xmrig | 2955e49d90f9945430d8ac7fadc1c12f44fb382231a25970bbbc4877e1e040d0

Analysis

max time kernel
108s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03940214d8bae019bc82525ace66ea50N.exe
Size

1.9MB
MD5

03940214d8bae019bc82525ace66ea50
SHA1

18d2eabcf62f64d802583689fef41db41ed1c41c
SHA256

2955e49d90f9945430d8ac7fadc1c12f44fb382231a25970bbbc4877e1e040d0
SHA512

b3eaef2d94b8534de5543d505a32cb5e9dbf21ac9e571a9eda45e0dd7ca82d4b4fe95d2e7687559ea0b56300bc694c9fc27c50f54846ce500f10a80523a32207
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEdMKPFo3G7XUM:RWWBib356utgpPFo6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/3892-466-0x00007FF70CE80000-0x00007FF70D1D1000-memory.dmp	xmrig
behavioral2/memory/1652-467-0x00007FF7E0C50000-0x00007FF7E0FA1000-memory.dmp	xmrig
behavioral2/memory/1036-468-0x00007FF6D9890000-0x00007FF6D9BE1000-memory.dmp	xmrig
behavioral2/memory/4544-473-0x00007FF668D90000-0x00007FF6690E1000-memory.dmp	xmrig
behavioral2/memory/4572-481-0x00007FF743C80000-0x00007FF743FD1000-memory.dmp	xmrig
behavioral2/memory/760-524-0x00007FF7D5410000-0x00007FF7D5761000-memory.dmp	xmrig
behavioral2/memory/2704-523-0x00007FF69AAF0000-0x00007FF69AE41000-memory.dmp	xmrig
behavioral2/memory/4264-520-0x00007FF7249D0000-0x00007FF724D21000-memory.dmp	xmrig
behavioral2/memory/2420-514-0x00007FF676230000-0x00007FF676581000-memory.dmp	xmrig
behavioral2/memory/4768-506-0x00007FF642410000-0x00007FF642761000-memory.dmp	xmrig
behavioral2/memory/3756-504-0x00007FF7F0B10000-0x00007FF7F0E61000-memory.dmp	xmrig
behavioral2/memory/436-496-0x00007FF65AEC0000-0x00007FF65B211000-memory.dmp	xmrig
behavioral2/memory/3168-487-0x00007FF7A98B0000-0x00007FF7A9C01000-memory.dmp	xmrig
behavioral2/memory/2736-476-0x00007FF602410000-0x00007FF602761000-memory.dmp	xmrig
behavioral2/memory/1144-471-0x00007FF618280000-0x00007FF6185D1000-memory.dmp	xmrig
behavioral2/memory/1252-543-0x00007FF72A250000-0x00007FF72A5A1000-memory.dmp	xmrig
behavioral2/memory/1196-540-0x00007FF7842D0000-0x00007FF784621000-memory.dmp	xmrig
behavioral2/memory/1520-553-0x00007FF76CE30000-0x00007FF76D181000-memory.dmp	xmrig
behavioral2/memory/1044-537-0x00007FF7FEDD0000-0x00007FF7FF121000-memory.dmp	xmrig
behavioral2/memory/920-559-0x00007FF698D10000-0x00007FF699061000-memory.dmp	xmrig
behavioral2/memory/2876-561-0x00007FF694CE0000-0x00007FF695031000-memory.dmp	xmrig
behavioral2/memory/3536-562-0x00007FF6F6F00000-0x00007FF6F7251000-memory.dmp	xmrig
behavioral2/memory/1244-560-0x00007FF7405B0000-0x00007FF740901000-memory.dmp	xmrig
behavioral2/memory/704-558-0x00007FF7A65D0000-0x00007FF7A6921000-memory.dmp	xmrig
behavioral2/memory/60-557-0x00007FF61B970000-0x00007FF61BCC1000-memory.dmp	xmrig
behavioral2/memory/4608-535-0x00007FF7D1380000-0x00007FF7D16D1000-memory.dmp	xmrig
behavioral2/memory/1476-2211-0x00007FF748B30000-0x00007FF748E81000-memory.dmp	xmrig
behavioral2/memory/1444-2244-0x00007FF762530000-0x00007FF762881000-memory.dmp	xmrig
behavioral2/memory/1476-2250-0x00007FF748B30000-0x00007FF748E81000-memory.dmp	xmrig
behavioral2/memory/3892-2252-0x00007FF70CE80000-0x00007FF70D1D1000-memory.dmp	xmrig
behavioral2/memory/1392-2254-0x00007FF739540000-0x00007FF739891000-memory.dmp	xmrig
behavioral2/memory/1444-2256-0x00007FF762530000-0x00007FF762881000-memory.dmp	xmrig
behavioral2/memory/3536-2265-0x00007FF6F6F00000-0x00007FF6F7251000-memory.dmp	xmrig
behavioral2/memory/4544-2266-0x00007FF668D90000-0x00007FF6690E1000-memory.dmp	xmrig
behavioral2/memory/2736-2268-0x00007FF602410000-0x00007FF602761000-memory.dmp	xmrig
behavioral2/memory/4572-2270-0x00007FF743C80000-0x00007FF743FD1000-memory.dmp	xmrig
behavioral2/memory/3168-2272-0x00007FF7A98B0000-0x00007FF7A9C01000-memory.dmp	xmrig
behavioral2/memory/1652-2263-0x00007FF7E0C50000-0x00007FF7E0FA1000-memory.dmp	xmrig
behavioral2/memory/1036-2261-0x00007FF6D9890000-0x00007FF6D9BE1000-memory.dmp	xmrig
behavioral2/memory/1144-2259-0x00007FF618280000-0x00007FF6185D1000-memory.dmp	xmrig
behavioral2/memory/2876-2281-0x00007FF694CE0000-0x00007FF695031000-memory.dmp	xmrig
behavioral2/memory/920-2305-0x00007FF698D10000-0x00007FF699061000-memory.dmp	xmrig
behavioral2/memory/60-2311-0x00007FF61B970000-0x00007FF61BCC1000-memory.dmp	xmrig
behavioral2/memory/704-2308-0x00007FF7A65D0000-0x00007FF7A6921000-memory.dmp	xmrig
behavioral2/memory/1244-2303-0x00007FF7405B0000-0x00007FF740901000-memory.dmp	xmrig
behavioral2/memory/4768-2298-0x00007FF642410000-0x00007FF642761000-memory.dmp	xmrig
behavioral2/memory/2420-2297-0x00007FF676230000-0x00007FF676581000-memory.dmp	xmrig
behavioral2/memory/4264-2294-0x00007FF7249D0000-0x00007FF724D21000-memory.dmp	xmrig
behavioral2/memory/2704-2293-0x00007FF69AAF0000-0x00007FF69AE41000-memory.dmp	xmrig
behavioral2/memory/4608-2289-0x00007FF7D1380000-0x00007FF7D16D1000-memory.dmp	xmrig
behavioral2/memory/1196-2285-0x00007FF7842D0000-0x00007FF784621000-memory.dmp	xmrig
behavioral2/memory/1520-2302-0x00007FF76CE30000-0x00007FF76D181000-memory.dmp	xmrig
behavioral2/memory/1252-2275-0x00007FF72A250000-0x00007FF72A5A1000-memory.dmp	xmrig
behavioral2/memory/760-2291-0x00007FF7D5410000-0x00007FF7D5761000-memory.dmp	xmrig
behavioral2/memory/1044-2287-0x00007FF7FEDD0000-0x00007FF7FF121000-memory.dmp	xmrig
behavioral2/memory/436-2279-0x00007FF65AEC0000-0x00007FF65B211000-memory.dmp	xmrig
behavioral2/memory/3756-2277-0x00007FF7F0B10000-0x00007FF7F0E61000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1476	ImCmohm.exe
1392	mAJcwou.exe
3892	qsyWkcw.exe
1444	WAuWjcS.exe
3536	gLqiVPi.exe
1652	udoyhnX.exe
1036	JumNVjM.exe
1144	jYmtDyv.exe
4544	RSmugnH.exe
2736	LaIHyjD.exe
4572	yzGPgxu.exe
3168	GrAYraw.exe
436	QmlQBQo.exe
3756	muvkRMF.exe
4768	lHSNhPh.exe
2420	ILULfpp.exe
4264	fNhPjwD.exe
2704	quvPYmq.exe
760	adblzbl.exe
4608	HkUrtEH.exe
1044	IYpQJTe.exe
1196	HgXZxVm.exe
1252	MjIvOtR.exe
1520	prinrUF.exe
60	umVDbCU.exe
704	tUNCzkM.exe
920	SzXfZxl.exe
1244	SJkdOFR.exe
2876	biXTGJs.exe
4200	vjLFPTY.exe
4952	CdedzJY.exe
4904	XSkpuQO.exe
4988	QWPqrgM.exe
3180	FaQlEba.exe
3500	rTfsJgE.exe
3196	BKUpABz.exe
1660	uLBlpLL.exe
2384	RGEPZOA.exe
4940	vMxepve.exe
2356	RWuqwWr.exe
2064	GfZgCer.exe
4472	JrwiZQK.exe
3672	eWynrtD.exe
2576	qIGazsd.exe
3616	KFxHUCh.exe
2072	ztzswCZ.exe
1536	xliJREX.exe
4444	SOsyLqr.exe
744	SdauNqr.exe
412	kTInPLj.exe
3708	DsrhIff.exe
4732	CLMOOmH.exe
4524	TbpDltZ.exe
1608	RMbxLzm.exe
532	ehWnXIo.exe
1596	qUYXozC.exe
4440	byxRteG.exe
4956	yzcsCnD.exe
1736	GsuOkav.exe
3964	tZjFERp.exe
884	QwhPYSb.exe
3736	FWdNdJh.exe
228	gHKcqZg.exe
4484	RjbwrHy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4556-0-0x00007FF6E1210000-0x00007FF6E1561000-memory.dmp	upx
behavioral2/files/0x000900000002349c-5.dat	upx
behavioral2/files/0x00080000000234a0-11.dat	upx
behavioral2/memory/1476-10-0x00007FF748B30000-0x00007FF748E81000-memory.dmp	upx
behavioral2/memory/1392-17-0x00007FF739540000-0x00007FF739891000-memory.dmp	upx
behavioral2/files/0x00070000000234a1-15.dat	upx
behavioral2/files/0x00070000000234a3-20.dat	upx
behavioral2/memory/1444-25-0x00007FF762530000-0x00007FF762881000-memory.dmp	upx
behavioral2/files/0x00070000000234a6-39.dat	upx
behavioral2/files/0x00070000000234a7-43.dat	upx
behavioral2/files/0x00070000000234a8-48.dat	upx
behavioral2/files/0x00070000000234a9-53.dat	upx
behavioral2/files/0x00070000000234ac-68.dat	upx
behavioral2/files/0x00070000000234ae-84.dat	upx
behavioral2/files/0x00070000000234b0-94.dat	upx
behavioral2/files/0x00070000000234b3-101.dat	upx
behavioral2/files/0x00070000000234b4-114.dat	upx
behavioral2/files/0x00070000000234b8-126.dat	upx
behavioral2/files/0x00070000000234be-156.dat	upx
behavioral2/memory/3892-466-0x00007FF70CE80000-0x00007FF70D1D1000-memory.dmp	upx
behavioral2/memory/1652-467-0x00007FF7E0C50000-0x00007FF7E0FA1000-memory.dmp	upx
behavioral2/files/0x00070000000234c0-166.dat	upx
behavioral2/files/0x00070000000234bf-161.dat	upx
behavioral2/files/0x00070000000234bd-159.dat	upx
behavioral2/files/0x00070000000234bc-154.dat	upx
behavioral2/files/0x00070000000234bb-149.dat	upx
behavioral2/files/0x00070000000234ba-144.dat	upx
behavioral2/files/0x00070000000234b9-139.dat	upx
behavioral2/files/0x00070000000234b7-129.dat	upx
behavioral2/files/0x00070000000234b6-124.dat	upx
behavioral2/files/0x00070000000234b5-119.dat	upx
behavioral2/memory/1036-468-0x00007FF6D9890000-0x00007FF6D9BE1000-memory.dmp	upx
behavioral2/files/0x00070000000234b2-104.dat	upx
behavioral2/files/0x00080000000234b1-99.dat	upx
behavioral2/files/0x00070000000234af-89.dat	upx
behavioral2/files/0x00070000000234ad-77.dat	upx
behavioral2/memory/4544-473-0x00007FF668D90000-0x00007FF6690E1000-memory.dmp	upx
behavioral2/memory/4572-481-0x00007FF743C80000-0x00007FF743FD1000-memory.dmp	upx
behavioral2/memory/760-524-0x00007FF7D5410000-0x00007FF7D5761000-memory.dmp	upx
behavioral2/memory/2704-523-0x00007FF69AAF0000-0x00007FF69AE41000-memory.dmp	upx
behavioral2/memory/4264-520-0x00007FF7249D0000-0x00007FF724D21000-memory.dmp	upx
behavioral2/memory/2420-514-0x00007FF676230000-0x00007FF676581000-memory.dmp	upx
behavioral2/memory/4768-506-0x00007FF642410000-0x00007FF642761000-memory.dmp	upx
behavioral2/memory/3756-504-0x00007FF7F0B10000-0x00007FF7F0E61000-memory.dmp	upx
behavioral2/memory/436-496-0x00007FF65AEC0000-0x00007FF65B211000-memory.dmp	upx
behavioral2/memory/3168-487-0x00007FF7A98B0000-0x00007FF7A9C01000-memory.dmp	upx
behavioral2/memory/2736-476-0x00007FF602410000-0x00007FF602761000-memory.dmp	upx
behavioral2/memory/1144-471-0x00007FF618280000-0x00007FF6185D1000-memory.dmp	upx
behavioral2/files/0x00070000000234ab-66.dat	upx
behavioral2/files/0x00070000000234aa-62.dat	upx
behavioral2/files/0x00070000000234a5-34.dat	upx
behavioral2/files/0x00070000000234a4-29.dat	upx
behavioral2/memory/1252-543-0x00007FF72A250000-0x00007FF72A5A1000-memory.dmp	upx
behavioral2/memory/1196-540-0x00007FF7842D0000-0x00007FF784621000-memory.dmp	upx
behavioral2/memory/1520-553-0x00007FF76CE30000-0x00007FF76D181000-memory.dmp	upx
behavioral2/memory/1044-537-0x00007FF7FEDD0000-0x00007FF7FF121000-memory.dmp	upx
behavioral2/memory/920-559-0x00007FF698D10000-0x00007FF699061000-memory.dmp	upx
behavioral2/memory/2876-561-0x00007FF694CE0000-0x00007FF695031000-memory.dmp	upx
behavioral2/memory/3536-562-0x00007FF6F6F00000-0x00007FF6F7251000-memory.dmp	upx
behavioral2/memory/1244-560-0x00007FF7405B0000-0x00007FF740901000-memory.dmp	upx
behavioral2/memory/704-558-0x00007FF7A65D0000-0x00007FF7A6921000-memory.dmp	upx
behavioral2/memory/60-557-0x00007FF61B970000-0x00007FF61BCC1000-memory.dmp	upx
behavioral2/memory/4608-535-0x00007FF7D1380000-0x00007FF7D16D1000-memory.dmp	upx
behavioral2/memory/1476-2211-0x00007FF748B30000-0x00007FF748E81000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ngeHGdU.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\TQDAkGr.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\HArnwrA.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\tRhxarn.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\ovdkSxF.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\oneugxC.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\hJWJgqi.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\vcNXoLy.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\ndypVWL.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\sVhEqJR.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\SdpaDCt.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\viWBWur.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\HcziZUk.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\FtVRgUb.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\MytqVMM.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\dkNijfB.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\rKODCwa.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\pyfBnil.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\afaELyS.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\xhUVPTg.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\FsJnEdf.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\tIqtmLt.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\wGfENTc.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\PXUZaBr.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\oMJrrza.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\vKRuQvb.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\zNqKgYc.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\CrUQLTj.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\mYByNLm.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\pZbGkIo.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\MGbBfwJ.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\OmNyyYJ.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\gLUOyYx.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\PfmZYJP.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\YnViyRb.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\BFpNzMH.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\esaIuNx.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\eWynrtD.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\oqFphsf.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\jgTeOVQ.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\bTnUbfm.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\BvgSjdR.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\WPCNrhb.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\DePSBxB.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\szLQbKe.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\yGbdawE.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\TbpDltZ.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\jHZoLfN.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\LTSYVZc.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\HyzXHBA.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\vOOFAjq.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\xloMJwe.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\ZAWgkUu.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\zKKWfgC.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\NaDBFZF.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\geEwbJE.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\IIdnRzH.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\yzGPgxu.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\MqTkZSU.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\sloazRN.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\NkoqNaO.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\kNraDEr.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\fZhWkVS.exe	03940214d8bae019bc82525ace66ea50N.exe
File created	C:\Windows\System\BXGxtnF.exe	03940214d8bae019bc82525ace66ea50N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8256	dwm.exe
Token: SeChangeNotifyPrivilege	8256	dwm.exe
Token: 33	8256	dwm.exe
Token: SeIncBasePriorityPrivilege	8256	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 1476	4556	03940214d8bae019bc82525ace66ea50N.exe	84
PID 4556 wrote to memory of 1476	4556	03940214d8bae019bc82525ace66ea50N.exe	84
PID 4556 wrote to memory of 1392	4556	03940214d8bae019bc82525ace66ea50N.exe	85
PID 4556 wrote to memory of 1392	4556	03940214d8bae019bc82525ace66ea50N.exe	85
PID 4556 wrote to memory of 3892	4556	03940214d8bae019bc82525ace66ea50N.exe	86
PID 4556 wrote to memory of 3892	4556	03940214d8bae019bc82525ace66ea50N.exe	86
PID 4556 wrote to memory of 1444	4556	03940214d8bae019bc82525ace66ea50N.exe	87
PID 4556 wrote to memory of 1444	4556	03940214d8bae019bc82525ace66ea50N.exe	87
PID 4556 wrote to memory of 3536	4556	03940214d8bae019bc82525ace66ea50N.exe	88
PID 4556 wrote to memory of 3536	4556	03940214d8bae019bc82525ace66ea50N.exe	88
PID 4556 wrote to memory of 1652	4556	03940214d8bae019bc82525ace66ea50N.exe	89
PID 4556 wrote to memory of 1652	4556	03940214d8bae019bc82525ace66ea50N.exe	89
PID 4556 wrote to memory of 1036	4556	03940214d8bae019bc82525ace66ea50N.exe	90
PID 4556 wrote to memory of 1036	4556	03940214d8bae019bc82525ace66ea50N.exe	90
PID 4556 wrote to memory of 1144	4556	03940214d8bae019bc82525ace66ea50N.exe	91
PID 4556 wrote to memory of 1144	4556	03940214d8bae019bc82525ace66ea50N.exe	91
PID 4556 wrote to memory of 4544	4556	03940214d8bae019bc82525ace66ea50N.exe	92
PID 4556 wrote to memory of 4544	4556	03940214d8bae019bc82525ace66ea50N.exe	92
PID 4556 wrote to memory of 2736	4556	03940214d8bae019bc82525ace66ea50N.exe	93
PID 4556 wrote to memory of 2736	4556	03940214d8bae019bc82525ace66ea50N.exe	93
PID 4556 wrote to memory of 4572	4556	03940214d8bae019bc82525ace66ea50N.exe	94
PID 4556 wrote to memory of 4572	4556	03940214d8bae019bc82525ace66ea50N.exe	94
PID 4556 wrote to memory of 3168	4556	03940214d8bae019bc82525ace66ea50N.exe	95
PID 4556 wrote to memory of 3168	4556	03940214d8bae019bc82525ace66ea50N.exe	95
PID 4556 wrote to memory of 436	4556	03940214d8bae019bc82525ace66ea50N.exe	96
PID 4556 wrote to memory of 436	4556	03940214d8bae019bc82525ace66ea50N.exe	96
PID 4556 wrote to memory of 3756	4556	03940214d8bae019bc82525ace66ea50N.exe	97
PID 4556 wrote to memory of 3756	4556	03940214d8bae019bc82525ace66ea50N.exe	97
PID 4556 wrote to memory of 4768	4556	03940214d8bae019bc82525ace66ea50N.exe	98
PID 4556 wrote to memory of 4768	4556	03940214d8bae019bc82525ace66ea50N.exe	98
PID 4556 wrote to memory of 2420	4556	03940214d8bae019bc82525ace66ea50N.exe	99
PID 4556 wrote to memory of 2420	4556	03940214d8bae019bc82525ace66ea50N.exe	99
PID 4556 wrote to memory of 4264	4556	03940214d8bae019bc82525ace66ea50N.exe	100
PID 4556 wrote to memory of 4264	4556	03940214d8bae019bc82525ace66ea50N.exe	100
PID 4556 wrote to memory of 2704	4556	03940214d8bae019bc82525ace66ea50N.exe	101
PID 4556 wrote to memory of 2704	4556	03940214d8bae019bc82525ace66ea50N.exe	101
PID 4556 wrote to memory of 760	4556	03940214d8bae019bc82525ace66ea50N.exe	102
PID 4556 wrote to memory of 760	4556	03940214d8bae019bc82525ace66ea50N.exe	102
PID 4556 wrote to memory of 4608	4556	03940214d8bae019bc82525ace66ea50N.exe	103
PID 4556 wrote to memory of 4608	4556	03940214d8bae019bc82525ace66ea50N.exe	103
PID 4556 wrote to memory of 1044	4556	03940214d8bae019bc82525ace66ea50N.exe	104
PID 4556 wrote to memory of 1044	4556	03940214d8bae019bc82525ace66ea50N.exe	104
PID 4556 wrote to memory of 1196	4556	03940214d8bae019bc82525ace66ea50N.exe	105
PID 4556 wrote to memory of 1196	4556	03940214d8bae019bc82525ace66ea50N.exe	105
PID 4556 wrote to memory of 1252	4556	03940214d8bae019bc82525ace66ea50N.exe	106
PID 4556 wrote to memory of 1252	4556	03940214d8bae019bc82525ace66ea50N.exe	106
PID 4556 wrote to memory of 1520	4556	03940214d8bae019bc82525ace66ea50N.exe	107
PID 4556 wrote to memory of 1520	4556	03940214d8bae019bc82525ace66ea50N.exe	107
PID 4556 wrote to memory of 60	4556	03940214d8bae019bc82525ace66ea50N.exe	108
PID 4556 wrote to memory of 60	4556	03940214d8bae019bc82525ace66ea50N.exe	108
PID 4556 wrote to memory of 704	4556	03940214d8bae019bc82525ace66ea50N.exe	109
PID 4556 wrote to memory of 704	4556	03940214d8bae019bc82525ace66ea50N.exe	109
PID 4556 wrote to memory of 920	4556	03940214d8bae019bc82525ace66ea50N.exe	110
PID 4556 wrote to memory of 920	4556	03940214d8bae019bc82525ace66ea50N.exe	110
PID 4556 wrote to memory of 1244	4556	03940214d8bae019bc82525ace66ea50N.exe	111
PID 4556 wrote to memory of 1244	4556	03940214d8bae019bc82525ace66ea50N.exe	111
PID 4556 wrote to memory of 2876	4556	03940214d8bae019bc82525ace66ea50N.exe	112
PID 4556 wrote to memory of 2876	4556	03940214d8bae019bc82525ace66ea50N.exe	112
PID 4556 wrote to memory of 4200	4556	03940214d8bae019bc82525ace66ea50N.exe	113
PID 4556 wrote to memory of 4200	4556	03940214d8bae019bc82525ace66ea50N.exe	113
PID 4556 wrote to memory of 4952	4556	03940214d8bae019bc82525ace66ea50N.exe	114
PID 4556 wrote to memory of 4952	4556	03940214d8bae019bc82525ace66ea50N.exe	114
PID 4556 wrote to memory of 4904	4556	03940214d8bae019bc82525ace66ea50N.exe	115
PID 4556 wrote to memory of 4904	4556	03940214d8bae019bc82525ace66ea50N.exe	115

C:\Users\Admin\AppData\Local\Temp\03940214d8bae019bc82525ace66ea50N.exe
"C:\Users\Admin\AppData\Local\Temp\03940214d8bae019bc82525ace66ea50N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Windows\System\ImCmohm.exe
  C:\Windows\System\ImCmohm.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\mAJcwou.exe
  C:\Windows\System\mAJcwou.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\qsyWkcw.exe
  C:\Windows\System\qsyWkcw.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\WAuWjcS.exe
  C:\Windows\System\WAuWjcS.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\gLqiVPi.exe
  C:\Windows\System\gLqiVPi.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\udoyhnX.exe
  C:\Windows\System\udoyhnX.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\JumNVjM.exe
  C:\Windows\System\JumNVjM.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\jYmtDyv.exe
  C:\Windows\System\jYmtDyv.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\RSmugnH.exe
  C:\Windows\System\RSmugnH.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\LaIHyjD.exe
  C:\Windows\System\LaIHyjD.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\yzGPgxu.exe
  C:\Windows\System\yzGPgxu.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\GrAYraw.exe
  C:\Windows\System\GrAYraw.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\QmlQBQo.exe
  C:\Windows\System\QmlQBQo.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\muvkRMF.exe
  C:\Windows\System\muvkRMF.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\lHSNhPh.exe
  C:\Windows\System\lHSNhPh.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\ILULfpp.exe
  C:\Windows\System\ILULfpp.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\fNhPjwD.exe
  C:\Windows\System\fNhPjwD.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\quvPYmq.exe
  C:\Windows\System\quvPYmq.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\adblzbl.exe
  C:\Windows\System\adblzbl.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\HkUrtEH.exe
  C:\Windows\System\HkUrtEH.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\IYpQJTe.exe
  C:\Windows\System\IYpQJTe.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\HgXZxVm.exe
  C:\Windows\System\HgXZxVm.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\MjIvOtR.exe
  C:\Windows\System\MjIvOtR.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\prinrUF.exe
  C:\Windows\System\prinrUF.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\umVDbCU.exe
  C:\Windows\System\umVDbCU.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\tUNCzkM.exe
  C:\Windows\System\tUNCzkM.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\SzXfZxl.exe
  C:\Windows\System\SzXfZxl.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\SJkdOFR.exe
  C:\Windows\System\SJkdOFR.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\biXTGJs.exe
  C:\Windows\System\biXTGJs.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\vjLFPTY.exe
  C:\Windows\System\vjLFPTY.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\CdedzJY.exe
  C:\Windows\System\CdedzJY.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\XSkpuQO.exe
  C:\Windows\System\XSkpuQO.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\QWPqrgM.exe
  C:\Windows\System\QWPqrgM.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\FaQlEba.exe
  C:\Windows\System\FaQlEba.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\rTfsJgE.exe
  C:\Windows\System\rTfsJgE.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\BKUpABz.exe
  C:\Windows\System\BKUpABz.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\uLBlpLL.exe
  C:\Windows\System\uLBlpLL.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\RGEPZOA.exe
  C:\Windows\System\RGEPZOA.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\vMxepve.exe
  C:\Windows\System\vMxepve.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\RWuqwWr.exe
  C:\Windows\System\RWuqwWr.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\GfZgCer.exe
  C:\Windows\System\GfZgCer.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\JrwiZQK.exe
  C:\Windows\System\JrwiZQK.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\eWynrtD.exe
  C:\Windows\System\eWynrtD.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\qIGazsd.exe
  C:\Windows\System\qIGazsd.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\KFxHUCh.exe
  C:\Windows\System\KFxHUCh.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\ztzswCZ.exe
  C:\Windows\System\ztzswCZ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\xliJREX.exe
  C:\Windows\System\xliJREX.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\SOsyLqr.exe
  C:\Windows\System\SOsyLqr.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\SdauNqr.exe
  C:\Windows\System\SdauNqr.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\kTInPLj.exe
  C:\Windows\System\kTInPLj.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\DsrhIff.exe
  C:\Windows\System\DsrhIff.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\CLMOOmH.exe
  C:\Windows\System\CLMOOmH.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\TbpDltZ.exe
  C:\Windows\System\TbpDltZ.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\RMbxLzm.exe
  C:\Windows\System\RMbxLzm.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ehWnXIo.exe
  C:\Windows\System\ehWnXIo.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\qUYXozC.exe
  C:\Windows\System\qUYXozC.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\byxRteG.exe
  C:\Windows\System\byxRteG.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\yzcsCnD.exe
  C:\Windows\System\yzcsCnD.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\GsuOkav.exe
  C:\Windows\System\GsuOkav.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\tZjFERp.exe
  C:\Windows\System\tZjFERp.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\QwhPYSb.exe
  C:\Windows\System\QwhPYSb.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\FWdNdJh.exe
  C:\Windows\System\FWdNdJh.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\gHKcqZg.exe
  C:\Windows\System\gHKcqZg.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\RjbwrHy.exe
  C:\Windows\System\RjbwrHy.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\rqVWdyU.exe
  C:\Windows\System\rqVWdyU.exe
  2⤵
  PID:3720
- C:\Windows\System\GOxfvLQ.exe
  C:\Windows\System\GOxfvLQ.exe
  2⤵
  PID:2188
- C:\Windows\System\TNWUJGb.exe
  C:\Windows\System\TNWUJGb.exe
  2⤵
  PID:2076
- C:\Windows\System\flsEoxi.exe
  C:\Windows\System\flsEoxi.exe
  2⤵
  PID:3472
- C:\Windows\System\HlqsfvF.exe
  C:\Windows\System\HlqsfvF.exe
  2⤵
  PID:1396
- C:\Windows\System\uEtWzZD.exe
  C:\Windows\System\uEtWzZD.exe
  2⤵
  PID:4828
- C:\Windows\System\OOqduht.exe
  C:\Windows\System\OOqduht.exe
  2⤵
  PID:4584
- C:\Windows\System\sVtqGWI.exe
  C:\Windows\System\sVtqGWI.exe
  2⤵
  PID:2488
- C:\Windows\System\GnbpbNt.exe
  C:\Windows\System\GnbpbNt.exe
  2⤵
  PID:4380
- C:\Windows\System\OUbMMwU.exe
  C:\Windows\System\OUbMMwU.exe
  2⤵
  PID:1784
- C:\Windows\System\XMvQVmB.exe
  C:\Windows\System\XMvQVmB.exe
  2⤵
  PID:1016
- C:\Windows\System\vcNXoLy.exe
  C:\Windows\System\vcNXoLy.exe
  2⤵
  PID:3236
- C:\Windows\System\nXfYnmd.exe
  C:\Windows\System\nXfYnmd.exe
  2⤵
  PID:2424
- C:\Windows\System\TFusMZI.exe
  C:\Windows\System\TFusMZI.exe
  2⤵
  PID:3412
- C:\Windows\System\yVKRSmd.exe
  C:\Windows\System\yVKRSmd.exe
  2⤵
  PID:4744
- C:\Windows\System\vuystaU.exe
  C:\Windows\System\vuystaU.exe
  2⤵
  PID:1760
- C:\Windows\System\FDKzwCg.exe
  C:\Windows\System\FDKzwCg.exe
  2⤵
  PID:4252
- C:\Windows\System\yRlvTrU.exe
  C:\Windows\System\yRlvTrU.exe
  2⤵
  PID:4448
- C:\Windows\System\BocAGKS.exe
  C:\Windows\System\BocAGKS.exe
  2⤵
  PID:2368
- C:\Windows\System\pZbGkIo.exe
  C:\Windows\System\pZbGkIo.exe
  2⤵
  PID:3036
- C:\Windows\System\WSoUHxD.exe
  C:\Windows\System\WSoUHxD.exe
  2⤵
  PID:5076
- C:\Windows\System\XUTRyHi.exe
  C:\Windows\System\XUTRyHi.exe
  2⤵
  PID:3368
- C:\Windows\System\YxvoQEG.exe
  C:\Windows\System\YxvoQEG.exe
  2⤵
  PID:5000
- C:\Windows\System\yxYKjTO.exe
  C:\Windows\System\yxYKjTO.exe
  2⤵
  PID:3828
- C:\Windows\System\wWliMNK.exe
  C:\Windows\System\wWliMNK.exe
  2⤵
  PID:3712
- C:\Windows\System\BoMvfaN.exe
  C:\Windows\System\BoMvfaN.exe
  2⤵
  PID:3744
- C:\Windows\System\lZonjyh.exe
  C:\Windows\System\lZonjyh.exe
  2⤵
  PID:2348
- C:\Windows\System\gylBjMv.exe
  C:\Windows\System\gylBjMv.exe
  2⤵
  PID:1692
- C:\Windows\System\GbLGgGp.exe
  C:\Windows\System\GbLGgGp.exe
  2⤵
  PID:1384
- C:\Windows\System\FsJnEdf.exe
  C:\Windows\System\FsJnEdf.exe
  2⤵
  PID:1372
- C:\Windows\System\yNQWtFm.exe
  C:\Windows\System\yNQWtFm.exe
  2⤵
  PID:4432
- C:\Windows\System\RfAADSU.exe
  C:\Windows\System\RfAADSU.exe
  2⤵
  PID:5124
- C:\Windows\System\EHVFucG.exe
  C:\Windows\System\EHVFucG.exe
  2⤵
  PID:5156
- C:\Windows\System\DePSBxB.exe
  C:\Windows\System\DePSBxB.exe
  2⤵
  PID:5184
- C:\Windows\System\maTloqI.exe
  C:\Windows\System\maTloqI.exe
  2⤵
  PID:5212
- C:\Windows\System\ztmlbVg.exe
  C:\Windows\System\ztmlbVg.exe
  2⤵
  PID:5240
- C:\Windows\System\aiEZkxc.exe
  C:\Windows\System\aiEZkxc.exe
  2⤵
  PID:5268
- C:\Windows\System\ivkhRTR.exe
  C:\Windows\System\ivkhRTR.exe
  2⤵
  PID:5296
- C:\Windows\System\Obzehdy.exe
  C:\Windows\System\Obzehdy.exe
  2⤵
  PID:5320
- C:\Windows\System\nVUlCqR.exe
  C:\Windows\System\nVUlCqR.exe
  2⤵
  PID:5348
- C:\Windows\System\KffGFMX.exe
  C:\Windows\System\KffGFMX.exe
  2⤵
  PID:5376
- C:\Windows\System\UCCZYLJ.exe
  C:\Windows\System\UCCZYLJ.exe
  2⤵
  PID:5404
- C:\Windows\System\nTGBRsR.exe
  C:\Windows\System\nTGBRsR.exe
  2⤵
  PID:5432
- C:\Windows\System\tAlpDtp.exe
  C:\Windows\System\tAlpDtp.exe
  2⤵
  PID:5464
- C:\Windows\System\HcziZUk.exe
  C:\Windows\System\HcziZUk.exe
  2⤵
  PID:5492
- C:\Windows\System\HrbpIIH.exe
  C:\Windows\System\HrbpIIH.exe
  2⤵
  PID:5516
- C:\Windows\System\TINTUOH.exe
  C:\Windows\System\TINTUOH.exe
  2⤵
  PID:5544
- C:\Windows\System\Vhscylx.exe
  C:\Windows\System\Vhscylx.exe
  2⤵
  PID:5572
- C:\Windows\System\NwnVUSN.exe
  C:\Windows\System\NwnVUSN.exe
  2⤵
  PID:5604
- C:\Windows\System\iEmvZMK.exe
  C:\Windows\System\iEmvZMK.exe
  2⤵
  PID:5628
- C:\Windows\System\geEqdKt.exe
  C:\Windows\System\geEqdKt.exe
  2⤵
  PID:5656
- C:\Windows\System\lemgiwR.exe
  C:\Windows\System\lemgiwR.exe
  2⤵
  PID:5688
- C:\Windows\System\CRysdAl.exe
  C:\Windows\System\CRysdAl.exe
  2⤵
  PID:5712
- C:\Windows\System\FnujHkR.exe
  C:\Windows\System\FnujHkR.exe
  2⤵
  PID:5740
- C:\Windows\System\ejPZVcU.exe
  C:\Windows\System\ejPZVcU.exe
  2⤵
  PID:5768
- C:\Windows\System\EoiuPlw.exe
  C:\Windows\System\EoiuPlw.exe
  2⤵
  PID:5796
- C:\Windows\System\ndypVWL.exe
  C:\Windows\System\ndypVWL.exe
  2⤵
  PID:5824
- C:\Windows\System\uHGOuek.exe
  C:\Windows\System\uHGOuek.exe
  2⤵
  PID:5856
- C:\Windows\System\YyKzbxS.exe
  C:\Windows\System\YyKzbxS.exe
  2⤵
  PID:5884
- C:\Windows\System\tIqtmLt.exe
  C:\Windows\System\tIqtmLt.exe
  2⤵
  PID:5912
- C:\Windows\System\pruEquh.exe
  C:\Windows\System\pruEquh.exe
  2⤵
  PID:5940
- C:\Windows\System\WilXlXv.exe
  C:\Windows\System\WilXlXv.exe
  2⤵
  PID:5964
- C:\Windows\System\ZcEyiET.exe
  C:\Windows\System\ZcEyiET.exe
  2⤵
  PID:5996
- C:\Windows\System\vWWMmfn.exe
  C:\Windows\System\vWWMmfn.exe
  2⤵
  PID:6024
- C:\Windows\System\rFSvGpH.exe
  C:\Windows\System\rFSvGpH.exe
  2⤵
  PID:6056
- C:\Windows\System\WWITDRw.exe
  C:\Windows\System\WWITDRw.exe
  2⤵
  PID:6084
- C:\Windows\System\sLmovQM.exe
  C:\Windows\System\sLmovQM.exe
  2⤵
  PID:6108
- C:\Windows\System\FtVRgUb.exe
  C:\Windows\System\FtVRgUb.exe
  2⤵
  PID:6140
- C:\Windows\System\KosVIzJ.exe
  C:\Windows\System\KosVIzJ.exe
  2⤵
  PID:3292
- C:\Windows\System\MytqVMM.exe
  C:\Windows\System\MytqVMM.exe
  2⤵
  PID:5140
- C:\Windows\System\oUQiroz.exe
  C:\Windows\System\oUQiroz.exe
  2⤵
  PID:5256
- C:\Windows\System\MrQIIOP.exe
  C:\Windows\System\MrQIIOP.exe
  2⤵
  PID:2200
- C:\Windows\System\FmmrHfE.exe
  C:\Windows\System\FmmrHfE.exe
  2⤵
  PID:1912
- C:\Windows\System\pHDvsRD.exe
  C:\Windows\System\pHDvsRD.exe
  2⤵
  PID:5364
- C:\Windows\System\IZdqgve.exe
  C:\Windows\System\IZdqgve.exe
  2⤵
  PID:5400
- C:\Windows\System\dZVSVeh.exe
  C:\Windows\System\dZVSVeh.exe
  2⤵
  PID:5476
- C:\Windows\System\dkNijfB.exe
  C:\Windows\System\dkNijfB.exe
  2⤵
  PID:5508
- C:\Windows\System\jSSxznA.exe
  C:\Windows\System\jSSxznA.exe
  2⤵
  PID:5568
- C:\Windows\System\IqlyQvq.exe
  C:\Windows\System\IqlyQvq.exe
  2⤵
  PID:5596
- C:\Windows\System\KFRfVqS.exe
  C:\Windows\System\KFRfVqS.exe
  2⤵
  PID:5644
- C:\Windows\System\ZAWgkUu.exe
  C:\Windows\System\ZAWgkUu.exe
  2⤵
  PID:5784
- C:\Windows\System\awwKkww.exe
  C:\Windows\System\awwKkww.exe
  2⤵
  PID:5816
- C:\Windows\System\sVhEqJR.exe
  C:\Windows\System\sVhEqJR.exe
  2⤵
  PID:5868
- C:\Windows\System\Zdoiedn.exe
  C:\Windows\System\Zdoiedn.exe
  2⤵
  PID:5896
- C:\Windows\System\xYnKjaK.exe
  C:\Windows\System\xYnKjaK.exe
  2⤵
  PID:5952
- C:\Windows\System\AkRhcCt.exe
  C:\Windows\System\AkRhcCt.exe
  2⤵
  PID:5980
- C:\Windows\System\zSWSKoU.exe
  C:\Windows\System\zSWSKoU.exe
  2⤵
  PID:6040
- C:\Windows\System\mbKPxxN.exe
  C:\Windows\System\mbKPxxN.exe
  2⤵
  PID:3936
- C:\Windows\System\DQARsJt.exe
  C:\Windows\System\DQARsJt.exe
  2⤵
  PID:1424
- C:\Windows\System\xoxaYGk.exe
  C:\Windows\System\xoxaYGk.exe
  2⤵
  PID:4924
- C:\Windows\System\jkeRcOb.exe
  C:\Windows\System\jkeRcOb.exe
  2⤵
  PID:2928
- C:\Windows\System\CxNpVXi.exe
  C:\Windows\System\CxNpVXi.exe
  2⤵
  PID:1124
- C:\Windows\System\wRkTRih.exe
  C:\Windows\System\wRkTRih.exe
  2⤵
  PID:3272
- C:\Windows\System\lcRFYwc.exe
  C:\Windows\System\lcRFYwc.exe
  2⤵
  PID:5452
- C:\Windows\System\oESimKC.exe
  C:\Windows\System\oESimKC.exe
  2⤵
  PID:5620
- C:\Windows\System\aWdwjko.exe
  C:\Windows\System\aWdwjko.exe
  2⤵
  PID:5904
- C:\Windows\System\tYBExBp.exe
  C:\Windows\System\tYBExBp.exe
  2⤵
  PID:116
- C:\Windows\System\xAPJJWL.exe
  C:\Windows\System\xAPJJWL.exe
  2⤵
  PID:1064
- C:\Windows\System\dXLMhXn.exe
  C:\Windows\System\dXLMhXn.exe
  2⤵
  PID:5932
- C:\Windows\System\eqRJxjh.exe
  C:\Windows\System\eqRJxjh.exe
  2⤵
  PID:6048
- C:\Windows\System\VpgeiNM.exe
  C:\Windows\System\VpgeiNM.exe
  2⤵
  PID:3380
- C:\Windows\System\pmcTogK.exe
  C:\Windows\System\pmcTogK.exe
  2⤵
  PID:5592
- C:\Windows\System\PxDPqJi.exe
  C:\Windows\System\PxDPqJi.exe
  2⤵
  PID:5072
- C:\Windows\System\CaHznFS.exe
  C:\Windows\System\CaHznFS.exe
  2⤵
  PID:1916
- C:\Windows\System\wfYgkfV.exe
  C:\Windows\System\wfYgkfV.exe
  2⤵
  PID:6132
- C:\Windows\System\GFcxoCY.exe
  C:\Windows\System\GFcxoCY.exe
  2⤵
  PID:6160
- C:\Windows\System\EteYduW.exe
  C:\Windows\System\EteYduW.exe
  2⤵
  PID:6180
- C:\Windows\System\aEHoMsG.exe
  C:\Windows\System\aEHoMsG.exe
  2⤵
  PID:6208
- C:\Windows\System\TUBocsl.exe
  C:\Windows\System\TUBocsl.exe
  2⤵
  PID:6224
- C:\Windows\System\NkFxDaR.exe
  C:\Windows\System\NkFxDaR.exe
  2⤵
  PID:6244
- C:\Windows\System\SfnZEhk.exe
  C:\Windows\System\SfnZEhk.exe
  2⤵
  PID:6272
- C:\Windows\System\buhNHSW.exe
  C:\Windows\System\buhNHSW.exe
  2⤵
  PID:6300
- C:\Windows\System\yGuUCoL.exe
  C:\Windows\System\yGuUCoL.exe
  2⤵
  PID:6324
- C:\Windows\System\oqFphsf.exe
  C:\Windows\System\oqFphsf.exe
  2⤵
  PID:6356
- C:\Windows\System\AhqGVgV.exe
  C:\Windows\System\AhqGVgV.exe
  2⤵
  PID:6380
- C:\Windows\System\aEWNmok.exe
  C:\Windows\System\aEWNmok.exe
  2⤵
  PID:6404
- C:\Windows\System\rUDrZLw.exe
  C:\Windows\System\rUDrZLw.exe
  2⤵
  PID:6424
- C:\Windows\System\bMUtyZy.exe
  C:\Windows\System\bMUtyZy.exe
  2⤵
  PID:6448
- C:\Windows\System\HkvfKQk.exe
  C:\Windows\System\HkvfKQk.exe
  2⤵
  PID:6508
- C:\Windows\System\fBcODzV.exe
  C:\Windows\System\fBcODzV.exe
  2⤵
  PID:6540
- C:\Windows\System\ZzvwZqR.exe
  C:\Windows\System\ZzvwZqR.exe
  2⤵
  PID:6612
- C:\Windows\System\dMoacQH.exe
  C:\Windows\System\dMoacQH.exe
  2⤵
  PID:6636
- C:\Windows\System\tpmSQyo.exe
  C:\Windows\System\tpmSQyo.exe
  2⤵
  PID:6660
- C:\Windows\System\TPbhHLf.exe
  C:\Windows\System\TPbhHLf.exe
  2⤵
  PID:6676
- C:\Windows\System\FXLYZpG.exe
  C:\Windows\System\FXLYZpG.exe
  2⤵
  PID:6700
- C:\Windows\System\teidZPl.exe
  C:\Windows\System\teidZPl.exe
  2⤵
  PID:6732
- C:\Windows\System\gBldtvb.exe
  C:\Windows\System\gBldtvb.exe
  2⤵
  PID:6772
- C:\Windows\System\gtRSKWz.exe
  C:\Windows\System\gtRSKWz.exe
  2⤵
  PID:6796
- C:\Windows\System\dzuoGVC.exe
  C:\Windows\System\dzuoGVC.exe
  2⤵
  PID:6820
- C:\Windows\System\ymxpGxU.exe
  C:\Windows\System\ymxpGxU.exe
  2⤵
  PID:6868
- C:\Windows\System\UWjmHll.exe
  C:\Windows\System\UWjmHll.exe
  2⤵
  PID:6888
- C:\Windows\System\lpMTMcN.exe
  C:\Windows\System\lpMTMcN.exe
  2⤵
  PID:6908
- C:\Windows\System\BpywalB.exe
  C:\Windows\System\BpywalB.exe
  2⤵
  PID:6936
- C:\Windows\System\gLUOyYx.exe
  C:\Windows\System\gLUOyYx.exe
  2⤵
  PID:6964
- C:\Windows\System\zKKWfgC.exe
  C:\Windows\System\zKKWfgC.exe
  2⤵
  PID:6996
- C:\Windows\System\MGbBfwJ.exe
  C:\Windows\System\MGbBfwJ.exe
  2⤵
  PID:7016
- C:\Windows\System\WNYOuXY.exe
  C:\Windows\System\WNYOuXY.exe
  2⤵
  PID:7036
- C:\Windows\System\UgspVhw.exe
  C:\Windows\System\UgspVhw.exe
  2⤵
  PID:7104
- C:\Windows\System\pwcvUWO.exe
  C:\Windows\System\pwcvUWO.exe
  2⤵
  PID:7148
- C:\Windows\System\xkUJpRh.exe
  C:\Windows\System\xkUJpRh.exe
  2⤵
  PID:7164
- C:\Windows\System\rzkXoPY.exe
  C:\Windows\System\rzkXoPY.exe
  2⤵
  PID:6176
- C:\Windows\System\QHKeeyh.exe
  C:\Windows\System\QHKeeyh.exe
  2⤵
  PID:6236
- C:\Windows\System\oneugxC.exe
  C:\Windows\System\oneugxC.exe
  2⤵
  PID:6252
- C:\Windows\System\kSJhqBO.exe
  C:\Windows\System\kSJhqBO.exe
  2⤵
  PID:6320
- C:\Windows\System\bQZYYAR.exe
  C:\Windows\System\bQZYYAR.exe
  2⤵
  PID:6440
- C:\Windows\System\alDTzvD.exe
  C:\Windows\System\alDTzvD.exe
  2⤵
  PID:6432
- C:\Windows\System\GmjzdSq.exe
  C:\Windows\System\GmjzdSq.exe
  2⤵
  PID:6500
- C:\Windows\System\PRQKMrZ.exe
  C:\Windows\System\PRQKMrZ.exe
  2⤵
  PID:5928
- C:\Windows\System\OXjzsuN.exe
  C:\Windows\System\OXjzsuN.exe
  2⤵
  PID:5708
- C:\Windows\System\rHXdJae.exe
  C:\Windows\System\rHXdJae.exe
  2⤵
  PID:5564
- C:\Windows\System\XLOITdv.exe
  C:\Windows\System\XLOITdv.exe
  2⤵
  PID:6128
- C:\Windows\System\OzVOFOj.exe
  C:\Windows\System\OzVOFOj.exe
  2⤵
  PID:6692
- C:\Windows\System\EmuVApR.exe
  C:\Windows\System\EmuVApR.exe
  2⤵
  PID:6716
- C:\Windows\System\gOhrSCX.exe
  C:\Windows\System\gOhrSCX.exe
  2⤵
  PID:5288
- C:\Windows\System\wYdmpBM.exe
  C:\Windows\System\wYdmpBM.exe
  2⤵
  PID:6816
- C:\Windows\System\zngiqQu.exe
  C:\Windows\System\zngiqQu.exe
  2⤵
  PID:4996
- C:\Windows\System\qAWhukf.exe
  C:\Windows\System\qAWhukf.exe
  2⤵
  PID:6864
- C:\Windows\System\yEYLAEA.exe
  C:\Windows\System\yEYLAEA.exe
  2⤵
  PID:6932
- C:\Windows\System\rKODCwa.exe
  C:\Windows\System\rKODCwa.exe
  2⤵
  PID:7004
- C:\Windows\System\vKDbvFX.exe
  C:\Windows\System\vKDbvFX.exe
  2⤵
  PID:7032
- C:\Windows\System\EAhPXbt.exe
  C:\Windows\System\EAhPXbt.exe
  2⤵
  PID:7120
- C:\Windows\System\izUHOan.exe
  C:\Windows\System\izUHOan.exe
  2⤵
  PID:7156
- C:\Windows\System\fZwdEcJ.exe
  C:\Windows\System\fZwdEcJ.exe
  2⤵
  PID:6364
- C:\Windows\System\PXUZaBr.exe
  C:\Windows\System\PXUZaBr.exe
  2⤵
  PID:6520
- C:\Windows\System\LqQaEVb.exe
  C:\Windows\System\LqQaEVb.exe
  2⤵
  PID:5200
- C:\Windows\System\RdZNDrP.exe
  C:\Windows\System\RdZNDrP.exe
  2⤵
  PID:6684
- C:\Windows\System\FnhYuFH.exe
  C:\Windows\System\FnhYuFH.exe
  2⤵
  PID:5176
- C:\Windows\System\AYzXcDS.exe
  C:\Windows\System\AYzXcDS.exe
  2⤵
  PID:2284
- C:\Windows\System\vhXvrDv.exe
  C:\Windows\System\vhXvrDv.exe
  2⤵
  PID:5172
- C:\Windows\System\VWffaHV.exe
  C:\Windows\System\VWffaHV.exe
  2⤵
  PID:7084
- C:\Windows\System\MovGODt.exe
  C:\Windows\System\MovGODt.exe
  2⤵
  PID:6436
- C:\Windows\System\BYPLbQQ.exe
  C:\Windows\System\BYPLbQQ.exe
  2⤵
  PID:1872
- C:\Windows\System\GpgfQAN.exe
  C:\Windows\System\GpgfQAN.exe
  2⤵
  PID:6860
- C:\Windows\System\BwGimOs.exe
  C:\Windows\System\BwGimOs.exe
  2⤵
  PID:6988
- C:\Windows\System\rhQgaqJ.exe
  C:\Windows\System\rhQgaqJ.exe
  2⤵
  PID:6192
- C:\Windows\System\hvzjhne.exe
  C:\Windows\System\hvzjhne.exe
  2⤵
  PID:7180
- C:\Windows\System\EgAmwmK.exe
  C:\Windows\System\EgAmwmK.exe
  2⤵
  PID:7228
- C:\Windows\System\tRhxarn.exe
  C:\Windows\System\tRhxarn.exe
  2⤵
  PID:7324
- C:\Windows\System\UdskaJI.exe
  C:\Windows\System\UdskaJI.exe
  2⤵
  PID:7340
- C:\Windows\System\AsRzOgH.exe
  C:\Windows\System\AsRzOgH.exe
  2⤵
  PID:7360
- C:\Windows\System\hgqVXdV.exe
  C:\Windows\System\hgqVXdV.exe
  2⤵
  PID:7380
- C:\Windows\System\jkdPNwW.exe
  C:\Windows\System\jkdPNwW.exe
  2⤵
  PID:7408
- C:\Windows\System\GIxJDiF.exe
  C:\Windows\System\GIxJDiF.exe
  2⤵
  PID:7436
- C:\Windows\System\gEbgFEc.exe
  C:\Windows\System\gEbgFEc.exe
  2⤵
  PID:7456
- C:\Windows\System\dASoFTf.exe
  C:\Windows\System\dASoFTf.exe
  2⤵
  PID:7480
- C:\Windows\System\UGwYrJU.exe
  C:\Windows\System\UGwYrJU.exe
  2⤵
  PID:7504
- C:\Windows\System\HCjfzLI.exe
  C:\Windows\System\HCjfzLI.exe
  2⤵
  PID:7520
- C:\Windows\System\uhXeMNZ.exe
  C:\Windows\System\uhXeMNZ.exe
  2⤵
  PID:7540
- C:\Windows\System\cxlmNfx.exe
  C:\Windows\System\cxlmNfx.exe
  2⤵
  PID:7580
- C:\Windows\System\hZvvIcY.exe
  C:\Windows\System\hZvvIcY.exe
  2⤵
  PID:7624
- C:\Windows\System\AxkUnwP.exe
  C:\Windows\System\AxkUnwP.exe
  2⤵
  PID:7660
- C:\Windows\System\ReVCYYR.exe
  C:\Windows\System\ReVCYYR.exe
  2⤵
  PID:7684
- C:\Windows\System\pttcqqK.exe
  C:\Windows\System\pttcqqK.exe
  2⤵
  PID:7712
- C:\Windows\System\NEKyCBN.exe
  C:\Windows\System\NEKyCBN.exe
  2⤵
  PID:7740
- C:\Windows\System\ozcuAlH.exe
  C:\Windows\System\ozcuAlH.exe
  2⤵
  PID:7768
- C:\Windows\System\PfmZYJP.exe
  C:\Windows\System\PfmZYJP.exe
  2⤵
  PID:7824
- C:\Windows\System\Pigtymz.exe
  C:\Windows\System\Pigtymz.exe
  2⤵
  PID:7848
- C:\Windows\System\xrFanNP.exe
  C:\Windows\System\xrFanNP.exe
  2⤵
  PID:7868
- C:\Windows\System\ULdDfpF.exe
  C:\Windows\System\ULdDfpF.exe
  2⤵
  PID:7896
- C:\Windows\System\szLQbKe.exe
  C:\Windows\System\szLQbKe.exe
  2⤵
  PID:7944
- C:\Windows\System\oLpMgbI.exe
  C:\Windows\System\oLpMgbI.exe
  2⤵
  PID:7968
- C:\Windows\System\udphAAV.exe
  C:\Windows\System\udphAAV.exe
  2⤵
  PID:7988
- C:\Windows\System\lfHaath.exe
  C:\Windows\System\lfHaath.exe
  2⤵
  PID:8008
- C:\Windows\System\zPWEENZ.exe
  C:\Windows\System\zPWEENZ.exe
  2⤵
  PID:8056
- C:\Windows\System\pyfBnil.exe
  C:\Windows\System\pyfBnil.exe
  2⤵
  PID:8080
- C:\Windows\System\yjIXRyq.exe
  C:\Windows\System\yjIXRyq.exe
  2⤵
  PID:8100
- C:\Windows\System\iCWHtYM.exe
  C:\Windows\System\iCWHtYM.exe
  2⤵
  PID:8124
- C:\Windows\System\eYdktbZ.exe
  C:\Windows\System\eYdktbZ.exe
  2⤵
  PID:8152
- C:\Windows\System\aTSxkWs.exe
  C:\Windows\System\aTSxkWs.exe
  2⤵
  PID:8172
- C:\Windows\System\FTTOreM.exe
  C:\Windows\System\FTTOreM.exe
  2⤵
  PID:6200
- C:\Windows\System\IFiclXj.exe
  C:\Windows\System\IFiclXj.exe
  2⤵
  PID:7196
- C:\Windows\System\KbKWZjd.exe
  C:\Windows\System\KbKWZjd.exe
  2⤵
  PID:7244
- C:\Windows\System\MEAhnWB.exe
  C:\Windows\System\MEAhnWB.exe
  2⤵
  PID:7352
- C:\Windows\System\LEyieoH.exe
  C:\Windows\System\LEyieoH.exe
  2⤵
  PID:7388
- C:\Windows\System\cuWSIzj.exe
  C:\Windows\System\cuWSIzj.exe
  2⤵
  PID:7468
- C:\Windows\System\KoAwSrM.exe
  C:\Windows\System\KoAwSrM.exe
  2⤵
  PID:7516
- C:\Windows\System\vOOFAjq.exe
  C:\Windows\System\vOOFAjq.exe
  2⤵
  PID:7592
- C:\Windows\System\jgTeOVQ.exe
  C:\Windows\System\jgTeOVQ.exe
  2⤵
  PID:7668
- C:\Windows\System\RRoMtQD.exe
  C:\Windows\System\RRoMtQD.exe
  2⤵
  PID:7756
- C:\Windows\System\VlVeqqi.exe
  C:\Windows\System\VlVeqqi.exe
  2⤵
  PID:7840
- C:\Windows\System\gMJSSGI.exe
  C:\Windows\System\gMJSSGI.exe
  2⤵
  PID:7908
- C:\Windows\System\NCmFPie.exe
  C:\Windows\System\NCmFPie.exe
  2⤵
  PID:7936
- C:\Windows\System\EsgPPTv.exe
  C:\Windows\System\EsgPPTv.exe
  2⤵
  PID:7980
- C:\Windows\System\ovdkSxF.exe
  C:\Windows\System\ovdkSxF.exe
  2⤵
  PID:8092
- C:\Windows\System\BnCdVvJ.exe
  C:\Windows\System\BnCdVvJ.exe
  2⤵
  PID:8132
- C:\Windows\System\TjRmJGK.exe
  C:\Windows\System\TjRmJGK.exe
  2⤵
  PID:8164
- C:\Windows\System\dYqpofx.exe
  C:\Windows\System\dYqpofx.exe
  2⤵
  PID:6296
- C:\Windows\System\pkNtUdq.exe
  C:\Windows\System\pkNtUdq.exe
  2⤵
  PID:7348
- C:\Windows\System\CYVcpot.exe
  C:\Windows\System\CYVcpot.exe
  2⤵
  PID:7536
- C:\Windows\System\PuenyTy.exe
  C:\Windows\System\PuenyTy.exe
  2⤵
  PID:7620
- C:\Windows\System\BXGxtnF.exe
  C:\Windows\System\BXGxtnF.exe
  2⤵
  PID:7892
- C:\Windows\System\hrYFgwA.exe
  C:\Windows\System\hrYFgwA.exe
  2⤵
  PID:8188
- C:\Windows\System\EbpCBIR.exe
  C:\Windows\System\EbpCBIR.exe
  2⤵
  PID:7272
- C:\Windows\System\PYDgKgc.exe
  C:\Windows\System\PYDgKgc.exe
  2⤵
  PID:7652
- C:\Windows\System\UlIGVTL.exe
  C:\Windows\System\UlIGVTL.exe
  2⤵
  PID:7836
- C:\Windows\System\OClPrFP.exe
  C:\Windows\System\OClPrFP.exe
  2⤵
  PID:8160
- C:\Windows\System\GbQxuGP.exe
  C:\Windows\System\GbQxuGP.exe
  2⤵
  PID:7572
- C:\Windows\System\HLdXUig.exe
  C:\Windows\System\HLdXUig.exe
  2⤵
  PID:8200
- C:\Windows\System\uSHbdDv.exe
  C:\Windows\System\uSHbdDv.exe
  2⤵
  PID:8228
- C:\Windows\System\PtdAVac.exe
  C:\Windows\System\PtdAVac.exe
  2⤵
  PID:8248
- C:\Windows\System\YlgJayO.exe
  C:\Windows\System\YlgJayO.exe
  2⤵
  PID:8280
- C:\Windows\System\WGWbVRu.exe
  C:\Windows\System\WGWbVRu.exe
  2⤵
  PID:8300
- C:\Windows\System\syTspdu.exe
  C:\Windows\System\syTspdu.exe
  2⤵
  PID:8332
- C:\Windows\System\EwPyVSD.exe
  C:\Windows\System\EwPyVSD.exe
  2⤵
  PID:8352
- C:\Windows\System\WdxArBR.exe
  C:\Windows\System\WdxArBR.exe
  2⤵
  PID:8368
- C:\Windows\System\oosFDsM.exe
  C:\Windows\System\oosFDsM.exe
  2⤵
  PID:8448
- C:\Windows\System\CXubMRL.exe
  C:\Windows\System\CXubMRL.exe
  2⤵
  PID:8468
- C:\Windows\System\qnLFlMi.exe
  C:\Windows\System\qnLFlMi.exe
  2⤵
  PID:8516
- C:\Windows\System\uYLEUea.exe
  C:\Windows\System\uYLEUea.exe
  2⤵
  PID:8532
- C:\Windows\System\ztzUEFB.exe
  C:\Windows\System\ztzUEFB.exe
  2⤵
  PID:8552
- C:\Windows\System\oMJrrza.exe
  C:\Windows\System\oMJrrza.exe
  2⤵
  PID:8580
- C:\Windows\System\vKRuQvb.exe
  C:\Windows\System\vKRuQvb.exe
  2⤵
  PID:8604
- C:\Windows\System\QTISUZL.exe
  C:\Windows\System\QTISUZL.exe
  2⤵
  PID:8624
- C:\Windows\System\rfihYCs.exe
  C:\Windows\System\rfihYCs.exe
  2⤵
  PID:8648
- C:\Windows\System\yoCKZaA.exe
  C:\Windows\System\yoCKZaA.exe
  2⤵
  PID:8688
- C:\Windows\System\afaELyS.exe
  C:\Windows\System\afaELyS.exe
  2⤵
  PID:8716
- C:\Windows\System\GpKlyXH.exe
  C:\Windows\System\GpKlyXH.exe
  2⤵
  PID:8748
- C:\Windows\System\gSjdLQu.exe
  C:\Windows\System\gSjdLQu.exe
  2⤵
  PID:8772
- C:\Windows\System\sgiZQkA.exe
  C:\Windows\System\sgiZQkA.exe
  2⤵
  PID:8792
- C:\Windows\System\KRSrLTu.exe
  C:\Windows\System\KRSrLTu.exe
  2⤵
  PID:8840
- C:\Windows\System\hQzkfzM.exe
  C:\Windows\System\hQzkfzM.exe
  2⤵
  PID:8860
- C:\Windows\System\oeAfjHy.exe
  C:\Windows\System\oeAfjHy.exe
  2⤵
  PID:8908
- C:\Windows\System\jzMUmfR.exe
  C:\Windows\System\jzMUmfR.exe
  2⤵
  PID:8928
- C:\Windows\System\boIxSKq.exe
  C:\Windows\System\boIxSKq.exe
  2⤵
  PID:8944
- C:\Windows\System\McUbXZp.exe
  C:\Windows\System\McUbXZp.exe
  2⤵
  PID:8968
- C:\Windows\System\fgHioOT.exe
  C:\Windows\System\fgHioOT.exe
  2⤵
  PID:9000
- C:\Windows\System\RQjraGv.exe
  C:\Windows\System\RQjraGv.exe
  2⤵
  PID:9024
- C:\Windows\System\ytunYzi.exe
  C:\Windows\System\ytunYzi.exe
  2⤵
  PID:9072
- C:\Windows\System\erviwot.exe
  C:\Windows\System\erviwot.exe
  2⤵
  PID:9100
- C:\Windows\System\CRhMLnc.exe
  C:\Windows\System\CRhMLnc.exe
  2⤵
  PID:9120
- C:\Windows\System\xloMJwe.exe
  C:\Windows\System\xloMJwe.exe
  2⤵
  PID:9140
- C:\Windows\System\YnViyRb.exe
  C:\Windows\System\YnViyRb.exe
  2⤵
  PID:9168
- C:\Windows\System\zNqKgYc.exe
  C:\Windows\System\zNqKgYc.exe
  2⤵
  PID:9196
- C:\Windows\System\UqUTZgo.exe
  C:\Windows\System\UqUTZgo.exe
  2⤵
  PID:7500
- C:\Windows\System\ptNjOPe.exe
  C:\Windows\System\ptNjOPe.exe
  2⤵
  PID:8240
- C:\Windows\System\CEcaqXh.exe
  C:\Windows\System\CEcaqXh.exe
  2⤵
  PID:8276
- C:\Windows\System\IyVyool.exe
  C:\Windows\System\IyVyool.exe
  2⤵
  PID:8344
- C:\Windows\System\aGtqiGN.exe
  C:\Windows\System\aGtqiGN.exe
  2⤵
  PID:8456
- C:\Windows\System\sRsMUfX.exe
  C:\Windows\System\sRsMUfX.exe
  2⤵
  PID:8524
- C:\Windows\System\NFgPMOH.exe
  C:\Windows\System\NFgPMOH.exe
  2⤵
  PID:8632
- C:\Windows\System\TOVcLDr.exe
  C:\Windows\System\TOVcLDr.exe
  2⤵
  PID:8712
- C:\Windows\System\FgxLYfz.exe
  C:\Windows\System\FgxLYfz.exe
  2⤵
  PID:8788
- C:\Windows\System\ybYQStd.exe
  C:\Windows\System\ybYQStd.exe
  2⤵
  PID:8784
- C:\Windows\System\UNsCWYD.exe
  C:\Windows\System\UNsCWYD.exe
  2⤵
  PID:8888
- C:\Windows\System\xhUVPTg.exe
  C:\Windows\System\xhUVPTg.exe
  2⤵
  PID:8956
- C:\Windows\System\Sknnmsk.exe
  C:\Windows\System\Sknnmsk.exe
  2⤵
  PID:9016
- C:\Windows\System\PwWoXvM.exe
  C:\Windows\System\PwWoXvM.exe
  2⤵
  PID:9092
- C:\Windows\System\hOUDqkp.exe
  C:\Windows\System\hOUDqkp.exe
  2⤵
  PID:9164
- C:\Windows\System\jtjluXO.exe
  C:\Windows\System\jtjluXO.exe
  2⤵
  PID:9192
- C:\Windows\System\cwnkRVo.exe
  C:\Windows\System\cwnkRVo.exe
  2⤵
  PID:7292
- C:\Windows\System\WwAqKWv.exe
  C:\Windows\System\WwAqKWv.exe
  2⤵
  PID:8672
- C:\Windows\System\CXtRVBx.exe
  C:\Windows\System\CXtRVBx.exe
  2⤵
  PID:8920
- C:\Windows\System\DfTAjOd.exe
  C:\Windows\System\DfTAjOd.exe
  2⤵
  PID:8964
- C:\Windows\System\jXVlUgU.exe
  C:\Windows\System\jXVlUgU.exe
  2⤵
  PID:9080
- C:\Windows\System\LDqypqH.exe
  C:\Windows\System\LDqypqH.exe
  2⤵
  PID:9240
- C:\Windows\System\mDBplIM.exe
  C:\Windows\System\mDBplIM.exe
  2⤵
  PID:9260
- C:\Windows\System\jHZoLfN.exe
  C:\Windows\System\jHZoLfN.exe
  2⤵
  PID:9328
- C:\Windows\System\wbDffgy.exe
  C:\Windows\System\wbDffgy.exe
  2⤵
  PID:9352
- C:\Windows\System\wGfENTc.exe
  C:\Windows\System\wGfENTc.exe
  2⤵
  PID:9436
- C:\Windows\System\Qfrmife.exe
  C:\Windows\System\Qfrmife.exe
  2⤵
  PID:9456
- C:\Windows\System\ZfcYqwB.exe
  C:\Windows\System\ZfcYqwB.exe
  2⤵
  PID:9476
- C:\Windows\System\yGbdawE.exe
  C:\Windows\System\yGbdawE.exe
  2⤵
  PID:9496
- C:\Windows\System\eyxafaq.exe
  C:\Windows\System\eyxafaq.exe
  2⤵
  PID:9532
- C:\Windows\System\sloazRN.exe
  C:\Windows\System\sloazRN.exe
  2⤵
  PID:9572
- C:\Windows\System\aMPILri.exe
  C:\Windows\System\aMPILri.exe
  2⤵
  PID:9596
- C:\Windows\System\HbzrqvL.exe
  C:\Windows\System\HbzrqvL.exe
  2⤵
  PID:9616
- C:\Windows\System\UBDapIC.exe
  C:\Windows\System\UBDapIC.exe
  2⤵
  PID:9668
- C:\Windows\System\NHgwsRP.exe
  C:\Windows\System\NHgwsRP.exe
  2⤵
  PID:9688
- C:\Windows\System\jzMuJdE.exe
  C:\Windows\System\jzMuJdE.exe
  2⤵
  PID:9708
- C:\Windows\System\nKFAFem.exe
  C:\Windows\System\nKFAFem.exe
  2⤵
  PID:9752
- C:\Windows\System\QxNBoxy.exe
  C:\Windows\System\QxNBoxy.exe
  2⤵
  PID:9768
- C:\Windows\System\bTnUbfm.exe
  C:\Windows\System\bTnUbfm.exe
  2⤵
  PID:9800
- C:\Windows\System\VAETfmh.exe
  C:\Windows\System\VAETfmh.exe
  2⤵
  PID:9832
- C:\Windows\System\OqMijFr.exe
  C:\Windows\System\OqMijFr.exe
  2⤵
  PID:9856
- C:\Windows\System\MqTkZSU.exe
  C:\Windows\System\MqTkZSU.exe
  2⤵
  PID:9876
- C:\Windows\System\FWefUab.exe
  C:\Windows\System\FWefUab.exe
  2⤵
  PID:9904
- C:\Windows\System\rnUIcRk.exe
  C:\Windows\System\rnUIcRk.exe
  2⤵
  PID:9940
- C:\Windows\System\KBMHSFx.exe
  C:\Windows\System\KBMHSFx.exe
  2⤵
  PID:9960
- C:\Windows\System\CaTlTBK.exe
  C:\Windows\System\CaTlTBK.exe
  2⤵
  PID:9984
- C:\Windows\System\uSrMgXa.exe
  C:\Windows\System\uSrMgXa.exe
  2⤵
  PID:10012
- C:\Windows\System\xtSbVTA.exe
  C:\Windows\System\xtSbVTA.exe
  2⤵
  PID:10028
- C:\Windows\System\PCJdajU.exe
  C:\Windows\System\PCJdajU.exe
  2⤵
  PID:10052
- C:\Windows\System\bDJlQyE.exe
  C:\Windows\System\bDJlQyE.exe
  2⤵
  PID:10072
- C:\Windows\System\LaNeyLG.exe
  C:\Windows\System\LaNeyLG.exe
  2⤵
  PID:10096
- C:\Windows\System\LUHlqnX.exe
  C:\Windows\System\LUHlqnX.exe
  2⤵
  PID:10124
- C:\Windows\System\kNTrbjd.exe
  C:\Windows\System\kNTrbjd.exe
  2⤵
  PID:10148
- C:\Windows\System\IidKNOq.exe
  C:\Windows\System\IidKNOq.exe
  2⤵
  PID:10188
- C:\Windows\System\uDGsmWk.exe
  C:\Windows\System\uDGsmWk.exe
  2⤵
  PID:10220
- C:\Windows\System\FkeGwQP.exe
  C:\Windows\System\FkeGwQP.exe
  2⤵
  PID:8544
- C:\Windows\System\FHSuqMF.exe
  C:\Windows\System\FHSuqMF.exe
  2⤵
  PID:8992
- C:\Windows\System\dmzCHbP.exe
  C:\Windows\System\dmzCHbP.exe
  2⤵
  PID:9188
- C:\Windows\System\nCgTryf.exe
  C:\Windows\System\nCgTryf.exe
  2⤵
  PID:9224
- C:\Windows\System\TxvUKab.exe
  C:\Windows\System\TxvUKab.exe
  2⤵
  PID:9232
- C:\Windows\System\EAMVpxX.exe
  C:\Windows\System\EAMVpxX.exe
  2⤵
  PID:8272
- C:\Windows\System\STyhxtl.exe
  C:\Windows\System\STyhxtl.exe
  2⤵
  PID:9284
- C:\Windows\System\FfXxoZX.exe
  C:\Windows\System\FfXxoZX.exe
  2⤵
  PID:9348
- C:\Windows\System\tmgQzbE.exe
  C:\Windows\System\tmgQzbE.exe
  2⤵
  PID:9452
- C:\Windows\System\LKCzUNz.exe
  C:\Windows\System\LKCzUNz.exe
  2⤵
  PID:9484
- C:\Windows\System\LiZQRSD.exe
  C:\Windows\System\LiZQRSD.exe
  2⤵
  PID:9624
- C:\Windows\System\FFrqjVW.exe
  C:\Windows\System\FFrqjVW.exe
  2⤵
  PID:9648
- C:\Windows\System\xdHduNv.exe
  C:\Windows\System\xdHduNv.exe
  2⤵
  PID:9732
- C:\Windows\System\RaGTyuz.exe
  C:\Windows\System\RaGTyuz.exe
  2⤵
  PID:9788
- C:\Windows\System\sbZCErD.exe
  C:\Windows\System\sbZCErD.exe
  2⤵
  PID:9852
- C:\Windows\System\AsgBZNt.exe
  C:\Windows\System\AsgBZNt.exe
  2⤵
  PID:9916
- C:\Windows\System\ldrAeXd.exe
  C:\Windows\System\ldrAeXd.exe
  2⤵
  PID:9952
- C:\Windows\System\cFMaIUB.exe
  C:\Windows\System\cFMaIUB.exe
  2⤵
  PID:10020
- C:\Windows\System\qSdvYCe.exe
  C:\Windows\System\qSdvYCe.exe
  2⤵
  PID:10044
- C:\Windows\System\uVbfKcx.exe
  C:\Windows\System\uVbfKcx.exe
  2⤵
  PID:10132
- C:\Windows\System\mXgLSPC.exe
  C:\Windows\System\mXgLSPC.exe
  2⤵
  PID:8560
- C:\Windows\System\AVSFxMC.exe
  C:\Windows\System\AVSFxMC.exe
  2⤵
  PID:10236
- C:\Windows\System\bYuxrdq.exe
  C:\Windows\System\bYuxrdq.exe
  2⤵
  PID:8196
- C:\Windows\System\ZxbVYWk.exe
  C:\Windows\System\ZxbVYWk.exe
  2⤵
  PID:8620
- C:\Windows\System\nSikrJQ.exe
  C:\Windows\System\nSikrJQ.exe
  2⤵
  PID:9276
- C:\Windows\System\BrWIPuk.exe
  C:\Windows\System\BrWIPuk.exe
  2⤵
  PID:9544
- C:\Windows\System\PJrSWAY.exe
  C:\Windows\System\PJrSWAY.exe
  2⤵
  PID:9748
- C:\Windows\System\fZDFZbh.exe
  C:\Windows\System\fZDFZbh.exe
  2⤵
  PID:9868
- C:\Windows\System\RzZLPQz.exe
  C:\Windows\System\RzZLPQz.exe
  2⤵
  PID:9920
- C:\Windows\System\oTqEymo.exe
  C:\Windows\System\oTqEymo.exe
  2⤵
  PID:9444
- C:\Windows\System\KlpPgma.exe
  C:\Windows\System\KlpPgma.exe
  2⤵
  PID:9512
- C:\Windows\System\vczDgIU.exe
  C:\Windows\System\vczDgIU.exe
  2⤵
  PID:9520
- C:\Windows\System\LrtDlWp.exe
  C:\Windows\System\LrtDlWp.exe
  2⤵
  PID:10180
- C:\Windows\System\NkAIyin.exe
  C:\Windows\System\NkAIyin.exe
  2⤵
  PID:9644
- C:\Windows\System\rlNEnND.exe
  C:\Windows\System\rlNEnND.exe
  2⤵
  PID:10004
- C:\Windows\System\XgDWxSe.exe
  C:\Windows\System\XgDWxSe.exe
  2⤵
  PID:10260
- C:\Windows\System\kXRSvVQ.exe
  C:\Windows\System\kXRSvVQ.exe
  2⤵
  PID:10300
- C:\Windows\System\eXkGPfR.exe
  C:\Windows\System\eXkGPfR.exe
  2⤵
  PID:10316
- C:\Windows\System\TKixgat.exe
  C:\Windows\System\TKixgat.exe
  2⤵
  PID:10336
- C:\Windows\System\hxMLKbo.exe
  C:\Windows\System\hxMLKbo.exe
  2⤵
  PID:10388
- C:\Windows\System\pTZcQBa.exe
  C:\Windows\System\pTZcQBa.exe
  2⤵
  PID:10408
- C:\Windows\System\HiNqkfz.exe
  C:\Windows\System\HiNqkfz.exe
  2⤵
  PID:10436
- C:\Windows\System\nwPerHV.exe
  C:\Windows\System\nwPerHV.exe
  2⤵
  PID:10468
- C:\Windows\System\QJLWShI.exe
  C:\Windows\System\QJLWShI.exe
  2⤵
  PID:10488
- C:\Windows\System\XGFKwAV.exe
  C:\Windows\System\XGFKwAV.exe
  2⤵
  PID:10508
- C:\Windows\System\sMSmHUU.exe
  C:\Windows\System\sMSmHUU.exe
  2⤵
  PID:10532
- C:\Windows\System\gbTDYCh.exe
  C:\Windows\System\gbTDYCh.exe
  2⤵
  PID:10560
- C:\Windows\System\zpcAept.exe
  C:\Windows\System\zpcAept.exe
  2⤵
  PID:10584
- C:\Windows\System\yWuHCON.exe
  C:\Windows\System\yWuHCON.exe
  2⤵
  PID:10608
- C:\Windows\System\UfxXfcV.exe
  C:\Windows\System\UfxXfcV.exe
  2⤵
  PID:10632
- C:\Windows\System\xqWkoUg.exe
  C:\Windows\System\xqWkoUg.exe
  2⤵
  PID:10652
- C:\Windows\System\BRunsjD.exe
  C:\Windows\System\BRunsjD.exe
  2⤵
  PID:10672
- C:\Windows\System\RAgRdZU.exe
  C:\Windows\System\RAgRdZU.exe
  2⤵
  PID:10704
- C:\Windows\System\jNcBlZe.exe
  C:\Windows\System\jNcBlZe.exe
  2⤵
  PID:10728
- C:\Windows\System\LTSYVZc.exe
  C:\Windows\System\LTSYVZc.exe
  2⤵
  PID:10752
- C:\Windows\System\eWkqyiw.exe
  C:\Windows\System\eWkqyiw.exe
  2⤵
  PID:10776
- C:\Windows\System\azAUkDG.exe
  C:\Windows\System\azAUkDG.exe
  2⤵
  PID:10800
- C:\Windows\System\NHAYrQO.exe
  C:\Windows\System\NHAYrQO.exe
  2⤵
  PID:10868
- C:\Windows\System\CrUQLTj.exe
  C:\Windows\System\CrUQLTj.exe
  2⤵
  PID:10892
- C:\Windows\System\SNTUMHG.exe
  C:\Windows\System\SNTUMHG.exe
  2⤵
  PID:10916
- C:\Windows\System\MpboGyt.exe
  C:\Windows\System\MpboGyt.exe
  2⤵
  PID:10952
- C:\Windows\System\yCYMnHh.exe
  C:\Windows\System\yCYMnHh.exe
  2⤵
  PID:10984
- C:\Windows\System\akRnoDD.exe
  C:\Windows\System\akRnoDD.exe
  2⤵
  PID:11004
- C:\Windows\System\BvgSjdR.exe
  C:\Windows\System\BvgSjdR.exe
  2⤵
  PID:11024
- C:\Windows\System\cQahqgl.exe
  C:\Windows\System\cQahqgl.exe
  2⤵
  PID:11060
- C:\Windows\System\qcJIyAp.exe
  C:\Windows\System\qcJIyAp.exe
  2⤵
  PID:11088
- C:\Windows\System\oWMzyfB.exe
  C:\Windows\System\oWMzyfB.exe
  2⤵
  PID:11144
- C:\Windows\System\VmGzxZF.exe
  C:\Windows\System\VmGzxZF.exe
  2⤵
  PID:11168
- C:\Windows\System\vQJJiWc.exe
  C:\Windows\System\vQJJiWc.exe
  2⤵
  PID:11188
- C:\Windows\System\IxCHCRm.exe
  C:\Windows\System\IxCHCRm.exe
  2⤵
  PID:11216
- C:\Windows\System\dwZycjB.exe
  C:\Windows\System\dwZycjB.exe
  2⤵
  PID:11244
- C:\Windows\System\mQAPIlm.exe
  C:\Windows\System\mQAPIlm.exe
  2⤵
  PID:9384
- C:\Windows\System\pDZFNsR.exe
  C:\Windows\System\pDZFNsR.exe
  2⤵
  PID:10328
- C:\Windows\System\ZTMIhVs.exe
  C:\Windows\System\ZTMIhVs.exe
  2⤵
  PID:10396
- C:\Windows\System\oodjCwk.exe
  C:\Windows\System\oodjCwk.exe
  2⤵
  PID:10496
- C:\Windows\System\ZBGbnDb.exe
  C:\Windows\System\ZBGbnDb.exe
  2⤵
  PID:10464
- C:\Windows\System\VBRJWyb.exe
  C:\Windows\System\VBRJWyb.exe
  2⤵
  PID:10576
- C:\Windows\System\vVZrVrK.exe
  C:\Windows\System\vVZrVrK.exe
  2⤵
  PID:10640
- C:\Windows\System\rYAcDtt.exe
  C:\Windows\System\rYAcDtt.exe
  2⤵
  PID:10668
- C:\Windows\System\yNWlTzV.exe
  C:\Windows\System\yNWlTzV.exe
  2⤵
  PID:10736
- C:\Windows\System\kPjIcEP.exe
  C:\Windows\System\kPjIcEP.exe
  2⤵
  PID:10816
- C:\Windows\System\RnfkVEG.exe
  C:\Windows\System\RnfkVEG.exe
  2⤵
  PID:10836
- C:\Windows\System\iKyUVJZ.exe
  C:\Windows\System\iKyUVJZ.exe
  2⤵
  PID:11012
- C:\Windows\System\lQMcueH.exe
  C:\Windows\System\lQMcueH.exe
  2⤵
  PID:11112
- C:\Windows\System\KOwauDK.exe
  C:\Windows\System\KOwauDK.exe
  2⤵
  PID:11044
- C:\Windows\System\IBrYbha.exe
  C:\Windows\System\IBrYbha.exe
  2⤵
  PID:11156
- C:\Windows\System\NGIGGQZ.exe
  C:\Windows\System\NGIGGQZ.exe
  2⤵
  PID:11184
- C:\Windows\System\otvsDPh.exe
  C:\Windows\System\otvsDPh.exe
  2⤵
  PID:11200
- C:\Windows\System\cCQzLou.exe
  C:\Windows\System\cCQzLou.exe
  2⤵
  PID:10256
- C:\Windows\System\xypmSbD.exe
  C:\Windows\System\xypmSbD.exe
  2⤵
  PID:10480
- C:\Windows\System\YTHUvtI.exe
  C:\Windows\System\YTHUvtI.exe
  2⤵
  PID:10700
- C:\Windows\System\DXsuFaB.exe
  C:\Windows\System\DXsuFaB.exe
  2⤵
  PID:10644
- C:\Windows\System\iJjzYQp.exe
  C:\Windows\System\iJjzYQp.exe
  2⤵
  PID:11000
- C:\Windows\System\HyzXHBA.exe
  C:\Windows\System\HyzXHBA.exe
  2⤵
  PID:11080
- C:\Windows\System\zLCwKrZ.exe
  C:\Windows\System\zLCwKrZ.exe
  2⤵
  PID:10420
- C:\Windows\System\bPloseG.exe
  C:\Windows\System\bPloseG.exe
  2⤵
  PID:10620
- C:\Windows\System\JKaSunN.exe
  C:\Windows\System\JKaSunN.exe
  2⤵
  PID:10556
- C:\Windows\System\qJdrmAr.exe
  C:\Windows\System\qJdrmAr.exe
  2⤵
  PID:10552
- C:\Windows\System\SdpaDCt.exe
  C:\Windows\System\SdpaDCt.exe
  2⤵
  PID:11300
- C:\Windows\System\djlpzfm.exe
  C:\Windows\System\djlpzfm.exe
  2⤵
  PID:11316
- C:\Windows\System\SxLeixH.exe
  C:\Windows\System\SxLeixH.exe
  2⤵
  PID:11344
- C:\Windows\System\cszHMjS.exe
  C:\Windows\System\cszHMjS.exe
  2⤵
  PID:11372
- C:\Windows\System\DIFgdvl.exe
  C:\Windows\System\DIFgdvl.exe
  2⤵
  PID:11396
- C:\Windows\System\qbwGTZq.exe
  C:\Windows\System\qbwGTZq.exe
  2⤵
  PID:11428
- C:\Windows\System\apZXsgc.exe
  C:\Windows\System\apZXsgc.exe
  2⤵
  PID:11456
- C:\Windows\System\jpHSUnN.exe
  C:\Windows\System\jpHSUnN.exe
  2⤵
  PID:11476
- C:\Windows\System\xpnwfZP.exe
  C:\Windows\System\xpnwfZP.exe
  2⤵
  PID:11500
- C:\Windows\System\VvANNbq.exe
  C:\Windows\System\VvANNbq.exe
  2⤵
  PID:11524
- C:\Windows\System\zXtsNiR.exe
  C:\Windows\System\zXtsNiR.exe
  2⤵
  PID:11552
- C:\Windows\System\aVxxcTY.exe
  C:\Windows\System\aVxxcTY.exe
  2⤵
  PID:11608
- C:\Windows\System\tfQpDAQ.exe
  C:\Windows\System\tfQpDAQ.exe
  2⤵
  PID:11632
- C:\Windows\System\EPRbHqr.exe
  C:\Windows\System\EPRbHqr.exe
  2⤵
  PID:11652
- C:\Windows\System\EgknAUC.exe
  C:\Windows\System\EgknAUC.exe
  2⤵
  PID:11676
- C:\Windows\System\NaDBFZF.exe
  C:\Windows\System\NaDBFZF.exe
  2⤵
  PID:11724
- C:\Windows\System\snuqRGW.exe
  C:\Windows\System\snuqRGW.exe
  2⤵
  PID:11748
- C:\Windows\System\HwMErcT.exe
  C:\Windows\System\HwMErcT.exe
  2⤵
  PID:11768
- C:\Windows\System\LygjFcy.exe
  C:\Windows\System\LygjFcy.exe
  2⤵
  PID:11796
- C:\Windows\System\CYngDOb.exe
  C:\Windows\System\CYngDOb.exe
  2⤵
  PID:11824
- C:\Windows\System\uPIDWKP.exe
  C:\Windows\System\uPIDWKP.exe
  2⤵
  PID:11852
- C:\Windows\System\NLHXTJA.exe
  C:\Windows\System\NLHXTJA.exe
  2⤵
  PID:11888
- C:\Windows\System\wxVNOkM.exe
  C:\Windows\System\wxVNOkM.exe
  2⤵
  PID:11908
- C:\Windows\System\fdolJAK.exe
  C:\Windows\System\fdolJAK.exe
  2⤵
  PID:11932
- C:\Windows\System\JbIdzQU.exe
  C:\Windows\System\JbIdzQU.exe
  2⤵
  PID:11960
- C:\Windows\System\GtDXWFn.exe
  C:\Windows\System\GtDXWFn.exe
  2⤵
  PID:11984
- C:\Windows\System\xbYKkYq.exe
  C:\Windows\System\xbYKkYq.exe
  2⤵
  PID:12004
- C:\Windows\System\CzvtqJh.exe
  C:\Windows\System\CzvtqJh.exe
  2⤵
  PID:12028
- C:\Windows\System\VKvECwt.exe
  C:\Windows\System\VKvECwt.exe
  2⤵
  PID:12072
- C:\Windows\System\XcCJyTA.exe
  C:\Windows\System\XcCJyTA.exe
  2⤵
  PID:12120
- C:\Windows\System\hiNgnNw.exe
  C:\Windows\System\hiNgnNw.exe
  2⤵
  PID:12148
- C:\Windows\System\aONozoM.exe
  C:\Windows\System\aONozoM.exe
  2⤵
  PID:12168
- C:\Windows\System\eGGWyWv.exe
  C:\Windows\System\eGGWyWv.exe
  2⤵
  PID:12188
- C:\Windows\System\dFqebus.exe
  C:\Windows\System\dFqebus.exe
  2⤵
  PID:12216
- C:\Windows\System\zAvEkGI.exe
  C:\Windows\System\zAvEkGI.exe
  2⤵
  PID:12248
- C:\Windows\System\ZpTEjxJ.exe
  C:\Windows\System\ZpTEjxJ.exe
  2⤵
  PID:12272
- C:\Windows\System\FoMXbTZ.exe
  C:\Windows\System\FoMXbTZ.exe
  2⤵
  PID:11020
- C:\Windows\System\CzvruDv.exe
  C:\Windows\System\CzvruDv.exe
  2⤵
  PID:11340
- C:\Windows\System\PqpaAhf.exe
  C:\Windows\System\PqpaAhf.exe
  2⤵
  PID:11388
- C:\Windows\System\eNKIwgc.exe
  C:\Windows\System\eNKIwgc.exe
  2⤵
  PID:11448
- C:\Windows\System\ofChJla.exe
  C:\Windows\System\ofChJla.exe
  2⤵
  PID:11472
- C:\Windows\System\KYrbjLV.exe
  C:\Windows\System\KYrbjLV.exe
  2⤵
  PID:11616
- C:\Windows\System\tyJIAuz.exe
  C:\Windows\System\tyJIAuz.exe
  2⤵
  PID:11660
- C:\Windows\System\mfjQEBJ.exe
  C:\Windows\System\mfjQEBJ.exe
  2⤵
  PID:11696
- C:\Windows\System\rgKnToT.exe
  C:\Windows\System\rgKnToT.exe
  2⤵
  PID:11744
- C:\Windows\System\IqfrSnA.exe
  C:\Windows\System\IqfrSnA.exe
  2⤵
  PID:11804
- C:\Windows\System\KRWxSvq.exe
  C:\Windows\System\KRWxSvq.exe
  2⤵
  PID:11900
- C:\Windows\System\zSfHQEa.exe
  C:\Windows\System\zSfHQEa.exe
  2⤵
  PID:11952
- C:\Windows\System\CYgPCEz.exe
  C:\Windows\System\CYgPCEz.exe
  2⤵
  PID:12064
- C:\Windows\System\FqPMxgO.exe
  C:\Windows\System\FqPMxgO.exe
  2⤵
  PID:12136
- C:\Windows\System\mLhEQBO.exe
  C:\Windows\System\mLhEQBO.exe
  2⤵
  PID:12164
- C:\Windows\System\NkoqNaO.exe
  C:\Windows\System\NkoqNaO.exe
  2⤵
  PID:12244
- C:\Windows\System\xUlbRfc.exe
  C:\Windows\System\xUlbRfc.exe
  2⤵
  PID:11236
- C:\Windows\System\ILQukMl.exe
  C:\Windows\System\ILQukMl.exe
  2⤵
  PID:11336
- C:\Windows\System\ThkGgEx.exe
  C:\Windows\System\ThkGgEx.exe
  2⤵
  PID:11624
- C:\Windows\System\ILRSovo.exe
  C:\Windows\System\ILRSovo.exe
  2⤵
  PID:11644
- C:\Windows\System\cnvLWFL.exe
  C:\Windows\System\cnvLWFL.exe
  2⤵
  PID:11848
- C:\Windows\System\gvcOFeX.exe
  C:\Windows\System\gvcOFeX.exe
  2⤵
  PID:11992
- C:\Windows\System\zXvZjkN.exe
  C:\Windows\System\zXvZjkN.exe
  2⤵
  PID:12016
- C:\Windows\System\XQeicNx.exe
  C:\Windows\System\XQeicNx.exe
  2⤵
  PID:12156
- C:\Windows\System\NgJWMJR.exe
  C:\Windows\System\NgJWMJR.exe
  2⤵
  PID:11308
- C:\Windows\System\PSAGikr.exe
  C:\Windows\System\PSAGikr.exe
  2⤵
  PID:11424
- C:\Windows\System\MUTerwu.exe
  C:\Windows\System\MUTerwu.exe
  2⤵
  PID:12096
- C:\Windows\System\KrYAJGx.exe
  C:\Windows\System\KrYAJGx.exe
  2⤵
  PID:12308
- C:\Windows\System\JpFDgnu.exe
  C:\Windows\System\JpFDgnu.exe
  2⤵
  PID:12364
- C:\Windows\System\AGeVJUb.exe
  C:\Windows\System\AGeVJUb.exe
  2⤵
  PID:12388
- C:\Windows\System\ADpAiUI.exe
  C:\Windows\System\ADpAiUI.exe
  2⤵
  PID:12412
- C:\Windows\System\oMxlxYo.exe
  C:\Windows\System\oMxlxYo.exe
  2⤵
  PID:12440
- C:\Windows\System\ESvrylt.exe
  C:\Windows\System\ESvrylt.exe
  2⤵
  PID:12460
- C:\Windows\System\eyVnxRL.exe
  C:\Windows\System\eyVnxRL.exe
  2⤵
  PID:12484
- C:\Windows\System\sKUyIsa.exe
  C:\Windows\System\sKUyIsa.exe
  2⤵
  PID:12504
- C:\Windows\System\viWBWur.exe
  C:\Windows\System\viWBWur.exe
  2⤵
  PID:12524
- C:\Windows\System\ImlNEdr.exe
  C:\Windows\System\ImlNEdr.exe
  2⤵
  PID:12580
- C:\Windows\System\obtfKtg.exe
  C:\Windows\System\obtfKtg.exe
  2⤵
  PID:12640
- C:\Windows\System\jlLADUU.exe
  C:\Windows\System\jlLADUU.exe
  2⤵
  PID:12660
- C:\Windows\System\itCAxwo.exe
  C:\Windows\System\itCAxwo.exe
  2⤵
  PID:12684
- C:\Windows\System\QjTESQc.exe
  C:\Windows\System\QjTESQc.exe
  2⤵
  PID:12728
- C:\Windows\System\MzYYJOX.exe
  C:\Windows\System\MzYYJOX.exe
  2⤵
  PID:12752
- C:\Windows\System\MdMcWvj.exe
  C:\Windows\System\MdMcWvj.exe
  2⤵
  PID:12772
- C:\Windows\System\mFlCtGI.exe
  C:\Windows\System\mFlCtGI.exe
  2⤵
  PID:12800
- C:\Windows\System\UFeOcCc.exe
  C:\Windows\System\UFeOcCc.exe
  2⤵
  PID:12828
- C:\Windows\System\mBNRiPI.exe
  C:\Windows\System\mBNRiPI.exe
  2⤵
  PID:12860
- C:\Windows\System\RNmwlSu.exe
  C:\Windows\System\RNmwlSu.exe
  2⤵
  PID:12888
- C:\Windows\System\WzhPxBB.exe
  C:\Windows\System\WzhPxBB.exe
  2⤵
  PID:12948
- C:\Windows\System\eyQjHEH.exe
  C:\Windows\System\eyQjHEH.exe
  2⤵
  PID:12964
- C:\Windows\System\wtKNkPU.exe
  C:\Windows\System\wtKNkPU.exe
  2⤵
  PID:12980
- C:\Windows\System\MSlHgjQ.exe
  C:\Windows\System\MSlHgjQ.exe
  2⤵
  PID:13004
- C:\Windows\System\sEgkBgB.exe
  C:\Windows\System\sEgkBgB.exe
  2⤵
  PID:13048
- C:\Windows\System\zJRwwDU.exe
  C:\Windows\System\zJRwwDU.exe
  2⤵
  PID:13072
- C:\Windows\System\YzuxzLg.exe
  C:\Windows\System\YzuxzLg.exe
  2⤵
  PID:13104
- C:\Windows\System\CaKZktN.exe
  C:\Windows\System\CaKZktN.exe
  2⤵
  PID:13120
- C:\Windows\System\rvtJRUq.exe
  C:\Windows\System\rvtJRUq.exe
  2⤵
  PID:13148
- C:\Windows\System\fCYOsvv.exe
  C:\Windows\System\fCYOsvv.exe
  2⤵
  PID:13164
- C:\Windows\System\tmmjTEe.exe
  C:\Windows\System\tmmjTEe.exe
  2⤵
  PID:13212
- C:\Windows\System\rMnbEUo.exe
  C:\Windows\System\rMnbEUo.exe
  2⤵
  PID:13240
- C:\Windows\System\iJtieOt.exe
  C:\Windows\System\iJtieOt.exe
  2⤵
  PID:13260
- C:\Windows\System\NrRQkRy.exe
  C:\Windows\System\NrRQkRy.exe
  2⤵
  PID:13288
- C:\Windows\System\DfwWxID.exe
  C:\Windows\System\DfwWxID.exe
  2⤵
  PID:11872
- C:\Windows\System\HuVdHRG.exe
  C:\Windows\System\HuVdHRG.exe
  2⤵
  PID:12296
- C:\Windows\System\zgOmnbu.exe
  C:\Windows\System\zgOmnbu.exe
  2⤵
  PID:12340
- C:\Windows\System\bPVIyLS.exe
  C:\Windows\System\bPVIyLS.exe
  2⤵
  PID:12408
- C:\Windows\System\KWOxVxL.exe
  C:\Windows\System\KWOxVxL.exe
  2⤵
  PID:12432
- C:\Windows\System\ehrMGQh.exe
  C:\Windows\System\ehrMGQh.exe
  2⤵
  PID:12572
- C:\Windows\System\YJWphnm.exe
  C:\Windows\System\YJWphnm.exe
  2⤵
  PID:12492
- C:\Windows\System\ALIQNSE.exe
  C:\Windows\System\ALIQNSE.exe
  2⤵
  PID:12648
- C:\Windows\System\RuesCwY.exe
  C:\Windows\System\RuesCwY.exe
  2⤵
  PID:12672
- C:\Windows\System\UEkpjFh.exe
  C:\Windows\System\UEkpjFh.exe
  2⤵
  PID:12780
- C:\Windows\System\aZIFfAq.exe
  C:\Windows\System\aZIFfAq.exe
  2⤵
  PID:12820
- C:\Windows\System\FgXRCgt.exe
  C:\Windows\System\FgXRCgt.exe
  2⤵
  PID:12916
- C:\Windows\System\KYujbjO.exe
  C:\Windows\System\KYujbjO.exe
  2⤵
  PID:13000
- C:\Windows\System\kRjBUyC.exe
  C:\Windows\System\kRjBUyC.exe
  2⤵
  PID:13064
- C:\Windows\System\sDolYWU.exe
  C:\Windows\System\sDolYWU.exe
  2⤵
  PID:13136
- C:\Windows\System\VXzgeCI.exe
  C:\Windows\System\VXzgeCI.exe
  2⤵
  PID:13180
- C:\Windows\System\rfJdDnG.exe
  C:\Windows\System\rfJdDnG.exe
  2⤵
  PID:13256
- C:\Windows\System\aUfjgbw.exe
  C:\Windows\System\aUfjgbw.exe
  2⤵
  PID:11916
- C:\Windows\System\wCPNWRa.exe
  C:\Windows\System\wCPNWRa.exe
  2⤵
  PID:12040
- C:\Windows\System\KJlpHUM.exe
  C:\Windows\System\KJlpHUM.exe
  2⤵
  PID:12452
- C:\Windows\System\rOdpXMM.exe
  C:\Windows\System\rOdpXMM.exe
  2⤵
  PID:12456
- C:\Windows\System\gsveXZk.exe
  C:\Windows\System\gsveXZk.exe
  2⤵
  PID:12700
- C:\Windows\System\coBUieg.exe
  C:\Windows\System\coBUieg.exe
  2⤵
  PID:12848
- C:\Windows\System\MLAZykk.exe
  C:\Windows\System\MLAZykk.exe
  2⤵
  PID:13040
- C:\Windows\System\uLKzlMQ.exe
  C:\Windows\System\uLKzlMQ.exe
  2⤵
  PID:13248
- C:\Windows\System\nKHOMWn.exe
  C:\Windows\System\nKHOMWn.exe
  2⤵
  PID:13296
- C:\Windows\System\dinwRKK.exe
  C:\Windows\System\dinwRKK.exe
  2⤵
  PID:12788
- C:\Windows\System\WQUcOAC.exe
  C:\Windows\System\WQUcOAC.exe
  2⤵
  PID:12632
- C:\Windows\System\LnQbZJy.exe
  C:\Windows\System\LnQbZJy.exe
  2⤵
  PID:13304
- C:\Windows\System\qtqVsnY.exe
  C:\Windows\System\qtqVsnY.exe
  2⤵
  PID:3028
- C:\Windows\System\ybejMSl.exe
  C:\Windows\System\ybejMSl.exe
  2⤵
  PID:12400
- C:\Windows\System\vfxlHHl.exe
  C:\Windows\System\vfxlHHl.exe
  2⤵
  PID:12676
- C:\Windows\System\EUCVnzl.exe
  C:\Windows\System\EUCVnzl.exe
  2⤵
  PID:2748
- C:\Windows\System\tbDAsjn.exe
  C:\Windows\System\tbDAsjn.exe
  2⤵
  PID:13356
- C:\Windows\System\KbCPmCX.exe
  C:\Windows\System\KbCPmCX.exe
  2⤵
  PID:13376
- C:\Windows\System\ujPODUy.exe
  C:\Windows\System\ujPODUy.exe
  2⤵
  PID:13400
- C:\Windows\System\ueGGBIX.exe
  C:\Windows\System\ueGGBIX.exe
  2⤵
  PID:13416
- C:\Windows\System\wPWeopI.exe
  C:\Windows\System\wPWeopI.exe
  2⤵
  PID:13440
- C:\Windows\System\mYByNLm.exe
  C:\Windows\System\mYByNLm.exe
  2⤵
  PID:13476
- C:\Windows\System\JRbzjlS.exe
  C:\Windows\System\JRbzjlS.exe
  2⤵
  PID:13504
- C:\Windows\System\gfYGIxj.exe
  C:\Windows\System\gfYGIxj.exe
  2⤵
  PID:13528
- C:\Windows\System\aTxGfQh.exe
  C:\Windows\System\aTxGfQh.exe
  2⤵
  PID:13548
- C:\Windows\System\ngeHGdU.exe
  C:\Windows\System\ngeHGdU.exe
  2⤵
  PID:13608
- C:\Windows\System\tqRGpwN.exe
  C:\Windows\System\tqRGpwN.exe
  2⤵
  PID:13628
- C:\Windows\System\DQODluG.exe
  C:\Windows\System\DQODluG.exe
  2⤵
  PID:13656
- C:\Windows\System\epPMTAp.exe
  C:\Windows\System\epPMTAp.exe
  2⤵
  PID:13684
- C:\Windows\System\fGUdyGp.exe
  C:\Windows\System\fGUdyGp.exe
  2⤵
  PID:13720
- C:\Windows\System\TQDAkGr.exe
  C:\Windows\System\TQDAkGr.exe
  2⤵
  PID:13736
- C:\Windows\System\DSkuVvW.exe
  C:\Windows\System\DSkuVvW.exe
  2⤵
  PID:13768
- C:\Windows\System\jNIukba.exe
  C:\Windows\System\jNIukba.exe
  2⤵
  PID:13800
- C:\Windows\System\gdtxecs.exe
  C:\Windows\System\gdtxecs.exe
  2⤵
  PID:13824
- C:\Windows\System\kNraDEr.exe
  C:\Windows\System\kNraDEr.exe
  2⤵
  PID:13856
- C:\Windows\System\fZhWkVS.exe
  C:\Windows\System\fZhWkVS.exe
  2⤵
  PID:13876
- C:\Windows\System\aqboGaz.exe
  C:\Windows\System\aqboGaz.exe
  2⤵
  PID:13896
- C:\Windows\System\yctyvrv.exe
  C:\Windows\System\yctyvrv.exe
  2⤵
  PID:13924
- C:\Windows\System\hJWJgqi.exe
  C:\Windows\System\hJWJgqi.exe
  2⤵
  PID:13972
- C:\Windows\System\TkswhHq.exe
  C:\Windows\System\TkswhHq.exe
  2⤵
  PID:13992
- C:\Windows\System\iWYbStX.exe
  C:\Windows\System\iWYbStX.exe
  2⤵
  PID:14016
- C:\Windows\System\qOqKIYY.exe
  C:\Windows\System\qOqKIYY.exe
  2⤵
  PID:14044
- C:\Windows\System\WGUfiXi.exe
  C:\Windows\System\WGUfiXi.exe
  2⤵
  PID:14072
- C:\Windows\System\etiyFtO.exe
  C:\Windows\System\etiyFtO.exe
  2⤵
  PID:14112
- C:\Windows\System\HArnwrA.exe
  C:\Windows\System\HArnwrA.exe
  2⤵
  PID:14132
- C:\Windows\System\CZSvDAp.exe
  C:\Windows\System\CZSvDAp.exe
  2⤵
  PID:14156
- C:\Windows\System\vGbrAGl.exe
  C:\Windows\System\vGbrAGl.exe
  2⤵
  PID:14172
- C:\Windows\System\GVturYL.exe
  C:\Windows\System\GVturYL.exe
  2⤵
  PID:14204
- C:\Windows\System\CckMIyX.exe
  C:\Windows\System\CckMIyX.exe
  2⤵
  PID:14236
- C:\Windows\System\gbobACz.exe
  C:\Windows\System\gbobACz.exe
  2⤵
  PID:14256
- C:\Windows\System\CpBNEtP.exe
  C:\Windows\System\CpBNEtP.exe
  2⤵
  PID:14280
- C:\Windows\System\SfSayyG.exe
  C:\Windows\System\SfSayyG.exe
  2⤵
  PID:14300
- C:\Windows\System\HzwlnYc.exe
  C:\Windows\System\HzwlnYc.exe
  2⤵
  PID:13368
- C:\Windows\System\BFpNzMH.exe
  C:\Windows\System\BFpNzMH.exe
  2⤵
  PID:13384
- C:\Windows\System\YpGCuVQ.exe
  C:\Windows\System\YpGCuVQ.exe
  2⤵
  PID:13436
- C:\Windows\System\afRxeGL.exe
  C:\Windows\System\afRxeGL.exe
  2⤵
  PID:13584
- C:\Windows\System\LjdVkPF.exe
  C:\Windows\System\LjdVkPF.exe
  2⤵
  PID:13620
- C:\Windows\System\pOQCCgL.exe
  C:\Windows\System\pOQCCgL.exe
  2⤵
  PID:13648
- C:\Windows\System\cySoEFY.exe
  C:\Windows\System\cySoEFY.exe
  2⤵
  PID:13712
- C:\Windows\System\jwZVOma.exe
  C:\Windows\System\jwZVOma.exe
  2⤵
  PID:13780
- C:\Windows\System\JsrtxDq.exe
  C:\Windows\System\JsrtxDq.exe
  2⤵
  PID:13868

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:8256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CdedzJY.exe

Filesize
1.9MB

MD5
da773b9565b5bb1941df65c8d96a9180

SHA1
9ffc8681ab2b1f37479a4725b93ed9800199a1f3

SHA256
26f1c271a734de65b4b48cf70002de52fa52a2e3db4d8121e4d2ac32917ede2e

SHA512
69181a17f37765da11fac43a9440545b6dbd88418eb8bafb8b35a190c31d8c5bb74354c8dd6aa2a6db36ec28869f45a2bde5b6d4b7e0e9cb3ca12b29f813cafc

Download Submit
C:\Windows\System\GrAYraw.exe

Filesize
1.9MB

MD5
d1609cd0095c37d641e8368108d285f2

SHA1
e8d45aea14fe1d5d8caa034b4dce6b118d9087f5

SHA256
6ac1bf5b18ce5f9f9fc21b9c3d326139df988dfc50758cf9cc439da0a7066a04

SHA512
0cbffc2826ea5ca3d5d5d01c1a98ddfbd4ee9e1398f9e9cf40173c5190ba87248a8efcaa4facf6d069cbf44b885c0644b3a0d642535bc0940822decd27741ca1

Download Submit
C:\Windows\System\HgXZxVm.exe

Filesize
1.9MB

MD5
a4c1e2c70544bc8de2b43e1967231c76

SHA1
d3d63a46ba6933a10d18851de284741e5d06529b

SHA256
7e11b1b190483a9223509a901c832c4152c6fdd4095e4ad27294bd93bee4d874

SHA512
7a0574bee51196ade607d36649eb169dacb1cc82f18f32bba3f7b09e493107cea7056908d28d8fcface8093755449fded141e0913e26f4fb46bbc9d1a64a75e8

Download Submit
C:\Windows\System\HkUrtEH.exe

Filesize
1.9MB

MD5
60343862839a689923f8620f6a7f336c

SHA1
acb34f080a1c974cd49bec04d486ca0c4827f400

SHA256
ad9248bdb83a0fb3942b88cee349dbe6f9609ba35b1fc8dce985771fad6cb4e7

SHA512
f8b99cbec8aff7572e8e30cd1d73a2e5a342359b5e12b632a248aa03f9a5192914ca808d6cb0965cc061c865aabecd0660949518928328d7d3f6b01c1862ff64

Download Submit
C:\Windows\System\ILULfpp.exe

Filesize
1.9MB

MD5
8723b7536389ce651329fc8125c30c1e

SHA1
463d9adbf721196712e96dc47fee7a4963264f8c

SHA256
f9e536129854fabbcc99aa5f4d004b7b2d7407f080fd6a47552ada095c7a3134

SHA512
26e936e22740fa677bbd196296a584a60dc77fc0c146e364b0cdd0c942938e60853eac6e83ec08fa11ffb0fb160d43283d873199a758c5d5825952d73a906967

Download Submit
C:\Windows\System\IYpQJTe.exe

Filesize
1.9MB

MD5
f796a19da0e2eb56c334be4c077de1c2

SHA1
48dcb74446d2553e3095c4d728367160eb88193a

SHA256
3ede40cea681ee530e1f3b5275c09e7945824743397e61e2f5c711b7b7388a06

SHA512
393594b5af8458c05c8eb5338efead697553a9eab2fe6841446796a8424e4af8c8318e822d791b45e0ef3935b407eee86793ff98a96271bd57ddb0f2cce516c8

Download Submit
C:\Windows\System\ImCmohm.exe

Filesize
1.9MB

MD5
6afe6c6bf28612b7bc8f49a279c2185a

SHA1
5224b574def37ca1501450b6055da3ecd9660b9f

SHA256
41156bdf85de666616c593447f93492deced7d129dd26cf3baf56f0d26598d5d

SHA512
4b638c94f23fee283369f6eb703194c73e28c28ffa9f9e6934ff738ed97acc384798620d440b098bcdf84d2a0695468da9582e96f0e4f3531d2812875689ed24

Download Submit
C:\Windows\System\JumNVjM.exe

Filesize
1.9MB

MD5
f38f6fc00e5dc45011cdeebb6e6d12b9

SHA1
01e1fb073ad0fd7b64bc2af2c03c59de6f77cc53

SHA256
8895a984ca53309a5765a0029c59fb5a254c7c1899895adcd3c53b154a35e37f

SHA512
bc4291e98093a7ce55a4574a15e4eed10fad27b4a9f927bb508cb506965f23f612d2d20b270be8c1baf7ff3630cf2eb78be0d6d64b08704c5f64b8bb9fb1297d

Download Submit
C:\Windows\System\LaIHyjD.exe

Filesize
1.9MB

MD5
d5dff64def8cfe3dbfb512af56f56290

SHA1
35cf98c67544318243142e89674af2e5ed7c3444

SHA256
e8ffefa6031f79081634bf3700fc9a6599fef1ea6062fe1a4c4ab30a5a496b56

SHA512
8825b67d4eb3ee356f83e938f552c9bcf7cba43387086e20187ab2de3f6a18d079de6d8ccb5016a109465b47d15e3d4533ab8df9a838b6bdb8026cde1783a70b

Download Submit
C:\Windows\System\MjIvOtR.exe

Filesize
1.9MB

MD5
db3a006536a967377a6672d88b1c9396

SHA1
b9aac16a39c46a0272103586c72f62ba87332ec3

SHA256
80ac00478e67faaa2ebe90d980d20ee6f6187795826ab982ddbc60e893f43a3a

SHA512
b906644e149f5e2bee43adea96e2583f1e5bb3db5e1a1eb22155c426b17e20a76a81bd0ff78d9b49437ad2662e86b310847b64ab7535027696a1de5a643824c9

Download Submit
C:\Windows\System\QWPqrgM.exe

Filesize
1.9MB

MD5
c3542be406cbad7d2fe7252f605f5913

SHA1
391e09c86dc182db94cc38ee6182dc44ca6f585b

SHA256
54c399e59b04874128d98a5196bb5c70cc6122b016cb75aff5c39fa8f3dd8dd4

SHA512
e8287378f025ba8d0ba4b6d5986a220b438a9e600832a9afcfe90fee16826b17747ca7e89e49c3ada527e872538a622d4ba047cea9ea1fe2552f929760e75ff6

Download Submit
C:\Windows\System\QmlQBQo.exe

Filesize
1.9MB

MD5
693ce97e8ca43c06f76b53fb5732ce8a

SHA1
e2ab1af506615cfd0f4f39503c61a4efdeb3432a

SHA256
e95cccb0c3572f0d0f2980635178028ece14127f2fc1ffe24c30bef315745d99

SHA512
eb095c9ae6345e2205aa3a02a1925a0c39379cf12738b31469fbe6d848050815a22e00c5d97019d390decc1529b823aac56cfa343976d301c2d51bf080db7a27

Download Submit
C:\Windows\System\RSmugnH.exe

Filesize
1.9MB

MD5
7c902a08b946dbdbe09b6f560f284d01

SHA1
2166eeb2536e71830b71b5e074a5cd230c11c173

SHA256
af12261807d40bf85affc35001c0474d3db551afe05f566e6571e93707ae8b8c

SHA512
8d1df6a991ba0d763409edebe594834a4b871616e2654988a796860da375f268feacd1e18804fb8eb7b3ca34e494499bbccb05d7b291b2fb0a32df0dd6a8f6d8

Download Submit
C:\Windows\System\SJkdOFR.exe

Filesize
1.9MB

MD5
98d85c13bd54d1e7d481c901e40fad22

SHA1
42fb3ef02b2d451784bcb408fe1bbafa86454b22

SHA256
1d38e3685cea10d9bf4ab13ca7916d8e29f87f223261178e5dbe8212d2af12ac

SHA512
053a1e79a99f3f499125869550eed756096050aabde250e90859028f6e85c564ee542948171225a73597af53c1afdc8b924b47d71bb2580a748ab8393fc8b5e0

Download Submit
C:\Windows\System\SzXfZxl.exe

Filesize
1.9MB

MD5
08a9228eb2110f82e8552cdee0bf8199

SHA1
7cb351f29db34299f39cbe008e181552cde1c987

SHA256
80570f3cc13b6160f8b6c7cb01b0f319f5b5bd47dd61a7da51f91c99ce55f627

SHA512
8cdf58d16bc5a1a958a112b78c85f67faa308fea80d4f9e281db5a7165fcfbb53593f79da88ae37725ad8c843dd415ab504310f96afceb27dacd36662e1a6277

Download Submit
C:\Windows\System\WAuWjcS.exe

Filesize
1.9MB

MD5
eda312895b4ffe51e7e176ca14d4536c

SHA1
69174dfcfced9ddb492724a9c70e4ee4e0240c52

SHA256
37ef70193289d6e265243b8c9fd37df957bac0adc04179415ee7ec95f2a54b83

SHA512
9cd6df642d337e413a9cbc8602b4e2cbae7d8d7290a0b327213172ff9f91462cacc381e83ea4c62b12d2e3d5339a78ebb1d027bad40581fff0bb37620ee6f9a3

Download Submit
C:\Windows\System\XSkpuQO.exe

Filesize
1.9MB

MD5
2c8d0be1f4681dc0f57409f661484868

SHA1
00ef39b8611a095461c053e0cee551c498d2db46

SHA256
572f49a5a1890906ba902fe950f47937572ec88c5cc451b9abedce4c13711a5e

SHA512
a3792bd0162f1559afcbf180f51ae8aa6c138604f64732cbc697a888fac1ba3d64afa7ef88c36024220df1a980e88ee8c9860015c6c67a57f3f45cd36849387c

Download Submit
C:\Windows\System\adblzbl.exe

Filesize
1.9MB

MD5
1a3ecebef93554c63cfd4bebe8ff3bf6

SHA1
00fe2e2dea716dd71656163b1f1914ef894c7dd0

SHA256
3319b92f870b8a039ee1ec188014064b59eb92a06239ae7db8f84473eccc6883

SHA512
a809bf8bcfd6f2c212e321828355a960a9e6ed2b4183f19421213acf62b637610371b032fa98fdf259442801b10e04e00f864948dfa6f034308a1cd27d39f4c8

Download Submit
C:\Windows\System\biXTGJs.exe

Filesize
1.9MB

MD5
e908da593d349e3482f4198d09d60a09

SHA1
de42d0769066ae686a39dc6a45f1f03b595f869f

SHA256
4e8cadaefae721195d9f3118604ffda90726c5ac3d602fa4de9321cf8737566e

SHA512
36345b01298fa4f407be0c091aa1bb600c138c05379d9ca0a718f29750fdf4c0ac8e230803a0b2a4828433b1c075f954783eecdc55ed8f370620435846d1d2ab

Download Submit
C:\Windows\System\fNhPjwD.exe

Filesize
1.9MB

MD5
4913b184ae8725e7f31ba6654e58979d

SHA1
45dc331555ca50f0ab41bbd81d75e05eed84407f

SHA256
347a1de1a627cb732ece32ada031ab5bab9bd07be1dbef8e6b37fd12e13959df

SHA512
017d5508596d3e4b8826667380de5e3000098d5725bb95c693db612ad19f2be2624b99699314d001866ddd5fdee7edf6584ac920d4a42465503ce008f212d7d5

Download Submit
C:\Windows\System\gLqiVPi.exe

Filesize
1.9MB

MD5
581c2d2136de46f67e37633eb10b73e5

SHA1
ab6bc5584520ba58aa877964dc2f615d12753b7f

SHA256
068465fb47065e7339d4f6deea8af7782963100d442eac5854304f7f2b33e001

SHA512
147aa44b20c27a981d9f8305690f4a82f1db87163a9d2cf5f8b9e9b9c8a33c3dacf56e92a7f54fa2b7022a363684e7059ea86db07428117b9afc21965b9ffa06

Download Submit
C:\Windows\System\jYmtDyv.exe

Filesize
1.9MB

MD5
7a058798eb3ca87b8647797427638510

SHA1
38b5a985a123ef6d5d2bb30ec8610d1d0b48f44f

SHA256
9731a1b274b36f1990bfcd32f8e6ccf34db684686f03d43e1695ce4c01f11017

SHA512
387640a212eec21320296fbe38f8ef5c245b47cc9b8188333bb3b5fd91750cdde00a41bbbd562053e3211e77c33c8a4e3637e3e0ddfc10eb8fdd99aebcdaf442

Download Submit
C:\Windows\System\lHSNhPh.exe

Filesize
1.9MB

MD5
6eb9a9a6714db52c0167affe11723dd9

SHA1
36611fac52ce2fe34b1cf61db65f281cd13331f4

SHA256
5aea543eb08da90303fc865e0bd5f213b0f2934291b7c3bd405c3e217dc3ea3e

SHA512
26a7ba1641d18a4bd921014f8450c25d743a7ee0045617f02c4c15b7ab405ada4b414ff5ba666f0ab03ea8442c8f5e26b0e20004bfbfc86c658fedd38d2e96d7

Download Submit
C:\Windows\System\mAJcwou.exe

Filesize
1.9MB

MD5
cb921cffff00c72b3ad7a91e01b36e29

SHA1
e2b6e4bc29fa0db7e596c2f65c15719513774d66

SHA256
3edef6aca1849d8d8ff63bbe473dd204762e01e200c8fdddda0f2424157516c2

SHA512
aab6f57360d0bb4f0f90d20d81f562e3537eeca718b8794ae87694f5bf14d28078e59852c31fde6e8706fe32f7afb062b67d7c7d435bb908c0411a1469297abb

Download Submit
C:\Windows\System\muvkRMF.exe

Filesize
1.9MB

MD5
be30af5b59fd04a347a6dfa7cfb9fb6b

SHA1
4da2d594681e2b91823ffaa89de388907b2b5998

SHA256
5aeee3c5e18b70117fb5ba73503a4b95644a1bd6e8460cd200bf51cd48b6c568

SHA512
500db8af99bb69831ab31554b41af4dc5f38e98eadf42d1e8c60e76fcae5d1b4e7a6599aeb8b6a2302da46b54eec75da5f07aa23efbcf2877d6c9646677caa83

Download Submit
C:\Windows\System\prinrUF.exe

Filesize
1.9MB

MD5
a7b5a25e7cbbdc89118498726d6929d8

SHA1
d4f0e713d7031ac37bab19f102aa6edbc266b2c6

SHA256
714d937a75bb1030a16d645a5f63e8ad17aa28c23bbfe140b850fe5fb123e685

SHA512
635c36b1931a969ef706f8dbb655d1f803a6c8a5c95a22c1cc144a6680bc8c3a01851f6f7774fbf139dd79442f4e3d48d36dda8852b58a3a228ed3a661b44786

Download Submit
C:\Windows\System\qsyWkcw.exe

Filesize
1.9MB

MD5
a40cb5ff8dd2ed76bdbff4bfdae3d96a

SHA1
dbad57c050c87d817aebd0dba94cd26c325bc298

SHA256
7079a8e6b3754d03d93af71b611065083787ead282466a2a67b4d8b1d95ef79e

SHA512
937a33afae9ec9bba85373416a9b8f87d6b7a276cab0fc6363e423cbff869ade2be9b765891277e1fdaefec673b386daabbe3c13ec27cad06687ca6ccdbfbe73

Download Submit
C:\Windows\System\quvPYmq.exe

Filesize
1.9MB

MD5
201ced2f2c5bbd727a09ee3836705e94

SHA1
6d3019408d49af3b155663fe1c34a67111088ada

SHA256
e76d18915a4e3be59dca22e34e9146417401122bdeec7601f39c9c289888c833

SHA512
4d21431d5d8a9394e524bcef6f095951008235f31ee76733d3693d61f576b67fe634a6e7867d2b1125e8dadb77a02ff57ccad09d960ece38c7dba487210906b5

Download Submit
C:\Windows\System\tUNCzkM.exe

Filesize
1.9MB

MD5
e274ebe08e3a3fc8339cbd8c5d2ca911

SHA1
a31ed4ce4d1a001fee6b0f8a2e4c0f9349b4f67a

SHA256
74059db1ee85aa9892d6f1c3f2f8a8bd71f5baac9c3b21df51035b3507cd9c49

SHA512
405155f3d0b749b83001476c3049fe462bae69460b74db3e89f6974033db7ca8c9089fae9015168f280892a64539d2fbe757eec95d974ee7320a41d8151a7427

Download Submit
C:\Windows\System\udoyhnX.exe

Filesize
1.9MB

MD5
cf8a713c9a8404d159a77d884a24f754

SHA1
7d76903d1cb23e25857a9a4fb173d623c9f2992e

SHA256
e3cd9a18e34335b3cc41fa201afb207cb2ce1e4e1829c6ce1ade3833f2b6e6e1

SHA512
8ffc7b46e0ece4a2ba328cc41e1cffae0abd1ecd963b94e4bbf5b51c8bb22aaad26b13c024906eed286457263b899eb46c83049c8aa4b585e6f5d78ca846338c

Download Submit
C:\Windows\System\umVDbCU.exe

Filesize
1.9MB

MD5
8088c8c4ca0b429826be345d1f177e22

SHA1
8dde274e62582ec1938c5cb37deae0a42951d672

SHA256
623b9060eeaacd6767fb9a2aca3678b55cf38e0fa22c49abf15e5dbe0ca9b047

SHA512
7b0fb97052f9c6454336768965dcce87104c9ca0cee666ab9df172ce9ed84f8923c6171ac0ceb474253d36b4dc7b9be2a09549dc0c62785b4e3242657a8b8174

Download Submit
C:\Windows\System\vjLFPTY.exe

Filesize
1.9MB

MD5
a0726ab600df8bac5905a34254838e29

SHA1
efe604b851c30e0d020bf7af55f269a1c0f28b57

SHA256
9bc7013bc6c0430e30c01a2291c4d2865d0b9507362bed23cacfec18e5ba1b83

SHA512
7afbe3a71f26fbe42501b43e44bc078529bff6b62f952f12c8831fd9d6eea96fd5301e797391034cff9340083ae6e1df8cc21343c26fd0fa6f999795289f8bd1

Download Submit
C:\Windows\System\yzGPgxu.exe

Filesize
1.9MB

MD5
4590a94e7d574992cca2a59e291fdc55

SHA1
02c41f9f985299b5ade6fe93ab89204f3df8fb51

SHA256
2b5a10cef6a15201ea589b690420cd219658df231f72b9019681c17601340a6f

SHA512
5b9e0dff8e6abcba452a142949438655661eb7e7669b40dd44782efdba2190ee01eaae5693fbd3d61d8e07ad8c0afcdd5aa6efbbd2af0128cfda3eda8a1d4c75

Download Submit
memory/60-2311-0x00007FF61B970000-0x00007FF61BCC1000-memory.dmp

Filesize
3.3MB

Download
memory/60-557-0x00007FF61B970000-0x00007FF61BCC1000-memory.dmp

Filesize
3.3MB

Download
memory/436-2279-0x00007FF65AEC0000-0x00007FF65B211000-memory.dmp

Filesize
3.3MB

Download
memory/436-496-0x00007FF65AEC0000-0x00007FF65B211000-memory.dmp

Filesize
3.3MB

Download
memory/704-558-0x00007FF7A65D0000-0x00007FF7A6921000-memory.dmp

Filesize
3.3MB

Download
memory/704-2308-0x00007FF7A65D0000-0x00007FF7A6921000-memory.dmp

Filesize
3.3MB

Download
memory/760-524-0x00007FF7D5410000-0x00007FF7D5761000-memory.dmp

Filesize
3.3MB

Download
memory/760-2291-0x00007FF7D5410000-0x00007FF7D5761000-memory.dmp

Filesize
3.3MB

Download
memory/920-2305-0x00007FF698D10000-0x00007FF699061000-memory.dmp

Filesize
3.3MB

Download
memory/920-559-0x00007FF698D10000-0x00007FF699061000-memory.dmp

Filesize
3.3MB

Download
memory/1036-468-0x00007FF6D9890000-0x00007FF6D9BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2261-0x00007FF6D9890000-0x00007FF6D9BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1044-537-0x00007FF7FEDD0000-0x00007FF7FF121000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2287-0x00007FF7FEDD0000-0x00007FF7FF121000-memory.dmp

Filesize
3.3MB

Download
memory/1144-2259-0x00007FF618280000-0x00007FF6185D1000-memory.dmp

Filesize
3.3MB

Download
memory/1144-471-0x00007FF618280000-0x00007FF6185D1000-memory.dmp

Filesize
3.3MB

Download
memory/1196-2285-0x00007FF7842D0000-0x00007FF784621000-memory.dmp

Filesize
3.3MB

Download
memory/1196-540-0x00007FF7842D0000-0x00007FF784621000-memory.dmp

Filesize
3.3MB

Download
memory/1244-560-0x00007FF7405B0000-0x00007FF740901000-memory.dmp

Filesize
3.3MB

Download
memory/1244-2303-0x00007FF7405B0000-0x00007FF740901000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2275-0x00007FF72A250000-0x00007FF72A5A1000-memory.dmp

Filesize
3.3MB

Download
memory/1252-543-0x00007FF72A250000-0x00007FF72A5A1000-memory.dmp

Filesize
3.3MB

Download
memory/1392-17-0x00007FF739540000-0x00007FF739891000-memory.dmp

Filesize
3.3MB

Download
memory/1392-2254-0x00007FF739540000-0x00007FF739891000-memory.dmp

Filesize
3.3MB

Download
memory/1444-2256-0x00007FF762530000-0x00007FF762881000-memory.dmp

Filesize
3.3MB

Download
memory/1444-25-0x00007FF762530000-0x00007FF762881000-memory.dmp

Filesize
3.3MB

Download
memory/1444-2244-0x00007FF762530000-0x00007FF762881000-memory.dmp

Filesize
3.3MB

Download
memory/1476-2211-0x00007FF748B30000-0x00007FF748E81000-memory.dmp

Filesize
3.3MB

Download
memory/1476-10-0x00007FF748B30000-0x00007FF748E81000-memory.dmp

Filesize
3.3MB

Download
memory/1476-2250-0x00007FF748B30000-0x00007FF748E81000-memory.dmp

Filesize
3.3MB

Download
memory/1520-2302-0x00007FF76CE30000-0x00007FF76D181000-memory.dmp

Filesize
3.3MB

Download
memory/1520-553-0x00007FF76CE30000-0x00007FF76D181000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2263-0x00007FF7E0C50000-0x00007FF7E0FA1000-memory.dmp

Filesize
3.3MB

Download
memory/1652-467-0x00007FF7E0C50000-0x00007FF7E0FA1000-memory.dmp

Filesize
3.3MB

Download
memory/2420-514-0x00007FF676230000-0x00007FF676581000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2297-0x00007FF676230000-0x00007FF676581000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2293-0x00007FF69AAF0000-0x00007FF69AE41000-memory.dmp

Filesize
3.3MB

Download
memory/2704-523-0x00007FF69AAF0000-0x00007FF69AE41000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2268-0x00007FF602410000-0x00007FF602761000-memory.dmp

Filesize
3.3MB

Download
memory/2736-476-0x00007FF602410000-0x00007FF602761000-memory.dmp

Filesize
3.3MB

Download
memory/2876-2281-0x00007FF694CE0000-0x00007FF695031000-memory.dmp

Filesize
3.3MB

Download
memory/2876-561-0x00007FF694CE0000-0x00007FF695031000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2272-0x00007FF7A98B0000-0x00007FF7A9C01000-memory.dmp

Filesize
3.3MB

Download
memory/3168-487-0x00007FF7A98B0000-0x00007FF7A9C01000-memory.dmp

Filesize
3.3MB

Download
memory/3536-562-0x00007FF6F6F00000-0x00007FF6F7251000-memory.dmp

Filesize
3.3MB

Download
memory/3536-2265-0x00007FF6F6F00000-0x00007FF6F7251000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2277-0x00007FF7F0B10000-0x00007FF7F0E61000-memory.dmp

Filesize
3.3MB

Download
memory/3756-504-0x00007FF7F0B10000-0x00007FF7F0E61000-memory.dmp

Filesize
3.3MB

Download
memory/3892-466-0x00007FF70CE80000-0x00007FF70D1D1000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2252-0x00007FF70CE80000-0x00007FF70D1D1000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2294-0x00007FF7249D0000-0x00007FF724D21000-memory.dmp

Filesize
3.3MB

Download
memory/4264-520-0x00007FF7249D0000-0x00007FF724D21000-memory.dmp

Filesize
3.3MB

Download
memory/4544-473-0x00007FF668D90000-0x00007FF6690E1000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2266-0x00007FF668D90000-0x00007FF6690E1000-memory.dmp

Filesize
3.3MB

Download
memory/4556-0-0x00007FF6E1210000-0x00007FF6E1561000-memory.dmp

Filesize
3.3MB

Download
memory/4556-1-0x000001CCA8710000-0x000001CCA8720000-memory.dmp

Filesize
64KB

Download
memory/4572-481-0x00007FF743C80000-0x00007FF743FD1000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2270-0x00007FF743C80000-0x00007FF743FD1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2289-0x00007FF7D1380000-0x00007FF7D16D1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-535-0x00007FF7D1380000-0x00007FF7D16D1000-memory.dmp

Filesize
3.3MB

Download
memory/4768-2298-0x00007FF642410000-0x00007FF642761000-memory.dmp

Filesize
3.3MB

Download
memory/4768-506-0x00007FF642410000-0x00007FF642761000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads