xmrig | bd8a4179f5ec2ee439581cc42deda47c83b311a9f669439f7b7c55dac548993a

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecc6fe0dcca09c6348de368730dccae0N.exe
Size

1.8MB
MD5

ecc6fe0dcca09c6348de368730dccae0
SHA1

705895dd1d6d2a6e2f303c99aeba41ef75bbef5d
SHA256

bd8a4179f5ec2ee439581cc42deda47c83b311a9f669439f7b7c55dac548993a
SHA512

56a45dec590c9b6e1d4b7d363a14e727f54342d4752a0bde0f36b9608eb643e9f4e225d0e281813ac32cdb4b4e85c65362625259d960e6030f9f0bb5520ce5e6
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEdMKPIH2Bd0+g5:RWWBib356utgpPS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/752-196-0x00007FF6FD1D0000-0x00007FF6FD521000-memory.dmp	xmrig
behavioral2/memory/1304-202-0x00007FF6CB5F0000-0x00007FF6CB941000-memory.dmp	xmrig
behavioral2/memory/3880-286-0x00007FF6F7720000-0x00007FF6F7A71000-memory.dmp	xmrig
behavioral2/memory/960-293-0x00007FF7A19A0000-0x00007FF7A1CF1000-memory.dmp	xmrig
behavioral2/memory/4892-317-0x00007FF71A480000-0x00007FF71A7D1000-memory.dmp	xmrig
behavioral2/memory/3412-320-0x00007FF635C50000-0x00007FF635FA1000-memory.dmp	xmrig
behavioral2/memory/3216-319-0x00007FF776600000-0x00007FF776951000-memory.dmp	xmrig
behavioral2/memory/1400-318-0x00007FF737EC0000-0x00007FF738211000-memory.dmp	xmrig
behavioral2/memory/1768-316-0x00007FF6A57B0000-0x00007FF6A5B01000-memory.dmp	xmrig
behavioral2/memory/2180-315-0x00007FF7E0600000-0x00007FF7E0951000-memory.dmp	xmrig
behavioral2/memory/2900-314-0x00007FF702A60000-0x00007FF702DB1000-memory.dmp	xmrig
behavioral2/memory/4900-312-0x00007FF773900000-0x00007FF773C51000-memory.dmp	xmrig
behavioral2/memory/3460-311-0x00007FF75BFF0000-0x00007FF75C341000-memory.dmp	xmrig
behavioral2/memory/4920-285-0x00007FF64BAD0000-0x00007FF64BE21000-memory.dmp	xmrig
behavioral2/memory/1908-281-0x00007FF639860000-0x00007FF639BB1000-memory.dmp	xmrig
behavioral2/memory/4700-226-0x00007FF77C0E0000-0x00007FF77C431000-memory.dmp	xmrig
behavioral2/memory/4208-192-0x00007FF6612B0000-0x00007FF661601000-memory.dmp	xmrig
behavioral2/memory/3452-191-0x00007FF687E10000-0x00007FF688161000-memory.dmp	xmrig
behavioral2/memory/4156-2188-0x00007FF6823D0000-0x00007FF682721000-memory.dmp	xmrig
behavioral2/memory/4532-2187-0x00007FF74DC00000-0x00007FF74DF51000-memory.dmp	xmrig
behavioral2/memory/3664-2164-0x00007FF626C40000-0x00007FF626F91000-memory.dmp	xmrig
behavioral2/memory/1040-2202-0x00007FF705E30000-0x00007FF706181000-memory.dmp	xmrig
behavioral2/memory/4476-2203-0x00007FF6E1080000-0x00007FF6E13D1000-memory.dmp	xmrig
behavioral2/memory/1540-2198-0x00007FF76D0D0000-0x00007FF76D421000-memory.dmp	xmrig
behavioral2/memory/1220-2214-0x00007FF648910000-0x00007FF648C61000-memory.dmp	xmrig
behavioral2/memory/4732-2216-0x00007FF647140000-0x00007FF647491000-memory.dmp	xmrig
behavioral2/memory/4980-147-0x00007FF6C2C30000-0x00007FF6C2F81000-memory.dmp	xmrig
behavioral2/memory/2508-132-0x00007FF77B570000-0x00007FF77B8C1000-memory.dmp	xmrig
behavioral2/memory/1088-131-0x00007FF6B5350000-0x00007FF6B56A1000-memory.dmp	xmrig
behavioral2/memory/2396-18-0x00007FF706E70000-0x00007FF7071C1000-memory.dmp	xmrig
behavioral2/memory/2396-2275-0x00007FF706E70000-0x00007FF7071C1000-memory.dmp	xmrig
behavioral2/memory/4900-2277-0x00007FF773900000-0x00007FF773C51000-memory.dmp	xmrig
behavioral2/memory/2900-2279-0x00007FF702A60000-0x00007FF702DB1000-memory.dmp	xmrig
behavioral2/memory/4156-2281-0x00007FF6823D0000-0x00007FF682721000-memory.dmp	xmrig
behavioral2/memory/4532-2283-0x00007FF74DC00000-0x00007FF74DF51000-memory.dmp	xmrig
behavioral2/memory/1220-2287-0x00007FF648910000-0x00007FF648C61000-memory.dmp	xmrig
behavioral2/memory/1768-2285-0x00007FF6A57B0000-0x00007FF6A5B01000-memory.dmp	xmrig
behavioral2/memory/2180-2306-0x00007FF7E0600000-0x00007FF7E0951000-memory.dmp	xmrig
behavioral2/memory/4208-2322-0x00007FF6612B0000-0x00007FF661601000-memory.dmp	xmrig
behavioral2/memory/4476-2326-0x00007FF6E1080000-0x00007FF6E13D1000-memory.dmp	xmrig
behavioral2/memory/2508-2325-0x00007FF77B570000-0x00007FF77B8C1000-memory.dmp	xmrig
behavioral2/memory/4980-2321-0x00007FF6C2C30000-0x00007FF6C2F81000-memory.dmp	xmrig
behavioral2/memory/1540-2318-0x00007FF76D0D0000-0x00007FF76D421000-memory.dmp	xmrig
behavioral2/memory/1040-2316-0x00007FF705E30000-0x00007FF706181000-memory.dmp	xmrig
behavioral2/memory/4892-2314-0x00007FF71A480000-0x00007FF71A7D1000-memory.dmp	xmrig
behavioral2/memory/4732-2310-0x00007FF647140000-0x00007FF647491000-memory.dmp	xmrig
behavioral2/memory/1088-2312-0x00007FF6B5350000-0x00007FF6B56A1000-memory.dmp	xmrig
behavioral2/memory/3452-2308-0x00007FF687E10000-0x00007FF688161000-memory.dmp	xmrig
behavioral2/memory/1908-2372-0x00007FF639860000-0x00007FF639BB1000-memory.dmp	xmrig
behavioral2/memory/4920-2370-0x00007FF64BAD0000-0x00007FF64BE21000-memory.dmp	xmrig
behavioral2/memory/960-2366-0x00007FF7A19A0000-0x00007FF7A1CF1000-memory.dmp	xmrig
behavioral2/memory/3460-2364-0x00007FF75BFF0000-0x00007FF75C341000-memory.dmp	xmrig
behavioral2/memory/1304-2362-0x00007FF6CB5F0000-0x00007FF6CB941000-memory.dmp	xmrig
behavioral2/memory/3412-2355-0x00007FF635C50000-0x00007FF635FA1000-memory.dmp	xmrig
behavioral2/memory/3880-2368-0x00007FF6F7720000-0x00007FF6F7A71000-memory.dmp	xmrig
behavioral2/memory/3216-2360-0x00007FF776600000-0x00007FF776951000-memory.dmp	xmrig
behavioral2/memory/752-2358-0x00007FF6FD1D0000-0x00007FF6FD521000-memory.dmp	xmrig
behavioral2/memory/4700-2350-0x00007FF77C0E0000-0x00007FF77C431000-memory.dmp	xmrig
behavioral2/memory/1400-2340-0x00007FF737EC0000-0x00007FF738211000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	IeVDVkJ.exe
4900	sXiUPUt.exe
4532	ZTJepLi.exe
2900	FJkbBKn.exe
1220	jdZyBVF.exe
4156	APtiLxF.exe
2180	hOorika.exe
4732	hqVoFGZ.exe
1540	kxwTuSx.exe
1040	FCvtyRH.exe
1768	XxnHDCV.exe
4476	PoNOqPS.exe
1088	BwoSUzv.exe
4892	BGvbPzF.exe
2508	UHJHgSD.exe
4980	MZgedgv.exe
3452	GnklMES.exe
4208	SCAfDoZ.exe
752	BCEJRuK.exe
1400	tNsQINL.exe
1304	YSQVxEi.exe
3216	yNLLdkk.exe
4700	muQsQwv.exe
1908	hzqBLXs.exe
4920	LqBCFZE.exe
3880	KgfyLxW.exe
960	RVsqCNy.exe
3460	WKCNLGk.exe
3412	RNOgMkq.exe
4468	ItTJaEE.exe
3124	ZPEMbRj.exe
3208	PaAQWBs.exe
4340	SnIuIoS.exe
368	xOhQqIE.exe
1116	bkImfgn.exe
2000	bJRIpbh.exe
1916	MYHBvLa.exe
2320	qEUmRKx.exe
1568	wTVKcum.exe
1856	GkMKSrk.exe
2680	qdqPkoV.exe
3688	VAlIgBf.exe
3692	zlCTLks.exe
4880	ImiOHuH.exe
2512	rDUOLfM.exe
3772	kHkCXiR.exe
1944	xiTaOVN.exe
3532	habVcIZ.exe
3272	ijGacTl.exe
4420	PNOYwiG.exe
4572	YLCaNsK.exe
3928	fYiMUZZ.exe
1968	mzAedXX.exe
3004	TJIBOtX.exe
3156	FhohPTW.exe
3084	bMPsNcp.exe
1164	uNZVivx.exe
460	xzWOGdn.exe
4444	IMMUSXe.exe
1284	VztEXJH.exe
4132	knZsAEs.exe
4552	CgcZvEO.exe
2888	pIpuyzC.exe
860	zxhaSdj.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3664-0-0x00007FF626C40000-0x00007FF626F91000-memory.dmp	upx
behavioral2/files/0x000700000002346a-7.dat	upx
behavioral2/files/0x000700000002346c-25.dat	upx
behavioral2/memory/1220-32-0x00007FF648910000-0x00007FF648C61000-memory.dmp	upx
behavioral2/files/0x000700000002346d-42.dat	upx
behavioral2/memory/4732-51-0x00007FF647140000-0x00007FF647491000-memory.dmp	upx
behavioral2/files/0x000700000002346e-74.dat	upx
behavioral2/memory/1040-86-0x00007FF705E30000-0x00007FF706181000-memory.dmp	upx
behavioral2/files/0x000700000002347c-104.dat	upx
behavioral2/files/0x0007000000023487-180.dat	upx
behavioral2/memory/752-196-0x00007FF6FD1D0000-0x00007FF6FD521000-memory.dmp	upx
behavioral2/memory/1304-202-0x00007FF6CB5F0000-0x00007FF6CB941000-memory.dmp	upx
behavioral2/memory/3880-286-0x00007FF6F7720000-0x00007FF6F7A71000-memory.dmp	upx
behavioral2/memory/960-293-0x00007FF7A19A0000-0x00007FF7A1CF1000-memory.dmp	upx
behavioral2/memory/4892-317-0x00007FF71A480000-0x00007FF71A7D1000-memory.dmp	upx
behavioral2/memory/3412-320-0x00007FF635C50000-0x00007FF635FA1000-memory.dmp	upx
behavioral2/memory/3216-319-0x00007FF776600000-0x00007FF776951000-memory.dmp	upx
behavioral2/memory/1400-318-0x00007FF737EC0000-0x00007FF738211000-memory.dmp	upx
behavioral2/memory/1768-316-0x00007FF6A57B0000-0x00007FF6A5B01000-memory.dmp	upx
behavioral2/memory/2180-315-0x00007FF7E0600000-0x00007FF7E0951000-memory.dmp	upx
behavioral2/memory/2900-314-0x00007FF702A60000-0x00007FF702DB1000-memory.dmp	upx
behavioral2/memory/4900-312-0x00007FF773900000-0x00007FF773C51000-memory.dmp	upx
behavioral2/memory/3460-311-0x00007FF75BFF0000-0x00007FF75C341000-memory.dmp	upx
behavioral2/memory/4920-285-0x00007FF64BAD0000-0x00007FF64BE21000-memory.dmp	upx
behavioral2/memory/1908-281-0x00007FF639860000-0x00007FF639BB1000-memory.dmp	upx
behavioral2/memory/4700-226-0x00007FF77C0E0000-0x00007FF77C431000-memory.dmp	upx
behavioral2/files/0x000700000002348a-193.dat	upx
behavioral2/memory/4208-192-0x00007FF6612B0000-0x00007FF661601000-memory.dmp	upx
behavioral2/memory/3452-191-0x00007FF687E10000-0x00007FF688161000-memory.dmp	upx
behavioral2/files/0x0007000000023489-190.dat	upx
behavioral2/files/0x0007000000023488-187.dat	upx
behavioral2/memory/4156-2188-0x00007FF6823D0000-0x00007FF682721000-memory.dmp	upx
behavioral2/memory/4532-2187-0x00007FF74DC00000-0x00007FF74DF51000-memory.dmp	upx
behavioral2/memory/3664-2164-0x00007FF626C40000-0x00007FF626F91000-memory.dmp	upx
behavioral2/memory/1040-2202-0x00007FF705E30000-0x00007FF706181000-memory.dmp	upx
behavioral2/memory/4476-2203-0x00007FF6E1080000-0x00007FF6E13D1000-memory.dmp	upx
behavioral2/memory/1540-2198-0x00007FF76D0D0000-0x00007FF76D421000-memory.dmp	upx
behavioral2/memory/1220-2214-0x00007FF648910000-0x00007FF648C61000-memory.dmp	upx
behavioral2/memory/4732-2216-0x00007FF647140000-0x00007FF647491000-memory.dmp	upx
behavioral2/files/0x0007000000023486-177.dat	upx
behavioral2/files/0x0007000000023483-169.dat	upx
behavioral2/files/0x0007000000023485-168.dat	upx
behavioral2/files/0x0007000000023482-164.dat	upx
behavioral2/files/0x0007000000023481-161.dat	upx
behavioral2/files/0x0007000000023480-159.dat	upx
behavioral2/files/0x0008000000023466-158.dat	upx
behavioral2/files/0x000700000002347f-154.dat	upx
behavioral2/files/0x000700000002347d-153.dat	upx
behavioral2/files/0x000700000002347e-151.dat	upx
behavioral2/files/0x0007000000023484-150.dat	upx
behavioral2/memory/4980-147-0x00007FF6C2C30000-0x00007FF6C2F81000-memory.dmp	upx
behavioral2/files/0x000700000002347a-136.dat	upx
behavioral2/memory/2508-132-0x00007FF77B570000-0x00007FF77B8C1000-memory.dmp	upx
behavioral2/memory/1088-131-0x00007FF6B5350000-0x00007FF6B56A1000-memory.dmp	upx
behavioral2/files/0x0007000000023476-124.dat	upx
behavioral2/files/0x0007000000023479-121.dat	upx
behavioral2/files/0x000700000002347b-133.dat	upx
behavioral2/memory/4476-116-0x00007FF6E1080000-0x00007FF6E13D1000-memory.dmp	upx
behavioral2/files/0x0007000000023473-112.dat	upx
behavioral2/files/0x0007000000023477-109.dat	upx
behavioral2/files/0x0007000000023470-107.dat	upx
behavioral2/files/0x0007000000023475-100.dat	upx
behavioral2/files/0x0007000000023474-95.dat	upx
behavioral2/files/0x0007000000023478-91.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dtJmmYw.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\WLbpFxP.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\VKpvDAQ.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\PEuYCUP.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\pdDUcRH.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\NkjdIQQ.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\mESqfgO.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\nPCLVLL.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\KzHwhzD.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\WptXTCF.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\ABpMFtE.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\GIyJfqm.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\zZilnzC.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\pHGrWrR.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\ehnGISp.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\VRyEAyb.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\RdbHeYn.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\hWzZhPL.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\AsAxswQ.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\SnIuIoS.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\zHCVvch.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\ZoDJTcA.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\ZlPSAae.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\GfullEB.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\EQpcxtP.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\HBXyDIB.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\hiwqVNP.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\JVpmtnM.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\biOnMcx.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\PaAQWBs.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\VIJuFeD.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\BqmgTOt.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\BxOUBYJ.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\lXENiYn.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\RNOgMkq.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\JvEbqbb.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\UbQdDxA.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\izVpQYV.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\dDPqdgb.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\OhUWVZk.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\lGYdKWj.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\kvgrUrP.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\EwzEthV.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\AogYHFc.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\XscDgSs.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\OObzbLy.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\CsQFzeh.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\nKZNcNL.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\oJJmDPr.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\yWEDVQZ.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\duVtUFC.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\EZPmVqb.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\bjYRNoo.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\xwtWCjK.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\NbhdWMH.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\QZKQTeO.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\WRjsubc.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\jDUUYTJ.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\CnuPDRY.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\mWBsihI.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\zlCTLks.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\BxkNyvq.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\AsJpSNE.exe	ecc6fe0dcca09c6348de368730dccae0N.exe
File created	C:\Windows\System\RHCGmUV.exe	ecc6fe0dcca09c6348de368730dccae0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13352	dwm.exe
Token: SeChangeNotifyPrivilege	13352	dwm.exe
Token: 33	13352	dwm.exe
Token: SeIncBasePriorityPrivilege	13352	dwm.exe
Token: SeShutdownPrivilege	13352	dwm.exe
Token: SeCreatePagefilePrivilege	13352	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 2396	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	84
PID 3664 wrote to memory of 2396	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	84
PID 3664 wrote to memory of 4900	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	85
PID 3664 wrote to memory of 4900	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	85
PID 3664 wrote to memory of 4532	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	86
PID 3664 wrote to memory of 4532	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	86
PID 3664 wrote to memory of 2900	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	87
PID 3664 wrote to memory of 2900	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	87
PID 3664 wrote to memory of 1220	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	88
PID 3664 wrote to memory of 1220	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	88
PID 3664 wrote to memory of 4156	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	89
PID 3664 wrote to memory of 4156	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	89
PID 3664 wrote to memory of 2180	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	90
PID 3664 wrote to memory of 2180	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	90
PID 3664 wrote to memory of 4732	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	91
PID 3664 wrote to memory of 4732	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	91
PID 3664 wrote to memory of 1540	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	92
PID 3664 wrote to memory of 1540	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	92
PID 3664 wrote to memory of 1040	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	93
PID 3664 wrote to memory of 1040	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	93
PID 3664 wrote to memory of 1768	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	94
PID 3664 wrote to memory of 1768	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	94
PID 3664 wrote to memory of 4476	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	95
PID 3664 wrote to memory of 4476	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	95
PID 3664 wrote to memory of 1088	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	96
PID 3664 wrote to memory of 1088	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	96
PID 3664 wrote to memory of 4892	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	97
PID 3664 wrote to memory of 4892	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	97
PID 3664 wrote to memory of 2508	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	98
PID 3664 wrote to memory of 2508	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	98
PID 3664 wrote to memory of 4980	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	99
PID 3664 wrote to memory of 4980	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	99
PID 3664 wrote to memory of 3452	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	100
PID 3664 wrote to memory of 3452	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	100
PID 3664 wrote to memory of 4208	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	101
PID 3664 wrote to memory of 4208	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	101
PID 3664 wrote to memory of 752	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	102
PID 3664 wrote to memory of 752	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	102
PID 3664 wrote to memory of 1400	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	103
PID 3664 wrote to memory of 1400	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	103
PID 3664 wrote to memory of 1304	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	104
PID 3664 wrote to memory of 1304	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	104
PID 3664 wrote to memory of 3216	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	105
PID 3664 wrote to memory of 3216	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	105
PID 3664 wrote to memory of 4700	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	106
PID 3664 wrote to memory of 4700	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	106
PID 3664 wrote to memory of 1908	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	107
PID 3664 wrote to memory of 1908	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	107
PID 3664 wrote to memory of 4920	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	108
PID 3664 wrote to memory of 4920	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	108
PID 3664 wrote to memory of 3880	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	109
PID 3664 wrote to memory of 3880	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	109
PID 3664 wrote to memory of 960	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	110
PID 3664 wrote to memory of 960	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	110
PID 3664 wrote to memory of 3460	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	111
PID 3664 wrote to memory of 3460	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	111
PID 3664 wrote to memory of 3412	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	112
PID 3664 wrote to memory of 3412	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	112
PID 3664 wrote to memory of 4468	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	113
PID 3664 wrote to memory of 4468	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	113
PID 3664 wrote to memory of 3124	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	114
PID 3664 wrote to memory of 3124	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	114
PID 3664 wrote to memory of 3208	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	115
PID 3664 wrote to memory of 3208	3664	ecc6fe0dcca09c6348de368730dccae0N.exe	115

C:\Users\Admin\AppData\Local\Temp\ecc6fe0dcca09c6348de368730dccae0N.exe
"C:\Users\Admin\AppData\Local\Temp\ecc6fe0dcca09c6348de368730dccae0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Windows\System\IeVDVkJ.exe
  C:\Windows\System\IeVDVkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\sXiUPUt.exe
  C:\Windows\System\sXiUPUt.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\ZTJepLi.exe
  C:\Windows\System\ZTJepLi.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\FJkbBKn.exe
  C:\Windows\System\FJkbBKn.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\jdZyBVF.exe
  C:\Windows\System\jdZyBVF.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\APtiLxF.exe
  C:\Windows\System\APtiLxF.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\hOorika.exe
  C:\Windows\System\hOorika.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\hqVoFGZ.exe
  C:\Windows\System\hqVoFGZ.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\kxwTuSx.exe
  C:\Windows\System\kxwTuSx.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\FCvtyRH.exe
  C:\Windows\System\FCvtyRH.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\XxnHDCV.exe
  C:\Windows\System\XxnHDCV.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\PoNOqPS.exe
  C:\Windows\System\PoNOqPS.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\BwoSUzv.exe
  C:\Windows\System\BwoSUzv.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\BGvbPzF.exe
  C:\Windows\System\BGvbPzF.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\UHJHgSD.exe
  C:\Windows\System\UHJHgSD.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\MZgedgv.exe
  C:\Windows\System\MZgedgv.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\GnklMES.exe
  C:\Windows\System\GnklMES.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\SCAfDoZ.exe
  C:\Windows\System\SCAfDoZ.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\BCEJRuK.exe
  C:\Windows\System\BCEJRuK.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\tNsQINL.exe
  C:\Windows\System\tNsQINL.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\YSQVxEi.exe
  C:\Windows\System\YSQVxEi.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\yNLLdkk.exe
  C:\Windows\System\yNLLdkk.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\muQsQwv.exe
  C:\Windows\System\muQsQwv.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\hzqBLXs.exe
  C:\Windows\System\hzqBLXs.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\LqBCFZE.exe
  C:\Windows\System\LqBCFZE.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\KgfyLxW.exe
  C:\Windows\System\KgfyLxW.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\RVsqCNy.exe
  C:\Windows\System\RVsqCNy.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\WKCNLGk.exe
  C:\Windows\System\WKCNLGk.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\RNOgMkq.exe
  C:\Windows\System\RNOgMkq.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\ItTJaEE.exe
  C:\Windows\System\ItTJaEE.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\ZPEMbRj.exe
  C:\Windows\System\ZPEMbRj.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\PaAQWBs.exe
  C:\Windows\System\PaAQWBs.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\SnIuIoS.exe
  C:\Windows\System\SnIuIoS.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\xOhQqIE.exe
  C:\Windows\System\xOhQqIE.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\bkImfgn.exe
  C:\Windows\System\bkImfgn.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\bJRIpbh.exe
  C:\Windows\System\bJRIpbh.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\MYHBvLa.exe
  C:\Windows\System\MYHBvLa.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\qEUmRKx.exe
  C:\Windows\System\qEUmRKx.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\wTVKcum.exe
  C:\Windows\System\wTVKcum.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\GkMKSrk.exe
  C:\Windows\System\GkMKSrk.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\qdqPkoV.exe
  C:\Windows\System\qdqPkoV.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\VAlIgBf.exe
  C:\Windows\System\VAlIgBf.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\zlCTLks.exe
  C:\Windows\System\zlCTLks.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\ImiOHuH.exe
  C:\Windows\System\ImiOHuH.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\rDUOLfM.exe
  C:\Windows\System\rDUOLfM.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\kHkCXiR.exe
  C:\Windows\System\kHkCXiR.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\xiTaOVN.exe
  C:\Windows\System\xiTaOVN.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\habVcIZ.exe
  C:\Windows\System\habVcIZ.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\ijGacTl.exe
  C:\Windows\System\ijGacTl.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\PNOYwiG.exe
  C:\Windows\System\PNOYwiG.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\YLCaNsK.exe
  C:\Windows\System\YLCaNsK.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\fYiMUZZ.exe
  C:\Windows\System\fYiMUZZ.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\mzAedXX.exe
  C:\Windows\System\mzAedXX.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\TJIBOtX.exe
  C:\Windows\System\TJIBOtX.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\FhohPTW.exe
  C:\Windows\System\FhohPTW.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\bMPsNcp.exe
  C:\Windows\System\bMPsNcp.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\uNZVivx.exe
  C:\Windows\System\uNZVivx.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\xzWOGdn.exe
  C:\Windows\System\xzWOGdn.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\IMMUSXe.exe
  C:\Windows\System\IMMUSXe.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\VztEXJH.exe
  C:\Windows\System\VztEXJH.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\knZsAEs.exe
  C:\Windows\System\knZsAEs.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\CgcZvEO.exe
  C:\Windows\System\CgcZvEO.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\pIpuyzC.exe
  C:\Windows\System\pIpuyzC.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\zxhaSdj.exe
  C:\Windows\System\zxhaSdj.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\XqGmAbJ.exe
  C:\Windows\System\XqGmAbJ.exe
  2⤵
  PID:3440
- C:\Windows\System\TJSTFnk.exe
  C:\Windows\System\TJSTFnk.exe
  2⤵
  PID:2132
- C:\Windows\System\PsBkxKV.exe
  C:\Windows\System\PsBkxKV.exe
  2⤵
  PID:3480
- C:\Windows\System\pHGrWrR.exe
  C:\Windows\System\pHGrWrR.exe
  2⤵
  PID:2424
- C:\Windows\System\XutVoYO.exe
  C:\Windows\System\XutVoYO.exe
  2⤵
  PID:3872
- C:\Windows\System\AIiInTY.exe
  C:\Windows\System\AIiInTY.exe
  2⤵
  PID:3396
- C:\Windows\System\JvEbqbb.exe
  C:\Windows\System\JvEbqbb.exe
  2⤵
  PID:1016
- C:\Windows\System\XbGYUPi.exe
  C:\Windows\System\XbGYUPi.exe
  2⤵
  PID:4612
- C:\Windows\System\QARqJkg.exe
  C:\Windows\System\QARqJkg.exe
  2⤵
  PID:2348
- C:\Windows\System\nXnXcnd.exe
  C:\Windows\System\nXnXcnd.exe
  2⤵
  PID:4616
- C:\Windows\System\bbGJWue.exe
  C:\Windows\System\bbGJWue.exe
  2⤵
  PID:4052
- C:\Windows\System\cSeMRsO.exe
  C:\Windows\System\cSeMRsO.exe
  2⤵
  PID:3644
- C:\Windows\System\PVCEWDl.exe
  C:\Windows\System\PVCEWDl.exe
  2⤵
  PID:4124
- C:\Windows\System\mZSwVgT.exe
  C:\Windows\System\mZSwVgT.exe
  2⤵
  PID:3988
- C:\Windows\System\khfONVy.exe
  C:\Windows\System\khfONVy.exe
  2⤵
  PID:3852
- C:\Windows\System\oABABMU.exe
  C:\Windows\System\oABABMU.exe
  2⤵
  PID:4456
- C:\Windows\System\EfRzjPw.exe
  C:\Windows\System\EfRzjPw.exe
  2⤵
  PID:464
- C:\Windows\System\nlIROjG.exe
  C:\Windows\System\nlIROjG.exe
  2⤵
  PID:3780
- C:\Windows\System\jiVokMM.exe
  C:\Windows\System\jiVokMM.exe
  2⤵
  PID:1636
- C:\Windows\System\ngNdAMy.exe
  C:\Windows\System\ngNdAMy.exe
  2⤵
  PID:3080
- C:\Windows\System\yHaztMK.exe
  C:\Windows\System\yHaztMK.exe
  2⤵
  PID:4652
- C:\Windows\System\OObzbLy.exe
  C:\Windows\System\OObzbLy.exe
  2⤵
  PID:228
- C:\Windows\System\HNJBEEA.exe
  C:\Windows\System\HNJBEEA.exe
  2⤵
  PID:2308
- C:\Windows\System\eVBVPgn.exe
  C:\Windows\System\eVBVPgn.exe
  2⤵
  PID:1852
- C:\Windows\System\ApXVjYW.exe
  C:\Windows\System\ApXVjYW.exe
  2⤵
  PID:4020
- C:\Windows\System\XXbcIFC.exe
  C:\Windows\System\XXbcIFC.exe
  2⤵
  PID:912
- C:\Windows\System\RgjtTGK.exe
  C:\Windows\System\RgjtTGK.exe
  2⤵
  PID:4620
- C:\Windows\System\EVpzVIU.exe
  C:\Windows\System\EVpzVIU.exe
  2⤵
  PID:3548
- C:\Windows\System\eyDdfdV.exe
  C:\Windows\System\eyDdfdV.exe
  2⤵
  PID:760
- C:\Windows\System\ehnGISp.exe
  C:\Windows\System\ehnGISp.exe
  2⤵
  PID:4412
- C:\Windows\System\hpuSTgA.exe
  C:\Windows\System\hpuSTgA.exe
  2⤵
  PID:1464
- C:\Windows\System\EJrxawV.exe
  C:\Windows\System\EJrxawV.exe
  2⤵
  PID:3984
- C:\Windows\System\CsQFzeh.exe
  C:\Windows\System\CsQFzeh.exe
  2⤵
  PID:4144
- C:\Windows\System\STChIGY.exe
  C:\Windows\System\STChIGY.exe
  2⤵
  PID:3144
- C:\Windows\System\wQUlunf.exe
  C:\Windows\System\wQUlunf.exe
  2⤵
  PID:4264
- C:\Windows\System\VRyEAyb.exe
  C:\Windows\System\VRyEAyb.exe
  2⤵
  PID:2208
- C:\Windows\System\KmsbdFl.exe
  C:\Windows\System\KmsbdFl.exe
  2⤵
  PID:4336
- C:\Windows\System\QvGwrEc.exe
  C:\Windows\System\QvGwrEc.exe
  2⤵
  PID:712
- C:\Windows\System\ZpxNBWB.exe
  C:\Windows\System\ZpxNBWB.exe
  2⤵
  PID:4856
- C:\Windows\System\AMMzZMa.exe
  C:\Windows\System\AMMzZMa.exe
  2⤵
  PID:1996
- C:\Windows\System\urklUfp.exe
  C:\Windows\System\urklUfp.exe
  2⤵
  PID:2080
- C:\Windows\System\fGDBptA.exe
  C:\Windows\System\fGDBptA.exe
  2⤵
  PID:1332
- C:\Windows\System\YkaggKs.exe
  C:\Windows\System\YkaggKs.exe
  2⤵
  PID:5152
- C:\Windows\System\VEkObQh.exe
  C:\Windows\System\VEkObQh.exe
  2⤵
  PID:5172
- C:\Windows\System\wiVltWS.exe
  C:\Windows\System\wiVltWS.exe
  2⤵
  PID:5200
- C:\Windows\System\lCAVdDk.exe
  C:\Windows\System\lCAVdDk.exe
  2⤵
  PID:5220
- C:\Windows\System\juvdqrb.exe
  C:\Windows\System\juvdqrb.exe
  2⤵
  PID:5236
- C:\Windows\System\pbqjDZM.exe
  C:\Windows\System\pbqjDZM.exe
  2⤵
  PID:5260
- C:\Windows\System\PkWcRtb.exe
  C:\Windows\System\PkWcRtb.exe
  2⤵
  PID:5292
- C:\Windows\System\bOFIzSQ.exe
  C:\Windows\System\bOFIzSQ.exe
  2⤵
  PID:5308
- C:\Windows\System\WOHrspx.exe
  C:\Windows\System\WOHrspx.exe
  2⤵
  PID:5332
- C:\Windows\System\niBuwff.exe
  C:\Windows\System\niBuwff.exe
  2⤵
  PID:5356
- C:\Windows\System\tkrPuxD.exe
  C:\Windows\System\tkrPuxD.exe
  2⤵
  PID:5384
- C:\Windows\System\iknePOR.exe
  C:\Windows\System\iknePOR.exe
  2⤵
  PID:5400
- C:\Windows\System\yMunfcp.exe
  C:\Windows\System\yMunfcp.exe
  2⤵
  PID:5428
- C:\Windows\System\rAShBVc.exe
  C:\Windows\System\rAShBVc.exe
  2⤵
  PID:5456
- C:\Windows\System\HwsHhAJ.exe
  C:\Windows\System\HwsHhAJ.exe
  2⤵
  PID:5472
- C:\Windows\System\zicYFjV.exe
  C:\Windows\System\zicYFjV.exe
  2⤵
  PID:5500
- C:\Windows\System\hIUZqWU.exe
  C:\Windows\System\hIUZqWU.exe
  2⤵
  PID:5528
- C:\Windows\System\zmYgyMd.exe
  C:\Windows\System\zmYgyMd.exe
  2⤵
  PID:5556
- C:\Windows\System\HHQfUcg.exe
  C:\Windows\System\HHQfUcg.exe
  2⤵
  PID:5584
- C:\Windows\System\MMpEprZ.exe
  C:\Windows\System\MMpEprZ.exe
  2⤵
  PID:5604
- C:\Windows\System\EQpcxtP.exe
  C:\Windows\System\EQpcxtP.exe
  2⤵
  PID:5624
- C:\Windows\System\VIJuFeD.exe
  C:\Windows\System\VIJuFeD.exe
  2⤵
  PID:5648
- C:\Windows\System\ROJSqQP.exe
  C:\Windows\System\ROJSqQP.exe
  2⤵
  PID:5680
- C:\Windows\System\LNONURh.exe
  C:\Windows\System\LNONURh.exe
  2⤵
  PID:5700
- C:\Windows\System\HvtgEQq.exe
  C:\Windows\System\HvtgEQq.exe
  2⤵
  PID:5720
- C:\Windows\System\xZlTEBW.exe
  C:\Windows\System\xZlTEBW.exe
  2⤵
  PID:5740
- C:\Windows\System\ltUzswn.exe
  C:\Windows\System\ltUzswn.exe
  2⤵
  PID:5772
- C:\Windows\System\MRvapgD.exe
  C:\Windows\System\MRvapgD.exe
  2⤵
  PID:5788
- C:\Windows\System\mhkYoDo.exe
  C:\Windows\System\mhkYoDo.exe
  2⤵
  PID:5812
- C:\Windows\System\YWtXHvk.exe
  C:\Windows\System\YWtXHvk.exe
  2⤵
  PID:5828
- C:\Windows\System\oOLWObF.exe
  C:\Windows\System\oOLWObF.exe
  2⤵
  PID:5856
- C:\Windows\System\GemrjcA.exe
  C:\Windows\System\GemrjcA.exe
  2⤵
  PID:5884
- C:\Windows\System\WjkdmVJ.exe
  C:\Windows\System\WjkdmVJ.exe
  2⤵
  PID:5904
- C:\Windows\System\xwtWCjK.exe
  C:\Windows\System\xwtWCjK.exe
  2⤵
  PID:5920
- C:\Windows\System\fwilAmU.exe
  C:\Windows\System\fwilAmU.exe
  2⤵
  PID:5944
- C:\Windows\System\jXCJZuQ.exe
  C:\Windows\System\jXCJZuQ.exe
  2⤵
  PID:5972
- C:\Windows\System\gHFlYaP.exe
  C:\Windows\System\gHFlYaP.exe
  2⤵
  PID:5996
- C:\Windows\System\thhFqja.exe
  C:\Windows\System\thhFqja.exe
  2⤵
  PID:6016
- C:\Windows\System\yqstPcZ.exe
  C:\Windows\System\yqstPcZ.exe
  2⤵
  PID:6036
- C:\Windows\System\eJyPamw.exe
  C:\Windows\System\eJyPamw.exe
  2⤵
  PID:6056
- C:\Windows\System\gvVafls.exe
  C:\Windows\System\gvVafls.exe
  2⤵
  PID:6084
- C:\Windows\System\lQiXXYw.exe
  C:\Windows\System\lQiXXYw.exe
  2⤵
  PID:6100
- C:\Windows\System\eGvHwvk.exe
  C:\Windows\System\eGvHwvk.exe
  2⤵
  PID:6128
- C:\Windows\System\eKAcfTQ.exe
  C:\Windows\System\eKAcfTQ.exe
  2⤵
  PID:1232
- C:\Windows\System\NvXhZFc.exe
  C:\Windows\System\NvXhZFc.exe
  2⤵
  PID:4084
- C:\Windows\System\tQYcXmq.exe
  C:\Windows\System\tQYcXmq.exe
  2⤵
  PID:2004
- C:\Windows\System\VYjtYZk.exe
  C:\Windows\System\VYjtYZk.exe
  2⤵
  PID:2484
- C:\Windows\System\CHdhIck.exe
  C:\Windows\System\CHdhIck.exe
  2⤵
  PID:5188
- C:\Windows\System\PNZWhzv.exe
  C:\Windows\System\PNZWhzv.exe
  2⤵
  PID:1520
- C:\Windows\System\qQgFGkQ.exe
  C:\Windows\System\qQgFGkQ.exe
  2⤵
  PID:5340
- C:\Windows\System\sleyeRh.exe
  C:\Windows\System\sleyeRh.exe
  2⤵
  PID:5160
- C:\Windows\System\MMVwLii.exe
  C:\Windows\System\MMVwLii.exe
  2⤵
  PID:5372
- C:\Windows\System\tLkIomI.exe
  C:\Windows\System\tLkIomI.exe
  2⤵
  PID:1004
- C:\Windows\System\PqRtLjT.exe
  C:\Windows\System\PqRtLjT.exe
  2⤵
  PID:5496
- C:\Windows\System\nKZNcNL.exe
  C:\Windows\System\nKZNcNL.exe
  2⤵
  PID:5576
- C:\Windows\System\uWREjIa.exe
  C:\Windows\System\uWREjIa.exe
  2⤵
  PID:1744
- C:\Windows\System\reHmnFQ.exe
  C:\Windows\System\reHmnFQ.exe
  2⤵
  PID:5228
- C:\Windows\System\LkzxqPD.exe
  C:\Windows\System\LkzxqPD.exe
  2⤵
  PID:5712
- C:\Windows\System\paZgSeB.exe
  C:\Windows\System\paZgSeB.exe
  2⤵
  PID:5468
- C:\Windows\System\rJGWEnX.exe
  C:\Windows\System\rJGWEnX.exe
  2⤵
  PID:5300
- C:\Windows\System\RieoICH.exe
  C:\Windows\System\RieoICH.exe
  2⤵
  PID:5824
- C:\Windows\System\UNTDkkQ.exe
  C:\Windows\System\UNTDkkQ.exe
  2⤵
  PID:5864
- C:\Windows\System\yxTDGQE.exe
  C:\Windows\System\yxTDGQE.exe
  2⤵
  PID:5592
- C:\Windows\System\MengmYR.exe
  C:\Windows\System\MengmYR.exe
  2⤵
  PID:4584
- C:\Windows\System\kEeImnR.exe
  C:\Windows\System\kEeImnR.exe
  2⤵
  PID:5480
- C:\Windows\System\zibjRTS.exe
  C:\Windows\System\zibjRTS.exe
  2⤵
  PID:5544
- C:\Windows\System\DUxPEWt.exe
  C:\Windows\System\DUxPEWt.exe
  2⤵
  PID:6152
- C:\Windows\System\uAcseeO.exe
  C:\Windows\System\uAcseeO.exe
  2⤵
  PID:6172
- C:\Windows\System\hSctFjA.exe
  C:\Windows\System\hSctFjA.exe
  2⤵
  PID:6192
- C:\Windows\System\cRIPaip.exe
  C:\Windows\System\cRIPaip.exe
  2⤵
  PID:6216
- C:\Windows\System\zlTjxxQ.exe
  C:\Windows\System\zlTjxxQ.exe
  2⤵
  PID:6236
- C:\Windows\System\tFjXTJz.exe
  C:\Windows\System\tFjXTJz.exe
  2⤵
  PID:6260
- C:\Windows\System\RKjWPDe.exe
  C:\Windows\System\RKjWPDe.exe
  2⤵
  PID:6280
- C:\Windows\System\zPUkifY.exe
  C:\Windows\System\zPUkifY.exe
  2⤵
  PID:6304
- C:\Windows\System\KYFLgCn.exe
  C:\Windows\System\KYFLgCn.exe
  2⤵
  PID:6320
- C:\Windows\System\UyvLmyy.exe
  C:\Windows\System\UyvLmyy.exe
  2⤵
  PID:6340
- C:\Windows\System\gaIXuCu.exe
  C:\Windows\System\gaIXuCu.exe
  2⤵
  PID:6364
- C:\Windows\System\SigRxig.exe
  C:\Windows\System\SigRxig.exe
  2⤵
  PID:6392
- C:\Windows\System\UbQdDxA.exe
  C:\Windows\System\UbQdDxA.exe
  2⤵
  PID:6408
- C:\Windows\System\nbIALEZ.exe
  C:\Windows\System\nbIALEZ.exe
  2⤵
  PID:6436
- C:\Windows\System\ASMaZNL.exe
  C:\Windows\System\ASMaZNL.exe
  2⤵
  PID:6452
- C:\Windows\System\mBBdERB.exe
  C:\Windows\System\mBBdERB.exe
  2⤵
  PID:6488
- C:\Windows\System\BJPtbcc.exe
  C:\Windows\System\BJPtbcc.exe
  2⤵
  PID:6512
- C:\Windows\System\KzHwhzD.exe
  C:\Windows\System\KzHwhzD.exe
  2⤵
  PID:6536
- C:\Windows\System\mAniOWn.exe
  C:\Windows\System\mAniOWn.exe
  2⤵
  PID:6564
- C:\Windows\System\VKlVIjT.exe
  C:\Windows\System\VKlVIjT.exe
  2⤵
  PID:6588
- C:\Windows\System\UtEmGaN.exe
  C:\Windows\System\UtEmGaN.exe
  2⤵
  PID:6608
- C:\Windows\System\OOtBuvL.exe
  C:\Windows\System\OOtBuvL.exe
  2⤵
  PID:6632
- C:\Windows\System\NcTLVOP.exe
  C:\Windows\System\NcTLVOP.exe
  2⤵
  PID:6656
- C:\Windows\System\ROFcJZu.exe
  C:\Windows\System\ROFcJZu.exe
  2⤵
  PID:6676
- C:\Windows\System\umSPczO.exe
  C:\Windows\System\umSPczO.exe
  2⤵
  PID:6700
- C:\Windows\System\wpJoVBs.exe
  C:\Windows\System\wpJoVBs.exe
  2⤵
  PID:6720
- C:\Windows\System\GdmBdsj.exe
  C:\Windows\System\GdmBdsj.exe
  2⤵
  PID:6736
- C:\Windows\System\rSEIqfT.exe
  C:\Windows\System\rSEIqfT.exe
  2⤵
  PID:6760
- C:\Windows\System\wgWPtpa.exe
  C:\Windows\System\wgWPtpa.exe
  2⤵
  PID:6780
- C:\Windows\System\oycCqBw.exe
  C:\Windows\System\oycCqBw.exe
  2⤵
  PID:6800
- C:\Windows\System\aQVwWsJ.exe
  C:\Windows\System\aQVwWsJ.exe
  2⤵
  PID:6824
- C:\Windows\System\OpEhdnU.exe
  C:\Windows\System\OpEhdnU.exe
  2⤵
  PID:6852
- C:\Windows\System\dEywHpL.exe
  C:\Windows\System\dEywHpL.exe
  2⤵
  PID:6872
- C:\Windows\System\cxfDWmk.exe
  C:\Windows\System\cxfDWmk.exe
  2⤵
  PID:6900
- C:\Windows\System\ABpMFtE.exe
  C:\Windows\System\ABpMFtE.exe
  2⤵
  PID:6920
- C:\Windows\System\NwdlTup.exe
  C:\Windows\System\NwdlTup.exe
  2⤵
  PID:6940
- C:\Windows\System\BxkNyvq.exe
  C:\Windows\System\BxkNyvq.exe
  2⤵
  PID:6964
- C:\Windows\System\QLQzpdL.exe
  C:\Windows\System\QLQzpdL.exe
  2⤵
  PID:6988
- C:\Windows\System\eKYWWiJ.exe
  C:\Windows\System\eKYWWiJ.exe
  2⤵
  PID:7008
- C:\Windows\System\HTkxxmg.exe
  C:\Windows\System\HTkxxmg.exe
  2⤵
  PID:7032
- C:\Windows\System\QyqCYqs.exe
  C:\Windows\System\QyqCYqs.exe
  2⤵
  PID:7048
- C:\Windows\System\zjjOxms.exe
  C:\Windows\System\zjjOxms.exe
  2⤵
  PID:7068
- C:\Windows\System\SFOLdgP.exe
  C:\Windows\System\SFOLdgP.exe
  2⤵
  PID:7084
- C:\Windows\System\TUtxcTu.exe
  C:\Windows\System\TUtxcTu.exe
  2⤵
  PID:7108
- C:\Windows\System\qzXOuQE.exe
  C:\Windows\System\qzXOuQE.exe
  2⤵
  PID:7124
- C:\Windows\System\oVHRRLa.exe
  C:\Windows\System\oVHRRLa.exe
  2⤵
  PID:7144
- C:\Windows\System\zHCVvch.exe
  C:\Windows\System\zHCVvch.exe
  2⤵
  PID:7164
- C:\Windows\System\pKZQsWK.exe
  C:\Windows\System\pKZQsWK.exe
  2⤵
  PID:3956
- C:\Windows\System\ZOkFWRK.exe
  C:\Windows\System\ZOkFWRK.exe
  2⤵
  PID:5140
- C:\Windows\System\Ojbeoru.exe
  C:\Windows\System\Ojbeoru.exe
  2⤵
  PID:5748
- C:\Windows\System\JgUvkJQ.exe
  C:\Windows\System\JgUvkJQ.exe
  2⤵
  PID:112
- C:\Windows\System\YsKXsaj.exe
  C:\Windows\System\YsKXsaj.exe
  2⤵
  PID:5408
- C:\Windows\System\vyLRTys.exe
  C:\Windows\System\vyLRTys.exe
  2⤵
  PID:6092
- C:\Windows\System\jGIFZao.exe
  C:\Windows\System\jGIFZao.exe
  2⤵
  PID:5320
- C:\Windows\System\oJJmDPr.exe
  C:\Windows\System\oJJmDPr.exe
  2⤵
  PID:5892
- C:\Windows\System\BPmGlmD.exe
  C:\Windows\System\BPmGlmD.exe
  2⤵
  PID:5540
- C:\Windows\System\nQAQkXm.exe
  C:\Windows\System\nQAQkXm.exe
  2⤵
  PID:6148
- C:\Windows\System\ZoDJTcA.exe
  C:\Windows\System\ZoDJTcA.exe
  2⤵
  PID:6200
- C:\Windows\System\SLYIeZk.exe
  C:\Windows\System\SLYIeZk.exe
  2⤵
  PID:6252
- C:\Windows\System\SURiXws.exe
  C:\Windows\System\SURiXws.exe
  2⤵
  PID:5348
- C:\Windows\System\OqPSCeD.exe
  C:\Windows\System\OqPSCeD.exe
  2⤵
  PID:6064
- C:\Windows\System\vDPXLbo.exe
  C:\Windows\System\vDPXLbo.exe
  2⤵
  PID:6460
- C:\Windows\System\dOpGksz.exe
  C:\Windows\System\dOpGksz.exe
  2⤵
  PID:6532
- C:\Windows\System\kXvIhdP.exe
  C:\Windows\System\kXvIhdP.exe
  2⤵
  PID:5620
- C:\Windows\System\gDZAaAK.exe
  C:\Windows\System\gDZAaAK.exe
  2⤵
  PID:6620
- C:\Windows\System\XuCxlPU.exe
  C:\Windows\System\XuCxlPU.exe
  2⤵
  PID:6648
- C:\Windows\System\IpbtBwE.exe
  C:\Windows\System\IpbtBwE.exe
  2⤵
  PID:5844
- C:\Windows\System\MgJaxLO.exe
  C:\Windows\System\MgJaxLO.exe
  2⤵
  PID:5916
- C:\Windows\System\YKmPWaE.exe
  C:\Windows\System\YKmPWaE.exe
  2⤵
  PID:6728
- C:\Windows\System\qulwKTi.exe
  C:\Windows\System\qulwKTi.exe
  2⤵
  PID:6820
- C:\Windows\System\PEuYCUP.exe
  C:\Windows\System\PEuYCUP.exe
  2⤵
  PID:6892
- C:\Windows\System\YUNimgl.exe
  C:\Windows\System\YUNimgl.exe
  2⤵
  PID:6348
- C:\Windows\System\dFzByLd.exe
  C:\Windows\System\dFzByLd.exe
  2⤵
  PID:6980
- C:\Windows\System\eYwlQve.exe
  C:\Windows\System\eYwlQve.exe
  2⤵
  PID:7172
- C:\Windows\System\JfkPnur.exe
  C:\Windows\System\JfkPnur.exe
  2⤵
  PID:7196
- C:\Windows\System\yWpvWDx.exe
  C:\Windows\System\yWpvWDx.exe
  2⤵
  PID:7212
- C:\Windows\System\WNNoaBq.exe
  C:\Windows\System\WNNoaBq.exe
  2⤵
  PID:7228
- C:\Windows\System\NuoHexK.exe
  C:\Windows\System\NuoHexK.exe
  2⤵
  PID:7248
- C:\Windows\System\VxWYZQk.exe
  C:\Windows\System\VxWYZQk.exe
  2⤵
  PID:7264
- C:\Windows\System\IjKaoEC.exe
  C:\Windows\System\IjKaoEC.exe
  2⤵
  PID:7280
- C:\Windows\System\lsddjMe.exe
  C:\Windows\System\lsddjMe.exe
  2⤵
  PID:7296
- C:\Windows\System\oySIcNF.exe
  C:\Windows\System\oySIcNF.exe
  2⤵
  PID:7312
- C:\Windows\System\wXRtBDq.exe
  C:\Windows\System\wXRtBDq.exe
  2⤵
  PID:7332
- C:\Windows\System\HBXyDIB.exe
  C:\Windows\System\HBXyDIB.exe
  2⤵
  PID:7348
- C:\Windows\System\CvFLZWJ.exe
  C:\Windows\System\CvFLZWJ.exe
  2⤵
  PID:7364
- C:\Windows\System\rhgwZIq.exe
  C:\Windows\System\rhgwZIq.exe
  2⤵
  PID:7420
- C:\Windows\System\JGtgRIe.exe
  C:\Windows\System\JGtgRIe.exe
  2⤵
  PID:7460
- C:\Windows\System\xPyuniV.exe
  C:\Windows\System\xPyuniV.exe
  2⤵
  PID:7488
- C:\Windows\System\ZlPSAae.exe
  C:\Windows\System\ZlPSAae.exe
  2⤵
  PID:7528
- C:\Windows\System\dlorntJ.exe
  C:\Windows\System\dlorntJ.exe
  2⤵
  PID:7552
- C:\Windows\System\fSNLTwu.exe
  C:\Windows\System\fSNLTwu.exe
  2⤵
  PID:7572
- C:\Windows\System\dIeYWTn.exe
  C:\Windows\System\dIeYWTn.exe
  2⤵
  PID:7600
- C:\Windows\System\BhbQmvW.exe
  C:\Windows\System\BhbQmvW.exe
  2⤵
  PID:7628
- C:\Windows\System\sgdrBea.exe
  C:\Windows\System\sgdrBea.exe
  2⤵
  PID:7656
- C:\Windows\System\NWlWqax.exe
  C:\Windows\System\NWlWqax.exe
  2⤵
  PID:7688
- C:\Windows\System\ESxYWRm.exe
  C:\Windows\System\ESxYWRm.exe
  2⤵
  PID:7712
- C:\Windows\System\ZytKCzY.exe
  C:\Windows\System\ZytKCzY.exe
  2⤵
  PID:7752
- C:\Windows\System\NbhdWMH.exe
  C:\Windows\System\NbhdWMH.exe
  2⤵
  PID:7776
- C:\Windows\System\gmKloVw.exe
  C:\Windows\System\gmKloVw.exe
  2⤵
  PID:7824
- C:\Windows\System\GlTDsMl.exe
  C:\Windows\System\GlTDsMl.exe
  2⤵
  PID:7852
- C:\Windows\System\rUxhGrh.exe
  C:\Windows\System\rUxhGrh.exe
  2⤵
  PID:7868
- C:\Windows\System\bLBhdMA.exe
  C:\Windows\System\bLBhdMA.exe
  2⤵
  PID:7888
- C:\Windows\System\jjzKVnw.exe
  C:\Windows\System\jjzKVnw.exe
  2⤵
  PID:1904
- C:\Windows\System\pFILkSw.exe
  C:\Windows\System\pFILkSw.exe
  2⤵
  PID:5796
- C:\Windows\System\AkNoQZw.exe
  C:\Windows\System\AkNoQZw.exe
  2⤵
  PID:2184
- C:\Windows\System\LHHQOCo.exe
  C:\Windows\System\LHHQOCo.exe
  2⤵
  PID:6248
- C:\Windows\System\suiZbpa.exe
  C:\Windows\System\suiZbpa.exe
  2⤵
  PID:6732
- C:\Windows\System\bryVMvY.exe
  C:\Windows\System\bryVMvY.exe
  2⤵
  PID:6448
- C:\Windows\System\jNVnDMQ.exe
  C:\Windows\System\jNVnDMQ.exe
  2⤵
  PID:6504
- C:\Windows\System\TZZTKSm.exe
  C:\Windows\System\TZZTKSm.exe
  2⤵
  PID:4448
- C:\Windows\System\RvqnxFs.exe
  C:\Windows\System\RvqnxFs.exe
  2⤵
  PID:4248
- C:\Windows\System\XoHPxdM.exe
  C:\Windows\System\XoHPxdM.exe
  2⤵
  PID:7096
- C:\Windows\System\okSaSsU.exe
  C:\Windows\System\okSaSsU.exe
  2⤵
  PID:7156
- C:\Windows\System\pOzUcWs.exe
  C:\Windows\System\pOzUcWs.exe
  2⤵
  PID:6552
- C:\Windows\System\CdxeOtS.exe
  C:\Windows\System\CdxeOtS.exe
  2⤵
  PID:5668
- C:\Windows\System\nYeQdYf.exe
  C:\Windows\System\nYeQdYf.exe
  2⤵
  PID:5208
- C:\Windows\System\QXeicdY.exe
  C:\Windows\System\QXeicdY.exe
  2⤵
  PID:7372
- C:\Windows\System\LUJaUPI.exe
  C:\Windows\System\LUJaUPI.exe
  2⤵
  PID:7412
- C:\Windows\System\XvzhTVW.exe
  C:\Windows\System\XvzhTVW.exe
  2⤵
  PID:5596
- C:\Windows\System\QZKQTeO.exe
  C:\Windows\System\QZKQTeO.exe
  2⤵
  PID:5632
- C:\Windows\System\PrLeagx.exe
  C:\Windows\System\PrLeagx.exe
  2⤵
  PID:6772
- C:\Windows\System\chVEkOo.exe
  C:\Windows\System\chVEkOo.exe
  2⤵
  PID:3948
- C:\Windows\System\GrwQVNY.exe
  C:\Windows\System\GrwQVNY.exe
  2⤵
  PID:6380
- C:\Windows\System\ylOTmQB.exe
  C:\Windows\System\ylOTmQB.exe
  2⤵
  PID:7116
- C:\Windows\System\nMMtNSY.exe
  C:\Windows\System\nMMtNSY.exe
  2⤵
  PID:5212
- C:\Windows\System\jaiwQys.exe
  C:\Windows\System\jaiwQys.exe
  2⤵
  PID:7344
- C:\Windows\System\RdbHeYn.exe
  C:\Windows\System\RdbHeYn.exe
  2⤵
  PID:7404
- C:\Windows\System\iERWQzW.exe
  C:\Windows\System\iERWQzW.exe
  2⤵
  PID:5464
- C:\Windows\System\HkbLtXD.exe
  C:\Windows\System\HkbLtXD.exe
  2⤵
  PID:5232
- C:\Windows\System\AsJpSNE.exe
  C:\Windows\System\AsJpSNE.exe
  2⤵
  PID:8212
- C:\Windows\System\KQahTnX.exe
  C:\Windows\System\KQahTnX.exe
  2⤵
  PID:8256
- C:\Windows\System\zldUwvR.exe
  C:\Windows\System\zldUwvR.exe
  2⤵
  PID:8276
- C:\Windows\System\YrFbqWL.exe
  C:\Windows\System\YrFbqWL.exe
  2⤵
  PID:8292
- C:\Windows\System\ccVEOar.exe
  C:\Windows\System\ccVEOar.exe
  2⤵
  PID:8308
- C:\Windows\System\iPkYewy.exe
  C:\Windows\System\iPkYewy.exe
  2⤵
  PID:8328
- C:\Windows\System\MIENxqE.exe
  C:\Windows\System\MIENxqE.exe
  2⤵
  PID:8348
- C:\Windows\System\qvjqAkU.exe
  C:\Windows\System\qvjqAkU.exe
  2⤵
  PID:8368
- C:\Windows\System\BqmgTOt.exe
  C:\Windows\System\BqmgTOt.exe
  2⤵
  PID:8388
- C:\Windows\System\nlAbKcH.exe
  C:\Windows\System\nlAbKcH.exe
  2⤵
  PID:8408
- C:\Windows\System\hTlwOsr.exe
  C:\Windows\System\hTlwOsr.exe
  2⤵
  PID:8428
- C:\Windows\System\DTTAsWj.exe
  C:\Windows\System\DTTAsWj.exe
  2⤵
  PID:8448
- C:\Windows\System\hOKgJRh.exe
  C:\Windows\System\hOKgJRh.exe
  2⤵
  PID:8464
- C:\Windows\System\AmwSRGV.exe
  C:\Windows\System\AmwSRGV.exe
  2⤵
  PID:8884
- C:\Windows\System\XMlshQB.exe
  C:\Windows\System\XMlshQB.exe
  2⤵
  PID:8944
- C:\Windows\System\WRjsubc.exe
  C:\Windows\System\WRjsubc.exe
  2⤵
  PID:8968
- C:\Windows\System\nMCtcRN.exe
  C:\Windows\System\nMCtcRN.exe
  2⤵
  PID:8984
- C:\Windows\System\LuBVmrQ.exe
  C:\Windows\System\LuBVmrQ.exe
  2⤵
  PID:9000
- C:\Windows\System\HVNuuQo.exe
  C:\Windows\System\HVNuuQo.exe
  2⤵
  PID:9024
- C:\Windows\System\BxOUBYJ.exe
  C:\Windows\System\BxOUBYJ.exe
  2⤵
  PID:9044
- C:\Windows\System\JSlakmu.exe
  C:\Windows\System\JSlakmu.exe
  2⤵
  PID:9060
- C:\Windows\System\DaqUZSm.exe
  C:\Windows\System\DaqUZSm.exe
  2⤵
  PID:9080
- C:\Windows\System\VbhcABc.exe
  C:\Windows\System\VbhcABc.exe
  2⤵
  PID:9108
- C:\Windows\System\BFUUEpL.exe
  C:\Windows\System\BFUUEpL.exe
  2⤵
  PID:9164
- C:\Windows\System\WptXTCF.exe
  C:\Windows\System\WptXTCF.exe
  2⤵
  PID:9188
- C:\Windows\System\oqFWIxY.exe
  C:\Windows\System\oqFWIxY.exe
  2⤵
  PID:9212
- C:\Windows\System\YQHvFmZ.exe
  C:\Windows\System\YQHvFmZ.exe
  2⤵
  PID:8056
- C:\Windows\System\taBKyox.exe
  C:\Windows\System\taBKyox.exe
  2⤵
  PID:8108
- C:\Windows\System\SwOLcag.exe
  C:\Windows\System\SwOLcag.exe
  2⤵
  PID:7740
- C:\Windows\System\ijhqyZH.exe
  C:\Windows\System\ijhqyZH.exe
  2⤵
  PID:8148
- C:\Windows\System\iLzIGQL.exe
  C:\Windows\System\iLzIGQL.exe
  2⤵
  PID:7208
- C:\Windows\System\bpTrkmG.exe
  C:\Windows\System\bpTrkmG.exe
  2⤵
  PID:1180
- C:\Windows\System\HoNRRfl.exe
  C:\Windows\System\HoNRRfl.exe
  2⤵
  PID:7676
- C:\Windows\System\xTHWGTD.exe
  C:\Windows\System\xTHWGTD.exe
  2⤵
  PID:7820
- C:\Windows\System\uPtolOi.exe
  C:\Windows\System\uPtolOi.exe
  2⤵
  PID:1676
- C:\Windows\System\aWvJBJQ.exe
  C:\Windows\System\aWvJBJQ.exe
  2⤵
  PID:7400
- C:\Windows\System\oglzFKp.exe
  C:\Windows\System\oglzFKp.exe
  2⤵
  PID:8084
- C:\Windows\System\ddwjcHr.exe
  C:\Windows\System\ddwjcHr.exe
  2⤵
  PID:7560
- C:\Windows\System\ocRDlkL.exe
  C:\Windows\System\ocRDlkL.exe
  2⤵
  PID:6548
- C:\Windows\System\jDUUYTJ.exe
  C:\Windows\System\jDUUYTJ.exe
  2⤵
  PID:8424
- C:\Windows\System\AuQXhjH.exe
  C:\Windows\System\AuQXhjH.exe
  2⤵
  PID:6336
- C:\Windows\System\yjjIznz.exe
  C:\Windows\System\yjjIznz.exe
  2⤵
  PID:8380
- C:\Windows\System\lvSDooD.exe
  C:\Windows\System\lvSDooD.exe
  2⤵
  PID:8504
- C:\Windows\System\xnsFWyH.exe
  C:\Windows\System\xnsFWyH.exe
  2⤵
  PID:5376
- C:\Windows\System\UKtcfkr.exe
  C:\Windows\System\UKtcfkr.exe
  2⤵
  PID:6296
- C:\Windows\System\JhRcfBk.exe
  C:\Windows\System\JhRcfBk.exe
  2⤵
  PID:4244
- C:\Windows\System\qNucYWA.exe
  C:\Windows\System\qNucYWA.exe
  2⤵
  PID:5168
- C:\Windows\System\tcDPNzX.exe
  C:\Windows\System\tcDPNzX.exe
  2⤵
  PID:6752
- C:\Windows\System\jkEMZrO.exe
  C:\Windows\System\jkEMZrO.exe
  2⤵
  PID:7100
- C:\Windows\System\mGjqSoM.exe
  C:\Windows\System\mGjqSoM.exe
  2⤵
  PID:5568
- C:\Windows\System\klJPiON.exe
  C:\Windows\System\klJPiON.exe
  2⤵
  PID:8288
- C:\Windows\System\FfiIXNM.exe
  C:\Windows\System\FfiIXNM.exe
  2⤵
  PID:3696
- C:\Windows\System\NYqNPIk.exe
  C:\Windows\System\NYqNPIk.exe
  2⤵
  PID:8896
- C:\Windows\System\RpTCrez.exe
  C:\Windows\System\RpTCrez.exe
  2⤵
  PID:8964
- C:\Windows\System\yoTGzsr.exe
  C:\Windows\System\yoTGzsr.exe
  2⤵
  PID:9240
- C:\Windows\System\hMhTcQZ.exe
  C:\Windows\System\hMhTcQZ.exe
  2⤵
  PID:9272
- C:\Windows\System\mbggfOg.exe
  C:\Windows\System\mbggfOg.exe
  2⤵
  PID:9288
- C:\Windows\System\PXshDTs.exe
  C:\Windows\System\PXshDTs.exe
  2⤵
  PID:9308
- C:\Windows\System\tDvLeHj.exe
  C:\Windows\System\tDvLeHj.exe
  2⤵
  PID:9332
- C:\Windows\System\fkaVdLN.exe
  C:\Windows\System\fkaVdLN.exe
  2⤵
  PID:9356
- C:\Windows\System\yWEDVQZ.exe
  C:\Windows\System\yWEDVQZ.exe
  2⤵
  PID:9376
- C:\Windows\System\bLMaIwD.exe
  C:\Windows\System\bLMaIwD.exe
  2⤵
  PID:9400
- C:\Windows\System\sYbMcEZ.exe
  C:\Windows\System\sYbMcEZ.exe
  2⤵
  PID:9420
- C:\Windows\System\duVtUFC.exe
  C:\Windows\System\duVtUFC.exe
  2⤵
  PID:9444
- C:\Windows\System\utVjZNo.exe
  C:\Windows\System\utVjZNo.exe
  2⤵
  PID:9472
- C:\Windows\System\lTaDQQO.exe
  C:\Windows\System\lTaDQQO.exe
  2⤵
  PID:9492
- C:\Windows\System\IoEMLTp.exe
  C:\Windows\System\IoEMLTp.exe
  2⤵
  PID:9516
- C:\Windows\System\tzFskaV.exe
  C:\Windows\System\tzFskaV.exe
  2⤵
  PID:9532
- C:\Windows\System\YoNCqPh.exe
  C:\Windows\System\YoNCqPh.exe
  2⤵
  PID:9548
- C:\Windows\System\QoNPFQW.exe
  C:\Windows\System\QoNPFQW.exe
  2⤵
  PID:9564
- C:\Windows\System\swXFZHv.exe
  C:\Windows\System\swXFZHv.exe
  2⤵
  PID:9580
- C:\Windows\System\ysnlasE.exe
  C:\Windows\System\ysnlasE.exe
  2⤵
  PID:9596
- C:\Windows\System\greTdKA.exe
  C:\Windows\System\greTdKA.exe
  2⤵
  PID:9612
- C:\Windows\System\FyGgPra.exe
  C:\Windows\System\FyGgPra.exe
  2⤵
  PID:9632
- C:\Windows\System\GKoQnsK.exe
  C:\Windows\System\GKoQnsK.exe
  2⤵
  PID:9648
- C:\Windows\System\pdDUcRH.exe
  C:\Windows\System\pdDUcRH.exe
  2⤵
  PID:9676
- C:\Windows\System\cIMokFM.exe
  C:\Windows\System\cIMokFM.exe
  2⤵
  PID:9700
- C:\Windows\System\dtJmmYw.exe
  C:\Windows\System\dtJmmYw.exe
  2⤵
  PID:9720
- C:\Windows\System\hiwqVNP.exe
  C:\Windows\System\hiwqVNP.exe
  2⤵
  PID:9736
- C:\Windows\System\OMXWGaw.exe
  C:\Windows\System\OMXWGaw.exe
  2⤵
  PID:9756
- C:\Windows\System\lmvDjGM.exe
  C:\Windows\System\lmvDjGM.exe
  2⤵
  PID:9780
- C:\Windows\System\hlNWxUd.exe
  C:\Windows\System\hlNWxUd.exe
  2⤵
  PID:9800
- C:\Windows\System\GfullEB.exe
  C:\Windows\System\GfullEB.exe
  2⤵
  PID:9820
- C:\Windows\System\YDlSjTE.exe
  C:\Windows\System\YDlSjTE.exe
  2⤵
  PID:9844
- C:\Windows\System\nRNyqqP.exe
  C:\Windows\System\nRNyqqP.exe
  2⤵
  PID:9872
- C:\Windows\System\LYOLOXU.exe
  C:\Windows\System\LYOLOXU.exe
  2⤵
  PID:9892
- C:\Windows\System\GLojTqZ.exe
  C:\Windows\System\GLojTqZ.exe
  2⤵
  PID:9916
- C:\Windows\System\YujIgHp.exe
  C:\Windows\System\YujIgHp.exe
  2⤵
  PID:9936
- C:\Windows\System\msLYRhM.exe
  C:\Windows\System\msLYRhM.exe
  2⤵
  PID:9964
- C:\Windows\System\hyGRKHo.exe
  C:\Windows\System\hyGRKHo.exe
  2⤵
  PID:9984
- C:\Windows\System\NdvEkRX.exe
  C:\Windows\System\NdvEkRX.exe
  2⤵
  PID:10000
- C:\Windows\System\WnXoHWT.exe
  C:\Windows\System\WnXoHWT.exe
  2⤵
  PID:10020
- C:\Windows\System\KlpavuM.exe
  C:\Windows\System\KlpavuM.exe
  2⤵
  PID:10040
- C:\Windows\System\odTxGfe.exe
  C:\Windows\System\odTxGfe.exe
  2⤵
  PID:10060
- C:\Windows\System\LjmVrVb.exe
  C:\Windows\System\LjmVrVb.exe
  2⤵
  PID:10084
- C:\Windows\System\sOUSTjN.exe
  C:\Windows\System\sOUSTjN.exe
  2⤵
  PID:10104
- C:\Windows\System\shxIJYG.exe
  C:\Windows\System\shxIJYG.exe
  2⤵
  PID:10124
- C:\Windows\System\yMiDibd.exe
  C:\Windows\System\yMiDibd.exe
  2⤵
  PID:10144
- C:\Windows\System\YWKrash.exe
  C:\Windows\System\YWKrash.exe
  2⤵
  PID:10164
- C:\Windows\System\twKiGBe.exe
  C:\Windows\System\twKiGBe.exe
  2⤵
  PID:10188
- C:\Windows\System\YbcuNTL.exe
  C:\Windows\System\YbcuNTL.exe
  2⤵
  PID:10208
- C:\Windows\System\OJZUILT.exe
  C:\Windows\System\OJZUILT.exe
  2⤵
  PID:10236
- C:\Windows\System\auiLNbm.exe
  C:\Windows\System\auiLNbm.exe
  2⤵
  PID:9020
- C:\Windows\System\zsdfgxw.exe
  C:\Windows\System\zsdfgxw.exe
  2⤵
  PID:8484
- C:\Windows\System\lNtrBfR.exe
  C:\Windows\System\lNtrBfR.exe
  2⤵
  PID:9116
- C:\Windows\System\sMNzpLg.exe
  C:\Windows\System\sMNzpLg.exe
  2⤵
  PID:8100
- C:\Windows\System\xkcQloO.exe
  C:\Windows\System\xkcQloO.exe
  2⤵
  PID:7708
- C:\Windows\System\vZMUnOx.exe
  C:\Windows\System\vZMUnOx.exe
  2⤵
  PID:7884
- C:\Windows\System\cIIPlSF.exe
  C:\Windows\System\cIIPlSF.exe
  2⤵
  PID:3868
- C:\Windows\System\EwzEthV.exe
  C:\Windows\System\EwzEthV.exe
  2⤵
  PID:3776
- C:\Windows\System\BOjYVJk.exe
  C:\Windows\System\BOjYVJk.exe
  2⤵
  PID:8096
- C:\Windows\System\EZPmVqb.exe
  C:\Windows\System\EZPmVqb.exe
  2⤵
  PID:7016
- C:\Windows\System\xyVDNVP.exe
  C:\Windows\System\xyVDNVP.exe
  2⤵
  PID:8264
- C:\Windows\System\PbTPloZ.exe
  C:\Windows\System\PbTPloZ.exe
  2⤵
  PID:7360
- C:\Windows\System\AsAxswQ.exe
  C:\Windows\System\AsAxswQ.exe
  2⤵
  PID:6168
- C:\Windows\System\mPMCdju.exe
  C:\Windows\System\mPMCdju.exe
  2⤵
  PID:8300
- C:\Windows\System\tNiqeNu.exe
  C:\Windows\System\tNiqeNu.exe
  2⤵
  PID:7832
- C:\Windows\System\kaeOwfs.exe
  C:\Windows\System\kaeOwfs.exe
  2⤵
  PID:8224
- C:\Windows\System\JVpmtnM.exe
  C:\Windows\System\JVpmtnM.exe
  2⤵
  PID:8880
- C:\Windows\System\RHCGmUV.exe
  C:\Windows\System\RHCGmUV.exe
  2⤵
  PID:9248
- C:\Windows\System\NUptcTr.exe
  C:\Windows\System\NUptcTr.exe
  2⤵
  PID:9296
- C:\Windows\System\UzSXWCS.exe
  C:\Windows\System\UzSXWCS.exe
  2⤵
  PID:9324
- C:\Windows\System\xHCuhmW.exe
  C:\Windows\System\xHCuhmW.exe
  2⤵
  PID:9136
- C:\Windows\System\AhVuYCk.exe
  C:\Windows\System\AhVuYCk.exe
  2⤵
  PID:9456
- C:\Windows\System\oIBBKSP.exe
  C:\Windows\System\oIBBKSP.exe
  2⤵
  PID:8040
- C:\Windows\System\HJwMPoZ.exe
  C:\Windows\System\HJwMPoZ.exe
  2⤵
  PID:6808
- C:\Windows\System\lQzDneG.exe
  C:\Windows\System\lQzDneG.exe
  2⤵
  PID:8164
- C:\Windows\System\EehFnyV.exe
  C:\Windows\System\EehFnyV.exe
  2⤵
  PID:9576
- C:\Windows\System\HiCtPTH.exe
  C:\Windows\System\HiCtPTH.exe
  2⤵
  PID:7808
- C:\Windows\System\PdsADyH.exe
  C:\Windows\System\PdsADyH.exe
  2⤵
  PID:8076
- C:\Windows\System\jBqevqO.exe
  C:\Windows\System\jBqevqO.exe
  2⤵
  PID:9644
- C:\Windows\System\yyDBEdC.exe
  C:\Windows\System\yyDBEdC.exe
  2⤵
  PID:9692
- C:\Windows\System\HKUzKJQ.exe
  C:\Windows\System\HKUzKJQ.exe
  2⤵
  PID:9732
- C:\Windows\System\cvpJBUn.exe
  C:\Windows\System\cvpJBUn.exe
  2⤵
  PID:9828
- C:\Windows\System\NkjdIQQ.exe
  C:\Windows\System\NkjdIQQ.exe
  2⤵
  PID:9904
- C:\Windows\System\biOnMcx.exe
  C:\Windows\System\biOnMcx.exe
  2⤵
  PID:6484
- C:\Windows\System\TAyTBUF.exe
  C:\Windows\System\TAyTBUF.exe
  2⤵
  PID:9996
- C:\Windows\System\TKRaGwM.exe
  C:\Windows\System\TKRaGwM.exe
  2⤵
  PID:8268
- C:\Windows\System\JCaCTLn.exe
  C:\Windows\System\JCaCTLn.exe
  2⤵
  PID:8316
- C:\Windows\System\PqTxGNr.exe
  C:\Windows\System\PqTxGNr.exe
  2⤵
  PID:10068
- C:\Windows\System\lXpbgBl.exe
  C:\Windows\System\lXpbgBl.exe
  2⤵
  PID:10100
- C:\Windows\System\RxtViKY.exe
  C:\Windows\System\RxtViKY.exe
  2⤵
  PID:9268
- C:\Windows\System\YvNWbVA.exe
  C:\Windows\System\YvNWbVA.exe
  2⤵
  PID:9280
- C:\Windows\System\QYySOcl.exe
  C:\Windows\System\QYySOcl.exe
  2⤵
  PID:10204
- C:\Windows\System\UEaRoJj.exe
  C:\Windows\System\UEaRoJj.exe
  2⤵
  PID:9412
- C:\Windows\System\kjzHWnS.exe
  C:\Windows\System\kjzHWnS.exe
  2⤵
  PID:10260
- C:\Windows\System\mrCThbu.exe
  C:\Windows\System\mrCThbu.exe
  2⤵
  PID:10280
- C:\Windows\System\fdJJQYG.exe
  C:\Windows\System\fdJJQYG.exe
  2⤵
  PID:10308
- C:\Windows\System\mldVZnO.exe
  C:\Windows\System\mldVZnO.exe
  2⤵
  PID:10332
- C:\Windows\System\WjRYukK.exe
  C:\Windows\System\WjRYukK.exe
  2⤵
  PID:10352
- C:\Windows\System\bPNSsEq.exe
  C:\Windows\System\bPNSsEq.exe
  2⤵
  PID:10372
- C:\Windows\System\JCKrQgN.exe
  C:\Windows\System\JCKrQgN.exe
  2⤵
  PID:10396
- C:\Windows\System\XXCRFVf.exe
  C:\Windows\System\XXCRFVf.exe
  2⤵
  PID:10420
- C:\Windows\System\epolnLl.exe
  C:\Windows\System\epolnLl.exe
  2⤵
  PID:10436
- C:\Windows\System\prCswYz.exe
  C:\Windows\System\prCswYz.exe
  2⤵
  PID:10464
- C:\Windows\System\TPnTLaI.exe
  C:\Windows\System\TPnTLaI.exe
  2⤵
  PID:10484
- C:\Windows\System\IEMcGmY.exe
  C:\Windows\System\IEMcGmY.exe
  2⤵
  PID:10508
- C:\Windows\System\tcdGOwy.exe
  C:\Windows\System\tcdGOwy.exe
  2⤵
  PID:10532
- C:\Windows\System\FPeuvYS.exe
  C:\Windows\System\FPeuvYS.exe
  2⤵
  PID:10556
- C:\Windows\System\WlYcWtV.exe
  C:\Windows\System\WlYcWtV.exe
  2⤵
  PID:10576
- C:\Windows\System\iCPdPWS.exe
  C:\Windows\System\iCPdPWS.exe
  2⤵
  PID:10596
- C:\Windows\System\mESqfgO.exe
  C:\Windows\System\mESqfgO.exe
  2⤵
  PID:10624
- C:\Windows\System\EDVpcNk.exe
  C:\Windows\System\EDVpcNk.exe
  2⤵
  PID:10644
- C:\Windows\System\IFGsZyf.exe
  C:\Windows\System\IFGsZyf.exe
  2⤵
  PID:10668
- C:\Windows\System\WLbpFxP.exe
  C:\Windows\System\WLbpFxP.exe
  2⤵
  PID:10688
- C:\Windows\System\NHlnkzN.exe
  C:\Windows\System\NHlnkzN.exe
  2⤵
  PID:10712
- C:\Windows\System\NfZDOQz.exe
  C:\Windows\System\NfZDOQz.exe
  2⤵
  PID:10736
- C:\Windows\System\SXxwhPD.exe
  C:\Windows\System\SXxwhPD.exe
  2⤵
  PID:10756
- C:\Windows\System\qEVDgTe.exe
  C:\Windows\System\qEVDgTe.exe
  2⤵
  PID:10776
- C:\Windows\System\SQFkiZs.exe
  C:\Windows\System\SQFkiZs.exe
  2⤵
  PID:10796
- C:\Windows\System\nPCLVLL.exe
  C:\Windows\System\nPCLVLL.exe
  2⤵
  PID:10816
- C:\Windows\System\Iidjufa.exe
  C:\Windows\System\Iidjufa.exe
  2⤵
  PID:10844
- C:\Windows\System\yxfVyng.exe
  C:\Windows\System\yxfVyng.exe
  2⤵
  PID:10864
- C:\Windows\System\gtxOwsw.exe
  C:\Windows\System\gtxOwsw.exe
  2⤵
  PID:10888
- C:\Windows\System\gbQSkJP.exe
  C:\Windows\System\gbQSkJP.exe
  2⤵
  PID:10904
- C:\Windows\System\xtmjFIl.exe
  C:\Windows\System\xtmjFIl.exe
  2⤵
  PID:10920
- C:\Windows\System\AogYHFc.exe
  C:\Windows\System\AogYHFc.exe
  2⤵
  PID:10944
- C:\Windows\System\QjLZFhp.exe
  C:\Windows\System\QjLZFhp.exe
  2⤵
  PID:10960
- C:\Windows\System\udNmFBb.exe
  C:\Windows\System\udNmFBb.exe
  2⤵
  PID:10976
- C:\Windows\System\LmalNjY.exe
  C:\Windows\System\LmalNjY.exe
  2⤵
  PID:10992
- C:\Windows\System\gkdKFBt.exe
  C:\Windows\System\gkdKFBt.exe
  2⤵
  PID:11016
- C:\Windows\System\hwxNEYT.exe
  C:\Windows\System\hwxNEYT.exe
  2⤵
  PID:11032
- C:\Windows\System\bjYRNoo.exe
  C:\Windows\System\bjYRNoo.exe
  2⤵
  PID:11052
- C:\Windows\System\HzaUlkX.exe
  C:\Windows\System\HzaUlkX.exe
  2⤵
  PID:11076
- C:\Windows\System\YZyqsPQ.exe
  C:\Windows\System\YZyqsPQ.exe
  2⤵
  PID:11100
- C:\Windows\System\hKNNkbA.exe
  C:\Windows\System\hKNNkbA.exe
  2⤵
  PID:11124
- C:\Windows\System\cVxjpAi.exe
  C:\Windows\System\cVxjpAi.exe
  2⤵
  PID:11148
- C:\Windows\System\JpFzwuP.exe
  C:\Windows\System\JpFzwuP.exe
  2⤵
  PID:11172
- C:\Windows\System\DExqHPz.exe
  C:\Windows\System\DExqHPz.exe
  2⤵
  PID:11192
- C:\Windows\System\hWzZhPL.exe
  C:\Windows\System\hWzZhPL.exe
  2⤵
  PID:11216
- C:\Windows\System\zkrHjhD.exe
  C:\Windows\System\zkrHjhD.exe
  2⤵
  PID:11240
- C:\Windows\System\SIxZCTO.exe
  C:\Windows\System\SIxZCTO.exe
  2⤵
  PID:11260
- C:\Windows\System\luYIamZ.exe
  C:\Windows\System\luYIamZ.exe
  2⤵
  PID:7384
- C:\Windows\System\aTWbcus.exe
  C:\Windows\System\aTWbcus.exe
  2⤵
  PID:6916
- C:\Windows\System\gTTsuiI.exe
  C:\Windows\System\gTTsuiI.exe
  2⤵
  PID:8340
- C:\Windows\System\HpOzOlL.exe
  C:\Windows\System\HpOzOlL.exe
  2⤵
  PID:6160
- C:\Windows\System\shCLWew.exe
  C:\Windows\System\shCLWew.exe
  2⤵
  PID:9428
- C:\Windows\System\izVpQYV.exe
  C:\Windows\System\izVpQYV.exe
  2⤵
  PID:8068
- C:\Windows\System\yjhKQMp.exe
  C:\Windows\System\yjhKQMp.exe
  2⤵
  PID:7308
- C:\Windows\System\vBgAinb.exe
  C:\Windows\System\vBgAinb.exe
  2⤵
  PID:6292
- C:\Windows\System\KRofHkO.exe
  C:\Windows\System\KRofHkO.exe
  2⤵
  PID:9672
- C:\Windows\System\hGVAUaq.exe
  C:\Windows\System\hGVAUaq.exe
  2⤵
  PID:6908
- C:\Windows\System\OEIzEHM.exe
  C:\Windows\System\OEIzEHM.exe
  2⤵
  PID:8228
- C:\Windows\System\kvlOufh.exe
  C:\Windows\System\kvlOufh.exe
  2⤵
  PID:10180
- C:\Windows\System\jRVJzoy.exe
  C:\Windows\System\jRVJzoy.exe
  2⤵
  PID:9008
- C:\Windows\System\ibUqenJ.exe
  C:\Windows\System\ibUqenJ.exe
  2⤵
  PID:9396
- C:\Windows\System\zjDhMCR.exe
  C:\Windows\System\zjDhMCR.exe
  2⤵
  PID:10316
- C:\Windows\System\YmFNGav.exe
  C:\Windows\System\YmFNGav.exe
  2⤵
  PID:10340
- C:\Windows\System\rtxcneJ.exe
  C:\Windows\System\rtxcneJ.exe
  2⤵
  PID:10456
- C:\Windows\System\nlmcRfd.exe
  C:\Windows\System\nlmcRfd.exe
  2⤵
  PID:10476
- C:\Windows\System\NFBfEao.exe
  C:\Windows\System\NFBfEao.exe
  2⤵
  PID:10492
- C:\Windows\System\eGeszOb.exe
  C:\Windows\System\eGeszOb.exe
  2⤵
  PID:10552
- C:\Windows\System\jGImZXV.exe
  C:\Windows\System\jGImZXV.exe
  2⤵
  PID:10616
- C:\Windows\System\mwHkbUl.exe
  C:\Windows\System\mwHkbUl.exe
  2⤵
  PID:8444
- C:\Windows\System\HmnbnIV.exe
  C:\Windows\System\HmnbnIV.exe
  2⤵
  PID:10704
- C:\Windows\System\FWjwsSJ.exe
  C:\Windows\System\FWjwsSJ.exe
  2⤵
  PID:10752
- C:\Windows\System\kNCOUzc.exe
  C:\Windows\System\kNCOUzc.exe
  2⤵
  PID:10856
- C:\Windows\System\TBAWuNU.exe
  C:\Windows\System\TBAWuNU.exe
  2⤵
  PID:9796
- C:\Windows\System\XscDgSs.exe
  C:\Windows\System\XscDgSs.exe
  2⤵
  PID:10912
- C:\Windows\System\HfIeIbp.exe
  C:\Windows\System\HfIeIbp.exe
  2⤵
  PID:9880
- C:\Windows\System\wdSQqhW.exe
  C:\Windows\System\wdSQqhW.exe
  2⤵
  PID:11024
- C:\Windows\System\QCSSPJw.exe
  C:\Windows\System\QCSSPJw.exe
  2⤵
  PID:9944
- C:\Windows\System\LGnEUFE.exe
  C:\Windows\System\LGnEUFE.exe
  2⤵
  PID:11280
- C:\Windows\System\zVMkxmT.exe
  C:\Windows\System\zVMkxmT.exe
  2⤵
  PID:11304
- C:\Windows\System\sOmucOe.exe
  C:\Windows\System\sOmucOe.exe
  2⤵
  PID:11328
- C:\Windows\System\nEIkPOK.exe
  C:\Windows\System\nEIkPOK.exe
  2⤵
  PID:11352
- C:\Windows\System\SmwGRGt.exe
  C:\Windows\System\SmwGRGt.exe
  2⤵
  PID:11376
- C:\Windows\System\DezPHBb.exe
  C:\Windows\System\DezPHBb.exe
  2⤵
  PID:11404
- C:\Windows\System\OhUWVZk.exe
  C:\Windows\System\OhUWVZk.exe
  2⤵
  PID:11420
- C:\Windows\System\yeEETaj.exe
  C:\Windows\System\yeEETaj.exe
  2⤵
  PID:11448
- C:\Windows\System\ksZZOWv.exe
  C:\Windows\System\ksZZOWv.exe
  2⤵
  PID:11472
- C:\Windows\System\WLhQBwg.exe
  C:\Windows\System\WLhQBwg.exe
  2⤵
  PID:11496
- C:\Windows\System\XbtsJqu.exe
  C:\Windows\System\XbtsJqu.exe
  2⤵
  PID:11524
- C:\Windows\System\ckmMAwX.exe
  C:\Windows\System\ckmMAwX.exe
  2⤵
  PID:11540
- C:\Windows\System\bMvGqmC.exe
  C:\Windows\System\bMvGqmC.exe
  2⤵
  PID:11556
- C:\Windows\System\uuPznie.exe
  C:\Windows\System\uuPznie.exe
  2⤵
  PID:11576
- C:\Windows\System\OPgunkY.exe
  C:\Windows\System\OPgunkY.exe
  2⤵
  PID:11592
- C:\Windows\System\XYROSjL.exe
  C:\Windows\System\XYROSjL.exe
  2⤵
  PID:11612
- C:\Windows\System\nLGUBvp.exe
  C:\Windows\System\nLGUBvp.exe
  2⤵
  PID:11632
- C:\Windows\System\gFcDVCk.exe
  C:\Windows\System\gFcDVCk.exe
  2⤵
  PID:11652
- C:\Windows\System\fhNNrGn.exe
  C:\Windows\System\fhNNrGn.exe
  2⤵
  PID:11680
- C:\Windows\System\VKpvDAQ.exe
  C:\Windows\System\VKpvDAQ.exe
  2⤵
  PID:11700
- C:\Windows\System\BjqpHKo.exe
  C:\Windows\System\BjqpHKo.exe
  2⤵
  PID:11724
- C:\Windows\System\kFqJyQN.exe
  C:\Windows\System\kFqJyQN.exe
  2⤵
  PID:11744
- C:\Windows\System\gMwNsBB.exe
  C:\Windows\System\gMwNsBB.exe
  2⤵
  PID:11764
- C:\Windows\System\dDPqdgb.exe
  C:\Windows\System\dDPqdgb.exe
  2⤵
  PID:11792
- C:\Windows\System\ugpKzvg.exe
  C:\Windows\System\ugpKzvg.exe
  2⤵
  PID:11812
- C:\Windows\System\zZilnzC.exe
  C:\Windows\System\zZilnzC.exe
  2⤵
  PID:11828
- C:\Windows\System\PZQMdkt.exe
  C:\Windows\System\PZQMdkt.exe
  2⤵
  PID:11852
- C:\Windows\System\KBFwcKE.exe
  C:\Windows\System\KBFwcKE.exe
  2⤵
  PID:11872
- C:\Windows\System\NYnvlKj.exe
  C:\Windows\System\NYnvlKj.exe
  2⤵
  PID:11892
- C:\Windows\System\GtnVHVJ.exe
  C:\Windows\System\GtnVHVJ.exe
  2⤵
  PID:11912
- C:\Windows\System\oZpNlgX.exe
  C:\Windows\System\oZpNlgX.exe
  2⤵
  PID:11932
- C:\Windows\System\pYtMcef.exe
  C:\Windows\System\pYtMcef.exe
  2⤵
  PID:11952
- C:\Windows\System\FbFruij.exe
  C:\Windows\System\FbFruij.exe
  2⤵
  PID:11976
- C:\Windows\System\WzsKRoE.exe
  C:\Windows\System\WzsKRoE.exe
  2⤵
  PID:12008
- C:\Windows\System\nGwLoPy.exe
  C:\Windows\System\nGwLoPy.exe
  2⤵
  PID:12032
- C:\Windows\System\BpSufYw.exe
  C:\Windows\System\BpSufYw.exe
  2⤵
  PID:12056
- C:\Windows\System\nasAqkv.exe
  C:\Windows\System\nasAqkv.exe
  2⤵
  PID:12072
- C:\Windows\System\kkCWqiG.exe
  C:\Windows\System\kkCWqiG.exe
  2⤵
  PID:12092
- C:\Windows\System\LOzOiva.exe
  C:\Windows\System\LOzOiva.exe
  2⤵
  PID:12116
- C:\Windows\System\eVTMADw.exe
  C:\Windows\System\eVTMADw.exe
  2⤵
  PID:12140
- C:\Windows\System\PifkzNJ.exe
  C:\Windows\System\PifkzNJ.exe
  2⤵
  PID:12160
- C:\Windows\System\hiVwVOO.exe
  C:\Windows\System\hiVwVOO.exe
  2⤵
  PID:12180
- C:\Windows\System\JhXQjhV.exe
  C:\Windows\System\JhXQjhV.exe
  2⤵
  PID:12204
- C:\Windows\System\zeGTnGW.exe
  C:\Windows\System\zeGTnGW.exe
  2⤵
  PID:12228
- C:\Windows\System\tMxDFiT.exe
  C:\Windows\System\tMxDFiT.exe
  2⤵
  PID:12244
- C:\Windows\System\WIAQxbT.exe
  C:\Windows\System\WIAQxbT.exe
  2⤵
  PID:12264
- C:\Windows\System\AjYtfrZ.exe
  C:\Windows\System\AjYtfrZ.exe
  2⤵
  PID:11108
- C:\Windows\System\OCKWfcD.exe
  C:\Windows\System\OCKWfcD.exe
  2⤵
  PID:8872
- C:\Windows\System\uvWOqEx.exe
  C:\Windows\System\uvWOqEx.exe
  2⤵
  PID:8472
- C:\Windows\System\TWfiPkK.exe
  C:\Windows\System\TWfiPkK.exe
  2⤵
  PID:9956
- C:\Windows\System\RmuHoMi.exe
  C:\Windows\System\RmuHoMi.exe
  2⤵
  PID:2848
- C:\Windows\System\CnuPDRY.exe
  C:\Windows\System\CnuPDRY.exe
  2⤵
  PID:9320
- C:\Windows\System\uUcpABk.exe
  C:\Windows\System\uUcpABk.exe
  2⤵
  PID:8396
- C:\Windows\System\RzUUMmc.exe
  C:\Windows\System\RzUUMmc.exe
  2⤵
  PID:10368
- C:\Windows\System\uVNKYKm.exe
  C:\Windows\System\uVNKYKm.exe
  2⤵
  PID:10460
- C:\Windows\System\lmUzYoO.exe
  C:\Windows\System\lmUzYoO.exe
  2⤵
  PID:3628
- C:\Windows\System\sNajpeU.exe
  C:\Windows\System\sNajpeU.exe
  2⤵
  PID:10328
- C:\Windows\System\qZsMZHT.exe
  C:\Windows\System\qZsMZHT.exe
  2⤵
  PID:10832
- C:\Windows\System\tTnpMPl.exe
  C:\Windows\System\tTnpMPl.exe
  2⤵
  PID:9228
- C:\Windows\System\AHkDvYO.exe
  C:\Windows\System\AHkDvYO.exe
  2⤵
  PID:10932
- C:\Windows\System\WWWIIUm.exe
  C:\Windows\System\WWWIIUm.exe
  2⤵
  PID:10804
- C:\Windows\System\ICmbMKU.exe
  C:\Windows\System\ICmbMKU.exe
  2⤵
  PID:12304
- C:\Windows\System\DvXSNoR.exe
  C:\Windows\System\DvXSNoR.exe
  2⤵
  PID:12320
- C:\Windows\System\GIyJfqm.exe
  C:\Windows\System\GIyJfqm.exe
  2⤵
  PID:12340
- C:\Windows\System\VJJnIfG.exe
  C:\Windows\System\VJJnIfG.exe
  2⤵
  PID:12368
- C:\Windows\System\SPKbJLp.exe
  C:\Windows\System\SPKbJLp.exe
  2⤵
  PID:12392
- C:\Windows\System\OGuPGQV.exe
  C:\Windows\System\OGuPGQV.exe
  2⤵
  PID:12416
- C:\Windows\System\AbeEdHy.exe
  C:\Windows\System\AbeEdHy.exe
  2⤵
  PID:12444
- C:\Windows\System\DHixfrn.exe
  C:\Windows\System\DHixfrn.exe
  2⤵
  PID:12464
- C:\Windows\System\LTiaGVa.exe
  C:\Windows\System\LTiaGVa.exe
  2⤵
  PID:12500
- C:\Windows\System\fpZmumC.exe
  C:\Windows\System\fpZmumC.exe
  2⤵
  PID:13108
- C:\Windows\System\qrecXZz.exe
  C:\Windows\System\qrecXZz.exe
  2⤵
  PID:13152
- C:\Windows\System\DtzXMGX.exe
  C:\Windows\System\DtzXMGX.exe
  2⤵
  PID:13172
- C:\Windows\System\ZZXvCNK.exe
  C:\Windows\System\ZZXvCNK.exe
  2⤵
  PID:13188
- C:\Windows\System\AVChQat.exe
  C:\Windows\System\AVChQat.exe
  2⤵
  PID:13204
- C:\Windows\System\uInSJdZ.exe
  C:\Windows\System\uInSJdZ.exe
  2⤵
  PID:13224
- C:\Windows\System\hjIjzNh.exe
  C:\Windows\System\hjIjzNh.exe
  2⤵
  PID:13252
- C:\Windows\System\UTHPuax.exe
  C:\Windows\System\UTHPuax.exe
  2⤵
  PID:13304
- C:\Windows\System\EWFBBRh.exe
  C:\Windows\System\EWFBBRh.exe
  2⤵
  PID:11092
- C:\Windows\System\QgNeVBs.exe
  C:\Windows\System\QgNeVBs.exe
  2⤵
  PID:11156
- C:\Windows\System\aPWfRSK.exe
  C:\Windows\System\aPWfRSK.exe
  2⤵
  PID:9728
- C:\Windows\System\hIxaiwT.exe
  C:\Windows\System\hIxaiwT.exe
  2⤵
  PID:11708
- C:\Windows\System\uxqjVNJ.exe
  C:\Windows\System\uxqjVNJ.exe
  2⤵
  PID:11808
- C:\Windows\System\OCDlAJq.exe
  C:\Windows\System\OCDlAJq.exe
  2⤵
  PID:10480
- C:\Windows\System\TjejoiS.exe
  C:\Windows\System\TjejoiS.exe
  2⤵
  PID:8924
- C:\Windows\System\tMudibN.exe
  C:\Windows\System\tMudibN.exe
  2⤵
  PID:10548
- C:\Windows\System\Cyhqgsq.exe
  C:\Windows\System\Cyhqgsq.exe
  2⤵
  PID:8952
- C:\Windows\System\zAQOmwk.exe
  C:\Windows\System\zAQOmwk.exe
  2⤵
  PID:9368
- C:\Windows\System\BEGzIbW.exe
  C:\Windows\System\BEGzIbW.exe
  2⤵
  PID:10408
- C:\Windows\System\hAUMiCv.exe
  C:\Windows\System\hAUMiCv.exe
  2⤵
  PID:10772
- C:\Windows\System\uZcrxGB.exe
  C:\Windows\System\uZcrxGB.exe
  2⤵
  PID:10876
- C:\Windows\System\EfibuGU.exe
  C:\Windows\System\EfibuGU.exe
  2⤵
  PID:11200
- C:\Windows\System\MNwOhku.exe
  C:\Windows\System\MNwOhku.exe
  2⤵
  PID:11256
- C:\Windows\System\nMKPgci.exe
  C:\Windows\System\nMKPgci.exe
  2⤵
  PID:10348
- C:\Windows\System\kYfnqNR.exe
  C:\Windows\System\kYfnqNR.exe
  2⤵
  PID:10500
- C:\Windows\System\bLDKmoo.exe
  C:\Windows\System\bLDKmoo.exe
  2⤵
  PID:10988
- C:\Windows\System\YaMQjlS.exe
  C:\Windows\System\YaMQjlS.exe
  2⤵
  PID:9900
- C:\Windows\System\oUmPsVX.exe
  C:\Windows\System\oUmPsVX.exe
  2⤵
  PID:7356
- C:\Windows\System\huEHDJi.exe
  C:\Windows\System\huEHDJi.exe
  2⤵
  PID:11316
- C:\Windows\System\IWriEvn.exe
  C:\Windows\System\IWriEvn.exe
  2⤵
  PID:11412
- C:\Windows\System\dYUSFXg.exe
  C:\Windows\System\dYUSFXg.exe
  2⤵
  PID:11136
- C:\Windows\System\ePLJJSB.exe
  C:\Windows\System\ePLJJSB.exe
  2⤵
  PID:11508
- C:\Windows\System\sgDPTPc.exe
  C:\Windows\System\sgDPTPc.exe
  2⤵
  PID:11572
- C:\Windows\System\sRFdkSd.exe
  C:\Windows\System\sRFdkSd.exe
  2⤵
  PID:11608
- C:\Windows\System\ohPicsY.exe
  C:\Windows\System\ohPicsY.exe
  2⤵
  PID:11756
- C:\Windows\System\wttSvtX.exe
  C:\Windows\System\wttSvtX.exe
  2⤵
  PID:12704
- C:\Windows\System\QhfSpoE.exe
  C:\Windows\System\QhfSpoE.exe
  2⤵
  PID:11900
- C:\Windows\System\WpJztgC.exe
  C:\Windows\System\WpJztgC.exe
  2⤵
  PID:12756
- C:\Windows\System\HdoVakX.exe
  C:\Windows\System\HdoVakX.exe
  2⤵
  PID:11968
- C:\Windows\System\RMIPdso.exe
  C:\Windows\System\RMIPdso.exe
  2⤵
  PID:12808
- C:\Windows\System\rMevOWN.exe
  C:\Windows\System\rMevOWN.exe
  2⤵
  PID:12832
- C:\Windows\System\gDHNoka.exe
  C:\Windows\System\gDHNoka.exe
  2⤵
  PID:12100
- C:\Windows\System\aDOLShr.exe
  C:\Windows\System\aDOLShr.exe
  2⤵
  PID:12148
- C:\Windows\System\nzHqvef.exe
  C:\Windows\System\nzHqvef.exe
  2⤵
  PID:13316
- C:\Windows\System\EHwcjwq.exe
  C:\Windows\System\EHwcjwq.exe
  2⤵
  PID:13336
- C:\Windows\System\BMvKSRu.exe
  C:\Windows\System\BMvKSRu.exe
  2⤵
  PID:13364
- C:\Windows\System\tYtSkDc.exe
  C:\Windows\System\tYtSkDc.exe
  2⤵
  PID:13384
- C:\Windows\System\lXENiYn.exe
  C:\Windows\System\lXENiYn.exe
  2⤵
  PID:13408
- C:\Windows\System\AmKNrqn.exe
  C:\Windows\System\AmKNrqn.exe
  2⤵
  PID:13428
- C:\Windows\System\SGtcRkz.exe
  C:\Windows\System\SGtcRkz.exe
  2⤵
  PID:13448
- C:\Windows\System\tXKtMVq.exe
  C:\Windows\System\tXKtMVq.exe
  2⤵
  PID:13476
- C:\Windows\System\VJQvmrp.exe
  C:\Windows\System\VJQvmrp.exe
  2⤵
  PID:13508
- C:\Windows\System\LJpwPYk.exe
  C:\Windows\System\LJpwPYk.exe
  2⤵
  PID:13528
- C:\Windows\System\JuWBSyX.exe
  C:\Windows\System\JuWBSyX.exe
  2⤵
  PID:13552
- C:\Windows\System\QmKgEOd.exe
  C:\Windows\System\QmKgEOd.exe
  2⤵
  PID:13584
- C:\Windows\System\CtNcyzz.exe
  C:\Windows\System\CtNcyzz.exe
  2⤵
  PID:13604
- C:\Windows\System\rbncBWB.exe
  C:\Windows\System\rbncBWB.exe
  2⤵
  PID:13624
- C:\Windows\System\dBJmIai.exe
  C:\Windows\System\dBJmIai.exe
  2⤵
  PID:13644
- C:\Windows\System\gQxqyay.exe
  C:\Windows\System\gQxqyay.exe
  2⤵
  PID:13664
- C:\Windows\System\DfkFsbt.exe
  C:\Windows\System\DfkFsbt.exe
  2⤵
  PID:13680
- C:\Windows\System\QlbKjzu.exe
  C:\Windows\System\QlbKjzu.exe
  2⤵
  PID:13696
- C:\Windows\System\mWBsihI.exe
  C:\Windows\System\mWBsihI.exe
  2⤵
  PID:13712
- C:\Windows\System\pdszBXC.exe
  C:\Windows\System\pdszBXC.exe
  2⤵
  PID:13728
- C:\Windows\System\Ojdhznc.exe
  C:\Windows\System\Ojdhznc.exe
  2⤵
  PID:13748
- C:\Windows\System\UGoYCep.exe
  C:\Windows\System\UGoYCep.exe
  2⤵
  PID:13764
- C:\Windows\System\HlfXnks.exe
  C:\Windows\System\HlfXnks.exe
  2⤵
  PID:13780
- C:\Windows\System\uVpdYbi.exe
  C:\Windows\System\uVpdYbi.exe
  2⤵
  PID:13796
- C:\Windows\System\edZMKmZ.exe
  C:\Windows\System\edZMKmZ.exe
  2⤵
  PID:13812
- C:\Windows\System\NOdzCoH.exe
  C:\Windows\System\NOdzCoH.exe
  2⤵
  PID:13828
- C:\Windows\System\FzarjXa.exe
  C:\Windows\System\FzarjXa.exe
  2⤵
  PID:13844
- C:\Windows\System\SnzqszJ.exe
  C:\Windows\System\SnzqszJ.exe
  2⤵
  PID:13864
- C:\Windows\System\LPvEowL.exe
  C:\Windows\System\LPvEowL.exe
  2⤵
  PID:13880
- C:\Windows\System\ocdHnVc.exe
  C:\Windows\System\ocdHnVc.exe
  2⤵
  PID:13896
- C:\Windows\System\uKQPPgm.exe
  C:\Windows\System\uKQPPgm.exe
  2⤵
  PID:13912
- C:\Windows\System\JfDyqLL.exe
  C:\Windows\System\JfDyqLL.exe
  2⤵
  PID:13932
- C:\Windows\System\lUqrOVY.exe
  C:\Windows\System\lUqrOVY.exe
  2⤵
  PID:13960
- C:\Windows\System\lGYdKWj.exe
  C:\Windows\System\lGYdKWj.exe
  2⤵
  PID:13988
- C:\Windows\System\HZLILnD.exe
  C:\Windows\System\HZLILnD.exe
  2⤵
  PID:14012
- C:\Windows\System\zQNQOzq.exe
  C:\Windows\System\zQNQOzq.exe
  2⤵
  PID:14036
- C:\Windows\System\vaMqQQQ.exe
  C:\Windows\System\vaMqQQQ.exe
  2⤵
  PID:14064
- C:\Windows\System\jmWmznV.exe
  C:\Windows\System\jmWmznV.exe
  2⤵
  PID:14088
- C:\Windows\System\DfIpnbj.exe
  C:\Windows\System\DfIpnbj.exe
  2⤵
  PID:14112
- C:\Windows\System\IxBtOdM.exe
  C:\Windows\System\IxBtOdM.exe
  2⤵
  PID:14132
- C:\Windows\System\uVlGMoY.exe
  C:\Windows\System\uVlGMoY.exe
  2⤵
  PID:14160
- C:\Windows\System\ykNSzqh.exe
  C:\Windows\System\ykNSzqh.exe
  2⤵
  PID:14180
- C:\Windows\System\ZuUDCEr.exe
  C:\Windows\System\ZuUDCEr.exe
  2⤵
  PID:14204
- C:\Windows\System\pXYTxpW.exe
  C:\Windows\System\pXYTxpW.exe
  2⤵
  PID:14236
- C:\Windows\System\orNXTmm.exe
  C:\Windows\System\orNXTmm.exe
  2⤵
  PID:14264
- C:\Windows\System\JlVIsZX.exe
  C:\Windows\System\JlVIsZX.exe
  2⤵
  PID:14284
- C:\Windows\System\bxgvJrq.exe
  C:\Windows\System\bxgvJrq.exe
  2⤵
  PID:14312

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13352

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 0deb2c4169d10e14f0f52da223e2f28f IFe4RJldakaEqoPkmMX6zw.0.1.0.0.0
1⤵
PID:10188
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:8268

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:11496

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:8952

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv IFe4RJldakaEqoPkmMX6zw.0.2
1⤵
PID:13584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\APtiLxF.exe

Filesize
1.8MB

MD5
35295f3a7d3f9276e8785ede4070abb2

SHA1
125013d504a243ea3257a345f0d12bb65928ee7f

SHA256
49ce52cc604e6cbdebd5ee65bfae17aec3ce89dea495c00366f1ca8ad4882446

SHA512
d4ff20b2824b73b8f5ab8854d0db9902744a5c2cff812cc5890620a275616aad70f083ac8f8d88b6246dca839bb7d1851cc4832d6c0ec5156c90b34fa5cf545f

Download Submit
C:\Windows\System\BCEJRuK.exe

Filesize
1.8MB

MD5
6761780f6cdf8e86f6128060a3cd93d1

SHA1
4300bda65016e89a87f4aa2c223ef4d0ed054a2c

SHA256
d5796e3183161177357495933a77548b076da36925f145ffc574b98d9d39c6d2

SHA512
84ac1e0c83cc79814081ed640258837cc3596879327bde41eba193a0c32afda20ec52c4cb1c8b679481886bca04eb41527ba55136edb78d6b4dc688ceecbdbb4

Download Submit
C:\Windows\System\BGvbPzF.exe

Filesize
1.8MB

MD5
0ce7e64a170e5e252ee6bda7561a57da

SHA1
bffb32aeb8f0655c6984e5ba02b93ef64229f7f2

SHA256
6fdef490815229b4d4ea396c39aa31fec027718091b749ccc4802b6af6ee5fc3

SHA512
86b08ff3130cffc60c51307eeb200571a91e72a9e6f6f1dc4c16e610950ad48e692c2aa18090d15ecb1e2b52d76503ff41d35eb1f0de263b99eee65a1ada6377

Download Submit
C:\Windows\System\BwoSUzv.exe

Filesize
1.8MB

MD5
55f6e0ca7e80b728b35fe089299f5157

SHA1
736cf27ff95a3015be78d57a604df1bd66c7034d

SHA256
85b9ab79c2ee91e568886f93de2dee938e24419def1faaad02b5d6a591810049

SHA512
fe1928e0335ce1f64bec2fe83cbaf72fd8c342834d4cf0b27d50742a98858c4dea102cf0cdffc4a83bfe5d53eca9e3635c153f89e6e04204f630a0ee5d267e15

Download Submit
C:\Windows\System\FCvtyRH.exe

Filesize
1.8MB

MD5
f2f924d9fb1814390f9e9870d7cce4c3

SHA1
64a4d25bb59398f42c5f37392216428cf474e8aa

SHA256
2980524061ddd80afa242b65e18f4993885e81064f82b10d3563edb30723b093

SHA512
403b59b6fb5b5abcd8a17e0f3b94e4d74018d42fe7e46587a973f7f05ee03a702f969bbbe3115dfe99bf0d3ecda635c753ece427509b2a9071422e2b4a0a3ae5

Download Submit
C:\Windows\System\FJkbBKn.exe

Filesize
1.8MB

MD5
87bd088562fef73458656e23564b9ea3

SHA1
b0e941c114c979ab21333b63c2ca24f58f924e3c

SHA256
15cd6478a9a040a57693d3aaba72a43273953a4656c1bf93233222c3654b146a

SHA512
0ddfb5df3c37e76c4a45a7ed55dfe62270e2c21024aaef07b2f7e4e269545c94a265843d5a1e290837ba4bcde43cd186da7b1a0ce6d52879643402873e6cb650

Download Submit
C:\Windows\System\GnklMES.exe

Filesize
1.8MB

MD5
894e471ed3269237a68dfc18fe3c1d90

SHA1
75c3426501e5c74bfc677ef66c34895713dd751b

SHA256
2b951939e9b0994e8258f850d65c6300268bfe3219da3109a861070006e1d1c8

SHA512
ac52d17b10d5e875a89f5a304901c8b02107c343da78c6b9ec57aa2635a9aa54a6297468571b1026032d36459dbace75d055b53f30406ca77f018ba596ebc7e8

Download Submit
C:\Windows\System\IeVDVkJ.exe

Filesize
1.8MB

MD5
3f789a99e98d8192442c5e8fee7a786d

SHA1
d0e08acf662805603931aec16d98a6d241aabbc7

SHA256
e5b90b55011c14d9b48197090bb7b370a4d4a25f2b8088daba0b752f1d29efb6

SHA512
8897ad06f3ce269741a13297e578999067f9a41af2a173620abfe041610cc464be836e8ce4c927c401ff2474e2c2e781dca8dc51d05316affcec0aa2eedbb40c

Download Submit
C:\Windows\System\ItTJaEE.exe

Filesize
1.8MB

MD5
2140bb70edf096585c9ccfda9e1e96b5

SHA1
6aa29d17746a481694c50d2b2eb679d104f67292

SHA256
bd9ce7b3da3aeb2253ad63d419757c794e801995fda5425dd2635ee8adb3b6ec

SHA512
4e3ab1bf38c1a65b75648131bffff1c033c3db525cfaee6a1b90888699113e21795259b0b2c8a172e611b00d870540d736a98be65647bbff20cd75f993bf0393

Download Submit
C:\Windows\System\KgfyLxW.exe

Filesize
1.8MB

MD5
aba2599f9d322024359d9993eeadc652

SHA1
1bced3a69798790bb18f916cc096264c5f20bfb2

SHA256
4ca31c7eb42d28fbda1ef50beb6cb3a281420dbe322a8c203ce80b201cc6429e

SHA512
49d04f0c62c8d22b3ec27eea18ebb7be622a45d47912eea0f0d84d9790984f2e0149ee1f7c756a7607d0bbe5f5e7d877071f130241721a8957dc71e5ff40293a

Download Submit
C:\Windows\System\LqBCFZE.exe

Filesize
1.8MB

MD5
638f1e419e5d59930a6fd897fa8835f7

SHA1
c467d200b4832fd4d7e55d0630b677b78caebcaf

SHA256
ffa97baed38cffd41ca18286c0fd92bc788da8fab8b2e00e63752a367311f4df

SHA512
19961895fc5edcc5f4f45a7e3cd25e1be56a5c1598ecbdd0eb71837776da7da8464b6716ea6ac4ab1fd14015822d92f5d495c350b62d30bad22c636a6b234206

Download Submit
C:\Windows\System\MZgedgv.exe

Filesize
1.8MB

MD5
b5fdf95d6e03c73d6c948789b989a8d9

SHA1
9929912a6abfa9a159346faf339f1da237438b58

SHA256
afad01cbba3ceb2b98218cb8aa72ef06f26eb01d94abb3e8eab4042640b2d66e

SHA512
2145ba1a3fac9e3a86963c92af4f30128c6d68ddd40338d7c9213b46846dd66637248a2de283dea8f7c265a96814d3098f8f8db52f88752579b4eb5d288b6549

Download Submit
C:\Windows\System\PaAQWBs.exe

Filesize
1.8MB

MD5
d0eda852b01c9e6d8bc867162f128059

SHA1
0385b4f7e1fecdb6aa7e547c12041bd137e274b2

SHA256
bb7bd6cf50910a2e8fbe8ef16c3259e48ad24538fb72b674d767c5a99ab5231e

SHA512
fef4f18a90efffcb3099ab01f987f0f682aea95324bc549fe0ee98f652321e74cd8f3e6c2599538b6f7ae00432ad881a46de9ad1dd413806807960eb5f363c3a

Download Submit
C:\Windows\System\PoNOqPS.exe

Filesize
1.8MB

MD5
81e2fb6f8349ae72910b8584011d1273

SHA1
5fb60950ffa12e25a4ad0ccc0e2ed0bae6293bf1

SHA256
d1799d2a98c4bd1590c58e8f9979f9dd530dc4703e5f22f811b1c6142c8c52d1

SHA512
c9d10c6f9502f3b48c59d63d0a6b8152fca1d3ec86cdc2c6d4c912a1a3206f26b4c0406eaa7a8458bcabf190f55cae9655490e0d544e089075add3d35cbcd4e6

Download Submit
C:\Windows\System\RNOgMkq.exe

Filesize
1.8MB

MD5
c9b7833b25660ca98f3e76dbcf073eef

SHA1
0c546368f26bfaafc099239a08b8137281e55b75

SHA256
bbda612bc6a788a5f41c6f9375f8afa45a9f700614e51fe47db551d9ce4f246d

SHA512
8046900c805e27484bafe3eec856caed8786a03776aa1171d7df3eec13c3ef6af84a6a883c3cede3435024a1a17d8b4acf489664d2e2cd8f017a08225d2a7c3b

Download Submit
C:\Windows\System\RVsqCNy.exe

Filesize
1.8MB

MD5
cf8c12bb29b88bce62f3e6b97f66a5c8

SHA1
9529746ec6c3575b4f2d53863d4bc7665f3ccc7a

SHA256
e4dc260076261270f164e8a7ece5fc520d09456361a424326ce90e8d55fa716f

SHA512
51dfd08a6b5637c0234d14f09a1ab675da0446d751a931079145fd005c63e7db1d7cf25bfbaebe54eed20f79e3abf438b52ce0b9935d0019894e175ce842cc64

Download Submit
C:\Windows\System\SCAfDoZ.exe

Filesize
1.8MB

MD5
5e8e3b65a18de90af1e69d47a2689b18

SHA1
0650d26c50f1d85fc686500b663a158166e18205

SHA256
103be4191b2cf45db49ba43c2bdffe90bc7a82e26cfdf1f5070a48b8211f02ab

SHA512
fc7fcef9437bdc7ce6bfba855472d8b45a50537b22181771308e0045b4d508429f9b44ccf1a906168d6f650ae95742b0d028cfe3c8cd7a4f9a5c5b39d2b9920a

Download Submit
C:\Windows\System\SnIuIoS.exe

Filesize
1.8MB

MD5
203820825a74f4f2d591bcd9f5bac3f1

SHA1
46ba11354bea4cdff4f815bc1d9dbe71923035b0

SHA256
d20f281393d3de5a45ce6f643e2292f71ebda25df4e5e4ca8b3e9d2fe01ad46b

SHA512
d354615e8a00be2bb8b66c0bd78dd8317522f0b31abbbede89ecee86684decdd67f8d057824f1c2e877c0df1c0c1f3dd133b3813380f59e8fb3a29d496401d21

Download Submit
C:\Windows\System\UHJHgSD.exe

Filesize
1.8MB

MD5
d6bc8c9b72d94937597dcaf76a8a4f0e

SHA1
950905f5e8b15651fbc4c53d6b6a37e4849dde28

SHA256
0eb6795981f65ae0d903654b2a1f3e17241bc390db43ca0ed96d7fa235966e3a

SHA512
8280ba719f0149b93b4b32e3e9bbb1e557a097003b22bab4b65d5c7b5b4aa60e1cb4768105931c26ecbd80b6ce506bc45fcbc336ebc019dbeb8da9c1dae1ef3d

Download Submit
C:\Windows\System\WKCNLGk.exe

Filesize
1.8MB

MD5
8aef862a96386e462ed772b610b5554d

SHA1
52469fe840f525e301449907d25d4d4ed9e83516

SHA256
b23818313b9cc4df3b3e61fa382fff0d01a8c4460474ea584ceecf72995e66f8

SHA512
e3092fea22d8ea0cef5c37fa6df661208cc36f3374596b5c27444814d6d26c43e6f4470d8c3f4c89097a4c54392af97d0f47eb1afb5c85b819953c9714087c3f

Download Submit
C:\Windows\System\XxnHDCV.exe

Filesize
1.8MB

MD5
78414a9a39ef5080648667d4736265e0

SHA1
38139291f00e985a88ca330f9049f3e254f6b0ad

SHA256
c10b7d6d69eb05c9a06a2fa645ef36b2b1e8930037555fdf1e183d2a520d2fdd

SHA512
e1e30a725eec70deae26acf6ab5f282b63096ecc1123f44bf9dba4444d7d7c4ed080de2719fc292e11d9133ff28ecf8aa623a63ca69f9566e9035a7433c02e56

Download Submit
C:\Windows\System\YSQVxEi.exe

Filesize
1.8MB

MD5
a1c12473487c8b3836b8a8b789e8ee77

SHA1
57b6c23e6a0db4be44f2e2d9ebfaa1f64ed8a5d1

SHA256
fefebc8b88f2ab52ff08d4471fc0c517627b3eb8d5a57ba21e93bf45f6dcbca0

SHA512
4af2ca5982f76dcfecc1a1f24c300362e1761b028f380d93dc62bd708eca9c621de28c88333c5f32b2bdd716ff6668a8be131097ad0df7553a263bd8327c0d59

Download Submit
C:\Windows\System\ZPEMbRj.exe

Filesize
1.8MB

MD5
4b314a28172e8267a9ac5a765ac77ecb

SHA1
a57b4c76d2de3e658a98bc6557ba7bdef6814562

SHA256
b56e8420db215bbc2a9a79ac55d086fc967629582c582f12017a08625c2e9688

SHA512
14aa0a8f14c8939cd31b6cba0bd2d6953ad84f5efc0f8833fc51eb2a164466d415a8051ede1049e8cda3ea4f3f9e833868439f48f5b686153687c0f3cdbdea19

Download Submit
C:\Windows\System\ZTJepLi.exe

Filesize
1.8MB

MD5
7e75e4013747a6edc2a119db21539023

SHA1
480b87885497bf0b2e1739cbb6940aeb55ba66fb

SHA256
c74f5a44bdfe090f9d947437ff5473a14849052df524ee47333f1324475f6bb9

SHA512
ce2d3f12113539bfdfc055234e302a6abca00b041da92a677edbeb29cd64af1f19d159b87e915edbe23bbd8221268cf9b03dd32224be0951390a6775241bd7f8

Download Submit
C:\Windows\System\bJRIpbh.exe

Filesize
1.8MB

MD5
84f96a94cada3febe299579d2d8ab609

SHA1
87b55f68acc79839e94b5b7e17be80faffb77922

SHA256
631e91be274ca977c5b74a27a5ee28c804745bd649c734444dc886b719d8ba0d

SHA512
50608c80372872b9f851559f1a1040ad029da9947db94f838fa5c96af89f53a64e71a462e00ad61ec628bd10f69a05cf9714a8a1e8353d5612efce14d843768b

Download Submit
C:\Windows\System\bkImfgn.exe

Filesize
1.8MB

MD5
394fa69cb7aaff549ab87358cd16efea

SHA1
ddc547189b64f2f141d3aad94841ad65d45383c4

SHA256
0a37e97d6b1b778d6a66497bd07aed212473198a5517fbc07e9ff3b57c3400e7

SHA512
d3a67466191a5ff823580eb7fc3c191c01662934568f202b7e64756fb8e96746e39becb81d01ed7d895420de4c3cbb4f6257ebf4f260b6054a040b19a46f0195

Download Submit
C:\Windows\System\hOorika.exe

Filesize
1.8MB

MD5
8421ac6d73237c2cb4efaa2e6915103a

SHA1
2486ccca1f00ebe17510ffc419364d33abdabe56

SHA256
3264121557d53a9f98c07b4ac533fb6d6414d42b51cf8f53614357b8ffdfd0b0

SHA512
9522dd9bf8c4d4b5b63b16763fc4985be33b036cb09975030f3ef4e7a0b2383a506ea4f9cb8fd18bd76d9b9b963a514343f1bfb42957746a2c4c3c9ccbf6005f

Download Submit
C:\Windows\System\hqVoFGZ.exe

Filesize
1.8MB

MD5
2a8b00bdec0d08703545998efffa1c09

SHA1
4fd408ac48fbbb30ae3e1818742d403fc269c192

SHA256
b38449fd4d8b9723fa63783be727855881ff190f1b882ae0d5cd91fc7556977a

SHA512
910e55b8d4fe7b23742640e12c071da9058228cf28bd023b5d4d1e38c4568603232c01d7ea6118e52f17ca496765bad1b4c2a552aade71b45e52d57ec94036fb

Download Submit
C:\Windows\System\hzqBLXs.exe

Filesize
1.8MB

MD5
e4212f51101ce324b14459d1ace25733

SHA1
b224886ed7834cc482d53deae5eb0d22d4e76f8c

SHA256
7ec594795da8fc343258dcd13304874060159943add736d28eb840a9147ee4b7

SHA512
af862c7506f060e18374a82e87037f24d7aae97de1bb5afd66574de3325f2ed609657dd9fbb8e81cb9cbbe96108a6edd340b5eb40bc8ac547e70e5b9ab0c535a

Download Submit
C:\Windows\System\jdZyBVF.exe

Filesize
1.8MB

MD5
0c3f13f2e9118d2543dd203d6346440d

SHA1
0cb9baebd88fdbadc0543035a15994aa641d0d70

SHA256
575efd090d30d8b16be42f6d3ca5a95ad1ff227c95e14ab6c651459425257a23

SHA512
6c0e90eba14ad2cf879ea0c75d6120041f67d599c0d40922b8ce3bf6620db3c9a75228ac3b10f2682bd375f5444ec6ea5fd4c35f0b1806d9df9c10d8b60774ef

Download Submit
C:\Windows\System\kxwTuSx.exe

Filesize
1.8MB

MD5
5c529f924953a47a1748898c58e2ceb9

SHA1
89c97d18ef241efba468cb50a18b5914073fe98f

SHA256
c6df915b201f282207c1ae3acfd153541e45e1d5b40243bb3dd46aab8bfb308c

SHA512
4b1a71d75ad9fb7a0063fc74e395e7ab1ffcb11cf57cb1f0e7122e8fb31cc75a19456ac7688d2900b4bab16e4e07baa56bf4986f9f355c79d51d4cb2dd0e0c9c

Download Submit
C:\Windows\System\muQsQwv.exe

Filesize
1.8MB

MD5
18eed95c37b26d17e3fa8e29281988d5

SHA1
51664fbe7b9ae72b4ef8ff9211f691b187dc6f6a

SHA256
bc5f04d722b9c52bfeb94af91d6342cf69b9036ac9d6c0105e5a5975c3774f4b

SHA512
1c0375ac22fe2147fe54687a2244154e391591cfb943cf4eefed4ca6ca95a8cbe0b8870fb3ea185cf991695ab6993b4946860a05dc5225aac3b43b868c91a6ef

Download Submit
C:\Windows\System\sXiUPUt.exe

Filesize
1.8MB

MD5
d84601c806811a94037a898af5f64e44

SHA1
4102ce7c8bc61dbb256bab99c86eaae543cce739

SHA256
764c2d72d764f3078e05ffcd3abe84035ee57c5e92a592780cf403a40d1322c6

SHA512
3eeb6d6e715e5b0c19f6d84b2b9fc39c91d9eecbdf262be8a39b432a47fa5ff8befd938cb4c3fbef476d5a68912a193bee48b422588c7030ae77610402cbd083

Download Submit
C:\Windows\System\tNsQINL.exe

Filesize
1.8MB

MD5
dde568b13df2a871ea432623a96307ae

SHA1
686a57d44f4b070b394d1e604859df973d216f09

SHA256
6aa832956c85680df54aa0634638ee45835316b56470178ff9e19dd6b68ebf83

SHA512
2f7e91675d845fe3bf70b0c7b274d5f460789f0db9ff5131b3447c23f2b29a3a99a4efdf40f96d7447439f8869b2d21ef1f53ac6a9a87aee557d351d46771b4a

Download Submit
C:\Windows\System\xOhQqIE.exe

Filesize
1.8MB

MD5
8053c8018d42d8274a1b35271b02616c

SHA1
0bbc5cad9570aafcb532322f9b691b603e838362

SHA256
892e0205ae193e0096f82c7f5935b703baf786936b7c3397b8dc6ad41ab6c66b

SHA512
4d0643a7f1f164443f9c97c4d733969982f03341ab38f1b42d105b5c2953cd25254d122435571df6d4cc2d4383282424f129e3630a4bf01084c78bc702c0771b

Download Submit
C:\Windows\System\yNLLdkk.exe

Filesize
1.8MB

MD5
cdadd74eb19e544cd472b00dec83caf5

SHA1
07a3ac8311f32bc72f5a681ad35b19b9aa2a1466

SHA256
27094ea917f2e8924e3a32172e34fa1816969d9e3d3be7bd033dc2a996a9d3dd

SHA512
e7094b738c583dfaaeac062a9b9a9e84a6d53ebba0c03ac4f3dfb39f5846f65dbd31165d884f8f833cf1a9a43d097381448a9134cb8222b6c2d4003be43fe532

Download Submit
memory/752-196-0x00007FF6FD1D0000-0x00007FF6FD521000-memory.dmp

Filesize
3.3MB

Download
memory/752-2358-0x00007FF6FD1D0000-0x00007FF6FD521000-memory.dmp

Filesize
3.3MB

Download
memory/960-293-0x00007FF7A19A0000-0x00007FF7A1CF1000-memory.dmp

Filesize
3.3MB

Download
memory/960-2366-0x00007FF7A19A0000-0x00007FF7A1CF1000-memory.dmp

Filesize
3.3MB

Download
memory/1040-2316-0x00007FF705E30000-0x00007FF706181000-memory.dmp

Filesize
3.3MB

Download
memory/1040-2202-0x00007FF705E30000-0x00007FF706181000-memory.dmp

Filesize
3.3MB

Download
memory/1040-86-0x00007FF705E30000-0x00007FF706181000-memory.dmp

Filesize
3.3MB

Download
memory/1088-131-0x00007FF6B5350000-0x00007FF6B56A1000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2312-0x00007FF6B5350000-0x00007FF6B56A1000-memory.dmp

Filesize
3.3MB

Download
memory/1220-32-0x00007FF648910000-0x00007FF648C61000-memory.dmp

Filesize
3.3MB

Download
memory/1220-2287-0x00007FF648910000-0x00007FF648C61000-memory.dmp

Filesize
3.3MB

Download
memory/1220-2214-0x00007FF648910000-0x00007FF648C61000-memory.dmp

Filesize
3.3MB

Download
memory/1304-202-0x00007FF6CB5F0000-0x00007FF6CB941000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2362-0x00007FF6CB5F0000-0x00007FF6CB941000-memory.dmp

Filesize
3.3MB

Download
memory/1400-318-0x00007FF737EC0000-0x00007FF738211000-memory.dmp

Filesize
3.3MB

Download
memory/1400-2340-0x00007FF737EC0000-0x00007FF738211000-memory.dmp

Filesize
3.3MB

Download
memory/1540-71-0x00007FF76D0D0000-0x00007FF76D421000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2318-0x00007FF76D0D0000-0x00007FF76D421000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2198-0x00007FF76D0D0000-0x00007FF76D421000-memory.dmp

Filesize
3.3MB

Download
memory/1768-316-0x00007FF6A57B0000-0x00007FF6A5B01000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2285-0x00007FF6A57B0000-0x00007FF6A5B01000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2372-0x00007FF639860000-0x00007FF639BB1000-memory.dmp

Filesize
3.3MB

Download
memory/1908-281-0x00007FF639860000-0x00007FF639BB1000-memory.dmp

Filesize
3.3MB

Download
memory/2180-315-0x00007FF7E0600000-0x00007FF7E0951000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2306-0x00007FF7E0600000-0x00007FF7E0951000-memory.dmp

Filesize
3.3MB

Download
memory/2396-18-0x00007FF706E70000-0x00007FF7071C1000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2275-0x00007FF706E70000-0x00007FF7071C1000-memory.dmp

Filesize
3.3MB

Download
memory/2508-132-0x00007FF77B570000-0x00007FF77B8C1000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2325-0x00007FF77B570000-0x00007FF77B8C1000-memory.dmp

Filesize
3.3MB

Download
memory/2900-314-0x00007FF702A60000-0x00007FF702DB1000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2279-0x00007FF702A60000-0x00007FF702DB1000-memory.dmp

Filesize
3.3MB

Download
memory/3216-319-0x00007FF776600000-0x00007FF776951000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2360-0x00007FF776600000-0x00007FF776951000-memory.dmp

Filesize
3.3MB

Download
memory/3412-2355-0x00007FF635C50000-0x00007FF635FA1000-memory.dmp

Filesize
3.3MB

Download
memory/3412-320-0x00007FF635C50000-0x00007FF635FA1000-memory.dmp

Filesize
3.3MB

Download
memory/3452-191-0x00007FF687E10000-0x00007FF688161000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2308-0x00007FF687E10000-0x00007FF688161000-memory.dmp

Filesize
3.3MB

Download
memory/3460-311-0x00007FF75BFF0000-0x00007FF75C341000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2364-0x00007FF75BFF0000-0x00007FF75C341000-memory.dmp

Filesize
3.3MB

Download
memory/3664-0-0x00007FF626C40000-0x00007FF626F91000-memory.dmp

Filesize
3.3MB

Download
memory/3664-2164-0x00007FF626C40000-0x00007FF626F91000-memory.dmp

Filesize
3.3MB

Download
memory/3664-1-0x0000019355820000-0x0000019355830000-memory.dmp

Filesize
64KB

Download
memory/3880-286-0x00007FF6F7720000-0x00007FF6F7A71000-memory.dmp

Filesize
3.3MB

Download
memory/3880-2368-0x00007FF6F7720000-0x00007FF6F7A71000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2281-0x00007FF6823D0000-0x00007FF682721000-memory.dmp

Filesize
3.3MB

Download
memory/4156-50-0x00007FF6823D0000-0x00007FF682721000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2188-0x00007FF6823D0000-0x00007FF682721000-memory.dmp

Filesize
3.3MB

Download
memory/4208-192-0x00007FF6612B0000-0x00007FF661601000-memory.dmp

Filesize
3.3MB

Download
memory/4208-2322-0x00007FF6612B0000-0x00007FF661601000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2326-0x00007FF6E1080000-0x00007FF6E13D1000-memory.dmp

Filesize
3.3MB

Download
memory/4476-116-0x00007FF6E1080000-0x00007FF6E13D1000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2203-0x00007FF6E1080000-0x00007FF6E13D1000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2283-0x00007FF74DC00000-0x00007FF74DF51000-memory.dmp

Filesize
3.3MB

Download
memory/4532-21-0x00007FF74DC00000-0x00007FF74DF51000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2187-0x00007FF74DC00000-0x00007FF74DF51000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2350-0x00007FF77C0E0000-0x00007FF77C431000-memory.dmp

Filesize
3.3MB

Download
memory/4700-226-0x00007FF77C0E0000-0x00007FF77C431000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2310-0x00007FF647140000-0x00007FF647491000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2216-0x00007FF647140000-0x00007FF647491000-memory.dmp

Filesize
3.3MB

Download
memory/4732-51-0x00007FF647140000-0x00007FF647491000-memory.dmp

Filesize
3.3MB

Download
memory/4892-317-0x00007FF71A480000-0x00007FF71A7D1000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2314-0x00007FF71A480000-0x00007FF71A7D1000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2277-0x00007FF773900000-0x00007FF773C51000-memory.dmp

Filesize
3.3MB

Download
memory/4900-312-0x00007FF773900000-0x00007FF773C51000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2370-0x00007FF64BAD0000-0x00007FF64BE21000-memory.dmp

Filesize
3.3MB

Download
memory/4920-285-0x00007FF64BAD0000-0x00007FF64BE21000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2321-0x00007FF6C2C30000-0x00007FF6C2F81000-memory.dmp

Filesize
3.3MB

Download
memory/4980-147-0x00007FF6C2C30000-0x00007FF6C2F81000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads