xmrig | c58235c8c6b6ef370347bc34d93193c2c4fb30d7a7ee733b8d9e0079b1f1510c

Analysis

max time kernel
31s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 05:56

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
Size

1.5MB
MD5

e4b8e8d06bc7fbfe9826c4e606fe2f30
SHA1

9bec23d1058cbe16b61e0352eca61b46397fa81e
SHA256

c58235c8c6b6ef370347bc34d93193c2c4fb30d7a7ee733b8d9e0079b1f1510c
SHA512

0f240e34547fb53ef418eaff1d6f19308173175f8189d9894dec6e255587bf048b555efdd2f0a90a5eabe074112a9ff851c522278f836b58a0e945995c1bddb5
SSDEEP

24576:RVIl/WDGCi7/qkat62wT83PzKgAm0PyFLb//e3XZXW+NguyN+UMjD6/OOeNSls3U:ROdWCCi7/ra+GvAFnhyN1uEeK

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 31 IoCs

miner

resource	yara_rule
behavioral2/memory/2960-30-0x00007FF69CA60000-0x00007FF69CDB1000-memory.dmp	xmrig
behavioral2/memory/4668-45-0x00007FF62CE20000-0x00007FF62D171000-memory.dmp	xmrig
behavioral2/memory/3668-49-0x00007FF708350000-0x00007FF7086A1000-memory.dmp	xmrig
behavioral2/memory/1056-44-0x00007FF7467A0000-0x00007FF746AF1000-memory.dmp	xmrig
behavioral2/memory/2968-448-0x00007FF6552F0000-0x00007FF655641000-memory.dmp	xmrig
behavioral2/memory/1580-452-0x00007FF776FE0000-0x00007FF777331000-memory.dmp	xmrig
behavioral2/memory/1704-456-0x00007FF7B0020000-0x00007FF7B0371000-memory.dmp	xmrig
behavioral2/memory/2712-455-0x00007FF61BAA0000-0x00007FF61BDF1000-memory.dmp	xmrig
behavioral2/memory/1312-458-0x00007FF75EB40000-0x00007FF75EE91000-memory.dmp	xmrig
behavioral2/memory/1928-460-0x00007FF761920000-0x00007FF761C71000-memory.dmp	xmrig
behavioral2/memory/4704-461-0x00007FF77BD60000-0x00007FF77C0B1000-memory.dmp	xmrig
behavioral2/memory/4544-464-0x00007FF61EB80000-0x00007FF61EED1000-memory.dmp	xmrig
behavioral2/memory/232-463-0x00007FF71BA50000-0x00007FF71BDA1000-memory.dmp	xmrig
behavioral2/memory/2680-462-0x00007FF70B4D0000-0x00007FF70B821000-memory.dmp	xmrig
behavioral2/memory/1360-459-0x00007FF7BCBE0000-0x00007FF7BCF31000-memory.dmp	xmrig
behavioral2/memory/404-457-0x00007FF7C99B0000-0x00007FF7C9D01000-memory.dmp	xmrig
behavioral2/memory/1028-454-0x00007FF6545A0000-0x00007FF6548F1000-memory.dmp	xmrig
behavioral2/memory/4784-453-0x00007FF6AD610000-0x00007FF6AD961000-memory.dmp	xmrig
behavioral2/memory/1564-446-0x00007FF7489E0000-0x00007FF748D31000-memory.dmp	xmrig
behavioral2/memory/4856-466-0x00007FF63D520000-0x00007FF63D871000-memory.dmp	xmrig
behavioral2/memory/4616-469-0x00007FF6DC8C0000-0x00007FF6DCC11000-memory.dmp	xmrig
behavioral2/memory/4528-468-0x00007FF7AB9B0000-0x00007FF7ABD01000-memory.dmp	xmrig
behavioral2/memory/4636-467-0x00007FF7E3890000-0x00007FF7E3BE1000-memory.dmp	xmrig
behavioral2/memory/3852-465-0x00007FF79D2D0000-0x00007FF79D621000-memory.dmp	xmrig
behavioral2/memory/4732-1031-0x00007FF7B3FC0000-0x00007FF7B4311000-memory.dmp	xmrig
behavioral2/memory/4464-1299-0x00007FF72E880000-0x00007FF72EBD1000-memory.dmp	xmrig
behavioral2/memory/2960-1295-0x00007FF69CA60000-0x00007FF69CDB1000-memory.dmp	xmrig
behavioral2/memory/3880-1294-0x00007FF6BF6B0000-0x00007FF6BFA01000-memory.dmp	xmrig
behavioral2/memory/1216-1418-0x00007FF61FC20000-0x00007FF61FF71000-memory.dmp	xmrig
behavioral2/memory/2028-1541-0x00007FF75D300000-0x00007FF75D651000-memory.dmp	xmrig
behavioral2/memory/4760-1682-0x00007FF6C73A0000-0x00007FF6C76F1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3880	hXYqLaM.exe
1216	oHsWItz.exe
2960	NyjiqdJ.exe
4464	rldZitx.exe
4668	AXsRGEx.exe
1056	gopyPIH.exe
3668	QKVfIUF.exe
2028	dLvyyHV.exe
4760	FMTQsTk.exe
4616	zlnaGmD.exe
1564	OdhpZtb.exe
2968	SFpTfSQ.exe
1580	LFbuyas.exe
4784	pMcmhCr.exe
1028	XggvAZE.exe
2712	weFVMyk.exe
1704	pjDmxcb.exe
404	KJIHQvi.exe
1312	ZIsCDBn.exe
1360	FSLyfcY.exe
1928	jLBHQyY.exe
4704	kqcaAuQ.exe
2680	CMiaJhg.exe
232	ezkLMpz.exe
4544	oyldtHn.exe
3852	ETkgXlz.exe
4856	zPdNLCM.exe
4636	cdzfoee.exe
4528	YrHEyld.exe
4476	AluulcI.exe
3524	koQJwRp.exe
3412	YHSHSZj.exe
2484	pmBcScg.exe
2584	YbGgceT.exe
3596	mDxcnXZ.exe
640	XoPYYop.exe
540	bSNKxhH.exe
4300	NKxndmI.exe
984	bFCgwIh.exe
2304	uwVZsQR.exe
4880	oHoOMam.exe
4284	vfAuODZ.exe
4036	dChAhlq.exe
820	YBXACSj.exe
2804	bstyqqT.exe
2016	fRcOKUH.exe
1504	XYOObfs.exe
4148	GBAiQOm.exe
2060	sFZhPwH.exe
3468	dAeYWeq.exe
4052	PvRDKVg.exe
2508	hgTHhew.exe
3608	vTACovU.exe
1232	xvtIiuU.exe
1516	ixKRSSZ.exe
956	iaCNiTl.exe
3152	TSGjiip.exe
744	IVtFXqK.exe
216	idWhntV.exe
4064	bxLgOad.exe
2272	gLEPBql.exe
4764	jtdsUdu.exe
3296	fTjiPds.exe
3336	PsSKndY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4732-0-0x00007FF7B3FC0000-0x00007FF7B4311000-memory.dmp	upx
behavioral2/files/0x0008000000023455-11.dat	upx
behavioral2/files/0x000700000002345f-27.dat	upx
behavioral2/files/0x000700000002345e-33.dat	upx
behavioral2/files/0x0007000000023461-32.dat	upx
behavioral2/memory/2960-30-0x00007FF69CA60000-0x00007FF69CDB1000-memory.dmp	upx
behavioral2/files/0x0007000000023460-28.dat	upx
behavioral2/files/0x000700000002345c-23.dat	upx
behavioral2/memory/1216-20-0x00007FF61FC20000-0x00007FF61FF71000-memory.dmp	upx
behavioral2/files/0x000700000002345d-18.dat	upx
behavioral2/memory/3880-10-0x00007FF6BF6B0000-0x00007FF6BFA01000-memory.dmp	upx
behavioral2/memory/4668-45-0x00007FF62CE20000-0x00007FF62D171000-memory.dmp	upx
behavioral2/files/0x0007000000023463-50.dat	upx
behavioral2/files/0x0007000000023464-54.dat	upx
behavioral2/files/0x0007000000023465-67.dat	upx
behavioral2/files/0x0007000000023466-72.dat	upx
behavioral2/files/0x000700000002346a-92.dat	upx
behavioral2/files/0x0007000000023470-116.dat	upx
behavioral2/files/0x0007000000023472-126.dat	upx
behavioral2/files/0x0007000000023473-139.dat	upx
behavioral2/files/0x0007000000023477-151.dat	upx
behavioral2/files/0x000700000002347a-166.dat	upx
behavioral2/memory/4760-442-0x00007FF6C73A0000-0x00007FF6C76F1000-memory.dmp	upx
behavioral2/files/0x000700000002347b-171.dat	upx
behavioral2/files/0x0007000000023479-169.dat	upx
behavioral2/files/0x0007000000023478-164.dat	upx
behavioral2/files/0x0007000000023476-154.dat	upx
behavioral2/files/0x0007000000023475-149.dat	upx
behavioral2/files/0x0007000000023474-144.dat	upx
behavioral2/files/0x0007000000023471-129.dat	upx
behavioral2/files/0x000700000002346f-117.dat	upx
behavioral2/files/0x000700000002346e-112.dat	upx
behavioral2/files/0x000700000002346d-107.dat	upx
behavioral2/files/0x000700000002346c-102.dat	upx
behavioral2/files/0x000700000002346b-97.dat	upx
behavioral2/files/0x0007000000023469-87.dat	upx
behavioral2/files/0x0007000000023468-82.dat	upx
behavioral2/files/0x0007000000023467-77.dat	upx
behavioral2/files/0x0007000000023462-55.dat	upx
behavioral2/memory/2028-53-0x00007FF75D300000-0x00007FF75D651000-memory.dmp	upx
behavioral2/memory/3668-49-0x00007FF708350000-0x00007FF7086A1000-memory.dmp	upx
behavioral2/memory/1056-44-0x00007FF7467A0000-0x00007FF746AF1000-memory.dmp	upx
behavioral2/memory/4464-43-0x00007FF72E880000-0x00007FF72EBD1000-memory.dmp	upx
behavioral2/memory/2968-448-0x00007FF6552F0000-0x00007FF655641000-memory.dmp	upx
behavioral2/memory/1580-452-0x00007FF776FE0000-0x00007FF777331000-memory.dmp	upx
behavioral2/memory/1704-456-0x00007FF7B0020000-0x00007FF7B0371000-memory.dmp	upx
behavioral2/memory/2712-455-0x00007FF61BAA0000-0x00007FF61BDF1000-memory.dmp	upx
behavioral2/memory/1312-458-0x00007FF75EB40000-0x00007FF75EE91000-memory.dmp	upx
behavioral2/memory/1928-460-0x00007FF761920000-0x00007FF761C71000-memory.dmp	upx
behavioral2/memory/4704-461-0x00007FF77BD60000-0x00007FF77C0B1000-memory.dmp	upx
behavioral2/memory/4544-464-0x00007FF61EB80000-0x00007FF61EED1000-memory.dmp	upx
behavioral2/memory/232-463-0x00007FF71BA50000-0x00007FF71BDA1000-memory.dmp	upx
behavioral2/memory/2680-462-0x00007FF70B4D0000-0x00007FF70B821000-memory.dmp	upx
behavioral2/memory/1360-459-0x00007FF7BCBE0000-0x00007FF7BCF31000-memory.dmp	upx
behavioral2/memory/404-457-0x00007FF7C99B0000-0x00007FF7C9D01000-memory.dmp	upx
behavioral2/memory/1028-454-0x00007FF6545A0000-0x00007FF6548F1000-memory.dmp	upx
behavioral2/memory/4784-453-0x00007FF6AD610000-0x00007FF6AD961000-memory.dmp	upx
behavioral2/memory/1564-446-0x00007FF7489E0000-0x00007FF748D31000-memory.dmp	upx
behavioral2/memory/4856-466-0x00007FF63D520000-0x00007FF63D871000-memory.dmp	upx
behavioral2/memory/4616-469-0x00007FF6DC8C0000-0x00007FF6DCC11000-memory.dmp	upx
behavioral2/memory/4528-468-0x00007FF7AB9B0000-0x00007FF7ABD01000-memory.dmp	upx
behavioral2/memory/4636-467-0x00007FF7E3890000-0x00007FF7E3BE1000-memory.dmp	upx
behavioral2/memory/3852-465-0x00007FF79D2D0000-0x00007FF79D621000-memory.dmp	upx
behavioral2/memory/4732-1031-0x00007FF7B3FC0000-0x00007FF7B4311000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PNoRKof.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\riXGRZh.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\fYXWIMK.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\eJweaYE.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\LBCPJxX.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\eiHjBxG.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\fFAxlHg.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\LeszLnr.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\ZbhQytw.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\UdUaOpJ.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\vfAuODZ.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\ixKRSSZ.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\fSixRBz.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\KcAWTJK.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\Cuaaoop.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\PriFEXQ.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\KwOJFeH.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\lAqTGsG.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\bFCgwIh.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\PfqEPMT.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\sHkerVU.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\bYqzuSB.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\ocFLsFK.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\AMKzzEC.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\qeHGXOB.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\saDyXgo.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\BWtjHzI.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\pkjpejc.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\nPgrWiu.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\lWbXCbg.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\JuxWAOD.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\woKRrkk.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\nLbEHZE.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\sFMTbWi.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\RRgfeqi.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\SZrkxGb.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\paXsYTY.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\jbHsOdZ.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\wykkZSA.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\OFhImVx.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\PIekLAt.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\fEwubBT.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\sdiCgRw.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\xHXXeWP.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\LopUMsO.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\vWnMDAz.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\NMofAkR.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\kbIcDEv.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\uzygOQd.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\JrSLmED.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\LppxIzw.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\KAsUrid.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\dQWcSlx.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\seLdzrl.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\XZtkmKi.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\Jnwnptp.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\FGSpeIm.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\lrhNvLQ.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\PYUJZeN.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\nudnMAy.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\zbCaVRW.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\RheUumO.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\dEgVpgW.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
File created	C:\Windows\System\rXvpeLN.exe	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15200	dwm.exe
Token: SeChangeNotifyPrivilege	15200	dwm.exe
Token: 33	15200	dwm.exe
Token: SeIncBasePriorityPrivilege	15200	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 3880	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	85
PID 4732 wrote to memory of 3880	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	85
PID 4732 wrote to memory of 2960	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	86
PID 4732 wrote to memory of 2960	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	86
PID 4732 wrote to memory of 1216	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	87
PID 4732 wrote to memory of 1216	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	87
PID 4732 wrote to memory of 4464	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	88
PID 4732 wrote to memory of 4464	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	88
PID 4732 wrote to memory of 4668	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	89
PID 4732 wrote to memory of 4668	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	89
PID 4732 wrote to memory of 1056	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	90
PID 4732 wrote to memory of 1056	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	90
PID 4732 wrote to memory of 3668	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	91
PID 4732 wrote to memory of 3668	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	91
PID 4732 wrote to memory of 2028	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	92
PID 4732 wrote to memory of 2028	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	92
PID 4732 wrote to memory of 4760	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	93
PID 4732 wrote to memory of 4760	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	93
PID 4732 wrote to memory of 4616	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	94
PID 4732 wrote to memory of 4616	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	94
PID 4732 wrote to memory of 1564	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	95
PID 4732 wrote to memory of 1564	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	95
PID 4732 wrote to memory of 2968	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	96
PID 4732 wrote to memory of 2968	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	96
PID 4732 wrote to memory of 1580	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	97
PID 4732 wrote to memory of 1580	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	97
PID 4732 wrote to memory of 4784	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	98
PID 4732 wrote to memory of 4784	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	98
PID 4732 wrote to memory of 1028	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	99
PID 4732 wrote to memory of 1028	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	99
PID 4732 wrote to memory of 2712	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	100
PID 4732 wrote to memory of 2712	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	100
PID 4732 wrote to memory of 1704	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	101
PID 4732 wrote to memory of 1704	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	101
PID 4732 wrote to memory of 404	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	102
PID 4732 wrote to memory of 404	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	102
PID 4732 wrote to memory of 1312	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	103
PID 4732 wrote to memory of 1312	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	103
PID 4732 wrote to memory of 1360	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	104
PID 4732 wrote to memory of 1360	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	104
PID 4732 wrote to memory of 1928	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	105
PID 4732 wrote to memory of 1928	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	105
PID 4732 wrote to memory of 4704	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	106
PID 4732 wrote to memory of 4704	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	106
PID 4732 wrote to memory of 2680	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	107
PID 4732 wrote to memory of 2680	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	107
PID 4732 wrote to memory of 232	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	108
PID 4732 wrote to memory of 232	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	108
PID 4732 wrote to memory of 4544	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	109
PID 4732 wrote to memory of 4544	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	109
PID 4732 wrote to memory of 3852	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	110
PID 4732 wrote to memory of 3852	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	110
PID 4732 wrote to memory of 4856	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	111
PID 4732 wrote to memory of 4856	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	111
PID 4732 wrote to memory of 4636	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	112
PID 4732 wrote to memory of 4636	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	112
PID 4732 wrote to memory of 4528	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	113
PID 4732 wrote to memory of 4528	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	113
PID 4732 wrote to memory of 4476	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	114
PID 4732 wrote to memory of 4476	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	114
PID 4732 wrote to memory of 3524	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	115
PID 4732 wrote to memory of 3524	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	115
PID 4732 wrote to memory of 3412	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	116
PID 4732 wrote to memory of 3412	4732	e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe	116

C:\Users\Admin\AppData\Local\Temp\e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe
"C:\Users\Admin\AppData\Local\Temp\e4b8e8d06bc7fbfe9826c4e606fe2f30N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Windows\System\hXYqLaM.exe
  C:\Windows\System\hXYqLaM.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\NyjiqdJ.exe
  C:\Windows\System\NyjiqdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\oHsWItz.exe
  C:\Windows\System\oHsWItz.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\rldZitx.exe
  C:\Windows\System\rldZitx.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\AXsRGEx.exe
  C:\Windows\System\AXsRGEx.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\gopyPIH.exe
  C:\Windows\System\gopyPIH.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\QKVfIUF.exe
  C:\Windows\System\QKVfIUF.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\dLvyyHV.exe
  C:\Windows\System\dLvyyHV.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\FMTQsTk.exe
  C:\Windows\System\FMTQsTk.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\zlnaGmD.exe
  C:\Windows\System\zlnaGmD.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\OdhpZtb.exe
  C:\Windows\System\OdhpZtb.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\SFpTfSQ.exe
  C:\Windows\System\SFpTfSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\LFbuyas.exe
  C:\Windows\System\LFbuyas.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\pMcmhCr.exe
  C:\Windows\System\pMcmhCr.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\XggvAZE.exe
  C:\Windows\System\XggvAZE.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\weFVMyk.exe
  C:\Windows\System\weFVMyk.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\pjDmxcb.exe
  C:\Windows\System\pjDmxcb.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\KJIHQvi.exe
  C:\Windows\System\KJIHQvi.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\ZIsCDBn.exe
  C:\Windows\System\ZIsCDBn.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\FSLyfcY.exe
  C:\Windows\System\FSLyfcY.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\jLBHQyY.exe
  C:\Windows\System\jLBHQyY.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\kqcaAuQ.exe
  C:\Windows\System\kqcaAuQ.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\CMiaJhg.exe
  C:\Windows\System\CMiaJhg.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ezkLMpz.exe
  C:\Windows\System\ezkLMpz.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\oyldtHn.exe
  C:\Windows\System\oyldtHn.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\ETkgXlz.exe
  C:\Windows\System\ETkgXlz.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\zPdNLCM.exe
  C:\Windows\System\zPdNLCM.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\cdzfoee.exe
  C:\Windows\System\cdzfoee.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\YrHEyld.exe
  C:\Windows\System\YrHEyld.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\AluulcI.exe
  C:\Windows\System\AluulcI.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\koQJwRp.exe
  C:\Windows\System\koQJwRp.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\YHSHSZj.exe
  C:\Windows\System\YHSHSZj.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\pmBcScg.exe
  C:\Windows\System\pmBcScg.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\YbGgceT.exe
  C:\Windows\System\YbGgceT.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\mDxcnXZ.exe
  C:\Windows\System\mDxcnXZ.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\XoPYYop.exe
  C:\Windows\System\XoPYYop.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\bSNKxhH.exe
  C:\Windows\System\bSNKxhH.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\NKxndmI.exe
  C:\Windows\System\NKxndmI.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\bFCgwIh.exe
  C:\Windows\System\bFCgwIh.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\uwVZsQR.exe
  C:\Windows\System\uwVZsQR.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\oHoOMam.exe
  C:\Windows\System\oHoOMam.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\vfAuODZ.exe
  C:\Windows\System\vfAuODZ.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\dChAhlq.exe
  C:\Windows\System\dChAhlq.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\YBXACSj.exe
  C:\Windows\System\YBXACSj.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\bstyqqT.exe
  C:\Windows\System\bstyqqT.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\fRcOKUH.exe
  C:\Windows\System\fRcOKUH.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\XYOObfs.exe
  C:\Windows\System\XYOObfs.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\GBAiQOm.exe
  C:\Windows\System\GBAiQOm.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\sFZhPwH.exe
  C:\Windows\System\sFZhPwH.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\dAeYWeq.exe
  C:\Windows\System\dAeYWeq.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\PvRDKVg.exe
  C:\Windows\System\PvRDKVg.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\hgTHhew.exe
  C:\Windows\System\hgTHhew.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\vTACovU.exe
  C:\Windows\System\vTACovU.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\xvtIiuU.exe
  C:\Windows\System\xvtIiuU.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\ixKRSSZ.exe
  C:\Windows\System\ixKRSSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\iaCNiTl.exe
  C:\Windows\System\iaCNiTl.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\TSGjiip.exe
  C:\Windows\System\TSGjiip.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\IVtFXqK.exe
  C:\Windows\System\IVtFXqK.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\idWhntV.exe
  C:\Windows\System\idWhntV.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\bxLgOad.exe
  C:\Windows\System\bxLgOad.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\gLEPBql.exe
  C:\Windows\System\gLEPBql.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\jtdsUdu.exe
  C:\Windows\System\jtdsUdu.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\fTjiPds.exe
  C:\Windows\System\fTjiPds.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\PsSKndY.exe
  C:\Windows\System\PsSKndY.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\trxauXP.exe
  C:\Windows\System\trxauXP.exe
  2⤵
  PID:1916
- C:\Windows\System\bgQMcWp.exe
  C:\Windows\System\bgQMcWp.exe
  2⤵
  PID:4316
- C:\Windows\System\gnNUisj.exe
  C:\Windows\System\gnNUisj.exe
  2⤵
  PID:3968
- C:\Windows\System\CugvtnZ.exe
  C:\Windows\System\CugvtnZ.exe
  2⤵
  PID:3440
- C:\Windows\System\JAhpXLn.exe
  C:\Windows\System\JAhpXLn.exe
  2⤵
  PID:1708
- C:\Windows\System\dijoAko.exe
  C:\Windows\System\dijoAko.exe
  2⤵
  PID:5132
- C:\Windows\System\IsNZzmi.exe
  C:\Windows\System\IsNZzmi.exe
  2⤵
  PID:5160
- C:\Windows\System\lLJcRjv.exe
  C:\Windows\System\lLJcRjv.exe
  2⤵
  PID:5180
- C:\Windows\System\kgnpBOM.exe
  C:\Windows\System\kgnpBOM.exe
  2⤵
  PID:5204
- C:\Windows\System\MqtioRm.exe
  C:\Windows\System\MqtioRm.exe
  2⤵
  PID:5232
- C:\Windows\System\HrkkEys.exe
  C:\Windows\System\HrkkEys.exe
  2⤵
  PID:5260
- C:\Windows\System\qVotbqp.exe
  C:\Windows\System\qVotbqp.exe
  2⤵
  PID:5288
- C:\Windows\System\PbWJadN.exe
  C:\Windows\System\PbWJadN.exe
  2⤵
  PID:5316
- C:\Windows\System\VRsnAoM.exe
  C:\Windows\System\VRsnAoM.exe
  2⤵
  PID:5348
- C:\Windows\System\gnwHXnw.exe
  C:\Windows\System\gnwHXnw.exe
  2⤵
  PID:5376
- C:\Windows\System\mFzjONF.exe
  C:\Windows\System\mFzjONF.exe
  2⤵
  PID:5404
- C:\Windows\System\ZGcPkmP.exe
  C:\Windows\System\ZGcPkmP.exe
  2⤵
  PID:5432
- C:\Windows\System\tFyVDNT.exe
  C:\Windows\System\tFyVDNT.exe
  2⤵
  PID:5460
- C:\Windows\System\osgxkKS.exe
  C:\Windows\System\osgxkKS.exe
  2⤵
  PID:5484
- C:\Windows\System\zXgPRRF.exe
  C:\Windows\System\zXgPRRF.exe
  2⤵
  PID:5512
- C:\Windows\System\sNSpxYV.exe
  C:\Windows\System\sNSpxYV.exe
  2⤵
  PID:5540
- C:\Windows\System\uzygOQd.exe
  C:\Windows\System\uzygOQd.exe
  2⤵
  PID:5572
- C:\Windows\System\fSixRBz.exe
  C:\Windows\System\fSixRBz.exe
  2⤵
  PID:5600
- C:\Windows\System\uYeZgQe.exe
  C:\Windows\System\uYeZgQe.exe
  2⤵
  PID:5628
- C:\Windows\System\cOtwRZY.exe
  C:\Windows\System\cOtwRZY.exe
  2⤵
  PID:5652
- C:\Windows\System\LuQYbJA.exe
  C:\Windows\System\LuQYbJA.exe
  2⤵
  PID:5684
- C:\Windows\System\mMicAvi.exe
  C:\Windows\System\mMicAvi.exe
  2⤵
  PID:5708
- C:\Windows\System\mcXKFEl.exe
  C:\Windows\System\mcXKFEl.exe
  2⤵
  PID:5740
- C:\Windows\System\OWzHMsn.exe
  C:\Windows\System\OWzHMsn.exe
  2⤵
  PID:5764
- C:\Windows\System\FGSpeIm.exe
  C:\Windows\System\FGSpeIm.exe
  2⤵
  PID:5796
- C:\Windows\System\hXAKRcN.exe
  C:\Windows\System\hXAKRcN.exe
  2⤵
  PID:5820
- C:\Windows\System\KTcqAvb.exe
  C:\Windows\System\KTcqAvb.exe
  2⤵
  PID:5848
- C:\Windows\System\IyYElyl.exe
  C:\Windows\System\IyYElyl.exe
  2⤵
  PID:5880
- C:\Windows\System\uOODnVG.exe
  C:\Windows\System\uOODnVG.exe
  2⤵
  PID:5908
- C:\Windows\System\BUMvJkh.exe
  C:\Windows\System\BUMvJkh.exe
  2⤵
  PID:5936
- C:\Windows\System\VBgeTPn.exe
  C:\Windows\System\VBgeTPn.exe
  2⤵
  PID:5964
- C:\Windows\System\OqPRkXe.exe
  C:\Windows\System\OqPRkXe.exe
  2⤵
  PID:5992
- C:\Windows\System\losguvb.exe
  C:\Windows\System\losguvb.exe
  2⤵
  PID:6020
- C:\Windows\System\LopUMsO.exe
  C:\Windows\System\LopUMsO.exe
  2⤵
  PID:6048
- C:\Windows\System\GcagAuS.exe
  C:\Windows\System\GcagAuS.exe
  2⤵
  PID:6072
- C:\Windows\System\wgnUvIG.exe
  C:\Windows\System\wgnUvIG.exe
  2⤵
  PID:6100
- C:\Windows\System\lDzpTqx.exe
  C:\Windows\System\lDzpTqx.exe
  2⤵
  PID:6128
- C:\Windows\System\vvRCytN.exe
  C:\Windows\System\vvRCytN.exe
  2⤵
  PID:1060
- C:\Windows\System\NyKgzpi.exe
  C:\Windows\System\NyKgzpi.exe
  2⤵
  PID:2376
- C:\Windows\System\zTynTeb.exe
  C:\Windows\System\zTynTeb.exe
  2⤵
  PID:1904
- C:\Windows\System\nLbEHZE.exe
  C:\Windows\System\nLbEHZE.exe
  2⤵
  PID:4424
- C:\Windows\System\ePDFyqS.exe
  C:\Windows\System\ePDFyqS.exe
  2⤵
  PID:5148
- C:\Windows\System\HLrfJAI.exe
  C:\Windows\System\HLrfJAI.exe
  2⤵
  PID:5196
- C:\Windows\System\cjnCqrQ.exe
  C:\Windows\System\cjnCqrQ.exe
  2⤵
  PID:5256
- C:\Windows\System\DUiPKFW.exe
  C:\Windows\System\DUiPKFW.exe
  2⤵
  PID:5308
- C:\Windows\System\GLXQEwq.exe
  C:\Windows\System\GLXQEwq.exe
  2⤵
  PID:5360
- C:\Windows\System\SKpRzbo.exe
  C:\Windows\System\SKpRzbo.exe
  2⤵
  PID:5420
- C:\Windows\System\mbFTEIe.exe
  C:\Windows\System\mbFTEIe.exe
  2⤵
  PID:5500
- C:\Windows\System\irUnEEL.exe
  C:\Windows\System\irUnEEL.exe
  2⤵
  PID:5536
- C:\Windows\System\IlCGoJs.exe
  C:\Windows\System\IlCGoJs.exe
  2⤵
  PID:4728
- C:\Windows\System\PfqEPMT.exe
  C:\Windows\System\PfqEPMT.exe
  2⤵
  PID:5648
- C:\Windows\System\keWPDnq.exe
  C:\Windows\System\keWPDnq.exe
  2⤵
  PID:5724
- C:\Windows\System\xvxNymQ.exe
  C:\Windows\System\xvxNymQ.exe
  2⤵
  PID:5780
- C:\Windows\System\igKPHZt.exe
  C:\Windows\System\igKPHZt.exe
  2⤵
  PID:5836
- C:\Windows\System\ZuOeCjZ.exe
  C:\Windows\System\ZuOeCjZ.exe
  2⤵
  PID:5928
- C:\Windows\System\BIOfszm.exe
  C:\Windows\System\BIOfszm.exe
  2⤵
  PID:2564
- C:\Windows\System\lrhNvLQ.exe
  C:\Windows\System\lrhNvLQ.exe
  2⤵
  PID:6012
- C:\Windows\System\KcAWTJK.exe
  C:\Windows\System\KcAWTJK.exe
  2⤵
  PID:228
- C:\Windows\System\wuYhYWq.exe
  C:\Windows\System\wuYhYWq.exe
  2⤵
  PID:4356
- C:\Windows\System\PaZOYNj.exe
  C:\Windows\System\PaZOYNj.exe
  2⤵
  PID:2708
- C:\Windows\System\AUelPTH.exe
  C:\Windows\System\AUelPTH.exe
  2⤵
  PID:5396
- C:\Windows\System\XJSkBHP.exe
  C:\Windows\System\XJSkBHP.exe
  2⤵
  PID:2544
- C:\Windows\System\EtyZwbJ.exe
  C:\Windows\System\EtyZwbJ.exe
  2⤵
  PID:2972
- C:\Windows\System\KTIGZdf.exe
  C:\Windows\System\KTIGZdf.exe
  2⤵
  PID:976
- C:\Windows\System\cwIZZqx.exe
  C:\Windows\System\cwIZZqx.exe
  2⤵
  PID:1996
- C:\Windows\System\FZDGNBw.exe
  C:\Windows\System\FZDGNBw.exe
  2⤵
  PID:4400
- C:\Windows\System\FIDtlOb.exe
  C:\Windows\System\FIDtlOb.exe
  2⤵
  PID:2328
- C:\Windows\System\ciKxHPE.exe
  C:\Windows\System\ciKxHPE.exe
  2⤵
  PID:1196
- C:\Windows\System\MYMEjgk.exe
  C:\Windows\System\MYMEjgk.exe
  2⤵
  PID:2604
- C:\Windows\System\HHwVEho.exe
  C:\Windows\System\HHwVEho.exe
  2⤵
  PID:544
- C:\Windows\System\TfenKzU.exe
  C:\Windows\System\TfenKzU.exe
  2⤵
  PID:2184
- C:\Windows\System\ArWDgPZ.exe
  C:\Windows\System\ArWDgPZ.exe
  2⤵
  PID:1576
- C:\Windows\System\OECPfLF.exe
  C:\Windows\System\OECPfLF.exe
  2⤵
  PID:5760
- C:\Windows\System\qeHGXOB.exe
  C:\Windows\System\qeHGXOB.exe
  2⤵
  PID:4696
- C:\Windows\System\EyCSlfI.exe
  C:\Windows\System\EyCSlfI.exe
  2⤵
  PID:3256
- C:\Windows\System\josMnaj.exe
  C:\Windows\System\josMnaj.exe
  2⤵
  PID:4908
- C:\Windows\System\vGUuQeC.exe
  C:\Windows\System\vGUuQeC.exe
  2⤵
  PID:5868
- C:\Windows\System\yBHmves.exe
  C:\Windows\System\yBHmves.exe
  2⤵
  PID:6036
- C:\Windows\System\XITYXIr.exe
  C:\Windows\System\XITYXIr.exe
  2⤵
  PID:6068
- C:\Windows\System\NfkxsNh.exe
  C:\Windows\System\NfkxsNh.exe
  2⤵
  PID:2948
- C:\Windows\System\ugCjkaO.exe
  C:\Windows\System\ugCjkaO.exe
  2⤵
  PID:5476
- C:\Windows\System\xfxVVOy.exe
  C:\Windows\System\xfxVVOy.exe
  2⤵
  PID:6064
- C:\Windows\System\HPthubn.exe
  C:\Windows\System\HPthubn.exe
  2⤵
  PID:740
- C:\Windows\System\KURCAMe.exe
  C:\Windows\System\KURCAMe.exe
  2⤵
  PID:4700
- C:\Windows\System\OLAPYUn.exe
  C:\Windows\System\OLAPYUn.exe
  2⤵
  PID:384
- C:\Windows\System\saDyXgo.exe
  C:\Windows\System\saDyXgo.exe
  2⤵
  PID:5704
- C:\Windows\System\BWtjHzI.exe
  C:\Windows\System\BWtjHzI.exe
  2⤵
  PID:1084
- C:\Windows\System\vnKInqs.exe
  C:\Windows\System\vnKInqs.exe
  2⤵
  PID:2572
- C:\Windows\System\LdpMLdE.exe
  C:\Windows\System\LdpMLdE.exe
  2⤵
  PID:2408
- C:\Windows\System\nEbDhFK.exe
  C:\Windows\System\nEbDhFK.exe
  2⤵
  PID:5952
- C:\Windows\System\UZmInwe.exe
  C:\Windows\System\UZmInwe.exe
  2⤵
  PID:2332
- C:\Windows\System\ZxFcrpv.exe
  C:\Windows\System\ZxFcrpv.exe
  2⤵
  PID:5956
- C:\Windows\System\TqKhDQw.exe
  C:\Windows\System\TqKhDQw.exe
  2⤵
  PID:2728
- C:\Windows\System\deMzCMg.exe
  C:\Windows\System\deMzCMg.exe
  2⤵
  PID:1524
- C:\Windows\System\hEHVlHl.exe
  C:\Windows\System\hEHVlHl.exe
  2⤵
  PID:440
- C:\Windows\System\ErqNlxf.exe
  C:\Windows\System\ErqNlxf.exe
  2⤵
  PID:2008
- C:\Windows\System\LFeSPRb.exe
  C:\Windows\System\LFeSPRb.exe
  2⤵
  PID:3912
- C:\Windows\System\tTnHoVV.exe
  C:\Windows\System\tTnHoVV.exe
  2⤵
  PID:3980
- C:\Windows\System\ZGWeVuC.exe
  C:\Windows\System\ZGWeVuC.exe
  2⤵
  PID:6124
- C:\Windows\System\VsZzjTv.exe
  C:\Windows\System\VsZzjTv.exe
  2⤵
  PID:5700
- C:\Windows\System\kraakhw.exe
  C:\Windows\System\kraakhw.exe
  2⤵
  PID:6156
- C:\Windows\System\itBNxQa.exe
  C:\Windows\System\itBNxQa.exe
  2⤵
  PID:6176
- C:\Windows\System\UmfIdgk.exe
  C:\Windows\System\UmfIdgk.exe
  2⤵
  PID:6196
- C:\Windows\System\QzUhiai.exe
  C:\Windows\System\QzUhiai.exe
  2⤵
  PID:6220
- C:\Windows\System\psxDAei.exe
  C:\Windows\System\psxDAei.exe
  2⤵
  PID:6244
- C:\Windows\System\HVDFBWZ.exe
  C:\Windows\System\HVDFBWZ.exe
  2⤵
  PID:6264
- C:\Windows\System\TnOZDeB.exe
  C:\Windows\System\TnOZDeB.exe
  2⤵
  PID:6336
- C:\Windows\System\FpQMpPn.exe
  C:\Windows\System\FpQMpPn.exe
  2⤵
  PID:6352
- C:\Windows\System\paXsYTY.exe
  C:\Windows\System\paXsYTY.exe
  2⤵
  PID:6408
- C:\Windows\System\IgtWwtP.exe
  C:\Windows\System\IgtWwtP.exe
  2⤵
  PID:6436
- C:\Windows\System\FumGIGY.exe
  C:\Windows\System\FumGIGY.exe
  2⤵
  PID:6460
- C:\Windows\System\cZreVZQ.exe
  C:\Windows\System\cZreVZQ.exe
  2⤵
  PID:6476
- C:\Windows\System\onNFSnT.exe
  C:\Windows\System\onNFSnT.exe
  2⤵
  PID:6516
- C:\Windows\System\fEAYOYA.exe
  C:\Windows\System\fEAYOYA.exe
  2⤵
  PID:6544
- C:\Windows\System\Hmvpxxk.exe
  C:\Windows\System\Hmvpxxk.exe
  2⤵
  PID:6564
- C:\Windows\System\XKtMIMA.exe
  C:\Windows\System\XKtMIMA.exe
  2⤵
  PID:6604
- C:\Windows\System\ZGFneZt.exe
  C:\Windows\System\ZGFneZt.exe
  2⤵
  PID:6624
- C:\Windows\System\KFUHQZT.exe
  C:\Windows\System\KFUHQZT.exe
  2⤵
  PID:6640
- C:\Windows\System\NmkcZRE.exe
  C:\Windows\System\NmkcZRE.exe
  2⤵
  PID:6660
- C:\Windows\System\uJYRQKC.exe
  C:\Windows\System\uJYRQKC.exe
  2⤵
  PID:6676
- C:\Windows\System\AwzqOba.exe
  C:\Windows\System\AwzqOba.exe
  2⤵
  PID:6696
- C:\Windows\System\sFMTbWi.exe
  C:\Windows\System\sFMTbWi.exe
  2⤵
  PID:6720
- C:\Windows\System\MCuOGjq.exe
  C:\Windows\System\MCuOGjq.exe
  2⤵
  PID:6736
- C:\Windows\System\ahEuFpz.exe
  C:\Windows\System\ahEuFpz.exe
  2⤵
  PID:6768
- C:\Windows\System\hxVgsjR.exe
  C:\Windows\System\hxVgsjR.exe
  2⤵
  PID:6792
- C:\Windows\System\ObMCydM.exe
  C:\Windows\System\ObMCydM.exe
  2⤵
  PID:6808
- C:\Windows\System\WliMizh.exe
  C:\Windows\System\WliMizh.exe
  2⤵
  PID:6856
- C:\Windows\System\WTHihWS.exe
  C:\Windows\System\WTHihWS.exe
  2⤵
  PID:6888
- C:\Windows\System\xtLzloX.exe
  C:\Windows\System\xtLzloX.exe
  2⤵
  PID:6924
- C:\Windows\System\PmEIyNf.exe
  C:\Windows\System\PmEIyNf.exe
  2⤵
  PID:6976
- C:\Windows\System\oamjDUD.exe
  C:\Windows\System\oamjDUD.exe
  2⤵
  PID:7000
- C:\Windows\System\fYXWIMK.exe
  C:\Windows\System\fYXWIMK.exe
  2⤵
  PID:7028
- C:\Windows\System\QQAcDZZ.exe
  C:\Windows\System\QQAcDZZ.exe
  2⤵
  PID:7044
- C:\Windows\System\bXgAqse.exe
  C:\Windows\System\bXgAqse.exe
  2⤵
  PID:7076
- C:\Windows\System\vluxOpf.exe
  C:\Windows\System\vluxOpf.exe
  2⤵
  PID:7096
- C:\Windows\System\DYeGQcr.exe
  C:\Windows\System\DYeGQcr.exe
  2⤵
  PID:7144
- C:\Windows\System\ZznMRTW.exe
  C:\Windows\System\ZznMRTW.exe
  2⤵
  PID:6168
- C:\Windows\System\dLQuNDr.exe
  C:\Windows\System\dLQuNDr.exe
  2⤵
  PID:6212
- C:\Windows\System\mchYKAO.exe
  C:\Windows\System\mchYKAO.exe
  2⤵
  PID:6284
- C:\Windows\System\HWiZGGn.exe
  C:\Windows\System\HWiZGGn.exe
  2⤵
  PID:6368
- C:\Windows\System\ZkPofJs.exe
  C:\Windows\System\ZkPofJs.exe
  2⤵
  PID:6404
- C:\Windows\System\sHkerVU.exe
  C:\Windows\System\sHkerVU.exe
  2⤵
  PID:6444
- C:\Windows\System\MsNKcva.exe
  C:\Windows\System\MsNKcva.exe
  2⤵
  PID:6496
- C:\Windows\System\FQWPgZf.exe
  C:\Windows\System\FQWPgZf.exe
  2⤵
  PID:6556
- C:\Windows\System\MbhWxmA.exe
  C:\Windows\System\MbhWxmA.exe
  2⤵
  PID:6620
- C:\Windows\System\NvLsUAq.exe
  C:\Windows\System\NvLsUAq.exe
  2⤵
  PID:6632
- C:\Windows\System\DyIbRhP.exe
  C:\Windows\System\DyIbRhP.exe
  2⤵
  PID:6816
- C:\Windows\System\SeDlXwJ.exe
  C:\Windows\System\SeDlXwJ.exe
  2⤵
  PID:6716
- C:\Windows\System\kAFIfvp.exe
  C:\Windows\System\kAFIfvp.exe
  2⤵
  PID:6920
- C:\Windows\System\CJxBTzU.exe
  C:\Windows\System\CJxBTzU.exe
  2⤵
  PID:6972
- C:\Windows\System\OAHTcMR.exe
  C:\Windows\System\OAHTcMR.exe
  2⤵
  PID:7008
- C:\Windows\System\kZDboLr.exe
  C:\Windows\System\kZDboLr.exe
  2⤵
  PID:7040
- C:\Windows\System\wQGXToL.exe
  C:\Windows\System\wQGXToL.exe
  2⤵
  PID:7164
- C:\Windows\System\PIEcMjY.exe
  C:\Windows\System\PIEcMjY.exe
  2⤵
  PID:6152
- C:\Windows\System\ybwMhwk.exe
  C:\Windows\System\ybwMhwk.exe
  2⤵
  PID:6360
- C:\Windows\System\LPhtglq.exe
  C:\Windows\System\LPhtglq.exe
  2⤵
  PID:6508
- C:\Windows\System\PYUJZeN.exe
  C:\Windows\System\PYUJZeN.exe
  2⤵
  PID:6616
- C:\Windows\System\EdsCjfp.exe
  C:\Windows\System\EdsCjfp.exe
  2⤵
  PID:7068
- C:\Windows\System\LDVLXzQ.exe
  C:\Windows\System\LDVLXzQ.exe
  2⤵
  PID:7024
- C:\Windows\System\uutgcyv.exe
  C:\Windows\System\uutgcyv.exe
  2⤵
  PID:6428
- C:\Windows\System\vWnMDAz.exe
  C:\Windows\System\vWnMDAz.exe
  2⤵
  PID:6832
- C:\Windows\System\sBbbPor.exe
  C:\Windows\System\sBbbPor.exe
  2⤵
  PID:6968
- C:\Windows\System\chLRbqF.exe
  C:\Windows\System\chLRbqF.exe
  2⤵
  PID:6704
- C:\Windows\System\UfaZBDM.exe
  C:\Windows\System\UfaZBDM.exe
  2⤵
  PID:7176
- C:\Windows\System\iNyaAuO.exe
  C:\Windows\System\iNyaAuO.exe
  2⤵
  PID:7196
- C:\Windows\System\bYqzuSB.exe
  C:\Windows\System\bYqzuSB.exe
  2⤵
  PID:7224
- C:\Windows\System\QZbVltP.exe
  C:\Windows\System\QZbVltP.exe
  2⤵
  PID:7248
- C:\Windows\System\TkvSClU.exe
  C:\Windows\System\TkvSClU.exe
  2⤵
  PID:7268
- C:\Windows\System\ptpeYog.exe
  C:\Windows\System\ptpeYog.exe
  2⤵
  PID:7296
- C:\Windows\System\VaOlkWx.exe
  C:\Windows\System\VaOlkWx.exe
  2⤵
  PID:7324
- C:\Windows\System\anRuubU.exe
  C:\Windows\System\anRuubU.exe
  2⤵
  PID:7340
- C:\Windows\System\PGEBAwq.exe
  C:\Windows\System\PGEBAwq.exe
  2⤵
  PID:7376
- C:\Windows\System\rUxkPcC.exe
  C:\Windows\System\rUxkPcC.exe
  2⤵
  PID:7396
- C:\Windows\System\SvImFCP.exe
  C:\Windows\System\SvImFCP.exe
  2⤵
  PID:7472
- C:\Windows\System\JRJjCXZ.exe
  C:\Windows\System\JRJjCXZ.exe
  2⤵
  PID:7488
- C:\Windows\System\GEJbkwj.exe
  C:\Windows\System\GEJbkwj.exe
  2⤵
  PID:7508
- C:\Windows\System\YDxYHYD.exe
  C:\Windows\System\YDxYHYD.exe
  2⤵
  PID:7528
- C:\Windows\System\IyBSnZY.exe
  C:\Windows\System\IyBSnZY.exe
  2⤵
  PID:7548
- C:\Windows\System\PWoQZsD.exe
  C:\Windows\System\PWoQZsD.exe
  2⤵
  PID:7568
- C:\Windows\System\QdWwBnb.exe
  C:\Windows\System\QdWwBnb.exe
  2⤵
  PID:7588
- C:\Windows\System\FeWeETF.exe
  C:\Windows\System\FeWeETF.exe
  2⤵
  PID:7608
- C:\Windows\System\Cuaaoop.exe
  C:\Windows\System\Cuaaoop.exe
  2⤵
  PID:7636
- C:\Windows\System\XxxmAgB.exe
  C:\Windows\System\XxxmAgB.exe
  2⤵
  PID:7660
- C:\Windows\System\TUvxedV.exe
  C:\Windows\System\TUvxedV.exe
  2⤵
  PID:7680
- C:\Windows\System\NMofAkR.exe
  C:\Windows\System\NMofAkR.exe
  2⤵
  PID:7704
- C:\Windows\System\qdnkOsx.exe
  C:\Windows\System\qdnkOsx.exe
  2⤵
  PID:7724
- C:\Windows\System\LPkJKSB.exe
  C:\Windows\System\LPkJKSB.exe
  2⤵
  PID:7740
- C:\Windows\System\bfpnTlI.exe
  C:\Windows\System\bfpnTlI.exe
  2⤵
  PID:7792
- C:\Windows\System\qbNNXvt.exe
  C:\Windows\System\qbNNXvt.exe
  2⤵
  PID:7864
- C:\Windows\System\lzbpdZl.exe
  C:\Windows\System\lzbpdZl.exe
  2⤵
  PID:7888
- C:\Windows\System\DnRKgsG.exe
  C:\Windows\System\DnRKgsG.exe
  2⤵
  PID:7916
- C:\Windows\System\eoOcGjk.exe
  C:\Windows\System\eoOcGjk.exe
  2⤵
  PID:7952
- C:\Windows\System\sgphlYS.exe
  C:\Windows\System\sgphlYS.exe
  2⤵
  PID:7980
- C:\Windows\System\YuIerCi.exe
  C:\Windows\System\YuIerCi.exe
  2⤵
  PID:8012
- C:\Windows\System\GxSwCVR.exe
  C:\Windows\System\GxSwCVR.exe
  2⤵
  PID:8032
- C:\Windows\System\WhTuYjo.exe
  C:\Windows\System\WhTuYjo.exe
  2⤵
  PID:8072
- C:\Windows\System\IAgfGGo.exe
  C:\Windows\System\IAgfGGo.exe
  2⤵
  PID:8100
- C:\Windows\System\fBqJJav.exe
  C:\Windows\System\fBqJJav.exe
  2⤵
  PID:8116
- C:\Windows\System\nudnMAy.exe
  C:\Windows\System\nudnMAy.exe
  2⤵
  PID:8136
- C:\Windows\System\HijAtNs.exe
  C:\Windows\System\HijAtNs.exe
  2⤵
  PID:8160
- C:\Windows\System\OpqqkkB.exe
  C:\Windows\System\OpqqkkB.exe
  2⤵
  PID:7072
- C:\Windows\System\qYxiocd.exe
  C:\Windows\System\qYxiocd.exe
  2⤵
  PID:5108
- C:\Windows\System\wYNbYtK.exe
  C:\Windows\System\wYNbYtK.exe
  2⤵
  PID:7264
- C:\Windows\System\QyzjsoN.exe
  C:\Windows\System\QyzjsoN.exe
  2⤵
  PID:7312
- C:\Windows\System\yzzwjEN.exe
  C:\Windows\System\yzzwjEN.exe
  2⤵
  PID:7364
- C:\Windows\System\iWpntQH.exe
  C:\Windows\System\iWpntQH.exe
  2⤵
  PID:7416
- C:\Windows\System\bTaDFIm.exe
  C:\Windows\System\bTaDFIm.exe
  2⤵
  PID:7520
- C:\Windows\System\NRZraoA.exe
  C:\Windows\System\NRZraoA.exe
  2⤵
  PID:7600
- C:\Windows\System\GSKAWzT.exe
  C:\Windows\System\GSKAWzT.exe
  2⤵
  PID:7700
- C:\Windows\System\zbHArka.exe
  C:\Windows\System\zbHArka.exe
  2⤵
  PID:7720
- C:\Windows\System\nPgrWiu.exe
  C:\Windows\System\nPgrWiu.exe
  2⤵
  PID:7788
- C:\Windows\System\PKnfexg.exe
  C:\Windows\System\PKnfexg.exe
  2⤵
  PID:7836
- C:\Windows\System\RrmXwom.exe
  C:\Windows\System\RrmXwom.exe
  2⤵
  PID:7876
- C:\Windows\System\vtHGdWK.exe
  C:\Windows\System\vtHGdWK.exe
  2⤵
  PID:7932
- C:\Windows\System\ckGfdet.exe
  C:\Windows\System\ckGfdet.exe
  2⤵
  PID:8068
- C:\Windows\System\EwQornU.exe
  C:\Windows\System\EwQornU.exe
  2⤵
  PID:7188
- C:\Windows\System\mWaubTO.exe
  C:\Windows\System\mWaubTO.exe
  2⤵
  PID:7484
- C:\Windows\System\RQcxkxS.exe
  C:\Windows\System\RQcxkxS.exe
  2⤵
  PID:7304
- C:\Windows\System\PqzHTTw.exe
  C:\Windows\System\PqzHTTw.exe
  2⤵
  PID:7556
- C:\Windows\System\KgMBNWi.exe
  C:\Windows\System\KgMBNWi.exe
  2⤵
  PID:7584
- C:\Windows\System\USNPpGw.exe
  C:\Windows\System\USNPpGw.exe
  2⤵
  PID:7780
- C:\Windows\System\TqlLXuU.exe
  C:\Windows\System\TqlLXuU.exe
  2⤵
  PID:7964
- C:\Windows\System\WUlWddw.exe
  C:\Windows\System\WUlWddw.exe
  2⤵
  PID:8092
- C:\Windows\System\QlNNcee.exe
  C:\Windows\System\QlNNcee.exe
  2⤵
  PID:8128
- C:\Windows\System\ENmmDEj.exe
  C:\Windows\System\ENmmDEj.exe
  2⤵
  PID:7288
- C:\Windows\System\JrSLmED.exe
  C:\Windows\System\JrSLmED.exe
  2⤵
  PID:7628
- C:\Windows\System\jkVXshy.exe
  C:\Windows\System\jkVXshy.exe
  2⤵
  PID:7736
- C:\Windows\System\hiRkcln.exe
  C:\Windows\System\hiRkcln.exe
  2⤵
  PID:8220
- C:\Windows\System\bsXndaK.exe
  C:\Windows\System\bsXndaK.exe
  2⤵
  PID:8268
- C:\Windows\System\VpDrYns.exe
  C:\Windows\System\VpDrYns.exe
  2⤵
  PID:8300
- C:\Windows\System\SLpluvD.exe
  C:\Windows\System\SLpluvD.exe
  2⤵
  PID:8316
- C:\Windows\System\PriFEXQ.exe
  C:\Windows\System\PriFEXQ.exe
  2⤵
  PID:8336
- C:\Windows\System\qYQWwoK.exe
  C:\Windows\System\qYQWwoK.exe
  2⤵
  PID:8364
- C:\Windows\System\dGQxGIh.exe
  C:\Windows\System\dGQxGIh.exe
  2⤵
  PID:8388
- C:\Windows\System\SBVovOu.exe
  C:\Windows\System\SBVovOu.exe
  2⤵
  PID:8404
- C:\Windows\System\PKHCOeB.exe
  C:\Windows\System\PKHCOeB.exe
  2⤵
  PID:8424
- C:\Windows\System\kAzxsRS.exe
  C:\Windows\System\kAzxsRS.exe
  2⤵
  PID:8468
- C:\Windows\System\kTbdcul.exe
  C:\Windows\System\kTbdcul.exe
  2⤵
  PID:8488
- C:\Windows\System\eIXFScX.exe
  C:\Windows\System\eIXFScX.exe
  2⤵
  PID:8528
- C:\Windows\System\ULcfJHG.exe
  C:\Windows\System\ULcfJHG.exe
  2⤵
  PID:8552
- C:\Windows\System\mVMvrBQ.exe
  C:\Windows\System\mVMvrBQ.exe
  2⤵
  PID:8600
- C:\Windows\System\PDpcsTU.exe
  C:\Windows\System\PDpcsTU.exe
  2⤵
  PID:8632
- C:\Windows\System\qkydXWp.exe
  C:\Windows\System\qkydXWp.exe
  2⤵
  PID:8652
- C:\Windows\System\KwOJFeH.exe
  C:\Windows\System\KwOJFeH.exe
  2⤵
  PID:8668
- C:\Windows\System\kbIcDEv.exe
  C:\Windows\System\kbIcDEv.exe
  2⤵
  PID:8700
- C:\Windows\System\RRIPsTh.exe
  C:\Windows\System\RRIPsTh.exe
  2⤵
  PID:8724
- C:\Windows\System\mrgdSEC.exe
  C:\Windows\System\mrgdSEC.exe
  2⤵
  PID:8744
- C:\Windows\System\bXuwevG.exe
  C:\Windows\System\bXuwevG.exe
  2⤵
  PID:8768
- C:\Windows\System\kQbYqOt.exe
  C:\Windows\System\kQbYqOt.exe
  2⤵
  PID:8788
- C:\Windows\System\zwAhtnW.exe
  C:\Windows\System\zwAhtnW.exe
  2⤵
  PID:8844
- C:\Windows\System\SFweQJC.exe
  C:\Windows\System\SFweQJC.exe
  2⤵
  PID:8876
- C:\Windows\System\tUtHsnO.exe
  C:\Windows\System\tUtHsnO.exe
  2⤵
  PID:8916
- C:\Windows\System\OmlEbpj.exe
  C:\Windows\System\OmlEbpj.exe
  2⤵
  PID:8964
- C:\Windows\System\gQzIhVs.exe
  C:\Windows\System\gQzIhVs.exe
  2⤵
  PID:9008
- C:\Windows\System\pkjpejc.exe
  C:\Windows\System\pkjpejc.exe
  2⤵
  PID:9028
- C:\Windows\System\pyGnFWM.exe
  C:\Windows\System\pyGnFWM.exe
  2⤵
  PID:9068
- C:\Windows\System\QHWTQZx.exe
  C:\Windows\System\QHWTQZx.exe
  2⤵
  PID:9084
- C:\Windows\System\GQKncYK.exe
  C:\Windows\System\GQKncYK.exe
  2⤵
  PID:9112
- C:\Windows\System\ZaaDjRB.exe
  C:\Windows\System\ZaaDjRB.exe
  2⤵
  PID:9136
- C:\Windows\System\YxabQra.exe
  C:\Windows\System\YxabQra.exe
  2⤵
  PID:9156
- C:\Windows\System\fFxvOux.exe
  C:\Windows\System\fFxvOux.exe
  2⤵
  PID:9180
- C:\Windows\System\eQXobPf.exe
  C:\Windows\System\eQXobPf.exe
  2⤵
  PID:7348
- C:\Windows\System\eqvGTNb.exe
  C:\Windows\System\eqvGTNb.exe
  2⤵
  PID:8216
- C:\Windows\System\uFMAUww.exe
  C:\Windows\System\uFMAUww.exe
  2⤵
  PID:8280
- C:\Windows\System\UelPpGk.exe
  C:\Windows\System\UelPpGk.exe
  2⤵
  PID:6900
- C:\Windows\System\hwvLiDL.exe
  C:\Windows\System\hwvLiDL.exe
  2⤵
  PID:8380
- C:\Windows\System\RgSNMkW.exe
  C:\Windows\System\RgSNMkW.exe
  2⤵
  PID:8520
- C:\Windows\System\Lmzkmfz.exe
  C:\Windows\System\Lmzkmfz.exe
  2⤵
  PID:8560
- C:\Windows\System\jMPbNiE.exe
  C:\Windows\System\jMPbNiE.exe
  2⤵
  PID:8612
- C:\Windows\System\AGSnlNN.exe
  C:\Windows\System\AGSnlNN.exe
  2⤵
  PID:8644
- C:\Windows\System\jFhZiqW.exe
  C:\Windows\System\jFhZiqW.exe
  2⤵
  PID:8696
- C:\Windows\System\ILsqlqE.exe
  C:\Windows\System\ILsqlqE.exe
  2⤵
  PID:8796
- C:\Windows\System\TsXASVu.exe
  C:\Windows\System\TsXASVu.exe
  2⤵
  PID:8904
- C:\Windows\System\OFOQeUr.exe
  C:\Windows\System\OFOQeUr.exe
  2⤵
  PID:8872
- C:\Windows\System\mpoGcaf.exe
  C:\Windows\System\mpoGcaf.exe
  2⤵
  PID:9024
- C:\Windows\System\mSLiUzo.exe
  C:\Windows\System\mSLiUzo.exe
  2⤵
  PID:9064
- C:\Windows\System\aHEAuZq.exe
  C:\Windows\System\aHEAuZq.exe
  2⤵
  PID:9124
- C:\Windows\System\cmymlrw.exe
  C:\Windows\System\cmymlrw.exe
  2⤵
  PID:9212
- C:\Windows\System\YshXhoz.exe
  C:\Windows\System\YshXhoz.exe
  2⤵
  PID:9208
- C:\Windows\System\sJOYnXh.exe
  C:\Windows\System\sJOYnXh.exe
  2⤵
  PID:8260
- C:\Windows\System\BnVVzPG.exe
  C:\Windows\System\BnVVzPG.exe
  2⤵
  PID:8396
- C:\Windows\System\wfaqDNF.exe
  C:\Windows\System\wfaqDNF.exe
  2⤵
  PID:8688
- C:\Windows\System\wPjvoRn.exe
  C:\Windows\System\wPjvoRn.exe
  2⤵
  PID:8664
- C:\Windows\System\UlByyQq.exe
  C:\Windows\System\UlByyQq.exe
  2⤵
  PID:8948
- C:\Windows\System\kWgXquO.exe
  C:\Windows\System\kWgXquO.exe
  2⤵
  PID:9060
- C:\Windows\System\dHXikTL.exe
  C:\Windows\System\dHXikTL.exe
  2⤵
  PID:9152
- C:\Windows\System\PdksfNE.exe
  C:\Windows\System\PdksfNE.exe
  2⤵
  PID:9176
- C:\Windows\System\liyQChE.exe
  C:\Windows\System\liyQChE.exe
  2⤵
  PID:8572
- C:\Windows\System\fQkwqhR.exe
  C:\Windows\System\fQkwqhR.exe
  2⤵
  PID:8896
- C:\Windows\System\UzsHdIv.exe
  C:\Windows\System\UzsHdIv.exe
  2⤵
  PID:9080
- C:\Windows\System\RRgfeqi.exe
  C:\Windows\System\RRgfeqi.exe
  2⤵
  PID:9224
- C:\Windows\System\fnHXSfK.exe
  C:\Windows\System\fnHXSfK.exe
  2⤵
  PID:9244
- C:\Windows\System\sssjgiF.exe
  C:\Windows\System\sssjgiF.exe
  2⤵
  PID:9284
- C:\Windows\System\eGWJQYN.exe
  C:\Windows\System\eGWJQYN.exe
  2⤵
  PID:9316
- C:\Windows\System\lhSlGmc.exe
  C:\Windows\System\lhSlGmc.exe
  2⤵
  PID:9340
- C:\Windows\System\WKKegAP.exe
  C:\Windows\System\WKKegAP.exe
  2⤵
  PID:9356
- C:\Windows\System\hnZtgVN.exe
  C:\Windows\System\hnZtgVN.exe
  2⤵
  PID:9384
- C:\Windows\System\fecajcq.exe
  C:\Windows\System\fecajcq.exe
  2⤵
  PID:9436
- C:\Windows\System\REeVaNK.exe
  C:\Windows\System\REeVaNK.exe
  2⤵
  PID:9456
- C:\Windows\System\ZdzAzOV.exe
  C:\Windows\System\ZdzAzOV.exe
  2⤵
  PID:9500
- C:\Windows\System\JRlxThY.exe
  C:\Windows\System\JRlxThY.exe
  2⤵
  PID:9536
- C:\Windows\System\xknqQxi.exe
  C:\Windows\System\xknqQxi.exe
  2⤵
  PID:9576
- C:\Windows\System\ehADfSd.exe
  C:\Windows\System\ehADfSd.exe
  2⤵
  PID:9596
- C:\Windows\System\tgIYbtb.exe
  C:\Windows\System\tgIYbtb.exe
  2⤵
  PID:9616
- C:\Windows\System\tiGWcEB.exe
  C:\Windows\System\tiGWcEB.exe
  2⤵
  PID:9640
- C:\Windows\System\rvXqQGK.exe
  C:\Windows\System\rvXqQGK.exe
  2⤵
  PID:9664
- C:\Windows\System\VOttGUB.exe
  C:\Windows\System\VOttGUB.exe
  2⤵
  PID:9684
- C:\Windows\System\NRJWVTf.exe
  C:\Windows\System\NRJWVTf.exe
  2⤵
  PID:9776
- C:\Windows\System\zGLdIsD.exe
  C:\Windows\System\zGLdIsD.exe
  2⤵
  PID:9796
- C:\Windows\System\kEgtnwn.exe
  C:\Windows\System\kEgtnwn.exe
  2⤵
  PID:9820
- C:\Windows\System\aAxnsNc.exe
  C:\Windows\System\aAxnsNc.exe
  2⤵
  PID:9876
- C:\Windows\System\PIekLAt.exe
  C:\Windows\System\PIekLAt.exe
  2⤵
  PID:9892
- C:\Windows\System\BONFnVG.exe
  C:\Windows\System\BONFnVG.exe
  2⤵
  PID:9916
- C:\Windows\System\RLLTcYb.exe
  C:\Windows\System\RLLTcYb.exe
  2⤵
  PID:9940
- C:\Windows\System\lAcWzXT.exe
  C:\Windows\System\lAcWzXT.exe
  2⤵
  PID:9964
- C:\Windows\System\SEsgAFI.exe
  C:\Windows\System\SEsgAFI.exe
  2⤵
  PID:10004
- C:\Windows\System\NGGBZGl.exe
  C:\Windows\System\NGGBZGl.exe
  2⤵
  PID:10036
- C:\Windows\System\OGvcrgR.exe
  C:\Windows\System\OGvcrgR.exe
  2⤵
  PID:10060
- C:\Windows\System\Robojyv.exe
  C:\Windows\System\Robojyv.exe
  2⤵
  PID:10108
- C:\Windows\System\kdPRWFG.exe
  C:\Windows\System\kdPRWFG.exe
  2⤵
  PID:10124
- C:\Windows\System\eSBBwDQ.exe
  C:\Windows\System\eSBBwDQ.exe
  2⤵
  PID:10172
- C:\Windows\System\xODqooa.exe
  C:\Windows\System\xODqooa.exe
  2⤵
  PID:10208
- C:\Windows\System\jbHsOdZ.exe
  C:\Windows\System\jbHsOdZ.exe
  2⤵
  PID:9000
- C:\Windows\System\DIHkcMl.exe
  C:\Windows\System\DIHkcMl.exe
  2⤵
  PID:8660
- C:\Windows\System\CMHabBW.exe
  C:\Windows\System\CMHabBW.exe
  2⤵
  PID:9308
- C:\Windows\System\JoeVVfx.exe
  C:\Windows\System\JoeVVfx.exe
  2⤵
  PID:9336
- C:\Windows\System\SZrkxGb.exe
  C:\Windows\System\SZrkxGb.exe
  2⤵
  PID:9416
- C:\Windows\System\lBjWpLS.exe
  C:\Windows\System\lBjWpLS.exe
  2⤵
  PID:9424
- C:\Windows\System\nDhsHVv.exe
  C:\Windows\System\nDhsHVv.exe
  2⤵
  PID:9464
- C:\Windows\System\yHVjfrv.exe
  C:\Windows\System\yHVjfrv.exe
  2⤵
  PID:9492
- C:\Windows\System\hZXtufH.exe
  C:\Windows\System\hZXtufH.exe
  2⤵
  PID:9528
- C:\Windows\System\oINmnfF.exe
  C:\Windows\System\oINmnfF.exe
  2⤵
  PID:9672
- C:\Windows\System\kBEAocS.exe
  C:\Windows\System\kBEAocS.exe
  2⤵
  PID:9720
- C:\Windows\System\pbRpWiV.exe
  C:\Windows\System\pbRpWiV.exe
  2⤵
  PID:9832
- C:\Windows\System\peTvOZy.exe
  C:\Windows\System\peTvOZy.exe
  2⤵
  PID:9864
- C:\Windows\System\PHMeOvG.exe
  C:\Windows\System\PHMeOvG.exe
  2⤵
  PID:9888
- C:\Windows\System\tUZXrYu.exe
  C:\Windows\System\tUZXrYu.exe
  2⤵
  PID:9924
- C:\Windows\System\rjPEAiZ.exe
  C:\Windows\System\rjPEAiZ.exe
  2⤵
  PID:9952
- C:\Windows\System\tvNKpJT.exe
  C:\Windows\System\tvNKpJT.exe
  2⤵
  PID:10028
- C:\Windows\System\fFAxlHg.exe
  C:\Windows\System\fFAxlHg.exe
  2⤵
  PID:10096
- C:\Windows\System\fEzzudY.exe
  C:\Windows\System\fEzzudY.exe
  2⤵
  PID:10200
- C:\Windows\System\VIyAmUE.exe
  C:\Windows\System\VIyAmUE.exe
  2⤵
  PID:9240
- C:\Windows\System\BfCEZIF.exe
  C:\Windows\System\BfCEZIF.exe
  2⤵
  PID:9396
- C:\Windows\System\cagZlhc.exe
  C:\Windows\System\cagZlhc.exe
  2⤵
  PID:9428
- C:\Windows\System\KfbMuhf.exe
  C:\Windows\System\KfbMuhf.exe
  2⤵
  PID:9480
- C:\Windows\System\lcHDdKI.exe
  C:\Windows\System\lcHDdKI.exe
  2⤵
  PID:9588
- C:\Windows\System\tpfiKqJ.exe
  C:\Windows\System\tpfiKqJ.exe
  2⤵
  PID:2284
- C:\Windows\System\bspKynG.exe
  C:\Windows\System\bspKynG.exe
  2⤵
  PID:10192
- C:\Windows\System\DPPtRtz.exe
  C:\Windows\System\DPPtRtz.exe
  2⤵
  PID:9844
- C:\Windows\System\niiAOoI.exe
  C:\Windows\System\niiAOoI.exe
  2⤵
  PID:10044
- C:\Windows\System\CtVDYdR.exe
  C:\Windows\System\CtVDYdR.exe
  2⤵
  PID:9612
- C:\Windows\System\GYTZZvc.exe
  C:\Windows\System\GYTZZvc.exe
  2⤵
  PID:9852
- C:\Windows\System\YJUmBoT.exe
  C:\Windows\System\YJUmBoT.exe
  2⤵
  PID:10180
- C:\Windows\System\tuoDLqc.exe
  C:\Windows\System\tuoDLqc.exe
  2⤵
  PID:10160
- C:\Windows\System\jIPRVLt.exe
  C:\Windows\System\jIPRVLt.exe
  2⤵
  PID:10288
- C:\Windows\System\PULSnvx.exe
  C:\Windows\System\PULSnvx.exe
  2⤵
  PID:10328
- C:\Windows\System\FNWQYsb.exe
  C:\Windows\System\FNWQYsb.exe
  2⤵
  PID:10348
- C:\Windows\System\eJweaYE.exe
  C:\Windows\System\eJweaYE.exe
  2⤵
  PID:10388
- C:\Windows\System\KeiaOWF.exe
  C:\Windows\System\KeiaOWF.exe
  2⤵
  PID:10404
- C:\Windows\System\ozWlyBN.exe
  C:\Windows\System\ozWlyBN.exe
  2⤵
  PID:10432
- C:\Windows\System\CdFYDHJ.exe
  C:\Windows\System\CdFYDHJ.exe
  2⤵
  PID:10464
- C:\Windows\System\KQeGFoE.exe
  C:\Windows\System\KQeGFoE.exe
  2⤵
  PID:10484
- C:\Windows\System\rkAAbol.exe
  C:\Windows\System\rkAAbol.exe
  2⤵
  PID:10540
- C:\Windows\System\wfTCxym.exe
  C:\Windows\System\wfTCxym.exe
  2⤵
  PID:10560
- C:\Windows\System\xfsHTvB.exe
  C:\Windows\System\xfsHTvB.exe
  2⤵
  PID:10576
- C:\Windows\System\iqvkCYm.exe
  C:\Windows\System\iqvkCYm.exe
  2⤵
  PID:10600
- C:\Windows\System\XGLRfyM.exe
  C:\Windows\System\XGLRfyM.exe
  2⤵
  PID:10620
- C:\Windows\System\GukUfGD.exe
  C:\Windows\System\GukUfGD.exe
  2⤵
  PID:10672
- C:\Windows\System\WXSBPLo.exe
  C:\Windows\System\WXSBPLo.exe
  2⤵
  PID:10704
- C:\Windows\System\wykkZSA.exe
  C:\Windows\System\wykkZSA.exe
  2⤵
  PID:10732
- C:\Windows\System\UJwiHdB.exe
  C:\Windows\System\UJwiHdB.exe
  2⤵
  PID:10804
- C:\Windows\System\LBCPJxX.exe
  C:\Windows\System\LBCPJxX.exe
  2⤵
  PID:10824
- C:\Windows\System\CtizTsT.exe
  C:\Windows\System\CtizTsT.exe
  2⤵
  PID:10844
- C:\Windows\System\rVYqTEc.exe
  C:\Windows\System\rVYqTEc.exe
  2⤵
  PID:10884
- C:\Windows\System\VQaumkK.exe
  C:\Windows\System\VQaumkK.exe
  2⤵
  PID:10904
- C:\Windows\System\DKDPCkf.exe
  C:\Windows\System\DKDPCkf.exe
  2⤵
  PID:10920
- C:\Windows\System\HYCfEdj.exe
  C:\Windows\System\HYCfEdj.exe
  2⤵
  PID:10940
- C:\Windows\System\dQWcSlx.exe
  C:\Windows\System\dQWcSlx.exe
  2⤵
  PID:10972
- C:\Windows\System\TBZXQAZ.exe
  C:\Windows\System\TBZXQAZ.exe
  2⤵
  PID:10988
- C:\Windows\System\TLdJFJr.exe
  C:\Windows\System\TLdJFJr.exe
  2⤵
  PID:11024
- C:\Windows\System\FMfgJPl.exe
  C:\Windows\System\FMfgJPl.exe
  2⤵
  PID:11044
- C:\Windows\System\MGEmaKK.exe
  C:\Windows\System\MGEmaKK.exe
  2⤵
  PID:11080
- C:\Windows\System\ecmjgzC.exe
  C:\Windows\System\ecmjgzC.exe
  2⤵
  PID:11108
- C:\Windows\System\LppxIzw.exe
  C:\Windows\System\LppxIzw.exe
  2⤵
  PID:11124
- C:\Windows\System\FnqPSOh.exe
  C:\Windows\System\FnqPSOh.exe
  2⤵
  PID:11160
- C:\Windows\System\KfCswgM.exe
  C:\Windows\System\KfCswgM.exe
  2⤵
  PID:11176
- C:\Windows\System\gConWnP.exe
  C:\Windows\System\gConWnP.exe
  2⤵
  PID:11200
- C:\Windows\System\seLdzrl.exe
  C:\Windows\System\seLdzrl.exe
  2⤵
  PID:11228
- C:\Windows\System\ZUtrSTN.exe
  C:\Windows\System\ZUtrSTN.exe
  2⤵
  PID:9004
- C:\Windows\System\XZtkmKi.exe
  C:\Windows\System\XZtkmKi.exe
  2⤵
  PID:10072
- C:\Windows\System\oXWXqpp.exe
  C:\Windows\System\oXWXqpp.exe
  2⤵
  PID:10260
- C:\Windows\System\nOdOnRr.exe
  C:\Windows\System\nOdOnRr.exe
  2⤵
  PID:10300
- C:\Windows\System\JuxWAOD.exe
  C:\Windows\System\JuxWAOD.exe
  2⤵
  PID:10372
- C:\Windows\System\UxBfIMX.exe
  C:\Windows\System\UxBfIMX.exe
  2⤵
  PID:10512
- C:\Windows\System\KIJnlMQ.exe
  C:\Windows\System\KIJnlMQ.exe
  2⤵
  PID:10572
- C:\Windows\System\uuCUYIU.exe
  C:\Windows\System\uuCUYIU.exe
  2⤵
  PID:10636
- C:\Windows\System\skCWRsf.exe
  C:\Windows\System\skCWRsf.exe
  2⤵
  PID:10716
- C:\Windows\System\RSnFdGY.exe
  C:\Windows\System\RSnFdGY.exe
  2⤵
  PID:10796
- C:\Windows\System\tuIVWNE.exe
  C:\Windows\System\tuIVWNE.exe
  2⤵
  PID:10836
- C:\Windows\System\mzVdZgH.exe
  C:\Windows\System\mzVdZgH.exe
  2⤵
  PID:10980
- C:\Windows\System\lMfiuNW.exe
  C:\Windows\System\lMfiuNW.exe
  2⤵
  PID:10984
- C:\Windows\System\ykHsiID.exe
  C:\Windows\System\ykHsiID.exe
  2⤵
  PID:11016
- C:\Windows\System\XfTRGHu.exe
  C:\Windows\System\XfTRGHu.exe
  2⤵
  PID:11088
- C:\Windows\System\JbdELfF.exe
  C:\Windows\System\JbdELfF.exe
  2⤵
  PID:11140
- C:\Windows\System\ouOIMMg.exe
  C:\Windows\System\ouOIMMg.exe
  2⤵
  PID:11196
- C:\Windows\System\NoystYu.exe
  C:\Windows\System\NoystYu.exe
  2⤵
  PID:11256
- C:\Windows\System\RNtdQJz.exe
  C:\Windows\System\RNtdQJz.exe
  2⤵
  PID:9572
- C:\Windows\System\rBPNZbp.exe
  C:\Windows\System\rBPNZbp.exe
  2⤵
  PID:10596
- C:\Windows\System\RWGAlEM.exe
  C:\Windows\System\RWGAlEM.exe
  2⤵
  PID:10852
- C:\Windows\System\glXBHkZ.exe
  C:\Windows\System\glXBHkZ.exe
  2⤵
  PID:10936
- C:\Windows\System\lEQqJfV.exe
  C:\Windows\System\lEQqJfV.exe
  2⤵
  PID:11168
- C:\Windows\System\XLoTPID.exe
  C:\Windows\System\XLoTPID.exe
  2⤵
  PID:10444
- C:\Windows\System\OxvymXm.exe
  C:\Windows\System\OxvymXm.exe
  2⤵
  PID:10696
- C:\Windows\System\oyZHXHH.exe
  C:\Windows\System\oyZHXHH.exe
  2⤵
  PID:10948
- C:\Windows\System\GYOeYmO.exe
  C:\Windows\System\GYOeYmO.exe
  2⤵
  PID:9804
- C:\Windows\System\LzFoSom.exe
  C:\Windows\System\LzFoSom.exe
  2⤵
  PID:11184
- C:\Windows\System\KaHQMsK.exe
  C:\Windows\System\KaHQMsK.exe
  2⤵
  PID:11280
- C:\Windows\System\ztfjRpZ.exe
  C:\Windows\System\ztfjRpZ.exe
  2⤵
  PID:11304
- C:\Windows\System\gTjBurK.exe
  C:\Windows\System\gTjBurK.exe
  2⤵
  PID:11324
- C:\Windows\System\hsaFlwd.exe
  C:\Windows\System\hsaFlwd.exe
  2⤵
  PID:11372
- C:\Windows\System\xMgUuKT.exe
  C:\Windows\System\xMgUuKT.exe
  2⤵
  PID:11412
- C:\Windows\System\nBMkZyS.exe
  C:\Windows\System\nBMkZyS.exe
  2⤵
  PID:11428
- C:\Windows\System\EdUTJjf.exe
  C:\Windows\System\EdUTJjf.exe
  2⤵
  PID:11452
- C:\Windows\System\aVkmJYx.exe
  C:\Windows\System\aVkmJYx.exe
  2⤵
  PID:11476
- C:\Windows\System\oukICWa.exe
  C:\Windows\System\oukICWa.exe
  2⤵
  PID:11500
- C:\Windows\System\DOcrCVq.exe
  C:\Windows\System\DOcrCVq.exe
  2⤵
  PID:11520
- C:\Windows\System\FVCOdBD.exe
  C:\Windows\System\FVCOdBD.exe
  2⤵
  PID:11548
- C:\Windows\System\hdlcOMY.exe
  C:\Windows\System\hdlcOMY.exe
  2⤵
  PID:11600
- C:\Windows\System\Jnwnptp.exe
  C:\Windows\System\Jnwnptp.exe
  2⤵
  PID:11636
- C:\Windows\System\fJxpqtA.exe
  C:\Windows\System\fJxpqtA.exe
  2⤵
  PID:11660
- C:\Windows\System\ZmZnGyY.exe
  C:\Windows\System\ZmZnGyY.exe
  2⤵
  PID:11688
- C:\Windows\System\meRVAiN.exe
  C:\Windows\System\meRVAiN.exe
  2⤵
  PID:11728
- C:\Windows\System\VShZLcW.exe
  C:\Windows\System\VShZLcW.exe
  2⤵
  PID:11748
- C:\Windows\System\AsjmgQC.exe
  C:\Windows\System\AsjmgQC.exe
  2⤵
  PID:11768
- C:\Windows\System\uKseWRT.exe
  C:\Windows\System\uKseWRT.exe
  2⤵
  PID:11788
- C:\Windows\System\GhWgsgN.exe
  C:\Windows\System\GhWgsgN.exe
  2⤵
  PID:11808
- C:\Windows\System\UKxjXCM.exe
  C:\Windows\System\UKxjXCM.exe
  2⤵
  PID:11840
- C:\Windows\System\RfYFkIE.exe
  C:\Windows\System\RfYFkIE.exe
  2⤵
  PID:11860
- C:\Windows\System\FwFEvnB.exe
  C:\Windows\System\FwFEvnB.exe
  2⤵
  PID:11876
- C:\Windows\System\qtEjmPo.exe
  C:\Windows\System\qtEjmPo.exe
  2⤵
  PID:11944
- C:\Windows\System\ORlwBaE.exe
  C:\Windows\System\ORlwBaE.exe
  2⤵
  PID:11964
- C:\Windows\System\aJjyMgX.exe
  C:\Windows\System\aJjyMgX.exe
  2⤵
  PID:11992
- C:\Windows\System\uiCPWAL.exe
  C:\Windows\System\uiCPWAL.exe
  2⤵
  PID:12016
- C:\Windows\System\LJZmQKn.exe
  C:\Windows\System\LJZmQKn.exe
  2⤵
  PID:12048
- C:\Windows\System\kaRGiaf.exe
  C:\Windows\System\kaRGiaf.exe
  2⤵
  PID:12088
- C:\Windows\System\hqRHPLE.exe
  C:\Windows\System\hqRHPLE.exe
  2⤵
  PID:12112
- C:\Windows\System\lvMqJpm.exe
  C:\Windows\System\lvMqJpm.exe
  2⤵
  PID:12128
- C:\Windows\System\VrzQwrc.exe
  C:\Windows\System\VrzQwrc.exe
  2⤵
  PID:12156
- C:\Windows\System\yTXpBya.exe
  C:\Windows\System\yTXpBya.exe
  2⤵
  PID:12188
- C:\Windows\System\NXsGMKJ.exe
  C:\Windows\System\NXsGMKJ.exe
  2⤵
  PID:12232
- C:\Windows\System\OyrwMBb.exe
  C:\Windows\System\OyrwMBb.exe
  2⤵
  PID:12256
- C:\Windows\System\ScRCeyN.exe
  C:\Windows\System\ScRCeyN.exe
  2⤵
  PID:12276
- C:\Windows\System\jxAqHxa.exe
  C:\Windows\System\jxAqHxa.exe
  2⤵
  PID:11316
- C:\Windows\System\FTBuMEd.exe
  C:\Windows\System\FTBuMEd.exe
  2⤵
  PID:11336
- C:\Windows\System\fEwubBT.exe
  C:\Windows\System\fEwubBT.exe
  2⤵
  PID:11408
- C:\Windows\System\hIpszen.exe
  C:\Windows\System\hIpszen.exe
  2⤵
  PID:11496
- C:\Windows\System\EljDMjg.exe
  C:\Windows\System\EljDMjg.exe
  2⤵
  PID:11516
- C:\Windows\System\sLXgtpf.exe
  C:\Windows\System\sLXgtpf.exe
  2⤵
  PID:11544
- C:\Windows\System\CIzHKFb.exe
  C:\Windows\System\CIzHKFb.exe
  2⤵
  PID:11652
- C:\Windows\System\GnliZOo.exe
  C:\Windows\System\GnliZOo.exe
  2⤵
  PID:11668
- C:\Windows\System\MgsDMzy.exe
  C:\Windows\System\MgsDMzy.exe
  2⤵
  PID:11724
- C:\Windows\System\eiHjBxG.exe
  C:\Windows\System\eiHjBxG.exe
  2⤵
  PID:11780
- C:\Windows\System\mOXHpml.exe
  C:\Windows\System\mOXHpml.exe
  2⤵
  PID:11868
- C:\Windows\System\shiphMT.exe
  C:\Windows\System\shiphMT.exe
  2⤵
  PID:11940
- C:\Windows\System\bkDJiyk.exe
  C:\Windows\System\bkDJiyk.exe
  2⤵
  PID:11988
- C:\Windows\System\CoSVfEO.exe
  C:\Windows\System\CoSVfEO.exe
  2⤵
  PID:12040
- C:\Windows\System\FYptexj.exe
  C:\Windows\System\FYptexj.exe
  2⤵
  PID:12080
- C:\Windows\System\RUUHYRq.exe
  C:\Windows\System\RUUHYRq.exe
  2⤵
  PID:12184
- C:\Windows\System\EZaIHyv.exe
  C:\Windows\System\EZaIHyv.exe
  2⤵
  PID:11388
- C:\Windows\System\NkjaVHn.exe
  C:\Windows\System\NkjaVHn.exe
  2⤵
  PID:11392
- C:\Windows\System\NaYNvHD.exe
  C:\Windows\System\NaYNvHD.exe
  2⤵
  PID:10616
- C:\Windows\System\WUWiyAp.exe
  C:\Windows\System\WUWiyAp.exe
  2⤵
  PID:11720
- C:\Windows\System\ZApsIgC.exe
  C:\Windows\System\ZApsIgC.exe
  2⤵
  PID:11848
- C:\Windows\System\MlNSlIB.exe
  C:\Windows\System\MlNSlIB.exe
  2⤵
  PID:12148
- C:\Windows\System\FsCRLqD.exe
  C:\Windows\System\FsCRLqD.exe
  2⤵
  PID:12032
- C:\Windows\System\OFhImVx.exe
  C:\Windows\System\OFhImVx.exe
  2⤵
  PID:11368
- C:\Windows\System\loHsYMU.exe
  C:\Windows\System\loHsYMU.exe
  2⤵
  PID:11512
- C:\Windows\System\GvEpByZ.exe
  C:\Windows\System\GvEpByZ.exe
  2⤵
  PID:11828
- C:\Windows\System\bjoJBtc.exe
  C:\Windows\System\bjoJBtc.exe
  2⤵
  PID:12332
- C:\Windows\System\njPVJBg.exe
  C:\Windows\System\njPVJBg.exe
  2⤵
  PID:12376
- C:\Windows\System\qSlLqAN.exe
  C:\Windows\System\qSlLqAN.exe
  2⤵
  PID:12436
- C:\Windows\System\yDwUuRv.exe
  C:\Windows\System\yDwUuRv.exe
  2⤵
  PID:12460
- C:\Windows\System\dfjDZLy.exe
  C:\Windows\System\dfjDZLy.exe
  2⤵
  PID:12476
- C:\Windows\System\cXMAFZK.exe
  C:\Windows\System\cXMAFZK.exe
  2⤵
  PID:12508
- C:\Windows\System\dbUutre.exe
  C:\Windows\System\dbUutre.exe
  2⤵
  PID:12540
- C:\Windows\System\PNoRKof.exe
  C:\Windows\System\PNoRKof.exe
  2⤵
  PID:12604
- C:\Windows\System\hIFDYWh.exe
  C:\Windows\System\hIFDYWh.exe
  2⤵
  PID:12620
- C:\Windows\System\UghdtHE.exe
  C:\Windows\System\UghdtHE.exe
  2⤵
  PID:12636
- C:\Windows\System\QStUgiX.exe
  C:\Windows\System\QStUgiX.exe
  2⤵
  PID:12652
- C:\Windows\System\mrcHfQB.exe
  C:\Windows\System\mrcHfQB.exe
  2⤵
  PID:12672
- C:\Windows\System\PTppxlM.exe
  C:\Windows\System\PTppxlM.exe
  2⤵
  PID:12696
- C:\Windows\System\YZaqKvG.exe
  C:\Windows\System\YZaqKvG.exe
  2⤵
  PID:12720
- C:\Windows\System\NvZRJmc.exe
  C:\Windows\System\NvZRJmc.exe
  2⤵
  PID:12744
- C:\Windows\System\rhOEfmp.exe
  C:\Windows\System\rhOEfmp.exe
  2⤵
  PID:12768
- C:\Windows\System\hpapysM.exe
  C:\Windows\System\hpapysM.exe
  2⤵
  PID:12788
- C:\Windows\System\uqbxbJu.exe
  C:\Windows\System\uqbxbJu.exe
  2⤵
  PID:12820
- C:\Windows\System\RheUumO.exe
  C:\Windows\System\RheUumO.exe
  2⤵
  PID:12856
- C:\Windows\System\JKhMEKC.exe
  C:\Windows\System\JKhMEKC.exe
  2⤵
  PID:12876
- C:\Windows\System\ArBoScD.exe
  C:\Windows\System\ArBoScD.exe
  2⤵
  PID:12900
- C:\Windows\System\WEsJmVW.exe
  C:\Windows\System\WEsJmVW.exe
  2⤵
  PID:12920
- C:\Windows\System\aTuixcZ.exe
  C:\Windows\System\aTuixcZ.exe
  2⤵
  PID:13000
- C:\Windows\System\XaxSkrn.exe
  C:\Windows\System\XaxSkrn.exe
  2⤵
  PID:13016
- C:\Windows\System\WjuvsUR.exe
  C:\Windows\System\WjuvsUR.exe
  2⤵
  PID:13032
- C:\Windows\System\sdiCgRw.exe
  C:\Windows\System\sdiCgRw.exe
  2⤵
  PID:13048
- C:\Windows\System\TELGSYy.exe
  C:\Windows\System\TELGSYy.exe
  2⤵
  PID:13068
- C:\Windows\System\lAqTGsG.exe
  C:\Windows\System\lAqTGsG.exe
  2⤵
  PID:13096
- C:\Windows\System\LwMlbjz.exe
  C:\Windows\System\LwMlbjz.exe
  2⤵
  PID:13136
- C:\Windows\System\EmLXsUj.exe
  C:\Windows\System\EmLXsUj.exe
  2⤵
  PID:13156
- C:\Windows\System\SGYxhVk.exe
  C:\Windows\System\SGYxhVk.exe
  2⤵
  PID:13192
- C:\Windows\System\esHxWkW.exe
  C:\Windows\System\esHxWkW.exe
  2⤵
  PID:13208
- C:\Windows\System\dEgVpgW.exe
  C:\Windows\System\dEgVpgW.exe
  2⤵
  PID:13292
- C:\Windows\System\HuywNrO.exe
  C:\Windows\System\HuywNrO.exe
  2⤵
  PID:11612
- C:\Windows\System\ZTyIHPn.exe
  C:\Windows\System\ZTyIHPn.exe
  2⤵
  PID:12296
- C:\Windows\System\KPxAvwI.exe
  C:\Windows\System\KPxAvwI.exe
  2⤵
  PID:11932
- C:\Windows\System\yHtjEuW.exe
  C:\Windows\System\yHtjEuW.exe
  2⤵
  PID:12368
- C:\Windows\System\OICzhOn.exe
  C:\Windows\System\OICzhOn.exe
  2⤵
  PID:12428
- C:\Windows\System\JrDjJZH.exe
  C:\Windows\System\JrDjJZH.exe
  2⤵
  PID:12456
- C:\Windows\System\ffVJQqL.exe
  C:\Windows\System\ffVJQqL.exe
  2⤵
  PID:12500
- C:\Windows\System\sxYQUay.exe
  C:\Windows\System\sxYQUay.exe
  2⤵
  PID:12600
- C:\Windows\System\zkBAEKl.exe
  C:\Windows\System\zkBAEKl.exe
  2⤵
  PID:12632
- C:\Windows\System\Eyrhlqy.exe
  C:\Windows\System\Eyrhlqy.exe
  2⤵
  PID:12704
- C:\Windows\System\ZbhQytw.exe
  C:\Windows\System\ZbhQytw.exe
  2⤵
  PID:12756
- C:\Windows\System\pkeyElJ.exe
  C:\Windows\System\pkeyElJ.exe
  2⤵
  PID:12912
- C:\Windows\System\zvIsxag.exe
  C:\Windows\System\zvIsxag.exe
  2⤵
  PID:12868
- C:\Windows\System\UcvOcub.exe
  C:\Windows\System\UcvOcub.exe
  2⤵
  PID:12972
- C:\Windows\System\SuTbLbu.exe
  C:\Windows\System\SuTbLbu.exe
  2⤵
  PID:13040
- C:\Windows\System\JgZBoUM.exe
  C:\Windows\System\JgZBoUM.exe
  2⤵
  PID:13116
- C:\Windows\System\KAsUrid.exe
  C:\Windows\System\KAsUrid.exe
  2⤵
  PID:13164
- C:\Windows\System\eCaVdJd.exe
  C:\Windows\System\eCaVdJd.exe
  2⤵
  PID:13232
- C:\Windows\System\oHkJNtF.exe
  C:\Windows\System\oHkJNtF.exe
  2⤵
  PID:13304
- C:\Windows\System\fHQofBb.exe
  C:\Windows\System\fHQofBb.exe
  2⤵
  PID:11804
- C:\Windows\System\yIaPAMJ.exe
  C:\Windows\System\yIaPAMJ.exe
  2⤵
  PID:12488
- C:\Windows\System\ctbZffR.exe
  C:\Windows\System\ctbZffR.exe
  2⤵
  PID:12668
- C:\Windows\System\RiYanmn.exe
  C:\Windows\System\RiYanmn.exe
  2⤵
  PID:12708
- C:\Windows\System\kawOyKj.exe
  C:\Windows\System\kawOyKj.exe
  2⤵
  PID:13060
- C:\Windows\System\FlvidEk.exe
  C:\Windows\System\FlvidEk.exe
  2⤵
  PID:13152
- C:\Windows\System\YmirKVp.exe
  C:\Windows\System\YmirKVp.exe
  2⤵
  PID:13184
- C:\Windows\System\BlmQKMn.exe
  C:\Windows\System\BlmQKMn.exe
  2⤵
  PID:11444
- C:\Windows\System\UdUaOpJ.exe
  C:\Windows\System\UdUaOpJ.exe
  2⤵
  PID:12560
- C:\Windows\System\Baxdxos.exe
  C:\Windows\System\Baxdxos.exe
  2⤵
  PID:13008
- C:\Windows\System\sMIdnlY.exe
  C:\Windows\System\sMIdnlY.exe
  2⤵
  PID:13104
- C:\Windows\System\WBpQYMy.exe
  C:\Windows\System\WBpQYMy.exe
  2⤵
  PID:13320
- C:\Windows\System\rIOsRsv.exe
  C:\Windows\System\rIOsRsv.exe
  2⤵
  PID:13340
- C:\Windows\System\TEiMJcz.exe
  C:\Windows\System\TEiMJcz.exe
  2⤵
  PID:13368
- C:\Windows\System\jxhRAOh.exe
  C:\Windows\System\jxhRAOh.exe
  2⤵
  PID:13420
- C:\Windows\System\DMggLHu.exe
  C:\Windows\System\DMggLHu.exe
  2⤵
  PID:13452
- C:\Windows\System\uxwUxRk.exe
  C:\Windows\System\uxwUxRk.exe
  2⤵
  PID:13480
- C:\Windows\System\lZogyhH.exe
  C:\Windows\System\lZogyhH.exe
  2⤵
  PID:13508
- C:\Windows\System\JozWKfE.exe
  C:\Windows\System\JozWKfE.exe
  2⤵
  PID:13556
- C:\Windows\System\CfInZJa.exe
  C:\Windows\System\CfInZJa.exe
  2⤵
  PID:13580
- C:\Windows\System\uWhonBc.exe
  C:\Windows\System\uWhonBc.exe
  2⤵
  PID:13608
- C:\Windows\System\ScUGwUC.exe
  C:\Windows\System\ScUGwUC.exe
  2⤵
  PID:13628
- C:\Windows\System\ptBrmLN.exe
  C:\Windows\System\ptBrmLN.exe
  2⤵
  PID:13652
- C:\Windows\System\mbiIHox.exe
  C:\Windows\System\mbiIHox.exe
  2⤵
  PID:13676
- C:\Windows\System\czkquxX.exe
  C:\Windows\System\czkquxX.exe
  2⤵
  PID:13700
- C:\Windows\System\QhioqLw.exe
  C:\Windows\System\QhioqLw.exe
  2⤵
  PID:13716
- C:\Windows\System\QYulGql.exe
  C:\Windows\System\QYulGql.exe
  2⤵
  PID:13748
- C:\Windows\System\yWduaVc.exe
  C:\Windows\System\yWduaVc.exe
  2⤵
  PID:13776
- C:\Windows\System\rzdjoDZ.exe
  C:\Windows\System\rzdjoDZ.exe
  2⤵
  PID:13800
- C:\Windows\System\qzBfMPd.exe
  C:\Windows\System\qzBfMPd.exe
  2⤵
  PID:13820
- C:\Windows\System\freIVam.exe
  C:\Windows\System\freIVam.exe
  2⤵
  PID:13872
- C:\Windows\System\jiebzet.exe
  C:\Windows\System\jiebzet.exe
  2⤵
  PID:13896
- C:\Windows\System\iWKDgOa.exe
  C:\Windows\System\iWKDgOa.exe
  2⤵
  PID:13912
- C:\Windows\System\tipbxyJ.exe
  C:\Windows\System\tipbxyJ.exe
  2⤵
  PID:13964
- C:\Windows\System\oOvaRpE.exe
  C:\Windows\System\oOvaRpE.exe
  2⤵
  PID:13992
- C:\Windows\System\YTbBlsg.exe
  C:\Windows\System\YTbBlsg.exe
  2⤵
  PID:14016
- C:\Windows\System\mcaKFyt.exe
  C:\Windows\System\mcaKFyt.exe
  2⤵
  PID:14032
- C:\Windows\System\bXBDIHG.exe
  C:\Windows\System\bXBDIHG.exe
  2⤵
  PID:14048
- C:\Windows\System\SPvEqkl.exe
  C:\Windows\System\SPvEqkl.exe
  2⤵
  PID:14088
- C:\Windows\System\VjhJXFW.exe
  C:\Windows\System\VjhJXFW.exe
  2⤵
  PID:14104
- C:\Windows\System\sgOAIJh.exe
  C:\Windows\System\sgOAIJh.exe
  2⤵
  PID:14124
- C:\Windows\System\PHBoTTk.exe
  C:\Windows\System\PHBoTTk.exe
  2⤵
  PID:14172
- C:\Windows\System\lWbXCbg.exe
  C:\Windows\System\lWbXCbg.exe
  2⤵
  PID:14192
- C:\Windows\System\LuRavHm.exe
  C:\Windows\System\LuRavHm.exe
  2⤵
  PID:14240
- C:\Windows\System\ElXYJMj.exe
  C:\Windows\System\ElXYJMj.exe
  2⤵
  PID:14264
- C:\Windows\System\NZdStXr.exe
  C:\Windows\System\NZdStXr.exe
  2⤵
  PID:14288
- C:\Windows\System\NZkfxeB.exe
  C:\Windows\System\NZkfxeB.exe
  2⤵
  PID:14328
- C:\Windows\System\MRMbCgT.exe
  C:\Windows\System\MRMbCgT.exe
  2⤵
  PID:13316
- C:\Windows\System\fBpBxpA.exe
  C:\Windows\System\fBpBxpA.exe
  2⤵
  PID:13300
- C:\Windows\System\woKRrkk.exe
  C:\Windows\System\woKRrkk.exe
  2⤵
  PID:13400
- C:\Windows\System\uKgGtZB.exe
  C:\Windows\System\uKgGtZB.exe
  2⤵
  PID:13444
- C:\Windows\System\ojWnVzY.exe
  C:\Windows\System\ojWnVzY.exe
  2⤵
  PID:13588
- C:\Windows\System\TMDPdcV.exe
  C:\Windows\System\TMDPdcV.exe
  2⤵
  PID:13624
- C:\Windows\System\IsePTBe.exe
  C:\Windows\System\IsePTBe.exe
  2⤵
  PID:13692
- C:\Windows\System\LfaTVWo.exe
  C:\Windows\System\LfaTVWo.exe
  2⤵
  PID:13708
- C:\Windows\System\wqhFatC.exe
  C:\Windows\System\wqhFatC.exe
  2⤵
  PID:13796
- C:\Windows\System\QCCGpUZ.exe
  C:\Windows\System\QCCGpUZ.exe
  2⤵
  PID:13880
- C:\Windows\System\HTIqVCp.exe
  C:\Windows\System\HTIqVCp.exe
  2⤵
  PID:13972
- C:\Windows\System\nyWcGcA.exe
  C:\Windows\System\nyWcGcA.exe
  2⤵
  PID:13984
- C:\Windows\System\NogNXoJ.exe
  C:\Windows\System\NogNXoJ.exe
  2⤵
  PID:14140
- C:\Windows\System\quZnbkb.exe
  C:\Windows\System\quZnbkb.exe
  2⤵
  PID:14204
- C:\Windows\System\DomNfEW.exe
  C:\Windows\System\DomNfEW.exe
  2⤵
  PID:4968
- C:\Windows\System\inLYTJo.exe
  C:\Windows\System\inLYTJo.exe
  2⤵
  PID:14256
- C:\Windows\System\jRcuZnG.exe
  C:\Windows\System\jRcuZnG.exe
  2⤵
  PID:2020
- C:\Windows\System\gmLVNpN.exe
  C:\Windows\System\gmLVNpN.exe
  2⤵
  PID:4368
- C:\Windows\System\tgCewDr.exe
  C:\Windows\System\tgCewDr.exe
  2⤵
  PID:13488
- C:\Windows\System\vncteUa.exe
  C:\Windows\System\vncteUa.exe
  2⤵
  PID:13660
- C:\Windows\System\ANmADnx.exe
  C:\Windows\System\ANmADnx.exe
  2⤵
  PID:13832
- C:\Windows\System\IpUzsLr.exe
  C:\Windows\System\IpUzsLr.exe
  2⤵
  PID:13792
- C:\Windows\System\PLnsGLR.exe
  C:\Windows\System\PLnsGLR.exe
  2⤵
  PID:14008
- C:\Windows\System\PyiDkbQ.exe
  C:\Windows\System\PyiDkbQ.exe
  2⤵
  PID:14060
- C:\Windows\System\RvGKDGJ.exe
  C:\Windows\System\RvGKDGJ.exe
  2⤵
  PID:14188
- C:\Windows\System\rXvpeLN.exe
  C:\Windows\System\rXvpeLN.exe
  2⤵
  PID:14216
- C:\Windows\System\POzGksP.exe
  C:\Windows\System\POzGksP.exe
  2⤵
  PID:14308
- C:\Windows\System\KhajpEL.exe
  C:\Windows\System\KhajpEL.exe
  2⤵
  PID:13436
- C:\Windows\System\ToOKZtm.exe
  C:\Windows\System\ToOKZtm.exe
  2⤵
  PID:13736
- C:\Windows\System\YwCwkhD.exe
  C:\Windows\System\YwCwkhD.exe
  2⤵
  PID:14320
- C:\Windows\System\WiqSjzO.exe
  C:\Windows\System\WiqSjzO.exe
  2⤵
  PID:14340
- C:\Windows\System\LPcItdR.exe
  C:\Windows\System\LPcItdR.exe
  2⤵
  PID:14396
- C:\Windows\System\ufPdIJN.exe
  C:\Windows\System\ufPdIJN.exe
  2⤵
  PID:14444
- C:\Windows\System\ejiCvPR.exe
  C:\Windows\System\ejiCvPR.exe
  2⤵
  PID:14464
- C:\Windows\System\bqHnitR.exe
  C:\Windows\System\bqHnitR.exe
  2⤵
  PID:14480
- C:\Windows\System\gpwZdeo.exe
  C:\Windows\System\gpwZdeo.exe
  2⤵
  PID:14500
- C:\Windows\System\NWdEVdY.exe
  C:\Windows\System\NWdEVdY.exe
  2⤵
  PID:14528
- C:\Windows\System\CnfNVOc.exe
  C:\Windows\System\CnfNVOc.exe
  2⤵
  PID:14560
- C:\Windows\System\nJLCHtW.exe
  C:\Windows\System\nJLCHtW.exe
  2⤵
  PID:14580
- C:\Windows\System\sTfXIib.exe
  C:\Windows\System\sTfXIib.exe
  2⤵
  PID:14608
- C:\Windows\System\YSwJnkV.exe
  C:\Windows\System\YSwJnkV.exe
  2⤵
  PID:14632
- C:\Windows\System\RLYOxbg.exe
  C:\Windows\System\RLYOxbg.exe
  2⤵
  PID:14692
- C:\Windows\System\iocWGcM.exe
  C:\Windows\System\iocWGcM.exe
  2⤵
  PID:14724
- C:\Windows\System\PjcvtOZ.exe
  C:\Windows\System\PjcvtOZ.exe
  2⤵
  PID:14756
- C:\Windows\System\ylUFDUn.exe
  C:\Windows\System\ylUFDUn.exe
  2⤵
  PID:14780
- C:\Windows\System\uIOlrDz.exe
  C:\Windows\System\uIOlrDz.exe
  2⤵
  PID:14800
- C:\Windows\System\dGMPbVz.exe
  C:\Windows\System\dGMPbVz.exe
  2⤵
  PID:14816
- C:\Windows\System\fogPDGL.exe
  C:\Windows\System\fogPDGL.exe
  2⤵
  PID:14836
- C:\Windows\System\MqFaBuO.exe
  C:\Windows\System\MqFaBuO.exe
  2⤵
  PID:14860
- C:\Windows\System\jaEpTvo.exe
  C:\Windows\System\jaEpTvo.exe
  2⤵
  PID:14880
- C:\Windows\System\gOlwbAk.exe
  C:\Windows\System\gOlwbAk.exe
  2⤵
  PID:14924
- C:\Windows\System\ZGYJyEa.exe
  C:\Windows\System\ZGYJyEa.exe
  2⤵
  PID:14948
- C:\Windows\System\hoZbjtX.exe
  C:\Windows\System\hoZbjtX.exe
  2⤵
  PID:14976
- C:\Windows\System\PxJJlNC.exe
  C:\Windows\System\PxJJlNC.exe
  2⤵
  PID:15000
- C:\Windows\System\tdMWVvH.exe
  C:\Windows\System\tdMWVvH.exe
  2⤵
  PID:15020
- C:\Windows\System\riXGRZh.exe
  C:\Windows\System\riXGRZh.exe
  2⤵
  PID:15040
- C:\Windows\System\ARqvIrW.exe
  C:\Windows\System\ARqvIrW.exe
  2⤵
  PID:15092

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AXsRGEx.exe

Filesize
1.5MB

MD5
c85312ec6c1bffcbf58ccc0134268db1

SHA1
413712679623136a4c6752dbb78c148bed41b106

SHA256
3db8d315b8a3bd84a783493581aa28b509d6818afc944e40d0860486fbc3b737

SHA512
93f8a2a2cf38db6b39abf753b2c58ead99a5590e29c80fcdb734a5a3d1659f37e455dbdef17ce225f85024745dfc313861993a838ea8a376a6c1edc3c0a86f91

Download Submit
C:\Windows\System\AluulcI.exe

Filesize
1.5MB

MD5
6392d3bd7b86538effdddf23239f0832

SHA1
f0f9e86da96be1290416f20bca136fd8e4a4e539

SHA256
903a3d45c98e471464b9b1a62a876c2b269ba57d6b7b4bc50f3c8979b0074dcd

SHA512
68a743733f390e4e2546880d92854fe44d99571aa8489937821dd2f6b88c67d5338b794765990d7b6004adc81c51b6ca607067cc6030b451d0230fd2933b8e1f

Download Submit
C:\Windows\System\CMiaJhg.exe

Filesize
1.5MB

MD5
bef8a8598cd3835d6850576bd55088b0

SHA1
f9b91e2f3fcf3ccc0a22a9f1a3999341a732c871

SHA256
f044788c63769dd1bc9fabdda54fadab2b0dadf8de32823c559864a96def6d74

SHA512
264409c545fbda83236f98f3ef96f2421b17d32a730ad1980e7622e272ea6a77fd47943bfa99e8ecdee5b9f87d2a40286791659e049250e01004f777c680ad75

Download Submit
C:\Windows\System\ETkgXlz.exe

Filesize
1.5MB

MD5
f8b055fd4f1547b9b7a20902838a559b

SHA1
fa9b7b9d72bf347e8caefbc1d9a1cfe59fc14680

SHA256
23723b513dd7b93434df3609bd17686961b6542bc85fc2d9abe3c2fc7ee3a0fe

SHA512
80138af1ba5640589758c48e6f986c7263b78d813e0f7719be181fc977f1c04c8e8ab85641626f7f0e99083776e67fdc7527961dde8bec59dbb9bd63ac0aa619

Download Submit
C:\Windows\System\FMTQsTk.exe

Filesize
1.5MB

MD5
927d2165590049e538a009298b4762e0

SHA1
b62caee832a78e6e00023e776c368239aff3cd7e

SHA256
b4419610636cfd156589cc714f30b2948111ee8cdad59168091ee6dad541656c

SHA512
de34431ee214621ab86d827b590a947bf5793398025d42de6400ac27adbd23b700832aed6d4e671ffc8ef16a9346b6922eca2215ce02c7aa6d210c79d48dc9b5

Download Submit
C:\Windows\System\FSLyfcY.exe

Filesize
1.5MB

MD5
d626802d577f9bc4b9b88dd1d74b6143

SHA1
6f529343b25646cb3c1019b6d7abc564d72dc8b7

SHA256
04c67b46379b5a0f643ecb5b18a9ac1210d12bb174f943c21d5212af3ffa682f

SHA512
5d1381cf99d990e0993788d3754d0f89bb90f8c1125c1221c2fbc7966f33a5ff785d0efe8cc0f43c35e73a182e7403b91d046136ba9e9599bbd54062cfbd1f6c

Download Submit
C:\Windows\System\KJIHQvi.exe

Filesize
1.5MB

MD5
fe275a6614ba9db438bb5676c3fd6bfe

SHA1
e55d44d3ba45c5bf528beba7ed344c9b66f7d124

SHA256
ea6f645052f70dc1fac7efd78ac910993a08a02eb1ab6060f80be6fdfb6f9f77

SHA512
5e0e2616a3dd7b239ec25c9a06b2daf7e448f5c085914708a2ef37a15bd88aef2156c68ef0e5a32465672696e539be5d6551c14bfb3c0694890547b7bf9f9de1

Download Submit
C:\Windows\System\LFbuyas.exe

Filesize
1.5MB

MD5
c469e41159b668217ad58102443f4d53

SHA1
568e4bc628328f11d233bf09cbeea9549282d07f

SHA256
45db3e09e7406bf069ffb27c6e9aa28c1537e68e383062aaa21364fd4f159b09

SHA512
01a40596b051c657a35c8385af0124f3f5a8362ad04b166aeef31dcd81bf14d008337250dab96bf6914f1c5bc06375ab689d8e005758cb79a366d65736fda61c

Download Submit
C:\Windows\System\NyjiqdJ.exe

Filesize
1.5MB

MD5
109265668d941a1208f21021a3c37392

SHA1
dd638707920ce23813d37b1ae5c3831799dc6070

SHA256
ec6fe0780817e201f4e7b41c336a74145289945958379c0cc9dc1724d3a955a2

SHA512
ab2540b7eeffe0c95c9ffd6c5bfe70cd03b230bf5bb2992004cc0dc3e1483c02b1c150960003692a8c625c3cc9c78bab6b65aaadae4020e2b03835afddc36cbc

Download Submit
C:\Windows\System\OdhpZtb.exe

Filesize
1.5MB

MD5
ed805df81f255ab0e7f588708485a2d8

SHA1
5b1323e62557fce4e3295d74456038100ee927e8

SHA256
351ac4164d9967254079afe8941bfbfab1f4766ef7b9cb2ab62f4f0f81d646c3

SHA512
5ae53b404f67741aefdc5e92fe759d177f26776bfb1a906b3970dde09544005de3353ac7314d1de0231c558865e652c8caf5f26e2fad6c726a2a5328ef1ab51f

Download Submit
C:\Windows\System\QKVfIUF.exe

Filesize
1.5MB

MD5
322e856e0199c9f90918a66a93388bde

SHA1
772cf44767536f669eccaf723d794f1735bab018

SHA256
e50c3b3eb01dda8ea98e282f775a92b43964624dd6070e5becc822f0c4fd5f40

SHA512
1b484fa42f045e6fcaa41349d03d3c6ae47bd52796d9c570e22f15c8b6b828458f3e88bfdbb9a1a8a4b3ddd1f14972e69f3cb38e6247ebc01205d7a4d7cf371f

Download Submit
C:\Windows\System\SFpTfSQ.exe

Filesize
1.5MB

MD5
718a59b183967062c38d91318ca6f030

SHA1
b011441728ce72d9c82d0b9e927e7d63b432fd75

SHA256
b4d268cabdc255a1eab795514f1e1a0758a2874d3d7019985ea1df83e1bbadfa

SHA512
e0990e89fef6b6fe60fe0efd8fd27d2ee9d7fc687a56938e3fdebba3a3cf2e7b93f9b1be4b971840a6c452850d61a5b4488e270a40dc0b16ee360b323d5523b2

Download Submit
C:\Windows\System\XggvAZE.exe

Filesize
1.5MB

MD5
269130bef762c5d39883a9106638e953

SHA1
0a826d8eade71553bfcc151765156404c72acd27

SHA256
87e6a91bfae75e46d65d8cb8ba7af7714cfe69fb38403a391f28deed5d1339f5

SHA512
bd61399d0fa49d2d659497d8db7c734fc7cbab9c6cfaf42731a34b74ad2f09c62a71910788f37f95e6c8b043dcb73d12b4e066651aecdeb826a57afb6a483646

Download Submit
C:\Windows\System\YHSHSZj.exe

Filesize
1.5MB

MD5
8124e35f70ef2755be8b04c4fbe97164

SHA1
f92c32bb05b7906959bbcd4225c9a1b9304ee6c3

SHA256
c08c9d749a4edad9f59c7e0bb0b4fcd8a69a39f56414c5b1f831c9c7b46d1d4e

SHA512
d03f686ab34f9d735b7607a8f88acc332cfabdbcf89c3b6fa7b44f8d59456715f92ce145f8be8e6e37ca9cd74e802c3f15f6dae0422386dc193833b80a5654c5

Download Submit
C:\Windows\System\YrHEyld.exe

Filesize
1.5MB

MD5
1806491b6e97f46ca30056ff743c5bca

SHA1
9b602d9f624f7bfa34c2d3afc2e54b24cff9341d

SHA256
53e16d42d00449c35abf91ff48d9aecb7415bf728194c697e432e678267a1de4

SHA512
f155239ec6fc0f65e422a0ac1128ddf6657a0512491143b479db85b7270059401cbf80880e47d90838e29b8a81e919a35bee727839a3b60917e8b3ef15208ba2

Download Submit
C:\Windows\System\ZIsCDBn.exe

Filesize
1.5MB

MD5
e495c431e5fb652eb8f79780f1222c64

SHA1
a11e74701213dcbe10584b51a837dc2ca6751544

SHA256
aceb3176ccf847b24521bff7d538be4098e8a73ae5d0b48fd8bafd3b7cbb75f8

SHA512
76200a787baceb0495c770eceb95740e64012b937565a50a00abd61682255c15e7d78805924dce840d93b0c7f6fdd1e3bd99fa8208917d8a5270520b9f5a2490

Download Submit
C:\Windows\System\cdzfoee.exe

Filesize
1.5MB

MD5
5aaca18056848673b320690c7a52a924

SHA1
f1571692c77e27d4dcffee9d27f3aaa60070968c

SHA256
b85ac41573a85afc99ed6a72cd5925f7cbf9aad2aa41e874044c8afd7d5758ff

SHA512
527f4c2a176d2235bf6c9292a04d87bab725a1171376cdc9791ba4fb227d635f99237eaa7423887ca967b3ad6c2055072d7ac5befc72e57e75d8f2754add2e16

Download Submit
C:\Windows\System\dLvyyHV.exe

Filesize
1.5MB

MD5
ce2bfb3d61b68e5dca9b106f0ab79ed1

SHA1
e1598a1d33d0696f6fe5c0501d4a9c187a7fe4e5

SHA256
63e878ee090dc97b53f47bd320800d6bdacc8109a9bed30ee9177f71ba40d089

SHA512
c684beb72f244c7c46304cba7feca23de10ce46b585bfdb8eebb23583f4fdf6aac8af3530ba3bce4442a267da8a1828ba04f713e3e6fef9b2184c54f820ba935

Download Submit
C:\Windows\System\ezkLMpz.exe

Filesize
1.5MB

MD5
266488fd0d099f568aab015ba7720d1f

SHA1
af4d3704c6178bd042b8233707b7875e2807e0e1

SHA256
8f29926dd7def792841bafe29019f74cfb96376adc49408e82e9cbf50370e6b8

SHA512
cd0932c44e76bb77515b5e8fde12abd88a7535f2f0a69ae5a7bcc37ac783e84f9e4c4f3c6a3d57666406541d2aea6d09f2eb727aa63a58991a00172fded1e524

Download Submit
C:\Windows\System\gopyPIH.exe

Filesize
1.5MB

MD5
0228b5b50d6b6df5e9e5ebb885c13458

SHA1
58d43bb44e2f6bc48d761502cf664b0b131349b5

SHA256
a0cff140207e18169b41e3d9385750f41aa4d70c19883d4c1b3b70e0b3f10cbf

SHA512
4fb60921e6d303f1d12795a2a5986ffc84ff3269780a565e0ad8f95c1d83d0f5bc6005d29fecc179dcf440f09dede160a279a6884b6def0fa7593191b42e7079

Download Submit
C:\Windows\System\hXYqLaM.exe

Filesize
1.5MB

MD5
3a4f25d652bfd4ff6208c6542bd44a28

SHA1
855f42b510ec1790ac1ff9961ae916bf274c3d22

SHA256
643abecf9eecf7df60c40dc249cc48c462d553272ed5ebea1b2426417856e45f

SHA512
c1f32fa1cf15cf16210490c8ceed8dea701f1fa5283d32036ad534e7a4904841ae0f54036e8ff3061d65fb18ec14f4666fe06fb9034d105f6980d53fa9e83bc6

Download Submit
C:\Windows\System\jLBHQyY.exe

Filesize
1.5MB

MD5
114f88e21b0d31dacce3872442983ec3

SHA1
72b0f290be954b79385a225920fe8c5f83ca7287

SHA256
06c0a976c370b7ea048162968002bae19706a553c8bd32928469c540e0b30077

SHA512
d4961ca1084ae835c5939b44ee7dbd90a8efb2cac91b4d19957fc2ccc80d1e04245d785bdab44d9707c82a4f26d157bba3670a91ef63733eb0857b4340c599ac

Download Submit
C:\Windows\System\koQJwRp.exe

Filesize
1.5MB

MD5
2835751d2501d7ac2984d25248fbbdb3

SHA1
f426a51d30a6c2662e090d2c7c53fb4ffd08b108

SHA256
6f4c9faafa0f7ba0df9af944d0ba62e4140f43b240bbc9f2bc4e4b85a5016798

SHA512
1a68cef71ce0ece31c4b53fe48cac060e4522b641405e25eb2b27be19e556cfe5481b670039ce8c9fb857dbf23dbf146b71f65b12a5837fac98eef5b9ea5c95e

Download Submit
C:\Windows\System\kqcaAuQ.exe

Filesize
1.5MB

MD5
ce8a2112d692cbf818d8adfca17a681b

SHA1
0bc843d83929afbcd5c3e228180d17c5acb76add

SHA256
e3e46caa3dc7fde0ddda74549c0d992592fdfbfbd541ede8dabe6620c260b3a1

SHA512
7b9ab00e66e25875cff0010c312018bb3c63403711292db939e93fc9eda85c3371d9f268eceae2357355a7e1f23eef64da996f9e814f254493a3b2a9c8240edb

Download Submit
C:\Windows\System\oHsWItz.exe

Filesize
1.5MB

MD5
78f57cfa435afc2653d9794dd9187c6f

SHA1
511b6bc9f4395a8774f67a3e54b0a6d9484da956

SHA256
ba0f31bcf68f985b173202fdaebee9f50e1cbea08231a7b88b571153baf60162

SHA512
14cdb0d05bee5ee5c7897382e55e0d1f1f70aee32816497502eb5e42631a28827df9611ce9ac75361e85b25166329782b9b557f917730a769f0eb7ccb3be3140

Download Submit
C:\Windows\System\oyldtHn.exe

Filesize
1.5MB

MD5
b6597eea77a7e1abb31f1d6507231776

SHA1
0023cb2b5607c2ccefcbc04bba744453f2238c99

SHA256
6ed8f1cbe65d7cf1b20bdd3e7b994a5ff2e302a4789dee21ad9c454b707c2624

SHA512
2982cbea3adaed516f14c3280bf10438389a3ca6a2a0fcea1c79fd9e52ddc6c454dd530e22296cb9913727e1f90138cd867e141a137f4df275ad9826cd0212c7

Download Submit
C:\Windows\System\pMcmhCr.exe

Filesize
1.5MB

MD5
ae74fb9227a4526b4db8a38ee253e77f

SHA1
056e68fa797b1cd96daa4f7b631639ec27bca185

SHA256
cdc3ddfbe62c2dbb5fff0ec695fba0c20fe78590b22ad146b21a96a7835bb5c1

SHA512
18665762fd3f4187123a668890c8f26233d2aea014610177fb75ff46de4b955eade4089d5553afb65be311d178bc28a6a620ad9ed0ec609cc6d96fb39ab5e9db

Download Submit
C:\Windows\System\pjDmxcb.exe

Filesize
1.5MB

MD5
9cad989c4126e80886376fd8e8788e4d

SHA1
c9b626353d2107bb37d9943faf919f36fd5d0bef

SHA256
05098247513f590e97d24734a9ad83cdc078c258ce2e1eddf19eff39f012f4ef

SHA512
904332d86def2382ff94d43dbc6c7be0a027a46a20f6829a75bb84256f3a6cb0cf7b94385ba01c323a47b6b69b0877040a4f3dd33fdcaa8d91f69e5638888346

Download Submit
C:\Windows\System\pmBcScg.exe

Filesize
1.5MB

MD5
0ce9036547838e0e55031b38b4efeaa0

SHA1
7af74c1b2c9c9cb90aa14f2d3c536c376fce3fae

SHA256
d80a6ff841d57f40db6b259ea939a78aef815f5c899cd74e89d16a83260ae4b2

SHA512
c06ecc3c16155287ce86bf26cb3c6cadb1f1f3277147af85415a812e3c92e2b263973415e4f9e6ed67a56cb0f28cf6fd193f4fe782bbe9602a0ee4dbeb4b88f6

Download Submit
C:\Windows\System\rldZitx.exe

Filesize
1.5MB

MD5
0782b193902d2a9b557233dbfeb56a88

SHA1
ab7b5c1afde2fed5376635763a0194c663bad761

SHA256
a7a85fd2f55403bf627d2949159d0e41308e0ed47e2f79dc4a133a75100cedb4

SHA512
e92ff7a7c1fbb0175cb25da8814f555a25cfba40ba92945aba26ffed5c87aada095e7ccce7b3b2a56259a09557daaa867de9401b34deab43653f17d869c15be3

Download Submit
C:\Windows\System\weFVMyk.exe

Filesize
1.5MB

MD5
309188f222a2eb300c3bbe5d6bbbc99c

SHA1
9bfbdc005a0aa4e74e334924ba011cccba44ec66

SHA256
5c3beb6481354f6e9760924d1c06af6673a329b96de0a656ec907df1dd86522f

SHA512
c539bdfa8ce0aedc92ffdd0de249a7898d28cb8332b948c83dfab21a442bb7ee0eb9166e0715a6a7c57257ba3e5016f7ddd31f944fb9ae450a9e9728a2a61071

Download Submit
C:\Windows\System\zPdNLCM.exe

Filesize
1.5MB

MD5
87654288b7ed00cf5e4ea6d70d9eea34

SHA1
1d6b7ce2dbad5c1e68e20b9464d19fbd41765850

SHA256
1623df973e26971ce7f27e46fad397b53387bdec4ba536f3c618c3bd9306a2cf

SHA512
55b27a2295079bf734e023d2853e4d31bdfb2f9e15ad1b809dad9f0f48bcfd1576ca6ff5eb64f098e3d884e2c0b536d9bca42254418fe288172a0a2a39196d78

Download Submit
C:\Windows\System\zlnaGmD.exe

Filesize
1.5MB

MD5
30d05bbe90a69f27e69d8445f4d65317

SHA1
1d985de7834a94288a8799bc45d07f8d81c27301

SHA256
777db799bf87969b558654e43d65c4c6e0c230586a9bde5fa26f753b91d72d2b

SHA512
152d48e6600d523cc6d1b109458d37b9cbc98357cc6427453e5b8f467ad4e003800e52bfb2721b53b7bab7eba203b501af3f9c117dc8f44a72253d8fa119946b

Download Submit
memory/232-463-0x00007FF71BA50000-0x00007FF71BDA1000-memory.dmp

Filesize
3.3MB

Download
memory/404-457-0x00007FF7C99B0000-0x00007FF7C9D01000-memory.dmp

Filesize
3.3MB

Download
memory/1028-454-0x00007FF6545A0000-0x00007FF6548F1000-memory.dmp

Filesize
3.3MB

Download
memory/1056-44-0x00007FF7467A0000-0x00007FF746AF1000-memory.dmp

Filesize
3.3MB

Download
memory/1216-20-0x00007FF61FC20000-0x00007FF61FF71000-memory.dmp

Filesize
3.3MB

Download
memory/1216-1418-0x00007FF61FC20000-0x00007FF61FF71000-memory.dmp

Filesize
3.3MB

Download
memory/1312-458-0x00007FF75EB40000-0x00007FF75EE91000-memory.dmp

Filesize
3.3MB

Download
memory/1360-459-0x00007FF7BCBE0000-0x00007FF7BCF31000-memory.dmp

Filesize
3.3MB

Download
memory/1564-446-0x00007FF7489E0000-0x00007FF748D31000-memory.dmp

Filesize
3.3MB

Download
memory/1580-452-0x00007FF776FE0000-0x00007FF777331000-memory.dmp

Filesize
3.3MB

Download
memory/1704-456-0x00007FF7B0020000-0x00007FF7B0371000-memory.dmp

Filesize
3.3MB

Download
memory/1928-460-0x00007FF761920000-0x00007FF761C71000-memory.dmp

Filesize
3.3MB

Download
memory/2028-53-0x00007FF75D300000-0x00007FF75D651000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1541-0x00007FF75D300000-0x00007FF75D651000-memory.dmp

Filesize
3.3MB

Download
memory/2680-462-0x00007FF70B4D0000-0x00007FF70B821000-memory.dmp

Filesize
3.3MB

Download
memory/2712-455-0x00007FF61BAA0000-0x00007FF61BDF1000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1295-0x00007FF69CA60000-0x00007FF69CDB1000-memory.dmp

Filesize
3.3MB

Download
memory/2960-30-0x00007FF69CA60000-0x00007FF69CDB1000-memory.dmp

Filesize
3.3MB

Download
memory/2968-448-0x00007FF6552F0000-0x00007FF655641000-memory.dmp

Filesize
3.3MB

Download
memory/3668-49-0x00007FF708350000-0x00007FF7086A1000-memory.dmp

Filesize
3.3MB

Download
memory/3852-465-0x00007FF79D2D0000-0x00007FF79D621000-memory.dmp

Filesize
3.3MB

Download
memory/3880-1294-0x00007FF6BF6B0000-0x00007FF6BFA01000-memory.dmp

Filesize
3.3MB

Download
memory/3880-10-0x00007FF6BF6B0000-0x00007FF6BFA01000-memory.dmp

Filesize
3.3MB

Download
memory/4464-43-0x00007FF72E880000-0x00007FF72EBD1000-memory.dmp

Filesize
3.3MB

Download
memory/4464-1299-0x00007FF72E880000-0x00007FF72EBD1000-memory.dmp

Filesize
3.3MB

Download
memory/4528-468-0x00007FF7AB9B0000-0x00007FF7ABD01000-memory.dmp

Filesize
3.3MB

Download
memory/4544-464-0x00007FF61EB80000-0x00007FF61EED1000-memory.dmp

Filesize
3.3MB

Download
memory/4616-469-0x00007FF6DC8C0000-0x00007FF6DCC11000-memory.dmp

Filesize
3.3MB

Download
memory/4636-467-0x00007FF7E3890000-0x00007FF7E3BE1000-memory.dmp

Filesize
3.3MB

Download
memory/4668-45-0x00007FF62CE20000-0x00007FF62D171000-memory.dmp

Filesize
3.3MB

Download
memory/4704-461-0x00007FF77BD60000-0x00007FF77C0B1000-memory.dmp

Filesize
3.3MB

Download
memory/4732-1031-0x00007FF7B3FC0000-0x00007FF7B4311000-memory.dmp

Filesize
3.3MB

Download
memory/4732-0-0x00007FF7B3FC0000-0x00007FF7B4311000-memory.dmp

Filesize
3.3MB

Download
memory/4732-1-0x0000017CFFB20000-0x0000017CFFB30000-memory.dmp

Filesize
64KB

Download
memory/4760-442-0x00007FF6C73A0000-0x00007FF6C76F1000-memory.dmp

Filesize
3.3MB

Download
memory/4760-1682-0x00007FF6C73A0000-0x00007FF6C76F1000-memory.dmp

Filesize
3.3MB

Download
memory/4784-453-0x00007FF6AD610000-0x00007FF6AD961000-memory.dmp

Filesize
3.3MB

Download
memory/4856-466-0x00007FF63D520000-0x00007FF63D871000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads