xmrig | 914444d8ea45e467594f37aaff80bda50873b3debf2bee1c0839f4fa7e0208f0

Analysis

max time kernel
102s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 15:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dd0e3d006e353924577859987f25f5c0N.exe
Size

1.2MB
MD5

dd0e3d006e353924577859987f25f5c0
SHA1

d9dbf4b91d5c97ca94cf32aab5bb2a9a2078de66
SHA256

914444d8ea45e467594f37aaff80bda50873b3debf2bee1c0839f4fa7e0208f0
SHA512

db9e66f291f68caa64c6add239c468e03e485fad1156ef9538de7900dd41cf4fb9e05bb3cbba095473a5e8cb3c806f78e5491886ced62c226eeeb4bf4d6b1098
SSDEEP

24576:RVIl/WDGCi7/qkat6zqxG2Z9mIhQvq8wd7sNE6phFr56Ozq6gY71smJJnGaS:ROdWCCi7/raWMmSdp2P5v3P9i

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/1708-400-0x00007FF687650000-0x00007FF6879A1000-memory.dmp	xmrig
behavioral2/memory/4336-402-0x00007FF7553A0000-0x00007FF7556F1000-memory.dmp	xmrig
behavioral2/memory/3452-403-0x00007FF747240000-0x00007FF747591000-memory.dmp	xmrig
behavioral2/memory/4088-404-0x00007FF64EB80000-0x00007FF64EED1000-memory.dmp	xmrig
behavioral2/memory/3428-58-0x00007FF6112A0000-0x00007FF6115F1000-memory.dmp	xmrig
behavioral2/memory/2524-405-0x00007FF7AE240000-0x00007FF7AE591000-memory.dmp	xmrig
behavioral2/memory/1216-46-0x00007FF7D85C0000-0x00007FF7D8911000-memory.dmp	xmrig
behavioral2/memory/2612-427-0x00007FF7A8070000-0x00007FF7A83C1000-memory.dmp	xmrig
behavioral2/memory/2012-441-0x00007FF78B3D0000-0x00007FF78B721000-memory.dmp	xmrig
behavioral2/memory/3176-447-0x00007FF6FCC00000-0x00007FF6FCF51000-memory.dmp	xmrig
behavioral2/memory/2152-462-0x00007FF7FEBB0000-0x00007FF7FEF01000-memory.dmp	xmrig
behavioral2/memory/4148-477-0x00007FF6E9FE0000-0x00007FF6EA331000-memory.dmp	xmrig
behavioral2/memory/1976-483-0x00007FF72D490000-0x00007FF72D7E1000-memory.dmp	xmrig
behavioral2/memory/2792-501-0x00007FF7561E0000-0x00007FF756531000-memory.dmp	xmrig
behavioral2/memory/4532-504-0x00007FF7CD8E0000-0x00007FF7CDC31000-memory.dmp	xmrig
behavioral2/memory/3140-498-0x00007FF763FE0000-0x00007FF764331000-memory.dmp	xmrig
behavioral2/memory/3068-495-0x00007FF784D40000-0x00007FF785091000-memory.dmp	xmrig
behavioral2/memory/2452-456-0x00007FF7D6400000-0x00007FF7D6751000-memory.dmp	xmrig
behavioral2/memory/3208-453-0x00007FF6E94E0000-0x00007FF6E9831000-memory.dmp	xmrig
behavioral2/memory/3944-436-0x00007FF782340000-0x00007FF782691000-memory.dmp	xmrig
behavioral2/memory/2660-435-0x00007FF6D8EF0000-0x00007FF6D9241000-memory.dmp	xmrig
behavioral2/memory/3928-414-0x00007FF7994B0000-0x00007FF799801000-memory.dmp	xmrig
behavioral2/memory/1176-2012-0x00007FF77C010000-0x00007FF77C361000-memory.dmp	xmrig
behavioral2/memory/4164-2193-0x00007FF7165E0000-0x00007FF716931000-memory.dmp	xmrig
behavioral2/memory/2756-2194-0x00007FF749030000-0x00007FF749381000-memory.dmp	xmrig
behavioral2/memory/4496-2207-0x00007FF6E6DC0000-0x00007FF6E7111000-memory.dmp	xmrig
behavioral2/memory/2820-2208-0x00007FF73BC90000-0x00007FF73BFE1000-memory.dmp	xmrig
behavioral2/memory/3572-2229-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp	xmrig
behavioral2/memory/2320-2230-0x00007FF6B5E10000-0x00007FF6B6161000-memory.dmp	xmrig
behavioral2/memory/4164-2249-0x00007FF7165E0000-0x00007FF716931000-memory.dmp	xmrig
behavioral2/memory/2984-2251-0x00007FF619240000-0x00007FF619591000-memory.dmp	xmrig
behavioral2/memory/4496-2253-0x00007FF6E6DC0000-0x00007FF6E7111000-memory.dmp	xmrig
behavioral2/memory/1216-2261-0x00007FF7D85C0000-0x00007FF7D8911000-memory.dmp	xmrig
behavioral2/memory/2820-2259-0x00007FF73BC90000-0x00007FF73BFE1000-memory.dmp	xmrig
behavioral2/memory/2756-2258-0x00007FF749030000-0x00007FF749381000-memory.dmp	xmrig
behavioral2/memory/3428-2256-0x00007FF6112A0000-0x00007FF6115F1000-memory.dmp	xmrig
behavioral2/memory/1708-2263-0x00007FF687650000-0x00007FF6879A1000-memory.dmp	xmrig
behavioral2/memory/3928-2279-0x00007FF7994B0000-0x00007FF799801000-memory.dmp	xmrig
behavioral2/memory/3572-2265-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp	xmrig
behavioral2/memory/2320-2269-0x00007FF6B5E10000-0x00007FF6B6161000-memory.dmp	xmrig
behavioral2/memory/4532-2267-0x00007FF7CD8E0000-0x00007FF7CDC31000-memory.dmp	xmrig
behavioral2/memory/3452-2277-0x00007FF747240000-0x00007FF747591000-memory.dmp	xmrig
behavioral2/memory/4088-2275-0x00007FF64EB80000-0x00007FF64EED1000-memory.dmp	xmrig
behavioral2/memory/4336-2273-0x00007FF7553A0000-0x00007FF7556F1000-memory.dmp	xmrig
behavioral2/memory/2524-2271-0x00007FF7AE240000-0x00007FF7AE591000-memory.dmp	xmrig
behavioral2/memory/1976-2311-0x00007FF72D490000-0x00007FF72D7E1000-memory.dmp	xmrig
behavioral2/memory/3140-2308-0x00007FF763FE0000-0x00007FF764331000-memory.dmp	xmrig
behavioral2/memory/2792-2305-0x00007FF7561E0000-0x00007FF756531000-memory.dmp	xmrig
behavioral2/memory/2452-2295-0x00007FF7D6400000-0x00007FF7D6751000-memory.dmp	xmrig
behavioral2/memory/3068-2291-0x00007FF784D40000-0x00007FF785091000-memory.dmp	xmrig
behavioral2/memory/4148-2313-0x00007FF6E9FE0000-0x00007FF6EA331000-memory.dmp	xmrig
behavioral2/memory/2152-2289-0x00007FF7FEBB0000-0x00007FF7FEF01000-memory.dmp	xmrig
behavioral2/memory/3176-2299-0x00007FF6FCC00000-0x00007FF6FCF51000-memory.dmp	xmrig
behavioral2/memory/3208-2297-0x00007FF6E94E0000-0x00007FF6E9831000-memory.dmp	xmrig
behavioral2/memory/3944-2287-0x00007FF782340000-0x00007FF782691000-memory.dmp	xmrig
behavioral2/memory/2612-2281-0x00007FF7A8070000-0x00007FF7A83C1000-memory.dmp	xmrig
behavioral2/memory/2660-2286-0x00007FF6D8EF0000-0x00007FF6D9241000-memory.dmp	xmrig
behavioral2/memory/2012-2283-0x00007FF78B3D0000-0x00007FF78B721000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4164	iddPfYy.exe
2984	FbyYIlt.exe
4496	IdCreUx.exe
2756	cxupncQ.exe
2820	SWPYLQF.exe
1216	xtqfVcF.exe
3428	vslysFm.exe
3572	QgtORGA.exe
1708	RqmTlzp.exe
2320	cafIEEl.exe
4532	QLLJNck.exe
4336	JHTOkcT.exe
3452	MMAwcIJ.exe
4088	HOsrywj.exe
2524	KerTRnT.exe
3928	mHBdcDy.exe
2612	XRSYzev.exe
2660	xWQCfga.exe
3944	BJYBSyz.exe
2012	ewFEtSD.exe
3176	nNaEpsB.exe
3208	DOWlXhB.exe
2452	SYnFAWw.exe
2152	VJVdzpw.exe
4148	lLPxhtg.exe
1976	MhPogcY.exe
3068	TXukJoA.exe
3140	eRmILVD.exe
2792	gSxcXoM.exe
5012	EaNKAYn.exe
940	vQFBXkg.exe
3644	FnGwnPN.exe
2868	WBSeqQO.exe
2376	qGjrOuJ.exe
1088	Gkzlhte.exe
2588	MLqrami.exe
2856	zpolini.exe
216	dGfXVuu.exe
3300	MMmyJbb.exe
1476	DuhdLOB.exe
3444	optGJQh.exe
4456	hqwsFOR.exe
4856	FANwarK.exe
4312	lQBHWPa.exe
4512	gFgnYkI.exe
4636	DHXFeRn.exe
1164	FkUaJgW.exe
1948	uPynFEh.exe
4616	JZjsmKL.exe
3432	GVtFOdZ.exe
1856	cpfvwVw.exe
1988	Kinghou.exe
4116	RLOylFZ.exe
844	KOIGTjO.exe
2276	ansIZTJ.exe
784	QilbfBV.exe
1284	OzByrrD.exe
3180	AezzoaR.exe
2492	bjDEyUn.exe
4388	jNATAoE.exe
4488	IXJuBYL.exe
4812	jVVYUvI.exe
3244	llelPBC.exe
3476	UIqrpSb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1176-0-0x00007FF77C010000-0x00007FF77C361000-memory.dmp	upx
behavioral2/files/0x0008000000023471-5.dat	upx
behavioral2/memory/4164-6-0x00007FF7165E0000-0x00007FF716931000-memory.dmp	upx
behavioral2/files/0x0007000000023476-8.dat	upx
behavioral2/files/0x0007000000023475-10.dat	upx
behavioral2/memory/2984-18-0x00007FF619240000-0x00007FF619591000-memory.dmp	upx
behavioral2/memory/4496-27-0x00007FF6E6DC0000-0x00007FF6E7111000-memory.dmp	upx
behavioral2/memory/2820-45-0x00007FF73BC90000-0x00007FF73BFE1000-memory.dmp	upx
behavioral2/files/0x000700000002347b-51.dat	upx
behavioral2/files/0x000700000002347c-55.dat	upx
behavioral2/memory/2320-63-0x00007FF6B5E10000-0x00007FF6B6161000-memory.dmp	upx
behavioral2/files/0x0007000000023480-78.dat	upx
behavioral2/files/0x0007000000023483-98.dat	upx
behavioral2/files/0x0007000000023486-113.dat	upx
behavioral2/files/0x0007000000023489-124.dat	upx
behavioral2/files/0x000700000002348a-135.dat	upx
behavioral2/files/0x000700000002348e-147.dat	upx
behavioral2/memory/1708-400-0x00007FF687650000-0x00007FF6879A1000-memory.dmp	upx
behavioral2/files/0x0007000000023493-172.dat	upx
behavioral2/memory/4336-402-0x00007FF7553A0000-0x00007FF7556F1000-memory.dmp	upx
behavioral2/files/0x0007000000023491-170.dat	upx
behavioral2/memory/3452-403-0x00007FF747240000-0x00007FF747591000-memory.dmp	upx
behavioral2/files/0x0007000000023492-167.dat	upx
behavioral2/files/0x0007000000023490-165.dat	upx
behavioral2/files/0x000700000002348f-160.dat	upx
behavioral2/memory/4088-404-0x00007FF64EB80000-0x00007FF64EED1000-memory.dmp	upx
behavioral2/files/0x000700000002348d-150.dat	upx
behavioral2/files/0x000700000002348c-145.dat	upx
behavioral2/files/0x000700000002348b-140.dat	upx
behavioral2/files/0x0007000000023488-122.dat	upx
behavioral2/files/0x0007000000023487-118.dat	upx
behavioral2/files/0x0007000000023485-108.dat	upx
behavioral2/files/0x0007000000023484-102.dat	upx
behavioral2/files/0x0007000000023482-90.dat	upx
behavioral2/files/0x0007000000023481-88.dat	upx
behavioral2/files/0x0008000000023472-83.dat	upx
behavioral2/files/0x000700000002347f-73.dat	upx
behavioral2/files/0x000700000002347e-68.dat	upx
behavioral2/files/0x000700000002347d-59.dat	upx
behavioral2/memory/3428-58-0x00007FF6112A0000-0x00007FF6115F1000-memory.dmp	upx
behavioral2/memory/2524-405-0x00007FF7AE240000-0x00007FF7AE591000-memory.dmp	upx
behavioral2/memory/3572-49-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp	upx
behavioral2/memory/1216-46-0x00007FF7D85C0000-0x00007FF7D8911000-memory.dmp	upx
behavioral2/files/0x000700000002347a-40.dat	upx
behavioral2/files/0x0007000000023479-37.dat	upx
behavioral2/files/0x0007000000023478-36.dat	upx
behavioral2/memory/2756-34-0x00007FF749030000-0x00007FF749381000-memory.dmp	upx
behavioral2/files/0x0007000000023477-32.dat	upx
behavioral2/memory/2612-427-0x00007FF7A8070000-0x00007FF7A83C1000-memory.dmp	upx
behavioral2/memory/2012-441-0x00007FF78B3D0000-0x00007FF78B721000-memory.dmp	upx
behavioral2/memory/3176-447-0x00007FF6FCC00000-0x00007FF6FCF51000-memory.dmp	upx
behavioral2/memory/2152-462-0x00007FF7FEBB0000-0x00007FF7FEF01000-memory.dmp	upx
behavioral2/memory/4148-477-0x00007FF6E9FE0000-0x00007FF6EA331000-memory.dmp	upx
behavioral2/memory/1976-483-0x00007FF72D490000-0x00007FF72D7E1000-memory.dmp	upx
behavioral2/memory/2792-501-0x00007FF7561E0000-0x00007FF756531000-memory.dmp	upx
behavioral2/memory/4532-504-0x00007FF7CD8E0000-0x00007FF7CDC31000-memory.dmp	upx
behavioral2/memory/3140-498-0x00007FF763FE0000-0x00007FF764331000-memory.dmp	upx
behavioral2/memory/3068-495-0x00007FF784D40000-0x00007FF785091000-memory.dmp	upx
behavioral2/memory/2452-456-0x00007FF7D6400000-0x00007FF7D6751000-memory.dmp	upx
behavioral2/memory/3208-453-0x00007FF6E94E0000-0x00007FF6E9831000-memory.dmp	upx
behavioral2/memory/3944-436-0x00007FF782340000-0x00007FF782691000-memory.dmp	upx
behavioral2/memory/2660-435-0x00007FF6D8EF0000-0x00007FF6D9241000-memory.dmp	upx
behavioral2/memory/3928-414-0x00007FF7994B0000-0x00007FF799801000-memory.dmp	upx
behavioral2/memory/1176-2012-0x00007FF77C010000-0x00007FF77C361000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vZCAVRM.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\XrcCTQL.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\XbBIWIM.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\MTfhfwD.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\stwfQkf.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\RSVoqeI.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\NazOQlq.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\fQirFWw.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\Kinghou.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\brWytgP.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\qcFfAOq.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\wlwVjyw.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\vVwxqEr.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\bqZeOQw.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\QCFssUK.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\vNAxeON.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\UZikZRq.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\jepYzhr.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\AyPyufq.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\EEjPhQy.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\BrZoVTH.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\RSCcUKq.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\QfQFGwN.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\SYnFAWw.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\SYkpkla.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\VJBYCDG.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\DFKinbi.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\BdDGzhM.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\MNpeGgg.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\HZpjPsF.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\VzKFQsc.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\tGFlPPg.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\nNaEpsB.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\IRmdWYB.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\QWbBqys.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\oIcSMWa.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\vMGXGha.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\TIUycpL.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\PPsIdrz.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\xfMWgEj.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\RLBKkZS.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\LSlZKuz.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\lyGROPl.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\bSoQMZg.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\ZSdZpOV.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\dYsYgra.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\UdyNqnp.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\xfTDoeX.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\qxKYgof.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\jvNhTIR.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\lCLomgA.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\KbDLtsv.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\DYZadlu.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\PqnemeI.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\EaNKAYn.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\UvorIZA.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\VBMXWFl.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\JNrSHWp.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\vbttcNA.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\WBSeqQO.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\sgxQorG.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\nqqLofG.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\MMAwcIJ.exe	dd0e3d006e353924577859987f25f5c0N.exe
File created	C:\Windows\System\XRSYzev.exe	dd0e3d006e353924577859987f25f5c0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13888	dwm.exe
Token: SeChangeNotifyPrivilege	13888	dwm.exe
Token: 33	13888	dwm.exe
Token: SeIncBasePriorityPrivilege	13888	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 4164	1176	dd0e3d006e353924577859987f25f5c0N.exe	85
PID 1176 wrote to memory of 4164	1176	dd0e3d006e353924577859987f25f5c0N.exe	85
PID 1176 wrote to memory of 2984	1176	dd0e3d006e353924577859987f25f5c0N.exe	86
PID 1176 wrote to memory of 2984	1176	dd0e3d006e353924577859987f25f5c0N.exe	86
PID 1176 wrote to memory of 4496	1176	dd0e3d006e353924577859987f25f5c0N.exe	87
PID 1176 wrote to memory of 4496	1176	dd0e3d006e353924577859987f25f5c0N.exe	87
PID 1176 wrote to memory of 2756	1176	dd0e3d006e353924577859987f25f5c0N.exe	88
PID 1176 wrote to memory of 2756	1176	dd0e3d006e353924577859987f25f5c0N.exe	88
PID 1176 wrote to memory of 2820	1176	dd0e3d006e353924577859987f25f5c0N.exe	89
PID 1176 wrote to memory of 2820	1176	dd0e3d006e353924577859987f25f5c0N.exe	89
PID 1176 wrote to memory of 1216	1176	dd0e3d006e353924577859987f25f5c0N.exe	90
PID 1176 wrote to memory of 1216	1176	dd0e3d006e353924577859987f25f5c0N.exe	90
PID 1176 wrote to memory of 3428	1176	dd0e3d006e353924577859987f25f5c0N.exe	91
PID 1176 wrote to memory of 3428	1176	dd0e3d006e353924577859987f25f5c0N.exe	91
PID 1176 wrote to memory of 3572	1176	dd0e3d006e353924577859987f25f5c0N.exe	92
PID 1176 wrote to memory of 3572	1176	dd0e3d006e353924577859987f25f5c0N.exe	92
PID 1176 wrote to memory of 1708	1176	dd0e3d006e353924577859987f25f5c0N.exe	93
PID 1176 wrote to memory of 1708	1176	dd0e3d006e353924577859987f25f5c0N.exe	93
PID 1176 wrote to memory of 2320	1176	dd0e3d006e353924577859987f25f5c0N.exe	94
PID 1176 wrote to memory of 2320	1176	dd0e3d006e353924577859987f25f5c0N.exe	94
PID 1176 wrote to memory of 4532	1176	dd0e3d006e353924577859987f25f5c0N.exe	95
PID 1176 wrote to memory of 4532	1176	dd0e3d006e353924577859987f25f5c0N.exe	95
PID 1176 wrote to memory of 4336	1176	dd0e3d006e353924577859987f25f5c0N.exe	96
PID 1176 wrote to memory of 4336	1176	dd0e3d006e353924577859987f25f5c0N.exe	96
PID 1176 wrote to memory of 3452	1176	dd0e3d006e353924577859987f25f5c0N.exe	97
PID 1176 wrote to memory of 3452	1176	dd0e3d006e353924577859987f25f5c0N.exe	97
PID 1176 wrote to memory of 4088	1176	dd0e3d006e353924577859987f25f5c0N.exe	98
PID 1176 wrote to memory of 4088	1176	dd0e3d006e353924577859987f25f5c0N.exe	98
PID 1176 wrote to memory of 2524	1176	dd0e3d006e353924577859987f25f5c0N.exe	99
PID 1176 wrote to memory of 2524	1176	dd0e3d006e353924577859987f25f5c0N.exe	99
PID 1176 wrote to memory of 3928	1176	dd0e3d006e353924577859987f25f5c0N.exe	100
PID 1176 wrote to memory of 3928	1176	dd0e3d006e353924577859987f25f5c0N.exe	100
PID 1176 wrote to memory of 2612	1176	dd0e3d006e353924577859987f25f5c0N.exe	101
PID 1176 wrote to memory of 2612	1176	dd0e3d006e353924577859987f25f5c0N.exe	101
PID 1176 wrote to memory of 2660	1176	dd0e3d006e353924577859987f25f5c0N.exe	102
PID 1176 wrote to memory of 2660	1176	dd0e3d006e353924577859987f25f5c0N.exe	102
PID 1176 wrote to memory of 3944	1176	dd0e3d006e353924577859987f25f5c0N.exe	103
PID 1176 wrote to memory of 3944	1176	dd0e3d006e353924577859987f25f5c0N.exe	103
PID 1176 wrote to memory of 2012	1176	dd0e3d006e353924577859987f25f5c0N.exe	104
PID 1176 wrote to memory of 2012	1176	dd0e3d006e353924577859987f25f5c0N.exe	104
PID 1176 wrote to memory of 3176	1176	dd0e3d006e353924577859987f25f5c0N.exe	105
PID 1176 wrote to memory of 3176	1176	dd0e3d006e353924577859987f25f5c0N.exe	105
PID 1176 wrote to memory of 3208	1176	dd0e3d006e353924577859987f25f5c0N.exe	106
PID 1176 wrote to memory of 3208	1176	dd0e3d006e353924577859987f25f5c0N.exe	106
PID 1176 wrote to memory of 2452	1176	dd0e3d006e353924577859987f25f5c0N.exe	107
PID 1176 wrote to memory of 2452	1176	dd0e3d006e353924577859987f25f5c0N.exe	107
PID 1176 wrote to memory of 2152	1176	dd0e3d006e353924577859987f25f5c0N.exe	108
PID 1176 wrote to memory of 2152	1176	dd0e3d006e353924577859987f25f5c0N.exe	108
PID 1176 wrote to memory of 4148	1176	dd0e3d006e353924577859987f25f5c0N.exe	109
PID 1176 wrote to memory of 4148	1176	dd0e3d006e353924577859987f25f5c0N.exe	109
PID 1176 wrote to memory of 1976	1176	dd0e3d006e353924577859987f25f5c0N.exe	110
PID 1176 wrote to memory of 1976	1176	dd0e3d006e353924577859987f25f5c0N.exe	110
PID 1176 wrote to memory of 3068	1176	dd0e3d006e353924577859987f25f5c0N.exe	111
PID 1176 wrote to memory of 3068	1176	dd0e3d006e353924577859987f25f5c0N.exe	111
PID 1176 wrote to memory of 3140	1176	dd0e3d006e353924577859987f25f5c0N.exe	112
PID 1176 wrote to memory of 3140	1176	dd0e3d006e353924577859987f25f5c0N.exe	112
PID 1176 wrote to memory of 2792	1176	dd0e3d006e353924577859987f25f5c0N.exe	113
PID 1176 wrote to memory of 2792	1176	dd0e3d006e353924577859987f25f5c0N.exe	113
PID 1176 wrote to memory of 5012	1176	dd0e3d006e353924577859987f25f5c0N.exe	114
PID 1176 wrote to memory of 5012	1176	dd0e3d006e353924577859987f25f5c0N.exe	114
PID 1176 wrote to memory of 940	1176	dd0e3d006e353924577859987f25f5c0N.exe	115
PID 1176 wrote to memory of 940	1176	dd0e3d006e353924577859987f25f5c0N.exe	115
PID 1176 wrote to memory of 3644	1176	dd0e3d006e353924577859987f25f5c0N.exe	116
PID 1176 wrote to memory of 3644	1176	dd0e3d006e353924577859987f25f5c0N.exe	116

C:\Users\Admin\AppData\Local\Temp\dd0e3d006e353924577859987f25f5c0N.exe
"C:\Users\Admin\AppData\Local\Temp\dd0e3d006e353924577859987f25f5c0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\System\iddPfYy.exe
  C:\Windows\System\iddPfYy.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\FbyYIlt.exe
  C:\Windows\System\FbyYIlt.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\IdCreUx.exe
  C:\Windows\System\IdCreUx.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\cxupncQ.exe
  C:\Windows\System\cxupncQ.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\SWPYLQF.exe
  C:\Windows\System\SWPYLQF.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\xtqfVcF.exe
  C:\Windows\System\xtqfVcF.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\vslysFm.exe
  C:\Windows\System\vslysFm.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\QgtORGA.exe
  C:\Windows\System\QgtORGA.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\RqmTlzp.exe
  C:\Windows\System\RqmTlzp.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\cafIEEl.exe
  C:\Windows\System\cafIEEl.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\QLLJNck.exe
  C:\Windows\System\QLLJNck.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\JHTOkcT.exe
  C:\Windows\System\JHTOkcT.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\MMAwcIJ.exe
  C:\Windows\System\MMAwcIJ.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\HOsrywj.exe
  C:\Windows\System\HOsrywj.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\KerTRnT.exe
  C:\Windows\System\KerTRnT.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\mHBdcDy.exe
  C:\Windows\System\mHBdcDy.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\XRSYzev.exe
  C:\Windows\System\XRSYzev.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\xWQCfga.exe
  C:\Windows\System\xWQCfga.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\BJYBSyz.exe
  C:\Windows\System\BJYBSyz.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\ewFEtSD.exe
  C:\Windows\System\ewFEtSD.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\nNaEpsB.exe
  C:\Windows\System\nNaEpsB.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\DOWlXhB.exe
  C:\Windows\System\DOWlXhB.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\SYnFAWw.exe
  C:\Windows\System\SYnFAWw.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\VJVdzpw.exe
  C:\Windows\System\VJVdzpw.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\lLPxhtg.exe
  C:\Windows\System\lLPxhtg.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\MhPogcY.exe
  C:\Windows\System\MhPogcY.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\TXukJoA.exe
  C:\Windows\System\TXukJoA.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\eRmILVD.exe
  C:\Windows\System\eRmILVD.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\gSxcXoM.exe
  C:\Windows\System\gSxcXoM.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\EaNKAYn.exe
  C:\Windows\System\EaNKAYn.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\vQFBXkg.exe
  C:\Windows\System\vQFBXkg.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\FnGwnPN.exe
  C:\Windows\System\FnGwnPN.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\WBSeqQO.exe
  C:\Windows\System\WBSeqQO.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\qGjrOuJ.exe
  C:\Windows\System\qGjrOuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\Gkzlhte.exe
  C:\Windows\System\Gkzlhte.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\MLqrami.exe
  C:\Windows\System\MLqrami.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\zpolini.exe
  C:\Windows\System\zpolini.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\dGfXVuu.exe
  C:\Windows\System\dGfXVuu.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\MMmyJbb.exe
  C:\Windows\System\MMmyJbb.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\DuhdLOB.exe
  C:\Windows\System\DuhdLOB.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\optGJQh.exe
  C:\Windows\System\optGJQh.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\hqwsFOR.exe
  C:\Windows\System\hqwsFOR.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\FANwarK.exe
  C:\Windows\System\FANwarK.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\lQBHWPa.exe
  C:\Windows\System\lQBHWPa.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\gFgnYkI.exe
  C:\Windows\System\gFgnYkI.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\DHXFeRn.exe
  C:\Windows\System\DHXFeRn.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\FkUaJgW.exe
  C:\Windows\System\FkUaJgW.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\uPynFEh.exe
  C:\Windows\System\uPynFEh.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\JZjsmKL.exe
  C:\Windows\System\JZjsmKL.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\GVtFOdZ.exe
  C:\Windows\System\GVtFOdZ.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\cpfvwVw.exe
  C:\Windows\System\cpfvwVw.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\Kinghou.exe
  C:\Windows\System\Kinghou.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\RLOylFZ.exe
  C:\Windows\System\RLOylFZ.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\KOIGTjO.exe
  C:\Windows\System\KOIGTjO.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\ansIZTJ.exe
  C:\Windows\System\ansIZTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\QilbfBV.exe
  C:\Windows\System\QilbfBV.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\OzByrrD.exe
  C:\Windows\System\OzByrrD.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\AezzoaR.exe
  C:\Windows\System\AezzoaR.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\bjDEyUn.exe
  C:\Windows\System\bjDEyUn.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\jNATAoE.exe
  C:\Windows\System\jNATAoE.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\IXJuBYL.exe
  C:\Windows\System\IXJuBYL.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\jVVYUvI.exe
  C:\Windows\System\jVVYUvI.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\llelPBC.exe
  C:\Windows\System\llelPBC.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\UIqrpSb.exe
  C:\Windows\System\UIqrpSb.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\jepYzhr.exe
  C:\Windows\System\jepYzhr.exe
  2⤵
  PID:5044
- C:\Windows\System\HZpjPsF.exe
  C:\Windows\System\HZpjPsF.exe
  2⤵
  PID:4024
- C:\Windows\System\UkqOgJX.exe
  C:\Windows\System\UkqOgJX.exe
  2⤵
  PID:3920
- C:\Windows\System\fAslqRy.exe
  C:\Windows\System\fAslqRy.exe
  2⤵
  PID:1508
- C:\Windows\System\VNlVIyN.exe
  C:\Windows\System\VNlVIyN.exe
  2⤵
  PID:1644
- C:\Windows\System\PKPPtYw.exe
  C:\Windows\System\PKPPtYw.exe
  2⤵
  PID:2700
- C:\Windows\System\mAkYJZg.exe
  C:\Windows\System\mAkYJZg.exe
  2⤵
  PID:3440
- C:\Windows\System\VmEdfhd.exe
  C:\Windows\System\VmEdfhd.exe
  2⤵
  PID:4768
- C:\Windows\System\bKzObgf.exe
  C:\Windows\System\bKzObgf.exe
  2⤵
  PID:5128
- C:\Windows\System\pYgRubJ.exe
  C:\Windows\System\pYgRubJ.exe
  2⤵
  PID:5156
- C:\Windows\System\TETvGTG.exe
  C:\Windows\System\TETvGTG.exe
  2⤵
  PID:5188
- C:\Windows\System\abiixqR.exe
  C:\Windows\System\abiixqR.exe
  2⤵
  PID:5212
- C:\Windows\System\JghSQhI.exe
  C:\Windows\System\JghSQhI.exe
  2⤵
  PID:5240
- C:\Windows\System\rltEEjS.exe
  C:\Windows\System\rltEEjS.exe
  2⤵
  PID:5268
- C:\Windows\System\hYpzrAP.exe
  C:\Windows\System\hYpzrAP.exe
  2⤵
  PID:5296
- C:\Windows\System\IIltoQV.exe
  C:\Windows\System\IIltoQV.exe
  2⤵
  PID:5324
- C:\Windows\System\sDFhcVD.exe
  C:\Windows\System\sDFhcVD.exe
  2⤵
  PID:5352
- C:\Windows\System\GKpWORG.exe
  C:\Windows\System\GKpWORG.exe
  2⤵
  PID:5380
- C:\Windows\System\NQYEHXH.exe
  C:\Windows\System\NQYEHXH.exe
  2⤵
  PID:5408
- C:\Windows\System\zTFTwOF.exe
  C:\Windows\System\zTFTwOF.exe
  2⤵
  PID:5432
- C:\Windows\System\UiNtKvt.exe
  C:\Windows\System\UiNtKvt.exe
  2⤵
  PID:5464
- C:\Windows\System\pYCZOjH.exe
  C:\Windows\System\pYCZOjH.exe
  2⤵
  PID:5496
- C:\Windows\System\ujOhglA.exe
  C:\Windows\System\ujOhglA.exe
  2⤵
  PID:5520
- C:\Windows\System\owaZGqi.exe
  C:\Windows\System\owaZGqi.exe
  2⤵
  PID:5552
- C:\Windows\System\kllCOhK.exe
  C:\Windows\System\kllCOhK.exe
  2⤵
  PID:5576
- C:\Windows\System\kPnGoiF.exe
  C:\Windows\System\kPnGoiF.exe
  2⤵
  PID:5604
- C:\Windows\System\QmOIkSn.exe
  C:\Windows\System\QmOIkSn.exe
  2⤵
  PID:5632
- C:\Windows\System\TriKTNw.exe
  C:\Windows\System\TriKTNw.exe
  2⤵
  PID:5660
- C:\Windows\System\LvsUMcE.exe
  C:\Windows\System\LvsUMcE.exe
  2⤵
  PID:5688
- C:\Windows\System\YEnFBiZ.exe
  C:\Windows\System\YEnFBiZ.exe
  2⤵
  PID:5716
- C:\Windows\System\OnTBTDW.exe
  C:\Windows\System\OnTBTDW.exe
  2⤵
  PID:5748
- C:\Windows\System\LZjEqSo.exe
  C:\Windows\System\LZjEqSo.exe
  2⤵
  PID:5772
- C:\Windows\System\nveWkPG.exe
  C:\Windows\System\nveWkPG.exe
  2⤵
  PID:5800
- C:\Windows\System\uGZmXjQ.exe
  C:\Windows\System\uGZmXjQ.exe
  2⤵
  PID:5832
- C:\Windows\System\jpKkeJA.exe
  C:\Windows\System\jpKkeJA.exe
  2⤵
  PID:5856
- C:\Windows\System\VbJbrNf.exe
  C:\Windows\System\VbJbrNf.exe
  2⤵
  PID:5888
- C:\Windows\System\vZCAVRM.exe
  C:\Windows\System\vZCAVRM.exe
  2⤵
  PID:5912
- C:\Windows\System\drFybYY.exe
  C:\Windows\System\drFybYY.exe
  2⤵
  PID:5944
- C:\Windows\System\WoUWmWB.exe
  C:\Windows\System\WoUWmWB.exe
  2⤵
  PID:5968
- C:\Windows\System\WdakMfa.exe
  C:\Windows\System\WdakMfa.exe
  2⤵
  PID:5996
- C:\Windows\System\CoKXDxn.exe
  C:\Windows\System\CoKXDxn.exe
  2⤵
  PID:6024
- C:\Windows\System\GAdHMSC.exe
  C:\Windows\System\GAdHMSC.exe
  2⤵
  PID:6056
- C:\Windows\System\kLmNhqM.exe
  C:\Windows\System\kLmNhqM.exe
  2⤵
  PID:6080
- C:\Windows\System\EfARfZl.exe
  C:\Windows\System\EfARfZl.exe
  2⤵
  PID:6112
- C:\Windows\System\XrcCTQL.exe
  C:\Windows\System\XrcCTQL.exe
  2⤵
  PID:6136
- C:\Windows\System\iRcwYzz.exe
  C:\Windows\System\iRcwYzz.exe
  2⤵
  PID:4504
- C:\Windows\System\pbQdtvk.exe
  C:\Windows\System\pbQdtvk.exe
  2⤵
  PID:3296
- C:\Windows\System\wbntifZ.exe
  C:\Windows\System\wbntifZ.exe
  2⤵
  PID:4608
- C:\Windows\System\fLUMBCZ.exe
  C:\Windows\System\fLUMBCZ.exe
  2⤵
  PID:5172
- C:\Windows\System\UvxWXZF.exe
  C:\Windows\System\UvxWXZF.exe
  2⤵
  PID:5208
- C:\Windows\System\KWBCzRc.exe
  C:\Windows\System\KWBCzRc.exe
  2⤵
  PID:5252
- C:\Windows\System\YyYraTL.exe
  C:\Windows\System\YyYraTL.exe
  2⤵
  PID:5284
- C:\Windows\System\RLquEMT.exe
  C:\Windows\System\RLquEMT.exe
  2⤵
  PID:5312
- C:\Windows\System\BRKOAne.exe
  C:\Windows\System\BRKOAne.exe
  2⤵
  PID:5372
- C:\Windows\System\ZdnaBpW.exe
  C:\Windows\System\ZdnaBpW.exe
  2⤵
  PID:5424
- C:\Windows\System\RQwvdoC.exe
  C:\Windows\System\RQwvdoC.exe
  2⤵
  PID:5484
- C:\Windows\System\UQKIAbZ.exe
  C:\Windows\System\UQKIAbZ.exe
  2⤵
  PID:5588
- C:\Windows\System\QbrEBBo.exe
  C:\Windows\System\QbrEBBo.exe
  2⤵
  PID:5672
- C:\Windows\System\kSvWyqM.exe
  C:\Windows\System\kSvWyqM.exe
  2⤵
  PID:5728
- C:\Windows\System\zHzrVBe.exe
  C:\Windows\System\zHzrVBe.exe
  2⤵
  PID:3144
- C:\Windows\System\VfDzdLb.exe
  C:\Windows\System\VfDzdLb.exe
  2⤵
  PID:5820
- C:\Windows\System\menBVJD.exe
  C:\Windows\System\menBVJD.exe
  2⤵
  PID:5868
- C:\Windows\System\xmWFBKH.exe
  C:\Windows\System\xmWFBKH.exe
  2⤵
  PID:5896
- C:\Windows\System\LSlZKuz.exe
  C:\Windows\System\LSlZKuz.exe
  2⤵
  PID:4480
- C:\Windows\System\uwfLaKG.exe
  C:\Windows\System\uwfLaKG.exe
  2⤵
  PID:1732
- C:\Windows\System\uUCunAX.exe
  C:\Windows\System\uUCunAX.exe
  2⤵
  PID:5964
- C:\Windows\System\QDXfEDU.exe
  C:\Windows\System\QDXfEDU.exe
  2⤵
  PID:5984
- C:\Windows\System\xBlkNhF.exe
  C:\Windows\System\xBlkNhF.exe
  2⤵
  PID:4872
- C:\Windows\System\lcUygJt.exe
  C:\Windows\System\lcUygJt.exe
  2⤵
  PID:4464
- C:\Windows\System\IRmdWYB.exe
  C:\Windows\System\IRmdWYB.exe
  2⤵
  PID:4080
- C:\Windows\System\ozyRaoG.exe
  C:\Windows\System\ozyRaoG.exe
  2⤵
  PID:2800
- C:\Windows\System\GDHdjJo.exe
  C:\Windows\System\GDHdjJo.exe
  2⤵
  PID:1048
- C:\Windows\System\YXMAJUG.exe
  C:\Windows\System\YXMAJUG.exe
  2⤵
  PID:3320
- C:\Windows\System\CixSzfM.exe
  C:\Windows\System\CixSzfM.exe
  2⤵
  PID:4540
- C:\Windows\System\lPZumvy.exe
  C:\Windows\System\lPZumvy.exe
  2⤵
  PID:3612
- C:\Windows\System\chQaybB.exe
  C:\Windows\System\chQaybB.exe
  2⤵
  PID:1860
- C:\Windows\System\aTouCFy.exe
  C:\Windows\System\aTouCFy.exe
  2⤵
  PID:3628
- C:\Windows\System\oOGhjCi.exe
  C:\Windows\System\oOGhjCi.exe
  2⤵
  PID:3972
- C:\Windows\System\aMTxhtN.exe
  C:\Windows\System\aMTxhtN.exe
  2⤵
  PID:3336
- C:\Windows\System\hdjFeAC.exe
  C:\Windows\System\hdjFeAC.exe
  2⤵
  PID:5124
- C:\Windows\System\OuUlhXT.exe
  C:\Windows\System\OuUlhXT.exe
  2⤵
  PID:5204
- C:\Windows\System\urkbjYd.exe
  C:\Windows\System\urkbjYd.exe
  2⤵
  PID:5344
- C:\Windows\System\BytzRuf.exe
  C:\Windows\System\BytzRuf.exe
  2⤵
  PID:5516
- C:\Windows\System\SXncnyQ.exe
  C:\Windows\System\SXncnyQ.exe
  2⤵
  PID:1384
- C:\Windows\System\ZihvJYN.exe
  C:\Windows\System\ZihvJYN.exe
  2⤵
  PID:3504
- C:\Windows\System\yEKolxB.exe
  C:\Windows\System\yEKolxB.exe
  2⤵
  PID:5924
- C:\Windows\System\sgxQorG.exe
  C:\Windows\System\sgxQorG.exe
  2⤵
  PID:5980
- C:\Windows\System\LgHyPwO.exe
  C:\Windows\System\LgHyPwO.exe
  2⤵
  PID:748
- C:\Windows\System\VBuKPYQ.exe
  C:\Windows\System\VBuKPYQ.exe
  2⤵
  PID:6008
- C:\Windows\System\kEoRuJB.exe
  C:\Windows\System\kEoRuJB.exe
  2⤵
  PID:972
- C:\Windows\System\qcGWFhy.exe
  C:\Windows\System\qcGWFhy.exe
  2⤵
  PID:4788
- C:\Windows\System\OXlTcmb.exe
  C:\Windows\System\OXlTcmb.exe
  2⤵
  PID:1352
- C:\Windows\System\qpZgzmr.exe
  C:\Windows\System\qpZgzmr.exe
  2⤵
  PID:3788
- C:\Windows\System\CbcPWfI.exe
  C:\Windows\System\CbcPWfI.exe
  2⤵
  PID:340
- C:\Windows\System\yEYQPCG.exe
  C:\Windows\System\yEYQPCG.exe
  2⤵
  PID:4136
- C:\Windows\System\mXeFYjJ.exe
  C:\Windows\System\mXeFYjJ.exe
  2⤵
  PID:2016
- C:\Windows\System\TxyIhpj.exe
  C:\Windows\System\TxyIhpj.exe
  2⤵
  PID:5364
- C:\Windows\System\iGUaDSO.exe
  C:\Windows\System\iGUaDSO.exe
  2⤵
  PID:5340
- C:\Windows\System\qJdZNXM.exe
  C:\Windows\System\qJdZNXM.exe
  2⤵
  PID:5476
- C:\Windows\System\TwPFwzg.exe
  C:\Windows\System\TwPFwzg.exe
  2⤵
  PID:3880
- C:\Windows\System\fciQGpd.exe
  C:\Windows\System\fciQGpd.exe
  2⤵
  PID:4012
- C:\Windows\System\vTSYqNX.exe
  C:\Windows\System\vTSYqNX.exe
  2⤵
  PID:3652
- C:\Windows\System\rBZAHuE.exe
  C:\Windows\System\rBZAHuE.exe
  2⤵
  PID:1752
- C:\Windows\System\SEfgwCl.exe
  C:\Windows\System\SEfgwCl.exe
  2⤵
  PID:4440
- C:\Windows\System\dglqlBD.exe
  C:\Windows\System\dglqlBD.exe
  2⤵
  PID:3640
- C:\Windows\System\AyPyufq.exe
  C:\Windows\System\AyPyufq.exe
  2⤵
  PID:4668
- C:\Windows\System\iTsSFTz.exe
  C:\Windows\System\iTsSFTz.exe
  2⤵
  PID:4884
- C:\Windows\System\ezedtWF.exe
  C:\Windows\System\ezedtWF.exe
  2⤵
  PID:5196
- C:\Windows\System\qMdGhjB.exe
  C:\Windows\System\qMdGhjB.exe
  2⤵
  PID:6064
- C:\Windows\System\mBAKHWg.exe
  C:\Windows\System\mBAKHWg.exe
  2⤵
  PID:5228
- C:\Windows\System\nLHncaU.exe
  C:\Windows\System\nLHncaU.exe
  2⤵
  PID:6160
- C:\Windows\System\VEpvOzw.exe
  C:\Windows\System\VEpvOzw.exe
  2⤵
  PID:6196
- C:\Windows\System\WEsLBzl.exe
  C:\Windows\System\WEsLBzl.exe
  2⤵
  PID:6216
- C:\Windows\System\PRXvzOL.exe
  C:\Windows\System\PRXvzOL.exe
  2⤵
  PID:6232
- C:\Windows\System\AypKNyn.exe
  C:\Windows\System\AypKNyn.exe
  2⤵
  PID:6280
- C:\Windows\System\UvorIZA.exe
  C:\Windows\System\UvorIZA.exe
  2⤵
  PID:6308
- C:\Windows\System\WbzOkpY.exe
  C:\Windows\System\WbzOkpY.exe
  2⤵
  PID:6344
- C:\Windows\System\fqbIgGj.exe
  C:\Windows\System\fqbIgGj.exe
  2⤵
  PID:6364
- C:\Windows\System\mIuCxvN.exe
  C:\Windows\System\mIuCxvN.exe
  2⤵
  PID:6384
- C:\Windows\System\vFgIthG.exe
  C:\Windows\System\vFgIthG.exe
  2⤵
  PID:6440
- C:\Windows\System\QWbBqys.exe
  C:\Windows\System\QWbBqys.exe
  2⤵
  PID:6460
- C:\Windows\System\oIcSMWa.exe
  C:\Windows\System\oIcSMWa.exe
  2⤵
  PID:6504
- C:\Windows\System\BVwSVmg.exe
  C:\Windows\System\BVwSVmg.exe
  2⤵
  PID:6520
- C:\Windows\System\tCqdNdC.exe
  C:\Windows\System\tCqdNdC.exe
  2⤵
  PID:6552
- C:\Windows\System\qqacvYx.exe
  C:\Windows\System\qqacvYx.exe
  2⤵
  PID:6584
- C:\Windows\System\DQvQrOn.exe
  C:\Windows\System\DQvQrOn.exe
  2⤵
  PID:6604
- C:\Windows\System\yAFjeXa.exe
  C:\Windows\System\yAFjeXa.exe
  2⤵
  PID:6624
- C:\Windows\System\lfQMowO.exe
  C:\Windows\System\lfQMowO.exe
  2⤵
  PID:6644
- C:\Windows\System\TzdZRGV.exe
  C:\Windows\System\TzdZRGV.exe
  2⤵
  PID:6672
- C:\Windows\System\waAHuWN.exe
  C:\Windows\System\waAHuWN.exe
  2⤵
  PID:6688
- C:\Windows\System\UxgXefo.exe
  C:\Windows\System\UxgXefo.exe
  2⤵
  PID:6720
- C:\Windows\System\kYZJsNp.exe
  C:\Windows\System\kYZJsNp.exe
  2⤵
  PID:6736
- C:\Windows\System\lTkVGZQ.exe
  C:\Windows\System\lTkVGZQ.exe
  2⤵
  PID:6812
- C:\Windows\System\oBBafzy.exe
  C:\Windows\System\oBBafzy.exe
  2⤵
  PID:6828
- C:\Windows\System\TmjxfnS.exe
  C:\Windows\System\TmjxfnS.exe
  2⤵
  PID:6856
- C:\Windows\System\QsTRquv.exe
  C:\Windows\System\QsTRquv.exe
  2⤵
  PID:6880
- C:\Windows\System\aGvJUkj.exe
  C:\Windows\System\aGvJUkj.exe
  2⤵
  PID:6900
- C:\Windows\System\zwsXNlJ.exe
  C:\Windows\System\zwsXNlJ.exe
  2⤵
  PID:6924
- C:\Windows\System\bzrubEC.exe
  C:\Windows\System\bzrubEC.exe
  2⤵
  PID:6944
- C:\Windows\System\ZNtUkkx.exe
  C:\Windows\System\ZNtUkkx.exe
  2⤵
  PID:6964
- C:\Windows\System\XuDeHqn.exe
  C:\Windows\System\XuDeHqn.exe
  2⤵
  PID:6984
- C:\Windows\System\gpFcJgv.exe
  C:\Windows\System\gpFcJgv.exe
  2⤵
  PID:7008
- C:\Windows\System\VpLSfiD.exe
  C:\Windows\System\VpLSfiD.exe
  2⤵
  PID:7032
- C:\Windows\System\XxirSRb.exe
  C:\Windows\System\XxirSRb.exe
  2⤵
  PID:7048
- C:\Windows\System\aXtHztJ.exe
  C:\Windows\System\aXtHztJ.exe
  2⤵
  PID:7092
- C:\Windows\System\riIReUU.exe
  C:\Windows\System\riIReUU.exe
  2⤵
  PID:7156
- C:\Windows\System\GQAzeWp.exe
  C:\Windows\System\GQAzeWp.exe
  2⤵
  PID:6156
- C:\Windows\System\nNJsXeE.exe
  C:\Windows\System\nNJsXeE.exe
  2⤵
  PID:6204
- C:\Windows\System\OOHlPaj.exe
  C:\Windows\System\OOHlPaj.exe
  2⤵
  PID:6268
- C:\Windows\System\EyoGbSx.exe
  C:\Windows\System\EyoGbSx.exe
  2⤵
  PID:6272
- C:\Windows\System\UaetApV.exe
  C:\Windows\System\UaetApV.exe
  2⤵
  PID:6356
- C:\Windows\System\vnaPeYm.exe
  C:\Windows\System\vnaPeYm.exe
  2⤵
  PID:6416
- C:\Windows\System\MXisYfE.exe
  C:\Windows\System\MXisYfE.exe
  2⤵
  PID:6480
- C:\Windows\System\hwulyHN.exe
  C:\Windows\System\hwulyHN.exe
  2⤵
  PID:6516
- C:\Windows\System\HbczwiL.exe
  C:\Windows\System\HbczwiL.exe
  2⤵
  PID:6596
- C:\Windows\System\cdPzYOH.exe
  C:\Windows\System\cdPzYOH.exe
  2⤵
  PID:6760
- C:\Windows\System\lqTRgBR.exe
  C:\Windows\System\lqTRgBR.exe
  2⤵
  PID:6708
- C:\Windows\System\SMsMIIR.exe
  C:\Windows\System\SMsMIIR.exe
  2⤵
  PID:6864
- C:\Windows\System\pzAuflf.exe
  C:\Windows\System\pzAuflf.exe
  2⤵
  PID:7068
- C:\Windows\System\xAaCspN.exe
  C:\Windows\System\xAaCspN.exe
  2⤵
  PID:6976
- C:\Windows\System\lyGROPl.exe
  C:\Windows\System\lyGROPl.exe
  2⤵
  PID:7128
- C:\Windows\System\rCZXUTw.exe
  C:\Windows\System\rCZXUTw.exe
  2⤵
  PID:7144
- C:\Windows\System\QZxWneX.exe
  C:\Windows\System\QZxWneX.exe
  2⤵
  PID:6336
- C:\Windows\System\kMpNWAT.exe
  C:\Windows\System\kMpNWAT.exe
  2⤵
  PID:6436
- C:\Windows\System\HiewBqV.exe
  C:\Windows\System\HiewBqV.exe
  2⤵
  PID:6612
- C:\Windows\System\vczYFCv.exe
  C:\Windows\System\vczYFCv.exe
  2⤵
  PID:6640
- C:\Windows\System\VzKFQsc.exe
  C:\Windows\System\VzKFQsc.exe
  2⤵
  PID:6956
- C:\Windows\System\ZbaFeWM.exe
  C:\Windows\System\ZbaFeWM.exe
  2⤵
  PID:7088
- C:\Windows\System\bSoQMZg.exe
  C:\Windows\System\bSoQMZg.exe
  2⤵
  PID:6152
- C:\Windows\System\pvmutuV.exe
  C:\Windows\System\pvmutuV.exe
  2⤵
  PID:6472
- C:\Windows\System\YSuEICo.exe
  C:\Windows\System\YSuEICo.exe
  2⤵
  PID:6848
- C:\Windows\System\ZlONijG.exe
  C:\Windows\System\ZlONijG.exe
  2⤵
  PID:7180
- C:\Windows\System\xtXKcyK.exe
  C:\Windows\System\xtXKcyK.exe
  2⤵
  PID:7196
- C:\Windows\System\dSjalAK.exe
  C:\Windows\System\dSjalAK.exe
  2⤵
  PID:7224
- C:\Windows\System\HRRLsAp.exe
  C:\Windows\System\HRRLsAp.exe
  2⤵
  PID:7244
- C:\Windows\System\bgoLnxy.exe
  C:\Windows\System\bgoLnxy.exe
  2⤵
  PID:7272
- C:\Windows\System\YRbJITt.exe
  C:\Windows\System\YRbJITt.exe
  2⤵
  PID:7288
- C:\Windows\System\eTVtOdF.exe
  C:\Windows\System\eTVtOdF.exe
  2⤵
  PID:7308
- C:\Windows\System\ymGWYSV.exe
  C:\Windows\System\ymGWYSV.exe
  2⤵
  PID:7328
- C:\Windows\System\XVTPFKL.exe
  C:\Windows\System\XVTPFKL.exe
  2⤵
  PID:7376
- C:\Windows\System\fCdynUA.exe
  C:\Windows\System\fCdynUA.exe
  2⤵
  PID:7396
- C:\Windows\System\yYzxhVy.exe
  C:\Windows\System\yYzxhVy.exe
  2⤵
  PID:7416
- C:\Windows\System\RybxZRI.exe
  C:\Windows\System\RybxZRI.exe
  2⤵
  PID:7444
- C:\Windows\System\IBZOrsm.exe
  C:\Windows\System\IBZOrsm.exe
  2⤵
  PID:7484
- C:\Windows\System\CPqJTUA.exe
  C:\Windows\System\CPqJTUA.exe
  2⤵
  PID:7532
- C:\Windows\System\hwTsxsz.exe
  C:\Windows\System\hwTsxsz.exe
  2⤵
  PID:7552
- C:\Windows\System\brWytgP.exe
  C:\Windows\System\brWytgP.exe
  2⤵
  PID:7580
- C:\Windows\System\SWbCetG.exe
  C:\Windows\System\SWbCetG.exe
  2⤵
  PID:7604
- C:\Windows\System\LkmJDWr.exe
  C:\Windows\System\LkmJDWr.exe
  2⤵
  PID:7620
- C:\Windows\System\qIXCErA.exe
  C:\Windows\System\qIXCErA.exe
  2⤵
  PID:7652
- C:\Windows\System\efeohAt.exe
  C:\Windows\System\efeohAt.exe
  2⤵
  PID:7688
- C:\Windows\System\IkZMlXk.exe
  C:\Windows\System\IkZMlXk.exe
  2⤵
  PID:7720
- C:\Windows\System\idRtVKi.exe
  C:\Windows\System\idRtVKi.exe
  2⤵
  PID:7768
- C:\Windows\System\DLHMGNu.exe
  C:\Windows\System\DLHMGNu.exe
  2⤵
  PID:7788
- C:\Windows\System\kPANaxz.exe
  C:\Windows\System\kPANaxz.exe
  2⤵
  PID:7832
- C:\Windows\System\SYkpkla.exe
  C:\Windows\System\SYkpkla.exe
  2⤵
  PID:7864
- C:\Windows\System\VqFnCEu.exe
  C:\Windows\System\VqFnCEu.exe
  2⤵
  PID:7884
- C:\Windows\System\NvHqsil.exe
  C:\Windows\System\NvHqsil.exe
  2⤵
  PID:7908
- C:\Windows\System\JIPwxSi.exe
  C:\Windows\System\JIPwxSi.exe
  2⤵
  PID:7952
- C:\Windows\System\ZZBKDVG.exe
  C:\Windows\System\ZZBKDVG.exe
  2⤵
  PID:7968
- C:\Windows\System\XbBIWIM.exe
  C:\Windows\System\XbBIWIM.exe
  2⤵
  PID:7992
- C:\Windows\System\ZtfeGAW.exe
  C:\Windows\System\ZtfeGAW.exe
  2⤵
  PID:8012
- C:\Windows\System\mOeKHvg.exe
  C:\Windows\System\mOeKHvg.exe
  2⤵
  PID:8028
- C:\Windows\System\YiBslJb.exe
  C:\Windows\System\YiBslJb.exe
  2⤵
  PID:8056
- C:\Windows\System\cRkqhwY.exe
  C:\Windows\System\cRkqhwY.exe
  2⤵
  PID:8116
- C:\Windows\System\RdsxYtW.exe
  C:\Windows\System\RdsxYtW.exe
  2⤵
  PID:8156
- C:\Windows\System\uELZxGb.exe
  C:\Windows\System\uELZxGb.exe
  2⤵
  PID:8176
- C:\Windows\System\ppRogzD.exe
  C:\Windows\System\ppRogzD.exe
  2⤵
  PID:6224
- C:\Windows\System\tCOIYzY.exe
  C:\Windows\System\tCOIYzY.exe
  2⤵
  PID:6352
- C:\Windows\System\vmZPTWR.exe
  C:\Windows\System\vmZPTWR.exe
  2⤵
  PID:7260
- C:\Windows\System\mqjAgxH.exe
  C:\Windows\System\mqjAgxH.exe
  2⤵
  PID:7280
- C:\Windows\System\vMGXGha.exe
  C:\Windows\System\vMGXGha.exe
  2⤵
  PID:7356
- C:\Windows\System\zhZwrpZ.exe
  C:\Windows\System\zhZwrpZ.exe
  2⤵
  PID:7496
- C:\Windows\System\hZCySjO.exe
  C:\Windows\System\hZCySjO.exe
  2⤵
  PID:7544
- C:\Windows\System\KuDREOB.exe
  C:\Windows\System\KuDREOB.exe
  2⤵
  PID:7612
- C:\Windows\System\apWBLBB.exe
  C:\Windows\System\apWBLBB.exe
  2⤵
  PID:7592
- C:\Windows\System\ZSdZpOV.exe
  C:\Windows\System\ZSdZpOV.exe
  2⤵
  PID:7648
- C:\Windows\System\lcdqYOQ.exe
  C:\Windows\System\lcdqYOQ.exe
  2⤵
  PID:7748
- C:\Windows\System\JtTWCtU.exe
  C:\Windows\System\JtTWCtU.exe
  2⤵
  PID:7784
- C:\Windows\System\fFIxFtD.exe
  C:\Windows\System\fFIxFtD.exe
  2⤵
  PID:7856
- C:\Windows\System\QmyjjKD.exe
  C:\Windows\System\QmyjjKD.exe
  2⤵
  PID:7852
- C:\Windows\System\IvEPRlj.exe
  C:\Windows\System\IvEPRlj.exe
  2⤵
  PID:7964
- C:\Windows\System\CIMiTzh.exe
  C:\Windows\System\CIMiTzh.exe
  2⤵
  PID:7984
- C:\Windows\System\cJwkFBV.exe
  C:\Windows\System\cJwkFBV.exe
  2⤵
  PID:8096
- C:\Windows\System\tsgNAxs.exe
  C:\Windows\System\tsgNAxs.exe
  2⤵
  PID:8152
- C:\Windows\System\cVawcVY.exe
  C:\Windows\System\cVawcVY.exe
  2⤵
  PID:7164
- C:\Windows\System\aFDMWGO.exe
  C:\Windows\System\aFDMWGO.exe
  2⤵
  PID:7256
- C:\Windows\System\LoWBXqe.exe
  C:\Windows\System\LoWBXqe.exe
  2⤵
  PID:7480
- C:\Windows\System\DhgVSdh.exe
  C:\Windows\System\DhgVSdh.exe
  2⤵
  PID:7616
- C:\Windows\System\BCSHwrg.exe
  C:\Windows\System\BCSHwrg.exe
  2⤵
  PID:7644
- C:\Windows\System\uUFNFDR.exe
  C:\Windows\System\uUFNFDR.exe
  2⤵
  PID:7960
- C:\Windows\System\FCGqKQh.exe
  C:\Windows\System\FCGqKQh.exe
  2⤵
  PID:7284
- C:\Windows\System\qKaRWob.exe
  C:\Windows\System\qKaRWob.exe
  2⤵
  PID:7172
- C:\Windows\System\akDDHiQ.exe
  C:\Windows\System\akDDHiQ.exe
  2⤵
  PID:7596
- C:\Windows\System\vdObxGc.exe
  C:\Windows\System\vdObxGc.exe
  2⤵
  PID:7932
- C:\Windows\System\vtyfknM.exe
  C:\Windows\System\vtyfknM.exe
  2⤵
  PID:7432
- C:\Windows\System\dlCvOgG.exe
  C:\Windows\System\dlCvOgG.exe
  2⤵
  PID:7740
- C:\Windows\System\CJtVgNV.exe
  C:\Windows\System\CJtVgNV.exe
  2⤵
  PID:8208
- C:\Windows\System\SdGOhmk.exe
  C:\Windows\System\SdGOhmk.exe
  2⤵
  PID:8248
- C:\Windows\System\VzdPaAU.exe
  C:\Windows\System\VzdPaAU.exe
  2⤵
  PID:8280
- C:\Windows\System\vtRtcqH.exe
  C:\Windows\System\vtRtcqH.exe
  2⤵
  PID:8332
- C:\Windows\System\QQZfiST.exe
  C:\Windows\System\QQZfiST.exe
  2⤵
  PID:8352
- C:\Windows\System\MFzreLD.exe
  C:\Windows\System\MFzreLD.exe
  2⤵
  PID:8372
- C:\Windows\System\riqVGjT.exe
  C:\Windows\System\riqVGjT.exe
  2⤵
  PID:8420
- C:\Windows\System\AZETnRj.exe
  C:\Windows\System\AZETnRj.exe
  2⤵
  PID:8460
- C:\Windows\System\gwCNOkF.exe
  C:\Windows\System\gwCNOkF.exe
  2⤵
  PID:8480
- C:\Windows\System\PQrmiGl.exe
  C:\Windows\System\PQrmiGl.exe
  2⤵
  PID:8500
- C:\Windows\System\GeoQHUY.exe
  C:\Windows\System\GeoQHUY.exe
  2⤵
  PID:8536
- C:\Windows\System\udhcofq.exe
  C:\Windows\System\udhcofq.exe
  2⤵
  PID:8568
- C:\Windows\System\doXTdkb.exe
  C:\Windows\System\doXTdkb.exe
  2⤵
  PID:8588
- C:\Windows\System\gFVnHUB.exe
  C:\Windows\System\gFVnHUB.exe
  2⤵
  PID:8640
- C:\Windows\System\IlEaGQn.exe
  C:\Windows\System\IlEaGQn.exe
  2⤵
  PID:8660
- C:\Windows\System\QfgnRiE.exe
  C:\Windows\System\QfgnRiE.exe
  2⤵
  PID:8684
- C:\Windows\System\chmHKXe.exe
  C:\Windows\System\chmHKXe.exe
  2⤵
  PID:8700
- C:\Windows\System\IIEwbgp.exe
  C:\Windows\System\IIEwbgp.exe
  2⤵
  PID:8716
- C:\Windows\System\PlHssoJ.exe
  C:\Windows\System\PlHssoJ.exe
  2⤵
  PID:8740
- C:\Windows\System\boZEkJI.exe
  C:\Windows\System\boZEkJI.exe
  2⤵
  PID:8764
- C:\Windows\System\ikbtVXO.exe
  C:\Windows\System\ikbtVXO.exe
  2⤵
  PID:8784
- C:\Windows\System\hEsjdJp.exe
  C:\Windows\System\hEsjdJp.exe
  2⤵
  PID:8804
- C:\Windows\System\OmCELEI.exe
  C:\Windows\System\OmCELEI.exe
  2⤵
  PID:8820
- C:\Windows\System\VcrLYvj.exe
  C:\Windows\System\VcrLYvj.exe
  2⤵
  PID:8864
- C:\Windows\System\YWUMBZg.exe
  C:\Windows\System\YWUMBZg.exe
  2⤵
  PID:8880
- C:\Windows\System\ZnexKQo.exe
  C:\Windows\System\ZnexKQo.exe
  2⤵
  PID:8904
- C:\Windows\System\nxDciyX.exe
  C:\Windows\System\nxDciyX.exe
  2⤵
  PID:8960
- C:\Windows\System\RpLTkvj.exe
  C:\Windows\System\RpLTkvj.exe
  2⤵
  PID:8980
- C:\Windows\System\aeERFWK.exe
  C:\Windows\System\aeERFWK.exe
  2⤵
  PID:8996
- C:\Windows\System\EEjPhQy.exe
  C:\Windows\System\EEjPhQy.exe
  2⤵
  PID:9020
- C:\Windows\System\QMJYjdx.exe
  C:\Windows\System\QMJYjdx.exe
  2⤵
  PID:9048
- C:\Windows\System\CjKoyFn.exe
  C:\Windows\System\CjKoyFn.exe
  2⤵
  PID:9076
- C:\Windows\System\ZPiieHV.exe
  C:\Windows\System\ZPiieHV.exe
  2⤵
  PID:9120
- C:\Windows\System\SVqnHWU.exe
  C:\Windows\System\SVqnHWU.exe
  2⤵
  PID:9200
- C:\Windows\System\PYTXprG.exe
  C:\Windows\System\PYTXprG.exe
  2⤵
  PID:7696
- C:\Windows\System\qKNQSBU.exe
  C:\Windows\System\qKNQSBU.exe
  2⤵
  PID:8200
- C:\Windows\System\YpodWqm.exe
  C:\Windows\System\YpodWqm.exe
  2⤵
  PID:8308
- C:\Windows\System\OHjFBVA.exe
  C:\Windows\System\OHjFBVA.exe
  2⤵
  PID:8344
- C:\Windows\System\kNugmMg.exe
  C:\Windows\System\kNugmMg.exe
  2⤵
  PID:8404
- C:\Windows\System\AUBkIGC.exe
  C:\Windows\System\AUBkIGC.exe
  2⤵
  PID:8476
- C:\Windows\System\MKbBlbA.exe
  C:\Windows\System\MKbBlbA.exe
  2⤵
  PID:8528
- C:\Windows\System\CszItQK.exe
  C:\Windows\System\CszItQK.exe
  2⤵
  PID:8552
- C:\Windows\System\KDLMHAn.exe
  C:\Windows\System\KDLMHAn.exe
  2⤵
  PID:8656
- C:\Windows\System\MTfhfwD.exe
  C:\Windows\System\MTfhfwD.exe
  2⤵
  PID:8732
- C:\Windows\System\qcFfAOq.exe
  C:\Windows\System\qcFfAOq.exe
  2⤵
  PID:8776
- C:\Windows\System\iWWxNxr.exe
  C:\Windows\System\iWWxNxr.exe
  2⤵
  PID:8888
- C:\Windows\System\kqcaCoh.exe
  C:\Windows\System\kqcaCoh.exe
  2⤵
  PID:8940
- C:\Windows\System\oSGJoBr.exe
  C:\Windows\System\oSGJoBr.exe
  2⤵
  PID:9028
- C:\Windows\System\pnSZbhC.exe
  C:\Windows\System\pnSZbhC.exe
  2⤵
  PID:8976
- C:\Windows\System\EFShvpE.exe
  C:\Windows\System\EFShvpE.exe
  2⤵
  PID:9084
- C:\Windows\System\jFCLpjU.exe
  C:\Windows\System\jFCLpjU.exe
  2⤵
  PID:9160
- C:\Windows\System\AIxTGad.exe
  C:\Windows\System\AIxTGad.exe
  2⤵
  PID:9208
- C:\Windows\System\NApqOFb.exe
  C:\Windows\System\NApqOFb.exe
  2⤵
  PID:8148
- C:\Windows\System\kYiWzkI.exe
  C:\Windows\System\kYiWzkI.exe
  2⤵
  PID:8440
- C:\Windows\System\szirhLn.exe
  C:\Windows\System\szirhLn.exe
  2⤵
  PID:8580
- C:\Windows\System\HuPbZij.exe
  C:\Windows\System\HuPbZij.exe
  2⤵
  PID:8620
- C:\Windows\System\izBcXwO.exe
  C:\Windows\System\izBcXwO.exe
  2⤵
  PID:8936
- C:\Windows\System\luYjvRM.exe
  C:\Windows\System\luYjvRM.exe
  2⤵
  PID:8968
- C:\Windows\System\dYsYgra.exe
  C:\Windows\System\dYsYgra.exe
  2⤵
  PID:9152
- C:\Windows\System\InLdxXK.exe
  C:\Windows\System\InLdxXK.exe
  2⤵
  PID:8556
- C:\Windows\System\gNYAPYK.exe
  C:\Windows\System\gNYAPYK.exe
  2⤵
  PID:9068
- C:\Windows\System\SIvuYrP.exe
  C:\Windows\System\SIvuYrP.exe
  2⤵
  PID:7684
- C:\Windows\System\bXlnWzX.exe
  C:\Windows\System\bXlnWzX.exe
  2⤵
  PID:9016
- C:\Windows\System\UdyNqnp.exe
  C:\Windows\System\UdyNqnp.exe
  2⤵
  PID:9248
- C:\Windows\System\samLvWN.exe
  C:\Windows\System\samLvWN.exe
  2⤵
  PID:9272
- C:\Windows\System\OWunxAP.exe
  C:\Windows\System\OWunxAP.exe
  2⤵
  PID:9292
- C:\Windows\System\nbSwgRA.exe
  C:\Windows\System\nbSwgRA.exe
  2⤵
  PID:9312
- C:\Windows\System\FuWoASR.exe
  C:\Windows\System\FuWoASR.exe
  2⤵
  PID:9332
- C:\Windows\System\LlyGkNz.exe
  C:\Windows\System\LlyGkNz.exe
  2⤵
  PID:9368
- C:\Windows\System\fEWBGWP.exe
  C:\Windows\System\fEWBGWP.exe
  2⤵
  PID:9388
- C:\Windows\System\eAnlQgM.exe
  C:\Windows\System\eAnlQgM.exe
  2⤵
  PID:9412
- C:\Windows\System\ykAVWzV.exe
  C:\Windows\System\ykAVWzV.exe
  2⤵
  PID:9432
- C:\Windows\System\ciZLzGO.exe
  C:\Windows\System\ciZLzGO.exe
  2⤵
  PID:9456
- C:\Windows\System\WRXOevu.exe
  C:\Windows\System\WRXOevu.exe
  2⤵
  PID:9480
- C:\Windows\System\IKzDymO.exe
  C:\Windows\System\IKzDymO.exe
  2⤵
  PID:9552
- C:\Windows\System\cErZulM.exe
  C:\Windows\System\cErZulM.exe
  2⤵
  PID:9596
- C:\Windows\System\eAfiCNb.exe
  C:\Windows\System\eAfiCNb.exe
  2⤵
  PID:9624
- C:\Windows\System\GKysoJq.exe
  C:\Windows\System\GKysoJq.exe
  2⤵
  PID:9640
- C:\Windows\System\sNcYXHS.exe
  C:\Windows\System\sNcYXHS.exe
  2⤵
  PID:9656
- C:\Windows\System\GtLqdPA.exe
  C:\Windows\System\GtLqdPA.exe
  2⤵
  PID:9672
- C:\Windows\System\HAMyUHd.exe
  C:\Windows\System\HAMyUHd.exe
  2⤵
  PID:9692
- C:\Windows\System\ErAeZDz.exe
  C:\Windows\System\ErAeZDz.exe
  2⤵
  PID:9712
- C:\Windows\System\KByttad.exe
  C:\Windows\System\KByttad.exe
  2⤵
  PID:9728
- C:\Windows\System\TIUycpL.exe
  C:\Windows\System\TIUycpL.exe
  2⤵
  PID:9744
- C:\Windows\System\VBMXWFl.exe
  C:\Windows\System\VBMXWFl.exe
  2⤵
  PID:9760
- C:\Windows\System\lFdGdGK.exe
  C:\Windows\System\lFdGdGK.exe
  2⤵
  PID:9776
- C:\Windows\System\wlwVjyw.exe
  C:\Windows\System\wlwVjyw.exe
  2⤵
  PID:9792
- C:\Windows\System\NVvXhxb.exe
  C:\Windows\System\NVvXhxb.exe
  2⤵
  PID:9808
- C:\Windows\System\qDtZSfN.exe
  C:\Windows\System\qDtZSfN.exe
  2⤵
  PID:9824
- C:\Windows\System\jMEAgOz.exe
  C:\Windows\System\jMEAgOz.exe
  2⤵
  PID:9840
- C:\Windows\System\hlnmLYn.exe
  C:\Windows\System\hlnmLYn.exe
  2⤵
  PID:9856
- C:\Windows\System\aBznLKr.exe
  C:\Windows\System\aBznLKr.exe
  2⤵
  PID:9872
- C:\Windows\System\kiCgSwZ.exe
  C:\Windows\System\kiCgSwZ.exe
  2⤵
  PID:9892
- C:\Windows\System\PPsIdrz.exe
  C:\Windows\System\PPsIdrz.exe
  2⤵
  PID:9988
- C:\Windows\System\MpjJlRJ.exe
  C:\Windows\System\MpjJlRJ.exe
  2⤵
  PID:10104
- C:\Windows\System\zlVGlbW.exe
  C:\Windows\System\zlVGlbW.exe
  2⤵
  PID:10132
- C:\Windows\System\jrPYRkG.exe
  C:\Windows\System\jrPYRkG.exe
  2⤵
  PID:10152
- C:\Windows\System\LTYsJBJ.exe
  C:\Windows\System\LTYsJBJ.exe
  2⤵
  PID:9224
- C:\Windows\System\JLFCvBo.exe
  C:\Windows\System\JLFCvBo.exe
  2⤵
  PID:9264
- C:\Windows\System\JcwWUmi.exe
  C:\Windows\System\JcwWUmi.exe
  2⤵
  PID:9284
- C:\Windows\System\NsnBojG.exe
  C:\Windows\System\NsnBojG.exe
  2⤵
  PID:9364
- C:\Windows\System\XEZvAKc.exe
  C:\Windows\System\XEZvAKc.exe
  2⤵
  PID:9580
- C:\Windows\System\kUxIVjk.exe
  C:\Windows\System\kUxIVjk.exe
  2⤵
  PID:9688
- C:\Windows\System\xmKUsli.exe
  C:\Windows\System\xmKUsli.exe
  2⤵
  PID:9508
- C:\Windows\System\xgvWAkP.exe
  C:\Windows\System\xgvWAkP.exe
  2⤵
  PID:9804
- C:\Windows\System\VPGBtEA.exe
  C:\Windows\System\VPGBtEA.exe
  2⤵
  PID:9832
- C:\Windows\System\ahpTEZY.exe
  C:\Windows\System\ahpTEZY.exe
  2⤵
  PID:9584
- C:\Windows\System\KptjMGq.exe
  C:\Windows\System\KptjMGq.exe
  2⤵
  PID:9612
- C:\Windows\System\CPCgjoL.exe
  C:\Windows\System\CPCgjoL.exe
  2⤵
  PID:9920
- C:\Windows\System\kfjhTTa.exe
  C:\Windows\System\kfjhTTa.exe
  2⤵
  PID:9948
- C:\Windows\System\sFvSLnk.exe
  C:\Windows\System\sFvSLnk.exe
  2⤵
  PID:9704
- C:\Windows\System\XmrEQVr.exe
  C:\Windows\System\XmrEQVr.exe
  2⤵
  PID:9980
- C:\Windows\System\nBAuhBu.exe
  C:\Windows\System\nBAuhBu.exe
  2⤵
  PID:10072
- C:\Windows\System\tVEeMmo.exe
  C:\Windows\System\tVEeMmo.exe
  2⤵
  PID:10160
- C:\Windows\System\KVBynyN.exe
  C:\Windows\System\KVBynyN.exe
  2⤵
  PID:8760
- C:\Windows\System\ANewkny.exe
  C:\Windows\System\ANewkny.exe
  2⤵
  PID:9720
- C:\Windows\System\mTkReby.exe
  C:\Windows\System\mTkReby.exe
  2⤵
  PID:9492
- C:\Windows\System\zrCxncF.exe
  C:\Windows\System\zrCxncF.exe
  2⤵
  PID:9768
- C:\Windows\System\fHoXiPh.exe
  C:\Windows\System\fHoXiPh.exe
  2⤵
  PID:9868
- C:\Windows\System\gkTmLcp.exe
  C:\Windows\System\gkTmLcp.exe
  2⤵
  PID:10020
- C:\Windows\System\kJHlGQl.exe
  C:\Windows\System\kJHlGQl.exe
  2⤵
  PID:9636
- C:\Windows\System\CBaEpCX.exe
  C:\Windows\System\CBaEpCX.exe
  2⤵
  PID:10236
- C:\Windows\System\NVGSspG.exe
  C:\Windows\System\NVGSspG.exe
  2⤵
  PID:10148
- C:\Windows\System\IJXGnum.exe
  C:\Windows\System\IJXGnum.exe
  2⤵
  PID:9944
- C:\Windows\System\uNDWVfq.exe
  C:\Windows\System\uNDWVfq.exe
  2⤵
  PID:10176
- C:\Windows\System\QiOWRbu.exe
  C:\Windows\System\QiOWRbu.exe
  2⤵
  PID:9848
- C:\Windows\System\NyveMbv.exe
  C:\Windows\System\NyveMbv.exe
  2⤵
  PID:10280
- C:\Windows\System\stwfQkf.exe
  C:\Windows\System\stwfQkf.exe
  2⤵
  PID:10300
- C:\Windows\System\esbHmfS.exe
  C:\Windows\System\esbHmfS.exe
  2⤵
  PID:10324
- C:\Windows\System\NJaHlyz.exe
  C:\Windows\System\NJaHlyz.exe
  2⤵
  PID:10364
- C:\Windows\System\VqBdXUQ.exe
  C:\Windows\System\VqBdXUQ.exe
  2⤵
  PID:10392
- C:\Windows\System\FBWqXRR.exe
  C:\Windows\System\FBWqXRR.exe
  2⤵
  PID:10412
- C:\Windows\System\yloWlpK.exe
  C:\Windows\System\yloWlpK.exe
  2⤵
  PID:10432
- C:\Windows\System\xfTDoeX.exe
  C:\Windows\System\xfTDoeX.exe
  2⤵
  PID:10452
- C:\Windows\System\CTYxOMn.exe
  C:\Windows\System\CTYxOMn.exe
  2⤵
  PID:10476
- C:\Windows\System\zzVMXmn.exe
  C:\Windows\System\zzVMXmn.exe
  2⤵
  PID:10496
- C:\Windows\System\qxKYgof.exe
  C:\Windows\System\qxKYgof.exe
  2⤵
  PID:10520
- C:\Windows\System\jvNhTIR.exe
  C:\Windows\System\jvNhTIR.exe
  2⤵
  PID:10584
- C:\Windows\System\GNojyKW.exe
  C:\Windows\System\GNojyKW.exe
  2⤵
  PID:10672
- C:\Windows\System\RhYsvGk.exe
  C:\Windows\System\RhYsvGk.exe
  2⤵
  PID:10688
- C:\Windows\System\zTFCmYt.exe
  C:\Windows\System\zTFCmYt.exe
  2⤵
  PID:10712
- C:\Windows\System\MHzeOoD.exe
  C:\Windows\System\MHzeOoD.exe
  2⤵
  PID:10732
- C:\Windows\System\DSTZQSp.exe
  C:\Windows\System\DSTZQSp.exe
  2⤵
  PID:10752
- C:\Windows\System\jeCxgrT.exe
  C:\Windows\System\jeCxgrT.exe
  2⤵
  PID:10776
- C:\Windows\System\pRVIODq.exe
  C:\Windows\System\pRVIODq.exe
  2⤵
  PID:10820
- C:\Windows\System\qLPqHqe.exe
  C:\Windows\System\qLPqHqe.exe
  2⤵
  PID:10836
- C:\Windows\System\ZJeOYmo.exe
  C:\Windows\System\ZJeOYmo.exe
  2⤵
  PID:10856
- C:\Windows\System\giWKwTP.exe
  C:\Windows\System\giWKwTP.exe
  2⤵
  PID:10876
- C:\Windows\System\IKWidmv.exe
  C:\Windows\System\IKWidmv.exe
  2⤵
  PID:10900
- C:\Windows\System\GCLZAsf.exe
  C:\Windows\System\GCLZAsf.exe
  2⤵
  PID:10924
- C:\Windows\System\kukxDNc.exe
  C:\Windows\System\kukxDNc.exe
  2⤵
  PID:10944
- C:\Windows\System\GnbUXES.exe
  C:\Windows\System\GnbUXES.exe
  2⤵
  PID:10964
- C:\Windows\System\tGYkfBn.exe
  C:\Windows\System\tGYkfBn.exe
  2⤵
  PID:10988
- C:\Windows\System\byCThrf.exe
  C:\Windows\System\byCThrf.exe
  2⤵
  PID:11008
- C:\Windows\System\vVwxqEr.exe
  C:\Windows\System\vVwxqEr.exe
  2⤵
  PID:11032
- C:\Windows\System\BHbiRwE.exe
  C:\Windows\System\BHbiRwE.exe
  2⤵
  PID:11088
- C:\Windows\System\yCVoJJY.exe
  C:\Windows\System\yCVoJJY.exe
  2⤵
  PID:11132
- C:\Windows\System\uRzzfLH.exe
  C:\Windows\System\uRzzfLH.exe
  2⤵
  PID:11152
- C:\Windows\System\VvhiXJW.exe
  C:\Windows\System\VvhiXJW.exe
  2⤵
  PID:11172
- C:\Windows\System\RSVoqeI.exe
  C:\Windows\System\RSVoqeI.exe
  2⤵
  PID:11196
- C:\Windows\System\DsrKUkM.exe
  C:\Windows\System\DsrKUkM.exe
  2⤵
  PID:11236
- C:\Windows\System\LHNzQhg.exe
  C:\Windows\System\LHNzQhg.exe
  2⤵
  PID:9576
- C:\Windows\System\vKIpURt.exe
  C:\Windows\System\vKIpURt.exe
  2⤵
  PID:10256
- C:\Windows\System\mcqjiGw.exe
  C:\Windows\System\mcqjiGw.exe
  2⤵
  PID:10272
- C:\Windows\System\aKYprGd.exe
  C:\Windows\System\aKYprGd.exe
  2⤵
  PID:10340
- C:\Windows\System\btwRlRo.exe
  C:\Windows\System\btwRlRo.exe
  2⤵
  PID:10488
- C:\Windows\System\RNoHphJ.exe
  C:\Windows\System\RNoHphJ.exe
  2⤵
  PID:10448
- C:\Windows\System\vNAxeON.exe
  C:\Windows\System\vNAxeON.exe
  2⤵
  PID:10504
- C:\Windows\System\IAaPcXv.exe
  C:\Windows\System\IAaPcXv.exe
  2⤵
  PID:10660
- C:\Windows\System\xYsFKZA.exe
  C:\Windows\System\xYsFKZA.exe
  2⤵
  PID:10748
- C:\Windows\System\qnYHsgp.exe
  C:\Windows\System\qnYHsgp.exe
  2⤵
  PID:10832
- C:\Windows\System\VJBYCDG.exe
  C:\Windows\System\VJBYCDG.exe
  2⤵
  PID:10916
- C:\Windows\System\vesXHQv.exe
  C:\Windows\System\vesXHQv.exe
  2⤵
  PID:10932
- C:\Windows\System\aENdGTM.exe
  C:\Windows\System\aENdGTM.exe
  2⤵
  PID:10972
- C:\Windows\System\GBCYoiV.exe
  C:\Windows\System\GBCYoiV.exe
  2⤵
  PID:11100
- C:\Windows\System\ndRstLd.exe
  C:\Windows\System\ndRstLd.exe
  2⤵
  PID:11144
- C:\Windows\System\ApZRzoH.exe
  C:\Windows\System\ApZRzoH.exe
  2⤵
  PID:11148
- C:\Windows\System\VGduMXB.exe
  C:\Windows\System\VGduMXB.exe
  2⤵
  PID:11228
- C:\Windows\System\ptyecra.exe
  C:\Windows\System\ptyecra.exe
  2⤵
  PID:10408
- C:\Windows\System\fYizmcV.exe
  C:\Windows\System\fYizmcV.exe
  2⤵
  PID:10312
- C:\Windows\System\LhJIAGY.exe
  C:\Windows\System\LhJIAGY.exe
  2⤵
  PID:3424
- C:\Windows\System\eKuJQGB.exe
  C:\Windows\System\eKuJQGB.exe
  2⤵
  PID:11000
- C:\Windows\System\EdPHsjE.exe
  C:\Windows\System\EdPHsjE.exe
  2⤵
  PID:11016
- C:\Windows\System\EdElewW.exe
  C:\Windows\System\EdElewW.exe
  2⤵
  PID:11044
- C:\Windows\System\RUAbtzy.exe
  C:\Windows\System\RUAbtzy.exe
  2⤵
  PID:11256
- C:\Windows\System\lCLomgA.exe
  C:\Windows\System\lCLomgA.exe
  2⤵
  PID:10544
- C:\Windows\System\pzZFWnt.exe
  C:\Windows\System\pzZFWnt.exe
  2⤵
  PID:10600
- C:\Windows\System\ambTuMY.exe
  C:\Windows\System\ambTuMY.exe
  2⤵
  PID:11188
- C:\Windows\System\UZikZRq.exe
  C:\Windows\System\UZikZRq.exe
  2⤵
  PID:11244
- C:\Windows\System\rDBKoMM.exe
  C:\Windows\System\rDBKoMM.exe
  2⤵
  PID:11288
- C:\Windows\System\qjosGeR.exe
  C:\Windows\System\qjosGeR.exe
  2⤵
  PID:11304
- C:\Windows\System\jAKeIud.exe
  C:\Windows\System\jAKeIud.exe
  2⤵
  PID:11336
- C:\Windows\System\NweSpzo.exe
  C:\Windows\System\NweSpzo.exe
  2⤵
  PID:11376
- C:\Windows\System\ZSEiinp.exe
  C:\Windows\System\ZSEiinp.exe
  2⤵
  PID:11424
- C:\Windows\System\EMRnxEj.exe
  C:\Windows\System\EMRnxEj.exe
  2⤵
  PID:11440
- C:\Windows\System\DFKinbi.exe
  C:\Windows\System\DFKinbi.exe
  2⤵
  PID:11468
- C:\Windows\System\JNrSHWp.exe
  C:\Windows\System\JNrSHWp.exe
  2⤵
  PID:11492
- C:\Windows\System\kaMOsMm.exe
  C:\Windows\System\kaMOsMm.exe
  2⤵
  PID:11512
- C:\Windows\System\xwIbDli.exe
  C:\Windows\System\xwIbDli.exe
  2⤵
  PID:11568
- C:\Windows\System\MhYTuQP.exe
  C:\Windows\System\MhYTuQP.exe
  2⤵
  PID:11596
- C:\Windows\System\KqnjOiS.exe
  C:\Windows\System\KqnjOiS.exe
  2⤵
  PID:11632
- C:\Windows\System\TyraYIp.exe
  C:\Windows\System\TyraYIp.exe
  2⤵
  PID:11660
- C:\Windows\System\cJqjtHe.exe
  C:\Windows\System\cJqjtHe.exe
  2⤵
  PID:11680
- C:\Windows\System\fUMaFXt.exe
  C:\Windows\System\fUMaFXt.exe
  2⤵
  PID:11700
- C:\Windows\System\UuMHLRn.exe
  C:\Windows\System\UuMHLRn.exe
  2⤵
  PID:11724
- C:\Windows\System\SgShrsS.exe
  C:\Windows\System\SgShrsS.exe
  2⤵
  PID:11744
- C:\Windows\System\AlRAxwu.exe
  C:\Windows\System\AlRAxwu.exe
  2⤵
  PID:11764
- C:\Windows\System\tnDRYjl.exe
  C:\Windows\System\tnDRYjl.exe
  2⤵
  PID:11800
- C:\Windows\System\QcCxsSI.exe
  C:\Windows\System\QcCxsSI.exe
  2⤵
  PID:11820
- C:\Windows\System\SSZqCpu.exe
  C:\Windows\System\SSZqCpu.exe
  2⤵
  PID:11884
- C:\Windows\System\xojgCAT.exe
  C:\Windows\System\xojgCAT.exe
  2⤵
  PID:11900
- C:\Windows\System\UektIWc.exe
  C:\Windows\System\UektIWc.exe
  2⤵
  PID:11924
- C:\Windows\System\bqZeOQw.exe
  C:\Windows\System\bqZeOQw.exe
  2⤵
  PID:11964
- C:\Windows\System\eaHBhxD.exe
  C:\Windows\System\eaHBhxD.exe
  2⤵
  PID:11992
- C:\Windows\System\fxosOHu.exe
  C:\Windows\System\fxosOHu.exe
  2⤵
  PID:12012
- C:\Windows\System\iXVRsls.exe
  C:\Windows\System\iXVRsls.exe
  2⤵
  PID:12028
- C:\Windows\System\TeuWwnO.exe
  C:\Windows\System\TeuWwnO.exe
  2⤵
  PID:12072
- C:\Windows\System\JaeHHId.exe
  C:\Windows\System\JaeHHId.exe
  2⤵
  PID:12092
- C:\Windows\System\pMCAfqR.exe
  C:\Windows\System\pMCAfqR.exe
  2⤵
  PID:12112
- C:\Windows\System\uGiswOy.exe
  C:\Windows\System\uGiswOy.exe
  2⤵
  PID:12132
- C:\Windows\System\kCmNazl.exe
  C:\Windows\System\kCmNazl.exe
  2⤵
  PID:12152
- C:\Windows\System\BCflvtr.exe
  C:\Windows\System\BCflvtr.exe
  2⤵
  PID:12168
- C:\Windows\System\QyORlIY.exe
  C:\Windows\System\QyORlIY.exe
  2⤵
  PID:12216
- C:\Windows\System\HzCTJPV.exe
  C:\Windows\System\HzCTJPV.exe
  2⤵
  PID:12252
- C:\Windows\System\KfqSXsn.exe
  C:\Windows\System\KfqSXsn.exe
  2⤵
  PID:12276
- C:\Windows\System\sIllObd.exe
  C:\Windows\System\sIllObd.exe
  2⤵
  PID:11300
- C:\Windows\System\GcYtzqR.exe
  C:\Windows\System\GcYtzqR.exe
  2⤵
  PID:10336
- C:\Windows\System\ltriQfE.exe
  C:\Windows\System\ltriQfE.exe
  2⤵
  PID:11344
- C:\Windows\System\XkNVNyb.exe
  C:\Windows\System\XkNVNyb.exe
  2⤵
  PID:11364
- C:\Windows\System\AxDkZum.exe
  C:\Windows\System\AxDkZum.exe
  2⤵
  PID:11456
- C:\Windows\System\BrZoVTH.exe
  C:\Windows\System\BrZoVTH.exe
  2⤵
  PID:11476
- C:\Windows\System\gODaeoj.exe
  C:\Windows\System\gODaeoj.exe
  2⤵
  PID:11716
- C:\Windows\System\tGFlPPg.exe
  C:\Windows\System\tGFlPPg.exe
  2⤵
  PID:11756
- C:\Windows\System\gqWgjdQ.exe
  C:\Windows\System\gqWgjdQ.exe
  2⤵
  PID:11784
- C:\Windows\System\qMIgCUE.exe
  C:\Windows\System\qMIgCUE.exe
  2⤵
  PID:11860
- C:\Windows\System\XXRPMMg.exe
  C:\Windows\System\XXRPMMg.exe
  2⤵
  PID:11908
- C:\Windows\System\YRIOOSq.exe
  C:\Windows\System\YRIOOSq.exe
  2⤵
  PID:11944
- C:\Windows\System\wpBiwwd.exe
  C:\Windows\System\wpBiwwd.exe
  2⤵
  PID:10812
- C:\Windows\System\STjRRse.exe
  C:\Windows\System\STjRRse.exe
  2⤵
  PID:12064
- C:\Windows\System\DswsFPD.exe
  C:\Windows\System\DswsFPD.exe
  2⤵
  PID:12104
- C:\Windows\System\rGRnVHt.exe
  C:\Windows\System\rGRnVHt.exe
  2⤵
  PID:12148
- C:\Windows\System\ahVRdUP.exe
  C:\Windows\System\ahVRdUP.exe
  2⤵
  PID:12196
- C:\Windows\System\sIAiiFC.exe
  C:\Windows\System\sIAiiFC.exe
  2⤵
  PID:12272
- C:\Windows\System\TEIVIMB.exe
  C:\Windows\System\TEIVIMB.exe
  2⤵
  PID:11504
- C:\Windows\System\MTbMIzR.exe
  C:\Windows\System\MTbMIzR.exe
  2⤵
  PID:11360
- C:\Windows\System\IwBBYhk.exe
  C:\Windows\System\IwBBYhk.exe
  2⤵
  PID:11652
- C:\Windows\System\AIQVmTc.exe
  C:\Windows\System\AIQVmTc.exe
  2⤵
  PID:11880
- C:\Windows\System\RSCcUKq.exe
  C:\Windows\System\RSCcUKq.exe
  2⤵
  PID:12000
- C:\Windows\System\MtUtorv.exe
  C:\Windows\System\MtUtorv.exe
  2⤵
  PID:12084
- C:\Windows\System\KZfeQde.exe
  C:\Windows\System\KZfeQde.exe
  2⤵
  PID:11248
- C:\Windows\System\NEqpCYX.exe
  C:\Windows\System\NEqpCYX.exe
  2⤵
  PID:11588
- C:\Windows\System\aQpaJir.exe
  C:\Windows\System\aQpaJir.exe
  2⤵
  PID:11812
- C:\Windows\System\iJHLDXt.exe
  C:\Windows\System\iJHLDXt.exe
  2⤵
  PID:12324
- C:\Windows\System\CRyzBiY.exe
  C:\Windows\System\CRyzBiY.exe
  2⤵
  PID:12348
- C:\Windows\System\odFhYFr.exe
  C:\Windows\System\odFhYFr.exe
  2⤵
  PID:12388
- C:\Windows\System\rTKRSWd.exe
  C:\Windows\System\rTKRSWd.exe
  2⤵
  PID:12412
- C:\Windows\System\mGRnITY.exe
  C:\Windows\System\mGRnITY.exe
  2⤵
  PID:12444
- C:\Windows\System\UsWfWDs.exe
  C:\Windows\System\UsWfWDs.exe
  2⤵
  PID:12464
- C:\Windows\System\OuydBac.exe
  C:\Windows\System\OuydBac.exe
  2⤵
  PID:12484
- C:\Windows\System\vbttcNA.exe
  C:\Windows\System\vbttcNA.exe
  2⤵
  PID:12504
- C:\Windows\System\JhHXEWm.exe
  C:\Windows\System\JhHXEWm.exe
  2⤵
  PID:12528
- C:\Windows\System\bcCNrjM.exe
  C:\Windows\System\bcCNrjM.exe
  2⤵
  PID:12560
- C:\Windows\System\KbDLtsv.exe
  C:\Windows\System\KbDLtsv.exe
  2⤵
  PID:12580
- C:\Windows\System\OCbfPHH.exe
  C:\Windows\System\OCbfPHH.exe
  2⤵
  PID:12628
- C:\Windows\System\VVzRjLO.exe
  C:\Windows\System\VVzRjLO.exe
  2⤵
  PID:12660
- C:\Windows\System\RPkikMS.exe
  C:\Windows\System\RPkikMS.exe
  2⤵
  PID:12688
- C:\Windows\System\qoVcKil.exe
  C:\Windows\System\qoVcKil.exe
  2⤵
  PID:12720
- C:\Windows\System\UBvvbQH.exe
  C:\Windows\System\UBvvbQH.exe
  2⤵
  PID:12744
- C:\Windows\System\BIIMnXA.exe
  C:\Windows\System\BIIMnXA.exe
  2⤵
  PID:12764
- C:\Windows\System\ogeICKJ.exe
  C:\Windows\System\ogeICKJ.exe
  2⤵
  PID:12788
- C:\Windows\System\Pemaiqk.exe
  C:\Windows\System\Pemaiqk.exe
  2⤵
  PID:12812
- C:\Windows\System\fchKbOr.exe
  C:\Windows\System\fchKbOr.exe
  2⤵
  PID:12836
- C:\Windows\System\qsRYalC.exe
  C:\Windows\System\qsRYalC.exe
  2⤵
  PID:12856
- C:\Windows\System\EhzIdAr.exe
  C:\Windows\System\EhzIdAr.exe
  2⤵
  PID:12876
- C:\Windows\System\szdrNzF.exe
  C:\Windows\System\szdrNzF.exe
  2⤵
  PID:12896
- C:\Windows\System\xfMWgEj.exe
  C:\Windows\System\xfMWgEj.exe
  2⤵
  PID:12948
- C:\Windows\System\GliOlIF.exe
  C:\Windows\System\GliOlIF.exe
  2⤵
  PID:13016
- C:\Windows\System\fushbyV.exe
  C:\Windows\System\fushbyV.exe
  2⤵
  PID:13036
- C:\Windows\System\jhvBCMM.exe
  C:\Windows\System\jhvBCMM.exe
  2⤵
  PID:13052
- C:\Windows\System\fQQPfri.exe
  C:\Windows\System\fQQPfri.exe
  2⤵
  PID:13068
- C:\Windows\System\roIjeQu.exe
  C:\Windows\System\roIjeQu.exe
  2⤵
  PID:13088
- C:\Windows\System\ZwCHZlT.exe
  C:\Windows\System\ZwCHZlT.exe
  2⤵
  PID:13108
- C:\Windows\System\vXFQbFf.exe
  C:\Windows\System\vXFQbFf.exe
  2⤵
  PID:13128
- C:\Windows\System\BboVfgB.exe
  C:\Windows\System\BboVfgB.exe
  2⤵
  PID:13164
- C:\Windows\System\mOTaVqC.exe
  C:\Windows\System\mOTaVqC.exe
  2⤵
  PID:13208
- C:\Windows\System\QfQFGwN.exe
  C:\Windows\System\QfQFGwN.exe
  2⤵
  PID:13228
- C:\Windows\System\dvafrfD.exe
  C:\Windows\System\dvafrfD.exe
  2⤵
  PID:13252
- C:\Windows\System\BgEfGqN.exe
  C:\Windows\System\BgEfGqN.exe
  2⤵
  PID:13272
- C:\Windows\System\qnEVzQP.exe
  C:\Windows\System\qnEVzQP.exe
  2⤵
  PID:11760
- C:\Windows\System\gHcqFeW.exe
  C:\Windows\System\gHcqFeW.exe
  2⤵
  PID:12332
- C:\Windows\System\MuKOgsJ.exe
  C:\Windows\System\MuKOgsJ.exe
  2⤵
  PID:12404
- C:\Windows\System\WQDYeLQ.exe
  C:\Windows\System\WQDYeLQ.exe
  2⤵
  PID:12452
- C:\Windows\System\NhwnFAk.exe
  C:\Windows\System\NhwnFAk.exe
  2⤵
  PID:12520
- C:\Windows\System\xNUgCUw.exe
  C:\Windows\System\xNUgCUw.exe
  2⤵
  PID:12556
- C:\Windows\System\vSGMtAu.exe
  C:\Windows\System\vSGMtAu.exe
  2⤵
  PID:11612
- C:\Windows\System\eYfoxks.exe
  C:\Windows\System\eYfoxks.exe
  2⤵
  PID:12672
- C:\Windows\System\pRmbSSz.exe
  C:\Windows\System\pRmbSSz.exe
  2⤵
  PID:12736
- C:\Windows\System\tWGBQcO.exe
  C:\Windows\System\tWGBQcO.exe
  2⤵
  PID:12868
- C:\Windows\System\vwmVGdb.exe
  C:\Windows\System\vwmVGdb.exe
  2⤵
  PID:12960
- C:\Windows\System\vubyqhm.exe
  C:\Windows\System\vubyqhm.exe
  2⤵
  PID:12996
- C:\Windows\System\pjRZLxU.exe
  C:\Windows\System\pjRZLxU.exe
  2⤵
  PID:13048
- C:\Windows\System\yFtbQWV.exe
  C:\Windows\System\yFtbQWV.exe
  2⤵
  PID:13124
- C:\Windows\System\IrsUuFo.exe
  C:\Windows\System\IrsUuFo.exe
  2⤵
  PID:13196
- C:\Windows\System\nvNhfwU.exe
  C:\Windows\System\nvNhfwU.exe
  2⤵
  PID:13296
- C:\Windows\System\DpYjjuo.exe
  C:\Windows\System\DpYjjuo.exe
  2⤵
  PID:13236
- C:\Windows\System\FucyJtz.exe
  C:\Windows\System\FucyJtz.exe
  2⤵
  PID:12436
- C:\Windows\System\wrnPShu.exe
  C:\Windows\System\wrnPShu.exe
  2⤵
  PID:12608
- C:\Windows\System\KTOKiYi.exe
  C:\Windows\System\KTOKiYi.exe
  2⤵
  PID:12760
- C:\Windows\System\xUOoays.exe
  C:\Windows\System\xUOoays.exe
  2⤵
  PID:12944
- C:\Windows\System\nWsemyi.exe
  C:\Windows\System\nWsemyi.exe
  2⤵
  PID:12924
- C:\Windows\System\ZlkFQmC.exe
  C:\Windows\System\ZlkFQmC.exe
  2⤵
  PID:13180
- C:\Windows\System\xaKcURh.exe
  C:\Windows\System\xaKcURh.exe
  2⤵
  PID:13260
- C:\Windows\System\gkLRkSK.exe
  C:\Windows\System\gkLRkSK.exe
  2⤵
  PID:11396
- C:\Windows\System\OWGbmpx.exe
  C:\Windows\System\OWGbmpx.exe
  2⤵
  PID:12772
- C:\Windows\System\dkIRFOF.exe
  C:\Windows\System\dkIRFOF.exe
  2⤵
  PID:13320
- C:\Windows\System\UwzYgMG.exe
  C:\Windows\System\UwzYgMG.exe
  2⤵
  PID:13356
- C:\Windows\System\coVToUD.exe
  C:\Windows\System\coVToUD.exe
  2⤵
  PID:13380
- C:\Windows\System\uWjlpeQ.exe
  C:\Windows\System\uWjlpeQ.exe
  2⤵
  PID:13416
- C:\Windows\System\chwIyEr.exe
  C:\Windows\System\chwIyEr.exe
  2⤵
  PID:13440
- C:\Windows\System\nOvVGkJ.exe
  C:\Windows\System\nOvVGkJ.exe
  2⤵
  PID:13456
- C:\Windows\System\lhvTHbM.exe
  C:\Windows\System\lhvTHbM.exe
  2⤵
  PID:13480
- C:\Windows\System\xoXvTvn.exe
  C:\Windows\System\xoXvTvn.exe
  2⤵
  PID:13500
- C:\Windows\System\NwcRfRB.exe
  C:\Windows\System\NwcRfRB.exe
  2⤵
  PID:13544
- C:\Windows\System\RvemADn.exe
  C:\Windows\System\RvemADn.exe
  2⤵
  PID:13576
- C:\Windows\System\YRUUXCX.exe
  C:\Windows\System\YRUUXCX.exe
  2⤵
  PID:13632
- C:\Windows\System\mVuRfIF.exe
  C:\Windows\System\mVuRfIF.exe
  2⤵
  PID:13672
- C:\Windows\System\RwFifvg.exe
  C:\Windows\System\RwFifvg.exe
  2⤵
  PID:13688
- C:\Windows\System\YPITnju.exe
  C:\Windows\System\YPITnju.exe
  2⤵
  PID:13736
- C:\Windows\System\FlCidYD.exe
  C:\Windows\System\FlCidYD.exe
  2⤵
  PID:13752
- C:\Windows\System\pSQgZjc.exe
  C:\Windows\System\pSQgZjc.exe
  2⤵
  PID:13780
- C:\Windows\System\ASxuZuf.exe
  C:\Windows\System\ASxuZuf.exe
  2⤵
  PID:13796
- C:\Windows\System\fXuHNxe.exe
  C:\Windows\System\fXuHNxe.exe
  2⤵
  PID:13824
- C:\Windows\System\OmxiljT.exe
  C:\Windows\System\OmxiljT.exe
  2⤵
  PID:13856
- C:\Windows\System\SMGcbBC.exe
  C:\Windows\System\SMGcbBC.exe
  2⤵
  PID:13908
- C:\Windows\System\kcKvsXb.exe
  C:\Windows\System\kcKvsXb.exe
  2⤵
  PID:13944
- C:\Windows\System\FVEfYyL.exe
  C:\Windows\System\FVEfYyL.exe
  2⤵
  PID:13972
- C:\Windows\System\WtIFtHy.exe
  C:\Windows\System\WtIFtHy.exe
  2⤵
  PID:13996
- C:\Windows\System\ZiDAHuh.exe
  C:\Windows\System\ZiDAHuh.exe
  2⤵
  PID:14020
- C:\Windows\System\cuQCCAB.exe
  C:\Windows\System\cuQCCAB.exe
  2⤵
  PID:14044
- C:\Windows\System\NazOQlq.exe
  C:\Windows\System\NazOQlq.exe
  2⤵
  PID:14076
- C:\Windows\System\BdDGzhM.exe
  C:\Windows\System\BdDGzhM.exe
  2⤵
  PID:14096
- C:\Windows\System\cidPMaj.exe
  C:\Windows\System\cidPMaj.exe
  2⤵
  PID:14132
- C:\Windows\System\iPQlHdg.exe
  C:\Windows\System\iPQlHdg.exe
  2⤵
  PID:14164
- C:\Windows\System\YAoRHPG.exe
  C:\Windows\System\YAoRHPG.exe
  2⤵
  PID:14188
- C:\Windows\System\tMVqXUb.exe
  C:\Windows\System\tMVqXUb.exe
  2⤵
  PID:14204
- C:\Windows\System\UPRRHRO.exe
  C:\Windows\System\UPRRHRO.exe
  2⤵
  PID:14224
- C:\Windows\System\KBOBkmQ.exe
  C:\Windows\System\KBOBkmQ.exe
  2⤵
  PID:14244
- C:\Windows\System\HxdcSKa.exe
  C:\Windows\System\HxdcSKa.exe
  2⤵
  PID:14280
- C:\Windows\System\otqUXoF.exe
  C:\Windows\System\otqUXoF.exe
  2⤵
  PID:14324
- C:\Windows\System\bcOpOxf.exe
  C:\Windows\System\bcOpOxf.exe
  2⤵
  PID:12864
- C:\Windows\System\BaxzSJb.exe
  C:\Windows\System\BaxzSJb.exe
  2⤵
  PID:13316
- C:\Windows\System\fwDbWnI.exe
  C:\Windows\System\fwDbWnI.exe
  2⤵
  PID:13452
- C:\Windows\System\MNpeGgg.exe
  C:\Windows\System\MNpeGgg.exe
  2⤵
  PID:12396
- C:\Windows\System\iUnhIQQ.exe
  C:\Windows\System\iUnhIQQ.exe
  2⤵
  PID:13496
- C:\Windows\System\nQdoDRj.exe
  C:\Windows\System\nQdoDRj.exe
  2⤵
  PID:13572
- C:\Windows\System\NYORQyC.exe
  C:\Windows\System\NYORQyC.exe
  2⤵
  PID:13620
- C:\Windows\System\uXgAnoA.exe
  C:\Windows\System\uXgAnoA.exe
  2⤵
  PID:13608
- C:\Windows\System\mpCMagY.exe
  C:\Windows\System\mpCMagY.exe
  2⤵
  PID:13680
- C:\Windows\System\DYZadlu.exe
  C:\Windows\System\DYZadlu.exe
  2⤵
  PID:13728
- C:\Windows\System\MFMjtpY.exe
  C:\Windows\System\MFMjtpY.exe
  2⤵
  PID:13748
- C:\Windows\System\GWqjigi.exe
  C:\Windows\System\GWqjigi.exe
  2⤵
  PID:13932
- C:\Windows\System\kYyFlcZ.exe
  C:\Windows\System\kYyFlcZ.exe
  2⤵
  PID:14060
- C:\Windows\System\zRoTUxQ.exe
  C:\Windows\System\zRoTUxQ.exe
  2⤵
  PID:14072
- C:\Windows\System\RLBKkZS.exe
  C:\Windows\System\RLBKkZS.exe
  2⤵
  PID:14128

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BJYBSyz.exe

Filesize
1.2MB

MD5
303b609b6f11dfcd6e7160059c3221c4

SHA1
25b052e5993a4f89b7f526d78c6d04303df9c3df

SHA256
9b03b07211d553b7df30c0d5ff29c542bfd9a3eb9e08faba5e291f295699f8f2

SHA512
12d5684b74048077a8252bd7b9635f08eaf5b7c96593a93493e3ac2d82a6648c150d82ab9178b60dd6841766f6ed90a3453c7bad496d017a046f77eeda828126

Download Submit
C:\Windows\System\DOWlXhB.exe

Filesize
1.2MB

MD5
3c853cb5081be528b16defa2b0e901a6

SHA1
d979000a77a570ec80ec04ce1b291c1aa7224a76

SHA256
1832aa6c84b0b6a24a40ac0c36fa36d96ee86883364e3a71678d17cbee9c398a

SHA512
b2e105d7b2142956d183cf27a5b17a8390dd55b149f32f494678f3c5b5eb6eb0f0aec87b63287ee6e4b036f5aa9a5bf55e66edf993372c9d9e06374bd54ff492

Download Submit
C:\Windows\System\EaNKAYn.exe

Filesize
1.2MB

MD5
bd287ee030e3ac743db4a66365c1789e

SHA1
7f08fc3bb46d10df53791796788dda85b0ebdcd0

SHA256
d81766b02ccda48379543cc103f5d80ca958b4e190621f25179b37910b8add25

SHA512
6adef6b065d8c0b7b6da6fed7eda7aa03f3d334d15fef39749dd5cc9f59ea6e42fc2c2937f525a71a0ab3f50bec27045e8acb1705ead79bcd9bfe12b6979e397

Download Submit
C:\Windows\System\FbyYIlt.exe

Filesize
1.2MB

MD5
8f9800eda28958e79d30421f3e85e43e

SHA1
0b69d7afb7de0b332064917897a24645afcbe24a

SHA256
4a002221bc0252774ab4ddda9c583c7ec037a5266e911d387e92e020d8382c23

SHA512
071c023770472c674e498c1b5f8e867c3c1b3743448b86775816bf8c15c3f94e6c11050b423947a2771d59a6f9f9c0b083dba06b2cbebea886c6a39e0020663e

Download Submit
C:\Windows\System\FnGwnPN.exe

Filesize
1.2MB

MD5
c1cbd77a86b1d8d2b2cae1355f3ed066

SHA1
9f77d78c79c543a35ae015716a269db6615c5e01

SHA256
a194ea8a32b00d4be63cf0f100c73bc20f71ec5a3bd7268d4a0a6e3111d388d4

SHA512
3ad7f68b260a85964f6c9e017d86bdf1a7b67eba54ab1d9888dc466ac8b3f06df6664b52a68add0ea5f8bd65346a407b7de65cde30bd0b77b335d820ba76f94b

Download Submit
C:\Windows\System\HOsrywj.exe

Filesize
1.2MB

MD5
8fd74696b2e63a303d075ed00a205d16

SHA1
b693a863524f192de30d223b3e5369875207bc96

SHA256
6c650714143474dac71262aee4afa08089ab03b1435c395ba5e78b29d6a13b55

SHA512
018fc63d3e4a36839a48facf4490f79c0029df44e119c930a57677cfe7aa86fd4e5d184d5540d2e31da7a9569b80945d96577a86da5fc33fb9207e7f4948b93a

Download Submit
C:\Windows\System\IdCreUx.exe

Filesize
1.2MB

MD5
a3623a9e37e7ca1416291cbc3abf31f8

SHA1
97e5cbe70bba8f824f8c4947e8a64e1bec820822

SHA256
d97788f268ddc40d2dc0ec4e43436d8be2a160d6ddc0fa7fdd437ab9b683432b

SHA512
76b3549e22a605493194928377629856839cab0b779af15d462b066bd8b9809b459be84e11b6f4102bcfdae3fd83fa3ca78928cff00f9414230827e783db386a

Download Submit
C:\Windows\System\JHTOkcT.exe

Filesize
1.2MB

MD5
b171fbb0f8e2c0bc391dc020a83cfecc

SHA1
c56c4bce9cd6e1671cfdd33e5bab0590dc364a94

SHA256
cedf3b5e1e6d39e7cd35525c3fa14fa1aa134b80f3b5f8abc0b48fe0ec1c0036

SHA512
49cfd463a1ed2bc3e0971933319c97896b23889fe6d817b702f2b8f6c8dbf56695cf680ca7fa215c0bc2b1a7148f3bf59e4565b7b1f0d24bba5acb8063538e34

Download Submit
C:\Windows\System\KerTRnT.exe

Filesize
1.2MB

MD5
fda3965a89da883ffc68e787dcd50dbf

SHA1
8eec7045937a72281559acf90954d22cdf0abd9c

SHA256
7d42a2f8ce9c5405e626dea33323461e0599edcfb910fa5e57a8cd1cfc2e113d

SHA512
c493c465e14d71f7180d19a62fc345b7f0ff5ea67d2bed6b609179265a55a32cdd96c1d8aba0bfbb0ad98c1d5d07a86e657a8aae83781af11293dcdb85d76c05

Download Submit
C:\Windows\System\MMAwcIJ.exe

Filesize
1.2MB

MD5
1f428aad4385f93bd76e7f1bf43fade4

SHA1
052c6ee537df42da0e33527f2e2ea880a726e3aa

SHA256
973ce9c003034bcc6cf47e672acc19f8a0a4c32e73431761b6393239c19bba3f

SHA512
c74967fa7d5eaa77bacfbed4565f70389e9978f9b68177e485eb33ffb1bd0a46634d8afe31920030aff47d38a7344c4c77f1a52c8474de3fdc31595e07fd7b12

Download Submit
C:\Windows\System\MhPogcY.exe

Filesize
1.2MB

MD5
417f9befd339a98afe53895722d36007

SHA1
d2381a14de86c61fa6917434ff3331ad287d3ebc

SHA256
9bf0ad9e7095ce8797fc6e79a547f3e2e898ddd2943c422abdb8b6ae51ad4fc7

SHA512
b2adb254c563a7e1605e567e47209d9d0e193d9625d96586b7eae0f06138df099dfbba6e24a150ef74547c5e7d5f146a0b21f21fdb1d28420668ec3624d0666f

Download Submit
C:\Windows\System\QLLJNck.exe

Filesize
1.2MB

MD5
61376a2c7a596ab5cc497b977715533e

SHA1
5dde4900abd08e92d13c4457821a054020ca9ab6

SHA256
4fbd5aef877e2d60dbc9d52086a4e61f7f3807338ff2f56e718cfe722e6b1b1b

SHA512
432654b8f09e0d7602a372bb136f32248b7de8c3367c94f58bd91fae150a45d1cd72ac7c49e32ecdf022db602156ce649e19a5a95548ca3fdb45b9859fc6e20d

Download Submit
C:\Windows\System\QgtORGA.exe

Filesize
1.2MB

MD5
2f510783faee282ef1b384b2b95c5967

SHA1
0c01971f7b3b661d282b26d70b1e9cee65a6ff65

SHA256
415ea3820da8bd6b24f0ce744c3c924edc1887441f29875092807966d0e2e761

SHA512
a58ac1aec6903ccf9c0fe7aba8edb26194110b52ce5992ca4d3ef0dfc4d3d890f7acc39487552cdced29c6822765013306a6e4bc5c1dfe4238691ba924f31a54

Download Submit
C:\Windows\System\RqmTlzp.exe

Filesize
1.2MB

MD5
e1c317319f053200134830ba1fe0a3e6

SHA1
105980cf4a1095628eeb456bf4f4718d0a286b3d

SHA256
d9d3a149b35cb280451f0b13ad9d2e05189e73e50763fed129357b385610cfe8

SHA512
589c3ed5180cbb30be70be87d1188938b003eabf96f256be875929430854ee3e2f2c1798d1b05682ae3c49fd8d66d8f9c6db7fcfc8ea7d174341b8870cf2ee68

Download Submit
C:\Windows\System\SWPYLQF.exe

Filesize
1.2MB

MD5
53b6140d1fd7116dfe783315500a0f80

SHA1
6f2d0049d73fc2baaad304de9ba1299b6eb1392f

SHA256
770edb47ec0740f2232b3cc15ac41582656a0e4500c3bf7c14405f6aa1ca34d1

SHA512
5228a3c734e31b5c6dac37ed1596e5d883ca0faca76c69f857c889f5613da79507ae63dde2d40682a4bc806e268cc026e028159aacdf2fe7f82c9764c8ce6d50

Download Submit
C:\Windows\System\SYnFAWw.exe

Filesize
1.2MB

MD5
2db4f62133b5c6768949bbd92f6c0d69

SHA1
e83631a10775ab0ec5cb9a74186a2c402f1b1e95

SHA256
055990e8e40f56a57855524d1f0084aa556352614fbca15733b227ca1ad5da36

SHA512
1d0d86393aec63720922006fbb08aaf78841fe5e7b504aa27934246d0323ef1ca196f6e9e2bdbee76c5a1c26be6497b370e04a7efa37e9e001dd612280302d4c

Download Submit
C:\Windows\System\TXukJoA.exe

Filesize
1.2MB

MD5
6966a3039134a6db0df98272eb1975d1

SHA1
90ac3d11d415131a7679fd16bc82982da756bd41

SHA256
66f4fa610a80e395cfbdf7b3c2772592f4b2d896dee5277d3d84f3b8cd646d31

SHA512
ea776cf5b63ab0582bf7ce3348d995e4ab5b1ea5d5cd15517bfbaed07755b81f05a6fea20a9b676ad3090a0ed9155a7a6d55bf0df1c3940bc3a5f7d1036d825e

Download Submit
C:\Windows\System\VJVdzpw.exe

Filesize
1.2MB

MD5
5468794f0e897a09339e863a24ae6df9

SHA1
63a20a2623fc28b1eede107f52a8360f5cc07997

SHA256
a1f620f48a549aa9f9eed270f34acf7184b5a8ec0860302a8fadef9a990cefb3

SHA512
cb662f4b8bdff5962d25a2b33a432ee627072a3b317c51f6a11d0cb0569f684f715815474b4c34b0bb39fe895969e04da3258302f4fc590695095c9605bf06f4

Download Submit
C:\Windows\System\WBSeqQO.exe

Filesize
1.2MB

MD5
6608635c188132c1e60dfd7379affe5f

SHA1
541d7b90fce13f385919027f6bf0a2e58f07180e

SHA256
da6b606491d594adb096992c838e436baff388be56749f7ca7fb1d0fc760d792

SHA512
7bbd378f42376c1daa0664299e46b8c10d7bd3111ca2b8bfdd7231e9461be50b99aa8afc669accc9a5d2a7c2199eba7f68c931a83b6721f449a3c318ce034aa8

Download Submit
C:\Windows\System\XRSYzev.exe

Filesize
1.2MB

MD5
3b6d1953530573669977c91b688f5c83

SHA1
32b495db1b47b780bb1cb5e814d3e1700a03737e

SHA256
c876cc1d6f1bf0a479f53d2e215e89c04c745394a868da1e74c660735c6dc9cf

SHA512
93b674dd73ebe71a6143e2600ca96d609cdbd56a9931bfca2a401b6b722f59d5c60882ce1c7944d1c829108f0db6cfa6c4c14f00e821471df42e0a51fbb957e1

Download Submit
C:\Windows\System\cafIEEl.exe

Filesize
1.2MB

MD5
db10c814682cd8c000054faada34fbe1

SHA1
9cd10b80af794e6044133e7a929994b24c419187

SHA256
953b21abcc0d8543460a4404aba5af20ddb23a7756830f6377fe30f0908e6ee9

SHA512
c1f927f4d2062764086fd728227cd49b8a3e82f6ffff0e7ce4c7517b2282667d228e7152e825a0f74ddf738e2b5377885d18aed7bf038dd4e619440d8a7cf7a0

Download Submit
C:\Windows\System\cxupncQ.exe

Filesize
1.2MB

MD5
05328176ea2cf5b25a64eb6fd764db35

SHA1
753d0ecf63924f280c27b952cddec84544673df5

SHA256
9ed3a6ee31d7fda91e6d355ff1deac2e290220818c1e12529eb7d1ddcc55e7f0

SHA512
c164015d5e700a0641d9402684cd2c7493c2523448d1a5efdc0e025c66b29a3ef96f48706bedd74d48ac2fff5b7215d03e088b8f914da6691a956789296e326e

Download Submit
C:\Windows\System\eRmILVD.exe

Filesize
1.2MB

MD5
5557c8d676a5df30982685aacdc92660

SHA1
55877d6418a9baaf0f50333a2dfdbb3d03d769d3

SHA256
94a9123826ca04ebb3fc83c392081b3195055ce6db38c48a0251b94dd4ca9a46

SHA512
545b61522c86d5cc57caec229944fc1c44d1573be7598730f4efb03cbe19d0dcd0362d190fe4ef8d7ca6453a8ee66bf0c404da460fe467ee7d82c78adcfc2c23

Download Submit
C:\Windows\System\ewFEtSD.exe

Filesize
1.2MB

MD5
fa75b22a5e717b899df5768a90cc752c

SHA1
3be1a8be452beddd6898715032b69b6500936864

SHA256
7141ac6c467f1fcf900747b84df386a2e6528a67c7e0b36e95cb925c22bc231d

SHA512
51cde8cac637ddf72ce4f5f7ef91b35b3cc86748c707285b5c8d9ad42b2cc97883d8882c0b0258e522a292a468eb6b2b4b243ec0d93b6c2784df860a76fb7e37

Download Submit
C:\Windows\System\gSxcXoM.exe

Filesize
1.2MB

MD5
f04cfed09efb871ca133a7bf2a3c4d94

SHA1
9a53e8c0d0a690743eeae23f1be7f397b1f5b01f

SHA256
2c27ee4722c6ce8b1dad4380dae1bdd6e00b342dfd7f8845dd383ef2265405e3

SHA512
b5a587a0cf99432efbce96739460abc6670b2d2dc813defd31ccc40cf7a47c398564c84fbb9dc07a1edf3224cbc57bfd022f69129c32a42d5b12f24dae9194bb

Download Submit
C:\Windows\System\iddPfYy.exe

Filesize
1.2MB

MD5
a837cb5360c342223935d0c30b1cfb09

SHA1
357274b5a25f7cae43193acad5e2489951c70477

SHA256
1a87348d067f500c396ff66773ced0eb37e350b612a9f3e60a08c2e601d78b29

SHA512
9f55095c2101d63021f507e29d67f54e3f157480d10cc5c4765d47e8102442e35cec7895d2efbfa6b532db3df6aa826310cdeede428b1b968a9c47636c93e51c

Download Submit
C:\Windows\System\lLPxhtg.exe

Filesize
1.2MB

MD5
959f5172ae4b89fae7079c181fedc8ca

SHA1
226e92f74b67da2b0b50cb7a2caf8953437ce039

SHA256
63a82093d61208819f2ff4b460aa0fbb2829db0d733ed255555f3b688525baa4

SHA512
2e059037465805b3904f04766eef980321d5b01d67d76a30afc60ee61b5e831ca0e4405560c20a079c2d1e22ae07eaf9e21c2b08b72bcefb0218239f2e5f2823

Download Submit
C:\Windows\System\mHBdcDy.exe

Filesize
1.2MB

MD5
4ab4a0239d760e1dd8b7312ea9a9bf2a

SHA1
17d49f5d1422f2a9cf88f1bbff38422e38bf5d23

SHA256
a23632a6404cedfe4a4207ed04301f32d81ccec7a2033464fc862e5bbcf64477

SHA512
5474bed7634bf203a506a47fdc7bf878e94fe71cdb2526caff26e2b801376530144ec76d9ae2b99ac034e745198d732b24ea56ff702197758ec5159a6b34a521

Download Submit
C:\Windows\System\nNaEpsB.exe

Filesize
1.2MB

MD5
0191f365cada26ef30dbf43cd243ef9e

SHA1
c6cebfce1998cb8c91f21f26276f74d25924bdca

SHA256
2f40185c7c7a8dfb8815fc3aa8f179ded00b15b23c8a7a43ef077235074d26f6

SHA512
1018c0c9b7df298465ce4f07dd0a37b101fb35cace68a0413bb8717a282fee6686a38ed0d6a2a764b57ec964d3977c2ebc92beed9bd08072c6ec5df3fcb6c323

Download Submit
C:\Windows\System\vQFBXkg.exe

Filesize
1.2MB

MD5
3a29f6dd3bf5a0eb992df953e8f52c6a

SHA1
ce5d5dc4383f7d996c507d88b561c56befe11a6b

SHA256
a79b7488937fa3b5ee5c2dbfc35e061a72f83b60ce4b3eeca8088fb89761c759

SHA512
6c70075d765ef5a774bd996dca2ad80bc01251b0bd1e93b18243f6d3f99d26ca68ae27614d9147af667f7ea3af2ed79aec9ca53b4eccd461a5452cf780f8e996

Download Submit
C:\Windows\System\vslysFm.exe

Filesize
1.2MB

MD5
6597b71209c720d2cde18c541484e245

SHA1
ead786b0f893f96731567238f8d8d1ae8e68d308

SHA256
6b3713af0e3f84f0dff827b737d07aa74b288a89dfdd99c12c091305739a7c15

SHA512
183ed388c2d39b1fab974aa374701b78b029fde4baf991699d8a909afb341ffac69195ff1c0755395ce12a9d119c612d53896c35d6a7e2a00d3639872683c90a

Download Submit
C:\Windows\System\xWQCfga.exe

Filesize
1.2MB

MD5
d683624764cf699e534c1a01b35ae957

SHA1
97326804c601a2ef7562c3d47dfbb8340dc855e6

SHA256
ed6f41654337a09870982fd3334c5c07b6bb66ab518e69b6683ad4c214d3573b

SHA512
9e55c0295479ec4e3dccf6e3ca5f6546930cc793c860bd5e2f78b3578311191342b402af7e1712cf7ce1a2bb52eb5ddc75152fb9f5d49c84ae7a4cc3ac2f2997

Download Submit
C:\Windows\System\xtqfVcF.exe

Filesize
1.2MB

MD5
2cc5e7fdefa1bf91aa048c2627671641

SHA1
7c02a8c2001059f6e89744d02b068a517ba6eae0

SHA256
0dc888d9fac17a25457c0706c302e1cd5582ff7a23f4785c3729515a9f4ce15c

SHA512
13c0941311edbe2d5f0b65c94f5ec600c3454488ab376fa436aa62de5f2e00904f74fb67bf460a9b2b8e4992f9a0bd251c3938a5170b5a6489273d2d01504359

Download Submit
memory/1176-0-0x00007FF77C010000-0x00007FF77C361000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2012-0x00007FF77C010000-0x00007FF77C361000-memory.dmp

Filesize
3.3MB

Download
memory/1176-1-0x00000221599B0000-0x00000221599C0000-memory.dmp

Filesize
64KB

Download
memory/1216-2261-0x00007FF7D85C0000-0x00007FF7D8911000-memory.dmp

Filesize
3.3MB

Download
memory/1216-46-0x00007FF7D85C0000-0x00007FF7D8911000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2263-0x00007FF687650000-0x00007FF6879A1000-memory.dmp

Filesize
3.3MB

Download
memory/1708-400-0x00007FF687650000-0x00007FF6879A1000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2311-0x00007FF72D490000-0x00007FF72D7E1000-memory.dmp

Filesize
3.3MB

Download
memory/1976-483-0x00007FF72D490000-0x00007FF72D7E1000-memory.dmp

Filesize
3.3MB

Download
memory/2012-441-0x00007FF78B3D0000-0x00007FF78B721000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2283-0x00007FF78B3D0000-0x00007FF78B721000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2289-0x00007FF7FEBB0000-0x00007FF7FEF01000-memory.dmp

Filesize
3.3MB

Download
memory/2152-462-0x00007FF7FEBB0000-0x00007FF7FEF01000-memory.dmp

Filesize
3.3MB

Download
memory/2320-2269-0x00007FF6B5E10000-0x00007FF6B6161000-memory.dmp

Filesize
3.3MB

Download
memory/2320-63-0x00007FF6B5E10000-0x00007FF6B6161000-memory.dmp

Filesize
3.3MB

Download
memory/2320-2230-0x00007FF6B5E10000-0x00007FF6B6161000-memory.dmp

Filesize
3.3MB

Download
memory/2452-2295-0x00007FF7D6400000-0x00007FF7D6751000-memory.dmp

Filesize
3.3MB

Download
memory/2452-456-0x00007FF7D6400000-0x00007FF7D6751000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2271-0x00007FF7AE240000-0x00007FF7AE591000-memory.dmp

Filesize
3.3MB

Download
memory/2524-405-0x00007FF7AE240000-0x00007FF7AE591000-memory.dmp

Filesize
3.3MB

Download
memory/2612-427-0x00007FF7A8070000-0x00007FF7A83C1000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2281-0x00007FF7A8070000-0x00007FF7A83C1000-memory.dmp

Filesize
3.3MB

Download
memory/2660-435-0x00007FF6D8EF0000-0x00007FF6D9241000-memory.dmp

Filesize
3.3MB

Download
memory/2660-2286-0x00007FF6D8EF0000-0x00007FF6D9241000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2258-0x00007FF749030000-0x00007FF749381000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2194-0x00007FF749030000-0x00007FF749381000-memory.dmp

Filesize
3.3MB

Download
memory/2756-34-0x00007FF749030000-0x00007FF749381000-memory.dmp

Filesize
3.3MB

Download
memory/2792-501-0x00007FF7561E0000-0x00007FF756531000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2305-0x00007FF7561E0000-0x00007FF756531000-memory.dmp

Filesize
3.3MB

Download
memory/2820-45-0x00007FF73BC90000-0x00007FF73BFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2208-0x00007FF73BC90000-0x00007FF73BFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2259-0x00007FF73BC90000-0x00007FF73BFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2251-0x00007FF619240000-0x00007FF619591000-memory.dmp

Filesize
3.3MB

Download
memory/2984-18-0x00007FF619240000-0x00007FF619591000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2291-0x00007FF784D40000-0x00007FF785091000-memory.dmp

Filesize
3.3MB

Download
memory/3068-495-0x00007FF784D40000-0x00007FF785091000-memory.dmp

Filesize
3.3MB

Download
memory/3140-2308-0x00007FF763FE0000-0x00007FF764331000-memory.dmp

Filesize
3.3MB

Download
memory/3140-498-0x00007FF763FE0000-0x00007FF764331000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2299-0x00007FF6FCC00000-0x00007FF6FCF51000-memory.dmp

Filesize
3.3MB

Download
memory/3176-447-0x00007FF6FCC00000-0x00007FF6FCF51000-memory.dmp

Filesize
3.3MB

Download
memory/3208-453-0x00007FF6E94E0000-0x00007FF6E9831000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2297-0x00007FF6E94E0000-0x00007FF6E9831000-memory.dmp

Filesize
3.3MB

Download
memory/3428-2256-0x00007FF6112A0000-0x00007FF6115F1000-memory.dmp

Filesize
3.3MB

Download
memory/3428-58-0x00007FF6112A0000-0x00007FF6115F1000-memory.dmp

Filesize
3.3MB

Download
memory/3452-403-0x00007FF747240000-0x00007FF747591000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2277-0x00007FF747240000-0x00007FF747591000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2229-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp

Filesize
3.3MB

Download
memory/3572-49-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2265-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2279-0x00007FF7994B0000-0x00007FF799801000-memory.dmp

Filesize
3.3MB

Download
memory/3928-414-0x00007FF7994B0000-0x00007FF799801000-memory.dmp

Filesize
3.3MB

Download
memory/3944-436-0x00007FF782340000-0x00007FF782691000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2287-0x00007FF782340000-0x00007FF782691000-memory.dmp

Filesize
3.3MB

Download
memory/4088-404-0x00007FF64EB80000-0x00007FF64EED1000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2275-0x00007FF64EB80000-0x00007FF64EED1000-memory.dmp

Filesize
3.3MB

Download
memory/4148-477-0x00007FF6E9FE0000-0x00007FF6EA331000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2313-0x00007FF6E9FE0000-0x00007FF6EA331000-memory.dmp

Filesize
3.3MB

Download
memory/4164-6-0x00007FF7165E0000-0x00007FF716931000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2193-0x00007FF7165E0000-0x00007FF716931000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2249-0x00007FF7165E0000-0x00007FF716931000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2273-0x00007FF7553A0000-0x00007FF7556F1000-memory.dmp

Filesize
3.3MB

Download
memory/4336-402-0x00007FF7553A0000-0x00007FF7556F1000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2207-0x00007FF6E6DC0000-0x00007FF6E7111000-memory.dmp

Filesize
3.3MB

Download
memory/4496-27-0x00007FF6E6DC0000-0x00007FF6E7111000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2253-0x00007FF6E6DC0000-0x00007FF6E7111000-memory.dmp

Filesize
3.3MB

Download
memory/4532-504-0x00007FF7CD8E0000-0x00007FF7CDC31000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2267-0x00007FF7CD8E0000-0x00007FF7CDC31000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads