\System\RSRhyjk.exe
  2⤵
  PID:10460
- C:\Windows\System\GxjJvhz.exe
  C:\Windows\System\GxjJvhz.exe
  2⤵
  PID:10488
- C:\Windows\System\rGhGonA.exe
  C:\Windows\System\rGhGonA.exe
  2⤵
  PID:10520
- C:\Windows\System\ByTDeuC.exe
  C:\Windows\System\ByTDeuC.exe
  2⤵
  PID:10540
- C:\Windows\System\soOiOpJ.exe
  C:\Windows\System\soOiOpJ.exe
  2⤵
  PID:10556
- C:\Windows\System\ksWHFPr.exe
  C:\Windows\System\ksWHFPr.exe
  2⤵
  PID:10588
- C:\Windows\System\NGkfCzs.exe
  C:\Windows\System\NGkfCzs.exe
  2⤵
  PID:10604
- C:\Windows\System\MYvnbku.exe
  C:\Windows\System\MYvnbku.exe
  2⤵
  PID:10640
- C:\Windows\System\flMyJoT.exe
  C:\Windows\System\flMyJoT.exe
  2⤵
  PID:10668
- C:\Windows\System\ALVoElX.exe
  C:\Windows\System\ALVoElX.exe
  2⤵
  PID:10692
- C:\Windows\System\yhILirC.exe
  C:\Windows\System\yhILirC.exe
  2⤵
  PID:10712
- C:\Windows\System\yAmdHMv.exe
  C:\Windows\System\yAmdHMv.exe
  2⤵
  PID:10752
- C:\Windows\System\SSuiWsy.exe
  C:\Windows\System\SSuiWsy.exe
  2⤵
  PID:10808
- C:\Windows\System\WeoYoVS.exe
  C:\Windows\System\WeoYoVS.exe
  2⤵
  PID:10828
- C:\Windows\System\NPrSTRH.exe
  C:\Windows\System\NPrSTRH.exe
  2⤵
  PID:10860
- C:\Windows\System\iSRqAvH.exe
  C:\Windows\System\iSRqAvH.exe
  2⤵
  PID:10896
- C:\Windows\System\xisHiFy.exe
  C:\Windows\System\xisHiFy.exe
  2⤵
  PID:10924
- C:\Windows\System\jlZToUs.exe
  C:\Windows\System\jlZToUs.exe
  2⤵
  PID:10948
- C:\Windows\System\kIHKsKL.exe
  C:\Windows\System\kIHKsKL.exe
  2⤵
  PID:10964
- C:\Windows\System\FzrLLBr.exe
  C:\Windows\System\FzrLLBr.exe
  2⤵
  PID:10984
- C:\Windows\System\IngUPOB.exe
  C:\Windows\System\IngUPOB.exe
  2⤵
  PID:11008
- C:\Windows\System\wOmJlhm.exe
  C:\Windows\System\wOmJlhm.exe
  2⤵
  PID:11040
- C:\Windows\System\sUmCEeA.exe
  C:\Windows\System\sUmCEeA.exe
  2⤵
  PID:11056
- C:\Windows\System\uwDBwOY.exe
  C:\Windows\System\uwDBwOY.exe
  2⤵
  PID:11080
- C:\Windows\System\gpqxrlT.exe
  C:\Windows\System\gpqxrlT.exe
  2⤵
  PID:11108
- C:\Windows\System\wdERLiz.exe
  C:\Windows\System\wdERLiz.exe
  2⤵
  PID:11172
- C:\Windows\System\yBYWPMz.exe
  C:\Windows\System\yBYWPMz.exe
  2⤵
  PID:11196
- C:\Windows\System\FykdJHg.exe
  C:\Windows\System\FykdJHg.exe
  2⤵
  PID:11212
- C:\Windows\System\eXWVlRR.exe
  C:\Windows\System\eXWVlRR.exe
  2⤵
  PID:10152
- C:\Windows\System\XpcHzbK.exe
  C:\Windows\System\XpcHzbK.exe
  2⤵
  PID:10252
- C:\Windows\System\kynYphE.exe
  C:\Windows\System\kynYphE.exe
  2⤵
  PID:10300
- C:\Windows\System\hAemMwM.exe
  C:\Windows\System\hAemMwM.exe
  2⤵
  PID:10340
- C:\Windows\System\wuoIAoh.exe
  C:\Windows\System\wuoIAoh.exe
  2⤵
  PID:10436
- C:\Windows\System\WTZDoOp.exe
  C:\Windows\System\WTZDoOp.exe
  2⤵
  PID:10496
- C:\Windows\System\tesrEpK.exe
  C:\Windows\System\tesrEpK.exe
  2⤵
  PID:10576
- C:\Windows\System\ipvFvtM.exe
  C:\Windows\System\ipvFvtM.exe
  2⤵
  PID:10656
- C:\Windows\System\GArLILJ.exe
  C:\Windows\System\GArLILJ.exe
  2⤵
  PID:10704
- C:\Windows\System\AENykHy.exe
  C:\Windows\System\AENykHy.exe
  2⤵
  PID:10824
- C:\Windows\System\OZVCbWJ.exe
  C:\Windows\System\OZVCbWJ.exe
  2⤵
  PID:10892
- C:\Windows\System\YgkSwsO.exe
  C:\Windows\System\YgkSwsO.exe
  2⤵
  PID:10932
- C:\Windows\System\eAPfZlT.exe
  C:\Windows\System\eAPfZlT.exe
  2⤵
  PID:10956
- C:\Windows\System\OxloSps.exe
  C:\Windows\System\OxloSps.exe
  2⤵
  PID:10992
- C:\Windows\System\qfdkqah.exe
  C:\Windows\System\qfdkqah.exe
  2⤵
  PID:11016
- C:\Windows\System\TkjzRrG.exe
  C:\Windows\System\TkjzRrG.exe
  2⤵
  PID:11128
- C:\Windows\System\jNNnUio.exe
  C:\Windows\System\jNNnUio.exe
  2⤵
  PID:11184
- C:\Windows\System\yHVmEmh.exe
  C:\Windows\System\yHVmEmh.exe
  2⤵
  PID:10380
- C:\Windows\System\mTnyRRg.exe
  C:\Windows\System\mTnyRRg.exe
  2⤵
  PID:10468
- C:\Windows\System\iHZkdKj.exe
  C:\Windows\System\iHZkdKj.exe
  2⤵
  PID:10532
- C:\Windows\System\PRdgakz.exe
  C:\Windows\System\PRdgakz.exe
  2⤵
  PID:10748
- C:\Windows\System\fHmjtoW.exe
  C:\Windows\System\fHmjtoW.exe
  2⤵
  PID:10944
- C:\Windows\System\PrFwUFJ.exe
  C:\Windows\System\PrFwUFJ.exe
  2⤵
  PID:4320
- C:\Windows\System\CshyKtN.exe
  C:\Windows\System\CshyKtN.exe
  2⤵
  PID:10528
- C:\Windows\System\izPOpWg.exe
  C:\Windows\System\izPOpWg.exe
  2⤵
  PID:10856
- C:\Windows\System\oGInTXJ.exe
  C:\Windows\System\oGInTXJ.exe
  2⤵
  PID:11064
- C:\Windows\System\KxMyWjh.exe
  C:\Windows\System\KxMyWjh.exe
  2⤵
  PID:10676
- C:\Windows\System\GMNutSC.exe
  C:\Windows\System\GMNutSC.exe
  2⤵
  PID:11272
- C:\Windows\System\CKGuxoO.exe
  C:\Windows\System\CKGuxoO.exe
  2⤵
  PID:11296
- C:\Windows\System\mUpHVku.exe
  C:\Windows\System\mUpHVku.exe
  2⤵
  PID:11324
- C:\Windows\System\miApJtV.exe
  C:\Windows\System\miApJtV.exe
  2⤵
  PID:11348
- C:\Windows\System\TvSrneY.exe
  C:\Windows\System\TvSrneY.exe
  2⤵
  PID:11372
- C:\Windows\System\xelJwZb.exe
  C:\Windows\System\xelJwZb.exe
  2⤵
  PID:11392
- C:\Windows\System\SpgaSRi.exe
  C:\Windows\System\SpgaSRi.exe
  2⤵
  PID:11424
- C:\Windows\System\yZCkfyx.exe
  C:\Windows\System\yZCkfyx.exe
  2⤵
  PID:11444
- C:\Windows\System\pPqzDIB.exe
  C:\Windows\System\pPqzDIB.exe
  2⤵
  PID:11476
- C:\Windows\System\QPBWGUI.exe
  C:\Windows\System\QPBWGUI.exe
  2⤵
  PID:11512
- C:\Windows\System\sqBZmej.exe
  C:\Windows\System\sqBZmej.exe
  2⤵
  PID:11552
- C:\Windows\System\JdDzBaq.exe
  C:\Windows\System\JdDzBaq.exe
  2⤵
  PID:11568
- C:\Windows\System\sOazMAJ.exe
  C:\Windows\System\sOazMAJ.exe
  2⤵
  PID:11588
- C:\Windows\System\LavVQIN.exe
  C:\Windows\System\LavVQIN.exe
  2⤵
  PID:11624
- C:\Windows\System\EJMJShf.exe
  C:\Windows\System\EJMJShf.exe
  2⤵
  PID:11664
- C:\Windows\System\eLzAOjy.exe
  C:\Windows\System\eLzAOjy.exe
  2⤵
  PID:11680
- C:\Windows\System\bpmcbel.exe
  C:\Windows\System\bpmcbel.exe
  2⤵
  PID:11708
- C:\Windows\System\hxgrMrs.exe
  C:\Windows\System\hxgrMrs.exe
  2⤵
  PID:11724
- C:\Windows\System\MSkFEHW.exe
  C:\Windows\System\MSkFEHW.exe
  2⤵
  PID:11752
- C:\Windows\System\NVYZQwg.exe
  C:\Windows\System\NVYZQwg.exe
  2⤵
  PID:11788
- C:\Windows\System\QZgBesC.exe
  C:\Windows\System\QZgBesC.exe
  2⤵
  PID:11812
- C:\Windows\System\DCFaWrl.exe
  C:\Windows\System\DCFaWrl.exe
  2⤵
  PID:11832
- C:\Windows\System\jwnzfeX.exe
  C:\Windows\System\jwnzfeX.exe
  2⤵
  PID:11852
- C:\Windows\System\XiSzUgy.exe
  C:\Windows\System\XiSzUgy.exe
  2⤵
  PID:11876
- C:\Windows\System\rkhPSqk.exe
  C:\Windows\System\rkhPSqk.exe
  2⤵
  PID:11896
- C:\Windows\System\ogqmQoW.exe
  C:\Windows\System\ogqmQoW.exe
  2⤵
  PID:11924
- C:\Windows\System\VxOouZx.exe
  C:\Windows\System\VxOouZx.exe
  2⤵
  PID:11960
- C:\Windows\System\NDpUyFR.exe
  C:\Windows\System\NDpUyFR.exe
  2⤵
  PID:12016
- C:\Windows\System\JKdegZf.exe
  C:\Windows\System\JKdegZf.exe
  2⤵
  PID:12036
- C:\Windows\System\BbitOaE.exe
  C:\Windows\System\BbitOaE.exe
  2⤵
  PID:12064
- C:\Windows\System\PefeGek.exe
  C:\Windows\System\PefeGek.exe
  2⤵
  PID:12084
- C:\Windows\System\tpHvHpb.exe
  C:\Windows\System\tpHvHpb.exe
  2⤵
  PID:12128
- C:\Windows\System\GsezIll.exe
  C:\Windows\System\GsezIll.exe
  2⤵
  PID:12156
- C:\Windows\System\BZTSTrH.exe
  C:\Windows\System\BZTSTrH.exe
  2⤵
  PID:12176
- C:\Windows\System\NYfgjsc.exe
  C:\Windows\System\NYfgjsc.exe
  2⤵
  PID:12192
- C:\Windows\System\lZWqTHR.exe
  C:\Windows\System\lZWqTHR.exe
  2⤵
  PID:12240
- C:\Windows\System\nTobWFz.exe
  C:\Windows\System\nTobWFz.exe
  2⤵
  PID:12280
- C:\Windows\System\NHVGepa.exe
  C:\Windows\System\NHVGepa.exe
  2⤵
  PID:11288
- C:\Windows\System\RWvfnAL.exe
  C:\Windows\System\RWvfnAL.exe
  2⤵
  PID:11312
- C:\Windows\System\zZxaqpl.exe
  C:\Windows\System\zZxaqpl.exe
  2⤵
  PID:11472
- C:\Windows\System\zhFkwHe.exe
  C:\Windows\System\zhFkwHe.exe
  2⤵
  PID:11508
- C:\Windows\System\EearjCc.exe
  C:\Windows\System\EearjCc.exe
  2⤵
  PID:11580
- C:\Windows\System\eISnftx.exe
  C:\Windows\System\eISnftx.exe
  2⤵
  PID:11604
- C:\Windows\System\zDxDGCO.exe
  C:\Windows\System\zDxDGCO.exe
  2⤵
  PID:11692
- C:\Windows\System\lHNkJuj.exe
  C:\Windows\System\lHNkJuj.exe
  2⤵
  PID:11764
- C:\Windows\System\PmrliXp.exe
  C:\Windows\System\PmrliXp.exe
  2⤵
  PID:11848
- C:\Windows\System\uQdmzJZ.exe
  C:\Windows\System\uQdmzJZ.exe
  2⤵
  PID:11828
- C:\Windows\System\iTvyDWf.exe
  C:\Windows\System\iTvyDWf.exe
  2⤵
  PID:11972
- C:\Windows\System\sDBLmRL.exe
  C:\Windows\System\sDBLmRL.exe
  2⤵
  PID:12008
- C:\Windows\System\jtQMUBB.exe
  C:\Windows\System\jtQMUBB.exe
  2⤵
  PID:12096
- C:\Windows\System\WHhewik.exe
  C:\Windows\System\WHhewik.exe
  2⤵
  PID:12144
- C:\Windows\System\HuzXmwO.exe
  C:\Windows\System\HuzXmwO.exe
  2⤵
  PID:12184
- C:\Windows\System\qYHeXwo.exe
  C:\Windows\System\qYHeXwo.exe
  2⤵
  PID:11364
- C:\Windows\System\OgBvOhB.exe
  C:\Windows\System\OgBvOhB.exe
  2⤵
  PID:11536
- C:\Windows\System\dnQRLVQ.exe
  C:\Windows\System\dnQRLVQ.exe
  2⤵
  PID:11660
- C:\Windows\System\ZwTofvt.exe
  C:\Windows\System\ZwTofvt.exe
  2⤵
  PID:11700
- C:\Windows\System\CCtECek.exe
  C:\Windows\System\CCtECek.exe
  2⤵
  PID:11780
- C:\Windows\System\bSBtPnG.exe
  C:\Windows\System\bSBtPnG.exe
  2⤵
  PID:11460
- C:\Windows\System\YQVLmar.exe
  C:\Windows\System\YQVLmar.exe
  2⤵
  PID:11736
- C:\Windows\System\TDsxDGl.exe
  C:\Windows\System\TDsxDGl.exe
  2⤵
  PID:11292
- C:\Windows\System\JwaMHfh.exe
  C:\Windows\System\JwaMHfh.exe
  2⤵
  PID:2064
- C:\Windows\System\RrrqvIS.exe
  C:\Windows\System\RrrqvIS.exe
  2⤵
  PID:12004
- C:\Windows\System\EZoOKkS.exe
  C:\Windows\System\EZoOKkS.exe
  2⤵
  PID:12304
- C:\Windows\System\SmRSdfo.exe
  C:\Windows\System\SmRSdfo.exe
  2⤵
  PID:12320
- C:\Windows\System\DfNUuPl.exe
  C:\Windows\System\DfNUuPl.exe
  2⤵
  PID:12348
- C:\Windows\System\aygHBFj.exe
  C:\Windows\System\aygHBFj.exe
  2⤵
  PID:12368
- C:\Windows\System\vtlDGSs.exe
  C:\Windows\System\vtlDGSs.exe
  2⤵
  PID:12396
- C:\Windows\System\eOQvjUz.exe
  C:\Windows\System\eOQvjUz.exe
  2⤵
  PID:12412
- C:\Windows\System\GsgvrQe.exe
  C:\Windows\System\GsgvrQe.exe
  2⤵
  PID:12464
- C:\Windows\System\BswLKcq.exe
  C:\Windows\System\BswLKcq.exe
  2⤵
  PID:12504
- C:\Windows\System\NwsqLIw.exe
  C:\Windows\System\NwsqLIw.exe
  2⤵
  PID:12528
- C:\Windows\System\yKhjqhM.exe
  C:\Windows\System\yKhjqhM.exe
  2⤵
  PID:12548
- C:\Windows\System\hSgQSgX.exe
  C:\Windows\System\hSgQSgX.exe
  2⤵
  PID:12588
- C:\Windows\System\arpnrqh.exe
  C:\Windows\System\arpnrqh.exe
  2⤵
  PID:12684
- C:\Windows\System\HrNXlfv.exe
  C:\Windows\System\HrNXlfv.exe
  2⤵
  PID:12712
- C:\Windows\System\uLoIrOH.exe
  C:\Windows\System\uLoIrOH.exe
  2⤵
  PID:12768
- C:\Windows\System\vakiKfZ.exe
  C:\Windows\System\vakiKfZ.exe
  2⤵
  PID:12800
- C:\Windows\System\edKtOVN.exe
  C:\Windows\System\edKtOVN.exe
  2⤵
  PID:12844
- C:\Windows\System\QhyWXzc.exe
  C:\Windows\System\QhyWXzc.exe
  2⤵
  PID:12872
- C:\Windows\System\VNUvGBU.exe
  C:\Windows\System\VNUvGBU.exe
  2⤵
  PID:12896
- C:\Windows\System\kKIhGmc.exe
  C:\Windows\System\kKIhGmc.exe
  2⤵
  PID:12916
- C:\Windows\System\yDJnrhH.exe
  C:\Windows\System\yDJnrhH.exe
  2⤵
  PID:12940
- C:\Windows\System\FKZkjQg.exe
  C:\Windows\System\FKZkjQg.exe
  2⤵
  PID:12984
- C:\Windows\System\XvsHOPc.exe
  C:\Windows\System\XvsHOPc.exe
  2⤵
  PID:13004
- C:\Windows\System\dQqtTCr.exe
  C:\Windows\System\dQqtTCr.exe
  2⤵
  PID:13028
- C:\Windows\System\iTWHHIo.exe
  C:\Windows\System\iTWHHIo.exe
  2⤵
  PID:13048
- C:\Windows\System\mQRWYnr.exe
  C:\Windows\System\mQRWYnr.exe
  2⤵
  PID:13084
- C:\Windows\System\WZDRICd.exe
  C:\Windows\System\WZDRICd.exe
  2⤵
  PID:13108
- C:\Windows\System\dAsCqXC.exe
  C:\Windows\System\dAsCqXC.exe
  2⤵
  PID:13148
- C:\Windows\System\VYNATfU.exe
  C:\Windows\System\VYNATfU.exe
  2⤵
  PID:13172
- C:\Windows\System\YmJzucT.exe
  C:\Windows\System\YmJzucT.exe
  2⤵
  PID:13196
- C:\Windows\System\ZwwhewR.exe
  C:\Windows\System\ZwwhewR.exe
  2⤵
  PID:13216
- C:\Windows\System\BXaYZuh.exe
  C:\Windows\System\BXaYZuh.exe
  2⤵
  PID:13236
- C:\Windows\System\KzBAEhL.exe
  C:\Windows\System\KzBAEhL.exe
  2⤵
  PID:13268
- C:\Windows\System\oAlLQrA.exe
  C:\Windows\System\oAlLQrA.exe
  2⤵
  PID:11640
- C:\Windows\System\wDKeema.exe
  C:\Windows\System\wDKeema.exe
  2⤵
  PID:11540
- C:\Windows\System\QZHmbma.exe
  C:\Windows\System\QZHmbma.exe
  2⤵
  PID:11944
- C:\Windows\System\NfFnsex.exe
  C:\Windows\System\NfFnsex.exe
  2⤵
  PID:11892
- C:\Windows\System\MIPgaqU.exe
  C:\Windows\System\MIPgaqU.exe
  2⤵
  PID:12312
- C:\Windows\System\wlAWLne.exe
  C:\Windows\System\wlAWLne.exe
  2⤵
  PID:12336
- C:\Windows\System\cDBxhDV.exe
  C:\Windows\System\cDBxhDV.exe
  2⤵
  PID:12380
- C:\Windows\System\BIeEerr.exe
  C:\Windows\System\BIeEerr.exe
  2⤵
  PID:12448
- C:\Windows\System\QbrypuS.exe
  C:\Windows\System\QbrypuS.exe
  2⤵
  PID:12616
- C:\Windows\System\wZGuWji.exe
  C:\Windows\System\wZGuWji.exe
  2⤵
  PID:12524
- C:\Windows\System\ewejDvR.exe
  C:\Windows\System\ewejDvR.exe
  2⤵
  PID:12724
- C:\Windows\System\klQxewA.exe
  C:\Windows\System\klQxewA.exe
  2⤵
  PID:12748
- C:\Windows\System\stNTYDZ.exe
  C:\Windows\System\stNTYDZ.exe
  2⤵
  PID:12840
- C:\Windows\System\YGvkkkM.exe
  C:\Windows\System\YGvkkkM.exe
  2⤵
  PID:12912
- C:\Windows\System\zsXIEPF.exe
  C:\Windows\System\zsXIEPF.exe
  2⤵
  PID:12972
- C:\Windows\System\FeJRHuZ.exe
  C:\Windows\System\FeJRHuZ.exe
  2⤵
  PID:13064
- C:\Windows\System\TPpgzAp.exe
  C:\Windows\System\TPpgzAp.exe
  2⤵
  PID:13100
- C:\Windows\System\PaDLvdt.exe
  C:\Windows\System\PaDLvdt.exe
  2⤵
  PID:13228
- C:\Windows\System\FijaXlo.exe
  C:\Windows\System\FijaXlo.exe
  2⤵
  PID:13256
- C:\Windows\System\ktAbgnt.exe
  C:\Windows\System\ktAbgnt.exe
  2⤵
  PID:1920
- C:\Windows\System\cFsWtKp.exe
  C:\Windows\System\cFsWtKp.exe
  2⤵
  PID:12328
- C:\Windows\System\fUdXTai.exe
  C:\Windows\System\fUdXTai.exe
  2⤵
  PID:12360
- C:\Windows\System\FmsIitw.exe
  C:\Windows\System\FmsIitw.exe
  2⤵
  PID:12580
- C:\Windows\System\NLsNstT.exe
  C:\Windows\System\NLsNstT.exe
  2⤵
  PID:12704
- C:\Windows\System\YIXXoZF.exe
  C:\Windows\System\YIXXoZF.exe
  2⤵
  PID:12860
- C:\Windows\System\ZGtHZYe.exe
  C:\Windows\System\ZGtHZYe.exe
  2⤵
  PID:12992
- C:\Windows\System\zybaucl.exe
  C:\Windows\System\zybaucl.exe
  2⤵
  PID:13156
- C:\Windows\System\WOZVlLX.exe
  C:\Windows\System\WOZVlLX.exe
  2⤵
  PID:13280
- C:\Windows\System\iojQHPw.exe
  C:\Windows\System\iojQHPw.exe
  2⤵
  PID:12248
- C:\Windows\System\rOinnIG.exe
  C:\Windows\System\rOinnIG.exe
  2⤵
  PID:12420
- C:\Windows\System\IGkWSPM.exe
  C:\Windows\System\IGkWSPM.exe
  2⤵
  PID:13276
- C:\Windows\System\JnqshEJ.exe
  C:\Windows\System\JnqshEJ.exe
  2⤵
  PID:11332
- C:\Windows\System\vjkRumK.exe
  C:\Windows\System\vjkRumK.exe
  2⤵
  PID:12236
- C:\Windows\System\jzgPzqf.exe
  C:\Windows\System\jzgPzqf.exe
  2⤵
  PID:13340
- C:\Windows\System\ZXnoXow.exe
  C:\Windows\System\ZXnoXow.exe
  2⤵
  PID:13364
- C:\Windows\System\Vmdznqe.exe
  C:\Windows\System\Vmdznqe.exe
  2⤵
  PID:13380
- C:\Windows\System\mwzIrTz.exe
  C:\Windows\System\mwzIrTz.exe
  2⤵
  PID:13408
- C:\Windows\System\ahYAysX.exe
  C:\Windows\System\ahYAysX.exe
  2⤵
  PID:13436
- C:\Windows\System\obCTgOb.exe
  C:\Windows\System\obCTgOb.exe
  2⤵
  PID:13452
- C:\Windows\System\KbnOAFW.exe
  C:\Windows\System\KbnOAFW.exe
  2⤵
  PID:13488
- C:\Windows\System\miEVNlp.exe
  C:\Windows\System\miEVNlp.exe
  2⤵
  PID:13516
- C:\Windows\System\LQzwfyH.exe
  C:\Windows\System\LQzwfyH.exe
  2⤵
  PID:13552
- C:\Windows\System\mQlGJay.exe
  C:\Windows\System\mQlGJay.exe
  2⤵
  PID:13576
- C:\Windows\System\DFCPRdJ.exe
  C:\Windows\System\DFCPRdJ.exe
  2⤵
  PID:13616
- C:\Windows\System\zqfzOZc.exe
  C:\Windows\System\zqfzOZc.exe
  2⤵
  PID:13660
- C:\Windows\System\jPSYWie.exe
  C:\Windows\System\jPSYWie.exe
  2⤵
  PID:13684
- C:\Windows\System\AYzNSKj.exe
  C:\Windows\System\AYzNSKj.exe
  2⤵
  PID:13712
- C:\Windows\System\HAXsmhg.exe
  C:\Windows\System\HAXsmhg.exe
  2⤵
  PID:13740
- C:\Windows\System\fDAWiKs.exe
  C:\Windows\System\fDAWiKs.exe
  2⤵
  PID:13768
- C:\Windows\System\gYrfdFC.exe
  C:\Windows\System\gYrfdFC.exe
  2⤵
  PID:13788
- C:\Windows\System\BXLNhWT.exe
  C:\Windows\System\BXLNhWT.exe
  2⤵
  PID:13820
- C:\Windows\System\qwqGMNc.exe
  C:\Windows\System\qwqGMNc.exe
  2⤵
  PID:13852
- C:\Windows\System\rzJRVTH.exe
  C:\Windows\System\rzJRVTH.exe
  2⤵
  PID:13876
- C:\Windows\System\hRkoSSj.exe
  C:\Windows\System\hRkoSSj.exe
  2⤵
  PID:13920
- C:\Windows\System\NqIBovq.exe
  C:\Windows\System\NqIBovq.exe
  2⤵
  PID:13944
- C:\Windows\System\mwGNmgg.exe
  C:\Windows\System\mwGNmgg.exe
  2⤵
  PID:13976
- C:\Windows\System\MfsMdOZ.exe
  C:\Windows\System\MfsMdOZ.exe
  2⤵
  PID:14000
- C:\Windows\System\TZiBguQ.exe
  C:\Windows\System\TZiBguQ.exe
  2⤵
  PID:14032
- C:\Windows\System\BMhqOvn.exe
  C:\Windows\System\BMhqOvn.exe
  2⤵
  PID:14056
- C:\Windows\System\KvbroXM.exe
  C:\Windows\System\KvbroXM.exe
  2⤵
  PID:14084
- C:\Windows\System\JnVPOnY.exe
  C:\Windows\System\JnVPOnY.exe
  2⤵
  PID:14124
- C:\Windows\System\MYzmmZI.exe
  C:\Windows\System\MYzmmZI.exe
  2⤵
  PID:14160
- C:\Windows\System\jmUuQQI.exe
  C:\Windows\System\jmUuQQI.exe
  2⤵
  PID:14188
- C:\Windows\System\VnfVGHa.exe
  C:\Windows\System\VnfVGHa.exe
  2⤵
  PID:14204
- C:\Windows\System\ZVbkOVP.exe
  C:\Windows\System\ZVbkOVP.exe
  2⤵
  PID:14228
- C:\Windows\System\QMgGYPt.exe
  C:\Windows\System\QMgGYPt.exe
  2⤵
  PID:14292
- C:\Windows\System\Lfqbuyz.exe
  C:\Windows\System\Lfqbuyz.exe
  2⤵
  PID:14320
- C:\Windows\System\grCQGSi.exe
  C:\Windows\System\grCQGSi.exe
  2⤵
  PID:13376
- C:\Windows\System\LIOnASt.exe
  C:\Windows\System\LIOnASt.exe
  2⤵
  PID:13424
- C:\Windows\System\lSqppvx.exe
  C:\Windows\System\lSqppvx.exe
  2⤵
  PID:13504
- C:\Windows\System\guhWlyJ.exe
  C:\Windows\System\guhWlyJ.exe
  2⤵
  PID:13548
- C:\Windows\System\DOREZHB.exe
  C:\Windows\System\DOREZHB.exe
  2⤵
  PID:13592
- C:\Windows\System\lmaSvco.exe
  C:\Windows\System\lmaSvco.exe
  2⤵
  PID:13636
- C:\Windows\System\hpIopzf.exe
  C:\Windows\System\hpIopzf.exe
  2⤵
  PID:13736
- C:\Windows\System\xDZUVXv.exe
  C:\Windows\System\xDZUVXv.exe
  2⤵
  PID:13796
- C:\Windows\System\yrSgfPn.exe
  C:\Windows\System\yrSgfPn.exe
  2⤵
  PID:13872
- C:\Windows\System\moaKFLe.exe
  C:\Windows\System\moaKFLe.exe
  2⤵
  PID:13996
- C:\Windows\System\UgBAkLc.exe
  C:\Windows\System\UgBAkLc.exe
  2⤵
  PID:14048
- C:\Windows\System\APmCoRQ.exe
  C:\Windows\System\APmCoRQ.exe
  2⤵
  PID:14120
- C:\Windows\System\sJtSrbY.exe
  C:\Windows\System\sJtSrbY.exe
  2⤵
  PID:14168
- C:\Windows\System\TFFPcLw.exe
  C:\Windows\System\TFFPcLw.exe
  2⤵
  PID:14304
- C:\Windows\System\VhxCFbz.exe
  C:\Windows\System\VhxCFbz.exe
  2⤵
  PID:13360
- C:\Windows\System\YOMuLEJ.exe
  C:\Windows\System\YOMuLEJ.exe
  2⤵
  PID:13472
- C:\Windows\System\YXJLGUr.exe
  C:\Windows\System\YXJLGUr.exe
  2⤵
  PID:13656
- C:\Windows\System\KoAsNAO.exe
  C:\Windows\System\KoAsNAO.exe
  2⤵
  PID:1760
- C:\Windows\System\SdjiByX.exe
  C:\Windows\System\SdjiByX.exe
  2⤵
  PID:13868
- C:\Windows\System\TcgJOvC.exe
  C:\Windows\System\TcgJOvC.exe
  2⤵
  PID:14072
- C:\Windows\System\KukUQAo.exe
  C:\Windows\System\KukUQAo.exe
  2⤵
  PID:13596
- C:\Windows\System\ClNlSZv.exe
  C:\Windows\System\ClNlSZv.exe
  2⤵
  PID:13896
- C:\Windows\System\iclclbb.exe
  C:\Windows\System\iclclbb.exe
  2⤵
  PID:13336
- C:\Windows\System\hWyhlxz.exe
  C:\Windows\System\hWyhlxz.exe
  2⤵
  PID:14368
- C:\Windows\System\dIGJIbS.exe
  C:\Windows\System\dIGJIbS.exe
  2⤵
  PID:14432
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14432 -s 220
    3⤵
    PID:15292
- C:\Windows\System\ZWXHmjG.exe
  C:\Windows\System\ZWXHmjG.exe
  2⤵
  PID:14452
- C:\Windows\System\JMxrsza.exe
  C:\Windows\System\JMxrsza.exe
  2⤵
  PID:14472

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BUPFPvD.exe

Filesize
1.9MB

MD5
37de6a7d4f863c4a85898b9c04e2a330

SHA1
7a3170dbbc89b241fe3b21003d0b87e84b8b77fe

SHA256
20f63c110bbbef6fa3de26cca84ae71187bdd01f9f5de1c84ac2c7c3b51d881d

SHA512
69a5b61a91f08564c9c72c023f00526cbe950321d05fc0e6f027e2a43ee87cf7ba60ba601a740cce91835ac8e7742fd06c9e5f8c76960fa4b462b8cc5abea215

Download Submit
C:\Windows\System\BVPmdZW.exe

Filesize
1.9MB

MD5
b0376139ff13e55e28aa44b1541a8209

SHA1
b5ea4d0fff9871d2a6ca3079b0d0c61f8d19fa45

SHA256
97b94ae7636c61dd0375e91f53ff314124d8854abaaca7dab2866fb43e51d82a

SHA512
e0c753e52a7e86b11d0f1cd82038c83a0ada67a239c01ce485e334640c11e08bd42f6b815ea901f44dcb359bed7d5102597c3f47da02a8065a89e427f23611a9

Download Submit
C:\Windows\System\BrXDgSO.exe

Filesize
1.9MB

MD5
0f0584b65c65dd6b1b4160ac159fccc7

SHA1
beaea862ad6832d477d2a95c118ef0cf0a7d1f59

SHA256
388afe9cc12a41429c068657f170e818ebea411e68e8c56cafc0626f7d952dc5

SHA512
d4fc0ec6c53ae6d39e807e96f4e990a7c31cef0b8f562d618b7c6eed391bb6d12546e6eca0b458a6a04bda99bbbc1d1b488c6d4a123308c99a95e49376ffebb0

Download Submit
C:\Windows\System\CACafvm.exe

Filesize
1.9MB

MD5
55c2af50ecdbbcc24c786c5ebea914db

SHA1
dbf662250e550229fdaba0b2478b82d062e6ef8f

SHA256
4f2547250002849c40a2d35a9d553cef79b148130c1b1e602a64f2fec8ff76e0

SHA512
eaa19bfa9a3111d67e752c2931517998cb506b36680648c0d3eb07a1f8bb40a4a76285fe0ccb467dc4b7e8b36cf832f5e0110223a13b0dbcb58eb4268a4e4cff

Download Submit
C:\Windows\System\FarkWqK.exe

Filesize
1.9MB

MD5
081fa9510427888ac4cee560bb7bb690

SHA1
25bd8d487882d89ccaee6314da27dd690b426d95

SHA256
29c2732aacb5b1de98b3bcd44df055b8310cf479740ed59e810c804ff307a31e

SHA512
62ff4ecd690dd6de4f5698dfdb8c46afd140cb0676630606379238183b987ad6d36af3b9a434b36d030839e55945196570d4d8cedf3b8a1d409ecfa1ab382987

Download Submit
C:\Windows\System\FwItNmA.exe

Filesize
1.9MB

MD5
329230f13dcfb0f72102e0e81a098c37

SHA1
69320525a57602683a0c79fc798bc2c9328e3224

SHA256
97f12be79429cdc7b4645f09a44c3325c9c2fbe3a60052ddcd5da727ac198648

SHA512
17504104225124e31165dc945dd75ec5cfe09edd34e62a8fea8721de3d22921139bba6a9c5cdf11639bff72a898ab2e256d58f03b77a76afd30f14017cd19498

Download Submit
C:\Windows\System\HvViTeL.exe

Filesize
1.9MB

MD5
9c2e2871c3fb76593a47f82ea0efa932

SHA1
8a1659a5195bfc41a965ce895c8baaeeab054d6c

SHA256
97f3bdb7a571dd9c43910f48060e18c7e2e5d410831375d4a8ec2a5da635fb4d

SHA512
8456683ae10bf4baa7d7a097daee4505add839c4e19897868d5c7f218c0898153b86b267cb8dc0a90860444b3c42a2caadeeed5ea5adf1cd2d5eaa9ca37ecbd7

Download Submit
C:\Windows\System\JDgrSaq.exe

Filesize
1.9MB

MD5
4efd366a0e52effc45f737597c4d2da2

SHA1
cd64466cae07c5e7c48d414cc6c7133e16c3d652

SHA256
bedc59d3a5c23cb8acb93106ca473fb4c57dbdf42e7c59c501e97aae99164a98

SHA512
81014ed36a4875cb20a741abd7448f673751b2fcf6040d9dfc4411c31d63a5884424f40edd7a59f89d7d334ef6389e29ff71e05fda6296526250dac2d34e2894

Download Submit
C:\Windows\System\KvcrPpU.exe

Filesize
1.9MB

MD5
eff8909839243a4ab7955c8b5bc3851f

SHA1
610ebe070f808fed8058aaac9f67a3a92768581a

SHA256
a9a1c40a560a810f42e7bbe342a17981030ba6448a2fcebc5c8afc7a0489fa81

SHA512
084d4e2d37267dbcf2e9d4009a63c8d25044ea73fbd441c3b13c8b9c51d7131c82c2c7740cf39ff7f878fa74d61606a4ba7a0fd40ec8d89c9bed5ee438e9beeb

Download Submit
C:\Windows\System\PONagig.exe

Filesize
1.9MB

MD5
e2dffa2afacc23012cdef06e358c2a3d

SHA1
290b015b728af2a0629a502b194c3ee20324fe76

SHA256
3dda43755266684cdc5cde70d548b9ccbae5edaca22611bede1f4730417393e9

SHA512
d2eec306725bccfb70d9a351f2ccebf10b0881acd2b93f9f8acb8f36e25a5e18e278ec713d0968e5581e424bcba650d01cc7d505c2ea054233537f3e19357dfe

Download Submit
C:\Windows\System\RwKThIe.exe

Filesize
1.9MB

MD5
92a444019db8c51c01ec92995903b0a9

SHA1
c0ef8f24ccfc3645ee830e88754e9854b30ff296

SHA256
aa504e6496c2451694ce1bf95208ca0140d0c7349dd0a99032c480de26d1423c

SHA512
1cf8f4e45caf7a4b9b370435e8d27a319e587bd2e0c6eb9a421752b82aa2d84e086eb7867939384c7c83d0c54663f8024e968f30802b70c3bacc243e208706e1

Download Submit
C:\Windows\System\ScGiYUG.exe

Filesize
1.9MB

MD5
9b353024baf8dd8b490f44c497eaf979

SHA1
029031de8deebd5baaf45b5d10a8d2d3c247a196

SHA256
6113aad68117138fbe0249b52bd8033d7d5fa2ff746b5d79bb6d9103de4fc9c1

SHA512
7ec0c3a1aa04ec57d931ed3b546143fb15728fd2cb7eefec48382ab7d9ddb3f3cd6deb085041e8d916b31323383cb598a0686a1714f5094aacf78c8c2873bb2c

Download Submit
C:\Windows\System\UHaMUvC.exe

Filesize
1.9MB

MD5
ea0540ce71cb70051feaf81e5096beb4

SHA1
6c2edee3e564dd0a4410f14ad687474759df38b9

SHA256
af977bb9415f66234eea0d5074a6e16fd185d6302f72b90a094036bff9664aee

SHA512
686de4163b84ef6a630b27ea2ed86f7fe636af76dc8dd772546ffd77e5a6c5fea57678d8e55d7965c637484dde6d1c41dc1c0566afc2d42cdea16afb80bc1150

Download Submit
C:\Windows\System\UOMmHVz.exe

Filesize
1.9MB

MD5
445446e7681d7e29cb5d3c805bdc19f4

SHA1
cb8249fda8832de90cc3101b73fc1ab75caab542

SHA256
141b495d263936fffddf5c096c743cf290bdce8d338f812c8e991cd1d05fc056

SHA512
312baa75cf460bf57ed4bfe69ecf0e25fc306248f60cd69b609d4399bcbfafa5e20886fcaea00582cfcc02992a16eca15185c8f9fa4e09fea810003a271f57fc

Download Submit
C:\Windows\System\UuhkYGZ.exe

Filesize
1.9MB

MD5
f681172382e823e631c7941c1093770e

SHA1
de311f3f737711943d3c62cfb61189d4b119483c

SHA256
4d230796e04d3d59272bcc1653709603a83c957e20cc38d365ce1f2c4d006f14

SHA512
2082491f2c8ed3bb46140d07a865833e365c15de03512ae6576f4a9009462501327cf34388e90840e9fc0a1474a37e73cc1582a9c0d1a784d09781e0a70cb17c

Download Submit
C:\Windows\System\WIIOSHV.exe

Filesize
1.9MB

MD5
bde0e267ebd9bb82a40200b7a82a845c

SHA1
5ef61583b95d1a1f569405d469f3b023cbd84a1f

SHA256
4085b1314da28edc526a2133ffb4659d2776e32c0d9fcf9e444081943b292da4

SHA512
08247a46f48accf8f675b9b15b38bb102ff6d046bf225a6dd627f208420ed101404f6869c711f970a37bb9c968cda8ed478dad0a9238ccde5cff407931ae9e71

Download Submit
C:\Windows\System\WQXUfgU.exe

Filesize
1.9MB

MD5
9ab400a0031d482a34401ca4fd4c439e

SHA1
8c2600298602784563a95c13e7342c3148d9a175

SHA256
0e0cb2ed9a8a827e210e4c2b6a5fae83bfb8d8559286b555649e04f035da64fd

SHA512
8fcd2f4d13c51546581f242e9485702def9cca3bf87ac80518ef3bcf1e5e2f8a53438ee197c650c0db41523de4d1939801f9037325a2706670b1558dc7a8096b

Download Submit
C:\Windows\System\XUgmChQ.exe

Filesize
1.9MB

MD5
0f237709139d8014f3786225b789c9db

SHA1
ac37a8b4909d38ef155d17ba1e45cb76fceb12ad

SHA256
fcbdc5fe01ae0bcd29cbeacc75413fb238c58085e34780e1dafda8ee6aa944f5

SHA512
5b27bf06f684286113918f3e8ea6934fc6f6ced3b66e6d36175eeb7532b88fcb71dfde81a949a2516cfc69364b13036c1da5a6d39e834a8e69bc714029ce4d20

Download Submit
C:\Windows\System\aNyPtem.exe

Filesize
1.9MB

MD5
43da907c5ff27eece3e2412f7dd1dd13

SHA1
b7795867d4cdda38347d00e3d4c5ffabc0243b1d

SHA256
e909204b5d4462ef1458d351f918e379d741dc8c214ebf02cc03c1ebafb5d205

SHA512
b4276ebc1371b9cb363811b53b9e714625c55b265c2d12543fdede929cfc36bb03285fdeaa5743d8f43e604dfcfb951c63e235860561f84eb7fa86d427c00c76

Download Submit
C:\Windows\System\eGOqqeB.exe

Filesize
1.9MB

MD5
935384ba9931b022f5fcf6e166a7eaac

SHA1
9141a560086d8650c6b0034e45cb8d0bc483deff

SHA256
de9ebe2e8e29703ee841d3a65e477974eb5fbe2d7c752cd812a3a32b8b9a991a

SHA512
4218da4ddb10903cd206aefde03961571344296ca9723fc3f6a905e6163ffe0317848cda0502a473e5c8805d8be0967dd0042165e7deb4e91ed249bbd94ca159

Download Submit
C:\Windows\System\eoQTBey.exe

Filesize
1.9MB

MD5
3e8d328c6994a5b510ebe7834a5d339e

SHA1
c08427f1f81071c2d5a898b9b825817462c314c2

SHA256
6f82b7eb6d736f6e56c873f40f2dbaefdfa45d544feb729dc57efc999b862806

SHA512
a38210be0aede1b44f28c16daefdc47bd7df5051c0bab784b48252f1fff99d81a32e297ce59639d2c0c146373e492252a87cfd268aab96570a13e5fd48602f08

Download Submit
C:\Windows\System\fXwckTl.exe

Filesize
1.9MB

MD5
e90cb9a46994992894d371db32751f6b

SHA1
5308e44792b5a7a8817d8ac30460dca365b1c612

SHA256
1199d4f2a5abed3d6bfc5902f80eb6c18720c9a50fcbd939476850dbb402bb23

SHA512
7dc0484e4260e3dda808351fbbc90454e151878a55a30ac677be11bc0ec47a7f7a3625eb0a53461cf05ae7400b7f9b4095949cc4e93e2be17d8e4a88d912ea8a

Download Submit
C:\Windows\System\gHtddlz.exe

Filesize
1.9MB

MD5
945a207c3f88482bc9472905708ed2e3

SHA1
9d25614c38928f28b3fabcdadacdbf868168501d

SHA256
c55ac4466f08552d8ec606892eabde7e0a8a76ca04f87452ee0eb839c0f4f59a

SHA512
ca377a47236293be0f05cd34f9edf8c76b7950ed433c16010361b6fe2f0d6f7eacb994cc6e4c7a6adcc2805f4ae561699580c76e726d877488ceddd5427c7813

Download Submit
C:\Windows\System\gXcJwhn.exe

Filesize
1.9MB

MD5
a466c8e742d189006e270b7abfeb3c11

SHA1
12f6738f4f00999e68f444517d9d7233100ec236

SHA256
f92bb67aa9dcace2d93dd029fdece8ad3780fc191df319a44175e0f072a3d602

SHA512
48c29944eae6775af186c667ad3056bfd9b0172232ec385b481cf493f7eb168fb60c9e0016415e87d23cba8862eb39e41c8252bed815de38c7e71aa5e5ad509b

Download Submit
C:\Windows\System\hfTEXoe.exe

Filesize
1.9MB

MD5
7ccb1391d2c277c001a287e8a21b496e

SHA1
753f219665f923675786a15fca84016cb6a475d2

SHA256
b566fe4c2978dc96189a6ad61b19e27a2b23962a7b85e8fbd4915fe79f3fdd3f

SHA512
a31acf493c6d91ab3e36ad8753e2ce69d8c30be8c3f5b27529ec44e8801c5f9c53ed4c40f30da93dac3dcf2c583ce11ffae92fdd4734b175c74b359757244775

Download Submit
C:\Windows\System\isUsDNv.exe

Filesize
1.9MB

MD5
afbdf5f42a5f4a555c73a2d44627fb92

SHA1
71d1f3b4d4a7629924b999e9e6b51d18683eb389

SHA256
4b215671a48fbc848130c20039b7d50a55032ddef09dca97bbad646c8141ea06

SHA512
d39a7b90ace41c9b84fe64fb794132c4e5f8e7c41fd726b56eef7f393c429b5ef755885694c7916a3a69a1b0e32937d3393a4934db0d4cdedc56ba4ebeb1bf5a

Download Submit
C:\Windows\System\nBrrlgb.exe

Filesize
1.9MB

MD5
e8007414f04da261d2fdb852c387b616

SHA1
7e6700504b442e75a5fc701b745564ebe098ccd3

SHA256
72062e32caae84282f401815e679d9238dc4fc78e6cd8d2aa049efacd908480c

SHA512
fb27e258815c7febdea4acd284a16d22cdeb2f0e121c11f091f99bc2915fd4b0ebf22898f2401cfbd3c392aa821847f942cf73c6df4e01432d5fcf540d8431e3

Download Submit
C:\Windows\System\nvXSxiA.exe

Filesize
1.9MB

MD5
0fa832fbd588e3652ed183acba034e9f

SHA1
c206b7d76287ae223bd76059d75874b4382f483c

SHA256
3379e8af4f905fc6c0e7505f631294dd747fac5d1dbde13f0d999358b7e45268

SHA512
ee19023de94c0ab866c29615dce7c611a00b0d04f095f0ae0f3bc1e2b47c71cffc2219dc6fd489d546f6f21579a5fa587965d351311f730454ed31d25a744a8c

Download Submit
C:\Windows\System\orCPDZr.exe

Filesize
1.9MB

MD5
8c24d6d33e3dfb15f733adcdb23231e1

SHA1
f3d3199e189da11195563301abe8ed6e552358a1

SHA256
f6af43e8c5290805f4e3baa9009602a5a468b256f7910c52ca2b2d47ac18c93c

SHA512
e3acd2e333a0e2aae73b8e9e272303140d7e4cabd13736270bdee8069f4b3b843a536dedd40aededc55efe19b58e1b616e2305a8d3777e92ffd964a4c32a8f7c

Download Submit
C:\Windows\System\qCvVQXg.exe

Filesize
1.9MB

MD5
4eea67a0e8ce5d3fa59728ee323e6e93

SHA1
34e64ca409681beac8fff6d23bfc422301fad93c

SHA256
847780461afd67f607a52fc9d15cf1b29961a4b6920d7a73cbb0f9e5278878b5

SHA512
5167ef0209b3f1199e6eabae23fc112ad6dfd01933bfc4ae7d6751bcfd23e520524685aad3b6a6897b3eeeda3b8e243fdc31b3567bd2fa07109db6cf5fd088ad

Download Submit
C:\Windows\System\uMszOFe.exe

Filesize
1.9MB

MD5
0481de7ce045f5eeb723a9c1ab6908d3

SHA1
c6d0470f5cb6a6f222d7e2ee64b1b45ac0a3cd4a

SHA256
a01546b4a203f732e22d2eefe081e8d6e81a4a1eb9675e8df020dfa924dcb063

SHA512
c5a6db6d0b07cd63310151c7e1c8d85f7b707ef59a42160154fec3eee116f48f49677399d148de2cadda47bb794ebbe0e75ce56ad8ada336ae040af4fa027e63

Download Submit
C:\Windows\System\wZrKfrJ.exe

Filesize
1.9MB

MD5
22d3fa71d6af01ccd130ecda5673dada

SHA1
eaa1dbac92626269302913a55f5acc91188a74a9

SHA256
7e2b8783af055312385264805a942ee362cac3222e8d6b84484c7a93f0c00bab

SHA512
c4affb2e2d9b5898d45e5a8157e5a64a5417cb42950a2a7f9855665b6f0728d68c986d485b8b311ba1c91c51c6a87e994160e0a1406ebcb8943cd6743450d8e1

Download Submit
C:\Windows\System\yERGZxW.exe

Filesize
1.9MB

MD5
c401a91d5f461d52ab03242f7681fbb8

SHA1
0a6fd7c165edb14f7b47575631f3e2f144f2a130

SHA256
70ddc1f711c8378456bcc2118e15dfaacb295dd81939d3fbb5f2ddadcf91efa6

SHA512
a3632e281c464e947ae50b0945aa8016f8566d1aedf093330c67785ff83c030f645066222e8d535dab8863edf5d3e28bc0b37f79a8d1d3d8f7d25328888a0b2b

Download Submit
memory/620-0-0x00007FF6F87B0000-0x00007FF6F8B01000-memory.dmp

Filesize
3.3MB

Download
memory/620-119-0x00007FF6F87B0000-0x00007FF6F8B01000-memory.dmp

Filesize
3.3MB

Download
memory/620-1-0x000001D0CCDB0000-0x000001D0CCDC0000-memory.dmp

Filesize
64KB

Download
memory/1240-190-0x00007FF651610000-0x00007FF651961000-memory.dmp

Filesize
3.3MB

Download
memory/1240-2283-0x00007FF651610000-0x00007FF651961000-memory.dmp

Filesize
3.3MB

Download
memory/1240-43-0x00007FF651610000-0x00007FF651961000-memory.dmp

Filesize
3.3MB

Download
memory/1324-27-0x00007FF6D0110000-0x00007FF6D0461000-memory.dmp

Filesize
3.3MB

Download
memory/1324-2278-0x00007FF6D0110000-0x00007FF6D0461000-memory.dmp

Filesize
3.3MB

Download
memory/1324-145-0x00007FF6D0110000-0x00007FF6D0461000-memory.dmp

Filesize
3.3MB

Download
memory/1432-94-0x00007FF63AFA0000-0x00007FF63B2F1000-memory.dmp

Filesize
3.3MB

Download
memory/1432-2293-0x00007FF63AFA0000-0x00007FF63B2F1000-memory.dmp

Filesize
3.3MB

Download
memory/1580-113-0x00007FF6542C0000-0x00007FF654611000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2307-0x00007FF6542C0000-0x00007FF654611000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2228-0x00007FF6542C0000-0x00007FF654611000-memory.dmp

Filesize
3.3MB

Download
memory/1752-2291-0x00007FF695800000-0x00007FF695B51000-memory.dmp

Filesize
3.3MB

Download
memory/1752-88-0x00007FF695800000-0x00007FF695B51000-memory.dmp

Filesize
3.3MB

Download
memory/1752-1257-0x00007FF695800000-0x00007FF695B51000-memory.dmp

Filesize
3.3MB

Download
memory/1928-68-0x00007FF70AEE0000-0x00007FF70B231000-memory.dmp

Filesize
3.3MB

Download
memory/1928-198-0x00007FF70AEE0000-0x00007FF70B231000-memory.dmp

Filesize
3.3MB

Download
memory/1928-2289-0x00007FF70AEE0000-0x00007FF70B231000-memory.dmp

Filesize
3.3MB

Download
memory/2144-139-0x00007FF7FC680000-0x00007FF7FC9D1000-memory.dmp

Filesize
3.3MB

Download
memory/2144-2315-0x00007FF7FC680000-0x00007FF7FC9D1000-memory.dmp

Filesize
3.3MB

Download
memory/2144-2256-0x00007FF7FC680000-0x00007FF7FC9D1000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2297-0x00007FF6BF760000-0x00007FF6BFAB1000-memory.dmp

Filesize
3.3MB

Download
memory/2512-101-0x00007FF6BF760000-0x00007FF6BFAB1000-memory.dmp

Filesize
3.3MB

Download
memory/2536-184-0x00007FF61DD20000-0x00007FF61E071000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2331-0x00007FF61DD20000-0x00007FF61E071000-memory.dmp

Filesize
3.3MB

Download
memory/2712-64-0x00007FF76C130000-0x00007FF76C481000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2285-0x00007FF76C130000-0x00007FF76C481000-memory.dmp

Filesize
3.3MB

Download
memory/2744-197-0x00007FF77CAD0000-0x00007FF77CE21000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2287-0x00007FF77CAD0000-0x00007FF77CE21000-memory.dmp

Filesize
3.3MB

Download
memory/2744-57-0x00007FF77CAD0000-0x00007FF77CE21000-memory.dmp

Filesize
3.3MB

Download
memory/2824-177-0x00007FF646110000-0x00007FF646461000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2280-0x00007FF646110000-0x00007FF646461000-memory.dmp

Filesize
3.3MB

Download
memory/2824-36-0x00007FF646110000-0x00007FF646461000-memory.dmp

Filesize
3.3MB

Download
memory/2880-34-0x00007FF6FBC90000-0x00007FF6FBFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2275-0x00007FF6FBC90000-0x00007FF6FBFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2880-146-0x00007FF6FBC90000-0x00007FF6FBFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2916-97-0x00007FF7ADAF0000-0x00007FF7ADE41000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2295-0x00007FF7ADAF0000-0x00007FF7ADE41000-memory.dmp

Filesize
3.3MB

Download
memory/2976-204-0x00007FF792890000-0x00007FF792BE1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2299-0x00007FF792890000-0x00007FF792BE1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-73-0x00007FF792890000-0x00007FF792BE1000-memory.dmp

Filesize
3.3MB

Download
memory/3000-178-0x00007FF6B05A0000-0x00007FF6B08F1000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2319-0x00007FF6B05A0000-0x00007FF6B08F1000-memory.dmp

Filesize
3.3MB

Download
memory/3196-159-0x00007FF6F3C40000-0x00007FF6F3F91000-memory.dmp

Filesize
3.3MB

Download
memory/3196-19-0x00007FF6F3C40000-0x00007FF6F3F91000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2272-0x00007FF6F3C40000-0x00007FF6F3F91000-memory.dmp

Filesize
3.3MB

Download
memory/3264-126-0x00007FF68CEC0000-0x00007FF68D211000-memory.dmp

Filesize
3.3MB

Download
memory/3264-2309-0x00007FF68CEC0000-0x00007FF68D211000-memory.dmp

Filesize
3.3MB

Download
memory/3264-2229-0x00007FF68CEC0000-0x00007FF68D211000-memory.dmp

Filesize
3.3MB

Download
memory/3268-120-0x00007FF664A60000-0x00007FF664DB1000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2305-0x00007FF664A60000-0x00007FF664DB1000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2255-0x00007FF664A60000-0x00007FF664DB1000-memory.dmp

Filesize
3.3MB

Download
memory/3652-158-0x00007FF662F40000-0x00007FF663291000-memory.dmp

Filesize
3.3MB

Download
memory/3652-2265-0x00007FF662F40000-0x00007FF663291000-memory.dmp

Filesize
3.3MB

Download
memory/3652-2311-0x00007FF662F40000-0x00007FF663291000-memory.dmp

Filesize
3.3MB

Download
memory/3684-1809-0x00007FF798830000-0x00007FF798B81000-memory.dmp

Filesize
3.3MB

Download
memory/3684-100-0x00007FF798830000-0x00007FF798B81000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2303-0x00007FF798830000-0x00007FF798B81000-memory.dmp

Filesize
3.3MB

Download
memory/3756-16-0x00007FF660380000-0x00007FF6606D1000-memory.dmp

Filesize
3.3MB

Download
memory/3756-132-0x00007FF660380000-0x00007FF6606D1000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2270-0x00007FF660380000-0x00007FF6606D1000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2325-0x00007FF7679D0000-0x00007FF767D21000-memory.dmp

Filesize
3.3MB

Download
memory/4072-171-0x00007FF7679D0000-0x00007FF767D21000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2266-0x00007FF7679D0000-0x00007FF767D21000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2277-0x00007FF751780000-0x00007FF751AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4128-35-0x00007FF751780000-0x00007FF751AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2317-0x00007FF789F30000-0x00007FF78A281000-memory.dmp

Filesize
3.3MB

Download
memory/4368-165-0x00007FF789F30000-0x00007FF78A281000-memory.dmp

Filesize
3.3MB

Download
memory/4392-2327-0x00007FF6D3200000-0x00007FF6D3551000-memory.dmp

Filesize
3.3MB

Download
memory/4392-133-0x00007FF6D3200000-0x00007FF6D3551000-memory.dmp

Filesize
3.3MB

Download
memory/4392-2263-0x00007FF6D3200000-0x00007FF6D3551000-memory.dmp

Filesize
3.3MB

Download
memory/4696-191-0x00007FF7348A0000-0x00007FF734BF1000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2313-0x00007FF7348A0000-0x00007FF734BF1000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2264-0x00007FF6B4460000-0x00007FF6B47B1000-memory.dmp

Filesize
3.3MB

Download
memory/4988-152-0x00007FF6B4460000-0x00007FF6B47B1000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2322-0x00007FF6B4460000-0x00007FF6B47B1000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2301-0x00007FF61CD80000-0x00007FF61D0D1000-memory.dmp

Filesize
3.3MB

Download
memory/5056-109-0x00007FF61CD80000-0x00007FF61D0D1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads