xmrig | 6089e32688dc2e82dea35e5d5d93248ec25c5cad301645be73bf7331f1305da0

Analysis

max time kernel
98s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25a6552589936d9f99393d1704092b60N.exe
Size

2.0MB
MD5

25a6552589936d9f99393d1704092b60
SHA1

09e6b48edb226cc723cdfeb601be177b4e2441fa
SHA256

6089e32688dc2e82dea35e5d5d93248ec25c5cad301645be73bf7331f1305da0
SHA512

61bcad9d1143c2e75031dd9a64c6c79ff044b9a9059ffa198274f7f86f44ceed7175a1b4b6c1606210acebb5ba74fdc0d55b20fd033a04a1bf247b4156010348
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlMmSdtPG:oemTLkNdfE0pZrt

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4992-0-0x00007FF6B9010000-0x00007FF6B9364000-memory.dmp	xmrig
behavioral2/files/0x00090000000233b8-5.dat	xmrig
behavioral2/files/0x000700000002340e-13.dat	xmrig
behavioral2/files/0x000700000002340f-22.dat	xmrig
behavioral2/files/0x0007000000023413-76.dat	xmrig
behavioral2/files/0x000700000002341c-108.dat	xmrig
behavioral2/files/0x0007000000023420-125.dat	xmrig
behavioral2/memory/1640-135-0x00007FF741000000-0x00007FF741354000-memory.dmp	xmrig
behavioral2/memory/4264-138-0x00007FF720790000-0x00007FF720AE4000-memory.dmp	xmrig
behavioral2/memory/3080-143-0x00007FF7B4990000-0x00007FF7B4CE4000-memory.dmp	xmrig
behavioral2/memory/3116-146-0x00007FF6F4B50000-0x00007FF6F4EA4000-memory.dmp	xmrig
behavioral2/memory/4984-145-0x00007FF7610F0000-0x00007FF761444000-memory.dmp	xmrig
behavioral2/memory/2028-144-0x00007FF633CD0000-0x00007FF634024000-memory.dmp	xmrig
behavioral2/memory/4788-142-0x00007FF740CA0000-0x00007FF740FF4000-memory.dmp	xmrig
behavioral2/memory/3352-141-0x00007FF7173B0000-0x00007FF717704000-memory.dmp	xmrig
behavioral2/memory/1288-140-0x00007FF60C890000-0x00007FF60CBE4000-memory.dmp	xmrig
behavioral2/memory/4396-139-0x00007FF79ACD0000-0x00007FF79B024000-memory.dmp	xmrig
behavioral2/memory/1604-137-0x00007FF67A720000-0x00007FF67AA74000-memory.dmp	xmrig
behavioral2/memory/1696-136-0x00007FF665B60000-0x00007FF665EB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-133.dat	xmrig
behavioral2/memory/4376-132-0x00007FF6A9950000-0x00007FF6A9CA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023422-130.dat	xmrig
behavioral2/memory/4860-129-0x00007FF62AFB0000-0x00007FF62B304000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-127.dat	xmrig
behavioral2/files/0x000700000002341e-123.dat	xmrig
behavioral2/memory/2472-119-0x00007FF63C510000-0x00007FF63C864000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-115.dat	xmrig
behavioral2/files/0x0007000000023419-112.dat	xmrig
behavioral2/files/0x000700000002341d-110.dat	xmrig
behavioral2/files/0x000700000002341b-106.dat	xmrig
behavioral2/memory/2176-105-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp	xmrig
behavioral2/memory/5020-104-0x00007FF67FCA0000-0x00007FF67FFF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-102.dat	xmrig
behavioral2/files/0x0007000000023417-97.dat	xmrig
behavioral2/files/0x0007000000023412-95.dat	xmrig
behavioral2/memory/4792-91-0x00007FF66EAB0000-0x00007FF66EE04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-85.dat	xmrig
behavioral2/files/0x0007000000023416-80.dat	xmrig
behavioral2/memory/3800-72-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-71.dat	xmrig
behavioral2/files/0x0007000000023418-67.dat	xmrig
behavioral2/memory/4016-49-0x00007FF7E4EA0000-0x00007FF7E51F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-48.dat	xmrig
behavioral2/files/0x0007000000023414-44.dat	xmrig
behavioral2/files/0x0007000000023425-158.dat	xmrig
behavioral2/files/0x000800000002340a-152.dat	xmrig
behavioral2/files/0x0007000000023428-188.dat	xmrig
behavioral2/memory/3500-195-0x00007FF62C8B0000-0x00007FF62CC04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-185.dat	xmrig
behavioral2/files/0x000700000002342c-196.dat	xmrig
behavioral2/files/0x000700000002342b-190.dat	xmrig
behavioral2/memory/456-183-0x00007FF6C2DF0000-0x00007FF6C3144000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-181.dat	xmrig
behavioral2/memory/624-686-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp	xmrig
behavioral2/memory/2560-689-0x00007FF734120000-0x00007FF734474000-memory.dmp	xmrig
behavioral2/memory/4992-683-0x00007FF6B9010000-0x00007FF6B9364000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-180.dat	xmrig
behavioral2/memory/4452-177-0x00007FF76B430000-0x00007FF76B784000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-173.dat	xmrig
behavioral2/memory/988-166-0x00007FF6E17D0000-0x00007FF6E1B24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-160.dat	xmrig
behavioral2/memory/4328-157-0x00007FF75A7D0000-0x00007FF75AB24000-memory.dmp	xmrig
behavioral2/memory/1440-42-0x00007FF6A0CB0000-0x00007FF6A1004000-memory.dmp	xmrig
behavioral2/memory/4172-31-0x00007FF62FE40000-0x00007FF630194000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
624	KqsVDjt.exe
1440	VTySATe.exe
2560	ZYOFVAf.exe
4016	tvOahMm.exe
4172	bAwlgcY.exe
3352	dRUwmQT.exe
3800	NtYRlbZ.exe
4792	CtYqeLJ.exe
4788	ppbuNrK.exe
3080	tlDZvDF.exe
5020	fnBYhxf.exe
2176	tAnUygY.exe
2472	VItGhwP.exe
2028	cgDOAMo.exe
4860	fSUXxpn.exe
4376	TPPQVeD.exe
1640	ZBlokkF.exe
1696	FBPRJgr.exe
1604	RPdEUKk.exe
4984	KHxmyJJ.exe
4264	FAuGOoc.exe
4396	RahQlJR.exe
3116	ZNKBUUO.exe
1288	kEDLCYo.exe
4328	qqWeVsd.exe
988	cNCpGSb.exe
456	TsuAUGi.exe
4452	tDDXdsR.exe
3500	CUyFDeI.exe
1656	gOIzZou.exe
4872	hpFxjkb.exe
1116	MjOjqJL.exe
5036	XqanZQw.exe
2700	AxGoZzc.exe
4764	FBqhkwa.exe
4236	FoajxSx.exe
1372	RvlCojx.exe
4032	JEDFjJj.exe
4720	fOnWqAY.exe
2972	xMmhmFd.exe
2216	XcfCrSj.exe
2464	VRNhKDs.exe
4460	RkTUzbR.exe
5028	GvehiLX.exe
4824	zDaPpbe.exe
4840	svyzloo.exe
5008	OrScXDg.exe
656	RqRGquU.exe
644	XcqLDFL.exe
1408	VxuDPdF.exe
1300	bXrNsye.exe
4704	SmZlPAv.exe
3528	aVUuuGO.exe
4716	rueBkhc.exe
3720	sksYoib.exe
1332	PKabMiJ.exe
2324	GVuzcvP.exe
3908	iLGjtlO.exe
2880	HFHmpUE.exe
4988	ltgtSsW.exe
3976	JFkvStd.exe
2864	kGKOwOb.exe
3940	pcdInOx.exe
4696	AdVKvRi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4992-0-0x00007FF6B9010000-0x00007FF6B9364000-memory.dmp	upx
behavioral2/files/0x00090000000233b8-5.dat	upx
behavioral2/files/0x000700000002340e-13.dat	upx
behavioral2/files/0x000700000002340f-22.dat	upx
behavioral2/files/0x0007000000023413-76.dat	upx
behavioral2/files/0x000700000002341c-108.dat	upx
behavioral2/files/0x0007000000023420-125.dat	upx
behavioral2/memory/1640-135-0x00007FF741000000-0x00007FF741354000-memory.dmp	upx
behavioral2/memory/4264-138-0x00007FF720790000-0x00007FF720AE4000-memory.dmp	upx
behavioral2/memory/3080-143-0x00007FF7B4990000-0x00007FF7B4CE4000-memory.dmp	upx
behavioral2/memory/3116-146-0x00007FF6F4B50000-0x00007FF6F4EA4000-memory.dmp	upx
behavioral2/memory/4984-145-0x00007FF7610F0000-0x00007FF761444000-memory.dmp	upx
behavioral2/memory/2028-144-0x00007FF633CD0000-0x00007FF634024000-memory.dmp	upx
behavioral2/memory/4788-142-0x00007FF740CA0000-0x00007FF740FF4000-memory.dmp	upx
behavioral2/memory/3352-141-0x00007FF7173B0000-0x00007FF717704000-memory.dmp	upx
behavioral2/memory/1288-140-0x00007FF60C890000-0x00007FF60CBE4000-memory.dmp	upx
behavioral2/memory/4396-139-0x00007FF79ACD0000-0x00007FF79B024000-memory.dmp	upx
behavioral2/memory/1604-137-0x00007FF67A720000-0x00007FF67AA74000-memory.dmp	upx
behavioral2/memory/1696-136-0x00007FF665B60000-0x00007FF665EB4000-memory.dmp	upx
behavioral2/files/0x0007000000023423-133.dat	upx
behavioral2/memory/4376-132-0x00007FF6A9950000-0x00007FF6A9CA4000-memory.dmp	upx
behavioral2/files/0x0007000000023422-130.dat	upx
behavioral2/memory/4860-129-0x00007FF62AFB0000-0x00007FF62B304000-memory.dmp	upx
behavioral2/files/0x0007000000023421-127.dat	upx
behavioral2/files/0x000700000002341e-123.dat	upx
behavioral2/memory/2472-119-0x00007FF63C510000-0x00007FF63C864000-memory.dmp	upx
behavioral2/files/0x000700000002341f-115.dat	upx
behavioral2/files/0x0007000000023419-112.dat	upx
behavioral2/files/0x000700000002341d-110.dat	upx
behavioral2/files/0x000700000002341b-106.dat	upx
behavioral2/memory/2176-105-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp	upx
behavioral2/memory/5020-104-0x00007FF67FCA0000-0x00007FF67FFF4000-memory.dmp	upx
behavioral2/files/0x000700000002341a-102.dat	upx
behavioral2/files/0x0007000000023417-97.dat	upx
behavioral2/files/0x0007000000023412-95.dat	upx
behavioral2/memory/4792-91-0x00007FF66EAB0000-0x00007FF66EE04000-memory.dmp	upx
behavioral2/files/0x0007000000023415-85.dat	upx
behavioral2/files/0x0007000000023416-80.dat	upx
behavioral2/memory/3800-72-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp	upx
behavioral2/files/0x0007000000023411-71.dat	upx
behavioral2/files/0x0007000000023418-67.dat	upx
behavioral2/memory/4016-49-0x00007FF7E4EA0000-0x00007FF7E51F4000-memory.dmp	upx
behavioral2/files/0x0007000000023410-48.dat	upx
behavioral2/files/0x0007000000023414-44.dat	upx
behavioral2/files/0x0007000000023425-158.dat	upx
behavioral2/files/0x000800000002340a-152.dat	upx
behavioral2/files/0x0007000000023428-188.dat	upx
behavioral2/memory/3500-195-0x00007FF62C8B0000-0x00007FF62CC04000-memory.dmp	upx
behavioral2/files/0x0007000000023427-185.dat	upx
behavioral2/files/0x000700000002342c-196.dat	upx
behavioral2/files/0x000700000002342b-190.dat	upx
behavioral2/memory/456-183-0x00007FF6C2DF0000-0x00007FF6C3144000-memory.dmp	upx
behavioral2/files/0x000700000002342a-181.dat	upx
behavioral2/memory/624-686-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp	upx
behavioral2/memory/2560-689-0x00007FF734120000-0x00007FF734474000-memory.dmp	upx
behavioral2/memory/4992-683-0x00007FF6B9010000-0x00007FF6B9364000-memory.dmp	upx
behavioral2/files/0x0007000000023429-180.dat	upx
behavioral2/memory/4452-177-0x00007FF76B430000-0x00007FF76B784000-memory.dmp	upx
behavioral2/files/0x0007000000023426-173.dat	upx
behavioral2/memory/988-166-0x00007FF6E17D0000-0x00007FF6E1B24000-memory.dmp	upx
behavioral2/files/0x0007000000023424-160.dat	upx
behavioral2/memory/4328-157-0x00007FF75A7D0000-0x00007FF75AB24000-memory.dmp	upx
behavioral2/memory/1440-42-0x00007FF6A0CB0000-0x00007FF6A1004000-memory.dmp	upx
behavioral2/memory/4172-31-0x00007FF62FE40000-0x00007FF630194000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\svyzloo.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\tjsRjOn.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\KjwEENR.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\SduGsGe.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\KqsVDjt.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\IHrtiqZ.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\YsgkFmJ.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\YPQPgkP.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\uYNjNTc.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\CaHFNwP.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\xwfkOVl.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\VHbAzGY.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\OeRUkAn.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\ipwugcs.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\jQvsSvp.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\rvfbdta.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\GDHoyyc.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\tDNPCcg.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\MqyrGXx.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\YxshjLJ.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\BQpJsVa.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\TdAzuCJ.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\cNCpGSb.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\vtPDmAF.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\eLxyIuc.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\JdOcAET.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\BsJlUtp.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\SmZlPAv.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\vTJXDBj.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\kjbUMsQ.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\RqRGquU.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\iZOwCpN.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\EiGIENI.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\ZNeKIfk.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\lJNDCbG.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\vYpKWzd.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\iAxsJbx.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\RISNEJD.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\mlclnxZ.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\SXvdHHV.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\IOxJruC.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\eRZSIyz.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\yBCAqrJ.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\iIQQbgj.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\qQkfXaU.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\eBPkjii.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\bIocPmN.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\SVYXqxn.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\PprVMfw.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\nyQTATS.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\UaefrOb.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\VcpsuXP.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\pMxpaKQ.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\MSzeZWx.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\nQQssHP.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\sgeXvTt.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\CGgUFoK.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\FutNGyf.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\fOnWqAY.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\xMmhmFd.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\DUqmViU.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\LpVEmql.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\wzniAcP.exe	25a6552589936d9f99393d1704092b60N.exe
File created	C:\Windows\System\ppbuNrK.exe	25a6552589936d9f99393d1704092b60N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14676	dwm.exe
Token: SeChangeNotifyPrivilege	14676	dwm.exe
Token: 33	14676	dwm.exe
Token: SeIncBasePriorityPrivilege	14676	dwm.exe
Token: SeShutdownPrivilege	14676	dwm.exe
Token: SeCreatePagefilePrivilege	14676	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 624	4992	25a6552589936d9f99393d1704092b60N.exe	84
PID 4992 wrote to memory of 624	4992	25a6552589936d9f99393d1704092b60N.exe	84
PID 4992 wrote to memory of 1440	4992	25a6552589936d9f99393d1704092b60N.exe	85
PID 4992 wrote to memory of 1440	4992	25a6552589936d9f99393d1704092b60N.exe	85
PID 4992 wrote to memory of 2560	4992	25a6552589936d9f99393d1704092b60N.exe	86
PID 4992 wrote to memory of 2560	4992	25a6552589936d9f99393d1704092b60N.exe	86
PID 4992 wrote to memory of 4172	4992	25a6552589936d9f99393d1704092b60N.exe	87
PID 4992 wrote to memory of 4172	4992	25a6552589936d9f99393d1704092b60N.exe	87
PID 4992 wrote to memory of 4016	4992	25a6552589936d9f99393d1704092b60N.exe	88
PID 4992 wrote to memory of 4016	4992	25a6552589936d9f99393d1704092b60N.exe	88
PID 4992 wrote to memory of 3800	4992	25a6552589936d9f99393d1704092b60N.exe	89
PID 4992 wrote to memory of 3800	4992	25a6552589936d9f99393d1704092b60N.exe	89
PID 4992 wrote to memory of 3352	4992	25a6552589936d9f99393d1704092b60N.exe	90
PID 4992 wrote to memory of 3352	4992	25a6552589936d9f99393d1704092b60N.exe	90
PID 4992 wrote to memory of 4792	4992	25a6552589936d9f99393d1704092b60N.exe	91
PID 4992 wrote to memory of 4792	4992	25a6552589936d9f99393d1704092b60N.exe	91
PID 4992 wrote to memory of 4788	4992	25a6552589936d9f99393d1704092b60N.exe	92
PID 4992 wrote to memory of 4788	4992	25a6552589936d9f99393d1704092b60N.exe	92
PID 4992 wrote to memory of 3080	4992	25a6552589936d9f99393d1704092b60N.exe	93
PID 4992 wrote to memory of 3080	4992	25a6552589936d9f99393d1704092b60N.exe	93
PID 4992 wrote to memory of 5020	4992	25a6552589936d9f99393d1704092b60N.exe	94
PID 4992 wrote to memory of 5020	4992	25a6552589936d9f99393d1704092b60N.exe	94
PID 4992 wrote to memory of 2176	4992	25a6552589936d9f99393d1704092b60N.exe	95
PID 4992 wrote to memory of 2176	4992	25a6552589936d9f99393d1704092b60N.exe	95
PID 4992 wrote to memory of 2472	4992	25a6552589936d9f99393d1704092b60N.exe	96
PID 4992 wrote to memory of 2472	4992	25a6552589936d9f99393d1704092b60N.exe	96
PID 4992 wrote to memory of 1696	4992	25a6552589936d9f99393d1704092b60N.exe	97
PID 4992 wrote to memory of 1696	4992	25a6552589936d9f99393d1704092b60N.exe	97
PID 4992 wrote to memory of 2028	4992	25a6552589936d9f99393d1704092b60N.exe	98
PID 4992 wrote to memory of 2028	4992	25a6552589936d9f99393d1704092b60N.exe	98
PID 4992 wrote to memory of 4860	4992	25a6552589936d9f99393d1704092b60N.exe	99
PID 4992 wrote to memory of 4860	4992	25a6552589936d9f99393d1704092b60N.exe	99
PID 4992 wrote to memory of 4376	4992	25a6552589936d9f99393d1704092b60N.exe	100
PID 4992 wrote to memory of 4376	4992	25a6552589936d9f99393d1704092b60N.exe	100
PID 4992 wrote to memory of 1640	4992	25a6552589936d9f99393d1704092b60N.exe	101
PID 4992 wrote to memory of 1640	4992	25a6552589936d9f99393d1704092b60N.exe	101
PID 4992 wrote to memory of 4984	4992	25a6552589936d9f99393d1704092b60N.exe	102
PID 4992 wrote to memory of 4984	4992	25a6552589936d9f99393d1704092b60N.exe	102
PID 4992 wrote to memory of 1604	4992	25a6552589936d9f99393d1704092b60N.exe	103
PID 4992 wrote to memory of 1604	4992	25a6552589936d9f99393d1704092b60N.exe	103
PID 4992 wrote to memory of 4264	4992	25a6552589936d9f99393d1704092b60N.exe	104
PID 4992 wrote to memory of 4264	4992	25a6552589936d9f99393d1704092b60N.exe	104
PID 4992 wrote to memory of 4396	4992	25a6552589936d9f99393d1704092b60N.exe	105
PID 4992 wrote to memory of 4396	4992	25a6552589936d9f99393d1704092b60N.exe	105
PID 4992 wrote to memory of 3116	4992	25a6552589936d9f99393d1704092b60N.exe	106
PID 4992 wrote to memory of 3116	4992	25a6552589936d9f99393d1704092b60N.exe	106
PID 4992 wrote to memory of 1288	4992	25a6552589936d9f99393d1704092b60N.exe	107
PID 4992 wrote to memory of 1288	4992	25a6552589936d9f99393d1704092b60N.exe	107
PID 4992 wrote to memory of 4328	4992	25a6552589936d9f99393d1704092b60N.exe	108
PID 4992 wrote to memory of 4328	4992	25a6552589936d9f99393d1704092b60N.exe	108
PID 4992 wrote to memory of 988	4992	25a6552589936d9f99393d1704092b60N.exe	109
PID 4992 wrote to memory of 988	4992	25a6552589936d9f99393d1704092b60N.exe	109
PID 4992 wrote to memory of 456	4992	25a6552589936d9f99393d1704092b60N.exe	110
PID 4992 wrote to memory of 456	4992	25a6552589936d9f99393d1704092b60N.exe	110
PID 4992 wrote to memory of 4452	4992	25a6552589936d9f99393d1704092b60N.exe	111
PID 4992 wrote to memory of 4452	4992	25a6552589936d9f99393d1704092b60N.exe	111
PID 4992 wrote to memory of 3500	4992	25a6552589936d9f99393d1704092b60N.exe	112
PID 4992 wrote to memory of 3500	4992	25a6552589936d9f99393d1704092b60N.exe	112
PID 4992 wrote to memory of 1656	4992	25a6552589936d9f99393d1704092b60N.exe	113
PID 4992 wrote to memory of 1656	4992	25a6552589936d9f99393d1704092b60N.exe	113
PID 4992 wrote to memory of 4872	4992	25a6552589936d9f99393d1704092b60N.exe	114
PID 4992 wrote to memory of 4872	4992	25a6552589936d9f99393d1704092b60N.exe	114
PID 4992 wrote to memory of 1116	4992	25a6552589936d9f99393d1704092b60N.exe	115
PID 4992 wrote to memory of 1116	4992	25a6552589936d9f99393d1704092b60N.exe	115

C:\Users\Admin\AppData\Local\Temp\25a6552589936d9f99393d1704092b60N.exe
"C:\Users\Admin\AppData\Local\Temp\25a6552589936d9f99393d1704092b60N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Windows\System\KqsVDjt.exe
  C:\Windows\System\KqsVDjt.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\VTySATe.exe
  C:\Windows\System\VTySATe.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\ZYOFVAf.exe
  C:\Windows\System\ZYOFVAf.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\bAwlgcY.exe
  C:\Windows\System\bAwlgcY.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\tvOahMm.exe
  C:\Windows\System\tvOahMm.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\NtYRlbZ.exe
  C:\Windows\System\NtYRlbZ.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\dRUwmQT.exe
  C:\Windows\System\dRUwmQT.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\CtYqeLJ.exe
  C:\Windows\System\CtYqeLJ.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\ppbuNrK.exe
  C:\Windows\System\ppbuNrK.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\tlDZvDF.exe
  C:\Windows\System\tlDZvDF.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\fnBYhxf.exe
  C:\Windows\System\fnBYhxf.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\tAnUygY.exe
  C:\Windows\System\tAnUygY.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\VItGhwP.exe
  C:\Windows\System\VItGhwP.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\FBPRJgr.exe
  C:\Windows\System\FBPRJgr.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\cgDOAMo.exe
  C:\Windows\System\cgDOAMo.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\fSUXxpn.exe
  C:\Windows\System\fSUXxpn.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\TPPQVeD.exe
  C:\Windows\System\TPPQVeD.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\ZBlokkF.exe
  C:\Windows\System\ZBlokkF.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\KHxmyJJ.exe
  C:\Windows\System\KHxmyJJ.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\RPdEUKk.exe
  C:\Windows\System\RPdEUKk.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\FAuGOoc.exe
  C:\Windows\System\FAuGOoc.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\RahQlJR.exe
  C:\Windows\System\RahQlJR.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\ZNKBUUO.exe
  C:\Windows\System\ZNKBUUO.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\kEDLCYo.exe
  C:\Windows\System\kEDLCYo.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\qqWeVsd.exe
  C:\Windows\System\qqWeVsd.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\cNCpGSb.exe
  C:\Windows\System\cNCpGSb.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\TsuAUGi.exe
  C:\Windows\System\TsuAUGi.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\tDDXdsR.exe
  C:\Windows\System\tDDXdsR.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\CUyFDeI.exe
  C:\Windows\System\CUyFDeI.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\gOIzZou.exe
  C:\Windows\System\gOIzZou.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\hpFxjkb.exe
  C:\Windows\System\hpFxjkb.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\MjOjqJL.exe
  C:\Windows\System\MjOjqJL.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\XqanZQw.exe
  C:\Windows\System\XqanZQw.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\AxGoZzc.exe
  C:\Windows\System\AxGoZzc.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\FBqhkwa.exe
  C:\Windows\System\FBqhkwa.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\FoajxSx.exe
  C:\Windows\System\FoajxSx.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\RvlCojx.exe
  C:\Windows\System\RvlCojx.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\JEDFjJj.exe
  C:\Windows\System\JEDFjJj.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\fOnWqAY.exe
  C:\Windows\System\fOnWqAY.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\xMmhmFd.exe
  C:\Windows\System\xMmhmFd.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\XcfCrSj.exe
  C:\Windows\System\XcfCrSj.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\VRNhKDs.exe
  C:\Windows\System\VRNhKDs.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\RkTUzbR.exe
  C:\Windows\System\RkTUzbR.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\GvehiLX.exe
  C:\Windows\System\GvehiLX.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\zDaPpbe.exe
  C:\Windows\System\zDaPpbe.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\svyzloo.exe
  C:\Windows\System\svyzloo.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\OrScXDg.exe
  C:\Windows\System\OrScXDg.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\RqRGquU.exe
  C:\Windows\System\RqRGquU.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\XcqLDFL.exe
  C:\Windows\System\XcqLDFL.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\VxuDPdF.exe
  C:\Windows\System\VxuDPdF.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\bXrNsye.exe
  C:\Windows\System\bXrNsye.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\SmZlPAv.exe
  C:\Windows\System\SmZlPAv.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\aVUuuGO.exe
  C:\Windows\System\aVUuuGO.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\rueBkhc.exe
  C:\Windows\System\rueBkhc.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\sksYoib.exe
  C:\Windows\System\sksYoib.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\PKabMiJ.exe
  C:\Windows\System\PKabMiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\HFHmpUE.exe
  C:\Windows\System\HFHmpUE.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\GVuzcvP.exe
  C:\Windows\System\GVuzcvP.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\iLGjtlO.exe
  C:\Windows\System\iLGjtlO.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\ltgtSsW.exe
  C:\Windows\System\ltgtSsW.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\JFkvStd.exe
  C:\Windows\System\JFkvStd.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\kGKOwOb.exe
  C:\Windows\System\kGKOwOb.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\pcdInOx.exe
  C:\Windows\System\pcdInOx.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\AdVKvRi.exe
  C:\Windows\System\AdVKvRi.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\BlzUpyz.exe
  C:\Windows\System\BlzUpyz.exe
  2⤵
  PID:2876
- C:\Windows\System\OoGoZUf.exe
  C:\Windows\System\OoGoZUf.exe
  2⤵
  PID:4904
- C:\Windows\System\bLKgFoo.exe
  C:\Windows\System\bLKgFoo.exe
  2⤵
  PID:3020
- C:\Windows\System\wnfhBWG.exe
  C:\Windows\System\wnfhBWG.exe
  2⤵
  PID:1508
- C:\Windows\System\dTSKBij.exe
  C:\Windows\System\dTSKBij.exe
  2⤵
  PID:3548
- C:\Windows\System\znZJPoJ.exe
  C:\Windows\System\znZJPoJ.exe
  2⤵
  PID:4780
- C:\Windows\System\CaMmssL.exe
  C:\Windows\System\CaMmssL.exe
  2⤵
  PID:1552
- C:\Windows\System\vTJXDBj.exe
  C:\Windows\System\vTJXDBj.exe
  2⤵
  PID:3260
- C:\Windows\System\crHTpTZ.exe
  C:\Windows\System\crHTpTZ.exe
  2⤵
  PID:4128
- C:\Windows\System\grUoMrj.exe
  C:\Windows\System\grUoMrj.exe
  2⤵
  PID:1504
- C:\Windows\System\EunMjAD.exe
  C:\Windows\System\EunMjAD.exe
  2⤵
  PID:2492
- C:\Windows\System\IHrtiqZ.exe
  C:\Windows\System\IHrtiqZ.exe
  2⤵
  PID:3780
- C:\Windows\System\QPXWXOy.exe
  C:\Windows\System\QPXWXOy.exe
  2⤵
  PID:3348
- C:\Windows\System\CZceNiG.exe
  C:\Windows\System\CZceNiG.exe
  2⤵
  PID:380
- C:\Windows\System\LbFDqum.exe
  C:\Windows\System\LbFDqum.exe
  2⤵
  PID:1788
- C:\Windows\System\WOdveDV.exe
  C:\Windows\System\WOdveDV.exe
  2⤵
  PID:4864
- C:\Windows\System\RaaHabF.exe
  C:\Windows\System\RaaHabF.exe
  2⤵
  PID:3904
- C:\Windows\System\VwYRAzT.exe
  C:\Windows\System\VwYRAzT.exe
  2⤵
  PID:3360
- C:\Windows\System\FrHfsNl.exe
  C:\Windows\System\FrHfsNl.exe
  2⤵
  PID:2432
- C:\Windows\System\rZhDKgI.exe
  C:\Windows\System\rZhDKgI.exe
  2⤵
  PID:920
- C:\Windows\System\rhVpupx.exe
  C:\Windows\System\rhVpupx.exe
  2⤵
  PID:2892
- C:\Windows\System\xwfkOVl.exe
  C:\Windows\System\xwfkOVl.exe
  2⤵
  PID:1324
- C:\Windows\System\dXSIuPv.exe
  C:\Windows\System\dXSIuPv.exe
  2⤵
  PID:4148
- C:\Windows\System\UpgMREi.exe
  C:\Windows\System\UpgMREi.exe
  2⤵
  PID:4404
- C:\Windows\System\VmzUiIh.exe
  C:\Windows\System\VmzUiIh.exe
  2⤵
  PID:1948
- C:\Windows\System\IKoDkgn.exe
  C:\Windows\System\IKoDkgn.exe
  2⤵
  PID:4916
- C:\Windows\System\gwqweaL.exe
  C:\Windows\System\gwqweaL.exe
  2⤵
  PID:2468
- C:\Windows\System\TjFCKmn.exe
  C:\Windows\System\TjFCKmn.exe
  2⤵
  PID:1600
- C:\Windows\System\ZRDANyI.exe
  C:\Windows\System\ZRDANyI.exe
  2⤵
  PID:3468
- C:\Windows\System\RISNEJD.exe
  C:\Windows\System\RISNEJD.exe
  2⤵
  PID:4320
- C:\Windows\System\rvfbdta.exe
  C:\Windows\System\rvfbdta.exe
  2⤵
  PID:2524
- C:\Windows\System\lZOxlXl.exe
  C:\Windows\System\lZOxlXl.exe
  2⤵
  PID:4056
- C:\Windows\System\ZTTEXiE.exe
  C:\Windows\System\ZTTEXiE.exe
  2⤵
  PID:2764
- C:\Windows\System\mlclnxZ.exe
  C:\Windows\System\mlclnxZ.exe
  2⤵
  PID:5056
- C:\Windows\System\zTtkNAz.exe
  C:\Windows\System\zTtkNAz.exe
  2⤵
  PID:4736
- C:\Windows\System\ZuiyWem.exe
  C:\Windows\System\ZuiyWem.exe
  2⤵
  PID:976
- C:\Windows\System\fLiIITt.exe
  C:\Windows\System\fLiIITt.exe
  2⤵
  PID:440
- C:\Windows\System\KsuMJSG.exe
  C:\Windows\System\KsuMJSG.exe
  2⤵
  PID:928
- C:\Windows\System\KHTgKJI.exe
  C:\Windows\System\KHTgKJI.exe
  2⤵
  PID:676
- C:\Windows\System\NdtaAAa.exe
  C:\Windows\System\NdtaAAa.exe
  2⤵
  PID:536
- C:\Windows\System\EKGzWHb.exe
  C:\Windows\System\EKGzWHb.exe
  2⤵
  PID:5144
- C:\Windows\System\XcmRKxs.exe
  C:\Windows\System\XcmRKxs.exe
  2⤵
  PID:5164
- C:\Windows\System\BpalhvX.exe
  C:\Windows\System\BpalhvX.exe
  2⤵
  PID:5196
- C:\Windows\System\eOOjhKk.exe
  C:\Windows\System\eOOjhKk.exe
  2⤵
  PID:5236
- C:\Windows\System\vRfrshB.exe
  C:\Windows\System\vRfrshB.exe
  2⤵
  PID:5264
- C:\Windows\System\SXvdHHV.exe
  C:\Windows\System\SXvdHHV.exe
  2⤵
  PID:5300
- C:\Windows\System\MUGEZBd.exe
  C:\Windows\System\MUGEZBd.exe
  2⤵
  PID:5328
- C:\Windows\System\mUDAlSc.exe
  C:\Windows\System\mUDAlSc.exe
  2⤵
  PID:5356
- C:\Windows\System\wozcsdI.exe
  C:\Windows\System\wozcsdI.exe
  2⤵
  PID:5384
- C:\Windows\System\lPQadjX.exe
  C:\Windows\System\lPQadjX.exe
  2⤵
  PID:5412
- C:\Windows\System\mqhBPCe.exe
  C:\Windows\System\mqhBPCe.exe
  2⤵
  PID:5440
- C:\Windows\System\cBjONcy.exe
  C:\Windows\System\cBjONcy.exe
  2⤵
  PID:5464
- C:\Windows\System\DjIeJuB.exe
  C:\Windows\System\DjIeJuB.exe
  2⤵
  PID:5496
- C:\Windows\System\nOEYlZr.exe
  C:\Windows\System\nOEYlZr.exe
  2⤵
  PID:5524
- C:\Windows\System\uqszcWY.exe
  C:\Windows\System\uqszcWY.exe
  2⤵
  PID:5556
- C:\Windows\System\vVeTxyb.exe
  C:\Windows\System\vVeTxyb.exe
  2⤵
  PID:5580
- C:\Windows\System\sgMdnNE.exe
  C:\Windows\System\sgMdnNE.exe
  2⤵
  PID:5612
- C:\Windows\System\TohsNfp.exe
  C:\Windows\System\TohsNfp.exe
  2⤵
  PID:5636
- C:\Windows\System\SnDgTUq.exe
  C:\Windows\System\SnDgTUq.exe
  2⤵
  PID:5652
- C:\Windows\System\hZeEViZ.exe
  C:\Windows\System\hZeEViZ.exe
  2⤵
  PID:5668
- C:\Windows\System\QBIFdgp.exe
  C:\Windows\System\QBIFdgp.exe
  2⤵
  PID:5684
- C:\Windows\System\uDndSVd.exe
  C:\Windows\System\uDndSVd.exe
  2⤵
  PID:5704
- C:\Windows\System\vJRwQuX.exe
  C:\Windows\System\vJRwQuX.exe
  2⤵
  PID:5732
- C:\Windows\System\PUyFVRS.exe
  C:\Windows\System\PUyFVRS.exe
  2⤵
  PID:5764
- C:\Windows\System\nriIgnu.exe
  C:\Windows\System\nriIgnu.exe
  2⤵
  PID:5804
- C:\Windows\System\zTzpwSn.exe
  C:\Windows\System\zTzpwSn.exe
  2⤵
  PID:5836
- C:\Windows\System\RVQDglV.exe
  C:\Windows\System\RVQDglV.exe
  2⤵
  PID:5876
- C:\Windows\System\oPZmade.exe
  C:\Windows\System\oPZmade.exe
  2⤵
  PID:5908
- C:\Windows\System\iosuxIB.exe
  C:\Windows\System\iosuxIB.exe
  2⤵
  PID:5940
- C:\Windows\System\wsWqmNy.exe
  C:\Windows\System\wsWqmNy.exe
  2⤵
  PID:5976
- C:\Windows\System\GDHoyyc.exe
  C:\Windows\System\GDHoyyc.exe
  2⤵
  PID:5996
- C:\Windows\System\EzrEWEk.exe
  C:\Windows\System\EzrEWEk.exe
  2⤵
  PID:6024
- C:\Windows\System\iZOwCpN.exe
  C:\Windows\System\iZOwCpN.exe
  2⤵
  PID:6048
- C:\Windows\System\kjhCETl.exe
  C:\Windows\System\kjhCETl.exe
  2⤵
  PID:6088
- C:\Windows\System\GZIDQuK.exe
  C:\Windows\System\GZIDQuK.exe
  2⤵
  PID:6120
- C:\Windows\System\NKQQgmf.exe
  C:\Windows\System\NKQQgmf.exe
  2⤵
  PID:5124
- C:\Windows\System\owCBwNE.exe
  C:\Windows\System\owCBwNE.exe
  2⤵
  PID:5208
- C:\Windows\System\dWhAgmQ.exe
  C:\Windows\System\dWhAgmQ.exe
  2⤵
  PID:5256
- C:\Windows\System\xyPmNjK.exe
  C:\Windows\System\xyPmNjK.exe
  2⤵
  PID:5296
- C:\Windows\System\pYInBeT.exe
  C:\Windows\System\pYInBeT.exe
  2⤵
  PID:5380
- C:\Windows\System\GsRnLbs.exe
  C:\Windows\System\GsRnLbs.exe
  2⤵
  PID:5424
- C:\Windows\System\KRWYfKo.exe
  C:\Windows\System\KRWYfKo.exe
  2⤵
  PID:5508
- C:\Windows\System\ItcGYpV.exe
  C:\Windows\System\ItcGYpV.exe
  2⤵
  PID:5576
- C:\Windows\System\wjduAIC.exe
  C:\Windows\System\wjduAIC.exe
  2⤵
  PID:5680
- C:\Windows\System\CUWSYja.exe
  C:\Windows\System\CUWSYja.exe
  2⤵
  PID:5896
- C:\Windows\System\tJXVYwj.exe
  C:\Windows\System\tJXVYwj.exe
  2⤵
  PID:5968
- C:\Windows\System\JmqAokm.exe
  C:\Windows\System\JmqAokm.exe
  2⤵
  PID:6044
- C:\Windows\System\AXffsIM.exe
  C:\Windows\System\AXffsIM.exe
  2⤵
  PID:6096
- C:\Windows\System\TxLrTWS.exe
  C:\Windows\System\TxLrTWS.exe
  2⤵
  PID:896
- C:\Windows\System\QSvRkyK.exe
  C:\Windows\System\QSvRkyK.exe
  2⤵
  PID:5252
- C:\Windows\System\btoLYqd.exe
  C:\Windows\System\btoLYqd.exe
  2⤵
  PID:5448
- C:\Windows\System\BTSSvNv.exe
  C:\Windows\System\BTSSvNv.exe
  2⤵
  PID:5544
- C:\Windows\System\DZDCxFk.exe
  C:\Windows\System\DZDCxFk.exe
  2⤵
  PID:5716
- C:\Windows\System\shnIgZe.exe
  C:\Windows\System\shnIgZe.exe
  2⤵
  PID:6036
- C:\Windows\System\EqZlCNe.exe
  C:\Windows\System\EqZlCNe.exe
  2⤵
  PID:5244
- C:\Windows\System\OcQKLaS.exe
  C:\Windows\System\OcQKLaS.exe
  2⤵
  PID:5492
- C:\Windows\System\jbsbaeu.exe
  C:\Windows\System\jbsbaeu.exe
  2⤵
  PID:6116
- C:\Windows\System\fPMuwTZ.exe
  C:\Windows\System\fPMuwTZ.exe
  2⤵
  PID:5724
- C:\Windows\System\VEOXBpT.exe
  C:\Windows\System\VEOXBpT.exe
  2⤵
  PID:6160
- C:\Windows\System\wkiuUld.exe
  C:\Windows\System\wkiuUld.exe
  2⤵
  PID:6188
- C:\Windows\System\jysVHPL.exe
  C:\Windows\System\jysVHPL.exe
  2⤵
  PID:6216
- C:\Windows\System\ynhHohK.exe
  C:\Windows\System\ynhHohK.exe
  2⤵
  PID:6244
- C:\Windows\System\jEGTzUG.exe
  C:\Windows\System\jEGTzUG.exe
  2⤵
  PID:6272
- C:\Windows\System\bEaOgTX.exe
  C:\Windows\System\bEaOgTX.exe
  2⤵
  PID:6300
- C:\Windows\System\DUqmViU.exe
  C:\Windows\System\DUqmViU.exe
  2⤵
  PID:6328
- C:\Windows\System\BhpxJXz.exe
  C:\Windows\System\BhpxJXz.exe
  2⤵
  PID:6356
- C:\Windows\System\toAidAo.exe
  C:\Windows\System\toAidAo.exe
  2⤵
  PID:6384
- C:\Windows\System\NpHjoig.exe
  C:\Windows\System\NpHjoig.exe
  2⤵
  PID:6416
- C:\Windows\System\nRUqKgg.exe
  C:\Windows\System\nRUqKgg.exe
  2⤵
  PID:6444
- C:\Windows\System\HYfPpcz.exe
  C:\Windows\System\HYfPpcz.exe
  2⤵
  PID:6484
- C:\Windows\System\eNddgpk.exe
  C:\Windows\System\eNddgpk.exe
  2⤵
  PID:6516
- C:\Windows\System\nnSBDLH.exe
  C:\Windows\System\nnSBDLH.exe
  2⤵
  PID:6548
- C:\Windows\System\wlnLWMe.exe
  C:\Windows\System\wlnLWMe.exe
  2⤵
  PID:6580
- C:\Windows\System\mjBepmA.exe
  C:\Windows\System\mjBepmA.exe
  2⤵
  PID:6600
- C:\Windows\System\uboghKF.exe
  C:\Windows\System\uboghKF.exe
  2⤵
  PID:6628
- C:\Windows\System\LxNEQfj.exe
  C:\Windows\System\LxNEQfj.exe
  2⤵
  PID:6656
- C:\Windows\System\EQqxbeU.exe
  C:\Windows\System\EQqxbeU.exe
  2⤵
  PID:6684
- C:\Windows\System\OqLAHuc.exe
  C:\Windows\System\OqLAHuc.exe
  2⤵
  PID:6720
- C:\Windows\System\HJEcghP.exe
  C:\Windows\System\HJEcghP.exe
  2⤵
  PID:6744
- C:\Windows\System\MSzeZWx.exe
  C:\Windows\System\MSzeZWx.exe
  2⤵
  PID:6772
- C:\Windows\System\LYEsDDf.exe
  C:\Windows\System\LYEsDDf.exe
  2⤵
  PID:6800
- C:\Windows\System\yQNvpDi.exe
  C:\Windows\System\yQNvpDi.exe
  2⤵
  PID:6828
- C:\Windows\System\nalFIqp.exe
  C:\Windows\System\nalFIqp.exe
  2⤵
  PID:6856
- C:\Windows\System\DhPBQOy.exe
  C:\Windows\System\DhPBQOy.exe
  2⤵
  PID:6884
- C:\Windows\System\zwDrnUp.exe
  C:\Windows\System\zwDrnUp.exe
  2⤵
  PID:6912
- C:\Windows\System\jVRZYlF.exe
  C:\Windows\System\jVRZYlF.exe
  2⤵
  PID:6940
- C:\Windows\System\GWkSapS.exe
  C:\Windows\System\GWkSapS.exe
  2⤵
  PID:6972
- C:\Windows\System\LpVEmql.exe
  C:\Windows\System\LpVEmql.exe
  2⤵
  PID:7000
- C:\Windows\System\IOxJruC.exe
  C:\Windows\System\IOxJruC.exe
  2⤵
  PID:7028
- C:\Windows\System\KUBMusH.exe
  C:\Windows\System\KUBMusH.exe
  2⤵
  PID:7072
- C:\Windows\System\YsgkFmJ.exe
  C:\Windows\System\YsgkFmJ.exe
  2⤵
  PID:7092
- C:\Windows\System\uXSxAuL.exe
  C:\Windows\System\uXSxAuL.exe
  2⤵
  PID:7116
- C:\Windows\System\kIbJLih.exe
  C:\Windows\System\kIbJLih.exe
  2⤵
  PID:7132
- C:\Windows\System\reyMJzZ.exe
  C:\Windows\System\reyMJzZ.exe
  2⤵
  PID:7148
- C:\Windows\System\csKcNKG.exe
  C:\Windows\System\csKcNKG.exe
  2⤵
  PID:5676
- C:\Windows\System\eMDYLDU.exe
  C:\Windows\System\eMDYLDU.exe
  2⤵
  PID:6184
- C:\Windows\System\PIpkDuD.exe
  C:\Windows\System\PIpkDuD.exe
  2⤵
  PID:6236
- C:\Windows\System\lJNDCbG.exe
  C:\Windows\System\lJNDCbG.exe
  2⤵
  PID:6268
- C:\Windows\System\hxqirlN.exe
  C:\Windows\System\hxqirlN.exe
  2⤵
  PID:6340
- C:\Windows\System\JejAywz.exe
  C:\Windows\System\JejAywz.exe
  2⤵
  PID:6404
- C:\Windows\System\MsaMjrb.exe
  C:\Windows\System\MsaMjrb.exe
  2⤵
  PID:6536
- C:\Windows\System\saBLhEr.exe
  C:\Windows\System\saBLhEr.exe
  2⤵
  PID:6612
- C:\Windows\System\eRZSIyz.exe
  C:\Windows\System\eRZSIyz.exe
  2⤵
  PID:6704
- C:\Windows\System\VIQKmRY.exe
  C:\Windows\System\VIQKmRY.exe
  2⤵
  PID:6812
- C:\Windows\System\hznJFZt.exe
  C:\Windows\System\hznJFZt.exe
  2⤵
  PID:6908
- C:\Windows\System\PNJnghF.exe
  C:\Windows\System\PNJnghF.exe
  2⤵
  PID:6968
- C:\Windows\System\AhShnos.exe
  C:\Windows\System\AhShnos.exe
  2⤵
  PID:7040
- C:\Windows\System\HRNHDCy.exe
  C:\Windows\System\HRNHDCy.exe
  2⤵
  PID:7104
- C:\Windows\System\ymtnFdz.exe
  C:\Windows\System\ymtnFdz.exe
  2⤵
  PID:7164
- C:\Windows\System\WTULWAS.exe
  C:\Windows\System\WTULWAS.exe
  2⤵
  PID:6428
- C:\Windows\System\HUuFbAy.exe
  C:\Windows\System\HUuFbAy.exe
  2⤵
  PID:6376
- C:\Windows\System\FvfqtUt.exe
  C:\Windows\System\FvfqtUt.exe
  2⤵
  PID:6492
- C:\Windows\System\TMzwkRy.exe
  C:\Windows\System\TMzwkRy.exe
  2⤵
  PID:6796
- C:\Windows\System\UbYSksx.exe
  C:\Windows\System\UbYSksx.exe
  2⤵
  PID:6960
- C:\Windows\System\KxHlEDl.exe
  C:\Windows\System\KxHlEDl.exe
  2⤵
  PID:6172
- C:\Windows\System\AfrvFGY.exe
  C:\Windows\System\AfrvFGY.exe
  2⤵
  PID:6728
- C:\Windows\System\bnETUlH.exe
  C:\Windows\System\bnETUlH.exe
  2⤵
  PID:6900
- C:\Windows\System\WCYEBXS.exe
  C:\Windows\System\WCYEBXS.exe
  2⤵
  PID:7172
- C:\Windows\System\blCWBuo.exe
  C:\Windows\System\blCWBuo.exe
  2⤵
  PID:7208
- C:\Windows\System\QeIbXhs.exe
  C:\Windows\System\QeIbXhs.exe
  2⤵
  PID:7236
- C:\Windows\System\zsQjFQy.exe
  C:\Windows\System\zsQjFQy.exe
  2⤵
  PID:7264
- C:\Windows\System\qvCpDhF.exe
  C:\Windows\System\qvCpDhF.exe
  2⤵
  PID:7308
- C:\Windows\System\pOUcoeT.exe
  C:\Windows\System\pOUcoeT.exe
  2⤵
  PID:7336
- C:\Windows\System\iCKTvtR.exe
  C:\Windows\System\iCKTvtR.exe
  2⤵
  PID:7368
- C:\Windows\System\zzwhNzC.exe
  C:\Windows\System\zzwhNzC.exe
  2⤵
  PID:7404
- C:\Windows\System\VHbAzGY.exe
  C:\Windows\System\VHbAzGY.exe
  2⤵
  PID:7436
- C:\Windows\System\aSkkgFF.exe
  C:\Windows\System\aSkkgFF.exe
  2⤵
  PID:7468
- C:\Windows\System\NdJCvKj.exe
  C:\Windows\System\NdJCvKj.exe
  2⤵
  PID:7508
- C:\Windows\System\lvlVwIW.exe
  C:\Windows\System\lvlVwIW.exe
  2⤵
  PID:7536
- C:\Windows\System\MgdsfdO.exe
  C:\Windows\System\MgdsfdO.exe
  2⤵
  PID:7588
- C:\Windows\System\CCDqDIY.exe
  C:\Windows\System\CCDqDIY.exe
  2⤵
  PID:7612
- C:\Windows\System\yMizQRQ.exe
  C:\Windows\System\yMizQRQ.exe
  2⤵
  PID:7636
- C:\Windows\System\cYAsLHi.exe
  C:\Windows\System\cYAsLHi.exe
  2⤵
  PID:7660
- C:\Windows\System\vYfDgrH.exe
  C:\Windows\System\vYfDgrH.exe
  2⤵
  PID:7688
- C:\Windows\System\NONnEXE.exe
  C:\Windows\System\NONnEXE.exe
  2⤵
  PID:7724
- C:\Windows\System\tQThYky.exe
  C:\Windows\System\tQThYky.exe
  2⤵
  PID:7756
- C:\Windows\System\emXLpNW.exe
  C:\Windows\System\emXLpNW.exe
  2⤵
  PID:7788
- C:\Windows\System\EiGIENI.exe
  C:\Windows\System\EiGIENI.exe
  2⤵
  PID:7832
- C:\Windows\System\ufBSlpg.exe
  C:\Windows\System\ufBSlpg.exe
  2⤵
  PID:7884
- C:\Windows\System\uVWcPga.exe
  C:\Windows\System\uVWcPga.exe
  2⤵
  PID:7920
- C:\Windows\System\WedPruT.exe
  C:\Windows\System\WedPruT.exe
  2⤵
  PID:7940
- C:\Windows\System\vZhVxCK.exe
  C:\Windows\System\vZhVxCK.exe
  2⤵
  PID:7964
- C:\Windows\System\qfoSedw.exe
  C:\Windows\System\qfoSedw.exe
  2⤵
  PID:7984
- C:\Windows\System\hiWUguW.exe
  C:\Windows\System\hiWUguW.exe
  2⤵
  PID:8012
- C:\Windows\System\wvUVncX.exe
  C:\Windows\System\wvUVncX.exe
  2⤵
  PID:8036
- C:\Windows\System\RPalEnT.exe
  C:\Windows\System\RPalEnT.exe
  2⤵
  PID:8064
- C:\Windows\System\oKicrlH.exe
  C:\Windows\System\oKicrlH.exe
  2⤵
  PID:8092
- C:\Windows\System\cRfOthI.exe
  C:\Windows\System\cRfOthI.exe
  2⤵
  PID:8112
- C:\Windows\System\nRHjDkw.exe
  C:\Windows\System\nRHjDkw.exe
  2⤵
  PID:8156
- C:\Windows\System\qqKyrom.exe
  C:\Windows\System\qqKyrom.exe
  2⤵
  PID:7184
- C:\Windows\System\xPswdVe.exe
  C:\Windows\System\xPswdVe.exe
  2⤵
  PID:7252
- C:\Windows\System\vYpKWzd.exe
  C:\Windows\System\vYpKWzd.exe
  2⤵
  PID:7328
- C:\Windows\System\vtPDmAF.exe
  C:\Windows\System\vtPDmAF.exe
  2⤵
  PID:7384
- C:\Windows\System\kLNbaKn.exe
  C:\Windows\System\kLNbaKn.exe
  2⤵
  PID:7460
- C:\Windows\System\zStpFCd.exe
  C:\Windows\System\zStpFCd.exe
  2⤵
  PID:7532
- C:\Windows\System\wbcAnGS.exe
  C:\Windows\System\wbcAnGS.exe
  2⤵
  PID:7572
- C:\Windows\System\OCAvwIZ.exe
  C:\Windows\System\OCAvwIZ.exe
  2⤵
  PID:7644
- C:\Windows\System\dsLnkXK.exe
  C:\Windows\System\dsLnkXK.exe
  2⤵
  PID:7708
- C:\Windows\System\txgFYgW.exe
  C:\Windows\System\txgFYgW.exe
  2⤵
  PID:7796
- C:\Windows\System\hQYPDGp.exe
  C:\Windows\System\hQYPDGp.exe
  2⤵
  PID:7916
- C:\Windows\System\CGgUFoK.exe
  C:\Windows\System\CGgUFoK.exe
  2⤵
  PID:8028
- C:\Windows\System\iVyXvYX.exe
  C:\Windows\System\iVyXvYX.exe
  2⤵
  PID:8044
- C:\Windows\System\sveLdrT.exe
  C:\Windows\System\sveLdrT.exe
  2⤵
  PID:8140
- C:\Windows\System\YdLdQcU.exe
  C:\Windows\System\YdLdQcU.exe
  2⤵
  PID:4100
- C:\Windows\System\VRZVtCd.exe
  C:\Windows\System\VRZVtCd.exe
  2⤵
  PID:7284
- C:\Windows\System\xPRPKQr.exe
  C:\Windows\System\xPRPKQr.exe
  2⤵
  PID:7604
- C:\Windows\System\VkKqATO.exe
  C:\Windows\System\VkKqATO.exe
  2⤵
  PID:7680
- C:\Windows\System\BXqDufd.exe
  C:\Windows\System\BXqDufd.exe
  2⤵
  PID:8052
- C:\Windows\System\XeJbIFg.exe
  C:\Windows\System\XeJbIFg.exe
  2⤵
  PID:8080
- C:\Windows\System\hTtxYUu.exe
  C:\Windows\System\hTtxYUu.exe
  2⤵
  PID:8152
- C:\Windows\System\dQdGIUP.exe
  C:\Windows\System\dQdGIUP.exe
  2⤵
  PID:7220
- C:\Windows\System\tjsRjOn.exe
  C:\Windows\System\tjsRjOn.exe
  2⤵
  PID:7392
- C:\Windows\System\SxFyMnP.exe
  C:\Windows\System\SxFyMnP.exe
  2⤵
  PID:8216
- C:\Windows\System\PNEntjT.exe
  C:\Windows\System\PNEntjT.exe
  2⤵
  PID:8244
- C:\Windows\System\UaefrOb.exe
  C:\Windows\System\UaefrOb.exe
  2⤵
  PID:8272
- C:\Windows\System\XCNUpAf.exe
  C:\Windows\System\XCNUpAf.exe
  2⤵
  PID:8304
- C:\Windows\System\WIrZyTe.exe
  C:\Windows\System\WIrZyTe.exe
  2⤵
  PID:8336
- C:\Windows\System\SvHeVuc.exe
  C:\Windows\System\SvHeVuc.exe
  2⤵
  PID:8364
- C:\Windows\System\xHMSmoS.exe
  C:\Windows\System\xHMSmoS.exe
  2⤵
  PID:8400
- C:\Windows\System\nLDyYmT.exe
  C:\Windows\System\nLDyYmT.exe
  2⤵
  PID:8436
- C:\Windows\System\DXXvitS.exe
  C:\Windows\System\DXXvitS.exe
  2⤵
  PID:8460
- C:\Windows\System\LgtSGiQ.exe
  C:\Windows\System\LgtSGiQ.exe
  2⤵
  PID:8492
- C:\Windows\System\VMYHwiw.exe
  C:\Windows\System\VMYHwiw.exe
  2⤵
  PID:8512
- C:\Windows\System\fGJaacA.exe
  C:\Windows\System\fGJaacA.exe
  2⤵
  PID:8536
- C:\Windows\System\JhQjltP.exe
  C:\Windows\System\JhQjltP.exe
  2⤵
  PID:8552
- C:\Windows\System\ZFRcpnY.exe
  C:\Windows\System\ZFRcpnY.exe
  2⤵
  PID:8580
- C:\Windows\System\IncEFjL.exe
  C:\Windows\System\IncEFjL.exe
  2⤵
  PID:8620
- C:\Windows\System\bARBqgD.exe
  C:\Windows\System\bARBqgD.exe
  2⤵
  PID:8644
- C:\Windows\System\nyyxFjg.exe
  C:\Windows\System\nyyxFjg.exe
  2⤵
  PID:8696
- C:\Windows\System\qjpGYpP.exe
  C:\Windows\System\qjpGYpP.exe
  2⤵
  PID:8728
- C:\Windows\System\pbPliQW.exe
  C:\Windows\System\pbPliQW.exe
  2⤵
  PID:8748
- C:\Windows\System\kgtwEhU.exe
  C:\Windows\System\kgtwEhU.exe
  2⤵
  PID:8788
- C:\Windows\System\qVnepDe.exe
  C:\Windows\System\qVnepDe.exe
  2⤵
  PID:8812
- C:\Windows\System\PprVMfw.exe
  C:\Windows\System\PprVMfw.exe
  2⤵
  PID:8856
- C:\Windows\System\kljJQpN.exe
  C:\Windows\System\kljJQpN.exe
  2⤵
  PID:8872
- C:\Windows\System\mgiBxHi.exe
  C:\Windows\System\mgiBxHi.exe
  2⤵
  PID:8888
- C:\Windows\System\pMxpaKQ.exe
  C:\Windows\System\pMxpaKQ.exe
  2⤵
  PID:8908
- C:\Windows\System\xVPArMA.exe
  C:\Windows\System\xVPArMA.exe
  2⤵
  PID:8924
- C:\Windows\System\EHkLkfS.exe
  C:\Windows\System\EHkLkfS.exe
  2⤵
  PID:8940
- C:\Windows\System\YAKMQsF.exe
  C:\Windows\System\YAKMQsF.exe
  2⤵
  PID:8956
- C:\Windows\System\kjbUMsQ.exe
  C:\Windows\System\kjbUMsQ.exe
  2⤵
  PID:8980
- C:\Windows\System\KrCllEp.exe
  C:\Windows\System\KrCllEp.exe
  2⤵
  PID:9008
- C:\Windows\System\UInXopz.exe
  C:\Windows\System\UInXopz.exe
  2⤵
  PID:9052
- C:\Windows\System\PxHsLHq.exe
  C:\Windows\System\PxHsLHq.exe
  2⤵
  PID:9076
- C:\Windows\System\ZqysOuN.exe
  C:\Windows\System\ZqysOuN.exe
  2⤵
  PID:9096
- C:\Windows\System\vBDnpYu.exe
  C:\Windows\System\vBDnpYu.exe
  2⤵
  PID:9116
- C:\Windows\System\UBbhUwP.exe
  C:\Windows\System\UBbhUwP.exe
  2⤵
  PID:9144
- C:\Windows\System\PLvahWz.exe
  C:\Windows\System\PLvahWz.exe
  2⤵
  PID:9168
- C:\Windows\System\hnMHrns.exe
  C:\Windows\System\hnMHrns.exe
  2⤵
  PID:9188
- C:\Windows\System\YDGbRgz.exe
  C:\Windows\System\YDGbRgz.exe
  2⤵
  PID:9208
- C:\Windows\System\SpvrBbV.exe
  C:\Windows\System\SpvrBbV.exe
  2⤵
  PID:7768
- C:\Windows\System\oantqpf.exe
  C:\Windows\System\oantqpf.exe
  2⤵
  PID:7852
- C:\Windows\System\coEDCwS.exe
  C:\Windows\System\coEDCwS.exe
  2⤵
  PID:8268
- C:\Windows\System\skqwexM.exe
  C:\Windows\System\skqwexM.exe
  2⤵
  PID:8240
- C:\Windows\System\KJekYYx.exe
  C:\Windows\System\KJekYYx.exe
  2⤵
  PID:8316
- C:\Windows\System\oxczUwD.exe
  C:\Windows\System\oxczUwD.exe
  2⤵
  PID:8488
- C:\Windows\System\dMkHHXl.exe
  C:\Windows\System\dMkHHXl.exe
  2⤵
  PID:8480
- C:\Windows\System\ksjWKwC.exe
  C:\Windows\System\ksjWKwC.exe
  2⤵
  PID:8656
- C:\Windows\System\IKwVrDw.exe
  C:\Windows\System\IKwVrDw.exe
  2⤵
  PID:8712
- C:\Windows\System\nLBtuzz.exe
  C:\Windows\System\nLBtuzz.exe
  2⤵
  PID:8864
- C:\Windows\System\lOiMryx.exe
  C:\Windows\System\lOiMryx.exe
  2⤵
  PID:8896
- C:\Windows\System\dGSARhM.exe
  C:\Windows\System\dGSARhM.exe
  2⤵
  PID:8868
- C:\Windows\System\dbDzgAo.exe
  C:\Windows\System\dbDzgAo.exe
  2⤵
  PID:9004
- C:\Windows\System\QXHSyxo.exe
  C:\Windows\System\QXHSyxo.exe
  2⤵
  PID:9104
- C:\Windows\System\khKpIgz.exe
  C:\Windows\System\khKpIgz.exe
  2⤵
  PID:9024
- C:\Windows\System\zvBCHgH.exe
  C:\Windows\System\zvBCHgH.exe
  2⤵
  PID:8208
- C:\Windows\System\cffciqJ.exe
  C:\Windows\System\cffciqJ.exe
  2⤵
  PID:8280
- C:\Windows\System\dEiPXyP.exe
  C:\Windows\System\dEiPXyP.exe
  2⤵
  PID:8432
- C:\Windows\System\jJFedda.exe
  C:\Windows\System\jJFedda.exe
  2⤵
  PID:8604
- C:\Windows\System\ULcYYXp.exe
  C:\Windows\System\ULcYYXp.exe
  2⤵
  PID:8676
- C:\Windows\System\bvHssKf.exe
  C:\Windows\System\bvHssKf.exe
  2⤵
  PID:8740
- C:\Windows\System\GceYdGy.exe
  C:\Windows\System\GceYdGy.exe
  2⤵
  PID:8632
- C:\Windows\System\UxSbIHN.exe
  C:\Windows\System\UxSbIHN.exe
  2⤵
  PID:9160
- C:\Windows\System\cWjJrTe.exe
  C:\Windows\System\cWjJrTe.exe
  2⤵
  PID:8532
- C:\Windows\System\OIHbIMd.exe
  C:\Windows\System\OIHbIMd.exe
  2⤵
  PID:9180
- C:\Windows\System\xtDUAoi.exe
  C:\Windows\System\xtDUAoi.exe
  2⤵
  PID:9240
- C:\Windows\System\DuzhLWP.exe
  C:\Windows\System\DuzhLWP.exe
  2⤵
  PID:9272
- C:\Windows\System\aPnUwIC.exe
  C:\Windows\System\aPnUwIC.exe
  2⤵
  PID:9304
- C:\Windows\System\nBVHXxL.exe
  C:\Windows\System\nBVHXxL.exe
  2⤵
  PID:9336
- C:\Windows\System\JTxhrUT.exe
  C:\Windows\System\JTxhrUT.exe
  2⤵
  PID:9364
- C:\Windows\System\IISMVvd.exe
  C:\Windows\System\IISMVvd.exe
  2⤵
  PID:9400
- C:\Windows\System\cNflyIu.exe
  C:\Windows\System\cNflyIu.exe
  2⤵
  PID:9432
- C:\Windows\System\ZvHnLUK.exe
  C:\Windows\System\ZvHnLUK.exe
  2⤵
  PID:9452
- C:\Windows\System\EMzBrvw.exe
  C:\Windows\System\EMzBrvw.exe
  2⤵
  PID:9476
- C:\Windows\System\IRnjCFR.exe
  C:\Windows\System\IRnjCFR.exe
  2⤵
  PID:9516
- C:\Windows\System\OeRUkAn.exe
  C:\Windows\System\OeRUkAn.exe
  2⤵
  PID:9548
- C:\Windows\System\lUUJPEt.exe
  C:\Windows\System\lUUJPEt.exe
  2⤵
  PID:9576
- C:\Windows\System\elwFPLZ.exe
  C:\Windows\System\elwFPLZ.exe
  2⤵
  PID:9596
- C:\Windows\System\KyQJmzO.exe
  C:\Windows\System\KyQJmzO.exe
  2⤵
  PID:9628
- C:\Windows\System\hRZdlBr.exe
  C:\Windows\System\hRZdlBr.exe
  2⤵
  PID:9668
- C:\Windows\System\ZOqsJcW.exe
  C:\Windows\System\ZOqsJcW.exe
  2⤵
  PID:9704
- C:\Windows\System\Sejopwe.exe
  C:\Windows\System\Sejopwe.exe
  2⤵
  PID:9728
- C:\Windows\System\oXJXQgO.exe
  C:\Windows\System\oXJXQgO.exe
  2⤵
  PID:9756
- C:\Windows\System\GPKVsbw.exe
  C:\Windows\System\GPKVsbw.exe
  2⤵
  PID:9788
- C:\Windows\System\KocEUFl.exe
  C:\Windows\System\KocEUFl.exe
  2⤵
  PID:9824
- C:\Windows\System\PBnSoEX.exe
  C:\Windows\System\PBnSoEX.exe
  2⤵
  PID:9852
- C:\Windows\System\lkFEmRw.exe
  C:\Windows\System\lkFEmRw.exe
  2⤵
  PID:9880
- C:\Windows\System\XwXGbSj.exe
  C:\Windows\System\XwXGbSj.exe
  2⤵
  PID:9908
- C:\Windows\System\SGpIQuV.exe
  C:\Windows\System\SGpIQuV.exe
  2⤵
  PID:9924
- C:\Windows\System\BLcPreu.exe
  C:\Windows\System\BLcPreu.exe
  2⤵
  PID:9960
- C:\Windows\System\XTwVMhZ.exe
  C:\Windows\System\XTwVMhZ.exe
  2⤵
  PID:9984
- C:\Windows\System\SWudLcn.exe
  C:\Windows\System\SWudLcn.exe
  2⤵
  PID:10020
- C:\Windows\System\tgefFhW.exe
  C:\Windows\System\tgefFhW.exe
  2⤵
  PID:10048
- C:\Windows\System\fmCXqRE.exe
  C:\Windows\System\fmCXqRE.exe
  2⤵
  PID:10076
- C:\Windows\System\PYDnMRv.exe
  C:\Windows\System\PYDnMRv.exe
  2⤵
  PID:10104
- C:\Windows\System\dqnOarF.exe
  C:\Windows\System\dqnOarF.exe
  2⤵
  PID:10136
- C:\Windows\System\hkXzZap.exe
  C:\Windows\System\hkXzZap.exe
  2⤵
  PID:10160
- C:\Windows\System\jSsOsYc.exe
  C:\Windows\System\jSsOsYc.exe
  2⤵
  PID:10176
- C:\Windows\System\AtJpjiq.exe
  C:\Windows\System\AtJpjiq.exe
  2⤵
  PID:10192
- C:\Windows\System\hBsOgwH.exe
  C:\Windows\System\hBsOgwH.exe
  2⤵
  PID:10216
- C:\Windows\System\xwOpyxP.exe
  C:\Windows\System\xwOpyxP.exe
  2⤵
  PID:10232
- C:\Windows\System\CTtyxGE.exe
  C:\Windows\System\CTtyxGE.exe
  2⤵
  PID:8840
- C:\Windows\System\wzniAcP.exe
  C:\Windows\System\wzniAcP.exe
  2⤵
  PID:8420
- C:\Windows\System\cajXQAk.exe
  C:\Windows\System\cajXQAk.exe
  2⤵
  PID:9220
- C:\Windows\System\UyvBKWD.exe
  C:\Windows\System\UyvBKWD.exe
  2⤵
  PID:9256
- C:\Windows\System\eyLVLMV.exe
  C:\Windows\System\eyLVLMV.exe
  2⤵
  PID:9380
- C:\Windows\System\JhfenIN.exe
  C:\Windows\System\JhfenIN.exe
  2⤵
  PID:9440
- C:\Windows\System\FaCLyUN.exe
  C:\Windows\System\FaCLyUN.exe
  2⤵
  PID:9464
- C:\Windows\System\CixpIBB.exe
  C:\Windows\System\CixpIBB.exe
  2⤵
  PID:9472
- C:\Windows\System\lgXDNFy.exe
  C:\Windows\System\lgXDNFy.exe
  2⤵
  PID:9624
- C:\Windows\System\NLWjcVy.exe
  C:\Windows\System\NLWjcVy.exe
  2⤵
  PID:9608
- C:\Windows\System\IQjTfGt.exe
  C:\Windows\System\IQjTfGt.exe
  2⤵
  PID:9748
- C:\Windows\System\kwUcAxf.exe
  C:\Windows\System\kwUcAxf.exe
  2⤵
  PID:9796
- C:\Windows\System\iktzGLJ.exe
  C:\Windows\System\iktzGLJ.exe
  2⤵
  PID:9864
- C:\Windows\System\NEnkxMt.exe
  C:\Windows\System\NEnkxMt.exe
  2⤵
  PID:9972
- C:\Windows\System\UwKBGiE.exe
  C:\Windows\System\UwKBGiE.exe
  2⤵
  PID:10032
- C:\Windows\System\PcMnRLg.exe
  C:\Windows\System\PcMnRLg.exe
  2⤵
  PID:10116
- C:\Windows\System\fPgHXNI.exe
  C:\Windows\System\fPgHXNI.exe
  2⤵
  PID:10212
- C:\Windows\System\psUbLXh.exe
  C:\Windows\System\psUbLXh.exe
  2⤵
  PID:10208
- C:\Windows\System\WklxKwX.exe
  C:\Windows\System\WklxKwX.exe
  2⤵
  PID:9124
- C:\Windows\System\hmWgxxb.exe
  C:\Windows\System\hmWgxxb.exe
  2⤵
  PID:9372
- C:\Windows\System\FYlavKc.exe
  C:\Windows\System\FYlavKc.exe
  2⤵
  PID:9468
- C:\Windows\System\ZaeGtUY.exe
  C:\Windows\System\ZaeGtUY.exe
  2⤵
  PID:9868
- C:\Windows\System\zIrPabd.exe
  C:\Windows\System\zIrPabd.exe
  2⤵
  PID:7828
- C:\Windows\System\TqTYBki.exe
  C:\Windows\System\TqTYBki.exe
  2⤵
  PID:8132
- C:\Windows\System\TuzwreO.exe
  C:\Windows\System\TuzwreO.exe
  2⤵
  PID:10096
- C:\Windows\System\nQQssHP.exe
  C:\Windows\System\nQQssHP.exe
  2⤵
  PID:9664
- C:\Windows\System\PMftVGV.exe
  C:\Windows\System\PMftVGV.exe
  2⤵
  PID:10184
- C:\Windows\System\YruXDdv.exe
  C:\Windows\System\YruXDdv.exe
  2⤵
  PID:10260
- C:\Windows\System\AzxcxUH.exe
  C:\Windows\System\AzxcxUH.exe
  2⤵
  PID:10296
- C:\Windows\System\hmrXvsS.exe
  C:\Windows\System\hmrXvsS.exe
  2⤵
  PID:10324
- C:\Windows\System\UlOhtDa.exe
  C:\Windows\System\UlOhtDa.exe
  2⤵
  PID:10360
- C:\Windows\System\tDbXofv.exe
  C:\Windows\System\tDbXofv.exe
  2⤵
  PID:10404
- C:\Windows\System\kNCxAhA.exe
  C:\Windows\System\kNCxAhA.exe
  2⤵
  PID:10436
- C:\Windows\System\YYljxWp.exe
  C:\Windows\System\YYljxWp.exe
  2⤵
  PID:10464
- C:\Windows\System\uYNjNTc.exe
  C:\Windows\System\uYNjNTc.exe
  2⤵
  PID:10496
- C:\Windows\System\ilzmzdO.exe
  C:\Windows\System\ilzmzdO.exe
  2⤵
  PID:10520
- C:\Windows\System\XInSrPq.exe
  C:\Windows\System\XInSrPq.exe
  2⤵
  PID:10556
- C:\Windows\System\hNxWxZr.exe
  C:\Windows\System\hNxWxZr.exe
  2⤵
  PID:10588
- C:\Windows\System\YMhsOUh.exe
  C:\Windows\System\YMhsOUh.exe
  2⤵
  PID:10628
- C:\Windows\System\MbtsfoA.exe
  C:\Windows\System\MbtsfoA.exe
  2⤵
  PID:10656
- C:\Windows\System\RVVHsaB.exe
  C:\Windows\System\RVVHsaB.exe
  2⤵
  PID:10684
- C:\Windows\System\GrzILUi.exe
  C:\Windows\System\GrzILUi.exe
  2⤵
  PID:10720
- C:\Windows\System\xgfmIDa.exe
  C:\Windows\System\xgfmIDa.exe
  2⤵
  PID:10744
- C:\Windows\System\qLRjPVx.exe
  C:\Windows\System\qLRjPVx.exe
  2⤵
  PID:10780
- C:\Windows\System\vUqNRnj.exe
  C:\Windows\System\vUqNRnj.exe
  2⤵
  PID:10808
- C:\Windows\System\SqWpVcD.exe
  C:\Windows\System\SqWpVcD.exe
  2⤵
  PID:10844
- C:\Windows\System\JXAFRvn.exe
  C:\Windows\System\JXAFRvn.exe
  2⤵
  PID:10872
- C:\Windows\System\xaKknEx.exe
  C:\Windows\System\xaKknEx.exe
  2⤵
  PID:10900
- C:\Windows\System\wwezXLP.exe
  C:\Windows\System\wwezXLP.exe
  2⤵
  PID:10928
- C:\Windows\System\jHHXPwP.exe
  C:\Windows\System\jHHXPwP.exe
  2⤵
  PID:10956
- C:\Windows\System\YyQqYkd.exe
  C:\Windows\System\YyQqYkd.exe
  2⤵
  PID:10984
- C:\Windows\System\JCFZLns.exe
  C:\Windows\System\JCFZLns.exe
  2⤵
  PID:11004
- C:\Windows\System\ufvnVzY.exe
  C:\Windows\System\ufvnVzY.exe
  2⤵
  PID:11028
- C:\Windows\System\inwEwsO.exe
  C:\Windows\System\inwEwsO.exe
  2⤵
  PID:11056
- C:\Windows\System\OTBcseM.exe
  C:\Windows\System\OTBcseM.exe
  2⤵
  PID:11084
- C:\Windows\System\FutNGyf.exe
  C:\Windows\System\FutNGyf.exe
  2⤵
  PID:11104
- C:\Windows\System\vVQIXDm.exe
  C:\Windows\System\vVQIXDm.exe
  2⤵
  PID:11128
- C:\Windows\System\ypyqsgQ.exe
  C:\Windows\System\ypyqsgQ.exe
  2⤵
  PID:11148
- C:\Windows\System\haBlszY.exe
  C:\Windows\System\haBlszY.exe
  2⤵
  PID:11172
- C:\Windows\System\PNJHyuP.exe
  C:\Windows\System\PNJHyuP.exe
  2⤵
  PID:11192
- C:\Windows\System\NqEkGkQ.exe
  C:\Windows\System\NqEkGkQ.exe
  2⤵
  PID:11240
- C:\Windows\System\seRIrPz.exe
  C:\Windows\System\seRIrPz.exe
  2⤵
  PID:11260
- C:\Windows\System\CpdypuC.exe
  C:\Windows\System\CpdypuC.exe
  2⤵
  PID:10088
- C:\Windows\System\gHoOJwc.exe
  C:\Windows\System\gHoOJwc.exe
  2⤵
  PID:10284
- C:\Windows\System\NlFSfTQ.exe
  C:\Windows\System\NlFSfTQ.exe
  2⤵
  PID:10244
- C:\Windows\System\tDNPCcg.exe
  C:\Windows\System\tDNPCcg.exe
  2⤵
  PID:10356
- C:\Windows\System\dfdTrZb.exe
  C:\Windows\System\dfdTrZb.exe
  2⤵
  PID:10456
- C:\Windows\System\rVMmpZh.exe
  C:\Windows\System\rVMmpZh.exe
  2⤵
  PID:10488
- C:\Windows\System\nbHuiRj.exe
  C:\Windows\System\nbHuiRj.exe
  2⤵
  PID:10544
- C:\Windows\System\iIQQbgj.exe
  C:\Windows\System\iIQQbgj.exe
  2⤵
  PID:10612
- C:\Windows\System\EcCrPFL.exe
  C:\Windows\System\EcCrPFL.exe
  2⤵
  PID:10640
- C:\Windows\System\svnHhkW.exe
  C:\Windows\System\svnHhkW.exe
  2⤵
  PID:10696
- C:\Windows\System\DmtbcWE.exe
  C:\Windows\System\DmtbcWE.exe
  2⤵
  PID:10776
- C:\Windows\System\hyvtZES.exe
  C:\Windows\System\hyvtZES.exe
  2⤵
  PID:7632
- C:\Windows\System\pRUXAxj.exe
  C:\Windows\System\pRUXAxj.exe
  2⤵
  PID:10840
- C:\Windows\System\moaDkia.exe
  C:\Windows\System\moaDkia.exe
  2⤵
  PID:10892
- C:\Windows\System\HAVyTxB.exe
  C:\Windows\System\HAVyTxB.exe
  2⤵
  PID:10952
- C:\Windows\System\xAcXarU.exe
  C:\Windows\System\xAcXarU.exe
  2⤵
  PID:11040
- C:\Windows\System\KSxEnNl.exe
  C:\Windows\System\KSxEnNl.exe
  2⤵
  PID:11092
- C:\Windows\System\MqyrGXx.exe
  C:\Windows\System\MqyrGXx.exe
  2⤵
  PID:10420
- C:\Windows\System\ENmHHUf.exe
  C:\Windows\System\ENmHHUf.exe
  2⤵
  PID:10740
- C:\Windows\System\kbODvUy.exe
  C:\Windows\System\kbODvUy.exe
  2⤵
  PID:10800
- C:\Windows\System\FmPuCZr.exe
  C:\Windows\System\FmPuCZr.exe
  2⤵
  PID:11052
- C:\Windows\System\mzCjXUA.exe
  C:\Windows\System\mzCjXUA.exe
  2⤵
  PID:11120
- C:\Windows\System\IQnLLIa.exe
  C:\Windows\System\IQnLLIa.exe
  2⤵
  PID:11164
- C:\Windows\System\siJluoh.exe
  C:\Windows\System\siJluoh.exe
  2⤵
  PID:11156
- C:\Windows\System\TZCKlaH.exe
  C:\Windows\System\TZCKlaH.exe
  2⤵
  PID:10732
- C:\Windows\System\mKPwfny.exe
  C:\Windows\System\mKPwfny.exe
  2⤵
  PID:11000
- C:\Windows\System\ufCLbpe.exe
  C:\Windows\System\ufCLbpe.exe
  2⤵
  PID:11252
- C:\Windows\System\JzVKJNS.exe
  C:\Windows\System\JzVKJNS.exe
  2⤵
  PID:11212
- C:\Windows\System\bshFVpt.exe
  C:\Windows\System\bshFVpt.exe
  2⤵
  PID:11296
- C:\Windows\System\fjeuBVA.exe
  C:\Windows\System\fjeuBVA.exe
  2⤵
  PID:11328
- C:\Windows\System\amkmWnZ.exe
  C:\Windows\System\amkmWnZ.exe
  2⤵
  PID:11348
- C:\Windows\System\bIocPmN.exe
  C:\Windows\System\bIocPmN.exe
  2⤵
  PID:11380
- C:\Windows\System\sXtcRVo.exe
  C:\Windows\System\sXtcRVo.exe
  2⤵
  PID:11408
- C:\Windows\System\GuJpqXO.exe
  C:\Windows\System\GuJpqXO.exe
  2⤵
  PID:11436
- C:\Windows\System\wGsRIhU.exe
  C:\Windows\System\wGsRIhU.exe
  2⤵
  PID:11464
- C:\Windows\System\nMgcViu.exe
  C:\Windows\System\nMgcViu.exe
  2⤵
  PID:11492
- C:\Windows\System\JzgEuCy.exe
  C:\Windows\System\JzgEuCy.exe
  2⤵
  PID:11520
- C:\Windows\System\AZtdKaZ.exe
  C:\Windows\System\AZtdKaZ.exe
  2⤵
  PID:11548
- C:\Windows\System\KtKrLly.exe
  C:\Windows\System\KtKrLly.exe
  2⤵
  PID:11564
- C:\Windows\System\ErtrexY.exe
  C:\Windows\System\ErtrexY.exe
  2⤵
  PID:11600
- C:\Windows\System\dGBpZXE.exe
  C:\Windows\System\dGBpZXE.exe
  2⤵
  PID:11616
- C:\Windows\System\qXdVMKA.exe
  C:\Windows\System\qXdVMKA.exe
  2⤵
  PID:11640
- C:\Windows\System\OnDcipl.exe
  C:\Windows\System\OnDcipl.exe
  2⤵
  PID:11668
- C:\Windows\System\xICpJjo.exe
  C:\Windows\System\xICpJjo.exe
  2⤵
  PID:11684
- C:\Windows\System\eADWWqE.exe
  C:\Windows\System\eADWWqE.exe
  2⤵
  PID:11700
- C:\Windows\System\oOCowzP.exe
  C:\Windows\System\oOCowzP.exe
  2⤵
  PID:11748
- C:\Windows\System\kzEeKEq.exe
  C:\Windows\System\kzEeKEq.exe
  2⤵
  PID:11780
- C:\Windows\System\AXtaRUc.exe
  C:\Windows\System\AXtaRUc.exe
  2⤵
  PID:11816
- C:\Windows\System\mjwuzUb.exe
  C:\Windows\System\mjwuzUb.exe
  2⤵
  PID:11844
- C:\Windows\System\gYnpnWH.exe
  C:\Windows\System\gYnpnWH.exe
  2⤵
  PID:11864
- C:\Windows\System\oyPfIfW.exe
  C:\Windows\System\oyPfIfW.exe
  2⤵
  PID:11896
- C:\Windows\System\cKpvCqM.exe
  C:\Windows\System\cKpvCqM.exe
  2⤵
  PID:11920
- C:\Windows\System\VdrlcTy.exe
  C:\Windows\System\VdrlcTy.exe
  2⤵
  PID:11940
- C:\Windows\System\dkKtUsw.exe
  C:\Windows\System\dkKtUsw.exe
  2⤵
  PID:11964
- C:\Windows\System\OLhYnCD.exe
  C:\Windows\System\OLhYnCD.exe
  2⤵
  PID:11992
- C:\Windows\System\FqmHLbL.exe
  C:\Windows\System\FqmHLbL.exe
  2⤵
  PID:12020
- C:\Windows\System\wIDYJle.exe
  C:\Windows\System\wIDYJle.exe
  2⤵
  PID:12048
- C:\Windows\System\XfvQwIa.exe
  C:\Windows\System\XfvQwIa.exe
  2⤵
  PID:12076
- C:\Windows\System\vbQluYb.exe
  C:\Windows\System\vbQluYb.exe
  2⤵
  PID:12108
- C:\Windows\System\LWMGhWq.exe
  C:\Windows\System\LWMGhWq.exe
  2⤵
  PID:12144
- C:\Windows\System\dSusyur.exe
  C:\Windows\System\dSusyur.exe
  2⤵
  PID:12176
- C:\Windows\System\SxMdMWw.exe
  C:\Windows\System\SxMdMWw.exe
  2⤵
  PID:12200
- C:\Windows\System\KjwEENR.exe
  C:\Windows\System\KjwEENR.exe
  2⤵
  PID:12244
- C:\Windows\System\dxLjKbQ.exe
  C:\Windows\System\dxLjKbQ.exe
  2⤵
  PID:12276
- C:\Windows\System\SuWAqCb.exe
  C:\Windows\System\SuWAqCb.exe
  2⤵
  PID:11280
- C:\Windows\System\SdKMpdk.exe
  C:\Windows\System\SdKMpdk.exe
  2⤵
  PID:11372
- C:\Windows\System\VNjNMnE.exe
  C:\Windows\System\VNjNMnE.exe
  2⤵
  PID:10292
- C:\Windows\System\BrcgcVT.exe
  C:\Windows\System\BrcgcVT.exe
  2⤵
  PID:11424
- C:\Windows\System\TOxSYJb.exe
  C:\Windows\System\TOxSYJb.exe
  2⤵
  PID:11504
- C:\Windows\System\rXHrGwO.exe
  C:\Windows\System\rXHrGwO.exe
  2⤵
  PID:11576
- C:\Windows\System\vcmRUwg.exe
  C:\Windows\System\vcmRUwg.exe
  2⤵
  PID:11632
- C:\Windows\System\hebWmMU.exe
  C:\Windows\System\hebWmMU.exe
  2⤵
  PID:11736
- C:\Windows\System\yupEJRX.exe
  C:\Windows\System\yupEJRX.exe
  2⤵
  PID:11760
- C:\Windows\System\FRVqiRa.exe
  C:\Windows\System\FRVqiRa.exe
  2⤵
  PID:11880
- C:\Windows\System\KRUFibB.exe
  C:\Windows\System\KRUFibB.exe
  2⤵
  PID:11952
- C:\Windows\System\eBPkjii.exe
  C:\Windows\System\eBPkjii.exe
  2⤵
  PID:12016
- C:\Windows\System\WBuvnTl.exe
  C:\Windows\System\WBuvnTl.exe
  2⤵
  PID:12060
- C:\Windows\System\kuuczzw.exe
  C:\Windows\System\kuuczzw.exe
  2⤵
  PID:12132
- C:\Windows\System\KJhGMtL.exe
  C:\Windows\System\KJhGMtL.exe
  2⤵
  PID:12192
- C:\Windows\System\FPwlNlr.exe
  C:\Windows\System\FPwlNlr.exe
  2⤵
  PID:12268
- C:\Windows\System\LsvICVA.exe
  C:\Windows\System\LsvICVA.exe
  2⤵
  PID:11340
- C:\Windows\System\YMjUYSw.exe
  C:\Windows\System\YMjUYSw.exe
  2⤵
  PID:11512
- C:\Windows\System\heqPaEi.exe
  C:\Windows\System\heqPaEi.exe
  2⤵
  PID:11680
- C:\Windows\System\uaXkzrD.exe
  C:\Windows\System\uaXkzrD.exe
  2⤵
  PID:11764
- C:\Windows\System\cHfnCOS.exe
  C:\Windows\System\cHfnCOS.exe
  2⤵
  PID:11984
- C:\Windows\System\YxshjLJ.exe
  C:\Windows\System\YxshjLJ.exe
  2⤵
  PID:12164
- C:\Windows\System\FgVUcda.exe
  C:\Windows\System\FgVUcda.exe
  2⤵
  PID:12184
- C:\Windows\System\sgeXvTt.exe
  C:\Windows\System\sgeXvTt.exe
  2⤵
  PID:11560
- C:\Windows\System\nyQTATS.exe
  C:\Windows\System\nyQTATS.exe
  2⤵
  PID:11720
- C:\Windows\System\gRzlVlv.exe
  C:\Windows\System\gRzlVlv.exe
  2⤵
  PID:11988
- C:\Windows\System\wGmmJIe.exe
  C:\Windows\System\wGmmJIe.exe
  2⤵
  PID:11656
- C:\Windows\System\dClxyCo.exe
  C:\Windows\System\dClxyCo.exe
  2⤵
  PID:12312
- C:\Windows\System\vGIzvdk.exe
  C:\Windows\System\vGIzvdk.exe
  2⤵
  PID:12332
- C:\Windows\System\qygMJha.exe
  C:\Windows\System\qygMJha.exe
  2⤵
  PID:12356
- C:\Windows\System\iAxsJbx.exe
  C:\Windows\System\iAxsJbx.exe
  2⤵
  PID:12376
- C:\Windows\System\usDQRpI.exe
  C:\Windows\System\usDQRpI.exe
  2⤵
  PID:12400
- C:\Windows\System\wpgcfUr.exe
  C:\Windows\System\wpgcfUr.exe
  2⤵
  PID:12436
- C:\Windows\System\xVvkEFe.exe
  C:\Windows\System\xVvkEFe.exe
  2⤵
  PID:12464
- C:\Windows\System\IRVjKSE.exe
  C:\Windows\System\IRVjKSE.exe
  2⤵
  PID:12488
- C:\Windows\System\UUquhwB.exe
  C:\Windows\System\UUquhwB.exe
  2⤵
  PID:12512
- C:\Windows\System\ZfhYbgT.exe
  C:\Windows\System\ZfhYbgT.exe
  2⤵
  PID:12528
- C:\Windows\System\KvRjPYc.exe
  C:\Windows\System\KvRjPYc.exe
  2⤵
  PID:12552
- C:\Windows\System\ieNWxhz.exe
  C:\Windows\System\ieNWxhz.exe
  2⤵
  PID:12580
- C:\Windows\System\ewucGey.exe
  C:\Windows\System\ewucGey.exe
  2⤵
  PID:12612
- C:\Windows\System\MQMKlHc.exe
  C:\Windows\System\MQMKlHc.exe
  2⤵
  PID:12648
- C:\Windows\System\CWsnKeG.exe
  C:\Windows\System\CWsnKeG.exe
  2⤵
  PID:12672
- C:\Windows\System\TsjAcoM.exe
  C:\Windows\System\TsjAcoM.exe
  2⤵
  PID:12704
- C:\Windows\System\ipwugcs.exe
  C:\Windows\System\ipwugcs.exe
  2⤵
  PID:12740
- C:\Windows\System\oXRxyoW.exe
  C:\Windows\System\oXRxyoW.exe
  2⤵
  PID:12768
- C:\Windows\System\Gghhwop.exe
  C:\Windows\System\Gghhwop.exe
  2⤵
  PID:12808
- C:\Windows\System\vyxNQji.exe
  C:\Windows\System\vyxNQji.exe
  2⤵
  PID:12844
- C:\Windows\System\jPxSkNF.exe
  C:\Windows\System\jPxSkNF.exe
  2⤵
  PID:12872
- C:\Windows\System\ZEhYOsJ.exe
  C:\Windows\System\ZEhYOsJ.exe
  2⤵
  PID:12900
- C:\Windows\System\oyoTXKf.exe
  C:\Windows\System\oyoTXKf.exe
  2⤵
  PID:12924
- C:\Windows\System\ZNeKIfk.exe
  C:\Windows\System\ZNeKIfk.exe
  2⤵
  PID:12944
- C:\Windows\System\nFKIEaj.exe
  C:\Windows\System\nFKIEaj.exe
  2⤵
  PID:12984
- C:\Windows\System\nfXfnuj.exe
  C:\Windows\System\nfXfnuj.exe
  2⤵
  PID:13028
- C:\Windows\System\BQpJsVa.exe
  C:\Windows\System\BQpJsVa.exe
  2⤵
  PID:13060
- C:\Windows\System\tHDaroM.exe
  C:\Windows\System\tHDaroM.exe
  2⤵
  PID:13088
- C:\Windows\System\dXGEdDH.exe
  C:\Windows\System\dXGEdDH.exe
  2⤵
  PID:13104
- C:\Windows\System\tFhuHnS.exe
  C:\Windows\System\tFhuHnS.exe
  2⤵
  PID:13132
- C:\Windows\System\wloALxW.exe
  C:\Windows\System\wloALxW.exe
  2⤵
  PID:13160
- C:\Windows\System\BsJlUtp.exe
  C:\Windows\System\BsJlUtp.exe
  2⤵
  PID:13188
- C:\Windows\System\TfnEHRm.exe
  C:\Windows\System\TfnEHRm.exe
  2⤵
  PID:13208
- C:\Windows\System\azvaGye.exe
  C:\Windows\System\azvaGye.exe
  2⤵
  PID:13232
- C:\Windows\System\yflLeLh.exe
  C:\Windows\System\yflLeLh.exe
  2⤵
  PID:13264
- C:\Windows\System\iXrRexz.exe
  C:\Windows\System\iXrRexz.exe
  2⤵
  PID:13296
- C:\Windows\System\uSvFXQZ.exe
  C:\Windows\System\uSvFXQZ.exe
  2⤵
  PID:12304
- C:\Windows\System\JSiqARZ.exe
  C:\Windows\System\JSiqARZ.exe
  2⤵
  PID:12412
- C:\Windows\System\yAQXSUJ.exe
  C:\Windows\System\yAQXSUJ.exe
  2⤵
  PID:12548
- C:\Windows\System\RXGvMMn.exe
  C:\Windows\System\RXGvMMn.exe
  2⤵
  PID:12624
- C:\Windows\System\EnSzvYz.exe
  C:\Windows\System\EnSzvYz.exe
  2⤵
  PID:12524
- C:\Windows\System\ZILszeO.exe
  C:\Windows\System\ZILszeO.exe
  2⤵
  PID:12688
- C:\Windows\System\QaviDQL.exe
  C:\Windows\System\QaviDQL.exe
  2⤵
  PID:12604
- C:\Windows\System\FhgkYFy.exe
  C:\Windows\System\FhgkYFy.exe
  2⤵
  PID:12816
- C:\Windows\System\khPqnpx.exe
  C:\Windows\System\khPqnpx.exe
  2⤵
  PID:12940
- C:\Windows\System\qQkfXaU.exe
  C:\Windows\System\qQkfXaU.exe
  2⤵
  PID:12832
- C:\Windows\System\VreKgAj.exe
  C:\Windows\System\VreKgAj.exe
  2⤵
  PID:13036
- C:\Windows\System\ZjgfDdO.exe
  C:\Windows\System\ZjgfDdO.exe
  2⤵
  PID:13156
- C:\Windows\System\TdAzuCJ.exe
  C:\Windows\System\TdAzuCJ.exe
  2⤵
  PID:13148
- C:\Windows\System\QfLBoCX.exe
  C:\Windows\System\QfLBoCX.exe
  2⤵
  PID:13176
- C:\Windows\System\LHXhwJi.exe
  C:\Windows\System\LHXhwJi.exe
  2⤵
  PID:12668
- C:\Windows\System\RVxfOrO.exe
  C:\Windows\System\RVxfOrO.exe
  2⤵
  PID:12396
- C:\Windows\System\HrxLTQN.exe
  C:\Windows\System\HrxLTQN.exe
  2⤵
  PID:12728
- C:\Windows\System\ePJEIcF.exe
  C:\Windows\System\ePJEIcF.exe
  2⤵
  PID:13012
- C:\Windows\System\OajbnCM.exe
  C:\Windows\System\OajbnCM.exe
  2⤵
  PID:13200
- C:\Windows\System\mYYKvTY.exe
  C:\Windows\System\mYYKvTY.exe
  2⤵
  PID:13120
- C:\Windows\System\adottoT.exe
  C:\Windows\System\adottoT.exe
  2⤵
  PID:12588
- C:\Windows\System\pZkvIrt.exe
  C:\Windows\System\pZkvIrt.exe
  2⤵
  PID:12232
- C:\Windows\System\PGciSaK.exe
  C:\Windows\System\PGciSaK.exe
  2⤵
  PID:13100
- C:\Windows\System\hArDSIk.exe
  C:\Windows\System\hArDSIk.exe
  2⤵
  PID:13344
- C:\Windows\System\MUFsyOJ.exe
  C:\Windows\System\MUFsyOJ.exe
  2⤵
  PID:13372
- C:\Windows\System\pnClxau.exe
  C:\Windows\System\pnClxau.exe
  2⤵
  PID:13388
- C:\Windows\System\opSEUxf.exe
  C:\Windows\System\opSEUxf.exe
  2⤵
  PID:13420
- C:\Windows\System\kDkDvMp.exe
  C:\Windows\System\kDkDvMp.exe
  2⤵
  PID:13448
- C:\Windows\System\QSNhwYC.exe
  C:\Windows\System\QSNhwYC.exe
  2⤵
  PID:13472
- C:\Windows\System\wnRERBK.exe
  C:\Windows\System\wnRERBK.exe
  2⤵
  PID:13504
- C:\Windows\System\GjgybeS.exe
  C:\Windows\System\GjgybeS.exe
  2⤵
  PID:13532
- C:\Windows\System\lTzbsuH.exe
  C:\Windows\System\lTzbsuH.exe
  2⤵
  PID:13564
- C:\Windows\System\NanEVAO.exe
  C:\Windows\System\NanEVAO.exe
  2⤵
  PID:13588
- C:\Windows\System\RYmNRpU.exe
  C:\Windows\System\RYmNRpU.exe
  2⤵
  PID:13608
- C:\Windows\System\nEFPOOQ.exe
  C:\Windows\System\nEFPOOQ.exe
  2⤵
  PID:13632
- C:\Windows\System\FiXBfif.exe
  C:\Windows\System\FiXBfif.exe
  2⤵
  PID:13656
- C:\Windows\System\kEgxzBW.exe
  C:\Windows\System\kEgxzBW.exe
  2⤵
  PID:13680
- C:\Windows\System\GRsMlfE.exe
  C:\Windows\System\GRsMlfE.exe
  2⤵
  PID:13720
- C:\Windows\System\gkyEHVC.exe
  C:\Windows\System\gkyEHVC.exe
  2⤵
  PID:13744
- C:\Windows\System\yHUCqPW.exe
  C:\Windows\System\yHUCqPW.exe
  2⤵
  PID:13772
- C:\Windows\System\iiZoVyb.exe
  C:\Windows\System\iiZoVyb.exe
  2⤵
  PID:13788
- C:\Windows\System\xOnaFdC.exe
  C:\Windows\System\xOnaFdC.exe
  2⤵
  PID:13808
- C:\Windows\System\RmXtUAe.exe
  C:\Windows\System\RmXtUAe.exe
  2⤵
  PID:13848
- C:\Windows\System\YPQPgkP.exe
  C:\Windows\System\YPQPgkP.exe
  2⤵
  PID:13884
- C:\Windows\System\dLqYPHF.exe
  C:\Windows\System\dLqYPHF.exe
  2⤵
  PID:13908
- C:\Windows\System\CowfpjX.exe
  C:\Windows\System\CowfpjX.exe
  2⤵
  PID:13928
- C:\Windows\System\JTldGOr.exe
  C:\Windows\System\JTldGOr.exe
  2⤵
  PID:13960
- C:\Windows\System\McPdKMQ.exe
  C:\Windows\System\McPdKMQ.exe
  2⤵
  PID:13992
- C:\Windows\System\jkXdJWB.exe
  C:\Windows\System\jkXdJWB.exe
  2⤵
  PID:14016
- C:\Windows\System\wUdQxKY.exe
  C:\Windows\System\wUdQxKY.exe
  2⤵
  PID:14036
- C:\Windows\System\AUgOkPk.exe
  C:\Windows\System\AUgOkPk.exe
  2⤵
  PID:14060
- C:\Windows\System\vjHNfOW.exe
  C:\Windows\System\vjHNfOW.exe
  2⤵
  PID:14088
- C:\Windows\System\hBDzwof.exe
  C:\Windows\System\hBDzwof.exe
  2⤵
  PID:14120
- C:\Windows\System\WDdZFVE.exe
  C:\Windows\System\WDdZFVE.exe
  2⤵
  PID:14148
- C:\Windows\System\yBCAqrJ.exe
  C:\Windows\System\yBCAqrJ.exe
  2⤵
  PID:14176
- C:\Windows\System\qbAZfUe.exe
  C:\Windows\System\qbAZfUe.exe
  2⤵
  PID:14216
- C:\Windows\System\peXpRaL.exe
  C:\Windows\System\peXpRaL.exe
  2⤵
  PID:14252
- C:\Windows\System\ASTolrT.exe
  C:\Windows\System\ASTolrT.exe
  2⤵
  PID:14268
- C:\Windows\System\vjNNGkl.exe
  C:\Windows\System\vjNNGkl.exe
  2⤵
  PID:14284
- C:\Windows\System\SikIdvm.exe
  C:\Windows\System\SikIdvm.exe
  2⤵
  PID:14300
- C:\Windows\System\txFvhLs.exe
  C:\Windows\System\txFvhLs.exe
  2⤵
  PID:14328
- C:\Windows\System\HujDItJ.exe
  C:\Windows\System\HujDItJ.exe
  2⤵
  PID:12936
- C:\Windows\System\GDQUmfm.exe
  C:\Windows\System\GDQUmfm.exe
  2⤵
  PID:13484
- C:\Windows\System\Msbvpeg.exe
  C:\Windows\System\Msbvpeg.exe
  2⤵
  PID:13440
- C:\Windows\System\sRwFrxh.exe
  C:\Windows\System\sRwFrxh.exe
  2⤵
  PID:13408
- C:\Windows\System\WLCaWJd.exe
  C:\Windows\System\WLCaWJd.exe
  2⤵
  PID:13668
- C:\Windows\System\GPOQXdz.exe
  C:\Windows\System\GPOQXdz.exe
  2⤵
  PID:13628
- C:\Windows\System\eHXwqlS.exe
  C:\Windows\System\eHXwqlS.exe
  2⤵
  PID:13760
- C:\Windows\System\RLjSTGY.exe
  C:\Windows\System\RLjSTGY.exe
  2⤵
  PID:13728
- C:\Windows\System\XfLtdPQ.exe
  C:\Windows\System\XfLtdPQ.exe
  2⤵
  PID:13700
- C:\Windows\System\VcpsuXP.exe
  C:\Windows\System\VcpsuXP.exe
  2⤵
  PID:13800
- C:\Windows\System\KCzcokK.exe
  C:\Windows\System\KCzcokK.exe
  2⤵
  PID:14008
- C:\Windows\System\TXASvBS.exe
  C:\Windows\System\TXASvBS.exe
  2⤵
  PID:13816
- C:\Windows\System\hGnetqn.exe
  C:\Windows\System\hGnetqn.exe
  2⤵
  PID:14108
- C:\Windows\System\vcjIyZx.exe
  C:\Windows\System\vcjIyZx.exe
  2⤵
  PID:14112
- C:\Windows\System\xTPIeyD.exe
  C:\Windows\System\xTPIeyD.exe
  2⤵
  PID:14084
- C:\Windows\System\aYnZewZ.exe
  C:\Windows\System\aYnZewZ.exe
  2⤵
  PID:12748
- C:\Windows\System\GuoLRso.exe
  C:\Windows\System\GuoLRso.exe
  2⤵
  PID:14192
- C:\Windows\System\udiAPOM.exe
  C:\Windows\System\udiAPOM.exe
  2⤵
  PID:13432
- C:\Windows\System\GOgmkLy.exe
  C:\Windows\System\GOgmkLy.exe
  2⤵
  PID:14260
- C:\Windows\System\NubAMXv.exe
  C:\Windows\System\NubAMXv.exe
  2⤵
  PID:13540
- C:\Windows\System\LdnqwVL.exe
  C:\Windows\System\LdnqwVL.exe
  2⤵
  PID:14296
- C:\Windows\System\HkQXGpC.exe
  C:\Windows\System\HkQXGpC.exe
  2⤵
  PID:13976
- C:\Windows\System\plfYXbi.exe
  C:\Windows\System\plfYXbi.exe
  2⤵
  PID:14184
- C:\Windows\System\RMhYKfE.exe
  C:\Windows\System\RMhYKfE.exe
  2⤵
  PID:14280
- C:\Windows\System\CaHFNwP.exe
  C:\Windows\System\CaHFNwP.exe
  2⤵
  PID:14352
- C:\Windows\System\SduGsGe.exe
  C:\Windows\System\SduGsGe.exe
  2⤵
  PID:14392
- C:\Windows\System\DsUmMYP.exe
  C:\Windows\System\DsUmMYP.exe
  2⤵
  PID:14412
- C:\Windows\System\RqtcTuB.exe
  C:\Windows\System\RqtcTuB.exe
  2⤵
  PID:14436
- C:\Windows\System\KNEQpjR.exe
  C:\Windows\System\KNEQpjR.exe
  2⤵
  PID:14456
- C:\Windows\System\vxRbEac.exe
  C:\Windows\System\vxRbEac.exe
  2⤵
  PID:14488
- C:\Windows\System\EfsHjvb.exe
  C:\Windows\System\EfsHjvb.exe
  2⤵
  PID:14516
- C:\Windows\System\OplKjhH.exe
  C:\Windows\System\OplKjhH.exe
  2⤵
  PID:14544
- C:\Windows\System\GBDZVMB.exe
  C:\Windows\System\GBDZVMB.exe
  2⤵
  PID:14572
- C:\Windows\System\aypSxbf.exe
  C:\Windows\System\aypSxbf.exe
  2⤵
  PID:14600
- C:\Windows\System\rOLUfLa.exe
  C:\Windows\System\rOLUfLa.exe
  2⤵
  PID:14636
- C:\Windows\System\eaduYfA.exe
  C:\Windows\System\eaduYfA.exe
  2⤵
  PID:14656
- C:\Windows\System\hSAwzpP.exe
  C:\Windows\System\hSAwzpP.exe
  2⤵
  PID:14692
- C:\Windows\System\bHywiQn.exe
  C:\Windows\System\bHywiQn.exe
  2⤵
  PID:14728
- C:\Windows\System\aSKFLvO.exe
  C:\Windows\System\aSKFLvO.exe
  2⤵
  PID:14760
- C:\Windows\System\rwdpZgl.exe
  C:\Windows\System\rwdpZgl.exe
  2⤵
  PID:14788
- C:\Windows\System\bpkzbCA.exe
  C:\Windows\System\bpkzbCA.exe
  2⤵
  PID:14820
- C:\Windows\System\cqhQlSU.exe
  C:\Windows\System\cqhQlSU.exe
  2⤵
  PID:14848
- C:\Windows\System\wIGXdQr.exe
  C:\Windows\System\wIGXdQr.exe
  2⤵
  PID:14880
- C:\Windows\System\ZXFzaDX.exe
  C:\Windows\System\ZXFzaDX.exe
  2⤵
  PID:14912
- C:\Windows\System\OAROmim.exe
  C:\Windows\System\OAROmim.exe
  2⤵
  PID:14940
- C:\Windows\System\GWeZyoY.exe
  C:\Windows\System\GWeZyoY.exe
  2⤵
  PID:14968
- C:\Windows\System\bHjpevS.exe
  C:\Windows\System\bHjpevS.exe
  2⤵
  PID:14992
- C:\Windows\System\gxEEzkc.exe
  C:\Windows\System\gxEEzkc.exe
  2⤵
  PID:15012
- C:\Windows\System\pjthfiV.exe
  C:\Windows\System\pjthfiV.exe
  2⤵
  PID:15048
- C:\Windows\System\dprpjvc.exe
  C:\Windows\System\dprpjvc.exe
  2⤵
  PID:15068
- C:\Windows\System\dDoSdEM.exe
  C:\Windows\System\dDoSdEM.exe
  2⤵
  PID:15096
- C:\Windows\System\jQeXtbh.exe
  C:\Windows\System\jQeXtbh.exe
  2⤵
  PID:15124
- C:\Windows\System\dJQQtuK.exe
  C:\Windows\System\dJQQtuK.exe
  2⤵
  PID:15156
- C:\Windows\System\WyNypnf.exe
  C:\Windows\System\WyNypnf.exe
  2⤵
  PID:15180
- C:\Windows\System\eLxyIuc.exe
  C:\Windows\System\eLxyIuc.exe
  2⤵
  PID:15208
- C:\Windows\System\dsPmYIl.exe
  C:\Windows\System\dsPmYIl.exe
  2⤵
  PID:15232
- C:\Windows\System\VtRlNsQ.exe
  C:\Windows\System\VtRlNsQ.exe
  2⤵
  PID:15268
- C:\Windows\System\fuQhzgr.exe
  C:\Windows\System\fuQhzgr.exe
  2⤵
  PID:15292
- C:\Windows\System\GPeCnuy.exe
  C:\Windows\System\GPeCnuy.exe
  2⤵
  PID:15316
- C:\Windows\System\KzWZYGL.exe
  C:\Windows\System\KzWZYGL.exe
  2⤵
  PID:15356
- C:\Windows\System\ubkXtZu.exe
  C:\Windows\System\ubkXtZu.exe
  2⤵
  PID:14128
- C:\Windows\System\WIGvetI.exe
  C:\Windows\System\WIGvetI.exe
  2⤵
  PID:13404
- C:\Windows\System\NOwqEcm.exe
  C:\Windows\System\NOwqEcm.exe
  2⤵
  PID:13864
- C:\Windows\System\qberYSL.exe
  C:\Windows\System\qberYSL.exe
  2⤵
  PID:14532
- C:\Windows\System\hMgPNFr.exe
  C:\Windows\System\hMgPNFr.exe
  2⤵
  PID:14364
- C:\Windows\System\rxowYIy.exe
  C:\Windows\System\rxowYIy.exe
  2⤵
  PID:14624
- C:\Windows\System\BxBWtyK.exe
  C:\Windows\System\BxBWtyK.exe
  2⤵
  PID:14688
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14688 -s 248
    3⤵
    PID:14376
- C:\Windows\System\OWrRpCd.exe
  C:\Windows\System\OWrRpCd.exe
  2⤵
  PID:14736
- C:\Windows\System\hqeGTtu.exe
  C:\Windows\System\hqeGTtu.exe
  2⤵
  PID:15008
- C:\Windows\System\AuEIJom.exe
  C:\Windows\System\AuEIJom.exe
  2⤵
  PID:13880
- C:\Windows\System\JdOcAET.exe
  C:\Windows\System\JdOcAET.exe
  2⤵
  PID:15276
- C:\Windows\System\mrdhIBL.exe
  C:\Windows\System\mrdhIBL.exe
  2⤵
  PID:15340
- C:\Windows\System\GsWLqEY.exe
  C:\Windows\System\GsWLqEY.exe
  2⤵
  PID:14784

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AxGoZzc.exe

Filesize
2.0MB

MD5
1e3a3fbfb3c3fce25bf5b2ced29f0a0c

SHA1
a9cba61d3e479e892a500f7e461be6e4978e41b5

SHA256
9e324c1d75330e920049427cf6e6b4fe2340e107db1385a22b8f4e65aa129e60

SHA512
a7cff321337af8000255942954ae626fe68b142b0fc1c04d992f99ee5b8bf25264b7ee3a1e5624dce173ab6661b475d56424b377734ef0e1f6f2aea1041b03c6

Download Submit
C:\Windows\System\CUyFDeI.exe

Filesize
2.0MB

MD5
9ebc3e8af1701ab70d6e5632c3aeeae6

SHA1
52793a1d0f08b99afb0557135fadb4d6f9aa330d

SHA256
f078cec900fb13167a6805ebe97d03edf52ff1c6e2505dd1cea4a0b130bb7859

SHA512
fa085973030f98dd5307779c048ade676f8aae377304c8f320d72aab9af15257e9d832e874dbb9fd30ef3cf00bcd435bc007ad4e7f76d9c43ac73b1459f363bd

Download Submit
C:\Windows\System\CtYqeLJ.exe

Filesize
2.0MB

MD5
ed2b4575aee23901ee2a3a0d9382c042

SHA1
e76d2be3a19c90c5fda012ead5cc8ad3bbcd7996

SHA256
100fde8ad17ba8c648f2f2b6144ea04a412f0bc73acfdbde5c8d5a340e336f48

SHA512
8452488bb6e41e77a1fe32f162803678366e6d3df4f048576a60f0406c77f0e1889587c85bbd0a42cd9e38faa3e0a5fe5c3a91547a82baa6cbfe33036018fd7f

Download Submit
C:\Windows\System\FAuGOoc.exe

Filesize
2.0MB

MD5
a8188b410eb27cb9185b0000efb67b63

SHA1
2b73469a4d76716d35ebc46964dcbf849690b6bd

SHA256
08e51ef42d655aa914a95dd9002bd499bbcca7979f5ad8cd0485b74a6072712d

SHA512
39859845ff81d3901d47ef98095d70a07dd42c292e4c63139209a296665c5e53094a6fd87a0399f375c96604f0e4087c5219ed99746fddd5143048c6479504c6

Download Submit
C:\Windows\System\FBPRJgr.exe

Filesize
2.0MB

MD5
4477b542eb0e2daa5ced481892dd9f6d

SHA1
c6bd50998129608d0c90097efd4c7d5004004736

SHA256
0402d7110282ecff1f03297c85cabf14f2ecb2f6899907ad7524b71638de5a99

SHA512
34451eb5115c7e3251f290aad78118e23a4a8e1258913907b66550a6474c0e587e560eb755842441cfe8047891aa36c4e3a1323506c01cafbe39de9d25e78490

Download Submit
C:\Windows\System\KHxmyJJ.exe

Filesize
2.0MB

MD5
0a5f6955fe484313adf7f3b0bb9298da

SHA1
a1ae94dddab0daa5a49719b34ae77a66bda57277

SHA256
3c519a4e7c2b176f8955e36a5caf69d1d9b85b7c1dc4303d949d9e3325c07039

SHA512
bdbf1cdfb7436c8371836c8b9e3a72561c5e684ff5010569d9d56e437569d560ffb0710e98d119f6493db04a5a8d264a8e794962a4103e969a4425e42d9c9669

Download Submit
C:\Windows\System\KqsVDjt.exe

Filesize
2.0MB

MD5
4ad96b765309c11a11fbc90411a32bc4

SHA1
6a32a152de0aff6f3fb58362e0f21c79a678582d

SHA256
86c72db1bc5c7f13380470065a753dc0fac28d7f944a423eb579cd06158ab285

SHA512
fbe2f605cf26808b375af43f336e80039a3e43e418d9c8caa53d42da12bf254db1abd2ec2afa258899be70971fde9b5ddda15e2addbcd43b85c63adf3cd033a8

Download Submit
C:\Windows\System\MjOjqJL.exe

Filesize
2.0MB

MD5
31996169b86b8a569a251973b0716e4e

SHA1
b7b4a393661fc361da439de2b0b8e26b1be92227

SHA256
e02f9442c36a450fb54e5b53fa522470f64207897487a8b1a22c5de4f13f991f

SHA512
08ce3f3c97fa5e6180168e0fbc122b0a5e5e0f906ec5557363e0ccad9d20ae544aa416167aaed9cc76e4a628416b4f24d630ff8bb899a9e37cba0aab3850b6ac

Download Submit
C:\Windows\System\NtYRlbZ.exe

Filesize
2.0MB

MD5
e8f48254d1f9020f8e116b6611c0b059

SHA1
5aae038f98d066e2a9fd595c55fe8da953ec8307

SHA256
756d749543e6465f3cb66126977ad6f7d34a33c7a7f431b3da639b19e545bb50

SHA512
b9312290d0121a4d409b2e411d32272ce3856ad53d2d96dcf0638ea570711eac793a2b45ad81327db32badaa62b75dc3782beace42619d473d3116de37116833

Download Submit
C:\Windows\System\RPdEUKk.exe

Filesize
2.0MB

MD5
55ca10c533ea3e65baa9eeb8b1d78be5

SHA1
25d2ab7b8be7bb76ce2617fbc01947553e415ca0

SHA256
234d75e3d20baaff873c223acfda2ebd465566cb525d6dcced9d4ff10dd10fc3

SHA512
4258042d0c73b09022bb6e823f7bfd1e895bc1e8242f1968c83df0e0d4ef040a627dc17992f78b84e59f38c2cffede9583da2d44af2a2d6bcde573ee26589b4a

Download Submit
C:\Windows\System\RahQlJR.exe

Filesize
2.0MB

MD5
7a7bcb26c6a6bdbe99b9df2195de2817

SHA1
fde5e80423736a91e19164ad738a8f37838e056a

SHA256
1fcfe5b767671c66c2d54e38f83926d7586ceb2b3f6dde6ab1d63dec6ff6bebe

SHA512
61d2417f755fe1875d22a6378d80e638feb242c90e89ecc2c6a76614e7c0f0d97b8d66247c558e955cbda0a703d1781e7a2f809c26103f914b0fd68cf052e55f

Download Submit
C:\Windows\System\TPPQVeD.exe

Filesize
2.0MB

MD5
b8a6b88d3e53eda300c3637845508b23

SHA1
b3125908c791d651330d6206647448ff2d014772

SHA256
a16c4fbf04e1d4d386804ceaad95a2753fdc0858d82b2952b7143bcd64ed14de

SHA512
8608db758619ea598eac404406f5c1df9de93fb2aec1ac4b31f1a593db0476d1bd1baf963ee94b30fdbc8cc03c46d5f0295d33709f1874e116acf557ffe1ab74

Download Submit
C:\Windows\System\TsuAUGi.exe

Filesize
2.0MB

MD5
2b4eca25673ea64686747b8bc1d06713

SHA1
e99dd650e2598e0978cf3a557bc8b627e7897d51

SHA256
6d44d62d9ebb301e2ee3ab6fc3266a0525a4e8cfdf760934cb88176c38c76227

SHA512
65521a33656db3ce01205ff25dde860131df117dda44f3440e4c7d9ad0dc41c23a30c4288b13ff0acae233c342de333a9e25ed00448513d6c86eacb5f5c29bc2

Download Submit
C:\Windows\System\VItGhwP.exe

Filesize
2.0MB

MD5
2f65852a4a460ac7aa8a77932c156309

SHA1
bdf0fd06456d8489c7c63881d5cc16f727cf5c73

SHA256
18db10c9e202e7146c2c1039d8ce91a16d97e8b636fd6aca062935a8187a49d6

SHA512
ce51999f7ef0f7ace7cd18521e2702250040b3c9b97a422947ab286a9841164614a8c3b34801507e93d8582b683ee403d649057e445ef9b2025e0c316dec02eb

Download Submit
C:\Windows\System\VTySATe.exe

Filesize
2.0MB

MD5
201b70249ee7b1a15b239714ceaa1829

SHA1
caa76c87ffc00a5222567506a1d877caedff8898

SHA256
96a45aa9e596333a4bd941bd7e602b581c81065867017bd36bfd7718a9a152a8

SHA512
3bcfeec030227d8f962a9f64935316b39f75de2d90841e989e7ee5a2a452013b6812a982fbbd1bf1d6c76614232257f719edefa7491fab2ce343b760ddf23beb

Download Submit
C:\Windows\System\XqanZQw.exe

Filesize
2.0MB

MD5
4568e4cbd08fac961fcfc80be06ffd8d

SHA1
5120a177509e0ee3baf74dcb73d09da9dd99621f

SHA256
e0df0c559789c9dec09230417b8fc7f756dc38b92609dad28dc1e39eecb3961e

SHA512
691d59dd82984aed4cad1e1ce36235ae352560ef9cfd82e125f08a370c90ac3a9ba581da1f7a73e5f2eaaea35455703effc8e0c89900999eab384b9933b0bc92

Download Submit
C:\Windows\System\ZBlokkF.exe

Filesize
2.0MB

MD5
1d4a95807f068248fae0af00a537291c

SHA1
51d3af8ece0d1ca7adbd5fd5cca6e3743953a093

SHA256
445e057a05958fe67a1c3c47202cab4f31df3ec64e3ce12fee93ebb5480f6613

SHA512
883c886b778d332f288372c16a8e784581a2064a485e4bd8cc5c92b1f244b0960fa06b8df8b75dfb0b2d7d7d95f32c0b3c1b096e32bd1784e1ed1a808a6eb2b9

Download Submit
C:\Windows\System\ZNKBUUO.exe

Filesize
2.0MB

MD5
21807202e9e9b87c4bda5a08f1d6bce0

SHA1
7628070fe6c49a3575325d11cae157b89d56be6e

SHA256
814a62df906b20ced222cc7b15067b00e8e01abfe7894db304080ca0074e1e67

SHA512
4b6865eb5f20dceca3ab2aecffddbe003fcfaa7b7a0e878db59b724c11e2c881e590c889dda2359e0b4eac3881bfd5c787f7f8ab7fc856aa1ce2aa06d064554f

Download Submit
C:\Windows\System\ZYOFVAf.exe

Filesize
2.0MB

MD5
9a657e19bf25992fc6c4fd2c7c785bfc

SHA1
9e11ec66f388f3132b1112f8587f6133f604a3d8

SHA256
547bf41985c98680f6fe130e8d84270334aa5cc8f8b830155bbb8dbcb5de76b6

SHA512
8517a65fa350f360368e9329906301b7832b8729e6dacdbc60f8b5d33f8322f60ce7fa1876a64e7df6caf45444cc415bc7a073f2e79426691938a95dba474411

Download Submit
C:\Windows\System\bAwlgcY.exe

Filesize
2.0MB

MD5
235cd078e7657c86b772617a3ffa2e01

SHA1
6577a9b5da65372af1efbd3a9ec544610ea1ea12

SHA256
c6fc077865c1965cbc9e33bb7de8e5bb4a493de610921101a182971a9a649425

SHA512
1d9ab562e7c37603042612128fa59a9284025c004defa8d65f3530c9c26a508fe2a1e9fbb6a7393353055489f48a7ae48da8d10cd7bc24aaae163349e59370c0

Download Submit
C:\Windows\System\cNCpGSb.exe

Filesize
2.0MB

MD5
08466ceef20deafc5495fbb228b7a943

SHA1
64a4d66c31ccdde10bf22bc1ae1f4f46e3b7935f

SHA256
d466fe9a4d65b2c9e40c37044d885187b2802be0da581c1060a5c907112973c1

SHA512
e4c3af36079e1c4bed5d3c8cc2ee15f265b32f6cd09d84dc9ecad9090cc6e63a27f777abf7715b2bf0928da15bb5f2e0636d74938d2a2881bb88be138edec0b9

Download Submit
C:\Windows\System\cgDOAMo.exe

Filesize
2.0MB

MD5
d5c4c20a423bd22d6fb1104a97722a50

SHA1
b6085d99456411606be34a5fa74f6aa00f28915c

SHA256
c0f40b72d018f8f5b823c9dd8203de045c8fa7667d8a453de6b32c0ad3866f88

SHA512
2d772bacf9189cbea2ebcd11a3577239546754a071b0d6c44b56b4394892ea315a96de9db20eb728f73bc6016e3c623dd2f09a74ac43b53d36aa2543190d2204

Download Submit
C:\Windows\System\dRUwmQT.exe

Filesize
2.0MB

MD5
86ed41469bb4f5b14f3c70f1112741cc

SHA1
4d79cbfa1b5b236f9d92ff07f32271d29231215d

SHA256
760eab6667f2fdb1ba9e74748f9cf7d0a711b4e5f318b89a8a59eec4f2cc2678

SHA512
20e0bb317dcc516dfe3ad7581f7e25489c643fb6f4ae2e74cc0d6871caea54875b668ec5225e984eb63847918effa68e2328ffe6149b9fc74081e2de6af752d5

Download Submit
C:\Windows\System\fSUXxpn.exe

Filesize
2.0MB

MD5
48558e251c01808fa7e6437582e61b40

SHA1
ed6984a8e700ca15ddd17a704aa1580d1a56c828

SHA256
cf9f574afacc842ce97a41df6141120e72b8924daafd02523f7a1359356cd0b4

SHA512
bb0021e80548477c837a02029eb7ea206928a9e653def90d9c7269c7dc426d9a44c5d36e503c5e7787d53e08485c110b002cd74f3cab4bdefaf06505d113304a

Download Submit
C:\Windows\System\fnBYhxf.exe

Filesize
2.0MB

MD5
aa1c64c219db07eb39819bd1a92daff2

SHA1
a400a1730d609d7da57896550166cddf1d733d23

SHA256
7bbd1aca6e171c130b636d47c9c7fcee84c3a653bf5e09042ed1d59b1e41657c

SHA512
34bef2540a9c07bfc924c485da5652a29ea71e00488de375f86c60fcd38c5f7dace4ee8bd28efff08cf166dd9e992ba4ec704010e258f38b61862259578a1ac7

Download Submit
C:\Windows\System\gOIzZou.exe

Filesize
2.0MB

MD5
1acb80292835b44003b3002be3a05438

SHA1
0ec81a7e884bab5444774a766b5bc57fb9a19f41

SHA256
fef8e952e1605f6ff9c9483618cf12b97f93827f810e1c687282c6ec5c252091

SHA512
672535703c165e17dd3d32d2a97070c443ec670f5280ab759deb293a22d0fb9cc701bb27ea99806ab784cc31004815211ca86f5b68200d21b040211238ae8439

Download Submit
C:\Windows\System\hpFxjkb.exe

Filesize
2.0MB

MD5
d82d18916665f90540f4d8a11366f727

SHA1
f751461473957698faccdc8275a00bbf4cc13f19

SHA256
f4c8b4859edd388dbe64d413ce4570c26deba7846e8a3eb1a3b1ef0275cac84f

SHA512
cc731e031a7ca16fb73535a945d8b4704692394a4a4ae983e20d383fc0f25228e94b1a935364f1bf4742443043e3b3648aca4f688b2981fa7c2418333028fddd

Download Submit
C:\Windows\System\kEDLCYo.exe

Filesize
2.0MB

MD5
7b1d66d334e7b6eb8a05d9e26264ca09

SHA1
252c1c2c8ff1f565837622e742db5f9ef7724fde

SHA256
ad865bed4987f168b526baac21d975e4fdb248e7e0658e614a80bcf87907ea44

SHA512
06a500c6b813a3c6b7736a086b3514b86dd6d07240a7ac3c16f0692e060be2a7c7b65b14e444885238898fb15f623deed0282b00102d2b7d8b13c96b925029b9

Download Submit
C:\Windows\System\ppbuNrK.exe

Filesize
2.0MB

MD5
0da2ebe26029c19307f6cb2777d62641

SHA1
e6cfb16677ddd7425267a45dd1ad5bdf2d57290f

SHA256
7894c0d61d55d5739ff30c2be7fb4fc9646b1929fe75b7ab6ba581f2da565687

SHA512
e420215eaf13c33dbf5232d45264c0ea9188446a6b11d7a3f18284cd3da22670955722373ba474056c02e610b03bb33eef257820797136ea36bafb41f1949bbc

Download Submit
C:\Windows\System\qqWeVsd.exe

Filesize
2.0MB

MD5
cc42b7fc1f01c53cfa7589cc39731396

SHA1
0f0886e3ff07ff764f0e484379f9baf6ba454e28

SHA256
7f995c60bd3a60d08890a87934b270a82d41935dcae34f425863f7a93998b704

SHA512
7449969908c5a67b13aa393753caddde51fd12374c3ca75b44708b8707e578339a076e1d56bb8b5dcaf66c471160952f526b4e4f7011a9a6e71dc40c751228da

Download Submit
C:\Windows\System\tAnUygY.exe

Filesize
2.0MB

MD5
71473ae6f3243d0243fe94235de1a950

SHA1
96ff13f7e1900977a02fe47e431db59a6c2eeb5a

SHA256
35e65533e0c323f0fc59410556a8c8e1d0f74e24e80070addb849cda1f49151a

SHA512
267840ea496f32d7ad916b14ffc42aed409ce26f95166d48c9a9551dd5a31504760599973f82d152eb8009ddbbb36cf538ae44146ce5896d33e63277d16c5b8c

Download Submit
C:\Windows\System\tDDXdsR.exe

Filesize
2.0MB

MD5
53d9aca430dfcdd6097a445ba2531d61

SHA1
dfea3a9f0f080fffd07a2e18ba82517ea59b89bc

SHA256
b3b24129f1f21450ecbd5301719beff14f23f0633777a13de98e47dc5f0f44fb

SHA512
949d2f5e3246d36ece3d7113cb9ec5635095a72f25c95b59054c5dd5ce232846eb3685ddb379b51d067d2376ac493255a756983d181ce37b4166ee24275d66c9

Download Submit
C:\Windows\System\tlDZvDF.exe

Filesize
2.0MB

MD5
6fbd08e3de081784b115c4e6ce1a51b5

SHA1
aeb228aa869c32d3ca116e295632db322e124f70

SHA256
7455d5dc516e075f340af2ad7ea5fd1f5e936e48826f470f449cd7249b04998e

SHA512
0b563790b72516cfb8bd87139b8af328fd8b5cbe92889311c0944f0cfa1db72aa26bb66012257690107ccc87e1e97fe5e6cc1c66a75b2943112c2cb1fff1fa6e

Download Submit
C:\Windows\System\tvOahMm.exe

Filesize
2.0MB

MD5
b58bed696edc9ce3cb6ba9c8d6719874

SHA1
15b465f9001c1d23ffc19d22ef1a4884633887a9

SHA256
f12ad18024954960ba065081175cc142220ada3e5ba8a49deb6ba296a85905f2

SHA512
defe8cfdc8af31f41cadf2f21bb518d20ff35e49368cd759c17e522541a6ec7186197d04a5691eafa59d5b7491c95ba8d534e0b1c641354f3ab170469360485f

Download Submit
memory/456-183-0x00007FF6C2DF0000-0x00007FF6C3144000-memory.dmp

Filesize
3.3MB

Download
memory/456-2325-0x00007FF6C2DF0000-0x00007FF6C3144000-memory.dmp

Filesize
3.3MB

Download
memory/624-2299-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/624-17-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/624-686-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/988-1394-0x00007FF6E17D0000-0x00007FF6E1B24000-memory.dmp

Filesize
3.3MB

Download
memory/988-166-0x00007FF6E17D0000-0x00007FF6E1B24000-memory.dmp

Filesize
3.3MB

Download
memory/988-2324-0x00007FF6E17D0000-0x00007FF6E1B24000-memory.dmp

Filesize
3.3MB

Download
memory/1288-140-0x00007FF60C890000-0x00007FF60CBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2322-0x00007FF60C890000-0x00007FF60CBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-42-0x00007FF6A0CB0000-0x00007FF6A1004000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2301-0x00007FF6A0CB0000-0x00007FF6A1004000-memory.dmp

Filesize
3.3MB

Download
memory/1604-2316-0x00007FF67A720000-0x00007FF67AA74000-memory.dmp

Filesize
3.3MB

Download
memory/1604-137-0x00007FF67A720000-0x00007FF67AA74000-memory.dmp

Filesize
3.3MB

Download
memory/1640-135-0x00007FF741000000-0x00007FF741354000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2313-0x00007FF741000000-0x00007FF741354000-memory.dmp

Filesize
3.3MB

Download
memory/1696-136-0x00007FF665B60000-0x00007FF665EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-2315-0x00007FF665B60000-0x00007FF665EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2317-0x00007FF633CD0000-0x00007FF634024000-memory.dmp

Filesize
3.3MB

Download
memory/2028-144-0x00007FF633CD0000-0x00007FF634024000-memory.dmp

Filesize
3.3MB

Download
memory/2176-105-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-2310-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-119-0x00007FF63C510000-0x00007FF63C864000-memory.dmp

Filesize
3.3MB

Download
memory/2472-2305-0x00007FF63C510000-0x00007FF63C864000-memory.dmp

Filesize
3.3MB

Download
memory/2560-689-0x00007FF734120000-0x00007FF734474000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2300-0x00007FF734120000-0x00007FF734474000-memory.dmp

Filesize
3.3MB

Download
memory/2560-18-0x00007FF734120000-0x00007FF734474000-memory.dmp

Filesize
3.3MB

Download
memory/3080-143-0x00007FF7B4990000-0x00007FF7B4CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3080-2308-0x00007FF7B4990000-0x00007FF7B4CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3116-146-0x00007FF6F4B50000-0x00007FF6F4EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3116-2318-0x00007FF6F4B50000-0x00007FF6F4EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3352-2311-0x00007FF7173B0000-0x00007FF717704000-memory.dmp

Filesize
3.3MB

Download
memory/3352-141-0x00007FF7173B0000-0x00007FF717704000-memory.dmp

Filesize
3.3MB

Download
memory/3500-1698-0x00007FF62C8B0000-0x00007FF62CC04000-memory.dmp

Filesize
3.3MB

Download
memory/3500-195-0x00007FF62C8B0000-0x00007FF62CC04000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2327-0x00007FF62C8B0000-0x00007FF62CC04000-memory.dmp

Filesize
3.3MB

Download
memory/3800-2307-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp

Filesize
3.3MB

Download
memory/3800-837-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp

Filesize
3.3MB

Download
memory/3800-72-0x00007FF6B36E0000-0x00007FF6B3A34000-memory.dmp

Filesize
3.3MB

Download
memory/4016-830-0x00007FF7E4EA0000-0x00007FF7E51F4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2303-0x00007FF7E4EA0000-0x00007FF7E51F4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-49-0x00007FF7E4EA0000-0x00007FF7E51F4000-memory.dmp

Filesize
3.3MB

Download
memory/4172-827-0x00007FF62FE40000-0x00007FF630194000-memory.dmp

Filesize
3.3MB

Download
memory/4172-31-0x00007FF62FE40000-0x00007FF630194000-memory.dmp

Filesize
3.3MB

Download
memory/4172-2304-0x00007FF62FE40000-0x00007FF630194000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2321-0x00007FF720790000-0x00007FF720AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4264-138-0x00007FF720790000-0x00007FF720AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4328-2323-0x00007FF75A7D0000-0x00007FF75AB24000-memory.dmp

Filesize
3.3MB

Download
memory/4328-157-0x00007FF75A7D0000-0x00007FF75AB24000-memory.dmp

Filesize
3.3MB

Download
memory/4328-1535-0x00007FF75A7D0000-0x00007FF75AB24000-memory.dmp

Filesize
3.3MB

Download
memory/4376-132-0x00007FF6A9950000-0x00007FF6A9CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4376-2312-0x00007FF6A9950000-0x00007FF6A9CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2320-0x00007FF79ACD0000-0x00007FF79B024000-memory.dmp

Filesize
3.3MB

Download
memory/4396-139-0x00007FF79ACD0000-0x00007FF79B024000-memory.dmp

Filesize
3.3MB

Download
memory/4452-177-0x00007FF76B430000-0x00007FF76B784000-memory.dmp

Filesize
3.3MB

Download
memory/4452-2326-0x00007FF76B430000-0x00007FF76B784000-memory.dmp

Filesize
3.3MB

Download
memory/4452-1396-0x00007FF76B430000-0x00007FF76B784000-memory.dmp

Filesize
3.3MB

Download
memory/4788-142-0x00007FF740CA0000-0x00007FF740FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2302-0x00007FF740CA0000-0x00007FF740FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2309-0x00007FF66EAB0000-0x00007FF66EE04000-memory.dmp

Filesize
3.3MB

Download
memory/4792-91-0x00007FF66EAB0000-0x00007FF66EE04000-memory.dmp

Filesize
3.3MB

Download
memory/4792-839-0x00007FF66EAB0000-0x00007FF66EE04000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2314-0x00007FF62AFB0000-0x00007FF62B304000-memory.dmp

Filesize
3.3MB

Download
memory/4860-129-0x00007FF62AFB0000-0x00007FF62B304000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2319-0x00007FF7610F0000-0x00007FF761444000-memory.dmp

Filesize
3.3MB

Download
memory/4984-145-0x00007FF7610F0000-0x00007FF761444000-memory.dmp

Filesize
3.3MB

Download
memory/4992-683-0x00007FF6B9010000-0x00007FF6B9364000-memory.dmp

Filesize
3.3MB

Download
memory/4992-0-0x00007FF6B9010000-0x00007FF6B9364000-memory.dmp

Filesize
3.3MB

Download
memory/4992-1-0x000001F6B1420000-0x000001F6B1430000-memory.dmp

Filesize
64KB

Download
memory/5020-104-0x00007FF67FCA0000-0x00007FF67FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2306-0x00007FF67FCA0000-0x00007FF67FFF4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads