xmrig | 3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d

Analysis

max time kernel
132s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
Size

2.2MB
MD5

7fde849164847a13c6341b72e5bd8eca
SHA1

3bdc3d94109999e7214b7238d4c207cc30346d9d
SHA256

3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d
SHA512

08e6ad870e6c20a31be4b95b5264f208d92de1212b3738961aa8650e1d48698d351d5316f1c24f68a29700f0d177be3ccffff073c43031ac2194c3c1c091ba0e
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlMmSd/ayxv8:oemTLkNdfE0pZrL

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2892-0-0x00007FF7A8F80000-0x00007FF7A92D4000-memory.dmp	xmrig
behavioral2/files/0x00080000000234bc-4.dat	xmrig
behavioral2/files/0x00070000000234c0-11.dat	xmrig
behavioral2/memory/3644-12-0x00007FF7FBEB0000-0x00007FF7FC204000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c1-16.dat	xmrig
behavioral2/memory/2932-13-0x00007FF7FA590000-0x00007FF7FA8E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c2-25.dat	xmrig
behavioral2/memory/680-29-0x00007FF7F2DF0000-0x00007FF7F3144000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c3-30.dat	xmrig
behavioral2/memory/1524-32-0x00007FF67D320000-0x00007FF67D674000-memory.dmp	xmrig
behavioral2/memory/1932-23-0x00007FF6D9EE0000-0x00007FF6DA234000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c4-35.dat	xmrig
behavioral2/files/0x00070000000234c5-40.dat	xmrig
behavioral2/memory/208-43-0x00007FF623450000-0x00007FF6237A4000-memory.dmp	xmrig
behavioral2/memory/4468-54-0x00007FF6F0330000-0x00007FF6F0684000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c7-56.dat	xmrig
behavioral2/files/0x00070000000234c8-62.dat	xmrig
behavioral2/files/0x00070000000234ca-78.dat	xmrig
behavioral2/files/0x00070000000234cb-83.dat	xmrig
behavioral2/files/0x00070000000234cf-97.dat	xmrig
behavioral2/files/0x00070000000234d1-111.dat	xmrig
behavioral2/files/0x00070000000234d4-126.dat	xmrig
behavioral2/files/0x00070000000234d9-145.dat	xmrig
behavioral2/files/0x00070000000234da-156.dat	xmrig
behavioral2/memory/3644-713-0x00007FF7FBEB0000-0x00007FF7FC204000-memory.dmp	xmrig
behavioral2/memory/2312-719-0x00007FF67CBB0000-0x00007FF67CF04000-memory.dmp	xmrig
behavioral2/memory/3364-733-0x00007FF6A4120000-0x00007FF6A4474000-memory.dmp	xmrig
behavioral2/memory/2244-737-0x00007FF766890000-0x00007FF766BE4000-memory.dmp	xmrig
behavioral2/memory/624-738-0x00007FF6C1F00000-0x00007FF6C2254000-memory.dmp	xmrig
behavioral2/memory/1908-728-0x00007FF77B600000-0x00007FF77B954000-memory.dmp	xmrig
behavioral2/memory/3436-716-0x00007FF695F60000-0x00007FF6962B4000-memory.dmp	xmrig
behavioral2/memory/4236-743-0x00007FF669910000-0x00007FF669C64000-memory.dmp	xmrig
behavioral2/memory/4640-757-0x00007FF7DD3B0000-0x00007FF7DD704000-memory.dmp	xmrig
behavioral2/memory/1472-754-0x00007FF7954A0000-0x00007FF7957F4000-memory.dmp	xmrig
behavioral2/memory/2796-750-0x00007FF73E2D0000-0x00007FF73E624000-memory.dmp	xmrig
behavioral2/memory/2404-768-0x00007FF649840000-0x00007FF649B94000-memory.dmp	xmrig
behavioral2/memory/4912-761-0x00007FF630030000-0x00007FF630384000-memory.dmp	xmrig
behavioral2/files/0x00070000000234df-175.dat	xmrig
behavioral2/files/0x00070000000234de-172.dat	xmrig
behavioral2/files/0x00070000000234dd-170.dat	xmrig
behavioral2/files/0x00070000000234dc-166.dat	xmrig
behavioral2/files/0x00070000000234db-161.dat	xmrig
behavioral2/files/0x00070000000234d8-146.dat	xmrig
behavioral2/files/0x00070000000234d7-140.dat	xmrig
behavioral2/files/0x00070000000234d6-136.dat	xmrig
behavioral2/files/0x00070000000234d5-131.dat	xmrig
behavioral2/files/0x00070000000234d3-120.dat	xmrig
behavioral2/files/0x00070000000234d2-116.dat	xmrig
behavioral2/files/0x00070000000234d0-106.dat	xmrig
behavioral2/files/0x00070000000234ce-95.dat	xmrig
behavioral2/files/0x00070000000234cd-91.dat	xmrig
behavioral2/files/0x00070000000234c9-76.dat	xmrig
behavioral2/memory/2892-71-0x00007FF7A8F80000-0x00007FF7A92D4000-memory.dmp	xmrig
behavioral2/memory/380-66-0x00007FF710D80000-0x00007FF7110D4000-memory.dmp	xmrig
behavioral2/memory/1572-63-0x00007FF7C27D0000-0x00007FF7C2B24000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c6-60.dat	xmrig
behavioral2/memory/3740-59-0x00007FF7FC150000-0x00007FF7FC4A4000-memory.dmp	xmrig
behavioral2/files/0x00080000000234bd-50.dat	xmrig
behavioral2/memory/112-37-0x00007FF72BB30000-0x00007FF72BE84000-memory.dmp	xmrig
behavioral2/memory/1260-793-0x00007FF7E3C80000-0x00007FF7E3FD4000-memory.dmp	xmrig
behavioral2/memory/2744-805-0x00007FF7DD240000-0x00007FF7DD594000-memory.dmp	xmrig
behavioral2/memory/2100-801-0x00007FF694380000-0x00007FF6946D4000-memory.dmp	xmrig
behavioral2/memory/3396-790-0x00007FF67F740000-0x00007FF67FA94000-memory.dmp	xmrig
behavioral2/memory/8-786-0x00007FF69FA80000-0x00007FF69FDD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3644	DhshFAM.exe
2932	GOlpRXz.exe
1932	McHodWP.exe
680	PrGDXuw.exe
1524	ggdzkDk.exe
112	aBkcqUY.exe
208	fKOBDmM.exe
4468	XJMzfiD.exe
1572	YqWZMoA.exe
3740	RwYkMzt.exe
380	LvuupJB.exe
3436	eBDPCfb.exe
2312	BeahyVW.exe
1908	HoMkHjS.exe
3364	wDTuGph.exe
2244	sxeOnPG.exe
624	mKJNPpF.exe
4236	dLinToO.exe
2796	iyHjHoG.exe
1472	SzbaUZj.exe
4640	djcCSUD.exe
4912	beKZLsX.exe
2404	fuqhqpN.exe
3376	mgPxwCf.exe
8	HHpxFit.exe
3396	CDVyAMx.exe
1260	cfFWMWz.exe
2100	EUOYnIB.exe
2744	PLirDQw.exe
2580	eBIcowq.exe
2696	IYWYDqs.exe
2540	uaPxUJt.exe
4672	RIauckF.exe
924	pHlhDmq.exe
1352	RZmgXrP.exe
5056	EziczMN.exe
1728	DsscVaw.exe
2020	finFBXt.exe
2392	CzufRVW.exe
808	DPQYvMe.exe
3108	aTxWAlT.exe
1724	dTHYxSP.exe
3944	QWdaqaM.exe
1084	UobefcZ.exe
4980	IvCgDTT.exe
4740	uedxXzf.exe
3060	tgmufos.exe
1992	FKYHWCJ.exe
3824	WCRkZcD.exe
1588	ekSSEnx.exe
1220	iwvjBRF.exe
1344	zZOhhMa.exe
2096	MmtaUGQ.exe
3568	abikULA.exe
2424	rAeFtdC.exe
644	divCODA.exe
5064	oDGysmi.exe
944	dogbMhx.exe
3316	oVcLcgh.exe
1980	FqogDnU.exe
5032	BwTguWD.exe
3612	yMOaRdS.exe
3204	sdjhOxX.exe
1688	nTPFkLE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2892-0-0x00007FF7A8F80000-0x00007FF7A92D4000-memory.dmp	upx
behavioral2/files/0x00080000000234bc-4.dat	upx
behavioral2/files/0x00070000000234c0-11.dat	upx
behavioral2/memory/3644-12-0x00007FF7FBEB0000-0x00007FF7FC204000-memory.dmp	upx
behavioral2/files/0x00070000000234c1-16.dat	upx
behavioral2/memory/2932-13-0x00007FF7FA590000-0x00007FF7FA8E4000-memory.dmp	upx
behavioral2/files/0x00070000000234c2-25.dat	upx
behavioral2/memory/680-29-0x00007FF7F2DF0000-0x00007FF7F3144000-memory.dmp	upx
behavioral2/files/0x00070000000234c3-30.dat	upx
behavioral2/memory/1524-32-0x00007FF67D320000-0x00007FF67D674000-memory.dmp	upx
behavioral2/memory/1932-23-0x00007FF6D9EE0000-0x00007FF6DA234000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-35.dat	upx
behavioral2/files/0x00070000000234c5-40.dat	upx
behavioral2/memory/208-43-0x00007FF623450000-0x00007FF6237A4000-memory.dmp	upx
behavioral2/memory/4468-54-0x00007FF6F0330000-0x00007FF6F0684000-memory.dmp	upx
behavioral2/files/0x00070000000234c7-56.dat	upx
behavioral2/files/0x00070000000234c8-62.dat	upx
behavioral2/files/0x00070000000234ca-78.dat	upx
behavioral2/files/0x00070000000234cb-83.dat	upx
behavioral2/files/0x00070000000234cf-97.dat	upx
behavioral2/files/0x00070000000234d1-111.dat	upx
behavioral2/files/0x00070000000234d4-126.dat	upx
behavioral2/files/0x00070000000234d9-145.dat	upx
behavioral2/files/0x00070000000234da-156.dat	upx
behavioral2/memory/3644-713-0x00007FF7FBEB0000-0x00007FF7FC204000-memory.dmp	upx
behavioral2/memory/2312-719-0x00007FF67CBB0000-0x00007FF67CF04000-memory.dmp	upx
behavioral2/memory/3364-733-0x00007FF6A4120000-0x00007FF6A4474000-memory.dmp	upx
behavioral2/memory/2244-737-0x00007FF766890000-0x00007FF766BE4000-memory.dmp	upx
behavioral2/memory/624-738-0x00007FF6C1F00000-0x00007FF6C2254000-memory.dmp	upx
behavioral2/memory/1908-728-0x00007FF77B600000-0x00007FF77B954000-memory.dmp	upx
behavioral2/memory/3436-716-0x00007FF695F60000-0x00007FF6962B4000-memory.dmp	upx
behavioral2/memory/4236-743-0x00007FF669910000-0x00007FF669C64000-memory.dmp	upx
behavioral2/memory/4640-757-0x00007FF7DD3B0000-0x00007FF7DD704000-memory.dmp	upx
behavioral2/memory/1472-754-0x00007FF7954A0000-0x00007FF7957F4000-memory.dmp	upx
behavioral2/memory/2796-750-0x00007FF73E2D0000-0x00007FF73E624000-memory.dmp	upx
behavioral2/memory/2404-768-0x00007FF649840000-0x00007FF649B94000-memory.dmp	upx
behavioral2/memory/4912-761-0x00007FF630030000-0x00007FF630384000-memory.dmp	upx
behavioral2/files/0x00070000000234df-175.dat	upx
behavioral2/files/0x00070000000234de-172.dat	upx
behavioral2/files/0x00070000000234dd-170.dat	upx
behavioral2/files/0x00070000000234dc-166.dat	upx
behavioral2/files/0x00070000000234db-161.dat	upx
behavioral2/files/0x00070000000234d8-146.dat	upx
behavioral2/files/0x00070000000234d7-140.dat	upx
behavioral2/files/0x00070000000234d6-136.dat	upx
behavioral2/files/0x00070000000234d5-131.dat	upx
behavioral2/files/0x00070000000234d3-120.dat	upx
behavioral2/files/0x00070000000234d2-116.dat	upx
behavioral2/files/0x00070000000234d0-106.dat	upx
behavioral2/files/0x00070000000234ce-95.dat	upx
behavioral2/files/0x00070000000234cd-91.dat	upx
behavioral2/files/0x00070000000234c9-76.dat	upx
behavioral2/memory/2892-71-0x00007FF7A8F80000-0x00007FF7A92D4000-memory.dmp	upx
behavioral2/memory/380-66-0x00007FF710D80000-0x00007FF7110D4000-memory.dmp	upx
behavioral2/memory/1572-63-0x00007FF7C27D0000-0x00007FF7C2B24000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-60.dat	upx
behavioral2/memory/3740-59-0x00007FF7FC150000-0x00007FF7FC4A4000-memory.dmp	upx
behavioral2/files/0x00080000000234bd-50.dat	upx
behavioral2/memory/112-37-0x00007FF72BB30000-0x00007FF72BE84000-memory.dmp	upx
behavioral2/memory/1260-793-0x00007FF7E3C80000-0x00007FF7E3FD4000-memory.dmp	upx
behavioral2/memory/2744-805-0x00007FF7DD240000-0x00007FF7DD594000-memory.dmp	upx
behavioral2/memory/2100-801-0x00007FF694380000-0x00007FF6946D4000-memory.dmp	upx
behavioral2/memory/3396-790-0x00007FF67F740000-0x00007FF67FA94000-memory.dmp	upx
behavioral2/memory/8-786-0x00007FF69FA80000-0x00007FF69FDD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LvuupJB.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\roVADeh.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\tjyoAoD.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\PvEcZFP.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\PLirDQw.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\iSBCmry.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\wsZbytM.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\nDFdPmI.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\EPwgOqr.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\QuCBTWP.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\czqhOsE.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\mvgMLYt.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\CNOxwjc.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\gBlYDOh.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\ckkltuO.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\VREEtKr.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\QuKHjHl.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\LbKLJhq.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\AdSIqYN.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\agrcjTb.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\rAOyemP.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\atgCzat.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\NljJlBn.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\Pcjezkx.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\qbIhZqv.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\TpTQnVD.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\uzHaLhv.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\gkPaajh.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\blwSjTR.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\DZJkDBR.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\WJNBsTd.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\xrtvFEW.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\gpmdVcP.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\eAWWoOE.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\CNLUlZT.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\AfuUfGD.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\zxCupWK.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\xCVJwRu.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\CotgKfp.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\ikPuTvj.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\VJWswsL.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\PJMIMHL.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\QDuhSWt.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\sSdNfCI.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\rBxmCph.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\HHpxFit.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\DPQYvMe.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\ZDDIKbT.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\YSzQdSD.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\VcUjMwt.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\JwsaYXG.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\aTxWAlT.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\NDLrtmv.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\quonJMv.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\mIskMQf.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\NanKXiA.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\yPIVAPn.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\EGNlMNa.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\jvFhiam.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\aQtACyb.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\ETqVyEK.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\DrYBLFc.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\xHEzhYS.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
File created	C:\Windows\System\brlCCsd.exe	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15144	dwm.exe
Token: SeChangeNotifyPrivilege	15144	dwm.exe
Token: 33	15144	dwm.exe
Token: SeIncBasePriorityPrivilege	15144	dwm.exe
Token: SeShutdownPrivilege	15144	dwm.exe
Token: SeCreatePagefilePrivilege	15144	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 3644	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	85
PID 2892 wrote to memory of 3644	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	85
PID 2892 wrote to memory of 2932	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	86
PID 2892 wrote to memory of 2932	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	86
PID 2892 wrote to memory of 1932	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	87
PID 2892 wrote to memory of 1932	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	87
PID 2892 wrote to memory of 680	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	88
PID 2892 wrote to memory of 680	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	88
PID 2892 wrote to memory of 1524	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	89
PID 2892 wrote to memory of 1524	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	89
PID 2892 wrote to memory of 112	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	90
PID 2892 wrote to memory of 112	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	90
PID 2892 wrote to memory of 208	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	91
PID 2892 wrote to memory of 208	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	91
PID 2892 wrote to memory of 4468	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	92
PID 2892 wrote to memory of 4468	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	92
PID 2892 wrote to memory of 1572	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	93
PID 2892 wrote to memory of 1572	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	93
PID 2892 wrote to memory of 3740	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	94
PID 2892 wrote to memory of 3740	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	94
PID 2892 wrote to memory of 380	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	95
PID 2892 wrote to memory of 380	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	95
PID 2892 wrote to memory of 3436	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	96
PID 2892 wrote to memory of 3436	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	96
PID 2892 wrote to memory of 2312	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	97
PID 2892 wrote to memory of 2312	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	97
PID 2892 wrote to memory of 1908	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	98
PID 2892 wrote to memory of 1908	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	98
PID 2892 wrote to memory of 3364	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	99
PID 2892 wrote to memory of 3364	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	99
PID 2892 wrote to memory of 2244	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	100
PID 2892 wrote to memory of 2244	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	100
PID 2892 wrote to memory of 624	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	101
PID 2892 wrote to memory of 624	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	101
PID 2892 wrote to memory of 4236	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	102
PID 2892 wrote to memory of 4236	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	102
PID 2892 wrote to memory of 2796	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	103
PID 2892 wrote to memory of 2796	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	103
PID 2892 wrote to memory of 1472	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	104
PID 2892 wrote to memory of 1472	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	104
PID 2892 wrote to memory of 4640	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	105
PID 2892 wrote to memory of 4640	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	105
PID 2892 wrote to memory of 4912	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	106
PID 2892 wrote to memory of 4912	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	106
PID 2892 wrote to memory of 2404	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	107
PID 2892 wrote to memory of 2404	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	107
PID 2892 wrote to memory of 3376	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	108
PID 2892 wrote to memory of 3376	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	108
PID 2892 wrote to memory of 8	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	109
PID 2892 wrote to memory of 8	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	109
PID 2892 wrote to memory of 3396	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	110
PID 2892 wrote to memory of 3396	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	110
PID 2892 wrote to memory of 1260	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	111
PID 2892 wrote to memory of 1260	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	111
PID 2892 wrote to memory of 2100	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	112
PID 2892 wrote to memory of 2100	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	112
PID 2892 wrote to memory of 2744	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	113
PID 2892 wrote to memory of 2744	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	113
PID 2892 wrote to memory of 2580	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	114
PID 2892 wrote to memory of 2580	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	114
PID 2892 wrote to memory of 2696	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	115
PID 2892 wrote to memory of 2696	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	115
PID 2892 wrote to memory of 2540	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	116
PID 2892 wrote to memory of 2540	2892	3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe	116

C:\Users\Admin\AppData\Local\Temp\3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe
"C:\Users\Admin\AppData\Local\Temp\3af2f5dfbe8ffd72b3beeccdab8850522a185efed26509e6aaaf0f25281cd26d.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\System\DhshFAM.exe
  C:\Windows\System\DhshFAM.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\GOlpRXz.exe
  C:\Windows\System\GOlpRXz.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\McHodWP.exe
  C:\Windows\System\McHodWP.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\PrGDXuw.exe
  C:\Windows\System\PrGDXuw.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\ggdzkDk.exe
  C:\Windows\System\ggdzkDk.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\aBkcqUY.exe
  C:\Windows\System\aBkcqUY.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\fKOBDmM.exe
  C:\Windows\System\fKOBDmM.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\XJMzfiD.exe
  C:\Windows\System\XJMzfiD.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\YqWZMoA.exe
  C:\Windows\System\YqWZMoA.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\RwYkMzt.exe
  C:\Windows\System\RwYkMzt.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\LvuupJB.exe
  C:\Windows\System\LvuupJB.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\eBDPCfb.exe
  C:\Windows\System\eBDPCfb.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\BeahyVW.exe
  C:\Windows\System\BeahyVW.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\HoMkHjS.exe
  C:\Windows\System\HoMkHjS.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\wDTuGph.exe
  C:\Windows\System\wDTuGph.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\sxeOnPG.exe
  C:\Windows\System\sxeOnPG.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\mKJNPpF.exe
  C:\Windows\System\mKJNPpF.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\dLinToO.exe
  C:\Windows\System\dLinToO.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\iyHjHoG.exe
  C:\Windows\System\iyHjHoG.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\SzbaUZj.exe
  C:\Windows\System\SzbaUZj.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\djcCSUD.exe
  C:\Windows\System\djcCSUD.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\beKZLsX.exe
  C:\Windows\System\beKZLsX.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\fuqhqpN.exe
  C:\Windows\System\fuqhqpN.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\mgPxwCf.exe
  C:\Windows\System\mgPxwCf.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\HHpxFit.exe
  C:\Windows\System\HHpxFit.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\CDVyAMx.exe
  C:\Windows\System\CDVyAMx.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\cfFWMWz.exe
  C:\Windows\System\cfFWMWz.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\EUOYnIB.exe
  C:\Windows\System\EUOYnIB.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\PLirDQw.exe
  C:\Windows\System\PLirDQw.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\eBIcowq.exe
  C:\Windows\System\eBIcowq.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\IYWYDqs.exe
  C:\Windows\System\IYWYDqs.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\uaPxUJt.exe
  C:\Windows\System\uaPxUJt.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\RIauckF.exe
  C:\Windows\System\RIauckF.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\pHlhDmq.exe
  C:\Windows\System\pHlhDmq.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\RZmgXrP.exe
  C:\Windows\System\RZmgXrP.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\EziczMN.exe
  C:\Windows\System\EziczMN.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\DsscVaw.exe
  C:\Windows\System\DsscVaw.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\finFBXt.exe
  C:\Windows\System\finFBXt.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\CzufRVW.exe
  C:\Windows\System\CzufRVW.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\DPQYvMe.exe
  C:\Windows\System\DPQYvMe.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\aTxWAlT.exe
  C:\Windows\System\aTxWAlT.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\dTHYxSP.exe
  C:\Windows\System\dTHYxSP.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\QWdaqaM.exe
  C:\Windows\System\QWdaqaM.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\UobefcZ.exe
  C:\Windows\System\UobefcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\IvCgDTT.exe
  C:\Windows\System\IvCgDTT.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\uedxXzf.exe
  C:\Windows\System\uedxXzf.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\tgmufos.exe
  C:\Windows\System\tgmufos.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\FKYHWCJ.exe
  C:\Windows\System\FKYHWCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\WCRkZcD.exe
  C:\Windows\System\WCRkZcD.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\ekSSEnx.exe
  C:\Windows\System\ekSSEnx.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\iwvjBRF.exe
  C:\Windows\System\iwvjBRF.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\zZOhhMa.exe
  C:\Windows\System\zZOhhMa.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\MmtaUGQ.exe
  C:\Windows\System\MmtaUGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\abikULA.exe
  C:\Windows\System\abikULA.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\rAeFtdC.exe
  C:\Windows\System\rAeFtdC.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\divCODA.exe
  C:\Windows\System\divCODA.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\oDGysmi.exe
  C:\Windows\System\oDGysmi.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\dogbMhx.exe
  C:\Windows\System\dogbMhx.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\oVcLcgh.exe
  C:\Windows\System\oVcLcgh.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\FqogDnU.exe
  C:\Windows\System\FqogDnU.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\BwTguWD.exe
  C:\Windows\System\BwTguWD.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\yMOaRdS.exe
  C:\Windows\System\yMOaRdS.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\sdjhOxX.exe
  C:\Windows\System\sdjhOxX.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\nTPFkLE.exe
  C:\Windows\System\nTPFkLE.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\lpxfxoc.exe
  C:\Windows\System\lpxfxoc.exe
  2⤵
  PID:4864
- C:\Windows\System\nMLDotU.exe
  C:\Windows\System\nMLDotU.exe
  2⤵
  PID:2660
- C:\Windows\System\QKiIkjE.exe
  C:\Windows\System\QKiIkjE.exe
  2⤵
  PID:2644
- C:\Windows\System\bNYxqHo.exe
  C:\Windows\System\bNYxqHo.exe
  2⤵
  PID:1336
- C:\Windows\System\ncLbVIa.exe
  C:\Windows\System\ncLbVIa.exe
  2⤵
  PID:3176
- C:\Windows\System\lQebRXj.exe
  C:\Windows\System\lQebRXj.exe
  2⤵
  PID:1620
- C:\Windows\System\ygBgZxh.exe
  C:\Windows\System\ygBgZxh.exe
  2⤵
  PID:4624
- C:\Windows\System\fPIPbEU.exe
  C:\Windows\System\fPIPbEU.exe
  2⤵
  PID:4388
- C:\Windows\System\HYPITMi.exe
  C:\Windows\System\HYPITMi.exe
  2⤵
  PID:3548
- C:\Windows\System\EPwgOqr.exe
  C:\Windows\System\EPwgOqr.exe
  2⤵
  PID:4848
- C:\Windows\System\yhoLoVs.exe
  C:\Windows\System\yhoLoVs.exe
  2⤵
  PID:4720
- C:\Windows\System\SwOllhv.exe
  C:\Windows\System\SwOllhv.exe
  2⤵
  PID:1844
- C:\Windows\System\rtcKqop.exe
  C:\Windows\System\rtcKqop.exe
  2⤵
  PID:5124
- C:\Windows\System\jHRejqH.exe
  C:\Windows\System\jHRejqH.exe
  2⤵
  PID:5152
- C:\Windows\System\TlogUmi.exe
  C:\Windows\System\TlogUmi.exe
  2⤵
  PID:5180
- C:\Windows\System\VREEtKr.exe
  C:\Windows\System\VREEtKr.exe
  2⤵
  PID:5208
- C:\Windows\System\TeEtHyA.exe
  C:\Windows\System\TeEtHyA.exe
  2⤵
  PID:5236
- C:\Windows\System\gQeGCHv.exe
  C:\Windows\System\gQeGCHv.exe
  2⤵
  PID:5264
- C:\Windows\System\zcPlYjQ.exe
  C:\Windows\System\zcPlYjQ.exe
  2⤵
  PID:5292
- C:\Windows\System\brVbZmN.exe
  C:\Windows\System\brVbZmN.exe
  2⤵
  PID:5324
- C:\Windows\System\WYAWOsb.exe
  C:\Windows\System\WYAWOsb.exe
  2⤵
  PID:5348
- C:\Windows\System\lEylpZh.exe
  C:\Windows\System\lEylpZh.exe
  2⤵
  PID:5372
- C:\Windows\System\WhMeoKO.exe
  C:\Windows\System\WhMeoKO.exe
  2⤵
  PID:5404
- C:\Windows\System\REepzsf.exe
  C:\Windows\System\REepzsf.exe
  2⤵
  PID:5432
- C:\Windows\System\yRgqUlH.exe
  C:\Windows\System\yRgqUlH.exe
  2⤵
  PID:5460
- C:\Windows\System\hdkTiEL.exe
  C:\Windows\System\hdkTiEL.exe
  2⤵
  PID:5488
- C:\Windows\System\HgfAgrS.exe
  C:\Windows\System\HgfAgrS.exe
  2⤵
  PID:5516
- C:\Windows\System\kDwhPgl.exe
  C:\Windows\System\kDwhPgl.exe
  2⤵
  PID:5544
- C:\Windows\System\wAqDrxq.exe
  C:\Windows\System\wAqDrxq.exe
  2⤵
  PID:5572
- C:\Windows\System\yAwMcue.exe
  C:\Windows\System\yAwMcue.exe
  2⤵
  PID:5600
- C:\Windows\System\qRhnIRs.exe
  C:\Windows\System\qRhnIRs.exe
  2⤵
  PID:5628
- C:\Windows\System\KXHThzE.exe
  C:\Windows\System\KXHThzE.exe
  2⤵
  PID:5656
- C:\Windows\System\eNdtVRp.exe
  C:\Windows\System\eNdtVRp.exe
  2⤵
  PID:5684
- C:\Windows\System\mDaRgbI.exe
  C:\Windows\System\mDaRgbI.exe
  2⤵
  PID:5712
- C:\Windows\System\FRESwiU.exe
  C:\Windows\System\FRESwiU.exe
  2⤵
  PID:5740
- C:\Windows\System\QuKHjHl.exe
  C:\Windows\System\QuKHjHl.exe
  2⤵
  PID:5768
- C:\Windows\System\VcsdiQZ.exe
  C:\Windows\System\VcsdiQZ.exe
  2⤵
  PID:5796
- C:\Windows\System\uxzdIco.exe
  C:\Windows\System\uxzdIco.exe
  2⤵
  PID:5824
- C:\Windows\System\rMRpSYl.exe
  C:\Windows\System\rMRpSYl.exe
  2⤵
  PID:5852
- C:\Windows\System\PSgGMhv.exe
  C:\Windows\System\PSgGMhv.exe
  2⤵
  PID:5880
- C:\Windows\System\jQKgOZz.exe
  C:\Windows\System\jQKgOZz.exe
  2⤵
  PID:5908
- C:\Windows\System\XJwAfhr.exe
  C:\Windows\System\XJwAfhr.exe
  2⤵
  PID:5936
- C:\Windows\System\KJZvRmZ.exe
  C:\Windows\System\KJZvRmZ.exe
  2⤵
  PID:5964
- C:\Windows\System\pWSbpdK.exe
  C:\Windows\System\pWSbpdK.exe
  2⤵
  PID:5992
- C:\Windows\System\jgLrVZK.exe
  C:\Windows\System\jgLrVZK.exe
  2⤵
  PID:6020
- C:\Windows\System\QDuhSWt.exe
  C:\Windows\System\QDuhSWt.exe
  2⤵
  PID:6048
- C:\Windows\System\FHZsynx.exe
  C:\Windows\System\FHZsynx.exe
  2⤵
  PID:6076
- C:\Windows\System\NanKXiA.exe
  C:\Windows\System\NanKXiA.exe
  2⤵
  PID:6104
- C:\Windows\System\GGqAtTZ.exe
  C:\Windows\System\GGqAtTZ.exe
  2⤵
  PID:6132
- C:\Windows\System\LCeiREO.exe
  C:\Windows\System\LCeiREO.exe
  2⤵
  PID:3116
- C:\Windows\System\wbWfQWP.exe
  C:\Windows\System\wbWfQWP.exe
  2⤵
  PID:540
- C:\Windows\System\UVesufz.exe
  C:\Windows\System\UVesufz.exe
  2⤵
  PID:2108
- C:\Windows\System\sXWKPby.exe
  C:\Windows\System\sXWKPby.exe
  2⤵
  PID:4228
- C:\Windows\System\YVhBDNy.exe
  C:\Windows\System\YVhBDNy.exe
  2⤵
  PID:3344
- C:\Windows\System\sRsBeeF.exe
  C:\Windows\System\sRsBeeF.exe
  2⤵
  PID:5048
- C:\Windows\System\IThbXIU.exe
  C:\Windows\System\IThbXIU.exe
  2⤵
  PID:3912
- C:\Windows\System\Fwzmmcp.exe
  C:\Windows\System\Fwzmmcp.exe
  2⤵
  PID:1924
- C:\Windows\System\XxhMSWm.exe
  C:\Windows\System\XxhMSWm.exe
  2⤵
  PID:5168
- C:\Windows\System\uCwqkiq.exe
  C:\Windows\System\uCwqkiq.exe
  2⤵
  PID:5224
- C:\Windows\System\TcCHSHp.exe
  C:\Windows\System\TcCHSHp.exe
  2⤵
  PID:5284
- C:\Windows\System\PGKrsZt.exe
  C:\Windows\System\PGKrsZt.exe
  2⤵
  PID:5360
- C:\Windows\System\AiiRljM.exe
  C:\Windows\System\AiiRljM.exe
  2⤵
  PID:5420
- C:\Windows\System\qbIhZqv.exe
  C:\Windows\System\qbIhZqv.exe
  2⤵
  PID:5480
- C:\Windows\System\ezDiEOd.exe
  C:\Windows\System\ezDiEOd.exe
  2⤵
  PID:5556
- C:\Windows\System\SLinfiH.exe
  C:\Windows\System\SLinfiH.exe
  2⤵
  PID:5616
- C:\Windows\System\kWXyjlG.exe
  C:\Windows\System\kWXyjlG.exe
  2⤵
  PID:5676
- C:\Windows\System\AIHwOke.exe
  C:\Windows\System\AIHwOke.exe
  2⤵
  PID:5752
- C:\Windows\System\HxKJHgD.exe
  C:\Windows\System\HxKJHgD.exe
  2⤵
  PID:5812
- C:\Windows\System\EDFsmzt.exe
  C:\Windows\System\EDFsmzt.exe
  2⤵
  PID:5872
- C:\Windows\System\oUMDeue.exe
  C:\Windows\System\oUMDeue.exe
  2⤵
  PID:5952
- C:\Windows\System\BYFtYXB.exe
  C:\Windows\System\BYFtYXB.exe
  2⤵
  PID:6004
- C:\Windows\System\gkPaajh.exe
  C:\Windows\System\gkPaajh.exe
  2⤵
  PID:6060
- C:\Windows\System\yPIVAPn.exe
  C:\Windows\System\yPIVAPn.exe
  2⤵
  PID:6124
- C:\Windows\System\YNikPNG.exe
  C:\Windows\System\YNikPNG.exe
  2⤵
  PID:1604
- C:\Windows\System\THRJDyD.exe
  C:\Windows\System\THRJDyD.exe
  2⤵
  PID:3448
- C:\Windows\System\iluRWOm.exe
  C:\Windows\System\iluRWOm.exe
  2⤵
  PID:2920
- C:\Windows\System\qzUXaJl.exe
  C:\Windows\System\qzUXaJl.exe
  2⤵
  PID:5192
- C:\Windows\System\zriuRke.exe
  C:\Windows\System\zriuRke.exe
  2⤵
  PID:5332
- C:\Windows\System\yQOjkvS.exe
  C:\Windows\System\yQOjkvS.exe
  2⤵
  PID:5472
- C:\Windows\System\wYQTOCM.exe
  C:\Windows\System\wYQTOCM.exe
  2⤵
  PID:5644
- C:\Windows\System\mfbHoTB.exe
  C:\Windows\System\mfbHoTB.exe
  2⤵
  PID:5784
- C:\Windows\System\KjlcEbF.exe
  C:\Windows\System\KjlcEbF.exe
  2⤵
  PID:5928
- C:\Windows\System\FSRTQnz.exe
  C:\Windows\System\FSRTQnz.exe
  2⤵
  PID:6092
- C:\Windows\System\kUzrXns.exe
  C:\Windows\System\kUzrXns.exe
  2⤵
  PID:2200
- C:\Windows\System\xHzWNaI.exe
  C:\Windows\System\xHzWNaI.exe
  2⤵
  PID:6172
- C:\Windows\System\LbKLJhq.exe
  C:\Windows\System\LbKLJhq.exe
  2⤵
  PID:6200
- C:\Windows\System\JtTqcrO.exe
  C:\Windows\System\JtTqcrO.exe
  2⤵
  PID:6228
- C:\Windows\System\ZDDIKbT.exe
  C:\Windows\System\ZDDIKbT.exe
  2⤵
  PID:6256
- C:\Windows\System\xxRZtXr.exe
  C:\Windows\System\xxRZtXr.exe
  2⤵
  PID:6284
- C:\Windows\System\GKaEMpi.exe
  C:\Windows\System\GKaEMpi.exe
  2⤵
  PID:6312
- C:\Windows\System\ZVXTjRN.exe
  C:\Windows\System\ZVXTjRN.exe
  2⤵
  PID:6340
- C:\Windows\System\IQvgccj.exe
  C:\Windows\System\IQvgccj.exe
  2⤵
  PID:6368
- C:\Windows\System\roVADeh.exe
  C:\Windows\System\roVADeh.exe
  2⤵
  PID:6396
- C:\Windows\System\qpAGHru.exe
  C:\Windows\System\qpAGHru.exe
  2⤵
  PID:6424
- C:\Windows\System\kTJgYoz.exe
  C:\Windows\System\kTJgYoz.exe
  2⤵
  PID:6452
- C:\Windows\System\zrwsRPP.exe
  C:\Windows\System\zrwsRPP.exe
  2⤵
  PID:6480
- C:\Windows\System\DHlekVf.exe
  C:\Windows\System\DHlekVf.exe
  2⤵
  PID:6508
- C:\Windows\System\NWGBcGX.exe
  C:\Windows\System\NWGBcGX.exe
  2⤵
  PID:6536
- C:\Windows\System\nUdEwei.exe
  C:\Windows\System\nUdEwei.exe
  2⤵
  PID:6560
- C:\Windows\System\YSzQdSD.exe
  C:\Windows\System\YSzQdSD.exe
  2⤵
  PID:6592
- C:\Windows\System\EWSVLEq.exe
  C:\Windows\System\EWSVLEq.exe
  2⤵
  PID:6620
- C:\Windows\System\MtrqlQd.exe
  C:\Windows\System\MtrqlQd.exe
  2⤵
  PID:6644
- C:\Windows\System\EGNlMNa.exe
  C:\Windows\System\EGNlMNa.exe
  2⤵
  PID:6672
- C:\Windows\System\ZxCbYKs.exe
  C:\Windows\System\ZxCbYKs.exe
  2⤵
  PID:6704
- C:\Windows\System\kZszlQd.exe
  C:\Windows\System\kZszlQd.exe
  2⤵
  PID:6732
- C:\Windows\System\uboYcas.exe
  C:\Windows\System\uboYcas.exe
  2⤵
  PID:6760
- C:\Windows\System\xSHcPwq.exe
  C:\Windows\System\xSHcPwq.exe
  2⤵
  PID:6788
- C:\Windows\System\zxCupWK.exe
  C:\Windows\System\zxCupWK.exe
  2⤵
  PID:6816
- C:\Windows\System\DLCaWVe.exe
  C:\Windows\System\DLCaWVe.exe
  2⤵
  PID:6844
- C:\Windows\System\xGQADjO.exe
  C:\Windows\System\xGQADjO.exe
  2⤵
  PID:6872
- C:\Windows\System\sSdNfCI.exe
  C:\Windows\System\sSdNfCI.exe
  2⤵
  PID:6900
- C:\Windows\System\mEcQUmn.exe
  C:\Windows\System\mEcQUmn.exe
  2⤵
  PID:6928
- C:\Windows\System\CEUDLZJ.exe
  C:\Windows\System\CEUDLZJ.exe
  2⤵
  PID:6956
- C:\Windows\System\dXQTpTf.exe
  C:\Windows\System\dXQTpTf.exe
  2⤵
  PID:6984
- C:\Windows\System\HWUIWBe.exe
  C:\Windows\System\HWUIWBe.exe
  2⤵
  PID:7012
- C:\Windows\System\MnvpJJO.exe
  C:\Windows\System\MnvpJJO.exe
  2⤵
  PID:7040
- C:\Windows\System\VuvNPCZ.exe
  C:\Windows\System\VuvNPCZ.exe
  2⤵
  PID:7068
- C:\Windows\System\NBTUHbK.exe
  C:\Windows\System\NBTUHbK.exe
  2⤵
  PID:7096
- C:\Windows\System\BsIMhWm.exe
  C:\Windows\System\BsIMhWm.exe
  2⤵
  PID:7124
- C:\Windows\System\VzyBYdd.exe
  C:\Windows\System\VzyBYdd.exe
  2⤵
  PID:7152
- C:\Windows\System\imrUOCD.exe
  C:\Windows\System\imrUOCD.exe
  2⤵
  PID:3840
- C:\Windows\System\eqIRYfP.exe
  C:\Windows\System\eqIRYfP.exe
  2⤵
  PID:5396
- C:\Windows\System\OmiYnBE.exe
  C:\Windows\System\OmiYnBE.exe
  2⤵
  PID:5724
- C:\Windows\System\oYmRCrg.exe
  C:\Windows\System\oYmRCrg.exe
  2⤵
  PID:6032
- C:\Windows\System\bUgqywF.exe
  C:\Windows\System\bUgqywF.exe
  2⤵
  PID:6164
- C:\Windows\System\dNiTSrY.exe
  C:\Windows\System\dNiTSrY.exe
  2⤵
  PID:6240
- C:\Windows\System\caSPZWd.exe
  C:\Windows\System\caSPZWd.exe
  2⤵
  PID:6296
- C:\Windows\System\WiCEkCf.exe
  C:\Windows\System\WiCEkCf.exe
  2⤵
  PID:6360
- C:\Windows\System\muIyPoA.exe
  C:\Windows\System\muIyPoA.exe
  2⤵
  PID:6416
- C:\Windows\System\EPSkRGV.exe
  C:\Windows\System\EPSkRGV.exe
  2⤵
  PID:6492
- C:\Windows\System\fxDEYTU.exe
  C:\Windows\System\fxDEYTU.exe
  2⤵
  PID:6528
- C:\Windows\System\jGFktoJ.exe
  C:\Windows\System\jGFktoJ.exe
  2⤵
  PID:6584
- C:\Windows\System\CVRZKvA.exe
  C:\Windows\System\CVRZKvA.exe
  2⤵
  PID:6660
- C:\Windows\System\uBzSELf.exe
  C:\Windows\System\uBzSELf.exe
  2⤵
  PID:6720
- C:\Windows\System\oRiIZIQ.exe
  C:\Windows\System\oRiIZIQ.exe
  2⤵
  PID:6780
- C:\Windows\System\OIACMys.exe
  C:\Windows\System\OIACMys.exe
  2⤵
  PID:6856
- C:\Windows\System\ZDWYeuK.exe
  C:\Windows\System\ZDWYeuK.exe
  2⤵
  PID:6916
- C:\Windows\System\OjPkUCh.exe
  C:\Windows\System\OjPkUCh.exe
  2⤵
  PID:6972
- C:\Windows\System\BsdixkP.exe
  C:\Windows\System\BsdixkP.exe
  2⤵
  PID:7032
- C:\Windows\System\NDLrtmv.exe
  C:\Windows\System\NDLrtmv.exe
  2⤵
  PID:7088
- C:\Windows\System\XYmUGvZ.exe
  C:\Windows\System\XYmUGvZ.exe
  2⤵
  PID:7164
- C:\Windows\System\jUQMENU.exe
  C:\Windows\System\jUQMENU.exe
  2⤵
  PID:5252
- C:\Windows\System\ZEIZSzt.exe
  C:\Windows\System\ZEIZSzt.exe
  2⤵
  PID:3680
- C:\Windows\System\oCjyrfK.exe
  C:\Windows\System\oCjyrfK.exe
  2⤵
  PID:6212
- C:\Windows\System\atgCzat.exe
  C:\Windows\System\atgCzat.exe
  2⤵
  PID:6332
- C:\Windows\System\dGvCmEb.exe
  C:\Windows\System\dGvCmEb.exe
  2⤵
  PID:6500
- C:\Windows\System\BWCZcoq.exe
  C:\Windows\System\BWCZcoq.exe
  2⤵
  PID:116
- C:\Windows\System\QuCBTWP.exe
  C:\Windows\System\QuCBTWP.exe
  2⤵
  PID:3336
- C:\Windows\System\xCVJwRu.exe
  C:\Windows\System\xCVJwRu.exe
  2⤵
  PID:2448
- C:\Windows\System\onwHyMa.exe
  C:\Windows\System\onwHyMa.exe
  2⤵
  PID:7136
- C:\Windows\System\cKDHpzV.exe
  C:\Windows\System\cKDHpzV.exe
  2⤵
  PID:4680
- C:\Windows\System\DdzEdXQ.exe
  C:\Windows\System\DdzEdXQ.exe
  2⤵
  PID:5532
- C:\Windows\System\IdeKoQf.exe
  C:\Windows\System\IdeKoQf.exe
  2⤵
  PID:4112
- C:\Windows\System\MWrlmvt.exe
  C:\Windows\System\MWrlmvt.exe
  2⤵
  PID:1168
- C:\Windows\System\sdnRqNO.exe
  C:\Windows\System\sdnRqNO.exe
  2⤵
  PID:1056
- C:\Windows\System\fyyUHDU.exe
  C:\Windows\System\fyyUHDU.exe
  2⤵
  PID:2400
- C:\Windows\System\czqhOsE.exe
  C:\Windows\System\czqhOsE.exe
  2⤵
  PID:4064
- C:\Windows\System\metnXDn.exe
  C:\Windows\System\metnXDn.exe
  2⤵
  PID:3368
- C:\Windows\System\GLVDZNt.exe
  C:\Windows\System\GLVDZNt.exe
  2⤵
  PID:3412
- C:\Windows\System\SeNacnv.exe
  C:\Windows\System\SeNacnv.exe
  2⤵
  PID:1868
- C:\Windows\System\zrdyoMX.exe
  C:\Windows\System\zrdyoMX.exe
  2⤵
  PID:1808
- C:\Windows\System\pUkKEdW.exe
  C:\Windows\System\pUkKEdW.exe
  2⤵
  PID:4000
- C:\Windows\System\KCUDnDd.exe
  C:\Windows\System\KCUDnDd.exe
  2⤵
  PID:7172
- C:\Windows\System\roMcwng.exe
  C:\Windows\System\roMcwng.exe
  2⤵
  PID:7196
- C:\Windows\System\dQkWHoD.exe
  C:\Windows\System\dQkWHoD.exe
  2⤵
  PID:7232
- C:\Windows\System\eCJuszK.exe
  C:\Windows\System\eCJuszK.exe
  2⤵
  PID:7248
- C:\Windows\System\UByLICX.exe
  C:\Windows\System\UByLICX.exe
  2⤵
  PID:7292
- C:\Windows\System\oWCxZcH.exe
  C:\Windows\System\oWCxZcH.exe
  2⤵
  PID:7336
- C:\Windows\System\NoaFONC.exe
  C:\Windows\System\NoaFONC.exe
  2⤵
  PID:7360
- C:\Windows\System\jkyUozZ.exe
  C:\Windows\System\jkyUozZ.exe
  2⤵
  PID:7388
- C:\Windows\System\jeECVWZ.exe
  C:\Windows\System\jeECVWZ.exe
  2⤵
  PID:7424
- C:\Windows\System\EWHQmCV.exe
  C:\Windows\System\EWHQmCV.exe
  2⤵
  PID:7444
- C:\Windows\System\NuUtkFi.exe
  C:\Windows\System\NuUtkFi.exe
  2⤵
  PID:7472
- C:\Windows\System\bKSNxct.exe
  C:\Windows\System\bKSNxct.exe
  2⤵
  PID:7492
- C:\Windows\System\CbqQtDi.exe
  C:\Windows\System\CbqQtDi.exe
  2⤵
  PID:7516
- C:\Windows\System\quonJMv.exe
  C:\Windows\System\quonJMv.exe
  2⤵
  PID:7572
- C:\Windows\System\lbrEjKF.exe
  C:\Windows\System\lbrEjKF.exe
  2⤵
  PID:7640
- C:\Windows\System\ZTJjJSS.exe
  C:\Windows\System\ZTJjJSS.exe
  2⤵
  PID:7740
- C:\Windows\System\UtgsbBa.exe
  C:\Windows\System\UtgsbBa.exe
  2⤵
  PID:7776
- C:\Windows\System\pWJQGWf.exe
  C:\Windows\System\pWJQGWf.exe
  2⤵
  PID:7804
- C:\Windows\System\xxmFuNl.exe
  C:\Windows\System\xxmFuNl.exe
  2⤵
  PID:7836
- C:\Windows\System\apzpuIN.exe
  C:\Windows\System\apzpuIN.exe
  2⤵
  PID:7856
- C:\Windows\System\xLoAduq.exe
  C:\Windows\System\xLoAduq.exe
  2⤵
  PID:7892
- C:\Windows\System\kbBSQEW.exe
  C:\Windows\System\kbBSQEW.exe
  2⤵
  PID:7932
- C:\Windows\System\LJZIHSL.exe
  C:\Windows\System\LJZIHSL.exe
  2⤵
  PID:7948
- C:\Windows\System\gmuCOes.exe
  C:\Windows\System\gmuCOes.exe
  2⤵
  PID:7996
- C:\Windows\System\ctGraVC.exe
  C:\Windows\System\ctGraVC.exe
  2⤵
  PID:8036
- C:\Windows\System\tYphLlj.exe
  C:\Windows\System\tYphLlj.exe
  2⤵
  PID:8056
- C:\Windows\System\sZgNDNo.exe
  C:\Windows\System\sZgNDNo.exe
  2⤵
  PID:8104
- C:\Windows\System\TpMuZjT.exe
  C:\Windows\System\TpMuZjT.exe
  2⤵
  PID:8132
- C:\Windows\System\SWtsXai.exe
  C:\Windows\System\SWtsXai.exe
  2⤵
  PID:8160
- C:\Windows\System\blwSjTR.exe
  C:\Windows\System\blwSjTR.exe
  2⤵
  PID:3968
- C:\Windows\System\uaLKEhQ.exe
  C:\Windows\System\uaLKEhQ.exe
  2⤵
  PID:7180
- C:\Windows\System\BbkzPwt.exe
  C:\Windows\System\BbkzPwt.exe
  2⤵
  PID:7260
- C:\Windows\System\bxCwCnH.exe
  C:\Windows\System\bxCwCnH.exe
  2⤵
  PID:7288
- C:\Windows\System\CotgKfp.exe
  C:\Windows\System\CotgKfp.exe
  2⤵
  PID:7356
- C:\Windows\System\pfPqajU.exe
  C:\Windows\System\pfPqajU.exe
  2⤵
  PID:7440
- C:\Windows\System\AzTCLoe.exe
  C:\Windows\System\AzTCLoe.exe
  2⤵
  PID:7484
- C:\Windows\System\mOvFkQS.exe
  C:\Windows\System\mOvFkQS.exe
  2⤵
  PID:7632
- C:\Windows\System\GTMeerq.exe
  C:\Windows\System\GTMeerq.exe
  2⤵
  PID:6408
- C:\Windows\System\wVEQxDU.exe
  C:\Windows\System\wVEQxDU.exe
  2⤵
  PID:7368
- C:\Windows\System\CozYxwh.exe
  C:\Windows\System\CozYxwh.exe
  2⤵
  PID:7816
- C:\Windows\System\iArgDzs.exe
  C:\Windows\System\iArgDzs.exe
  2⤵
  PID:7880
- C:\Windows\System\YqYYNFT.exe
  C:\Windows\System\YqYYNFT.exe
  2⤵
  PID:7928
- C:\Windows\System\ChLVJja.exe
  C:\Windows\System\ChLVJja.exe
  2⤵
  PID:8008
- C:\Windows\System\aGOwZVJ.exe
  C:\Windows\System\aGOwZVJ.exe
  2⤵
  PID:8096
- C:\Windows\System\jmjZJab.exe
  C:\Windows\System\jmjZJab.exe
  2⤵
  PID:8152
- C:\Windows\System\yUgBTlE.exe
  C:\Windows\System\yUgBTlE.exe
  2⤵
  PID:4512
- C:\Windows\System\RkNwEZA.exe
  C:\Windows\System\RkNwEZA.exe
  2⤵
  PID:7348
- C:\Windows\System\FXzVsSl.exe
  C:\Windows\System\FXzVsSl.exe
  2⤵
  PID:7480
- C:\Windows\System\vmlsgWG.exe
  C:\Windows\System\vmlsgWG.exe
  2⤵
  PID:7216
- C:\Windows\System\xNaJdtA.exe
  C:\Windows\System\xNaJdtA.exe
  2⤵
  PID:7828
- C:\Windows\System\XkhRvlA.exe
  C:\Windows\System\XkhRvlA.exe
  2⤵
  PID:7960
- C:\Windows\System\sMlpRis.exe
  C:\Windows\System\sMlpRis.exe
  2⤵
  PID:8148
- C:\Windows\System\SATPcnu.exe
  C:\Windows\System\SATPcnu.exe
  2⤵
  PID:2500
- C:\Windows\System\jeFEzMi.exe
  C:\Windows\System\jeFEzMi.exe
  2⤵
  PID:8052
- C:\Windows\System\uzkaUwQ.exe
  C:\Windows\System\uzkaUwQ.exe
  2⤵
  PID:7436
- C:\Windows\System\EeDSEGd.exe
  C:\Windows\System\EeDSEGd.exe
  2⤵
  PID:7612
- C:\Windows\System\Qjtklxm.exe
  C:\Windows\System\Qjtklxm.exe
  2⤵
  PID:7720
- C:\Windows\System\WlTfvxg.exe
  C:\Windows\System\WlTfvxg.exe
  2⤵
  PID:7692
- C:\Windows\System\WdqqZgE.exe
  C:\Windows\System\WdqqZgE.exe
  2⤵
  PID:6692
- C:\Windows\System\YtatAaM.exe
  C:\Windows\System\YtatAaM.exe
  2⤵
  PID:8204
- C:\Windows\System\LTitzCl.exe
  C:\Windows\System\LTitzCl.exe
  2⤵
  PID:8232
- C:\Windows\System\qMYEcVI.exe
  C:\Windows\System\qMYEcVI.exe
  2⤵
  PID:8248
- C:\Windows\System\XjmjGGX.exe
  C:\Windows\System\XjmjGGX.exe
  2⤵
  PID:8276
- C:\Windows\System\DKpOwKS.exe
  C:\Windows\System\DKpOwKS.exe
  2⤵
  PID:8308
- C:\Windows\System\HMOhryU.exe
  C:\Windows\System\HMOhryU.exe
  2⤵
  PID:8332
- C:\Windows\System\yiaRZYg.exe
  C:\Windows\System\yiaRZYg.exe
  2⤵
  PID:8376
- C:\Windows\System\PtnvKJS.exe
  C:\Windows\System\PtnvKJS.exe
  2⤵
  PID:8392
- C:\Windows\System\Alvrtyg.exe
  C:\Windows\System\Alvrtyg.exe
  2⤵
  PID:8448
- C:\Windows\System\cVXjNCl.exe
  C:\Windows\System\cVXjNCl.exe
  2⤵
  PID:8472
- C:\Windows\System\xrtvFEW.exe
  C:\Windows\System\xrtvFEW.exe
  2⤵
  PID:8496
- C:\Windows\System\xcdVUHx.exe
  C:\Windows\System\xcdVUHx.exe
  2⤵
  PID:8520
- C:\Windows\System\NljJlBn.exe
  C:\Windows\System\NljJlBn.exe
  2⤵
  PID:8564
- C:\Windows\System\aCAfqKk.exe
  C:\Windows\System\aCAfqKk.exe
  2⤵
  PID:8596
- C:\Windows\System\xHEzhYS.exe
  C:\Windows\System\xHEzhYS.exe
  2⤵
  PID:8640
- C:\Windows\System\NMwYlrk.exe
  C:\Windows\System\NMwYlrk.exe
  2⤵
  PID:8660
- C:\Windows\System\sihZtMz.exe
  C:\Windows\System\sihZtMz.exe
  2⤵
  PID:8688
- C:\Windows\System\JRrJdwb.exe
  C:\Windows\System\JRrJdwb.exe
  2⤵
  PID:8728
- C:\Windows\System\vvnGJPg.exe
  C:\Windows\System\vvnGJPg.exe
  2⤵
  PID:8764
- C:\Windows\System\QWiLVaf.exe
  C:\Windows\System\QWiLVaf.exe
  2⤵
  PID:8804
- C:\Windows\System\mqFgMTt.exe
  C:\Windows\System\mqFgMTt.exe
  2⤵
  PID:8840
- C:\Windows\System\iaKEtZK.exe
  C:\Windows\System\iaKEtZK.exe
  2⤵
  PID:8860
- C:\Windows\System\ARHBcLQ.exe
  C:\Windows\System\ARHBcLQ.exe
  2⤵
  PID:8896
- C:\Windows\System\CSPNUCe.exe
  C:\Windows\System\CSPNUCe.exe
  2⤵
  PID:8924
- C:\Windows\System\TDfEZYn.exe
  C:\Windows\System\TDfEZYn.exe
  2⤵
  PID:8956
- C:\Windows\System\FoMzDJo.exe
  C:\Windows\System\FoMzDJo.exe
  2⤵
  PID:8984
- C:\Windows\System\ktDUEUw.exe
  C:\Windows\System\ktDUEUw.exe
  2⤵
  PID:9004
- C:\Windows\System\DpHbmqa.exe
  C:\Windows\System\DpHbmqa.exe
  2⤵
  PID:9024
- C:\Windows\System\TpTQnVD.exe
  C:\Windows\System\TpTQnVD.exe
  2⤵
  PID:9076
- C:\Windows\System\kcORQSe.exe
  C:\Windows\System\kcORQSe.exe
  2⤵
  PID:9112
- C:\Windows\System\Cuerbrj.exe
  C:\Windows\System\Cuerbrj.exe
  2⤵
  PID:9144
- C:\Windows\System\LwXZYTl.exe
  C:\Windows\System\LwXZYTl.exe
  2⤵
  PID:9184
- C:\Windows\System\vaqgJxR.exe
  C:\Windows\System\vaqgJxR.exe
  2⤵
  PID:9208
- C:\Windows\System\brlCCsd.exe
  C:\Windows\System\brlCCsd.exe
  2⤵
  PID:8224
- C:\Windows\System\XDJRKBo.exe
  C:\Windows\System\XDJRKBo.exe
  2⤵
  PID:8264
- C:\Windows\System\SveBHRT.exe
  C:\Windows\System\SveBHRT.exe
  2⤵
  PID:8388
- C:\Windows\System\YCMhsDV.exe
  C:\Windows\System\YCMhsDV.exe
  2⤵
  PID:8444
- C:\Windows\System\lYUNzgz.exe
  C:\Windows\System\lYUNzgz.exe
  2⤵
  PID:8552
- C:\Windows\System\NHtDzpM.exe
  C:\Windows\System\NHtDzpM.exe
  2⤵
  PID:8628
- C:\Windows\System\nrwvpdt.exe
  C:\Windows\System\nrwvpdt.exe
  2⤵
  PID:8740
- C:\Windows\System\KSrFwIc.exe
  C:\Windows\System\KSrFwIc.exe
  2⤵
  PID:8828
- C:\Windows\System\YdsdEEK.exe
  C:\Windows\System\YdsdEEK.exe
  2⤵
  PID:8876
- C:\Windows\System\AyGBAZi.exe
  C:\Windows\System\AyGBAZi.exe
  2⤵
  PID:8972
- C:\Windows\System\mvgMLYt.exe
  C:\Windows\System\mvgMLYt.exe
  2⤵
  PID:8992
- C:\Windows\System\LPmdlTt.exe
  C:\Windows\System\LPmdlTt.exe
  2⤵
  PID:9068
- C:\Windows\System\bUAdUQt.exe
  C:\Windows\System\bUAdUQt.exe
  2⤵
  PID:8200
- C:\Windows\System\iSBCmry.exe
  C:\Windows\System\iSBCmry.exe
  2⤵
  PID:8412
- C:\Windows\System\ikPuTvj.exe
  C:\Windows\System\ikPuTvj.exe
  2⤵
  PID:8576
- C:\Windows\System\wCRSwsg.exe
  C:\Windows\System\wCRSwsg.exe
  2⤵
  PID:8800
- C:\Windows\System\KMizKwr.exe
  C:\Windows\System\KMizKwr.exe
  2⤵
  PID:8932
- C:\Windows\System\isYMrlL.exe
  C:\Windows\System\isYMrlL.exe
  2⤵
  PID:9152
- C:\Windows\System\gFygebl.exe
  C:\Windows\System\gFygebl.exe
  2⤵
  PID:8588
- C:\Windows\System\sMakqOo.exe
  C:\Windows\System\sMakqOo.exe
  2⤵
  PID:9044
- C:\Windows\System\WhzuTWX.exe
  C:\Windows\System\WhzuTWX.exe
  2⤵
  PID:8712
- C:\Windows\System\gWXfcHb.exe
  C:\Windows\System\gWXfcHb.exe
  2⤵
  PID:9240
- C:\Windows\System\TOUBmiT.exe
  C:\Windows\System\TOUBmiT.exe
  2⤵
  PID:9268
- C:\Windows\System\pvINOYp.exe
  C:\Windows\System\pvINOYp.exe
  2⤵
  PID:9296
- C:\Windows\System\ATsBJZd.exe
  C:\Windows\System\ATsBJZd.exe
  2⤵
  PID:9312
- C:\Windows\System\MqfIEil.exe
  C:\Windows\System\MqfIEil.exe
  2⤵
  PID:9344
- C:\Windows\System\QZiPlIN.exe
  C:\Windows\System\QZiPlIN.exe
  2⤵
  PID:9372
- C:\Windows\System\qItcxDm.exe
  C:\Windows\System\qItcxDm.exe
  2⤵
  PID:9408
- C:\Windows\System\SJdjvbg.exe
  C:\Windows\System\SJdjvbg.exe
  2⤵
  PID:9424
- C:\Windows\System\cyfoxKW.exe
  C:\Windows\System\cyfoxKW.exe
  2⤵
  PID:9456
- C:\Windows\System\pjccQQh.exe
  C:\Windows\System\pjccQQh.exe
  2⤵
  PID:9496
- C:\Windows\System\bxVyXwD.exe
  C:\Windows\System\bxVyXwD.exe
  2⤵
  PID:9520
- C:\Windows\System\QNAQvCj.exe
  C:\Windows\System\QNAQvCj.exe
  2⤵
  PID:9540
- C:\Windows\System\MdebrgR.exe
  C:\Windows\System\MdebrgR.exe
  2⤵
  PID:9556
- C:\Windows\System\XlQjmMd.exe
  C:\Windows\System\XlQjmMd.exe
  2⤵
  PID:9620
- C:\Windows\System\LuFjrja.exe
  C:\Windows\System\LuFjrja.exe
  2⤵
  PID:9644
- C:\Windows\System\CwXIeZY.exe
  C:\Windows\System\CwXIeZY.exe
  2⤵
  PID:9664
- C:\Windows\System\ZWhtQcG.exe
  C:\Windows\System\ZWhtQcG.exe
  2⤵
  PID:9696
- C:\Windows\System\AdSIqYN.exe
  C:\Windows\System\AdSIqYN.exe
  2⤵
  PID:9732
- C:\Windows\System\NxBPvni.exe
  C:\Windows\System\NxBPvni.exe
  2⤵
  PID:9760
- C:\Windows\System\Antmldj.exe
  C:\Windows\System\Antmldj.exe
  2⤵
  PID:9784
- C:\Windows\System\nTfZMUJ.exe
  C:\Windows\System\nTfZMUJ.exe
  2⤵
  PID:9812
- C:\Windows\System\FhUXwbH.exe
  C:\Windows\System\FhUXwbH.exe
  2⤵
  PID:9852
- C:\Windows\System\NwDxBhS.exe
  C:\Windows\System\NwDxBhS.exe
  2⤵
  PID:9884
- C:\Windows\System\CNOxwjc.exe
  C:\Windows\System\CNOxwjc.exe
  2⤵
  PID:9916
- C:\Windows\System\pdSNVKm.exe
  C:\Windows\System\pdSNVKm.exe
  2⤵
  PID:9932
- C:\Windows\System\Cxfjhyx.exe
  C:\Windows\System\Cxfjhyx.exe
  2⤵
  PID:9952
- C:\Windows\System\QNMiDfU.exe
  C:\Windows\System\QNMiDfU.exe
  2⤵
  PID:10004
- C:\Windows\System\GLtkfzm.exe
  C:\Windows\System\GLtkfzm.exe
  2⤵
  PID:10048
- C:\Windows\System\JfYSxjG.exe
  C:\Windows\System\JfYSxjG.exe
  2⤵
  PID:10064
- C:\Windows\System\HzeEguk.exe
  C:\Windows\System\HzeEguk.exe
  2⤵
  PID:10096
- C:\Windows\System\BdTJMFU.exe
  C:\Windows\System\BdTJMFU.exe
  2⤵
  PID:10160
- C:\Windows\System\mSsJNXT.exe
  C:\Windows\System\mSsJNXT.exe
  2⤵
  PID:10188
- C:\Windows\System\weiQASj.exe
  C:\Windows\System\weiQASj.exe
  2⤵
  PID:10236
- C:\Windows\System\IzbhPkb.exe
  C:\Windows\System\IzbhPkb.exe
  2⤵
  PID:9256
- C:\Windows\System\XCQJDbL.exe
  C:\Windows\System\XCQJDbL.exe
  2⤵
  PID:9304
- C:\Windows\System\NGlMqbJ.exe
  C:\Windows\System\NGlMqbJ.exe
  2⤵
  PID:9384
- C:\Windows\System\WnAikNL.exe
  C:\Windows\System\WnAikNL.exe
  2⤵
  PID:9416
- C:\Windows\System\eHhUalI.exe
  C:\Windows\System\eHhUalI.exe
  2⤵
  PID:9528
- C:\Windows\System\frHpYeq.exe
  C:\Windows\System\frHpYeq.exe
  2⤵
  PID:9568
- C:\Windows\System\BtIcyYx.exe
  C:\Windows\System\BtIcyYx.exe
  2⤵
  PID:9600
- C:\Windows\System\WZrTofD.exe
  C:\Windows\System\WZrTofD.exe
  2⤵
  PID:9628
- C:\Windows\System\kDBAoXl.exe
  C:\Windows\System\kDBAoXl.exe
  2⤵
  PID:9768
- C:\Windows\System\oUIYTDZ.exe
  C:\Windows\System\oUIYTDZ.exe
  2⤵
  PID:9832
- C:\Windows\System\MVhDPNT.exe
  C:\Windows\System\MVhDPNT.exe
  2⤵
  PID:9908
- C:\Windows\System\XrwjZcA.exe
  C:\Windows\System\XrwjZcA.exe
  2⤵
  PID:9984
- C:\Windows\System\uhaNPwM.exe
  C:\Windows\System\uhaNPwM.exe
  2⤵
  PID:10056
- C:\Windows\System\EYXkNzi.exe
  C:\Windows\System\EYXkNzi.exe
  2⤵
  PID:10156
- C:\Windows\System\ZicFwqL.exe
  C:\Windows\System\ZicFwqL.exe
  2⤵
  PID:10176
- C:\Windows\System\zXWUbbi.exe
  C:\Windows\System\zXWUbbi.exe
  2⤵
  PID:9280
- C:\Windows\System\GrcAAsq.exe
  C:\Windows\System\GrcAAsq.exe
  2⤵
  PID:9400
- C:\Windows\System\DqYqXPl.exe
  C:\Windows\System\DqYqXPl.exe
  2⤵
  PID:9584
- C:\Windows\System\RtPuqGM.exe
  C:\Windows\System\RtPuqGM.exe
  2⤵
  PID:9652
- C:\Windows\System\DXcZGhh.exe
  C:\Windows\System\DXcZGhh.exe
  2⤵
  PID:9892
- C:\Windows\System\nDftarp.exe
  C:\Windows\System\nDftarp.exe
  2⤵
  PID:4700
- C:\Windows\System\KOSNFLO.exe
  C:\Windows\System\KOSNFLO.exe
  2⤵
  PID:10180
- C:\Windows\System\vOIDVZT.exe
  C:\Windows\System\vOIDVZT.exe
  2⤵
  PID:9940
- C:\Windows\System\gLXTKtL.exe
  C:\Windows\System\gLXTKtL.exe
  2⤵
  PID:9800
- C:\Windows\System\czRwSca.exe
  C:\Windows\System\czRwSca.exe
  2⤵
  PID:9328
- C:\Windows\System\PKRXwPu.exe
  C:\Windows\System\PKRXwPu.exe
  2⤵
  PID:9944
- C:\Windows\System\nvKLMVW.exe
  C:\Windows\System\nvKLMVW.exe
  2⤵
  PID:10272
- C:\Windows\System\XgXXjpn.exe
  C:\Windows\System\XgXXjpn.exe
  2⤵
  PID:10292
- C:\Windows\System\GCgHWjN.exe
  C:\Windows\System\GCgHWjN.exe
  2⤵
  PID:10328
- C:\Windows\System\zUIyWGo.exe
  C:\Windows\System\zUIyWGo.exe
  2⤵
  PID:10356
- C:\Windows\System\njsBxSY.exe
  C:\Windows\System\njsBxSY.exe
  2⤵
  PID:10384
- C:\Windows\System\sHkvVsO.exe
  C:\Windows\System\sHkvVsO.exe
  2⤵
  PID:10420
- C:\Windows\System\RqFNENC.exe
  C:\Windows\System\RqFNENC.exe
  2⤵
  PID:10460
- C:\Windows\System\JqrIwhJ.exe
  C:\Windows\System\JqrIwhJ.exe
  2⤵
  PID:10500
- C:\Windows\System\tIFRDub.exe
  C:\Windows\System\tIFRDub.exe
  2⤵
  PID:10528
- C:\Windows\System\HNikOKI.exe
  C:\Windows\System\HNikOKI.exe
  2⤵
  PID:10556
- C:\Windows\System\SllzJWE.exe
  C:\Windows\System\SllzJWE.exe
  2⤵
  PID:10584
- C:\Windows\System\RyhpFsD.exe
  C:\Windows\System\RyhpFsD.exe
  2⤵
  PID:10616
- C:\Windows\System\eHxSxOG.exe
  C:\Windows\System\eHxSxOG.exe
  2⤵
  PID:10644
- C:\Windows\System\GvNcBOb.exe
  C:\Windows\System\GvNcBOb.exe
  2⤵
  PID:10672
- C:\Windows\System\jvFhiam.exe
  C:\Windows\System\jvFhiam.exe
  2⤵
  PID:10700
- C:\Windows\System\Jlwtktg.exe
  C:\Windows\System\Jlwtktg.exe
  2⤵
  PID:10728
- C:\Windows\System\NsmOJFJ.exe
  C:\Windows\System\NsmOJFJ.exe
  2⤵
  PID:10752
- C:\Windows\System\gpmdVcP.exe
  C:\Windows\System\gpmdVcP.exe
  2⤵
  PID:10784
- C:\Windows\System\SPqRrVh.exe
  C:\Windows\System\SPqRrVh.exe
  2⤵
  PID:10800
- C:\Windows\System\wSHgaOr.exe
  C:\Windows\System\wSHgaOr.exe
  2⤵
  PID:10840
- C:\Windows\System\eAWWoOE.exe
  C:\Windows\System\eAWWoOE.exe
  2⤵
  PID:10868
- C:\Windows\System\rPwbcfz.exe
  C:\Windows\System\rPwbcfz.exe
  2⤵
  PID:10892
- C:\Windows\System\lgPJxvg.exe
  C:\Windows\System\lgPJxvg.exe
  2⤵
  PID:10912
- C:\Windows\System\OtIVyjq.exe
  C:\Windows\System\OtIVyjq.exe
  2⤵
  PID:10936
- C:\Windows\System\DxoSRfS.exe
  C:\Windows\System\DxoSRfS.exe
  2⤵
  PID:10980
- C:\Windows\System\wmcfcme.exe
  C:\Windows\System\wmcfcme.exe
  2⤵
  PID:11012
- C:\Windows\System\EHAcyCE.exe
  C:\Windows\System\EHAcyCE.exe
  2⤵
  PID:11040
- C:\Windows\System\TGpugKO.exe
  C:\Windows\System\TGpugKO.exe
  2⤵
  PID:11064
- C:\Windows\System\JzXvkNU.exe
  C:\Windows\System\JzXvkNU.exe
  2⤵
  PID:11084
- C:\Windows\System\NJthczU.exe
  C:\Windows\System\NJthczU.exe
  2⤵
  PID:11116
- C:\Windows\System\FqdnxWo.exe
  C:\Windows\System\FqdnxWo.exe
  2⤵
  PID:11140
- C:\Windows\System\AgYZCZL.exe
  C:\Windows\System\AgYZCZL.exe
  2⤵
  PID:11168
- C:\Windows\System\EjTxuyE.exe
  C:\Windows\System\EjTxuyE.exe
  2⤵
  PID:11208
- C:\Windows\System\VylJgUs.exe
  C:\Windows\System\VylJgUs.exe
  2⤵
  PID:11236
- C:\Windows\System\VJWswsL.exe
  C:\Windows\System\VJWswsL.exe
  2⤵
  PID:9688
- C:\Windows\System\qSoxmQB.exe
  C:\Windows\System\qSoxmQB.exe
  2⤵
  PID:10308
- C:\Windows\System\QCYFiOd.exe
  C:\Windows\System\QCYFiOd.exe
  2⤵
  PID:10340
- C:\Windows\System\foVxOlg.exe
  C:\Windows\System\foVxOlg.exe
  2⤵
  PID:10416
- C:\Windows\System\cXuaQuN.exe
  C:\Windows\System\cXuaQuN.exe
  2⤵
  PID:10520
- C:\Windows\System\nGxNaVG.exe
  C:\Windows\System\nGxNaVG.exe
  2⤵
  PID:10572
- C:\Windows\System\URzrEMR.exe
  C:\Windows\System\URzrEMR.exe
  2⤵
  PID:10628
- C:\Windows\System\agrcjTb.exe
  C:\Windows\System\agrcjTb.exe
  2⤵
  PID:10716
- C:\Windows\System\edlmYDQ.exe
  C:\Windows\System\edlmYDQ.exe
  2⤵
  PID:10768
- C:\Windows\System\VcUjMwt.exe
  C:\Windows\System\VcUjMwt.exe
  2⤵
  PID:10836
- C:\Windows\System\DuUzUXC.exe
  C:\Windows\System\DuUzUXC.exe
  2⤵
  PID:10888
- C:\Windows\System\KNRuSDZ.exe
  C:\Windows\System\KNRuSDZ.exe
  2⤵
  PID:10960
- C:\Windows\System\yNJbwLL.exe
  C:\Windows\System\yNJbwLL.exe
  2⤵
  PID:10996
- C:\Windows\System\IQHuqkE.exe
  C:\Windows\System\IQHuqkE.exe
  2⤵
  PID:11072
- C:\Windows\System\QQlFCSQ.exe
  C:\Windows\System\QQlFCSQ.exe
  2⤵
  PID:11152
- C:\Windows\System\ertFPdY.exe
  C:\Windows\System\ertFPdY.exe
  2⤵
  PID:11228
- C:\Windows\System\hEjIRSA.exe
  C:\Windows\System\hEjIRSA.exe
  2⤵
  PID:10256
- C:\Windows\System\zpxLilT.exe
  C:\Windows\System\zpxLilT.exe
  2⤵
  PID:10448
- C:\Windows\System\efiuUds.exe
  C:\Windows\System\efiuUds.exe
  2⤵
  PID:10548
- C:\Windows\System\JwsaYXG.exe
  C:\Windows\System\JwsaYXG.exe
  2⤵
  PID:10688
- C:\Windows\System\ehrRnhk.exe
  C:\Windows\System\ehrRnhk.exe
  2⤵
  PID:10932
- C:\Windows\System\TTetkVF.exe
  C:\Windows\System\TTetkVF.exe
  2⤵
  PID:11056
- C:\Windows\System\uTKueEF.exe
  C:\Windows\System\uTKueEF.exe
  2⤵
  PID:11132
- C:\Windows\System\oILKHti.exe
  C:\Windows\System\oILKHti.exe
  2⤵
  PID:10260
- C:\Windows\System\MHIAyaX.exe
  C:\Windows\System\MHIAyaX.exe
  2⤵
  PID:10668
- C:\Windows\System\zwuKMUQ.exe
  C:\Windows\System\zwuKMUQ.exe
  2⤵
  PID:11096
- C:\Windows\System\ETqVyEK.exe
  C:\Windows\System\ETqVyEK.exe
  2⤵
  PID:10992
- C:\Windows\System\iZCqjpn.exe
  C:\Windows\System\iZCqjpn.exe
  2⤵
  PID:10320
- C:\Windows\System\TVWtUvY.exe
  C:\Windows\System\TVWtUvY.exe
  2⤵
  PID:11304
- C:\Windows\System\JklZmBj.exe
  C:\Windows\System\JklZmBj.exe
  2⤵
  PID:11320
- C:\Windows\System\dcjpIKT.exe
  C:\Windows\System\dcjpIKT.exe
  2⤵
  PID:11336
- C:\Windows\System\WmZDeXv.exe
  C:\Windows\System\WmZDeXv.exe
  2⤵
  PID:11376
- C:\Windows\System\cljrDnk.exe
  C:\Windows\System\cljrDnk.exe
  2⤵
  PID:11408
- C:\Windows\System\VvIFTYx.exe
  C:\Windows\System\VvIFTYx.exe
  2⤵
  PID:11432
- C:\Windows\System\xQnvgbu.exe
  C:\Windows\System\xQnvgbu.exe
  2⤵
  PID:11472
- C:\Windows\System\HKOOnwK.exe
  C:\Windows\System\HKOOnwK.exe
  2⤵
  PID:11500
- C:\Windows\System\sapCxIa.exe
  C:\Windows\System\sapCxIa.exe
  2⤵
  PID:11516
- C:\Windows\System\tjyoAoD.exe
  C:\Windows\System\tjyoAoD.exe
  2⤵
  PID:11544
- C:\Windows\System\KhjDfzQ.exe
  C:\Windows\System\KhjDfzQ.exe
  2⤵
  PID:11568
- C:\Windows\System\nrdELXL.exe
  C:\Windows\System\nrdELXL.exe
  2⤵
  PID:11596
- C:\Windows\System\nqoBSgh.exe
  C:\Windows\System\nqoBSgh.exe
  2⤵
  PID:11628
- C:\Windows\System\yGgXynN.exe
  C:\Windows\System\yGgXynN.exe
  2⤵
  PID:11656
- C:\Windows\System\IHmdfmJ.exe
  C:\Windows\System\IHmdfmJ.exe
  2⤵
  PID:11700
- C:\Windows\System\kNnxHCe.exe
  C:\Windows\System\kNnxHCe.exe
  2⤵
  PID:11716
- C:\Windows\System\GPlTgZI.exe
  C:\Windows\System\GPlTgZI.exe
  2⤵
  PID:11756
- C:\Windows\System\vXTaaSs.exe
  C:\Windows\System\vXTaaSs.exe
  2⤵
  PID:11772
- C:\Windows\System\BXppdLB.exe
  C:\Windows\System\BXppdLB.exe
  2⤵
  PID:11804
- C:\Windows\System\dNljfpW.exe
  C:\Windows\System\dNljfpW.exe
  2⤵
  PID:11832
- C:\Windows\System\FjFMSYR.exe
  C:\Windows\System\FjFMSYR.exe
  2⤵
  PID:11860
- C:\Windows\System\vNQxVeh.exe
  C:\Windows\System\vNQxVeh.exe
  2⤵
  PID:11884
- C:\Windows\System\wTAdnQx.exe
  C:\Windows\System\wTAdnQx.exe
  2⤵
  PID:11916
- C:\Windows\System\lYAHSVD.exe
  C:\Windows\System\lYAHSVD.exe
  2⤵
  PID:11968
- C:\Windows\System\pKzHfMs.exe
  C:\Windows\System\pKzHfMs.exe
  2⤵
  PID:11988
- C:\Windows\System\bTkVgLd.exe
  C:\Windows\System\bTkVgLd.exe
  2⤵
  PID:12016
- C:\Windows\System\uFHFsFh.exe
  C:\Windows\System\uFHFsFh.exe
  2⤵
  PID:12044
- C:\Windows\System\pkbJTNH.exe
  C:\Windows\System\pkbJTNH.exe
  2⤵
  PID:12072
- C:\Windows\System\rXduyQD.exe
  C:\Windows\System\rXduyQD.exe
  2⤵
  PID:12088
- C:\Windows\System\aImCUYC.exe
  C:\Windows\System\aImCUYC.exe
  2⤵
  PID:12116
- C:\Windows\System\QkeFNQl.exe
  C:\Windows\System\QkeFNQl.exe
  2⤵
  PID:12156
- C:\Windows\System\AOAjrPF.exe
  C:\Windows\System\AOAjrPF.exe
  2⤵
  PID:12184
- C:\Windows\System\RBheNnb.exe
  C:\Windows\System\RBheNnb.exe
  2⤵
  PID:12212
- C:\Windows\System\gMFnmaF.exe
  C:\Windows\System\gMFnmaF.exe
  2⤵
  PID:12240
- C:\Windows\System\hZWUvAV.exe
  C:\Windows\System\hZWUvAV.exe
  2⤵
  PID:12268
- C:\Windows\System\zILpjuy.exe
  C:\Windows\System\zILpjuy.exe
  2⤵
  PID:11252
- C:\Windows\System\vBzpjWx.exe
  C:\Windows\System\vBzpjWx.exe
  2⤵
  PID:11328
- C:\Windows\System\QvgutQh.exe
  C:\Windows\System\QvgutQh.exe
  2⤵
  PID:11388
- C:\Windows\System\rAOyemP.exe
  C:\Windows\System\rAOyemP.exe
  2⤵
  PID:11420
- C:\Windows\System\SUlBRjw.exe
  C:\Windows\System\SUlBRjw.exe
  2⤵
  PID:11488
- C:\Windows\System\uqvemiz.exe
  C:\Windows\System\uqvemiz.exe
  2⤵
  PID:11592
- C:\Windows\System\WrPOXjb.exe
  C:\Windows\System\WrPOXjb.exe
  2⤵
  PID:11652
- C:\Windows\System\zhKFCIP.exe
  C:\Windows\System\zhKFCIP.exe
  2⤵
  PID:11692
- C:\Windows\System\bIVfumn.exe
  C:\Windows\System\bIVfumn.exe
  2⤵
  PID:11728
- C:\Windows\System\ZJwjIsr.exe
  C:\Windows\System\ZJwjIsr.exe
  2⤵
  PID:11812
- C:\Windows\System\dAdxJTt.exe
  C:\Windows\System\dAdxJTt.exe
  2⤵
  PID:11824
- C:\Windows\System\zavSBAr.exe
  C:\Windows\System\zavSBAr.exe
  2⤵
  PID:11932
- C:\Windows\System\dafKCKy.exe
  C:\Windows\System\dafKCKy.exe
  2⤵
  PID:12008
- C:\Windows\System\CjonoUx.exe
  C:\Windows\System\CjonoUx.exe
  2⤵
  PID:12036
- C:\Windows\System\Pcjezkx.exe
  C:\Windows\System\Pcjezkx.exe
  2⤵
  PID:12100
- C:\Windows\System\YJuyiSz.exe
  C:\Windows\System\YJuyiSz.exe
  2⤵
  PID:12172
- C:\Windows\System\umaIRWt.exe
  C:\Windows\System\umaIRWt.exe
  2⤵
  PID:12228
- C:\Windows\System\HhMdBLb.exe
  C:\Windows\System\HhMdBLb.exe
  2⤵
  PID:11296
- C:\Windows\System\SytqiHl.exe
  C:\Windows\System\SytqiHl.exe
  2⤵
  PID:11428
- C:\Windows\System\kEnfkal.exe
  C:\Windows\System\kEnfkal.exe
  2⤵
  PID:11676
- C:\Windows\System\HrCrazl.exe
  C:\Windows\System\HrCrazl.exe
  2⤵
  PID:11768
- C:\Windows\System\Zjsadui.exe
  C:\Windows\System\Zjsadui.exe
  2⤵
  PID:12004
- C:\Windows\System\wKwSGSv.exe
  C:\Windows\System\wKwSGSv.exe
  2⤵
  PID:12056
- C:\Windows\System\DZJkDBR.exe
  C:\Windows\System\DZJkDBR.exe
  2⤵
  PID:12276
- C:\Windows\System\THquXKv.exe
  C:\Windows\System\THquXKv.exe
  2⤵
  PID:11484
- C:\Windows\System\pJhBkEv.exe
  C:\Windows\System\pJhBkEv.exe
  2⤵
  PID:12284
- C:\Windows\System\xJsHTbe.exe
  C:\Windows\System\xJsHTbe.exe
  2⤵
  PID:12300
- C:\Windows\System\qQDLKsZ.exe
  C:\Windows\System\qQDLKsZ.exe
  2⤵
  PID:12332
- C:\Windows\System\YcWHpxB.exe
  C:\Windows\System\YcWHpxB.exe
  2⤵
  PID:12356
- C:\Windows\System\BqubdDk.exe
  C:\Windows\System\BqubdDk.exe
  2⤵
  PID:12384
- C:\Windows\System\OvuCehq.exe
  C:\Windows\System\OvuCehq.exe
  2⤵
  PID:12416
- C:\Windows\System\BKBBKRr.exe
  C:\Windows\System\BKBBKRr.exe
  2⤵
  PID:12468
- C:\Windows\System\jElmpmg.exe
  C:\Windows\System\jElmpmg.exe
  2⤵
  PID:12500
- C:\Windows\System\mpelTaJ.exe
  C:\Windows\System\mpelTaJ.exe
  2⤵
  PID:12536
- C:\Windows\System\sivVPbC.exe
  C:\Windows\System\sivVPbC.exe
  2⤵
  PID:12568
- C:\Windows\System\BkdOqSF.exe
  C:\Windows\System\BkdOqSF.exe
  2⤵
  PID:12604
- C:\Windows\System\BuYOHki.exe
  C:\Windows\System\BuYOHki.exe
  2⤵
  PID:12640
- C:\Windows\System\gEsSjRX.exe
  C:\Windows\System\gEsSjRX.exe
  2⤵
  PID:12664
- C:\Windows\System\sIfLSbs.exe
  C:\Windows\System\sIfLSbs.exe
  2⤵
  PID:12680
- C:\Windows\System\LQuzBSk.exe
  C:\Windows\System\LQuzBSk.exe
  2⤵
  PID:12704
- C:\Windows\System\NlOkDcU.exe
  C:\Windows\System\NlOkDcU.exe
  2⤵
  PID:12752
- C:\Windows\System\UwdxMdm.exe
  C:\Windows\System\UwdxMdm.exe
  2⤵
  PID:12792
- C:\Windows\System\JaCxGir.exe
  C:\Windows\System\JaCxGir.exe
  2⤵
  PID:12808
- C:\Windows\System\juPYkPU.exe
  C:\Windows\System\juPYkPU.exe
  2⤵
  PID:12828
- C:\Windows\System\RpehaQo.exe
  C:\Windows\System\RpehaQo.exe
  2⤵
  PID:12856
- C:\Windows\System\CNLUlZT.exe
  C:\Windows\System\CNLUlZT.exe
  2⤵
  PID:12896
- C:\Windows\System\drzZaRr.exe
  C:\Windows\System\drzZaRr.exe
  2⤵
  PID:12928
- C:\Windows\System\ZsBTKlH.exe
  C:\Windows\System\ZsBTKlH.exe
  2⤵
  PID:12964
- C:\Windows\System\IAPKRTt.exe
  C:\Windows\System\IAPKRTt.exe
  2⤵
  PID:12996
- C:\Windows\System\AUQaGHa.exe
  C:\Windows\System\AUQaGHa.exe
  2⤵
  PID:13024
- C:\Windows\System\cjryvHT.exe
  C:\Windows\System\cjryvHT.exe
  2⤵
  PID:13044
- C:\Windows\System\PJMIMHL.exe
  C:\Windows\System\PJMIMHL.exe
  2⤵
  PID:13072
- C:\Windows\System\uvpxhWx.exe
  C:\Windows\System\uvpxhWx.exe
  2⤵
  PID:13120
- C:\Windows\System\KcJcOud.exe
  C:\Windows\System\KcJcOud.exe
  2⤵
  PID:13140
- C:\Windows\System\XKFLrGW.exe
  C:\Windows\System\XKFLrGW.exe
  2⤵
  PID:13172
- C:\Windows\System\xCDWEpe.exe
  C:\Windows\System\xCDWEpe.exe
  2⤵
  PID:13204
- C:\Windows\System\txRINBo.exe
  C:\Windows\System\txRINBo.exe
  2⤵
  PID:13232
- C:\Windows\System\qnqKnaZ.exe
  C:\Windows\System\qnqKnaZ.exe
  2⤵
  PID:13264
- C:\Windows\System\vsVbmmu.exe
  C:\Windows\System\vsVbmmu.exe
  2⤵
  PID:13292
- C:\Windows\System\uworVBW.exe
  C:\Windows\System\uworVBW.exe
  2⤵
  PID:12328
- C:\Windows\System\gsYndfZ.exe
  C:\Windows\System\gsYndfZ.exe
  2⤵
  PID:12400
- C:\Windows\System\zEgGwWj.exe
  C:\Windows\System\zEgGwWj.exe
  2⤵
  PID:12432
- C:\Windows\System\nlOvVOd.exe
  C:\Windows\System\nlOvVOd.exe
  2⤵
  PID:12528
- C:\Windows\System\yHKlNdI.exe
  C:\Windows\System\yHKlNdI.exe
  2⤵
  PID:12584
- C:\Windows\System\OmtwuCu.exe
  C:\Windows\System\OmtwuCu.exe
  2⤵
  PID:12672
- C:\Windows\System\gBlYDOh.exe
  C:\Windows\System\gBlYDOh.exe
  2⤵
  PID:12748
- C:\Windows\System\AfuUfGD.exe
  C:\Windows\System\AfuUfGD.exe
  2⤵
  PID:12820
- C:\Windows\System\sqLjqPq.exe
  C:\Windows\System\sqLjqPq.exe
  2⤵
  PID:12876
- C:\Windows\System\IICimEX.exe
  C:\Windows\System\IICimEX.exe
  2⤵
  PID:12976
- C:\Windows\System\ukrqTMS.exe
  C:\Windows\System\ukrqTMS.exe
  2⤵
  PID:13020
- C:\Windows\System\hiuSpPn.exe
  C:\Windows\System\hiuSpPn.exe
  2⤵
  PID:13092
- C:\Windows\System\BmFUrLM.exe
  C:\Windows\System\BmFUrLM.exe
  2⤵
  PID:13180
- C:\Windows\System\ujRtguD.exe
  C:\Windows\System\ujRtguD.exe
  2⤵
  PID:13192
- C:\Windows\System\rBxmCph.exe
  C:\Windows\System\rBxmCph.exe
  2⤵
  PID:12344
- C:\Windows\System\GMkjwky.exe
  C:\Windows\System\GMkjwky.exe
  2⤵
  PID:12396
- C:\Windows\System\JQJFyuB.exe
  C:\Windows\System\JQJFyuB.exe
  2⤵
  PID:12560
- C:\Windows\System\IMaFcAx.exe
  C:\Windows\System\IMaFcAx.exe
  2⤵
  PID:12696
- C:\Windows\System\LTWnjvw.exe
  C:\Windows\System\LTWnjvw.exe
  2⤵
  PID:12888
- C:\Windows\System\PCHwijt.exe
  C:\Windows\System\PCHwijt.exe
  2⤵
  PID:13084
- C:\Windows\System\kmExshp.exe
  C:\Windows\System\kmExshp.exe
  2⤵
  PID:13224
- C:\Windows\System\YJFCfRm.exe
  C:\Windows\System\YJFCfRm.exe
  2⤵
  PID:12352
- C:\Windows\System\aSiwmYo.exe
  C:\Windows\System\aSiwmYo.exe
  2⤵
  PID:12656
- C:\Windows\System\sdcJWDH.exe
  C:\Windows\System\sdcJWDH.exe
  2⤵
  PID:13060
- C:\Windows\System\pDjcUvz.exe
  C:\Windows\System\pDjcUvz.exe
  2⤵
  PID:12444
- C:\Windows\System\UmFqXpO.exe
  C:\Windows\System\UmFqXpO.exe
  2⤵
  PID:13068
- C:\Windows\System\wkDQIcF.exe
  C:\Windows\System\wkDQIcF.exe
  2⤵
  PID:13344
- C:\Windows\System\sRaliyj.exe
  C:\Windows\System\sRaliyj.exe
  2⤵
  PID:13388
- C:\Windows\System\wsZbytM.exe
  C:\Windows\System\wsZbytM.exe
  2⤵
  PID:13416
- C:\Windows\System\nezCwpl.exe
  C:\Windows\System\nezCwpl.exe
  2⤵
  PID:13444
- C:\Windows\System\OYClQlG.exe
  C:\Windows\System\OYClQlG.exe
  2⤵
  PID:13460
- C:\Windows\System\pBpYiWl.exe
  C:\Windows\System\pBpYiWl.exe
  2⤵
  PID:13492
- C:\Windows\System\PkqFigh.exe
  C:\Windows\System\PkqFigh.exe
  2⤵
  PID:13516
- C:\Windows\System\pRKeWoG.exe
  C:\Windows\System\pRKeWoG.exe
  2⤵
  PID:13552
- C:\Windows\System\DGUpWkg.exe
  C:\Windows\System\DGUpWkg.exe
  2⤵
  PID:13572
- C:\Windows\System\DrYBLFc.exe
  C:\Windows\System\DrYBLFc.exe
  2⤵
  PID:13608
- C:\Windows\System\ScfYBct.exe
  C:\Windows\System\ScfYBct.exe
  2⤵
  PID:13632
- C:\Windows\System\JljefSm.exe
  C:\Windows\System\JljefSm.exe
  2⤵
  PID:13668
- C:\Windows\System\HpWmTlV.exe
  C:\Windows\System\HpWmTlV.exe
  2⤵
  PID:13696
- C:\Windows\System\JLgIrWs.exe
  C:\Windows\System\JLgIrWs.exe
  2⤵
  PID:13712
- C:\Windows\System\nDFdPmI.exe
  C:\Windows\System\nDFdPmI.exe
  2⤵
  PID:13752
- C:\Windows\System\rqTZFmU.exe
  C:\Windows\System\rqTZFmU.exe
  2⤵
  PID:13780
- C:\Windows\System\jWBvPHU.exe
  C:\Windows\System\jWBvPHU.exe
  2⤵
  PID:13808
- C:\Windows\System\PvEcZFP.exe
  C:\Windows\System\PvEcZFP.exe
  2⤵
  PID:13836
- C:\Windows\System\zLFWMhK.exe
  C:\Windows\System\zLFWMhK.exe
  2⤵
  PID:13864
- C:\Windows\System\FZSxIHZ.exe
  C:\Windows\System\FZSxIHZ.exe
  2⤵
  PID:13888
- C:\Windows\System\YMtfUEp.exe
  C:\Windows\System\YMtfUEp.exe
  2⤵
  PID:13920
- C:\Windows\System\ptrLZvu.exe
  C:\Windows\System\ptrLZvu.exe
  2⤵
  PID:13936
- C:\Windows\System\rZaTlFk.exe
  C:\Windows\System\rZaTlFk.exe
  2⤵
  PID:13968
- C:\Windows\System\KepSuGB.exe
  C:\Windows\System\KepSuGB.exe
  2⤵
  PID:13992
- C:\Windows\System\ITIGGiK.exe
  C:\Windows\System\ITIGGiK.exe
  2⤵
  PID:14032
- C:\Windows\System\WjobQYt.exe
  C:\Windows\System\WjobQYt.exe
  2⤵
  PID:14052
- C:\Windows\System\APBzsRN.exe
  C:\Windows\System\APBzsRN.exe
  2⤵
  PID:14088
- C:\Windows\System\hJPVbCx.exe
  C:\Windows\System\hJPVbCx.exe
  2⤵
  PID:14112
- C:\Windows\System\eSEPtNz.exe
  C:\Windows\System\eSEPtNz.exe
  2⤵
  PID:14132
- C:\Windows\System\aYqPIZS.exe
  C:\Windows\System\aYqPIZS.exe
  2⤵
  PID:14172
- C:\Windows\System\AWEDyLd.exe
  C:\Windows\System\AWEDyLd.exe
  2⤵
  PID:14192
- C:\Windows\System\scqhDGW.exe
  C:\Windows\System\scqhDGW.exe
  2⤵
  PID:14228
- C:\Windows\System\kguOrNv.exe
  C:\Windows\System\kguOrNv.exe
  2⤵
  PID:14248
- C:\Windows\System\bymAHne.exe
  C:\Windows\System\bymAHne.exe
  2⤵
  PID:14288
- C:\Windows\System\vgkxNVm.exe
  C:\Windows\System\vgkxNVm.exe
  2⤵
  PID:14304
- C:\Windows\System\WGlGTCi.exe
  C:\Windows\System\WGlGTCi.exe
  2⤵
  PID:13328
- C:\Windows\System\ckkltuO.exe
  C:\Windows\System\ckkltuO.exe
  2⤵
  PID:12768
- C:\Windows\System\KkUcNXT.exe
  C:\Windows\System\KkUcNXT.exe
  2⤵
  PID:13384
- C:\Windows\System\ZnFapKA.exe
  C:\Windows\System\ZnFapKA.exe
  2⤵
  PID:13428
- C:\Windows\System\ivEVQJv.exe
  C:\Windows\System\ivEVQJv.exe
  2⤵
  PID:13568
- C:\Windows\System\WByGbZb.exe
  C:\Windows\System\WByGbZb.exe
  2⤵
  PID:13628
- C:\Windows\System\qQggxCN.exe
  C:\Windows\System\qQggxCN.exe
  2⤵
  PID:2520
- C:\Windows\System\CSWJNOu.exe
  C:\Windows\System\CSWJNOu.exe
  2⤵
  PID:3848
- C:\Windows\System\HykggqS.exe
  C:\Windows\System\HykggqS.exe
  2⤵
  PID:4976
- C:\Windows\System\xmHasys.exe
  C:\Windows\System\xmHasys.exe
  2⤵
  PID:13800
- C:\Windows\System\quCpBgJ.exe
  C:\Windows\System\quCpBgJ.exe
  2⤵
  PID:13904
- C:\Windows\System\qjLwtSh.exe
  C:\Windows\System\qjLwtSh.exe
  2⤵
  PID:13960
- C:\Windows\System\GFXydAB.exe
  C:\Windows\System\GFXydAB.exe
  2⤵
  PID:14012
- C:\Windows\System\rRGrwmK.exe
  C:\Windows\System\rRGrwmK.exe
  2⤵
  PID:14084
- C:\Windows\System\wlZoBvW.exe
  C:\Windows\System\wlZoBvW.exe
  2⤵
  PID:14128
- C:\Windows\System\boMFZZD.exe
  C:\Windows\System\boMFZZD.exe
  2⤵
  PID:14180
- C:\Windows\System\GVEoarJ.exe
  C:\Windows\System\GVEoarJ.exe
  2⤵
  PID:14236
- C:\Windows\System\mLyjVUZ.exe
  C:\Windows\System\mLyjVUZ.exe
  2⤵
  PID:14328
- C:\Windows\System\FCmpQdn.exe
  C:\Windows\System\FCmpQdn.exe
  2⤵
  PID:13332
- C:\Windows\System\hKZtDwH.exe
  C:\Windows\System\hKZtDwH.exe
  2⤵
  PID:13452
- C:\Windows\System\zfCxktT.exe
  C:\Windows\System\zfCxktT.exe
  2⤵
  PID:13660
- C:\Windows\System\yKWLqzb.exe
  C:\Windows\System\yKWLqzb.exe
  2⤵
  PID:13704
- C:\Windows\System\KBJNHFc.exe
  C:\Windows\System\KBJNHFc.exe
  2⤵
  PID:13956
- C:\Windows\System\LdXerbe.exe
  C:\Windows\System\LdXerbe.exe
  2⤵
  PID:14096
- C:\Windows\System\baaBMRc.exe
  C:\Windows\System\baaBMRc.exe
  2⤵
  PID:14276
- C:\Windows\System\sZcNtbw.exe
  C:\Windows\System\sZcNtbw.exe
  2⤵
  PID:13336
- C:\Windows\System\iwxBOPr.exe
  C:\Windows\System\iwxBOPr.exe
  2⤵
  PID:13872
- C:\Windows\System\DyWBfKK.exe
  C:\Windows\System\DyWBfKK.exe
  2⤵
  PID:14200
- C:\Windows\System\RnkcdHi.exe
  C:\Windows\System\RnkcdHi.exe
  2⤵
  PID:13792
- C:\Windows\System\CoChZYh.exe
  C:\Windows\System\CoChZYh.exe
  2⤵
  PID:13100
- C:\Windows\System\XeGrnlL.exe
  C:\Windows\System\XeGrnlL.exe
  2⤵
  PID:14352
- C:\Windows\System\jBmhaQl.exe
  C:\Windows\System\jBmhaQl.exe
  2⤵
  PID:14376
- C:\Windows\System\pUjfkJL.exe
  C:\Windows\System\pUjfkJL.exe
  2⤵
  PID:14404

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BeahyVW.exe

Filesize
2.2MB

MD5
694209af3ce44198ee8a47dfebff551a

SHA1
82f53b0e917f060ae3223dfdb2bae60fc70a55ed

SHA256
f6f9f9bad50bcade26f3400fb0fe5c3c336c769e8651c914712f38606a693157

SHA512
60d9d5dcf586f78db54e2431146e68edf08d92e06559d10d29be6496a7942107b9635ef396b19c56150fac479d8651bdad5bd5b942396463e0fe0f21cf7682d0

Download Submit
C:\Windows\System\CDVyAMx.exe

Filesize
2.2MB

MD5
0b19bf809b9743ff6aeae916bffcfbab

SHA1
09ca2c52ab5f0c57f75892fa65abe2c1ee4e5455

SHA256
106bacfa5a049ba1913a86eb0ead843198724569f2ec933dcaec0695e0c507fb

SHA512
b83bcf7fec0d4fe5ea4398f267881ddf51d68222fbdbaa90cacc90e6429ffd85a8fe8566771f11668b17908e76061f166317f3fa3ab3405432a9fc02f3cc4b3f

Download Submit
C:\Windows\System\DhshFAM.exe

Filesize
2.2MB

MD5
aa0cdd7d22183d40b5ed516e9de90426

SHA1
75b2f52c4d623968e1c417672ca9b7d3eddc6df4

SHA256
3448f8db6f3d85644433ce7255621dc02d1eb1f473c7214c900d2e57943d9646

SHA512
aea3e09557ddab0768177fde860f0e7aaf5ad959f8a57f7a76144f2bef69092dd498d3b354e6ae9e293256c70e41ab770279d3c9c1609d6641b91391d1281395

Download Submit
C:\Windows\System\EUOYnIB.exe

Filesize
2.2MB

MD5
f664c0808d04f14fda7e8ff2d9da6a01

SHA1
f881e7ae1a03ddeef5aa872df79824f8b8814f6f

SHA256
7ff3e0ac9f4a8da822302885df95b891c5740fe201f53a1f3312323ac82cdc91

SHA512
553ec6e9bf097276ee90f9f0b48c90344e8e7eba97ea6793723a870ebc1c9563e1be5a234052035f2dc7327192a08e10b0df5557244cc39a403f731862563097

Download Submit
C:\Windows\System\GOlpRXz.exe

Filesize
2.2MB

MD5
175fef09bb794aea084f5581b0a51744

SHA1
616c42cad475bdf9cdc8866c4a76b878a8f9ec8a

SHA256
f21fbb0fc9fa84a61f7f2d4ca91ba5fe0ce20b493decde60a61a95d7476a6e3d

SHA512
fb98ac53f5847fc0d5ede14cedce917e7937ee2561a71d68ec57daf23195cba27f82bb770a283b18dcc72b39b0c7fffa86be472195198186ecc66b67f1f629b8

Download Submit
C:\Windows\System\HHpxFit.exe

Filesize
2.2MB

MD5
27efbb78e4f422202ef5f18860c00a28

SHA1
097d4926763abf2d14f268e1a7902328c002f812

SHA256
b2421b8ac46164c8867981f1b819522c58f2f29fa5e09f13489450eaba1650b3

SHA512
38110d7ed0aa0660beb3a0927958db571b71f18221eb29bdebe95d62580af683588007f6feb93123ef873f856742d68942f4105f077f57d3b7bde7bf8961088b

Download Submit
C:\Windows\System\HoMkHjS.exe

Filesize
2.2MB

MD5
cdabdf67eb1fd53701c101a3cd4ad11b

SHA1
1955182bd5800408f26cb3f799cce2321ad6e9b5

SHA256
7fdbc0b3fffaaa029c5edec0ded1758062a539d5b35d52a35afa24e6105dd2d7

SHA512
2f7fead16a90bfb76753df3ef3615c7ebd29c4500c69cbc1f9a313e7a083a97143f1f319a66995d9f9a2df84dcec9a61df522ea90d933ae6146a441c7cd31c90

Download Submit
C:\Windows\System\IYWYDqs.exe

Filesize
2.2MB

MD5
c5dcc68b381ce611a50d4c49cbcfe3bf

SHA1
bb391b0ac236a296bf118667e95a82baa69daa91

SHA256
8f223079b6bf2df4f953bc1a14c11e8ee185d9d6f8b5543ad9f631c368101d98

SHA512
da37295be82c9b577d0a556087206a15b5bf77a6db2f350bde771528f7698e06afb497bbe15773c656f30d47f382c9f7eccf2a0f199e308a478f46d242eacbb6

Download Submit
C:\Windows\System\LvuupJB.exe

Filesize
2.2MB

MD5
ca8ffb79ec60274efcded0424a2dc7b1

SHA1
baab63823db9e3b1dbe8883ac37474b915791001

SHA256
7e82d985a1a90762a63b3928e96bab1c5224dab02d982c55ed0a45d2e5f483e1

SHA512
c114b9bddf63fafc2da015577f3dd2aecd74dfdb0e0453a901f90cdfc0aefcb3d324c3f1ffe4e6a5a107fe28e88f8a05c0d174cae7ee97599678931e18d2d659

Download Submit
C:\Windows\System\McHodWP.exe

Filesize
2.2MB

MD5
6e3dc0382bf80ccafc1aad0daaf55f5f

SHA1
1574883a4bdae7b9a453031f25429882921ad42d

SHA256
6ee3f9e5ec54932cf2a3e20350538e1fc93bc0e54897ef47e8ed1a6f188524d4

SHA512
a4655880da1bab7878b6ac334f68c5619c7e2ce93dca8ea76d8e155404f85705bafed3f67ada40b1cb7330ffa804db211aa9b88ec4b8ebe588a4bd0d7bbb8ace

Download Submit
C:\Windows\System\PLirDQw.exe

Filesize
2.2MB

MD5
f49b971697c47e4a8cc880f12963f243

SHA1
fba175d5d6c261366afc268d9a39f0c47f9079c4

SHA256
c6823a20b4d2708a7ca44567616d5ac9da1689fa04bf92010c2206411204c9a5

SHA512
79286a64eee487ac18fd5862150fec1a41bdc110f4d3cd6799ab2ad8aebaab4f094b93f9632e08dea1df38572cb85197d679f0b1832f39bb03f70cd201cf5cb3

Download Submit
C:\Windows\System\PrGDXuw.exe

Filesize
2.2MB

MD5
edf89528a5ffbd76f3ec8c0122fcf6e0

SHA1
1c05ea3f57f66fe85c92fd3eb1ee79b370e7a5cf

SHA256
b80e1132335bddf69a402b58ed950901a0aa896a2ab409708ee966d3b967e056

SHA512
47c554558ca72f8509dc48a57eb35de307a239628246797871c7dbca929b4565cdc1dbbdb6afc49e0308fda285973662173519782dfe9cf5b31a797a7a73be78

Download Submit
C:\Windows\System\RIauckF.exe

Filesize
2.2MB

MD5
411bdec48a90f492dc638172025a2c85

SHA1
3ef7f6e3dbea7619d8b39813491093b1eb7dd264

SHA256
d575810e935df2dafd8de961dd60b1950bd3bbd18265350f541de4244c719cf0

SHA512
87951e2f56f97e9ab3e2bda564d34c660e93e99d43960757607f12127e3fefa20b81c4905fbd091962e44a24c65075d3b1d5eab9ced350534f7e0859755bbc8f

Download Submit
C:\Windows\System\RwYkMzt.exe

Filesize
2.2MB

MD5
5715a688af5b17cf87d11333ed7da3b7

SHA1
f5e03810c19e4c1f5ceb0013db3456482fdcb634

SHA256
97429ecf9f66f7daac4af42f61d2ad6ab198fc8967abcf8860d3ccd9954e2cbd

SHA512
aec545c5cb561e02537b2270511d77f02f4568006fb8cd41d68938e9ec85325bb43fcb36e995f84aeb00b9025fcbc0e1850a1978fa55870ad61b4b76a383db80

Download Submit
C:\Windows\System\SzbaUZj.exe

Filesize
2.2MB

MD5
8697a0982b7a9b06b916988a4087d64e

SHA1
f7479599cc5a378e5914154b555e1a69b05e5878

SHA256
93eeef4a052de2d6a732221026fe7a16a2ccaa417552d67f69e809d6dd8deec7

SHA512
b2d58e619db937a67e4ddc323727970e86cc9b3dd10b7ce4997f6585d2d7a0f93a777aebb2a48dfd271e9b1f14a80ee0cc31e9426571def383c100c07f9d254b

Download Submit
C:\Windows\System\XJMzfiD.exe

Filesize
2.2MB

MD5
01e5210ba1e948e6017b4b9dcecfe843

SHA1
24d01b8da4a0391ce13884346e0f95915fa9224c

SHA256
990aa73f36adbd4e88b57dd9a60a4e7d21b8d224046ee6f8a3d856df77c631ee

SHA512
a7cc93ebf4249311f985cc345f78aa9baa77aacecb72ac44f825b898af47fe76164faf5c5fd9b89aff600e5f1372b6c8c07e6ee4c571c6b073043f5e359a719a

Download Submit
C:\Windows\System\YqWZMoA.exe

Filesize
2.2MB

MD5
547ab3ba992a7a323091b9ebc79231bb

SHA1
fa2fc7c1d20fac99f1bf0ae35b2b493e5a3f5538

SHA256
5383ee3614ff7a18174dc7ab4a820604644f987ea6c1cd83765aa15685382638

SHA512
928f618de7ac8cfba7b3444909f1f3c62708c1d84e8820f0e0337ea33d43e36693dcfb72f8f43bc40a1bc037ea58ccc9bd0eccb16981686db959556ba636fce9

Download Submit
C:\Windows\System\aBkcqUY.exe

Filesize
2.2MB

MD5
123ae81eef557a0403a02812c3888f87

SHA1
bde5a87adcfc9e960d6fc99d9f00cf76f6530f04

SHA256
c29947d43bc6cb80943d4ee8130a4d8ea26a2b7d428bee51fff01c438a161958

SHA512
f29c88cc6c568c3cf21631e6e380f98221b22b84d2d57c33987cbe4522034660f50eaee73c5eaadfaf774fc87168479cee47a6b6daee3363258f05221e8149c0

Download Submit
C:\Windows\System\beKZLsX.exe

Filesize
2.2MB

MD5
df529411d25db63110df81a690a90b77

SHA1
47d2ce55a631cec4a9641612b205bc1a7e3987f3

SHA256
522d696b45189be5b890beb60a44361ec3b29eb75a118d2642645feacdd25797

SHA512
0639f2b11eb881c014691707a20ad28d9915e3342a87bcecf13cdb7fd57a0409291b5b9b1b85d1b0a7dbb7bf8e9d1a64f3c08fbe24c5a1fd37231af186df3ed9

Download Submit
C:\Windows\System\cfFWMWz.exe

Filesize
2.2MB

MD5
8d42eac8b5db85c7b1013a721e0a78fb

SHA1
0e66b97b8d3766e83ac465ecda0a7521708adbaa

SHA256
71de643b410af0d3e72070d6844a1d3f6f9c22a7671593b3d90ba0c0f49ef028

SHA512
980d03253805b7602be1ece04bbac56208e51e431ad44cab69eb8aed36aa8fee60d4c398a63eab7d87e5728214a60274f10e4393e259a1573b1f37ff9d7e3d69

Download Submit
C:\Windows\System\dLinToO.exe

Filesize
2.2MB

MD5
d901d7a0d8e3310ce05cb4bf2f3904f6

SHA1
5008e090ae8c467a1abdbd6a805ef5edc56192ab

SHA256
a4a6fa5bbbf81dccbf9648da4a88d7f40df3385fbf673c9b9e7fef90a5e6aeca

SHA512
b7c6df16e585df2d23337c5e88f3a1b9dd6b5f8019626ab5f6d3728a1212c7aeaec5523fdfba45e99622f15a3f1dcea270fe5d7eeb5f836b2594d5103840f7b8

Download Submit
C:\Windows\System\djcCSUD.exe

Filesize
2.2MB

MD5
69802c8c3a98e1c4d15dbd544a079657

SHA1
d508c677d497a2bb8b5cc63c0f6ea844c28ffdf8

SHA256
fef7199704cbc7112c4916d708613ca09e9c7968836d87ea63faaffeae0e614c

SHA512
100f73f7fc35215c9858c52ed790168bd8e618e73f10246107d98b3066aaf893241d02835edc395ce0cce47a3a6976dff544b61619a2e33e761dd7e238167dc6

Download Submit
C:\Windows\System\eBDPCfb.exe

Filesize
2.2MB

MD5
8810aa25495e182bce86e7718cbdee5e

SHA1
a8b2923fdcc3d61d22bdc2c2fd04ffd1042ae668

SHA256
31ed417011bf40f011e3e772fd5e79a604b64e829420a7fc2bb837c75983d47c

SHA512
d7904085c34169c8e361968f18f034bf63e6ab6f4cc6619acfcee2caeca858793c5f88cb43a6fc4473982142ab036519a2154f3d0d29da843e3f20728dd1acfe

Download Submit
C:\Windows\System\eBIcowq.exe

Filesize
2.2MB

MD5
cd267f3cb3fd21bb02c3499e6890abce

SHA1
01d2deb0c4de47e25e45c2b55b6d569ae89fe41b

SHA256
24b77673711b1821ba355420ca3eb8516ea04f33d713ab63e3c635217a6475b9

SHA512
76b195f602d3a22ca3814868b843a5e9ea957633dd64d27ae96d8471153676e160ea3476f5f116448b9e68c981de1e1226466253f32420cb72db4e20f19a303a

Download Submit
C:\Windows\System\fKOBDmM.exe

Filesize
2.2MB

MD5
414539b43c0e0ed0ae8242a41f6f318d

SHA1
d27efc72f6ec3752ce9665f09dcca320ccb32612

SHA256
b6678803d1226ebbca9a16ee779acd5431678111842cc0d302a0b62545b2a133

SHA512
e9111c7a1449ce904991313ae75127726013724130622b428f334dff6916d617af108f2657c6fdf2c8ecf81fb1544f58d3dd580e8591ebae79feeda3a20f3d89

Download Submit
C:\Windows\System\fuqhqpN.exe

Filesize
2.2MB

MD5
59daaaa9be578ab60a1a121d5d9fb729

SHA1
ec98ca6ba74728cc35bc53775ff8d2985d36e9e1

SHA256
1a87375a0b35ccbf225c3beeb66033f004bd271cec679991df96e83c4af1c1a0

SHA512
67267782a721137c5f3b39f2fb32845f66bfd2beb0f79d71d87b5949b3076c2ae1cb26c44e2be3cb9d1cfe99545849d854550897f58e5ca324c07559ddd75a82

Download Submit
C:\Windows\System\ggdzkDk.exe

Filesize
2.2MB

MD5
9326aa89e2863587e1e9e72993acad10

SHA1
871f013abb92c186ed1ac5a07af9e25a8dac2e9c

SHA256
b38c9b5ea0fee600d72815fa462d72d205f435f3e455c3d11567012d858f70bf

SHA512
27b10525eabe6e350d530a5c0a5a7e4edbd37b1aaf829b6b7bd6e2242225bdeabe6bbb93aa99c21c10f3237407fad6a98eb8aa11a53c3ff81ee30027a4a0b555

Download Submit
C:\Windows\System\iyHjHoG.exe

Filesize
2.2MB

MD5
a8ad4b03dd3685abe0304e8ce3d942a2

SHA1
cda532686cbf3308aea4aa09ace7a44eccad5033

SHA256
86565755ecc9735956adbac84b3c8badc033384193175744449ceec09db1745a

SHA512
cc1eaf11d7d0d88cd087d3a8035939a8fd9306b7075cde5b44551d8445c64359914ebc8a354f5047a97b97979129924e6feb3d9541ce7155772f51027d9f589a

Download Submit
C:\Windows\System\mKJNPpF.exe

Filesize
2.2MB

MD5
1f56732bc72c25a15cb368ac9315201b

SHA1
92049c63a7cbcbf2e8b13942f1aeb66e13027e8a

SHA256
29dd627bd223b0c615cb62ccdaae42a3adc7b949b788759493ae104273897732

SHA512
cf59e766701f9b4c3b1094d8f18fe303c0b45fbc7f263567c3ecdb2d8ae347edd438b810ffd0fde75c34b0cb79e4c2861fb675f7037d303ea442bb9a5947511d

Download Submit
C:\Windows\System\mgPxwCf.exe

Filesize
2.2MB

MD5
aa0f323d65f2b9e192948a62b79592f7

SHA1
8b1aaba812f195a12e8bf63da5494dbe1eee536d

SHA256
d609e316f43f731ec6ab787546755554e73382ff0a7366d5bd423427afe31ac0

SHA512
67cd19bbf01f5600985bfe59c72c416129ee2d752ad4fce4702cab8e749c6533e905a1e0066d3f24e192b852069f04404767fe0c0e79cddb026c0326f985dda9

Download Submit
C:\Windows\System\sxeOnPG.exe

Filesize
2.2MB

MD5
fed35bf14c4ed8c30e40fff26d914ef8

SHA1
eb77258bc4bfb831f3808d3aa43465dcf77254e7

SHA256
11d03ebf084dc91215f1bc71f2a0ffcc711b72f6d73e34ca921295a7a2544091

SHA512
b995afdc56591d4387731b0406196cf42c49b357b22eec67bd230a1ea4d18f102d6ea86889a99f08436292430329d4950e49ff2dc533af782840ba26a893edb6

Download Submit
C:\Windows\System\uaPxUJt.exe

Filesize
2.2MB

MD5
e866c1a04d817b161ed5ae47dd6f2b2b

SHA1
2d5ca4fbbaded3fde31bfd9d72d87a818838434e

SHA256
12f9a3181b815f6d23b54f12535350c80a5d0bae2f8cd09c313a46304a2be386

SHA512
de211c6cc2ddaa94d954339bec70e9296fb2cb3d924cfbbec0a70de32ea31d59f79bf12a26e6d794cb56d33d4168b9b1507cfd93980196887b2dadcddab64c8a

Download Submit
C:\Windows\System\wDTuGph.exe

Filesize
2.2MB

MD5
f1cdaf7c583b0714c42bc160814913e1

SHA1
60c3ff132dc4dc278e048a5cf07561faa77d812d

SHA256
fe43e357a79256e8f65da101f633ce1f230b08dd8106ceab0892e14346d6872d

SHA512
af203089365c81c28fce4d62396783f16d726e297a36f0073ae4894c71b1e11bb72514fe6b4046ae447e0a865720d5597b7991c2a47de5bcff8b75178212f332

Download Submit
memory/8-2115-0x00007FF69FA80000-0x00007FF69FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/8-786-0x00007FF69FA80000-0x00007FF69FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/112-2096-0x00007FF72BB30000-0x00007FF72BE84000-memory.dmp

Filesize
3.3MB

Download
memory/112-37-0x00007FF72BB30000-0x00007FF72BE84000-memory.dmp

Filesize
3.3MB

Download
memory/112-2086-0x00007FF72BB30000-0x00007FF72BE84000-memory.dmp

Filesize
3.3MB

Download
memory/208-43-0x00007FF623450000-0x00007FF6237A4000-memory.dmp

Filesize
3.3MB

Download
memory/208-2097-0x00007FF623450000-0x00007FF6237A4000-memory.dmp

Filesize
3.3MB

Download
memory/208-2087-0x00007FF623450000-0x00007FF6237A4000-memory.dmp

Filesize
3.3MB

Download
memory/380-2090-0x00007FF710D80000-0x00007FF7110D4000-memory.dmp

Filesize
3.3MB

Download
memory/380-2102-0x00007FF710D80000-0x00007FF7110D4000-memory.dmp

Filesize
3.3MB

Download
memory/380-66-0x00007FF710D80000-0x00007FF7110D4000-memory.dmp

Filesize
3.3MB

Download
memory/624-738-0x00007FF6C1F00000-0x00007FF6C2254000-memory.dmp

Filesize
3.3MB

Download
memory/624-2108-0x00007FF6C1F00000-0x00007FF6C2254000-memory.dmp

Filesize
3.3MB

Download
memory/680-29-0x00007FF7F2DF0000-0x00007FF7F3144000-memory.dmp

Filesize
3.3MB

Download
memory/680-2093-0x00007FF7F2DF0000-0x00007FF7F3144000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2116-0x00007FF7E3C80000-0x00007FF7E3FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-793-0x00007FF7E3C80000-0x00007FF7E3FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2110-0x00007FF7954A0000-0x00007FF7957F4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-754-0x00007FF7954A0000-0x00007FF7957F4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-32-0x00007FF67D320000-0x00007FF67D674000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2095-0x00007FF67D320000-0x00007FF67D674000-memory.dmp

Filesize
3.3MB

Download
memory/1572-2103-0x00007FF7C27D0000-0x00007FF7C2B24000-memory.dmp

Filesize
3.3MB

Download
memory/1572-63-0x00007FF7C27D0000-0x00007FF7C2B24000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2119-0x00007FF77B600000-0x00007FF77B954000-memory.dmp

Filesize
3.3MB

Download
memory/1908-728-0x00007FF77B600000-0x00007FF77B954000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2094-0x00007FF6D9EE0000-0x00007FF6DA234000-memory.dmp

Filesize
3.3MB

Download
memory/1932-1185-0x00007FF6D9EE0000-0x00007FF6DA234000-memory.dmp

Filesize
3.3MB

Download
memory/1932-23-0x00007FF6D9EE0000-0x00007FF6DA234000-memory.dmp

Filesize
3.3MB

Download
memory/2100-801-0x00007FF694380000-0x00007FF6946D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2117-0x00007FF694380000-0x00007FF6946D4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-737-0x00007FF766890000-0x00007FF766BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2104-0x00007FF766890000-0x00007FF766BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2101-0x00007FF67CBB0000-0x00007FF67CF04000-memory.dmp

Filesize
3.3MB

Download
memory/2312-719-0x00007FF67CBB0000-0x00007FF67CF04000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2113-0x00007FF649840000-0x00007FF649B94000-memory.dmp

Filesize
3.3MB

Download
memory/2404-768-0x00007FF649840000-0x00007FF649B94000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2118-0x00007FF7DD240000-0x00007FF7DD594000-memory.dmp

Filesize
3.3MB

Download
memory/2744-805-0x00007FF7DD240000-0x00007FF7DD594000-memory.dmp

Filesize
3.3MB

Download
memory/2796-750-0x00007FF73E2D0000-0x00007FF73E624000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2107-0x00007FF73E2D0000-0x00007FF73E624000-memory.dmp

Filesize
3.3MB

Download
memory/2892-0-0x00007FF7A8F80000-0x00007FF7A92D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1-0x0000023E65630000-0x0000023E65640000-memory.dmp

Filesize
64KB

Download
memory/2892-71-0x00007FF7A8F80000-0x00007FF7A92D4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1548-0x00007FF7FA590000-0x00007FF7FA8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-13-0x00007FF7FA590000-0x00007FF7FA8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2092-0x00007FF7FA590000-0x00007FF7FA8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-733-0x00007FF6A4120000-0x00007FF6A4474000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2105-0x00007FF6A4120000-0x00007FF6A4474000-memory.dmp

Filesize
3.3MB

Download
memory/3376-2112-0x00007FF7A70F0000-0x00007FF7A7444000-memory.dmp

Filesize
3.3MB

Download
memory/3376-780-0x00007FF7A70F0000-0x00007FF7A7444000-memory.dmp

Filesize
3.3MB

Download
memory/3396-790-0x00007FF67F740000-0x00007FF67FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3396-2114-0x00007FF67F740000-0x00007FF67FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3436-2100-0x00007FF695F60000-0x00007FF6962B4000-memory.dmp

Filesize
3.3MB

Download
memory/3436-716-0x00007FF695F60000-0x00007FF6962B4000-memory.dmp

Filesize
3.3MB

Download
memory/3644-12-0x00007FF7FBEB0000-0x00007FF7FC204000-memory.dmp

Filesize
3.3MB

Download
memory/3644-713-0x00007FF7FBEB0000-0x00007FF7FC204000-memory.dmp

Filesize
3.3MB

Download
memory/3644-2091-0x00007FF7FBEB0000-0x00007FF7FC204000-memory.dmp

Filesize
3.3MB

Download
memory/3740-2089-0x00007FF7FC150000-0x00007FF7FC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/3740-2099-0x00007FF7FC150000-0x00007FF7FC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/3740-59-0x00007FF7FC150000-0x00007FF7FC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4236-743-0x00007FF669910000-0x00007FF669C64000-memory.dmp

Filesize
3.3MB

Download
memory/4236-2109-0x00007FF669910000-0x00007FF669C64000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2088-0x00007FF6F0330000-0x00007FF6F0684000-memory.dmp

Filesize
3.3MB

Download
memory/4468-54-0x00007FF6F0330000-0x00007FF6F0684000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2098-0x00007FF6F0330000-0x00007FF6F0684000-memory.dmp

Filesize
3.3MB

Download
memory/4640-757-0x00007FF7DD3B0000-0x00007FF7DD704000-memory.dmp

Filesize
3.3MB

Download
memory/4640-2106-0x00007FF7DD3B0000-0x00007FF7DD704000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2111-0x00007FF630030000-0x00007FF630384000-memory.dmp

Filesize
3.3MB

Download
memory/4912-761-0x00007FF630030000-0x00007FF630384000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads