xmrig | fd5ff30eee7967a12d15846b0fc25905d408b158354041aa6ecd7c4c83dc3f3e

Analysis

max time kernel
101s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
Size

1.8MB
MD5

9f62fc70e6abf1bb022bd9ccbe88fa90
SHA1

93e75efce5018f7117b58db44f30e2b90a036dcb
SHA256

fd5ff30eee7967a12d15846b0fc25905d408b158354041aa6ecd7c4c83dc3f3e
SHA512

fc94ee31004b378efca65624a8a604cbd7bec0b8a5f61455650e03f5fdc2c96fc8b5bbfc15c2bce53a56dd490c58779c4cc38dcba6589441465b1e6e93721156
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEdMKPFoJgDaO:RWWBib356utgpPFoy

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/880-222-0x00007FF757410000-0x00007FF757761000-memory.dmp	xmrig
behavioral2/memory/4792-368-0x00007FF7B02D0000-0x00007FF7B0621000-memory.dmp	xmrig
behavioral2/memory/3736-2064-0x00007FF7F6CE0000-0x00007FF7F7031000-memory.dmp	xmrig
behavioral2/memory/328-1129-0x00007FF6A62B0000-0x00007FF6A6601000-memory.dmp	xmrig
behavioral2/memory/3048-1127-0x00007FF711A50000-0x00007FF711DA1000-memory.dmp	xmrig
behavioral2/memory/356-957-0x00007FF70FCB0000-0x00007FF710001000-memory.dmp	xmrig
behavioral2/memory/3748-950-0x00007FF6C9EE0000-0x00007FF6CA231000-memory.dmp	xmrig
behavioral2/memory/3204-954-0x00007FF6B38F0000-0x00007FF6B3C41000-memory.dmp	xmrig
behavioral2/memory/1052-864-0x00007FF615500000-0x00007FF615851000-memory.dmp	xmrig
behavioral2/memory/4736-694-0x00007FF79FBE0000-0x00007FF79FF31000-memory.dmp	xmrig
behavioral2/memory/3336-688-0x00007FF600AE0000-0x00007FF600E31000-memory.dmp	xmrig
behavioral2/memory/5060-621-0x00007FF68B540000-0x00007FF68B891000-memory.dmp	xmrig
behavioral2/memory/2008-567-0x00007FF6E6FF0000-0x00007FF6E7341000-memory.dmp	xmrig
behavioral2/memory/3740-566-0x00007FF7E1AA0000-0x00007FF7E1DF1000-memory.dmp	xmrig
behavioral2/memory/2780-460-0x00007FF7DBC40000-0x00007FF7DBF91000-memory.dmp	xmrig
behavioral2/memory/3520-412-0x00007FF7A8230000-0x00007FF7A8581000-memory.dmp	xmrig
behavioral2/memory/4628-369-0x00007FF6F0690000-0x00007FF6F09E1000-memory.dmp	xmrig
behavioral2/memory/3088-305-0x00007FF66DE00000-0x00007FF66E151000-memory.dmp	xmrig
behavioral2/memory/5096-304-0x00007FF630BC0000-0x00007FF630F11000-memory.dmp	xmrig
behavioral2/memory/3288-286-0x00007FF6B5730000-0x00007FF6B5A81000-memory.dmp	xmrig
behavioral2/memory/1604-191-0x00007FF7CFD40000-0x00007FF7D0091000-memory.dmp	xmrig
behavioral2/memory/5112-188-0x00007FF730700000-0x00007FF730A51000-memory.dmp	xmrig
behavioral2/memory/3940-150-0x00007FF65A4E0000-0x00007FF65A831000-memory.dmp	xmrig
behavioral2/memory/1484-115-0x00007FF735C50000-0x00007FF735FA1000-memory.dmp	xmrig
behavioral2/memory/4088-92-0x00007FF73A760000-0x00007FF73AAB1000-memory.dmp	xmrig
behavioral2/memory/872-2102-0x00007FF6CBCC0000-0x00007FF6CC011000-memory.dmp	xmrig
behavioral2/memory/1496-2101-0x00007FF6F5150000-0x00007FF6F54A1000-memory.dmp	xmrig
behavioral2/memory/4108-2100-0x00007FF786010000-0x00007FF786361000-memory.dmp	xmrig
behavioral2/memory/2248-2099-0x00007FF61AC80000-0x00007FF61AFD1000-memory.dmp	xmrig
behavioral2/memory/252-2103-0x00007FF7E46E0000-0x00007FF7E4A31000-memory.dmp	xmrig
behavioral2/memory/2248-2164-0x00007FF61AC80000-0x00007FF61AFD1000-memory.dmp	xmrig
behavioral2/memory/4108-2168-0x00007FF786010000-0x00007FF786361000-memory.dmp	xmrig
behavioral2/memory/3748-2166-0x00007FF6C9EE0000-0x00007FF6CA231000-memory.dmp	xmrig
behavioral2/memory/252-2170-0x00007FF7E46E0000-0x00007FF7E4A31000-memory.dmp	xmrig
behavioral2/memory/1496-2172-0x00007FF6F5150000-0x00007FF6F54A1000-memory.dmp	xmrig
behavioral2/memory/3204-2180-0x00007FF6B38F0000-0x00007FF6B3C41000-memory.dmp	xmrig
behavioral2/memory/4088-2178-0x00007FF73A760000-0x00007FF73AAB1000-memory.dmp	xmrig
behavioral2/memory/4792-2212-0x00007FF7B02D0000-0x00007FF7B0621000-memory.dmp	xmrig
behavioral2/memory/4736-2214-0x00007FF79FBE0000-0x00007FF79FF31000-memory.dmp	xmrig
behavioral2/memory/5096-2210-0x00007FF630BC0000-0x00007FF630F11000-memory.dmp	xmrig
behavioral2/memory/3288-2208-0x00007FF6B5730000-0x00007FF6B5A81000-memory.dmp	xmrig
behavioral2/memory/880-2207-0x00007FF757410000-0x00007FF757761000-memory.dmp	xmrig
behavioral2/memory/1604-2204-0x00007FF7CFD40000-0x00007FF7D0091000-memory.dmp	xmrig
behavioral2/memory/356-2202-0x00007FF70FCB0000-0x00007FF710001000-memory.dmp	xmrig
behavioral2/memory/3940-2200-0x00007FF65A4E0000-0x00007FF65A831000-memory.dmp	xmrig
behavioral2/memory/5112-2182-0x00007FF730700000-0x00007FF730A51000-memory.dmp	xmrig
behavioral2/memory/1484-2176-0x00007FF735C50000-0x00007FF735FA1000-memory.dmp	xmrig
behavioral2/memory/872-2174-0x00007FF6CBCC0000-0x00007FF6CC011000-memory.dmp	xmrig
behavioral2/memory/328-2252-0x00007FF6A62B0000-0x00007FF6A6601000-memory.dmp	xmrig
behavioral2/memory/4628-2250-0x00007FF6F0690000-0x00007FF6F09E1000-memory.dmp	xmrig
behavioral2/memory/5060-2268-0x00007FF68B540000-0x00007FF68B891000-memory.dmp	xmrig
behavioral2/memory/2008-2266-0x00007FF6E6FF0000-0x00007FF6E7341000-memory.dmp	xmrig
behavioral2/memory/2780-2264-0x00007FF7DBC40000-0x00007FF7DBF91000-memory.dmp	xmrig
behavioral2/memory/3336-2262-0x00007FF600AE0000-0x00007FF600E31000-memory.dmp	xmrig
behavioral2/memory/1052-2225-0x00007FF615500000-0x00007FF615851000-memory.dmp	xmrig
behavioral2/memory/3088-2223-0x00007FF66DE00000-0x00007FF66E151000-memory.dmp	xmrig
behavioral2/memory/3520-2221-0x00007FF7A8230000-0x00007FF7A8581000-memory.dmp	xmrig
behavioral2/memory/3740-2219-0x00007FF7E1AA0000-0x00007FF7E1DF1000-memory.dmp	xmrig
behavioral2/memory/3048-2218-0x00007FF711A50000-0x00007FF711DA1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2248	zbudjbD.exe
4108	qcMbrOC.exe
3748	AJiQQjB.exe
252	PkUzAeK.exe
1496	gDbAedW.exe
872	eYSSTTD.exe
3204	XivJjhx.exe
4088	aGLzkII.exe
1484	ExZdcsb.exe
3940	WHDQxDt.exe
5112	QeLBecn.exe
1604	NiVmlwJ.exe
356	kjeAutZ.exe
880	MgIJIFH.exe
3288	RwlXjwH.exe
5096	OyWXaGc.exe
3088	GxPKYyx.exe
4792	XcKPQkn.exe
3048	eUJroHP.exe
4628	DFqPtej.exe
3520	UZamZWx.exe
2780	EQbMRiC.exe
3740	CCROoFE.exe
328	KhJwFRx.exe
2008	tpGAKmY.exe
5060	Ijsctjq.exe
3336	TusVBNt.exe
4736	kHsDXeE.exe
1052	tOaMKIe.exe
1488	xQJLOKm.exe
4488	vGKmlcn.exe
2144	GXNxtpH.exe
4900	PbVZiJG.exe
2864	iTCopnL.exe
384	kbSytRn.exe
2800	gcyOHQG.exe
3580	kpSRZrG.exe
1980	gbQnsGR.exe
2012	ggHKseQ.exe
4084	rgnHWWg.exe
4132	mdhPepZ.exe
4796	HuVlyYN.exe
4996	TxjGnhG.exe
4348	GrdguWf.exe
3776	KlneYkT.exe
4732	ieDAyEW.exe
924	dRUdrzQ.exe
2480	ETVIFxy.exe
1932	blVYsGE.exe
3660	tRXaOiO.exe
4416	gVqEHWc.exe
3624	GQzRWkA.exe
4592	ibDDDDx.exe
4864	RocbvPj.exe
3896	PuYWzNL.exe
772	GsVDXZp.exe
1240	weHgJwp.exe
4552	dKGiJKT.exe
2544	POwvxkc.exe
440	YWlupbK.exe
1504	PlOTTeg.exe
4412	MnRJrrU.exe
4460	PpQpqYC.exe
964	zgiPJKi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3736-0-0x00007FF7F6CE0000-0x00007FF7F7031000-memory.dmp	upx
behavioral2/memory/2248-8-0x00007FF61AC80000-0x00007FF61AFD1000-memory.dmp	upx
behavioral2/files/0x0008000000023500-18.dat	upx
behavioral2/files/0x0007000000023507-29.dat	upx
behavioral2/files/0x0007000000023508-41.dat	upx
behavioral2/memory/872-66-0x00007FF6CBCC0000-0x00007FF6CC011000-memory.dmp	upx
behavioral2/files/0x0007000000023515-87.dat	upx
behavioral2/files/0x000700000002350e-103.dat	upx
behavioral2/files/0x0007000000023522-168.dat	upx
behavioral2/files/0x0007000000023520-200.dat	upx
behavioral2/memory/880-222-0x00007FF757410000-0x00007FF757761000-memory.dmp	upx
behavioral2/memory/4792-368-0x00007FF7B02D0000-0x00007FF7B0621000-memory.dmp	upx
behavioral2/memory/3736-2064-0x00007FF7F6CE0000-0x00007FF7F7031000-memory.dmp	upx
behavioral2/memory/328-1129-0x00007FF6A62B0000-0x00007FF6A6601000-memory.dmp	upx
behavioral2/memory/3048-1127-0x00007FF711A50000-0x00007FF711DA1000-memory.dmp	upx
behavioral2/memory/356-957-0x00007FF70FCB0000-0x00007FF710001000-memory.dmp	upx
behavioral2/memory/3748-950-0x00007FF6C9EE0000-0x00007FF6CA231000-memory.dmp	upx
behavioral2/memory/3204-954-0x00007FF6B38F0000-0x00007FF6B3C41000-memory.dmp	upx
behavioral2/memory/1052-864-0x00007FF615500000-0x00007FF615851000-memory.dmp	upx
behavioral2/memory/4736-694-0x00007FF79FBE0000-0x00007FF79FF31000-memory.dmp	upx
behavioral2/memory/3336-688-0x00007FF600AE0000-0x00007FF600E31000-memory.dmp	upx
behavioral2/memory/5060-621-0x00007FF68B540000-0x00007FF68B891000-memory.dmp	upx
behavioral2/memory/2008-567-0x00007FF6E6FF0000-0x00007FF6E7341000-memory.dmp	upx
behavioral2/memory/3740-566-0x00007FF7E1AA0000-0x00007FF7E1DF1000-memory.dmp	upx
behavioral2/memory/2780-460-0x00007FF7DBC40000-0x00007FF7DBF91000-memory.dmp	upx
behavioral2/memory/3520-412-0x00007FF7A8230000-0x00007FF7A8581000-memory.dmp	upx
behavioral2/memory/4628-369-0x00007FF6F0690000-0x00007FF6F09E1000-memory.dmp	upx
behavioral2/memory/3088-305-0x00007FF66DE00000-0x00007FF66E151000-memory.dmp	upx
behavioral2/memory/5096-304-0x00007FF630BC0000-0x00007FF630F11000-memory.dmp	upx
behavioral2/memory/3288-286-0x00007FF6B5730000-0x00007FF6B5A81000-memory.dmp	upx
behavioral2/files/0x000700000002351a-198.dat	upx
behavioral2/files/0x0007000000023519-195.dat	upx
behavioral2/memory/1604-191-0x00007FF7CFD40000-0x00007FF7D0091000-memory.dmp	upx
behavioral2/memory/5112-188-0x00007FF730700000-0x00007FF730A51000-memory.dmp	upx
behavioral2/files/0x0007000000023526-182.dat	upx
behavioral2/files/0x0007000000023525-181.dat	upx
behavioral2/files/0x0007000000023524-177.dat	upx
behavioral2/files/0x0007000000023523-174.dat	upx
behavioral2/files/0x0007000000023514-165.dat	upx
behavioral2/files/0x0007000000023512-156.dat	upx
behavioral2/files/0x0007000000023521-155.dat	upx
behavioral2/files/0x0007000000023516-154.dat	upx
behavioral2/memory/3940-150-0x00007FF65A4E0000-0x00007FF65A831000-memory.dmp	upx
behavioral2/files/0x000700000002351e-144.dat	upx
behavioral2/files/0x000700000002351d-143.dat	upx
behavioral2/files/0x000700000002351c-140.dat	upx
behavioral2/files/0x0007000000023518-137.dat	upx
behavioral2/files/0x0007000000023513-131.dat	upx
behavioral2/files/0x000700000002351b-130.dat	upx
behavioral2/files/0x0007000000023511-120.dat	upx
behavioral2/files/0x000700000002351f-152.dat	upx
behavioral2/files/0x0007000000023510-118.dat	upx
behavioral2/memory/1484-115-0x00007FF735C50000-0x00007FF735FA1000-memory.dmp	upx
behavioral2/files/0x000700000002350f-112.dat	upx
behavioral2/files/0x0007000000023517-107.dat	upx
behavioral2/files/0x000700000002350d-94.dat	upx
behavioral2/memory/4088-92-0x00007FF73A760000-0x00007FF73AAB1000-memory.dmp	upx
behavioral2/files/0x000700000002350c-88.dat	upx
behavioral2/files/0x000700000002350b-83.dat	upx
behavioral2/files/0x000700000002350a-70.dat	upx
behavioral2/files/0x0007000000023509-61.dat	upx
behavioral2/memory/1496-58-0x00007FF6F5150000-0x00007FF6F54A1000-memory.dmp	upx
behavioral2/files/0x0007000000023506-54.dat	upx
behavioral2/files/0x0007000000023505-36.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MnbmSTV.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\aarwJqo.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\lEpILUp.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\fOsouEj.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\MAvIKGB.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\NWxWhIx.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\ACSLAVL.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\qNNdCwD.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\fZKOJcV.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\IkFcMDG.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\GQzRWkA.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\RFxVAeO.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\qySlxPf.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\NVVmlOA.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\XCQLdLF.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\fvEcyhb.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\dRUdrzQ.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\uoqIKWe.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\keYoaKQ.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\uLzHjmQ.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\XetJwyu.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\chBeUkE.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\eOcOUHF.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\izcqIEp.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\VKURMVX.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\OuFHYyX.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\dKGiJKT.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\IUxIkkN.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\etxQAFr.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\UkHHmPj.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\ynvOJjo.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\jBPbfLX.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\ibNkweo.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\DTwGRVf.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\MSjuzhl.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\feynYni.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\HXFxmBu.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\oyeQQNh.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\GyffTch.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\MrnkzJH.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\VHCkxhK.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\BsJuxTD.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\WzIyBoL.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\ogITtNI.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\tAngbbT.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\nBToYLM.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\FPNcDsy.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\FuojAjH.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\aHNPbDW.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\xPfeZPZ.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\DLKuGhu.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\WePRogi.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\EbXfAfs.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\sefOSEr.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\HRMQOyF.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\yjTkgrg.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\kwolyvO.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\awyosgl.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\uGnxdyY.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\pJxQUoe.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\FghsxCg.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\EQbMRiC.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\wJHhMrJ.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
File created	C:\Windows\System\JaxCWat.exe	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14636	dwm.exe
Token: SeChangeNotifyPrivilege	14636	dwm.exe
Token: 33	14636	dwm.exe
Token: SeIncBasePriorityPrivilege	14636	dwm.exe
Token: SeShutdownPrivilege	14636	dwm.exe
Token: SeCreatePagefilePrivilege	14636	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 2248	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	84
PID 3736 wrote to memory of 2248	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	84
PID 3736 wrote to memory of 4108	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	85
PID 3736 wrote to memory of 4108	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	85
PID 3736 wrote to memory of 3748	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	86
PID 3736 wrote to memory of 3748	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	86
PID 3736 wrote to memory of 252	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	88
PID 3736 wrote to memory of 252	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	88
PID 3736 wrote to memory of 1496	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	89
PID 3736 wrote to memory of 1496	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	89
PID 3736 wrote to memory of 872	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	90
PID 3736 wrote to memory of 872	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	90
PID 3736 wrote to memory of 1484	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	91
PID 3736 wrote to memory of 1484	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	91
PID 3736 wrote to memory of 3204	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	92
PID 3736 wrote to memory of 3204	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	92
PID 3736 wrote to memory of 4088	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	93
PID 3736 wrote to memory of 4088	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	93
PID 3736 wrote to memory of 3940	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	94
PID 3736 wrote to memory of 3940	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	94
PID 3736 wrote to memory of 5112	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	95
PID 3736 wrote to memory of 5112	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	95
PID 3736 wrote to memory of 1604	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	96
PID 3736 wrote to memory of 1604	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	96
PID 3736 wrote to memory of 356	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	97
PID 3736 wrote to memory of 356	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	97
PID 3736 wrote to memory of 880	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	98
PID 3736 wrote to memory of 880	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	98
PID 3736 wrote to memory of 3288	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	99
PID 3736 wrote to memory of 3288	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	99
PID 3736 wrote to memory of 5096	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	100
PID 3736 wrote to memory of 5096	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	100
PID 3736 wrote to memory of 3088	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	101
PID 3736 wrote to memory of 3088	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	101
PID 3736 wrote to memory of 4792	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	102
PID 3736 wrote to memory of 4792	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	102
PID 3736 wrote to memory of 3520	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	103
PID 3736 wrote to memory of 3520	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	103
PID 3736 wrote to memory of 3048	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	104
PID 3736 wrote to memory of 3048	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	104
PID 3736 wrote to memory of 4628	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	105
PID 3736 wrote to memory of 4628	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	105
PID 3736 wrote to memory of 2780	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	106
PID 3736 wrote to memory of 2780	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	106
PID 3736 wrote to memory of 3740	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	107
PID 3736 wrote to memory of 3740	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	107
PID 3736 wrote to memory of 328	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	108
PID 3736 wrote to memory of 328	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	108
PID 3736 wrote to memory of 2008	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	109
PID 3736 wrote to memory of 2008	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	109
PID 3736 wrote to memory of 5060	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	110
PID 3736 wrote to memory of 5060	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	110
PID 3736 wrote to memory of 3336	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	111
PID 3736 wrote to memory of 3336	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	111
PID 3736 wrote to memory of 4736	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	112
PID 3736 wrote to memory of 4736	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	112
PID 3736 wrote to memory of 1052	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	113
PID 3736 wrote to memory of 1052	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	113
PID 3736 wrote to memory of 1488	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	114
PID 3736 wrote to memory of 1488	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	114
PID 3736 wrote to memory of 3580	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	115
PID 3736 wrote to memory of 3580	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	115
PID 3736 wrote to memory of 4488	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	116
PID 3736 wrote to memory of 4488	3736	9f62fc70e6abf1bb022bd9ccbe88fa90N.exe	116

C:\Users\Admin\AppData\Local\Temp\9f62fc70e6abf1bb022bd9ccbe88fa90N.exe
"C:\Users\Admin\AppData\Local\Temp\9f62fc70e6abf1bb022bd9ccbe88fa90N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Windows\System\zbudjbD.exe
  C:\Windows\System\zbudjbD.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\qcMbrOC.exe
  C:\Windows\System\qcMbrOC.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\AJiQQjB.exe
  C:\Windows\System\AJiQQjB.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\PkUzAeK.exe
  C:\Windows\System\PkUzAeK.exe
  2⤵
  - Executes dropped EXE
  PID:252
- C:\Windows\System\gDbAedW.exe
  C:\Windows\System\gDbAedW.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\eYSSTTD.exe
  C:\Windows\System\eYSSTTD.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\ExZdcsb.exe
  C:\Windows\System\ExZdcsb.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\XivJjhx.exe
  C:\Windows\System\XivJjhx.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\aGLzkII.exe
  C:\Windows\System\aGLzkII.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\WHDQxDt.exe
  C:\Windows\System\WHDQxDt.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\QeLBecn.exe
  C:\Windows\System\QeLBecn.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\NiVmlwJ.exe
  C:\Windows\System\NiVmlwJ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\kjeAutZ.exe
  C:\Windows\System\kjeAutZ.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\MgIJIFH.exe
  C:\Windows\System\MgIJIFH.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\RwlXjwH.exe
  C:\Windows\System\RwlXjwH.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\OyWXaGc.exe
  C:\Windows\System\OyWXaGc.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\GxPKYyx.exe
  C:\Windows\System\GxPKYyx.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\XcKPQkn.exe
  C:\Windows\System\XcKPQkn.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\UZamZWx.exe
  C:\Windows\System\UZamZWx.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\eUJroHP.exe
  C:\Windows\System\eUJroHP.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\DFqPtej.exe
  C:\Windows\System\DFqPtej.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\EQbMRiC.exe
  C:\Windows\System\EQbMRiC.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\CCROoFE.exe
  C:\Windows\System\CCROoFE.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\KhJwFRx.exe
  C:\Windows\System\KhJwFRx.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\tpGAKmY.exe
  C:\Windows\System\tpGAKmY.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\Ijsctjq.exe
  C:\Windows\System\Ijsctjq.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\TusVBNt.exe
  C:\Windows\System\TusVBNt.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\kHsDXeE.exe
  C:\Windows\System\kHsDXeE.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\tOaMKIe.exe
  C:\Windows\System\tOaMKIe.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\xQJLOKm.exe
  C:\Windows\System\xQJLOKm.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\kpSRZrG.exe
  C:\Windows\System\kpSRZrG.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\vGKmlcn.exe
  C:\Windows\System\vGKmlcn.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\GXNxtpH.exe
  C:\Windows\System\GXNxtpH.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\PbVZiJG.exe
  C:\Windows\System\PbVZiJG.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\iTCopnL.exe
  C:\Windows\System\iTCopnL.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\kbSytRn.exe
  C:\Windows\System\kbSytRn.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\gcyOHQG.exe
  C:\Windows\System\gcyOHQG.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\gbQnsGR.exe
  C:\Windows\System\gbQnsGR.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ggHKseQ.exe
  C:\Windows\System\ggHKseQ.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\rgnHWWg.exe
  C:\Windows\System\rgnHWWg.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\mdhPepZ.exe
  C:\Windows\System\mdhPepZ.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\HuVlyYN.exe
  C:\Windows\System\HuVlyYN.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\TxjGnhG.exe
  C:\Windows\System\TxjGnhG.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\GrdguWf.exe
  C:\Windows\System\GrdguWf.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\KlneYkT.exe
  C:\Windows\System\KlneYkT.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\ieDAyEW.exe
  C:\Windows\System\ieDAyEW.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\dRUdrzQ.exe
  C:\Windows\System\dRUdrzQ.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\ETVIFxy.exe
  C:\Windows\System\ETVIFxy.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\blVYsGE.exe
  C:\Windows\System\blVYsGE.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\tRXaOiO.exe
  C:\Windows\System\tRXaOiO.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\gVqEHWc.exe
  C:\Windows\System\gVqEHWc.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\GQzRWkA.exe
  C:\Windows\System\GQzRWkA.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\ibDDDDx.exe
  C:\Windows\System\ibDDDDx.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\RocbvPj.exe
  C:\Windows\System\RocbvPj.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\PuYWzNL.exe
  C:\Windows\System\PuYWzNL.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\GsVDXZp.exe
  C:\Windows\System\GsVDXZp.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\weHgJwp.exe
  C:\Windows\System\weHgJwp.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\dKGiJKT.exe
  C:\Windows\System\dKGiJKT.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\POwvxkc.exe
  C:\Windows\System\POwvxkc.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\YWlupbK.exe
  C:\Windows\System\YWlupbK.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\PlOTTeg.exe
  C:\Windows\System\PlOTTeg.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\MnRJrrU.exe
  C:\Windows\System\MnRJrrU.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\PpQpqYC.exe
  C:\Windows\System\PpQpqYC.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\zgiPJKi.exe
  C:\Windows\System\zgiPJKi.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\iInTrrq.exe
  C:\Windows\System\iInTrrq.exe
  2⤵
  PID:3628
- C:\Windows\System\LrDKkrq.exe
  C:\Windows\System\LrDKkrq.exe
  2⤵
  PID:4516
- C:\Windows\System\XUdNuKJ.exe
  C:\Windows\System\XUdNuKJ.exe
  2⤵
  PID:2776
- C:\Windows\System\DkXCRgo.exe
  C:\Windows\System\DkXCRgo.exe
  2⤵
  PID:3304
- C:\Windows\System\KktfqMH.exe
  C:\Windows\System\KktfqMH.exe
  2⤵
  PID:1168
- C:\Windows\System\RFxVAeO.exe
  C:\Windows\System\RFxVAeO.exe
  2⤵
  PID:4568
- C:\Windows\System\GgbHlTw.exe
  C:\Windows\System\GgbHlTw.exe
  2⤵
  PID:1436
- C:\Windows\System\PgSTGXy.exe
  C:\Windows\System\PgSTGXy.exe
  2⤵
  PID:4440
- C:\Windows\System\ZGLhzsW.exe
  C:\Windows\System\ZGLhzsW.exe
  2⤵
  PID:1892
- C:\Windows\System\ybBVvxT.exe
  C:\Windows\System\ybBVvxT.exe
  2⤵
  PID:3004
- C:\Windows\System\okSjuIY.exe
  C:\Windows\System\okSjuIY.exe
  2⤵
  PID:3176
- C:\Windows\System\TccgRqw.exe
  C:\Windows\System\TccgRqw.exe
  2⤵
  PID:1252
- C:\Windows\System\SuwlkIW.exe
  C:\Windows\System\SuwlkIW.exe
  2⤵
  PID:4492
- C:\Windows\System\zqdqjon.exe
  C:\Windows\System\zqdqjon.exe
  2⤵
  PID:796
- C:\Windows\System\VMUDYxa.exe
  C:\Windows\System\VMUDYxa.exe
  2⤵
  PID:2148
- C:\Windows\System\xKESRwN.exe
  C:\Windows\System\xKESRwN.exe
  2⤵
  PID:4292
- C:\Windows\System\IQsmozZ.exe
  C:\Windows\System\IQsmozZ.exe
  2⤵
  PID:2016
- C:\Windows\System\YdWXlBD.exe
  C:\Windows\System\YdWXlBD.exe
  2⤵
  PID:4216
- C:\Windows\System\ZToBFnZ.exe
  C:\Windows\System\ZToBFnZ.exe
  2⤵
  PID:4236
- C:\Windows\System\fcGbOgs.exe
  C:\Windows\System\fcGbOgs.exe
  2⤵
  PID:2872
- C:\Windows\System\ZtEzdnd.exe
  C:\Windows\System\ZtEzdnd.exe
  2⤵
  PID:3948
- C:\Windows\System\GXeZGOZ.exe
  C:\Windows\System\GXeZGOZ.exe
  2⤵
  PID:228
- C:\Windows\System\wYAYVCb.exe
  C:\Windows\System\wYAYVCb.exe
  2⤵
  PID:3800
- C:\Windows\System\akhPQXN.exe
  C:\Windows\System\akhPQXN.exe
  2⤵
  PID:3400
- C:\Windows\System\YUbtmQs.exe
  C:\Windows\System\YUbtmQs.exe
  2⤵
  PID:3672
- C:\Windows\System\wRQzfWb.exe
  C:\Windows\System\wRQzfWb.exe
  2⤵
  PID:3112
- C:\Windows\System\nreOqyh.exe
  C:\Windows\System\nreOqyh.exe
  2⤵
  PID:208
- C:\Windows\System\ywlUIyt.exe
  C:\Windows\System\ywlUIyt.exe
  2⤵
  PID:4452
- C:\Windows\System\aWklgrx.exe
  C:\Windows\System\aWklgrx.exe
  2⤵
  PID:1492
- C:\Windows\System\hTfUiXB.exe
  C:\Windows\System\hTfUiXB.exe
  2⤵
  PID:5100
- C:\Windows\System\rPxLppu.exe
  C:\Windows\System\rPxLppu.exe
  2⤵
  PID:5136
- C:\Windows\System\deAwYQc.exe
  C:\Windows\System\deAwYQc.exe
  2⤵
  PID:5156
- C:\Windows\System\wCUXDsW.exe
  C:\Windows\System\wCUXDsW.exe
  2⤵
  PID:5172
- C:\Windows\System\GzIMtvG.exe
  C:\Windows\System\GzIMtvG.exe
  2⤵
  PID:5188
- C:\Windows\System\PpIpWUM.exe
  C:\Windows\System\PpIpWUM.exe
  2⤵
  PID:5204
- C:\Windows\System\oOnszDB.exe
  C:\Windows\System\oOnszDB.exe
  2⤵
  PID:5220
- C:\Windows\System\KmaEAiz.exe
  C:\Windows\System\KmaEAiz.exe
  2⤵
  PID:5240
- C:\Windows\System\YXNxXyb.exe
  C:\Windows\System\YXNxXyb.exe
  2⤵
  PID:5260
- C:\Windows\System\YMeyngD.exe
  C:\Windows\System\YMeyngD.exe
  2⤵
  PID:5280
- C:\Windows\System\laKuvxb.exe
  C:\Windows\System\laKuvxb.exe
  2⤵
  PID:5300
- C:\Windows\System\giRVALB.exe
  C:\Windows\System\giRVALB.exe
  2⤵
  PID:5324
- C:\Windows\System\KkdBEuv.exe
  C:\Windows\System\KkdBEuv.exe
  2⤵
  PID:5352
- C:\Windows\System\aeUTbVu.exe
  C:\Windows\System\aeUTbVu.exe
  2⤵
  PID:5372
- C:\Windows\System\Ouhcieg.exe
  C:\Windows\System\Ouhcieg.exe
  2⤵
  PID:5400
- C:\Windows\System\xcQbsMJ.exe
  C:\Windows\System\xcQbsMJ.exe
  2⤵
  PID:5420
- C:\Windows\System\zSQqkhd.exe
  C:\Windows\System\zSQqkhd.exe
  2⤵
  PID:5440
- C:\Windows\System\VHCkxhK.exe
  C:\Windows\System\VHCkxhK.exe
  2⤵
  PID:5464
- C:\Windows\System\GZsUJCK.exe
  C:\Windows\System\GZsUJCK.exe
  2⤵
  PID:5484
- C:\Windows\System\BjdBlrc.exe
  C:\Windows\System\BjdBlrc.exe
  2⤵
  PID:5512
- C:\Windows\System\sefOSEr.exe
  C:\Windows\System\sefOSEr.exe
  2⤵
  PID:5528
- C:\Windows\System\jjwMdso.exe
  C:\Windows\System\jjwMdso.exe
  2⤵
  PID:5548
- C:\Windows\System\IPXViqO.exe
  C:\Windows\System\IPXViqO.exe
  2⤵
  PID:5608
- C:\Windows\System\jJipvnN.exe
  C:\Windows\System\jJipvnN.exe
  2⤵
  PID:5624
- C:\Windows\System\MaKYlom.exe
  C:\Windows\System\MaKYlom.exe
  2⤵
  PID:5644
- C:\Windows\System\HZQlLdg.exe
  C:\Windows\System\HZQlLdg.exe
  2⤵
  PID:5668
- C:\Windows\System\IUxIkkN.exe
  C:\Windows\System\IUxIkkN.exe
  2⤵
  PID:5688
- C:\Windows\System\qzpvAAX.exe
  C:\Windows\System\qzpvAAX.exe
  2⤵
  PID:5716
- C:\Windows\System\ZGkAYAC.exe
  C:\Windows\System\ZGkAYAC.exe
  2⤵
  PID:5736
- C:\Windows\System\CwgijYb.exe
  C:\Windows\System\CwgijYb.exe
  2⤵
  PID:5752
- C:\Windows\System\UBWpeON.exe
  C:\Windows\System\UBWpeON.exe
  2⤵
  PID:5780
- C:\Windows\System\uuEtPtc.exe
  C:\Windows\System\uuEtPtc.exe
  2⤵
  PID:5804
- C:\Windows\System\yDsreGE.exe
  C:\Windows\System\yDsreGE.exe
  2⤵
  PID:5828
- C:\Windows\System\GbSfoqp.exe
  C:\Windows\System\GbSfoqp.exe
  2⤵
  PID:5848
- C:\Windows\System\UCBUApq.exe
  C:\Windows\System\UCBUApq.exe
  2⤵
  PID:5872
- C:\Windows\System\ZPRIOuF.exe
  C:\Windows\System\ZPRIOuF.exe
  2⤵
  PID:5900
- C:\Windows\System\PvdONKS.exe
  C:\Windows\System\PvdONKS.exe
  2⤵
  PID:5920
- C:\Windows\System\BLvGUYj.exe
  C:\Windows\System\BLvGUYj.exe
  2⤵
  PID:5948
- C:\Windows\System\INzYYbq.exe
  C:\Windows\System\INzYYbq.exe
  2⤵
  PID:6056
- C:\Windows\System\sIWkjRG.exe
  C:\Windows\System\sIWkjRG.exe
  2⤵
  PID:6076
- C:\Windows\System\pIVHMCQ.exe
  C:\Windows\System\pIVHMCQ.exe
  2⤵
  PID:6100
- C:\Windows\System\wJHhMrJ.exe
  C:\Windows\System\wJHhMrJ.exe
  2⤵
  PID:6124
- C:\Windows\System\KukGSUm.exe
  C:\Windows\System\KukGSUm.exe
  2⤵
  PID:2256
- C:\Windows\System\hkIJhsN.exe
  C:\Windows\System\hkIJhsN.exe
  2⤵
  PID:4432
- C:\Windows\System\NTTDGyw.exe
  C:\Windows\System\NTTDGyw.exe
  2⤵
  PID:2356
- C:\Windows\System\KOtCzrA.exe
  C:\Windows\System\KOtCzrA.exe
  2⤵
  PID:3600
- C:\Windows\System\etxQAFr.exe
  C:\Windows\System\etxQAFr.exe
  2⤵
  PID:5248
- C:\Windows\System\CitOLqx.exe
  C:\Windows\System\CitOLqx.exe
  2⤵
  PID:5308
- C:\Windows\System\KLAWYTf.exe
  C:\Windows\System\KLAWYTf.exe
  2⤵
  PID:5452
- C:\Windows\System\OCxxrjX.exe
  C:\Windows\System\OCxxrjX.exe
  2⤵
  PID:5520
- C:\Windows\System\qySlxPf.exe
  C:\Windows\System\qySlxPf.exe
  2⤵
  PID:1728
- C:\Windows\System\bdTKrMA.exe
  C:\Windows\System\bdTKrMA.exe
  2⤵
  PID:2660
- C:\Windows\System\IVeQfne.exe
  C:\Windows\System\IVeQfne.exe
  2⤵
  PID:3652
- C:\Windows\System\BBJySCG.exe
  C:\Windows\System\BBJySCG.exe
  2⤵
  PID:4604
- C:\Windows\System\JaxCWat.exe
  C:\Windows\System\JaxCWat.exe
  2⤵
  PID:2508
- C:\Windows\System\pSxERTM.exe
  C:\Windows\System\pSxERTM.exe
  2⤵
  PID:272
- C:\Windows\System\CxvOtTY.exe
  C:\Windows\System\CxvOtTY.exe
  2⤵
  PID:5664
- C:\Windows\System\uZhZloF.exe
  C:\Windows\System\uZhZloF.exe
  2⤵
  PID:5704
- C:\Windows\System\MTUUvXF.exe
  C:\Windows\System\MTUUvXF.exe
  2⤵
  PID:5732
- C:\Windows\System\QBVxMPQ.exe
  C:\Windows\System\QBVxMPQ.exe
  2⤵
  PID:5772
- C:\Windows\System\onjMjzx.exe
  C:\Windows\System\onjMjzx.exe
  2⤵
  PID:5252
- C:\Windows\System\GrrzQBK.exe
  C:\Windows\System\GrrzQBK.exe
  2⤵
  PID:5836
- C:\Windows\System\BUnNkCh.exe
  C:\Windows\System\BUnNkCh.exe
  2⤵
  PID:5364
- C:\Windows\System\ybKADIt.exe
  C:\Windows\System\ybKADIt.exe
  2⤵
  PID:5388
- C:\Windows\System\QrrsssL.exe
  C:\Windows\System\QrrsssL.exe
  2⤵
  PID:5916
- C:\Windows\System\vkHgZYs.exe
  C:\Windows\System\vkHgZYs.exe
  2⤵
  PID:4404
- C:\Windows\System\wOJMTbL.exe
  C:\Windows\System\wOJMTbL.exe
  2⤵
  PID:5132
- C:\Windows\System\UAScPsU.exe
  C:\Windows\System\UAScPsU.exe
  2⤵
  PID:5184
- C:\Windows\System\PbudNPP.exe
  C:\Windows\System\PbudNPP.exe
  2⤵
  PID:5936
- C:\Windows\System\yYqLSSj.exe
  C:\Windows\System\yYqLSSj.exe
  2⤵
  PID:6164
- C:\Windows\System\VOTqvun.exe
  C:\Windows\System\VOTqvun.exe
  2⤵
  PID:6188
- C:\Windows\System\fxFXdyE.exe
  C:\Windows\System\fxFXdyE.exe
  2⤵
  PID:6212
- C:\Windows\System\pZlbIWQ.exe
  C:\Windows\System\pZlbIWQ.exe
  2⤵
  PID:6256
- C:\Windows\System\dWbwahx.exe
  C:\Windows\System\dWbwahx.exe
  2⤵
  PID:6280
- C:\Windows\System\BsJuxTD.exe
  C:\Windows\System\BsJuxTD.exe
  2⤵
  PID:6300
- C:\Windows\System\mArzNRt.exe
  C:\Windows\System\mArzNRt.exe
  2⤵
  PID:6324
- C:\Windows\System\kaNGTVK.exe
  C:\Windows\System\kaNGTVK.exe
  2⤵
  PID:6344
- C:\Windows\System\vadxoGM.exe
  C:\Windows\System\vadxoGM.exe
  2⤵
  PID:6364
- C:\Windows\System\vzvulSJ.exe
  C:\Windows\System\vzvulSJ.exe
  2⤵
  PID:6388
- C:\Windows\System\XTZJRyZ.exe
  C:\Windows\System\XTZJRyZ.exe
  2⤵
  PID:6412
- C:\Windows\System\xAcItSn.exe
  C:\Windows\System\xAcItSn.exe
  2⤵
  PID:6436
- C:\Windows\System\bkaeiDz.exe
  C:\Windows\System\bkaeiDz.exe
  2⤵
  PID:6456
- C:\Windows\System\WzIyBoL.exe
  C:\Windows\System\WzIyBoL.exe
  2⤵
  PID:6484
- C:\Windows\System\QfrMFwn.exe
  C:\Windows\System\QfrMFwn.exe
  2⤵
  PID:6504
- C:\Windows\System\oPWsmDK.exe
  C:\Windows\System\oPWsmDK.exe
  2⤵
  PID:6528
- C:\Windows\System\rdtCsYf.exe
  C:\Windows\System\rdtCsYf.exe
  2⤵
  PID:6548
- C:\Windows\System\qVhLMnW.exe
  C:\Windows\System\qVhLMnW.exe
  2⤵
  PID:6568
- C:\Windows\System\ibNkweo.exe
  C:\Windows\System\ibNkweo.exe
  2⤵
  PID:6592
- C:\Windows\System\fLuMilZ.exe
  C:\Windows\System\fLuMilZ.exe
  2⤵
  PID:6608
- C:\Windows\System\MbikKAs.exe
  C:\Windows\System\MbikKAs.exe
  2⤵
  PID:6632
- C:\Windows\System\IHoZqZy.exe
  C:\Windows\System\IHoZqZy.exe
  2⤵
  PID:6652
- C:\Windows\System\AFMUNYN.exe
  C:\Windows\System\AFMUNYN.exe
  2⤵
  PID:6676
- C:\Windows\System\oiZrcgA.exe
  C:\Windows\System\oiZrcgA.exe
  2⤵
  PID:6700
- C:\Windows\System\AbauBKH.exe
  C:\Windows\System\AbauBKH.exe
  2⤵
  PID:6716
- C:\Windows\System\RClfNkj.exe
  C:\Windows\System\RClfNkj.exe
  2⤵
  PID:6748
- C:\Windows\System\jeGQYnt.exe
  C:\Windows\System\jeGQYnt.exe
  2⤵
  PID:6764
- C:\Windows\System\cQBZvxM.exe
  C:\Windows\System\cQBZvxM.exe
  2⤵
  PID:6856
- C:\Windows\System\Lmarcdg.exe
  C:\Windows\System\Lmarcdg.exe
  2⤵
  PID:6876
- C:\Windows\System\fMUiICb.exe
  C:\Windows\System\fMUiICb.exe
  2⤵
  PID:6900
- C:\Windows\System\VfBtTmH.exe
  C:\Windows\System\VfBtTmH.exe
  2⤵
  PID:6920
- C:\Windows\System\avvjEHN.exe
  C:\Windows\System\avvjEHN.exe
  2⤵
  PID:6944
- C:\Windows\System\GexZTXX.exe
  C:\Windows\System\GexZTXX.exe
  2⤵
  PID:6968
- C:\Windows\System\JhRCNhw.exe
  C:\Windows\System\JhRCNhw.exe
  2⤵
  PID:6996
- C:\Windows\System\EdjJlFi.exe
  C:\Windows\System\EdjJlFi.exe
  2⤵
  PID:7016
- C:\Windows\System\yhMQriN.exe
  C:\Windows\System\yhMQriN.exe
  2⤵
  PID:7036
- C:\Windows\System\rAMdFuR.exe
  C:\Windows\System\rAMdFuR.exe
  2⤵
  PID:7064
- C:\Windows\System\UkHHmPj.exe
  C:\Windows\System\UkHHmPj.exe
  2⤵
  PID:7084
- C:\Windows\System\hYvYxkq.exe
  C:\Windows\System\hYvYxkq.exe
  2⤵
  PID:7108
- C:\Windows\System\ingjpgq.exe
  C:\Windows\System\ingjpgq.exe
  2⤵
  PID:7124
- C:\Windows\System\WVULUHk.exe
  C:\Windows\System\WVULUHk.exe
  2⤵
  PID:7148
- C:\Windows\System\FHroSDW.exe
  C:\Windows\System\FHroSDW.exe
  2⤵
  PID:6092
- C:\Windows\System\FtNwWJN.exe
  C:\Windows\System\FtNwWJN.exe
  2⤵
  PID:5744
- C:\Windows\System\CPQNdyD.exe
  C:\Windows\System\CPQNdyD.exe
  2⤵
  PID:3536
- C:\Windows\System\nikaqQp.exe
  C:\Windows\System\nikaqQp.exe
  2⤵
  PID:5556
- C:\Windows\System\qiLZiRA.exe
  C:\Windows\System\qiLZiRA.exe
  2⤵
  PID:5596
- C:\Windows\System\aRAewJY.exe
  C:\Windows\System\aRAewJY.exe
  2⤵
  PID:5640
- C:\Windows\System\WyRXZUJ.exe
  C:\Windows\System\WyRXZUJ.exe
  2⤵
  PID:6360
- C:\Windows\System\zneoTDq.exe
  C:\Windows\System\zneoTDq.exe
  2⤵
  PID:6496
- C:\Windows\System\TjSsqbR.exe
  C:\Windows\System\TjSsqbR.exe
  2⤵
  PID:5860
- C:\Windows\System\nmCSaBl.exe
  C:\Windows\System\nmCSaBl.exe
  2⤵
  PID:6684
- C:\Windows\System\GtiqDoX.exe
  C:\Windows\System\GtiqDoX.exe
  2⤵
  PID:6004
- C:\Windows\System\CPYJbpn.exe
  C:\Windows\System\CPYJbpn.exe
  2⤵
  PID:6048
- C:\Windows\System\eXYiYVo.exe
  C:\Windows\System\eXYiYVo.exe
  2⤵
  PID:6132
- C:\Windows\System\AFiUhZY.exe
  C:\Windows\System\AFiUhZY.exe
  2⤵
  PID:2664
- C:\Windows\System\ZVTafiq.exe
  C:\Windows\System\ZVTafiq.exe
  2⤵
  PID:5320
- C:\Windows\System\nwTWuuZ.exe
  C:\Windows\System\nwTWuuZ.exe
  2⤵
  PID:2472
- C:\Windows\System\QqnhGPC.exe
  C:\Windows\System\QqnhGPC.exe
  2⤵
  PID:6420
- C:\Windows\System\Rjwjqnj.exe
  C:\Windows\System\Rjwjqnj.exe
  2⤵
  PID:7120
- C:\Windows\System\oOZCtmc.exe
  C:\Windows\System\oOZCtmc.exe
  2⤵
  PID:7172
- C:\Windows\System\MyJEiiz.exe
  C:\Windows\System\MyJEiiz.exe
  2⤵
  PID:7200
- C:\Windows\System\TuuwqfH.exe
  C:\Windows\System\TuuwqfH.exe
  2⤵
  PID:7220
- C:\Windows\System\UUpDaEL.exe
  C:\Windows\System\UUpDaEL.exe
  2⤵
  PID:7240
- C:\Windows\System\DTwGRVf.exe
  C:\Windows\System\DTwGRVf.exe
  2⤵
  PID:7264
- C:\Windows\System\kjUSPzI.exe
  C:\Windows\System\kjUSPzI.exe
  2⤵
  PID:7288
- C:\Windows\System\DRIbetp.exe
  C:\Windows\System\DRIbetp.exe
  2⤵
  PID:7308
- C:\Windows\System\KfQDHho.exe
  C:\Windows\System\KfQDHho.exe
  2⤵
  PID:7332
- C:\Windows\System\WBmXsCG.exe
  C:\Windows\System\WBmXsCG.exe
  2⤵
  PID:7356
- C:\Windows\System\retavmr.exe
  C:\Windows\System\retavmr.exe
  2⤵
  PID:7372
- C:\Windows\System\MnHegXZ.exe
  C:\Windows\System\MnHegXZ.exe
  2⤵
  PID:7388
- C:\Windows\System\AlfsoMY.exe
  C:\Windows\System\AlfsoMY.exe
  2⤵
  PID:7404
- C:\Windows\System\IswMGPf.exe
  C:\Windows\System\IswMGPf.exe
  2⤵
  PID:7428
- C:\Windows\System\XXuYaKk.exe
  C:\Windows\System\XXuYaKk.exe
  2⤵
  PID:7448
- C:\Windows\System\gXCfqXJ.exe
  C:\Windows\System\gXCfqXJ.exe
  2⤵
  PID:7472
- C:\Windows\System\XrpIujO.exe
  C:\Windows\System\XrpIujO.exe
  2⤵
  PID:7488
- C:\Windows\System\jsBckTg.exe
  C:\Windows\System\jsBckTg.exe
  2⤵
  PID:7512
- C:\Windows\System\MQzbeow.exe
  C:\Windows\System\MQzbeow.exe
  2⤵
  PID:7536
- C:\Windows\System\ZSLxmxu.exe
  C:\Windows\System\ZSLxmxu.exe
  2⤵
  PID:7552
- C:\Windows\System\PiCvAJW.exe
  C:\Windows\System\PiCvAJW.exe
  2⤵
  PID:7572
- C:\Windows\System\EkpbiVj.exe
  C:\Windows\System\EkpbiVj.exe
  2⤵
  PID:7588
- C:\Windows\System\LPxQzav.exe
  C:\Windows\System\LPxQzav.exe
  2⤵
  PID:7612
- C:\Windows\System\BUEZoZr.exe
  C:\Windows\System\BUEZoZr.exe
  2⤵
  PID:7640
- C:\Windows\System\MessJPX.exe
  C:\Windows\System\MessJPX.exe
  2⤵
  PID:7660
- C:\Windows\System\IqzHxCj.exe
  C:\Windows\System\IqzHxCj.exe
  2⤵
  PID:7680
- C:\Windows\System\WquZgLo.exe
  C:\Windows\System\WquZgLo.exe
  2⤵
  PID:7700
- C:\Windows\System\KWvDBse.exe
  C:\Windows\System\KWvDBse.exe
  2⤵
  PID:7724
- C:\Windows\System\SZylltC.exe
  C:\Windows\System\SZylltC.exe
  2⤵
  PID:7748
- C:\Windows\System\dienkOb.exe
  C:\Windows\System\dienkOb.exe
  2⤵
  PID:7768
- C:\Windows\System\tKZXIGp.exe
  C:\Windows\System\tKZXIGp.exe
  2⤵
  PID:7788
- C:\Windows\System\WFytTSp.exe
  C:\Windows\System\WFytTSp.exe
  2⤵
  PID:7812
- C:\Windows\System\bynVCDA.exe
  C:\Windows\System\bynVCDA.exe
  2⤵
  PID:7836
- C:\Windows\System\KAfVDBH.exe
  C:\Windows\System\KAfVDBH.exe
  2⤵
  PID:7860
- C:\Windows\System\EIszXIG.exe
  C:\Windows\System\EIszXIG.exe
  2⤵
  PID:7900
- C:\Windows\System\wjzdQFK.exe
  C:\Windows\System\wjzdQFK.exe
  2⤵
  PID:7916
- C:\Windows\System\iGDEzbO.exe
  C:\Windows\System\iGDEzbO.exe
  2⤵
  PID:7932
- C:\Windows\System\fOVOGCp.exe
  C:\Windows\System\fOVOGCp.exe
  2⤵
  PID:7948
- C:\Windows\System\JBLErNg.exe
  C:\Windows\System\JBLErNg.exe
  2⤵
  PID:7972
- C:\Windows\System\XzRaWcB.exe
  C:\Windows\System\XzRaWcB.exe
  2⤵
  PID:7988
- C:\Windows\System\yFLgzmE.exe
  C:\Windows\System\yFLgzmE.exe
  2⤵
  PID:8008
- C:\Windows\System\YojYomu.exe
  C:\Windows\System\YojYomu.exe
  2⤵
  PID:8028
- C:\Windows\System\DFoYOaB.exe
  C:\Windows\System\DFoYOaB.exe
  2⤵
  PID:8052
- C:\Windows\System\FPNcDsy.exe
  C:\Windows\System\FPNcDsy.exe
  2⤵
  PID:8068
- C:\Windows\System\qqAbDsX.exe
  C:\Windows\System\qqAbDsX.exe
  2⤵
  PID:8092
- C:\Windows\System\erFPQlp.exe
  C:\Windows\System\erFPQlp.exe
  2⤵
  PID:8116
- C:\Windows\System\uoqIKWe.exe
  C:\Windows\System\uoqIKWe.exe
  2⤵
  PID:8136
- C:\Windows\System\wPMLXpY.exe
  C:\Windows\System\wPMLXpY.exe
  2⤵
  PID:8156
- C:\Windows\System\bAqstzf.exe
  C:\Windows\System\bAqstzf.exe
  2⤵
  PID:8180
- C:\Windows\System\PoyzTVi.exe
  C:\Windows\System\PoyzTVi.exe
  2⤵
  PID:6576
- C:\Windows\System\SMoXvCe.exe
  C:\Windows\System\SMoXvCe.exe
  2⤵
  PID:5052
- C:\Windows\System\MSjuzhl.exe
  C:\Windows\System\MSjuzhl.exe
  2⤵
  PID:6072
- C:\Windows\System\tWOUIuP.exe
  C:\Windows\System\tWOUIuP.exe
  2⤵
  PID:5656
- C:\Windows\System\XrjeQqX.exe
  C:\Windows\System\XrjeQqX.exe
  2⤵
  PID:5728
- C:\Windows\System\EtPCgSq.exe
  C:\Windows\System\EtPCgSq.exe
  2⤵
  PID:6184
- C:\Windows\System\OJUlcNa.exe
  C:\Windows\System\OJUlcNa.exe
  2⤵
  PID:5216
- C:\Windows\System\BHPJMRz.exe
  C:\Windows\System\BHPJMRz.exe
  2⤵
  PID:3108
- C:\Windows\System\OqGZceB.exe
  C:\Windows\System\OqGZceB.exe
  2⤵
  PID:5912
- C:\Windows\System\CwlAczF.exe
  C:\Windows\System\CwlAczF.exe
  2⤵
  PID:5856
- C:\Windows\System\aarwJqo.exe
  C:\Windows\System\aarwJqo.exe
  2⤵
  PID:5760
- C:\Windows\System\FuojAjH.exe
  C:\Windows\System\FuojAjH.exe
  2⤵
  PID:6868
- C:\Windows\System\yXNoQnk.exe
  C:\Windows\System\yXNoQnk.exe
  2⤵
  PID:6696
- C:\Windows\System\TxneZKS.exe
  C:\Windows\System\TxneZKS.exe
  2⤵
  PID:6292
- C:\Windows\System\oeBfPDC.exe
  C:\Windows\System\oeBfPDC.exe
  2⤵
  PID:7008
- C:\Windows\System\KDdImMq.exe
  C:\Windows\System\KDdImMq.exe
  2⤵
  PID:6068
- C:\Windows\System\lDIBYXu.exe
  C:\Windows\System\lDIBYXu.exe
  2⤵
  PID:7048
- C:\Windows\System\VTOIzZN.exe
  C:\Windows\System\VTOIzZN.exe
  2⤵
  PID:7140
- C:\Windows\System\cazqPdl.exe
  C:\Windows\System\cazqPdl.exe
  2⤵
  PID:8220
- C:\Windows\System\ZmRmPho.exe
  C:\Windows\System\ZmRmPho.exe
  2⤵
  PID:8244
- C:\Windows\System\GKaVriH.exe
  C:\Windows\System\GKaVriH.exe
  2⤵
  PID:8264
- C:\Windows\System\JCmexSm.exe
  C:\Windows\System\JCmexSm.exe
  2⤵
  PID:8288
- C:\Windows\System\hGijMfS.exe
  C:\Windows\System\hGijMfS.exe
  2⤵
  PID:8312
- C:\Windows\System\geOwOlx.exe
  C:\Windows\System\geOwOlx.exe
  2⤵
  PID:8336
- C:\Windows\System\kIkTbmj.exe
  C:\Windows\System\kIkTbmj.exe
  2⤵
  PID:8360
- C:\Windows\System\pENTOsV.exe
  C:\Windows\System\pENTOsV.exe
  2⤵
  PID:8376
- C:\Windows\System\uVVRThh.exe
  C:\Windows\System\uVVRThh.exe
  2⤵
  PID:8404
- C:\Windows\System\zgpkCmP.exe
  C:\Windows\System\zgpkCmP.exe
  2⤵
  PID:8424
- C:\Windows\System\jvnIauZ.exe
  C:\Windows\System\jvnIauZ.exe
  2⤵
  PID:8460
- C:\Windows\System\awyosgl.exe
  C:\Windows\System\awyosgl.exe
  2⤵
  PID:8480
- C:\Windows\System\SQzoZXV.exe
  C:\Windows\System\SQzoZXV.exe
  2⤵
  PID:8496
- C:\Windows\System\WaWAghZ.exe
  C:\Windows\System\WaWAghZ.exe
  2⤵
  PID:8516
- C:\Windows\System\eCXAKth.exe
  C:\Windows\System\eCXAKth.exe
  2⤵
  PID:8540
- C:\Windows\System\fZWXcmh.exe
  C:\Windows\System\fZWXcmh.exe
  2⤵
  PID:8564
- C:\Windows\System\PcdJYQS.exe
  C:\Windows\System\PcdJYQS.exe
  2⤵
  PID:8584
- C:\Windows\System\vePhFOZ.exe
  C:\Windows\System\vePhFOZ.exe
  2⤵
  PID:8608
- C:\Windows\System\OhQjokJ.exe
  C:\Windows\System\OhQjokJ.exe
  2⤵
  PID:8632
- C:\Windows\System\NtqPXjE.exe
  C:\Windows\System\NtqPXjE.exe
  2⤵
  PID:8656
- C:\Windows\System\QydujHf.exe
  C:\Windows\System\QydujHf.exe
  2⤵
  PID:8680
- C:\Windows\System\FROyHiZ.exe
  C:\Windows\System\FROyHiZ.exe
  2⤵
  PID:8700
- C:\Windows\System\hXeqgPR.exe
  C:\Windows\System\hXeqgPR.exe
  2⤵
  PID:8728
- C:\Windows\System\sILeMTv.exe
  C:\Windows\System\sILeMTv.exe
  2⤵
  PID:8752
- C:\Windows\System\gCayESr.exe
  C:\Windows\System\gCayESr.exe
  2⤵
  PID:8776
- C:\Windows\System\iEFtwJj.exe
  C:\Windows\System\iEFtwJj.exe
  2⤵
  PID:8804
- C:\Windows\System\VLHhySs.exe
  C:\Windows\System\VLHhySs.exe
  2⤵
  PID:8828
- C:\Windows\System\oFXeLMo.exe
  C:\Windows\System\oFXeLMo.exe
  2⤵
  PID:8848
- C:\Windows\System\UuwNPRX.exe
  C:\Windows\System\UuwNPRX.exe
  2⤵
  PID:8864
- C:\Windows\System\qTkCcBg.exe
  C:\Windows\System\qTkCcBg.exe
  2⤵
  PID:8880
- C:\Windows\System\qGnxScX.exe
  C:\Windows\System\qGnxScX.exe
  2⤵
  PID:9048
- C:\Windows\System\BcXGtfY.exe
  C:\Windows\System\BcXGtfY.exe
  2⤵
  PID:9092
- C:\Windows\System\JZJqsHb.exe
  C:\Windows\System\JZJqsHb.exe
  2⤵
  PID:9108
- C:\Windows\System\nTuXOnP.exe
  C:\Windows\System\nTuXOnP.exe
  2⤵
  PID:9124
- C:\Windows\System\fzfliHa.exe
  C:\Windows\System\fzfliHa.exe
  2⤵
  PID:9140
- C:\Windows\System\PMQxXpj.exe
  C:\Windows\System\PMQxXpj.exe
  2⤵
  PID:9160
- C:\Windows\System\JTCakza.exe
  C:\Windows\System\JTCakza.exe
  2⤵
  PID:9180
- C:\Windows\System\keYoaKQ.exe
  C:\Windows\System\keYoaKQ.exe
  2⤵
  PID:9200
- C:\Windows\System\OBpHsyz.exe
  C:\Windows\System\OBpHsyz.exe
  2⤵
  PID:6604
- C:\Windows\System\ogITtNI.exe
  C:\Windows\System\ogITtNI.exe
  2⤵
  PID:6624
- C:\Windows\System\feynYni.exe
  C:\Windows\System\feynYni.exe
  2⤵
  PID:6660
- C:\Windows\System\gKClFdA.exe
  C:\Windows\System\gKClFdA.exe
  2⤵
  PID:7344
- C:\Windows\System\UnJNoku.exe
  C:\Windows\System\UnJNoku.exe
  2⤵
  PID:6724
- C:\Windows\System\vLgvYnu.exe
  C:\Windows\System\vLgvYnu.exe
  2⤵
  PID:7528
- C:\Windows\System\NWxWhIx.exe
  C:\Windows\System\NWxWhIx.exe
  2⤵
  PID:7628
- C:\Windows\System\DkpFSer.exe
  C:\Windows\System\DkpFSer.exe
  2⤵
  PID:7696
- C:\Windows\System\gvZEZNx.exe
  C:\Windows\System\gvZEZNx.exe
  2⤵
  PID:7740
- C:\Windows\System\sBJWycf.exe
  C:\Windows\System\sBJWycf.exe
  2⤵
  PID:7804
- C:\Windows\System\hXUNZrw.exe
  C:\Windows\System\hXUNZrw.exe
  2⤵
  PID:7852
- C:\Windows\System\KCqZmkB.exe
  C:\Windows\System\KCqZmkB.exe
  2⤵
  PID:6824
- C:\Windows\System\qECTszy.exe
  C:\Windows\System\qECTszy.exe
  2⤵
  PID:6936
- C:\Windows\System\zXjrzYF.exe
  C:\Windows\System\zXjrzYF.exe
  2⤵
  PID:6964
- C:\Windows\System\eOcOUHF.exe
  C:\Windows\System\eOcOUHF.exe
  2⤵
  PID:5652
- C:\Windows\System\xYndOvT.exe
  C:\Windows\System\xYndOvT.exe
  2⤵
  PID:5504
- C:\Windows\System\byIHoTL.exe
  C:\Windows\System\byIHoTL.exe
  2⤵
  PID:8352
- C:\Windows\System\qLfPYgn.exe
  C:\Windows\System\qLfPYgn.exe
  2⤵
  PID:5816
- C:\Windows\System\ECFkadO.exe
  C:\Windows\System\ECFkadO.exe
  2⤵
  PID:5296
- C:\Windows\System\zaEwmee.exe
  C:\Windows\System\zaEwmee.exe
  2⤵
  PID:8324
- C:\Windows\System\txYpBLH.exe
  C:\Windows\System\txYpBLH.exe
  2⤵
  PID:5164
- C:\Windows\System\ppHLBzU.exe
  C:\Windows\System\ppHLBzU.exe
  2⤵
  PID:8412
- C:\Windows\System\gsElDUR.exe
  C:\Windows\System\gsElDUR.exe
  2⤵
  PID:8536
- C:\Windows\System\msGmLvM.exe
  C:\Windows\System\msGmLvM.exe
  2⤵
  PID:8592
- C:\Windows\System\XhJiSFf.exe
  C:\Windows\System\XhJiSFf.exe
  2⤵
  PID:7744
- C:\Windows\System\XiUqWcG.exe
  C:\Windows\System\XiUqWcG.exe
  2⤵
  PID:8800
- C:\Windows\System\EDbJoOF.exe
  C:\Windows\System\EDbJoOF.exe
  2⤵
  PID:8844
- C:\Windows\System\TyPFTBm.exe
  C:\Windows\System\TyPFTBm.exe
  2⤵
  PID:6524
- C:\Windows\System\bLHBwcO.exe
  C:\Windows\System\bLHBwcO.exe
  2⤵
  PID:6040
- C:\Windows\System\MZLsAau.exe
  C:\Windows\System\MZLsAau.exe
  2⤵
  PID:5792
- C:\Windows\System\MhqicCu.exe
  C:\Windows\System\MhqicCu.exe
  2⤵
  PID:9220
- C:\Windows\System\tdQzBIT.exe
  C:\Windows\System\tdQzBIT.exe
  2⤵
  PID:9244
- C:\Windows\System\iAdScPX.exe
  C:\Windows\System\iAdScPX.exe
  2⤵
  PID:9268
- C:\Windows\System\EFWHtyS.exe
  C:\Windows\System\EFWHtyS.exe
  2⤵
  PID:9284
- C:\Windows\System\uwacvti.exe
  C:\Windows\System\uwacvti.exe
  2⤵
  PID:9308
- C:\Windows\System\DhwEXhm.exe
  C:\Windows\System\DhwEXhm.exe
  2⤵
  PID:9332
- C:\Windows\System\pFJsbMB.exe
  C:\Windows\System\pFJsbMB.exe
  2⤵
  PID:9360
- C:\Windows\System\HFRNrcr.exe
  C:\Windows\System\HFRNrcr.exe
  2⤵
  PID:9376
- C:\Windows\System\hIKArgM.exe
  C:\Windows\System\hIKArgM.exe
  2⤵
  PID:9396
- C:\Windows\System\cKpSzSm.exe
  C:\Windows\System\cKpSzSm.exe
  2⤵
  PID:9416
- C:\Windows\System\qHrzPmG.exe
  C:\Windows\System\qHrzPmG.exe
  2⤵
  PID:9436
- C:\Windows\System\aQuWtUu.exe
  C:\Windows\System\aQuWtUu.exe
  2⤵
  PID:9468
- C:\Windows\System\TunGSBM.exe
  C:\Windows\System\TunGSBM.exe
  2⤵
  PID:9488
- C:\Windows\System\UNuCIjU.exe
  C:\Windows\System\UNuCIjU.exe
  2⤵
  PID:9508
- C:\Windows\System\fGqlNqt.exe
  C:\Windows\System\fGqlNqt.exe
  2⤵
  PID:9524
- C:\Windows\System\mzeoEZo.exe
  C:\Windows\System\mzeoEZo.exe
  2⤵
  PID:9540
- C:\Windows\System\UtMqpRG.exe
  C:\Windows\System\UtMqpRG.exe
  2⤵
  PID:9560
- C:\Windows\System\EgAphro.exe
  C:\Windows\System\EgAphro.exe
  2⤵
  PID:9580
- C:\Windows\System\WGXHUsu.exe
  C:\Windows\System\WGXHUsu.exe
  2⤵
  PID:9600
- C:\Windows\System\nkemXrH.exe
  C:\Windows\System\nkemXrH.exe
  2⤵
  PID:9660
- C:\Windows\System\MWQLQqx.exe
  C:\Windows\System\MWQLQqx.exe
  2⤵
  PID:9676
- C:\Windows\System\SVtIVao.exe
  C:\Windows\System\SVtIVao.exe
  2⤵
  PID:9696
- C:\Windows\System\HLDrXJy.exe
  C:\Windows\System\HLDrXJy.exe
  2⤵
  PID:9720
- C:\Windows\System\eHMJvBK.exe
  C:\Windows\System\eHMJvBK.exe
  2⤵
  PID:9744
- C:\Windows\System\zJwlaIs.exe
  C:\Windows\System\zJwlaIs.exe
  2⤵
  PID:9768
- C:\Windows\System\HXFxmBu.exe
  C:\Windows\System\HXFxmBu.exe
  2⤵
  PID:9788
- C:\Windows\System\NuxPrAV.exe
  C:\Windows\System\NuxPrAV.exe
  2⤵
  PID:9812
- C:\Windows\System\HRMQOyF.exe
  C:\Windows\System\HRMQOyF.exe
  2⤵
  PID:9840
- C:\Windows\System\UbzrWzq.exe
  C:\Windows\System\UbzrWzq.exe
  2⤵
  PID:9864
- C:\Windows\System\lDbUjvR.exe
  C:\Windows\System\lDbUjvR.exe
  2⤵
  PID:9884
- C:\Windows\System\FvoxufW.exe
  C:\Windows\System\FvoxufW.exe
  2⤵
  PID:9908
- C:\Windows\System\vbpfYXY.exe
  C:\Windows\System\vbpfYXY.exe
  2⤵
  PID:9940
- C:\Windows\System\oRxImin.exe
  C:\Windows\System\oRxImin.exe
  2⤵
  PID:9956
- C:\Windows\System\DDgBObl.exe
  C:\Windows\System\DDgBObl.exe
  2⤵
  PID:9972
- C:\Windows\System\IlUqenY.exe
  C:\Windows\System\IlUqenY.exe
  2⤵
  PID:10000
- C:\Windows\System\laCkSBL.exe
  C:\Windows\System\laCkSBL.exe
  2⤵
  PID:10020
- C:\Windows\System\ZgUDKkQ.exe
  C:\Windows\System\ZgUDKkQ.exe
  2⤵
  PID:10044
- C:\Windows\System\ysKCVWt.exe
  C:\Windows\System\ysKCVWt.exe
  2⤵
  PID:10068
- C:\Windows\System\JImMFpd.exe
  C:\Windows\System\JImMFpd.exe
  2⤵
  PID:10092
- C:\Windows\System\gCeTraQ.exe
  C:\Windows\System\gCeTraQ.exe
  2⤵
  PID:10112
- C:\Windows\System\aHNPbDW.exe
  C:\Windows\System\aHNPbDW.exe
  2⤵
  PID:10132
- C:\Windows\System\abJbzMN.exe
  C:\Windows\System\abJbzMN.exe
  2⤵
  PID:10156
- C:\Windows\System\qNutJcI.exe
  C:\Windows\System\qNutJcI.exe
  2⤵
  PID:10176
- C:\Windows\System\onoxECf.exe
  C:\Windows\System\onoxECf.exe
  2⤵
  PID:10212
- C:\Windows\System\FrUhPDV.exe
  C:\Windows\System\FrUhPDV.exe
  2⤵
  PID:10232
- C:\Windows\System\jUvyTRo.exe
  C:\Windows\System\jUvyTRo.exe
  2⤵
  PID:7116
- C:\Windows\System\cxcZQWO.exe
  C:\Windows\System\cxcZQWO.exe
  2⤵
  PID:7188
- C:\Windows\System\VlvQeLZ.exe
  C:\Windows\System\VlvQeLZ.exe
  2⤵
  PID:7276
- C:\Windows\System\GEphzVB.exe
  C:\Windows\System\GEphzVB.exe
  2⤵
  PID:9120
- C:\Windows\System\nZPCMDp.exe
  C:\Windows\System\nZPCMDp.exe
  2⤵
  PID:6560
- C:\Windows\System\FcvEyQQ.exe
  C:\Windows\System\FcvEyQQ.exe
  2⤵
  PID:6648
- C:\Windows\System\LwuUSaY.exe
  C:\Windows\System\LwuUSaY.exe
  2⤵
  PID:7384
- C:\Windows\System\yaDaJFd.exe
  C:\Windows\System\yaDaJFd.exe
  2⤵
  PID:7480
- C:\Windows\System\hodRjZM.exe
  C:\Windows\System\hodRjZM.exe
  2⤵
  PID:6788
- C:\Windows\System\vAembEo.exe
  C:\Windows\System\vAembEo.exe
  2⤵
  PID:7580
- C:\Windows\System\uGnxdyY.exe
  C:\Windows\System\uGnxdyY.exe
  2⤵
  PID:7648
- C:\Windows\System\lklSlZk.exe
  C:\Windows\System\lklSlZk.exe
  2⤵
  PID:8228
- C:\Windows\System\RBmScoG.exe
  C:\Windows\System\RBmScoG.exe
  2⤵
  PID:7328
- C:\Windows\System\ZmrKPif.exe
  C:\Windows\System\ZmrKPif.exe
  2⤵
  PID:10260
- C:\Windows\System\yjTkgrg.exe
  C:\Windows\System\yjTkgrg.exe
  2⤵
  PID:10280
- C:\Windows\System\evPppBW.exe
  C:\Windows\System\evPppBW.exe
  2⤵
  PID:10300
- C:\Windows\System\JQDiOJv.exe
  C:\Windows\System\JQDiOJv.exe
  2⤵
  PID:10328
- C:\Windows\System\qbEKDUG.exe
  C:\Windows\System\qbEKDUG.exe
  2⤵
  PID:10352
- C:\Windows\System\NUjyrRj.exe
  C:\Windows\System\NUjyrRj.exe
  2⤵
  PID:10380
- C:\Windows\System\TfwsTRP.exe
  C:\Windows\System\TfwsTRP.exe
  2⤵
  PID:10404
- C:\Windows\System\YkuKllf.exe
  C:\Windows\System\YkuKllf.exe
  2⤵
  PID:10432
- C:\Windows\System\ZXSYvDU.exe
  C:\Windows\System\ZXSYvDU.exe
  2⤵
  PID:10476
- C:\Windows\System\vftOyoL.exe
  C:\Windows\System\vftOyoL.exe
  2⤵
  PID:10492
- C:\Windows\System\lvjwXfA.exe
  C:\Windows\System\lvjwXfA.exe
  2⤵
  PID:10508
- C:\Windows\System\jRoiCnl.exe
  C:\Windows\System\jRoiCnl.exe
  2⤵
  PID:10524
- C:\Windows\System\NMvdIge.exe
  C:\Windows\System\NMvdIge.exe
  2⤵
  PID:10540
- C:\Windows\System\fehsGWc.exe
  C:\Windows\System\fehsGWc.exe
  2⤵
  PID:10568
- C:\Windows\System\ACSLAVL.exe
  C:\Windows\System\ACSLAVL.exe
  2⤵
  PID:10588
- C:\Windows\System\cBBcGxc.exe
  C:\Windows\System\cBBcGxc.exe
  2⤵
  PID:10612
- C:\Windows\System\edtFiob.exe
  C:\Windows\System\edtFiob.exe
  2⤵
  PID:10636
- C:\Windows\System\GOQAweW.exe
  C:\Windows\System\GOQAweW.exe
  2⤵
  PID:10660
- C:\Windows\System\CNxoYlY.exe
  C:\Windows\System\CNxoYlY.exe
  2⤵
  PID:10680
- C:\Windows\System\deyOHpq.exe
  C:\Windows\System\deyOHpq.exe
  2⤵
  PID:10696
- C:\Windows\System\Ovnvwya.exe
  C:\Windows\System\Ovnvwya.exe
  2⤵
  PID:10712
- C:\Windows\System\NVVmlOA.exe
  C:\Windows\System\NVVmlOA.exe
  2⤵
  PID:10728
- C:\Windows\System\VTohGLC.exe
  C:\Windows\System\VTohGLC.exe
  2⤵
  PID:10748
- C:\Windows\System\iPyBwWE.exe
  C:\Windows\System\iPyBwWE.exe
  2⤵
  PID:10764
- C:\Windows\System\kfpsIaU.exe
  C:\Windows\System\kfpsIaU.exe
  2⤵
  PID:10784
- C:\Windows\System\PWDJlbi.exe
  C:\Windows\System\PWDJlbi.exe
  2⤵
  PID:10804
- C:\Windows\System\WuWcxPZ.exe
  C:\Windows\System\WuWcxPZ.exe
  2⤵
  PID:10820
- C:\Windows\System\ynvOJjo.exe
  C:\Windows\System\ynvOJjo.exe
  2⤵
  PID:10852
- C:\Windows\System\IwvPKla.exe
  C:\Windows\System\IwvPKla.exe
  2⤵
  PID:10880
- C:\Windows\System\aXaGEoI.exe
  C:\Windows\System\aXaGEoI.exe
  2⤵
  PID:10904
- C:\Windows\System\rKanXPR.exe
  C:\Windows\System\rKanXPR.exe
  2⤵
  PID:10924
- C:\Windows\System\jEVlGQx.exe
  C:\Windows\System\jEVlGQx.exe
  2⤵
  PID:10948
- C:\Windows\System\egYlrUM.exe
  C:\Windows\System\egYlrUM.exe
  2⤵
  PID:10972
- C:\Windows\System\eVyNdJm.exe
  C:\Windows\System\eVyNdJm.exe
  2⤵
  PID:11000
- C:\Windows\System\WyVuPgK.exe
  C:\Windows\System\WyVuPgK.exe
  2⤵
  PID:11020
- C:\Windows\System\rUuNXoy.exe
  C:\Windows\System\rUuNXoy.exe
  2⤵
  PID:11044
- C:\Windows\System\GDYzSkv.exe
  C:\Windows\System\GDYzSkv.exe
  2⤵
  PID:11064
- C:\Windows\System\aSGGdDW.exe
  C:\Windows\System\aSGGdDW.exe
  2⤵
  PID:11100
- C:\Windows\System\wqCquBT.exe
  C:\Windows\System\wqCquBT.exe
  2⤵
  PID:11124
- C:\Windows\System\KsrbKTc.exe
  C:\Windows\System\KsrbKTc.exe
  2⤵
  PID:11152
- C:\Windows\System\cCZnfTo.exe
  C:\Windows\System\cCZnfTo.exe
  2⤵
  PID:11168
- C:\Windows\System\mRmVPla.exe
  C:\Windows\System\mRmVPla.exe
  2⤵
  PID:11188
- C:\Windows\System\xDQcRDP.exe
  C:\Windows\System\xDQcRDP.exe
  2⤵
  PID:11208
- C:\Windows\System\EMHeLKZ.exe
  C:\Windows\System\EMHeLKZ.exe
  2⤵
  PID:11232
- C:\Windows\System\lEpILUp.exe
  C:\Windows\System\lEpILUp.exe
  2⤵
  PID:11252
- C:\Windows\System\TJbsLTn.exe
  C:\Windows\System\TJbsLTn.exe
  2⤵
  PID:5560
- C:\Windows\System\nRWHLSj.exe
  C:\Windows\System\nRWHLSj.exe
  2⤵
  PID:7908
- C:\Windows\System\kjsCgAH.exe
  C:\Windows\System\kjsCgAH.exe
  2⤵
  PID:8000
- C:\Windows\System\VgtMrgS.exe
  C:\Windows\System\VgtMrgS.exe
  2⤵
  PID:8064
- C:\Windows\System\AYNnFID.exe
  C:\Windows\System\AYNnFID.exe
  2⤵
  PID:8132
- C:\Windows\System\vQvKeyM.exe
  C:\Windows\System\vQvKeyM.exe
  2⤵
  PID:7784
- C:\Windows\System\QfyRvrq.exe
  C:\Windows\System\QfyRvrq.exe
  2⤵
  PID:6268
- C:\Windows\System\xzxzBHV.exe
  C:\Windows\System\xzxzBHV.exe
  2⤵
  PID:5992
- C:\Windows\System\mDKOFVu.exe
  C:\Windows\System\mDKOFVu.exe
  2⤵
  PID:6084
- C:\Windows\System\bNUQlbg.exe
  C:\Windows\System\bNUQlbg.exe
  2⤵
  PID:9352
- C:\Windows\System\oyeQQNh.exe
  C:\Windows\System\oyeQQNh.exe
  2⤵
  PID:8284
- C:\Windows\System\UQNoOSZ.exe
  C:\Windows\System\UQNoOSZ.exe
  2⤵
  PID:8100
- C:\Windows\System\djsVvUU.exe
  C:\Windows\System\djsVvUU.exe
  2⤵
  PID:7956
- C:\Windows\System\pJxQUoe.exe
  C:\Windows\System\pJxQUoe.exe
  2⤵
  PID:8256
- C:\Windows\System\kwolyvO.exe
  C:\Windows\System\kwolyvO.exe
  2⤵
  PID:9672
- C:\Windows\System\fOsouEj.exe
  C:\Windows\System\fOsouEj.exe
  2⤵
  PID:9764
- C:\Windows\System\CYmQeku.exe
  C:\Windows\System\CYmQeku.exe
  2⤵
  PID:7256
- C:\Windows\System\DzTPmKH.exe
  C:\Windows\System\DzTPmKH.exe
  2⤵
  PID:8420
- C:\Windows\System\WxCOtXD.exe
  C:\Windows\System\WxCOtXD.exe
  2⤵
  PID:7496
- C:\Windows\System\ACPJisX.exe
  C:\Windows\System\ACPJisX.exe
  2⤵
  PID:8508
- C:\Windows\System\RGpUMek.exe
  C:\Windows\System\RGpUMek.exe
  2⤵
  PID:10168
- C:\Windows\System\ncqaAKZ.exe
  C:\Windows\System\ncqaAKZ.exe
  2⤵
  PID:11316
- C:\Windows\System\bNcSXiU.exe
  C:\Windows\System\bNcSXiU.exe
  2⤵
  PID:11340
- C:\Windows\System\pvksWbA.exe
  C:\Windows\System\pvksWbA.exe
  2⤵
  PID:11360
- C:\Windows\System\qYwyjjG.exe
  C:\Windows\System\qYwyjjG.exe
  2⤵
  PID:11392
- C:\Windows\System\LqLSIVv.exe
  C:\Windows\System\LqLSIVv.exe
  2⤵
  PID:11416
- C:\Windows\System\CTTLRPZ.exe
  C:\Windows\System\CTTLRPZ.exe
  2⤵
  PID:11436
- C:\Windows\System\Njedego.exe
  C:\Windows\System\Njedego.exe
  2⤵
  PID:11456
- C:\Windows\System\nAmdRCM.exe
  C:\Windows\System\nAmdRCM.exe
  2⤵
  PID:11480
- C:\Windows\System\KGgyYQZ.exe
  C:\Windows\System\KGgyYQZ.exe
  2⤵
  PID:11500
- C:\Windows\System\AejsAmj.exe
  C:\Windows\System\AejsAmj.exe
  2⤵
  PID:11524
- C:\Windows\System\AaFEyiJ.exe
  C:\Windows\System\AaFEyiJ.exe
  2⤵
  PID:11552
- C:\Windows\System\xPobeKm.exe
  C:\Windows\System\xPobeKm.exe
  2⤵
  PID:11572
- C:\Windows\System\gaklIui.exe
  C:\Windows\System\gaklIui.exe
  2⤵
  PID:11596
- C:\Windows\System\TJQgOVg.exe
  C:\Windows\System\TJQgOVg.exe
  2⤵
  PID:11616
- C:\Windows\System\nqVWMyj.exe
  C:\Windows\System\nqVWMyj.exe
  2⤵
  PID:11648
- C:\Windows\System\CtICKde.exe
  C:\Windows\System\CtICKde.exe
  2⤵
  PID:11680
- C:\Windows\System\gYuQYaF.exe
  C:\Windows\System\gYuQYaF.exe
  2⤵
  PID:11696
- C:\Windows\System\fxnpwCj.exe
  C:\Windows\System\fxnpwCj.exe
  2⤵
  PID:11712
- C:\Windows\System\MZVyLYy.exe
  C:\Windows\System\MZVyLYy.exe
  2⤵
  PID:11728
- C:\Windows\System\znRdbgP.exe
  C:\Windows\System\znRdbgP.exe
  2⤵
  PID:11748
- C:\Windows\System\yDqPxxY.exe
  C:\Windows\System\yDqPxxY.exe
  2⤵
  PID:11772
- C:\Windows\System\yuLFoYq.exe
  C:\Windows\System\yuLFoYq.exe
  2⤵
  PID:11796
- C:\Windows\System\rSFgqDo.exe
  C:\Windows\System\rSFgqDo.exe
  2⤵
  PID:11816
- C:\Windows\System\bONXNns.exe
  C:\Windows\System\bONXNns.exe
  2⤵
  PID:11844
- C:\Windows\System\jVMrKbX.exe
  C:\Windows\System\jVMrKbX.exe
  2⤵
  PID:11864
- C:\Windows\System\nkLckfM.exe
  C:\Windows\System\nkLckfM.exe
  2⤵
  PID:11892
- C:\Windows\System\rYfkdMX.exe
  C:\Windows\System\rYfkdMX.exe
  2⤵
  PID:11916
- C:\Windows\System\Wanwdkh.exe
  C:\Windows\System\Wanwdkh.exe
  2⤵
  PID:11940
- C:\Windows\System\XetJwyu.exe
  C:\Windows\System\XetJwyu.exe
  2⤵
  PID:11956
- C:\Windows\System\qNNdCwD.exe
  C:\Windows\System\qNNdCwD.exe
  2⤵
  PID:11972
- C:\Windows\System\TgRmqvu.exe
  C:\Windows\System\TgRmqvu.exe
  2⤵
  PID:12036
- C:\Windows\System\OkWxnEj.exe
  C:\Windows\System\OkWxnEj.exe
  2⤵
  PID:12052
- C:\Windows\System\iRSFmgw.exe
  C:\Windows\System\iRSFmgw.exe
  2⤵
  PID:12068
- C:\Windows\System\uDuZqgK.exe
  C:\Windows\System\uDuZqgK.exe
  2⤵
  PID:12092
- C:\Windows\System\izcqIEp.exe
  C:\Windows\System\izcqIEp.exe
  2⤵
  PID:12108
- C:\Windows\System\caaSzxG.exe
  C:\Windows\System\caaSzxG.exe
  2⤵
  PID:12124
- C:\Windows\System\oQknVYL.exe
  C:\Windows\System\oQknVYL.exe
  2⤵
  PID:12152
- C:\Windows\System\jtOinZN.exe
  C:\Windows\System\jtOinZN.exe
  2⤵
  PID:12176
- C:\Windows\System\sqnoHcL.exe
  C:\Windows\System\sqnoHcL.exe
  2⤵
  PID:12192
- C:\Windows\System\pzcdVNQ.exe
  C:\Windows\System\pzcdVNQ.exe
  2⤵
  PID:12216
- C:\Windows\System\YipuAFp.exe
  C:\Windows\System\YipuAFp.exe
  2⤵
  PID:12236
- C:\Windows\System\kzbBsLt.exe
  C:\Windows\System\kzbBsLt.exe
  2⤵
  PID:12260
- C:\Windows\System\LpVZlRf.exe
  C:\Windows\System\LpVZlRf.exe
  2⤵
  PID:12284
- C:\Windows\System\pUUKMig.exe
  C:\Windows\System\pUUKMig.exe
  2⤵
  PID:8616
- C:\Windows\System\FKQnKRA.exe
  C:\Windows\System\FKQnKRA.exe
  2⤵
  PID:7024
- C:\Windows\System\sPLSKyg.exe
  C:\Windows\System\sPLSKyg.exe
  2⤵
  PID:7028
- C:\Windows\System\kiFnYsg.exe
  C:\Windows\System\kiFnYsg.exe
  2⤵
  PID:7416
- C:\Windows\System\IiYwgXP.exe
  C:\Windows\System\IiYwgXP.exe
  2⤵
  PID:8432
- C:\Windows\System\opareaE.exe
  C:\Windows\System\opareaE.exe
  2⤵
  PID:8888
- C:\Windows\System\exKsFwH.exe
  C:\Windows\System\exKsFwH.exe
  2⤵
  PID:10556
- C:\Windows\System\AQOLmOt.exe
  C:\Windows\System\AQOLmOt.exe
  2⤵
  PID:10600
- C:\Windows\System\RyVlegu.exe
  C:\Windows\System\RyVlegu.exe
  2⤵
  PID:8944
- C:\Windows\System\NwxGNNz.exe
  C:\Windows\System\NwxGNNz.exe
  2⤵
  PID:5148
- C:\Windows\System\ITVgcaG.exe
  C:\Windows\System\ITVgcaG.exe
  2⤵
  PID:9236
- C:\Windows\System\HPbHGbW.exe
  C:\Windows\System\HPbHGbW.exe
  2⤵
  PID:10944
- C:\Windows\System\MAvIKGB.exe
  C:\Windows\System\MAvIKGB.exe
  2⤵
  PID:9324
- C:\Windows\System\QyWTnBN.exe
  C:\Windows\System\QyWTnBN.exe
  2⤵
  PID:12292
- C:\Windows\System\gSQncCo.exe
  C:\Windows\System\gSQncCo.exe
  2⤵
  PID:12316
- C:\Windows\System\Chxndtz.exe
  C:\Windows\System\Chxndtz.exe
  2⤵
  PID:12336
- C:\Windows\System\pRBcAYJ.exe
  C:\Windows\System\pRBcAYJ.exe
  2⤵
  PID:12364
- C:\Windows\System\xPfeZPZ.exe
  C:\Windows\System\xPfeZPZ.exe
  2⤵
  PID:12400
- C:\Windows\System\SqOHgZJ.exe
  C:\Windows\System\SqOHgZJ.exe
  2⤵
  PID:12416
- C:\Windows\System\DjlIgmn.exe
  C:\Windows\System\DjlIgmn.exe
  2⤵
  PID:12436
- C:\Windows\System\JfXQgmd.exe
  C:\Windows\System\JfXQgmd.exe
  2⤵
  PID:12460
- C:\Windows\System\aBxoahS.exe
  C:\Windows\System\aBxoahS.exe
  2⤵
  PID:12480
- C:\Windows\System\TzDmDvw.exe
  C:\Windows\System\TzDmDvw.exe
  2⤵
  PID:12500
- C:\Windows\System\aoggxAP.exe
  C:\Windows\System\aoggxAP.exe
  2⤵
  PID:12524
- C:\Windows\System\FrgODyr.exe
  C:\Windows\System\FrgODyr.exe
  2⤵
  PID:12548
- C:\Windows\System\ETwakwC.exe
  C:\Windows\System\ETwakwC.exe
  2⤵
  PID:12568
- C:\Windows\System\uGIljUJ.exe
  C:\Windows\System\uGIljUJ.exe
  2⤵
  PID:12588
- C:\Windows\System\huzpbML.exe
  C:\Windows\System\huzpbML.exe
  2⤵
  PID:12612
- C:\Windows\System\bfQiHwo.exe
  C:\Windows\System\bfQiHwo.exe
  2⤵
  PID:12632
- C:\Windows\System\PRwIyyX.exe
  C:\Windows\System\PRwIyyX.exe
  2⤵
  PID:12652
- C:\Windows\System\GqzAQpI.exe
  C:\Windows\System\GqzAQpI.exe
  2⤵
  PID:12676
- C:\Windows\System\GZWcwXW.exe
  C:\Windows\System\GZWcwXW.exe
  2⤵
  PID:12696
- C:\Windows\System\yQLcfMt.exe
  C:\Windows\System\yQLcfMt.exe
  2⤵
  PID:12720
- C:\Windows\System\EsjOCDc.exe
  C:\Windows\System\EsjOCDc.exe
  2⤵
  PID:12740
- C:\Windows\System\sFKoCwx.exe
  C:\Windows\System\sFKoCwx.exe
  2⤵
  PID:12760
- C:\Windows\System\NxqjUTf.exe
  C:\Windows\System\NxqjUTf.exe
  2⤵
  PID:12776
- C:\Windows\System\rbJynvp.exe
  C:\Windows\System\rbJynvp.exe
  2⤵
  PID:12792
- C:\Windows\System\YLLMQeA.exe
  C:\Windows\System\YLLMQeA.exe
  2⤵
  PID:12808
- C:\Windows\System\GyffTch.exe
  C:\Windows\System\GyffTch.exe
  2⤵
  PID:12824
- C:\Windows\System\VaSPnpi.exe
  C:\Windows\System\VaSPnpi.exe
  2⤵
  PID:12852
- C:\Windows\System\cOXBmhT.exe
  C:\Windows\System\cOXBmhT.exe
  2⤵
  PID:12872
- C:\Windows\System\AJFITcz.exe
  C:\Windows\System\AJFITcz.exe
  2⤵
  PID:12900
- C:\Windows\System\lxQIsDy.exe
  C:\Windows\System\lxQIsDy.exe
  2⤵
  PID:12924
- C:\Windows\System\qLHXWxx.exe
  C:\Windows\System\qLHXWxx.exe
  2⤵
  PID:12976
- C:\Windows\System\IkFcMDG.exe
  C:\Windows\System\IkFcMDG.exe
  2⤵
  PID:12996
- C:\Windows\System\HKdbEVH.exe
  C:\Windows\System\HKdbEVH.exe
  2⤵
  PID:13016
- C:\Windows\System\BLQQdAL.exe
  C:\Windows\System\BLQQdAL.exe
  2⤵
  PID:13044
- C:\Windows\System\edSmUZP.exe
  C:\Windows\System\edSmUZP.exe
  2⤵
  PID:13068
- C:\Windows\System\jBPbfLX.exe
  C:\Windows\System\jBPbfLX.exe
  2⤵
  PID:13088
- C:\Windows\System\DLKuGhu.exe
  C:\Windows\System\DLKuGhu.exe
  2⤵
  PID:13108
- C:\Windows\System\HKRHvjx.exe
  C:\Windows\System\HKRHvjx.exe
  2⤵
  PID:13128
- C:\Windows\System\JybinTb.exe
  C:\Windows\System\JybinTb.exe
  2⤵
  PID:13156
- C:\Windows\System\KowlnMf.exe
  C:\Windows\System\KowlnMf.exe
  2⤵
  PID:13176
- C:\Windows\System\BgXeZiD.exe
  C:\Windows\System\BgXeZiD.exe
  2⤵
  PID:13196
- C:\Windows\System\GlMwPVW.exe
  C:\Windows\System\GlMwPVW.exe
  2⤵
  PID:13212
- C:\Windows\System\cQEKCil.exe
  C:\Windows\System\cQEKCil.exe
  2⤵
  PID:13232
- C:\Windows\System\ARyHiVk.exe
  C:\Windows\System\ARyHiVk.exe
  2⤵
  PID:13252
- C:\Windows\System\xRUzOIi.exe
  C:\Windows\System\xRUzOIi.exe
  2⤵
  PID:13268
- C:\Windows\System\LedXoZz.exe
  C:\Windows\System\LedXoZz.exe
  2⤵
  PID:13284
- C:\Windows\System\IInUhpP.exe
  C:\Windows\System\IInUhpP.exe
  2⤵
  PID:13300
- C:\Windows\System\MrnkzJH.exe
  C:\Windows\System\MrnkzJH.exe
  2⤵
  PID:11036
- C:\Windows\System\mlNBwIT.exe
  C:\Windows\System\mlNBwIT.exe
  2⤵
  PID:9412
- C:\Windows\System\oLnPgMU.exe
  C:\Windows\System\oLnPgMU.exe
  2⤵
  PID:9452
- C:\Windows\System\QOILEEb.exe
  C:\Windows\System\QOILEEb.exe
  2⤵
  PID:9484
- C:\Windows\System\FbcZZkq.exe
  C:\Windows\System\FbcZZkq.exe
  2⤵
  PID:9520
- C:\Windows\System\chBeUkE.exe
  C:\Windows\System\chBeUkE.exe
  2⤵
  PID:11148
- C:\Windows\System\nbNnBKu.exe
  C:\Windows\System\nbNnBKu.exe
  2⤵
  PID:11260
- C:\Windows\System\EirpAgC.exe
  C:\Windows\System\EirpAgC.exe
  2⤵
  PID:9728
- C:\Windows\System\BHgsTVm.exe
  C:\Windows\System\BHgsTVm.exe
  2⤵
  PID:9804
- C:\Windows\System\EuhPmta.exe
  C:\Windows\System\EuhPmta.exe
  2⤵
  PID:9292
- C:\Windows\System\NFpOeCc.exe
  C:\Windows\System\NFpOeCc.exe
  2⤵
  PID:6772
- C:\Windows\System\WePRogi.exe
  C:\Windows\System\WePRogi.exe
  2⤵
  PID:7620
- C:\Windows\System\XUgSTyu.exe
  C:\Windows\System\XUgSTyu.exe
  2⤵
  PID:10104
- C:\Windows\System\jdXSgox.exe
  C:\Windows\System\jdXSgox.exe
  2⤵
  PID:7716
- C:\Windows\System\jAEYkhc.exe
  C:\Windows\System\jAEYkhc.exe
  2⤵
  PID:11332
- C:\Windows\System\mzYmHlq.exe
  C:\Windows\System\mzYmHlq.exe
  2⤵
  PID:11400
- C:\Windows\System\jPjzYwZ.exe
  C:\Windows\System\jPjzYwZ.exe
  2⤵
  PID:7044
- C:\Windows\System\pyTrPsN.exe
  C:\Windows\System\pyTrPsN.exe
  2⤵
  PID:1416
- C:\Windows\System\oySZAxa.exe
  C:\Windows\System\oySZAxa.exe
  2⤵
  PID:11560
- C:\Windows\System\XcOwJFx.exe
  C:\Windows\System\XcOwJFx.exe
  2⤵
  PID:13320
- C:\Windows\System\SuXGyuS.exe
  C:\Windows\System\SuXGyuS.exe
  2⤵
  PID:13344
- C:\Windows\System\IahITYb.exe
  C:\Windows\System\IahITYb.exe
  2⤵
  PID:13372
- C:\Windows\System\hjhyLBo.exe
  C:\Windows\System\hjhyLBo.exe
  2⤵
  PID:13392
- C:\Windows\System\rGwucgm.exe
  C:\Windows\System\rGwucgm.exe
  2⤵
  PID:13412
- C:\Windows\System\dWozxNd.exe
  C:\Windows\System\dWozxNd.exe
  2⤵
  PID:13436
- C:\Windows\System\ZikPuuU.exe
  C:\Windows\System\ZikPuuU.exe
  2⤵
  PID:13452
- C:\Windows\System\DkQcKQc.exe
  C:\Windows\System\DkQcKQc.exe
  2⤵
  PID:13468
- C:\Windows\System\uYcAlDQ.exe
  C:\Windows\System\uYcAlDQ.exe
  2⤵
  PID:13492
- C:\Windows\System\SzTcgrp.exe
  C:\Windows\System\SzTcgrp.exe
  2⤵
  PID:13516
- C:\Windows\System\dHbyvjK.exe
  C:\Windows\System\dHbyvjK.exe
  2⤵
  PID:13536
- C:\Windows\System\dRxIQYO.exe
  C:\Windows\System\dRxIQYO.exe
  2⤵
  PID:13556
- C:\Windows\System\WvCQKpe.exe
  C:\Windows\System\WvCQKpe.exe
  2⤵
  PID:13580
- C:\Windows\System\VboHIGw.exe
  C:\Windows\System\VboHIGw.exe
  2⤵
  PID:13600
- C:\Windows\System\lAwcQnW.exe
  C:\Windows\System\lAwcQnW.exe
  2⤵
  PID:13628
- C:\Windows\System\EHowYMN.exe
  C:\Windows\System\EHowYMN.exe
  2⤵
  PID:13644
- C:\Windows\System\CInYPRR.exe
  C:\Windows\System\CInYPRR.exe
  2⤵
  PID:13664
- C:\Windows\System\mhBFkFf.exe
  C:\Windows\System\mhBFkFf.exe
  2⤵
  PID:13680
- C:\Windows\System\JgICfsO.exe
  C:\Windows\System\JgICfsO.exe
  2⤵
  PID:13696
- C:\Windows\System\UZcKfSI.exe
  C:\Windows\System\UZcKfSI.exe
  2⤵
  PID:13712
- C:\Windows\System\nKYSgGO.exe
  C:\Windows\System\nKYSgGO.exe
  2⤵
  PID:13740
- C:\Windows\System\wjkOfRM.exe
  C:\Windows\System\wjkOfRM.exe
  2⤵
  PID:13764
- C:\Windows\System\TuQeMvR.exe
  C:\Windows\System\TuQeMvR.exe
  2⤵
  PID:13780
- C:\Windows\System\tlwsRWi.exe
  C:\Windows\System\tlwsRWi.exe
  2⤵
  PID:13804
- C:\Windows\System\kMaJrjR.exe
  C:\Windows\System\kMaJrjR.exe
  2⤵
  PID:13832
- C:\Windows\System\fZKOJcV.exe
  C:\Windows\System\fZKOJcV.exe
  2⤵
  PID:13848
- C:\Windows\System\mdusXyJ.exe
  C:\Windows\System\mdusXyJ.exe
  2⤵
  PID:14032
- C:\Windows\System\bkMnlFU.exe
  C:\Windows\System\bkMnlFU.exe
  2⤵
  PID:14064
- C:\Windows\System\ePKpxDV.exe
  C:\Windows\System\ePKpxDV.exe
  2⤵
  PID:14112
- C:\Windows\System\xdupdLU.exe
  C:\Windows\System\xdupdLU.exe
  2⤵
  PID:14136
- C:\Windows\System\uKeIGRI.exe
  C:\Windows\System\uKeIGRI.exe
  2⤵
  PID:14160
- C:\Windows\System\gdrQJJD.exe
  C:\Windows\System\gdrQJJD.exe
  2⤵
  PID:14180
- C:\Windows\System\XGpRMAb.exe
  C:\Windows\System\XGpRMAb.exe
  2⤵
  PID:11804
- C:\Windows\System\MYTvtIC.exe
  C:\Windows\System\MYTvtIC.exe
  2⤵
  PID:10276
- C:\Windows\System\tXIqoMq.exe
  C:\Windows\System\tXIqoMq.exe
  2⤵
  PID:10536
- C:\Windows\System\Hnsakfa.exe
  C:\Windows\System\Hnsakfa.exe
  2⤵
  PID:10828
- C:\Windows\System\PXvyXvl.exe
  C:\Windows\System\PXvyXvl.exe
  2⤵
  PID:11012
- C:\Windows\System\zSDPWDD.exe
  C:\Windows\System\zSDPWDD.exe
  2⤵
  PID:10992
- C:\Windows\System\SDMQtHI.exe
  C:\Windows\System\SDMQtHI.exe
  2⤵
  PID:12312
- C:\Windows\System\mtPeLiG.exe
  C:\Windows\System\mtPeLiG.exe
  2⤵
  PID:9556
- C:\Windows\System\hZwXwGr.exe
  C:\Windows\System\hZwXwGr.exe
  2⤵
  PID:12424
- C:\Windows\System\TldeqsT.exe
  C:\Windows\System\TldeqsT.exe
  2⤵
  PID:7324
- C:\Windows\System\LvNSyHR.exe
  C:\Windows\System\LvNSyHR.exe
  2⤵
  PID:12532
- C:\Windows\System\tAngbbT.exe
  C:\Windows\System\tAngbbT.exe
  2⤵
  PID:8836
- C:\Windows\System\FgsrKdy.exe
  C:\Windows\System\FgsrKdy.exe
  2⤵
  PID:12584
- C:\Windows\System\bZMqHKg.exe
  C:\Windows\System\bZMqHKg.exe
  2⤵
  PID:7984
- C:\Windows\System\yBRhtKc.exe
  C:\Windows\System\yBRhtKc.exe
  2⤵
  PID:9736
- C:\Windows\System\guWYPpz.exe
  C:\Windows\System\guWYPpz.exe
  2⤵
  PID:12728
- C:\Windows\System\YbfPDxk.exe
  C:\Windows\System\YbfPDxk.exe
  2⤵
  PID:12804
- C:\Windows\System\gHYZGTO.exe
  C:\Windows\System\gHYZGTO.exe
  2⤵
  PID:9800
- C:\Windows\System\EbXfAfs.exe
  C:\Windows\System\EbXfAfs.exe
  2⤵
  PID:9852
- C:\Windows\System\MTzxpQi.exe
  C:\Windows\System\MTzxpQi.exe
  2⤵
  PID:12936
- C:\Windows\System\dAWaXED.exe
  C:\Windows\System\dAWaXED.exe
  2⤵
  PID:14340
- C:\Windows\System\fKOcnUd.exe
  C:\Windows\System\fKOcnUd.exe
  2⤵
  PID:14356
- C:\Windows\System\yDYHTtp.exe
  C:\Windows\System\yDYHTtp.exe
  2⤵
  PID:14372
- C:\Windows\System\FANzeEx.exe
  C:\Windows\System\FANzeEx.exe
  2⤵
  PID:14388
- C:\Windows\System\DMbLnLd.exe
  C:\Windows\System\DMbLnLd.exe
  2⤵
  PID:14416
- C:\Windows\System\AHKwAOZ.exe
  C:\Windows\System\AHKwAOZ.exe
  2⤵
  PID:14480
- C:\Windows\System\BtPmGqL.exe
  C:\Windows\System\BtPmGqL.exe
  2⤵
  PID:14500

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AJiQQjB.exe

Filesize
1.8MB

MD5
4a78923ad190be985ce3bae3cec5aeb7

SHA1
9b50ddb83594e8de1371347f634f05dc4dc69377

SHA256
5fe0dd301f72cdfb8a18b3f46233d074e3b7f199694af9effc278fe687f88ba9

SHA512
7645305781906226acd57632d3c207d6ff97a3948e28b3475de82344117f935aff4dc0e1a154154595df57a70cf83c92ea341a11627db6ec6e3deb49a1c10eb0

Download Submit
C:\Windows\System\CCROoFE.exe

Filesize
1.8MB

MD5
3a5260b73477d70512a0b953fda659a4

SHA1
ec27076b613488638a478123671ed516c8daaf05

SHA256
00ab06922a8fece338876630c16683b0dbfb831a66704cfdd01ced6f407bbeec

SHA512
130da5fa15933d47adb8bd44bd4e303343e3876ef081fa448a356fb3592f1c29c916ca6121944f8b5f259b167146ea89f439f3b115a22fb6ea27ee64fedb9a10

Download Submit
C:\Windows\System\DFqPtej.exe

Filesize
1.8MB

MD5
07a3e9694f3eec4a01bd54e14b647b9f

SHA1
7c9ecaa6ad4387f5e83d27fabe98dda01f1e29be

SHA256
24e7c438a313c8308a4f095f4b6465c39b22872b9f7daaae7ccb4c84e8842224

SHA512
76742b2c7ecfe4c0998a4b3d2dc55e4262c36a28f2016e7d03fd3b3d779d9a35a02e2a8dab5597f2de8276c925bfc18e48dcf9d07ae9c996fbc919115e7b4033

Download Submit
C:\Windows\System\EQbMRiC.exe

Filesize
1.8MB

MD5
0b2c3b5e6f199b6d6130df7a91883cfd

SHA1
ba44f7947d85f22f28d999e63ebda5794ed4670d

SHA256
c5aad886f5317375cd56c4ac8c459f715f7d907081fa4d7d9e485c65bcb146d9

SHA512
3c5babaf059b98ead7c2bc5a96ff716e1edcb042250cb8f1128b0171ea0772a354321dd9022ac4376297233cd21a0f3da73ee1a80729181fa6e05c1756211aed

Download Submit
C:\Windows\System\ExZdcsb.exe

Filesize
1.8MB

MD5
773d71b1115ac914576471e73e0eea80

SHA1
5727396fd02981e950064ad09c974ada8ab8ea47

SHA256
88e6885c36171f6dfd6f5b07b25d00e552d9718f00497d70b6fe4ce18007c21a

SHA512
68436ff3b287093c3b29bdbb757179e91644b13bdb4ddcab52a14ac8fed81a108ea2b6b280cd2f4cdbbd71b51ca7a56e16b640c6d0e12c8e808bc46ad0d5d61d

Download Submit
C:\Windows\System\GXNxtpH.exe

Filesize
1.8MB

MD5
f3ed1ea4eb3c0d60f3f2dbbb83af56e5

SHA1
5a71d60d4d6eb58d5621aa037f7c7bc94664bcba

SHA256
b99e4268016ab783fea5f628bba0aafef4d9cde35857f5e49c66630ea1ae64a8

SHA512
c3b527e58c71220be96ef40b3afa21a4425098a8da89e901358d3fc109241f1f74d38b33a2b3aff89277585fadc4634533915326a7067ae2c069b5d267c2cdf9

Download Submit
C:\Windows\System\GxPKYyx.exe

Filesize
1.8MB

MD5
79bc0cd5ccc7605419ea63578c53dd85

SHA1
36d5988a7a00272c9f3911886440255be171b34f

SHA256
276cb4ff2fb832c95e765996e127cdaae86aa841f15651df7f13cbe26c5fad21

SHA512
00177c234a6663856d11035615cf1c1fb36f1dd0b568b91c92dda58cb6ec78cf0d9c0c758f726c5d8871bd27d3e41ea4de69eef56723a99cb37bf9991f61924a

Download Submit
C:\Windows\System\Ijsctjq.exe

Filesize
1.8MB

MD5
7a0c485c1f90c61387da4c91f26365b4

SHA1
197b878b58c2457899bc3290ce0b2f0b6711dd88

SHA256
96244d86070202ba2cddc257b5658866b791a896e806004015e93282d1e153fc

SHA512
9fb4e475717f36bfee636e949f69b17f6bac75f21a49bb6ade5c0b6f3209b35f740abf251e2fa4b650ad528dc5a4480e30dbf455ceca288877da38aae0396f0d

Download Submit
C:\Windows\System\KhJwFRx.exe

Filesize
1.8MB

MD5
53ee58de9acbb40d7d97b0d0a06fbf32

SHA1
1bd572ac8be9c324113e6e0197e4b26d55c8a7a6

SHA256
c4a40981f49847b4eb01dbd3fe422eef80ff51af5505da2ecebe9fca1278bc67

SHA512
9fcffaf42f34f0d138c0fb7a25fb298cd6b6c282393a0e5a718e8b7cc0414b81f15bdf0bbe647ce0dae194ea50f0d130980b0dbdd3664b82a699d99266d51969

Download Submit
C:\Windows\System\MgIJIFH.exe

Filesize
1.8MB

MD5
e0e08409ed638e5bd8cddd1fe07e91bb

SHA1
fbcdeccdd24eb896db51b2797705dee0ea0e93b5

SHA256
455454fbeb6a2947b782b30b24f791e48f81c8c8d12864d579e514b58b3589b4

SHA512
749a2059a5e4986ee42e6daf849b5e73f9eadb13107d46b82afae68312b56e6b0b591934c9a022cf38933a3a6d428608da1072f9b966fafe0254560143bccb03

Download Submit
C:\Windows\System\NiVmlwJ.exe

Filesize
1.8MB

MD5
29446563507c2692df43406fb38d9124

SHA1
76893cf30a221c8dcf16b7bbd0ddcdceeab4e655

SHA256
a6156f5e35f24a02257187736cb7744b26873c38bf101ac12a8f784f72e8b2ec

SHA512
64e91c5ad5aeed056fdcb9c10298b7ff5a5f580949a23f15aa78ce3a1a388bc77945fcd1ea89f79a00c853be0fab8afbe8fcdfa9a8cf9f583b15aa3e43bef8ed

Download Submit
C:\Windows\System\OyWXaGc.exe

Filesize
1.8MB

MD5
c2ffef691dd9f79e26d1d99e6fd6b575

SHA1
cea19a781047a4b280f9afe4e1ba8da4c4c77455

SHA256
3cc78a0effd1069b2858562f6da3d03b55679368dd1d0d93b5441108f69e669a

SHA512
2bfca1d911b03912da276e962e1766182d4a6f8b456f1daea2e8a84ad68456a1c31a4584929031ed6b96caf5ed172f8f5c24afa9ff32347f2f34b38369e28344

Download Submit
C:\Windows\System\PbVZiJG.exe

Filesize
1.8MB

MD5
dc5da329b0dfcd46e128e1f9be6844cd

SHA1
fcd56c8ba3dc6eb53222a7546717f6340ff22dd0

SHA256
775be11b7aec16f3c635f838c2843e74b52f62b067d045fcf11269a77e8a1d5b

SHA512
efb28538e2dfe663a2c08c209b9fd1ea9f4d2dcc4d2d7dd950ef7b45581793342955542f1932c60314756d5ace64e1226e88e5e7aeda4df11b38904fb38cb89e

Download Submit
C:\Windows\System\PkUzAeK.exe

Filesize
1.8MB

MD5
66972f5df18e30b53f0a203958b92c08

SHA1
0f33764a626471f6c192427406599a1e6a85fe7e

SHA256
701c3df4067b185e109a847719afe7a8e434be877556146d289795f6d8c63c5a

SHA512
0a6227d0f43feb5ad08b6ea3a382e855a638a0a988864e21e7e14e31e332005636c757b66f364f3d5d61fbcf472689e5fbab785bcd46076f3278ce345277c007

Download Submit
C:\Windows\System\QeLBecn.exe

Filesize
1.8MB

MD5
19f48adb1d4f4c8ff6fcc3659d51a066

SHA1
cb88a4f5d737596031259dfb24ccf5845f858f90

SHA256
0561381f91800bdba59c8f5415f29aa95a30955eea7dbbb70126c5c41356aecb

SHA512
06e98ffb71e79cf8c0831c6a091d7bd8523cbd6123479a8dfb38b9a18094227089bcbde93b6abff728d1ca8c3520a90d8e9af257a2ad9c9af93c2cdd53c89cab

Download Submit
C:\Windows\System\RwlXjwH.exe

Filesize
1.8MB

MD5
f4df7ba0772040b5b88045ec3743f6db

SHA1
a94e8fb6673ca764b4b0d4e0432e18f9a6874301

SHA256
8ddecf940a0a8e72a079a7e4b1bc7ac2c327c4f8769d27057cecf98d94b48c68

SHA512
c1a21e18455e523fd0d3fb35cf7bd7eee220a1992d583581adf1c249693ce76bbb6345abc077158ff4e9748a400855826bf518f621bead09f3a757f5f58e5b19

Download Submit
C:\Windows\System\TusVBNt.exe

Filesize
1.8MB

MD5
6bfa488a0d542e0b86464d72be00a82f

SHA1
66969177fea895ee0469dd56a7676be643295763

SHA256
2c446c63fb4d7b7b2c2ed07d6841460622b8f211dd8931ea79ecd26cc748a987

SHA512
0ec5d478ab3fe514abf236396901e127abcc66da7ba7d67ed19a6e5a6c0be0dc9f969eec6d65f44f47bd86e23af69c5f41768089fa6d7fcce9b5496e703eeb79

Download Submit
C:\Windows\System\UZamZWx.exe

Filesize
1.8MB

MD5
b65b7897efb820722282a81bc5d214ca

SHA1
f46092ae348b9e2d0c03bf4f6f12dce08d2ceaf5

SHA256
47bbe88f733f8aa2419dd98f63eefc47d79b508eab97ebbea518b54bde022f91

SHA512
7c39cc3bec9ee70a6255d586eb58d1ceda55584bc9c8a2bcbe26b1823ee55a4f31aa50b6adaeff196551cedc93219894bfe162b66311ad2c37e485625c715d0f

Download Submit
C:\Windows\System\WHDQxDt.exe

Filesize
1.8MB

MD5
3e7aa35c9ae5d3e2a65e1c6fb8bcde32

SHA1
19f91935b9ec31915b91806e6f2fb3364a78f98f

SHA256
d92904f1bcff252e0cf4794fad35835aa1dfbeef572ea9521211e3edcbcb8257

SHA512
33bf0a32c768fbf4597fae66b7f6f42750c8e743f55d547168ca59f530c0c451a420173b6e9b47a30cdb29b9cbce29b00b760eac1d6a7f2b4ce6557bf78190a9

Download Submit
C:\Windows\System\XcKPQkn.exe

Filesize
1.8MB

MD5
669863a9e623a27b5505773ca7ee0a4b

SHA1
9fabd8ea4644e6b168f13c8a41880223343a6829

SHA256
d82eccaaaaa20d544e55f22635fe556717c222bee5a8dacac296b0166a07e0b1

SHA512
f92a818c3637ad7d0a8bdd40cbf24091752e7d47cd57e05f7524abf28b8714563689ef08d77b313bd880cecb2eb9c520bbf96472705a83bb419523094c4e0025

Download Submit
C:\Windows\System\XivJjhx.exe

Filesize
1.8MB

MD5
3d05ae7aa756263ae51c17a348deb830

SHA1
4755d89101c22946d45cfb4a9506c1669c7e1e85

SHA256
bbb759a21e14ce1ac01f10ca25da3ba8c6bc77cee438ab4a7dcc06443187c826

SHA512
162a595e51fd4eb9a33c2c44ae1e3b25035554556af2623973043bb65c4c46df2a57fd494491a762afb3ca02af85608562d7cb42918993ab8622baab36b19b28

Download Submit
C:\Windows\System\aGLzkII.exe

Filesize
1.8MB

MD5
3caefe9afa59a1120a324feae0b015fd

SHA1
ba4bb821d2745c116160c220a6220d28dcb8bcf0

SHA256
18d6703319a76ad8d68f35914e24f59fd8c0164c0c4cf4347c6a70ab5a70aba4

SHA512
f4a6668e7a61cac98304908c8c392bed95b9f0bbccae4b22c2cf604eff63d7ba5f7ece3969d4b3dfd5eb110c2428c12e5d5e2ff5006d076f331f8097165fef3f

Download Submit
C:\Windows\System\eUJroHP.exe

Filesize
1.8MB

MD5
3ef2bf31da006905b333d0cd1518b3c6

SHA1
dcf98d90ef0f2d8ac4d478dbe1c067566b447ca6

SHA256
9237b36cb50d81f2f870a19e413a9a394dff156313579bc7e7a43f5e08180ee2

SHA512
96e96ad620b408ce658d1b58cc15b7d77705ea166bb02be809a38509e56c37c12eea09a7c9fbd25cc70c3b1b74a5cf84053b5316dfdfd7b89bad59f2c06f4441

Download Submit
C:\Windows\System\eYSSTTD.exe

Filesize
1.8MB

MD5
17840245aef18405312e80856468f9fe

SHA1
377a77deb53e2a2fe1473c41eef497d3a7512299

SHA256
80f5815147ee6e0072dda193d515119c415b6a07b9d314069a81fe199e3bc024

SHA512
e5dca1fc26af213f41d543925834f5f79d79478021c09fc50022d365649fbc93bbf7e21d78a843e7374665e38db6cc57998f93103a72378c229ea53561b967ae

Download Submit
C:\Windows\System\gDbAedW.exe

Filesize
1.8MB

MD5
3921c05ffc4f0d4c8f0d4a575b72a7f0

SHA1
785cf96dd5432e0fe10827b8e6fbe875faef9345

SHA256
00b7faa65b307ba9c6c1c2de034b23954ebd60f7df3d0b04941c3ff6bd475bc5

SHA512
4371cc68491de099a62c2ea23cd013f9c9eb5c4c76f6ce8c82020286bcf7ba93e868456b9a517549dd8ab5c6bb1efe0473e2afc992a1971b1b4cb28782a0c4b6

Download Submit
C:\Windows\System\gcyOHQG.exe

Filesize
1.8MB

MD5
051aca0374ef5e6c9689ff1b34c9be48

SHA1
c8ac1ef3ba55bd03a4978fe4e4caa9a1fc4f05fe

SHA256
b169f8f7a90a7d135adb3010028c7f77f3bf9a7c790f7273e9ee484f9a09ccdb

SHA512
36777f5300f8660ea8ca19115c86ecf77745624f6740fa5c56780cc7c047fdf17830cff4ef8b3b5bfdd09ee8efb93e58ef123e552ff127ea3e4da86c58e57b3c

Download Submit
C:\Windows\System\iTCopnL.exe

Filesize
1.8MB

MD5
46fa2c4d2e89d36a2442e0951fb1c0ec

SHA1
422c0421bc32085ed0794b33be8f85ca060d3c7d

SHA256
9bb50100a8226f025df740afb682b8da6d377b36ff4c1851691088c96b8557cb

SHA512
0e8223f9a5b505526bfe3c879f26c30fbe06b0a118eeefd33e371d12cf4f234077eb5ff9899262e776414e21ee5c9568b0ac1cadffc9bf63c4fe95a7930e06c0

Download Submit
C:\Windows\System\kHsDXeE.exe

Filesize
1.8MB

MD5
8ae222e3e697e87a8b2346c1e652d8f4

SHA1
0a4573421b0270d9191f6e3503b651bfddd7a71f

SHA256
a99649a3a10bc2cda7fab5b6711964edc1db9cd9a8e8f674125fb14afd02d638

SHA512
a5df7806d606f3ee8d1e1972efe2cb9d8ba2feab591902c848250438b8b8c1959b1c3ca53d057d4d61a8ff2b4bec3c71eccea7fc825018f270dd5d325ea98e19

Download Submit
C:\Windows\System\kbSytRn.exe

Filesize
1.8MB

MD5
2f8d8514115db52956ffaef16fb6f72a

SHA1
aeb443bcaadb2f5db450cebb01f734f9dfda4be0

SHA256
0a7b468f3a537381a311bcb4d5c8a7ebe8a5c294c17d2549ed3d71fb23be4e03

SHA512
42ff92c9a932d354c2a0ab2e56c352e766dff9c19e2279c48772976576d1c53c59a437bf12fd4599997c86fe09dca3e68ee44c171887fdd98f0b77c0e3e1e84d

Download Submit
C:\Windows\System\kjeAutZ.exe

Filesize
1.8MB

MD5
67f5d86f3fcc2bed653ab5c0f7e28a13

SHA1
52d7e5e975d9bddb067c0c81cca5136bc7e8781e

SHA256
ff198e233db83897f4b98bbe4c6d78996ee2fcbd4ccdead5d9a47e2cc967f501

SHA512
193e217d9d530112e7c26294cfef32b7a3398c785ba1903c36f377eb95efbc684778e5fb1a750616aa68e9e3e7d46e3fe8f6c60693e87259b94e7e50e07b811a

Download Submit
C:\Windows\System\kpSRZrG.exe

Filesize
1.8MB

MD5
98d96a316bb9c98d77575961a1b94d70

SHA1
3a46197266b47cef8f1ee761135b92b9b8dc9931

SHA256
a59178d05a5367cb24757beedd5ab131f22cb0623fe1f7c8cd5c401da84630f1

SHA512
d9985dfb31261f955c4b8fc83f418a8a91735f51b146b3f3ab378af7a97776e55ea1f28210f396df4aab090dc47a3fe377531872ff8e56d295e13f48e77e45b4

Download Submit
C:\Windows\System\qcMbrOC.exe

Filesize
1.8MB

MD5
ed012ba35f4823563b4b621ba39d848c

SHA1
78ac1f977fd632b71cf2b445b8194ceecbfaf719

SHA256
5c047a9cccb2d70de7cfaf90d9a85ab72e843b3eec5ee46da0f09d234558f7e2

SHA512
6031e4d4e530baecee125dccee05bdf8dc1827dfef77ad1e99cce0eb7cb8d19bd9d017f7bad062814e48831b0dc59ad6e4ea24c632e6d6044813a6166e52f3c8

Download Submit
C:\Windows\System\tOaMKIe.exe

Filesize
1.8MB

MD5
46464c4b5246e4aec6d1a31953284eb0

SHA1
930765f4dba5ff183d3fe0d318549c68fd92dd94

SHA256
7280a4dbe9fe96100859f3952352959ae516374d96f2838990fcc598b274669c

SHA512
334e12cd93f03400e1841e1dd1c13e5b2e2ed6cd9519044edb3f011adb937adc32adf8e3b171d0482b2d6ca80a139f69fc0e18ac9c12198f8d7af2806741ae0a

Download Submit
C:\Windows\System\tpGAKmY.exe

Filesize
1.8MB

MD5
1e28986682c2cd2f660a561856d4fcb7

SHA1
2bd846ea211146b25bf5bca2b8e46a513980e99a

SHA256
972eae86f35775b1c22c2d71ccdf2558be5e3bd947e6afa770439fce99e611e9

SHA512
7dc3cde4937a3fcd98fce579b61f32c89cf8fa1e1aaac37ad87f2260500287fb90b05a88d9f6f7cfe500374641f3b0ec0e39b6efac0c6362a753c8258b8d6046

Download Submit
C:\Windows\System\vGKmlcn.exe

Filesize
1.8MB

MD5
257fff2f8197fb94abdf99cc4c125e3c

SHA1
6a33fa5dece29ba2516504622e536d6a664f7279

SHA256
a11adcefda7d67e03a59b5dad5a6829a87cf78c02f6c685ec6ae8a70fd561839

SHA512
d0e1e7b8aa25b056119eace2262fdf26ddf4f26d38e09a4cc124841085ed613e567797848ad1539526782363fa3ec5e23c507c607d849e9bf12a4bd855793750

Download Submit
C:\Windows\System\xQJLOKm.exe

Filesize
1.8MB

MD5
d5961ebfb46b324aa254baf24a8b1f28

SHA1
94280e5e866e0b4c31273430f541dabce2f7b793

SHA256
29bda46698cce05463764c2202ad8487dcbc3cd269e14812188be8217e53c01d

SHA512
8aacee06d030b562f8d2b25bd843a9ada34127c5d7a20110df51fa210f61d90dcb065c2a463d40d39b4cd3529197a5ceb76f4b42f12320231906c6f16919e43d

Download Submit
C:\Windows\System\zbudjbD.exe

Filesize
1.8MB

MD5
4ed6c448e5bfd2b39eeb07f73c5093d1

SHA1
a468fda82d8a82c3b4eca7776f5df73a00453f27

SHA256
f71f567b4e063f1ed34f2a9cb7349925568bf069b635c6a390942b718d48835f

SHA512
1443df299af41d6988fec42531e16b3edbdf7bd7f16b96d6390aa9a87e15d5a9cacc6cabde010d3e4abef64e1b24b299390d0a2d07c1d09423ce4f49d06a7212

Download Submit
memory/252-2170-0x00007FF7E46E0000-0x00007FF7E4A31000-memory.dmp

Filesize
3.3MB

Download
memory/252-2103-0x00007FF7E46E0000-0x00007FF7E4A31000-memory.dmp

Filesize
3.3MB

Download
memory/252-34-0x00007FF7E46E0000-0x00007FF7E4A31000-memory.dmp

Filesize
3.3MB

Download
memory/328-2252-0x00007FF6A62B0000-0x00007FF6A6601000-memory.dmp

Filesize
3.3MB

Download
memory/328-1129-0x00007FF6A62B0000-0x00007FF6A6601000-memory.dmp

Filesize
3.3MB

Download
memory/356-957-0x00007FF70FCB0000-0x00007FF710001000-memory.dmp

Filesize
3.3MB

Download
memory/356-2202-0x00007FF70FCB0000-0x00007FF710001000-memory.dmp

Filesize
3.3MB

Download
memory/872-2174-0x00007FF6CBCC0000-0x00007FF6CC011000-memory.dmp

Filesize
3.3MB

Download
memory/872-2102-0x00007FF6CBCC0000-0x00007FF6CC011000-memory.dmp

Filesize
3.3MB

Download
memory/872-66-0x00007FF6CBCC0000-0x00007FF6CC011000-memory.dmp

Filesize
3.3MB

Download
memory/880-2207-0x00007FF757410000-0x00007FF757761000-memory.dmp

Filesize
3.3MB

Download
memory/880-222-0x00007FF757410000-0x00007FF757761000-memory.dmp

Filesize
3.3MB

Download
memory/1052-864-0x00007FF615500000-0x00007FF615851000-memory.dmp

Filesize
3.3MB

Download
memory/1052-2225-0x00007FF615500000-0x00007FF615851000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2176-0x00007FF735C50000-0x00007FF735FA1000-memory.dmp

Filesize
3.3MB

Download
memory/1484-115-0x00007FF735C50000-0x00007FF735FA1000-memory.dmp

Filesize
3.3MB

Download
memory/1496-58-0x00007FF6F5150000-0x00007FF6F54A1000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2101-0x00007FF6F5150000-0x00007FF6F54A1000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2172-0x00007FF6F5150000-0x00007FF6F54A1000-memory.dmp

Filesize
3.3MB

Download
memory/1604-191-0x00007FF7CFD40000-0x00007FF7D0091000-memory.dmp

Filesize
3.3MB

Download
memory/1604-2204-0x00007FF7CFD40000-0x00007FF7D0091000-memory.dmp

Filesize
3.3MB

Download
memory/2008-567-0x00007FF6E6FF0000-0x00007FF6E7341000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2266-0x00007FF6E6FF0000-0x00007FF6E7341000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2099-0x00007FF61AC80000-0x00007FF61AFD1000-memory.dmp

Filesize
3.3MB

Download
memory/2248-8-0x00007FF61AC80000-0x00007FF61AFD1000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2164-0x00007FF61AC80000-0x00007FF61AFD1000-memory.dmp

Filesize
3.3MB

Download
memory/2780-460-0x00007FF7DBC40000-0x00007FF7DBF91000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2264-0x00007FF7DBC40000-0x00007FF7DBF91000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1127-0x00007FF711A50000-0x00007FF711DA1000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2218-0x00007FF711A50000-0x00007FF711DA1000-memory.dmp

Filesize
3.3MB

Download
memory/3088-2223-0x00007FF66DE00000-0x00007FF66E151000-memory.dmp

Filesize
3.3MB

Download
memory/3088-305-0x00007FF66DE00000-0x00007FF66E151000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2180-0x00007FF6B38F0000-0x00007FF6B3C41000-memory.dmp

Filesize
3.3MB

Download
memory/3204-954-0x00007FF6B38F0000-0x00007FF6B3C41000-memory.dmp

Filesize
3.3MB

Download
memory/3288-286-0x00007FF6B5730000-0x00007FF6B5A81000-memory.dmp

Filesize
3.3MB

Download
memory/3288-2208-0x00007FF6B5730000-0x00007FF6B5A81000-memory.dmp

Filesize
3.3MB

Download
memory/3336-688-0x00007FF600AE0000-0x00007FF600E31000-memory.dmp

Filesize
3.3MB

Download
memory/3336-2262-0x00007FF600AE0000-0x00007FF600E31000-memory.dmp

Filesize
3.3MB

Download
memory/3520-412-0x00007FF7A8230000-0x00007FF7A8581000-memory.dmp

Filesize
3.3MB

Download
memory/3520-2221-0x00007FF7A8230000-0x00007FF7A8581000-memory.dmp

Filesize
3.3MB

Download
memory/3736-0-0x00007FF7F6CE0000-0x00007FF7F7031000-memory.dmp

Filesize
3.3MB

Download
memory/3736-1-0x000001F74E2D0000-0x000001F74E2E0000-memory.dmp

Filesize
64KB

Download
memory/3736-2064-0x00007FF7F6CE0000-0x00007FF7F7031000-memory.dmp

Filesize
3.3MB

Download
memory/3740-566-0x00007FF7E1AA0000-0x00007FF7E1DF1000-memory.dmp

Filesize
3.3MB

Download
memory/3740-2219-0x00007FF7E1AA0000-0x00007FF7E1DF1000-memory.dmp

Filesize
3.3MB

Download
memory/3748-950-0x00007FF6C9EE0000-0x00007FF6CA231000-memory.dmp

Filesize
3.3MB

Download
memory/3748-2166-0x00007FF6C9EE0000-0x00007FF6CA231000-memory.dmp

Filesize
3.3MB

Download
memory/3940-2200-0x00007FF65A4E0000-0x00007FF65A831000-memory.dmp

Filesize
3.3MB

Download
memory/3940-150-0x00007FF65A4E0000-0x00007FF65A831000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2178-0x00007FF73A760000-0x00007FF73AAB1000-memory.dmp

Filesize
3.3MB

Download
memory/4088-92-0x00007FF73A760000-0x00007FF73AAB1000-memory.dmp

Filesize
3.3MB

Download
memory/4108-30-0x00007FF786010000-0x00007FF786361000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2100-0x00007FF786010000-0x00007FF786361000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2168-0x00007FF786010000-0x00007FF786361000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2250-0x00007FF6F0690000-0x00007FF6F09E1000-memory.dmp

Filesize
3.3MB

Download
memory/4628-369-0x00007FF6F0690000-0x00007FF6F09E1000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2214-0x00007FF79FBE0000-0x00007FF79FF31000-memory.dmp

Filesize
3.3MB

Download
memory/4736-694-0x00007FF79FBE0000-0x00007FF79FF31000-memory.dmp

Filesize
3.3MB

Download
memory/4792-368-0x00007FF7B02D0000-0x00007FF7B0621000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2212-0x00007FF7B02D0000-0x00007FF7B0621000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2268-0x00007FF68B540000-0x00007FF68B891000-memory.dmp

Filesize
3.3MB

Download
memory/5060-621-0x00007FF68B540000-0x00007FF68B891000-memory.dmp

Filesize
3.3MB

Download
memory/5096-304-0x00007FF630BC0000-0x00007FF630F11000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2210-0x00007FF630BC0000-0x00007FF630F11000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2182-0x00007FF730700000-0x00007FF730A51000-memory.dmp

Filesize
3.3MB

Download
memory/5112-188-0x00007FF730700000-0x00007FF730A51000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads