xmrig | 8571a49e31dd00b866f3a611a5c8059a9088a78703f5187433825942f147a1ef

Analysis

max time kernel
110s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41e2bcd29a2e7edec035cd037f24ea60N.exe
Size

1.6MB
MD5

41e2bcd29a2e7edec035cd037f24ea60
SHA1

458b28d76b9a92529102fe4331ec4dc83f3f5344
SHA256

8571a49e31dd00b866f3a611a5c8059a9088a78703f5187433825942f147a1ef
SHA512

b74c9cbd2fb59faac1bd9d379520b92a8872594a7b158b44d65d1d07fe4754b62e68969d15509f32b6710dbe7d0c7064d48227f831245b52603e7637ab1f6e50
SSDEEP

49152:ROdWCCi7/raZ5aIwC+A8JhP70BfRORmTHul:RWWBibR

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral2/memory/1428-214-0x00007FF6329F0000-0x00007FF632D41000-memory.dmp	xmrig
behavioral2/memory/2788-244-0x00007FF771200000-0x00007FF771551000-memory.dmp	xmrig
behavioral2/memory/2184-294-0x00007FF722300000-0x00007FF722651000-memory.dmp	xmrig
behavioral2/memory/2736-330-0x00007FF63E2A0000-0x00007FF63E5F1000-memory.dmp	xmrig
behavioral2/memory/4784-389-0x00007FF615250000-0x00007FF6155A1000-memory.dmp	xmrig
behavioral2/memory/2700-393-0x00007FF765F10000-0x00007FF766261000-memory.dmp	xmrig
behavioral2/memory/3940-392-0x00007FF7165D0000-0x00007FF716921000-memory.dmp	xmrig
behavioral2/memory/748-391-0x00007FF694D50000-0x00007FF6950A1000-memory.dmp	xmrig
behavioral2/memory/4904-390-0x00007FF68FEF0000-0x00007FF690241000-memory.dmp	xmrig
behavioral2/memory/2984-385-0x00007FF646D90000-0x00007FF6470E1000-memory.dmp	xmrig
behavioral2/memory/2448-384-0x00007FF6ACFB0000-0x00007FF6AD301000-memory.dmp	xmrig
behavioral2/memory/2872-361-0x00007FF7FBC90000-0x00007FF7FBFE1000-memory.dmp	xmrig
behavioral2/memory/3712-360-0x00007FF706D00000-0x00007FF707051000-memory.dmp	xmrig
behavioral2/memory/5048-326-0x00007FF7C7C60000-0x00007FF7C7FB1000-memory.dmp	xmrig
behavioral2/memory/3636-295-0x00007FF762C80000-0x00007FF762FD1000-memory.dmp	xmrig
behavioral2/memory/3468-267-0x00007FF7BEDA0000-0x00007FF7BF0F1000-memory.dmp	xmrig
behavioral2/memory/3632-210-0x00007FF706920000-0x00007FF706C71000-memory.dmp	xmrig
behavioral2/memory/804-174-0x00007FF7FD1E0000-0x00007FF7FD531000-memory.dmp	xmrig
behavioral2/memory/4596-171-0x00007FF725E20000-0x00007FF726171000-memory.dmp	xmrig
behavioral2/memory/4012-104-0x00007FF691460000-0x00007FF6917B1000-memory.dmp	xmrig
behavioral2/memory/936-100-0x00007FF748450000-0x00007FF7487A1000-memory.dmp	xmrig
behavioral2/memory/1140-80-0x00007FF6BAA40000-0x00007FF6BAD91000-memory.dmp	xmrig
behavioral2/memory/2672-34-0x00007FF655860000-0x00007FF655BB1000-memory.dmp	xmrig
behavioral2/memory/3428-2449-0x00007FF677960000-0x00007FF677CB1000-memory.dmp	xmrig
behavioral2/memory/1524-2552-0x00007FF6C72A0000-0x00007FF6C75F1000-memory.dmp	xmrig
behavioral2/memory/3000-2557-0x00007FF6040A0000-0x00007FF6043F1000-memory.dmp	xmrig
behavioral2/memory/3000-2563-0x00007FF6040A0000-0x00007FF6043F1000-memory.dmp	xmrig
behavioral2/memory/2672-2565-0x00007FF655860000-0x00007FF655BB1000-memory.dmp	xmrig
behavioral2/memory/3844-2567-0x00007FF749910000-0x00007FF749C61000-memory.dmp	xmrig
behavioral2/memory/1524-2569-0x00007FF6C72A0000-0x00007FF6C75F1000-memory.dmp	xmrig
behavioral2/memory/1140-2571-0x00007FF6BAA40000-0x00007FF6BAD91000-memory.dmp	xmrig
behavioral2/memory/2984-2573-0x00007FF646D90000-0x00007FF6470E1000-memory.dmp	xmrig
behavioral2/memory/4012-2579-0x00007FF691460000-0x00007FF6917B1000-memory.dmp	xmrig
behavioral2/memory/1576-2575-0x00007FF7BD7B0000-0x00007FF7BDB01000-memory.dmp	xmrig
behavioral2/memory/936-2577-0x00007FF748450000-0x00007FF7487A1000-memory.dmp	xmrig
behavioral2/memory/4904-2583-0x00007FF68FEF0000-0x00007FF690241000-memory.dmp	xmrig
behavioral2/memory/804-2597-0x00007FF7FD1E0000-0x00007FF7FD531000-memory.dmp	xmrig
behavioral2/memory/3940-2607-0x00007FF7165D0000-0x00007FF716921000-memory.dmp	xmrig
behavioral2/memory/2872-2619-0x00007FF7FBC90000-0x00007FF7FBFE1000-memory.dmp	xmrig
behavioral2/memory/2700-2628-0x00007FF765F10000-0x00007FF766261000-memory.dmp	xmrig
behavioral2/memory/3712-2621-0x00007FF706D00000-0x00007FF707051000-memory.dmp	xmrig
behavioral2/memory/2736-2610-0x00007FF63E2A0000-0x00007FF63E5F1000-memory.dmp	xmrig
behavioral2/memory/2448-2616-0x00007FF6ACFB0000-0x00007FF6AD301000-memory.dmp	xmrig
behavioral2/memory/5048-2612-0x00007FF7C7C60000-0x00007FF7C7FB1000-memory.dmp	xmrig
behavioral2/memory/3468-2605-0x00007FF7BEDA0000-0x00007FF7BF0F1000-memory.dmp	xmrig
behavioral2/memory/3632-2595-0x00007FF706920000-0x00007FF706C71000-memory.dmp	xmrig
behavioral2/memory/2788-2589-0x00007FF771200000-0x00007FF771551000-memory.dmp	xmrig
behavioral2/memory/748-2587-0x00007FF694D50000-0x00007FF6950A1000-memory.dmp	xmrig
behavioral2/memory/3636-2585-0x00007FF762C80000-0x00007FF762FD1000-memory.dmp	xmrig
behavioral2/memory/4596-2603-0x00007FF725E20000-0x00007FF726171000-memory.dmp	xmrig
behavioral2/memory/1428-2601-0x00007FF6329F0000-0x00007FF632D41000-memory.dmp	xmrig
behavioral2/memory/2476-2599-0x00007FF768470000-0x00007FF7687C1000-memory.dmp	xmrig
behavioral2/memory/4784-2593-0x00007FF615250000-0x00007FF6155A1000-memory.dmp	xmrig
behavioral2/memory/2184-2591-0x00007FF722300000-0x00007FF722651000-memory.dmp	xmrig
behavioral2/memory/1848-2581-0x00007FF655570000-0x00007FF6558C1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3000	SDwNCbX.exe
3844	VeeiIqP.exe
1524	kOrsGPC.exe
1576	ubHJONR.exe
2672	VWMcRJz.exe
2984	yGCVfsq.exe
1848	DpcdBdm.exe
1140	puKPoEz.exe
936	WQjoFwr.exe
4012	SGfSenD.exe
4784	XMBrbvk.exe
4904	otJJbPb.exe
2476	JhIeqpm.exe
4596	DVDTNdg.exe
804	tNNfaKK.exe
3632	rJZLcvx.exe
1428	mUoilHe.exe
748	ZNBWUGV.exe
2788	iRYNXGs.exe
3940	YyGqNvy.exe
3468	nUVkrpf.exe
2184	PZssQnX.exe
3636	ljWsgZh.exe
5048	JLxDEqp.exe
2736	aOTpdSv.exe
3712	gfNcXor.exe
2872	EFIgmtc.exe
2448	jNqWCoe.exe
2700	cTDAVHo.exe
2888	OcmnLRN.exe
1560	uaCYlKj.exe
1996	dLpUQQk.exe
540	eFyLJEk.exe
1868	SjBmLhq.exe
4860	XrBOWQq.exe
4432	LGulNeS.exe
1460	gkuzxmS.exe
4728	LhPHHmo.exe
1512	dGYTzCe.exe
1928	BZOoMjX.exe
1204	GCoUqMo.exe
3220	bYOnkpm.exe
1148	logMcvR.exe
4496	AEnRwld.exe
1540	PNMsjgB.exe
5008	dArrKnP.exe
3556	fWgFfNv.exe
4988	cGXsDbZ.exe
3344	MvRnMzC.exe
1952	rIvulyF.exe
3696	QunTomx.exe
2144	gWxySnz.exe
3056	YJtLIEX.exe
4992	AxELilX.exe
4328	gvRsZID.exe
2636	vQCECSs.exe
3736	nlNvNuW.exe
1936	utgfvhB.exe
3004	AAfpKNg.exe
3352	CfRFrpH.exe
3260	BoKZyvz.exe
2228	fTojjAK.exe
2000	IAtgkrk.exe
4212	bHiLMfj.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3428-0-0x00007FF677960000-0x00007FF677CB1000-memory.dmp	upx
behavioral2/files/0x0008000000023492-5.dat	upx
behavioral2/files/0x0008000000023495-12.dat	upx
behavioral2/memory/3000-8-0x00007FF6040A0000-0x00007FF6043F1000-memory.dmp	upx
behavioral2/files/0x0007000000023499-11.dat	upx
behavioral2/files/0x000700000002349b-23.dat	upx
behavioral2/files/0x000700000002349c-44.dat	upx
behavioral2/files/0x00070000000234a5-72.dat	upx
behavioral2/files/0x00070000000234a1-83.dat	upx
behavioral2/files/0x00070000000234aa-122.dat	upx
behavioral2/files/0x00070000000234b5-151.dat	upx
behavioral2/memory/1428-214-0x00007FF6329F0000-0x00007FF632D41000-memory.dmp	upx
behavioral2/memory/2788-244-0x00007FF771200000-0x00007FF771551000-memory.dmp	upx
behavioral2/memory/2184-294-0x00007FF722300000-0x00007FF722651000-memory.dmp	upx
behavioral2/memory/2736-330-0x00007FF63E2A0000-0x00007FF63E5F1000-memory.dmp	upx
behavioral2/memory/4784-389-0x00007FF615250000-0x00007FF6155A1000-memory.dmp	upx
behavioral2/memory/2700-393-0x00007FF765F10000-0x00007FF766261000-memory.dmp	upx
behavioral2/memory/3940-392-0x00007FF7165D0000-0x00007FF716921000-memory.dmp	upx
behavioral2/memory/748-391-0x00007FF694D50000-0x00007FF6950A1000-memory.dmp	upx
behavioral2/memory/4904-390-0x00007FF68FEF0000-0x00007FF690241000-memory.dmp	upx
behavioral2/memory/2984-385-0x00007FF646D90000-0x00007FF6470E1000-memory.dmp	upx
behavioral2/memory/2448-384-0x00007FF6ACFB0000-0x00007FF6AD301000-memory.dmp	upx
behavioral2/memory/2872-361-0x00007FF7FBC90000-0x00007FF7FBFE1000-memory.dmp	upx
behavioral2/memory/3712-360-0x00007FF706D00000-0x00007FF707051000-memory.dmp	upx
behavioral2/memory/5048-326-0x00007FF7C7C60000-0x00007FF7C7FB1000-memory.dmp	upx
behavioral2/memory/3636-295-0x00007FF762C80000-0x00007FF762FD1000-memory.dmp	upx
behavioral2/memory/3468-267-0x00007FF7BEDA0000-0x00007FF7BF0F1000-memory.dmp	upx
behavioral2/files/0x00070000000234bd-196.dat	upx
behavioral2/files/0x00070000000234b6-190.dat	upx
behavioral2/files/0x00070000000234ab-188.dat	upx
behavioral2/files/0x00070000000234bc-187.dat	upx
behavioral2/files/0x00070000000234b3-181.dat	upx
behavioral2/memory/3632-210-0x00007FF706920000-0x00007FF706C71000-memory.dmp	upx
behavioral2/memory/804-174-0x00007FF7FD1E0000-0x00007FF7FD531000-memory.dmp	upx
behavioral2/memory/4596-171-0x00007FF725E20000-0x00007FF726171000-memory.dmp	upx
behavioral2/files/0x00070000000234b8-165.dat	upx
behavioral2/files/0x00070000000234ad-161.dat	upx
behavioral2/files/0x00070000000234b7-160.dat	upx
behavioral2/files/0x00070000000234a8-157.dat	upx
behavioral2/files/0x00070000000234bb-177.dat	upx
behavioral2/memory/2476-147-0x00007FF768470000-0x00007FF7687C1000-memory.dmp	upx
behavioral2/files/0x00070000000234ba-170.dat	upx
behavioral2/files/0x00070000000234b2-144.dat	upx
behavioral2/files/0x00070000000234b9-169.dat	upx
behavioral2/files/0x00070000000234b1-143.dat	upx
behavioral2/files/0x00070000000234b0-142.dat	upx
behavioral2/files/0x00070000000234af-141.dat	upx
behavioral2/files/0x00070000000234a9-137.dat	upx
behavioral2/files/0x00070000000234ac-131.dat	upx
behavioral2/files/0x00070000000234a7-128.dat	upx
behavioral2/files/0x00070000000234a6-118.dat	upx
behavioral2/files/0x00070000000234b4-150.dat	upx
behavioral2/files/0x00070000000234a4-107.dat	upx
behavioral2/memory/4012-104-0x00007FF691460000-0x00007FF6917B1000-memory.dmp	upx
behavioral2/files/0x00070000000234a3-103.dat	upx
behavioral2/files/0x00070000000234a2-95.dat	upx
behavioral2/files/0x00070000000234ae-136.dat	upx
behavioral2/files/0x000700000002349e-89.dat	upx
behavioral2/memory/936-100-0x00007FF748450000-0x00007FF7487A1000-memory.dmp	upx
behavioral2/files/0x000700000002349d-74.dat	upx
behavioral2/memory/1140-80-0x00007FF6BAA40000-0x00007FF6BAD91000-memory.dmp	upx
behavioral2/memory/1848-66-0x00007FF655570000-0x00007FF6558C1000-memory.dmp	upx
behavioral2/memory/1576-61-0x00007FF7BD7B0000-0x00007FF7BDB01000-memory.dmp	upx
behavioral2/files/0x00070000000234a0-58.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eYUHbUK.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\woRvRYL.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\lIAVSyp.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\oLiYdiW.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\egMqpxL.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\OryLPBU.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\PeSegyA.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\IhgZDQu.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\cdRXJqY.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\NTSomvP.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\AwGbkSP.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\QouoNtF.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\TWbErgN.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\ZuxUiDy.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\GSiGLNM.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\nWcbIiN.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\iRYNXGs.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\zVlYAwj.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\PegoQQz.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\OQLMQlu.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\pudNTOR.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\HovhjZG.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\vkxATzs.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\QkvctNi.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\wLTUydl.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\lAVMJsC.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\gJVjJNQ.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\MMrMPWW.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\FEZQGkn.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\mfLKniG.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\LHHmMNC.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\KwdkAKH.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\GXcxHyX.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\VStKVRQ.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\RyoGGJu.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\KoQzDPQ.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\OsaSXzH.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\LoGDZCl.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\OcmnLRN.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\DCTLquR.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\DkPALKC.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\OuOLRoN.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\lGkDePs.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\yomtoHc.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\bFgxICf.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\cFSyGpG.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\FjyuiTC.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\UbEoxHa.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\ubHJONR.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\jZzBGfp.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\QnmnDLM.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\tHRUJtL.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\AxjCIAT.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\THzqzOk.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\NxpckfG.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\QunTomx.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\kMnImmb.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\FsrkTtJ.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\WXHxojT.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\KvmVBpA.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\EveJkSB.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\otKWlpg.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\CVVFMti.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe
File created	C:\Windows\System\ZOYNlSR.exe	41e2bcd29a2e7edec035cd037f24ea60N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14956	dwm.exe
Token: SeChangeNotifyPrivilege	14956	dwm.exe
Token: 33	14956	dwm.exe
Token: SeIncBasePriorityPrivilege	14956	dwm.exe
Token: SeCreateGlobalPrivilege	14624	dwm.exe
Token: SeChangeNotifyPrivilege	14624	dwm.exe
Token: 33	14624	dwm.exe
Token: SeIncBasePriorityPrivilege	14624	dwm.exe
Token: SeShutdownPrivilege	14624	dwm.exe
Token: SeCreatePagefilePrivilege	14624	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
11316	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 3000	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	85
PID 3428 wrote to memory of 3000	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	85
PID 3428 wrote to memory of 1524	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	86
PID 3428 wrote to memory of 1524	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	86
PID 3428 wrote to memory of 3844	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	87
PID 3428 wrote to memory of 3844	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	87
PID 3428 wrote to memory of 1576	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	88
PID 3428 wrote to memory of 1576	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	88
PID 3428 wrote to memory of 2672	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	89
PID 3428 wrote to memory of 2672	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	89
PID 3428 wrote to memory of 1140	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	90
PID 3428 wrote to memory of 1140	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	90
PID 3428 wrote to memory of 2984	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	91
PID 3428 wrote to memory of 2984	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	91
PID 3428 wrote to memory of 1848	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	92
PID 3428 wrote to memory of 1848	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	92
PID 3428 wrote to memory of 936	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	93
PID 3428 wrote to memory of 936	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	93
PID 3428 wrote to memory of 4012	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	94
PID 3428 wrote to memory of 4012	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	94
PID 3428 wrote to memory of 4784	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	95
PID 3428 wrote to memory of 4784	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	95
PID 3428 wrote to memory of 4904	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	96
PID 3428 wrote to memory of 4904	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	96
PID 3428 wrote to memory of 2476	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	97
PID 3428 wrote to memory of 2476	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	97
PID 3428 wrote to memory of 4596	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	98
PID 3428 wrote to memory of 4596	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	98
PID 3428 wrote to memory of 804	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	99
PID 3428 wrote to memory of 804	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	99
PID 3428 wrote to memory of 3632	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	100
PID 3428 wrote to memory of 3632	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	100
PID 3428 wrote to memory of 1428	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	101
PID 3428 wrote to memory of 1428	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	101
PID 3428 wrote to memory of 748	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	102
PID 3428 wrote to memory of 748	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	102
PID 3428 wrote to memory of 2788	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	103
PID 3428 wrote to memory of 2788	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	103
PID 3428 wrote to memory of 3940	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	104
PID 3428 wrote to memory of 3940	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	104
PID 3428 wrote to memory of 3468	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	105
PID 3428 wrote to memory of 3468	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	105
PID 3428 wrote to memory of 2184	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	106
PID 3428 wrote to memory of 2184	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	106
PID 3428 wrote to memory of 3636	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	107
PID 3428 wrote to memory of 3636	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	107
PID 3428 wrote to memory of 5048	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	108
PID 3428 wrote to memory of 5048	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	108
PID 3428 wrote to memory of 2736	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	109
PID 3428 wrote to memory of 2736	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	109
PID 3428 wrote to memory of 3712	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	110
PID 3428 wrote to memory of 3712	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	110
PID 3428 wrote to memory of 2872	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	111
PID 3428 wrote to memory of 2872	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	111
PID 3428 wrote to memory of 2448	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	112
PID 3428 wrote to memory of 2448	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	112
PID 3428 wrote to memory of 1460	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	113
PID 3428 wrote to memory of 1460	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	113
PID 3428 wrote to memory of 2700	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	114
PID 3428 wrote to memory of 2700	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	114
PID 3428 wrote to memory of 2888	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	115
PID 3428 wrote to memory of 2888	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	115
PID 3428 wrote to memory of 1560	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	116
PID 3428 wrote to memory of 1560	3428	41e2bcd29a2e7edec035cd037f24ea60N.exe	116

C:\Users\Admin\AppData\Local\Temp\41e2bcd29a2e7edec035cd037f24ea60N.exe
"C:\Users\Admin\AppData\Local\Temp\41e2bcd29a2e7edec035cd037f24ea60N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Windows\System\SDwNCbX.exe
  C:\Windows\System\SDwNCbX.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\kOrsGPC.exe
  C:\Windows\System\kOrsGPC.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\VeeiIqP.exe
  C:\Windows\System\VeeiIqP.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\ubHJONR.exe
  C:\Windows\System\ubHJONR.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\VWMcRJz.exe
  C:\Windows\System\VWMcRJz.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\puKPoEz.exe
  C:\Windows\System\puKPoEz.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\yGCVfsq.exe
  C:\Windows\System\yGCVfsq.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\DpcdBdm.exe
  C:\Windows\System\DpcdBdm.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\WQjoFwr.exe
  C:\Windows\System\WQjoFwr.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\SGfSenD.exe
  C:\Windows\System\SGfSenD.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\XMBrbvk.exe
  C:\Windows\System\XMBrbvk.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\otJJbPb.exe
  C:\Windows\System\otJJbPb.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\JhIeqpm.exe
  C:\Windows\System\JhIeqpm.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\DVDTNdg.exe
  C:\Windows\System\DVDTNdg.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\tNNfaKK.exe
  C:\Windows\System\tNNfaKK.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\rJZLcvx.exe
  C:\Windows\System\rJZLcvx.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\mUoilHe.exe
  C:\Windows\System\mUoilHe.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\ZNBWUGV.exe
  C:\Windows\System\ZNBWUGV.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\iRYNXGs.exe
  C:\Windows\System\iRYNXGs.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\YyGqNvy.exe
  C:\Windows\System\YyGqNvy.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\nUVkrpf.exe
  C:\Windows\System\nUVkrpf.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\PZssQnX.exe
  C:\Windows\System\PZssQnX.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\ljWsgZh.exe
  C:\Windows\System\ljWsgZh.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\JLxDEqp.exe
  C:\Windows\System\JLxDEqp.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\aOTpdSv.exe
  C:\Windows\System\aOTpdSv.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\gfNcXor.exe
  C:\Windows\System\gfNcXor.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\EFIgmtc.exe
  C:\Windows\System\EFIgmtc.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\jNqWCoe.exe
  C:\Windows\System\jNqWCoe.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\gkuzxmS.exe
  C:\Windows\System\gkuzxmS.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\cTDAVHo.exe
  C:\Windows\System\cTDAVHo.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\OcmnLRN.exe
  C:\Windows\System\OcmnLRN.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\uaCYlKj.exe
  C:\Windows\System\uaCYlKj.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\dLpUQQk.exe
  C:\Windows\System\dLpUQQk.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\eFyLJEk.exe
  C:\Windows\System\eFyLJEk.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\SjBmLhq.exe
  C:\Windows\System\SjBmLhq.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\XrBOWQq.exe
  C:\Windows\System\XrBOWQq.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\LGulNeS.exe
  C:\Windows\System\LGulNeS.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\LhPHHmo.exe
  C:\Windows\System\LhPHHmo.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\dGYTzCe.exe
  C:\Windows\System\dGYTzCe.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\BZOoMjX.exe
  C:\Windows\System\BZOoMjX.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\GCoUqMo.exe
  C:\Windows\System\GCoUqMo.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\bYOnkpm.exe
  C:\Windows\System\bYOnkpm.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\logMcvR.exe
  C:\Windows\System\logMcvR.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\AEnRwld.exe
  C:\Windows\System\AEnRwld.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\PNMsjgB.exe
  C:\Windows\System\PNMsjgB.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\dArrKnP.exe
  C:\Windows\System\dArrKnP.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\fWgFfNv.exe
  C:\Windows\System\fWgFfNv.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\cGXsDbZ.exe
  C:\Windows\System\cGXsDbZ.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\MvRnMzC.exe
  C:\Windows\System\MvRnMzC.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\rIvulyF.exe
  C:\Windows\System\rIvulyF.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\QunTomx.exe
  C:\Windows\System\QunTomx.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\gWxySnz.exe
  C:\Windows\System\gWxySnz.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\YJtLIEX.exe
  C:\Windows\System\YJtLIEX.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\fTojjAK.exe
  C:\Windows\System\fTojjAK.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\AxELilX.exe
  C:\Windows\System\AxELilX.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\gvRsZID.exe
  C:\Windows\System\gvRsZID.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\vQCECSs.exe
  C:\Windows\System\vQCECSs.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\nlNvNuW.exe
  C:\Windows\System\nlNvNuW.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\utgfvhB.exe
  C:\Windows\System\utgfvhB.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\AAfpKNg.exe
  C:\Windows\System\AAfpKNg.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\CfRFrpH.exe
  C:\Windows\System\CfRFrpH.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\BoKZyvz.exe
  C:\Windows\System\BoKZyvz.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\IAtgkrk.exe
  C:\Windows\System\IAtgkrk.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\bHiLMfj.exe
  C:\Windows\System\bHiLMfj.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\QpyMVQD.exe
  C:\Windows\System\QpyMVQD.exe
  2⤵
  PID:4400
- C:\Windows\System\xIYZYuK.exe
  C:\Windows\System\xIYZYuK.exe
  2⤵
  PID:5084
- C:\Windows\System\MwRuZxt.exe
  C:\Windows\System\MwRuZxt.exe
  2⤵
  PID:516
- C:\Windows\System\ryTETDh.exe
  C:\Windows\System\ryTETDh.exe
  2⤵
  PID:4436
- C:\Windows\System\FdtfEXo.exe
  C:\Windows\System\FdtfEXo.exe
  2⤵
  PID:468
- C:\Windows\System\AvTqvzb.exe
  C:\Windows\System\AvTqvzb.exe
  2⤵
  PID:3308
- C:\Windows\System\bklHQeu.exe
  C:\Windows\System\bklHQeu.exe
  2⤵
  PID:3936
- C:\Windows\System\jroAtXS.exe
  C:\Windows\System\jroAtXS.exe
  2⤵
  PID:1676
- C:\Windows\System\GptkDlH.exe
  C:\Windows\System\GptkDlH.exe
  2⤵
  PID:4332
- C:\Windows\System\SDERLIK.exe
  C:\Windows\System\SDERLIK.exe
  2⤵
  PID:5132
- C:\Windows\System\ImfewfB.exe
  C:\Windows\System\ImfewfB.exe
  2⤵
  PID:5164
- C:\Windows\System\GptzOqW.exe
  C:\Windows\System\GptzOqW.exe
  2⤵
  PID:5180
- C:\Windows\System\GsPgYLF.exe
  C:\Windows\System\GsPgYLF.exe
  2⤵
  PID:5236
- C:\Windows\System\rHzyFJG.exe
  C:\Windows\System\rHzyFJG.exe
  2⤵
  PID:5260
- C:\Windows\System\KwdkAKH.exe
  C:\Windows\System\KwdkAKH.exe
  2⤵
  PID:5284
- C:\Windows\System\XbslCwN.exe
  C:\Windows\System\XbslCwN.exe
  2⤵
  PID:5316
- C:\Windows\System\sinhPFd.exe
  C:\Windows\System\sinhPFd.exe
  2⤵
  PID:5400
- C:\Windows\System\ccNufFv.exe
  C:\Windows\System\ccNufFv.exe
  2⤵
  PID:5416
- C:\Windows\System\RBNOPQm.exe
  C:\Windows\System\RBNOPQm.exe
  2⤵
  PID:5444
- C:\Windows\System\SgpSOgo.exe
  C:\Windows\System\SgpSOgo.exe
  2⤵
  PID:5460
- C:\Windows\System\InQemDx.exe
  C:\Windows\System\InQemDx.exe
  2⤵
  PID:5476
- C:\Windows\System\xSViFWS.exe
  C:\Windows\System\xSViFWS.exe
  2⤵
  PID:5500
- C:\Windows\System\oOiOtFx.exe
  C:\Windows\System\oOiOtFx.exe
  2⤵
  PID:5520
- C:\Windows\System\syvnRxe.exe
  C:\Windows\System\syvnRxe.exe
  2⤵
  PID:5536
- C:\Windows\System\yzXBDYu.exe
  C:\Windows\System\yzXBDYu.exe
  2⤵
  PID:5552
- C:\Windows\System\btCUifB.exe
  C:\Windows\System\btCUifB.exe
  2⤵
  PID:5568
- C:\Windows\System\pNylxaf.exe
  C:\Windows\System\pNylxaf.exe
  2⤵
  PID:5588
- C:\Windows\System\yigrZAN.exe
  C:\Windows\System\yigrZAN.exe
  2⤵
  PID:5616
- C:\Windows\System\PMUxvlm.exe
  C:\Windows\System\PMUxvlm.exe
  2⤵
  PID:5636
- C:\Windows\System\ZDcSVJS.exe
  C:\Windows\System\ZDcSVJS.exe
  2⤵
  PID:5652
- C:\Windows\System\ACXfjhV.exe
  C:\Windows\System\ACXfjhV.exe
  2⤵
  PID:5680
- C:\Windows\System\YnfYSXr.exe
  C:\Windows\System\YnfYSXr.exe
  2⤵
  PID:5700
- C:\Windows\System\JbqXDEg.exe
  C:\Windows\System\JbqXDEg.exe
  2⤵
  PID:5724
- C:\Windows\System\imElybl.exe
  C:\Windows\System\imElybl.exe
  2⤵
  PID:5740
- C:\Windows\System\MsgPYgp.exe
  C:\Windows\System\MsgPYgp.exe
  2⤵
  PID:5764
- C:\Windows\System\yotxKlG.exe
  C:\Windows\System\yotxKlG.exe
  2⤵
  PID:5788
- C:\Windows\System\AzNsmiK.exe
  C:\Windows\System\AzNsmiK.exe
  2⤵
  PID:5916
- C:\Windows\System\YUGzcfc.exe
  C:\Windows\System\YUGzcfc.exe
  2⤵
  PID:5932
- C:\Windows\System\HTXsmFw.exe
  C:\Windows\System\HTXsmFw.exe
  2⤵
  PID:5952
- C:\Windows\System\QjRBbyn.exe
  C:\Windows\System\QjRBbyn.exe
  2⤵
  PID:5980
- C:\Windows\System\hfbaOtx.exe
  C:\Windows\System\hfbaOtx.exe
  2⤵
  PID:6016
- C:\Windows\System\IaUGnFn.exe
  C:\Windows\System\IaUGnFn.exe
  2⤵
  PID:6032
- C:\Windows\System\QfvTTVs.exe
  C:\Windows\System\QfvTTVs.exe
  2⤵
  PID:6056
- C:\Windows\System\OYcRBJp.exe
  C:\Windows\System\OYcRBJp.exe
  2⤵
  PID:6080
- C:\Windows\System\nbjHhuF.exe
  C:\Windows\System\nbjHhuF.exe
  2⤵
  PID:6100
- C:\Windows\System\BHjQzUT.exe
  C:\Windows\System\BHjQzUT.exe
  2⤵
  PID:5296
- C:\Windows\System\mvkyQzQ.exe
  C:\Windows\System\mvkyQzQ.exe
  2⤵
  PID:5720
- C:\Windows\System\BIBdemz.exe
  C:\Windows\System\BIBdemz.exe
  2⤵
  PID:5780
- C:\Windows\System\omqilEN.exe
  C:\Windows\System\omqilEN.exe
  2⤵
  PID:5848
- C:\Windows\System\CtvnDpn.exe
  C:\Windows\System\CtvnDpn.exe
  2⤵
  PID:2304
- C:\Windows\System\StXiMcU.exe
  C:\Windows\System\StXiMcU.exe
  2⤵
  PID:5928
- C:\Windows\System\hKqHbaM.exe
  C:\Windows\System\hKqHbaM.exe
  2⤵
  PID:5988
- C:\Windows\System\axadUEs.exe
  C:\Windows\System\axadUEs.exe
  2⤵
  PID:6048
- C:\Windows\System\AtARfKd.exe
  C:\Windows\System\AtARfKd.exe
  2⤵
  PID:6140
- C:\Windows\System\zbVYPqN.exe
  C:\Windows\System\zbVYPqN.exe
  2⤵
  PID:4484
- C:\Windows\System\VtXMBzA.exe
  C:\Windows\System\VtXMBzA.exe
  2⤵
  PID:1568
- C:\Windows\System\rZieQkN.exe
  C:\Windows\System\rZieQkN.exe
  2⤵
  PID:1144
- C:\Windows\System\ckXWivy.exe
  C:\Windows\System\ckXWivy.exe
  2⤵
  PID:5148
- C:\Windows\System\wBzuIpr.exe
  C:\Windows\System\wBzuIpr.exe
  2⤵
  PID:5716
- C:\Windows\System\rkNBqiE.exe
  C:\Windows\System\rkNBqiE.exe
  2⤵
  PID:5228
- C:\Windows\System\YCShSXA.exe
  C:\Windows\System\YCShSXA.exe
  2⤵
  PID:5280
- C:\Windows\System\GXcxHyX.exe
  C:\Windows\System\GXcxHyX.exe
  2⤵
  PID:5364
- C:\Windows\System\vkkdUKk.exe
  C:\Windows\System\vkkdUKk.exe
  2⤵
  PID:1604
- C:\Windows\System\dFNLXuu.exe
  C:\Windows\System\dFNLXuu.exe
  2⤵
  PID:1016
- C:\Windows\System\NTSomvP.exe
  C:\Windows\System\NTSomvP.exe
  2⤵
  PID:4404
- C:\Windows\System\QbhMlsI.exe
  C:\Windows\System\QbhMlsI.exe
  2⤵
  PID:3572
- C:\Windows\System\lbUAXEp.exe
  C:\Windows\System\lbUAXEp.exe
  2⤵
  PID:2628
- C:\Windows\System\ENpsbXF.exe
  C:\Windows\System\ENpsbXF.exe
  2⤵
  PID:1116
- C:\Windows\System\zrFdrtf.exe
  C:\Windows\System\zrFdrtf.exe
  2⤵
  PID:2308
- C:\Windows\System\bTNSrLH.exe
  C:\Windows\System\bTNSrLH.exe
  2⤵
  PID:1816
- C:\Windows\System\tdkGUbi.exe
  C:\Windows\System\tdkGUbi.exe
  2⤵
  PID:2728
- C:\Windows\System\AwGbkSP.exe
  C:\Windows\System\AwGbkSP.exe
  2⤵
  PID:3028
- C:\Windows\System\BlRwfOa.exe
  C:\Windows\System\BlRwfOa.exe
  2⤵
  PID:3756
- C:\Windows\System\sKgPsWy.exe
  C:\Windows\System\sKgPsWy.exe
  2⤵
  PID:4592
- C:\Windows\System\cOdZFWn.exe
  C:\Windows\System\cOdZFWn.exe
  2⤵
  PID:1628
- C:\Windows\System\cMaQEKp.exe
  C:\Windows\System\cMaQEKp.exe
  2⤵
  PID:5896
- C:\Windows\System\aVcNdBp.exe
  C:\Windows\System\aVcNdBp.exe
  2⤵
  PID:2852
- C:\Windows\System\XiIBYbn.exe
  C:\Windows\System\XiIBYbn.exe
  2⤵
  PID:2060
- C:\Windows\System\bGjJkbc.exe
  C:\Windows\System\bGjJkbc.exe
  2⤵
  PID:1832
- C:\Windows\System\yhvmzxS.exe
  C:\Windows\System\yhvmzxS.exe
  2⤵
  PID:6128
- C:\Windows\System\JoLUmgY.exe
  C:\Windows\System\JoLUmgY.exe
  2⤵
  PID:1220
- C:\Windows\System\WQxJtMu.exe
  C:\Windows\System\WQxJtMu.exe
  2⤵
  PID:116
- C:\Windows\System\HTEiriN.exe
  C:\Windows\System\HTEiriN.exe
  2⤵
  PID:1096
- C:\Windows\System\NZlICuI.exe
  C:\Windows\System\NZlICuI.exe
  2⤵
  PID:4620
- C:\Windows\System\TcWXQVw.exe
  C:\Windows\System\TcWXQVw.exe
  2⤵
  PID:400
- C:\Windows\System\kKwJsvk.exe
  C:\Windows\System\kKwJsvk.exe
  2⤵
  PID:5544
- C:\Windows\System\mhYdwfI.exe
  C:\Windows\System\mhYdwfI.exe
  2⤵
  PID:4616
- C:\Windows\System\kHQJKNY.exe
  C:\Windows\System\kHQJKNY.exe
  2⤵
  PID:4612
- C:\Windows\System\jZzBGfp.exe
  C:\Windows\System\jZzBGfp.exe
  2⤵
  PID:5960
- C:\Windows\System\BlaDCCf.exe
  C:\Windows\System\BlaDCCf.exe
  2⤵
  PID:212
- C:\Windows\System\deXMQMb.exe
  C:\Windows\System\deXMQMb.exe
  2⤵
  PID:6076
- C:\Windows\System\pOmxiJj.exe
  C:\Windows\System\pOmxiJj.exe
  2⤵
  PID:3680
- C:\Windows\System\ptEhOrv.exe
  C:\Windows\System\ptEhOrv.exe
  2⤵
  PID:5144
- C:\Windows\System\GSiGLNM.exe
  C:\Windows\System\GSiGLNM.exe
  2⤵
  PID:4388
- C:\Windows\System\pxJgSud.exe
  C:\Windows\System\pxJgSud.exe
  2⤵
  PID:5408
- C:\Windows\System\YJgQwwc.exe
  C:\Windows\System\YJgQwwc.exe
  2⤵
  PID:1084
- C:\Windows\System\JuVPbGb.exe
  C:\Windows\System\JuVPbGb.exe
  2⤵
  PID:1008
- C:\Windows\System\AUoGDkv.exe
  C:\Windows\System\AUoGDkv.exe
  2⤵
  PID:2408
- C:\Windows\System\AGafJfq.exe
  C:\Windows\System\AGafJfq.exe
  2⤵
  PID:4044
- C:\Windows\System\dBdahYt.exe
  C:\Windows\System\dBdahYt.exe
  2⤵
  PID:5600
- C:\Windows\System\yZTlvqc.exe
  C:\Windows\System\yZTlvqc.exe
  2⤵
  PID:2040
- C:\Windows\System\hGzrMCz.exe
  C:\Windows\System\hGzrMCz.exe
  2⤵
  PID:4180
- C:\Windows\System\dxsNWKR.exe
  C:\Windows\System\dxsNWKR.exe
  2⤵
  PID:4536
- C:\Windows\System\NavxnoB.exe
  C:\Windows\System\NavxnoB.exe
  2⤵
  PID:3700
- C:\Windows\System\FXLpnEq.exe
  C:\Windows\System\FXLpnEq.exe
  2⤵
  PID:4364
- C:\Windows\System\LdaUfsu.exe
  C:\Windows\System\LdaUfsu.exe
  2⤵
  PID:1760
- C:\Windows\System\xDWBCDQ.exe
  C:\Windows\System\xDWBCDQ.exe
  2⤵
  PID:1620
- C:\Windows\System\EveJkSB.exe
  C:\Windows\System\EveJkSB.exe
  2⤵
  PID:848
- C:\Windows\System\BmwieIN.exe
  C:\Windows\System\BmwieIN.exe
  2⤵
  PID:5128
- C:\Windows\System\plBJfnK.exe
  C:\Windows\System\plBJfnK.exe
  2⤵
  PID:2724
- C:\Windows\System\OfAwcTM.exe
  C:\Windows\System\OfAwcTM.exe
  2⤵
  PID:464
- C:\Windows\System\VYdxaNC.exe
  C:\Windows\System\VYdxaNC.exe
  2⤵
  PID:5388
- C:\Windows\System\UeEJwGD.exe
  C:\Windows\System\UeEJwGD.exe
  2⤵
  PID:3084
- C:\Windows\System\GYGcRID.exe
  C:\Windows\System\GYGcRID.exe
  2⤵
  PID:6160
- C:\Windows\System\zSWEANM.exe
  C:\Windows\System\zSWEANM.exe
  2⤵
  PID:6184
- C:\Windows\System\OFxcRvU.exe
  C:\Windows\System\OFxcRvU.exe
  2⤵
  PID:6216
- C:\Windows\System\jTVIxXV.exe
  C:\Windows\System\jTVIxXV.exe
  2⤵
  PID:6236
- C:\Windows\System\SgVURRf.exe
  C:\Windows\System\SgVURRf.exe
  2⤵
  PID:6260
- C:\Windows\System\emiOjMu.exe
  C:\Windows\System\emiOjMu.exe
  2⤵
  PID:6288
- C:\Windows\System\kMnImmb.exe
  C:\Windows\System\kMnImmb.exe
  2⤵
  PID:6324
- C:\Windows\System\YmHthQp.exe
  C:\Windows\System\YmHthQp.exe
  2⤵
  PID:6340
- C:\Windows\System\zVlYAwj.exe
  C:\Windows\System\zVlYAwj.exe
  2⤵
  PID:6360
- C:\Windows\System\cjKpRYJ.exe
  C:\Windows\System\cjKpRYJ.exe
  2⤵
  PID:6380
- C:\Windows\System\eocVlRo.exe
  C:\Windows\System\eocVlRo.exe
  2⤵
  PID:6400
- C:\Windows\System\pmKjxeV.exe
  C:\Windows\System\pmKjxeV.exe
  2⤵
  PID:6416
- C:\Windows\System\revnuGi.exe
  C:\Windows\System\revnuGi.exe
  2⤵
  PID:6436
- C:\Windows\System\KApBqib.exe
  C:\Windows\System\KApBqib.exe
  2⤵
  PID:6460
- C:\Windows\System\GwMCnNZ.exe
  C:\Windows\System\GwMCnNZ.exe
  2⤵
  PID:6488
- C:\Windows\System\PwTYVsm.exe
  C:\Windows\System\PwTYVsm.exe
  2⤵
  PID:6504
- C:\Windows\System\WhtmCta.exe
  C:\Windows\System\WhtmCta.exe
  2⤵
  PID:6524
- C:\Windows\System\IwCFEWe.exe
  C:\Windows\System\IwCFEWe.exe
  2⤵
  PID:6548
- C:\Windows\System\RAoZwtA.exe
  C:\Windows\System\RAoZwtA.exe
  2⤵
  PID:6572
- C:\Windows\System\rSJyGeT.exe
  C:\Windows\System\rSJyGeT.exe
  2⤵
  PID:6592
- C:\Windows\System\iTomWxt.exe
  C:\Windows\System\iTomWxt.exe
  2⤵
  PID:6616
- C:\Windows\System\vGBqJMh.exe
  C:\Windows\System\vGBqJMh.exe
  2⤵
  PID:6636
- C:\Windows\System\IinggTV.exe
  C:\Windows\System\IinggTV.exe
  2⤵
  PID:6656
- C:\Windows\System\VlptRaw.exe
  C:\Windows\System\VlptRaw.exe
  2⤵
  PID:6684
- C:\Windows\System\JiXwKnv.exe
  C:\Windows\System\JiXwKnv.exe
  2⤵
  PID:6724
- C:\Windows\System\KrJuOCp.exe
  C:\Windows\System\KrJuOCp.exe
  2⤵
  PID:6752
- C:\Windows\System\mPAfgMq.exe
  C:\Windows\System\mPAfgMq.exe
  2⤵
  PID:6780
- C:\Windows\System\jHJxTem.exe
  C:\Windows\System\jHJxTem.exe
  2⤵
  PID:6816
- C:\Windows\System\jwicAvo.exe
  C:\Windows\System\jwicAvo.exe
  2⤵
  PID:6840
- C:\Windows\System\pAeDLqY.exe
  C:\Windows\System\pAeDLqY.exe
  2⤵
  PID:6864
- C:\Windows\System\iSFRhqr.exe
  C:\Windows\System\iSFRhqr.exe
  2⤵
  PID:6884
- C:\Windows\System\bZcjcBN.exe
  C:\Windows\System\bZcjcBN.exe
  2⤵
  PID:6900
- C:\Windows\System\aNXDrmm.exe
  C:\Windows\System\aNXDrmm.exe
  2⤵
  PID:6924
- C:\Windows\System\nqnlwHR.exe
  C:\Windows\System\nqnlwHR.exe
  2⤵
  PID:6952
- C:\Windows\System\omWFgWE.exe
  C:\Windows\System\omWFgWE.exe
  2⤵
  PID:6976
- C:\Windows\System\JafirPA.exe
  C:\Windows\System\JafirPA.exe
  2⤵
  PID:6996
- C:\Windows\System\kWnUxZl.exe
  C:\Windows\System\kWnUxZl.exe
  2⤵
  PID:7016
- C:\Windows\System\lLuxlKX.exe
  C:\Windows\System\lLuxlKX.exe
  2⤵
  PID:7040
- C:\Windows\System\iZsyfLn.exe
  C:\Windows\System\iZsyfLn.exe
  2⤵
  PID:7064
- C:\Windows\System\naVWAgm.exe
  C:\Windows\System\naVWAgm.exe
  2⤵
  PID:7084
- C:\Windows\System\xTcUthq.exe
  C:\Windows\System\xTcUthq.exe
  2⤵
  PID:7108
- C:\Windows\System\CBPSbZY.exe
  C:\Windows\System\CBPSbZY.exe
  2⤵
  PID:7128
- C:\Windows\System\waKUudk.exe
  C:\Windows\System\waKUudk.exe
  2⤵
  PID:7148
- C:\Windows\System\pgwYZSK.exe
  C:\Windows\System\pgwYZSK.exe
  2⤵
  PID:4932
- C:\Windows\System\ShtRjOU.exe
  C:\Windows\System\ShtRjOU.exe
  2⤵
  PID:6028
- C:\Windows\System\HicFDNE.exe
  C:\Windows\System\HicFDNE.exe
  2⤵
  PID:2380
- C:\Windows\System\xlAqZYG.exe
  C:\Windows\System\xlAqZYG.exe
  2⤵
  PID:5692
- C:\Windows\System\gFkAhZW.exe
  C:\Windows\System\gFkAhZW.exe
  2⤵
  PID:5732
- C:\Windows\System\tQvpdia.exe
  C:\Windows\System\tQvpdia.exe
  2⤵
  PID:4648
- C:\Windows\System\yNTabxr.exe
  C:\Windows\System\yNTabxr.exe
  2⤵
  PID:6172
- C:\Windows\System\ciKLZlw.exe
  C:\Windows\System\ciKLZlw.exe
  2⤵
  PID:3880
- C:\Windows\System\XxQloNe.exe
  C:\Windows\System\XxQloNe.exe
  2⤵
  PID:6356
- C:\Windows\System\awwDlWV.exe
  C:\Windows\System\awwDlWV.exe
  2⤵
  PID:6428
- C:\Windows\System\XGBLhFt.exe
  C:\Windows\System\XGBLhFt.exe
  2⤵
  PID:6500
- C:\Windows\System\bjgkXVH.exe
  C:\Windows\System\bjgkXVH.exe
  2⤵
  PID:6544
- C:\Windows\System\EncQiYB.exe
  C:\Windows\System\EncQiYB.exe
  2⤵
  PID:6224
- C:\Windows\System\NWGvCGB.exe
  C:\Windows\System\NWGvCGB.exe
  2⤵
  PID:6692
- C:\Windows\System\XRMVpkK.exe
  C:\Windows\System\XRMVpkK.exe
  2⤵
  PID:6748
- C:\Windows\System\bSdiNpQ.exe
  C:\Windows\System\bSdiNpQ.exe
  2⤵
  PID:6368
- C:\Windows\System\ekVOYNz.exe
  C:\Windows\System\ekVOYNz.exe
  2⤵
  PID:6480
- C:\Windows\System\JyfnYPR.exe
  C:\Windows\System\JyfnYPR.exe
  2⤵
  PID:6568
- C:\Windows\System\VStKVRQ.exe
  C:\Windows\System\VStKVRQ.exe
  2⤵
  PID:6600
- C:\Windows\System\OZxYxrW.exe
  C:\Windows\System\OZxYxrW.exe
  2⤵
  PID:6632
- C:\Windows\System\rpAFBaU.exe
  C:\Windows\System\rpAFBaU.exe
  2⤵
  PID:6992
- C:\Windows\System\xIQvDKP.exe
  C:\Windows\System\xIQvDKP.exe
  2⤵
  PID:7048
- C:\Windows\System\CQQkRDZ.exe
  C:\Windows\System\CQQkRDZ.exe
  2⤵
  PID:6704
- C:\Windows\System\nnRXuCz.exe
  C:\Windows\System\nnRXuCz.exe
  2⤵
  PID:6760
- C:\Windows\System\BScjPLM.exe
  C:\Windows\System\BScjPLM.exe
  2⤵
  PID:1432
- C:\Windows\System\bFSUhSo.exe
  C:\Windows\System\bFSUhSo.exe
  2⤵
  PID:6828
- C:\Windows\System\doBIKca.exe
  C:\Windows\System\doBIKca.exe
  2⤵
  PID:7184
- C:\Windows\System\KCfiLNf.exe
  C:\Windows\System\KCfiLNf.exe
  2⤵
  PID:7208
- C:\Windows\System\xjOwIqg.exe
  C:\Windows\System\xjOwIqg.exe
  2⤵
  PID:7228
- C:\Windows\System\ALVdOJB.exe
  C:\Windows\System\ALVdOJB.exe
  2⤵
  PID:7248
- C:\Windows\System\qvAOObp.exe
  C:\Windows\System\qvAOObp.exe
  2⤵
  PID:7264
- C:\Windows\System\egMqpxL.exe
  C:\Windows\System\egMqpxL.exe
  2⤵
  PID:7284
- C:\Windows\System\QnmnDLM.exe
  C:\Windows\System\QnmnDLM.exe
  2⤵
  PID:7308
- C:\Windows\System\ERyxkAg.exe
  C:\Windows\System\ERyxkAg.exe
  2⤵
  PID:7332
- C:\Windows\System\OUvXagy.exe
  C:\Windows\System\OUvXagy.exe
  2⤵
  PID:7352
- C:\Windows\System\FRtjnXe.exe
  C:\Windows\System\FRtjnXe.exe
  2⤵
  PID:7372
- C:\Windows\System\hdQlnSQ.exe
  C:\Windows\System\hdQlnSQ.exe
  2⤵
  PID:7388
- C:\Windows\System\hwMnvme.exe
  C:\Windows\System\hwMnvme.exe
  2⤵
  PID:7412
- C:\Windows\System\KyPFFcA.exe
  C:\Windows\System\KyPFFcA.exe
  2⤵
  PID:7436
- C:\Windows\System\afMvXAO.exe
  C:\Windows\System\afMvXAO.exe
  2⤵
  PID:7452
- C:\Windows\System\ovjttjp.exe
  C:\Windows\System\ovjttjp.exe
  2⤵
  PID:7472
- C:\Windows\System\FzknCYz.exe
  C:\Windows\System\FzknCYz.exe
  2⤵
  PID:7488
- C:\Windows\System\pfzGBkL.exe
  C:\Windows\System\pfzGBkL.exe
  2⤵
  PID:7512
- C:\Windows\System\CxwMAJk.exe
  C:\Windows\System\CxwMAJk.exe
  2⤵
  PID:7540
- C:\Windows\System\UYDyiDF.exe
  C:\Windows\System\UYDyiDF.exe
  2⤵
  PID:7572
- C:\Windows\System\TkdXEnp.exe
  C:\Windows\System\TkdXEnp.exe
  2⤵
  PID:7588
- C:\Windows\System\CSBSzgR.exe
  C:\Windows\System\CSBSzgR.exe
  2⤵
  PID:7612
- C:\Windows\System\ROAiSUX.exe
  C:\Windows\System\ROAiSUX.exe
  2⤵
  PID:7640
- C:\Windows\System\uwRbJvU.exe
  C:\Windows\System\uwRbJvU.exe
  2⤵
  PID:7656
- C:\Windows\System\LNZRXQI.exe
  C:\Windows\System\LNZRXQI.exe
  2⤵
  PID:7684
- C:\Windows\System\rWmyUCf.exe
  C:\Windows\System\rWmyUCf.exe
  2⤵
  PID:7708
- C:\Windows\System\AUjjLiy.exe
  C:\Windows\System\AUjjLiy.exe
  2⤵
  PID:7728
- C:\Windows\System\xiuPMka.exe
  C:\Windows\System\xiuPMka.exe
  2⤵
  PID:7748
- C:\Windows\System\otNziEr.exe
  C:\Windows\System\otNziEr.exe
  2⤵
  PID:7772
- C:\Windows\System\hfEzIom.exe
  C:\Windows\System\hfEzIom.exe
  2⤵
  PID:7792
- C:\Windows\System\PegoQQz.exe
  C:\Windows\System\PegoQQz.exe
  2⤵
  PID:7816
- C:\Windows\System\gvHMLYm.exe
  C:\Windows\System\gvHMLYm.exe
  2⤵
  PID:7840
- C:\Windows\System\PefcsZy.exe
  C:\Windows\System\PefcsZy.exe
  2⤵
  PID:7860
- C:\Windows\System\YAZWUHx.exe
  C:\Windows\System\YAZWUHx.exe
  2⤵
  PID:7880
- C:\Windows\System\bFgxICf.exe
  C:\Windows\System\bFgxICf.exe
  2⤵
  PID:7904
- C:\Windows\System\YCUYQmT.exe
  C:\Windows\System\YCUYQmT.exe
  2⤵
  PID:7920
- C:\Windows\System\zqKchHa.exe
  C:\Windows\System\zqKchHa.exe
  2⤵
  PID:7944
- C:\Windows\System\VpDmmqz.exe
  C:\Windows\System\VpDmmqz.exe
  2⤵
  PID:7976
- C:\Windows\System\vGbvbyk.exe
  C:\Windows\System\vGbvbyk.exe
  2⤵
  PID:8004
- C:\Windows\System\TQnukvF.exe
  C:\Windows\System\TQnukvF.exe
  2⤵
  PID:8028
- C:\Windows\System\jjGOBkI.exe
  C:\Windows\System\jjGOBkI.exe
  2⤵
  PID:8044
- C:\Windows\System\AcgrLup.exe
  C:\Windows\System\AcgrLup.exe
  2⤵
  PID:8068
- C:\Windows\System\tDryXUp.exe
  C:\Windows\System\tDryXUp.exe
  2⤵
  PID:8088
- C:\Windows\System\sAIxGWz.exe
  C:\Windows\System\sAIxGWz.exe
  2⤵
  PID:8108
- C:\Windows\System\nCGXOXO.exe
  C:\Windows\System\nCGXOXO.exe
  2⤵
  PID:8128
- C:\Windows\System\DjwrMjO.exe
  C:\Windows\System\DjwrMjO.exe
  2⤵
  PID:8152
- C:\Windows\System\zGtIHrx.exe
  C:\Windows\System\zGtIHrx.exe
  2⤵
  PID:8172
- C:\Windows\System\uPoPRQS.exe
  C:\Windows\System\uPoPRQS.exe
  2⤵
  PID:6168
- C:\Windows\System\jlvIFlW.exe
  C:\Windows\System\jlvIFlW.exe
  2⤵
  PID:6472
- C:\Windows\System\hCMOmdl.exe
  C:\Windows\System\hCMOmdl.exe
  2⤵
  PID:7024
- C:\Windows\System\YJIFbrr.exe
  C:\Windows\System\YJIFbrr.exe
  2⤵
  PID:6676
- C:\Windows\System\QCuXsSY.exe
  C:\Windows\System\QCuXsSY.exe
  2⤵
  PID:6564
- C:\Windows\System\cFSyGpG.exe
  C:\Windows\System\cFSyGpG.exe
  2⤵
  PID:6984
- C:\Windows\System\IpSEgog.exe
  C:\Windows\System\IpSEgog.exe
  2⤵
  PID:6156
- C:\Windows\System\lgJcgVm.exe
  C:\Windows\System\lgJcgVm.exe
  2⤵
  PID:6892
- C:\Windows\System\cfkimJF.exe
  C:\Windows\System\cfkimJF.exe
  2⤵
  PID:7236
- C:\Windows\System\lADlote.exe
  C:\Windows\System\lADlote.exe
  2⤵
  PID:7368
- C:\Windows\System\FCoxpEO.exe
  C:\Windows\System\FCoxpEO.exe
  2⤵
  PID:7460
- C:\Windows\System\yYvNNtI.exe
  C:\Windows\System\yYvNNtI.exe
  2⤵
  PID:5884
- C:\Windows\System\zPxSonk.exe
  C:\Windows\System\zPxSonk.exe
  2⤵
  PID:7160
- C:\Windows\System\biqEGcB.exe
  C:\Windows\System\biqEGcB.exe
  2⤵
  PID:8212
- C:\Windows\System\HTpOtrT.exe
  C:\Windows\System\HTpOtrT.exe
  2⤵
  PID:8236
- C:\Windows\System\oRRttye.exe
  C:\Windows\System\oRRttye.exe
  2⤵
  PID:8256
- C:\Windows\System\aXCEMBI.exe
  C:\Windows\System\aXCEMBI.exe
  2⤵
  PID:8280
- C:\Windows\System\kfmwzYj.exe
  C:\Windows\System\kfmwzYj.exe
  2⤵
  PID:8308
- C:\Windows\System\MJxGmie.exe
  C:\Windows\System\MJxGmie.exe
  2⤵
  PID:8328
- C:\Windows\System\JVKDMrQ.exe
  C:\Windows\System\JVKDMrQ.exe
  2⤵
  PID:8356
- C:\Windows\System\tHRUJtL.exe
  C:\Windows\System\tHRUJtL.exe
  2⤵
  PID:8376
- C:\Windows\System\jfIkbhA.exe
  C:\Windows\System\jfIkbhA.exe
  2⤵
  PID:8396
- C:\Windows\System\rkFugtK.exe
  C:\Windows\System\rkFugtK.exe
  2⤵
  PID:8420
- C:\Windows\System\BTxMoPo.exe
  C:\Windows\System\BTxMoPo.exe
  2⤵
  PID:8448
- C:\Windows\System\RDwWeVc.exe
  C:\Windows\System\RDwWeVc.exe
  2⤵
  PID:8472
- C:\Windows\System\djfkLvF.exe
  C:\Windows\System\djfkLvF.exe
  2⤵
  PID:8492
- C:\Windows\System\uHVFdAf.exe
  C:\Windows\System\uHVFdAf.exe
  2⤵
  PID:8520
- C:\Windows\System\OryLPBU.exe
  C:\Windows\System\OryLPBU.exe
  2⤵
  PID:8540
- C:\Windows\System\DCTLquR.exe
  C:\Windows\System\DCTLquR.exe
  2⤵
  PID:8564
- C:\Windows\System\jgaWFrv.exe
  C:\Windows\System\jgaWFrv.exe
  2⤵
  PID:8584
- C:\Windows\System\lnDXvCw.exe
  C:\Windows\System\lnDXvCw.exe
  2⤵
  PID:8608
- C:\Windows\System\HFFtBFb.exe
  C:\Windows\System\HFFtBFb.exe
  2⤵
  PID:8628
- C:\Windows\System\ZFdXAwX.exe
  C:\Windows\System\ZFdXAwX.exe
  2⤵
  PID:8652
- C:\Windows\System\EzVUBpI.exe
  C:\Windows\System\EzVUBpI.exe
  2⤵
  PID:8672
- C:\Windows\System\TULbXhc.exe
  C:\Windows\System\TULbXhc.exe
  2⤵
  PID:8696
- C:\Windows\System\eLQroik.exe
  C:\Windows\System\eLQroik.exe
  2⤵
  PID:8712
- C:\Windows\System\gMOkAWB.exe
  C:\Windows\System\gMOkAWB.exe
  2⤵
  PID:8736
- C:\Windows\System\cnaFhTE.exe
  C:\Windows\System\cnaFhTE.exe
  2⤵
  PID:8752
- C:\Windows\System\gbjMMDL.exe
  C:\Windows\System\gbjMMDL.exe
  2⤵
  PID:8776
- C:\Windows\System\bAUiiZe.exe
  C:\Windows\System\bAUiiZe.exe
  2⤵
  PID:8792
- C:\Windows\System\cJxwvPj.exe
  C:\Windows\System\cJxwvPj.exe
  2⤵
  PID:8820
- C:\Windows\System\nShZUnv.exe
  C:\Windows\System\nShZUnv.exe
  2⤵
  PID:8840
- C:\Windows\System\IvvVWMx.exe
  C:\Windows\System\IvvVWMx.exe
  2⤵
  PID:8860
- C:\Windows\System\RsnXFGK.exe
  C:\Windows\System\RsnXFGK.exe
  2⤵
  PID:8884
- C:\Windows\System\fGhIOUu.exe
  C:\Windows\System\fGhIOUu.exe
  2⤵
  PID:8908
- C:\Windows\System\UZCOUaJ.exe
  C:\Windows\System\UZCOUaJ.exe
  2⤵
  PID:8936
- C:\Windows\System\NJpGRVZ.exe
  C:\Windows\System\NJpGRVZ.exe
  2⤵
  PID:8960
- C:\Windows\System\WGkTazY.exe
  C:\Windows\System\WGkTazY.exe
  2⤵
  PID:8988
- C:\Windows\System\awfAaYU.exe
  C:\Windows\System\awfAaYU.exe
  2⤵
  PID:9008
- C:\Windows\System\eJRhmuF.exe
  C:\Windows\System\eJRhmuF.exe
  2⤵
  PID:9028
- C:\Windows\System\rSifiiF.exe
  C:\Windows\System\rSifiiF.exe
  2⤵
  PID:9056
- C:\Windows\System\ZLqLZQB.exe
  C:\Windows\System\ZLqLZQB.exe
  2⤵
  PID:9080
- C:\Windows\System\Fqgyqfj.exe
  C:\Windows\System\Fqgyqfj.exe
  2⤵
  PID:9108
- C:\Windows\System\vrruNxk.exe
  C:\Windows\System\vrruNxk.exe
  2⤵
  PID:9128
- C:\Windows\System\PjRVWSO.exe
  C:\Windows\System\PjRVWSO.exe
  2⤵
  PID:9148
- C:\Windows\System\bNUDfFw.exe
  C:\Windows\System\bNUDfFw.exe
  2⤵
  PID:9168
- C:\Windows\System\nfRLnVx.exe
  C:\Windows\System\nfRLnVx.exe
  2⤵
  PID:9196
- C:\Windows\System\hVHjdBO.exe
  C:\Windows\System\hVHjdBO.exe
  2⤵
  PID:7648
- C:\Windows\System\atiZcZe.exe
  C:\Windows\System\atiZcZe.exe
  2⤵
  PID:7704
- C:\Windows\System\sCtdtYO.exe
  C:\Windows\System\sCtdtYO.exe
  2⤵
  PID:7768
- C:\Windows\System\YGazkpg.exe
  C:\Windows\System\YGazkpg.exe
  2⤵
  PID:6408
- C:\Windows\System\EJjAEMU.exe
  C:\Windows\System\EJjAEMU.exe
  2⤵
  PID:7892
- C:\Windows\System\RyoGGJu.exe
  C:\Windows\System\RyoGGJu.exe
  2⤵
  PID:7256
- C:\Windows\System\SyhPEmK.exe
  C:\Windows\System\SyhPEmK.exe
  2⤵
  PID:6764
- C:\Windows\System\fWboXHv.exe
  C:\Windows\System\fWboXHv.exe
  2⤵
  PID:7340
- C:\Windows\System\lPnKjMj.exe
  C:\Windows\System\lPnKjMj.exe
  2⤵
  PID:8012
- C:\Windows\System\bvQRsLz.exe
  C:\Windows\System\bvQRsLz.exe
  2⤵
  PID:8084
- C:\Windows\System\gprFvvz.exe
  C:\Windows\System\gprFvvz.exe
  2⤵
  PID:8124
- C:\Windows\System\EFyoDGi.exe
  C:\Windows\System\EFyoDGi.exe
  2⤵
  PID:8184
- C:\Windows\System\etJvGOs.exe
  C:\Windows\System\etJvGOs.exe
  2⤵
  PID:6744
- C:\Windows\System\rXWOkJs.exe
  C:\Windows\System\rXWOkJs.exe
  2⤵
  PID:6896
- C:\Windows\System\PPySpjv.exe
  C:\Windows\System\PPySpjv.exe
  2⤵
  PID:7012
- C:\Windows\System\NzDYAdp.exe
  C:\Windows\System\NzDYAdp.exe
  2⤵
  PID:8204
- C:\Windows\System\ZcgxuRe.exe
  C:\Windows\System\ZcgxuRe.exe
  2⤵
  PID:8228
- C:\Windows\System\JRnxfdM.exe
  C:\Windows\System\JRnxfdM.exe
  2⤵
  PID:7720
- C:\Windows\System\foJVdLy.exe
  C:\Windows\System\foJVdLy.exe
  2⤵
  PID:8440
- C:\Windows\System\YGWPBKg.exe
  C:\Windows\System\YGWPBKg.exe
  2⤵
  PID:7852
- C:\Windows\System\GCyhQmH.exe
  C:\Windows\System\GCyhQmH.exe
  2⤵
  PID:8556
- C:\Windows\System\uVFPqYa.exe
  C:\Windows\System\uVFPqYa.exe
  2⤵
  PID:8624
- C:\Windows\System\Vjbtukj.exe
  C:\Windows\System\Vjbtukj.exe
  2⤵
  PID:8040
- C:\Windows\System\sSropcy.exe
  C:\Windows\System\sSropcy.exe
  2⤵
  PID:7408
- C:\Windows\System\WgqdopX.exe
  C:\Windows\System\WgqdopX.exe
  2⤵
  PID:9232
- C:\Windows\System\PeSegyA.exe
  C:\Windows\System\PeSegyA.exe
  2⤵
  PID:9256
- C:\Windows\System\DFcaGNq.exe
  C:\Windows\System\DFcaGNq.exe
  2⤵
  PID:9276
- C:\Windows\System\qLykUKc.exe
  C:\Windows\System\qLykUKc.exe
  2⤵
  PID:9304
- C:\Windows\System\kxHWVFA.exe
  C:\Windows\System\kxHWVFA.exe
  2⤵
  PID:9328
- C:\Windows\System\VHJopMI.exe
  C:\Windows\System\VHJopMI.exe
  2⤵
  PID:9348
- C:\Windows\System\FuIGEju.exe
  C:\Windows\System\FuIGEju.exe
  2⤵
  PID:9364
- C:\Windows\System\IguIZyB.exe
  C:\Windows\System\IguIZyB.exe
  2⤵
  PID:9384
- C:\Windows\System\yZNnsQB.exe
  C:\Windows\System\yZNnsQB.exe
  2⤵
  PID:9408
- C:\Windows\System\uOtMNls.exe
  C:\Windows\System\uOtMNls.exe
  2⤵
  PID:9432
- C:\Windows\System\NfRejyj.exe
  C:\Windows\System\NfRejyj.exe
  2⤵
  PID:9452
- C:\Windows\System\hCThwHd.exe
  C:\Windows\System\hCThwHd.exe
  2⤵
  PID:9476
- C:\Windows\System\TWbErgN.exe
  C:\Windows\System\TWbErgN.exe
  2⤵
  PID:9496
- C:\Windows\System\PwqwxfA.exe
  C:\Windows\System\PwqwxfA.exe
  2⤵
  PID:9520
- C:\Windows\System\ArYDpfv.exe
  C:\Windows\System\ArYDpfv.exe
  2⤵
  PID:9540
- C:\Windows\System\DRNjQIn.exe
  C:\Windows\System\DRNjQIn.exe
  2⤵
  PID:9564
- C:\Windows\System\oGEHivj.exe
  C:\Windows\System\oGEHivj.exe
  2⤵
  PID:9580
- C:\Windows\System\VEfgzUE.exe
  C:\Windows\System\VEfgzUE.exe
  2⤵
  PID:9604
- C:\Windows\System\cGawtvd.exe
  C:\Windows\System\cGawtvd.exe
  2⤵
  PID:9632
- C:\Windows\System\UXKzpux.exe
  C:\Windows\System\UXKzpux.exe
  2⤵
  PID:9652
- C:\Windows\System\jYSFbDY.exe
  C:\Windows\System\jYSFbDY.exe
  2⤵
  PID:9672
- C:\Windows\System\gphxSdR.exe
  C:\Windows\System\gphxSdR.exe
  2⤵
  PID:9700
- C:\Windows\System\ieSCsQB.exe
  C:\Windows\System\ieSCsQB.exe
  2⤵
  PID:9724
- C:\Windows\System\cVjnlbg.exe
  C:\Windows\System\cVjnlbg.exe
  2⤵
  PID:9744
- C:\Windows\System\nLXTjvh.exe
  C:\Windows\System\nLXTjvh.exe
  2⤵
  PID:9764
- C:\Windows\System\eXRtHUj.exe
  C:\Windows\System\eXRtHUj.exe
  2⤵
  PID:9792
- C:\Windows\System\YtWWDFY.exe
  C:\Windows\System\YtWWDFY.exe
  2⤵
  PID:9812
- C:\Windows\System\laJOnGh.exe
  C:\Windows\System\laJOnGh.exe
  2⤵
  PID:9836
- C:\Windows\System\rQKEXAg.exe
  C:\Windows\System\rQKEXAg.exe
  2⤵
  PID:9856
- C:\Windows\System\jaRBxtp.exe
  C:\Windows\System\jaRBxtp.exe
  2⤵
  PID:9876
- C:\Windows\System\OiADCQl.exe
  C:\Windows\System\OiADCQl.exe
  2⤵
  PID:9900
- C:\Windows\System\doNDRcw.exe
  C:\Windows\System\doNDRcw.exe
  2⤵
  PID:9920
- C:\Windows\System\mAUepdY.exe
  C:\Windows\System\mAUepdY.exe
  2⤵
  PID:9944
- C:\Windows\System\KvrIVaR.exe
  C:\Windows\System\KvrIVaR.exe
  2⤵
  PID:9968
- C:\Windows\System\CyMMmxr.exe
  C:\Windows\System\CyMMmxr.exe
  2⤵
  PID:9988
- C:\Windows\System\meCwjIi.exe
  C:\Windows\System\meCwjIi.exe
  2⤵
  PID:10004
- C:\Windows\System\KFLIpbP.exe
  C:\Windows\System\KFLIpbP.exe
  2⤵
  PID:10020
- C:\Windows\System\WnPDhib.exe
  C:\Windows\System\WnPDhib.exe
  2⤵
  PID:10040
- C:\Windows\System\OQLMQlu.exe
  C:\Windows\System\OQLMQlu.exe
  2⤵
  PID:10056
- C:\Windows\System\tCCSqyr.exe
  C:\Windows\System\tCCSqyr.exe
  2⤵
  PID:10072
- C:\Windows\System\WvyxQSA.exe
  C:\Windows\System\WvyxQSA.exe
  2⤵
  PID:10096
- C:\Windows\System\UZgsvJu.exe
  C:\Windows\System\UZgsvJu.exe
  2⤵
  PID:10120
- C:\Windows\System\Qquvrfn.exe
  C:\Windows\System\Qquvrfn.exe
  2⤵
  PID:10140
- C:\Windows\System\ZwAOhFk.exe
  C:\Windows\System\ZwAOhFk.exe
  2⤵
  PID:10164
- C:\Windows\System\XOIzVgi.exe
  C:\Windows\System\XOIzVgi.exe
  2⤵
  PID:10188
- C:\Windows\System\SKKMcGz.exe
  C:\Windows\System\SKKMcGz.exe
  2⤵
  PID:10212
- C:\Windows\System\NWGWbfC.exe
  C:\Windows\System\NWGWbfC.exe
  2⤵
  PID:8856
- C:\Windows\System\nCxMwZN.exe
  C:\Windows\System\nCxMwZN.exe
  2⤵
  PID:8900
- C:\Windows\System\ibQZzii.exe
  C:\Windows\System\ibQZzii.exe
  2⤵
  PID:7524
- C:\Windows\System\tbcRBTR.exe
  C:\Windows\System\tbcRBTR.exe
  2⤵
  PID:6228
- C:\Windows\System\pPdrkEJ.exe
  C:\Windows\System\pPdrkEJ.exe
  2⤵
  PID:4708
- C:\Windows\System\YEqdRbW.exe
  C:\Windows\System\YEqdRbW.exe
  2⤵
  PID:9096
- C:\Windows\System\yXPbGYv.exe
  C:\Windows\System\yXPbGYv.exe
  2⤵
  PID:9164
- C:\Windows\System\FiVKPAh.exe
  C:\Windows\System\FiVKPAh.exe
  2⤵
  PID:8344
- C:\Windows\System\yUQwMXo.exe
  C:\Windows\System\yUQwMXo.exe
  2⤵
  PID:7824
- C:\Windows\System\klFFmJm.exe
  C:\Windows\System\klFFmJm.exe
  2⤵
  PID:7260
- C:\Windows\System\xVGgeSy.exe
  C:\Windows\System\xVGgeSy.exe
  2⤵
  PID:8552
- C:\Windows\System\JXURHcl.exe
  C:\Windows\System\JXURHcl.exe
  2⤵
  PID:7428
- C:\Windows\System\DWustsO.exe
  C:\Windows\System\DWustsO.exe
  2⤵
  PID:8668
- C:\Windows\System\YnJgkbW.exe
  C:\Windows\System\YnJgkbW.exe
  2⤵
  PID:8708
- C:\Windows\System\TzCgPbX.exe
  C:\Windows\System\TzCgPbX.exe
  2⤵
  PID:8764
- C:\Windows\System\bcVbfUC.exe
  C:\Windows\System\bcVbfUC.exe
  2⤵
  PID:8836
- C:\Windows\System\LVzlaob.exe
  C:\Windows\System\LVzlaob.exe
  2⤵
  PID:10244
- C:\Windows\System\dufaTaI.exe
  C:\Windows\System\dufaTaI.exe
  2⤵
  PID:10260
- C:\Windows\System\fFvfSCN.exe
  C:\Windows\System\fFvfSCN.exe
  2⤵
  PID:10288
- C:\Windows\System\qDYqlLB.exe
  C:\Windows\System\qDYqlLB.exe
  2⤵
  PID:10316
- C:\Windows\System\jLVEzel.exe
  C:\Windows\System\jLVEzel.exe
  2⤵
  PID:10332
- C:\Windows\System\TbQWVFZ.exe
  C:\Windows\System\TbQWVFZ.exe
  2⤵
  PID:10364
- C:\Windows\System\wMsXfcZ.exe
  C:\Windows\System\wMsXfcZ.exe
  2⤵
  PID:10384
- C:\Windows\System\efARLZb.exe
  C:\Windows\System\efARLZb.exe
  2⤵
  PID:10408
- C:\Windows\System\UdPVPYe.exe
  C:\Windows\System\UdPVPYe.exe
  2⤵
  PID:10428
- C:\Windows\System\SOmMpbz.exe
  C:\Windows\System\SOmMpbz.exe
  2⤵
  PID:10452
- C:\Windows\System\wetPMTg.exe
  C:\Windows\System\wetPMTg.exe
  2⤵
  PID:10480
- C:\Windows\System\awOzXcT.exe
  C:\Windows\System\awOzXcT.exe
  2⤵
  PID:10500
- C:\Windows\System\jwYfnXb.exe
  C:\Windows\System\jwYfnXb.exe
  2⤵
  PID:10520
- C:\Windows\System\rOZgkaI.exe
  C:\Windows\System\rOZgkaI.exe
  2⤵
  PID:10540
- C:\Windows\System\JWbBoQo.exe
  C:\Windows\System\JWbBoQo.exe
  2⤵
  PID:10564
- C:\Windows\System\eYUHbUK.exe
  C:\Windows\System\eYUHbUK.exe
  2⤵
  PID:10596
- C:\Windows\System\RgDuKTm.exe
  C:\Windows\System\RgDuKTm.exe
  2⤵
  PID:10620
- C:\Windows\System\bOVabMz.exe
  C:\Windows\System\bOVabMz.exe
  2⤵
  PID:10644
- C:\Windows\System\zITpJbu.exe
  C:\Windows\System\zITpJbu.exe
  2⤵
  PID:10668
- C:\Windows\System\bncXxUf.exe
  C:\Windows\System\bncXxUf.exe
  2⤵
  PID:10688
- C:\Windows\System\dqcnBnU.exe
  C:\Windows\System\dqcnBnU.exe
  2⤵
  PID:10708
- C:\Windows\System\AxjCIAT.exe
  C:\Windows\System\AxjCIAT.exe
  2⤵
  PID:10732
- C:\Windows\System\gzWdxeC.exe
  C:\Windows\System\gzWdxeC.exe
  2⤵
  PID:10764
- C:\Windows\System\StWNDrA.exe
  C:\Windows\System\StWNDrA.exe
  2⤵
  PID:10784
- C:\Windows\System\woRvRYL.exe
  C:\Windows\System\woRvRYL.exe
  2⤵
  PID:10804
- C:\Windows\System\xyQBwjx.exe
  C:\Windows\System\xyQBwjx.exe
  2⤵
  PID:10824
- C:\Windows\System\TbphshG.exe
  C:\Windows\System\TbphshG.exe
  2⤵
  PID:10852
- C:\Windows\System\MIlliJj.exe
  C:\Windows\System\MIlliJj.exe
  2⤵
  PID:10876
- C:\Windows\System\lAVMJsC.exe
  C:\Windows\System\lAVMJsC.exe
  2⤵
  PID:10896
- C:\Windows\System\HyLQFtP.exe
  C:\Windows\System\HyLQFtP.exe
  2⤵
  PID:10924
- C:\Windows\System\HcRkahV.exe
  C:\Windows\System\HcRkahV.exe
  2⤵
  PID:10960
- C:\Windows\System\HLIuWNV.exe
  C:\Windows\System\HLIuWNV.exe
  2⤵
  PID:10984
- C:\Windows\System\xViPtqJ.exe
  C:\Windows\System\xViPtqJ.exe
  2⤵
  PID:11004
- C:\Windows\System\XdTlZsZ.exe
  C:\Windows\System\XdTlZsZ.exe
  2⤵
  PID:11024
- C:\Windows\System\VecEjRa.exe
  C:\Windows\System\VecEjRa.exe
  2⤵
  PID:11048
- C:\Windows\System\KrKvHwk.exe
  C:\Windows\System\KrKvHwk.exe
  2⤵
  PID:11068
- C:\Windows\System\xTwHMvD.exe
  C:\Windows\System\xTwHMvD.exe
  2⤵
  PID:11088
- C:\Windows\System\LhIcpsZ.exe
  C:\Windows\System\LhIcpsZ.exe
  2⤵
  PID:11112
- C:\Windows\System\KVqzxom.exe
  C:\Windows\System\KVqzxom.exe
  2⤵
  PID:11136
- C:\Windows\System\EIQDpWk.exe
  C:\Windows\System\EIQDpWk.exe
  2⤵
  PID:11160
- C:\Windows\System\aSUdUPU.exe
  C:\Windows\System\aSUdUPU.exe
  2⤵
  PID:11180
- C:\Windows\System\yESUdSm.exe
  C:\Windows\System\yESUdSm.exe
  2⤵
  PID:11204
- C:\Windows\System\LoGDZCl.exe
  C:\Windows\System\LoGDZCl.exe
  2⤵
  PID:11224
- C:\Windows\System\qmkYBjq.exe
  C:\Windows\System\qmkYBjq.exe
  2⤵
  PID:11244
- C:\Windows\System\uRTkNSq.exe
  C:\Windows\System\uRTkNSq.exe
  2⤵
  PID:9980
- C:\Windows\System\RWMNUXf.exe
  C:\Windows\System\RWMNUXf.exe
  2⤵
  PID:10052
- C:\Windows\System\IhgZDQu.exe
  C:\Windows\System\IhgZDQu.exe
  2⤵
  PID:10108
- C:\Windows\System\MdgVSXF.exe
  C:\Windows\System\MdgVSXF.exe
  2⤵
  PID:6948
- C:\Windows\System\thEVgyl.exe
  C:\Windows\System\thEVgyl.exe
  2⤵
  PID:8056
- C:\Windows\System\QtimaXs.exe
  C:\Windows\System\QtimaXs.exe
  2⤵
  PID:3948
- C:\Windows\System\QouoNtF.exe
  C:\Windows\System\QouoNtF.exe
  2⤵
  PID:7620
- C:\Windows\System\TmXlYgi.exe
  C:\Windows\System\TmXlYgi.exe
  2⤵
  PID:7280
- C:\Windows\System\cKjYQIs.exe
  C:\Windows\System\cKjYQIs.exe
  2⤵
  PID:8732
- C:\Windows\System\wqkGpmu.exe
  C:\Windows\System\wqkGpmu.exe
  2⤵
  PID:10252
- C:\Windows\System\MzwCChn.exe
  C:\Windows\System\MzwCChn.exe
  2⤵
  PID:10344
- C:\Windows\System\gqgxbkz.exe
  C:\Windows\System\gqgxbkz.exe
  2⤵
  PID:10400
- C:\Windows\System\hqnIqov.exe
  C:\Windows\System\hqnIqov.exe
  2⤵
  PID:10516
- C:\Windows\System\lNeAxVE.exe
  C:\Windows\System\lNeAxVE.exe
  2⤵
  PID:10576
- C:\Windows\System\qRdpkpx.exe
  C:\Windows\System\qRdpkpx.exe
  2⤵
  PID:9484
- C:\Windows\System\JNKmNgl.exe
  C:\Windows\System\JNKmNgl.exe
  2⤵
  PID:9548
- C:\Windows\System\heeNlVb.exe
  C:\Windows\System\heeNlVb.exe
  2⤵
  PID:9612
- C:\Windows\System\gJVjJNQ.exe
  C:\Windows\System\gJVjJNQ.exe
  2⤵
  PID:11268
- C:\Windows\System\rqAFyQY.exe
  C:\Windows\System\rqAFyQY.exe
  2⤵
  PID:11292
- C:\Windows\System\eYsOAID.exe
  C:\Windows\System\eYsOAID.exe
  2⤵
  PID:11316
- C:\Windows\System\wqDmrVT.exe
  C:\Windows\System\wqDmrVT.exe
  2⤵
  PID:11336
- C:\Windows\System\MsqPoID.exe
  C:\Windows\System\MsqPoID.exe
  2⤵
  PID:11360
- C:\Windows\System\lFFxDCy.exe
  C:\Windows\System\lFFxDCy.exe
  2⤵
  PID:11380
- C:\Windows\System\FbIevJC.exe
  C:\Windows\System\FbIevJC.exe
  2⤵
  PID:11400
- C:\Windows\System\drxNQDt.exe
  C:\Windows\System\drxNQDt.exe
  2⤵
  PID:11424
- C:\Windows\System\oCjvRtJ.exe
  C:\Windows\System\oCjvRtJ.exe
  2⤵
  PID:11444
- C:\Windows\System\hlFyxXn.exe
  C:\Windows\System\hlFyxXn.exe
  2⤵
  PID:11464
- C:\Windows\System\xBmFEDr.exe
  C:\Windows\System\xBmFEDr.exe
  2⤵
  PID:11484
- C:\Windows\System\EjcRkCp.exe
  C:\Windows\System\EjcRkCp.exe
  2⤵
  PID:11508
- C:\Windows\System\JTGDIrH.exe
  C:\Windows\System\JTGDIrH.exe
  2⤵
  PID:11528
- C:\Windows\System\VbJgSTf.exe
  C:\Windows\System\VbJgSTf.exe
  2⤵
  PID:11548
- C:\Windows\System\iqpPMNC.exe
  C:\Windows\System\iqpPMNC.exe
  2⤵
  PID:11576
- C:\Windows\System\qoKiLME.exe
  C:\Windows\System\qoKiLME.exe
  2⤵
  PID:11600
- C:\Windows\System\eRLgGfX.exe
  C:\Windows\System\eRLgGfX.exe
  2⤵
  PID:11624
- C:\Windows\System\lfHwqEY.exe
  C:\Windows\System\lfHwqEY.exe
  2⤵
  PID:11648
- C:\Windows\System\otKWlpg.exe
  C:\Windows\System\otKWlpg.exe
  2⤵
  PID:11668
- C:\Windows\System\XdTqqxR.exe
  C:\Windows\System\XdTqqxR.exe
  2⤵
  PID:11696
- C:\Windows\System\COAUXIV.exe
  C:\Windows\System\COAUXIV.exe
  2⤵
  PID:11712
- C:\Windows\System\zWEVbht.exe
  C:\Windows\System\zWEVbht.exe
  2⤵
  PID:11732
- C:\Windows\System\VLDdRyS.exe
  C:\Windows\System\VLDdRyS.exe
  2⤵
  PID:11752
- C:\Windows\System\LwtitDz.exe
  C:\Windows\System\LwtitDz.exe
  2⤵
  PID:11768
- C:\Windows\System\IPBeJct.exe
  C:\Windows\System\IPBeJct.exe
  2⤵
  PID:11784
- C:\Windows\System\rDUCIpF.exe
  C:\Windows\System\rDUCIpF.exe
  2⤵
  PID:11800
- C:\Windows\System\OuOLRoN.exe
  C:\Windows\System\OuOLRoN.exe
  2⤵
  PID:11816
- C:\Windows\System\LVZZnjw.exe
  C:\Windows\System\LVZZnjw.exe
  2⤵
  PID:11832
- C:\Windows\System\lMdqyGM.exe
  C:\Windows\System\lMdqyGM.exe
  2⤵
  PID:11848
- C:\Windows\System\AzFgrRu.exe
  C:\Windows\System\AzFgrRu.exe
  2⤵
  PID:11872
- C:\Windows\System\rclybIC.exe
  C:\Windows\System\rclybIC.exe
  2⤵
  PID:11904
- C:\Windows\System\oBflLLt.exe
  C:\Windows\System\oBflLLt.exe
  2⤵
  PID:11932
- C:\Windows\System\iJZeNGo.exe
  C:\Windows\System\iJZeNGo.exe
  2⤵
  PID:11952
- C:\Windows\System\mCXzVNq.exe
  C:\Windows\System\mCXzVNq.exe
  2⤵
  PID:11996
- C:\Windows\System\ZfrGnsb.exe
  C:\Windows\System\ZfrGnsb.exe
  2⤵
  PID:12024
- C:\Windows\System\cotkpqB.exe
  C:\Windows\System\cotkpqB.exe
  2⤵
  PID:12044
- C:\Windows\System\XvwxVsH.exe
  C:\Windows\System\XvwxVsH.exe
  2⤵
  PID:12072
- C:\Windows\System\ddtnjwO.exe
  C:\Windows\System\ddtnjwO.exe
  2⤵
  PID:12100
- C:\Windows\System\FjyuiTC.exe
  C:\Windows\System\FjyuiTC.exe
  2⤵
  PID:12128
- C:\Windows\System\aKcBFIw.exe
  C:\Windows\System\aKcBFIw.exe
  2⤵
  PID:12156
- C:\Windows\System\QkvctNi.exe
  C:\Windows\System\QkvctNi.exe
  2⤵
  PID:12208
- C:\Windows\System\JHlSdtf.exe
  C:\Windows\System\JHlSdtf.exe
  2⤵
  PID:12228
- C:\Windows\System\EHPGVtf.exe
  C:\Windows\System\EHPGVtf.exe
  2⤵
  PID:12252
- C:\Windows\System\ecxbeaZ.exe
  C:\Windows\System\ecxbeaZ.exe
  2⤵
  PID:12280
- C:\Windows\System\oLiYdiW.exe
  C:\Windows\System\oLiYdiW.exe
  2⤵
  PID:9664
- C:\Windows\System\JZKOrvV.exe
  C:\Windows\System\JZKOrvV.exe
  2⤵
  PID:9732
- C:\Windows\System\sGRgRSE.exe
  C:\Windows\System\sGRgRSE.exe
  2⤵
  PID:9800
- C:\Windows\System\vJCzgVB.exe
  C:\Windows\System\vJCzgVB.exe
  2⤵
  PID:9868
- C:\Windows\System\lPBBRyd.exe
  C:\Windows\System\lPBBRyd.exe
  2⤵
  PID:9892
- C:\Windows\System\HRLNNDT.exe
  C:\Windows\System\HRLNNDT.exe
  2⤵
  PID:8928
- C:\Windows\System\BMxtcjA.exe
  C:\Windows\System\BMxtcjA.exe
  2⤵
  PID:10184
- C:\Windows\System\ggHdPDW.exe
  C:\Windows\System\ggHdPDW.exe
  2⤵
  PID:9340
- C:\Windows\System\YBnPTUl.exe
  C:\Windows\System\YBnPTUl.exe
  2⤵
  PID:4872
- C:\Windows\System\KYNwpRG.exe
  C:\Windows\System\KYNwpRG.exe
  2⤵
  PID:9668
- C:\Windows\System\uNKmqrS.exe
  C:\Windows\System\uNKmqrS.exe
  2⤵
  PID:8296
- C:\Windows\System\OvDoVgM.exe
  C:\Windows\System\OvDoVgM.exe
  2⤵
  PID:8096
- C:\Windows\System\MMrMPWW.exe
  C:\Windows\System\MMrMPWW.exe
  2⤵
  PID:12312
- C:\Windows\System\ocMveuk.exe
  C:\Windows\System\ocMveuk.exe
  2⤵
  PID:12328
- C:\Windows\System\xItPfbe.exe
  C:\Windows\System\xItPfbe.exe
  2⤵
  PID:12356
- C:\Windows\System\UbEoxHa.exe
  C:\Windows\System\UbEoxHa.exe
  2⤵
  PID:12392
- C:\Windows\System\IvqKvon.exe
  C:\Windows\System\IvqKvon.exe
  2⤵
  PID:12412
- C:\Windows\System\OxFKFCm.exe
  C:\Windows\System\OxFKFCm.exe
  2⤵
  PID:12436
- C:\Windows\System\JrRrJmc.exe
  C:\Windows\System\JrRrJmc.exe
  2⤵
  PID:12452
- C:\Windows\System\tsOYGqV.exe
  C:\Windows\System\tsOYGqV.exe
  2⤵
  PID:12476
- C:\Windows\System\JiDmFBl.exe
  C:\Windows\System\JiDmFBl.exe
  2⤵
  PID:12500
- C:\Windows\System\kDuBdFW.exe
  C:\Windows\System\kDuBdFW.exe
  2⤵
  PID:12524
- C:\Windows\System\wTZjNTi.exe
  C:\Windows\System\wTZjNTi.exe
  2⤵
  PID:12548
- C:\Windows\System\inczPoO.exe
  C:\Windows\System\inczPoO.exe
  2⤵
  PID:12572
- C:\Windows\System\ZrIretU.exe
  C:\Windows\System\ZrIretU.exe
  2⤵
  PID:12596
- C:\Windows\System\PdhEeTv.exe
  C:\Windows\System\PdhEeTv.exe
  2⤵
  PID:12616
- C:\Windows\System\BPUokaC.exe
  C:\Windows\System\BPUokaC.exe
  2⤵
  PID:12636
- C:\Windows\System\FEZQGkn.exe
  C:\Windows\System\FEZQGkn.exe
  2⤵
  PID:12664
- C:\Windows\System\JBvKWnI.exe
  C:\Windows\System\JBvKWnI.exe
  2⤵
  PID:12680
- C:\Windows\System\hMRbYST.exe
  C:\Windows\System\hMRbYST.exe
  2⤵
  PID:12712
- C:\Windows\System\WhvXeEt.exe
  C:\Windows\System\WhvXeEt.exe
  2⤵
  PID:12732
- C:\Windows\System\gVCNbXn.exe
  C:\Windows\System\gVCNbXn.exe
  2⤵
  PID:12760
- C:\Windows\System\LgBNAHn.exe
  C:\Windows\System\LgBNAHn.exe
  2⤵
  PID:12784
- C:\Windows\System\HsuVOBM.exe
  C:\Windows\System\HsuVOBM.exe
  2⤵
  PID:12804
- C:\Windows\System\KoQzDPQ.exe
  C:\Windows\System\KoQzDPQ.exe
  2⤵
  PID:12832
- C:\Windows\System\sQjlvxe.exe
  C:\Windows\System\sQjlvxe.exe
  2⤵
  PID:12852
- C:\Windows\System\sUGIiNc.exe
  C:\Windows\System\sUGIiNc.exe
  2⤵
  PID:12868
- C:\Windows\System\TOZyUjy.exe
  C:\Windows\System\TOZyUjy.exe
  2⤵
  PID:12892
- C:\Windows\System\Qfamvxs.exe
  C:\Windows\System\Qfamvxs.exe
  2⤵
  PID:12912
- C:\Windows\System\dGtHMoi.exe
  C:\Windows\System\dGtHMoi.exe
  2⤵
  PID:12932
- C:\Windows\System\WOqQLrs.exe
  C:\Windows\System\WOqQLrs.exe
  2⤵
  PID:12952
- C:\Windows\System\TUGhihi.exe
  C:\Windows\System\TUGhihi.exe
  2⤵
  PID:12980
- C:\Windows\System\AuzdTOj.exe
  C:\Windows\System\AuzdTOj.exe
  2⤵
  PID:13008
- C:\Windows\System\kMdXKXI.exe
  C:\Windows\System\kMdXKXI.exe
  2⤵
  PID:13040
- C:\Windows\System\IFMWcxZ.exe
  C:\Windows\System\IFMWcxZ.exe
  2⤵
  PID:13064
- C:\Windows\System\wNSTqYY.exe
  C:\Windows\System\wNSTqYY.exe
  2⤵
  PID:13084
- C:\Windows\System\RFJorxy.exe
  C:\Windows\System\RFJorxy.exe
  2⤵
  PID:13104
- C:\Windows\System\meGfcWQ.exe
  C:\Windows\System\meGfcWQ.exe
  2⤵
  PID:13128
- C:\Windows\System\XFlBklD.exe
  C:\Windows\System\XFlBklD.exe
  2⤵
  PID:13144
- C:\Windows\System\dzdjhbi.exe
  C:\Windows\System\dzdjhbi.exe
  2⤵
  PID:13164
- C:\Windows\System\FsrkTtJ.exe
  C:\Windows\System\FsrkTtJ.exe
  2⤵
  PID:13180
- C:\Windows\System\JTUghJa.exe
  C:\Windows\System\JTUghJa.exe
  2⤵
  PID:13196
- C:\Windows\System\EEduwZZ.exe
  C:\Windows\System\EEduwZZ.exe
  2⤵
  PID:13216
- C:\Windows\System\HBxogal.exe
  C:\Windows\System\HBxogal.exe
  2⤵
  PID:13232
- C:\Windows\System\mAEFcQS.exe
  C:\Windows\System\mAEFcQS.exe
  2⤵
  PID:13248
- C:\Windows\System\EmdSgYv.exe
  C:\Windows\System\EmdSgYv.exe
  2⤵
  PID:13264
- C:\Windows\System\BDskcHW.exe
  C:\Windows\System\BDskcHW.exe
  2⤵
  PID:13280
- C:\Windows\System\hyvOQrK.exe
  C:\Windows\System\hyvOQrK.exe
  2⤵
  PID:13296
- C:\Windows\System\JzDlwgc.exe
  C:\Windows\System\JzDlwgc.exe
  2⤵
  PID:11152
- C:\Windows\System\BKribUW.exe
  C:\Windows\System\BKribUW.exe
  2⤵
  PID:10032
- C:\Windows\System\ljMQcbD.exe
  C:\Windows\System\ljMQcbD.exe
  2⤵
  PID:10360
- C:\Windows\System\GmOvFuF.exe
  C:\Windows\System\GmOvFuF.exe
  2⤵
  PID:10472
- C:\Windows\System\WTeYZsH.exe
  C:\Windows\System\WTeYZsH.exe
  2⤵
  PID:8636
- C:\Windows\System\SWHumQF.exe
  C:\Windows\System\SWHumQF.exe
  2⤵
  PID:10572
- C:\Windows\System\pQwrYGv.exe
  C:\Windows\System\pQwrYGv.exe
  2⤵
  PID:10684
- C:\Windows\System\LZkdUGU.exe
  C:\Windows\System\LZkdUGU.exe
  2⤵
  PID:10720
- C:\Windows\System\fRPlPDd.exe
  C:\Windows\System\fRPlPDd.exe
  2⤵
  PID:9472
- C:\Windows\System\ZuxUiDy.exe
  C:\Windows\System\ZuxUiDy.exe
  2⤵
  PID:6804
- C:\Windows\System\yIvpYTa.exe
  C:\Windows\System\yIvpYTa.exe
  2⤵
  PID:10844
- C:\Windows\System\wbxEbzp.exe
  C:\Windows\System\wbxEbzp.exe
  2⤵
  PID:11324
- C:\Windows\System\oGZzmfI.exe
  C:\Windows\System\oGZzmfI.exe
  2⤵
  PID:11372
- C:\Windows\System\MeXiUtA.exe
  C:\Windows\System\MeXiUtA.exe
  2⤵
  PID:10992
- C:\Windows\System\lWTXNRy.exe
  C:\Windows\System\lWTXNRy.exe
  2⤵
  PID:11096
- C:\Windows\System\kwasgrv.exe
  C:\Windows\System\kwasgrv.exe
  2⤵
  PID:11584
- C:\Windows\System\AgmMtYF.exe
  C:\Windows\System\AgmMtYF.exe
  2⤵
  PID:11760
- C:\Windows\System\Rmfidny.exe
  C:\Windows\System\Rmfidny.exe
  2⤵
  PID:11844
- C:\Windows\System\MayPHcE.exe
  C:\Windows\System\MayPHcE.exe
  2⤵
  PID:11888
- C:\Windows\System\mfLKniG.exe
  C:\Windows\System\mfLKniG.exe
  2⤵
  PID:11176
- C:\Windows\System\VEyzKWC.exe
  C:\Windows\System\VEyzKWC.exe
  2⤵
  PID:8384
- C:\Windows\System\iPicvcI.exe
  C:\Windows\System\iPicvcI.exe
  2⤵
  PID:12040
- C:\Windows\System\dCdDiPw.exe
  C:\Windows\System\dCdDiPw.exe
  2⤵
  PID:9272
- C:\Windows\System\rUicbQT.exe
  C:\Windows\System\rUicbQT.exe
  2⤵
  PID:12236
- C:\Windows\System\CVVFMti.exe
  C:\Windows\System\CVVFMti.exe
  2⤵
  PID:11216
- C:\Windows\System\PHIzeGo.exe
  C:\Windows\System\PHIzeGo.exe
  2⤵
  PID:9712
- C:\Windows\System\NvRljjR.exe
  C:\Windows\System\NvRljjR.exe
  2⤵
  PID:7856
- C:\Windows\System\AJXAYNy.exe
  C:\Windows\System\AJXAYNy.exe
  2⤵
  PID:12444
- C:\Windows\System\zPGvuGx.exe
  C:\Windows\System\zPGvuGx.exe
  2⤵
  PID:13332
- C:\Windows\System\HzTlAVA.exe
  C:\Windows\System\HzTlAVA.exe
  2⤵
  PID:13356
- C:\Windows\System\IEytAqG.exe
  C:\Windows\System\IEytAqG.exe
  2⤵
  PID:13380
- C:\Windows\System\dNSoHZa.exe
  C:\Windows\System\dNSoHZa.exe
  2⤵
  PID:13408
- C:\Windows\System\oPaGvvZ.exe
  C:\Windows\System\oPaGvvZ.exe
  2⤵
  PID:13428
- C:\Windows\System\bzrKMYt.exe
  C:\Windows\System\bzrKMYt.exe
  2⤵
  PID:13448
- C:\Windows\System\rLAUqaG.exe
  C:\Windows\System\rLAUqaG.exe
  2⤵
  PID:13468
- C:\Windows\System\rUwwekv.exe
  C:\Windows\System\rUwwekv.exe
  2⤵
  PID:13488
- C:\Windows\System\xCYosND.exe
  C:\Windows\System\xCYosND.exe
  2⤵
  PID:13512
- C:\Windows\System\kHpRoZF.exe
  C:\Windows\System\kHpRoZF.exe
  2⤵
  PID:13532
- C:\Windows\System\GYnNzzx.exe
  C:\Windows\System\GYnNzzx.exe
  2⤵
  PID:13552
- C:\Windows\System\swlPwRt.exe
  C:\Windows\System\swlPwRt.exe
  2⤵
  PID:13576
- C:\Windows\System\rhwlozp.exe
  C:\Windows\System\rhwlozp.exe
  2⤵
  PID:13596
- C:\Windows\System\LHHmMNC.exe
  C:\Windows\System\LHHmMNC.exe
  2⤵
  PID:13620
- C:\Windows\System\frDRQtR.exe
  C:\Windows\System\frDRQtR.exe
  2⤵
  PID:13644
- C:\Windows\System\THzqzOk.exe
  C:\Windows\System\THzqzOk.exe
  2⤵
  PID:13668
- C:\Windows\System\GwSWZhF.exe
  C:\Windows\System\GwSWZhF.exe
  2⤵
  PID:13696
- C:\Windows\System\iOAwltf.exe
  C:\Windows\System\iOAwltf.exe
  2⤵
  PID:13716
- C:\Windows\System\NVUTPSc.exe
  C:\Windows\System\NVUTPSc.exe
  2⤵
  PID:13740
- C:\Windows\System\zSlRHuq.exe
  C:\Windows\System\zSlRHuq.exe
  2⤵
  PID:13764
- C:\Windows\System\vUvBjXo.exe
  C:\Windows\System\vUvBjXo.exe
  2⤵
  PID:13784
- C:\Windows\System\OpNSHam.exe
  C:\Windows\System\OpNSHam.exe
  2⤵
  PID:13804
- C:\Windows\System\lKRTRgR.exe
  C:\Windows\System\lKRTRgR.exe
  2⤵
  PID:13824
- C:\Windows\System\PBnOMOV.exe
  C:\Windows\System\PBnOMOV.exe
  2⤵
  PID:13844
- C:\Windows\System\BiQkNqx.exe
  C:\Windows\System\BiQkNqx.exe
  2⤵
  PID:13868
- C:\Windows\System\BKEGKEs.exe
  C:\Windows\System\BKEGKEs.exe
  2⤵
  PID:13888
- C:\Windows\System\oiITzgA.exe
  C:\Windows\System\oiITzgA.exe
  2⤵
  PID:13912
- C:\Windows\System\RuTrwmE.exe
  C:\Windows\System\RuTrwmE.exe
  2⤵
  PID:13936
- C:\Windows\System\TzpvYrv.exe
  C:\Windows\System\TzpvYrv.exe
  2⤵
  PID:13956
- C:\Windows\System\wfbdELk.exe
  C:\Windows\System\wfbdELk.exe
  2⤵
  PID:13976
- C:\Windows\System\nGCNJZQ.exe
  C:\Windows\System\nGCNJZQ.exe
  2⤵
  PID:13996
- C:\Windows\System\hmdxLuZ.exe
  C:\Windows\System\hmdxLuZ.exe
  2⤵
  PID:14016
- C:\Windows\System\YLUeOOz.exe
  C:\Windows\System\YLUeOOz.exe
  2⤵
  PID:14040
- C:\Windows\System\AIiwcHA.exe
  C:\Windows\System\AIiwcHA.exe
  2⤵
  PID:14060
- C:\Windows\System\KNztMqy.exe
  C:\Windows\System\KNztMqy.exe
  2⤵
  PID:14088
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14088 -s 248
    3⤵
    PID:14696
- C:\Windows\System\RYaqNhq.exe
  C:\Windows\System\RYaqNhq.exe
  2⤵
  PID:14108
- C:\Windows\System\YPJRcHo.exe
  C:\Windows\System\YPJRcHo.exe
  2⤵
  PID:14132
- C:\Windows\System\yoxBJMZ.exe
  C:\Windows\System\yoxBJMZ.exe
  2⤵
  PID:14148
- C:\Windows\System\uBKGREK.exe
  C:\Windows\System\uBKGREK.exe
  2⤵
  PID:14164
- C:\Windows\System\QPbXSis.exe
  C:\Windows\System\QPbXSis.exe
  2⤵
  PID:14180
- C:\Windows\System\OpkIhqA.exe
  C:\Windows\System\OpkIhqA.exe
  2⤵
  PID:14196
- C:\Windows\System\CTvlRGA.exe
  C:\Windows\System\CTvlRGA.exe
  2⤵
  PID:14212
- C:\Windows\System\fqWVkmh.exe
  C:\Windows\System\fqWVkmh.exe
  2⤵
  PID:14228
- C:\Windows\System\wFstTKH.exe
  C:\Windows\System\wFstTKH.exe
  2⤵
  PID:14244
- C:\Windows\System\tMGvOmO.exe
  C:\Windows\System\tMGvOmO.exe
  2⤵
  PID:14260
- C:\Windows\System\iaapBhE.exe
  C:\Windows\System\iaapBhE.exe
  2⤵
  PID:14276
- C:\Windows\System\HIOGlmS.exe
  C:\Windows\System\HIOGlmS.exe
  2⤵
  PID:14292
- C:\Windows\System\wWmCehM.exe
  C:\Windows\System\wWmCehM.exe
  2⤵
  PID:14312
- C:\Windows\System\NxpckfG.exe
  C:\Windows\System\NxpckfG.exe
  2⤵
  PID:14328
- C:\Windows\System\QAogrVY.exe
  C:\Windows\System\QAogrVY.exe
  2⤵
  PID:7324
- C:\Windows\System\pudNTOR.exe
  C:\Windows\System\pudNTOR.exe
  2⤵
  PID:8972
- C:\Windows\System\WXHxojT.exe
  C:\Windows\System\WXHxojT.exe
  2⤵
  PID:7480
- C:\Windows\System\DKDHKSL.exe
  C:\Windows\System\DKDHKSL.exe
  2⤵
  PID:9248
- C:\Windows\System\zyubGqo.exe
  C:\Windows\System\zyubGqo.exe
  2⤵
  PID:9468
- C:\Windows\System\tfvyWUx.exe
  C:\Windows\System\tfvyWUx.exe
  2⤵
  PID:10780
- C:\Windows\System\HnpNruq.exe
  C:\Windows\System\HnpNruq.exe
  2⤵
  PID:12820
- C:\Windows\System\WCayTMk.exe
  C:\Windows\System\WCayTMk.exe
  2⤵
  PID:11492
- C:\Windows\System\mgMuyCt.exe
  C:\Windows\System\mgMuyCt.exe
  2⤵
  PID:12972
- C:\Windows\System\YDcKtdZ.exe
  C:\Windows\System\YDcKtdZ.exe
  2⤵
  PID:13000
- C:\Windows\System\IXwDROk.exe
  C:\Windows\System\IXwDROk.exe
  2⤵
  PID:13932
- C:\Windows\System\FbmrfSi.exe
  C:\Windows\System\FbmrfSi.exe
  2⤵
  PID:14204
- C:\Windows\System\YkgvvYO.exe
  C:\Windows\System\YkgvvYO.exe
  2⤵
  PID:14120
- C:\Windows\System\UBkcRQW.exe
  C:\Windows\System\UBkcRQW.exe
  2⤵
  PID:13776
- C:\Windows\System\EJWsUqW.exe
  C:\Windows\System\EJWsUqW.exe
  2⤵
  PID:12016
- C:\Windows\System\mGwvpcE.exe
  C:\Windows\System\mGwvpcE.exe
  2⤵
  PID:11416
- C:\Windows\System\CRnIHMf.exe
  C:\Windows\System\CRnIHMf.exe
  2⤵
  PID:12904
- C:\Windows\System\EwadEmg.exe
  C:\Windows\System\EwadEmg.exe
  2⤵
  PID:10832
- C:\Windows\System\WkbHvet.exe
  C:\Windows\System\WkbHvet.exe
  2⤵
  PID:12516
- C:\Windows\System\KSnXopQ.exe
  C:\Windows\System\KSnXopQ.exe
  2⤵
  PID:12608
- C:\Windows\System\fTTcXjD.exe
  C:\Windows\System\fTTcXjD.exe
  2⤵
  PID:12248
- C:\Windows\System\WNqdbfu.exe
  C:\Windows\System\WNqdbfu.exe
  2⤵
  PID:8876
- C:\Windows\System\GUzUsAv.exe
  C:\Windows\System\GUzUsAv.exe
  2⤵
  PID:13156
- C:\Windows\System\orprzXq.exe
  C:\Windows\System\orprzXq.exe
  2⤵
  PID:2004
- C:\Windows\System\EusFJdt.exe
  C:\Windows\System\EusFJdt.exe
  2⤵
  PID:13792
- C:\Windows\System\QIiwRxz.exe
  C:\Windows\System\QIiwRxz.exe
  2⤵
  PID:13176
- C:\Windows\System\txolxKc.exe
  C:\Windows\System\txolxKc.exe
  2⤵
  PID:7624
- C:\Windows\System\gJNbKsd.exe
  C:\Windows\System\gJNbKsd.exe
  2⤵
  PID:3900
- C:\Windows\System\XxgcNqv.exe
  C:\Windows\System\XxgcNqv.exe
  2⤵
  PID:13076
- C:\Windows\System\eJuGDXX.exe
  C:\Windows\System\eJuGDXX.exe
  2⤵
  PID:12448
- C:\Windows\System\MmzpriR.exe
  C:\Windows\System\MmzpriR.exe
  2⤵
  PID:12384
- C:\Windows\System\QyyPYbT.exe
  C:\Windows\System\QyyPYbT.exe
  2⤵
  PID:11792
- C:\Windows\System\aNzxnrh.exe
  C:\Windows\System\aNzxnrh.exe
  2⤵
  PID:11596
- C:\Windows\System\ZHivUOK.exe
  C:\Windows\System\ZHivUOK.exe
  2⤵
  PID:10104
- C:\Windows\System\LgKFFYm.exe
  C:\Windows\System\LgKFFYm.exe
  2⤵
  PID:11880
- C:\Windows\System\TTEFFil.exe
  C:\Windows\System\TTEFFil.exe
  2⤵
  PID:13988
- C:\Windows\System\UCEyryH.exe
  C:\Windows\System\UCEyryH.exe
  2⤵
  PID:13572
- C:\Windows\System\DkPALKC.exe
  C:\Windows\System\DkPALKC.exe
  2⤵
  PID:9556
- C:\Windows\System\XnIkHwK.exe
  C:\Windows\System\XnIkHwK.exe
  2⤵
  PID:13140
- C:\Windows\System\XoXEiLa.exe
  C:\Windows\System\XoXEiLa.exe
  2⤵
  PID:8880
- C:\Windows\System\eRZLDIo.exe
  C:\Windows\System\eRZLDIo.exe
  2⤵
  PID:12728
- C:\Windows\System\AQisvRs.exe
  C:\Windows\System\AQisvRs.exe
  2⤵
  PID:14104
- C:\Windows\System\ycboYqd.exe
  C:\Windows\System\ycboYqd.exe
  2⤵
  PID:12084
- C:\Windows\System\zlWMlVg.exe
  C:\Windows\System\zlWMlVg.exe
  2⤵
  PID:14424
- C:\Windows\System\MxryJJR.exe
  C:\Windows\System\MxryJJR.exe
  2⤵
  PID:14444
- C:\Windows\System\nMZDoju.exe
  C:\Windows\System\nMZDoju.exe
  2⤵
  PID:14468
- C:\Windows\System\HaWmuYH.exe
  C:\Windows\System\HaWmuYH.exe
  2⤵
  PID:14484
- C:\Windows\System\ZOYNlSR.exe
  C:\Windows\System\ZOYNlSR.exe
  2⤵
  PID:14516
- C:\Windows\System\ASuVytF.exe
  C:\Windows\System\ASuVytF.exe
  2⤵
  PID:14536
- C:\Windows\System\cxzCWXu.exe
  C:\Windows\System\cxzCWXu.exe
  2⤵
  PID:14568
- C:\Windows\System\bBnhVMt.exe
  C:\Windows\System\bBnhVMt.exe
  2⤵
  PID:14584
- C:\Windows\System\FoUytAy.exe
  C:\Windows\System\FoUytAy.exe
  2⤵
  PID:14888
- C:\Windows\System\OsaSXzH.exe
  C:\Windows\System\OsaSXzH.exe
  2⤵
  PID:14904
- C:\Windows\System\BvLHJPw.exe
  C:\Windows\System\BvLHJPw.exe
  2⤵
  PID:14976
- C:\Windows\System\OzjGSJX.exe
  C:\Windows\System\OzjGSJX.exe
  2⤵
  PID:15052
- C:\Windows\System\qdXPZui.exe
  C:\Windows\System\qdXPZui.exe
  2⤵
  PID:15068
- C:\Windows\System\enawGpM.exe
  C:\Windows\System\enawGpM.exe
  2⤵
  PID:15096
- C:\Windows\System\SeSrntD.exe
  C:\Windows\System\SeSrntD.exe
  2⤵
  PID:15116
- C:\Windows\System\LmJCqaM.exe
  C:\Windows\System\LmJCqaM.exe
  2⤵
  PID:15132
- C:\Windows\System\iJFHFSE.exe
  C:\Windows\System\iJFHFSE.exe
  2⤵
  PID:15268
- C:\Windows\System\vmyukFX.exe
  C:\Windows\System\vmyukFX.exe
  2⤵
  PID:15284
- C:\Windows\System\uRoJibE.exe
  C:\Windows\System\uRoJibE.exe
  2⤵
  PID:15312
- C:\Windows\System\vkxATzs.exe
  C:\Windows\System\vkxATzs.exe
  2⤵
  PID:15332
- C:\Windows\System\eSXCsFb.exe
  C:\Windows\System\eSXCsFb.exe
  2⤵
  PID:15352

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14956

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14624

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:11316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DVDTNdg.exe

Filesize
1.6MB

MD5
8b2904bf68798af161cc10a340fdf112

SHA1
658c1855535faae0bbb2b042873588154462430a

SHA256
837ed668d178b8fb8b128709ff3c6725f5251c4357da1a7b800b87880f55f408

SHA512
435ccf3c2ba9900623ffd63974a59be2a6a1a7cb34cbccde3f43962622d935c65d52fe90049865d4c8c85addd2abeb2ef0d4cfc96b5466f82addfc4e99636584

Download Submit
C:\Windows\System\DpcdBdm.exe

Filesize
1.6MB

MD5
3423809ed94bb957bb6f9df9633e0700

SHA1
93e3f039f28deac37d66bc33e37eb0df9538cb60

SHA256
21b66972070186edb5eaf44bcd339c58f2fd98bf4662620391b75fae5c0fac65

SHA512
ca40f575ac50061bb4d468d6acb8007e28ff3a6cbda290a3286979713148d2aad0f8fec47ddda9cecf2dc5ddebd8ecf33be056f8f78a3dd134145546bce05916

Download Submit
C:\Windows\System\EFIgmtc.exe

Filesize
1.6MB

MD5
276770040c021a2759c6b38ff3fd9b9a

SHA1
00ec5d8a59bcd76efd2281c6e37182d1c879103e

SHA256
87167ea992015ccbe5dc0b97df2a965ce6155f7bc257d8cc207a2a19b944fa5f

SHA512
f7ab8de7303786b1e388aa45f2f914309e9b8c2d6d417ea9ec7e3afb6cd09d283c52199887bd38d84a0ffc21c425df5524c92ac3febedbb627e2634df9462bd9

Download Submit
C:\Windows\System\JLxDEqp.exe

Filesize
1.6MB

MD5
cdb0cccea1561daea9da444f05aa9d71

SHA1
b7e7c19c8f46ae6eb0cd4dfd7fbf83b5ab02d33a

SHA256
90b04fbfa28ae91d93440247d5f7648b4a7ffda2943d4aad94066e096f9bb3ad

SHA512
e8f49051bf6d76b791799ba8dfa4f1da13ae45182208a1ed7bf8f943aa86fa6968ca2a2f1524d44f0967c4a68476937ca12b8403b9639e31f77b9ea855a7207e

Download Submit
C:\Windows\System\JhIeqpm.exe

Filesize
1.6MB

MD5
35beb62b36f7c2c98991d36896f9b894

SHA1
d43ceddeb32fb6b07b16466e6b04ec966fad2543

SHA256
a9b1ddfe947a4101d95e6f7aaff7086a3b9f3415a19ea3bec2fec2461eaba993

SHA512
75e0cdd3f47bddc8dc0f0dab0ded542628556f0b866f20dff4313190bb29c8956815792654ae495f575b8d1cec3ce84c7c3f8a11814fe4e8f0d98c32b300fb16

Download Submit
C:\Windows\System\LGulNeS.exe

Filesize
1.6MB

MD5
6fad32e51b95e930e7b51d1e9313b1a2

SHA1
a5238526f34c13e6eab2135084f68f355c37e032

SHA256
c4bb5cf80a40639689ce74ed930832d46e65df477bc2a1ac11786854a40a5456

SHA512
6c3f9a0b30c900384f0a48a99cc705ebce1fc31b89eeefab888b0be080a009671dbfe255f10afe004413ab9bfadbeaa7742715d833965042d897e2e089d6c498

Download Submit
C:\Windows\System\LhPHHmo.exe

Filesize
1.6MB

MD5
06f4dca8a237d2ec6033727a605097de

SHA1
7951c6aeee5fcdf940e2d48089726a3ab7a637e5

SHA256
f89aaae8c554f3e43c641876923cbea0a1a80cec477b2f6de86e3a0ea3e44c85

SHA512
6d3f05a7018bcd28f566ffefd65f217d4f64b7ae311b22ca18743e87657b3e45a508d75687b1925ddc225519dad40da0efcc4a8b26dc469b7c56e6532f7ae3fb

Download Submit
C:\Windows\System\OcmnLRN.exe

Filesize
1.6MB

MD5
bae8a1c864a647615de1fb693855da76

SHA1
d035e9cd4c781cb2713f5cdb73e5f83f293dac5f

SHA256
6218c911fc24324d5cb9cf292fd0f825d37cd1cf3abfc2c401965c514819940e

SHA512
98437e4a4b55e4b205fb1f4b4bfa55db39d40c65fe260eaf251d512ce39c93469038933a73066595623a6b85121cd4d2f9df04588390dba73bff8e66fa81046c

Download Submit
C:\Windows\System\PZssQnX.exe

Filesize
1.6MB

MD5
803fc3c9f15ed75212f92c80734fb680

SHA1
870f0490aedf7d353e3a3ab8ab08f8daaed6f8a9

SHA256
771fa9b03861b66785dfe346dac532a1c811ee065e5f910b0b7dc9cb4ea4a9e8

SHA512
ddda8ddd181a7bd2dacca842af32789a35de88f39bfe1b9a4cbc6e71dd28da2b5106f429b814fbd258690159ea1f626a33beb1466a4f63746b31ff5e258ce3b5

Download Submit
C:\Windows\System\SDwNCbX.exe

Filesize
1.6MB

MD5
0188cae3dd825e666377e8989c5f693c

SHA1
4a75a717b79963baaad3c2939636465611153012

SHA256
006654733d8f147e1451a021e32fc7b38b98f11f8893222169e613b981a76fae

SHA512
dea77bcac013ccdeae22ac4e9185ee8cef1d98a1868aafbf4ddedc1b34cb46736f50f4aa01fa4a07bfdc8df8f615b9a434908ae673a27e205263ab68fdffda55

Download Submit
C:\Windows\System\SGfSenD.exe

Filesize
1.6MB

MD5
48dc2c2afa85896d7fbecc587bceeb4f

SHA1
5571500eeab85f1f28c9bb4e9f04075049504544

SHA256
07c1d837b140975ea66b9704329fbb3eff4d7a50bc5c160e76c5523416b8dcb5

SHA512
6536c14c9e46ffb8986adf9d377be2f4b1ed147ea7f34ff5bcdc7cdf36028fc622fc8b67c3314fb7bc2bbcfd85847002f910e7de4adaa8c79a922df4fff20128

Download Submit
C:\Windows\System\SjBmLhq.exe

Filesize
1.6MB

MD5
ed21654108dac47ee85d95e359fe0b50

SHA1
7643938a93415b8c1c6a01ee2b2a50fbadb9d444

SHA256
611ec8f1bc2d491118e100d4d3ff2d5a82bab57a9deb4b1648c70aa59afd3f79

SHA512
c679a0917f64d9df2bf963673275e67f6e83ee4301aa021a74d43bb1a4eb2275b7c598d88679e9a50da9a5efe54baf97823ddc0f1f4f07bfd373737b322934af

Download Submit
C:\Windows\System\VWMcRJz.exe

Filesize
1.6MB

MD5
5c045d7c351f569068701ff41276a3a3

SHA1
01c408869073ed4f33832f8af6ee58dd8251eede

SHA256
3beac5442b6494d37675780400cd980c09042586c7d8b3e3c1dfaf3da9ddd8f4

SHA512
fdb391dc328f28784677f15462b07ba22dff5301e565446228bbeb629898878a27ec055ec3ebd124486c7444948e8f84746e9f1e10491e9d2ced21b6c60514c8

Download Submit
C:\Windows\System\VeeiIqP.exe

Filesize
1.6MB

MD5
f8e7922c76e8a0f274759ffe11caa06f

SHA1
724d64df967a7e98c2bece7bf02ca8f8044b5c10

SHA256
623c293663043faf512e97b4a1f9074f72a83e4310026901959873dbe5832ffe

SHA512
317e7ddd84628d19c105f3a64a6fe0c4cbe24da4b069ac5d194a962a97305a3fd9f1d1679c573e9d07a857e618faef40aa54df53bb4759b0ba468b8f2f56e45e

Download Submit
C:\Windows\System\WQjoFwr.exe

Filesize
1.6MB

MD5
3f1a4bfa90126b4496faf11ec9119d93

SHA1
7215ac134d0188396de835a913df35d80bec34ca

SHA256
b9c7c3d1dd6fa02b8f765fd17e90752ec05a310a3f7d4533e7d3b2c03e802085

SHA512
a6b81c544705d724b88864d9d08aa7653a3eb4401ac9e35a1051fa1e8b828fc4529d887d7f1f0c5fb2cd9f00b2766a0d60bb3161d7896cb74d83266fa6e565a6

Download Submit
C:\Windows\System\XMBrbvk.exe

Filesize
1.6MB

MD5
11d98a985f97b07553cca2c6ac3ad27b

SHA1
67e7ade4f528a9144fb59598ff66f61cf6d63282

SHA256
88333717428f1d16c72626d5b3e21b17f2a0d8eec531780145545dec039a1499

SHA512
4023f35b524177ae11474af50bb566a68934ddc7d5e7c96aeefa8a3c10ee41b06862467f52661ec2fb832fb9c6d3784ae88540f07d299d92fbdde3b493d023bd

Download Submit
C:\Windows\System\XrBOWQq.exe

Filesize
1.6MB

MD5
f5e28e91fed29c0340435ec061fb9e29

SHA1
6836224a5d5e26062c0c8d3f7e3a5e76132219a0

SHA256
b2c77920fc3b8add997e27a9f9bc303fca9ed25a90d2ea79ff4425393b25cf8b

SHA512
35ea2303b329e4db6bc102a9d41fb0002014c4160b57f7830ed5c693c7a5ce74abe49336e5fe45da5abcc5f5af3aff26d9b2f2ad11c43abe3902c437e38e1e38

Download Submit
C:\Windows\System\YyGqNvy.exe

Filesize
1.6MB

MD5
88c17e77c84d03aabc009c62da36ac51

SHA1
844b64fcd5c86a19526053b708c04315dcdb1d29

SHA256
0dc42ab6ccce3cd7fc8579265be7040bd5748425b9bfed736d1533507cd48914

SHA512
04a535328146ec93906405c6f2d0b177f83119f466264a379ec0de237b8b10076aa4a37a2538adc824b598f6afca6d061ca0e05a9977c21a70c15bab8c081b0c

Download Submit
C:\Windows\System\ZNBWUGV.exe

Filesize
1.6MB

MD5
15fb541f6b9222e83d282c10dbb1acd4

SHA1
894c6750071f3a1fd0e4c8be60034a2754d11fe4

SHA256
6d836be2f8ddad6b4992bdd16f1d8ceeba555778af9ca012f27a39abeae9bedb

SHA512
45faa6f919804787ef337e04c8e44064370e975d43617819df2a38f7e6de2de4bcb3172459178f7d2f0ecbc91fc8f89d5cc740703cbf62234039eeea0b4d1783

Download Submit
C:\Windows\System\aOTpdSv.exe

Filesize
1.6MB

MD5
8d824039a311943ba1f6a8080a7ef87c

SHA1
3019d108e9efd7bfb0dc8505c5b890b001b700e0

SHA256
e3b005946bc1c0bcd5d9b54e89a52367bbed8244eb7004918c4c063fa8a966fd

SHA512
058d6c0f52410ba834c5c941c33e25954a2394a6eb2294118ed99afc4f058961fbd4383c2942f8035cf21c14e58cebf7c29219f4ab1aac952a1fc62c5626783b

Download Submit
C:\Windows\System\cTDAVHo.exe

Filesize
1.6MB

MD5
cb05af3eb7d870d503cb92029ae37995

SHA1
cc8fd93f4911210d08aa8da28d2a004af8e7ce9d

SHA256
8c5132f51289d3e94a1a431b7ce2ac87a7144e28bd003cf8aa706f5ec9017961

SHA512
5bb49911ea98defc8934b4fec49937d92c2398d924b2a8d65fc96116b896a5eba90640f68c37577f5fbdeec8f45f6a4680e1e6a481d2830761d1e808f5c1b123

Download Submit
C:\Windows\System\dGYTzCe.exe

Filesize
1.6MB

MD5
527c36a01c4eac7298019eebaa03ec45

SHA1
6e6320c2b793ddbca082051f2d4a81e15a9d318a

SHA256
2c63212316c2a5b99f274a43b8aea388b30078e3d386eb69ccd7c20da5f88965

SHA512
b6e4709ba2e06a9c1f915c2846d7b4326a6b7937e74401046695eb101b7a51e046d7c3f0bd1b202c3bc81732cf1573bdd601e1e053e02fbe62b738fb49fae4ce

Download Submit
C:\Windows\System\dLpUQQk.exe

Filesize
1.6MB

MD5
7b384a02d795d0e62a9bf98f07963fc5

SHA1
20980e9f40148b1fbb0363df62550416ba628d43

SHA256
0fd1c5dab13e7116451b66ef3beac63bf8c496691cc9ed12fed0eb5398eb3c83

SHA512
8cb3f6d1d97b40da1d32f2387b0b0c59dc328f016006f15b7452cc9a73941251d17150791be127e625d79f0995a4dd5ac8c1ae5776df4d86f3b08b4788d152d6

Download Submit
C:\Windows\System\eFyLJEk.exe

Filesize
1.6MB

MD5
fa40dd6fe543ffd72a189d774da4d9cc

SHA1
9d088ea4e5f7bf09c5896ce5d0bf71119899e972

SHA256
3bd3917d211196deea88de0ceeb2ab4e2874f3377d8cd58e62ccc8031ccccb1b

SHA512
7f71bde32d4e51e2b23d0e18696a126841b758fccf073e7b8216b4e352deb44bb05d5ff8e055446e31913a790ab881329fa26a6515d557d6927124fb8043e9a1

Download Submit
C:\Windows\System\gfNcXor.exe

Filesize
1.6MB

MD5
2c9b661ea3aa6c52a2fd46774d42c803

SHA1
223fd70e72f6179d88e10adc2c717ccd9b8b669e

SHA256
b1aca7631351db1797e34758662565f8036c7348cd3eaf4183c682498ea13db5

SHA512
88caa4316b5ad24280cae0aec225640ab64700a23a1d7734ee203a1726b2b869a1d33762ce0b51da2bead101ca779d31e0172994395868d02bea993eba9622ae

Download Submit
C:\Windows\System\gkuzxmS.exe

Filesize
1.6MB

MD5
31f3d3380d7448be5e273d6c148a28dc

SHA1
471fbf0392a8a16bb9858e81da5cc85d97321b2f

SHA256
313e58735c139ce714e0c68aa5b558a660bdb8bc93c57b6033d9cb5a0d2ba057

SHA512
6d94001a159fc8bbc39fba0f3d78b5e404d2b643edcc7af0601a740b3b517153333e04760e9391c3b770ccb4279d10aa34c30cff56f892859458cd265d79a00d

Download Submit
C:\Windows\System\iRYNXGs.exe

Filesize
1.6MB

MD5
07155d802f58e8a62456e18ee13a48cf

SHA1
abec624ffc8a36b55d4b15b497b216ac4088b5ba

SHA256
91f0af642a5b6f42305722570a680cb95d1398df14be5d388bbef6df5b94e5d8

SHA512
8f72cf22ab0ed5534dee0610e00a1c3b018a0a11c9dca5637c51fb14a4b5ca58eb91064ab490d748bc094822ce0d267c78f5ea27b85e663cd19947e266545066

Download Submit
C:\Windows\System\jNqWCoe.exe

Filesize
1.6MB

MD5
f6f0fea9055234a633e5757d8a2606f5

SHA1
fbe45bcb332072d2e4d2e7cfb1ea0c463039ddd1

SHA256
877e33467e165ecf382f03da00f3a09089847cc3f66ae7e29ee795dbab051a97

SHA512
08da2f07a71ec659a9e15cd9f2ca06b6c476fa5f086f4a0ed7f20c4f2c289e3ae3a10d215a5d1e8b33c0bdd5f754b66e23197e9a2648b9b6ae858d2e7b6dc6d4

Download Submit
C:\Windows\System\kOrsGPC.exe

Filesize
1.6MB

MD5
a2607039401001300bd9d319dd4922dd

SHA1
c44457d7f32c38c08a80a8278e969daf475a5837

SHA256
7a5a127cb6a65c8ddeb0b944e3590c6f99b80bb179a54533cd7c52d36bc5abe4

SHA512
123aaa64014107ad6a3d89e27ebf6048c8a62e5ed9a455075fdfa296a9594033bea03b5e9507fb7813648af80acc31af9664ad5cffaa2dd14a27e73abc07cc9d

Download Submit
C:\Windows\System\ljWsgZh.exe

Filesize
1.6MB

MD5
81da119f89277fc147942fdc36c920fa

SHA1
6e87950596d840288fc3bbb7f8e2cad04ca9ec26

SHA256
8da94a856cf76fdbc2708d8c90066adea4b7f6acc2ca3781988013ec3a5cc745

SHA512
daebeed439da67e6715eaf33686eee6802d4bd92ce12627b5682db5ca2123a1e051362f2e38e789386bed247e9fb0c7dcd361eb80e9c0bf8546fe1468d77ce06

Download Submit
C:\Windows\System\mUoilHe.exe

Filesize
1.6MB

MD5
890c61ac7976037c5f63c524e8c9887a

SHA1
595aa1280afb4a9442cfa0e452c7c953ef260465

SHA256
c5437ecedbe5ea8a5aec507676afd2a218f77ecb3b41dec5bd1efa01128de75e

SHA512
fee42f5879ad4ca11ce8666859cb0f6df43cb006de2c0497ffa96a6ef2446f088e8408762f0d8f7029fa04650f596b95818e90e4994358a375a466eb6056f458

Download Submit
C:\Windows\System\nUVkrpf.exe

Filesize
1.6MB

MD5
d8ebb2f6e1eb99523caff7cf764d808a

SHA1
2c2a79b1a8d02dd6326c39d9195e726d12c243ee

SHA256
7c5226e3fb9209f9ada7535b800073665e0c87dc6dfaca8b343780a6e5fe0555

SHA512
881eb443bbf6b0d22beb726fa3fc22df4c264e3b003b6921d8fa8813239f109624f5be2fd3dee2f097b1cbfba48c57f1332e7540a94906436080463a0a741bd8

Download Submit
C:\Windows\System\otJJbPb.exe

Filesize
1.6MB

MD5
0b8af99e7c5df3f87e1f881bd0f1d49f

SHA1
6f553e6446deefd0ed1f09578da6d044a48bd688

SHA256
847132876b8306d919cafff66bd3f17a752a0ed05d19243ff9262e5fc97804ff

SHA512
4de57e610d7b46533d0dfd3ee9ea4a3c67ab6db0ac6c32f70871010aa2823e3deaace8b5952fc609c119833c098d252fb3f3137bc6fcb83225ae6131fc829278

Download Submit
C:\Windows\System\puKPoEz.exe

Filesize
1.6MB

MD5
0b76ba7dda060b52fa2f7c4752d6a3a3

SHA1
21ecab6568a7b8081ca0ff8872c17460a3b4801e

SHA256
b98886c6886e0f4d24b46b8b73efabb48e9749c8544b37af7f8ccf0eea9ac0f4

SHA512
a15c8c5a42ee2eecfbe94dbf29da3232ecac9ac25d955fc968b95c886f17351d5ff91a0c796b25e8bb5b3baefe21ed70162aefa6f1f34fe17ac11447a49f58e1

Download Submit
C:\Windows\System\rJZLcvx.exe

Filesize
1.6MB

MD5
b70da9c065b9515a2faa4a9d317aae89

SHA1
a0d9152326d99178cc5b606172e8561ad31d3bfc

SHA256
595bd9b496a8b34ebdee73bcf7b2024a804dfcbd86806edcdf69080205db7049

SHA512
71fd980187e4921d37af1020a9a76a07b40f4b3a49bd2cca39ab0d122e2fecdbdad765e1d12ab81551d91701a1e822a566b1030ce2df5e69e09a345030cb5cea

Download Submit
C:\Windows\System\tNNfaKK.exe

Filesize
1.6MB

MD5
d60435bd191b56b5e7a10a6c039652b5

SHA1
3fd068ccac3d819047c0ccfc6ac91ef8510185f9

SHA256
b55726305f45acdeabe9293799b7a3b35ad24a77cef979d7b0afb5f772ec3735

SHA512
84b435465d7c7ca63ad2144ef20c249bd403d9c45697ff8a6df3a1e7d1c8299c0444d3f758f0d7595e3be3c1f582a9487e084b05896ae8dd09a2418ff7e91aca

Download Submit
C:\Windows\System\uaCYlKj.exe

Filesize
1.6MB

MD5
96a5da7abf548f41da8087be5202d061

SHA1
6ddfae1ed465aa280470746ca361dd27008b951a

SHA256
8c2e1cda60ed9931eab35d9744ed06a16a398888b0a097efa8a0507c6ae6326c

SHA512
fb5671ef485e096d85ae5a86fe46fdeb2bf48719d5fadd7c51a807f8feee2ec343adaaf6a96577ae86d63dff5cbd7f86ce69b08c36b22944708c50364cccda71

Download Submit
C:\Windows\System\ubHJONR.exe

Filesize
1.6MB

MD5
71e9fa2b91a921b3da501593c29474be

SHA1
8ed42f3c2a1b0fcd3d0b92d21d892a2d524166d8

SHA256
c43e5edc1f3843ab192d25aede63ca2deb0585ad20a20ecd8ea1be14664e859b

SHA512
00f4336de80b6c2f9537d2cab197567cb6c95ce6bc37bd8e18d2c0fe99c177298d570131e601dc0d11e03c69e616c15ae4bb5b71daeb7c8790f50c9db6dd9df4

Download Submit
C:\Windows\System\yGCVfsq.exe

Filesize
1.6MB

MD5
f333ae9afa9ba0ab10ade91a1a3f9804

SHA1
f28e155aa415ba779e5e6fb6fd24894f080f4bfb

SHA256
f48573abff95e7ed3504fd782e4fee135413f2c04445cdb799c3281638d2d157

SHA512
aec75b7e88f22a183e5aaa460ebbef06b6d74b67586329e9215fa1f9e8172e1b5f6c1c3e73c71cc88ad39bb9c1f22eea1d081b0a4007ed681f0b0feedc9f7684

Download Submit
memory/748-2587-0x00007FF694D50000-0x00007FF6950A1000-memory.dmp

Filesize
3.3MB

Download
memory/748-391-0x00007FF694D50000-0x00007FF6950A1000-memory.dmp

Filesize
3.3MB

Download
memory/804-174-0x00007FF7FD1E0000-0x00007FF7FD531000-memory.dmp

Filesize
3.3MB

Download
memory/804-2597-0x00007FF7FD1E0000-0x00007FF7FD531000-memory.dmp

Filesize
3.3MB

Download
memory/936-100-0x00007FF748450000-0x00007FF7487A1000-memory.dmp

Filesize
3.3MB

Download
memory/936-2577-0x00007FF748450000-0x00007FF7487A1000-memory.dmp

Filesize
3.3MB

Download
memory/1140-2571-0x00007FF6BAA40000-0x00007FF6BAD91000-memory.dmp

Filesize
3.3MB

Download
memory/1140-80-0x00007FF6BAA40000-0x00007FF6BAD91000-memory.dmp

Filesize
3.3MB

Download
memory/1428-2601-0x00007FF6329F0000-0x00007FF632D41000-memory.dmp

Filesize
3.3MB

Download
memory/1428-214-0x00007FF6329F0000-0x00007FF632D41000-memory.dmp

Filesize
3.3MB

Download
memory/1524-31-0x00007FF6C72A0000-0x00007FF6C75F1000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2552-0x00007FF6C72A0000-0x00007FF6C75F1000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2569-0x00007FF6C72A0000-0x00007FF6C75F1000-memory.dmp

Filesize
3.3MB

Download
memory/1576-61-0x00007FF7BD7B0000-0x00007FF7BDB01000-memory.dmp

Filesize
3.3MB

Download
memory/1576-2575-0x00007FF7BD7B0000-0x00007FF7BDB01000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2581-0x00007FF655570000-0x00007FF6558C1000-memory.dmp

Filesize
3.3MB

Download
memory/1848-66-0x00007FF655570000-0x00007FF6558C1000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2591-0x00007FF722300000-0x00007FF722651000-memory.dmp

Filesize
3.3MB

Download
memory/2184-294-0x00007FF722300000-0x00007FF722651000-memory.dmp

Filesize
3.3MB

Download
memory/2448-384-0x00007FF6ACFB0000-0x00007FF6AD301000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2616-0x00007FF6ACFB0000-0x00007FF6AD301000-memory.dmp

Filesize
3.3MB

Download
memory/2476-147-0x00007FF768470000-0x00007FF7687C1000-memory.dmp

Filesize
3.3MB

Download
memory/2476-2599-0x00007FF768470000-0x00007FF7687C1000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2565-0x00007FF655860000-0x00007FF655BB1000-memory.dmp

Filesize
3.3MB

Download
memory/2672-34-0x00007FF655860000-0x00007FF655BB1000-memory.dmp

Filesize
3.3MB

Download
memory/2700-393-0x00007FF765F10000-0x00007FF766261000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2628-0x00007FF765F10000-0x00007FF766261000-memory.dmp

Filesize
3.3MB

Download
memory/2736-330-0x00007FF63E2A0000-0x00007FF63E5F1000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2610-0x00007FF63E2A0000-0x00007FF63E5F1000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2589-0x00007FF771200000-0x00007FF771551000-memory.dmp

Filesize
3.3MB

Download
memory/2788-244-0x00007FF771200000-0x00007FF771551000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2619-0x00007FF7FBC90000-0x00007FF7FBFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2872-361-0x00007FF7FBC90000-0x00007FF7FBFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2984-385-0x00007FF646D90000-0x00007FF6470E1000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2573-0x00007FF646D90000-0x00007FF6470E1000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2563-0x00007FF6040A0000-0x00007FF6043F1000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2557-0x00007FF6040A0000-0x00007FF6043F1000-memory.dmp

Filesize
3.3MB

Download
memory/3000-8-0x00007FF6040A0000-0x00007FF6043F1000-memory.dmp

Filesize
3.3MB

Download
memory/3428-0-0x00007FF677960000-0x00007FF677CB1000-memory.dmp

Filesize
3.3MB

Download
memory/3428-1-0x00000236293E0000-0x00000236293F0000-memory.dmp

Filesize
64KB

Download
memory/3428-2449-0x00007FF677960000-0x00007FF677CB1000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2605-0x00007FF7BEDA0000-0x00007FF7BF0F1000-memory.dmp

Filesize
3.3MB

Download
memory/3468-267-0x00007FF7BEDA0000-0x00007FF7BF0F1000-memory.dmp

Filesize
3.3MB

Download
memory/3632-2595-0x00007FF706920000-0x00007FF706C71000-memory.dmp

Filesize
3.3MB

Download
memory/3632-210-0x00007FF706920000-0x00007FF706C71000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2585-0x00007FF762C80000-0x00007FF762FD1000-memory.dmp

Filesize
3.3MB

Download
memory/3636-295-0x00007FF762C80000-0x00007FF762FD1000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2621-0x00007FF706D00000-0x00007FF707051000-memory.dmp

Filesize
3.3MB

Download
memory/3712-360-0x00007FF706D00000-0x00007FF707051000-memory.dmp

Filesize
3.3MB

Download
memory/3844-2567-0x00007FF749910000-0x00007FF749C61000-memory.dmp

Filesize
3.3MB

Download
memory/3844-18-0x00007FF749910000-0x00007FF749C61000-memory.dmp

Filesize
3.3MB

Download
memory/3940-2607-0x00007FF7165D0000-0x00007FF716921000-memory.dmp

Filesize
3.3MB

Download
memory/3940-392-0x00007FF7165D0000-0x00007FF716921000-memory.dmp

Filesize
3.3MB

Download
memory/4012-104-0x00007FF691460000-0x00007FF6917B1000-memory.dmp

Filesize
3.3MB

Download
memory/4012-2579-0x00007FF691460000-0x00007FF6917B1000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2603-0x00007FF725E20000-0x00007FF726171000-memory.dmp

Filesize
3.3MB

Download
memory/4596-171-0x00007FF725E20000-0x00007FF726171000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2593-0x00007FF615250000-0x00007FF6155A1000-memory.dmp

Filesize
3.3MB

Download
memory/4784-389-0x00007FF615250000-0x00007FF6155A1000-memory.dmp

Filesize
3.3MB

Download
memory/4904-390-0x00007FF68FEF0000-0x00007FF690241000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2583-0x00007FF68FEF0000-0x00007FF690241000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2612-0x00007FF7C7C60000-0x00007FF7C7FB1000-memory.dmp

Filesize
3.3MB

Download
memory/5048-326-0x00007FF7C7C60000-0x00007FF7C7FB1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads