xmrig | 1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f

Analysis

max time kernel
130s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
Size

2.4MB
MD5

31ae7f4bf52713b0ab846ac458833e55
SHA1

0d8784c7fc2b4cb89053279958b2fa6b508805ef
SHA256

1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f
SHA512

d183db513077d27bde4b81e46a1539c5cbbfd13291cc7742db3ac02e72e7f7b008d4c7bd9563615061ba06f1edfd217db0bf188a7a946b99ae0a8a2f1aa6f794
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQOY2UrwUveeF34:oemTLkNdfE0pZrQW

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/404-0-0x00007FF7EE0F0000-0x00007FF7EE444000-memory.dmp	xmrig
behavioral2/files/0x0008000000023479-5.dat	xmrig
behavioral2/files/0x000700000002347d-8.dat	xmrig
behavioral2/files/0x000800000002347c-9.dat	xmrig
behavioral2/memory/1212-14-0x00007FF615B50000-0x00007FF615EA4000-memory.dmp	xmrig
behavioral2/memory/4124-23-0x00007FF6B0760000-0x00007FF6B0AB4000-memory.dmp	xmrig
behavioral2/memory/2552-26-0x00007FF7BBB10000-0x00007FF7BBE64000-memory.dmp	xmrig
behavioral2/files/0x000700000002347e-21.dat	xmrig
behavioral2/memory/1220-10-0x00007FF7AFDC0000-0x00007FF7B0114000-memory.dmp	xmrig
behavioral2/files/0x000700000002347f-28.dat	xmrig
behavioral2/files/0x000800000002347a-38.dat	xmrig
behavioral2/files/0x0007000000023480-46.dat	xmrig
behavioral2/files/0x0007000000023484-57.dat	xmrig
behavioral2/files/0x0007000000023487-79.dat	xmrig
behavioral2/files/0x0007000000023489-88.dat	xmrig
behavioral2/files/0x000700000002348a-97.dat	xmrig
behavioral2/files/0x000700000002348c-107.dat	xmrig
behavioral2/files/0x000700000002348e-117.dat	xmrig
behavioral2/files/0x0007000000023498-167.dat	xmrig
behavioral2/files/0x0007000000023499-171.dat	xmrig
behavioral2/files/0x0007000000023497-162.dat	xmrig
behavioral2/files/0x0007000000023496-157.dat	xmrig
behavioral2/files/0x0007000000023495-151.dat	xmrig
behavioral2/files/0x0007000000023494-147.dat	xmrig
behavioral2/files/0x0007000000023493-142.dat	xmrig
behavioral2/files/0x0007000000023492-137.dat	xmrig
behavioral2/files/0x0007000000023491-132.dat	xmrig
behavioral2/files/0x0007000000023490-127.dat	xmrig
behavioral2/files/0x000700000002348f-121.dat	xmrig
behavioral2/files/0x000700000002348d-112.dat	xmrig
behavioral2/files/0x000700000002348b-101.dat	xmrig
behavioral2/files/0x0007000000023488-86.dat	xmrig
behavioral2/files/0x0007000000023485-74.dat	xmrig
behavioral2/files/0x0007000000023486-72.dat	xmrig
behavioral2/files/0x0007000000023483-63.dat	xmrig
behavioral2/memory/4856-60-0x00007FF7F3D00000-0x00007FF7F4054000-memory.dmp	xmrig
behavioral2/memory/5016-58-0x00007FF62D930000-0x00007FF62DC84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023482-55.dat	xmrig
behavioral2/files/0x0007000000023481-50.dat	xmrig
behavioral2/memory/3444-44-0x00007FF700800000-0x00007FF700B54000-memory.dmp	xmrig
behavioral2/memory/1216-35-0x00007FF644AA0000-0x00007FF644DF4000-memory.dmp	xmrig
behavioral2/memory/2536-678-0x00007FF717860000-0x00007FF717BB4000-memory.dmp	xmrig
behavioral2/memory/3200-680-0x00007FF62D9A0000-0x00007FF62DCF4000-memory.dmp	xmrig
behavioral2/memory/3864-679-0x00007FF727B10000-0x00007FF727E64000-memory.dmp	xmrig
behavioral2/memory/4736-682-0x00007FF629FB0000-0x00007FF62A304000-memory.dmp	xmrig
behavioral2/memory/1408-681-0x00007FF7F72C0000-0x00007FF7F7614000-memory.dmp	xmrig
behavioral2/memory/2940-691-0x00007FF7E52B0000-0x00007FF7E5604000-memory.dmp	xmrig
behavioral2/memory/3156-684-0x00007FF7C6910000-0x00007FF7C6C64000-memory.dmp	xmrig
behavioral2/memory/1484-698-0x00007FF7B0920000-0x00007FF7B0C74000-memory.dmp	xmrig
behavioral2/memory/3308-704-0x00007FF689540000-0x00007FF689894000-memory.dmp	xmrig
behavioral2/memory/4420-709-0x00007FF72E920000-0x00007FF72EC74000-memory.dmp	xmrig
behavioral2/memory/5116-716-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp	xmrig
behavioral2/memory/2676-724-0x00007FF6FBBF0000-0x00007FF6FBF44000-memory.dmp	xmrig
behavioral2/memory/4904-726-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp	xmrig
behavioral2/memory/1248-728-0x00007FF6E22E0000-0x00007FF6E2634000-memory.dmp	xmrig
behavioral2/memory/772-729-0x00007FF6F64B0000-0x00007FF6F6804000-memory.dmp	xmrig
behavioral2/memory/4900-738-0x00007FF742AA0000-0x00007FF742DF4000-memory.dmp	xmrig
behavioral2/memory/4476-739-0x00007FF7E5600000-0x00007FF7E5954000-memory.dmp	xmrig
behavioral2/memory/4800-743-0x00007FF648200000-0x00007FF648554000-memory.dmp	xmrig
behavioral2/memory/5036-730-0x00007FF6EF2F0000-0x00007FF6EF644000-memory.dmp	xmrig
behavioral2/memory/5052-721-0x00007FF696920000-0x00007FF696C74000-memory.dmp	xmrig
behavioral2/memory/536-712-0x00007FF6EC600000-0x00007FF6EC954000-memory.dmp	xmrig
behavioral2/memory/1220-1573-0x00007FF7AFDC0000-0x00007FF7B0114000-memory.dmp	xmrig
behavioral2/memory/404-1570-0x00007FF7EE0F0000-0x00007FF7EE444000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1220	ZlCinlE.exe
1212	zThMgFm.exe
4124	GPIlhxZ.exe
2552	jPYifwG.exe
1216	ChfmlSr.exe
3444	xoAHKOS.exe
2536	vNdPNTh.exe
5016	QDxFtcc.exe
3864	AXjgNbp.exe
3200	rWBwIjA.exe
4856	NpRIVJy.exe
4800	HJZyTDF.exe
1408	NeSlfFK.exe
4736	KziRDbi.exe
3156	pnBvCpB.exe
2940	nDaIvqw.exe
1484	NDPpThQ.exe
3308	yfHDBoo.exe
4420	MPpweoc.exe
536	FqzQNHW.exe
5116	IEeZfQM.exe
5052	xAHHMFp.exe
2676	BmMyYVF.exe
4904	iBUurhO.exe
1248	AjIHxhN.exe
772	RUoyeEz.exe
5036	gWUHfOB.exe
4900	GQgtGBk.exe
4476	neOTGan.exe
1520	fcjSDtV.exe
4876	MYLFMgP.exe
3912	IELYWXJ.exe
1984	DKoTegl.exe
2448	EZUKSwm.exe
4032	dRyeWiU.exe
1796	HWjzYQh.exe
3128	UMumPLh.exe
3292	nyzqsBj.exe
4056	YZdqBMa.exe
4620	LWxprQv.exe
1488	GJDXFem.exe
400	MbrDlxf.exe
3212	bGDQwhx.exe
2744	YZtXvQB.exe
1896	PPWidDJ.exe
1600	XoikNux.exe
2044	fUaosKB.exe
640	jMDLgWK.exe
3004	ZqFalgN.exe
3548	msagLzf.exe
216	IdadEFa.exe
4768	YhkjxUh.exe
1152	dfvlsiI.exe
2808	EiarJrd.exe
1732	TltNoHr.exe
4160	udCTCtG.exe
3492	OoeDynQ.exe
4416	QoURKKD.exe
3992	oiUKkaB.exe
1472	BDgUHjV.exe
428	RIimYOW.exe
4816	DWLUlyh.exe
2608	IvXylAp.exe
4840	DdSrrIN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/404-0-0x00007FF7EE0F0000-0x00007FF7EE444000-memory.dmp	upx
behavioral2/files/0x0008000000023479-5.dat	upx
behavioral2/files/0x000700000002347d-8.dat	upx
behavioral2/files/0x000800000002347c-9.dat	upx
behavioral2/memory/1212-14-0x00007FF615B50000-0x00007FF615EA4000-memory.dmp	upx
behavioral2/memory/4124-23-0x00007FF6B0760000-0x00007FF6B0AB4000-memory.dmp	upx
behavioral2/memory/2552-26-0x00007FF7BBB10000-0x00007FF7BBE64000-memory.dmp	upx
behavioral2/files/0x000700000002347e-21.dat	upx
behavioral2/memory/1220-10-0x00007FF7AFDC0000-0x00007FF7B0114000-memory.dmp	upx
behavioral2/files/0x000700000002347f-28.dat	upx
behavioral2/files/0x000800000002347a-38.dat	upx
behavioral2/files/0x0007000000023480-46.dat	upx
behavioral2/files/0x0007000000023484-57.dat	upx
behavioral2/files/0x0007000000023487-79.dat	upx
behavioral2/files/0x0007000000023489-88.dat	upx
behavioral2/files/0x000700000002348a-97.dat	upx
behavioral2/files/0x000700000002348c-107.dat	upx
behavioral2/files/0x000700000002348e-117.dat	upx
behavioral2/files/0x0007000000023498-167.dat	upx
behavioral2/files/0x0007000000023499-171.dat	upx
behavioral2/files/0x0007000000023497-162.dat	upx
behavioral2/files/0x0007000000023496-157.dat	upx
behavioral2/files/0x0007000000023495-151.dat	upx
behavioral2/files/0x0007000000023494-147.dat	upx
behavioral2/files/0x0007000000023493-142.dat	upx
behavioral2/files/0x0007000000023492-137.dat	upx
behavioral2/files/0x0007000000023491-132.dat	upx
behavioral2/files/0x0007000000023490-127.dat	upx
behavioral2/files/0x000700000002348f-121.dat	upx
behavioral2/files/0x000700000002348d-112.dat	upx
behavioral2/files/0x000700000002348b-101.dat	upx
behavioral2/files/0x0007000000023488-86.dat	upx
behavioral2/files/0x0007000000023485-74.dat	upx
behavioral2/files/0x0007000000023486-72.dat	upx
behavioral2/files/0x0007000000023483-63.dat	upx
behavioral2/memory/4856-60-0x00007FF7F3D00000-0x00007FF7F4054000-memory.dmp	upx
behavioral2/memory/5016-58-0x00007FF62D930000-0x00007FF62DC84000-memory.dmp	upx
behavioral2/files/0x0007000000023482-55.dat	upx
behavioral2/files/0x0007000000023481-50.dat	upx
behavioral2/memory/3444-44-0x00007FF700800000-0x00007FF700B54000-memory.dmp	upx
behavioral2/memory/1216-35-0x00007FF644AA0000-0x00007FF644DF4000-memory.dmp	upx
behavioral2/memory/2536-678-0x00007FF717860000-0x00007FF717BB4000-memory.dmp	upx
behavioral2/memory/3200-680-0x00007FF62D9A0000-0x00007FF62DCF4000-memory.dmp	upx
behavioral2/memory/3864-679-0x00007FF727B10000-0x00007FF727E64000-memory.dmp	upx
behavioral2/memory/4736-682-0x00007FF629FB0000-0x00007FF62A304000-memory.dmp	upx
behavioral2/memory/1408-681-0x00007FF7F72C0000-0x00007FF7F7614000-memory.dmp	upx
behavioral2/memory/2940-691-0x00007FF7E52B0000-0x00007FF7E5604000-memory.dmp	upx
behavioral2/memory/3156-684-0x00007FF7C6910000-0x00007FF7C6C64000-memory.dmp	upx
behavioral2/memory/1484-698-0x00007FF7B0920000-0x00007FF7B0C74000-memory.dmp	upx
behavioral2/memory/3308-704-0x00007FF689540000-0x00007FF689894000-memory.dmp	upx
behavioral2/memory/4420-709-0x00007FF72E920000-0x00007FF72EC74000-memory.dmp	upx
behavioral2/memory/5116-716-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp	upx
behavioral2/memory/2676-724-0x00007FF6FBBF0000-0x00007FF6FBF44000-memory.dmp	upx
behavioral2/memory/4904-726-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp	upx
behavioral2/memory/1248-728-0x00007FF6E22E0000-0x00007FF6E2634000-memory.dmp	upx
behavioral2/memory/772-729-0x00007FF6F64B0000-0x00007FF6F6804000-memory.dmp	upx
behavioral2/memory/4900-738-0x00007FF742AA0000-0x00007FF742DF4000-memory.dmp	upx
behavioral2/memory/4476-739-0x00007FF7E5600000-0x00007FF7E5954000-memory.dmp	upx
behavioral2/memory/4800-743-0x00007FF648200000-0x00007FF648554000-memory.dmp	upx
behavioral2/memory/5036-730-0x00007FF6EF2F0000-0x00007FF6EF644000-memory.dmp	upx
behavioral2/memory/5052-721-0x00007FF696920000-0x00007FF696C74000-memory.dmp	upx
behavioral2/memory/536-712-0x00007FF6EC600000-0x00007FF6EC954000-memory.dmp	upx
behavioral2/memory/1220-1573-0x00007FF7AFDC0000-0x00007FF7B0114000-memory.dmp	upx
behavioral2/memory/404-1570-0x00007FF7EE0F0000-0x00007FF7EE444000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VZyfknz.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\SvfEmxG.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\gIEzzbk.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\amuxirI.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\NIcGcdx.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\EUNvsRn.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\aETuTxv.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\mSvVjtP.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\GCYeDIH.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\KKiJMxW.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\WsmvdBI.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\aarQzzm.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\WTRgfnb.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\UhUaWoe.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\raAcpZh.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\BNVVLmS.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\VKfyqBc.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\aKPDHPg.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\dtSMBYF.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\DrzamgG.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\VXpdgLG.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\HCvRueB.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\QlBKBXa.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\TGQQxhk.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\HdlkZmM.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\bRWUQXO.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\wzUsTlW.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\VTvzuuu.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\KOFYJMG.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\EdBQPRc.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\AjIHxhN.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\zXXKvJe.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\kRMPUPy.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\DdYSbDe.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\GnrXudB.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\KhzhTld.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\tHjaZmh.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\llFVuRT.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\XzhGtWp.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\gZzFPAE.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\hPfRdfE.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\jDSKjgT.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\BqQwHGP.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\iEkpINB.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\eCRxSAR.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\rIAgCBI.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\drRgnmk.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\bMQhxfG.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\QkIowFQ.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\bDcQJAD.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\vceQFbo.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\GPIlhxZ.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\HJZyTDF.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\OoeDynQ.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\MHRNxYf.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\jfIAJVi.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\XtiUktw.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\vglgbjp.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\tZTWkLu.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\aohYudx.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\bYiVJfp.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\McklvTY.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\XzeXORb.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
File created	C:\Windows\System\EdYriVl.exe	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4148	dwm.exe
Token: SeChangeNotifyPrivilege	4148	dwm.exe
Token: 33	4148	dwm.exe
Token: SeIncBasePriorityPrivilege	4148	dwm.exe
Token: SeShutdownPrivilege	4148	dwm.exe
Token: SeCreatePagefilePrivilege	4148	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 1220	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	84
PID 404 wrote to memory of 1220	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	84
PID 404 wrote to memory of 1212	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	85
PID 404 wrote to memory of 1212	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	85
PID 404 wrote to memory of 4124	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	86
PID 404 wrote to memory of 4124	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	86
PID 404 wrote to memory of 2552	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	87
PID 404 wrote to memory of 2552	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	87
PID 404 wrote to memory of 1216	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	88
PID 404 wrote to memory of 1216	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	88
PID 404 wrote to memory of 3444	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	89
PID 404 wrote to memory of 3444	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	89
PID 404 wrote to memory of 5016	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	91
PID 404 wrote to memory of 5016	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	91
PID 404 wrote to memory of 2536	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	92
PID 404 wrote to memory of 2536	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	92
PID 404 wrote to memory of 3864	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	93
PID 404 wrote to memory of 3864	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	93
PID 404 wrote to memory of 3200	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	94
PID 404 wrote to memory of 3200	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	94
PID 404 wrote to memory of 4856	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	95
PID 404 wrote to memory of 4856	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	95
PID 404 wrote to memory of 1408	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	96
PID 404 wrote to memory of 1408	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	96
PID 404 wrote to memory of 4800	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	97
PID 404 wrote to memory of 4800	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	97
PID 404 wrote to memory of 4736	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	98
PID 404 wrote to memory of 4736	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	98
PID 404 wrote to memory of 3156	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	99
PID 404 wrote to memory of 3156	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	99
PID 404 wrote to memory of 2940	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	100
PID 404 wrote to memory of 2940	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	100
PID 404 wrote to memory of 1484	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	101
PID 404 wrote to memory of 1484	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	101
PID 404 wrote to memory of 3308	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	102
PID 404 wrote to memory of 3308	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	102
PID 404 wrote to memory of 4420	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	103
PID 404 wrote to memory of 4420	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	103
PID 404 wrote to memory of 536	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	104
PID 404 wrote to memory of 536	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	104
PID 404 wrote to memory of 5116	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	105
PID 404 wrote to memory of 5116	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	105
PID 404 wrote to memory of 5052	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	106
PID 404 wrote to memory of 5052	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	106
PID 404 wrote to memory of 2676	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	107
PID 404 wrote to memory of 2676	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	107
PID 404 wrote to memory of 4904	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	108
PID 404 wrote to memory of 4904	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	108
PID 404 wrote to memory of 1248	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	109
PID 404 wrote to memory of 1248	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	109
PID 404 wrote to memory of 772	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	110
PID 404 wrote to memory of 772	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	110
PID 404 wrote to memory of 5036	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	111
PID 404 wrote to memory of 5036	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	111
PID 404 wrote to memory of 4900	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	112
PID 404 wrote to memory of 4900	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	112
PID 404 wrote to memory of 4476	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	113
PID 404 wrote to memory of 4476	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	113
PID 404 wrote to memory of 1520	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	114
PID 404 wrote to memory of 1520	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	114
PID 404 wrote to memory of 4876	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	115
PID 404 wrote to memory of 4876	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	115
PID 404 wrote to memory of 3912	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	116
PID 404 wrote to memory of 3912	404	1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe	116

C:\Users\Admin\AppData\Local\Temp\1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe
"C:\Users\Admin\AppData\Local\Temp\1e1b9bbcc4986e9956306fdd716b79024951aeeaf27859f584c360a753b3ac9f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\System\ZlCinlE.exe
  C:\Windows\System\ZlCinlE.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\zThMgFm.exe
  C:\Windows\System\zThMgFm.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\GPIlhxZ.exe
  C:\Windows\System\GPIlhxZ.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\jPYifwG.exe
  C:\Windows\System\jPYifwG.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\ChfmlSr.exe
  C:\Windows\System\ChfmlSr.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\xoAHKOS.exe
  C:\Windows\System\xoAHKOS.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\QDxFtcc.exe
  C:\Windows\System\QDxFtcc.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\vNdPNTh.exe
  C:\Windows\System\vNdPNTh.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\AXjgNbp.exe
  C:\Windows\System\AXjgNbp.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\rWBwIjA.exe
  C:\Windows\System\rWBwIjA.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\NpRIVJy.exe
  C:\Windows\System\NpRIVJy.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\NeSlfFK.exe
  C:\Windows\System\NeSlfFK.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\HJZyTDF.exe
  C:\Windows\System\HJZyTDF.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\KziRDbi.exe
  C:\Windows\System\KziRDbi.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\pnBvCpB.exe
  C:\Windows\System\pnBvCpB.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\nDaIvqw.exe
  C:\Windows\System\nDaIvqw.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\NDPpThQ.exe
  C:\Windows\System\NDPpThQ.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\yfHDBoo.exe
  C:\Windows\System\yfHDBoo.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\MPpweoc.exe
  C:\Windows\System\MPpweoc.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\FqzQNHW.exe
  C:\Windows\System\FqzQNHW.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\IEeZfQM.exe
  C:\Windows\System\IEeZfQM.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\xAHHMFp.exe
  C:\Windows\System\xAHHMFp.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\BmMyYVF.exe
  C:\Windows\System\BmMyYVF.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\iBUurhO.exe
  C:\Windows\System\iBUurhO.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\AjIHxhN.exe
  C:\Windows\System\AjIHxhN.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\RUoyeEz.exe
  C:\Windows\System\RUoyeEz.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\gWUHfOB.exe
  C:\Windows\System\gWUHfOB.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\GQgtGBk.exe
  C:\Windows\System\GQgtGBk.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\neOTGan.exe
  C:\Windows\System\neOTGan.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\fcjSDtV.exe
  C:\Windows\System\fcjSDtV.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\MYLFMgP.exe
  C:\Windows\System\MYLFMgP.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\IELYWXJ.exe
  C:\Windows\System\IELYWXJ.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\DKoTegl.exe
  C:\Windows\System\DKoTegl.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\EZUKSwm.exe
  C:\Windows\System\EZUKSwm.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\dRyeWiU.exe
  C:\Windows\System\dRyeWiU.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\HWjzYQh.exe
  C:\Windows\System\HWjzYQh.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\UMumPLh.exe
  C:\Windows\System\UMumPLh.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\nyzqsBj.exe
  C:\Windows\System\nyzqsBj.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\YZdqBMa.exe
  C:\Windows\System\YZdqBMa.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\LWxprQv.exe
  C:\Windows\System\LWxprQv.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\GJDXFem.exe
  C:\Windows\System\GJDXFem.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\MbrDlxf.exe
  C:\Windows\System\MbrDlxf.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\bGDQwhx.exe
  C:\Windows\System\bGDQwhx.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\YZtXvQB.exe
  C:\Windows\System\YZtXvQB.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\PPWidDJ.exe
  C:\Windows\System\PPWidDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\XoikNux.exe
  C:\Windows\System\XoikNux.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\fUaosKB.exe
  C:\Windows\System\fUaosKB.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\jMDLgWK.exe
  C:\Windows\System\jMDLgWK.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\ZqFalgN.exe
  C:\Windows\System\ZqFalgN.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\msagLzf.exe
  C:\Windows\System\msagLzf.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\IdadEFa.exe
  C:\Windows\System\IdadEFa.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\YhkjxUh.exe
  C:\Windows\System\YhkjxUh.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\dfvlsiI.exe
  C:\Windows\System\dfvlsiI.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\EiarJrd.exe
  C:\Windows\System\EiarJrd.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\TltNoHr.exe
  C:\Windows\System\TltNoHr.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\udCTCtG.exe
  C:\Windows\System\udCTCtG.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\OoeDynQ.exe
  C:\Windows\System\OoeDynQ.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\QoURKKD.exe
  C:\Windows\System\QoURKKD.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\oiUKkaB.exe
  C:\Windows\System\oiUKkaB.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\BDgUHjV.exe
  C:\Windows\System\BDgUHjV.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\RIimYOW.exe
  C:\Windows\System\RIimYOW.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\DWLUlyh.exe
  C:\Windows\System\DWLUlyh.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\IvXylAp.exe
  C:\Windows\System\IvXylAp.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\DdSrrIN.exe
  C:\Windows\System\DdSrrIN.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\tZTWkLu.exe
  C:\Windows\System\tZTWkLu.exe
  2⤵
  PID:4936
- C:\Windows\System\MOumdXT.exe
  C:\Windows\System\MOumdXT.exe
  2⤵
  PID:2684
- C:\Windows\System\bpSiIHZ.exe
  C:\Windows\System\bpSiIHZ.exe
  2⤵
  PID:4836
- C:\Windows\System\IDAboor.exe
  C:\Windows\System\IDAboor.exe
  2⤵
  PID:3356
- C:\Windows\System\UWOwxOE.exe
  C:\Windows\System\UWOwxOE.exe
  2⤵
  PID:5088
- C:\Windows\System\eHerZrb.exe
  C:\Windows\System\eHerZrb.exe
  2⤵
  PID:4528
- C:\Windows\System\wAGuXub.exe
  C:\Windows\System\wAGuXub.exe
  2⤵
  PID:2984
- C:\Windows\System\dNJAFiE.exe
  C:\Windows\System\dNJAFiE.exe
  2⤵
  PID:1412
- C:\Windows\System\oKwNBAv.exe
  C:\Windows\System\oKwNBAv.exe
  2⤵
  PID:4276
- C:\Windows\System\qwGSEop.exe
  C:\Windows\System\qwGSEop.exe
  2⤵
  PID:2544
- C:\Windows\System\jMTOXHh.exe
  C:\Windows\System\jMTOXHh.exe
  2⤵
  PID:2508
- C:\Windows\System\yyLyBsf.exe
  C:\Windows\System\yyLyBsf.exe
  2⤵
  PID:1080
- C:\Windows\System\hUWYQqb.exe
  C:\Windows\System\hUWYQqb.exe
  2⤵
  PID:2164
- C:\Windows\System\WcnyyRt.exe
  C:\Windows\System\WcnyyRt.exe
  2⤵
  PID:3496
- C:\Windows\System\IFtIPYq.exe
  C:\Windows\System\IFtIPYq.exe
  2⤵
  PID:4408
- C:\Windows\System\MlAlLHD.exe
  C:\Windows\System\MlAlLHD.exe
  2⤵
  PID:2764
- C:\Windows\System\rKlLMLX.exe
  C:\Windows\System\rKlLMLX.exe
  2⤵
  PID:4340
- C:\Windows\System\DCVcZHJ.exe
  C:\Windows\System\DCVcZHJ.exe
  2⤵
  PID:2956
- C:\Windows\System\ofhmqoA.exe
  C:\Windows\System\ofhmqoA.exe
  2⤵
  PID:1964
- C:\Windows\System\xHPBHtF.exe
  C:\Windows\System\xHPBHtF.exe
  2⤵
  PID:1032
- C:\Windows\System\lLspMEL.exe
  C:\Windows\System\lLspMEL.exe
  2⤵
  PID:3172
- C:\Windows\System\zXXKvJe.exe
  C:\Windows\System\zXXKvJe.exe
  2⤵
  PID:1756
- C:\Windows\System\HvMCXYt.exe
  C:\Windows\System\HvMCXYt.exe
  2⤵
  PID:1792
- C:\Windows\System\QNIylMo.exe
  C:\Windows\System\QNIylMo.exe
  2⤵
  PID:3340
- C:\Windows\System\zehEVDY.exe
  C:\Windows\System\zehEVDY.exe
  2⤵
  PID:1972
- C:\Windows\System\BHCNOyT.exe
  C:\Windows\System\BHCNOyT.exe
  2⤵
  PID:2960
- C:\Windows\System\sNvlQiL.exe
  C:\Windows\System\sNvlQiL.exe
  2⤵
  PID:4924
- C:\Windows\System\lhHKVpW.exe
  C:\Windows\System\lhHKVpW.exe
  2⤵
  PID:4176
- C:\Windows\System\JiApZKs.exe
  C:\Windows\System\JiApZKs.exe
  2⤵
  PID:1672
- C:\Windows\System\etHLoJO.exe
  C:\Windows\System\etHLoJO.exe
  2⤵
  PID:5140
- C:\Windows\System\MhItpir.exe
  C:\Windows\System\MhItpir.exe
  2⤵
  PID:5168
- C:\Windows\System\kRMPUPy.exe
  C:\Windows\System\kRMPUPy.exe
  2⤵
  PID:5192
- C:\Windows\System\DrzamgG.exe
  C:\Windows\System\DrzamgG.exe
  2⤵
  PID:5224
- C:\Windows\System\bDnhaxH.exe
  C:\Windows\System\bDnhaxH.exe
  2⤵
  PID:5252
- C:\Windows\System\VZyfknz.exe
  C:\Windows\System\VZyfknz.exe
  2⤵
  PID:5280
- C:\Windows\System\drRgnmk.exe
  C:\Windows\System\drRgnmk.exe
  2⤵
  PID:5308
- C:\Windows\System\qdpCQvM.exe
  C:\Windows\System\qdpCQvM.exe
  2⤵
  PID:5336
- C:\Windows\System\JaGetbH.exe
  C:\Windows\System\JaGetbH.exe
  2⤵
  PID:5364
- C:\Windows\System\nxFAORW.exe
  C:\Windows\System\nxFAORW.exe
  2⤵
  PID:5392
- C:\Windows\System\nUDTCFi.exe
  C:\Windows\System\nUDTCFi.exe
  2⤵
  PID:5420
- C:\Windows\System\JmsaEKt.exe
  C:\Windows\System\JmsaEKt.exe
  2⤵
  PID:5452
- C:\Windows\System\nJNcyLq.exe
  C:\Windows\System\nJNcyLq.exe
  2⤵
  PID:5480
- C:\Windows\System\SgBpKHx.exe
  C:\Windows\System\SgBpKHx.exe
  2⤵
  PID:5508
- C:\Windows\System\bMQhxfG.exe
  C:\Windows\System\bMQhxfG.exe
  2⤵
  PID:5536
- C:\Windows\System\zIKEVFj.exe
  C:\Windows\System\zIKEVFj.exe
  2⤵
  PID:5564
- C:\Windows\System\OTWHUIe.exe
  C:\Windows\System\OTWHUIe.exe
  2⤵
  PID:5592
- C:\Windows\System\TOKkgCI.exe
  C:\Windows\System\TOKkgCI.exe
  2⤵
  PID:5616
- C:\Windows\System\JSNbRkH.exe
  C:\Windows\System\JSNbRkH.exe
  2⤵
  PID:5648
- C:\Windows\System\fidQtsa.exe
  C:\Windows\System\fidQtsa.exe
  2⤵
  PID:5676
- C:\Windows\System\pleNSkT.exe
  C:\Windows\System\pleNSkT.exe
  2⤵
  PID:5704
- C:\Windows\System\VzdrTga.exe
  C:\Windows\System\VzdrTga.exe
  2⤵
  PID:5732
- C:\Windows\System\ZPBYaPq.exe
  C:\Windows\System\ZPBYaPq.exe
  2⤵
  PID:5760
- C:\Windows\System\KPhsqmR.exe
  C:\Windows\System\KPhsqmR.exe
  2⤵
  PID:5788
- C:\Windows\System\cxDNGhw.exe
  C:\Windows\System\cxDNGhw.exe
  2⤵
  PID:5816
- C:\Windows\System\NRsjSNX.exe
  C:\Windows\System\NRsjSNX.exe
  2⤵
  PID:5844
- C:\Windows\System\WTRgfnb.exe
  C:\Windows\System\WTRgfnb.exe
  2⤵
  PID:5872
- C:\Windows\System\XxWaOck.exe
  C:\Windows\System\XxWaOck.exe
  2⤵
  PID:5900
- C:\Windows\System\QjjKWJp.exe
  C:\Windows\System\QjjKWJp.exe
  2⤵
  PID:5928
- C:\Windows\System\ohTTOyV.exe
  C:\Windows\System\ohTTOyV.exe
  2⤵
  PID:5956
- C:\Windows\System\niHuSrn.exe
  C:\Windows\System\niHuSrn.exe
  2⤵
  PID:5984
- C:\Windows\System\OhLwGwj.exe
  C:\Windows\System\OhLwGwj.exe
  2⤵
  PID:6012
- C:\Windows\System\FOTKFJy.exe
  C:\Windows\System\FOTKFJy.exe
  2⤵
  PID:6040
- C:\Windows\System\JlVVsgx.exe
  C:\Windows\System\JlVVsgx.exe
  2⤵
  PID:6068
- C:\Windows\System\TGQQxhk.exe
  C:\Windows\System\TGQQxhk.exe
  2⤵
  PID:6096
- C:\Windows\System\OLPoCsO.exe
  C:\Windows\System\OLPoCsO.exe
  2⤵
  PID:6124
- C:\Windows\System\NaUJdWY.exe
  C:\Windows\System\NaUJdWY.exe
  2⤵
  PID:2556
- C:\Windows\System\RnRDduH.exe
  C:\Windows\System\RnRDduH.exe
  2⤵
  PID:1196
- C:\Windows\System\iFbyRvF.exe
  C:\Windows\System\iFbyRvF.exe
  2⤵
  PID:3284
- C:\Windows\System\TWuKXfI.exe
  C:\Windows\System\TWuKXfI.exe
  2⤵
  PID:2520
- C:\Windows\System\lwDOYHh.exe
  C:\Windows\System\lwDOYHh.exe
  2⤵
  PID:3736
- C:\Windows\System\uvtOArL.exe
  C:\Windows\System\uvtOArL.exe
  2⤵
  PID:1560
- C:\Windows\System\nwXuuOv.exe
  C:\Windows\System\nwXuuOv.exe
  2⤵
  PID:5160
- C:\Windows\System\HOdmEMa.exe
  C:\Windows\System\HOdmEMa.exe
  2⤵
  PID:5236
- C:\Windows\System\MqApfSJ.exe
  C:\Windows\System\MqApfSJ.exe
  2⤵
  PID:5296
- C:\Windows\System\muNJCfC.exe
  C:\Windows\System\muNJCfC.exe
  2⤵
  PID:5356
- C:\Windows\System\FfWVnQI.exe
  C:\Windows\System\FfWVnQI.exe
  2⤵
  PID:5436
- C:\Windows\System\EUBLfLR.exe
  C:\Windows\System\EUBLfLR.exe
  2⤵
  PID:5496
- C:\Windows\System\EKkSqEW.exe
  C:\Windows\System\EKkSqEW.exe
  2⤵
  PID:5556
- C:\Windows\System\JMHspGf.exe
  C:\Windows\System\JMHspGf.exe
  2⤵
  PID:5632
- C:\Windows\System\NzivieO.exe
  C:\Windows\System\NzivieO.exe
  2⤵
  PID:5692
- C:\Windows\System\SvfEmxG.exe
  C:\Windows\System\SvfEmxG.exe
  2⤵
  PID:5748
- C:\Windows\System\kRryzHU.exe
  C:\Windows\System\kRryzHU.exe
  2⤵
  PID:5808
- C:\Windows\System\HHDITmw.exe
  C:\Windows\System\HHDITmw.exe
  2⤵
  PID:5884
- C:\Windows\System\oKKZOyF.exe
  C:\Windows\System\oKKZOyF.exe
  2⤵
  PID:5920
- C:\Windows\System\DqHFvcZ.exe
  C:\Windows\System\DqHFvcZ.exe
  2⤵
  PID:6000
- C:\Windows\System\bjWomWk.exe
  C:\Windows\System\bjWomWk.exe
  2⤵
  PID:6052
- C:\Windows\System\hjWOWee.exe
  C:\Windows\System\hjWOWee.exe
  2⤵
  PID:6112
- C:\Windows\System\aohYudx.exe
  C:\Windows\System\aohYudx.exe
  2⤵
  PID:2528
- C:\Windows\System\biQQCUV.exe
  C:\Windows\System\biQQCUV.exe
  2⤵
  PID:800
- C:\Windows\System\hhiQouz.exe
  C:\Windows\System\hhiQouz.exe
  2⤵
  PID:5132
- C:\Windows\System\wEfwPbQ.exe
  C:\Windows\System\wEfwPbQ.exe
  2⤵
  PID:5272
- C:\Windows\System\LOxEQGs.exe
  C:\Windows\System\LOxEQGs.exe
  2⤵
  PID:5464
- C:\Windows\System\jdrXvPV.exe
  C:\Windows\System\jdrXvPV.exe
  2⤵
  PID:5604
- C:\Windows\System\LIHedMI.exe
  C:\Windows\System\LIHedMI.exe
  2⤵
  PID:5724
- C:\Windows\System\zYYnbch.exe
  C:\Windows\System\zYYnbch.exe
  2⤵
  PID:5892
- C:\Windows\System\wBSXPaf.exe
  C:\Windows\System\wBSXPaf.exe
  2⤵
  PID:6028
- C:\Windows\System\mVZjhII.exe
  C:\Windows\System\mVZjhII.exe
  2⤵
  PID:1076
- C:\Windows\System\KTccZfr.exe
  C:\Windows\System\KTccZfr.exe
  2⤵
  PID:6164
- C:\Windows\System\QEAJEVF.exe
  C:\Windows\System\QEAJEVF.exe
  2⤵
  PID:6192
- C:\Windows\System\QxyLSvl.exe
  C:\Windows\System\QxyLSvl.exe
  2⤵
  PID:6220
- C:\Windows\System\tJGfWex.exe
  C:\Windows\System\tJGfWex.exe
  2⤵
  PID:6248
- C:\Windows\System\NwlMuKz.exe
  C:\Windows\System\NwlMuKz.exe
  2⤵
  PID:6276
- C:\Windows\System\VXpdgLG.exe
  C:\Windows\System\VXpdgLG.exe
  2⤵
  PID:6304
- C:\Windows\System\XpXlycY.exe
  C:\Windows\System\XpXlycY.exe
  2⤵
  PID:6332
- C:\Windows\System\aFckUWR.exe
  C:\Windows\System\aFckUWR.exe
  2⤵
  PID:6360
- C:\Windows\System\VPQVuiT.exe
  C:\Windows\System\VPQVuiT.exe
  2⤵
  PID:6388
- C:\Windows\System\BecivgU.exe
  C:\Windows\System\BecivgU.exe
  2⤵
  PID:6416
- C:\Windows\System\hwzpfOk.exe
  C:\Windows\System\hwzpfOk.exe
  2⤵
  PID:6444
- C:\Windows\System\rufAXNx.exe
  C:\Windows\System\rufAXNx.exe
  2⤵
  PID:6472
- C:\Windows\System\sUvsEDD.exe
  C:\Windows\System\sUvsEDD.exe
  2⤵
  PID:6500
- C:\Windows\System\NfKHzPw.exe
  C:\Windows\System\NfKHzPw.exe
  2⤵
  PID:6528
- C:\Windows\System\CgonIUY.exe
  C:\Windows\System\CgonIUY.exe
  2⤵
  PID:6560
- C:\Windows\System\zQYwQTg.exe
  C:\Windows\System\zQYwQTg.exe
  2⤵
  PID:6584
- C:\Windows\System\farEnfe.exe
  C:\Windows\System\farEnfe.exe
  2⤵
  PID:6612
- C:\Windows\System\vsFyPwJ.exe
  C:\Windows\System\vsFyPwJ.exe
  2⤵
  PID:6640
- C:\Windows\System\kmGTDap.exe
  C:\Windows\System\kmGTDap.exe
  2⤵
  PID:6668
- C:\Windows\System\XKduHvA.exe
  C:\Windows\System\XKduHvA.exe
  2⤵
  PID:6696
- C:\Windows\System\ZmvOLzd.exe
  C:\Windows\System\ZmvOLzd.exe
  2⤵
  PID:6724
- C:\Windows\System\VsWvZIV.exe
  C:\Windows\System\VsWvZIV.exe
  2⤵
  PID:6752
- C:\Windows\System\uodBmTM.exe
  C:\Windows\System\uodBmTM.exe
  2⤵
  PID:6780
- C:\Windows\System\vANzjuR.exe
  C:\Windows\System\vANzjuR.exe
  2⤵
  PID:6808
- C:\Windows\System\banLVui.exe
  C:\Windows\System\banLVui.exe
  2⤵
  PID:6836
- C:\Windows\System\InbhiEr.exe
  C:\Windows\System\InbhiEr.exe
  2⤵
  PID:6864
- C:\Windows\System\QSBCtky.exe
  C:\Windows\System\QSBCtky.exe
  2⤵
  PID:6892
- C:\Windows\System\GCYeDIH.exe
  C:\Windows\System\GCYeDIH.exe
  2⤵
  PID:6920
- C:\Windows\System\BYCraIl.exe
  C:\Windows\System\BYCraIl.exe
  2⤵
  PID:6948
- C:\Windows\System\ptjPoAl.exe
  C:\Windows\System\ptjPoAl.exe
  2⤵
  PID:6976
- C:\Windows\System\MqSmygv.exe
  C:\Windows\System\MqSmygv.exe
  2⤵
  PID:7004
- C:\Windows\System\eebNcia.exe
  C:\Windows\System\eebNcia.exe
  2⤵
  PID:7032
- C:\Windows\System\OgHgiYA.exe
  C:\Windows\System\OgHgiYA.exe
  2⤵
  PID:7060
- C:\Windows\System\bYiVJfp.exe
  C:\Windows\System\bYiVJfp.exe
  2⤵
  PID:7088
- C:\Windows\System\XIKEOiI.exe
  C:\Windows\System\XIKEOiI.exe
  2⤵
  PID:7116
- C:\Windows\System\JZYZGaY.exe
  C:\Windows\System\JZYZGaY.exe
  2⤵
  PID:7144
- C:\Windows\System\aKPDHPg.exe
  C:\Windows\System\aKPDHPg.exe
  2⤵
  PID:5032
- C:\Windows\System\XoQYaoY.exe
  C:\Windows\System\XoQYaoY.exe
  2⤵
  PID:5212
- C:\Windows\System\lrdomsU.exe
  C:\Windows\System\lrdomsU.exe
  2⤵
  PID:5548
- C:\Windows\System\fzppzsT.exe
  C:\Windows\System\fzppzsT.exe
  2⤵
  PID:5968
- C:\Windows\System\nAMZXXE.exe
  C:\Windows\System\nAMZXXE.exe
  2⤵
  PID:6148
- C:\Windows\System\tntZQMK.exe
  C:\Windows\System\tntZQMK.exe
  2⤵
  PID:6208
- C:\Windows\System\xKhrZbq.exe
  C:\Windows\System\xKhrZbq.exe
  2⤵
  PID:6348
- C:\Windows\System\GTATFyu.exe
  C:\Windows\System\GTATFyu.exe
  2⤵
  PID:6432
- C:\Windows\System\FSDZalk.exe
  C:\Windows\System\FSDZalk.exe
  2⤵
  PID:2184
- C:\Windows\System\UhUaWoe.exe
  C:\Windows\System\UhUaWoe.exe
  2⤵
  PID:6520
- C:\Windows\System\zkGeaus.exe
  C:\Windows\System\zkGeaus.exe
  2⤵
  PID:6596
- C:\Windows\System\zNQUYWD.exe
  C:\Windows\System\zNQUYWD.exe
  2⤵
  PID:1612
- C:\Windows\System\sknlDYb.exe
  C:\Windows\System\sknlDYb.exe
  2⤵
  PID:2436
- C:\Windows\System\reZvzFm.exe
  C:\Windows\System\reZvzFm.exe
  2⤵
  PID:6712
- C:\Windows\System\cDwANnG.exe
  C:\Windows\System\cDwANnG.exe
  2⤵
  PID:6800
- C:\Windows\System\YRgSUTC.exe
  C:\Windows\System\YRgSUTC.exe
  2⤵
  PID:6856
- C:\Windows\System\CRzUJaT.exe
  C:\Windows\System\CRzUJaT.exe
  2⤵
  PID:6940
- C:\Windows\System\QkIowFQ.exe
  C:\Windows\System\QkIowFQ.exe
  2⤵
  PID:6992
- C:\Windows\System\FXMBMMh.exe
  C:\Windows\System\FXMBMMh.exe
  2⤵
  PID:7052
- C:\Windows\System\eQjPWVf.exe
  C:\Windows\System\eQjPWVf.exe
  2⤵
  PID:7104
- C:\Windows\System\wwWYvoO.exe
  C:\Windows\System\wwWYvoO.exe
  2⤵
  PID:816
- C:\Windows\System\AHgAMZB.exe
  C:\Windows\System\AHgAMZB.exe
  2⤵
  PID:4028
- C:\Windows\System\euSCnKs.exe
  C:\Windows\System\euSCnKs.exe
  2⤵
  PID:3624
- C:\Windows\System\OAquvaZ.exe
  C:\Windows\System\OAquvaZ.exe
  2⤵
  PID:5096
- C:\Windows\System\KYxFKXc.exe
  C:\Windows\System\KYxFKXc.exe
  2⤵
  PID:6176
- C:\Windows\System\zQvUIWR.exe
  C:\Windows\System\zQvUIWR.exe
  2⤵
  PID:1864
- C:\Windows\System\FxFPpNb.exe
  C:\Windows\System\FxFPpNb.exe
  2⤵
  PID:6656
- C:\Windows\System\rBNkVrY.exe
  C:\Windows\System\rBNkVrY.exe
  2⤵
  PID:7080
- C:\Windows\System\FEyzBbv.exe
  C:\Windows\System\FEyzBbv.exe
  2⤵
  PID:2312
- C:\Windows\System\UoLLvwf.exe
  C:\Windows\System\UoLLvwf.exe
  2⤵
  PID:1064
- C:\Windows\System\CxaMdfC.exe
  C:\Windows\System\CxaMdfC.exe
  2⤵
  PID:6296
- C:\Windows\System\jkscXZe.exe
  C:\Windows\System\jkscXZe.exe
  2⤵
  PID:4588
- C:\Windows\System\rTilHMJ.exe
  C:\Windows\System\rTilHMJ.exe
  2⤵
  PID:6344
- C:\Windows\System\VObwisk.exe
  C:\Windows\System\VObwisk.exe
  2⤵
  PID:1572
- C:\Windows\System\raAcpZh.exe
  C:\Windows\System\raAcpZh.exe
  2⤵
  PID:6772
- C:\Windows\System\pZLMfWi.exe
  C:\Windows\System\pZLMfWi.exe
  2⤵
  PID:7128
- C:\Windows\System\gIEzzbk.exe
  C:\Windows\System\gIEzzbk.exe
  2⤵
  PID:2128
- C:\Windows\System\QbsQmKS.exe
  C:\Windows\System\QbsQmKS.exe
  2⤵
  PID:376
- C:\Windows\System\NuyBVFX.exe
  C:\Windows\System\NuyBVFX.exe
  2⤵
  PID:4484
- C:\Windows\System\cqhEAWx.exe
  C:\Windows\System\cqhEAWx.exe
  2⤵
  PID:6408
- C:\Windows\System\bbqMgou.exe
  C:\Windows\System\bbqMgou.exe
  2⤵
  PID:6824
- C:\Windows\System\BNVVLmS.exe
  C:\Windows\System\BNVVLmS.exe
  2⤵
  PID:7188
- C:\Windows\System\TFsTuFA.exe
  C:\Windows\System\TFsTuFA.exe
  2⤵
  PID:7204
- C:\Windows\System\eDHPkeg.exe
  C:\Windows\System\eDHPkeg.exe
  2⤵
  PID:7240
- C:\Windows\System\enBWGvI.exe
  C:\Windows\System\enBWGvI.exe
  2⤵
  PID:7276
- C:\Windows\System\sJiFCvr.exe
  C:\Windows\System\sJiFCvr.exe
  2⤵
  PID:7304
- C:\Windows\System\qnqFcxM.exe
  C:\Windows\System\qnqFcxM.exe
  2⤵
  PID:7324
- C:\Windows\System\tIWOtzP.exe
  C:\Windows\System\tIWOtzP.exe
  2⤵
  PID:7348
- C:\Windows\System\pxSlcNz.exe
  C:\Windows\System\pxSlcNz.exe
  2⤵
  PID:7376
- C:\Windows\System\YLjycZU.exe
  C:\Windows\System\YLjycZU.exe
  2⤵
  PID:7404
- C:\Windows\System\GNqzXks.exe
  C:\Windows\System\GNqzXks.exe
  2⤵
  PID:7444
- C:\Windows\System\JhUzzCj.exe
  C:\Windows\System\JhUzzCj.exe
  2⤵
  PID:7476
- C:\Windows\System\vgQiSIK.exe
  C:\Windows\System\vgQiSIK.exe
  2⤵
  PID:7492
- C:\Windows\System\UqtPxLF.exe
  C:\Windows\System\UqtPxLF.exe
  2⤵
  PID:7524
- C:\Windows\System\yMuhBXq.exe
  C:\Windows\System\yMuhBXq.exe
  2⤵
  PID:7560
- C:\Windows\System\TvmGOuS.exe
  C:\Windows\System\TvmGOuS.exe
  2⤵
  PID:7576
- C:\Windows\System\zbkDjDV.exe
  C:\Windows\System\zbkDjDV.exe
  2⤵
  PID:7604
- C:\Windows\System\DCwLrnv.exe
  C:\Windows\System\DCwLrnv.exe
  2⤵
  PID:7640
- C:\Windows\System\giaNZJs.exe
  C:\Windows\System\giaNZJs.exe
  2⤵
  PID:7660
- C:\Windows\System\oapAmrw.exe
  C:\Windows\System\oapAmrw.exe
  2⤵
  PID:7700
- C:\Windows\System\bLIAOyD.exe
  C:\Windows\System\bLIAOyD.exe
  2⤵
  PID:7728
- C:\Windows\System\MmbPeNO.exe
  C:\Windows\System\MmbPeNO.exe
  2⤵
  PID:7752
- C:\Windows\System\iwHtTUo.exe
  C:\Windows\System\iwHtTUo.exe
  2⤵
  PID:7772
- C:\Windows\System\bRWUQXO.exe
  C:\Windows\System\bRWUQXO.exe
  2⤵
  PID:7800
- C:\Windows\System\ZiOfaTU.exe
  C:\Windows\System\ZiOfaTU.exe
  2⤵
  PID:7840
- C:\Windows\System\KKiJMxW.exe
  C:\Windows\System\KKiJMxW.exe
  2⤵
  PID:7868
- C:\Windows\System\zGcjkAZ.exe
  C:\Windows\System\zGcjkAZ.exe
  2⤵
  PID:7900
- C:\Windows\System\tKUqfUF.exe
  C:\Windows\System\tKUqfUF.exe
  2⤵
  PID:7936
- C:\Windows\System\SBcZOcS.exe
  C:\Windows\System\SBcZOcS.exe
  2⤵
  PID:7972
- C:\Windows\System\QpWZAPi.exe
  C:\Windows\System\QpWZAPi.exe
  2⤵
  PID:8000
- C:\Windows\System\YrCXsyR.exe
  C:\Windows\System\YrCXsyR.exe
  2⤵
  PID:8032
- C:\Windows\System\JthXACC.exe
  C:\Windows\System\JthXACC.exe
  2⤵
  PID:8060
- C:\Windows\System\XsyqCfb.exe
  C:\Windows\System\XsyqCfb.exe
  2⤵
  PID:8076
- C:\Windows\System\FIZvMxC.exe
  C:\Windows\System\FIZvMxC.exe
  2⤵
  PID:8116
- C:\Windows\System\UBLxMcK.exe
  C:\Windows\System\UBLxMcK.exe
  2⤵
  PID:8136
- C:\Windows\System\vNEOarG.exe
  C:\Windows\System\vNEOarG.exe
  2⤵
  PID:8164
- C:\Windows\System\SWsIVnI.exe
  C:\Windows\System\SWsIVnI.exe
  2⤵
  PID:7212
- C:\Windows\System\rdFHFOg.exe
  C:\Windows\System\rdFHFOg.exe
  2⤵
  PID:7296
- C:\Windows\System\qBmiYXs.exe
  C:\Windows\System\qBmiYXs.exe
  2⤵
  PID:7400
- C:\Windows\System\NbpAonS.exe
  C:\Windows\System\NbpAonS.exe
  2⤵
  PID:7468
- C:\Windows\System\bNcDYiQ.exe
  C:\Windows\System\bNcDYiQ.exe
  2⤵
  PID:7508
- C:\Windows\System\BqQwHGP.exe
  C:\Windows\System\BqQwHGP.exe
  2⤵
  PID:7588
- C:\Windows\System\vKUQIQg.exe
  C:\Windows\System\vKUQIQg.exe
  2⤵
  PID:7684
- C:\Windows\System\rAswjVe.exe
  C:\Windows\System\rAswjVe.exe
  2⤵
  PID:7784
- C:\Windows\System\AugUefc.exe
  C:\Windows\System\AugUefc.exe
  2⤵
  PID:7852
- C:\Windows\System\sVaYQWs.exe
  C:\Windows\System\sVaYQWs.exe
  2⤵
  PID:7896
- C:\Windows\System\gXziWpw.exe
  C:\Windows\System\gXziWpw.exe
  2⤵
  PID:7952
- C:\Windows\System\NGbltHo.exe
  C:\Windows\System\NGbltHo.exe
  2⤵
  PID:8048
- C:\Windows\System\PKDBHls.exe
  C:\Windows\System\PKDBHls.exe
  2⤵
  PID:8108
- C:\Windows\System\KOxIeox.exe
  C:\Windows\System\KOxIeox.exe
  2⤵
  PID:684
- C:\Windows\System\FZhNpzW.exe
  C:\Windows\System\FZhNpzW.exe
  2⤵
  PID:7388
- C:\Windows\System\SWpDJRs.exe
  C:\Windows\System\SWpDJRs.exe
  2⤵
  PID:7504
- C:\Windows\System\AQZokVN.exe
  C:\Windows\System\AQZokVN.exe
  2⤵
  PID:7632
- C:\Windows\System\ImnlDKz.exe
  C:\Windows\System\ImnlDKz.exe
  2⤵
  PID:7956
- C:\Windows\System\yiBYgYh.exe
  C:\Windows\System\yiBYgYh.exe
  2⤵
  PID:8068
- C:\Windows\System\tTvqiXG.exe
  C:\Windows\System\tTvqiXG.exe
  2⤵
  PID:8152
- C:\Windows\System\PIjAodf.exe
  C:\Windows\System\PIjAodf.exe
  2⤵
  PID:7764
- C:\Windows\System\jXQbMki.exe
  C:\Windows\System\jXQbMki.exe
  2⤵
  PID:8020
- C:\Windows\System\IjyTSEl.exe
  C:\Windows\System\IjyTSEl.exe
  2⤵
  PID:7532
- C:\Windows\System\TDiTHdM.exe
  C:\Windows\System\TDiTHdM.exe
  2⤵
  PID:8148
- C:\Windows\System\DlZyfKj.exe
  C:\Windows\System\DlZyfKj.exe
  2⤵
  PID:8216
- C:\Windows\System\XYBrrGz.exe
  C:\Windows\System\XYBrrGz.exe
  2⤵
  PID:8248
- C:\Windows\System\vxriwwD.exe
  C:\Windows\System\vxriwwD.exe
  2⤵
  PID:8284
- C:\Windows\System\ZjUdKlt.exe
  C:\Windows\System\ZjUdKlt.exe
  2⤵
  PID:8316
- C:\Windows\System\NIcGcdx.exe
  C:\Windows\System\NIcGcdx.exe
  2⤵
  PID:8360
- C:\Windows\System\IYfdCWI.exe
  C:\Windows\System\IYfdCWI.exe
  2⤵
  PID:8388
- C:\Windows\System\xuhVhwK.exe
  C:\Windows\System\xuhVhwK.exe
  2⤵
  PID:8436
- C:\Windows\System\iEkpINB.exe
  C:\Windows\System\iEkpINB.exe
  2⤵
  PID:8464
- C:\Windows\System\eLoePRF.exe
  C:\Windows\System\eLoePRF.exe
  2⤵
  PID:8488
- C:\Windows\System\GSsFvWY.exe
  C:\Windows\System\GSsFvWY.exe
  2⤵
  PID:8520
- C:\Windows\System\VaNaFfV.exe
  C:\Windows\System\VaNaFfV.exe
  2⤵
  PID:8548
- C:\Windows\System\aKgSxQJ.exe
  C:\Windows\System\aKgSxQJ.exe
  2⤵
  PID:8568
- C:\Windows\System\XxlMxzC.exe
  C:\Windows\System\XxlMxzC.exe
  2⤵
  PID:8596
- C:\Windows\System\clbATDY.exe
  C:\Windows\System\clbATDY.exe
  2⤵
  PID:8624
- C:\Windows\System\HloGnnP.exe
  C:\Windows\System\HloGnnP.exe
  2⤵
  PID:8640
- C:\Windows\System\VEFuIvT.exe
  C:\Windows\System\VEFuIvT.exe
  2⤵
  PID:8672
- C:\Windows\System\jaOEJIK.exe
  C:\Windows\System\jaOEJIK.exe
  2⤵
  PID:8712
- C:\Windows\System\MYnZJFC.exe
  C:\Windows\System\MYnZJFC.exe
  2⤵
  PID:8736
- C:\Windows\System\rwCWkPn.exe
  C:\Windows\System\rwCWkPn.exe
  2⤵
  PID:8764
- C:\Windows\System\bbGpTJZ.exe
  C:\Windows\System\bbGpTJZ.exe
  2⤵
  PID:8808
- C:\Windows\System\jMVFYlC.exe
  C:\Windows\System\jMVFYlC.exe
  2⤵
  PID:8836
- C:\Windows\System\DdYSbDe.exe
  C:\Windows\System\DdYSbDe.exe
  2⤵
  PID:8856
- C:\Windows\System\dGateHY.exe
  C:\Windows\System\dGateHY.exe
  2⤵
  PID:8884
- C:\Windows\System\UJqiMzj.exe
  C:\Windows\System\UJqiMzj.exe
  2⤵
  PID:8920
- C:\Windows\System\IVKFnvN.exe
  C:\Windows\System\IVKFnvN.exe
  2⤵
  PID:8940
- C:\Windows\System\WKeuBpS.exe
  C:\Windows\System\WKeuBpS.exe
  2⤵
  PID:8972
- C:\Windows\System\vrMRQSR.exe
  C:\Windows\System\vrMRQSR.exe
  2⤵
  PID:8996
- C:\Windows\System\SwtoYRA.exe
  C:\Windows\System\SwtoYRA.exe
  2⤵
  PID:9024
- C:\Windows\System\eMpCayS.exe
  C:\Windows\System\eMpCayS.exe
  2⤵
  PID:9052
- C:\Windows\System\HCvRueB.exe
  C:\Windows\System\HCvRueB.exe
  2⤵
  PID:9080
- C:\Windows\System\pwZbUdA.exe
  C:\Windows\System\pwZbUdA.exe
  2⤵
  PID:9124
- C:\Windows\System\SrOTzDQ.exe
  C:\Windows\System\SrOTzDQ.exe
  2⤵
  PID:9152
- C:\Windows\System\VZdmekr.exe
  C:\Windows\System\VZdmekr.exe
  2⤵
  PID:9176
- C:\Windows\System\XpbSizZ.exe
  C:\Windows\System\XpbSizZ.exe
  2⤵
  PID:9208
- C:\Windows\System\hpXqCYS.exe
  C:\Windows\System\hpXqCYS.exe
  2⤵
  PID:8196
- C:\Windows\System\YnbMWwC.exe
  C:\Windows\System\YnbMWwC.exe
  2⤵
  PID:8308
- C:\Windows\System\kLMCako.exe
  C:\Windows\System\kLMCako.exe
  2⤵
  PID:8352
- C:\Windows\System\hwUWern.exe
  C:\Windows\System\hwUWern.exe
  2⤵
  PID:3916
- C:\Windows\System\KOFYJMG.exe
  C:\Windows\System\KOFYJMG.exe
  2⤵
  PID:8472
- C:\Windows\System\wnHbIbp.exe
  C:\Windows\System\wnHbIbp.exe
  2⤵
  PID:8540
- C:\Windows\System\DQmsRMJ.exe
  C:\Windows\System\DQmsRMJ.exe
  2⤵
  PID:8576
- C:\Windows\System\TYGbREx.exe
  C:\Windows\System\TYGbREx.exe
  2⤵
  PID:8608
- C:\Windows\System\XwaSbHs.exe
  C:\Windows\System\XwaSbHs.exe
  2⤵
  PID:8720
- C:\Windows\System\vxcmyFq.exe
  C:\Windows\System\vxcmyFq.exe
  2⤵
  PID:8780
- C:\Windows\System\BuoAkNZ.exe
  C:\Windows\System\BuoAkNZ.exe
  2⤵
  PID:8848
- C:\Windows\System\MfQnSsM.exe
  C:\Windows\System\MfQnSsM.exe
  2⤵
  PID:8932
- C:\Windows\System\ZoBDHRX.exe
  C:\Windows\System\ZoBDHRX.exe
  2⤵
  PID:9008
- C:\Windows\System\KdRgMqm.exe
  C:\Windows\System\KdRgMqm.exe
  2⤵
  PID:9064
- C:\Windows\System\ELHNKQB.exe
  C:\Windows\System\ELHNKQB.exe
  2⤵
  PID:9144
- C:\Windows\System\MHRNxYf.exe
  C:\Windows\System\MHRNxYf.exe
  2⤵
  PID:9200
- C:\Windows\System\bByRyMq.exe
  C:\Windows\System\bByRyMq.exe
  2⤵
  PID:8304
- C:\Windows\System\zVWdtZu.exe
  C:\Windows\System\zVWdtZu.exe
  2⤵
  PID:8344
- C:\Windows\System\HyjBwza.exe
  C:\Windows\System\HyjBwza.exe
  2⤵
  PID:8632
- C:\Windows\System\vGHCstu.exe
  C:\Windows\System\vGHCstu.exe
  2⤵
  PID:8668
- C:\Windows\System\eJKeLag.exe
  C:\Windows\System\eJKeLag.exe
  2⤵
  PID:8928
- C:\Windows\System\vaEgdMi.exe
  C:\Windows\System\vaEgdMi.exe
  2⤵
  PID:9044
- C:\Windows\System\HchhQIL.exe
  C:\Windows\System\HchhQIL.exe
  2⤵
  PID:9108
- C:\Windows\System\oJkJhRn.exe
  C:\Windows\System\oJkJhRn.exe
  2⤵
  PID:8484
- C:\Windows\System\ktfXjAd.exe
  C:\Windows\System\ktfXjAd.exe
  2⤵
  PID:8852
- C:\Windows\System\geHATaK.exe
  C:\Windows\System\geHATaK.exe
  2⤵
  PID:8992
- C:\Windows\System\GXHuaGH.exe
  C:\Windows\System\GXHuaGH.exe
  2⤵
  PID:8268
- C:\Windows\System\OGlXuZm.exe
  C:\Windows\System\OGlXuZm.exe
  2⤵
  PID:8556
- C:\Windows\System\gfFzREI.exe
  C:\Windows\System\gfFzREI.exe
  2⤵
  PID:9240
- C:\Windows\System\njgFXpn.exe
  C:\Windows\System\njgFXpn.exe
  2⤵
  PID:9320
- C:\Windows\System\eOLJIOi.exe
  C:\Windows\System\eOLJIOi.exe
  2⤵
  PID:9348
- C:\Windows\System\GxUeGjr.exe
  C:\Windows\System\GxUeGjr.exe
  2⤵
  PID:9380
- C:\Windows\System\nCjPKeM.exe
  C:\Windows\System\nCjPKeM.exe
  2⤵
  PID:9404
- C:\Windows\System\tXVKTqM.exe
  C:\Windows\System\tXVKTqM.exe
  2⤵
  PID:9432
- C:\Windows\System\BqqvwKS.exe
  C:\Windows\System\BqqvwKS.exe
  2⤵
  PID:9460
- C:\Windows\System\IBIgiBQ.exe
  C:\Windows\System\IBIgiBQ.exe
  2⤵
  PID:9480
- C:\Windows\System\byovXdw.exe
  C:\Windows\System\byovXdw.exe
  2⤵
  PID:9512
- C:\Windows\System\tfJFAbK.exe
  C:\Windows\System\tfJFAbK.exe
  2⤵
  PID:9548
- C:\Windows\System\lOJCuhF.exe
  C:\Windows\System\lOJCuhF.exe
  2⤵
  PID:9576
- C:\Windows\System\UDshqwB.exe
  C:\Windows\System\UDshqwB.exe
  2⤵
  PID:9592
- C:\Windows\System\DDHJSBz.exe
  C:\Windows\System\DDHJSBz.exe
  2⤵
  PID:9620
- C:\Windows\System\wEwOAee.exe
  C:\Windows\System\wEwOAee.exe
  2⤵
  PID:9660
- C:\Windows\System\CzvIHMC.exe
  C:\Windows\System\CzvIHMC.exe
  2⤵
  PID:9688
- C:\Windows\System\KIbtyEF.exe
  C:\Windows\System\KIbtyEF.exe
  2⤵
  PID:9716
- C:\Windows\System\HxEdRXl.exe
  C:\Windows\System\HxEdRXl.exe
  2⤵
  PID:9740
- C:\Windows\System\zwlvVis.exe
  C:\Windows\System\zwlvVis.exe
  2⤵
  PID:9760
- C:\Windows\System\TLGYfOg.exe
  C:\Windows\System\TLGYfOg.exe
  2⤵
  PID:9788
- C:\Windows\System\oBrVUnK.exe
  C:\Windows\System\oBrVUnK.exe
  2⤵
  PID:9816
- C:\Windows\System\tOhyLSe.exe
  C:\Windows\System\tOhyLSe.exe
  2⤵
  PID:9856
- C:\Windows\System\grmqSCm.exe
  C:\Windows\System\grmqSCm.exe
  2⤵
  PID:9888
- C:\Windows\System\KaNGWHo.exe
  C:\Windows\System\KaNGWHo.exe
  2⤵
  PID:9904
- C:\Windows\System\RNXHrCe.exe
  C:\Windows\System\RNXHrCe.exe
  2⤵
  PID:9932
- C:\Windows\System\dpwZlbg.exe
  C:\Windows\System\dpwZlbg.exe
  2⤵
  PID:9972
- C:\Windows\System\WNLHOHf.exe
  C:\Windows\System\WNLHOHf.exe
  2⤵
  PID:10000
- C:\Windows\System\ReAiPVO.exe
  C:\Windows\System\ReAiPVO.exe
  2⤵
  PID:10016
- C:\Windows\System\AqpaXLp.exe
  C:\Windows\System\AqpaXLp.exe
  2⤵
  PID:10044
- C:\Windows\System\CugnVsX.exe
  C:\Windows\System\CugnVsX.exe
  2⤵
  PID:10080
- C:\Windows\System\AKOBflY.exe
  C:\Windows\System\AKOBflY.exe
  2⤵
  PID:10112
- C:\Windows\System\WsmvdBI.exe
  C:\Windows\System\WsmvdBI.exe
  2⤵
  PID:10136
- C:\Windows\System\aHvfMWB.exe
  C:\Windows\System\aHvfMWB.exe
  2⤵
  PID:10164
- C:\Windows\System\MCTguwv.exe
  C:\Windows\System\MCTguwv.exe
  2⤵
  PID:10200
- C:\Windows\System\davdriI.exe
  C:\Windows\System\davdriI.exe
  2⤵
  PID:10228
- C:\Windows\System\UyAsppY.exe
  C:\Windows\System\UyAsppY.exe
  2⤵
  PID:9112
- C:\Windows\System\reKvGOi.exe
  C:\Windows\System\reKvGOi.exe
  2⤵
  PID:9260
- C:\Windows\System\xpfgdGI.exe
  C:\Windows\System\xpfgdGI.exe
  2⤵
  PID:9316
- C:\Windows\System\aRmSVvM.exe
  C:\Windows\System\aRmSVvM.exe
  2⤵
  PID:9372
- C:\Windows\System\nsNYilB.exe
  C:\Windows\System\nsNYilB.exe
  2⤵
  PID:9444
- C:\Windows\System\CiflMfy.exe
  C:\Windows\System\CiflMfy.exe
  2⤵
  PID:9504
- C:\Windows\System\ESIQQSt.exe
  C:\Windows\System\ESIQQSt.exe
  2⤵
  PID:9564
- C:\Windows\System\EaWuSXp.exe
  C:\Windows\System\EaWuSXp.exe
  2⤵
  PID:9676
- C:\Windows\System\cSlcPTh.exe
  C:\Windows\System\cSlcPTh.exe
  2⤵
  PID:9728
- C:\Windows\System\LCfwXEZ.exe
  C:\Windows\System\LCfwXEZ.exe
  2⤵
  PID:9120
- C:\Windows\System\amuxirI.exe
  C:\Windows\System\amuxirI.exe
  2⤵
  PID:9852
- C:\Windows\System\UHwhVck.exe
  C:\Windows\System\UHwhVck.exe
  2⤵
  PID:9916
- C:\Windows\System\iFcwzkE.exe
  C:\Windows\System\iFcwzkE.exe
  2⤵
  PID:9988
- C:\Windows\System\OMztqFO.exe
  C:\Windows\System\OMztqFO.exe
  2⤵
  PID:10028
- C:\Windows\System\keWywBc.exe
  C:\Windows\System\keWywBc.exe
  2⤵
  PID:10096
- C:\Windows\System\EUNvsRn.exe
  C:\Windows\System\EUNvsRn.exe
  2⤵
  PID:10156
- C:\Windows\System\IczncmZ.exe
  C:\Windows\System\IczncmZ.exe
  2⤵
  PID:10220
- C:\Windows\System\lINfVAE.exe
  C:\Windows\System\lINfVAE.exe
  2⤵
  PID:9256
- C:\Windows\System\NOZOtvB.exe
  C:\Windows\System\NOZOtvB.exe
  2⤵
  PID:9452
- C:\Windows\System\aeJyzZb.exe
  C:\Windows\System\aeJyzZb.exe
  2⤵
  PID:9644
- C:\Windows\System\MrTfhRA.exe
  C:\Windows\System\MrTfhRA.exe
  2⤵
  PID:9756
- C:\Windows\System\GnrXudB.exe
  C:\Windows\System\GnrXudB.exe
  2⤵
  PID:9880
- C:\Windows\System\PAwBUHJ.exe
  C:\Windows\System\PAwBUHJ.exe
  2⤵
  PID:9992
- C:\Windows\System\ueOEVOk.exe
  C:\Windows\System\ueOEVOk.exe
  2⤵
  PID:10188
- C:\Windows\System\mnjKDtX.exe
  C:\Windows\System\mnjKDtX.exe
  2⤵
  PID:9360
- C:\Windows\System\MfilKta.exe
  C:\Windows\System\MfilKta.exe
  2⤵
  PID:9840
- C:\Windows\System\RKlciHV.exe
  C:\Windows\System\RKlciHV.exe
  2⤵
  PID:10104
- C:\Windows\System\ntQHvLI.exe
  C:\Windows\System\ntQHvLI.exe
  2⤵
  PID:9708
- C:\Windows\System\WDavbLY.exe
  C:\Windows\System\WDavbLY.exe
  2⤵
  PID:10120
- C:\Windows\System\FGRrwQL.exe
  C:\Windows\System\FGRrwQL.exe
  2⤵
  PID:10264
- C:\Windows\System\BThUfNC.exe
  C:\Windows\System\BThUfNC.exe
  2⤵
  PID:10304
- C:\Windows\System\McklvTY.exe
  C:\Windows\System\McklvTY.exe
  2⤵
  PID:10332
- C:\Windows\System\pWGhYQQ.exe
  C:\Windows\System\pWGhYQQ.exe
  2⤵
  PID:10360
- C:\Windows\System\KxXabqj.exe
  C:\Windows\System\KxXabqj.exe
  2⤵
  PID:10380
- C:\Windows\System\KhzSxkK.exe
  C:\Windows\System\KhzSxkK.exe
  2⤵
  PID:10404
- C:\Windows\System\GfesSca.exe
  C:\Windows\System\GfesSca.exe
  2⤵
  PID:10432
- C:\Windows\System\bteHNXw.exe
  C:\Windows\System\bteHNXw.exe
  2⤵
  PID:10464
- C:\Windows\System\HchJenR.exe
  C:\Windows\System\HchJenR.exe
  2⤵
  PID:10500
- C:\Windows\System\tSMhfbZ.exe
  C:\Windows\System\tSMhfbZ.exe
  2⤵
  PID:10520
- C:\Windows\System\BDljxpt.exe
  C:\Windows\System\BDljxpt.exe
  2⤵
  PID:10544
- C:\Windows\System\gOefcqF.exe
  C:\Windows\System\gOefcqF.exe
  2⤵
  PID:10564
- C:\Windows\System\HTAWrzw.exe
  C:\Windows\System\HTAWrzw.exe
  2⤵
  PID:10616
- C:\Windows\System\TRYwAGK.exe
  C:\Windows\System\TRYwAGK.exe
  2⤵
  PID:10644
- C:\Windows\System\lVkwxqC.exe
  C:\Windows\System\lVkwxqC.exe
  2⤵
  PID:10672
- C:\Windows\System\EjHAINX.exe
  C:\Windows\System\EjHAINX.exe
  2⤵
  PID:10688
- C:\Windows\System\ToZcNZr.exe
  C:\Windows\System\ToZcNZr.exe
  2⤵
  PID:10728
- C:\Windows\System\ApElseK.exe
  C:\Windows\System\ApElseK.exe
  2⤵
  PID:10748
- C:\Windows\System\fRFLiyO.exe
  C:\Windows\System\fRFLiyO.exe
  2⤵
  PID:10772
- C:\Windows\System\HwacWhC.exe
  C:\Windows\System\HwacWhC.exe
  2⤵
  PID:10800
- C:\Windows\System\tvwBUwJ.exe
  C:\Windows\System\tvwBUwJ.exe
  2⤵
  PID:10836
- C:\Windows\System\KhzhTld.exe
  C:\Windows\System\KhzhTld.exe
  2⤵
  PID:10860
- C:\Windows\System\JfUbEBz.exe
  C:\Windows\System\JfUbEBz.exe
  2⤵
  PID:10884
- C:\Windows\System\qWxRzAj.exe
  C:\Windows\System\qWxRzAj.exe
  2⤵
  PID:10912
- C:\Windows\System\ljpQHkf.exe
  C:\Windows\System\ljpQHkf.exe
  2⤵
  PID:10940
- C:\Windows\System\aETuTxv.exe
  C:\Windows\System\aETuTxv.exe
  2⤵
  PID:10968
- C:\Windows\System\rqLjAbt.exe
  C:\Windows\System\rqLjAbt.exe
  2⤵
  PID:11008
- C:\Windows\System\jfIAJVi.exe
  C:\Windows\System\jfIAJVi.exe
  2⤵
  PID:11028
- C:\Windows\System\jyWGzHQ.exe
  C:\Windows\System\jyWGzHQ.exe
  2⤵
  PID:11052
- C:\Windows\System\ssjUalD.exe
  C:\Windows\System\ssjUalD.exe
  2⤵
  PID:11088
- C:\Windows\System\Xxsnzzw.exe
  C:\Windows\System\Xxsnzzw.exe
  2⤵
  PID:11116
- C:\Windows\System\LlSDdQA.exe
  C:\Windows\System\LlSDdQA.exe
  2⤵
  PID:11140
- C:\Windows\System\LjWYudr.exe
  C:\Windows\System\LjWYudr.exe
  2⤵
  PID:11164
- C:\Windows\System\Lcppjcl.exe
  C:\Windows\System\Lcppjcl.exe
  2⤵
  PID:11184
- C:\Windows\System\NunDvkF.exe
  C:\Windows\System\NunDvkF.exe
  2⤵
  PID:11220
- C:\Windows\System\feoeKAb.exe
  C:\Windows\System\feoeKAb.exe
  2⤵
  PID:11248
- C:\Windows\System\uarZUaD.exe
  C:\Windows\System\uarZUaD.exe
  2⤵
  PID:10252
- C:\Windows\System\KKyYXbT.exe
  C:\Windows\System\KKyYXbT.exe
  2⤵
  PID:10340
- C:\Windows\System\VDWQLct.exe
  C:\Windows\System\VDWQLct.exe
  2⤵
  PID:10400
- C:\Windows\System\gyZZrhL.exe
  C:\Windows\System\gyZZrhL.exe
  2⤵
  PID:10472
- C:\Windows\System\eCRxSAR.exe
  C:\Windows\System\eCRxSAR.exe
  2⤵
  PID:10516
- C:\Windows\System\mislgIQ.exe
  C:\Windows\System\mislgIQ.exe
  2⤵
  PID:10604
- C:\Windows\System\mHroMnL.exe
  C:\Windows\System\mHroMnL.exe
  2⤵
  PID:10640
- C:\Windows\System\KPpZcvY.exe
  C:\Windows\System\KPpZcvY.exe
  2⤵
  PID:10680
- C:\Windows\System\TMWlzqc.exe
  C:\Windows\System\TMWlzqc.exe
  2⤵
  PID:10708
- C:\Windows\System\zlpGuKK.exe
  C:\Windows\System\zlpGuKK.exe
  2⤵
  PID:10844
- C:\Windows\System\mEpJDFO.exe
  C:\Windows\System\mEpJDFO.exe
  2⤵
  PID:10904
- C:\Windows\System\xtOnDuI.exe
  C:\Windows\System\xtOnDuI.exe
  2⤵
  PID:10952
- C:\Windows\System\iQRNNts.exe
  C:\Windows\System\iQRNNts.exe
  2⤵
  PID:11036
- C:\Windows\System\nHeyPqR.exe
  C:\Windows\System\nHeyPqR.exe
  2⤵
  PID:11148
- C:\Windows\System\DMYodhW.exe
  C:\Windows\System\DMYodhW.exe
  2⤵
  PID:11156
- C:\Windows\System\UdcVlKM.exe
  C:\Windows\System\UdcVlKM.exe
  2⤵
  PID:11232
- C:\Windows\System\xNHNWJB.exe
  C:\Windows\System\xNHNWJB.exe
  2⤵
  PID:10316
- C:\Windows\System\tHjaZmh.exe
  C:\Windows\System\tHjaZmh.exe
  2⤵
  PID:10424
- C:\Windows\System\RExkHCz.exe
  C:\Windows\System\RExkHCz.exe
  2⤵
  PID:10628
- C:\Windows\System\kWyUvCM.exe
  C:\Windows\System\kWyUvCM.exe
  2⤵
  PID:10584
- C:\Windows\System\fqTCUuQ.exe
  C:\Windows\System\fqTCUuQ.exe
  2⤵
  PID:10880
- C:\Windows\System\sOowChO.exe
  C:\Windows\System\sOowChO.exe
  2⤵
  PID:11016
- C:\Windows\System\vZwLaHk.exe
  C:\Windows\System\vZwLaHk.exe
  2⤵
  PID:9864
- C:\Windows\System\qGBwUIv.exe
  C:\Windows\System\qGBwUIv.exe
  2⤵
  PID:10664
- C:\Windows\System\QdpJtrY.exe
  C:\Windows\System\QdpJtrY.exe
  2⤵
  PID:10900
- C:\Windows\System\zYNEeaz.exe
  C:\Windows\System\zYNEeaz.exe
  2⤵
  PID:10388
- C:\Windows\System\VbqXEVh.exe
  C:\Windows\System\VbqXEVh.exe
  2⤵
  PID:10372
- C:\Windows\System\ZtEaRoS.exe
  C:\Windows\System\ZtEaRoS.exe
  2⤵
  PID:11280
- C:\Windows\System\ZQXprEl.exe
  C:\Windows\System\ZQXprEl.exe
  2⤵
  PID:11308
- C:\Windows\System\VKfyqBc.exe
  C:\Windows\System\VKfyqBc.exe
  2⤵
  PID:11336
- C:\Windows\System\wzUsTlW.exe
  C:\Windows\System\wzUsTlW.exe
  2⤵
  PID:11364
- C:\Windows\System\JBqemgV.exe
  C:\Windows\System\JBqemgV.exe
  2⤵
  PID:11380
- C:\Windows\System\FdYSOTF.exe
  C:\Windows\System\FdYSOTF.exe
  2⤵
  PID:11420
- C:\Windows\System\ClJzglR.exe
  C:\Windows\System\ClJzglR.exe
  2⤵
  PID:11444
- C:\Windows\System\IuRCPEX.exe
  C:\Windows\System\IuRCPEX.exe
  2⤵
  PID:11464
- C:\Windows\System\jeKmRvj.exe
  C:\Windows\System\jeKmRvj.exe
  2⤵
  PID:11484
- C:\Windows\System\jwYNeRm.exe
  C:\Windows\System\jwYNeRm.exe
  2⤵
  PID:11504
- C:\Windows\System\XRggpPF.exe
  C:\Windows\System\XRggpPF.exe
  2⤵
  PID:11540
- C:\Windows\System\EpslFOF.exe
  C:\Windows\System\EpslFOF.exe
  2⤵
  PID:11584
- C:\Windows\System\EdBQPRc.exe
  C:\Windows\System\EdBQPRc.exe
  2⤵
  PID:11620
- C:\Windows\System\NqGsbrL.exe
  C:\Windows\System\NqGsbrL.exe
  2⤵
  PID:11636
- C:\Windows\System\VRgghLP.exe
  C:\Windows\System\VRgghLP.exe
  2⤵
  PID:11668
- C:\Windows\System\HWGZwgZ.exe
  C:\Windows\System\HWGZwgZ.exe
  2⤵
  PID:11700
- C:\Windows\System\VwzxSFC.exe
  C:\Windows\System\VwzxSFC.exe
  2⤵
  PID:11732
- C:\Windows\System\CrvWdtS.exe
  C:\Windows\System\CrvWdtS.exe
  2⤵
  PID:11768
- C:\Windows\System\oEWaCpO.exe
  C:\Windows\System\oEWaCpO.exe
  2⤵
  PID:11788
- C:\Windows\System\SUMhzpo.exe
  C:\Windows\System\SUMhzpo.exe
  2⤵
  PID:11828
- C:\Windows\System\IdkwAaT.exe
  C:\Windows\System\IdkwAaT.exe
  2⤵
  PID:11856
- C:\Windows\System\BLeJrKX.exe
  C:\Windows\System\BLeJrKX.exe
  2⤵
  PID:11884
- C:\Windows\System\RipmzrC.exe
  C:\Windows\System\RipmzrC.exe
  2⤵
  PID:11904
- C:\Windows\System\mSvVjtP.exe
  C:\Windows\System\mSvVjtP.exe
  2⤵
  PID:11928
- C:\Windows\System\dIfXYJj.exe
  C:\Windows\System\dIfXYJj.exe
  2⤵
  PID:11968
- C:\Windows\System\rjmGDCF.exe
  C:\Windows\System\rjmGDCF.exe
  2⤵
  PID:11984
- C:\Windows\System\XSLfGAt.exe
  C:\Windows\System\XSLfGAt.exe
  2⤵
  PID:12024
- C:\Windows\System\dSVpaCz.exe
  C:\Windows\System\dSVpaCz.exe
  2⤵
  PID:12048
- C:\Windows\System\UctvBeu.exe
  C:\Windows\System\UctvBeu.exe
  2⤵
  PID:12068
- C:\Windows\System\NOEngEN.exe
  C:\Windows\System\NOEngEN.exe
  2⤵
  PID:12096
- C:\Windows\System\jLFHguf.exe
  C:\Windows\System\jLFHguf.exe
  2⤵
  PID:12116
- C:\Windows\System\eTPphWv.exe
  C:\Windows\System\eTPphWv.exe
  2⤵
  PID:12148
- C:\Windows\System\bPKWVyg.exe
  C:\Windows\System\bPKWVyg.exe
  2⤵
  PID:12192
- C:\Windows\System\OHxPdZV.exe
  C:\Windows\System\OHxPdZV.exe
  2⤵
  PID:12220
- C:\Windows\System\hxJWRfu.exe
  C:\Windows\System\hxJWRfu.exe
  2⤵
  PID:12240
- C:\Windows\System\QDXPnuH.exe
  C:\Windows\System\QDXPnuH.exe
  2⤵
  PID:12268
- C:\Windows\System\OVhVFwm.exe
  C:\Windows\System\OVhVFwm.exe
  2⤵
  PID:11300
- C:\Windows\System\yCAgNro.exe
  C:\Windows\System\yCAgNro.exe
  2⤵
  PID:11332
- C:\Windows\System\maArelG.exe
  C:\Windows\System\maArelG.exe
  2⤵
  PID:11348
- C:\Windows\System\xIbDfLC.exe
  C:\Windows\System\xIbDfLC.exe
  2⤵
  PID:11412
- C:\Windows\System\PikNTlP.exe
  C:\Windows\System\PikNTlP.exe
  2⤵
  PID:11496
- C:\Windows\System\wnaRYMd.exe
  C:\Windows\System\wnaRYMd.exe
  2⤵
  PID:11604
- C:\Windows\System\ctFXztC.exe
  C:\Windows\System\ctFXztC.exe
  2⤵
  PID:11656
- C:\Windows\System\CKAJXGV.exe
  C:\Windows\System\CKAJXGV.exe
  2⤵
  PID:11728
- C:\Windows\System\XzeXORb.exe
  C:\Windows\System\XzeXORb.exe
  2⤵
  PID:11780
- C:\Windows\System\URPPiSa.exe
  C:\Windows\System\URPPiSa.exe
  2⤵
  PID:11876
- C:\Windows\System\StaaNRB.exe
  C:\Windows\System\StaaNRB.exe
  2⤵
  PID:11940
- C:\Windows\System\gVvJDkb.exe
  C:\Windows\System\gVvJDkb.exe
  2⤵
  PID:11980
- C:\Windows\System\mfvAzwh.exe
  C:\Windows\System\mfvAzwh.exe
  2⤵
  PID:12064
- C:\Windows\System\XtiUktw.exe
  C:\Windows\System\XtiUktw.exe
  2⤵
  PID:12124
- C:\Windows\System\BgGjkIN.exe
  C:\Windows\System\BgGjkIN.exe
  2⤵
  PID:12168
- C:\Windows\System\MGrsPwN.exe
  C:\Windows\System\MGrsPwN.exe
  2⤵
  PID:12228
- C:\Windows\System\NWugLUq.exe
  C:\Windows\System\NWugLUq.exe
  2⤵
  PID:11320
- C:\Windows\System\yyBAKwJ.exe
  C:\Windows\System\yyBAKwJ.exe
  2⤵
  PID:11476
- C:\Windows\System\bDcQJAD.exe
  C:\Windows\System\bDcQJAD.exe
  2⤵
  PID:11472
- C:\Windows\System\tVzaOBa.exe
  C:\Windows\System\tVzaOBa.exe
  2⤵
  PID:11776
- C:\Windows\System\xTYvUDh.exe
  C:\Windows\System\xTYvUDh.exe
  2⤵
  PID:11852
- C:\Windows\System\HnuECqd.exe
  C:\Windows\System\HnuECqd.exe
  2⤵
  PID:12000
- C:\Windows\System\dpUfLpx.exe
  C:\Windows\System\dpUfLpx.exe
  2⤵
  PID:12108
- C:\Windows\System\LRAgSkh.exe
  C:\Windows\System\LRAgSkh.exe
  2⤵
  PID:11596
- C:\Windows\System\hJlHTMm.exe
  C:\Windows\System\hJlHTMm.exe
  2⤵
  PID:11680
- C:\Windows\System\FGKmqHd.exe
  C:\Windows\System\FGKmqHd.exe
  2⤵
  PID:11912
- C:\Windows\System\YglTtxv.exe
  C:\Windows\System\YglTtxv.exe
  2⤵
  PID:11456
- C:\Windows\System\YANrvVm.exe
  C:\Windows\System\YANrvVm.exe
  2⤵
  PID:11392
- C:\Windows\System\KkhMnEG.exe
  C:\Windows\System\KkhMnEG.exe
  2⤵
  PID:12296
- C:\Windows\System\LMZyhPA.exe
  C:\Windows\System\LMZyhPA.exe
  2⤵
  PID:12328
- C:\Windows\System\mxBoMuc.exe
  C:\Windows\System\mxBoMuc.exe
  2⤵
  PID:12360
- C:\Windows\System\yzzVvDk.exe
  C:\Windows\System\yzzVvDk.exe
  2⤵
  PID:12388
- C:\Windows\System\EdYriVl.exe
  C:\Windows\System\EdYriVl.exe
  2⤵
  PID:12404
- C:\Windows\System\RhmvEFj.exe
  C:\Windows\System\RhmvEFj.exe
  2⤵
  PID:12428
- C:\Windows\System\VTvzuuu.exe
  C:\Windows\System\VTvzuuu.exe
  2⤵
  PID:12460
- C:\Windows\System\llFVuRT.exe
  C:\Windows\System\llFVuRT.exe
  2⤵
  PID:12480
- C:\Windows\System\hllKOLn.exe
  C:\Windows\System\hllKOLn.exe
  2⤵
  PID:12512
- C:\Windows\System\aarQzzm.exe
  C:\Windows\System\aarQzzm.exe
  2⤵
  PID:12568
- C:\Windows\System\dtSMBYF.exe
  C:\Windows\System\dtSMBYF.exe
  2⤵
  PID:12596
- C:\Windows\System\FQedtzO.exe
  C:\Windows\System\FQedtzO.exe
  2⤵
  PID:12620
- C:\Windows\System\XzhGtWp.exe
  C:\Windows\System\XzhGtWp.exe
  2⤵
  PID:12644
- C:\Windows\System\jJhOsGF.exe
  C:\Windows\System\jJhOsGF.exe
  2⤵
  PID:12676
- C:\Windows\System\RmQsrAA.exe
  C:\Windows\System\RmQsrAA.exe
  2⤵
  PID:12704
- C:\Windows\System\xrUglvH.exe
  C:\Windows\System\xrUglvH.exe
  2⤵
  PID:12728
- C:\Windows\System\DbOuMlR.exe
  C:\Windows\System\DbOuMlR.exe
  2⤵
  PID:12772
- C:\Windows\System\LTUakBa.exe
  C:\Windows\System\LTUakBa.exe
  2⤵
  PID:12800
- C:\Windows\System\BrRDyju.exe
  C:\Windows\System\BrRDyju.exe
  2⤵
  PID:12824
- C:\Windows\System\utxGcMd.exe
  C:\Windows\System\utxGcMd.exe
  2⤵
  PID:12856
- C:\Windows\System\IpGqDdn.exe
  C:\Windows\System\IpGqDdn.exe
  2⤵
  PID:12892
- C:\Windows\System\uMVWYyV.exe
  C:\Windows\System\uMVWYyV.exe
  2⤵
  PID:12908
- C:\Windows\System\CYJerts.exe
  C:\Windows\System\CYJerts.exe
  2⤵
  PID:12968
- C:\Windows\System\sxnnkLC.exe
  C:\Windows\System\sxnnkLC.exe
  2⤵
  PID:12984
- C:\Windows\System\RnVcWuR.exe
  C:\Windows\System\RnVcWuR.exe
  2⤵
  PID:13012
- C:\Windows\System\zZqswgs.exe
  C:\Windows\System\zZqswgs.exe
  2⤵
  PID:13040
- C:\Windows\System\MhgJAFy.exe
  C:\Windows\System\MhgJAFy.exe
  2⤵
  PID:13056
- C:\Windows\System\NSXZxtq.exe
  C:\Windows\System\NSXZxtq.exe
  2⤵
  PID:13088
- C:\Windows\System\mFvSDdE.exe
  C:\Windows\System\mFvSDdE.exe
  2⤵
  PID:13112
- C:\Windows\System\vxvMsiy.exe
  C:\Windows\System\vxvMsiy.exe
  2⤵
  PID:13140
- C:\Windows\System\BEWtpzl.exe
  C:\Windows\System\BEWtpzl.exe
  2⤵
  PID:13172
- C:\Windows\System\JYibWLR.exe
  C:\Windows\System\JYibWLR.exe
  2⤵
  PID:13208
- C:\Windows\System\ZTdrsgi.exe
  C:\Windows\System\ZTdrsgi.exe
  2⤵
  PID:13236
- C:\Windows\System\EGyVHEh.exe
  C:\Windows\System\EGyVHEh.exe
  2⤵
  PID:13252
- C:\Windows\System\IyWlCGq.exe
  C:\Windows\System\IyWlCGq.exe
  2⤵
  PID:13296
- C:\Windows\System\tzNizkO.exe
  C:\Windows\System\tzNizkO.exe
  2⤵
  PID:12080
- C:\Windows\System\aoHwGOH.exe
  C:\Windows\System\aoHwGOH.exe
  2⤵
  PID:12352
- C:\Windows\System\yVCHXin.exe
  C:\Windows\System\yVCHXin.exe
  2⤵
  PID:12420
- C:\Windows\System\DSKpJlQ.exe
  C:\Windows\System\DSKpJlQ.exe
  2⤵
  PID:12500
- C:\Windows\System\QlBKBXa.exe
  C:\Windows\System\QlBKBXa.exe
  2⤵
  PID:12556
- C:\Windows\System\dsbrwhw.exe
  C:\Windows\System\dsbrwhw.exe
  2⤵
  PID:12640
- C:\Windows\System\nCynijP.exe
  C:\Windows\System\nCynijP.exe
  2⤵
  PID:12664
- C:\Windows\System\mkoZNTu.exe
  C:\Windows\System\mkoZNTu.exe
  2⤵
  PID:12756
- C:\Windows\System\wukohRR.exe
  C:\Windows\System\wukohRR.exe
  2⤵
  PID:12816
- C:\Windows\System\polRDEI.exe
  C:\Windows\System\polRDEI.exe
  2⤵
  PID:12852
- C:\Windows\System\AewCWLf.exe
  C:\Windows\System\AewCWLf.exe
  2⤵
  PID:12980
- C:\Windows\System\XXjdhUl.exe
  C:\Windows\System\XXjdhUl.exe
  2⤵
  PID:13032
- C:\Windows\System\CliulEa.exe
  C:\Windows\System\CliulEa.exe
  2⤵
  PID:13100
- C:\Windows\System\iPUQvWv.exe
  C:\Windows\System\iPUQvWv.exe
  2⤵
  PID:13160
- C:\Windows\System\rADykhl.exe
  C:\Windows\System\rADykhl.exe
  2⤵
  PID:13204
- C:\Windows\System\gZzFPAE.exe
  C:\Windows\System\gZzFPAE.exe
  2⤵
  PID:13276
- C:\Windows\System\EOIeUem.exe
  C:\Windows\System\EOIeUem.exe
  2⤵
  PID:12440
- C:\Windows\System\ZitEwnI.exe
  C:\Windows\System\ZitEwnI.exe
  2⤵
  PID:12472
- C:\Windows\System\auNgUcs.exe
  C:\Windows\System\auNgUcs.exe
  2⤵
  PID:12660
- C:\Windows\System\XogKpOJ.exe
  C:\Windows\System\XogKpOJ.exe
  2⤵
  PID:12768
- C:\Windows\System\YVVEzOd.exe
  C:\Windows\System\YVVEzOd.exe
  2⤵
  PID:12920
- C:\Windows\System\BNZJKbj.exe
  C:\Windows\System\BNZJKbj.exe
  2⤵
  PID:13128
- C:\Windows\System\UBQxYtT.exe
  C:\Windows\System\UBQxYtT.exe
  2⤵
  PID:3288
- C:\Windows\System\ueeUJPE.exe
  C:\Windows\System\ueeUJPE.exe
  2⤵
  PID:13308
- C:\Windows\System\xSDcHVv.exe
  C:\Windows\System\xSDcHVv.exe
  2⤵
  PID:12632
- C:\Windows\System\dLpONyw.exe
  C:\Windows\System\dLpONyw.exe
  2⤵
  PID:12976
- C:\Windows\System\xHvwxxF.exe
  C:\Windows\System\xHvwxxF.exe
  2⤵
  PID:1644
- C:\Windows\System\eWcIVcf.exe
  C:\Windows\System\eWcIVcf.exe
  2⤵
  PID:12396
- C:\Windows\System\XWuAFjl.exe
  C:\Windows\System\XWuAFjl.exe
  2⤵
  PID:12848
- C:\Windows\System\kxlUBQy.exe
  C:\Windows\System\kxlUBQy.exe
  2⤵
  PID:13320
- C:\Windows\System\gVqJYig.exe
  C:\Windows\System\gVqJYig.exe
  2⤵
  PID:13348
- C:\Windows\System\XQxyDAw.exe
  C:\Windows\System\XQxyDAw.exe
  2⤵
  PID:13368
- C:\Windows\System\OyhpjdM.exe
  C:\Windows\System\OyhpjdM.exe
  2⤵
  PID:13404
- C:\Windows\System\vceQFbo.exe
  C:\Windows\System\vceQFbo.exe
  2⤵
  PID:13432
- C:\Windows\System\MoxxTtX.exe
  C:\Windows\System\MoxxTtX.exe
  2⤵
  PID:13448
- C:\Windows\System\FLIupfn.exe
  C:\Windows\System\FLIupfn.exe
  2⤵
  PID:13476
- C:\Windows\System\CXFFrMC.exe
  C:\Windows\System\CXFFrMC.exe
  2⤵
  PID:13504
- C:\Windows\System\ViDCSqM.exe
  C:\Windows\System\ViDCSqM.exe
  2⤵
  PID:13536
- C:\Windows\System\rmgtPpu.exe
  C:\Windows\System\rmgtPpu.exe
  2⤵
  PID:13556
- C:\Windows\System\jzBVrrb.exe
  C:\Windows\System\jzBVrrb.exe
  2⤵
  PID:13576
- C:\Windows\System\tFIHWgJ.exe
  C:\Windows\System\tFIHWgJ.exe
  2⤵
  PID:13596
- C:\Windows\System\XhCYNcG.exe
  C:\Windows\System\XhCYNcG.exe
  2⤵
  PID:13636
- C:\Windows\System\GswxAdC.exe
  C:\Windows\System\GswxAdC.exe
  2⤵
  PID:13668
- C:\Windows\System\TRmlscP.exe
  C:\Windows\System\TRmlscP.exe
  2⤵
  PID:13684
- C:\Windows\System\fnczQgZ.exe
  C:\Windows\System\fnczQgZ.exe
  2⤵
  PID:13716
- C:\Windows\System\bvgJClC.exe
  C:\Windows\System\bvgJClC.exe
  2⤵
  PID:13756
- C:\Windows\System\agjtwdw.exe
  C:\Windows\System\agjtwdw.exe
  2⤵
  PID:13796
- C:\Windows\System\qipxJaU.exe
  C:\Windows\System\qipxJaU.exe
  2⤵
  PID:13824
- C:\Windows\System\tMGWmKW.exe
  C:\Windows\System\tMGWmKW.exe
  2⤵
  PID:13852
- C:\Windows\System\Vdqoldm.exe
  C:\Windows\System\Vdqoldm.exe
  2⤵
  PID:13880
- C:\Windows\System\vglgbjp.exe
  C:\Windows\System\vglgbjp.exe
  2⤵
  PID:13908
- C:\Windows\System\BQlEXuP.exe
  C:\Windows\System\BQlEXuP.exe
  2⤵
  PID:13924
- C:\Windows\System\dTgysOI.exe
  C:\Windows\System\dTgysOI.exe
  2⤵
  PID:13944
- C:\Windows\System\gMOHgaP.exe
  C:\Windows\System\gMOHgaP.exe
  2⤵
  PID:13984
- C:\Windows\System\WguwoNx.exe
  C:\Windows\System\WguwoNx.exe
  2⤵
  PID:14008
- C:\Windows\System\qKiEXXW.exe
  C:\Windows\System\qKiEXXW.exe
  2⤵
  PID:14040
- C:\Windows\System\gVEVwUf.exe
  C:\Windows\System\gVEVwUf.exe
  2⤵
  PID:14080
- C:\Windows\System\UBHprKi.exe
  C:\Windows\System\UBHprKi.exe
  2⤵
  PID:14108
- C:\Windows\System\GIPWfHV.exe
  C:\Windows\System\GIPWfHV.exe
  2⤵
  PID:14136
- C:\Windows\System\wWuVTrk.exe
  C:\Windows\System\wWuVTrk.exe
  2⤵
  PID:14164
- C:\Windows\System\kFsuBVm.exe
  C:\Windows\System\kFsuBVm.exe
  2⤵
  PID:14192
- C:\Windows\System\FVvDwOZ.exe
  C:\Windows\System\FVvDwOZ.exe
  2⤵
  PID:14208
- C:\Windows\System\bODKWqO.exe
  C:\Windows\System\bODKWqO.exe
  2⤵
  PID:14248
- C:\Windows\System\TChwMMy.exe
  C:\Windows\System\TChwMMy.exe
  2⤵
  PID:14276
- C:\Windows\System\ZQDrbGT.exe
  C:\Windows\System\ZQDrbGT.exe
  2⤵
  PID:14304
- C:\Windows\System\FXqIqZU.exe
  C:\Windows\System\FXqIqZU.exe
  2⤵
  PID:14332
- C:\Windows\System\NwKfcHJ.exe
  C:\Windows\System\NwKfcHJ.exe
  2⤵
  PID:13360
- C:\Windows\System\TRStoSS.exe
  C:\Windows\System\TRStoSS.exe
  2⤵
  PID:13428
- C:\Windows\System\rtdeWth.exe
  C:\Windows\System\rtdeWth.exe
  2⤵
  PID:13472
- C:\Windows\System\knYExoN.exe
  C:\Windows\System\knYExoN.exe
  2⤵
  PID:13548
- C:\Windows\System\BWtMNXy.exe
  C:\Windows\System\BWtMNXy.exe
  2⤵
  PID:13592
- C:\Windows\System\svvcwvK.exe
  C:\Windows\System\svvcwvK.exe
  2⤵
  PID:13680
- C:\Windows\System\EkSaYAK.exe
  C:\Windows\System\EkSaYAK.exe
  2⤵
  PID:13748
- C:\Windows\System\rIAgCBI.exe
  C:\Windows\System\rIAgCBI.exe
  2⤵
  PID:13816
- C:\Windows\System\dbqJxBs.exe
  C:\Windows\System\dbqJxBs.exe
  2⤵
  PID:13840
- C:\Windows\System\evXapKu.exe
  C:\Windows\System\evXapKu.exe
  2⤵
  PID:13916
- C:\Windows\System\cVivZqx.exe
  C:\Windows\System\cVivZqx.exe
  2⤵
  PID:14020
- C:\Windows\System\rQTCrYG.exe
  C:\Windows\System\rQTCrYG.exe
  2⤵
  PID:14096

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AXjgNbp.exe

Filesize
2.4MB

MD5
09d94c2f7148e2ea63ab4405012649ac

SHA1
83361fbf34f17fe4efc991e1f89e671c18fcf35d

SHA256
676e549a51372244d335bff54315377f9f69d7c3b58c17830c281dab1334d86f

SHA512
de33ace6860f449fe185f61d352bc89f5ef27667e882409bf6fe2d7eedca97d0632a2a7e76012717885e0898e10711b3d3debaccc168bb144f6f3ee5ce31c8c0

Download Submit
C:\Windows\System\AjIHxhN.exe

Filesize
2.4MB

MD5
03bddf02ccbc3257d4c54820311a1166

SHA1
fd8e550e65379cedc5b69edc4cff12f7983cfe48

SHA256
6eac3f1103d9c9e9af7506b8408b647a26b954f8dd897843cb5462b9589229d4

SHA512
57e8430c4d4e2dd98832e46d3d73831f8ac4d0f27cf7db3e3bccfd51966d4ab1a2ede0dc638931cfd76cf250e792a02ab1307f4ec7b3dadd1a9077826b8a1cd6

Download Submit
C:\Windows\System\BmMyYVF.exe

Filesize
2.4MB

MD5
d6f0127517ad739019ae01c499551a20

SHA1
0fa872948405229df7ea0fa8e7f94bb399683dd9

SHA256
7e487d2aec515527dfdc7d53aa95730e4defecbbade28462fbd8d91d79c67d80

SHA512
1f140a8dfd0396798bf348bbe4e3b7361a21036ab3d927a22751386d1102118f7ef549c7039392b54834afc4b9ae4c1159503b21f7fcf70ea83b44e327dcb728

Download Submit
C:\Windows\System\ChfmlSr.exe

Filesize
2.4MB

MD5
b7f4dbc0a0cbe05fe236ac28e2fc512c

SHA1
a9221bd574d8338d5ac7e504663db7bf7bcd9ad5

SHA256
f532115426d69eb4f7f5a6577dbc85f3c9870acdb973b771ac88bebb53e78f7a

SHA512
735b7e4b7dbba44ce2c9d41875b31c799cc66178ed235763a04390dd69f6f71808b1d95501874f3d833d338a37dc88d53be15b809006c7108b04b305d022ff54

Download Submit
C:\Windows\System\FqzQNHW.exe

Filesize
2.4MB

MD5
dbe340f63b135ffdbdb939bd09e69abf

SHA1
af479e531088a132a2c538781e1068900db46b86

SHA256
1fb8093a281d1a31051dcaa09e2410fab4274add004f98d299626130c3ef7c32

SHA512
f7c92f5834bc366b4e1446e71ff2f190874c10a86e54141c54d431af4c75e59eb69dc683fd268d14e0002f027edcf5f7fc562e7bfcd5aef71beaa4dcfd3187bc

Download Submit
C:\Windows\System\GPIlhxZ.exe

Filesize
2.4MB

MD5
75b571a91952b45d6786e652bbfcf242

SHA1
9e340322c56d687d411146cabb0437e3aaf34f52

SHA256
5fd432cb5cdb0c81d959d475b3c52182c186a16d5cf45c583a6e7228c9a93687

SHA512
56c2b7bf1330ef1e5ea421e4657cd452c8f4cbdb3a4cbb71d98a6b57fd00dfb30509c915fb5156f91452b4a5346e71bf0b325237709216177bde5ae61b64f5d2

Download Submit
C:\Windows\System\GQgtGBk.exe

Filesize
2.4MB

MD5
c93cd08ce9cb87631c6cd1fff48cd6b8

SHA1
f3c8a138e76103a7ce46c9bb5014b58fcd467f32

SHA256
2befacc6ae1b4fdf668ad0f51229d3d28fd0a46f0899aeccc17d0d936d9e3e5a

SHA512
12b02d80a1baf29e2b50870be2543b619f93c4f8986cd0818e173bcd8f44492cfc79cabd5aa4386047d4b6d4fc5b8782614349b0005b8797e82d3fb9dc34148b

Download Submit
C:\Windows\System\HJZyTDF.exe

Filesize
2.4MB

MD5
397ad9cf47635b7fa67f6f74b2625385

SHA1
0de396ad86d41ab4392d39c8fa197fb0b463982e

SHA256
4e50be4e7eec3ad3f0e3b27c87e1ed7831bb29a05aaf51da53cba4a559e2a478

SHA512
0d67708d558b9f555e8d916ff70777479ae44a846263b8d934fe6f47ce1b24df590c7df75f49e8a17af9d8e16d837ab8d6bf5f2ddfe7e645a9ec19d4073d2808

Download Submit
C:\Windows\System\IELYWXJ.exe

Filesize
2.4MB

MD5
115210f2ddc99411361bb5fdc5e7c877

SHA1
3a5a2fcb463fe9565cdc687791ff3f6353acc0ed

SHA256
56219272dffa5702584b18b8c863b7c8aeb3f710d5e18e13e95f84c0aaa8a2fc

SHA512
24b7f025be1dff9ffd0ceea51eb5d7667ec0ee2f2f9b3f869d4a29126b9341e8203ed809ee5159f796400252d42b830a045d6c684e65e3892bbbce7a888703e7

Download Submit
C:\Windows\System\IEeZfQM.exe

Filesize
2.4MB

MD5
b2de2715dcc86779f135d17ad0110173

SHA1
979ce5e40364e10148483efb65083e45a7b87943

SHA256
26ba3b5d7122e23ba88ccd26edbcb31302f7c0e181a8e18fa59b7b0ee4ca9a84

SHA512
ea3f052d7c3b3db7024fed04f17bb1dbc93218dfc6d608a0bf7200c29dc9db795925ad26102df194192b75fade051d24c6a13f69cf2e54cf743e367628a0b85b

Download Submit
C:\Windows\System\KziRDbi.exe

Filesize
2.4MB

MD5
79bd0652343b34f66f0c9c1f8b160c29

SHA1
9a2f9a4dd4c2a65c9adaed1a50a55d1320bae18c

SHA256
f46506848b05895defb0d0fb596b35b40ee307679c79cd280911c725f1d70ffe

SHA512
68f598e2123414f3251d10933b2b79e43f2f125c137dd423591d2526a7b8846ff7343eef941004cba52d87cb0941aba3b8b7d59e9e4b1519c9b0f515257550e5

Download Submit
C:\Windows\System\MPpweoc.exe

Filesize
2.4MB

MD5
fc0ea992c68d3159fc50bed395e6c00d

SHA1
2f554e02239d7d49158943781b92bb24b6826341

SHA256
02130da388e45d1e6d20944785c4ec9153994cc35ec0fe86e380ea9dce501636

SHA512
569348ce698034e2f1da4c2cce74c8cbb82adb93df98f1c5315c41a6451d359de3055ce767823da4cdd5f580b8475ef1a503f96dbc17dbdc96d365db452f6675

Download Submit
C:\Windows\System\MYLFMgP.exe

Filesize
2.4MB

MD5
06f72d86fe16ea069ef8ba3c93519c11

SHA1
df485ba629e806054f12949853ee14e55982d929

SHA256
8590abd99146e4d9a36860f1644e3cb32f983ef9831cdb9fd1bc39d510c18abe

SHA512
f64a822ba5f545a491f37b6267166a82eb693d2f505aad1bd904633a7736e32ad9fb772e2ab55d08b8a007eddcad293d938b6a2bcf61ecfb0aabd4ad081fb6d5

Download Submit
C:\Windows\System\NDPpThQ.exe

Filesize
2.4MB

MD5
ae8c00866bc37b3af715151aaa40f1b9

SHA1
6098c8564133d8d744dfeaf303c0398081c23ddb

SHA256
5cc9eaaa955da2540d5532813a6a196f4185bd677f86faff490f4550dbb26d7b

SHA512
d6e89ed3e267d4503bcf4bfbc1fb0a98f611c7a47f767e430867699f12209cd6c8a302bb18f2062637d6a2cb098d0609b737d60b9442aa444fa9ad2a4e5eaecd

Download Submit
C:\Windows\System\NeSlfFK.exe

Filesize
2.4MB

MD5
ef7458d6ba0332724251b3e2fbda57c7

SHA1
c5cc7a38612f39873cf110abd66ccd39bd7e964c

SHA256
6dcc4aefbc1d16a243491c38be7e7d2fe581c2462002508a9ba07fb1e2f788aa

SHA512
d37d579e832349ba623b99526d63e07df6be3ec2e2494aea1b5aa0313b36d27a496d8df38e397c831aaeda7c042b0a2c510925a3c889e83fe54b8e030ad479f9

Download Submit
C:\Windows\System\NpRIVJy.exe

Filesize
2.4MB

MD5
8f684a4580ad62eeb2105bbe8b4072e3

SHA1
9d02f79f8a74bbe77a4a5ec0ba8e2f33489b24cc

SHA256
81d45235852396de0f1ae131036abce73c774e42696ef0279558fa28bbc4a6a1

SHA512
1bfb75729bcdecce4f00ee9fd248330ace135e4f1d7e61dc0b9f34665360631c6b4ffd7f53b230315999932b0abf62441a9e6c3373aa84bb7d58fb3b6579b6bd

Download Submit
C:\Windows\System\QDxFtcc.exe

Filesize
2.4MB

MD5
5e1d351407dedc61b6c959d60b2214f4

SHA1
b3862409e509d023ba3b65463eac3d4c8236421c

SHA256
f47b41f2d942cc45b782455c9b947f542f49096a9a0a81e05f97ab464b3b99c6

SHA512
31786d2e081fd4c9330d7d1fbf1dbdbca124201f9e139e1dd9d02b87d8483aa65a10503e1c7ef88cf87b86a5362265f5803a6c9e72b18d41001f815c57283cce

Download Submit
C:\Windows\System\RUoyeEz.exe

Filesize
2.4MB

MD5
4f84e18fe5e2e43f4098b7f9fb4ff5b6

SHA1
e1649477199d684f0a0afde0bf2ff1f777858822

SHA256
ab710e04e66b835cc313e3414976f400caab786a2ffb65903c99760b364deb9b

SHA512
1429d1c6e772cf066897d018bc992f8aa1eaa04616a0b220522730ab89cd2da78408dc16ff603b685ec1cb341d543a25e75d49599cd25de78ecfd6a02b14aadc

Download Submit
C:\Windows\System\ZlCinlE.exe

Filesize
2.4MB

MD5
5bd9929a5f825e4c65c1c3ee8786051a

SHA1
fdd90d7b433f0ef4d83a576584471072382d1fae

SHA256
26208786750758f288ed7e425ede66d89b350a5b3cf63b0bd90d4bd32e21558c

SHA512
a477c09d99657d8b29189d8189c179790bec36315d107cc5a7b0ed0cf4fca493b0f15db61884ad47369c4fce7217cca21eb72449bfd10a8ec4c829467ecf92fd

Download Submit
C:\Windows\System\fcjSDtV.exe

Filesize
2.4MB

MD5
91ad9759b72d10b9dea3b4027adf0acc

SHA1
d9ca4257f435d4196de2adf10b2995012bef6281

SHA256
e426f9df199dff0a20ca32f73024ea47230bc875ca87ef80084ac71b65eb7295

SHA512
bd21eb5f7798685171d1a379d2946dc0fca5ee4d727724dc3b28a42637a9d5b46f3fbdcdd55dc9479a606713fc5e46712e5771fce7429e9d88fe9b74f020b98c

Download Submit
C:\Windows\System\gWUHfOB.exe

Filesize
2.4MB

MD5
9433d3509053328078c70d60ce7ec149

SHA1
5822ec1ebd3b99345777a16c6e52afa2e979e90c

SHA256
d258c839a6411ef54f484508f434101de988308f67708a0a622bd6b1ad5555f4

SHA512
440e949f2ff303bf6d9faf31fc64ffd50a782368beb2f5c0d77e11fb481230a4f6c9a2a8f39e71145b01e14d502ba01bfd9bb359657f4c0ad7ef5c97626bc4b9

Download Submit
C:\Windows\System\iBUurhO.exe

Filesize
2.4MB

MD5
451a437039244365450fe0ce8bbb1295

SHA1
6ea260a4c7ead929b2acd750dc79c8bd244ddc13

SHA256
e0a780bd2ea83131630239545899683723da2475fd2fb61ea92980d558a1e693

SHA512
708bb175581a187015090eea3ac67b54b0d0f7617e63b13976f613ea33dd867976a15d25a752dc840958dd6394b76397c13c3b9ea9f246376c65042505bcfbfb

Download Submit
C:\Windows\System\jPYifwG.exe

Filesize
2.4MB

MD5
2e33cd3fcd79cc2d8b7d9f564ed63009

SHA1
f85d67f63a6eee009b58f833d7fcd260574057f0

SHA256
2db5d39ff0dfeebf2f96afc1bcdbeebf35aa328acb25841d7f0ebe70dbe14de1

SHA512
1c3338b428900b9e1d5d8297552e006dc9a2f81471c1d42170eaa4e081d097251ea65b8651a5b4e5ffa3432108d3553bc6be51f17377f75d0eb9bad8bef12978

Download Submit
C:\Windows\System\nDaIvqw.exe

Filesize
2.4MB

MD5
bf85392e3a8f80e99f75022ab04d2313

SHA1
f38cba35964167a212909eeebad4441ed6058182

SHA256
0ab0a32ee218fdb27e76f725c114bcc6c4be766ae3c845b5ad7bd53a21fff2da

SHA512
ffb88405d7383bec575968bcbcea6a15202306a20e0687a1614ba861b6aba87a420dc964222932ca0cbfa16725704c0685b2b741baedb48e9e4073ed2107f07a

Download Submit
C:\Windows\System\neOTGan.exe

Filesize
2.4MB

MD5
2e7e7023fe97fbafa2a5aa4c5560cbe7

SHA1
b279316eec2715a2be3163b3d4cf74d884c4adff

SHA256
0c041c269f325ffbdb95c2ef953ccee7d13c287b27a1a5b3067c0308b08b148d

SHA512
15044d08e7376692f2d8fedccfa0418ffcf97f93b96bae0d7be550ab5e7839aaf33ac374526a7a7aae78bba13d0374858ef09f555b6dc3c1ffe417a5b5b335e7

Download Submit
C:\Windows\System\pnBvCpB.exe

Filesize
2.4MB

MD5
5100fa2030e6dfd38461d501f9f4d299

SHA1
1130be742db6b96fb62b1710e3ee1927349fa93d

SHA256
20973a929554e050701ec5d781bb644a567aac098dfc0296112de4f2beb81ced

SHA512
7e37d90cc8661906cf7cc46e9270dde9c67a227904917d0402befe711d3868a93c1e42ad448b1dfe2e9b74dc3a3cc8c737fcd76990bff004820e082e41544e56

Download Submit
C:\Windows\System\rWBwIjA.exe

Filesize
2.4MB

MD5
8bd50a65d1cae42ebab741c1049a025a

SHA1
0fdaea32f7c2cff9de9df22e6bb9f13b3e97dd23

SHA256
c12f708a9fb7f7f5d4fba035fb0414da68e151946b3cc47e8673d55477dc311f

SHA512
f88abb4ec96f90d7d9b9428cda37a351769857273222e68f128f4793e761ff40c9da4a77d93f262e833f4cea4c6dbbdaa70e141025d2f8fc943c68c535ad7f75

Download Submit
C:\Windows\System\vNdPNTh.exe

Filesize
2.4MB

MD5
f8f12e0ea7d39d3ab141dffeb012f75c

SHA1
3bf60c36429016c97ab7b1a9e53d93bf99064ddc

SHA256
97d73481d81686651390ccd9db18402fa348080ec98ca56bcabf1a17eb24f7bb

SHA512
96a502659dcfb12a65688743d7eeab1cb5f5078a5866ec9d3a17560ce58a1abfc7c795798de52a5e0f7f9332cc16b6a8c87aa06541a6aff1a111f7258840c373

Download Submit
C:\Windows\System\xAHHMFp.exe

Filesize
2.4MB

MD5
3d63209d90f18a0a48e3be0fcb585ff6

SHA1
276f82844500108b6305b1bec391ec4d4605b825

SHA256
b0a6efd0dc4408871477fe384fa63433053622a26bd6c471e3a8981a492971a2

SHA512
0450d8db553746cf6cd2afe5da7abff04144ddfb302fb11465e77f3960b537b38b8b543d5314c481352ef22254a2555583b73ccda3cb3e91be0bd213221a58dd

Download Submit
C:\Windows\System\xoAHKOS.exe

Filesize
2.4MB

MD5
7787ad1c7830d6512f2c33c44247dfd8

SHA1
9d27e22c6a32c4d1a06d584f4bf576a4fd4cd5cc

SHA256
35a1c0c975b9fa9c33d97c000393b7165cbc0b54bcc656c8354fc0323e79d6f4

SHA512
73521c323675d675eebdd9ac110434e943ca73520e8d5cb6ab41ebd84fe2b6555d8afc3acc23e5f70177204a226bf4cf9e7c63973380505d770010a43403e99f

Download Submit
C:\Windows\System\yfHDBoo.exe

Filesize
2.4MB

MD5
170e02e8d2f3d4dbbdf7f29df5fd5ed0

SHA1
e21396874bce78057db66334d6ed69207c17d2da

SHA256
0df52adb3ca45124cce65d9ef8e00de9ebeb2f9a0031bd88bf85f06f2ffaef8c

SHA512
5c1f1c17f95a557ce07fb7ebc553a4f98b45c0dd7e886416dd5fb8dbb5aeccd0baf41d2143cfdcb63030192501038d4893c1568098b15911cea8a35af2ad5c08

Download Submit
C:\Windows\System\zThMgFm.exe

Filesize
2.4MB

MD5
4a0565f8cfaf5f0fee295ce975a8ea8b

SHA1
9f79c28e5aa1f232015939491bbe4b0340b0b379

SHA256
4a5a277acdb6692259631e1b24bd43e8b98c8d722c83836f609e62c043d0e5a9

SHA512
a6e9b22b68c387f28ba608f43bc8c26ea07ea915bfb4fb9ec77c303ab487b91d64030a6693eee90289b35a82fec238cfc2f8b2518bba6808118d17922b17f8d8

Download Submit
memory/404-0-0x00007FF7EE0F0000-0x00007FF7EE444000-memory.dmp

Filesize
3.3MB

Download
memory/404-1570-0x00007FF7EE0F0000-0x00007FF7EE444000-memory.dmp

Filesize
3.3MB

Download
memory/404-1-0x0000025B09E00000-0x0000025B09E10000-memory.dmp

Filesize
64KB

Download
memory/536-2174-0x00007FF6EC600000-0x00007FF6EC954000-memory.dmp

Filesize
3.3MB

Download
memory/536-712-0x00007FF6EC600000-0x00007FF6EC954000-memory.dmp

Filesize
3.3MB

Download
memory/772-729-0x00007FF6F64B0000-0x00007FF6F6804000-memory.dmp

Filesize
3.3MB

Download
memory/772-2178-0x00007FF6F64B0000-0x00007FF6F6804000-memory.dmp

Filesize
3.3MB

Download
memory/1212-2152-0x00007FF615B50000-0x00007FF615EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1212-14-0x00007FF615B50000-0x00007FF615EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-35-0x00007FF644AA0000-0x00007FF644DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2155-0x00007FF644AA0000-0x00007FF644DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2147-0x00007FF644AA0000-0x00007FF644DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-1573-0x00007FF7AFDC0000-0x00007FF7B0114000-memory.dmp

Filesize
3.3MB

Download
memory/1220-10-0x00007FF7AFDC0000-0x00007FF7B0114000-memory.dmp

Filesize
3.3MB

Download
memory/1220-2151-0x00007FF7AFDC0000-0x00007FF7B0114000-memory.dmp

Filesize
3.3MB

Download
memory/1248-728-0x00007FF6E22E0000-0x00007FF6E2634000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2176-0x00007FF6E22E0000-0x00007FF6E2634000-memory.dmp

Filesize
3.3MB

Download
memory/1408-681-0x00007FF7F72C0000-0x00007FF7F7614000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2161-0x00007FF7F72C0000-0x00007FF7F7614000-memory.dmp

Filesize
3.3MB

Download
memory/1484-698-0x00007FF7B0920000-0x00007FF7B0C74000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2168-0x00007FF7B0920000-0x00007FF7B0C74000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2159-0x00007FF717860000-0x00007FF717BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-678-0x00007FF717860000-0x00007FF717BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2153-0x00007FF7BBB10000-0x00007FF7BBE64000-memory.dmp

Filesize
3.3MB

Download
memory/2552-26-0x00007FF7BBB10000-0x00007FF7BBE64000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2175-0x00007FF6FBBF0000-0x00007FF6FBF44000-memory.dmp

Filesize
3.3MB

Download
memory/2676-724-0x00007FF6FBBF0000-0x00007FF6FBF44000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2166-0x00007FF7E52B0000-0x00007FF7E5604000-memory.dmp

Filesize
3.3MB

Download
memory/2940-691-0x00007FF7E52B0000-0x00007FF7E5604000-memory.dmp

Filesize
3.3MB

Download
memory/3156-684-0x00007FF7C6910000-0x00007FF7C6C64000-memory.dmp

Filesize
3.3MB

Download
memory/3156-2165-0x00007FF7C6910000-0x00007FF7C6C64000-memory.dmp

Filesize
3.3MB

Download
memory/3200-2160-0x00007FF62D9A0000-0x00007FF62DCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3200-680-0x00007FF62D9A0000-0x00007FF62DCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2167-0x00007FF689540000-0x00007FF689894000-memory.dmp

Filesize
3.3MB

Download
memory/3308-704-0x00007FF689540000-0x00007FF689894000-memory.dmp

Filesize
3.3MB

Download
memory/3444-2148-0x00007FF700800000-0x00007FF700B54000-memory.dmp

Filesize
3.3MB

Download
memory/3444-2156-0x00007FF700800000-0x00007FF700B54000-memory.dmp

Filesize
3.3MB

Download
memory/3444-44-0x00007FF700800000-0x00007FF700B54000-memory.dmp

Filesize
3.3MB

Download
memory/3864-679-0x00007FF727B10000-0x00007FF727E64000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2157-0x00007FF727B10000-0x00007FF727E64000-memory.dmp

Filesize
3.3MB

Download
memory/4124-23-0x00007FF6B0760000-0x00007FF6B0AB4000-memory.dmp

Filesize
3.3MB

Download
memory/4124-2154-0x00007FF6B0760000-0x00007FF6B0AB4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-709-0x00007FF72E920000-0x00007FF72EC74000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2173-0x00007FF72E920000-0x00007FF72EC74000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2169-0x00007FF7E5600000-0x00007FF7E5954000-memory.dmp

Filesize
3.3MB

Download
memory/4476-739-0x00007FF7E5600000-0x00007FF7E5954000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2164-0x00007FF629FB0000-0x00007FF62A304000-memory.dmp

Filesize
3.3MB

Download
memory/4736-682-0x00007FF629FB0000-0x00007FF62A304000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2162-0x00007FF648200000-0x00007FF648554000-memory.dmp

Filesize
3.3MB

Download
memory/4800-743-0x00007FF648200000-0x00007FF648554000-memory.dmp

Filesize
3.3MB

Download
memory/4856-2150-0x00007FF7F3D00000-0x00007FF7F4054000-memory.dmp

Filesize
3.3MB

Download
memory/4856-60-0x00007FF7F3D00000-0x00007FF7F4054000-memory.dmp

Filesize
3.3MB

Download
memory/4856-2158-0x00007FF7F3D00000-0x00007FF7F4054000-memory.dmp

Filesize
3.3MB

Download
memory/4900-738-0x00007FF742AA0000-0x00007FF742DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2172-0x00007FF742AA0000-0x00007FF742DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-726-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2179-0x00007FF6C65F0000-0x00007FF6C6944000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2149-0x00007FF62D930000-0x00007FF62DC84000-memory.dmp

Filesize
3.3MB

Download
memory/5016-58-0x00007FF62D930000-0x00007FF62DC84000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2163-0x00007FF62D930000-0x00007FF62DC84000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2177-0x00007FF6EF2F0000-0x00007FF6EF644000-memory.dmp

Filesize
3.3MB

Download
memory/5036-730-0x00007FF6EF2F0000-0x00007FF6EF644000-memory.dmp

Filesize
3.3MB

Download
memory/5052-2170-0x00007FF696920000-0x00007FF696C74000-memory.dmp

Filesize
3.3MB

Download
memory/5052-721-0x00007FF696920000-0x00007FF696C74000-memory.dmp

Filesize
3.3MB

Download
memory/5116-716-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2171-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads