xmrig | 8a54be1cd1222eded1fdc4e1eaafdd5757f866375c0a8058f4f937eaa74e7ec8

Analysis

max time kernel
107s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8035900595405317bd45cb1eb614b500N.exe
Size

828KB
MD5

8035900595405317bd45cb1eb614b500
SHA1

de5d04d79f0b607209b20a76be4a7be2a41a666b
SHA256

8a54be1cd1222eded1fdc4e1eaafdd5757f866375c0a8058f4f937eaa74e7ec8
SHA512

3c8ebc563633ed46c3b7c9d8f71c5321fe870514206ef13e61f4ee3db1363c061cd423825a6b6ee0358dd8a2ee792063c32d40ced18457908db95853494e0736
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727Zvhwv+rjEvZyz:ROdWCCi7/rah8yz

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/1568-316-0x00007FF7E1DE0000-0x00007FF7E2131000-memory.dmp	xmrig
behavioral2/memory/3548-321-0x00007FF77C8D0000-0x00007FF77CC21000-memory.dmp	xmrig
behavioral2/memory/2012-357-0x00007FF74EF10000-0x00007FF74F261000-memory.dmp	xmrig
behavioral2/memory/1164-378-0x00007FF7A2480000-0x00007FF7A27D1000-memory.dmp	xmrig
behavioral2/memory/3188-387-0x00007FF7EB920000-0x00007FF7EBC71000-memory.dmp	xmrig
behavioral2/memory/4736-388-0x00007FF787830000-0x00007FF787B81000-memory.dmp	xmrig
behavioral2/memory/3516-389-0x00007FF705B80000-0x00007FF705ED1000-memory.dmp	xmrig
behavioral2/memory/4868-391-0x00007FF7C5790000-0x00007FF7C5AE1000-memory.dmp	xmrig
behavioral2/memory/3160-392-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp	xmrig
behavioral2/memory/2592-393-0x00007FF758EA0000-0x00007FF7591F1000-memory.dmp	xmrig
behavioral2/memory/3008-390-0x00007FF74DB50000-0x00007FF74DEA1000-memory.dmp	xmrig
behavioral2/memory/4384-405-0x00007FF6089A0000-0x00007FF608CF1000-memory.dmp	xmrig
behavioral2/memory/5068-803-0x00007FF75FFE0000-0x00007FF760331000-memory.dmp	xmrig
behavioral2/memory/4588-1516-0x00007FF6EFAE0000-0x00007FF6EFE31000-memory.dmp	xmrig
behavioral2/memory/1692-1513-0x00007FF702FD0000-0x00007FF703321000-memory.dmp	xmrig
behavioral2/memory/1668-1260-0x00007FF6696A0000-0x00007FF6699F1000-memory.dmp	xmrig
behavioral2/memory/4560-1106-0x00007FF78F020000-0x00007FF78F371000-memory.dmp	xmrig
behavioral2/memory/1180-1100-0x00007FF7E9220000-0x00007FF7E9571000-memory.dmp	xmrig
behavioral2/memory/4036-444-0x00007FF688C50000-0x00007FF688FA1000-memory.dmp	xmrig
behavioral2/memory/1292-427-0x00007FF658FF0000-0x00007FF659341000-memory.dmp	xmrig
behavioral2/memory/3000-412-0x00007FF62A2D0000-0x00007FF62A621000-memory.dmp	xmrig
behavioral2/memory/1440-410-0x00007FF6FD460000-0x00007FF6FD7B1000-memory.dmp	xmrig
behavioral2/memory/4452-394-0x00007FF687540000-0x00007FF687891000-memory.dmp	xmrig
behavioral2/memory/1332-386-0x00007FF654DF0000-0x00007FF655141000-memory.dmp	xmrig
behavioral2/memory/5008-372-0x00007FF743210000-0x00007FF743561000-memory.dmp	xmrig
behavioral2/memory/1392-354-0x00007FF711C40000-0x00007FF711F91000-memory.dmp	xmrig
behavioral2/memory/2488-348-0x00007FF71C3B0000-0x00007FF71C701000-memory.dmp	xmrig
behavioral2/memory/5060-336-0x00007FF7DAC70000-0x00007FF7DAFC1000-memory.dmp	xmrig
behavioral2/memory/1884-308-0x00007FF7AD740000-0x00007FF7ADA91000-memory.dmp	xmrig
behavioral2/memory/4012-29-0x00007FF7D5080000-0x00007FF7D53D1000-memory.dmp	xmrig
behavioral2/memory/4012-2449-0x00007FF7D5080000-0x00007FF7D53D1000-memory.dmp	xmrig
behavioral2/memory/1692-2453-0x00007FF702FD0000-0x00007FF703321000-memory.dmp	xmrig
behavioral2/memory/4588-2455-0x00007FF6EFAE0000-0x00007FF6EFE31000-memory.dmp	xmrig
behavioral2/memory/4560-2451-0x00007FF78F020000-0x00007FF78F371000-memory.dmp	xmrig
behavioral2/memory/1180-2447-0x00007FF7E9220000-0x00007FF7E9571000-memory.dmp	xmrig
behavioral2/memory/1668-2445-0x00007FF6696A0000-0x00007FF6699F1000-memory.dmp	xmrig
behavioral2/memory/4036-2459-0x00007FF688C50000-0x00007FF688FA1000-memory.dmp	xmrig
behavioral2/memory/2488-2467-0x00007FF71C3B0000-0x00007FF71C701000-memory.dmp	xmrig
behavioral2/memory/1392-2469-0x00007FF711C40000-0x00007FF711F91000-memory.dmp	xmrig
behavioral2/memory/5060-2465-0x00007FF7DAC70000-0x00007FF7DAFC1000-memory.dmp	xmrig
behavioral2/memory/3548-2463-0x00007FF77C8D0000-0x00007FF77CC21000-memory.dmp	xmrig
behavioral2/memory/1568-2461-0x00007FF7E1DE0000-0x00007FF7E2131000-memory.dmp	xmrig
behavioral2/memory/5008-2473-0x00007FF743210000-0x00007FF743561000-memory.dmp	xmrig
behavioral2/memory/2012-2471-0x00007FF74EF10000-0x00007FF74F261000-memory.dmp	xmrig
behavioral2/memory/1884-2457-0x00007FF7AD740000-0x00007FF7ADA91000-memory.dmp	xmrig
behavioral2/memory/1164-2477-0x00007FF7A2480000-0x00007FF7A27D1000-memory.dmp	xmrig
behavioral2/memory/4736-2494-0x00007FF787830000-0x00007FF787B81000-memory.dmp	xmrig
behavioral2/memory/3008-2503-0x00007FF74DB50000-0x00007FF74DEA1000-memory.dmp	xmrig
behavioral2/memory/4384-2522-0x00007FF6089A0000-0x00007FF608CF1000-memory.dmp	xmrig
behavioral2/memory/3000-2520-0x00007FF62A2D0000-0x00007FF62A621000-memory.dmp	xmrig
behavioral2/memory/1292-2518-0x00007FF658FF0000-0x00007FF659341000-memory.dmp	xmrig
behavioral2/memory/1440-2514-0x00007FF6FD460000-0x00007FF6FD7B1000-memory.dmp	xmrig
behavioral2/memory/4868-2498-0x00007FF7C5790000-0x00007FF7C5AE1000-memory.dmp	xmrig
behavioral2/memory/3160-2496-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp	xmrig
behavioral2/memory/3188-2492-0x00007FF7EB920000-0x00007FF7EBC71000-memory.dmp	xmrig
behavioral2/memory/2592-2490-0x00007FF758EA0000-0x00007FF7591F1000-memory.dmp	xmrig
behavioral2/memory/3516-2508-0x00007FF705B80000-0x00007FF705ED1000-memory.dmp	xmrig
behavioral2/memory/1332-2475-0x00007FF654DF0000-0x00007FF655141000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1180	vblxMtG.exe
4560	tbrjGfU.exe
1668	FJUJbsq.exe
4012	qKoSHrQ.exe
1692	BSqmWvr.exe
4588	HeTMUiK.exe
4036	gQETxdo.exe
1884	aRtiCki.exe
1568	QqJpDyf.exe
3548	UdbRNZc.exe
5060	kDcsBaj.exe
2488	uwQSdZY.exe
1392	alfjCay.exe
2012	eoTSIIK.exe
5008	nyVbayH.exe
1164	ZLHkrbD.exe
1332	nyVWHqn.exe
3188	kPKvkUA.exe
4736	DxruAng.exe
3516	itBbZmG.exe
3008	CNZQEHb.exe
4868	PioHeUi.exe
3160	AYwmFVq.exe
2592	LJbBdHO.exe
4452	KnidsCi.exe
4384	KfYiyCV.exe
1440	sFfIeUl.exe
3000	DlQFhis.exe
1292	xwRbUHT.exe
1632	cEPODsx.exe
2144	wdKWEaJ.exe
4400	CsxqiPO.exe
1500	CeIrdSg.exe
3868	ejJHhYs.exe
3672	DndVCBV.exe
3980	cjrXZfi.exe
392	lbtUiiQ.exe
2764	BoIhtDF.exe
3532	QsFPPHh.exe
3480	MfsciWT.exe
1260	lJNLGad.exe
1896	oqVdLdF.exe
436	rmbtCmI.exe
4808	eLAXwDO.exe
4300	daFbFRZ.exe
4856	LgEqLPA.exe
1224	wiwGAzT.exe
1832	yeYliLL.exe
700	sFdAryW.exe
4296	wzJpnlI.exe
2216	ZXjVltk.exe
2960	iHmwfsZ.exe
808	FXgNeAN.exe
2032	XLrTypV.exe
2860	lbGDClB.exe
3568	OhPyxWX.exe
1488	lzCdxAo.exe
3296	bgOHamJ.exe
4572	koRfSdA.exe
1928	roAKCMq.exe
1032	sBhwrKC.exe
3312	ouuoZWx.exe
2376	XkewtPh.exe
4072	ajiaAcC.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5068-0-0x00007FF75FFE0000-0x00007FF760331000-memory.dmp	upx
behavioral2/files/0x00090000000233c3-5.dat	upx
behavioral2/files/0x0007000000023427-17.dat	upx
behavioral2/files/0x0007000000023428-31.dat	upx
behavioral2/files/0x000700000002342e-58.dat	upx
behavioral2/files/0x000700000002342f-71.dat	upx
behavioral2/files/0x0007000000023434-88.dat	upx
behavioral2/files/0x0007000000023436-104.dat	upx
behavioral2/files/0x000700000002343a-118.dat	upx
behavioral2/files/0x000700000002343e-138.dat	upx
behavioral2/files/0x0007000000023441-161.dat	upx
behavioral2/memory/1568-316-0x00007FF7E1DE0000-0x00007FF7E2131000-memory.dmp	upx
behavioral2/memory/3548-321-0x00007FF77C8D0000-0x00007FF77CC21000-memory.dmp	upx
behavioral2/memory/2012-357-0x00007FF74EF10000-0x00007FF74F261000-memory.dmp	upx
behavioral2/memory/1164-378-0x00007FF7A2480000-0x00007FF7A27D1000-memory.dmp	upx
behavioral2/memory/3188-387-0x00007FF7EB920000-0x00007FF7EBC71000-memory.dmp	upx
behavioral2/memory/4736-388-0x00007FF787830000-0x00007FF787B81000-memory.dmp	upx
behavioral2/memory/3516-389-0x00007FF705B80000-0x00007FF705ED1000-memory.dmp	upx
behavioral2/memory/4868-391-0x00007FF7C5790000-0x00007FF7C5AE1000-memory.dmp	upx
behavioral2/memory/3160-392-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp	upx
behavioral2/memory/2592-393-0x00007FF758EA0000-0x00007FF7591F1000-memory.dmp	upx
behavioral2/memory/3008-390-0x00007FF74DB50000-0x00007FF74DEA1000-memory.dmp	upx
behavioral2/memory/4384-405-0x00007FF6089A0000-0x00007FF608CF1000-memory.dmp	upx
behavioral2/memory/5068-803-0x00007FF75FFE0000-0x00007FF760331000-memory.dmp	upx
behavioral2/memory/4588-1516-0x00007FF6EFAE0000-0x00007FF6EFE31000-memory.dmp	upx
behavioral2/memory/1692-1513-0x00007FF702FD0000-0x00007FF703321000-memory.dmp	upx
behavioral2/memory/1668-1260-0x00007FF6696A0000-0x00007FF6699F1000-memory.dmp	upx
behavioral2/memory/4560-1106-0x00007FF78F020000-0x00007FF78F371000-memory.dmp	upx
behavioral2/memory/1180-1100-0x00007FF7E9220000-0x00007FF7E9571000-memory.dmp	upx
behavioral2/memory/4036-444-0x00007FF688C50000-0x00007FF688FA1000-memory.dmp	upx
behavioral2/memory/1292-427-0x00007FF658FF0000-0x00007FF659341000-memory.dmp	upx
behavioral2/memory/3000-412-0x00007FF62A2D0000-0x00007FF62A621000-memory.dmp	upx
behavioral2/memory/1440-410-0x00007FF6FD460000-0x00007FF6FD7B1000-memory.dmp	upx
behavioral2/memory/4452-394-0x00007FF687540000-0x00007FF687891000-memory.dmp	upx
behavioral2/memory/1332-386-0x00007FF654DF0000-0x00007FF655141000-memory.dmp	upx
behavioral2/memory/5008-372-0x00007FF743210000-0x00007FF743561000-memory.dmp	upx
behavioral2/memory/1392-354-0x00007FF711C40000-0x00007FF711F91000-memory.dmp	upx
behavioral2/memory/2488-348-0x00007FF71C3B0000-0x00007FF71C701000-memory.dmp	upx
behavioral2/memory/5060-336-0x00007FF7DAC70000-0x00007FF7DAFC1000-memory.dmp	upx
behavioral2/memory/1884-308-0x00007FF7AD740000-0x00007FF7ADA91000-memory.dmp	upx
behavioral2/memory/4588-303-0x00007FF6EFAE0000-0x00007FF6EFE31000-memory.dmp	upx
behavioral2/files/0x0007000000023444-168.dat	upx
behavioral2/files/0x0007000000023442-166.dat	upx
behavioral2/files/0x0007000000023443-163.dat	upx
behavioral2/files/0x0007000000023440-156.dat	upx
behavioral2/files/0x000700000002343f-151.dat	upx
behavioral2/files/0x000700000002343d-141.dat	upx
behavioral2/files/0x000700000002343c-136.dat	upx
behavioral2/files/0x000700000002343b-131.dat	upx
behavioral2/files/0x0007000000023439-121.dat	upx
behavioral2/files/0x0007000000023438-116.dat	upx
behavioral2/files/0x0007000000023437-108.dat	upx
behavioral2/files/0x0007000000023435-101.dat	upx
behavioral2/files/0x0007000000023433-91.dat	upx
behavioral2/files/0x0007000000023432-86.dat	upx
behavioral2/files/0x0007000000023431-81.dat	upx
behavioral2/files/0x0007000000023430-76.dat	upx
behavioral2/files/0x000700000002342d-61.dat	upx
behavioral2/files/0x000700000002342b-56.dat	upx
behavioral2/files/0x000700000002342c-54.dat	upx
behavioral2/files/0x000700000002342a-45.dat	upx
behavioral2/files/0x0007000000023429-41.dat	upx
behavioral2/memory/1692-30-0x00007FF702FD0000-0x00007FF703321000-memory.dmp	upx
behavioral2/memory/4012-29-0x00007FF7D5080000-0x00007FF7D53D1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DJjCJbj.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\cEPODsx.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\iDcMFEG.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\kRyNFgu.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\InPExJG.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\SqSkHKN.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\dnRqZzt.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\MBiafuA.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\JsEmOgD.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\XBnTTWI.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\ozYPnNy.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\cJrBOyK.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\vOUDMTl.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\pELorvL.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\xqCIxLO.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\CNZQEHb.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\cSGVWDR.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\pbiNWpk.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\sorzJTf.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\lbGDClB.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\MZkkSsj.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\EAmwoCW.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\sWVuNfU.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\YziBiMW.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\LomoLoo.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\KfYiyCV.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\vzdZjdj.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\NgfeWYT.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\qWRPAof.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\KDyVIPL.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\yvlKgyQ.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\LJsbIxS.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\syEWZkR.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\BADeTgj.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\QpbLAhp.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\XAmuvNW.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\bDPnVUl.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\AuaDGwe.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\rYSfpiT.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\pREuZnU.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\UJxrYyS.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\yeYliLL.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\bKcZgIi.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\tRhamqM.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\gYwbaKM.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\AdeamxN.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\fFgosdv.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\uynaxKJ.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\ZXjVltk.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\ccsLugl.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\IrpupBy.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\fGpmrbO.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\nIbHlal.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\MyqmTqa.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\jbFCWUd.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\KrZXJZe.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\evyjgDN.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\RQCrxMr.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\DouRvzV.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\bsLyLyP.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\bzcfnJe.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\FNSXqaX.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\VpXOClD.exe	8035900595405317bd45cb1eb614b500N.exe
File created	C:\Windows\System\naEBYCK.exe	8035900595405317bd45cb1eb614b500N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15120	dwm.exe
Token: SeChangeNotifyPrivilege	15120	dwm.exe
Token: 33	15120	dwm.exe
Token: SeIncBasePriorityPrivilege	15120	dwm.exe
Token: SeShutdownPrivilege	15120	dwm.exe
Token: SeCreatePagefilePrivilege	15120	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 1180	5068	8035900595405317bd45cb1eb614b500N.exe	85
PID 5068 wrote to memory of 1180	5068	8035900595405317bd45cb1eb614b500N.exe	85
PID 5068 wrote to memory of 4560	5068	8035900595405317bd45cb1eb614b500N.exe	86
PID 5068 wrote to memory of 4560	5068	8035900595405317bd45cb1eb614b500N.exe	86
PID 5068 wrote to memory of 1668	5068	8035900595405317bd45cb1eb614b500N.exe	87
PID 5068 wrote to memory of 1668	5068	8035900595405317bd45cb1eb614b500N.exe	87
PID 5068 wrote to memory of 4012	5068	8035900595405317bd45cb1eb614b500N.exe	88
PID 5068 wrote to memory of 4012	5068	8035900595405317bd45cb1eb614b500N.exe	88
PID 5068 wrote to memory of 1692	5068	8035900595405317bd45cb1eb614b500N.exe	89
PID 5068 wrote to memory of 1692	5068	8035900595405317bd45cb1eb614b500N.exe	89
PID 5068 wrote to memory of 4588	5068	8035900595405317bd45cb1eb614b500N.exe	90
PID 5068 wrote to memory of 4588	5068	8035900595405317bd45cb1eb614b500N.exe	90
PID 5068 wrote to memory of 4036	5068	8035900595405317bd45cb1eb614b500N.exe	91
PID 5068 wrote to memory of 4036	5068	8035900595405317bd45cb1eb614b500N.exe	91
PID 5068 wrote to memory of 1568	5068	8035900595405317bd45cb1eb614b500N.exe	92
PID 5068 wrote to memory of 1568	5068	8035900595405317bd45cb1eb614b500N.exe	92
PID 5068 wrote to memory of 1884	5068	8035900595405317bd45cb1eb614b500N.exe	93
PID 5068 wrote to memory of 1884	5068	8035900595405317bd45cb1eb614b500N.exe	93
PID 5068 wrote to memory of 3548	5068	8035900595405317bd45cb1eb614b500N.exe	94
PID 5068 wrote to memory of 3548	5068	8035900595405317bd45cb1eb614b500N.exe	94
PID 5068 wrote to memory of 5060	5068	8035900595405317bd45cb1eb614b500N.exe	95
PID 5068 wrote to memory of 5060	5068	8035900595405317bd45cb1eb614b500N.exe	95
PID 5068 wrote to memory of 2488	5068	8035900595405317bd45cb1eb614b500N.exe	96
PID 5068 wrote to memory of 2488	5068	8035900595405317bd45cb1eb614b500N.exe	96
PID 5068 wrote to memory of 1392	5068	8035900595405317bd45cb1eb614b500N.exe	97
PID 5068 wrote to memory of 1392	5068	8035900595405317bd45cb1eb614b500N.exe	97
PID 5068 wrote to memory of 2012	5068	8035900595405317bd45cb1eb614b500N.exe	98
PID 5068 wrote to memory of 2012	5068	8035900595405317bd45cb1eb614b500N.exe	98
PID 5068 wrote to memory of 5008	5068	8035900595405317bd45cb1eb614b500N.exe	99
PID 5068 wrote to memory of 5008	5068	8035900595405317bd45cb1eb614b500N.exe	99
PID 5068 wrote to memory of 1164	5068	8035900595405317bd45cb1eb614b500N.exe	100
PID 5068 wrote to memory of 1164	5068	8035900595405317bd45cb1eb614b500N.exe	100
PID 5068 wrote to memory of 1332	5068	8035900595405317bd45cb1eb614b500N.exe	101
PID 5068 wrote to memory of 1332	5068	8035900595405317bd45cb1eb614b500N.exe	101
PID 5068 wrote to memory of 3188	5068	8035900595405317bd45cb1eb614b500N.exe	102
PID 5068 wrote to memory of 3188	5068	8035900595405317bd45cb1eb614b500N.exe	102
PID 5068 wrote to memory of 4736	5068	8035900595405317bd45cb1eb614b500N.exe	103
PID 5068 wrote to memory of 4736	5068	8035900595405317bd45cb1eb614b500N.exe	103
PID 5068 wrote to memory of 3516	5068	8035900595405317bd45cb1eb614b500N.exe	104
PID 5068 wrote to memory of 3516	5068	8035900595405317bd45cb1eb614b500N.exe	104
PID 5068 wrote to memory of 3008	5068	8035900595405317bd45cb1eb614b500N.exe	105
PID 5068 wrote to memory of 3008	5068	8035900595405317bd45cb1eb614b500N.exe	105
PID 5068 wrote to memory of 4868	5068	8035900595405317bd45cb1eb614b500N.exe	106
PID 5068 wrote to memory of 4868	5068	8035900595405317bd45cb1eb614b500N.exe	106
PID 5068 wrote to memory of 3160	5068	8035900595405317bd45cb1eb614b500N.exe	107
PID 5068 wrote to memory of 3160	5068	8035900595405317bd45cb1eb614b500N.exe	107
PID 5068 wrote to memory of 2592	5068	8035900595405317bd45cb1eb614b500N.exe	108
PID 5068 wrote to memory of 2592	5068	8035900595405317bd45cb1eb614b500N.exe	108
PID 5068 wrote to memory of 4452	5068	8035900595405317bd45cb1eb614b500N.exe	109
PID 5068 wrote to memory of 4452	5068	8035900595405317bd45cb1eb614b500N.exe	109
PID 5068 wrote to memory of 4384	5068	8035900595405317bd45cb1eb614b500N.exe	110
PID 5068 wrote to memory of 4384	5068	8035900595405317bd45cb1eb614b500N.exe	110
PID 5068 wrote to memory of 1440	5068	8035900595405317bd45cb1eb614b500N.exe	111
PID 5068 wrote to memory of 1440	5068	8035900595405317bd45cb1eb614b500N.exe	111
PID 5068 wrote to memory of 3000	5068	8035900595405317bd45cb1eb614b500N.exe	112
PID 5068 wrote to memory of 3000	5068	8035900595405317bd45cb1eb614b500N.exe	112
PID 5068 wrote to memory of 1292	5068	8035900595405317bd45cb1eb614b500N.exe	113
PID 5068 wrote to memory of 1292	5068	8035900595405317bd45cb1eb614b500N.exe	113
PID 5068 wrote to memory of 1632	5068	8035900595405317bd45cb1eb614b500N.exe	114
PID 5068 wrote to memory of 1632	5068	8035900595405317bd45cb1eb614b500N.exe	114
PID 5068 wrote to memory of 2144	5068	8035900595405317bd45cb1eb614b500N.exe	115
PID 5068 wrote to memory of 2144	5068	8035900595405317bd45cb1eb614b500N.exe	115
PID 5068 wrote to memory of 4400	5068	8035900595405317bd45cb1eb614b500N.exe	116
PID 5068 wrote to memory of 4400	5068	8035900595405317bd45cb1eb614b500N.exe	116

C:\Users\Admin\AppData\Local\Temp\8035900595405317bd45cb1eb614b500N.exe
"C:\Users\Admin\AppData\Local\Temp\8035900595405317bd45cb1eb614b500N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Windows\System\vblxMtG.exe
  C:\Windows\System\vblxMtG.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\tbrjGfU.exe
  C:\Windows\System\tbrjGfU.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\FJUJbsq.exe
  C:\Windows\System\FJUJbsq.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\qKoSHrQ.exe
  C:\Windows\System\qKoSHrQ.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\BSqmWvr.exe
  C:\Windows\System\BSqmWvr.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\HeTMUiK.exe
  C:\Windows\System\HeTMUiK.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\gQETxdo.exe
  C:\Windows\System\gQETxdo.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\QqJpDyf.exe
  C:\Windows\System\QqJpDyf.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\aRtiCki.exe
  C:\Windows\System\aRtiCki.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\UdbRNZc.exe
  C:\Windows\System\UdbRNZc.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\kDcsBaj.exe
  C:\Windows\System\kDcsBaj.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\uwQSdZY.exe
  C:\Windows\System\uwQSdZY.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\alfjCay.exe
  C:\Windows\System\alfjCay.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\eoTSIIK.exe
  C:\Windows\System\eoTSIIK.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\nyVbayH.exe
  C:\Windows\System\nyVbayH.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\ZLHkrbD.exe
  C:\Windows\System\ZLHkrbD.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\nyVWHqn.exe
  C:\Windows\System\nyVWHqn.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\kPKvkUA.exe
  C:\Windows\System\kPKvkUA.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\DxruAng.exe
  C:\Windows\System\DxruAng.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\itBbZmG.exe
  C:\Windows\System\itBbZmG.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\CNZQEHb.exe
  C:\Windows\System\CNZQEHb.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\PioHeUi.exe
  C:\Windows\System\PioHeUi.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\AYwmFVq.exe
  C:\Windows\System\AYwmFVq.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\LJbBdHO.exe
  C:\Windows\System\LJbBdHO.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\KnidsCi.exe
  C:\Windows\System\KnidsCi.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\KfYiyCV.exe
  C:\Windows\System\KfYiyCV.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\sFfIeUl.exe
  C:\Windows\System\sFfIeUl.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\DlQFhis.exe
  C:\Windows\System\DlQFhis.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\xwRbUHT.exe
  C:\Windows\System\xwRbUHT.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\cEPODsx.exe
  C:\Windows\System\cEPODsx.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\wdKWEaJ.exe
  C:\Windows\System\wdKWEaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\CsxqiPO.exe
  C:\Windows\System\CsxqiPO.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\CeIrdSg.exe
  C:\Windows\System\CeIrdSg.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\ejJHhYs.exe
  C:\Windows\System\ejJHhYs.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\DndVCBV.exe
  C:\Windows\System\DndVCBV.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\cjrXZfi.exe
  C:\Windows\System\cjrXZfi.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\lbtUiiQ.exe
  C:\Windows\System\lbtUiiQ.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\BoIhtDF.exe
  C:\Windows\System\BoIhtDF.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\QsFPPHh.exe
  C:\Windows\System\QsFPPHh.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\MfsciWT.exe
  C:\Windows\System\MfsciWT.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\lJNLGad.exe
  C:\Windows\System\lJNLGad.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\oqVdLdF.exe
  C:\Windows\System\oqVdLdF.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\rmbtCmI.exe
  C:\Windows\System\rmbtCmI.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\eLAXwDO.exe
  C:\Windows\System\eLAXwDO.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\daFbFRZ.exe
  C:\Windows\System\daFbFRZ.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\LgEqLPA.exe
  C:\Windows\System\LgEqLPA.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\wiwGAzT.exe
  C:\Windows\System\wiwGAzT.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\yeYliLL.exe
  C:\Windows\System\yeYliLL.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\sFdAryW.exe
  C:\Windows\System\sFdAryW.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\wzJpnlI.exe
  C:\Windows\System\wzJpnlI.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\ZXjVltk.exe
  C:\Windows\System\ZXjVltk.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\iHmwfsZ.exe
  C:\Windows\System\iHmwfsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\FXgNeAN.exe
  C:\Windows\System\FXgNeAN.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\XLrTypV.exe
  C:\Windows\System\XLrTypV.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\lbGDClB.exe
  C:\Windows\System\lbGDClB.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\OhPyxWX.exe
  C:\Windows\System\OhPyxWX.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\lzCdxAo.exe
  C:\Windows\System\lzCdxAo.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\bgOHamJ.exe
  C:\Windows\System\bgOHamJ.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\koRfSdA.exe
  C:\Windows\System\koRfSdA.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\roAKCMq.exe
  C:\Windows\System\roAKCMq.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\sBhwrKC.exe
  C:\Windows\System\sBhwrKC.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\ouuoZWx.exe
  C:\Windows\System\ouuoZWx.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\XkewtPh.exe
  C:\Windows\System\XkewtPh.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\ajiaAcC.exe
  C:\Windows\System\ajiaAcC.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\qZzStLV.exe
  C:\Windows\System\qZzStLV.exe
  2⤵
  PID:4980
- C:\Windows\System\TryTYRR.exe
  C:\Windows\System\TryTYRR.exe
  2⤵
  PID:2248
- C:\Windows\System\oNqNjzR.exe
  C:\Windows\System\oNqNjzR.exe
  2⤵
  PID:3348
- C:\Windows\System\BxGUexm.exe
  C:\Windows\System\BxGUexm.exe
  2⤵
  PID:2688
- C:\Windows\System\zXuFZae.exe
  C:\Windows\System\zXuFZae.exe
  2⤵
  PID:2864
- C:\Windows\System\UagpNhy.exe
  C:\Windows\System\UagpNhy.exe
  2⤵
  PID:4544
- C:\Windows\System\KwBkusH.exe
  C:\Windows\System\KwBkusH.exe
  2⤵
  PID:1560
- C:\Windows\System\AZsNpgn.exe
  C:\Windows\System\AZsNpgn.exe
  2⤵
  PID:2516
- C:\Windows\System\hedgyGP.exe
  C:\Windows\System\hedgyGP.exe
  2⤵
  PID:3492
- C:\Windows\System\jloxiTp.exe
  C:\Windows\System\jloxiTp.exe
  2⤵
  PID:4580
- C:\Windows\System\TovxXim.exe
  C:\Windows\System\TovxXim.exe
  2⤵
  PID:1964
- C:\Windows\System\ZMkmJgj.exe
  C:\Windows\System\ZMkmJgj.exe
  2⤵
  PID:684
- C:\Windows\System\AdeamxN.exe
  C:\Windows\System\AdeamxN.exe
  2⤵
  PID:1252
- C:\Windows\System\pRGutZK.exe
  C:\Windows\System\pRGutZK.exe
  2⤵
  PID:3208
- C:\Windows\System\TDuHnuL.exe
  C:\Windows\System\TDuHnuL.exe
  2⤵
  PID:1256
- C:\Windows\System\fNhzmVu.exe
  C:\Windows\System\fNhzmVu.exe
  2⤵
  PID:4488
- C:\Windows\System\LJsbIxS.exe
  C:\Windows\System\LJsbIxS.exe
  2⤵
  PID:1824
- C:\Windows\System\pZRQtYz.exe
  C:\Windows\System\pZRQtYz.exe
  2⤵
  PID:4332
- C:\Windows\System\LYzpIeX.exe
  C:\Windows\System\LYzpIeX.exe
  2⤵
  PID:3588
- C:\Windows\System\ArFLFHN.exe
  C:\Windows\System\ArFLFHN.exe
  2⤵
  PID:1324
- C:\Windows\System\nqkXzro.exe
  C:\Windows\System\nqkXzro.exe
  2⤵
  PID:3900
- C:\Windows\System\lKHkyYB.exe
  C:\Windows\System\lKHkyYB.exe
  2⤵
  PID:1940
- C:\Windows\System\wSCRrrb.exe
  C:\Windows\System\wSCRrrb.exe
  2⤵
  PID:3604
- C:\Windows\System\XGWaVbd.exe
  C:\Windows\System\XGWaVbd.exe
  2⤵
  PID:3572
- C:\Windows\System\zKwIcmX.exe
  C:\Windows\System\zKwIcmX.exe
  2⤵
  PID:2408
- C:\Windows\System\GJeHGvG.exe
  C:\Windows\System\GJeHGvG.exe
  2⤵
  PID:4612
- C:\Windows\System\QUjqnMn.exe
  C:\Windows\System\QUjqnMn.exe
  2⤵
  PID:4884
- C:\Windows\System\kDyLOMU.exe
  C:\Windows\System\kDyLOMU.exe
  2⤵
  PID:2268
- C:\Windows\System\XdNyqcU.exe
  C:\Windows\System\XdNyqcU.exe
  2⤵
  PID:2872
- C:\Windows\System\iDcMFEG.exe
  C:\Windows\System\iDcMFEG.exe
  2⤵
  PID:4972
- C:\Windows\System\uLYKkMo.exe
  C:\Windows\System\uLYKkMo.exe
  2⤵
  PID:3488
- C:\Windows\System\ImyRmFe.exe
  C:\Windows\System\ImyRmFe.exe
  2⤵
  PID:1304
- C:\Windows\System\ZQizUEN.exe
  C:\Windows\System\ZQizUEN.exe
  2⤵
  PID:2092
- C:\Windows\System\RQCrxMr.exe
  C:\Windows\System\RQCrxMr.exe
  2⤵
  PID:4936
- C:\Windows\System\rjRBEOO.exe
  C:\Windows\System\rjRBEOO.exe
  2⤵
  PID:2564
- C:\Windows\System\fPlHRih.exe
  C:\Windows\System\fPlHRih.exe
  2⤵
  PID:3968
- C:\Windows\System\GeQRgxF.exe
  C:\Windows\System\GeQRgxF.exe
  2⤵
  PID:4352
- C:\Windows\System\mzicjfe.exe
  C:\Windows\System\mzicjfe.exe
  2⤵
  PID:320
- C:\Windows\System\ECQMfdA.exe
  C:\Windows\System\ECQMfdA.exe
  2⤵
  PID:672
- C:\Windows\System\MegADWO.exe
  C:\Windows\System\MegADWO.exe
  2⤵
  PID:1980
- C:\Windows\System\iQLpgKp.exe
  C:\Windows\System\iQLpgKp.exe
  2⤵
  PID:1340
- C:\Windows\System\iVqWwzY.exe
  C:\Windows\System\iVqWwzY.exe
  2⤵
  PID:5160
- C:\Windows\System\ZVWrwPP.exe
  C:\Windows\System\ZVWrwPP.exe
  2⤵
  PID:5180
- C:\Windows\System\HBiMblN.exe
  C:\Windows\System\HBiMblN.exe
  2⤵
  PID:5196
- C:\Windows\System\IbHNjmf.exe
  C:\Windows\System\IbHNjmf.exe
  2⤵
  PID:5232
- C:\Windows\System\VHCTfzc.exe
  C:\Windows\System\VHCTfzc.exe
  2⤵
  PID:5248
- C:\Windows\System\hLOkesn.exe
  C:\Windows\System\hLOkesn.exe
  2⤵
  PID:5268
- C:\Windows\System\oeWhQdK.exe
  C:\Windows\System\oeWhQdK.exe
  2⤵
  PID:5284
- C:\Windows\System\UExbhey.exe
  C:\Windows\System\UExbhey.exe
  2⤵
  PID:5300
- C:\Windows\System\bFuxGTV.exe
  C:\Windows\System\bFuxGTV.exe
  2⤵
  PID:5324
- C:\Windows\System\GTYrveB.exe
  C:\Windows\System\GTYrveB.exe
  2⤵
  PID:5360
- C:\Windows\System\JpPecqC.exe
  C:\Windows\System\JpPecqC.exe
  2⤵
  PID:5392
- C:\Windows\System\UmTKaAG.exe
  C:\Windows\System\UmTKaAG.exe
  2⤵
  PID:5408
- C:\Windows\System\tXamHKu.exe
  C:\Windows\System\tXamHKu.exe
  2⤵
  PID:5424
- C:\Windows\System\EHYaTuF.exe
  C:\Windows\System\EHYaTuF.exe
  2⤵
  PID:5444
- C:\Windows\System\emgWzlo.exe
  C:\Windows\System\emgWzlo.exe
  2⤵
  PID:5460
- C:\Windows\System\kwXJInt.exe
  C:\Windows\System\kwXJInt.exe
  2⤵
  PID:5484
- C:\Windows\System\ShDevTz.exe
  C:\Windows\System\ShDevTz.exe
  2⤵
  PID:5508
- C:\Windows\System\XdoiDYb.exe
  C:\Windows\System\XdoiDYb.exe
  2⤵
  PID:5536
- C:\Windows\System\mzEnNUZ.exe
  C:\Windows\System\mzEnNUZ.exe
  2⤵
  PID:5556
- C:\Windows\System\XAmuvNW.exe
  C:\Windows\System\XAmuvNW.exe
  2⤵
  PID:5636
- C:\Windows\System\oTKuigl.exe
  C:\Windows\System\oTKuigl.exe
  2⤵
  PID:5660
- C:\Windows\System\ZqpGCNK.exe
  C:\Windows\System\ZqpGCNK.exe
  2⤵
  PID:5704
- C:\Windows\System\CwvabCT.exe
  C:\Windows\System\CwvabCT.exe
  2⤵
  PID:5748
- C:\Windows\System\UrmvhmD.exe
  C:\Windows\System\UrmvhmD.exe
  2⤵
  PID:5768
- C:\Windows\System\eBwafXz.exe
  C:\Windows\System\eBwafXz.exe
  2⤵
  PID:5796
- C:\Windows\System\EmXMbuV.exe
  C:\Windows\System\EmXMbuV.exe
  2⤵
  PID:5836
- C:\Windows\System\JsEmOgD.exe
  C:\Windows\System\JsEmOgD.exe
  2⤵
  PID:5852
- C:\Windows\System\jklffIT.exe
  C:\Windows\System\jklffIT.exe
  2⤵
  PID:5880
- C:\Windows\System\QFjSgNt.exe
  C:\Windows\System\QFjSgNt.exe
  2⤵
  PID:5928
- C:\Windows\System\AvOOdZm.exe
  C:\Windows\System\AvOOdZm.exe
  2⤵
  PID:5944
- C:\Windows\System\hCWAYeU.exe
  C:\Windows\System\hCWAYeU.exe
  2⤵
  PID:5976
- C:\Windows\System\IjHezpL.exe
  C:\Windows\System\IjHezpL.exe
  2⤵
  PID:5996
- C:\Windows\System\JenDLhc.exe
  C:\Windows\System\JenDLhc.exe
  2⤵
  PID:6040
- C:\Windows\System\tCWtBjS.exe
  C:\Windows\System\tCWtBjS.exe
  2⤵
  PID:6076
- C:\Windows\System\oUInDBR.exe
  C:\Windows\System\oUInDBR.exe
  2⤵
  PID:6100
- C:\Windows\System\gLlTVzZ.exe
  C:\Windows\System\gLlTVzZ.exe
  2⤵
  PID:6116
- C:\Windows\System\KWectXB.exe
  C:\Windows\System\KWectXB.exe
  2⤵
  PID:6140
- C:\Windows\System\ccsLugl.exe
  C:\Windows\System\ccsLugl.exe
  2⤵
  PID:3612
- C:\Windows\System\AhewJCx.exe
  C:\Windows\System\AhewJCx.exe
  2⤵
  PID:5280
- C:\Windows\System\fQkVzmY.exe
  C:\Windows\System\fQkVzmY.exe
  2⤵
  PID:5312
- C:\Windows\System\ZIPktkD.exe
  C:\Windows\System\ZIPktkD.exe
  2⤵
  PID:5420
- C:\Windows\System\RNmGAFz.exe
  C:\Windows\System\RNmGAFz.exe
  2⤵
  PID:5468
- C:\Windows\System\XBnTTWI.exe
  C:\Windows\System\XBnTTWI.exe
  2⤵
  PID:5648
- C:\Windows\System\FAJJrmG.exe
  C:\Windows\System\FAJJrmG.exe
  2⤵
  PID:5572
- C:\Windows\System\PSjOdyo.exe
  C:\Windows\System\PSjOdyo.exe
  2⤵
  PID:5736
- C:\Windows\System\AsWczWy.exe
  C:\Windows\System\AsWczWy.exe
  2⤵
  PID:5712
- C:\Windows\System\gckayjV.exe
  C:\Windows\System\gckayjV.exe
  2⤵
  PID:5844
- C:\Windows\System\YFojmLI.exe
  C:\Windows\System\YFojmLI.exe
  2⤵
  PID:5900
- C:\Windows\System\YwWTDbk.exe
  C:\Windows\System\YwWTDbk.exe
  2⤵
  PID:5968
- C:\Windows\System\aIuDMfu.exe
  C:\Windows\System\aIuDMfu.exe
  2⤵
  PID:5992
- C:\Windows\System\FdQkIrH.exe
  C:\Windows\System\FdQkIrH.exe
  2⤵
  PID:6024
- C:\Windows\System\fFgosdv.exe
  C:\Windows\System\fFgosdv.exe
  2⤵
  PID:6084
- C:\Windows\System\NCmrBxy.exe
  C:\Windows\System\NCmrBxy.exe
  2⤵
  PID:6132
- C:\Windows\System\HFzWaXK.exe
  C:\Windows\System\HFzWaXK.exe
  2⤵
  PID:5192
- C:\Windows\System\zWqqtTj.exe
  C:\Windows\System\zWqqtTj.exe
  2⤵
  PID:5296
- C:\Windows\System\guijdwN.exe
  C:\Windows\System\guijdwN.exe
  2⤵
  PID:5292
- C:\Windows\System\iKKlajj.exe
  C:\Windows\System\iKKlajj.exe
  2⤵
  PID:5456
- C:\Windows\System\ANcrirc.exe
  C:\Windows\System\ANcrirc.exe
  2⤵
  PID:2992
- C:\Windows\System\LREMqSw.exe
  C:\Windows\System\LREMqSw.exe
  2⤵
  PID:5868
- C:\Windows\System\pbfUXvC.exe
  C:\Windows\System\pbfUXvC.exe
  2⤵
  PID:5964
- C:\Windows\System\jyxAnUD.exe
  C:\Windows\System\jyxAnUD.exe
  2⤵
  PID:5224
- C:\Windows\System\AoQOVEi.exe
  C:\Windows\System\AoQOVEi.exe
  2⤵
  PID:5812
- C:\Windows\System\rUMyLmq.exe
  C:\Windows\System\rUMyLmq.exe
  2⤵
  PID:6072
- C:\Windows\System\bDPnVUl.exe
  C:\Windows\System\bDPnVUl.exe
  2⤵
  PID:6124
- C:\Windows\System\DRhpJcD.exe
  C:\Windows\System\DRhpJcD.exe
  2⤵
  PID:6172
- C:\Windows\System\eGsMuHc.exe
  C:\Windows\System\eGsMuHc.exe
  2⤵
  PID:6188
- C:\Windows\System\YuptYof.exe
  C:\Windows\System\YuptYof.exe
  2⤵
  PID:6216
- C:\Windows\System\uynaxKJ.exe
  C:\Windows\System\uynaxKJ.exe
  2⤵
  PID:6236
- C:\Windows\System\zKQEuRX.exe
  C:\Windows\System\zKQEuRX.exe
  2⤵
  PID:6284
- C:\Windows\System\hfIbiLL.exe
  C:\Windows\System\hfIbiLL.exe
  2⤵
  PID:6308
- C:\Windows\System\owzUTOj.exe
  C:\Windows\System\owzUTOj.exe
  2⤵
  PID:6328
- C:\Windows\System\AuaDGwe.exe
  C:\Windows\System\AuaDGwe.exe
  2⤵
  PID:6344
- C:\Windows\System\rBpIgIE.exe
  C:\Windows\System\rBpIgIE.exe
  2⤵
  PID:6364
- C:\Windows\System\FApgNrA.exe
  C:\Windows\System\FApgNrA.exe
  2⤵
  PID:6384
- C:\Windows\System\vzdZjdj.exe
  C:\Windows\System\vzdZjdj.exe
  2⤵
  PID:6404
- C:\Windows\System\SEYduvR.exe
  C:\Windows\System\SEYduvR.exe
  2⤵
  PID:6428
- C:\Windows\System\nWjmvQf.exe
  C:\Windows\System\nWjmvQf.exe
  2⤵
  PID:6448
- C:\Windows\System\qCCFmPo.exe
  C:\Windows\System\qCCFmPo.exe
  2⤵
  PID:6528
- C:\Windows\System\cJrBOyK.exe
  C:\Windows\System\cJrBOyK.exe
  2⤵
  PID:6544
- C:\Windows\System\TNtMFTl.exe
  C:\Windows\System\TNtMFTl.exe
  2⤵
  PID:6564
- C:\Windows\System\XrXnzbp.exe
  C:\Windows\System\XrXnzbp.exe
  2⤵
  PID:6592
- C:\Windows\System\UlfVcTT.exe
  C:\Windows\System\UlfVcTT.exe
  2⤵
  PID:6616
- C:\Windows\System\dvZZKOg.exe
  C:\Windows\System\dvZZKOg.exe
  2⤵
  PID:6632
- C:\Windows\System\nUyEzIr.exe
  C:\Windows\System\nUyEzIr.exe
  2⤵
  PID:6652
- C:\Windows\System\QcnxBYF.exe
  C:\Windows\System\QcnxBYF.exe
  2⤵
  PID:6680
- C:\Windows\System\iApypOR.exe
  C:\Windows\System\iApypOR.exe
  2⤵
  PID:6748
- C:\Windows\System\lTHRDcY.exe
  C:\Windows\System\lTHRDcY.exe
  2⤵
  PID:6764
- C:\Windows\System\DouRvzV.exe
  C:\Windows\System\DouRvzV.exe
  2⤵
  PID:6784
- C:\Windows\System\ZgyUmtd.exe
  C:\Windows\System\ZgyUmtd.exe
  2⤵
  PID:6800
- C:\Windows\System\TlnKLEx.exe
  C:\Windows\System\TlnKLEx.exe
  2⤵
  PID:6824
- C:\Windows\System\srQpZJk.exe
  C:\Windows\System\srQpZJk.exe
  2⤵
  PID:6848
- C:\Windows\System\ZsjQmGB.exe
  C:\Windows\System\ZsjQmGB.exe
  2⤵
  PID:6892
- C:\Windows\System\RXnhBnD.exe
  C:\Windows\System\RXnhBnD.exe
  2⤵
  PID:6908
- C:\Windows\System\XDNcnHc.exe
  C:\Windows\System\XDNcnHc.exe
  2⤵
  PID:6932
- C:\Windows\System\NgfeWYT.exe
  C:\Windows\System\NgfeWYT.exe
  2⤵
  PID:6948
- C:\Windows\System\nsRFWVK.exe
  C:\Windows\System\nsRFWVK.exe
  2⤵
  PID:6968
- C:\Windows\System\IRKgxeI.exe
  C:\Windows\System\IRKgxeI.exe
  2⤵
  PID:6988
- C:\Windows\System\IyLrfGb.exe
  C:\Windows\System\IyLrfGb.exe
  2⤵
  PID:7004
- C:\Windows\System\oXBkePi.exe
  C:\Windows\System\oXBkePi.exe
  2⤵
  PID:7020
- C:\Windows\System\umgkWij.exe
  C:\Windows\System\umgkWij.exe
  2⤵
  PID:7044
- C:\Windows\System\iXcJask.exe
  C:\Windows\System\iXcJask.exe
  2⤵
  PID:7060
- C:\Windows\System\BhvJvYW.exe
  C:\Windows\System\BhvJvYW.exe
  2⤵
  PID:7080
- C:\Windows\System\XuDsfPe.exe
  C:\Windows\System\XuDsfPe.exe
  2⤵
  PID:7096
- C:\Windows\System\TOaTAEd.exe
  C:\Windows\System\TOaTAEd.exe
  2⤵
  PID:7116
- C:\Windows\System\upgWufA.exe
  C:\Windows\System\upgWufA.exe
  2⤵
  PID:7132
- C:\Windows\System\JLczsUM.exe
  C:\Windows\System\JLczsUM.exe
  2⤵
  PID:6156
- C:\Windows\System\mnqUwvG.exe
  C:\Windows\System\mnqUwvG.exe
  2⤵
  PID:6184
- C:\Windows\System\CUmBXCS.exe
  C:\Windows\System\CUmBXCS.exe
  2⤵
  PID:6232
- C:\Windows\System\ldkoJRW.exe
  C:\Windows\System\ldkoJRW.exe
  2⤵
  PID:6292
- C:\Windows\System\RlXrxGF.exe
  C:\Windows\System\RlXrxGF.exe
  2⤵
  PID:6424
- C:\Windows\System\bzpcvzh.exe
  C:\Windows\System\bzpcvzh.exe
  2⤵
  PID:6484
- C:\Windows\System\RLRoNGU.exe
  C:\Windows\System\RLRoNGU.exe
  2⤵
  PID:6556
- C:\Windows\System\UlqJXXj.exe
  C:\Windows\System\UlqJXXj.exe
  2⤵
  PID:6648
- C:\Windows\System\uKIjeKe.exe
  C:\Windows\System\uKIjeKe.exe
  2⤵
  PID:6780
- C:\Windows\System\vOUDMTl.exe
  C:\Windows\System\vOUDMTl.exe
  2⤵
  PID:6884
- C:\Windows\System\JhqJGpD.exe
  C:\Windows\System\JhqJGpD.exe
  2⤵
  PID:6984
- C:\Windows\System\XtqqrfC.exe
  C:\Windows\System\XtqqrfC.exe
  2⤵
  PID:6900
- C:\Windows\System\dqDwrUf.exe
  C:\Windows\System\dqDwrUf.exe
  2⤵
  PID:3996
- C:\Windows\System\IrpupBy.exe
  C:\Windows\System\IrpupBy.exe
  2⤵
  PID:7128
- C:\Windows\System\vzufzWc.exe
  C:\Windows\System\vzufzWc.exe
  2⤵
  PID:6200
- C:\Windows\System\hWtaWDF.exe
  C:\Windows\System\hWtaWDF.exe
  2⤵
  PID:7112
- C:\Windows\System\opyIAHo.exe
  C:\Windows\System\opyIAHo.exe
  2⤵
  PID:2180
- C:\Windows\System\mksdecq.exe
  C:\Windows\System\mksdecq.exe
  2⤵
  PID:6276
- C:\Windows\System\PxQaqZx.exe
  C:\Windows\System\PxQaqZx.exe
  2⤵
  PID:6340
- C:\Windows\System\UgFoaWC.exe
  C:\Windows\System\UgFoaWC.exe
  2⤵
  PID:6712
- C:\Windows\System\RtNZONH.exe
  C:\Windows\System\RtNZONH.exe
  2⤵
  PID:7000
- C:\Windows\System\wSTnElL.exe
  C:\Windows\System\wSTnElL.exe
  2⤵
  PID:7056
- C:\Windows\System\NCITvbL.exe
  C:\Windows\System\NCITvbL.exe
  2⤵
  PID:6844
- C:\Windows\System\RDLPHqH.exe
  C:\Windows\System\RDLPHqH.exe
  2⤵
  PID:6640
- C:\Windows\System\YclYwOm.exe
  C:\Windows\System\YclYwOm.exe
  2⤵
  PID:7180
- C:\Windows\System\OoRCPJj.exe
  C:\Windows\System\OoRCPJj.exe
  2⤵
  PID:7212
- C:\Windows\System\ZGbNnup.exe
  C:\Windows\System\ZGbNnup.exe
  2⤵
  PID:7232
- C:\Windows\System\GVEDngB.exe
  C:\Windows\System\GVEDngB.exe
  2⤵
  PID:7260
- C:\Windows\System\iEATozu.exe
  C:\Windows\System\iEATozu.exe
  2⤵
  PID:7276
- C:\Windows\System\egfFaWM.exe
  C:\Windows\System\egfFaWM.exe
  2⤵
  PID:7348
- C:\Windows\System\YEYoQnR.exe
  C:\Windows\System\YEYoQnR.exe
  2⤵
  PID:7380
- C:\Windows\System\SLAWTds.exe
  C:\Windows\System\SLAWTds.exe
  2⤵
  PID:7396
- C:\Windows\System\aHInrXM.exe
  C:\Windows\System\aHInrXM.exe
  2⤵
  PID:7424
- C:\Windows\System\OgVtcze.exe
  C:\Windows\System\OgVtcze.exe
  2⤵
  PID:7440
- C:\Windows\System\mGUWqeF.exe
  C:\Windows\System\mGUWqeF.exe
  2⤵
  PID:7472
- C:\Windows\System\VagTxcG.exe
  C:\Windows\System\VagTxcG.exe
  2⤵
  PID:7496
- C:\Windows\System\kpKRXnm.exe
  C:\Windows\System\kpKRXnm.exe
  2⤵
  PID:7544
- C:\Windows\System\BlevAYW.exe
  C:\Windows\System\BlevAYW.exe
  2⤵
  PID:7560
- C:\Windows\System\yNktEMZ.exe
  C:\Windows\System\yNktEMZ.exe
  2⤵
  PID:7600
- C:\Windows\System\uLbjPPZ.exe
  C:\Windows\System\uLbjPPZ.exe
  2⤵
  PID:7644
- C:\Windows\System\LVhWBic.exe
  C:\Windows\System\LVhWBic.exe
  2⤵
  PID:7668
- C:\Windows\System\ByQMOtx.exe
  C:\Windows\System\ByQMOtx.exe
  2⤵
  PID:7688
- C:\Windows\System\KlKYTiZ.exe
  C:\Windows\System\KlKYTiZ.exe
  2⤵
  PID:7724
- C:\Windows\System\VAdJTOo.exe
  C:\Windows\System\VAdJTOo.exe
  2⤵
  PID:7744
- C:\Windows\System\YdSFrYY.exe
  C:\Windows\System\YdSFrYY.exe
  2⤵
  PID:7768
- C:\Windows\System\hTZWTSv.exe
  C:\Windows\System\hTZWTSv.exe
  2⤵
  PID:7788
- C:\Windows\System\nhLgriN.exe
  C:\Windows\System\nhLgriN.exe
  2⤵
  PID:7836
- C:\Windows\System\NFaQMOl.exe
  C:\Windows\System\NFaQMOl.exe
  2⤵
  PID:7852
- C:\Windows\System\LJbiTTP.exe
  C:\Windows\System\LJbiTTP.exe
  2⤵
  PID:7880
- C:\Windows\System\MZkkSsj.exe
  C:\Windows\System\MZkkSsj.exe
  2⤵
  PID:7924
- C:\Windows\System\ipkbhEg.exe
  C:\Windows\System\ipkbhEg.exe
  2⤵
  PID:7940
- C:\Windows\System\XZgvVaY.exe
  C:\Windows\System\XZgvVaY.exe
  2⤵
  PID:7968
- C:\Windows\System\tOJXmnN.exe
  C:\Windows\System\tOJXmnN.exe
  2⤵
  PID:7988
- C:\Windows\System\TzkChZX.exe
  C:\Windows\System\TzkChZX.exe
  2⤵
  PID:8004
- C:\Windows\System\vcpxEDA.exe
  C:\Windows\System\vcpxEDA.exe
  2⤵
  PID:8024
- C:\Windows\System\qCQvGzV.exe
  C:\Windows\System\qCQvGzV.exe
  2⤵
  PID:8096
- C:\Windows\System\CrsTJep.exe
  C:\Windows\System\CrsTJep.exe
  2⤵
  PID:8116
- C:\Windows\System\rSkCwie.exe
  C:\Windows\System\rSkCwie.exe
  2⤵
  PID:8140
- C:\Windows\System\jbFCWUd.exe
  C:\Windows\System\jbFCWUd.exe
  2⤵
  PID:8160
- C:\Windows\System\KESkGGy.exe
  C:\Windows\System\KESkGGy.exe
  2⤵
  PID:8180
- C:\Windows\System\VpXOClD.exe
  C:\Windows\System\VpXOClD.exe
  2⤵
  PID:6476
- C:\Windows\System\ksKXjXI.exe
  C:\Windows\System\ksKXjXI.exe
  2⤵
  PID:7220
- C:\Windows\System\ncIuAoZ.exe
  C:\Windows\System\ncIuAoZ.exe
  2⤵
  PID:7284
- C:\Windows\System\qbMfLqW.exe
  C:\Windows\System\qbMfLqW.exe
  2⤵
  PID:7312
- C:\Windows\System\HjplImW.exe
  C:\Windows\System\HjplImW.exe
  2⤵
  PID:7392
- C:\Windows\System\UweqqdH.exe
  C:\Windows\System\UweqqdH.exe
  2⤵
  PID:7432
- C:\Windows\System\JWSwboy.exe
  C:\Windows\System\JWSwboy.exe
  2⤵
  PID:5764
- C:\Windows\System\TAHfEWL.exe
  C:\Windows\System\TAHfEWL.exe
  2⤵
  PID:7532
- C:\Windows\System\Jmpzxlm.exe
  C:\Windows\System\Jmpzxlm.exe
  2⤵
  PID:7552
- C:\Windows\System\FsZVfyb.exe
  C:\Windows\System\FsZVfyb.exe
  2⤵
  PID:7632
- C:\Windows\System\bOjUnOH.exe
  C:\Windows\System\bOjUnOH.exe
  2⤵
  PID:7700
- C:\Windows\System\CQdmAjP.exe
  C:\Windows\System\CQdmAjP.exe
  2⤵
  PID:7756
- C:\Windows\System\MSpVfwc.exe
  C:\Windows\System\MSpVfwc.exe
  2⤵
  PID:7800
- C:\Windows\System\Yvtubhm.exe
  C:\Windows\System\Yvtubhm.exe
  2⤵
  PID:7904
- C:\Windows\System\RcfhwJD.exe
  C:\Windows\System\RcfhwJD.exe
  2⤵
  PID:8016
- C:\Windows\System\pvXuwEY.exe
  C:\Windows\System\pvXuwEY.exe
  2⤵
  PID:8064
- C:\Windows\System\TjhuJXY.exe
  C:\Windows\System\TjhuJXY.exe
  2⤵
  PID:8044
- C:\Windows\System\kaPltOF.exe
  C:\Windows\System\kaPltOF.exe
  2⤵
  PID:6944
- C:\Windows\System\ysAwUaS.exe
  C:\Windows\System\ysAwUaS.exe
  2⤵
  PID:7376
- C:\Windows\System\bsLyLyP.exe
  C:\Windows\System\bsLyLyP.exe
  2⤵
  PID:7192
- C:\Windows\System\KyfzqzA.exe
  C:\Windows\System\KyfzqzA.exe
  2⤵
  PID:7684
- C:\Windows\System\qWRPAof.exe
  C:\Windows\System\qWRPAof.exe
  2⤵
  PID:7664
- C:\Windows\System\iJxidPk.exe
  C:\Windows\System\iJxidPk.exe
  2⤵
  PID:7936
- C:\Windows\System\FubtSnN.exe
  C:\Windows\System\FubtSnN.exe
  2⤵
  PID:6772
- C:\Windows\System\hJEcwIw.exe
  C:\Windows\System\hJEcwIw.exe
  2⤵
  PID:7528
- C:\Windows\System\PDpndQh.exe
  C:\Windows\System\PDpndQh.exe
  2⤵
  PID:7860
- C:\Windows\System\qkDHcIp.exe
  C:\Windows\System\qkDHcIp.exe
  2⤵
  PID:7416
- C:\Windows\System\mqdcMKA.exe
  C:\Windows\System\mqdcMKA.exe
  2⤵
  PID:8208
- C:\Windows\System\JRRuKxx.exe
  C:\Windows\System\JRRuKxx.exe
  2⤵
  PID:8244
- C:\Windows\System\PwuIwLX.exe
  C:\Windows\System\PwuIwLX.exe
  2⤵
  PID:8292
- C:\Windows\System\PgmDFWm.exe
  C:\Windows\System\PgmDFWm.exe
  2⤵
  PID:8312
- C:\Windows\System\oLxeNhu.exe
  C:\Windows\System\oLxeNhu.exe
  2⤵
  PID:8332
- C:\Windows\System\fMBLsdU.exe
  C:\Windows\System\fMBLsdU.exe
  2⤵
  PID:8348
- C:\Windows\System\yyGSVXX.exe
  C:\Windows\System\yyGSVXX.exe
  2⤵
  PID:8368
- C:\Windows\System\YWvdxcP.exe
  C:\Windows\System\YWvdxcP.exe
  2⤵
  PID:8392
- C:\Windows\System\zmOuKSg.exe
  C:\Windows\System\zmOuKSg.exe
  2⤵
  PID:8408
- C:\Windows\System\lQPdhDM.exe
  C:\Windows\System\lQPdhDM.exe
  2⤵
  PID:8424
- C:\Windows\System\NNxVUCB.exe
  C:\Windows\System\NNxVUCB.exe
  2⤵
  PID:8472
- C:\Windows\System\ALEOmAW.exe
  C:\Windows\System\ALEOmAW.exe
  2⤵
  PID:8488
- C:\Windows\System\rNfsBqM.exe
  C:\Windows\System\rNfsBqM.exe
  2⤵
  PID:8528
- C:\Windows\System\XUyCKAT.exe
  C:\Windows\System\XUyCKAT.exe
  2⤵
  PID:8556
- C:\Windows\System\bzcfnJe.exe
  C:\Windows\System\bzcfnJe.exe
  2⤵
  PID:8580
- C:\Windows\System\qRhCRsf.exe
  C:\Windows\System\qRhCRsf.exe
  2⤵
  PID:8604
- C:\Windows\System\TBJJILh.exe
  C:\Windows\System\TBJJILh.exe
  2⤵
  PID:8672
- C:\Windows\System\hIqSjgm.exe
  C:\Windows\System\hIqSjgm.exe
  2⤵
  PID:8696
- C:\Windows\System\tBHjnWy.exe
  C:\Windows\System\tBHjnWy.exe
  2⤵
  PID:8712
- C:\Windows\System\XlYPMrB.exe
  C:\Windows\System\XlYPMrB.exe
  2⤵
  PID:8760
- C:\Windows\System\xMcVadC.exe
  C:\Windows\System\xMcVadC.exe
  2⤵
  PID:8848
- C:\Windows\System\mycpjry.exe
  C:\Windows\System\mycpjry.exe
  2⤵
  PID:8864
- C:\Windows\System\AhXannH.exe
  C:\Windows\System\AhXannH.exe
  2⤵
  PID:8880
- C:\Windows\System\aWBoZCF.exe
  C:\Windows\System\aWBoZCF.exe
  2⤵
  PID:8896
- C:\Windows\System\HsmPrXW.exe
  C:\Windows\System\HsmPrXW.exe
  2⤵
  PID:8912
- C:\Windows\System\mnxVnwG.exe
  C:\Windows\System\mnxVnwG.exe
  2⤵
  PID:8928
- C:\Windows\System\obmhpsN.exe
  C:\Windows\System\obmhpsN.exe
  2⤵
  PID:8948
- C:\Windows\System\EAsNwSd.exe
  C:\Windows\System\EAsNwSd.exe
  2⤵
  PID:8964
- C:\Windows\System\YzOPKXc.exe
  C:\Windows\System\YzOPKXc.exe
  2⤵
  PID:8980
- C:\Windows\System\gQSPwAJ.exe
  C:\Windows\System\gQSPwAJ.exe
  2⤵
  PID:8996
- C:\Windows\System\zxnlsuP.exe
  C:\Windows\System\zxnlsuP.exe
  2⤵
  PID:9012
- C:\Windows\System\ygydvTO.exe
  C:\Windows\System\ygydvTO.exe
  2⤵
  PID:9116
- C:\Windows\System\mUWlMzf.exe
  C:\Windows\System\mUWlMzf.exe
  2⤵
  PID:9132
- C:\Windows\System\WmUfcZg.exe
  C:\Windows\System\WmUfcZg.exe
  2⤵
  PID:7228
- C:\Windows\System\rFrBscC.exe
  C:\Windows\System\rFrBscC.exe
  2⤵
  PID:7200
- C:\Windows\System\BOxgGpB.exe
  C:\Windows\System\BOxgGpB.exe
  2⤵
  PID:8228
- C:\Windows\System\bkBzklf.exe
  C:\Windows\System\bkBzklf.exe
  2⤵
  PID:8276
- C:\Windows\System\WMIZvcz.exe
  C:\Windows\System\WMIZvcz.exe
  2⤵
  PID:8364
- C:\Windows\System\DIpNqIj.exe
  C:\Windows\System\DIpNqIj.exe
  2⤵
  PID:8384
- C:\Windows\System\fiwmCiV.exe
  C:\Windows\System\fiwmCiV.exe
  2⤵
  PID:8328
- C:\Windows\System\gbYPwlC.exe
  C:\Windows\System\gbYPwlC.exe
  2⤵
  PID:8404
- C:\Windows\System\ocmHkcu.exe
  C:\Windows\System\ocmHkcu.exe
  2⤵
  PID:8520
- C:\Windows\System\vRLQbpT.exe
  C:\Windows\System\vRLQbpT.exe
  2⤵
  PID:8464
- C:\Windows\System\GFZdnDQ.exe
  C:\Windows\System\GFZdnDQ.exe
  2⤵
  PID:8572
- C:\Windows\System\lHKStUf.exe
  C:\Windows\System\lHKStUf.exe
  2⤵
  PID:8704
- C:\Windows\System\eaYsXxn.exe
  C:\Windows\System\eaYsXxn.exe
  2⤵
  PID:8940
- C:\Windows\System\oXpNYpe.exe
  C:\Windows\System\oXpNYpe.exe
  2⤵
  PID:8812
- C:\Windows\System\cPqawEt.exe
  C:\Windows\System\cPqawEt.exe
  2⤵
  PID:9048
- C:\Windows\System\aFLCQWQ.exe
  C:\Windows\System\aFLCQWQ.exe
  2⤵
  PID:8992
- C:\Windows\System\hjyuJar.exe
  C:\Windows\System\hjyuJar.exe
  2⤵
  PID:9200
- C:\Windows\System\qHXNnJa.exe
  C:\Windows\System\qHXNnJa.exe
  2⤵
  PID:9164
- C:\Windows\System\jsDHWxx.exe
  C:\Windows\System\jsDHWxx.exe
  2⤵
  PID:8680
- C:\Windows\System\MdQSuKu.exe
  C:\Windows\System\MdQSuKu.exe
  2⤵
  PID:9204
- C:\Windows\System\JAvwibj.exe
  C:\Windows\System\JAvwibj.exe
  2⤵
  PID:8260
- C:\Windows\System\dnRqZzt.exe
  C:\Windows\System\dnRqZzt.exe
  2⤵
  PID:4600
- C:\Windows\System\iwfGEXn.exe
  C:\Windows\System\iwfGEXn.exe
  2⤵
  PID:8400
- C:\Windows\System\OMwIoIv.exe
  C:\Windows\System\OMwIoIv.exe
  2⤵
  PID:8544
- C:\Windows\System\ZgbhNTW.exe
  C:\Windows\System\ZgbhNTW.exe
  2⤵
  PID:8960
- C:\Windows\System\KAHtkZz.exe
  C:\Windows\System\KAHtkZz.exe
  2⤵
  PID:8920
- C:\Windows\System\keFVMkx.exe
  C:\Windows\System\keFVMkx.exe
  2⤵
  PID:8956
- C:\Windows\System\ycBvhhb.exe
  C:\Windows\System\ycBvhhb.exe
  2⤵
  PID:8268
- C:\Windows\System\OGrwtAQ.exe
  C:\Windows\System\OGrwtAQ.exe
  2⤵
  PID:9024
- C:\Windows\System\kpSRWTJ.exe
  C:\Windows\System\kpSRWTJ.exe
  2⤵
  PID:8656
- C:\Windows\System\INiDWjS.exe
  C:\Windows\System\INiDWjS.exe
  2⤵
  PID:8780
- C:\Windows\System\VDmjeHj.exe
  C:\Windows\System\VDmjeHj.exe
  2⤵
  PID:9228
- C:\Windows\System\syEWZkR.exe
  C:\Windows\System\syEWZkR.exe
  2⤵
  PID:9244
- C:\Windows\System\hVwrXfi.exe
  C:\Windows\System\hVwrXfi.exe
  2⤵
  PID:9276
- C:\Windows\System\ucIccmF.exe
  C:\Windows\System\ucIccmF.exe
  2⤵
  PID:9296
- C:\Windows\System\DpjBTjH.exe
  C:\Windows\System\DpjBTjH.exe
  2⤵
  PID:9336
- C:\Windows\System\ErDMKlq.exe
  C:\Windows\System\ErDMKlq.exe
  2⤵
  PID:9368
- C:\Windows\System\MFcsQOK.exe
  C:\Windows\System\MFcsQOK.exe
  2⤵
  PID:9388
- C:\Windows\System\ZcvLDqc.exe
  C:\Windows\System\ZcvLDqc.exe
  2⤵
  PID:9424
- C:\Windows\System\yXmlNLC.exe
  C:\Windows\System\yXmlNLC.exe
  2⤵
  PID:9452
- C:\Windows\System\fGpmrbO.exe
  C:\Windows\System\fGpmrbO.exe
  2⤵
  PID:9472
- C:\Windows\System\YmTNWav.exe
  C:\Windows\System\YmTNWav.exe
  2⤵
  PID:9508
- C:\Windows\System\oxqxOTE.exe
  C:\Windows\System\oxqxOTE.exe
  2⤵
  PID:9536
- C:\Windows\System\WbzunJC.exe
  C:\Windows\System\WbzunJC.exe
  2⤵
  PID:9552
- C:\Windows\System\uSYDEbz.exe
  C:\Windows\System\uSYDEbz.exe
  2⤵
  PID:9576
- C:\Windows\System\oDlumVE.exe
  C:\Windows\System\oDlumVE.exe
  2⤵
  PID:9596
- C:\Windows\System\xVuQsQF.exe
  C:\Windows\System\xVuQsQF.exe
  2⤵
  PID:9612
- C:\Windows\System\vMPOlmn.exe
  C:\Windows\System\vMPOlmn.exe
  2⤵
  PID:9632
- C:\Windows\System\EAmwoCW.exe
  C:\Windows\System\EAmwoCW.exe
  2⤵
  PID:9676
- C:\Windows\System\ozYPnNy.exe
  C:\Windows\System\ozYPnNy.exe
  2⤵
  PID:9712
- C:\Windows\System\faaIAVx.exe
  C:\Windows\System\faaIAVx.exe
  2⤵
  PID:9736
- C:\Windows\System\ucgdIaU.exe
  C:\Windows\System\ucgdIaU.exe
  2⤵
  PID:9756
- C:\Windows\System\kSfmgUP.exe
  C:\Windows\System\kSfmgUP.exe
  2⤵
  PID:9792
- C:\Windows\System\gZcEkAU.exe
  C:\Windows\System\gZcEkAU.exe
  2⤵
  PID:9812
- C:\Windows\System\hCFstQg.exe
  C:\Windows\System\hCFstQg.exe
  2⤵
  PID:9828
- C:\Windows\System\PIAQivx.exe
  C:\Windows\System\PIAQivx.exe
  2⤵
  PID:9872
- C:\Windows\System\PGPSfWa.exe
  C:\Windows\System\PGPSfWa.exe
  2⤵
  PID:9916
- C:\Windows\System\QQtRqaT.exe
  C:\Windows\System\QQtRqaT.exe
  2⤵
  PID:9936
- C:\Windows\System\tAXdLDu.exe
  C:\Windows\System\tAXdLDu.exe
  2⤵
  PID:9952
- C:\Windows\System\hdVvGSA.exe
  C:\Windows\System\hdVvGSA.exe
  2⤵
  PID:9968
- C:\Windows\System\TawHcjU.exe
  C:\Windows\System\TawHcjU.exe
  2⤵
  PID:9988
- C:\Windows\System\ZsyXrjN.exe
  C:\Windows\System\ZsyXrjN.exe
  2⤵
  PID:10032
- C:\Windows\System\GQzCdsm.exe
  C:\Windows\System\GQzCdsm.exe
  2⤵
  PID:10052
- C:\Windows\System\YziBiMW.exe
  C:\Windows\System\YziBiMW.exe
  2⤵
  PID:10072
- C:\Windows\System\cSGVWDR.exe
  C:\Windows\System\cSGVWDR.exe
  2⤵
  PID:10088
- C:\Windows\System\bLQkTDx.exe
  C:\Windows\System\bLQkTDx.exe
  2⤵
  PID:10168
- C:\Windows\System\aOVwSza.exe
  C:\Windows\System\aOVwSza.exe
  2⤵
  PID:10196
- C:\Windows\System\TjePQqj.exe
  C:\Windows\System\TjePQqj.exe
  2⤵
  PID:10216
- C:\Windows\System\HYvEihh.exe
  C:\Windows\System\HYvEihh.exe
  2⤵
  PID:10232
- C:\Windows\System\IOrVZPE.exe
  C:\Windows\System\IOrVZPE.exe
  2⤵
  PID:9268
- C:\Windows\System\QblWVNQ.exe
  C:\Windows\System\QblWVNQ.exe
  2⤵
  PID:9240
- C:\Windows\System\kRyNFgu.exe
  C:\Windows\System\kRyNFgu.exe
  2⤵
  PID:9396
- C:\Windows\System\KrZXJZe.exe
  C:\Windows\System\KrZXJZe.exe
  2⤵
  PID:9480
- C:\Windows\System\iFdTxSr.exe
  C:\Windows\System\iFdTxSr.exe
  2⤵
  PID:9444
- C:\Windows\System\CajpbVC.exe
  C:\Windows\System\CajpbVC.exe
  2⤵
  PID:9544
- C:\Windows\System\oxWGkwe.exe
  C:\Windows\System\oxWGkwe.exe
  2⤵
  PID:9572
- C:\Windows\System\fixJHOX.exe
  C:\Windows\System\fixJHOX.exe
  2⤵
  PID:9668
- C:\Windows\System\KvXvdvn.exe
  C:\Windows\System\KvXvdvn.exe
  2⤵
  PID:9836
- C:\Windows\System\uFCYKIO.exe
  C:\Windows\System\uFCYKIO.exe
  2⤵
  PID:9748
- C:\Windows\System\tbcoluf.exe
  C:\Windows\System\tbcoluf.exe
  2⤵
  PID:9860
- C:\Windows\System\XWVmCLn.exe
  C:\Windows\System\XWVmCLn.exe
  2⤵
  PID:9924
- C:\Windows\System\AvauSaS.exe
  C:\Windows\System\AvauSaS.exe
  2⤵
  PID:10064
- C:\Windows\System\TqiDhwQ.exe
  C:\Windows\System\TqiDhwQ.exe
  2⤵
  PID:10080
- C:\Windows\System\mKffvZv.exe
  C:\Windows\System\mKffvZv.exe
  2⤵
  PID:10116
- C:\Windows\System\roXIdVa.exe
  C:\Windows\System\roXIdVa.exe
  2⤵
  PID:10192
- C:\Windows\System\pVFFKIP.exe
  C:\Windows\System\pVFFKIP.exe
  2⤵
  PID:9360
- C:\Windows\System\tFzxlNb.exe
  C:\Windows\System\tFzxlNb.exe
  2⤵
  PID:9364
- C:\Windows\System\nNEJprE.exe
  C:\Windows\System\nNEJprE.exe
  2⤵
  PID:9604
- C:\Windows\System\MBiafuA.exe
  C:\Windows\System\MBiafuA.exe
  2⤵
  PID:9948
- C:\Windows\System\KNvMvkG.exe
  C:\Windows\System\KNvMvkG.exe
  2⤵
  PID:10024
- C:\Windows\System\YOYbTVP.exe
  C:\Windows\System\YOYbTVP.exe
  2⤵
  PID:10084
- C:\Windows\System\IBhNdgn.exe
  C:\Windows\System\IBhNdgn.exe
  2⤵
  PID:10212
- C:\Windows\System\naEBYCK.exe
  C:\Windows\System\naEBYCK.exe
  2⤵
  PID:9504
- C:\Windows\System\XBKiPlp.exe
  C:\Windows\System\XBKiPlp.exe
  2⤵
  PID:9624
- C:\Windows\System\prCRzbu.exe
  C:\Windows\System\prCRzbu.exe
  2⤵
  PID:10048
- C:\Windows\System\itaBMuj.exe
  C:\Windows\System\itaBMuj.exe
  2⤵
  PID:10272
- C:\Windows\System\paSCsXC.exe
  C:\Windows\System\paSCsXC.exe
  2⤵
  PID:10320
- C:\Windows\System\vFMSQVF.exe
  C:\Windows\System\vFMSQVF.exe
  2⤵
  PID:10348
- C:\Windows\System\IFFreJA.exe
  C:\Windows\System\IFFreJA.exe
  2⤵
  PID:10372
- C:\Windows\System\leqFefO.exe
  C:\Windows\System\leqFefO.exe
  2⤵
  PID:10392
- C:\Windows\System\paWFraK.exe
  C:\Windows\System\paWFraK.exe
  2⤵
  PID:10412
- C:\Windows\System\ANdyYyf.exe
  C:\Windows\System\ANdyYyf.exe
  2⤵
  PID:10432
- C:\Windows\System\tFUWUjk.exe
  C:\Windows\System\tFUWUjk.exe
  2⤵
  PID:10448
- C:\Windows\System\POaWsDx.exe
  C:\Windows\System\POaWsDx.exe
  2⤵
  PID:10464
- C:\Windows\System\WiaNmGN.exe
  C:\Windows\System\WiaNmGN.exe
  2⤵
  PID:10484
- C:\Windows\System\DSKCdlz.exe
  C:\Windows\System\DSKCdlz.exe
  2⤵
  PID:10504
- C:\Windows\System\KcUruUD.exe
  C:\Windows\System\KcUruUD.exe
  2⤵
  PID:10524
- C:\Windows\System\gpIMrOT.exe
  C:\Windows\System\gpIMrOT.exe
  2⤵
  PID:10560
- C:\Windows\System\pELorvL.exe
  C:\Windows\System\pELorvL.exe
  2⤵
  PID:10580
- C:\Windows\System\HwhLtqD.exe
  C:\Windows\System\HwhLtqD.exe
  2⤵
  PID:10600
- C:\Windows\System\FgdWVvi.exe
  C:\Windows\System\FgdWVvi.exe
  2⤵
  PID:10624
- C:\Windows\System\oZTpCVS.exe
  C:\Windows\System\oZTpCVS.exe
  2⤵
  PID:10640
- C:\Windows\System\CGFRqDu.exe
  C:\Windows\System\CGFRqDu.exe
  2⤵
  PID:10728
- C:\Windows\System\EhtcNRF.exe
  C:\Windows\System\EhtcNRF.exe
  2⤵
  PID:10756
- C:\Windows\System\AMvwdKf.exe
  C:\Windows\System\AMvwdKf.exe
  2⤵
  PID:10828
- C:\Windows\System\mEJanYA.exe
  C:\Windows\System\mEJanYA.exe
  2⤵
  PID:10876
- C:\Windows\System\GuUUAHn.exe
  C:\Windows\System\GuUUAHn.exe
  2⤵
  PID:10904
- C:\Windows\System\bKcZgIi.exe
  C:\Windows\System\bKcZgIi.exe
  2⤵
  PID:10924
- C:\Windows\System\VGdYvza.exe
  C:\Windows\System\VGdYvza.exe
  2⤵
  PID:10952
- C:\Windows\System\CyqMRHs.exe
  C:\Windows\System\CyqMRHs.exe
  2⤵
  PID:10980
- C:\Windows\System\uoAWQnw.exe
  C:\Windows\System\uoAWQnw.exe
  2⤵
  PID:11000
- C:\Windows\System\QSVDBan.exe
  C:\Windows\System\QSVDBan.exe
  2⤵
  PID:11020
- C:\Windows\System\gSuojPk.exe
  C:\Windows\System\gSuojPk.exe
  2⤵
  PID:11036
- C:\Windows\System\PqZrDGS.exe
  C:\Windows\System\PqZrDGS.exe
  2⤵
  PID:11084
- C:\Windows\System\aYbsmsq.exe
  C:\Windows\System\aYbsmsq.exe
  2⤵
  PID:11108
- C:\Windows\System\OMMPCzs.exe
  C:\Windows\System\OMMPCzs.exe
  2⤵
  PID:11124
- C:\Windows\System\eLKDlDe.exe
  C:\Windows\System\eLKDlDe.exe
  2⤵
  PID:11160
- C:\Windows\System\wdxJgby.exe
  C:\Windows\System\wdxJgby.exe
  2⤵
  PID:11180
- C:\Windows\System\UYgtFiP.exe
  C:\Windows\System\UYgtFiP.exe
  2⤵
  PID:11220
- C:\Windows\System\eZKDLDu.exe
  C:\Windows\System\eZKDLDu.exe
  2⤵
  PID:11236
- C:\Windows\System\BADeTgj.exe
  C:\Windows\System\BADeTgj.exe
  2⤵
  PID:10140
- C:\Windows\System\EGYLnVu.exe
  C:\Windows\System\EGYLnVu.exe
  2⤵
  PID:9516
- C:\Windows\System\sDHkbzb.exe
  C:\Windows\System\sDHkbzb.exe
  2⤵
  PID:10336
- C:\Windows\System\QWwDkXR.exe
  C:\Windows\System\QWwDkXR.exe
  2⤵
  PID:10460
- C:\Windows\System\UgHTLSl.exe
  C:\Windows\System\UgHTLSl.exe
  2⤵
  PID:10456
- C:\Windows\System\CUAdWdo.exe
  C:\Windows\System\CUAdWdo.exe
  2⤵
  PID:10576
- C:\Windows\System\vIoxFqw.exe
  C:\Windows\System\vIoxFqw.exe
  2⤵
  PID:10696
- C:\Windows\System\pZInOFJ.exe
  C:\Windows\System\pZInOFJ.exe
  2⤵
  PID:10592
- C:\Windows\System\LsUULqK.exe
  C:\Windows\System\LsUULqK.exe
  2⤵
  PID:10660
- C:\Windows\System\ufcTyCU.exe
  C:\Windows\System\ufcTyCU.exe
  2⤵
  PID:10772
- C:\Windows\System\kaybWBe.exe
  C:\Windows\System\kaybWBe.exe
  2⤵
  PID:10800
- C:\Windows\System\qRRIyxc.exe
  C:\Windows\System\qRRIyxc.exe
  2⤵
  PID:10888
- C:\Windows\System\oajjqhL.exe
  C:\Windows\System\oajjqhL.exe
  2⤵
  PID:10940
- C:\Windows\System\pzUheoa.exe
  C:\Windows\System\pzUheoa.exe
  2⤵
  PID:10992
- C:\Windows\System\cLwMAZQ.exe
  C:\Windows\System\cLwMAZQ.exe
  2⤵
  PID:5480
- C:\Windows\System\CLeOnFc.exe
  C:\Windows\System\CLeOnFc.exe
  2⤵
  PID:11096
- C:\Windows\System\VxIvbPA.exe
  C:\Windows\System\VxIvbPA.exe
  2⤵
  PID:11192
- C:\Windows\System\JwDgain.exe
  C:\Windows\System\JwDgain.exe
  2⤵
  PID:11244
- C:\Windows\System\lQMbeJY.exe
  C:\Windows\System\lQMbeJY.exe
  2⤵
  PID:10300
- C:\Windows\System\vdRwuUa.exe
  C:\Windows\System\vdRwuUa.exe
  2⤵
  PID:2740
- C:\Windows\System\BcQgYmX.exe
  C:\Windows\System\BcQgYmX.exe
  2⤵
  PID:10496
- C:\Windows\System\fczYalK.exe
  C:\Windows\System\fczYalK.exe
  2⤵
  PID:11188
- C:\Windows\System\UHBliNs.exe
  C:\Windows\System\UHBliNs.exe
  2⤵
  PID:11016
- C:\Windows\System\eeXovwk.exe
  C:\Windows\System\eeXovwk.exe
  2⤵
  PID:11148
- C:\Windows\System\mSiQCNC.exe
  C:\Windows\System\mSiQCNC.exe
  2⤵
  PID:7956
- C:\Windows\System\lyycwdf.exe
  C:\Windows\System\lyycwdf.exe
  2⤵
  PID:10408
- C:\Windows\System\sNiGxuI.exe
  C:\Windows\System\sNiGxuI.exe
  2⤵
  PID:10004
- C:\Windows\System\AaCtorP.exe
  C:\Windows\System\AaCtorP.exe
  2⤵
  PID:10724
- C:\Windows\System\TkQjKVJ.exe
  C:\Windows\System\TkQjKVJ.exe
  2⤵
  PID:11076
- C:\Windows\System\pOdlueX.exe
  C:\Windows\System\pOdlueX.exe
  2⤵
  PID:10848
- C:\Windows\System\MXInzls.exe
  C:\Windows\System\MXInzls.exe
  2⤵
  PID:11012
- C:\Windows\System\towrnNa.exe
  C:\Windows\System\towrnNa.exe
  2⤵
  PID:11288
- C:\Windows\System\cABhhPM.exe
  C:\Windows\System\cABhhPM.exe
  2⤵
  PID:11304
- C:\Windows\System\ofuCXtt.exe
  C:\Windows\System\ofuCXtt.exe
  2⤵
  PID:11348
- C:\Windows\System\ylWHRdd.exe
  C:\Windows\System\ylWHRdd.exe
  2⤵
  PID:11388
- C:\Windows\System\PcuSDFF.exe
  C:\Windows\System\PcuSDFF.exe
  2⤵
  PID:11408
- C:\Windows\System\GBrtDkb.exe
  C:\Windows\System\GBrtDkb.exe
  2⤵
  PID:11428
- C:\Windows\System\qCaKnXW.exe
  C:\Windows\System\qCaKnXW.exe
  2⤵
  PID:11448
- C:\Windows\System\ATGrUNl.exe
  C:\Windows\System\ATGrUNl.exe
  2⤵
  PID:11468
- C:\Windows\System\SWWUDgL.exe
  C:\Windows\System\SWWUDgL.exe
  2⤵
  PID:11488
- C:\Windows\System\fNhDmSz.exe
  C:\Windows\System\fNhDmSz.exe
  2⤵
  PID:11504
- C:\Windows\System\XnmfRtu.exe
  C:\Windows\System\XnmfRtu.exe
  2⤵
  PID:11520
- C:\Windows\System\QpbLAhp.exe
  C:\Windows\System\QpbLAhp.exe
  2⤵
  PID:11536
- C:\Windows\System\HPIHcFW.exe
  C:\Windows\System\HPIHcFW.exe
  2⤵
  PID:11560
- C:\Windows\System\JrtttLO.exe
  C:\Windows\System\JrtttLO.exe
  2⤵
  PID:11600
- C:\Windows\System\owTzTba.exe
  C:\Windows\System\owTzTba.exe
  2⤵
  PID:11616
- C:\Windows\System\dNXIIgb.exe
  C:\Windows\System\dNXIIgb.exe
  2⤵
  PID:11636
- C:\Windows\System\QikZQDb.exe
  C:\Windows\System\QikZQDb.exe
  2⤵
  PID:11660
- C:\Windows\System\nIbHlal.exe
  C:\Windows\System\nIbHlal.exe
  2⤵
  PID:11680
- C:\Windows\System\DrEkhIP.exe
  C:\Windows\System\DrEkhIP.exe
  2⤵
  PID:11736
- C:\Windows\System\AWBeKnz.exe
  C:\Windows\System\AWBeKnz.exe
  2⤵
  PID:11752
- C:\Windows\System\MkctMoB.exe
  C:\Windows\System\MkctMoB.exe
  2⤵
  PID:11776
- C:\Windows\System\wqfaQkf.exe
  C:\Windows\System\wqfaQkf.exe
  2⤵
  PID:11796
- C:\Windows\System\HOffhbY.exe
  C:\Windows\System\HOffhbY.exe
  2⤵
  PID:11852
- C:\Windows\System\kTgVQEu.exe
  C:\Windows\System\kTgVQEu.exe
  2⤵
  PID:11872
- C:\Windows\System\sWaBPvD.exe
  C:\Windows\System\sWaBPvD.exe
  2⤵
  PID:11888
- C:\Windows\System\FuzKmIg.exe
  C:\Windows\System\FuzKmIg.exe
  2⤵
  PID:11904
- C:\Windows\System\UKHwbMo.exe
  C:\Windows\System\UKHwbMo.exe
  2⤵
  PID:12040
- C:\Windows\System\ZRcKSPs.exe
  C:\Windows\System\ZRcKSPs.exe
  2⤵
  PID:12072
- C:\Windows\System\sWVuNfU.exe
  C:\Windows\System\sWVuNfU.exe
  2⤵
  PID:12116
- C:\Windows\System\aKeKrYw.exe
  C:\Windows\System\aKeKrYw.exe
  2⤵
  PID:12132
- C:\Windows\System\WkUGGLL.exe
  C:\Windows\System\WkUGGLL.exe
  2⤵
  PID:12152
- C:\Windows\System\ywFoEIV.exe
  C:\Windows\System\ywFoEIV.exe
  2⤵
  PID:12168
- C:\Windows\System\qTBIxpj.exe
  C:\Windows\System\qTBIxpj.exe
  2⤵
  PID:12188
- C:\Windows\System\qUJwscm.exe
  C:\Windows\System\qUJwscm.exe
  2⤵
  PID:12220
- C:\Windows\System\RxeIzpM.exe
  C:\Windows\System\RxeIzpM.exe
  2⤵
  PID:12244
- C:\Windows\System\mRfIPPc.exe
  C:\Windows\System\mRfIPPc.exe
  2⤵
  PID:12280
- C:\Windows\System\ZHgZoOE.exe
  C:\Windows\System\ZHgZoOE.exe
  2⤵
  PID:4992
- C:\Windows\System\xpykXxS.exe
  C:\Windows\System\xpykXxS.exe
  2⤵
  PID:11312
- C:\Windows\System\ipklvnT.exe
  C:\Windows\System\ipklvnT.exe
  2⤵
  PID:11344
- C:\Windows\System\iCxnaDS.exe
  C:\Windows\System\iCxnaDS.exe
  2⤵
  PID:11400
- C:\Windows\System\VNBTNeH.exe
  C:\Windows\System\VNBTNeH.exe
  2⤵
  PID:11444
- C:\Windows\System\GkdiEXr.exe
  C:\Windows\System\GkdiEXr.exe
  2⤵
  PID:11484
- C:\Windows\System\lFHsdFq.exe
  C:\Windows\System\lFHsdFq.exe
  2⤵
  PID:11588
- C:\Windows\System\tRhamqM.exe
  C:\Windows\System\tRhamqM.exe
  2⤵
  PID:11672
- C:\Windows\System\oZmXoPW.exe
  C:\Windows\System\oZmXoPW.exe
  2⤵
  PID:11772
- C:\Windows\System\ivmyFoi.exe
  C:\Windows\System\ivmyFoi.exe
  2⤵
  PID:11848
- C:\Windows\System\AgYBzqj.exe
  C:\Windows\System\AgYBzqj.exe
  2⤵
  PID:11880
- C:\Windows\System\LVKlOte.exe
  C:\Windows\System\LVKlOte.exe
  2⤵
  PID:11920
- C:\Windows\System\sfnwayy.exe
  C:\Windows\System\sfnwayy.exe
  2⤵
  PID:12028
- C:\Windows\System\GWCpGZa.exe
  C:\Windows\System\GWCpGZa.exe
  2⤵
  PID:12180
- C:\Windows\System\QgojXVy.exe
  C:\Windows\System\QgojXVy.exe
  2⤵
  PID:12100
- C:\Windows\System\gHeIxOc.exe
  C:\Windows\System\gHeIxOc.exe
  2⤵
  PID:12140
- C:\Windows\System\nHwprYS.exe
  C:\Windows\System\nHwprYS.exe
  2⤵
  PID:12232
- C:\Windows\System\kwmrWQy.exe
  C:\Windows\System\kwmrWQy.exe
  2⤵
  PID:12264
- C:\Windows\System\lYaGUit.exe
  C:\Windows\System\lYaGUit.exe
  2⤵
  PID:11440
- C:\Windows\System\evyjgDN.exe
  C:\Windows\System\evyjgDN.exe
  2⤵
  PID:11480
- C:\Windows\System\KfNBhyN.exe
  C:\Windows\System\KfNBhyN.exe
  2⤵
  PID:1516
- C:\Windows\System\ytDPqmq.exe
  C:\Windows\System\ytDPqmq.exe
  2⤵
  PID:11864
- C:\Windows\System\zjEstsP.exe
  C:\Windows\System\zjEstsP.exe
  2⤵
  PID:12068
- C:\Windows\System\tEBooPd.exe
  C:\Windows\System\tEBooPd.exe
  2⤵
  PID:3936
- C:\Windows\System\cZADRhJ.exe
  C:\Windows\System\cZADRhJ.exe
  2⤵
  PID:11380
- C:\Windows\System\NcaBrsM.exe
  C:\Windows\System\NcaBrsM.exe
  2⤵
  PID:11628
- C:\Windows\System\SzXoUBB.exe
  C:\Windows\System\SzXoUBB.exe
  2⤵
  PID:12164
- C:\Windows\System\WphEVGb.exe
  C:\Windows\System\WphEVGb.exe
  2⤵
  PID:11552
- C:\Windows\System\rYSfpiT.exe
  C:\Windows\System\rYSfpiT.exe
  2⤵
  PID:12292
- C:\Windows\System\mUwmLOi.exe
  C:\Windows\System\mUwmLOi.exe
  2⤵
  PID:12320
- C:\Windows\System\PsMTeIT.exe
  C:\Windows\System\PsMTeIT.exe
  2⤵
  PID:12340
- C:\Windows\System\DvPWaio.exe
  C:\Windows\System\DvPWaio.exe
  2⤵
  PID:12356
- C:\Windows\System\LomoLoo.exe
  C:\Windows\System\LomoLoo.exe
  2⤵
  PID:12376
- C:\Windows\System\WyqtoYi.exe
  C:\Windows\System\WyqtoYi.exe
  2⤵
  PID:12400
- C:\Windows\System\HLsNLqL.exe
  C:\Windows\System\HLsNLqL.exe
  2⤵
  PID:12416
- C:\Windows\System\wDNIvLT.exe
  C:\Windows\System\wDNIvLT.exe
  2⤵
  PID:12448
- C:\Windows\System\tRXrLSL.exe
  C:\Windows\System\tRXrLSL.exe
  2⤵
  PID:12468
- C:\Windows\System\xwJxHnN.exe
  C:\Windows\System\xwJxHnN.exe
  2⤵
  PID:12496
- C:\Windows\System\VMtfmdN.exe
  C:\Windows\System\VMtfmdN.exe
  2⤵
  PID:12516
- C:\Windows\System\HCUOAlH.exe
  C:\Windows\System\HCUOAlH.exe
  2⤵
  PID:12536
- C:\Windows\System\CXauUBL.exe
  C:\Windows\System\CXauUBL.exe
  2⤵
  PID:12556
- C:\Windows\System\lpmtqlh.exe
  C:\Windows\System\lpmtqlh.exe
  2⤵
  PID:12576
- C:\Windows\System\OkGkMZc.exe
  C:\Windows\System\OkGkMZc.exe
  2⤵
  PID:12600
- C:\Windows\System\LOxXuNO.exe
  C:\Windows\System\LOxXuNO.exe
  2⤵
  PID:12620
- C:\Windows\System\gYwbaKM.exe
  C:\Windows\System\gYwbaKM.exe
  2⤵
  PID:12636
- C:\Windows\System\hCaUSzp.exe
  C:\Windows\System\hCaUSzp.exe
  2⤵
  PID:12712
- C:\Windows\System\gxYrZqq.exe
  C:\Windows\System\gxYrZqq.exe
  2⤵
  PID:12744
- C:\Windows\System\nxAZGhR.exe
  C:\Windows\System\nxAZGhR.exe
  2⤵
  PID:12760
- C:\Windows\System\PVyXtQa.exe
  C:\Windows\System\PVyXtQa.exe
  2⤵
  PID:12784
- C:\Windows\System\sJSQqfX.exe
  C:\Windows\System\sJSQqfX.exe
  2⤵
  PID:12856
- C:\Windows\System\RzXFwCC.exe
  C:\Windows\System\RzXFwCC.exe
  2⤵
  PID:12872
- C:\Windows\System\HvbeZQy.exe
  C:\Windows\System\HvbeZQy.exe
  2⤵
  PID:12888
- C:\Windows\System\VzILuKK.exe
  C:\Windows\System\VzILuKK.exe
  2⤵
  PID:12916
- C:\Windows\System\wLkmePt.exe
  C:\Windows\System\wLkmePt.exe
  2⤵
  PID:12940
- C:\Windows\System\KDdqZYc.exe
  C:\Windows\System\KDdqZYc.exe
  2⤵
  PID:12964
- C:\Windows\System\IWJkYnY.exe
  C:\Windows\System\IWJkYnY.exe
  2⤵
  PID:13024
- C:\Windows\System\ReNvZGi.exe
  C:\Windows\System\ReNvZGi.exe
  2⤵
  PID:13052
- C:\Windows\System\SwAsHuO.exe
  C:\Windows\System\SwAsHuO.exe
  2⤵
  PID:13072
- C:\Windows\System\yYiDQyS.exe
  C:\Windows\System\yYiDQyS.exe
  2⤵
  PID:13092
- C:\Windows\System\vCCejVB.exe
  C:\Windows\System\vCCejVB.exe
  2⤵
  PID:13108
- C:\Windows\System\XMldKdX.exe
  C:\Windows\System\XMldKdX.exe
  2⤵
  PID:13176
- C:\Windows\System\hpmYkED.exe
  C:\Windows\System\hpmYkED.exe
  2⤵
  PID:13220
- C:\Windows\System\KMKONrJ.exe
  C:\Windows\System\KMKONrJ.exe
  2⤵
  PID:13248
- C:\Windows\System\roVFFEx.exe
  C:\Windows\System\roVFFEx.exe
  2⤵
  PID:13280
- C:\Windows\System\tGTVToz.exe
  C:\Windows\System\tGTVToz.exe
  2⤵
  PID:11944
- C:\Windows\System\KFintdm.exe
  C:\Windows\System\KFintdm.exe
  2⤵
  PID:4920
- C:\Windows\System\YcMPtwL.exe
  C:\Windows\System\YcMPtwL.exe
  2⤵
  PID:12332
- C:\Windows\System\bOSHzzC.exe
  C:\Windows\System\bOSHzzC.exe
  2⤵
  PID:12384
- C:\Windows\System\YsSgekT.exe
  C:\Windows\System\YsSgekT.exe
  2⤵
  PID:12508
- C:\Windows\System\QuoGIMF.exe
  C:\Windows\System\QuoGIMF.exe
  2⤵
  PID:12572
- C:\Windows\System\MyqmTqa.exe
  C:\Windows\System\MyqmTqa.exe
  2⤵
  PID:12480
- C:\Windows\System\KQpRxgq.exe
  C:\Windows\System\KQpRxgq.exe
  2⤵
  PID:12552
- C:\Windows\System\UKJRdQi.exe
  C:\Windows\System\UKJRdQi.exe
  2⤵
  PID:12584
- C:\Windows\System\YvBqxZB.exe
  C:\Windows\System\YvBqxZB.exe
  2⤵
  PID:12736
- C:\Windows\System\FTiXwoN.exe
  C:\Windows\System\FTiXwoN.exe
  2⤵
  PID:12780
- C:\Windows\System\vJvJUKJ.exe
  C:\Windows\System\vJvJUKJ.exe
  2⤵
  PID:12868
- C:\Windows\System\qGWOfQn.exe
  C:\Windows\System\qGWOfQn.exe
  2⤵
  PID:4252
- C:\Windows\System\IdnNFPY.exe
  C:\Windows\System\IdnNFPY.exe
  2⤵
  PID:13020
- C:\Windows\System\vNqVuqk.exe
  C:\Windows\System\vNqVuqk.exe
  2⤵
  PID:13140
- C:\Windows\System\iPNtyJM.exe
  C:\Windows\System\iPNtyJM.exe
  2⤵
  PID:13104
- C:\Windows\System\tiewngq.exe
  C:\Windows\System\tiewngq.exe
  2⤵
  PID:13184
- C:\Windows\System\ILWotHj.exe
  C:\Windows\System\ILWotHj.exe
  2⤵
  PID:13260
- C:\Windows\System\RKrHlPN.exe
  C:\Windows\System\RKrHlPN.exe
  2⤵
  PID:13276
- C:\Windows\System\WsfwDVL.exe
  C:\Windows\System\WsfwDVL.exe
  2⤵
  PID:12424
- C:\Windows\System\rHApOqi.exe
  C:\Windows\System\rHApOqi.exe
  2⤵
  PID:7296
- C:\Windows\System\gNPUVlP.exe
  C:\Windows\System\gNPUVlP.exe
  2⤵
  PID:10356
- C:\Windows\System\FPDYwQZ.exe
  C:\Windows\System\FPDYwQZ.exe
  2⤵
  PID:12808
- C:\Windows\System\anhiZKd.exe
  C:\Windows\System\anhiZKd.exe
  2⤵
  PID:12932
- C:\Windows\System\SqSkHKN.exe
  C:\Windows\System\SqSkHKN.exe
  2⤵
  PID:13100
- C:\Windows\System\vRWwmRJ.exe
  C:\Windows\System\vRWwmRJ.exe
  2⤵
  PID:12364
- C:\Windows\System\ODoCSQw.exe
  C:\Windows\System\ODoCSQw.exe
  2⤵
  PID:12412
- C:\Windows\System\taknZww.exe
  C:\Windows\System\taknZww.exe
  2⤵
  PID:12840
- C:\Windows\System\dLYEQIG.exe
  C:\Windows\System\dLYEQIG.exe
  2⤵
  PID:13068
- C:\Windows\System\euONWcB.exe
  C:\Windows\System\euONWcB.exe
  2⤵
  PID:13264
- C:\Windows\System\SJylARE.exe
  C:\Windows\System\SJylARE.exe
  2⤵
  PID:13320
- C:\Windows\System\FONFIMW.exe
  C:\Windows\System\FONFIMW.exe
  2⤵
  PID:13340
- C:\Windows\System\qxwuiKh.exe
  C:\Windows\System\qxwuiKh.exe
  2⤵
  PID:13364
- C:\Windows\System\jmHtbZT.exe
  C:\Windows\System\jmHtbZT.exe
  2⤵
  PID:13388
- C:\Windows\System\CbxGmdR.exe
  C:\Windows\System\CbxGmdR.exe
  2⤵
  PID:13408
- C:\Windows\System\urEXGxh.exe
  C:\Windows\System\urEXGxh.exe
  2⤵
  PID:13428
- C:\Windows\System\NBpeFJN.exe
  C:\Windows\System\NBpeFJN.exe
  2⤵
  PID:13444
- C:\Windows\System\WlsfDPP.exe
  C:\Windows\System\WlsfDPP.exe
  2⤵
  PID:13496
- C:\Windows\System\IFaXkrE.exe
  C:\Windows\System\IFaXkrE.exe
  2⤵
  PID:13528
- C:\Windows\System\KfmpeWo.exe
  C:\Windows\System\KfmpeWo.exe
  2⤵
  PID:13544
- C:\Windows\System\gRTgHES.exe
  C:\Windows\System\gRTgHES.exe
  2⤵
  PID:13568
- C:\Windows\System\ZHEFqYH.exe
  C:\Windows\System\ZHEFqYH.exe
  2⤵
  PID:13584
- C:\Windows\System\RiQAhHO.exe
  C:\Windows\System\RiQAhHO.exe
  2⤵
  PID:13636
- C:\Windows\System\jxBPIdW.exe
  C:\Windows\System\jxBPIdW.exe
  2⤵
  PID:13660
- C:\Windows\System\MothfXF.exe
  C:\Windows\System\MothfXF.exe
  2⤵
  PID:13688
- C:\Windows\System\VmEAHiW.exe
  C:\Windows\System\VmEAHiW.exe
  2⤵
  PID:13716
- C:\Windows\System\Nzwunxs.exe
  C:\Windows\System\Nzwunxs.exe
  2⤵
  PID:13744
- C:\Windows\System\FsTYhZS.exe
  C:\Windows\System\FsTYhZS.exe
  2⤵
  PID:13808
- C:\Windows\System\UrosKnj.exe
  C:\Windows\System\UrosKnj.exe
  2⤵
  PID:13848
- C:\Windows\System\IAiSjMW.exe
  C:\Windows\System\IAiSjMW.exe
  2⤵
  PID:13884
- C:\Windows\System\SheNopR.exe
  C:\Windows\System\SheNopR.exe
  2⤵
  PID:13916
- C:\Windows\System\QhJWuQe.exe
  C:\Windows\System\QhJWuQe.exe
  2⤵
  PID:13940
- C:\Windows\System\JfUjUSQ.exe
  C:\Windows\System\JfUjUSQ.exe
  2⤵
  PID:13960
- C:\Windows\System\VqsRBff.exe
  C:\Windows\System\VqsRBff.exe
  2⤵
  PID:13980
- C:\Windows\System\IbJJBFY.exe
  C:\Windows\System\IbJJBFY.exe
  2⤵
  PID:14024
- C:\Windows\System\DnIycss.exe
  C:\Windows\System\DnIycss.exe
  2⤵
  PID:14044
- C:\Windows\System\fgQnIFw.exe
  C:\Windows\System\fgQnIFw.exe
  2⤵
  PID:14084
- C:\Windows\System\OmWcFmf.exe
  C:\Windows\System\OmWcFmf.exe
  2⤵
  PID:14108
- C:\Windows\System\JDOaawF.exe
  C:\Windows\System\JDOaawF.exe
  2⤵
  PID:14124
- C:\Windows\System\pZxvKaa.exe
  C:\Windows\System\pZxvKaa.exe
  2⤵
  PID:14144
- C:\Windows\System\DJjCJbj.exe
  C:\Windows\System\DJjCJbj.exe
  2⤵
  PID:14164
- C:\Windows\System\OoyOJcg.exe
  C:\Windows\System\OoyOJcg.exe
  2⤵
  PID:14196
- C:\Windows\System\zmHoaDK.exe
  C:\Windows\System\zmHoaDK.exe
  2⤵
  PID:14248
- C:\Windows\System\pREuZnU.exe
  C:\Windows\System\pREuZnU.exe
  2⤵
  PID:14272
- C:\Windows\System\WqdrbeM.exe
  C:\Windows\System\WqdrbeM.exe
  2⤵
  PID:14292
- C:\Windows\System\vJrNSHN.exe
  C:\Windows\System\vJrNSHN.exe
  2⤵
  PID:14316
- C:\Windows\System\VkboKxg.exe
  C:\Windows\System\VkboKxg.exe
  2⤵
  PID:14332
- C:\Windows\System\KDyVIPL.exe
  C:\Windows\System\KDyVIPL.exe
  2⤵
  PID:12664
- C:\Windows\System\gbtRtYH.exe
  C:\Windows\System\gbtRtYH.exe
  2⤵
  PID:13420
- C:\Windows\System\EBjAlxY.exe
  C:\Windows\System\EBjAlxY.exe
  2⤵
  PID:13476
- C:\Windows\System\zDjxKVS.exe
  C:\Windows\System\zDjxKVS.exe
  2⤵
  PID:13472
- C:\Windows\System\ffyRWgO.exe
  C:\Windows\System\ffyRWgO.exe
  2⤵
  PID:13556
- C:\Windows\System\aJAKHJb.exe
  C:\Windows\System\aJAKHJb.exe
  2⤵
  PID:13624
- C:\Windows\System\KjOzMvz.exe
  C:\Windows\System\KjOzMvz.exe
  2⤵
  PID:13712
- C:\Windows\System\kUAHeCn.exe
  C:\Windows\System\kUAHeCn.exe
  2⤵
  PID:13836
- C:\Windows\System\mmTnSex.exe
  C:\Windows\System\mmTnSex.exe
  2⤵
  PID:13908
- C:\Windows\System\kMRNOMX.exe
  C:\Windows\System\kMRNOMX.exe
  2⤵
  PID:13988
- C:\Windows\System\NxGwsxw.exe
  C:\Windows\System\NxGwsxw.exe
  2⤵
  PID:13972
- C:\Windows\System\KdCxbMF.exe
  C:\Windows\System\KdCxbMF.exe
  2⤵
  PID:14036
- C:\Windows\System\FNSXqaX.exe
  C:\Windows\System\FNSXqaX.exe
  2⤵
  PID:14120
- C:\Windows\System\ZjnbgbJ.exe
  C:\Windows\System\ZjnbgbJ.exe
  2⤵
  PID:14184
- C:\Windows\System\kpKUfIw.exe
  C:\Windows\System\kpKUfIw.exe
  2⤵
  PID:14264
- C:\Windows\System\zxYOPAu.exe
  C:\Windows\System\zxYOPAu.exe
  2⤵
  PID:13244
- C:\Windows\System\tnCryvH.exe
  C:\Windows\System\tnCryvH.exe
  2⤵
  PID:13416
- C:\Windows\System\jnsvVHx.exe
  C:\Windows\System\jnsvVHx.exe
  2⤵
  PID:13360
- C:\Windows\System\InPExJG.exe
  C:\Windows\System\InPExJG.exe
  2⤵
  PID:13536
- C:\Windows\System\HPXZtuK.exe
  C:\Windows\System\HPXZtuK.exe
  2⤵
  PID:13652
- C:\Windows\System\baethuo.exe
  C:\Windows\System\baethuo.exe
  2⤵
  PID:13936
- C:\Windows\System\NQvnQvm.exe
  C:\Windows\System\NQvnQvm.exe
  2⤵
  PID:14152
- C:\Windows\System\VgrwjAt.exe
  C:\Windows\System\VgrwjAt.exe
  2⤵
  PID:14260
- C:\Windows\System\jwkKcyF.exe
  C:\Windows\System\jwkKcyF.exe
  2⤵
  PID:14284
- C:\Windows\System\vLrNoNV.exe
  C:\Windows\System\vLrNoNV.exe
  2⤵
  PID:13580
- C:\Windows\System\whYeCEp.exe
  C:\Windows\System\whYeCEp.exe
  2⤵
  PID:13776
- C:\Windows\System\xGYLRBs.exe
  C:\Windows\System\xGYLRBs.exe
  2⤵
  PID:13372
- C:\Windows\System\hMKwMLE.exe
  C:\Windows\System\hMKwMLE.exe
  2⤵
  PID:14344
- C:\Windows\System\PvtxVoX.exe
  C:\Windows\System\PvtxVoX.exe
  2⤵
  PID:14372
- C:\Windows\System\CVOSKwe.exe
  C:\Windows\System\CVOSKwe.exe
  2⤵
  PID:14388
- C:\Windows\System\wVxysvI.exe
  C:\Windows\System\wVxysvI.exe
  2⤵
  PID:14428
- C:\Windows\System\gMuSKsB.exe
  C:\Windows\System\gMuSKsB.exe
  2⤵
  PID:14460
- C:\Windows\System\WaVFtXs.exe
  C:\Windows\System\WaVFtXs.exe
  2⤵
  PID:14488
- C:\Windows\System\cfsyuGq.exe
  C:\Windows\System\cfsyuGq.exe
  2⤵
  PID:14508
- C:\Windows\System\dvimUQT.exe
  C:\Windows\System\dvimUQT.exe
  2⤵
  PID:14528
- C:\Windows\System\ruzYpiN.exe
  C:\Windows\System\ruzYpiN.exe
  2⤵
  PID:14552
- C:\Windows\System\pbiNWpk.exe
  C:\Windows\System\pbiNWpk.exe
  2⤵
  PID:14568
- C:\Windows\System\LlkXXXB.exe
  C:\Windows\System\LlkXXXB.exe
  2⤵
  PID:14588
- C:\Windows\System\lVbGImY.exe
  C:\Windows\System\lVbGImY.exe
  2⤵
  PID:14612
- C:\Windows\System\PFBGvdp.exe
  C:\Windows\System\PFBGvdp.exe
  2⤵
  PID:14636
- C:\Windows\System\xhhnyFb.exe
  C:\Windows\System\xhhnyFb.exe
  2⤵
  PID:14732
- C:\Windows\System\BRTkFio.exe
  C:\Windows\System\BRTkFio.exe
  2⤵
  PID:14748
- C:\Windows\System\yvlKgyQ.exe
  C:\Windows\System\yvlKgyQ.exe
  2⤵
  PID:14780
- C:\Windows\System\axOeMiA.exe
  C:\Windows\System\axOeMiA.exe
  2⤵
  PID:14804
- C:\Windows\System\EzUcdiD.exe
  C:\Windows\System\EzUcdiD.exe
  2⤵
  PID:14824
- C:\Windows\System\oyoUDKG.exe
  C:\Windows\System\oyoUDKG.exe
  2⤵
  PID:14868
- C:\Windows\System\QXbGaap.exe
  C:\Windows\System\QXbGaap.exe
  2⤵
  PID:14896
- C:\Windows\System\tKtHHwp.exe
  C:\Windows\System\tKtHHwp.exe
  2⤵
  PID:14920
- C:\Windows\System\YlXUXrY.exe
  C:\Windows\System\YlXUXrY.exe
  2⤵
  PID:14948
- C:\Windows\System\mesHwZt.exe
  C:\Windows\System\mesHwZt.exe
  2⤵
  PID:14968
- C:\Windows\System\tDDrFSm.exe
  C:\Windows\System\tDDrFSm.exe
  2⤵
  PID:14988
- C:\Windows\System\WeqYoQn.exe
  C:\Windows\System\WeqYoQn.exe
  2⤵
  PID:15040
- C:\Windows\System\jPDOXvf.exe
  C:\Windows\System\jPDOXvf.exe
  2⤵
  PID:15068
- C:\Windows\System\ubWUTdm.exe
  C:\Windows\System\ubWUTdm.exe
  2⤵
  PID:15212
- C:\Windows\System\EzpGDyM.exe
  C:\Windows\System\EzpGDyM.exe
  2⤵
  PID:15228
- C:\Windows\System\PQmZKnw.exe
  C:\Windows\System\PQmZKnw.exe
  2⤵
  PID:15300

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AYwmFVq.exe

Filesize
834KB

MD5
48d04227141b51fd433ba1d3b3a51c92

SHA1
9fcdf594715328a53e15c28ef83c55c036bc4266

SHA256
8a38f4ec3caeea135c1e3d7cb69e29aff8043558207e8c8dfe7165cd93034f0e

SHA512
ddeae16e431a1d7c8e064ce5049cce0145fceb750271a62be3c9cece62d2c67264e0ed943fcf7db45f824e50ba84c36a76664733822fc4f1ef51a4635ce95157

Download Submit
C:\Windows\System\BSqmWvr.exe

Filesize
829KB

MD5
57843ebf19dff4c8d22ad3e0a73a8603

SHA1
42eb1e5723c82c1a7b0fe32102f2ff193fe3ea51

SHA256
0562cae6196a6484e54f6af33a3c95b602b0733d4403c68c9d0c9150cc0ccbee

SHA512
08b67c967f2139d18619f448dcab0eae92a556e9b5eb0a4bd93ca7587280627ce99a89f4bf578af68ed35086b20cfc71ddd5af58b350756be53b05351690a828

Download Submit
C:\Windows\System\CNZQEHb.exe

Filesize
833KB

MD5
7061cf8ae3388ab3c14843a020bb7789

SHA1
83f9e18d6e5a04000875a5243337158210f3c20e

SHA256
f4c18a068f99fe2f2818ec822b5f6e17fe3632081062795def745d3b18f43bbc

SHA512
be0289bef8f8e291720553836f3c5c7351ac6d11dc214b5ff963bfe8ac2cd72d49e9627d7467f300152b216a1278d00e6b6bfb1cf35c97fd2602f44f02adeb9b

Download Submit
C:\Windows\System\CeIrdSg.exe

Filesize
836KB

MD5
69207fe7ca2de723910e8bfd086bea81

SHA1
8830c2eeac3ced5d721ebf394a1ef8729d83a994

SHA256
a56c33e7f51b48015991b58528fc846f3fe0ba8390c110a1aea0e71c0bc5ae04

SHA512
39b92aea1fab2be82a320c7fa362279c538b5c16567b13ec52ef51ccd698e4d9887e3482869bf426dc95800a60884f39013c31c00cfe11084005f74e704141fd

Download Submit
C:\Windows\System\CsxqiPO.exe

Filesize
836KB

MD5
ee478cb5fcb2174a1da03e7f7794b323

SHA1
6f224b5304523316afdc7616cd08e7b14402b0e7

SHA256
c793fa92bd36041dabb9776c73edbaf812bd2c55ea6e41550ec125317b1667cf

SHA512
5b3f90f17e5119c270206b2b675ded5535bed4b1b72039b6563a5bc62f0f94c04b4359e495cb1a346f6d7dc95e82924cf565d10b3d054df33e16fa9721afb471

Download Submit
C:\Windows\System\DlQFhis.exe

Filesize
835KB

MD5
1654b6066151052c2d61a87e0ad1bf07

SHA1
ce571b414e5846186a90f94b2fc93fd0a73d8496

SHA256
45e10dcb8f0e84448c76a4614225c6b34b56a8f0e69188ebd545a5f5fb5dfc35

SHA512
00f7a33cbccee8aa1177b14b05d4374005a29fdcd0b5303f630aa9489e41dbe137a3a8a5781a8c27756d3e661531eda02ce0134c788279640b2e6e0cfbdd14ba

Download Submit
C:\Windows\System\DxruAng.exe

Filesize
833KB

MD5
6385211f2873b5fd2a208aca21824f30

SHA1
2e27c5340f5327e3e4109ec6fef244175d07d7bd

SHA256
ded9df0f86f81ed43314e5ab5b4cbc0aab3ade866ec28d15af90a87bb3a70cca

SHA512
0e58d2066c37f144657f4f274a0dc229d6411b9c0bb5fafb146cbfeeb31781fbb7f92904aca8b7e9061756577a6972ee80c0c7b2ed580e7bcaf25d38a0fd59ba

Download Submit
C:\Windows\System\FJUJbsq.exe

Filesize
829KB

MD5
793e3f657bb7fedc0bbf6d6755c771b5

SHA1
396c685026a60a8b3a8dc8330b81a06f7f47fa39

SHA256
99a327b0f1e69ac5265e3b800bcd569caead5a45d507ecbcc0db5f9b1a7afc31

SHA512
8c78091c50aa79ac143b8d43f27d01de1addb96349a25e4026f9fd1259f1baa164189c6e4e52bb2385a366a634a8a158028fc16e891084a11998da02ba80df54

Download Submit
C:\Windows\System\HeTMUiK.exe

Filesize
830KB

MD5
f37ac8a682e90e59d23a80e833c3a924

SHA1
21866fa60bf8341daef6895a893e56e64dc7cf7c

SHA256
150aab5d5d64fd13459bba37cc9f2f113d6632a38ca2969103443508f0d21082

SHA512
46a675a9f7edba8cfbaedee03756e8b444343967ad7673bfea9cd97502cb5aab7d9c197dc73cbb9208164a5db5c1e4f37a43aebef096376edeb0ac2b5609e1dc

Download Submit
C:\Windows\System\KfYiyCV.exe

Filesize
835KB

MD5
a6f7e54fc8de3923ffbf2e55e8681568

SHA1
c5e030648ea3074f94954f6f5330c365ce68f0b9

SHA256
324c92b2cd1214a76174b271ff680358f75708f4ee03f8bf3f66d9c76a89610e

SHA512
b26f33d33d0fdc2b89432d128402e502750abb1baffc954d53c2be5fed72a0ee645560cb6f3bef5fd8f6f70d9e95a2c5f756e3f1f473b845ec1c546e57c2a24a

Download Submit
C:\Windows\System\KnidsCi.exe

Filesize
834KB

MD5
1bc6cd3a78b9cbefa0cfdf55797ff37b

SHA1
7039ad6948048d25bd8ade5a1c1ceb93e189c34d

SHA256
7eca5678e618f5ec654bddddaaaadc95c28fe706de0a0c9c7c777cb453b4a52b

SHA512
eea62cb4f0c7e029ba2bafc6e96650397cc39af413986ed33a4c30e95b42c496d1750d5b03824d7b3cba881084983a341da3350660cf501a176055cc964013a4

Download Submit
C:\Windows\System\LJbBdHO.exe

Filesize
834KB

MD5
f6d01b12045184f4ca767c6ef09db8b5

SHA1
8e5931097cf67f201392fb45b26913a0f9bf7d8c

SHA256
5b12be33479bc8e117212f712410c8af94a7201a4e797b6485867b71d3b379c1

SHA512
6a475e849cfc40b424aa43cac82afe1d33ce8fda35f06a2500db1c4dff79d8b08cd1a089b65cf3082d02cae7dbe8abcae521d24e091ecb0ad04f7353c62cb5f3

Download Submit
C:\Windows\System\PioHeUi.exe

Filesize
834KB

MD5
1373fa2c52473483147461e78d1ab122

SHA1
167516b150e8dd172ea6d913ffa69260c11f65d9

SHA256
ff6595202685caef3b610ef77c47f0a47d458815b9c40dfb873176869248e313

SHA512
d79e60e80c1f48712f4afe6da247cd654c9e10eb7db7198f6fc006475852ed2b3533507b21f8d317d8ecff964d61b0dbdccc6df30c55f8ebd85c6a74b44c1859

Download Submit
C:\Windows\System\QqJpDyf.exe

Filesize
830KB

MD5
f4bf4b46c87c4e05b67a2382ba09dd82

SHA1
05842ca895f50416ece6eaf2d3116ac10f0b133a

SHA256
aff047befc591bef758aa371725f404549a912d93ea8eb9f7fee65c0c7706c62

SHA512
4acde3c55e3d42091a1ac11531e521a37ab337c4b415d2a37b5275f428d9a9b79e5a1168e253db1f9aae7f148fdd4a89b82b4e3bbb028143c8f292fa671ee864

Download Submit
C:\Windows\System\UdbRNZc.exe

Filesize
831KB

MD5
a2cba7f220fa76f22420c1959f798f37

SHA1
d3dd7190a551dcae121f1afdc49e357394a0af62

SHA256
72cd772882b2f5358d30bd40af0028317b79e66bb5ee8588427c8aa6e46b6dd0

SHA512
bf09ab5db57ef4a1bddc944c275b2bd693a92709eafca9ebbaaebbcf56dbe76a05fa93b2c2bc1373af0cc205a4780259e6ef45a3bbd5427ad26aaa3a54a3aec8

Download Submit
C:\Windows\System\ZLHkrbD.exe

Filesize
832KB

MD5
38597e66cf054e1d74cbf5a66e846681

SHA1
77718eac5ac3ecb8c5bfcfa65e32c29832a796b4

SHA256
66250fc5e5c64d4328ee0447faba5dc207ba1b76316be2697841f92d6638e8ab

SHA512
7c0872e8b48da3e5ec7073ff26d8520b2cbc7f4ac0a9a546a1c4a7347fb40c296d3c2a25bcf81f937bc3d468d7153d9725d0d26a63c9089ea7a70c54def2d842

Download Submit
C:\Windows\System\aRtiCki.exe

Filesize
830KB

MD5
b255b1e08ed0410af1313de7a144a731

SHA1
da750132e09a4c73d3f3c9d2e21f40235645a34e

SHA256
9f3c1cd217c70c26e3e4858b3a17bf7386a0db2fb57e30f9148bb5c37c996ab8

SHA512
605f16807abf02125f60172fb57a55bdeff135d5981315f29e86d18251ab18888bce9410d12943c90ddcd2407e48aefe7941bf536bddbfc78d14e8fc39e1fb93

Download Submit
C:\Windows\System\alfjCay.exe

Filesize
831KB

MD5
968b302db7e03cabd221afe6a63bc534

SHA1
da4b28f6104d7354476482d920c07adf0e15c289

SHA256
6b555f21f0dcd5c468d35784c964db05215377f4ac898e9bbff562973eac94f1

SHA512
1143d805deb34ce56a180a6d09d98d9a0567e92cab786d820d02c3b0c3b03df65a517770a6458a1035bbd4fe52648c41a79a9883a8b6f4cd5c70ed2d2183b3db

Download Submit
C:\Windows\System\cEPODsx.exe

Filesize
835KB

MD5
981d37a3af07aeb9943ed45c8688fad5

SHA1
6bd5032c9979017537fc79ae25db24a9856f704d

SHA256
1f3f0b6b89b3cf91535989a0da35847080a66599e74eeaefaaa490872bcba8bf

SHA512
01f48383d2fe4ab6c06f7422ff34da16d85f38d31a2c60864f5f555ef9cb9bf39521b077a5c680b160a55d0dddf99b7d1b76796522a0dfa145a5eed9007ac420

Download Submit
C:\Windows\System\eoTSIIK.exe

Filesize
832KB

MD5
a1640bc4c592d5bb27eaf9b2065fdd76

SHA1
148ca425a65e1a65b6a4a9ee73b9c6b3d7743c5e

SHA256
38590edf7711682d6a9df958ed6c97f274ad8e1fa8530eddbc0d49b59c54266d

SHA512
ab1fd465a2e932ddbe0ac5345c13aef48b23d2feb33bfc2d7f9c33f30a3b78064169bab3946b00bc6d49f5032f50332b94cec0bcdfe0e3747e1e498ae42b5786

Download Submit
C:\Windows\System\gQETxdo.exe

Filesize
830KB

MD5
803c28d80eef332d1ab8b8f4babbe62b

SHA1
fa4e4a973eef9f0aa533394e98e1df6041e37069

SHA256
ee7f1bcdf4fe3bffadf49d2e52e23cb2e7f588b5141008681fd304a2ce71d612

SHA512
4e43ff49c3b591b36f9722d1d58e28b699de5ba3425628a8113721489503f7d81dc2d8aa6b6bbb8c3fbc64400041f8bedfa7bb2f1e36d18371f8756ac42dabe3

Download Submit
C:\Windows\System\itBbZmG.exe

Filesize
833KB

MD5
0fe5dd0e0bcf6bc6826545eeda2165f5

SHA1
e2cebe1133fb14cf4e01fd094bcf4b884c39ddb8

SHA256
3f27073b67a66de56aa76a516e29977c29dbf2eaa49602afb145661336ce4425

SHA512
b4572b2f61e321c356a81190302d00e7a5d0c75f812b37d7c9a4758799ad727e3cd9e55e561a736d7fab97bbbac73f7dfe48ec9f7a584107249974812cacbe30

Download Submit
C:\Windows\System\kDcsBaj.exe

Filesize
831KB

MD5
e55914d08b23a2d96a5f348b5bfea38f

SHA1
826ae94ea914cc9eb453ce16ec21c85d45118168

SHA256
45e1adc45b6a4c7d9fd0208b1f66770df94b36b15a0c3f98557ffe8a492a7377

SHA512
0443803c0c365361ab2b55e9de45b71096099f2d0238964df1d7419c1e7a0ee0905dedc8a82fbf8fb7a105b80778bc1e6f7856597e0b3442395cb9f8f654197d

Download Submit
C:\Windows\System\kPKvkUA.exe

Filesize
833KB

MD5
69abb34807eec7088d02bbd61e905c19

SHA1
f8666166036f5d855570e3c76cc1c43618c70650

SHA256
943df50d08667d2b9a236c8b54f40a6c06a3766fd75758d6d3d611e26c983e9d

SHA512
93ca0d1a87d9bd06b710bbde7d333ddf939a29ebc65e31eb3d4318af071cf9ac2c5758fe82af7aa40990e5fcdeff6f5e642ae752fbe1051b142d3b4ab42687ed

Download Submit
C:\Windows\System\nyVWHqn.exe

Filesize
832KB

MD5
4e5664a32518600bb76b49f653354669

SHA1
bb6a8534e0ad63f981ed6fb4e6e248e667bf32a6

SHA256
43270e9c4e4a080c1135b6577dfda8e39075015a7fe47a6a87d0f3dbebfb709c

SHA512
9b8f4760e3d3ef3291ce40c2534e60cf5080ed7fbeb64572cba22cc9500da0a79c8739d87dd410eae0aaaba83cbd6169042263b7290b7a2f59acad64dd1f5c4d

Download Submit
C:\Windows\System\nyVbayH.exe

Filesize
832KB

MD5
abdafd4ea1df335234df7d22de300797

SHA1
14185d78d77b68a668a08adbb6b0ddb8ec0c4810

SHA256
7cefc71debcbaf56978e85c0472def9c9cae3571359b321254041aaccb57f011

SHA512
51717dee000662e3c7b53b14ad49370cf5a616dcb95250ec7f72aa60cc5f164165e5ccb1939be716ffb85857a5d06db6976f1c97ae4b74edf27da5fce5f96b48

Download Submit
C:\Windows\System\qKoSHrQ.exe

Filesize
829KB

MD5
2600c7ebc7dbcfc44fd78ce6524f0a7e

SHA1
9ef69894a3c46c1a5d37fa71f48de9392ab305ff

SHA256
a5541ed63fcc7fdb2bfefe21f7926403719d988041452af05a90b0dd93aeddee

SHA512
2c125b639387ac30eade4daf5eb62c58a8eba87ea520c3c1afc3d564fb9852e7c543d8e02060a7a09f8e562dfae7ab1a92e82743d09ce7abf034ae90797326c1

Download Submit
C:\Windows\System\sFfIeUl.exe

Filesize
835KB

MD5
cb907d85ebd9e2bf55549a3ed42c7e59

SHA1
a29e55e2cbd20472c4f59a5df89aeb167d206c46

SHA256
6af555ebebab5c8887f4edf72a9cbcc6b1486053bb487e0634ed8c0ed3cefc68

SHA512
ab3f3bab2dd8d9f814fddc82319a7cbb612fdcb57e52151cb5ef9d71c069a64839534230d4e94729b1b3c2fde93282c397367f35e93151eb2c12a05a2d79f3cd

Download Submit
C:\Windows\System\tbrjGfU.exe

Filesize
829KB

MD5
6f866724578e859f17d0ecca06a3b3de

SHA1
599410795188f7735a8c1b99d92bc2a4664e8c78

SHA256
3561e9a78758d1afff2cc0bede6961a3822e924d68d19402f14c0ad1be5e1a46

SHA512
c955dd14c495dc0a54774b4508b59173425b916af5ed25d162c4ec58f95dea6998c7b2d3fcb5f8695a3c463780de80b34d9333e2418bf7b3cab8b528d6899a72

Download Submit
C:\Windows\System\uwQSdZY.exe

Filesize
831KB

MD5
640fbe5bd20577236ea89f643320c481

SHA1
820a3eb2b5bac1a5b197be8056cdd4590d5984ed

SHA256
7cae5a5bd9be174d68da4d165c2eba16f674aa97fb0d003628139756a00bf62b

SHA512
a369bc9caacfcae8ef2e2c4b6e17ba5319510c530fd5127e6472b506c7da0ab0e8342d4b7e3a25f257d0677f6f50690fd3580a44df774e658dfb22d4bf2d3080

Download Submit
C:\Windows\System\vblxMtG.exe

Filesize
828KB

MD5
9b01cc1aae3d3ee35d6d83a642313082

SHA1
9ef6822a02499b40fc24d4bac02db6961b0675ed

SHA256
d73b5575e5cbe5caf94eb288bed08139875b8e17a9514c2bada6901284f146a7

SHA512
d62aa7b0d592e5d62936bc98654ef38216009688782f5ed69b91d7f8e8cdd9429f1cce983c7d0845d3ca93107907b0f46e22d91d72db2719782fa3b7a71b2937

Download Submit
C:\Windows\System\wdKWEaJ.exe

Filesize
836KB

MD5
1edfcf718b0cd4cd4038655d980a1680

SHA1
ff29bd81d2dca9afd22c89316b3def1343efc384

SHA256
8b8cecbf050cffd0686926c2f415ba3939f8b8b8cbaaa87c8b8a48c55440e733

SHA512
763b8ed985138fc387e63a80520c2eea39a5538296b75d1a2bb355e021b234e3f28af2be1dbb099af0a7cfb9c3e9f1dad91bce035a93a7d82ad273dfa8659caa

Download Submit
C:\Windows\System\xwRbUHT.exe

Filesize
835KB

MD5
b2ac3d1c596ea3267792015c439ea1fe

SHA1
7bb8395be41ab8a44eab50398c468073d902b916

SHA256
d5de3504c8283d20830a4befb375554e6766db99bf54ce42135c067378700bd9

SHA512
f1ad0233b81530810f4ff0230561e3d3debebeed5b6b1cde8ffdf72dfc1141b480de070abd0c3ec912c09ca38c6a01bdf4a6a93d37b3a0b5abf01328613944ff

Download Submit
memory/1164-2477-0x00007FF7A2480000-0x00007FF7A27D1000-memory.dmp

Filesize
3.3MB

Download
memory/1164-378-0x00007FF7A2480000-0x00007FF7A27D1000-memory.dmp

Filesize
3.3MB

Download
memory/1180-1100-0x00007FF7E9220000-0x00007FF7E9571000-memory.dmp

Filesize
3.3MB

Download
memory/1180-11-0x00007FF7E9220000-0x00007FF7E9571000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2447-0x00007FF7E9220000-0x00007FF7E9571000-memory.dmp

Filesize
3.3MB

Download
memory/1292-2518-0x00007FF658FF0000-0x00007FF659341000-memory.dmp

Filesize
3.3MB

Download
memory/1292-427-0x00007FF658FF0000-0x00007FF659341000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2475-0x00007FF654DF0000-0x00007FF655141000-memory.dmp

Filesize
3.3MB

Download
memory/1332-386-0x00007FF654DF0000-0x00007FF655141000-memory.dmp

Filesize
3.3MB

Download
memory/1392-2469-0x00007FF711C40000-0x00007FF711F91000-memory.dmp

Filesize
3.3MB

Download
memory/1392-354-0x00007FF711C40000-0x00007FF711F91000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2514-0x00007FF6FD460000-0x00007FF6FD7B1000-memory.dmp

Filesize
3.3MB

Download
memory/1440-410-0x00007FF6FD460000-0x00007FF6FD7B1000-memory.dmp

Filesize
3.3MB

Download
memory/1568-2461-0x00007FF7E1DE0000-0x00007FF7E2131000-memory.dmp

Filesize
3.3MB

Download
memory/1568-316-0x00007FF7E1DE0000-0x00007FF7E2131000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1260-0x00007FF6696A0000-0x00007FF6699F1000-memory.dmp

Filesize
3.3MB

Download
memory/1668-25-0x00007FF6696A0000-0x00007FF6699F1000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2445-0x00007FF6696A0000-0x00007FF6699F1000-memory.dmp

Filesize
3.3MB

Download
memory/1692-1513-0x00007FF702FD0000-0x00007FF703321000-memory.dmp

Filesize
3.3MB

Download
memory/1692-30-0x00007FF702FD0000-0x00007FF703321000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2453-0x00007FF702FD0000-0x00007FF703321000-memory.dmp

Filesize
3.3MB

Download
memory/1884-308-0x00007FF7AD740000-0x00007FF7ADA91000-memory.dmp

Filesize
3.3MB

Download
memory/1884-2457-0x00007FF7AD740000-0x00007FF7ADA91000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2471-0x00007FF74EF10000-0x00007FF74F261000-memory.dmp

Filesize
3.3MB

Download
memory/2012-357-0x00007FF74EF10000-0x00007FF74F261000-memory.dmp

Filesize
3.3MB

Download
memory/2488-348-0x00007FF71C3B0000-0x00007FF71C701000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2467-0x00007FF71C3B0000-0x00007FF71C701000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2490-0x00007FF758EA0000-0x00007FF7591F1000-memory.dmp

Filesize
3.3MB

Download
memory/2592-393-0x00007FF758EA0000-0x00007FF7591F1000-memory.dmp

Filesize
3.3MB

Download
memory/3000-412-0x00007FF62A2D0000-0x00007FF62A621000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2520-0x00007FF62A2D0000-0x00007FF62A621000-memory.dmp

Filesize
3.3MB

Download
memory/3008-390-0x00007FF74DB50000-0x00007FF74DEA1000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2503-0x00007FF74DB50000-0x00007FF74DEA1000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2496-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp

Filesize
3.3MB

Download
memory/3160-392-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp

Filesize
3.3MB

Download
memory/3188-2492-0x00007FF7EB920000-0x00007FF7EBC71000-memory.dmp

Filesize
3.3MB

Download
memory/3188-387-0x00007FF7EB920000-0x00007FF7EBC71000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2508-0x00007FF705B80000-0x00007FF705ED1000-memory.dmp

Filesize
3.3MB

Download
memory/3516-389-0x00007FF705B80000-0x00007FF705ED1000-memory.dmp

Filesize
3.3MB

Download
memory/3548-321-0x00007FF77C8D0000-0x00007FF77CC21000-memory.dmp

Filesize
3.3MB

Download
memory/3548-2463-0x00007FF77C8D0000-0x00007FF77CC21000-memory.dmp

Filesize
3.3MB

Download
memory/4012-2449-0x00007FF7D5080000-0x00007FF7D53D1000-memory.dmp

Filesize
3.3MB

Download
memory/4012-29-0x00007FF7D5080000-0x00007FF7D53D1000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2459-0x00007FF688C50000-0x00007FF688FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4036-444-0x00007FF688C50000-0x00007FF688FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4384-2522-0x00007FF6089A0000-0x00007FF608CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4384-405-0x00007FF6089A0000-0x00007FF608CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4452-394-0x00007FF687540000-0x00007FF687891000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2451-0x00007FF78F020000-0x00007FF78F371000-memory.dmp

Filesize
3.3MB

Download
memory/4560-19-0x00007FF78F020000-0x00007FF78F371000-memory.dmp

Filesize
3.3MB

Download
memory/4560-1106-0x00007FF78F020000-0x00007FF78F371000-memory.dmp

Filesize
3.3MB

Download
memory/4588-1516-0x00007FF6EFAE0000-0x00007FF6EFE31000-memory.dmp

Filesize
3.3MB

Download
memory/4588-2455-0x00007FF6EFAE0000-0x00007FF6EFE31000-memory.dmp

Filesize
3.3MB

Download
memory/4588-303-0x00007FF6EFAE0000-0x00007FF6EFE31000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2494-0x00007FF787830000-0x00007FF787B81000-memory.dmp

Filesize
3.3MB

Download
memory/4736-388-0x00007FF787830000-0x00007FF787B81000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2498-0x00007FF7C5790000-0x00007FF7C5AE1000-memory.dmp

Filesize
3.3MB

Download
memory/4868-391-0x00007FF7C5790000-0x00007FF7C5AE1000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2473-0x00007FF743210000-0x00007FF743561000-memory.dmp

Filesize
3.3MB

Download
memory/5008-372-0x00007FF743210000-0x00007FF743561000-memory.dmp

Filesize
3.3MB

Download
memory/5060-336-0x00007FF7DAC70000-0x00007FF7DAFC1000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2465-0x00007FF7DAC70000-0x00007FF7DAFC1000-memory.dmp

Filesize
3.3MB

Download
memory/5068-1-0x000001DC2B620000-0x000001DC2B630000-memory.dmp

Filesize
64KB

Download
memory/5068-0-0x00007FF75FFE0000-0x00007FF760331000-memory.dmp

Filesize
3.3MB

Download
memory/5068-803-0x00007FF75FFE0000-0x00007FF760331000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads