xmrig | 0ea7f35aedde78bfd291cc2dcabd111197de3904503b7fed844dc13fe4d4e0b8

Analysis

max time kernel
101s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a515b3d4935ccba3fd59c519a7580150N.exe
Size

2.2MB
MD5

a515b3d4935ccba3fd59c519a7580150
SHA1

f674ee0f2be0eca71950b22624ceb882d47af82d
SHA256

0ea7f35aedde78bfd291cc2dcabd111197de3904503b7fed844dc13fe4d4e0b8
SHA512

a80c152b53e2497f3bc06ccac61f9f7f067a914dc3c108abe68c11a3622f7dd9824ddd646fcdd3c0be46dda4c33564ce7339a3dba01f36431520b1941f73f881
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQW/zaZT2D5vM+TNe:oemTLkNdfE0pZrQ5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/116-0-0x00007FF68D7D0000-0x00007FF68DB24000-memory.dmp	xmrig
behavioral2/files/0x000900000002342c-5.dat	xmrig
behavioral2/memory/1472-11-0x00007FF6E30D0000-0x00007FF6E3424000-memory.dmp	xmrig
behavioral2/memory/1416-18-0x00007FF76A6A0000-0x00007FF76A9F4000-memory.dmp	xmrig
behavioral2/memory/2076-25-0x00007FF67A240000-0x00007FF67A594000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-39.dat	xmrig
behavioral2/files/0x000700000002343e-72.dat	xmrig
behavioral2/files/0x000700000002343f-73.dat	xmrig
behavioral2/files/0x000700000002343a-80.dat	xmrig
behavioral2/memory/1256-102-0x00007FF6EF1C0000-0x00007FF6EF514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023442-104.dat	xmrig
behavioral2/files/0x0007000000023449-138.dat	xmrig
behavioral2/files/0x0007000000023447-154.dat	xmrig
behavioral2/memory/1200-172-0x00007FF691F80000-0x00007FF6922D4000-memory.dmp	xmrig
behavioral2/memory/3172-176-0x00007FF79DEF0000-0x00007FF79E244000-memory.dmp	xmrig
behavioral2/files/0x000700000002344e-189.dat	xmrig
behavioral2/files/0x000800000002342d-194.dat	xmrig
behavioral2/memory/3460-186-0x00007FF706330000-0x00007FF706684000-memory.dmp	xmrig
behavioral2/memory/4908-185-0x00007FF761EB0000-0x00007FF762204000-memory.dmp	xmrig
behavioral2/memory/1496-184-0x00007FF706520000-0x00007FF706874000-memory.dmp	xmrig
behavioral2/memory/3320-183-0x00007FF7E8440000-0x00007FF7E8794000-memory.dmp	xmrig
behavioral2/memory/3852-182-0x00007FF656DA0000-0x00007FF6570F4000-memory.dmp	xmrig
behavioral2/memory/2504-181-0x00007FF7D2F80000-0x00007FF7D32D4000-memory.dmp	xmrig
behavioral2/memory/4424-180-0x00007FF7D76D0000-0x00007FF7D7A24000-memory.dmp	xmrig
behavioral2/memory/4160-179-0x00007FF64BE10000-0x00007FF64C164000-memory.dmp	xmrig
behavioral2/memory/2712-178-0x00007FF77E530000-0x00007FF77E884000-memory.dmp	xmrig
behavioral2/memory/4900-177-0x00007FF74D2A0000-0x00007FF74D5F4000-memory.dmp	xmrig
behavioral2/memory/4300-175-0x00007FF640FA0000-0x00007FF6412F4000-memory.dmp	xmrig
behavioral2/memory/3224-174-0x00007FF731F80000-0x00007FF7322D4000-memory.dmp	xmrig
behavioral2/memory/4832-173-0x00007FF70D040000-0x00007FF70D394000-memory.dmp	xmrig
behavioral2/files/0x000700000002344d-170.dat	xmrig
behavioral2/files/0x0007000000023445-168.dat	xmrig
behavioral2/files/0x000700000002344c-166.dat	xmrig
behavioral2/files/0x000700000002344b-164.dat	xmrig
behavioral2/memory/3248-163-0x00007FF6DCB90000-0x00007FF6DCEE4000-memory.dmp	xmrig
behavioral2/memory/1920-162-0x00007FF7E78B0000-0x00007FF7E7C04000-memory.dmp	xmrig
behavioral2/files/0x000700000002344a-160.dat	xmrig
behavioral2/files/0x0007000000023448-156.dat	xmrig
behavioral2/files/0x0007000000023446-152.dat	xmrig
behavioral2/files/0x0007000000023444-150.dat	xmrig
behavioral2/files/0x0007000000023443-148.dat	xmrig
behavioral2/memory/652-147-0x00007FF72DED0000-0x00007FF72E224000-memory.dmp	xmrig
behavioral2/memory/1184-141-0x00007FF796BB0000-0x00007FF796F04000-memory.dmp	xmrig
behavioral2/memory/4696-140-0x00007FF74E0A0000-0x00007FF74E3F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023441-124.dat	xmrig
behavioral2/files/0x0007000000023440-122.dat	xmrig
behavioral2/memory/4928-115-0x00007FF648FA0000-0x00007FF6492F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343d-94.dat	xmrig
behavioral2/files/0x000700000002343c-92.dat	xmrig
behavioral2/memory/4712-86-0x00007FF6C3180000-0x00007FF6C34D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343b-84.dat	xmrig
behavioral2/files/0x0007000000023436-78.dat	xmrig
behavioral2/files/0x0007000000023438-89.dat	xmrig
behavioral2/files/0x0007000000023439-71.dat	xmrig
behavioral2/memory/2324-62-0x00007FF6A31E0000-0x00007FF6A3534000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-61.dat	xmrig
behavioral2/memory/3700-58-0x00007FF781810000-0x00007FF781B64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-75.dat	xmrig
behavioral2/files/0x0007000000023433-49.dat	xmrig
behavioral2/files/0x0007000000023432-37.dat	xmrig
behavioral2/files/0x0007000000023431-34.dat	xmrig
behavioral2/memory/3716-43-0x00007FF665FF0000-0x00007FF666344000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-20.dat	xmrig
behavioral2/memory/1472-983-0x00007FF6E30D0000-0x00007FF6E3424000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1472	utzzYns.exe
1416	JhrPZeI.exe
3716	mPUjDLo.exe
2076	GSupbyW.exe
4424	WPCVZKI.exe
3700	gspbVKl.exe
2324	gfoMwFG.exe
2504	McHShlU.exe
4712	oarjMbW.exe
1256	RDoXfaW.exe
4928	CSJtjFp.exe
3852	zmKiAkG.exe
4696	FSfeezL.exe
1184	QnlIFQd.exe
652	JClsTWj.exe
1920	PZUKLRv.exe
3248	oITBZML.exe
3320	rMGPSeZ.exe
1200	SCqbIKv.exe
1496	QtnnEHk.exe
4908	caSJHgg.exe
4832	fDxSkfW.exe
3224	SuyyDxd.exe
4300	AzTdYjX.exe
3172	fqSlRrV.exe
4900	mJhGQXN.exe
2712	DnYysNZ.exe
4160	gTkxLEq.exe
3460	SKPHblL.exe
1312	lseWbmA.exe
4044	NQZPSNv.exe
4556	ZTPKFuc.exe
3392	lESeCYv.exe
4520	mfebXrV.exe
4708	laQhjEQ.exe
1364	YDPvkqa.exe
2700	sOjHWpC.exe
4080	vqDjWaL.exe
4964	TKyCjaX.exe
812	BayEnIg.exe
744	AupjPSB.exe
3744	eDNVqWN.exe
4848	YSYozvq.exe
1988	Orvgyxu.exe
3612	BKLQKzz.exe
2740	vcIrhpO.exe
3584	gpkTPgn.exe
2448	EjJQgqx.exe
3240	tzJfovH.exe
4444	jbqWZit.exe
4440	uBbBcMR.exe
3488	cwKAwQf.exe
1036	skNeBVU.exe
1944	PaTnTfJ.exe
976	wTNKFZH.exe
4588	KXVuyZJ.exe
452	qsdqHem.exe
3000	vZUzaJx.exe
2092	GkTqslg.exe
4584	UXTsGKi.exe
4312	dPIRuXV.exe
1680	WnNDdal.exe
2916	TFJhPRo.exe
1492	GKsoJjc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/116-0-0x00007FF68D7D0000-0x00007FF68DB24000-memory.dmp	upx
behavioral2/files/0x000900000002342c-5.dat	upx
behavioral2/memory/1472-11-0x00007FF6E30D0000-0x00007FF6E3424000-memory.dmp	upx
behavioral2/memory/1416-18-0x00007FF76A6A0000-0x00007FF76A9F4000-memory.dmp	upx
behavioral2/memory/2076-25-0x00007FF67A240000-0x00007FF67A594000-memory.dmp	upx
behavioral2/files/0x0007000000023435-39.dat	upx
behavioral2/files/0x000700000002343e-72.dat	upx
behavioral2/files/0x000700000002343f-73.dat	upx
behavioral2/files/0x000700000002343a-80.dat	upx
behavioral2/memory/1256-102-0x00007FF6EF1C0000-0x00007FF6EF514000-memory.dmp	upx
behavioral2/files/0x0007000000023442-104.dat	upx
behavioral2/files/0x0007000000023449-138.dat	upx
behavioral2/files/0x0007000000023447-154.dat	upx
behavioral2/memory/1200-172-0x00007FF691F80000-0x00007FF6922D4000-memory.dmp	upx
behavioral2/memory/3172-176-0x00007FF79DEF0000-0x00007FF79E244000-memory.dmp	upx
behavioral2/files/0x000700000002344e-189.dat	upx
behavioral2/files/0x000800000002342d-194.dat	upx
behavioral2/memory/3460-186-0x00007FF706330000-0x00007FF706684000-memory.dmp	upx
behavioral2/memory/4908-185-0x00007FF761EB0000-0x00007FF762204000-memory.dmp	upx
behavioral2/memory/1496-184-0x00007FF706520000-0x00007FF706874000-memory.dmp	upx
behavioral2/memory/3320-183-0x00007FF7E8440000-0x00007FF7E8794000-memory.dmp	upx
behavioral2/memory/3852-182-0x00007FF656DA0000-0x00007FF6570F4000-memory.dmp	upx
behavioral2/memory/2504-181-0x00007FF7D2F80000-0x00007FF7D32D4000-memory.dmp	upx
behavioral2/memory/4424-180-0x00007FF7D76D0000-0x00007FF7D7A24000-memory.dmp	upx
behavioral2/memory/4160-179-0x00007FF64BE10000-0x00007FF64C164000-memory.dmp	upx
behavioral2/memory/2712-178-0x00007FF77E530000-0x00007FF77E884000-memory.dmp	upx
behavioral2/memory/4900-177-0x00007FF74D2A0000-0x00007FF74D5F4000-memory.dmp	upx
behavioral2/memory/4300-175-0x00007FF640FA0000-0x00007FF6412F4000-memory.dmp	upx
behavioral2/memory/3224-174-0x00007FF731F80000-0x00007FF7322D4000-memory.dmp	upx
behavioral2/memory/4832-173-0x00007FF70D040000-0x00007FF70D394000-memory.dmp	upx
behavioral2/files/0x000700000002344d-170.dat	upx
behavioral2/files/0x0007000000023445-168.dat	upx
behavioral2/files/0x000700000002344c-166.dat	upx
behavioral2/files/0x000700000002344b-164.dat	upx
behavioral2/memory/3248-163-0x00007FF6DCB90000-0x00007FF6DCEE4000-memory.dmp	upx
behavioral2/memory/1920-162-0x00007FF7E78B0000-0x00007FF7E7C04000-memory.dmp	upx
behavioral2/files/0x000700000002344a-160.dat	upx
behavioral2/files/0x0007000000023448-156.dat	upx
behavioral2/files/0x0007000000023446-152.dat	upx
behavioral2/files/0x0007000000023444-150.dat	upx
behavioral2/files/0x0007000000023443-148.dat	upx
behavioral2/memory/652-147-0x00007FF72DED0000-0x00007FF72E224000-memory.dmp	upx
behavioral2/memory/1184-141-0x00007FF796BB0000-0x00007FF796F04000-memory.dmp	upx
behavioral2/memory/4696-140-0x00007FF74E0A0000-0x00007FF74E3F4000-memory.dmp	upx
behavioral2/files/0x0007000000023441-124.dat	upx
behavioral2/files/0x0007000000023440-122.dat	upx
behavioral2/memory/4928-115-0x00007FF648FA0000-0x00007FF6492F4000-memory.dmp	upx
behavioral2/files/0x000700000002343d-94.dat	upx
behavioral2/files/0x000700000002343c-92.dat	upx
behavioral2/memory/4712-86-0x00007FF6C3180000-0x00007FF6C34D4000-memory.dmp	upx
behavioral2/files/0x000700000002343b-84.dat	upx
behavioral2/files/0x0007000000023436-78.dat	upx
behavioral2/files/0x0007000000023438-89.dat	upx
behavioral2/files/0x0007000000023439-71.dat	upx
behavioral2/memory/2324-62-0x00007FF6A31E0000-0x00007FF6A3534000-memory.dmp	upx
behavioral2/files/0x0007000000023434-61.dat	upx
behavioral2/memory/3700-58-0x00007FF781810000-0x00007FF781B64000-memory.dmp	upx
behavioral2/files/0x0007000000023437-75.dat	upx
behavioral2/files/0x0007000000023433-49.dat	upx
behavioral2/files/0x0007000000023432-37.dat	upx
behavioral2/files/0x0007000000023431-34.dat	upx
behavioral2/memory/3716-43-0x00007FF665FF0000-0x00007FF666344000-memory.dmp	upx
behavioral2/files/0x0007000000023430-20.dat	upx
behavioral2/memory/1472-983-0x00007FF6E30D0000-0x00007FF6E3424000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xzYKhAx.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\oITBZML.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\BWOrJgQ.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\uoOTrZL.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\qoctKqx.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\ZRnbCGB.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\EgUYyrg.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\MEMrMBH.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\tOBTzwj.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\sPavemb.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\RWiIYtt.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\vMzNjXF.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\cnaJJvd.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\OLoPdJF.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\cMHDyqs.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\VkXhpwj.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\dpuKBAs.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\FjZEwJZ.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\BJopjmc.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\LDaXiSE.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\Orvgyxu.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\TCOQhaZ.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\mnsdSPy.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\OFEkikk.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\gJPNYkV.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\kVlFqhT.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\IDfXymn.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\PngIeqW.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\gYEGJWY.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\DGpJpgf.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\RBwqwUt.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\eDNVqWN.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\bANbUaR.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\AWRMSNL.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\nDCPxdD.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\ZWNgetV.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\ciDwzfZ.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\EEKUJNW.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\IDMXYNk.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\FKRzJRB.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\WnNDdal.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\iDavlry.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\xbeRuHz.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\FgqkwYm.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\FSfeezL.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\IwfOEpL.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\DuVCBJH.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\tQUxvYh.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\zRnwsDB.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\yLMZdqb.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\AtHPUsy.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\SWMrIou.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\ACPtzoS.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\moYlvLi.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\ZTPKFuc.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\iOdXeuP.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\iUqYzIr.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\jfcVvmv.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\XbphLgk.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\GfrYcED.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\DnfnzcW.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\aSdAxuk.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\DIYhYmj.exe	a515b3d4935ccba3fd59c519a7580150N.exe
File created	C:\Windows\System\pXRTIEF.exe	a515b3d4935ccba3fd59c519a7580150N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14904	dwm.exe
Token: SeChangeNotifyPrivilege	14904	dwm.exe
Token: 33	14904	dwm.exe
Token: SeIncBasePriorityPrivilege	14904	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 1472	116	a515b3d4935ccba3fd59c519a7580150N.exe	84
PID 116 wrote to memory of 1472	116	a515b3d4935ccba3fd59c519a7580150N.exe	84
PID 116 wrote to memory of 1416	116	a515b3d4935ccba3fd59c519a7580150N.exe	85
PID 116 wrote to memory of 1416	116	a515b3d4935ccba3fd59c519a7580150N.exe	85
PID 116 wrote to memory of 3716	116	a515b3d4935ccba3fd59c519a7580150N.exe	86
PID 116 wrote to memory of 3716	116	a515b3d4935ccba3fd59c519a7580150N.exe	86
PID 116 wrote to memory of 2076	116	a515b3d4935ccba3fd59c519a7580150N.exe	87
PID 116 wrote to memory of 2076	116	a515b3d4935ccba3fd59c519a7580150N.exe	87
PID 116 wrote to memory of 4424	116	a515b3d4935ccba3fd59c519a7580150N.exe	88
PID 116 wrote to memory of 4424	116	a515b3d4935ccba3fd59c519a7580150N.exe	88
PID 116 wrote to memory of 3700	116	a515b3d4935ccba3fd59c519a7580150N.exe	89
PID 116 wrote to memory of 3700	116	a515b3d4935ccba3fd59c519a7580150N.exe	89
PID 116 wrote to memory of 2324	116	a515b3d4935ccba3fd59c519a7580150N.exe	90
PID 116 wrote to memory of 2324	116	a515b3d4935ccba3fd59c519a7580150N.exe	90
PID 116 wrote to memory of 1256	116	a515b3d4935ccba3fd59c519a7580150N.exe	91
PID 116 wrote to memory of 1256	116	a515b3d4935ccba3fd59c519a7580150N.exe	91
PID 116 wrote to memory of 2504	116	a515b3d4935ccba3fd59c519a7580150N.exe	92
PID 116 wrote to memory of 2504	116	a515b3d4935ccba3fd59c519a7580150N.exe	92
PID 116 wrote to memory of 4696	116	a515b3d4935ccba3fd59c519a7580150N.exe	93
PID 116 wrote to memory of 4696	116	a515b3d4935ccba3fd59c519a7580150N.exe	93
PID 116 wrote to memory of 4712	116	a515b3d4935ccba3fd59c519a7580150N.exe	94
PID 116 wrote to memory of 4712	116	a515b3d4935ccba3fd59c519a7580150N.exe	94
PID 116 wrote to memory of 4928	116	a515b3d4935ccba3fd59c519a7580150N.exe	95
PID 116 wrote to memory of 4928	116	a515b3d4935ccba3fd59c519a7580150N.exe	95
PID 116 wrote to memory of 3852	116	a515b3d4935ccba3fd59c519a7580150N.exe	96
PID 116 wrote to memory of 3852	116	a515b3d4935ccba3fd59c519a7580150N.exe	96
PID 116 wrote to memory of 1184	116	a515b3d4935ccba3fd59c519a7580150N.exe	97
PID 116 wrote to memory of 1184	116	a515b3d4935ccba3fd59c519a7580150N.exe	97
PID 116 wrote to memory of 652	116	a515b3d4935ccba3fd59c519a7580150N.exe	98
PID 116 wrote to memory of 652	116	a515b3d4935ccba3fd59c519a7580150N.exe	98
PID 116 wrote to memory of 1920	116	a515b3d4935ccba3fd59c519a7580150N.exe	99
PID 116 wrote to memory of 1920	116	a515b3d4935ccba3fd59c519a7580150N.exe	99
PID 116 wrote to memory of 3248	116	a515b3d4935ccba3fd59c519a7580150N.exe	100
PID 116 wrote to memory of 3248	116	a515b3d4935ccba3fd59c519a7580150N.exe	100
PID 116 wrote to memory of 3320	116	a515b3d4935ccba3fd59c519a7580150N.exe	101
PID 116 wrote to memory of 3320	116	a515b3d4935ccba3fd59c519a7580150N.exe	101
PID 116 wrote to memory of 1200	116	a515b3d4935ccba3fd59c519a7580150N.exe	102
PID 116 wrote to memory of 1200	116	a515b3d4935ccba3fd59c519a7580150N.exe	102
PID 116 wrote to memory of 1496	116	a515b3d4935ccba3fd59c519a7580150N.exe	103
PID 116 wrote to memory of 1496	116	a515b3d4935ccba3fd59c519a7580150N.exe	103
PID 116 wrote to memory of 4908	116	a515b3d4935ccba3fd59c519a7580150N.exe	104
PID 116 wrote to memory of 4908	116	a515b3d4935ccba3fd59c519a7580150N.exe	104
PID 116 wrote to memory of 4832	116	a515b3d4935ccba3fd59c519a7580150N.exe	105
PID 116 wrote to memory of 4832	116	a515b3d4935ccba3fd59c519a7580150N.exe	105
PID 116 wrote to memory of 3224	116	a515b3d4935ccba3fd59c519a7580150N.exe	106
PID 116 wrote to memory of 3224	116	a515b3d4935ccba3fd59c519a7580150N.exe	106
PID 116 wrote to memory of 4300	116	a515b3d4935ccba3fd59c519a7580150N.exe	107
PID 116 wrote to memory of 4300	116	a515b3d4935ccba3fd59c519a7580150N.exe	107
PID 116 wrote to memory of 3172	116	a515b3d4935ccba3fd59c519a7580150N.exe	108
PID 116 wrote to memory of 3172	116	a515b3d4935ccba3fd59c519a7580150N.exe	108
PID 116 wrote to memory of 4900	116	a515b3d4935ccba3fd59c519a7580150N.exe	109
PID 116 wrote to memory of 4900	116	a515b3d4935ccba3fd59c519a7580150N.exe	109
PID 116 wrote to memory of 2712	116	a515b3d4935ccba3fd59c519a7580150N.exe	110
PID 116 wrote to memory of 2712	116	a515b3d4935ccba3fd59c519a7580150N.exe	110
PID 116 wrote to memory of 4160	116	a515b3d4935ccba3fd59c519a7580150N.exe	111
PID 116 wrote to memory of 4160	116	a515b3d4935ccba3fd59c519a7580150N.exe	111
PID 116 wrote to memory of 3460	116	a515b3d4935ccba3fd59c519a7580150N.exe	112
PID 116 wrote to memory of 3460	116	a515b3d4935ccba3fd59c519a7580150N.exe	112
PID 116 wrote to memory of 1312	116	a515b3d4935ccba3fd59c519a7580150N.exe	113
PID 116 wrote to memory of 1312	116	a515b3d4935ccba3fd59c519a7580150N.exe	113
PID 116 wrote to memory of 4044	116	a515b3d4935ccba3fd59c519a7580150N.exe	114
PID 116 wrote to memory of 4044	116	a515b3d4935ccba3fd59c519a7580150N.exe	114
PID 116 wrote to memory of 4556	116	a515b3d4935ccba3fd59c519a7580150N.exe	115
PID 116 wrote to memory of 4556	116	a515b3d4935ccba3fd59c519a7580150N.exe	115

C:\Users\Admin\AppData\Local\Temp\a515b3d4935ccba3fd59c519a7580150N.exe
"C:\Users\Admin\AppData\Local\Temp\a515b3d4935ccba3fd59c519a7580150N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\System\utzzYns.exe
  C:\Windows\System\utzzYns.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\JhrPZeI.exe
  C:\Windows\System\JhrPZeI.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\mPUjDLo.exe
  C:\Windows\System\mPUjDLo.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\GSupbyW.exe
  C:\Windows\System\GSupbyW.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\WPCVZKI.exe
  C:\Windows\System\WPCVZKI.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\gspbVKl.exe
  C:\Windows\System\gspbVKl.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\gfoMwFG.exe
  C:\Windows\System\gfoMwFG.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\RDoXfaW.exe
  C:\Windows\System\RDoXfaW.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\McHShlU.exe
  C:\Windows\System\McHShlU.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\FSfeezL.exe
  C:\Windows\System\FSfeezL.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\oarjMbW.exe
  C:\Windows\System\oarjMbW.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\CSJtjFp.exe
  C:\Windows\System\CSJtjFp.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\zmKiAkG.exe
  C:\Windows\System\zmKiAkG.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\QnlIFQd.exe
  C:\Windows\System\QnlIFQd.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\JClsTWj.exe
  C:\Windows\System\JClsTWj.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\PZUKLRv.exe
  C:\Windows\System\PZUKLRv.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\oITBZML.exe
  C:\Windows\System\oITBZML.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\rMGPSeZ.exe
  C:\Windows\System\rMGPSeZ.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\SCqbIKv.exe
  C:\Windows\System\SCqbIKv.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\QtnnEHk.exe
  C:\Windows\System\QtnnEHk.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\caSJHgg.exe
  C:\Windows\System\caSJHgg.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\fDxSkfW.exe
  C:\Windows\System\fDxSkfW.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\SuyyDxd.exe
  C:\Windows\System\SuyyDxd.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\AzTdYjX.exe
  C:\Windows\System\AzTdYjX.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\fqSlRrV.exe
  C:\Windows\System\fqSlRrV.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\mJhGQXN.exe
  C:\Windows\System\mJhGQXN.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\DnYysNZ.exe
  C:\Windows\System\DnYysNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\gTkxLEq.exe
  C:\Windows\System\gTkxLEq.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\SKPHblL.exe
  C:\Windows\System\SKPHblL.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\lseWbmA.exe
  C:\Windows\System\lseWbmA.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\NQZPSNv.exe
  C:\Windows\System\NQZPSNv.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\ZTPKFuc.exe
  C:\Windows\System\ZTPKFuc.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\lESeCYv.exe
  C:\Windows\System\lESeCYv.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\mfebXrV.exe
  C:\Windows\System\mfebXrV.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\laQhjEQ.exe
  C:\Windows\System\laQhjEQ.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\YDPvkqa.exe
  C:\Windows\System\YDPvkqa.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\sOjHWpC.exe
  C:\Windows\System\sOjHWpC.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\vqDjWaL.exe
  C:\Windows\System\vqDjWaL.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\TKyCjaX.exe
  C:\Windows\System\TKyCjaX.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\BayEnIg.exe
  C:\Windows\System\BayEnIg.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\AupjPSB.exe
  C:\Windows\System\AupjPSB.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\eDNVqWN.exe
  C:\Windows\System\eDNVqWN.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\YSYozvq.exe
  C:\Windows\System\YSYozvq.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\Orvgyxu.exe
  C:\Windows\System\Orvgyxu.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\BKLQKzz.exe
  C:\Windows\System\BKLQKzz.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\vcIrhpO.exe
  C:\Windows\System\vcIrhpO.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\GkTqslg.exe
  C:\Windows\System\GkTqslg.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\gpkTPgn.exe
  C:\Windows\System\gpkTPgn.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\EjJQgqx.exe
  C:\Windows\System\EjJQgqx.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\tzJfovH.exe
  C:\Windows\System\tzJfovH.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\jbqWZit.exe
  C:\Windows\System\jbqWZit.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\uBbBcMR.exe
  C:\Windows\System\uBbBcMR.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\cwKAwQf.exe
  C:\Windows\System\cwKAwQf.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\skNeBVU.exe
  C:\Windows\System\skNeBVU.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\PaTnTfJ.exe
  C:\Windows\System\PaTnTfJ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\wTNKFZH.exe
  C:\Windows\System\wTNKFZH.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\KXVuyZJ.exe
  C:\Windows\System\KXVuyZJ.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\qsdqHem.exe
  C:\Windows\System\qsdqHem.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\vZUzaJx.exe
  C:\Windows\System\vZUzaJx.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\UXTsGKi.exe
  C:\Windows\System\UXTsGKi.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\dPIRuXV.exe
  C:\Windows\System\dPIRuXV.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\WnNDdal.exe
  C:\Windows\System\WnNDdal.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\TFJhPRo.exe
  C:\Windows\System\TFJhPRo.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\GKsoJjc.exe
  C:\Windows\System\GKsoJjc.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\cDUirFu.exe
  C:\Windows\System\cDUirFu.exe
  2⤵
  PID:4436
- C:\Windows\System\Nwqguol.exe
  C:\Windows\System\Nwqguol.exe
  2⤵
  PID:4432
- C:\Windows\System\zhkoZIb.exe
  C:\Windows\System\zhkoZIb.exe
  2⤵
  PID:3516
- C:\Windows\System\DGpJpgf.exe
  C:\Windows\System\DGpJpgf.exe
  2⤵
  PID:1152
- C:\Windows\System\VYotsPC.exe
  C:\Windows\System\VYotsPC.exe
  2⤵
  PID:4840
- C:\Windows\System\iDLYZie.exe
  C:\Windows\System\iDLYZie.exe
  2⤵
  PID:2968
- C:\Windows\System\MGVYbuz.exe
  C:\Windows\System\MGVYbuz.exe
  2⤵
  PID:1336
- C:\Windows\System\VuPYjxo.exe
  C:\Windows\System\VuPYjxo.exe
  2⤵
  PID:3200
- C:\Windows\System\gHidyjU.exe
  C:\Windows\System\gHidyjU.exe
  2⤵
  PID:2260
- C:\Windows\System\jYJSIWk.exe
  C:\Windows\System\jYJSIWk.exe
  2⤵
  PID:2392
- C:\Windows\System\qoctKqx.exe
  C:\Windows\System\qoctKqx.exe
  2⤵
  PID:1812
- C:\Windows\System\pVNvSAX.exe
  C:\Windows\System\pVNvSAX.exe
  2⤵
  PID:4828
- C:\Windows\System\iOdXeuP.exe
  C:\Windows\System\iOdXeuP.exe
  2⤵
  PID:1720
- C:\Windows\System\IeTbybU.exe
  C:\Windows\System\IeTbybU.exe
  2⤵
  PID:4344
- C:\Windows\System\GXBaCJo.exe
  C:\Windows\System\GXBaCJo.exe
  2⤵
  PID:996
- C:\Windows\System\ZynKWJn.exe
  C:\Windows\System\ZynKWJn.exe
  2⤵
  PID:1360
- C:\Windows\System\LDQCrve.exe
  C:\Windows\System\LDQCrve.exe
  2⤵
  PID:1784
- C:\Windows\System\rofCVWX.exe
  C:\Windows\System\rofCVWX.exe
  2⤵
  PID:1956
- C:\Windows\System\ZWNgetV.exe
  C:\Windows\System\ZWNgetV.exe
  2⤵
  PID:736
- C:\Windows\System\RzYfQkA.exe
  C:\Windows\System\RzYfQkA.exe
  2⤵
  PID:224
- C:\Windows\System\ybVCvZS.exe
  C:\Windows\System\ybVCvZS.exe
  2⤵
  PID:3720
- C:\Windows\System\ynqVAAB.exe
  C:\Windows\System\ynqVAAB.exe
  2⤵
  PID:4460
- C:\Windows\System\dCwtrcc.exe
  C:\Windows\System\dCwtrcc.exe
  2⤵
  PID:2244
- C:\Windows\System\rDYMvba.exe
  C:\Windows\System\rDYMvba.exe
  2⤵
  PID:2000
- C:\Windows\System\VORuaqA.exe
  C:\Windows\System\VORuaqA.exe
  2⤵
  PID:2148
- C:\Windows\System\kVlFqhT.exe
  C:\Windows\System\kVlFqhT.exe
  2⤵
  PID:2724
- C:\Windows\System\mzxTSad.exe
  C:\Windows\System\mzxTSad.exe
  2⤵
  PID:4532
- C:\Windows\System\WrdNAMs.exe
  C:\Windows\System\WrdNAMs.exe
  2⤵
  PID:4920
- C:\Windows\System\RTkeowU.exe
  C:\Windows\System\RTkeowU.exe
  2⤵
  PID:2228
- C:\Windows\System\PMpAFSm.exe
  C:\Windows\System\PMpAFSm.exe
  2⤵
  PID:4684
- C:\Windows\System\SWMrIou.exe
  C:\Windows\System\SWMrIou.exe
  2⤵
  PID:3368
- C:\Windows\System\icgrtTj.exe
  C:\Windows\System\icgrtTj.exe
  2⤵
  PID:2884
- C:\Windows\System\HlYCWGO.exe
  C:\Windows\System\HlYCWGO.exe
  2⤵
  PID:2860
- C:\Windows\System\TRrhGmN.exe
  C:\Windows\System\TRrhGmN.exe
  2⤵
  PID:1856
- C:\Windows\System\gXNUAMG.exe
  C:\Windows\System\gXNUAMG.exe
  2⤵
  PID:5048
- C:\Windows\System\zRnwsDB.exe
  C:\Windows\System\zRnwsDB.exe
  2⤵
  PID:1156
- C:\Windows\System\fYFHOYx.exe
  C:\Windows\System\fYFHOYx.exe
  2⤵
  PID:684
- C:\Windows\System\GXZNfie.exe
  C:\Windows\System\GXZNfie.exe
  2⤵
  PID:5124
- C:\Windows\System\ZBVKFBr.exe
  C:\Windows\System\ZBVKFBr.exe
  2⤵
  PID:5152
- C:\Windows\System\msWzbUB.exe
  C:\Windows\System\msWzbUB.exe
  2⤵
  PID:5180
- C:\Windows\System\yhOwrpy.exe
  C:\Windows\System\yhOwrpy.exe
  2⤵
  PID:5208
- C:\Windows\System\nKHtQwP.exe
  C:\Windows\System\nKHtQwP.exe
  2⤵
  PID:5244
- C:\Windows\System\qSpeKwK.exe
  C:\Windows\System\qSpeKwK.exe
  2⤵
  PID:5272
- C:\Windows\System\oJSBBBh.exe
  C:\Windows\System\oJSBBBh.exe
  2⤵
  PID:5300
- C:\Windows\System\CmUXICv.exe
  C:\Windows\System\CmUXICv.exe
  2⤵
  PID:5328
- C:\Windows\System\xDlJaVh.exe
  C:\Windows\System\xDlJaVh.exe
  2⤵
  PID:5356
- C:\Windows\System\DIYhYmj.exe
  C:\Windows\System\DIYhYmj.exe
  2⤵
  PID:5388
- C:\Windows\System\ekbrbzv.exe
  C:\Windows\System\ekbrbzv.exe
  2⤵
  PID:5416
- C:\Windows\System\IwfOEpL.exe
  C:\Windows\System\IwfOEpL.exe
  2⤵
  PID:5444
- C:\Windows\System\VyQMaLE.exe
  C:\Windows\System\VyQMaLE.exe
  2⤵
  PID:5472
- C:\Windows\System\gPvVGSi.exe
  C:\Windows\System\gPvVGSi.exe
  2⤵
  PID:5500
- C:\Windows\System\DuVCBJH.exe
  C:\Windows\System\DuVCBJH.exe
  2⤵
  PID:5528
- C:\Windows\System\xSNRJXu.exe
  C:\Windows\System\xSNRJXu.exe
  2⤵
  PID:5556
- C:\Windows\System\zWDtvpB.exe
  C:\Windows\System\zWDtvpB.exe
  2⤵
  PID:5584
- C:\Windows\System\sKHBrbd.exe
  C:\Windows\System\sKHBrbd.exe
  2⤵
  PID:5612
- C:\Windows\System\ZagGHhI.exe
  C:\Windows\System\ZagGHhI.exe
  2⤵
  PID:5640
- C:\Windows\System\PsHqLlM.exe
  C:\Windows\System\PsHqLlM.exe
  2⤵
  PID:5668
- C:\Windows\System\UBSxdGu.exe
  C:\Windows\System\UBSxdGu.exe
  2⤵
  PID:5700
- C:\Windows\System\WmUgIZO.exe
  C:\Windows\System\WmUgIZO.exe
  2⤵
  PID:5724
- C:\Windows\System\gvDLZMQ.exe
  C:\Windows\System\gvDLZMQ.exe
  2⤵
  PID:5740
- C:\Windows\System\NMTGdQx.exe
  C:\Windows\System\NMTGdQx.exe
  2⤵
  PID:5760
- C:\Windows\System\PICUfAT.exe
  C:\Windows\System\PICUfAT.exe
  2⤵
  PID:5784
- C:\Windows\System\aleRPPh.exe
  C:\Windows\System\aleRPPh.exe
  2⤵
  PID:5824
- C:\Windows\System\nJEpeVo.exe
  C:\Windows\System\nJEpeVo.exe
  2⤵
  PID:5856
- C:\Windows\System\KGXnUGg.exe
  C:\Windows\System\KGXnUGg.exe
  2⤵
  PID:5888
- C:\Windows\System\XJpgoPg.exe
  C:\Windows\System\XJpgoPg.exe
  2⤵
  PID:5908
- C:\Windows\System\YVvFMBI.exe
  C:\Windows\System\YVvFMBI.exe
  2⤵
  PID:5940
- C:\Windows\System\SfbLHJg.exe
  C:\Windows\System\SfbLHJg.exe
  2⤵
  PID:5964
- C:\Windows\System\DHedgwu.exe
  C:\Windows\System\DHedgwu.exe
  2⤵
  PID:6000
- C:\Windows\System\GvmSxCT.exe
  C:\Windows\System\GvmSxCT.exe
  2⤵
  PID:6020
- C:\Windows\System\RNEOVub.exe
  C:\Windows\System\RNEOVub.exe
  2⤵
  PID:6048
- C:\Windows\System\zAldRMQ.exe
  C:\Windows\System\zAldRMQ.exe
  2⤵
  PID:6080
- C:\Windows\System\xPTtxbl.exe
  C:\Windows\System\xPTtxbl.exe
  2⤵
  PID:6112
- C:\Windows\System\TMTOLTb.exe
  C:\Windows\System\TMTOLTb.exe
  2⤵
  PID:6136
- C:\Windows\System\wFODOei.exe
  C:\Windows\System\wFODOei.exe
  2⤵
  PID:5148
- C:\Windows\System\GQEWNJe.exe
  C:\Windows\System\GQEWNJe.exe
  2⤵
  PID:5236
- C:\Windows\System\dZULyeu.exe
  C:\Windows\System\dZULyeu.exe
  2⤵
  PID:5312
- C:\Windows\System\IJDNKcf.exe
  C:\Windows\System\IJDNKcf.exe
  2⤵
  PID:5324
- C:\Windows\System\TJcifal.exe
  C:\Windows\System\TJcifal.exe
  2⤵
  PID:5368
- C:\Windows\System\fuuiqmI.exe
  C:\Windows\System\fuuiqmI.exe
  2⤵
  PID:5436
- C:\Windows\System\LmCMZYS.exe
  C:\Windows\System\LmCMZYS.exe
  2⤵
  PID:5492
- C:\Windows\System\NOYsium.exe
  C:\Windows\System\NOYsium.exe
  2⤵
  PID:5580
- C:\Windows\System\wRAFKNh.exe
  C:\Windows\System\wRAFKNh.exe
  2⤵
  PID:5624
- C:\Windows\System\ciDwzfZ.exe
  C:\Windows\System\ciDwzfZ.exe
  2⤵
  PID:5692
- C:\Windows\System\EGAnpTC.exe
  C:\Windows\System\EGAnpTC.exe
  2⤵
  PID:5768
- C:\Windows\System\XbphLgk.exe
  C:\Windows\System\XbphLgk.exe
  2⤵
  PID:5812
- C:\Windows\System\smzeaqo.exe
  C:\Windows\System\smzeaqo.exe
  2⤵
  PID:5920
- C:\Windows\System\KRhykgz.exe
  C:\Windows\System\KRhykgz.exe
  2⤵
  PID:5928
- C:\Windows\System\kPCtWEI.exe
  C:\Windows\System\kPCtWEI.exe
  2⤵
  PID:5992
- C:\Windows\System\VjiEYPM.exe
  C:\Windows\System\VjiEYPM.exe
  2⤵
  PID:6068
- C:\Windows\System\BWOrJgQ.exe
  C:\Windows\System\BWOrJgQ.exe
  2⤵
  PID:6124
- C:\Windows\System\pXcuXUC.exe
  C:\Windows\System\pXcuXUC.exe
  2⤵
  PID:5296
- C:\Windows\System\PyZYqJz.exe
  C:\Windows\System\PyZYqJz.exe
  2⤵
  PID:5348
- C:\Windows\System\ulFTKdw.exe
  C:\Windows\System\ulFTKdw.exe
  2⤵
  PID:5552
- C:\Windows\System\FcmEqGB.exe
  C:\Windows\System\FcmEqGB.exe
  2⤵
  PID:5716
- C:\Windows\System\jsoALfY.exe
  C:\Windows\System\jsoALfY.exe
  2⤵
  PID:5880
- C:\Windows\System\aLVoNei.exe
  C:\Windows\System\aLVoNei.exe
  2⤵
  PID:5976
- C:\Windows\System\bCgALxf.exe
  C:\Windows\System\bCgALxf.exe
  2⤵
  PID:6044
- C:\Windows\System\DDCyeyK.exe
  C:\Windows\System\DDCyeyK.exe
  2⤵
  PID:5484
- C:\Windows\System\mgRDUDL.exe
  C:\Windows\System\mgRDUDL.exe
  2⤵
  PID:5932
- C:\Windows\System\lFHDvXO.exe
  C:\Windows\System\lFHDvXO.exe
  2⤵
  PID:5176
- C:\Windows\System\qCmIEJx.exe
  C:\Windows\System\qCmIEJx.exe
  2⤵
  PID:5604
- C:\Windows\System\hcnfjev.exe
  C:\Windows\System\hcnfjev.exe
  2⤵
  PID:5408
- C:\Windows\System\qZQRDIR.exe
  C:\Windows\System\qZQRDIR.exe
  2⤵
  PID:6172
- C:\Windows\System\lWuPKia.exe
  C:\Windows\System\lWuPKia.exe
  2⤵
  PID:6212
- C:\Windows\System\jwxBAOA.exe
  C:\Windows\System\jwxBAOA.exe
  2⤵
  PID:6240
- C:\Windows\System\cMHDyqs.exe
  C:\Windows\System\cMHDyqs.exe
  2⤵
  PID:6260
- C:\Windows\System\zdbqPIE.exe
  C:\Windows\System\zdbqPIE.exe
  2⤵
  PID:6284
- C:\Windows\System\qQhFayw.exe
  C:\Windows\System\qQhFayw.exe
  2⤵
  PID:6328
- C:\Windows\System\BMshJcI.exe
  C:\Windows\System\BMshJcI.exe
  2⤵
  PID:6352
- C:\Windows\System\hwAdkTz.exe
  C:\Windows\System\hwAdkTz.exe
  2⤵
  PID:6380
- C:\Windows\System\kFTWwiO.exe
  C:\Windows\System\kFTWwiO.exe
  2⤵
  PID:6396
- C:\Windows\System\gynlHSc.exe
  C:\Windows\System\gynlHSc.exe
  2⤵
  PID:6436
- C:\Windows\System\tDTspvK.exe
  C:\Windows\System\tDTspvK.exe
  2⤵
  PID:6464
- C:\Windows\System\Udlrgvl.exe
  C:\Windows\System\Udlrgvl.exe
  2⤵
  PID:6492
- C:\Windows\System\qzRcaTC.exe
  C:\Windows\System\qzRcaTC.exe
  2⤵
  PID:6524
- C:\Windows\System\KGZWjvG.exe
  C:\Windows\System\KGZWjvG.exe
  2⤵
  PID:6552
- C:\Windows\System\RpXuoBe.exe
  C:\Windows\System\RpXuoBe.exe
  2⤵
  PID:6580
- C:\Windows\System\OnmEVqk.exe
  C:\Windows\System\OnmEVqk.exe
  2⤵
  PID:6608
- C:\Windows\System\BTDPGjo.exe
  C:\Windows\System\BTDPGjo.exe
  2⤵
  PID:6640
- C:\Windows\System\lFLjzAI.exe
  C:\Windows\System\lFLjzAI.exe
  2⤵
  PID:6676
- C:\Windows\System\IAjwcnI.exe
  C:\Windows\System\IAjwcnI.exe
  2⤵
  PID:6704
- C:\Windows\System\kShkQxW.exe
  C:\Windows\System\kShkQxW.exe
  2⤵
  PID:6724
- C:\Windows\System\GbUrkES.exe
  C:\Windows\System\GbUrkES.exe
  2⤵
  PID:6748
- C:\Windows\System\dbHiSQT.exe
  C:\Windows\System\dbHiSQT.exe
  2⤵
  PID:6780
- C:\Windows\System\ktSerxh.exe
  C:\Windows\System\ktSerxh.exe
  2⤵
  PID:6816
- C:\Windows\System\tOBTzwj.exe
  C:\Windows\System\tOBTzwj.exe
  2⤵
  PID:6832
- C:\Windows\System\YSYGQEz.exe
  C:\Windows\System\YSYGQEz.exe
  2⤵
  PID:6860
- C:\Windows\System\qWdypuZ.exe
  C:\Windows\System\qWdypuZ.exe
  2⤵
  PID:6896
- C:\Windows\System\ltsMTOZ.exe
  C:\Windows\System\ltsMTOZ.exe
  2⤵
  PID:6916
- C:\Windows\System\wsLJMDY.exe
  C:\Windows\System\wsLJMDY.exe
  2⤵
  PID:6944
- C:\Windows\System\OROTnZY.exe
  C:\Windows\System\OROTnZY.exe
  2⤵
  PID:6972
- C:\Windows\System\pOMlyWd.exe
  C:\Windows\System\pOMlyWd.exe
  2⤵
  PID:6992
- C:\Windows\System\uowXDcp.exe
  C:\Windows\System\uowXDcp.exe
  2⤵
  PID:7028
- C:\Windows\System\QBcuOZE.exe
  C:\Windows\System\QBcuOZE.exe
  2⤵
  PID:7060
- C:\Windows\System\pMBZstz.exe
  C:\Windows\System\pMBZstz.exe
  2⤵
  PID:7092
- C:\Windows\System\bANbUaR.exe
  C:\Windows\System\bANbUaR.exe
  2⤵
  PID:7116
- C:\Windows\System\uIJSHHE.exe
  C:\Windows\System\uIJSHHE.exe
  2⤵
  PID:7148
- C:\Windows\System\NBsseGN.exe
  C:\Windows\System\NBsseGN.exe
  2⤵
  PID:6152
- C:\Windows\System\kUsefFy.exe
  C:\Windows\System\kUsefFy.exe
  2⤵
  PID:6224
- C:\Windows\System\WnkzzKv.exe
  C:\Windows\System\WnkzzKv.exe
  2⤵
  PID:6252
- C:\Windows\System\eiJvhMG.exe
  C:\Windows\System\eiJvhMG.exe
  2⤵
  PID:6296
- C:\Windows\System\uoonISn.exe
  C:\Windows\System\uoonISn.exe
  2⤵
  PID:6372
- C:\Windows\System\cldVsvU.exe
  C:\Windows\System\cldVsvU.exe
  2⤵
  PID:6428
- C:\Windows\System\ziHsetG.exe
  C:\Windows\System\ziHsetG.exe
  2⤵
  PID:6484
- C:\Windows\System\jGBOHuY.exe
  C:\Windows\System\jGBOHuY.exe
  2⤵
  PID:2128
- C:\Windows\System\xzMQqGn.exe
  C:\Windows\System\xzMQqGn.exe
  2⤵
  PID:6620
- C:\Windows\System\bGkTGNK.exe
  C:\Windows\System\bGkTGNK.exe
  2⤵
  PID:6688
- C:\Windows\System\ojjncVA.exe
  C:\Windows\System\ojjncVA.exe
  2⤵
  PID:6760
- C:\Windows\System\gImStfP.exe
  C:\Windows\System\gImStfP.exe
  2⤵
  PID:6844
- C:\Windows\System\YHssYCP.exe
  C:\Windows\System\YHssYCP.exe
  2⤵
  PID:6912
- C:\Windows\System\TCOQhaZ.exe
  C:\Windows\System\TCOQhaZ.exe
  2⤵
  PID:6964
- C:\Windows\System\MliNlcD.exe
  C:\Windows\System\MliNlcD.exe
  2⤵
  PID:7016
- C:\Windows\System\ZszXAuy.exe
  C:\Windows\System\ZszXAuy.exe
  2⤵
  PID:7076
- C:\Windows\System\jPyLZrY.exe
  C:\Windows\System\jPyLZrY.exe
  2⤵
  PID:6232
- C:\Windows\System\VclNCRd.exe
  C:\Windows\System\VclNCRd.exe
  2⤵
  PID:6160
- C:\Windows\System\oNHexaB.exe
  C:\Windows\System\oNHexaB.exe
  2⤵
  PID:6348
- C:\Windows\System\mnsdSPy.exe
  C:\Windows\System\mnsdSPy.exe
  2⤵
  PID:3872
- C:\Windows\System\FPOeeOl.exe
  C:\Windows\System\FPOeeOl.exe
  2⤵
  PID:6656
- C:\Windows\System\iKggBVo.exe
  C:\Windows\System\iKggBVo.exe
  2⤵
  PID:6672
- C:\Windows\System\mdTfgJi.exe
  C:\Windows\System\mdTfgJi.exe
  2⤵
  PID:6872
- C:\Windows\System\OxqplwT.exe
  C:\Windows\System\OxqplwT.exe
  2⤵
  PID:7108
- C:\Windows\System\opwcxIJ.exe
  C:\Windows\System\opwcxIJ.exe
  2⤵
  PID:6204
- C:\Windows\System\DYhrmem.exe
  C:\Windows\System\DYhrmem.exe
  2⤵
  PID:6572
- C:\Windows\System\eNpjpsC.exe
  C:\Windows\System\eNpjpsC.exe
  2⤵
  PID:7004
- C:\Windows\System\nhReECx.exe
  C:\Windows\System\nhReECx.exe
  2⤵
  PID:6388
- C:\Windows\System\GMLhwqc.exe
  C:\Windows\System\GMLhwqc.exe
  2⤵
  PID:4388
- C:\Windows\System\FAhDpwS.exe
  C:\Windows\System\FAhDpwS.exe
  2⤵
  PID:7184
- C:\Windows\System\Gmwwhav.exe
  C:\Windows\System\Gmwwhav.exe
  2⤵
  PID:7200
- C:\Windows\System\qUrdFFy.exe
  C:\Windows\System\qUrdFFy.exe
  2⤵
  PID:7228
- C:\Windows\System\cNRwPZs.exe
  C:\Windows\System\cNRwPZs.exe
  2⤵
  PID:7264
- C:\Windows\System\sZGyIpD.exe
  C:\Windows\System\sZGyIpD.exe
  2⤵
  PID:7288
- C:\Windows\System\tFbWhOI.exe
  C:\Windows\System\tFbWhOI.exe
  2⤵
  PID:7324
- C:\Windows\System\VcOrsFH.exe
  C:\Windows\System\VcOrsFH.exe
  2⤵
  PID:7340
- C:\Windows\System\Ephjiii.exe
  C:\Windows\System\Ephjiii.exe
  2⤵
  PID:7356
- C:\Windows\System\MZmGmZn.exe
  C:\Windows\System\MZmGmZn.exe
  2⤵
  PID:7396
- C:\Windows\System\VUkWtpe.exe
  C:\Windows\System\VUkWtpe.exe
  2⤵
  PID:7432
- C:\Windows\System\RPOwRET.exe
  C:\Windows\System\RPOwRET.exe
  2⤵
  PID:7456
- C:\Windows\System\HKedPgK.exe
  C:\Windows\System\HKedPgK.exe
  2⤵
  PID:7496
- C:\Windows\System\OVPkmBN.exe
  C:\Windows\System\OVPkmBN.exe
  2⤵
  PID:7516
- C:\Windows\System\WRQjjYF.exe
  C:\Windows\System\WRQjjYF.exe
  2⤵
  PID:7540
- C:\Windows\System\foOlnTw.exe
  C:\Windows\System\foOlnTw.exe
  2⤵
  PID:7568
- C:\Windows\System\JwWdbYM.exe
  C:\Windows\System\JwWdbYM.exe
  2⤵
  PID:7608
- C:\Windows\System\QAWSeVa.exe
  C:\Windows\System\QAWSeVa.exe
  2⤵
  PID:7636
- C:\Windows\System\sPavemb.exe
  C:\Windows\System\sPavemb.exe
  2⤵
  PID:7664
- C:\Windows\System\kOMSosD.exe
  C:\Windows\System\kOMSosD.exe
  2⤵
  PID:7692
- C:\Windows\System\dMawweT.exe
  C:\Windows\System\dMawweT.exe
  2⤵
  PID:7720
- C:\Windows\System\pcYlbDJ.exe
  C:\Windows\System\pcYlbDJ.exe
  2⤵
  PID:7740
- C:\Windows\System\gAudneI.exe
  C:\Windows\System\gAudneI.exe
  2⤵
  PID:7764
- C:\Windows\System\izoaOQn.exe
  C:\Windows\System\izoaOQn.exe
  2⤵
  PID:7800
- C:\Windows\System\VvSmlUc.exe
  C:\Windows\System\VvSmlUc.exe
  2⤵
  PID:7824
- C:\Windows\System\vKZmnEr.exe
  C:\Windows\System\vKZmnEr.exe
  2⤵
  PID:7864
- C:\Windows\System\yysiJwv.exe
  C:\Windows\System\yysiJwv.exe
  2⤵
  PID:7880
- C:\Windows\System\qIcYQDM.exe
  C:\Windows\System\qIcYQDM.exe
  2⤵
  PID:7908
- C:\Windows\System\jKKoqBJ.exe
  C:\Windows\System\jKKoqBJ.exe
  2⤵
  PID:7952
- C:\Windows\System\wPTIDzF.exe
  C:\Windows\System\wPTIDzF.exe
  2⤵
  PID:7972
- C:\Windows\System\RWiIYtt.exe
  C:\Windows\System\RWiIYtt.exe
  2⤵
  PID:8008
- C:\Windows\System\DFkFJZu.exe
  C:\Windows\System\DFkFJZu.exe
  2⤵
  PID:8024
- C:\Windows\System\bqHszao.exe
  C:\Windows\System\bqHszao.exe
  2⤵
  PID:8052
- C:\Windows\System\yLMZdqb.exe
  C:\Windows\System\yLMZdqb.exe
  2⤵
  PID:8084
- C:\Windows\System\GdGvBXS.exe
  C:\Windows\System\GdGvBXS.exe
  2⤵
  PID:8108
- C:\Windows\System\RpnilJE.exe
  C:\Windows\System\RpnilJE.exe
  2⤵
  PID:8136
- C:\Windows\System\RvepMHK.exe
  C:\Windows\System\RvepMHK.exe
  2⤵
  PID:8164
- C:\Windows\System\bEeFYcF.exe
  C:\Windows\System\bEeFYcF.exe
  2⤵
  PID:6980
- C:\Windows\System\zjHLdyK.exe
  C:\Windows\System\zjHLdyK.exe
  2⤵
  PID:7216
- C:\Windows\System\hjKAvvN.exe
  C:\Windows\System\hjKAvvN.exe
  2⤵
  PID:7284
- C:\Windows\System\tbPGEcg.exe
  C:\Windows\System\tbPGEcg.exe
  2⤵
  PID:7336
- C:\Windows\System\YONgutS.exe
  C:\Windows\System\YONgutS.exe
  2⤵
  PID:7412
- C:\Windows\System\prKaFvi.exe
  C:\Windows\System\prKaFvi.exe
  2⤵
  PID:7488
- C:\Windows\System\HeewSLg.exe
  C:\Windows\System\HeewSLg.exe
  2⤵
  PID:7536
- C:\Windows\System\GfrYcED.exe
  C:\Windows\System\GfrYcED.exe
  2⤵
  PID:7628
- C:\Windows\System\HuuoHuj.exe
  C:\Windows\System\HuuoHuj.exe
  2⤵
  PID:7676
- C:\Windows\System\nAPkkkc.exe
  C:\Windows\System\nAPkkkc.exe
  2⤵
  PID:7760
- C:\Windows\System\zBKmTsP.exe
  C:\Windows\System\zBKmTsP.exe
  2⤵
  PID:7856
- C:\Windows\System\GJggNRH.exe
  C:\Windows\System\GJggNRH.exe
  2⤵
  PID:7872
- C:\Windows\System\YNnqrUi.exe
  C:\Windows\System\YNnqrUi.exe
  2⤵
  PID:7928
- C:\Windows\System\aHXDkfD.exe
  C:\Windows\System\aHXDkfD.exe
  2⤵
  PID:8000
- C:\Windows\System\xMcJwuj.exe
  C:\Windows\System\xMcJwuj.exe
  2⤵
  PID:8076
- C:\Windows\System\IDfXymn.exe
  C:\Windows\System\IDfXymn.exe
  2⤵
  PID:8152
- C:\Windows\System\WBoiTmH.exe
  C:\Windows\System\WBoiTmH.exe
  2⤵
  PID:7136
- C:\Windows\System\VixbFIA.exe
  C:\Windows\System\VixbFIA.exe
  2⤵
  PID:7376
- C:\Windows\System\LBxUtbY.exe
  C:\Windows\System\LBxUtbY.exe
  2⤵
  PID:7524
- C:\Windows\System\yKcGydE.exe
  C:\Windows\System\yKcGydE.exe
  2⤵
  PID:7592
- C:\Windows\System\BnlEJnp.exe
  C:\Windows\System\BnlEJnp.exe
  2⤵
  PID:7832
- C:\Windows\System\PngIeqW.exe
  C:\Windows\System\PngIeqW.exe
  2⤵
  PID:7980
- C:\Windows\System\pPHLkBx.exe
  C:\Windows\System\pPHLkBx.exe
  2⤵
  PID:8096
- C:\Windows\System\oqVCsuy.exe
  C:\Windows\System\oqVCsuy.exe
  2⤵
  PID:7252
- C:\Windows\System\tQUxvYh.exe
  C:\Windows\System\tQUxvYh.exe
  2⤵
  PID:7704
- C:\Windows\System\ufwmIRn.exe
  C:\Windows\System\ufwmIRn.exe
  2⤵
  PID:7932
- C:\Windows\System\ZoeoYuw.exe
  C:\Windows\System\ZoeoYuw.exe
  2⤵
  PID:8064
- C:\Windows\System\bxBdQFV.exe
  C:\Windows\System\bxBdQFV.exe
  2⤵
  PID:8204
- C:\Windows\System\UyKVkyi.exe
  C:\Windows\System\UyKVkyi.exe
  2⤵
  PID:8220
- C:\Windows\System\TAwreQn.exe
  C:\Windows\System\TAwreQn.exe
  2⤵
  PID:8236
- C:\Windows\System\AbdwLdG.exe
  C:\Windows\System\AbdwLdG.exe
  2⤵
  PID:8256
- C:\Windows\System\IozNxBe.exe
  C:\Windows\System\IozNxBe.exe
  2⤵
  PID:8276
- C:\Windows\System\qyYvdKq.exe
  C:\Windows\System\qyYvdKq.exe
  2⤵
  PID:8300
- C:\Windows\System\MZJEmTK.exe
  C:\Windows\System\MZJEmTK.exe
  2⤵
  PID:8328
- C:\Windows\System\WKZKONe.exe
  C:\Windows\System\WKZKONe.exe
  2⤵
  PID:8348
- C:\Windows\System\pXRTIEF.exe
  C:\Windows\System\pXRTIEF.exe
  2⤵
  PID:8376
- C:\Windows\System\EEKUJNW.exe
  C:\Windows\System\EEKUJNW.exe
  2⤵
  PID:8408
- C:\Windows\System\obYsjLA.exe
  C:\Windows\System\obYsjLA.exe
  2⤵
  PID:8436
- C:\Windows\System\byKLKZO.exe
  C:\Windows\System\byKLKZO.exe
  2⤵
  PID:8464
- C:\Windows\System\OiMSQyl.exe
  C:\Windows\System\OiMSQyl.exe
  2⤵
  PID:8504
- C:\Windows\System\XIDCNtw.exe
  C:\Windows\System\XIDCNtw.exe
  2⤵
  PID:8560
- C:\Windows\System\BXsTPxi.exe
  C:\Windows\System\BXsTPxi.exe
  2⤵
  PID:8584
- C:\Windows\System\mXOVGTB.exe
  C:\Windows\System\mXOVGTB.exe
  2⤵
  PID:8616
- C:\Windows\System\RyxUkwI.exe
  C:\Windows\System\RyxUkwI.exe
  2⤵
  PID:8632
- C:\Windows\System\nCxurPC.exe
  C:\Windows\System\nCxurPC.exe
  2⤵
  PID:8656
- C:\Windows\System\LyavYOD.exe
  C:\Windows\System\LyavYOD.exe
  2⤵
  PID:8676
- C:\Windows\System\fbBEJah.exe
  C:\Windows\System\fbBEJah.exe
  2⤵
  PID:8712
- C:\Windows\System\yurQWUn.exe
  C:\Windows\System\yurQWUn.exe
  2⤵
  PID:8748
- C:\Windows\System\FOuwUpL.exe
  C:\Windows\System\FOuwUpL.exe
  2⤵
  PID:8780
- C:\Windows\System\SFyMWku.exe
  C:\Windows\System\SFyMWku.exe
  2⤵
  PID:8824
- C:\Windows\System\yRgIFiB.exe
  C:\Windows\System\yRgIFiB.exe
  2⤵
  PID:8844
- C:\Windows\System\nVxnCeh.exe
  C:\Windows\System\nVxnCeh.exe
  2⤵
  PID:8864
- C:\Windows\System\tcdOjge.exe
  C:\Windows\System\tcdOjge.exe
  2⤵
  PID:8880
- C:\Windows\System\QDWfVxR.exe
  C:\Windows\System\QDWfVxR.exe
  2⤵
  PID:8900
- C:\Windows\System\eCbnWvm.exe
  C:\Windows\System\eCbnWvm.exe
  2⤵
  PID:8924
- C:\Windows\System\VaaIgIF.exe
  C:\Windows\System\VaaIgIF.exe
  2⤵
  PID:8948
- C:\Windows\System\mpfbyYK.exe
  C:\Windows\System\mpfbyYK.exe
  2⤵
  PID:8980
- C:\Windows\System\xSRvIIk.exe
  C:\Windows\System\xSRvIIk.exe
  2⤵
  PID:9008
- C:\Windows\System\aHSERMA.exe
  C:\Windows\System\aHSERMA.exe
  2⤵
  PID:9040
- C:\Windows\System\PnVLyut.exe
  C:\Windows\System\PnVLyut.exe
  2⤵
  PID:9068
- C:\Windows\System\ukHwWsG.exe
  C:\Windows\System\ukHwWsG.exe
  2⤵
  PID:9092
- C:\Windows\System\CfGQiTf.exe
  C:\Windows\System\CfGQiTf.exe
  2⤵
  PID:9128
- C:\Windows\System\PitJTrh.exe
  C:\Windows\System\PitJTrh.exe
  2⤵
  PID:9160
- C:\Windows\System\EkwRHhp.exe
  C:\Windows\System\EkwRHhp.exe
  2⤵
  PID:9188
- C:\Windows\System\PZLAomo.exe
  C:\Windows\System\PZLAomo.exe
  2⤵
  PID:9204
- C:\Windows\System\rWXaUbP.exe
  C:\Windows\System\rWXaUbP.exe
  2⤵
  PID:8180
- C:\Windows\System\RBwqwUt.exe
  C:\Windows\System\RBwqwUt.exe
  2⤵
  PID:8296
- C:\Windows\System\CTjmMda.exe
  C:\Windows\System\CTjmMda.exe
  2⤵
  PID:8404
- C:\Windows\System\PadDqXq.exe
  C:\Windows\System\PadDqXq.exe
  2⤵
  PID:8400
- C:\Windows\System\lgXRUhW.exe
  C:\Windows\System\lgXRUhW.exe
  2⤵
  PID:8492
- C:\Windows\System\jcUJqZK.exe
  C:\Windows\System\jcUJqZK.exe
  2⤵
  PID:8568
- C:\Windows\System\ayXvrWR.exe
  C:\Windows\System\ayXvrWR.exe
  2⤵
  PID:8580
- C:\Windows\System\drsiwSc.exe
  C:\Windows\System\drsiwSc.exe
  2⤵
  PID:8664
- C:\Windows\System\iDavlry.exe
  C:\Windows\System\iDavlry.exe
  2⤵
  PID:8800
- C:\Windows\System\DnfnzcW.exe
  C:\Windows\System\DnfnzcW.exe
  2⤵
  PID:8836
- C:\Windows\System\xbeRuHz.exe
  C:\Windows\System\xbeRuHz.exe
  2⤵
  PID:8916
- C:\Windows\System\IHhXHnx.exe
  C:\Windows\System\IHhXHnx.exe
  2⤵
  PID:8896
- C:\Windows\System\ESPbKoL.exe
  C:\Windows\System\ESPbKoL.exe
  2⤵
  PID:8972
- C:\Windows\System\ziireWe.exe
  C:\Windows\System\ziireWe.exe
  2⤵
  PID:9056
- C:\Windows\System\QZYDsWU.exe
  C:\Windows\System\QZYDsWU.exe
  2⤵
  PID:9064
- C:\Windows\System\FjZEwJZ.exe
  C:\Windows\System\FjZEwJZ.exe
  2⤵
  PID:9176
- C:\Windows\System\VRLAOqa.exe
  C:\Windows\System\VRLAOqa.exe
  2⤵
  PID:8252
- C:\Windows\System\RsYADef.exe
  C:\Windows\System\RsYADef.exe
  2⤵
  PID:8388
- C:\Windows\System\EWRMlTI.exe
  C:\Windows\System\EWRMlTI.exe
  2⤵
  PID:8452
- C:\Windows\System\vvOLeZx.exe
  C:\Windows\System\vvOLeZx.exe
  2⤵
  PID:8876
- C:\Windows\System\qPuDKHe.exe
  C:\Windows\System\qPuDKHe.exe
  2⤵
  PID:9036
- C:\Windows\System\uIcgECC.exe
  C:\Windows\System\uIcgECC.exe
  2⤵
  PID:9140
- C:\Windows\System\QybfyNw.exe
  C:\Windows\System\QybfyNw.exe
  2⤵
  PID:8480
- C:\Windows\System\XZstEcd.exe
  C:\Windows\System\XZstEcd.exe
  2⤵
  PID:8264
- C:\Windows\System\mzmYYeP.exe
  C:\Windows\System\mzmYYeP.exe
  2⤵
  PID:8724
- C:\Windows\System\sUphKVQ.exe
  C:\Windows\System\sUphKVQ.exe
  2⤵
  PID:8324
- C:\Windows\System\OPKXPuW.exe
  C:\Windows\System\OPKXPuW.exe
  2⤵
  PID:9248
- C:\Windows\System\RfvCHAf.exe
  C:\Windows\System\RfvCHAf.exe
  2⤵
  PID:9284
- C:\Windows\System\uuKDiGI.exe
  C:\Windows\System\uuKDiGI.exe
  2⤵
  PID:9312
- C:\Windows\System\ZRnbCGB.exe
  C:\Windows\System\ZRnbCGB.exe
  2⤵
  PID:9348
- C:\Windows\System\vuVBVJf.exe
  C:\Windows\System\vuVBVJf.exe
  2⤵
  PID:9376
- C:\Windows\System\ozTJUUS.exe
  C:\Windows\System\ozTJUUS.exe
  2⤵
  PID:9400
- C:\Windows\System\NDHpIUT.exe
  C:\Windows\System\NDHpIUT.exe
  2⤵
  PID:9420
- C:\Windows\System\RUrvToJ.exe
  C:\Windows\System\RUrvToJ.exe
  2⤵
  PID:9464
- C:\Windows\System\eRacEkx.exe
  C:\Windows\System\eRacEkx.exe
  2⤵
  PID:9484
- C:\Windows\System\KxNHBmL.exe
  C:\Windows\System\KxNHBmL.exe
  2⤵
  PID:9512
- C:\Windows\System\ombcHcW.exe
  C:\Windows\System\ombcHcW.exe
  2⤵
  PID:9544
- C:\Windows\System\QvpmBXL.exe
  C:\Windows\System\QvpmBXL.exe
  2⤵
  PID:9568
- C:\Windows\System\LgynlcD.exe
  C:\Windows\System\LgynlcD.exe
  2⤵
  PID:9596
- C:\Windows\System\RLRhkkr.exe
  C:\Windows\System\RLRhkkr.exe
  2⤵
  PID:9628
- C:\Windows\System\zHTiRfO.exe
  C:\Windows\System\zHTiRfO.exe
  2⤵
  PID:9648
- C:\Windows\System\Okxvwbj.exe
  C:\Windows\System\Okxvwbj.exe
  2⤵
  PID:9680
- C:\Windows\System\GRaIUvc.exe
  C:\Windows\System\GRaIUvc.exe
  2⤵
  PID:9708
- C:\Windows\System\oQtZFqY.exe
  C:\Windows\System\oQtZFqY.exe
  2⤵
  PID:9736
- C:\Windows\System\NFxmZZT.exe
  C:\Windows\System\NFxmZZT.exe
  2⤵
  PID:9768
- C:\Windows\System\BnqmvFZ.exe
  C:\Windows\System\BnqmvFZ.exe
  2⤵
  PID:9804
- C:\Windows\System\ZtwDdmZ.exe
  C:\Windows\System\ZtwDdmZ.exe
  2⤵
  PID:9820
- C:\Windows\System\qlfFYBV.exe
  C:\Windows\System\qlfFYBV.exe
  2⤵
  PID:9836
- C:\Windows\System\YUiLeKT.exe
  C:\Windows\System\YUiLeKT.exe
  2⤵
  PID:9872
- C:\Windows\System\blyLDqI.exe
  C:\Windows\System\blyLDqI.exe
  2⤵
  PID:9900
- C:\Windows\System\mfWOPTX.exe
  C:\Windows\System\mfWOPTX.exe
  2⤵
  PID:9924
- C:\Windows\System\DZKhtdm.exe
  C:\Windows\System\DZKhtdm.exe
  2⤵
  PID:9948
- C:\Windows\System\PRVjXUz.exe
  C:\Windows\System\PRVjXUz.exe
  2⤵
  PID:9980
- C:\Windows\System\VizqEth.exe
  C:\Windows\System\VizqEth.exe
  2⤵
  PID:10016
- C:\Windows\System\KlafgDL.exe
  C:\Windows\System\KlafgDL.exe
  2⤵
  PID:10044
- C:\Windows\System\Jhwfcrk.exe
  C:\Windows\System\Jhwfcrk.exe
  2⤵
  PID:10072
- C:\Windows\System\EEAWZYc.exe
  C:\Windows\System\EEAWZYc.exe
  2⤵
  PID:10100
- C:\Windows\System\Cteaxyx.exe
  C:\Windows\System\Cteaxyx.exe
  2⤵
  PID:10128
- C:\Windows\System\pxMLthq.exe
  C:\Windows\System\pxMLthq.exe
  2⤵
  PID:10148
- C:\Windows\System\lMbbgua.exe
  C:\Windows\System\lMbbgua.exe
  2⤵
  PID:10168
- C:\Windows\System\oRjnmlc.exe
  C:\Windows\System\oRjnmlc.exe
  2⤵
  PID:10196
- C:\Windows\System\ntfjbRV.exe
  C:\Windows\System\ntfjbRV.exe
  2⤵
  PID:10212
- C:\Windows\System\zYitXIG.exe
  C:\Windows\System\zYitXIG.exe
  2⤵
  PID:10236
- C:\Windows\System\VzuqXKM.exe
  C:\Windows\System\VzuqXKM.exe
  2⤵
  PID:9104
- C:\Windows\System\iUfMEZe.exe
  C:\Windows\System\iUfMEZe.exe
  2⤵
  PID:9232
- C:\Windows\System\aLZpxck.exe
  C:\Windows\System\aLZpxck.exe
  2⤵
  PID:9300
- C:\Windows\System\MgqYeMf.exe
  C:\Windows\System\MgqYeMf.exe
  2⤵
  PID:9384
- C:\Windows\System\BJopjmc.exe
  C:\Windows\System\BJopjmc.exe
  2⤵
  PID:9472
- C:\Windows\System\hyDeHJK.exe
  C:\Windows\System\hyDeHJK.exe
  2⤵
  PID:9536
- C:\Windows\System\OFJKDIa.exe
  C:\Windows\System\OFJKDIa.exe
  2⤵
  PID:9560
- C:\Windows\System\NPfijRZ.exe
  C:\Windows\System\NPfijRZ.exe
  2⤵
  PID:9696
- C:\Windows\System\oMnSgot.exe
  C:\Windows\System\oMnSgot.exe
  2⤵
  PID:9724
- C:\Windows\System\zUmrzrW.exe
  C:\Windows\System\zUmrzrW.exe
  2⤵
  PID:9784
- C:\Windows\System\MeHNLPy.exe
  C:\Windows\System\MeHNLPy.exe
  2⤵
  PID:9828
- C:\Windows\System\NOlwZLv.exe
  C:\Windows\System\NOlwZLv.exe
  2⤵
  PID:9916
- C:\Windows\System\bMGkQej.exe
  C:\Windows\System\bMGkQej.exe
  2⤵
  PID:10000
- C:\Windows\System\AWRMSNL.exe
  C:\Windows\System\AWRMSNL.exe
  2⤵
  PID:10036
- C:\Windows\System\lqvFFjL.exe
  C:\Windows\System\lqvFFjL.exe
  2⤵
  PID:10092
- C:\Windows\System\TCuiQTb.exe
  C:\Windows\System\TCuiQTb.exe
  2⤵
  PID:10208
- C:\Windows\System\EKcoAmc.exe
  C:\Windows\System\EKcoAmc.exe
  2⤵
  PID:10180
- C:\Windows\System\DTxdNJC.exe
  C:\Windows\System\DTxdNJC.exe
  2⤵
  PID:9268
- C:\Windows\System\EfNysQl.exe
  C:\Windows\System\EfNysQl.exe
  2⤵
  PID:9524
- C:\Windows\System\zTLULzQ.exe
  C:\Windows\System\zTLULzQ.exe
  2⤵
  PID:9668
- C:\Windows\System\MdquEVW.exe
  C:\Windows\System\MdquEVW.exe
  2⤵
  PID:9748
- C:\Windows\System\dvXrWFq.exe
  C:\Windows\System\dvXrWFq.exe
  2⤵
  PID:9776
- C:\Windows\System\bHWlmHY.exe
  C:\Windows\System\bHWlmHY.exe
  2⤵
  PID:10204
- C:\Windows\System\HMtjwth.exe
  C:\Windows\System\HMtjwth.exe
  2⤵
  PID:10116
- C:\Windows\System\XvXevzM.exe
  C:\Windows\System\XvXevzM.exe
  2⤵
  PID:9564
- C:\Windows\System\gCxnadB.exe
  C:\Windows\System\gCxnadB.exe
  2⤵
  PID:9944
- C:\Windows\System\stKznCc.exe
  C:\Windows\System\stKznCc.exe
  2⤵
  PID:10272
- C:\Windows\System\nZcTpWv.exe
  C:\Windows\System\nZcTpWv.exe
  2⤵
  PID:10300
- C:\Windows\System\OKNzsiX.exe
  C:\Windows\System\OKNzsiX.exe
  2⤵
  PID:10340
- C:\Windows\System\CBrESpV.exe
  C:\Windows\System\CBrESpV.exe
  2⤵
  PID:10392
- C:\Windows\System\tVhZyXJ.exe
  C:\Windows\System\tVhZyXJ.exe
  2⤵
  PID:10408
- C:\Windows\System\BTzBaNJ.exe
  C:\Windows\System\BTzBaNJ.exe
  2⤵
  PID:10424
- C:\Windows\System\EJlCPOV.exe
  C:\Windows\System\EJlCPOV.exe
  2⤵
  PID:10448
- C:\Windows\System\qQpxmiN.exe
  C:\Windows\System\qQpxmiN.exe
  2⤵
  PID:10472
- C:\Windows\System\QGGNrJV.exe
  C:\Windows\System\QGGNrJV.exe
  2⤵
  PID:10512
- C:\Windows\System\hAuHkLJ.exe
  C:\Windows\System\hAuHkLJ.exe
  2⤵
  PID:10536
- C:\Windows\System\INtRjQW.exe
  C:\Windows\System\INtRjQW.exe
  2⤵
  PID:10552
- C:\Windows\System\AWrmTQF.exe
  C:\Windows\System\AWrmTQF.exe
  2⤵
  PID:10568
- C:\Windows\System\NzdFYmy.exe
  C:\Windows\System\NzdFYmy.exe
  2⤵
  PID:10600
- C:\Windows\System\IxEMzTm.exe
  C:\Windows\System\IxEMzTm.exe
  2⤵
  PID:10648
- C:\Windows\System\ovlxFJz.exe
  C:\Windows\System\ovlxFJz.exe
  2⤵
  PID:10676
- C:\Windows\System\EqTafBn.exe
  C:\Windows\System\EqTafBn.exe
  2⤵
  PID:10716
- C:\Windows\System\wVpymBJ.exe
  C:\Windows\System\wVpymBJ.exe
  2⤵
  PID:10744
- C:\Windows\System\wwlSvkI.exe
  C:\Windows\System\wwlSvkI.exe
  2⤵
  PID:10780
- C:\Windows\System\hUNYkaZ.exe
  C:\Windows\System\hUNYkaZ.exe
  2⤵
  PID:10800
- C:\Windows\System\zJumZbb.exe
  C:\Windows\System\zJumZbb.exe
  2⤵
  PID:10828
- C:\Windows\System\KhMjjkL.exe
  C:\Windows\System\KhMjjkL.exe
  2⤵
  PID:10848
- C:\Windows\System\AslCRhZ.exe
  C:\Windows\System\AslCRhZ.exe
  2⤵
  PID:10872
- C:\Windows\System\MglMMIE.exe
  C:\Windows\System\MglMMIE.exe
  2⤵
  PID:10888
- C:\Windows\System\kliKjZm.exe
  C:\Windows\System\kliKjZm.exe
  2⤵
  PID:10908
- C:\Windows\System\BMmcLtK.exe
  C:\Windows\System\BMmcLtK.exe
  2⤵
  PID:10932
- C:\Windows\System\tyyGmLp.exe
  C:\Windows\System\tyyGmLp.exe
  2⤵
  PID:10956
- C:\Windows\System\vojMonF.exe
  C:\Windows\System\vojMonF.exe
  2⤵
  PID:10972
- C:\Windows\System\LzfMIuu.exe
  C:\Windows\System\LzfMIuu.exe
  2⤵
  PID:11004
- C:\Windows\System\MkSEEvP.exe
  C:\Windows\System\MkSEEvP.exe
  2⤵
  PID:11020
- C:\Windows\System\SfmZVrv.exe
  C:\Windows\System\SfmZVrv.exe
  2⤵
  PID:11048
- C:\Windows\System\WkAddpx.exe
  C:\Windows\System\WkAddpx.exe
  2⤵
  PID:11072
- C:\Windows\System\iUqYzIr.exe
  C:\Windows\System\iUqYzIr.exe
  2⤵
  PID:11104
- C:\Windows\System\yUgwcOz.exe
  C:\Windows\System\yUgwcOz.exe
  2⤵
  PID:11128
- C:\Windows\System\gLFhvKf.exe
  C:\Windows\System\gLFhvKf.exe
  2⤵
  PID:11156
- C:\Windows\System\EDyekhd.exe
  C:\Windows\System\EDyekhd.exe
  2⤵
  PID:11188
- C:\Windows\System\WQaHVOB.exe
  C:\Windows\System\WQaHVOB.exe
  2⤵
  PID:11216
- C:\Windows\System\jvalUZW.exe
  C:\Windows\System\jvalUZW.exe
  2⤵
  PID:11260
- C:\Windows\System\cGQVcTW.exe
  C:\Windows\System\cGQVcTW.exe
  2⤵
  PID:10248
- C:\Windows\System\LVKBFwf.exe
  C:\Windows\System\LVKBFwf.exe
  2⤵
  PID:10352
- C:\Windows\System\oQjjCvP.exe
  C:\Windows\System\oQjjCvP.exe
  2⤵
  PID:10404
- C:\Windows\System\wunzRnk.exe
  C:\Windows\System\wunzRnk.exe
  2⤵
  PID:10480
- C:\Windows\System\vlLInnl.exe
  C:\Windows\System\vlLInnl.exe
  2⤵
  PID:10500
- C:\Windows\System\zOEvRSR.exe
  C:\Windows\System\zOEvRSR.exe
  2⤵
  PID:10564
- C:\Windows\System\KkMAIYi.exe
  C:\Windows\System\KkMAIYi.exe
  2⤵
  PID:10620
- C:\Windows\System\AAzSVjY.exe
  C:\Windows\System\AAzSVjY.exe
  2⤵
  PID:10696
- C:\Windows\System\TErZQUE.exe
  C:\Windows\System\TErZQUE.exe
  2⤵
  PID:10760
- C:\Windows\System\PugPnwP.exe
  C:\Windows\System\PugPnwP.exe
  2⤵
  PID:10816
- C:\Windows\System\EFSWiwg.exe
  C:\Windows\System\EFSWiwg.exe
  2⤵
  PID:10968
- C:\Windows\System\apIqZoy.exe
  C:\Windows\System\apIqZoy.exe
  2⤵
  PID:10948
- C:\Windows\System\qizdAeD.exe
  C:\Windows\System\qizdAeD.exe
  2⤵
  PID:10920
- C:\Windows\System\FfAZlyO.exe
  C:\Windows\System\FfAZlyO.exe
  2⤵
  PID:11124
- C:\Windows\System\dCMTCHz.exe
  C:\Windows\System\dCMTCHz.exe
  2⤵
  PID:11176
- C:\Windows\System\pWcClgm.exe
  C:\Windows\System\pWcClgm.exe
  2⤵
  PID:10288
- C:\Windows\System\pCvYYAg.exe
  C:\Windows\System\pCvYYAg.exe
  2⤵
  PID:10372
- C:\Windows\System\pWNKfHS.exe
  C:\Windows\System\pWNKfHS.exe
  2⤵
  PID:10488
- C:\Windows\System\ZczRtQA.exe
  C:\Windows\System\ZczRtQA.exe
  2⤵
  PID:10592
- C:\Windows\System\VfsqRsg.exe
  C:\Windows\System\VfsqRsg.exe
  2⤵
  PID:10588
- C:\Windows\System\kAnhISH.exe
  C:\Windows\System\kAnhISH.exe
  2⤵
  PID:10996
- C:\Windows\System\ACPtzoS.exe
  C:\Windows\System\ACPtzoS.exe
  2⤵
  PID:11120
- C:\Windows\System\urultHm.exe
  C:\Windows\System\urultHm.exe
  2⤵
  PID:11164
- C:\Windows\System\HRQdsKB.exe
  C:\Windows\System\HRQdsKB.exe
  2⤵
  PID:10560
- C:\Windows\System\VJLAjaM.exe
  C:\Windows\System\VJLAjaM.exe
  2⤵
  PID:10192
- C:\Windows\System\sxQZekj.exe
  C:\Windows\System\sxQZekj.exe
  2⤵
  PID:11140
- C:\Windows\System\JEoNUEh.exe
  C:\Windows\System\JEoNUEh.exe
  2⤵
  PID:10864
- C:\Windows\System\xjlaMKQ.exe
  C:\Windows\System\xjlaMKQ.exe
  2⤵
  PID:11284
- C:\Windows\System\wHIUukk.exe
  C:\Windows\System\wHIUukk.exe
  2⤵
  PID:11312
- C:\Windows\System\ugzbeJl.exe
  C:\Windows\System\ugzbeJl.exe
  2⤵
  PID:11336
- C:\Windows\System\vApoFQO.exe
  C:\Windows\System\vApoFQO.exe
  2⤵
  PID:11356
- C:\Windows\System\BYEDvAw.exe
  C:\Windows\System\BYEDvAw.exe
  2⤵
  PID:11384
- C:\Windows\System\iPFhXDq.exe
  C:\Windows\System\iPFhXDq.exe
  2⤵
  PID:11420
- C:\Windows\System\JfBoBxt.exe
  C:\Windows\System\JfBoBxt.exe
  2⤵
  PID:11440
- C:\Windows\System\ZXrVeFB.exe
  C:\Windows\System\ZXrVeFB.exe
  2⤵
  PID:11456
- C:\Windows\System\FKwWKVl.exe
  C:\Windows\System\FKwWKVl.exe
  2⤵
  PID:11472
- C:\Windows\System\UvMorsh.exe
  C:\Windows\System\UvMorsh.exe
  2⤵
  PID:11504
- C:\Windows\System\FcdfNas.exe
  C:\Windows\System\FcdfNas.exe
  2⤵
  PID:11536
- C:\Windows\System\OXdlqiP.exe
  C:\Windows\System\OXdlqiP.exe
  2⤵
  PID:11556
- C:\Windows\System\wCcrxSP.exe
  C:\Windows\System\wCcrxSP.exe
  2⤵
  PID:11592
- C:\Windows\System\XYiIPfI.exe
  C:\Windows\System\XYiIPfI.exe
  2⤵
  PID:11616
- C:\Windows\System\hXYkNtG.exe
  C:\Windows\System\hXYkNtG.exe
  2⤵
  PID:11652
- C:\Windows\System\QoHonMy.exe
  C:\Windows\System\QoHonMy.exe
  2⤵
  PID:11676
- C:\Windows\System\iGUTaBK.exe
  C:\Windows\System\iGUTaBK.exe
  2⤵
  PID:11696
- C:\Windows\System\wEONRAA.exe
  C:\Windows\System\wEONRAA.exe
  2⤵
  PID:11712
- C:\Windows\System\QaICcGr.exe
  C:\Windows\System\QaICcGr.exe
  2⤵
  PID:11736
- C:\Windows\System\ixBbZrz.exe
  C:\Windows\System\ixBbZrz.exe
  2⤵
  PID:11752
- C:\Windows\System\udZUbLU.exe
  C:\Windows\System\udZUbLU.exe
  2⤵
  PID:11772
- C:\Windows\System\exyBOIf.exe
  C:\Windows\System\exyBOIf.exe
  2⤵
  PID:11792
- C:\Windows\System\rwJUiuz.exe
  C:\Windows\System\rwJUiuz.exe
  2⤵
  PID:11812
- C:\Windows\System\fZGghJH.exe
  C:\Windows\System\fZGghJH.exe
  2⤵
  PID:11840
- C:\Windows\System\AFMjjbp.exe
  C:\Windows\System\AFMjjbp.exe
  2⤵
  PID:11868
- C:\Windows\System\SSfARxL.exe
  C:\Windows\System\SSfARxL.exe
  2⤵
  PID:11900
- C:\Windows\System\jHsWPxC.exe
  C:\Windows\System\jHsWPxC.exe
  2⤵
  PID:11932
- C:\Windows\System\MGjKFTw.exe
  C:\Windows\System\MGjKFTw.exe
  2⤵
  PID:11968
- C:\Windows\System\tlmjVlH.exe
  C:\Windows\System\tlmjVlH.exe
  2⤵
  PID:12004
- C:\Windows\System\mvKrjgp.exe
  C:\Windows\System\mvKrjgp.exe
  2⤵
  PID:12036
- C:\Windows\System\nlqBpKP.exe
  C:\Windows\System\nlqBpKP.exe
  2⤵
  PID:12072
- C:\Windows\System\zrFWGKM.exe
  C:\Windows\System\zrFWGKM.exe
  2⤵
  PID:12100
- C:\Windows\System\wcoJOKd.exe
  C:\Windows\System\wcoJOKd.exe
  2⤵
  PID:12132
- C:\Windows\System\rSlVYFo.exe
  C:\Windows\System\rSlVYFo.exe
  2⤵
  PID:12168
- C:\Windows\System\FgqkwYm.exe
  C:\Windows\System\FgqkwYm.exe
  2⤵
  PID:12200
- C:\Windows\System\uEENQOK.exe
  C:\Windows\System\uEENQOK.exe
  2⤵
  PID:12232
- C:\Windows\System\GXMDFZi.exe
  C:\Windows\System\GXMDFZi.exe
  2⤵
  PID:12260
- C:\Windows\System\BeGBLaM.exe
  C:\Windows\System\BeGBLaM.exe
  2⤵
  PID:10880
- C:\Windows\System\PoluTxX.exe
  C:\Windows\System\PoluTxX.exe
  2⤵
  PID:11304
- C:\Windows\System\VaLpsKz.exe
  C:\Windows\System\VaLpsKz.exe
  2⤵
  PID:11396
- C:\Windows\System\TNgSTIU.exe
  C:\Windows\System\TNgSTIU.exe
  2⤵
  PID:11448
- C:\Windows\System\sjihkgP.exe
  C:\Windows\System\sjihkgP.exe
  2⤵
  PID:11524
- C:\Windows\System\HuYUUqP.exe
  C:\Windows\System\HuYUUqP.exe
  2⤵
  PID:11512
- C:\Windows\System\JjroAdf.exe
  C:\Windows\System\JjroAdf.exe
  2⤵
  PID:11636
- C:\Windows\System\BuhasTY.exe
  C:\Windows\System\BuhasTY.exe
  2⤵
  PID:11668
- C:\Windows\System\wCPLSIF.exe
  C:\Windows\System\wCPLSIF.exe
  2⤵
  PID:11704
- C:\Windows\System\slEmRgk.exe
  C:\Windows\System\slEmRgk.exe
  2⤵
  PID:11732
- C:\Windows\System\QQeBrBl.exe
  C:\Windows\System\QQeBrBl.exe
  2⤵
  PID:11828
- C:\Windows\System\JRYTDgC.exe
  C:\Windows\System\JRYTDgC.exe
  2⤵
  PID:12000
- C:\Windows\System\AWPbJrH.exe
  C:\Windows\System\AWPbJrH.exe
  2⤵
  PID:12028
- C:\Windows\System\SlStIjf.exe
  C:\Windows\System\SlStIjf.exe
  2⤵
  PID:11976
- C:\Windows\System\nDCPxdD.exe
  C:\Windows\System\nDCPxdD.exe
  2⤵
  PID:12164
- C:\Windows\System\FAibCGY.exe
  C:\Windows\System\FAibCGY.exe
  2⤵
  PID:12216
- C:\Windows\System\ewgrWGX.exe
  C:\Windows\System\ewgrWGX.exe
  2⤵
  PID:11408
- C:\Windows\System\fatZBCd.exe
  C:\Windows\System\fatZBCd.exe
  2⤵
  PID:11352
- C:\Windows\System\isZxdMQ.exe
  C:\Windows\System\isZxdMQ.exe
  2⤵
  PID:11664
- C:\Windows\System\uoKDIfe.exe
  C:\Windows\System\uoKDIfe.exe
  2⤵
  PID:11748
- C:\Windows\System\ZWKXNob.exe
  C:\Windows\System\ZWKXNob.exe
  2⤵
  PID:11724
- C:\Windows\System\IKwosRg.exe
  C:\Windows\System\IKwosRg.exe
  2⤵
  PID:12128
- C:\Windows\System\vwHIAjn.exe
  C:\Windows\System\vwHIAjn.exe
  2⤵
  PID:12224
- C:\Windows\System\WBZtUtQ.exe
  C:\Windows\System\WBZtUtQ.exe
  2⤵
  PID:11576
- C:\Windows\System\SghIAXR.exe
  C:\Windows\System\SghIAXR.exe
  2⤵
  PID:12048
- C:\Windows\System\rAjhQYz.exe
  C:\Windows\System\rAjhQYz.exe
  2⤵
  PID:11344
- C:\Windows\System\GpXmozD.exe
  C:\Windows\System\GpXmozD.exe
  2⤵
  PID:12312
- C:\Windows\System\UBKwcRA.exe
  C:\Windows\System\UBKwcRA.exe
  2⤵
  PID:12328
- C:\Windows\System\yTLyfhl.exe
  C:\Windows\System\yTLyfhl.exe
  2⤵
  PID:12356
- C:\Windows\System\JFUoKpB.exe
  C:\Windows\System\JFUoKpB.exe
  2⤵
  PID:12376
- C:\Windows\System\NgCYutv.exe
  C:\Windows\System\NgCYutv.exe
  2⤵
  PID:12400
- C:\Windows\System\QyvNmKV.exe
  C:\Windows\System\QyvNmKV.exe
  2⤵
  PID:12416
- C:\Windows\System\iNgYmtU.exe
  C:\Windows\System\iNgYmtU.exe
  2⤵
  PID:12452
- C:\Windows\System\DKPLCwJ.exe
  C:\Windows\System\DKPLCwJ.exe
  2⤵
  PID:12484
- C:\Windows\System\QVZBTQA.exe
  C:\Windows\System\QVZBTQA.exe
  2⤵
  PID:12512
- C:\Windows\System\jdsLgAQ.exe
  C:\Windows\System\jdsLgAQ.exe
  2⤵
  PID:12540
- C:\Windows\System\xzYKhAx.exe
  C:\Windows\System\xzYKhAx.exe
  2⤵
  PID:12572
- C:\Windows\System\ptxIBYv.exe
  C:\Windows\System\ptxIBYv.exe
  2⤵
  PID:12596
- C:\Windows\System\RoWaMeN.exe
  C:\Windows\System\RoWaMeN.exe
  2⤵
  PID:12624
- C:\Windows\System\jfcVvmv.exe
  C:\Windows\System\jfcVvmv.exe
  2⤵
  PID:12640
- C:\Windows\System\KmwksTf.exe
  C:\Windows\System\KmwksTf.exe
  2⤵
  PID:12668
- C:\Windows\System\OosopMi.exe
  C:\Windows\System\OosopMi.exe
  2⤵
  PID:12696
- C:\Windows\System\QIrDQwo.exe
  C:\Windows\System\QIrDQwo.exe
  2⤵
  PID:12724
- C:\Windows\System\GIlmlQt.exe
  C:\Windows\System\GIlmlQt.exe
  2⤵
  PID:12748
- C:\Windows\System\VcVKmjg.exe
  C:\Windows\System\VcVKmjg.exe
  2⤵
  PID:12788
- C:\Windows\System\nDUYaHv.exe
  C:\Windows\System\nDUYaHv.exe
  2⤵
  PID:12808
- C:\Windows\System\DayXzpj.exe
  C:\Windows\System\DayXzpj.exe
  2⤵
  PID:12836
- C:\Windows\System\eVPppYK.exe
  C:\Windows\System\eVPppYK.exe
  2⤵
  PID:12856
- C:\Windows\System\zRUrYsj.exe
  C:\Windows\System\zRUrYsj.exe
  2⤵
  PID:12876
- C:\Windows\System\oIcSoKG.exe
  C:\Windows\System\oIcSoKG.exe
  2⤵
  PID:12916
- C:\Windows\System\aYmFhGC.exe
  C:\Windows\System\aYmFhGC.exe
  2⤵
  PID:12940
- C:\Windows\System\oGlrfbo.exe
  C:\Windows\System\oGlrfbo.exe
  2⤵
  PID:12968
- C:\Windows\System\xCfnzuR.exe
  C:\Windows\System\xCfnzuR.exe
  2⤵
  PID:12988
- C:\Windows\System\iLtdQwJ.exe
  C:\Windows\System\iLtdQwJ.exe
  2⤵
  PID:13020
- C:\Windows\System\TmVnxSz.exe
  C:\Windows\System\TmVnxSz.exe
  2⤵
  PID:13048
- C:\Windows\System\ulCIXsN.exe
  C:\Windows\System\ulCIXsN.exe
  2⤵
  PID:13084
- C:\Windows\System\UGKVqCZ.exe
  C:\Windows\System\UGKVqCZ.exe
  2⤵
  PID:13120
- C:\Windows\System\KSaulBE.exe
  C:\Windows\System\KSaulBE.exe
  2⤵
  PID:13148
- C:\Windows\System\jFIjyrb.exe
  C:\Windows\System\jFIjyrb.exe
  2⤵
  PID:13172
- C:\Windows\System\PwvjgXj.exe
  C:\Windows\System\PwvjgXj.exe
  2⤵
  PID:13192
- C:\Windows\System\AtHPUsy.exe
  C:\Windows\System\AtHPUsy.exe
  2⤵
  PID:13220
- C:\Windows\System\OwiyGAt.exe
  C:\Windows\System\OwiyGAt.exe
  2⤵
  PID:13244
- C:\Windows\System\OMvxVFf.exe
  C:\Windows\System\OMvxVFf.exe
  2⤵
  PID:13272
- C:\Windows\System\pqzxcpw.exe
  C:\Windows\System\pqzxcpw.exe
  2⤵
  PID:13304
- C:\Windows\System\ladkmOz.exe
  C:\Windows\System\ladkmOz.exe
  2⤵
  PID:2512
- C:\Windows\System\bbCAbBP.exe
  C:\Windows\System\bbCAbBP.exe
  2⤵
  PID:12352
- C:\Windows\System\mkYuYSU.exe
  C:\Windows\System\mkYuYSU.exe
  2⤵
  PID:12408
- C:\Windows\System\waXmNcz.exe
  C:\Windows\System\waXmNcz.exe
  2⤵
  PID:12440
- C:\Windows\System\FFHYgbd.exe
  C:\Windows\System\FFHYgbd.exe
  2⤵
  PID:12504
- C:\Windows\System\joEVkbM.exe
  C:\Windows\System\joEVkbM.exe
  2⤵
  PID:12608
- C:\Windows\System\ATpWMtb.exe
  C:\Windows\System\ATpWMtb.exe
  2⤵
  PID:12716
- C:\Windows\System\aSXmhLm.exe
  C:\Windows\System\aSXmhLm.exe
  2⤵
  PID:12820
- C:\Windows\System\VkXhpwj.exe
  C:\Windows\System\VkXhpwj.exe
  2⤵
  PID:12824
- C:\Windows\System\GMFfeKG.exe
  C:\Windows\System\GMFfeKG.exe
  2⤵
  PID:12924
- C:\Windows\System\jdaTgHD.exe
  C:\Windows\System\jdaTgHD.exe
  2⤵
  PID:4648
- C:\Windows\System\uJKLgKm.exe
  C:\Windows\System\uJKLgKm.exe
  2⤵
  PID:13032
- C:\Windows\System\DqKHurb.exe
  C:\Windows\System\DqKHurb.exe
  2⤵
  PID:13060
- C:\Windows\System\ryEVckj.exe
  C:\Windows\System\ryEVckj.exe
  2⤵
  PID:13168
- C:\Windows\System\WojqndL.exe
  C:\Windows\System\WojqndL.exe
  2⤵
  PID:13260
- C:\Windows\System\MEMrMBH.exe
  C:\Windows\System\MEMrMBH.exe
  2⤵
  PID:13204
- C:\Windows\System\rdmFgcE.exe
  C:\Windows\System\rdmFgcE.exe
  2⤵
  PID:12384
- C:\Windows\System\WCyBznU.exe
  C:\Windows\System\WCyBznU.exe
  2⤵
  PID:12436
- C:\Windows\System\SqrBvpS.exe
  C:\Windows\System\SqrBvpS.exe
  2⤵
  PID:12532
- C:\Windows\System\NxVGLlJ.exe
  C:\Windows\System\NxVGLlJ.exe
  2⤵
  PID:12684
- C:\Windows\System\IRzgMsz.exe
  C:\Windows\System\IRzgMsz.exe
  2⤵
  PID:12828
- C:\Windows\System\CghyxGI.exe
  C:\Windows\System\CghyxGI.exe
  2⤵
  PID:13000
- C:\Windows\System\aCatdJz.exe
  C:\Windows\System\aCatdJz.exe
  2⤵
  PID:13112
- C:\Windows\System\gJPNYkV.exe
  C:\Windows\System\gJPNYkV.exe
  2⤵
  PID:13296
- C:\Windows\System\KykclRd.exe
  C:\Windows\System\KykclRd.exe
  2⤵
  PID:12652
- C:\Windows\System\aTMopzq.exe
  C:\Windows\System\aTMopzq.exe
  2⤵
  PID:12392
- C:\Windows\System\WwukZDr.exe
  C:\Windows\System\WwukZDr.exe
  2⤵
  PID:12324
- C:\Windows\System\LDaXiSE.exe
  C:\Windows\System\LDaXiSE.exe
  2⤵
  PID:13320
- C:\Windows\System\iGkvnNW.exe
  C:\Windows\System\iGkvnNW.exe
  2⤵
  PID:13364
- C:\Windows\System\TEqXyif.exe
  C:\Windows\System\TEqXyif.exe
  2⤵
  PID:13396
- C:\Windows\System\RVcrDRx.exe
  C:\Windows\System\RVcrDRx.exe
  2⤵
  PID:13420
- C:\Windows\System\RWdipJs.exe
  C:\Windows\System\RWdipJs.exe
  2⤵
  PID:13440
- C:\Windows\System\FlqvKzB.exe
  C:\Windows\System\FlqvKzB.exe
  2⤵
  PID:13456
- C:\Windows\System\LGPoqpl.exe
  C:\Windows\System\LGPoqpl.exe
  2⤵
  PID:13476
- C:\Windows\System\mizVmYA.exe
  C:\Windows\System\mizVmYA.exe
  2⤵
  PID:13500
- C:\Windows\System\imCbmxQ.exe
  C:\Windows\System\imCbmxQ.exe
  2⤵
  PID:13532
- C:\Windows\System\bUztXXN.exe
  C:\Windows\System\bUztXXN.exe
  2⤵
  PID:13556
- C:\Windows\System\NlVxFUx.exe
  C:\Windows\System\NlVxFUx.exe
  2⤵
  PID:13572
- C:\Windows\System\aSdAxuk.exe
  C:\Windows\System\aSdAxuk.exe
  2⤵
  PID:13600
- C:\Windows\System\lLcSSuQ.exe
  C:\Windows\System\lLcSSuQ.exe
  2⤵
  PID:13632
- C:\Windows\System\EPWwWMN.exe
  C:\Windows\System\EPWwWMN.exe
  2⤵
  PID:13652
- C:\Windows\System\NmPxAVB.exe
  C:\Windows\System\NmPxAVB.exe
  2⤵
  PID:13672
- C:\Windows\System\eTXRmcs.exe
  C:\Windows\System\eTXRmcs.exe
  2⤵
  PID:13688
- C:\Windows\System\DLEKsmn.exe
  C:\Windows\System\DLEKsmn.exe
  2⤵
  PID:13708
- C:\Windows\System\zBmRqog.exe
  C:\Windows\System\zBmRqog.exe
  2⤵
  PID:13736
- C:\Windows\System\xLAWQNS.exe
  C:\Windows\System\xLAWQNS.exe
  2⤵
  PID:13752
- C:\Windows\System\MUFslTo.exe
  C:\Windows\System\MUFslTo.exe
  2⤵
  PID:13772
- C:\Windows\System\gDYJIBj.exe
  C:\Windows\System\gDYJIBj.exe
  2⤵
  PID:13800
- C:\Windows\System\LHaEvxC.exe
  C:\Windows\System\LHaEvxC.exe
  2⤵
  PID:13828
- C:\Windows\System\BBkGNlx.exe
  C:\Windows\System\BBkGNlx.exe
  2⤵
  PID:13852
- C:\Windows\System\opDvdjH.exe
  C:\Windows\System\opDvdjH.exe
  2⤵
  PID:13892
- C:\Windows\System\pXLVpmT.exe
  C:\Windows\System\pXLVpmT.exe
  2⤵
  PID:13932
- C:\Windows\System\MHxhcNP.exe
  C:\Windows\System\MHxhcNP.exe
  2⤵
  PID:13972
- C:\Windows\System\wbeCeDW.exe
  C:\Windows\System\wbeCeDW.exe
  2⤵
  PID:14004
- C:\Windows\System\mGJNEUx.exe
  C:\Windows\System\mGJNEUx.exe
  2⤵
  PID:14032
- C:\Windows\System\BgOKGIJ.exe
  C:\Windows\System\BgOKGIJ.exe
  2⤵
  PID:14056
- C:\Windows\System\ybaLyco.exe
  C:\Windows\System\ybaLyco.exe
  2⤵
  PID:14084
- C:\Windows\System\moYlvLi.exe
  C:\Windows\System\moYlvLi.exe
  2⤵
  PID:14104
- C:\Windows\System\mirUrqF.exe
  C:\Windows\System\mirUrqF.exe
  2⤵
  PID:14128
- C:\Windows\System\QNLvQYd.exe
  C:\Windows\System\QNLvQYd.exe
  2⤵
  PID:14164
- C:\Windows\System\HOimHpP.exe
  C:\Windows\System\HOimHpP.exe
  2⤵
  PID:14192
- C:\Windows\System\NCaXlVq.exe
  C:\Windows\System\NCaXlVq.exe
  2⤵
  PID:14228
- C:\Windows\System\QxtmtCV.exe
  C:\Windows\System\QxtmtCV.exe
  2⤵
  PID:14268
- C:\Windows\System\KjaipSU.exe
  C:\Windows\System\KjaipSU.exe
  2⤵
  PID:14296
- C:\Windows\System\PInKqXl.exe
  C:\Windows\System\PInKqXl.exe
  2⤵
  PID:14324
- C:\Windows\System\BneMDUb.exe
  C:\Windows\System\BneMDUb.exe
  2⤵
  PID:13288
- C:\Windows\System\pggYRCo.exe
  C:\Windows\System\pggYRCo.exe
  2⤵
  PID:13416
- C:\Windows\System\disAmnH.exe
  C:\Windows\System\disAmnH.exe
  2⤵
  PID:13524
- C:\Windows\System\TcTtKBn.exe
  C:\Windows\System\TcTtKBn.exe
  2⤵
  PID:13596
- C:\Windows\System\yGZWdFy.exe
  C:\Windows\System\yGZWdFy.exe
  2⤵
  PID:13516
- C:\Windows\System\RbplKMw.exe
  C:\Windows\System\RbplKMw.exe
  2⤵
  PID:13664
- C:\Windows\System\RlJmSMf.exe
  C:\Windows\System\RlJmSMf.exe
  2⤵
  PID:13788
- C:\Windows\System\gYEGJWY.exe
  C:\Windows\System\gYEGJWY.exe
  2⤵
  PID:13724
- C:\Windows\System\aQJuKag.exe
  C:\Windows\System\aQJuKag.exe
  2⤵
  PID:13760
- C:\Windows\System\NpCNjiU.exe
  C:\Windows\System\NpCNjiU.exe
  2⤵
  PID:13968
- C:\Windows\System\rGCkAjW.exe
  C:\Windows\System\rGCkAjW.exe
  2⤵
  PID:13812
- C:\Windows\System\PASUquc.exe
  C:\Windows\System\PASUquc.exe
  2⤵
  PID:13848
- C:\Windows\System\qtqESWZ.exe
  C:\Windows\System\qtqESWZ.exe
  2⤵
  PID:14096
- C:\Windows\System\WyNBBcc.exe
  C:\Windows\System\WyNBBcc.exe
  2⤵
  PID:14092
- C:\Windows\System\agVjAkt.exe
  C:\Windows\System\agVjAkt.exe
  2⤵
  PID:14176
- C:\Windows\System\WNLyEnE.exe
  C:\Windows\System\WNLyEnE.exe
  2⤵
  PID:14200
- C:\Windows\System\SASQXvr.exe
  C:\Windows\System\SASQXvr.exe
  2⤵
  PID:14260
- C:\Windows\System\eCuoCnm.exe
  C:\Windows\System\eCuoCnm.exe
  2⤵
  PID:13336
- C:\Windows\System\BDDTxFI.exe
  C:\Windows\System\BDDTxFI.exe
  2⤵
  PID:13780
- C:\Windows\System\gYyWfOY.exe
  C:\Windows\System\gYyWfOY.exe
  2⤵
  PID:13784
- C:\Windows\System\QELzcge.exe
  C:\Windows\System\QELzcge.exe
  2⤵
  PID:13952
- C:\Windows\System\iQfMlfc.exe
  C:\Windows\System\iQfMlfc.exe
  2⤵
  PID:14216
- C:\Windows\System\RmiMaUI.exe
  C:\Windows\System\RmiMaUI.exe
  2⤵
  PID:12528
- C:\Windows\System\hXSHoHG.exe
  C:\Windows\System\hXSHoHG.exe
  2⤵
  PID:14356
- C:\Windows\System\fUDrVoi.exe
  C:\Windows\System\fUDrVoi.exe
  2⤵
  PID:14380
- C:\Windows\System\ZyRQrot.exe
  C:\Windows\System\ZyRQrot.exe
  2⤵
  PID:14400
- C:\Windows\System\IDMXYNk.exe
  C:\Windows\System\IDMXYNk.exe
  2⤵
  PID:14420
- C:\Windows\System\uTroxPc.exe
  C:\Windows\System\uTroxPc.exe
  2⤵
  PID:14436
- C:\Windows\System\gmUXfXL.exe
  C:\Windows\System\gmUXfXL.exe
  2⤵
  PID:14456
- C:\Windows\System\dKprXru.exe
  C:\Windows\System\dKprXru.exe
  2⤵
  PID:14492
- C:\Windows\System\WlsPCJJ.exe
  C:\Windows\System\WlsPCJJ.exe
  2⤵
  PID:14536
- C:\Windows\System\fZBGLWU.exe
  C:\Windows\System\fZBGLWU.exe
  2⤵
  PID:14592
- C:\Windows\System\PLtnZFF.exe
  C:\Windows\System\PLtnZFF.exe
  2⤵
  PID:14608
- C:\Windows\System\HlOQRpD.exe
  C:\Windows\System\HlOQRpD.exe
  2⤵
  PID:14628
- C:\Windows\System\iLmsepA.exe
  C:\Windows\System\iLmsepA.exe
  2⤵
  PID:14668
- C:\Windows\System\yCPPHdV.exe
  C:\Windows\System\yCPPHdV.exe
  2⤵
  PID:14708
- C:\Windows\System\DfOxPQw.exe
  C:\Windows\System\DfOxPQw.exe
  2⤵
  PID:14724
- C:\Windows\System\DpJsNnb.exe
  C:\Windows\System\DpJsNnb.exe
  2⤵
  PID:14748
- C:\Windows\System\OFEkikk.exe
  C:\Windows\System\OFEkikk.exe
  2⤵
  PID:14776
- C:\Windows\System\FKRzJRB.exe
  C:\Windows\System\FKRzJRB.exe
  2⤵
  PID:14804
- C:\Windows\System\pIXEaRh.exe
  C:\Windows\System\pIXEaRh.exe
  2⤵
  PID:14832
- C:\Windows\System\gszfNVl.exe
  C:\Windows\System\gszfNVl.exe
  2⤵
  PID:14868
- C:\Windows\System\tXNMOSV.exe
  C:\Windows\System\tXNMOSV.exe
  2⤵
  PID:14884
- C:\Windows\System\BXdZmYJ.exe
  C:\Windows\System\BXdZmYJ.exe
  2⤵
  PID:14916
- C:\Windows\System\iyILcbD.exe
  C:\Windows\System\iyILcbD.exe
  2⤵
  PID:14932

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AzTdYjX.exe

Filesize
2.2MB

MD5
57287d2e519a57c4f7cc83184f8ae6d4

SHA1
1307c319d390b1c8e2d0029c63be11fd2cd45f42

SHA256
f8eaf1794d061786b4d53dda96e7b8feb7090825306b602f879e9a63cb01e746

SHA512
45778e9086a8d4749393b7dc1e8fb6819e3e2f5ffd44f4ec1f18219265188fba54a6002db9b09a7450a0051df521233e2ac3a0651dca2e3326a99e5db9ff3489

Download Submit
C:\Windows\System\CSJtjFp.exe

Filesize
2.2MB

MD5
60bd2b00785515a7274ca44038fd316a

SHA1
2634deaf5658fd021ade1526427a3807bb940b3f

SHA256
31b2e4aa281c910578663113e9f3041f33fc754369ef834ea3c311cd7476d12c

SHA512
fbe52b2735995cdb3c7cc8e0ff05c66ea1f1e83d84360e672a46a150fea3bf0f94bf5aec6a184bb42ea111e093d2481c29b950d781b35b220ae993d63dcc83df

Download Submit
C:\Windows\System\DnYysNZ.exe

Filesize
2.2MB

MD5
ef55ed8ab293c2fc2eee849f38e2b30d

SHA1
659d8f1a963b307cf1045a58d50380cdf9b7ae48

SHA256
fb7e3657d4dc8211cf495989af45f49f6de121258c61011158201e72bc9bda75

SHA512
cc725d0c60d3674d454c9680c2df79ea38865a7fd90e326091a152f8e1c76c7ca504fd0880df4270e82afabcb6e3029f9299bd75b447ca731a74de4d5fbb7684

Download Submit
C:\Windows\System\FSfeezL.exe

Filesize
2.2MB

MD5
5957d186823b719b32dfdfb13c4b9006

SHA1
82369ca8de33b908cc161ee4df508faafcd24d6b

SHA256
179d584fcd93056c977d0d8652337c8227b99b5e0134558b34e1d761b96bafe9

SHA512
910a956062c2d424ceadd1857af3dc0d196c743c03ec4ecac52f34d4265603f7f33e3b2f63c7abf09d88c6ab750aaa67a0c49cdab3551f82391b4beed0a48c42

Download Submit
C:\Windows\System\GSupbyW.exe

Filesize
2.2MB

MD5
ca9de226240651f257887e34af6a18aa

SHA1
e690378382926c19ed07520d4f168058d4733691

SHA256
dcf6a64a8a7113f67640bcc05936d22b6616700c782e5c03454876baf987e115

SHA512
5e27e318fb21b3313bb40f86ffd39d584134640b3fbf9cfeb6d230436cce15c15ad72cd980cccbbf7bd03582d4ee1d25867c7ba211b354915371c682a6452431

Download Submit
C:\Windows\System\JClsTWj.exe

Filesize
2.2MB

MD5
d18181dc9523c19bd2870d51ae581163

SHA1
27d230265010810e20b1571fc073a8f81395bdf9

SHA256
5ae1780d94b4d33bd1984ff6691bc76a3e34bbe49ced81d8ad0d8ed7151b79a2

SHA512
6ec98160639810a03318352490600cbab011c60605f18667dd73c4af98cf5000b348080549cbe202fa2756d986882139ad6d32b9a6eacd8e841e703e3e8318f7

Download Submit
C:\Windows\System\JhrPZeI.exe

Filesize
2.2MB

MD5
47f05aea19138f8051d751c901eb995a

SHA1
7814024100a810ae5d3094256a76b217e1bb1f62

SHA256
6ae651f1db651756d22482d9b8dcd4ea4fe7955e90ad6aa953106ad12b654b26

SHA512
5680be6b1fecfb78b0cd317fc09939aa864d20674a02127c889c4e910303773676e2a9277a39d95856772a8e7a5781201d4c701db4c875e61df4e7045010be2b

Download Submit
C:\Windows\System\McHShlU.exe

Filesize
2.2MB

MD5
937d0b9d94ad2b3dea1115457355ee06

SHA1
73e8e79ad10d0c788a88189065a8f066edefae3c

SHA256
b15674f5cd51311b62ac96a71b9e80ce6c88986a8fa9768771f2607e867f4f72

SHA512
727f69feba090bc0eb54df9603ad5bb00e765fb84e665e01033c7588355d569912cfed3fe8894bb600586814c97c36abdafdce99e4f3c9f9fc525b5139fe457e

Download Submit
C:\Windows\System\NQZPSNv.exe

Filesize
2.2MB

MD5
baaba06cd041a8f73884bf11dff1716b

SHA1
aa5d01e46c2221be78c35bf5fb24fed05c193550

SHA256
4af9b98993684d5bdee305106eeb5607aa4148a69da2a100a29fda1ba8ef7799

SHA512
d7e81dfbbe1a5e0226b66c3dcaa69a544c4ccfb647a994d0d356fcb32b65fe3647d9bf537f4b095148362c2ae8ce23cbc43077857821211687214c64ab08342b

Download Submit
C:\Windows\System\PZUKLRv.exe

Filesize
2.2MB

MD5
c0bcd53857f3d0cde562319a1bbfa48f

SHA1
51ffa1b3b4e3b09a0146d236f2a808361d08439f

SHA256
622de5dcd259c2295063643d25754c02ae8811fb2c40614e2aef47732063bfcc

SHA512
f4422d9da3c1aafe04e5e361b5f95b1a72911a21fe36d6b093eb1c0bc6ab8534a6ccede6819e95085d5de08c7333e27d030438ab9078dea6d5f28ac1e16d5248

Download Submit
C:\Windows\System\QnlIFQd.exe

Filesize
2.2MB

MD5
e5f305546f6cd24bf8afb46c65dbe89c

SHA1
a57dfa97888703e2a826019fa8773d6fbec38d58

SHA256
36efcbc5640a28a89bd3355edd6601841ef12e7fb2bb2b9fd64abda37f861897

SHA512
8e7fb6ec26f17b64d1d750b4c47ace8585f8ca2647f4be0c3d8600c24fa7b248db47ecd9c9ccc1d3a46bdafd3debe29aafe01420930f3030560afbc775b6cc36

Download Submit
C:\Windows\System\QtnnEHk.exe

Filesize
2.2MB

MD5
fcd9db9b79c2df68e4ab9b5cf549c0e2

SHA1
6a42ed3c15705e4bc98928a65bc14fffc0e699b7

SHA256
0265c9d1a31eebf5694c2e02d011c6fab181d8c682dcd651ce7ff248b9d044df

SHA512
fbef2020b51b5702d1f76596f80ba6344b51e4b9a692e25cf114d12ae6c0b0552af200cb1392f2d64fa06610ea0280e5c200cb306464c6f88642fee5f793b0d9

Download Submit
C:\Windows\System\RDoXfaW.exe

Filesize
2.2MB

MD5
b013cd36b58655a1fd48d355a0a01e7d

SHA1
6a11bc04235c2e38170036cb39785fab3098a336

SHA256
2888f7aea652d7b79757fdf76495507213c4354340d24cf3e0a5b2ab1bcbde3f

SHA512
69821ef559cab187f96720d7a53348d0dd3d2411ef1fd07fa9f5ce3cfd3b2e1474fa16ec768379d3c5af96e70bd1ef8451e36ac92ea6b3d20cc0c60d0ed359e8

Download Submit
C:\Windows\System\SCqbIKv.exe

Filesize
2.2MB

MD5
f938333e7adfac694fcb2ed3563160ae

SHA1
f6aaeabdca81f78c81853cc24b48cc7159eda3a5

SHA256
2fe2da416a4c219da9a825ca7afd87f01b65931ac114b8e8025eda37cc6d2ee0

SHA512
21371b79da2d103f01c80fb6e0361dc29300983c594f67236a6d62464ff67c3ac323dbd8baa429da5f4730c07574ccb76724d19649a13775362ce7dcafb2a3de

Download Submit
C:\Windows\System\SKPHblL.exe

Filesize
2.2MB

MD5
debc6f0cbfd7d0e920d7951752e10675

SHA1
0515745ab0b09c2054304e0030fb6b5fb6558147

SHA256
3bd820849485a94b47ce3dff5eb42e552dae7a95f3267784e50ccc5d95254537

SHA512
e18cde5276caa52fc972b8dd2654ef7083ec5c59bf9ad451e81023ed4151099cc0102de6e8f3ce8d8a7cc113c46a5f09fc1b3707dcd533ab0f9791b9432c5e26

Download Submit
C:\Windows\System\SuyyDxd.exe

Filesize
2.2MB

MD5
9a79f340d22740648663ece5b9b97951

SHA1
35c2e3190ae5c206224059fc0190e8a6df62ce91

SHA256
63f5c0063e2b05ea0f2ba7153f23fbc52c2ea9a8cac31a078526105f1bfc4ff4

SHA512
bcca33f15b2b39d4a50a6a4a786f8fcf256e44ac2f2e83edd92c9f18324b82ae902a744fd4e02f177889facf37d0a1fd6317db8b18aba51904ce71eb6da7d398

Download Submit
C:\Windows\System\WPCVZKI.exe

Filesize
2.2MB

MD5
d813c8e4487fca41e1b1715f39886803

SHA1
f672aafa4274716448a5dd59981eb1b27aaa9106

SHA256
d536390e42c8fb084d7c121af9913261c4ec1229f9aa4e3feecf050254d6a1a9

SHA512
508dc14e899216d2923239d32fa65aa70441125e0a57eca6cf6fb3ab7ed00e2787b82cac8cde94d4afce89c151a121dcb7a0d33f4fbf6cd9de7f2dff3034c53f

Download Submit
C:\Windows\System\ZTPKFuc.exe

Filesize
2.3MB

MD5
dd0846834fed9a9b4af797d4920b4e7a

SHA1
67297287c28629c6865a7e0def0dd4f4271e4943

SHA256
c540d6a88bb94abc82e3c88d762a687f929a9f23a4594d9027decead3e0e1852

SHA512
f8e3659f6f6733b03a5553b439ac95253c000fb88fadccc2a532a3c891457f138c61b94ea75a573aaf474174793fc5efe52b6190d34cea7c2f9a02a62e141000

Download Submit
C:\Windows\System\caSJHgg.exe

Filesize
2.2MB

MD5
5987567bc9c9e30d99ad91795245a430

SHA1
80ee227ef661f3f8ab5b9638405b14e55ac11c7a

SHA256
fea5ca55776866b170c374f004d0b668b9e92921ac3763e0b21fc72f379a4fe2

SHA512
cb2d6e3cbd528f4c3819b8169f130378110e2439f56e9b4461be980071671ef05116ab8c77e704fe63365cc9ced3c9309d9878d820ae9c9f7e15c00df30ed7b9

Download Submit
C:\Windows\System\fDxSkfW.exe

Filesize
2.2MB

MD5
f86f6868b7a82874a49a5da6d47f791e

SHA1
10ccfc2aa65672f948b2389ae3f2f13c46123927

SHA256
089835c88fd0e48c3c656faa238c12ca2c77593279b70abac6f9d3ca539160bd

SHA512
9d7bba69037b79fe557981b9f608ab907d3870ca37051aab5f667b3ebf6073c929514fc4d3a83afd40b3cc0fe7bff479f09a66a3590a1daa7e2207662e0aeaee

Download Submit
C:\Windows\System\fqSlRrV.exe

Filesize
2.2MB

MD5
22301971748568a10a2bc84a0ac6f419

SHA1
257bf2e8b107bd94a96bb21d62224ddcdc22abbe

SHA256
fc7897e132c54ed03d2ae7788192f4d6c2c942018275c0407a3204d03fad2c84

SHA512
aff555da606f408701a8c61d5cb6e1d0b6170e50471304df406c3129eb6ff4bef120983b3d399e2242cf334375490435b7ce4e073d04e4a3ec1b411bdc60ea44

Download Submit
C:\Windows\System\gTkxLEq.exe

Filesize
2.2MB

MD5
0483a529a5f9d99084cc3b6bfb3dc277

SHA1
71c25f7e17bc987b992b1b6a10ccee87ee1e6912

SHA256
9f5e010be41a82fcad3af690a1ba805bbc93b17f54e477bc5659fbf6d1a32bc1

SHA512
bd831bb495775cd0942607f0cfd8e5e42b76bd55db81e09834efca69677d129a1a80a8b95780fe2030542902e24fe311c8e4d2becdcba86a9bce9a66a43deb56

Download Submit
C:\Windows\System\gfoMwFG.exe

Filesize
2.2MB

MD5
4c6041fbfd406947284521bb39053bf6

SHA1
af01f90f3dc8d95cfd4943896e23acd3829ce9ea

SHA256
d95e74a7462ae0dba70ffa21488503d524eff548f478befe21a3a3b3cfe5b2e2

SHA512
6a7f3443cfb8c9362da0bbeda4277154070c120d55e2af058711a21dc776f825c189f2b7d59ae37014b440ac9839a97df04ef890089f54b111a9d173041708c5

Download Submit
C:\Windows\System\gspbVKl.exe

Filesize
2.2MB

MD5
80d398403ccdf05f0c8d95a6e74acf42

SHA1
4d2296728db3d58e5684f3e7429dd902cef8b23d

SHA256
58b1ef7a69d530506e240c3d98599228e4eb912ab8ed0d458dc7ea8c9f4e9dce

SHA512
8f27d6509edac49a26c17feceff9a12317a9b35707c419f31e5122a8bb41f383bca39e72ae256d11191d8ae64d95de54747f9fb3bf6e18b2a27c9662161049d2

Download Submit
C:\Windows\System\lESeCYv.exe

Filesize
2.3MB

MD5
c7857dad71abe277ce9c7ae1edd46b9c

SHA1
6f3d46238a6771b764330671466f9916420f25db

SHA256
84f81ee846cbccc1349711609c22ceed339c4f05aa81ca46e5f3e7a36c29934d

SHA512
4292c0c2df91c10095a659d28313798e14fc03af13f66e8eb787594087fc9cbd31cceab1622edf1a2a12ca74d1ec989eab75d40dec0caa09bf59859cbef262d2

Download Submit
C:\Windows\System\lseWbmA.exe

Filesize
2.2MB

MD5
167eb6312b9f644cdb54f362b76ceaf6

SHA1
4ca3e690ede6e7d36e90dc6080314944643c12ec

SHA256
6e6c936f8400256ea496ecabe8e6e6681633df6708126c030636f3feaf502821

SHA512
76dca091d8b7f8775ee87e866072fb3e2d318c770c0a785d678e0618b487844d883f8c07df649dd896fd0152a6e4df676a8be1a221efcff01074a604a9213201

Download Submit
C:\Windows\System\mJhGQXN.exe

Filesize
2.2MB

MD5
fbf59fef4000bf10f6a770621535efe9

SHA1
7947839dce33f3fdaec972c26aa5cbbee400adcb

SHA256
7a472cc7c95d3837fbc7adbea0f44ca6005a526ae755b7a53de058c69e96c281

SHA512
7f41344fa629017a84d2b61bfa840e2a3413f9ef9ec1b57f57b0496fd047b0b8d44d6cf40d765e885a9a8b763617671947750122ed746ff8c8a0201b3f119df5

Download Submit
C:\Windows\System\mPUjDLo.exe

Filesize
2.2MB

MD5
174ad461179dde5f7e34c537f5dfc73e

SHA1
5ac5d89588a192b20463d4d0591694503553c41f

SHA256
435127335d31cdc354fc370f42644fd35a4a2f1dba44c4503ce9d3901ac156a3

SHA512
f5954c3a34e73d0a51e314734f84561afdc6cc9c4936f8ca0a377ab026d8783725368e0a16c654ef24601d993de9d288d2ae49e772d25deb8156afd26fd4f7e9

Download Submit
C:\Windows\System\oITBZML.exe

Filesize
2.2MB

MD5
dc55de95ad56833960241e02ae21a557

SHA1
e1a4fd87ed170599ef5c3f42c7a519fb8a2c87e1

SHA256
d7e58c13e6cc9159331548564362737b19036ffbcc1f9aac9bab8aa154a5c41b

SHA512
f0a76e68a221c0bbcebeb45dd68ba04cb97e3de836bc4c2a6c0942cdc23574d92773c8bee092ad25e97e02c83980eb6943356810bd8df3d0b76f7add232b1091

Download Submit
C:\Windows\System\oarjMbW.exe

Filesize
2.2MB

MD5
b7b87a8d72cc54f844c21a121d924e32

SHA1
4cc49e8651195e07d1c247a0cb9c2bc7c1dd0acf

SHA256
02eab5a3795b89bd022a4f901eeddfe6200808fd4f8f7496d9d4d5457e30a8fb

SHA512
cff36ed4422397106e1b06dd0a27ef2e9a53c77b2a965e2f88b48a90d82a3386e2c643fa108b713228cef04290b1cff3560973aa6895bb66bbd623d70b8c9d82

Download Submit
C:\Windows\System\rMGPSeZ.exe

Filesize
2.2MB

MD5
ec4e1cfcc7b734e034fa56e459d1cb51

SHA1
92449bb9402fad7470f53dfb15205e9cc816ad2a

SHA256
3d78f7664c0f3a23a380829a642bba5c3f1b98de353d0fe809854587c1684f61

SHA512
619aceae8f77b2999c6cd410cda1893829c5f6ac2df565d3adc6c889e1f27ae78b065332e6403eccd15960835537eb8cf5ebfdf3c400d7a6b1f91e13c6a98ddf

Download Submit
C:\Windows\System\utzzYns.exe

Filesize
2.2MB

MD5
c2c591bffa3a7fbba3837f4095bda3a8

SHA1
f8e80d69fe5c75c344da7fbf8deafc2a20c80f28

SHA256
574f83a7c89f50901e1c4712686818e1bf0553f61601bf9d3748238e805a15fd

SHA512
cbe0841bd861a00eda6bdeca91b5962565d975e2b99e410e5506a0b58d3634e57d781c39bb7ce17214cb0134299983492ca2edd764116bcd8cdf80737a8a5299

Download Submit
C:\Windows\System\zmKiAkG.exe

Filesize
2.2MB

MD5
e08dd138f960fac36646a499a9204852

SHA1
ccec6702f4cad146aa698c4959eed9e8ed842afe

SHA256
10a9db0a6b9ead31e79cb822df0fc1f75b5482df1749ec1f1536449588d61acb

SHA512
cf8a1c536f79fb8b9c4663a7088444d87c04024930f92e13b5f878896811b5611cef04195f50e1741265155c783acabbbd20c949d2c1df64d0abdf6fe4935c99

Download Submit
memory/116-980-0x00007FF68D7D0000-0x00007FF68DB24000-memory.dmp

Filesize
3.3MB

Download
memory/116-1-0x0000027B7CAF0000-0x0000027B7CB00000-memory.dmp

Filesize
64KB

Download
memory/116-0-0x00007FF68D7D0000-0x00007FF68DB24000-memory.dmp

Filesize
3.3MB

Download
memory/652-2318-0x00007FF72DED0000-0x00007FF72E224000-memory.dmp

Filesize
3.3MB

Download
memory/652-147-0x00007FF72DED0000-0x00007FF72E224000-memory.dmp

Filesize
3.3MB

Download
memory/1184-2322-0x00007FF796BB0000-0x00007FF796F04000-memory.dmp

Filesize
3.3MB

Download
memory/1184-141-0x00007FF796BB0000-0x00007FF796F04000-memory.dmp

Filesize
3.3MB

Download
memory/1200-2323-0x00007FF691F80000-0x00007FF6922D4000-memory.dmp

Filesize
3.3MB

Download
memory/1200-172-0x00007FF691F80000-0x00007FF6922D4000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2316-0x00007FF6EF1C0000-0x00007FF6EF514000-memory.dmp

Filesize
3.3MB

Download
memory/1256-102-0x00007FF6EF1C0000-0x00007FF6EF514000-memory.dmp

Filesize
3.3MB

Download
memory/1416-2307-0x00007FF76A6A0000-0x00007FF76A9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-1120-0x00007FF76A6A0000-0x00007FF76A9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-18-0x00007FF76A6A0000-0x00007FF76A9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2306-0x00007FF6E30D0000-0x00007FF6E3424000-memory.dmp

Filesize
3.3MB

Download
memory/1472-983-0x00007FF6E30D0000-0x00007FF6E3424000-memory.dmp

Filesize
3.3MB

Download
memory/1472-11-0x00007FF6E30D0000-0x00007FF6E3424000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2324-0x00007FF706520000-0x00007FF706874000-memory.dmp

Filesize
3.3MB

Download
memory/1496-184-0x00007FF706520000-0x00007FF706874000-memory.dmp

Filesize
3.3MB

Download
memory/1920-162-0x00007FF7E78B0000-0x00007FF7E7C04000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2320-0x00007FF7E78B0000-0x00007FF7E7C04000-memory.dmp

Filesize
3.3MB

Download
memory/2076-2309-0x00007FF67A240000-0x00007FF67A594000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1263-0x00007FF67A240000-0x00007FF67A594000-memory.dmp

Filesize
3.3MB

Download
memory/2076-25-0x00007FF67A240000-0x00007FF67A594000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2311-0x00007FF6A31E0000-0x00007FF6A3534000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1420-0x00007FF6A31E0000-0x00007FF6A3534000-memory.dmp

Filesize
3.3MB

Download
memory/2324-62-0x00007FF6A31E0000-0x00007FF6A3534000-memory.dmp

Filesize
3.3MB

Download
memory/2504-2314-0x00007FF7D2F80000-0x00007FF7D32D4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-181-0x00007FF7D2F80000-0x00007FF7D32D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-178-0x00007FF77E530000-0x00007FF77E884000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2334-0x00007FF77E530000-0x00007FF77E884000-memory.dmp

Filesize
3.3MB

Download
memory/3172-2333-0x00007FF79DEF0000-0x00007FF79E244000-memory.dmp

Filesize
3.3MB

Download
memory/3172-176-0x00007FF79DEF0000-0x00007FF79E244000-memory.dmp

Filesize
3.3MB

Download
memory/3224-174-0x00007FF731F80000-0x00007FF7322D4000-memory.dmp

Filesize
3.3MB

Download
memory/3224-2329-0x00007FF731F80000-0x00007FF7322D4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-163-0x00007FF6DCB90000-0x00007FF6DCEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2317-0x00007FF6DCB90000-0x00007FF6DCEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2325-0x00007FF7E8440000-0x00007FF7E8794000-memory.dmp

Filesize
3.3MB

Download
memory/3320-183-0x00007FF7E8440000-0x00007FF7E8794000-memory.dmp

Filesize
3.3MB

Download
memory/3460-186-0x00007FF706330000-0x00007FF706684000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2327-0x00007FF706330000-0x00007FF706684000-memory.dmp

Filesize
3.3MB

Download
memory/3700-58-0x00007FF781810000-0x00007FF781B64000-memory.dmp

Filesize
3.3MB

Download
memory/3700-1272-0x00007FF781810000-0x00007FF781B64000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2313-0x00007FF781810000-0x00007FF781B64000-memory.dmp

Filesize
3.3MB

Download
memory/3716-1266-0x00007FF665FF0000-0x00007FF666344000-memory.dmp

Filesize
3.3MB

Download
memory/3716-43-0x00007FF665FF0000-0x00007FF666344000-memory.dmp

Filesize
3.3MB

Download
memory/3716-2308-0x00007FF665FF0000-0x00007FF666344000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2321-0x00007FF656DA0000-0x00007FF6570F4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-182-0x00007FF656DA0000-0x00007FF6570F4000-memory.dmp

Filesize
3.3MB

Download
memory/4160-2328-0x00007FF64BE10000-0x00007FF64C164000-memory.dmp

Filesize
3.3MB

Download
memory/4160-179-0x00007FF64BE10000-0x00007FF64C164000-memory.dmp

Filesize
3.3MB

Download
memory/4300-2330-0x00007FF640FA0000-0x00007FF6412F4000-memory.dmp

Filesize
3.3MB

Download
memory/4300-175-0x00007FF640FA0000-0x00007FF6412F4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2310-0x00007FF7D76D0000-0x00007FF7D7A24000-memory.dmp

Filesize
3.3MB

Download
memory/4424-180-0x00007FF7D76D0000-0x00007FF7D7A24000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2319-0x00007FF74E0A0000-0x00007FF74E3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-140-0x00007FF74E0A0000-0x00007FF74E3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-86-0x00007FF6C3180000-0x00007FF6C34D4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2312-0x00007FF6C3180000-0x00007FF6C34D4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2332-0x00007FF70D040000-0x00007FF70D394000-memory.dmp

Filesize
3.3MB

Download
memory/4832-173-0x00007FF70D040000-0x00007FF70D394000-memory.dmp

Filesize
3.3MB

Download
memory/4900-177-0x00007FF74D2A0000-0x00007FF74D5F4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2326-0x00007FF74D2A0000-0x00007FF74D5F4000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2331-0x00007FF761EB0000-0x00007FF762204000-memory.dmp

Filesize
3.3MB

Download
memory/4908-185-0x00007FF761EB0000-0x00007FF762204000-memory.dmp

Filesize
3.3MB

Download
memory/4928-115-0x00007FF648FA0000-0x00007FF6492F4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2315-0x00007FF648FA0000-0x00007FF6492F4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads