xmrig | 2f6f5f11cb563219c3212bd5e6cf2e75ba93a04c8defb9f2aaceeba966f3b36e

Analysis

max time kernel
114s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78dfbd69725461172d7bc6e46a01de40N.exe
Size

1.3MB
MD5

78dfbd69725461172d7bc6e46a01de40
SHA1

32eeb15dba9d3bf2fa1766d459729288612295eb
SHA256

2f6f5f11cb563219c3212bd5e6cf2e75ba93a04c8defb9f2aaceeba966f3b36e
SHA512

711a0eb8fc7a2ed908a51731521857f83e00f1c5a51d7f9fb85307f32cc6c7ea649680dda543277759ead370cb00125c4d34e87a5c349b02cf1f89398832bc21
SSDEEP

24576:RVIl/WDGCi7/qkat6Q5aILMCfmARMeXHZalNvyOkSFHt8x/fN5v:ROdWCCi7/raZ5aIwC+Aj4kVd5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 56 IoCs

miner

resource	yara_rule
behavioral2/memory/344-462-0x00007FF776F70000-0x00007FF7772C1000-memory.dmp	xmrig
behavioral2/memory/3752-463-0x00007FF69D990000-0x00007FF69DCE1000-memory.dmp	xmrig
behavioral2/memory/2784-464-0x00007FF6DADE0000-0x00007FF6DB131000-memory.dmp	xmrig
behavioral2/memory/4540-467-0x00007FF787390000-0x00007FF7876E1000-memory.dmp	xmrig
behavioral2/memory/1356-470-0x00007FF79EC40000-0x00007FF79EF91000-memory.dmp	xmrig
behavioral2/memory/3040-487-0x00007FF6CDCA0000-0x00007FF6CDFF1000-memory.dmp	xmrig
behavioral2/memory/4832-475-0x00007FF73B2D0000-0x00007FF73B621000-memory.dmp	xmrig
behavioral2/memory/3852-472-0x00007FF715720000-0x00007FF715A71000-memory.dmp	xmrig
behavioral2/memory/872-56-0x00007FF6FC120000-0x00007FF6FC471000-memory.dmp	xmrig
behavioral2/memory/4500-55-0x00007FF7A44C0000-0x00007FF7A4811000-memory.dmp	xmrig
behavioral2/memory/4512-53-0x00007FF7F8E70000-0x00007FF7F91C1000-memory.dmp	xmrig
behavioral2/memory/3684-494-0x00007FF79DA90000-0x00007FF79DDE1000-memory.dmp	xmrig
behavioral2/memory/4420-499-0x00007FF7015A0000-0x00007FF7018F1000-memory.dmp	xmrig
behavioral2/memory/1628-518-0x00007FF757AA0000-0x00007FF757DF1000-memory.dmp	xmrig
behavioral2/memory/2520-528-0x00007FF711EB0000-0x00007FF712201000-memory.dmp	xmrig
behavioral2/memory/1468-511-0x00007FF6E8540000-0x00007FF6E8891000-memory.dmp	xmrig
behavioral2/memory/1732-510-0x00007FF6C28C0000-0x00007FF6C2C11000-memory.dmp	xmrig
behavioral2/memory/2264-507-0x00007FF62D7B0000-0x00007FF62DB01000-memory.dmp	xmrig
behavioral2/memory/4904-493-0x00007FF7BE8B0000-0x00007FF7BEC01000-memory.dmp	xmrig
behavioral2/memory/436-1389-0x00007FF609440000-0x00007FF609791000-memory.dmp	xmrig
behavioral2/memory/2036-2178-0x00007FF6689F0000-0x00007FF668D41000-memory.dmp	xmrig
behavioral2/memory/4868-2199-0x00007FF6C98D0000-0x00007FF6C9C21000-memory.dmp	xmrig
behavioral2/memory/692-2200-0x00007FF718900000-0x00007FF718C51000-memory.dmp	xmrig
behavioral2/memory/3488-2201-0x00007FF7E9A40000-0x00007FF7E9D91000-memory.dmp	xmrig
behavioral2/memory/1620-2224-0x00007FF7EBC50000-0x00007FF7EBFA1000-memory.dmp	xmrig
behavioral2/memory/4044-2235-0x00007FF67E010000-0x00007FF67E361000-memory.dmp	xmrig
behavioral2/memory/3540-2238-0x00007FF6727E0000-0x00007FF672B31000-memory.dmp	xmrig
behavioral2/memory/3756-2270-0x00007FF76F270000-0x00007FF76F5C1000-memory.dmp	xmrig
behavioral2/memory/3840-2264-0x00007FF675000000-0x00007FF675351000-memory.dmp	xmrig
behavioral2/memory/2036-2276-0x00007FF6689F0000-0x00007FF668D41000-memory.dmp	xmrig
behavioral2/memory/4500-2284-0x00007FF7A44C0000-0x00007FF7A4811000-memory.dmp	xmrig
behavioral2/memory/4868-2282-0x00007FF6C98D0000-0x00007FF6C9C21000-memory.dmp	xmrig
behavioral2/memory/872-2286-0x00007FF6FC120000-0x00007FF6FC471000-memory.dmp	xmrig
behavioral2/memory/692-2288-0x00007FF718900000-0x00007FF718C51000-memory.dmp	xmrig
behavioral2/memory/4512-2280-0x00007FF7F8E70000-0x00007FF7F91C1000-memory.dmp	xmrig
behavioral2/memory/1540-2278-0x00007FF6B0D90000-0x00007FF6B10E1000-memory.dmp	xmrig
behavioral2/memory/2784-2292-0x00007FF6DADE0000-0x00007FF6DB131000-memory.dmp	xmrig
behavioral2/memory/3488-2298-0x00007FF7E9A40000-0x00007FF7E9D91000-memory.dmp	xmrig
behavioral2/memory/4044-2328-0x00007FF67E010000-0x00007FF67E361000-memory.dmp	xmrig
behavioral2/memory/1468-2326-0x00007FF6E8540000-0x00007FF6E8891000-memory.dmp	xmrig
behavioral2/memory/1732-2324-0x00007FF6C28C0000-0x00007FF6C2C11000-memory.dmp	xmrig
behavioral2/memory/2520-2322-0x00007FF711EB0000-0x00007FF712201000-memory.dmp	xmrig
behavioral2/memory/2264-2318-0x00007FF62D7B0000-0x00007FF62DB01000-memory.dmp	xmrig
behavioral2/memory/3684-2316-0x00007FF79DA90000-0x00007FF79DDE1000-memory.dmp	xmrig
behavioral2/memory/3852-2315-0x00007FF715720000-0x00007FF715A71000-memory.dmp	xmrig
behavioral2/memory/4420-2312-0x00007FF7015A0000-0x00007FF7018F1000-memory.dmp	xmrig
behavioral2/memory/3040-2310-0x00007FF6CDCA0000-0x00007FF6CDFF1000-memory.dmp	xmrig
behavioral2/memory/4904-2308-0x00007FF7BE8B0000-0x00007FF7BEC01000-memory.dmp	xmrig
behavioral2/memory/4832-2306-0x00007FF73B2D0000-0x00007FF73B621000-memory.dmp	xmrig
behavioral2/memory/4540-2304-0x00007FF787390000-0x00007FF7876E1000-memory.dmp	xmrig
behavioral2/memory/1356-2302-0x00007FF79EC40000-0x00007FF79EF91000-memory.dmp	xmrig
behavioral2/memory/344-2300-0x00007FF776F70000-0x00007FF7772C1000-memory.dmp	xmrig
behavioral2/memory/1620-2296-0x00007FF7EBC50000-0x00007FF7EBFA1000-memory.dmp	xmrig
behavioral2/memory/3752-2294-0x00007FF69D990000-0x00007FF69DCE1000-memory.dmp	xmrig
behavioral2/memory/1628-2321-0x00007FF757AA0000-0x00007FF757DF1000-memory.dmp	xmrig
behavioral2/memory/3540-2290-0x00007FF6727E0000-0x00007FF672B31000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3840	zcqjRDO.exe
3756	iiDFojB.exe
2036	egQabCy.exe
4868	FuegIFr.exe
1540	BbmBmPv.exe
4512	xZcvhVr.exe
4500	dKyuAAw.exe
872	wZVcEHr.exe
692	ucMtFRz.exe
3488	BytFHFq.exe
1620	mFfZvTF.exe
4044	oXRcCkz.exe
3540	AmZFhgP.exe
344	qYXcWBa.exe
3752	FnernAF.exe
2784	TAvnBfG.exe
4540	dJETWJW.exe
1356	klBLvSK.exe
3852	LxQUgqA.exe
4832	qoECuyU.exe
3040	oTMtdut.exe
4904	Efiprfs.exe
3684	UbTpoAp.exe
4420	EqYIWmo.exe
2264	yScamoV.exe
1732	rVdPamN.exe
1468	yGdIYmG.exe
1628	HEyNqiK.exe
2520	aVKVxgY.exe
996	HDKQFDJ.exe
4388	SnjKgSM.exe
2476	exYFvBJ.exe
4052	xSmzoxh.exe
2432	yllmteO.exe
3740	sSWzilQ.exe
2936	nxwOjQU.exe
2172	FTgnEqs.exe
2804	eVmFVpk.exe
740	EtzjUfj.exe
2856	nzjmIQz.exe
4464	RuEejzx.exe
1492	oouYuJD.exe
388	MMqGerF.exe
3272	kwumBYh.exe
3336	OPTcsyE.exe
4752	gtdsQJR.exe
3700	UVNiVYR.exe
4708	rgAjJXw.exe
4760	yWLdHdN.exe
1312	CBSquCY.exe
1892	wKicKNk.exe
3248	gndysYi.exe
4368	GqxnUqS.exe
5024	kGidRsU.exe
4120	TlmOHfA.exe
1268	GBKRvyw.exe
2384	egVppEN.exe
1436	yRkwhiw.exe
1348	QHSwnSg.exe
3640	YonlKAO.exe
232	awreJSp.exe
3520	wCmgaoo.exe
5008	kgMjcUr.exe
3256	kJEstiX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/436-0-0x00007FF609440000-0x00007FF609791000-memory.dmp	upx
behavioral2/files/0x0009000000023404-5.dat	upx
behavioral2/memory/3840-8-0x00007FF675000000-0x00007FF675351000-memory.dmp	upx
behavioral2/files/0x0007000000023465-27.dat	upx
behavioral2/memory/4868-37-0x00007FF6C98D0000-0x00007FF6C9C21000-memory.dmp	upx
behavioral2/files/0x0007000000023469-47.dat	upx
behavioral2/files/0x000700000002346a-49.dat	upx
behavioral2/memory/3488-64-0x00007FF7E9A40000-0x00007FF7E9D91000-memory.dmp	upx
behavioral2/files/0x000700000002346d-71.dat	upx
behavioral2/files/0x0007000000023471-94.dat	upx
behavioral2/files/0x0007000000023477-124.dat	upx
behavioral2/files/0x000700000002347a-139.dat	upx
behavioral2/files/0x000700000002347f-156.dat	upx
behavioral2/files/0x0007000000023481-174.dat	upx
behavioral2/memory/344-462-0x00007FF776F70000-0x00007FF7772C1000-memory.dmp	upx
behavioral2/memory/3752-463-0x00007FF69D990000-0x00007FF69DCE1000-memory.dmp	upx
behavioral2/memory/2784-464-0x00007FF6DADE0000-0x00007FF6DB131000-memory.dmp	upx
behavioral2/memory/4540-467-0x00007FF787390000-0x00007FF7876E1000-memory.dmp	upx
behavioral2/memory/1356-470-0x00007FF79EC40000-0x00007FF79EF91000-memory.dmp	upx
behavioral2/memory/3040-487-0x00007FF6CDCA0000-0x00007FF6CDFF1000-memory.dmp	upx
behavioral2/memory/4832-475-0x00007FF73B2D0000-0x00007FF73B621000-memory.dmp	upx
behavioral2/memory/3852-472-0x00007FF715720000-0x00007FF715A71000-memory.dmp	upx
behavioral2/files/0x0007000000023483-176.dat	upx
behavioral2/files/0x0007000000023482-171.dat	upx
behavioral2/files/0x0007000000023480-169.dat	upx
behavioral2/files/0x000700000002347e-159.dat	upx
behavioral2/files/0x000700000002347d-154.dat	upx
behavioral2/files/0x000700000002347c-149.dat	upx
behavioral2/files/0x000700000002347b-144.dat	upx
behavioral2/files/0x0007000000023479-134.dat	upx
behavioral2/files/0x0007000000023478-129.dat	upx
behavioral2/files/0x0007000000023476-119.dat	upx
behavioral2/files/0x0007000000023475-114.dat	upx
behavioral2/files/0x0007000000023474-109.dat	upx
behavioral2/files/0x0007000000023473-104.dat	upx
behavioral2/files/0x0007000000023472-99.dat	upx
behavioral2/files/0x0007000000023470-86.dat	upx
behavioral2/files/0x000700000002346f-79.dat	upx
behavioral2/memory/3540-78-0x00007FF6727E0000-0x00007FF672B31000-memory.dmp	upx
behavioral2/files/0x000700000002346e-76.dat	upx
behavioral2/memory/4044-75-0x00007FF67E010000-0x00007FF67E361000-memory.dmp	upx
behavioral2/memory/1620-70-0x00007FF7EBC50000-0x00007FF7EBFA1000-memory.dmp	upx
behavioral2/files/0x000700000002346c-65.dat	upx
behavioral2/memory/692-60-0x00007FF718900000-0x00007FF718C51000-memory.dmp	upx
behavioral2/memory/872-56-0x00007FF6FC120000-0x00007FF6FC471000-memory.dmp	upx
behavioral2/memory/4500-55-0x00007FF7A44C0000-0x00007FF7A4811000-memory.dmp	upx
behavioral2/files/0x000700000002346b-54.dat	upx
behavioral2/memory/4512-53-0x00007FF7F8E70000-0x00007FF7F91C1000-memory.dmp	upx
behavioral2/files/0x0007000000023468-45.dat	upx
behavioral2/files/0x0007000000023467-33.dat	upx
behavioral2/files/0x0007000000023466-32.dat	upx
behavioral2/memory/1540-31-0x00007FF6B0D90000-0x00007FF6B10E1000-memory.dmp	upx
behavioral2/memory/2036-23-0x00007FF6689F0000-0x00007FF668D41000-memory.dmp	upx
behavioral2/files/0x0008000000023461-19.dat	upx
behavioral2/memory/3756-17-0x00007FF76F270000-0x00007FF76F5C1000-memory.dmp	upx
behavioral2/memory/3684-494-0x00007FF79DA90000-0x00007FF79DDE1000-memory.dmp	upx
behavioral2/memory/4420-499-0x00007FF7015A0000-0x00007FF7018F1000-memory.dmp	upx
behavioral2/memory/1628-518-0x00007FF757AA0000-0x00007FF757DF1000-memory.dmp	upx
behavioral2/memory/2520-528-0x00007FF711EB0000-0x00007FF712201000-memory.dmp	upx
behavioral2/memory/1468-511-0x00007FF6E8540000-0x00007FF6E8891000-memory.dmp	upx
behavioral2/memory/1732-510-0x00007FF6C28C0000-0x00007FF6C2C11000-memory.dmp	upx
behavioral2/memory/2264-507-0x00007FF62D7B0000-0x00007FF62DB01000-memory.dmp	upx
behavioral2/memory/4904-493-0x00007FF7BE8B0000-0x00007FF7BEC01000-memory.dmp	upx
behavioral2/memory/436-1389-0x00007FF609440000-0x00007FF609791000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qzBhteF.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\ZWDjTxA.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\VniMuRG.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\ggFfoVM.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\dgYFqHD.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\qOvcKdh.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\fcZtCUK.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\OCdEunl.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\XTnMGqd.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\yCIRWda.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\Umeeanf.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\vGUsRPJ.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\kGidRsU.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\uqhIMwb.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\yLcgKqO.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\wOwTjHV.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\YSFuJrn.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\WdOBErE.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\owIOZyY.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\uWfjXBj.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\oNSXOOw.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\OEfAEQQ.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\tlYTYBf.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\hNaNezl.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\FGVoHtl.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\hvfhDhV.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\lptsrnN.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\FPuXSmH.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\GHKQGRB.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\ZBmvgjz.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\MJcveWL.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\dPxoiFw.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\IePcasR.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\ZoPnTkR.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\AyRawfD.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\mfYiZml.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\TilJsxO.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\LnWyCml.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\dimUgBk.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\sXbDpXp.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\qvqeCQv.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\pOXLpTm.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\MoCGyyl.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\SjxJTBm.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\pWpufyf.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\RuiOTuW.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\rcoSqEi.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\PTuDQco.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\EQcXzXF.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\lHxGEnf.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\yRkwhiw.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\xwzrCgf.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\pRGhHyb.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\xbZPewZ.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\EqYIWmo.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\awreJSp.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\lOpasBV.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\BXTpIyV.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\GLyvnVS.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\nvVbWcQ.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\FLjxIrT.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\MMqGerF.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\YHpFVTb.exe	78dfbd69725461172d7bc6e46a01de40N.exe
File created	C:\Windows\System\CIICFFq.exe	78dfbd69725461172d7bc6e46a01de40N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14520	dwm.exe
Token: SeChangeNotifyPrivilege	14520	dwm.exe
Token: 33	14520	dwm.exe
Token: SeIncBasePriorityPrivilege	14520	dwm.exe
Token: SeShutdownPrivilege	14520	dwm.exe
Token: SeCreatePagefilePrivilege	14520	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 3840	436	78dfbd69725461172d7bc6e46a01de40N.exe	84
PID 436 wrote to memory of 3840	436	78dfbd69725461172d7bc6e46a01de40N.exe	84
PID 436 wrote to memory of 3756	436	78dfbd69725461172d7bc6e46a01de40N.exe	85
PID 436 wrote to memory of 3756	436	78dfbd69725461172d7bc6e46a01de40N.exe	85
PID 436 wrote to memory of 2036	436	78dfbd69725461172d7bc6e46a01de40N.exe	86
PID 436 wrote to memory of 2036	436	78dfbd69725461172d7bc6e46a01de40N.exe	86
PID 436 wrote to memory of 4868	436	78dfbd69725461172d7bc6e46a01de40N.exe	87
PID 436 wrote to memory of 4868	436	78dfbd69725461172d7bc6e46a01de40N.exe	87
PID 436 wrote to memory of 1540	436	78dfbd69725461172d7bc6e46a01de40N.exe	88
PID 436 wrote to memory of 1540	436	78dfbd69725461172d7bc6e46a01de40N.exe	88
PID 436 wrote to memory of 4512	436	78dfbd69725461172d7bc6e46a01de40N.exe	89
PID 436 wrote to memory of 4512	436	78dfbd69725461172d7bc6e46a01de40N.exe	89
PID 436 wrote to memory of 4500	436	78dfbd69725461172d7bc6e46a01de40N.exe	90
PID 436 wrote to memory of 4500	436	78dfbd69725461172d7bc6e46a01de40N.exe	90
PID 436 wrote to memory of 872	436	78dfbd69725461172d7bc6e46a01de40N.exe	91
PID 436 wrote to memory of 872	436	78dfbd69725461172d7bc6e46a01de40N.exe	91
PID 436 wrote to memory of 692	436	78dfbd69725461172d7bc6e46a01de40N.exe	92
PID 436 wrote to memory of 692	436	78dfbd69725461172d7bc6e46a01de40N.exe	92
PID 436 wrote to memory of 3488	436	78dfbd69725461172d7bc6e46a01de40N.exe	93
PID 436 wrote to memory of 3488	436	78dfbd69725461172d7bc6e46a01de40N.exe	93
PID 436 wrote to memory of 1620	436	78dfbd69725461172d7bc6e46a01de40N.exe	94
PID 436 wrote to memory of 1620	436	78dfbd69725461172d7bc6e46a01de40N.exe	94
PID 436 wrote to memory of 4044	436	78dfbd69725461172d7bc6e46a01de40N.exe	95
PID 436 wrote to memory of 4044	436	78dfbd69725461172d7bc6e46a01de40N.exe	95
PID 436 wrote to memory of 3540	436	78dfbd69725461172d7bc6e46a01de40N.exe	96
PID 436 wrote to memory of 3540	436	78dfbd69725461172d7bc6e46a01de40N.exe	96
PID 436 wrote to memory of 344	436	78dfbd69725461172d7bc6e46a01de40N.exe	97
PID 436 wrote to memory of 344	436	78dfbd69725461172d7bc6e46a01de40N.exe	97
PID 436 wrote to memory of 3752	436	78dfbd69725461172d7bc6e46a01de40N.exe	98
PID 436 wrote to memory of 3752	436	78dfbd69725461172d7bc6e46a01de40N.exe	98
PID 436 wrote to memory of 2784	436	78dfbd69725461172d7bc6e46a01de40N.exe	99
PID 436 wrote to memory of 2784	436	78dfbd69725461172d7bc6e46a01de40N.exe	99
PID 436 wrote to memory of 4540	436	78dfbd69725461172d7bc6e46a01de40N.exe	100
PID 436 wrote to memory of 4540	436	78dfbd69725461172d7bc6e46a01de40N.exe	100
PID 436 wrote to memory of 1356	436	78dfbd69725461172d7bc6e46a01de40N.exe	101
PID 436 wrote to memory of 1356	436	78dfbd69725461172d7bc6e46a01de40N.exe	101
PID 436 wrote to memory of 3852	436	78dfbd69725461172d7bc6e46a01de40N.exe	102
PID 436 wrote to memory of 3852	436	78dfbd69725461172d7bc6e46a01de40N.exe	102
PID 436 wrote to memory of 4832	436	78dfbd69725461172d7bc6e46a01de40N.exe	103
PID 436 wrote to memory of 4832	436	78dfbd69725461172d7bc6e46a01de40N.exe	103
PID 436 wrote to memory of 3040	436	78dfbd69725461172d7bc6e46a01de40N.exe	104
PID 436 wrote to memory of 3040	436	78dfbd69725461172d7bc6e46a01de40N.exe	104
PID 436 wrote to memory of 4904	436	78dfbd69725461172d7bc6e46a01de40N.exe	105
PID 436 wrote to memory of 4904	436	78dfbd69725461172d7bc6e46a01de40N.exe	105
PID 436 wrote to memory of 3684	436	78dfbd69725461172d7bc6e46a01de40N.exe	106
PID 436 wrote to memory of 3684	436	78dfbd69725461172d7bc6e46a01de40N.exe	106
PID 436 wrote to memory of 4420	436	78dfbd69725461172d7bc6e46a01de40N.exe	107
PID 436 wrote to memory of 4420	436	78dfbd69725461172d7bc6e46a01de40N.exe	107
PID 436 wrote to memory of 2264	436	78dfbd69725461172d7bc6e46a01de40N.exe	108
PID 436 wrote to memory of 2264	436	78dfbd69725461172d7bc6e46a01de40N.exe	108
PID 436 wrote to memory of 1732	436	78dfbd69725461172d7bc6e46a01de40N.exe	109
PID 436 wrote to memory of 1732	436	78dfbd69725461172d7bc6e46a01de40N.exe	109
PID 436 wrote to memory of 1468	436	78dfbd69725461172d7bc6e46a01de40N.exe	110
PID 436 wrote to memory of 1468	436	78dfbd69725461172d7bc6e46a01de40N.exe	110
PID 436 wrote to memory of 1628	436	78dfbd69725461172d7bc6e46a01de40N.exe	111
PID 436 wrote to memory of 1628	436	78dfbd69725461172d7bc6e46a01de40N.exe	111
PID 436 wrote to memory of 2520	436	78dfbd69725461172d7bc6e46a01de40N.exe	112
PID 436 wrote to memory of 2520	436	78dfbd69725461172d7bc6e46a01de40N.exe	112
PID 436 wrote to memory of 996	436	78dfbd69725461172d7bc6e46a01de40N.exe	113
PID 436 wrote to memory of 996	436	78dfbd69725461172d7bc6e46a01de40N.exe	113
PID 436 wrote to memory of 4388	436	78dfbd69725461172d7bc6e46a01de40N.exe	114
PID 436 wrote to memory of 4388	436	78dfbd69725461172d7bc6e46a01de40N.exe	114
PID 436 wrote to memory of 2476	436	78dfbd69725461172d7bc6e46a01de40N.exe	115
PID 436 wrote to memory of 2476	436	78dfbd69725461172d7bc6e46a01de40N.exe	115

C:\Users\Admin\AppData\Local\Temp\78dfbd69725461172d7bc6e46a01de40N.exe
"C:\Users\Admin\AppData\Local\Temp\78dfbd69725461172d7bc6e46a01de40N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:436
- C:\Windows\System\zcqjRDO.exe
  C:\Windows\System\zcqjRDO.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\iiDFojB.exe
  C:\Windows\System\iiDFojB.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\egQabCy.exe
  C:\Windows\System\egQabCy.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\FuegIFr.exe
  C:\Windows\System\FuegIFr.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\BbmBmPv.exe
  C:\Windows\System\BbmBmPv.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\xZcvhVr.exe
  C:\Windows\System\xZcvhVr.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\dKyuAAw.exe
  C:\Windows\System\dKyuAAw.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\wZVcEHr.exe
  C:\Windows\System\wZVcEHr.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\ucMtFRz.exe
  C:\Windows\System\ucMtFRz.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\BytFHFq.exe
  C:\Windows\System\BytFHFq.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\mFfZvTF.exe
  C:\Windows\System\mFfZvTF.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\oXRcCkz.exe
  C:\Windows\System\oXRcCkz.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\AmZFhgP.exe
  C:\Windows\System\AmZFhgP.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\qYXcWBa.exe
  C:\Windows\System\qYXcWBa.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\FnernAF.exe
  C:\Windows\System\FnernAF.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\TAvnBfG.exe
  C:\Windows\System\TAvnBfG.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\dJETWJW.exe
  C:\Windows\System\dJETWJW.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\klBLvSK.exe
  C:\Windows\System\klBLvSK.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\LxQUgqA.exe
  C:\Windows\System\LxQUgqA.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\qoECuyU.exe
  C:\Windows\System\qoECuyU.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\oTMtdut.exe
  C:\Windows\System\oTMtdut.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\Efiprfs.exe
  C:\Windows\System\Efiprfs.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\UbTpoAp.exe
  C:\Windows\System\UbTpoAp.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\EqYIWmo.exe
  C:\Windows\System\EqYIWmo.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\yScamoV.exe
  C:\Windows\System\yScamoV.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\rVdPamN.exe
  C:\Windows\System\rVdPamN.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\yGdIYmG.exe
  C:\Windows\System\yGdIYmG.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\HEyNqiK.exe
  C:\Windows\System\HEyNqiK.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\aVKVxgY.exe
  C:\Windows\System\aVKVxgY.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\HDKQFDJ.exe
  C:\Windows\System\HDKQFDJ.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\SnjKgSM.exe
  C:\Windows\System\SnjKgSM.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\exYFvBJ.exe
  C:\Windows\System\exYFvBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\xSmzoxh.exe
  C:\Windows\System\xSmzoxh.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\yllmteO.exe
  C:\Windows\System\yllmteO.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\sSWzilQ.exe
  C:\Windows\System\sSWzilQ.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\nxwOjQU.exe
  C:\Windows\System\nxwOjQU.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\FTgnEqs.exe
  C:\Windows\System\FTgnEqs.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\eVmFVpk.exe
  C:\Windows\System\eVmFVpk.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\EtzjUfj.exe
  C:\Windows\System\EtzjUfj.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\nzjmIQz.exe
  C:\Windows\System\nzjmIQz.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\RuEejzx.exe
  C:\Windows\System\RuEejzx.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\oouYuJD.exe
  C:\Windows\System\oouYuJD.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\MMqGerF.exe
  C:\Windows\System\MMqGerF.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\kwumBYh.exe
  C:\Windows\System\kwumBYh.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\OPTcsyE.exe
  C:\Windows\System\OPTcsyE.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\gtdsQJR.exe
  C:\Windows\System\gtdsQJR.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\UVNiVYR.exe
  C:\Windows\System\UVNiVYR.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\rgAjJXw.exe
  C:\Windows\System\rgAjJXw.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\yWLdHdN.exe
  C:\Windows\System\yWLdHdN.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\CBSquCY.exe
  C:\Windows\System\CBSquCY.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\wKicKNk.exe
  C:\Windows\System\wKicKNk.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\gndysYi.exe
  C:\Windows\System\gndysYi.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\GqxnUqS.exe
  C:\Windows\System\GqxnUqS.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\kGidRsU.exe
  C:\Windows\System\kGidRsU.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\TlmOHfA.exe
  C:\Windows\System\TlmOHfA.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\GBKRvyw.exe
  C:\Windows\System\GBKRvyw.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\egVppEN.exe
  C:\Windows\System\egVppEN.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\yRkwhiw.exe
  C:\Windows\System\yRkwhiw.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\QHSwnSg.exe
  C:\Windows\System\QHSwnSg.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\YonlKAO.exe
  C:\Windows\System\YonlKAO.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\awreJSp.exe
  C:\Windows\System\awreJSp.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\wCmgaoo.exe
  C:\Windows\System\wCmgaoo.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\kgMjcUr.exe
  C:\Windows\System\kgMjcUr.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\kJEstiX.exe
  C:\Windows\System\kJEstiX.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\ZozNYfI.exe
  C:\Windows\System\ZozNYfI.exe
  2⤵
  PID:624
- C:\Windows\System\vsLBOzJ.exe
  C:\Windows\System\vsLBOzJ.exe
  2⤵
  PID:2260
- C:\Windows\System\AwseWbr.exe
  C:\Windows\System\AwseWbr.exe
  2⤵
  PID:3268
- C:\Windows\System\APnYwLQ.exe
  C:\Windows\System\APnYwLQ.exe
  2⤵
  PID:3508
- C:\Windows\System\lOpasBV.exe
  C:\Windows\System\lOpasBV.exe
  2⤵
  PID:2000
- C:\Windows\System\izlwShw.exe
  C:\Windows\System\izlwShw.exe
  2⤵
  PID:4376
- C:\Windows\System\xkAnaRl.exe
  C:\Windows\System\xkAnaRl.exe
  2⤵
  PID:3688
- C:\Windows\System\KQgUOTf.exe
  C:\Windows\System\KQgUOTf.exe
  2⤵
  PID:3096
- C:\Windows\System\AFqNfVT.exe
  C:\Windows\System\AFqNfVT.exe
  2⤵
  PID:2464
- C:\Windows\System\BEjcnXa.exe
  C:\Windows\System\BEjcnXa.exe
  2⤵
  PID:1100
- C:\Windows\System\uiAwYTR.exe
  C:\Windows\System\uiAwYTR.exe
  2⤵
  PID:3504
- C:\Windows\System\SPePYzN.exe
  C:\Windows\System\SPePYzN.exe
  2⤵
  PID:4004
- C:\Windows\System\VJhcbgf.exe
  C:\Windows\System\VJhcbgf.exe
  2⤵
  PID:408
- C:\Windows\System\SCxeArk.exe
  C:\Windows\System\SCxeArk.exe
  2⤵
  PID:1028
- C:\Windows\System\vFDseuD.exe
  C:\Windows\System\vFDseuD.exe
  2⤵
  PID:3164
- C:\Windows\System\ByFRnwO.exe
  C:\Windows\System\ByFRnwO.exe
  2⤵
  PID:3076
- C:\Windows\System\jBQbvTh.exe
  C:\Windows\System\jBQbvTh.exe
  2⤵
  PID:1724
- C:\Windows\System\fcZtCUK.exe
  C:\Windows\System\fcZtCUK.exe
  2⤵
  PID:3692
- C:\Windows\System\tIOYGOH.exe
  C:\Windows\System\tIOYGOH.exe
  2⤵
  PID:1284
- C:\Windows\System\esFqWXY.exe
  C:\Windows\System\esFqWXY.exe
  2⤵
  PID:3500
- C:\Windows\System\dSqkzoR.exe
  C:\Windows\System\dSqkzoR.exe
  2⤵
  PID:3016
- C:\Windows\System\xSeAmXO.exe
  C:\Windows\System\xSeAmXO.exe
  2⤵
  PID:3320
- C:\Windows\System\VHHRVfT.exe
  C:\Windows\System\VHHRVfT.exe
  2⤵
  PID:4132
- C:\Windows\System\pOXLpTm.exe
  C:\Windows\System\pOXLpTm.exe
  2⤵
  PID:2480
- C:\Windows\System\kcpYXeE.exe
  C:\Windows\System\kcpYXeE.exe
  2⤵
  PID:4612
- C:\Windows\System\OdVpkWB.exe
  C:\Windows\System\OdVpkWB.exe
  2⤵
  PID:4000
- C:\Windows\System\VhYyPAO.exe
  C:\Windows\System\VhYyPAO.exe
  2⤵
  PID:5100
- C:\Windows\System\ZBmvgjz.exe
  C:\Windows\System\ZBmvgjz.exe
  2⤵
  PID:3468
- C:\Windows\System\eVynUun.exe
  C:\Windows\System\eVynUun.exe
  2⤵
  PID:2372
- C:\Windows\System\IPaMPvJ.exe
  C:\Windows\System\IPaMPvJ.exe
  2⤵
  PID:1808
- C:\Windows\System\YFpwVSO.exe
  C:\Windows\System\YFpwVSO.exe
  2⤵
  PID:4872
- C:\Windows\System\mnecZSX.exe
  C:\Windows\System\mnecZSX.exe
  2⤵
  PID:5148
- C:\Windows\System\tNJbBSH.exe
  C:\Windows\System\tNJbBSH.exe
  2⤵
  PID:5176
- C:\Windows\System\CkRqarf.exe
  C:\Windows\System\CkRqarf.exe
  2⤵
  PID:5200
- C:\Windows\System\VnVxhTB.exe
  C:\Windows\System\VnVxhTB.exe
  2⤵
  PID:5232
- C:\Windows\System\TZbAmah.exe
  C:\Windows\System\TZbAmah.exe
  2⤵
  PID:5260
- C:\Windows\System\BYwVbsk.exe
  C:\Windows\System\BYwVbsk.exe
  2⤵
  PID:5284
- C:\Windows\System\dimUgBk.exe
  C:\Windows\System\dimUgBk.exe
  2⤵
  PID:5316
- C:\Windows\System\AlBEnOx.exe
  C:\Windows\System\AlBEnOx.exe
  2⤵
  PID:5344
- C:\Windows\System\wONBdxb.exe
  C:\Windows\System\wONBdxb.exe
  2⤵
  PID:5372
- C:\Windows\System\LoWROtq.exe
  C:\Windows\System\LoWROtq.exe
  2⤵
  PID:5400
- C:\Windows\System\lIJvoeB.exe
  C:\Windows\System\lIJvoeB.exe
  2⤵
  PID:5428
- C:\Windows\System\lHxGEnf.exe
  C:\Windows\System\lHxGEnf.exe
  2⤵
  PID:5452
- C:\Windows\System\ydTNElx.exe
  C:\Windows\System\ydTNElx.exe
  2⤵
  PID:5484
- C:\Windows\System\COWqabg.exe
  C:\Windows\System\COWqabg.exe
  2⤵
  PID:5512
- C:\Windows\System\cUyhrtw.exe
  C:\Windows\System\cUyhrtw.exe
  2⤵
  PID:5540
- C:\Windows\System\nOMECnN.exe
  C:\Windows\System\nOMECnN.exe
  2⤵
  PID:5568
- C:\Windows\System\usPhorv.exe
  C:\Windows\System\usPhorv.exe
  2⤵
  PID:5596
- C:\Windows\System\xaYHfbn.exe
  C:\Windows\System\xaYHfbn.exe
  2⤵
  PID:5624
- C:\Windows\System\ERescEQ.exe
  C:\Windows\System\ERescEQ.exe
  2⤵
  PID:5652
- C:\Windows\System\NFHzjba.exe
  C:\Windows\System\NFHzjba.exe
  2⤵
  PID:5680
- C:\Windows\System\uiccLJR.exe
  C:\Windows\System\uiccLJR.exe
  2⤵
  PID:5708
- C:\Windows\System\bsYrikA.exe
  C:\Windows\System\bsYrikA.exe
  2⤵
  PID:5736
- C:\Windows\System\iwESHVN.exe
  C:\Windows\System\iwESHVN.exe
  2⤵
  PID:5764
- C:\Windows\System\jKTapdX.exe
  C:\Windows\System\jKTapdX.exe
  2⤵
  PID:5788
- C:\Windows\System\hikbaRy.exe
  C:\Windows\System\hikbaRy.exe
  2⤵
  PID:5824
- C:\Windows\System\cIqfLEE.exe
  C:\Windows\System\cIqfLEE.exe
  2⤵
  PID:5856
- C:\Windows\System\OMFXVlW.exe
  C:\Windows\System\OMFXVlW.exe
  2⤵
  PID:5876
- C:\Windows\System\FYuvAUr.exe
  C:\Windows\System\FYuvAUr.exe
  2⤵
  PID:5904
- C:\Windows\System\PjPnwXs.exe
  C:\Windows\System\PjPnwXs.exe
  2⤵
  PID:5932
- C:\Windows\System\AFDrglM.exe
  C:\Windows\System\AFDrglM.exe
  2⤵
  PID:5960
- C:\Windows\System\BXTpIyV.exe
  C:\Windows\System\BXTpIyV.exe
  2⤵
  PID:5984
- C:\Windows\System\TqgbIog.exe
  C:\Windows\System\TqgbIog.exe
  2⤵
  PID:6012
- C:\Windows\System\QJnkDTc.exe
  C:\Windows\System\QJnkDTc.exe
  2⤵
  PID:6044
- C:\Windows\System\XKVuQtx.exe
  C:\Windows\System\XKVuQtx.exe
  2⤵
  PID:6068
- C:\Windows\System\GLyvnVS.exe
  C:\Windows\System\GLyvnVS.exe
  2⤵
  PID:4700
- C:\Windows\System\jROaQXR.exe
  C:\Windows\System\jROaQXR.exe
  2⤵
  PID:2944
- C:\Windows\System\ifwEBaU.exe
  C:\Windows\System\ifwEBaU.exe
  2⤵
  PID:3236
- C:\Windows\System\qqqZkiL.exe
  C:\Windows\System\qqqZkiL.exe
  2⤵
  PID:4784
- C:\Windows\System\DEHlQtM.exe
  C:\Windows\System\DEHlQtM.exe
  2⤵
  PID:5160
- C:\Windows\System\VZSEErA.exe
  C:\Windows\System\VZSEErA.exe
  2⤵
  PID:5196
- C:\Windows\System\JThSLWL.exe
  C:\Windows\System\JThSLWL.exe
  2⤵
  PID:5244
- C:\Windows\System\JcpMrmW.exe
  C:\Windows\System\JcpMrmW.exe
  2⤵
  PID:5304
- C:\Windows\System\WaYYiGq.exe
  C:\Windows\System\WaYYiGq.exe
  2⤵
  PID:5332
- C:\Windows\System\QfoAgWV.exe
  C:\Windows\System\QfoAgWV.exe
  2⤵
  PID:5420
- C:\Windows\System\zVzGAHH.exe
  C:\Windows\System\zVzGAHH.exe
  2⤵
  PID:5496
- C:\Windows\System\rkvdMDe.exe
  C:\Windows\System\rkvdMDe.exe
  2⤵
  PID:5552
- C:\Windows\System\lXazgBd.exe
  C:\Windows\System\lXazgBd.exe
  2⤵
  PID:5616
- C:\Windows\System\wIkUqFi.exe
  C:\Windows\System\wIkUqFi.exe
  2⤵
  PID:4164
- C:\Windows\System\lsqwbMr.exe
  C:\Windows\System\lsqwbMr.exe
  2⤵
  PID:5780
- C:\Windows\System\IYIySxO.exe
  C:\Windows\System\IYIySxO.exe
  2⤵
  PID:5812
- C:\Windows\System\wEAacTW.exe
  C:\Windows\System\wEAacTW.exe
  2⤵
  PID:5844
- C:\Windows\System\hMmpzyt.exe
  C:\Windows\System\hMmpzyt.exe
  2⤵
  PID:1060
- C:\Windows\System\WaWZPNa.exe
  C:\Windows\System\WaWZPNa.exe
  2⤵
  PID:5948
- C:\Windows\System\PKvszut.exe
  C:\Windows\System\PKvszut.exe
  2⤵
  PID:2280
- C:\Windows\System\JvFCDEm.exe
  C:\Windows\System\JvFCDEm.exe
  2⤵
  PID:1184
- C:\Windows\System\BdBlHzE.exe
  C:\Windows\System\BdBlHzE.exe
  2⤵
  PID:6004
- C:\Windows\System\OCdEunl.exe
  C:\Windows\System\OCdEunl.exe
  2⤵
  PID:5976
- C:\Windows\System\WlfyqJY.exe
  C:\Windows\System\WlfyqJY.exe
  2⤵
  PID:4836
- C:\Windows\System\exXptwt.exe
  C:\Windows\System\exXptwt.exe
  2⤵
  PID:6028
- C:\Windows\System\eJZadOO.exe
  C:\Windows\System\eJZadOO.exe
  2⤵
  PID:3084
- C:\Windows\System\bpeYGlB.exe
  C:\Windows\System\bpeYGlB.exe
  2⤵
  PID:4792
- C:\Windows\System\KCZaquZ.exe
  C:\Windows\System\KCZaquZ.exe
  2⤵
  PID:1400
- C:\Windows\System\TVDduPv.exe
  C:\Windows\System\TVDduPv.exe
  2⤵
  PID:5192
- C:\Windows\System\BqQOrWh.exe
  C:\Windows\System\BqQOrWh.exe
  2⤵
  PID:5472
- C:\Windows\System\PpuRBrV.exe
  C:\Windows\System\PpuRBrV.exe
  2⤵
  PID:5560
- C:\Windows\System\LCBmYHH.exe
  C:\Windows\System\LCBmYHH.exe
  2⤵
  PID:5720
- C:\Windows\System\vLiHPnw.exe
  C:\Windows\System\vLiHPnw.exe
  2⤵
  PID:5832
- C:\Windows\System\CgqtHEP.exe
  C:\Windows\System\CgqtHEP.exe
  2⤵
  PID:3560
- C:\Windows\System\XMFdNtL.exe
  C:\Windows\System\XMFdNtL.exe
  2⤵
  PID:5360
- C:\Windows\System\LuSxZwY.exe
  C:\Windows\System\LuSxZwY.exe
  2⤵
  PID:4776
- C:\Windows\System\fuNqBBX.exe
  C:\Windows\System\fuNqBBX.exe
  2⤵
  PID:3168
- C:\Windows\System\XTnMGqd.exe
  C:\Windows\System\XTnMGqd.exe
  2⤵
  PID:1072
- C:\Windows\System\iquiGJb.exe
  C:\Windows\System\iquiGJb.exe
  2⤵
  PID:3736
- C:\Windows\System\odFcyoW.exe
  C:\Windows\System\odFcyoW.exe
  2⤵
  PID:4056
- C:\Windows\System\mBzEZhX.exe
  C:\Windows\System\mBzEZhX.exe
  2⤵
  PID:5280
- C:\Windows\System\vTtDSZt.exe
  C:\Windows\System\vTtDSZt.exe
  2⤵
  PID:5664
- C:\Windows\System\eoIHgfP.exe
  C:\Windows\System\eoIHgfP.exe
  2⤵
  PID:5808
- C:\Windows\System\rWnOPvv.exe
  C:\Windows\System\rWnOPvv.exe
  2⤵
  PID:3832
- C:\Windows\System\GycybiK.exe
  C:\Windows\System\GycybiK.exe
  2⤵
  PID:5088
- C:\Windows\System\mFbitSI.exe
  C:\Windows\System\mFbitSI.exe
  2⤵
  PID:5412
- C:\Windows\System\qBBuTGJ.exe
  C:\Windows\System\qBBuTGJ.exe
  2⤵
  PID:1996
- C:\Windows\System\UcmwoaP.exe
  C:\Windows\System\UcmwoaP.exe
  2⤵
  PID:772
- C:\Windows\System\risDdRU.exe
  C:\Windows\System\risDdRU.exe
  2⤵
  PID:5076
- C:\Windows\System\fSjzknB.exe
  C:\Windows\System\fSjzknB.exe
  2⤵
  PID:6172
- C:\Windows\System\jTfRCzW.exe
  C:\Windows\System\jTfRCzW.exe
  2⤵
  PID:6192
- C:\Windows\System\ayCckBa.exe
  C:\Windows\System\ayCckBa.exe
  2⤵
  PID:6212
- C:\Windows\System\MoCGyyl.exe
  C:\Windows\System\MoCGyyl.exe
  2⤵
  PID:6228
- C:\Windows\System\XaYNUvN.exe
  C:\Windows\System\XaYNUvN.exe
  2⤵
  PID:6256
- C:\Windows\System\JbBKbHJ.exe
  C:\Windows\System\JbBKbHJ.exe
  2⤵
  PID:6272
- C:\Windows\System\yCIRWda.exe
  C:\Windows\System\yCIRWda.exe
  2⤵
  PID:6328
- C:\Windows\System\bOAXDfw.exe
  C:\Windows\System\bOAXDfw.exe
  2⤵
  PID:6356
- C:\Windows\System\CjwbLtF.exe
  C:\Windows\System\CjwbLtF.exe
  2⤵
  PID:6388
- C:\Windows\System\cMDkrfD.exe
  C:\Windows\System\cMDkrfD.exe
  2⤵
  PID:6404
- C:\Windows\System\fCodFrP.exe
  C:\Windows\System\fCodFrP.exe
  2⤵
  PID:6420
- C:\Windows\System\MGbNgII.exe
  C:\Windows\System\MGbNgII.exe
  2⤵
  PID:6444
- C:\Windows\System\tGJbsIT.exe
  C:\Windows\System\tGJbsIT.exe
  2⤵
  PID:6464
- C:\Windows\System\OpkKdSk.exe
  C:\Windows\System\OpkKdSk.exe
  2⤵
  PID:6504
- C:\Windows\System\HzbbqKc.exe
  C:\Windows\System\HzbbqKc.exe
  2⤵
  PID:6520
- C:\Windows\System\JjuTzeL.exe
  C:\Windows\System\JjuTzeL.exe
  2⤵
  PID:6544
- C:\Windows\System\bXaBBlj.exe
  C:\Windows\System\bXaBBlj.exe
  2⤵
  PID:6560
- C:\Windows\System\PRUjvpe.exe
  C:\Windows\System\PRUjvpe.exe
  2⤵
  PID:6596
- C:\Windows\System\EaBpoad.exe
  C:\Windows\System\EaBpoad.exe
  2⤵
  PID:6616
- C:\Windows\System\SjxJTBm.exe
  C:\Windows\System\SjxJTBm.exe
  2⤵
  PID:6664
- C:\Windows\System\jgkYQFp.exe
  C:\Windows\System\jgkYQFp.exe
  2⤵
  PID:6688
- C:\Windows\System\qnQmnPq.exe
  C:\Windows\System\qnQmnPq.exe
  2⤵
  PID:6708
- C:\Windows\System\SCrPLTT.exe
  C:\Windows\System\SCrPLTT.exe
  2⤵
  PID:6776
- C:\Windows\System\YlWSQxe.exe
  C:\Windows\System\YlWSQxe.exe
  2⤵
  PID:6812
- C:\Windows\System\HaRWrHG.exe
  C:\Windows\System\HaRWrHG.exe
  2⤵
  PID:6836
- C:\Windows\System\LSYosXa.exe
  C:\Windows\System\LSYosXa.exe
  2⤵
  PID:6884
- C:\Windows\System\TIDIBxe.exe
  C:\Windows\System\TIDIBxe.exe
  2⤵
  PID:6904
- C:\Windows\System\bmIURAQ.exe
  C:\Windows\System\bmIURAQ.exe
  2⤵
  PID:6948
- C:\Windows\System\YLNETlD.exe
  C:\Windows\System\YLNETlD.exe
  2⤵
  PID:6964
- C:\Windows\System\GDBanyH.exe
  C:\Windows\System\GDBanyH.exe
  2⤵
  PID:7020
- C:\Windows\System\lhwtKUS.exe
  C:\Windows\System\lhwtKUS.exe
  2⤵
  PID:7040
- C:\Windows\System\ltiIFGC.exe
  C:\Windows\System\ltiIFGC.exe
  2⤵
  PID:7056
- C:\Windows\System\ZRdELkk.exe
  C:\Windows\System\ZRdELkk.exe
  2⤵
  PID:7080
- C:\Windows\System\pDqIVIT.exe
  C:\Windows\System\pDqIVIT.exe
  2⤵
  PID:7104
- C:\Windows\System\LnWyCml.exe
  C:\Windows\System\LnWyCml.exe
  2⤵
  PID:7124
- C:\Windows\System\YzVIMWI.exe
  C:\Windows\System\YzVIMWI.exe
  2⤵
  PID:5528
- C:\Windows\System\ceWoeUv.exe
  C:\Windows\System\ceWoeUv.exe
  2⤵
  PID:5776
- C:\Windows\System\xrhmPak.exe
  C:\Windows\System\xrhmPak.exe
  2⤵
  PID:6280
- C:\Windows\System\XdAwucO.exe
  C:\Windows\System\XdAwucO.exe
  2⤵
  PID:6200
- C:\Windows\System\szzSZJd.exe
  C:\Windows\System\szzSZJd.exe
  2⤵
  PID:6264
- C:\Windows\System\MJcveWL.exe
  C:\Windows\System\MJcveWL.exe
  2⤵
  PID:6268
- C:\Windows\System\YEaCqHK.exe
  C:\Windows\System\YEaCqHK.exe
  2⤵
  PID:6376
- C:\Windows\System\QrRbXew.exe
  C:\Windows\System\QrRbXew.exe
  2⤵
  PID:6416
- C:\Windows\System\GCjgaUH.exe
  C:\Windows\System\GCjgaUH.exe
  2⤵
  PID:6456
- C:\Windows\System\UdrQGzD.exe
  C:\Windows\System\UdrQGzD.exe
  2⤵
  PID:6500
- C:\Windows\System\tJQQxGI.exe
  C:\Windows\System\tJQQxGI.exe
  2⤵
  PID:6552
- C:\Windows\System\qzBhteF.exe
  C:\Windows\System\qzBhteF.exe
  2⤵
  PID:6676
- C:\Windows\System\EbilLBJ.exe
  C:\Windows\System\EbilLBJ.exe
  2⤵
  PID:6868
- C:\Windows\System\pOVGcsV.exe
  C:\Windows\System\pOVGcsV.exe
  2⤵
  PID:6856
- C:\Windows\System\xygaudU.exe
  C:\Windows\System\xygaudU.exe
  2⤵
  PID:7000
- C:\Windows\System\txbSGLI.exe
  C:\Windows\System\txbSGLI.exe
  2⤵
  PID:7088
- C:\Windows\System\kgdIWaw.exe
  C:\Windows\System\kgdIWaw.exe
  2⤵
  PID:7096
- C:\Windows\System\JwlIfXI.exe
  C:\Windows\System\JwlIfXI.exe
  2⤵
  PID:6288
- C:\Windows\System\FLQtOoy.exe
  C:\Windows\System\FLQtOoy.exe
  2⤵
  PID:6296
- C:\Windows\System\XcgTPbY.exe
  C:\Windows\System\XcgTPbY.exe
  2⤵
  PID:6432
- C:\Windows\System\hWWuNGZ.exe
  C:\Windows\System\hWWuNGZ.exe
  2⤵
  PID:6484
- C:\Windows\System\yUsxXZU.exe
  C:\Windows\System\yUsxXZU.exe
  2⤵
  PID:6772
- C:\Windows\System\qGlRphD.exe
  C:\Windows\System\qGlRphD.exe
  2⤵
  PID:7032
- C:\Windows\System\FPuXSmH.exe
  C:\Windows\System\FPuXSmH.exe
  2⤵
  PID:6988
- C:\Windows\System\QThTBTq.exe
  C:\Windows\System\QThTBTq.exe
  2⤵
  PID:7116
- C:\Windows\System\bHaAEKA.exe
  C:\Windows\System\bHaAEKA.exe
  2⤵
  PID:6704
- C:\Windows\System\gGhgUAE.exe
  C:\Windows\System\gGhgUAE.exe
  2⤵
  PID:6612
- C:\Windows\System\ShoVPNe.exe
  C:\Windows\System\ShoVPNe.exe
  2⤵
  PID:3324
- C:\Windows\System\rjcgSZQ.exe
  C:\Windows\System\rjcgSZQ.exe
  2⤵
  PID:7172
- C:\Windows\System\fnVggvn.exe
  C:\Windows\System\fnVggvn.exe
  2⤵
  PID:7200
- C:\Windows\System\UgFKHGR.exe
  C:\Windows\System\UgFKHGR.exe
  2⤵
  PID:7216
- C:\Windows\System\uRmaxRQ.exe
  C:\Windows\System\uRmaxRQ.exe
  2⤵
  PID:7292
- C:\Windows\System\RIQGVkq.exe
  C:\Windows\System\RIQGVkq.exe
  2⤵
  PID:7308
- C:\Windows\System\yolIMSB.exe
  C:\Windows\System\yolIMSB.exe
  2⤵
  PID:7336
- C:\Windows\System\iYEnPfw.exe
  C:\Windows\System\iYEnPfw.exe
  2⤵
  PID:7352
- C:\Windows\System\GHdmunx.exe
  C:\Windows\System\GHdmunx.exe
  2⤵
  PID:7372
- C:\Windows\System\xiFZlLT.exe
  C:\Windows\System\xiFZlLT.exe
  2⤵
  PID:7396
- C:\Windows\System\ZNYtRsQ.exe
  C:\Windows\System\ZNYtRsQ.exe
  2⤵
  PID:7412
- C:\Windows\System\BknxAcx.exe
  C:\Windows\System\BknxAcx.exe
  2⤵
  PID:7456
- C:\Windows\System\orMZCjC.exe
  C:\Windows\System\orMZCjC.exe
  2⤵
  PID:7476
- C:\Windows\System\aEEoAQV.exe
  C:\Windows\System\aEEoAQV.exe
  2⤵
  PID:7532
- C:\Windows\System\ysiWiSQ.exe
  C:\Windows\System\ysiWiSQ.exe
  2⤵
  PID:7548
- C:\Windows\System\AnbKOdF.exe
  C:\Windows\System\AnbKOdF.exe
  2⤵
  PID:7572
- C:\Windows\System\HGdfltx.exe
  C:\Windows\System\HGdfltx.exe
  2⤵
  PID:7592
- C:\Windows\System\dPxoiFw.exe
  C:\Windows\System\dPxoiFw.exe
  2⤵
  PID:7608
- C:\Windows\System\ZVgRaGk.exe
  C:\Windows\System\ZVgRaGk.exe
  2⤵
  PID:7636
- C:\Windows\System\fuVmKla.exe
  C:\Windows\System\fuVmKla.exe
  2⤵
  PID:7656
- C:\Windows\System\TffnXMs.exe
  C:\Windows\System\TffnXMs.exe
  2⤵
  PID:7724
- C:\Windows\System\ppzpTix.exe
  C:\Windows\System\ppzpTix.exe
  2⤵
  PID:7740
- C:\Windows\System\IePcasR.exe
  C:\Windows\System\IePcasR.exe
  2⤵
  PID:7780
- C:\Windows\System\LQhkGTW.exe
  C:\Windows\System\LQhkGTW.exe
  2⤵
  PID:7816
- C:\Windows\System\pvCdxNS.exe
  C:\Windows\System\pvCdxNS.exe
  2⤵
  PID:7844
- C:\Windows\System\gsHleaX.exe
  C:\Windows\System\gsHleaX.exe
  2⤵
  PID:7864
- C:\Windows\System\vNtFFrK.exe
  C:\Windows\System\vNtFFrK.exe
  2⤵
  PID:7880
- C:\Windows\System\HFBeGbb.exe
  C:\Windows\System\HFBeGbb.exe
  2⤵
  PID:7920
- C:\Windows\System\TpNEIZG.exe
  C:\Windows\System\TpNEIZG.exe
  2⤵
  PID:7940
- C:\Windows\System\AUhcHTU.exe
  C:\Windows\System\AUhcHTU.exe
  2⤵
  PID:7964
- C:\Windows\System\HMevhlX.exe
  C:\Windows\System\HMevhlX.exe
  2⤵
  PID:7996
- C:\Windows\System\sCCFOjQ.exe
  C:\Windows\System\sCCFOjQ.exe
  2⤵
  PID:8016
- C:\Windows\System\YmMHvgT.exe
  C:\Windows\System\YmMHvgT.exe
  2⤵
  PID:8044
- C:\Windows\System\AXFExLK.exe
  C:\Windows\System\AXFExLK.exe
  2⤵
  PID:8060
- C:\Windows\System\ryiICYb.exe
  C:\Windows\System\ryiICYb.exe
  2⤵
  PID:8104
- C:\Windows\System\zGXHBTh.exe
  C:\Windows\System\zGXHBTh.exe
  2⤵
  PID:8136
- C:\Windows\System\vwnpBNN.exe
  C:\Windows\System\vwnpBNN.exe
  2⤵
  PID:8160
- C:\Windows\System\eiJWCIZ.exe
  C:\Windows\System\eiJWCIZ.exe
  2⤵
  PID:8180
- C:\Windows\System\LenuHVw.exe
  C:\Windows\System\LenuHVw.exe
  2⤵
  PID:6428
- C:\Windows\System\xRiqfon.exe
  C:\Windows\System\xRiqfon.exe
  2⤵
  PID:7224
- C:\Windows\System\XDCZnIn.exe
  C:\Windows\System\XDCZnIn.exe
  2⤵
  PID:7320
- C:\Windows\System\WUppENB.exe
  C:\Windows\System\WUppENB.exe
  2⤵
  PID:7368
- C:\Windows\System\DrhmKcf.exe
  C:\Windows\System\DrhmKcf.exe
  2⤵
  PID:7408
- C:\Windows\System\wFmbbqx.exe
  C:\Windows\System\wFmbbqx.exe
  2⤵
  PID:7444
- C:\Windows\System\fxAmHDH.exe
  C:\Windows\System\fxAmHDH.exe
  2⤵
  PID:7560
- C:\Windows\System\QeoYLeS.exe
  C:\Windows\System\QeoYLeS.exe
  2⤵
  PID:7568
- C:\Windows\System\fPmifQv.exe
  C:\Windows\System\fPmifQv.exe
  2⤵
  PID:7632
- C:\Windows\System\cQZAbPv.exe
  C:\Windows\System\cQZAbPv.exe
  2⤵
  PID:7760
- C:\Windows\System\jVtHOIV.exe
  C:\Windows\System\jVtHOIV.exe
  2⤵
  PID:7804
- C:\Windows\System\bbMZiSm.exe
  C:\Windows\System\bbMZiSm.exe
  2⤵
  PID:7832
- C:\Windows\System\lAWJgSe.exe
  C:\Windows\System\lAWJgSe.exe
  2⤵
  PID:7900
- C:\Windows\System\jOfSLRH.exe
  C:\Windows\System\jOfSLRH.exe
  2⤵
  PID:7984
- C:\Windows\System\BgCNSow.exe
  C:\Windows\System\BgCNSow.exe
  2⤵
  PID:8036
- C:\Windows\System\YSFuJrn.exe
  C:\Windows\System\YSFuJrn.exe
  2⤵
  PID:8148
- C:\Windows\System\uvsLNIc.exe
  C:\Windows\System\uvsLNIc.exe
  2⤵
  PID:8152
- C:\Windows\System\pAgZUlC.exe
  C:\Windows\System\pAgZUlC.exe
  2⤵
  PID:7428
- C:\Windows\System\mKyZJnc.exe
  C:\Windows\System\mKyZJnc.exe
  2⤵
  PID:7540
- C:\Windows\System\tYQKcTD.exe
  C:\Windows\System\tYQKcTD.exe
  2⤵
  PID:7628
- C:\Windows\System\zBURqFa.exe
  C:\Windows\System\zBURqFa.exe
  2⤵
  PID:7796
- C:\Windows\System\BDObfke.exe
  C:\Windows\System\BDObfke.exe
  2⤵
  PID:7852
- C:\Windows\System\ooLLBIr.exe
  C:\Windows\System\ooLLBIr.exe
  2⤵
  PID:8040
- C:\Windows\System\ZWDjTxA.exe
  C:\Windows\System\ZWDjTxA.exe
  2⤵
  PID:8012
- C:\Windows\System\YHpFVTb.exe
  C:\Windows\System\YHpFVTb.exe
  2⤵
  PID:7716
- C:\Windows\System\SUzMcAf.exe
  C:\Windows\System\SUzMcAf.exe
  2⤵
  PID:7528
- C:\Windows\System\fQqVyBT.exe
  C:\Windows\System\fQqVyBT.exe
  2⤵
  PID:7800
- C:\Windows\System\sgTXpEo.exe
  C:\Windows\System\sgTXpEo.exe
  2⤵
  PID:8208
- C:\Windows\System\TQMQyMu.exe
  C:\Windows\System\TQMQyMu.exe
  2⤵
  PID:8244
- C:\Windows\System\TDcudZL.exe
  C:\Windows\System\TDcudZL.exe
  2⤵
  PID:8260
- C:\Windows\System\PwhiZDe.exe
  C:\Windows\System\PwhiZDe.exe
  2⤵
  PID:8280
- C:\Windows\System\hNaNezl.exe
  C:\Windows\System\hNaNezl.exe
  2⤵
  PID:8312
- C:\Windows\System\Xxbjhhf.exe
  C:\Windows\System\Xxbjhhf.exe
  2⤵
  PID:8328
- C:\Windows\System\pWpufyf.exe
  C:\Windows\System\pWpufyf.exe
  2⤵
  PID:8360
- C:\Windows\System\uWfjXBj.exe
  C:\Windows\System\uWfjXBj.exe
  2⤵
  PID:8388
- C:\Windows\System\QKEJqqh.exe
  C:\Windows\System\QKEJqqh.exe
  2⤵
  PID:8444
- C:\Windows\System\EJfhzqq.exe
  C:\Windows\System\EJfhzqq.exe
  2⤵
  PID:8468
- C:\Windows\System\YCzaZtt.exe
  C:\Windows\System\YCzaZtt.exe
  2⤵
  PID:8488
- C:\Windows\System\laxGCCB.exe
  C:\Windows\System\laxGCCB.exe
  2⤵
  PID:8524
- C:\Windows\System\gdNzKoF.exe
  C:\Windows\System\gdNzKoF.exe
  2⤵
  PID:8548
- C:\Windows\System\XFjuVzb.exe
  C:\Windows\System\XFjuVzb.exe
  2⤵
  PID:8608
- C:\Windows\System\UFtbvum.exe
  C:\Windows\System\UFtbvum.exe
  2⤵
  PID:8652
- C:\Windows\System\eUjswcw.exe
  C:\Windows\System\eUjswcw.exe
  2⤵
  PID:8676
- C:\Windows\System\jAKPtfx.exe
  C:\Windows\System\jAKPtfx.exe
  2⤵
  PID:8704
- C:\Windows\System\TkkOSOe.exe
  C:\Windows\System\TkkOSOe.exe
  2⤵
  PID:8728
- C:\Windows\System\yVGEKRU.exe
  C:\Windows\System\yVGEKRU.exe
  2⤵
  PID:8756
- C:\Windows\System\rtPrJgy.exe
  C:\Windows\System\rtPrJgy.exe
  2⤵
  PID:8772
- C:\Windows\System\uqhIMwb.exe
  C:\Windows\System\uqhIMwb.exe
  2⤵
  PID:8788
- C:\Windows\System\NXdnwMS.exe
  C:\Windows\System\NXdnwMS.exe
  2⤵
  PID:8816
- C:\Windows\System\CVRzsVK.exe
  C:\Windows\System\CVRzsVK.exe
  2⤵
  PID:8836
- C:\Windows\System\PuhzHTX.exe
  C:\Windows\System\PuhzHTX.exe
  2⤵
  PID:8856
- C:\Windows\System\AxeubqP.exe
  C:\Windows\System\AxeubqP.exe
  2⤵
  PID:8892
- C:\Windows\System\kEHWaiD.exe
  C:\Windows\System\kEHWaiD.exe
  2⤵
  PID:8964
- C:\Windows\System\xIPUkZj.exe
  C:\Windows\System\xIPUkZj.exe
  2⤵
  PID:8980
- C:\Windows\System\ZLFOfgC.exe
  C:\Windows\System\ZLFOfgC.exe
  2⤵
  PID:8996
- C:\Windows\System\BhfMCbc.exe
  C:\Windows\System\BhfMCbc.exe
  2⤵
  PID:9024
- C:\Windows\System\tIDuACs.exe
  C:\Windows\System\tIDuACs.exe
  2⤵
  PID:9072
- C:\Windows\System\HzBVYXd.exe
  C:\Windows\System\HzBVYXd.exe
  2⤵
  PID:9096
- C:\Windows\System\zoEWZAv.exe
  C:\Windows\System\zoEWZAv.exe
  2⤵
  PID:9112
- C:\Windows\System\IRCBkHK.exe
  C:\Windows\System\IRCBkHK.exe
  2⤵
  PID:9132
- C:\Windows\System\eAxOdbm.exe
  C:\Windows\System\eAxOdbm.exe
  2⤵
  PID:9156
- C:\Windows\System\YooFlOu.exe
  C:\Windows\System\YooFlOu.exe
  2⤵
  PID:9176
- C:\Windows\System\RuiOTuW.exe
  C:\Windows\System\RuiOTuW.exe
  2⤵
  PID:9200
- C:\Windows\System\AXZvmvr.exe
  C:\Windows\System\AXZvmvr.exe
  2⤵
  PID:7936
- C:\Windows\System\oBohIrf.exe
  C:\Windows\System\oBohIrf.exe
  2⤵
  PID:8272
- C:\Windows\System\aIKDiMe.exe
  C:\Windows\System\aIKDiMe.exe
  2⤵
  PID:8324
- C:\Windows\System\ecYapZe.exe
  C:\Windows\System\ecYapZe.exe
  2⤵
  PID:8384
- C:\Windows\System\SXituDq.exe
  C:\Windows\System\SXituDq.exe
  2⤵
  PID:8460
- C:\Windows\System\owIOZyY.exe
  C:\Windows\System\owIOZyY.exe
  2⤵
  PID:8520
- C:\Windows\System\kAXnVtG.exe
  C:\Windows\System\kAXnVtG.exe
  2⤵
  PID:8620
- C:\Windows\System\rcoSqEi.exe
  C:\Windows\System\rcoSqEi.exe
  2⤵
  PID:8672
- C:\Windows\System\BYNfOsu.exe
  C:\Windows\System\BYNfOsu.exe
  2⤵
  PID:8716
- C:\Windows\System\ZTdnMji.exe
  C:\Windows\System\ZTdnMji.exe
  2⤵
  PID:8800
- C:\Windows\System\RpzuJcd.exe
  C:\Windows\System\RpzuJcd.exe
  2⤵
  PID:8780
- C:\Windows\System\PDBdIgL.exe
  C:\Windows\System\PDBdIgL.exe
  2⤵
  PID:8784
- C:\Windows\System\rBoPcxH.exe
  C:\Windows\System\rBoPcxH.exe
  2⤵
  PID:8880
- C:\Windows\System\WzVVTzM.exe
  C:\Windows\System\WzVVTzM.exe
  2⤵
  PID:8988
- C:\Windows\System\oNSXOOw.exe
  C:\Windows\System\oNSXOOw.exe
  2⤵
  PID:9012
- C:\Windows\System\eASxmcx.exe
  C:\Windows\System\eASxmcx.exe
  2⤵
  PID:9048
- C:\Windows\System\jddfBlk.exe
  C:\Windows\System\jddfBlk.exe
  2⤵
  PID:9104
- C:\Windows\System\OxGzEeP.exe
  C:\Windows\System\OxGzEeP.exe
  2⤵
  PID:9144
- C:\Windows\System\CVPLiVe.exe
  C:\Windows\System\CVPLiVe.exe
  2⤵
  PID:8216
- C:\Windows\System\wfNrAUD.exe
  C:\Windows\System\wfNrAUD.exe
  2⤵
  PID:8352
- C:\Windows\System\yLcgKqO.exe
  C:\Windows\System\yLcgKqO.exe
  2⤵
  PID:8576
- C:\Windows\System\sXbDpXp.exe
  C:\Windows\System\sXbDpXp.exe
  2⤵
  PID:8540
- C:\Windows\System\HDzNCMC.exe
  C:\Windows\System\HDzNCMC.exe
  2⤵
  PID:8744
- C:\Windows\System\smyTAUb.exe
  C:\Windows\System\smyTAUb.exe
  2⤵
  PID:9128
- C:\Windows\System\YgxfrbM.exe
  C:\Windows\System\YgxfrbM.exe
  2⤵
  PID:9248
- C:\Windows\System\MSUyTgQ.exe
  C:\Windows\System\MSUyTgQ.exe
  2⤵
  PID:9264
- C:\Windows\System\WWTdQfm.exe
  C:\Windows\System\WWTdQfm.exe
  2⤵
  PID:9280
- C:\Windows\System\neARXJt.exe
  C:\Windows\System\neARXJt.exe
  2⤵
  PID:9300
- C:\Windows\System\TvPjwRY.exe
  C:\Windows\System\TvPjwRY.exe
  2⤵
  PID:9320
- C:\Windows\System\QeWgwll.exe
  C:\Windows\System\QeWgwll.exe
  2⤵
  PID:9340
- C:\Windows\System\CIICFFq.exe
  C:\Windows\System\CIICFFq.exe
  2⤵
  PID:9376
- C:\Windows\System\dkZMZTJ.exe
  C:\Windows\System\dkZMZTJ.exe
  2⤵
  PID:9444
- C:\Windows\System\QGQgkaf.exe
  C:\Windows\System\QGQgkaf.exe
  2⤵
  PID:9464
- C:\Windows\System\QtINLZE.exe
  C:\Windows\System\QtINLZE.exe
  2⤵
  PID:9480
- C:\Windows\System\ABYWWDe.exe
  C:\Windows\System\ABYWWDe.exe
  2⤵
  PID:9544
- C:\Windows\System\FlVcWcz.exe
  C:\Windows\System\FlVcWcz.exe
  2⤵
  PID:9560
- C:\Windows\System\gLyCCko.exe
  C:\Windows\System\gLyCCko.exe
  2⤵
  PID:9580
- C:\Windows\System\hRDerjp.exe
  C:\Windows\System\hRDerjp.exe
  2⤵
  PID:9616
- C:\Windows\System\TXICMzb.exe
  C:\Windows\System\TXICMzb.exe
  2⤵
  PID:9636
- C:\Windows\System\YsBGBMA.exe
  C:\Windows\System\YsBGBMA.exe
  2⤵
  PID:9660
- C:\Windows\System\EFRahQi.exe
  C:\Windows\System\EFRahQi.exe
  2⤵
  PID:9680
- C:\Windows\System\iJEYtmA.exe
  C:\Windows\System\iJEYtmA.exe
  2⤵
  PID:9716
- C:\Windows\System\lXYyCRW.exe
  C:\Windows\System\lXYyCRW.exe
  2⤵
  PID:9732
- C:\Windows\System\stZQxMK.exe
  C:\Windows\System\stZQxMK.exe
  2⤵
  PID:9752
- C:\Windows\System\lmRICcD.exe
  C:\Windows\System\lmRICcD.exe
  2⤵
  PID:9804
- C:\Windows\System\PPeZUgw.exe
  C:\Windows\System\PPeZUgw.exe
  2⤵
  PID:9832
- C:\Windows\System\hMPyMmU.exe
  C:\Windows\System\hMPyMmU.exe
  2⤵
  PID:9860
- C:\Windows\System\JrUwKQI.exe
  C:\Windows\System\JrUwKQI.exe
  2⤵
  PID:9892
- C:\Windows\System\rFLXfLg.exe
  C:\Windows\System\rFLXfLg.exe
  2⤵
  PID:9928
- C:\Windows\System\NSberwm.exe
  C:\Windows\System\NSberwm.exe
  2⤵
  PID:9948
- C:\Windows\System\OrurmPj.exe
  C:\Windows\System\OrurmPj.exe
  2⤵
  PID:9976
- C:\Windows\System\lMMYrej.exe
  C:\Windows\System\lMMYrej.exe
  2⤵
  PID:10004
- C:\Windows\System\CqDpCYU.exe
  C:\Windows\System\CqDpCYU.exe
  2⤵
  PID:10052
- C:\Windows\System\ywbtznc.exe
  C:\Windows\System\ywbtznc.exe
  2⤵
  PID:10068
- C:\Windows\System\nEMxkjo.exe
  C:\Windows\System\nEMxkjo.exe
  2⤵
  PID:10088
- C:\Windows\System\wFnGQZv.exe
  C:\Windows\System\wFnGQZv.exe
  2⤵
  PID:10116
- C:\Windows\System\MYBgyox.exe
  C:\Windows\System\MYBgyox.exe
  2⤵
  PID:10132
- C:\Windows\System\LqIRokw.exe
  C:\Windows\System\LqIRokw.exe
  2⤵
  PID:10156
- C:\Windows\System\HvGftVS.exe
  C:\Windows\System\HvGftVS.exe
  2⤵
  PID:10176
- C:\Windows\System\EeMrUNR.exe
  C:\Windows\System\EeMrUNR.exe
  2⤵
  PID:10196
- C:\Windows\System\VniMuRG.exe
  C:\Windows\System\VniMuRG.exe
  2⤵
  PID:10228
- C:\Windows\System\mziWuVt.exe
  C:\Windows\System\mziWuVt.exe
  2⤵
  PID:9124
- C:\Windows\System\UdiHXnc.exe
  C:\Windows\System\UdiHXnc.exe
  2⤵
  PID:9240
- C:\Windows\System\ngEMoSG.exe
  C:\Windows\System\ngEMoSG.exe
  2⤵
  PID:9276
- C:\Windows\System\ErhcaLo.exe
  C:\Windows\System\ErhcaLo.exe
  2⤵
  PID:9384
- C:\Windows\System\wOqTzxo.exe
  C:\Windows\System\wOqTzxo.exe
  2⤵
  PID:9368
- C:\Windows\System\YfxmZjV.exe
  C:\Windows\System\YfxmZjV.exe
  2⤵
  PID:9504
- C:\Windows\System\dwqmwuK.exe
  C:\Windows\System\dwqmwuK.exe
  2⤵
  PID:9532
- C:\Windows\System\fCEfEMv.exe
  C:\Windows\System\fCEfEMv.exe
  2⤵
  PID:9556
- C:\Windows\System\hjmpvVF.exe
  C:\Windows\System\hjmpvVF.exe
  2⤵
  PID:9648
- C:\Windows\System\KPTPApt.exe
  C:\Windows\System\KPTPApt.exe
  2⤵
  PID:9724
- C:\Windows\System\kjrYBbO.exe
  C:\Windows\System\kjrYBbO.exe
  2⤵
  PID:9748
- C:\Windows\System\xFOVJHB.exe
  C:\Windows\System\xFOVJHB.exe
  2⤵
  PID:8372
- C:\Windows\System\iehDrtO.exe
  C:\Windows\System\iehDrtO.exe
  2⤵
  PID:9956
- C:\Windows\System\OGQemiE.exe
  C:\Windows\System\OGQemiE.exe
  2⤵
  PID:9972
- C:\Windows\System\PTuDQco.exe
  C:\Windows\System\PTuDQco.exe
  2⤵
  PID:10028
- C:\Windows\System\dvOfBLU.exe
  C:\Windows\System\dvOfBLU.exe
  2⤵
  PID:10140
- C:\Windows\System\xLLzhOu.exe
  C:\Windows\System\xLLzhOu.exe
  2⤵
  PID:10124
- C:\Windows\System\Umeeanf.exe
  C:\Windows\System\Umeeanf.exe
  2⤵
  PID:9272
- C:\Windows\System\UlZrILB.exe
  C:\Windows\System\UlZrILB.exe
  2⤵
  PID:9476
- C:\Windows\System\mYZYuof.exe
  C:\Windows\System\mYZYuof.exe
  2⤵
  PID:9644
- C:\Windows\System\ZmNqvlA.exe
  C:\Windows\System\ZmNqvlA.exe
  2⤵
  PID:10036
- C:\Windows\System\FnETHfH.exe
  C:\Windows\System\FnETHfH.exe
  2⤵
  PID:10212
- C:\Windows\System\ZGIkMaX.exe
  C:\Windows\System\ZGIkMaX.exe
  2⤵
  PID:8600
- C:\Windows\System\IWyknPR.exe
  C:\Windows\System\IWyknPR.exe
  2⤵
  PID:9016
- C:\Windows\System\fhkvPbM.exe
  C:\Windows\System\fhkvPbM.exe
  2⤵
  PID:9828
- C:\Windows\System\MJNGrch.exe
  C:\Windows\System\MJNGrch.exe
  2⤵
  PID:10000
- C:\Windows\System\xQUudbE.exe
  C:\Windows\System\xQUudbE.exe
  2⤵
  PID:9968
- C:\Windows\System\PYrDUWK.exe
  C:\Windows\System\PYrDUWK.exe
  2⤵
  PID:10208
- C:\Windows\System\nwbfOuq.exe
  C:\Windows\System\nwbfOuq.exe
  2⤵
  PID:9596
- C:\Windows\System\vVpwvFR.exe
  C:\Windows\System\vVpwvFR.exe
  2⤵
  PID:10244
- C:\Windows\System\XfXpdne.exe
  C:\Windows\System\XfXpdne.exe
  2⤵
  PID:10260
- C:\Windows\System\euapWgV.exe
  C:\Windows\System\euapWgV.exe
  2⤵
  PID:10284
- C:\Windows\System\LpSziQR.exe
  C:\Windows\System\LpSziQR.exe
  2⤵
  PID:10304
- C:\Windows\System\YUnaRqI.exe
  C:\Windows\System\YUnaRqI.exe
  2⤵
  PID:10324
- C:\Windows\System\IxTDbbv.exe
  C:\Windows\System\IxTDbbv.exe
  2⤵
  PID:10352
- C:\Windows\System\aharYaT.exe
  C:\Windows\System\aharYaT.exe
  2⤵
  PID:10372
- C:\Windows\System\MHiCaSC.exe
  C:\Windows\System\MHiCaSC.exe
  2⤵
  PID:10400
- C:\Windows\System\lptsrnN.exe
  C:\Windows\System\lptsrnN.exe
  2⤵
  PID:10420
- C:\Windows\System\XtLwaXh.exe
  C:\Windows\System\XtLwaXh.exe
  2⤵
  PID:10460
- C:\Windows\System\OMZFZwe.exe
  C:\Windows\System\OMZFZwe.exe
  2⤵
  PID:10520
- C:\Windows\System\fhdVzeA.exe
  C:\Windows\System\fhdVzeA.exe
  2⤵
  PID:10564
- C:\Windows\System\RbUqztr.exe
  C:\Windows\System\RbUqztr.exe
  2⤵
  PID:10584
- C:\Windows\System\LsjmPoL.exe
  C:\Windows\System\LsjmPoL.exe
  2⤵
  PID:10604
- C:\Windows\System\gfahVSi.exe
  C:\Windows\System\gfahVSi.exe
  2⤵
  PID:10624
- C:\Windows\System\RjyTixf.exe
  C:\Windows\System\RjyTixf.exe
  2⤵
  PID:10640
- C:\Windows\System\TbayczD.exe
  C:\Windows\System\TbayczD.exe
  2⤵
  PID:10656
- C:\Windows\System\ZoPnTkR.exe
  C:\Windows\System\ZoPnTkR.exe
  2⤵
  PID:10716
- C:\Windows\System\JESSTvY.exe
  C:\Windows\System\JESSTvY.exe
  2⤵
  PID:10760
- C:\Windows\System\IDfqmhj.exe
  C:\Windows\System\IDfqmhj.exe
  2⤵
  PID:10780
- C:\Windows\System\awpIWge.exe
  C:\Windows\System\awpIWge.exe
  2⤵
  PID:10800
- C:\Windows\System\TuEOiqv.exe
  C:\Windows\System\TuEOiqv.exe
  2⤵
  PID:10852
- C:\Windows\System\vXlGqqm.exe
  C:\Windows\System\vXlGqqm.exe
  2⤵
  PID:10872
- C:\Windows\System\IMORIxA.exe
  C:\Windows\System\IMORIxA.exe
  2⤵
  PID:10892
- C:\Windows\System\TCCqGab.exe
  C:\Windows\System\TCCqGab.exe
  2⤵
  PID:10908
- C:\Windows\System\SYvCsKo.exe
  C:\Windows\System\SYvCsKo.exe
  2⤵
  PID:10936
- C:\Windows\System\QPCVtRN.exe
  C:\Windows\System\QPCVtRN.exe
  2⤵
  PID:10956
- C:\Windows\System\FdVpKzZ.exe
  C:\Windows\System\FdVpKzZ.exe
  2⤵
  PID:10980
- C:\Windows\System\oQCuVFQ.exe
  C:\Windows\System\oQCuVFQ.exe
  2⤵
  PID:11028
- C:\Windows\System\AHUHNhD.exe
  C:\Windows\System\AHUHNhD.exe
  2⤵
  PID:11048
- C:\Windows\System\PirXcSM.exe
  C:\Windows\System\PirXcSM.exe
  2⤵
  PID:11068
- C:\Windows\System\zrJvWGi.exe
  C:\Windows\System\zrJvWGi.exe
  2⤵
  PID:11124
- C:\Windows\System\FptHVev.exe
  C:\Windows\System\FptHVev.exe
  2⤵
  PID:11152
- C:\Windows\System\RiwhYTB.exe
  C:\Windows\System\RiwhYTB.exe
  2⤵
  PID:11172
- C:\Windows\System\njbJMyT.exe
  C:\Windows\System\njbJMyT.exe
  2⤵
  PID:11188
- C:\Windows\System\rOZTXiw.exe
  C:\Windows\System\rOZTXiw.exe
  2⤵
  PID:11208
- C:\Windows\System\oRbsaDB.exe
  C:\Windows\System\oRbsaDB.exe
  2⤵
  PID:11224
- C:\Windows\System\HDfVLdH.exe
  C:\Windows\System\HDfVLdH.exe
  2⤵
  PID:11260
- C:\Windows\System\MJSpUjv.exe
  C:\Windows\System\MJSpUjv.exe
  2⤵
  PID:10268
- C:\Windows\System\sRTIncs.exe
  C:\Windows\System\sRTIncs.exe
  2⤵
  PID:10432
- C:\Windows\System\nvVbWcQ.exe
  C:\Windows\System\nvVbWcQ.exe
  2⤵
  PID:10428
- C:\Windows\System\uWkiooR.exe
  C:\Windows\System\uWkiooR.exe
  2⤵
  PID:10496
- C:\Windows\System\FppnhMX.exe
  C:\Windows\System\FppnhMX.exe
  2⤵
  PID:10528
- C:\Windows\System\seyUQUG.exe
  C:\Windows\System\seyUQUG.exe
  2⤵
  PID:10556
- C:\Windows\System\wcEnIiW.exe
  C:\Windows\System\wcEnIiW.exe
  2⤵
  PID:10748
- C:\Windows\System\aHAMKlt.exe
  C:\Windows\System\aHAMKlt.exe
  2⤵
  PID:10796
- C:\Windows\System\xYbIOfC.exe
  C:\Windows\System\xYbIOfC.exe
  2⤵
  PID:10844
- C:\Windows\System\DIovXBs.exe
  C:\Windows\System\DIovXBs.exe
  2⤵
  PID:10868
- C:\Windows\System\FnnHOgD.exe
  C:\Windows\System\FnnHOgD.exe
  2⤵
  PID:10948
- C:\Windows\System\NiuUsVC.exe
  C:\Windows\System\NiuUsVC.exe
  2⤵
  PID:11060
- C:\Windows\System\Dheohcy.exe
  C:\Windows\System\Dheohcy.exe
  2⤵
  PID:11100
- C:\Windows\System\ojPjvgd.exe
  C:\Windows\System\ojPjvgd.exe
  2⤵
  PID:11180
- C:\Windows\System\bWNanpg.exe
  C:\Windows\System\bWNanpg.exe
  2⤵
  PID:11204
- C:\Windows\System\DeCWCYC.exe
  C:\Windows\System\DeCWCYC.exe
  2⤵
  PID:11220
- C:\Windows\System\zFKpYrc.exe
  C:\Windows\System\zFKpYrc.exe
  2⤵
  PID:10388
- C:\Windows\System\INzgVIr.exe
  C:\Windows\System\INzgVIr.exe
  2⤵
  PID:10484
- C:\Windows\System\wKGkrYT.exe
  C:\Windows\System\wKGkrYT.exe
  2⤵
  PID:10648
- C:\Windows\System\GYgxGoy.exe
  C:\Windows\System\GYgxGoy.exe
  2⤵
  PID:10792
- C:\Windows\System\ntOBcQL.exe
  C:\Windows\System\ntOBcQL.exe
  2⤵
  PID:10968
- C:\Windows\System\XIjkUSj.exe
  C:\Windows\System\XIjkUSj.exe
  2⤵
  PID:10828
- C:\Windows\System\NhuWgtW.exe
  C:\Windows\System\NhuWgtW.exe
  2⤵
  PID:11036
- C:\Windows\System\wHLSxkc.exe
  C:\Windows\System\wHLSxkc.exe
  2⤵
  PID:11000
- C:\Windows\System\uPZuKiO.exe
  C:\Windows\System\uPZuKiO.exe
  2⤵
  PID:11216
- C:\Windows\System\xwzrCgf.exe
  C:\Windows\System\xwzrCgf.exe
  2⤵
  PID:11284
- C:\Windows\System\JdpxgtM.exe
  C:\Windows\System\JdpxgtM.exe
  2⤵
  PID:11304
- C:\Windows\System\FGVoHtl.exe
  C:\Windows\System\FGVoHtl.exe
  2⤵
  PID:11328
- C:\Windows\System\nRCpLTB.exe
  C:\Windows\System\nRCpLTB.exe
  2⤵
  PID:11348
- C:\Windows\System\bhIjCag.exe
  C:\Windows\System\bhIjCag.exe
  2⤵
  PID:11368
- C:\Windows\System\dzeKmLs.exe
  C:\Windows\System\dzeKmLs.exe
  2⤵
  PID:11472
- C:\Windows\System\ZaYQZNi.exe
  C:\Windows\System\ZaYQZNi.exe
  2⤵
  PID:11488
- C:\Windows\System\rjkasjh.exe
  C:\Windows\System\rjkasjh.exe
  2⤵
  PID:11512
- C:\Windows\System\UQLcmXa.exe
  C:\Windows\System\UQLcmXa.exe
  2⤵
  PID:11532
- C:\Windows\System\LFQDEqV.exe
  C:\Windows\System\LFQDEqV.exe
  2⤵
  PID:11552
- C:\Windows\System\QJtIicx.exe
  C:\Windows\System\QJtIicx.exe
  2⤵
  PID:11572
- C:\Windows\System\sGftfrd.exe
  C:\Windows\System\sGftfrd.exe
  2⤵
  PID:11596
- C:\Windows\System\qvqeCQv.exe
  C:\Windows\System\qvqeCQv.exe
  2⤵
  PID:11628
- C:\Windows\System\iBFOMMi.exe
  C:\Windows\System\iBFOMMi.exe
  2⤵
  PID:11672
- C:\Windows\System\kgrNgvP.exe
  C:\Windows\System\kgrNgvP.exe
  2⤵
  PID:11700
- C:\Windows\System\TYkbWAY.exe
  C:\Windows\System\TYkbWAY.exe
  2⤵
  PID:11720
- C:\Windows\System\XgvJIFN.exe
  C:\Windows\System\XgvJIFN.exe
  2⤵
  PID:11756
- C:\Windows\System\qrOwWEZ.exe
  C:\Windows\System\qrOwWEZ.exe
  2⤵
  PID:11780
- C:\Windows\System\JHWeadf.exe
  C:\Windows\System\JHWeadf.exe
  2⤵
  PID:11808
- C:\Windows\System\uiVqDBm.exe
  C:\Windows\System\uiVqDBm.exe
  2⤵
  PID:11836
- C:\Windows\System\qsKVzQt.exe
  C:\Windows\System\qsKVzQt.exe
  2⤵
  PID:11856
- C:\Windows\System\joKhazy.exe
  C:\Windows\System\joKhazy.exe
  2⤵
  PID:11888
- C:\Windows\System\jpinRKG.exe
  C:\Windows\System\jpinRKG.exe
  2⤵
  PID:11916
- C:\Windows\System\KbcQXZq.exe
  C:\Windows\System\KbcQXZq.exe
  2⤵
  PID:11936
- C:\Windows\System\uhdrmaw.exe
  C:\Windows\System\uhdrmaw.exe
  2⤵
  PID:11980
- C:\Windows\System\tNAdaBP.exe
  C:\Windows\System\tNAdaBP.exe
  2⤵
  PID:12020
- C:\Windows\System\RgOCuOQ.exe
  C:\Windows\System\RgOCuOQ.exe
  2⤵
  PID:12040
- C:\Windows\System\AxnrTct.exe
  C:\Windows\System\AxnrTct.exe
  2⤵
  PID:12056
- C:\Windows\System\hfxblZa.exe
  C:\Windows\System\hfxblZa.exe
  2⤵
  PID:12080
- C:\Windows\System\XRLCvwy.exe
  C:\Windows\System\XRLCvwy.exe
  2⤵
  PID:12096
- C:\Windows\System\hjiixAn.exe
  C:\Windows\System\hjiixAn.exe
  2⤵
  PID:12128
- C:\Windows\System\oSxmOwF.exe
  C:\Windows\System\oSxmOwF.exe
  2⤵
  PID:12164
- C:\Windows\System\LfTRktG.exe
  C:\Windows\System\LfTRktG.exe
  2⤵
  PID:12184
- C:\Windows\System\rnOgolk.exe
  C:\Windows\System\rnOgolk.exe
  2⤵
  PID:12236
- C:\Windows\System\pJxWWxn.exe
  C:\Windows\System\pJxWWxn.exe
  2⤵
  PID:12256
- C:\Windows\System\COnftKY.exe
  C:\Windows\System\COnftKY.exe
  2⤵
  PID:12276
- C:\Windows\System\pGuiPJL.exe
  C:\Windows\System\pGuiPJL.exe
  2⤵
  PID:11268
- C:\Windows\System\eLwyitQ.exe
  C:\Windows\System\eLwyitQ.exe
  2⤵
  PID:11244
- C:\Windows\System\IrtuHGE.exe
  C:\Windows\System\IrtuHGE.exe
  2⤵
  PID:11356
- C:\Windows\System\PyqNjEc.exe
  C:\Windows\System\PyqNjEc.exe
  2⤵
  PID:11280
- C:\Windows\System\bHVVMYN.exe
  C:\Windows\System\bHVVMYN.exe
  2⤵
  PID:11400
- C:\Windows\System\wHrFbUM.exe
  C:\Windows\System\wHrFbUM.exe
  2⤵
  PID:11468
- C:\Windows\System\zOaGNGP.exe
  C:\Windows\System\zOaGNGP.exe
  2⤵
  PID:11548
- C:\Windows\System\ISvsgqw.exe
  C:\Windows\System\ISvsgqw.exe
  2⤵
  PID:11584
- C:\Windows\System\DZfmxBn.exe
  C:\Windows\System\DZfmxBn.exe
  2⤵
  PID:11660
- C:\Windows\System\IzYOejG.exe
  C:\Windows\System\IzYOejG.exe
  2⤵
  PID:11716
- C:\Windows\System\hvfhDhV.exe
  C:\Windows\System\hvfhDhV.exe
  2⤵
  PID:11768
- C:\Windows\System\XqoCjrx.exe
  C:\Windows\System\XqoCjrx.exe
  2⤵
  PID:11852
- C:\Windows\System\uUUnXpR.exe
  C:\Windows\System\uUUnXpR.exe
  2⤵
  PID:11960
- C:\Windows\System\cVgphAP.exe
  C:\Windows\System\cVgphAP.exe
  2⤵
  PID:11976
- C:\Windows\System\bzzZWWr.exe
  C:\Windows\System\bzzZWWr.exe
  2⤵
  PID:12156
- C:\Windows\System\bkgOhro.exe
  C:\Windows\System\bkgOhro.exe
  2⤵
  PID:12196
- C:\Windows\System\dEMgvFH.exe
  C:\Windows\System\dEMgvFH.exe
  2⤵
  PID:12244
- C:\Windows\System\KhYZCUU.exe
  C:\Windows\System\KhYZCUU.exe
  2⤵
  PID:11144
- C:\Windows\System\PAlYjET.exe
  C:\Windows\System\PAlYjET.exe
  2⤵
  PID:11296
- C:\Windows\System\oZqVfDA.exe
  C:\Windows\System\oZqVfDA.exe
  2⤵
  PID:11500
- C:\Windows\System\BDqiXQI.exe
  C:\Windows\System\BDqiXQI.exe
  2⤵
  PID:11524
- C:\Windows\System\RiDHbUr.exe
  C:\Windows\System\RiDHbUr.exe
  2⤵
  PID:11804
- C:\Windows\System\FoPqEKW.exe
  C:\Windows\System\FoPqEKW.exe
  2⤵
  PID:11900
- C:\Windows\System\fCZrjby.exe
  C:\Windows\System\fCZrjby.exe
  2⤵
  PID:12092
- C:\Windows\System\QkVLoYK.exe
  C:\Windows\System\QkVLoYK.exe
  2⤵
  PID:10712
- C:\Windows\System\EQcXzXF.exe
  C:\Windows\System\EQcXzXF.exe
  2⤵
  PID:12264
- C:\Windows\System\LjlPRYJ.exe
  C:\Windows\System\LjlPRYJ.exe
  2⤵
  PID:11480
- C:\Windows\System\rZbtdKN.exe
  C:\Windows\System\rZbtdKN.exe
  2⤵
  PID:12028
- C:\Windows\System\KTuDPXu.exe
  C:\Windows\System\KTuDPXu.exe
  2⤵
  PID:12272
- C:\Windows\System\UiEbVcj.exe
  C:\Windows\System\UiEbVcj.exe
  2⤵
  PID:12292
- C:\Windows\System\CMcjDPO.exe
  C:\Windows\System\CMcjDPO.exe
  2⤵
  PID:12312
- C:\Windows\System\IaBGfQW.exe
  C:\Windows\System\IaBGfQW.exe
  2⤵
  PID:12340
- C:\Windows\System\fJthBWX.exe
  C:\Windows\System\fJthBWX.exe
  2⤵
  PID:12392
- C:\Windows\System\VIKlpxe.exe
  C:\Windows\System\VIKlpxe.exe
  2⤵
  PID:12420
- C:\Windows\System\qYqPxlp.exe
  C:\Windows\System\qYqPxlp.exe
  2⤵
  PID:12440
- C:\Windows\System\bHvMRwV.exe
  C:\Windows\System\bHvMRwV.exe
  2⤵
  PID:12460
- C:\Windows\System\KzhVwFl.exe
  C:\Windows\System\KzhVwFl.exe
  2⤵
  PID:12476
- C:\Windows\System\WdOBErE.exe
  C:\Windows\System\WdOBErE.exe
  2⤵
  PID:12496
- C:\Windows\System\MXIYQsb.exe
  C:\Windows\System\MXIYQsb.exe
  2⤵
  PID:12548
- C:\Windows\System\sUjLUlY.exe
  C:\Windows\System\sUjLUlY.exe
  2⤵
  PID:12568
- C:\Windows\System\SdFQIsK.exe
  C:\Windows\System\SdFQIsK.exe
  2⤵
  PID:12624
- C:\Windows\System\iaOFmAO.exe
  C:\Windows\System\iaOFmAO.exe
  2⤵
  PID:12640
- C:\Windows\System\qtVBIFy.exe
  C:\Windows\System\qtVBIFy.exe
  2⤵
  PID:12664
- C:\Windows\System\xPpYdqM.exe
  C:\Windows\System\xPpYdqM.exe
  2⤵
  PID:12688
- C:\Windows\System\ggFfoVM.exe
  C:\Windows\System\ggFfoVM.exe
  2⤵
  PID:12708
- C:\Windows\System\zjwULYC.exe
  C:\Windows\System\zjwULYC.exe
  2⤵
  PID:12728
- C:\Windows\System\snkZrLe.exe
  C:\Windows\System\snkZrLe.exe
  2⤵
  PID:12760
- C:\Windows\System\winUmur.exe
  C:\Windows\System\winUmur.exe
  2⤵
  PID:12780
- C:\Windows\System\pRGhHyb.exe
  C:\Windows\System\pRGhHyb.exe
  2⤵
  PID:12808
- C:\Windows\System\vOEinOZ.exe
  C:\Windows\System\vOEinOZ.exe
  2⤵
  PID:12828
- C:\Windows\System\ENrJEGN.exe
  C:\Windows\System\ENrJEGN.exe
  2⤵
  PID:12860
- C:\Windows\System\oqGmoeB.exe
  C:\Windows\System\oqGmoeB.exe
  2⤵
  PID:12900
- C:\Windows\System\jgMVcQi.exe
  C:\Windows\System\jgMVcQi.exe
  2⤵
  PID:12924
- C:\Windows\System\EVIXFqc.exe
  C:\Windows\System\EVIXFqc.exe
  2⤵
  PID:12940
- C:\Windows\System\cxFXhnt.exe
  C:\Windows\System\cxFXhnt.exe
  2⤵
  PID:12992
- C:\Windows\System\hYeuQym.exe
  C:\Windows\System\hYeuQym.exe
  2⤵
  PID:13028
- C:\Windows\System\nhHzPjb.exe
  C:\Windows\System\nhHzPjb.exe
  2⤵
  PID:13044
- C:\Windows\System\euNbLYm.exe
  C:\Windows\System\euNbLYm.exe
  2⤵
  PID:13068
- C:\Windows\System\HrnGIlU.exe
  C:\Windows\System\HrnGIlU.exe
  2⤵
  PID:13088
- C:\Windows\System\ptvZmmN.exe
  C:\Windows\System\ptvZmmN.exe
  2⤵
  PID:13116
- C:\Windows\System\SlhPkcU.exe
  C:\Windows\System\SlhPkcU.exe
  2⤵
  PID:13144
- C:\Windows\System\XBuPPnB.exe
  C:\Windows\System\XBuPPnB.exe
  2⤵
  PID:13168
- C:\Windows\System\AyRawfD.exe
  C:\Windows\System\AyRawfD.exe
  2⤵
  PID:13184
- C:\Windows\System\KTdrMsc.exe
  C:\Windows\System\KTdrMsc.exe
  2⤵
  PID:13228
- C:\Windows\System\FmtDeSj.exe
  C:\Windows\System\FmtDeSj.exe
  2⤵
  PID:13248
- C:\Windows\System\crmivDR.exe
  C:\Windows\System\crmivDR.exe
  2⤵
  PID:13268
- C:\Windows\System\mfYiZml.exe
  C:\Windows\System\mfYiZml.exe
  2⤵
  PID:2628
- C:\Windows\System\tOjdrCT.exe
  C:\Windows\System\tOjdrCT.exe
  2⤵
  PID:12400
- C:\Windows\System\BkTmiYJ.exe
  C:\Windows\System\BkTmiYJ.exe
  2⤵
  PID:12436
- C:\Windows\System\dgYFqHD.exe
  C:\Windows\System\dgYFqHD.exe
  2⤵
  PID:12524
- C:\Windows\System\TilJsxO.exe
  C:\Windows\System\TilJsxO.exe
  2⤵
  PID:12604
- C:\Windows\System\wOwTjHV.exe
  C:\Windows\System\wOwTjHV.exe
  2⤵
  PID:12600
- C:\Windows\System\wpTpUpE.exe
  C:\Windows\System\wpTpUpE.exe
  2⤵
  PID:12672
- C:\Windows\System\wKxdYVz.exe
  C:\Windows\System\wKxdYVz.exe
  2⤵
  PID:12740
- C:\Windows\System\OVIQnMQ.exe
  C:\Windows\System\OVIQnMQ.exe
  2⤵
  PID:12796
- C:\Windows\System\xrSHKMa.exe
  C:\Windows\System\xrSHKMa.exe
  2⤵
  PID:12868
- C:\Windows\System\lTDPdpb.exe
  C:\Windows\System\lTDPdpb.exe
  2⤵
  PID:12932
- C:\Windows\System\RovOfbK.exe
  C:\Windows\System\RovOfbK.exe
  2⤵
  PID:13012
- C:\Windows\System\UnHCJkx.exe
  C:\Windows\System\UnHCJkx.exe
  2⤵
  PID:13036
- C:\Windows\System\DcALHBl.exe
  C:\Windows\System\DcALHBl.exe
  2⤵
  PID:13104
- C:\Windows\System\WyIfvoG.exe
  C:\Windows\System\WyIfvoG.exe
  2⤵
  PID:13136
- C:\Windows\System\vGUsRPJ.exe
  C:\Windows\System\vGUsRPJ.exe
  2⤵
  PID:13288
- C:\Windows\System\VuaSfvs.exe
  C:\Windows\System\VuaSfvs.exe
  2⤵
  PID:13260
- C:\Windows\System\LjnYXIF.exe
  C:\Windows\System\LjnYXIF.exe
  2⤵
  PID:12356
- C:\Windows\System\iIVsqov.exe
  C:\Windows\System\iIVsqov.exe
  2⤵
  PID:12452
- C:\Windows\System\XuuTBOo.exe
  C:\Windows\System\XuuTBOo.exe
  2⤵
  PID:12636
- C:\Windows\System\HbaWoxF.exe
  C:\Windows\System\HbaWoxF.exe
  2⤵
  PID:12656
- C:\Windows\System\xbZPewZ.exe
  C:\Windows\System\xbZPewZ.exe
  2⤵
  PID:12768
- C:\Windows\System\SgcrQtl.exe
  C:\Windows\System\SgcrQtl.exe
  2⤵
  PID:12956
- C:\Windows\System\DCKKPFe.exe
  C:\Windows\System\DCKKPFe.exe
  2⤵
  PID:13220
- C:\Windows\System\UfgHnnR.exe
  C:\Windows\System\UfgHnnR.exe
  2⤵
  PID:13064
- C:\Windows\System\bKSLVvx.exe
  C:\Windows\System\bKSLVvx.exe
  2⤵
  PID:13256
- C:\Windows\System\CJqOlbs.exe
  C:\Windows\System\CJqOlbs.exe
  2⤵
  PID:12432
- C:\Windows\System\MzYDNdS.exe
  C:\Windows\System\MzYDNdS.exe
  2⤵
  PID:13336
- C:\Windows\System\XJaVByS.exe
  C:\Windows\System\XJaVByS.exe
  2⤵
  PID:13404
- C:\Windows\System\bHqQPTj.exe
  C:\Windows\System\bHqQPTj.exe
  2⤵
  PID:13428
- C:\Windows\System\dZLAYNb.exe
  C:\Windows\System\dZLAYNb.exe
  2⤵
  PID:13456
- C:\Windows\System\QgZDpLq.exe
  C:\Windows\System\QgZDpLq.exe
  2⤵
  PID:13516
- C:\Windows\System\NfPnhYI.exe
  C:\Windows\System\NfPnhYI.exe
  2⤵
  PID:13536
- C:\Windows\System\HeBRsan.exe
  C:\Windows\System\HeBRsan.exe
  2⤵
  PID:13572
- C:\Windows\System\fWvhacW.exe
  C:\Windows\System\fWvhacW.exe
  2⤵
  PID:13600
- C:\Windows\System\iLdTETE.exe
  C:\Windows\System\iLdTETE.exe
  2⤵
  PID:13624
- C:\Windows\System\fkCfHqD.exe
  C:\Windows\System\fkCfHqD.exe
  2⤵
  PID:13652
- C:\Windows\System\ZQNDxJj.exe
  C:\Windows\System\ZQNDxJj.exe
  2⤵
  PID:13684
- C:\Windows\System\sLCENTG.exe
  C:\Windows\System\sLCENTG.exe
  2⤵
  PID:13708
- C:\Windows\System\KarkhgV.exe
  C:\Windows\System\KarkhgV.exe
  2⤵
  PID:13728
- C:\Windows\System\FyJfctC.exe
  C:\Windows\System\FyJfctC.exe
  2⤵
  PID:13752
- C:\Windows\System\GRiSoZG.exe
  C:\Windows\System\GRiSoZG.exe
  2⤵
  PID:13824
- C:\Windows\System\YKfEouW.exe
  C:\Windows\System\YKfEouW.exe
  2⤵
  PID:13844
- C:\Windows\System\AMYRDqH.exe
  C:\Windows\System\AMYRDqH.exe
  2⤵
  PID:13860
- C:\Windows\System\uOXvIBM.exe
  C:\Windows\System\uOXvIBM.exe
  2⤵
  PID:13880
- C:\Windows\System\DiyjMRN.exe
  C:\Windows\System\DiyjMRN.exe
  2⤵
  PID:13904
- C:\Windows\System\BLhzffa.exe
  C:\Windows\System\BLhzffa.exe
  2⤵
  PID:13924
- C:\Windows\System\yOtydNZ.exe
  C:\Windows\System\yOtydNZ.exe
  2⤵
  PID:13964
- C:\Windows\System\aydIpLw.exe
  C:\Windows\System\aydIpLw.exe
  2⤵
  PID:14012
- C:\Windows\System\CcpczTB.exe
  C:\Windows\System\CcpczTB.exe
  2⤵
  PID:14032
- C:\Windows\System\nOjnwPm.exe
  C:\Windows\System\nOjnwPm.exe
  2⤵
  PID:14048
- C:\Windows\System\VxWCLdQ.exe
  C:\Windows\System\VxWCLdQ.exe
  2⤵
  PID:14072
- C:\Windows\System\aONLiRB.exe
  C:\Windows\System\aONLiRB.exe
  2⤵
  PID:14092
- C:\Windows\System\zLMvkXf.exe
  C:\Windows\System\zLMvkXf.exe
  2⤵
  PID:14144
- C:\Windows\System\NPwIwSg.exe
  C:\Windows\System\NPwIwSg.exe
  2⤵
  PID:14160
- C:\Windows\System\pNvmDxA.exe
  C:\Windows\System\pNvmDxA.exe
  2⤵
  PID:14192
- C:\Windows\System\GHKQGRB.exe
  C:\Windows\System\GHKQGRB.exe
  2⤵
  PID:14208
- C:\Windows\System\tDWrDSz.exe
  C:\Windows\System\tDWrDSz.exe
  2⤵
  PID:14232
- C:\Windows\System\fOGIFcQ.exe
  C:\Windows\System\fOGIFcQ.exe
  2⤵
  PID:14248
- C:\Windows\System\PdDsQMi.exe
  C:\Windows\System\PdDsQMi.exe
  2⤵
  PID:14300
- C:\Windows\System\vqWHAnV.exe
  C:\Windows\System\vqWHAnV.exe
  2⤵
  PID:12916
- C:\Windows\System\kshhXxF.exe
  C:\Windows\System\kshhXxF.exe
  2⤵
  PID:13084
- C:\Windows\System\FLjxIrT.exe
  C:\Windows\System\FLjxIrT.exe
  2⤵
  PID:12384
- C:\Windows\System\ZGYntCU.exe
  C:\Windows\System\ZGYntCU.exe
  2⤵
  PID:13332
- C:\Windows\System\WgWfCgK.exe
  C:\Windows\System\WgWfCgK.exe
  2⤵
  PID:13420
- C:\Windows\System\OEfAEQQ.exe
  C:\Windows\System\OEfAEQQ.exe
  2⤵
  PID:1952
- C:\Windows\System\GoxDNxr.exe
  C:\Windows\System\GoxDNxr.exe
  2⤵
  PID:13544
- C:\Windows\System\UmSHJcf.exe
  C:\Windows\System\UmSHJcf.exe
  2⤵
  PID:13596
- C:\Windows\System\NsDQzJP.exe
  C:\Windows\System\NsDQzJP.exe
  2⤵
  PID:13632
- C:\Windows\System\ZwnjhSO.exe
  C:\Windows\System\ZwnjhSO.exe
  2⤵
  PID:13700
- C:\Windows\System\mCxJbbW.exe
  C:\Windows\System\mCxJbbW.exe
  2⤵
  PID:13788
- C:\Windows\System\bqqMMAn.exe
  C:\Windows\System\bqqMMAn.exe
  2⤵
  PID:13856

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AmZFhgP.exe

Filesize
1.3MB

MD5
8abd2de2d210046b98061d0a4215ed9e

SHA1
4d12ab1af7cf98c03bb6fdf938a7cd6eb65e7da6

SHA256
89b8c20135ef26c505c4845f0a91626ffe35dbbc4359d77e9fa14fe5fda830e3

SHA512
63debe73172940621316ab4d33faf38e0de8f28fb0e292085c1d73ccb52077e8f13c6f8671125c80decda114ebcd65215f289a2a24c635f417d71992631c6653

Download Submit
C:\Windows\System\BbmBmPv.exe

Filesize
1.3MB

MD5
1887cb470a44338ec34fc2adc16bf094

SHA1
43cf44cb0b273fc6c52befacdce6b36d278a52c4

SHA256
0ea3fb686861af02b27261053938e43090a9bbccdb4aa234d38882d9c738ec60

SHA512
609cd08f8f5cba00528e2d4a9fe7dc75310a23108d678fb9cec86da3e1fb5908aff63d2e6a8e8c579243c4b6225633dd40b5f2b859be28b5ae45be752cba193e

Download Submit
C:\Windows\System\BytFHFq.exe

Filesize
1.3MB

MD5
cebcdfbb474577d570ec2bb8ab56f16f

SHA1
0d540848025b31660440203b0be9d1a4cbd8a161

SHA256
eacb12dccee3b513ee69158b4e59ae8a13e150d2e24a2b207a1953a27d969342

SHA512
78631781d86dc3ff49bf54d96aa4e60155b5c31f57c15a0a67f3539561fed461b41cac3b010fa8fa58ac1daf1e1f3106592e3d3c7a1e8cc80283d35bc78fbd4a

Download Submit
C:\Windows\System\Efiprfs.exe

Filesize
1.3MB

MD5
cfd8459c0f7a3681c42434f9a6b42989

SHA1
cb4ecdea69521b2f272cf97aef847c42f9068ef4

SHA256
43cc341c32c5ffbcfaf74e4733a4ea3832287ccb25b7a6f4bf5a0e2b9b844553

SHA512
bb8a4007dc7740b4eaa385e96a8636bfa3145c73145ea31cdfc8e9851ebd8e857ff759c22ed425a785e04b7f5e41acf7fd29f4324704ffc8307c80441649db5d

Download Submit
C:\Windows\System\EqYIWmo.exe

Filesize
1.3MB

MD5
87bd4433d7ec7706bafa240b0322c9ce

SHA1
7cdd37044114c1d47448c1a8b67791bf05031d48

SHA256
47db6a22f886e9035905fc845b2333706799fe55034160eb327c5be0959f1781

SHA512
ca6460a5d65b6a9c6e4758896f23857be68baff91eaae9ccc87ed86910e052e448cf286a2de1dfa979aeade3ce489d5c6052a8847cbb9d73e738e15410410209

Download Submit
C:\Windows\System\FnernAF.exe

Filesize
1.3MB

MD5
724fb15db25303b75e8d71f052716af7

SHA1
35b693a76215a396b6811d7bcf9b7092e1b3f9d4

SHA256
a3d96e8d4178b676ffcafd6457e96904dd5a30d8fdd0d63e6f36148f5b92690a

SHA512
36e6d4b1f82bf46cecd22c2d1aca374fb867db22e60aea6f5ab2345a8f17fa87186980735f5a54217110ef502a68e5512bd367201cbc1459273d3bf6934c370e

Download Submit
C:\Windows\System\FuegIFr.exe

Filesize
1.3MB

MD5
5d20b90d845ff8dcc78bfc045ac22f94

SHA1
1ff0b55d8b5e6f2afccd739b3ae2b96734c104a9

SHA256
b14f20501bdd49de172227e6e6beaad65c53bbd5ae848213f47dff66770da69e

SHA512
34d9422b1c208a48aa2c167fb51db1d9dd0f61ce1d72f90635c16ba522cd277f606cbce06f306904341a2cc13c685ae0229d79d161dba94a03c7af1928328398

Download Submit
C:\Windows\System\HDKQFDJ.exe

Filesize
1.3MB

MD5
7ec1bd4a5ca9d55c5b7e30c931ac673e

SHA1
acce269a8306e6a1f98d175324864b6055dcc03a

SHA256
5b6b132f3e753b58e62a5cc7688f4c725704816032a9ed9b0f59a8b2a0cfa80e

SHA512
e2b1e6d7a7bcd5e158003aeb17905e64d0735e95af1c8a2edb1f28f5b806b223712bdb148e0d3b7981356fe85314c5f3689dd57ec60ff527e667a7b6c065a88e

Download Submit
C:\Windows\System\HEyNqiK.exe

Filesize
1.3MB

MD5
546a4a7739ce785cbff8c275383a3df1

SHA1
72f1f59ee6a41782c2fdeff6f1a3adcfa68476b7

SHA256
9990bf71ac20a8035566caae707fb3ad3797856f0cce886fe4f26a335bc87722

SHA512
b9ca50a620c5c7476aeef6d4ef9457f2899aea84c4d39aa023dcb076f27d21eaa42182ac8d22238ba936a156859603ed3ddf6cd521156bf7737f7ec4495d1c33

Download Submit
C:\Windows\System\LxQUgqA.exe

Filesize
1.3MB

MD5
dbbaf3a00c30f1d24718768f64bfa553

SHA1
efe3d36d1ce71d839b65dadecb67ab41ad119fee

SHA256
6f6f60ef88a5dc0eae4c25c804a5f35eb145f62ea763d5355b636ba7a007acc0

SHA512
585623365a269b1709765a55b279a7ad336b1bfaf89a93a41ac7d375e1998b65b5fe0c8b36ae198506304c9a995f86798ac812d70c4c15dcd3e3e38cdee48083

Download Submit
C:\Windows\System\SnjKgSM.exe

Filesize
1.3MB

MD5
754723d403a60e902997d480e9f64ca1

SHA1
83bd26700bce08ab9a805b538aa3530d0f3a8d33

SHA256
03873921e4d1dab5ad00738f2a1d104fbc771f61862f4d157d66dbab70906ea8

SHA512
39d9b8c886a224ddc4db851059687eed15fdc824cc9aa7b1d379a790b711441c15df1dbcb8d9070db0136445bab696dc657b1d7a24616db7c0601e341f730667

Download Submit
C:\Windows\System\TAvnBfG.exe

Filesize
1.3MB

MD5
1b6d94e015162cbd59637ec2d7ee1629

SHA1
5e01268408c037af655ffe816dff45009ab406a2

SHA256
8532e65c94dbaab4d8fcf6062597d48bfd1438796ee4e031eb57c7791d576891

SHA512
a7b3ee81ff9309c707b63b70e25fa3622ed7a69cb5c93f5dcec65998f761ea34a6713c78f443a8ece3f6053db26f891b72b80acf2d6f54227398a3b3bb11afa6

Download Submit
C:\Windows\System\UbTpoAp.exe

Filesize
1.3MB

MD5
fb20b05765b83b7eb8d3241e06e7b564

SHA1
2d8b0cb821610464f84061ccff416bc6f99752c7

SHA256
cba231eb25c04a50b8f8ec8877a17f3d1274f181028c462f2cb1d7012aa4a0d3

SHA512
cd13e094c47ca09b05f432fee12837baa47529723080ac7aa361d87858eff5223ffc7e3b927456692ff1366cc0c8c1adfe3edc56994acf09b6b074ae27ce0b96

Download Submit
C:\Windows\System\aVKVxgY.exe

Filesize
1.3MB

MD5
4be206051c089b3674de2397a2274f6c

SHA1
ca917f4c7e5c00a4c1162ed857679e339664bb73

SHA256
5cdeec652fe9578f4da2c0155e1fadcdc9345816cc32575a321ec1e534e1c5c5

SHA512
f068f8197c8fd0af4eee8b30c5c8f23ad666a05c61b9900af101178eb9493ff3458463680c55a40a603d27cd93b7103928c5e388016ec926f7a3b51ec1cadb2c

Download Submit
C:\Windows\System\dJETWJW.exe

Filesize
1.3MB

MD5
db5b5187a2f1e593884c9c6919f3a748

SHA1
f922378a9e0a15d27046e1444af6f8310ac13c05

SHA256
d8e58ec470f33bf467c2e2077d662afba7ceaefa3bae7f26cce8d07cb58080b8

SHA512
72a696f62696e8ff323d2d43d2abdaf3f8ef8ada721231152715ad4d41230007c05684cafa1d922fbc13bff4480163059d11cbff491507f52426e4433ad5d2ce

Download Submit
C:\Windows\System\dKyuAAw.exe

Filesize
1.3MB

MD5
a97549dd18be3389cb265c87b82f81c4

SHA1
bbdab3491eee7a7eb4f18ce60dcb9bf418b9bf89

SHA256
35caf995c4c2ec2444a010e6ab66af3f57dc9d21e4788adea65ba29a03df4b47

SHA512
45b6a3855fa8fdfa321d61555acf139c7926fe1b1082123f3435705603b8e7b2b602538505e839ad86d0faf75d448391da054167d20b467acc941caf913b4eb6

Download Submit
C:\Windows\System\egQabCy.exe

Filesize
1.3MB

MD5
6abfb77436d6c3a00ca3761a0536344d

SHA1
1cfb13168b35d670a0f894c9f3eb2bd1790005d5

SHA256
9ab4b7053a2df071bf7b45b873ca179914a6dbc8c065d5cfbd2be5c561b28d54

SHA512
b73588c82ef8038bbb79432652594b96f021326ce760da5dff4e626042b745777503b44ad2c04b25b0da352371b4f130e835f57bd8bd3f8afd12f1ef26738ed8

Download Submit
C:\Windows\System\exYFvBJ.exe

Filesize
1.3MB

MD5
ad8d1f1072c722901b66ad609fe0d186

SHA1
2bf22648afdf85d9a1411ab1a454edb5901b9f36

SHA256
389f47170370ace85da5fb7dd09b5709f0e17f79aae3479ec583630ebcbaf585

SHA512
ce812d119f97697865cf4a7bfe19c21d9bbb43faddddbabc2ff5ce1a54127320047ffe4e5ab9a8ea58d1bd62fe209e4f721df92886a4420767b554e99ddae3fc

Download Submit
C:\Windows\System\iiDFojB.exe

Filesize
1.3MB

MD5
e0a5efa84317b7c4ed5bb273ef622ef9

SHA1
55a33ff3eb51812b0a442dd0d3e44a524cf09614

SHA256
cfd7fdf5b2714b830555e95a697485c6090dc9abda5842aef70016f236c97bac

SHA512
3f2a5dfef66015e5e156502c0e0c413be68005030119e3c8005f7087f059a0c88c91d9b7458bf931f3d14d13824c81fd83308a918c44215a737f239cecd3aca5

Download Submit
C:\Windows\System\klBLvSK.exe

Filesize
1.3MB

MD5
419215cdb7a1e42c91fa2388b919322e

SHA1
b2408e0fb5f0cec6c006123c3842b01de7e80802

SHA256
49645ea84e0ce738c6833defadfed1be45db5b507b9d9b847ba89e981e1c2223

SHA512
853c5470ee709b75f7644db24fd0a1051d245ba067a9b7537ea516d389e7f726e3abfa83b6e530f47e80216804882982666a0d713f71a1315d9741b99c221202

Download Submit
C:\Windows\System\mFfZvTF.exe

Filesize
1.3MB

MD5
5fcb68a530722c8f738bef66b5fbab0f

SHA1
184162d6498024b6cf060d7880005f60c8e9f993

SHA256
a97daba5ff4a0ecac031fbda3cce388dd1c0a9030f5f30e5c6cd6a4f2aed01d2

SHA512
fa444227a7936e5a7066243db680f115fa3b51683a5c1390ecc32e4f2bf7b801514323187c95a2dc67d20dca7edcb06ba1f851255bc0e4d1e72d0e6d8e07e861

Download Submit
C:\Windows\System\oTMtdut.exe

Filesize
1.3MB

MD5
7cfd9514598f6ffeb4571e85d54ca389

SHA1
0a87de61e8b7108b1845086500302c7fc8b7bdf1

SHA256
32758a13624ec1e9f4a67fcb8c3af62546be06453a08f2a1e3498c62ae95cb8c

SHA512
7e305c76b88b007aa30c36948172dfd6ec859966c2a6bab5294df08d85425f9c0c343985f54c4f0083a58a8830113a498d053409ceed8042e1a7b08815cc294a

Download Submit
C:\Windows\System\oXRcCkz.exe

Filesize
1.3MB

MD5
f337dd42e2c5481ecde5375e793cfe38

SHA1
42eebe23a2076570e80f7a3d33c5685fe963b62c

SHA256
9134f9620fad084d6850226d82e009531ab0eaa5f1d38ff9c0f909a8389b4475

SHA512
f18bac3d9261961bbaeab185cd8021b11878958be5bc95eb1d56841c7802d7df24a66b7c5dc476d1c5b9016d8a70274d6e064b0b3aeae0f0e7a41dc5df8c5ec9

Download Submit
C:\Windows\System\qYXcWBa.exe

Filesize
1.3MB

MD5
333c2e171e12cbe528a5b7501b38f729

SHA1
fbfa53a9f41d9e80da68d0602cbac794c30a8ca9

SHA256
274a5d0a4f4ed61e217575659268ffa5ceb3eb657daa25734742cba030dc9acb

SHA512
a5448b2bc456aba706ac0382c098059012556ff413a4f2e69b0960054577815e4f340159aebea6294811140ae01d0c76e3924c0b72b99e6c34e3a967e8b3e2af

Download Submit
C:\Windows\System\qoECuyU.exe

Filesize
1.3MB

MD5
f299fbd256f55d74c25138087d95f128

SHA1
b4821882cc77b9d1bd4e855e739de3d30b4b8f3d

SHA256
6ff88525287341dad33ba76dfe7fe6735c122b5a7ef1bdf5f9cedca44f525bd9

SHA512
9a030ca438c4fbaff3e8cae0528a0ca802178442e9511f1d16972e6a7efd8feb3f44f9c923a655cc71f1e2ff194343baa03aa995baf8ce83da5d531dcf5a03ee

Download Submit
C:\Windows\System\rVdPamN.exe

Filesize
1.3MB

MD5
cb54c219a0bae2160e8013e3d3230db4

SHA1
8f5b05f7e6b4ebf568a4e54fd63e598abc11963e

SHA256
c408e4be980dac3efa0bf01add5bd7053f9e8ed08ed430f25ff919cacbc1c1e1

SHA512
f854542804cfbad10ec31f75b8fbbd0f10fb918565e56da62a072af01c70bb939c03cb5a030b0965ba7bbcdc1ba9584986ee0ef9f9b2f6f6a273cc5d873fed51

Download Submit
C:\Windows\System\ucMtFRz.exe

Filesize
1.3MB

MD5
9ccb371e013b7543d5266f80b8b84d85

SHA1
f83ec21dd90ba167de7b9e4a15a670f0f60d4e5c

SHA256
560c5cf87b7650b8d16002f05143de84d8ad9fbf36df2c9c34300d01d0bb8b56

SHA512
124b9b0a4cbd39e972b583a86c44c0dafd5d507ce018f27bb026fdd884cd1416770ae9eebdd99fbd039ad14edd3f457a78ac9c75a6800833084a090f50cc1be7

Download Submit
C:\Windows\System\wZVcEHr.exe

Filesize
1.3MB

MD5
976f07427463e319f6257f75cdb9a549

SHA1
5e7e0ebdf3a35cea10489c70fecbedc19af5ab31

SHA256
2aafc78bf4913b293e269fdbaa4b00532207aca5a2d9d2fbb410b6386f5316d1

SHA512
4566d507548cf2d1faf92867e1c4a8e95e21b126bff3687dfb2ffea6d2e0d976b9769cc08324efb4a4acb98da727c50835365ebde08a44ee1afd6db59ef32ee8

Download Submit
C:\Windows\System\xSmzoxh.exe

Filesize
1.3MB

MD5
dadb9a6f533924a5dc0ae28047df84f7

SHA1
c7ed0d6f91bca0e93593d70e47837133174e12cd

SHA256
e25141bc423c9563cb0894b94a92e525bc332d402b0a7d0d1a71dd33c83e5e0d

SHA512
a526b72f2fa0c2915821e5916ab90b88d6480a559f24e3bacaf2f0b5198daf9af7e5a008b670a18b761a88d2c02cbb3feba4d68998c8716976a50e3514149c2b

Download Submit
C:\Windows\System\xZcvhVr.exe

Filesize
1.3MB

MD5
28b9823776190e3c883bafa16ec21fbc

SHA1
fe08416b7e27db1dd141d2052cefb3f735d877cc

SHA256
49591127d25129d0f8d685def781439c3eb29da53d20741951e7af138b04d0d4

SHA512
21864769476f67a1f8fa13ca8baec22ef33e80c91febf816e92848fd14cde6d9d4fd289e6d032ccd2dac793cafc6cab6941c07f55539c52a071b4e4140212473

Download Submit
C:\Windows\System\yGdIYmG.exe

Filesize
1.3MB

MD5
7fe9673aab279f92d0e638b509ceb1ce

SHA1
6b882a0cce1e07aceb26ee94c5199af77fc84ce7

SHA256
a1c5719ed434a150a5369f42d4fbf4a524addb2569819f7624ee79b3408d9fb8

SHA512
2924f57c7d972ff98ca3322660885f12771467c37620f41ead81a74f5f0356346d8db2ca7b38fe7a500777b94c4e8b185d6644c9a6bb3a4c3abc9c933bbc78a7

Download Submit
C:\Windows\System\yScamoV.exe

Filesize
1.3MB

MD5
2a315463bead2bc32b9d668a48aaee65

SHA1
6b3d22abf5f76a29f442797bf404ad61366c9926

SHA256
30ea5d1a9d45cf3a5e62fd933592fa636dd53e9dfd9af11a6298711f7816bb07

SHA512
73968574f87df9118d2f3208f0068f3e416a196c5e56435b56dbf5df742815b56a2903fe6a2cc46adf988de1d9433b8d11f6af281cab93539c49930468c742a0

Download Submit
C:\Windows\System\zcqjRDO.exe

Filesize
1.3MB

MD5
3d75ac367f7079609574ac55e0187ea2

SHA1
8895fa4d37f21d06a51c768d9ddd185f9e893ad3

SHA256
abafbce34f58c454bb0596bd58e745f44a4e0a8abb6463980700cd4221d63b87

SHA512
51787bf2038c35261c2c2f3af9827a0ae21b1071a028f2179b5608149c9b15ecbfba2d12942fdffe412caa36f7a860f455fedd3c137d6c6c2bc38bba8d08cd9c

Download Submit
memory/344-462-0x00007FF776F70000-0x00007FF7772C1000-memory.dmp

Filesize
3.3MB

Download
memory/344-2300-0x00007FF776F70000-0x00007FF7772C1000-memory.dmp

Filesize
3.3MB

Download
memory/436-0-0x00007FF609440000-0x00007FF609791000-memory.dmp

Filesize
3.3MB

Download
memory/436-1-0x00000188AEB00000-0x00000188AEB10000-memory.dmp

Filesize
64KB

Download
memory/436-1389-0x00007FF609440000-0x00007FF609791000-memory.dmp

Filesize
3.3MB

Download
memory/692-60-0x00007FF718900000-0x00007FF718C51000-memory.dmp

Filesize
3.3MB

Download
memory/692-2288-0x00007FF718900000-0x00007FF718C51000-memory.dmp

Filesize
3.3MB

Download
memory/692-2200-0x00007FF718900000-0x00007FF718C51000-memory.dmp

Filesize
3.3MB

Download
memory/872-2286-0x00007FF6FC120000-0x00007FF6FC471000-memory.dmp

Filesize
3.3MB

Download
memory/872-56-0x00007FF6FC120000-0x00007FF6FC471000-memory.dmp

Filesize
3.3MB

Download
memory/1356-470-0x00007FF79EC40000-0x00007FF79EF91000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2302-0x00007FF79EC40000-0x00007FF79EF91000-memory.dmp

Filesize
3.3MB

Download
memory/1468-2326-0x00007FF6E8540000-0x00007FF6E8891000-memory.dmp

Filesize
3.3MB

Download
memory/1468-511-0x00007FF6E8540000-0x00007FF6E8891000-memory.dmp

Filesize
3.3MB

Download
memory/1540-31-0x00007FF6B0D90000-0x00007FF6B10E1000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2278-0x00007FF6B0D90000-0x00007FF6B10E1000-memory.dmp

Filesize
3.3MB

Download
memory/1620-70-0x00007FF7EBC50000-0x00007FF7EBFA1000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2296-0x00007FF7EBC50000-0x00007FF7EBFA1000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2224-0x00007FF7EBC50000-0x00007FF7EBFA1000-memory.dmp

Filesize
3.3MB

Download
memory/1628-518-0x00007FF757AA0000-0x00007FF757DF1000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2321-0x00007FF757AA0000-0x00007FF757DF1000-memory.dmp

Filesize
3.3MB

Download
memory/1732-2324-0x00007FF6C28C0000-0x00007FF6C2C11000-memory.dmp

Filesize
3.3MB

Download
memory/1732-510-0x00007FF6C28C0000-0x00007FF6C2C11000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2178-0x00007FF6689F0000-0x00007FF668D41000-memory.dmp

Filesize
3.3MB

Download
memory/2036-23-0x00007FF6689F0000-0x00007FF668D41000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2276-0x00007FF6689F0000-0x00007FF668D41000-memory.dmp

Filesize
3.3MB

Download
memory/2264-2318-0x00007FF62D7B0000-0x00007FF62DB01000-memory.dmp

Filesize
3.3MB

Download
memory/2264-507-0x00007FF62D7B0000-0x00007FF62DB01000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2322-0x00007FF711EB0000-0x00007FF712201000-memory.dmp

Filesize
3.3MB

Download
memory/2520-528-0x00007FF711EB0000-0x00007FF712201000-memory.dmp

Filesize
3.3MB

Download
memory/2784-464-0x00007FF6DADE0000-0x00007FF6DB131000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2292-0x00007FF6DADE0000-0x00007FF6DB131000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2310-0x00007FF6CDCA0000-0x00007FF6CDFF1000-memory.dmp

Filesize
3.3MB

Download
memory/3040-487-0x00007FF6CDCA0000-0x00007FF6CDFF1000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2298-0x00007FF7E9A40000-0x00007FF7E9D91000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2201-0x00007FF7E9A40000-0x00007FF7E9D91000-memory.dmp

Filesize
3.3MB

Download
memory/3488-64-0x00007FF7E9A40000-0x00007FF7E9D91000-memory.dmp

Filesize
3.3MB

Download
memory/3540-2290-0x00007FF6727E0000-0x00007FF672B31000-memory.dmp

Filesize
3.3MB

Download
memory/3540-78-0x00007FF6727E0000-0x00007FF672B31000-memory.dmp

Filesize
3.3MB

Download
memory/3540-2238-0x00007FF6727E0000-0x00007FF672B31000-memory.dmp

Filesize
3.3MB

Download
memory/3684-494-0x00007FF79DA90000-0x00007FF79DDE1000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2316-0x00007FF79DA90000-0x00007FF79DDE1000-memory.dmp

Filesize
3.3MB

Download
memory/3752-2294-0x00007FF69D990000-0x00007FF69DCE1000-memory.dmp

Filesize
3.3MB

Download
memory/3752-463-0x00007FF69D990000-0x00007FF69DCE1000-memory.dmp

Filesize
3.3MB

Download
memory/3756-17-0x00007FF76F270000-0x00007FF76F5C1000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2270-0x00007FF76F270000-0x00007FF76F5C1000-memory.dmp

Filesize
3.3MB

Download
memory/3840-8-0x00007FF675000000-0x00007FF675351000-memory.dmp

Filesize
3.3MB

Download
memory/3840-2264-0x00007FF675000000-0x00007FF675351000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2315-0x00007FF715720000-0x00007FF715A71000-memory.dmp

Filesize
3.3MB

Download
memory/3852-472-0x00007FF715720000-0x00007FF715A71000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2235-0x00007FF67E010000-0x00007FF67E361000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2328-0x00007FF67E010000-0x00007FF67E361000-memory.dmp

Filesize
3.3MB

Download
memory/4044-75-0x00007FF67E010000-0x00007FF67E361000-memory.dmp

Filesize
3.3MB

Download
memory/4420-499-0x00007FF7015A0000-0x00007FF7018F1000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2312-0x00007FF7015A0000-0x00007FF7018F1000-memory.dmp

Filesize
3.3MB

Download
memory/4500-55-0x00007FF7A44C0000-0x00007FF7A4811000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2284-0x00007FF7A44C0000-0x00007FF7A4811000-memory.dmp

Filesize
3.3MB

Download
memory/4512-2280-0x00007FF7F8E70000-0x00007FF7F91C1000-memory.dmp

Filesize
3.3MB

Download
memory/4512-53-0x00007FF7F8E70000-0x00007FF7F91C1000-memory.dmp

Filesize
3.3MB

Download
memory/4540-467-0x00007FF787390000-0x00007FF7876E1000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2304-0x00007FF787390000-0x00007FF7876E1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-475-0x00007FF73B2D0000-0x00007FF73B621000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2306-0x00007FF73B2D0000-0x00007FF73B621000-memory.dmp

Filesize
3.3MB

Download
memory/4868-37-0x00007FF6C98D0000-0x00007FF6C9C21000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2199-0x00007FF6C98D0000-0x00007FF6C9C21000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2282-0x00007FF6C98D0000-0x00007FF6C9C21000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2308-0x00007FF7BE8B0000-0x00007FF7BEC01000-memory.dmp

Filesize
3.3MB

Download
memory/4904-493-0x00007FF7BE8B0000-0x00007FF7BEC01000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads