xmrig | e2d5b574fa25db568a0fb5401df9ab5aed65d6ee87edefa0ad1d8112380921e5

Analysis

max time kernel
80s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

629766e50d10cdb61d7a9e343d6358b0N.exe
Size

1.9MB
MD5

629766e50d10cdb61d7a9e343d6358b0
SHA1

7bcb9ea47b0ef2aba1e18b475016488d4faa93e2
SHA256

e2d5b574fa25db568a0fb5401df9ab5aed65d6ee87edefa0ad1d8112380921e5
SHA512

5b08a6cacb0c62ff970dbee261310f3ff12a92fef05f8b23b69529a980cfc0a1f933b71e17a36d82c983ef46716db1b2a79d1210b35cdb7511747a80730e0b44
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7fI+7RrTFl6hvVj5:Lz071uv4BPMkyW10/w16BvZX71Fq8+n

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/5096-463-0x00007FF7C1400000-0x00007FF7C17F2000-memory.dmp	xmrig
behavioral2/memory/1060-513-0x00007FF710730000-0x00007FF710B22000-memory.dmp	xmrig
behavioral2/memory/2832-580-0x00007FF6F8A50000-0x00007FF6F8E42000-memory.dmp	xmrig
behavioral2/memory/1568-582-0x00007FF7A63F0000-0x00007FF7A67E2000-memory.dmp	xmrig
behavioral2/memory/4560-2245-0x00007FF69D5B0000-0x00007FF69D9A2000-memory.dmp	xmrig
behavioral2/memory/512-2361-0x00007FF703120000-0x00007FF703512000-memory.dmp	xmrig
behavioral2/memory/3768-2382-0x00007FF645C40000-0x00007FF646032000-memory.dmp	xmrig
behavioral2/memory/3680-2395-0x00007FF61FAD0000-0x00007FF61FEC2000-memory.dmp	xmrig
behavioral2/memory/4072-2345-0x00007FF769710000-0x00007FF769B02000-memory.dmp	xmrig
behavioral2/memory/4860-581-0x00007FF74C8B0000-0x00007FF74CCA2000-memory.dmp	xmrig
behavioral2/memory/1464-579-0x00007FF6CABF0000-0x00007FF6CAFE2000-memory.dmp	xmrig
behavioral2/memory/2208-578-0x00007FF6BAB50000-0x00007FF6BAF42000-memory.dmp	xmrig
behavioral2/memory/1020-577-0x00007FF6B8540000-0x00007FF6B8932000-memory.dmp	xmrig
behavioral2/memory/4484-576-0x00007FF62D260000-0x00007FF62D652000-memory.dmp	xmrig
behavioral2/memory/1968-575-0x00007FF77E770000-0x00007FF77EB62000-memory.dmp	xmrig
behavioral2/memory/728-462-0x00007FF620D90000-0x00007FF621182000-memory.dmp	xmrig
behavioral2/memory/528-411-0x00007FF6F98D0000-0x00007FF6F9CC2000-memory.dmp	xmrig
behavioral2/memory/4580-356-0x00007FF6DC810000-0x00007FF6DCC02000-memory.dmp	xmrig
behavioral2/memory/3808-333-0x00007FF656D80000-0x00007FF657172000-memory.dmp	xmrig
behavioral2/memory/4760-330-0x00007FF7DDD30000-0x00007FF7DE122000-memory.dmp	xmrig
behavioral2/memory/4840-270-0x00007FF7C0720000-0x00007FF7C0B12000-memory.dmp	xmrig
behavioral2/memory/4404-278-0x00007FF7B18E0000-0x00007FF7B1CD2000-memory.dmp	xmrig
behavioral2/memory/1772-217-0x00007FF7112D0000-0x00007FF7116C2000-memory.dmp	xmrig
behavioral2/memory/5012-154-0x00007FF6DE2E0000-0x00007FF6DE6D2000-memory.dmp	xmrig
behavioral2/memory/2716-74-0x00007FF759390000-0x00007FF759782000-memory.dmp	xmrig
behavioral2/memory/4072-3999-0x00007FF769710000-0x00007FF769B02000-memory.dmp	xmrig
behavioral2/memory/1772-4001-0x00007FF7112D0000-0x00007FF7116C2000-memory.dmp	xmrig
behavioral2/memory/512-4003-0x00007FF703120000-0x00007FF703512000-memory.dmp	xmrig
behavioral2/memory/2716-4008-0x00007FF759390000-0x00007FF759782000-memory.dmp	xmrig
behavioral2/memory/5012-4015-0x00007FF6DE2E0000-0x00007FF6DE6D2000-memory.dmp	xmrig
behavioral2/memory/4404-4026-0x00007FF7B18E0000-0x00007FF7B1CD2000-memory.dmp	xmrig
behavioral2/memory/3680-4028-0x00007FF61FAD0000-0x00007FF61FEC2000-memory.dmp	xmrig
behavioral2/memory/3768-4030-0x00007FF645C40000-0x00007FF646032000-memory.dmp	xmrig
behavioral2/memory/1464-4034-0x00007FF6CABF0000-0x00007FF6CAFE2000-memory.dmp	xmrig
behavioral2/memory/4580-4040-0x00007FF6DC810000-0x00007FF6DCC02000-memory.dmp	xmrig
behavioral2/memory/3808-4046-0x00007FF656D80000-0x00007FF657172000-memory.dmp	xmrig
behavioral2/memory/4760-4048-0x00007FF7DDD30000-0x00007FF7DE122000-memory.dmp	xmrig
behavioral2/memory/1060-4050-0x00007FF710730000-0x00007FF710B22000-memory.dmp	xmrig
behavioral2/memory/4860-4052-0x00007FF74C8B0000-0x00007FF74CCA2000-memory.dmp	xmrig
behavioral2/memory/4484-4054-0x00007FF62D260000-0x00007FF62D652000-memory.dmp	xmrig
behavioral2/memory/528-4043-0x00007FF6F98D0000-0x00007FF6F9CC2000-memory.dmp	xmrig
behavioral2/memory/2832-4039-0x00007FF6F8A50000-0x00007FF6F8E42000-memory.dmp	xmrig
behavioral2/memory/4840-4037-0x00007FF7C0720000-0x00007FF7C0B12000-memory.dmp	xmrig
behavioral2/memory/1568-4077-0x00007FF7A63F0000-0x00007FF7A67E2000-memory.dmp	xmrig
behavioral2/memory/5096-4069-0x00007FF7C1400000-0x00007FF7C17F2000-memory.dmp	xmrig
behavioral2/memory/2208-4081-0x00007FF6BAB50000-0x00007FF6BAF42000-memory.dmp	xmrig
behavioral2/memory/1020-4082-0x00007FF6B8540000-0x00007FF6B8932000-memory.dmp	xmrig
behavioral2/memory/1968-4103-0x00007FF77E770000-0x00007FF77EB62000-memory.dmp	xmrig
behavioral2/memory/728-4095-0x00007FF620D90000-0x00007FF621182000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1416	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4072	AvRyRrR.exe
512	nynXwQJ.exe
3768	xUNlZge.exe
2716	PRbMfMd.exe
1464	nwWqRno.exe
3680	QuufTag.exe
5012	mXfaDAw.exe
1772	ArveCbo.exe
2832	nDfstGW.exe
4840	lpAsFpZ.exe
4404	fpMTtZx.exe
4760	NHzgtXa.exe
3808	IyxampU.exe
4860	wLJcMfD.exe
4580	hTEekDV.exe
528	XYvLeNG.exe
728	tjKbLTp.exe
5096	IzsOGVt.exe
1060	gZZPMFw.exe
1968	qIZFnvR.exe
4484	pMkgnMN.exe
1568	KSTtPow.exe
1020	OsGcsWG.exe
2208	ETHcdDd.exe
1028	iqvSrJS.exe
2324	KJtJPEr.exe
2424	kqwJPid.exe
3952	wgcbBpn.exe
2540	stMJiyO.exe
1240	TqAueUg.exe
2220	ZCnXZev.exe
3068	utJIQdJ.exe
1952	oWHPYjB.exe
1212	kiEtxiq.exe
2352	ZtLGWnC.exe
1768	oORMMrY.exe
1244	inLNXlL.exe
2736	OdAYDTJ.exe
2108	sRfzMpv.exe
2292	jNFCpOk.exe
4064	WYsyBWc.exe
3060	ObGwEmS.exe
8	vhrKEzg.exe
1080	MRHjRfv.exe
4968	QTWjwkl.exe
2948	AJsjvnS.exe
1596	hFACbfG.exe
3444	rHBDszZ.exe
5092	ALGbiAT.exe
1372	bCQyifA.exe
4568	TtUdnVq.exe
4056	gRfBRJJ.exe
2912	zXpRsRZ.exe
1732	UPSKTRt.exe
2600	NvGmDXh.exe
4920	UMVuGwB.exe
2112	vmsrZdu.exe
2808	clIoTXl.exe
228	jgiuFZY.exe
2376	pOCdFlS.exe
4432	mFhuUlo.exe
1168	OAIyUpI.exe
2064	CuuXGgq.exe
1096	jWRyjMP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4560-0-0x00007FF69D5B0000-0x00007FF69D9A2000-memory.dmp	upx
behavioral2/files/0x000700000002347f-37.dat	upx
behavioral2/memory/512-43-0x00007FF703120000-0x00007FF703512000-memory.dmp	upx
behavioral2/memory/3768-69-0x00007FF645C40000-0x00007FF646032000-memory.dmp	upx
behavioral2/files/0x0007000000023492-132.dat	upx
behavioral2/files/0x000700000002349f-209.dat	upx
behavioral2/memory/5096-463-0x00007FF7C1400000-0x00007FF7C17F2000-memory.dmp	upx
behavioral2/memory/1060-513-0x00007FF710730000-0x00007FF710B22000-memory.dmp	upx
behavioral2/memory/2832-580-0x00007FF6F8A50000-0x00007FF6F8E42000-memory.dmp	upx
behavioral2/memory/1568-582-0x00007FF7A63F0000-0x00007FF7A67E2000-memory.dmp	upx
behavioral2/memory/4560-2245-0x00007FF69D5B0000-0x00007FF69D9A2000-memory.dmp	upx
behavioral2/memory/512-2361-0x00007FF703120000-0x00007FF703512000-memory.dmp	upx
behavioral2/memory/3768-2382-0x00007FF645C40000-0x00007FF646032000-memory.dmp	upx
behavioral2/memory/3680-2395-0x00007FF61FAD0000-0x00007FF61FEC2000-memory.dmp	upx
behavioral2/memory/4072-2345-0x00007FF769710000-0x00007FF769B02000-memory.dmp	upx
behavioral2/memory/4860-581-0x00007FF74C8B0000-0x00007FF74CCA2000-memory.dmp	upx
behavioral2/memory/1464-579-0x00007FF6CABF0000-0x00007FF6CAFE2000-memory.dmp	upx
behavioral2/memory/2208-578-0x00007FF6BAB50000-0x00007FF6BAF42000-memory.dmp	upx
behavioral2/memory/1020-577-0x00007FF6B8540000-0x00007FF6B8932000-memory.dmp	upx
behavioral2/memory/4484-576-0x00007FF62D260000-0x00007FF62D652000-memory.dmp	upx
behavioral2/memory/1968-575-0x00007FF77E770000-0x00007FF77EB62000-memory.dmp	upx
behavioral2/memory/728-462-0x00007FF620D90000-0x00007FF621182000-memory.dmp	upx
behavioral2/memory/528-411-0x00007FF6F98D0000-0x00007FF6F9CC2000-memory.dmp	upx
behavioral2/memory/4580-356-0x00007FF6DC810000-0x00007FF6DCC02000-memory.dmp	upx
behavioral2/memory/3808-333-0x00007FF656D80000-0x00007FF657172000-memory.dmp	upx
behavioral2/memory/4760-330-0x00007FF7DDD30000-0x00007FF7DE122000-memory.dmp	upx
behavioral2/memory/4840-270-0x00007FF7C0720000-0x00007FF7C0B12000-memory.dmp	upx
behavioral2/memory/4404-278-0x00007FF7B18E0000-0x00007FF7B1CD2000-memory.dmp	upx
behavioral2/files/0x00070000000234a0-210.dat	upx
behavioral2/files/0x000700000002349e-205.dat	upx
behavioral2/files/0x000700000002348d-202.dat	upx
behavioral2/files/0x000700000002349d-200.dat	upx
behavioral2/files/0x000700000002348c-196.dat	upx
behavioral2/files/0x0007000000023484-190.dat	upx
behavioral2/files/0x000700000002349c-181.dat	upx
behavioral2/files/0x000700000002349b-178.dat	upx
behavioral2/files/0x000700000002349a-173.dat	upx
behavioral2/files/0x000700000002348f-170.dat	upx
behavioral2/memory/1772-217-0x00007FF7112D0000-0x00007FF7116C2000-memory.dmp	upx
behavioral2/files/0x0007000000023498-158.dat	upx
behavioral2/memory/5012-154-0x00007FF6DE2E0000-0x00007FF6DE6D2000-memory.dmp	upx
behavioral2/files/0x0007000000023495-145.dat	upx
behavioral2/files/0x0007000000023494-144.dat	upx
behavioral2/files/0x0007000000023493-139.dat	upx
behavioral2/files/0x0007000000023487-133.dat	upx
behavioral2/files/0x0007000000023486-127.dat	upx
behavioral2/files/0x0007000000023483-186.dat	upx
behavioral2/files/0x0007000000023485-126.dat	upx
behavioral2/files/0x000700000002348b-123.dat	upx
behavioral2/files/0x0007000000023491-122.dat	upx
behavioral2/files/0x0007000000023488-166.dat	upx
behavioral2/files/0x0007000000023499-163.dat	upx
behavioral2/memory/3680-110-0x00007FF61FAD0000-0x00007FF61FEC2000-memory.dmp	upx
behavioral2/files/0x000700000002347c-109.dat	upx
behavioral2/files/0x0007000000023497-151.dat	upx
behavioral2/files/0x0007000000023496-149.dat	upx
behavioral2/files/0x0007000000023481-97.dat	upx
behavioral2/files/0x0007000000023480-94.dat	upx
behavioral2/files/0x0007000000023482-85.dat	upx
behavioral2/files/0x0007000000023490-121.dat	upx
behavioral2/files/0x0007000000023489-83.dat	upx
behavioral2/files/0x000700000002347d-79.dat	upx
behavioral2/files/0x000700000002348e-102.dat	upx
behavioral2/memory/2716-74-0x00007FF759390000-0x00007FF759782000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NDEWqvc.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\lUUoPcb.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\qkCWGJM.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\UIZLczG.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\hsQLrKr.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\nWmAAUC.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\AjoRrSg.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\YDFOXhd.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\NAXDVxN.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\fUFsLHF.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\ATzeymt.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\LQfFenR.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\LloPGBh.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\DfAuDMc.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\ppgllCv.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\HJsNXzD.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\dNPfBXt.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\IKpWbMc.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\WJyYcMF.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\mbBtVnA.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\iYKpfqw.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\yEvjakq.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\MbpLvBg.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\mXfaDAw.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\AXkExpT.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\drwGVkj.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\cmYRUoU.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\JqMncBj.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\WsWEChR.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\vPjnDxd.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\hbHJHyW.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\rvzVnhk.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\bEiplEs.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\nVKnelj.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\TtfPPxM.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\yVBaiwg.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\HDtroad.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\KfNgWGT.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\FzSnqfv.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\tIdUfFj.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\KVmzECi.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\inwlbXw.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\cWcNPko.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\fGtHaap.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\lTKtsAP.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\jBAhsfC.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\eGDsFeD.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\XjKeStM.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\WWoaxsE.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\rDLKezH.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\PvucGhm.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\yZssHSG.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\lxnJBqH.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\vZxHeEX.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\VbcObJR.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\nQKAMWY.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\vVLwWZp.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\jWRyjMP.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\yRSwWRk.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\eSiDAKm.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\JvPeiOD.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\tOtFyyn.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\LeQOATf.exe	629766e50d10cdb61d7a9e343d6358b0N.exe
File created	C:\Windows\System\ekgKpUz.exe	629766e50d10cdb61d7a9e343d6358b0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1416	powershell.exe
1416	powershell.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4560	629766e50d10cdb61d7a9e343d6358b0N.exe
Token: SeLockMemoryPrivilege	4560	629766e50d10cdb61d7a9e343d6358b0N.exe
Token: SeDebugPrivilege	1416	powershell.exe
Token: SeCreateGlobalPrivilege	13956	dwm.exe
Token: SeChangeNotifyPrivilege	13956	dwm.exe
Token: 33	13956	dwm.exe
Token: SeIncBasePriorityPrivilege	13956	dwm.exe
Token: SeCreateGlobalPrivilege	13976	dwm.exe
Token: SeChangeNotifyPrivilege	13976	dwm.exe
Token: 33	13976	dwm.exe
Token: SeIncBasePriorityPrivilege	13976	dwm.exe
Token: SeCreateGlobalPrivilege	1544	dwm.exe
Token: SeChangeNotifyPrivilege	1544	dwm.exe
Token: 33	1544	dwm.exe
Token: SeIncBasePriorityPrivilege	1544	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 1416	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	88
PID 4560 wrote to memory of 1416	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	88
PID 4560 wrote to memory of 4072	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	89
PID 4560 wrote to memory of 4072	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	89
PID 4560 wrote to memory of 512	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	90
PID 4560 wrote to memory of 512	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	90
PID 4560 wrote to memory of 3768	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	91
PID 4560 wrote to memory of 3768	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	91
PID 4560 wrote to memory of 2716	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	92
PID 4560 wrote to memory of 2716	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	92
PID 4560 wrote to memory of 1464	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	93
PID 4560 wrote to memory of 1464	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	93
PID 4560 wrote to memory of 3680	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	94
PID 4560 wrote to memory of 3680	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	94
PID 4560 wrote to memory of 5012	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	95
PID 4560 wrote to memory of 5012	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	95
PID 4560 wrote to memory of 1772	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	96
PID 4560 wrote to memory of 1772	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	96
PID 4560 wrote to memory of 2832	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	97
PID 4560 wrote to memory of 2832	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	97
PID 4560 wrote to memory of 4840	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	98
PID 4560 wrote to memory of 4840	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	98
PID 4560 wrote to memory of 4404	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	99
PID 4560 wrote to memory of 4404	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	99
PID 4560 wrote to memory of 4760	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	100
PID 4560 wrote to memory of 4760	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	100
PID 4560 wrote to memory of 1060	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	101
PID 4560 wrote to memory of 1060	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	101
PID 4560 wrote to memory of 3808	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	102
PID 4560 wrote to memory of 3808	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	102
PID 4560 wrote to memory of 4860	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	103
PID 4560 wrote to memory of 4860	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	103
PID 4560 wrote to memory of 4580	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	104
PID 4560 wrote to memory of 4580	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	104
PID 4560 wrote to memory of 528	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	105
PID 4560 wrote to memory of 528	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	105
PID 4560 wrote to memory of 728	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	106
PID 4560 wrote to memory of 728	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	106
PID 4560 wrote to memory of 5096	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	107
PID 4560 wrote to memory of 5096	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	107
PID 4560 wrote to memory of 1028	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	108
PID 4560 wrote to memory of 1028	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	108
PID 4560 wrote to memory of 1968	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	109
PID 4560 wrote to memory of 1968	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	109
PID 4560 wrote to memory of 4484	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	110
PID 4560 wrote to memory of 4484	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	110
PID 4560 wrote to memory of 1568	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	111
PID 4560 wrote to memory of 1568	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	111
PID 4560 wrote to memory of 2352	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	112
PID 4560 wrote to memory of 2352	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	112
PID 4560 wrote to memory of 1020	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	113
PID 4560 wrote to memory of 1020	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	113
PID 4560 wrote to memory of 2208	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	114
PID 4560 wrote to memory of 2208	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	114
PID 4560 wrote to memory of 2324	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	115
PID 4560 wrote to memory of 2324	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	115
PID 4560 wrote to memory of 2424	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	116
PID 4560 wrote to memory of 2424	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	116
PID 4560 wrote to memory of 3952	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	117
PID 4560 wrote to memory of 3952	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	117
PID 4560 wrote to memory of 2540	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	118
PID 4560 wrote to memory of 2540	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	118
PID 4560 wrote to memory of 1240	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	119
PID 4560 wrote to memory of 1240	4560	629766e50d10cdb61d7a9e343d6358b0N.exe	119

C:\Users\Admin\AppData\Local\Temp\629766e50d10cdb61d7a9e343d6358b0N.exe
"C:\Users\Admin\AppData\Local\Temp\629766e50d10cdb61d7a9e343d6358b0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1416
- C:\Windows\System\AvRyRrR.exe
  C:\Windows\System\AvRyRrR.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\nynXwQJ.exe
  C:\Windows\System\nynXwQJ.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\xUNlZge.exe
  C:\Windows\System\xUNlZge.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\PRbMfMd.exe
  C:\Windows\System\PRbMfMd.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\nwWqRno.exe
  C:\Windows\System\nwWqRno.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\QuufTag.exe
  C:\Windows\System\QuufTag.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\mXfaDAw.exe
  C:\Windows\System\mXfaDAw.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\ArveCbo.exe
  C:\Windows\System\ArveCbo.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\nDfstGW.exe
  C:\Windows\System\nDfstGW.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\lpAsFpZ.exe
  C:\Windows\System\lpAsFpZ.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\fpMTtZx.exe
  C:\Windows\System\fpMTtZx.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\NHzgtXa.exe
  C:\Windows\System\NHzgtXa.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\gZZPMFw.exe
  C:\Windows\System\gZZPMFw.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\IyxampU.exe
  C:\Windows\System\IyxampU.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\wLJcMfD.exe
  C:\Windows\System\wLJcMfD.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\hTEekDV.exe
  C:\Windows\System\hTEekDV.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\XYvLeNG.exe
  C:\Windows\System\XYvLeNG.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\tjKbLTp.exe
  C:\Windows\System\tjKbLTp.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\IzsOGVt.exe
  C:\Windows\System\IzsOGVt.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\iqvSrJS.exe
  C:\Windows\System\iqvSrJS.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\qIZFnvR.exe
  C:\Windows\System\qIZFnvR.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\pMkgnMN.exe
  C:\Windows\System\pMkgnMN.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\KSTtPow.exe
  C:\Windows\System\KSTtPow.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\ZtLGWnC.exe
  C:\Windows\System\ZtLGWnC.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\OsGcsWG.exe
  C:\Windows\System\OsGcsWG.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\ETHcdDd.exe
  C:\Windows\System\ETHcdDd.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\KJtJPEr.exe
  C:\Windows\System\KJtJPEr.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\kqwJPid.exe
  C:\Windows\System\kqwJPid.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\wgcbBpn.exe
  C:\Windows\System\wgcbBpn.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\stMJiyO.exe
  C:\Windows\System\stMJiyO.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\TqAueUg.exe
  C:\Windows\System\TqAueUg.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\ZCnXZev.exe
  C:\Windows\System\ZCnXZev.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\utJIQdJ.exe
  C:\Windows\System\utJIQdJ.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\oWHPYjB.exe
  C:\Windows\System\oWHPYjB.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\kiEtxiq.exe
  C:\Windows\System\kiEtxiq.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\oORMMrY.exe
  C:\Windows\System\oORMMrY.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\inLNXlL.exe
  C:\Windows\System\inLNXlL.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\OdAYDTJ.exe
  C:\Windows\System\OdAYDTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\sRfzMpv.exe
  C:\Windows\System\sRfzMpv.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\jNFCpOk.exe
  C:\Windows\System\jNFCpOk.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\WYsyBWc.exe
  C:\Windows\System\WYsyBWc.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\ObGwEmS.exe
  C:\Windows\System\ObGwEmS.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\vhrKEzg.exe
  C:\Windows\System\vhrKEzg.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\vmsrZdu.exe
  C:\Windows\System\vmsrZdu.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\MRHjRfv.exe
  C:\Windows\System\MRHjRfv.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\QTWjwkl.exe
  C:\Windows\System\QTWjwkl.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\AJsjvnS.exe
  C:\Windows\System\AJsjvnS.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\hFACbfG.exe
  C:\Windows\System\hFACbfG.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\rHBDszZ.exe
  C:\Windows\System\rHBDszZ.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\ALGbiAT.exe
  C:\Windows\System\ALGbiAT.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\bCQyifA.exe
  C:\Windows\System\bCQyifA.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\TtUdnVq.exe
  C:\Windows\System\TtUdnVq.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\lzQCVMo.exe
  C:\Windows\System\lzQCVMo.exe
  2⤵
  PID:2040
- C:\Windows\System\qkErtWa.exe
  C:\Windows\System\qkErtWa.exe
  2⤵
  PID:1880
- C:\Windows\System\gRfBRJJ.exe
  C:\Windows\System\gRfBRJJ.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\zXpRsRZ.exe
  C:\Windows\System\zXpRsRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\UPSKTRt.exe
  C:\Windows\System\UPSKTRt.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\NvGmDXh.exe
  C:\Windows\System\NvGmDXh.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\UMVuGwB.exe
  C:\Windows\System\UMVuGwB.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\clIoTXl.exe
  C:\Windows\System\clIoTXl.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\jgiuFZY.exe
  C:\Windows\System\jgiuFZY.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\pOCdFlS.exe
  C:\Windows\System\pOCdFlS.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\mFhuUlo.exe
  C:\Windows\System\mFhuUlo.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\OAIyUpI.exe
  C:\Windows\System\OAIyUpI.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\CuuXGgq.exe
  C:\Windows\System\CuuXGgq.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\jWRyjMP.exe
  C:\Windows\System\jWRyjMP.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\FJBcorI.exe
  C:\Windows\System\FJBcorI.exe
  2⤵
  PID:5100
- C:\Windows\System\jtEcODN.exe
  C:\Windows\System\jtEcODN.exe
  2⤵
  PID:3396
- C:\Windows\System\KehpDDz.exe
  C:\Windows\System\KehpDDz.exe
  2⤵
  PID:920
- C:\Windows\System\eyznOCv.exe
  C:\Windows\System\eyznOCv.exe
  2⤵
  PID:448
- C:\Windows\System\CEPTaSy.exe
  C:\Windows\System\CEPTaSy.exe
  2⤵
  PID:1856
- C:\Windows\System\TanDsOl.exe
  C:\Windows\System\TanDsOl.exe
  2⤵
  PID:3092
- C:\Windows\System\nQABABA.exe
  C:\Windows\System\nQABABA.exe
  2⤵
  PID:3488
- C:\Windows\System\TejJKVz.exe
  C:\Windows\System\TejJKVz.exe
  2⤵
  PID:3264
- C:\Windows\System\nKjzFTA.exe
  C:\Windows\System\nKjzFTA.exe
  2⤵
  PID:3252
- C:\Windows\System\Nkxwjze.exe
  C:\Windows\System\Nkxwjze.exe
  2⤵
  PID:4896
- C:\Windows\System\aHGilLI.exe
  C:\Windows\System\aHGilLI.exe
  2⤵
  PID:4032
- C:\Windows\System\DvBBKdF.exe
  C:\Windows\System\DvBBKdF.exe
  2⤵
  PID:5124
- C:\Windows\System\wDKcXzF.exe
  C:\Windows\System\wDKcXzF.exe
  2⤵
  PID:5148
- C:\Windows\System\VwOnhwZ.exe
  C:\Windows\System\VwOnhwZ.exe
  2⤵
  PID:5168
- C:\Windows\System\srilClx.exe
  C:\Windows\System\srilClx.exe
  2⤵
  PID:5188
- C:\Windows\System\kVmbqjF.exe
  C:\Windows\System\kVmbqjF.exe
  2⤵
  PID:5208
- C:\Windows\System\hsQLrKr.exe
  C:\Windows\System\hsQLrKr.exe
  2⤵
  PID:5236
- C:\Windows\System\zvENTUC.exe
  C:\Windows\System\zvENTUC.exe
  2⤵
  PID:5256
- C:\Windows\System\HDtroad.exe
  C:\Windows\System\HDtroad.exe
  2⤵
  PID:5304
- C:\Windows\System\rTfFwrj.exe
  C:\Windows\System\rTfFwrj.exe
  2⤵
  PID:5348
- C:\Windows\System\azGdusx.exe
  C:\Windows\System\azGdusx.exe
  2⤵
  PID:5364
- C:\Windows\System\HKJjFzC.exe
  C:\Windows\System\HKJjFzC.exe
  2⤵
  PID:5380
- C:\Windows\System\yIfTMXl.exe
  C:\Windows\System\yIfTMXl.exe
  2⤵
  PID:5400
- C:\Windows\System\TrCazpy.exe
  C:\Windows\System\TrCazpy.exe
  2⤵
  PID:5428
- C:\Windows\System\uVoKcEy.exe
  C:\Windows\System\uVoKcEy.exe
  2⤵
  PID:5444
- C:\Windows\System\rbKDbJw.exe
  C:\Windows\System\rbKDbJw.exe
  2⤵
  PID:5472
- C:\Windows\System\qHMSWPC.exe
  C:\Windows\System\qHMSWPC.exe
  2⤵
  PID:5492
- C:\Windows\System\HacTeZS.exe
  C:\Windows\System\HacTeZS.exe
  2⤵
  PID:5512
- C:\Windows\System\CSgHMuZ.exe
  C:\Windows\System\CSgHMuZ.exe
  2⤵
  PID:5536
- C:\Windows\System\ARhuJSu.exe
  C:\Windows\System\ARhuJSu.exe
  2⤵
  PID:5556
- C:\Windows\System\AdlyStJ.exe
  C:\Windows\System\AdlyStJ.exe
  2⤵
  PID:5624
- C:\Windows\System\xYAFNRO.exe
  C:\Windows\System\xYAFNRO.exe
  2⤵
  PID:5648
- C:\Windows\System\BpTOCjg.exe
  C:\Windows\System\BpTOCjg.exe
  2⤵
  PID:5668
- C:\Windows\System\IXZwjQY.exe
  C:\Windows\System\IXZwjQY.exe
  2⤵
  PID:5688
- C:\Windows\System\IpQgEWM.exe
  C:\Windows\System\IpQgEWM.exe
  2⤵
  PID:5704
- C:\Windows\System\kuotWun.exe
  C:\Windows\System\kuotWun.exe
  2⤵
  PID:5724
- C:\Windows\System\SMLbhGC.exe
  C:\Windows\System\SMLbhGC.exe
  2⤵
  PID:5744
- C:\Windows\System\bugpNwB.exe
  C:\Windows\System\bugpNwB.exe
  2⤵
  PID:5768
- C:\Windows\System\gXquvFk.exe
  C:\Windows\System\gXquvFk.exe
  2⤵
  PID:5792
- C:\Windows\System\bLfaNTq.exe
  C:\Windows\System\bLfaNTq.exe
  2⤵
  PID:5808
- C:\Windows\System\RWYOrCZ.exe
  C:\Windows\System\RWYOrCZ.exe
  2⤵
  PID:5824
- C:\Windows\System\MWXRHgW.exe
  C:\Windows\System\MWXRHgW.exe
  2⤵
  PID:5844
- C:\Windows\System\fdYEYcD.exe
  C:\Windows\System\fdYEYcD.exe
  2⤵
  PID:6036
- C:\Windows\System\qCCNbcL.exe
  C:\Windows\System\qCCNbcL.exe
  2⤵
  PID:6060
- C:\Windows\System\YyYcbFs.exe
  C:\Windows\System\YyYcbFs.exe
  2⤵
  PID:6080
- C:\Windows\System\hKWvksA.exe
  C:\Windows\System\hKWvksA.exe
  2⤵
  PID:6100
- C:\Windows\System\YeLSpZc.exe
  C:\Windows\System\YeLSpZc.exe
  2⤵
  PID:6116
- C:\Windows\System\IWpEOfg.exe
  C:\Windows\System\IWpEOfg.exe
  2⤵
  PID:6140
- C:\Windows\System\tYHEpDD.exe
  C:\Windows\System\tYHEpDD.exe
  2⤵
  PID:3268
- C:\Windows\System\DWjlUyO.exe
  C:\Windows\System\DWjlUyO.exe
  2⤵
  PID:2892
- C:\Windows\System\VVWceIv.exe
  C:\Windows\System\VVWceIv.exe
  2⤵
  PID:3988
- C:\Windows\System\fAWmgSD.exe
  C:\Windows\System\fAWmgSD.exe
  2⤵
  PID:3364
- C:\Windows\System\yRSwWRk.exe
  C:\Windows\System\yRSwWRk.exe
  2⤵
  PID:4128
- C:\Windows\System\OJfoFvh.exe
  C:\Windows\System\OJfoFvh.exe
  2⤵
  PID:5132
- C:\Windows\System\ybzpaZZ.exe
  C:\Windows\System\ybzpaZZ.exe
  2⤵
  PID:5200
- C:\Windows\System\HOuMxNN.exe
  C:\Windows\System\HOuMxNN.exe
  2⤵
  PID:2916
- C:\Windows\System\DcpKGwj.exe
  C:\Windows\System\DcpKGwj.exe
  2⤵
  PID:5376
- C:\Windows\System\JMSNxIW.exe
  C:\Windows\System\JMSNxIW.exe
  2⤵
  PID:532
- C:\Windows\System\llafgLL.exe
  C:\Windows\System\llafgLL.exe
  2⤵
  PID:3316
- C:\Windows\System\Lauhskv.exe
  C:\Windows\System\Lauhskv.exe
  2⤵
  PID:5160
- C:\Windows\System\Ypzpzgs.exe
  C:\Windows\System\Ypzpzgs.exe
  2⤵
  PID:4536
- C:\Windows\System\ztkRoRB.exe
  C:\Windows\System\ztkRoRB.exe
  2⤵
  PID:4660
- C:\Windows\System\bCYWVSN.exe
  C:\Windows\System\bCYWVSN.exe
  2⤵
  PID:4756
- C:\Windows\System\ZuJSxCk.exe
  C:\Windows\System\ZuJSxCk.exe
  2⤵
  PID:1780
- C:\Windows\System\XCPqnfe.exe
  C:\Windows\System\XCPqnfe.exe
  2⤵
  PID:5324
- C:\Windows\System\vOOCXBE.exe
  C:\Windows\System\vOOCXBE.exe
  2⤵
  PID:5520
- C:\Windows\System\DorossO.exe
  C:\Windows\System\DorossO.exe
  2⤵
  PID:5524
- C:\Windows\System\MrtUqah.exe
  C:\Windows\System\MrtUqah.exe
  2⤵
  PID:4992
- C:\Windows\System\uanTemv.exe
  C:\Windows\System\uanTemv.exe
  2⤵
  PID:2800
- C:\Windows\System\rplwbjx.exe
  C:\Windows\System\rplwbjx.exe
  2⤵
  PID:316
- C:\Windows\System\zJVgNGa.exe
  C:\Windows\System\zJVgNGa.exe
  2⤵
  PID:6076
- C:\Windows\System\zWFXXyd.exe
  C:\Windows\System\zWFXXyd.exe
  2⤵
  PID:6124
- C:\Windows\System\ZelfMbk.exe
  C:\Windows\System\ZelfMbk.exe
  2⤵
  PID:3532
- C:\Windows\System\YapWgRI.exe
  C:\Windows\System\YapWgRI.exe
  2⤵
  PID:3408
- C:\Windows\System\aPLuCvs.exe
  C:\Windows\System\aPLuCvs.exe
  2⤵
  PID:5564
- C:\Windows\System\roSrTtn.exe
  C:\Windows\System\roSrTtn.exe
  2⤵
  PID:6148
- C:\Windows\System\nRNevCS.exe
  C:\Windows\System\nRNevCS.exe
  2⤵
  PID:6168
- C:\Windows\System\kxdDqVO.exe
  C:\Windows\System\kxdDqVO.exe
  2⤵
  PID:6204
- C:\Windows\System\sODlckr.exe
  C:\Windows\System\sODlckr.exe
  2⤵
  PID:6228
- C:\Windows\System\VecDMRi.exe
  C:\Windows\System\VecDMRi.exe
  2⤵
  PID:6248
- C:\Windows\System\MYyzYUf.exe
  C:\Windows\System\MYyzYUf.exe
  2⤵
  PID:6288
- C:\Windows\System\LGqLFWy.exe
  C:\Windows\System\LGqLFWy.exe
  2⤵
  PID:6328
- C:\Windows\System\nSVpkXv.exe
  C:\Windows\System\nSVpkXv.exe
  2⤵
  PID:6352
- C:\Windows\System\EkrJUQU.exe
  C:\Windows\System\EkrJUQU.exe
  2⤵
  PID:6372
- C:\Windows\System\ByZPyUK.exe
  C:\Windows\System\ByZPyUK.exe
  2⤵
  PID:6400
- C:\Windows\System\DyukHji.exe
  C:\Windows\System\DyukHji.exe
  2⤵
  PID:6416
- C:\Windows\System\OCgVZQe.exe
  C:\Windows\System\OCgVZQe.exe
  2⤵
  PID:6440
- C:\Windows\System\bOPxlDQ.exe
  C:\Windows\System\bOPxlDQ.exe
  2⤵
  PID:6460
- C:\Windows\System\kgdTMVi.exe
  C:\Windows\System\kgdTMVi.exe
  2⤵
  PID:6488
- C:\Windows\System\yZssHSG.exe
  C:\Windows\System\yZssHSG.exe
  2⤵
  PID:6504
- C:\Windows\System\VKjOinB.exe
  C:\Windows\System\VKjOinB.exe
  2⤵
  PID:6528
- C:\Windows\System\bnUrIHx.exe
  C:\Windows\System\bnUrIHx.exe
  2⤵
  PID:6548
- C:\Windows\System\VqwPEvR.exe
  C:\Windows\System\VqwPEvR.exe
  2⤵
  PID:6572
- C:\Windows\System\BSbmtWt.exe
  C:\Windows\System\BSbmtWt.exe
  2⤵
  PID:6588
- C:\Windows\System\luheVXv.exe
  C:\Windows\System\luheVXv.exe
  2⤵
  PID:6612
- C:\Windows\System\XoXvUhU.exe
  C:\Windows\System\XoXvUhU.exe
  2⤵
  PID:6684
- C:\Windows\System\zzEaaSa.exe
  C:\Windows\System\zzEaaSa.exe
  2⤵
  PID:6712
- C:\Windows\System\rsJXEwq.exe
  C:\Windows\System\rsJXEwq.exe
  2⤵
  PID:6752
- C:\Windows\System\AKvrdwS.exe
  C:\Windows\System\AKvrdwS.exe
  2⤵
  PID:6772
- C:\Windows\System\aocMnHw.exe
  C:\Windows\System\aocMnHw.exe
  2⤵
  PID:6796
- C:\Windows\System\nxbuoKk.exe
  C:\Windows\System\nxbuoKk.exe
  2⤵
  PID:6820
- C:\Windows\System\YONsJzW.exe
  C:\Windows\System\YONsJzW.exe
  2⤵
  PID:6848
- C:\Windows\System\xTMoTaD.exe
  C:\Windows\System\xTMoTaD.exe
  2⤵
  PID:6868
- C:\Windows\System\myajZpm.exe
  C:\Windows\System\myajZpm.exe
  2⤵
  PID:6896
- C:\Windows\System\xiimWCg.exe
  C:\Windows\System\xiimWCg.exe
  2⤵
  PID:6912
- C:\Windows\System\pPWiWSW.exe
  C:\Windows\System\pPWiWSW.exe
  2⤵
  PID:6932
- C:\Windows\System\bXzuauL.exe
  C:\Windows\System\bXzuauL.exe
  2⤵
  PID:6956
- C:\Windows\System\jqjGHfL.exe
  C:\Windows\System\jqjGHfL.exe
  2⤵
  PID:6972
- C:\Windows\System\LkMXkyo.exe
  C:\Windows\System\LkMXkyo.exe
  2⤵
  PID:6996
- C:\Windows\System\OCjnYun.exe
  C:\Windows\System\OCjnYun.exe
  2⤵
  PID:7020
- C:\Windows\System\UWJHbZJ.exe
  C:\Windows\System\UWJHbZJ.exe
  2⤵
  PID:7040
- C:\Windows\System\aNzOiTR.exe
  C:\Windows\System\aNzOiTR.exe
  2⤵
  PID:7064
- C:\Windows\System\ciZPUrX.exe
  C:\Windows\System\ciZPUrX.exe
  2⤵
  PID:7092
- C:\Windows\System\LloPGBh.exe
  C:\Windows\System\LloPGBh.exe
  2⤵
  PID:7116
- C:\Windows\System\gzqWmdm.exe
  C:\Windows\System\gzqWmdm.exe
  2⤵
  PID:7136
- C:\Windows\System\wZISshz.exe
  C:\Windows\System\wZISshz.exe
  2⤵
  PID:7152
- C:\Windows\System\byGhKwO.exe
  C:\Windows\System\byGhKwO.exe
  2⤵
  PID:5664
- C:\Windows\System\yjnDJSZ.exe
  C:\Windows\System\yjnDJSZ.exe
  2⤵
  PID:5712
- C:\Windows\System\XvElKNP.exe
  C:\Windows\System\XvElKNP.exe
  2⤵
  PID:5804
- C:\Windows\System\CNxbPMB.exe
  C:\Windows\System\CNxbPMB.exe
  2⤵
  PID:5876
- C:\Windows\System\QTzbBeR.exe
  C:\Windows\System\QTzbBeR.exe
  2⤵
  PID:4468
- C:\Windows\System\CdFUVxt.exe
  C:\Windows\System\CdFUVxt.exe
  2⤵
  PID:6424
- C:\Windows\System\pBIduhv.exe
  C:\Windows\System\pBIduhv.exe
  2⤵
  PID:4420
- C:\Windows\System\AyqMxqf.exe
  C:\Windows\System\AyqMxqf.exe
  2⤵
  PID:3892
- C:\Windows\System\bSKVHHn.exe
  C:\Windows\System\bSKVHHn.exe
  2⤵
  PID:6500
- C:\Windows\System\ruawsaq.exe
  C:\Windows\System\ruawsaq.exe
  2⤵
  PID:6520
- C:\Windows\System\MULOVKj.exe
  C:\Windows\System\MULOVKj.exe
  2⤵
  PID:3352
- C:\Windows\System\coTaLIb.exe
  C:\Windows\System\coTaLIb.exe
  2⤵
  PID:1540
- C:\Windows\System\ahjNNoR.exe
  C:\Windows\System\ahjNNoR.exe
  2⤵
  PID:1136
- C:\Windows\System\aNBFBHV.exe
  C:\Windows\System\aNBFBHV.exe
  2⤵
  PID:4224
- C:\Windows\System\KkIIFqe.exe
  C:\Windows\System\KkIIFqe.exe
  2⤵
  PID:4052
- C:\Windows\System\KGYITlN.exe
  C:\Windows\System\KGYITlN.exe
  2⤵
  PID:4024
- C:\Windows\System\xBYdfei.exe
  C:\Windows\System\xBYdfei.exe
  2⤵
  PID:1704
- C:\Windows\System\JOZmdor.exe
  C:\Windows\System\JOZmdor.exe
  2⤵
  PID:3704
- C:\Windows\System\GgUtETq.exe
  C:\Windows\System\GgUtETq.exe
  2⤵
  PID:3220
- C:\Windows\System\hJuUQQH.exe
  C:\Windows\System\hJuUQQH.exe
  2⤵
  PID:6480
- C:\Windows\System\kyJzynp.exe
  C:\Windows\System\kyJzynp.exe
  2⤵
  PID:5440
- C:\Windows\System\rxwWKXt.exe
  C:\Windows\System\rxwWKXt.exe
  2⤵
  PID:6092
- C:\Windows\System\nbWZVoZ.exe
  C:\Windows\System\nbWZVoZ.exe
  2⤵
  PID:6468
- C:\Windows\System\CPHaGHN.exe
  C:\Windows\System\CPHaGHN.exe
  2⤵
  PID:1256
- C:\Windows\System\bDXDpIJ.exe
  C:\Windows\System\bDXDpIJ.exe
  2⤵
  PID:6876
- C:\Windows\System\spcTmAY.exe
  C:\Windows\System\spcTmAY.exe
  2⤵
  PID:7072
- C:\Windows\System\EXjojWw.exe
  C:\Windows\System\EXjojWw.exe
  2⤵
  PID:6764
- C:\Windows\System\zGiHlHA.exe
  C:\Windows\System\zGiHlHA.exe
  2⤵
  PID:6964
- C:\Windows\System\pfQwIYP.exe
  C:\Windows\System\pfQwIYP.exe
  2⤵
  PID:7032
- C:\Windows\System\jhtawTk.exe
  C:\Windows\System\jhtawTk.exe
  2⤵
  PID:7080
- C:\Windows\System\QXjXHIx.exe
  C:\Windows\System\QXjXHIx.exe
  2⤵
  PID:7124
- C:\Windows\System\QKMeNZn.exe
  C:\Windows\System\QKMeNZn.exe
  2⤵
  PID:5644
- C:\Windows\System\IdZEMOM.exe
  C:\Windows\System\IdZEMOM.exe
  2⤵
  PID:5784
- C:\Windows\System\MttJlVn.exe
  C:\Windows\System\MttJlVn.exe
  2⤵
  PID:7176
- C:\Windows\System\VFtdQPh.exe
  C:\Windows\System\VFtdQPh.exe
  2⤵
  PID:7192
- C:\Windows\System\JXwfuuX.exe
  C:\Windows\System\JXwfuuX.exe
  2⤵
  PID:7208
- C:\Windows\System\vDRAfbH.exe
  C:\Windows\System\vDRAfbH.exe
  2⤵
  PID:7228
- C:\Windows\System\FdrCSyW.exe
  C:\Windows\System\FdrCSyW.exe
  2⤵
  PID:7244
- C:\Windows\System\qvNVeMx.exe
  C:\Windows\System\qvNVeMx.exe
  2⤵
  PID:7264
- C:\Windows\System\lSANfFG.exe
  C:\Windows\System\lSANfFG.exe
  2⤵
  PID:7284
- C:\Windows\System\XIJARwW.exe
  C:\Windows\System\XIJARwW.exe
  2⤵
  PID:7304
- C:\Windows\System\fevlYUc.exe
  C:\Windows\System\fevlYUc.exe
  2⤵
  PID:7320
- C:\Windows\System\WsWEChR.exe
  C:\Windows\System\WsWEChR.exe
  2⤵
  PID:7340
- C:\Windows\System\nURBQSX.exe
  C:\Windows\System\nURBQSX.exe
  2⤵
  PID:7360
- C:\Windows\System\bgEHHOF.exe
  C:\Windows\System\bgEHHOF.exe
  2⤵
  PID:7380
- C:\Windows\System\GLiwnfO.exe
  C:\Windows\System\GLiwnfO.exe
  2⤵
  PID:7396
- C:\Windows\System\ZeJSiKk.exe
  C:\Windows\System\ZeJSiKk.exe
  2⤵
  PID:7416
- C:\Windows\System\oqBVhoo.exe
  C:\Windows\System\oqBVhoo.exe
  2⤵
  PID:7436
- C:\Windows\System\szhTwOR.exe
  C:\Windows\System\szhTwOR.exe
  2⤵
  PID:7456
- C:\Windows\System\rphgduw.exe
  C:\Windows\System\rphgduw.exe
  2⤵
  PID:7476
- C:\Windows\System\qwuQgWs.exe
  C:\Windows\System\qwuQgWs.exe
  2⤵
  PID:7492
- C:\Windows\System\yxQBqUH.exe
  C:\Windows\System\yxQBqUH.exe
  2⤵
  PID:7512
- C:\Windows\System\TxIaVLT.exe
  C:\Windows\System\TxIaVLT.exe
  2⤵
  PID:7532
- C:\Windows\System\CEbNzrY.exe
  C:\Windows\System\CEbNzrY.exe
  2⤵
  PID:7552
- C:\Windows\System\yAuQspw.exe
  C:\Windows\System\yAuQspw.exe
  2⤵
  PID:7572
- C:\Windows\System\fXRwhpG.exe
  C:\Windows\System\fXRwhpG.exe
  2⤵
  PID:7588
- C:\Windows\System\KnugbGy.exe
  C:\Windows\System\KnugbGy.exe
  2⤵
  PID:7608
- C:\Windows\System\Nlzcwqr.exe
  C:\Windows\System\Nlzcwqr.exe
  2⤵
  PID:7624
- C:\Windows\System\kHAbARB.exe
  C:\Windows\System\kHAbARB.exe
  2⤵
  PID:7644
- C:\Windows\System\digghFv.exe
  C:\Windows\System\digghFv.exe
  2⤵
  PID:7664
- C:\Windows\System\STKGeSH.exe
  C:\Windows\System\STKGeSH.exe
  2⤵
  PID:7684
- C:\Windows\System\nydzvwO.exe
  C:\Windows\System\nydzvwO.exe
  2⤵
  PID:7700
- C:\Windows\System\HkyoVDz.exe
  C:\Windows\System\HkyoVDz.exe
  2⤵
  PID:7720
- C:\Windows\System\UXrlGgy.exe
  C:\Windows\System\UXrlGgy.exe
  2⤵
  PID:7740
- C:\Windows\System\EMaEWWe.exe
  C:\Windows\System\EMaEWWe.exe
  2⤵
  PID:7760
- C:\Windows\System\ZwNSVfO.exe
  C:\Windows\System\ZwNSVfO.exe
  2⤵
  PID:7776
- C:\Windows\System\gBeEPxo.exe
  C:\Windows\System\gBeEPxo.exe
  2⤵
  PID:7796
- C:\Windows\System\CaPagEm.exe
  C:\Windows\System\CaPagEm.exe
  2⤵
  PID:7816
- C:\Windows\System\KENARsQ.exe
  C:\Windows\System\KENARsQ.exe
  2⤵
  PID:7832
- C:\Windows\System\jXUKqNz.exe
  C:\Windows\System\jXUKqNz.exe
  2⤵
  PID:7852
- C:\Windows\System\LYZfnon.exe
  C:\Windows\System\LYZfnon.exe
  2⤵
  PID:7872
- C:\Windows\System\cYDiPbt.exe
  C:\Windows\System\cYDiPbt.exe
  2⤵
  PID:7888
- C:\Windows\System\BBRAuhk.exe
  C:\Windows\System\BBRAuhk.exe
  2⤵
  PID:7908
- C:\Windows\System\sCAYfJc.exe
  C:\Windows\System\sCAYfJc.exe
  2⤵
  PID:7928
- C:\Windows\System\BeeZSVM.exe
  C:\Windows\System\BeeZSVM.exe
  2⤵
  PID:7944
- C:\Windows\System\shkysQq.exe
  C:\Windows\System\shkysQq.exe
  2⤵
  PID:7964
- C:\Windows\System\eLqYTPA.exe
  C:\Windows\System\eLqYTPA.exe
  2⤵
  PID:7984
- C:\Windows\System\MYsncrF.exe
  C:\Windows\System\MYsncrF.exe
  2⤵
  PID:8004
- C:\Windows\System\akPPZVb.exe
  C:\Windows\System\akPPZVb.exe
  2⤵
  PID:8024
- C:\Windows\System\bdzPKHY.exe
  C:\Windows\System\bdzPKHY.exe
  2⤵
  PID:8040
- C:\Windows\System\otSsmxM.exe
  C:\Windows\System\otSsmxM.exe
  2⤵
  PID:8060
- C:\Windows\System\xztrreB.exe
  C:\Windows\System\xztrreB.exe
  2⤵
  PID:8084
- C:\Windows\System\FcnxAbQ.exe
  C:\Windows\System\FcnxAbQ.exe
  2⤵
  PID:8100
- C:\Windows\System\sLBmoDz.exe
  C:\Windows\System\sLBmoDz.exe
  2⤵
  PID:8388
- C:\Windows\System\oswvdZe.exe
  C:\Windows\System\oswvdZe.exe
  2⤵
  PID:8408
- C:\Windows\System\BthshTw.exe
  C:\Windows\System\BthshTw.exe
  2⤵
  PID:8424
- C:\Windows\System\nWjRNRW.exe
  C:\Windows\System\nWjRNRW.exe
  2⤵
  PID:8444
- C:\Windows\System\YXNUzpJ.exe
  C:\Windows\System\YXNUzpJ.exe
  2⤵
  PID:8464
- C:\Windows\System\qHDNFKT.exe
  C:\Windows\System\qHDNFKT.exe
  2⤵
  PID:8484
- C:\Windows\System\tvZsucG.exe
  C:\Windows\System\tvZsucG.exe
  2⤵
  PID:8504
- C:\Windows\System\UQpgFfT.exe
  C:\Windows\System\UQpgFfT.exe
  2⤵
  PID:8520
- C:\Windows\System\rtlTmri.exe
  C:\Windows\System\rtlTmri.exe
  2⤵
  PID:8536
- C:\Windows\System\nBvRUVv.exe
  C:\Windows\System\nBvRUVv.exe
  2⤵
  PID:8552
- C:\Windows\System\DWsTJYI.exe
  C:\Windows\System\DWsTJYI.exe
  2⤵
  PID:8568
- C:\Windows\System\qoUFvnY.exe
  C:\Windows\System\qoUFvnY.exe
  2⤵
  PID:8584
- C:\Windows\System\AYlCzdw.exe
  C:\Windows\System\AYlCzdw.exe
  2⤵
  PID:8604
- C:\Windows\System\nKKWMIu.exe
  C:\Windows\System\nKKWMIu.exe
  2⤵
  PID:8624
- C:\Windows\System\HUfqHQM.exe
  C:\Windows\System\HUfqHQM.exe
  2⤵
  PID:8644
- C:\Windows\System\sxLrkCU.exe
  C:\Windows\System\sxLrkCU.exe
  2⤵
  PID:8660
- C:\Windows\System\lkeWHjT.exe
  C:\Windows\System\lkeWHjT.exe
  2⤵
  PID:8680
- C:\Windows\System\EkHtyyp.exe
  C:\Windows\System\EkHtyyp.exe
  2⤵
  PID:8700
- C:\Windows\System\vVDfWSq.exe
  C:\Windows\System\vVDfWSq.exe
  2⤵
  PID:8716
- C:\Windows\System\tMdhKOC.exe
  C:\Windows\System\tMdhKOC.exe
  2⤵
  PID:8736
- C:\Windows\System\UXhtIFm.exe
  C:\Windows\System\UXhtIFm.exe
  2⤵
  PID:8760
- C:\Windows\System\hXiEorT.exe
  C:\Windows\System\hXiEorT.exe
  2⤵
  PID:8780
- C:\Windows\System\PutFDjI.exe
  C:\Windows\System\PutFDjI.exe
  2⤵
  PID:8800
- C:\Windows\System\uzzAdep.exe
  C:\Windows\System\uzzAdep.exe
  2⤵
  PID:8820
- C:\Windows\System\cjZLjoS.exe
  C:\Windows\System\cjZLjoS.exe
  2⤵
  PID:8836
- C:\Windows\System\IQmUyPl.exe
  C:\Windows\System\IQmUyPl.exe
  2⤵
  PID:8856
- C:\Windows\System\dvXDUVh.exe
  C:\Windows\System\dvXDUVh.exe
  2⤵
  PID:8876
- C:\Windows\System\UiJqWKT.exe
  C:\Windows\System\UiJqWKT.exe
  2⤵
  PID:8896
- C:\Windows\System\NOOYxgy.exe
  C:\Windows\System\NOOYxgy.exe
  2⤵
  PID:8916
- C:\Windows\System\canKOkQ.exe
  C:\Windows\System\canKOkQ.exe
  2⤵
  PID:8932
- C:\Windows\System\LYAHNLn.exe
  C:\Windows\System\LYAHNLn.exe
  2⤵
  PID:8952
- C:\Windows\System\zrurrqY.exe
  C:\Windows\System\zrurrqY.exe
  2⤵
  PID:8968
- C:\Windows\System\MXJDloB.exe
  C:\Windows\System\MXJDloB.exe
  2⤵
  PID:8988
- C:\Windows\System\nXYSLaG.exe
  C:\Windows\System\nXYSLaG.exe
  2⤵
  PID:9008
- C:\Windows\System\aPraJzF.exe
  C:\Windows\System\aPraJzF.exe
  2⤵
  PID:9028
- C:\Windows\System\CBjtBJe.exe
  C:\Windows\System\CBjtBJe.exe
  2⤵
  PID:9048
- C:\Windows\System\QCzZcbn.exe
  C:\Windows\System\QCzZcbn.exe
  2⤵
  PID:9064
- C:\Windows\System\JzHMLJs.exe
  C:\Windows\System\JzHMLJs.exe
  2⤵
  PID:9084
- C:\Windows\System\dEZAYeD.exe
  C:\Windows\System\dEZAYeD.exe
  2⤵
  PID:9104
- C:\Windows\System\zmwYuHo.exe
  C:\Windows\System\zmwYuHo.exe
  2⤵
  PID:9124
- C:\Windows\System\GrPqsnB.exe
  C:\Windows\System\GrPqsnB.exe
  2⤵
  PID:9140
- C:\Windows\System\UmhFXZI.exe
  C:\Windows\System\UmhFXZI.exe
  2⤵
  PID:9156
- C:\Windows\System\zvzOVqa.exe
  C:\Windows\System\zvzOVqa.exe
  2⤵
  PID:9180
- C:\Windows\System\hZUzoak.exe
  C:\Windows\System\hZUzoak.exe
  2⤵
  PID:9208
- C:\Windows\System\YaGRZln.exe
  C:\Windows\System\YaGRZln.exe
  2⤵
  PID:7236
- C:\Windows\System\wPfVtTN.exe
  C:\Windows\System\wPfVtTN.exe
  2⤵
  PID:7328
- C:\Windows\System\QkbCcQo.exe
  C:\Windows\System\QkbCcQo.exe
  2⤵
  PID:7408
- C:\Windows\System\hblJDzQ.exe
  C:\Windows\System\hblJDzQ.exe
  2⤵
  PID:7508
- C:\Windows\System\liPVFlo.exe
  C:\Windows\System\liPVFlo.exe
  2⤵
  PID:7540
- C:\Windows\System\Opomkso.exe
  C:\Windows\System\Opomkso.exe
  2⤵
  PID:7616
- C:\Windows\System\XiMBpUb.exe
  C:\Windows\System\XiMBpUb.exe
  2⤵
  PID:7672
- C:\Windows\System\DftkdBU.exe
  C:\Windows\System\DftkdBU.exe
  2⤵
  PID:7368
- C:\Windows\System\cbodXvO.exe
  C:\Windows\System\cbodXvO.exe
  2⤵
  PID:7500
- C:\Windows\System\OsxZCeM.exe
  C:\Windows\System\OsxZCeM.exe
  2⤵
  PID:7596
- C:\Windows\System\vmwERES.exe
  C:\Windows\System\vmwERES.exe
  2⤵
  PID:7696
- C:\Windows\System\VSiGWTL.exe
  C:\Windows\System\VSiGWTL.exe
  2⤵
  PID:9228
- C:\Windows\System\TmomRUJ.exe
  C:\Windows\System\TmomRUJ.exe
  2⤵
  PID:9244
- C:\Windows\System\pFIDxuw.exe
  C:\Windows\System\pFIDxuw.exe
  2⤵
  PID:9268
- C:\Windows\System\HRQnmrz.exe
  C:\Windows\System\HRQnmrz.exe
  2⤵
  PID:9288
- C:\Windows\System\ojInZCo.exe
  C:\Windows\System\ojInZCo.exe
  2⤵
  PID:9304
- C:\Windows\System\QWnrbxO.exe
  C:\Windows\System\QWnrbxO.exe
  2⤵
  PID:9320
- C:\Windows\System\CHcyHjU.exe
  C:\Windows\System\CHcyHjU.exe
  2⤵
  PID:9336
- C:\Windows\System\yTPQoSY.exe
  C:\Windows\System\yTPQoSY.exe
  2⤵
  PID:9384
- C:\Windows\System\kFzmOaW.exe
  C:\Windows\System\kFzmOaW.exe
  2⤵
  PID:9404
- C:\Windows\System\oIjIHAz.exe
  C:\Windows\System\oIjIHAz.exe
  2⤵
  PID:9420
- C:\Windows\System\DKJDjsw.exe
  C:\Windows\System\DKJDjsw.exe
  2⤵
  PID:9444
- C:\Windows\System\DjGUOnu.exe
  C:\Windows\System\DjGUOnu.exe
  2⤵
  PID:9468
- C:\Windows\System\bwzZcog.exe
  C:\Windows\System\bwzZcog.exe
  2⤵
  PID:9492
- C:\Windows\System\ekgsZKE.exe
  C:\Windows\System\ekgsZKE.exe
  2⤵
  PID:9516
- C:\Windows\System\MUvRyHg.exe
  C:\Windows\System\MUvRyHg.exe
  2⤵
  PID:9532
- C:\Windows\System\olkQeJA.exe
  C:\Windows\System\olkQeJA.exe
  2⤵
  PID:9556
- C:\Windows\System\zLnjzzh.exe
  C:\Windows\System\zLnjzzh.exe
  2⤵
  PID:9576
- C:\Windows\System\VUYzvQl.exe
  C:\Windows\System\VUYzvQl.exe
  2⤵
  PID:9596
- C:\Windows\System\TeOysuA.exe
  C:\Windows\System\TeOysuA.exe
  2⤵
  PID:9620
- C:\Windows\System\OUQzkfX.exe
  C:\Windows\System\OUQzkfX.exe
  2⤵
  PID:9644
- C:\Windows\System\LfvwSSr.exe
  C:\Windows\System\LfvwSSr.exe
  2⤵
  PID:9668
- C:\Windows\System\YIbvXct.exe
  C:\Windows\System\YIbvXct.exe
  2⤵
  PID:9684
- C:\Windows\System\RLzGhdO.exe
  C:\Windows\System\RLzGhdO.exe
  2⤵
  PID:9708
- C:\Windows\System\kdMQYnW.exe
  C:\Windows\System\kdMQYnW.exe
  2⤵
  PID:9732
- C:\Windows\System\WLOrzcQ.exe
  C:\Windows\System\WLOrzcQ.exe
  2⤵
  PID:9756
- C:\Windows\System\yMkxYtL.exe
  C:\Windows\System\yMkxYtL.exe
  2⤵
  PID:9776
- C:\Windows\System\vUMmNar.exe
  C:\Windows\System\vUMmNar.exe
  2⤵
  PID:9796
- C:\Windows\System\tPDBHgH.exe
  C:\Windows\System\tPDBHgH.exe
  2⤵
  PID:9820
- C:\Windows\System\VQYpFZX.exe
  C:\Windows\System\VQYpFZX.exe
  2⤵
  PID:9844
- C:\Windows\System\qgLknNc.exe
  C:\Windows\System\qgLknNc.exe
  2⤵
  PID:9860
- C:\Windows\System\ObpyZBG.exe
  C:\Windows\System\ObpyZBG.exe
  2⤵
  PID:9884
- C:\Windows\System\olvYZUJ.exe
  C:\Windows\System\olvYZUJ.exe
  2⤵
  PID:9908
- C:\Windows\System\OHFOFWr.exe
  C:\Windows\System\OHFOFWr.exe
  2⤵
  PID:9932
- C:\Windows\System\zdYVOvm.exe
  C:\Windows\System\zdYVOvm.exe
  2⤵
  PID:9952
- C:\Windows\System\jbQNahh.exe
  C:\Windows\System\jbQNahh.exe
  2⤵
  PID:9972
- C:\Windows\System\nYVICOX.exe
  C:\Windows\System\nYVICOX.exe
  2⤵
  PID:9996
- C:\Windows\System\FscJGnq.exe
  C:\Windows\System\FscJGnq.exe
  2⤵
  PID:10016
- C:\Windows\System\KMISHCX.exe
  C:\Windows\System\KMISHCX.exe
  2⤵
  PID:10036
- C:\Windows\System\BORryiq.exe
  C:\Windows\System\BORryiq.exe
  2⤵
  PID:10060
- C:\Windows\System\dZdisWq.exe
  C:\Windows\System\dZdisWq.exe
  2⤵
  PID:10084
- C:\Windows\System\nWmAAUC.exe
  C:\Windows\System\nWmAAUC.exe
  2⤵
  PID:10104
- C:\Windows\System\YjwhpND.exe
  C:\Windows\System\YjwhpND.exe
  2⤵
  PID:10124
- C:\Windows\System\AkPWEZy.exe
  C:\Windows\System\AkPWEZy.exe
  2⤵
  PID:10148
- C:\Windows\System\mbBtVnA.exe
  C:\Windows\System\mbBtVnA.exe
  2⤵
  PID:10208
- C:\Windows\System\fQOHKmg.exe
  C:\Windows\System\fQOHKmg.exe
  2⤵
  PID:10224
- C:\Windows\System\QNCwNHL.exe
  C:\Windows\System\QNCwNHL.exe
  2⤵
  PID:7424
- C:\Windows\System\ndGxVrL.exe
  C:\Windows\System\ndGxVrL.exe
  2⤵
  PID:8096
- C:\Windows\System\blCxnPs.exe
  C:\Windows\System\blCxnPs.exe
  2⤵
  PID:4192
- C:\Windows\System\GRgwVFF.exe
  C:\Windows\System\GRgwVFF.exe
  2⤵
  PID:6428
- C:\Windows\System\AjoRrSg.exe
  C:\Windows\System\AjoRrSg.exe
  2⤵
  PID:1508
- C:\Windows\System\ZRLEJFJ.exe
  C:\Windows\System\ZRLEJFJ.exe
  2⤵
  PID:6560
- C:\Windows\System\mRlHILg.exe
  C:\Windows\System\mRlHILg.exe
  2⤵
  PID:5216
- C:\Windows\System\sstFXTR.exe
  C:\Windows\System\sstFXTR.exe
  2⤵
  PID:2248
- C:\Windows\System\gfXYCme.exe
  C:\Windows\System\gfXYCme.exe
  2⤵
  PID:2236
- C:\Windows\System\svdttAq.exe
  C:\Windows\System\svdttAq.exe
  2⤵
  PID:4188
- C:\Windows\System\ijPxjOq.exe
  C:\Windows\System\ijPxjOq.exe
  2⤵
  PID:6980
- C:\Windows\System\trIMwMO.exe
  C:\Windows\System\trIMwMO.exe
  2⤵
  PID:6992
- C:\Windows\System\pCagFXX.exe
  C:\Windows\System\pCagFXX.exe
  2⤵
  PID:7148
- C:\Windows\System\HxLfeRs.exe
  C:\Windows\System\HxLfeRs.exe
  2⤵
  PID:5840
- C:\Windows\System\iTdvRiu.exe
  C:\Windows\System\iTdvRiu.exe
  2⤵
  PID:7200
- C:\Windows\System\McDeuLh.exe
  C:\Windows\System\McDeuLh.exe
  2⤵
  PID:7336
- C:\Windows\System\UqmCsCq.exe
  C:\Windows\System\UqmCsCq.exe
  2⤵
  PID:7468
- C:\Windows\System\YthcfGO.exe
  C:\Windows\System\YthcfGO.exe
  2⤵
  PID:7580
- C:\Windows\System\jwOHzpJ.exe
  C:\Windows\System\jwOHzpJ.exe
  2⤵
  PID:7756
- C:\Windows\System\RSaaHtd.exe
  C:\Windows\System\RSaaHtd.exe
  2⤵
  PID:7936
- C:\Windows\System\vaSHmCW.exe
  C:\Windows\System\vaSHmCW.exe
  2⤵
  PID:7916
- C:\Windows\System\NNtGePN.exe
  C:\Windows\System\NNtGePN.exe
  2⤵
  PID:8072
- C:\Windows\System\tKcyAyk.exe
  C:\Windows\System\tKcyAyk.exe
  2⤵
  PID:10312
- C:\Windows\System\chpOdrl.exe
  C:\Windows\System\chpOdrl.exe
  2⤵
  PID:10332
- C:\Windows\System\RMHFNJC.exe
  C:\Windows\System\RMHFNJC.exe
  2⤵
  PID:10352
- C:\Windows\System\IhzOqwj.exe
  C:\Windows\System\IhzOqwj.exe
  2⤵
  PID:10368
- C:\Windows\System\VqQWBnn.exe
  C:\Windows\System\VqQWBnn.exe
  2⤵
  PID:10392
- C:\Windows\System\evjyJwe.exe
  C:\Windows\System\evjyJwe.exe
  2⤵
  PID:10416
- C:\Windows\System\HAsqHav.exe
  C:\Windows\System\HAsqHav.exe
  2⤵
  PID:10432
- C:\Windows\System\uzZzwQG.exe
  C:\Windows\System\uzZzwQG.exe
  2⤵
  PID:10452
- C:\Windows\System\VBEyxif.exe
  C:\Windows\System\VBEyxif.exe
  2⤵
  PID:10472
- C:\Windows\System\KRCQfYT.exe
  C:\Windows\System\KRCQfYT.exe
  2⤵
  PID:10516
- C:\Windows\System\sivpBCV.exe
  C:\Windows\System\sivpBCV.exe
  2⤵
  PID:10540
- C:\Windows\System\eGDsFeD.exe
  C:\Windows\System\eGDsFeD.exe
  2⤵
  PID:10556
- C:\Windows\System\RTfRdfH.exe
  C:\Windows\System\RTfRdfH.exe
  2⤵
  PID:10576
- C:\Windows\System\aPVLgip.exe
  C:\Windows\System\aPVLgip.exe
  2⤵
  PID:10608
- C:\Windows\System\YVVLUuU.exe
  C:\Windows\System\YVVLUuU.exe
  2⤵
  PID:10660
- C:\Windows\System\EbbLjVe.exe
  C:\Windows\System\EbbLjVe.exe
  2⤵
  PID:10676
- C:\Windows\System\xPxNMeN.exe
  C:\Windows\System\xPxNMeN.exe
  2⤵
  PID:10700
- C:\Windows\System\NutLAvP.exe
  C:\Windows\System\NutLAvP.exe
  2⤵
  PID:10724
- C:\Windows\System\AhWzxGc.exe
  C:\Windows\System\AhWzxGc.exe
  2⤵
  PID:10752
- C:\Windows\System\XSpZsIJ.exe
  C:\Windows\System\XSpZsIJ.exe
  2⤵
  PID:10776
- C:\Windows\System\OuXRxoB.exe
  C:\Windows\System\OuXRxoB.exe
  2⤵
  PID:10800
- C:\Windows\System\UJpFTxA.exe
  C:\Windows\System\UJpFTxA.exe
  2⤵
  PID:10824
- C:\Windows\System\RzgsQwU.exe
  C:\Windows\System\RzgsQwU.exe
  2⤵
  PID:10856
- C:\Windows\System\nEMQPfJ.exe
  C:\Windows\System\nEMQPfJ.exe
  2⤵
  PID:10872
- C:\Windows\System\fmkqXGA.exe
  C:\Windows\System\fmkqXGA.exe
  2⤵
  PID:10896
- C:\Windows\System\vvpdvNk.exe
  C:\Windows\System\vvpdvNk.exe
  2⤵
  PID:10916
- C:\Windows\System\gixczEN.exe
  C:\Windows\System\gixczEN.exe
  2⤵
  PID:10936
- C:\Windows\System\DNTaLvw.exe
  C:\Windows\System\DNTaLvw.exe
  2⤵
  PID:10952
- C:\Windows\System\UXrgXZP.exe
  C:\Windows\System\UXrgXZP.exe
  2⤵
  PID:10968
- C:\Windows\System\ykYODJg.exe
  C:\Windows\System\ykYODJg.exe
  2⤵
  PID:10992
- C:\Windows\System\gvyPgkD.exe
  C:\Windows\System\gvyPgkD.exe
  2⤵
  PID:11008
- C:\Windows\System\YpPCxwC.exe
  C:\Windows\System\YpPCxwC.exe
  2⤵
  PID:11024
- C:\Windows\System\AzkQtqD.exe
  C:\Windows\System\AzkQtqD.exe
  2⤵
  PID:11044
- C:\Windows\System\zWOhVhK.exe
  C:\Windows\System\zWOhVhK.exe
  2⤵
  PID:11068
- C:\Windows\System\CiXtuMn.exe
  C:\Windows\System\CiXtuMn.exe
  2⤵
  PID:11100
- C:\Windows\System\snEOrGu.exe
  C:\Windows\System\snEOrGu.exe
  2⤵
  PID:11124
- C:\Windows\System\VlZOPtF.exe
  C:\Windows\System\VlZOPtF.exe
  2⤵
  PID:11152
- C:\Windows\System\TPWyCaY.exe
  C:\Windows\System\TPWyCaY.exe
  2⤵
  PID:11172
- C:\Windows\System\ZPWTMvG.exe
  C:\Windows\System\ZPWTMvG.exe
  2⤵
  PID:11196
- C:\Windows\System\qhsHuWr.exe
  C:\Windows\System\qhsHuWr.exe
  2⤵
  PID:11220
- C:\Windows\System\JwHWzdS.exe
  C:\Windows\System\JwHWzdS.exe
  2⤵
  PID:11240
- C:\Windows\System\HTsBrVT.exe
  C:\Windows\System\HTsBrVT.exe
  2⤵
  PID:11260
- C:\Windows\System\rGqhIza.exe
  C:\Windows\System\rGqhIza.exe
  2⤵
  PID:9392
- C:\Windows\System\NDVBJgu.exe
  C:\Windows\System\NDVBJgu.exe
  2⤵
  PID:9416
- C:\Windows\System\DSmGqaq.exe
  C:\Windows\System\DSmGqaq.exe
  2⤵
  PID:9460
- C:\Windows\System\pyNeaCJ.exe
  C:\Windows\System\pyNeaCJ.exe
  2⤵
  PID:9508
- C:\Windows\System\lqVXlbw.exe
  C:\Windows\System\lqVXlbw.exe
  2⤵
  PID:9552
- C:\Windows\System\PTzjSvv.exe
  C:\Windows\System\PTzjSvv.exe
  2⤵
  PID:9768
- C:\Windows\System\wJYdxHN.exe
  C:\Windows\System\wJYdxHN.exe
  2⤵
  PID:9928
- C:\Windows\System\tWAcBAg.exe
  C:\Windows\System\tWAcBAg.exe
  2⤵
  PID:9964
- C:\Windows\System\zEYNluF.exe
  C:\Windows\System\zEYNluF.exe
  2⤵
  PID:10056
- C:\Windows\System\AsnazPW.exe
  C:\Windows\System\AsnazPW.exe
  2⤵
  PID:10140
- C:\Windows\System\FithSuF.exe
  C:\Windows\System\FithSuF.exe
  2⤵
  PID:8260
- C:\Windows\System\VQnGDBb.exe
  C:\Windows\System\VQnGDBb.exe
  2⤵
  PID:8380
- C:\Windows\System\aJPXZPq.exe
  C:\Windows\System\aJPXZPq.exe
  2⤵
  PID:8420
- C:\Windows\System\CFoQMOd.exe
  C:\Windows\System\CFoQMOd.exe
  2⤵
  PID:8460
- C:\Windows\System\SAOfbMg.exe
  C:\Windows\System\SAOfbMg.exe
  2⤵
  PID:8500
- C:\Windows\System\WBMwqVw.exe
  C:\Windows\System\WBMwqVw.exe
  2⤵
  PID:8560
- C:\Windows\System\YDFOXhd.exe
  C:\Windows\System\YDFOXhd.exe
  2⤵
  PID:8596
- C:\Windows\System\NDPtWBM.exe
  C:\Windows\System\NDPtWBM.exe
  2⤵
  PID:8632
- C:\Windows\System\xFfjpnh.exe
  C:\Windows\System\xFfjpnh.exe
  2⤵
  PID:8672
- C:\Windows\System\pIHbdyh.exe
  C:\Windows\System\pIHbdyh.exe
  2⤵
  PID:8712
- C:\Windows\System\MonnCxy.exe
  C:\Windows\System\MonnCxy.exe
  2⤵
  PID:8772
- C:\Windows\System\mFEJrJy.exe
  C:\Windows\System\mFEJrJy.exe
  2⤵
  PID:8812
- C:\Windows\System\aBBylwA.exe
  C:\Windows\System\aBBylwA.exe
  2⤵
  PID:8852
- C:\Windows\System\RKIOgKA.exe
  C:\Windows\System\RKIOgKA.exe
  2⤵
  PID:8888
- C:\Windows\System\BGIqRUp.exe
  C:\Windows\System\BGIqRUp.exe
  2⤵
  PID:8928
- C:\Windows\System\SVKkeIt.exe
  C:\Windows\System\SVKkeIt.exe
  2⤵
  PID:8976
- C:\Windows\System\tgrLpUf.exe
  C:\Windows\System\tgrLpUf.exe
  2⤵
  PID:9000
- C:\Windows\System\AWEkmOo.exe
  C:\Windows\System\AWEkmOo.exe
  2⤵
  PID:9044
- C:\Windows\System\nQDQlwM.exe
  C:\Windows\System\nQDQlwM.exe
  2⤵
  PID:9096
- C:\Windows\System\YvMAtxB.exe
  C:\Windows\System\YvMAtxB.exe
  2⤵
  PID:9132
- C:\Windows\System\SBqOeMS.exe
  C:\Windows\System\SBqOeMS.exe
  2⤵
  PID:9188
- C:\Windows\System\emopuVa.exe
  C:\Windows\System\emopuVa.exe
  2⤵
  PID:7300
- C:\Windows\System\elfVqpV.exe
  C:\Windows\System\elfVqpV.exe
  2⤵
  PID:4880
- C:\Windows\System\IVFUSZN.exe
  C:\Windows\System\IVFUSZN.exe
  2⤵
  PID:7260
- C:\Windows\System\Xvnecqn.exe
  C:\Windows\System\Xvnecqn.exe
  2⤵
  PID:7484
- C:\Windows\System\wUMSWdM.exe
  C:\Windows\System\wUMSWdM.exe
  2⤵
  PID:7352
- C:\Windows\System\JOEooFg.exe
  C:\Windows\System\JOEooFg.exe
  2⤵
  PID:11276
- C:\Windows\System\zOrYWNB.exe
  C:\Windows\System\zOrYWNB.exe
  2⤵
  PID:11300
- C:\Windows\System\nvmBWHV.exe
  C:\Windows\System\nvmBWHV.exe
  2⤵
  PID:11324
- C:\Windows\System\QwFhKVP.exe
  C:\Windows\System\QwFhKVP.exe
  2⤵
  PID:11344
- C:\Windows\System\vXZFIwl.exe
  C:\Windows\System\vXZFIwl.exe
  2⤵
  PID:11364
- C:\Windows\System\AmAtMze.exe
  C:\Windows\System\AmAtMze.exe
  2⤵
  PID:11388
- C:\Windows\System\WGtHVWU.exe
  C:\Windows\System\WGtHVWU.exe
  2⤵
  PID:11412
- C:\Windows\System\KRuOYNe.exe
  C:\Windows\System\KRuOYNe.exe
  2⤵
  PID:11436
- C:\Windows\System\ZOnQMEl.exe
  C:\Windows\System\ZOnQMEl.exe
  2⤵
  PID:11452
- C:\Windows\System\RLCxBGw.exe
  C:\Windows\System\RLCxBGw.exe
  2⤵
  PID:11476
- C:\Windows\System\YyOJIzS.exe
  C:\Windows\System\YyOJIzS.exe
  2⤵
  PID:11500
- C:\Windows\System\ytCpCvv.exe
  C:\Windows\System\ytCpCvv.exe
  2⤵
  PID:11528
- C:\Windows\System\xiIbxOR.exe
  C:\Windows\System\xiIbxOR.exe
  2⤵
  PID:11544
- C:\Windows\System\AvjgfXp.exe
  C:\Windows\System\AvjgfXp.exe
  2⤵
  PID:11564
- C:\Windows\System\ccVAdwl.exe
  C:\Windows\System\ccVAdwl.exe
  2⤵
  PID:11584
- C:\Windows\System\tCvYCjg.exe
  C:\Windows\System\tCvYCjg.exe
  2⤵
  PID:11608
- C:\Windows\System\XjKeStM.exe
  C:\Windows\System\XjKeStM.exe
  2⤵
  PID:11632
- C:\Windows\System\rCqbAIw.exe
  C:\Windows\System\rCqbAIw.exe
  2⤵
  PID:11652
- C:\Windows\System\KiLpvyq.exe
  C:\Windows\System\KiLpvyq.exe
  2⤵
  PID:11676
- C:\Windows\System\DjmtoNn.exe
  C:\Windows\System\DjmtoNn.exe
  2⤵
  PID:11700
- C:\Windows\System\mlSPLxZ.exe
  C:\Windows\System\mlSPLxZ.exe
  2⤵
  PID:11724
- C:\Windows\System\EhsLeul.exe
  C:\Windows\System\EhsLeul.exe
  2⤵
  PID:11748
- C:\Windows\System\WpgCxlC.exe
  C:\Windows\System\WpgCxlC.exe
  2⤵
  PID:11768
- C:\Windows\System\DgHrevf.exe
  C:\Windows\System\DgHrevf.exe
  2⤵
  PID:11796
- C:\Windows\System\wWilfqm.exe
  C:\Windows\System\wWilfqm.exe
  2⤵
  PID:11816
- C:\Windows\System\bcMLzjh.exe
  C:\Windows\System\bcMLzjh.exe
  2⤵
  PID:11844
- C:\Windows\System\czOKevX.exe
  C:\Windows\System\czOKevX.exe
  2⤵
  PID:11912
- C:\Windows\System\klxnrVn.exe
  C:\Windows\System\klxnrVn.exe
  2⤵
  PID:11928
- C:\Windows\System\zoCsQZL.exe
  C:\Windows\System\zoCsQZL.exe
  2⤵
  PID:11944
- C:\Windows\System\HXMvrlr.exe
  C:\Windows\System\HXMvrlr.exe
  2⤵
  PID:11980
- C:\Windows\System\UesHFGw.exe
  C:\Windows\System\UesHFGw.exe
  2⤵
  PID:12004
- C:\Windows\System\XfHBByf.exe
  C:\Windows\System\XfHBByf.exe
  2⤵
  PID:12036
- C:\Windows\System\OwgOvtk.exe
  C:\Windows\System\OwgOvtk.exe
  2⤵
  PID:12056
- C:\Windows\System\XkCaqZe.exe
  C:\Windows\System\XkCaqZe.exe
  2⤵
  PID:12080
- C:\Windows\System\LBbGozh.exe
  C:\Windows\System\LBbGozh.exe
  2⤵
  PID:12100
- C:\Windows\System\DgKvDfe.exe
  C:\Windows\System\DgKvDfe.exe
  2⤵
  PID:12120
- C:\Windows\System\erxUFkK.exe
  C:\Windows\System\erxUFkK.exe
  2⤵
  PID:12140
- C:\Windows\System\jbmiGeZ.exe
  C:\Windows\System\jbmiGeZ.exe
  2⤵
  PID:12160
- C:\Windows\System\OzbRUeV.exe
  C:\Windows\System\OzbRUeV.exe
  2⤵
  PID:12180
- C:\Windows\System\MKAtrJK.exe
  C:\Windows\System\MKAtrJK.exe
  2⤵
  PID:12196
- C:\Windows\System\aqnuRHR.exe
  C:\Windows\System\aqnuRHR.exe
  2⤵
  PID:12216
- C:\Windows\System\fXnuGFn.exe
  C:\Windows\System\fXnuGFn.exe
  2⤵
  PID:12232
- C:\Windows\System\lvwxXws.exe
  C:\Windows\System\lvwxXws.exe
  2⤵
  PID:12248
- C:\Windows\System\asvWmRy.exe
  C:\Windows\System\asvWmRy.exe
  2⤵
  PID:1612
- C:\Windows\System\rBQTAia.exe
  C:\Windows\System\rBQTAia.exe
  2⤵
  PID:10276
- C:\Windows\System\ZBAMvjb.exe
  C:\Windows\System\ZBAMvjb.exe
  2⤵
  PID:7584
- C:\Windows\System\JWjnHaV.exe
  C:\Windows\System\JWjnHaV.exe
  2⤵
  PID:9220
- C:\Windows\System\YjVCSWI.exe
  C:\Windows\System\YjVCSWI.exe
  2⤵
  PID:9276
- C:\Windows\System\DqXcKRQ.exe
  C:\Windows\System\DqXcKRQ.exe
  2⤵
  PID:3224
- C:\Windows\System\FEGEPrM.exe
  C:\Windows\System\FEGEPrM.exe
  2⤵
  PID:9344
- C:\Windows\System\LJTQDdW.exe
  C:\Windows\System\LJTQDdW.exe
  2⤵
  PID:2184
- C:\Windows\System\XLBKDyn.exe
  C:\Windows\System\XLBKDyn.exe
  2⤵
  PID:10444
- C:\Windows\System\JGuIbzX.exe
  C:\Windows\System\JGuIbzX.exe
  2⤵
  PID:3276
- C:\Windows\System\zuyFAIS.exe
  C:\Windows\System\zuyFAIS.exe
  2⤵
  PID:4836
- C:\Windows\System\IJZJaPM.exe
  C:\Windows\System\IJZJaPM.exe
  2⤵
  PID:9772
- C:\Windows\System\ladIByN.exe
  C:\Windows\System\ladIByN.exe
  2⤵
  PID:9856
- C:\Windows\System\AaQnIgm.exe
  C:\Windows\System\AaQnIgm.exe
  2⤵
  PID:9916
- C:\Windows\System\bmRkGkh.exe
  C:\Windows\System\bmRkGkh.exe
  2⤵
  PID:10044
- C:\Windows\System\nuhhwNo.exe
  C:\Windows\System\nuhhwNo.exe
  2⤵
  PID:10888
- C:\Windows\System\kpYFYrq.exe
  C:\Windows\System\kpYFYrq.exe
  2⤵
  PID:3400
- C:\Windows\System\vFLcFvU.exe
  C:\Windows\System\vFLcFvU.exe
  2⤵
  PID:11208
- C:\Windows\System\OBnHwDJ.exe
  C:\Windows\System\OBnHwDJ.exe
  2⤵
  PID:7428
- C:\Windows\System\cSjXeuY.exe
  C:\Windows\System\cSjXeuY.exe
  2⤵
  PID:9764
- C:\Windows\System\yKsTpei.exe
  C:\Windows\System\yKsTpei.exe
  2⤵
  PID:6904
- C:\Windows\System\ISnowKZ.exe
  C:\Windows\System\ISnowKZ.exe
  2⤵
  PID:8656
- C:\Windows\System\vBJtEyc.exe
  C:\Windows\System\vBJtEyc.exe
  2⤵
  PID:7960
- C:\Windows\System\qkADGgM.exe
  C:\Windows\System\qkADGgM.exe
  2⤵
  PID:7256
- C:\Windows\System\FRRMMQt.exe
  C:\Windows\System\FRRMMQt.exe
  2⤵
  PID:11296
- C:\Windows\System\CPAyqcG.exe
  C:\Windows\System\CPAyqcG.exe
  2⤵
  PID:11340
- C:\Windows\System\VznUviy.exe
  C:\Windows\System\VznUviy.exe
  2⤵
  PID:11384
- C:\Windows\System\QNyNuWs.exe
  C:\Windows\System\QNyNuWs.exe
  2⤵
  PID:11408
- C:\Windows\System\rZKUPYT.exe
  C:\Windows\System\rZKUPYT.exe
  2⤵
  PID:12308
- C:\Windows\System\TnInjFn.exe
  C:\Windows\System\TnInjFn.exe
  2⤵
  PID:12324
- C:\Windows\System\MhPHrpk.exe
  C:\Windows\System\MhPHrpk.exe
  2⤵
  PID:12340
- C:\Windows\System\NDEWqvc.exe
  C:\Windows\System\NDEWqvc.exe
  2⤵
  PID:12356
- C:\Windows\System\ziYdIpa.exe
  C:\Windows\System\ziYdIpa.exe
  2⤵
  PID:12376
- C:\Windows\System\yWMDwHH.exe
  C:\Windows\System\yWMDwHH.exe
  2⤵
  PID:12396
- C:\Windows\System\wGTxNPg.exe
  C:\Windows\System\wGTxNPg.exe
  2⤵
  PID:12424
- C:\Windows\System\TwmwWjv.exe
  C:\Windows\System\TwmwWjv.exe
  2⤵
  PID:12444
- C:\Windows\System\IenNDZm.exe
  C:\Windows\System\IenNDZm.exe
  2⤵
  PID:12464
- C:\Windows\System\TSVckAO.exe
  C:\Windows\System\TSVckAO.exe
  2⤵
  PID:12488
- C:\Windows\System\HnfhmeG.exe
  C:\Windows\System\HnfhmeG.exe
  2⤵
  PID:12512
- C:\Windows\System\LenMKBs.exe
  C:\Windows\System\LenMKBs.exe
  2⤵
  PID:12544
- C:\Windows\System\hidBbBE.exe
  C:\Windows\System\hidBbBE.exe
  2⤵
  PID:12568
- C:\Windows\System\Omaipqu.exe
  C:\Windows\System\Omaipqu.exe
  2⤵
  PID:12592
- C:\Windows\System\zQkOuJD.exe
  C:\Windows\System\zQkOuJD.exe
  2⤵
  PID:12620
- C:\Windows\System\hclWTvb.exe
  C:\Windows\System\hclWTvb.exe
  2⤵
  PID:12640
- C:\Windows\System\qTZuXvO.exe
  C:\Windows\System\qTZuXvO.exe
  2⤵
  PID:12664
- C:\Windows\System\IYBMRHW.exe
  C:\Windows\System\IYBMRHW.exe
  2⤵
  PID:12684
- C:\Windows\System\xrjQveH.exe
  C:\Windows\System\xrjQveH.exe
  2⤵
  PID:12708
- C:\Windows\System\LiVLnMS.exe
  C:\Windows\System\LiVLnMS.exe
  2⤵
  PID:12728
- C:\Windows\System\KixFHRz.exe
  C:\Windows\System\KixFHRz.exe
  2⤵
  PID:12748
- C:\Windows\System\OzvlyPv.exe
  C:\Windows\System\OzvlyPv.exe
  2⤵
  PID:12768
- C:\Windows\System\cDQGGcL.exe
  C:\Windows\System\cDQGGcL.exe
  2⤵
  PID:12788
- C:\Windows\System\vglATbf.exe
  C:\Windows\System\vglATbf.exe
  2⤵
  PID:12808
- C:\Windows\System\FiRIaNQ.exe
  C:\Windows\System\FiRIaNQ.exe
  2⤵
  PID:12832
- C:\Windows\System\SelsVwt.exe
  C:\Windows\System\SelsVwt.exe
  2⤵
  PID:12852
- C:\Windows\System\QRYiLRl.exe
  C:\Windows\System\QRYiLRl.exe
  2⤵
  PID:12876
- C:\Windows\System\UDbpIVX.exe
  C:\Windows\System\UDbpIVX.exe
  2⤵
  PID:12900
- C:\Windows\System\fsiyxaC.exe
  C:\Windows\System\fsiyxaC.exe
  2⤵
  PID:12916
- C:\Windows\System\VrfFHKJ.exe
  C:\Windows\System\VrfFHKJ.exe
  2⤵
  PID:12952
- C:\Windows\System\unWsjXq.exe
  C:\Windows\System\unWsjXq.exe
  2⤵
  PID:12976
- C:\Windows\System\cAXUGot.exe
  C:\Windows\System\cAXUGot.exe
  2⤵
  PID:13008
- C:\Windows\System\ejFHViQ.exe
  C:\Windows\System\ejFHViQ.exe
  2⤵
  PID:11572
- C:\Windows\System\jYvDKOJ.exe
  C:\Windows\System\jYvDKOJ.exe
  2⤵
  PID:11708
- C:\Windows\System\aNFdlpx.exe
  C:\Windows\System\aNFdlpx.exe
  2⤵
  PID:11780
- C:\Windows\System\dBsaMjQ.exe
  C:\Windows\System\dBsaMjQ.exe
  2⤵
  PID:12680
- C:\Windows\System\zIKiUoK.exe
  C:\Windows\System\zIKiUoK.exe
  2⤵
  PID:12764
- C:\Windows\System\XnybwsL.exe
  C:\Windows\System\XnybwsL.exe
  2⤵
  PID:10532
- C:\Windows\System\tLmnOfO.exe
  C:\Windows\System\tLmnOfO.exe
  2⤵
  PID:10600
- C:\Windows\System\NiYWehp.exe
  C:\Windows\System\NiYWehp.exe
  2⤵
  PID:11900
- C:\Windows\System\YgjNQYC.exe
  C:\Windows\System\YgjNQYC.exe
  2⤵
  PID:13052
- C:\Windows\System\ijlEnPk.exe
  C:\Windows\System\ijlEnPk.exe
  2⤵
  PID:13072
- C:\Windows\System\pphWlJo.exe
  C:\Windows\System\pphWlJo.exe
  2⤵
  PID:7252
- C:\Windows\System\bkraMGb.exe
  C:\Windows\System\bkraMGb.exe
  2⤵
  PID:12336
- C:\Windows\System\velxPBx.exe
  C:\Windows\System\velxPBx.exe
  2⤵
  PID:12300
- C:\Windows\System\ivZhwuL.exe
  C:\Windows\System\ivZhwuL.exe
  2⤵
  PID:13204
- C:\Windows\System\kdVICBH.exe
  C:\Windows\System\kdVICBH.exe
  2⤵
  PID:13240
- C:\Windows\System\Udlehmk.exe
  C:\Windows\System\Udlehmk.exe
  2⤵
  PID:13296
- C:\Windows\System\decdDjL.exe
  C:\Windows\System\decdDjL.exe
  2⤵
  PID:11420
- C:\Windows\System\CWESJvH.exe
  C:\Windows\System\CWESJvH.exe
  2⤵
  PID:12064
- C:\Windows\System\oboRQaC.exe
  C:\Windows\System\oboRQaC.exe
  2⤵
  PID:11056
- C:\Windows\System\pUClMpl.exe
  C:\Windows\System\pUClMpl.exe
  2⤵
  PID:11160
- C:\Windows\System\KIznwvq.exe
  C:\Windows\System\KIznwvq.exe
  2⤵
  PID:10092
- C:\Windows\System\XhEAjZM.exe
  C:\Windows\System\XhEAjZM.exe
  2⤵
  PID:10768
- C:\Windows\System\VzbuGkz.exe
  C:\Windows\System\VzbuGkz.exe
  2⤵
  PID:10164
- C:\Windows\System\oNBcRlA.exe
  C:\Windows\System\oNBcRlA.exe
  2⤵
  PID:7804
- C:\Windows\System\fAKXhhl.exe
  C:\Windows\System\fAKXhhl.exe
  2⤵
  PID:11468
- C:\Windows\System\RKFMhOz.exe
  C:\Windows\System\RKFMhOz.exe
  2⤵
  PID:11660
- C:\Windows\System\qHvffGC.exe
  C:\Windows\System\qHvffGC.exe
  2⤵
  PID:11484
- C:\Windows\System\FdToqdX.exe
  C:\Windows\System\FdToqdX.exe
  2⤵
  PID:11560
- C:\Windows\System\sICWRSs.exe
  C:\Windows\System\sICWRSs.exe
  2⤵
  PID:10296
- C:\Windows\System\mrqdmBZ.exe
  C:\Windows\System\mrqdmBZ.exe
  2⤵
  PID:13060
- C:\Windows\System\CQiFSOA.exe
  C:\Windows\System\CQiFSOA.exe
  2⤵
  PID:13144
- C:\Windows\System\MaKRhbz.exe
  C:\Windows\System\MaKRhbz.exe
  2⤵
  PID:12116
- C:\Windows\System\QdjihSD.exe
  C:\Windows\System\QdjihSD.exe
  2⤵
  PID:13200
- C:\Windows\System\FzSnqfv.exe
  C:\Windows\System\FzSnqfv.exe
  2⤵
  PID:10980
- C:\Windows\System\vmMETke.exe
  C:\Windows\System\vmMETke.exe
  2⤵
  PID:7376
- C:\Windows\System\zAnkUwO.exe
  C:\Windows\System\zAnkUwO.exe
  2⤵
  PID:10268
- C:\Windows\System\DgVvYDy.exe
  C:\Windows\System\DgVvYDy.exe
  2⤵
  PID:9504
- C:\Windows\System\npXdHew.exe
  C:\Windows\System\npXdHew.exe
  2⤵
  PID:9748
- C:\Windows\System\UxCqrcc.exe
  C:\Windows\System\UxCqrcc.exe
  2⤵
  PID:12472
- C:\Windows\System\xYGgyJW.exe
  C:\Windows\System\xYGgyJW.exe
  2⤵
  PID:8828
- C:\Windows\System\VqNlKBg.exe
  C:\Windows\System\VqNlKBg.exe
  2⤵
  PID:4588
- C:\Windows\System\TqaInFS.exe
  C:\Windows\System\TqaInFS.exe
  2⤵
  PID:9148
- C:\Windows\System\hJoQoZh.exe
  C:\Windows\System\hJoQoZh.exe
  2⤵
  PID:11004
- C:\Windows\System\qhllrDZ.exe
  C:\Windows\System\qhllrDZ.exe
  2⤵
  PID:10864
- C:\Windows\System\QlLaWhn.exe
  C:\Windows\System\QlLaWhn.exe
  2⤵
  PID:2624
- C:\Windows\System\WWhNucs.exe
  C:\Windows\System\WWhNucs.exe
  2⤵
  PID:12868
- C:\Windows\System\bjVmLJF.exe
  C:\Windows\System\bjVmLJF.exe
  2⤵
  PID:12636
- C:\Windows\System\jaeXwMz.exe
  C:\Windows\System\jaeXwMz.exe
  2⤵
  PID:10820
- C:\Windows\System\tClFRJH.exe
  C:\Windows\System\tClFRJH.exe
  2⤵
  PID:9316
- C:\Windows\System\nIJSsZR.exe
  C:\Windows\System\nIJSsZR.exe
  2⤵
  PID:9728
- C:\Windows\System\aWCrwNY.exe
  C:\Windows\System\aWCrwNY.exe
  2⤵
  PID:10644
- C:\Windows\System\WYNsojO.exe
  C:\Windows\System\WYNsojO.exe
  2⤵
  PID:12912
- C:\Windows\System\SNbFiDT.exe
  C:\Windows\System\SNbFiDT.exe
  2⤵
  PID:9452
- C:\Windows\System\VqGHTIQ.exe
  C:\Windows\System\VqGHTIQ.exe
  2⤵
  PID:8256
- C:\Windows\System\RHvPbQS.exe
  C:\Windows\System\RHvPbQS.exe
  2⤵
  PID:10748
- C:\Windows\System\oaQjCnC.exe
  C:\Windows\System\oaQjCnC.exe
  2⤵
  PID:12092
- C:\Windows\System\HmbPwap.exe
  C:\Windows\System\HmbPwap.exe
  2⤵
  PID:7884
- C:\Windows\System\IYaNurV.exe
  C:\Windows\System\IYaNurV.exe
  2⤵
  PID:11736
- C:\Windows\System\HlbYCSD.exe
  C:\Windows\System\HlbYCSD.exe
  2⤵
  PID:9572
- C:\Windows\System\KPWDzNB.exe
  C:\Windows\System\KPWDzNB.exe
  2⤵
  PID:12088
- C:\Windows\System\GqsnODr.exe
  C:\Windows\System\GqsnODr.exe
  2⤵
  PID:11764
- C:\Windows\System\OFNvtvL.exe
  C:\Windows\System\OFNvtvL.exe
  2⤵
  PID:12460
- C:\Windows\System\VqLWsgH.exe
  C:\Windows\System\VqLWsgH.exe
  2⤵
  PID:7184
- C:\Windows\System\eVFGXcn.exe
  C:\Windows\System\eVFGXcn.exe
  2⤵
  PID:7220
- C:\Windows\System\VoXHDnD.exe
  C:\Windows\System\VoXHDnD.exe
  2⤵
  PID:7292
- C:\Windows\System\YXichZb.exe
  C:\Windows\System\YXichZb.exe
  2⤵
  PID:12012
- C:\Windows\System\OoEPdWA.exe
  C:\Windows\System\OoEPdWA.exe
  2⤵
  PID:10320
- C:\Windows\System\jOTPLIb.exe
  C:\Windows\System\jOTPLIb.exe
  2⤵
  PID:12960
- C:\Windows\System\slVbkEZ.exe
  C:\Windows\System\slVbkEZ.exe
  2⤵
  PID:11808
- C:\Windows\System\WUcMRnk.exe
  C:\Windows\System\WUcMRnk.exe
  2⤵
  PID:13332
- C:\Windows\System\cGpTGWu.exe
  C:\Windows\System\cGpTGWu.exe
  2⤵
  PID:13364
- C:\Windows\System\UlizkTA.exe
  C:\Windows\System\UlizkTA.exe
  2⤵
  PID:13548
- C:\Windows\System\MKqQnIJ.exe
  C:\Windows\System\MKqQnIJ.exe
  2⤵
  PID:13596
- C:\Windows\System\arMSXEm.exe
  C:\Windows\System\arMSXEm.exe
  2⤵
  PID:13620
- C:\Windows\System\rUVwdCt.exe
  C:\Windows\System\rUVwdCt.exe
  2⤵
  PID:13636
- C:\Windows\System\wiWBPnj.exe
  C:\Windows\System\wiWBPnj.exe
  2⤵
  PID:13660
- C:\Windows\System\GyWwbcg.exe
  C:\Windows\System\GyWwbcg.exe
  2⤵
  PID:13680
- C:\Windows\System\aWuiNiy.exe
  C:\Windows\System\aWuiNiy.exe
  2⤵
  PID:13700
- C:\Windows\System\OZVJIqh.exe
  C:\Windows\System\OZVJIqh.exe
  2⤵
  PID:13720
- C:\Windows\System\BfOfLBN.exe
  C:\Windows\System\BfOfLBN.exe
  2⤵
  PID:13748
- C:\Windows\System\vUwNmen.exe
  C:\Windows\System\vUwNmen.exe
  2⤵
  PID:13772
- C:\Windows\System\PvGEcdc.exe
  C:\Windows\System\PvGEcdc.exe
  2⤵
  PID:13788
- C:\Windows\System\aHPaVRo.exe
  C:\Windows\System\aHPaVRo.exe
  2⤵
  PID:13980
- C:\Windows\System\wLwejdR.exe
  C:\Windows\System\wLwejdR.exe
  2⤵
  PID:14004
- C:\Windows\System\HXhGVgl.exe
  C:\Windows\System\HXhGVgl.exe
  2⤵
  PID:14020
- C:\Windows\System\mTbrMpU.exe
  C:\Windows\System\mTbrMpU.exe
  2⤵
  PID:14040
- C:\Windows\System\MOXoUsI.exe
  C:\Windows\System\MOXoUsI.exe
  2⤵
  PID:14056
- C:\Windows\System\esEyWvJ.exe
  C:\Windows\System\esEyWvJ.exe
  2⤵
  PID:14072
- C:\Windows\System\InDvnAb.exe
  C:\Windows\System\InDvnAb.exe
  2⤵
  PID:14100
- C:\Windows\System\inwlbXw.exe
  C:\Windows\System\inwlbXw.exe
  2⤵
  PID:14120
- C:\Windows\System\EkgGSBB.exe
  C:\Windows\System\EkgGSBB.exe
  2⤵
  PID:14148
- C:\Windows\System\xTKpDHy.exe
  C:\Windows\System\xTKpDHy.exe
  2⤵
  PID:14176
- C:\Windows\System\dmpQoQB.exe
  C:\Windows\System\dmpQoQB.exe
  2⤵
  PID:14200
- C:\Windows\System\bJJjcXA.exe
  C:\Windows\System\bJJjcXA.exe
  2⤵
  PID:14264
- C:\Windows\System\DDMHLLy.exe
  C:\Windows\System\DDMHLLy.exe
  2⤵
  PID:14320
- C:\Windows\System\pZvRulW.exe
  C:\Windows\System\pZvRulW.exe
  2⤵
  PID:10960
- C:\Windows\System\NKftpuU.exe
  C:\Windows\System\NKftpuU.exe
  2⤵
  PID:12696
- C:\Windows\System\sKeOYHY.exe
  C:\Windows\System\sKeOYHY.exe
  2⤵
  PID:9348
- C:\Windows\System\FXTfvAs.exe
  C:\Windows\System\FXTfvAs.exe
  2⤵
  PID:4236
- C:\Windows\System\uDeydqP.exe
  C:\Windows\System\uDeydqP.exe
  2⤵
  PID:13428
- C:\Windows\System\fSdXCDy.exe
  C:\Windows\System\fSdXCDy.exe
  2⤵
  PID:13360
- C:\Windows\System\YsjRFsr.exe
  C:\Windows\System\YsjRFsr.exe
  2⤵
  PID:13344
- C:\Windows\System\yGgpecu.exe
  C:\Windows\System\yGgpecu.exe
  2⤵
  PID:13408
- C:\Windows\System\IYhqqPR.exe
  C:\Windows\System\IYhqqPR.exe
  2⤵
  PID:13652
- C:\Windows\System\uUhlZRk.exe
  C:\Windows\System\uUhlZRk.exe
  2⤵
  PID:13672
- C:\Windows\System\sloeZCx.exe
  C:\Windows\System\sloeZCx.exe
  2⤵
  PID:13812
- C:\Windows\System\ROHzeYh.exe
  C:\Windows\System\ROHzeYh.exe
  2⤵
  PID:13840
- C:\Windows\System\uKZCtZS.exe
  C:\Windows\System\uKZCtZS.exe
  2⤵
  PID:14212
- C:\Windows\System\XTXzLbl.exe
  C:\Windows\System\XTXzLbl.exe
  2⤵
  PID:14232
- C:\Windows\System\jBYAcAc.exe
  C:\Windows\System\jBYAcAc.exe
  2⤵
  PID:14172
- C:\Windows\System\VvLssAw.exe
  C:\Windows\System\VvLssAw.exe
  2⤵
  PID:14276
- C:\Windows\System\tesBXMO.exe
  C:\Windows\System\tesBXMO.exe
  2⤵
  PID:8696
- C:\Windows\System\UkbHyfT.exe
  C:\Windows\System\UkbHyfT.exe
  2⤵
  PID:5992
- C:\Windows\System\KJXZrAb.exe
  C:\Windows\System\KJXZrAb.exe
  2⤵
  PID:464
- C:\Windows\System\NHcTzLV.exe
  C:\Windows\System\NHcTzLV.exe
  2⤵
  PID:968
- C:\Windows\System\VuuYTGt.exe
  C:\Windows\System\VuuYTGt.exe
  2⤵
  PID:13320
- C:\Windows\System\dHwqYhm.exe
  C:\Windows\System\dHwqYhm.exe
  2⤵
  PID:7924
- C:\Windows\System\azuwJyu.exe
  C:\Windows\System\azuwJyu.exe
  2⤵
  PID:1164
- C:\Windows\System\taTTIhV.exe
  C:\Windows\System\taTTIhV.exe
  2⤵
  PID:4596
- C:\Windows\System\ovhgVGJ.exe
  C:\Windows\System\ovhgVGJ.exe
  2⤵
  PID:9252
- C:\Windows\System\IrScYDS.exe
  C:\Windows\System\IrScYDS.exe
  2⤵
  PID:13492
- C:\Windows\System\RHGZobg.exe
  C:\Windows\System\RHGZobg.exe
  2⤵
  PID:13460
- C:\Windows\System\VTLchJl.exe
  C:\Windows\System\VTLchJl.exe
  2⤵
  PID:13420
- C:\Windows\System\qNovPqN.exe
  C:\Windows\System\qNovPqN.exe
  2⤵
  PID:13348
- C:\Windows\System\nRChZVW.exe
  C:\Windows\System\nRChZVW.exe
  2⤵
  PID:13556
- C:\Windows\System\NTVBBBA.exe
  C:\Windows\System\NTVBBBA.exe
  2⤵
  PID:13736
- C:\Windows\System\ECSHGMO.exe
  C:\Windows\System\ECSHGMO.exe
  2⤵
  PID:13608
- C:\Windows\System\JxpyqTD.exe
  C:\Windows\System\JxpyqTD.exe
  2⤵
  PID:13872
- C:\Windows\System\MgwaBUa.exe
  C:\Windows\System\MgwaBUa.exe
  2⤵
  PID:14048
- C:\Windows\System\asktCMh.exe
  C:\Windows\System\asktCMh.exe
  2⤵
  PID:14028
- C:\Windows\System\SzliMmW.exe
  C:\Windows\System\SzliMmW.exe
  2⤵
  PID:13472
- C:\Windows\System\lEFGElL.exe
  C:\Windows\System\lEFGElL.exe
  2⤵
  PID:13708
- C:\Windows\System\WcXtqZM.exe
  C:\Windows\System\WcXtqZM.exe
  2⤵
  PID:13616
- C:\Windows\System\tqYtAct.exe
  C:\Windows\System\tqYtAct.exe
  2⤵
  PID:13924
- C:\Windows\System\EEihoLE.exe
  C:\Windows\System\EEihoLE.exe
  2⤵
  PID:13920
- C:\Windows\System\qGHhABL.exe
  C:\Windows\System\qGHhABL.exe
  2⤵
  PID:5176
- C:\Windows\System\CyneoFR.exe
  C:\Windows\System\CyneoFR.exe
  2⤵
  PID:3908
- C:\Windows\System\eQsBcxz.exe
  C:\Windows\System\eQsBcxz.exe
  2⤵
  PID:10736
- C:\Windows\System\FGjnGVF.exe
  C:\Windows\System\FGjnGVF.exe
  2⤵
  PID:13676
- C:\Windows\System\MbpLvBg.exe
  C:\Windows\System\MbpLvBg.exe
  2⤵
  PID:4412
- C:\Windows\System\jZutFXv.exe
  C:\Windows\System\jZutFXv.exe
  2⤵
  PID:14260
- C:\Windows\System\BZVhgSH.exe
  C:\Windows\System\BZVhgSH.exe
  2⤵
  PID:14012

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:13956

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13976

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1544

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:13356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q2go02wc.umh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ArveCbo.exe

Filesize
1.9MB

MD5
31992a9468b9f3028a2598809cf18de4

SHA1
5ac7c356d758b377ed1bce2d199a6446f99f5c7a

SHA256
af4b4cd8a9c3a72628a1c7b1a2376bcaa1ae5f9f5ce83068ed72e1cc6437ed3d

SHA512
e2f9b349752054e4e336cd302d724e23c557341c1c57d8e08e095e2f4190ddd1775a667b01208a3396f0abf3a0ed2c3e97c4fb0db1523a186e5478a6bdad6b86

Download Submit
C:\Windows\System\AvRyRrR.exe

Filesize
1.9MB

MD5
3423533c818e71ec2fd3845343147d91

SHA1
dd3c02a5f1001396ed992d2de6adc407e8847d71

SHA256
0b378238b47c28509f53e97eba5c7449e165947b66ba5c40a8732b0a9cd96e13

SHA512
26167a33992650247aef9c419cb7019abc315574de7fc6b5ac3791a0c1a3a0a10da83e4931f6e76d46e711fdbcd1fd6ea75b5b6b754354e5268703b1ad8824e5

Download Submit
C:\Windows\System\ETHcdDd.exe

Filesize
1.9MB

MD5
86b881319d9706708c759a3b48ff4cf6

SHA1
3996aaba45c3afa6a80deb4feef0f51d2134701e

SHA256
d4ded91acf900692880e24c1ec904c90cf1ab1414a87ca3b035a3801ce3a9fe4

SHA512
5fdcf4a58ad3062a92c4bff8bd651cfe774bcb209099289fc363ced9ef91b443e70f79c9c916ba3082a2b414cb5a0ede5f3eb0f4cc7bafeae2ae1f43df3e3ab4

Download Submit
C:\Windows\System\IyxampU.exe

Filesize
1.9MB

MD5
c609e0357969c84ae679a90d1c034966

SHA1
3a929d656cbea263b43a9b77e660563d6698bb1e

SHA256
f6e2a8eb12183de3273ecf19147351a5bf2002014db939f5207512584c19f21c

SHA512
19b10e26e353639953614e67a9fabe4c99ab6298bd10e7ec1cbf5ac93ba52e5c4545c43a93420a320805259a2f79562821d9e709a943d825e1b6f33913c994a0

Download Submit
C:\Windows\System\IzsOGVt.exe

Filesize
1.9MB

MD5
7a14f90f7d37521f1af2f0ea0a1ab07d

SHA1
d88d24aa322d5382a1c52b2471ff6c726842301b

SHA256
090be08cc96761ed5fb6010f72bfcfdc814d50f7b60b646d14642c69458a911f

SHA512
3395c83c6b7f788e88bc8b46bf72786cb90676cba2937df635993cc429084ed67b007286e35e6a042ca2d30bba95731280c9cfe6c312f3a39a61996fe9d69d5d

Download Submit
C:\Windows\System\KJtJPEr.exe

Filesize
1.9MB

MD5
fcd08fc7eee676ba0bf3c2115d3d1b2d

SHA1
f5517dd758fbe5b855f2e2eea5ccd8a8ed82a430

SHA256
66459c446d0132aa1dcc7661b0d6430b96f760b93e3dcade2ec41ae150525d45

SHA512
9fe5211c5e894a7bd61958ebae0c824cd05ca7e0fc624e212c993427ffa9dc0a2bb94c0d6fbaba80b7c9c41e822c0f7be25b1841008f42bf37bf52b399df2890

Download Submit
C:\Windows\System\KSTtPow.exe

Filesize
1.9MB

MD5
bee43be131cb837a7b5c1d81439b1006

SHA1
a424c5f581d2f48520c4cf5949e9b24f6c43c526

SHA256
4f7569df6b6fd27ee8d43b0e38de9d1a2357f010716c41b83089a5479a455858

SHA512
48beea60a622764cec62c517cee28b403e846e018c1c2177161b911f8a22aa7302de80312b5271084030e7f65ef699623e46fbb98cc57d0cf46094cf614019b5

Download Submit
C:\Windows\System\NHzgtXa.exe

Filesize
1.9MB

MD5
cb82b19ef7bba69bcf3f81f102ab7cec

SHA1
e6c1f1a9426a909b9a7c973ef01e127b53d62a91

SHA256
99e8b19c533d912737a40d05773544c5a2657bfbb9f843b69983eb58c63a27d3

SHA512
b1b6db8e0b94aa920fabb132c1ee8e96e049b80993caf6852102d02ae63975cbb91a8876c6c91618828abf07f1a2d7019b9e475cfe17b01827334d0721d6773b

Download Submit
C:\Windows\System\OdAYDTJ.exe

Filesize
1.9MB

MD5
f194a677b4ff414d57b44882257fd911

SHA1
036f82161a5579a12926835a3fefce606a5203b9

SHA256
052a3dcee942dde7ceb029223f2bd33ec5d9911e9e5f080579c9201ed7ec107f

SHA512
8e8bb4350b2de0df0df4ddf911545e348e1c7c823cb6216acb9a1a75654277bb3cb03cfce49727165b324f08ec5f8794b755b7dbb6885b34c4eda6ed05cf0fc2

Download Submit
C:\Windows\System\OsGcsWG.exe

Filesize
1.9MB

MD5
6e03f471e4bd3909e3d2d9b5e46c2cca

SHA1
2d6764a1ce263b5ab71a9b7d17bca4dad93a92f3

SHA256
3d9892c160ab818818b476e9fc1f47d9a9d320e4bf6f8922138c643a3d7529f1

SHA512
d78c177ec3ec5fe51ab6a6c9f738767c591c5e347d2f9ccee7e21304ba4d46a691d868ab2913d92e79a2f0b076f6daf81416739223941a70b88895991ce26bd3

Download Submit
C:\Windows\System\PRbMfMd.exe

Filesize
1.9MB

MD5
d687dd1383041ba0bb27394e63b0b77b

SHA1
0b9f97214f1c723c442bcdaf564b3efb7ecad647

SHA256
16f76f3e6b559afce82ba1be032bccb5e6b192465c87c333e93c7d625a061928

SHA512
9b9a4441262f662f7e46b39781bd946fb08324f6097a2ea3e62ccf6eea62f47369716e653a7964f26747821148bc38f2b216e7a80e82561ce0d8ff5c14023967

Download Submit
C:\Windows\System\QuufTag.exe

Filesize
1.9MB

MD5
e4f917ba4ec4723539e7d385b3a49306

SHA1
3c937b0b929e0b46e9e9ab409d55f3ac6bea188a

SHA256
a1936b5dc3e785b511c0a36a0875c7592262e16592b59c04237d0c8b894e30cf

SHA512
81953ff530b764860d2361f6f958c5cfeec4ae185d3dfb0716933b0c2f4c8ea6c0ac6916b044860f296902cf090f5086208fe0816a929318cd90c9bb1143a138

Download Submit
C:\Windows\System\TqAueUg.exe

Filesize
1.9MB

MD5
89090954d03728a5ca543037096046bd

SHA1
bae8c64b9aac6fe4dcf10a7263fa27de35b10c60

SHA256
87b87f5e18979924c5e14f93d17972b4899fca8bbcbd47175ba09dc0f18d8eee

SHA512
7a90ee8381e8bbf6fd5be878db2e26fbeed6e6bfc15e7c575b478c8b844a54df8e0548828612c0b27401ba2ff2986a0bd3858d56b77fa08a16b0c656e71198b1

Download Submit
C:\Windows\System\WYsyBWc.exe

Filesize
1.9MB

MD5
3d054154fe527b000e9ea2bbd5fedd85

SHA1
d91d837849b8dc4d1932babe828fc848420f3ef7

SHA256
ba7b294f1205c06f9e663416b4d5b28ba0cb94b897a750f7a88dc3e70f6aecfc

SHA512
51257c2c6ba047a04bd9a4f894d0f959a56917374463a6f95ee30baf23a6300be0bdac14dfc689d03a4aa7466744a3eb87976a8cd74785b7093308882d041e8a

Download Submit
C:\Windows\System\XYvLeNG.exe

Filesize
1.9MB

MD5
98f81fff91a5c0b9e28af63523a159e0

SHA1
508fff8941076e5c3dfc5aefb9a7c5748fb2dfc2

SHA256
981dec4dea76ac97c5505297c18b5760986d9b51ee6668c637f1e787e7bd0754

SHA512
4473151e3f506ef44fecbefbe163140ec0196e5bffa77a17dd1870ceba31a7a9bc43d655f5bb9712d162e5a25b10559e4872f64e00012ee042db69d1326e8008

Download Submit
C:\Windows\System\ZCnXZev.exe

Filesize
1.9MB

MD5
5050ea6879c3ecc326713e54fa4b06ef

SHA1
b756ab87735dc5aa75125b94dc869deb429316f6

SHA256
48a5ad69e3e6d7c4d8196a3130ecbcac8da324e13167d17a26dc092ac01c89e1

SHA512
cb7ad81cc4dab80b0a73bac9f3fcef342548c5edad53d06d8c7cacd856dd76464139192e530f17cbba30436fb9a45a72085f3b246afa8233914c3bd9f9a06caa

Download Submit
C:\Windows\System\ZtLGWnC.exe

Filesize
1.9MB

MD5
e19b1a327cd6eaf62027cc5aaf53e225

SHA1
8d4390b71b1ecddceb603114aa295b86f8e5c127

SHA256
fed644be6622b84ee76106c901e4ecc8e44ff9d4163f6a690ed0d8302310fb65

SHA512
1faa5cec7846784dca8377ffe5d44b03a9b3e2c6be4d014cd5cba6f6717877abfb8c7739375f62889cd6a3394b9993d2367dd34fc574a9cbb9f76a3cf08b9f2f

Download Submit
C:\Windows\System\fpMTtZx.exe

Filesize
1.9MB

MD5
d5740d951ead7fcae69a9b8ee52654cb

SHA1
0b7a6bebcb448875446fcdd86e59efc6bb1bb865

SHA256
efd6a09512e151d6368821f4c89c233394aa5420f34b1ed84b029c50714d7a24

SHA512
a44431cc63db3da389c56d665fb0652e5ba3cf34f88b302994954bcebd00ccccdc8f55361b1cd6486d6d0a8245b431e2dd2accaf4b40e55ac3c0dd0e53a26be7

Download Submit
C:\Windows\System\gZZPMFw.exe

Filesize
1.9MB

MD5
9ee0a3dc044401457f2ff83d6126685e

SHA1
0a3f6ade286a59ed45d2b737f9bf26370129196c

SHA256
11d1eac60bbd5fc416993b4c2a4b5801c54946fa8a7de0f4815b6e47960f878a

SHA512
0237b5d18eea31f93427d7ebdb496b63cac180e632e1fd201a6d4c36f4b269a48f72b3c3bfcccfff5abdb46a6fc3fe38d6e7424b25720935c939511459c8c2d7

Download Submit
C:\Windows\System\hTEekDV.exe

Filesize
1.9MB

MD5
921eb6f53475cf81956ada6004d552bf

SHA1
84c94aae116599526253d7ef670de81504fb5643

SHA256
e45d29db4ba113e43141024c3dbd199abb6a169416f9c7aa7e12c5805306d815

SHA512
9beae46697d187b9c2fa6321947869259251ea67c34807b0978608a74f8f7aab6eb91150bec8ad7c69706f99d9ddce587f6f13ba01195a1fa3325dbeb7761035

Download Submit
C:\Windows\System\inLNXlL.exe

Filesize
1.9MB

MD5
08cc891400afbeb2f85c8adcb79bb858

SHA1
7d2c72c86a0143177ecf637d02e836350d5227a4

SHA256
8ccb1d244cd1ab9b953732f3d9b302e71036de6fb8c5750ed3b92ebe382f9708

SHA512
31725f3e5640fc6a1cef6ac4f6ca4ef76b498aeb3bea46a9a5bc7813d5f77aa80c07505d7ff20f88545594ea74218c460cb0cc81d0287858254de9d21386d799

Download Submit
C:\Windows\System\iqvSrJS.exe

Filesize
1.9MB

MD5
6f2c81c75ed638d089c9487456d37793

SHA1
2d270695309567880e78cf53ee927fd5456e5cdf

SHA256
3da6e5c3271db7d254c9f72d7c4539d51f6c42abd744b0cc3d33cee0ebc6ba61

SHA512
bc0fa7549d678d3e035fda0b97a67885b1615a9d3aa0a9b6273e291ddd64515b294df0f1d989308520efdd6d9ab0a415787be8b7c5fda1e7943ca99028facb7f

Download Submit
C:\Windows\System\jNFCpOk.exe

Filesize
1.9MB

MD5
866f9db83ab4c77b99a5c29deee20a0a

SHA1
27fec75c3681c6385f53f3b1b75c40c038216c36

SHA256
6105355911d9a14fcbd67c90b9abe38b372773c63149147afcb035e8b226a3ed

SHA512
df783e0ee4dcd9471fa4368afb21b3849401179c7fcfb951ef3ef0f8de8c9d06ca8d32cf90768f02695354f1a55e207c8af7481666cd3cc2c5b266f7d15fc6ce

Download Submit
C:\Windows\System\kiEtxiq.exe

Filesize
1.9MB

MD5
5595f7ec5f98758507337857464bb186

SHA1
6efaee12f6992d51f7d94980cac0f8da5cea4a9d

SHA256
ee49fa4d316921da48694e4b40f559506ba3c871037f72e77107ed9b1f4b1a46

SHA512
b920840e70cfc896b6a5b776fe707f6a05e3664caecbf8b09138971c5d7a3997a13d62b9f818e669335f360f8ed86919aa6a8cdb084db198fbfc52f81f0631bd

Download Submit
C:\Windows\System\kqwJPid.exe

Filesize
1.9MB

MD5
fc3260dd12dad0489c11f0095a4678d2

SHA1
83a62ee9937f458b96fc9fc978ba0cd8f439299e

SHA256
5aa213f95b0a05f2e31c3e58a6e7044d7666d5315a2d99dbe51f1bb2b5582663

SHA512
0025ec29604f61a26bcf04fa0ec3f74948e0853ef807d08408e7c7a4a6b977d85c2b497dc362771a25b9dcc114f57d2f066693667d94e04ae5a4317b8549c6eb

Download Submit
C:\Windows\System\lpAsFpZ.exe

Filesize
1.9MB

MD5
760afc82ce8ff69d00da23b643ffa8bf

SHA1
b8a61e6bd69a5762112fd210427ef89c61948062

SHA256
008e5405704e14aaedce011dc2f50db86d8b02005fd9457e847507873d97dcdf

SHA512
63aeeb9b5572f0a060cd21e23c268faa32f936595c2d76f0a437e23e1ae06d398a23b2f607d60bad1c878f840d861948e41e8f31d5d30667227cb7f3585e9ea6

Download Submit
C:\Windows\System\mXfaDAw.exe

Filesize
1.9MB

MD5
45132a3ac6318bd88072bcf83f555633

SHA1
4311ae05e0a9d5fbb4ad0a4b306e82e44f37ad16

SHA256
6c142d86a0bf2e4b53be2a199a2dc51d00cff3ccb2834cc0c5e4ab7b8a5d7b36

SHA512
bc62217140e8a795a3752545eae916ad4073c6c405f54debcf8f3d76ac81fd9c535ce8ced48db9785f5909022a64111dda22286c3a8f01ac09b92f2d50fb937e

Download Submit
C:\Windows\System\nDfstGW.exe

Filesize
1.9MB

MD5
0873872defe5e467033e855f089872a4

SHA1
dd7c0bc441323dbc71ee1be0bf085b34037d9428

SHA256
893efe180162fbaa9903c45e691a2945335fac384cc8156a6409c582fc6617a3

SHA512
a216c64c31b4fb17722aaaa17ba16bcdb79ee576c09478979d6ed26a5806b938ce7be545d7a1fc9cf94afdb8a994ceaafc735ee6a3ecc34c56a0cc99dbfb6d76

Download Submit
C:\Windows\System\nwWqRno.exe

Filesize
1.9MB

MD5
1d3f129b6871a81f52f6d9081b808ac6

SHA1
3f3e47c193cb711b484496021ee33229d59ab6a9

SHA256
036101905065f10f0ef5202cb9e2bc78d3c49908c80ced4a9d7e03e9f1559d86

SHA512
bb8df061ce20a62ec4b0b261b70fb1605e37a5aee3647894fe220583a558c1b95f32d5c9af9e24fe9db15dd042c6a581151dec805d260f88b685c0f8daa40da1

Download Submit
C:\Windows\System\nynXwQJ.exe

Filesize
1.9MB

MD5
0af0ec2d93b02e5c7f1469cb7184904c

SHA1
39ba26c7bfecbf48c228fb78a9871c3b212d1672

SHA256
1e3aaa4e85da11fc967f68158a1599f94dae8da18124315ae448b75326b24ce5

SHA512
399f84b54f67e296f6c38983fc343c005e643bcc75719e6dc6b2a2a4c6c4814230e2445f8d17bc5932104c30de5cc881431e8834c856f178623a6cf7cf430c6b

Download Submit
C:\Windows\System\oORMMrY.exe

Filesize
1.9MB

MD5
dacbf85b32e0d35ee8350a55c659c9cd

SHA1
e03a6869c670d6de37c8409a452c32518d159837

SHA256
1c97850f2ceeafb743730114481733a1d2823e65b3ff854f19e09de9aa835351

SHA512
de86ade59684b91246a0b5d435fea37d335981d8d8d5f2e25e0aa21dddb1bae63735119ca58ede05e77b20f3d922d8f68186d611db6c425acffc111fe0bae9a7

Download Submit
C:\Windows\System\oWHPYjB.exe

Filesize
1.9MB

MD5
64e5ebb501a3ab830a079efbe8a3c268

SHA1
c8ebe851787ede634c6236af8a5226a3f538b596

SHA256
e8b365a1b8b1d7867addab36951a55f1e038613c37b31445009f7f3e87ca00c6

SHA512
938ae534eaeb503020456ea3350ba160a4806de3f0e5486e225c7479d46b6daf8e8d44e76bbc16b2214639383587494c4456db4f9996ad6c438d3ead63ed8838

Download Submit
C:\Windows\System\pMkgnMN.exe

Filesize
1.9MB

MD5
15400c21a2df968ed6d5e95e369a067d

SHA1
831d612e5f5c16b9a9b4d138bc3fbb417d0cdb18

SHA256
fb3a514307266081ddd0989550f0c0dc95985ee93f960a4485d8b6cc08191d2a

SHA512
cd37462d7db7aeaa81f92d113c70e5869720027b6e18925566f62ec45cabaff6478cbd570633f6ceafad0644075531bb7d50cadc1b88019ac005bca4fa92829a

Download Submit
C:\Windows\System\qIZFnvR.exe

Filesize
1.9MB

MD5
2d9a6335fc5cc961699d1f66d20f37f2

SHA1
99cdbf4c748bd51347ac1898f23b80e33d0aa090

SHA256
c1721d7520e8ba839f1fe2510e64271fb13babccac7b9037b94dea9c8f33222b

SHA512
7ca141883fb6c7cb0fd978f090c1f34c5973d42c2beb9e22e360fe5213c4aa2998ad45d89c5c30cb3f015648821b3c5fc3641b66e590f1f51e10a22d0bca7f0b

Download Submit
C:\Windows\System\sRfzMpv.exe

Filesize
1.9MB

MD5
4294bf381c897f3c0567c182a9f03f60

SHA1
fa8125d547296f290be38ab6c5853ad151ba1e73

SHA256
44ad6fdcac3a3ca3bfa162fd0cbd766ae2c799166f5b54f8424ac850e7220544

SHA512
75ea402e97496240de265bbd05ccc1f7668974b211fe8a7f2f634594799087791114d520de2e63b27858fdd887db40db4b8b7622335bdc8f8a92e2d97fb0cc34

Download Submit
C:\Windows\System\stMJiyO.exe

Filesize
1.9MB

MD5
546b899359e5e099fc3bd86df4c10380

SHA1
f5fabab9699d1a5e719817f34918270fda35a0f1

SHA256
ceae7ff9956864626f624658e58853454a512a9e73962a2ac37ee73fe23a84b0

SHA512
112866e166d9e37c187bbce0be0bdf9cfe40cbf5d2e6a95ec97c2bfba9cbd329958e4a1383bcff54486d02f10d4fa323b4cf320a7f75a5b6af3021eb133e618f

Download Submit
C:\Windows\System\tjKbLTp.exe

Filesize
1.9MB

MD5
e2b45ce1241b0df5d454d365e30f5777

SHA1
bd27572bd4473e0accd2a916ed7ec454a21eb616

SHA256
eae20c4bc1adfac0a94e82cf4e6ba9ea3b272f871f356fcda21d50ee7e8da315

SHA512
46cd82e34b23ca483da1b4b7de8a300090228d06a5022f5b864f3187f0633303c79ca413dee3ebd11999178771312422f3281c5c42f58ae2072927fc2371254c

Download Submit
C:\Windows\System\utJIQdJ.exe

Filesize
1.9MB

MD5
071026430b7e112f8a1b4d1ff28d1aa0

SHA1
d0fae1b29b6ea0b593228c88ffb487ee939ef385

SHA256
c285e70a5775db26068db64aa09d9dedf8b62a49549a67c62a4017c657a95319

SHA512
3b5be4bcaf3f5c4a11a5073658baf0e46b1444c84fedda33bf0c7830cebcb557c14afb6e5a198cad72e54ebf5bbec0365a5b5bbbd176a50d9d0e5b9a410b5eb1

Download Submit
C:\Windows\System\wLJcMfD.exe

Filesize
1.9MB

MD5
48d8c0151d5416a5b590883260031d37

SHA1
a9548abbac8f8962bde8e037763b666c90d1084d

SHA256
927c55c37857648c1f8aa00e28e51264efdfcaf9e44de8b5dbc37bdf33374e2c

SHA512
18ad32294f7ed50855e3cafbe30493d2e3092b10e5876d3b696ac29641e43f35da54da9816245a92d6afa9d66eb9805a08e215fd06a8120fd863c047263acd72

Download Submit
C:\Windows\System\wgcbBpn.exe

Filesize
1.9MB

MD5
7692f639eb9991c52562aae3aa007c72

SHA1
8599782d37a40290a5986c1ea7c488f111fbf618

SHA256
d0a5276b50c7ba2fd11290beb718a74fc7104515c808695e4937bf7ecdd0bbbe

SHA512
19c7a588e9621bb89eb36ad9a0aa7e05a0d892d80dd9c1ef5b5c17bdfd36ebc6bff2f25473046bb59c26ca6771f36c772afc7451013f4f5f24232f948836b4ce

Download Submit
C:\Windows\System\xUNlZge.exe

Filesize
1.9MB

MD5
97e93002bf3ac250a25c9a76f49d8d7b

SHA1
bbcfedb067de26671fe5124cd559216dfe4bc01e

SHA256
6b992a227104a518593a73fd5b65b8df0ea6cec78f102463abf689ba4ba813ed

SHA512
97751617925297f9d4a7df39025f480b3b58580e8ce743175a74505ed589da9e3f1995b56b18b35524c4f67cd8d2568bdfe2a418e24a41ceeb85799c94e4ca39

Download Submit
memory/512-43-0x00007FF703120000-0x00007FF703512000-memory.dmp

Filesize
3.9MB

Download
memory/512-4003-0x00007FF703120000-0x00007FF703512000-memory.dmp

Filesize
3.9MB

Download
memory/512-2361-0x00007FF703120000-0x00007FF703512000-memory.dmp

Filesize
3.9MB

Download
memory/528-411-0x00007FF6F98D0000-0x00007FF6F9CC2000-memory.dmp

Filesize
3.9MB

Download
memory/528-4043-0x00007FF6F98D0000-0x00007FF6F9CC2000-memory.dmp

Filesize
3.9MB

Download
memory/728-4095-0x00007FF620D90000-0x00007FF621182000-memory.dmp

Filesize
3.9MB

Download
memory/728-462-0x00007FF620D90000-0x00007FF621182000-memory.dmp

Filesize
3.9MB

Download
memory/1020-577-0x00007FF6B8540000-0x00007FF6B8932000-memory.dmp

Filesize
3.9MB

Download
memory/1020-4082-0x00007FF6B8540000-0x00007FF6B8932000-memory.dmp

Filesize
3.9MB

Download
memory/1060-513-0x00007FF710730000-0x00007FF710B22000-memory.dmp

Filesize
3.9MB

Download
memory/1060-4050-0x00007FF710730000-0x00007FF710B22000-memory.dmp

Filesize
3.9MB

Download
memory/1416-1911-0x000001C439C60000-0x000001C439C82000-memory.dmp

Filesize
136KB

Download
memory/1464-579-0x00007FF6CABF0000-0x00007FF6CAFE2000-memory.dmp

Filesize
3.9MB

Download
memory/1464-4034-0x00007FF6CABF0000-0x00007FF6CAFE2000-memory.dmp

Filesize
3.9MB

Download
memory/1568-582-0x00007FF7A63F0000-0x00007FF7A67E2000-memory.dmp

Filesize
3.9MB

Download
memory/1568-4077-0x00007FF7A63F0000-0x00007FF7A67E2000-memory.dmp

Filesize
3.9MB

Download
memory/1772-217-0x00007FF7112D0000-0x00007FF7116C2000-memory.dmp

Filesize
3.9MB

Download
memory/1772-4001-0x00007FF7112D0000-0x00007FF7116C2000-memory.dmp

Filesize
3.9MB

Download
memory/1968-4103-0x00007FF77E770000-0x00007FF77EB62000-memory.dmp

Filesize
3.9MB

Download
memory/1968-575-0x00007FF77E770000-0x00007FF77EB62000-memory.dmp

Filesize
3.9MB

Download
memory/2208-4081-0x00007FF6BAB50000-0x00007FF6BAF42000-memory.dmp

Filesize
3.9MB

Download
memory/2208-578-0x00007FF6BAB50000-0x00007FF6BAF42000-memory.dmp

Filesize
3.9MB

Download
memory/2716-4008-0x00007FF759390000-0x00007FF759782000-memory.dmp

Filesize
3.9MB

Download
memory/2716-74-0x00007FF759390000-0x00007FF759782000-memory.dmp

Filesize
3.9MB

Download
memory/2832-580-0x00007FF6F8A50000-0x00007FF6F8E42000-memory.dmp

Filesize
3.9MB

Download
memory/2832-4039-0x00007FF6F8A50000-0x00007FF6F8E42000-memory.dmp

Filesize
3.9MB

Download
memory/3680-4028-0x00007FF61FAD0000-0x00007FF61FEC2000-memory.dmp

Filesize
3.9MB

Download
memory/3680-2395-0x00007FF61FAD0000-0x00007FF61FEC2000-memory.dmp

Filesize
3.9MB

Download
memory/3680-110-0x00007FF61FAD0000-0x00007FF61FEC2000-memory.dmp

Filesize
3.9MB

Download
memory/3768-69-0x00007FF645C40000-0x00007FF646032000-memory.dmp

Filesize
3.9MB

Download
memory/3768-2382-0x00007FF645C40000-0x00007FF646032000-memory.dmp

Filesize
3.9MB

Download
memory/3768-4030-0x00007FF645C40000-0x00007FF646032000-memory.dmp

Filesize
3.9MB

Download
memory/3808-333-0x00007FF656D80000-0x00007FF657172000-memory.dmp

Filesize
3.9MB

Download
memory/3808-4046-0x00007FF656D80000-0x00007FF657172000-memory.dmp

Filesize
3.9MB

Download
memory/4072-3999-0x00007FF769710000-0x00007FF769B02000-memory.dmp

Filesize
3.9MB

Download
memory/4072-2345-0x00007FF769710000-0x00007FF769B02000-memory.dmp

Filesize
3.9MB

Download
memory/4072-10-0x00007FF769710000-0x00007FF769B02000-memory.dmp

Filesize
3.9MB

Download
memory/4404-278-0x00007FF7B18E0000-0x00007FF7B1CD2000-memory.dmp

Filesize
3.9MB

Download
memory/4404-4026-0x00007FF7B18E0000-0x00007FF7B1CD2000-memory.dmp

Filesize
3.9MB

Download
memory/4484-4054-0x00007FF62D260000-0x00007FF62D652000-memory.dmp

Filesize
3.9MB

Download
memory/4484-576-0x00007FF62D260000-0x00007FF62D652000-memory.dmp

Filesize
3.9MB

Download
memory/4560-0-0x00007FF69D5B0000-0x00007FF69D9A2000-memory.dmp

Filesize
3.9MB

Download
memory/4560-2245-0x00007FF69D5B0000-0x00007FF69D9A2000-memory.dmp

Filesize
3.9MB

Download
memory/4560-1-0x000001AF2F090000-0x000001AF2F0A0000-memory.dmp

Filesize
64KB

Download
memory/4580-356-0x00007FF6DC810000-0x00007FF6DCC02000-memory.dmp

Filesize
3.9MB

Download
memory/4580-4040-0x00007FF6DC810000-0x00007FF6DCC02000-memory.dmp

Filesize
3.9MB

Download
memory/4760-4048-0x00007FF7DDD30000-0x00007FF7DE122000-memory.dmp

Filesize
3.9MB

Download
memory/4760-330-0x00007FF7DDD30000-0x00007FF7DE122000-memory.dmp

Filesize
3.9MB

Download
memory/4840-4037-0x00007FF7C0720000-0x00007FF7C0B12000-memory.dmp

Filesize
3.9MB

Download
memory/4840-270-0x00007FF7C0720000-0x00007FF7C0B12000-memory.dmp

Filesize
3.9MB

Download
memory/4860-4052-0x00007FF74C8B0000-0x00007FF74CCA2000-memory.dmp

Filesize
3.9MB

Download
memory/4860-581-0x00007FF74C8B0000-0x00007FF74CCA2000-memory.dmp

Filesize
3.9MB

Download
memory/5012-4015-0x00007FF6DE2E0000-0x00007FF6DE6D2000-memory.dmp

Filesize
3.9MB

Download
memory/5012-154-0x00007FF6DE2E0000-0x00007FF6DE6D2000-memory.dmp

Filesize
3.9MB

Download
memory/5096-4069-0x00007FF7C1400000-0x00007FF7C17F2000-memory.dmp

Filesize
3.9MB

Download
memory/5096-463-0x00007FF7C1400000-0x00007FF7C17F2000-memory.dmp

Filesize
3.9MB

Download