xmrig | 7c7a8cc73bcb8aa01fcc04feb5799ab114d42b65ed8db90547e43b7ed1f6d4c8

Analysis

max time kernel
108s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0675a870b9fcfc32e221a8345bf5dc0N.exe
Size

1.7MB
MD5

d0675a870b9fcfc32e221a8345bf5dc0
SHA1

f11a8c354d2cdeda0612dba83ff1f7ec6380dbe8
SHA256

7c7a8cc73bcb8aa01fcc04feb5799ab114d42b65ed8db90547e43b7ed1f6d4c8
SHA512

60d1eaf61219baae3d156d06641a9027b765a8864488d576247ebe7759592cb859a7d349e5722a87781e0722a6e9a5ba26d507c90854389cf0db129edadc2a1e
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727ZvhwJWe9pYJh5MHHRDQxgSvyH0n+dzBCfV9kvJY1f:ROdWCCi7/rahoyBcIKH0kgcM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/1948-44-0x00007FF641970000-0x00007FF641CC1000-memory.dmp	xmrig
behavioral2/memory/3356-597-0x00007FF632BF0000-0x00007FF632F41000-memory.dmp	xmrig
behavioral2/memory/2336-667-0x00007FF674C80000-0x00007FF674FD1000-memory.dmp	xmrig
behavioral2/memory/3476-618-0x00007FF7CBC70000-0x00007FF7CBFC1000-memory.dmp	xmrig
behavioral2/memory/3692-1077-0x00007FF7DD510000-0x00007FF7DD861000-memory.dmp	xmrig
behavioral2/memory/2032-1285-0x00007FF67EEA0000-0x00007FF67F1F1000-memory.dmp	xmrig
behavioral2/memory/3160-1211-0x00007FF612620000-0x00007FF612971000-memory.dmp	xmrig
behavioral2/memory/4908-979-0x00007FF6F3570000-0x00007FF6F38C1000-memory.dmp	xmrig
behavioral2/memory/488-885-0x00007FF6A9590000-0x00007FF6A98E1000-memory.dmp	xmrig
behavioral2/memory/2704-799-0x00007FF6F5120000-0x00007FF6F5471000-memory.dmp	xmrig
behavioral2/memory/3888-795-0x00007FF78AD50000-0x00007FF78B0A1000-memory.dmp	xmrig
behavioral2/memory/3036-718-0x00007FF6E3770000-0x00007FF6E3AC1000-memory.dmp	xmrig
behavioral2/memory/2256-664-0x00007FF670560000-0x00007FF6708B1000-memory.dmp	xmrig
behavioral2/memory/2976-593-0x00007FF7D0740000-0x00007FF7D0A91000-memory.dmp	xmrig
behavioral2/memory/2556-565-0x00007FF6637F0000-0x00007FF663B41000-memory.dmp	xmrig
behavioral2/memory/4724-537-0x00007FF743100000-0x00007FF743451000-memory.dmp	xmrig
behavioral2/memory/716-541-0x00007FF713A80000-0x00007FF713DD1000-memory.dmp	xmrig
behavioral2/memory/4156-528-0x00007FF7C8AB0000-0x00007FF7C8E01000-memory.dmp	xmrig
behavioral2/memory/1464-519-0x00007FF747130000-0x00007FF747481000-memory.dmp	xmrig
behavioral2/memory/4336-516-0x00007FF7D21E0000-0x00007FF7D2531000-memory.dmp	xmrig
behavioral2/memory/2700-61-0x00007FF7F3E70000-0x00007FF7F41C1000-memory.dmp	xmrig
behavioral2/memory/2328-41-0x00007FF781670000-0x00007FF7819C1000-memory.dmp	xmrig
behavioral2/memory/4496-1877-0x00007FF747110000-0x00007FF747461000-memory.dmp	xmrig
behavioral2/memory/4192-1884-0x00007FF759C30000-0x00007FF759F81000-memory.dmp	xmrig
behavioral2/memory/1416-1881-0x00007FF74FBD0000-0x00007FF74FF21000-memory.dmp	xmrig
behavioral2/memory/3984-1874-0x00007FF7FA060000-0x00007FF7FA3B1000-memory.dmp	xmrig
behavioral2/memory/2328-1943-0x00007FF781670000-0x00007FF7819C1000-memory.dmp	xmrig
behavioral2/memory/2292-2079-0x00007FF670B10000-0x00007FF670E61000-memory.dmp	xmrig
behavioral2/memory/2212-2083-0x00007FF7BDCA0000-0x00007FF7BDFF1000-memory.dmp	xmrig
behavioral2/memory/4140-2081-0x00007FF68D870000-0x00007FF68DBC1000-memory.dmp	xmrig
behavioral2/memory/4496-2347-0x00007FF747110000-0x00007FF747461000-memory.dmp	xmrig
behavioral2/memory/4192-2350-0x00007FF759C30000-0x00007FF759F81000-memory.dmp	xmrig
behavioral2/memory/1948-2353-0x00007FF641970000-0x00007FF641CC1000-memory.dmp	xmrig
behavioral2/memory/2328-2355-0x00007FF781670000-0x00007FF7819C1000-memory.dmp	xmrig
behavioral2/memory/1416-2351-0x00007FF74FBD0000-0x00007FF74FF21000-memory.dmp	xmrig
behavioral2/memory/2032-2391-0x00007FF67EEA0000-0x00007FF67F1F1000-memory.dmp	xmrig
behavioral2/memory/4140-2383-0x00007FF68D870000-0x00007FF68DBC1000-memory.dmp	xmrig
behavioral2/memory/716-2401-0x00007FF713A80000-0x00007FF713DD1000-memory.dmp	xmrig
behavioral2/memory/2256-2415-0x00007FF670560000-0x00007FF6708B1000-memory.dmp	xmrig
behavioral2/memory/2704-2421-0x00007FF6F5120000-0x00007FF6F5471000-memory.dmp	xmrig
behavioral2/memory/3692-2425-0x00007FF7DD510000-0x00007FF7DD861000-memory.dmp	xmrig
behavioral2/memory/3160-2427-0x00007FF612620000-0x00007FF612971000-memory.dmp	xmrig
behavioral2/memory/4908-2423-0x00007FF6F3570000-0x00007FF6F38C1000-memory.dmp	xmrig
behavioral2/memory/3888-2417-0x00007FF78AD50000-0x00007FF78B0A1000-memory.dmp	xmrig
behavioral2/memory/3476-2413-0x00007FF7CBC70000-0x00007FF7CBFC1000-memory.dmp	xmrig
behavioral2/memory/3356-2411-0x00007FF632BF0000-0x00007FF632F41000-memory.dmp	xmrig
behavioral2/memory/2336-2409-0x00007FF674C80000-0x00007FF674FD1000-memory.dmp	xmrig
behavioral2/memory/2976-2407-0x00007FF7D0740000-0x00007FF7D0A91000-memory.dmp	xmrig
behavioral2/memory/3036-2405-0x00007FF6E3770000-0x00007FF6E3AC1000-memory.dmp	xmrig
behavioral2/memory/488-2419-0x00007FF6A9590000-0x00007FF6A98E1000-memory.dmp	xmrig
behavioral2/memory/2556-2403-0x00007FF6637F0000-0x00007FF663B41000-memory.dmp	xmrig
behavioral2/memory/4156-2399-0x00007FF7C8AB0000-0x00007FF7C8E01000-memory.dmp	xmrig
behavioral2/memory/4336-2397-0x00007FF7D21E0000-0x00007FF7D2531000-memory.dmp	xmrig
behavioral2/memory/1464-2395-0x00007FF747130000-0x00007FF747481000-memory.dmp	xmrig
behavioral2/memory/116-2389-0x00007FF621B10000-0x00007FF621E61000-memory.dmp	xmrig
behavioral2/memory/2212-2387-0x00007FF7BDCA0000-0x00007FF7BDFF1000-memory.dmp	xmrig
behavioral2/memory/2292-2385-0x00007FF670B10000-0x00007FF670E61000-memory.dmp	xmrig
behavioral2/memory/2700-2382-0x00007FF7F3E70000-0x00007FF7F41C1000-memory.dmp	xmrig
behavioral2/memory/4724-2393-0x00007FF743100000-0x00007FF743451000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4496	WUBuFgP.exe
2328	yWNcQlc.exe
1416	JofCtCd.exe
1948	wwpEzue.exe
4192	pjanfpO.exe
2292	pROvqhR.exe
2212	XqiGhOj.exe
2700	FwWTHXx.exe
4140	WsCYZeu.exe
116	aiymeny.exe
2032	LkWPUok.exe
4336	zuJEzKm.exe
1464	YQMzGzJ.exe
4156	ZGfxCxV.exe
4724	JdoQwqT.exe
716	XUoCVUy.exe
2556	GAzcCnT.exe
2976	xCVxyRN.exe
3356	jBcnXUh.exe
3476	LugsGIF.exe
2256	McVEXOo.exe
2336	qGVkeiT.exe
3036	rKkMZLv.exe
3888	ZTMgPPm.exe
2704	mQWHzVW.exe
488	hSpKVlW.exe
4908	hovtmUv.exe
3692	JAVbfXm.exe
3160	dlAkOAl.exe
3780	LvjhzXJ.exe
2036	MZNBigP.exe
4556	KJCFLTf.exe
1572	IcivzVa.exe
4512	vhvzLaN.exe
2352	fcusPCP.exe
2536	ubyYrBH.exe
3204	TtFBLlT.exe
1672	faHzQgf.exe
2840	GWbLmkG.exe
3256	oAqBtHm.exe
4888	XebfDOh.exe
3576	uQjPWiO.exe
1180	NdLxIzA.exe
3648	BAIHnZR.exe
1200	uXcaGKd.exe
3108	COvSPhO.exe
3940	QPGRsMF.exe
1656	RcDSYKr.exe
4444	MHZIHwR.exe
648	VWsgTBl.exe
3248	MHyJcsj.exe
4772	VAXIStt.exe
3684	Vssecej.exe
4984	DRbrPyb.exe
3352	DOuFbYx.exe
1696	IaRSpjA.exe
4404	mhFbtKV.exe
3832	udqDtYS.exe
4292	sqVMhvv.exe
780	cpKtYvi.exe
4836	hKdGnek.exe
4532	goEjPxY.exe
60	eWDBFnW.exe
4880	JyjaWxT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3984-0-0x00007FF7FA060000-0x00007FF7FA3B1000-memory.dmp	upx
behavioral2/files/0x00080000000234bd-5.dat	upx
behavioral2/files/0x00070000000234c4-8.dat	upx
behavioral2/memory/4496-14-0x00007FF747110000-0x00007FF747461000-memory.dmp	upx
behavioral2/files/0x00080000000234c0-21.dat	upx
behavioral2/files/0x00070000000234c7-32.dat	upx
behavioral2/memory/1948-44-0x00007FF641970000-0x00007FF641CC1000-memory.dmp	upx
behavioral2/files/0x00070000000234cc-71.dat	upx
behavioral2/files/0x00070000000234d2-93.dat	upx
behavioral2/files/0x00070000000234d5-116.dat	upx
behavioral2/files/0x00070000000234d8-131.dat	upx
behavioral2/files/0x00070000000234dc-143.dat	upx
behavioral2/memory/3356-597-0x00007FF632BF0000-0x00007FF632F41000-memory.dmp	upx
behavioral2/memory/2336-667-0x00007FF674C80000-0x00007FF674FD1000-memory.dmp	upx
behavioral2/memory/3476-618-0x00007FF7CBC70000-0x00007FF7CBFC1000-memory.dmp	upx
behavioral2/memory/3692-1077-0x00007FF7DD510000-0x00007FF7DD861000-memory.dmp	upx
behavioral2/memory/2032-1285-0x00007FF67EEA0000-0x00007FF67F1F1000-memory.dmp	upx
behavioral2/memory/3160-1211-0x00007FF612620000-0x00007FF612971000-memory.dmp	upx
behavioral2/memory/4908-979-0x00007FF6F3570000-0x00007FF6F38C1000-memory.dmp	upx
behavioral2/memory/488-885-0x00007FF6A9590000-0x00007FF6A98E1000-memory.dmp	upx
behavioral2/memory/2704-799-0x00007FF6F5120000-0x00007FF6F5471000-memory.dmp	upx
behavioral2/memory/3888-795-0x00007FF78AD50000-0x00007FF78B0A1000-memory.dmp	upx
behavioral2/memory/3036-718-0x00007FF6E3770000-0x00007FF6E3AC1000-memory.dmp	upx
behavioral2/memory/2256-664-0x00007FF670560000-0x00007FF6708B1000-memory.dmp	upx
behavioral2/memory/2976-593-0x00007FF7D0740000-0x00007FF7D0A91000-memory.dmp	upx
behavioral2/memory/2556-565-0x00007FF6637F0000-0x00007FF663B41000-memory.dmp	upx
behavioral2/memory/4724-537-0x00007FF743100000-0x00007FF743451000-memory.dmp	upx
behavioral2/memory/716-541-0x00007FF713A80000-0x00007FF713DD1000-memory.dmp	upx
behavioral2/memory/4156-528-0x00007FF7C8AB0000-0x00007FF7C8E01000-memory.dmp	upx
behavioral2/memory/1464-519-0x00007FF747130000-0x00007FF747481000-memory.dmp	upx
behavioral2/memory/4336-516-0x00007FF7D21E0000-0x00007FF7D2531000-memory.dmp	upx
behavioral2/files/0x00070000000234e2-173.dat	upx
behavioral2/files/0x00070000000234e0-171.dat	upx
behavioral2/files/0x00070000000234e1-168.dat	upx
behavioral2/files/0x00070000000234df-166.dat	upx
behavioral2/files/0x00070000000234de-161.dat	upx
behavioral2/files/0x00070000000234dd-156.dat	upx
behavioral2/files/0x00070000000234db-146.dat	upx
behavioral2/files/0x00070000000234da-141.dat	upx
behavioral2/files/0x00070000000234d9-136.dat	upx
behavioral2/files/0x00070000000234d7-126.dat	upx
behavioral2/files/0x00070000000234d6-121.dat	upx
behavioral2/files/0x00070000000234d4-111.dat	upx
behavioral2/files/0x00070000000234d3-106.dat	upx
behavioral2/files/0x00070000000234d1-96.dat	upx
behavioral2/files/0x00070000000234d0-91.dat	upx
behavioral2/files/0x00070000000234cf-86.dat	upx
behavioral2/files/0x00070000000234ce-81.dat	upx
behavioral2/files/0x00070000000234cd-76.dat	upx
behavioral2/files/0x00070000000234cb-69.dat	upx
behavioral2/memory/116-65-0x00007FF621B10000-0x00007FF621E61000-memory.dmp	upx
behavioral2/memory/2700-61-0x00007FF7F3E70000-0x00007FF7F41C1000-memory.dmp	upx
behavioral2/memory/2212-60-0x00007FF7BDCA0000-0x00007FF7BDFF1000-memory.dmp	upx
behavioral2/files/0x00070000000234ca-57.dat	upx
behavioral2/files/0x00070000000234c8-55.dat	upx
behavioral2/memory/4140-51-0x00007FF68D870000-0x00007FF68DBC1000-memory.dmp	upx
behavioral2/files/0x00070000000234c9-49.dat	upx
behavioral2/memory/2292-45-0x00007FF670B10000-0x00007FF670E61000-memory.dmp	upx
behavioral2/memory/2328-41-0x00007FF781670000-0x00007FF7819C1000-memory.dmp	upx
behavioral2/memory/4192-35-0x00007FF759C30000-0x00007FF759F81000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-29.dat	upx
behavioral2/files/0x00070000000234c5-24.dat	upx
behavioral2/memory/1416-23-0x00007FF74FBD0000-0x00007FF74FF21000-memory.dmp	upx
behavioral2/memory/4496-1877-0x00007FF747110000-0x00007FF747461000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\whPGQLq.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\niNEgjq.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\MZmXzod.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\ZOMMrGg.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\uYZpRHv.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\pGlidIb.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\wBlxabP.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\IKUAwJF.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\xPTKYvn.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\xEQgBzc.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\YRVLcwj.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\qXyUxnZ.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\XxuZkYZ.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\ZsLPpCv.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\vdJmtRE.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\fcusPCP.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\TCGmMXJ.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\prCQqhg.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\XeuiOJj.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\aXNnnWp.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\NIyiNvj.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\SpEvAFD.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\zXDpqLo.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\YRaMhqo.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\JcCVzwD.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\ydMezKP.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\hKdGnek.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\QzMQHjX.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\ZcRqWMX.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\JiFUpRR.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\OjhGoNd.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\gZDzbFw.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\LiJCYFS.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\pjanfpO.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\lWwiAbv.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\xOyMzYB.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\SeriNSA.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\WUBuFgP.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\vkiLibC.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\jiwBzMq.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\dcOhAwg.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\NHBCZnT.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\TCmtaHL.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\QctfuCL.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\JnKJgWR.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\pltNSkS.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\YUmAYfK.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\DdQkccn.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\kgvHKdL.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\HbCFYvE.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\hovtmUv.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\idgnUBP.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\TsMVSzK.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\dNOkIOC.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\lkPgCPP.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\utDyXRl.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\uIoTIZo.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\yzWbxUn.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\YQMzGzJ.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\beVDMPr.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\IPWdJhL.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\JpXlBpZ.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\knuDpCu.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe
File created	C:\Windows\System\RzdzDAP.exe	d0675a870b9fcfc32e221a8345bf5dc0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15036	dwm.exe
Token: SeChangeNotifyPrivilege	15036	dwm.exe
Token: 33	15036	dwm.exe
Token: SeIncBasePriorityPrivilege	15036	dwm.exe
Token: SeShutdownPrivilege	15036	dwm.exe
Token: SeCreatePagefilePrivilege	15036	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 4496	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	85
PID 3984 wrote to memory of 4496	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	85
PID 3984 wrote to memory of 2328	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	86
PID 3984 wrote to memory of 2328	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	86
PID 3984 wrote to memory of 1416	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	87
PID 3984 wrote to memory of 1416	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	87
PID 3984 wrote to memory of 1948	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	88
PID 3984 wrote to memory of 1948	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	88
PID 3984 wrote to memory of 4192	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	89
PID 3984 wrote to memory of 4192	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	89
PID 3984 wrote to memory of 2292	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	90
PID 3984 wrote to memory of 2292	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	90
PID 3984 wrote to memory of 2700	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	91
PID 3984 wrote to memory of 2700	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	91
PID 3984 wrote to memory of 2212	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	92
PID 3984 wrote to memory of 2212	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	92
PID 3984 wrote to memory of 4140	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	93
PID 3984 wrote to memory of 4140	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	93
PID 3984 wrote to memory of 116	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	94
PID 3984 wrote to memory of 116	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	94
PID 3984 wrote to memory of 2032	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	95
PID 3984 wrote to memory of 2032	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	95
PID 3984 wrote to memory of 4336	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	96
PID 3984 wrote to memory of 4336	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	96
PID 3984 wrote to memory of 1464	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	97
PID 3984 wrote to memory of 1464	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	97
PID 3984 wrote to memory of 4156	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	98
PID 3984 wrote to memory of 4156	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	98
PID 3984 wrote to memory of 4724	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	99
PID 3984 wrote to memory of 4724	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	99
PID 3984 wrote to memory of 716	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	100
PID 3984 wrote to memory of 716	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	100
PID 3984 wrote to memory of 2556	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	101
PID 3984 wrote to memory of 2556	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	101
PID 3984 wrote to memory of 2976	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	102
PID 3984 wrote to memory of 2976	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	102
PID 3984 wrote to memory of 3356	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	103
PID 3984 wrote to memory of 3356	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	103
PID 3984 wrote to memory of 3476	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	104
PID 3984 wrote to memory of 3476	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	104
PID 3984 wrote to memory of 2256	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	105
PID 3984 wrote to memory of 2256	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	105
PID 3984 wrote to memory of 2336	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	106
PID 3984 wrote to memory of 2336	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	106
PID 3984 wrote to memory of 3036	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	107
PID 3984 wrote to memory of 3036	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	107
PID 3984 wrote to memory of 3888	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	108
PID 3984 wrote to memory of 3888	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	108
PID 3984 wrote to memory of 2704	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	109
PID 3984 wrote to memory of 2704	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	109
PID 3984 wrote to memory of 488	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	110
PID 3984 wrote to memory of 488	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	110
PID 3984 wrote to memory of 4908	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	111
PID 3984 wrote to memory of 4908	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	111
PID 3984 wrote to memory of 3692	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	112
PID 3984 wrote to memory of 3692	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	112
PID 3984 wrote to memory of 3160	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	113
PID 3984 wrote to memory of 3160	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	113
PID 3984 wrote to memory of 3780	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	114
PID 3984 wrote to memory of 3780	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	114
PID 3984 wrote to memory of 2036	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	115
PID 3984 wrote to memory of 2036	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	115
PID 3984 wrote to memory of 4556	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	116
PID 3984 wrote to memory of 4556	3984	d0675a870b9fcfc32e221a8345bf5dc0N.exe	116

C:\Users\Admin\AppData\Local\Temp\d0675a870b9fcfc32e221a8345bf5dc0N.exe
"C:\Users\Admin\AppData\Local\Temp\d0675a870b9fcfc32e221a8345bf5dc0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Windows\System\WUBuFgP.exe
  C:\Windows\System\WUBuFgP.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\yWNcQlc.exe
  C:\Windows\System\yWNcQlc.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\JofCtCd.exe
  C:\Windows\System\JofCtCd.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\wwpEzue.exe
  C:\Windows\System\wwpEzue.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\pjanfpO.exe
  C:\Windows\System\pjanfpO.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\pROvqhR.exe
  C:\Windows\System\pROvqhR.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\FwWTHXx.exe
  C:\Windows\System\FwWTHXx.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\XqiGhOj.exe
  C:\Windows\System\XqiGhOj.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\WsCYZeu.exe
  C:\Windows\System\WsCYZeu.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\aiymeny.exe
  C:\Windows\System\aiymeny.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\LkWPUok.exe
  C:\Windows\System\LkWPUok.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\zuJEzKm.exe
  C:\Windows\System\zuJEzKm.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\YQMzGzJ.exe
  C:\Windows\System\YQMzGzJ.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\ZGfxCxV.exe
  C:\Windows\System\ZGfxCxV.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\JdoQwqT.exe
  C:\Windows\System\JdoQwqT.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\XUoCVUy.exe
  C:\Windows\System\XUoCVUy.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\GAzcCnT.exe
  C:\Windows\System\GAzcCnT.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\xCVxyRN.exe
  C:\Windows\System\xCVxyRN.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\jBcnXUh.exe
  C:\Windows\System\jBcnXUh.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\LugsGIF.exe
  C:\Windows\System\LugsGIF.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\McVEXOo.exe
  C:\Windows\System\McVEXOo.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\qGVkeiT.exe
  C:\Windows\System\qGVkeiT.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\rKkMZLv.exe
  C:\Windows\System\rKkMZLv.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\ZTMgPPm.exe
  C:\Windows\System\ZTMgPPm.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\mQWHzVW.exe
  C:\Windows\System\mQWHzVW.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\hSpKVlW.exe
  C:\Windows\System\hSpKVlW.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\hovtmUv.exe
  C:\Windows\System\hovtmUv.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\JAVbfXm.exe
  C:\Windows\System\JAVbfXm.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\dlAkOAl.exe
  C:\Windows\System\dlAkOAl.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\LvjhzXJ.exe
  C:\Windows\System\LvjhzXJ.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\MZNBigP.exe
  C:\Windows\System\MZNBigP.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\KJCFLTf.exe
  C:\Windows\System\KJCFLTf.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\IcivzVa.exe
  C:\Windows\System\IcivzVa.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\vhvzLaN.exe
  C:\Windows\System\vhvzLaN.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\fcusPCP.exe
  C:\Windows\System\fcusPCP.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ubyYrBH.exe
  C:\Windows\System\ubyYrBH.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\TtFBLlT.exe
  C:\Windows\System\TtFBLlT.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\faHzQgf.exe
  C:\Windows\System\faHzQgf.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\GWbLmkG.exe
  C:\Windows\System\GWbLmkG.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\oAqBtHm.exe
  C:\Windows\System\oAqBtHm.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\XebfDOh.exe
  C:\Windows\System\XebfDOh.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\uQjPWiO.exe
  C:\Windows\System\uQjPWiO.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\NdLxIzA.exe
  C:\Windows\System\NdLxIzA.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\BAIHnZR.exe
  C:\Windows\System\BAIHnZR.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\uXcaGKd.exe
  C:\Windows\System\uXcaGKd.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\COvSPhO.exe
  C:\Windows\System\COvSPhO.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\QPGRsMF.exe
  C:\Windows\System\QPGRsMF.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\RcDSYKr.exe
  C:\Windows\System\RcDSYKr.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\MHZIHwR.exe
  C:\Windows\System\MHZIHwR.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\VWsgTBl.exe
  C:\Windows\System\VWsgTBl.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\MHyJcsj.exe
  C:\Windows\System\MHyJcsj.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\VAXIStt.exe
  C:\Windows\System\VAXIStt.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\Vssecej.exe
  C:\Windows\System\Vssecej.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\DRbrPyb.exe
  C:\Windows\System\DRbrPyb.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\DOuFbYx.exe
  C:\Windows\System\DOuFbYx.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\IaRSpjA.exe
  C:\Windows\System\IaRSpjA.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\mhFbtKV.exe
  C:\Windows\System\mhFbtKV.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\udqDtYS.exe
  C:\Windows\System\udqDtYS.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\sqVMhvv.exe
  C:\Windows\System\sqVMhvv.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\cpKtYvi.exe
  C:\Windows\System\cpKtYvi.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\hKdGnek.exe
  C:\Windows\System\hKdGnek.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\goEjPxY.exe
  C:\Windows\System\goEjPxY.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\eWDBFnW.exe
  C:\Windows\System\eWDBFnW.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\JyjaWxT.exe
  C:\Windows\System\JyjaWxT.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\NThXvEm.exe
  C:\Windows\System\NThXvEm.exe
  2⤵
  PID:3240
- C:\Windows\System\aXNnnWp.exe
  C:\Windows\System\aXNnnWp.exe
  2⤵
  PID:2244
- C:\Windows\System\OfVpdkg.exe
  C:\Windows\System\OfVpdkg.exe
  2⤵
  PID:1144
- C:\Windows\System\nQtDqug.exe
  C:\Windows\System\nQtDqug.exe
  2⤵
  PID:984
- C:\Windows\System\nNCJmGZ.exe
  C:\Windows\System\nNCJmGZ.exe
  2⤵
  PID:400
- C:\Windows\System\llnyNOx.exe
  C:\Windows\System\llnyNOx.exe
  2⤵
  PID:2932
- C:\Windows\System\hmNZxPB.exe
  C:\Windows\System\hmNZxPB.exe
  2⤵
  PID:4076
- C:\Windows\System\wiAmHxS.exe
  C:\Windows\System\wiAmHxS.exe
  2⤵
  PID:5108
- C:\Windows\System\lnSrTJm.exe
  C:\Windows\System\lnSrTJm.exe
  2⤵
  PID:2088
- C:\Windows\System\lpCEnxV.exe
  C:\Windows\System\lpCEnxV.exe
  2⤵
  PID:4972
- C:\Windows\System\rkUWSkx.exe
  C:\Windows\System\rkUWSkx.exe
  2⤵
  PID:4524
- C:\Windows\System\SkbsNis.exe
  C:\Windows\System\SkbsNis.exe
  2⤵
  PID:4716
- C:\Windows\System\NmLASAk.exe
  C:\Windows\System\NmLASAk.exe
  2⤵
  PID:2604
- C:\Windows\System\fVOGCww.exe
  C:\Windows\System\fVOGCww.exe
  2⤵
  PID:4968
- C:\Windows\System\gFfrDTB.exe
  C:\Windows\System\gFfrDTB.exe
  2⤵
  PID:4892
- C:\Windows\System\VPbEDMY.exe
  C:\Windows\System\VPbEDMY.exe
  2⤵
  PID:5148
- C:\Windows\System\mOPerDY.exe
  C:\Windows\System\mOPerDY.exe
  2⤵
  PID:5176
- C:\Windows\System\oTtNHCd.exe
  C:\Windows\System\oTtNHCd.exe
  2⤵
  PID:5204
- C:\Windows\System\xOlZrgK.exe
  C:\Windows\System\xOlZrgK.exe
  2⤵
  PID:5232
- C:\Windows\System\RbAWKGX.exe
  C:\Windows\System\RbAWKGX.exe
  2⤵
  PID:5264
- C:\Windows\System\FFJVTyV.exe
  C:\Windows\System\FFJVTyV.exe
  2⤵
  PID:5288
- C:\Windows\System\WdZPgGI.exe
  C:\Windows\System\WdZPgGI.exe
  2⤵
  PID:5316
- C:\Windows\System\MZmXzod.exe
  C:\Windows\System\MZmXzod.exe
  2⤵
  PID:5344
- C:\Windows\System\VbXwLKA.exe
  C:\Windows\System\VbXwLKA.exe
  2⤵
  PID:5376
- C:\Windows\System\TPpwsRQ.exe
  C:\Windows\System\TPpwsRQ.exe
  2⤵
  PID:5404
- C:\Windows\System\gyPOckl.exe
  C:\Windows\System\gyPOckl.exe
  2⤵
  PID:5432
- C:\Windows\System\NwAjipU.exe
  C:\Windows\System\NwAjipU.exe
  2⤵
  PID:5460
- C:\Windows\System\UOOIMUq.exe
  C:\Windows\System\UOOIMUq.exe
  2⤵
  PID:5488
- C:\Windows\System\ArkOTOE.exe
  C:\Windows\System\ArkOTOE.exe
  2⤵
  PID:5516
- C:\Windows\System\zmpzQae.exe
  C:\Windows\System\zmpzQae.exe
  2⤵
  PID:5548
- C:\Windows\System\nBDFgdi.exe
  C:\Windows\System\nBDFgdi.exe
  2⤵
  PID:5572
- C:\Windows\System\KKWWBtP.exe
  C:\Windows\System\KKWWBtP.exe
  2⤵
  PID:5596
- C:\Windows\System\KfSLIKK.exe
  C:\Windows\System\KfSLIKK.exe
  2⤵
  PID:5628
- C:\Windows\System\HbiOHdj.exe
  C:\Windows\System\HbiOHdj.exe
  2⤵
  PID:5656
- C:\Windows\System\jBdOYmg.exe
  C:\Windows\System\jBdOYmg.exe
  2⤵
  PID:5684
- C:\Windows\System\AHtOaOh.exe
  C:\Windows\System\AHtOaOh.exe
  2⤵
  PID:5712
- C:\Windows\System\IrnsldR.exe
  C:\Windows\System\IrnsldR.exe
  2⤵
  PID:5740
- C:\Windows\System\FezJvbX.exe
  C:\Windows\System\FezJvbX.exe
  2⤵
  PID:5768
- C:\Windows\System\bCfWisT.exe
  C:\Windows\System\bCfWisT.exe
  2⤵
  PID:5796
- C:\Windows\System\FRcEYsO.exe
  C:\Windows\System\FRcEYsO.exe
  2⤵
  PID:5824
- C:\Windows\System\kTDMRUv.exe
  C:\Windows\System\kTDMRUv.exe
  2⤵
  PID:5852
- C:\Windows\System\XTlLxwP.exe
  C:\Windows\System\XTlLxwP.exe
  2⤵
  PID:5876
- C:\Windows\System\SoUCIYX.exe
  C:\Windows\System\SoUCIYX.exe
  2⤵
  PID:5908
- C:\Windows\System\EsjbzhV.exe
  C:\Windows\System\EsjbzhV.exe
  2⤵
  PID:5932
- C:\Windows\System\FefDyiR.exe
  C:\Windows\System\FefDyiR.exe
  2⤵
  PID:5964
- C:\Windows\System\ZQPDFTb.exe
  C:\Windows\System\ZQPDFTb.exe
  2⤵
  PID:5992
- C:\Windows\System\dcVXaez.exe
  C:\Windows\System\dcVXaez.exe
  2⤵
  PID:6020
- C:\Windows\System\AKVWoKk.exe
  C:\Windows\System\AKVWoKk.exe
  2⤵
  PID:6048
- C:\Windows\System\qxfcnOl.exe
  C:\Windows\System\qxfcnOl.exe
  2⤵
  PID:6076
- C:\Windows\System\fQAIUdO.exe
  C:\Windows\System\fQAIUdO.exe
  2⤵
  PID:6104
- C:\Windows\System\upHCAuR.exe
  C:\Windows\System\upHCAuR.exe
  2⤵
  PID:6132
- C:\Windows\System\tmmIZIf.exe
  C:\Windows\System\tmmIZIf.exe
  2⤵
  PID:3640
- C:\Windows\System\TdTayan.exe
  C:\Windows\System\TdTayan.exe
  2⤵
  PID:3148
- C:\Windows\System\dcOhAwg.exe
  C:\Windows\System\dcOhAwg.exe
  2⤵
  PID:1440
- C:\Windows\System\NKNKCIp.exe
  C:\Windows\System\NKNKCIp.exe
  2⤵
  PID:4276
- C:\Windows\System\MrhCxYb.exe
  C:\Windows\System\MrhCxYb.exe
  2⤵
  PID:5132
- C:\Windows\System\bmVVExZ.exe
  C:\Windows\System\bmVVExZ.exe
  2⤵
  PID:5192
- C:\Windows\System\CtOQLvw.exe
  C:\Windows\System\CtOQLvw.exe
  2⤵
  PID:5248
- C:\Windows\System\VtnTwQb.exe
  C:\Windows\System\VtnTwQb.exe
  2⤵
  PID:5088
- C:\Windows\System\BdBLXYg.exe
  C:\Windows\System\BdBLXYg.exe
  2⤵
  PID:5360
- C:\Windows\System\flmYWSc.exe
  C:\Windows\System\flmYWSc.exe
  2⤵
  PID:5416
- C:\Windows\System\wifyBwn.exe
  C:\Windows\System\wifyBwn.exe
  2⤵
  PID:5476
- C:\Windows\System\ruRQyhp.exe
  C:\Windows\System\ruRQyhp.exe
  2⤵
  PID:5508
- C:\Windows\System\XPdiXgy.exe
  C:\Windows\System\XPdiXgy.exe
  2⤵
  PID:5584
- C:\Windows\System\TawxMfK.exe
  C:\Windows\System\TawxMfK.exe
  2⤵
  PID:5640
- C:\Windows\System\ZDEVTjA.exe
  C:\Windows\System\ZDEVTjA.exe
  2⤵
  PID:5696
- C:\Windows\System\KZEnzGe.exe
  C:\Windows\System\KZEnzGe.exe
  2⤵
  PID:5756
- C:\Windows\System\sJrvkpu.exe
  C:\Windows\System\sJrvkpu.exe
  2⤵
  PID:5808
- C:\Windows\System\FrjOHDG.exe
  C:\Windows\System\FrjOHDG.exe
  2⤵
  PID:5844
- C:\Windows\System\hZyfCOt.exe
  C:\Windows\System\hZyfCOt.exe
  2⤵
  PID:5920
- C:\Windows\System\WQOlbWU.exe
  C:\Windows\System\WQOlbWU.exe
  2⤵
  PID:5976
- C:\Windows\System\VRmszVG.exe
  C:\Windows\System\VRmszVG.exe
  2⤵
  PID:6012
- C:\Windows\System\aiMVjCG.exe
  C:\Windows\System\aiMVjCG.exe
  2⤵
  PID:6088
- C:\Windows\System\rYaOxTF.exe
  C:\Windows\System\rYaOxTF.exe
  2⤵
  PID:4848
- C:\Windows\System\umCdyVj.exe
  C:\Windows\System\umCdyVj.exe
  2⤵
  PID:1944
- C:\Windows\System\dOfVBNm.exe
  C:\Windows\System\dOfVBNm.exe
  2⤵
  PID:2560
- C:\Windows\System\YyrFDnd.exe
  C:\Windows\System\YyrFDnd.exe
  2⤵
  PID:5224
- C:\Windows\System\LJXdWGf.exe
  C:\Windows\System\LJXdWGf.exe
  2⤵
  PID:5388
- C:\Windows\System\TOpYZOe.exe
  C:\Windows\System\TOpYZOe.exe
  2⤵
  PID:5452
- C:\Windows\System\jQLJycr.exe
  C:\Windows\System\jQLJycr.exe
  2⤵
  PID:5556
- C:\Windows\System\MkwETBt.exe
  C:\Windows\System\MkwETBt.exe
  2⤵
  PID:5668
- C:\Windows\System\uOOEgUo.exe
  C:\Windows\System\uOOEgUo.exe
  2⤵
  PID:3636
- C:\Windows\System\utDyXRl.exe
  C:\Windows\System\utDyXRl.exe
  2⤵
  PID:5892
- C:\Windows\System\ztTUZjM.exe
  C:\Windows\System\ztTUZjM.exe
  2⤵
  PID:5952
- C:\Windows\System\cZBzQmh.exe
  C:\Windows\System\cZBzQmh.exe
  2⤵
  PID:4752
- C:\Windows\System\msCcAah.exe
  C:\Windows\System\msCcAah.exe
  2⤵
  PID:6120
- C:\Windows\System\jjqAAwa.exe
  C:\Windows\System\jjqAAwa.exe
  2⤵
  PID:1864
- C:\Windows\System\BmaHXaZ.exe
  C:\Windows\System\BmaHXaZ.exe
  2⤵
  PID:5160
- C:\Windows\System\CTSngPy.exe
  C:\Windows\System\CTSngPy.exe
  2⤵
  PID:3924
- C:\Windows\System\WWxeNAG.exe
  C:\Windows\System\WWxeNAG.exe
  2⤵
  PID:5284
- C:\Windows\System\sHUoEvT.exe
  C:\Windows\System\sHUoEvT.exe
  2⤵
  PID:1300
- C:\Windows\System\NIyiNvj.exe
  C:\Windows\System\NIyiNvj.exe
  2⤵
  PID:5444
- C:\Windows\System\ebNYCMM.exe
  C:\Windows\System\ebNYCMM.exe
  2⤵
  PID:3624
- C:\Windows\System\LWajnQT.exe
  C:\Windows\System\LWajnQT.exe
  2⤵
  PID:4932
- C:\Windows\System\KZEOpgw.exe
  C:\Windows\System\KZEOpgw.exe
  2⤵
  PID:1496
- C:\Windows\System\pCOocce.exe
  C:\Windows\System\pCOocce.exe
  2⤵
  PID:5616
- C:\Windows\System\qHjIhHK.exe
  C:\Windows\System\qHjIhHK.exe
  2⤵
  PID:2684
- C:\Windows\System\NdeITpD.exe
  C:\Windows\System\NdeITpD.exe
  2⤵
  PID:2856
- C:\Windows\System\DYkcyeW.exe
  C:\Windows\System\DYkcyeW.exe
  2⤵
  PID:2120
- C:\Windows\System\HYSpoXI.exe
  C:\Windows\System\HYSpoXI.exe
  2⤵
  PID:4116
- C:\Windows\System\rchDsPV.exe
  C:\Windows\System\rchDsPV.exe
  2⤵
  PID:844
- C:\Windows\System\kWFUUgz.exe
  C:\Windows\System\kWFUUgz.exe
  2⤵
  PID:3384
- C:\Windows\System\QvNjYmk.exe
  C:\Windows\System\QvNjYmk.exe
  2⤵
  PID:6004
- C:\Windows\System\tCqyoyc.exe
  C:\Windows\System\tCqyoyc.exe
  2⤵
  PID:1476
- C:\Windows\System\JNuCfNy.exe
  C:\Windows\System\JNuCfNy.exe
  2⤵
  PID:6156
- C:\Windows\System\XprqCTm.exe
  C:\Windows\System\XprqCTm.exe
  2⤵
  PID:6180
- C:\Windows\System\iREDGNB.exe
  C:\Windows\System\iREDGNB.exe
  2⤵
  PID:6196
- C:\Windows\System\NBkhRzS.exe
  C:\Windows\System\NBkhRzS.exe
  2⤵
  PID:6220
- C:\Windows\System\EEucITY.exe
  C:\Windows\System\EEucITY.exe
  2⤵
  PID:6240
- C:\Windows\System\lhdHPQk.exe
  C:\Windows\System\lhdHPQk.exe
  2⤵
  PID:6264
- C:\Windows\System\iBeegXs.exe
  C:\Windows\System\iBeegXs.exe
  2⤵
  PID:6288
- C:\Windows\System\LCLxKqi.exe
  C:\Windows\System\LCLxKqi.exe
  2⤵
  PID:6308
- C:\Windows\System\qUAenCW.exe
  C:\Windows\System\qUAenCW.exe
  2⤵
  PID:6328
- C:\Windows\System\gplryFu.exe
  C:\Windows\System\gplryFu.exe
  2⤵
  PID:6348
- C:\Windows\System\aiJTthR.exe
  C:\Windows\System\aiJTthR.exe
  2⤵
  PID:6372
- C:\Windows\System\eEHGEeE.exe
  C:\Windows\System\eEHGEeE.exe
  2⤵
  PID:6392
- C:\Windows\System\EAhBKeW.exe
  C:\Windows\System\EAhBKeW.exe
  2⤵
  PID:6412
- C:\Windows\System\pMOBEFd.exe
  C:\Windows\System\pMOBEFd.exe
  2⤵
  PID:6436
- C:\Windows\System\ZjSQpbs.exe
  C:\Windows\System\ZjSQpbs.exe
  2⤵
  PID:6456
- C:\Windows\System\jvMRiGp.exe
  C:\Windows\System\jvMRiGp.exe
  2⤵
  PID:6476
- C:\Windows\System\yIYYRCS.exe
  C:\Windows\System\yIYYRCS.exe
  2⤵
  PID:6496
- C:\Windows\System\SYWOqzY.exe
  C:\Windows\System\SYWOqzY.exe
  2⤵
  PID:6520
- C:\Windows\System\RvWCIKN.exe
  C:\Windows\System\RvWCIKN.exe
  2⤵
  PID:6540
- C:\Windows\System\aiWiJrS.exe
  C:\Windows\System\aiWiJrS.exe
  2⤵
  PID:6564
- C:\Windows\System\dSiaZDW.exe
  C:\Windows\System\dSiaZDW.exe
  2⤵
  PID:6584
- C:\Windows\System\BMFXXOb.exe
  C:\Windows\System\BMFXXOb.exe
  2⤵
  PID:6604
- C:\Windows\System\ZOMMrGg.exe
  C:\Windows\System\ZOMMrGg.exe
  2⤵
  PID:6624
- C:\Windows\System\QaXVNPT.exe
  C:\Windows\System\QaXVNPT.exe
  2⤵
  PID:6648
- C:\Windows\System\RWlGAta.exe
  C:\Windows\System\RWlGAta.exe
  2⤵
  PID:6672
- C:\Windows\System\vlEvoax.exe
  C:\Windows\System\vlEvoax.exe
  2⤵
  PID:6696
- C:\Windows\System\ypTdhBd.exe
  C:\Windows\System\ypTdhBd.exe
  2⤵
  PID:6712
- C:\Windows\System\VimydHR.exe
  C:\Windows\System\VimydHR.exe
  2⤵
  PID:6732
- C:\Windows\System\ivPbcJm.exe
  C:\Windows\System\ivPbcJm.exe
  2⤵
  PID:6760
- C:\Windows\System\DxnpzlJ.exe
  C:\Windows\System\DxnpzlJ.exe
  2⤵
  PID:6780
- C:\Windows\System\RzdzDAP.exe
  C:\Windows\System\RzdzDAP.exe
  2⤵
  PID:6804
- C:\Windows\System\tTMbjtt.exe
  C:\Windows\System\tTMbjtt.exe
  2⤵
  PID:6828
- C:\Windows\System\sXXIeKW.exe
  C:\Windows\System\sXXIeKW.exe
  2⤵
  PID:6848
- C:\Windows\System\RRCjBGo.exe
  C:\Windows\System\RRCjBGo.exe
  2⤵
  PID:6872
- C:\Windows\System\UaZAqWw.exe
  C:\Windows\System\UaZAqWw.exe
  2⤵
  PID:6892
- C:\Windows\System\WRyjVXU.exe
  C:\Windows\System\WRyjVXU.exe
  2⤵
  PID:6908
- C:\Windows\System\ThyGaCZ.exe
  C:\Windows\System\ThyGaCZ.exe
  2⤵
  PID:6936
- C:\Windows\System\bdOduaS.exe
  C:\Windows\System\bdOduaS.exe
  2⤵
  PID:6956
- C:\Windows\System\fENqHBI.exe
  C:\Windows\System\fENqHBI.exe
  2⤵
  PID:6972
- C:\Windows\System\bUoSvoB.exe
  C:\Windows\System\bUoSvoB.exe
  2⤵
  PID:6992
- C:\Windows\System\WoLFSyC.exe
  C:\Windows\System\WoLFSyC.exe
  2⤵
  PID:7012
- C:\Windows\System\bcfjyWA.exe
  C:\Windows\System\bcfjyWA.exe
  2⤵
  PID:7040
- C:\Windows\System\OrdnlqO.exe
  C:\Windows\System\OrdnlqO.exe
  2⤵
  PID:7064
- C:\Windows\System\LbDRDSW.exe
  C:\Windows\System\LbDRDSW.exe
  2⤵
  PID:7084
- C:\Windows\System\XgCEJvD.exe
  C:\Windows\System\XgCEJvD.exe
  2⤵
  PID:7104
- C:\Windows\System\AISfsMa.exe
  C:\Windows\System\AISfsMa.exe
  2⤵
  PID:7132
- C:\Windows\System\LvlHUij.exe
  C:\Windows\System\LvlHUij.exe
  2⤵
  PID:7152
- C:\Windows\System\AnCzhev.exe
  C:\Windows\System\AnCzhev.exe
  2⤵
  PID:1084
- C:\Windows\System\lPigfwE.exe
  C:\Windows\System\lPigfwE.exe
  2⤵
  PID:5112
- C:\Windows\System\jrnhXsh.exe
  C:\Windows\System\jrnhXsh.exe
  2⤵
  PID:6208
- C:\Windows\System\VUxYyyQ.exe
  C:\Windows\System\VUxYyyQ.exe
  2⤵
  PID:5500
- C:\Windows\System\nXwaJev.exe
  C:\Windows\System\nXwaJev.exe
  2⤵
  PID:6272
- C:\Windows\System\wKNZubz.exe
  C:\Windows\System\wKNZubz.exe
  2⤵
  PID:6152
- C:\Windows\System\VuYJStt.exe
  C:\Windows\System\VuYJStt.exe
  2⤵
  PID:6432
- C:\Windows\System\bBGtmyr.exe
  C:\Windows\System\bBGtmyr.exe
  2⤵
  PID:4248
- C:\Windows\System\fkHpxgm.exe
  C:\Windows\System\fkHpxgm.exe
  2⤵
  PID:4632
- C:\Windows\System\XLXjNpi.exe
  C:\Windows\System\XLXjNpi.exe
  2⤵
  PID:6236
- C:\Windows\System\zNuyRdR.exe
  C:\Windows\System\zNuyRdR.exe
  2⤵
  PID:2944
- C:\Windows\System\uuWCpXD.exe
  C:\Windows\System\uuWCpXD.exe
  2⤵
  PID:6340
- C:\Windows\System\LiJCYFS.exe
  C:\Windows\System\LiJCYFS.exe
  2⤵
  PID:6556
- C:\Windows\System\RTMaklA.exe
  C:\Windows\System\RTMaklA.exe
  2⤵
  PID:6400
- C:\Windows\System\YXClxYv.exe
  C:\Windows\System\YXClxYv.exe
  2⤵
  PID:7188
- C:\Windows\System\npBleLS.exe
  C:\Windows\System\npBleLS.exe
  2⤵
  PID:7208
- C:\Windows\System\ldBJdlf.exe
  C:\Windows\System\ldBJdlf.exe
  2⤵
  PID:7228
- C:\Windows\System\gPDisIA.exe
  C:\Windows\System\gPDisIA.exe
  2⤵
  PID:7248
- C:\Windows\System\WFlBEOc.exe
  C:\Windows\System\WFlBEOc.exe
  2⤵
  PID:7272
- C:\Windows\System\GxlchaU.exe
  C:\Windows\System\GxlchaU.exe
  2⤵
  PID:7296
- C:\Windows\System\SGMAngi.exe
  C:\Windows\System\SGMAngi.exe
  2⤵
  PID:7312
- C:\Windows\System\aBugPsk.exe
  C:\Windows\System\aBugPsk.exe
  2⤵
  PID:7340
- C:\Windows\System\aoakLzl.exe
  C:\Windows\System\aoakLzl.exe
  2⤵
  PID:7356
- C:\Windows\System\pzFPZXy.exe
  C:\Windows\System\pzFPZXy.exe
  2⤵
  PID:7384
- C:\Windows\System\qlFcpzD.exe
  C:\Windows\System\qlFcpzD.exe
  2⤵
  PID:7400
- C:\Windows\System\vbaptMk.exe
  C:\Windows\System\vbaptMk.exe
  2⤵
  PID:7424
- C:\Windows\System\dtaKNJk.exe
  C:\Windows\System\dtaKNJk.exe
  2⤵
  PID:7440
- C:\Windows\System\uRXAAMv.exe
  C:\Windows\System\uRXAAMv.exe
  2⤵
  PID:7460
- C:\Windows\System\xrmtqve.exe
  C:\Windows\System\xrmtqve.exe
  2⤵
  PID:7492
- C:\Windows\System\gGsrOnH.exe
  C:\Windows\System\gGsrOnH.exe
  2⤵
  PID:7512
- C:\Windows\System\FMJKIMy.exe
  C:\Windows\System\FMJKIMy.exe
  2⤵
  PID:7528
- C:\Windows\System\RxubCNw.exe
  C:\Windows\System\RxubCNw.exe
  2⤵
  PID:7548
- C:\Windows\System\qynUcto.exe
  C:\Windows\System\qynUcto.exe
  2⤵
  PID:7568
- C:\Windows\System\qnERqWC.exe
  C:\Windows\System\qnERqWC.exe
  2⤵
  PID:7584
- C:\Windows\System\BRWzzPC.exe
  C:\Windows\System\BRWzzPC.exe
  2⤵
  PID:7604
- C:\Windows\System\EENUSta.exe
  C:\Windows\System\EENUSta.exe
  2⤵
  PID:7624
- C:\Windows\System\hYBPDUl.exe
  C:\Windows\System\hYBPDUl.exe
  2⤵
  PID:7648
- C:\Windows\System\myafFJl.exe
  C:\Windows\System\myafFJl.exe
  2⤵
  PID:7676
- C:\Windows\System\neZdjam.exe
  C:\Windows\System\neZdjam.exe
  2⤵
  PID:7696
- C:\Windows\System\YXalOpi.exe
  C:\Windows\System\YXalOpi.exe
  2⤵
  PID:7720
- C:\Windows\System\gYpjYHm.exe
  C:\Windows\System\gYpjYHm.exe
  2⤵
  PID:7736
- C:\Windows\System\QisHIVy.exe
  C:\Windows\System\QisHIVy.exe
  2⤵
  PID:7756
- C:\Windows\System\tDkJOEA.exe
  C:\Windows\System\tDkJOEA.exe
  2⤵
  PID:7776
- C:\Windows\System\cJyDJVT.exe
  C:\Windows\System\cJyDJVT.exe
  2⤵
  PID:7800
- C:\Windows\System\kcwBCvw.exe
  C:\Windows\System\kcwBCvw.exe
  2⤵
  PID:7816
- C:\Windows\System\OVQcjLL.exe
  C:\Windows\System\OVQcjLL.exe
  2⤵
  PID:7840
- C:\Windows\System\JnKJgWR.exe
  C:\Windows\System\JnKJgWR.exe
  2⤵
  PID:7864
- C:\Windows\System\ozeuWoH.exe
  C:\Windows\System\ozeuWoH.exe
  2⤵
  PID:7892
- C:\Windows\System\cznJdGm.exe
  C:\Windows\System\cznJdGm.exe
  2⤵
  PID:7912
- C:\Windows\System\ETdopVP.exe
  C:\Windows\System\ETdopVP.exe
  2⤵
  PID:7928
- C:\Windows\System\phKwlms.exe
  C:\Windows\System\phKwlms.exe
  2⤵
  PID:7944
- C:\Windows\System\JWMGLkX.exe
  C:\Windows\System\JWMGLkX.exe
  2⤵
  PID:7968
- C:\Windows\System\kdCzQXv.exe
  C:\Windows\System\kdCzQXv.exe
  2⤵
  PID:7988
- C:\Windows\System\wXVmFWy.exe
  C:\Windows\System\wXVmFWy.exe
  2⤵
  PID:8008
- C:\Windows\System\dCAHElR.exe
  C:\Windows\System\dCAHElR.exe
  2⤵
  PID:8040
- C:\Windows\System\hGkujZC.exe
  C:\Windows\System\hGkujZC.exe
  2⤵
  PID:8068
- C:\Windows\System\LqkfMxp.exe
  C:\Windows\System\LqkfMxp.exe
  2⤵
  PID:8088
- C:\Windows\System\CTtHgqL.exe
  C:\Windows\System\CTtHgqL.exe
  2⤵
  PID:8108
- C:\Windows\System\HpYSOVD.exe
  C:\Windows\System\HpYSOVD.exe
  2⤵
  PID:8128
- C:\Windows\System\FkjPETF.exe
  C:\Windows\System\FkjPETF.exe
  2⤵
  PID:8152
- C:\Windows\System\UCNPMYk.exe
  C:\Windows\System\UCNPMYk.exe
  2⤵
  PID:8176
- C:\Windows\System\UpGoMYX.exe
  C:\Windows\System\UpGoMYX.exe
  2⤵
  PID:6668
- C:\Windows\System\ncsnTRH.exe
  C:\Windows\System\ncsnTRH.exe
  2⤵
  PID:6444
- C:\Windows\System\DGmMXTV.exe
  C:\Windows\System\DGmMXTV.exe
  2⤵
  PID:6472
- C:\Windows\System\WHpegrL.exe
  C:\Windows\System\WHpegrL.exe
  2⤵
  PID:4896
- C:\Windows\System\pYjWGfP.exe
  C:\Windows\System\pYjWGfP.exe
  2⤵
  PID:6904
- C:\Windows\System\bwRUegu.exe
  C:\Windows\System\bwRUegu.exe
  2⤵
  PID:6536
- C:\Windows\System\SkpRKBz.exe
  C:\Windows\System\SkpRKBz.exe
  2⤵
  PID:6600
- C:\Windows\System\XnUIjnw.exe
  C:\Windows\System\XnUIjnw.exe
  2⤵
  PID:6316
- C:\Windows\System\IXlnzHg.exe
  C:\Windows\System\IXlnzHg.exe
  2⤵
  PID:6644
- C:\Windows\System\QjpMkwW.exe
  C:\Windows\System\QjpMkwW.exe
  2⤵
  PID:7280
- C:\Windows\System\YfXlxje.exe
  C:\Windows\System\YfXlxje.exe
  2⤵
  PID:6728
- C:\Windows\System\tBLxXkE.exe
  C:\Windows\System\tBLxXkE.exe
  2⤵
  PID:6772
- C:\Windows\System\FMhzkHS.exe
  C:\Windows\System\FMhzkHS.exe
  2⤵
  PID:6812
- C:\Windows\System\EHeQwfl.exe
  C:\Windows\System\EHeQwfl.exe
  2⤵
  PID:7476
- C:\Windows\System\cGdwRtl.exe
  C:\Windows\System\cGdwRtl.exe
  2⤵
  PID:6296
- C:\Windows\System\ggecYrN.exe
  C:\Windows\System\ggecYrN.exe
  2⤵
  PID:7540
- C:\Windows\System\TFDJdjI.exe
  C:\Windows\System\TFDJdjI.exe
  2⤵
  PID:7616
- C:\Windows\System\apkMQaP.exe
  C:\Windows\System\apkMQaP.exe
  2⤵
  PID:7644
- C:\Windows\System\EbPRrfL.exe
  C:\Windows\System\EbPRrfL.exe
  2⤵
  PID:7664
- C:\Windows\System\rWLWzUN.exe
  C:\Windows\System\rWLWzUN.exe
  2⤵
  PID:4380
- C:\Windows\System\knuDpCu.exe
  C:\Windows\System\knuDpCu.exe
  2⤵
  PID:7768
- C:\Windows\System\QcksUiU.exe
  C:\Windows\System\QcksUiU.exe
  2⤵
  PID:7848
- C:\Windows\System\AkOMlMG.exe
  C:\Windows\System\AkOMlMG.exe
  2⤵
  PID:7076
- C:\Windows\System\wMJdHQH.exe
  C:\Windows\System\wMJdHQH.exe
  2⤵
  PID:8212
- C:\Windows\System\IIZYEib.exe
  C:\Windows\System\IIZYEib.exe
  2⤵
  PID:8232
- C:\Windows\System\YDwmvFH.exe
  C:\Windows\System\YDwmvFH.exe
  2⤵
  PID:8256
- C:\Windows\System\ddKatNk.exe
  C:\Windows\System\ddKatNk.exe
  2⤵
  PID:8276
- C:\Windows\System\TDMuFYq.exe
  C:\Windows\System\TDMuFYq.exe
  2⤵
  PID:8300
- C:\Windows\System\pzLWvdl.exe
  C:\Windows\System\pzLWvdl.exe
  2⤵
  PID:8320
- C:\Windows\System\dfDYxfD.exe
  C:\Windows\System\dfDYxfD.exe
  2⤵
  PID:8344
- C:\Windows\System\coZBXsn.exe
  C:\Windows\System\coZBXsn.exe
  2⤵
  PID:8364
- C:\Windows\System\YaMCSiM.exe
  C:\Windows\System\YaMCSiM.exe
  2⤵
  PID:8388
- C:\Windows\System\zfyywZi.exe
  C:\Windows\System\zfyywZi.exe
  2⤵
  PID:8416
- C:\Windows\System\jteNaqb.exe
  C:\Windows\System\jteNaqb.exe
  2⤵
  PID:8440
- C:\Windows\System\yXgUPFH.exe
  C:\Windows\System\yXgUPFH.exe
  2⤵
  PID:8464
- C:\Windows\System\rPjbUYJ.exe
  C:\Windows\System\rPjbUYJ.exe
  2⤵
  PID:8484
- C:\Windows\System\jGDIyRC.exe
  C:\Windows\System\jGDIyRC.exe
  2⤵
  PID:8508
- C:\Windows\System\jJDfAcT.exe
  C:\Windows\System\jJDfAcT.exe
  2⤵
  PID:8532
- C:\Windows\System\zLbKARw.exe
  C:\Windows\System\zLbKARw.exe
  2⤵
  PID:8552
- C:\Windows\System\JWaRftX.exe
  C:\Windows\System\JWaRftX.exe
  2⤵
  PID:8572
- C:\Windows\System\OxXQnDA.exe
  C:\Windows\System\OxXQnDA.exe
  2⤵
  PID:8596
- C:\Windows\System\rBOhToZ.exe
  C:\Windows\System\rBOhToZ.exe
  2⤵
  PID:8620
- C:\Windows\System\kdCtVDh.exe
  C:\Windows\System\kdCtVDh.exe
  2⤵
  PID:8636
- C:\Windows\System\PcgCYMM.exe
  C:\Windows\System\PcgCYMM.exe
  2⤵
  PID:8660
- C:\Windows\System\ZotTGcH.exe
  C:\Windows\System\ZotTGcH.exe
  2⤵
  PID:8680
- C:\Windows\System\pSceOId.exe
  C:\Windows\System\pSceOId.exe
  2⤵
  PID:8704
- C:\Windows\System\mSdsmpL.exe
  C:\Windows\System\mSdsmpL.exe
  2⤵
  PID:8728
- C:\Windows\System\fmILVmH.exe
  C:\Windows\System\fmILVmH.exe
  2⤵
  PID:8744
- C:\Windows\System\ZrYUHiz.exe
  C:\Windows\System\ZrYUHiz.exe
  2⤵
  PID:8768
- C:\Windows\System\NtLefJl.exe
  C:\Windows\System\NtLefJl.exe
  2⤵
  PID:8792
- C:\Windows\System\NHBCZnT.exe
  C:\Windows\System\NHBCZnT.exe
  2⤵
  PID:8808
- C:\Windows\System\GKCurXx.exe
  C:\Windows\System\GKCurXx.exe
  2⤵
  PID:8832
- C:\Windows\System\optnHXD.exe
  C:\Windows\System\optnHXD.exe
  2⤵
  PID:8852
- C:\Windows\System\ZnWFbOH.exe
  C:\Windows\System\ZnWFbOH.exe
  2⤵
  PID:8868
- C:\Windows\System\lkPgCPP.exe
  C:\Windows\System\lkPgCPP.exe
  2⤵
  PID:8888
- C:\Windows\System\HFdJjKV.exe
  C:\Windows\System\HFdJjKV.exe
  2⤵
  PID:8904
- C:\Windows\System\FfhOiqO.exe
  C:\Windows\System\FfhOiqO.exe
  2⤵
  PID:8936
- C:\Windows\System\HnTyJyp.exe
  C:\Windows\System\HnTyJyp.exe
  2⤵
  PID:8968
- C:\Windows\System\TpgkzBw.exe
  C:\Windows\System\TpgkzBw.exe
  2⤵
  PID:8996
- C:\Windows\System\uPEjHrX.exe
  C:\Windows\System\uPEjHrX.exe
  2⤵
  PID:9024
- C:\Windows\System\mYQreFk.exe
  C:\Windows\System\mYQreFk.exe
  2⤵
  PID:9052
- C:\Windows\System\WJpgqNI.exe
  C:\Windows\System\WJpgqNI.exe
  2⤵
  PID:9076
- C:\Windows\System\wgRAcCC.exe
  C:\Windows\System\wgRAcCC.exe
  2⤵
  PID:9100
- C:\Windows\System\CiSvoYC.exe
  C:\Windows\System\CiSvoYC.exe
  2⤵
  PID:9124
- C:\Windows\System\hlbQhSN.exe
  C:\Windows\System\hlbQhSN.exe
  2⤵
  PID:9140
- C:\Windows\System\HKbJlos.exe
  C:\Windows\System\HKbJlos.exe
  2⤵
  PID:9180
- C:\Windows\System\xHUKqvj.exe
  C:\Windows\System\xHUKqvj.exe
  2⤵
  PID:9208
- C:\Windows\System\aONckdu.exe
  C:\Windows\System\aONckdu.exe
  2⤵
  PID:7856
- C:\Windows\System\jWjFPVV.exe
  C:\Windows\System\jWjFPVV.exe
  2⤵
  PID:7920
- C:\Windows\System\TTXuCOh.exe
  C:\Windows\System\TTXuCOh.exe
  2⤵
  PID:8048
- C:\Windows\System\GmWgjJQ.exe
  C:\Windows\System\GmWgjJQ.exe
  2⤵
  PID:8136
- C:\Windows\System\HYartWc.exe
  C:\Windows\System\HYartWc.exe
  2⤵
  PID:5836
- C:\Windows\System\fHqUxAf.exe
  C:\Windows\System\fHqUxAf.exe
  2⤵
  PID:4204
- C:\Windows\System\INMBOSs.exe
  C:\Windows\System\INMBOSs.exe
  2⤵
  PID:7592
- C:\Windows\System\ntyHXOp.exe
  C:\Windows\System\ntyHXOp.exe
  2⤵
  PID:7688
- C:\Windows\System\JpXlBpZ.exe
  C:\Windows\System\JpXlBpZ.exe
  2⤵
  PID:6324
- C:\Windows\System\wBlxabP.exe
  C:\Windows\System\wBlxabP.exe
  2⤵
  PID:7504
- C:\Windows\System\cQShQUE.exe
  C:\Windows\System\cQShQUE.exe
  2⤵
  PID:7796
- C:\Windows\System\pltNSkS.exe
  C:\Windows\System\pltNSkS.exe
  2⤵
  PID:7180
- C:\Windows\System\yfJwsHE.exe
  C:\Windows\System\yfJwsHE.exe
  2⤵
  PID:8208
- C:\Windows\System\beVDMPr.exe
  C:\Windows\System\beVDMPr.exe
  2⤵
  PID:7224
- C:\Windows\System\QzMQHjX.exe
  C:\Windows\System\QzMQHjX.exe
  2⤵
  PID:7256
- C:\Windows\System\FNbGTFR.exe
  C:\Windows\System\FNbGTFR.exe
  2⤵
  PID:8292
- C:\Windows\System\tfSkisy.exe
  C:\Windows\System\tfSkisy.exe
  2⤵
  PID:8328
- C:\Windows\System\ZWrqwrN.exe
  C:\Windows\System\ZWrqwrN.exe
  2⤵
  PID:7324
- C:\Windows\System\VSmeEiG.exe
  C:\Windows\System\VSmeEiG.exe
  2⤵
  PID:7368
- C:\Windows\System\mNesmfa.exe
  C:\Windows\System\mNesmfa.exe
  2⤵
  PID:7396
- C:\Windows\System\cfdoXuH.exe
  C:\Windows\System\cfdoXuH.exe
  2⤵
  PID:8100
- C:\Windows\System\EBJkFFD.exe
  C:\Windows\System\EBJkFFD.exe
  2⤵
  PID:8120
- C:\Windows\System\HjUOiuQ.exe
  C:\Windows\System\HjUOiuQ.exe
  2⤵
  PID:7416
- C:\Windows\System\KsNPIaS.exe
  C:\Windows\System\KsNPIaS.exe
  2⤵
  PID:7468
- C:\Windows\System\fXWdCqL.exe
  C:\Windows\System\fXWdCqL.exe
  2⤵
  PID:7536
- C:\Windows\System\tYpFApW.exe
  C:\Windows\System\tYpFApW.exe
  2⤵
  PID:7196
- C:\Windows\System\sTMCyEF.exe
  C:\Windows\System\sTMCyEF.exe
  2⤵
  PID:9236
- C:\Windows\System\WcPNIpW.exe
  C:\Windows\System\WcPNIpW.exe
  2⤵
  PID:9256
- C:\Windows\System\syMpOUi.exe
  C:\Windows\System\syMpOUi.exe
  2⤵
  PID:9280
- C:\Windows\System\yqtsKwH.exe
  C:\Windows\System\yqtsKwH.exe
  2⤵
  PID:9300
- C:\Windows\System\JqtGUfo.exe
  C:\Windows\System\JqtGUfo.exe
  2⤵
  PID:9320
- C:\Windows\System\ZWsjPYv.exe
  C:\Windows\System\ZWsjPYv.exe
  2⤵
  PID:9344
- C:\Windows\System\wvXJIEd.exe
  C:\Windows\System\wvXJIEd.exe
  2⤵
  PID:9368
- C:\Windows\System\tuvtxWH.exe
  C:\Windows\System\tuvtxWH.exe
  2⤵
  PID:9388
- C:\Windows\System\grLwzCd.exe
  C:\Windows\System\grLwzCd.exe
  2⤵
  PID:9404
- C:\Windows\System\MtCIfVQ.exe
  C:\Windows\System\MtCIfVQ.exe
  2⤵
  PID:9424
- C:\Windows\System\elppDcO.exe
  C:\Windows\System\elppDcO.exe
  2⤵
  PID:9440
- C:\Windows\System\VCPFVqY.exe
  C:\Windows\System\VCPFVqY.exe
  2⤵
  PID:9464
- C:\Windows\System\zRuXdKV.exe
  C:\Windows\System\zRuXdKV.exe
  2⤵
  PID:9500
- C:\Windows\System\CrAlPEw.exe
  C:\Windows\System\CrAlPEw.exe
  2⤵
  PID:9520
- C:\Windows\System\RTuQCZs.exe
  C:\Windows\System\RTuQCZs.exe
  2⤵
  PID:9544
- C:\Windows\System\idgnUBP.exe
  C:\Windows\System\idgnUBP.exe
  2⤵
  PID:9568
- C:\Windows\System\lFIfiEh.exe
  C:\Windows\System\lFIfiEh.exe
  2⤵
  PID:9592
- C:\Windows\System\OzYZrmR.exe
  C:\Windows\System\OzYZrmR.exe
  2⤵
  PID:9620
- C:\Windows\System\whPGQLq.exe
  C:\Windows\System\whPGQLq.exe
  2⤵
  PID:9640
- C:\Windows\System\PzlwQKg.exe
  C:\Windows\System\PzlwQKg.exe
  2⤵
  PID:9660
- C:\Windows\System\GojBFkl.exe
  C:\Windows\System\GojBFkl.exe
  2⤵
  PID:9684
- C:\Windows\System\jkyMida.exe
  C:\Windows\System\jkyMida.exe
  2⤵
  PID:9708
- C:\Windows\System\ckQvzFa.exe
  C:\Windows\System\ckQvzFa.exe
  2⤵
  PID:9728
- C:\Windows\System\WfoTAaw.exe
  C:\Windows\System\WfoTAaw.exe
  2⤵
  PID:9748
- C:\Windows\System\gobRqbk.exe
  C:\Windows\System\gobRqbk.exe
  2⤵
  PID:9764
- C:\Windows\System\gsxuKGe.exe
  C:\Windows\System\gsxuKGe.exe
  2⤵
  PID:9780
- C:\Windows\System\DehIMsc.exe
  C:\Windows\System\DehIMsc.exe
  2⤵
  PID:9796
- C:\Windows\System\lWwiAbv.exe
  C:\Windows\System\lWwiAbv.exe
  2⤵
  PID:9816
- C:\Windows\System\vRMTimx.exe
  C:\Windows\System\vRMTimx.exe
  2⤵
  PID:9840
- C:\Windows\System\vkiLibC.exe
  C:\Windows\System\vkiLibC.exe
  2⤵
  PID:9872
- C:\Windows\System\gfBLqKX.exe
  C:\Windows\System\gfBLqKX.exe
  2⤵
  PID:9904
- C:\Windows\System\wsiguSO.exe
  C:\Windows\System\wsiguSO.exe
  2⤵
  PID:9920
- C:\Windows\System\xzySQdr.exe
  C:\Windows\System\xzySQdr.exe
  2⤵
  PID:9948
- C:\Windows\System\ZqvHhpy.exe
  C:\Windows\System\ZqvHhpy.exe
  2⤵
  PID:9968
- C:\Windows\System\diJAsQQ.exe
  C:\Windows\System\diJAsQQ.exe
  2⤵
  PID:9988
- C:\Windows\System\hPkEmJx.exe
  C:\Windows\System\hPkEmJx.exe
  2⤵
  PID:10012
- C:\Windows\System\ZjxcuWq.exe
  C:\Windows\System\ZjxcuWq.exe
  2⤵
  PID:10044
- C:\Windows\System\JYxVbZU.exe
  C:\Windows\System\JYxVbZU.exe
  2⤵
  PID:10064
- C:\Windows\System\vXlaNfb.exe
  C:\Windows\System\vXlaNfb.exe
  2⤵
  PID:10084
- C:\Windows\System\uIoTIZo.exe
  C:\Windows\System\uIoTIZo.exe
  2⤵
  PID:10104
- C:\Windows\System\GtSoDsH.exe
  C:\Windows\System\GtSoDsH.exe
  2⤵
  PID:10128
- C:\Windows\System\JTvolBs.exe
  C:\Windows\System\JTvolBs.exe
  2⤵
  PID:10160
- C:\Windows\System\FVSgGxJ.exe
  C:\Windows\System\FVSgGxJ.exe
  2⤵
  PID:10176
- C:\Windows\System\GqLcklF.exe
  C:\Windows\System\GqLcklF.exe
  2⤵
  PID:10200
- C:\Windows\System\ZzZrWfd.exe
  C:\Windows\System\ZzZrWfd.exe
  2⤵
  PID:10112
- C:\Windows\System\vXTrtkY.exe
  C:\Windows\System\vXTrtkY.exe
  2⤵
  PID:10732
- C:\Windows\System\pXERhPw.exe
  C:\Windows\System\pXERhPw.exe
  2⤵
  PID:11088
- C:\Windows\System\wwENDyD.exe
  C:\Windows\System\wwENDyD.exe
  2⤵
  PID:11112
- C:\Windows\System\UQqOBDk.exe
  C:\Windows\System\UQqOBDk.exe
  2⤵
  PID:11140
- C:\Windows\System\qTABRPh.exe
  C:\Windows\System\qTABRPh.exe
  2⤵
  PID:11172
- C:\Windows\System\ROSiGur.exe
  C:\Windows\System\ROSiGur.exe
  2⤵
  PID:9136
- C:\Windows\System\bJAMjro.exe
  C:\Windows\System\bJAMjro.exe
  2⤵
  PID:6468
- C:\Windows\System\DujWFHM.exe
  C:\Windows\System\DujWFHM.exe
  2⤵
  PID:9072
- C:\Windows\System\HlOdGCL.exe
  C:\Windows\System\HlOdGCL.exe
  2⤵
  PID:8116
- C:\Windows\System\mhJhOQQ.exe
  C:\Windows\System\mhJhOQQ.exe
  2⤵
  PID:7564
- C:\Windows\System\jburGuE.exe
  C:\Windows\System\jburGuE.exe
  2⤵
  PID:9252
- C:\Windows\System\VeEEdHC.exe
  C:\Windows\System\VeEEdHC.exe
  2⤵
  PID:7112
- C:\Windows\System\TVgbZPI.exe
  C:\Windows\System\TVgbZPI.exe
  2⤵
  PID:9336
- C:\Windows\System\dKzYOLk.exe
  C:\Windows\System\dKzYOLk.exe
  2⤵
  PID:6632
- C:\Windows\System\nCMEXAq.exe
  C:\Windows\System\nCMEXAq.exe
  2⤵
  PID:9416
- C:\Windows\System\vjTAUtm.exe
  C:\Windows\System\vjTAUtm.exe
  2⤵
  PID:10384
- C:\Windows\System\xcXFndo.exe
  C:\Windows\System\xcXFndo.exe
  2⤵
  PID:7096
- C:\Windows\System\zatiQVn.exe
  C:\Windows\System\zatiQVn.exe
  2⤵
  PID:9584
- C:\Windows\System\hZKhwrE.exe
  C:\Windows\System\hZKhwrE.exe
  2⤵
  PID:9636
- C:\Windows\System\qXyUxnZ.exe
  C:\Windows\System\qXyUxnZ.exe
  2⤵
  PID:9852
- C:\Windows\System\XQhIpma.exe
  C:\Windows\System\XQhIpma.exe
  2⤵
  PID:9888
- C:\Windows\System\CSxxZMs.exe
  C:\Windows\System\CSxxZMs.exe
  2⤵
  PID:9932
- C:\Windows\System\TsMVSzK.exe
  C:\Windows\System\TsMVSzK.exe
  2⤵
  PID:9980
- C:\Windows\System\dNOkIOC.exe
  C:\Windows\System\dNOkIOC.exe
  2⤵
  PID:10148
- C:\Windows\System\FCOgOqH.exe
  C:\Windows\System\FCOgOqH.exe
  2⤵
  PID:10120
- C:\Windows\System\rCTfyFP.exe
  C:\Windows\System\rCTfyFP.exe
  2⤵
  PID:10168
- C:\Windows\System\dXGTfmQ.exe
  C:\Windows\System\dXGTfmQ.exe
  2⤵
  PID:7808
- C:\Windows\System\UsXoqYq.exe
  C:\Windows\System\UsXoqYq.exe
  2⤵
  PID:8472
- C:\Windows\System\hCBBYxr.exe
  C:\Windows\System\hCBBYxr.exe
  2⤵
  PID:7580
- C:\Windows\System\IUyThtZ.exe
  C:\Windows\System\IUyThtZ.exe
  2⤵
  PID:7752
- C:\Windows\System\zGEFdVa.exe
  C:\Windows\System\zGEFdVa.exe
  2⤵
  PID:8712
- C:\Windows\System\laoqTuh.exe
  C:\Windows\System\laoqTuh.exe
  2⤵
  PID:8144
- C:\Windows\System\QWcwgvz.exe
  C:\Windows\System\QWcwgvz.exe
  2⤵
  PID:8848
- C:\Windows\System\CxhqUnN.exe
  C:\Windows\System\CxhqUnN.exe
  2⤵
  PID:10616
- C:\Windows\System\BkBWNhc.exe
  C:\Windows\System\BkBWNhc.exe
  2⤵
  PID:11048
- C:\Windows\System\sOwQoFS.exe
  C:\Windows\System\sOwQoFS.exe
  2⤵
  PID:10788
- C:\Windows\System\uisVGXl.exe
  C:\Windows\System\uisVGXl.exe
  2⤵
  PID:11080
- C:\Windows\System\eFvmCfV.exe
  C:\Windows\System\eFvmCfV.exe
  2⤵
  PID:11212
- C:\Windows\System\ohirauE.exe
  C:\Windows\System\ohirauE.exe
  2⤵
  PID:11104
- C:\Windows\System\wPESfNq.exe
  C:\Windows\System\wPESfNq.exe
  2⤵
  PID:9812
- C:\Windows\System\mKKonBy.exe
  C:\Windows\System\mKKonBy.exe
  2⤵
  PID:8456
- C:\Windows\System\IsLooAi.exe
  C:\Windows\System\IsLooAi.exe
  2⤵
  PID:8312
- C:\Windows\System\IKUAwJF.exe
  C:\Windows\System\IKUAwJF.exe
  2⤵
  PID:7408
- C:\Windows\System\SgDVqUv.exe
  C:\Windows\System\SgDVqUv.exe
  2⤵
  PID:8360
- C:\Windows\System\XjBfHqY.exe
  C:\Windows\System\XjBfHqY.exe
  2⤵
  PID:10268
- C:\Windows\System\pEcdoEH.exe
  C:\Windows\System\pEcdoEH.exe
  2⤵
  PID:9360
- C:\Windows\System\cwwhLwz.exe
  C:\Windows\System\cwwhLwz.exe
  2⤵
  PID:10352
- C:\Windows\System\gAQeVcw.exe
  C:\Windows\System\gAQeVcw.exe
  2⤵
  PID:7240
- C:\Windows\System\wMrAQss.exe
  C:\Windows\System\wMrAQss.exe
  2⤵
  PID:10136
- C:\Windows\System\FJNvPBO.exe
  C:\Windows\System\FJNvPBO.exe
  2⤵
  PID:10404
- C:\Windows\System\zWKvidn.exe
  C:\Windows\System\zWKvidn.exe
  2⤵
  PID:9268
- C:\Windows\System\zMbgrOo.exe
  C:\Windows\System\zMbgrOo.exe
  2⤵
  PID:10920
- C:\Windows\System\GyqbsgQ.exe
  C:\Windows\System\GyqbsgQ.exe
  2⤵
  PID:8264
- C:\Windows\System\JTqruJK.exe
  C:\Windows\System\JTqruJK.exe
  2⤵
  PID:7792
- C:\Windows\System\YRVLcwj.exe
  C:\Windows\System\YRVLcwj.exe
  2⤵
  PID:7824
- C:\Windows\System\TCmtaHL.exe
  C:\Windows\System\TCmtaHL.exe
  2⤵
  PID:10460
- C:\Windows\System\BmcTAqS.exe
  C:\Windows\System\BmcTAqS.exe
  2⤵
  PID:10984
- C:\Windows\System\GjZAnKe.exe
  C:\Windows\System\GjZAnKe.exe
  2⤵
  PID:10716
- C:\Windows\System\aHglsBn.exe
  C:\Windows\System\aHglsBn.exe
  2⤵
  PID:11132
- C:\Windows\System\npcyxym.exe
  C:\Windows\System\npcyxym.exe
  2⤵
  PID:9804
- C:\Windows\System\nzhfQSW.exe
  C:\Windows\System\nzhfQSW.exe
  2⤵
  PID:8568
- C:\Windows\System\jOpqjCi.exe
  C:\Windows\System\jOpqjCi.exe
  2⤵
  PID:10292
- C:\Windows\System\svvsUWU.exe
  C:\Windows\System\svvsUWU.exe
  2⤵
  PID:9560
- C:\Windows\System\HKozlKH.exe
  C:\Windows\System\HKozlKH.exe
  2⤵
  PID:9512
- C:\Windows\System\MuSYyQr.exe
  C:\Windows\System\MuSYyQr.exe
  2⤵
  PID:10364
- C:\Windows\System\ckkBzxN.exe
  C:\Windows\System\ckkBzxN.exe
  2⤵
  PID:10216
- C:\Windows\System\pCQqoPc.exe
  C:\Windows\System\pCQqoPc.exe
  2⤵
  PID:8964
- C:\Windows\System\KufSHqn.exe
  C:\Windows\System\KufSHqn.exe
  2⤵
  PID:11152
- C:\Windows\System\xPTKYvn.exe
  C:\Windows\System\xPTKYvn.exe
  2⤵
  PID:9396
- C:\Windows\System\KSpFbbm.exe
  C:\Windows\System\KSpFbbm.exe
  2⤵
  PID:8056
- C:\Windows\System\arLikzC.exe
  C:\Windows\System\arLikzC.exe
  2⤵
  PID:9092
- C:\Windows\System\wewhexk.exe
  C:\Windows\System\wewhexk.exe
  2⤵
  PID:7264
- C:\Windows\System\rtDylRp.exe
  C:\Windows\System\rtDylRp.exe
  2⤵
  PID:10184
- C:\Windows\System\mHgqIFo.exe
  C:\Windows\System\mHgqIFo.exe
  2⤵
  PID:11280
- C:\Windows\System\KQcFYEr.exe
  C:\Windows\System\KQcFYEr.exe
  2⤵
  PID:11304
- C:\Windows\System\NBjigpw.exe
  C:\Windows\System\NBjigpw.exe
  2⤵
  PID:11320
- C:\Windows\System\Lbpiozs.exe
  C:\Windows\System\Lbpiozs.exe
  2⤵
  PID:11340
- C:\Windows\System\TCGmMXJ.exe
  C:\Windows\System\TCGmMXJ.exe
  2⤵
  PID:11368
- C:\Windows\System\OgszfEf.exe
  C:\Windows\System\OgszfEf.exe
  2⤵
  PID:11396
- C:\Windows\System\xEQgBzc.exe
  C:\Windows\System\xEQgBzc.exe
  2⤵
  PID:11412
- C:\Windows\System\YUmAYfK.exe
  C:\Windows\System\YUmAYfK.exe
  2⤵
  PID:11464
- C:\Windows\System\dUTsEkc.exe
  C:\Windows\System\dUTsEkc.exe
  2⤵
  PID:11488
- C:\Windows\System\bTxHjgx.exe
  C:\Windows\System\bTxHjgx.exe
  2⤵
  PID:11516
- C:\Windows\System\XljBUuT.exe
  C:\Windows\System\XljBUuT.exe
  2⤵
  PID:11544
- C:\Windows\System\ISIXMcJ.exe
  C:\Windows\System\ISIXMcJ.exe
  2⤵
  PID:11560
- C:\Windows\System\VIJzTjO.exe
  C:\Windows\System\VIJzTjO.exe
  2⤵
  PID:11604
- C:\Windows\System\AVneHWA.exe
  C:\Windows\System\AVneHWA.exe
  2⤵
  PID:11624
- C:\Windows\System\eTNwkgX.exe
  C:\Windows\System\eTNwkgX.exe
  2⤵
  PID:11680
- C:\Windows\System\ZKGioar.exe
  C:\Windows\System\ZKGioar.exe
  2⤵
  PID:11696
- C:\Windows\System\eHnJJev.exe
  C:\Windows\System\eHnJJev.exe
  2⤵
  PID:11728
- C:\Windows\System\JQDbplZ.exe
  C:\Windows\System\JQDbplZ.exe
  2⤵
  PID:11748
- C:\Windows\System\fYYnbrA.exe
  C:\Windows\System\fYYnbrA.exe
  2⤵
  PID:11784
- C:\Windows\System\ZpBSqjk.exe
  C:\Windows\System\ZpBSqjk.exe
  2⤵
  PID:11808
- C:\Windows\System\TcayXZY.exe
  C:\Windows\System\TcayXZY.exe
  2⤵
  PID:11832
- C:\Windows\System\ElRNmlv.exe
  C:\Windows\System\ElRNmlv.exe
  2⤵
  PID:11868
- C:\Windows\System\ErFDgoF.exe
  C:\Windows\System\ErFDgoF.exe
  2⤵
  PID:11912
- C:\Windows\System\AFWMVkz.exe
  C:\Windows\System\AFWMVkz.exe
  2⤵
  PID:11932
- C:\Windows\System\OpjzceR.exe
  C:\Windows\System\OpjzceR.exe
  2⤵
  PID:11968
- C:\Windows\System\FfFGBfs.exe
  C:\Windows\System\FfFGBfs.exe
  2⤵
  PID:11984
- C:\Windows\System\qulAHOi.exe
  C:\Windows\System\qulAHOi.exe
  2⤵
  PID:12008
- C:\Windows\System\hcvmLZT.exe
  C:\Windows\System\hcvmLZT.exe
  2⤵
  PID:12024
- C:\Windows\System\JNtImWI.exe
  C:\Windows\System\JNtImWI.exe
  2⤵
  PID:12052
- C:\Windows\System\henPxDy.exe
  C:\Windows\System\henPxDy.exe
  2⤵
  PID:12092
- C:\Windows\System\PXEUrVr.exe
  C:\Windows\System\PXEUrVr.exe
  2⤵
  PID:12132
- C:\Windows\System\ykUqzQS.exe
  C:\Windows\System\ykUqzQS.exe
  2⤵
  PID:12160
- C:\Windows\System\wrShSXn.exe
  C:\Windows\System\wrShSXn.exe
  2⤵
  PID:12188
- C:\Windows\System\ANifPee.exe
  C:\Windows\System\ANifPee.exe
  2⤵
  PID:12224
- C:\Windows\System\bKoYHio.exe
  C:\Windows\System\bKoYHio.exe
  2⤵
  PID:12252
- C:\Windows\System\wVcklGf.exe
  C:\Windows\System\wVcklGf.exe
  2⤵
  PID:12276
- C:\Windows\System\niNEgjq.exe
  C:\Windows\System\niNEgjq.exe
  2⤵
  PID:6752
- C:\Windows\System\yQYwrPV.exe
  C:\Windows\System\yQYwrPV.exe
  2⤵
  PID:11316
- C:\Windows\System\SbKWAGY.exe
  C:\Windows\System\SbKWAGY.exe
  2⤵
  PID:11376
- C:\Windows\System\OMhuBnC.exe
  C:\Windows\System\OMhuBnC.exe
  2⤵
  PID:11432
- C:\Windows\System\NueGZMu.exe
  C:\Windows\System\NueGZMu.exe
  2⤵
  PID:11440
- C:\Windows\System\HYsgFMF.exe
  C:\Windows\System\HYsgFMF.exe
  2⤵
  PID:11596
- C:\Windows\System\rDhFzrX.exe
  C:\Windows\System\rDhFzrX.exe
  2⤵
  PID:11664
- C:\Windows\System\BKQWPNr.exe
  C:\Windows\System\BKQWPNr.exe
  2⤵
  PID:11724
- C:\Windows\System\qUxIoiM.exe
  C:\Windows\System\qUxIoiM.exe
  2⤵
  PID:11804
- C:\Windows\System\PQOKksg.exe
  C:\Windows\System\PQOKksg.exe
  2⤵
  PID:11856
- C:\Windows\System\CtAkiGt.exe
  C:\Windows\System\CtAkiGt.exe
  2⤵
  PID:11948
- C:\Windows\System\OQuynaM.exe
  C:\Windows\System\OQuynaM.exe
  2⤵
  PID:12020
- C:\Windows\System\ISlVGpL.exe
  C:\Windows\System\ISlVGpL.exe
  2⤵
  PID:11992
- C:\Windows\System\nyKyuXi.exe
  C:\Windows\System\nyKyuXi.exe
  2⤵
  PID:12128
- C:\Windows\System\scLvVWY.exe
  C:\Windows\System\scLvVWY.exe
  2⤵
  PID:12196
- C:\Windows\System\xOyKNvR.exe
  C:\Windows\System\xOyKNvR.exe
  2⤵
  PID:12248
- C:\Windows\System\HtdOGZf.exe
  C:\Windows\System\HtdOGZf.exe
  2⤵
  PID:11292
- C:\Windows\System\RvYcpVa.exe
  C:\Windows\System\RvYcpVa.exe
  2⤵
  PID:11404
- C:\Windows\System\XxuZkYZ.exe
  C:\Windows\System\XxuZkYZ.exe
  2⤵
  PID:11620
- C:\Windows\System\Lqbnhfi.exe
  C:\Windows\System\Lqbnhfi.exe
  2⤵
  PID:11780
- C:\Windows\System\agVoZws.exe
  C:\Windows\System\agVoZws.exe
  2⤵
  PID:12084
- C:\Windows\System\LibpbHl.exe
  C:\Windows\System\LibpbHl.exe
  2⤵
  PID:12124
- C:\Windows\System\gPvCqtQ.exe
  C:\Windows\System\gPvCqtQ.exe
  2⤵
  PID:12272
- C:\Windows\System\PCPFBny.exe
  C:\Windows\System\PCPFBny.exe
  2⤵
  PID:11348
- C:\Windows\System\QXDaIkK.exe
  C:\Windows\System\QXDaIkK.exe
  2⤵
  PID:11792
- C:\Windows\System\AjnqyAA.exe
  C:\Windows\System\AjnqyAA.exe
  2⤵
  PID:9880
- C:\Windows\System\iCWXmqh.exe
  C:\Windows\System\iCWXmqh.exe
  2⤵
  PID:11668
- C:\Windows\System\vFRYqsL.exe
  C:\Windows\System\vFRYqsL.exe
  2⤵
  PID:12304
- C:\Windows\System\hPzijTb.exe
  C:\Windows\System\hPzijTb.exe
  2⤵
  PID:12332
- C:\Windows\System\GmPZQcC.exe
  C:\Windows\System\GmPZQcC.exe
  2⤵
  PID:12360
- C:\Windows\System\MfKjMgk.exe
  C:\Windows\System\MfKjMgk.exe
  2⤵
  PID:12388
- C:\Windows\System\yUidZMz.exe
  C:\Windows\System\yUidZMz.exe
  2⤵
  PID:12416
- C:\Windows\System\KfYJpRe.exe
  C:\Windows\System\KfYJpRe.exe
  2⤵
  PID:12448
- C:\Windows\System\gqIpXge.exe
  C:\Windows\System\gqIpXge.exe
  2⤵
  PID:12472
- C:\Windows\System\chWRGgq.exe
  C:\Windows\System\chWRGgq.exe
  2⤵
  PID:12488
- C:\Windows\System\xNEahsx.exe
  C:\Windows\System\xNEahsx.exe
  2⤵
  PID:12528
- C:\Windows\System\zYaBssw.exe
  C:\Windows\System\zYaBssw.exe
  2⤵
  PID:12552
- C:\Windows\System\deSSWAX.exe
  C:\Windows\System\deSSWAX.exe
  2⤵
  PID:12580
- C:\Windows\System\fOwWlOM.exe
  C:\Windows\System\fOwWlOM.exe
  2⤵
  PID:12604
- C:\Windows\System\vyuWwvi.exe
  C:\Windows\System\vyuWwvi.exe
  2⤵
  PID:12624
- C:\Windows\System\BVjiJhY.exe
  C:\Windows\System\BVjiJhY.exe
  2⤵
  PID:12652
- C:\Windows\System\EQrLhHT.exe
  C:\Windows\System\EQrLhHT.exe
  2⤵
  PID:12672
- C:\Windows\System\gTSFzBd.exe
  C:\Windows\System\gTSFzBd.exe
  2⤵
  PID:12692
- C:\Windows\System\rekmxVr.exe
  C:\Windows\System\rekmxVr.exe
  2⤵
  PID:12724
- C:\Windows\System\gLnmckZ.exe
  C:\Windows\System\gLnmckZ.exe
  2⤵
  PID:12752
- C:\Windows\System\XSmARGC.exe
  C:\Windows\System\XSmARGC.exe
  2⤵
  PID:12776
- C:\Windows\System\eudWRTN.exe
  C:\Windows\System\eudWRTN.exe
  2⤵
  PID:12804
- C:\Windows\System\IycXVwW.exe
  C:\Windows\System\IycXVwW.exe
  2⤵
  PID:12832
- C:\Windows\System\DlnDMEj.exe
  C:\Windows\System\DlnDMEj.exe
  2⤵
  PID:12880
- C:\Windows\System\NemwMql.exe
  C:\Windows\System\NemwMql.exe
  2⤵
  PID:12924
- C:\Windows\System\gIvBQVl.exe
  C:\Windows\System\gIvBQVl.exe
  2⤵
  PID:12948
- C:\Windows\System\lBOGwNW.exe
  C:\Windows\System\lBOGwNW.exe
  2⤵
  PID:12972
- C:\Windows\System\ScmEllf.exe
  C:\Windows\System\ScmEllf.exe
  2⤵
  PID:13020
- C:\Windows\System\maGcsxJ.exe
  C:\Windows\System\maGcsxJ.exe
  2⤵
  PID:13044
- C:\Windows\System\nwFYqcY.exe
  C:\Windows\System\nwFYqcY.exe
  2⤵
  PID:13064
- C:\Windows\System\PEDlYoD.exe
  C:\Windows\System\PEDlYoD.exe
  2⤵
  PID:13104
- C:\Windows\System\BeaIGcT.exe
  C:\Windows\System\BeaIGcT.exe
  2⤵
  PID:13124
- C:\Windows\System\YapJpkm.exe
  C:\Windows\System\YapJpkm.exe
  2⤵
  PID:13156
- C:\Windows\System\AvqUTPr.exe
  C:\Windows\System\AvqUTPr.exe
  2⤵
  PID:13184
- C:\Windows\System\bXvhCFa.exe
  C:\Windows\System\bXvhCFa.exe
  2⤵
  PID:13200
- C:\Windows\System\uYZpRHv.exe
  C:\Windows\System\uYZpRHv.exe
  2⤵
  PID:13220
- C:\Windows\System\FhfYJCH.exe
  C:\Windows\System\FhfYJCH.exe
  2⤵
  PID:13268
- C:\Windows\System\LPRHJpX.exe
  C:\Windows\System\LPRHJpX.exe
  2⤵
  PID:13296
- C:\Windows\System\tpvUAbw.exe
  C:\Windows\System\tpvUAbw.exe
  2⤵
  PID:12296
- C:\Windows\System\rJswTUx.exe
  C:\Windows\System\rJswTUx.exe
  2⤵
  PID:12344
- C:\Windows\System\nTACQtF.exe
  C:\Windows\System\nTACQtF.exe
  2⤵
  PID:12404
- C:\Windows\System\prCQqhg.exe
  C:\Windows\System\prCQqhg.exe
  2⤵
  PID:12480
- C:\Windows\System\VGCOJhJ.exe
  C:\Windows\System\VGCOJhJ.exe
  2⤵
  PID:12544
- C:\Windows\System\gqnJMpZ.exe
  C:\Windows\System\gqnJMpZ.exe
  2⤵
  PID:12596
- C:\Windows\System\ZngKWEr.exe
  C:\Windows\System\ZngKWEr.exe
  2⤵
  PID:12684
- C:\Windows\System\nRemQtZ.exe
  C:\Windows\System\nRemQtZ.exe
  2⤵
  PID:12720
- C:\Windows\System\YsfgUCx.exe
  C:\Windows\System\YsfgUCx.exe
  2⤵
  PID:12848
- C:\Windows\System\drSqpBH.exe
  C:\Windows\System\drSqpBH.exe
  2⤵
  PID:12888
- C:\Windows\System\sbghQdv.exe
  C:\Windows\System\sbghQdv.exe
  2⤵
  PID:12984
- C:\Windows\System\DdQkccn.exe
  C:\Windows\System\DdQkccn.exe
  2⤵
  PID:13036
- C:\Windows\System\ZcRqWMX.exe
  C:\Windows\System\ZcRqWMX.exe
  2⤵
  PID:13084
- C:\Windows\System\WDVujVm.exe
  C:\Windows\System\WDVujVm.exe
  2⤵
  PID:13164
- C:\Windows\System\VCGEArV.exe
  C:\Windows\System\VCGEArV.exe
  2⤵
  PID:13192
- C:\Windows\System\YRaMhqo.exe
  C:\Windows\System\YRaMhqo.exe
  2⤵
  PID:13256
- C:\Windows\System\lHLMWCv.exe
  C:\Windows\System\lHLMWCv.exe
  2⤵
  PID:12372
- C:\Windows\System\UgUgczA.exe
  C:\Windows\System\UgUgczA.exe
  2⤵
  PID:12400
- C:\Windows\System\dBVjoMF.exe
  C:\Windows\System\dBVjoMF.exe
  2⤵
  PID:12704
- C:\Windows\System\zNxQGgD.exe
  C:\Windows\System\zNxQGgD.exe
  2⤵
  PID:13308
- C:\Windows\System\mGKEwxy.exe
  C:\Windows\System\mGKEwxy.exe
  2⤵
  PID:12936
- C:\Windows\System\jaSnAYV.exe
  C:\Windows\System\jaSnAYV.exe
  2⤵
  PID:13140
- C:\Windows\System\DyjmedV.exe
  C:\Windows\System\DyjmedV.exe
  2⤵
  PID:13280
- C:\Windows\System\IHQCntW.exe
  C:\Windows\System\IHQCntW.exe
  2⤵
  PID:13264
- C:\Windows\System\JcCVzwD.exe
  C:\Windows\System\JcCVzwD.exe
  2⤵
  PID:4396
- C:\Windows\System\qAaBnmF.exe
  C:\Windows\System\qAaBnmF.exe
  2⤵
  PID:12968
- C:\Windows\System\BOyXoSL.exe
  C:\Windows\System\BOyXoSL.exe
  2⤵
  PID:13136
- C:\Windows\System\RnvVKSm.exe
  C:\Windows\System\RnvVKSm.exe
  2⤵
  PID:13324
- C:\Windows\System\xOyMzYB.exe
  C:\Windows\System\xOyMzYB.exe
  2⤵
  PID:13348
- C:\Windows\System\XeuiOJj.exe
  C:\Windows\System\XeuiOJj.exe
  2⤵
  PID:13380
- C:\Windows\System\cAZfwvt.exe
  C:\Windows\System\cAZfwvt.exe
  2⤵
  PID:13408
- C:\Windows\System\RDhIxjm.exe
  C:\Windows\System\RDhIxjm.exe
  2⤵
  PID:13432
- C:\Windows\System\kgvHKdL.exe
  C:\Windows\System\kgvHKdL.exe
  2⤵
  PID:13488
- C:\Windows\System\qoVaVyr.exe
  C:\Windows\System\qoVaVyr.exe
  2⤵
  PID:13512
- C:\Windows\System\kyQjJpf.exe
  C:\Windows\System\kyQjJpf.exe
  2⤵
  PID:13532
- C:\Windows\System\fErrZTY.exe
  C:\Windows\System\fErrZTY.exe
  2⤵
  PID:13560
- C:\Windows\System\yPMBAPH.exe
  C:\Windows\System\yPMBAPH.exe
  2⤵
  PID:13592
- C:\Windows\System\sbFNyFd.exe
  C:\Windows\System\sbFNyFd.exe
  2⤵
  PID:13636
- C:\Windows\System\lBpPPyN.exe
  C:\Windows\System\lBpPPyN.exe
  2⤵
  PID:13664
- C:\Windows\System\LtOTaKy.exe
  C:\Windows\System\LtOTaKy.exe
  2⤵
  PID:13688
- C:\Windows\System\RSlRBSR.exe
  C:\Windows\System\RSlRBSR.exe
  2⤵
  PID:13720
- C:\Windows\System\aUvTZJv.exe
  C:\Windows\System\aUvTZJv.exe
  2⤵
  PID:13744
- C:\Windows\System\DRqAIYh.exe
  C:\Windows\System\DRqAIYh.exe
  2⤵
  PID:13776
- C:\Windows\System\THGshEr.exe
  C:\Windows\System\THGshEr.exe
  2⤵
  PID:13800
- C:\Windows\System\eIsPqmL.exe
  C:\Windows\System\eIsPqmL.exe
  2⤵
  PID:13820
- C:\Windows\System\hpvXZyN.exe
  C:\Windows\System\hpvXZyN.exe
  2⤵
  PID:13852
- C:\Windows\System\ZsLPpCv.exe
  C:\Windows\System\ZsLPpCv.exe
  2⤵
  PID:13908
- C:\Windows\System\HbCFYvE.exe
  C:\Windows\System\HbCFYvE.exe
  2⤵
  PID:13932
- C:\Windows\System\mTLblPf.exe
  C:\Windows\System\mTLblPf.exe
  2⤵
  PID:13952
- C:\Windows\System\VCfJouC.exe
  C:\Windows\System\VCfJouC.exe
  2⤵
  PID:13972
- C:\Windows\System\ECjczrm.exe
  C:\Windows\System\ECjczrm.exe
  2⤵
  PID:13996
- C:\Windows\System\RrHlElR.exe
  C:\Windows\System\RrHlElR.exe
  2⤵
  PID:14016
- C:\Windows\System\jiwBzMq.exe
  C:\Windows\System\jiwBzMq.exe
  2⤵
  PID:14060
- C:\Windows\System\ZZRInRg.exe
  C:\Windows\System\ZZRInRg.exe
  2⤵
  PID:14084
- C:\Windows\System\IrGLeRS.exe
  C:\Windows\System\IrGLeRS.exe
  2⤵
  PID:14108
- C:\Windows\System\DFesHqQ.exe
  C:\Windows\System\DFesHqQ.exe
  2⤵
  PID:14128
- C:\Windows\System\tHiJyUe.exe
  C:\Windows\System\tHiJyUe.exe
  2⤵
  PID:14156
- C:\Windows\System\fAAuaUH.exe
  C:\Windows\System\fAAuaUH.exe
  2⤵
  PID:14196
- C:\Windows\System\HouQjuB.exe
  C:\Windows\System\HouQjuB.exe
  2⤵
  PID:14220
- C:\Windows\System\NdqKWIg.exe
  C:\Windows\System\NdqKWIg.exe
  2⤵
  PID:14240
- C:\Windows\System\BvVGgVj.exe
  C:\Windows\System\BvVGgVj.exe
  2⤵
  PID:14264
- C:\Windows\System\UIpJekQ.exe
  C:\Windows\System\UIpJekQ.exe
  2⤵
  PID:14284
- C:\Windows\System\PqGOqRo.exe
  C:\Windows\System\PqGOqRo.exe
  2⤵
  PID:14316
- C:\Windows\System\mTuyZcd.exe
  C:\Windows\System\mTuyZcd.exe
  2⤵
  PID:12520
- C:\Windows\System\pYHhYRw.exe
  C:\Windows\System\pYHhYRw.exe
  2⤵
  PID:13320
- C:\Windows\System\HgtuAZs.exe
  C:\Windows\System\HgtuAZs.exe
  2⤵
  PID:13424
- C:\Windows\System\zEEgDNA.exe
  C:\Windows\System\zEEgDNA.exe
  2⤵
  PID:13496
- C:\Windows\System\qTkfzAk.exe
  C:\Windows\System\qTkfzAk.exe
  2⤵
  PID:13620
- C:\Windows\System\pcBkoGb.exe
  C:\Windows\System\pcBkoGb.exe
  2⤵
  PID:12820
- C:\Windows\System\rUMTJiB.exe
  C:\Windows\System\rUMTJiB.exe
  2⤵
  PID:13700
- C:\Windows\System\DSOCfUN.exe
  C:\Windows\System\DSOCfUN.exe
  2⤵
  PID:13784
- C:\Windows\System\alQubcw.exe
  C:\Windows\System\alQubcw.exe
  2⤵
  PID:13928
- C:\Windows\System\eAejJjt.exe
  C:\Windows\System\eAejJjt.exe
  2⤵
  PID:14032
- C:\Windows\System\QRVKZWh.exe
  C:\Windows\System\QRVKZWh.exe
  2⤵
  PID:14068
- C:\Windows\System\QctfuCL.exe
  C:\Windows\System\QctfuCL.exe
  2⤵
  PID:14120
- C:\Windows\System\NVPOutN.exe
  C:\Windows\System\NVPOutN.exe
  2⤵
  PID:14192
- C:\Windows\System\IfKUAQd.exe
  C:\Windows\System\IfKUAQd.exe
  2⤵
  PID:14232
- C:\Windows\System\WqVfAWH.exe
  C:\Windows\System\WqVfAWH.exe
  2⤵
  PID:14260
- C:\Windows\System\UXhYuWI.exe
  C:\Windows\System\UXhYuWI.exe
  2⤵
  PID:13344
- C:\Windows\System\nWRpPeO.exe
  C:\Windows\System\nWRpPeO.exe
  2⤵
  PID:13644
- C:\Windows\System\pGlidIb.exe
  C:\Windows\System\pGlidIb.exe
  2⤵
  PID:13584
- C:\Windows\System\insnmUJ.exe
  C:\Windows\System\insnmUJ.exe
  2⤵
  PID:13740
- C:\Windows\System\gKHWwLD.exe
  C:\Windows\System\gKHWwLD.exe
  2⤵
  PID:13768
- C:\Windows\System\BuKBGkd.exe
  C:\Windows\System\BuKBGkd.exe
  2⤵
  PID:13988
- C:\Windows\System\DHwySZV.exe
  C:\Windows\System\DHwySZV.exe
  2⤵
  PID:14092
- C:\Windows\System\jTXNloI.exe
  C:\Windows\System\jTXNloI.exe
  2⤵
  PID:14216
- C:\Windows\System\UiKAkbS.exe
  C:\Windows\System\UiKAkbS.exe
  2⤵
  PID:3752
- C:\Windows\System\oniSUsh.exe
  C:\Windows\System\oniSUsh.exe
  2⤵
  PID:13964
- C:\Windows\System\DHHYbFq.exe
  C:\Windows\System\DHHYbFq.exe
  2⤵
  PID:14188
- C:\Windows\System\WPFZhBj.exe
  C:\Windows\System\WPFZhBj.exe
  2⤵
  PID:13500

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\FwWTHXx.exe

Filesize
1.7MB

MD5
e7a2c5892ed6e2354871d28402e67eb4

SHA1
61c6c55eaf64f9a57105fd5360f2b17366fcdccc

SHA256
776c24ab7ddff88fdbc1f5c533e3abcbdf188841d5755aaa0fea634f6250ccd0

SHA512
596645804f0b11b51d7b768d970d8c1d7173b20bc5f7ff7456c53cf310586a27fbcc8bcca24c7e73d8f06ebea287ad4b5db379b6b2282b0e438dbd4234a3698e

Download Submit
C:\Windows\System\GAzcCnT.exe

Filesize
1.7MB

MD5
ad0095c6210c8414c0695a9af04d3527

SHA1
36d381426b9dc5edf162e923ee828df8730947a6

SHA256
24ca394e1c06e15ebad32ff07343c23f7014145acf3e7aec9145528c755bd0a0

SHA512
b3d1674c6b827d5c776cd3db99e8d03221329a87d8972dd984ea89a4cd55cf421eb35811717cec449f06059191eddd8c4e178c4be44ea8812f63666a492ea2ae

Download Submit
C:\Windows\System\IcivzVa.exe

Filesize
1.7MB

MD5
4c2fce7a564fdd9d7d5bb317b028e821

SHA1
7a32c95994ed7aff70f18a53b6bffb68b2425d15

SHA256
5d3356209543d0ba236f298058e2601b596fdd4a64029618f3a0f6c74eac3df7

SHA512
448386fb73f6c3e94a9401a2340c31841450a48008cdf6e6b1eb43da89d98722a72a0867785e03ddb235f4764c0660446586696cc4077b3f0826e768e151de8b

Download Submit
C:\Windows\System\JAVbfXm.exe

Filesize
1.7MB

MD5
501ee5771433c276d0c9a60c7f27fc97

SHA1
7ca6e3a39502de7b80793d13d1e3aa43239e83f7

SHA256
a744903e1019de49faff5816d4dc31f1a602da7aa6bdcc8177231eba57f1201d

SHA512
c553a6c5a733df928a5bce4fa0d6e00db43ba8dfe62ae2e7fa45107644400028ed2d61e864c33079b52188fb56b926ad02cb9660f9798365019f0e4d5f8e0333

Download Submit
C:\Windows\System\JdoQwqT.exe

Filesize
1.7MB

MD5
6913c3928fbdf2bcbff10ef8a3424ef1

SHA1
e5f91cfcb532daf18bffe2808822d9f4ef9e84e5

SHA256
192d4e6e6f93441c6f3e6177275a34983e93724b9eb7f448c2408fa6ccd81b9d

SHA512
efc28ddbc4e7e8454221a827b041e19a7aa452efeb6f3c1928cefa3c0435b7cd8ab59890824dc5af84bdcaf5b03613619861ad8cdc743582d2cbb1252b7e6910

Download Submit
C:\Windows\System\JofCtCd.exe

Filesize
1.7MB

MD5
e4914792a9b3d73c931dd5370612f232

SHA1
bc259baaaf13a6200a379a1ba60ba00ad54fd501

SHA256
4e3ce7f55192e2980728cf7bff2aabe9cd909278a057a9a74de80b2c138b5671

SHA512
cf9fde045d02d0dbacfffb1938186768eea700025686c6937455b460740016fd71a3609596dd0effed32ef8820d88fea1e88aec2a05fc8e39fb9f51b5b3c2f54

Download Submit
C:\Windows\System\KJCFLTf.exe

Filesize
1.7MB

MD5
c4ec6f92bc041ea0ef3a6c59e816621d

SHA1
bba409c5838dff420cc45005a4e77945577af29e

SHA256
fdf8a580ffbc47709ff0ec60979c4294c9b75d82e084e785e1e11e8e24fb3fdf

SHA512
ec0ac0bb200f79a0619cfce583104bdfb542f74d8aaeaa740966e3350861d88084e536f0a04e4c69bddd80532eb445221cd45ff3367d44bf2caf34ec1b6c253e

Download Submit
C:\Windows\System\LkWPUok.exe

Filesize
1.7MB

MD5
4e190375053a334eff97f6c0c671edf8

SHA1
5daf064df03801042fd6c2bb999e99502562e07c

SHA256
a0e74fa2f02acf15f61e4a56a39fa4ba0d5a16a4578149c10524098e973d5ddd

SHA512
50d7b2d8a354fc3d102c17176dc2a13d2fbd2a491df9d97ec165af8bbbe3ae5e61ca19c6d3567c2c88d6ba8e90f3fd404b5e41ca5299b05c0c482204b8ae8744

Download Submit
C:\Windows\System\LugsGIF.exe

Filesize
1.7MB

MD5
0357692cfd6bea40137869835248ba58

SHA1
c94fc124ac59df2d726087a64c07df48b2d1fa99

SHA256
28353df6c415a28c17638ccd13dad912f7312f6d9c2a73164bced1691b3ac89c

SHA512
7e9acf719d02c127ce46d7a845b73d836500c1617e60f2eae95688f730aadc08c75c18f869f6bf0f70337c07d3e218b7f61054c9eb6eeaa0afdef5e18633ffd6

Download Submit
C:\Windows\System\LvjhzXJ.exe

Filesize
1.7MB

MD5
f4aa977c9725dde06262f8b3d3a3775e

SHA1
5b7a0eea83057b2cd4c0a76e4789b251aab47a83

SHA256
8ec03de1ee674cb3ac1f05ae5e3b19ef89f4ad8192320d8b15a28c5a216ee641

SHA512
b71d6f02a357d21cf5ac2aaed2ec6f5872212ef2fac7ce8f33c28fcfc32b56de4687443ed34abd4144459b84f1aa04de217656a02d102b1f5f01e1505ae41483

Download Submit
C:\Windows\System\MZNBigP.exe

Filesize
1.7MB

MD5
81dc0e73c4d5fddecbcb6d1f3833e5f3

SHA1
a7376b922a1d7b62fff5857361c898980c0a9322

SHA256
a5a698d5ab5814fde9b2ea3ade842e072b73c2daa875a6284af095386bb8b164

SHA512
a2957461edcf3686099c02e8ced9095c47c31d6a2cc5dfcd89531ae19065e77ebb159bfca549c4bf1d08f53e952866f8340b22f8daa0229edcc3e98354e62f59

Download Submit
C:\Windows\System\McVEXOo.exe

Filesize
1.7MB

MD5
1c746e9dcf8d2fa11e52f5b7ec2cdc75

SHA1
c900cc47a0b4fff242d9c3e879e772cc2ef446d5

SHA256
98fea39a4317637c44ee0e318dc8a32517f03842fee203a1c573e6fd37254b57

SHA512
5e0d4a62b62284bd293d24ff8227ad9192d33d073fcff897b35cb547f5b8568cfafd300c07efd37556a136fb57abb78bb3418d32405d3a844c9babe7703fa940

Download Submit
C:\Windows\System\WUBuFgP.exe

Filesize
1.7MB

MD5
d780a36a8c467af0845a0663df6f3643

SHA1
f098beffd0039fa6ce43b4a881426ffcff9a9817

SHA256
29b34fc6064f6d39080a9c3aed80fc10c55e31def3def5220db1afcc5016c356

SHA512
a33b06a3cce540a9a78c64a6150a21a6ca85dd13b962adf79d962f35f889c0409890f8654ed844588ff4b853f335adf062ed3bb5d4fea4bbbccba744a10b73cd

Download Submit
C:\Windows\System\WsCYZeu.exe

Filesize
1.7MB

MD5
1d85caf068b92aee71c4b58978c70938

SHA1
1fe1f3581d40ae81c31f55858013723e8cad0490

SHA256
70bbf69e340b5281ec3face088928f1c8188b68f4b0924a2b33ea747623f85de

SHA512
7064e7678416dd37445abf321751dc5a71080e5e59ee54ef4b1a348eaa6ddaa0f766eb86cb2cc9706d3e8b1c8ae49587c52945a5296f7fe6c0235d24f424f83b

Download Submit
C:\Windows\System\XUoCVUy.exe

Filesize
1.7MB

MD5
3e8ccd829281383faf56e0401553f1b5

SHA1
f04afd7bed35d5fadbae8556f63ec39e44715c9c

SHA256
7f35a1e2a9edef0977bb2ff1e42e4692b371c512a849502d7214b27bd6a17653

SHA512
2532fd2278d637bdc567468156d0fd0de37c4cbb7d81cae20e013749fe7bcd57684499eaa91e4b03a9eca2c1f3caf7408fc74b3783ba44afd86093104198ca82

Download Submit
C:\Windows\System\XqiGhOj.exe

Filesize
1.7MB

MD5
15e7a738b4c911c6f49750187511de49

SHA1
076bd7cb98ae3ec1825970504a74ec307811a9e2

SHA256
8c2cd5caad4a5cf2d781b74f9ecff3ccf508bf4cb2a5abf5519be35ec50c6585

SHA512
c5c5bb9b1f4b532939683b4b36e58a588c260883b0e99d702116c20063be716d80fe150644fa283210d855b35461c7d0e2f6a496fb7c61077e84536a63934738

Download Submit
C:\Windows\System\YQMzGzJ.exe

Filesize
1.7MB

MD5
ad82d2689669c995d3842c07cc7d04dc

SHA1
074a8e1b0d67d54da02c9ef548a1fe034870cb22

SHA256
1303a98b40c057532de4726b0e14b17ce37a962a0b99015906e5fab51d387fd6

SHA512
28d78a69308213fbd11ccfab14b693c915a672283936f79cdc4649ec5b44b9abc7dc57288193ff8ca45fcaf42ea8e1654d971fb0a2275dc6e14c87ae50fc59ff

Download Submit
C:\Windows\System\ZGfxCxV.exe

Filesize
1.7MB

MD5
73903718354957b94a717c4035442aed

SHA1
be2ed2926fd8da2b30dc74f94cb82d916a16effb

SHA256
987d76687dfc83453bd718096f41ac53c1f25729e90ed76e9ba0a29fd91b71a0

SHA512
15b7779371b15bfe82889f12948c291305be938b8c4fc7330f95e813e578de1716a52bd42c347a44b0ae0494b43b769c36d84b1e0abb8d89178f6d0aa7088f21

Download Submit
C:\Windows\System\ZTMgPPm.exe

Filesize
1.7MB

MD5
6c7107ccd86e742c2fe5aabc056070e8

SHA1
75fe79e57914a8ae55de3ba7a76ba1665b490a49

SHA256
4de5e805739361b2500823cce9e703bd3273de54cb777495ff1ecef6f5b6847a

SHA512
c9ce5f2863eb15d3cb0b164795e5b3bd6cf5b4884080bb9d942b1ff3f2a131779667290ad0f1d0e1d3700e5cfcb286e442471000c3bfbc1f50343fa0c2049d2b

Download Submit
C:\Windows\System\aiymeny.exe

Filesize
1.7MB

MD5
26318438ea474006f3fd85f5e3238c56

SHA1
bd810190e49c00e1e54825682766851f7f9d0a95

SHA256
ad4c30dc8b7246c0b86c36a88b2969a1d8cc17a7f6d55232582005bb89ec5b10

SHA512
f5e576b02509591c7dbe4c8ecf53ea613d7232922e62c180927ae475e81a0a0d4426d64ad395a27e5b8b9b4b47dbe5ec7eecf82418fd4b538c6e3b25c79b39f4

Download Submit
C:\Windows\System\dlAkOAl.exe

Filesize
1.7MB

MD5
1931eb54878899d5947dc5728d95ca92

SHA1
07e44778e979e8e665662a518c546f441c33a0d0

SHA256
17f5f0c8f1799520c9db064aff4e66d094834ad0284af16d08d3b77be3ce07fc

SHA512
170806299df4e05fe27ec8d28e5a430d03d6148973a1f0f90e4f2bcbdff431fa22eb362d9c9700a1c8810eacba98390c1365956307d0a2e2dc4d32e18717b6e2

Download Submit
C:\Windows\System\hSpKVlW.exe

Filesize
1.7MB

MD5
1d646f8a92eb7f38624dc939e7da96d2

SHA1
2c5cd847022d05123b0ee001ebc2e086686d6a14

SHA256
677aa4a28b1e983598c620e3933da1cddb11aa264bd84c790e0d93857ae3f151

SHA512
8a1f4a6519def4de6294e2c734d95c5a6a20a069480eecfb01b2902ba280a5a4b311424fcf71b4e7619146368cf22e0983a77903d21db02e29324e5be361c317

Download Submit
C:\Windows\System\hovtmUv.exe

Filesize
1.7MB

MD5
fba972cc1ed1f6f32eb91d0e2c989507

SHA1
5cbacd1f8751d863b83a614247296d2fff4b3012

SHA256
062711906a1b28ebfbd1a3929c2b6d1fec6a260bdd669f289598e10eb84e34b3

SHA512
5e65ad7ee0c07608f0a27790fe22d5c5bd0b5e3da4bf0e279e9dc624255b282b75432099a0f0ff2e8bda6d56bec38baba4973f594f65ed08c43f4fa8279f8945

Download Submit
C:\Windows\System\jBcnXUh.exe

Filesize
1.7MB

MD5
2ecd69ab39d0413e8c42698c60abfcdb

SHA1
e6fd13bd42a3a993541bd20c4f879f2de34bbfab

SHA256
38c8f9dfa386a148409cb9fddb48befd9a72a496dab5307992807207fa1b3f82

SHA512
855883f6673d955dd14c80093152fd5e630187dd16b269dd0eba84afa0a53856a74fca51351fd0df3ec8b03e66a8d5a868db77bc331315f7be37d4fd245ccd22

Download Submit
C:\Windows\System\mQWHzVW.exe

Filesize
1.7MB

MD5
f5dd919ca063799038d0a3a79e7562c9

SHA1
eacacea79ef91a8562b1cba608efecff8c8b9254

SHA256
7f1322c58fdbc1121a717fac3c55d5205319d4345306b71a4b6d2620e2189068

SHA512
aa43804d39c881bc85e16bf6583397c2a8fa73ba997addcace5fe4e7cc5d77d85349f4fd8423757d6374060644340e0db7b9878b9f2e14dbe76f898bd54cb8af

Download Submit
C:\Windows\System\pROvqhR.exe

Filesize
1.7MB

MD5
0db8c06167c64e0ebeb5bd0660f48883

SHA1
916acc7ed16b04108bca6e2a2c9bf17a5c7529a7

SHA256
ec98ef6bbf5b0db4bc851db918d562a4fdad05171dae41e46518d13e073d8ed1

SHA512
6711cf9284f23ae721b4ddfd2fa45e96d7f0cf2e6d903b7bc48de224ea258ae214ee84c8cea564d92abca2a0b0f57487950ea6fe5c80acb4d9153bcb31dcf723

Download Submit
C:\Windows\System\pjanfpO.exe

Filesize
1.7MB

MD5
f43c0e5d50a251b4c8d16b366e9b1c57

SHA1
28be2d5c3cdd4d9e7b618ce4f2bbf5911d6cce25

SHA256
46c8f791c88e5995bea6ad6f006ee0ee9f6c71db932f0aa3772081f0ccb72b4d

SHA512
29c7a444ba59062120a3a1fdd4d67dba1d14972dac73a1406d375746e00083a2ac9555ffcb788b13cafdd94b1e90b8c2ee5d17fcf197999c57550625fdcd1450

Download Submit
C:\Windows\System\qGVkeiT.exe

Filesize
1.7MB

MD5
828b95e86059c8a5777038580922a4ae

SHA1
d1d12c725174dc68b1c7b5f6eadb1169fca4f8f2

SHA256
c029a2245f080576c85a156394f6449faa0fd6cf505a85b4159b57f911b2ac75

SHA512
f14152ea19d3aba2813456b4245d5605411a25a9c3a6a50c3e9533b4d44f4cab9526f7eebf15ac093fe614b70fc03285cdc87cef47f7a96313417ed866210dff

Download Submit
C:\Windows\System\rKkMZLv.exe

Filesize
1.7MB

MD5
6102706d4ec9f6edbac4aa01c359577d

SHA1
7f0186995e8d1b4f9699fd15c677e7e953efbf22

SHA256
7eadf3d4c2f3f3b77b09b4ec9c79ece723741dd8ff05a533588e274a591c469b

SHA512
69658b4737b15358695f5bb5ee69a82ce4b4be468088e232a9a954a0e4ec9ed78aea1c01cc5578c4f99c090bae108403b5c449086490feee9f184f3b5334cf5f

Download Submit
C:\Windows\System\wwpEzue.exe

Filesize
1.7MB

MD5
7d2ed7dbf20a63958d0554a3f70c6412

SHA1
2e1ba98aeaf5dac978694fbd960b883c6498940a

SHA256
8be1358f2b442ea2e37520a75d23a5dcfe5d110337831f74e819ebe4035d8e3a

SHA512
b7b312b5f7934feb342a7c63f4493172985b1f7437084f547aa99363755c097e9f4e38c5ce9d013faa79ad67972d15948777925270f1925a78bbd0546b174473

Download Submit
C:\Windows\System\xCVxyRN.exe

Filesize
1.7MB

MD5
1b193e35cd9fe70d1d2317faead81c4c

SHA1
18ec8c07a9103411554d65f6ddb17a7af3d8b100

SHA256
1c95b95e74771bdf168bd7911a70395b6a69c8e71437ac9eab7aed97b13eb931

SHA512
42f01b5597b29f35ad08abc52d1336cd2ea8c8297d0d7deacd36a4124aad7c86c9141a9c08d4feeece3c528facf41ceedcfebae6d5e27947180e614355f6bb3e

Download Submit
C:\Windows\System\yWNcQlc.exe

Filesize
1.7MB

MD5
aef20ae9b49f40aab4eeee7e5866fe63

SHA1
7eb8751e81d8310d9811d72ff145ecbfd2130351

SHA256
97d0dcc2d7908d9bc4b27767ddf5931e65e0322a5abe9a1ac137c01a391a768b

SHA512
4ac7ea28511978de8e90ef3e9bfd8374548032c13316b1adfed62342bbe9d7ea32b46be802d1c10a337a5c61a02b568329d5cc8bafebee2271ea16f5b89194fe

Download Submit
C:\Windows\System\zuJEzKm.exe

Filesize
1.7MB

MD5
1be5bf2e0584a69ef04f8ef777ef7304

SHA1
884c6597a0f7da471a3872be7bc7ae34c931c027

SHA256
f4954bd9c285f6c58735edea0f9a65f02d7a4666c5eb5525ef9b596eed7fce96

SHA512
90f3dcd544194d84a92058080411abbf5659a2d0b5de1488590a8a0fc2e2994c555bcb0708e05665a77cf69013da630b2a65d392a9a06941374efd0da63ab562

Download Submit
memory/116-2389-0x00007FF621B10000-0x00007FF621E61000-memory.dmp

Filesize
3.3MB

Download
memory/116-65-0x00007FF621B10000-0x00007FF621E61000-memory.dmp

Filesize
3.3MB

Download
memory/488-885-0x00007FF6A9590000-0x00007FF6A98E1000-memory.dmp

Filesize
3.3MB

Download
memory/488-2419-0x00007FF6A9590000-0x00007FF6A98E1000-memory.dmp

Filesize
3.3MB

Download
memory/716-2401-0x00007FF713A80000-0x00007FF713DD1000-memory.dmp

Filesize
3.3MB

Download
memory/716-541-0x00007FF713A80000-0x00007FF713DD1000-memory.dmp

Filesize
3.3MB

Download
memory/1416-2351-0x00007FF74FBD0000-0x00007FF74FF21000-memory.dmp

Filesize
3.3MB

Download
memory/1416-23-0x00007FF74FBD0000-0x00007FF74FF21000-memory.dmp

Filesize
3.3MB

Download
memory/1416-1881-0x00007FF74FBD0000-0x00007FF74FF21000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2395-0x00007FF747130000-0x00007FF747481000-memory.dmp

Filesize
3.3MB

Download
memory/1464-519-0x00007FF747130000-0x00007FF747481000-memory.dmp

Filesize
3.3MB

Download
memory/1948-2353-0x00007FF641970000-0x00007FF641CC1000-memory.dmp

Filesize
3.3MB

Download
memory/1948-44-0x00007FF641970000-0x00007FF641CC1000-memory.dmp

Filesize
3.3MB

Download
memory/2032-2391-0x00007FF67EEA0000-0x00007FF67F1F1000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1285-0x00007FF67EEA0000-0x00007FF67F1F1000-memory.dmp

Filesize
3.3MB

Download
memory/2212-60-0x00007FF7BDCA0000-0x00007FF7BDFF1000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2083-0x00007FF7BDCA0000-0x00007FF7BDFF1000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2387-0x00007FF7BDCA0000-0x00007FF7BDFF1000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2415-0x00007FF670560000-0x00007FF6708B1000-memory.dmp

Filesize
3.3MB

Download
memory/2256-664-0x00007FF670560000-0x00007FF6708B1000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2079-0x00007FF670B10000-0x00007FF670E61000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2385-0x00007FF670B10000-0x00007FF670E61000-memory.dmp

Filesize
3.3MB

Download
memory/2292-45-0x00007FF670B10000-0x00007FF670E61000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2355-0x00007FF781670000-0x00007FF7819C1000-memory.dmp

Filesize
3.3MB

Download
memory/2328-41-0x00007FF781670000-0x00007FF7819C1000-memory.dmp

Filesize
3.3MB

Download
memory/2328-1943-0x00007FF781670000-0x00007FF7819C1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-667-0x00007FF674C80000-0x00007FF674FD1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2409-0x00007FF674C80000-0x00007FF674FD1000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2403-0x00007FF6637F0000-0x00007FF663B41000-memory.dmp

Filesize
3.3MB

Download
memory/2556-565-0x00007FF6637F0000-0x00007FF663B41000-memory.dmp

Filesize
3.3MB

Download
memory/2700-61-0x00007FF7F3E70000-0x00007FF7F41C1000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2382-0x00007FF7F3E70000-0x00007FF7F41C1000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2421-0x00007FF6F5120000-0x00007FF6F5471000-memory.dmp

Filesize
3.3MB

Download
memory/2704-799-0x00007FF6F5120000-0x00007FF6F5471000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2407-0x00007FF7D0740000-0x00007FF7D0A91000-memory.dmp

Filesize
3.3MB

Download
memory/2976-593-0x00007FF7D0740000-0x00007FF7D0A91000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2405-0x00007FF6E3770000-0x00007FF6E3AC1000-memory.dmp

Filesize
3.3MB

Download
memory/3036-718-0x00007FF6E3770000-0x00007FF6E3AC1000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2427-0x00007FF612620000-0x00007FF612971000-memory.dmp

Filesize
3.3MB

Download
memory/3160-1211-0x00007FF612620000-0x00007FF612971000-memory.dmp

Filesize
3.3MB

Download
memory/3356-2411-0x00007FF632BF0000-0x00007FF632F41000-memory.dmp

Filesize
3.3MB

Download
memory/3356-597-0x00007FF632BF0000-0x00007FF632F41000-memory.dmp

Filesize
3.3MB

Download
memory/3476-618-0x00007FF7CBC70000-0x00007FF7CBFC1000-memory.dmp

Filesize
3.3MB

Download
memory/3476-2413-0x00007FF7CBC70000-0x00007FF7CBFC1000-memory.dmp

Filesize
3.3MB

Download
memory/3692-1077-0x00007FF7DD510000-0x00007FF7DD861000-memory.dmp

Filesize
3.3MB

Download
memory/3692-2425-0x00007FF7DD510000-0x00007FF7DD861000-memory.dmp

Filesize
3.3MB

Download
memory/3888-795-0x00007FF78AD50000-0x00007FF78B0A1000-memory.dmp

Filesize
3.3MB

Download
memory/3888-2417-0x00007FF78AD50000-0x00007FF78B0A1000-memory.dmp

Filesize
3.3MB

Download
memory/3984-1874-0x00007FF7FA060000-0x00007FF7FA3B1000-memory.dmp

Filesize
3.3MB

Download
memory/3984-0-0x00007FF7FA060000-0x00007FF7FA3B1000-memory.dmp

Filesize
3.3MB

Download
memory/3984-1-0x00000294DA090000-0x00000294DA0A0000-memory.dmp

Filesize
64KB

Download
memory/4140-2383-0x00007FF68D870000-0x00007FF68DBC1000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2081-0x00007FF68D870000-0x00007FF68DBC1000-memory.dmp

Filesize
3.3MB

Download
memory/4140-51-0x00007FF68D870000-0x00007FF68DBC1000-memory.dmp

Filesize
3.3MB

Download
memory/4156-528-0x00007FF7C8AB0000-0x00007FF7C8E01000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2399-0x00007FF7C8AB0000-0x00007FF7C8E01000-memory.dmp

Filesize
3.3MB

Download
memory/4192-35-0x00007FF759C30000-0x00007FF759F81000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2350-0x00007FF759C30000-0x00007FF759F81000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1884-0x00007FF759C30000-0x00007FF759F81000-memory.dmp

Filesize
3.3MB

Download
memory/4336-516-0x00007FF7D21E0000-0x00007FF7D2531000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2397-0x00007FF7D21E0000-0x00007FF7D2531000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2347-0x00007FF747110000-0x00007FF747461000-memory.dmp

Filesize
3.3MB

Download
memory/4496-1877-0x00007FF747110000-0x00007FF747461000-memory.dmp

Filesize
3.3MB

Download
memory/4496-14-0x00007FF747110000-0x00007FF747461000-memory.dmp

Filesize
3.3MB

Download
memory/4724-537-0x00007FF743100000-0x00007FF743451000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2393-0x00007FF743100000-0x00007FF743451000-memory.dmp

Filesize
3.3MB

Download
memory/4908-979-0x00007FF6F3570000-0x00007FF6F38C1000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2423-0x00007FF6F3570000-0x00007FF6F38C1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads