xmrig | 0529eb372ac4808837a36d9279d298fb1d04c345247160a043d62fbbea2c60db

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aad200fc92e6e0a113f457621f1bc60N.exe
Size

2.0MB
MD5

2aad200fc92e6e0a113f457621f1bc60
SHA1

dfc7740c91ec191345240987a2120cd62f34f972
SHA256

0529eb372ac4808837a36d9279d298fb1d04c345247160a043d62fbbea2c60db
SHA512

e825ea7389d498b7719211d785e6389a265660ba5c1935d766d266a319dbadfbe71e2269bfa577f2b7d50e0c0a5bac3e9a23ea022840775ae79f0194d7be5bb2
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlfaTUYmo/RZFB:oemTLkNdfE0pZrO

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2972-0-0x00007FF734CA0000-0x00007FF734FF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023445-5.dat	xmrig
behavioral2/files/0x000700000002344e-7.dat	xmrig
behavioral2/files/0x000700000002344d-10.dat	xmrig
behavioral2/memory/2760-9-0x00007FF6DB7F0000-0x00007FF6DBB44000-memory.dmp	xmrig
behavioral2/files/0x000700000002344f-22.dat	xmrig
behavioral2/files/0x0007000000023453-44.dat	xmrig
behavioral2/files/0x0007000000023454-52.dat	xmrig
behavioral2/files/0x0007000000023458-72.dat	xmrig
behavioral2/files/0x000700000002345c-92.dat	xmrig
behavioral2/files/0x000700000002345e-102.dat	xmrig
behavioral2/files/0x0007000000023466-142.dat	xmrig
behavioral2/files/0x000700000002346b-161.dat	xmrig
behavioral2/memory/1212-499-0x00007FF690AB0000-0x00007FF690E04000-memory.dmp	xmrig
behavioral2/memory/3948-501-0x00007FF66DDE0000-0x00007FF66E134000-memory.dmp	xmrig
behavioral2/memory/1060-533-0x00007FF7F69C0000-0x00007FF7F6D14000-memory.dmp	xmrig
behavioral2/memory/4092-547-0x00007FF7418A0000-0x00007FF741BF4000-memory.dmp	xmrig
behavioral2/memory/4944-611-0x00007FF78AFE0000-0x00007FF78B334000-memory.dmp	xmrig
behavioral2/memory/3252-619-0x00007FF7B86E0000-0x00007FF7B8A34000-memory.dmp	xmrig
behavioral2/memory/3604-641-0x00007FF78F910000-0x00007FF78FC64000-memory.dmp	xmrig
behavioral2/memory/2944-646-0x00007FF7C8D70000-0x00007FF7C90C4000-memory.dmp	xmrig
behavioral2/memory/1088-1786-0x00007FF726CF0000-0x00007FF727044000-memory.dmp	xmrig
behavioral2/memory/2760-1636-0x00007FF6DB7F0000-0x00007FF6DBB44000-memory.dmp	xmrig
behavioral2/memory/2972-1514-0x00007FF734CA0000-0x00007FF734FF4000-memory.dmp	xmrig
behavioral2/memory/404-635-0x00007FF690AE0000-0x00007FF690E34000-memory.dmp	xmrig
behavioral2/memory/1704-632-0x00007FF6AFE70000-0x00007FF6B01C4000-memory.dmp	xmrig
behavioral2/memory/3468-628-0x00007FF6334B0000-0x00007FF633804000-memory.dmp	xmrig
behavioral2/memory/3616-623-0x00007FF6162E0000-0x00007FF616634000-memory.dmp	xmrig
behavioral2/memory/1284-617-0x00007FF7F3020000-0x00007FF7F3374000-memory.dmp	xmrig
behavioral2/memory/3448-600-0x00007FF669610000-0x00007FF669964000-memory.dmp	xmrig
behavioral2/memory/1496-596-0x00007FF7C49B0000-0x00007FF7C4D04000-memory.dmp	xmrig
behavioral2/memory/4700-590-0x00007FF694620000-0x00007FF694974000-memory.dmp	xmrig
behavioral2/memory/904-584-0x00007FF6DC350000-0x00007FF6DC6A4000-memory.dmp	xmrig
behavioral2/memory/2292-572-0x00007FF7BE370000-0x00007FF7BE6C4000-memory.dmp	xmrig
behavioral2/memory/3716-562-0x00007FF64D440000-0x00007FF64D794000-memory.dmp	xmrig
behavioral2/memory/4988-554-0x00007FF6E49C0000-0x00007FF6E4D14000-memory.dmp	xmrig
behavioral2/memory/4928-542-0x00007FF743ED0000-0x00007FF744224000-memory.dmp	xmrig
behavioral2/memory/3176-522-0x00007FF64D740000-0x00007FF64DA94000-memory.dmp	xmrig
behavioral2/memory/4524-516-0x00007FF6396A0000-0x00007FF6399F4000-memory.dmp	xmrig
behavioral2/memory/1768-512-0x00007FF7A9C10000-0x00007FF7A9F64000-memory.dmp	xmrig
behavioral2/memory/5096-507-0x00007FF6D9000000-0x00007FF6D9354000-memory.dmp	xmrig
behavioral2/memory/940-500-0x00007FF6C9200000-0x00007FF6C9554000-memory.dmp	xmrig
behavioral2/files/0x000700000002346c-166.dat	xmrig
behavioral2/files/0x000700000002346a-162.dat	xmrig
behavioral2/files/0x0007000000023469-157.dat	xmrig
behavioral2/files/0x0007000000023468-152.dat	xmrig
behavioral2/files/0x0007000000023467-147.dat	xmrig
behavioral2/files/0x0007000000023465-137.dat	xmrig
behavioral2/files/0x0007000000023464-132.dat	xmrig
behavioral2/files/0x0007000000023463-126.dat	xmrig
behavioral2/files/0x0007000000023462-122.dat	xmrig
behavioral2/files/0x0007000000023461-117.dat	xmrig
behavioral2/files/0x0007000000023460-112.dat	xmrig
behavioral2/files/0x000700000002345f-107.dat	xmrig
behavioral2/files/0x000700000002345d-97.dat	xmrig
behavioral2/files/0x000700000002345b-87.dat	xmrig
behavioral2/files/0x000700000002345a-79.dat	xmrig
behavioral2/files/0x0007000000023459-77.dat	xmrig
behavioral2/files/0x0007000000023457-66.dat	xmrig
behavioral2/files/0x0007000000023456-62.dat	xmrig
behavioral2/files/0x0007000000023455-56.dat	xmrig
behavioral2/files/0x0007000000023452-42.dat	xmrig
behavioral2/files/0x0007000000023451-37.dat	xmrig
behavioral2/files/0x0007000000023450-32.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2760	szVhkwh.exe
4200	HEYmqJR.exe
3604	hIrMElC.exe
1088	sAepwKL.exe
2944	YPmesRF.exe
1212	UJZFlML.exe
940	GayNmic.exe
3948	woNOnvy.exe
5096	jsEcetF.exe
1768	nSWYWHP.exe
4524	fWoptfP.exe
3176	gVQGeUc.exe
1060	hvSmHhE.exe
4928	KqrfyzE.exe
4092	IKbzEgl.exe
4988	KeydWHa.exe
3716	uNebFLd.exe
2292	tczzfTe.exe
904	eEcegVR.exe
4700	tmkKCDz.exe
1496	nUgrIQC.exe
3448	EcNDlXH.exe
4944	IOSfifO.exe
1284	vYsQrDk.exe
3252	tYpbOZo.exe
3616	cKcMxNP.exe
3468	BYJelHQ.exe
1704	NOQONzv.exe
404	sPemhyt.exe
4876	kUCCnfv.exe
664	WocyfOf.exe
3600	PlzduDL.exe
3460	tRpMjMo.exe
1396	EGUHLQo.exe
1736	uYPPCrR.exe
1960	VZrdAYF.exe
4120	acnHvUv.exe
2744	gBJTNOs.exe
3588	OPDfpZH.exe
4916	jTsUSDY.exe
1376	PpdDelU.exe
3280	VALZglL.exe
3444	JzqCYxd.exe
3220	EyPuanA.exe
1028	RDlTTzt.exe
4868	HYxBFQD.exe
3568	ukjAHtO.exe
3276	TzfhHQJ.exe
840	vIHpnjo.exe
2144	CGfZcFe.exe
2888	TZhjvDn.exe
624	qlrbmGi.exe
4404	vAWwpaA.exe
4204	NBNolhw.exe
712	aJCCIjG.exe
1500	WPefyFh.exe
4812	lAPMunb.exe
2280	TXVoINF.exe
5060	EcnzIwU.exe
668	tmVoONs.exe
640	oYohGPV.exe
4968	wrUQpVh.exe
2228	nXNPmIv.exe
4692	NamaUXR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2972-0-0x00007FF734CA0000-0x00007FF734FF4000-memory.dmp	upx
behavioral2/files/0x000a000000023445-5.dat	upx
behavioral2/files/0x000700000002344e-7.dat	upx
behavioral2/files/0x000700000002344d-10.dat	upx
behavioral2/memory/2760-9-0x00007FF6DB7F0000-0x00007FF6DBB44000-memory.dmp	upx
behavioral2/files/0x000700000002344f-22.dat	upx
behavioral2/files/0x0007000000023453-44.dat	upx
behavioral2/files/0x0007000000023454-52.dat	upx
behavioral2/files/0x0007000000023458-72.dat	upx
behavioral2/files/0x000700000002345c-92.dat	upx
behavioral2/files/0x000700000002345e-102.dat	upx
behavioral2/files/0x0007000000023466-142.dat	upx
behavioral2/files/0x000700000002346b-161.dat	upx
behavioral2/memory/1212-499-0x00007FF690AB0000-0x00007FF690E04000-memory.dmp	upx
behavioral2/memory/3948-501-0x00007FF66DDE0000-0x00007FF66E134000-memory.dmp	upx
behavioral2/memory/1060-533-0x00007FF7F69C0000-0x00007FF7F6D14000-memory.dmp	upx
behavioral2/memory/4092-547-0x00007FF7418A0000-0x00007FF741BF4000-memory.dmp	upx
behavioral2/memory/4944-611-0x00007FF78AFE0000-0x00007FF78B334000-memory.dmp	upx
behavioral2/memory/3252-619-0x00007FF7B86E0000-0x00007FF7B8A34000-memory.dmp	upx
behavioral2/memory/3604-641-0x00007FF78F910000-0x00007FF78FC64000-memory.dmp	upx
behavioral2/memory/2944-646-0x00007FF7C8D70000-0x00007FF7C90C4000-memory.dmp	upx
behavioral2/memory/1088-1786-0x00007FF726CF0000-0x00007FF727044000-memory.dmp	upx
behavioral2/memory/2760-1636-0x00007FF6DB7F0000-0x00007FF6DBB44000-memory.dmp	upx
behavioral2/memory/2972-1514-0x00007FF734CA0000-0x00007FF734FF4000-memory.dmp	upx
behavioral2/memory/404-635-0x00007FF690AE0000-0x00007FF690E34000-memory.dmp	upx
behavioral2/memory/1704-632-0x00007FF6AFE70000-0x00007FF6B01C4000-memory.dmp	upx
behavioral2/memory/3468-628-0x00007FF6334B0000-0x00007FF633804000-memory.dmp	upx
behavioral2/memory/3616-623-0x00007FF6162E0000-0x00007FF616634000-memory.dmp	upx
behavioral2/memory/1284-617-0x00007FF7F3020000-0x00007FF7F3374000-memory.dmp	upx
behavioral2/memory/3448-600-0x00007FF669610000-0x00007FF669964000-memory.dmp	upx
behavioral2/memory/1496-596-0x00007FF7C49B0000-0x00007FF7C4D04000-memory.dmp	upx
behavioral2/memory/4700-590-0x00007FF694620000-0x00007FF694974000-memory.dmp	upx
behavioral2/memory/904-584-0x00007FF6DC350000-0x00007FF6DC6A4000-memory.dmp	upx
behavioral2/memory/2292-572-0x00007FF7BE370000-0x00007FF7BE6C4000-memory.dmp	upx
behavioral2/memory/3716-562-0x00007FF64D440000-0x00007FF64D794000-memory.dmp	upx
behavioral2/memory/4988-554-0x00007FF6E49C0000-0x00007FF6E4D14000-memory.dmp	upx
behavioral2/memory/4928-542-0x00007FF743ED0000-0x00007FF744224000-memory.dmp	upx
behavioral2/memory/3176-522-0x00007FF64D740000-0x00007FF64DA94000-memory.dmp	upx
behavioral2/memory/4524-516-0x00007FF6396A0000-0x00007FF6399F4000-memory.dmp	upx
behavioral2/memory/1768-512-0x00007FF7A9C10000-0x00007FF7A9F64000-memory.dmp	upx
behavioral2/memory/5096-507-0x00007FF6D9000000-0x00007FF6D9354000-memory.dmp	upx
behavioral2/memory/940-500-0x00007FF6C9200000-0x00007FF6C9554000-memory.dmp	upx
behavioral2/files/0x000700000002346c-166.dat	upx
behavioral2/files/0x000700000002346a-162.dat	upx
behavioral2/files/0x0007000000023469-157.dat	upx
behavioral2/files/0x0007000000023468-152.dat	upx
behavioral2/files/0x0007000000023467-147.dat	upx
behavioral2/files/0x0007000000023465-137.dat	upx
behavioral2/files/0x0007000000023464-132.dat	upx
behavioral2/files/0x0007000000023463-126.dat	upx
behavioral2/files/0x0007000000023462-122.dat	upx
behavioral2/files/0x0007000000023461-117.dat	upx
behavioral2/files/0x0007000000023460-112.dat	upx
behavioral2/files/0x000700000002345f-107.dat	upx
behavioral2/files/0x000700000002345d-97.dat	upx
behavioral2/files/0x000700000002345b-87.dat	upx
behavioral2/files/0x000700000002345a-79.dat	upx
behavioral2/files/0x0007000000023459-77.dat	upx
behavioral2/files/0x0007000000023457-66.dat	upx
behavioral2/files/0x0007000000023456-62.dat	upx
behavioral2/files/0x0007000000023455-56.dat	upx
behavioral2/files/0x0007000000023452-42.dat	upx
behavioral2/files/0x0007000000023451-37.dat	upx
behavioral2/files/0x0007000000023450-32.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TzfhHQJ.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\jvcWcFC.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\rkRhKNN.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\YieqfhT.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\BjvYLXO.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\lyrLodN.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\BezAjsn.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\woNOnvy.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\ppxOObf.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\MpAqPej.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\UalWscR.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\aWKLbbT.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\NcBTDGx.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\lubKKWB.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\eGSiPab.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\UMHBtHV.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\GhWIfTa.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\NOQONzv.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\qbgOSdJ.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\FWaSeQc.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\gCSpZNn.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\pQRufvb.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\VjAGibl.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\EbjAegg.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\WxHmYEY.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\BUItChW.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\vAWwpaA.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\LkJOrRB.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\ZLmSsNI.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\oUczVfd.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\RbJPICE.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\facRHGL.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\yOKWhDL.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\zkOESLE.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\IaCaNAA.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\xYjnsOq.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\eBOLpEH.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\CKWtjTX.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\XMcvbKy.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\WQqvIMr.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\atxIWzM.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\tTUSydi.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\dIIYKcj.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\zoMxhlS.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\lPtZsZB.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\bCVgFmP.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\SnNleRB.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\xRetxLs.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\wNbeXkl.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\mltFIDU.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\qBfESxh.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\btWIXBj.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\ysOWCfV.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\OtpuZnI.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\AfKAbTd.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\fgjtXDo.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\xtdqmke.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\WbKLyyr.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\wkfouGQ.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\wcUBvAj.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\uTKCBrc.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\gZjFbbD.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\XkhZGri.exe	2aad200fc92e6e0a113f457621f1bc60N.exe
File created	C:\Windows\System\nUgrIQC.exe	2aad200fc92e6e0a113f457621f1bc60N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14604	dwm.exe
Token: SeChangeNotifyPrivilege	14604	dwm.exe
Token: 33	14604	dwm.exe
Token: SeIncBasePriorityPrivilege	14604	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2760	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	84
PID 2972 wrote to memory of 2760	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	84
PID 2972 wrote to memory of 4200	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	85
PID 2972 wrote to memory of 4200	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	85
PID 2972 wrote to memory of 3604	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	86
PID 2972 wrote to memory of 3604	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	86
PID 2972 wrote to memory of 1088	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	87
PID 2972 wrote to memory of 1088	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	87
PID 2972 wrote to memory of 2944	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	88
PID 2972 wrote to memory of 2944	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	88
PID 2972 wrote to memory of 1212	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	89
PID 2972 wrote to memory of 1212	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	89
PID 2972 wrote to memory of 940	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	90
PID 2972 wrote to memory of 940	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	90
PID 2972 wrote to memory of 3948	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	91
PID 2972 wrote to memory of 3948	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	91
PID 2972 wrote to memory of 5096	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	92
PID 2972 wrote to memory of 5096	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	92
PID 2972 wrote to memory of 1768	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	93
PID 2972 wrote to memory of 1768	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	93
PID 2972 wrote to memory of 4524	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	94
PID 2972 wrote to memory of 4524	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	94
PID 2972 wrote to memory of 3176	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	95
PID 2972 wrote to memory of 3176	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	95
PID 2972 wrote to memory of 1060	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	96
PID 2972 wrote to memory of 1060	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	96
PID 2972 wrote to memory of 4928	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	97
PID 2972 wrote to memory of 4928	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	97
PID 2972 wrote to memory of 4092	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	98
PID 2972 wrote to memory of 4092	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	98
PID 2972 wrote to memory of 4988	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	99
PID 2972 wrote to memory of 4988	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	99
PID 2972 wrote to memory of 3716	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	100
PID 2972 wrote to memory of 3716	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	100
PID 2972 wrote to memory of 2292	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	101
PID 2972 wrote to memory of 2292	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	101
PID 2972 wrote to memory of 904	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	102
PID 2972 wrote to memory of 904	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	102
PID 2972 wrote to memory of 4700	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	103
PID 2972 wrote to memory of 4700	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	103
PID 2972 wrote to memory of 1496	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	104
PID 2972 wrote to memory of 1496	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	104
PID 2972 wrote to memory of 3448	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	105
PID 2972 wrote to memory of 3448	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	105
PID 2972 wrote to memory of 4944	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	106
PID 2972 wrote to memory of 4944	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	106
PID 2972 wrote to memory of 1284	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	107
PID 2972 wrote to memory of 1284	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	107
PID 2972 wrote to memory of 3252	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	108
PID 2972 wrote to memory of 3252	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	108
PID 2972 wrote to memory of 3616	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	109
PID 2972 wrote to memory of 3616	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	109
PID 2972 wrote to memory of 3468	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	110
PID 2972 wrote to memory of 3468	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	110
PID 2972 wrote to memory of 1704	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	111
PID 2972 wrote to memory of 1704	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	111
PID 2972 wrote to memory of 404	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	112
PID 2972 wrote to memory of 404	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	112
PID 2972 wrote to memory of 4876	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	113
PID 2972 wrote to memory of 4876	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	113
PID 2972 wrote to memory of 664	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	114
PID 2972 wrote to memory of 664	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	114
PID 2972 wrote to memory of 3600	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	115
PID 2972 wrote to memory of 3600	2972	2aad200fc92e6e0a113f457621f1bc60N.exe	115

C:\Users\Admin\AppData\Local\Temp\2aad200fc92e6e0a113f457621f1bc60N.exe
"C:\Users\Admin\AppData\Local\Temp\2aad200fc92e6e0a113f457621f1bc60N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\System\szVhkwh.exe
  C:\Windows\System\szVhkwh.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\HEYmqJR.exe
  C:\Windows\System\HEYmqJR.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\hIrMElC.exe
  C:\Windows\System\hIrMElC.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\sAepwKL.exe
  C:\Windows\System\sAepwKL.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\YPmesRF.exe
  C:\Windows\System\YPmesRF.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\UJZFlML.exe
  C:\Windows\System\UJZFlML.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\GayNmic.exe
  C:\Windows\System\GayNmic.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\woNOnvy.exe
  C:\Windows\System\woNOnvy.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\jsEcetF.exe
  C:\Windows\System\jsEcetF.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\nSWYWHP.exe
  C:\Windows\System\nSWYWHP.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\fWoptfP.exe
  C:\Windows\System\fWoptfP.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\gVQGeUc.exe
  C:\Windows\System\gVQGeUc.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\hvSmHhE.exe
  C:\Windows\System\hvSmHhE.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\KqrfyzE.exe
  C:\Windows\System\KqrfyzE.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\IKbzEgl.exe
  C:\Windows\System\IKbzEgl.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\KeydWHa.exe
  C:\Windows\System\KeydWHa.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\uNebFLd.exe
  C:\Windows\System\uNebFLd.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\tczzfTe.exe
  C:\Windows\System\tczzfTe.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\eEcegVR.exe
  C:\Windows\System\eEcegVR.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\tmkKCDz.exe
  C:\Windows\System\tmkKCDz.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\nUgrIQC.exe
  C:\Windows\System\nUgrIQC.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\EcNDlXH.exe
  C:\Windows\System\EcNDlXH.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\IOSfifO.exe
  C:\Windows\System\IOSfifO.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\vYsQrDk.exe
  C:\Windows\System\vYsQrDk.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\tYpbOZo.exe
  C:\Windows\System\tYpbOZo.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\cKcMxNP.exe
  C:\Windows\System\cKcMxNP.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\BYJelHQ.exe
  C:\Windows\System\BYJelHQ.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\NOQONzv.exe
  C:\Windows\System\NOQONzv.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\sPemhyt.exe
  C:\Windows\System\sPemhyt.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\kUCCnfv.exe
  C:\Windows\System\kUCCnfv.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\WocyfOf.exe
  C:\Windows\System\WocyfOf.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\PlzduDL.exe
  C:\Windows\System\PlzduDL.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\tRpMjMo.exe
  C:\Windows\System\tRpMjMo.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\EGUHLQo.exe
  C:\Windows\System\EGUHLQo.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\uYPPCrR.exe
  C:\Windows\System\uYPPCrR.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\VZrdAYF.exe
  C:\Windows\System\VZrdAYF.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\acnHvUv.exe
  C:\Windows\System\acnHvUv.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\gBJTNOs.exe
  C:\Windows\System\gBJTNOs.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\OPDfpZH.exe
  C:\Windows\System\OPDfpZH.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\jTsUSDY.exe
  C:\Windows\System\jTsUSDY.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\PpdDelU.exe
  C:\Windows\System\PpdDelU.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\VALZglL.exe
  C:\Windows\System\VALZglL.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\JzqCYxd.exe
  C:\Windows\System\JzqCYxd.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\EyPuanA.exe
  C:\Windows\System\EyPuanA.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\RDlTTzt.exe
  C:\Windows\System\RDlTTzt.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\HYxBFQD.exe
  C:\Windows\System\HYxBFQD.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\ukjAHtO.exe
  C:\Windows\System\ukjAHtO.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\TzfhHQJ.exe
  C:\Windows\System\TzfhHQJ.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\vIHpnjo.exe
  C:\Windows\System\vIHpnjo.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\CGfZcFe.exe
  C:\Windows\System\CGfZcFe.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\TZhjvDn.exe
  C:\Windows\System\TZhjvDn.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\qlrbmGi.exe
  C:\Windows\System\qlrbmGi.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\vAWwpaA.exe
  C:\Windows\System\vAWwpaA.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\NBNolhw.exe
  C:\Windows\System\NBNolhw.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\aJCCIjG.exe
  C:\Windows\System\aJCCIjG.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\WPefyFh.exe
  C:\Windows\System\WPefyFh.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\lAPMunb.exe
  C:\Windows\System\lAPMunb.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\TXVoINF.exe
  C:\Windows\System\TXVoINF.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\EcnzIwU.exe
  C:\Windows\System\EcnzIwU.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\tmVoONs.exe
  C:\Windows\System\tmVoONs.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\oYohGPV.exe
  C:\Windows\System\oYohGPV.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\wrUQpVh.exe
  C:\Windows\System\wrUQpVh.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\nXNPmIv.exe
  C:\Windows\System\nXNPmIv.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\NamaUXR.exe
  C:\Windows\System\NamaUXR.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\SKpXWJP.exe
  C:\Windows\System\SKpXWJP.exe
  2⤵
  PID:548
- C:\Windows\System\mNpUByL.exe
  C:\Windows\System\mNpUByL.exe
  2⤵
  PID:1648
- C:\Windows\System\fasihFM.exe
  C:\Windows\System\fasihFM.exe
  2⤵
  PID:1344
- C:\Windows\System\WxHmYEY.exe
  C:\Windows\System\WxHmYEY.exe
  2⤵
  PID:3592
- C:\Windows\System\wleyCZR.exe
  C:\Windows\System\wleyCZR.exe
  2⤵
  PID:1580
- C:\Windows\System\tTUSydi.exe
  C:\Windows\System\tTUSydi.exe
  2⤵
  PID:3184
- C:\Windows\System\BbiCJFc.exe
  C:\Windows\System\BbiCJFc.exe
  2⤵
  PID:4704
- C:\Windows\System\UalWscR.exe
  C:\Windows\System\UalWscR.exe
  2⤵
  PID:4340
- C:\Windows\System\lBjUMEo.exe
  C:\Windows\System\lBjUMEo.exe
  2⤵
  PID:1268
- C:\Windows\System\SYZWtww.exe
  C:\Windows\System\SYZWtww.exe
  2⤵
  PID:3936
- C:\Windows\System\XMcvbKy.exe
  C:\Windows\System\XMcvbKy.exe
  2⤵
  PID:2500
- C:\Windows\System\jQZJiaM.exe
  C:\Windows\System\jQZJiaM.exe
  2⤵
  PID:4756
- C:\Windows\System\mAEIiFg.exe
  C:\Windows\System\mAEIiFg.exe
  2⤵
  PID:3032
- C:\Windows\System\SpHZSEX.exe
  C:\Windows\System\SpHZSEX.exe
  2⤵
  PID:3264
- C:\Windows\System\qrMdxCk.exe
  C:\Windows\System\qrMdxCk.exe
  2⤵
  PID:2208
- C:\Windows\System\hjWSShZ.exe
  C:\Windows\System\hjWSShZ.exe
  2⤵
  PID:2388
- C:\Windows\System\NguqxPo.exe
  C:\Windows\System\NguqxPo.exe
  2⤵
  PID:4488
- C:\Windows\System\GQSBhdV.exe
  C:\Windows\System\GQSBhdV.exe
  2⤵
  PID:2796
- C:\Windows\System\ICwTZjr.exe
  C:\Windows\System\ICwTZjr.exe
  2⤵
  PID:2612
- C:\Windows\System\alkOxRb.exe
  C:\Windows\System\alkOxRb.exe
  2⤵
  PID:4456
- C:\Windows\System\kXAKMsH.exe
  C:\Windows\System\kXAKMsH.exe
  2⤵
  PID:4064
- C:\Windows\System\XOAlcaD.exe
  C:\Windows\System\XOAlcaD.exe
  2⤵
  PID:3076
- C:\Windows\System\iHDHUCo.exe
  C:\Windows\System\iHDHUCo.exe
  2⤵
  PID:4388
- C:\Windows\System\OwoBnQS.exe
  C:\Windows\System\OwoBnQS.exe
  2⤵
  PID:4628
- C:\Windows\System\cGlanTt.exe
  C:\Windows\System\cGlanTt.exe
  2⤵
  PID:4752
- C:\Windows\System\WQqvIMr.exe
  C:\Windows\System\WQqvIMr.exe
  2⤵
  PID:4376
- C:\Windows\System\gaWNuNu.exe
  C:\Windows\System\gaWNuNu.exe
  2⤵
  PID:936
- C:\Windows\System\HVLMJFh.exe
  C:\Windows\System\HVLMJFh.exe
  2⤵
  PID:5148
- C:\Windows\System\rrFxLmb.exe
  C:\Windows\System\rrFxLmb.exe
  2⤵
  PID:5176
- C:\Windows\System\HQkTWbZ.exe
  C:\Windows\System\HQkTWbZ.exe
  2⤵
  PID:5200
- C:\Windows\System\FBpuJrc.exe
  C:\Windows\System\FBpuJrc.exe
  2⤵
  PID:5232
- C:\Windows\System\jvcWcFC.exe
  C:\Windows\System\jvcWcFC.exe
  2⤵
  PID:5260
- C:\Windows\System\zyAbjgi.exe
  C:\Windows\System\zyAbjgi.exe
  2⤵
  PID:5284
- C:\Windows\System\NSvJBcH.exe
  C:\Windows\System\NSvJBcH.exe
  2⤵
  PID:5316
- C:\Windows\System\SFIslPV.exe
  C:\Windows\System\SFIslPV.exe
  2⤵
  PID:5344
- C:\Windows\System\sAzUlcu.exe
  C:\Windows\System\sAzUlcu.exe
  2⤵
  PID:5372
- C:\Windows\System\LOdoWqL.exe
  C:\Windows\System\LOdoWqL.exe
  2⤵
  PID:5400
- C:\Windows\System\ntSREuA.exe
  C:\Windows\System\ntSREuA.exe
  2⤵
  PID:5424
- C:\Windows\System\gQYBouZ.exe
  C:\Windows\System\gQYBouZ.exe
  2⤵
  PID:5456
- C:\Windows\System\BAQziHN.exe
  C:\Windows\System\BAQziHN.exe
  2⤵
  PID:5484
- C:\Windows\System\HCVrUMl.exe
  C:\Windows\System\HCVrUMl.exe
  2⤵
  PID:5512
- C:\Windows\System\UfJUAAw.exe
  C:\Windows\System\UfJUAAw.exe
  2⤵
  PID:5540
- C:\Windows\System\slAJmKg.exe
  C:\Windows\System\slAJmKg.exe
  2⤵
  PID:5564
- C:\Windows\System\CQilzdK.exe
  C:\Windows\System\CQilzdK.exe
  2⤵
  PID:5596
- C:\Windows\System\EbcxVmf.exe
  C:\Windows\System\EbcxVmf.exe
  2⤵
  PID:5624
- C:\Windows\System\Oarbdpd.exe
  C:\Windows\System\Oarbdpd.exe
  2⤵
  PID:5652
- C:\Windows\System\oWzImWp.exe
  C:\Windows\System\oWzImWp.exe
  2⤵
  PID:5680
- C:\Windows\System\KsSEYPv.exe
  C:\Windows\System\KsSEYPv.exe
  2⤵
  PID:5708
- C:\Windows\System\ahTadGf.exe
  C:\Windows\System\ahTadGf.exe
  2⤵
  PID:5736
- C:\Windows\System\BYeLJOH.exe
  C:\Windows\System\BYeLJOH.exe
  2⤵
  PID:5764
- C:\Windows\System\TyKzSCC.exe
  C:\Windows\System\TyKzSCC.exe
  2⤵
  PID:5792
- C:\Windows\System\YqKJHie.exe
  C:\Windows\System\YqKJHie.exe
  2⤵
  PID:5820
- C:\Windows\System\cgYpSEU.exe
  C:\Windows\System\cgYpSEU.exe
  2⤵
  PID:5848
- C:\Windows\System\VEgtKno.exe
  C:\Windows\System\VEgtKno.exe
  2⤵
  PID:5872
- C:\Windows\System\wKhfGDm.exe
  C:\Windows\System\wKhfGDm.exe
  2⤵
  PID:5904
- C:\Windows\System\umPKFWc.exe
  C:\Windows\System\umPKFWc.exe
  2⤵
  PID:5932
- C:\Windows\System\zNpkTSL.exe
  C:\Windows\System\zNpkTSL.exe
  2⤵
  PID:5960
- C:\Windows\System\xpJFYGB.exe
  C:\Windows\System\xpJFYGB.exe
  2⤵
  PID:5988
- C:\Windows\System\GqXrenK.exe
  C:\Windows\System\GqXrenK.exe
  2⤵
  PID:6016
- C:\Windows\System\OtpuZnI.exe
  C:\Windows\System\OtpuZnI.exe
  2⤵
  PID:6044
- C:\Windows\System\VygDGHo.exe
  C:\Windows\System\VygDGHo.exe
  2⤵
  PID:6072
- C:\Windows\System\NzrxXlQ.exe
  C:\Windows\System\NzrxXlQ.exe
  2⤵
  PID:6096
- C:\Windows\System\zxxtyXI.exe
  C:\Windows\System\zxxtyXI.exe
  2⤵
  PID:6128
- C:\Windows\System\VcRFrSs.exe
  C:\Windows\System\VcRFrSs.exe
  2⤵
  PID:3016
- C:\Windows\System\pRjwcsR.exe
  C:\Windows\System\pRjwcsR.exe
  2⤵
  PID:3392
- C:\Windows\System\FcAkmjI.exe
  C:\Windows\System\FcAkmjI.exe
  2⤵
  PID:2240
- C:\Windows\System\xtdqmke.exe
  C:\Windows\System\xtdqmke.exe
  2⤵
  PID:4940
- C:\Windows\System\WWjfrel.exe
  C:\Windows\System\WWjfrel.exe
  2⤵
  PID:5140
- C:\Windows\System\BwzEPdo.exe
  C:\Windows\System\BwzEPdo.exe
  2⤵
  PID:5216
- C:\Windows\System\RVRmqrF.exe
  C:\Windows\System\RVRmqrF.exe
  2⤵
  PID:5272
- C:\Windows\System\TjdjjuY.exe
  C:\Windows\System\TjdjjuY.exe
  2⤵
  PID:5332
- C:\Windows\System\lxZlDQY.exe
  C:\Windows\System\lxZlDQY.exe
  2⤵
  PID:5388
- C:\Windows\System\HCkgyjA.exe
  C:\Windows\System\HCkgyjA.exe
  2⤵
  PID:5448
- C:\Windows\System\NPNnSZo.exe
  C:\Windows\System\NPNnSZo.exe
  2⤵
  PID:5504
- C:\Windows\System\qbgOSdJ.exe
  C:\Windows\System\qbgOSdJ.exe
  2⤵
  PID:5580
- C:\Windows\System\UeGsLtY.exe
  C:\Windows\System\UeGsLtY.exe
  2⤵
  PID:5636
- C:\Windows\System\bTDZCfb.exe
  C:\Windows\System\bTDZCfb.exe
  2⤵
  PID:5700
- C:\Windows\System\EneXJOz.exe
  C:\Windows\System\EneXJOz.exe
  2⤵
  PID:5776
- C:\Windows\System\pWwfFOo.exe
  C:\Windows\System\pWwfFOo.exe
  2⤵
  PID:5836
- C:\Windows\System\FwDuYCH.exe
  C:\Windows\System\FwDuYCH.exe
  2⤵
  PID:5888
- C:\Windows\System\qbhmhcE.exe
  C:\Windows\System\qbhmhcE.exe
  2⤵
  PID:5948
- C:\Windows\System\zIlGAuU.exe
  C:\Windows\System\zIlGAuU.exe
  2⤵
  PID:6116
- C:\Windows\System\alNZrBY.exe
  C:\Windows\System\alNZrBY.exe
  2⤵
  PID:3520
- C:\Windows\System\ZPWjsDs.exe
  C:\Windows\System\ZPWjsDs.exe
  2⤵
  PID:3932
- C:\Windows\System\GgdAGAn.exe
  C:\Windows\System\GgdAGAn.exe
  2⤵
  PID:5132
- C:\Windows\System\EQNbiqo.exe
  C:\Windows\System\EQNbiqo.exe
  2⤵
  PID:5244
- C:\Windows\System\iMLgVWO.exe
  C:\Windows\System\iMLgVWO.exe
  2⤵
  PID:5308
- C:\Windows\System\IlCQAAi.exe
  C:\Windows\System\IlCQAAi.exe
  2⤵
  PID:5364
- C:\Windows\System\SvEVTBD.exe
  C:\Windows\System\SvEVTBD.exe
  2⤵
  PID:3536
- C:\Windows\System\zKURwKq.exe
  C:\Windows\System\zKURwKq.exe
  2⤵
  PID:5476
- C:\Windows\System\OBpSpVr.exe
  C:\Windows\System\OBpSpVr.exe
  2⤵
  PID:5552
- C:\Windows\System\yAZSEnM.exe
  C:\Windows\System\yAZSEnM.exe
  2⤵
  PID:5668
- C:\Windows\System\GIJaqVc.exe
  C:\Windows\System\GIJaqVc.exe
  2⤵
  PID:5808
- C:\Windows\System\fvZgsgL.exe
  C:\Windows\System\fvZgsgL.exe
  2⤵
  PID:2116
- C:\Windows\System\FcFCLVY.exe
  C:\Windows\System\FcFCLVY.exe
  2⤵
  PID:5916
- C:\Windows\System\EmReTyc.exe
  C:\Windows\System\EmReTyc.exe
  2⤵
  PID:4856
- C:\Windows\System\XXNjmWR.exe
  C:\Windows\System\XXNjmWR.exe
  2⤵
  PID:6112
- C:\Windows\System\yDpgVox.exe
  C:\Windows\System\yDpgVox.exe
  2⤵
  PID:4080
- C:\Windows\System\WbGEFxL.exe
  C:\Windows\System\WbGEFxL.exe
  2⤵
  PID:1908
- C:\Windows\System\YKOrOSs.exe
  C:\Windows\System\YKOrOSs.exe
  2⤵
  PID:4796
- C:\Windows\System\jWkjzrN.exe
  C:\Windows\System\jWkjzrN.exe
  2⤵
  PID:3744
- C:\Windows\System\LkTwCyr.exe
  C:\Windows\System\LkTwCyr.exe
  2⤵
  PID:1236
- C:\Windows\System\xLomnrP.exe
  C:\Windows\System\xLomnrP.exe
  2⤵
  PID:3268
- C:\Windows\System\HJhsnCF.exe
  C:\Windows\System\HJhsnCF.exe
  2⤵
  PID:5168
- C:\Windows\System\xlofptH.exe
  C:\Windows\System\xlofptH.exe
  2⤵
  PID:5612
- C:\Windows\System\XCfFSCD.exe
  C:\Windows\System\XCfFSCD.exe
  2⤵
  PID:3624
- C:\Windows\System\DNbKrvt.exe
  C:\Windows\System\DNbKrvt.exe
  2⤵
  PID:2800
- C:\Windows\System\JtkEiBF.exe
  C:\Windows\System\JtkEiBF.exe
  2⤵
  PID:5252
- C:\Windows\System\SEGRpIL.exe
  C:\Windows\System\SEGRpIL.exe
  2⤵
  PID:4564
- C:\Windows\System\vMbFskb.exe
  C:\Windows\System\vMbFskb.exe
  2⤵
  PID:4584
- C:\Windows\System\Igiwwph.exe
  C:\Windows\System\Igiwwph.exe
  2⤵
  PID:3960
- C:\Windows\System\FimpLKk.exe
  C:\Windows\System\FimpLKk.exe
  2⤵
  PID:1120
- C:\Windows\System\AdxkvlH.exe
  C:\Windows\System\AdxkvlH.exe
  2⤵
  PID:6180
- C:\Windows\System\EfCOzHD.exe
  C:\Windows\System\EfCOzHD.exe
  2⤵
  PID:6212
- C:\Windows\System\zcGtjHU.exe
  C:\Windows\System\zcGtjHU.exe
  2⤵
  PID:6272
- C:\Windows\System\MWsYwYT.exe
  C:\Windows\System\MWsYwYT.exe
  2⤵
  PID:6300
- C:\Windows\System\luIYAhL.exe
  C:\Windows\System\luIYAhL.exe
  2⤵
  PID:6316
- C:\Windows\System\SnNleRB.exe
  C:\Windows\System\SnNleRB.exe
  2⤵
  PID:6336
- C:\Windows\System\aWKLbbT.exe
  C:\Windows\System\aWKLbbT.exe
  2⤵
  PID:6372
- C:\Windows\System\uKFQBah.exe
  C:\Windows\System\uKFQBah.exe
  2⤵
  PID:6392
- C:\Windows\System\nmmjrRX.exe
  C:\Windows\System\nmmjrRX.exe
  2⤵
  PID:6436
- C:\Windows\System\OoNcBSX.exe
  C:\Windows\System\OoNcBSX.exe
  2⤵
  PID:6464
- C:\Windows\System\UlQyytu.exe
  C:\Windows\System\UlQyytu.exe
  2⤵
  PID:6484
- C:\Windows\System\PfAFIhV.exe
  C:\Windows\System\PfAFIhV.exe
  2⤵
  PID:6568
- C:\Windows\System\FxgTgiG.exe
  C:\Windows\System\FxgTgiG.exe
  2⤵
  PID:6584
- C:\Windows\System\ktxDRfE.exe
  C:\Windows\System\ktxDRfE.exe
  2⤵
  PID:6608
- C:\Windows\System\kSNQmYp.exe
  C:\Windows\System\kSNQmYp.exe
  2⤵
  PID:6628
- C:\Windows\System\mvJtXRZ.exe
  C:\Windows\System\mvJtXRZ.exe
  2⤵
  PID:6644
- C:\Windows\System\SroCywc.exe
  C:\Windows\System\SroCywc.exe
  2⤵
  PID:6660
- C:\Windows\System\ovHLFaX.exe
  C:\Windows\System\ovHLFaX.exe
  2⤵
  PID:6676
- C:\Windows\System\flftuWh.exe
  C:\Windows\System\flftuWh.exe
  2⤵
  PID:6712
- C:\Windows\System\bCVgFmP.exe
  C:\Windows\System\bCVgFmP.exe
  2⤵
  PID:6732
- C:\Windows\System\tkEUZsS.exe
  C:\Windows\System\tkEUZsS.exe
  2⤵
  PID:6768
- C:\Windows\System\WJIWrex.exe
  C:\Windows\System\WJIWrex.exe
  2⤵
  PID:6792
- C:\Windows\System\KSWJqAR.exe
  C:\Windows\System\KSWJqAR.exe
  2⤵
  PID:6812
- C:\Windows\System\IJeVfaN.exe
  C:\Windows\System\IJeVfaN.exe
  2⤵
  PID:6888
- C:\Windows\System\IxAJvoU.exe
  C:\Windows\System\IxAJvoU.exe
  2⤵
  PID:6916
- C:\Windows\System\vIuFBAH.exe
  C:\Windows\System\vIuFBAH.exe
  2⤵
  PID:6968
- C:\Windows\System\kAdkbTS.exe
  C:\Windows\System\kAdkbTS.exe
  2⤵
  PID:6984
- C:\Windows\System\OjsYWNJ.exe
  C:\Windows\System\OjsYWNJ.exe
  2⤵
  PID:7008
- C:\Windows\System\nWuIdNl.exe
  C:\Windows\System\nWuIdNl.exe
  2⤵
  PID:7052
- C:\Windows\System\HJICIhI.exe
  C:\Windows\System\HJICIhI.exe
  2⤵
  PID:7080
- C:\Windows\System\xRetxLs.exe
  C:\Windows\System\xRetxLs.exe
  2⤵
  PID:7116
- C:\Windows\System\gDRwMvz.exe
  C:\Windows\System\gDRwMvz.exe
  2⤵
  PID:7132
- C:\Windows\System\ksbBkCo.exe
  C:\Windows\System\ksbBkCo.exe
  2⤵
  PID:7160
- C:\Windows\System\oiaxZyN.exe
  C:\Windows\System\oiaxZyN.exe
  2⤵
  PID:5728
- C:\Windows\System\jaiSLGc.exe
  C:\Windows\System\jaiSLGc.exe
  2⤵
  PID:6220
- C:\Windows\System\GJjUrgJ.exe
  C:\Windows\System\GJjUrgJ.exe
  2⤵
  PID:6408
- C:\Windows\System\DNXAtLZ.exe
  C:\Windows\System\DNXAtLZ.exe
  2⤵
  PID:6520
- C:\Windows\System\eYqawUx.exe
  C:\Windows\System\eYqawUx.exe
  2⤵
  PID:6560
- C:\Windows\System\ogqQajF.exe
  C:\Windows\System\ogqQajF.exe
  2⤵
  PID:6616
- C:\Windows\System\pcAQzYp.exe
  C:\Windows\System\pcAQzYp.exe
  2⤵
  PID:6696
- C:\Windows\System\QvWFLRC.exe
  C:\Windows\System\QvWFLRC.exe
  2⤵
  PID:6896
- C:\Windows\System\NaaVvcz.exe
  C:\Windows\System\NaaVvcz.exe
  2⤵
  PID:6928
- C:\Windows\System\LskBBJS.exe
  C:\Windows\System\LskBBJS.exe
  2⤵
  PID:6976
- C:\Windows\System\KJZRSSb.exe
  C:\Windows\System\KJZRSSb.exe
  2⤵
  PID:7100
- C:\Windows\System\ECpBSwf.exe
  C:\Windows\System\ECpBSwf.exe
  2⤵
  PID:3692
- C:\Windows\System\lZQZKbJ.exe
  C:\Windows\System\lZQZKbJ.exe
  2⤵
  PID:6360
- C:\Windows\System\LDcuBcK.exe
  C:\Windows\System\LDcuBcK.exe
  2⤵
  PID:6580
- C:\Windows\System\fhjDIKh.exe
  C:\Windows\System\fhjDIKh.exe
  2⤵
  PID:6868
- C:\Windows\System\FWaSeQc.exe
  C:\Windows\System\FWaSeQc.exe
  2⤵
  PID:7152
- C:\Windows\System\vdBtSve.exe
  C:\Windows\System\vdBtSve.exe
  2⤵
  PID:6432
- C:\Windows\System\xZhxUfo.exe
  C:\Windows\System\xZhxUfo.exe
  2⤵
  PID:7076
- C:\Windows\System\ygneaUX.exe
  C:\Windows\System\ygneaUX.exe
  2⤵
  PID:7184
- C:\Windows\System\zLkgKYy.exe
  C:\Windows\System\zLkgKYy.exe
  2⤵
  PID:7212
- C:\Windows\System\xSiuAcY.exe
  C:\Windows\System\xSiuAcY.exe
  2⤵
  PID:7240
- C:\Windows\System\HOqXxdm.exe
  C:\Windows\System\HOqXxdm.exe
  2⤵
  PID:7268
- C:\Windows\System\pcacWMA.exe
  C:\Windows\System\pcacWMA.exe
  2⤵
  PID:7296
- C:\Windows\System\YNZUyma.exe
  C:\Windows\System\YNZUyma.exe
  2⤵
  PID:7328
- C:\Windows\System\tTVBebx.exe
  C:\Windows\System\tTVBebx.exe
  2⤵
  PID:7364
- C:\Windows\System\qzydAay.exe
  C:\Windows\System\qzydAay.exe
  2⤵
  PID:7392
- C:\Windows\System\qGcbaJU.exe
  C:\Windows\System\qGcbaJU.exe
  2⤵
  PID:7424
- C:\Windows\System\EmaDaZW.exe
  C:\Windows\System\EmaDaZW.exe
  2⤵
  PID:7452
- C:\Windows\System\FNekuYd.exe
  C:\Windows\System\FNekuYd.exe
  2⤵
  PID:7480
- C:\Windows\System\hofBOIS.exe
  C:\Windows\System\hofBOIS.exe
  2⤵
  PID:7508
- C:\Windows\System\AdGEjog.exe
  C:\Windows\System\AdGEjog.exe
  2⤵
  PID:7540
- C:\Windows\System\fQqWgez.exe
  C:\Windows\System\fQqWgez.exe
  2⤵
  PID:7564
- C:\Windows\System\Gcvszrl.exe
  C:\Windows\System\Gcvszrl.exe
  2⤵
  PID:7592
- C:\Windows\System\mToByIt.exe
  C:\Windows\System\mToByIt.exe
  2⤵
  PID:7628
- C:\Windows\System\qhgPwiN.exe
  C:\Windows\System\qhgPwiN.exe
  2⤵
  PID:7672
- C:\Windows\System\mgUtYJh.exe
  C:\Windows\System\mgUtYJh.exe
  2⤵
  PID:7700
- C:\Windows\System\phUOmBX.exe
  C:\Windows\System\phUOmBX.exe
  2⤵
  PID:7716
- C:\Windows\System\nqyEUNM.exe
  C:\Windows\System\nqyEUNM.exe
  2⤵
  PID:7748
- C:\Windows\System\aXEASRV.exe
  C:\Windows\System\aXEASRV.exe
  2⤵
  PID:7784
- C:\Windows\System\lCFWPqQ.exe
  C:\Windows\System\lCFWPqQ.exe
  2⤵
  PID:7824
- C:\Windows\System\nUSdMws.exe
  C:\Windows\System\nUSdMws.exe
  2⤵
  PID:7844
- C:\Windows\System\xiduTOl.exe
  C:\Windows\System\xiduTOl.exe
  2⤵
  PID:7892
- C:\Windows\System\DEufTVa.exe
  C:\Windows\System\DEufTVa.exe
  2⤵
  PID:7920
- C:\Windows\System\xeRpMMv.exe
  C:\Windows\System\xeRpMMv.exe
  2⤵
  PID:7948
- C:\Windows\System\BzasqmZ.exe
  C:\Windows\System\BzasqmZ.exe
  2⤵
  PID:7976
- C:\Windows\System\fOjySJH.exe
  C:\Windows\System\fOjySJH.exe
  2⤵
  PID:8004
- C:\Windows\System\BcBEBmd.exe
  C:\Windows\System\BcBEBmd.exe
  2⤵
  PID:8032
- C:\Windows\System\IgLobhA.exe
  C:\Windows\System\IgLobhA.exe
  2⤵
  PID:8060
- C:\Windows\System\uQrXRwV.exe
  C:\Windows\System\uQrXRwV.exe
  2⤵
  PID:8076
- C:\Windows\System\kmehHos.exe
  C:\Windows\System\kmehHos.exe
  2⤵
  PID:8108
- C:\Windows\System\idSdTvy.exe
  C:\Windows\System\idSdTvy.exe
  2⤵
  PID:8152
- C:\Windows\System\RGLDMmi.exe
  C:\Windows\System\RGLDMmi.exe
  2⤵
  PID:8184
- C:\Windows\System\khzzKja.exe
  C:\Windows\System\khzzKja.exe
  2⤵
  PID:7208
- C:\Windows\System\HwhurDv.exe
  C:\Windows\System\HwhurDv.exe
  2⤵
  PID:7280
- C:\Windows\System\MqMcJUh.exe
  C:\Windows\System\MqMcJUh.exe
  2⤵
  PID:7348
- C:\Windows\System\WYvNwGB.exe
  C:\Windows\System\WYvNwGB.exe
  2⤵
  PID:7416
- C:\Windows\System\BNDxNHR.exe
  C:\Windows\System\BNDxNHR.exe
  2⤵
  PID:7492
- C:\Windows\System\bNmQqIN.exe
  C:\Windows\System\bNmQqIN.exe
  2⤵
  PID:7560
- C:\Windows\System\WbKLyyr.exe
  C:\Windows\System\WbKLyyr.exe
  2⤵
  PID:7612
- C:\Windows\System\LXWRNKB.exe
  C:\Windows\System\LXWRNKB.exe
  2⤵
  PID:7668
- C:\Windows\System\oFFIaBJ.exe
  C:\Windows\System\oFFIaBJ.exe
  2⤵
  PID:6604
- C:\Windows\System\zfujJdt.exe
  C:\Windows\System\zfujJdt.exe
  2⤵
  PID:7732
- C:\Windows\System\CyEoxSy.exe
  C:\Windows\System\CyEoxSy.exe
  2⤵
  PID:7832
- C:\Windows\System\kNjdDtp.exe
  C:\Windows\System\kNjdDtp.exe
  2⤵
  PID:7884
- C:\Windows\System\clCyIpI.exe
  C:\Windows\System\clCyIpI.exe
  2⤵
  PID:7944
- C:\Windows\System\MzQxEem.exe
  C:\Windows\System\MzQxEem.exe
  2⤵
  PID:8016
- C:\Windows\System\gCSpZNn.exe
  C:\Windows\System\gCSpZNn.exe
  2⤵
  PID:8068
- C:\Windows\System\XMRGCBC.exe
  C:\Windows\System\XMRGCBC.exe
  2⤵
  PID:8088
- C:\Windows\System\efJsaiC.exe
  C:\Windows\System\efJsaiC.exe
  2⤵
  PID:4572
- C:\Windows\System\HDPxfZN.exe
  C:\Windows\System\HDPxfZN.exe
  2⤵
  PID:7228
- C:\Windows\System\zzPEjXG.exe
  C:\Windows\System\zzPEjXG.exe
  2⤵
  PID:7444
- C:\Windows\System\pfeQPfp.exe
  C:\Windows\System\pfeQPfp.exe
  2⤵
  PID:6668
- C:\Windows\System\qXxTKUH.exe
  C:\Windows\System\qXxTKUH.exe
  2⤵
  PID:6084
- C:\Windows\System\wNXTXgV.exe
  C:\Windows\System\wNXTXgV.exe
  2⤵
  PID:7916
- C:\Windows\System\tGEPNHb.exe
  C:\Windows\System\tGEPNHb.exe
  2⤵
  PID:8072
- C:\Windows\System\GJCjNhp.exe
  C:\Windows\System\GJCjNhp.exe
  2⤵
  PID:7200
- C:\Windows\System\gaqTTaU.exe
  C:\Windows\System\gaqTTaU.exe
  2⤵
  PID:7308
- C:\Windows\System\DcNfXkE.exe
  C:\Windows\System\DcNfXkE.exe
  2⤵
  PID:7624
- C:\Windows\System\TKGzzdR.exe
  C:\Windows\System\TKGzzdR.exe
  2⤵
  PID:7108
- C:\Windows\System\QpxChjs.exe
  C:\Windows\System\QpxChjs.exe
  2⤵
  PID:7524
- C:\Windows\System\rkRhKNN.exe
  C:\Windows\System\rkRhKNN.exe
  2⤵
  PID:7620
- C:\Windows\System\MpQFAUw.exe
  C:\Windows\System\MpQFAUw.exe
  2⤵
  PID:8208
- C:\Windows\System\qEEdyTm.exe
  C:\Windows\System\qEEdyTm.exe
  2⤵
  PID:8236
- C:\Windows\System\aBsgyHB.exe
  C:\Windows\System\aBsgyHB.exe
  2⤵
  PID:8264
- C:\Windows\System\UHXdCfV.exe
  C:\Windows\System\UHXdCfV.exe
  2⤵
  PID:8284
- C:\Windows\System\qIbdyhK.exe
  C:\Windows\System\qIbdyhK.exe
  2⤵
  PID:8308
- C:\Windows\System\WwsxPWB.exe
  C:\Windows\System\WwsxPWB.exe
  2⤵
  PID:8324
- C:\Windows\System\BjtEXsx.exe
  C:\Windows\System\BjtEXsx.exe
  2⤵
  PID:8352
- C:\Windows\System\fJlKDAm.exe
  C:\Windows\System\fJlKDAm.exe
  2⤵
  PID:8372
- C:\Windows\System\MJiCkBg.exe
  C:\Windows\System\MJiCkBg.exe
  2⤵
  PID:8432
- C:\Windows\System\xiibZfM.exe
  C:\Windows\System\xiibZfM.exe
  2⤵
  PID:8460
- C:\Windows\System\uyKCBKI.exe
  C:\Windows\System\uyKCBKI.exe
  2⤵
  PID:8476
- C:\Windows\System\pFQutkV.exe
  C:\Windows\System\pFQutkV.exe
  2⤵
  PID:8504
- C:\Windows\System\ILTBzMz.exe
  C:\Windows\System\ILTBzMz.exe
  2⤵
  PID:8520
- C:\Windows\System\TyzVitO.exe
  C:\Windows\System\TyzVitO.exe
  2⤵
  PID:8544
- C:\Windows\System\cnaAtoE.exe
  C:\Windows\System\cnaAtoE.exe
  2⤵
  PID:8564
- C:\Windows\System\MxcEMuS.exe
  C:\Windows\System\MxcEMuS.exe
  2⤵
  PID:8592
- C:\Windows\System\hrGXubF.exe
  C:\Windows\System\hrGXubF.exe
  2⤵
  PID:8628
- C:\Windows\System\NvjDcOf.exe
  C:\Windows\System\NvjDcOf.exe
  2⤵
  PID:8664
- C:\Windows\System\uHgfGhl.exe
  C:\Windows\System\uHgfGhl.exe
  2⤵
  PID:8704
- C:\Windows\System\OGnSRXR.exe
  C:\Windows\System\OGnSRXR.exe
  2⤵
  PID:8736
- C:\Windows\System\xcVUMQS.exe
  C:\Windows\System\xcVUMQS.exe
  2⤵
  PID:8768
- C:\Windows\System\FZTKBYQ.exe
  C:\Windows\System\FZTKBYQ.exe
  2⤵
  PID:8796
- C:\Windows\System\wxmGnst.exe
  C:\Windows\System\wxmGnst.exe
  2⤵
  PID:8824
- C:\Windows\System\cugodyz.exe
  C:\Windows\System\cugodyz.exe
  2⤵
  PID:8852
- C:\Windows\System\STnhxye.exe
  C:\Windows\System\STnhxye.exe
  2⤵
  PID:8880
- C:\Windows\System\QIfxdTd.exe
  C:\Windows\System\QIfxdTd.exe
  2⤵
  PID:8908
- C:\Windows\System\pgimNlq.exe
  C:\Windows\System\pgimNlq.exe
  2⤵
  PID:8936
- C:\Windows\System\jDZdIiz.exe
  C:\Windows\System\jDZdIiz.exe
  2⤵
  PID:8964
- C:\Windows\System\TxcQRwx.exe
  C:\Windows\System\TxcQRwx.exe
  2⤵
  PID:8992
- C:\Windows\System\JNagpnU.exe
  C:\Windows\System\JNagpnU.exe
  2⤵
  PID:9024
- C:\Windows\System\BIKuwrE.exe
  C:\Windows\System\BIKuwrE.exe
  2⤵
  PID:9052
- C:\Windows\System\sJzOXqa.exe
  C:\Windows\System\sJzOXqa.exe
  2⤵
  PID:9080
- C:\Windows\System\RRpEiUp.exe
  C:\Windows\System\RRpEiUp.exe
  2⤵
  PID:9108
- C:\Windows\System\WXhShxy.exe
  C:\Windows\System\WXhShxy.exe
  2⤵
  PID:9136
- C:\Windows\System\IZNjpvN.exe
  C:\Windows\System\IZNjpvN.exe
  2⤵
  PID:9164
- C:\Windows\System\dIIYKcj.exe
  C:\Windows\System\dIIYKcj.exe
  2⤵
  PID:9192
- C:\Windows\System\FOjYRbB.exe
  C:\Windows\System\FOjYRbB.exe
  2⤵
  PID:7196
- C:\Windows\System\zpKMopX.exe
  C:\Windows\System\zpKMopX.exe
  2⤵
  PID:8276
- C:\Windows\System\BZkSExG.exe
  C:\Windows\System\BZkSExG.exe
  2⤵
  PID:8336
- C:\Windows\System\vUoovlR.exe
  C:\Windows\System\vUoovlR.exe
  2⤵
  PID:8404
- C:\Windows\System\pgkyCwT.exe
  C:\Windows\System\pgkyCwT.exe
  2⤵
  PID:8444
- C:\Windows\System\fGeqhBF.exe
  C:\Windows\System\fGeqhBF.exe
  2⤵
  PID:8488
- C:\Windows\System\OlDIGtI.exe
  C:\Windows\System\OlDIGtI.exe
  2⤵
  PID:8640
- C:\Windows\System\vowqpGS.exe
  C:\Windows\System\vowqpGS.exe
  2⤵
  PID:8684
- C:\Windows\System\PYmOAQH.exe
  C:\Windows\System\PYmOAQH.exe
  2⤵
  PID:8788
- C:\Windows\System\dDjucFL.exe
  C:\Windows\System\dDjucFL.exe
  2⤵
  PID:8868
- C:\Windows\System\eRehCGC.exe
  C:\Windows\System\eRehCGC.exe
  2⤵
  PID:8948
- C:\Windows\System\AZYZYYe.exe
  C:\Windows\System\AZYZYYe.exe
  2⤵
  PID:9012
- C:\Windows\System\xSuWbOC.exe
  C:\Windows\System\xSuWbOC.exe
  2⤵
  PID:9096
- C:\Windows\System\wWknrrG.exe
  C:\Windows\System\wWknrrG.exe
  2⤵
  PID:9156
- C:\Windows\System\PoYGguJ.exe
  C:\Windows\System\PoYGguJ.exe
  2⤵
  PID:9188
- C:\Windows\System\kiibveR.exe
  C:\Windows\System\kiibveR.exe
  2⤵
  PID:8292
- C:\Windows\System\wNbeXkl.exe
  C:\Windows\System\wNbeXkl.exe
  2⤵
  PID:8532
- C:\Windows\System\kImdxgW.exe
  C:\Windows\System\kImdxgW.exe
  2⤵
  PID:8728
- C:\Windows\System\nlVQiJo.exe
  C:\Windows\System\nlVQiJo.exe
  2⤵
  PID:7124
- C:\Windows\System\SdZDXom.exe
  C:\Windows\System\SdZDXom.exe
  2⤵
  PID:9072
- C:\Windows\System\RjcXSuB.exe
  C:\Windows\System\RjcXSuB.exe
  2⤵
  PID:9184
- C:\Windows\System\YieqfhT.exe
  C:\Windows\System\YieqfhT.exe
  2⤵
  PID:8424
- C:\Windows\System\vBkOZSN.exe
  C:\Windows\System\vBkOZSN.exe
  2⤵
  PID:8792
- C:\Windows\System\FCDkMro.exe
  C:\Windows\System\FCDkMro.exe
  2⤵
  PID:9180
- C:\Windows\System\UJtbQJf.exe
  C:\Windows\System\UJtbQJf.exe
  2⤵
  PID:9004
- C:\Windows\System\WllETYH.exe
  C:\Windows\System\WllETYH.exe
  2⤵
  PID:8688
- C:\Windows\System\JuyqTMg.exe
  C:\Windows\System\JuyqTMg.exe
  2⤵
  PID:9244
- C:\Windows\System\WcBaWbb.exe
  C:\Windows\System\WcBaWbb.exe
  2⤵
  PID:9276
- C:\Windows\System\qGfOZUi.exe
  C:\Windows\System\qGfOZUi.exe
  2⤵
  PID:9304
- C:\Windows\System\PAugWIy.exe
  C:\Windows\System\PAugWIy.exe
  2⤵
  PID:9332
- C:\Windows\System\FwJxIWI.exe
  C:\Windows\System\FwJxIWI.exe
  2⤵
  PID:9360
- C:\Windows\System\BjvYLXO.exe
  C:\Windows\System\BjvYLXO.exe
  2⤵
  PID:9388
- C:\Windows\System\vlDDYBj.exe
  C:\Windows\System\vlDDYBj.exe
  2⤵
  PID:9416
- C:\Windows\System\PpHBduF.exe
  C:\Windows\System\PpHBduF.exe
  2⤵
  PID:9444
- C:\Windows\System\PEkdjoF.exe
  C:\Windows\System\PEkdjoF.exe
  2⤵
  PID:9472
- C:\Windows\System\QVFqNnN.exe
  C:\Windows\System\QVFqNnN.exe
  2⤵
  PID:9500
- C:\Windows\System\lsmBAaC.exe
  C:\Windows\System\lsmBAaC.exe
  2⤵
  PID:9528
- C:\Windows\System\pwAmQSx.exe
  C:\Windows\System\pwAmQSx.exe
  2⤵
  PID:9556
- C:\Windows\System\fmXUVhM.exe
  C:\Windows\System\fmXUVhM.exe
  2⤵
  PID:9584
- C:\Windows\System\mAUlCap.exe
  C:\Windows\System\mAUlCap.exe
  2⤵
  PID:9612
- C:\Windows\System\JOmOYSx.exe
  C:\Windows\System\JOmOYSx.exe
  2⤵
  PID:9640
- C:\Windows\System\trIEBOj.exe
  C:\Windows\System\trIEBOj.exe
  2⤵
  PID:9672
- C:\Windows\System\aEcKOTi.exe
  C:\Windows\System\aEcKOTi.exe
  2⤵
  PID:9700
- C:\Windows\System\CoKuIES.exe
  C:\Windows\System\CoKuIES.exe
  2⤵
  PID:9736
- C:\Windows\System\vctXMGP.exe
  C:\Windows\System\vctXMGP.exe
  2⤵
  PID:9764
- C:\Windows\System\JdgKUfW.exe
  C:\Windows\System\JdgKUfW.exe
  2⤵
  PID:9792
- C:\Windows\System\OrdZVjU.exe
  C:\Windows\System\OrdZVjU.exe
  2⤵
  PID:9820
- C:\Windows\System\RDUjMhH.exe
  C:\Windows\System\RDUjMhH.exe
  2⤵
  PID:9840
- C:\Windows\System\MSOFxYR.exe
  C:\Windows\System\MSOFxYR.exe
  2⤵
  PID:9868
- C:\Windows\System\TEqrOBV.exe
  C:\Windows\System\TEqrOBV.exe
  2⤵
  PID:9908
- C:\Windows\System\JLqaGur.exe
  C:\Windows\System\JLqaGur.exe
  2⤵
  PID:9952
- C:\Windows\System\kQOpDoZ.exe
  C:\Windows\System\kQOpDoZ.exe
  2⤵
  PID:9968
- C:\Windows\System\DSyZymW.exe
  C:\Windows\System\DSyZymW.exe
  2⤵
  PID:10008
- C:\Windows\System\DsVovhT.exe
  C:\Windows\System\DsVovhT.exe
  2⤵
  PID:10040
- C:\Windows\System\YKwowJo.exe
  C:\Windows\System\YKwowJo.exe
  2⤵
  PID:10068
- C:\Windows\System\jTLTszp.exe
  C:\Windows\System\jTLTszp.exe
  2⤵
  PID:10100
- C:\Windows\System\dELjkYM.exe
  C:\Windows\System\dELjkYM.exe
  2⤵
  PID:10168
- C:\Windows\System\oAPPezC.exe
  C:\Windows\System\oAPPezC.exe
  2⤵
  PID:10200
- C:\Windows\System\iveEEmp.exe
  C:\Windows\System\iveEEmp.exe
  2⤵
  PID:9228
- C:\Windows\System\iUwOTbl.exe
  C:\Windows\System\iUwOTbl.exe
  2⤵
  PID:9296
- C:\Windows\System\JwtwaUN.exe
  C:\Windows\System\JwtwaUN.exe
  2⤵
  PID:9380
- C:\Windows\System\sYDXPUi.exe
  C:\Windows\System\sYDXPUi.exe
  2⤵
  PID:9492
- C:\Windows\System\PsAGIoK.exe
  C:\Windows\System\PsAGIoK.exe
  2⤵
  PID:9552
- C:\Windows\System\qeXAJbx.exe
  C:\Windows\System\qeXAJbx.exe
  2⤵
  PID:9668
- C:\Windows\System\dawKqgA.exe
  C:\Windows\System\dawKqgA.exe
  2⤵
  PID:9760
- C:\Windows\System\hERLuhw.exe
  C:\Windows\System\hERLuhw.exe
  2⤵
  PID:9812
- C:\Windows\System\yygbklt.exe
  C:\Windows\System\yygbklt.exe
  2⤵
  PID:9876
- C:\Windows\System\wkfouGQ.exe
  C:\Windows\System\wkfouGQ.exe
  2⤵
  PID:9944
- C:\Windows\System\WoTzIzI.exe
  C:\Windows\System\WoTzIzI.exe
  2⤵
  PID:10004
- C:\Windows\System\SMMajsc.exe
  C:\Windows\System\SMMajsc.exe
  2⤵
  PID:10052
- C:\Windows\System\RQMhBQB.exe
  C:\Windows\System\RQMhBQB.exe
  2⤵
  PID:10164
- C:\Windows\System\PDtlSUg.exe
  C:\Windows\System\PDtlSUg.exe
  2⤵
  PID:9268
- C:\Windows\System\dYIsjol.exe
  C:\Windows\System\dYIsjol.exe
  2⤵
  PID:9488
- C:\Windows\System\mxffVrQ.exe
  C:\Windows\System\mxffVrQ.exe
  2⤵
  PID:9728
- C:\Windows\System\BMApQTE.exe
  C:\Windows\System\BMApQTE.exe
  2⤵
  PID:9984
- C:\Windows\System\Dqiealb.exe
  C:\Windows\System\Dqiealb.exe
  2⤵
  PID:10084
- C:\Windows\System\ZidWAsK.exe
  C:\Windows\System\ZidWAsK.exe
  2⤵
  PID:9848
- C:\Windows\System\JsdQUal.exe
  C:\Windows\System\JsdQUal.exe
  2⤵
  PID:3832
- C:\Windows\System\fdQQoeb.exe
  C:\Windows\System\fdQQoeb.exe
  2⤵
  PID:10256
- C:\Windows\System\LUiasTU.exe
  C:\Windows\System\LUiasTU.exe
  2⤵
  PID:10284
- C:\Windows\System\OvqijZC.exe
  C:\Windows\System\OvqijZC.exe
  2⤵
  PID:10312
- C:\Windows\System\YSDoUht.exe
  C:\Windows\System\YSDoUht.exe
  2⤵
  PID:10348
- C:\Windows\System\OnrkNEF.exe
  C:\Windows\System\OnrkNEF.exe
  2⤵
  PID:10364
- C:\Windows\System\SImhSuU.exe
  C:\Windows\System\SImhSuU.exe
  2⤵
  PID:10412
- C:\Windows\System\mHFgXzB.exe
  C:\Windows\System\mHFgXzB.exe
  2⤵
  PID:10440
- C:\Windows\System\iZmsUXI.exe
  C:\Windows\System\iZmsUXI.exe
  2⤵
  PID:10468
- C:\Windows\System\ojmsCWB.exe
  C:\Windows\System\ojmsCWB.exe
  2⤵
  PID:10496
- C:\Windows\System\IaCaNAA.exe
  C:\Windows\System\IaCaNAA.exe
  2⤵
  PID:10524
- C:\Windows\System\bBUYQvy.exe
  C:\Windows\System\bBUYQvy.exe
  2⤵
  PID:10552
- C:\Windows\System\ZMFIRSQ.exe
  C:\Windows\System\ZMFIRSQ.exe
  2⤵
  PID:10580
- C:\Windows\System\szmyKCB.exe
  C:\Windows\System\szmyKCB.exe
  2⤵
  PID:10608
- C:\Windows\System\SeDidPz.exe
  C:\Windows\System\SeDidPz.exe
  2⤵
  PID:10636
- C:\Windows\System\kkjmQjT.exe
  C:\Windows\System\kkjmQjT.exe
  2⤵
  PID:10664
- C:\Windows\System\qmwMJqy.exe
  C:\Windows\System\qmwMJqy.exe
  2⤵
  PID:10692
- C:\Windows\System\wRLhQwo.exe
  C:\Windows\System\wRLhQwo.exe
  2⤵
  PID:10724
- C:\Windows\System\IvGioQo.exe
  C:\Windows\System\IvGioQo.exe
  2⤵
  PID:10752
- C:\Windows\System\mltFIDU.exe
  C:\Windows\System\mltFIDU.exe
  2⤵
  PID:10772
- C:\Windows\System\vbubpKD.exe
  C:\Windows\System\vbubpKD.exe
  2⤵
  PID:10804
- C:\Windows\System\LkJOrRB.exe
  C:\Windows\System\LkJOrRB.exe
  2⤵
  PID:10828
- C:\Windows\System\xVtsmNs.exe
  C:\Windows\System\xVtsmNs.exe
  2⤵
  PID:10844
- C:\Windows\System\ndbKbfq.exe
  C:\Windows\System\ndbKbfq.exe
  2⤵
  PID:10884
- C:\Windows\System\jGgaDSm.exe
  C:\Windows\System\jGgaDSm.exe
  2⤵
  PID:10904
- C:\Windows\System\wcUBvAj.exe
  C:\Windows\System\wcUBvAj.exe
  2⤵
  PID:10940
- C:\Windows\System\lyrLodN.exe
  C:\Windows\System\lyrLodN.exe
  2⤵
  PID:10984
- C:\Windows\System\rkDeoxz.exe
  C:\Windows\System\rkDeoxz.exe
  2⤵
  PID:11012
- C:\Windows\System\CpuWbZC.exe
  C:\Windows\System\CpuWbZC.exe
  2⤵
  PID:11040
- C:\Windows\System\atxIWzM.exe
  C:\Windows\System\atxIWzM.exe
  2⤵
  PID:11068
- C:\Windows\System\fXgTYBY.exe
  C:\Windows\System\fXgTYBY.exe
  2⤵
  PID:11096
- C:\Windows\System\dbsysAf.exe
  C:\Windows\System\dbsysAf.exe
  2⤵
  PID:11124
- C:\Windows\System\YJENXZK.exe
  C:\Windows\System\YJENXZK.exe
  2⤵
  PID:11152
- C:\Windows\System\qBfESxh.exe
  C:\Windows\System\qBfESxh.exe
  2⤵
  PID:11184
- C:\Windows\System\BezAjsn.exe
  C:\Windows\System\BezAjsn.exe
  2⤵
  PID:11212
- C:\Windows\System\ZLmSsNI.exe
  C:\Windows\System\ZLmSsNI.exe
  2⤵
  PID:11240
- C:\Windows\System\ixLhoFp.exe
  C:\Windows\System\ixLhoFp.exe
  2⤵
  PID:10244
- C:\Windows\System\rANetmZ.exe
  C:\Windows\System\rANetmZ.exe
  2⤵
  PID:10304
- C:\Windows\System\MkQQfYq.exe
  C:\Windows\System\MkQQfYq.exe
  2⤵
  PID:10376
- C:\Windows\System\vyVMwAB.exe
  C:\Windows\System\vyVMwAB.exe
  2⤵
  PID:10452
- C:\Windows\System\riHvgMr.exe
  C:\Windows\System\riHvgMr.exe
  2⤵
  PID:10516
- C:\Windows\System\fyrBYgM.exe
  C:\Windows\System\fyrBYgM.exe
  2⤵
  PID:10572
- C:\Windows\System\YGMhBCL.exe
  C:\Windows\System\YGMhBCL.exe
  2⤵
  PID:10632
- C:\Windows\System\VZtVGBg.exe
  C:\Windows\System\VZtVGBg.exe
  2⤵
  PID:10708
- C:\Windows\System\WQacdWy.exe
  C:\Windows\System\WQacdWy.exe
  2⤵
  PID:6256
- C:\Windows\System\yCaGAnO.exe
  C:\Windows\System\yCaGAnO.exe
  2⤵
  PID:10812
- C:\Windows\System\LIGFgrL.exe
  C:\Windows\System\LIGFgrL.exe
  2⤵
  PID:10876
- C:\Windows\System\tdqvUCz.exe
  C:\Windows\System\tdqvUCz.exe
  2⤵
  PID:10928
- C:\Windows\System\kgcpMYC.exe
  C:\Windows\System\kgcpMYC.exe
  2⤵
  PID:10996
- C:\Windows\System\xdYTIrG.exe
  C:\Windows\System\xdYTIrG.exe
  2⤵
  PID:11064
- C:\Windows\System\OLNJvyw.exe
  C:\Windows\System\OLNJvyw.exe
  2⤵
  PID:700
- C:\Windows\System\HWcYHvb.exe
  C:\Windows\System\HWcYHvb.exe
  2⤵
  PID:11196
- C:\Windows\System\EZJQwhs.exe
  C:\Windows\System\EZJQwhs.exe
  2⤵
  PID:11260
- C:\Windows\System\NymogKD.exe
  C:\Windows\System\NymogKD.exe
  2⤵
  PID:10360
- C:\Windows\System\NcBTDGx.exe
  C:\Windows\System\NcBTDGx.exe
  2⤵
  PID:10544
- C:\Windows\System\PhzVjWg.exe
  C:\Windows\System\PhzVjWg.exe
  2⤵
  PID:10684
- C:\Windows\System\TueqCRH.exe
  C:\Windows\System\TueqCRH.exe
  2⤵
  PID:10784
- C:\Windows\System\cNFYmzx.exe
  C:\Windows\System\cNFYmzx.exe
  2⤵
  PID:10924
- C:\Windows\System\VFRoAgr.exe
  C:\Windows\System\VFRoAgr.exe
  2⤵
  PID:11112
- C:\Windows\System\IwAnVVf.exe
  C:\Windows\System\IwAnVVf.exe
  2⤵
  PID:11228
- C:\Windows\System\MsjtLoO.exe
  C:\Windows\System\MsjtLoO.exe
  2⤵
  PID:10436
- C:\Windows\System\WOIRyme.exe
  C:\Windows\System\WOIRyme.exe
  2⤵
  PID:6380
- C:\Windows\System\WglhOez.exe
  C:\Windows\System\WglhOez.exe
  2⤵
  PID:11060
- C:\Windows\System\Jrlzeqs.exe
  C:\Windows\System\Jrlzeqs.exe
  2⤵
  PID:10628
- C:\Windows\System\EfxKhHt.exe
  C:\Windows\System\EfxKhHt.exe
  2⤵
  PID:10340
- C:\Windows\System\jTsYGdw.exe
  C:\Windows\System\jTsYGdw.exe
  2⤵
  PID:11272
- C:\Windows\System\QtJRdtA.exe
  C:\Windows\System\QtJRdtA.exe
  2⤵
  PID:11296
- C:\Windows\System\KPrLfXM.exe
  C:\Windows\System\KPrLfXM.exe
  2⤵
  PID:11320
- C:\Windows\System\wpjOhtG.exe
  C:\Windows\System\wpjOhtG.exe
  2⤵
  PID:11356
- C:\Windows\System\sHXsUtx.exe
  C:\Windows\System\sHXsUtx.exe
  2⤵
  PID:11376
- C:\Windows\System\SwHdLEc.exe
  C:\Windows\System\SwHdLEc.exe
  2⤵
  PID:11412
- C:\Windows\System\mzyEujH.exe
  C:\Windows\System\mzyEujH.exe
  2⤵
  PID:11444
- C:\Windows\System\VXJTVzy.exe
  C:\Windows\System\VXJTVzy.exe
  2⤵
  PID:11460
- C:\Windows\System\ZddMlBy.exe
  C:\Windows\System\ZddMlBy.exe
  2⤵
  PID:11480
- C:\Windows\System\oUczVfd.exe
  C:\Windows\System\oUczVfd.exe
  2⤵
  PID:11516
- C:\Windows\System\fsFUJHS.exe
  C:\Windows\System\fsFUJHS.exe
  2⤵
  PID:11540
- C:\Windows\System\TwxiBOz.exe
  C:\Windows\System\TwxiBOz.exe
  2⤵
  PID:11572
- C:\Windows\System\sfVWzZb.exe
  C:\Windows\System\sfVWzZb.exe
  2⤵
  PID:11604
- C:\Windows\System\poVAhKC.exe
  C:\Windows\System\poVAhKC.exe
  2⤵
  PID:11640
- C:\Windows\System\WPkslNv.exe
  C:\Windows\System\WPkslNv.exe
  2⤵
  PID:11668
- C:\Windows\System\ekQDoAf.exe
  C:\Windows\System\ekQDoAf.exe
  2⤵
  PID:11696
- C:\Windows\System\OiNjtlc.exe
  C:\Windows\System\OiNjtlc.exe
  2⤵
  PID:11724
- C:\Windows\System\EKwZgyv.exe
  C:\Windows\System\EKwZgyv.exe
  2⤵
  PID:11756
- C:\Windows\System\ngqfVaC.exe
  C:\Windows\System\ngqfVaC.exe
  2⤵
  PID:11784
- C:\Windows\System\PWKTrZI.exe
  C:\Windows\System\PWKTrZI.exe
  2⤵
  PID:11812
- C:\Windows\System\VAdnXCy.exe
  C:\Windows\System\VAdnXCy.exe
  2⤵
  PID:11840
- C:\Windows\System\CmzDYXs.exe
  C:\Windows\System\CmzDYXs.exe
  2⤵
  PID:11868
- C:\Windows\System\MetWnPp.exe
  C:\Windows\System\MetWnPp.exe
  2⤵
  PID:11892
- C:\Windows\System\uTKCBrc.exe
  C:\Windows\System\uTKCBrc.exe
  2⤵
  PID:11908
- C:\Windows\System\tfDrDJE.exe
  C:\Windows\System\tfDrDJE.exe
  2⤵
  PID:11936
- C:\Windows\System\SPlKttq.exe
  C:\Windows\System\SPlKttq.exe
  2⤵
  PID:11960
- C:\Windows\System\ftjfJoK.exe
  C:\Windows\System\ftjfJoK.exe
  2⤵
  PID:11992
- C:\Windows\System\EBxVqrA.exe
  C:\Windows\System\EBxVqrA.exe
  2⤵
  PID:12024
- C:\Windows\System\QIISCMz.exe
  C:\Windows\System\QIISCMz.exe
  2⤵
  PID:12064
- C:\Windows\System\EkfJfNo.exe
  C:\Windows\System\EkfJfNo.exe
  2⤵
  PID:12092
- C:\Windows\System\LOoCBhr.exe
  C:\Windows\System\LOoCBhr.exe
  2⤵
  PID:12120
- C:\Windows\System\QFfNGYK.exe
  C:\Windows\System\QFfNGYK.exe
  2⤵
  PID:12136
- C:\Windows\System\REBdJyJ.exe
  C:\Windows\System\REBdJyJ.exe
  2⤵
  PID:12184
- C:\Windows\System\usJZRFn.exe
  C:\Windows\System\usJZRFn.exe
  2⤵
  PID:12212
- C:\Windows\System\cXUjcTY.exe
  C:\Windows\System\cXUjcTY.exe
  2⤵
  PID:12244
- C:\Windows\System\EaQWcVg.exe
  C:\Windows\System\EaQWcVg.exe
  2⤵
  PID:12272
- C:\Windows\System\fpHyrIJ.exe
  C:\Windows\System\fpHyrIJ.exe
  2⤵
  PID:11288
- C:\Windows\System\EUslUzx.exe
  C:\Windows\System\EUslUzx.exe
  2⤵
  PID:11352
- C:\Windows\System\nXJFniq.exe
  C:\Windows\System\nXJFniq.exe
  2⤵
  PID:11440
- C:\Windows\System\VQHZRBD.exe
  C:\Windows\System\VQHZRBD.exe
  2⤵
  PID:11560
- C:\Windows\System\hYWUebv.exe
  C:\Windows\System\hYWUebv.exe
  2⤵
  PID:11624
- C:\Windows\System\vYrmdBL.exe
  C:\Windows\System\vYrmdBL.exe
  2⤵
  PID:11688
- C:\Windows\System\GaVQsrg.exe
  C:\Windows\System\GaVQsrg.exe
  2⤵
  PID:11752
- C:\Windows\System\chcHtlY.exe
  C:\Windows\System\chcHtlY.exe
  2⤵
  PID:11828
- C:\Windows\System\HrYMcgI.exe
  C:\Windows\System\HrYMcgI.exe
  2⤵
  PID:11880
- C:\Windows\System\MpAqPej.exe
  C:\Windows\System\MpAqPej.exe
  2⤵
  PID:11944
- C:\Windows\System\EXncDcY.exe
  C:\Windows\System\EXncDcY.exe
  2⤵
  PID:12004
- C:\Windows\System\BTPSpeQ.exe
  C:\Windows\System\BTPSpeQ.exe
  2⤵
  PID:12056
- C:\Windows\System\IDBNGCl.exe
  C:\Windows\System\IDBNGCl.exe
  2⤵
  PID:12128
- C:\Windows\System\XbuLSHP.exe
  C:\Windows\System\XbuLSHP.exe
  2⤵
  PID:12200
- C:\Windows\System\yxeKLSn.exe
  C:\Windows\System\yxeKLSn.exe
  2⤵
  PID:11284
- C:\Windows\System\OzZLRjS.exe
  C:\Windows\System\OzZLRjS.exe
  2⤵
  PID:11508
- C:\Windows\System\qFwRwtT.exe
  C:\Windows\System\qFwRwtT.exe
  2⤵
  PID:11652
- C:\Windows\System\xCZMulN.exe
  C:\Windows\System\xCZMulN.exe
  2⤵
  PID:11804
- C:\Windows\System\kjPRoru.exe
  C:\Windows\System\kjPRoru.exe
  2⤵
  PID:11916
- C:\Windows\System\puGiUHU.exe
  C:\Windows\System\puGiUHU.exe
  2⤵
  PID:12104
- C:\Windows\System\LWUZsUY.exe
  C:\Windows\System\LWUZsUY.exe
  2⤵
  PID:12264
- C:\Windows\System\tKwXodv.exe
  C:\Windows\System\tKwXodv.exe
  2⤵
  PID:11744
- C:\Windows\System\AyUSzfX.exe
  C:\Windows\System\AyUSzfX.exe
  2⤵
  PID:12012
- C:\Windows\System\dMYerog.exe
  C:\Windows\System\dMYerog.exe
  2⤵
  PID:11408
- C:\Windows\System\Unuaoam.exe
  C:\Windows\System\Unuaoam.exe
  2⤵
  PID:11924
- C:\Windows\System\dMMTbOh.exe
  C:\Windows\System\dMMTbOh.exe
  2⤵
  PID:12308
- C:\Windows\System\EJCTymE.exe
  C:\Windows\System\EJCTymE.exe
  2⤵
  PID:12336
- C:\Windows\System\NkGrmVZ.exe
  C:\Windows\System\NkGrmVZ.exe
  2⤵
  PID:12364
- C:\Windows\System\WnsmuYf.exe
  C:\Windows\System\WnsmuYf.exe
  2⤵
  PID:12392
- C:\Windows\System\PFfEdoY.exe
  C:\Windows\System\PFfEdoY.exe
  2⤵
  PID:12420
- C:\Windows\System\MveQaZa.exe
  C:\Windows\System\MveQaZa.exe
  2⤵
  PID:12452
- C:\Windows\System\cJxlEpq.exe
  C:\Windows\System\cJxlEpq.exe
  2⤵
  PID:12480
- C:\Windows\System\eDioOCn.exe
  C:\Windows\System\eDioOCn.exe
  2⤵
  PID:12512
- C:\Windows\System\ZFAwdRC.exe
  C:\Windows\System\ZFAwdRC.exe
  2⤵
  PID:12544
- C:\Windows\System\JAIqvmk.exe
  C:\Windows\System\JAIqvmk.exe
  2⤵
  PID:12572
- C:\Windows\System\WxeKOkQ.exe
  C:\Windows\System\WxeKOkQ.exe
  2⤵
  PID:12600
- C:\Windows\System\ppxOObf.exe
  C:\Windows\System\ppxOObf.exe
  2⤵
  PID:12628
- C:\Windows\System\GuVplvP.exe
  C:\Windows\System\GuVplvP.exe
  2⤵
  PID:12656
- C:\Windows\System\xbtBFky.exe
  C:\Windows\System\xbtBFky.exe
  2⤵
  PID:12684
- C:\Windows\System\lubKKWB.exe
  C:\Windows\System\lubKKWB.exe
  2⤵
  PID:12712
- C:\Windows\System\GSuDNht.exe
  C:\Windows\System\GSuDNht.exe
  2⤵
  PID:12740
- C:\Windows\System\vUTEqxQ.exe
  C:\Windows\System\vUTEqxQ.exe
  2⤵
  PID:12768
- C:\Windows\System\kwqorjh.exe
  C:\Windows\System\kwqorjh.exe
  2⤵
  PID:12796
- C:\Windows\System\hFiPGcZ.exe
  C:\Windows\System\hFiPGcZ.exe
  2⤵
  PID:12824
- C:\Windows\System\MJgnYxa.exe
  C:\Windows\System\MJgnYxa.exe
  2⤵
  PID:12852
- C:\Windows\System\ybEhcND.exe
  C:\Windows\System\ybEhcND.exe
  2⤵
  PID:12880
- C:\Windows\System\NrBRZOU.exe
  C:\Windows\System\NrBRZOU.exe
  2⤵
  PID:12908
- C:\Windows\System\fmqtGrY.exe
  C:\Windows\System\fmqtGrY.exe
  2⤵
  PID:12936
- C:\Windows\System\MvHQORg.exe
  C:\Windows\System\MvHQORg.exe
  2⤵
  PID:12964
- C:\Windows\System\CdUVbcY.exe
  C:\Windows\System\CdUVbcY.exe
  2⤵
  PID:12992
- C:\Windows\System\QFnHxqG.exe
  C:\Windows\System\QFnHxqG.exe
  2⤵
  PID:13020
- C:\Windows\System\kjnKCOK.exe
  C:\Windows\System\kjnKCOK.exe
  2⤵
  PID:13048
- C:\Windows\System\RbJPICE.exe
  C:\Windows\System\RbJPICE.exe
  2⤵
  PID:13076
- C:\Windows\System\EgJpSOs.exe
  C:\Windows\System\EgJpSOs.exe
  2⤵
  PID:13104
- C:\Windows\System\gRqwdNu.exe
  C:\Windows\System\gRqwdNu.exe
  2⤵
  PID:13132
- C:\Windows\System\UqQnKtt.exe
  C:\Windows\System\UqQnKtt.exe
  2⤵
  PID:13160
- C:\Windows\System\DDygZuK.exe
  C:\Windows\System\DDygZuK.exe
  2⤵
  PID:13200
- C:\Windows\System\VeDCjAE.exe
  C:\Windows\System\VeDCjAE.exe
  2⤵
  PID:13216
- C:\Windows\System\snBNHtV.exe
  C:\Windows\System\snBNHtV.exe
  2⤵
  PID:13244
- C:\Windows\System\RHkNQcz.exe
  C:\Windows\System\RHkNQcz.exe
  2⤵
  PID:13272
- C:\Windows\System\skkUpCo.exe
  C:\Windows\System\skkUpCo.exe
  2⤵
  PID:13292
- C:\Windows\System\eGSiPab.exe
  C:\Windows\System\eGSiPab.exe
  2⤵
  PID:12328
- C:\Windows\System\VyNALyZ.exe
  C:\Windows\System\VyNALyZ.exe
  2⤵
  PID:12380
- C:\Windows\System\tJxouId.exe
  C:\Windows\System\tJxouId.exe
  2⤵
  PID:12464
- C:\Windows\System\pcrSFGZ.exe
  C:\Windows\System\pcrSFGZ.exe
  2⤵
  PID:12540
- C:\Windows\System\facRHGL.exe
  C:\Windows\System\facRHGL.exe
  2⤵
  PID:12588
- C:\Windows\System\OFlIIve.exe
  C:\Windows\System\OFlIIve.exe
  2⤵
  PID:12648
- C:\Windows\System\wJiwSiH.exe
  C:\Windows\System\wJiwSiH.exe
  2⤵
  PID:12700
- C:\Windows\System\HWSJekJ.exe
  C:\Windows\System\HWSJekJ.exe
  2⤵
  PID:12760
- C:\Windows\System\sVVkMBn.exe
  C:\Windows\System\sVVkMBn.exe
  2⤵
  PID:12820
- C:\Windows\System\xuJjWut.exe
  C:\Windows\System\xuJjWut.exe
  2⤵
  PID:12876
- C:\Windows\System\aLQUfKy.exe
  C:\Windows\System\aLQUfKy.exe
  2⤵
  PID:12956
- C:\Windows\System\pQRufvb.exe
  C:\Windows\System\pQRufvb.exe
  2⤵
  PID:12988
- C:\Windows\System\gfXxfQG.exe
  C:\Windows\System\gfXxfQG.exe
  2⤵
  PID:13036
- C:\Windows\System\QKlzNxs.exe
  C:\Windows\System\QKlzNxs.exe
  2⤵
  PID:13088
- C:\Windows\System\cmRohoK.exe
  C:\Windows\System\cmRohoK.exe
  2⤵
  PID:13152
- C:\Windows\System\daOiGwK.exe
  C:\Windows\System\daOiGwK.exe
  2⤵
  PID:13304
- C:\Windows\System\GXdcDtH.exe
  C:\Windows\System\GXdcDtH.exe
  2⤵
  PID:12440
- C:\Windows\System\TXvkfHE.exe
  C:\Windows\System\TXvkfHE.exe
  2⤵
  PID:12624
- C:\Windows\System\btWIXBj.exe
  C:\Windows\System\btWIXBj.exe
  2⤵
  PID:12780
- C:\Windows\System\MIzmLsj.exe
  C:\Windows\System\MIzmLsj.exe
  2⤵
  PID:12904
- C:\Windows\System\tKJbvPg.exe
  C:\Windows\System\tKJbvPg.exe
  2⤵
  PID:13060
- C:\Windows\System\IXTIHMy.exe
  C:\Windows\System\IXTIHMy.exe
  2⤵
  PID:13240
- C:\Windows\System\FeQOVFI.exe
  C:\Windows\System\FeQOVFI.exe
  2⤵
  PID:12508
- C:\Windows\System\NdbNhkZ.exe
  C:\Windows\System\NdbNhkZ.exe
  2⤵
  PID:12984
- C:\Windows\System\yOKWhDL.exe
  C:\Windows\System\yOKWhDL.exe
  2⤵
  PID:13236
- C:\Windows\System\TciBRfD.exe
  C:\Windows\System\TciBRfD.exe
  2⤵
  PID:13120
- C:\Windows\System\OuVsAfs.exe
  C:\Windows\System\OuVsAfs.exe
  2⤵
  PID:12932
- C:\Windows\System\ocwGFPV.exe
  C:\Windows\System\ocwGFPV.exe
  2⤵
  PID:13340
- C:\Windows\System\rosmylZ.exe
  C:\Windows\System\rosmylZ.exe
  2⤵
  PID:13368
- C:\Windows\System\jEmMMuo.exe
  C:\Windows\System\jEmMMuo.exe
  2⤵
  PID:13396
- C:\Windows\System\QULxKrq.exe
  C:\Windows\System\QULxKrq.exe
  2⤵
  PID:13428
- C:\Windows\System\wHWPHNB.exe
  C:\Windows\System\wHWPHNB.exe
  2⤵
  PID:13456
- C:\Windows\System\zoXnFcV.exe
  C:\Windows\System\zoXnFcV.exe
  2⤵
  PID:13484
- C:\Windows\System\ThJetJl.exe
  C:\Windows\System\ThJetJl.exe
  2⤵
  PID:13512
- C:\Windows\System\UWKjNnV.exe
  C:\Windows\System\UWKjNnV.exe
  2⤵
  PID:13540
- C:\Windows\System\XazcAlp.exe
  C:\Windows\System\XazcAlp.exe
  2⤵
  PID:13568
- C:\Windows\System\AXjgdBU.exe
  C:\Windows\System\AXjgdBU.exe
  2⤵
  PID:13596
- C:\Windows\System\lDjfRAP.exe
  C:\Windows\System\lDjfRAP.exe
  2⤵
  PID:13624
- C:\Windows\System\gZjFbbD.exe
  C:\Windows\System\gZjFbbD.exe
  2⤵
  PID:13652
- C:\Windows\System\FCBKxou.exe
  C:\Windows\System\FCBKxou.exe
  2⤵
  PID:13680
- C:\Windows\System\CXMLAUJ.exe
  C:\Windows\System\CXMLAUJ.exe
  2⤵
  PID:13708
- C:\Windows\System\lcsOYdT.exe
  C:\Windows\System\lcsOYdT.exe
  2⤵
  PID:13736
- C:\Windows\System\zoMxhlS.exe
  C:\Windows\System\zoMxhlS.exe
  2⤵
  PID:13764
- C:\Windows\System\FgyvaOI.exe
  C:\Windows\System\FgyvaOI.exe
  2⤵
  PID:13792
- C:\Windows\System\ysOWCfV.exe
  C:\Windows\System\ysOWCfV.exe
  2⤵
  PID:13820
- C:\Windows\System\Nhkinji.exe
  C:\Windows\System\Nhkinji.exe
  2⤵
  PID:13848
- C:\Windows\System\olvHUhT.exe
  C:\Windows\System\olvHUhT.exe
  2⤵
  PID:13876
- C:\Windows\System\KIjdAlC.exe
  C:\Windows\System\KIjdAlC.exe
  2⤵
  PID:13904
- C:\Windows\System\agHQICb.exe
  C:\Windows\System\agHQICb.exe
  2⤵
  PID:13932
- C:\Windows\System\MkLHlvP.exe
  C:\Windows\System\MkLHlvP.exe
  2⤵
  PID:13960
- C:\Windows\System\eYPhPEy.exe
  C:\Windows\System\eYPhPEy.exe
  2⤵
  PID:13988
- C:\Windows\System\FAoZpdy.exe
  C:\Windows\System\FAoZpdy.exe
  2⤵
  PID:14016
- C:\Windows\System\SIfFEMt.exe
  C:\Windows\System\SIfFEMt.exe
  2⤵
  PID:14044
- C:\Windows\System\hZmzgoi.exe
  C:\Windows\System\hZmzgoi.exe
  2⤵
  PID:14072
- C:\Windows\System\auXKEdm.exe
  C:\Windows\System\auXKEdm.exe
  2⤵
  PID:14100
- C:\Windows\System\xMdCTSL.exe
  C:\Windows\System\xMdCTSL.exe
  2⤵
  PID:14128
- C:\Windows\System\wHAECtT.exe
  C:\Windows\System\wHAECtT.exe
  2⤵
  PID:14156
- C:\Windows\System\nEXNcDO.exe
  C:\Windows\System\nEXNcDO.exe
  2⤵
  PID:14184
- C:\Windows\System\pAUeZek.exe
  C:\Windows\System\pAUeZek.exe
  2⤵
  PID:14212
- C:\Windows\System\gZfPwGj.exe
  C:\Windows\System\gZfPwGj.exe
  2⤵
  PID:14240
- C:\Windows\System\ddPUFXG.exe
  C:\Windows\System\ddPUFXG.exe
  2⤵
  PID:14268
- C:\Windows\System\pFydkFZ.exe
  C:\Windows\System\pFydkFZ.exe
  2⤵
  PID:14296
- C:\Windows\System\cZUMCyY.exe
  C:\Windows\System\cZUMCyY.exe
  2⤵
  PID:14324
- C:\Windows\System\bxQevdt.exe
  C:\Windows\System\bxQevdt.exe
  2⤵
  PID:13352
- C:\Windows\System\WPpgpdV.exe
  C:\Windows\System\WPpgpdV.exe
  2⤵
  PID:13420
- C:\Windows\System\XkhZGri.exe
  C:\Windows\System\XkhZGri.exe
  2⤵
  PID:11420
- C:\Windows\System\zMEtded.exe
  C:\Windows\System\zMEtded.exe
  2⤵
  PID:13536
- C:\Windows\System\cXSKfFx.exe
  C:\Windows\System\cXSKfFx.exe
  2⤵
  PID:13612
- C:\Windows\System\mRIXXrg.exe
  C:\Windows\System\mRIXXrg.exe
  2⤵
  PID:13648
- C:\Windows\System\JoGdPDZ.exe
  C:\Windows\System\JoGdPDZ.exe
  2⤵
  PID:13704
- C:\Windows\System\ppAbCBt.exe
  C:\Windows\System\ppAbCBt.exe
  2⤵
  PID:13756
- C:\Windows\System\ZFOAvhZ.exe
  C:\Windows\System\ZFOAvhZ.exe
  2⤵
  PID:13832
- C:\Windows\System\PupaIDf.exe
  C:\Windows\System\PupaIDf.exe
  2⤵
  PID:13900
- C:\Windows\System\hdWCLKe.exe
  C:\Windows\System\hdWCLKe.exe
  2⤵
  PID:13956
- C:\Windows\System\IiIXzbC.exe
  C:\Windows\System\IiIXzbC.exe
  2⤵
  PID:14040
- C:\Windows\System\OPURiDe.exe
  C:\Windows\System\OPURiDe.exe
  2⤵
  PID:14096
- C:\Windows\System\gjuKBpw.exe
  C:\Windows\System\gjuKBpw.exe
  2⤵
  PID:14204
- C:\Windows\System\myLtLle.exe
  C:\Windows\System\myLtLle.exe
  2⤵
  PID:14260
- C:\Windows\System\hkaulAg.exe
  C:\Windows\System\hkaulAg.exe
  2⤵
  PID:14316
- C:\Windows\System\zKkFLpS.exe
  C:\Windows\System\zKkFLpS.exe
  2⤵
  PID:13452
- C:\Windows\System\KRYttIb.exe
  C:\Windows\System\KRYttIb.exe
  2⤵
  PID:13592
- C:\Windows\System\RgGaLsR.exe
  C:\Windows\System\RgGaLsR.exe
  2⤵
  PID:13748
- C:\Windows\System\EtjAGNv.exe
  C:\Windows\System\EtjAGNv.exe
  2⤵
  PID:13868
- C:\Windows\System\DlenZpL.exe
  C:\Windows\System\DlenZpL.exe
  2⤵
  PID:14012
- C:\Windows\System\piSAlxd.exe
  C:\Windows\System\piSAlxd.exe
  2⤵
  PID:14176
- C:\Windows\System\AzkBnHm.exe
  C:\Windows\System\AzkBnHm.exe
  2⤵
  PID:2412
- C:\Windows\System\bhhOuxe.exe
  C:\Windows\System\bhhOuxe.exe
  2⤵
  PID:13564
- C:\Windows\System\mMiOmIh.exe
  C:\Windows\System\mMiOmIh.exe
  2⤵
  PID:13952
- C:\Windows\System\BlWhRhb.exe
  C:\Windows\System\BlWhRhb.exe
  2⤵
  PID:14308
- C:\Windows\System\zkOESLE.exe
  C:\Windows\System\zkOESLE.exe
  2⤵
  PID:13728
- C:\Windows\System\SoAVLpS.exe
  C:\Windows\System\SoAVLpS.exe
  2⤵
  PID:13524
- C:\Windows\System\GXkXaNO.exe
  C:\Windows\System\GXkXaNO.exe
  2⤵
  PID:14356
- C:\Windows\System\lCJUavx.exe
  C:\Windows\System\lCJUavx.exe
  2⤵
  PID:14384
- C:\Windows\System\mYUovZh.exe
  C:\Windows\System\mYUovZh.exe
  2⤵
  PID:14432
- C:\Windows\System\ofWryzU.exe
  C:\Windows\System\ofWryzU.exe
  2⤵
  PID:14504
- C:\Windows\System\vwMWtmK.exe
  C:\Windows\System\vwMWtmK.exe
  2⤵
  PID:14528
- C:\Windows\System\NiiLExi.exe
  C:\Windows\System\NiiLExi.exe
  2⤵
  PID:14580
- C:\Windows\System\ADuzkCY.exe
  C:\Windows\System\ADuzkCY.exe
  2⤵
  PID:14632
- C:\Windows\System\zUdLHge.exe
  C:\Windows\System\zUdLHge.exe
  2⤵
  PID:14660
- C:\Windows\System\ZhnAmVE.exe
  C:\Windows\System\ZhnAmVE.exe
  2⤵
  PID:14696
- C:\Windows\System\nrWbOwM.exe
  C:\Windows\System\nrWbOwM.exe
  2⤵
  PID:14740
- C:\Windows\System\AjmZUeV.exe
  C:\Windows\System\AjmZUeV.exe
  2⤵
  PID:14756
- C:\Windows\System\sJdobub.exe
  C:\Windows\System\sJdobub.exe
  2⤵
  PID:14772
- C:\Windows\System\EUKklsv.exe
  C:\Windows\System\EUKklsv.exe
  2⤵
  PID:14788
- C:\Windows\System\LrmajGg.exe
  C:\Windows\System\LrmajGg.exe
  2⤵
  PID:14808
- C:\Windows\System\WcVPcwh.exe
  C:\Windows\System\WcVPcwh.exe
  2⤵
  PID:14836
- C:\Windows\System\UMHBtHV.exe
  C:\Windows\System\UMHBtHV.exe
  2⤵
  PID:14868
- C:\Windows\System\aJRMrQE.exe
  C:\Windows\System\aJRMrQE.exe
  2⤵
  PID:14940
- C:\Windows\System\DSyKOgE.exe
  C:\Windows\System\DSyKOgE.exe
  2⤵
  PID:14968
- C:\Windows\System\NcLXZvK.exe
  C:\Windows\System\NcLXZvK.exe
  2⤵
  PID:14996
- C:\Windows\System\qhPneUa.exe
  C:\Windows\System\qhPneUa.exe
  2⤵
  PID:15024
- C:\Windows\System\blUpmzB.exe
  C:\Windows\System\blUpmzB.exe
  2⤵
  PID:15052
- C:\Windows\System\jUcrDnv.exe
  C:\Windows\System\jUcrDnv.exe
  2⤵
  PID:15080
- C:\Windows\System\CVUVwOv.exe
  C:\Windows\System\CVUVwOv.exe
  2⤵
  PID:15108
- C:\Windows\System\BaJsVID.exe
  C:\Windows\System\BaJsVID.exe
  2⤵
  PID:15136
- C:\Windows\System\fpMHTrp.exe
  C:\Windows\System\fpMHTrp.exe
  2⤵
  PID:15164
- C:\Windows\System\GhWIfTa.exe
  C:\Windows\System\GhWIfTa.exe
  2⤵
  PID:15192
- C:\Windows\System\AqqJmZN.exe
  C:\Windows\System\AqqJmZN.exe
  2⤵
  PID:15220
- C:\Windows\System\rtKmlCN.exe
  C:\Windows\System\rtKmlCN.exe
  2⤵
  PID:15248
- C:\Windows\System\MutTfxc.exe
  C:\Windows\System\MutTfxc.exe
  2⤵
  PID:15276
- C:\Windows\System\aGBHiUe.exe
  C:\Windows\System\aGBHiUe.exe
  2⤵
  PID:15304

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:6604

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BYJelHQ.exe

Filesize
2.0MB

MD5
3d52624b12b310553bf89777efb4ac70

SHA1
8c447e324719b1552f0b52a92e77bd7854059b88

SHA256
634e9560028b1449a8c42a7d20a98bd90073286c6492a7ad67c4d5931c97e6cc

SHA512
8ddd737529b42f186948b45360f7caa5c4d5d57414125d77dce16d8c882be328c4e046116e81b0dd34b3c6bf082e55dd424f0b7ca97867a89e01dec1bbcc150c

Download Submit
C:\Windows\System\EcNDlXH.exe

Filesize
2.0MB

MD5
dd6ab2042e689ab7bd42872efce71721

SHA1
3eff86916952be6b002cf9f2ccbbb74f5e7426d5

SHA256
1d8d20ee8c840469634361bfccf2d9a5be523ab8df8bbe17d862ba6a60a66268

SHA512
abc3ed64ce00f38b18f15a252a7aa3759956b4a7bd33fd752ebaed79a83fcfb4f4cfe7602f53c8d0ca61adad2f6af7d07546495993966e2c01452abd68fb4da7

Download Submit
C:\Windows\System\GayNmic.exe

Filesize
2.0MB

MD5
dc80c389d0a729781c2609668460fe51

SHA1
3a4dc2507827679e5ae213861fb6fe57396657fb

SHA256
8c6bf2b3518baae4446135949e673221a1650359936369ea6b74fac2442df125

SHA512
01fb682fd338f01e25020c3a74d1a958125024a84598521916526db58641c9d48915353a6b6bc7f8c1d4a945fe712c5cb656784e27f5ec34e3c63b3b14075f13

Download Submit
C:\Windows\System\HEYmqJR.exe

Filesize
2.0MB

MD5
eb66bb84f920dec5bfdfedda45d6e336

SHA1
221c8d0b8480ebef48c218d8635735a6ae999850

SHA256
bb386050bc4384550c91ce7d5b7a0ea524e7efdc4d3863a3b38ad1f3a10e16fa

SHA512
7c52149b21c17eb1061bafbc7d3e22644e6d8e8e1ae12396e9e33d1a205fd8eb83397ff76e024dd790056da8ebabd6e9c3b56939fbdf0a9bea70536422be2fd9

Download Submit
C:\Windows\System\IKbzEgl.exe

Filesize
2.0MB

MD5
edf17e26cd2d59ac72e1c7847cda5db6

SHA1
495f95cc7d94f1b2df36a31286e108ee1f73a2c5

SHA256
66543d79b02ea024a68ca99c17540c21ec46a9e8a3fb927257696d1cb4132124

SHA512
c38ff0c6b2950faf885e5060d41dd057cba35487bcc884e389dc4d70c53587b8915e056b67a5de05c1cb6242215534e87ee8efa92d6a794f1b7dcdfc1befa52e

Download Submit
C:\Windows\System\IOSfifO.exe

Filesize
2.0MB

MD5
c435cd988dc22a7b339a3cb11435d49a

SHA1
8348186455414b3ecb6f8f5a2107cce3b260f17f

SHA256
09e3910ed874a978eeca27aee5dd09d86387f4adcc9d456b2c305af997e7bd8e

SHA512
0a9e8b823c0b6549cb1545e6c10ecb214023c39394a3e6b1ee1bd21fb33d7f484a8fe6742d77205dd42108706d9e462201eefe90e4c3c5728036c2ca30da4359

Download Submit
C:\Windows\System\KeydWHa.exe

Filesize
2.0MB

MD5
39a9d24b5aca916c909a4ebfc1e75068

SHA1
ebe42bf916cce26cd0ad7401a9114e4a438e493b

SHA256
94f97520245e8caef313700df5f073ebc05e263521ab866ba5a7db107e5e38cf

SHA512
e53e4cbc689521c5a50572fe5681895b2b70e843a66544f18f5c961d619b5b27100946f3da6338c4d6d588f1225c7221e0762255d1192d34bb8564e3210e5c4c

Download Submit
C:\Windows\System\KqrfyzE.exe

Filesize
2.0MB

MD5
56fe449c2a833ecd2c7432dfcc12ee4f

SHA1
1a4585867ce1e2356f0580f6fa2846621c585e16

SHA256
4f626252887c4391f3be9f128e67276b2a4749810442700ec35c7cd0667c0bd3

SHA512
b9e109fccc778bf0d38984b4c0c30d759b3685ce2149b879d2c6f15123a53615dbd3e2ffff2c2ae5cc1c50cdc136068baff549bb07401916aac4c1a0db527c7b

Download Submit
C:\Windows\System\NOQONzv.exe

Filesize
2.0MB

MD5
494b82e1d4f16630f97e08ba849db01f

SHA1
3952145b25ca072f8a2032c72f3cf277c2a8594f

SHA256
23b900f2b4b09f9a96eabfe40654edfd21907895ba00e56c60e179d55429a682

SHA512
adb7e97e667824da76b01ebcceb30d7837b2e82e66b3760ac9b960ac9fc57d1608e7db3a50c3f1b2a3a7251079d3afc7814b8f6366dd56801baa66e875d7d3c8

Download Submit
C:\Windows\System\PlzduDL.exe

Filesize
2.0MB

MD5
2912f18fa4cbe6ebb9a85d6136984047

SHA1
3901f576ea201e7ff1fc9f94015b4e966402381d

SHA256
629bee21d5895239e1c1786188bf87672b33b0ba7f6f03070e7c7eb96d84d19f

SHA512
f3124548c39d043105dfe7188f2c58ea60db2e8045c5c55ccfd7d9aacbbf80e479400560ab5ba4ed1c02bfc615294402cc6ba31e34ca787c01482c2094d7f81a

Download Submit
C:\Windows\System\UJZFlML.exe

Filesize
2.0MB

MD5
8b4bc372b0947f3f841dcb74758be50b

SHA1
b506ed1a1df3cb624b51e808d01fd1db5f203e09

SHA256
0d2f9864d55fe77183b5a7bd3a8736363d76939069e566735fa3fef25e1304c9

SHA512
f1ad0e6a245ce917900fb05d8615428c63b6a87b5e5e4e0fd73f9ad1cb66ecd9ffab54bdedb306e69513a52250643ff44e01a3002b1fefa47039768d557dc97a

Download Submit
C:\Windows\System\WocyfOf.exe

Filesize
2.0MB

MD5
d6c51a1dc355d625d0d07762f0a8486a

SHA1
fb0c410024b25333682693c5235cefe8f8bf040f

SHA256
7aa008eb01916dc276b00bbf61d23b96d0b781eac2acd2779316a42cad86bc67

SHA512
4cbeb99aed646aaa42d5ce7db8f6f37c2726d3303c4fc4beed48011e26096cb4e978fbd95b23924b418f66bcc0dd0fd04fb2dab84749498657a46ade6fc49ff2

Download Submit
C:\Windows\System\YPmesRF.exe

Filesize
2.0MB

MD5
40d2662255fee264f64d2bbd348abe7d

SHA1
279df9aaae2446d7921294873d0338ea7c234c98

SHA256
c808134f4598804d53fab0e184ef77a8fb6c9c8af0c7bb3c42a97db410faad3e

SHA512
8073ea0f00a82701ea1ef7e4493c7e21179ce287c32256f83309cc73165790f5a04f95b038b20d54f2f3119f711f1806d40340945a4837371eb27ad3d7f7de87

Download Submit
C:\Windows\System\cKcMxNP.exe

Filesize
2.0MB

MD5
b69b4793ff7659d8175c54493426b6ab

SHA1
8eafa5e1998283e4a742bbc32eaf218a62c02458

SHA256
9eb65d11b12635249579c7e86c33db870589d26e60c88497fe96401a83e9eb75

SHA512
5fb21a627235e35a2ec4d0fa7eba5f191d940559b80393a267e2a6fb88c73aeda44f3747f2f8c5448a8afd06741f552e3d5d7c14f4c735cc4b802ce541820891

Download Submit
C:\Windows\System\eEcegVR.exe

Filesize
2.0MB

MD5
d94b74590752b349207183e59b631492

SHA1
99a3f2948f707bb4873059e140c9830994f85ae2

SHA256
e32d9cc24c5dc13f02665ba25969e26b48601c36ce8c8716368500b5208d451b

SHA512
ef2bca339309616e41016c015b73f1db5643d18b06bbe7f9a12385b65c874f2cfa79194a78961b5d7f265ffebe46a2b7045d3e83f7f073345d4f1872bd835ad0

Download Submit
C:\Windows\System\fWoptfP.exe

Filesize
2.0MB

MD5
a0c4979f2bb77e7174664e49bd52d3b0

SHA1
ffbe0eca29da6a338daaac2e4531bda532d287c5

SHA256
aeaef64fd1affa2ea6fb6577762b890512bed672ad48dcd09b09e5a6937920d2

SHA512
a6d98e19a480eba52020a66f81e7f29fd0e360413ee92f83cce69984a69b53b8b29fbc1ca127067d36aa74601b1aa4e0cd20606b1fd352ee83ca010656da3e5c

Download Submit
C:\Windows\System\gVQGeUc.exe

Filesize
2.0MB

MD5
020d4e66555086a7e80ace6beebb279e

SHA1
4914c9f3c0621e791cc91bc9394fb779c624c317

SHA256
5dd64716de1cbce581afe6bf2b6226f2d7fe6095ceb87e00e3b523982f780cff

SHA512
ed4ace37a50721e992f73f7e8eb98a9ca33c06c0298ca2c24b4f4c1ea3403802ae70ebf7dce6521f466612cfe58419137424ff9f9e0d81f360b82829b144cc74

Download Submit
C:\Windows\System\hIrMElC.exe

Filesize
2.0MB

MD5
f05e3b29c26e394f67635b1de341d301

SHA1
c8e0b012e842299da3404f06c5777f194b6b2579

SHA256
75800c39e66895bcc5a73ca3a578698b2a1c4e3c62d23b4e98bbccef9fb62623

SHA512
73d12c5ed6793895f594bd829f190e3056844afbb418594d8ab5b0936821aa1fddbfc15bd89336f5065874cfabc559cd502ebc32401ab1d8dd8d29ac439e2555

Download Submit
C:\Windows\System\hvSmHhE.exe

Filesize
2.0MB

MD5
7d29ca9b98c9be25f55c67ff8631d7b6

SHA1
c9e2b786210da9f8924f34eb33eeae1fd49381d1

SHA256
2c1a145933fb46c1633d20bba626c0b83df17461c3df5dd4b9fbe84ef6fa24b6

SHA512
4cdbbac778c26b84e9ca21243cc3d3f476c92b725b5fdf69091f82a8dc992aa91b56cc07b2f42600051b6547a9c6718e7edd0aceeda4320981dde0bb78066c87

Download Submit
C:\Windows\System\jsEcetF.exe

Filesize
2.0MB

MD5
35377bb0eed455708d4d987d9a348385

SHA1
a6a898f488b77ad196c1936ec7ade0cad5123f13

SHA256
6d9d8c3384a345a4f1e7b5ace4353923590b75a34da6b0832a0172d0da14ab91

SHA512
65f89282988c1462ca154201ed3d66c94aaafc728ffa3704965e3e3f2a2c8b0e7a16f6f4a9578ac14d25fcd5fb27e04ffd6a582b0cdb9f91f5f09cd96117583e

Download Submit
C:\Windows\System\kUCCnfv.exe

Filesize
2.0MB

MD5
ab296ca908513abe281c4fe71b32bf60

SHA1
4420b836285bb046fb48a327db0caf93ddedda3a

SHA256
968d92a030b1a4f03de893ddb5c6c401b621b8e5f88d0ded499554291267d2c2

SHA512
f8ab5bc71cee8c84fdf8d14e516e1eb5526a7e5f1323f69721bd70d331a613e76746fc19a278c3f51ec0ed6ea8394817fc8289db8f2e386e334e1cb030bbac6e

Download Submit
C:\Windows\System\nSWYWHP.exe

Filesize
2.0MB

MD5
abbc7bf815bec8ee60445afefd2e41b6

SHA1
1b9c8e02aba7cbb4dcf9595da5a3e58ae7e5ce0f

SHA256
4f4daf3301fa013e705969b72b67cfe40135af9f734ff789047d2d3c3bbd0b1a

SHA512
09003058c2d2e7d98f7cf12e93ed40345c44855e5279b075bbe547392590f6983e1ddf8ae69e5b2b8afe0fa3ce32cfb0e8b4699c0873fba1a697e9d8bee4a84d

Download Submit
C:\Windows\System\nUgrIQC.exe

Filesize
2.0MB

MD5
e891218b0cc94be1936202b9b0a71a64

SHA1
648f913f1a197a884002070d878fbf44f84d4830

SHA256
5de0be75a5ff5df4802c8284ee26e2c4697bc01796a5e0de33582f6d357af02c

SHA512
6dcb10d517eb798e6a28ebd897db9c9cb118ee2b8db098c5908685771c4c21b7c0c88cbbdcd460c103d46de14764d51371a7b51b0d48c7ba7831e7ebb5d9b8b8

Download Submit
C:\Windows\System\sAepwKL.exe

Filesize
2.0MB

MD5
ba6a4057b61a3a7d85f7c2c3968042d1

SHA1
691d0d7bf69d72d029b50a1372f7e34975a3d8da

SHA256
65e219559112ca678898177f4e998f5514de30a6d1f1f99c45397c37c9973d75

SHA512
935ddea4eec3ad28500db69890fa1b287e3eda82a31f3306d2bd36e3d0c6af358dd45f797861e9f871369ba0e8c7765fc1ece0ec1d8574be9f6fdf21ff9306be

Download Submit
C:\Windows\System\sPemhyt.exe

Filesize
2.0MB

MD5
3dab3af6a79b271700576ae9d1404fba

SHA1
0c3d102c0eae654717cd3ce5d85f90310894462e

SHA256
196368922ec37a0ecf32ff2df28fbc1b66912c2dbf8ee3df291579a9be189ce7

SHA512
74a9a2b510f5bd61cf49b9468e3dc06bb6d4445b5152a2e273c489685ea928dd6823436343ff66412331902cd2a5fe0b107a0f3b5cb39fec52bb31f50e0a27b4

Download Submit
C:\Windows\System\szVhkwh.exe

Filesize
2.0MB

MD5
6157902ca13b054b8f06e94910565b78

SHA1
11798e2abd77854825895a5c4a75119ceacc6ab3

SHA256
41e3f5afc965302348b3c9914ee80c1b894330b22394e3bff4527b5d9cb3fc21

SHA512
ff5ae1e5c53056c1caf15b0dc8686b473cbdbd1faa310e643b9a4ebc3569e2eaec47719660ffb1a54f9372af4fb80cb26a6adcf881c421a38b6daab01432a3c3

Download Submit
C:\Windows\System\tRpMjMo.exe

Filesize
2.0MB

MD5
f70f00ce01e67695732c0514ad44c8e9

SHA1
a601820e708e33829aa8058e830cc30066460a32

SHA256
e0834eb4ca4ce11da07ed183c111951a1d6524c549767ccf6b7dbb2e1663bc8b

SHA512
ec10339bb92d5d082734bbea1c133520154769f238d3548d06c562640eb7145930b4f86ad2e17a367c871ab98918823933200a4ddbb5c39feed783e167443913

Download Submit
C:\Windows\System\tYpbOZo.exe

Filesize
2.0MB

MD5
ecace73a741c4bd8092a607d4f1fac81

SHA1
46531e016ec6e285777081b329d27518b1d94680

SHA256
6d985cc264057334f4ad67c13b360bc2205c4cc269d8e6d6f7a77e81e089f969

SHA512
b1ea2becec080828adfb26b98c4485dbf333f88dcc3d146cfe5b8a810f926aa77ad8aa78fb94a407d95164163a4f49b12999213861ee32b8e799e821f8d3746b

Download Submit
C:\Windows\System\tczzfTe.exe

Filesize
2.0MB

MD5
a49c54d0ac618726d65ae6d08e14e3ac

SHA1
9a5a0f78b14c537638238fcc4cd5563931d2fb66

SHA256
0f8822e996eb032c1a9b1977ca32fbc70ed1f6a031aac6e09702198f053a8c07

SHA512
3b303d9d3dcb0fec1f27370a7834807530e5da5da1d838da47dee4c82ce59fa26f3a44c970a2ed4d0d3ab5e45a74f1ad8d94fd4db75b818d2c86ac63b350ff33

Download Submit
C:\Windows\System\tmkKCDz.exe

Filesize
2.0MB

MD5
08e2dff1a3ddba2c7bc57e2b708ee5d2

SHA1
f42a6deef0cb13d00c14630ccf0c87969f9ab035

SHA256
2c51336c31b115fba5b32a75a9ce9353e30fde68074a4e1d5d6ff0bb39f4329c

SHA512
ce900fbccd151c76ce6dff6a9f595919f39f23b415a11ce06a97620d0a21040f9bb529107678b6320d10a8db7c02306a139e931cbb24fd532f80debb4a100d43

Download Submit
C:\Windows\System\uNebFLd.exe

Filesize
2.0MB

MD5
5a128894b182889f6dd72a221e89baf3

SHA1
4bed61bf157997f7168b86df7e686ea70119ec36

SHA256
dc2e4d9055937f2279a6d4daec00e23addd7e6d687ab65b186afce4e1ba33f1d

SHA512
502e303f4a9d201b18e7a4acc60170ec921fb8d6d98876ec269f6d75007c5f35663a54234ffe18c42232c91c275a1e027f225d04a8506e9741fdc6a2ef8f96f0

Download Submit
C:\Windows\System\vYsQrDk.exe

Filesize
2.0MB

MD5
b9a91d71c061fe7aa14185fdc5922d65

SHA1
5facbfe24fbf3f4386151521826ee032885b7d89

SHA256
4ec114753428a3b79852c69b8cc1486c1da42b2a04cce715535f05c26952fb06

SHA512
75be28037cc022dc78b1744eae78ca84882d068936cab99d7b38f6a1cbb70b0758ac6636374b1319e37e9f6cbc85cb022eedbf15319c48d421c29b19dcd409e8

Download Submit
C:\Windows\System\woNOnvy.exe

Filesize
2.0MB

MD5
b6196ff7a38d45667d7b76476c3d91cd

SHA1
077bfa5556d154c0f8bb7b9bec37300498c89e22

SHA256
0bc81fa6f1718a9352463af1ac39d55d8e80d29787d8a6239f88cc8953c849c0

SHA512
44473d473b44a7ebc57e787bbbce12514f8054217c05da6a79ebcc1407ed471b6b8a3ac7a26701853eab2430befa918b850de2fde9acb67a25df70e95db5011e

Download Submit
memory/404-635-0x00007FF690AE0000-0x00007FF690E34000-memory.dmp

Filesize
3.3MB

Download
memory/404-2273-0x00007FF690AE0000-0x00007FF690E34000-memory.dmp

Filesize
3.3MB

Download
memory/904-584-0x00007FF6DC350000-0x00007FF6DC6A4000-memory.dmp

Filesize
3.3MB

Download
memory/904-2272-0x00007FF6DC350000-0x00007FF6DC6A4000-memory.dmp

Filesize
3.3MB

Download
memory/940-2251-0x00007FF6C9200000-0x00007FF6C9554000-memory.dmp

Filesize
3.3MB

Download
memory/940-500-0x00007FF6C9200000-0x00007FF6C9554000-memory.dmp

Filesize
3.3MB

Download
memory/1060-2259-0x00007FF7F69C0000-0x00007FF7F6D14000-memory.dmp

Filesize
3.3MB

Download
memory/1060-533-0x00007FF7F69C0000-0x00007FF7F6D14000-memory.dmp

Filesize
3.3MB

Download
memory/1088-23-0x00007FF726CF0000-0x00007FF727044000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2248-0x00007FF726CF0000-0x00007FF727044000-memory.dmp

Filesize
3.3MB

Download
memory/1088-1786-0x00007FF726CF0000-0x00007FF727044000-memory.dmp

Filesize
3.3MB

Download
memory/1212-499-0x00007FF690AB0000-0x00007FF690E04000-memory.dmp

Filesize
3.3MB

Download
memory/1212-2250-0x00007FF690AB0000-0x00007FF690E04000-memory.dmp

Filesize
3.3MB

Download
memory/1284-617-0x00007FF7F3020000-0x00007FF7F3374000-memory.dmp

Filesize
3.3MB

Download
memory/1284-2265-0x00007FF7F3020000-0x00007FF7F3374000-memory.dmp

Filesize
3.3MB

Download
memory/1496-596-0x00007FF7C49B0000-0x00007FF7C4D04000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2268-0x00007FF7C49B0000-0x00007FF7C4D04000-memory.dmp

Filesize
3.3MB

Download
memory/1704-632-0x00007FF6AFE70000-0x00007FF6B01C4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-2262-0x00007FF6AFE70000-0x00007FF6B01C4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-512-0x00007FF7A9C10000-0x00007FF7A9F64000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2254-0x00007FF7A9C10000-0x00007FF7A9F64000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2267-0x00007FF7BE370000-0x00007FF7BE6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-572-0x00007FF7BE370000-0x00007FF7BE6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1636-0x00007FF6DB7F0000-0x00007FF6DBB44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-9-0x00007FF6DB7F0000-0x00007FF6DBB44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2245-0x00007FF6DB7F0000-0x00007FF6DBB44000-memory.dmp

Filesize
3.3MB

Download
memory/2944-646-0x00007FF7C8D70000-0x00007FF7C90C4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2249-0x00007FF7C8D70000-0x00007FF7C90C4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1514-0x00007FF734CA0000-0x00007FF734FF4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1-0x0000020F3F540000-0x0000020F3F550000-memory.dmp

Filesize
64KB

Download
memory/2972-0-0x00007FF734CA0000-0x00007FF734FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-522-0x00007FF64D740000-0x00007FF64DA94000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2257-0x00007FF64D740000-0x00007FF64DA94000-memory.dmp

Filesize
3.3MB

Download
memory/3252-2263-0x00007FF7B86E0000-0x00007FF7B8A34000-memory.dmp

Filesize
3.3MB

Download
memory/3252-619-0x00007FF7B86E0000-0x00007FF7B8A34000-memory.dmp

Filesize
3.3MB

Download
memory/3448-600-0x00007FF669610000-0x00007FF669964000-memory.dmp

Filesize
3.3MB

Download
memory/3448-2270-0x00007FF669610000-0x00007FF669964000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2271-0x00007FF6334B0000-0x00007FF633804000-memory.dmp

Filesize
3.3MB

Download
memory/3468-628-0x00007FF6334B0000-0x00007FF633804000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2247-0x00007FF78F910000-0x00007FF78FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3604-641-0x00007FF78F910000-0x00007FF78FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3616-2266-0x00007FF6162E0000-0x00007FF616634000-memory.dmp

Filesize
3.3MB

Download
memory/3616-623-0x00007FF6162E0000-0x00007FF616634000-memory.dmp

Filesize
3.3MB

Download
memory/3716-2261-0x00007FF64D440000-0x00007FF64D794000-memory.dmp

Filesize
3.3MB

Download
memory/3716-562-0x00007FF64D440000-0x00007FF64D794000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2252-0x00007FF66DDE0000-0x00007FF66E134000-memory.dmp

Filesize
3.3MB

Download
memory/3948-501-0x00007FF66DDE0000-0x00007FF66E134000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2256-0x00007FF7418A0000-0x00007FF741BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4092-547-0x00007FF7418A0000-0x00007FF741BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4200-21-0x00007FF720ED0000-0x00007FF721224000-memory.dmp

Filesize
3.3MB

Download
memory/4200-2246-0x00007FF720ED0000-0x00007FF721224000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2258-0x00007FF6396A0000-0x00007FF6399F4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-516-0x00007FF6396A0000-0x00007FF6399F4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2264-0x00007FF694620000-0x00007FF694974000-memory.dmp

Filesize
3.3MB

Download
memory/4700-590-0x00007FF694620000-0x00007FF694974000-memory.dmp

Filesize
3.3MB

Download
memory/4928-542-0x00007FF743ED0000-0x00007FF744224000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2255-0x00007FF743ED0000-0x00007FF744224000-memory.dmp

Filesize
3.3MB

Download
memory/4944-611-0x00007FF78AFE0000-0x00007FF78B334000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2269-0x00007FF78AFE0000-0x00007FF78B334000-memory.dmp

Filesize
3.3MB

Download
memory/4988-554-0x00007FF6E49C0000-0x00007FF6E4D14000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2260-0x00007FF6E49C0000-0x00007FF6E4D14000-memory.dmp

Filesize
3.3MB

Download
memory/5096-507-0x00007FF6D9000000-0x00007FF6D9354000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2253-0x00007FF6D9000000-0x00007FF6D9354000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads