xmrig | f03acf321de486deb3b8707835d97a8a5a29b05c8ffb6769320686232749a32f

Analysis

max time kernel
117s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 03:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

973413620e4c61db2fda5d9716d9c890N.exe
Size

1.5MB
MD5

973413620e4c61db2fda5d9716d9c890
SHA1

9a943bc6aceaa90ab0e7fa2fedebb2d34442812f
SHA256

f03acf321de486deb3b8707835d97a8a5a29b05c8ffb6769320686232749a32f
SHA512

44d11d91c2a379388335872f3a65e94e010b28dd97cdae0d8b0d2126ab3c453d960062c4434373acb8286a7258ecba7d468805b0db492496102c9583f9786527
SSDEEP

24576:RVIl/WDGCi7/qkat6zqxG2Z9mIhQvq8wd7D7Mp0b5jQanNr1atuN8zLCHW:ROdWCCi7/raWMmSd/ayx2

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral2/memory/3316-335-0x00007FF6BF1A0000-0x00007FF6BF4F1000-memory.dmp	xmrig
behavioral2/memory/1880-338-0x00007FF62CDF0000-0x00007FF62D141000-memory.dmp	xmrig
behavioral2/memory/3160-340-0x00007FF77C3D0000-0x00007FF77C721000-memory.dmp	xmrig
behavioral2/memory/3944-342-0x00007FF7C75B0000-0x00007FF7C7901000-memory.dmp	xmrig
behavioral2/memory/2164-345-0x00007FF79FC20000-0x00007FF79FF71000-memory.dmp	xmrig
behavioral2/memory/2644-347-0x00007FF7F96E0000-0x00007FF7F9A31000-memory.dmp	xmrig
behavioral2/memory/4640-349-0x00007FF69B820000-0x00007FF69BB71000-memory.dmp	xmrig
behavioral2/memory/4616-351-0x00007FF7BE450000-0x00007FF7BE7A1000-memory.dmp	xmrig
behavioral2/memory/388-353-0x00007FF651F10000-0x00007FF652261000-memory.dmp	xmrig
behavioral2/memory/5112-355-0x00007FF6B7990000-0x00007FF6B7CE1000-memory.dmp	xmrig
behavioral2/memory/3808-358-0x00007FF77CF20000-0x00007FF77D271000-memory.dmp	xmrig
behavioral2/memory/3976-361-0x00007FF7F9E10000-0x00007FF7FA161000-memory.dmp	xmrig
behavioral2/memory/1716-360-0x00007FF737E00000-0x00007FF738151000-memory.dmp	xmrig
behavioral2/memory/2732-359-0x00007FF654A80000-0x00007FF654DD1000-memory.dmp	xmrig
behavioral2/memory/2176-357-0x00007FF6B3700000-0x00007FF6B3A51000-memory.dmp	xmrig
behavioral2/memory/2632-356-0x00007FF6DACC0000-0x00007FF6DB011000-memory.dmp	xmrig
behavioral2/memory/4092-354-0x00007FF7EA610000-0x00007FF7EA961000-memory.dmp	xmrig
behavioral2/memory/60-352-0x00007FF6568C0000-0x00007FF656C11000-memory.dmp	xmrig
behavioral2/memory/2408-350-0x00007FF6F7B40000-0x00007FF6F7E91000-memory.dmp	xmrig
behavioral2/memory/1176-348-0x00007FF7B3270000-0x00007FF7B35C1000-memory.dmp	xmrig
behavioral2/memory/3516-346-0x00007FF7F6260000-0x00007FF7F65B1000-memory.dmp	xmrig
behavioral2/memory/1680-344-0x00007FF7BCC50000-0x00007FF7BCFA1000-memory.dmp	xmrig
behavioral2/memory/2988-343-0x00007FF713F20000-0x00007FF714271000-memory.dmp	xmrig
behavioral2/memory/2124-341-0x00007FF748560000-0x00007FF7488B1000-memory.dmp	xmrig
behavioral2/memory/2008-339-0x00007FF6BCE00000-0x00007FF6BD151000-memory.dmp	xmrig
behavioral2/memory/1904-337-0x00007FF604960000-0x00007FF604CB1000-memory.dmp	xmrig
behavioral2/memory/1808-873-0x00007FF7C9E10000-0x00007FF7CA161000-memory.dmp	xmrig
behavioral2/memory/336-1028-0x00007FF6FB880000-0x00007FF6FBBD1000-memory.dmp	xmrig
behavioral2/memory/3952-1029-0x00007FF67A990000-0x00007FF67ACE1000-memory.dmp	xmrig
behavioral2/memory/8-1163-0x00007FF659A20000-0x00007FF659D71000-memory.dmp	xmrig
behavioral2/memory/3952-2363-0x00007FF67A990000-0x00007FF67ACE1000-memory.dmp	xmrig
behavioral2/memory/8-2397-0x00007FF659A20000-0x00007FF659D71000-memory.dmp	xmrig
behavioral2/memory/2124-2407-0x00007FF748560000-0x00007FF7488B1000-memory.dmp	xmrig
behavioral2/memory/2008-2403-0x00007FF6BCE00000-0x00007FF6BD151000-memory.dmp	xmrig
behavioral2/memory/1880-2401-0x00007FF62CDF0000-0x00007FF62D141000-memory.dmp	xmrig
behavioral2/memory/3160-2405-0x00007FF77C3D0000-0x00007FF77C721000-memory.dmp	xmrig
behavioral2/memory/1904-2399-0x00007FF604960000-0x00007FF604CB1000-memory.dmp	xmrig
behavioral2/memory/3976-2396-0x00007FF7F9E10000-0x00007FF7FA161000-memory.dmp	xmrig
behavioral2/memory/3316-2365-0x00007FF6BF1A0000-0x00007FF6BF4F1000-memory.dmp	xmrig
behavioral2/memory/336-2361-0x00007FF6FB880000-0x00007FF6FBBD1000-memory.dmp	xmrig
behavioral2/memory/3944-2409-0x00007FF7C75B0000-0x00007FF7C7901000-memory.dmp	xmrig
behavioral2/memory/1680-2413-0x00007FF7BCC50000-0x00007FF7BCFA1000-memory.dmp	xmrig
behavioral2/memory/2988-2411-0x00007FF713F20000-0x00007FF714271000-memory.dmp	xmrig
behavioral2/memory/3516-2452-0x00007FF7F6260000-0x00007FF7F65B1000-memory.dmp	xmrig
behavioral2/memory/4092-2470-0x00007FF7EA610000-0x00007FF7EA961000-memory.dmp	xmrig
behavioral2/memory/388-2483-0x00007FF651F10000-0x00007FF652261000-memory.dmp	xmrig
behavioral2/memory/4616-2476-0x00007FF7BE450000-0x00007FF7BE7A1000-memory.dmp	xmrig
behavioral2/memory/2644-2448-0x00007FF7F96E0000-0x00007FF7F9A31000-memory.dmp	xmrig
behavioral2/memory/1716-2444-0x00007FF737E00000-0x00007FF738151000-memory.dmp	xmrig
behavioral2/memory/2732-2442-0x00007FF654A80000-0x00007FF654DD1000-memory.dmp	xmrig
behavioral2/memory/3808-2440-0x00007FF77CF20000-0x00007FF77D271000-memory.dmp	xmrig
behavioral2/memory/60-2435-0x00007FF6568C0000-0x00007FF656C11000-memory.dmp	xmrig
behavioral2/memory/2632-2432-0x00007FF6DACC0000-0x00007FF6DB011000-memory.dmp	xmrig
behavioral2/memory/2164-2430-0x00007FF79FC20000-0x00007FF79FF71000-memory.dmp	xmrig
behavioral2/memory/1176-2437-0x00007FF7B3270000-0x00007FF7B35C1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
336	dVTpLVU.exe
3952	BtODpDn.exe
3316	WmenDYB.exe
8	BVqrGCq.exe
3976	PKTtCpK.exe
1904	DSnPBaS.exe
1880	fhkodDR.exe
2008	klanpic.exe
3160	uXmhNpG.exe
2124	yIEpEre.exe
3944	dKjbBTV.exe
2988	cDJOpkt.exe
1680	EvTtmWj.exe
2164	qcfodYN.exe
3516	zFqvXdh.exe
2644	QUuTxOi.exe
1176	AHyORtw.exe
4640	qVcyrOC.exe
2408	wYCFvaV.exe
4616	IpzyaRX.exe
60	XclJdEl.exe
388	XZaXXFE.exe
4092	PjQLONs.exe
5112	usYgIsL.exe
2632	Qxemkac.exe
2176	XlIwueH.exe
3808	uYGabSm.exe
2732	xkifQHd.exe
1716	fVvKGuL.exe
4764	jGyGHTi.exe
2648	GdIHSOd.exe
1352	GfvhLcr.exe
2400	VgXgsgR.exe
4100	WFaALbB.exe
2392	QJGRYxI.exe
4584	cyiQMSY.exe
1620	qUAdFkd.exe
3064	lWfcQLt.exe
1636	svqikdm.exe
3320	sHSbyxi.exe
3760	oKZwQPj.exe
1184	ZLsANYl.exe
1416	CKCFzOh.exe
3636	bfXHSBC.exe
4956	rVwzDWX.exe
1036	kAAAYTE.exe
2464	ZMNPKQL.exe
4756	YdefzgC.exe
4104	kVdoNsd.exe
2472	uOvZmoA.exe
2884	hYerqxQ.exe
3536	girvXGq.exe
1516	DxIjfRV.exe
3716	CQuvNOm.exe
2436	zEJtigq.exe
928	IuoDSNM.exe
4416	PNJvWaF.exe
1228	JnncsOf.exe
2956	DjIliYu.exe
4248	RCgitjC.exe
1784	RnTDEMC.exe
1160	MxwhTSf.exe
1204	MoqVkiy.exe
4888	OojYzQX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1808-0-0x00007FF7C9E10000-0x00007FF7CA161000-memory.dmp	upx
behavioral2/files/0x0009000000023500-5.dat	upx
behavioral2/files/0x0007000000023507-11.dat	upx
behavioral2/files/0x0007000000023508-16.dat	upx
behavioral2/files/0x0007000000023509-19.dat	upx
behavioral2/memory/3952-22-0x00007FF67A990000-0x00007FF67ACE1000-memory.dmp	upx
behavioral2/files/0x000700000002350a-32.dat	upx
behavioral2/files/0x000700000002350c-42.dat	upx
behavioral2/files/0x0007000000023511-64.dat	upx
behavioral2/files/0x0007000000023512-69.dat	upx
behavioral2/files/0x0007000000023514-78.dat	upx
behavioral2/files/0x0007000000023515-87.dat	upx
behavioral2/files/0x0007000000023517-96.dat	upx
behavioral2/files/0x0007000000023521-149.dat	upx
behavioral2/files/0x0007000000023524-164.dat	upx
behavioral2/memory/3316-335-0x00007FF6BF1A0000-0x00007FF6BF4F1000-memory.dmp	upx
behavioral2/memory/1880-338-0x00007FF62CDF0000-0x00007FF62D141000-memory.dmp	upx
behavioral2/memory/3160-340-0x00007FF77C3D0000-0x00007FF77C721000-memory.dmp	upx
behavioral2/memory/3944-342-0x00007FF7C75B0000-0x00007FF7C7901000-memory.dmp	upx
behavioral2/memory/2164-345-0x00007FF79FC20000-0x00007FF79FF71000-memory.dmp	upx
behavioral2/memory/2644-347-0x00007FF7F96E0000-0x00007FF7F9A31000-memory.dmp	upx
behavioral2/memory/4640-349-0x00007FF69B820000-0x00007FF69BB71000-memory.dmp	upx
behavioral2/memory/4616-351-0x00007FF7BE450000-0x00007FF7BE7A1000-memory.dmp	upx
behavioral2/memory/388-353-0x00007FF651F10000-0x00007FF652261000-memory.dmp	upx
behavioral2/memory/5112-355-0x00007FF6B7990000-0x00007FF6B7CE1000-memory.dmp	upx
behavioral2/memory/3808-358-0x00007FF77CF20000-0x00007FF77D271000-memory.dmp	upx
behavioral2/memory/3976-361-0x00007FF7F9E10000-0x00007FF7FA161000-memory.dmp	upx
behavioral2/memory/1716-360-0x00007FF737E00000-0x00007FF738151000-memory.dmp	upx
behavioral2/memory/2732-359-0x00007FF654A80000-0x00007FF654DD1000-memory.dmp	upx
behavioral2/memory/2176-357-0x00007FF6B3700000-0x00007FF6B3A51000-memory.dmp	upx
behavioral2/memory/2632-356-0x00007FF6DACC0000-0x00007FF6DB011000-memory.dmp	upx
behavioral2/memory/4092-354-0x00007FF7EA610000-0x00007FF7EA961000-memory.dmp	upx
behavioral2/memory/60-352-0x00007FF6568C0000-0x00007FF656C11000-memory.dmp	upx
behavioral2/memory/2408-350-0x00007FF6F7B40000-0x00007FF6F7E91000-memory.dmp	upx
behavioral2/memory/1176-348-0x00007FF7B3270000-0x00007FF7B35C1000-memory.dmp	upx
behavioral2/memory/3516-346-0x00007FF7F6260000-0x00007FF7F65B1000-memory.dmp	upx
behavioral2/memory/1680-344-0x00007FF7BCC50000-0x00007FF7BCFA1000-memory.dmp	upx
behavioral2/memory/2988-343-0x00007FF713F20000-0x00007FF714271000-memory.dmp	upx
behavioral2/memory/2124-341-0x00007FF748560000-0x00007FF7488B1000-memory.dmp	upx
behavioral2/memory/2008-339-0x00007FF6BCE00000-0x00007FF6BD151000-memory.dmp	upx
behavioral2/memory/1904-337-0x00007FF604960000-0x00007FF604CB1000-memory.dmp	upx
behavioral2/files/0x0007000000023526-166.dat	upx
behavioral2/files/0x0007000000023525-161.dat	upx
behavioral2/files/0x0007000000023523-159.dat	upx
behavioral2/files/0x0007000000023522-154.dat	upx
behavioral2/files/0x0007000000023520-144.dat	upx
behavioral2/files/0x000700000002351f-139.dat	upx
behavioral2/files/0x000700000002351e-134.dat	upx
behavioral2/files/0x000700000002351d-129.dat	upx
behavioral2/files/0x000700000002351c-121.dat	upx
behavioral2/files/0x000700000002351b-117.dat	upx
behavioral2/files/0x000700000002351a-111.dat	upx
behavioral2/files/0x0007000000023519-107.dat	upx
behavioral2/files/0x0007000000023518-102.dat	upx
behavioral2/files/0x0007000000023516-92.dat	upx
behavioral2/files/0x0007000000023513-74.dat	upx
behavioral2/files/0x0007000000023510-62.dat	upx
behavioral2/files/0x000700000002350f-56.dat	upx
behavioral2/files/0x000700000002350e-52.dat	upx
behavioral2/files/0x000700000002350d-47.dat	upx
behavioral2/files/0x000700000002350b-34.dat	upx
behavioral2/memory/8-27-0x00007FF659A20000-0x00007FF659D71000-memory.dmp	upx
behavioral2/memory/336-7-0x00007FF6FB880000-0x00007FF6FBBD1000-memory.dmp	upx
behavioral2/memory/1808-873-0x00007FF7C9E10000-0x00007FF7CA161000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NHDWpJq.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\bILgPhd.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\ajpzbKi.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\Qxemkac.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\gEUJCGS.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\KIHyfIr.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\zoOIycq.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\JsBXGMB.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\QJGRYxI.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\hHgHlUF.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\oxNYmSg.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\fydZcGu.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\KLeqdGn.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\gJUJzXg.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\xkifQHd.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\eqgNvbi.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\CgPQmoV.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\wSEmMnY.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\PEviKPK.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\KFRDrKa.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\PXksGVw.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\xoRFOrK.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\GCiTmFd.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\gzZsGBj.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\SgMWTuY.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\cwualTe.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\iTcIjmk.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\Nfcminp.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\DxIjfRV.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\IuoDSNM.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\bZOyQPM.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\kqEngFo.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\bVOoJyJ.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\gOsXMWl.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\xmicziG.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\lzlPwAH.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\deTtsUM.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\IpzyaRX.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\MoFKkyi.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\mizERSf.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\prYOxLM.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\jPIZTTA.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\dKjbBTV.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\XlIwueH.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\UeWYXLa.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\SrEIDVZ.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\cbWknPz.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\jVYMzpx.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\dUDCqeu.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\XHonbsQ.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\PjQLONs.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\NUwCjKg.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\VyWOSNK.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\Klaqstz.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\uDAxznA.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\kGwVRCf.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\nmdeQmN.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\VaAgoqS.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\jGyGHTi.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\VgXgsgR.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\kVdoNsd.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\cWUekIh.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\JSQBJQy.exe	973413620e4c61db2fda5d9716d9c890N.exe
File created	C:\Windows\System\cAouyMP.exe	973413620e4c61db2fda5d9716d9c890N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14784	dwm.exe
Token: SeChangeNotifyPrivilege	14784	dwm.exe
Token: 33	14784	dwm.exe
Token: SeIncBasePriorityPrivilege	14784	dwm.exe
Token: SeShutdownPrivilege	14784	dwm.exe
Token: SeCreatePagefilePrivilege	14784	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 336	1808	973413620e4c61db2fda5d9716d9c890N.exe	84
PID 1808 wrote to memory of 336	1808	973413620e4c61db2fda5d9716d9c890N.exe	84
PID 1808 wrote to memory of 3952	1808	973413620e4c61db2fda5d9716d9c890N.exe	85
PID 1808 wrote to memory of 3952	1808	973413620e4c61db2fda5d9716d9c890N.exe	85
PID 1808 wrote to memory of 3316	1808	973413620e4c61db2fda5d9716d9c890N.exe	87
PID 1808 wrote to memory of 3316	1808	973413620e4c61db2fda5d9716d9c890N.exe	87
PID 1808 wrote to memory of 8	1808	973413620e4c61db2fda5d9716d9c890N.exe	88
PID 1808 wrote to memory of 8	1808	973413620e4c61db2fda5d9716d9c890N.exe	88
PID 1808 wrote to memory of 3976	1808	973413620e4c61db2fda5d9716d9c890N.exe	89
PID 1808 wrote to memory of 3976	1808	973413620e4c61db2fda5d9716d9c890N.exe	89
PID 1808 wrote to memory of 1904	1808	973413620e4c61db2fda5d9716d9c890N.exe	90
PID 1808 wrote to memory of 1904	1808	973413620e4c61db2fda5d9716d9c890N.exe	90
PID 1808 wrote to memory of 1880	1808	973413620e4c61db2fda5d9716d9c890N.exe	91
PID 1808 wrote to memory of 1880	1808	973413620e4c61db2fda5d9716d9c890N.exe	91
PID 1808 wrote to memory of 2008	1808	973413620e4c61db2fda5d9716d9c890N.exe	92
PID 1808 wrote to memory of 2008	1808	973413620e4c61db2fda5d9716d9c890N.exe	92
PID 1808 wrote to memory of 3160	1808	973413620e4c61db2fda5d9716d9c890N.exe	93
PID 1808 wrote to memory of 3160	1808	973413620e4c61db2fda5d9716d9c890N.exe	93
PID 1808 wrote to memory of 2124	1808	973413620e4c61db2fda5d9716d9c890N.exe	94
PID 1808 wrote to memory of 2124	1808	973413620e4c61db2fda5d9716d9c890N.exe	94
PID 1808 wrote to memory of 3944	1808	973413620e4c61db2fda5d9716d9c890N.exe	95
PID 1808 wrote to memory of 3944	1808	973413620e4c61db2fda5d9716d9c890N.exe	95
PID 1808 wrote to memory of 2988	1808	973413620e4c61db2fda5d9716d9c890N.exe	96
PID 1808 wrote to memory of 2988	1808	973413620e4c61db2fda5d9716d9c890N.exe	96
PID 1808 wrote to memory of 1680	1808	973413620e4c61db2fda5d9716d9c890N.exe	97
PID 1808 wrote to memory of 1680	1808	973413620e4c61db2fda5d9716d9c890N.exe	97
PID 1808 wrote to memory of 2164	1808	973413620e4c61db2fda5d9716d9c890N.exe	98
PID 1808 wrote to memory of 2164	1808	973413620e4c61db2fda5d9716d9c890N.exe	98
PID 1808 wrote to memory of 3516	1808	973413620e4c61db2fda5d9716d9c890N.exe	99
PID 1808 wrote to memory of 3516	1808	973413620e4c61db2fda5d9716d9c890N.exe	99
PID 1808 wrote to memory of 2644	1808	973413620e4c61db2fda5d9716d9c890N.exe	100
PID 1808 wrote to memory of 2644	1808	973413620e4c61db2fda5d9716d9c890N.exe	100
PID 1808 wrote to memory of 1176	1808	973413620e4c61db2fda5d9716d9c890N.exe	101
PID 1808 wrote to memory of 1176	1808	973413620e4c61db2fda5d9716d9c890N.exe	101
PID 1808 wrote to memory of 4640	1808	973413620e4c61db2fda5d9716d9c890N.exe	102
PID 1808 wrote to memory of 4640	1808	973413620e4c61db2fda5d9716d9c890N.exe	102
PID 1808 wrote to memory of 2408	1808	973413620e4c61db2fda5d9716d9c890N.exe	103
PID 1808 wrote to memory of 2408	1808	973413620e4c61db2fda5d9716d9c890N.exe	103
PID 1808 wrote to memory of 4616	1808	973413620e4c61db2fda5d9716d9c890N.exe	104
PID 1808 wrote to memory of 4616	1808	973413620e4c61db2fda5d9716d9c890N.exe	104
PID 1808 wrote to memory of 60	1808	973413620e4c61db2fda5d9716d9c890N.exe	105
PID 1808 wrote to memory of 60	1808	973413620e4c61db2fda5d9716d9c890N.exe	105
PID 1808 wrote to memory of 388	1808	973413620e4c61db2fda5d9716d9c890N.exe	106
PID 1808 wrote to memory of 388	1808	973413620e4c61db2fda5d9716d9c890N.exe	106
PID 1808 wrote to memory of 4092	1808	973413620e4c61db2fda5d9716d9c890N.exe	107
PID 1808 wrote to memory of 4092	1808	973413620e4c61db2fda5d9716d9c890N.exe	107
PID 1808 wrote to memory of 5112	1808	973413620e4c61db2fda5d9716d9c890N.exe	108
PID 1808 wrote to memory of 5112	1808	973413620e4c61db2fda5d9716d9c890N.exe	108
PID 1808 wrote to memory of 2632	1808	973413620e4c61db2fda5d9716d9c890N.exe	109
PID 1808 wrote to memory of 2632	1808	973413620e4c61db2fda5d9716d9c890N.exe	109
PID 1808 wrote to memory of 2176	1808	973413620e4c61db2fda5d9716d9c890N.exe	110
PID 1808 wrote to memory of 2176	1808	973413620e4c61db2fda5d9716d9c890N.exe	110
PID 1808 wrote to memory of 3808	1808	973413620e4c61db2fda5d9716d9c890N.exe	111
PID 1808 wrote to memory of 3808	1808	973413620e4c61db2fda5d9716d9c890N.exe	111
PID 1808 wrote to memory of 2732	1808	973413620e4c61db2fda5d9716d9c890N.exe	112
PID 1808 wrote to memory of 2732	1808	973413620e4c61db2fda5d9716d9c890N.exe	112
PID 1808 wrote to memory of 1716	1808	973413620e4c61db2fda5d9716d9c890N.exe	113
PID 1808 wrote to memory of 1716	1808	973413620e4c61db2fda5d9716d9c890N.exe	113
PID 1808 wrote to memory of 4764	1808	973413620e4c61db2fda5d9716d9c890N.exe	114
PID 1808 wrote to memory of 4764	1808	973413620e4c61db2fda5d9716d9c890N.exe	114
PID 1808 wrote to memory of 2648	1808	973413620e4c61db2fda5d9716d9c890N.exe	115
PID 1808 wrote to memory of 2648	1808	973413620e4c61db2fda5d9716d9c890N.exe	115
PID 1808 wrote to memory of 1352	1808	973413620e4c61db2fda5d9716d9c890N.exe	116
PID 1808 wrote to memory of 1352	1808	973413620e4c61db2fda5d9716d9c890N.exe	116

C:\Users\Admin\AppData\Local\Temp\973413620e4c61db2fda5d9716d9c890N.exe
"C:\Users\Admin\AppData\Local\Temp\973413620e4c61db2fda5d9716d9c890N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\System\dVTpLVU.exe
  C:\Windows\System\dVTpLVU.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\BtODpDn.exe
  C:\Windows\System\BtODpDn.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\WmenDYB.exe
  C:\Windows\System\WmenDYB.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\BVqrGCq.exe
  C:\Windows\System\BVqrGCq.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\PKTtCpK.exe
  C:\Windows\System\PKTtCpK.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\DSnPBaS.exe
  C:\Windows\System\DSnPBaS.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\fhkodDR.exe
  C:\Windows\System\fhkodDR.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\klanpic.exe
  C:\Windows\System\klanpic.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\uXmhNpG.exe
  C:\Windows\System\uXmhNpG.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\yIEpEre.exe
  C:\Windows\System\yIEpEre.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\dKjbBTV.exe
  C:\Windows\System\dKjbBTV.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\cDJOpkt.exe
  C:\Windows\System\cDJOpkt.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\EvTtmWj.exe
  C:\Windows\System\EvTtmWj.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\qcfodYN.exe
  C:\Windows\System\qcfodYN.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\zFqvXdh.exe
  C:\Windows\System\zFqvXdh.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\QUuTxOi.exe
  C:\Windows\System\QUuTxOi.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\AHyORtw.exe
  C:\Windows\System\AHyORtw.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\qVcyrOC.exe
  C:\Windows\System\qVcyrOC.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\wYCFvaV.exe
  C:\Windows\System\wYCFvaV.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\IpzyaRX.exe
  C:\Windows\System\IpzyaRX.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\XclJdEl.exe
  C:\Windows\System\XclJdEl.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\XZaXXFE.exe
  C:\Windows\System\XZaXXFE.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\PjQLONs.exe
  C:\Windows\System\PjQLONs.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\usYgIsL.exe
  C:\Windows\System\usYgIsL.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\Qxemkac.exe
  C:\Windows\System\Qxemkac.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\XlIwueH.exe
  C:\Windows\System\XlIwueH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\uYGabSm.exe
  C:\Windows\System\uYGabSm.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\xkifQHd.exe
  C:\Windows\System\xkifQHd.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\fVvKGuL.exe
  C:\Windows\System\fVvKGuL.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\jGyGHTi.exe
  C:\Windows\System\jGyGHTi.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\GdIHSOd.exe
  C:\Windows\System\GdIHSOd.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\GfvhLcr.exe
  C:\Windows\System\GfvhLcr.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\VgXgsgR.exe
  C:\Windows\System\VgXgsgR.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\WFaALbB.exe
  C:\Windows\System\WFaALbB.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\QJGRYxI.exe
  C:\Windows\System\QJGRYxI.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\cyiQMSY.exe
  C:\Windows\System\cyiQMSY.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\qUAdFkd.exe
  C:\Windows\System\qUAdFkd.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\lWfcQLt.exe
  C:\Windows\System\lWfcQLt.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\svqikdm.exe
  C:\Windows\System\svqikdm.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\sHSbyxi.exe
  C:\Windows\System\sHSbyxi.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\oKZwQPj.exe
  C:\Windows\System\oKZwQPj.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\ZLsANYl.exe
  C:\Windows\System\ZLsANYl.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\CKCFzOh.exe
  C:\Windows\System\CKCFzOh.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\bfXHSBC.exe
  C:\Windows\System\bfXHSBC.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\rVwzDWX.exe
  C:\Windows\System\rVwzDWX.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\kAAAYTE.exe
  C:\Windows\System\kAAAYTE.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\ZMNPKQL.exe
  C:\Windows\System\ZMNPKQL.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\YdefzgC.exe
  C:\Windows\System\YdefzgC.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\kVdoNsd.exe
  C:\Windows\System\kVdoNsd.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\uOvZmoA.exe
  C:\Windows\System\uOvZmoA.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\hYerqxQ.exe
  C:\Windows\System\hYerqxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\girvXGq.exe
  C:\Windows\System\girvXGq.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\DxIjfRV.exe
  C:\Windows\System\DxIjfRV.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\CQuvNOm.exe
  C:\Windows\System\CQuvNOm.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\zEJtigq.exe
  C:\Windows\System\zEJtigq.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\IuoDSNM.exe
  C:\Windows\System\IuoDSNM.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\PNJvWaF.exe
  C:\Windows\System\PNJvWaF.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\JnncsOf.exe
  C:\Windows\System\JnncsOf.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\DjIliYu.exe
  C:\Windows\System\DjIliYu.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\RCgitjC.exe
  C:\Windows\System\RCgitjC.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\RnTDEMC.exe
  C:\Windows\System\RnTDEMC.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\MxwhTSf.exe
  C:\Windows\System\MxwhTSf.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\MoqVkiy.exe
  C:\Windows\System\MoqVkiy.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\OojYzQX.exe
  C:\Windows\System\OojYzQX.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\eyDfbkX.exe
  C:\Windows\System\eyDfbkX.exe
  2⤵
  PID:1712
- C:\Windows\System\qHidgsI.exe
  C:\Windows\System\qHidgsI.exe
  2⤵
  PID:1740
- C:\Windows\System\INBakhG.exe
  C:\Windows\System\INBakhG.exe
  2⤵
  PID:1428
- C:\Windows\System\pqwhMEH.exe
  C:\Windows\System\pqwhMEH.exe
  2⤵
  PID:3564
- C:\Windows\System\eqgNvbi.exe
  C:\Windows\System\eqgNvbi.exe
  2⤵
  PID:3736
- C:\Windows\System\ypeMGlz.exe
  C:\Windows\System\ypeMGlz.exe
  2⤵
  PID:2356
- C:\Windows\System\FKnDZfh.exe
  C:\Windows\System\FKnDZfh.exe
  2⤵
  PID:4628
- C:\Windows\System\MxMqUHZ.exe
  C:\Windows\System\MxMqUHZ.exe
  2⤵
  PID:1608
- C:\Windows\System\VSUjufY.exe
  C:\Windows\System\VSUjufY.exe
  2⤵
  PID:2452
- C:\Windows\System\zcYeSpC.exe
  C:\Windows\System\zcYeSpC.exe
  2⤵
  PID:3512
- C:\Windows\System\xvvRmwb.exe
  C:\Windows\System\xvvRmwb.exe
  2⤵
  PID:840
- C:\Windows\System\jabfJIy.exe
  C:\Windows\System\jabfJIy.exe
  2⤵
  PID:2652
- C:\Windows\System\YcIzivb.exe
  C:\Windows\System\YcIzivb.exe
  2⤵
  PID:1792
- C:\Windows\System\isooWwn.exe
  C:\Windows\System\isooWwn.exe
  2⤵
  PID:812
- C:\Windows\System\ORGXyWG.exe
  C:\Windows\System\ORGXyWG.exe
  2⤵
  PID:4344
- C:\Windows\System\jFOLqAG.exe
  C:\Windows\System\jFOLqAG.exe
  2⤵
  PID:408
- C:\Windows\System\voOYFSk.exe
  C:\Windows\System\voOYFSk.exe
  2⤵
  PID:4536
- C:\Windows\System\GlFnqck.exe
  C:\Windows\System\GlFnqck.exe
  2⤵
  PID:3448
- C:\Windows\System\zXgReZE.exe
  C:\Windows\System\zXgReZE.exe
  2⤵
  PID:3504
- C:\Windows\System\wYTFZzL.exe
  C:\Windows\System\wYTFZzL.exe
  2⤵
  PID:2868
- C:\Windows\System\lQifoKZ.exe
  C:\Windows\System\lQifoKZ.exe
  2⤵
  PID:3744
- C:\Windows\System\VwClwfh.exe
  C:\Windows\System\VwClwfh.exe
  2⤵
  PID:4048
- C:\Windows\System\WlRmaRR.exe
  C:\Windows\System\WlRmaRR.exe
  2⤵
  PID:5116
- C:\Windows\System\BySLrFx.exe
  C:\Windows\System\BySLrFx.exe
  2⤵
  PID:2680
- C:\Windows\System\PYNZNbc.exe
  C:\Windows\System\PYNZNbc.exe
  2⤵
  PID:2488
- C:\Windows\System\wtAFQlJ.exe
  C:\Windows\System\wtAFQlJ.exe
  2⤵
  PID:2600
- C:\Windows\System\iNfHJkO.exe
  C:\Windows\System\iNfHJkO.exe
  2⤵
  PID:3116
- C:\Windows\System\fPWxMSs.exe
  C:\Windows\System\fPWxMSs.exe
  2⤵
  PID:4560
- C:\Windows\System\CRMHmwn.exe
  C:\Windows\System\CRMHmwn.exe
  2⤵
  PID:1312
- C:\Windows\System\qHYLIja.exe
  C:\Windows\System\qHYLIja.exe
  2⤵
  PID:440
- C:\Windows\System\zCMPwvC.exe
  C:\Windows\System\zCMPwvC.exe
  2⤵
  PID:4816
- C:\Windows\System\suuniqC.exe
  C:\Windows\System\suuniqC.exe
  2⤵
  PID:1044
- C:\Windows\System\BrdVFWX.exe
  C:\Windows\System\BrdVFWX.exe
  2⤵
  PID:2912
- C:\Windows\System\zadlQZS.exe
  C:\Windows\System\zadlQZS.exe
  2⤵
  PID:4180
- C:\Windows\System\OiwQXRo.exe
  C:\Windows\System\OiwQXRo.exe
  2⤵
  PID:3876
- C:\Windows\System\nVeQXrw.exe
  C:\Windows\System\nVeQXrw.exe
  2⤵
  PID:5108
- C:\Windows\System\rounRVm.exe
  C:\Windows\System\rounRVm.exe
  2⤵
  PID:3084
- C:\Windows\System\PXksGVw.exe
  C:\Windows\System\PXksGVw.exe
  2⤵
  PID:2528
- C:\Windows\System\UguBmfn.exe
  C:\Windows\System\UguBmfn.exe
  2⤵
  PID:2172
- C:\Windows\System\kDKCaOr.exe
  C:\Windows\System\kDKCaOr.exe
  2⤵
  PID:4832
- C:\Windows\System\tdLKERy.exe
  C:\Windows\System\tdLKERy.exe
  2⤵
  PID:5132
- C:\Windows\System\YREvaQz.exe
  C:\Windows\System\YREvaQz.exe
  2⤵
  PID:5152
- C:\Windows\System\wsKNEsI.exe
  C:\Windows\System\wsKNEsI.exe
  2⤵
  PID:5216
- C:\Windows\System\zuZcEvk.exe
  C:\Windows\System\zuZcEvk.exe
  2⤵
  PID:5240
- C:\Windows\System\XYXpETi.exe
  C:\Windows\System\XYXpETi.exe
  2⤵
  PID:5264
- C:\Windows\System\hoVhPdk.exe
  C:\Windows\System\hoVhPdk.exe
  2⤵
  PID:5296
- C:\Windows\System\TTLZJRb.exe
  C:\Windows\System\TTLZJRb.exe
  2⤵
  PID:5324
- C:\Windows\System\iDuFrcD.exe
  C:\Windows\System\iDuFrcD.exe
  2⤵
  PID:5364
- C:\Windows\System\fwjpRsn.exe
  C:\Windows\System\fwjpRsn.exe
  2⤵
  PID:5412
- C:\Windows\System\WJDFuDp.exe
  C:\Windows\System\WJDFuDp.exe
  2⤵
  PID:5460
- C:\Windows\System\FWevSUD.exe
  C:\Windows\System\FWevSUD.exe
  2⤵
  PID:5516
- C:\Windows\System\vndNPDE.exe
  C:\Windows\System\vndNPDE.exe
  2⤵
  PID:5544
- C:\Windows\System\uOdPCxG.exe
  C:\Windows\System\uOdPCxG.exe
  2⤵
  PID:5568
- C:\Windows\System\PNnfOze.exe
  C:\Windows\System\PNnfOze.exe
  2⤵
  PID:5584
- C:\Windows\System\naJRxJl.exe
  C:\Windows\System\naJRxJl.exe
  2⤵
  PID:5604
- C:\Windows\System\gEUJCGS.exe
  C:\Windows\System\gEUJCGS.exe
  2⤵
  PID:5624
- C:\Windows\System\QBcCdkh.exe
  C:\Windows\System\QBcCdkh.exe
  2⤵
  PID:5648
- C:\Windows\System\cAouyMP.exe
  C:\Windows\System\cAouyMP.exe
  2⤵
  PID:5664
- C:\Windows\System\JdmMYBH.exe
  C:\Windows\System\JdmMYBH.exe
  2⤵
  PID:5688
- C:\Windows\System\ZhjkjAl.exe
  C:\Windows\System\ZhjkjAl.exe
  2⤵
  PID:5708
- C:\Windows\System\IVXzcKO.exe
  C:\Windows\System\IVXzcKO.exe
  2⤵
  PID:5728
- C:\Windows\System\pzecnAA.exe
  C:\Windows\System\pzecnAA.exe
  2⤵
  PID:5748
- C:\Windows\System\cjgMtJy.exe
  C:\Windows\System\cjgMtJy.exe
  2⤵
  PID:5764
- C:\Windows\System\OTHrmEp.exe
  C:\Windows\System\OTHrmEp.exe
  2⤵
  PID:5800
- C:\Windows\System\yPKScBn.exe
  C:\Windows\System\yPKScBn.exe
  2⤵
  PID:5828
- C:\Windows\System\jfIfyOk.exe
  C:\Windows\System\jfIfyOk.exe
  2⤵
  PID:5852
- C:\Windows\System\ThisgWG.exe
  C:\Windows\System\ThisgWG.exe
  2⤵
  PID:5912
- C:\Windows\System\vsSLLLh.exe
  C:\Windows\System\vsSLLLh.exe
  2⤵
  PID:5960
- C:\Windows\System\qXPJmtd.exe
  C:\Windows\System\qXPJmtd.exe
  2⤵
  PID:5988
- C:\Windows\System\fNdWZmZ.exe
  C:\Windows\System\fNdWZmZ.exe
  2⤵
  PID:6008
- C:\Windows\System\qvOKhiP.exe
  C:\Windows\System\qvOKhiP.exe
  2⤵
  PID:6044
- C:\Windows\System\EXDxlnq.exe
  C:\Windows\System\EXDxlnq.exe
  2⤵
  PID:6060
- C:\Windows\System\bZOyQPM.exe
  C:\Windows\System\bZOyQPM.exe
  2⤵
  PID:6080
- C:\Windows\System\ZnhzGrG.exe
  C:\Windows\System\ZnhzGrG.exe
  2⤵
  PID:6100
- C:\Windows\System\xygdisM.exe
  C:\Windows\System\xygdisM.exe
  2⤵
  PID:6116
- C:\Windows\System\hUVMFSV.exe
  C:\Windows\System\hUVMFSV.exe
  2⤵
  PID:6140
- C:\Windows\System\RmGZYoO.exe
  C:\Windows\System\RmGZYoO.exe
  2⤵
  PID:2508
- C:\Windows\System\QABuLDo.exe
  C:\Windows\System\QABuLDo.exe
  2⤵
  PID:5160
- C:\Windows\System\LqCtpuR.exe
  C:\Windows\System\LqCtpuR.exe
  2⤵
  PID:5204
- C:\Windows\System\MEfKFCe.exe
  C:\Windows\System\MEfKFCe.exe
  2⤵
  PID:5252
- C:\Windows\System\itZDlVU.exe
  C:\Windows\System\itZDlVU.exe
  2⤵
  PID:5308
- C:\Windows\System\yULvfTd.exe
  C:\Windows\System\yULvfTd.exe
  2⤵
  PID:5376
- C:\Windows\System\DArQbVU.exe
  C:\Windows\System\DArQbVU.exe
  2⤵
  PID:5452
- C:\Windows\System\mHzSljj.exe
  C:\Windows\System\mHzSljj.exe
  2⤵
  PID:5532
- C:\Windows\System\HLwprFM.exe
  C:\Windows\System\HLwprFM.exe
  2⤵
  PID:5580
- C:\Windows\System\ZYVDpaI.exe
  C:\Windows\System\ZYVDpaI.exe
  2⤵
  PID:5672
- C:\Windows\System\qQhvPoV.exe
  C:\Windows\System\qQhvPoV.exe
  2⤵
  PID:5716
- C:\Windows\System\cTNVvqX.exe
  C:\Windows\System\cTNVvqX.exe
  2⤵
  PID:5844
- C:\Windows\System\NUwCjKg.exe
  C:\Windows\System\NUwCjKg.exe
  2⤵
  PID:4144
- C:\Windows\System\FjjFldT.exe
  C:\Windows\System\FjjFldT.exe
  2⤵
  PID:5936
- C:\Windows\System\PXOgCCt.exe
  C:\Windows\System\PXOgCCt.exe
  2⤵
  PID:552
- C:\Windows\System\JDwkVcM.exe
  C:\Windows\System\JDwkVcM.exe
  2⤵
  PID:6112
- C:\Windows\System\OqrrAmn.exe
  C:\Windows\System\OqrrAmn.exe
  2⤵
  PID:6040
- C:\Windows\System\sIiWqdw.exe
  C:\Windows\System\sIiWqdw.exe
  2⤵
  PID:6088
- C:\Windows\System\vLHFGhF.exe
  C:\Windows\System\vLHFGhF.exe
  2⤵
  PID:5144
- C:\Windows\System\iiXQwMC.exe
  C:\Windows\System\iiXQwMC.exe
  2⤵
  PID:5288
- C:\Windows\System\VyWOSNK.exe
  C:\Windows\System\VyWOSNK.exe
  2⤵
  PID:5224
- C:\Windows\System\FZaOnLG.exe
  C:\Windows\System\FZaOnLG.exe
  2⤵
  PID:5576
- C:\Windows\System\JKjqQqE.exe
  C:\Windows\System\JKjqQqE.exe
  2⤵
  PID:4424
- C:\Windows\System\oRZdlNN.exe
  C:\Windows\System\oRZdlNN.exe
  2⤵
  PID:5900
- C:\Windows\System\BGikYBL.exe
  C:\Windows\System\BGikYBL.exe
  2⤵
  PID:6128
- C:\Windows\System\sBVhFFK.exe
  C:\Windows\System\sBVhFFK.exe
  2⤵
  PID:4492
- C:\Windows\System\qRgVZLJ.exe
  C:\Windows\System\qRgVZLJ.exe
  2⤵
  PID:4032
- C:\Windows\System\cMcwYmr.exe
  C:\Windows\System\cMcwYmr.exe
  2⤵
  PID:5192
- C:\Windows\System\MoFKkyi.exe
  C:\Windows\System\MoFKkyi.exe
  2⤵
  PID:5640
- C:\Windows\System\UEaVGot.exe
  C:\Windows\System\UEaVGot.exe
  2⤵
  PID:5700
- C:\Windows\System\zQMnbbD.exe
  C:\Windows\System\zQMnbbD.exe
  2⤵
  PID:6108
- C:\Windows\System\OArTvOQ.exe
  C:\Windows\System\OArTvOQ.exe
  2⤵
  PID:3484
- C:\Windows\System\cWUekIh.exe
  C:\Windows\System\cWUekIh.exe
  2⤵
  PID:5656
- C:\Windows\System\BhFrvxJ.exe
  C:\Windows\System\BhFrvxJ.exe
  2⤵
  PID:6152
- C:\Windows\System\LeVpwYQ.exe
  C:\Windows\System\LeVpwYQ.exe
  2⤵
  PID:6200
- C:\Windows\System\xvUGCoB.exe
  C:\Windows\System\xvUGCoB.exe
  2⤵
  PID:6228
- C:\Windows\System\ZTwfuCD.exe
  C:\Windows\System\ZTwfuCD.exe
  2⤵
  PID:6248
- C:\Windows\System\imMothX.exe
  C:\Windows\System\imMothX.exe
  2⤵
  PID:6268
- C:\Windows\System\JSQBJQy.exe
  C:\Windows\System\JSQBJQy.exe
  2⤵
  PID:6308
- C:\Windows\System\lUKMPaw.exe
  C:\Windows\System\lUKMPaw.exe
  2⤵
  PID:6328
- C:\Windows\System\COYaLBT.exe
  C:\Windows\System\COYaLBT.exe
  2⤵
  PID:6364
- C:\Windows\System\qLvdQtY.exe
  C:\Windows\System\qLvdQtY.exe
  2⤵
  PID:6384
- C:\Windows\System\dNVWMpB.exe
  C:\Windows\System\dNVWMpB.exe
  2⤵
  PID:6404
- C:\Windows\System\QgymUnD.exe
  C:\Windows\System\QgymUnD.exe
  2⤵
  PID:6460
- C:\Windows\System\yBWXZom.exe
  C:\Windows\System\yBWXZom.exe
  2⤵
  PID:6484
- C:\Windows\System\ovkUaWW.exe
  C:\Windows\System\ovkUaWW.exe
  2⤵
  PID:6520
- C:\Windows\System\sgmyMVz.exe
  C:\Windows\System\sgmyMVz.exe
  2⤵
  PID:6552
- C:\Windows\System\jBCMGDf.exe
  C:\Windows\System\jBCMGDf.exe
  2⤵
  PID:6572
- C:\Windows\System\wqsjMkC.exe
  C:\Windows\System\wqsjMkC.exe
  2⤵
  PID:6604
- C:\Windows\System\wIArfEr.exe
  C:\Windows\System\wIArfEr.exe
  2⤵
  PID:6624
- C:\Windows\System\zqessfo.exe
  C:\Windows\System\zqessfo.exe
  2⤵
  PID:6644
- C:\Windows\System\DREiTca.exe
  C:\Windows\System\DREiTca.exe
  2⤵
  PID:6712
- C:\Windows\System\dAhKKnJ.exe
  C:\Windows\System\dAhKKnJ.exe
  2⤵
  PID:6756
- C:\Windows\System\VBAzfgE.exe
  C:\Windows\System\VBAzfgE.exe
  2⤵
  PID:6792
- C:\Windows\System\iEUFvfq.exe
  C:\Windows\System\iEUFvfq.exe
  2⤵
  PID:6820
- C:\Windows\System\nZjiilh.exe
  C:\Windows\System\nZjiilh.exe
  2⤵
  PID:6840
- C:\Windows\System\mujsUMM.exe
  C:\Windows\System\mujsUMM.exe
  2⤵
  PID:6876
- C:\Windows\System\XkYqndC.exe
  C:\Windows\System\XkYqndC.exe
  2⤵
  PID:6892
- C:\Windows\System\ydxuaHS.exe
  C:\Windows\System\ydxuaHS.exe
  2⤵
  PID:6916
- C:\Windows\System\tQfHpnS.exe
  C:\Windows\System\tQfHpnS.exe
  2⤵
  PID:6940
- C:\Windows\System\fgzyCYl.exe
  C:\Windows\System\fgzyCYl.exe
  2⤵
  PID:6960
- C:\Windows\System\TUDCNhR.exe
  C:\Windows\System\TUDCNhR.exe
  2⤵
  PID:6992
- C:\Windows\System\CPrNRNI.exe
  C:\Windows\System\CPrNRNI.exe
  2⤵
  PID:7008
- C:\Windows\System\JPDzyGp.exe
  C:\Windows\System\JPDzyGp.exe
  2⤵
  PID:7048
- C:\Windows\System\anilpxh.exe
  C:\Windows\System\anilpxh.exe
  2⤵
  PID:7096
- C:\Windows\System\xRxQGJm.exe
  C:\Windows\System\xRxQGJm.exe
  2⤵
  PID:7112
- C:\Windows\System\jHdHgsd.exe
  C:\Windows\System\jHdHgsd.exe
  2⤵
  PID:7160
- C:\Windows\System\RhCpeol.exe
  C:\Windows\System\RhCpeol.exe
  2⤵
  PID:5248
- C:\Windows\System\TuLoaSv.exe
  C:\Windows\System\TuLoaSv.exe
  2⤵
  PID:6176
- C:\Windows\System\nwfSzuK.exe
  C:\Windows\System\nwfSzuK.exe
  2⤵
  PID:6224
- C:\Windows\System\PIQivFq.exe
  C:\Windows\System\PIQivFq.exe
  2⤵
  PID:6284
- C:\Windows\System\MOqcxpW.exe
  C:\Windows\System\MOqcxpW.exe
  2⤵
  PID:6320
- C:\Windows\System\pIANfrf.exe
  C:\Windows\System\pIANfrf.exe
  2⤵
  PID:6472
- C:\Windows\System\DLPnLUo.exe
  C:\Windows\System\DLPnLUo.exe
  2⤵
  PID:6512
- C:\Windows\System\qiAZkId.exe
  C:\Windows\System\qiAZkId.exe
  2⤵
  PID:6636
- C:\Windows\System\BqyBvoc.exe
  C:\Windows\System\BqyBvoc.exe
  2⤵
  PID:6748
- C:\Windows\System\ZASnVfH.exe
  C:\Windows\System\ZASnVfH.exe
  2⤵
  PID:6800
- C:\Windows\System\IkjcFWE.exe
  C:\Windows\System\IkjcFWE.exe
  2⤵
  PID:6912
- C:\Windows\System\IgmEFFH.exe
  C:\Windows\System\IgmEFFH.exe
  2⤵
  PID:6988
- C:\Windows\System\xuvUWQS.exe
  C:\Windows\System\xuvUWQS.exe
  2⤵
  PID:7036
- C:\Windows\System\qNjbRhW.exe
  C:\Windows\System\qNjbRhW.exe
  2⤵
  PID:7144
- C:\Windows\System\BGDusCc.exe
  C:\Windows\System\BGDusCc.exe
  2⤵
  PID:4168
- C:\Windows\System\RUTzwqm.exe
  C:\Windows\System\RUTzwqm.exe
  2⤵
  PID:6240
- C:\Windows\System\FsZFQaZ.exe
  C:\Windows\System\FsZFQaZ.exe
  2⤵
  PID:6188
- C:\Windows\System\mNadtnH.exe
  C:\Windows\System\mNadtnH.exe
  2⤵
  PID:6376
- C:\Windows\System\jyFSxVa.exe
  C:\Windows\System\jyFSxVa.exe
  2⤵
  PID:6400
- C:\Windows\System\RwkbUrY.exe
  C:\Windows\System\RwkbUrY.exe
  2⤵
  PID:6496
- C:\Windows\System\MIQPdGo.exe
  C:\Windows\System\MIQPdGo.exe
  2⤵
  PID:6616
- C:\Windows\System\MuvZtuk.exe
  C:\Windows\System\MuvZtuk.exe
  2⤵
  PID:6632
- C:\Windows\System\Hnizwjt.exe
  C:\Windows\System\Hnizwjt.exe
  2⤵
  PID:6836
- C:\Windows\System\niLmBVi.exe
  C:\Windows\System\niLmBVi.exe
  2⤵
  PID:7156
- C:\Windows\System\mbLqZuA.exe
  C:\Windows\System\mbLqZuA.exe
  2⤵
  PID:6588
- C:\Windows\System\GPOmwVc.exe
  C:\Windows\System\GPOmwVc.exe
  2⤵
  PID:6416
- C:\Windows\System\xSduoAO.exe
  C:\Windows\System\xSduoAO.exe
  2⤵
  PID:6192
- C:\Windows\System\fnYUBGZ.exe
  C:\Windows\System\fnYUBGZ.exe
  2⤵
  PID:6580
- C:\Windows\System\QDMeHPV.exe
  C:\Windows\System\QDMeHPV.exe
  2⤵
  PID:7172
- C:\Windows\System\yermyeE.exe
  C:\Windows\System\yermyeE.exe
  2⤵
  PID:7196
- C:\Windows\System\ElBmvPU.exe
  C:\Windows\System\ElBmvPU.exe
  2⤵
  PID:7216
- C:\Windows\System\Klaqstz.exe
  C:\Windows\System\Klaqstz.exe
  2⤵
  PID:7232
- C:\Windows\System\wdUaDhG.exe
  C:\Windows\System\wdUaDhG.exe
  2⤵
  PID:7256
- C:\Windows\System\dqUCTuA.exe
  C:\Windows\System\dqUCTuA.exe
  2⤵
  PID:7280
- C:\Windows\System\AajzSEn.exe
  C:\Windows\System\AajzSEn.exe
  2⤵
  PID:7316
- C:\Windows\System\lcgruER.exe
  C:\Windows\System\lcgruER.exe
  2⤵
  PID:7348
- C:\Windows\System\eqrUTUl.exe
  C:\Windows\System\eqrUTUl.exe
  2⤵
  PID:7372
- C:\Windows\System\nkxcvuk.exe
  C:\Windows\System\nkxcvuk.exe
  2⤵
  PID:7392
- C:\Windows\System\AxgPKKP.exe
  C:\Windows\System\AxgPKKP.exe
  2⤵
  PID:7412
- C:\Windows\System\FLUYvqy.exe
  C:\Windows\System\FLUYvqy.exe
  2⤵
  PID:7436
- C:\Windows\System\giiuwFN.exe
  C:\Windows\System\giiuwFN.exe
  2⤵
  PID:7452
- C:\Windows\System\wxIlSnC.exe
  C:\Windows\System\wxIlSnC.exe
  2⤵
  PID:7476
- C:\Windows\System\FNRNZQN.exe
  C:\Windows\System\FNRNZQN.exe
  2⤵
  PID:7492
- C:\Windows\System\DaLkGiI.exe
  C:\Windows\System\DaLkGiI.exe
  2⤵
  PID:7612
- C:\Windows\System\VQgAJgR.exe
  C:\Windows\System\VQgAJgR.exe
  2⤵
  PID:7636
- C:\Windows\System\BwjaGvl.exe
  C:\Windows\System\BwjaGvl.exe
  2⤵
  PID:7712
- C:\Windows\System\OpJDrBj.exe
  C:\Windows\System\OpJDrBj.exe
  2⤵
  PID:7736
- C:\Windows\System\ZNHJzWg.exe
  C:\Windows\System\ZNHJzWg.exe
  2⤵
  PID:7760
- C:\Windows\System\okwwDAj.exe
  C:\Windows\System\okwwDAj.exe
  2⤵
  PID:7776
- C:\Windows\System\SifXlMh.exe
  C:\Windows\System\SifXlMh.exe
  2⤵
  PID:7792
- C:\Windows\System\ThhiyKw.exe
  C:\Windows\System\ThhiyKw.exe
  2⤵
  PID:7808
- C:\Windows\System\aJUyQkC.exe
  C:\Windows\System\aJUyQkC.exe
  2⤵
  PID:7824
- C:\Windows\System\DaQTulH.exe
  C:\Windows\System\DaQTulH.exe
  2⤵
  PID:7844
- C:\Windows\System\HXOuYbn.exe
  C:\Windows\System\HXOuYbn.exe
  2⤵
  PID:7864
- C:\Windows\System\uIaPLXD.exe
  C:\Windows\System\uIaPLXD.exe
  2⤵
  PID:7888
- C:\Windows\System\NWjQQbP.exe
  C:\Windows\System\NWjQQbP.exe
  2⤵
  PID:7904
- C:\Windows\System\zmxQLcu.exe
  C:\Windows\System\zmxQLcu.exe
  2⤵
  PID:7992
- C:\Windows\System\mDEfVkP.exe
  C:\Windows\System\mDEfVkP.exe
  2⤵
  PID:8076
- C:\Windows\System\uDAxznA.exe
  C:\Windows\System\uDAxznA.exe
  2⤵
  PID:8096
- C:\Windows\System\kbHEOid.exe
  C:\Windows\System\kbHEOid.exe
  2⤵
  PID:8140
- C:\Windows\System\kqEngFo.exe
  C:\Windows\System\kqEngFo.exe
  2⤵
  PID:8172
- C:\Windows\System\kGwVRCf.exe
  C:\Windows\System\kGwVRCf.exe
  2⤵
  PID:6540
- C:\Windows\System\tpdwAQi.exe
  C:\Windows\System\tpdwAQi.exe
  2⤵
  PID:7204
- C:\Windows\System\NRcmMJj.exe
  C:\Windows\System\NRcmMJj.exe
  2⤵
  PID:7292
- C:\Windows\System\aMrTXmr.exe
  C:\Windows\System\aMrTXmr.exe
  2⤵
  PID:7324
- C:\Windows\System\DwiVUun.exe
  C:\Windows\System\DwiVUun.exe
  2⤵
  PID:7344
- C:\Windows\System\lLlkOlv.exe
  C:\Windows\System\lLlkOlv.exe
  2⤵
  PID:7424
- C:\Windows\System\UBOTeJt.exe
  C:\Windows\System\UBOTeJt.exe
  2⤵
  PID:7552
- C:\Windows\System\AeVKWyq.exe
  C:\Windows\System\AeVKWyq.exe
  2⤵
  PID:7508
- C:\Windows\System\ILWheaK.exe
  C:\Windows\System\ILWheaK.exe
  2⤵
  PID:7596
- C:\Windows\System\AnFgWsz.exe
  C:\Windows\System\AnFgWsz.exe
  2⤵
  PID:7444
- C:\Windows\System\YcQsero.exe
  C:\Windows\System\YcQsero.exe
  2⤵
  PID:7704
- C:\Windows\System\ajVtJlN.exe
  C:\Windows\System\ajVtJlN.exe
  2⤵
  PID:7664
- C:\Windows\System\MkcZIDH.exe
  C:\Windows\System\MkcZIDH.exe
  2⤵
  PID:7924
- C:\Windows\System\nmdeQmN.exe
  C:\Windows\System\nmdeQmN.exe
  2⤵
  PID:7880
- C:\Windows\System\aLcmLQJ.exe
  C:\Windows\System\aLcmLQJ.exe
  2⤵
  PID:7984
- C:\Windows\System\bSxBEmZ.exe
  C:\Windows\System\bSxBEmZ.exe
  2⤵
  PID:7804
- C:\Windows\System\PvhtQnK.exe
  C:\Windows\System\PvhtQnK.exe
  2⤵
  PID:7948
- C:\Windows\System\IPYjjJx.exe
  C:\Windows\System\IPYjjJx.exe
  2⤵
  PID:8180
- C:\Windows\System\jVSLPZN.exe
  C:\Windows\System\jVSLPZN.exe
  2⤵
  PID:7192
- C:\Windows\System\VNlYLdz.exe
  C:\Windows\System\VNlYLdz.exe
  2⤵
  PID:7460
- C:\Windows\System\PlrNznC.exe
  C:\Windows\System\PlrNznC.exe
  2⤵
  PID:7488
- C:\Windows\System\iZJlWPe.exe
  C:\Windows\System\iZJlWPe.exe
  2⤵
  PID:7660
- C:\Windows\System\BwrHLkE.exe
  C:\Windows\System\BwrHLkE.exe
  2⤵
  PID:7896
- C:\Windows\System\nITmtxl.exe
  C:\Windows\System\nITmtxl.exe
  2⤵
  PID:7672
- C:\Windows\System\bVOoJyJ.exe
  C:\Windows\System\bVOoJyJ.exe
  2⤵
  PID:8116
- C:\Windows\System\BMSGoLR.exe
  C:\Windows\System\BMSGoLR.exe
  2⤵
  PID:8084
- C:\Windows\System\fghUlFL.exe
  C:\Windows\System\fghUlFL.exe
  2⤵
  PID:7580
- C:\Windows\System\QpcCpjv.exe
  C:\Windows\System\QpcCpjv.exe
  2⤵
  PID:6568
- C:\Windows\System\mizERSf.exe
  C:\Windows\System\mizERSf.exe
  2⤵
  PID:8196
- C:\Windows\System\OHOGlkD.exe
  C:\Windows\System\OHOGlkD.exe
  2⤵
  PID:8240
- C:\Windows\System\zHNRFID.exe
  C:\Windows\System\zHNRFID.exe
  2⤵
  PID:8256
- C:\Windows\System\YCtmzLM.exe
  C:\Windows\System\YCtmzLM.exe
  2⤵
  PID:8272
- C:\Windows\System\wcsBLLO.exe
  C:\Windows\System\wcsBLLO.exe
  2⤵
  PID:8288
- C:\Windows\System\FmVWkPY.exe
  C:\Windows\System\FmVWkPY.exe
  2⤵
  PID:8308
- C:\Windows\System\cFbAwUY.exe
  C:\Windows\System\cFbAwUY.exe
  2⤵
  PID:8364
- C:\Windows\System\gROmvdm.exe
  C:\Windows\System\gROmvdm.exe
  2⤵
  PID:8400
- C:\Windows\System\MyIiJBj.exe
  C:\Windows\System\MyIiJBj.exe
  2⤵
  PID:8420
- C:\Windows\System\qfEJfnk.exe
  C:\Windows\System\qfEJfnk.exe
  2⤵
  PID:8452
- C:\Windows\System\fJNsfUn.exe
  C:\Windows\System\fJNsfUn.exe
  2⤵
  PID:8472
- C:\Windows\System\prYOxLM.exe
  C:\Windows\System\prYOxLM.exe
  2⤵
  PID:8500
- C:\Windows\System\VgLVOTM.exe
  C:\Windows\System\VgLVOTM.exe
  2⤵
  PID:8548
- C:\Windows\System\pmcTVxY.exe
  C:\Windows\System\pmcTVxY.exe
  2⤵
  PID:8584
- C:\Windows\System\JmTvYSi.exe
  C:\Windows\System\JmTvYSi.exe
  2⤵
  PID:8608
- C:\Windows\System\JKfCsWR.exe
  C:\Windows\System\JKfCsWR.exe
  2⤵
  PID:8632
- C:\Windows\System\UeWYXLa.exe
  C:\Windows\System\UeWYXLa.exe
  2⤵
  PID:8656
- C:\Windows\System\WEjFfSw.exe
  C:\Windows\System\WEjFfSw.exe
  2⤵
  PID:8680
- C:\Windows\System\IeJUHLc.exe
  C:\Windows\System\IeJUHLc.exe
  2⤵
  PID:8704
- C:\Windows\System\cwualTe.exe
  C:\Windows\System\cwualTe.exe
  2⤵
  PID:8748
- C:\Windows\System\CNIoXpA.exe
  C:\Windows\System\CNIoXpA.exe
  2⤵
  PID:8788
- C:\Windows\System\DLNMolt.exe
  C:\Windows\System\DLNMolt.exe
  2⤵
  PID:8812
- C:\Windows\System\CgPQmoV.exe
  C:\Windows\System\CgPQmoV.exe
  2⤵
  PID:8840
- C:\Windows\System\OGJdtor.exe
  C:\Windows\System\OGJdtor.exe
  2⤵
  PID:8856
- C:\Windows\System\prteYjm.exe
  C:\Windows\System\prteYjm.exe
  2⤵
  PID:8896
- C:\Windows\System\uPAdcon.exe
  C:\Windows\System\uPAdcon.exe
  2⤵
  PID:8932
- C:\Windows\System\CAmhodd.exe
  C:\Windows\System\CAmhodd.exe
  2⤵
  PID:8952
- C:\Windows\System\xoRFOrK.exe
  C:\Windows\System\xoRFOrK.exe
  2⤵
  PID:8972
- C:\Windows\System\tXxTYhB.exe
  C:\Windows\System\tXxTYhB.exe
  2⤵
  PID:8992
- C:\Windows\System\LUQNbGX.exe
  C:\Windows\System\LUQNbGX.exe
  2⤵
  PID:9044
- C:\Windows\System\mDlbvgC.exe
  C:\Windows\System\mDlbvgC.exe
  2⤵
  PID:9064
- C:\Windows\System\ZTJQYsS.exe
  C:\Windows\System\ZTJQYsS.exe
  2⤵
  PID:9084
- C:\Windows\System\gmxBBOf.exe
  C:\Windows\System\gmxBBOf.exe
  2⤵
  PID:9100
- C:\Windows\System\xQmCbqb.exe
  C:\Windows\System\xQmCbqb.exe
  2⤵
  PID:9120
- C:\Windows\System\uYdruCN.exe
  C:\Windows\System\uYdruCN.exe
  2⤵
  PID:9152
- C:\Windows\System\dItASZj.exe
  C:\Windows\System\dItASZj.exe
  2⤵
  PID:9204
- C:\Windows\System\ivLnHcR.exe
  C:\Windows\System\ivLnHcR.exe
  2⤵
  PID:7536
- C:\Windows\System\nytUYNL.exe
  C:\Windows\System\nytUYNL.exe
  2⤵
  PID:8236
- C:\Windows\System\amjXRDz.exe
  C:\Windows\System\amjXRDz.exe
  2⤵
  PID:8316
- C:\Windows\System\EBtnSle.exe
  C:\Windows\System\EBtnSle.exe
  2⤵
  PID:8412
- C:\Windows\System\RVAcWPl.exe
  C:\Windows\System\RVAcWPl.exe
  2⤵
  PID:8432
- C:\Windows\System\TUoxoon.exe
  C:\Windows\System\TUoxoon.exe
  2⤵
  PID:8508
- C:\Windows\System\SUCIMdv.exe
  C:\Windows\System\SUCIMdv.exe
  2⤵
  PID:8580
- C:\Windows\System\WakuswA.exe
  C:\Windows\System\WakuswA.exe
  2⤵
  PID:8616
- C:\Windows\System\wAVQQtc.exe
  C:\Windows\System\wAVQQtc.exe
  2⤵
  PID:8692
- C:\Windows\System\czLSVlf.exe
  C:\Windows\System\czLSVlf.exe
  2⤵
  PID:8724
- C:\Windows\System\oristYc.exe
  C:\Windows\System\oristYc.exe
  2⤵
  PID:8800
- C:\Windows\System\PeFYVHB.exe
  C:\Windows\System\PeFYVHB.exe
  2⤵
  PID:8908
- C:\Windows\System\dZKZIoF.exe
  C:\Windows\System\dZKZIoF.exe
  2⤵
  PID:8892
- C:\Windows\System\CfcgBON.exe
  C:\Windows\System\CfcgBON.exe
  2⤵
  PID:8964
- C:\Windows\System\kcHcLHn.exe
  C:\Windows\System\kcHcLHn.exe
  2⤵
  PID:9004
- C:\Windows\System\QKLsuGK.exe
  C:\Windows\System\QKLsuGK.exe
  2⤵
  PID:9052
- C:\Windows\System\RGJaqGI.exe
  C:\Windows\System\RGJaqGI.exe
  2⤵
  PID:9140
- C:\Windows\System\CdptDeY.exe
  C:\Windows\System\CdptDeY.exe
  2⤵
  PID:9172
- C:\Windows\System\SrEIDVZ.exe
  C:\Windows\System\SrEIDVZ.exe
  2⤵
  PID:8392
- C:\Windows\System\lXrntnC.exe
  C:\Windows\System\lXrntnC.exe
  2⤵
  PID:8572
- C:\Windows\System\uMmqPBC.exe
  C:\Windows\System\uMmqPBC.exe
  2⤵
  PID:8604
- C:\Windows\System\pmTbVJJ.exe
  C:\Windows\System\pmTbVJJ.exe
  2⤵
  PID:8764
- C:\Windows\System\mOMOgpz.exe
  C:\Windows\System\mOMOgpz.exe
  2⤵
  PID:8948
- C:\Windows\System\sXKqmCH.exe
  C:\Windows\System\sXKqmCH.exe
  2⤵
  PID:8328
- C:\Windows\System\jOzLMPx.exe
  C:\Windows\System\jOzLMPx.exe
  2⤵
  PID:8204
- C:\Windows\System\eKVWsCU.exe
  C:\Windows\System\eKVWsCU.exe
  2⤵
  PID:8304
- C:\Windows\System\RdTTRDL.exe
  C:\Windows\System\RdTTRDL.exe
  2⤵
  PID:8944
- C:\Windows\System\KIHyfIr.exe
  C:\Windows\System\KIHyfIr.exe
  2⤵
  PID:9236
- C:\Windows\System\FSPDftU.exe
  C:\Windows\System\FSPDftU.exe
  2⤵
  PID:9264
- C:\Windows\System\UBxlBYj.exe
  C:\Windows\System\UBxlBYj.exe
  2⤵
  PID:9288
- C:\Windows\System\LOoFlrB.exe
  C:\Windows\System\LOoFlrB.exe
  2⤵
  PID:9304
- C:\Windows\System\PlGUrcF.exe
  C:\Windows\System\PlGUrcF.exe
  2⤵
  PID:9324
- C:\Windows\System\vQqjflc.exe
  C:\Windows\System\vQqjflc.exe
  2⤵
  PID:9344
- C:\Windows\System\suJPWSW.exe
  C:\Windows\System\suJPWSW.exe
  2⤵
  PID:9372
- C:\Windows\System\EAzPNFr.exe
  C:\Windows\System\EAzPNFr.exe
  2⤵
  PID:9396
- C:\Windows\System\EbVopNe.exe
  C:\Windows\System\EbVopNe.exe
  2⤵
  PID:9432
- C:\Windows\System\KNMzMWk.exe
  C:\Windows\System\KNMzMWk.exe
  2⤵
  PID:9456
- C:\Windows\System\ITSuFGw.exe
  C:\Windows\System\ITSuFGw.exe
  2⤵
  PID:9492
- C:\Windows\System\hHgHlUF.exe
  C:\Windows\System\hHgHlUF.exe
  2⤵
  PID:9544
- C:\Windows\System\jVYMzpx.exe
  C:\Windows\System\jVYMzpx.exe
  2⤵
  PID:9564
- C:\Windows\System\PqHubQQ.exe
  C:\Windows\System\PqHubQQ.exe
  2⤵
  PID:9584
- C:\Windows\System\UAnLZGn.exe
  C:\Windows\System\UAnLZGn.exe
  2⤵
  PID:9604
- C:\Windows\System\rQGkFkO.exe
  C:\Windows\System\rQGkFkO.exe
  2⤵
  PID:9640
- C:\Windows\System\zoOIycq.exe
  C:\Windows\System\zoOIycq.exe
  2⤵
  PID:9672
- C:\Windows\System\nWosluV.exe
  C:\Windows\System\nWosluV.exe
  2⤵
  PID:9692
- C:\Windows\System\UGXEcxC.exe
  C:\Windows\System\UGXEcxC.exe
  2⤵
  PID:9716
- C:\Windows\System\MkeYrkI.exe
  C:\Windows\System\MkeYrkI.exe
  2⤵
  PID:9740
- C:\Windows\System\TkjRKog.exe
  C:\Windows\System\TkjRKog.exe
  2⤵
  PID:9764
- C:\Windows\System\knjdqUv.exe
  C:\Windows\System\knjdqUv.exe
  2⤵
  PID:9788
- C:\Windows\System\ehyzCTB.exe
  C:\Windows\System\ehyzCTB.exe
  2⤵
  PID:9828
- C:\Windows\System\NwUDTEM.exe
  C:\Windows\System\NwUDTEM.exe
  2⤵
  PID:9880
- C:\Windows\System\pJHdelj.exe
  C:\Windows\System\pJHdelj.exe
  2⤵
  PID:9920
- C:\Windows\System\ApPFoFR.exe
  C:\Windows\System\ApPFoFR.exe
  2⤵
  PID:9940
- C:\Windows\System\ujVLYmC.exe
  C:\Windows\System\ujVLYmC.exe
  2⤵
  PID:9960
- C:\Windows\System\oxNYmSg.exe
  C:\Windows\System\oxNYmSg.exe
  2⤵
  PID:9988
- C:\Windows\System\tWJvoDP.exe
  C:\Windows\System\tWJvoDP.exe
  2⤵
  PID:10008
- C:\Windows\System\HJHXScn.exe
  C:\Windows\System\HJHXScn.exe
  2⤵
  PID:10032
- C:\Windows\System\rAyTPPI.exe
  C:\Windows\System\rAyTPPI.exe
  2⤵
  PID:10060
- C:\Windows\System\xlHHabK.exe
  C:\Windows\System\xlHHabK.exe
  2⤵
  PID:10112
- C:\Windows\System\AFOMLpp.exe
  C:\Windows\System\AFOMLpp.exe
  2⤵
  PID:10156
- C:\Windows\System\Vatthnp.exe
  C:\Windows\System\Vatthnp.exe
  2⤵
  PID:10184
- C:\Windows\System\JsBXGMB.exe
  C:\Windows\System\JsBXGMB.exe
  2⤵
  PID:10208
- C:\Windows\System\psdoNvg.exe
  C:\Windows\System\psdoNvg.exe
  2⤵
  PID:10224
- C:\Windows\System\hrxKZox.exe
  C:\Windows\System\hrxKZox.exe
  2⤵
  PID:8284
- C:\Windows\System\tTQZAKe.exe
  C:\Windows\System\tTQZAKe.exe
  2⤵
  PID:9244
- C:\Windows\System\MXcaUBe.exe
  C:\Windows\System\MXcaUBe.exe
  2⤵
  PID:9260
- C:\Windows\System\mPhZKHQ.exe
  C:\Windows\System\mPhZKHQ.exe
  2⤵
  PID:9300
- C:\Windows\System\TIJDMvk.exe
  C:\Windows\System\TIJDMvk.exe
  2⤵
  PID:9380
- C:\Windows\System\OPRkZzw.exe
  C:\Windows\System\OPRkZzw.exe
  2⤵
  PID:9404
- C:\Windows\System\iKVKoHD.exe
  C:\Windows\System\iKVKoHD.exe
  2⤵
  PID:9392
- C:\Windows\System\cKcfMZF.exe
  C:\Windows\System\cKcfMZF.exe
  2⤵
  PID:9552
- C:\Windows\System\EFirKBz.exe
  C:\Windows\System\EFirKBz.exe
  2⤵
  PID:9624
- C:\Windows\System\JXymBAC.exe
  C:\Windows\System\JXymBAC.exe
  2⤵
  PID:9688
- C:\Windows\System\bvldpdg.exe
  C:\Windows\System\bvldpdg.exe
  2⤵
  PID:9748
- C:\Windows\System\kuNZEHa.exe
  C:\Windows\System\kuNZEHa.exe
  2⤵
  PID:9784
- C:\Windows\System\NHDWpJq.exe
  C:\Windows\System\NHDWpJq.exe
  2⤵
  PID:9652
- C:\Windows\System\BVDOcgI.exe
  C:\Windows\System\BVDOcgI.exe
  2⤵
  PID:10048
- C:\Windows\System\neJUwPO.exe
  C:\Windows\System\neJUwPO.exe
  2⤵
  PID:10100
- C:\Windows\System\cjoSrap.exe
  C:\Windows\System\cjoSrap.exe
  2⤵
  PID:10056
- C:\Windows\System\cyMbNUN.exe
  C:\Windows\System\cyMbNUN.exe
  2⤵
  PID:10108
- C:\Windows\System\XsCHScb.exe
  C:\Windows\System\XsCHScb.exe
  2⤵
  PID:10140
- C:\Windows\System\LjFsDxc.exe
  C:\Windows\System\LjFsDxc.exe
  2⤵
  PID:10180
- C:\Windows\System\JEuSkgO.exe
  C:\Windows\System\JEuSkgO.exe
  2⤵
  PID:9272
- C:\Windows\System\KMOIVub.exe
  C:\Windows\System\KMOIVub.exe
  2⤵
  PID:9332
- C:\Windows\System\TUuoLqk.exe
  C:\Windows\System\TUuoLqk.exe
  2⤵
  PID:9820
- C:\Windows\System\lKugGbM.exe
  C:\Windows\System\lKugGbM.exe
  2⤵
  PID:9760
- C:\Windows\System\faOEHLJ.exe
  C:\Windows\System\faOEHLJ.exe
  2⤵
  PID:10072
- C:\Windows\System\ErIIryD.exe
  C:\Windows\System\ErIIryD.exe
  2⤵
  PID:10164
- C:\Windows\System\cQNRlMo.exe
  C:\Windows\System\cQNRlMo.exe
  2⤵
  PID:8796
- C:\Windows\System\BkZMRqv.exe
  C:\Windows\System\BkZMRqv.exe
  2⤵
  PID:9908
- C:\Windows\System\SzwszsE.exe
  C:\Windows\System\SzwszsE.exe
  2⤵
  PID:10256
- C:\Windows\System\WKfpMFG.exe
  C:\Windows\System\WKfpMFG.exe
  2⤵
  PID:10280
- C:\Windows\System\bdLflbj.exe
  C:\Windows\System\bdLflbj.exe
  2⤵
  PID:10304
- C:\Windows\System\ipFwnxr.exe
  C:\Windows\System\ipFwnxr.exe
  2⤵
  PID:10340
- C:\Windows\System\VCpoKmO.exe
  C:\Windows\System\VCpoKmO.exe
  2⤵
  PID:10368
- C:\Windows\System\xwuDUMj.exe
  C:\Windows\System\xwuDUMj.exe
  2⤵
  PID:10392
- C:\Windows\System\CutBBLp.exe
  C:\Windows\System\CutBBLp.exe
  2⤵
  PID:10420
- C:\Windows\System\STEmISq.exe
  C:\Windows\System\STEmISq.exe
  2⤵
  PID:10440
- C:\Windows\System\nzfMjJr.exe
  C:\Windows\System\nzfMjJr.exe
  2⤵
  PID:10484
- C:\Windows\System\Fzhqaui.exe
  C:\Windows\System\Fzhqaui.exe
  2⤵
  PID:10528
- C:\Windows\System\mNHWjku.exe
  C:\Windows\System\mNHWjku.exe
  2⤵
  PID:10552
- C:\Windows\System\XdKCzao.exe
  C:\Windows\System\XdKCzao.exe
  2⤵
  PID:10580
- C:\Windows\System\TkZanVH.exe
  C:\Windows\System\TkZanVH.exe
  2⤵
  PID:10632
- C:\Windows\System\sTEkRZD.exe
  C:\Windows\System\sTEkRZD.exe
  2⤵
  PID:10656
- C:\Windows\System\GnlpXVA.exe
  C:\Windows\System\GnlpXVA.exe
  2⤵
  PID:10672
- C:\Windows\System\OqbJlZL.exe
  C:\Windows\System\OqbJlZL.exe
  2⤵
  PID:10692
- C:\Windows\System\rLkCqUh.exe
  C:\Windows\System\rLkCqUh.exe
  2⤵
  PID:10712
- C:\Windows\System\dUDCqeu.exe
  C:\Windows\System\dUDCqeu.exe
  2⤵
  PID:10736
- C:\Windows\System\sGZaMDJ.exe
  C:\Windows\System\sGZaMDJ.exe
  2⤵
  PID:10756
- C:\Windows\System\uSZurHY.exe
  C:\Windows\System\uSZurHY.exe
  2⤵
  PID:10788
- C:\Windows\System\SkwiCRX.exe
  C:\Windows\System\SkwiCRX.exe
  2⤵
  PID:10844
- C:\Windows\System\kkVpkbH.exe
  C:\Windows\System\kkVpkbH.exe
  2⤵
  PID:10864
- C:\Windows\System\jgbtUbB.exe
  C:\Windows\System\jgbtUbB.exe
  2⤵
  PID:10892
- C:\Windows\System\orGfpXO.exe
  C:\Windows\System\orGfpXO.exe
  2⤵
  PID:10908
- C:\Windows\System\iTcIjmk.exe
  C:\Windows\System\iTcIjmk.exe
  2⤵
  PID:10932
- C:\Windows\System\gbzMCyb.exe
  C:\Windows\System\gbzMCyb.exe
  2⤵
  PID:10988
- C:\Windows\System\JiUKoca.exe
  C:\Windows\System\JiUKoca.exe
  2⤵
  PID:11008
- C:\Windows\System\zOfzvgB.exe
  C:\Windows\System\zOfzvgB.exe
  2⤵
  PID:11044
- C:\Windows\System\ZkeWjbr.exe
  C:\Windows\System\ZkeWjbr.exe
  2⤵
  PID:11064
- C:\Windows\System\oQdPhKO.exe
  C:\Windows\System\oQdPhKO.exe
  2⤵
  PID:11108
- C:\Windows\System\mxSvuzh.exe
  C:\Windows\System\mxSvuzh.exe
  2⤵
  PID:11128
- C:\Windows\System\lknsFjC.exe
  C:\Windows\System\lknsFjC.exe
  2⤵
  PID:11156
- C:\Windows\System\TTsjhlo.exe
  C:\Windows\System\TTsjhlo.exe
  2⤵
  PID:11184
- C:\Windows\System\EWNWeGE.exe
  C:\Windows\System\EWNWeGE.exe
  2⤵
  PID:11224
- C:\Windows\System\UxJOhFV.exe
  C:\Windows\System\UxJOhFV.exe
  2⤵
  PID:11248
- C:\Windows\System\SZufcHP.exe
  C:\Windows\System\SZufcHP.exe
  2⤵
  PID:10220
- C:\Windows\System\VhbYWsM.exe
  C:\Windows\System\VhbYWsM.exe
  2⤵
  PID:9780
- C:\Windows\System\UvpqNBs.exe
  C:\Windows\System\UvpqNBs.exe
  2⤵
  PID:10264
- C:\Windows\System\BMGaYrX.exe
  C:\Windows\System\BMGaYrX.exe
  2⤵
  PID:10332
- C:\Windows\System\TMXBIGH.exe
  C:\Windows\System\TMXBIGH.exe
  2⤵
  PID:10432
- C:\Windows\System\YJzUEuT.exe
  C:\Windows\System\YJzUEuT.exe
  2⤵
  PID:10412
- C:\Windows\System\WpeOcOl.exe
  C:\Windows\System\WpeOcOl.exe
  2⤵
  PID:10496
- C:\Windows\System\OVqFFxF.exe
  C:\Windows\System\OVqFFxF.exe
  2⤵
  PID:10540
- C:\Windows\System\pXUCXqe.exe
  C:\Windows\System\pXUCXqe.exe
  2⤵
  PID:10576
- C:\Windows\System\rinuOaa.exe
  C:\Windows\System\rinuOaa.exe
  2⤵
  PID:10720
- C:\Windows\System\odIWpII.exe
  C:\Windows\System\odIWpII.exe
  2⤵
  PID:10824
- C:\Windows\System\StUzATj.exe
  C:\Windows\System\StUzATj.exe
  2⤵
  PID:10876
- C:\Windows\System\sTimlsv.exe
  C:\Windows\System\sTimlsv.exe
  2⤵
  PID:10920
- C:\Windows\System\CQnLsAl.exe
  C:\Windows\System\CQnLsAl.exe
  2⤵
  PID:11004
- C:\Windows\System\YOGHOXp.exe
  C:\Windows\System\YOGHOXp.exe
  2⤵
  PID:11028
- C:\Windows\System\EaYwpid.exe
  C:\Windows\System\EaYwpid.exe
  2⤵
  PID:11124
- C:\Windows\System\TLMEPXh.exe
  C:\Windows\System\TLMEPXh.exe
  2⤵
  PID:11200
- C:\Windows\System\DknikhW.exe
  C:\Windows\System\DknikhW.exe
  2⤵
  PID:11256
- C:\Windows\System\LypQRVO.exe
  C:\Windows\System\LypQRVO.exe
  2⤵
  PID:10548
- C:\Windows\System\esZDeDt.exe
  C:\Windows\System\esZDeDt.exe
  2⤵
  PID:10472
- C:\Windows\System\GNAoQiK.exe
  C:\Windows\System\GNAoQiK.exe
  2⤵
  PID:10668
- C:\Windows\System\WKYNtZa.exe
  C:\Windows\System\WKYNtZa.exe
  2⤵
  PID:10804
- C:\Windows\System\nDbtcsJ.exe
  C:\Windows\System\nDbtcsJ.exe
  2⤵
  PID:10964
- C:\Windows\System\LENHMcv.exe
  C:\Windows\System\LENHMcv.exe
  2⤵
  PID:11240
- C:\Windows\System\mzTpjpO.exe
  C:\Windows\System\mzTpjpO.exe
  2⤵
  PID:10860
- C:\Windows\System\ZgFFCgY.exe
  C:\Windows\System\ZgFFCgY.exe
  2⤵
  PID:11000
- C:\Windows\System\fPViBbQ.exe
  C:\Windows\System\fPViBbQ.exe
  2⤵
  PID:11180
- C:\Windows\System\ZtNdNxg.exe
  C:\Windows\System\ZtNdNxg.exe
  2⤵
  PID:11032
- C:\Windows\System\HKAaPhB.exe
  C:\Windows\System\HKAaPhB.exe
  2⤵
  PID:11280
- C:\Windows\System\RJZNFiP.exe
  C:\Windows\System\RJZNFiP.exe
  2⤵
  PID:11300
- C:\Windows\System\aWZrcNg.exe
  C:\Windows\System\aWZrcNg.exe
  2⤵
  PID:11320
- C:\Windows\System\fZnEICf.exe
  C:\Windows\System\fZnEICf.exe
  2⤵
  PID:11356
- C:\Windows\System\FkLFshr.exe
  C:\Windows\System\FkLFshr.exe
  2⤵
  PID:11376
- C:\Windows\System\Xtfijin.exe
  C:\Windows\System\Xtfijin.exe
  2⤵
  PID:11396
- C:\Windows\System\BzSzqqD.exe
  C:\Windows\System\BzSzqqD.exe
  2⤵
  PID:11456
- C:\Windows\System\mHDFGAO.exe
  C:\Windows\System\mHDFGAO.exe
  2⤵
  PID:11488
- C:\Windows\System\TIelvZQ.exe
  C:\Windows\System\TIelvZQ.exe
  2⤵
  PID:11504
- C:\Windows\System\NrfZxWE.exe
  C:\Windows\System\NrfZxWE.exe
  2⤵
  PID:11548
- C:\Windows\System\jmICKPl.exe
  C:\Windows\System\jmICKPl.exe
  2⤵
  PID:11564
- C:\Windows\System\RdqZbVS.exe
  C:\Windows\System\RdqZbVS.exe
  2⤵
  PID:11588
- C:\Windows\System\PdLxPhn.exe
  C:\Windows\System\PdLxPhn.exe
  2⤵
  PID:11604
- C:\Windows\System\LTLZPRU.exe
  C:\Windows\System\LTLZPRU.exe
  2⤵
  PID:11628
- C:\Windows\System\TtQlxfj.exe
  C:\Windows\System\TtQlxfj.exe
  2⤵
  PID:11648
- C:\Windows\System\NJUoJaD.exe
  C:\Windows\System\NJUoJaD.exe
  2⤵
  PID:11668
- C:\Windows\System\ihuQKaZ.exe
  C:\Windows\System\ihuQKaZ.exe
  2⤵
  PID:11700
- C:\Windows\System\zemokip.exe
  C:\Windows\System\zemokip.exe
  2⤵
  PID:11724
- C:\Windows\System\sOBjlkx.exe
  C:\Windows\System\sOBjlkx.exe
  2⤵
  PID:11748
- C:\Windows\System\sDlMbGP.exe
  C:\Windows\System\sDlMbGP.exe
  2⤵
  PID:11768
- C:\Windows\System\OwAHsyy.exe
  C:\Windows\System\OwAHsyy.exe
  2⤵
  PID:11808
- C:\Windows\System\QTzIzay.exe
  C:\Windows\System\QTzIzay.exe
  2⤵
  PID:11828
- C:\Windows\System\kpRSOxF.exe
  C:\Windows\System\kpRSOxF.exe
  2⤵
  PID:11848
- C:\Windows\System\WbsYcuP.exe
  C:\Windows\System\WbsYcuP.exe
  2⤵
  PID:11880
- C:\Windows\System\oxdXQNh.exe
  C:\Windows\System\oxdXQNh.exe
  2⤵
  PID:11896
- C:\Windows\System\fnXJxOm.exe
  C:\Windows\System\fnXJxOm.exe
  2⤵
  PID:11932
- C:\Windows\System\oXhPwCG.exe
  C:\Windows\System\oXhPwCG.exe
  2⤵
  PID:11948
- C:\Windows\System\AkhkNlA.exe
  C:\Windows\System\AkhkNlA.exe
  2⤵
  PID:11968
- C:\Windows\System\YqXrBWb.exe
  C:\Windows\System\YqXrBWb.exe
  2⤵
  PID:11992
- C:\Windows\System\MeUXLBV.exe
  C:\Windows\System\MeUXLBV.exe
  2⤵
  PID:12032
- C:\Windows\System\uWVAgma.exe
  C:\Windows\System\uWVAgma.exe
  2⤵
  PID:12052
- C:\Windows\System\SWvtlOG.exe
  C:\Windows\System\SWvtlOG.exe
  2⤵
  PID:12108
- C:\Windows\System\qkYVTtz.exe
  C:\Windows\System\qkYVTtz.exe
  2⤵
  PID:12160
- C:\Windows\System\cJQCNIU.exe
  C:\Windows\System\cJQCNIU.exe
  2⤵
  PID:12184
- C:\Windows\System\EFmcrXL.exe
  C:\Windows\System\EFmcrXL.exe
  2⤵
  PID:12232
- C:\Windows\System\ZppLfda.exe
  C:\Windows\System\ZppLfda.exe
  2⤵
  PID:12260
- C:\Windows\System\vlNCslI.exe
  C:\Windows\System\vlNCslI.exe
  2⤵
  PID:11172
- C:\Windows\System\NhuAiqq.exe
  C:\Windows\System\NhuAiqq.exe
  2⤵
  PID:11296
- C:\Windows\System\OKFylMU.exe
  C:\Windows\System\OKFylMU.exe
  2⤵
  PID:11344
- C:\Windows\System\JfLCCFQ.exe
  C:\Windows\System\JfLCCFQ.exe
  2⤵
  PID:11384
- C:\Windows\System\StGJOSl.exe
  C:\Windows\System\StGJOSl.exe
  2⤵
  PID:11496
- C:\Windows\System\lmoQPKj.exe
  C:\Windows\System\lmoQPKj.exe
  2⤵
  PID:11580
- C:\Windows\System\CZlBzVK.exe
  C:\Windows\System\CZlBzVK.exe
  2⤵
  PID:11624
- C:\Windows\System\AizHtVA.exe
  C:\Windows\System\AizHtVA.exe
  2⤵
  PID:11660
- C:\Windows\System\VaAgoqS.exe
  C:\Windows\System\VaAgoqS.exe
  2⤵
  PID:11720
- C:\Windows\System\eggjguP.exe
  C:\Windows\System\eggjguP.exe
  2⤵
  PID:11824
- C:\Windows\System\yxxVMBH.exe
  C:\Windows\System\yxxVMBH.exe
  2⤵
  PID:11980
- C:\Windows\System\HARLGew.exe
  C:\Windows\System\HARLGew.exe
  2⤵
  PID:12020
- C:\Windows\System\EXOTisI.exe
  C:\Windows\System\EXOTisI.exe
  2⤵
  PID:12048
- C:\Windows\System\WPtGcDy.exe
  C:\Windows\System\WPtGcDy.exe
  2⤵
  PID:11956
- C:\Windows\System\bILgPhd.exe
  C:\Windows\System\bILgPhd.exe
  2⤵
  PID:12104
- C:\Windows\System\laxjaeL.exe
  C:\Windows\System\laxjaeL.exe
  2⤵
  PID:12196
- C:\Windows\System\ZmELggN.exe
  C:\Windows\System\ZmELggN.exe
  2⤵
  PID:12180
- C:\Windows\System\wQAVxMf.exe
  C:\Windows\System\wQAVxMf.exe
  2⤵
  PID:11332
- C:\Windows\System\gXSNdLY.exe
  C:\Windows\System\gXSNdLY.exe
  2⤵
  PID:11392
- C:\Windows\System\KSJigCP.exe
  C:\Windows\System\KSJigCP.exe
  2⤵
  PID:11556
- C:\Windows\System\YzshVZW.exe
  C:\Windows\System\YzshVZW.exe
  2⤵
  PID:11644
- C:\Windows\System\ljqRvxa.exe
  C:\Windows\System\ljqRvxa.exe
  2⤵
  PID:11760
- C:\Windows\System\uEhpSXi.exe
  C:\Windows\System\uEhpSXi.exe
  2⤵
  PID:11904
- C:\Windows\System\akMoNYs.exe
  C:\Windows\System\akMoNYs.exe
  2⤵
  PID:12072
- C:\Windows\System\XTuQyMw.exe
  C:\Windows\System\XTuQyMw.exe
  2⤵
  PID:12228
- C:\Windows\System\UFjOjJa.exe
  C:\Windows\System\UFjOjJa.exe
  2⤵
  PID:11864
- C:\Windows\System\sfrigrb.exe
  C:\Windows\System\sfrigrb.exe
  2⤵
  PID:11892
- C:\Windows\System\zgzJzbz.exe
  C:\Windows\System\zgzJzbz.exe
  2⤵
  PID:12148
- C:\Windows\System\PdeKVys.exe
  C:\Windows\System\PdeKVys.exe
  2⤵
  PID:11640
- C:\Windows\System\cbWknPz.exe
  C:\Windows\System\cbWknPz.exe
  2⤵
  PID:12332
- C:\Windows\System\KMZkeHj.exe
  C:\Windows\System\KMZkeHj.exe
  2⤵
  PID:12352
- C:\Windows\System\OBbXszB.exe
  C:\Windows\System\OBbXszB.exe
  2⤵
  PID:12372
- C:\Windows\System\pUTWMyK.exe
  C:\Windows\System\pUTWMyK.exe
  2⤵
  PID:12392
- C:\Windows\System\FWbPCxo.exe
  C:\Windows\System\FWbPCxo.exe
  2⤵
  PID:12428
- C:\Windows\System\PfJMVmA.exe
  C:\Windows\System\PfJMVmA.exe
  2⤵
  PID:12456
- C:\Windows\System\ftOFBOr.exe
  C:\Windows\System\ftOFBOr.exe
  2⤵
  PID:12480
- C:\Windows\System\XJhCXGf.exe
  C:\Windows\System\XJhCXGf.exe
  2⤵
  PID:12516
- C:\Windows\System\BraLgyM.exe
  C:\Windows\System\BraLgyM.exe
  2⤵
  PID:12536
- C:\Windows\System\JekyEIc.exe
  C:\Windows\System\JekyEIc.exe
  2⤵
  PID:12572
- C:\Windows\System\uFdGLIz.exe
  C:\Windows\System\uFdGLIz.exe
  2⤵
  PID:12608
- C:\Windows\System\oXiPqFK.exe
  C:\Windows\System\oXiPqFK.exe
  2⤵
  PID:12632
- C:\Windows\System\qAqeZWJ.exe
  C:\Windows\System\qAqeZWJ.exe
  2⤵
  PID:12656
- C:\Windows\System\FnzTUbE.exe
  C:\Windows\System\FnzTUbE.exe
  2⤵
  PID:12696
- C:\Windows\System\BOFKOrS.exe
  C:\Windows\System\BOFKOrS.exe
  2⤵
  PID:12728
- C:\Windows\System\drYsDBI.exe
  C:\Windows\System\drYsDBI.exe
  2⤵
  PID:12752
- C:\Windows\System\cNHofyD.exe
  C:\Windows\System\cNHofyD.exe
  2⤵
  PID:12780
- C:\Windows\System\szJjjus.exe
  C:\Windows\System\szJjjus.exe
  2⤵
  PID:12800
- C:\Windows\System\bMmUnLi.exe
  C:\Windows\System\bMmUnLi.exe
  2⤵
  PID:12824
- C:\Windows\System\NguQAVv.exe
  C:\Windows\System\NguQAVv.exe
  2⤵
  PID:12848
- C:\Windows\System\jPIZTTA.exe
  C:\Windows\System\jPIZTTA.exe
  2⤵
  PID:12872
- C:\Windows\System\aVaBgEn.exe
  C:\Windows\System\aVaBgEn.exe
  2⤵
  PID:12920
- C:\Windows\System\GQgDDJg.exe
  C:\Windows\System\GQgDDJg.exe
  2⤵
  PID:12948
- C:\Windows\System\LbUFYmF.exe
  C:\Windows\System\LbUFYmF.exe
  2⤵
  PID:12968
- C:\Windows\System\dLrgrsi.exe
  C:\Windows\System\dLrgrsi.exe
  2⤵
  PID:13020
- C:\Windows\System\QNQQlzN.exe
  C:\Windows\System\QNQQlzN.exe
  2⤵
  PID:13040
- C:\Windows\System\KmZzPNk.exe
  C:\Windows\System\KmZzPNk.exe
  2⤵
  PID:13060
- C:\Windows\System\ZVUWZRx.exe
  C:\Windows\System\ZVUWZRx.exe
  2⤵
  PID:13076
- C:\Windows\System\ztJXJKK.exe
  C:\Windows\System\ztJXJKK.exe
  2⤵
  PID:13112
- C:\Windows\System\nAYjPJg.exe
  C:\Windows\System\nAYjPJg.exe
  2⤵
  PID:13132
- C:\Windows\System\ajpzbKi.exe
  C:\Windows\System\ajpzbKi.exe
  2⤵
  PID:13176
- C:\Windows\System\qYMrRBR.exe
  C:\Windows\System\qYMrRBR.exe
  2⤵
  PID:13212
- C:\Windows\System\ovRJmOB.exe
  C:\Windows\System\ovRJmOB.exe
  2⤵
  PID:13232
- C:\Windows\System\RGYwyUR.exe
  C:\Windows\System\RGYwyUR.exe
  2⤵
  PID:13260
- C:\Windows\System\pQYuZkF.exe
  C:\Windows\System\pQYuZkF.exe
  2⤵
  PID:13280
- C:\Windows\System\RWaArsd.exe
  C:\Windows\System\RWaArsd.exe
  2⤵
  PID:13300
- C:\Windows\System\SnmrcfF.exe
  C:\Windows\System\SnmrcfF.exe
  2⤵
  PID:12340
- C:\Windows\System\Sxcsehb.exe
  C:\Windows\System\Sxcsehb.exe
  2⤵
  PID:12448
- C:\Windows\System\axcuLrB.exe
  C:\Windows\System\axcuLrB.exe
  2⤵
  PID:12476
- C:\Windows\System\SGETvkl.exe
  C:\Windows\System\SGETvkl.exe
  2⤵
  PID:12588
- C:\Windows\System\VEdNmZx.exe
  C:\Windows\System\VEdNmZx.exe
  2⤵
  PID:12628
- C:\Windows\System\TKKyoEP.exe
  C:\Windows\System\TKKyoEP.exe
  2⤵
  PID:12720
- C:\Windows\System\ZovuWLE.exe
  C:\Windows\System\ZovuWLE.exe
  2⤵
  PID:12796
- C:\Windows\System\WMuKYNw.exe
  C:\Windows\System\WMuKYNw.exe
  2⤵
  PID:12820
- C:\Windows\System\DMqoQjE.exe
  C:\Windows\System\DMqoQjE.exe
  2⤵
  PID:12860
- C:\Windows\System\PGSBwMn.exe
  C:\Windows\System\PGSBwMn.exe
  2⤵
  PID:12932
- C:\Windows\System\GCiTmFd.exe
  C:\Windows\System\GCiTmFd.exe
  2⤵
  PID:13072
- C:\Windows\System\iYDmAGm.exe
  C:\Windows\System\iYDmAGm.exe
  2⤵
  PID:13088
- C:\Windows\System\NSOHZMs.exe
  C:\Windows\System\NSOHZMs.exe
  2⤵
  PID:13120
- C:\Windows\System\HMGLWLM.exe
  C:\Windows\System\HMGLWLM.exe
  2⤵
  PID:13196
- C:\Windows\System\lzlPwAH.exe
  C:\Windows\System\lzlPwAH.exe
  2⤵
  PID:13272
- C:\Windows\System\fHutzNQ.exe
  C:\Windows\System\fHutzNQ.exe
  2⤵
  PID:12368
- C:\Windows\System\BhawMYP.exe
  C:\Windows\System\BhawMYP.exe
  2⤵
  PID:12436
- C:\Windows\System\TbWomET.exe
  C:\Windows\System\TbWomET.exe
  2⤵
  PID:12508
- C:\Windows\System\GiAwAJQ.exe
  C:\Windows\System\GiAwAJQ.exe
  2⤵
  PID:12672
- C:\Windows\System\UNTcrPT.exe
  C:\Windows\System\UNTcrPT.exe
  2⤵
  PID:12816
- C:\Windows\System\DJfSByB.exe
  C:\Windows\System\DJfSByB.exe
  2⤵
  PID:12976
- C:\Windows\System\sXBoeGH.exe
  C:\Windows\System\sXBoeGH.exe
  2⤵
  PID:13056
- C:\Windows\System\QkutbnT.exe
  C:\Windows\System\QkutbnT.exe
  2⤵
  PID:12416
- C:\Windows\System\tUWLoam.exe
  C:\Windows\System\tUWLoam.exe
  2⤵
  PID:12944
- C:\Windows\System\zTGmWbn.exe
  C:\Windows\System\zTGmWbn.exe
  2⤵
  PID:12748
- C:\Windows\System\XHonbsQ.exe
  C:\Windows\System\XHonbsQ.exe
  2⤵
  PID:12960
- C:\Windows\System\RdKRgYl.exe
  C:\Windows\System\RdKRgYl.exe
  2⤵
  PID:13348
- C:\Windows\System\izNTYhR.exe
  C:\Windows\System\izNTYhR.exe
  2⤵
  PID:13380
- C:\Windows\System\IpWUHmR.exe
  C:\Windows\System\IpWUHmR.exe
  2⤵
  PID:13400
- C:\Windows\System\rAWMzQd.exe
  C:\Windows\System\rAWMzQd.exe
  2⤵
  PID:13420
- C:\Windows\System\vAymAbd.exe
  C:\Windows\System\vAymAbd.exe
  2⤵
  PID:13436
- C:\Windows\System\Nfcminp.exe
  C:\Windows\System\Nfcminp.exe
  2⤵
  PID:13460
- C:\Windows\System\sBcvwQM.exe
  C:\Windows\System\sBcvwQM.exe
  2⤵
  PID:13480
- C:\Windows\System\BKZuUcT.exe
  C:\Windows\System\BKZuUcT.exe
  2⤵
  PID:13508
- C:\Windows\System\oqWorIH.exe
  C:\Windows\System\oqWorIH.exe
  2⤵
  PID:13528
- C:\Windows\System\BCLAXBn.exe
  C:\Windows\System\BCLAXBn.exe
  2⤵
  PID:13548
- C:\Windows\System\oTNnIcl.exe
  C:\Windows\System\oTNnIcl.exe
  2⤵
  PID:13568
- C:\Windows\System\UNJZFBT.exe
  C:\Windows\System\UNJZFBT.exe
  2⤵
  PID:13592
- C:\Windows\System\qBvUlRi.exe
  C:\Windows\System\qBvUlRi.exe
  2⤵
  PID:13664
- C:\Windows\System\RcHJXMJ.exe
  C:\Windows\System\RcHJXMJ.exe
  2⤵
  PID:13696
- C:\Windows\System\HnkGTCl.exe
  C:\Windows\System\HnkGTCl.exe
  2⤵
  PID:13716
- C:\Windows\System\lJKWNNz.exe
  C:\Windows\System\lJKWNNz.exe
  2⤵
  PID:13736
- C:\Windows\System\eYobios.exe
  C:\Windows\System\eYobios.exe
  2⤵
  PID:13768
- C:\Windows\System\DhahNPt.exe
  C:\Windows\System\DhahNPt.exe
  2⤵
  PID:13788
- C:\Windows\System\ZgNZOBK.exe
  C:\Windows\System\ZgNZOBK.exe
  2⤵
  PID:13812
- C:\Windows\System\MmaWMQf.exe
  C:\Windows\System\MmaWMQf.exe
  2⤵
  PID:13924
- C:\Windows\System\gBGYveb.exe
  C:\Windows\System\gBGYveb.exe
  2⤵
  PID:13952
- C:\Windows\System\ubsnTEo.exe
  C:\Windows\System\ubsnTEo.exe
  2⤵
  PID:14016
- C:\Windows\System\OuvlFpH.exe
  C:\Windows\System\OuvlFpH.exe
  2⤵
  PID:14048
- C:\Windows\System\DVWogGA.exe
  C:\Windows\System\DVWogGA.exe
  2⤵
  PID:14072
- C:\Windows\System\GbtcNot.exe
  C:\Windows\System\GbtcNot.exe
  2⤵
  PID:14092
- C:\Windows\System\xRXEcwb.exe
  C:\Windows\System\xRXEcwb.exe
  2⤵
  PID:14120
- C:\Windows\System\fGZsGhv.exe
  C:\Windows\System\fGZsGhv.exe
  2⤵
  PID:14148
- C:\Windows\System\CFlNsAP.exe
  C:\Windows\System\CFlNsAP.exe
  2⤵
  PID:14176
- C:\Windows\System\bkJfVrx.exe
  C:\Windows\System\bkJfVrx.exe
  2⤵
  PID:14204
- C:\Windows\System\bmHRIMz.exe
  C:\Windows\System\bmHRIMz.exe
  2⤵
  PID:14228
- C:\Windows\System\GjOOCgg.exe
  C:\Windows\System\GjOOCgg.exe
  2⤵
  PID:14244
- C:\Windows\System\KCeemln.exe
  C:\Windows\System\KCeemln.exe
  2⤵
  PID:14276
- C:\Windows\System\GRNnrtT.exe
  C:\Windows\System\GRNnrtT.exe
  2⤵
  PID:14316
- C:\Windows\System\YBMKIjo.exe
  C:\Windows\System\YBMKIjo.exe
  2⤵
  PID:13012
- C:\Windows\System\yRZlkas.exe
  C:\Windows\System\yRZlkas.exe
  2⤵
  PID:12776
- C:\Windows\System\yGkoMNb.exe
  C:\Windows\System\yGkoMNb.exe
  2⤵
  PID:13368
- C:\Windows\System\AwTOvdt.exe
  C:\Windows\System\AwTOvdt.exe
  2⤵
  PID:13476
- C:\Windows\System\omEqxrC.exe
  C:\Windows\System\omEqxrC.exe
  2⤵
  PID:13544
- C:\Windows\System\EDMhlpj.exe
  C:\Windows\System\EDMhlpj.exe
  2⤵
  PID:13636
- C:\Windows\System\IlXOzoz.exe
  C:\Windows\System\IlXOzoz.exe
  2⤵
  PID:13672
- C:\Windows\System\IBIEGut.exe
  C:\Windows\System\IBIEGut.exe
  2⤵
  PID:13704
- C:\Windows\System\GXllGAS.exe
  C:\Windows\System\GXllGAS.exe
  2⤵
  PID:13780
- C:\Windows\System\baOzeWV.exe
  C:\Windows\System\baOzeWV.exe
  2⤵
  PID:13864
- C:\Windows\System\wSEmMnY.exe
  C:\Windows\System\wSEmMnY.exe
  2⤵
  PID:13872
- C:\Windows\System\QDwPzru.exe
  C:\Windows\System\QDwPzru.exe
  2⤵
  PID:13860
- C:\Windows\System\gXmjaND.exe
  C:\Windows\System\gXmjaND.exe
  2⤵
  PID:13888
- C:\Windows\System\Pqjomws.exe
  C:\Windows\System\Pqjomws.exe
  2⤵
  PID:14008
- C:\Windows\System\zqTDFRV.exe
  C:\Windows\System\zqTDFRV.exe
  2⤵
  PID:14132
- C:\Windows\System\lFyxJFZ.exe
  C:\Windows\System\lFyxJFZ.exe
  2⤵
  PID:14172
- C:\Windows\System\PEviKPK.exe
  C:\Windows\System\PEviKPK.exe
  2⤵
  PID:14164
- C:\Windows\System\zNbEvIl.exe
  C:\Windows\System\zNbEvIl.exe
  2⤵
  PID:14332
- C:\Windows\System\khKiklG.exe
  C:\Windows\System\khKiklG.exe
  2⤵
  PID:13520
- C:\Windows\System\fkEkXQl.exe
  C:\Windows\System\fkEkXQl.exe
  2⤵
  PID:13612
- C:\Windows\System\ifJKhya.exe
  C:\Windows\System\ifJKhya.exe
  2⤵
  PID:13820
- C:\Windows\System\iJBlifz.exe
  C:\Windows\System\iJBlifz.exe
  2⤵
  PID:13904
- C:\Windows\System\WIyYwmB.exe
  C:\Windows\System\WIyYwmB.exe
  2⤵
  PID:14028
- C:\Windows\System\PcLxbsh.exe
  C:\Windows\System\PcLxbsh.exe
  2⤵
  PID:14084
- C:\Windows\System\zbtLKWe.exe
  C:\Windows\System\zbtLKWe.exe
  2⤵
  PID:14064
- C:\Windows\System\wrLlcNV.exe
  C:\Windows\System\wrLlcNV.exe
  2⤵
  PID:14268
- C:\Windows\System\oYbXhhD.exe
  C:\Windows\System\oYbXhhD.exe
  2⤵
  PID:13644
- C:\Windows\System\AQMImQT.exe
  C:\Windows\System\AQMImQT.exe
  2⤵
  PID:14012
- C:\Windows\System\IwMMAZr.exe
  C:\Windows\System\IwMMAZr.exe
  2⤵
  PID:1752
- C:\Windows\System\zcCQFVo.exe
  C:\Windows\System\zcCQFVo.exe
  2⤵
  PID:14144
- C:\Windows\System\qkcEjUS.exe
  C:\Windows\System\qkcEjUS.exe
  2⤵
  PID:13516
- C:\Windows\System\xFqDwBH.exe
  C:\Windows\System\xFqDwBH.exe
  2⤵
  PID:1684
- C:\Windows\System\QGeNHun.exe
  C:\Windows\System\QGeNHun.exe
  2⤵
  PID:14348
- C:\Windows\System\QHCJqDR.exe
  C:\Windows\System\QHCJqDR.exe
  2⤵
  PID:14380
- C:\Windows\System\xqEcWFa.exe
  C:\Windows\System\xqEcWFa.exe
  2⤵
  PID:14408
- C:\Windows\System\UUoeBti.exe
  C:\Windows\System\UUoeBti.exe
  2⤵
  PID:14428
- C:\Windows\System\eErNXYA.exe
  C:\Windows\System\eErNXYA.exe
  2⤵
  PID:14472
- C:\Windows\System\IyzzwgQ.exe
  C:\Windows\System\IyzzwgQ.exe
  2⤵
  PID:14504
- C:\Windows\System\deTtsUM.exe
  C:\Windows\System\deTtsUM.exe
  2⤵
  PID:14544
- C:\Windows\System\qZEqYTr.exe
  C:\Windows\System\qZEqYTr.exe
  2⤵
  PID:14568
- C:\Windows\System\iooyciS.exe
  C:\Windows\System\iooyciS.exe
  2⤵
  PID:14588
- C:\Windows\System\qrwQEkr.exe
  C:\Windows\System\qrwQEkr.exe
  2⤵
  PID:14632
- C:\Windows\System\gOsXMWl.exe
  C:\Windows\System\gOsXMWl.exe
  2⤵
  PID:14648
- C:\Windows\System\hVFLKxn.exe
  C:\Windows\System\hVFLKxn.exe
  2⤵
  PID:14676
- C:\Windows\System\mqdBrEj.exe
  C:\Windows\System\mqdBrEj.exe
  2⤵
  PID:14692
- C:\Windows\System\UcrWLTR.exe
  C:\Windows\System\UcrWLTR.exe
  2⤵
  PID:14712
- C:\Windows\System\cTEqClQ.exe
  C:\Windows\System\cTEqClQ.exe
  2⤵
  PID:14736
- C:\Windows\System\rhUzYee.exe
  C:\Windows\System\rhUzYee.exe
  2⤵
  PID:14760
- C:\Windows\System\zcIjguo.exe
  C:\Windows\System\zcIjguo.exe
  2⤵
  PID:14852
- C:\Windows\System\gzZsGBj.exe
  C:\Windows\System\gzZsGBj.exe
  2⤵
  PID:14868
- C:\Windows\System\xmicziG.exe
  C:\Windows\System\xmicziG.exe
  2⤵
  PID:14884
- C:\Windows\System\jCmIaWR.exe
  C:\Windows\System\jCmIaWR.exe
  2⤵
  PID:14968

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AHyORtw.exe

Filesize
1.5MB

MD5
e765d043d104a3303a5c18a6b4ecf087

SHA1
229044f7369dfec7884f1ef6aced1e4fa8dc884a

SHA256
656ba09c9e1b75e0c06fbe00b0cac3eea80b580bd48b9717c6300e92bc057e71

SHA512
8b0d19c8e4cbc7dba4f88a79dc7ee7036065b1aa57b62a96fadc7884e6d20f202a928bff4cd8310c7c5eef324321d5a85900fa35d7d3b835bfbd89f36184619c

Download Submit
C:\Windows\System\BVqrGCq.exe

Filesize
1.5MB

MD5
6516956ceab26141431f76b682874b0a

SHA1
bd827d816efb6120213647dfd0990ecf98a0be88

SHA256
cfd9c92aff07bec61b5e598658412be2ea47265d76b8641c0f8584123925344c

SHA512
ead4162ca2d5c23ec4ffd41c87b0a6fb578ee64961f7a2b68807bf43bf691c8eb6088385e4d08d6ace9b205e4cd36e42b5242b2dfb0d0ba0a6d4aa2790557ac4

Download Submit
C:\Windows\System\BtODpDn.exe

Filesize
1.5MB

MD5
18853e6efdf19009fd1be492bcb97bfa

SHA1
46ef788dfa2d1ed514a5bd5c524b77dfc2930f31

SHA256
9c2969f7227873f068ebb3513c770a070f3c8ccafb58770bd33cdc2d1b926c2c

SHA512
a9633e6501369a016c1ae312275e5deb8a0cff59154b27c5dc203c71f07ea1d4e40221db099e5c5849b732ee2a626861ac90656c5ed602825ed70a5a2bdb86fa

Download Submit
C:\Windows\System\DSnPBaS.exe

Filesize
1.5MB

MD5
bf2a9b8aac2f945a251ae070fe5f4645

SHA1
d7b20e65135129a1514dfd374af88590c13c6fef

SHA256
2207f7ee67de80814d7548c9b87b3fd1dd283e3ea54c82c35f31b096b4a97445

SHA512
bce26ec881b1d6ca0b04ba9f0b39f2fa4418f5809d0b21007f467b901faf127e7e5bb9380039147f61e6a6180f63a276eaba3a723995425c86cdfef8a405919c

Download Submit
C:\Windows\System\EvTtmWj.exe

Filesize
1.5MB

MD5
13ed0f9506942dec655e92eb58eeb443

SHA1
4e72c03c1718735ee0fddc73508fe4db7b8816c1

SHA256
f9d76768e49dafb595a6f74e967b3b068782899219656bc37ffc624d32a6b42a

SHA512
cb200e4dee34ace918a1e4ac00cecd4f732bb66e208e2b03dab76d305e888a80267d68b1641a4af51c8024fe89a8bf023f4890a68cbc64e35e3933b6bc48e7a3

Download Submit
C:\Windows\System\GdIHSOd.exe

Filesize
1.5MB

MD5
4442367e24c40eaa0a052ed073ced839

SHA1
722717ec1787b554c62e89f8751b4cd8a32e5908

SHA256
c38bf105801a28eb943658ebe4c725fece59e037360f093983a0dc472cdb26a4

SHA512
80f0f1fea6ea7a56f13043998dba69cb45c3366f7101396830de2ee6923dbce82413206619f0e1aed0c5174e26f09940be526ff041c1f7a091c72a8986238890

Download Submit
C:\Windows\System\GfvhLcr.exe

Filesize
1.5MB

MD5
3ef55c4871b27a07766c16e5f2a1a8d1

SHA1
ecd80e60b0d82de47ae967e29f865df5b4b93eab

SHA256
92d980cc87d98b7180bb3fb80685d8a14afce36968ba68cacae0949ca0cd260a

SHA512
7d62c1f668043cd113d6424d4f23fbfb2a2f76c48b8ce9f6aebf3508100549ff18391d5c60349248da8fa1e71098efa3b368962fb8a7ac5dde16b154e943a918

Download Submit
C:\Windows\System\IpzyaRX.exe

Filesize
1.5MB

MD5
f3e0fa6ad364888f5e34de70f9a1771c

SHA1
83caf194d294c054b450836ac22d03f146e3ff39

SHA256
d494e48388423028bf97b1ec8109a887c63a66044687a02b453be53ec29448ad

SHA512
f27fb639ff19be48b04a0f13bf864c21f4347064fe4d3266c93c9556cde57d8ce24b19bb0e2bc8f3517ed7cb3f935714e79a80492fbb22ddaa5c6c5b5a9c7722

Download Submit
C:\Windows\System\PKTtCpK.exe

Filesize
1.5MB

MD5
c9f0e6970f59323740a0e1cf1d772224

SHA1
1c71484dd4b70a4c727a2d26c1857c25f3fdf535

SHA256
864197a53629839d59a3f2d635ba85877b8d8213947f681c0551c9fc2821ec10

SHA512
88db12232daf82f8e910806f8f2416c37e32b28a7851fcbf2dd7b5ea900f90160888df3ba47d16c8ac29c2de51682156e33602a5c2f273390c1a21b99f50ebc8

Download Submit
C:\Windows\System\PjQLONs.exe

Filesize
1.5MB

MD5
1c51b748ac6c27756d1178042cad09ed

SHA1
501c6522cd19e694785e04274fba81d8c3a8abd0

SHA256
aea977401370e7a0054dea26b218227b29c7ddf1d598c498515816cd17e9334f

SHA512
ba3cc46348868c0e3685b647545f6354344a4de2c68c1af36f7d1736f10850140afb49c84131fad770ccc11eb99e5a2277e519afd69c6bfde73a40c2abbd592a

Download Submit
C:\Windows\System\QUuTxOi.exe

Filesize
1.5MB

MD5
8a1b93ef0d4a23f3d9680218cf5c9853

SHA1
864d60da69a0088d732df77a455e3f9403f9d01d

SHA256
88e70d8d8ae9e5ccc3d1bf9128e936cd3e0d6392ec4b1bedbd3cde5ca3730c83

SHA512
c405323c6c3c0a7bcf2b90367671b8268a82bc4049a09a87e95c5198bee08e529cd61bc75cbd164ac03212ad063470901d5ff37096055db4364f667aa6290b50

Download Submit
C:\Windows\System\Qxemkac.exe

Filesize
1.5MB

MD5
fc58d1e7eac0562031409adfd00fe82c

SHA1
e419f692067e541a6c19265d1e888db14092683e

SHA256
8d037decc268f4d641d9d994642a8ee47746c82bec472c91d3412aeb27f7c0e0

SHA512
53bf9abbb1c312c58ae870252cad64946d77d14224dbd75f6cadb0c377757a024a66a797c07a6df563dfb9a549b3653d3f1f44cfff6ffd6f4af305b66846f11d

Download Submit
C:\Windows\System\VgXgsgR.exe

Filesize
1.5MB

MD5
8f31831b0c0563ef86cd28730686a971

SHA1
501f48232b53b672cf1a62d3420d072d45e8d7f4

SHA256
b924be298653ada4176074daec534d4c265e89ea64e181297e00336f460ca562

SHA512
748be6cfbcd2622aa7db6eb8e951dcf6a997874e900eaae79812643ffa9529635e6c4667314494a73f5bd019c2ce5e6149bf0aae878bf86bf31f6a5658d1c368

Download Submit
C:\Windows\System\WmenDYB.exe

Filesize
1.5MB

MD5
9f06732b62c6e4bfd7282b0b4154737b

SHA1
f62ec6aed77e09b7f9d020b254dd6ccdd8af8fd3

SHA256
5f202f745daf525bf6d0fd206eb5e3af1c25c70a428827b7b32d8ace703d0042

SHA512
a57ba6076a9214a2fd669c13022295c76b871997ab1ce20a2f58d291ba0a02e8649a3b2db6bfc98370389a775ad058d807cf323b63130b946c60cfb14e8d1264

Download Submit
C:\Windows\System\XZaXXFE.exe

Filesize
1.5MB

MD5
5ec633f600ff008821e0037e24e3ac05

SHA1
72a325f8d4d64f3b8d0adff1b67ee5adafeaca75

SHA256
3fccc66287316c469b888fe6b553ba74387dfc9062d1057f76e8197b0d9992c6

SHA512
6870fdd3e09adb0b841ac0597a94a34bb42d1790dbb8038dc3fa6a67f121fb43a640825daa8ea54109619c4d4be9a664c5ec1e6e7bb45c31296aa3c1ea91eb6e

Download Submit
C:\Windows\System\XclJdEl.exe

Filesize
1.5MB

MD5
47042d92e4a5759fb1d41de34922398b

SHA1
e5f92339336983775a38c346dcae9e4a07bb5a39

SHA256
8ed4bae6ccdfcf7a4dd779d75a4288b76b703ba83293aff0bf9f6dbe71f53885

SHA512
5619d1fd93acb7cd5124f8a9b3349213e1dfce4d52cca64c34fd864b256cb0196d6fe71f56387598efb22c81abc12c9dbc521d77fbe55b4679ced8b61999d483

Download Submit
C:\Windows\System\XlIwueH.exe

Filesize
1.5MB

MD5
46a392220997fee02a01e214725c8e8d

SHA1
be9fcc3ebcbaa904f75f47c0fc00ff23614d6a30

SHA256
544a495569334ec8ff398574aa2de71c467ea125d14f798a5475fef60a99118b

SHA512
4eb9df5e8f41b0e9e881bf105bf3bbd1fff7ef219efd4f962f046ab062826a1d100743b823ce6e409c0aabdf98446707ceccb73bb2bc6b89d59f135f1a20f7d4

Download Submit
C:\Windows\System\cDJOpkt.exe

Filesize
1.5MB

MD5
61e14bdc31c7c10cb26324334558334b

SHA1
016be2e84760d0789006607ace02f318ee8421ca

SHA256
133d3c628e2d51e848fa4c1da45cd1272ef3244a58945c85bef514d86bbe5395

SHA512
d50ca49ffd02873876f15fb2324cdf101a3aab2a1c919141c4c62d5e5b42dc5e454b6336d05d48cb0f1ffb57ca1613b089a4716a82ebfc55009f87c3159ca276

Download Submit
C:\Windows\System\dKjbBTV.exe

Filesize
1.5MB

MD5
d37cf690767b301e9f25b69e12583ba6

SHA1
edfc4215f78428acb41b4b7feeabf39553b86143

SHA256
2324eb1b64d7c94a88696f4176ee8ca389b3a7a5ab9e7a481be6261035fb1091

SHA512
2d212e3b40ab2f76375640026e74e5a4d92fbeee43fc473907e306fe5c4b0fa8adeabcbd15cc58784ddb4bb6028906fead16c42c1093664145a4561b8fb63aea

Download Submit
C:\Windows\System\dVTpLVU.exe

Filesize
1.5MB

MD5
4481746ae40fc4d290aecc29ba4423d6

SHA1
998462189ffd408e3c839c80b0888a536c46df7a

SHA256
7b47cbe1a60e1e0064bb40bebe9798ad701c5e7b13c467239d82b9728b797c0f

SHA512
d1aec6a7557bf36e8c905416f053ec5c5085eabe956a0487e5b2b01e0e00df7d73c41402d91495f0011e7af930786f862ac3abac717e4edfbd9439f9e417414e

Download Submit
C:\Windows\System\fVvKGuL.exe

Filesize
1.5MB

MD5
f699c89d634be32ba6ef2b6828b2edd7

SHA1
00760d073737ff200ee8bc9f3d656558b297f3d7

SHA256
7857f80545076158c93fd7734809d0375b6ca068c7154b463444bb7996311e49

SHA512
7dd72f2de0aa201fe3c350a6056998cf99195c7c578f521114a8a25d84b4ac4d620a286cda6e078e8f917371756af496009b5b71b99c88e04886c44b936755d3

Download Submit
C:\Windows\System\fhkodDR.exe

Filesize
1.5MB

MD5
ea6b0cf1607d1bcd84b1e64258e773b7

SHA1
7f725ef9d278550aa6dcf6f32ab293d257316dc0

SHA256
3da200802efdc92ffae79fbc9a0813b76f44f8fe63859eb09d221bc613b90346

SHA512
1b0173094ada68dd2fb39dbcd94d4a25ab809694b18b6f29bcd5cf04f48c407f7834fc64b987a1f132c697cab0e8c0b0980e05193c68a038176cdf16b3cd3f0f

Download Submit
C:\Windows\System\jGyGHTi.exe

Filesize
1.5MB

MD5
03a86838182a7314fbfe49d8f8ed92d6

SHA1
6c54e53c703baf3badfd59236641b5453376970c

SHA256
124617bff72b62703952fa1b525c479c6abff3a3d8246717dd442d96bfde2c10

SHA512
c9774da0782e8f81077a58c69a93a8eb78383651e0f4d846317da1a21c3fe0402b2fb8de9cb8bae6a1a925be5dd10fa4ee116f2cac38750211be927089b1f4a6

Download Submit
C:\Windows\System\klanpic.exe

Filesize
1.5MB

MD5
69e98a3ae20359a9d76fc54b888e0d79

SHA1
b777218cf48af5738af050d4144612d6eed7d36a

SHA256
9da339de69823168e8e552b958e7a6285b596539d5976bf9543a4329d7520a40

SHA512
124768f32a0edbca68494e3773285d64fc34fe25d6e0571d9bab842f11d3c28207880d88e1165d7fef5f1f9d7acf57ad9f7fc9f537641ea3fcae574512ee5ef6

Download Submit
C:\Windows\System\qVcyrOC.exe

Filesize
1.5MB

MD5
72e8a434796dc82f7d96524a3648f20d

SHA1
ddca905806f03619ac78b821470b088e9b191802

SHA256
290e13fa3e990d57def5f13cc7792087cd65cbc6cfa8fc5fa012fe9419c47dad

SHA512
18d3709c6674bb1bc4c8748192dbde8342e84f339e0970eb556a17a27117badf14f431c76b62ea785bb232210e7ccb43e5b4ac3d89cf8824c5986760d7889226

Download Submit
C:\Windows\System\qcfodYN.exe

Filesize
1.5MB

MD5
0146d5c20be1ed32082599cb1490ee29

SHA1
99cf826f2b9a5eca84424c5aa84251a08787c165

SHA256
7d130f4e52b40272e08f62a67209ceb631be337e35180657176908ec41d1ec20

SHA512
473f35f157daaf23a571308f38ef225ff0a0fa7a25100ab935ab46076139dcaa2007cb5b247a2e448f8011ec369dc653a0301dbab7e568ebae23a2f4b813a104

Download Submit
C:\Windows\System\uXmhNpG.exe

Filesize
1.5MB

MD5
da68356b87836f94bd51bf1f421da845

SHA1
294ce362656aa6c4aa9d60c4fb865d6a54166814

SHA256
f6ffdc41189ae1e5019131c661e0542e35a377e77e0e52308c306062d119fb73

SHA512
47b484000bab5882596c2cf128165235f09ce61b5dc90a3c790ec813eb1739d312408309654c813b01dd395296888d156f63d14f71308ff899f9cc1d66e45e81

Download Submit
C:\Windows\System\uYGabSm.exe

Filesize
1.5MB

MD5
fd56f09c6fdd03a5fbdeb9935482d6f5

SHA1
1c7af54f406b004fbe53a0663901374c8790bfbc

SHA256
11bf8bd9c1954f2d317110e480a4a037e0e04ccadb6c3fc906044548dfdb0e7a

SHA512
eba08e10a79b9f9a7b554b5cbe8973bb2189427979660a6058c858865fc9182b17db6708df15dc914e844baf39223a3e73a37bf584aa1a5ad86bdfc8bafd9417

Download Submit
C:\Windows\System\usYgIsL.exe

Filesize
1.5MB

MD5
a290ce403f4fadce3e35bd6309d3a50b

SHA1
16f91833e40d4dfe8b6f7dbfcad133857de0c645

SHA256
9b2d1cdb56a09c855d6a8f2794e032b5c49b84e34ad98deacf42e1bec5ef0089

SHA512
52625f514d4750d29346dea9cbe7cdd8899272bbfaa5e89bfd7b6c6f2d23771b73a17c81a771ffd9fd0b868fef963d57b60fa1d90d333ad513312177a8f7b534

Download Submit
C:\Windows\System\wYCFvaV.exe

Filesize
1.5MB

MD5
c4776434475528a8d32f1cde6ce0fb77

SHA1
6b404726770eb206d935bf2a68b1117306f1ba5f

SHA256
c24ba1e48e7f8973a74d554de6b182b36dab22c709737d2e5efced6cb1a8ea4e

SHA512
ab67ce9060629d67d014046310d9cf6432e10659221436b9435285ebd9b0d0ba399088b31e9eccfe3af2939c90828c51c98b1c9653e0c3c739b5c9c6f351c5b2

Download Submit
C:\Windows\System\xkifQHd.exe

Filesize
1.5MB

MD5
86a0fec6fe1a101ddda61ab3039098b4

SHA1
835fec28dfa7d4a4a28fcbc644e3d985328b9fa4

SHA256
c32fd06444c492e9e2cdcb6b0db4cfcfce5c794623fbb4a0fdbcf9d366b076b5

SHA512
6a9a1d3e0b03d0611abc643562f52040e0f4283da27fbb295262a97298ccf6d789818c6cbb68c27301d3d28b888ab157131940e0706b6bbfab58217d1944f6b2

Download Submit
C:\Windows\System\yIEpEre.exe

Filesize
1.5MB

MD5
3e95209856d8e83cd1a8ca7874437d6c

SHA1
8a58cfca68068714d2dfa51ebec0402153afb666

SHA256
6fa9c5d39b58b2ffb4dcc5cd35fc65dca1a87dcc7d38a9d93b0248aac0c2bc5a

SHA512
bfef4f52c4232200479a146d615017c440919b11223b38de8523a794fe64b7ff0c0a624ca02732d72ea6e39253013afd270e903f4a0b6e2ff67e2c50dbc06062

Download Submit
C:\Windows\System\zFqvXdh.exe

Filesize
1.5MB

MD5
526b1f4d97d6467d9b91665809522542

SHA1
e81fefdce579f5787b262c2cf2ba946380e2199f

SHA256
52cbbd32588094364c25136a93fa4fcc3b1b8fa8d9da2f8901dec8edfecb3a96

SHA512
d44da415d78b8e55f5bc1c417beccffff3947b917f5ac419c8b7904102966a45abf30cd78177e20583a7c6d48657d642308f7b29a1072a1b83b71424302df100

Download Submit
memory/8-2397-0x00007FF659A20000-0x00007FF659D71000-memory.dmp

Filesize
3.3MB

Download
memory/8-1163-0x00007FF659A20000-0x00007FF659D71000-memory.dmp

Filesize
3.3MB

Download
memory/8-27-0x00007FF659A20000-0x00007FF659D71000-memory.dmp

Filesize
3.3MB

Download
memory/60-352-0x00007FF6568C0000-0x00007FF656C11000-memory.dmp

Filesize
3.3MB

Download
memory/60-2435-0x00007FF6568C0000-0x00007FF656C11000-memory.dmp

Filesize
3.3MB

Download
memory/336-1028-0x00007FF6FB880000-0x00007FF6FBBD1000-memory.dmp

Filesize
3.3MB

Download
memory/336-2361-0x00007FF6FB880000-0x00007FF6FBBD1000-memory.dmp

Filesize
3.3MB

Download
memory/336-7-0x00007FF6FB880000-0x00007FF6FBBD1000-memory.dmp

Filesize
3.3MB

Download
memory/388-353-0x00007FF651F10000-0x00007FF652261000-memory.dmp

Filesize
3.3MB

Download
memory/388-2483-0x00007FF651F10000-0x00007FF652261000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2437-0x00007FF7B3270000-0x00007FF7B35C1000-memory.dmp

Filesize
3.3MB

Download
memory/1176-348-0x00007FF7B3270000-0x00007FF7B35C1000-memory.dmp

Filesize
3.3MB

Download
memory/1680-344-0x00007FF7BCC50000-0x00007FF7BCFA1000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2413-0x00007FF7BCC50000-0x00007FF7BCFA1000-memory.dmp

Filesize
3.3MB

Download
memory/1716-360-0x00007FF737E00000-0x00007FF738151000-memory.dmp

Filesize
3.3MB

Download
memory/1716-2444-0x00007FF737E00000-0x00007FF738151000-memory.dmp

Filesize
3.3MB

Download
memory/1808-873-0x00007FF7C9E10000-0x00007FF7CA161000-memory.dmp

Filesize
3.3MB

Download
memory/1808-0-0x00007FF7C9E10000-0x00007FF7CA161000-memory.dmp

Filesize
3.3MB

Download
memory/1808-1-0x000001AF97E90000-0x000001AF97EA0000-memory.dmp

Filesize
64KB

Download
memory/1880-338-0x00007FF62CDF0000-0x00007FF62D141000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2401-0x00007FF62CDF0000-0x00007FF62D141000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2399-0x00007FF604960000-0x00007FF604CB1000-memory.dmp

Filesize
3.3MB

Download
memory/1904-337-0x00007FF604960000-0x00007FF604CB1000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2403-0x00007FF6BCE00000-0x00007FF6BD151000-memory.dmp

Filesize
3.3MB

Download
memory/2008-339-0x00007FF6BCE00000-0x00007FF6BD151000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2407-0x00007FF748560000-0x00007FF7488B1000-memory.dmp

Filesize
3.3MB

Download
memory/2124-341-0x00007FF748560000-0x00007FF7488B1000-memory.dmp

Filesize
3.3MB

Download
memory/2164-345-0x00007FF79FC20000-0x00007FF79FF71000-memory.dmp

Filesize
3.3MB

Download
memory/2164-2430-0x00007FF79FC20000-0x00007FF79FF71000-memory.dmp

Filesize
3.3MB

Download
memory/2176-357-0x00007FF6B3700000-0x00007FF6B3A51000-memory.dmp

Filesize
3.3MB

Download
memory/2408-350-0x00007FF6F7B40000-0x00007FF6F7E91000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2432-0x00007FF6DACC0000-0x00007FF6DB011000-memory.dmp

Filesize
3.3MB

Download
memory/2632-356-0x00007FF6DACC0000-0x00007FF6DB011000-memory.dmp

Filesize
3.3MB

Download
memory/2644-2448-0x00007FF7F96E0000-0x00007FF7F9A31000-memory.dmp

Filesize
3.3MB

Download
memory/2644-347-0x00007FF7F96E0000-0x00007FF7F9A31000-memory.dmp

Filesize
3.3MB

Download
memory/2732-359-0x00007FF654A80000-0x00007FF654DD1000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2442-0x00007FF654A80000-0x00007FF654DD1000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2411-0x00007FF713F20000-0x00007FF714271000-memory.dmp

Filesize
3.3MB

Download
memory/2988-343-0x00007FF713F20000-0x00007FF714271000-memory.dmp

Filesize
3.3MB

Download
memory/3160-340-0x00007FF77C3D0000-0x00007FF77C721000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2405-0x00007FF77C3D0000-0x00007FF77C721000-memory.dmp

Filesize
3.3MB

Download
memory/3316-2365-0x00007FF6BF1A0000-0x00007FF6BF4F1000-memory.dmp

Filesize
3.3MB

Download
memory/3316-335-0x00007FF6BF1A0000-0x00007FF6BF4F1000-memory.dmp

Filesize
3.3MB

Download
memory/3516-346-0x00007FF7F6260000-0x00007FF7F65B1000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2452-0x00007FF7F6260000-0x00007FF7F65B1000-memory.dmp

Filesize
3.3MB

Download
memory/3808-358-0x00007FF77CF20000-0x00007FF77D271000-memory.dmp

Filesize
3.3MB

Download
memory/3808-2440-0x00007FF77CF20000-0x00007FF77D271000-memory.dmp

Filesize
3.3MB

Download
memory/3944-342-0x00007FF7C75B0000-0x00007FF7C7901000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2409-0x00007FF7C75B0000-0x00007FF7C7901000-memory.dmp

Filesize
3.3MB

Download
memory/3952-2363-0x00007FF67A990000-0x00007FF67ACE1000-memory.dmp

Filesize
3.3MB

Download
memory/3952-1029-0x00007FF67A990000-0x00007FF67ACE1000-memory.dmp

Filesize
3.3MB

Download
memory/3952-22-0x00007FF67A990000-0x00007FF67ACE1000-memory.dmp

Filesize
3.3MB

Download
memory/3976-2396-0x00007FF7F9E10000-0x00007FF7FA161000-memory.dmp

Filesize
3.3MB

Download
memory/3976-361-0x00007FF7F9E10000-0x00007FF7FA161000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2470-0x00007FF7EA610000-0x00007FF7EA961000-memory.dmp

Filesize
3.3MB

Download
memory/4092-354-0x00007FF7EA610000-0x00007FF7EA961000-memory.dmp

Filesize
3.3MB

Download
memory/4616-2476-0x00007FF7BE450000-0x00007FF7BE7A1000-memory.dmp

Filesize
3.3MB

Download
memory/4616-351-0x00007FF7BE450000-0x00007FF7BE7A1000-memory.dmp

Filesize
3.3MB

Download
memory/4640-349-0x00007FF69B820000-0x00007FF69BB71000-memory.dmp

Filesize
3.3MB

Download
memory/5112-355-0x00007FF6B7990000-0x00007FF6B7CE1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads