xmrig | 7cb4ab8e2eecc2bca72e935aa06f7d087b37e2706008e0de5d5255c02a7be7ab

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e08f86aa81b1646ee5301f4dc8d2660N.exe
Size

1.8MB
MD5

5e08f86aa81b1646ee5301f4dc8d2660
SHA1

d9c293e967b8ff68bd8f0f96a65b766437b57b91
SHA256

7cb4ab8e2eecc2bca72e935aa06f7d087b37e2706008e0de5d5255c02a7be7ab
SHA512

84f6159073c01364dbfe92461df1ce0e8ec85590a8b37b74aa049910036d50f7dd4afe399f0a07fc60afe59ade8748f2348fdb6015fc24f12b86a47b2b855b4a
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEdMKPIH2Bd00B:RWWBib356utgpP7

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/2172-433-0x00007FF73A660000-0x00007FF73A9B1000-memory.dmp	xmrig
behavioral2/memory/1436-434-0x00007FF7C5EA0000-0x00007FF7C61F1000-memory.dmp	xmrig
behavioral2/memory/4600-441-0x00007FF742D30000-0x00007FF743081000-memory.dmp	xmrig
behavioral2/memory/396-449-0x00007FF75EF50000-0x00007FF75F2A1000-memory.dmp	xmrig
behavioral2/memory/3108-445-0x00007FF6A8500000-0x00007FF6A8851000-memory.dmp	xmrig
behavioral2/memory/1932-487-0x00007FF63FB10000-0x00007FF63FE61000-memory.dmp	xmrig
behavioral2/memory/3380-509-0x00007FF7EBE20000-0x00007FF7EC171000-memory.dmp	xmrig
behavioral2/memory/3800-527-0x00007FF63F6E0000-0x00007FF63FA31000-memory.dmp	xmrig
behavioral2/memory/1752-526-0x00007FF693CC0000-0x00007FF694011000-memory.dmp	xmrig
behavioral2/memory/1540-521-0x00007FF6FDF00000-0x00007FF6FE251000-memory.dmp	xmrig
behavioral2/memory/1536-518-0x00007FF6CF150000-0x00007FF6CF4A1000-memory.dmp	xmrig
behavioral2/memory/4632-514-0x00007FF674DE0000-0x00007FF675131000-memory.dmp	xmrig
behavioral2/memory/2908-512-0x00007FF66F930000-0x00007FF66FC81000-memory.dmp	xmrig
behavioral2/memory/2408-507-0x00007FF7017F0000-0x00007FF701B41000-memory.dmp	xmrig
behavioral2/memory/908-502-0x00007FF71C280000-0x00007FF71C5D1000-memory.dmp	xmrig
behavioral2/memory/3600-496-0x00007FF76F4D0000-0x00007FF76F821000-memory.dmp	xmrig
behavioral2/memory/1700-494-0x00007FF652260000-0x00007FF6525B1000-memory.dmp	xmrig
behavioral2/memory/748-485-0x00007FF7592D0000-0x00007FF759621000-memory.dmp	xmrig
behavioral2/memory/3556-479-0x00007FF6ED780000-0x00007FF6EDAD1000-memory.dmp	xmrig
behavioral2/memory/4344-476-0x00007FF6C40E0000-0x00007FF6C4431000-memory.dmp	xmrig
behavioral2/memory/2996-469-0x00007FF6E50E0000-0x00007FF6E5431000-memory.dmp	xmrig
behavioral2/memory/2588-464-0x00007FF6DA590000-0x00007FF6DA8E1000-memory.dmp	xmrig
behavioral2/memory/1532-461-0x00007FF6EB450000-0x00007FF6EB7A1000-memory.dmp	xmrig
behavioral2/memory/3700-460-0x00007FF735C60000-0x00007FF735FB1000-memory.dmp	xmrig
behavioral2/memory/1600-455-0x00007FF6881E0000-0x00007FF688531000-memory.dmp	xmrig
behavioral2/memory/452-33-0x00007FF7CC0D0000-0x00007FF7CC421000-memory.dmp	xmrig
behavioral2/memory/4104-1902-0x00007FF6CDA50000-0x00007FF6CDDA1000-memory.dmp	xmrig
behavioral2/memory/3788-2054-0x00007FF620620000-0x00007FF620971000-memory.dmp	xmrig
behavioral2/memory/5004-2052-0x00007FF77F510000-0x00007FF77F861000-memory.dmp	xmrig
behavioral2/memory/2272-2050-0x00007FF7FCFA0000-0x00007FF7FD2F1000-memory.dmp	xmrig
behavioral2/memory/2272-2217-0x00007FF7FCFA0000-0x00007FF7FD2F1000-memory.dmp	xmrig
behavioral2/memory/5004-2219-0x00007FF77F510000-0x00007FF77F861000-memory.dmp	xmrig
behavioral2/memory/452-2221-0x00007FF7CC0D0000-0x00007FF7CC421000-memory.dmp	xmrig
behavioral2/memory/1436-2227-0x00007FF7C5EA0000-0x00007FF7C61F1000-memory.dmp	xmrig
behavioral2/memory/3800-2225-0x00007FF63F6E0000-0x00007FF63FA31000-memory.dmp	xmrig
behavioral2/memory/2172-2229-0x00007FF73A660000-0x00007FF73A9B1000-memory.dmp	xmrig
behavioral2/memory/4600-2231-0x00007FF742D30000-0x00007FF743081000-memory.dmp	xmrig
behavioral2/memory/3108-2233-0x00007FF6A8500000-0x00007FF6A8851000-memory.dmp	xmrig
behavioral2/memory/3788-2223-0x00007FF620620000-0x00007FF620971000-memory.dmp	xmrig
behavioral2/memory/1932-2275-0x00007FF63FB10000-0x00007FF63FE61000-memory.dmp	xmrig
behavioral2/memory/748-2277-0x00007FF7592D0000-0x00007FF759621000-memory.dmp	xmrig
behavioral2/memory/3600-2285-0x00007FF76F4D0000-0x00007FF76F821000-memory.dmp	xmrig
behavioral2/memory/2408-2297-0x00007FF7017F0000-0x00007FF701B41000-memory.dmp	xmrig
behavioral2/memory/1540-2295-0x00007FF6FDF00000-0x00007FF6FE251000-memory.dmp	xmrig
behavioral2/memory/4632-2293-0x00007FF674DE0000-0x00007FF675131000-memory.dmp	xmrig
behavioral2/memory/2908-2291-0x00007FF66F930000-0x00007FF66FC81000-memory.dmp	xmrig
behavioral2/memory/3380-2289-0x00007FF7EBE20000-0x00007FF7EC171000-memory.dmp	xmrig
behavioral2/memory/908-2299-0x00007FF71C280000-0x00007FF71C5D1000-memory.dmp	xmrig
behavioral2/memory/1536-2287-0x00007FF6CF150000-0x00007FF6CF4A1000-memory.dmp	xmrig
behavioral2/memory/4344-2283-0x00007FF6C40E0000-0x00007FF6C4431000-memory.dmp	xmrig
behavioral2/memory/1700-2281-0x00007FF652260000-0x00007FF6525B1000-memory.dmp	xmrig
behavioral2/memory/3556-2279-0x00007FF6ED780000-0x00007FF6EDAD1000-memory.dmp	xmrig
behavioral2/memory/3700-2273-0x00007FF735C60000-0x00007FF735FB1000-memory.dmp	xmrig
behavioral2/memory/1532-2269-0x00007FF6EB450000-0x00007FF6EB7A1000-memory.dmp	xmrig
behavioral2/memory/2996-2267-0x00007FF6E50E0000-0x00007FF6E5431000-memory.dmp	xmrig
behavioral2/memory/2588-2271-0x00007FF6DA590000-0x00007FF6DA8E1000-memory.dmp	xmrig
behavioral2/memory/396-2237-0x00007FF75EF50000-0x00007FF75F2A1000-memory.dmp	xmrig
behavioral2/memory/1600-2235-0x00007FF6881E0000-0x00007FF688531000-memory.dmp	xmrig
behavioral2/memory/1752-2301-0x00007FF693CC0000-0x00007FF694011000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2272	sWSlEoM.exe
5004	AOUBKDo.exe
452	jRPXIgP.exe
3788	LKvGZeW.exe
2172	CHQXerM.exe
3800	IJSnoKj.exe
1436	fRYgkvW.exe
4600	BJpniLO.exe
3108	UoznChZ.exe
396	BBdCoMX.exe
1600	cisUzBA.exe
3700	GevHLFU.exe
1532	aXEtMKG.exe
2588	InVHYCI.exe
2996	cyqZlAA.exe
4344	fiLcdWZ.exe
3556	OmWvAIO.exe
748	vZeJXfg.exe
1932	erggtCU.exe
1700	FxuVIgn.exe
3600	DtEtqqD.exe
908	XGAuRiQ.exe
2408	POTVvsd.exe
3380	GOPNCbM.exe
2908	DxHeQUA.exe
4632	icUoqwa.exe
1536	VtaVVhB.exe
1540	jinXfcB.exe
1752	PODzjgI.exe
3812	tJJzwlL.exe
2036	lwgrBJn.exe
4044	tgcOKcb.exe
3084	cqYefTl.exe
4628	ScRpjAB.exe
1712	VHmTLnL.exe
2844	rdZzSxJ.exe
4024	aYefJfR.exe
3396	mneftst.exe
2080	ZShyYTs.exe
1484	KLpgHEq.exe
728	OMFRIAB.exe
2176	uosxEFy.exe
2396	wsWHDFS.exe
4256	CzldCTN.exe
4268	tSQiNfS.exe
2784	WNHDXpF.exe
2024	XhFJDwe.exe
3568	nttUkOM.exe
4280	aAyJZiF.exe
2812	cXpCVZv.exe
4820	QeKtXOz.exe
556	yYuvNft.exe
4740	YdpwAez.exe
2880	lrifdgP.exe
800	BKmQoFT.exe
1592	qsgepAi.exe
2556	bZfbCVO.exe
1564	bVhsTcU.exe
1804	flxOnIl.exe
1524	ElGAdgE.exe
536	AdYsRNW.exe
3760	KqvcYgo.exe
1984	opTrijr.exe
3444	VaaBcMK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4104-0-0x00007FF6CDA50000-0x00007FF6CDDA1000-memory.dmp	upx
behavioral2/files/0x00080000000234dd-4.dat	upx
behavioral2/memory/2272-8-0x00007FF7FCFA0000-0x00007FF7FD2F1000-memory.dmp	upx
behavioral2/files/0x00070000000234e5-7.dat	upx
behavioral2/files/0x00070000000234e7-23.dat	upx
behavioral2/files/0x00070000000234e6-25.dat	upx
behavioral2/files/0x00070000000234e9-40.dat	upx
behavioral2/files/0x00070000000234ea-44.dat	upx
behavioral2/files/0x00070000000234ee-62.dat	upx
behavioral2/files/0x00070000000234ef-75.dat	upx
behavioral2/files/0x00070000000234f2-82.dat	upx
behavioral2/files/0x00070000000234f4-92.dat	upx
behavioral2/files/0x00070000000234f6-102.dat	upx
behavioral2/files/0x00070000000234f8-112.dat	upx
behavioral2/files/0x00070000000234f9-125.dat	upx
behavioral2/files/0x00070000000234fd-137.dat	upx
behavioral2/files/0x00070000000234fe-150.dat	upx
behavioral2/files/0x0007000000023501-165.dat	upx
behavioral2/memory/2172-433-0x00007FF73A660000-0x00007FF73A9B1000-memory.dmp	upx
behavioral2/memory/1436-434-0x00007FF7C5EA0000-0x00007FF7C61F1000-memory.dmp	upx
behavioral2/memory/4600-441-0x00007FF742D30000-0x00007FF743081000-memory.dmp	upx
behavioral2/memory/396-449-0x00007FF75EF50000-0x00007FF75F2A1000-memory.dmp	upx
behavioral2/memory/3108-445-0x00007FF6A8500000-0x00007FF6A8851000-memory.dmp	upx
behavioral2/files/0x0007000000023503-167.dat	upx
behavioral2/files/0x0007000000023502-162.dat	upx
behavioral2/files/0x0007000000023500-160.dat	upx
behavioral2/files/0x00070000000234ff-155.dat	upx
behavioral2/files/0x00070000000234fc-140.dat	upx
behavioral2/files/0x00070000000234fb-135.dat	upx
behavioral2/files/0x00070000000234fa-130.dat	upx
behavioral2/files/0x00070000000234f7-115.dat	upx
behavioral2/files/0x00070000000234f5-105.dat	upx
behavioral2/files/0x00070000000234f3-95.dat	upx
behavioral2/files/0x00070000000234f1-85.dat	upx
behavioral2/files/0x00070000000234f0-80.dat	upx
behavioral2/files/0x00070000000234ed-65.dat	upx
behavioral2/files/0x00070000000234ec-60.dat	upx
behavioral2/files/0x00070000000234eb-52.dat	upx
behavioral2/files/0x00070000000234e8-38.dat	upx
behavioral2/memory/1932-487-0x00007FF63FB10000-0x00007FF63FE61000-memory.dmp	upx
behavioral2/memory/3380-509-0x00007FF7EBE20000-0x00007FF7EC171000-memory.dmp	upx
behavioral2/memory/3800-527-0x00007FF63F6E0000-0x00007FF63FA31000-memory.dmp	upx
behavioral2/memory/1752-526-0x00007FF693CC0000-0x00007FF694011000-memory.dmp	upx
behavioral2/memory/1540-521-0x00007FF6FDF00000-0x00007FF6FE251000-memory.dmp	upx
behavioral2/memory/1536-518-0x00007FF6CF150000-0x00007FF6CF4A1000-memory.dmp	upx
behavioral2/memory/4632-514-0x00007FF674DE0000-0x00007FF675131000-memory.dmp	upx
behavioral2/memory/2908-512-0x00007FF66F930000-0x00007FF66FC81000-memory.dmp	upx
behavioral2/memory/2408-507-0x00007FF7017F0000-0x00007FF701B41000-memory.dmp	upx
behavioral2/memory/908-502-0x00007FF71C280000-0x00007FF71C5D1000-memory.dmp	upx
behavioral2/memory/3600-496-0x00007FF76F4D0000-0x00007FF76F821000-memory.dmp	upx
behavioral2/memory/1700-494-0x00007FF652260000-0x00007FF6525B1000-memory.dmp	upx
behavioral2/memory/748-485-0x00007FF7592D0000-0x00007FF759621000-memory.dmp	upx
behavioral2/memory/3556-479-0x00007FF6ED780000-0x00007FF6EDAD1000-memory.dmp	upx
behavioral2/memory/4344-476-0x00007FF6C40E0000-0x00007FF6C4431000-memory.dmp	upx
behavioral2/memory/2996-469-0x00007FF6E50E0000-0x00007FF6E5431000-memory.dmp	upx
behavioral2/memory/2588-464-0x00007FF6DA590000-0x00007FF6DA8E1000-memory.dmp	upx
behavioral2/memory/1532-461-0x00007FF6EB450000-0x00007FF6EB7A1000-memory.dmp	upx
behavioral2/memory/3700-460-0x00007FF735C60000-0x00007FF735FB1000-memory.dmp	upx
behavioral2/memory/1600-455-0x00007FF6881E0000-0x00007FF688531000-memory.dmp	upx
behavioral2/memory/452-33-0x00007FF7CC0D0000-0x00007FF7CC421000-memory.dmp	upx
behavioral2/memory/3788-30-0x00007FF620620000-0x00007FF620971000-memory.dmp	upx
behavioral2/memory/5004-20-0x00007FF77F510000-0x00007FF77F861000-memory.dmp	upx
behavioral2/files/0x00070000000234e4-17.dat	upx
behavioral2/memory/4104-1902-0x00007FF6CDA50000-0x00007FF6CDDA1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bzYdVUa.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\qAZtuaa.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\eCVBNjF.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\dYHSsBw.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\KLpgHEq.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\cXpCVZv.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\YAQplGK.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\XIRRRJY.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\nPRtuBi.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\gJLIFdW.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\DCjCxKK.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\MdIaYXJ.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\CHQXerM.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\ObmrtZj.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\HhYxPUP.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\LWKrVhc.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\cbbRWff.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\edxSEiD.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\GIEvnfQ.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\efTvTTD.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\ttqVPrT.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\mnueWgo.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\qAgNLMB.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\tjINFAZ.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\CWVkEkO.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\YokVvKQ.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\jbytQuF.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\hPwOwmC.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\bVhsTcU.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\bcOcyen.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\QulNqlL.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\gQoOKHT.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\QURklvW.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\wSCbMrs.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\gkZYXsO.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\QreJvAf.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\TeBquRv.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\ITRvZza.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\QnMYQMh.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\FnitEWr.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\hPaQUok.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\BtbROBd.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\ABHefOz.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\achNyRp.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\lAosusf.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\jgnBsdG.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\bmiznUD.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\lhAfFMx.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\GevHLFU.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\LyCFcZR.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\sUTFLTA.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\tuvehEq.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\axkPHiG.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\WiZqjvK.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\AGzxkIv.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\EyJCnjh.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\GAqKKoP.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\rfTHOVh.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\UTuPZKW.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\cyqZlAA.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\vDSyeaJ.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\GwGwMUO.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\EVsiFmY.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe
File created	C:\Windows\System\lXYrcdO.exe	5e08f86aa81b1646ee5301f4dc8d2660N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14188	dwm.exe
Token: SeChangeNotifyPrivilege	14188	dwm.exe
Token: 33	14188	dwm.exe
Token: SeIncBasePriorityPrivilege	14188	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 2272	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	87
PID 4104 wrote to memory of 2272	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	87
PID 4104 wrote to memory of 5004	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	88
PID 4104 wrote to memory of 5004	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	88
PID 4104 wrote to memory of 452	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	89
PID 4104 wrote to memory of 452	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	89
PID 4104 wrote to memory of 3788	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	90
PID 4104 wrote to memory of 3788	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	90
PID 4104 wrote to memory of 2172	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	91
PID 4104 wrote to memory of 2172	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	91
PID 4104 wrote to memory of 3800	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	92
PID 4104 wrote to memory of 3800	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	92
PID 4104 wrote to memory of 1436	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	93
PID 4104 wrote to memory of 1436	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	93
PID 4104 wrote to memory of 4600	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	94
PID 4104 wrote to memory of 4600	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	94
PID 4104 wrote to memory of 3108	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	95
PID 4104 wrote to memory of 3108	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	95
PID 4104 wrote to memory of 396	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	96
PID 4104 wrote to memory of 396	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	96
PID 4104 wrote to memory of 1600	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	97
PID 4104 wrote to memory of 1600	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	97
PID 4104 wrote to memory of 3700	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	98
PID 4104 wrote to memory of 3700	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	98
PID 4104 wrote to memory of 1532	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	99
PID 4104 wrote to memory of 1532	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	99
PID 4104 wrote to memory of 2588	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	100
PID 4104 wrote to memory of 2588	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	100
PID 4104 wrote to memory of 2996	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	101
PID 4104 wrote to memory of 2996	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	101
PID 4104 wrote to memory of 4344	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	102
PID 4104 wrote to memory of 4344	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	102
PID 4104 wrote to memory of 3556	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	103
PID 4104 wrote to memory of 3556	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	103
PID 4104 wrote to memory of 748	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	104
PID 4104 wrote to memory of 748	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	104
PID 4104 wrote to memory of 1932	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	105
PID 4104 wrote to memory of 1932	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	105
PID 4104 wrote to memory of 1700	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	106
PID 4104 wrote to memory of 1700	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	106
PID 4104 wrote to memory of 3600	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	107
PID 4104 wrote to memory of 3600	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	107
PID 4104 wrote to memory of 908	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	108
PID 4104 wrote to memory of 908	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	108
PID 4104 wrote to memory of 2408	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	109
PID 4104 wrote to memory of 2408	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	109
PID 4104 wrote to memory of 3380	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	110
PID 4104 wrote to memory of 3380	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	110
PID 4104 wrote to memory of 2908	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	111
PID 4104 wrote to memory of 2908	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	111
PID 4104 wrote to memory of 4632	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	112
PID 4104 wrote to memory of 4632	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	112
PID 4104 wrote to memory of 1536	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	113
PID 4104 wrote to memory of 1536	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	113
PID 4104 wrote to memory of 1540	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	114
PID 4104 wrote to memory of 1540	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	114
PID 4104 wrote to memory of 1752	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	115
PID 4104 wrote to memory of 1752	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	115
PID 4104 wrote to memory of 3812	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	116
PID 4104 wrote to memory of 3812	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	116
PID 4104 wrote to memory of 2036	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	117
PID 4104 wrote to memory of 2036	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	117
PID 4104 wrote to memory of 4044	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	118
PID 4104 wrote to memory of 4044	4104	5e08f86aa81b1646ee5301f4dc8d2660N.exe	118

C:\Users\Admin\AppData\Local\Temp\5e08f86aa81b1646ee5301f4dc8d2660N.exe
"C:\Users\Admin\AppData\Local\Temp\5e08f86aa81b1646ee5301f4dc8d2660N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Windows\System\sWSlEoM.exe
  C:\Windows\System\sWSlEoM.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\AOUBKDo.exe
  C:\Windows\System\AOUBKDo.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\jRPXIgP.exe
  C:\Windows\System\jRPXIgP.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\LKvGZeW.exe
  C:\Windows\System\LKvGZeW.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\CHQXerM.exe
  C:\Windows\System\CHQXerM.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\IJSnoKj.exe
  C:\Windows\System\IJSnoKj.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\fRYgkvW.exe
  C:\Windows\System\fRYgkvW.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\BJpniLO.exe
  C:\Windows\System\BJpniLO.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\UoznChZ.exe
  C:\Windows\System\UoznChZ.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\BBdCoMX.exe
  C:\Windows\System\BBdCoMX.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\cisUzBA.exe
  C:\Windows\System\cisUzBA.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\GevHLFU.exe
  C:\Windows\System\GevHLFU.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\aXEtMKG.exe
  C:\Windows\System\aXEtMKG.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\InVHYCI.exe
  C:\Windows\System\InVHYCI.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\cyqZlAA.exe
  C:\Windows\System\cyqZlAA.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\fiLcdWZ.exe
  C:\Windows\System\fiLcdWZ.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\OmWvAIO.exe
  C:\Windows\System\OmWvAIO.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\vZeJXfg.exe
  C:\Windows\System\vZeJXfg.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\erggtCU.exe
  C:\Windows\System\erggtCU.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\FxuVIgn.exe
  C:\Windows\System\FxuVIgn.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\DtEtqqD.exe
  C:\Windows\System\DtEtqqD.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\XGAuRiQ.exe
  C:\Windows\System\XGAuRiQ.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\POTVvsd.exe
  C:\Windows\System\POTVvsd.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\GOPNCbM.exe
  C:\Windows\System\GOPNCbM.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\DxHeQUA.exe
  C:\Windows\System\DxHeQUA.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\icUoqwa.exe
  C:\Windows\System\icUoqwa.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\VtaVVhB.exe
  C:\Windows\System\VtaVVhB.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\jinXfcB.exe
  C:\Windows\System\jinXfcB.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\PODzjgI.exe
  C:\Windows\System\PODzjgI.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\tJJzwlL.exe
  C:\Windows\System\tJJzwlL.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\lwgrBJn.exe
  C:\Windows\System\lwgrBJn.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\tgcOKcb.exe
  C:\Windows\System\tgcOKcb.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\cqYefTl.exe
  C:\Windows\System\cqYefTl.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\ScRpjAB.exe
  C:\Windows\System\ScRpjAB.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\VHmTLnL.exe
  C:\Windows\System\VHmTLnL.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\rdZzSxJ.exe
  C:\Windows\System\rdZzSxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\aYefJfR.exe
  C:\Windows\System\aYefJfR.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\mneftst.exe
  C:\Windows\System\mneftst.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\ZShyYTs.exe
  C:\Windows\System\ZShyYTs.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\KLpgHEq.exe
  C:\Windows\System\KLpgHEq.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\OMFRIAB.exe
  C:\Windows\System\OMFRIAB.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\uosxEFy.exe
  C:\Windows\System\uosxEFy.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\wsWHDFS.exe
  C:\Windows\System\wsWHDFS.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\CzldCTN.exe
  C:\Windows\System\CzldCTN.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\tSQiNfS.exe
  C:\Windows\System\tSQiNfS.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\WNHDXpF.exe
  C:\Windows\System\WNHDXpF.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\XhFJDwe.exe
  C:\Windows\System\XhFJDwe.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\nttUkOM.exe
  C:\Windows\System\nttUkOM.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\aAyJZiF.exe
  C:\Windows\System\aAyJZiF.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\cXpCVZv.exe
  C:\Windows\System\cXpCVZv.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\QeKtXOz.exe
  C:\Windows\System\QeKtXOz.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\yYuvNft.exe
  C:\Windows\System\yYuvNft.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\YdpwAez.exe
  C:\Windows\System\YdpwAez.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\lrifdgP.exe
  C:\Windows\System\lrifdgP.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\BKmQoFT.exe
  C:\Windows\System\BKmQoFT.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\qsgepAi.exe
  C:\Windows\System\qsgepAi.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\bZfbCVO.exe
  C:\Windows\System\bZfbCVO.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\bVhsTcU.exe
  C:\Windows\System\bVhsTcU.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\flxOnIl.exe
  C:\Windows\System\flxOnIl.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\ElGAdgE.exe
  C:\Windows\System\ElGAdgE.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\AdYsRNW.exe
  C:\Windows\System\AdYsRNW.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\KqvcYgo.exe
  C:\Windows\System\KqvcYgo.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\opTrijr.exe
  C:\Windows\System\opTrijr.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\VaaBcMK.exe
  C:\Windows\System\VaaBcMK.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\qzeFUJf.exe
  C:\Windows\System\qzeFUJf.exe
  2⤵
  PID:4928
- C:\Windows\System\arPqLoW.exe
  C:\Windows\System\arPqLoW.exe
  2⤵
  PID:744
- C:\Windows\System\FqNcGrg.exe
  C:\Windows\System\FqNcGrg.exe
  2⤵
  PID:1936
- C:\Windows\System\VhKGOXU.exe
  C:\Windows\System\VhKGOXU.exe
  2⤵
  PID:1580
- C:\Windows\System\oRKWTVq.exe
  C:\Windows\System\oRKWTVq.exe
  2⤵
  PID:2532
- C:\Windows\System\mgaeazq.exe
  C:\Windows\System\mgaeazq.exe
  2⤵
  PID:2200
- C:\Windows\System\hYzoZTl.exe
  C:\Windows\System\hYzoZTl.exe
  2⤵
  PID:4944
- C:\Windows\System\AMufGdE.exe
  C:\Windows\System\AMufGdE.exe
  2⤵
  PID:1632
- C:\Windows\System\IyLpacS.exe
  C:\Windows\System\IyLpacS.exe
  2⤵
  PID:224
- C:\Windows\System\sINQbNb.exe
  C:\Windows\System\sINQbNb.exe
  2⤵
  PID:4728
- C:\Windows\System\lpNhBns.exe
  C:\Windows\System\lpNhBns.exe
  2⤵
  PID:656
- C:\Windows\System\MmNgSQV.exe
  C:\Windows\System\MmNgSQV.exe
  2⤵
  PID:3240
- C:\Windows\System\CpDfVKv.exe
  C:\Windows\System\CpDfVKv.exe
  2⤵
  PID:4848
- C:\Windows\System\DipuqcX.exe
  C:\Windows\System\DipuqcX.exe
  2⤵
  PID:4412
- C:\Windows\System\HgAMRhq.exe
  C:\Windows\System\HgAMRhq.exe
  2⤵
  PID:3080
- C:\Windows\System\eJxisVY.exe
  C:\Windows\System\eJxisVY.exe
  2⤵
  PID:960
- C:\Windows\System\qlWbTaG.exe
  C:\Windows\System\qlWbTaG.exe
  2⤵
  PID:4652
- C:\Windows\System\hPaQUok.exe
  C:\Windows\System\hPaQUok.exe
  2⤵
  PID:2428
- C:\Windows\System\iPKNhLk.exe
  C:\Windows\System\iPKNhLk.exe
  2⤵
  PID:5044
- C:\Windows\System\MFsOigM.exe
  C:\Windows\System\MFsOigM.exe
  2⤵
  PID:4248
- C:\Windows\System\gemgGuW.exe
  C:\Windows\System\gemgGuW.exe
  2⤵
  PID:860
- C:\Windows\System\UAxzvoc.exe
  C:\Windows\System\UAxzvoc.exe
  2⤵
  PID:4968
- C:\Windows\System\pQTRVSZ.exe
  C:\Windows\System\pQTRVSZ.exe
  2⤵
  PID:2008
- C:\Windows\System\hdlDXwQ.exe
  C:\Windows\System\hdlDXwQ.exe
  2⤵
  PID:1956
- C:\Windows\System\bSxQVNn.exe
  C:\Windows\System\bSxQVNn.exe
  2⤵
  PID:5128
- C:\Windows\System\WFGEfpN.exe
  C:\Windows\System\WFGEfpN.exe
  2⤵
  PID:5156
- C:\Windows\System\mGtVMHv.exe
  C:\Windows\System\mGtVMHv.exe
  2⤵
  PID:5184
- C:\Windows\System\oCiEqNU.exe
  C:\Windows\System\oCiEqNU.exe
  2⤵
  PID:5212
- C:\Windows\System\qOPDADu.exe
  C:\Windows\System\qOPDADu.exe
  2⤵
  PID:5244
- C:\Windows\System\sIXqaZM.exe
  C:\Windows\System\sIXqaZM.exe
  2⤵
  PID:5272
- C:\Windows\System\iEONpme.exe
  C:\Windows\System\iEONpme.exe
  2⤵
  PID:5300
- C:\Windows\System\SXiIUmA.exe
  C:\Windows\System\SXiIUmA.exe
  2⤵
  PID:5324
- C:\Windows\System\pGXTwYF.exe
  C:\Windows\System\pGXTwYF.exe
  2⤵
  PID:5352
- C:\Windows\System\ddFHaSE.exe
  C:\Windows\System\ddFHaSE.exe
  2⤵
  PID:5384
- C:\Windows\System\NtQVTfh.exe
  C:\Windows\System\NtQVTfh.exe
  2⤵
  PID:5408
- C:\Windows\System\RnrzsWX.exe
  C:\Windows\System\RnrzsWX.exe
  2⤵
  PID:5436
- C:\Windows\System\gkZYXsO.exe
  C:\Windows\System\gkZYXsO.exe
  2⤵
  PID:5464
- C:\Windows\System\MJKZZtH.exe
  C:\Windows\System\MJKZZtH.exe
  2⤵
  PID:5492
- C:\Windows\System\lGQUgJg.exe
  C:\Windows\System\lGQUgJg.exe
  2⤵
  PID:5520
- C:\Windows\System\naitqLp.exe
  C:\Windows\System\naitqLp.exe
  2⤵
  PID:5552
- C:\Windows\System\AHeIcts.exe
  C:\Windows\System\AHeIcts.exe
  2⤵
  PID:5580
- C:\Windows\System\ZtDJEcN.exe
  C:\Windows\System\ZtDJEcN.exe
  2⤵
  PID:5608
- C:\Windows\System\klwDeyN.exe
  C:\Windows\System\klwDeyN.exe
  2⤵
  PID:5632
- C:\Windows\System\KIYLkkc.exe
  C:\Windows\System\KIYLkkc.exe
  2⤵
  PID:5660
- C:\Windows\System\ZAbBgvH.exe
  C:\Windows\System\ZAbBgvH.exe
  2⤵
  PID:5688
- C:\Windows\System\TBgjQxy.exe
  C:\Windows\System\TBgjQxy.exe
  2⤵
  PID:5716
- C:\Windows\System\myBslwP.exe
  C:\Windows\System\myBslwP.exe
  2⤵
  PID:5744
- C:\Windows\System\tRFRkAK.exe
  C:\Windows\System\tRFRkAK.exe
  2⤵
  PID:5772
- C:\Windows\System\iqldGIl.exe
  C:\Windows\System\iqldGIl.exe
  2⤵
  PID:5800
- C:\Windows\System\LBFddPI.exe
  C:\Windows\System\LBFddPI.exe
  2⤵
  PID:5828
- C:\Windows\System\ZaDSdQE.exe
  C:\Windows\System\ZaDSdQE.exe
  2⤵
  PID:5856
- C:\Windows\System\VezkRDa.exe
  C:\Windows\System\VezkRDa.exe
  2⤵
  PID:5884
- C:\Windows\System\IVUClJJ.exe
  C:\Windows\System\IVUClJJ.exe
  2⤵
  PID:5912
- C:\Windows\System\CQlPRuW.exe
  C:\Windows\System\CQlPRuW.exe
  2⤵
  PID:5940
- C:\Windows\System\BtbROBd.exe
  C:\Windows\System\BtbROBd.exe
  2⤵
  PID:5968
- C:\Windows\System\OvRwUvP.exe
  C:\Windows\System\OvRwUvP.exe
  2⤵
  PID:6000
- C:\Windows\System\pIyWaMG.exe
  C:\Windows\System\pIyWaMG.exe
  2⤵
  PID:6024
- C:\Windows\System\ucWLUMR.exe
  C:\Windows\System\ucWLUMR.exe
  2⤵
  PID:6052
- C:\Windows\System\spuYeuD.exe
  C:\Windows\System\spuYeuD.exe
  2⤵
  PID:4492
- C:\Windows\System\vtLeoXd.exe
  C:\Windows\System\vtLeoXd.exe
  2⤵
  PID:4424
- C:\Windows\System\pckgwxg.exe
  C:\Windows\System\pckgwxg.exe
  2⤵
  PID:4592
- C:\Windows\System\UOxoqOP.exe
  C:\Windows\System\UOxoqOP.exe
  2⤵
  PID:1352
- C:\Windows\System\qAgNLMB.exe
  C:\Windows\System\qAgNLMB.exe
  2⤵
  PID:1560
- C:\Windows\System\eCNqudh.exe
  C:\Windows\System\eCNqudh.exe
  2⤵
  PID:5176
- C:\Windows\System\nmbFnGu.exe
  C:\Windows\System\nmbFnGu.exe
  2⤵
  PID:5236
- C:\Windows\System\nTCFEvG.exe
  C:\Windows\System\nTCFEvG.exe
  2⤵
  PID:5288
- C:\Windows\System\qQPHgtr.exe
  C:\Windows\System\qQPHgtr.exe
  2⤵
  PID:5344
- C:\Windows\System\bzYdVUa.exe
  C:\Windows\System\bzYdVUa.exe
  2⤵
  PID:5452
- C:\Windows\System\tuvehEq.exe
  C:\Windows\System\tuvehEq.exe
  2⤵
  PID:5488
- C:\Windows\System\MJIfrQp.exe
  C:\Windows\System\MJIfrQp.exe
  2⤵
  PID:5536
- C:\Windows\System\bwckNPH.exe
  C:\Windows\System\bwckNPH.exe
  2⤵
  PID:4260
- C:\Windows\System\ePvFvKx.exe
  C:\Windows\System\ePvFvKx.exe
  2⤵
  PID:5620
- C:\Windows\System\ACGqlTa.exe
  C:\Windows\System\ACGqlTa.exe
  2⤵
  PID:5676
- C:\Windows\System\dHJTQAM.exe
  C:\Windows\System\dHJTQAM.exe
  2⤵
  PID:3652
- C:\Windows\System\goaYATh.exe
  C:\Windows\System\goaYATh.exe
  2⤵
  PID:5740
- C:\Windows\System\OcVULTF.exe
  C:\Windows\System\OcVULTF.exe
  2⤵
  PID:5844
- C:\Windows\System\EEzaafg.exe
  C:\Windows\System\EEzaafg.exe
  2⤵
  PID:2788
- C:\Windows\System\yTrTmfZ.exe
  C:\Windows\System\yTrTmfZ.exe
  2⤵
  PID:5908
- C:\Windows\System\SkDzctT.exe
  C:\Windows\System\SkDzctT.exe
  2⤵
  PID:6016
- C:\Windows\System\IHyNPXW.exe
  C:\Windows\System\IHyNPXW.exe
  2⤵
  PID:5992
- C:\Windows\System\PjAmFku.exe
  C:\Windows\System\PjAmFku.exe
  2⤵
  PID:6108
- C:\Windows\System\VBuoCCi.exe
  C:\Windows\System\VBuoCCi.exe
  2⤵
  PID:1160
- C:\Windows\System\xACPiFO.exe
  C:\Windows\System\xACPiFO.exe
  2⤵
  PID:2940
- C:\Windows\System\LvoKAkB.exe
  C:\Windows\System\LvoKAkB.exe
  2⤵
  PID:1740
- C:\Windows\System\IkvBLsG.exe
  C:\Windows\System\IkvBLsG.exe
  2⤵
  PID:4872
- C:\Windows\System\tfvjHmb.exe
  C:\Windows\System\tfvjHmb.exe
  2⤵
  PID:5704
- C:\Windows\System\ABEciBF.exe
  C:\Windows\System\ABEciBF.exe
  2⤵
  PID:5788
- C:\Windows\System\GpmlkMa.exe
  C:\Windows\System\GpmlkMa.exe
  2⤵
  PID:1552
- C:\Windows\System\PCNRVrd.exe
  C:\Windows\System\PCNRVrd.exe
  2⤵
  PID:5964
- C:\Windows\System\EOMywIJ.exe
  C:\Windows\System\EOMywIJ.exe
  2⤵
  PID:2868
- C:\Windows\System\NYPlAEf.exe
  C:\Windows\System\NYPlAEf.exe
  2⤵
  PID:432
- C:\Windows\System\CbXjsmD.exe
  C:\Windows\System\CbXjsmD.exe
  2⤵
  PID:5312
- C:\Windows\System\oFbXhsJ.exe
  C:\Windows\System\oFbXhsJ.exe
  2⤵
  PID:5428
- C:\Windows\System\kEyDQiR.exe
  C:\Windows\System\kEyDQiR.exe
  2⤵
  PID:2524
- C:\Windows\System\wSCbMrs.exe
  C:\Windows\System\wSCbMrs.exe
  2⤵
  PID:3932
- C:\Windows\System\TlrQnml.exe
  C:\Windows\System\TlrQnml.exe
  2⤵
  PID:2192
- C:\Windows\System\QATyQZr.exe
  C:\Windows\System\QATyQZr.exe
  2⤵
  PID:6072
- C:\Windows\System\QyrXdaV.exe
  C:\Windows\System\QyrXdaV.exe
  2⤵
  PID:1636
- C:\Windows\System\LyCFcZR.exe
  C:\Windows\System\LyCFcZR.exe
  2⤵
  PID:2840
- C:\Windows\System\nAAqpTZ.exe
  C:\Windows\System\nAAqpTZ.exe
  2⤵
  PID:5652
- C:\Windows\System\gcQvdit.exe
  C:\Windows\System\gcQvdit.exe
  2⤵
  PID:6120
- C:\Windows\System\uuyHzfW.exe
  C:\Windows\System\uuyHzfW.exe
  2⤵
  PID:6172
- C:\Windows\System\mfhhATk.exe
  C:\Windows\System\mfhhATk.exe
  2⤵
  PID:6212
- C:\Windows\System\SFWTJdz.exe
  C:\Windows\System\SFWTJdz.exe
  2⤵
  PID:6236
- C:\Windows\System\fwivyTZ.exe
  C:\Windows\System\fwivyTZ.exe
  2⤵
  PID:6256
- C:\Windows\System\hGNzkKd.exe
  C:\Windows\System\hGNzkKd.exe
  2⤵
  PID:6292
- C:\Windows\System\aOXoVBh.exe
  C:\Windows\System\aOXoVBh.exe
  2⤵
  PID:6312
- C:\Windows\System\qHAVRpq.exe
  C:\Windows\System\qHAVRpq.exe
  2⤵
  PID:6340
- C:\Windows\System\VDqgjaG.exe
  C:\Windows\System\VDqgjaG.exe
  2⤵
  PID:6364
- C:\Windows\System\tcHaQdu.exe
  C:\Windows\System\tcHaQdu.exe
  2⤵
  PID:6392
- C:\Windows\System\xRLyZct.exe
  C:\Windows\System\xRLyZct.exe
  2⤵
  PID:6412
- C:\Windows\System\KagXTpD.exe
  C:\Windows\System\KagXTpD.exe
  2⤵
  PID:6436
- C:\Windows\System\QvJXpCB.exe
  C:\Windows\System\QvJXpCB.exe
  2⤵
  PID:6456
- C:\Windows\System\tjJplve.exe
  C:\Windows\System\tjJplve.exe
  2⤵
  PID:6512
- C:\Windows\System\pHMpMEL.exe
  C:\Windows\System\pHMpMEL.exe
  2⤵
  PID:6532
- C:\Windows\System\BXCgHke.exe
  C:\Windows\System\BXCgHke.exe
  2⤵
  PID:6564
- C:\Windows\System\LMzNeWQ.exe
  C:\Windows\System\LMzNeWQ.exe
  2⤵
  PID:6584
- C:\Windows\System\ICyviEl.exe
  C:\Windows\System\ICyviEl.exe
  2⤵
  PID:6608
- C:\Windows\System\quOeSZz.exe
  C:\Windows\System\quOeSZz.exe
  2⤵
  PID:6636
- C:\Windows\System\sTTvfUO.exe
  C:\Windows\System\sTTvfUO.exe
  2⤵
  PID:6656
- C:\Windows\System\fwvRBcm.exe
  C:\Windows\System\fwvRBcm.exe
  2⤵
  PID:6692
- C:\Windows\System\YrGvGmE.exe
  C:\Windows\System\YrGvGmE.exe
  2⤵
  PID:6720
- C:\Windows\System\TQaEeCV.exe
  C:\Windows\System\TQaEeCV.exe
  2⤵
  PID:6768
- C:\Windows\System\gQRzROF.exe
  C:\Windows\System\gQRzROF.exe
  2⤵
  PID:6788
- C:\Windows\System\wAQZfDk.exe
  C:\Windows\System\wAQZfDk.exe
  2⤵
  PID:6808
- C:\Windows\System\ZDWfbwl.exe
  C:\Windows\System\ZDWfbwl.exe
  2⤵
  PID:6840
- C:\Windows\System\ABHefOz.exe
  C:\Windows\System\ABHefOz.exe
  2⤵
  PID:6860
- C:\Windows\System\tjINFAZ.exe
  C:\Windows\System\tjINFAZ.exe
  2⤵
  PID:6888
- C:\Windows\System\KredUwI.exe
  C:\Windows\System\KredUwI.exe
  2⤵
  PID:6912
- C:\Windows\System\bcJNKIE.exe
  C:\Windows\System\bcJNKIE.exe
  2⤵
  PID:6928
- C:\Windows\System\uFpzjMX.exe
  C:\Windows\System\uFpzjMX.exe
  2⤵
  PID:6952
- C:\Windows\System\taPofWH.exe
  C:\Windows\System\taPofWH.exe
  2⤵
  PID:6980
- C:\Windows\System\pgMcbiA.exe
  C:\Windows\System\pgMcbiA.exe
  2⤵
  PID:7004
- C:\Windows\System\HMcgmxH.exe
  C:\Windows\System\HMcgmxH.exe
  2⤵
  PID:7024
- C:\Windows\System\bjOeEjJ.exe
  C:\Windows\System\bjOeEjJ.exe
  2⤵
  PID:7068
- C:\Windows\System\iuLLpED.exe
  C:\Windows\System\iuLLpED.exe
  2⤵
  PID:7092
- C:\Windows\System\RMiejPC.exe
  C:\Windows\System\RMiejPC.exe
  2⤵
  PID:3952
- C:\Windows\System\tWdjBMY.exe
  C:\Windows\System\tWdjBMY.exe
  2⤵
  PID:6152
- C:\Windows\System\yMSsHVx.exe
  C:\Windows\System\yMSsHVx.exe
  2⤵
  PID:6220
- C:\Windows\System\wwenfqC.exe
  C:\Windows\System\wwenfqC.exe
  2⤵
  PID:6308
- C:\Windows\System\kKxzHzI.exe
  C:\Windows\System\kKxzHzI.exe
  2⤵
  PID:6336
- C:\Windows\System\qGPktZY.exe
  C:\Windows\System\qGPktZY.exe
  2⤵
  PID:6448
- C:\Windows\System\VFMUmGs.exe
  C:\Windows\System\VFMUmGs.exe
  2⤵
  PID:6432
- C:\Windows\System\QWbOnWN.exe
  C:\Windows\System\QWbOnWN.exe
  2⤵
  PID:6508
- C:\Windows\System\BissiyR.exe
  C:\Windows\System\BissiyR.exe
  2⤵
  PID:6556
- C:\Windows\System\dXxtQzx.exe
  C:\Windows\System\dXxtQzx.exe
  2⤵
  PID:6688
- C:\Windows\System\mQDKTKa.exe
  C:\Windows\System\mQDKTKa.exe
  2⤵
  PID:6732
- C:\Windows\System\XHpRPBy.exe
  C:\Windows\System\XHpRPBy.exe
  2⤵
  PID:6760
- C:\Windows\System\SycaAIg.exe
  C:\Windows\System\SycaAIg.exe
  2⤵
  PID:6964
- C:\Windows\System\zBjnewS.exe
  C:\Windows\System\zBjnewS.exe
  2⤵
  PID:6924
- C:\Windows\System\TPITJDl.exe
  C:\Windows\System\TPITJDl.exe
  2⤵
  PID:7088
- C:\Windows\System\OufJmSG.exe
  C:\Windows\System\OufJmSG.exe
  2⤵
  PID:7048
- C:\Windows\System\QreJvAf.exe
  C:\Windows\System\QreJvAf.exe
  2⤵
  PID:6148
- C:\Windows\System\JTWEuxb.exe
  C:\Windows\System\JTWEuxb.exe
  2⤵
  PID:7104
- C:\Windows\System\IpunVrh.exe
  C:\Windows\System\IpunVrh.exe
  2⤵
  PID:7152
- C:\Windows\System\VrKCNTF.exe
  C:\Windows\System\VrKCNTF.exe
  2⤵
  PID:6372
- C:\Windows\System\AxnZrPO.exe
  C:\Windows\System\AxnZrPO.exe
  2⤵
  PID:6712
- C:\Windows\System\wLzYDmp.exe
  C:\Windows\System\wLzYDmp.exe
  2⤵
  PID:6960
- C:\Windows\System\vmfHdpO.exe
  C:\Windows\System\vmfHdpO.exe
  2⤵
  PID:7064
- C:\Windows\System\GIARmsB.exe
  C:\Windows\System\GIARmsB.exe
  2⤵
  PID:7112
- C:\Windows\System\qAZtuaa.exe
  C:\Windows\System\qAZtuaa.exe
  2⤵
  PID:7084
- C:\Windows\System\ovmryso.exe
  C:\Windows\System\ovmryso.exe
  2⤵
  PID:6620
- C:\Windows\System\YAQplGK.exe
  C:\Windows\System\YAQplGK.exe
  2⤵
  PID:6948
- C:\Windows\System\CWVkEkO.exe
  C:\Windows\System\CWVkEkO.exe
  2⤵
  PID:7184
- C:\Windows\System\TkbjXHR.exe
  C:\Windows\System\TkbjXHR.exe
  2⤵
  PID:7204
- C:\Windows\System\JUFTcUb.exe
  C:\Windows\System\JUFTcUb.exe
  2⤵
  PID:7260
- C:\Windows\System\srgVCqA.exe
  C:\Windows\System\srgVCqA.exe
  2⤵
  PID:7288
- C:\Windows\System\TMyalAN.exe
  C:\Windows\System\TMyalAN.exe
  2⤵
  PID:7304
- C:\Windows\System\yXnJfYX.exe
  C:\Windows\System\yXnJfYX.exe
  2⤵
  PID:7324
- C:\Windows\System\xjKZFCL.exe
  C:\Windows\System\xjKZFCL.exe
  2⤵
  PID:7340
- C:\Windows\System\DApHALb.exe
  C:\Windows\System\DApHALb.exe
  2⤵
  PID:7360
- C:\Windows\System\rYSVseY.exe
  C:\Windows\System\rYSVseY.exe
  2⤵
  PID:7388
- C:\Windows\System\fyhhLzC.exe
  C:\Windows\System\fyhhLzC.exe
  2⤵
  PID:7412
- C:\Windows\System\rMXxGiO.exe
  C:\Windows\System\rMXxGiO.exe
  2⤵
  PID:7440
- C:\Windows\System\dCzHTpd.exe
  C:\Windows\System\dCzHTpd.exe
  2⤵
  PID:7456
- C:\Windows\System\WrXOUbA.exe
  C:\Windows\System\WrXOUbA.exe
  2⤵
  PID:7504
- C:\Windows\System\utgETAU.exe
  C:\Windows\System\utgETAU.exe
  2⤵
  PID:7524
- C:\Windows\System\tdsrFcS.exe
  C:\Windows\System\tdsrFcS.exe
  2⤵
  PID:7576
- C:\Windows\System\YokVvKQ.exe
  C:\Windows\System\YokVvKQ.exe
  2⤵
  PID:7596
- C:\Windows\System\BCuXoov.exe
  C:\Windows\System\BCuXoov.exe
  2⤵
  PID:7616
- C:\Windows\System\AoSZHpB.exe
  C:\Windows\System\AoSZHpB.exe
  2⤵
  PID:7636
- C:\Windows\System\ijNOHSc.exe
  C:\Windows\System\ijNOHSc.exe
  2⤵
  PID:7680
- C:\Windows\System\QOWqNxc.exe
  C:\Windows\System\QOWqNxc.exe
  2⤵
  PID:7696
- C:\Windows\System\uAgcbfW.exe
  C:\Windows\System\uAgcbfW.exe
  2⤵
  PID:7740
- C:\Windows\System\jPlWTIy.exe
  C:\Windows\System\jPlWTIy.exe
  2⤵
  PID:7760
- C:\Windows\System\oahQlmg.exe
  C:\Windows\System\oahQlmg.exe
  2⤵
  PID:7788
- C:\Windows\System\RbyYDUK.exe
  C:\Windows\System\RbyYDUK.exe
  2⤵
  PID:7836
- C:\Windows\System\JQQQRJB.exe
  C:\Windows\System\JQQQRJB.exe
  2⤵
  PID:7900
- C:\Windows\System\twXPPki.exe
  C:\Windows\System\twXPPki.exe
  2⤵
  PID:7920
- C:\Windows\System\cbbRWff.exe
  C:\Windows\System\cbbRWff.exe
  2⤵
  PID:7940
- C:\Windows\System\zlTWRkd.exe
  C:\Windows\System\zlTWRkd.exe
  2⤵
  PID:7980
- C:\Windows\System\bArwEtT.exe
  C:\Windows\System\bArwEtT.exe
  2⤵
  PID:8000
- C:\Windows\System\Rbbjrhf.exe
  C:\Windows\System\Rbbjrhf.exe
  2⤵
  PID:8024
- C:\Windows\System\hVzKFLY.exe
  C:\Windows\System\hVzKFLY.exe
  2⤵
  PID:8044
- C:\Windows\System\UHWwPqZ.exe
  C:\Windows\System\UHWwPqZ.exe
  2⤵
  PID:8068
- C:\Windows\System\VordIvF.exe
  C:\Windows\System\VordIvF.exe
  2⤵
  PID:8088
- C:\Windows\System\TeBquRv.exe
  C:\Windows\System\TeBquRv.exe
  2⤵
  PID:8124
- C:\Windows\System\GBNccCc.exe
  C:\Windows\System\GBNccCc.exe
  2⤵
  PID:8188
- C:\Windows\System\aoZYNfq.exe
  C:\Windows\System\aoZYNfq.exe
  2⤵
  PID:7196
- C:\Windows\System\dVjXXlO.exe
  C:\Windows\System\dVjXXlO.exe
  2⤵
  PID:7216
- C:\Windows\System\OAwmbzx.exe
  C:\Windows\System\OAwmbzx.exe
  2⤵
  PID:7280
- C:\Windows\System\cZlxuDw.exe
  C:\Windows\System\cZlxuDw.exe
  2⤵
  PID:7320
- C:\Windows\System\WnKZzeC.exe
  C:\Windows\System\WnKZzeC.exe
  2⤵
  PID:7468
- C:\Windows\System\TeVBeFW.exe
  C:\Windows\System\TeVBeFW.exe
  2⤵
  PID:7432
- C:\Windows\System\UZwkpNh.exe
  C:\Windows\System\UZwkpNh.exe
  2⤵
  PID:7516
- C:\Windows\System\PQEcXUh.exe
  C:\Windows\System\PQEcXUh.exe
  2⤵
  PID:7692
- C:\Windows\System\JtvBSqV.exe
  C:\Windows\System\JtvBSqV.exe
  2⤵
  PID:7756
- C:\Windows\System\nNIEAYJ.exe
  C:\Windows\System\nNIEAYJ.exe
  2⤵
  PID:7728
- C:\Windows\System\XIRRRJY.exe
  C:\Windows\System\XIRRRJY.exe
  2⤵
  PID:7784
- C:\Windows\System\axkPHiG.exe
  C:\Windows\System\axkPHiG.exe
  2⤵
  PID:7928
- C:\Windows\System\KxHqVpr.exe
  C:\Windows\System\KxHqVpr.exe
  2⤵
  PID:7892
- C:\Windows\System\PBAkCZe.exe
  C:\Windows\System\PBAkCZe.exe
  2⤵
  PID:7936
- C:\Windows\System\PIZJzWb.exe
  C:\Windows\System\PIZJzWb.exe
  2⤵
  PID:8040
- C:\Windows\System\lVJlkXM.exe
  C:\Windows\System\lVJlkXM.exe
  2⤵
  PID:8076
- C:\Windows\System\zfBMYFQ.exe
  C:\Windows\System\zfBMYFQ.exe
  2⤵
  PID:8160
- C:\Windows\System\smcOcTD.exe
  C:\Windows\System\smcOcTD.exe
  2⤵
  PID:7224
- C:\Windows\System\SrCgkuc.exe
  C:\Windows\System\SrCgkuc.exe
  2⤵
  PID:7380
- C:\Windows\System\UFrUVFC.exe
  C:\Windows\System\UFrUVFC.exe
  2⤵
  PID:7420
- C:\Windows\System\dbzXqkk.exe
  C:\Windows\System\dbzXqkk.exe
  2⤵
  PID:7572
- C:\Windows\System\wUDEtor.exe
  C:\Windows\System\wUDEtor.exe
  2⤵
  PID:7780
- C:\Windows\System\vYOTJlE.exe
  C:\Windows\System\vYOTJlE.exe
  2⤵
  PID:7872
- C:\Windows\System\touHKPx.exe
  C:\Windows\System\touHKPx.exe
  2⤵
  PID:8056
- C:\Windows\System\eFSHEyc.exe
  C:\Windows\System\eFSHEyc.exe
  2⤵
  PID:7180
- C:\Windows\System\bPtfRsy.exe
  C:\Windows\System\bPtfRsy.exe
  2⤵
  PID:7384
- C:\Windows\System\WeMTXws.exe
  C:\Windows\System\WeMTXws.exe
  2⤵
  PID:7876
- C:\Windows\System\EkMBLtk.exe
  C:\Windows\System\EkMBLtk.exe
  2⤵
  PID:7176
- C:\Windows\System\rqkHvYY.exe
  C:\Windows\System\rqkHvYY.exe
  2⤵
  PID:8208
- C:\Windows\System\yjpFOiL.exe
  C:\Windows\System\yjpFOiL.exe
  2⤵
  PID:8228
- C:\Windows\System\MIeomuL.exe
  C:\Windows\System\MIeomuL.exe
  2⤵
  PID:8268
- C:\Windows\System\BQViTJB.exe
  C:\Windows\System\BQViTJB.exe
  2⤵
  PID:8304
- C:\Windows\System\itdsvUf.exe
  C:\Windows\System\itdsvUf.exe
  2⤵
  PID:8328
- C:\Windows\System\fgGGqqW.exe
  C:\Windows\System\fgGGqqW.exe
  2⤵
  PID:8348
- C:\Windows\System\JYVeDqs.exe
  C:\Windows\System\JYVeDqs.exe
  2⤵
  PID:8392
- C:\Windows\System\HhYxPUP.exe
  C:\Windows\System\HhYxPUP.exe
  2⤵
  PID:8436
- C:\Windows\System\LyvClPz.exe
  C:\Windows\System\LyvClPz.exe
  2⤵
  PID:8456
- C:\Windows\System\YYeVqvO.exe
  C:\Windows\System\YYeVqvO.exe
  2⤵
  PID:8476
- C:\Windows\System\HQnfLRQ.exe
  C:\Windows\System\HQnfLRQ.exe
  2⤵
  PID:8504
- C:\Windows\System\WiZqjvK.exe
  C:\Windows\System\WiZqjvK.exe
  2⤵
  PID:8532
- C:\Windows\System\yFgfQuW.exe
  C:\Windows\System\yFgfQuW.exe
  2⤵
  PID:8576
- C:\Windows\System\wwRiMII.exe
  C:\Windows\System\wwRiMII.exe
  2⤵
  PID:8600
- C:\Windows\System\IWERULf.exe
  C:\Windows\System\IWERULf.exe
  2⤵
  PID:8624
- C:\Windows\System\YrnGSEU.exe
  C:\Windows\System\YrnGSEU.exe
  2⤵
  PID:8684
- C:\Windows\System\VhshEGS.exe
  C:\Windows\System\VhshEGS.exe
  2⤵
  PID:8732
- C:\Windows\System\yQYwwcv.exe
  C:\Windows\System\yQYwwcv.exe
  2⤵
  PID:8752
- C:\Windows\System\ZAEOyfL.exe
  C:\Windows\System\ZAEOyfL.exe
  2⤵
  PID:8788
- C:\Windows\System\ZSekqVG.exe
  C:\Windows\System\ZSekqVG.exe
  2⤵
  PID:8832
- C:\Windows\System\uDoRaKS.exe
  C:\Windows\System\uDoRaKS.exe
  2⤵
  PID:8868
- C:\Windows\System\BswZkcg.exe
  C:\Windows\System\BswZkcg.exe
  2⤵
  PID:8884
- C:\Windows\System\PoFjnrt.exe
  C:\Windows\System\PoFjnrt.exe
  2⤵
  PID:8904
- C:\Windows\System\aqkSIdn.exe
  C:\Windows\System\aqkSIdn.exe
  2⤵
  PID:8948
- C:\Windows\System\BHqGRsA.exe
  C:\Windows\System\BHqGRsA.exe
  2⤵
  PID:8968
- C:\Windows\System\ujOzMJp.exe
  C:\Windows\System\ujOzMJp.exe
  2⤵
  PID:8988
- C:\Windows\System\pHeaAKF.exe
  C:\Windows\System\pHeaAKF.exe
  2⤵
  PID:9040
- C:\Windows\System\XRjrnmt.exe
  C:\Windows\System\XRjrnmt.exe
  2⤵
  PID:9060
- C:\Windows\System\XGZtCZG.exe
  C:\Windows\System\XGZtCZG.exe
  2⤵
  PID:9088
- C:\Windows\System\IZlIhhL.exe
  C:\Windows\System\IZlIhhL.exe
  2⤵
  PID:9108
- C:\Windows\System\NghAynk.exe
  C:\Windows\System\NghAynk.exe
  2⤵
  PID:9140
- C:\Windows\System\eztEkVR.exe
  C:\Windows\System\eztEkVR.exe
  2⤵
  PID:9156
- C:\Windows\System\dBHaPBA.exe
  C:\Windows\System\dBHaPBA.exe
  2⤵
  PID:9180
- C:\Windows\System\RfiqjlS.exe
  C:\Windows\System\RfiqjlS.exe
  2⤵
  PID:9204
- C:\Windows\System\kMxmpfw.exe
  C:\Windows\System\kMxmpfw.exe
  2⤵
  PID:7300
- C:\Windows\System\ytUvFAl.exe
  C:\Windows\System\ytUvFAl.exe
  2⤵
  PID:8216
- C:\Windows\System\XvmhtAv.exe
  C:\Windows\System\XvmhtAv.exe
  2⤵
  PID:8220
- C:\Windows\System\iEPYegw.exe
  C:\Windows\System\iEPYegw.exe
  2⤵
  PID:8296
- C:\Windows\System\sfLkCHw.exe
  C:\Windows\System\sfLkCHw.exe
  2⤵
  PID:8336
- C:\Windows\System\pVMLkAL.exe
  C:\Windows\System\pVMLkAL.exe
  2⤵
  PID:8428
- C:\Windows\System\tnaHoJQ.exe
  C:\Windows\System\tnaHoJQ.exe
  2⤵
  PID:8568
- C:\Windows\System\vOuSsYV.exe
  C:\Windows\System\vOuSsYV.exe
  2⤵
  PID:8616
- C:\Windows\System\GMqnAxc.exe
  C:\Windows\System\GMqnAxc.exe
  2⤵
  PID:8708
- C:\Windows\System\kDrnnab.exe
  C:\Windows\System\kDrnnab.exe
  2⤵
  PID:8648
- C:\Windows\System\ekXZwHR.exe
  C:\Windows\System\ekXZwHR.exe
  2⤵
  PID:8748
- C:\Windows\System\MQUWhIw.exe
  C:\Windows\System\MQUWhIw.exe
  2⤵
  PID:720
- C:\Windows\System\iUwhbTr.exe
  C:\Windows\System\iUwhbTr.exe
  2⤵
  PID:8900
- C:\Windows\System\HDDHHTZ.exe
  C:\Windows\System\HDDHHTZ.exe
  2⤵
  PID:9008
- C:\Windows\System\JujTDrS.exe
  C:\Windows\System\JujTDrS.exe
  2⤵
  PID:9052
- C:\Windows\System\YSRpjax.exe
  C:\Windows\System\YSRpjax.exe
  2⤵
  PID:9100
- C:\Windows\System\eCVBNjF.exe
  C:\Windows\System\eCVBNjF.exe
  2⤵
  PID:9188
- C:\Windows\System\lXYrcdO.exe
  C:\Windows\System\lXYrcdO.exe
  2⤵
  PID:9172
- C:\Windows\System\AGzxkIv.exe
  C:\Windows\System\AGzxkIv.exe
  2⤵
  PID:8036
- C:\Windows\System\ZGVwHRd.exe
  C:\Windows\System\ZGVwHRd.exe
  2⤵
  PID:8292
- C:\Windows\System\oBumzMB.exe
  C:\Windows\System\oBumzMB.exe
  2⤵
  PID:8412
- C:\Windows\System\OisQUGr.exe
  C:\Windows\System\OisQUGr.exe
  2⤵
  PID:8740
- C:\Windows\System\ogdvQkB.exe
  C:\Windows\System\ogdvQkB.exe
  2⤵
  PID:9036
- C:\Windows\System\IoBNraE.exe
  C:\Windows\System\IoBNraE.exe
  2⤵
  PID:8940
- C:\Windows\System\UslHcMR.exe
  C:\Windows\System\UslHcMR.exe
  2⤵
  PID:8196
- C:\Windows\System\mnueWgo.exe
  C:\Windows\System\mnueWgo.exe
  2⤵
  PID:8276
- C:\Windows\System\KCTpmAB.exe
  C:\Windows\System\KCTpmAB.exe
  2⤵
  PID:8816
- C:\Windows\System\DSVWaeQ.exe
  C:\Windows\System\DSVWaeQ.exe
  2⤵
  PID:8772
- C:\Windows\System\yHaEDZB.exe
  C:\Windows\System\yHaEDZB.exe
  2⤵
  PID:9132
- C:\Windows\System\OxBvVrq.exe
  C:\Windows\System\OxBvVrq.exe
  2⤵
  PID:8672
- C:\Windows\System\achNyRp.exe
  C:\Windows\System\achNyRp.exe
  2⤵
  PID:9232
- C:\Windows\System\KOKFTrw.exe
  C:\Windows\System\KOKFTrw.exe
  2⤵
  PID:9248
- C:\Windows\System\JYkHyrD.exe
  C:\Windows\System\JYkHyrD.exe
  2⤵
  PID:9268
- C:\Windows\System\VjmZRHe.exe
  C:\Windows\System\VjmZRHe.exe
  2⤵
  PID:9292
- C:\Windows\System\BhzOmPO.exe
  C:\Windows\System\BhzOmPO.exe
  2⤵
  PID:9312
- C:\Windows\System\aHJQrmA.exe
  C:\Windows\System\aHJQrmA.exe
  2⤵
  PID:9372
- C:\Windows\System\icJWxwx.exe
  C:\Windows\System\icJWxwx.exe
  2⤵
  PID:9404
- C:\Windows\System\HCQOGAg.exe
  C:\Windows\System\HCQOGAg.exe
  2⤵
  PID:9420
- C:\Windows\System\RjoOhoU.exe
  C:\Windows\System\RjoOhoU.exe
  2⤵
  PID:9444
- C:\Windows\System\OJQUDUL.exe
  C:\Windows\System\OJQUDUL.exe
  2⤵
  PID:9484
- C:\Windows\System\jPcqhmw.exe
  C:\Windows\System\jPcqhmw.exe
  2⤵
  PID:9508
- C:\Windows\System\uDtPiLB.exe
  C:\Windows\System\uDtPiLB.exe
  2⤵
  PID:9544
- C:\Windows\System\XmfnIeW.exe
  C:\Windows\System\XmfnIeW.exe
  2⤵
  PID:9564
- C:\Windows\System\RFMcSXZ.exe
  C:\Windows\System\RFMcSXZ.exe
  2⤵
  PID:9588
- C:\Windows\System\LRdFPCZ.exe
  C:\Windows\System\LRdFPCZ.exe
  2⤵
  PID:9636
- C:\Windows\System\edxSEiD.exe
  C:\Windows\System\edxSEiD.exe
  2⤵
  PID:9660
- C:\Windows\System\dqbbIMp.exe
  C:\Windows\System\dqbbIMp.exe
  2⤵
  PID:9684
- C:\Windows\System\rLLuWRy.exe
  C:\Windows\System\rLLuWRy.exe
  2⤵
  PID:9704
- C:\Windows\System\nYONRGX.exe
  C:\Windows\System\nYONRGX.exe
  2⤵
  PID:9736
- C:\Windows\System\MXgOLPE.exe
  C:\Windows\System\MXgOLPE.exe
  2⤵
  PID:9764
- C:\Windows\System\BnHTKuO.exe
  C:\Windows\System\BnHTKuO.exe
  2⤵
  PID:9784
- C:\Windows\System\ccBwhwf.exe
  C:\Windows\System\ccBwhwf.exe
  2⤵
  PID:9800
- C:\Windows\System\nbGzOnb.exe
  C:\Windows\System\nbGzOnb.exe
  2⤵
  PID:9820
- C:\Windows\System\EdvuzNG.exe
  C:\Windows\System\EdvuzNG.exe
  2⤵
  PID:9860
- C:\Windows\System\YzdJjOc.exe
  C:\Windows\System\YzdJjOc.exe
  2⤵
  PID:9920
- C:\Windows\System\UMpaJQY.exe
  C:\Windows\System\UMpaJQY.exe
  2⤵
  PID:9940
- C:\Windows\System\ELhjmba.exe
  C:\Windows\System\ELhjmba.exe
  2⤵
  PID:9960
- C:\Windows\System\fWwPTEm.exe
  C:\Windows\System\fWwPTEm.exe
  2⤵
  PID:10004
- C:\Windows\System\rCwfWLL.exe
  C:\Windows\System\rCwfWLL.exe
  2⤵
  PID:10020
- C:\Windows\System\gODGdOV.exe
  C:\Windows\System\gODGdOV.exe
  2⤵
  PID:10040
- C:\Windows\System\xDhhTAO.exe
  C:\Windows\System\xDhhTAO.exe
  2⤵
  PID:10068
- C:\Windows\System\Joqncgj.exe
  C:\Windows\System\Joqncgj.exe
  2⤵
  PID:10096
- C:\Windows\System\BXvJcbu.exe
  C:\Windows\System\BXvJcbu.exe
  2⤵
  PID:10136
- C:\Windows\System\ZdKudmW.exe
  C:\Windows\System\ZdKudmW.exe
  2⤵
  PID:10160
- C:\Windows\System\DKZbVbC.exe
  C:\Windows\System\DKZbVbC.exe
  2⤵
  PID:10180
- C:\Windows\System\vXctUdC.exe
  C:\Windows\System\vXctUdC.exe
  2⤵
  PID:10204
- C:\Windows\System\ggBlEtQ.exe
  C:\Windows\System\ggBlEtQ.exe
  2⤵
  PID:9276
- C:\Windows\System\CIqeqwf.exe
  C:\Windows\System\CIqeqwf.exe
  2⤵
  PID:9300
- C:\Windows\System\rjkqAGv.exe
  C:\Windows\System\rjkqAGv.exe
  2⤵
  PID:9344
- C:\Windows\System\NUWrDnn.exe
  C:\Windows\System\NUWrDnn.exe
  2⤵
  PID:9360
- C:\Windows\System\anROdxo.exe
  C:\Windows\System\anROdxo.exe
  2⤵
  PID:9520
- C:\Windows\System\PkUnMok.exe
  C:\Windows\System\PkUnMok.exe
  2⤵
  PID:9556
- C:\Windows\System\OfHasrw.exe
  C:\Windows\System\OfHasrw.exe
  2⤵
  PID:9576
- C:\Windows\System\edHhmZo.exe
  C:\Windows\System\edHhmZo.exe
  2⤵
  PID:9656
- C:\Windows\System\IgFwRYJ.exe
  C:\Windows\System\IgFwRYJ.exe
  2⤵
  PID:9796
- C:\Windows\System\EjcmTVH.exe
  C:\Windows\System\EjcmTVH.exe
  2⤵
  PID:9832
- C:\Windows\System\lKgwYOB.exe
  C:\Windows\System\lKgwYOB.exe
  2⤵
  PID:9912
- C:\Windows\System\eGCrvGF.exe
  C:\Windows\System\eGCrvGF.exe
  2⤵
  PID:9996
- C:\Windows\System\avGiiaT.exe
  C:\Windows\System\avGiiaT.exe
  2⤵
  PID:2280
- C:\Windows\System\WQvSmyN.exe
  C:\Windows\System\WQvSmyN.exe
  2⤵
  PID:10084
- C:\Windows\System\oEFyFBI.exe
  C:\Windows\System\oEFyFBI.exe
  2⤵
  PID:10076
- C:\Windows\System\gbtMXsM.exe
  C:\Windows\System\gbtMXsM.exe
  2⤵
  PID:10168
- C:\Windows\System\BnMATmC.exe
  C:\Windows\System\BnMATmC.exe
  2⤵
  PID:9260
- C:\Windows\System\BbJcXtS.exe
  C:\Windows\System\BbJcXtS.exe
  2⤵
  PID:9332
- C:\Windows\System\PttIayp.exe
  C:\Windows\System\PttIayp.exe
  2⤵
  PID:9604
- C:\Windows\System\DUZmQSJ.exe
  C:\Windows\System\DUZmQSJ.exe
  2⤵
  PID:9572
- C:\Windows\System\bGqAGdY.exe
  C:\Windows\System\bGqAGdY.exe
  2⤵
  PID:9776
- C:\Windows\System\EyJCnjh.exe
  C:\Windows\System\EyJCnjh.exe
  2⤵
  PID:9852
- C:\Windows\System\RYzUgmG.exe
  C:\Windows\System\RYzUgmG.exe
  2⤵
  PID:4144
- C:\Windows\System\lAosusf.exe
  C:\Windows\System\lAosusf.exe
  2⤵
  PID:10060
- C:\Windows\System\XAlvbSO.exe
  C:\Windows\System\XAlvbSO.exe
  2⤵
  PID:10124
- C:\Windows\System\ydhuHbE.exe
  C:\Windows\System\ydhuHbE.exe
  2⤵
  PID:9836
- C:\Windows\System\yxYkVnu.exe
  C:\Windows\System\yxYkVnu.exe
  2⤵
  PID:10036
- C:\Windows\System\XLDrnkZ.exe
  C:\Windows\System\XLDrnkZ.exe
  2⤵
  PID:10192
- C:\Windows\System\OqFVdYj.exe
  C:\Windows\System\OqFVdYj.exe
  2⤵
  PID:10200
- C:\Windows\System\XzFJSRk.exe
  C:\Windows\System\XzFJSRk.exe
  2⤵
  PID:10272
- C:\Windows\System\PIVyTWQ.exe
  C:\Windows\System\PIVyTWQ.exe
  2⤵
  PID:10296
- C:\Windows\System\GAqKKoP.exe
  C:\Windows\System\GAqKKoP.exe
  2⤵
  PID:10320
- C:\Windows\System\cQmgEZx.exe
  C:\Windows\System\cQmgEZx.exe
  2⤵
  PID:10340
- C:\Windows\System\fKwuxcc.exe
  C:\Windows\System\fKwuxcc.exe
  2⤵
  PID:10372
- C:\Windows\System\LNTtaOR.exe
  C:\Windows\System\LNTtaOR.exe
  2⤵
  PID:10424
- C:\Windows\System\DYBYxqX.exe
  C:\Windows\System\DYBYxqX.exe
  2⤵
  PID:10444
- C:\Windows\System\yltArkb.exe
  C:\Windows\System\yltArkb.exe
  2⤵
  PID:10464
- C:\Windows\System\VYrSmWc.exe
  C:\Windows\System\VYrSmWc.exe
  2⤵
  PID:10496
- C:\Windows\System\IuWDaKd.exe
  C:\Windows\System\IuWDaKd.exe
  2⤵
  PID:10516
- C:\Windows\System\mCCjdEc.exe
  C:\Windows\System\mCCjdEc.exe
  2⤵
  PID:10536
- C:\Windows\System\wdoGbve.exe
  C:\Windows\System\wdoGbve.exe
  2⤵
  PID:10584
- C:\Windows\System\IShuksH.exe
  C:\Windows\System\IShuksH.exe
  2⤵
  PID:10604
- C:\Windows\System\fywgdon.exe
  C:\Windows\System\fywgdon.exe
  2⤵
  PID:10632
- C:\Windows\System\GIEvnfQ.exe
  C:\Windows\System\GIEvnfQ.exe
  2⤵
  PID:10656
- C:\Windows\System\kzzOCwT.exe
  C:\Windows\System\kzzOCwT.exe
  2⤵
  PID:10676
- C:\Windows\System\NUImfCR.exe
  C:\Windows\System\NUImfCR.exe
  2⤵
  PID:10720
- C:\Windows\System\FVoZUMV.exe
  C:\Windows\System\FVoZUMV.exe
  2⤵
  PID:10744
- C:\Windows\System\svvuAKS.exe
  C:\Windows\System\svvuAKS.exe
  2⤵
  PID:10764
- C:\Windows\System\VRIYtrz.exe
  C:\Windows\System\VRIYtrz.exe
  2⤵
  PID:10788
- C:\Windows\System\llRoIdI.exe
  C:\Windows\System\llRoIdI.exe
  2⤵
  PID:10816
- C:\Windows\System\QoFGnLa.exe
  C:\Windows\System\QoFGnLa.exe
  2⤵
  PID:10844
- C:\Windows\System\kxxeDoU.exe
  C:\Windows\System\kxxeDoU.exe
  2⤵
  PID:10864
- C:\Windows\System\RbglpTp.exe
  C:\Windows\System\RbglpTp.exe
  2⤵
  PID:10888
- C:\Windows\System\DndYxIz.exe
  C:\Windows\System\DndYxIz.exe
  2⤵
  PID:10912
- C:\Windows\System\SzrwTdV.exe
  C:\Windows\System\SzrwTdV.exe
  2⤵
  PID:10936
- C:\Windows\System\nwKSCvz.exe
  C:\Windows\System\nwKSCvz.exe
  2⤵
  PID:10952
- C:\Windows\System\UQVZghE.exe
  C:\Windows\System\UQVZghE.exe
  2⤵
  PID:10988
- C:\Windows\System\GcNpHFw.exe
  C:\Windows\System\GcNpHFw.exe
  2⤵
  PID:11012
- C:\Windows\System\ONPoaWn.exe
  C:\Windows\System\ONPoaWn.exe
  2⤵
  PID:11048
- C:\Windows\System\XWnzNiY.exe
  C:\Windows\System\XWnzNiY.exe
  2⤵
  PID:11068
- C:\Windows\System\bNDVdTs.exe
  C:\Windows\System\bNDVdTs.exe
  2⤵
  PID:11124
- C:\Windows\System\mJnhmkG.exe
  C:\Windows\System\mJnhmkG.exe
  2⤵
  PID:11148
- C:\Windows\System\RFxAuOe.exe
  C:\Windows\System\RFxAuOe.exe
  2⤵
  PID:11200
- C:\Windows\System\MySWyLv.exe
  C:\Windows\System\MySWyLv.exe
  2⤵
  PID:11240
- C:\Windows\System\OkuwZVk.exe
  C:\Windows\System\OkuwZVk.exe
  2⤵
  PID:10248
- C:\Windows\System\tjtJGDv.exe
  C:\Windows\System\tjtJGDv.exe
  2⤵
  PID:10304
- C:\Windows\System\OaWDobZ.exe
  C:\Windows\System\OaWDobZ.exe
  2⤵
  PID:10292
- C:\Windows\System\AYgfXgx.exe
  C:\Windows\System\AYgfXgx.exe
  2⤵
  PID:10348
- C:\Windows\System\nnsWXki.exe
  C:\Windows\System\nnsWXki.exe
  2⤵
  PID:10432
- C:\Windows\System\wBUKSDj.exe
  C:\Windows\System\wBUKSDj.exe
  2⤵
  PID:10504
- C:\Windows\System\JmgfYzu.exe
  C:\Windows\System\JmgfYzu.exe
  2⤵
  PID:10596
- C:\Windows\System\NlRzjQd.exe
  C:\Windows\System\NlRzjQd.exe
  2⤵
  PID:10624
- C:\Windows\System\aqgfFNE.exe
  C:\Windows\System\aqgfFNE.exe
  2⤵
  PID:10688
- C:\Windows\System\rfTHOVh.exe
  C:\Windows\System\rfTHOVh.exe
  2⤵
  PID:10740
- C:\Windows\System\haiLHRT.exe
  C:\Windows\System\haiLHRT.exe
  2⤵
  PID:10828
- C:\Windows\System\jMMVwjG.exe
  C:\Windows\System\jMMVwjG.exe
  2⤵
  PID:10880
- C:\Windows\System\uoBRKjp.exe
  C:\Windows\System\uoBRKjp.exe
  2⤵
  PID:10948
- C:\Windows\System\oxHCgzQ.exe
  C:\Windows\System\oxHCgzQ.exe
  2⤵
  PID:11064
- C:\Windows\System\NeAsxqU.exe
  C:\Windows\System\NeAsxqU.exe
  2⤵
  PID:11060
- C:\Windows\System\FyHMJiu.exe
  C:\Windows\System\FyHMJiu.exe
  2⤵
  PID:11132
- C:\Windows\System\LWKrVhc.exe
  C:\Windows\System\LWKrVhc.exe
  2⤵
  PID:11168
- C:\Windows\System\bbQsDoc.exe
  C:\Windows\System\bbQsDoc.exe
  2⤵
  PID:11252
- C:\Windows\System\STBpuUN.exe
  C:\Windows\System\STBpuUN.exe
  2⤵
  PID:10380
- C:\Windows\System\yVplxoK.exe
  C:\Windows\System\yVplxoK.exe
  2⤵
  PID:10528
- C:\Windows\System\ogCbBcg.exe
  C:\Windows\System\ogCbBcg.exe
  2⤵
  PID:10716
- C:\Windows\System\BaGtXlO.exe
  C:\Windows\System\BaGtXlO.exe
  2⤵
  PID:10784
- C:\Windows\System\TshOkRi.exe
  C:\Windows\System\TshOkRi.exe
  2⤵
  PID:10924
- C:\Windows\System\jgnBsdG.exe
  C:\Windows\System\jgnBsdG.exe
  2⤵
  PID:10984
- C:\Windows\System\MlZMTUa.exe
  C:\Windows\System\MlZMTUa.exe
  2⤵
  PID:11160
- C:\Windows\System\XRYzFZy.exe
  C:\Windows\System\XRYzFZy.exe
  2⤵
  PID:10260
- C:\Windows\System\EGFjStL.exe
  C:\Windows\System\EGFjStL.exe
  2⤵
  PID:10508
- C:\Windows\System\SkTYujD.exe
  C:\Windows\System\SkTYujD.exe
  2⤵
  PID:10812
- C:\Windows\System\ekJiNFG.exe
  C:\Windows\System\ekJiNFG.exe
  2⤵
  PID:11076
- C:\Windows\System\ACZfIfw.exe
  C:\Windows\System\ACZfIfw.exe
  2⤵
  PID:11288
- C:\Windows\System\BYXKUPP.exe
  C:\Windows\System\BYXKUPP.exe
  2⤵
  PID:11312
- C:\Windows\System\ILrDhCj.exe
  C:\Windows\System\ILrDhCj.exe
  2⤵
  PID:11336
- C:\Windows\System\wMUNMEL.exe
  C:\Windows\System\wMUNMEL.exe
  2⤵
  PID:11356
- C:\Windows\System\zeXqAkR.exe
  C:\Windows\System\zeXqAkR.exe
  2⤵
  PID:11384
- C:\Windows\System\ItGTVUJ.exe
  C:\Windows\System\ItGTVUJ.exe
  2⤵
  PID:11444
- C:\Windows\System\ZCBwZKQ.exe
  C:\Windows\System\ZCBwZKQ.exe
  2⤵
  PID:11464
- C:\Windows\System\RTtPNuo.exe
  C:\Windows\System\RTtPNuo.exe
  2⤵
  PID:11504
- C:\Windows\System\IWMPQoR.exe
  C:\Windows\System\IWMPQoR.exe
  2⤵
  PID:11528
- C:\Windows\System\BGjglTA.exe
  C:\Windows\System\BGjglTA.exe
  2⤵
  PID:11548
- C:\Windows\System\nPRtuBi.exe
  C:\Windows\System\nPRtuBi.exe
  2⤵
  PID:11588
- C:\Windows\System\nnGHoEN.exe
  C:\Windows\System\nnGHoEN.exe
  2⤵
  PID:11616
- C:\Windows\System\OsPaXHg.exe
  C:\Windows\System\OsPaXHg.exe
  2⤵
  PID:11632
- C:\Windows\System\IiFqOTJ.exe
  C:\Windows\System\IiFqOTJ.exe
  2⤵
  PID:11652
- C:\Windows\System\tqBxqpj.exe
  C:\Windows\System\tqBxqpj.exe
  2⤵
  PID:11684
- C:\Windows\System\dYdbAva.exe
  C:\Windows\System\dYdbAva.exe
  2⤵
  PID:11708
- C:\Windows\System\sUTFLTA.exe
  C:\Windows\System\sUTFLTA.exe
  2⤵
  PID:11724
- C:\Windows\System\dZFNVDU.exe
  C:\Windows\System\dZFNVDU.exe
  2⤵
  PID:11764
- C:\Windows\System\JcBGTFr.exe
  C:\Windows\System\JcBGTFr.exe
  2⤵
  PID:11784
- C:\Windows\System\tJjRqov.exe
  C:\Windows\System\tJjRqov.exe
  2⤵
  PID:11808
- C:\Windows\System\UiYBaBT.exe
  C:\Windows\System\UiYBaBT.exe
  2⤵
  PID:11864
- C:\Windows\System\CrukbwY.exe
  C:\Windows\System\CrukbwY.exe
  2⤵
  PID:11884
- C:\Windows\System\eVzEghD.exe
  C:\Windows\System\eVzEghD.exe
  2⤵
  PID:11908
- C:\Windows\System\ZTSiBVA.exe
  C:\Windows\System\ZTSiBVA.exe
  2⤵
  PID:11932
- C:\Windows\System\HwzBoXS.exe
  C:\Windows\System\HwzBoXS.exe
  2⤵
  PID:11956
- C:\Windows\System\KkljOOJ.exe
  C:\Windows\System\KkljOOJ.exe
  2⤵
  PID:11972
- C:\Windows\System\QkPlQmr.exe
  C:\Windows\System\QkPlQmr.exe
  2⤵
  PID:11992
- C:\Windows\System\eQwhATE.exe
  C:\Windows\System\eQwhATE.exe
  2⤵
  PID:12012
- C:\Windows\System\PdORFzg.exe
  C:\Windows\System\PdORFzg.exe
  2⤵
  PID:12036
- C:\Windows\System\sxuTYor.exe
  C:\Windows\System\sxuTYor.exe
  2⤵
  PID:12060
- C:\Windows\System\wbsVuKS.exe
  C:\Windows\System\wbsVuKS.exe
  2⤵
  PID:12096
- C:\Windows\System\sPPXExp.exe
  C:\Windows\System\sPPXExp.exe
  2⤵
  PID:12204
- C:\Windows\System\UTuPZKW.exe
  C:\Windows\System\UTuPZKW.exe
  2⤵
  PID:12220
- C:\Windows\System\CDkQQWg.exe
  C:\Windows\System\CDkQQWg.exe
  2⤵
  PID:12248
- C:\Windows\System\KwWKrRT.exe
  C:\Windows\System\KwWKrRT.exe
  2⤵
  PID:12276
- C:\Windows\System\EVsiFmY.exe
  C:\Windows\System\EVsiFmY.exe
  2⤵
  PID:11216
- C:\Windows\System\GPzVDtV.exe
  C:\Windows\System\GPzVDtV.exe
  2⤵
  PID:11272
- C:\Windows\System\efTvTTD.exe
  C:\Windows\System\efTvTTD.exe
  2⤵
  PID:11344
- C:\Windows\System\RgipfMo.exe
  C:\Windows\System\RgipfMo.exe
  2⤵
  PID:11376
- C:\Windows\System\pvGrKph.exe
  C:\Windows\System\pvGrKph.exe
  2⤵
  PID:11516
- C:\Windows\System\KfKNsLa.exe
  C:\Windows\System\KfKNsLa.exe
  2⤵
  PID:11564
- C:\Windows\System\PRVdtBG.exe
  C:\Windows\System\PRVdtBG.exe
  2⤵
  PID:11628
- C:\Windows\System\oHBjDbV.exe
  C:\Windows\System\oHBjDbV.exe
  2⤵
  PID:11672
- C:\Windows\System\AzxswyY.exe
  C:\Windows\System\AzxswyY.exe
  2⤵
  PID:11772
- C:\Windows\System\UGbtxEk.exe
  C:\Windows\System\UGbtxEk.exe
  2⤵
  PID:11804
- C:\Windows\System\OIiQVMN.exe
  C:\Windows\System\OIiQVMN.exe
  2⤵
  PID:11876
- C:\Windows\System\ITRvZza.exe
  C:\Windows\System\ITRvZza.exe
  2⤵
  PID:11924
- C:\Windows\System\AmUqiTh.exe
  C:\Windows\System\AmUqiTh.exe
  2⤵
  PID:11968
- C:\Windows\System\PPEwBQu.exe
  C:\Windows\System\PPEwBQu.exe
  2⤵
  PID:11984
- C:\Windows\System\gJLIFdW.exe
  C:\Windows\System\gJLIFdW.exe
  2⤵
  PID:12192
- C:\Windows\System\SeoXdJz.exe
  C:\Windows\System\SeoXdJz.exe
  2⤵
  PID:12216
- C:\Windows\System\Czddisy.exe
  C:\Windows\System\Czddisy.exe
  2⤵
  PID:12268
- C:\Windows\System\YgwGkYX.exe
  C:\Windows\System\YgwGkYX.exe
  2⤵
  PID:11352
- C:\Windows\System\HsyEqOh.exe
  C:\Windows\System\HsyEqOh.exe
  2⤵
  PID:11492
- C:\Windows\System\MTRdmQb.exe
  C:\Windows\System\MTRdmQb.exe
  2⤵
  PID:11644
- C:\Windows\System\DCjCxKK.exe
  C:\Windows\System\DCjCxKK.exe
  2⤵
  PID:11900
- C:\Windows\System\XEtEVXi.exe
  C:\Windows\System\XEtEVXi.exe
  2⤵
  PID:11880
- C:\Windows\System\ZdTOxfz.exe
  C:\Windows\System\ZdTOxfz.exe
  2⤵
  PID:12092
- C:\Windows\System\jlYqVKA.exe
  C:\Windows\System\jlYqVKA.exe
  2⤵
  PID:12260
- C:\Windows\System\GMeghSi.exe
  C:\Windows\System\GMeghSi.exe
  2⤵
  PID:11428
- C:\Windows\System\jMzZnSW.exe
  C:\Windows\System\jMzZnSW.exe
  2⤵
  PID:11716
- C:\Windows\System\mZDlBDg.exe
  C:\Windows\System\mZDlBDg.exe
  2⤵
  PID:11304
- C:\Windows\System\oOYmtYd.exe
  C:\Windows\System\oOYmtYd.exe
  2⤵
  PID:12132
- C:\Windows\System\EfBAdwM.exe
  C:\Windows\System\EfBAdwM.exe
  2⤵
  PID:12304
- C:\Windows\System\SnXBdVk.exe
  C:\Windows\System\SnXBdVk.exe
  2⤵
  PID:12324
- C:\Windows\System\NxwwCeE.exe
  C:\Windows\System\NxwwCeE.exe
  2⤵
  PID:12348
- C:\Windows\System\qQZnXMj.exe
  C:\Windows\System\qQZnXMj.exe
  2⤵
  PID:12376
- C:\Windows\System\RLWkYbU.exe
  C:\Windows\System\RLWkYbU.exe
  2⤵
  PID:12424
- C:\Windows\System\yCNXLGk.exe
  C:\Windows\System\yCNXLGk.exe
  2⤵
  PID:12452
- C:\Windows\System\zbjpUGl.exe
  C:\Windows\System\zbjpUGl.exe
  2⤵
  PID:12472
- C:\Windows\System\tnFkFBq.exe
  C:\Windows\System\tnFkFBq.exe
  2⤵
  PID:12492
- C:\Windows\System\jFGDoGW.exe
  C:\Windows\System\jFGDoGW.exe
  2⤵
  PID:12520
- C:\Windows\System\QeWgdRd.exe
  C:\Windows\System\QeWgdRd.exe
  2⤵
  PID:12540
- C:\Windows\System\kxgOoGs.exe
  C:\Windows\System\kxgOoGs.exe
  2⤵
  PID:12564
- C:\Windows\System\YKCHpOA.exe
  C:\Windows\System\YKCHpOA.exe
  2⤵
  PID:12584
- C:\Windows\System\aaaQcRY.exe
  C:\Windows\System\aaaQcRY.exe
  2⤵
  PID:12632
- C:\Windows\System\rlHmqQy.exe
  C:\Windows\System\rlHmqQy.exe
  2⤵
  PID:12660
- C:\Windows\System\RfUnhiC.exe
  C:\Windows\System\RfUnhiC.exe
  2⤵
  PID:12684
- C:\Windows\System\fBzodRP.exe
  C:\Windows\System\fBzodRP.exe
  2⤵
  PID:12708
- C:\Windows\System\YdMMufO.exe
  C:\Windows\System\YdMMufO.exe
  2⤵
  PID:12748
- C:\Windows\System\zqHIRUr.exe
  C:\Windows\System\zqHIRUr.exe
  2⤵
  PID:12772
- C:\Windows\System\XqujGZl.exe
  C:\Windows\System\XqujGZl.exe
  2⤵
  PID:12796
- C:\Windows\System\yMYwwwA.exe
  C:\Windows\System\yMYwwwA.exe
  2⤵
  PID:12820
- C:\Windows\System\iDbMmdi.exe
  C:\Windows\System\iDbMmdi.exe
  2⤵
  PID:12840
- C:\Windows\System\qibfxrn.exe
  C:\Windows\System\qibfxrn.exe
  2⤵
  PID:12868
- C:\Windows\System\oRlBCQB.exe
  C:\Windows\System\oRlBCQB.exe
  2⤵
  PID:12888
- C:\Windows\System\bBdqKkf.exe
  C:\Windows\System\bBdqKkf.exe
  2⤵
  PID:12908
- C:\Windows\System\gvcslKR.exe
  C:\Windows\System\gvcslKR.exe
  2⤵
  PID:12940
- C:\Windows\System\XvbZBfM.exe
  C:\Windows\System\XvbZBfM.exe
  2⤵
  PID:12980
- C:\Windows\System\lsHvFFz.exe
  C:\Windows\System\lsHvFFz.exe
  2⤵
  PID:13032
- C:\Windows\System\ezxDoeX.exe
  C:\Windows\System\ezxDoeX.exe
  2⤵
  PID:13060
- C:\Windows\System\IyYlgpI.exe
  C:\Windows\System\IyYlgpI.exe
  2⤵
  PID:13088
- C:\Windows\System\ODPGXfH.exe
  C:\Windows\System\ODPGXfH.exe
  2⤵
  PID:13136
- C:\Windows\System\ejXBpmg.exe
  C:\Windows\System\ejXBpmg.exe
  2⤵
  PID:13160
- C:\Windows\System\fBcbEwp.exe
  C:\Windows\System\fBcbEwp.exe
  2⤵
  PID:13180
- C:\Windows\System\HaCJOFz.exe
  C:\Windows\System\HaCJOFz.exe
  2⤵
  PID:13204
- C:\Windows\System\aATEbgJ.exe
  C:\Windows\System\aATEbgJ.exe
  2⤵
  PID:13224
- C:\Windows\System\RWzMOQn.exe
  C:\Windows\System\RWzMOQn.exe
  2⤵
  PID:13256
- C:\Windows\System\gQoOKHT.exe
  C:\Windows\System\gQoOKHT.exe
  2⤵
  PID:13292
- C:\Windows\System\HBYfMzQ.exe
  C:\Windows\System\HBYfMzQ.exe
  2⤵
  PID:13308
- C:\Windows\System\eLlTUcp.exe
  C:\Windows\System\eLlTUcp.exe
  2⤵
  PID:12316
- C:\Windows\System\euBCgDA.exe
  C:\Windows\System\euBCgDA.exe
  2⤵
  PID:12332
- C:\Windows\System\BYAArhh.exe
  C:\Windows\System\BYAArhh.exe
  2⤵
  PID:12420
- C:\Windows\System\nHsidNa.exe
  C:\Windows\System\nHsidNa.exe
  2⤵
  PID:12444
- C:\Windows\System\EwJffHQ.exe
  C:\Windows\System\EwJffHQ.exe
  2⤵
  PID:12536
- C:\Windows\System\bcOcyen.exe
  C:\Windows\System\bcOcyen.exe
  2⤵
  PID:12200
- C:\Windows\System\QrKPCmJ.exe
  C:\Windows\System\QrKPCmJ.exe
  2⤵
  PID:12756
- C:\Windows\System\IRAMdry.exe
  C:\Windows\System\IRAMdry.exe
  2⤵
  PID:12788
- C:\Windows\System\UCZFMMl.exe
  C:\Windows\System\UCZFMMl.exe
  2⤵
  PID:12880
- C:\Windows\System\DhvVJHe.exe
  C:\Windows\System\DhvVJHe.exe
  2⤵
  PID:12904
- C:\Windows\System\bmiznUD.exe
  C:\Windows\System\bmiznUD.exe
  2⤵
  PID:12996
- C:\Windows\System\FPWsDAa.exe
  C:\Windows\System\FPWsDAa.exe
  2⤵
  PID:13072
- C:\Windows\System\bUoOVlZ.exe
  C:\Windows\System\bUoOVlZ.exe
  2⤵
  PID:13152
- C:\Windows\System\ekWcqOe.exe
  C:\Windows\System\ekWcqOe.exe
  2⤵
  PID:13220
- C:\Windows\System\bhBFcUz.exe
  C:\Windows\System\bhBFcUz.exe
  2⤵
  PID:13268
- C:\Windows\System\BqKaBDc.exe
  C:\Windows\System\BqKaBDc.exe
  2⤵
  PID:12368
- C:\Windows\System\AxDgWPk.exe
  C:\Windows\System\AxDgWPk.exe
  2⤵
  PID:12488
- C:\Windows\System\bidbshM.exe
  C:\Windows\System\bidbshM.exe
  2⤵
  PID:12648
- C:\Windows\System\ghAfkmH.exe
  C:\Windows\System\ghAfkmH.exe
  2⤵
  PID:12692
- C:\Windows\System\FojHpCh.exe
  C:\Windows\System\FojHpCh.exe
  2⤵
  PID:12936
- C:\Windows\System\WoaZJoC.exe
  C:\Windows\System\WoaZJoC.exe
  2⤵
  PID:12900
- C:\Windows\System\hpZmDDu.exe
  C:\Windows\System\hpZmDDu.exe
  2⤵
  PID:13020
- C:\Windows\System\PRbJcwy.exe
  C:\Windows\System\PRbJcwy.exe
  2⤵
  PID:13212
- C:\Windows\System\klhYGMG.exe
  C:\Windows\System\klhYGMG.exe
  2⤵
  PID:12364
- C:\Windows\System\acWVuFD.exe
  C:\Windows\System\acWVuFD.exe
  2⤵
  PID:12792
- C:\Windows\System\AGDjMhg.exe
  C:\Windows\System\AGDjMhg.exe
  2⤵
  PID:13284
- C:\Windows\System\JccNJvK.exe
  C:\Windows\System\JccNJvK.exe
  2⤵
  PID:13132
- C:\Windows\System\RBEzvpG.exe
  C:\Windows\System\RBEzvpG.exe
  2⤵
  PID:5152
- C:\Windows\System\dCWWwnz.exe
  C:\Windows\System\dCWWwnz.exe
  2⤵
  PID:13320
- C:\Windows\System\fagXUoC.exe
  C:\Windows\System\fagXUoC.exe
  2⤵
  PID:13348
- C:\Windows\System\hrBmruK.exe
  C:\Windows\System\hrBmruK.exe
  2⤵
  PID:13368
- C:\Windows\System\Gbzrliy.exe
  C:\Windows\System\Gbzrliy.exe
  2⤵
  PID:13392
- C:\Windows\System\TaLVKql.exe
  C:\Windows\System\TaLVKql.exe
  2⤵
  PID:13432
- C:\Windows\System\lXqxsls.exe
  C:\Windows\System\lXqxsls.exe
  2⤵
  PID:13456
- C:\Windows\System\cWMyCVa.exe
  C:\Windows\System\cWMyCVa.exe
  2⤵
  PID:13476
- C:\Windows\System\wrxQvQu.exe
  C:\Windows\System\wrxQvQu.exe
  2⤵
  PID:13504
- C:\Windows\System\pjeHAXp.exe
  C:\Windows\System\pjeHAXp.exe
  2⤵
  PID:13536
- C:\Windows\System\iMAmPAj.exe
  C:\Windows\System\iMAmPAj.exe
  2⤵
  PID:13560
- C:\Windows\System\bTQJjQS.exe
  C:\Windows\System\bTQJjQS.exe
  2⤵
  PID:13616
- C:\Windows\System\BofUuTX.exe
  C:\Windows\System\BofUuTX.exe
  2⤵
  PID:13636
- C:\Windows\System\OjsMPrN.exe
  C:\Windows\System\OjsMPrN.exe
  2⤵
  PID:13680
- C:\Windows\System\WyYDamv.exe
  C:\Windows\System\WyYDamv.exe
  2⤵
  PID:13712
- C:\Windows\System\ngkZKwd.exe
  C:\Windows\System\ngkZKwd.exe
  2⤵
  PID:13736
- C:\Windows\System\vDSyeaJ.exe
  C:\Windows\System\vDSyeaJ.exe
  2⤵
  PID:13776
- C:\Windows\System\vCxBZZB.exe
  C:\Windows\System\vCxBZZB.exe
  2⤵
  PID:13792
- C:\Windows\System\RWnujJY.exe
  C:\Windows\System\RWnujJY.exe
  2⤵
  PID:13816
- C:\Windows\System\MdIaYXJ.exe
  C:\Windows\System\MdIaYXJ.exe
  2⤵
  PID:13860
- C:\Windows\System\nrljoGe.exe
  C:\Windows\System\nrljoGe.exe
  2⤵
  PID:13880
- C:\Windows\System\nDuCdSZ.exe
  C:\Windows\System\nDuCdSZ.exe
  2⤵
  PID:13900
- C:\Windows\System\bMBmDgb.exe
  C:\Windows\System\bMBmDgb.exe
  2⤵
  PID:13924
- C:\Windows\System\nBaCANG.exe
  C:\Windows\System\nBaCANG.exe
  2⤵
  PID:13952
- C:\Windows\System\ObmrtZj.exe
  C:\Windows\System\ObmrtZj.exe
  2⤵
  PID:13976
- C:\Windows\System\QURklvW.exe
  C:\Windows\System\QURklvW.exe
  2⤵
  PID:13996
- C:\Windows\System\OkkbNyr.exe
  C:\Windows\System\OkkbNyr.exe
  2⤵
  PID:14024
- C:\Windows\System\oDwszVv.exe
  C:\Windows\System\oDwszVv.exe
  2⤵
  PID:14048
- C:\Windows\System\POWoiAU.exe
  C:\Windows\System\POWoiAU.exe
  2⤵
  PID:14072
- C:\Windows\System\YsnYmxT.exe
  C:\Windows\System\YsnYmxT.exe
  2⤵
  PID:14108
- C:\Windows\System\lXmqJgc.exe
  C:\Windows\System\lXmqJgc.exe
  2⤵
  PID:14132
- C:\Windows\System\lnknWAb.exe
  C:\Windows\System\lnknWAb.exe
  2⤵
  PID:14152
- C:\Windows\System\JYVxeHy.exe
  C:\Windows\System\JYVxeHy.exe
  2⤵
  PID:14172
- C:\Windows\System\uapNnWI.exe
  C:\Windows\System\uapNnWI.exe
  2⤵
  PID:14196
- C:\Windows\System\bQhdYFA.exe
  C:\Windows\System\bQhdYFA.exe
  2⤵
  PID:14216
- C:\Windows\System\nLrsgpG.exe
  C:\Windows\System\nLrsgpG.exe
  2⤵
  PID:14268
- C:\Windows\System\zmpwVcX.exe
  C:\Windows\System\zmpwVcX.exe
  2⤵
  PID:14288
- C:\Windows\System\snDteZu.exe
  C:\Windows\System\snDteZu.exe
  2⤵
  PID:14324
- C:\Windows\System\QnMYQMh.exe
  C:\Windows\System\QnMYQMh.exe
  2⤵
  PID:13112
- C:\Windows\System\LgBwJxM.exe
  C:\Windows\System\LgBwJxM.exe
  2⤵
  PID:12948
- C:\Windows\System\jbytQuF.exe
  C:\Windows\System\jbytQuF.exe
  2⤵
  PID:13384
- C:\Windows\System\DfGoSDJ.exe
  C:\Windows\System\DfGoSDJ.exe
  2⤵
  PID:13472
- C:\Windows\System\GwGwMUO.exe
  C:\Windows\System\GwGwMUO.exe
  2⤵
  PID:13552
- C:\Windows\System\YBtREGV.exe
  C:\Windows\System\YBtREGV.exe
  2⤵
  PID:13624
- C:\Windows\System\zKMEApB.exe
  C:\Windows\System\zKMEApB.exe
  2⤵
  PID:13720
- C:\Windows\System\DbkXuVb.exe
  C:\Windows\System\DbkXuVb.exe
  2⤵
  PID:14020
- C:\Windows\System\phadgzn.exe
  C:\Windows\System\phadgzn.exe
  2⤵
  PID:14256
- C:\Windows\System\GMTMcAA.exe
  C:\Windows\System\GMTMcAA.exe
  2⤵
  PID:14192
- C:\Windows\System\AqVWbtz.exe
  C:\Windows\System\AqVWbtz.exe
  2⤵
  PID:14284

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AOUBKDo.exe

Filesize
1.8MB

MD5
f137ea1005939f4bd3b96bd7c3d4d537

SHA1
a080c563cb78339252181fb762fd8d9164642b0c

SHA256
0e37921d25051ae3da0e7904d9499d39201c1c2fc0954d8af32d26f5f3e435d2

SHA512
40c32d81ac6bda5a76de34ffb8d1f0cca47afd6569cfd7408bbdb3f9a13f84a8c6266bc557c39f3ed477a870f51c7018629da87970e72bd75760ef3a957ca519

Download Submit
C:\Windows\System\BBdCoMX.exe

Filesize
1.8MB

MD5
c975df7ca4865ddda35032e667a3cb99

SHA1
e5d6537cc1ba68bc4634120cae1db5fef55d325a

SHA256
f5a1354472844ee04ece4b34430e5bcdb9a4a3badd4a4487741fb87a9ec366af

SHA512
bea7cfeae279d5236799a907b394f1a9a1e0d3a765a2bc3a88ed42016696982721d137f764b7be181fbfb55dc11ef9b3530ef8c43bb8a56bd6224b6cd2adc4e4

Download Submit
C:\Windows\System\BJpniLO.exe

Filesize
1.8MB

MD5
abdf010b72e903653f28e332a2891173

SHA1
457722ae777cd681911d674c9d7df10a0993c7a2

SHA256
6f9a3aba1b2362ecefb507681c398ab40dbbc5886d24be84da41742241dfea84

SHA512
68272510454cdddea3361ea7d897c56d45d80b3521c2d4495789d0043e95046650f1eb9261711f8fa25b3c28adb212f416fe40c0f27530b070f0e481eac34a84

Download Submit
C:\Windows\System\CHQXerM.exe

Filesize
1.8MB

MD5
aab3a4f504ee0aca20c32be59e2915e6

SHA1
835013d004d1cf343b7f1898a424c012c5754a1e

SHA256
edb191628ecf5bbe9f7cc1782452f1c1f64ca73e6a1e094dc3cfc7a2b95da4ca

SHA512
42b62e429747daaeb22c9217ba78b8b04a535a9dd940f0b4e810cbd564fc08cf753dd2af2ae591c705c94b20f786eacb5aade9f99c7beb14befad912d35355bb

Download Submit
C:\Windows\System\DtEtqqD.exe

Filesize
1.8MB

MD5
97779a10c0ab1085922dab9765c96662

SHA1
cd6127607c1560d0ff2941e59f4cdebe49763169

SHA256
0b5daee94ce1196a8ddde865ed36bc2d4f1aac11691747676a2a500ca96a6daa

SHA512
87c08d569cc58175530dc6163f882b2ece7666577ecaf2922bee34da490856efe0637102cba2aed75df9e3aaf6bc3f701bee70582382a5fa11d2ecc5297e8e69

Download Submit
C:\Windows\System\DxHeQUA.exe

Filesize
1.8MB

MD5
f98e1288e725d497290bea92b0058929

SHA1
29e9633bc7078c974153a7bc3fae6643e8510662

SHA256
16418782100112e38ea759f53973dd848a3ab90f1dee2bc09c1cdb75c05a50e5

SHA512
e934ce1caca287243dd66b9dc86fc1fef80b514aed68e30208f9ba644943d45c4ae033012a90fdacb2296ecdeb5a8f7e743236c5ff20fda2af54272198bbb1ec

Download Submit
C:\Windows\System\FxuVIgn.exe

Filesize
1.8MB

MD5
4f8f4379c2d1567ffff25cd326ff794f

SHA1
314a34edcd525d846932cd30ed971729989624c6

SHA256
2488b0bc9f83c6b549ef633766d2e1f54b1d7376cb6387b7d7c8e286d2e4df91

SHA512
82a20f45de1f04bf4d77bac1e860805864325250131792256693d59618fcbbac615ee7c5d5eccadc14d62aa8ea56df662b41227254eaf42fac9ad6ef3c3cfc25

Download Submit
C:\Windows\System\GOPNCbM.exe

Filesize
1.8MB

MD5
c7af2a3c17b9b8be5f4556c3a31e3f95

SHA1
38b1393852a1a1ed8fc87a10a8c7fb91f2b6dc11

SHA256
b80462d9fa5b3c61037de862203e594e6d6ff26308419dbbaca46f16a62e22f8

SHA512
f7b5ed5b55c84aab608bfecf507fff5a96ffe6df6f29269e260b0a05b432c30be9cd28cf4f0b8e9ba28de07bc0e09b20c85de312de3aa8f8d562471da2be0098

Download Submit
C:\Windows\System\GevHLFU.exe

Filesize
1.8MB

MD5
1e852aaa4ae20786d02b261e96deeb56

SHA1
e22602f7803813e270038cca14ceb8d78a5ea1de

SHA256
b3e4d836c0bee8302d0ebe2cb8fe9bf6fc2b52c8cf25c407c9979a5aa8eb3b9d

SHA512
d94c0f138e93a05b2f0950bcb5c0e2c214c726decaa5609aa1c7f26437e9057eeaeddaccaf64c21264fd8ca9a1bacc38aead377fa5257bd27c08ad4ec97a023e

Download Submit
C:\Windows\System\IJSnoKj.exe

Filesize
1.8MB

MD5
34479a98626ea8828184633e36ed27b4

SHA1
f38cc044130191337e9d80dc7dc487e7be9a3931

SHA256
5946a988cad2ac061a16567e6d4c722a01054e05ae21adb46f26d42ddd75d238

SHA512
5ca1dcd4954b57e43a9ea2f28f93887f562fe8eaae583d6429cd118b1b1fc246390969ea776e617d1a0734ee5252fa277b57f77871e3bf60a666ff2d40228583

Download Submit
C:\Windows\System\InVHYCI.exe

Filesize
1.8MB

MD5
8b92d6f137cf90b68da52225ac0a1a6c

SHA1
cc3e410e5c05cc7033f16d7c9e8579c7d4534d94

SHA256
0ac0b12ceeb77a9b42bf835b4ee91bec879d11e66a9f7b618c1d9ad061e88e3e

SHA512
0568cb4c5b0a1c5169bfa1d76e646829ad752515d28d0cbc7bdebd389216177bf20fab1f4e24d5eebc5d65c75a73098b5bc9dca95bb5d7129f9e0d67d2dbf741

Download Submit
C:\Windows\System\LKvGZeW.exe

Filesize
1.8MB

MD5
3fc4e71441ab7e3f58ecf1a6dc215cf4

SHA1
7643b53f7bf4bb2e58933cd5f111f5d161aee198

SHA256
5d4f9bb6c033abd359fee159605f5ab6639d02962b64c8ec074666f2fab8943f

SHA512
3d086b32a92dd5de150d6f02a3ba4bfb054e95ae46e00c0edf9b084bdb1ce22432934f859bf271c5d9abb6ad55953fa74a4074d92fa911a4e1c1cedafb1ee8fa

Download Submit
C:\Windows\System\OmWvAIO.exe

Filesize
1.8MB

MD5
c03d9bcee023c851c2fd78ef44abe05d

SHA1
92bbd123e4082b8726a18a9162c4890d92802dad

SHA256
7d6c07d46038253f3b00f99c24e08a8e020b93ecc3476ebc48ed72cd65b69075

SHA512
f339ab1a08b27d40525e4cb05cd32eb54dc85045e4c52976e1c2601b8bfcf71a648f65b5d1e85b74bd38615c71a1d64ecd810372aeb994db85e1f41c697a4b1d

Download Submit
C:\Windows\System\PODzjgI.exe

Filesize
1.8MB

MD5
8cd81454f386cca0440f27090333c2c1

SHA1
792852e58aee6ca3c7723bdd32bb11ed39d9428a

SHA256
d84efe3686508247ec970a87f2bdba78e16fd5b80325d5104357c588324e2e65

SHA512
7c191dff960db5ff9197635e479ed3c4da26c23c3523aac7d651833436a8af231f075e2e64673c6f7804df49a673d1e967fe028af71a7f3d27fdae8b5e4c0281

Download Submit
C:\Windows\System\POTVvsd.exe

Filesize
1.8MB

MD5
b3a1790343ddb04586e0d29e1f0a3b37

SHA1
2058091abd72f9c3692733dd14b362231a146b7d

SHA256
2877b253bd5d3ec723262c86ae1abf8e510d3e532cb551e63e2d4aa4f9a03663

SHA512
e0e69258547a8e270f8bb1a2133150a8aad25fe79ae3c7526ac729eb483f38d493e4e0f27e2171f9fd8ffdc3c6f7d97d4698adf0fe6ebe8885e24beb0645d0fd

Download Submit
C:\Windows\System\UoznChZ.exe

Filesize
1.8MB

MD5
613e42563885ebf00898571fe55f19a6

SHA1
900c8851b1ebc5f9906036be7ef7bc0a13f47e5a

SHA256
936d804f5110075ac4b99809ebdabf81dbdfcf52281ae9810a8fc67c4e5e2078

SHA512
c0c6e939877bf072b194cbcc53881103193a029f9ca5e0ab883ce597c8c3c45148b4b037e1000b31fec1bc7f69341701e1afde9c06f1d28a0afb087a3cc4cf2f

Download Submit
C:\Windows\System\VtaVVhB.exe

Filesize
1.8MB

MD5
a93f1cecba775544a6165d7c59decb85

SHA1
3516966e1ba654e88ca8bf509886a08df3a9c7fe

SHA256
b8e6d0e99ffd2bb342d977a3b40082cceab089900378edebbc96adf4c1488fcd

SHA512
2538d34990b1e1c24bc367bd1b36effe421b7bce2615c58bc6b5c68b73712a31a6689f74416b32d13668b7f279a3ea9428d288716cfe05dad15a608265579eef

Download Submit
C:\Windows\System\XGAuRiQ.exe

Filesize
1.8MB

MD5
76f35ed65c1760a868129b1a2d49149a

SHA1
057794c3153a9233c97809e4b120ee90937787fc

SHA256
c607d97b69d9a23cc0c9541be8d0b12f7f170158d54f3742c0e97223a551f8b4

SHA512
155711bf243e873139304814297d90dc8481fe2a9097f0f176a08fe932204cb99d188219f00d6bbe2c4140be22216bbea18b7c4d740ec1afbec742101465ec50

Download Submit
C:\Windows\System\aXEtMKG.exe

Filesize
1.8MB

MD5
d0adb8af7a7cc18e6c36fe050d5028b6

SHA1
1c618c9f6741ade5c3d46718abb3b2ee452a220c

SHA256
01aff40256f4ae7aed16b4fa866f750c732112c4c3685da6686d282dfea92f25

SHA512
16e167edd17e37928f9e6d25c5f6430b32a5f3e6f77762c8ee5b1ac38b5a1c5d8a6d54192475db9ce3a8286f0955acd01b6f38c64d578a2c23206f0645f75218

Download Submit
C:\Windows\System\cisUzBA.exe

Filesize
1.8MB

MD5
644fb26eef240c7463a58265bd4adce0

SHA1
53253ecf6250c0afd02d36c8510f8dd5bb8b0c36

SHA256
4fc751e4996a02f140ed73d39a9cad078aa8b003884e02b75e8cf77d61abadfe

SHA512
1752472199178a1439e643d1ec21032db78991fa150aa5176eb73c8c9e6cff59eacaca159c98bc9ff538374720addc6bba353eec653c7934474128aa5d064d41

Download Submit
C:\Windows\System\cqYefTl.exe

Filesize
1.8MB

MD5
7ad85b41c04808b84c23621f00cac7e1

SHA1
8f5ab7234fe64d77d0e86af00b47d06ffee5ffd6

SHA256
a7a7125bdaed3e45e6f28109a958e782592e9b858aad978f45cb49a97fadb996

SHA512
bba230ce934ccbf46095982692e82efe880f955aa235060231049b591f1b025a657a4e3373eac04a74d5b96d142dc8360f2087f805d5db3e050df6c9529a8c0c

Download Submit
C:\Windows\System\cyqZlAA.exe

Filesize
1.8MB

MD5
22d9bfd61ff1c843d72ffd4e524df5a3

SHA1
d04c154b9991f07c79b37ee5050ad7c7c762512f

SHA256
42aa9ed48f8acdbaea6cc8d916d6c4bf5add253a970dceab933e7d6933fba459

SHA512
219822a94e98784799c0261cabf465c653ee7cb57d045e388e2923a7b3120ce243287b2a7fcbdfe69f8476ebf204c49cdafb5d10134b0915f7c74687f3cdac0b

Download Submit
C:\Windows\System\erggtCU.exe

Filesize
1.8MB

MD5
a42e5fd03cf8a46160f0ddac454af20b

SHA1
0ce28367ce69b75cfb0f800602055c2668766c63

SHA256
1df0eaf1d1b98ca1230f9c84e3130e6d6603bc0113886fc30f3acdf24e2d7d38

SHA512
6723da8293d67279a7d860464a6e567ce64dcde9dc9982dfbc49338ec317bdf4e6cda22e08154ea8941e27ebe2f0ba867e4e1885aebb920af5f1be3bd5cd2869

Download Submit
C:\Windows\System\fRYgkvW.exe

Filesize
1.8MB

MD5
9bb423a0803b74a39ba04b31e2fd0d2d

SHA1
8052545ea4f1283b18f5c738096b1e87a9a44ebd

SHA256
996ddf7cfe2feba5153c9dab4a2442d628ddf7815c5a4b352b2149a4bd55bf49

SHA512
435846a220c9ee2e7a1af3b5daed7a11bda7f356b17e183fe810e8c67fe968d7e80b6e3f41d197232a8daa71edeadb45076012c41e7f0b9120b4ce4183fe35e6

Download Submit
C:\Windows\System\fiLcdWZ.exe

Filesize
1.8MB

MD5
88e5ecb66afbfd4b6aec0182cf354a8c

SHA1
d596c6ec9589f04e39ffaa04decd06216e971118

SHA256
efd75145cf6bd2cd0741167166ff36499b9fa0d0f523b612da5976c5a0fff7bb

SHA512
594fe0412a5beb8e0ecf214363e69d7c7c36658355e5a2c4e00430d596ba1e92cab038f644b6fef6e4db2409942f51a387f4b3f8b4cdf4e8153e6f507a6da97f

Download Submit
C:\Windows\System\icUoqwa.exe

Filesize
1.8MB

MD5
984e0da330ce2c4f5988506d6e1b4281

SHA1
c264bfad724da72c1e25c86530076ab6e146ab6a

SHA256
53c801c043716ed5c5850aff5d9842d4b0083583930ebbebb8120f9faf7b98eb

SHA512
fa90d84e2be061a68e2897ad89f1f4274a87067868b77e070623df2a98861b64666a47394362439a1495b8d204b7c468166fb8e40db719f686d71b26169f3a34

Download Submit
C:\Windows\System\jRPXIgP.exe

Filesize
1.8MB

MD5
f1fe16ef06f3503d89729f736321c911

SHA1
1b54f528625f31b3e2989228ee13a9f0d2faf2bf

SHA256
7ca54d6f5cd44ec50b5b48fb5cfe1a730c55dd83b243b3f3cc90c7c4d0e5152d

SHA512
e815cf9b702e3537f70927469f1d3d092409a768d77cdb3bb7ea7cee13b822d93d098960ed0a8db94979ecb596159f036d30fe455d332b60bcc2970ba616eb02

Download Submit
C:\Windows\System\jinXfcB.exe

Filesize
1.8MB

MD5
f7014ef145d35fa448612084e6b4d2f1

SHA1
2f6a408eda71fa6a3f319d9aca74d7b73e66512c

SHA256
be50e518ae7d4b7dcb2cf9ed216393e76cde3d915dea988cc99d816e1ad2b02a

SHA512
ac775fa6e39a7381d7cca1c0590d543243c090635cb9d0015ec63b9da49065dff30b34e46007e8c22096b493e4ce8743c2fd3a6d2932c3aa795f11f06d450ed9

Download Submit
C:\Windows\System\lwgrBJn.exe

Filesize
1.8MB

MD5
fefa17a7c168f4a548f4014e483c92ef

SHA1
0e6948e9e8ba90f53a9349180de62cb1bad5614b

SHA256
dc8af4df6dbf38ca8f6be13c6e8955639baa8fedf120072bd79a2fce3a2bf5a9

SHA512
c03d097ec75288eb4f34cd4f07888a55f5429471bf9488abd05540e2c24f6900dfa15ef2dd4b2c40c46ebdbed858eaa45f67f41f0e95528dfc2a594f60c5df85

Download Submit
C:\Windows\System\sWSlEoM.exe

Filesize
1.8MB

MD5
9bac6933e8ff726cda3c1f65a4853b72

SHA1
3a854eaa6842152c6a6e081a246e91179b11fa46

SHA256
7f7a18f0a867e556e04527c839441adddfd24609ec0e129844319b62ea86ca6a

SHA512
c9be3bb6b74c2597b959a9986462b66b20c19138c0c4d9fa1277bebe18bb79632f649b330a88240140822ba2ef3eceb8fd016caabfc892281a44f358539165f6

Download Submit
C:\Windows\System\tJJzwlL.exe

Filesize
1.8MB

MD5
fa951ffe8b574a5227341477e8406dab

SHA1
d283cde306da87f78a12f93239710b63f83fda51

SHA256
632773f8e489a3ffe6849f845256114150a83e2735719e8d02195802848a95a7

SHA512
9694cdaf12cdcdd610a325b7d52577d8aea601cf078d8724cad20911a0fdff412a00b7798524a10afac0a138fedf0baa4005cc61a6e68c72b3e386e60369207c

Download Submit
C:\Windows\System\tgcOKcb.exe

Filesize
1.8MB

MD5
2227620633094dca829cea55cd553d55

SHA1
ba0a7883742731277ccc64ebfdcb3cc6e37503ce

SHA256
6bcf4c4cd090fcb2d85629505bfc948c8dfb8b266aeda878f303d0ffb15e85bc

SHA512
dce33205337e234a38aac1b418ab056eff446f5893490650c87973f0de6a8355178df5cac233c2d5d1bb91c7ceb7710f36b7afc853b5dbf985e293a921d0f2f6

Download Submit
C:\Windows\System\vZeJXfg.exe

Filesize
1.8MB

MD5
16fd33787cda38a7b971352dcea58517

SHA1
59372aa7368f762c6748aa991d2e2cad552517a5

SHA256
f83aafc7234fcd08f68e8e66196e06a2f99a91cf3abc0c2f9d6b585d9032446d

SHA512
48469cf123934ae32fe3ff9a3c40892541d80fa7f16d0a9500f498736d304649587350acfa9268447a5d117421ed8ef9fa162cb3299c51b425621b1d3a3ca3a7

Download Submit
memory/396-449-0x00007FF75EF50000-0x00007FF75F2A1000-memory.dmp

Filesize
3.3MB

Download
memory/396-2237-0x00007FF75EF50000-0x00007FF75F2A1000-memory.dmp

Filesize
3.3MB

Download
memory/452-33-0x00007FF7CC0D0000-0x00007FF7CC421000-memory.dmp

Filesize
3.3MB

Download
memory/452-2221-0x00007FF7CC0D0000-0x00007FF7CC421000-memory.dmp

Filesize
3.3MB

Download
memory/748-485-0x00007FF7592D0000-0x00007FF759621000-memory.dmp

Filesize
3.3MB

Download
memory/748-2277-0x00007FF7592D0000-0x00007FF759621000-memory.dmp

Filesize
3.3MB

Download
memory/908-2299-0x00007FF71C280000-0x00007FF71C5D1000-memory.dmp

Filesize
3.3MB

Download
memory/908-502-0x00007FF71C280000-0x00007FF71C5D1000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2227-0x00007FF7C5EA0000-0x00007FF7C61F1000-memory.dmp

Filesize
3.3MB

Download
memory/1436-434-0x00007FF7C5EA0000-0x00007FF7C61F1000-memory.dmp

Filesize
3.3MB

Download
memory/1532-461-0x00007FF6EB450000-0x00007FF6EB7A1000-memory.dmp

Filesize
3.3MB

Download
memory/1532-2269-0x00007FF6EB450000-0x00007FF6EB7A1000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2287-0x00007FF6CF150000-0x00007FF6CF4A1000-memory.dmp

Filesize
3.3MB

Download
memory/1536-518-0x00007FF6CF150000-0x00007FF6CF4A1000-memory.dmp

Filesize
3.3MB

Download
memory/1540-521-0x00007FF6FDF00000-0x00007FF6FE251000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2295-0x00007FF6FDF00000-0x00007FF6FE251000-memory.dmp

Filesize
3.3MB

Download
memory/1600-455-0x00007FF6881E0000-0x00007FF688531000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2235-0x00007FF6881E0000-0x00007FF688531000-memory.dmp

Filesize
3.3MB

Download
memory/1700-494-0x00007FF652260000-0x00007FF6525B1000-memory.dmp

Filesize
3.3MB

Download
memory/1700-2281-0x00007FF652260000-0x00007FF6525B1000-memory.dmp

Filesize
3.3MB

Download
memory/1752-2301-0x00007FF693CC0000-0x00007FF694011000-memory.dmp

Filesize
3.3MB

Download
memory/1752-526-0x00007FF693CC0000-0x00007FF694011000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2275-0x00007FF63FB10000-0x00007FF63FE61000-memory.dmp

Filesize
3.3MB

Download
memory/1932-487-0x00007FF63FB10000-0x00007FF63FE61000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2229-0x00007FF73A660000-0x00007FF73A9B1000-memory.dmp

Filesize
3.3MB

Download
memory/2172-433-0x00007FF73A660000-0x00007FF73A9B1000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2050-0x00007FF7FCFA0000-0x00007FF7FD2F1000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2217-0x00007FF7FCFA0000-0x00007FF7FD2F1000-memory.dmp

Filesize
3.3MB

Download
memory/2272-8-0x00007FF7FCFA0000-0x00007FF7FD2F1000-memory.dmp

Filesize
3.3MB

Download
memory/2408-507-0x00007FF7017F0000-0x00007FF701B41000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2297-0x00007FF7017F0000-0x00007FF701B41000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2271-0x00007FF6DA590000-0x00007FF6DA8E1000-memory.dmp

Filesize
3.3MB

Download
memory/2588-464-0x00007FF6DA590000-0x00007FF6DA8E1000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2291-0x00007FF66F930000-0x00007FF66FC81000-memory.dmp

Filesize
3.3MB

Download
memory/2908-512-0x00007FF66F930000-0x00007FF66FC81000-memory.dmp

Filesize
3.3MB

Download
memory/2996-469-0x00007FF6E50E0000-0x00007FF6E5431000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2267-0x00007FF6E50E0000-0x00007FF6E5431000-memory.dmp

Filesize
3.3MB

Download
memory/3108-445-0x00007FF6A8500000-0x00007FF6A8851000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2233-0x00007FF6A8500000-0x00007FF6A8851000-memory.dmp

Filesize
3.3MB

Download
memory/3380-509-0x00007FF7EBE20000-0x00007FF7EC171000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2289-0x00007FF7EBE20000-0x00007FF7EC171000-memory.dmp

Filesize
3.3MB

Download
memory/3556-479-0x00007FF6ED780000-0x00007FF6EDAD1000-memory.dmp

Filesize
3.3MB

Download
memory/3556-2279-0x00007FF6ED780000-0x00007FF6EDAD1000-memory.dmp

Filesize
3.3MB

Download
memory/3600-496-0x00007FF76F4D0000-0x00007FF76F821000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2285-0x00007FF76F4D0000-0x00007FF76F821000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2273-0x00007FF735C60000-0x00007FF735FB1000-memory.dmp

Filesize
3.3MB

Download
memory/3700-460-0x00007FF735C60000-0x00007FF735FB1000-memory.dmp

Filesize
3.3MB

Download
memory/3788-2223-0x00007FF620620000-0x00007FF620971000-memory.dmp

Filesize
3.3MB

Download
memory/3788-2054-0x00007FF620620000-0x00007FF620971000-memory.dmp

Filesize
3.3MB

Download
memory/3788-30-0x00007FF620620000-0x00007FF620971000-memory.dmp

Filesize
3.3MB

Download
memory/3800-527-0x00007FF63F6E0000-0x00007FF63FA31000-memory.dmp

Filesize
3.3MB

Download
memory/3800-2225-0x00007FF63F6E0000-0x00007FF63FA31000-memory.dmp

Filesize
3.3MB

Download
memory/4104-1-0x0000023C61BE0000-0x0000023C61BF0000-memory.dmp

Filesize
64KB

Download
memory/4104-0-0x00007FF6CDA50000-0x00007FF6CDDA1000-memory.dmp

Filesize
3.3MB

Download
memory/4104-1902-0x00007FF6CDA50000-0x00007FF6CDDA1000-memory.dmp

Filesize
3.3MB

Download
memory/4344-476-0x00007FF6C40E0000-0x00007FF6C4431000-memory.dmp

Filesize
3.3MB

Download
memory/4344-2283-0x00007FF6C40E0000-0x00007FF6C4431000-memory.dmp

Filesize
3.3MB

Download
memory/4600-441-0x00007FF742D30000-0x00007FF743081000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2231-0x00007FF742D30000-0x00007FF743081000-memory.dmp

Filesize
3.3MB

Download
memory/4632-514-0x00007FF674DE0000-0x00007FF675131000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2293-0x00007FF674DE0000-0x00007FF675131000-memory.dmp

Filesize
3.3MB

Download
memory/5004-2052-0x00007FF77F510000-0x00007FF77F861000-memory.dmp

Filesize
3.3MB

Download
memory/5004-2219-0x00007FF77F510000-0x00007FF77F861000-memory.dmp

Filesize
3.3MB

Download
memory/5004-20-0x00007FF77F510000-0x00007FF77F861000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads