xmrig | 0302dc621f5a0080c3e16825649f228247acec517e23aca36e3340f5b189460e

Analysis

max time kernel
113s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f27f83ed88511bd295dd87aed103e930N.exe
Size

1.8MB
MD5

f27f83ed88511bd295dd87aed103e930
SHA1

9cfa9e235bf14d65ce5694a8bae37aa2cd81e641
SHA256

0302dc621f5a0080c3e16825649f228247acec517e23aca36e3340f5b189460e
SHA512

48680dc2963829d3c5e6e4b7508e526919411755fcf1ff85c753a80d8f30628f90a2d08d563f7adad5d1ed3e9373f2fad1c7be3793f606363dc99111c8af1390
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXIZbelVFF/:BemTLkNdfE0pZrB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4620-0-0x00007FF66E880000-0x00007FF66EBD4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023598-11.dat	xmrig
behavioral2/files/0x00070000000235a4-36.dat	xmrig
behavioral2/files/0x00070000000235a0-34.dat	xmrig
behavioral2/files/0x00070000000235a2-46.dat	xmrig
behavioral2/memory/376-68-0x00007FF7C22A0000-0x00007FF7C25F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235a7-70.dat	xmrig
behavioral2/memory/2848-82-0x00007FF753760000-0x00007FF753AB4000-memory.dmp	xmrig
behavioral2/memory/2284-86-0x00007FF62EF20000-0x00007FF62F274000-memory.dmp	xmrig
behavioral2/memory/3184-85-0x00007FF64ED00000-0x00007FF64F054000-memory.dmp	xmrig
behavioral2/memory/468-84-0x00007FF7F6050000-0x00007FF7F63A4000-memory.dmp	xmrig
behavioral2/memory/3968-83-0x00007FF7450D0000-0x00007FF745424000-memory.dmp	xmrig
behavioral2/files/0x00070000000235ab-80.dat	xmrig
behavioral2/files/0x00070000000235aa-78.dat	xmrig
behavioral2/files/0x00070000000235a9-76.dat	xmrig
behavioral2/files/0x00070000000235a8-74.dat	xmrig
behavioral2/memory/4548-73-0x00007FF688410000-0x00007FF688764000-memory.dmp	xmrig
behavioral2/memory/4680-69-0x00007FF7B7AF0000-0x00007FF7B7E44000-memory.dmp	xmrig
behavioral2/files/0x00070000000235a5-60.dat	xmrig
behavioral2/memory/4916-57-0x00007FF6947D0000-0x00007FF694B24000-memory.dmp	xmrig
behavioral2/files/0x00070000000235a6-53.dat	xmrig
behavioral2/memory/2128-40-0x00007FF7EC220000-0x00007FF7EC574000-memory.dmp	xmrig
behavioral2/memory/1964-37-0x00007FF698870000-0x00007FF698BC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235a3-41.dat	xmrig
behavioral2/files/0x000700000002359f-27.dat	xmrig
behavioral2/memory/4700-24-0x00007FF663F20000-0x00007FF664274000-memory.dmp	xmrig
behavioral2/files/0x00070000000235a1-19.dat	xmrig
behavioral2/memory/2008-17-0x00007FF6AB490000-0x00007FF6AB7E4000-memory.dmp	xmrig
behavioral2/memory/3908-9-0x00007FF75B850000-0x00007FF75BBA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235b1-118.dat	xmrig
behavioral2/files/0x00070000000235b6-134.dat	xmrig
behavioral2/files/0x00070000000235bb-155.dat	xmrig
behavioral2/memory/2548-179-0x00007FF62E4F0000-0x00007FF62E844000-memory.dmp	xmrig
behavioral2/memory/1672-204-0x00007FF614800000-0x00007FF614B54000-memory.dmp	xmrig
behavioral2/memory/348-226-0x00007FF67C160000-0x00007FF67C4B4000-memory.dmp	xmrig
behavioral2/memory/4304-232-0x00007FF670070000-0x00007FF6703C4000-memory.dmp	xmrig
behavioral2/memory/880-247-0x00007FF6CEC30000-0x00007FF6CEF84000-memory.dmp	xmrig
behavioral2/memory/3908-324-0x00007FF75B850000-0x00007FF75BBA4000-memory.dmp	xmrig
behavioral2/memory/4620-323-0x00007FF66E880000-0x00007FF66EBD4000-memory.dmp	xmrig
behavioral2/memory/1308-248-0x00007FF78AF80000-0x00007FF78B2D4000-memory.dmp	xmrig
behavioral2/memory/1444-246-0x00007FF70C2B0000-0x00007FF70C604000-memory.dmp	xmrig
behavioral2/memory/3812-241-0x00007FF6B6380000-0x00007FF6B66D4000-memory.dmp	xmrig
behavioral2/memory/3540-231-0x00007FF77BC10000-0x00007FF77BF64000-memory.dmp	xmrig
behavioral2/memory/2820-227-0x00007FF683090000-0x00007FF6833E4000-memory.dmp	xmrig
behavioral2/memory/1984-211-0x00007FF653550000-0x00007FF6538A4000-memory.dmp	xmrig
behavioral2/memory/2676-192-0x00007FF7342D0000-0x00007FF734624000-memory.dmp	xmrig
behavioral2/files/0x00070000000235c2-188.dat	xmrig
behavioral2/files/0x00070000000235c1-184.dat	xmrig
behavioral2/files/0x00070000000235bd-183.dat	xmrig
behavioral2/memory/2988-181-0x00007FF749B50000-0x00007FF749EA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235c0-178.dat	xmrig
behavioral2/files/0x00070000000235bf-175.dat	xmrig
behavioral2/files/0x00070000000235b9-174.dat	xmrig
behavioral2/files/0x00070000000235be-171.dat	xmrig
behavioral2/files/0x00070000000235b7-170.dat	xmrig
behavioral2/files/0x00070000000235b3-168.dat	xmrig
behavioral2/files/0x00070000000235bc-163.dat	xmrig
behavioral2/memory/2356-140-0x00007FF7D4F20000-0x00007FF7D5274000-memory.dmp	xmrig
behavioral2/files/0x00070000000235ba-154.dat	xmrig
behavioral2/files/0x00070000000235b4-152.dat	xmrig
behavioral2/files/0x00070000000235b8-149.dat	xmrig
behavioral2/files/0x00070000000235b0-147.dat	xmrig
behavioral2/files/0x00070000000235b2-166.dat	xmrig
behavioral2/files/0x00070000000235af-141.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3908	nXxTMKL.exe
2008	WNdGFUj.exe
4700	zhaVLUr.exe
376	GGkKfXE.exe
1964	FQlnVPV.exe
4680	qqMfpGC.exe
2128	ZopNAwj.exe
4548	EuFhyfo.exe
4916	UGOwGXN.exe
2284	rbHSXTw.exe
2848	eIhiMEt.exe
3968	DOnvpcC.exe
468	Jvailig.exe
3184	LdruTya.exe
3040	lFxZRzG.exe
2356	XmKHJoX.exe
2548	zlINQiq.exe
2988	PVfUnMJ.exe
2676	kNIjHBy.exe
1444	TIGASmJ.exe
1672	iSuwFoD.exe
1984	HCoPeIp.exe
348	xAvbqyq.exe
2820	lQqNmPD.exe
880	JtKHUUW.exe
3540	SxmMUxW.exe
4304	aWChKJE.exe
3812	nufOETO.exe
1308	vcCEejJ.exe
2304	HiekiYk.exe
1212	rYuRrqs.exe
2880	dPXHkdE.exe
2900	oBqbbZK.exe
4400	KAPOKHZ.exe
1808	JlfROwP.exe
1684	vkISUSz.exe
4464	uZxdPVq.exe
1564	bzKLfKK.exe
1192	skJNEOc.exe
3832	QDSaRbC.exe
4204	naDjrQy.exe
1948	jMRgGnc.exe
1180	tHxUCnu.exe
4596	uKgFwTo.exe
400	FUWqQXI.exe
2140	pYXXltR.exe
448	LoGWHJB.exe
1316	BPjUgsf.exe
5004	ktdxaoU.exe
3604	JuflRYp.exe
3756	hcXBgOe.exe
2500	kHXVahu.exe
4484	lLucQsp.exe
3484	judnuqS.exe
5028	ETnKstE.exe
4572	GocQmoP.exe
2164	ZvFgejW.exe
4360	cTkcGPt.exe
3760	ubxvGUw.exe
1716	IiCrzzj.exe
2032	RZIizGK.exe
3284	fHLulfa.exe
3172	QPuiabY.exe
5136	fDjLqqZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4620-0-0x00007FF66E880000-0x00007FF66EBD4000-memory.dmp	upx
behavioral2/files/0x0009000000023598-11.dat	upx
behavioral2/files/0x00070000000235a4-36.dat	upx
behavioral2/files/0x00070000000235a0-34.dat	upx
behavioral2/files/0x00070000000235a2-46.dat	upx
behavioral2/memory/376-68-0x00007FF7C22A0000-0x00007FF7C25F4000-memory.dmp	upx
behavioral2/files/0x00070000000235a7-70.dat	upx
behavioral2/memory/2848-82-0x00007FF753760000-0x00007FF753AB4000-memory.dmp	upx
behavioral2/memory/2284-86-0x00007FF62EF20000-0x00007FF62F274000-memory.dmp	upx
behavioral2/memory/3184-85-0x00007FF64ED00000-0x00007FF64F054000-memory.dmp	upx
behavioral2/memory/468-84-0x00007FF7F6050000-0x00007FF7F63A4000-memory.dmp	upx
behavioral2/memory/3968-83-0x00007FF7450D0000-0x00007FF745424000-memory.dmp	upx
behavioral2/files/0x00070000000235ab-80.dat	upx
behavioral2/files/0x00070000000235aa-78.dat	upx
behavioral2/files/0x00070000000235a9-76.dat	upx
behavioral2/files/0x00070000000235a8-74.dat	upx
behavioral2/memory/4548-73-0x00007FF688410000-0x00007FF688764000-memory.dmp	upx
behavioral2/memory/4680-69-0x00007FF7B7AF0000-0x00007FF7B7E44000-memory.dmp	upx
behavioral2/files/0x00070000000235a5-60.dat	upx
behavioral2/memory/4916-57-0x00007FF6947D0000-0x00007FF694B24000-memory.dmp	upx
behavioral2/files/0x00070000000235a6-53.dat	upx
behavioral2/memory/2128-40-0x00007FF7EC220000-0x00007FF7EC574000-memory.dmp	upx
behavioral2/memory/1964-37-0x00007FF698870000-0x00007FF698BC4000-memory.dmp	upx
behavioral2/files/0x00070000000235a3-41.dat	upx
behavioral2/files/0x000700000002359f-27.dat	upx
behavioral2/memory/4700-24-0x00007FF663F20000-0x00007FF664274000-memory.dmp	upx
behavioral2/files/0x00070000000235a1-19.dat	upx
behavioral2/memory/2008-17-0x00007FF6AB490000-0x00007FF6AB7E4000-memory.dmp	upx
behavioral2/memory/3908-9-0x00007FF75B850000-0x00007FF75BBA4000-memory.dmp	upx
behavioral2/files/0x00070000000235b1-118.dat	upx
behavioral2/files/0x00070000000235b6-134.dat	upx
behavioral2/files/0x00070000000235bb-155.dat	upx
behavioral2/memory/2548-179-0x00007FF62E4F0000-0x00007FF62E844000-memory.dmp	upx
behavioral2/memory/1672-204-0x00007FF614800000-0x00007FF614B54000-memory.dmp	upx
behavioral2/memory/348-226-0x00007FF67C160000-0x00007FF67C4B4000-memory.dmp	upx
behavioral2/memory/4304-232-0x00007FF670070000-0x00007FF6703C4000-memory.dmp	upx
behavioral2/memory/880-247-0x00007FF6CEC30000-0x00007FF6CEF84000-memory.dmp	upx
behavioral2/memory/3908-324-0x00007FF75B850000-0x00007FF75BBA4000-memory.dmp	upx
behavioral2/memory/4620-323-0x00007FF66E880000-0x00007FF66EBD4000-memory.dmp	upx
behavioral2/memory/1308-248-0x00007FF78AF80000-0x00007FF78B2D4000-memory.dmp	upx
behavioral2/memory/1444-246-0x00007FF70C2B0000-0x00007FF70C604000-memory.dmp	upx
behavioral2/memory/3812-241-0x00007FF6B6380000-0x00007FF6B66D4000-memory.dmp	upx
behavioral2/memory/3540-231-0x00007FF77BC10000-0x00007FF77BF64000-memory.dmp	upx
behavioral2/memory/2820-227-0x00007FF683090000-0x00007FF6833E4000-memory.dmp	upx
behavioral2/memory/1984-211-0x00007FF653550000-0x00007FF6538A4000-memory.dmp	upx
behavioral2/memory/2676-192-0x00007FF7342D0000-0x00007FF734624000-memory.dmp	upx
behavioral2/files/0x00070000000235c2-188.dat	upx
behavioral2/files/0x00070000000235c1-184.dat	upx
behavioral2/files/0x00070000000235bd-183.dat	upx
behavioral2/memory/2988-181-0x00007FF749B50000-0x00007FF749EA4000-memory.dmp	upx
behavioral2/files/0x00070000000235c0-178.dat	upx
behavioral2/files/0x00070000000235bf-175.dat	upx
behavioral2/files/0x00070000000235b9-174.dat	upx
behavioral2/files/0x00070000000235be-171.dat	upx
behavioral2/files/0x00070000000235b7-170.dat	upx
behavioral2/files/0x00070000000235b3-168.dat	upx
behavioral2/files/0x00070000000235bc-163.dat	upx
behavioral2/memory/2356-140-0x00007FF7D4F20000-0x00007FF7D5274000-memory.dmp	upx
behavioral2/files/0x00070000000235ba-154.dat	upx
behavioral2/files/0x00070000000235b4-152.dat	upx
behavioral2/files/0x00070000000235b8-149.dat	upx
behavioral2/files/0x00070000000235b0-147.dat	upx
behavioral2/files/0x00070000000235b2-166.dat	upx
behavioral2/files/0x00070000000235af-141.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YRHptKW.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\xKYMhBG.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\CjEmxaV.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\GocQmoP.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\cXCvNlk.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\oYmfofN.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\fMwjVkw.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\qYJhWhA.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\NiKiIID.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\uTfeamr.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\CfuRqXm.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\bhHGZxP.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\Pvodfwg.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\jlzehXs.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\WNdGFUj.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\GyBcLCt.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\tjHgPAz.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\skCiKfJ.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\hVyJyjU.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\eBmcPOe.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\rApfkXS.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\kHXVahu.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\aPzykOl.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\wiUYdVM.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\jNcGYGq.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\XwdbrBd.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\REcsDkw.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\eeHcWRg.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\diMjPcA.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\kNJwsmg.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\OFHqDpn.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\APmUCtZ.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\soRsTYY.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\SOjAOnl.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\kMfkGNL.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\iQWQZok.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\BAAnhjv.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\PQmRTUR.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\LRJlhvu.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\AKZNtqe.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\XogLNgk.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\bdPFFfT.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\gfxjRfP.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\hcKscnb.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\JlfROwP.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\ZvFgejW.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\fKzanXv.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\nhleMQu.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\HrDXkzz.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\tnWFOfZ.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\lDNZuSP.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\oEufJOE.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\kYpOXdG.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\gmXyrEI.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\fDjLqqZ.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\xUhoHJm.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\VLmTlNm.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\CtvrdVk.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\EuFhyfo.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\ETnKstE.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\XHuDUNx.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\ZaaSMrt.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\RpUPhWi.exe	f27f83ed88511bd295dd87aed103e930N.exe
File created	C:\Windows\System\nAZQlsJ.exe	f27f83ed88511bd295dd87aed103e930N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16080	dwm.exe
Token: SeChangeNotifyPrivilege	16080	dwm.exe
Token: 33	16080	dwm.exe
Token: SeIncBasePriorityPrivilege	16080	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 3908	4620	f27f83ed88511bd295dd87aed103e930N.exe	91
PID 4620 wrote to memory of 3908	4620	f27f83ed88511bd295dd87aed103e930N.exe	91
PID 4620 wrote to memory of 2008	4620	f27f83ed88511bd295dd87aed103e930N.exe	92
PID 4620 wrote to memory of 2008	4620	f27f83ed88511bd295dd87aed103e930N.exe	92
PID 4620 wrote to memory of 4700	4620	f27f83ed88511bd295dd87aed103e930N.exe	93
PID 4620 wrote to memory of 4700	4620	f27f83ed88511bd295dd87aed103e930N.exe	93
PID 4620 wrote to memory of 376	4620	f27f83ed88511bd295dd87aed103e930N.exe	94
PID 4620 wrote to memory of 376	4620	f27f83ed88511bd295dd87aed103e930N.exe	94
PID 4620 wrote to memory of 1964	4620	f27f83ed88511bd295dd87aed103e930N.exe	95
PID 4620 wrote to memory of 1964	4620	f27f83ed88511bd295dd87aed103e930N.exe	95
PID 4620 wrote to memory of 4680	4620	f27f83ed88511bd295dd87aed103e930N.exe	96
PID 4620 wrote to memory of 4680	4620	f27f83ed88511bd295dd87aed103e930N.exe	96
PID 4620 wrote to memory of 2128	4620	f27f83ed88511bd295dd87aed103e930N.exe	97
PID 4620 wrote to memory of 2128	4620	f27f83ed88511bd295dd87aed103e930N.exe	97
PID 4620 wrote to memory of 4548	4620	f27f83ed88511bd295dd87aed103e930N.exe	98
PID 4620 wrote to memory of 4548	4620	f27f83ed88511bd295dd87aed103e930N.exe	98
PID 4620 wrote to memory of 4916	4620	f27f83ed88511bd295dd87aed103e930N.exe	99
PID 4620 wrote to memory of 4916	4620	f27f83ed88511bd295dd87aed103e930N.exe	99
PID 4620 wrote to memory of 2284	4620	f27f83ed88511bd295dd87aed103e930N.exe	100
PID 4620 wrote to memory of 2284	4620	f27f83ed88511bd295dd87aed103e930N.exe	100
PID 4620 wrote to memory of 2848	4620	f27f83ed88511bd295dd87aed103e930N.exe	101
PID 4620 wrote to memory of 2848	4620	f27f83ed88511bd295dd87aed103e930N.exe	101
PID 4620 wrote to memory of 3968	4620	f27f83ed88511bd295dd87aed103e930N.exe	102
PID 4620 wrote to memory of 3968	4620	f27f83ed88511bd295dd87aed103e930N.exe	102
PID 4620 wrote to memory of 468	4620	f27f83ed88511bd295dd87aed103e930N.exe	103
PID 4620 wrote to memory of 468	4620	f27f83ed88511bd295dd87aed103e930N.exe	103
PID 4620 wrote to memory of 3184	4620	f27f83ed88511bd295dd87aed103e930N.exe	104
PID 4620 wrote to memory of 3184	4620	f27f83ed88511bd295dd87aed103e930N.exe	104
PID 4620 wrote to memory of 3040	4620	f27f83ed88511bd295dd87aed103e930N.exe	106
PID 4620 wrote to memory of 3040	4620	f27f83ed88511bd295dd87aed103e930N.exe	106
PID 4620 wrote to memory of 2356	4620	f27f83ed88511bd295dd87aed103e930N.exe	107
PID 4620 wrote to memory of 2356	4620	f27f83ed88511bd295dd87aed103e930N.exe	107
PID 4620 wrote to memory of 2548	4620	f27f83ed88511bd295dd87aed103e930N.exe	108
PID 4620 wrote to memory of 2548	4620	f27f83ed88511bd295dd87aed103e930N.exe	108
PID 4620 wrote to memory of 2988	4620	f27f83ed88511bd295dd87aed103e930N.exe	109
PID 4620 wrote to memory of 2988	4620	f27f83ed88511bd295dd87aed103e930N.exe	109
PID 4620 wrote to memory of 2676	4620	f27f83ed88511bd295dd87aed103e930N.exe	110
PID 4620 wrote to memory of 2676	4620	f27f83ed88511bd295dd87aed103e930N.exe	110
PID 4620 wrote to memory of 1444	4620	f27f83ed88511bd295dd87aed103e930N.exe	111
PID 4620 wrote to memory of 1444	4620	f27f83ed88511bd295dd87aed103e930N.exe	111
PID 4620 wrote to memory of 1672	4620	f27f83ed88511bd295dd87aed103e930N.exe	112
PID 4620 wrote to memory of 1672	4620	f27f83ed88511bd295dd87aed103e930N.exe	112
PID 4620 wrote to memory of 1984	4620	f27f83ed88511bd295dd87aed103e930N.exe	113
PID 4620 wrote to memory of 1984	4620	f27f83ed88511bd295dd87aed103e930N.exe	113
PID 4620 wrote to memory of 348	4620	f27f83ed88511bd295dd87aed103e930N.exe	114
PID 4620 wrote to memory of 348	4620	f27f83ed88511bd295dd87aed103e930N.exe	114
PID 4620 wrote to memory of 2820	4620	f27f83ed88511bd295dd87aed103e930N.exe	115
PID 4620 wrote to memory of 2820	4620	f27f83ed88511bd295dd87aed103e930N.exe	115
PID 4620 wrote to memory of 880	4620	f27f83ed88511bd295dd87aed103e930N.exe	116
PID 4620 wrote to memory of 880	4620	f27f83ed88511bd295dd87aed103e930N.exe	116
PID 4620 wrote to memory of 1212	4620	f27f83ed88511bd295dd87aed103e930N.exe	117
PID 4620 wrote to memory of 1212	4620	f27f83ed88511bd295dd87aed103e930N.exe	117
PID 4620 wrote to memory of 3540	4620	f27f83ed88511bd295dd87aed103e930N.exe	118
PID 4620 wrote to memory of 3540	4620	f27f83ed88511bd295dd87aed103e930N.exe	118
PID 4620 wrote to memory of 2900	4620	f27f83ed88511bd295dd87aed103e930N.exe	119
PID 4620 wrote to memory of 2900	4620	f27f83ed88511bd295dd87aed103e930N.exe	119
PID 4620 wrote to memory of 4304	4620	f27f83ed88511bd295dd87aed103e930N.exe	120
PID 4620 wrote to memory of 4304	4620	f27f83ed88511bd295dd87aed103e930N.exe	120
PID 4620 wrote to memory of 3812	4620	f27f83ed88511bd295dd87aed103e930N.exe	121
PID 4620 wrote to memory of 3812	4620	f27f83ed88511bd295dd87aed103e930N.exe	121
PID 4620 wrote to memory of 1308	4620	f27f83ed88511bd295dd87aed103e930N.exe	122
PID 4620 wrote to memory of 1308	4620	f27f83ed88511bd295dd87aed103e930N.exe	122
PID 4620 wrote to memory of 2304	4620	f27f83ed88511bd295dd87aed103e930N.exe	123
PID 4620 wrote to memory of 2304	4620	f27f83ed88511bd295dd87aed103e930N.exe	123

C:\Users\Admin\AppData\Local\Temp\f27f83ed88511bd295dd87aed103e930N.exe
"C:\Users\Admin\AppData\Local\Temp\f27f83ed88511bd295dd87aed103e930N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\System\nXxTMKL.exe
  C:\Windows\System\nXxTMKL.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\WNdGFUj.exe
  C:\Windows\System\WNdGFUj.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\zhaVLUr.exe
  C:\Windows\System\zhaVLUr.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\GGkKfXE.exe
  C:\Windows\System\GGkKfXE.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\FQlnVPV.exe
  C:\Windows\System\FQlnVPV.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\qqMfpGC.exe
  C:\Windows\System\qqMfpGC.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\ZopNAwj.exe
  C:\Windows\System\ZopNAwj.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\EuFhyfo.exe
  C:\Windows\System\EuFhyfo.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\UGOwGXN.exe
  C:\Windows\System\UGOwGXN.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\rbHSXTw.exe
  C:\Windows\System\rbHSXTw.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\eIhiMEt.exe
  C:\Windows\System\eIhiMEt.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\DOnvpcC.exe
  C:\Windows\System\DOnvpcC.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\Jvailig.exe
  C:\Windows\System\Jvailig.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\LdruTya.exe
  C:\Windows\System\LdruTya.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\lFxZRzG.exe
  C:\Windows\System\lFxZRzG.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\XmKHJoX.exe
  C:\Windows\System\XmKHJoX.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\zlINQiq.exe
  C:\Windows\System\zlINQiq.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\PVfUnMJ.exe
  C:\Windows\System\PVfUnMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\kNIjHBy.exe
  C:\Windows\System\kNIjHBy.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\TIGASmJ.exe
  C:\Windows\System\TIGASmJ.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\iSuwFoD.exe
  C:\Windows\System\iSuwFoD.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\HCoPeIp.exe
  C:\Windows\System\HCoPeIp.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\xAvbqyq.exe
  C:\Windows\System\xAvbqyq.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\lQqNmPD.exe
  C:\Windows\System\lQqNmPD.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\JtKHUUW.exe
  C:\Windows\System\JtKHUUW.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\rYuRrqs.exe
  C:\Windows\System\rYuRrqs.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\SxmMUxW.exe
  C:\Windows\System\SxmMUxW.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\oBqbbZK.exe
  C:\Windows\System\oBqbbZK.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\aWChKJE.exe
  C:\Windows\System\aWChKJE.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\nufOETO.exe
  C:\Windows\System\nufOETO.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\vcCEejJ.exe
  C:\Windows\System\vcCEejJ.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\HiekiYk.exe
  C:\Windows\System\HiekiYk.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\dPXHkdE.exe
  C:\Windows\System\dPXHkdE.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\KAPOKHZ.exe
  C:\Windows\System\KAPOKHZ.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\JlfROwP.exe
  C:\Windows\System\JlfROwP.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\vkISUSz.exe
  C:\Windows\System\vkISUSz.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\uZxdPVq.exe
  C:\Windows\System\uZxdPVq.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\bzKLfKK.exe
  C:\Windows\System\bzKLfKK.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\skJNEOc.exe
  C:\Windows\System\skJNEOc.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\QDSaRbC.exe
  C:\Windows\System\QDSaRbC.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\naDjrQy.exe
  C:\Windows\System\naDjrQy.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\jMRgGnc.exe
  C:\Windows\System\jMRgGnc.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\tHxUCnu.exe
  C:\Windows\System\tHxUCnu.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\uKgFwTo.exe
  C:\Windows\System\uKgFwTo.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\FUWqQXI.exe
  C:\Windows\System\FUWqQXI.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\pYXXltR.exe
  C:\Windows\System\pYXXltR.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\LoGWHJB.exe
  C:\Windows\System\LoGWHJB.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\BPjUgsf.exe
  C:\Windows\System\BPjUgsf.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\ktdxaoU.exe
  C:\Windows\System\ktdxaoU.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\JuflRYp.exe
  C:\Windows\System\JuflRYp.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\hcXBgOe.exe
  C:\Windows\System\hcXBgOe.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\kHXVahu.exe
  C:\Windows\System\kHXVahu.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\lLucQsp.exe
  C:\Windows\System\lLucQsp.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\judnuqS.exe
  C:\Windows\System\judnuqS.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\ETnKstE.exe
  C:\Windows\System\ETnKstE.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\GocQmoP.exe
  C:\Windows\System\GocQmoP.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\ZvFgejW.exe
  C:\Windows\System\ZvFgejW.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\cTkcGPt.exe
  C:\Windows\System\cTkcGPt.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\ubxvGUw.exe
  C:\Windows\System\ubxvGUw.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\IiCrzzj.exe
  C:\Windows\System\IiCrzzj.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\RZIizGK.exe
  C:\Windows\System\RZIizGK.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\fHLulfa.exe
  C:\Windows\System\fHLulfa.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\QPuiabY.exe
  C:\Windows\System\QPuiabY.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\fDjLqqZ.exe
  C:\Windows\System\fDjLqqZ.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\uUFSxmE.exe
  C:\Windows\System\uUFSxmE.exe
  2⤵
  PID:5152
- C:\Windows\System\aMdBmUJ.exe
  C:\Windows\System\aMdBmUJ.exe
  2⤵
  PID:5168
- C:\Windows\System\vmQcpmR.exe
  C:\Windows\System\vmQcpmR.exe
  2⤵
  PID:5184
- C:\Windows\System\WrYXnPp.exe
  C:\Windows\System\WrYXnPp.exe
  2⤵
  PID:5200
- C:\Windows\System\ySCFXgL.exe
  C:\Windows\System\ySCFXgL.exe
  2⤵
  PID:5436
- C:\Windows\System\WJEduIp.exe
  C:\Windows\System\WJEduIp.exe
  2⤵
  PID:5452
- C:\Windows\System\NYFyPKb.exe
  C:\Windows\System\NYFyPKb.exe
  2⤵
  PID:5468
- C:\Windows\System\CIVxRnT.exe
  C:\Windows\System\CIVxRnT.exe
  2⤵
  PID:5484
- C:\Windows\System\GBhDRzu.exe
  C:\Windows\System\GBhDRzu.exe
  2⤵
  PID:5500
- C:\Windows\System\uTfeamr.exe
  C:\Windows\System\uTfeamr.exe
  2⤵
  PID:5516
- C:\Windows\System\NHevqLP.exe
  C:\Windows\System\NHevqLP.exe
  2⤵
  PID:5532
- C:\Windows\System\mmhaHCf.exe
  C:\Windows\System\mmhaHCf.exe
  2⤵
  PID:5548
- C:\Windows\System\jWqVTux.exe
  C:\Windows\System\jWqVTux.exe
  2⤵
  PID:5564
- C:\Windows\System\xVVwGCs.exe
  C:\Windows\System\xVVwGCs.exe
  2⤵
  PID:5580
- C:\Windows\System\SBpEVrI.exe
  C:\Windows\System\SBpEVrI.exe
  2⤵
  PID:5596
- C:\Windows\System\FMcwMat.exe
  C:\Windows\System\FMcwMat.exe
  2⤵
  PID:5616
- C:\Windows\System\hlRnnBL.exe
  C:\Windows\System\hlRnnBL.exe
  2⤵
  PID:5988
- C:\Windows\System\yfwXxfV.exe
  C:\Windows\System\yfwXxfV.exe
  2⤵
  PID:6024
- C:\Windows\System\QiQvPMt.exe
  C:\Windows\System\QiQvPMt.exe
  2⤵
  PID:6040
- C:\Windows\System\RdyKuvQ.exe
  C:\Windows\System\RdyKuvQ.exe
  2⤵
  PID:6064
- C:\Windows\System\tGDFaLu.exe
  C:\Windows\System\tGDFaLu.exe
  2⤵
  PID:6084
- C:\Windows\System\iSVYtQk.exe
  C:\Windows\System\iSVYtQk.exe
  2⤵
  PID:6104
- C:\Windows\System\dEkovHW.exe
  C:\Windows\System\dEkovHW.exe
  2⤵
  PID:6136
- C:\Windows\System\hVyJyjU.exe
  C:\Windows\System\hVyJyjU.exe
  2⤵
  PID:5032
- C:\Windows\System\jsPOTLr.exe
  C:\Windows\System\jsPOTLr.exe
  2⤵
  PID:624
- C:\Windows\System\BnkqHFr.exe
  C:\Windows\System\BnkqHFr.exe
  2⤵
  PID:5164
- C:\Windows\System\gjIiALc.exe
  C:\Windows\System\gjIiALc.exe
  2⤵
  PID:5236
- C:\Windows\System\oBjzkXj.exe
  C:\Windows\System\oBjzkXj.exe
  2⤵
  PID:5284
- C:\Windows\System\iQWQZok.exe
  C:\Windows\System\iQWQZok.exe
  2⤵
  PID:5344
- C:\Windows\System\VwfQejI.exe
  C:\Windows\System\VwfQejI.exe
  2⤵
  PID:5448
- C:\Windows\System\XjHfYxy.exe
  C:\Windows\System\XjHfYxy.exe
  2⤵
  PID:5508
- C:\Windows\System\idizMon.exe
  C:\Windows\System\idizMon.exe
  2⤵
  PID:5572
- C:\Windows\System\dToTPoH.exe
  C:\Windows\System\dToTPoH.exe
  2⤵
  PID:5608
- C:\Windows\System\EuCrecK.exe
  C:\Windows\System\EuCrecK.exe
  2⤵
  PID:5668
- C:\Windows\System\nRjJKKo.exe
  C:\Windows\System\nRjJKKo.exe
  2⤵
  PID:5700
- C:\Windows\System\snxoquq.exe
  C:\Windows\System\snxoquq.exe
  2⤵
  PID:5076
- C:\Windows\System\bISnNMV.exe
  C:\Windows\System\bISnNMV.exe
  2⤵
  PID:1740
- C:\Windows\System\HAfSCXj.exe
  C:\Windows\System\HAfSCXj.exe
  2⤵
  PID:3664
- C:\Windows\System\mtcEKtM.exe
  C:\Windows\System\mtcEKtM.exe
  2⤵
  PID:1624
- C:\Windows\System\YhVIyrc.exe
  C:\Windows\System\YhVIyrc.exe
  2⤵
  PID:2760
- C:\Windows\System\UqElqJa.exe
  C:\Windows\System\UqElqJa.exe
  2⤵
  PID:2788
- C:\Windows\System\KJOcSMQ.exe
  C:\Windows\System\KJOcSMQ.exe
  2⤵
  PID:4420
- C:\Windows\System\kDFQhPZ.exe
  C:\Windows\System\kDFQhPZ.exe
  2⤵
  PID:5984
- C:\Windows\System\cvZbibQ.exe
  C:\Windows\System\cvZbibQ.exe
  2⤵
  PID:5628
- C:\Windows\System\eKsPdfA.exe
  C:\Windows\System\eKsPdfA.exe
  2⤵
  PID:5980
- C:\Windows\System\BzPDsyv.exe
  C:\Windows\System\BzPDsyv.exe
  2⤵
  PID:6056
- C:\Windows\System\JWzWZsc.exe
  C:\Windows\System\JWzWZsc.exe
  2⤵
  PID:2528
- C:\Windows\System\DzdYjsN.exe
  C:\Windows\System\DzdYjsN.exe
  2⤵
  PID:5180
- C:\Windows\System\TzoAuqr.exe
  C:\Windows\System\TzoAuqr.exe
  2⤵
  PID:5276
- C:\Windows\System\xAaySXx.exe
  C:\Windows\System\xAaySXx.exe
  2⤵
  PID:5464
- C:\Windows\System\Glpvjuf.exe
  C:\Windows\System\Glpvjuf.exe
  2⤵
  PID:5588
- C:\Windows\System\uGYksaP.exe
  C:\Windows\System\uGYksaP.exe
  2⤵
  PID:2800
- C:\Windows\System\SonNtxK.exe
  C:\Windows\System\SonNtxK.exe
  2⤵
  PID:4780
- C:\Windows\System\OFHqDpn.exe
  C:\Windows\System\OFHqDpn.exe
  2⤵
  PID:4128
- C:\Windows\System\efoWNgw.exe
  C:\Windows\System\efoWNgw.exe
  2⤵
  PID:2320
- C:\Windows\System\YAPmsIU.exe
  C:\Windows\System\YAPmsIU.exe
  2⤵
  PID:6008
- C:\Windows\System\ulRCIoT.exe
  C:\Windows\System\ulRCIoT.exe
  2⤵
  PID:6100
- C:\Windows\System\WMGtjgh.exe
  C:\Windows\System\WMGtjgh.exe
  2⤵
  PID:5328
- C:\Windows\System\XjDgmxH.exe
  C:\Windows\System\XjDgmxH.exe
  2⤵
  PID:5852
- C:\Windows\System\iKpVvqY.exe
  C:\Windows\System\iKpVvqY.exe
  2⤵
  PID:4108
- C:\Windows\System\bWFXwxJ.exe
  C:\Windows\System\bWFXwxJ.exe
  2⤵
  PID:5220
- C:\Windows\System\oumTmoh.exe
  C:\Windows\System\oumTmoh.exe
  2⤵
  PID:6172
- C:\Windows\System\lsdaxZP.exe
  C:\Windows\System\lsdaxZP.exe
  2⤵
  PID:6208
- C:\Windows\System\mEYGgAZ.exe
  C:\Windows\System\mEYGgAZ.exe
  2⤵
  PID:6236
- C:\Windows\System\aaLWdIh.exe
  C:\Windows\System\aaLWdIh.exe
  2⤵
  PID:6256
- C:\Windows\System\GqucFlx.exe
  C:\Windows\System\GqucFlx.exe
  2⤵
  PID:6296
- C:\Windows\System\HudyHZZ.exe
  C:\Windows\System\HudyHZZ.exe
  2⤵
  PID:6328
- C:\Windows\System\fsuqmXW.exe
  C:\Windows\System\fsuqmXW.exe
  2⤵
  PID:6348
- C:\Windows\System\HPsDOtT.exe
  C:\Windows\System\HPsDOtT.exe
  2⤵
  PID:6376
- C:\Windows\System\qkyNmYA.exe
  C:\Windows\System\qkyNmYA.exe
  2⤵
  PID:6400
- C:\Windows\System\JlykdGS.exe
  C:\Windows\System\JlykdGS.exe
  2⤵
  PID:6436
- C:\Windows\System\UhWdBwk.exe
  C:\Windows\System\UhWdBwk.exe
  2⤵
  PID:6476
- C:\Windows\System\exJbASH.exe
  C:\Windows\System\exJbASH.exe
  2⤵
  PID:6500
- C:\Windows\System\YNYKfZc.exe
  C:\Windows\System\YNYKfZc.exe
  2⤵
  PID:6536
- C:\Windows\System\iorXqFM.exe
  C:\Windows\System\iorXqFM.exe
  2⤵
  PID:6572
- C:\Windows\System\jnNasnT.exe
  C:\Windows\System\jnNasnT.exe
  2⤵
  PID:6604
- C:\Windows\System\VARYzux.exe
  C:\Windows\System\VARYzux.exe
  2⤵
  PID:6624
- C:\Windows\System\oxwDkRi.exe
  C:\Windows\System\oxwDkRi.exe
  2⤵
  PID:6652
- C:\Windows\System\EGPRfNd.exe
  C:\Windows\System\EGPRfNd.exe
  2⤵
  PID:6672
- C:\Windows\System\bklorpN.exe
  C:\Windows\System\bklorpN.exe
  2⤵
  PID:6692
- C:\Windows\System\YhlyUmY.exe
  C:\Windows\System\YhlyUmY.exe
  2⤵
  PID:6712
- C:\Windows\System\XgVOYkg.exe
  C:\Windows\System\XgVOYkg.exe
  2⤵
  PID:6732
- C:\Windows\System\HbjDMUh.exe
  C:\Windows\System\HbjDMUh.exe
  2⤵
  PID:6748
- C:\Windows\System\rrATJPT.exe
  C:\Windows\System\rrATJPT.exe
  2⤵
  PID:6768
- C:\Windows\System\qRHlNaw.exe
  C:\Windows\System\qRHlNaw.exe
  2⤵
  PID:6800
- C:\Windows\System\OwUHfKv.exe
  C:\Windows\System\OwUHfKv.exe
  2⤵
  PID:6832
- C:\Windows\System\ikIXETT.exe
  C:\Windows\System\ikIXETT.exe
  2⤵
  PID:6868
- C:\Windows\System\UJvJuXo.exe
  C:\Windows\System\UJvJuXo.exe
  2⤵
  PID:6896
- C:\Windows\System\XHuDUNx.exe
  C:\Windows\System\XHuDUNx.exe
  2⤵
  PID:6928
- C:\Windows\System\iVKWBUY.exe
  C:\Windows\System\iVKWBUY.exe
  2⤵
  PID:6948
- C:\Windows\System\oEufJOE.exe
  C:\Windows\System\oEufJOE.exe
  2⤵
  PID:6980
- C:\Windows\System\MZFoMMR.exe
  C:\Windows\System\MZFoMMR.exe
  2⤵
  PID:7012
- C:\Windows\System\OUWvkPS.exe
  C:\Windows\System\OUWvkPS.exe
  2⤵
  PID:7036
- C:\Windows\System\NIdHzGL.exe
  C:\Windows\System\NIdHzGL.exe
  2⤵
  PID:7072
- C:\Windows\System\kyLjgOb.exe
  C:\Windows\System\kyLjgOb.exe
  2⤵
  PID:7104
- C:\Windows\System\ZfXWTpc.exe
  C:\Windows\System\ZfXWTpc.exe
  2⤵
  PID:7140
- C:\Windows\System\qbvQYuC.exe
  C:\Windows\System\qbvQYuC.exe
  2⤵
  PID:3632
- C:\Windows\System\xUhoHJm.exe
  C:\Windows\System\xUhoHJm.exe
  2⤵
  PID:3368
- C:\Windows\System\IcqdAVn.exe
  C:\Windows\System\IcqdAVn.exe
  2⤵
  PID:6180
- C:\Windows\System\lTQHfVe.exe
  C:\Windows\System\lTQHfVe.exe
  2⤵
  PID:6276
- C:\Windows\System\nfwdxgu.exe
  C:\Windows\System\nfwdxgu.exe
  2⤵
  PID:6312
- C:\Windows\System\wVCmUOg.exe
  C:\Windows\System\wVCmUOg.exe
  2⤵
  PID:6392
- C:\Windows\System\pesBQjL.exe
  C:\Windows\System\pesBQjL.exe
  2⤵
  PID:6544
- C:\Windows\System\XZPeBko.exe
  C:\Windows\System\XZPeBko.exe
  2⤵
  PID:6644
- C:\Windows\System\PSkVsFT.exe
  C:\Windows\System\PSkVsFT.exe
  2⤵
  PID:6620
- C:\Windows\System\shegUFr.exe
  C:\Windows\System\shegUFr.exe
  2⤵
  PID:6684
- C:\Windows\System\ZtyEOoP.exe
  C:\Windows\System\ZtyEOoP.exe
  2⤵
  PID:6796
- C:\Windows\System\XwdbrBd.exe
  C:\Windows\System\XwdbrBd.exe
  2⤵
  PID:6848
- C:\Windows\System\xniYXsb.exe
  C:\Windows\System\xniYXsb.exe
  2⤵
  PID:6956
- C:\Windows\System\DcCdRLB.exe
  C:\Windows\System\DcCdRLB.exe
  2⤵
  PID:7096
- C:\Windows\System\HNqQJKz.exe
  C:\Windows\System\HNqQJKz.exe
  2⤵
  PID:7044
- C:\Windows\System\lRWUAdi.exe
  C:\Windows\System\lRWUAdi.exe
  2⤵
  PID:7148
- C:\Windows\System\aCFhZam.exe
  C:\Windows\System\aCFhZam.exe
  2⤵
  PID:6248
- C:\Windows\System\UsBqswj.exe
  C:\Windows\System\UsBqswj.exe
  2⤵
  PID:6448
- C:\Windows\System\jMSQeWn.exe
  C:\Windows\System\jMSQeWn.exe
  2⤵
  PID:6568
- C:\Windows\System\FijNpdJ.exe
  C:\Windows\System\FijNpdJ.exe
  2⤵
  PID:6664
- C:\Windows\System\XMMmcjh.exe
  C:\Windows\System\XMMmcjh.exe
  2⤵
  PID:6744
- C:\Windows\System\PpgpDfA.exe
  C:\Windows\System\PpgpDfA.exe
  2⤵
  PID:6592
- C:\Windows\System\JjnDtJJ.exe
  C:\Windows\System\JjnDtJJ.exe
  2⤵
  PID:7188
- C:\Windows\System\VPmbjYS.exe
  C:\Windows\System\VPmbjYS.exe
  2⤵
  PID:7220
- C:\Windows\System\ldnKhgN.exe
  C:\Windows\System\ldnKhgN.exe
  2⤵
  PID:7240
- C:\Windows\System\fPbJaqH.exe
  C:\Windows\System\fPbJaqH.exe
  2⤵
  PID:7260
- C:\Windows\System\vNlhAOQ.exe
  C:\Windows\System\vNlhAOQ.exe
  2⤵
  PID:7292
- C:\Windows\System\VmDVbEq.exe
  C:\Windows\System\VmDVbEq.exe
  2⤵
  PID:7332
- C:\Windows\System\cuHEGRW.exe
  C:\Windows\System\cuHEGRW.exe
  2⤵
  PID:7348
- C:\Windows\System\ONLJLpY.exe
  C:\Windows\System\ONLJLpY.exe
  2⤵
  PID:7372
- C:\Windows\System\GtZKrZH.exe
  C:\Windows\System\GtZKrZH.exe
  2⤵
  PID:7404
- C:\Windows\System\obFQcTY.exe
  C:\Windows\System\obFQcTY.exe
  2⤵
  PID:7432
- C:\Windows\System\vBPkoNi.exe
  C:\Windows\System\vBPkoNi.exe
  2⤵
  PID:7452
- C:\Windows\System\BHDTZjM.exe
  C:\Windows\System\BHDTZjM.exe
  2⤵
  PID:7472
- C:\Windows\System\mgzXjkH.exe
  C:\Windows\System\mgzXjkH.exe
  2⤵
  PID:7500
- C:\Windows\System\unfaNtA.exe
  C:\Windows\System\unfaNtA.exe
  2⤵
  PID:7528
- C:\Windows\System\CfuRqXm.exe
  C:\Windows\System\CfuRqXm.exe
  2⤵
  PID:7564
- C:\Windows\System\kIOKWiD.exe
  C:\Windows\System\kIOKWiD.exe
  2⤵
  PID:7596
- C:\Windows\System\bjegahm.exe
  C:\Windows\System\bjegahm.exe
  2⤵
  PID:7628
- C:\Windows\System\YdOcuNQ.exe
  C:\Windows\System\YdOcuNQ.exe
  2⤵
  PID:7648
- C:\Windows\System\yhIBSzU.exe
  C:\Windows\System\yhIBSzU.exe
  2⤵
  PID:7664
- C:\Windows\System\WmxJNNc.exe
  C:\Windows\System\WmxJNNc.exe
  2⤵
  PID:7684
- C:\Windows\System\jcILDIW.exe
  C:\Windows\System\jcILDIW.exe
  2⤵
  PID:7708
- C:\Windows\System\ctYdtTw.exe
  C:\Windows\System\ctYdtTw.exe
  2⤵
  PID:7748
- C:\Windows\System\pYRTjPD.exe
  C:\Windows\System\pYRTjPD.exe
  2⤵
  PID:7768
- C:\Windows\System\pVefNHo.exe
  C:\Windows\System\pVefNHo.exe
  2⤵
  PID:7792
- C:\Windows\System\fUHTxqn.exe
  C:\Windows\System\fUHTxqn.exe
  2⤵
  PID:7816
- C:\Windows\System\IDTTUIG.exe
  C:\Windows\System\IDTTUIG.exe
  2⤵
  PID:7848
- C:\Windows\System\xSPvxeJ.exe
  C:\Windows\System\xSPvxeJ.exe
  2⤵
  PID:7872
- C:\Windows\System\UcaYowx.exe
  C:\Windows\System\UcaYowx.exe
  2⤵
  PID:7900
- C:\Windows\System\yKrneNs.exe
  C:\Windows\System\yKrneNs.exe
  2⤵
  PID:7932
- C:\Windows\System\bREsXGb.exe
  C:\Windows\System\bREsXGb.exe
  2⤵
  PID:7968
- C:\Windows\System\aCAmIWY.exe
  C:\Windows\System\aCAmIWY.exe
  2⤵
  PID:8000
- C:\Windows\System\DmWgxMz.exe
  C:\Windows\System\DmWgxMz.exe
  2⤵
  PID:8088
- C:\Windows\System\QVTnkqX.exe
  C:\Windows\System\QVTnkqX.exe
  2⤵
  PID:8156
- C:\Windows\System\OjLEIzC.exe
  C:\Windows\System\OjLEIzC.exe
  2⤵
  PID:8184
- C:\Windows\System\srDGVir.exe
  C:\Windows\System\srDGVir.exe
  2⤵
  PID:7136
- C:\Windows\System\bhHGZxP.exe
  C:\Windows\System\bhHGZxP.exe
  2⤵
  PID:7060
- C:\Windows\System\QQoTLNu.exe
  C:\Windows\System\QQoTLNu.exe
  2⤵
  PID:7312
- C:\Windows\System\uyyOgDf.exe
  C:\Windows\System\uyyOgDf.exe
  2⤵
  PID:7368
- C:\Windows\System\UTyVtXi.exe
  C:\Windows\System\UTyVtXi.exe
  2⤵
  PID:7204
- C:\Windows\System\RfdIrge.exe
  C:\Windows\System\RfdIrge.exe
  2⤵
  PID:7232
- C:\Windows\System\bZlMIiV.exe
  C:\Windows\System\bZlMIiV.exe
  2⤵
  PID:7384
- C:\Windows\System\GAoITuY.exe
  C:\Windows\System\GAoITuY.exe
  2⤵
  PID:7520
- C:\Windows\System\HgoelCR.exe
  C:\Windows\System\HgoelCR.exe
  2⤵
  PID:7440
- C:\Windows\System\GMcMObP.exe
  C:\Windows\System\GMcMObP.exe
  2⤵
  PID:7524
- C:\Windows\System\gqykqpV.exe
  C:\Windows\System\gqykqpV.exe
  2⤵
  PID:7552
- C:\Windows\System\wceMjOF.exe
  C:\Windows\System\wceMjOF.exe
  2⤵
  PID:7660
- C:\Windows\System\eoRudcy.exe
  C:\Windows\System\eoRudcy.exe
  2⤵
  PID:7828
- C:\Windows\System\nLPAFgJ.exe
  C:\Windows\System\nLPAFgJ.exe
  2⤵
  PID:7908
- C:\Windows\System\xInEFzD.exe
  C:\Windows\System\xInEFzD.exe
  2⤵
  PID:8060
- C:\Windows\System\VYCXlyb.exe
  C:\Windows\System\VYCXlyb.exe
  2⤵
  PID:7920
- C:\Windows\System\yzmuBUg.exe
  C:\Windows\System\yzmuBUg.exe
  2⤵
  PID:7976
- C:\Windows\System\trrDmov.exe
  C:\Windows\System\trrDmov.exe
  2⤵
  PID:7132
- C:\Windows\System\lnzsHCr.exe
  C:\Windows\System\lnzsHCr.exe
  2⤵
  PID:7340
- C:\Windows\System\SKyILuO.exe
  C:\Windows\System\SKyILuO.exe
  2⤵
  PID:8148
- C:\Windows\System\PbgkSZM.exe
  C:\Windows\System\PbgkSZM.exe
  2⤵
  PID:6224
- C:\Windows\System\CRPpSyL.exe
  C:\Windows\System\CRPpSyL.exe
  2⤵
  PID:7584
- C:\Windows\System\PxPzYaT.exe
  C:\Windows\System\PxPzYaT.exe
  2⤵
  PID:7284
- C:\Windows\System\hpsXFOB.exe
  C:\Windows\System\hpsXFOB.exe
  2⤵
  PID:7492
- C:\Windows\System\gBMLEhR.exe
  C:\Windows\System\gBMLEhR.exe
  2⤵
  PID:7700
- C:\Windows\System\OPkvuRr.exe
  C:\Windows\System\OPkvuRr.exe
  2⤵
  PID:7724
- C:\Windows\System\DfwSfjl.exe
  C:\Windows\System\DfwSfjl.exe
  2⤵
  PID:7956
- C:\Windows\System\pPwYIrG.exe
  C:\Windows\System\pPwYIrG.exe
  2⤵
  PID:7084
- C:\Windows\System\DLEqYtm.exe
  C:\Windows\System\DLEqYtm.exe
  2⤵
  PID:8200
- C:\Windows\System\cRLPxMO.exe
  C:\Windows\System\cRLPxMO.exe
  2⤵
  PID:8224
- C:\Windows\System\aYMiFxS.exe
  C:\Windows\System\aYMiFxS.exe
  2⤵
  PID:8252
- C:\Windows\System\dRgIwFr.exe
  C:\Windows\System\dRgIwFr.exe
  2⤵
  PID:8276
- C:\Windows\System\glTHxKD.exe
  C:\Windows\System\glTHxKD.exe
  2⤵
  PID:8312
- C:\Windows\System\mJJpWQP.exe
  C:\Windows\System\mJJpWQP.exe
  2⤵
  PID:8328
- C:\Windows\System\ryLinQT.exe
  C:\Windows\System\ryLinQT.exe
  2⤵
  PID:8360
- C:\Windows\System\dvjjyBc.exe
  C:\Windows\System\dvjjyBc.exe
  2⤵
  PID:8388
- C:\Windows\System\MAZkxRy.exe
  C:\Windows\System\MAZkxRy.exe
  2⤵
  PID:8416
- C:\Windows\System\ViuBGTr.exe
  C:\Windows\System\ViuBGTr.exe
  2⤵
  PID:8440
- C:\Windows\System\VrshhAq.exe
  C:\Windows\System\VrshhAq.exe
  2⤵
  PID:8468
- C:\Windows\System\FaCrIDE.exe
  C:\Windows\System\FaCrIDE.exe
  2⤵
  PID:8512
- C:\Windows\System\ywqPydz.exe
  C:\Windows\System\ywqPydz.exe
  2⤵
  PID:8544
- C:\Windows\System\LDgFKNV.exe
  C:\Windows\System\LDgFKNV.exe
  2⤵
  PID:8576
- C:\Windows\System\DJtcQgf.exe
  C:\Windows\System\DJtcQgf.exe
  2⤵
  PID:8608
- C:\Windows\System\hydQWSh.exe
  C:\Windows\System\hydQWSh.exe
  2⤵
  PID:8636
- C:\Windows\System\NpnmvOG.exe
  C:\Windows\System\NpnmvOG.exe
  2⤵
  PID:8664
- C:\Windows\System\LUwFRgu.exe
  C:\Windows\System\LUwFRgu.exe
  2⤵
  PID:8688
- C:\Windows\System\pFHdXGu.exe
  C:\Windows\System\pFHdXGu.exe
  2⤵
  PID:8708
- C:\Windows\System\ojHvtHJ.exe
  C:\Windows\System\ojHvtHJ.exe
  2⤵
  PID:8724
- C:\Windows\System\wjtZXbp.exe
  C:\Windows\System\wjtZXbp.exe
  2⤵
  PID:8744
- C:\Windows\System\WSmYAuK.exe
  C:\Windows\System\WSmYAuK.exe
  2⤵
  PID:8768
- C:\Windows\System\beBmaQb.exe
  C:\Windows\System\beBmaQb.exe
  2⤵
  PID:8784
- C:\Windows\System\mfQRpdd.exe
  C:\Windows\System\mfQRpdd.exe
  2⤵
  PID:8804
- C:\Windows\System\tnNhFpD.exe
  C:\Windows\System\tnNhFpD.exe
  2⤵
  PID:8820
- C:\Windows\System\CGlGFMO.exe
  C:\Windows\System\CGlGFMO.exe
  2⤵
  PID:8836
- C:\Windows\System\bmtnCGY.exe
  C:\Windows\System\bmtnCGY.exe
  2⤵
  PID:8856
- C:\Windows\System\oFOfKsW.exe
  C:\Windows\System\oFOfKsW.exe
  2⤵
  PID:8884
- C:\Windows\System\bgjOxEv.exe
  C:\Windows\System\bgjOxEv.exe
  2⤵
  PID:8908
- C:\Windows\System\UWHOuyM.exe
  C:\Windows\System\UWHOuyM.exe
  2⤵
  PID:8936
- C:\Windows\System\EvDSBeZ.exe
  C:\Windows\System\EvDSBeZ.exe
  2⤵
  PID:8960
- C:\Windows\System\QgeEQvz.exe
  C:\Windows\System\QgeEQvz.exe
  2⤵
  PID:8976
- C:\Windows\System\OyBKdva.exe
  C:\Windows\System\OyBKdva.exe
  2⤵
  PID:8992
- C:\Windows\System\mseaJAa.exe
  C:\Windows\System\mseaJAa.exe
  2⤵
  PID:9020
- C:\Windows\System\TyHNHLM.exe
  C:\Windows\System\TyHNHLM.exe
  2⤵
  PID:9048
- C:\Windows\System\kUsbjwC.exe
  C:\Windows\System\kUsbjwC.exe
  2⤵
  PID:9068
- C:\Windows\System\aPzykOl.exe
  C:\Windows\System\aPzykOl.exe
  2⤵
  PID:9092
- C:\Windows\System\KNxSRFo.exe
  C:\Windows\System\KNxSRFo.exe
  2⤵
  PID:9116
- C:\Windows\System\TKOwLJi.exe
  C:\Windows\System\TKOwLJi.exe
  2⤵
  PID:9140
- C:\Windows\System\EPVrqRt.exe
  C:\Windows\System\EPVrqRt.exe
  2⤵
  PID:9176
- C:\Windows\System\aIeADYF.exe
  C:\Windows\System\aIeADYF.exe
  2⤵
  PID:9200
- C:\Windows\System\vQfvGop.exe
  C:\Windows\System\vQfvGop.exe
  2⤵
  PID:7396
- C:\Windows\System\eeQEeYC.exe
  C:\Windows\System\eeQEeYC.exe
  2⤵
  PID:7328
- C:\Windows\System\nsBfQkJ.exe
  C:\Windows\System\nsBfQkJ.exe
  2⤵
  PID:8116
- C:\Windows\System\eakCZBI.exe
  C:\Windows\System\eakCZBI.exe
  2⤵
  PID:8300
- C:\Windows\System\NjjYemn.exe
  C:\Windows\System\NjjYemn.exe
  2⤵
  PID:8340
- C:\Windows\System\wGKfJWI.exe
  C:\Windows\System\wGKfJWI.exe
  2⤵
  PID:8412
- C:\Windows\System\sVFbyCh.exe
  C:\Windows\System\sVFbyCh.exe
  2⤵
  PID:8500
- C:\Windows\System\oLzzPdH.exe
  C:\Windows\System\oLzzPdH.exe
  2⤵
  PID:8616
- C:\Windows\System\miyYZxL.exe
  C:\Windows\System\miyYZxL.exe
  2⤵
  PID:8648
- C:\Windows\System\rOMMsmT.exe
  C:\Windows\System\rOMMsmT.exe
  2⤵
  PID:8696
- C:\Windows\System\GqpYisj.exe
  C:\Windows\System\GqpYisj.exe
  2⤵
  PID:8828
- C:\Windows\System\mROkepx.exe
  C:\Windows\System\mROkepx.exe
  2⤵
  PID:8948
- C:\Windows\System\xYAZiXK.exe
  C:\Windows\System\xYAZiXK.exe
  2⤵
  PID:8848
- C:\Windows\System\VWUzuME.exe
  C:\Windows\System\VWUzuME.exe
  2⤵
  PID:9032
- C:\Windows\System\XRGDOxG.exe
  C:\Windows\System\XRGDOxG.exe
  2⤵
  PID:9164
- C:\Windows\System\pRStXvr.exe
  C:\Windows\System\pRStXvr.exe
  2⤵
  PID:9044
- C:\Windows\System\OWJWSkF.exe
  C:\Windows\System\OWJWSkF.exe
  2⤵
  PID:9080
- C:\Windows\System\waqTTNK.exe
  C:\Windows\System\waqTTNK.exe
  2⤵
  PID:9012
- C:\Windows\System\YsjCLcO.exe
  C:\Windows\System\YsjCLcO.exe
  2⤵
  PID:7252
- C:\Windows\System\OlROxbp.exe
  C:\Windows\System\OlROxbp.exe
  2⤵
  PID:8680
- C:\Windows\System\gYjTyfd.exe
  C:\Windows\System\gYjTyfd.exe
  2⤵
  PID:8464
- C:\Windows\System\zoKrAFo.exe
  C:\Windows\System\zoKrAFo.exe
  2⤵
  PID:8216
- C:\Windows\System\vlTwzMA.exe
  C:\Windows\System\vlTwzMA.exe
  2⤵
  PID:9228
- C:\Windows\System\KUhqdwZ.exe
  C:\Windows\System\KUhqdwZ.exe
  2⤵
  PID:9260
- C:\Windows\System\fKzanXv.exe
  C:\Windows\System\fKzanXv.exe
  2⤵
  PID:9276
- C:\Windows\System\nSHfnMb.exe
  C:\Windows\System\nSHfnMb.exe
  2⤵
  PID:9300
- C:\Windows\System\YRHptKW.exe
  C:\Windows\System\YRHptKW.exe
  2⤵
  PID:9328
- C:\Windows\System\ZaaSMrt.exe
  C:\Windows\System\ZaaSMrt.exe
  2⤵
  PID:9352
- C:\Windows\System\hxPdiQZ.exe
  C:\Windows\System\hxPdiQZ.exe
  2⤵
  PID:9384
- C:\Windows\System\hhBqvyE.exe
  C:\Windows\System\hhBqvyE.exe
  2⤵
  PID:9412
- C:\Windows\System\nhleMQu.exe
  C:\Windows\System\nhleMQu.exe
  2⤵
  PID:9440
- C:\Windows\System\TRMwmKH.exe
  C:\Windows\System\TRMwmKH.exe
  2⤵
  PID:9464
- C:\Windows\System\iarzhpO.exe
  C:\Windows\System\iarzhpO.exe
  2⤵
  PID:9492
- C:\Windows\System\lVtRFmm.exe
  C:\Windows\System\lVtRFmm.exe
  2⤵
  PID:9524
- C:\Windows\System\FeToCXn.exe
  C:\Windows\System\FeToCXn.exe
  2⤵
  PID:9552
- C:\Windows\System\pMOgknV.exe
  C:\Windows\System\pMOgknV.exe
  2⤵
  PID:9580
- C:\Windows\System\otCXQoP.exe
  C:\Windows\System\otCXQoP.exe
  2⤵
  PID:9612
- C:\Windows\System\IhStaZq.exe
  C:\Windows\System\IhStaZq.exe
  2⤵
  PID:9644
- C:\Windows\System\GZWUrRD.exe
  C:\Windows\System\GZWUrRD.exe
  2⤵
  PID:9668
- C:\Windows\System\vWxKCZx.exe
  C:\Windows\System\vWxKCZx.exe
  2⤵
  PID:9704
- C:\Windows\System\rtwJOoy.exe
  C:\Windows\System\rtwJOoy.exe
  2⤵
  PID:9720
- C:\Windows\System\RAPciTy.exe
  C:\Windows\System\RAPciTy.exe
  2⤵
  PID:9748
- C:\Windows\System\jsAahKt.exe
  C:\Windows\System\jsAahKt.exe
  2⤵
  PID:9780
- C:\Windows\System\bNsTTdm.exe
  C:\Windows\System\bNsTTdm.exe
  2⤵
  PID:9816
- C:\Windows\System\WQzCIzt.exe
  C:\Windows\System\WQzCIzt.exe
  2⤵
  PID:9844
- C:\Windows\System\abqhVhm.exe
  C:\Windows\System\abqhVhm.exe
  2⤵
  PID:9872
- C:\Windows\System\aWDmUqK.exe
  C:\Windows\System\aWDmUqK.exe
  2⤵
  PID:9900
- C:\Windows\System\oYmfofN.exe
  C:\Windows\System\oYmfofN.exe
  2⤵
  PID:9928
- C:\Windows\System\VIHeBXw.exe
  C:\Windows\System\VIHeBXw.exe
  2⤵
  PID:9956
- C:\Windows\System\YkWgqMu.exe
  C:\Windows\System\YkWgqMu.exe
  2⤵
  PID:9984
- C:\Windows\System\rKAdhAN.exe
  C:\Windows\System\rKAdhAN.exe
  2⤵
  PID:10020
- C:\Windows\System\putrgNM.exe
  C:\Windows\System\putrgNM.exe
  2⤵
  PID:10040
- C:\Windows\System\HDUIkcy.exe
  C:\Windows\System\HDUIkcy.exe
  2⤵
  PID:10064
- C:\Windows\System\AozBpss.exe
  C:\Windows\System\AozBpss.exe
  2⤵
  PID:10096
- C:\Windows\System\iACRdbC.exe
  C:\Windows\System\iACRdbC.exe
  2⤵
  PID:10124
- C:\Windows\System\xxuhqpK.exe
  C:\Windows\System\xxuhqpK.exe
  2⤵
  PID:10152
- C:\Windows\System\dzoOdXh.exe
  C:\Windows\System\dzoOdXh.exe
  2⤵
  PID:10172
- C:\Windows\System\PoRQtPJ.exe
  C:\Windows\System\PoRQtPJ.exe
  2⤵
  PID:10196
- C:\Windows\System\ZHpqXeQ.exe
  C:\Windows\System\ZHpqXeQ.exe
  2⤵
  PID:10228
- C:\Windows\System\REcsDkw.exe
  C:\Windows\System\REcsDkw.exe
  2⤵
  PID:8892
- C:\Windows\System\VGHBaHT.exe
  C:\Windows\System\VGHBaHT.exe
  2⤵
  PID:8988
- C:\Windows\System\RXIovCl.exe
  C:\Windows\System\RXIovCl.exe
  2⤵
  PID:8952
- C:\Windows\System\whzlAtn.exe
  C:\Windows\System\whzlAtn.exe
  2⤵
  PID:9160
- C:\Windows\System\zwKlGpx.exe
  C:\Windows\System\zwKlGpx.exe
  2⤵
  PID:9084
- C:\Windows\System\qBTQILp.exe
  C:\Windows\System\qBTQILp.exe
  2⤵
  PID:8932
- C:\Windows\System\TyOpMlY.exe
  C:\Windows\System\TyOpMlY.exe
  2⤵
  PID:9268
- C:\Windows\System\nODwCjN.exe
  C:\Windows\System\nODwCjN.exe
  2⤵
  PID:9336
- C:\Windows\System\OoNoMnw.exe
  C:\Windows\System\OoNoMnw.exe
  2⤵
  PID:9424
- C:\Windows\System\YYXYCpF.exe
  C:\Windows\System\YYXYCpF.exe
  2⤵
  PID:9636
- C:\Windows\System\uxSaSTN.exe
  C:\Windows\System\uxSaSTN.exe
  2⤵
  PID:9688
- C:\Windows\System\WnnrFtt.exe
  C:\Windows\System\WnnrFtt.exe
  2⤵
  PID:9368
- C:\Windows\System\SldcSXP.exe
  C:\Windows\System\SldcSXP.exe
  2⤵
  PID:9564
- C:\Windows\System\rtDtpAY.exe
  C:\Windows\System\rtDtpAY.exe
  2⤵
  PID:9680
- C:\Windows\System\pqyKTEH.exe
  C:\Windows\System\pqyKTEH.exe
  2⤵
  PID:9760
- C:\Windows\System\fWMwobW.exe
  C:\Windows\System\fWMwobW.exe
  2⤵
  PID:9824
- C:\Windows\System\zzsxVlr.exe
  C:\Windows\System\zzsxVlr.exe
  2⤵
  PID:9896
- C:\Windows\System\FXFAGKH.exe
  C:\Windows\System\FXFAGKH.exe
  2⤵
  PID:9732
- C:\Windows\System\gpOKaDU.exe
  C:\Windows\System\gpOKaDU.exe
  2⤵
  PID:10148
- C:\Windows\System\BAAnhjv.exe
  C:\Windows\System\BAAnhjv.exe
  2⤵
  PID:10036
- C:\Windows\System\ROgcgtc.exe
  C:\Windows\System\ROgcgtc.exe
  2⤵
  PID:9240
- C:\Windows\System\rNGRdYH.exe
  C:\Windows\System\rNGRdYH.exe
  2⤵
  PID:9940
- C:\Windows\System\NXcGkXO.exe
  C:\Windows\System\NXcGkXO.exe
  2⤵
  PID:10188
- C:\Windows\System\nmNVffa.exe
  C:\Windows\System\nmNVffa.exe
  2⤵
  PID:9340
- C:\Windows\System\hCYHeLc.exe
  C:\Windows\System\hCYHeLc.exe
  2⤵
  PID:8868
- C:\Windows\System\oMOivti.exe
  C:\Windows\System\oMOivti.exe
  2⤵
  PID:9576
- C:\Windows\System\xvkLrHW.exe
  C:\Windows\System\xvkLrHW.exe
  2⤵
  PID:9660
- C:\Windows\System\BTMyZzO.exe
  C:\Windows\System\BTMyZzO.exe
  2⤵
  PID:10252
- C:\Windows\System\FASZUQC.exe
  C:\Windows\System\FASZUQC.exe
  2⤵
  PID:10288
- C:\Windows\System\nYGzRFt.exe
  C:\Windows\System\nYGzRFt.exe
  2⤵
  PID:10312
- C:\Windows\System\CIhNRFI.exe
  C:\Windows\System\CIhNRFI.exe
  2⤵
  PID:10328
- C:\Windows\System\ewCRLwo.exe
  C:\Windows\System\ewCRLwo.exe
  2⤵
  PID:10356
- C:\Windows\System\HzirOGM.exe
  C:\Windows\System\HzirOGM.exe
  2⤵
  PID:10388
- C:\Windows\System\EMBgAne.exe
  C:\Windows\System\EMBgAne.exe
  2⤵
  PID:10420
- C:\Windows\System\iHLSwJQ.exe
  C:\Windows\System\iHLSwJQ.exe
  2⤵
  PID:10444
- C:\Windows\System\xYlfaGU.exe
  C:\Windows\System\xYlfaGU.exe
  2⤵
  PID:10472
- C:\Windows\System\xomkswL.exe
  C:\Windows\System\xomkswL.exe
  2⤵
  PID:10504
- C:\Windows\System\nMTWDxF.exe
  C:\Windows\System\nMTWDxF.exe
  2⤵
  PID:10528
- C:\Windows\System\apYHgGa.exe
  C:\Windows\System\apYHgGa.exe
  2⤵
  PID:10556
- C:\Windows\System\tSEihYs.exe
  C:\Windows\System\tSEihYs.exe
  2⤵
  PID:10580
- C:\Windows\System\ydJfIAe.exe
  C:\Windows\System\ydJfIAe.exe
  2⤵
  PID:10612
- C:\Windows\System\oFXsowU.exe
  C:\Windows\System\oFXsowU.exe
  2⤵
  PID:10636
- C:\Windows\System\dLUypCq.exe
  C:\Windows\System\dLUypCq.exe
  2⤵
  PID:10660
- C:\Windows\System\MedFzTd.exe
  C:\Windows\System\MedFzTd.exe
  2⤵
  PID:10684
- C:\Windows\System\MhnLlRt.exe
  C:\Windows\System\MhnLlRt.exe
  2⤵
  PID:10708
- C:\Windows\System\RHHAfbp.exe
  C:\Windows\System\RHHAfbp.exe
  2⤵
  PID:10732
- C:\Windows\System\WsRFxly.exe
  C:\Windows\System\WsRFxly.exe
  2⤵
  PID:10760
- C:\Windows\System\RYdoxlv.exe
  C:\Windows\System\RYdoxlv.exe
  2⤵
  PID:10780
- C:\Windows\System\LbpCCiL.exe
  C:\Windows\System\LbpCCiL.exe
  2⤵
  PID:10800
- C:\Windows\System\dtANBVn.exe
  C:\Windows\System\dtANBVn.exe
  2⤵
  PID:11080
- C:\Windows\System\pLDIRuf.exe
  C:\Windows\System\pLDIRuf.exe
  2⤵
  PID:11096
- C:\Windows\System\KaQlydH.exe
  C:\Windows\System\KaQlydH.exe
  2⤵
  PID:11140
- C:\Windows\System\LYakQKN.exe
  C:\Windows\System\LYakQKN.exe
  2⤵
  PID:11160
- C:\Windows\System\kbjbvde.exe
  C:\Windows\System\kbjbvde.exe
  2⤵
  PID:11200
- C:\Windows\System\rEgDhRc.exe
  C:\Windows\System\rEgDhRc.exe
  2⤵
  PID:11224
- C:\Windows\System\FlCEdJZ.exe
  C:\Windows\System\FlCEdJZ.exe
  2⤵
  PID:11256
- C:\Windows\System\FNJtTVW.exe
  C:\Windows\System\FNJtTVW.exe
  2⤵
  PID:10028
- C:\Windows\System\daxBszt.exe
  C:\Windows\System\daxBszt.exe
  2⤵
  PID:9380
- C:\Windows\System\syTHSal.exe
  C:\Windows\System\syTHSal.exe
  2⤵
  PID:9208
- C:\Windows\System\RpUPhWi.exe
  C:\Windows\System\RpUPhWi.exe
  2⤵
  PID:9884
- C:\Windows\System\imrFNXc.exe
  C:\Windows\System\imrFNXc.exe
  2⤵
  PID:8880
- C:\Windows\System\mncEPAF.exe
  C:\Windows\System\mncEPAF.exe
  2⤵
  PID:9916
- C:\Windows\System\MPmBLpe.exe
  C:\Windows\System\MPmBLpe.exe
  2⤵
  PID:9976
- C:\Windows\System\kRiQEYN.exe
  C:\Windows\System\kRiQEYN.exe
  2⤵
  PID:10484
- C:\Windows\System\xKYMhBG.exe
  C:\Windows\System\xKYMhBG.exe
  2⤵
  PID:10516
- C:\Windows\System\KntsJpR.exe
  C:\Windows\System\KntsJpR.exe
  2⤵
  PID:10348
- C:\Windows\System\yuSjZjh.exe
  C:\Windows\System\yuSjZjh.exe
  2⤵
  PID:10396
- C:\Windows\System\hgqIBBZ.exe
  C:\Windows\System\hgqIBBZ.exe
  2⤵
  PID:10704
- C:\Windows\System\rjvbiXs.exe
  C:\Windows\System\rjvbiXs.exe
  2⤵
  PID:10608
- C:\Windows\System\uPqedwk.exe
  C:\Windows\System\uPqedwk.exe
  2⤵
  PID:10796
- C:\Windows\System\gcuHFAK.exe
  C:\Windows\System\gcuHFAK.exe
  2⤵
  PID:10752
- C:\Windows\System\OaEuaKD.exe
  C:\Windows\System\OaEuaKD.exe
  2⤵
  PID:10676
- C:\Windows\System\onRUyXP.exe
  C:\Windows\System\onRUyXP.exe
  2⤵
  PID:11008
- C:\Windows\System\CUarENh.exe
  C:\Windows\System\CUarENh.exe
  2⤵
  PID:11132
- C:\Windows\System\wreEXcp.exe
  C:\Windows\System\wreEXcp.exe
  2⤵
  PID:11040
- C:\Windows\System\cZnVaKU.exe
  C:\Windows\System\cZnVaKU.exe
  2⤵
  PID:11120
- C:\Windows\System\eeHcWRg.exe
  C:\Windows\System\eeHcWRg.exe
  2⤵
  PID:11236
- C:\Windows\System\phjwTqO.exe
  C:\Windows\System\phjwTqO.exe
  2⤵
  PID:9516
- C:\Windows\System\VGPZmon.exe
  C:\Windows\System\VGPZmon.exe
  2⤵
  PID:11240
- C:\Windows\System\GJbgMHj.exe
  C:\Windows\System\GJbgMHj.exe
  2⤵
  PID:10112
- C:\Windows\System\eJwDQLw.exe
  C:\Windows\System\eJwDQLw.exe
  2⤵
  PID:10320
- C:\Windows\System\vBClsqy.exe
  C:\Windows\System\vBClsqy.exe
  2⤵
  PID:10792
- C:\Windows\System\xGPcbia.exe
  C:\Windows\System\xGPcbia.exe
  2⤵
  PID:10772
- C:\Windows\System\NYThmAB.exe
  C:\Windows\System\NYThmAB.exe
  2⤵
  PID:11072
- C:\Windows\System\ppnECsv.exe
  C:\Windows\System\ppnECsv.exe
  2⤵
  PID:11028
- C:\Windows\System\hLBBvXB.exe
  C:\Windows\System\hLBBvXB.exe
  2⤵
  PID:11052
- C:\Windows\System\cYXhFbC.exe
  C:\Windows\System\cYXhFbC.exe
  2⤵
  PID:11268
- C:\Windows\System\pSHTAmX.exe
  C:\Windows\System\pSHTAmX.exe
  2⤵
  PID:11296
- C:\Windows\System\CThqyWo.exe
  C:\Windows\System\CThqyWo.exe
  2⤵
  PID:11312
- C:\Windows\System\UHeZygA.exe
  C:\Windows\System\UHeZygA.exe
  2⤵
  PID:11340
- C:\Windows\System\eBmcPOe.exe
  C:\Windows\System\eBmcPOe.exe
  2⤵
  PID:11376
- C:\Windows\System\hmzFbZY.exe
  C:\Windows\System\hmzFbZY.exe
  2⤵
  PID:11404
- C:\Windows\System\OqcwrBx.exe
  C:\Windows\System\OqcwrBx.exe
  2⤵
  PID:11428
- C:\Windows\System\oWHpNiG.exe
  C:\Windows\System\oWHpNiG.exe
  2⤵
  PID:11456
- C:\Windows\System\STUdOsx.exe
  C:\Windows\System\STUdOsx.exe
  2⤵
  PID:11484
- C:\Windows\System\YFJJHTX.exe
  C:\Windows\System\YFJJHTX.exe
  2⤵
  PID:11500
- C:\Windows\System\GNthMQS.exe
  C:\Windows\System\GNthMQS.exe
  2⤵
  PID:11532
- C:\Windows\System\diMjPcA.exe
  C:\Windows\System\diMjPcA.exe
  2⤵
  PID:11552
- C:\Windows\System\PABNale.exe
  C:\Windows\System\PABNale.exe
  2⤵
  PID:11572
- C:\Windows\System\QDYteey.exe
  C:\Windows\System\QDYteey.exe
  2⤵
  PID:11592
- C:\Windows\System\HyYDWCd.exe
  C:\Windows\System\HyYDWCd.exe
  2⤵
  PID:11612
- C:\Windows\System\ViIHgwR.exe
  C:\Windows\System\ViIHgwR.exe
  2⤵
  PID:11648
- C:\Windows\System\kYpOXdG.exe
  C:\Windows\System\kYpOXdG.exe
  2⤵
  PID:11672
- C:\Windows\System\nIyTBev.exe
  C:\Windows\System\nIyTBev.exe
  2⤵
  PID:11692
- C:\Windows\System\Yydbgos.exe
  C:\Windows\System\Yydbgos.exe
  2⤵
  PID:11712
- C:\Windows\System\MhEdUcz.exe
  C:\Windows\System\MhEdUcz.exe
  2⤵
  PID:11736
- C:\Windows\System\gsbyVMB.exe
  C:\Windows\System\gsbyVMB.exe
  2⤵
  PID:11756
- C:\Windows\System\DzVUWrD.exe
  C:\Windows\System\DzVUWrD.exe
  2⤵
  PID:11780
- C:\Windows\System\EfizOCQ.exe
  C:\Windows\System\EfizOCQ.exe
  2⤵
  PID:11812
- C:\Windows\System\vhPPfQR.exe
  C:\Windows\System\vhPPfQR.exe
  2⤵
  PID:11840
- C:\Windows\System\sIZvqTq.exe
  C:\Windows\System\sIZvqTq.exe
  2⤵
  PID:11856
- C:\Windows\System\yWaqDVb.exe
  C:\Windows\System\yWaqDVb.exe
  2⤵
  PID:11872
- C:\Windows\System\oqEnMSR.exe
  C:\Windows\System\oqEnMSR.exe
  2⤵
  PID:11900
- C:\Windows\System\bElurrj.exe
  C:\Windows\System\bElurrj.exe
  2⤵
  PID:11916
- C:\Windows\System\exRujsy.exe
  C:\Windows\System\exRujsy.exe
  2⤵
  PID:11936
- C:\Windows\System\gmXyrEI.exe
  C:\Windows\System\gmXyrEI.exe
  2⤵
  PID:11960
- C:\Windows\System\QrmuFdD.exe
  C:\Windows\System\QrmuFdD.exe
  2⤵
  PID:11988
- C:\Windows\System\NGJbZFh.exe
  C:\Windows\System\NGJbZFh.exe
  2⤵
  PID:12008
- C:\Windows\System\iURwwZa.exe
  C:\Windows\System\iURwwZa.exe
  2⤵
  PID:12032
- C:\Windows\System\eOtCDvf.exe
  C:\Windows\System\eOtCDvf.exe
  2⤵
  PID:12060
- C:\Windows\System\WcPoMrf.exe
  C:\Windows\System\WcPoMrf.exe
  2⤵
  PID:12080
- C:\Windows\System\OEjKJOT.exe
  C:\Windows\System\OEjKJOT.exe
  2⤵
  PID:12104
- C:\Windows\System\vInddtQ.exe
  C:\Windows\System\vInddtQ.exe
  2⤵
  PID:12132
- C:\Windows\System\hmBUzTq.exe
  C:\Windows\System\hmBUzTq.exe
  2⤵
  PID:12164
- C:\Windows\System\jaMkpaU.exe
  C:\Windows\System\jaMkpaU.exe
  2⤵
  PID:12184
- C:\Windows\System\HAWvpoh.exe
  C:\Windows\System\HAWvpoh.exe
  2⤵
  PID:12216
- C:\Windows\System\XmoYvOs.exe
  C:\Windows\System\XmoYvOs.exe
  2⤵
  PID:12232
- C:\Windows\System\vOgNeLL.exe
  C:\Windows\System\vOgNeLL.exe
  2⤵
  PID:12260
- C:\Windows\System\rMaVmQI.exe
  C:\Windows\System\rMaVmQI.exe
  2⤵
  PID:8324
- C:\Windows\System\DugnIAA.exe
  C:\Windows\System\DugnIAA.exe
  2⤵
  PID:10236
- C:\Windows\System\WoUKQZc.exe
  C:\Windows\System\WoUKQZc.exe
  2⤵
  PID:11280
- C:\Windows\System\PHHFlaD.exe
  C:\Windows\System\PHHFlaD.exe
  2⤵
  PID:11088
- C:\Windows\System\GBPwMip.exe
  C:\Windows\System\GBPwMip.exe
  2⤵
  PID:11304
- C:\Windows\System\DtKpesT.exe
  C:\Windows\System\DtKpesT.exe
  2⤵
  PID:10656
- C:\Windows\System\XKIPNLA.exe
  C:\Windows\System\XKIPNLA.exe
  2⤵
  PID:11364
- C:\Windows\System\UiZXKKj.exe
  C:\Windows\System\UiZXKKj.exe
  2⤵
  PID:11400
- C:\Windows\System\uzrtzqT.exe
  C:\Windows\System\uzrtzqT.exe
  2⤵
  PID:11608
- C:\Windows\System\rDKmXNX.exe
  C:\Windows\System\rDKmXNX.exe
  2⤵
  PID:11492
- C:\Windows\System\hDCGSmf.exe
  C:\Windows\System\hDCGSmf.exe
  2⤵
  PID:11544
- C:\Windows\System\XBhlbqE.exe
  C:\Windows\System\XBhlbqE.exe
  2⤵
  PID:11764
- C:\Windows\System\CSGXfwc.exe
  C:\Windows\System\CSGXfwc.exe
  2⤵
  PID:11632
- C:\Windows\System\IqdFxHf.exe
  C:\Windows\System\IqdFxHf.exe
  2⤵
  PID:11868
- C:\Windows\System\pmrqHaP.exe
  C:\Windows\System\pmrqHaP.exe
  2⤵
  PID:11752
- C:\Windows\System\VeDYwfO.exe
  C:\Windows\System\VeDYwfO.exe
  2⤵
  PID:11636
- C:\Windows\System\uZumCYe.exe
  C:\Windows\System\uZumCYe.exe
  2⤵
  PID:11864
- C:\Windows\System\BOgfDbL.exe
  C:\Windows\System\BOgfDbL.exe
  2⤵
  PID:12200
- C:\Windows\System\mWoedOb.exe
  C:\Windows\System\mWoedOb.exe
  2⤵
  PID:12228
- C:\Windows\System\xIFJnQe.exe
  C:\Windows\System\xIFJnQe.exe
  2⤵
  PID:12028
- C:\Windows\System\wvtrSUs.exe
  C:\Windows\System\wvtrSUs.exe
  2⤵
  PID:10224
- C:\Windows\System\cXCvNlk.exe
  C:\Windows\System\cXCvNlk.exe
  2⤵
  PID:12128
- C:\Windows\System\QrpPJuu.exe
  C:\Windows\System\QrpPJuu.exe
  2⤵
  PID:12168
- C:\Windows\System\qBWNyiu.exe
  C:\Windows\System\qBWNyiu.exe
  2⤵
  PID:11952
- C:\Windows\System\fMwjVkw.exe
  C:\Windows\System\fMwjVkw.exe
  2⤵
  PID:11924
- C:\Windows\System\nAZQlsJ.exe
  C:\Windows\System\nAZQlsJ.exe
  2⤵
  PID:12304
- C:\Windows\System\vygDshh.exe
  C:\Windows\System\vygDshh.exe
  2⤵
  PID:12320
- C:\Windows\System\tldyHlu.exe
  C:\Windows\System\tldyHlu.exe
  2⤵
  PID:12340
- C:\Windows\System\aUZrHmS.exe
  C:\Windows\System\aUZrHmS.exe
  2⤵
  PID:12368
- C:\Windows\System\fJHBQhc.exe
  C:\Windows\System\fJHBQhc.exe
  2⤵
  PID:12388
- C:\Windows\System\bHSeqPG.exe
  C:\Windows\System\bHSeqPG.exe
  2⤵
  PID:12420
- C:\Windows\System\EpBtcyZ.exe
  C:\Windows\System\EpBtcyZ.exe
  2⤵
  PID:12456
- C:\Windows\System\qzaVUxR.exe
  C:\Windows\System\qzaVUxR.exe
  2⤵
  PID:12472
- C:\Windows\System\ZrqlDhx.exe
  C:\Windows\System\ZrqlDhx.exe
  2⤵
  PID:12496
- C:\Windows\System\PfIguBJ.exe
  C:\Windows\System\PfIguBJ.exe
  2⤵
  PID:12528
- C:\Windows\System\lmYxBpA.exe
  C:\Windows\System\lmYxBpA.exe
  2⤵
  PID:12544
- C:\Windows\System\YfbCWhU.exe
  C:\Windows\System\YfbCWhU.exe
  2⤵
  PID:12564
- C:\Windows\System\tsIJMtg.exe
  C:\Windows\System\tsIJMtg.exe
  2⤵
  PID:12596
- C:\Windows\System\khcPtCO.exe
  C:\Windows\System\khcPtCO.exe
  2⤵
  PID:12616
- C:\Windows\System\VYzQaAk.exe
  C:\Windows\System\VYzQaAk.exe
  2⤵
  PID:12644
- C:\Windows\System\jcoNzGW.exe
  C:\Windows\System\jcoNzGW.exe
  2⤵
  PID:12664
- C:\Windows\System\SzuumZQ.exe
  C:\Windows\System\SzuumZQ.exe
  2⤵
  PID:12692
- C:\Windows\System\SPxOare.exe
  C:\Windows\System\SPxOare.exe
  2⤵
  PID:12728
- C:\Windows\System\TkMVcCl.exe
  C:\Windows\System\TkMVcCl.exe
  2⤵
  PID:12756
- C:\Windows\System\bcoKDfJ.exe
  C:\Windows\System\bcoKDfJ.exe
  2⤵
  PID:12776
- C:\Windows\System\PQmRTUR.exe
  C:\Windows\System\PQmRTUR.exe
  2⤵
  PID:12796
- C:\Windows\System\IMrTbjG.exe
  C:\Windows\System\IMrTbjG.exe
  2⤵
  PID:12820
- C:\Windows\System\OukbetF.exe
  C:\Windows\System\OukbetF.exe
  2⤵
  PID:12844
- C:\Windows\System\TuGxWwe.exe
  C:\Windows\System\TuGxWwe.exe
  2⤵
  PID:12864
- C:\Windows\System\UuTQLWl.exe
  C:\Windows\System\UuTQLWl.exe
  2⤵
  PID:12888
- C:\Windows\System\iWSouqQ.exe
  C:\Windows\System\iWSouqQ.exe
  2⤵
  PID:12908
- C:\Windows\System\rjokPky.exe
  C:\Windows\System\rjokPky.exe
  2⤵
  PID:12932
- C:\Windows\System\IInSHFj.exe
  C:\Windows\System\IInSHFj.exe
  2⤵
  PID:12956
- C:\Windows\System\HSVwWUr.exe
  C:\Windows\System\HSVwWUr.exe
  2⤵
  PID:12972
- C:\Windows\System\PwIOxbo.exe
  C:\Windows\System\PwIOxbo.exe
  2⤵
  PID:13000
- C:\Windows\System\fnPkxJc.exe
  C:\Windows\System\fnPkxJc.exe
  2⤵
  PID:13040
- C:\Windows\System\wQcyRol.exe
  C:\Windows\System\wQcyRol.exe
  2⤵
  PID:13068
- C:\Windows\System\qlRXCuy.exe
  C:\Windows\System\qlRXCuy.exe
  2⤵
  PID:13088
- C:\Windows\System\BUrDoFt.exe
  C:\Windows\System\BUrDoFt.exe
  2⤵
  PID:13120
- C:\Windows\System\mvbtFPG.exe
  C:\Windows\System\mvbtFPG.exe
  2⤵
  PID:13148
- C:\Windows\System\PEtSWNX.exe
  C:\Windows\System\PEtSWNX.exe
  2⤵
  PID:13164
- C:\Windows\System\utuEaWU.exe
  C:\Windows\System\utuEaWU.exe
  2⤵
  PID:13180
- C:\Windows\System\GyBcLCt.exe
  C:\Windows\System\GyBcLCt.exe
  2⤵
  PID:13196
- C:\Windows\System\BOhbVXg.exe
  C:\Windows\System\BOhbVXg.exe
  2⤵
  PID:13224
- C:\Windows\System\drSHaOH.exe
  C:\Windows\System\drSHaOH.exe
  2⤵
  PID:13248
- C:\Windows\System\rkyVdjy.exe
  C:\Windows\System\rkyVdjy.exe
  2⤵
  PID:13264
- C:\Windows\System\VhPhAIp.exe
  C:\Windows\System\VhPhAIp.exe
  2⤵
  PID:13292
- C:\Windows\System\qnjMoHV.exe
  C:\Windows\System\qnjMoHV.exe
  2⤵
  PID:11032
- C:\Windows\System\ckQhWBw.exe
  C:\Windows\System\ckQhWBw.exe
  2⤵
  PID:12068
- C:\Windows\System\pIdndbD.exe
  C:\Windows\System\pIdndbD.exe
  2⤵
  PID:11796
- C:\Windows\System\LRJlhvu.exe
  C:\Windows\System\LRJlhvu.exe
  2⤵
  PID:11328
- C:\Windows\System\FATTwHR.exe
  C:\Windows\System\FATTwHR.exe
  2⤵
  PID:11828
- C:\Windows\System\tjHgPAz.exe
  C:\Windows\System\tjHgPAz.exe
  2⤵
  PID:12380
- C:\Windows\System\vEhRHKX.exe
  C:\Windows\System\vEhRHKX.exe
  2⤵
  PID:12428
- C:\Windows\System\QBiQyda.exe
  C:\Windows\System\QBiQyda.exe
  2⤵
  PID:12516
- C:\Windows\System\gIJemoN.exe
  C:\Windows\System\gIJemoN.exe
  2⤵
  PID:11476
- C:\Windows\System\JwUvWIy.exe
  C:\Windows\System\JwUvWIy.exe
  2⤵
  PID:11972
- C:\Windows\System\ozsDZiN.exe
  C:\Windows\System\ozsDZiN.exe
  2⤵
  PID:12312
- C:\Windows\System\Pvodfwg.exe
  C:\Windows\System\Pvodfwg.exe
  2⤵
  PID:11680
- C:\Windows\System\veSrmsr.exe
  C:\Windows\System\veSrmsr.exe
  2⤵
  PID:12772
- C:\Windows\System\PtLLLgz.exe
  C:\Windows\System\PtLLLgz.exe
  2⤵
  PID:12048
- C:\Windows\System\yxRYDhe.exe
  C:\Windows\System\yxRYDhe.exe
  2⤵
  PID:12920
- C:\Windows\System\CcCEwfF.exe
  C:\Windows\System\CcCEwfF.exe
  2⤵
  PID:11884
- C:\Windows\System\GVyarqz.exe
  C:\Windows\System\GVyarqz.exe
  2⤵
  PID:13080
- C:\Windows\System\OsYJLMg.exe
  C:\Windows\System\OsYJLMg.exe
  2⤵
  PID:13156
- C:\Windows\System\VLmTlNm.exe
  C:\Windows\System\VLmTlNm.exe
  2⤵
  PID:13320
- C:\Windows\System\uBtSYHu.exe
  C:\Windows\System\uBtSYHu.exe
  2⤵
  PID:13336
- C:\Windows\System\GPRiRfI.exe
  C:\Windows\System\GPRiRfI.exe
  2⤵
  PID:13356
- C:\Windows\System\KrCZfQU.exe
  C:\Windows\System\KrCZfQU.exe
  2⤵
  PID:13380
- C:\Windows\System\MEdiJAr.exe
  C:\Windows\System\MEdiJAr.exe
  2⤵
  PID:13404
- C:\Windows\System\PNXDiVF.exe
  C:\Windows\System\PNXDiVF.exe
  2⤵
  PID:13436
- C:\Windows\System\LtoBuAg.exe
  C:\Windows\System\LtoBuAg.exe
  2⤵
  PID:13468
- C:\Windows\System\STKlFDi.exe
  C:\Windows\System\STKlFDi.exe
  2⤵
  PID:13488
- C:\Windows\System\eMcfnTu.exe
  C:\Windows\System\eMcfnTu.exe
  2⤵
  PID:13516
- C:\Windows\System\JfyNBUI.exe
  C:\Windows\System\JfyNBUI.exe
  2⤵
  PID:13540
- C:\Windows\System\sEcUumA.exe
  C:\Windows\System\sEcUumA.exe
  2⤵
  PID:13560
- C:\Windows\System\nCVHgcD.exe
  C:\Windows\System\nCVHgcD.exe
  2⤵
  PID:13584
- C:\Windows\System\Rmcrxmf.exe
  C:\Windows\System\Rmcrxmf.exe
  2⤵
  PID:13608
- C:\Windows\System\GJmXamn.exe
  C:\Windows\System\GJmXamn.exe
  2⤵
  PID:13632
- C:\Windows\System\HrDXkzz.exe
  C:\Windows\System\HrDXkzz.exe
  2⤵
  PID:13656
- C:\Windows\System\TeSQrBa.exe
  C:\Windows\System\TeSQrBa.exe
  2⤵
  PID:13672
- C:\Windows\System\WriRfBQ.exe
  C:\Windows\System\WriRfBQ.exe
  2⤵
  PID:13704
- C:\Windows\System\AKZNtqe.exe
  C:\Windows\System\AKZNtqe.exe
  2⤵
  PID:13724
- C:\Windows\System\BYZAAyX.exe
  C:\Windows\System\BYZAAyX.exe
  2⤵
  PID:13748
- C:\Windows\System\HzdcRzo.exe
  C:\Windows\System\HzdcRzo.exe
  2⤵
  PID:13768
- C:\Windows\System\Mbsmcyn.exe
  C:\Windows\System\Mbsmcyn.exe
  2⤵
  PID:13796
- C:\Windows\System\wBrlNWZ.exe
  C:\Windows\System\wBrlNWZ.exe
  2⤵
  PID:13820
- C:\Windows\System\oeKjVAX.exe
  C:\Windows\System\oeKjVAX.exe
  2⤵
  PID:13844
- C:\Windows\System\OMytGls.exe
  C:\Windows\System\OMytGls.exe
  2⤵
  PID:13860
- C:\Windows\System\PgPINeR.exe
  C:\Windows\System\PgPINeR.exe
  2⤵
  PID:13876
- C:\Windows\System\UiUsban.exe
  C:\Windows\System\UiUsban.exe
  2⤵
  PID:13900
- C:\Windows\System\SGRgeWl.exe
  C:\Windows\System\SGRgeWl.exe
  2⤵
  PID:13920
- C:\Windows\System\eqFZSlw.exe
  C:\Windows\System\eqFZSlw.exe
  2⤵
  PID:13936
- C:\Windows\System\ZDQtXeq.exe
  C:\Windows\System\ZDQtXeq.exe
  2⤵
  PID:13956
- C:\Windows\System\KiYGhdT.exe
  C:\Windows\System\KiYGhdT.exe
  2⤵
  PID:13976
- C:\Windows\System\nkTdSAP.exe
  C:\Windows\System\nkTdSAP.exe
  2⤵
  PID:14000
- C:\Windows\System\ogkjqWW.exe
  C:\Windows\System\ogkjqWW.exe
  2⤵
  PID:14024
- C:\Windows\System\GGUyCqS.exe
  C:\Windows\System\GGUyCqS.exe
  2⤵
  PID:14048
- C:\Windows\System\dyUSKUS.exe
  C:\Windows\System\dyUSKUS.exe
  2⤵
  PID:14088
- C:\Windows\System\ySiJIIe.exe
  C:\Windows\System\ySiJIIe.exe
  2⤵
  PID:14112
- C:\Windows\System\YBydUXn.exe
  C:\Windows\System\YBydUXn.exe
  2⤵
  PID:14128
- C:\Windows\System\mcKXFjc.exe
  C:\Windows\System\mcKXFjc.exe
  2⤵
  PID:14160
- C:\Windows\System\PHXoZRV.exe
  C:\Windows\System\PHXoZRV.exe
  2⤵
  PID:14184
- C:\Windows\System\xKQFylG.exe
  C:\Windows\System\xKQFylG.exe
  2⤵
  PID:14212
- C:\Windows\System\ONHIMxL.exe
  C:\Windows\System\ONHIMxL.exe
  2⤵
  PID:14240
- C:\Windows\System\inEGWoE.exe
  C:\Windows\System\inEGWoE.exe
  2⤵
  PID:14268
- C:\Windows\System\rTkKqQj.exe
  C:\Windows\System\rTkKqQj.exe
  2⤵
  PID:14292
- C:\Windows\System\fcmMFbS.exe
  C:\Windows\System\fcmMFbS.exe
  2⤵
  PID:14316
- C:\Windows\System\JSQcyCC.exe
  C:\Windows\System\JSQcyCC.exe
  2⤵
  PID:13276
- C:\Windows\System\ugRPrPR.exe
  C:\Windows\System\ugRPrPR.exe
  2⤵
  PID:12256
- C:\Windows\System\kcKcBLM.exe
  C:\Windows\System\kcKcBLM.exe
  2⤵
  PID:12364
- C:\Windows\System\jsZVeWc.exe
  C:\Windows\System\jsZVeWc.exe
  2⤵
  PID:12452
- C:\Windows\System\tXUxSdF.exe
  C:\Windows\System\tXUxSdF.exe
  2⤵
  PID:12196
- C:\Windows\System\YPiCMUv.exe
  C:\Windows\System\YPiCMUv.exe
  2⤵
  PID:12316
- C:\Windows\System\wUrUvrU.exe
  C:\Windows\System\wUrUvrU.exe
  2⤵
  PID:12768
- C:\Windows\System\BMxHncp.exe
  C:\Windows\System\BMxHncp.exe
  2⤵
  PID:12724
- C:\Windows\System\OklUfYf.exe
  C:\Windows\System\OklUfYf.exe
  2⤵
  PID:13344
- C:\Windows\System\uopftYR.exe
  C:\Windows\System\uopftYR.exe
  2⤵
  PID:13400
- C:\Windows\System\MfjFLhQ.exe
  C:\Windows\System\MfjFLhQ.exe
  2⤵
  PID:12828
- C:\Windows\System\ixDVtpV.exe
  C:\Windows\System\ixDVtpV.exe
  2⤵
  PID:13444
- C:\Windows\System\DoLGRIW.exe
  C:\Windows\System\DoLGRIW.exe
  2⤵
  PID:13460
- C:\Windows\System\hlirhkz.exe
  C:\Windows\System\hlirhkz.exe
  2⤵
  PID:12900
- C:\Windows\System\qJLxHcc.exe
  C:\Windows\System\qJLxHcc.exe
  2⤵
  PID:12948
- C:\Windows\System\kJxeElC.exe
  C:\Windows\System\kJxeElC.exe
  2⤵
  PID:12984
- C:\Windows\System\BSpyPOR.exe
  C:\Windows\System\BSpyPOR.exe
  2⤵
  PID:12336
- C:\Windows\System\xzvNkvU.exe
  C:\Windows\System\xzvNkvU.exe
  2⤵
  PID:13144
- C:\Windows\System\iBAeJtx.exe
  C:\Windows\System\iBAeJtx.exe
  2⤵
  PID:13812
- C:\Windows\System\ZzglGqV.exe
  C:\Windows\System\ZzglGqV.exe
  2⤵
  PID:13316
- C:\Windows\System\PLarNBx.exe
  C:\Windows\System\PLarNBx.exe
  2⤵
  PID:13396
- C:\Windows\System\TYzYYUl.exe
  C:\Windows\System\TYzYYUl.exe
  2⤵
  PID:13968
- C:\Windows\System\cBzHSLb.exe
  C:\Windows\System\cBzHSLb.exe
  2⤵
  PID:11824
- C:\Windows\System\ZLDTpIk.exe
  C:\Windows\System\ZLDTpIk.exe
  2⤵
  PID:14084
- C:\Windows\System\qedFcng.exe
  C:\Windows\System\qedFcng.exe
  2⤵
  PID:14340
- C:\Windows\System\pDpUnpI.exe
  C:\Windows\System\pDpUnpI.exe
  2⤵
  PID:14372
- C:\Windows\System\qnVqpeA.exe
  C:\Windows\System\qnVqpeA.exe
  2⤵
  PID:14388
- C:\Windows\System\auWpdqy.exe
  C:\Windows\System\auWpdqy.exe
  2⤵
  PID:14424
- C:\Windows\System\NOULoKb.exe
  C:\Windows\System\NOULoKb.exe
  2⤵
  PID:14444
- C:\Windows\System\fsnOFMY.exe
  C:\Windows\System\fsnOFMY.exe
  2⤵
  PID:14464
- C:\Windows\System\MYwKEgt.exe
  C:\Windows\System\MYwKEgt.exe
  2⤵
  PID:14488
- C:\Windows\System\ehQLhLS.exe
  C:\Windows\System\ehQLhLS.exe
  2⤵
  PID:14512
- C:\Windows\System\tCaSvmi.exe
  C:\Windows\System\tCaSvmi.exe
  2⤵
  PID:14540
- C:\Windows\System\vrzBLMM.exe
  C:\Windows\System\vrzBLMM.exe
  2⤵
  PID:14564
- C:\Windows\System\IGxBMzL.exe
  C:\Windows\System\IGxBMzL.exe
  2⤵
  PID:14588
- C:\Windows\System\GToqqbN.exe
  C:\Windows\System\GToqqbN.exe
  2⤵
  PID:14620
- C:\Windows\System\qkkjNtr.exe
  C:\Windows\System\qkkjNtr.exe
  2⤵
  PID:14648
- C:\Windows\System\ULiTtLs.exe
  C:\Windows\System\ULiTtLs.exe
  2⤵
  PID:14668
- C:\Windows\System\ispWVdS.exe
  C:\Windows\System\ispWVdS.exe
  2⤵
  PID:14688
- C:\Windows\System\xSHgMqE.exe
  C:\Windows\System\xSHgMqE.exe
  2⤵
  PID:14716
- C:\Windows\System\wWwuOSq.exe
  C:\Windows\System\wWwuOSq.exe
  2⤵
  PID:14748
- C:\Windows\System\JjqyAkt.exe
  C:\Windows\System\JjqyAkt.exe
  2⤵
  PID:14776
- C:\Windows\System\MqaUcKa.exe
  C:\Windows\System\MqaUcKa.exe
  2⤵
  PID:14800
- C:\Windows\System\upRWOhF.exe
  C:\Windows\System\upRWOhF.exe
  2⤵
  PID:14828
- C:\Windows\System\DaFQiQN.exe
  C:\Windows\System\DaFQiQN.exe
  2⤵
  PID:14844
- C:\Windows\System\NQuFqzV.exe
  C:\Windows\System\NQuFqzV.exe
  2⤵
  PID:14868
- C:\Windows\System\CEyginw.exe
  C:\Windows\System\CEyginw.exe
  2⤵
  PID:14892
- C:\Windows\System\sIzNEEX.exe
  C:\Windows\System\sIzNEEX.exe
  2⤵
  PID:14936
- C:\Windows\System\WzPfSRu.exe
  C:\Windows\System\WzPfSRu.exe
  2⤵
  PID:14956
- C:\Windows\System\gKmdxyQ.exe
  C:\Windows\System\gKmdxyQ.exe
  2⤵
  PID:14976
- C:\Windows\System\VImbKFx.exe
  C:\Windows\System\VImbKFx.exe
  2⤵
  PID:15000
- C:\Windows\System\kqMitWl.exe
  C:\Windows\System\kqMitWl.exe
  2⤵
  PID:15020
- C:\Windows\System\CPUrqTr.exe
  C:\Windows\System\CPUrqTr.exe
  2⤵
  PID:15048
- C:\Windows\System\CjEmxaV.exe
  C:\Windows\System\CjEmxaV.exe
  2⤵
  PID:15080
- C:\Windows\System\bfnUGXI.exe
  C:\Windows\System\bfnUGXI.exe
  2⤵
  PID:15104
- C:\Windows\System\JzxSxwD.exe
  C:\Windows\System\JzxSxwD.exe
  2⤵
  PID:15128
- C:\Windows\System\sOfNTep.exe
  C:\Windows\System\sOfNTep.exe
  2⤵
  PID:15144
- C:\Windows\System\QCkzZgU.exe
  C:\Windows\System\QCkzZgU.exe
  2⤵
  PID:15176
- C:\Windows\System\HAMJzOK.exe
  C:\Windows\System\HAMJzOK.exe
  2⤵
  PID:15196
- C:\Windows\System\MFjGeSf.exe
  C:\Windows\System\MFjGeSf.exe
  2⤵
  PID:15216
- C:\Windows\System\hhpKgiG.exe
  C:\Windows\System\hhpKgiG.exe
  2⤵
  PID:15232
- C:\Windows\System\Xxduafp.exe
  C:\Windows\System\Xxduafp.exe
  2⤵
  PID:15256
- C:\Windows\System\cYFtbNE.exe
  C:\Windows\System\cYFtbNE.exe
  2⤵
  PID:15276
- C:\Windows\System\vkgBrcT.exe
  C:\Windows\System\vkgBrcT.exe
  2⤵
  PID:15300
- C:\Windows\System\yKoWwqh.exe
  C:\Windows\System\yKoWwqh.exe
  2⤵
  PID:15316
- C:\Windows\System\kjDpqPv.exe
  C:\Windows\System\kjDpqPv.exe
  2⤵
  PID:15348
- C:\Windows\System\dutevnt.exe
  C:\Windows\System\dutevnt.exe
  2⤵
  PID:12296
- C:\Windows\System\wtMTjvL.exe
  C:\Windows\System\wtMTjvL.exe
  2⤵
  PID:12448
- C:\Windows\System\qYJhWhA.exe
  C:\Windows\System\qYJhWhA.exe
  2⤵
  PID:12860
- C:\Windows\System\hcxWusn.exe
  C:\Windows\System\hcxWusn.exe
  2⤵
  PID:12588
- C:\Windows\System\eojZgFf.exe
  C:\Windows\System\eojZgFf.exe
  2⤵
  PID:13060
- C:\Windows\System\tQHXXZr.exe
  C:\Windows\System\tQHXXZr.exe
  2⤵
  PID:13840
- C:\Windows\System\QZpClzn.exe
  C:\Windows\System\QZpClzn.exe
  2⤵
  PID:13392
- C:\Windows\System\oXtcTey.exe
  C:\Windows\System\oXtcTey.exe
  2⤵
  PID:13892
- C:\Windows\System\OzfCZFg.exe
  C:\Windows\System\OzfCZFg.exe
  2⤵
  PID:13508
- C:\Windows\System\IyfqTdd.exe
  C:\Windows\System\IyfqTdd.exe
  2⤵
  PID:14012
- C:\Windows\System\sgBgCoU.exe
  C:\Windows\System\sgBgCoU.exe
  2⤵
  PID:13524
- C:\Windows\System\LguFQgh.exe
  C:\Windows\System\LguFQgh.exe
  2⤵
  PID:13552
- C:\Windows\System\OzRDZqt.exe
  C:\Windows\System\OzRDZqt.exe
  2⤵
  PID:14208
- C:\Windows\System\ECFlsXL.exe
  C:\Windows\System\ECFlsXL.exe
  2⤵
  PID:14288
- C:\Windows\System\IryrWbj.exe
  C:\Windows\System\IryrWbj.exe
  2⤵
  PID:14508
- C:\Windows\System\yvHUjTo.exe
  C:\Windows\System\yvHUjTo.exe
  2⤵
  PID:15116
- C:\Windows\System\YMffjci.exe
  C:\Windows\System\YMffjci.exe
  2⤵
  PID:11668
- C:\Windows\System\wiUYdVM.exe
  C:\Windows\System\wiUYdVM.exe
  2⤵
  PID:14176
- C:\Windows\System\KhmLtNS.exe
  C:\Windows\System\KhmLtNS.exe
  2⤵
  PID:14556
- C:\Windows\System\dnPnWZh.exe
  C:\Windows\System\dnPnWZh.exe
  2⤵
  PID:15064
- C:\Windows\System\dLCNrNo.exe
  C:\Windows\System\dLCNrNo.exe
  2⤵
  PID:15344
- C:\Windows\System\qiNZSAe.exe
  C:\Windows\System\qiNZSAe.exe
  2⤵
  PID:12704
- C:\Windows\System\mvoyfcv.exe
  C:\Windows\System\mvoyfcv.exe
  2⤵
  PID:14044
- C:\Windows\System\XOwnkQX.exe
  C:\Windows\System\XOwnkQX.exe
  2⤵
  PID:13304
- C:\Windows\System\mCRxLYz.exe
  C:\Windows\System\mCRxLYz.exe
  2⤵
  PID:12964
- C:\Windows\System\MMwtZNh.exe
  C:\Windows\System\MMwtZNh.exe
  2⤵
  PID:14036
- C:\Windows\System\LNHTyAv.exe
  C:\Windows\System\LNHTyAv.exe
  2⤵
  PID:12712
- C:\Windows\System\SOjAOnl.exe
  C:\Windows\System\SOjAOnl.exe
  2⤵
  PID:14308
- C:\Windows\System\iSxLHdL.exe
  C:\Windows\System\iSxLHdL.exe
  2⤵
  PID:14836
- C:\Windows\System\WVixjvL.exe
  C:\Windows\System\WVixjvL.exe
  2⤵
  PID:13208
- C:\Windows\System\xBLOSOo.exe
  C:\Windows\System\xBLOSOo.exe
  2⤵
  PID:12536
- C:\Windows\System\hQcjOhk.exe
  C:\Windows\System\hQcjOhk.exe
  2⤵
  PID:11420
- C:\Windows\System\BxWucvc.exe
  C:\Windows\System\BxWucvc.exe
  2⤵
  PID:12884
- C:\Windows\System\mNEfvRT.exe
  C:\Windows\System\mNEfvRT.exe
  2⤵
  PID:12996
- C:\Windows\System\byimOJh.exe
  C:\Windows\System\byimOJh.exe
  2⤵
  PID:14416
- C:\Windows\System\HqpkjqZ.exe
  C:\Windows\System\HqpkjqZ.exe
  2⤵
  PID:13372
- C:\Windows\System\skCiKfJ.exe
  C:\Windows\System\skCiKfJ.exe
  2⤵
  PID:13176
- C:\Windows\System\XMbunZn.exe
  C:\Windows\System\XMbunZn.exe
  2⤵
  PID:15368
- C:\Windows\System\MvLkhaX.exe
  C:\Windows\System\MvLkhaX.exe
  2⤵
  PID:15396
- C:\Windows\System\vdkOnqS.exe
  C:\Windows\System\vdkOnqS.exe
  2⤵
  PID:15436
- C:\Windows\System\RezTrPX.exe
  C:\Windows\System\RezTrPX.exe
  2⤵
  PID:15468
- C:\Windows\System\eXUvSBb.exe
  C:\Windows\System\eXUvSBb.exe
  2⤵
  PID:15492
- C:\Windows\System\zjRTQPA.exe
  C:\Windows\System\zjRTQPA.exe
  2⤵
  PID:15516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4008,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:8
1⤵
PID:4632

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DOnvpcC.exe

Filesize
1.8MB

MD5
79c25dacb085fe13ccb788414f9c731a

SHA1
019bd8ddb6e814ce85860e06d7fa0b34ee80b179

SHA256
fca78c6d2488b64403b81608b3e8cf636890aa377b506a46b4fa5faccf016ce5

SHA512
060d15dafc6feba37f389233ac88e43b9e064fd7b7787db262a94a84e6854be851c6f794c7eeaa71d2950dcb705e11e03a907b91e9259a04972355e70fac0b4e

Download Submit
C:\Windows\System\EuFhyfo.exe

Filesize
1.8MB

MD5
8670a396baab2c7b32365e62df518bde

SHA1
0522991e9aa0740daf4f16d22746905355108406

SHA256
30b073830afec3924558eb69658b01a9f614a75bbd197eb46ee8c3bae638017e

SHA512
def630f99327047bfed99481b50fa218a372257e67e9fbb201477bd3ffb50abc158bef89737860c6e87e2d91ff994f2a06ec552d15d890ffd1cf2102f34e846f

Download Submit
C:\Windows\System\FQlnVPV.exe

Filesize
1.8MB

MD5
884d22aa220460ec3b6a2b2fe7e8876d

SHA1
df5388c268b2e49defd860a61f028d53041a5097

SHA256
b8d4f5dcfb6781ea711a728ed800a8a01f4deb2a6e25b1370415129f423666e3

SHA512
330262a0a7a1028cca13a3ba6a8319a9cb88e446f660caca7660bb4bd0183a21aea7a6315c8a44bbe247137b2cc7d39d46897de8b6769e01e371a529580ef049

Download Submit
C:\Windows\System\GGkKfXE.exe

Filesize
1.8MB

MD5
946c6b463507c64d0baf7f624e1a9da9

SHA1
c48c4aaaae56e5884429eb962bce35101fd9308b

SHA256
3985ac0e08bfe3acf58e6c4499acbdb1af9416622d370de19ca8e457a78564c5

SHA512
385864bd65786581d114f74f9e9979facb555419890ae9ab4bcf14004a35be0c15006c5e1c525e136560b6ec20309d866b48650d1dd71010e23d01debed094e1

Download Submit
C:\Windows\System\HCoPeIp.exe

Filesize
1.8MB

MD5
4cb39648b1521902d088ba35dac3769c

SHA1
d702adfae626fcafaf5e15f17a586276f0da0cf2

SHA256
c6fe3a551560e912203d544c45a8a4a5ae65875c80b602b10e6b11bdba4635a2

SHA512
5bc5b38892ad2d62fe0978e622fe9f29be9d230c194eaf9e6af26c5d86192a63e4cf2fc8f0043950cd9f0f8788aa36360e414d2aca7fd9ff82eb953df76ed2a8

Download Submit
C:\Windows\System\HiekiYk.exe

Filesize
1.8MB

MD5
b2353fe8f39dcd5cf8dfb28c00b6423f

SHA1
233e76e9de54a8b6bedb16b289723b2f1b089899

SHA256
37bac21983021ad750334e5af4e67526e3eed3b70941a0dd97b936dda503427b

SHA512
35f91ba8cb18db40fcce51f873770e1de5033089863b28ec9ec2c6741f0773210c5c9fe51e8897d2375ee2e929ffec02a8b72516f68292e05dc98c8c0b96b4be

Download Submit
C:\Windows\System\JlfROwP.exe

Filesize
1.8MB

MD5
64f9e5a32807f3887645ba7cf4ba126f

SHA1
31e80a12ab76a3ee51af583c3700564363c98c82

SHA256
2455174299c67be208819fd5a53844e1aa5320f6b5af4432522719562e127f9f

SHA512
c716add48ddf324181b0098be297f9c9c7a9f296d2f3c521465bdf96cb92c1046dc6ac0e3b2fede5075eb72bdfb0063d5c11f473393d2a7db31b3611b90bff57

Download Submit
C:\Windows\System\JtKHUUW.exe

Filesize
1.8MB

MD5
954d3c0b8e9297691812e06d1de8840e

SHA1
43c4ba14b4e332800f96a3b6ab003621c4e08c1d

SHA256
2a7d51fe1e8cbc5ca7cfcec8445faeb32a636afa0bff0f281dfc581c909ecdf0

SHA512
0b75890c5f5c80252d322947d064c822a25456bb854c524d2162ad2852bf344fc79a2eaabfb8d4af195dcc7db7160e6e037b81c47cf6458049c0e730993c9d7e

Download Submit
C:\Windows\System\Jvailig.exe

Filesize
1.8MB

MD5
549ccc3bf8c962e9baab849f30169a0a

SHA1
0a0f22a536f2dd31332d663b993b7f8a80207b04

SHA256
bae2dfd0ecaefdcd6a3d166b889ee817363896202edd518cded0276e600ba7b5

SHA512
d90b1e2539473541cc953d7617eea6b0f3db5841707ae2a47de1bacd4e72c5dda7400ceb488b07e9b031e672de7d59ef365e2469db6d642d9480c409b689828f

Download Submit
C:\Windows\System\KAPOKHZ.exe

Filesize
1.8MB

MD5
a50dbc7b5072b6dc8e789a43a0e6b6bc

SHA1
32825ec0265d577e4ef4424984c64318c297c510

SHA256
960cc53e9da45572e7faaf33c87dc1bbd8f76c134b1c9c75599e760a2600ee0c

SHA512
a428a1c619fd03f2875f8f4dbff6aee17fdfbcd8fb5c3eb55055d56d5ecc5c94d59bd94fd47b48cbccc4f398450dfff6abecba1de84c243a150779719952c55d

Download Submit
C:\Windows\System\LdruTya.exe

Filesize
1.8MB

MD5
624dcc72a156e758897dc3e95bba3603

SHA1
b7b61d1f910dc04431192ef9da8a7e81d88ae873

SHA256
5c9f9e528ec137f637146d3709dc575f3b43c885a8048c2212bbcd097a275bc6

SHA512
edd3fe938f74a0f8a3e88fdea75befe67ec0c90ae7f434c3fc8c28a7b8a1aab24a4a794d41f2be49a86108ea620c8f89a2ac81a6f90512e55be40430a6826f71

Download Submit
C:\Windows\System\PVfUnMJ.exe

Filesize
1.8MB

MD5
a1212255879f44b21603251acd48d7b5

SHA1
9a93d69531bed9b4d0d7c86f95cba6207c2888c6

SHA256
0dc2c89c9601cab245295d18ea9c608ca589e0913f3d4ed61cabdfe4b5e9c21d

SHA512
b7aa3ac3d998c3a7195c0ea5d469fc73e366ebf4f66d6e6ade2a58850b0ac75d0af291fd738fe1d616244a9f92702c19bf0920b32dc74aaa73bbf43c9f278cd3

Download Submit
C:\Windows\System\SxmMUxW.exe

Filesize
1.8MB

MD5
12e75586a338d5eee0ececc6347af6b0

SHA1
0f0550c8eb8cdf70e61f1de9760add68111e7535

SHA256
e09bc456fb22fbe29c6f436b0e8a3be113911489498b33c088fbff06db35672b

SHA512
64e239d064e8639c8bfe09de31c1367ca925fa11f5709a55d746ccb84add0ce8fbcadfe9d65e99ab7df7520964e78e467b02beeba88951286330d8355e994ffd

Download Submit
C:\Windows\System\TIGASmJ.exe

Filesize
1.8MB

MD5
dc89d62c4ef9958e7a9e9ec7f035db0d

SHA1
8bb49f31d45fadbf1c829a94f76168fa2d4a12ba

SHA256
de12a64e794999e3e7d8d5a37050b0a5a3886333aafb265871f7dc9906ea737b

SHA512
e243f0144ea842965eecef2d442aaa180085b5919d32e8749394eae9f4934f5b27030fd7960a6f916e8d1b678da0e187719f1fe8674044797adc2d4161d50f96

Download Submit
C:\Windows\System\UGOwGXN.exe

Filesize
1.8MB

MD5
8f37223fac2ba136fa0091e49b6fa198

SHA1
203a652703a70fe63aad5ffd3988901326b0154e

SHA256
1d33bd26c13f0cd71a269f03881e89d2ac2b1b0c4e0523f43f626b8fdf776bed

SHA512
92034d2861269ec368c09457dd4b62a1b5be026592e233ad7a72d6f151c9113b7f70b8efb2e3d5a3f898b4b29df1dd0e6462aabe255944c052476e36d82e34fd

Download Submit
C:\Windows\System\WNdGFUj.exe

Filesize
1.8MB

MD5
01a7fc2d213cdc7d3d1b9da2743ddb8f

SHA1
a36e01ac3d65fe7ec0c737f547c4de76b91b65f2

SHA256
c035c65ec3a2d38ed9b7ec75810fb2a7514a5b78e89700a1b43040b472a77577

SHA512
f2a4336aaba12748bff3a909b02c2beb129e4ee727f5810236b21f0ebc875cc92f84f41b7f64355b395f383fb17ab18237af029633fa327fab3e7d3de9c61c8a

Download Submit
C:\Windows\System\XmKHJoX.exe

Filesize
1.8MB

MD5
799c8d68413414b326c88a5ceb18ba85

SHA1
1e446393a463a93a414933b2c14a94d75a1db245

SHA256
b1ff3af8aff2fa0f1a75a67215d0c7bfed2649d15940a02748124a844de3f53b

SHA512
71bcadc1a835774d47fc1b479d6b42cecc35ba25958c808a94ffdd8c05a1dc1938c0d80aef04dde7bb9e3e438891117f1581e1b27565f947e0cdb604a028b0cb

Download Submit
C:\Windows\System\ZopNAwj.exe

Filesize
1.8MB

MD5
ebf0fb80cc1c8d7064bffc65e4607588

SHA1
32e719e42f8816c47fae5bae7c2308570b7534f7

SHA256
575367ee79572b7d51ca5c621f888f9b34a84e88394f8e13ed02f36c132cbd66

SHA512
5589cbea00ca5288ccd62a7141113bab089951d2b20f507daf74a2442dafa9d1877fc88a3e8f0964351ed2c017e784d85890b863bb21d3bf1060346ef28a6a9e

Download Submit
C:\Windows\System\aWChKJE.exe

Filesize
1.8MB

MD5
2f24982e9fb887fe580cc08a6692d531

SHA1
06b3536bfd22995c91ce44cea9046b38b77e35b1

SHA256
c13661d35fbcc3bcb3ca78163d0855facb720caac3b3d13a1d74c0342a1a8c51

SHA512
e89a0cdd58c644fb6a6b382d51a6f804295b53da6f60d46d8d9eda2a2a87c0efe3e6f57e2cea8265aec8072639f7def694484c7edfdd6f9360f83eec81303f81

Download Submit
C:\Windows\System\dPXHkdE.exe

Filesize
1.8MB

MD5
19d10490f7f27045a7c0e60fc5684633

SHA1
ae374fe0f04044eb01c15de2fbfed918378d804f

SHA256
09db8f90f6dadde5c603eaf82c0e715f7a9037b6ffe2c8130827613e2ffe5d89

SHA512
7052031739018af00edbbdbdb8c81cfd083c6d2c534597eb4917bbf18554a971f9ebc943348cb698eb05bc1a0478a0db2817709ebc9da23a3292e2906fb06b6a

Download Submit
C:\Windows\System\eIhiMEt.exe

Filesize
1.8MB

MD5
ba694dee88a4d5dea9325250aab227bf

SHA1
d0a9c98ce5ac6f8c85e26105132e6bae44cd71ba

SHA256
4d90537ef6dd673c13df3dff7f1e94edb55e3ecd349cd174fd1f22eb177caa4e

SHA512
29c2c1a82d1c9acf3fc741c0dbb1588f318637c21a1a76e307ba3e5efaea86da972569ba6798b423158735345522ab319eb9773bfcd98176f3a1fb5765ef3868

Download Submit
C:\Windows\System\iSuwFoD.exe

Filesize
1.8MB

MD5
bab6ca58e3083f578b40f71deb4c9809

SHA1
4e6a834b173c5312807dba53a56a2bf9124b03a5

SHA256
e293949179fa6ad326a7c2adbcc533876d03f920d1b57c9e94b0e77ea12eaa9b

SHA512
a98557219663340c5980ab05c867b7a13edc12309b75abfaa3f4dda6bf6a93be0840cfb6458625196f7a9c7e445e96f27590b13275b4cf9ca120c6fccbc00cf0

Download Submit
C:\Windows\System\kNIjHBy.exe

Filesize
1.8MB

MD5
70235efdd2b8fb1e2a3b2c6f0da24e8f

SHA1
3e1ec69ee997f97067cae09f1ef6592b5c0d5c28

SHA256
f9a09174a9aad710290d052b6cb4a4ccd25a569ec386a4142382a4202d5797fb

SHA512
75ba9a0837fd76b7e3f1209768c775a23b43dc521bd4e3b0807880bc3416ec4f74e5da87b4c7907a9502fbad6d590a199b36cce81465b1768aa2e727c8cba932

Download Submit
C:\Windows\System\lFxZRzG.exe

Filesize
1.8MB

MD5
d8f5dfcf893c1ecba2b60937445779ba

SHA1
856c81e7721fe207ee393eb71f784d2d46e685df

SHA256
661dfb4dbb0547a6fbe50763e1423fbb4ede9ae1bd663c3f37c4929d5474861e

SHA512
a92dcdbc27aee96d6569286c45e5db0eed970e2aa2b3992ca17b48758448bb03335ed863955a2fb4364c1b5ed8847878592aa7498310a65480e27a13ab838e67

Download Submit
C:\Windows\System\lQqNmPD.exe

Filesize
1.8MB

MD5
8214700f2fdf26b064d6b6538de0fe7c

SHA1
43233010e22f97877bdf19b74400d8bb22a04e38

SHA256
6386bcbbe9127be517ae4f7985d78006898a7267a9082a58d3ac55115a0dc58b

SHA512
0a2de9504b780a3fb2e9ca30ffa3f07c1152f199c15d5b932cf2eb67c5ca976d992335a78a30ffed1e8f555b87f11e6d0c41a46f6640729f0aae1d30c299e41c

Download Submit
C:\Windows\System\nXxTMKL.exe

Filesize
1.8MB

MD5
3c7517c1683db0a606679609d6e713d5

SHA1
b5b8a5e6ad14743549e3a32923ef03b7cc46db90

SHA256
543ba7abb7da22ca386d485c4732c12c34988c729cd40ea5baea2077325b7894

SHA512
97e328a4257058e41143ab1a9bbdf258508d3848207aba232e803d280fc53b491f8552ccf382e83ecd1522ba88bc92d079e10149830e33fd2d8684a7142a7651

Download Submit
C:\Windows\System\nufOETO.exe

Filesize
1.8MB

MD5
4ad82ed9b5c5bb17138dd8834908de30

SHA1
ad40875f7c51e04727e4f4ec572b22f9d36b22f7

SHA256
3e0ac412a0b7a9d4b9768443cf2a141f57dffc918302f4a5e7b46c8f4e5a779e

SHA512
8b242bccab34fecced854972e1e81a3a6ac78740202018307ef40e80f4e72b0e467de10469711af1ef71eafaad2e0889839ee591f1d1044e62851b6745924140

Download Submit
C:\Windows\System\oBqbbZK.exe

Filesize
1.8MB

MD5
a298970da7492a9ac5ef1a926741c529

SHA1
17c866d979dfcb60f9ad9d07aca02f56407e2eef

SHA256
62d0e32d1a3621bd6f1af22911a30df9ac5a631134698e5f7a9bd79ce8bac5c1

SHA512
b634632bb1e2954f834c6a5bb7bd981584ed09c95d3d5f777760665e59496cfd4da8dc800b494d9d98eb4c520f6a823ec8e8a57e8a9291c2d607ff1110517bc2

Download Submit
C:\Windows\System\qqMfpGC.exe

Filesize
1.8MB

MD5
fc8c57e7b471e63d80c539d7b6bd1978

SHA1
23d8d850506f7927dbc43d6ebdb3b2ce2f792c45

SHA256
58c10f2fba67f45fb32300c607466635bb6d7d98bdd785bc33e28bd82c896227

SHA512
240eae2ca847fbc78425c2ab196b3234a262c082480bc79986a14d86ea663c742af455b55608b51d35a5bb3c687bf1c415f55921386ed572d35ed1bf5009d19f

Download Submit
C:\Windows\System\rYuRrqs.exe

Filesize
1.8MB

MD5
33637e0ce0932d63888f0216c414968e

SHA1
d4c0c7698812583dfda9e15c15030cb543485dc8

SHA256
3489fde3f3f9cdc18d1fa21611d887f26c8a7bf8ac550e1cc63e34b60330e247

SHA512
5e60dba4cdb75155175c5f463f681bddb959ba26c11aad322331bf855728cbb4bc9771e9a31f337643918c68b2d0f6e9cb4e56e16b03de3ba2881d6ef37bf012

Download Submit
C:\Windows\System\rbHSXTw.exe

Filesize
1.8MB

MD5
fa2c7a6761c8757b53bbbae5eeb9564d

SHA1
4a44f3280fd46d0d60cc4a778ead81ad3d392f4c

SHA256
8a2b9f411811635d69022af88391c68909bd06747757b78cb71cc3f8b4ea6f73

SHA512
21c9a2eaa1ada84c3ab249552888183fada838c07f674917a837bcf5ef6fb92adcf8f98d25bb08ac57de98cada48a5fa18cd6ff487264a9d41663473703702d4

Download Submit
C:\Windows\System\uZxdPVq.exe

Filesize
1.8MB

MD5
0f711a9b72fee3827c3432fbbd5146ba

SHA1
ad053ffeaf03f4f387d992ead0e318fbfce19ff2

SHA256
7e9bdb7ea70d515c3454620114550b3f869066d03aa21b3ef1729da42d9336f6

SHA512
29966b05e6d008b9c15007727f3e73380bed7babeebc0c221f4abc1bbef7f9649c84676f7a3dd0f3efde8dbcff73f8818a0162ccebb18c105e4da26f12fc2d70

Download Submit
C:\Windows\System\vcCEejJ.exe

Filesize
1.8MB

MD5
49d86211add5248ee6f9a95e56e58bdb

SHA1
b13b6830a381ae96a953f3cc491e8b0118dc684d

SHA256
9a9ab1a9c7817bf6b6a15a0fab4bb7ee16d0df3ee616057130a89d6abf2e5bc9

SHA512
bf38686b8226c5809fb374d60ee4e34b941e2023cf318a0a74638a686840dde739b6a74310069b8ecc88f09b47e4e2b8df506ca6ba3546785c6d518d4884f889

Download Submit
C:\Windows\System\vkISUSz.exe

Filesize
1.8MB

MD5
70609f20425c9b287df1d0a59b401663

SHA1
376bbef484629da8beaa5d9db6902904e4528f6f

SHA256
b999084bb7add03795885202ad8c31d582f8051e06ed45b60dd3468b0cd86473

SHA512
9574cf24335b5a60b262b5db04259b2de2814c206b75181ead34bae88d2c2b58b682d930511c362cd8e1c1f6732eea1e9f21961fdf95f61685ce0be9f3c57ad8

Download Submit
C:\Windows\System\xAvbqyq.exe

Filesize
1.8MB

MD5
f50e435d822213aedca6be6b281164a5

SHA1
0d88920432dabf052ac5f06cadf365b533ea2b4b

SHA256
a4d10bcffc6a997634d496c62082fd4b7dc2ecc3abcb63f95de6bd7e15433c1f

SHA512
cf9b460c78b8846efe60b34fd80495eaae1271b3c724e26e934bfa5ed5e6db6fca9fb1e9e22fa9e958636d00c9f0094df4f593928efd10f556102028166e490c

Download Submit
C:\Windows\System\zhaVLUr.exe

Filesize
1.8MB

MD5
663d8d434b2d2c37c183f93ac1261f60

SHA1
fa1f2f668b919795ae0340ab7ca388ac656d045f

SHA256
8ef27fe0b73fb832027398084d38e39dbc093a93cc2f69ab74db6d53286817e8

SHA512
5ef0a864f0e91b6bdc8edb598f32de1b75bf1413a40721234c1e9fad6f417619c66e04b4bf798307130429e27c1324dd168cab5e6f18af7808adefe958c8b9ad

Download Submit
C:\Windows\System\zlINQiq.exe

Filesize
1.8MB

MD5
fe56bf46a6ee9201eec3f7c1e9bc0327

SHA1
154eb955df69be957d419a479037a57b881369d0

SHA256
29dab3e8f0be887cdfb24638c32d770c3d7e02605df5c18c3ec3030d3f50b98c

SHA512
8d726d80b5eba58af08300243033023ef3ca9b7efd9fb15447be10b7d6ab59ff37ce3406a3d7a784b112b1ebbe520566e235dddea08ee0a3482d4d8a7aaf7c23

Download Submit
memory/348-2463-0x00007FF67C160000-0x00007FF67C4B4000-memory.dmp

Filesize
3.3MB

Download
memory/348-226-0x00007FF67C160000-0x00007FF67C4B4000-memory.dmp

Filesize
3.3MB

Download
memory/376-68-0x00007FF7C22A0000-0x00007FF7C25F4000-memory.dmp

Filesize
3.3MB

Download
memory/376-2443-0x00007FF7C22A0000-0x00007FF7C25F4000-memory.dmp

Filesize
3.3MB

Download
memory/468-84-0x00007FF7F6050000-0x00007FF7F63A4000-memory.dmp

Filesize
3.3MB

Download
memory/468-2455-0x00007FF7F6050000-0x00007FF7F63A4000-memory.dmp

Filesize
3.3MB

Download
memory/880-247-0x00007FF6CEC30000-0x00007FF6CEF84000-memory.dmp

Filesize
3.3MB

Download
memory/880-2468-0x00007FF6CEC30000-0x00007FF6CEF84000-memory.dmp

Filesize
3.3MB

Download
memory/1308-2467-0x00007FF78AF80000-0x00007FF78B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-248-0x00007FF78AF80000-0x00007FF78B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-2460-0x00007FF70C2B0000-0x00007FF70C604000-memory.dmp

Filesize
3.3MB

Download
memory/1444-246-0x00007FF70C2B0000-0x00007FF70C604000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2466-0x00007FF614800000-0x00007FF614B54000-memory.dmp

Filesize
3.3MB

Download
memory/1672-204-0x00007FF614800000-0x00007FF614B54000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2448-0x00007FF698870000-0x00007FF698BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-520-0x00007FF698870000-0x00007FF698BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-37-0x00007FF698870000-0x00007FF698BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-211-0x00007FF653550000-0x00007FF6538A4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2469-0x00007FF653550000-0x00007FF6538A4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-337-0x00007FF6AB490000-0x00007FF6AB7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2444-0x00007FF6AB490000-0x00007FF6AB7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-17-0x00007FF6AB490000-0x00007FF6AB7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-530-0x00007FF7EC220000-0x00007FF7EC574000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2450-0x00007FF7EC220000-0x00007FF7EC574000-memory.dmp

Filesize
3.3MB

Download
memory/2128-40-0x00007FF7EC220000-0x00007FF7EC574000-memory.dmp

Filesize
3.3MB

Download
memory/2284-2452-0x00007FF62EF20000-0x00007FF62F274000-memory.dmp

Filesize
3.3MB

Download
memory/2284-86-0x00007FF62EF20000-0x00007FF62F274000-memory.dmp

Filesize
3.3MB

Download
memory/2356-140-0x00007FF7D4F20000-0x00007FF7D5274000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2457-0x00007FF7D4F20000-0x00007FF7D5274000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2462-0x00007FF62E4F0000-0x00007FF62E844000-memory.dmp

Filesize
3.3MB

Download
memory/2548-179-0x00007FF62E4F0000-0x00007FF62E844000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2461-0x00007FF7342D0000-0x00007FF734624000-memory.dmp

Filesize
3.3MB

Download
memory/2676-192-0x00007FF7342D0000-0x00007FF734624000-memory.dmp

Filesize
3.3MB

Download
memory/2820-227-0x00007FF683090000-0x00007FF6833E4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2458-0x00007FF683090000-0x00007FF6833E4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-82-0x00007FF753760000-0x00007FF753AB4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2453-0x00007FF753760000-0x00007FF753AB4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2459-0x00007FF749B50000-0x00007FF749EA4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-181-0x00007FF749B50000-0x00007FF749EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1413-0x00007FF7DCDF0000-0x00007FF7DD144000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2456-0x00007FF7DCDF0000-0x00007FF7DD144000-memory.dmp

Filesize
3.3MB

Download
memory/3040-96-0x00007FF7DCDF0000-0x00007FF7DD144000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2447-0x00007FF64ED00000-0x00007FF64F054000-memory.dmp

Filesize
3.3MB

Download
memory/3184-85-0x00007FF64ED00000-0x00007FF64F054000-memory.dmp

Filesize
3.3MB

Download
memory/3540-2470-0x00007FF77BC10000-0x00007FF77BF64000-memory.dmp

Filesize
3.3MB

Download
memory/3540-231-0x00007FF77BC10000-0x00007FF77BF64000-memory.dmp

Filesize
3.3MB

Download
memory/3812-2465-0x00007FF6B6380000-0x00007FF6B66D4000-memory.dmp

Filesize
3.3MB

Download
memory/3812-241-0x00007FF6B6380000-0x00007FF6B66D4000-memory.dmp

Filesize
3.3MB

Download
memory/3908-9-0x00007FF75B850000-0x00007FF75BBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3908-2442-0x00007FF75B850000-0x00007FF75BBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3908-324-0x00007FF75B850000-0x00007FF75BBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-2454-0x00007FF7450D0000-0x00007FF745424000-memory.dmp

Filesize
3.3MB

Download
memory/3968-83-0x00007FF7450D0000-0x00007FF745424000-memory.dmp

Filesize
3.3MB

Download
memory/4304-232-0x00007FF670070000-0x00007FF6703C4000-memory.dmp

Filesize
3.3MB

Download
memory/4304-2464-0x00007FF670070000-0x00007FF6703C4000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2451-0x00007FF688410000-0x00007FF688764000-memory.dmp

Filesize
3.3MB

Download
memory/4548-73-0x00007FF688410000-0x00007FF688764000-memory.dmp

Filesize
3.3MB

Download
memory/4620-1-0x0000014CDA0B0000-0x0000014CDA0C0000-memory.dmp

Filesize
64KB

Download
memory/4620-0-0x00007FF66E880000-0x00007FF66EBD4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-323-0x00007FF66E880000-0x00007FF66EBD4000-memory.dmp

Filesize
3.3MB

Download
memory/4680-69-0x00007FF7B7AF0000-0x00007FF7B7E44000-memory.dmp

Filesize
3.3MB

Download
memory/4680-2446-0x00007FF7B7AF0000-0x00007FF7B7E44000-memory.dmp

Filesize
3.3MB

Download
memory/4700-517-0x00007FF663F20000-0x00007FF664274000-memory.dmp

Filesize
3.3MB

Download
memory/4700-24-0x00007FF663F20000-0x00007FF664274000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2445-0x00007FF663F20000-0x00007FF664274000-memory.dmp

Filesize
3.3MB

Download
memory/4916-57-0x00007FF6947D0000-0x00007FF694B24000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2449-0x00007FF6947D0000-0x00007FF694B24000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads