xmrig | e4d061a0516ef88d676d590d7de5d63682a4749eb50b0d4f342d68bb87eed4aa

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1c2283482046c955bb499bb7ffc31f0N.exe
Size

690KB
MD5

b1c2283482046c955bb499bb7ffc31f0
SHA1

a4b1b421095fee5fbb7c461d27cc44cb93fa2451
SHA256

e4d061a0516ef88d676d590d7de5d63682a4749eb50b0d4f342d68bb87eed4aa
SHA512

b079d974e907343fedf14fd938eb985c6b5a3d95a16770feed4dbe3083cb08746e1e71f5025ead5f47a22a41e3a4cb568b652a630cc4ca9baf33de4e6abcb536
SSDEEP

12288:ISe8XYl3vWD8xCi7KZoqkatMLrJB0ajQVoHBdv5r1tgD:RVIl/WDGCi7/qkat6JEuHv5r1tgD

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/2716-104-0x00007FF60A280000-0x00007FF60A5D1000-memory.dmp	xmrig
behavioral2/memory/1532-111-0x00007FF666C00000-0x00007FF666F51000-memory.dmp	xmrig
behavioral2/memory/924-128-0x00007FF6C0DD0000-0x00007FF6C1121000-memory.dmp	xmrig
behavioral2/memory/2616-195-0x00007FF60C260000-0x00007FF60C5B1000-memory.dmp	xmrig
behavioral2/memory/4944-194-0x00007FF76B470000-0x00007FF76B7C1000-memory.dmp	xmrig
behavioral2/memory/2112-185-0x00007FF78F9D0000-0x00007FF78FD21000-memory.dmp	xmrig
behavioral2/memory/4004-178-0x00007FF614610000-0x00007FF614961000-memory.dmp	xmrig
behavioral2/memory/2996-171-0x00007FF7E48A0000-0x00007FF7E4BF1000-memory.dmp	xmrig
behavioral2/memory/1572-164-0x00007FF7FC010000-0x00007FF7FC361000-memory.dmp	xmrig
behavioral2/memory/1064-157-0x00007FF6C40B0000-0x00007FF6C4401000-memory.dmp	xmrig
behavioral2/memory/1740-156-0x00007FF6DD100000-0x00007FF6DD451000-memory.dmp	xmrig
behavioral2/memory/232-149-0x00007FF66E7A0000-0x00007FF66EAF1000-memory.dmp	xmrig
behavioral2/memory/4976-142-0x00007FF6874B0000-0x00007FF687801000-memory.dmp	xmrig
behavioral2/memory/776-141-0x00007FF667510000-0x00007FF667861000-memory.dmp	xmrig
behavioral2/memory/5052-139-0x00007FF6978F0000-0x00007FF697C41000-memory.dmp	xmrig
behavioral2/memory/3320-133-0x00007FF6E0DF0000-0x00007FF6E1141000-memory.dmp	xmrig
behavioral2/memory/4604-127-0x00007FF6B1BB0000-0x00007FF6B1F01000-memory.dmp	xmrig
behavioral2/memory/3932-116-0x00007FF70DAA0000-0x00007FF70DDF1000-memory.dmp	xmrig
behavioral2/memory/1796-103-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp	xmrig
behavioral2/memory/1964-92-0x00007FF6C63B0000-0x00007FF6C6701000-memory.dmp	xmrig
behavioral2/memory/760-44-0x00007FF7046F0000-0x00007FF704A41000-memory.dmp	xmrig
behavioral2/memory/1796-12-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp	xmrig
behavioral2/memory/2380-887-0x00007FF70D850000-0x00007FF70DBA1000-memory.dmp	xmrig
behavioral2/memory/1660-891-0x00007FF6F4A50000-0x00007FF6F4DA1000-memory.dmp	xmrig
behavioral2/memory/1952-1725-0x00007FF78A000000-0x00007FF78A351000-memory.dmp	xmrig
behavioral2/memory/4044-1881-0x00007FF6D5CB0000-0x00007FF6D6001000-memory.dmp	xmrig
behavioral2/memory/2392-2035-0x00007FF6DF0E0000-0x00007FF6DF431000-memory.dmp	xmrig
behavioral2/memory/4016-2198-0x00007FF647040000-0x00007FF647391000-memory.dmp	xmrig
behavioral2/memory/1796-2406-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp	xmrig
behavioral2/memory/2716-2408-0x00007FF60A280000-0x00007FF60A5D1000-memory.dmp	xmrig
behavioral2/memory/1532-2410-0x00007FF666C00000-0x00007FF666F51000-memory.dmp	xmrig
behavioral2/memory/3932-2416-0x00007FF70DAA0000-0x00007FF70DDF1000-memory.dmp	xmrig
behavioral2/memory/760-2414-0x00007FF7046F0000-0x00007FF704A41000-memory.dmp	xmrig
behavioral2/memory/4604-2412-0x00007FF6B1BB0000-0x00007FF6B1F01000-memory.dmp	xmrig
behavioral2/memory/924-2418-0x00007FF6C0DD0000-0x00007FF6C1121000-memory.dmp	xmrig
behavioral2/memory/776-2454-0x00007FF667510000-0x00007FF667861000-memory.dmp	xmrig
behavioral2/memory/2616-2466-0x00007FF60C260000-0x00007FF60C5B1000-memory.dmp	xmrig
behavioral2/memory/1952-2472-0x00007FF78A000000-0x00007FF78A351000-memory.dmp	xmrig
behavioral2/memory/1660-2470-0x00007FF6F4A50000-0x00007FF6F4DA1000-memory.dmp	xmrig
behavioral2/memory/2380-2468-0x00007FF70D850000-0x00007FF70DBA1000-memory.dmp	xmrig
behavioral2/memory/4944-2464-0x00007FF76B470000-0x00007FF76B7C1000-memory.dmp	xmrig
behavioral2/memory/2112-2462-0x00007FF78F9D0000-0x00007FF78FD21000-memory.dmp	xmrig
behavioral2/memory/4004-2460-0x00007FF614610000-0x00007FF614961000-memory.dmp	xmrig
behavioral2/memory/2996-2458-0x00007FF7E48A0000-0x00007FF7E4BF1000-memory.dmp	xmrig
behavioral2/memory/1572-2456-0x00007FF7FC010000-0x00007FF7FC361000-memory.dmp	xmrig
behavioral2/memory/232-2450-0x00007FF66E7A0000-0x00007FF66EAF1000-memory.dmp	xmrig
behavioral2/memory/4976-2448-0x00007FF6874B0000-0x00007FF687801000-memory.dmp	xmrig
behavioral2/memory/5052-2446-0x00007FF6978F0000-0x00007FF697C41000-memory.dmp	xmrig
behavioral2/memory/1064-2445-0x00007FF6C40B0000-0x00007FF6C4401000-memory.dmp	xmrig
behavioral2/memory/1740-2452-0x00007FF6DD100000-0x00007FF6DD451000-memory.dmp	xmrig
behavioral2/memory/3320-2420-0x00007FF6E0DF0000-0x00007FF6E1141000-memory.dmp	xmrig
behavioral2/memory/4044-2499-0x00007FF6D5CB0000-0x00007FF6D6001000-memory.dmp	xmrig
behavioral2/memory/2848-2516-0x00007FF66E5B0000-0x00007FF66E901000-memory.dmp	xmrig
behavioral2/memory/2464-2514-0x00007FF702800000-0x00007FF702B51000-memory.dmp	xmrig
behavioral2/memory/3752-2512-0x00007FF615A60000-0x00007FF615DB1000-memory.dmp	xmrig
behavioral2/memory/2392-2506-0x00007FF6DF0E0000-0x00007FF6DF431000-memory.dmp	xmrig
behavioral2/memory/4016-2503-0x00007FF647040000-0x00007FF647391000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1796	GfYFUAW.exe
2716	zOWAtqN.exe
1532	LyycmoS.exe
3932	SoktgQS.exe
760	TYSzZTR.exe
4604	sawGqMo.exe
924	JnqTqJR.exe
3320	pwYOYvZ.exe
4976	FlbdmnA.exe
776	qUyogIk.exe
1740	AtJoQUP.exe
5052	nYMyfDR.exe
232	coCGvye.exe
1064	vCjicVu.exe
1572	BJbFyIG.exe
2996	qCyrbzA.exe
4004	bAhgsgk.exe
2112	ZMySAtk.exe
4944	cXMxSIt.exe
2616	xfeFBTS.exe
2380	tluAEpv.exe
1660	ywvfAcm.exe
1952	hFSSrnV.exe
4044	pNFGpfu.exe
2392	PglvKyw.exe
4016	xtIHspg.exe
2848	NyKlOdB.exe
2464	wfmFYCk.exe
3752	iAlENDs.exe
892	toxSqyL.exe
2408	QsxkqyZ.exe
1484	bAaLGxF.exe
2676	CYlKqDN.exe
1644	LGystXO.exe
5072	QGFXaTl.exe
3676	BaBlANM.exe
4536	YLaPcCS.exe
4940	tsYZsXO.exe
3636	MLNYgkA.exe
3860	NugfNnE.exe
5028	MJFaCFv.exe
4060	YyZByfn.exe
2944	VfkZKPY.exe
464	rEDcDic.exe
1448	IRhRKaD.exe
4904	GYPWXkH.exe
4200	JmIPcJf.exe
1956	UfcYqVb.exe
5116	QXAEIFD.exe
3152	wGmCrBg.exe
772	MfbRiig.exe
1700	twNwvrF.exe
4448	XwdFGYj.exe
4916	vJYEANw.exe
4132	IZKIUEk.exe
4552	XJRoBCJ.exe
1744	hGWzSzW.exe
3724	QyaMMrl.exe
3440	fPffxzo.exe
4960	EujZsIO.exe
2972	AQoHsak.exe
4804	ejxLPWQ.exe
3928	hzXwqlm.exe
5032	aNPSkfm.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1964-0-0x00007FF6C63B0000-0x00007FF6C6701000-memory.dmp	upx
behavioral2/files/0x00070000000234a4-8.dat	upx
behavioral2/files/0x00070000000234a5-7.dat	upx
behavioral2/files/0x0009000000023446-5.dat	upx
behavioral2/memory/1532-25-0x00007FF666C00000-0x00007FF666F51000-memory.dmp	upx
behavioral2/files/0x00070000000234a8-28.dat	upx
behavioral2/files/0x00070000000234a6-35.dat	upx
behavioral2/files/0x00070000000234ab-52.dat	upx
behavioral2/files/0x00070000000234aa-62.dat	upx
behavioral2/files/0x00070000000234ad-76.dat	upx
behavioral2/files/0x00070000000234b0-90.dat	upx
behavioral2/memory/2716-104-0x00007FF60A280000-0x00007FF60A5D1000-memory.dmp	upx
behavioral2/memory/1532-111-0x00007FF666C00000-0x00007FF666F51000-memory.dmp	upx
behavioral2/files/0x00070000000234b4-118.dat	upx
behavioral2/memory/924-128-0x00007FF6C0DD0000-0x00007FF6C1121000-memory.dmp	upx
behavioral2/memory/2380-140-0x00007FF70D850000-0x00007FF70DBA1000-memory.dmp	upx
behavioral2/files/0x00070000000234ba-165.dat	upx
behavioral2/memory/2616-195-0x00007FF60C260000-0x00007FF60C5B1000-memory.dmp	upx
behavioral2/files/0x00070000000234c3-212.dat	upx
behavioral2/files/0x00070000000234c1-210.dat	upx
behavioral2/files/0x00070000000234c2-207.dat	upx
behavioral2/files/0x00070000000234c0-205.dat	upx
behavioral2/files/0x00070000000234bf-200.dat	upx
behavioral2/memory/3752-199-0x00007FF615A60000-0x00007FF615DB1000-memory.dmp	upx
behavioral2/memory/4944-194-0x00007FF76B470000-0x00007FF76B7C1000-memory.dmp	upx
behavioral2/files/0x00070000000234be-192.dat	upx
behavioral2/files/0x00070000000234bd-187.dat	upx
behavioral2/memory/2464-186-0x00007FF702800000-0x00007FF702B51000-memory.dmp	upx
behavioral2/memory/2112-185-0x00007FF78F9D0000-0x00007FF78FD21000-memory.dmp	upx
behavioral2/files/0x00070000000234bc-180.dat	upx
behavioral2/memory/2848-179-0x00007FF66E5B0000-0x00007FF66E901000-memory.dmp	upx
behavioral2/memory/4004-178-0x00007FF614610000-0x00007FF614961000-memory.dmp	upx
behavioral2/memory/4016-177-0x00007FF647040000-0x00007FF647391000-memory.dmp	upx
behavioral2/files/0x00070000000234bb-172.dat	upx
behavioral2/memory/2996-171-0x00007FF7E48A0000-0x00007FF7E4BF1000-memory.dmp	upx
behavioral2/memory/2392-170-0x00007FF6DF0E0000-0x00007FF6DF431000-memory.dmp	upx
behavioral2/memory/1572-164-0x00007FF7FC010000-0x00007FF7FC361000-memory.dmp	upx
behavioral2/memory/4044-163-0x00007FF6D5CB0000-0x00007FF6D6001000-memory.dmp	upx
behavioral2/files/0x00070000000234b9-158.dat	upx
behavioral2/memory/1064-157-0x00007FF6C40B0000-0x00007FF6C4401000-memory.dmp	upx
behavioral2/memory/1740-156-0x00007FF6DD100000-0x00007FF6DD451000-memory.dmp	upx
behavioral2/memory/1952-155-0x00007FF78A000000-0x00007FF78A351000-memory.dmp	upx
behavioral2/files/0x00070000000234b8-150.dat	upx
behavioral2/memory/232-149-0x00007FF66E7A0000-0x00007FF66EAF1000-memory.dmp	upx
behavioral2/memory/1660-148-0x00007FF6F4A50000-0x00007FF6F4DA1000-memory.dmp	upx
behavioral2/files/0x00070000000234b7-143.dat	upx
behavioral2/memory/4976-142-0x00007FF6874B0000-0x00007FF687801000-memory.dmp	upx
behavioral2/memory/776-141-0x00007FF667510000-0x00007FF667861000-memory.dmp	upx
behavioral2/memory/5052-139-0x00007FF6978F0000-0x00007FF697C41000-memory.dmp	upx
behavioral2/files/0x00070000000234b6-134.dat	upx
behavioral2/memory/3320-133-0x00007FF6E0DF0000-0x00007FF6E1141000-memory.dmp	upx
behavioral2/memory/2616-132-0x00007FF60C260000-0x00007FF60C5B1000-memory.dmp	upx
behavioral2/memory/4604-127-0x00007FF6B1BB0000-0x00007FF6B1F01000-memory.dmp	upx
behavioral2/files/0x00070000000234b5-122.dat	upx
behavioral2/memory/4944-117-0x00007FF76B470000-0x00007FF76B7C1000-memory.dmp	upx
behavioral2/memory/3932-116-0x00007FF70DAA0000-0x00007FF70DDF1000-memory.dmp	upx
behavioral2/memory/2112-115-0x00007FF78F9D0000-0x00007FF78FD21000-memory.dmp	upx
behavioral2/files/0x00070000000234b3-112.dat	upx
behavioral2/memory/4004-110-0x00007FF614610000-0x00007FF614961000-memory.dmp	upx
behavioral2/files/0x00070000000234b2-105.dat	upx
behavioral2/memory/1796-103-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp	upx
behavioral2/files/0x00070000000234b1-98.dat	upx
behavioral2/memory/2996-97-0x00007FF7E48A0000-0x00007FF7E4BF1000-memory.dmp	upx
behavioral2/memory/1572-96-0x00007FF7FC010000-0x00007FF7FC361000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LGystXO.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\farcOfR.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\MZCVmLt.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\ZCdCfkk.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\TtaeKUF.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\hhQnnxX.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\YHODWpn.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\hbfSNER.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\Stqelhp.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\yUKjblH.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\CnGRNLm.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\hVlWpxs.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\cJhTWht.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\qCyrbzA.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\cKTmOqc.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\xdxKHNY.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\CRzYPya.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\MEaGTNP.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\PXcpKle.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\oChrCLu.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\zmkHoDu.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\mhvZKrz.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\PbsPted.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\tluAEpv.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\qCmfjFg.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\fDVDbIS.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\tmvTOaL.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\ZMySAtk.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\JWSsTaK.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\iJtLURN.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\vCjicVu.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\errUOPH.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\qyqEfKc.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\yhfPffX.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\FYJvpbZ.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\wEOyJtb.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\VKuPzRq.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\EtlrkLD.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\BJbFyIG.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\uhQcCqa.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\zqzehNT.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\LHFyYqW.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\SoQcWjF.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\WzNXZXa.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\OglDBsq.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\pNFGpfu.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\YLaPcCS.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\jclDXiT.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\NyKlOdB.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\crHEloh.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\ZaKCVkQ.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\szyeVeJ.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\BLBOpKJ.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\CfzOCCG.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\wwfVyEM.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\XEgQzGC.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\kdErIsG.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\vZcCHyx.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\bAaLGxF.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\BWjNkAF.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\BsbxLvl.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\sbpmemI.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\vLDwfPG.exe	b1c2283482046c955bb499bb7ffc31f0N.exe
File created	C:\Windows\System\KVhKMst.exe	b1c2283482046c955bb499bb7ffc31f0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13544	dwm.exe
Token: SeChangeNotifyPrivilege	13544	dwm.exe
Token: 33	13544	dwm.exe
Token: SeIncBasePriorityPrivilege	13544	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1796	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	85
PID 1964 wrote to memory of 1796	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	85
PID 1964 wrote to memory of 2716	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	86
PID 1964 wrote to memory of 2716	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	86
PID 1964 wrote to memory of 1532	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	87
PID 1964 wrote to memory of 1532	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	87
PID 1964 wrote to memory of 3932	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	88
PID 1964 wrote to memory of 3932	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	88
PID 1964 wrote to memory of 760	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	89
PID 1964 wrote to memory of 760	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	89
PID 1964 wrote to memory of 4604	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	90
PID 1964 wrote to memory of 4604	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	90
PID 1964 wrote to memory of 924	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	91
PID 1964 wrote to memory of 924	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	91
PID 1964 wrote to memory of 3320	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	92
PID 1964 wrote to memory of 3320	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	92
PID 1964 wrote to memory of 4976	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	93
PID 1964 wrote to memory of 4976	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	93
PID 1964 wrote to memory of 776	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	94
PID 1964 wrote to memory of 776	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	94
PID 1964 wrote to memory of 1740	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	95
PID 1964 wrote to memory of 1740	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	95
PID 1964 wrote to memory of 5052	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	96
PID 1964 wrote to memory of 5052	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	96
PID 1964 wrote to memory of 232	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	97
PID 1964 wrote to memory of 232	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	97
PID 1964 wrote to memory of 1064	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	98
PID 1964 wrote to memory of 1064	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	98
PID 1964 wrote to memory of 1572	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	99
PID 1964 wrote to memory of 1572	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	99
PID 1964 wrote to memory of 2996	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	100
PID 1964 wrote to memory of 2996	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	100
PID 1964 wrote to memory of 4004	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	101
PID 1964 wrote to memory of 4004	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	101
PID 1964 wrote to memory of 2112	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	102
PID 1964 wrote to memory of 2112	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	102
PID 1964 wrote to memory of 4944	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	103
PID 1964 wrote to memory of 4944	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	103
PID 1964 wrote to memory of 2616	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	104
PID 1964 wrote to memory of 2616	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	104
PID 1964 wrote to memory of 2380	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	105
PID 1964 wrote to memory of 2380	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	105
PID 1964 wrote to memory of 1660	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	106
PID 1964 wrote to memory of 1660	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	106
PID 1964 wrote to memory of 1952	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	107
PID 1964 wrote to memory of 1952	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	107
PID 1964 wrote to memory of 4044	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	108
PID 1964 wrote to memory of 4044	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	108
PID 1964 wrote to memory of 2392	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	109
PID 1964 wrote to memory of 2392	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	109
PID 1964 wrote to memory of 4016	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	110
PID 1964 wrote to memory of 4016	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	110
PID 1964 wrote to memory of 2848	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	111
PID 1964 wrote to memory of 2848	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	111
PID 1964 wrote to memory of 2464	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	112
PID 1964 wrote to memory of 2464	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	112
PID 1964 wrote to memory of 3752	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	113
PID 1964 wrote to memory of 3752	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	113
PID 1964 wrote to memory of 892	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	114
PID 1964 wrote to memory of 892	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	114
PID 1964 wrote to memory of 2408	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	115
PID 1964 wrote to memory of 2408	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	115
PID 1964 wrote to memory of 1484	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	116
PID 1964 wrote to memory of 1484	1964	b1c2283482046c955bb499bb7ffc31f0N.exe	116

C:\Users\Admin\AppData\Local\Temp\b1c2283482046c955bb499bb7ffc31f0N.exe
"C:\Users\Admin\AppData\Local\Temp\b1c2283482046c955bb499bb7ffc31f0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\System\GfYFUAW.exe
  C:\Windows\System\GfYFUAW.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\zOWAtqN.exe
  C:\Windows\System\zOWAtqN.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\LyycmoS.exe
  C:\Windows\System\LyycmoS.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\SoktgQS.exe
  C:\Windows\System\SoktgQS.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\TYSzZTR.exe
  C:\Windows\System\TYSzZTR.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\sawGqMo.exe
  C:\Windows\System\sawGqMo.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\JnqTqJR.exe
  C:\Windows\System\JnqTqJR.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\pwYOYvZ.exe
  C:\Windows\System\pwYOYvZ.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\FlbdmnA.exe
  C:\Windows\System\FlbdmnA.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\qUyogIk.exe
  C:\Windows\System\qUyogIk.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\AtJoQUP.exe
  C:\Windows\System\AtJoQUP.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\nYMyfDR.exe
  C:\Windows\System\nYMyfDR.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\coCGvye.exe
  C:\Windows\System\coCGvye.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\vCjicVu.exe
  C:\Windows\System\vCjicVu.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\BJbFyIG.exe
  C:\Windows\System\BJbFyIG.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\qCyrbzA.exe
  C:\Windows\System\qCyrbzA.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\bAhgsgk.exe
  C:\Windows\System\bAhgsgk.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\ZMySAtk.exe
  C:\Windows\System\ZMySAtk.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\cXMxSIt.exe
  C:\Windows\System\cXMxSIt.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\xfeFBTS.exe
  C:\Windows\System\xfeFBTS.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\tluAEpv.exe
  C:\Windows\System\tluAEpv.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ywvfAcm.exe
  C:\Windows\System\ywvfAcm.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\hFSSrnV.exe
  C:\Windows\System\hFSSrnV.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\pNFGpfu.exe
  C:\Windows\System\pNFGpfu.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\PglvKyw.exe
  C:\Windows\System\PglvKyw.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\xtIHspg.exe
  C:\Windows\System\xtIHspg.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\NyKlOdB.exe
  C:\Windows\System\NyKlOdB.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\wfmFYCk.exe
  C:\Windows\System\wfmFYCk.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\iAlENDs.exe
  C:\Windows\System\iAlENDs.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\toxSqyL.exe
  C:\Windows\System\toxSqyL.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\QsxkqyZ.exe
  C:\Windows\System\QsxkqyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\bAaLGxF.exe
  C:\Windows\System\bAaLGxF.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\CYlKqDN.exe
  C:\Windows\System\CYlKqDN.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\LGystXO.exe
  C:\Windows\System\LGystXO.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\QGFXaTl.exe
  C:\Windows\System\QGFXaTl.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\BaBlANM.exe
  C:\Windows\System\BaBlANM.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\YLaPcCS.exe
  C:\Windows\System\YLaPcCS.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\tsYZsXO.exe
  C:\Windows\System\tsYZsXO.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\MLNYgkA.exe
  C:\Windows\System\MLNYgkA.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\NugfNnE.exe
  C:\Windows\System\NugfNnE.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\MJFaCFv.exe
  C:\Windows\System\MJFaCFv.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\YyZByfn.exe
  C:\Windows\System\YyZByfn.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\VfkZKPY.exe
  C:\Windows\System\VfkZKPY.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\rEDcDic.exe
  C:\Windows\System\rEDcDic.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\IRhRKaD.exe
  C:\Windows\System\IRhRKaD.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\GYPWXkH.exe
  C:\Windows\System\GYPWXkH.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\JmIPcJf.exe
  C:\Windows\System\JmIPcJf.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\UfcYqVb.exe
  C:\Windows\System\UfcYqVb.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\QXAEIFD.exe
  C:\Windows\System\QXAEIFD.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\wGmCrBg.exe
  C:\Windows\System\wGmCrBg.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\MfbRiig.exe
  C:\Windows\System\MfbRiig.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\twNwvrF.exe
  C:\Windows\System\twNwvrF.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\XwdFGYj.exe
  C:\Windows\System\XwdFGYj.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\vJYEANw.exe
  C:\Windows\System\vJYEANw.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\IZKIUEk.exe
  C:\Windows\System\IZKIUEk.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\XJRoBCJ.exe
  C:\Windows\System\XJRoBCJ.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\hGWzSzW.exe
  C:\Windows\System\hGWzSzW.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\QyaMMrl.exe
  C:\Windows\System\QyaMMrl.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\fPffxzo.exe
  C:\Windows\System\fPffxzo.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\EujZsIO.exe
  C:\Windows\System\EujZsIO.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\AQoHsak.exe
  C:\Windows\System\AQoHsak.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ejxLPWQ.exe
  C:\Windows\System\ejxLPWQ.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\hzXwqlm.exe
  C:\Windows\System\hzXwqlm.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\aNPSkfm.exe
  C:\Windows\System\aNPSkfm.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\IemgBFt.exe
  C:\Windows\System\IemgBFt.exe
  2⤵
  PID:2404
- C:\Windows\System\EgWawwP.exe
  C:\Windows\System\EgWawwP.exe
  2⤵
  PID:3260
- C:\Windows\System\ddULBQM.exe
  C:\Windows\System\ddULBQM.exe
  2⤵
  PID:3040
- C:\Windows\System\xSonkgg.exe
  C:\Windows\System\xSonkgg.exe
  2⤵
  PID:1916
- C:\Windows\System\ADOzSOk.exe
  C:\Windows\System\ADOzSOk.exe
  2⤵
  PID:3296
- C:\Windows\System\ksORSIF.exe
  C:\Windows\System\ksORSIF.exe
  2⤵
  PID:2076
- C:\Windows\System\DkJhjiP.exe
  C:\Windows\System\DkJhjiP.exe
  2⤵
  PID:4380
- C:\Windows\System\oTOsOcF.exe
  C:\Windows\System\oTOsOcF.exe
  2⤵
  PID:4908
- C:\Windows\System\XHOhDKI.exe
  C:\Windows\System\XHOhDKI.exe
  2⤵
  PID:4592
- C:\Windows\System\gXCYstS.exe
  C:\Windows\System\gXCYstS.exe
  2⤵
  PID:4360
- C:\Windows\System\ynCzFgX.exe
  C:\Windows\System\ynCzFgX.exe
  2⤵
  PID:4040
- C:\Windows\System\FSmmaGL.exe
  C:\Windows\System\FSmmaGL.exe
  2⤵
  PID:5016
- C:\Windows\System\NaRxoAT.exe
  C:\Windows\System\NaRxoAT.exe
  2⤵
  PID:3480
- C:\Windows\System\NJCUoyG.exe
  C:\Windows\System\NJCUoyG.exe
  2⤵
  PID:4468
- C:\Windows\System\JaiwZOT.exe
  C:\Windows\System\JaiwZOT.exe
  2⤵
  PID:2472
- C:\Windows\System\gATkpeh.exe
  C:\Windows\System\gATkpeh.exe
  2⤵
  PID:5128
- C:\Windows\System\hvDqiEN.exe
  C:\Windows\System\hvDqiEN.exe
  2⤵
  PID:5156
- C:\Windows\System\QFUOzaG.exe
  C:\Windows\System\QFUOzaG.exe
  2⤵
  PID:5188
- C:\Windows\System\yPZlvtw.exe
  C:\Windows\System\yPZlvtw.exe
  2⤵
  PID:5216
- C:\Windows\System\NeMXsoA.exe
  C:\Windows\System\NeMXsoA.exe
  2⤵
  PID:5240
- C:\Windows\System\CnGRNLm.exe
  C:\Windows\System\CnGRNLm.exe
  2⤵
  PID:5272
- C:\Windows\System\JZhxKLM.exe
  C:\Windows\System\JZhxKLM.exe
  2⤵
  PID:5296
- C:\Windows\System\DFufGdp.exe
  C:\Windows\System\DFufGdp.exe
  2⤵
  PID:5324
- C:\Windows\System\WglwgAe.exe
  C:\Windows\System\WglwgAe.exe
  2⤵
  PID:5356
- C:\Windows\System\VlxCedb.exe
  C:\Windows\System\VlxCedb.exe
  2⤵
  PID:5380
- C:\Windows\System\KxzaRTj.exe
  C:\Windows\System\KxzaRTj.exe
  2⤵
  PID:5408
- C:\Windows\System\GJqfAqD.exe
  C:\Windows\System\GJqfAqD.exe
  2⤵
  PID:5440
- C:\Windows\System\vNEAixt.exe
  C:\Windows\System\vNEAixt.exe
  2⤵
  PID:5464
- C:\Windows\System\YtqJntS.exe
  C:\Windows\System\YtqJntS.exe
  2⤵
  PID:5500
- C:\Windows\System\zTfcEoO.exe
  C:\Windows\System\zTfcEoO.exe
  2⤵
  PID:5524
- C:\Windows\System\HvDlPjv.exe
  C:\Windows\System\HvDlPjv.exe
  2⤵
  PID:5560
- C:\Windows\System\NjkFgLO.exe
  C:\Windows\System\NjkFgLO.exe
  2⤵
  PID:5580
- C:\Windows\System\RjQYEFe.exe
  C:\Windows\System\RjQYEFe.exe
  2⤵
  PID:5608
- C:\Windows\System\dQTlKLj.exe
  C:\Windows\System\dQTlKLj.exe
  2⤵
  PID:5632
- C:\Windows\System\zOLdkUN.exe
  C:\Windows\System\zOLdkUN.exe
  2⤵
  PID:5660
- C:\Windows\System\ksuyUFM.exe
  C:\Windows\System\ksuyUFM.exe
  2⤵
  PID:5688
- C:\Windows\System\YMlYpJV.exe
  C:\Windows\System\YMlYpJV.exe
  2⤵
  PID:5716
- C:\Windows\System\VaSbljw.exe
  C:\Windows\System\VaSbljw.exe
  2⤵
  PID:5744
- C:\Windows\System\EhWGkot.exe
  C:\Windows\System\EhWGkot.exe
  2⤵
  PID:5772
- C:\Windows\System\KuvJhir.exe
  C:\Windows\System\KuvJhir.exe
  2⤵
  PID:5804
- C:\Windows\System\AAXqOnq.exe
  C:\Windows\System\AAXqOnq.exe
  2⤵
  PID:5828
- C:\Windows\System\BAlKXXR.exe
  C:\Windows\System\BAlKXXR.exe
  2⤵
  PID:5856
- C:\Windows\System\bpJlqzx.exe
  C:\Windows\System\bpJlqzx.exe
  2⤵
  PID:5888
- C:\Windows\System\AMPkpYq.exe
  C:\Windows\System\AMPkpYq.exe
  2⤵
  PID:5916
- C:\Windows\System\RQVGFWv.exe
  C:\Windows\System\RQVGFWv.exe
  2⤵
  PID:5948
- C:\Windows\System\bJIJrgT.exe
  C:\Windows\System\bJIJrgT.exe
  2⤵
  PID:5972
- C:\Windows\System\genAYbJ.exe
  C:\Windows\System\genAYbJ.exe
  2⤵
  PID:6004
- C:\Windows\System\xvXSkUc.exe
  C:\Windows\System\xvXSkUc.exe
  2⤵
  PID:6028
- C:\Windows\System\JWSsTaK.exe
  C:\Windows\System\JWSsTaK.exe
  2⤵
  PID:6052
- C:\Windows\System\kUpSoJl.exe
  C:\Windows\System\kUpSoJl.exe
  2⤵
  PID:6084
- C:\Windows\System\jrqsOuK.exe
  C:\Windows\System\jrqsOuK.exe
  2⤵
  PID:6112
- C:\Windows\System\WXbuTNx.exe
  C:\Windows\System\WXbuTNx.exe
  2⤵
  PID:6140
- C:\Windows\System\bBtITuZ.exe
  C:\Windows\System\bBtITuZ.exe
  2⤵
  PID:4860
- C:\Windows\System\epesHtc.exe
  C:\Windows\System\epesHtc.exe
  2⤵
  PID:3748
- C:\Windows\System\oIQgewk.exe
  C:\Windows\System\oIQgewk.exe
  2⤵
  PID:2820
- C:\Windows\System\NFuZKlL.exe
  C:\Windows\System\NFuZKlL.exe
  2⤵
  PID:1436
- C:\Windows\System\hVlWpxs.exe
  C:\Windows\System\hVlWpxs.exe
  2⤵
  PID:3712
- C:\Windows\System\XRktJYc.exe
  C:\Windows\System\XRktJYc.exe
  2⤵
  PID:3836
- C:\Windows\System\TRrGfAi.exe
  C:\Windows\System\TRrGfAi.exe
  2⤵
  PID:5172
- C:\Windows\System\leIZVKG.exe
  C:\Windows\System\leIZVKG.exe
  2⤵
  PID:5228
- C:\Windows\System\jHSLneA.exe
  C:\Windows\System\jHSLneA.exe
  2⤵
  PID:5288
- C:\Windows\System\aUOFdSz.exe
  C:\Windows\System\aUOFdSz.exe
  2⤵
  PID:5348
- C:\Windows\System\buZAYrN.exe
  C:\Windows\System\buZAYrN.exe
  2⤵
  PID:5396
- C:\Windows\System\jHQhtRX.exe
  C:\Windows\System\jHQhtRX.exe
  2⤵
  PID:5460
- C:\Windows\System\fhRNojw.exe
  C:\Windows\System\fhRNojw.exe
  2⤵
  PID:5516
- C:\Windows\System\wCJqaVC.exe
  C:\Windows\System\wCJqaVC.exe
  2⤵
  PID:5544
- C:\Windows\System\uRktdXW.exe
  C:\Windows\System\uRktdXW.exe
  2⤵
  PID:5620
- C:\Windows\System\hIPXpgp.exe
  C:\Windows\System\hIPXpgp.exe
  2⤵
  PID:5676
- C:\Windows\System\PbsZvtB.exe
  C:\Windows\System\PbsZvtB.exe
  2⤵
  PID:5712
- C:\Windows\System\ctZVxVF.exe
  C:\Windows\System\ctZVxVF.exe
  2⤵
  PID:5768
- C:\Windows\System\pItDNUg.exe
  C:\Windows\System\pItDNUg.exe
  2⤵
  PID:5816
- C:\Windows\System\SITaZRG.exe
  C:\Windows\System\SITaZRG.exe
  2⤵
  PID:1900
- C:\Windows\System\IQTNDvL.exe
  C:\Windows\System\IQTNDvL.exe
  2⤵
  PID:5908
- C:\Windows\System\AhKmhVF.exe
  C:\Windows\System\AhKmhVF.exe
  2⤵
  PID:392
- C:\Windows\System\frTIeLJ.exe
  C:\Windows\System\frTIeLJ.exe
  2⤵
  PID:5988
- C:\Windows\System\InlXEvF.exe
  C:\Windows\System\InlXEvF.exe
  2⤵
  PID:6072
- C:\Windows\System\vhTqyOu.exe
  C:\Windows\System\vhTqyOu.exe
  2⤵
  PID:6128
- C:\Windows\System\zENYCpN.exe
  C:\Windows\System\zENYCpN.exe
  2⤵
  PID:4056
- C:\Windows\System\wGpguZe.exe
  C:\Windows\System\wGpguZe.exe
  2⤵
  PID:1576
- C:\Windows\System\UCuHbKg.exe
  C:\Windows\System\UCuHbKg.exe
  2⤵
  PID:5124
- C:\Windows\System\yVCJLpJ.exe
  C:\Windows\System\yVCJLpJ.exe
  2⤵
  PID:5284
- C:\Windows\System\izJJOUV.exe
  C:\Windows\System\izJJOUV.exe
  2⤵
  PID:5428
- C:\Windows\System\DAZTZbZ.exe
  C:\Windows\System\DAZTZbZ.exe
  2⤵
  PID:5536
- C:\Windows\System\GhTLZCc.exe
  C:\Windows\System\GhTLZCc.exe
  2⤵
  PID:5656
- C:\Windows\System\KOWBhEd.exe
  C:\Windows\System\KOWBhEd.exe
  2⤵
  PID:5764
- C:\Windows\System\ESHTqoa.exe
  C:\Windows\System\ESHTqoa.exe
  2⤵
  PID:5876
- C:\Windows\System\lZqwjQZ.exe
  C:\Windows\System\lZqwjQZ.exe
  2⤵
  PID:5984
- C:\Windows\System\BYQQbNM.exe
  C:\Windows\System\BYQQbNM.exe
  2⤵
  PID:2072
- C:\Windows\System\rWuaUiA.exe
  C:\Windows\System\rWuaUiA.exe
  2⤵
  PID:3068
- C:\Windows\System\UamQvkU.exe
  C:\Windows\System\UamQvkU.exe
  2⤵
  PID:5376
- C:\Windows\System\appUCqO.exe
  C:\Windows\System\appUCqO.exe
  2⤵
  PID:412
- C:\Windows\System\VefQKXx.exe
  C:\Windows\System\VefQKXx.exe
  2⤵
  PID:6172
- C:\Windows\System\YopdsnV.exe
  C:\Windows\System\YopdsnV.exe
  2⤵
  PID:6208
- C:\Windows\System\WqPOFfQ.exe
  C:\Windows\System\WqPOFfQ.exe
  2⤵
  PID:6228
- C:\Windows\System\JDSXJhg.exe
  C:\Windows\System\JDSXJhg.exe
  2⤵
  PID:6252
- C:\Windows\System\dswWRRT.exe
  C:\Windows\System\dswWRRT.exe
  2⤵
  PID:6288
- C:\Windows\System\zmkHoDu.exe
  C:\Windows\System\zmkHoDu.exe
  2⤵
  PID:6312
- C:\Windows\System\GTcJKGM.exe
  C:\Windows\System\GTcJKGM.exe
  2⤵
  PID:6344
- C:\Windows\System\hGdiFFi.exe
  C:\Windows\System\hGdiFFi.exe
  2⤵
  PID:6368
- C:\Windows\System\celIPSH.exe
  C:\Windows\System\celIPSH.exe
  2⤵
  PID:6400
- C:\Windows\System\mwLUjgC.exe
  C:\Windows\System\mwLUjgC.exe
  2⤵
  PID:6424
- C:\Windows\System\NbitldW.exe
  C:\Windows\System\NbitldW.exe
  2⤵
  PID:6452
- C:\Windows\System\wfJAWau.exe
  C:\Windows\System\wfJAWau.exe
  2⤵
  PID:6480
- C:\Windows\System\AjuGWhi.exe
  C:\Windows\System\AjuGWhi.exe
  2⤵
  PID:6504
- C:\Windows\System\szyeVeJ.exe
  C:\Windows\System\szyeVeJ.exe
  2⤵
  PID:6532
- C:\Windows\System\cocVzzt.exe
  C:\Windows\System\cocVzzt.exe
  2⤵
  PID:6564
- C:\Windows\System\nrdIsSj.exe
  C:\Windows\System\nrdIsSj.exe
  2⤵
  PID:6588
- C:\Windows\System\JrddyDT.exe
  C:\Windows\System\JrddyDT.exe
  2⤵
  PID:6620
- C:\Windows\System\BklfRSU.exe
  C:\Windows\System\BklfRSU.exe
  2⤵
  PID:6644
- C:\Windows\System\nCqsQxO.exe
  C:\Windows\System\nCqsQxO.exe
  2⤵
  PID:6672
- C:\Windows\System\gaHCrfq.exe
  C:\Windows\System\gaHCrfq.exe
  2⤵
  PID:6708
- C:\Windows\System\cxTqHLX.exe
  C:\Windows\System\cxTqHLX.exe
  2⤵
  PID:6732
- C:\Windows\System\LPFdZAL.exe
  C:\Windows\System\LPFdZAL.exe
  2⤵
  PID:6764
- C:\Windows\System\iffYFMb.exe
  C:\Windows\System\iffYFMb.exe
  2⤵
  PID:6788
- C:\Windows\System\ZNzOehp.exe
  C:\Windows\System\ZNzOehp.exe
  2⤵
  PID:6816
- C:\Windows\System\vyTrKAr.exe
  C:\Windows\System\vyTrKAr.exe
  2⤵
  PID:6844
- C:\Windows\System\miolnTG.exe
  C:\Windows\System\miolnTG.exe
  2⤵
  PID:6868
- C:\Windows\System\NKxhIXX.exe
  C:\Windows\System\NKxhIXX.exe
  2⤵
  PID:6900
- C:\Windows\System\QZjeCaL.exe
  C:\Windows\System\QZjeCaL.exe
  2⤵
  PID:6924
- C:\Windows\System\RWjVDsj.exe
  C:\Windows\System\RWjVDsj.exe
  2⤵
  PID:6960
- C:\Windows\System\ZUICSdZ.exe
  C:\Windows\System\ZUICSdZ.exe
  2⤵
  PID:6984
- C:\Windows\System\dpPgDZR.exe
  C:\Windows\System\dpPgDZR.exe
  2⤵
  PID:7008
- C:\Windows\System\WgFkNIu.exe
  C:\Windows\System\WgFkNIu.exe
  2⤵
  PID:7044
- C:\Windows\System\FdRxMae.exe
  C:\Windows\System\FdRxMae.exe
  2⤵
  PID:7068
- C:\Windows\System\EqXKLKO.exe
  C:\Windows\System\EqXKLKO.exe
  2⤵
  PID:7100
- C:\Windows\System\OwtnNcl.exe
  C:\Windows\System\OwtnNcl.exe
  2⤵
  PID:7124
- C:\Windows\System\VpIUfuM.exe
  C:\Windows\System\VpIUfuM.exe
  2⤵
  PID:7156
- C:\Windows\System\WzQzSvS.exe
  C:\Windows\System\WzQzSvS.exe
  2⤵
  PID:5848
- C:\Windows\System\iwxidjh.exe
  C:\Windows\System\iwxidjh.exe
  2⤵
  PID:6104
- C:\Windows\System\pLkFlOi.exe
  C:\Windows\System\pLkFlOi.exe
  2⤵
  PID:5576
- C:\Windows\System\NfLVxqd.exe
  C:\Windows\System\NfLVxqd.exe
  2⤵
  PID:6192
- C:\Windows\System\paCOZPp.exe
  C:\Windows\System\paCOZPp.exe
  2⤵
  PID:6304
- C:\Windows\System\peCCMwS.exe
  C:\Windows\System\peCCMwS.exe
  2⤵
  PID:6352
- C:\Windows\System\gulKWEH.exe
  C:\Windows\System\gulKWEH.exe
  2⤵
  PID:3484
- C:\Windows\System\sfyFGIz.exe
  C:\Windows\System\sfyFGIz.exe
  2⤵
  PID:6440
- C:\Windows\System\VrAKENE.exe
  C:\Windows\System\VrAKENE.exe
  2⤵
  PID:6496
- C:\Windows\System\WRxSYdF.exe
  C:\Windows\System\WRxSYdF.exe
  2⤵
  PID:6552
- C:\Windows\System\WMxnVFR.exe
  C:\Windows\System\WMxnVFR.exe
  2⤵
  PID:6632
- C:\Windows\System\WZOgHjo.exe
  C:\Windows\System\WZOgHjo.exe
  2⤵
  PID:6688
- C:\Windows\System\ngpQvdZ.exe
  C:\Windows\System\ngpQvdZ.exe
  2⤵
  PID:6744
- C:\Windows\System\XuExLUV.exe
  C:\Windows\System\XuExLUV.exe
  2⤵
  PID:6800
- C:\Windows\System\qCmfjFg.exe
  C:\Windows\System\qCmfjFg.exe
  2⤵
  PID:6836
- C:\Windows\System\MeiEJmh.exe
  C:\Windows\System\MeiEJmh.exe
  2⤵
  PID:6892
- C:\Windows\System\BLlRKoH.exe
  C:\Windows\System\BLlRKoH.exe
  2⤵
  PID:6948
- C:\Windows\System\cSFtBMM.exe
  C:\Windows\System\cSFtBMM.exe
  2⤵
  PID:7004
- C:\Windows\System\RnZXdNW.exe
  C:\Windows\System\RnZXdNW.exe
  2⤵
  PID:7084
- C:\Windows\System\JngQjEe.exe
  C:\Windows\System\JngQjEe.exe
  2⤵
  PID:4920
- C:\Windows\System\PbsPted.exe
  C:\Windows\System\PbsPted.exe
  2⤵
  PID:5936
- C:\Windows\System\MqgEVOO.exe
  C:\Windows\System\MqgEVOO.exe
  2⤵
  PID:6220
- C:\Windows\System\TqjWBCG.exe
  C:\Windows\System\TqjWBCG.exe
  2⤵
  PID:6328
- C:\Windows\System\vVUirYj.exe
  C:\Windows\System\vVUirYj.exe
  2⤵
  PID:6388
- C:\Windows\System\WemPipq.exe
  C:\Windows\System\WemPipq.exe
  2⤵
  PID:6492
- C:\Windows\System\QbsiEtF.exe
  C:\Windows\System\QbsiEtF.exe
  2⤵
  PID:6548
- C:\Windows\System\BWjNkAF.exe
  C:\Windows\System\BWjNkAF.exe
  2⤵
  PID:6604
- C:\Windows\System\nnjfAOy.exe
  C:\Windows\System\nnjfAOy.exe
  2⤵
  PID:6828
- C:\Windows\System\sLPwUVQ.exe
  C:\Windows\System\sLPwUVQ.exe
  2⤵
  PID:6884
- C:\Windows\System\SBcrGph.exe
  C:\Windows\System\SBcrGph.exe
  2⤵
  PID:6940
- C:\Windows\System\wUMJoLJ.exe
  C:\Windows\System\wUMJoLJ.exe
  2⤵
  PID:976
- C:\Windows\System\QJKmqVl.exe
  C:\Windows\System\QJKmqVl.exe
  2⤵
  PID:4400
- C:\Windows\System\fvXZyaW.exe
  C:\Windows\System\fvXZyaW.exe
  2⤵
  PID:4248
- C:\Windows\System\ekFvCwt.exe
  C:\Windows\System\ekFvCwt.exe
  2⤵
  PID:7144
- C:\Windows\System\hhQnnxX.exe
  C:\Windows\System\hhQnnxX.exe
  2⤵
  PID:3692
- C:\Windows\System\BVqJXmA.exe
  C:\Windows\System\BVqJXmA.exe
  2⤵
  PID:5208
- C:\Windows\System\UzRyoax.exe
  C:\Windows\System\UzRyoax.exe
  2⤵
  PID:7164
- C:\Windows\System\zFJeASE.exe
  C:\Windows\System\zFJeASE.exe
  2⤵
  PID:6156
- C:\Windows\System\dcbMDxa.exe
  C:\Windows\System\dcbMDxa.exe
  2⤵
  PID:6472
- C:\Windows\System\cJhTWht.exe
  C:\Windows\System\cJhTWht.exe
  2⤵
  PID:6528
- C:\Windows\System\NCcKPzH.exe
  C:\Windows\System\NCcKPzH.exe
  2⤵
  PID:6716
- C:\Windows\System\gSvgxbW.exe
  C:\Windows\System\gSvgxbW.exe
  2⤵
  PID:1832
- C:\Windows\System\umHkUDy.exe
  C:\Windows\System\umHkUDy.exe
  2⤵
  PID:2952
- C:\Windows\System\lQwFZVj.exe
  C:\Windows\System\lQwFZVj.exe
  2⤵
  PID:7116
- C:\Windows\System\OyDXpEn.exe
  C:\Windows\System\OyDXpEn.exe
  2⤵
  PID:6724
- C:\Windows\System\SWLOpBu.exe
  C:\Windows\System\SWLOpBu.exe
  2⤵
  PID:7064
- C:\Windows\System\TWdsjoI.exe
  C:\Windows\System\TWdsjoI.exe
  2⤵
  PID:3136
- C:\Windows\System\juJBzFe.exe
  C:\Windows\System\juJBzFe.exe
  2⤵
  PID:4876
- C:\Windows\System\gkZVhxE.exe
  C:\Windows\System\gkZVhxE.exe
  2⤵
  PID:2012
- C:\Windows\System\tlqrooI.exe
  C:\Windows\System\tlqrooI.exe
  2⤵
  PID:7180
- C:\Windows\System\WXZBmfS.exe
  C:\Windows\System\WXZBmfS.exe
  2⤵
  PID:7200
- C:\Windows\System\QNgmNMx.exe
  C:\Windows\System\QNgmNMx.exe
  2⤵
  PID:7220
- C:\Windows\System\kkAmisN.exe
  C:\Windows\System\kkAmisN.exe
  2⤵
  PID:7240
- C:\Windows\System\beihDIr.exe
  C:\Windows\System\beihDIr.exe
  2⤵
  PID:7268
- C:\Windows\System\VJVCECJ.exe
  C:\Windows\System\VJVCECJ.exe
  2⤵
  PID:7284
- C:\Windows\System\ZngMJGR.exe
  C:\Windows\System\ZngMJGR.exe
  2⤵
  PID:7324
- C:\Windows\System\QcPPwSU.exe
  C:\Windows\System\QcPPwSU.exe
  2⤵
  PID:7384
- C:\Windows\System\BLBOpKJ.exe
  C:\Windows\System\BLBOpKJ.exe
  2⤵
  PID:7400
- C:\Windows\System\RzQCgGH.exe
  C:\Windows\System\RzQCgGH.exe
  2⤵
  PID:7416
- C:\Windows\System\qNXRzsu.exe
  C:\Windows\System\qNXRzsu.exe
  2⤵
  PID:7436
- C:\Windows\System\akoaNwl.exe
  C:\Windows\System\akoaNwl.exe
  2⤵
  PID:7452
- C:\Windows\System\zUcgetI.exe
  C:\Windows\System\zUcgetI.exe
  2⤵
  PID:7476
- C:\Windows\System\jUQqLwC.exe
  C:\Windows\System\jUQqLwC.exe
  2⤵
  PID:7492
- C:\Windows\System\ggdZNDG.exe
  C:\Windows\System\ggdZNDG.exe
  2⤵
  PID:7516
- C:\Windows\System\vwnUogB.exe
  C:\Windows\System\vwnUogB.exe
  2⤵
  PID:7532
- C:\Windows\System\QqjsUch.exe
  C:\Windows\System\QqjsUch.exe
  2⤵
  PID:7580
- C:\Windows\System\RhJzIfU.exe
  C:\Windows\System\RhJzIfU.exe
  2⤵
  PID:7600
- C:\Windows\System\OiaEFpC.exe
  C:\Windows\System\OiaEFpC.exe
  2⤵
  PID:7620
- C:\Windows\System\lXSPTLx.exe
  C:\Windows\System\lXSPTLx.exe
  2⤵
  PID:7700
- C:\Windows\System\cKTmOqc.exe
  C:\Windows\System\cKTmOqc.exe
  2⤵
  PID:7716
- C:\Windows\System\crHEloh.exe
  C:\Windows\System\crHEloh.exe
  2⤵
  PID:7756
- C:\Windows\System\SvlgReO.exe
  C:\Windows\System\SvlgReO.exe
  2⤵
  PID:7780
- C:\Windows\System\nafJgxn.exe
  C:\Windows\System\nafJgxn.exe
  2⤵
  PID:7796
- C:\Windows\System\QpQYING.exe
  C:\Windows\System\QpQYING.exe
  2⤵
  PID:7836
- C:\Windows\System\rQDnOQK.exe
  C:\Windows\System\rQDnOQK.exe
  2⤵
  PID:7860
- C:\Windows\System\PcxiISw.exe
  C:\Windows\System\PcxiISw.exe
  2⤵
  PID:7880
- C:\Windows\System\Stqelhp.exe
  C:\Windows\System\Stqelhp.exe
  2⤵
  PID:7928
- C:\Windows\System\iFYbpFm.exe
  C:\Windows\System\iFYbpFm.exe
  2⤵
  PID:7944
- C:\Windows\System\MMkwJzp.exe
  C:\Windows\System\MMkwJzp.exe
  2⤵
  PID:7996
- C:\Windows\System\TyUtXIq.exe
  C:\Windows\System\TyUtXIq.exe
  2⤵
  PID:8020
- C:\Windows\System\BweBcyc.exe
  C:\Windows\System\BweBcyc.exe
  2⤵
  PID:8036
- C:\Windows\System\NXOQGNK.exe
  C:\Windows\System\NXOQGNK.exe
  2⤵
  PID:8060
- C:\Windows\System\qYsfApM.exe
  C:\Windows\System\qYsfApM.exe
  2⤵
  PID:8084
- C:\Windows\System\KYzYdwt.exe
  C:\Windows\System\KYzYdwt.exe
  2⤵
  PID:8104
- C:\Windows\System\xdtMaHs.exe
  C:\Windows\System\xdtMaHs.exe
  2⤵
  PID:8128
- C:\Windows\System\wpaBWLY.exe
  C:\Windows\System\wpaBWLY.exe
  2⤵
  PID:8180
- C:\Windows\System\mtTGBeu.exe
  C:\Windows\System\mtTGBeu.exe
  2⤵
  PID:7216
- C:\Windows\System\lsHQcKx.exe
  C:\Windows\System\lsHQcKx.exe
  2⤵
  PID:7236
- C:\Windows\System\SJMohtG.exe
  C:\Windows\System\SJMohtG.exe
  2⤵
  PID:7316
- C:\Windows\System\ykHvCRh.exe
  C:\Windows\System\ykHvCRh.exe
  2⤵
  PID:7260
- C:\Windows\System\YPcEKxw.exe
  C:\Windows\System\YPcEKxw.exe
  2⤵
  PID:7392
- C:\Windows\System\TfFyzyP.exe
  C:\Windows\System\TfFyzyP.exe
  2⤵
  PID:7460
- C:\Windows\System\HQRlQSn.exe
  C:\Windows\System\HQRlQSn.exe
  2⤵
  PID:7488
- C:\Windows\System\iHSQMiq.exe
  C:\Windows\System\iHSQMiq.exe
  2⤵
  PID:7568
- C:\Windows\System\fOGIdOC.exe
  C:\Windows\System\fOGIdOC.exe
  2⤵
  PID:7484
- C:\Windows\System\OEfRdjk.exe
  C:\Windows\System\OEfRdjk.exe
  2⤵
  PID:7684
- C:\Windows\System\LrWrvoS.exe
  C:\Windows\System\LrWrvoS.exe
  2⤵
  PID:7644
- C:\Windows\System\tmvTOaL.exe
  C:\Windows\System\tmvTOaL.exe
  2⤵
  PID:7772
- C:\Windows\System\uHXkIEP.exe
  C:\Windows\System\uHXkIEP.exe
  2⤵
  PID:7832
- C:\Windows\System\bNaAlrf.exe
  C:\Windows\System\bNaAlrf.exe
  2⤵
  PID:7940
- C:\Windows\System\BUCdrqC.exe
  C:\Windows\System\BUCdrqC.exe
  2⤵
  PID:8120
- C:\Windows\System\FEhbiIz.exe
  C:\Windows\System\FEhbiIz.exe
  2⤵
  PID:7992
- C:\Windows\System\FIVEjSy.exe
  C:\Windows\System\FIVEjSy.exe
  2⤵
  PID:8044
- C:\Windows\System\BWWaMxk.exe
  C:\Windows\System\BWWaMxk.exe
  2⤵
  PID:8168
- C:\Windows\System\oLZMVRN.exe
  C:\Windows\System\oLZMVRN.exe
  2⤵
  PID:8172
- C:\Windows\System\YUQKgGv.exe
  C:\Windows\System\YUQKgGv.exe
  2⤵
  PID:7344
- C:\Windows\System\tVsNBGv.exe
  C:\Windows\System\tVsNBGv.exe
  2⤵
  PID:7448
- C:\Windows\System\xauceEf.exe
  C:\Windows\System\xauceEf.exe
  2⤵
  PID:7912
- C:\Windows\System\zxvFyjK.exe
  C:\Windows\System\zxvFyjK.exe
  2⤵
  PID:8200
- C:\Windows\System\mexDdcl.exe
  C:\Windows\System\mexDdcl.exe
  2⤵
  PID:8220
- C:\Windows\System\QGBlVRh.exe
  C:\Windows\System\QGBlVRh.exe
  2⤵
  PID:8236
- C:\Windows\System\XxXcJct.exe
  C:\Windows\System\XxXcJct.exe
  2⤵
  PID:8260
- C:\Windows\System\rpWDfvl.exe
  C:\Windows\System\rpWDfvl.exe
  2⤵
  PID:8316
- C:\Windows\System\SqfdyCk.exe
  C:\Windows\System\SqfdyCk.exe
  2⤵
  PID:8332
- C:\Windows\System\JxSInNu.exe
  C:\Windows\System\JxSInNu.exe
  2⤵
  PID:8356
- C:\Windows\System\mfIFSau.exe
  C:\Windows\System\mfIFSau.exe
  2⤵
  PID:8372
- C:\Windows\System\FeGVsWi.exe
  C:\Windows\System\FeGVsWi.exe
  2⤵
  PID:8392
- C:\Windows\System\qfscMpt.exe
  C:\Windows\System\qfscMpt.exe
  2⤵
  PID:8456
- C:\Windows\System\QhGwpym.exe
  C:\Windows\System\QhGwpym.exe
  2⤵
  PID:8500
- C:\Windows\System\RAtHNnn.exe
  C:\Windows\System\RAtHNnn.exe
  2⤵
  PID:8540
- C:\Windows\System\owGzFfL.exe
  C:\Windows\System\owGzFfL.exe
  2⤵
  PID:8576
- C:\Windows\System\JNTnGZx.exe
  C:\Windows\System\JNTnGZx.exe
  2⤵
  PID:8600
- C:\Windows\System\TrEDKuW.exe
  C:\Windows\System\TrEDKuW.exe
  2⤵
  PID:8624
- C:\Windows\System\pkUNCwU.exe
  C:\Windows\System\pkUNCwU.exe
  2⤵
  PID:8648
- C:\Windows\System\LGMnBTP.exe
  C:\Windows\System\LGMnBTP.exe
  2⤵
  PID:8672
- C:\Windows\System\sHTUWQg.exe
  C:\Windows\System\sHTUWQg.exe
  2⤵
  PID:8712
- C:\Windows\System\HsNyjpm.exe
  C:\Windows\System\HsNyjpm.exe
  2⤵
  PID:8744
- C:\Windows\System\zqzehNT.exe
  C:\Windows\System\zqzehNT.exe
  2⤵
  PID:8804
- C:\Windows\System\zkRDNVm.exe
  C:\Windows\System\zkRDNVm.exe
  2⤵
  PID:8824
- C:\Windows\System\jcCOtzd.exe
  C:\Windows\System\jcCOtzd.exe
  2⤵
  PID:8848
- C:\Windows\System\DpFXTLa.exe
  C:\Windows\System\DpFXTLa.exe
  2⤵
  PID:8868
- C:\Windows\System\pbXpFjD.exe
  C:\Windows\System\pbXpFjD.exe
  2⤵
  PID:8904
- C:\Windows\System\anDgrMz.exe
  C:\Windows\System\anDgrMz.exe
  2⤵
  PID:8936
- C:\Windows\System\GzXsnLk.exe
  C:\Windows\System\GzXsnLk.exe
  2⤵
  PID:8952
- C:\Windows\System\trZWOPD.exe
  C:\Windows\System\trZWOPD.exe
  2⤵
  PID:8972
- C:\Windows\System\cKEEaWh.exe
  C:\Windows\System\cKEEaWh.exe
  2⤵
  PID:9024
- C:\Windows\System\bMGaLBc.exe
  C:\Windows\System\bMGaLBc.exe
  2⤵
  PID:9044
- C:\Windows\System\ymYWNuW.exe
  C:\Windows\System\ymYWNuW.exe
  2⤵
  PID:9060
- C:\Windows\System\decdPvl.exe
  C:\Windows\System\decdPvl.exe
  2⤵
  PID:9088
- C:\Windows\System\qxfPikt.exe
  C:\Windows\System\qxfPikt.exe
  2⤵
  PID:9108
- C:\Windows\System\RKxdpDc.exe
  C:\Windows\System\RKxdpDc.exe
  2⤵
  PID:9148
- C:\Windows\System\rtPUfGs.exe
  C:\Windows\System\rtPUfGs.exe
  2⤵
  PID:9200
- C:\Windows\System\fiOJiau.exe
  C:\Windows\System\fiOJiau.exe
  2⤵
  PID:7984
- C:\Windows\System\nhfXGcn.exe
  C:\Windows\System\nhfXGcn.exe
  2⤵
  PID:8144
- C:\Windows\System\jsbAnIe.exe
  C:\Windows\System\jsbAnIe.exe
  2⤵
  PID:7664
- C:\Windows\System\rQEhUns.exe
  C:\Windows\System\rQEhUns.exe
  2⤵
  PID:8228
- C:\Windows\System\uTCWDiG.exe
  C:\Windows\System\uTCWDiG.exe
  2⤵
  PID:7596
- C:\Windows\System\xOAmTEB.exe
  C:\Windows\System\xOAmTEB.exe
  2⤵
  PID:8364
- C:\Windows\System\qOItJCa.exe
  C:\Windows\System\qOItJCa.exe
  2⤵
  PID:8352
- C:\Windows\System\mhvZKrz.exe
  C:\Windows\System\mhvZKrz.exe
  2⤵
  PID:8448
- C:\Windows\System\icVawTl.exe
  C:\Windows\System\icVawTl.exe
  2⤵
  PID:8492
- C:\Windows\System\gPuvMay.exe
  C:\Windows\System\gPuvMay.exe
  2⤵
  PID:8548
- C:\Windows\System\PSQkYtz.exe
  C:\Windows\System\PSQkYtz.exe
  2⤵
  PID:8644
- C:\Windows\System\NQYMWXg.exe
  C:\Windows\System\NQYMWXg.exe
  2⤵
  PID:8568
- C:\Windows\System\pFMKYdj.exe
  C:\Windows\System\pFMKYdj.exe
  2⤵
  PID:8616
- C:\Windows\System\ZEZGhGx.exe
  C:\Windows\System\ZEZGhGx.exe
  2⤵
  PID:8780
- C:\Windows\System\iwjjXoA.exe
  C:\Windows\System\iwjjXoA.exe
  2⤵
  PID:8912
- C:\Windows\System\wTvcWbU.exe
  C:\Windows\System\wTvcWbU.exe
  2⤵
  PID:8900
- C:\Windows\System\xXpUYCZ.exe
  C:\Windows\System\xXpUYCZ.exe
  2⤵
  PID:8928
- C:\Windows\System\tKNNSaH.exe
  C:\Windows\System\tKNNSaH.exe
  2⤵
  PID:8968
- C:\Windows\System\exvUVwj.exe
  C:\Windows\System\exvUVwj.exe
  2⤵
  PID:9040
- C:\Windows\System\EUCrgSo.exe
  C:\Windows\System\EUCrgSo.exe
  2⤵
  PID:9076
- C:\Windows\System\dgNDBiA.exe
  C:\Windows\System\dgNDBiA.exe
  2⤵
  PID:9104
- C:\Windows\System\kfNwbXX.exe
  C:\Windows\System\kfNwbXX.exe
  2⤵
  PID:9196
- C:\Windows\System\htUxEti.exe
  C:\Windows\System\htUxEti.exe
  2⤵
  PID:8340
- C:\Windows\System\agpiPhz.exe
  C:\Windows\System\agpiPhz.exe
  2⤵
  PID:8324
- C:\Windows\System\qcMhdhA.exe
  C:\Windows\System\qcMhdhA.exe
  2⤵
  PID:8416
- C:\Windows\System\lfoCMop.exe
  C:\Windows\System\lfoCMop.exe
  2⤵
  PID:8596
- C:\Windows\System\xVOpyuo.exe
  C:\Windows\System\xVOpyuo.exe
  2⤵
  PID:8584
- C:\Windows\System\MaXUQmv.exe
  C:\Windows\System\MaXUQmv.exe
  2⤵
  PID:8988
- C:\Windows\System\XWpwNtG.exe
  C:\Windows\System\XWpwNtG.exe
  2⤵
  PID:8840
- C:\Windows\System\jqfTPCx.exe
  C:\Windows\System\jqfTPCx.exe
  2⤵
  PID:8532
- C:\Windows\System\MPAYVcF.exe
  C:\Windows\System\MPAYVcF.exe
  2⤵
  PID:8368
- C:\Windows\System\krWXNfW.exe
  C:\Windows\System\krWXNfW.exe
  2⤵
  PID:9140
- C:\Windows\System\BZXKBTN.exe
  C:\Windows\System\BZXKBTN.exe
  2⤵
  PID:8800
- C:\Windows\System\bgfoGIr.exe
  C:\Windows\System\bgfoGIr.exe
  2⤵
  PID:9244
- C:\Windows\System\YHODWpn.exe
  C:\Windows\System\YHODWpn.exe
  2⤵
  PID:9260
- C:\Windows\System\sylkalS.exe
  C:\Windows\System\sylkalS.exe
  2⤵
  PID:9280
- C:\Windows\System\FZxuQPU.exe
  C:\Windows\System\FZxuQPU.exe
  2⤵
  PID:9304
- C:\Windows\System\CKnKewN.exe
  C:\Windows\System\CKnKewN.exe
  2⤵
  PID:9336
- C:\Windows\System\jDGsxmh.exe
  C:\Windows\System\jDGsxmh.exe
  2⤵
  PID:9352
- C:\Windows\System\MCcRBNE.exe
  C:\Windows\System\MCcRBNE.exe
  2⤵
  PID:9380
- C:\Windows\System\EccfxBf.exe
  C:\Windows\System\EccfxBf.exe
  2⤵
  PID:9400
- C:\Windows\System\uJbCYVf.exe
  C:\Windows\System\uJbCYVf.exe
  2⤵
  PID:9420
- C:\Windows\System\TKYnmJa.exe
  C:\Windows\System\TKYnmJa.exe
  2⤵
  PID:9464
- C:\Windows\System\hvOlpmH.exe
  C:\Windows\System\hvOlpmH.exe
  2⤵
  PID:9484
- C:\Windows\System\zozmImT.exe
  C:\Windows\System\zozmImT.exe
  2⤵
  PID:9504
- C:\Windows\System\CsszwfX.exe
  C:\Windows\System\CsszwfX.exe
  2⤵
  PID:9540
- C:\Windows\System\AZyFOQM.exe
  C:\Windows\System\AZyFOQM.exe
  2⤵
  PID:9572
- C:\Windows\System\Hjyjyit.exe
  C:\Windows\System\Hjyjyit.exe
  2⤵
  PID:9588
- C:\Windows\System\MbCrFod.exe
  C:\Windows\System\MbCrFod.exe
  2⤵
  PID:9608
- C:\Windows\System\eQdhDav.exe
  C:\Windows\System\eQdhDav.exe
  2⤵
  PID:9648
- C:\Windows\System\gAapPqf.exe
  C:\Windows\System\gAapPqf.exe
  2⤵
  PID:9684
- C:\Windows\System\mGqukLI.exe
  C:\Windows\System\mGqukLI.exe
  2⤵
  PID:9700
- C:\Windows\System\DCpqKnC.exe
  C:\Windows\System\DCpqKnC.exe
  2⤵
  PID:9724
- C:\Windows\System\bhsJZly.exe
  C:\Windows\System\bhsJZly.exe
  2⤵
  PID:9744
- C:\Windows\System\GYumJYx.exe
  C:\Windows\System\GYumJYx.exe
  2⤵
  PID:9760
- C:\Windows\System\OmbVJRR.exe
  C:\Windows\System\OmbVJRR.exe
  2⤵
  PID:9796
- C:\Windows\System\FTtRFCT.exe
  C:\Windows\System\FTtRFCT.exe
  2⤵
  PID:9812
- C:\Windows\System\DYVtRHa.exe
  C:\Windows\System\DYVtRHa.exe
  2⤵
  PID:9832
- C:\Windows\System\hnUuGAB.exe
  C:\Windows\System\hnUuGAB.exe
  2⤵
  PID:9848
- C:\Windows\System\JhNdZBR.exe
  C:\Windows\System\JhNdZBR.exe
  2⤵
  PID:9864
- C:\Windows\System\SOEmYyE.exe
  C:\Windows\System\SOEmYyE.exe
  2⤵
  PID:9936
- C:\Windows\System\YcATnqD.exe
  C:\Windows\System\YcATnqD.exe
  2⤵
  PID:9960
- C:\Windows\System\kGAMLyh.exe
  C:\Windows\System\kGAMLyh.exe
  2⤵
  PID:10012
- C:\Windows\System\dsFgNGT.exe
  C:\Windows\System\dsFgNGT.exe
  2⤵
  PID:10032
- C:\Windows\System\KHaOdYy.exe
  C:\Windows\System\KHaOdYy.exe
  2⤵
  PID:10048
- C:\Windows\System\fUDJMJT.exe
  C:\Windows\System\fUDJMJT.exe
  2⤵
  PID:10068
- C:\Windows\System\XJzGxWF.exe
  C:\Windows\System\XJzGxWF.exe
  2⤵
  PID:10100
- C:\Windows\System\txLSdbg.exe
  C:\Windows\System\txLSdbg.exe
  2⤵
  PID:10116
- C:\Windows\System\ncsXiBy.exe
  C:\Windows\System\ncsXiBy.exe
  2⤵
  PID:10136
- C:\Windows\System\liNvpQW.exe
  C:\Windows\System\liNvpQW.exe
  2⤵
  PID:10156
- C:\Windows\System\fYoTPjw.exe
  C:\Windows\System\fYoTPjw.exe
  2⤵
  PID:10200
- C:\Windows\System\XafofLH.exe
  C:\Windows\System\XafofLH.exe
  2⤵
  PID:9228
- C:\Windows\System\FbkfdiP.exe
  C:\Windows\System\FbkfdiP.exe
  2⤵
  PID:9296
- C:\Windows\System\DFzrhUu.exe
  C:\Windows\System\DFzrhUu.exe
  2⤵
  PID:9348
- C:\Windows\System\jFovHgA.exe
  C:\Windows\System\jFovHgA.exe
  2⤵
  PID:9396
- C:\Windows\System\LHFyYqW.exe
  C:\Windows\System\LHFyYqW.exe
  2⤵
  PID:9416
- C:\Windows\System\IBLTeIM.exe
  C:\Windows\System\IBLTeIM.exe
  2⤵
  PID:9556
- C:\Windows\System\AnNKjRV.exe
  C:\Windows\System\AnNKjRV.exe
  2⤵
  PID:9496
- C:\Windows\System\BsbxLvl.exe
  C:\Windows\System\BsbxLvl.exe
  2⤵
  PID:9604
- C:\Windows\System\lsjewTH.exe
  C:\Windows\System\lsjewTH.exe
  2⤵
  PID:9620
- C:\Windows\System\kodpmzg.exe
  C:\Windows\System\kodpmzg.exe
  2⤵
  PID:9756
- C:\Windows\System\oQEpRXQ.exe
  C:\Windows\System\oQEpRXQ.exe
  2⤵
  PID:9692
- C:\Windows\System\KtoPjhB.exe
  C:\Windows\System\KtoPjhB.exe
  2⤵
  PID:9732
- C:\Windows\System\rlnVRTg.exe
  C:\Windows\System\rlnVRTg.exe
  2⤵
  PID:9828
- C:\Windows\System\CyOpHoC.exe
  C:\Windows\System\CyOpHoC.exe
  2⤵
  PID:9932
- C:\Windows\System\iWMkaHQ.exe
  C:\Windows\System\iWMkaHQ.exe
  2⤵
  PID:10044
- C:\Windows\System\BZbRTdR.exe
  C:\Windows\System\BZbRTdR.exe
  2⤵
  PID:10092
- C:\Windows\System\xiMNZKE.exe
  C:\Windows\System\xiMNZKE.exe
  2⤵
  PID:9252
- C:\Windows\System\SAMuOKK.exe
  C:\Windows\System\SAMuOKK.exe
  2⤵
  PID:10220
- C:\Windows\System\qPnrCbG.exe
  C:\Windows\System\qPnrCbG.exe
  2⤵
  PID:9520
- C:\Windows\System\AqJorvc.exe
  C:\Windows\System\AqJorvc.exe
  2⤵
  PID:9324
- C:\Windows\System\EwnfDIO.exe
  C:\Windows\System\EwnfDIO.exe
  2⤵
  PID:9584
- C:\Windows\System\StpyyXi.exe
  C:\Windows\System\StpyyXi.exe
  2⤵
  PID:9716
- C:\Windows\System\wbYkpEz.exe
  C:\Windows\System\wbYkpEz.exe
  2⤵
  PID:9680
- C:\Windows\System\lNWLiea.exe
  C:\Windows\System\lNWLiea.exe
  2⤵
  PID:9996
- C:\Windows\System\YKaOpJA.exe
  C:\Windows\System\YKaOpJA.exe
  2⤵
  PID:10124
- C:\Windows\System\KABIejN.exe
  C:\Windows\System\KABIejN.exe
  2⤵
  PID:9480
- C:\Windows\System\XHTRpbR.exe
  C:\Windows\System\XHTRpbR.exe
  2⤵
  PID:10244
- C:\Windows\System\kzKytaj.exe
  C:\Windows\System\kzKytaj.exe
  2⤵
  PID:10284
- C:\Windows\System\ePtEfyc.exe
  C:\Windows\System\ePtEfyc.exe
  2⤵
  PID:10304
- C:\Windows\System\YnQTxVG.exe
  C:\Windows\System\YnQTxVG.exe
  2⤵
  PID:10328
- C:\Windows\System\sbpmemI.exe
  C:\Windows\System\sbpmemI.exe
  2⤵
  PID:10344
- C:\Windows\System\MUuNssM.exe
  C:\Windows\System\MUuNssM.exe
  2⤵
  PID:10372
- C:\Windows\System\DaodmJl.exe
  C:\Windows\System\DaodmJl.exe
  2⤵
  PID:10388
- C:\Windows\System\XngeThK.exe
  C:\Windows\System\XngeThK.exe
  2⤵
  PID:10468
- C:\Windows\System\GBziIGL.exe
  C:\Windows\System\GBziIGL.exe
  2⤵
  PID:10488
- C:\Windows\System\DONRsuG.exe
  C:\Windows\System\DONRsuG.exe
  2⤵
  PID:10512
- C:\Windows\System\mRSbLQh.exe
  C:\Windows\System\mRSbLQh.exe
  2⤵
  PID:10532
- C:\Windows\System\NXWkmJI.exe
  C:\Windows\System\NXWkmJI.exe
  2⤵
  PID:10552
- C:\Windows\System\dmsvrWj.exe
  C:\Windows\System\dmsvrWj.exe
  2⤵
  PID:10572
- C:\Windows\System\uKcwGek.exe
  C:\Windows\System\uKcwGek.exe
  2⤵
  PID:10608
- C:\Windows\System\ROLBWdT.exe
  C:\Windows\System\ROLBWdT.exe
  2⤵
  PID:10624
- C:\Windows\System\BuFYaIX.exe
  C:\Windows\System\BuFYaIX.exe
  2⤵
  PID:10648
- C:\Windows\System\tNpncLG.exe
  C:\Windows\System\tNpncLG.exe
  2⤵
  PID:10680
- C:\Windows\System\UraGBSW.exe
  C:\Windows\System\UraGBSW.exe
  2⤵
  PID:10744
- C:\Windows\System\FbudSmd.exe
  C:\Windows\System\FbudSmd.exe
  2⤵
  PID:10764
- C:\Windows\System\plQninS.exe
  C:\Windows\System\plQninS.exe
  2⤵
  PID:10788
- C:\Windows\System\WOEAVne.exe
  C:\Windows\System\WOEAVne.exe
  2⤵
  PID:10808
- C:\Windows\System\TEqkRZW.exe
  C:\Windows\System\TEqkRZW.exe
  2⤵
  PID:10832
- C:\Windows\System\ErBZPdC.exe
  C:\Windows\System\ErBZPdC.exe
  2⤵
  PID:10880
- C:\Windows\System\efhIPUq.exe
  C:\Windows\System\efhIPUq.exe
  2⤵
  PID:10936
- C:\Windows\System\CfzOCCG.exe
  C:\Windows\System\CfzOCCG.exe
  2⤵
  PID:10956
- C:\Windows\System\yIZJuPI.exe
  C:\Windows\System\yIZJuPI.exe
  2⤵
  PID:10972
- C:\Windows\System\fBjQjSk.exe
  C:\Windows\System\fBjQjSk.exe
  2⤵
  PID:11036
- C:\Windows\System\QnXJZIF.exe
  C:\Windows\System\QnXJZIF.exe
  2⤵
  PID:11056
- C:\Windows\System\fwQdNkK.exe
  C:\Windows\System\fwQdNkK.exe
  2⤵
  PID:11084
- C:\Windows\System\jVBLQDS.exe
  C:\Windows\System\jVBLQDS.exe
  2⤵
  PID:11104
- C:\Windows\System\CTbaTzr.exe
  C:\Windows\System\CTbaTzr.exe
  2⤵
  PID:11132
- C:\Windows\System\VkQcWnB.exe
  C:\Windows\System\VkQcWnB.exe
  2⤵
  PID:11156
- C:\Windows\System\LWAUsEK.exe
  C:\Windows\System\LWAUsEK.exe
  2⤵
  PID:11192
- C:\Windows\System\ZIqmYft.exe
  C:\Windows\System\ZIqmYft.exe
  2⤵
  PID:11208
- C:\Windows\System\vJDIkFs.exe
  C:\Windows\System\vJDIkFs.exe
  2⤵
  PID:11228
- C:\Windows\System\rCYHtNr.exe
  C:\Windows\System\rCYHtNr.exe
  2⤵
  PID:11256
- C:\Windows\System\gQEesYs.exe
  C:\Windows\System\gQEesYs.exe
  2⤵
  PID:9408
- C:\Windows\System\xdxKHNY.exe
  C:\Windows\System\xdxKHNY.exe
  2⤵
  PID:9892
- C:\Windows\System\JZqFAvI.exe
  C:\Windows\System\JZqFAvI.exe
  2⤵
  PID:10252
- C:\Windows\System\xSIIorg.exe
  C:\Windows\System\xSIIorg.exe
  2⤵
  PID:10440
- C:\Windows\System\FYJvpbZ.exe
  C:\Windows\System\FYJvpbZ.exe
  2⤵
  PID:10540
- C:\Windows\System\kdHgrPX.exe
  C:\Windows\System\kdHgrPX.exe
  2⤵
  PID:10604
- C:\Windows\System\lLgltwf.exe
  C:\Windows\System\lLgltwf.exe
  2⤵
  PID:10732
- C:\Windows\System\dnBKcja.exe
  C:\Windows\System\dnBKcja.exe
  2⤵
  PID:10712
- C:\Windows\System\SoQcWjF.exe
  C:\Windows\System\SoQcWjF.exe
  2⤵
  PID:10824
- C:\Windows\System\ZDMYyFZ.exe
  C:\Windows\System\ZDMYyFZ.exe
  2⤵
  PID:10856
- C:\Windows\System\vfeXqHE.exe
  C:\Windows\System\vfeXqHE.exe
  2⤵
  PID:10864
- C:\Windows\System\fFbCpXa.exe
  C:\Windows\System\fFbCpXa.exe
  2⤵
  PID:10908
- C:\Windows\System\LddiDml.exe
  C:\Windows\System\LddiDml.exe
  2⤵
  PID:11052
- C:\Windows\System\pywNphp.exe
  C:\Windows\System\pywNphp.exe
  2⤵
  PID:11224
- C:\Windows\System\CCwXDmY.exe
  C:\Windows\System\CCwXDmY.exe
  2⤵
  PID:11140
- C:\Windows\System\ZmmGsde.exe
  C:\Windows\System\ZmmGsde.exe
  2⤵
  PID:9992
- C:\Windows\System\ejpykKr.exe
  C:\Windows\System\ejpykKr.exe
  2⤵
  PID:10320
- C:\Windows\System\OEjhQLH.exe
  C:\Windows\System\OEjhQLH.exe
  2⤵
  PID:10356
- C:\Windows\System\SlqKvTj.exe
  C:\Windows\System\SlqKvTj.exe
  2⤵
  PID:10504
- C:\Windows\System\HkNLkMj.exe
  C:\Windows\System\HkNLkMj.exe
  2⤵
  PID:10600
- C:\Windows\System\PXcpKle.exe
  C:\Windows\System\PXcpKle.exe
  2⤵
  PID:11016
- C:\Windows\System\hbfSNER.exe
  C:\Windows\System\hbfSNER.exe
  2⤵
  PID:11048
- C:\Windows\System\NFPrQLQ.exe
  C:\Windows\System\NFPrQLQ.exe
  2⤵
  PID:11236
- C:\Windows\System\stsfQFk.exe
  C:\Windows\System\stsfQFk.exe
  2⤵
  PID:10484
- C:\Windows\System\GeMLGWX.exe
  C:\Windows\System\GeMLGWX.exe
  2⤵
  PID:9500
- C:\Windows\System\uGhwZNS.exe
  C:\Windows\System\uGhwZNS.exe
  2⤵
  PID:10968
- C:\Windows\System\WzNXZXa.exe
  C:\Windows\System\WzNXZXa.exe
  2⤵
  PID:10300
- C:\Windows\System\nfxDmJf.exe
  C:\Windows\System\nfxDmJf.exe
  2⤵
  PID:11280
- C:\Windows\System\PFhKqbO.exe
  C:\Windows\System\PFhKqbO.exe
  2⤵
  PID:11316
- C:\Windows\System\hsNkQzb.exe
  C:\Windows\System\hsNkQzb.exe
  2⤵
  PID:11348
- C:\Windows\System\NvOcPYi.exe
  C:\Windows\System\NvOcPYi.exe
  2⤵
  PID:11376
- C:\Windows\System\xqqXWSy.exe
  C:\Windows\System\xqqXWSy.exe
  2⤵
  PID:11396
- C:\Windows\System\MZCVmLt.exe
  C:\Windows\System\MZCVmLt.exe
  2⤵
  PID:11428
- C:\Windows\System\upsaUbn.exe
  C:\Windows\System\upsaUbn.exe
  2⤵
  PID:11452
- C:\Windows\System\hwWXrBH.exe
  C:\Windows\System\hwWXrBH.exe
  2⤵
  PID:11484
- C:\Windows\System\vZcCHyx.exe
  C:\Windows\System\vZcCHyx.exe
  2⤵
  PID:11520
- C:\Windows\System\zZTGPcS.exe
  C:\Windows\System\zZTGPcS.exe
  2⤵
  PID:11548
- C:\Windows\System\SThlVTQ.exe
  C:\Windows\System\SThlVTQ.exe
  2⤵
  PID:11584
- C:\Windows\System\GKTKGAi.exe
  C:\Windows\System\GKTKGAi.exe
  2⤵
  PID:11624
- C:\Windows\System\dAksEcO.exe
  C:\Windows\System\dAksEcO.exe
  2⤵
  PID:11644
- C:\Windows\System\ixKORIw.exe
  C:\Windows\System\ixKORIw.exe
  2⤵
  PID:11668
- C:\Windows\System\fIfDAGf.exe
  C:\Windows\System\fIfDAGf.exe
  2⤵
  PID:11692
- C:\Windows\System\UGkhnma.exe
  C:\Windows\System\UGkhnma.exe
  2⤵
  PID:11724
- C:\Windows\System\GlNJwyw.exe
  C:\Windows\System\GlNJwyw.exe
  2⤵
  PID:11740
- C:\Windows\System\kHCDeXd.exe
  C:\Windows\System\kHCDeXd.exe
  2⤵
  PID:11776
- C:\Windows\System\yLqlGua.exe
  C:\Windows\System\yLqlGua.exe
  2⤵
  PID:11804
- C:\Windows\System\YcVCBaO.exe
  C:\Windows\System\YcVCBaO.exe
  2⤵
  PID:11832
- C:\Windows\System\GlVHRqM.exe
  C:\Windows\System\GlVHRqM.exe
  2⤵
  PID:11860
- C:\Windows\System\YrTtKAP.exe
  C:\Windows\System\YrTtKAP.exe
  2⤵
  PID:11896
- C:\Windows\System\vLDwfPG.exe
  C:\Windows\System\vLDwfPG.exe
  2⤵
  PID:11928
- C:\Windows\System\IhCbVmd.exe
  C:\Windows\System\IhCbVmd.exe
  2⤵
  PID:11948
- C:\Windows\System\farcOfR.exe
  C:\Windows\System\farcOfR.exe
  2⤵
  PID:11968
- C:\Windows\System\tNCUWGm.exe
  C:\Windows\System\tNCUWGm.exe
  2⤵
  PID:12004
- C:\Windows\System\EzxGBmM.exe
  C:\Windows\System\EzxGBmM.exe
  2⤵
  PID:12024
- C:\Windows\System\KIPgLQZ.exe
  C:\Windows\System\KIPgLQZ.exe
  2⤵
  PID:12040
- C:\Windows\System\xiyYGGX.exe
  C:\Windows\System\xiyYGGX.exe
  2⤵
  PID:12060
- C:\Windows\System\hanmCVj.exe
  C:\Windows\System\hanmCVj.exe
  2⤵
  PID:12104
- C:\Windows\System\GFSYyNe.exe
  C:\Windows\System\GFSYyNe.exe
  2⤵
  PID:12144
- C:\Windows\System\VtnDdeB.exe
  C:\Windows\System\VtnDdeB.exe
  2⤵
  PID:11180
- C:\Windows\System\ssWfZrD.exe
  C:\Windows\System\ssWfZrD.exe
  2⤵
  PID:11272
- C:\Windows\System\HUGImdE.exe
  C:\Windows\System\HUGImdE.exe
  2⤵
  PID:11336
- C:\Windows\System\iwRZrke.exe
  C:\Windows\System\iwRZrke.exe
  2⤵
  PID:11372
- C:\Windows\System\OglDBsq.exe
  C:\Windows\System\OglDBsq.exe
  2⤵
  PID:11424
- C:\Windows\System\FSIedcS.exe
  C:\Windows\System\FSIedcS.exe
  2⤵
  PID:11480
- C:\Windows\System\errUOPH.exe
  C:\Windows\System\errUOPH.exe
  2⤵
  PID:11476
- C:\Windows\System\SFnNFpE.exe
  C:\Windows\System\SFnNFpE.exe
  2⤵
  PID:11556
- C:\Windows\System\WiIdpva.exe
  C:\Windows\System\WiIdpva.exe
  2⤵
  PID:11568
- C:\Windows\System\ZkJuJGl.exe
  C:\Windows\System\ZkJuJGl.exe
  2⤵
  PID:11600
- C:\Windows\System\ktVwvok.exe
  C:\Windows\System\ktVwvok.exe
  2⤵
  PID:11640
- C:\Windows\System\YDsoLRn.exe
  C:\Windows\System\YDsoLRn.exe
  2⤵
  PID:11704
- C:\Windows\System\kCjcbGc.exe
  C:\Windows\System\kCjcbGc.exe
  2⤵
  PID:11760
- C:\Windows\System\ZWufCGp.exe
  C:\Windows\System\ZWufCGp.exe
  2⤵
  PID:11792
- C:\Windows\System\vSqURif.exe
  C:\Windows\System\vSqURif.exe
  2⤵
  PID:11852
- C:\Windows\System\APqIHXn.exe
  C:\Windows\System\APqIHXn.exe
  2⤵
  PID:12048
- C:\Windows\System\EMxyIvh.exe
  C:\Windows\System\EMxyIvh.exe
  2⤵
  PID:12124
- C:\Windows\System\ixVwbTz.exe
  C:\Windows\System\ixVwbTz.exe
  2⤵
  PID:12172
- C:\Windows\System\qOuAeOF.exe
  C:\Windows\System\qOuAeOF.exe
  2⤵
  PID:12232
- C:\Windows\System\uRvaqRN.exe
  C:\Windows\System\uRvaqRN.exe
  2⤵
  PID:10644
- C:\Windows\System\BLDhgza.exe
  C:\Windows\System\BLDhgza.exe
  2⤵
  PID:10528
- C:\Windows\System\ijpZBqy.exe
  C:\Windows\System\ijpZBqy.exe
  2⤵
  PID:11128
- C:\Windows\System\VKuPzRq.exe
  C:\Windows\System\VKuPzRq.exe
  2⤵
  PID:11420
- C:\Windows\System\jMcPHaB.exe
  C:\Windows\System\jMcPHaB.exe
  2⤵
  PID:11472
- C:\Windows\System\ZiHhZXe.exe
  C:\Windows\System\ZiHhZXe.exe
  2⤵
  PID:11572
- C:\Windows\System\ofASJAv.exe
  C:\Windows\System\ofASJAv.exe
  2⤵
  PID:11944
- C:\Windows\System\EbpPNQB.exe
  C:\Windows\System\EbpPNQB.exe
  2⤵
  PID:12136
- C:\Windows\System\ZCdCfkk.exe
  C:\Windows\System\ZCdCfkk.exe
  2⤵
  PID:12256
- C:\Windows\System\lmlEnZl.exe
  C:\Windows\System\lmlEnZl.exe
  2⤵
  PID:11716
- C:\Windows\System\gTevJHC.exe
  C:\Windows\System\gTevJHC.exe
  2⤵
  PID:11304
- C:\Windows\System\nHuKcbw.exe
  C:\Windows\System\nHuKcbw.exe
  2⤵
  PID:11344
- C:\Windows\System\InVAOzm.exe
  C:\Windows\System\InVAOzm.exe
  2⤵
  PID:11532
- C:\Windows\System\apTopIq.exe
  C:\Windows\System\apTopIq.exe
  2⤵
  PID:11888
- C:\Windows\System\YtCOJQh.exe
  C:\Windows\System\YtCOJQh.exe
  2⤵
  PID:12304
- C:\Windows\System\bXwkoEN.exe
  C:\Windows\System\bXwkoEN.exe
  2⤵
  PID:12324
- C:\Windows\System\QEGkiQZ.exe
  C:\Windows\System\QEGkiQZ.exe
  2⤵
  PID:12352
- C:\Windows\System\nKQViBm.exe
  C:\Windows\System\nKQViBm.exe
  2⤵
  PID:12392
- C:\Windows\System\rTMhcjP.exe
  C:\Windows\System\rTMhcjP.exe
  2⤵
  PID:12412
- C:\Windows\System\WFzefYr.exe
  C:\Windows\System\WFzefYr.exe
  2⤵
  PID:12436
- C:\Windows\System\fVubDoA.exe
  C:\Windows\System\fVubDoA.exe
  2⤵
  PID:12452
- C:\Windows\System\UrUhgsN.exe
  C:\Windows\System\UrUhgsN.exe
  2⤵
  PID:12472
- C:\Windows\System\jXuCJJD.exe
  C:\Windows\System\jXuCJJD.exe
  2⤵
  PID:12512
- C:\Windows\System\EtlrkLD.exe
  C:\Windows\System\EtlrkLD.exe
  2⤵
  PID:12528
- C:\Windows\System\LRMZrDW.exe
  C:\Windows\System\LRMZrDW.exe
  2⤵
  PID:12560
- C:\Windows\System\ruxCQGe.exe
  C:\Windows\System\ruxCQGe.exe
  2⤵
  PID:12584
- C:\Windows\System\oChrCLu.exe
  C:\Windows\System\oChrCLu.exe
  2⤵
  PID:12616
- C:\Windows\System\NSkIwje.exe
  C:\Windows\System\NSkIwje.exe
  2⤵
  PID:12636
- C:\Windows\System\kdErIsG.exe
  C:\Windows\System\kdErIsG.exe
  2⤵
  PID:12656
- C:\Windows\System\aLAjzoG.exe
  C:\Windows\System\aLAjzoG.exe
  2⤵
  PID:12700
- C:\Windows\System\LfyUJKJ.exe
  C:\Windows\System\LfyUJKJ.exe
  2⤵
  PID:12720
- C:\Windows\System\fDVDbIS.exe
  C:\Windows\System\fDVDbIS.exe
  2⤵
  PID:12760
- C:\Windows\System\usQLgJH.exe
  C:\Windows\System\usQLgJH.exe
  2⤵
  PID:12776
- C:\Windows\System\YwoHLnW.exe
  C:\Windows\System\YwoHLnW.exe
  2⤵
  PID:12804
- C:\Windows\System\wEOyJtb.exe
  C:\Windows\System\wEOyJtb.exe
  2⤵
  PID:12824
- C:\Windows\System\LfZFeJV.exe
  C:\Windows\System\LfZFeJV.exe
  2⤵
  PID:12848
- C:\Windows\System\cSIvgXJ.exe
  C:\Windows\System\cSIvgXJ.exe
  2⤵
  PID:12868
- C:\Windows\System\ORncjCK.exe
  C:\Windows\System\ORncjCK.exe
  2⤵
  PID:12924
- C:\Windows\System\LFetMrW.exe
  C:\Windows\System\LFetMrW.exe
  2⤵
  PID:12948
- C:\Windows\System\YqiKHsI.exe
  C:\Windows\System\YqiKHsI.exe
  2⤵
  PID:12972
- C:\Windows\System\svUChwB.exe
  C:\Windows\System\svUChwB.exe
  2⤵
  PID:12992
- C:\Windows\System\IOfBpMe.exe
  C:\Windows\System\IOfBpMe.exe
  2⤵
  PID:13036
- C:\Windows\System\IjPQAci.exe
  C:\Windows\System\IjPQAci.exe
  2⤵
  PID:13052
- C:\Windows\System\clNWkaw.exe
  C:\Windows\System\clNWkaw.exe
  2⤵
  PID:13068
- C:\Windows\System\yrthCJG.exe
  C:\Windows\System\yrthCJG.exe
  2⤵
  PID:13132
- C:\Windows\System\jHPSAeH.exe
  C:\Windows\System\jHPSAeH.exe
  2⤵
  PID:13148
- C:\Windows\System\rANfKRd.exe
  C:\Windows\System\rANfKRd.exe
  2⤵
  PID:13200
- C:\Windows\System\nCWguYB.exe
  C:\Windows\System\nCWguYB.exe
  2⤵
  PID:13232
- C:\Windows\System\EamSSYc.exe
  C:\Windows\System\EamSSYc.exe
  2⤵
  PID:13260
- C:\Windows\System\IobqIdc.exe
  C:\Windows\System\IobqIdc.exe
  2⤵
  PID:13280
- C:\Windows\System\lcaLcvR.exe
  C:\Windows\System\lcaLcvR.exe
  2⤵
  PID:13300
- C:\Windows\System\NYRZdJk.exe
  C:\Windows\System\NYRZdJk.exe
  2⤵
  PID:11308
- C:\Windows\System\sByFJPj.exe
  C:\Windows\System\sByFJPj.exe
  2⤵
  PID:12376
- C:\Windows\System\QcmPCSF.exe
  C:\Windows\System\QcmPCSF.exe
  2⤵
  PID:12468
- C:\Windows\System\RyfVUmY.exe
  C:\Windows\System\RyfVUmY.exe
  2⤵
  PID:12504
- C:\Windows\System\zvJlDal.exe
  C:\Windows\System\zvJlDal.exe
  2⤵
  PID:12592
- C:\Windows\System\KiRbzrJ.exe
  C:\Windows\System\KiRbzrJ.exe
  2⤵
  PID:12652
- C:\Windows\System\qckIQLX.exe
  C:\Windows\System\qckIQLX.exe
  2⤵
  PID:12748
- C:\Windows\System\GYPwdFp.exe
  C:\Windows\System\GYPwdFp.exe
  2⤵
  PID:12796
- C:\Windows\System\hpfbori.exe
  C:\Windows\System\hpfbori.exe
  2⤵
  PID:12800
- C:\Windows\System\AFZcOEt.exe
  C:\Windows\System\AFZcOEt.exe
  2⤵
  PID:12920
- C:\Windows\System\qyqEfKc.exe
  C:\Windows\System\qyqEfKc.exe
  2⤵
  PID:12984
- C:\Windows\System\NtpzeiD.exe
  C:\Windows\System\NtpzeiD.exe
  2⤵
  PID:13044
- C:\Windows\System\WnxCUsk.exe
  C:\Windows\System\WnxCUsk.exe
  2⤵
  PID:13088
- C:\Windows\System\BFJBNEr.exe
  C:\Windows\System\BFJBNEr.exe
  2⤵
  PID:13100
- C:\Windows\System\cPDBrBc.exe
  C:\Windows\System\cPDBrBc.exe
  2⤵
  PID:13108
- C:\Windows\System\KCYjjLA.exe
  C:\Windows\System\KCYjjLA.exe
  2⤵
  PID:13240
- C:\Windows\System\SOimtbj.exe
  C:\Windows\System\SOimtbj.exe
  2⤵
  PID:12388
- C:\Windows\System\IzbVZTB.exe
  C:\Windows\System\IzbVZTB.exe
  2⤵
  PID:12448
- C:\Windows\System\yhfPffX.exe
  C:\Windows\System\yhfPffX.exe
  2⤵
  PID:12552
- C:\Windows\System\VdDBLdS.exe
  C:\Windows\System\VdDBLdS.exe
  2⤵
  PID:12688
- C:\Windows\System\hOYxxRH.exe
  C:\Windows\System\hOYxxRH.exe
  2⤵
  PID:13220
- C:\Windows\System\ufGqxUv.exe
  C:\Windows\System\ufGqxUv.exe
  2⤵
  PID:13032
- C:\Windows\System\eCJplbB.exe
  C:\Windows\System\eCJplbB.exe
  2⤵
  PID:13188
- C:\Windows\System\qaXxSQh.exe
  C:\Windows\System\qaXxSQh.exe
  2⤵
  PID:12300
- C:\Windows\System\upIXegm.exe
  C:\Windows\System\upIXegm.exe
  2⤵
  PID:12960
- C:\Windows\System\xUDqKFV.exe
  C:\Windows\System\xUDqKFV.exe
  2⤵
  PID:13320
- C:\Windows\System\gtoCSWr.exe
  C:\Windows\System\gtoCSWr.exe
  2⤵
  PID:13348
- C:\Windows\System\tHwyFdy.exe
  C:\Windows\System\tHwyFdy.exe
  2⤵
  PID:13364
- C:\Windows\System\shcSOXA.exe
  C:\Windows\System\shcSOXA.exe
  2⤵
  PID:13388
- C:\Windows\System\mxnrWYI.exe
  C:\Windows\System\mxnrWYI.exe
  2⤵
  PID:13404
- C:\Windows\System\pNvOiCB.exe
  C:\Windows\System\pNvOiCB.exe
  2⤵
  PID:13424
- C:\Windows\System\IBchKzc.exe
  C:\Windows\System\IBchKzc.exe
  2⤵
  PID:13444
- C:\Windows\System\OHqiQYa.exe
  C:\Windows\System\OHqiQYa.exe
  2⤵
  PID:13508
- C:\Windows\System\BFqBcqs.exe
  C:\Windows\System\BFqBcqs.exe
  2⤵
  PID:13524
- C:\Windows\System\CxVEdTh.exe
  C:\Windows\System\CxVEdTh.exe
  2⤵
  PID:13580
- C:\Windows\System\jshfJeU.exe
  C:\Windows\System\jshfJeU.exe
  2⤵
  PID:13624
- C:\Windows\System\Fwgxvkw.exe
  C:\Windows\System\Fwgxvkw.exe
  2⤵
  PID:13644
- C:\Windows\System\qKDLxTO.exe
  C:\Windows\System\qKDLxTO.exe
  2⤵
  PID:13668
- C:\Windows\System\LvlSUJh.exe
  C:\Windows\System\LvlSUJh.exe
  2⤵
  PID:13688
- C:\Windows\System\sGQxlhL.exe
  C:\Windows\System\sGQxlhL.exe
  2⤵
  PID:13736
- C:\Windows\System\eVwJzEF.exe
  C:\Windows\System\eVwJzEF.exe
  2⤵
  PID:13760
- C:\Windows\System\qlGzOPb.exe
  C:\Windows\System\qlGzOPb.exe
  2⤵
  PID:13784
- C:\Windows\System\aebtfBf.exe
  C:\Windows\System\aebtfBf.exe
  2⤵
  PID:13808
- C:\Windows\System\cJsnTzI.exe
  C:\Windows\System\cJsnTzI.exe
  2⤵
  PID:13852
- C:\Windows\System\CMsTpKz.exe
  C:\Windows\System\CMsTpKz.exe
  2⤵
  PID:13880
- C:\Windows\System\MoCfbkJ.exe
  C:\Windows\System\MoCfbkJ.exe
  2⤵
  PID:13900
- C:\Windows\System\XEgQzGC.exe
  C:\Windows\System\XEgQzGC.exe
  2⤵
  PID:13916
- C:\Windows\System\JjOXcbv.exe
  C:\Windows\System\JjOXcbv.exe
  2⤵
  PID:13940
- C:\Windows\System\NUHAbBw.exe
  C:\Windows\System\NUHAbBw.exe
  2⤵
  PID:13956
- C:\Windows\System\ZBcsKVX.exe
  C:\Windows\System\ZBcsKVX.exe
  2⤵
  PID:13996
- C:\Windows\System\uTnvNCH.exe
  C:\Windows\System\uTnvNCH.exe
  2⤵
  PID:14012
- C:\Windows\System\MEaGTNP.exe
  C:\Windows\System\MEaGTNP.exe
  2⤵
  PID:14068
- C:\Windows\System\rrjhnvO.exe
  C:\Windows\System\rrjhnvO.exe
  2⤵
  PID:14096
- C:\Windows\System\PEKZpaj.exe
  C:\Windows\System\PEKZpaj.exe
  2⤵
  PID:14112
- C:\Windows\System\zhJLiKS.exe
  C:\Windows\System\zhJLiKS.exe
  2⤵
  PID:14140
- C:\Windows\System\BpUAZla.exe
  C:\Windows\System\BpUAZla.exe
  2⤵
  PID:14160
- C:\Windows\System\KyHsuvH.exe
  C:\Windows\System\KyHsuvH.exe
  2⤵
  PID:14196
- C:\Windows\System\CGhGRTc.exe
  C:\Windows\System\CGhGRTc.exe
  2⤵
  PID:14236
- C:\Windows\System\qkCAOJT.exe
  C:\Windows\System\qkCAOJT.exe
  2⤵
  PID:14256
- C:\Windows\System\msqHdlV.exe
  C:\Windows\System\msqHdlV.exe
  2⤵
  PID:14276
- C:\Windows\System\UjKMkgi.exe
  C:\Windows\System\UjKMkgi.exe
  2⤵
  PID:14304
- C:\Windows\System\ZaKCVkQ.exe
  C:\Windows\System\ZaKCVkQ.exe
  2⤵
  PID:14320
- C:\Windows\System\fPfBaER.exe
  C:\Windows\System\fPfBaER.exe
  2⤵
  PID:13292
- C:\Windows\System\XnErINJ.exe
  C:\Windows\System\XnErINJ.exe
  2⤵
  PID:13328
- C:\Windows\System\SiyYDod.exe
  C:\Windows\System\SiyYDod.exe
  2⤵
  PID:13380
- C:\Windows\System\qxaxXaJ.exe
  C:\Windows\System\qxaxXaJ.exe
  2⤵
  PID:13440
- C:\Windows\System\lIqsIIy.exe
  C:\Windows\System\lIqsIIy.exe
  2⤵
  PID:13600
- C:\Windows\System\tLeFpfr.exe
  C:\Windows\System\tLeFpfr.exe
  2⤵
  PID:13572
- C:\Windows\System\boKnVWO.exe
  C:\Windows\System\boKnVWO.exe
  2⤵
  PID:13640
- C:\Windows\System\inVEqBj.exe
  C:\Windows\System\inVEqBj.exe
  2⤵
  PID:13732
- C:\Windows\System\lmSxbpe.exe
  C:\Windows\System\lmSxbpe.exe
  2⤵
  PID:13752
- C:\Windows\System\maKfzPf.exe
  C:\Windows\System\maKfzPf.exe
  2⤵
  PID:13828
- C:\Windows\System\tDnJjdu.exe
  C:\Windows\System\tDnJjdu.exe
  2⤵
  PID:3840
- C:\Windows\System\HAhZHmr.exe
  C:\Windows\System\HAhZHmr.exe
  2⤵
  PID:13868
- C:\Windows\System\LCvdttM.exe
  C:\Windows\System\LCvdttM.exe
  2⤵
  PID:13976
- C:\Windows\System\YNiiYWS.exe
  C:\Windows\System\YNiiYWS.exe
  2⤵
  PID:14092
- C:\Windows\System\VrdxzbS.exe
  C:\Windows\System\VrdxzbS.exe
  2⤵
  PID:14152
- C:\Windows\System\GHOzrvS.exe
  C:\Windows\System\GHOzrvS.exe
  2⤵
  PID:14212
- C:\Windows\System\gnMJPZo.exe
  C:\Windows\System\gnMJPZo.exe
  2⤵
  PID:14228
- C:\Windows\System\QHqIFbi.exe
  C:\Windows\System\QHqIFbi.exe
  2⤵
  PID:14252
- C:\Windows\System\hohAAuB.exe
  C:\Windows\System\hohAAuB.exe
  2⤵
  PID:14312
- C:\Windows\System\cRqHVOh.exe
  C:\Windows\System\cRqHVOh.exe
  2⤵
  PID:13396
- C:\Windows\System\OyaEafF.exe
  C:\Windows\System\OyaEafF.exe
  2⤵
  PID:13696
- C:\Windows\System\OQUwoAN.exe
  C:\Windows\System\OQUwoAN.exe
  2⤵
  PID:13772
- C:\Windows\System\ylQtAfV.exe
  C:\Windows\System\ylQtAfV.exe
  2⤵
  PID:368
- C:\Windows\System\aWGwboU.exe
  C:\Windows\System\aWGwboU.exe
  2⤵
  PID:13896
- C:\Windows\System\baVDccx.exe
  C:\Windows\System\baVDccx.exe
  2⤵
  PID:14224
- C:\Windows\System\evPhMZy.exe
  C:\Windows\System\evPhMZy.exe
  2⤵
  PID:14316
- C:\Windows\System\KVhKMst.exe
  C:\Windows\System\KVhKMst.exe
  2⤵
  PID:13536
- C:\Windows\System\DRJcYyr.exe
  C:\Windows\System\DRJcYyr.exe
  2⤵
  PID:13792
- C:\Windows\System\smscymO.exe
  C:\Windows\System\smscymO.exe
  2⤵
  PID:13116
- C:\Windows\System\SArazMq.exe
  C:\Windows\System\SArazMq.exe
  2⤵
  PID:12880
- C:\Windows\System\gOxaRwC.exe
  C:\Windows\System\gOxaRwC.exe
  2⤵
  PID:13800
- C:\Windows\System\WLrsRQc.exe
  C:\Windows\System\WLrsRQc.exe
  2⤵
  PID:14352
- C:\Windows\System\scPcEGQ.exe
  C:\Windows\System\scPcEGQ.exe
  2⤵
  PID:14388
- C:\Windows\System\IRXILcv.exe
  C:\Windows\System\IRXILcv.exe
  2⤵
  PID:14404
- C:\Windows\System\pWZlQAG.exe
  C:\Windows\System\pWZlQAG.exe
  2⤵
  PID:14444
- C:\Windows\System\zxTsIeI.exe
  C:\Windows\System\zxTsIeI.exe
  2⤵
  PID:14460
- C:\Windows\System\ubtDKVW.exe
  C:\Windows\System\ubtDKVW.exe
  2⤵
  PID:14548
- C:\Windows\System\LGVpbtM.exe
  C:\Windows\System\LGVpbtM.exe
  2⤵
  PID:14568
- C:\Windows\System\XrIktTx.exe
  C:\Windows\System\XrIktTx.exe
  2⤵
  PID:14588
- C:\Windows\System\jclDXiT.exe
  C:\Windows\System\jclDXiT.exe
  2⤵
  PID:14608
- C:\Windows\System\QvhbyOn.exe
  C:\Windows\System\QvhbyOn.exe
  2⤵
  PID:14624
- C:\Windows\System\XschbfR.exe
  C:\Windows\System\XschbfR.exe
  2⤵
  PID:14640
- C:\Windows\System\uhQcCqa.exe
  C:\Windows\System\uhQcCqa.exe
  2⤵
  PID:14676
- C:\Windows\System\AhIYeIA.exe
  C:\Windows\System\AhIYeIA.exe
  2⤵
  PID:14692
- C:\Windows\System\Mzddcqi.exe
  C:\Windows\System\Mzddcqi.exe
  2⤵
  PID:14716
- C:\Windows\System\PxdkfBZ.exe
  C:\Windows\System\PxdkfBZ.exe
  2⤵
  PID:14924

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AtJoQUP.exe

Filesize
692KB

MD5
51abc3d6c6f3eab032a081a1a229487b

SHA1
d3fe8cc30b5e029600bdab4f19213b070d0618dc

SHA256
e26ef6853a078b51c124da0ebc8dc07546a15822b42c3f7f943881728e8bd881

SHA512
835cf1e5d303dcaf2d838240e568a014764f9460bf4b97367d4b8a1e4e8bcd158a3e83667a9550e90ca8ca12eb367b7e0d9f0ec35bce1c4fbe3a7fae85fe0c9e

Download Submit
C:\Windows\System\BJbFyIG.exe

Filesize
693KB

MD5
b55ed82d9eedcc2a1cb6b8976fe04028

SHA1
5245569a559c6538506fb69ca4629d1627bcc84c

SHA256
ac6d6f1257e2cdbd6fc15e2f7d2b2bf397d308f6d223ffdc30bb79c8da9dcac5

SHA512
9f54935f484508b78f757a40b0bde9b1e16a320564ceb14336e14b2166161f76bf745d67bba87d5c451a240e349e5df8c11dff1fa53517724fd508c0cfef6590

Download Submit
C:\Windows\System\CYlKqDN.exe

Filesize
698KB

MD5
effc74b6a33183a666e0f81ab6ed3842

SHA1
ff669d74a79c964b14121ea6e606ab1a41b56b25

SHA256
1275fb96740988a585439f50724b5bb2e8caeba468733d969b9057e9c1cc4ff4

SHA512
8b78b9b064417c351a67a547fe697d3e94ecda2f42cde6d7ea7cc0458e009232565fc2b8659f862f3616a1b7dadcafe96888092f3e56a3611f8aa8873299ee1e

Download Submit
C:\Windows\System\FlbdmnA.exe

Filesize
692KB

MD5
52ead66208cd7f67ef06335af9cf03ad

SHA1
ac9bf3a3f286dc8668d5c83b76a600bdb01e20a9

SHA256
883c70efb2f63bc4a62d24563e1a4733290c22ffaa332eabbb9e4dac7cd5fc32

SHA512
87aea327c70c5b73ac42305f3938c3bd798d6760eac5357a08da58969560f0aca648c584e1323cdc45dbc2e39a67b03370df33cd67d152a8f3a35f49a73e2fe7

Download Submit
C:\Windows\System\GfYFUAW.exe

Filesize
690KB

MD5
762c8bb949a9c4d19285f772a0eafc5a

SHA1
3c5f8a911af86c7d3353d353796529c2f492aa30

SHA256
db6a98ae61dad97ac9d06ac902835fd277bb7b3abfda3b655cac8d20be0a30fc

SHA512
8815d4e67e6948bf1dbebfe0b02735a1f16f6246176f286ceee4f47ed7db410457a8007eb2283b09ed4edfcfb695076cf2803d25e00e31e808f1ebb48479251f

Download Submit
C:\Windows\System\JnqTqJR.exe

Filesize
691KB

MD5
e6e70d4f11e63e91ac0f8ada7d24a79b

SHA1
86bf80aff9c52cd0bc2e1d9ddd8b885ede09623e

SHA256
ffd1bc8971ade733e1374f3f893f0aeb661a723f91fc4b7b612b2d464f0b70c2

SHA512
903c4a233e1e1f11697bd30093b2b8d85dddcba537f1494859ea12c6fc65d7161286df2d167c648f1220c92b253246d86cddf0bf8575aef7570e5211a47cffad

Download Submit
C:\Windows\System\LyycmoS.exe

Filesize
690KB

MD5
9ed78c8b89bb32411a7f7896121841c6

SHA1
8e4934ccae0c57994eb9872cddae4fe47acb9891

SHA256
e25e1d4da4a50c538a323ac09df711811e04377ca8902fd914a6c43e4861daf7

SHA512
aefa6825ea899e6a78674c244e17e6d154071f47a659914d7313bcf708869d132304497c4b935baf42b817f4648baa70c730b922b9ae36f32ae6d89ce8e5eef3

Download Submit
C:\Windows\System\NyKlOdB.exe

Filesize
696KB

MD5
a138716a74562c9b976e91650e938eb5

SHA1
6fe5eb493da3f6dd282f149cd3d085d3b6021341

SHA256
7fe604d1bcab1d5d151fb0c0cca679e140b0f4475fdf0469c11907b89b4bb841

SHA512
d1db41520931541b0a94d1e97c58c3b5af0246fbb140a60fc00a717b0e9f0dc2b69dec5bc4b559e2dba8d66bd870023f8eb410b44cc3bbe249a68b23c9eb1311

Download Submit
C:\Windows\System\PglvKyw.exe

Filesize
696KB

MD5
d7a813f070a5a0f5c35d476dceb4c0da

SHA1
811f5dbae93a9c35db9e8005918d3e6777f54cd4

SHA256
a331e4e13ba8a4f56d8472594c5b06b203ce1095fadbd9fd9d03693411ee9c1e

SHA512
fb8d320df3c26d7eb56ec839bf8d7e10ab2b0a59be26b97fb001bbbcf322c3c236a7a9320fcf3e0c0c2787e1e00b99326142fcb5b52a2975a4defbe0419e5f12

Download Submit
C:\Windows\System\QsxkqyZ.exe

Filesize
697KB

MD5
a5e082dc8a22b928e328615ad737bc37

SHA1
017878f8d574ffedb9716e142f845124f1f820aa

SHA256
cc1d9a5d64d74179660446efddfed7c6c9eeabeef057881e4d19ca7566ecc4ad

SHA512
9129ba63293b4fe3e934d4f2fa558132506cb24769c3f05daf430992164068f2bbe74d3940136680f9436ff3e31d3c02857823aec50441cb19151c34e4e49809

Download Submit
C:\Windows\System\SoktgQS.exe

Filesize
691KB

MD5
336f0e0913c2ccdb88a10c40e57db00b

SHA1
40521d54e6a21db20b5a6e1a738b8d7d56442817

SHA256
6086688eaff9257a191e991f609a254631cb198dd12d6ae5fdf1e90d7951cc88

SHA512
52e88778e1abbdc52222690fc8248f3a1b3d904a867034848d38e39a906978b525b002950b2d5d042110fefe9e25a5ab8438588539983b3bd0301a404ed56510

Download Submit
C:\Windows\System\TYSzZTR.exe

Filesize
691KB

MD5
b5884c9f159d87e642d78d26b49e3e1e

SHA1
84ea988f9ed8c67c2f6a415796b61e2db5693887

SHA256
60015c5a89f8fe7961a49bfd3b7aa998678c1d53595e094b4c5b808be8ee95a9

SHA512
12761e253be319f0c3117fba9521ce1438e86ce7e94cc786b1d1cfb0b4279adffa38a610570cff48b60acd8eb29a8c68e7320271c3624bb1429db2e122dfa40a

Download Submit
C:\Windows\System\ZMySAtk.exe

Filesize
694KB

MD5
64ae3fc4f5de92a4e84bcf32581502de

SHA1
ee5a3744a1781980cb05aed6d179a159eb52b38c

SHA256
208dfab9d1d7fbb7b78c2cfd31e56708adb3c5eff06f2b05c2d1086a1bc775ff

SHA512
4754f6ab1f8530dc25bf6242a90943a06dee601c38db900654b138897bb37bdc3dfdad6b475a90b662d25b1b784846cbb42e528ce4dce1c0e102723f0dee7755

Download Submit
C:\Windows\System\bAaLGxF.exe

Filesize
698KB

MD5
1aa9c9c67180d2f83dff809b76e4bdf0

SHA1
92c1a36117a094666dd9fa0aae503f94b6f3f76f

SHA256
505c80d8ce685adb2520645493079003e23bbc0a760c2ad7450a1484fd33762b

SHA512
2b0697bcf4248c18e4374dfd6e098a4497e7d367dc378a542e93a52ca9fe3abe175c90414c7bb13ebf784427bced4ce7b5b8848a45d649ac429c3dc676a2a426

Download Submit
C:\Windows\System\bAhgsgk.exe

Filesize
694KB

MD5
9ac923e6e0ce7a09fbfc1a1ddaf20a23

SHA1
fdc5c931cdadbf94a03567cd923f6eac3d095d32

SHA256
1d4785965e5b7573a3e2ffa1edfca1f0452eb4b44bb43d7cb8b8a49a10f4bc96

SHA512
f7b4e55c9cc1dccb9d89a7aec66a19129df97dd8d126e52e4b3a6e0c4d78acef7b3fc845fe09e213c1d74ab542efdb37753b63ec44725f262a908e93fc8a399d

Download Submit
C:\Windows\System\cXMxSIt.exe

Filesize
694KB

MD5
efeae1cde2efbbf1bc4201b2b03a4465

SHA1
9ee5e7ffa59c384e0199b6146ee4610df8722378

SHA256
946003f3150ab14c92ed8dfcf6877608ca6f19f5b2c3297eb4b4572c2111c729

SHA512
00306e286261a83cf3f8ca312b36f1fa899fdd7712f7cfd3b23cb4cc20d9af709050d43b35a4a2b36db2c74c92526049908d1ece211728faab172c1109254eff

Download Submit
C:\Windows\System\coCGvye.exe

Filesize
693KB

MD5
18ddfd75532c7eb31de2bc2e0119ae69

SHA1
28aed7b998368cb2dd54dc8d986c6b93209021cf

SHA256
f7f0c6a3446a20db9b956eb3cf2a97c96c3b1936ab121dd3c81fc5936a794284

SHA512
f32698083abbfeceb948da01eb5750ebfa0a7dbab76a6f3a2571b29bbf7fdd0ee66f06af24982360154e65bc0c83f824a23d1322d5c76b2490f27a4293df2066

Download Submit
C:\Windows\System\hFSSrnV.exe

Filesize
695KB

MD5
5c123d847bfff9bc2250cfe1b3739795

SHA1
7cf105a217403da08990417c1900ec0d9587b9a6

SHA256
dbf0b4ee35abd1e709bed03ffc1ba884731a51c2beaf88c786815173be941ab6

SHA512
79a70d1088a96e19af69b9f35a93f40435315309efbbded0f0662d0e445393365a2a91534e36334a9d493bebf2248b41ef41770e796bb553566496c959a1f649

Download Submit
C:\Windows\System\iAlENDs.exe

Filesize
697KB

MD5
04ca5b68e74db4d0b1a566994ed9766d

SHA1
31ecf3982c435590b65266936658da673f7e648a

SHA256
49781a2a82690f813639ee67ce2af96bfb4dc7b4e72fe50328073a2e1d5d4450

SHA512
c9a97235b54dca14301828668bb32e71fbf17d9ab86d8666fcb30fd7873df5d537a331694b67784bc1c626e3b8d4834aeeb9c0b95e78bc9e940a27c2299ed7df

Download Submit
C:\Windows\System\nYMyfDR.exe

Filesize
693KB

MD5
10a6612a52e69f248c4a6c95696c61f9

SHA1
4921f10b27473d0fba2311ae0fb0af47bc4e1393

SHA256
05d537b102e3d47be0d20dec3c0084d5164276202781742060057232d5c78178

SHA512
1310b627a3d797d20fe84ef96b09062ed922b435f039061e852e801d9a52a84d188763b89157f6ec629b12d0ceab3986337b921312ff6414647066f0f856ba9d

Download Submit
C:\Windows\System\pNFGpfu.exe

Filesize
696KB

MD5
7aedcdedfcdf7e1da69b2e5f6f17bc0d

SHA1
0ce617c586a724d86c99b03b337331bc370484ca

SHA256
42a3a9b5a891de56851329c7d5a94b6619a92d07d42199f038611696a6ec5feb

SHA512
47b7556d5793a312b14c2913b2cd0efcc13266226e1f38b9594d560872d7d853dd20a8adee08e2b8b893d87d964415d8d3cd91cd9098670ad5cdeeee0c769f41

Download Submit
C:\Windows\System\pwYOYvZ.exe

Filesize
692KB

MD5
91535494054fb8436d3d03d5de79ef80

SHA1
a94cc3375f779bb8fc5e99abfeb76a30a458e304

SHA256
3e05db4eff52333417b573c031cc5a5be70b7729f5e49776ac6b8b1c6d6f9236

SHA512
c69015bae02f9ce177998127a0e6c32d44ce92c78363ae4c4a91a6ee5cb69a132640ccebc0990debaea082f74bd91ef48b40bf6f82a7ceabc5ce0e8b920d3bd3

Download Submit
C:\Windows\System\qCyrbzA.exe

Filesize
694KB

MD5
5731c520ec75889f75269ad2df05f89f

SHA1
8192e79e9dd9b1751ce00a673d77be37693c4f57

SHA256
d2b66f0f9d22ab43418042aafda5ba6a82d30862e0081d1d258003c61c40e953

SHA512
1088daddac25f6d0a7de98d64a429da0c8b674d372d5b9a2d572ed457d011f34dbb3ca37df81b81e452c08174e21a4138f6febec559e99d0ba9b7250b0a94425

Download Submit
C:\Windows\System\qUyogIk.exe

Filesize
692KB

MD5
e88c766e6d73cc13cfc046b20ce9d502

SHA1
7c354b49a13aa31878dcdd7dc27f4a6cf6826a8a

SHA256
76d78db94e35d188bbdc56b9659246c70e88f44358a76b076ff6852921123b34

SHA512
08e9d58499627acaf4850a21b228287a69ceb94d53f47f6f8f0877cf01969b19cfb5a10cba2bca6b64603660e7ad5d4a94b1e2b99a3ede8bf5cc73a274f18a13

Download Submit
C:\Windows\System\sawGqMo.exe

Filesize
691KB

MD5
fedddd1bf14b44db41aff3b9c9b94e96

SHA1
48a04933ffc2557591973aad47965341744d14a3

SHA256
920d7213ad6c0758ada7fd3ed7da83663f99cc62cdeb97f2b8eb322614f4e108

SHA512
2086e8e943be1e355c2e970b6dcafeb868a95159603297321ef2d39123724f0f98aca8107774544e3ddbaea9d1c10896b1174a37626ad7e4689c44d7558f0bcb

Download Submit
C:\Windows\System\tluAEpv.exe

Filesize
695KB

MD5
b9469e04193e1f763232ba771dbd21fa

SHA1
b4c8feb66cb74ed40f5cbe408320e15dd9c03877

SHA256
948bc42f7b846668bdd786a06e7e30f039eba25acfcf0d22cddc8ac260e63902

SHA512
d4af7f18fa9bf4580381f0dece5d8bc26bb28668739d5f9501b38c41fbc7309add55d196324ba562fbe117b950563ec6df38916696be0c5236bc4800876b3ff4

Download Submit
C:\Windows\System\toxSqyL.exe

Filesize
697KB

MD5
42eb38b3cc6e294d55d8c844c9aaa9df

SHA1
d259a374dc9f759ad175316b2070ccf7df656430

SHA256
ef68f434aa6faafc4119f03ef1d2d15b4c21739cf3e52cd2f2d38691ff7a2166

SHA512
ec8595ba2f0a16f96b682394b0aa4df28e88164d44ae072499776092239342a66d74bc408b4a2c98bb6093f32beeae02d83868098b294b54da704a4b41d1efbb

Download Submit
C:\Windows\System\vCjicVu.exe

Filesize
693KB

MD5
ba40b5c125bba38673b5141f7101f1db

SHA1
1c071d150777c6578cda8d4e47bae52fce3c6201

SHA256
019510c523d79245739a32b17c06dc9ec5df4139dada64746da26d23eb6fcf35

SHA512
fad3e864b95e12e27284dcd4e0ee7c1766dce6b11e22091201ce82193a24997ba83e65f5bc838ac65195ea4fe129848e8d0e1837955f59d38044e808aab705fb

Download Submit
C:\Windows\System\wfmFYCk.exe

Filesize
697KB

MD5
82b3520648a116ea0aed74ff0cc10aed

SHA1
4a428d5b659302ab25184f4a386a5dcc367015f3

SHA256
69e173e708581abcd36eb696c32e89eb1d4de6eb365e0aae1c03e00458e78977

SHA512
0a9258986e6c340deca588e2d384ceb8cd0f4c684868eb6bb652bc94aea2b6c15e68c29ce8ab7922b28e3c0344cd4b2c293ad2f447c3850e4b3c144b33ac407b

Download Submit
C:\Windows\System\xfeFBTS.exe

Filesize
695KB

MD5
21fd0bb42f7882046b980a2cd9a4ccfa

SHA1
ecd146695f049c044824507c2cd1a45e03ff1848

SHA256
f7a0c718da9465aff421e6512a6392c1d8b2feef327a6a35d258a1bef8c28c0f

SHA512
6e34892c732691a9b9248961e986a0686c2c9abac58cbf4dfb1b75c21015b60db080f90ebd49634c39349590cd2e5b6c6eb14848a64bfb1f1d4af9278fdcd14f

Download Submit
C:\Windows\System\xtIHspg.exe

Filesize
696KB

MD5
6190359455810ccfc163650c67c3a35a

SHA1
cb96deca5efc3b7b9636350aa7883bfaf9b3e748

SHA256
77cbe258e703f84984784a2aabe93fb6a468ed9ef261c653bdce66adf85d38f1

SHA512
e372a59317707b8ab5d2df3d9ea42d467f0f6f044a4e91e2941c3a2a5f113b02669d523b0540a0c9ffc942b331e29e33784a17bc6c90d429820dc390bf8d9f7a

Download Submit
C:\Windows\System\ywvfAcm.exe

Filesize
695KB

MD5
47ea4d41e9a7f2dd978c882129193ddc

SHA1
00dea46e018454a225043967f547d0bbcf97d7e0

SHA256
a40aa835239edf00937706b8655873d100e9b716cd525753a2e4e09517ddf875

SHA512
c9b270c9f17c1729125c412f41e2180e0c43804f1674b1b19f3677cbcf7ffde5c876dd88d2bb16d23fcbf916247717732e4a2051e775e5f2e10234eaba826320

Download Submit
C:\Windows\System\zOWAtqN.exe

Filesize
690KB

MD5
98c2b3137090bd25a4d53d9edbb604bc

SHA1
d2abeab4aa8bb11aad63222168fac638f588dac1

SHA256
f66708163180543442466cbb5a96b123b8264944e28fb7334dd936cc8c08a1fc

SHA512
d9927a76357bc5ad9c68b1d4ffbe6143278f00c7299c9943e1df6e6b4c9185d90dae7f3d8d41faa674ca48abe88a0f55bc8725a9ed7d1c61ba4c1e39fbc1e9eb

Download Submit
memory/232-2450-0x00007FF66E7A0000-0x00007FF66EAF1000-memory.dmp

Filesize
3.3MB

Download
memory/232-73-0x00007FF66E7A0000-0x00007FF66EAF1000-memory.dmp

Filesize
3.3MB

Download
memory/232-149-0x00007FF66E7A0000-0x00007FF66EAF1000-memory.dmp

Filesize
3.3MB

Download
memory/760-2414-0x00007FF7046F0000-0x00007FF704A41000-memory.dmp

Filesize
3.3MB

Download
memory/760-44-0x00007FF7046F0000-0x00007FF704A41000-memory.dmp

Filesize
3.3MB

Download
memory/776-59-0x00007FF667510000-0x00007FF667861000-memory.dmp

Filesize
3.3MB

Download
memory/776-2454-0x00007FF667510000-0x00007FF667861000-memory.dmp

Filesize
3.3MB

Download
memory/776-141-0x00007FF667510000-0x00007FF667861000-memory.dmp

Filesize
3.3MB

Download
memory/924-128-0x00007FF6C0DD0000-0x00007FF6C1121000-memory.dmp

Filesize
3.3MB

Download
memory/924-36-0x00007FF6C0DD0000-0x00007FF6C1121000-memory.dmp

Filesize
3.3MB

Download
memory/924-2418-0x00007FF6C0DD0000-0x00007FF6C1121000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2445-0x00007FF6C40B0000-0x00007FF6C4401000-memory.dmp

Filesize
3.3MB

Download
memory/1064-85-0x00007FF6C40B0000-0x00007FF6C4401000-memory.dmp

Filesize
3.3MB

Download
memory/1064-157-0x00007FF6C40B0000-0x00007FF6C4401000-memory.dmp

Filesize
3.3MB

Download
memory/1532-111-0x00007FF666C00000-0x00007FF666F51000-memory.dmp

Filesize
3.3MB

Download
memory/1532-2410-0x00007FF666C00000-0x00007FF666F51000-memory.dmp

Filesize
3.3MB

Download
memory/1532-25-0x00007FF666C00000-0x00007FF666F51000-memory.dmp

Filesize
3.3MB

Download
memory/1572-96-0x00007FF7FC010000-0x00007FF7FC361000-memory.dmp

Filesize
3.3MB

Download
memory/1572-2456-0x00007FF7FC010000-0x00007FF7FC361000-memory.dmp

Filesize
3.3MB

Download
memory/1572-164-0x00007FF7FC010000-0x00007FF7FC361000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2470-0x00007FF6F4A50000-0x00007FF6F4DA1000-memory.dmp

Filesize
3.3MB

Download
memory/1660-891-0x00007FF6F4A50000-0x00007FF6F4DA1000-memory.dmp

Filesize
3.3MB

Download
memory/1660-148-0x00007FF6F4A50000-0x00007FF6F4DA1000-memory.dmp

Filesize
3.3MB

Download
memory/1740-84-0x00007FF6DD100000-0x00007FF6DD451000-memory.dmp

Filesize
3.3MB

Download
memory/1740-156-0x00007FF6DD100000-0x00007FF6DD451000-memory.dmp

Filesize
3.3MB

Download
memory/1740-2452-0x00007FF6DD100000-0x00007FF6DD451000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2406-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp

Filesize
3.3MB

Download
memory/1796-12-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp

Filesize
3.3MB

Download
memory/1796-103-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp

Filesize
3.3MB

Download
memory/1952-155-0x00007FF78A000000-0x00007FF78A351000-memory.dmp

Filesize
3.3MB

Download
memory/1952-2472-0x00007FF78A000000-0x00007FF78A351000-memory.dmp

Filesize
3.3MB

Download
memory/1952-1725-0x00007FF78A000000-0x00007FF78A351000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1-0x000002321A6E0000-0x000002321A6F0000-memory.dmp

Filesize
64KB

Download
memory/1964-0-0x00007FF6C63B0000-0x00007FF6C6701000-memory.dmp

Filesize
3.3MB

Download
memory/1964-92-0x00007FF6C63B0000-0x00007FF6C6701000-memory.dmp

Filesize
3.3MB

Download
memory/2112-115-0x00007FF78F9D0000-0x00007FF78FD21000-memory.dmp

Filesize
3.3MB

Download
memory/2112-185-0x00007FF78F9D0000-0x00007FF78FD21000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2462-0x00007FF78F9D0000-0x00007FF78FD21000-memory.dmp

Filesize
3.3MB

Download
memory/2380-140-0x00007FF70D850000-0x00007FF70DBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2380-887-0x00007FF70D850000-0x00007FF70DBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2468-0x00007FF70D850000-0x00007FF70DBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2392-170-0x00007FF6DF0E0000-0x00007FF6DF431000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2035-0x00007FF6DF0E0000-0x00007FF6DF431000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2506-0x00007FF6DF0E0000-0x00007FF6DF431000-memory.dmp

Filesize
3.3MB

Download
memory/2464-186-0x00007FF702800000-0x00007FF702B51000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2514-0x00007FF702800000-0x00007FF702B51000-memory.dmp

Filesize
3.3MB

Download
memory/2616-132-0x00007FF60C260000-0x00007FF60C5B1000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2466-0x00007FF60C260000-0x00007FF60C5B1000-memory.dmp

Filesize
3.3MB

Download
memory/2616-195-0x00007FF60C260000-0x00007FF60C5B1000-memory.dmp

Filesize
3.3MB

Download
memory/2716-104-0x00007FF60A280000-0x00007FF60A5D1000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2408-0x00007FF60A280000-0x00007FF60A5D1000-memory.dmp

Filesize
3.3MB

Download
memory/2716-15-0x00007FF60A280000-0x00007FF60A5D1000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2516-0x00007FF66E5B0000-0x00007FF66E901000-memory.dmp

Filesize
3.3MB

Download
memory/2848-179-0x00007FF66E5B0000-0x00007FF66E901000-memory.dmp

Filesize
3.3MB

Download
memory/2996-97-0x00007FF7E48A0000-0x00007FF7E4BF1000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2458-0x00007FF7E48A0000-0x00007FF7E4BF1000-memory.dmp

Filesize
3.3MB

Download
memory/2996-171-0x00007FF7E48A0000-0x00007FF7E4BF1000-memory.dmp

Filesize
3.3MB

Download
memory/3320-133-0x00007FF6E0DF0000-0x00007FF6E1141000-memory.dmp

Filesize
3.3MB

Download
memory/3320-50-0x00007FF6E0DF0000-0x00007FF6E1141000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2420-0x00007FF6E0DF0000-0x00007FF6E1141000-memory.dmp

Filesize
3.3MB

Download
memory/3752-199-0x00007FF615A60000-0x00007FF615DB1000-memory.dmp

Filesize
3.3MB

Download
memory/3752-2512-0x00007FF615A60000-0x00007FF615DB1000-memory.dmp

Filesize
3.3MB

Download
memory/3932-33-0x00007FF70DAA0000-0x00007FF70DDF1000-memory.dmp

Filesize
3.3MB

Download
memory/3932-2416-0x00007FF70DAA0000-0x00007FF70DDF1000-memory.dmp

Filesize
3.3MB

Download
memory/3932-116-0x00007FF70DAA0000-0x00007FF70DDF1000-memory.dmp

Filesize
3.3MB

Download
memory/4004-178-0x00007FF614610000-0x00007FF614961000-memory.dmp

Filesize
3.3MB

Download
memory/4004-110-0x00007FF614610000-0x00007FF614961000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2460-0x00007FF614610000-0x00007FF614961000-memory.dmp

Filesize
3.3MB

Download
memory/4016-177-0x00007FF647040000-0x00007FF647391000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2503-0x00007FF647040000-0x00007FF647391000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2198-0x00007FF647040000-0x00007FF647391000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2499-0x00007FF6D5CB0000-0x00007FF6D6001000-memory.dmp

Filesize
3.3MB

Download
memory/4044-1881-0x00007FF6D5CB0000-0x00007FF6D6001000-memory.dmp

Filesize
3.3MB

Download
memory/4044-163-0x00007FF6D5CB0000-0x00007FF6D6001000-memory.dmp

Filesize
3.3MB

Download
memory/4604-127-0x00007FF6B1BB0000-0x00007FF6B1F01000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2412-0x00007FF6B1BB0000-0x00007FF6B1F01000-memory.dmp

Filesize
3.3MB

Download
memory/4604-34-0x00007FF6B1BB0000-0x00007FF6B1F01000-memory.dmp

Filesize
3.3MB

Download
memory/4944-117-0x00007FF76B470000-0x00007FF76B7C1000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2464-0x00007FF76B470000-0x00007FF76B7C1000-memory.dmp

Filesize
3.3MB

Download
memory/4944-194-0x00007FF76B470000-0x00007FF76B7C1000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2448-0x00007FF6874B0000-0x00007FF687801000-memory.dmp

Filesize
3.3MB

Download
memory/4976-67-0x00007FF6874B0000-0x00007FF687801000-memory.dmp

Filesize
3.3MB

Download
memory/4976-142-0x00007FF6874B0000-0x00007FF687801000-memory.dmp

Filesize
3.3MB

Download
memory/5052-2446-0x00007FF6978F0000-0x00007FF697C41000-memory.dmp

Filesize
3.3MB

Download
memory/5052-139-0x00007FF6978F0000-0x00007FF697C41000-memory.dmp

Filesize
3.3MB

Download
memory/5052-72-0x00007FF6978F0000-0x00007FF697C41000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads