xmrig | cb67e0fb2600a3c61a6d68bba6ecd2fd68043f9dc070950821e64ea90afddc81

Analysis

max time kernel
97s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
Size

1.9MB
MD5

fcbf40e3d4e890ac419f4a3c31a0cb80
SHA1

7f06f436db5bc014af160f4da94158d83439d8ec
SHA256

cb67e0fb2600a3c61a6d68bba6ecd2fd68043f9dc070950821e64ea90afddc81
SHA512

3006afa619ee2ecc8bd860dfb9621e5212d41048853ad5f6a4f2409190ddb3c630f8a83f44b30ffb40bf10ef212a648f0750c1d8fb9ad96e74ebbf1ff03644c3
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEdMKPFoTzDRcs:RWWBib356utgpPFoR

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 53 IoCs

miner

resource	yara_rule
behavioral2/memory/5068-185-0x00007FF613660000-0x00007FF6139B1000-memory.dmp	xmrig
behavioral2/memory/2840-197-0x00007FF75E790000-0x00007FF75EAE1000-memory.dmp	xmrig
behavioral2/memory/748-208-0x00007FF7B0DC0000-0x00007FF7B1111000-memory.dmp	xmrig
behavioral2/memory/3168-216-0x00007FF681030000-0x00007FF681381000-memory.dmp	xmrig
behavioral2/memory/3744-221-0x00007FF7119E0000-0x00007FF711D31000-memory.dmp	xmrig
behavioral2/memory/3524-220-0x00007FF6CB400000-0x00007FF6CB751000-memory.dmp	xmrig
behavioral2/memory/2692-219-0x00007FF62CC70000-0x00007FF62CFC1000-memory.dmp	xmrig
behavioral2/memory/2892-218-0x00007FF7BC160000-0x00007FF7BC4B1000-memory.dmp	xmrig
behavioral2/memory/1244-217-0x00007FF6DBD30000-0x00007FF6DC081000-memory.dmp	xmrig
behavioral2/memory/2524-215-0x00007FF65B5E0000-0x00007FF65B931000-memory.dmp	xmrig
behavioral2/memory/2080-214-0x00007FF7D69C0000-0x00007FF7D6D11000-memory.dmp	xmrig
behavioral2/memory/4832-213-0x00007FF7568B0000-0x00007FF756C01000-memory.dmp	xmrig
behavioral2/memory/3532-212-0x00007FF68C6D0000-0x00007FF68CA21000-memory.dmp	xmrig
behavioral2/memory/2276-207-0x00007FF7E45F0000-0x00007FF7E4941000-memory.dmp	xmrig
behavioral2/memory/4928-206-0x00007FF73D320000-0x00007FF73D671000-memory.dmp	xmrig
behavioral2/memory/1548-205-0x00007FF6919A0000-0x00007FF691CF1000-memory.dmp	xmrig
behavioral2/memory/768-202-0x00007FF66B320000-0x00007FF66B671000-memory.dmp	xmrig
behavioral2/memory/2760-187-0x00007FF60D510000-0x00007FF60D861000-memory.dmp	xmrig
behavioral2/memory/2232-182-0x00007FF6407E0000-0x00007FF640B31000-memory.dmp	xmrig
behavioral2/memory/884-159-0x00007FF6B60F0000-0x00007FF6B6441000-memory.dmp	xmrig
behavioral2/memory/2448-132-0x00007FF63B8F0000-0x00007FF63BC41000-memory.dmp	xmrig
behavioral2/memory/4880-86-0x00007FF6D0CD0000-0x00007FF6D1021000-memory.dmp	xmrig
behavioral2/memory/548-2158-0x00007FF6FAB50000-0x00007FF6FAEA1000-memory.dmp	xmrig
behavioral2/memory/4588-2259-0x00007FF7AEC20000-0x00007FF7AEF71000-memory.dmp	xmrig
behavioral2/memory/2080-2261-0x00007FF7D69C0000-0x00007FF7D6D11000-memory.dmp	xmrig
behavioral2/memory/4588-2263-0x00007FF7AEC20000-0x00007FF7AEF71000-memory.dmp	xmrig
behavioral2/memory/4612-2265-0x00007FF62DE90000-0x00007FF62E1E1000-memory.dmp	xmrig
behavioral2/memory/2116-2267-0x00007FF661CD0000-0x00007FF662021000-memory.dmp	xmrig
behavioral2/memory/2524-2269-0x00007FF65B5E0000-0x00007FF65B931000-memory.dmp	xmrig
behavioral2/memory/4880-2273-0x00007FF6D0CD0000-0x00007FF6D1021000-memory.dmp	xmrig
behavioral2/memory/5080-2275-0x00007FF7A83C0000-0x00007FF7A8711000-memory.dmp	xmrig
behavioral2/memory/3196-2271-0x00007FF755730000-0x00007FF755A81000-memory.dmp	xmrig
behavioral2/memory/4544-2281-0x00007FF739660000-0x00007FF7399B1000-memory.dmp	xmrig
behavioral2/memory/2448-2283-0x00007FF63B8F0000-0x00007FF63BC41000-memory.dmp	xmrig
behavioral2/memory/2620-2291-0x00007FF6207D0000-0x00007FF620B21000-memory.dmp	xmrig
behavioral2/memory/2692-2297-0x00007FF62CC70000-0x00007FF62CFC1000-memory.dmp	xmrig
behavioral2/memory/2276-2307-0x00007FF7E45F0000-0x00007FF7E4941000-memory.dmp	xmrig
behavioral2/memory/768-2313-0x00007FF66B320000-0x00007FF66B671000-memory.dmp	xmrig
behavioral2/memory/3744-2317-0x00007FF7119E0000-0x00007FF711D31000-memory.dmp	xmrig
behavioral2/memory/4832-2315-0x00007FF7568B0000-0x00007FF756C01000-memory.dmp	xmrig
behavioral2/memory/3532-2311-0x00007FF68C6D0000-0x00007FF68CA21000-memory.dmp	xmrig
behavioral2/memory/748-2309-0x00007FF7B0DC0000-0x00007FF7B1111000-memory.dmp	xmrig
behavioral2/memory/1548-2305-0x00007FF6919A0000-0x00007FF691CF1000-memory.dmp	xmrig
behavioral2/memory/4928-2303-0x00007FF73D320000-0x00007FF73D671000-memory.dmp	xmrig
behavioral2/memory/2760-2299-0x00007FF60D510000-0x00007FF60D861000-memory.dmp	xmrig
behavioral2/memory/5068-2295-0x00007FF613660000-0x00007FF6139B1000-memory.dmp	xmrig
behavioral2/memory/2840-2301-0x00007FF75E790000-0x00007FF75EAE1000-memory.dmp	xmrig
behavioral2/memory/3524-2293-0x00007FF6CB400000-0x00007FF6CB751000-memory.dmp	xmrig
behavioral2/memory/2892-2289-0x00007FF7BC160000-0x00007FF7BC4B1000-memory.dmp	xmrig
behavioral2/memory/2232-2285-0x00007FF6407E0000-0x00007FF640B31000-memory.dmp	xmrig
behavioral2/memory/884-2287-0x00007FF6B60F0000-0x00007FF6B6441000-memory.dmp	xmrig
behavioral2/memory/3168-2277-0x00007FF681030000-0x00007FF681381000-memory.dmp	xmrig
behavioral2/memory/1244-2279-0x00007FF6DBD30000-0x00007FF6DC081000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4612	tFqeLnH.exe
2080	EmdkeiG.exe
4588	TJdzLdp.exe
2524	ZjDUTAD.exe
2116	zZzXbqv.exe
3168	CCSbqVt.exe
3196	uTrXWyY.exe
5080	qLbBjvc.exe
4880	VZCsQze.exe
4544	todCzsm.exe
1244	qbdXIFI.exe
2892	EXjQzuV.exe
2620	DMkgubp.exe
2448	NmYYeCN.exe
884	fGAqAaz.exe
2232	IeTSScP.exe
2692	qrdpeYj.exe
5068	yLoSjcC.exe
2760	QOkuTAl.exe
2840	IrsAqcY.exe
768	ahdjnWr.exe
3524	vsxMMem.exe
1548	CIIDWtz.exe
4928	NXrotwu.exe
2276	XupoZES.exe
748	JIFUchN.exe
3532	NncImbI.exe
3744	AHxPryl.exe
4832	KjmCMxs.exe
1644	xEoXEXQ.exe
1876	XXBYQrg.exe
4960	NXhmSBL.exe
4268	oIzwdyI.exe
4776	GNxcWbV.exe
3748	yKGfkac.exe
4284	qZvnFMz.exe
3716	CNTkiqI.exe
3508	fPtoyYZ.exe
4924	JwNNmlT.exe
3576	ISxkKXS.exe
708	YuWYWDL.exe
1976	eXJMbyi.exe
1152	qHBmouB.exe
4548	bCivjNY.exe
572	JEYGCOK.exe
1420	OmTYDEv.exe
1240	pTQEdTk.exe
4956	VttxhJL.exe
4048	tBlKUdk.exe
2764	mJNubtR.exe
1812	sgNYazz.exe
1332	XrZkVbe.exe
4264	NYqJaBl.exe
872	VYqnqCa.exe
2520	ykCAhMv.exe
5040	LZRrndp.exe
4644	FLrNKhD.exe
2628	JGZKsli.exe
3096	NwIXTfp.exe
2732	VhYvEvX.exe
2292	VmmfMVu.exe
232	OhKIaXB.exe
4536	ArrToqU.exe
1404	bdTqUqR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/548-0-0x00007FF6FAB50000-0x00007FF6FAEA1000-memory.dmp	upx
behavioral2/files/0x0007000000023419-7.dat	upx
behavioral2/files/0x0009000000023414-17.dat	upx
behavioral2/files/0x000700000002341e-71.dat	upx
behavioral2/files/0x0007000000023429-93.dat	upx
behavioral2/files/0x0007000000023422-115.dat	upx
behavioral2/files/0x0007000000023428-136.dat	upx
behavioral2/files/0x000700000002343a-171.dat	upx
behavioral2/memory/5068-185-0x00007FF613660000-0x00007FF6139B1000-memory.dmp	upx
behavioral2/memory/2840-197-0x00007FF75E790000-0x00007FF75EAE1000-memory.dmp	upx
behavioral2/memory/748-208-0x00007FF7B0DC0000-0x00007FF7B1111000-memory.dmp	upx
behavioral2/memory/3168-216-0x00007FF681030000-0x00007FF681381000-memory.dmp	upx
behavioral2/memory/3744-221-0x00007FF7119E0000-0x00007FF711D31000-memory.dmp	upx
behavioral2/memory/3524-220-0x00007FF6CB400000-0x00007FF6CB751000-memory.dmp	upx
behavioral2/memory/2692-219-0x00007FF62CC70000-0x00007FF62CFC1000-memory.dmp	upx
behavioral2/memory/2892-218-0x00007FF7BC160000-0x00007FF7BC4B1000-memory.dmp	upx
behavioral2/memory/1244-217-0x00007FF6DBD30000-0x00007FF6DC081000-memory.dmp	upx
behavioral2/memory/2524-215-0x00007FF65B5E0000-0x00007FF65B931000-memory.dmp	upx
behavioral2/memory/2080-214-0x00007FF7D69C0000-0x00007FF7D6D11000-memory.dmp	upx
behavioral2/memory/4832-213-0x00007FF7568B0000-0x00007FF756C01000-memory.dmp	upx
behavioral2/memory/3532-212-0x00007FF68C6D0000-0x00007FF68CA21000-memory.dmp	upx
behavioral2/memory/2276-207-0x00007FF7E45F0000-0x00007FF7E4941000-memory.dmp	upx
behavioral2/memory/4928-206-0x00007FF73D320000-0x00007FF73D671000-memory.dmp	upx
behavioral2/memory/1548-205-0x00007FF6919A0000-0x00007FF691CF1000-memory.dmp	upx
behavioral2/memory/768-202-0x00007FF66B320000-0x00007FF66B671000-memory.dmp	upx
behavioral2/memory/2760-187-0x00007FF60D510000-0x00007FF60D861000-memory.dmp	upx
behavioral2/memory/2232-182-0x00007FF6407E0000-0x00007FF640B31000-memory.dmp	upx
behavioral2/files/0x000700000002343b-179.dat	upx
behavioral2/files/0x0007000000023431-177.dat	upx
behavioral2/files/0x000700000002342c-175.dat	upx
behavioral2/files/0x0007000000023427-173.dat	upx
behavioral2/files/0x0007000000023439-170.dat	upx
behavioral2/files/0x0007000000023438-169.dat	upx
behavioral2/files/0x0007000000023437-168.dat	upx
behavioral2/files/0x000700000002342e-166.dat	upx
behavioral2/files/0x0007000000023436-165.dat	upx
behavioral2/files/0x0007000000023432-164.dat	upx
behavioral2/memory/884-159-0x00007FF6B60F0000-0x00007FF6B6441000-memory.dmp	upx
behavioral2/files/0x0007000000023435-158.dat	upx
behavioral2/files/0x0007000000023430-156.dat	upx
behavioral2/files/0x000700000002342f-151.dat	upx
behavioral2/files/0x000700000002342b-149.dat	upx
behavioral2/files/0x000700000002342a-145.dat	upx
behavioral2/files/0x0007000000023434-135.dat	upx
behavioral2/files/0x0007000000023433-134.dat	upx
behavioral2/memory/2448-132-0x00007FF63B8F0000-0x00007FF63BC41000-memory.dmp	upx
behavioral2/files/0x000700000002342d-133.dat	upx
behavioral2/memory/2620-113-0x00007FF6207D0000-0x00007FF620B21000-memory.dmp	upx
behavioral2/memory/4544-110-0x00007FF739660000-0x00007FF7399B1000-memory.dmp	upx
behavioral2/files/0x0007000000023420-105.dat	upx
behavioral2/files/0x0007000000023426-96.dat	upx
behavioral2/files/0x0007000000023423-123.dat	upx
behavioral2/files/0x0007000000023425-94.dat	upx
behavioral2/memory/4880-86-0x00007FF6D0CD0000-0x00007FF6D1021000-memory.dmp	upx
behavioral2/files/0x0007000000023424-75.dat	upx
behavioral2/files/0x000700000002341d-66.dat	upx
behavioral2/files/0x000700000002341b-85.dat	upx
behavioral2/files/0x000700000002341f-61.dat	upx
behavioral2/files/0x0007000000023421-81.dat	upx
behavioral2/memory/5080-60-0x00007FF7A83C0000-0x00007FF7A8711000-memory.dmp	upx
behavioral2/memory/3196-57-0x00007FF755730000-0x00007FF755A81000-memory.dmp	upx
behavioral2/files/0x000700000002341a-46.dat	upx
behavioral2/files/0x000700000002341c-40.dat	upx
behavioral2/memory/2116-35-0x00007FF661CD0000-0x00007FF662021000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jfvZjHZ.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\BJKiENj.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\qNThooU.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\gvNAHXl.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\YliXzEz.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\EgnBgCo.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\hmYbjpb.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\aqUAELG.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\GnfBlQj.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\DGMEDFi.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\AhWBTDW.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\phhxyAx.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\fGAqAaz.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\owzQEKh.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\GljOeqc.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\ePtfyPB.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\abJOqPO.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\dDmoaqS.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\QUKNzXI.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\pYzcNMO.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\ZhyUXcO.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\XDmZCrZ.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\qXPoWKQ.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\cdkUxNq.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\RXqWFgL.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\YgKBWbZ.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\VYNgHKy.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\EBXUNyo.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\UuBDDBB.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\sXfUdFj.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\CCepzWK.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\iIjAkpk.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\zKjnvcF.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\jncmuZF.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\ahdjnWr.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\qZvnFMz.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\TeeInhD.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\yAlSMUS.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\rZOKvpV.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\TQOQtaP.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\tfKkeKc.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\NnabGeu.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\kYtyZUy.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\zRurBeh.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\SuQNiCV.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\VroZdzz.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\mDEsojD.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\MfIKZVp.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\xThyjzr.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\ZCfDoLq.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\yKGfkac.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\TmxIrTQ.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\GnfnIDs.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\KVPTwtt.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\DPMgSVc.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\OpcGtcc.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\EnzTuRH.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\UPFbSzx.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\EApcGPY.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\zqmqSQK.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\EXjQzuV.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\fupNeQX.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\vaFumzt.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
File created	C:\Windows\System\Upzcyeh.exe	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5444	dwm.exe
Token: SeChangeNotifyPrivilege	5444	dwm.exe
Token: 33	5444	dwm.exe
Token: SeIncBasePriorityPrivilege	5444	dwm.exe
Token: SeShutdownPrivilege	5444	dwm.exe
Token: SeCreatePagefilePrivilege	5444	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 4612	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	85
PID 548 wrote to memory of 4612	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	85
PID 548 wrote to memory of 2080	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	86
PID 548 wrote to memory of 2080	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	86
PID 548 wrote to memory of 4588	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	87
PID 548 wrote to memory of 4588	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	87
PID 548 wrote to memory of 2524	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	88
PID 548 wrote to memory of 2524	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	88
PID 548 wrote to memory of 3168	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	89
PID 548 wrote to memory of 3168	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	89
PID 548 wrote to memory of 2116	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	90
PID 548 wrote to memory of 2116	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	90
PID 548 wrote to memory of 3196	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	91
PID 548 wrote to memory of 3196	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	91
PID 548 wrote to memory of 5080	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	92
PID 548 wrote to memory of 5080	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	92
PID 548 wrote to memory of 4880	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	93
PID 548 wrote to memory of 4880	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	93
PID 548 wrote to memory of 4544	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	94
PID 548 wrote to memory of 4544	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	94
PID 548 wrote to memory of 1244	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	95
PID 548 wrote to memory of 1244	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	95
PID 548 wrote to memory of 2892	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	96
PID 548 wrote to memory of 2892	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	96
PID 548 wrote to memory of 2620	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	97
PID 548 wrote to memory of 2620	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	97
PID 548 wrote to memory of 2448	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	98
PID 548 wrote to memory of 2448	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	98
PID 548 wrote to memory of 884	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	99
PID 548 wrote to memory of 884	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	99
PID 548 wrote to memory of 2232	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	100
PID 548 wrote to memory of 2232	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	100
PID 548 wrote to memory of 768	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	101
PID 548 wrote to memory of 768	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	101
PID 548 wrote to memory of 2692	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	102
PID 548 wrote to memory of 2692	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	102
PID 548 wrote to memory of 5068	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	103
PID 548 wrote to memory of 5068	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	103
PID 548 wrote to memory of 2760	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	104
PID 548 wrote to memory of 2760	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	104
PID 548 wrote to memory of 2840	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	105
PID 548 wrote to memory of 2840	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	105
PID 548 wrote to memory of 748	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	106
PID 548 wrote to memory of 748	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	106
PID 548 wrote to memory of 3524	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	107
PID 548 wrote to memory of 3524	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	107
PID 548 wrote to memory of 1548	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	108
PID 548 wrote to memory of 1548	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	108
PID 548 wrote to memory of 4928	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	109
PID 548 wrote to memory of 4928	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	109
PID 548 wrote to memory of 2276	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	110
PID 548 wrote to memory of 2276	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	110
PID 548 wrote to memory of 3532	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	111
PID 548 wrote to memory of 3532	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	111
PID 548 wrote to memory of 1876	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	112
PID 548 wrote to memory of 1876	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	112
PID 548 wrote to memory of 3744	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	113
PID 548 wrote to memory of 3744	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	113
PID 548 wrote to memory of 4832	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	114
PID 548 wrote to memory of 4832	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	114
PID 548 wrote to memory of 1644	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	115
PID 548 wrote to memory of 1644	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	115
PID 548 wrote to memory of 4960	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	116
PID 548 wrote to memory of 4960	548	fcbf40e3d4e890ac419f4a3c31a0cb80N.exe	116

C:\Users\Admin\AppData\Local\Temp\fcbf40e3d4e890ac419f4a3c31a0cb80N.exe
"C:\Users\Admin\AppData\Local\Temp\fcbf40e3d4e890ac419f4a3c31a0cb80N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:548
- C:\Windows\System\tFqeLnH.exe
  C:\Windows\System\tFqeLnH.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\EmdkeiG.exe
  C:\Windows\System\EmdkeiG.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\TJdzLdp.exe
  C:\Windows\System\TJdzLdp.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\ZjDUTAD.exe
  C:\Windows\System\ZjDUTAD.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\CCSbqVt.exe
  C:\Windows\System\CCSbqVt.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\zZzXbqv.exe
  C:\Windows\System\zZzXbqv.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\uTrXWyY.exe
  C:\Windows\System\uTrXWyY.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\qLbBjvc.exe
  C:\Windows\System\qLbBjvc.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\VZCsQze.exe
  C:\Windows\System\VZCsQze.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\todCzsm.exe
  C:\Windows\System\todCzsm.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\qbdXIFI.exe
  C:\Windows\System\qbdXIFI.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\EXjQzuV.exe
  C:\Windows\System\EXjQzuV.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\DMkgubp.exe
  C:\Windows\System\DMkgubp.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\NmYYeCN.exe
  C:\Windows\System\NmYYeCN.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\fGAqAaz.exe
  C:\Windows\System\fGAqAaz.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\IeTSScP.exe
  C:\Windows\System\IeTSScP.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\ahdjnWr.exe
  C:\Windows\System\ahdjnWr.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\qrdpeYj.exe
  C:\Windows\System\qrdpeYj.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\yLoSjcC.exe
  C:\Windows\System\yLoSjcC.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\QOkuTAl.exe
  C:\Windows\System\QOkuTAl.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\IrsAqcY.exe
  C:\Windows\System\IrsAqcY.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\JIFUchN.exe
  C:\Windows\System\JIFUchN.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\vsxMMem.exe
  C:\Windows\System\vsxMMem.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\CIIDWtz.exe
  C:\Windows\System\CIIDWtz.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\NXrotwu.exe
  C:\Windows\System\NXrotwu.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\XupoZES.exe
  C:\Windows\System\XupoZES.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\NncImbI.exe
  C:\Windows\System\NncImbI.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\XXBYQrg.exe
  C:\Windows\System\XXBYQrg.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\AHxPryl.exe
  C:\Windows\System\AHxPryl.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\KjmCMxs.exe
  C:\Windows\System\KjmCMxs.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\xEoXEXQ.exe
  C:\Windows\System\xEoXEXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\NXhmSBL.exe
  C:\Windows\System\NXhmSBL.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\oIzwdyI.exe
  C:\Windows\System\oIzwdyI.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\GNxcWbV.exe
  C:\Windows\System\GNxcWbV.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\yKGfkac.exe
  C:\Windows\System\yKGfkac.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\qZvnFMz.exe
  C:\Windows\System\qZvnFMz.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\CNTkiqI.exe
  C:\Windows\System\CNTkiqI.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\fPtoyYZ.exe
  C:\Windows\System\fPtoyYZ.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\JwNNmlT.exe
  C:\Windows\System\JwNNmlT.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\ISxkKXS.exe
  C:\Windows\System\ISxkKXS.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\YuWYWDL.exe
  C:\Windows\System\YuWYWDL.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\eXJMbyi.exe
  C:\Windows\System\eXJMbyi.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\qHBmouB.exe
  C:\Windows\System\qHBmouB.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\bCivjNY.exe
  C:\Windows\System\bCivjNY.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\JEYGCOK.exe
  C:\Windows\System\JEYGCOK.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\OmTYDEv.exe
  C:\Windows\System\OmTYDEv.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\pTQEdTk.exe
  C:\Windows\System\pTQEdTk.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\VttxhJL.exe
  C:\Windows\System\VttxhJL.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\tBlKUdk.exe
  C:\Windows\System\tBlKUdk.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\mJNubtR.exe
  C:\Windows\System\mJNubtR.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\sgNYazz.exe
  C:\Windows\System\sgNYazz.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\XrZkVbe.exe
  C:\Windows\System\XrZkVbe.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\NYqJaBl.exe
  C:\Windows\System\NYqJaBl.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\VYqnqCa.exe
  C:\Windows\System\VYqnqCa.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\ykCAhMv.exe
  C:\Windows\System\ykCAhMv.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\LZRrndp.exe
  C:\Windows\System\LZRrndp.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\FLrNKhD.exe
  C:\Windows\System\FLrNKhD.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\JGZKsli.exe
  C:\Windows\System\JGZKsli.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\NwIXTfp.exe
  C:\Windows\System\NwIXTfp.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\VhYvEvX.exe
  C:\Windows\System\VhYvEvX.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\VmmfMVu.exe
  C:\Windows\System\VmmfMVu.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\OhKIaXB.exe
  C:\Windows\System\OhKIaXB.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\ArrToqU.exe
  C:\Windows\System\ArrToqU.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\bdTqUqR.exe
  C:\Windows\System\bdTqUqR.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\lzwSftO.exe
  C:\Windows\System\lzwSftO.exe
  2⤵
  PID:4196
- C:\Windows\System\SGniBAk.exe
  C:\Windows\System\SGniBAk.exe
  2⤵
  PID:1360
- C:\Windows\System\bJjOMZQ.exe
  C:\Windows\System\bJjOMZQ.exe
  2⤵
  PID:2928
- C:\Windows\System\OrjvCGT.exe
  C:\Windows\System\OrjvCGT.exe
  2⤵
  PID:4068
- C:\Windows\System\gtvDhbT.exe
  C:\Windows\System\gtvDhbT.exe
  2⤵
  PID:1100
- C:\Windows\System\gSGKhlo.exe
  C:\Windows\System\gSGKhlo.exe
  2⤵
  PID:4000
- C:\Windows\System\TNnyzxZ.exe
  C:\Windows\System\TNnyzxZ.exe
  2⤵
  PID:4024
- C:\Windows\System\bWBsHvL.exe
  C:\Windows\System\bWBsHvL.exe
  2⤵
  PID:1792
- C:\Windows\System\XXnCsTZ.exe
  C:\Windows\System\XXnCsTZ.exe
  2⤵
  PID:2856
- C:\Windows\System\cZbOBNo.exe
  C:\Windows\System\cZbOBNo.exe
  2⤵
  PID:3564
- C:\Windows\System\YwATqTp.exe
  C:\Windows\System\YwATqTp.exe
  2⤵
  PID:2700
- C:\Windows\System\toEtJpC.exe
  C:\Windows\System\toEtJpC.exe
  2⤵
  PID:4336
- C:\Windows\System\qTtomVA.exe
  C:\Windows\System\qTtomVA.exe
  2⤵
  PID:3092
- C:\Windows\System\TeeInhD.exe
  C:\Windows\System\TeeInhD.exe
  2⤵
  PID:1808
- C:\Windows\System\BOmJjtu.exe
  C:\Windows\System\BOmJjtu.exe
  2⤵
  PID:1912
- C:\Windows\System\ugcYUYF.exe
  C:\Windows\System\ugcYUYF.exe
  2⤵
  PID:4480
- C:\Windows\System\ZrEYngI.exe
  C:\Windows\System\ZrEYngI.exe
  2⤵
  PID:2872
- C:\Windows\System\IjMbdtj.exe
  C:\Windows\System\IjMbdtj.exe
  2⤵
  PID:3240
- C:\Windows\System\UpdzrQy.exe
  C:\Windows\System\UpdzrQy.exe
  2⤵
  PID:1856
- C:\Windows\System\ahzdZHN.exe
  C:\Windows\System\ahzdZHN.exe
  2⤵
  PID:3028
- C:\Windows\System\JRWSaXD.exe
  C:\Windows\System\JRWSaXD.exe
  2⤵
  PID:2484
- C:\Windows\System\FeRgiku.exe
  C:\Windows\System\FeRgiku.exe
  2⤵
  PID:3224
- C:\Windows\System\QsIdiiK.exe
  C:\Windows\System\QsIdiiK.exe
  2⤵
  PID:776
- C:\Windows\System\cGjifSA.exe
  C:\Windows\System\cGjifSA.exe
  2⤵
  PID:1860
- C:\Windows\System\fupNeQX.exe
  C:\Windows\System\fupNeQX.exe
  2⤵
  PID:4116
- C:\Windows\System\MsEttNy.exe
  C:\Windows\System\MsEttNy.exe
  2⤵
  PID:4668
- C:\Windows\System\tgZptsQ.exe
  C:\Windows\System\tgZptsQ.exe
  2⤵
  PID:1164
- C:\Windows\System\ZxPofDE.exe
  C:\Windows\System\ZxPofDE.exe
  2⤵
  PID:4680
- C:\Windows\System\zygnPbJ.exe
  C:\Windows\System\zygnPbJ.exe
  2⤵
  PID:2832
- C:\Windows\System\FplkuVd.exe
  C:\Windows\System\FplkuVd.exe
  2⤵
  PID:2556
- C:\Windows\System\qCHcQZV.exe
  C:\Windows\System\qCHcQZV.exe
  2⤵
  PID:2156
- C:\Windows\System\aQFfMCi.exe
  C:\Windows\System\aQFfMCi.exe
  2⤵
  PID:668
- C:\Windows\System\JyEgjyU.exe
  C:\Windows\System\JyEgjyU.exe
  2⤵
  PID:2288
- C:\Windows\System\CykQozw.exe
  C:\Windows\System\CykQozw.exe
  2⤵
  PID:116
- C:\Windows\System\YPZzNwW.exe
  C:\Windows\System\YPZzNwW.exe
  2⤵
  PID:4516
- C:\Windows\System\NJfLKKw.exe
  C:\Windows\System\NJfLKKw.exe
  2⤵
  PID:3104
- C:\Windows\System\oLPTzrG.exe
  C:\Windows\System\oLPTzrG.exe
  2⤵
  PID:3672
- C:\Windows\System\ZQQrGQq.exe
  C:\Windows\System\ZQQrGQq.exe
  2⤵
  PID:3780
- C:\Windows\System\CAcTCLf.exe
  C:\Windows\System\CAcTCLf.exe
  2⤵
  PID:4452
- C:\Windows\System\wSjFqlv.exe
  C:\Windows\System\wSjFqlv.exe
  2⤵
  PID:4936
- C:\Windows\System\FexVyuk.exe
  C:\Windows\System\FexVyuk.exe
  2⤵
  PID:2248
- C:\Windows\System\ibpgvbY.exe
  C:\Windows\System\ibpgvbY.exe
  2⤵
  PID:2596
- C:\Windows\System\pLWlngO.exe
  C:\Windows\System\pLWlngO.exe
  2⤵
  PID:5136
- C:\Windows\System\gEIrVnc.exe
  C:\Windows\System\gEIrVnc.exe
  2⤵
  PID:5160
- C:\Windows\System\OgbcVOD.exe
  C:\Windows\System\OgbcVOD.exe
  2⤵
  PID:5184
- C:\Windows\System\AcOmIGJ.exe
  C:\Windows\System\AcOmIGJ.exe
  2⤵
  PID:5208
- C:\Windows\System\gHFdqzz.exe
  C:\Windows\System\gHFdqzz.exe
  2⤵
  PID:5232
- C:\Windows\System\TGAXYZp.exe
  C:\Windows\System\TGAXYZp.exe
  2⤵
  PID:5256
- C:\Windows\System\icEMGQy.exe
  C:\Windows\System\icEMGQy.exe
  2⤵
  PID:5284
- C:\Windows\System\zxlFlQr.exe
  C:\Windows\System\zxlFlQr.exe
  2⤵
  PID:5304
- C:\Windows\System\lTrDCQw.exe
  C:\Windows\System\lTrDCQw.exe
  2⤵
  PID:5332
- C:\Windows\System\XOnbJHq.exe
  C:\Windows\System\XOnbJHq.exe
  2⤵
  PID:5352
- C:\Windows\System\ClffWPU.exe
  C:\Windows\System\ClffWPU.exe
  2⤵
  PID:5376
- C:\Windows\System\vCaPGyx.exe
  C:\Windows\System\vCaPGyx.exe
  2⤵
  PID:5400
- C:\Windows\System\maKgDDm.exe
  C:\Windows\System\maKgDDm.exe
  2⤵
  PID:5428
- C:\Windows\System\LVdnvsw.exe
  C:\Windows\System\LVdnvsw.exe
  2⤵
  PID:5452
- C:\Windows\System\jNbMchv.exe
  C:\Windows\System\jNbMchv.exe
  2⤵
  PID:5472
- C:\Windows\System\xPjGpdn.exe
  C:\Windows\System\xPjGpdn.exe
  2⤵
  PID:5488
- C:\Windows\System\NcMrcsw.exe
  C:\Windows\System\NcMrcsw.exe
  2⤵
  PID:5520
- C:\Windows\System\imERDxC.exe
  C:\Windows\System\imERDxC.exe
  2⤵
  PID:5540
- C:\Windows\System\TmxIrTQ.exe
  C:\Windows\System\TmxIrTQ.exe
  2⤵
  PID:5560
- C:\Windows\System\hFLgNaU.exe
  C:\Windows\System\hFLgNaU.exe
  2⤵
  PID:5592
- C:\Windows\System\TECBiOl.exe
  C:\Windows\System\TECBiOl.exe
  2⤵
  PID:5612
- C:\Windows\System\EMHCMbo.exe
  C:\Windows\System\EMHCMbo.exe
  2⤵
  PID:5636
- C:\Windows\System\bNRXTmf.exe
  C:\Windows\System\bNRXTmf.exe
  2⤵
  PID:5660
- C:\Windows\System\WouEfTN.exe
  C:\Windows\System\WouEfTN.exe
  2⤵
  PID:5680
- C:\Windows\System\YYLQpMY.exe
  C:\Windows\System\YYLQpMY.exe
  2⤵
  PID:5700
- C:\Windows\System\yMOkCBR.exe
  C:\Windows\System\yMOkCBR.exe
  2⤵
  PID:5724
- C:\Windows\System\rqTRgcd.exe
  C:\Windows\System\rqTRgcd.exe
  2⤵
  PID:5744
- C:\Windows\System\AHBhHyt.exe
  C:\Windows\System\AHBhHyt.exe
  2⤵
  PID:5764
- C:\Windows\System\GnfnIDs.exe
  C:\Windows\System\GnfnIDs.exe
  2⤵
  PID:5792
- C:\Windows\System\uLEiyOe.exe
  C:\Windows\System\uLEiyOe.exe
  2⤵
  PID:5816
- C:\Windows\System\QZrFNdR.exe
  C:\Windows\System\QZrFNdR.exe
  2⤵
  PID:5836
- C:\Windows\System\QxBJZrZ.exe
  C:\Windows\System\QxBJZrZ.exe
  2⤵
  PID:5860
- C:\Windows\System\DcAOXhC.exe
  C:\Windows\System\DcAOXhC.exe
  2⤵
  PID:5888
- C:\Windows\System\YIsYjKF.exe
  C:\Windows\System\YIsYjKF.exe
  2⤵
  PID:5912
- C:\Windows\System\yAlSMUS.exe
  C:\Windows\System\yAlSMUS.exe
  2⤵
  PID:5940
- C:\Windows\System\knulpjs.exe
  C:\Windows\System\knulpjs.exe
  2⤵
  PID:5960
- C:\Windows\System\pLjCLWr.exe
  C:\Windows\System\pLjCLWr.exe
  2⤵
  PID:5980
- C:\Windows\System\RXqWFgL.exe
  C:\Windows\System\RXqWFgL.exe
  2⤵
  PID:6004
- C:\Windows\System\XqGebUa.exe
  C:\Windows\System\XqGebUa.exe
  2⤵
  PID:6028
- C:\Windows\System\wotwrSO.exe
  C:\Windows\System\wotwrSO.exe
  2⤵
  PID:6048
- C:\Windows\System\npEzWgV.exe
  C:\Windows\System\npEzWgV.exe
  2⤵
  PID:6080
- C:\Windows\System\flqAnQC.exe
  C:\Windows\System\flqAnQC.exe
  2⤵
  PID:6100
- C:\Windows\System\XhikIdi.exe
  C:\Windows\System\XhikIdi.exe
  2⤵
  PID:6124
- C:\Windows\System\JsFhcEN.exe
  C:\Windows\System\JsFhcEN.exe
  2⤵
  PID:2560
- C:\Windows\System\olWYMcf.exe
  C:\Windows\System\olWYMcf.exe
  2⤵
  PID:5124
- C:\Windows\System\CyfESIE.exe
  C:\Windows\System\CyfESIE.exe
  2⤵
  PID:864
- C:\Windows\System\RrUGMjG.exe
  C:\Windows\System\RrUGMjG.exe
  2⤵
  PID:2412
- C:\Windows\System\xsmxzFX.exe
  C:\Windows\System\xsmxzFX.exe
  2⤵
  PID:5276
- C:\Windows\System\dkINwFz.exe
  C:\Windows\System\dkINwFz.exe
  2⤵
  PID:5316
- C:\Windows\System\ijyUPkp.exe
  C:\Windows\System\ijyUPkp.exe
  2⤵
  PID:5384
- C:\Windows\System\vaFumzt.exe
  C:\Windows\System\vaFumzt.exe
  2⤵
  PID:5436
- C:\Windows\System\qEwUFQP.exe
  C:\Windows\System\qEwUFQP.exe
  2⤵
  PID:4800
- C:\Windows\System\qvdSQdu.exe
  C:\Windows\System\qvdSQdu.exe
  2⤵
  PID:5248
- C:\Windows\System\AGAHtTN.exe
  C:\Windows\System\AGAHtTN.exe
  2⤵
  PID:5344
- C:\Windows\System\kYtyZUy.exe
  C:\Windows\System\kYtyZUy.exe
  2⤵
  PID:5620
- C:\Windows\System\gNAfVwQ.exe
  C:\Windows\System\gNAfVwQ.exe
  2⤵
  PID:5668
- C:\Windows\System\DzFbkeT.exe
  C:\Windows\System\DzFbkeT.exe
  2⤵
  PID:5324
- C:\Windows\System\BuSYhDb.exe
  C:\Windows\System\BuSYhDb.exe
  2⤵
  PID:5556
- C:\Windows\System\TTVxnpA.exe
  C:\Windows\System\TTVxnpA.exe
  2⤵
  PID:5884
- C:\Windows\System\OtesTjl.exe
  C:\Windows\System\OtesTjl.exe
  2⤵
  PID:5976
- C:\Windows\System\INtqsLh.exe
  C:\Windows\System\INtqsLh.exe
  2⤵
  PID:5772
- C:\Windows\System\ogflsbP.exe
  C:\Windows\System\ogflsbP.exe
  2⤵
  PID:5824
- C:\Windows\System\GmjfgjQ.exe
  C:\Windows\System\GmjfgjQ.exe
  2⤵
  PID:5832
- C:\Windows\System\qqTaxxx.exe
  C:\Windows\System\qqTaxxx.exe
  2⤵
  PID:5848
- C:\Windows\System\AqZwFyK.exe
  C:\Windows\System\AqZwFyK.exe
  2⤵
  PID:1828
- C:\Windows\System\bHCkPbq.exe
  C:\Windows\System\bHCkPbq.exe
  2⤵
  PID:5368
- C:\Windows\System\gLPUCri.exe
  C:\Windows\System\gLPUCri.exe
  2⤵
  PID:6148
- C:\Windows\System\UikuKPU.exe
  C:\Windows\System\UikuKPU.exe
  2⤵
  PID:6172
- C:\Windows\System\iMOidBU.exe
  C:\Windows\System\iMOidBU.exe
  2⤵
  PID:6188
- C:\Windows\System\mBFcrFG.exe
  C:\Windows\System\mBFcrFG.exe
  2⤵
  PID:6212
- C:\Windows\System\tWqjhpl.exe
  C:\Windows\System\tWqjhpl.exe
  2⤵
  PID:6244
- C:\Windows\System\VQHkLXQ.exe
  C:\Windows\System\VQHkLXQ.exe
  2⤵
  PID:6264
- C:\Windows\System\aobYcKZ.exe
  C:\Windows\System\aobYcKZ.exe
  2⤵
  PID:6288
- C:\Windows\System\hWiIRKl.exe
  C:\Windows\System\hWiIRKl.exe
  2⤵
  PID:6312
- C:\Windows\System\QAmYamS.exe
  C:\Windows\System\QAmYamS.exe
  2⤵
  PID:6332
- C:\Windows\System\zsRJjQt.exe
  C:\Windows\System\zsRJjQt.exe
  2⤵
  PID:6352
- C:\Windows\System\iAyNCMO.exe
  C:\Windows\System\iAyNCMO.exe
  2⤵
  PID:6388
- C:\Windows\System\UqWjNgC.exe
  C:\Windows\System\UqWjNgC.exe
  2⤵
  PID:6412
- C:\Windows\System\snrcWOQ.exe
  C:\Windows\System\snrcWOQ.exe
  2⤵
  PID:6436
- C:\Windows\System\DaPtASr.exe
  C:\Windows\System\DaPtASr.exe
  2⤵
  PID:6460
- C:\Windows\System\JTaPYBs.exe
  C:\Windows\System\JTaPYBs.exe
  2⤵
  PID:6480
- C:\Windows\System\dmMtyea.exe
  C:\Windows\System\dmMtyea.exe
  2⤵
  PID:6504
- C:\Windows\System\hnzAdua.exe
  C:\Windows\System\hnzAdua.exe
  2⤵
  PID:6528
- C:\Windows\System\mJITAjy.exe
  C:\Windows\System\mJITAjy.exe
  2⤵
  PID:6552
- C:\Windows\System\IusAtXA.exe
  C:\Windows\System\IusAtXA.exe
  2⤵
  PID:6572
- C:\Windows\System\OtUuSce.exe
  C:\Windows\System\OtUuSce.exe
  2⤵
  PID:6592
- C:\Windows\System\QvWxjIN.exe
  C:\Windows\System\QvWxjIN.exe
  2⤵
  PID:6620
- C:\Windows\System\dNzwDOb.exe
  C:\Windows\System\dNzwDOb.exe
  2⤵
  PID:6644
- C:\Windows\System\lsodfUX.exe
  C:\Windows\System\lsodfUX.exe
  2⤵
  PID:6664
- C:\Windows\System\YgKBWbZ.exe
  C:\Windows\System\YgKBWbZ.exe
  2⤵
  PID:6688
- C:\Windows\System\qlfTVmX.exe
  C:\Windows\System\qlfTVmX.exe
  2⤵
  PID:6708
- C:\Windows\System\SMDKRmh.exe
  C:\Windows\System\SMDKRmh.exe
  2⤵
  PID:6736
- C:\Windows\System\Upzcyeh.exe
  C:\Windows\System\Upzcyeh.exe
  2⤵
  PID:6764
- C:\Windows\System\gOVMTao.exe
  C:\Windows\System\gOVMTao.exe
  2⤵
  PID:6784
- C:\Windows\System\ffrOOtX.exe
  C:\Windows\System\ffrOOtX.exe
  2⤵
  PID:6808
- C:\Windows\System\tmWLRsi.exe
  C:\Windows\System\tmWLRsi.exe
  2⤵
  PID:6832
- C:\Windows\System\blSIqHu.exe
  C:\Windows\System\blSIqHu.exe
  2⤵
  PID:6852
- C:\Windows\System\DZofuBO.exe
  C:\Windows\System\DZofuBO.exe
  2⤵
  PID:6876
- C:\Windows\System\OPdwwfY.exe
  C:\Windows\System\OPdwwfY.exe
  2⤵
  PID:6892
- C:\Windows\System\kXfAEba.exe
  C:\Windows\System\kXfAEba.exe
  2⤵
  PID:6924
- C:\Windows\System\nbgsTdh.exe
  C:\Windows\System\nbgsTdh.exe
  2⤵
  PID:6944
- C:\Windows\System\AdViJgI.exe
  C:\Windows\System\AdViJgI.exe
  2⤵
  PID:6972
- C:\Windows\System\gZwlUmm.exe
  C:\Windows\System\gZwlUmm.exe
  2⤵
  PID:6992
- C:\Windows\System\owzQEKh.exe
  C:\Windows\System\owzQEKh.exe
  2⤵
  PID:7100
- C:\Windows\System\CbgCMIg.exe
  C:\Windows\System\CbgCMIg.exe
  2⤵
  PID:7120
- C:\Windows\System\jpcxpsG.exe
  C:\Windows\System\jpcxpsG.exe
  2⤵
  PID:7144
- C:\Windows\System\BqrVYMR.exe
  C:\Windows\System\BqrVYMR.exe
  2⤵
  PID:7164
- C:\Windows\System\eOgLHfW.exe
  C:\Windows\System\eOgLHfW.exe
  2⤵
  PID:5720
- C:\Windows\System\HRDcrfe.exe
  C:\Windows\System\HRDcrfe.exe
  2⤵
  PID:5312
- C:\Windows\System\pRVtoSJ.exe
  C:\Windows\System\pRVtoSJ.exe
  2⤵
  PID:5024
- C:\Windows\System\JLaZfYy.exe
  C:\Windows\System\JLaZfYy.exe
  2⤵
  PID:5948
- C:\Windows\System\zSRMgye.exe
  C:\Windows\System\zSRMgye.exe
  2⤵
  PID:6016
- C:\Windows\System\OiJIZTm.exe
  C:\Windows\System\OiJIZTm.exe
  2⤵
  PID:6204
- C:\Windows\System\VaPuDTk.exe
  C:\Windows\System\VaPuDTk.exe
  2⤵
  PID:3380
- C:\Windows\System\klrbbgJ.exe
  C:\Windows\System\klrbbgJ.exe
  2⤵
  PID:5740
- C:\Windows\System\zOSYxMk.exe
  C:\Windows\System\zOSYxMk.exe
  2⤵
  PID:6360
- C:\Windows\System\gNCBxDu.exe
  C:\Windows\System\gNCBxDu.exe
  2⤵
  PID:6372
- C:\Windows\System\KmouVUz.exe
  C:\Windows\System\KmouVUz.exe
  2⤵
  PID:5300
- C:\Windows\System\nOqkYPB.exe
  C:\Windows\System\nOqkYPB.exe
  2⤵
  PID:6432
- C:\Windows\System\iaWxJxT.exe
  C:\Windows\System\iaWxJxT.exe
  2⤵
  PID:6180
- C:\Windows\System\HMPKWUD.exe
  C:\Windows\System\HMPKWUD.exe
  2⤵
  PID:6476
- C:\Windows\System\pjVzfys.exe
  C:\Windows\System\pjVzfys.exe
  2⤵
  PID:6584
- C:\Windows\System\nNhzZzl.exe
  C:\Windows\System\nNhzZzl.exe
  2⤵
  PID:5852
- C:\Windows\System\ZycRMTx.exe
  C:\Windows\System\ZycRMTx.exe
  2⤵
  PID:6256
- C:\Windows\System\GljOeqc.exe
  C:\Windows\System\GljOeqc.exe
  2⤵
  PID:6344
- C:\Windows\System\SYhEIYr.exe
  C:\Windows\System\SYhEIYr.exe
  2⤵
  PID:6452
- C:\Windows\System\kKtStTU.exe
  C:\Windows\System\kKtStTU.exe
  2⤵
  PID:6776
- C:\Windows\System\rGOQNaV.exe
  C:\Windows\System\rGOQNaV.exe
  2⤵
  PID:6676
- C:\Windows\System\IyeqeIi.exe
  C:\Windows\System\IyeqeIi.exe
  2⤵
  PID:6792
- C:\Windows\System\kVEGOFe.exe
  C:\Windows\System\kVEGOFe.exe
  2⤵
  PID:6488
- C:\Windows\System\bfMsOkG.exe
  C:\Windows\System\bfMsOkG.exe
  2⤵
  PID:6548
- C:\Windows\System\zRurBeh.exe
  C:\Windows\System\zRurBeh.exe
  2⤵
  PID:7196
- C:\Windows\System\KAfJolr.exe
  C:\Windows\System\KAfJolr.exe
  2⤵
  PID:7224
- C:\Windows\System\ymjcMNs.exe
  C:\Windows\System\ymjcMNs.exe
  2⤵
  PID:7244
- C:\Windows\System\jhDuAUZ.exe
  C:\Windows\System\jhDuAUZ.exe
  2⤵
  PID:7264
- C:\Windows\System\rZOKvpV.exe
  C:\Windows\System\rZOKvpV.exe
  2⤵
  PID:7292
- C:\Windows\System\EPQNtsu.exe
  C:\Windows\System\EPQNtsu.exe
  2⤵
  PID:7316
- C:\Windows\System\SuQNiCV.exe
  C:\Windows\System\SuQNiCV.exe
  2⤵
  PID:7340
- C:\Windows\System\vMaNwch.exe
  C:\Windows\System\vMaNwch.exe
  2⤵
  PID:7368
- C:\Windows\System\aqUAELG.exe
  C:\Windows\System\aqUAELG.exe
  2⤵
  PID:7396
- C:\Windows\System\wjdEVfs.exe
  C:\Windows\System\wjdEVfs.exe
  2⤵
  PID:7416
- C:\Windows\System\ZyNmDoE.exe
  C:\Windows\System\ZyNmDoE.exe
  2⤵
  PID:7440
- C:\Windows\System\QlbJlSz.exe
  C:\Windows\System\QlbJlSz.exe
  2⤵
  PID:7456
- C:\Windows\System\VYNgHKy.exe
  C:\Windows\System\VYNgHKy.exe
  2⤵
  PID:7480
- C:\Windows\System\fRJtPSf.exe
  C:\Windows\System\fRJtPSf.exe
  2⤵
  PID:7508
- C:\Windows\System\MvwZDsM.exe
  C:\Windows\System\MvwZDsM.exe
  2⤵
  PID:7528
- C:\Windows\System\IrivmBr.exe
  C:\Windows\System\IrivmBr.exe
  2⤵
  PID:7548
- C:\Windows\System\VCMWQDR.exe
  C:\Windows\System\VCMWQDR.exe
  2⤵
  PID:7584
- C:\Windows\System\LMNPEug.exe
  C:\Windows\System\LMNPEug.exe
  2⤵
  PID:7608
- C:\Windows\System\pBTlDBY.exe
  C:\Windows\System\pBTlDBY.exe
  2⤵
  PID:7640
- C:\Windows\System\cBWEkxN.exe
  C:\Windows\System\cBWEkxN.exe
  2⤵
  PID:7664
- C:\Windows\System\yDGIKVn.exe
  C:\Windows\System\yDGIKVn.exe
  2⤵
  PID:7688
- C:\Windows\System\bTulRwN.exe
  C:\Windows\System\bTulRwN.exe
  2⤵
  PID:7720
- C:\Windows\System\RVlwoPC.exe
  C:\Windows\System\RVlwoPC.exe
  2⤵
  PID:7744
- C:\Windows\System\GHOEoYQ.exe
  C:\Windows\System\GHOEoYQ.exe
  2⤵
  PID:7764
- C:\Windows\System\HdpslTu.exe
  C:\Windows\System\HdpslTu.exe
  2⤵
  PID:7788
- C:\Windows\System\xQCHIDf.exe
  C:\Windows\System\xQCHIDf.exe
  2⤵
  PID:7808
- C:\Windows\System\EjHkHCe.exe
  C:\Windows\System\EjHkHCe.exe
  2⤵
  PID:7832
- C:\Windows\System\VmjfUzL.exe
  C:\Windows\System\VmjfUzL.exe
  2⤵
  PID:7860
- C:\Windows\System\uqUwvOz.exe
  C:\Windows\System\uqUwvOz.exe
  2⤵
  PID:7880
- C:\Windows\System\XpWqsVe.exe
  C:\Windows\System\XpWqsVe.exe
  2⤵
  PID:7904
- C:\Windows\System\EBXUNyo.exe
  C:\Windows\System\EBXUNyo.exe
  2⤵
  PID:7928
- C:\Windows\System\nVgaDqF.exe
  C:\Windows\System\nVgaDqF.exe
  2⤵
  PID:7952
- C:\Windows\System\OXrbDdN.exe
  C:\Windows\System\OXrbDdN.exe
  2⤵
  PID:7972
- C:\Windows\System\sEkbtBI.exe
  C:\Windows\System\sEkbtBI.exe
  2⤵
  PID:7996
- C:\Windows\System\gFnuIYh.exe
  C:\Windows\System\gFnuIYh.exe
  2⤵
  PID:8020
- C:\Windows\System\LcNmdfD.exe
  C:\Windows\System\LcNmdfD.exe
  2⤵
  PID:8040
- C:\Windows\System\UifoArk.exe
  C:\Windows\System\UifoArk.exe
  2⤵
  PID:8060
- C:\Windows\System\ynLMkMH.exe
  C:\Windows\System\ynLMkMH.exe
  2⤵
  PID:8084
- C:\Windows\System\WpGLdJi.exe
  C:\Windows\System\WpGLdJi.exe
  2⤵
  PID:8112
- C:\Windows\System\EOmYAvH.exe
  C:\Windows\System\EOmYAvH.exe
  2⤵
  PID:8132
- C:\Windows\System\TNbemEt.exe
  C:\Windows\System\TNbemEt.exe
  2⤵
  PID:8152
- C:\Windows\System\INcRfZP.exe
  C:\Windows\System\INcRfZP.exe
  2⤵
  PID:8176
- C:\Windows\System\NRRhJrQ.exe
  C:\Windows\System\NRRhJrQ.exe
  2⤵
  PID:6988
- C:\Windows\System\InXdWuY.exe
  C:\Windows\System\InXdWuY.exe
  2⤵
  PID:6864
- C:\Windows\System\ZXxKcHK.exe
  C:\Windows\System\ZXxKcHK.exe
  2⤵
  PID:6816
- C:\Windows\System\Xqnadsl.exe
  C:\Windows\System\Xqnadsl.exe
  2⤵
  PID:7160
- C:\Windows\System\GQthTRR.exe
  C:\Windows\System\GQthTRR.exe
  2⤵
  PID:6140
- C:\Windows\System\hqLoLBI.exe
  C:\Windows\System\hqLoLBI.exe
  2⤵
  PID:6828
- C:\Windows\System\qFsymDu.exe
  C:\Windows\System\qFsymDu.exe
  2⤵
  PID:5116
- C:\Windows\System\dqYuWUz.exe
  C:\Windows\System\dqYuWUz.exe
  2⤵
  PID:5692
- C:\Windows\System\NlqxjBF.exe
  C:\Windows\System\NlqxjBF.exe
  2⤵
  PID:7004
- C:\Windows\System\bEeUMBG.exe
  C:\Windows\System\bEeUMBG.exe
  2⤵
  PID:6820
- C:\Windows\System\ZmWyfGl.exe
  C:\Windows\System\ZmWyfGl.exe
  2⤵
  PID:7088
- C:\Windows\System\nUacHes.exe
  C:\Windows\System\nUacHes.exe
  2⤵
  PID:7096
- C:\Windows\System\zMUmzHy.exe
  C:\Windows\System\zMUmzHy.exe
  2⤵
  PID:7376
- C:\Windows\System\LeCvaNy.exe
  C:\Windows\System\LeCvaNy.exe
  2⤵
  PID:7412
- C:\Windows\System\TQOQtaP.exe
  C:\Windows\System\TQOQtaP.exe
  2⤵
  PID:6092
- C:\Windows\System\WVsLYOx.exe
  C:\Windows\System\WVsLYOx.exe
  2⤵
  PID:7520
- C:\Windows\System\XCAarCP.exe
  C:\Windows\System\XCAarCP.exe
  2⤵
  PID:6160
- C:\Windows\System\iOOSgoq.exe
  C:\Windows\System\iOOSgoq.exe
  2⤵
  PID:7600
- C:\Windows\System\ZRLAVgq.exe
  C:\Windows\System\ZRLAVgq.exe
  2⤵
  PID:6304
- C:\Windows\System\pplDxKx.exe
  C:\Windows\System\pplDxKx.exe
  2⤵
  PID:7184
- C:\Windows\System\pwqxuRj.exe
  C:\Windows\System\pwqxuRj.exe
  2⤵
  PID:7232
- C:\Windows\System\qBgKMBJ.exe
  C:\Windows\System\qBgKMBJ.exe
  2⤵
  PID:7280
- C:\Windows\System\VroZdzz.exe
  C:\Windows\System\VroZdzz.exe
  2⤵
  PID:5244
- C:\Windows\System\QxTArTw.exe
  C:\Windows\System\QxTArTw.exe
  2⤵
  PID:5972
- C:\Windows\System\KVPTwtt.exe
  C:\Windows\System\KVPTwtt.exe
  2⤵
  PID:7920
- C:\Windows\System\bZMfHmE.exe
  C:\Windows\System\bZMfHmE.exe
  2⤵
  PID:7964
- C:\Windows\System\ijbyOkq.exe
  C:\Windows\System\ijbyOkq.exe
  2⤵
  PID:7488
- C:\Windows\System\yAXsUKW.exe
  C:\Windows\System\yAXsUKW.exe
  2⤵
  PID:7540
- C:\Windows\System\SSFUcla.exe
  C:\Windows\System\SSFUcla.exe
  2⤵
  PID:6168
- C:\Windows\System\ejkooHr.exe
  C:\Windows\System\ejkooHr.exe
  2⤵
  PID:7596
- C:\Windows\System\gdPfKGG.exe
  C:\Windows\System\gdPfKGG.exe
  2⤵
  PID:8204
- C:\Windows\System\sBMLNkv.exe
  C:\Windows\System\sBMLNkv.exe
  2⤵
  PID:8220
- C:\Windows\System\zDCsiEW.exe
  C:\Windows\System\zDCsiEW.exe
  2⤵
  PID:8244
- C:\Windows\System\ewezNUs.exe
  C:\Windows\System\ewezNUs.exe
  2⤵
  PID:8268
- C:\Windows\System\YHFFYfh.exe
  C:\Windows\System\YHFFYfh.exe
  2⤵
  PID:8296
- C:\Windows\System\swyTQDl.exe
  C:\Windows\System\swyTQDl.exe
  2⤵
  PID:8316
- C:\Windows\System\AbTjcZH.exe
  C:\Windows\System\AbTjcZH.exe
  2⤵
  PID:8340
- C:\Windows\System\vpHGBUs.exe
  C:\Windows\System\vpHGBUs.exe
  2⤵
  PID:8368
- C:\Windows\System\YaLupMq.exe
  C:\Windows\System\YaLupMq.exe
  2⤵
  PID:8388
- C:\Windows\System\ZhyUXcO.exe
  C:\Windows\System\ZhyUXcO.exe
  2⤵
  PID:8408
- C:\Windows\System\MbIjOyO.exe
  C:\Windows\System\MbIjOyO.exe
  2⤵
  PID:8436
- C:\Windows\System\qnSEagr.exe
  C:\Windows\System\qnSEagr.exe
  2⤵
  PID:8460
- C:\Windows\System\XTGKYUE.exe
  C:\Windows\System\XTGKYUE.exe
  2⤵
  PID:8480
- C:\Windows\System\GnfBlQj.exe
  C:\Windows\System\GnfBlQj.exe
  2⤵
  PID:8516
- C:\Windows\System\cmvklyZ.exe
  C:\Windows\System\cmvklyZ.exe
  2⤵
  PID:8536
- C:\Windows\System\KuCoKpZ.exe
  C:\Windows\System\KuCoKpZ.exe
  2⤵
  PID:8564
- C:\Windows\System\eOeQNjB.exe
  C:\Windows\System\eOeQNjB.exe
  2⤵
  PID:8588
- C:\Windows\System\AqFTPnT.exe
  C:\Windows\System\AqFTPnT.exe
  2⤵
  PID:8604
- C:\Windows\System\oqfcpSn.exe
  C:\Windows\System\oqfcpSn.exe
  2⤵
  PID:8632
- C:\Windows\System\qsqCPMk.exe
  C:\Windows\System\qsqCPMk.exe
  2⤵
  PID:8656
- C:\Windows\System\wMMUzAf.exe
  C:\Windows\System\wMMUzAf.exe
  2⤵
  PID:8676
- C:\Windows\System\QKHqBfF.exe
  C:\Windows\System\QKHqBfF.exe
  2⤵
  PID:8712
- C:\Windows\System\fazCNZM.exe
  C:\Windows\System\fazCNZM.exe
  2⤵
  PID:8728
- C:\Windows\System\ZAAWNBi.exe
  C:\Windows\System\ZAAWNBi.exe
  2⤵
  PID:8756
- C:\Windows\System\fgOojpu.exe
  C:\Windows\System\fgOojpu.exe
  2⤵
  PID:8780
- C:\Windows\System\QxUAOBi.exe
  C:\Windows\System\QxUAOBi.exe
  2⤵
  PID:8808
- C:\Windows\System\YMaVZsq.exe
  C:\Windows\System\YMaVZsq.exe
  2⤵
  PID:8828
- C:\Windows\System\NnOrXxq.exe
  C:\Windows\System\NnOrXxq.exe
  2⤵
  PID:8856
- C:\Windows\System\BKpKOYW.exe
  C:\Windows\System\BKpKOYW.exe
  2⤵
  PID:8880
- C:\Windows\System\DtGJXId.exe
  C:\Windows\System\DtGJXId.exe
  2⤵
  PID:8904
- C:\Windows\System\rtbTdRx.exe
  C:\Windows\System\rtbTdRx.exe
  2⤵
  PID:8932
- C:\Windows\System\QoyPJWE.exe
  C:\Windows\System\QoyPJWE.exe
  2⤵
  PID:8960
- C:\Windows\System\ePtfyPB.exe
  C:\Windows\System\ePtfyPB.exe
  2⤵
  PID:8976
- C:\Windows\System\UuBDDBB.exe
  C:\Windows\System\UuBDDBB.exe
  2⤵
  PID:9000
- C:\Windows\System\VQvpMdE.exe
  C:\Windows\System\VQvpMdE.exe
  2⤵
  PID:9024
- C:\Windows\System\FHEyGHI.exe
  C:\Windows\System\FHEyGHI.exe
  2⤵
  PID:9052
- C:\Windows\System\cRXjmTx.exe
  C:\Windows\System\cRXjmTx.exe
  2⤵
  PID:9076
- C:\Windows\System\dhCUPFz.exe
  C:\Windows\System\dhCUPFz.exe
  2⤵
  PID:9104
- C:\Windows\System\ureVktT.exe
  C:\Windows\System\ureVktT.exe
  2⤵
  PID:9128
- C:\Windows\System\fVIYpHz.exe
  C:\Windows\System\fVIYpHz.exe
  2⤵
  PID:9148
- C:\Windows\System\XDmZCrZ.exe
  C:\Windows\System\XDmZCrZ.exe
  2⤵
  PID:9172
- C:\Windows\System\tYhTYya.exe
  C:\Windows\System\tYhTYya.exe
  2⤵
  PID:9200
- C:\Windows\System\lmZrYTj.exe
  C:\Windows\System\lmZrYTj.exe
  2⤵
  PID:7676
- C:\Windows\System\LCypcZs.exe
  C:\Windows\System\LCypcZs.exe
  2⤵
  PID:6936
- C:\Windows\System\ovLqMHL.exe
  C:\Windows\System\ovLqMHL.exe
  2⤵
  PID:4072
- C:\Windows\System\IRwJTkM.exe
  C:\Windows\System\IRwJTkM.exe
  2⤵
  PID:6296
- C:\Windows\System\AJGnXOu.exe
  C:\Windows\System\AJGnXOu.exe
  2⤵
  PID:6728
- C:\Windows\System\zkJzyCH.exe
  C:\Windows\System\zkJzyCH.exe
  2⤵
  PID:2704
- C:\Windows\System\QhHojaD.exe
  C:\Windows\System\QhHojaD.exe
  2⤵
  PID:7804
- C:\Windows\System\ACxOUZg.exe
  C:\Windows\System\ACxOUZg.exe
  2⤵
  PID:7052
- C:\Windows\System\KiMvhUu.exe
  C:\Windows\System\KiMvhUu.exe
  2⤵
  PID:7872
- C:\Windows\System\qTnffre.exe
  C:\Windows\System\qTnffre.exe
  2⤵
  PID:7436
- C:\Windows\System\LCqYrKq.exe
  C:\Windows\System\LCqYrKq.exe
  2⤵
  PID:8052
- C:\Windows\System\OOxDrVZ.exe
  C:\Windows\System\OOxDrVZ.exe
  2⤵
  PID:7988
- C:\Windows\System\jfvZjHZ.exe
  C:\Windows\System\jfvZjHZ.exe
  2⤵
  PID:8200
- C:\Windows\System\eGxYBzM.exe
  C:\Windows\System\eGxYBzM.exe
  2⤵
  PID:8384
- C:\Windows\System\BmOMJWv.exe
  C:\Windows\System\BmOMJWv.exe
  2⤵
  PID:7772
- C:\Windows\System\JunNvzG.exe
  C:\Windows\System\JunNvzG.exe
  2⤵
  PID:8476
- C:\Windows\System\iCFuKud.exe
  C:\Windows\System\iCFuKud.exe
  2⤵
  PID:7888
- C:\Windows\System\bANRwBn.exe
  C:\Windows\System\bANRwBn.exe
  2⤵
  PID:8620
- C:\Windows\System\OwZaEoS.exe
  C:\Windows\System\OwZaEoS.exe
  2⤵
  PID:7476
- C:\Windows\System\tHonrEC.exe
  C:\Windows\System\tHonrEC.exe
  2⤵
  PID:6240
- C:\Windows\System\Byrwamy.exe
  C:\Windows\System\Byrwamy.exe
  2⤵
  PID:8028
- C:\Windows\System\qUjabWc.exe
  C:\Windows\System\qUjabWc.exe
  2⤵
  PID:3712
- C:\Windows\System\AfpsAmT.exe
  C:\Windows\System\AfpsAmT.exe
  2⤵
  PID:9228
- C:\Windows\System\MADgFjY.exe
  C:\Windows\System\MADgFjY.exe
  2⤵
  PID:9252
- C:\Windows\System\WbkBVYv.exe
  C:\Windows\System\WbkBVYv.exe
  2⤵
  PID:9272
- C:\Windows\System\yeNzhIi.exe
  C:\Windows\System\yeNzhIi.exe
  2⤵
  PID:9552
- C:\Windows\System\rRNGXgo.exe
  C:\Windows\System\rRNGXgo.exe
  2⤵
  PID:9616
- C:\Windows\System\jtYgjJz.exe
  C:\Windows\System\jtYgjJz.exe
  2⤵
  PID:9636
- C:\Windows\System\IkKNNwx.exe
  C:\Windows\System\IkKNNwx.exe
  2⤵
  PID:9660
- C:\Windows\System\HhBMjgl.exe
  C:\Windows\System\HhBMjgl.exe
  2⤵
  PID:9680
- C:\Windows\System\lbvPqEs.exe
  C:\Windows\System\lbvPqEs.exe
  2⤵
  PID:9704
- C:\Windows\System\injScLi.exe
  C:\Windows\System\injScLi.exe
  2⤵
  PID:9724
- C:\Windows\System\omOswLg.exe
  C:\Windows\System\omOswLg.exe
  2⤵
  PID:9744
- C:\Windows\System\LdKuJpG.exe
  C:\Windows\System\LdKuJpG.exe
  2⤵
  PID:9768
- C:\Windows\System\tigEYjY.exe
  C:\Windows\System\tigEYjY.exe
  2⤵
  PID:9800
- C:\Windows\System\VqVDwJt.exe
  C:\Windows\System\VqVDwJt.exe
  2⤵
  PID:9820
- C:\Windows\System\WbdJomi.exe
  C:\Windows\System\WbdJomi.exe
  2⤵
  PID:9848
- C:\Windows\System\jMYoLsJ.exe
  C:\Windows\System\jMYoLsJ.exe
  2⤵
  PID:9876
- C:\Windows\System\sEbQVEl.exe
  C:\Windows\System\sEbQVEl.exe
  2⤵
  PID:9904
- C:\Windows\System\uBHgzEt.exe
  C:\Windows\System\uBHgzEt.exe
  2⤵
  PID:9924
- C:\Windows\System\pfsXnes.exe
  C:\Windows\System\pfsXnes.exe
  2⤵
  PID:9964
- C:\Windows\System\xepSCjC.exe
  C:\Windows\System\xepSCjC.exe
  2⤵
  PID:9988
- C:\Windows\System\icBwSuv.exe
  C:\Windows\System\icBwSuv.exe
  2⤵
  PID:10012
- C:\Windows\System\eueuECE.exe
  C:\Windows\System\eueuECE.exe
  2⤵
  PID:10040
- C:\Windows\System\dDmoaqS.exe
  C:\Windows\System\dDmoaqS.exe
  2⤵
  PID:10064
- C:\Windows\System\bGalhVb.exe
  C:\Windows\System\bGalhVb.exe
  2⤵
  PID:10088
- C:\Windows\System\fZySDLJ.exe
  C:\Windows\System\fZySDLJ.exe
  2⤵
  PID:10116
- C:\Windows\System\vCkpJKx.exe
  C:\Windows\System\vCkpJKx.exe
  2⤵
  PID:10136
- C:\Windows\System\tgOnQpG.exe
  C:\Windows\System\tgOnQpG.exe
  2⤵
  PID:10156
- C:\Windows\System\tSjmmWz.exe
  C:\Windows\System\tSjmmWz.exe
  2⤵
  PID:10180
- C:\Windows\System\LscwPqg.exe
  C:\Windows\System\LscwPqg.exe
  2⤵
  PID:10204
- C:\Windows\System\BWoeEkm.exe
  C:\Windows\System\BWoeEkm.exe
  2⤵
  PID:10224
- C:\Windows\System\TpYXhvp.exe
  C:\Windows\System\TpYXhvp.exe
  2⤵
  PID:5928
- C:\Windows\System\oUFlKxu.exe
  C:\Windows\System\oUFlKxu.exe
  2⤵
  PID:7896
- C:\Windows\System\DWHMzJT.exe
  C:\Windows\System\DWHMzJT.exe
  2⤵
  PID:6472
- C:\Windows\System\PzJmUYp.exe
  C:\Windows\System\PzJmUYp.exe
  2⤵
  PID:9032
- C:\Windows\System\iFGnKAX.exe
  C:\Windows\System\iFGnKAX.exe
  2⤵
  PID:8212
- C:\Windows\System\RYRoSrd.exe
  C:\Windows\System\RYRoSrd.exe
  2⤵
  PID:8160
- C:\Windows\System\AmvDroP.exe
  C:\Windows\System\AmvDroP.exe
  2⤵
  PID:8336
- C:\Windows\System\EJYcsHl.exe
  C:\Windows\System\EJYcsHl.exe
  2⤵
  PID:8444
- C:\Windows\System\lanfGCf.exe
  C:\Windows\System\lanfGCf.exe
  2⤵
  PID:8556
- C:\Windows\System\ZesLOci.exe
  C:\Windows\System\ZesLOci.exe
  2⤵
  PID:8700
- C:\Windows\System\AyTZEKi.exe
  C:\Windows\System\AyTZEKi.exe
  2⤵
  PID:6324
- C:\Windows\System\ruFujbC.exe
  C:\Windows\System\ruFujbC.exe
  2⤵
  PID:8900
- C:\Windows\System\hJaHTIM.exe
  C:\Windows\System\hJaHTIM.exe
  2⤵
  PID:8948
- C:\Windows\System\xUerFrk.exe
  C:\Windows\System\xUerFrk.exe
  2⤵
  PID:9072
- C:\Windows\System\kzFJPkJ.exe
  C:\Windows\System\kzFJPkJ.exe
  2⤵
  PID:8308
- C:\Windows\System\NJqlRWb.exe
  C:\Windows\System\NJqlRWb.exe
  2⤵
  PID:9376
- C:\Windows\System\LKQsoYP.exe
  C:\Windows\System\LKQsoYP.exe
  2⤵
  PID:8488
- C:\Windows\System\BJKiENj.exe
  C:\Windows\System\BJKiENj.exe
  2⤵
  PID:2368
- C:\Windows\System\DPMgSVc.exe
  C:\Windows\System\DPMgSVc.exe
  2⤵
  PID:8092
- C:\Windows\System\ejlRUiI.exe
  C:\Windows\System\ejlRUiI.exe
  2⤵
  PID:8704
- C:\Windows\System\hJTfOjJ.exe
  C:\Windows\System\hJTfOjJ.exe
  2⤵
  PID:8528
- C:\Windows\System\AXspGFY.exe
  C:\Windows\System\AXspGFY.exe
  2⤵
  PID:8796
- C:\Windows\System\StCnfUR.exe
  C:\Windows\System\StCnfUR.exe
  2⤵
  PID:7732
- C:\Windows\System\sNzzkDb.exe
  C:\Windows\System\sNzzkDb.exe
  2⤵
  PID:9236
- C:\Windows\System\pGjngTa.exe
  C:\Windows\System\pGjngTa.exe
  2⤵
  PID:4504
- C:\Windows\System\HoDhVcO.exe
  C:\Windows\System\HoDhVcO.exe
  2⤵
  PID:9268
- C:\Windows\System\QVrEaTZ.exe
  C:\Windows\System\QVrEaTZ.exe
  2⤵
  PID:9096
- C:\Windows\System\dDvngZm.exe
  C:\Windows\System\dDvngZm.exe
  2⤵
  PID:9136
- C:\Windows\System\ARcrnCZ.exe
  C:\Windows\System\ARcrnCZ.exe
  2⤵
  PID:9184
- C:\Windows\System\ADWZBPx.exe
  C:\Windows\System\ADWZBPx.exe
  2⤵
  PID:9760
- C:\Windows\System\CUWiQfm.exe
  C:\Windows\System\CUWiQfm.exe
  2⤵
  PID:9836
- C:\Windows\System\JdCZTTu.exe
  C:\Windows\System\JdCZTTu.exe
  2⤵
  PID:10248
- C:\Windows\System\uGnMVwW.exe
  C:\Windows\System\uGnMVwW.exe
  2⤵
  PID:10276
- C:\Windows\System\WscIlZR.exe
  C:\Windows\System\WscIlZR.exe
  2⤵
  PID:10300
- C:\Windows\System\zKjnvcF.exe
  C:\Windows\System\zKjnvcF.exe
  2⤵
  PID:10328
- C:\Windows\System\KvxSuAj.exe
  C:\Windows\System\KvxSuAj.exe
  2⤵
  PID:10352
- C:\Windows\System\txIlycc.exe
  C:\Windows\System\txIlycc.exe
  2⤵
  PID:10380
- C:\Windows\System\qRQrqmy.exe
  C:\Windows\System\qRQrqmy.exe
  2⤵
  PID:10400
- C:\Windows\System\rgQiVhb.exe
  C:\Windows\System\rgQiVhb.exe
  2⤵
  PID:10428
- C:\Windows\System\OYUAObp.exe
  C:\Windows\System\OYUAObp.exe
  2⤵
  PID:10456
- C:\Windows\System\yVdVUBH.exe
  C:\Windows\System\yVdVUBH.exe
  2⤵
  PID:10484
- C:\Windows\System\gvNAHXl.exe
  C:\Windows\System\gvNAHXl.exe
  2⤵
  PID:10508
- C:\Windows\System\YcKakqY.exe
  C:\Windows\System\YcKakqY.exe
  2⤵
  PID:10536
- C:\Windows\System\alMeJpr.exe
  C:\Windows\System\alMeJpr.exe
  2⤵
  PID:10560
- C:\Windows\System\EwBMJZN.exe
  C:\Windows\System\EwBMJZN.exe
  2⤵
  PID:10592
- C:\Windows\System\GIlEMcX.exe
  C:\Windows\System\GIlEMcX.exe
  2⤵
  PID:10612
- C:\Windows\System\LaHtaKA.exe
  C:\Windows\System\LaHtaKA.exe
  2⤵
  PID:10636
- C:\Windows\System\RDAdVlP.exe
  C:\Windows\System\RDAdVlP.exe
  2⤵
  PID:10660
- C:\Windows\System\fFjDLwo.exe
  C:\Windows\System\fFjDLwo.exe
  2⤵
  PID:10688
- C:\Windows\System\oTjCDSZ.exe
  C:\Windows\System\oTjCDSZ.exe
  2⤵
  PID:10716
- C:\Windows\System\BtshnAv.exe
  C:\Windows\System\BtshnAv.exe
  2⤵
  PID:10740
- C:\Windows\System\bUBafwM.exe
  C:\Windows\System\bUBafwM.exe
  2⤵
  PID:10760
- C:\Windows\System\OzktemV.exe
  C:\Windows\System\OzktemV.exe
  2⤵
  PID:10784
- C:\Windows\System\bpAGGfH.exe
  C:\Windows\System\bpAGGfH.exe
  2⤵
  PID:10808
- C:\Windows\System\KuoKogK.exe
  C:\Windows\System\KuoKogK.exe
  2⤵
  PID:10832
- C:\Windows\System\MwDNKYL.exe
  C:\Windows\System\MwDNKYL.exe
  2⤵
  PID:10852
- C:\Windows\System\iwANbOZ.exe
  C:\Windows\System\iwANbOZ.exe
  2⤵
  PID:10876
- C:\Windows\System\mGtAIEz.exe
  C:\Windows\System\mGtAIEz.exe
  2⤵
  PID:10896
- C:\Windows\System\piVIYvu.exe
  C:\Windows\System\piVIYvu.exe
  2⤵
  PID:10920
- C:\Windows\System\sDnnAJx.exe
  C:\Windows\System\sDnnAJx.exe
  2⤵
  PID:10936
- C:\Windows\System\DGMEDFi.exe
  C:\Windows\System\DGMEDFi.exe
  2⤵
  PID:10984
- C:\Windows\System\cqLilch.exe
  C:\Windows\System\cqLilch.exe
  2⤵
  PID:11004
- C:\Windows\System\CEhYOry.exe
  C:\Windows\System\CEhYOry.exe
  2⤵
  PID:11024
- C:\Windows\System\vEXxYMk.exe
  C:\Windows\System\vEXxYMk.exe
  2⤵
  PID:11048
- C:\Windows\System\pFdIyPu.exe
  C:\Windows\System\pFdIyPu.exe
  2⤵
  PID:11068
- C:\Windows\System\wmgiFQH.exe
  C:\Windows\System\wmgiFQH.exe
  2⤵
  PID:11096
- C:\Windows\System\YoorNcK.exe
  C:\Windows\System\YoorNcK.exe
  2⤵
  PID:11116
- C:\Windows\System\ETSjpcW.exe
  C:\Windows\System\ETSjpcW.exe
  2⤵
  PID:11144
- C:\Windows\System\fkGZaum.exe
  C:\Windows\System\fkGZaum.exe
  2⤵
  PID:11176
- C:\Windows\System\YliXzEz.exe
  C:\Windows\System\YliXzEz.exe
  2⤵
  PID:11196
- C:\Windows\System\wgIqqBi.exe
  C:\Windows\System\wgIqqBi.exe
  2⤵
  PID:11224
- C:\Windows\System\IkjAEUr.exe
  C:\Windows\System\IkjAEUr.exe
  2⤵
  PID:11240
- C:\Windows\System\vlLplmt.exe
  C:\Windows\System\vlLplmt.exe
  2⤵
  PID:7800
- C:\Windows\System\whMumdw.exe
  C:\Windows\System\whMumdw.exe
  2⤵
  PID:7824
- C:\Windows\System\fxYKGPd.exe
  C:\Windows\System\fxYKGPd.exe
  2⤵
  PID:7380
- C:\Windows\System\TkequWw.exe
  C:\Windows\System\TkequWw.exe
  2⤵
  PID:10060
- C:\Windows\System\uGIHxCp.exe
  C:\Windows\System\uGIHxCp.exe
  2⤵
  PID:10132
- C:\Windows\System\SHFOOkC.exe
  C:\Windows\System\SHFOOkC.exe
  2⤵
  PID:1732
- C:\Windows\System\ZtusZpz.exe
  C:\Windows\System\ZtusZpz.exe
  2⤵
  PID:8672
- C:\Windows\System\sXfUdFj.exe
  C:\Windows\System\sXfUdFj.exe
  2⤵
  PID:8232
- C:\Windows\System\anWvVTy.exe
  C:\Windows\System\anWvVTy.exe
  2⤵
  PID:9224
- C:\Windows\System\mDEsojD.exe
  C:\Windows\System\mDEsojD.exe
  2⤵
  PID:6796
- C:\Windows\System\tEgyGOD.exe
  C:\Windows\System\tEgyGOD.exe
  2⤵
  PID:9300
- C:\Windows\System\dgFqQMm.exe
  C:\Windows\System\dgFqQMm.exe
  2⤵
  PID:9316
- C:\Windows\System\ZVjTFBA.exe
  C:\Windows\System\ZVjTFBA.exe
  2⤵
  PID:9452
- C:\Windows\System\ewQhnJn.exe
  C:\Windows\System\ewQhnJn.exe
  2⤵
  PID:7760
- C:\Windows\System\ZDERCKp.exe
  C:\Windows\System\ZDERCKp.exe
  2⤵
  PID:3440
- C:\Windows\System\CCepzWK.exe
  C:\Windows\System\CCepzWK.exe
  2⤵
  PID:9696
- C:\Windows\System\FNYdRik.exe
  C:\Windows\System\FNYdRik.exe
  2⤵
  PID:9860
- C:\Windows\System\QZzVLtZ.exe
  C:\Windows\System\QZzVLtZ.exe
  2⤵
  PID:10268
- C:\Windows\System\SATCvbA.exe
  C:\Windows\System\SATCvbA.exe
  2⤵
  PID:10100
- C:\Windows\System\IUiixpT.exe
  C:\Windows\System\IUiixpT.exe
  2⤵
  PID:10172
- C:\Windows\System\aPNwjzx.exe
  C:\Windows\System\aPNwjzx.exe
  2⤵
  PID:10440
- C:\Windows\System\lfGFCfk.exe
  C:\Windows\System\lfGFCfk.exe
  2⤵
  PID:8996
- C:\Windows\System\vhvgWux.exe
  C:\Windows\System\vhvgWux.exe
  2⤵
  PID:7236
- C:\Windows\System\NUGqHhl.exe
  C:\Windows\System\NUGqHhl.exe
  2⤵
  PID:10568
- C:\Windows\System\pGgmtNJ.exe
  C:\Windows\System\pGgmtNJ.exe
  2⤵
  PID:11288
- C:\Windows\System\LFelWpe.exe
  C:\Windows\System\LFelWpe.exe
  2⤵
  PID:11312
- C:\Windows\System\hpEKLwd.exe
  C:\Windows\System\hpEKLwd.exe
  2⤵
  PID:11336
- C:\Windows\System\KVzxInD.exe
  C:\Windows\System\KVzxInD.exe
  2⤵
  PID:11352
- C:\Windows\System\ZNFoeho.exe
  C:\Windows\System\ZNFoeho.exe
  2⤵
  PID:11376
- C:\Windows\System\QUKNzXI.exe
  C:\Windows\System\QUKNzXI.exe
  2⤵
  PID:11404
- C:\Windows\System\neMxKSR.exe
  C:\Windows\System\neMxKSR.exe
  2⤵
  PID:11432
- C:\Windows\System\dCCPnAW.exe
  C:\Windows\System\dCCPnAW.exe
  2⤵
  PID:11452
- C:\Windows\System\nebqSwc.exe
  C:\Windows\System\nebqSwc.exe
  2⤵
  PID:11476
- C:\Windows\System\iICoGDh.exe
  C:\Windows\System\iICoGDh.exe
  2⤵
  PID:11496
- C:\Windows\System\OVUqLKq.exe
  C:\Windows\System\OVUqLKq.exe
  2⤵
  PID:11520
- C:\Windows\System\MLkWmBK.exe
  C:\Windows\System\MLkWmBK.exe
  2⤵
  PID:11544
- C:\Windows\System\GIfgUOO.exe
  C:\Windows\System\GIfgUOO.exe
  2⤵
  PID:11564
- C:\Windows\System\cOcgcau.exe
  C:\Windows\System\cOcgcau.exe
  2⤵
  PID:11588
- C:\Windows\System\mJQRgab.exe
  C:\Windows\System\mJQRgab.exe
  2⤵
  PID:11608
- C:\Windows\System\ZCaCJJY.exe
  C:\Windows\System\ZCaCJJY.exe
  2⤵
  PID:11628
- C:\Windows\System\HChLypQ.exe
  C:\Windows\System\HChLypQ.exe
  2⤵
  PID:11652
- C:\Windows\System\fdQvtMN.exe
  C:\Windows\System\fdQvtMN.exe
  2⤵
  PID:11672
- C:\Windows\System\wHIUcSz.exe
  C:\Windows\System\wHIUcSz.exe
  2⤵
  PID:11696
- C:\Windows\System\CDnRYaw.exe
  C:\Windows\System\CDnRYaw.exe
  2⤵
  PID:11724
- C:\Windows\System\MsECZzm.exe
  C:\Windows\System\MsECZzm.exe
  2⤵
  PID:11748
- C:\Windows\System\YoeIbyB.exe
  C:\Windows\System\YoeIbyB.exe
  2⤵
  PID:11780
- C:\Windows\System\tflgliV.exe
  C:\Windows\System\tflgliV.exe
  2⤵
  PID:11804
- C:\Windows\System\nIpjrHF.exe
  C:\Windows\System\nIpjrHF.exe
  2⤵
  PID:11824
- C:\Windows\System\uVSatDO.exe
  C:\Windows\System\uVSatDO.exe
  2⤵
  PID:11848
- C:\Windows\System\pryVuoT.exe
  C:\Windows\System\pryVuoT.exe
  2⤵
  PID:11872
- C:\Windows\System\qXPoWKQ.exe
  C:\Windows\System\qXPoWKQ.exe
  2⤵
  PID:11892
- C:\Windows\System\QUeLsWL.exe
  C:\Windows\System\QUeLsWL.exe
  2⤵
  PID:11912
- C:\Windows\System\xfgQgKS.exe
  C:\Windows\System\xfgQgKS.exe
  2⤵
  PID:11928
- C:\Windows\System\CZDilpl.exe
  C:\Windows\System\CZDilpl.exe
  2⤵
  PID:11964
- C:\Windows\System\dSwoQQv.exe
  C:\Windows\System\dSwoQQv.exe
  2⤵
  PID:11980
- C:\Windows\System\FJLgLBx.exe
  C:\Windows\System\FJLgLBx.exe
  2⤵
  PID:12008
- C:\Windows\System\KedPspK.exe
  C:\Windows\System\KedPspK.exe
  2⤵
  PID:12032
- C:\Windows\System\SfuzzLf.exe
  C:\Windows\System\SfuzzLf.exe
  2⤵
  PID:12056
- C:\Windows\System\XXWXXZT.exe
  C:\Windows\System\XXWXXZT.exe
  2⤵
  PID:12072
- C:\Windows\System\EoJYHWp.exe
  C:\Windows\System\EoJYHWp.exe
  2⤵
  PID:12096
- C:\Windows\System\OpcGtcc.exe
  C:\Windows\System\OpcGtcc.exe
  2⤵
  PID:12120
- C:\Windows\System\lZCXpbQ.exe
  C:\Windows\System\lZCXpbQ.exe
  2⤵
  PID:12140
- C:\Windows\System\dZrxszQ.exe
  C:\Windows\System\dZrxszQ.exe
  2⤵
  PID:12172
- C:\Windows\System\vsnPiaA.exe
  C:\Windows\System\vsnPiaA.exe
  2⤵
  PID:12196
- C:\Windows\System\nwvEgBs.exe
  C:\Windows\System\nwvEgBs.exe
  2⤵
  PID:12216
- C:\Windows\System\oLjvwbm.exe
  C:\Windows\System\oLjvwbm.exe
  2⤵
  PID:12244
- C:\Windows\System\sUkABKK.exe
  C:\Windows\System\sUkABKK.exe
  2⤵
  PID:12272
- C:\Windows\System\jLOrWPQ.exe
  C:\Windows\System\jLOrWPQ.exe
  2⤵
  PID:8668
- C:\Windows\System\PxFGefq.exe
  C:\Windows\System\PxFGefq.exe
  2⤵
  PID:9088
- C:\Windows\System\ZZYmcex.exe
  C:\Windows\System\ZZYmcex.exe
  2⤵
  PID:8360
- C:\Windows\System\ygcNWTw.exe
  C:\Windows\System\ygcNWTw.exe
  2⤵
  PID:2428
- C:\Windows\System\iAtXtfy.exe
  C:\Windows\System\iAtXtfy.exe
  2⤵
  PID:9264
- C:\Windows\System\yxvPfRD.exe
  C:\Windows\System\yxvPfRD.exe
  2⤵
  PID:9712
- C:\Windows\System\dgodwtC.exe
  C:\Windows\System\dgodwtC.exe
  2⤵
  PID:9652
- C:\Windows\System\Kywuatf.exe
  C:\Windows\System\Kywuatf.exe
  2⤵
  PID:9844
- C:\Windows\System\cdkUxNq.exe
  C:\Windows\System\cdkUxNq.exe
  2⤵
  PID:9888
- C:\Windows\System\VUEuCPa.exe
  C:\Windows\System\VUEuCPa.exe
  2⤵
  PID:11132
- C:\Windows\System\GhQhzXg.exe
  C:\Windows\System\GhQhzXg.exe
  2⤵
  PID:9944
- C:\Windows\System\RGXvwEv.exe
  C:\Windows\System\RGXvwEv.exe
  2⤵
  PID:11256
- C:\Windows\System\hlPnldY.exe
  C:\Windows\System\hlPnldY.exe
  2⤵
  PID:10288
- C:\Windows\System\gUYhYjY.exe
  C:\Windows\System\gUYhYjY.exe
  2⤵
  PID:10340
- C:\Windows\System\KkhgIjW.exe
  C:\Windows\System\KkhgIjW.exe
  2⤵
  PID:10372
- C:\Windows\System\GjEstMF.exe
  C:\Windows\System\GjEstMF.exe
  2⤵
  PID:10236
- C:\Windows\System\ttJGbgm.exe
  C:\Windows\System\ttJGbgm.exe
  2⤵
  PID:8896
- C:\Windows\System\UXYYdPN.exe
  C:\Windows\System\UXYYdPN.exe
  2⤵
  PID:10480
- C:\Windows\System\oGdeYxJ.exe
  C:\Windows\System\oGdeYxJ.exe
  2⤵
  PID:10396
- C:\Windows\System\EgnBgCo.exe
  C:\Windows\System\EgnBgCo.exe
  2⤵
  PID:10524
- C:\Windows\System\KqXKRUM.exe
  C:\Windows\System\KqXKRUM.exe
  2⤵
  PID:10552
- C:\Windows\System\MfIKZVp.exe
  C:\Windows\System\MfIKZVp.exe
  2⤵
  PID:10604
- C:\Windows\System\pYzcNMO.exe
  C:\Windows\System\pYzcNMO.exe
  2⤵
  PID:12320
- C:\Windows\System\xThyjzr.exe
  C:\Windows\System\xThyjzr.exe
  2⤵
  PID:12344
- C:\Windows\System\FwgFCth.exe
  C:\Windows\System\FwgFCth.exe
  2⤵
  PID:12368
- C:\Windows\System\NTEasRk.exe
  C:\Windows\System\NTEasRk.exe
  2⤵
  PID:12392
- C:\Windows\System\UCAQlhr.exe
  C:\Windows\System\UCAQlhr.exe
  2⤵
  PID:12416
- C:\Windows\System\heGXGnK.exe
  C:\Windows\System\heGXGnK.exe
  2⤵
  PID:12440
- C:\Windows\System\yiiaGWz.exe
  C:\Windows\System\yiiaGWz.exe
  2⤵
  PID:12460
- C:\Windows\System\OvRIOJW.exe
  C:\Windows\System\OvRIOJW.exe
  2⤵
  PID:12488
- C:\Windows\System\guOXImt.exe
  C:\Windows\System\guOXImt.exe
  2⤵
  PID:12512
- C:\Windows\System\PaHyqMl.exe
  C:\Windows\System\PaHyqMl.exe
  2⤵
  PID:12536
- C:\Windows\System\ZCfDoLq.exe
  C:\Windows\System\ZCfDoLq.exe
  2⤵
  PID:12556
- C:\Windows\System\zqmqSQK.exe
  C:\Windows\System\zqmqSQK.exe
  2⤵
  PID:12584
- C:\Windows\System\YBTwUdC.exe
  C:\Windows\System\YBTwUdC.exe
  2⤵
  PID:12608
- C:\Windows\System\NSbIENa.exe
  C:\Windows\System\NSbIENa.exe
  2⤵
  PID:12636
- C:\Windows\System\qvcqcmA.exe
  C:\Windows\System\qvcqcmA.exe
  2⤵
  PID:12660
- C:\Windows\System\VLaHnHO.exe
  C:\Windows\System\VLaHnHO.exe
  2⤵
  PID:12680
- C:\Windows\System\etzwZyY.exe
  C:\Windows\System\etzwZyY.exe
  2⤵
  PID:12700
- C:\Windows\System\SVcUvWk.exe
  C:\Windows\System\SVcUvWk.exe
  2⤵
  PID:12728
- C:\Windows\System\MWtKZWH.exe
  C:\Windows\System\MWtKZWH.exe
  2⤵
  PID:12748
- C:\Windows\System\fsfOizy.exe
  C:\Windows\System\fsfOizy.exe
  2⤵
  PID:12776
- C:\Windows\System\LDcgAfI.exe
  C:\Windows\System\LDcgAfI.exe
  2⤵
  PID:12804
- C:\Windows\System\qNThooU.exe
  C:\Windows\System\qNThooU.exe
  2⤵
  PID:12832
- C:\Windows\System\qPxsyeP.exe
  C:\Windows\System\qPxsyeP.exe
  2⤵
  PID:12856
- C:\Windows\System\cGIAcLs.exe
  C:\Windows\System\cGIAcLs.exe
  2⤵
  PID:12880
- C:\Windows\System\abJOqPO.exe
  C:\Windows\System\abJOqPO.exe
  2⤵
  PID:12896
- C:\Windows\System\RUtlkLn.exe
  C:\Windows\System\RUtlkLn.exe
  2⤵
  PID:12928
- C:\Windows\System\SxtwsSb.exe
  C:\Windows\System\SxtwsSb.exe
  2⤵
  PID:12948
- C:\Windows\System\cWpPzfB.exe
  C:\Windows\System\cWpPzfB.exe
  2⤵
  PID:12968
- C:\Windows\System\uVKshcv.exe
  C:\Windows\System\uVKshcv.exe
  2⤵
  PID:12988
- C:\Windows\System\kDkHhus.exe
  C:\Windows\System\kDkHhus.exe
  2⤵
  PID:13016
- C:\Windows\System\kgOtASh.exe
  C:\Windows\System\kgOtASh.exe
  2⤵
  PID:13064
- C:\Windows\System\GWlLjhz.exe
  C:\Windows\System\GWlLjhz.exe
  2⤵
  PID:13096
- C:\Windows\System\UVJGrLc.exe
  C:\Windows\System\UVJGrLc.exe
  2⤵
  PID:13136
- C:\Windows\System\YCLABxC.exe
  C:\Windows\System\YCLABxC.exe
  2⤵
  PID:13192
- C:\Windows\System\SiETSbm.exe
  C:\Windows\System\SiETSbm.exe
  2⤵
  PID:13244
- C:\Windows\System\IEgejXG.exe
  C:\Windows\System\IEgejXG.exe
  2⤵
  PID:13268
- C:\Windows\System\ZSWUTdC.exe
  C:\Windows\System\ZSWUTdC.exe
  2⤵
  PID:13288
- C:\Windows\System\zUQqhoR.exe
  C:\Windows\System\zUQqhoR.exe
  2⤵
  PID:11328
- C:\Windows\System\MrNJPkt.exe
  C:\Windows\System\MrNJPkt.exe
  2⤵
  PID:10644
- C:\Windows\System\SMXpcVR.exe
  C:\Windows\System\SMXpcVR.exe
  2⤵
  PID:8288
- C:\Windows\System\weTUdtX.exe
  C:\Windows\System\weTUdtX.exe
  2⤵
  PID:11460
- C:\Windows\System\gLQEFrE.exe
  C:\Windows\System\gLQEFrE.exe
  2⤵
  PID:10800
- C:\Windows\System\RFVVayJ.exe
  C:\Windows\System\RFVVayJ.exe
  2⤵
  PID:10820
- C:\Windows\System\yWCYlJC.exe
  C:\Windows\System\yWCYlJC.exe
  2⤵
  PID:11600
- C:\Windows\System\fIOrDXm.exe
  C:\Windows\System\fIOrDXm.exe
  2⤵
  PID:10912
- C:\Windows\System\UWzqZIN.exe
  C:\Windows\System\UWzqZIN.exe
  2⤵
  PID:11712
- C:\Windows\System\KGssXus.exe
  C:\Windows\System\KGssXus.exe
  2⤵
  PID:9160
- C:\Windows\System\OuskuBd.exe
  C:\Windows\System\OuskuBd.exe
  2⤵
  PID:11816
- C:\Windows\System\kfJlKcB.exe
  C:\Windows\System\kfJlKcB.exe
  2⤵
  PID:11836
- C:\Windows\System\NUEaPKJ.exe
  C:\Windows\System\NUEaPKJ.exe
  2⤵
  PID:11040
- C:\Windows\System\hmYbjpb.exe
  C:\Windows\System\hmYbjpb.exe
  2⤵
  PID:11064
- C:\Windows\System\CRknrKY.exe
  C:\Windows\System\CRknrKY.exe
  2⤵
  PID:9404
- C:\Windows\System\sKUvVTq.exe
  C:\Windows\System\sKUvVTq.exe
  2⤵
  PID:10264
- C:\Windows\System\KwYzUqq.exe
  C:\Windows\System\KwYzUqq.exe
  2⤵
  PID:9956
- C:\Windows\System\dSenCYO.exe
  C:\Windows\System\dSenCYO.exe
  2⤵
  PID:10348
- C:\Windows\System\xHnaTlN.exe
  C:\Windows\System\xHnaTlN.exe
  2⤵
  PID:12148
- C:\Windows\System\ctorkhw.exe
  C:\Windows\System\ctorkhw.exe
  2⤵
  PID:12224
- C:\Windows\System\kScYPAv.exe
  C:\Windows\System\kScYPAv.exe
  2⤵
  PID:10392
- C:\Windows\System\EnzTuRH.exe
  C:\Windows\System\EnzTuRH.exe
  2⤵
  PID:7980
- C:\Windows\System\oIkHOQI.exe
  C:\Windows\System\oIkHOQI.exe
  2⤵
  PID:9244
- C:\Windows\System\ZWpdbxL.exe
  C:\Windows\System\ZWpdbxL.exe
  2⤵
  PID:8216
- C:\Windows\System\SmECcJD.exe
  C:\Windows\System\SmECcJD.exe
  2⤵
  PID:5708
- C:\Windows\System\ECeKtyC.exe
  C:\Windows\System\ECeKtyC.exe
  2⤵
  PID:10648
- C:\Windows\System\xrAqROX.exe
  C:\Windows\System\xrAqROX.exe
  2⤵
  PID:10708
- C:\Windows\System\HWJbmXC.exe
  C:\Windows\System\HWJbmXC.exe
  2⤵
  PID:11492
- C:\Windows\System\sCSYQIj.exe
  C:\Windows\System\sCSYQIj.exe
  2⤵
  PID:12504
- C:\Windows\System\TgZONRx.exe
  C:\Windows\System\TgZONRx.exe
  2⤵
  PID:12524
- C:\Windows\System\OflQhiU.exe
  C:\Windows\System\OflQhiU.exe
  2⤵
  PID:10948
- C:\Windows\System\DFykICA.exe
  C:\Windows\System\DFykICA.exe
  2⤵
  PID:11772
- C:\Windows\System\fgNgcZg.exe
  C:\Windows\System\fgNgcZg.exe
  2⤵
  PID:11108
- C:\Windows\System\DcbHgAo.exe
  C:\Windows\System\DcbHgAo.exe
  2⤵
  PID:13316
- C:\Windows\System\YBizKgR.exe
  C:\Windows\System\YBizKgR.exe
  2⤵
  PID:13344
- C:\Windows\System\eTulcqg.exe
  C:\Windows\System\eTulcqg.exe
  2⤵
  PID:13364
- C:\Windows\System\nzkExIC.exe
  C:\Windows\System\nzkExIC.exe
  2⤵
  PID:13384
- C:\Windows\System\QQDqTDg.exe
  C:\Windows\System\QQDqTDg.exe
  2⤵
  PID:13400
- C:\Windows\System\ejaYSqC.exe
  C:\Windows\System\ejaYSqC.exe
  2⤵
  PID:13420
- C:\Windows\System\crdadnL.exe
  C:\Windows\System\crdadnL.exe
  2⤵
  PID:13448
- C:\Windows\System\tBwDmho.exe
  C:\Windows\System\tBwDmho.exe
  2⤵
  PID:13468
- C:\Windows\System\gHxJRTJ.exe
  C:\Windows\System\gHxJRTJ.exe
  2⤵
  PID:13500
- C:\Windows\System\VNGNwwJ.exe
  C:\Windows\System\VNGNwwJ.exe
  2⤵
  PID:13520
- C:\Windows\System\FLLUJJn.exe
  C:\Windows\System\FLLUJJn.exe
  2⤵
  PID:13540
- C:\Windows\System\qDYQOEP.exe
  C:\Windows\System\qDYQOEP.exe
  2⤵
  PID:13568
- C:\Windows\System\wVuPrcz.exe
  C:\Windows\System\wVuPrcz.exe
  2⤵
  PID:13588
- C:\Windows\System\qerZtYR.exe
  C:\Windows\System\qerZtYR.exe
  2⤵
  PID:13608
- C:\Windows\System\RiNwqGV.exe
  C:\Windows\System\RiNwqGV.exe
  2⤵
  PID:13628
- C:\Windows\System\vGjFFvC.exe
  C:\Windows\System\vGjFFvC.exe
  2⤵
  PID:13648
- C:\Windows\System\eDGIoho.exe
  C:\Windows\System\eDGIoho.exe
  2⤵
  PID:13672
- C:\Windows\System\VMdTrRR.exe
  C:\Windows\System\VMdTrRR.exe
  2⤵
  PID:13692
- C:\Windows\System\GVpORLy.exe
  C:\Windows\System\GVpORLy.exe
  2⤵
  PID:13716
- C:\Windows\System\bVbYzBt.exe
  C:\Windows\System\bVbYzBt.exe
  2⤵
  PID:13744
- C:\Windows\System\HmPixQF.exe
  C:\Windows\System\HmPixQF.exe
  2⤵
  PID:13764
- C:\Windows\System\UHYOtck.exe
  C:\Windows\System\UHYOtck.exe
  2⤵
  PID:13784
- C:\Windows\System\hhVIuFm.exe
  C:\Windows\System\hhVIuFm.exe
  2⤵
  PID:13804
- C:\Windows\System\VlaNIEE.exe
  C:\Windows\System\VlaNIEE.exe
  2⤵
  PID:13828
- C:\Windows\System\oIRqkSm.exe
  C:\Windows\System\oIRqkSm.exe
  2⤵
  PID:13852
- C:\Windows\System\UPFbSzx.exe
  C:\Windows\System\UPFbSzx.exe
  2⤵
  PID:13876
- C:\Windows\System\aaWhCqX.exe
  C:\Windows\System\aaWhCqX.exe
  2⤵
  PID:13900
- C:\Windows\System\wVHSMvC.exe
  C:\Windows\System\wVHSMvC.exe
  2⤵
  PID:13928
- C:\Windows\System\gPvfFeh.exe
  C:\Windows\System\gPvfFeh.exe
  2⤵
  PID:13952
- C:\Windows\System\ENWlblb.exe
  C:\Windows\System\ENWlblb.exe
  2⤵
  PID:13972
- C:\Windows\System\fvdPywp.exe
  C:\Windows\System\fvdPywp.exe
  2⤵
  PID:13996
- C:\Windows\System\FNSLBRm.exe
  C:\Windows\System\FNSLBRm.exe
  2⤵
  PID:14020
- C:\Windows\System\FMxqSSx.exe
  C:\Windows\System\FMxqSSx.exe
  2⤵
  PID:14044
- C:\Windows\System\DnSbMbX.exe
  C:\Windows\System\DnSbMbX.exe
  2⤵
  PID:14068
- C:\Windows\System\RMMnAWg.exe
  C:\Windows\System\RMMnAWg.exe
  2⤵
  PID:14096
- C:\Windows\System\bmcMlKU.exe
  C:\Windows\System\bmcMlKU.exe
  2⤵
  PID:14112
- C:\Windows\System\KHMAfzU.exe
  C:\Windows\System\KHMAfzU.exe
  2⤵
  PID:14128
- C:\Windows\System\AhWBTDW.exe
  C:\Windows\System\AhWBTDW.exe
  2⤵
  PID:14144
- C:\Windows\System\jncmuZF.exe
  C:\Windows\System\jncmuZF.exe
  2⤵
  PID:14160
- C:\Windows\System\OGomXep.exe
  C:\Windows\System\OGomXep.exe
  2⤵
  PID:14176
- C:\Windows\System\KWWhDRa.exe
  C:\Windows\System\KWWhDRa.exe
  2⤵
  PID:14192
- C:\Windows\System\gAYaNmN.exe
  C:\Windows\System\gAYaNmN.exe
  2⤵
  PID:14212
- C:\Windows\System\QNksSKc.exe
  C:\Windows\System\QNksSKc.exe
  2⤵
  PID:14228
- C:\Windows\System\DCsjIph.exe
  C:\Windows\System\DCsjIph.exe
  2⤵
  PID:14248
- C:\Windows\System\NnabGeu.exe
  C:\Windows\System\NnabGeu.exe
  2⤵
  PID:14264
- C:\Windows\System\bEtkOcy.exe
  C:\Windows\System\bEtkOcy.exe
  2⤵
  PID:14280
- C:\Windows\System\BfXGfly.exe
  C:\Windows\System\BfXGfly.exe
  2⤵
  PID:14296
- C:\Windows\System\DvLnvxw.exe
  C:\Windows\System\DvLnvxw.exe
  2⤵
  PID:14320
- C:\Windows\System\lZqTFzH.exe
  C:\Windows\System\lZqTFzH.exe
  2⤵
  PID:11208
- C:\Windows\System\tfKkeKc.exe
  C:\Windows\System\tfKkeKc.exe
  2⤵
  PID:11976
- C:\Windows\System\EApcGPY.exe
  C:\Windows\System\EApcGPY.exe
  2⤵
  PID:13044
- C:\Windows\System\qxvFLqv.exe
  C:\Windows\System\qxvFLqv.exe
  2⤵
  PID:10684
- C:\Windows\System\PwhKhrN.exe
  C:\Windows\System\PwhKhrN.exe
  2⤵
  PID:1284
- C:\Windows\System\gsyxuRu.exe
  C:\Windows\System\gsyxuRu.exe
  2⤵
  PID:6780
- C:\Windows\System\FeoFfXv.exe
  C:\Windows\System\FeoFfXv.exe
  2⤵
  PID:6580
- C:\Windows\System\ZhitSpl.exe
  C:\Windows\System\ZhitSpl.exe
  2⤵
  PID:12308
- C:\Windows\System\iIjAkpk.exe
  C:\Windows\System\iIjAkpk.exe
  2⤵
  PID:12404

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5444

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:13996

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:10800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AHxPryl.exe

Filesize
1.9MB

MD5
f7bd1d86a3b8c448f5661ecdcf4e2eee

SHA1
0932062103fd7887f7af91527885a3f5d31cc0bd

SHA256
68d2532fc21680f35781317d8e8ac6cf08f358256379b8390b21478c52949310

SHA512
c973868303bb1eb6ed7f280acb33466aeed25e106d780c23ffe9dc2cfb938576e9b788efa08635b295bb75f62b68d5715fbfefec404470d521d800be1c5cd836

Download Submit
C:\Windows\System\CCSbqVt.exe

Filesize
1.9MB

MD5
72717523d4939f3d74ce6626a8268f96

SHA1
5bea0c5f42ef46f187def850e5ba1752e4f2fea1

SHA256
bd74b362df46ee516bbaf549a2dedc5aefab0ad8b9cc87858c4ebed40734498c

SHA512
0856dcc5c9b45e3ec7707aa249a6bd21e4ff76a28d1f3ac56e0cfed883d971199e8423a2cfccc2a89984f459215aefbd90fa88fb2cd7679fc2ae29ec6d8e3c4c

Download Submit
C:\Windows\System\CIIDWtz.exe

Filesize
1.9MB

MD5
9cb1df823635938a2768cfe8ae10874c

SHA1
b5aa24bf593c3842c82a9e6435cb8329c59df346

SHA256
a1ff7972dd96617e82a9382722f9138505aadc0da860770ff458394a793ded9b

SHA512
2078a616b9c8dccc4f4b0391943a38075baa5260efb06b89295287f620d1dcb5cb22ebaed750e4a1c1c32372e5479994b6098dc98e8ce715f085e6ce364524e1

Download Submit
C:\Windows\System\CNTkiqI.exe

Filesize
2.0MB

MD5
93ec142e31b24c696f61301f2f71cce0

SHA1
3e1f13a7fa41787beba6e28bc7ffbe7840152c33

SHA256
d9176b36bab3f9793a062dfcdf7112163488cb6c0393ab93179863b589bdad4a

SHA512
22f7aff67c323f6c6a7f79983f63e351eb0a1a40eaa3614ac45b6bea2c33e77814572e81265fb69f400c110094c6094ec485fe3327428edf3e10429b7782a81d

Download Submit
C:\Windows\System\DMkgubp.exe

Filesize
1.9MB

MD5
dfec876d53a9d7557ff596b9994f35db

SHA1
6cdbaa577af3fd3907b776325e7350e65298d84a

SHA256
0e36805d103a786f09aae615abcedd90f075af31326c9b68b4ab0dff6db519f7

SHA512
a698f8b4b08125d956ef6d13782932a5d3938269d7673caa1d05f8c46f630b0da5598cdd58e0fa9abc87a9290a6e630fbae77d942d8d3198b80cdf3d6550c588

Download Submit
C:\Windows\System\EXjQzuV.exe

Filesize
1.9MB

MD5
16217c78b6716bdee590315d1aaf8518

SHA1
e5947364e85415b416308ab56a2b9f0f1e28bb41

SHA256
290533f652e6b1e4fc3f6e55abfe3f3708c8c20ce7aa048f80e1d857aea5056e

SHA512
abf51600b8bb2013a93c2aae3cf26c336ea1789af60d91dc72e9e428ddeed7dc33cc7d81a9d49c8f65193bc1e123fcfed9eac2ae07687c9c3b7a333235d47ae6

Download Submit
C:\Windows\System\EmdkeiG.exe

Filesize
1.9MB

MD5
cbfb1ac00ec623d24a5294a9af55b710

SHA1
f21681451672791d98a8e323b7d6ed42cc5f6eef

SHA256
2d524b01eacd6a13e3e2a35795e236624425e52130766992f82d3fa52bf70052

SHA512
51bb59cb936da4707037b1442d566a85aab00178921fe4c2c8557213a14a20eb9c30faa053df120980a4e40f79c02773f75126482488d06541a3332dac3d3bfb

Download Submit
C:\Windows\System\GNxcWbV.exe

Filesize
2.0MB

MD5
00adf9678859007578fe8191eafffae8

SHA1
042e2cd78f4d1189e5eef72a73c6a79335479a4e

SHA256
334e80291a6bf7076f9a80c39ec2d466da5ede6cca1875dddbc0abc4da5df65d

SHA512
0ea6da4534dedc179d8516a08a9d6af7f5885cd569dc34c80cd6936441b03aee4f5aa0c8e81637241cc8f9ca763920d85d32f4e5babbab58c1b38506526e8f0c

Download Submit
C:\Windows\System\IeTSScP.exe

Filesize
1.9MB

MD5
bb761c5ae803662f7e70c03dee152cf7

SHA1
c99c02ee4ddf391ab50e1d07f611e1b578146ab4

SHA256
ced1c60badaa595fc85954bf7ebfbe588e751aa3abf515b979fb4f70c082b959

SHA512
cbe0f5b531db3ef44209c92fbade5ef0f7360396e5607bca7f5a3f7718cc92474d959768581873e69603f7a12f6ee9c780728174f7147b2170bf131ee1efe3b3

Download Submit
C:\Windows\System\IrsAqcY.exe

Filesize
1.9MB

MD5
b79296ef9f31d065a301608df6ab93ca

SHA1
0b36ee68c4cf6a3932250de149757b79633e8e7b

SHA256
a031062263220ef2004a92d15f94b687d468417a8d91274881017db59a446d97

SHA512
a91850ef2e04eaf2c10c94a7280fb6ac89ef45cf14e69d82cee20a8f69a3574ea4cf7e707f286a45239a2d9ab268c78189df73da5b50b2e30b2920ac5e139e8b

Download Submit
C:\Windows\System\JIFUchN.exe

Filesize
1.9MB

MD5
553c9fc50934cbf936bfb891ef0d008f

SHA1
4778f1b0c18e59ca2a1a7ab2e2a8b60e95e38298

SHA256
fa19d3912a03baeeae86e4515e240545881b4d4cc67b5325db768ed51a55c9eb

SHA512
8d1c17e4e2219024e140d939bbaa071e7c9bb8491bce864f69499ff5c4d12517acb3cebeb8c4668cc63faf259ea4e4d3d41fbff9d08649eeb9a50b4a1776b99b

Download Submit
C:\Windows\System\KjmCMxs.exe

Filesize
1.9MB

MD5
bed063167e7101fd935a695ab25fe629

SHA1
646649916ae4719430b275c0b91532399cf07ba2

SHA256
864dd041736560499e95bd6573ee0fdc7817c5a166ee2309a5a0230fcab97629

SHA512
e262ed7b3554f7b58fa7a23675a6f56514e654cbeeaa9e66b9d34af50707647f4b38d95fd744a1b1867943c464e715aa5b87e9814aaf1a6a754c56438354d0ab

Download Submit
C:\Windows\System\NXhmSBL.exe

Filesize
2.0MB

MD5
a56e48fc041390c544b160a7aa78faaa

SHA1
532303ea9a2da0b1e4baac4c0296825616de424d

SHA256
99fafacfa580a24b1c2b65cd95dcb518f9f516c6402c72c42c55fbc64333b87b

SHA512
f6fdc9e8c1940970c6a39fde37d53466599f1c6e3a085ece9aeac8329f6b2993b7f5dc52fb739b60f53612504fc6347b387ee03c69a36f7a81d615b19188af4a

Download Submit
C:\Windows\System\NXrotwu.exe

Filesize
1.9MB

MD5
3d0d1576ae3947cdb3b5f3866eaa7941

SHA1
5cf2796006cd17d0b324caef442e3f0a78a8e4ef

SHA256
0000a87933be3178ceda493d2c0e094647d53ce4b383759d230589f8bcc485c6

SHA512
489e7fef62a6991c033fc71355e324920ff397630ef7799be9cfdc04235b984f4b5fd041f989dce39e58d7caf5e7357d717d8340be1699c9e66fca483491419c

Download Submit
C:\Windows\System\NmYYeCN.exe

Filesize
1.9MB

MD5
00f96b8834624ccee4636199608f554f

SHA1
cda4411259a39ff183f8b3c5740600473d04cab7

SHA256
84b2c9fc50a02061e34835a1c7d757e4a8dec529c0373cdc7f3e64439673926a

SHA512
1abb0a8f0437cf7b31fda4d5fe46089723008d25419e967414a4d1aa7dd961e88c59f44d1d531620307ad39323322e8293b30503a72fdf39771cb1067a5accc1

Download Submit
C:\Windows\System\NncImbI.exe

Filesize
1.9MB

MD5
52ac2e7153423815a6f436b76f530958

SHA1
67d9530ad20072d8f910667f145025b6306609a5

SHA256
d29f4fedfe62ff14de9f5694694eda24cf5d4b00ad7bb22f4f881f76642b7a99

SHA512
41780b27fc03d0e5a0df2ba90971dd201437b388e34fa4fb99b96ebd70ab0c599563a77fcd82646906901eade3fc350047f70c66896aa50d608531455cecf2b2

Download Submit
C:\Windows\System\QOkuTAl.exe

Filesize
1.9MB

MD5
397020a84e9f91ea5b578949fa0f9e67

SHA1
28857de8369090508a1185994faab39fcb678f77

SHA256
66cdf5b9c48f30d1741d8472afca0b4f470f0b2d4df13f17becd7dbb62337478

SHA512
3bfd2a9e5effb4db947961a70db521bc86b6f0f7fdb86ebda085ea2ac5933bd9d0f198870ad5410c351baaf5dc630aacd2dae2dbcccc32feaabb75c7a9f8912d

Download Submit
C:\Windows\System\TJdzLdp.exe

Filesize
1.9MB

MD5
b87d69f4731669e6324c88288e865058

SHA1
1915fa93a09bb9f46c3f238a4f6427fab54b40ec

SHA256
d1b8ccd50ac8a556c7d6e3246239f4d6c0805f89af1905ed0995816aa16a22ac

SHA512
855500d7395cace1972930689a1df5e4ad38df1ea25211d30c5e9bdea9cb7b699b96b230f5ea58cd31ab8f81d71c858ae86f2e1ca6ecc4d2697681f9ceb93a37

Download Submit
C:\Windows\System\VZCsQze.exe

Filesize
1.9MB

MD5
8fb7a751fb95db4e0619310b179a05f5

SHA1
dea004cdc60394c495bbd6bca0325ec38fdf1aea

SHA256
daed88f56456e2368436326092d4b9249f47ae9403e7d530330178758e95f2f5

SHA512
2368165d0e648a7515f99c7756ede529af7f4270b015f26a8901b92acbbce6a9f09720fe22faa6aeeb0f420895f51b5f429bf962a5ab53fbbf7a5b4cf1aac656

Download Submit
C:\Windows\System\XXBYQrg.exe

Filesize
1.9MB

MD5
af1fc4a45eabcb53703698e426402fb5

SHA1
e0f1947341544b91a9d19c30308e7ee09175a4ff

SHA256
a6f11ace1725d915fdcfa33528ea279a5c1f39c22112b48234dfb68e7f08ee34

SHA512
a020efe6700c2df64ff6110d86381009dbe225bacafa1b286defee4a40524b6b894fe6bda8040eface59c058af9b89e756fbaaea7620e65ab59bd42db593e71b

Download Submit
C:\Windows\System\XupoZES.exe

Filesize
1.9MB

MD5
56bfe0a0cc134070ad8582c36527c2ce

SHA1
d6010d01644eb3be5b25fa8ac7761d90112b7c77

SHA256
8e519e9fb12ce993c392449211a6b3987d00d4a7a88c8ef79cd9eadb2ef20f6c

SHA512
de0ef109ce69dbeee29b7aa722ff9b1c84e46fa27d07e8657dc29ac20d8d4724301d449cbf4c31c5be16b14d36d506b01ddaab861af369ac57e1a49c7b155bf1

Download Submit
C:\Windows\System\ZjDUTAD.exe

Filesize
1.9MB

MD5
a26006bbbfd66c6b0c355d481cfa033a

SHA1
999d54e38c3f9257eda2e651b1d4f1154d639c13

SHA256
dc13e7bfe86b83d4e7edc5472cb8d4f684ba4c5eeec1d930ff48b2ce62a7aedd

SHA512
3c1d8e1183f624def8964ca442b5ff963d5caba63827157494d42916785d0f427072cad74f8ee4d1f95d5473ba2f5aae5c6ba63bc838e1b4ea849e229d4b3acd

Download Submit
C:\Windows\System\ahdjnWr.exe

Filesize
1.9MB

MD5
410af823654f061b2b7d7e972f83e9a8

SHA1
ca5f7f8cddb58b9a03359f4433749dcd21563f5a

SHA256
4988f882edbfc6cdf7a7588075246c868775246af7253db1765ab55664f344ad

SHA512
c13bc3b3da53d86290f995f61b34f4aa215076ad8437404c2b415e1d4c468e9de3a424c5394f806c548ca02036a67bc04fa279339b0de0aaa07fdea448b02351

Download Submit
C:\Windows\System\fGAqAaz.exe

Filesize
1.9MB

MD5
883c8cfc8464474e2af6507667b776c0

SHA1
fdccc9bcbea81a81ad25bc68f7f8b0ef5e8450ed

SHA256
b89b66ebf1c8e400499f9cafc1327bf6c09d40a8245e4e4d633027a891b13ec1

SHA512
2b3dc4d959f756b423cf7c168ae1bf7ef9fcf29d11111d9d8a21cab2e754b1998f9c2c24e62b45e95a63d209477ef875aba499a619f3bfee2713343820052621

Download Submit
C:\Windows\System\oIzwdyI.exe

Filesize
2.0MB

MD5
725f68e7a71333262795e8ced8298678

SHA1
f5b80148ac2b03ce14915a937c65c4710effd410

SHA256
ae55c32f9f11effa19893c841e91c44f0075c98f06526fb2f1b868bb6e8a67b4

SHA512
d07b9297ea1ea8b6d3721330a7d86f682bd59cc31eabd22bb2194478a6ef055a8b2abbd677150978f322ee097d0d7ccb97fffe87ebaf984af70cfad74d57fb16

Download Submit
C:\Windows\System\qLbBjvc.exe

Filesize
1.9MB

MD5
45951d3a366fbc8631e432645bb4c548

SHA1
97670242bfde34b24e1e3d1ab1d2515eac1dd93a

SHA256
bb5ce267d2653bdcd5191535f8458df37f400557d09f8d23a871f8c664f5c8f3

SHA512
fc21f79617ea2fae342ee191bea36b572a504a88ff1c0e65fed4342ecbebd06e0a1713af8b73ff588e23404ebdbe1795f4990641fc35aee79e71895a869988e6

Download Submit
C:\Windows\System\qZvnFMz.exe

Filesize
2.0MB

MD5
f06e9e9f18a53968944b57b64062bbee

SHA1
4da273df72c105b8e65c07f989b19f69b2b06149

SHA256
b979378a8f8cc01bc3fa9f0125a4a0948469432a9af55eec84f697ecd1be584b

SHA512
f1dfdd43772c3099c22abe6bc1c9d9fac563fe17bfba140e8f211fd15f650ae4ccce4a3c4cf4f7c0e428487963c09d9671db1aafc7a5bc9f4ee868ca3f098a2b

Download Submit
C:\Windows\System\qbdXIFI.exe

Filesize
1.9MB

MD5
43ee7681b2b7166b11186cbae629fe61

SHA1
adc79c1dfb4d663fd963dc3b8a5f39d0fe851be0

SHA256
79ff657870f2f4a7b8c2177495eacf8bec56657ca2748266bc157fbdd3a71432

SHA512
6490b82370124547ecf0fe626ddb18b17db4bec9f0541704eff1d606e2fcbd0689f06836cc2ccd8523ecdc491061e5dda9f81bb8f2177b8a1b47c6399395b9d7

Download Submit
C:\Windows\System\qrdpeYj.exe

Filesize
1.9MB

MD5
7c5eabbb33b8fe721b1508d9e27c3e2a

SHA1
27bc39299bc721abae17e44bb3d1e955fa9eecce

SHA256
aeb1f7a178cda747e48dbdec5eef6aeb85cac7fa39a1be2000adf4ee31bedbe2

SHA512
0072127342f751c141d5007c345cd0d1c6f75c1f1174bb26c893ce84868a79b9707f706cdcdb41e95e903b4372d5499f3a7491b0ad187e0ab3dbe417f97fc4dd

Download Submit
C:\Windows\System\tFqeLnH.exe

Filesize
1.9MB

MD5
5be9b134abae1ff5c1bda09970962fbb

SHA1
74976a612b0ce25a201e66c3a9105838429ef398

SHA256
03be607fd672c41b47e90c8a973957ff0ebbe85a1acf3db37381cde2f519539b

SHA512
3712ae84a3a0b26f0369f0cbd0c2ee37d4d50abc954088965a94af7a83de351c90e0e293741bfa07ed6c468be387ce37fdd011704ea16db1bcdcb08cf708192c

Download Submit
C:\Windows\System\todCzsm.exe

Filesize
1.9MB

MD5
94e9c05fa0fc41146bef8696d25a5e05

SHA1
4b5eb6a428e169140aba02fbca82c766dc1dd8d1

SHA256
4e9259f82177431086bc56eeb1b5f61f365815b9cdf3d8d7bdd825d16de9c07c

SHA512
efab8ea0a1c633beef4e718593e3a080f026c7067626fc8fedaebe39d9d2d30786d601361e65353caf57f125f77b7c6b9d1046503a24e5c204f5da5608b3d3ce

Download Submit
C:\Windows\System\uTrXWyY.exe

Filesize
1.9MB

MD5
7045b2ed4fdf6deee1236f4baca6c28b

SHA1
4492255e20ba2505337bd295571b138fdec3172d

SHA256
9c1dd376dd208f96662f70cd77af04be585644a8ded7007fde7e87c7ef1d80ca

SHA512
9ee1a7d24f364a93c38c40fc89ed7d44a95af8628ef32b4b181d7944fdea403951607d868ba360f362e54e9084a87f848ab5a06460c7bc364422379801ef78c6

Download Submit
C:\Windows\System\vsxMMem.exe

Filesize
1.9MB

MD5
e5944ff2ffdd5aff78b8a3832080b333

SHA1
62dfc6067ad6baf04173e7ceb97d3b722dc7baa4

SHA256
1474a3555dc2d7378ba4e6fd53f70ffc55caa8001078bc625d7017fb141cc6a6

SHA512
6286cd7c6e9e46bee3c39c627b52e78cebfaeba66ad033090676b4a842be8e08e00bd180d92e7442401611e1d1339d1016d28fc7e60fee4ae857e91c4bbaac2a

Download Submit
C:\Windows\System\xEoXEXQ.exe

Filesize
2.0MB

MD5
f25da3c7cd38476ad6895598cd657bde

SHA1
2c2289b898a8a07938e7ceb8eac338449d09faf6

SHA256
09ef4bf9df74152a7ea90aec36aa522595a058e007aeb38609cc54a1b528133e

SHA512
3490a73044b8de63ce3b358946c384502f11145eb0515d69de86cc6c1c25e5af5845194b1cafb7b406ffff22c24f271f2748c9ded81f9213e11adbc4af9aa9f5

Download Submit
C:\Windows\System\yKGfkac.exe

Filesize
2.0MB

MD5
a4d3bf38e4d2815a3093fcb9cd613c78

SHA1
2afc999ca9fa888d1366c019c42425bee6c2359d

SHA256
bb871e3cf5a65b327fd92005a43194a8e0578eeea120fe738cd6be6a75237926

SHA512
708eda697e5e9a742527d6bd6366536c87cf9aa7602c428ab91a82dd80c2def06433cc55a00d26dba44eb2de02998761fb4cb3ac6c95953e33a1d95a92b0b7b9

Download Submit
C:\Windows\System\yLoSjcC.exe

Filesize
1.9MB

MD5
355a958f798db12ab68019b353cc08ff

SHA1
3e29abb11d08ae015a3f97cc1a1bf1221f7c89f9

SHA256
65a4d8e924ed7e8a9818a66c936ab934ee41efa9cab0bc7611796946a62dff96

SHA512
a9f7f3b96c53c5330cfcf2da574b470c141e2560cb60572df392a5a596a09979e5be8243893d3ba411d4716cc6deaaef2b016f8f42038298eafbd669a45d83cf

Download Submit
C:\Windows\System\zZzXbqv.exe

Filesize
1.9MB

MD5
b0dd996fd4810394888287ac908fc090

SHA1
0e302f498cd1ec7a6c0394c3698c18a6d3af1762

SHA256
ad3af3b2f369a17c4c008a161ef4012904ead16666fb874104ab09188662d450

SHA512
689efdf5c9741aad45f33b357c0a90ceea850bcf699ceadda9f2669078b64ae16865213569692aee40f92b07f397cc12dc4612d3bd8ee63347f358284217c29b

Download Submit
memory/548-2158-0x00007FF6FAB50000-0x00007FF6FAEA1000-memory.dmp

Filesize
3.3MB

Download
memory/548-0-0x00007FF6FAB50000-0x00007FF6FAEA1000-memory.dmp

Filesize
3.3MB

Download
memory/548-1-0x0000020602D80000-0x0000020602D90000-memory.dmp

Filesize
64KB

Download
memory/748-208-0x00007FF7B0DC0000-0x00007FF7B1111000-memory.dmp

Filesize
3.3MB

Download
memory/748-2309-0x00007FF7B0DC0000-0x00007FF7B1111000-memory.dmp

Filesize
3.3MB

Download
memory/768-202-0x00007FF66B320000-0x00007FF66B671000-memory.dmp

Filesize
3.3MB

Download
memory/768-2313-0x00007FF66B320000-0x00007FF66B671000-memory.dmp

Filesize
3.3MB

Download
memory/884-159-0x00007FF6B60F0000-0x00007FF6B6441000-memory.dmp

Filesize
3.3MB

Download
memory/884-2287-0x00007FF6B60F0000-0x00007FF6B6441000-memory.dmp

Filesize
3.3MB

Download
memory/1244-217-0x00007FF6DBD30000-0x00007FF6DC081000-memory.dmp

Filesize
3.3MB

Download
memory/1244-2279-0x00007FF6DBD30000-0x00007FF6DC081000-memory.dmp

Filesize
3.3MB

Download
memory/1548-2305-0x00007FF6919A0000-0x00007FF691CF1000-memory.dmp

Filesize
3.3MB

Download
memory/1548-205-0x00007FF6919A0000-0x00007FF691CF1000-memory.dmp

Filesize
3.3MB

Download
memory/2080-214-0x00007FF7D69C0000-0x00007FF7D6D11000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2261-0x00007FF7D69C0000-0x00007FF7D6D11000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2267-0x00007FF661CD0000-0x00007FF662021000-memory.dmp

Filesize
3.3MB

Download
memory/2116-35-0x00007FF661CD0000-0x00007FF662021000-memory.dmp

Filesize
3.3MB

Download
memory/2232-2285-0x00007FF6407E0000-0x00007FF640B31000-memory.dmp

Filesize
3.3MB

Download
memory/2232-182-0x00007FF6407E0000-0x00007FF640B31000-memory.dmp

Filesize
3.3MB

Download
memory/2276-207-0x00007FF7E45F0000-0x00007FF7E4941000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2307-0x00007FF7E45F0000-0x00007FF7E4941000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2283-0x00007FF63B8F0000-0x00007FF63BC41000-memory.dmp

Filesize
3.3MB

Download
memory/2448-132-0x00007FF63B8F0000-0x00007FF63BC41000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2269-0x00007FF65B5E0000-0x00007FF65B931000-memory.dmp

Filesize
3.3MB

Download
memory/2524-215-0x00007FF65B5E0000-0x00007FF65B931000-memory.dmp

Filesize
3.3MB

Download
memory/2620-113-0x00007FF6207D0000-0x00007FF620B21000-memory.dmp

Filesize
3.3MB

Download
memory/2620-2291-0x00007FF6207D0000-0x00007FF620B21000-memory.dmp

Filesize
3.3MB

Download
memory/2692-219-0x00007FF62CC70000-0x00007FF62CFC1000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2297-0x00007FF62CC70000-0x00007FF62CFC1000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2299-0x00007FF60D510000-0x00007FF60D861000-memory.dmp

Filesize
3.3MB

Download
memory/2760-187-0x00007FF60D510000-0x00007FF60D861000-memory.dmp

Filesize
3.3MB

Download
memory/2840-197-0x00007FF75E790000-0x00007FF75EAE1000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2301-0x00007FF75E790000-0x00007FF75EAE1000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2289-0x00007FF7BC160000-0x00007FF7BC4B1000-memory.dmp

Filesize
3.3MB

Download
memory/2892-218-0x00007FF7BC160000-0x00007FF7BC4B1000-memory.dmp

Filesize
3.3MB

Download
memory/3168-216-0x00007FF681030000-0x00007FF681381000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2277-0x00007FF681030000-0x00007FF681381000-memory.dmp

Filesize
3.3MB

Download
memory/3196-57-0x00007FF755730000-0x00007FF755A81000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2271-0x00007FF755730000-0x00007FF755A81000-memory.dmp

Filesize
3.3MB

Download
memory/3524-220-0x00007FF6CB400000-0x00007FF6CB751000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2293-0x00007FF6CB400000-0x00007FF6CB751000-memory.dmp

Filesize
3.3MB

Download
memory/3532-212-0x00007FF68C6D0000-0x00007FF68CA21000-memory.dmp

Filesize
3.3MB

Download
memory/3532-2311-0x00007FF68C6D0000-0x00007FF68CA21000-memory.dmp

Filesize
3.3MB

Download
memory/3744-221-0x00007FF7119E0000-0x00007FF711D31000-memory.dmp

Filesize
3.3MB

Download
memory/3744-2317-0x00007FF7119E0000-0x00007FF711D31000-memory.dmp

Filesize
3.3MB

Download
memory/4544-110-0x00007FF739660000-0x00007FF7399B1000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2281-0x00007FF739660000-0x00007FF7399B1000-memory.dmp

Filesize
3.3MB

Download
memory/4588-30-0x00007FF7AEC20000-0x00007FF7AEF71000-memory.dmp

Filesize
3.3MB

Download
memory/4588-2259-0x00007FF7AEC20000-0x00007FF7AEF71000-memory.dmp

Filesize
3.3MB

Download
memory/4588-2263-0x00007FF7AEC20000-0x00007FF7AEF71000-memory.dmp

Filesize
3.3MB

Download
memory/4612-2265-0x00007FF62DE90000-0x00007FF62E1E1000-memory.dmp

Filesize
3.3MB

Download
memory/4612-15-0x00007FF62DE90000-0x00007FF62E1E1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-213-0x00007FF7568B0000-0x00007FF756C01000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2315-0x00007FF7568B0000-0x00007FF756C01000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2273-0x00007FF6D0CD0000-0x00007FF6D1021000-memory.dmp

Filesize
3.3MB

Download
memory/4880-86-0x00007FF6D0CD0000-0x00007FF6D1021000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2303-0x00007FF73D320000-0x00007FF73D671000-memory.dmp

Filesize
3.3MB

Download
memory/4928-206-0x00007FF73D320000-0x00007FF73D671000-memory.dmp

Filesize
3.3MB

Download
memory/5068-2295-0x00007FF613660000-0x00007FF6139B1000-memory.dmp

Filesize
3.3MB

Download
memory/5068-185-0x00007FF613660000-0x00007FF6139B1000-memory.dmp

Filesize
3.3MB

Download
memory/5080-60-0x00007FF7A83C0000-0x00007FF7A8711000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2275-0x00007FF7A83C0000-0x00007FF7A8711000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads