xmrig | 2b3b4f33d5d98bc4bb2360401b2cfd8f83c21ab7c01044c182f6a4090d03463d

Analysis

max time kernel
102s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

883cc1456f89d62128a67708fe1f77c0N.exe
Size

1.6MB
MD5

883cc1456f89d62128a67708fe1f77c0
SHA1

87dc00a7fe2329c1e7c3ef5b2457539a79b6ffcf
SHA256

2b3b4f33d5d98bc4bb2360401b2cfd8f83c21ab7c01044c182f6a4090d03463d
SHA512

fd8296d8e44ad8018fa7ea93e89ce2ca92107de3342ad62286d7c162bbb6073d2de22620a98231bbf4bfe4123eff47cda383f5b813539df80b3e35cd39980c6c
SSDEEP

24576:RVIl/WDGCi7/qkat6OBC6y90Xli7V3kPitbcj6unLDx8BBx2VXh5JkZuE4ysZt4O:ROdWCCi7/ra7K9NcHQ+rQzaMe

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/1712-63-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp	xmrig
behavioral2/memory/1352-72-0x00007FF679D80000-0x00007FF67A0D1000-memory.dmp	xmrig
behavioral2/memory/1616-392-0x00007FF775CB0000-0x00007FF776001000-memory.dmp	xmrig
behavioral2/memory/4260-393-0x00007FF7F48B0000-0x00007FF7F4C01000-memory.dmp	xmrig
behavioral2/memory/2480-394-0x00007FF7AF7B0000-0x00007FF7AFB01000-memory.dmp	xmrig
behavioral2/memory/3944-395-0x00007FF76F330000-0x00007FF76F681000-memory.dmp	xmrig
behavioral2/memory/4396-396-0x00007FF6133B0000-0x00007FF613701000-memory.dmp	xmrig
behavioral2/memory/4800-397-0x00007FF6A1420000-0x00007FF6A1771000-memory.dmp	xmrig
behavioral2/memory/4808-398-0x00007FF72A3A0000-0x00007FF72A6F1000-memory.dmp	xmrig
behavioral2/memory/876-399-0x00007FF69F970000-0x00007FF69FCC1000-memory.dmp	xmrig
behavioral2/memory/4040-400-0x00007FF6FA3E0000-0x00007FF6FA731000-memory.dmp	xmrig
behavioral2/memory/4092-411-0x00007FF6CE8A0000-0x00007FF6CEBF1000-memory.dmp	xmrig
behavioral2/memory/2432-415-0x00007FF6B9E00000-0x00007FF6BA151000-memory.dmp	xmrig
behavioral2/memory/464-447-0x00007FF77DE60000-0x00007FF77E1B1000-memory.dmp	xmrig
behavioral2/memory/936-443-0x00007FF622000000-0x00007FF622351000-memory.dmp	xmrig
behavioral2/memory/4356-442-0x00007FF75C890000-0x00007FF75CBE1000-memory.dmp	xmrig
behavioral2/memory/2868-431-0x00007FF698200000-0x00007FF698551000-memory.dmp	xmrig
behavioral2/memory/4248-423-0x00007FF7D3340000-0x00007FF7D3691000-memory.dmp	xmrig
behavioral2/memory/1368-417-0x00007FF7C0860000-0x00007FF7C0BB1000-memory.dmp	xmrig
behavioral2/memory/3164-410-0x00007FF7691F0000-0x00007FF769541000-memory.dmp	xmrig
behavioral2/memory/3040-77-0x00007FF7CD9F0000-0x00007FF7CDD41000-memory.dmp	xmrig
behavioral2/memory/2720-68-0x00007FF62D7A0000-0x00007FF62DAF1000-memory.dmp	xmrig
behavioral2/memory/1128-59-0x00007FF7AE850000-0x00007FF7AEBA1000-memory.dmp	xmrig
behavioral2/memory/3176-58-0x00007FF750350000-0x00007FF7506A1000-memory.dmp	xmrig
behavioral2/memory/4344-2151-0x00007FF701BC0000-0x00007FF701F11000-memory.dmp	xmrig
behavioral2/memory/4060-2152-0x00007FF678620000-0x00007FF678971000-memory.dmp	xmrig
behavioral2/memory/1424-2153-0x00007FF7B5470000-0x00007FF7B57C1000-memory.dmp	xmrig
behavioral2/memory/4184-2154-0x00007FF7D3E60000-0x00007FF7D41B1000-memory.dmp	xmrig
behavioral2/memory/3444-2155-0x00007FF6F6D70000-0x00007FF6F70C1000-memory.dmp	xmrig
behavioral2/memory/3176-2188-0x00007FF750350000-0x00007FF7506A1000-memory.dmp	xmrig
behavioral2/memory/4060-2194-0x00007FF678620000-0x00007FF678971000-memory.dmp	xmrig
behavioral2/memory/4840-2196-0x00007FF756780000-0x00007FF756AD1000-memory.dmp	xmrig
behavioral2/memory/1128-2198-0x00007FF7AE850000-0x00007FF7AEBA1000-memory.dmp	xmrig
behavioral2/memory/1424-2200-0x00007FF7B5470000-0x00007FF7B57C1000-memory.dmp	xmrig
behavioral2/memory/4184-2204-0x00007FF7D3E60000-0x00007FF7D41B1000-memory.dmp	xmrig
behavioral2/memory/1712-2202-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp	xmrig
behavioral2/memory/3444-2207-0x00007FF6F6D70000-0x00007FF6F70C1000-memory.dmp	xmrig
behavioral2/memory/2720-2208-0x00007FF62D7A0000-0x00007FF62DAF1000-memory.dmp	xmrig
behavioral2/memory/3176-2210-0x00007FF750350000-0x00007FF7506A1000-memory.dmp	xmrig
behavioral2/memory/3040-2214-0x00007FF7CD9F0000-0x00007FF7CDD41000-memory.dmp	xmrig
behavioral2/memory/1352-2212-0x00007FF679D80000-0x00007FF67A0D1000-memory.dmp	xmrig
behavioral2/memory/1616-2216-0x00007FF775CB0000-0x00007FF776001000-memory.dmp	xmrig
behavioral2/memory/3944-2222-0x00007FF76F330000-0x00007FF76F681000-memory.dmp	xmrig
behavioral2/memory/2480-2224-0x00007FF7AF7B0000-0x00007FF7AFB01000-memory.dmp	xmrig
behavioral2/memory/4260-2220-0x00007FF7F48B0000-0x00007FF7F4C01000-memory.dmp	xmrig
behavioral2/memory/464-2218-0x00007FF77DE60000-0x00007FF77E1B1000-memory.dmp	xmrig
behavioral2/memory/876-2228-0x00007FF69F970000-0x00007FF69FCC1000-memory.dmp	xmrig
behavioral2/memory/4040-2246-0x00007FF6FA3E0000-0x00007FF6FA731000-memory.dmp	xmrig
behavioral2/memory/4092-2242-0x00007FF6CE8A0000-0x00007FF6CEBF1000-memory.dmp	xmrig
behavioral2/memory/4356-2248-0x00007FF75C890000-0x00007FF75CBE1000-memory.dmp	xmrig
behavioral2/memory/936-2250-0x00007FF622000000-0x00007FF622351000-memory.dmp	xmrig
behavioral2/memory/4808-2240-0x00007FF72A3A0000-0x00007FF72A6F1000-memory.dmp	xmrig
behavioral2/memory/4800-2238-0x00007FF6A1420000-0x00007FF6A1771000-memory.dmp	xmrig
behavioral2/memory/1368-2236-0x00007FF7C0860000-0x00007FF7C0BB1000-memory.dmp	xmrig
behavioral2/memory/2432-2234-0x00007FF6B9E00000-0x00007FF6BA151000-memory.dmp	xmrig
behavioral2/memory/4248-2232-0x00007FF7D3340000-0x00007FF7D3691000-memory.dmp	xmrig
behavioral2/memory/2868-2230-0x00007FF698200000-0x00007FF698551000-memory.dmp	xmrig
behavioral2/memory/3164-2244-0x00007FF7691F0000-0x00007FF769541000-memory.dmp	xmrig
behavioral2/memory/4396-2226-0x00007FF6133B0000-0x00007FF613701000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4840	tJolTxO.exe
4060	hymmTju.exe
1128	uqZjNMC.exe
1424	GSBkvfz.exe
1712	RTxWpmF.exe
4184	jAyAthA.exe
2720	dqZWFQt.exe
3444	mOypEBB.exe
3176	kSSyxeU.exe
1352	JTHjKsR.exe
3040	ymEFnar.exe
1616	aIvOAMj.exe
464	PAmVbIi.exe
4260	fXevNUR.exe
2480	cpOURKx.exe
3944	ejaIyyY.exe
4396	MBweVbz.exe
4800	sYnLAFX.exe
4808	eJhdKGS.exe
876	xgtPlQD.exe
4040	GuIbhOe.exe
3164	DJaELvu.exe
4092	uFxOosU.exe
2432	ZhfpqEx.exe
1368	hrruLkA.exe
4248	btegFPI.exe
2868	WZUkEqj.exe
4356	sodrEjq.exe
936	axXhIyk.exe
376	rVGpjUr.exe
3232	CNCARpG.exe
4004	NKPeVrN.exe
1744	vTNaPAv.exe
1984	DxRvQtQ.exe
4496	ZiDWekD.exe
5000	dCawddl.exe
5040	kTFHBms.exe
2964	jhwfgNd.exe
888	PtdCfNE.exe
1644	MQerUhP.exe
4404	IsRwbHW.exe
5032	MAvAquS.exe
1692	sjLtkwW.exe
2640	JpEggiR.exe
812	xWUkuKv.exe
1604	FQfYnkM.exe
3152	QTwOmKj.exe
832	JXpdQNO.exe
4304	WVkBINP.exe
1360	YSBclsZ.exe
2796	NtgGVCD.exe
4156	NZtWeUt.exe
1060	UWquiYd.exe
1632	yMtnxEy.exe
4492	gjfpWTM.exe
4792	TGbRwML.exe
2572	vWxQQTK.exe
1040	yAOdDPy.exe
624	XorMPmb.exe
1532	dIGEcOI.exe
1740	SVYxMVx.exe
2852	RlaMjAk.exe
4468	akQwZcb.exe
2576	lFvHWOE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4344-0-0x00007FF701BC0000-0x00007FF701F11000-memory.dmp	upx
behavioral2/files/0x000700000002349e-7.dat	upx
behavioral2/files/0x000700000002349d-11.dat	upx
behavioral2/files/0x00070000000234a0-23.dat	upx
behavioral2/files/0x00070000000234a3-38.dat	upx
behavioral2/memory/4184-46-0x00007FF7D3E60000-0x00007FF7D41B1000-memory.dmp	upx
behavioral2/files/0x00070000000234a5-51.dat	upx
behavioral2/memory/3444-54-0x00007FF6F6D70000-0x00007FF6F70C1000-memory.dmp	upx
behavioral2/memory/1712-63-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp	upx
behavioral2/memory/1352-72-0x00007FF679D80000-0x00007FF67A0D1000-memory.dmp	upx
behavioral2/files/0x00070000000234ab-89.dat	upx
behavioral2/files/0x000800000002349a-102.dat	upx
behavioral2/files/0x00070000000234ae-117.dat	upx
behavioral2/files/0x00070000000234b6-149.dat	upx
behavioral2/files/0x00070000000234b9-164.dat	upx
behavioral2/memory/1616-392-0x00007FF775CB0000-0x00007FF776001000-memory.dmp	upx
behavioral2/memory/4260-393-0x00007FF7F48B0000-0x00007FF7F4C01000-memory.dmp	upx
behavioral2/memory/2480-394-0x00007FF7AF7B0000-0x00007FF7AFB01000-memory.dmp	upx
behavioral2/memory/3944-395-0x00007FF76F330000-0x00007FF76F681000-memory.dmp	upx
behavioral2/memory/4396-396-0x00007FF6133B0000-0x00007FF613701000-memory.dmp	upx
behavioral2/memory/4800-397-0x00007FF6A1420000-0x00007FF6A1771000-memory.dmp	upx
behavioral2/memory/4808-398-0x00007FF72A3A0000-0x00007FF72A6F1000-memory.dmp	upx
behavioral2/memory/876-399-0x00007FF69F970000-0x00007FF69FCC1000-memory.dmp	upx
behavioral2/memory/4040-400-0x00007FF6FA3E0000-0x00007FF6FA731000-memory.dmp	upx
behavioral2/memory/4092-411-0x00007FF6CE8A0000-0x00007FF6CEBF1000-memory.dmp	upx
behavioral2/memory/2432-415-0x00007FF6B9E00000-0x00007FF6BA151000-memory.dmp	upx
behavioral2/memory/464-447-0x00007FF77DE60000-0x00007FF77E1B1000-memory.dmp	upx
behavioral2/memory/936-443-0x00007FF622000000-0x00007FF622351000-memory.dmp	upx
behavioral2/memory/4356-442-0x00007FF75C890000-0x00007FF75CBE1000-memory.dmp	upx
behavioral2/memory/2868-431-0x00007FF698200000-0x00007FF698551000-memory.dmp	upx
behavioral2/memory/4248-423-0x00007FF7D3340000-0x00007FF7D3691000-memory.dmp	upx
behavioral2/memory/1368-417-0x00007FF7C0860000-0x00007FF7C0BB1000-memory.dmp	upx
behavioral2/memory/3164-410-0x00007FF7691F0000-0x00007FF769541000-memory.dmp	upx
behavioral2/files/0x00070000000234bb-174.dat	upx
behavioral2/files/0x00070000000234ba-169.dat	upx
behavioral2/files/0x00070000000234b8-167.dat	upx
behavioral2/files/0x00070000000234b7-162.dat	upx
behavioral2/files/0x00070000000234b5-152.dat	upx
behavioral2/files/0x00070000000234b4-147.dat	upx
behavioral2/files/0x00070000000234b3-142.dat	upx
behavioral2/files/0x00070000000234b2-137.dat	upx
behavioral2/files/0x00070000000234b1-132.dat	upx
behavioral2/files/0x00070000000234b0-127.dat	upx
behavioral2/files/0x00070000000234af-122.dat	upx
behavioral2/files/0x00070000000234ad-112.dat	upx
behavioral2/files/0x00070000000234ac-107.dat	upx
behavioral2/files/0x00070000000234aa-92.dat	upx
behavioral2/files/0x00070000000234a9-87.dat	upx
behavioral2/files/0x00070000000234a8-85.dat	upx
behavioral2/memory/3040-77-0x00007FF7CD9F0000-0x00007FF7CDD41000-memory.dmp	upx
behavioral2/files/0x00070000000234a7-73.dat	upx
behavioral2/files/0x00070000000234a6-64.dat	upx
behavioral2/memory/2720-68-0x00007FF62D7A0000-0x00007FF62DAF1000-memory.dmp	upx
behavioral2/memory/1128-59-0x00007FF7AE850000-0x00007FF7AEBA1000-memory.dmp	upx
behavioral2/memory/3176-58-0x00007FF750350000-0x00007FF7506A1000-memory.dmp	upx
behavioral2/files/0x00070000000234a4-53.dat	upx
behavioral2/files/0x00070000000234a1-43.dat	upx
behavioral2/files/0x00070000000234a2-49.dat	upx
behavioral2/files/0x000700000002349f-36.dat	upx
behavioral2/memory/1424-29-0x00007FF7B5470000-0x00007FF7B57C1000-memory.dmp	upx
behavioral2/memory/4060-24-0x00007FF678620000-0x00007FF678971000-memory.dmp	upx
behavioral2/files/0x000a000000023495-19.dat	upx
behavioral2/memory/4840-10-0x00007FF756780000-0x00007FF756AD1000-memory.dmp	upx
behavioral2/memory/4344-2151-0x00007FF701BC0000-0x00007FF701F11000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GmQTAGv.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\SrwpDsw.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\uFxOosU.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\IsRwbHW.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\lpyFbUm.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\XJktIVw.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\UVzorTZ.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\hymmTju.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\ZtivuBq.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\KwYcBKs.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\TBFHenu.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\cwzYcpw.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\OIUWJrK.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\vuXDNzA.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\AtbYxsz.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\rSWxVBW.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\wNiWqIc.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\SeMBAEh.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\EHWSpZl.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\jPgkKlH.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\JNAxNJR.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\vgNEQKH.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\TRELryE.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\rtHxAvz.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\axXhIyk.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\QjCmYoR.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\rdyfgEq.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\aIvOAMj.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\qmZiThK.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\keXPYlq.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\drhrnbG.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\JzLRmgS.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\nTKFxdS.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\PpgmPXO.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\wbUynVB.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\WQBlSKY.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\GuIbhOe.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\lfKURSS.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\wbgzlFV.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\sBIYxpQ.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\ssSMCtQ.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\SqevqNM.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\AydPpfX.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\pOOjYRx.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\oNcVyDv.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\rkwGKJg.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\pjJtXGc.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\OYCMQIO.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\TuUWISF.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\btegFPI.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\TwixFMq.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\PcodDLO.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\THkZAGD.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\suuIITv.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\UNvuRAa.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\vSPkTVc.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\ObYRuZN.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\xwLZZJd.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\CGDsvme.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\ozYaNAV.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\mNIeNbG.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\ctTgurR.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\HyKojqq.exe	883cc1456f89d62128a67708fe1f77c0N.exe
File created	C:\Windows\System\lUkwKnz.exe	883cc1456f89d62128a67708fe1f77c0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3760	dwm.exe
Token: SeChangeNotifyPrivilege	3760	dwm.exe
Token: 33	3760	dwm.exe
Token: SeIncBasePriorityPrivilege	3760	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 4840	4344	883cc1456f89d62128a67708fe1f77c0N.exe	85
PID 4344 wrote to memory of 4840	4344	883cc1456f89d62128a67708fe1f77c0N.exe	85
PID 4344 wrote to memory of 4060	4344	883cc1456f89d62128a67708fe1f77c0N.exe	86
PID 4344 wrote to memory of 4060	4344	883cc1456f89d62128a67708fe1f77c0N.exe	86
PID 4344 wrote to memory of 1128	4344	883cc1456f89d62128a67708fe1f77c0N.exe	87
PID 4344 wrote to memory of 1128	4344	883cc1456f89d62128a67708fe1f77c0N.exe	87
PID 4344 wrote to memory of 4184	4344	883cc1456f89d62128a67708fe1f77c0N.exe	88
PID 4344 wrote to memory of 4184	4344	883cc1456f89d62128a67708fe1f77c0N.exe	88
PID 4344 wrote to memory of 1424	4344	883cc1456f89d62128a67708fe1f77c0N.exe	89
PID 4344 wrote to memory of 1424	4344	883cc1456f89d62128a67708fe1f77c0N.exe	89
PID 4344 wrote to memory of 1712	4344	883cc1456f89d62128a67708fe1f77c0N.exe	90
PID 4344 wrote to memory of 1712	4344	883cc1456f89d62128a67708fe1f77c0N.exe	90
PID 4344 wrote to memory of 2720	4344	883cc1456f89d62128a67708fe1f77c0N.exe	91
PID 4344 wrote to memory of 2720	4344	883cc1456f89d62128a67708fe1f77c0N.exe	91
PID 4344 wrote to memory of 3444	4344	883cc1456f89d62128a67708fe1f77c0N.exe	92
PID 4344 wrote to memory of 3444	4344	883cc1456f89d62128a67708fe1f77c0N.exe	92
PID 4344 wrote to memory of 3176	4344	883cc1456f89d62128a67708fe1f77c0N.exe	93
PID 4344 wrote to memory of 3176	4344	883cc1456f89d62128a67708fe1f77c0N.exe	93
PID 4344 wrote to memory of 1352	4344	883cc1456f89d62128a67708fe1f77c0N.exe	94
PID 4344 wrote to memory of 1352	4344	883cc1456f89d62128a67708fe1f77c0N.exe	94
PID 4344 wrote to memory of 3040	4344	883cc1456f89d62128a67708fe1f77c0N.exe	95
PID 4344 wrote to memory of 3040	4344	883cc1456f89d62128a67708fe1f77c0N.exe	95
PID 4344 wrote to memory of 1616	4344	883cc1456f89d62128a67708fe1f77c0N.exe	96
PID 4344 wrote to memory of 1616	4344	883cc1456f89d62128a67708fe1f77c0N.exe	96
PID 4344 wrote to memory of 464	4344	883cc1456f89d62128a67708fe1f77c0N.exe	97
PID 4344 wrote to memory of 464	4344	883cc1456f89d62128a67708fe1f77c0N.exe	97
PID 4344 wrote to memory of 4260	4344	883cc1456f89d62128a67708fe1f77c0N.exe	98
PID 4344 wrote to memory of 4260	4344	883cc1456f89d62128a67708fe1f77c0N.exe	98
PID 4344 wrote to memory of 2480	4344	883cc1456f89d62128a67708fe1f77c0N.exe	99
PID 4344 wrote to memory of 2480	4344	883cc1456f89d62128a67708fe1f77c0N.exe	99
PID 4344 wrote to memory of 3944	4344	883cc1456f89d62128a67708fe1f77c0N.exe	100
PID 4344 wrote to memory of 3944	4344	883cc1456f89d62128a67708fe1f77c0N.exe	100
PID 4344 wrote to memory of 4396	4344	883cc1456f89d62128a67708fe1f77c0N.exe	101
PID 4344 wrote to memory of 4396	4344	883cc1456f89d62128a67708fe1f77c0N.exe	101
PID 4344 wrote to memory of 4800	4344	883cc1456f89d62128a67708fe1f77c0N.exe	102
PID 4344 wrote to memory of 4800	4344	883cc1456f89d62128a67708fe1f77c0N.exe	102
PID 4344 wrote to memory of 4808	4344	883cc1456f89d62128a67708fe1f77c0N.exe	103
PID 4344 wrote to memory of 4808	4344	883cc1456f89d62128a67708fe1f77c0N.exe	103
PID 4344 wrote to memory of 876	4344	883cc1456f89d62128a67708fe1f77c0N.exe	104
PID 4344 wrote to memory of 876	4344	883cc1456f89d62128a67708fe1f77c0N.exe	104
PID 4344 wrote to memory of 4040	4344	883cc1456f89d62128a67708fe1f77c0N.exe	105
PID 4344 wrote to memory of 4040	4344	883cc1456f89d62128a67708fe1f77c0N.exe	105
PID 4344 wrote to memory of 3164	4344	883cc1456f89d62128a67708fe1f77c0N.exe	106
PID 4344 wrote to memory of 3164	4344	883cc1456f89d62128a67708fe1f77c0N.exe	106
PID 4344 wrote to memory of 4092	4344	883cc1456f89d62128a67708fe1f77c0N.exe	107
PID 4344 wrote to memory of 4092	4344	883cc1456f89d62128a67708fe1f77c0N.exe	107
PID 4344 wrote to memory of 2432	4344	883cc1456f89d62128a67708fe1f77c0N.exe	108
PID 4344 wrote to memory of 2432	4344	883cc1456f89d62128a67708fe1f77c0N.exe	108
PID 4344 wrote to memory of 1368	4344	883cc1456f89d62128a67708fe1f77c0N.exe	109
PID 4344 wrote to memory of 1368	4344	883cc1456f89d62128a67708fe1f77c0N.exe	109
PID 4344 wrote to memory of 4248	4344	883cc1456f89d62128a67708fe1f77c0N.exe	110
PID 4344 wrote to memory of 4248	4344	883cc1456f89d62128a67708fe1f77c0N.exe	110
PID 4344 wrote to memory of 2868	4344	883cc1456f89d62128a67708fe1f77c0N.exe	111
PID 4344 wrote to memory of 2868	4344	883cc1456f89d62128a67708fe1f77c0N.exe	111
PID 4344 wrote to memory of 4356	4344	883cc1456f89d62128a67708fe1f77c0N.exe	112
PID 4344 wrote to memory of 4356	4344	883cc1456f89d62128a67708fe1f77c0N.exe	112
PID 4344 wrote to memory of 936	4344	883cc1456f89d62128a67708fe1f77c0N.exe	113
PID 4344 wrote to memory of 936	4344	883cc1456f89d62128a67708fe1f77c0N.exe	113
PID 4344 wrote to memory of 376	4344	883cc1456f89d62128a67708fe1f77c0N.exe	114
PID 4344 wrote to memory of 376	4344	883cc1456f89d62128a67708fe1f77c0N.exe	114
PID 4344 wrote to memory of 3232	4344	883cc1456f89d62128a67708fe1f77c0N.exe	115
PID 4344 wrote to memory of 3232	4344	883cc1456f89d62128a67708fe1f77c0N.exe	115
PID 4344 wrote to memory of 4004	4344	883cc1456f89d62128a67708fe1f77c0N.exe	116
PID 4344 wrote to memory of 4004	4344	883cc1456f89d62128a67708fe1f77c0N.exe	116

C:\Users\Admin\AppData\Local\Temp\883cc1456f89d62128a67708fe1f77c0N.exe
"C:\Users\Admin\AppData\Local\Temp\883cc1456f89d62128a67708fe1f77c0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\System\tJolTxO.exe
  C:\Windows\System\tJolTxO.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\hymmTju.exe
  C:\Windows\System\hymmTju.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\uqZjNMC.exe
  C:\Windows\System\uqZjNMC.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\jAyAthA.exe
  C:\Windows\System\jAyAthA.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\GSBkvfz.exe
  C:\Windows\System\GSBkvfz.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\RTxWpmF.exe
  C:\Windows\System\RTxWpmF.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\dqZWFQt.exe
  C:\Windows\System\dqZWFQt.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\mOypEBB.exe
  C:\Windows\System\mOypEBB.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\kSSyxeU.exe
  C:\Windows\System\kSSyxeU.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\JTHjKsR.exe
  C:\Windows\System\JTHjKsR.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ymEFnar.exe
  C:\Windows\System\ymEFnar.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\aIvOAMj.exe
  C:\Windows\System\aIvOAMj.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\PAmVbIi.exe
  C:\Windows\System\PAmVbIi.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\fXevNUR.exe
  C:\Windows\System\fXevNUR.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\cpOURKx.exe
  C:\Windows\System\cpOURKx.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ejaIyyY.exe
  C:\Windows\System\ejaIyyY.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\MBweVbz.exe
  C:\Windows\System\MBweVbz.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\sYnLAFX.exe
  C:\Windows\System\sYnLAFX.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\eJhdKGS.exe
  C:\Windows\System\eJhdKGS.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\xgtPlQD.exe
  C:\Windows\System\xgtPlQD.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\GuIbhOe.exe
  C:\Windows\System\GuIbhOe.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\DJaELvu.exe
  C:\Windows\System\DJaELvu.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\uFxOosU.exe
  C:\Windows\System\uFxOosU.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\ZhfpqEx.exe
  C:\Windows\System\ZhfpqEx.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\hrruLkA.exe
  C:\Windows\System\hrruLkA.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\btegFPI.exe
  C:\Windows\System\btegFPI.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\WZUkEqj.exe
  C:\Windows\System\WZUkEqj.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\sodrEjq.exe
  C:\Windows\System\sodrEjq.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\axXhIyk.exe
  C:\Windows\System\axXhIyk.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\rVGpjUr.exe
  C:\Windows\System\rVGpjUr.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\CNCARpG.exe
  C:\Windows\System\CNCARpG.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\NKPeVrN.exe
  C:\Windows\System\NKPeVrN.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\vTNaPAv.exe
  C:\Windows\System\vTNaPAv.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\DxRvQtQ.exe
  C:\Windows\System\DxRvQtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\ZiDWekD.exe
  C:\Windows\System\ZiDWekD.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\dCawddl.exe
  C:\Windows\System\dCawddl.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\kTFHBms.exe
  C:\Windows\System\kTFHBms.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\jhwfgNd.exe
  C:\Windows\System\jhwfgNd.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\PtdCfNE.exe
  C:\Windows\System\PtdCfNE.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\MQerUhP.exe
  C:\Windows\System\MQerUhP.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\IsRwbHW.exe
  C:\Windows\System\IsRwbHW.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\MAvAquS.exe
  C:\Windows\System\MAvAquS.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\sjLtkwW.exe
  C:\Windows\System\sjLtkwW.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\JpEggiR.exe
  C:\Windows\System\JpEggiR.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\xWUkuKv.exe
  C:\Windows\System\xWUkuKv.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\FQfYnkM.exe
  C:\Windows\System\FQfYnkM.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\QTwOmKj.exe
  C:\Windows\System\QTwOmKj.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\JXpdQNO.exe
  C:\Windows\System\JXpdQNO.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\WVkBINP.exe
  C:\Windows\System\WVkBINP.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\YSBclsZ.exe
  C:\Windows\System\YSBclsZ.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\NtgGVCD.exe
  C:\Windows\System\NtgGVCD.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\NZtWeUt.exe
  C:\Windows\System\NZtWeUt.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\UWquiYd.exe
  C:\Windows\System\UWquiYd.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\yMtnxEy.exe
  C:\Windows\System\yMtnxEy.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\gjfpWTM.exe
  C:\Windows\System\gjfpWTM.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\TGbRwML.exe
  C:\Windows\System\TGbRwML.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\vWxQQTK.exe
  C:\Windows\System\vWxQQTK.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\yAOdDPy.exe
  C:\Windows\System\yAOdDPy.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\XorMPmb.exe
  C:\Windows\System\XorMPmb.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\dIGEcOI.exe
  C:\Windows\System\dIGEcOI.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\SVYxMVx.exe
  C:\Windows\System\SVYxMVx.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\RlaMjAk.exe
  C:\Windows\System\RlaMjAk.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\akQwZcb.exe
  C:\Windows\System\akQwZcb.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\lFvHWOE.exe
  C:\Windows\System\lFvHWOE.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\SqevqNM.exe
  C:\Windows\System\SqevqNM.exe
  2⤵
  PID:60
- C:\Windows\System\ffZTItm.exe
  C:\Windows\System\ffZTItm.exe
  2⤵
  PID:3588
- C:\Windows\System\DZGQZBc.exe
  C:\Windows\System\DZGQZBc.exe
  2⤵
  PID:4852
- C:\Windows\System\TwixFMq.exe
  C:\Windows\System\TwixFMq.exe
  2⤵
  PID:3540
- C:\Windows\System\rHhUFYR.exe
  C:\Windows\System\rHhUFYR.exe
  2⤵
  PID:2568
- C:\Windows\System\kLiBiPO.exe
  C:\Windows\System\kLiBiPO.exe
  2⤵
  PID:4116
- C:\Windows\System\wcfdaWO.exe
  C:\Windows\System\wcfdaWO.exe
  2⤵
  PID:632
- C:\Windows\System\MztHWRw.exe
  C:\Windows\System\MztHWRw.exe
  2⤵
  PID:2724
- C:\Windows\System\UwAXJMR.exe
  C:\Windows\System\UwAXJMR.exe
  2⤵
  PID:4544
- C:\Windows\System\cBJhOdV.exe
  C:\Windows\System\cBJhOdV.exe
  2⤵
  PID:4716
- C:\Windows\System\pOOjYRx.exe
  C:\Windows\System\pOOjYRx.exe
  2⤵
  PID:3616
- C:\Windows\System\BRvcqNe.exe
  C:\Windows\System\BRvcqNe.exe
  2⤵
  PID:1612
- C:\Windows\System\qZGBwGF.exe
  C:\Windows\System\qZGBwGF.exe
  2⤵
  PID:4928
- C:\Windows\System\PiWbCNU.exe
  C:\Windows\System\PiWbCNU.exe
  2⤵
  PID:5140
- C:\Windows\System\AydPpfX.exe
  C:\Windows\System\AydPpfX.exe
  2⤵
  PID:5168
- C:\Windows\System\QfEqTKC.exe
  C:\Windows\System\QfEqTKC.exe
  2⤵
  PID:5196
- C:\Windows\System\NHzuATK.exe
  C:\Windows\System\NHzuATK.exe
  2⤵
  PID:5224
- C:\Windows\System\aQWbZBS.exe
  C:\Windows\System\aQWbZBS.exe
  2⤵
  PID:5252
- C:\Windows\System\lKqcRWX.exe
  C:\Windows\System\lKqcRWX.exe
  2⤵
  PID:5280
- C:\Windows\System\CwbnDpZ.exe
  C:\Windows\System\CwbnDpZ.exe
  2⤵
  PID:5308
- C:\Windows\System\KJBqyoG.exe
  C:\Windows\System\KJBqyoG.exe
  2⤵
  PID:5336
- C:\Windows\System\NeVAweJ.exe
  C:\Windows\System\NeVAweJ.exe
  2⤵
  PID:5364
- C:\Windows\System\yitMKCj.exe
  C:\Windows\System\yitMKCj.exe
  2⤵
  PID:5392
- C:\Windows\System\wVLvaZh.exe
  C:\Windows\System\wVLvaZh.exe
  2⤵
  PID:5420
- C:\Windows\System\abClAPj.exe
  C:\Windows\System\abClAPj.exe
  2⤵
  PID:5448
- C:\Windows\System\fcefnnH.exe
  C:\Windows\System\fcefnnH.exe
  2⤵
  PID:5472
- C:\Windows\System\tuUbrcw.exe
  C:\Windows\System\tuUbrcw.exe
  2⤵
  PID:5500
- C:\Windows\System\pebLztQ.exe
  C:\Windows\System\pebLztQ.exe
  2⤵
  PID:5532
- C:\Windows\System\EZECNCR.exe
  C:\Windows\System\EZECNCR.exe
  2⤵
  PID:5560
- C:\Windows\System\wbgzlFV.exe
  C:\Windows\System\wbgzlFV.exe
  2⤵
  PID:5588
- C:\Windows\System\RbKdhlZ.exe
  C:\Windows\System\RbKdhlZ.exe
  2⤵
  PID:5612
- C:\Windows\System\PNdqmUE.exe
  C:\Windows\System\PNdqmUE.exe
  2⤵
  PID:5640
- C:\Windows\System\BpypsFV.exe
  C:\Windows\System\BpypsFV.exe
  2⤵
  PID:5672
- C:\Windows\System\fThNfVC.exe
  C:\Windows\System\fThNfVC.exe
  2⤵
  PID:5700
- C:\Windows\System\wPRkxut.exe
  C:\Windows\System\wPRkxut.exe
  2⤵
  PID:5724
- C:\Windows\System\qLeNniA.exe
  C:\Windows\System\qLeNniA.exe
  2⤵
  PID:5756
- C:\Windows\System\FfcLXXX.exe
  C:\Windows\System\FfcLXXX.exe
  2⤵
  PID:5780
- C:\Windows\System\PBtqACb.exe
  C:\Windows\System\PBtqACb.exe
  2⤵
  PID:5812
- C:\Windows\System\GmQTAGv.exe
  C:\Windows\System\GmQTAGv.exe
  2⤵
  PID:5836
- C:\Windows\System\RGKDSbD.exe
  C:\Windows\System\RGKDSbD.exe
  2⤵
  PID:5864
- C:\Windows\System\fIUTPgW.exe
  C:\Windows\System\fIUTPgW.exe
  2⤵
  PID:5892
- C:\Windows\System\AaIObmO.exe
  C:\Windows\System\AaIObmO.exe
  2⤵
  PID:5920
- C:\Windows\System\zqEnquI.exe
  C:\Windows\System\zqEnquI.exe
  2⤵
  PID:6020
- C:\Windows\System\ELKhmWf.exe
  C:\Windows\System\ELKhmWf.exe
  2⤵
  PID:6048
- C:\Windows\System\SnYWtjX.exe
  C:\Windows\System\SnYWtjX.exe
  2⤵
  PID:6064
- C:\Windows\System\oVprgYO.exe
  C:\Windows\System\oVprgYO.exe
  2⤵
  PID:6104
- C:\Windows\System\dwLWcZy.exe
  C:\Windows\System\dwLWcZy.exe
  2⤵
  PID:6136
- C:\Windows\System\UGhqnxY.exe
  C:\Windows\System\UGhqnxY.exe
  2⤵
  PID:3144
- C:\Windows\System\UkndVCT.exe
  C:\Windows\System\UkndVCT.exe
  2⤵
  PID:1384
- C:\Windows\System\hvGKiBB.exe
  C:\Windows\System\hvGKiBB.exe
  2⤵
  PID:4440
- C:\Windows\System\GbWWjdt.exe
  C:\Windows\System\GbWWjdt.exe
  2⤵
  PID:4448
- C:\Windows\System\cxbnKXX.exe
  C:\Windows\System\cxbnKXX.exe
  2⤵
  PID:1608
- C:\Windows\System\xgxxEuo.exe
  C:\Windows\System\xgxxEuo.exe
  2⤵
  PID:748
- C:\Windows\System\lunfxtB.exe
  C:\Windows\System\lunfxtB.exe
  2⤵
  PID:5132
- C:\Windows\System\raUtdRy.exe
  C:\Windows\System\raUtdRy.exe
  2⤵
  PID:5184
- C:\Windows\System\LjoQTcB.exe
  C:\Windows\System\LjoQTcB.exe
  2⤵
  PID:5236
- C:\Windows\System\akSaNAk.exe
  C:\Windows\System\akSaNAk.exe
  2⤵
  PID:5296
- C:\Windows\System\TOhLNfJ.exe
  C:\Windows\System\TOhLNfJ.exe
  2⤵
  PID:5352
- C:\Windows\System\Invivww.exe
  C:\Windows\System\Invivww.exe
  2⤵
  PID:5496
- C:\Windows\System\UNWcvbp.exe
  C:\Windows\System\UNWcvbp.exe
  2⤵
  PID:228
- C:\Windows\System\vuXDNzA.exe
  C:\Windows\System\vuXDNzA.exe
  2⤵
  PID:5800
- C:\Windows\System\lchJZIZ.exe
  C:\Windows\System\lchJZIZ.exe
  2⤵
  PID:5824
- C:\Windows\System\rKomzWQ.exe
  C:\Windows\System\rKomzWQ.exe
  2⤵
  PID:1056
- C:\Windows\System\HqYjtzL.exe
  C:\Windows\System\HqYjtzL.exe
  2⤵
  PID:2900
- C:\Windows\System\esTLJIr.exe
  C:\Windows\System\esTLJIr.exe
  2⤵
  PID:2440
- C:\Windows\System\qWtanqz.exe
  C:\Windows\System\qWtanqz.exe
  2⤵
  PID:3972
- C:\Windows\System\UGNUkhw.exe
  C:\Windows\System\UGNUkhw.exe
  2⤵
  PID:2496
- C:\Windows\System\RZxqxmG.exe
  C:\Windows\System\RZxqxmG.exe
  2⤵
  PID:3320
- C:\Windows\System\ZOTIIWM.exe
  C:\Windows\System\ZOTIIWM.exe
  2⤵
  PID:3652
- C:\Windows\System\dLIZwVY.exe
  C:\Windows\System\dLIZwVY.exe
  2⤵
  PID:2040
- C:\Windows\System\CDsVAeU.exe
  C:\Windows\System\CDsVAeU.exe
  2⤵
  PID:6060
- C:\Windows\System\PKuQfwO.exe
  C:\Windows\System\PKuQfwO.exe
  2⤵
  PID:6128
- C:\Windows\System\CqkVdcw.exe
  C:\Windows\System\CqkVdcw.exe
  2⤵
  PID:4604
- C:\Windows\System\reZuwZp.exe
  C:\Windows\System\reZuwZp.exe
  2⤵
  PID:3340
- C:\Windows\System\AgOcnIL.exe
  C:\Windows\System\AgOcnIL.exe
  2⤵
  PID:5160
- C:\Windows\System\AtbYxsz.exe
  C:\Windows\System\AtbYxsz.exe
  2⤵
  PID:5380
- C:\Windows\System\FEndHpr.exe
  C:\Windows\System\FEndHpr.exe
  2⤵
  PID:5604
- C:\Windows\System\yBpEHzl.exe
  C:\Windows\System\yBpEHzl.exe
  2⤵
  PID:628
- C:\Windows\System\jrDYdjv.exe
  C:\Windows\System\jrDYdjv.exe
  2⤵
  PID:232
- C:\Windows\System\spkCzSg.exe
  C:\Windows\System\spkCzSg.exe
  2⤵
  PID:3136
- C:\Windows\System\kWlXHdz.exe
  C:\Windows\System\kWlXHdz.exe
  2⤵
  PID:5748
- C:\Windows\System\lPkWhBs.exe
  C:\Windows\System\lPkWhBs.exe
  2⤵
  PID:5740
- C:\Windows\System\oNcVyDv.exe
  C:\Windows\System\oNcVyDv.exe
  2⤵
  PID:6072
- C:\Windows\System\uDlAKJM.exe
  C:\Windows\System\uDlAKJM.exe
  2⤵
  PID:5156
- C:\Windows\System\HvrACLl.exe
  C:\Windows\System\HvrACLl.exe
  2⤵
  PID:5128
- C:\Windows\System\afvRycZ.exe
  C:\Windows\System\afvRycZ.exe
  2⤵
  PID:5124
- C:\Windows\System\gnojATr.exe
  C:\Windows\System\gnojATr.exe
  2⤵
  PID:5436
- C:\Windows\System\LUSIAbS.exe
  C:\Windows\System\LUSIAbS.exe
  2⤵
  PID:5968
- C:\Windows\System\YDVqRHA.exe
  C:\Windows\System\YDVqRHA.exe
  2⤵
  PID:4688
- C:\Windows\System\EGYVTOq.exe
  C:\Windows\System\EGYVTOq.exe
  2⤵
  PID:4420
- C:\Windows\System\WEiVQKl.exe
  C:\Windows\System\WEiVQKl.exe
  2⤵
  PID:1912
- C:\Windows\System\bgVZzcn.exe
  C:\Windows\System\bgVZzcn.exe
  2⤵
  PID:4144
- C:\Windows\System\osHFBfR.exe
  C:\Windows\System\osHFBfR.exe
  2⤵
  PID:3448
- C:\Windows\System\rMhjsRQ.exe
  C:\Windows\System\rMhjsRQ.exe
  2⤵
  PID:6152
- C:\Windows\System\XFKrtJH.exe
  C:\Windows\System\XFKrtJH.exe
  2⤵
  PID:6176
- C:\Windows\System\ZBFtCVK.exe
  C:\Windows\System\ZBFtCVK.exe
  2⤵
  PID:6208
- C:\Windows\System\ObYRuZN.exe
  C:\Windows\System\ObYRuZN.exe
  2⤵
  PID:6236
- C:\Windows\System\YPdKGhE.exe
  C:\Windows\System\YPdKGhE.exe
  2⤵
  PID:6252
- C:\Windows\System\ftVaXJs.exe
  C:\Windows\System\ftVaXJs.exe
  2⤵
  PID:6280
- C:\Windows\System\uPxwaFM.exe
  C:\Windows\System\uPxwaFM.exe
  2⤵
  PID:6352
- C:\Windows\System\HJduUQF.exe
  C:\Windows\System\HJduUQF.exe
  2⤵
  PID:6368
- C:\Windows\System\lVGTYiO.exe
  C:\Windows\System\lVGTYiO.exe
  2⤵
  PID:6400
- C:\Windows\System\rkwGKJg.exe
  C:\Windows\System\rkwGKJg.exe
  2⤵
  PID:6428
- C:\Windows\System\WmEGfhQ.exe
  C:\Windows\System\WmEGfhQ.exe
  2⤵
  PID:6452
- C:\Windows\System\EgeIDLn.exe
  C:\Windows\System\EgeIDLn.exe
  2⤵
  PID:6492
- C:\Windows\System\DaWyOre.exe
  C:\Windows\System\DaWyOre.exe
  2⤵
  PID:6528
- C:\Windows\System\fMvAaBK.exe
  C:\Windows\System\fMvAaBK.exe
  2⤵
  PID:6552
- C:\Windows\System\RqcDFMu.exe
  C:\Windows\System\RqcDFMu.exe
  2⤵
  PID:6592
- C:\Windows\System\TrvfoAM.exe
  C:\Windows\System\TrvfoAM.exe
  2⤵
  PID:6608
- C:\Windows\System\uTObCuC.exe
  C:\Windows\System\uTObCuC.exe
  2⤵
  PID:6628
- C:\Windows\System\lRegzNG.exe
  C:\Windows\System\lRegzNG.exe
  2⤵
  PID:6652
- C:\Windows\System\vbcSwNx.exe
  C:\Windows\System\vbcSwNx.exe
  2⤵
  PID:6676
- C:\Windows\System\BWBfDZk.exe
  C:\Windows\System\BWBfDZk.exe
  2⤵
  PID:6692
- C:\Windows\System\aLkPhDp.exe
  C:\Windows\System\aLkPhDp.exe
  2⤵
  PID:6728
- C:\Windows\System\bPxpvEg.exe
  C:\Windows\System\bPxpvEg.exe
  2⤵
  PID:6748
- C:\Windows\System\hoVMnHb.exe
  C:\Windows\System\hoVMnHb.exe
  2⤵
  PID:6768
- C:\Windows\System\mVCfcVL.exe
  C:\Windows\System\mVCfcVL.exe
  2⤵
  PID:6784
- C:\Windows\System\PvBhJwK.exe
  C:\Windows\System\PvBhJwK.exe
  2⤵
  PID:6808
- C:\Windows\System\VhlaIdC.exe
  C:\Windows\System\VhlaIdC.exe
  2⤵
  PID:6824
- C:\Windows\System\prDLwLX.exe
  C:\Windows\System\prDLwLX.exe
  2⤵
  PID:6856
- C:\Windows\System\sezJfwU.exe
  C:\Windows\System\sezJfwU.exe
  2⤵
  PID:6880
- C:\Windows\System\EuCseKX.exe
  C:\Windows\System\EuCseKX.exe
  2⤵
  PID:6900
- C:\Windows\System\FVgEluI.exe
  C:\Windows\System\FVgEluI.exe
  2⤵
  PID:6948
- C:\Windows\System\iFlIkpm.exe
  C:\Windows\System\iFlIkpm.exe
  2⤵
  PID:6980
- C:\Windows\System\dmGAUeO.exe
  C:\Windows\System\dmGAUeO.exe
  2⤵
  PID:6996
- C:\Windows\System\zrYcInD.exe
  C:\Windows\System\zrYcInD.exe
  2⤵
  PID:7016
- C:\Windows\System\qMXYGeO.exe
  C:\Windows\System\qMXYGeO.exe
  2⤵
  PID:7040
- C:\Windows\System\ymTmpgl.exe
  C:\Windows\System\ymTmpgl.exe
  2⤵
  PID:7064
- C:\Windows\System\sBIYxpQ.exe
  C:\Windows\System\sBIYxpQ.exe
  2⤵
  PID:7084
- C:\Windows\System\CHaBdke.exe
  C:\Windows\System\CHaBdke.exe
  2⤵
  PID:6160
- C:\Windows\System\yydDZuB.exe
  C:\Windows\System\yydDZuB.exe
  2⤵
  PID:6244
- C:\Windows\System\KaAhSyz.exe
  C:\Windows\System\KaAhSyz.exe
  2⤵
  PID:5992
- C:\Windows\System\sfWeHHy.exe
  C:\Windows\System\sfWeHHy.exe
  2⤵
  PID:6304
- C:\Windows\System\wbUynVB.exe
  C:\Windows\System\wbUynVB.exe
  2⤵
  PID:6008
- C:\Windows\System\qzGPyYc.exe
  C:\Windows\System\qzGPyYc.exe
  2⤵
  PID:6408
- C:\Windows\System\SrwpDsw.exe
  C:\Windows\System\SrwpDsw.exe
  2⤵
  PID:6448
- C:\Windows\System\nohkumE.exe
  C:\Windows\System\nohkumE.exe
  2⤵
  PID:6484
- C:\Windows\System\UxyKteV.exe
  C:\Windows\System\UxyKteV.exe
  2⤵
  PID:6564
- C:\Windows\System\wQLVxnh.exe
  C:\Windows\System\wQLVxnh.exe
  2⤵
  PID:6116
- C:\Windows\System\FCvxERV.exe
  C:\Windows\System\FCvxERV.exe
  2⤵
  PID:6620
- C:\Windows\System\xNbIhwp.exe
  C:\Windows\System\xNbIhwp.exe
  2⤵
  PID:6736
- C:\Windows\System\bVYDVgs.exe
  C:\Windows\System\bVYDVgs.exe
  2⤵
  PID:6832
- C:\Windows\System\wNiWqIc.exe
  C:\Windows\System\wNiWqIc.exe
  2⤵
  PID:6864
- C:\Windows\System\bxFCtOF.exe
  C:\Windows\System\bxFCtOF.exe
  2⤵
  PID:6892
- C:\Windows\System\yFHlElZ.exe
  C:\Windows\System\yFHlElZ.exe
  2⤵
  PID:6968
- C:\Windows\System\ZgLcfRe.exe
  C:\Windows\System\ZgLcfRe.exe
  2⤵
  PID:7048
- C:\Windows\System\ARIWOTv.exe
  C:\Windows\System\ARIWOTv.exe
  2⤵
  PID:7120
- C:\Windows\System\VfbqVit.exe
  C:\Windows\System\VfbqVit.exe
  2⤵
  PID:5988
- C:\Windows\System\JeaGQZY.exe
  C:\Windows\System\JeaGQZY.exe
  2⤵
  PID:6272
- C:\Windows\System\hIlXBcC.exe
  C:\Windows\System\hIlXBcC.exe
  2⤵
  PID:6504
- C:\Windows\System\FVjmfmK.exe
  C:\Windows\System\FVjmfmK.exe
  2⤵
  PID:6648
- C:\Windows\System\ycNZwpR.exe
  C:\Windows\System\ycNZwpR.exe
  2⤵
  PID:6688
- C:\Windows\System\GTzjXKb.exe
  C:\Windows\System\GTzjXKb.exe
  2⤵
  PID:6796
- C:\Windows\System\GFAelio.exe
  C:\Windows\System\GFAelio.exe
  2⤵
  PID:6872
- C:\Windows\System\vhSirUN.exe
  C:\Windows\System\vhSirUN.exe
  2⤵
  PID:6992
- C:\Windows\System\lfCcYWI.exe
  C:\Windows\System\lfCcYWI.exe
  2⤵
  PID:5468
- C:\Windows\System\MckQQse.exe
  C:\Windows\System\MckQQse.exe
  2⤵
  PID:6416
- C:\Windows\System\RyqQnWh.exe
  C:\Windows\System\RyqQnWh.exe
  2⤵
  PID:4580
- C:\Windows\System\YgVCmaZ.exe
  C:\Windows\System\YgVCmaZ.exe
  2⤵
  PID:6956
- C:\Windows\System\IwLAISo.exe
  C:\Windows\System\IwLAISo.exe
  2⤵
  PID:7144
- C:\Windows\System\JQhPIzD.exe
  C:\Windows\System\JQhPIzD.exe
  2⤵
  PID:7212
- C:\Windows\System\ymIeHhm.exe
  C:\Windows\System\ymIeHhm.exe
  2⤵
  PID:7232
- C:\Windows\System\XFqbPkC.exe
  C:\Windows\System\XFqbPkC.exe
  2⤵
  PID:7296
- C:\Windows\System\ookDWma.exe
  C:\Windows\System\ookDWma.exe
  2⤵
  PID:7320
- C:\Windows\System\CGjQcGu.exe
  C:\Windows\System\CGjQcGu.exe
  2⤵
  PID:7348
- C:\Windows\System\OdbVsTL.exe
  C:\Windows\System\OdbVsTL.exe
  2⤵
  PID:7396
- C:\Windows\System\vZOqkub.exe
  C:\Windows\System\vZOqkub.exe
  2⤵
  PID:7416
- C:\Windows\System\MIbEiPr.exe
  C:\Windows\System\MIbEiPr.exe
  2⤵
  PID:7440
- C:\Windows\System\lcoeQgy.exe
  C:\Windows\System\lcoeQgy.exe
  2⤵
  PID:7456
- C:\Windows\System\sPeihDl.exe
  C:\Windows\System\sPeihDl.exe
  2⤵
  PID:7496
- C:\Windows\System\nLzfWcn.exe
  C:\Windows\System\nLzfWcn.exe
  2⤵
  PID:7512
- C:\Windows\System\aJVeRsL.exe
  C:\Windows\System\aJVeRsL.exe
  2⤵
  PID:7536
- C:\Windows\System\GKvThhY.exe
  C:\Windows\System\GKvThhY.exe
  2⤵
  PID:7556
- C:\Windows\System\vMXwhCn.exe
  C:\Windows\System\vMXwhCn.exe
  2⤵
  PID:7580
- C:\Windows\System\PLIqmQR.exe
  C:\Windows\System\PLIqmQR.exe
  2⤵
  PID:7600
- C:\Windows\System\oSElEpW.exe
  C:\Windows\System\oSElEpW.exe
  2⤵
  PID:7636
- C:\Windows\System\EpjFBCH.exe
  C:\Windows\System\EpjFBCH.exe
  2⤵
  PID:7660
- C:\Windows\System\ExAHvFt.exe
  C:\Windows\System\ExAHvFt.exe
  2⤵
  PID:7684
- C:\Windows\System\eBKYLSK.exe
  C:\Windows\System\eBKYLSK.exe
  2⤵
  PID:7704
- C:\Windows\System\VQTHdeh.exe
  C:\Windows\System\VQTHdeh.exe
  2⤵
  PID:7760
- C:\Windows\System\EfkEEAi.exe
  C:\Windows\System\EfkEEAi.exe
  2⤵
  PID:7776
- C:\Windows\System\ssSMCtQ.exe
  C:\Windows\System\ssSMCtQ.exe
  2⤵
  PID:7840
- C:\Windows\System\FhCcnun.exe
  C:\Windows\System\FhCcnun.exe
  2⤵
  PID:7864
- C:\Windows\System\jIYtUDp.exe
  C:\Windows\System\jIYtUDp.exe
  2⤵
  PID:7884
- C:\Windows\System\xwLZZJd.exe
  C:\Windows\System\xwLZZJd.exe
  2⤵
  PID:7912
- C:\Windows\System\SJAheCh.exe
  C:\Windows\System\SJAheCh.exe
  2⤵
  PID:7940
- C:\Windows\System\iReMCEc.exe
  C:\Windows\System\iReMCEc.exe
  2⤵
  PID:7976
- C:\Windows\System\raFiZmq.exe
  C:\Windows\System\raFiZmq.exe
  2⤵
  PID:8004
- C:\Windows\System\LUktGlg.exe
  C:\Windows\System\LUktGlg.exe
  2⤵
  PID:8024
- C:\Windows\System\ZLTjsXa.exe
  C:\Windows\System\ZLTjsXa.exe
  2⤵
  PID:8040
- C:\Windows\System\ALWcpwi.exe
  C:\Windows\System\ALWcpwi.exe
  2⤵
  PID:8076
- C:\Windows\System\VTvMptz.exe
  C:\Windows\System\VTvMptz.exe
  2⤵
  PID:8092
- C:\Windows\System\NvRKuTi.exe
  C:\Windows\System\NvRKuTi.exe
  2⤵
  PID:8112
- C:\Windows\System\uCyuhyS.exe
  C:\Windows\System\uCyuhyS.exe
  2⤵
  PID:8132
- C:\Windows\System\crAdBfB.exe
  C:\Windows\System\crAdBfB.exe
  2⤵
  PID:8156
- C:\Windows\System\RvDxwJu.exe
  C:\Windows\System\RvDxwJu.exe
  2⤵
  PID:8180
- C:\Windows\System\neLUbZP.exe
  C:\Windows\System\neLUbZP.exe
  2⤵
  PID:4584
- C:\Windows\System\fTNQhQC.exe
  C:\Windows\System\fTNQhQC.exe
  2⤵
  PID:7200
- C:\Windows\System\NeahdRC.exe
  C:\Windows\System\NeahdRC.exe
  2⤵
  PID:7292
- C:\Windows\System\OysEGMJ.exe
  C:\Windows\System\OysEGMJ.exe
  2⤵
  PID:7304
- C:\Windows\System\CKJtTiq.exe
  C:\Windows\System\CKJtTiq.exe
  2⤵
  PID:7368
- C:\Windows\System\ZawmhLU.exe
  C:\Windows\System\ZawmhLU.exe
  2⤵
  PID:7528
- C:\Windows\System\lfKURSS.exe
  C:\Windows\System\lfKURSS.exe
  2⤵
  PID:7568
- C:\Windows\System\QjCmYoR.exe
  C:\Windows\System\QjCmYoR.exe
  2⤵
  PID:7696
- C:\Windows\System\FprOFnT.exe
  C:\Windows\System\FprOFnT.exe
  2⤵
  PID:7672
- C:\Windows\System\TBnWgAQ.exe
  C:\Windows\System\TBnWgAQ.exe
  2⤵
  PID:7724
- C:\Windows\System\nWQhDcn.exe
  C:\Windows\System\nWQhDcn.exe
  2⤵
  PID:7768
- C:\Windows\System\IvUtHSe.exe
  C:\Windows\System\IvUtHSe.exe
  2⤵
  PID:7960
- C:\Windows\System\DYZcYTV.exe
  C:\Windows\System\DYZcYTV.exe
  2⤵
  PID:7988
- C:\Windows\System\xPYmcJn.exe
  C:\Windows\System\xPYmcJn.exe
  2⤵
  PID:8064
- C:\Windows\System\gguSdwH.exe
  C:\Windows\System\gguSdwH.exe
  2⤵
  PID:8108
- C:\Windows\System\azNlJCP.exe
  C:\Windows\System\azNlJCP.exe
  2⤵
  PID:6112
- C:\Windows\System\LwAmIUS.exe
  C:\Windows\System\LwAmIUS.exe
  2⤵
  PID:7272
- C:\Windows\System\PeCLsCx.exe
  C:\Windows\System\PeCLsCx.exe
  2⤵
  PID:7508
- C:\Windows\System\lWWTbPW.exe
  C:\Windows\System\lWWTbPW.exe
  2⤵
  PID:7596
- C:\Windows\System\anXIzvF.exe
  C:\Windows\System\anXIzvF.exe
  2⤵
  PID:7772
- C:\Windows\System\eHBCdzz.exe
  C:\Windows\System\eHBCdzz.exe
  2⤵
  PID:7644
- C:\Windows\System\AmJKKaG.exe
  C:\Windows\System\AmJKKaG.exe
  2⤵
  PID:7992
- C:\Windows\System\pEEixex.exe
  C:\Windows\System\pEEixex.exe
  2⤵
  PID:8128
- C:\Windows\System\ZqUINeK.exe
  C:\Windows\System\ZqUINeK.exe
  2⤵
  PID:8188
- C:\Windows\System\EHWSpZl.exe
  C:\Windows\System\EHWSpZl.exe
  2⤵
  PID:7552
- C:\Windows\System\WrfJLWP.exe
  C:\Windows\System\WrfJLWP.exe
  2⤵
  PID:7908
- C:\Windows\System\LaTSsJe.exe
  C:\Windows\System\LaTSsJe.exe
  2⤵
  PID:7428
- C:\Windows\System\ksSZQAy.exe
  C:\Windows\System\ksSZQAy.exe
  2⤵
  PID:8204
- C:\Windows\System\waZBvKq.exe
  C:\Windows\System\waZBvKq.exe
  2⤵
  PID:8220
- C:\Windows\System\syIprxT.exe
  C:\Windows\System\syIprxT.exe
  2⤵
  PID:8240
- C:\Windows\System\MAJqnLY.exe
  C:\Windows\System\MAJqnLY.exe
  2⤵
  PID:8272
- C:\Windows\System\ZtivuBq.exe
  C:\Windows\System\ZtivuBq.exe
  2⤵
  PID:8324
- C:\Windows\System\WsXOygI.exe
  C:\Windows\System\WsXOygI.exe
  2⤵
  PID:8348
- C:\Windows\System\iaDDyfW.exe
  C:\Windows\System\iaDDyfW.exe
  2⤵
  PID:8380
- C:\Windows\System\taBPXVv.exe
  C:\Windows\System\taBPXVv.exe
  2⤵
  PID:8420
- C:\Windows\System\WpXpQJz.exe
  C:\Windows\System\WpXpQJz.exe
  2⤵
  PID:8452
- C:\Windows\System\XtCVSHr.exe
  C:\Windows\System\XtCVSHr.exe
  2⤵
  PID:8492
- C:\Windows\System\dboNyIc.exe
  C:\Windows\System\dboNyIc.exe
  2⤵
  PID:8512
- C:\Windows\System\UlBqbrc.exe
  C:\Windows\System\UlBqbrc.exe
  2⤵
  PID:8540
- C:\Windows\System\AsuuJyq.exe
  C:\Windows\System\AsuuJyq.exe
  2⤵
  PID:8560
- C:\Windows\System\cKAHhqb.exe
  C:\Windows\System\cKAHhqb.exe
  2⤵
  PID:8588
- C:\Windows\System\eOrWYwy.exe
  C:\Windows\System\eOrWYwy.exe
  2⤵
  PID:8616
- C:\Windows\System\wkpaeZt.exe
  C:\Windows\System\wkpaeZt.exe
  2⤵
  PID:8636
- C:\Windows\System\gIaciCj.exe
  C:\Windows\System\gIaciCj.exe
  2⤵
  PID:8656
- C:\Windows\System\yEJdQJw.exe
  C:\Windows\System\yEJdQJw.exe
  2⤵
  PID:8700
- C:\Windows\System\LxCObvM.exe
  C:\Windows\System\LxCObvM.exe
  2⤵
  PID:8716
- C:\Windows\System\oRgVgtQ.exe
  C:\Windows\System\oRgVgtQ.exe
  2⤵
  PID:8764
- C:\Windows\System\YYQaTPM.exe
  C:\Windows\System\YYQaTPM.exe
  2⤵
  PID:8792
- C:\Windows\System\KwYcBKs.exe
  C:\Windows\System\KwYcBKs.exe
  2⤵
  PID:8812
- C:\Windows\System\fisUTkc.exe
  C:\Windows\System\fisUTkc.exe
  2⤵
  PID:8840
- C:\Windows\System\gsOkkii.exe
  C:\Windows\System\gsOkkii.exe
  2⤵
  PID:8884
- C:\Windows\System\VgyWaLy.exe
  C:\Windows\System\VgyWaLy.exe
  2⤵
  PID:8916
- C:\Windows\System\FOLScxg.exe
  C:\Windows\System\FOLScxg.exe
  2⤵
  PID:8936
- C:\Windows\System\MtcUtKT.exe
  C:\Windows\System\MtcUtKT.exe
  2⤵
  PID:8960
- C:\Windows\System\gfvQFeI.exe
  C:\Windows\System\gfvQFeI.exe
  2⤵
  PID:8980
- C:\Windows\System\jPgkKlH.exe
  C:\Windows\System\jPgkKlH.exe
  2⤵
  PID:9004
- C:\Windows\System\iXDYugB.exe
  C:\Windows\System\iXDYugB.exe
  2⤵
  PID:9036
- C:\Windows\System\drtPYaw.exe
  C:\Windows\System\drtPYaw.exe
  2⤵
  PID:9064
- C:\Windows\System\luVNtxj.exe
  C:\Windows\System\luVNtxj.exe
  2⤵
  PID:9092
- C:\Windows\System\pjJtXGc.exe
  C:\Windows\System\pjJtXGc.exe
  2⤵
  PID:9116
- C:\Windows\System\lpyFbUm.exe
  C:\Windows\System\lpyFbUm.exe
  2⤵
  PID:9140
- C:\Windows\System\igTnEEx.exe
  C:\Windows\System\igTnEEx.exe
  2⤵
  PID:9160
- C:\Windows\System\nnbSIYk.exe
  C:\Windows\System\nnbSIYk.exe
  2⤵
  PID:9204
- C:\Windows\System\jcJWLhr.exe
  C:\Windows\System\jcJWLhr.exe
  2⤵
  PID:8212
- C:\Windows\System\eDltrHQ.exe
  C:\Windows\System\eDltrHQ.exe
  2⤵
  PID:8304
- C:\Windows\System\UcdPhZW.exe
  C:\Windows\System\UcdPhZW.exe
  2⤵
  PID:8504
- C:\Windows\System\XFOVInR.exe
  C:\Windows\System\XFOVInR.exe
  2⤵
  PID:8632
- C:\Windows\System\rvRDHwL.exe
  C:\Windows\System\rvRDHwL.exe
  2⤵
  PID:8648
- C:\Windows\System\wUFOBUZ.exe
  C:\Windows\System\wUFOBUZ.exe
  2⤵
  PID:8712
- C:\Windows\System\GFtIfwi.exe
  C:\Windows\System\GFtIfwi.exe
  2⤵
  PID:8724
- C:\Windows\System\KoLqwRL.exe
  C:\Windows\System\KoLqwRL.exe
  2⤵
  PID:8784
- C:\Windows\System\qHBRNJf.exe
  C:\Windows\System\qHBRNJf.exe
  2⤵
  PID:8788
- C:\Windows\System\WqanhmM.exe
  C:\Windows\System\WqanhmM.exe
  2⤵
  PID:8944
- C:\Windows\System\NINPola.exe
  C:\Windows\System\NINPola.exe
  2⤵
  PID:8996
- C:\Windows\System\WQBlSKY.exe
  C:\Windows\System\WQBlSKY.exe
  2⤵
  PID:9084
- C:\Windows\System\BMhLmHu.exe
  C:\Windows\System\BMhLmHu.exe
  2⤵
  PID:9200
- C:\Windows\System\OXaFCki.exe
  C:\Windows\System\OXaFCki.exe
  2⤵
  PID:9184
- C:\Windows\System\OYOSoVI.exe
  C:\Windows\System\OYOSoVI.exe
  2⤵
  PID:8100
- C:\Windows\System\ludJidX.exe
  C:\Windows\System\ludJidX.exe
  2⤵
  PID:8444
- C:\Windows\System\uEOieEr.exe
  C:\Windows\System\uEOieEr.exe
  2⤵
  PID:8232
- C:\Windows\System\WgimHbk.exe
  C:\Windows\System\WgimHbk.exe
  2⤵
  PID:8584
- C:\Windows\System\kLPvsnO.exe
  C:\Windows\System\kLPvsnO.exe
  2⤵
  PID:8672
- C:\Windows\System\THkZAGD.exe
  C:\Windows\System\THkZAGD.exe
  2⤵
  PID:8804
- C:\Windows\System\LUGrVBk.exe
  C:\Windows\System\LUGrVBk.exe
  2⤵
  PID:8908
- C:\Windows\System\JsbGdFl.exe
  C:\Windows\System\JsbGdFl.exe
  2⤵
  PID:9056
- C:\Windows\System\uuIdWSI.exe
  C:\Windows\System\uuIdWSI.exe
  2⤵
  PID:8036
- C:\Windows\System\oVrBSIt.exe
  C:\Windows\System\oVrBSIt.exe
  2⤵
  PID:8748
- C:\Windows\System\wJsxDTa.exe
  C:\Windows\System\wJsxDTa.exe
  2⤵
  PID:8756
- C:\Windows\System\pAubdOM.exe
  C:\Windows\System\pAubdOM.exe
  2⤵
  PID:8836
- C:\Windows\System\dtPMPIU.exe
  C:\Windows\System\dtPMPIU.exe
  2⤵
  PID:8752
- C:\Windows\System\ZBKoWbc.exe
  C:\Windows\System\ZBKoWbc.exe
  2⤵
  PID:9228
- C:\Windows\System\QvfeIZb.exe
  C:\Windows\System\QvfeIZb.exe
  2⤵
  PID:9244
- C:\Windows\System\oceFbkn.exe
  C:\Windows\System\oceFbkn.exe
  2⤵
  PID:9260
- C:\Windows\System\fxeQJdA.exe
  C:\Windows\System\fxeQJdA.exe
  2⤵
  PID:9280
- C:\Windows\System\NUOVUqt.exe
  C:\Windows\System\NUOVUqt.exe
  2⤵
  PID:9304
- C:\Windows\System\wvcJHTA.exe
  C:\Windows\System\wvcJHTA.exe
  2⤵
  PID:9332
- C:\Windows\System\WwAmHVB.exe
  C:\Windows\System\WwAmHVB.exe
  2⤵
  PID:9348
- C:\Windows\System\keXPYlq.exe
  C:\Windows\System\keXPYlq.exe
  2⤵
  PID:9424
- C:\Windows\System\uADezjG.exe
  C:\Windows\System\uADezjG.exe
  2⤵
  PID:9444
- C:\Windows\System\pfyeUHS.exe
  C:\Windows\System\pfyeUHS.exe
  2⤵
  PID:9464
- C:\Windows\System\JNAxNJR.exe
  C:\Windows\System\JNAxNJR.exe
  2⤵
  PID:9488
- C:\Windows\System\zqLvpxv.exe
  C:\Windows\System\zqLvpxv.exe
  2⤵
  PID:9508
- C:\Windows\System\WwgUIPZ.exe
  C:\Windows\System\WwgUIPZ.exe
  2⤵
  PID:9532
- C:\Windows\System\CGDsvme.exe
  C:\Windows\System\CGDsvme.exe
  2⤵
  PID:9552
- C:\Windows\System\MEMmwHe.exe
  C:\Windows\System\MEMmwHe.exe
  2⤵
  PID:9584
- C:\Windows\System\EQjBkNL.exe
  C:\Windows\System\EQjBkNL.exe
  2⤵
  PID:9604
- C:\Windows\System\YSDWKIm.exe
  C:\Windows\System\YSDWKIm.exe
  2⤵
  PID:9628
- C:\Windows\System\GXZJbWP.exe
  C:\Windows\System\GXZJbWP.exe
  2⤵
  PID:9652
- C:\Windows\System\CHWiwvy.exe
  C:\Windows\System\CHWiwvy.exe
  2⤵
  PID:9712
- C:\Windows\System\KbBoXej.exe
  C:\Windows\System\KbBoXej.exe
  2⤵
  PID:9732
- C:\Windows\System\ozYaNAV.exe
  C:\Windows\System\ozYaNAV.exe
  2⤵
  PID:9764
- C:\Windows\System\VFlXWBR.exe
  C:\Windows\System\VFlXWBR.exe
  2⤵
  PID:9784
- C:\Windows\System\KfCMSda.exe
  C:\Windows\System\KfCMSda.exe
  2⤵
  PID:9804
- C:\Windows\System\NfslFiu.exe
  C:\Windows\System\NfslFiu.exe
  2⤵
  PID:9832
- C:\Windows\System\OYCMQIO.exe
  C:\Windows\System\OYCMQIO.exe
  2⤵
  PID:9848
- C:\Windows\System\VimePIL.exe
  C:\Windows\System\VimePIL.exe
  2⤵
  PID:9884
- C:\Windows\System\vgOozHh.exe
  C:\Windows\System\vgOozHh.exe
  2⤵
  PID:9900
- C:\Windows\System\roeDiCZ.exe
  C:\Windows\System\roeDiCZ.exe
  2⤵
  PID:9984
- C:\Windows\System\vHsrnQQ.exe
  C:\Windows\System\vHsrnQQ.exe
  2⤵
  PID:10004
- C:\Windows\System\VEOAMeO.exe
  C:\Windows\System\VEOAMeO.exe
  2⤵
  PID:10024
- C:\Windows\System\mNIeNbG.exe
  C:\Windows\System\mNIeNbG.exe
  2⤵
  PID:10048
- C:\Windows\System\LbLVBDD.exe
  C:\Windows\System\LbLVBDD.exe
  2⤵
  PID:10068
- C:\Windows\System\QsPnOzO.exe
  C:\Windows\System\QsPnOzO.exe
  2⤵
  PID:10100
- C:\Windows\System\hVxFUgN.exe
  C:\Windows\System\hVxFUgN.exe
  2⤵
  PID:10124
- C:\Windows\System\vwudNXg.exe
  C:\Windows\System\vwudNXg.exe
  2⤵
  PID:10176
- C:\Windows\System\AwFLyfI.exe
  C:\Windows\System\AwFLyfI.exe
  2⤵
  PID:10196
- C:\Windows\System\DRhfBpP.exe
  C:\Windows\System\DRhfBpP.exe
  2⤵
  PID:10220
- C:\Windows\System\ctTgurR.exe
  C:\Windows\System\ctTgurR.exe
  2⤵
  PID:9212
- C:\Windows\System\rDGNZYV.exe
  C:\Windows\System\rDGNZYV.exe
  2⤵
  PID:9224
- C:\Windows\System\oBJkFcP.exe
  C:\Windows\System\oBJkFcP.exe
  2⤵
  PID:9236
- C:\Windows\System\vZOyYwG.exe
  C:\Windows\System\vZOyYwG.exe
  2⤵
  PID:9324
- C:\Windows\System\pftxfZv.exe
  C:\Windows\System\pftxfZv.exe
  2⤵
  PID:9396
- C:\Windows\System\dnsJcRu.exe
  C:\Windows\System\dnsJcRu.exe
  2⤵
  PID:9500
- C:\Windows\System\QmnOQBx.exe
  C:\Windows\System\QmnOQBx.exe
  2⤵
  PID:9596
- C:\Windows\System\UGRgCkD.exe
  C:\Windows\System\UGRgCkD.exe
  2⤵
  PID:9688
- C:\Windows\System\bsIZuZC.exe
  C:\Windows\System\bsIZuZC.exe
  2⤵
  PID:9796
- C:\Windows\System\ApmviZl.exe
  C:\Windows\System\ApmviZl.exe
  2⤵
  PID:9792
- C:\Windows\System\PsHdIEh.exe
  C:\Windows\System\PsHdIEh.exe
  2⤵
  PID:9844
- C:\Windows\System\uCCecKe.exe
  C:\Windows\System\uCCecKe.exe
  2⤵
  PID:9932
- C:\Windows\System\bGrQVrC.exe
  C:\Windows\System\bGrQVrC.exe
  2⤵
  PID:9976
- C:\Windows\System\MKDaEKl.exe
  C:\Windows\System\MKDaEKl.exe
  2⤵
  PID:10060
- C:\Windows\System\rXGCrZt.exe
  C:\Windows\System\rXGCrZt.exe
  2⤵
  PID:10096
- C:\Windows\System\TBFHenu.exe
  C:\Windows\System\TBFHenu.exe
  2⤵
  PID:10204
- C:\Windows\System\UkybrMJ.exe
  C:\Windows\System\UkybrMJ.exe
  2⤵
  PID:9272
- C:\Windows\System\SujVdKi.exe
  C:\Windows\System\SujVdKi.exe
  2⤵
  PID:9356
- C:\Windows\System\XJktIVw.exe
  C:\Windows\System\XJktIVw.exe
  2⤵
  PID:9440
- C:\Windows\System\MBmQdPr.exe
  C:\Windows\System\MBmQdPr.exe
  2⤵
  PID:9708
- C:\Windows\System\lPagxXr.exe
  C:\Windows\System\lPagxXr.exe
  2⤵
  PID:9760
- C:\Windows\System\yIAOsGU.exe
  C:\Windows\System\yIAOsGU.exe
  2⤵
  PID:10044
- C:\Windows\System\akYTRuh.exe
  C:\Windows\System\akYTRuh.exe
  2⤵
  PID:10168
- C:\Windows\System\zVwEVbE.exe
  C:\Windows\System\zVwEVbE.exe
  2⤵
  PID:9404
- C:\Windows\System\OsRUqvT.exe
  C:\Windows\System\OsRUqvT.exe
  2⤵
  PID:10152
- C:\Windows\System\nTkvfnn.exe
  C:\Windows\System\nTkvfnn.exe
  2⤵
  PID:10132
- C:\Windows\System\fXbkhjZ.exe
  C:\Windows\System\fXbkhjZ.exe
  2⤵
  PID:10248
- C:\Windows\System\GUMupeM.exe
  C:\Windows\System\GUMupeM.exe
  2⤵
  PID:10284
- C:\Windows\System\RACGKOk.exe
  C:\Windows\System\RACGKOk.exe
  2⤵
  PID:10300
- C:\Windows\System\kfiCrwp.exe
  C:\Windows\System\kfiCrwp.exe
  2⤵
  PID:10320
- C:\Windows\System\LlBVCxk.exe
  C:\Windows\System\LlBVCxk.exe
  2⤵
  PID:10344
- C:\Windows\System\HTcPZlO.exe
  C:\Windows\System\HTcPZlO.exe
  2⤵
  PID:10384
- C:\Windows\System\vgNEQKH.exe
  C:\Windows\System\vgNEQKH.exe
  2⤵
  PID:10408
- C:\Windows\System\WjjSurF.exe
  C:\Windows\System\WjjSurF.exe
  2⤵
  PID:10432
- C:\Windows\System\hnKIylQ.exe
  C:\Windows\System\hnKIylQ.exe
  2⤵
  PID:10460
- C:\Windows\System\KdlFfmx.exe
  C:\Windows\System\KdlFfmx.exe
  2⤵
  PID:10480
- C:\Windows\System\ZzWNfBA.exe
  C:\Windows\System\ZzWNfBA.exe
  2⤵
  PID:10500
- C:\Windows\System\ZRhSEkB.exe
  C:\Windows\System\ZRhSEkB.exe
  2⤵
  PID:10544
- C:\Windows\System\BiMQTeZ.exe
  C:\Windows\System\BiMQTeZ.exe
  2⤵
  PID:10560
- C:\Windows\System\wOBBzSd.exe
  C:\Windows\System\wOBBzSd.exe
  2⤵
  PID:10592
- C:\Windows\System\qOvislV.exe
  C:\Windows\System\qOvislV.exe
  2⤵
  PID:10620
- C:\Windows\System\EVBLVwp.exe
  C:\Windows\System\EVBLVwp.exe
  2⤵
  PID:10640
- C:\Windows\System\BKTCUvN.exe
  C:\Windows\System\BKTCUvN.exe
  2⤵
  PID:10672
- C:\Windows\System\uonswxh.exe
  C:\Windows\System\uonswxh.exe
  2⤵
  PID:10696
- C:\Windows\System\cZmivHj.exe
  C:\Windows\System\cZmivHj.exe
  2⤵
  PID:10724
- C:\Windows\System\CGTUQqG.exe
  C:\Windows\System\CGTUQqG.exe
  2⤵
  PID:10744
- C:\Windows\System\WXhFcYt.exe
  C:\Windows\System\WXhFcYt.exe
  2⤵
  PID:10768
- C:\Windows\System\wLRqkAC.exe
  C:\Windows\System\wLRqkAC.exe
  2⤵
  PID:10788
- C:\Windows\System\IxGlxSX.exe
  C:\Windows\System\IxGlxSX.exe
  2⤵
  PID:10828
- C:\Windows\System\BAFyBYA.exe
  C:\Windows\System\BAFyBYA.exe
  2⤵
  PID:10876
- C:\Windows\System\mNZrEZJ.exe
  C:\Windows\System\mNZrEZJ.exe
  2⤵
  PID:10912
- C:\Windows\System\mfiqioJ.exe
  C:\Windows\System\mfiqioJ.exe
  2⤵
  PID:10944
- C:\Windows\System\wubRrsT.exe
  C:\Windows\System\wubRrsT.exe
  2⤵
  PID:10976
- C:\Windows\System\HnREwnD.exe
  C:\Windows\System\HnREwnD.exe
  2⤵
  PID:10996
- C:\Windows\System\mVFFOOG.exe
  C:\Windows\System\mVFFOOG.exe
  2⤵
  PID:11032
- C:\Windows\System\WyUdUXn.exe
  C:\Windows\System\WyUdUXn.exe
  2⤵
  PID:11060
- C:\Windows\System\ONoxHdG.exe
  C:\Windows\System\ONoxHdG.exe
  2⤵
  PID:11076
- C:\Windows\System\apaEPaj.exe
  C:\Windows\System\apaEPaj.exe
  2⤵
  PID:11180
- C:\Windows\System\UupPGyb.exe
  C:\Windows\System\UupPGyb.exe
  2⤵
  PID:11196
- C:\Windows\System\qTJGbYK.exe
  C:\Windows\System\qTJGbYK.exe
  2⤵
  PID:11216
- C:\Windows\System\DpuZrtW.exe
  C:\Windows\System\DpuZrtW.exe
  2⤵
  PID:11240
- C:\Windows\System\rWxyUcf.exe
  C:\Windows\System\rWxyUcf.exe
  2⤵
  PID:9952
- C:\Windows\System\BJRyDtK.exe
  C:\Windows\System\BJRyDtK.exe
  2⤵
  PID:10272
- C:\Windows\System\vIAiJCq.exe
  C:\Windows\System\vIAiJCq.exe
  2⤵
  PID:10244
- C:\Windows\System\oPQYxot.exe
  C:\Windows\System\oPQYxot.exe
  2⤵
  PID:10312
- C:\Windows\System\oczkCuW.exe
  C:\Windows\System\oczkCuW.exe
  2⤵
  PID:10400
- C:\Windows\System\WRQJmoJ.exe
  C:\Windows\System\WRQJmoJ.exe
  2⤵
  PID:10416
- C:\Windows\System\OtuAdCk.exe
  C:\Windows\System\OtuAdCk.exe
  2⤵
  PID:10472
- C:\Windows\System\jQBmpdc.exe
  C:\Windows\System\jQBmpdc.exe
  2⤵
  PID:10612
- C:\Windows\System\UVzorTZ.exe
  C:\Windows\System\UVzorTZ.exe
  2⤵
  PID:10636
- C:\Windows\System\ntuKrqz.exe
  C:\Windows\System\ntuKrqz.exe
  2⤵
  PID:10740
- C:\Windows\System\zPNtaoX.exe
  C:\Windows\System\zPNtaoX.exe
  2⤵
  PID:10708
- C:\Windows\System\TuWjASz.exe
  C:\Windows\System\TuWjASz.exe
  2⤵
  PID:10776
- C:\Windows\System\evwXvoG.exe
  C:\Windows\System\evwXvoG.exe
  2⤵
  PID:10864
- C:\Windows\System\mYcoQqy.exe
  C:\Windows\System\mYcoQqy.exe
  2⤵
  PID:11048
- C:\Windows\System\yATokIu.exe
  C:\Windows\System\yATokIu.exe
  2⤵
  PID:10656
- C:\Windows\System\dHHcCsK.exe
  C:\Windows\System\dHHcCsK.exe
  2⤵
  PID:11168
- C:\Windows\System\AhcRKfG.exe
  C:\Windows\System\AhcRKfG.exe
  2⤵
  PID:11192
- C:\Windows\System\pQDFsCB.exe
  C:\Windows\System\pQDFsCB.exe
  2⤵
  PID:10268
- C:\Windows\System\SeMBAEh.exe
  C:\Windows\System\SeMBAEh.exe
  2⤵
  PID:10360
- C:\Windows\System\JUjGZGU.exe
  C:\Windows\System\JUjGZGU.exe
  2⤵
  PID:10704
- C:\Windows\System\uytHOBf.exe
  C:\Windows\System\uytHOBf.exe
  2⤵
  PID:10680
- C:\Windows\System\pfAABqc.exe
  C:\Windows\System\pfAABqc.exe
  2⤵
  PID:10808
- C:\Windows\System\wPLBryE.exe
  C:\Windows\System\wPLBryE.exe
  2⤵
  PID:11072
- C:\Windows\System\XcYBYKB.exe
  C:\Windows\System\XcYBYKB.exe
  2⤵
  PID:11132
- C:\Windows\System\CNdYhSF.exe
  C:\Windows\System\CNdYhSF.exe
  2⤵
  PID:9828
- C:\Windows\System\pnetiye.exe
  C:\Windows\System\pnetiye.exe
  2⤵
  PID:10420
- C:\Windows\System\qiCRjZT.exe
  C:\Windows\System\qiCRjZT.exe
  2⤵
  PID:10628
- C:\Windows\System\avJvFFj.exe
  C:\Windows\System\avJvFFj.exe
  2⤵
  PID:10988
- C:\Windows\System\uQPqoki.exe
  C:\Windows\System\uQPqoki.exe
  2⤵
  PID:11288
- C:\Windows\System\zByGOZF.exe
  C:\Windows\System\zByGOZF.exe
  2⤵
  PID:11312
- C:\Windows\System\dnNytIR.exe
  C:\Windows\System\dnNytIR.exe
  2⤵
  PID:11336
- C:\Windows\System\eviRyUs.exe
  C:\Windows\System\eviRyUs.exe
  2⤵
  PID:11356
- C:\Windows\System\epBEIOp.exe
  C:\Windows\System\epBEIOp.exe
  2⤵
  PID:11412
- C:\Windows\System\PcuKGmQ.exe
  C:\Windows\System\PcuKGmQ.exe
  2⤵
  PID:11436
- C:\Windows\System\Kkocgoz.exe
  C:\Windows\System\Kkocgoz.exe
  2⤵
  PID:11476
- C:\Windows\System\nJzAegb.exe
  C:\Windows\System\nJzAegb.exe
  2⤵
  PID:11532
- C:\Windows\System\wXLpgSS.exe
  C:\Windows\System\wXLpgSS.exe
  2⤵
  PID:11552
- C:\Windows\System\ZstStfT.exe
  C:\Windows\System\ZstStfT.exe
  2⤵
  PID:11572
- C:\Windows\System\ovOysQP.exe
  C:\Windows\System\ovOysQP.exe
  2⤵
  PID:11588
- C:\Windows\System\BSrIdES.exe
  C:\Windows\System\BSrIdES.exe
  2⤵
  PID:11620
- C:\Windows\System\HyKojqq.exe
  C:\Windows\System\HyKojqq.exe
  2⤵
  PID:11652
- C:\Windows\System\ogmEosH.exe
  C:\Windows\System\ogmEosH.exe
  2⤵
  PID:11676
- C:\Windows\System\TuUWISF.exe
  C:\Windows\System\TuUWISF.exe
  2⤵
  PID:11700
- C:\Windows\System\VlHmKtw.exe
  C:\Windows\System\VlHmKtw.exe
  2⤵
  PID:11724
- C:\Windows\System\cwzYcpw.exe
  C:\Windows\System\cwzYcpw.exe
  2⤵
  PID:11744
- C:\Windows\System\MsqLVMh.exe
  C:\Windows\System\MsqLVMh.exe
  2⤵
  PID:11768
- C:\Windows\System\nGIXxIW.exe
  C:\Windows\System\nGIXxIW.exe
  2⤵
  PID:11792
- C:\Windows\System\eoladXK.exe
  C:\Windows\System\eoladXK.exe
  2⤵
  PID:11816
- C:\Windows\System\LezXNQw.exe
  C:\Windows\System\LezXNQw.exe
  2⤵
  PID:11848
- C:\Windows\System\eqkphWf.exe
  C:\Windows\System\eqkphWf.exe
  2⤵
  PID:11912
- C:\Windows\System\leRhmza.exe
  C:\Windows\System\leRhmza.exe
  2⤵
  PID:11932
- C:\Windows\System\XdewyuM.exe
  C:\Windows\System\XdewyuM.exe
  2⤵
  PID:11956
- C:\Windows\System\WTOcvPh.exe
  C:\Windows\System\WTOcvPh.exe
  2⤵
  PID:11976
- C:\Windows\System\drhrnbG.exe
  C:\Windows\System\drhrnbG.exe
  2⤵
  PID:12040
- C:\Windows\System\BLdRwfs.exe
  C:\Windows\System\BLdRwfs.exe
  2⤵
  PID:12060
- C:\Windows\System\tgywtIz.exe
  C:\Windows\System\tgywtIz.exe
  2⤵
  PID:12080
- C:\Windows\System\jRIUIdX.exe
  C:\Windows\System\jRIUIdX.exe
  2⤵
  PID:12096
- C:\Windows\System\DYmSYar.exe
  C:\Windows\System\DYmSYar.exe
  2⤵
  PID:12156
- C:\Windows\System\qmZiThK.exe
  C:\Windows\System\qmZiThK.exe
  2⤵
  PID:12172
- C:\Windows\System\VOmvvaI.exe
  C:\Windows\System\VOmvvaI.exe
  2⤵
  PID:12192
- C:\Windows\System\vMqVPSU.exe
  C:\Windows\System\vMqVPSU.exe
  2⤵
  PID:12228
- C:\Windows\System\MXivZXq.exe
  C:\Windows\System\MXivZXq.exe
  2⤵
  PID:12252
- C:\Windows\System\PqOONbM.exe
  C:\Windows\System\PqOONbM.exe
  2⤵
  PID:12272
- C:\Windows\System\YHtXtrq.exe
  C:\Windows\System\YHtXtrq.exe
  2⤵
  PID:10840
- C:\Windows\System\rUxVLPU.exe
  C:\Windows\System\rUxVLPU.exe
  2⤵
  PID:11320
- C:\Windows\System\gFrwxgU.exe
  C:\Windows\System\gFrwxgU.exe
  2⤵
  PID:11328
- C:\Windows\System\YawRfPZ.exe
  C:\Windows\System\YawRfPZ.exe
  2⤵
  PID:11452
- C:\Windows\System\yUxYmCm.exe
  C:\Windows\System\yUxYmCm.exe
  2⤵
  PID:11460
- C:\Windows\System\pwPPOpi.exe
  C:\Windows\System\pwPPOpi.exe
  2⤵
  PID:11540
- C:\Windows\System\jebQgQx.exe
  C:\Windows\System\jebQgQx.exe
  2⤵
  PID:11584
- C:\Windows\System\EoZrOng.exe
  C:\Windows\System\EoZrOng.exe
  2⤵
  PID:11640
- C:\Windows\System\JMwKWlo.exe
  C:\Windows\System\JMwKWlo.exe
  2⤵
  PID:11688
- C:\Windows\System\iQNRbwZ.exe
  C:\Windows\System\iQNRbwZ.exe
  2⤵
  PID:11784
- C:\Windows\System\WXAyFDQ.exe
  C:\Windows\System\WXAyFDQ.exe
  2⤵
  PID:11812
- C:\Windows\System\iifUBIT.exe
  C:\Windows\System\iifUBIT.exe
  2⤵
  PID:11920
- C:\Windows\System\tXDBjWt.exe
  C:\Windows\System\tXDBjWt.exe
  2⤵
  PID:11988
- C:\Windows\System\JzLRmgS.exe
  C:\Windows\System\JzLRmgS.exe
  2⤵
  PID:12048
- C:\Windows\System\BYiwmpN.exe
  C:\Windows\System\BYiwmpN.exe
  2⤵
  PID:12112
- C:\Windows\System\QyDsUhQ.exe
  C:\Windows\System\QyDsUhQ.exe
  2⤵
  PID:12148
- C:\Windows\System\YJkbxNV.exe
  C:\Windows\System\YJkbxNV.exe
  2⤵
  PID:12216
- C:\Windows\System\HZsMSFM.exe
  C:\Windows\System\HZsMSFM.exe
  2⤵
  PID:10816
- C:\Windows\System\UQXfTql.exe
  C:\Windows\System\UQXfTql.exe
  2⤵
  PID:11384
- C:\Windows\System\VGkxhZH.exe
  C:\Windows\System\VGkxhZH.exe
  2⤵
  PID:11492
- C:\Windows\System\tJvtjCx.exe
  C:\Windows\System\tJvtjCx.exe
  2⤵
  PID:11568
- C:\Windows\System\SEBMhAY.exe
  C:\Windows\System\SEBMhAY.exe
  2⤵
  PID:11152
- C:\Windows\System\eRQsnYm.exe
  C:\Windows\System\eRQsnYm.exe
  2⤵
  PID:12088
- C:\Windows\System\OIUWJrK.exe
  C:\Windows\System\OIUWJrK.exe
  2⤵
  PID:12188
- C:\Windows\System\qrIdSEf.exe
  C:\Windows\System\qrIdSEf.exe
  2⤵
  PID:10552
- C:\Windows\System\FZZEOrQ.exe
  C:\Windows\System\FZZEOrQ.exe
  2⤵
  PID:11696
- C:\Windows\System\SJWZlDv.exe
  C:\Windows\System\SJWZlDv.exe
  2⤵
  PID:11644
- C:\Windows\System\HeaeMMi.exe
  C:\Windows\System\HeaeMMi.exe
  2⤵
  PID:11428
- C:\Windows\System\RCkkJmA.exe
  C:\Windows\System\RCkkJmA.exe
  2⤵
  PID:11284
- C:\Windows\System\pvfAIuI.exe
  C:\Windows\System\pvfAIuI.exe
  2⤵
  PID:12296
- C:\Windows\System\rnxYNey.exe
  C:\Windows\System\rnxYNey.exe
  2⤵
  PID:12316
- C:\Windows\System\LyLupcs.exe
  C:\Windows\System\LyLupcs.exe
  2⤵
  PID:12332
- C:\Windows\System\ANQfOGs.exe
  C:\Windows\System\ANQfOGs.exe
  2⤵
  PID:12356
- C:\Windows\System\GrUHxvX.exe
  C:\Windows\System\GrUHxvX.exe
  2⤵
  PID:12396
- C:\Windows\System\cdhmMyg.exe
  C:\Windows\System\cdhmMyg.exe
  2⤵
  PID:12456
- C:\Windows\System\lnxZOQr.exe
  C:\Windows\System\lnxZOQr.exe
  2⤵
  PID:12476
- C:\Windows\System\LTMJcoC.exe
  C:\Windows\System\LTMJcoC.exe
  2⤵
  PID:12496
- C:\Windows\System\RyubhEO.exe
  C:\Windows\System\RyubhEO.exe
  2⤵
  PID:12528
- C:\Windows\System\rlseRXo.exe
  C:\Windows\System\rlseRXo.exe
  2⤵
  PID:12548
- C:\Windows\System\dVLTuwF.exe
  C:\Windows\System\dVLTuwF.exe
  2⤵
  PID:12568
- C:\Windows\System\KnLalqE.exe
  C:\Windows\System\KnLalqE.exe
  2⤵
  PID:12584
- C:\Windows\System\FPOUvaK.exe
  C:\Windows\System\FPOUvaK.exe
  2⤵
  PID:12628
- C:\Windows\System\cleAvhw.exe
  C:\Windows\System\cleAvhw.exe
  2⤵
  PID:12656
- C:\Windows\System\TooRNBh.exe
  C:\Windows\System\TooRNBh.exe
  2⤵
  PID:12680
- C:\Windows\System\iEbfFYp.exe
  C:\Windows\System\iEbfFYp.exe
  2⤵
  PID:12708
- C:\Windows\System\KsLETDC.exe
  C:\Windows\System\KsLETDC.exe
  2⤵
  PID:12748
- C:\Windows\System\CeNibmy.exe
  C:\Windows\System\CeNibmy.exe
  2⤵
  PID:12776
- C:\Windows\System\CEovYCo.exe
  C:\Windows\System\CEovYCo.exe
  2⤵
  PID:12796
- C:\Windows\System\COtUSMB.exe
  C:\Windows\System\COtUSMB.exe
  2⤵
  PID:12816
- C:\Windows\System\MhjUzAH.exe
  C:\Windows\System\MhjUzAH.exe
  2⤵
  PID:12836
- C:\Windows\System\LGsFIpF.exe
  C:\Windows\System\LGsFIpF.exe
  2⤵
  PID:12864
- C:\Windows\System\uKVzGGL.exe
  C:\Windows\System\uKVzGGL.exe
  2⤵
  PID:12904
- C:\Windows\System\omllmbh.exe
  C:\Windows\System\omllmbh.exe
  2⤵
  PID:12924
- C:\Windows\System\XhZpfPC.exe
  C:\Windows\System\XhZpfPC.exe
  2⤵
  PID:12968
- C:\Windows\System\TRELryE.exe
  C:\Windows\System\TRELryE.exe
  2⤵
  PID:12992
- C:\Windows\System\LLwBznW.exe
  C:\Windows\System\LLwBznW.exe
  2⤵
  PID:13024
- C:\Windows\System\etnRWVr.exe
  C:\Windows\System\etnRWVr.exe
  2⤵
  PID:13052
- C:\Windows\System\AQmmCGJ.exe
  C:\Windows\System\AQmmCGJ.exe
  2⤵
  PID:13080
- C:\Windows\System\DFIulDn.exe
  C:\Windows\System\DFIulDn.exe
  2⤵
  PID:13108
- C:\Windows\System\jNoqpck.exe
  C:\Windows\System\jNoqpck.exe
  2⤵
  PID:13128
- C:\Windows\System\rcgyzJo.exe
  C:\Windows\System\rcgyzJo.exe
  2⤵
  PID:13156
- C:\Windows\System\wcLoypX.exe
  C:\Windows\System\wcLoypX.exe
  2⤵
  PID:13176
- C:\Windows\System\brXYbyS.exe
  C:\Windows\System\brXYbyS.exe
  2⤵
  PID:13208
- C:\Windows\System\WRLvkHI.exe
  C:\Windows\System\WRLvkHI.exe
  2⤵
  PID:13228
- C:\Windows\System\nTKFxdS.exe
  C:\Windows\System\nTKFxdS.exe
  2⤵
  PID:13252
- C:\Windows\System\hrIEidK.exe
  C:\Windows\System\hrIEidK.exe
  2⤵
  PID:13276
- C:\Windows\System\LbXuXWp.exe
  C:\Windows\System\LbXuXWp.exe
  2⤵
  PID:13300
- C:\Windows\System\BuincxP.exe
  C:\Windows\System\BuincxP.exe
  2⤵
  PID:12072
- C:\Windows\System\COedODR.exe
  C:\Windows\System\COedODR.exe
  2⤵
  PID:12324
- C:\Windows\System\kucAYDd.exe
  C:\Windows\System\kucAYDd.exe
  2⤵
  PID:12340
- C:\Windows\System\ufREWRr.exe
  C:\Windows\System\ufREWRr.exe
  2⤵
  PID:12424
- C:\Windows\System\gIAXwKu.exe
  C:\Windows\System\gIAXwKu.exe
  2⤵
  PID:12472
- C:\Windows\System\YqwKGSX.exe
  C:\Windows\System\YqwKGSX.exe
  2⤵
  PID:12616
- C:\Windows\System\fPQXkHz.exe
  C:\Windows\System\fPQXkHz.exe
  2⤵
  PID:12688
- C:\Windows\System\uaKJKBO.exe
  C:\Windows\System\uaKJKBO.exe
  2⤵
  PID:12700
- C:\Windows\System\yPunPne.exe
  C:\Windows\System\yPunPne.exe
  2⤵
  PID:12740
- C:\Windows\System\BYlkmMx.exe
  C:\Windows\System\BYlkmMx.exe
  2⤵
  PID:12872
- C:\Windows\System\BBgrffq.exe
  C:\Windows\System\BBgrffq.exe
  2⤵
  PID:12900
- C:\Windows\System\iAOJYTd.exe
  C:\Windows\System\iAOJYTd.exe
  2⤵
  PID:13040
- C:\Windows\System\dUjERrP.exe
  C:\Windows\System\dUjERrP.exe
  2⤵
  PID:13100
- C:\Windows\System\vafyjqg.exe
  C:\Windows\System\vafyjqg.exe
  2⤵
  PID:13204
- C:\Windows\System\JIIpKeU.exe
  C:\Windows\System\JIIpKeU.exe
  2⤵
  PID:13244
- C:\Windows\System\PxPgqTw.exe
  C:\Windows\System\PxPgqTw.exe
  2⤵
  PID:13288
- C:\Windows\System\IDtZBjF.exe
  C:\Windows\System\IDtZBjF.exe
  2⤵
  PID:12416
- C:\Windows\System\rpKeuQc.exe
  C:\Windows\System\rpKeuQc.exe
  2⤵
  PID:12464
- C:\Windows\System\QQCpHXF.exe
  C:\Windows\System\QQCpHXF.exe
  2⤵
  PID:12772
- C:\Windows\System\BfbFxpF.exe
  C:\Windows\System\BfbFxpF.exe
  2⤵
  PID:12920
- C:\Windows\System\nqJQMbO.exe
  C:\Windows\System\nqJQMbO.exe
  2⤵
  PID:13148
- C:\Windows\System\lFKkSzI.exe
  C:\Windows\System\lFKkSzI.exe
  2⤵
  PID:13200
- C:\Windows\System\yuZskmk.exe
  C:\Windows\System\yuZskmk.exe
  2⤵
  PID:13124
- C:\Windows\System\rtHxAvz.exe
  C:\Windows\System\rtHxAvz.exe
  2⤵
  PID:4360
- C:\Windows\System\QbbOXjU.exe
  C:\Windows\System\QbbOXjU.exe
  2⤵
  PID:12856
- C:\Windows\System\SuEBdky.exe
  C:\Windows\System\SuEBdky.exe
  2⤵
  PID:13036
- C:\Windows\System\tFKiKDG.exe
  C:\Windows\System\tFKiKDG.exe
  2⤵
  PID:12652
- C:\Windows\System\UtIMYsF.exe
  C:\Windows\System\UtIMYsF.exe
  2⤵
  PID:13352
- C:\Windows\System\TFAsKyt.exe
  C:\Windows\System\TFAsKyt.exe
  2⤵
  PID:13372
- C:\Windows\System\DgfsoQA.exe
  C:\Windows\System\DgfsoQA.exe
  2⤵
  PID:13392
- C:\Windows\System\CCrPXlS.exe
  C:\Windows\System\CCrPXlS.exe
  2⤵
  PID:13416
- C:\Windows\System\xwhIpLH.exe
  C:\Windows\System\xwhIpLH.exe
  2⤵
  PID:13452
- C:\Windows\System\lUkwKnz.exe
  C:\Windows\System\lUkwKnz.exe
  2⤵
  PID:13472
- C:\Windows\System\clMLQlm.exe
  C:\Windows\System\clMLQlm.exe
  2⤵
  PID:13500
- C:\Windows\System\wvRgFCl.exe
  C:\Windows\System\wvRgFCl.exe
  2⤵
  PID:13516
- C:\Windows\System\cOSOllz.exe
  C:\Windows\System\cOSOllz.exe
  2⤵
  PID:13532
- C:\Windows\System\cbTugKy.exe
  C:\Windows\System\cbTugKy.exe
  2⤵
  PID:13552
- C:\Windows\System\YegWQha.exe
  C:\Windows\System\YegWQha.exe
  2⤵
  PID:13580
- C:\Windows\System\QzukMUS.exe
  C:\Windows\System\QzukMUS.exe
  2⤵
  PID:13620
- C:\Windows\System\ETketal.exe
  C:\Windows\System\ETketal.exe
  2⤵
  PID:13640
- C:\Windows\System\bAKgoho.exe
  C:\Windows\System\bAKgoho.exe
  2⤵
  PID:13672
- C:\Windows\System\WbatJRI.exe
  C:\Windows\System\WbatJRI.exe
  2⤵
  PID:13692
- C:\Windows\System\LrVoEsb.exe
  C:\Windows\System\LrVoEsb.exe
  2⤵
  PID:13716
- C:\Windows\System\GEQmdbJ.exe
  C:\Windows\System\GEQmdbJ.exe
  2⤵
  PID:13752
- C:\Windows\System\seskjRE.exe
  C:\Windows\System\seskjRE.exe
  2⤵
  PID:13776
- C:\Windows\System\RCfWhhQ.exe
  C:\Windows\System\RCfWhhQ.exe
  2⤵
  PID:13836
- C:\Windows\System\HFjlBGD.exe
  C:\Windows\System\HFjlBGD.exe
  2⤵
  PID:13880
- C:\Windows\System\txlgdkq.exe
  C:\Windows\System\txlgdkq.exe
  2⤵
  PID:13904
- C:\Windows\System\EVcoBKG.exe
  C:\Windows\System\EVcoBKG.exe
  2⤵
  PID:13924
- C:\Windows\System\frVaomd.exe
  C:\Windows\System\frVaomd.exe
  2⤵
  PID:13952
- C:\Windows\System\VIZAmSq.exe
  C:\Windows\System\VIZAmSq.exe
  2⤵
  PID:13980
- C:\Windows\System\cvotgwY.exe
  C:\Windows\System\cvotgwY.exe
  2⤵
  PID:14008
- C:\Windows\System\fPnueyE.exe
  C:\Windows\System\fPnueyE.exe
  2⤵
  PID:14036
- C:\Windows\System\kvVSCqb.exe
  C:\Windows\System\kvVSCqb.exe
  2⤵
  PID:14060
- C:\Windows\System\JLgpksU.exe
  C:\Windows\System\JLgpksU.exe
  2⤵
  PID:14080
- C:\Windows\System\dolaZrz.exe
  C:\Windows\System\dolaZrz.exe
  2⤵
  PID:14096
- C:\Windows\System\IxMFmvi.exe
  C:\Windows\System\IxMFmvi.exe
  2⤵
  PID:14120
- C:\Windows\System\QlxKzPJ.exe
  C:\Windows\System\QlxKzPJ.exe
  2⤵
  PID:14164
- C:\Windows\System\iWbrUhD.exe
  C:\Windows\System\iWbrUhD.exe
  2⤵
  PID:14196
- C:\Windows\System\gzTSjTX.exe
  C:\Windows\System\gzTSjTX.exe
  2⤵
  PID:14232
- C:\Windows\System\PpgmPXO.exe
  C:\Windows\System\PpgmPXO.exe
  2⤵
  PID:14276
- C:\Windows\System\yiQmgrW.exe
  C:\Windows\System\yiQmgrW.exe
  2⤵
  PID:14304
- C:\Windows\System\JRWxjoa.exe
  C:\Windows\System\JRWxjoa.exe
  2⤵
  PID:14332
- C:\Windows\System\LMwSjhu.exe
  C:\Windows\System\LMwSjhu.exe
  2⤵
  PID:13316
- C:\Windows\System\fZaQkas.exe
  C:\Windows\System\fZaQkas.exe
  2⤵
  PID:13344
- C:\Windows\System\VDmksWW.exe
  C:\Windows\System\VDmksWW.exe
  2⤵
  PID:13388
- C:\Windows\System\eiOhQxF.exe
  C:\Windows\System\eiOhQxF.exe
  2⤵
  PID:13464
- C:\Windows\System\EMkxgkj.exe
  C:\Windows\System\EMkxgkj.exe
  2⤵
  PID:13512
- C:\Windows\System\HYiESnt.exe
  C:\Windows\System\HYiESnt.exe
  2⤵
  PID:13572
- C:\Windows\System\suuIITv.exe
  C:\Windows\System\suuIITv.exe
  2⤵
  PID:13636
- C:\Windows\System\KNpKJUX.exe
  C:\Windows\System\KNpKJUX.exe
  2⤵
  PID:13632
- C:\Windows\System\TwnXtSL.exe
  C:\Windows\System\TwnXtSL.exe
  2⤵
  PID:13728
- C:\Windows\System\GSXmrHx.exe
  C:\Windows\System\GSXmrHx.exe
  2⤵
  PID:13804
- C:\Windows\System\tuKlmEX.exe
  C:\Windows\System\tuKlmEX.exe
  2⤵
  PID:13892
- C:\Windows\System\tsDvcfK.exe
  C:\Windows\System\tsDvcfK.exe
  2⤵
  PID:13988
- C:\Windows\System\uZHPaTj.exe
  C:\Windows\System\uZHPaTj.exe
  2⤵
  PID:14052
- C:\Windows\System\MiHqGMI.exe
  C:\Windows\System\MiHqGMI.exe
  2⤵
  PID:14172
- C:\Windows\System\sBwjYXS.exe
  C:\Windows\System\sBwjYXS.exe
  2⤵
  PID:14224
- C:\Windows\System\VUsbOZd.exe
  C:\Windows\System\VUsbOZd.exe
  2⤵
  PID:14268
- C:\Windows\System\nVaQiUP.exe
  C:\Windows\System\nVaQiUP.exe
  2⤵
  PID:12576
- C:\Windows\System\EvNcTYP.exe
  C:\Windows\System\EvNcTYP.exe
  2⤵
  PID:13432

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CNCARpG.exe

Filesize
1.6MB

MD5
1f98574862ba6badb5372504838b408e

SHA1
017575dbb5c8913862110bb47ea239f9f5e3d67c

SHA256
fa216b3990ec9782e50ee46949ad35193160e94a9e93d5eeb7fabf04f82c7310

SHA512
1d52135e5943de2d84ed41d4fd5f639aa2cc6a254689e31d230add3c2539f4de41715d98f3056a920468fdb19c1faa501e092f424924f9a6b10c3e6f1b2d601b

Download Submit
C:\Windows\System\DJaELvu.exe

Filesize
1.6MB

MD5
c373443753612cb51b3ebd60447dd0b5

SHA1
2d8f2c04955c0dc7300a6cb9fa8ff1e48d14dd00

SHA256
0f220e395cdc9e5e77ef8272e65037113c4c38d57f3f124f5a60499baf067795

SHA512
1015fa0894f2da4296963cb3b7a4f8b4c53011adf9e9e0a7ab4db168e4c43e31e5592ab07f9b244a2de332e5ef69040822fd6b6db3bae8ef6ee046c3a49b534c

Download Submit
C:\Windows\System\GSBkvfz.exe

Filesize
1.6MB

MD5
b8d053d4afd9aba47aedfe63c07c6207

SHA1
7f1024c588dd403f91feac59590bebe440146168

SHA256
8c93061c21524ef920e852b5e714976cd598ca94929067ea5f4f4620fae5e650

SHA512
eb9c13c6948c6038dd765a2151f4beb4562cf43bf36fbefd6a65eb22e06255c25a4c4a43628ba468f412fd6f49f8dfa0b8e335b061e53474a95e8c3fa1d4cce8

Download Submit
C:\Windows\System\GuIbhOe.exe

Filesize
1.6MB

MD5
b7df63c3e1af652d7691ec6a1162047f

SHA1
7b2fc6bdf9886ca832ee146c89a49814d7dcd429

SHA256
94c8402336beafaad135a6be1270165ffcd757e88be9b37d4d67eaacef68d414

SHA512
76da1c6fb17c1d33725c50390fa9243d736ad1b7d5bd7aa1e5b17c56d150a326b407618aaba7fb3ae51a2b8c02494d14bc84eb23fa64a3ec78281361462ff319

Download Submit
C:\Windows\System\JTHjKsR.exe

Filesize
1.6MB

MD5
56f382518d4245fef13274b50610dc49

SHA1
72c1c00b6e82f952767c51bf6c9602bbb1842779

SHA256
d995572e21eea1d9b52cb89209cfe3bdcebfe11ec989e7a0f211e157cc869c1b

SHA512
db790a8400c288fd92047f3607badc4ee284db0e7467efe22afcd1cdff12389836233d7dec455d687fe9d96b4caa155822de6c0fe351bbe5ab4a40530dc934dc

Download Submit
C:\Windows\System\MBweVbz.exe

Filesize
1.6MB

MD5
f5b60b322528f8c78ca0596a3b4d0456

SHA1
6cbcca6b2f7b15e0a90a4c96578afd058a6f58de

SHA256
474534f4e48f8066fa00b1aef37cd338bb60759f10f7d2cd33b07096aca7e997

SHA512
ed8028d02217cd34cc05c3743f1a6ecd6f9c62ef44bded7b8f630a010fd40476a2f5e6409002402baf7660ebd12e4e731cc79bb869045ff8f8a97aa620b491c0

Download Submit
C:\Windows\System\NKPeVrN.exe

Filesize
1.6MB

MD5
89a24ffaa43a3b0ce2c4639efae2aee0

SHA1
2ce6987cf988cd0683af3cdb67a043a8a0f16b99

SHA256
3c3bad270d0cc31ad3b9ef5af78fe3c85084223d1fd91638be188db22682437b

SHA512
631fc916e7a739ec745f2ade2c56e61684060dbfbbb305795b26635e2ddcdcef0f587b86fc97bc33f8091a2e307f1281207db5e5b9d33826df2ad47df04d8c62

Download Submit
C:\Windows\System\PAmVbIi.exe

Filesize
1.6MB

MD5
e918e253e325b876555f6a086dd57a84

SHA1
e4c5e010fc84b05d11ee21898f920e35e5241e4c

SHA256
f09291476b6ea5bfdbc30f99dd8a86d4a3ce424924d2eaf5a02266923176f293

SHA512
5fe0c468058ec07537ea090f68e2b1fb841864589c3387ccc53b9ab31c80287458072403d5d0e8d662f12a143b1cb163d3a1ed0ee302462508cd4baebb793539

Download Submit
C:\Windows\System\RTxWpmF.exe

Filesize
1.6MB

MD5
4ba53fffc009a79d6fc18b24f25b7b47

SHA1
168dfd688a1dd139ddd339b438658d6d4804fb11

SHA256
522a2ebdae947e22449e7dbdc2d8e14da2714579b71026695767caa9bccf928a

SHA512
59c4e1e099695176fd5ba24a1ea5cfe3d31c66485bc722ed3e3b794a9d8f0766b0e80d36444173a28a3d6671547a9f0f7705fa78a784ab687e7e81edc40b8ee4

Download Submit
C:\Windows\System\WZUkEqj.exe

Filesize
1.6MB

MD5
2f6001e68a977ab7dbe00db498eafd5d

SHA1
8eaae51906614408350c634ce78e658dc7fa8e53

SHA256
1138cb0a6b99917676891772ceda38a31154e5fd43e82342ee2cc10c5faabb0c

SHA512
28182cf172ece6005a5710c117f5c1468554dc8103a92e37442cab96199cb67252a4f10397c189a046aa551cf56e019787b39effedec2ec92a1bc814dbb99e15

Download Submit
C:\Windows\System\ZhfpqEx.exe

Filesize
1.6MB

MD5
9632e58a17b7207c864a1e7b6da67c00

SHA1
0dbeead7e0626c2e8bfe2b26e9bbe1ad5fad8fb3

SHA256
fb585e0b3f7e10ab8ecc4c13180d8ffc6ddcd73b19f78a351479416b13a710bd

SHA512
00d0807ef3ee3e6a8cbbc589110439e376d4ded2003f357c325072e3cb73aeb42db73962d42c120ce01c9e4f4f379274424486273fe44315bf434f5e01eddec0

Download Submit
C:\Windows\System\aIvOAMj.exe

Filesize
1.6MB

MD5
9204cf2bc7fc95be3b2eaf72c274f344

SHA1
a55ae95915a953c4c224c8f4372bc53b6229e4a3

SHA256
74c1e561724aaeb25991fb09670aeb7f3eadc772f30a345177579c5c05da75a5

SHA512
4765df068599565df7cc8d1989a19fb376794b56f75d1f8900fa1b53ab50fbc602092e067269736bae5fb6430f136c23ecb5376359996cdcd1ffe36b59fabc54

Download Submit
C:\Windows\System\axXhIyk.exe

Filesize
1.6MB

MD5
9d30d2bcc24b57d2e92171e9c2be00a0

SHA1
543f3017871d5c285f6db3af9d55095277a5723b

SHA256
b0d736bb10479434f20dee60febb25e52532ae7778aae4cfb7d60c859acb1411

SHA512
3469fa9a261d66fe30c0353d8b3475e580092bb719078f4460882e483a86911e65627fecf2fbd6d5cef94c6a1e4a836179904af8c3e2a2805af23024e58bee7d

Download Submit
C:\Windows\System\btegFPI.exe

Filesize
1.6MB

MD5
f96ff8289c8e8ba8d779393c022ace26

SHA1
dc239d3ce67b7b4cf6043df6fe51729abb0eceb7

SHA256
6b4df8299075d85825cabae422a25f54d6f3661e4ade46ff832f9a6ec691b70c

SHA512
c66e81b95c39af989f20e265bcae639384095bf9b4b08757c198b36ca02da75fc4f807d68dbc9c42573db23e0d28ed846d79c4bafbe73073de7a9cd514cb914f

Download Submit
C:\Windows\System\cpOURKx.exe

Filesize
1.6MB

MD5
9f66675bddaa6ca36a892858d3d0cf21

SHA1
1f0d8be679be0a33f2edd72aa7cfe8cba6e968b1

SHA256
219bf8d716b6e61d28743cd8394731071023ffff50bbe4e34359e455659d4e28

SHA512
db30a3d9419365101cba4050111113922afff436955dde51325132bed31727fcf628957e81d96dee69fd4b3e023d158ccfc5aaa866da746bf2a629f09424e9b0

Download Submit
C:\Windows\System\dqZWFQt.exe

Filesize
1.6MB

MD5
133c0e535fc419ae345585e49395cbd9

SHA1
f799a9363935a2175b2fa82d4bb1e585aa4950fb

SHA256
82001bd4a89939595dea1dd6fc93f88f07ecbc4b4855b016905cc1af22d0760d

SHA512
f07930aaf7e2d672c153a6029dcd0983fd743858e043af07e24fb4cc8838aeb64e730f84b655c1546fd2dc942ee063cd509c8923b07957f59ba691c76575fcfa

Download Submit
C:\Windows\System\eJhdKGS.exe

Filesize
1.6MB

MD5
7af30b6718b8c9af522fd429bbddcd8f

SHA1
bc223c025ba2d1ddd19e925cf018bcc08e8fbcfe

SHA256
93fe2d478d2b1d45f15c9bd8f115d325ffc881c758505d1cc94b5348e1071163

SHA512
df643f3d21599255ccd5ea469b6b5c3864e20bf7842980fdc07d1ec231745d93d632f45c9c6010766a2d1c11d446d2510f48a76ab8f29d81f003ad13efdfb63d

Download Submit
C:\Windows\System\ejaIyyY.exe

Filesize
1.6MB

MD5
ae2b7e0c6e12eb9339b2ae7f2116f57a

SHA1
69445cb816a4a74a15ee72354fcbb62377ba9e07

SHA256
b9c82a5bd1c63985eb817f9a8e027fc63edbf2f7c664ba91c6a044640860336c

SHA512
a78dd116cd6baab81fb597b2c40a0c22c7a618635ca661e1bc4a94f620b7491f0d9517ed4c9279a2468a3f2086c4df299590d954a0e14799670f500a6fb70f9b

Download Submit
C:\Windows\System\fXevNUR.exe

Filesize
1.6MB

MD5
4cc7f28e08a73826a9e3a2c5cb50a9e4

SHA1
5c3839afd7055f9c5dbd2a74efd29b3cae4fd033

SHA256
ba40397532650c359170bff5a024d2348ff422cca418d7ef6131343a4e2f9659

SHA512
89dcf08f3c3d61cd109692118644b67805ef669fc3136059838f31267aa4b23d88b2f8509b45cc49c2e97ec77323ebe0fbf06582896ff0ac43b218b11af93774

Download Submit
C:\Windows\System\hrruLkA.exe

Filesize
1.6MB

MD5
721386bdf5ff1bed508ac436dfa00367

SHA1
d10710c75f2681ff6cb53082143fc5f36beb1ded

SHA256
1804f3bc4f6d90094a2ba5173b27fe1679e9c0a1571e13864db7ee4f876673c2

SHA512
a3afa4fb8ba4924c0a1a1e17638ca61562e01f0bf069b437ffe9e9df96395c5b389cd2002ea8480da1f774cf991485e90c695bec2e9c917e04df6856406172a9

Download Submit
C:\Windows\System\hymmTju.exe

Filesize
1.6MB

MD5
3a158f1d799540d7df5bdf3d2a95284a

SHA1
2c605aa599fa76948b3e99d3b9ab097d6483fd94

SHA256
fcfad4ce33d7cb81fbd75f38566f3776074054bd3c504c094be7b9d5c1a85284

SHA512
d256a864e1b7f521d04ed3cbd9ec714b3b51fd738bc33303c186b168b8eaeef81d22a9627e4709d1d83a55bd56cada4cf7a318fae02f1c1ec693810c8e9d0a65

Download Submit
C:\Windows\System\jAyAthA.exe

Filesize
1.6MB

MD5
a4962c04f75a4a03f2aaa0c295c9ea97

SHA1
5737ffefb5181b971d667810ffdda14110cc6455

SHA256
25a9da2ff9805903fff1c5937af8b3c3e210442198a7b148823401e4c8e4d3bb

SHA512
c8b9b279c1a5ac2c0792fb3b52476695269d4951b209e9e70a4707c585c34dcfe33ed3ca7eb40a17a2ae736bd80cb7b8a889591059071c26897cfffc7895e376

Download Submit
C:\Windows\System\kSSyxeU.exe

Filesize
1.6MB

MD5
9dcb31a3716c0f5c41f26eae72811ff1

SHA1
be0c2fb9f214c223e0a036df003fcef808bb2af2

SHA256
0f3c6a773a28b7a0d077314a528dc8fd6a953307758acc026a526b745caba587

SHA512
933b6879882031dbfd62dbf0afefc1bdd6a0d419372f888c84d1a7c20adaadf763bb0293304d342a54f190ce19a2d5ccd1ccf35c82fe2ee9f7aa6a898cc6b958

Download Submit
C:\Windows\System\mOypEBB.exe

Filesize
1.6MB

MD5
d365231696023430f5470436b2f0be17

SHA1
c9b53ce3d553f03da70651789941cdbffa777296

SHA256
094d6bb6d67f0d6796f8104fccf34be57356a79f2d339a18712a5dc967ce8fdb

SHA512
d172350dec98d6099b54dfd90d48e678a397ca34445ad70904745bc7e7b71a9a65ae3ea41666ea08f8f82ceb8363aab1aad400a69016a25512dd360aca5a5351

Download Submit
C:\Windows\System\rVGpjUr.exe

Filesize
1.6MB

MD5
9973ea773e28db891c8efd94d1e23b40

SHA1
9616083618f0a2b40e89740379eee9405769419a

SHA256
01b31b55a4c1be3f96bd7c753b05ad69e74f0e903545b617f499b0b3362f855c

SHA512
8c4adab0b95c179010759fb402843f41a0d2da8a490c187a61498c56a5bae220dfb74a049ecc817fec6823fc422eff63bdfdf8aa8eb3ffdf7c542b28dfb83ec9

Download Submit
C:\Windows\System\sYnLAFX.exe

Filesize
1.6MB

MD5
78bb21c2f48fd6d3a2a91231f71efcf8

SHA1
48ec2c6bd84a6a36304bb8f7334f3bc4ec9c4c11

SHA256
9705f4701594068e6133e21bcafb0f42d3539bfd6a9d2e3f3626471531d4d6fd

SHA512
2b02643b40b0da2f9c247e0f3ad1a4634a46e9f26168275e315f96c96224422c872d4d6486fb7486fe8ad8b621297b3253e2e5d57c8eb9c52c64e2c4a179fc61

Download Submit
C:\Windows\System\sodrEjq.exe

Filesize
1.6MB

MD5
65973288986234b98f9f617864b89130

SHA1
3ba4c6d87a58065aeefbe7b70975b2f13e387d72

SHA256
165b6b616cc913fdec82e198581cbe16b5d40e203d2803eace16dfeb7134843e

SHA512
ff412a2a557be87570c50ae1741baf336f2095732463d5da195fe14c066b7929fa630eb639710206d26901238f44a9a2e92f2fa35d9808c3e06b1b73f1a7138b

Download Submit
C:\Windows\System\tJolTxO.exe

Filesize
1.6MB

MD5
567e197353dc7f7d3c4dd808f67e162a

SHA1
ef29e32963a2ef11aa2d297aa2ba092223e69c8a

SHA256
c7f3e001757789be6e85c691f8b75ffc164c1c2f4ddc36dddfb162e0b3c39161

SHA512
8d5f21621baa55e150727b55f4c0c80059718bf28e4d9667ee73f308eb4685597e3ba1f317fc11a1cecca3dee5527fbaf21c0cfd55c09792386d7652f3805d97

Download Submit
C:\Windows\System\uFxOosU.exe

Filesize
1.6MB

MD5
fdb193008167dd3748784b0cd4ee6350

SHA1
ce9b5f46e433665a407cf75df5f2904622b2fddf

SHA256
4a2e27d137fc51514b554c1fa865c2813bcd9ee99f92abd9dd8d36a094444388

SHA512
3cc84688e4415dc1dc9fe3c675a04e0833962a73cbecec0173c491ae3e1c3bb8b766d1a32aa81fc8dd5740901c971df486a7569215cf6cb2cfdfae149fe435d1

Download Submit
C:\Windows\System\uqZjNMC.exe

Filesize
1.6MB

MD5
19612a0811ec0cb51d40c3bc5dfc7791

SHA1
4a4c9510b55402d8d1133cfc3a851e314430056e

SHA256
40a375086cbc3568a9c97132cd484651434b4c391c33aa7af09fe1f1bfc1c54e

SHA512
fa69630fb3a4a82fd5525d99fa47849a302d7b13822c2f7142dab1c93a0f942580b795b48aca4e402aba83262b8e9d3aadbbea13f3ac404d316c2a0e7dd2b131

Download Submit
C:\Windows\System\vTNaPAv.exe

Filesize
1.6MB

MD5
76e154503be81145a0ebf15c09cf35ab

SHA1
197a0cd5781d3b1756d53226887d038c06bc9190

SHA256
aeffa89107124390d6565e4f805cd971b6bec7cd84b035cc9392e6898f6bef4c

SHA512
1b1b4dedfa77de5e1a6b8011c882ac421b81d143383a228f2e3026300dcdc111d0e88fb5ba4d5b0fec1dfabad37b5241e09bafd5c371ac1411d97b5633e3551b

Download Submit
C:\Windows\System\xgtPlQD.exe

Filesize
1.6MB

MD5
39be49df1542bbeb2eb5bea44a391619

SHA1
00b1479588488f3fdc892ef8d376ce1f0947e30f

SHA256
0d665297d527653998bda2373d3bf8137e6a2d3bf9248d08a076a2540c39c49b

SHA512
41a3c4e6ffc98d1ff0ed91dd92bc4a3694591de0fd7eb86c446764193d778df42360aaa6db95c7550e057e148f76ae8dc778172a3357303b46384a3fb53b6aa7

Download Submit
C:\Windows\System\ymEFnar.exe

Filesize
1.6MB

MD5
c183113b8822213b7485b706cb7ea75a

SHA1
733506d7a3f631a6fd198a402da685d93f5f14fa

SHA256
7e98faa32f8408c4a1f2c838b920c4df689e9eaaad705f8dad0e18f245a1958c

SHA512
851d29f9ce54ed5e58c10f5350ef55af71d0f153ba67d9afa1cfa81519471d0de403bc9f7ecdd3380849402bee73e2f6b635eab4c07192811995f615e8e2983d

Download Submit
memory/464-2218-0x00007FF77DE60000-0x00007FF77E1B1000-memory.dmp

Filesize
3.3MB

Download
memory/464-447-0x00007FF77DE60000-0x00007FF77E1B1000-memory.dmp

Filesize
3.3MB

Download
memory/876-399-0x00007FF69F970000-0x00007FF69FCC1000-memory.dmp

Filesize
3.3MB

Download
memory/876-2228-0x00007FF69F970000-0x00007FF69FCC1000-memory.dmp

Filesize
3.3MB

Download
memory/936-2250-0x00007FF622000000-0x00007FF622351000-memory.dmp

Filesize
3.3MB

Download
memory/936-443-0x00007FF622000000-0x00007FF622351000-memory.dmp

Filesize
3.3MB

Download
memory/1128-2198-0x00007FF7AE850000-0x00007FF7AEBA1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-59-0x00007FF7AE850000-0x00007FF7AEBA1000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2212-0x00007FF679D80000-0x00007FF67A0D1000-memory.dmp

Filesize
3.3MB

Download
memory/1352-72-0x00007FF679D80000-0x00007FF67A0D1000-memory.dmp

Filesize
3.3MB

Download
memory/1368-417-0x00007FF7C0860000-0x00007FF7C0BB1000-memory.dmp

Filesize
3.3MB

Download
memory/1368-2236-0x00007FF7C0860000-0x00007FF7C0BB1000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2200-0x00007FF7B5470000-0x00007FF7B57C1000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2153-0x00007FF7B5470000-0x00007FF7B57C1000-memory.dmp

Filesize
3.3MB

Download
memory/1424-29-0x00007FF7B5470000-0x00007FF7B57C1000-memory.dmp

Filesize
3.3MB

Download
memory/1616-392-0x00007FF775CB0000-0x00007FF776001000-memory.dmp

Filesize
3.3MB

Download
memory/1616-2216-0x00007FF775CB0000-0x00007FF776001000-memory.dmp

Filesize
3.3MB

Download
memory/1712-2202-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp

Filesize
3.3MB

Download
memory/1712-63-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp

Filesize
3.3MB

Download
memory/2432-2234-0x00007FF6B9E00000-0x00007FF6BA151000-memory.dmp

Filesize
3.3MB

Download
memory/2432-415-0x00007FF6B9E00000-0x00007FF6BA151000-memory.dmp

Filesize
3.3MB

Download
memory/2480-394-0x00007FF7AF7B0000-0x00007FF7AFB01000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2224-0x00007FF7AF7B0000-0x00007FF7AFB01000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2208-0x00007FF62D7A0000-0x00007FF62DAF1000-memory.dmp

Filesize
3.3MB

Download
memory/2720-68-0x00007FF62D7A0000-0x00007FF62DAF1000-memory.dmp

Filesize
3.3MB

Download
memory/2868-2230-0x00007FF698200000-0x00007FF698551000-memory.dmp

Filesize
3.3MB

Download
memory/2868-431-0x00007FF698200000-0x00007FF698551000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2214-0x00007FF7CD9F0000-0x00007FF7CDD41000-memory.dmp

Filesize
3.3MB

Download
memory/3040-77-0x00007FF7CD9F0000-0x00007FF7CDD41000-memory.dmp

Filesize
3.3MB

Download
memory/3164-410-0x00007FF7691F0000-0x00007FF769541000-memory.dmp

Filesize
3.3MB

Download
memory/3164-2244-0x00007FF7691F0000-0x00007FF769541000-memory.dmp

Filesize
3.3MB

Download
memory/3176-58-0x00007FF750350000-0x00007FF7506A1000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2210-0x00007FF750350000-0x00007FF7506A1000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2188-0x00007FF750350000-0x00007FF7506A1000-memory.dmp

Filesize
3.3MB

Download
memory/3444-54-0x00007FF6F6D70000-0x00007FF6F70C1000-memory.dmp

Filesize
3.3MB

Download
memory/3444-2207-0x00007FF6F6D70000-0x00007FF6F70C1000-memory.dmp

Filesize
3.3MB

Download
memory/3444-2155-0x00007FF6F6D70000-0x00007FF6F70C1000-memory.dmp

Filesize
3.3MB

Download
memory/3944-395-0x00007FF76F330000-0x00007FF76F681000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2222-0x00007FF76F330000-0x00007FF76F681000-memory.dmp

Filesize
3.3MB

Download
memory/4040-2246-0x00007FF6FA3E0000-0x00007FF6FA731000-memory.dmp

Filesize
3.3MB

Download
memory/4040-400-0x00007FF6FA3E0000-0x00007FF6FA731000-memory.dmp

Filesize
3.3MB

Download
memory/4060-24-0x00007FF678620000-0x00007FF678971000-memory.dmp

Filesize
3.3MB

Download
memory/4060-2194-0x00007FF678620000-0x00007FF678971000-memory.dmp

Filesize
3.3MB

Download
memory/4060-2152-0x00007FF678620000-0x00007FF678971000-memory.dmp

Filesize
3.3MB

Download
memory/4092-411-0x00007FF6CE8A0000-0x00007FF6CEBF1000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2242-0x00007FF6CE8A0000-0x00007FF6CEBF1000-memory.dmp

Filesize
3.3MB

Download
memory/4184-2154-0x00007FF7D3E60000-0x00007FF7D41B1000-memory.dmp

Filesize
3.3MB

Download
memory/4184-2204-0x00007FF7D3E60000-0x00007FF7D41B1000-memory.dmp

Filesize
3.3MB

Download
memory/4184-46-0x00007FF7D3E60000-0x00007FF7D41B1000-memory.dmp

Filesize
3.3MB

Download
memory/4248-2232-0x00007FF7D3340000-0x00007FF7D3691000-memory.dmp

Filesize
3.3MB

Download
memory/4248-423-0x00007FF7D3340000-0x00007FF7D3691000-memory.dmp

Filesize
3.3MB

Download
memory/4260-393-0x00007FF7F48B0000-0x00007FF7F4C01000-memory.dmp

Filesize
3.3MB

Download
memory/4260-2220-0x00007FF7F48B0000-0x00007FF7F4C01000-memory.dmp

Filesize
3.3MB

Download
memory/4344-1-0x00000155AF280000-0x00000155AF290000-memory.dmp

Filesize
64KB

Download
memory/4344-0-0x00007FF701BC0000-0x00007FF701F11000-memory.dmp

Filesize
3.3MB

Download
memory/4344-2151-0x00007FF701BC0000-0x00007FF701F11000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2248-0x00007FF75C890000-0x00007FF75CBE1000-memory.dmp

Filesize
3.3MB

Download
memory/4356-442-0x00007FF75C890000-0x00007FF75CBE1000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2226-0x00007FF6133B0000-0x00007FF613701000-memory.dmp

Filesize
3.3MB

Download
memory/4396-396-0x00007FF6133B0000-0x00007FF613701000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2238-0x00007FF6A1420000-0x00007FF6A1771000-memory.dmp

Filesize
3.3MB

Download
memory/4800-397-0x00007FF6A1420000-0x00007FF6A1771000-memory.dmp

Filesize
3.3MB

Download
memory/4808-2240-0x00007FF72A3A0000-0x00007FF72A6F1000-memory.dmp

Filesize
3.3MB

Download
memory/4808-398-0x00007FF72A3A0000-0x00007FF72A6F1000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2196-0x00007FF756780000-0x00007FF756AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4840-10-0x00007FF756780000-0x00007FF756AD1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads