xmrig | ee3d510f636f186d5d2a8285164873e7c72acc49f5e2177fb1861b8facb25179

Analysis

max time kernel
109s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab1c8790ac4b74cd80ddbe0185fc1820N.exe
Size

1.4MB
MD5

ab1c8790ac4b74cd80ddbe0185fc1820
SHA1

3f438226dcb27a2d3cebe91628b8e545609895c5
SHA256

ee3d510f636f186d5d2a8285164873e7c72acc49f5e2177fb1861b8facb25179
SHA512

0185cd0f215f8520a5f76f562ddf06622819bbb8dc077db97bd8e93f323e8426fc89edd36f84d4073acb282e1940fec4e5c5e1a481789e72457cb9014b9bd83c
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727XL1+Ki+4ini/T9UDhCcbfNtr5B:ROdWCCi7/rahHxH4T9MPT

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral2/memory/2904-22-0x00007FF60C2E0000-0x00007FF60C631000-memory.dmp	xmrig
behavioral2/memory/2524-57-0x00007FF69D170000-0x00007FF69D4C1000-memory.dmp	xmrig
behavioral2/memory/5012-391-0x00007FF60A780000-0x00007FF60AAD1000-memory.dmp	xmrig
behavioral2/memory/1804-392-0x00007FF6087C0000-0x00007FF608B11000-memory.dmp	xmrig
behavioral2/memory/2004-393-0x00007FF769A20000-0x00007FF769D71000-memory.dmp	xmrig
behavioral2/memory/220-394-0x00007FF76ED90000-0x00007FF76F0E1000-memory.dmp	xmrig
behavioral2/memory/1492-396-0x00007FF627FD0000-0x00007FF628321000-memory.dmp	xmrig
behavioral2/memory/840-397-0x00007FF64C120000-0x00007FF64C471000-memory.dmp	xmrig
behavioral2/memory/4516-395-0x00007FF704270000-0x00007FF7045C1000-memory.dmp	xmrig
behavioral2/memory/3884-398-0x00007FF6E95C0000-0x00007FF6E9911000-memory.dmp	xmrig
behavioral2/memory/3492-399-0x00007FF6D4900000-0x00007FF6D4C51000-memory.dmp	xmrig
behavioral2/memory/3916-400-0x00007FF629060000-0x00007FF6293B1000-memory.dmp	xmrig
behavioral2/memory/4232-401-0x00007FF70CDB0000-0x00007FF70D101000-memory.dmp	xmrig
behavioral2/memory/428-403-0x00007FF769230000-0x00007FF769581000-memory.dmp	xmrig
behavioral2/memory/4500-402-0x00007FF7FD310000-0x00007FF7FD661000-memory.dmp	xmrig
behavioral2/memory/3064-419-0x00007FF718CA0000-0x00007FF718FF1000-memory.dmp	xmrig
behavioral2/memory/2804-438-0x00007FF7E3EE0000-0x00007FF7E4231000-memory.dmp	xmrig
behavioral2/memory/4932-429-0x00007FF76A820000-0x00007FF76AB71000-memory.dmp	xmrig
behavioral2/memory/3788-420-0x00007FF604690000-0x00007FF6049E1000-memory.dmp	xmrig
behavioral2/memory/4176-414-0x00007FF7C7620000-0x00007FF7C7971000-memory.dmp	xmrig
behavioral2/memory/3308-552-0x00007FF60BF70000-0x00007FF60C2C1000-memory.dmp	xmrig
behavioral2/memory/1404-549-0x00007FF7EB220000-0x00007FF7EB571000-memory.dmp	xmrig
behavioral2/memory/2376-74-0x00007FF646380000-0x00007FF6466D1000-memory.dmp	xmrig
behavioral2/memory/1544-69-0x00007FF6E9480000-0x00007FF6E97D1000-memory.dmp	xmrig
behavioral2/memory/4848-60-0x00007FF783D60000-0x00007FF7840B1000-memory.dmp	xmrig
behavioral2/memory/1168-686-0x00007FF673010000-0x00007FF673361000-memory.dmp	xmrig
behavioral2/memory/2904-1007-0x00007FF60C2E0000-0x00007FF60C631000-memory.dmp	xmrig
behavioral2/memory/8-1213-0x00007FF6EACC0000-0x00007FF6EB011000-memory.dmp	xmrig
behavioral2/memory/2168-1180-0x00007FF6CB920000-0x00007FF6CBC71000-memory.dmp	xmrig
behavioral2/memory/2308-1349-0x00007FF7EA630000-0x00007FF7EA981000-memory.dmp	xmrig
behavioral2/memory/4808-1348-0x00007FF6B4340000-0x00007FF6B4691000-memory.dmp	xmrig
behavioral2/memory/2376-1626-0x00007FF646380000-0x00007FF6466D1000-memory.dmp	xmrig
behavioral2/memory/3308-2333-0x00007FF60BF70000-0x00007FF60C2C1000-memory.dmp	xmrig
behavioral2/memory/2904-2335-0x00007FF60C2E0000-0x00007FF60C631000-memory.dmp	xmrig
behavioral2/memory/1168-2337-0x00007FF673010000-0x00007FF673361000-memory.dmp	xmrig
behavioral2/memory/8-2341-0x00007FF6EACC0000-0x00007FF6EB011000-memory.dmp	xmrig
behavioral2/memory/2168-2339-0x00007FF6CB920000-0x00007FF6CBC71000-memory.dmp	xmrig
behavioral2/memory/4808-2343-0x00007FF6B4340000-0x00007FF6B4691000-memory.dmp	xmrig
behavioral2/memory/2524-2347-0x00007FF69D170000-0x00007FF69D4C1000-memory.dmp	xmrig
behavioral2/memory/1544-2345-0x00007FF6E9480000-0x00007FF6E97D1000-memory.dmp	xmrig
behavioral2/memory/2308-2376-0x00007FF7EA630000-0x00007FF7EA981000-memory.dmp	xmrig
behavioral2/memory/2376-2384-0x00007FF646380000-0x00007FF6466D1000-memory.dmp	xmrig
behavioral2/memory/5012-2380-0x00007FF60A780000-0x00007FF60AAD1000-memory.dmp	xmrig
behavioral2/memory/4516-2391-0x00007FF704270000-0x00007FF7045C1000-memory.dmp	xmrig
behavioral2/memory/1492-2397-0x00007FF627FD0000-0x00007FF628321000-memory.dmp	xmrig
behavioral2/memory/3492-2399-0x00007FF6D4900000-0x00007FF6D4C51000-memory.dmp	xmrig
behavioral2/memory/840-2396-0x00007FF64C120000-0x00007FF64C471000-memory.dmp	xmrig
behavioral2/memory/3884-2393-0x00007FF6E95C0000-0x00007FF6E9911000-memory.dmp	xmrig
behavioral2/memory/220-2389-0x00007FF76ED90000-0x00007FF76F0E1000-memory.dmp	xmrig
behavioral2/memory/2004-2387-0x00007FF769A20000-0x00007FF769D71000-memory.dmp	xmrig
behavioral2/memory/2804-2382-0x00007FF7E3EE0000-0x00007FF7E4231000-memory.dmp	xmrig
behavioral2/memory/4232-2403-0x00007FF70CDB0000-0x00007FF70D101000-memory.dmp	xmrig
behavioral2/memory/428-2414-0x00007FF769230000-0x00007FF769581000-memory.dmp	xmrig
behavioral2/memory/4176-2447-0x00007FF7C7620000-0x00007FF7C7971000-memory.dmp	xmrig
behavioral2/memory/3064-2412-0x00007FF718CA0000-0x00007FF718FF1000-memory.dmp	xmrig
behavioral2/memory/3788-2410-0x00007FF604690000-0x00007FF6049E1000-memory.dmp	xmrig
behavioral2/memory/4932-2408-0x00007FF76A820000-0x00007FF76AB71000-memory.dmp	xmrig
behavioral2/memory/4500-2405-0x00007FF7FD310000-0x00007FF7FD661000-memory.dmp	xmrig
behavioral2/memory/3916-2401-0x00007FF629060000-0x00007FF6293B1000-memory.dmp	xmrig
behavioral2/memory/4848-2378-0x00007FF783D60000-0x00007FF7840B1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3308	kXmxKfT.exe
1168	TaAExkA.exe
2904	KlHRxAA.exe
2168	BpbmUez.exe
8	WFZfrNv.exe
4808	DynHYSk.exe
1544	GczwsSV.exe
2524	rPOWgQg.exe
4848	lSTXiaJ.exe
2308	uKHRdWA.exe
2376	RIPagaC.exe
5012	GfakBZB.exe
2804	sUlJHzg.exe
1804	wUVpYrc.exe
2004	GlBIoRg.exe
220	cpjWJsj.exe
4516	fWkZAld.exe
1492	eZdCDeT.exe
840	SuGiutZ.exe
3884	JJvPmQZ.exe
3492	mcpLEnS.exe
3916	BdcgBsQ.exe
4232	YyJldww.exe
4500	Nyxksie.exe
428	JqHYUVm.exe
4176	ezyYQIK.exe
3064	WuiMlxy.exe
3788	lpTVgdT.exe
4932	HubPeLl.exe
4208	zeqgPSd.exe
4180	TqBTPgF.exe
1624	rlqtxDX.exe
4524	PjWkkky.exe
3264	IKMWasp.exe
4324	sTPKrxs.exe
1256	hdHTVUN.exe
2564	WIncscb.exe
1568	DHQzzXm.exe
4820	EnnlVOU.exe
5060	pJuvZOq.exe
4540	FQIbDIF.exe
2400	rLYIPvI.exe
3644	waIBFsx.exe
1176	TAGTcrj.exe
1572	WGcuzlQ.exe
1696	VbIlNgt.exe
4220	XAcITIC.exe
1456	IbhOuDo.exe
4128	mabDFib.exe
4648	GyQupbz.exe
444	khHyWcW.exe
1084	GxDRHLD.exe
1240	KkUpgvv.exe
3108	RBvPDxt.exe
4004	NULywxF.exe
3120	tlVDyRn.exe
3532	yGkSRuh.exe
2792	WvzQvZy.exe
1012	onmAveI.exe
5032	XgrOahR.exe
1508	XsWyPGU.exe
380	npGcwIg.exe
3404	sYselfn.exe
2700	zUBaILF.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1404-0-0x00007FF7EB220000-0x00007FF7EB571000-memory.dmp	upx
behavioral2/files/0x00070000000234a0-7.dat	upx
behavioral2/memory/3308-9-0x00007FF60BF70000-0x00007FF60C2C1000-memory.dmp	upx
behavioral2/files/0x00070000000234a2-25.dat	upx
behavioral2/files/0x00070000000234a5-43.dat	upx
behavioral2/files/0x00070000000234a7-53.dat	upx
behavioral2/files/0x00070000000234a6-50.dat	upx
behavioral2/files/0x00070000000234a4-44.dat	upx
behavioral2/files/0x00070000000234a3-39.dat	upx
behavioral2/files/0x00070000000234a1-30.dat	upx
behavioral2/memory/8-29-0x00007FF6EACC0000-0x00007FF6EB011000-memory.dmp	upx
behavioral2/memory/2168-28-0x00007FF6CB920000-0x00007FF6CBC71000-memory.dmp	upx
behavioral2/memory/2904-22-0x00007FF60C2E0000-0x00007FF60C631000-memory.dmp	upx
behavioral2/memory/1168-18-0x00007FF673010000-0x00007FF673361000-memory.dmp	upx
behavioral2/files/0x000700000002349f-15.dat	upx
behavioral2/files/0x000800000002349e-8.dat	upx
behavioral2/memory/2524-57-0x00007FF69D170000-0x00007FF69D4C1000-memory.dmp	upx
behavioral2/files/0x00070000000234a8-62.dat	upx
behavioral2/files/0x00070000000234a9-67.dat	upx
behavioral2/files/0x00070000000234ab-81.dat	upx
behavioral2/files/0x00070000000234ae-99.dat	upx
behavioral2/files/0x00070000000234b0-117.dat	upx
behavioral2/files/0x00070000000234b2-127.dat	upx
behavioral2/files/0x00070000000234b6-139.dat	upx
behavioral2/files/0x00070000000234b7-152.dat	upx
behavioral2/files/0x00070000000234ba-167.dat	upx
behavioral2/memory/5012-391-0x00007FF60A780000-0x00007FF60AAD1000-memory.dmp	upx
behavioral2/memory/1804-392-0x00007FF6087C0000-0x00007FF608B11000-memory.dmp	upx
behavioral2/memory/2004-393-0x00007FF769A20000-0x00007FF769D71000-memory.dmp	upx
behavioral2/memory/220-394-0x00007FF76ED90000-0x00007FF76F0E1000-memory.dmp	upx
behavioral2/memory/1492-396-0x00007FF627FD0000-0x00007FF628321000-memory.dmp	upx
behavioral2/memory/840-397-0x00007FF64C120000-0x00007FF64C471000-memory.dmp	upx
behavioral2/memory/4516-395-0x00007FF704270000-0x00007FF7045C1000-memory.dmp	upx
behavioral2/memory/3884-398-0x00007FF6E95C0000-0x00007FF6E9911000-memory.dmp	upx
behavioral2/memory/3492-399-0x00007FF6D4900000-0x00007FF6D4C51000-memory.dmp	upx
behavioral2/memory/3916-400-0x00007FF629060000-0x00007FF6293B1000-memory.dmp	upx
behavioral2/memory/4232-401-0x00007FF70CDB0000-0x00007FF70D101000-memory.dmp	upx
behavioral2/memory/428-403-0x00007FF769230000-0x00007FF769581000-memory.dmp	upx
behavioral2/memory/4500-402-0x00007FF7FD310000-0x00007FF7FD661000-memory.dmp	upx
behavioral2/files/0x00070000000234bd-174.dat	upx
behavioral2/files/0x00070000000234bb-172.dat	upx
behavioral2/files/0x00070000000234bc-169.dat	upx
behavioral2/files/0x00070000000234b9-162.dat	upx
behavioral2/files/0x00070000000234b8-157.dat	upx
behavioral2/memory/3064-419-0x00007FF718CA0000-0x00007FF718FF1000-memory.dmp	upx
behavioral2/memory/2804-438-0x00007FF7E3EE0000-0x00007FF7E4231000-memory.dmp	upx
behavioral2/memory/4932-429-0x00007FF76A820000-0x00007FF76AB71000-memory.dmp	upx
behavioral2/memory/3788-420-0x00007FF604690000-0x00007FF6049E1000-memory.dmp	upx
behavioral2/memory/4176-414-0x00007FF7C7620000-0x00007FF7C7971000-memory.dmp	upx
behavioral2/files/0x00070000000234b5-142.dat	upx
behavioral2/files/0x00070000000234b4-137.dat	upx
behavioral2/files/0x00070000000234b3-132.dat	upx
behavioral2/files/0x00070000000234b1-122.dat	upx
behavioral2/files/0x00070000000234af-112.dat	upx
behavioral2/files/0x00070000000234ad-102.dat	upx
behavioral2/files/0x00070000000234ac-97.dat	upx
behavioral2/files/0x000800000002349c-92.dat	upx
behavioral2/files/0x00070000000234aa-79.dat	upx
behavioral2/memory/3308-552-0x00007FF60BF70000-0x00007FF60C2C1000-memory.dmp	upx
behavioral2/memory/1404-549-0x00007FF7EB220000-0x00007FF7EB571000-memory.dmp	upx
behavioral2/memory/2376-74-0x00007FF646380000-0x00007FF6466D1000-memory.dmp	upx
behavioral2/memory/1544-69-0x00007FF6E9480000-0x00007FF6E97D1000-memory.dmp	upx
behavioral2/memory/2308-66-0x00007FF7EA630000-0x00007FF7EA981000-memory.dmp	upx
behavioral2/memory/4848-60-0x00007FF783D60000-0x00007FF7840B1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zKxhIJm.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\uEprila.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\YOcwgMb.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\GbcBkWQ.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\xQzVdgy.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\cAFOzQt.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\JJvPmQZ.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\DSjeDXR.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\gmdkGBO.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\MPTIhjL.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\eyXVmgY.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\xiYodyA.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\cpjWJsj.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\MeMdpjD.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\gYQKoKO.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\SuGiutZ.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\GxDRHLD.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\KCNDaBF.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\buvYWaz.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\ZCJvYlW.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\uYBfSvj.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\WGcuzlQ.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\MddBWIY.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\uZUihhn.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\prnQFQz.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\Mqooeqg.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\XOaDwmz.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\Nyxksie.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\TAGTcrj.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\lnBcuvv.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\UgJTJua.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\AndjnDy.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\WBgHsac.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\BiFCoXa.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\bBKJMEu.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\OiwXZiv.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\vvQmZmQ.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\sVwLRxw.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\eoNVhZy.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\VWhNvQi.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\GbMVnBw.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\pYsHWmQ.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\UoPyTeE.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\dHpDOpX.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\WIncscb.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\ESWTrcv.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\JXyCdmo.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\mMmGbRq.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\YyJldww.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\WdDCySi.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\OjlBwQD.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\vcVSZxn.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\uJjRoLC.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\XAcITIC.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\zwkiRNT.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\TlJgvJL.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\jMSHeNF.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\dwMBokH.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\BwWbrbU.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\sMrknLP.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\LcnAJXb.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\GfakBZB.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\yWIStxA.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe
File created	C:\Windows\System\hIaXtGz.exe	ab1c8790ac4b74cd80ddbe0185fc1820N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14416	dwm.exe
Token: SeChangeNotifyPrivilege	14416	dwm.exe
Token: 33	14416	dwm.exe
Token: SeIncBasePriorityPrivilege	14416	dwm.exe
Token: SeShutdownPrivilege	14416	dwm.exe
Token: SeCreatePagefilePrivilege	14416	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 3308	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	84
PID 1404 wrote to memory of 3308	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	84
PID 1404 wrote to memory of 1168	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	85
PID 1404 wrote to memory of 1168	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	85
PID 1404 wrote to memory of 2904	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	86
PID 1404 wrote to memory of 2904	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	86
PID 1404 wrote to memory of 2168	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	87
PID 1404 wrote to memory of 2168	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	87
PID 1404 wrote to memory of 8	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	88
PID 1404 wrote to memory of 8	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	88
PID 1404 wrote to memory of 4808	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	89
PID 1404 wrote to memory of 4808	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	89
PID 1404 wrote to memory of 1544	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	90
PID 1404 wrote to memory of 1544	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	90
PID 1404 wrote to memory of 2524	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	91
PID 1404 wrote to memory of 2524	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	91
PID 1404 wrote to memory of 4848	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	92
PID 1404 wrote to memory of 4848	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	92
PID 1404 wrote to memory of 2308	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	93
PID 1404 wrote to memory of 2308	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	93
PID 1404 wrote to memory of 2376	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	94
PID 1404 wrote to memory of 2376	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	94
PID 1404 wrote to memory of 5012	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	95
PID 1404 wrote to memory of 5012	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	95
PID 1404 wrote to memory of 2804	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	96
PID 1404 wrote to memory of 2804	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	96
PID 1404 wrote to memory of 1804	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	97
PID 1404 wrote to memory of 1804	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	97
PID 1404 wrote to memory of 2004	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	98
PID 1404 wrote to memory of 2004	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	98
PID 1404 wrote to memory of 220	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	99
PID 1404 wrote to memory of 220	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	99
PID 1404 wrote to memory of 4516	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	100
PID 1404 wrote to memory of 4516	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	100
PID 1404 wrote to memory of 1492	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	101
PID 1404 wrote to memory of 1492	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	101
PID 1404 wrote to memory of 840	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	102
PID 1404 wrote to memory of 840	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	102
PID 1404 wrote to memory of 3884	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	103
PID 1404 wrote to memory of 3884	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	103
PID 1404 wrote to memory of 3492	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	104
PID 1404 wrote to memory of 3492	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	104
PID 1404 wrote to memory of 3916	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	105
PID 1404 wrote to memory of 3916	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	105
PID 1404 wrote to memory of 4232	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	106
PID 1404 wrote to memory of 4232	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	106
PID 1404 wrote to memory of 4500	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	107
PID 1404 wrote to memory of 4500	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	107
PID 1404 wrote to memory of 428	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	108
PID 1404 wrote to memory of 428	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	108
PID 1404 wrote to memory of 4176	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	109
PID 1404 wrote to memory of 4176	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	109
PID 1404 wrote to memory of 3064	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	110
PID 1404 wrote to memory of 3064	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	110
PID 1404 wrote to memory of 3788	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	111
PID 1404 wrote to memory of 3788	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	111
PID 1404 wrote to memory of 4932	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	112
PID 1404 wrote to memory of 4932	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	112
PID 1404 wrote to memory of 4208	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	113
PID 1404 wrote to memory of 4208	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	113
PID 1404 wrote to memory of 4180	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	114
PID 1404 wrote to memory of 4180	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	114
PID 1404 wrote to memory of 1624	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	115
PID 1404 wrote to memory of 1624	1404	ab1c8790ac4b74cd80ddbe0185fc1820N.exe	115

C:\Users\Admin\AppData\Local\Temp\ab1c8790ac4b74cd80ddbe0185fc1820N.exe
"C:\Users\Admin\AppData\Local\Temp\ab1c8790ac4b74cd80ddbe0185fc1820N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\System\kXmxKfT.exe
  C:\Windows\System\kXmxKfT.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\TaAExkA.exe
  C:\Windows\System\TaAExkA.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\KlHRxAA.exe
  C:\Windows\System\KlHRxAA.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\BpbmUez.exe
  C:\Windows\System\BpbmUez.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\WFZfrNv.exe
  C:\Windows\System\WFZfrNv.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\DynHYSk.exe
  C:\Windows\System\DynHYSk.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\GczwsSV.exe
  C:\Windows\System\GczwsSV.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\rPOWgQg.exe
  C:\Windows\System\rPOWgQg.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\lSTXiaJ.exe
  C:\Windows\System\lSTXiaJ.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\uKHRdWA.exe
  C:\Windows\System\uKHRdWA.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\RIPagaC.exe
  C:\Windows\System\RIPagaC.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\GfakBZB.exe
  C:\Windows\System\GfakBZB.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\sUlJHzg.exe
  C:\Windows\System\sUlJHzg.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\wUVpYrc.exe
  C:\Windows\System\wUVpYrc.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\GlBIoRg.exe
  C:\Windows\System\GlBIoRg.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\cpjWJsj.exe
  C:\Windows\System\cpjWJsj.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\fWkZAld.exe
  C:\Windows\System\fWkZAld.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\eZdCDeT.exe
  C:\Windows\System\eZdCDeT.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\SuGiutZ.exe
  C:\Windows\System\SuGiutZ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\JJvPmQZ.exe
  C:\Windows\System\JJvPmQZ.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\mcpLEnS.exe
  C:\Windows\System\mcpLEnS.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\BdcgBsQ.exe
  C:\Windows\System\BdcgBsQ.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\YyJldww.exe
  C:\Windows\System\YyJldww.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\Nyxksie.exe
  C:\Windows\System\Nyxksie.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\JqHYUVm.exe
  C:\Windows\System\JqHYUVm.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\ezyYQIK.exe
  C:\Windows\System\ezyYQIK.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\WuiMlxy.exe
  C:\Windows\System\WuiMlxy.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\lpTVgdT.exe
  C:\Windows\System\lpTVgdT.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\HubPeLl.exe
  C:\Windows\System\HubPeLl.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\zeqgPSd.exe
  C:\Windows\System\zeqgPSd.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\TqBTPgF.exe
  C:\Windows\System\TqBTPgF.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\rlqtxDX.exe
  C:\Windows\System\rlqtxDX.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\PjWkkky.exe
  C:\Windows\System\PjWkkky.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\IKMWasp.exe
  C:\Windows\System\IKMWasp.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\sTPKrxs.exe
  C:\Windows\System\sTPKrxs.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\hdHTVUN.exe
  C:\Windows\System\hdHTVUN.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\WIncscb.exe
  C:\Windows\System\WIncscb.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\DHQzzXm.exe
  C:\Windows\System\DHQzzXm.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\EnnlVOU.exe
  C:\Windows\System\EnnlVOU.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\pJuvZOq.exe
  C:\Windows\System\pJuvZOq.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\FQIbDIF.exe
  C:\Windows\System\FQIbDIF.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\rLYIPvI.exe
  C:\Windows\System\rLYIPvI.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\waIBFsx.exe
  C:\Windows\System\waIBFsx.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\TAGTcrj.exe
  C:\Windows\System\TAGTcrj.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\WGcuzlQ.exe
  C:\Windows\System\WGcuzlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\VbIlNgt.exe
  C:\Windows\System\VbIlNgt.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\XAcITIC.exe
  C:\Windows\System\XAcITIC.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\IbhOuDo.exe
  C:\Windows\System\IbhOuDo.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\mabDFib.exe
  C:\Windows\System\mabDFib.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\GyQupbz.exe
  C:\Windows\System\GyQupbz.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\khHyWcW.exe
  C:\Windows\System\khHyWcW.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\GxDRHLD.exe
  C:\Windows\System\GxDRHLD.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\KkUpgvv.exe
  C:\Windows\System\KkUpgvv.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\RBvPDxt.exe
  C:\Windows\System\RBvPDxt.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\NULywxF.exe
  C:\Windows\System\NULywxF.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\tlVDyRn.exe
  C:\Windows\System\tlVDyRn.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\yGkSRuh.exe
  C:\Windows\System\yGkSRuh.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\WvzQvZy.exe
  C:\Windows\System\WvzQvZy.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\onmAveI.exe
  C:\Windows\System\onmAveI.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\XgrOahR.exe
  C:\Windows\System\XgrOahR.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\XsWyPGU.exe
  C:\Windows\System\XsWyPGU.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\npGcwIg.exe
  C:\Windows\System\npGcwIg.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\sYselfn.exe
  C:\Windows\System\sYselfn.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\zUBaILF.exe
  C:\Windows\System\zUBaILF.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\MvWXEiM.exe
  C:\Windows\System\MvWXEiM.exe
  2⤵
  PID:4252
- C:\Windows\System\zsIJqYa.exe
  C:\Windows\System\zsIJqYa.exe
  2⤵
  PID:4988
- C:\Windows\System\gfDNMqY.exe
  C:\Windows\System\gfDNMqY.exe
  2⤵
  PID:2128
- C:\Windows\System\SopLFLa.exe
  C:\Windows\System\SopLFLa.exe
  2⤵
  PID:4424
- C:\Windows\System\zcoavir.exe
  C:\Windows\System\zcoavir.exe
  2⤵
  PID:2268
- C:\Windows\System\ggripNb.exe
  C:\Windows\System\ggripNb.exe
  2⤵
  PID:2340
- C:\Windows\System\rvdJkuK.exe
  C:\Windows\System\rvdJkuK.exe
  2⤵
  PID:2928
- C:\Windows\System\mTxAnCZ.exe
  C:\Windows\System\mTxAnCZ.exe
  2⤵
  PID:1452
- C:\Windows\System\jvxcgot.exe
  C:\Windows\System\jvxcgot.exe
  2⤵
  PID:920
- C:\Windows\System\jHBiUOV.exe
  C:\Windows\System\jHBiUOV.exe
  2⤵
  PID:4344
- C:\Windows\System\RUzsYQW.exe
  C:\Windows\System\RUzsYQW.exe
  2⤵
  PID:4148
- C:\Windows\System\ZLcZHFQ.exe
  C:\Windows\System\ZLcZHFQ.exe
  2⤵
  PID:4392
- C:\Windows\System\NloFOjE.exe
  C:\Windows\System\NloFOjE.exe
  2⤵
  PID:2228
- C:\Windows\System\FanqFoO.exe
  C:\Windows\System\FanqFoO.exe
  2⤵
  PID:4756
- C:\Windows\System\rwsuevy.exe
  C:\Windows\System\rwsuevy.exe
  2⤵
  PID:1008
- C:\Windows\System\TlEUSzK.exe
  C:\Windows\System\TlEUSzK.exe
  2⤵
  PID:1104
- C:\Windows\System\OiwXZiv.exe
  C:\Windows\System\OiwXZiv.exe
  2⤵
  PID:4732
- C:\Windows\System\WuJmUnC.exe
  C:\Windows\System\WuJmUnC.exe
  2⤵
  PID:3432
- C:\Windows\System\FIBePSw.exe
  C:\Windows\System\FIBePSw.exe
  2⤵
  PID:3272
- C:\Windows\System\iJbnkqq.exe
  C:\Windows\System\iJbnkqq.exe
  2⤵
  PID:3524
- C:\Windows\System\lRIzjYq.exe
  C:\Windows\System\lRIzjYq.exe
  2⤵
  PID:4548
- C:\Windows\System\UecXyWA.exe
  C:\Windows\System\UecXyWA.exe
  2⤵
  PID:116
- C:\Windows\System\Mqxnawj.exe
  C:\Windows\System\Mqxnawj.exe
  2⤵
  PID:2336
- C:\Windows\System\XsVIPYc.exe
  C:\Windows\System\XsVIPYc.exe
  2⤵
  PID:1772
- C:\Windows\System\PMCuGDD.exe
  C:\Windows\System\PMCuGDD.exe
  2⤵
  PID:2600
- C:\Windows\System\PzihMmN.exe
  C:\Windows\System\PzihMmN.exe
  2⤵
  PID:60
- C:\Windows\System\yWIStxA.exe
  C:\Windows\System\yWIStxA.exe
  2⤵
  PID:2784
- C:\Windows\System\ESWTrcv.exe
  C:\Windows\System\ESWTrcv.exe
  2⤵
  PID:2444
- C:\Windows\System\gliJBIZ.exe
  C:\Windows\System\gliJBIZ.exe
  2⤵
  PID:396
- C:\Windows\System\cmxDcXk.exe
  C:\Windows\System\cmxDcXk.exe
  2⤵
  PID:4680
- C:\Windows\System\OxNORcA.exe
  C:\Windows\System\OxNORcA.exe
  2⤵
  PID:5084
- C:\Windows\System\PTXhpnf.exe
  C:\Windows\System\PTXhpnf.exe
  2⤵
  PID:3008
- C:\Windows\System\iBkEiCG.exe
  C:\Windows\System\iBkEiCG.exe
  2⤵
  PID:4868
- C:\Windows\System\BffXBIq.exe
  C:\Windows\System\BffXBIq.exe
  2⤵
  PID:2440
- C:\Windows\System\SJmNwDo.exe
  C:\Windows\System\SJmNwDo.exe
  2⤵
  PID:900
- C:\Windows\System\QaifnwW.exe
  C:\Windows\System\QaifnwW.exe
  2⤵
  PID:4824
- C:\Windows\System\NlcowHd.exe
  C:\Windows\System\NlcowHd.exe
  2⤵
  PID:1128
- C:\Windows\System\TjOolJs.exe
  C:\Windows\System\TjOolJs.exe
  2⤵
  PID:4416
- C:\Windows\System\ytVuona.exe
  C:\Windows\System\ytVuona.exe
  2⤵
  PID:3352
- C:\Windows\System\IUMhWjf.exe
  C:\Windows\System\IUMhWjf.exe
  2⤵
  PID:2332
- C:\Windows\System\NCiNvfS.exe
  C:\Windows\System\NCiNvfS.exe
  2⤵
  PID:5124
- C:\Windows\System\WdDCySi.exe
  C:\Windows\System\WdDCySi.exe
  2⤵
  PID:5152
- C:\Windows\System\OjlBwQD.exe
  C:\Windows\System\OjlBwQD.exe
  2⤵
  PID:5244
- C:\Windows\System\gEQVpnT.exe
  C:\Windows\System\gEQVpnT.exe
  2⤵
  PID:5260
- C:\Windows\System\XKupUoo.exe
  C:\Windows\System\XKupUoo.exe
  2⤵
  PID:5280
- C:\Windows\System\wuqsUWU.exe
  C:\Windows\System\wuqsUWU.exe
  2⤵
  PID:5296
- C:\Windows\System\vcVSZxn.exe
  C:\Windows\System\vcVSZxn.exe
  2⤵
  PID:5320
- C:\Windows\System\NsgOiIq.exe
  C:\Windows\System\NsgOiIq.exe
  2⤵
  PID:5348
- C:\Windows\System\lnBcuvv.exe
  C:\Windows\System\lnBcuvv.exe
  2⤵
  PID:5384
- C:\Windows\System\iZfGPQu.exe
  C:\Windows\System\iZfGPQu.exe
  2⤵
  PID:5408
- C:\Windows\System\vvQmZmQ.exe
  C:\Windows\System\vvQmZmQ.exe
  2⤵
  PID:5424
- C:\Windows\System\CzwHdUz.exe
  C:\Windows\System\CzwHdUz.exe
  2⤵
  PID:5484
- C:\Windows\System\DSEjeOx.exe
  C:\Windows\System\DSEjeOx.exe
  2⤵
  PID:5504
- C:\Windows\System\jlBQwaw.exe
  C:\Windows\System\jlBQwaw.exe
  2⤵
  PID:5544
- C:\Windows\System\rALsKeV.exe
  C:\Windows\System\rALsKeV.exe
  2⤵
  PID:5568
- C:\Windows\System\TegsnIJ.exe
  C:\Windows\System\TegsnIJ.exe
  2⤵
  PID:5596
- C:\Windows\System\twHlpBD.exe
  C:\Windows\System\twHlpBD.exe
  2⤵
  PID:5636
- C:\Windows\System\FcXKjJb.exe
  C:\Windows\System\FcXKjJb.exe
  2⤵
  PID:5680
- C:\Windows\System\zAZvToN.exe
  C:\Windows\System\zAZvToN.exe
  2⤵
  PID:5708
- C:\Windows\System\EYihjNS.exe
  C:\Windows\System\EYihjNS.exe
  2⤵
  PID:5724
- C:\Windows\System\sXkErbE.exe
  C:\Windows\System\sXkErbE.exe
  2⤵
  PID:5752
- C:\Windows\System\WFJHgug.exe
  C:\Windows\System\WFJHgug.exe
  2⤵
  PID:5776
- C:\Windows\System\foIsjmQ.exe
  C:\Windows\System\foIsjmQ.exe
  2⤵
  PID:5796
- C:\Windows\System\mGXUTFD.exe
  C:\Windows\System\mGXUTFD.exe
  2⤵
  PID:5816
- C:\Windows\System\jiVtuUj.exe
  C:\Windows\System\jiVtuUj.exe
  2⤵
  PID:5908
- C:\Windows\System\coZqeQD.exe
  C:\Windows\System\coZqeQD.exe
  2⤵
  PID:5924
- C:\Windows\System\WrRAGIr.exe
  C:\Windows\System\WrRAGIr.exe
  2⤵
  PID:5952
- C:\Windows\System\hqXeyaW.exe
  C:\Windows\System\hqXeyaW.exe
  2⤵
  PID:5972
- C:\Windows\System\kedjaLK.exe
  C:\Windows\System\kedjaLK.exe
  2⤵
  PID:6004
- C:\Windows\System\DSjeDXR.exe
  C:\Windows\System\DSjeDXR.exe
  2⤵
  PID:6024
- C:\Windows\System\iqQCJZV.exe
  C:\Windows\System\iqQCJZV.exe
  2⤵
  PID:6044
- C:\Windows\System\JgpFFfi.exe
  C:\Windows\System\JgpFFfi.exe
  2⤵
  PID:6080
- C:\Windows\System\QVLvWFH.exe
  C:\Windows\System\QVLvWFH.exe
  2⤵
  PID:6132
- C:\Windows\System\QultXCR.exe
  C:\Windows\System\QultXCR.exe
  2⤵
  PID:2476
- C:\Windows\System\hjWeCeP.exe
  C:\Windows\System\hjWeCeP.exe
  2⤵
  PID:2544
- C:\Windows\System\gTybLyt.exe
  C:\Windows\System\gTybLyt.exe
  2⤵
  PID:1980
- C:\Windows\System\PNUwAWH.exe
  C:\Windows\System\PNUwAWH.exe
  2⤵
  PID:2932
- C:\Windows\System\VlghWLJ.exe
  C:\Windows\System\VlghWLJ.exe
  2⤵
  PID:508
- C:\Windows\System\KiraFmm.exe
  C:\Windows\System\KiraFmm.exe
  2⤵
  PID:5144
- C:\Windows\System\GTseuCS.exe
  C:\Windows\System\GTseuCS.exe
  2⤵
  PID:2956
- C:\Windows\System\XCrafGO.exe
  C:\Windows\System\XCrafGO.exe
  2⤵
  PID:672
- C:\Windows\System\iwSSnEE.exe
  C:\Windows\System\iwSSnEE.exe
  2⤵
  PID:5328
- C:\Windows\System\FZFGfjD.exe
  C:\Windows\System\FZFGfjD.exe
  2⤵
  PID:5272
- C:\Windows\System\GKLQLdB.exe
  C:\Windows\System\GKLQLdB.exe
  2⤵
  PID:5288
- C:\Windows\System\ghECAJl.exe
  C:\Windows\System\ghECAJl.exe
  2⤵
  PID:5392
- C:\Windows\System\WoYPbuC.exe
  C:\Windows\System\WoYPbuC.exe
  2⤵
  PID:5500
- C:\Windows\System\vpYSKmr.exe
  C:\Windows\System\vpYSKmr.exe
  2⤵
  PID:5532
- C:\Windows\System\aAeAtry.exe
  C:\Windows\System\aAeAtry.exe
  2⤵
  PID:5588
- C:\Windows\System\ozNWlXa.exe
  C:\Windows\System\ozNWlXa.exe
  2⤵
  PID:5616
- C:\Windows\System\tKPwPMw.exe
  C:\Windows\System\tKPwPMw.exe
  2⤵
  PID:5744
- C:\Windows\System\rkLfspy.exe
  C:\Windows\System\rkLfspy.exe
  2⤵
  PID:5788
- C:\Windows\System\CDNCmxh.exe
  C:\Windows\System\CDNCmxh.exe
  2⤵
  PID:2464
- C:\Windows\System\gjPTGRR.exe
  C:\Windows\System\gjPTGRR.exe
  2⤵
  PID:5876
- C:\Windows\System\gJXHhdJ.exe
  C:\Windows\System\gJXHhdJ.exe
  2⤵
  PID:5964
- C:\Windows\System\svTKHOc.exe
  C:\Windows\System\svTKHOc.exe
  2⤵
  PID:6060
- C:\Windows\System\dWltPSa.exe
  C:\Windows\System\dWltPSa.exe
  2⤵
  PID:6100
- C:\Windows\System\RPNadbv.exe
  C:\Windows\System\RPNadbv.exe
  2⤵
  PID:1448
- C:\Windows\System\WCuTiYL.exe
  C:\Windows\System\WCuTiYL.exe
  2⤵
  PID:2420
- C:\Windows\System\BsXQjCr.exe
  C:\Windows\System\BsXQjCr.exe
  2⤵
  PID:5228
- C:\Windows\System\XWOsgCJ.exe
  C:\Windows\System\XWOsgCJ.exe
  2⤵
  PID:1916
- C:\Windows\System\UgJTJua.exe
  C:\Windows\System\UgJTJua.exe
  2⤵
  PID:5448
- C:\Windows\System\VLMLMOt.exe
  C:\Windows\System\VLMLMOt.exe
  2⤵
  PID:5564
- C:\Windows\System\vkjJfHS.exe
  C:\Windows\System\vkjJfHS.exe
  2⤵
  PID:5196
- C:\Windows\System\zwkiRNT.exe
  C:\Windows\System\zwkiRNT.exe
  2⤵
  PID:5948
- C:\Windows\System\zDggcVs.exe
  C:\Windows\System\zDggcVs.exe
  2⤵
  PID:4900
- C:\Windows\System\mZEXTAF.exe
  C:\Windows\System\mZEXTAF.exe
  2⤵
  PID:6052
- C:\Windows\System\RncUygt.exe
  C:\Windows\System\RncUygt.exe
  2⤵
  PID:6116
- C:\Windows\System\ooizaGV.exe
  C:\Windows\System\ooizaGV.exe
  2⤵
  PID:5224
- C:\Windows\System\JpxwbwH.exe
  C:\Windows\System\JpxwbwH.exe
  2⤵
  PID:1592
- C:\Windows\System\GEbnIbo.exe
  C:\Windows\System\GEbnIbo.exe
  2⤵
  PID:5176
- C:\Windows\System\VpGURju.exe
  C:\Windows\System\VpGURju.exe
  2⤵
  PID:5556
- C:\Windows\System\CfUBORn.exe
  C:\Windows\System\CfUBORn.exe
  2⤵
  PID:5204
- C:\Windows\System\udyNgKJ.exe
  C:\Windows\System\udyNgKJ.exe
  2⤵
  PID:5864
- C:\Windows\System\mPvdkpY.exe
  C:\Windows\System\mPvdkpY.exe
  2⤵
  PID:5364
- C:\Windows\System\HjnxObD.exe
  C:\Windows\System\HjnxObD.exe
  2⤵
  PID:6156
- C:\Windows\System\NyCqgbx.exe
  C:\Windows\System\NyCqgbx.exe
  2⤵
  PID:6184
- C:\Windows\System\gmdkGBO.exe
  C:\Windows\System\gmdkGBO.exe
  2⤵
  PID:6220
- C:\Windows\System\YJHLyVJ.exe
  C:\Windows\System\YJHLyVJ.exe
  2⤵
  PID:6256
- C:\Windows\System\zbNgiRC.exe
  C:\Windows\System\zbNgiRC.exe
  2⤵
  PID:6276
- C:\Windows\System\yNzzezy.exe
  C:\Windows\System\yNzzezy.exe
  2⤵
  PID:6324
- C:\Windows\System\rrGeuKf.exe
  C:\Windows\System\rrGeuKf.exe
  2⤵
  PID:6344
- C:\Windows\System\hIaXtGz.exe
  C:\Windows\System\hIaXtGz.exe
  2⤵
  PID:6392
- C:\Windows\System\SjKmlLF.exe
  C:\Windows\System\SjKmlLF.exe
  2⤵
  PID:6408
- C:\Windows\System\DRoRdAx.exe
  C:\Windows\System\DRoRdAx.exe
  2⤵
  PID:6436
- C:\Windows\System\tAARSQk.exe
  C:\Windows\System\tAARSQk.exe
  2⤵
  PID:6456
- C:\Windows\System\vUAUYKV.exe
  C:\Windows\System\vUAUYKV.exe
  2⤵
  PID:6472
- C:\Windows\System\YhhXhfP.exe
  C:\Windows\System\YhhXhfP.exe
  2⤵
  PID:6508
- C:\Windows\System\JXyCdmo.exe
  C:\Windows\System\JXyCdmo.exe
  2⤵
  PID:6528
- C:\Windows\System\MeMdpjD.exe
  C:\Windows\System\MeMdpjD.exe
  2⤵
  PID:6564
- C:\Windows\System\ymDhMoM.exe
  C:\Windows\System\ymDhMoM.exe
  2⤵
  PID:6620
- C:\Windows\System\CKYiHDj.exe
  C:\Windows\System\CKYiHDj.exe
  2⤵
  PID:6636
- C:\Windows\System\eNMqoHk.exe
  C:\Windows\System\eNMqoHk.exe
  2⤵
  PID:6676
- C:\Windows\System\RakDrUt.exe
  C:\Windows\System\RakDrUt.exe
  2⤵
  PID:6692
- C:\Windows\System\dsfLqOg.exe
  C:\Windows\System\dsfLqOg.exe
  2⤵
  PID:6728
- C:\Windows\System\QhRuSpW.exe
  C:\Windows\System\QhRuSpW.exe
  2⤵
  PID:6748
- C:\Windows\System\powaSBe.exe
  C:\Windows\System\powaSBe.exe
  2⤵
  PID:6768
- C:\Windows\System\wWZyiPa.exe
  C:\Windows\System\wWZyiPa.exe
  2⤵
  PID:6788
- C:\Windows\System\GfDQgjl.exe
  C:\Windows\System\GfDQgjl.exe
  2⤵
  PID:6808
- C:\Windows\System\mMmGbRq.exe
  C:\Windows\System\mMmGbRq.exe
  2⤵
  PID:6828
- C:\Windows\System\tjXCLeD.exe
  C:\Windows\System\tjXCLeD.exe
  2⤵
  PID:6844
- C:\Windows\System\hKqOAWW.exe
  C:\Windows\System\hKqOAWW.exe
  2⤵
  PID:6864
- C:\Windows\System\MseBQVq.exe
  C:\Windows\System\MseBQVq.exe
  2⤵
  PID:6960
- C:\Windows\System\ctxngob.exe
  C:\Windows\System\ctxngob.exe
  2⤵
  PID:7000
- C:\Windows\System\OHAnZuN.exe
  C:\Windows\System\OHAnZuN.exe
  2⤵
  PID:7040
- C:\Windows\System\LeWuZwC.exe
  C:\Windows\System\LeWuZwC.exe
  2⤵
  PID:7064
- C:\Windows\System\TFZgBNG.exe
  C:\Windows\System\TFZgBNG.exe
  2⤵
  PID:7080
- C:\Windows\System\yIPQFRB.exe
  C:\Windows\System\yIPQFRB.exe
  2⤵
  PID:7100
- C:\Windows\System\IXmGafV.exe
  C:\Windows\System\IXmGafV.exe
  2⤵
  PID:7120
- C:\Windows\System\LCuokSo.exe
  C:\Windows\System\LCuokSo.exe
  2⤵
  PID:5540
- C:\Windows\System\DqLEdAN.exe
  C:\Windows\System\DqLEdAN.exe
  2⤵
  PID:5444
- C:\Windows\System\FhruwCF.exe
  C:\Windows\System\FhruwCF.exe
  2⤵
  PID:5076
- C:\Windows\System\lztbZiz.exe
  C:\Windows\System\lztbZiz.exe
  2⤵
  PID:6228
- C:\Windows\System\vJMXhZX.exe
  C:\Windows\System\vJMXhZX.exe
  2⤵
  PID:6212
- C:\Windows\System\zTKzJLe.exe
  C:\Windows\System\zTKzJLe.exe
  2⤵
  PID:6304
- C:\Windows\System\ABhwNFw.exe
  C:\Windows\System\ABhwNFw.exe
  2⤵
  PID:6384
- C:\Windows\System\rQknmkx.exe
  C:\Windows\System\rQknmkx.exe
  2⤵
  PID:6468
- C:\Windows\System\GzKYadJ.exe
  C:\Windows\System\GzKYadJ.exe
  2⤵
  PID:6492
- C:\Windows\System\zFykfOQ.exe
  C:\Windows\System\zFykfOQ.exe
  2⤵
  PID:6596
- C:\Windows\System\ByKDKWa.exe
  C:\Windows\System\ByKDKWa.exe
  2⤵
  PID:6684
- C:\Windows\System\fIavFmh.exe
  C:\Windows\System\fIavFmh.exe
  2⤵
  PID:6720
- C:\Windows\System\eVOwAle.exe
  C:\Windows\System\eVOwAle.exe
  2⤵
  PID:6776
- C:\Windows\System\kkQWikU.exe
  C:\Windows\System\kkQWikU.exe
  2⤵
  PID:6800
- C:\Windows\System\xJZhVYm.exe
  C:\Windows\System\xJZhVYm.exe
  2⤵
  PID:6876
- C:\Windows\System\EXZjzyq.exe
  C:\Windows\System\EXZjzyq.exe
  2⤵
  PID:6968
- C:\Windows\System\MtVpWhn.exe
  C:\Windows\System\MtVpWhn.exe
  2⤵
  PID:6992
- C:\Windows\System\qjhOfEi.exe
  C:\Windows\System\qjhOfEi.exe
  2⤵
  PID:7076
- C:\Windows\System\GXJFOMP.exe
  C:\Windows\System\GXJFOMP.exe
  2⤵
  PID:7156
- C:\Windows\System\wXNurrv.exe
  C:\Windows\System\wXNurrv.exe
  2⤵
  PID:5268
- C:\Windows\System\MddBWIY.exe
  C:\Windows\System\MddBWIY.exe
  2⤵
  PID:6364
- C:\Windows\System\eMGIQGD.exe
  C:\Windows\System\eMGIQGD.exe
  2⤵
  PID:6560
- C:\Windows\System\FBdSawr.exe
  C:\Windows\System\FBdSawr.exe
  2⤵
  PID:6796
- C:\Windows\System\LgjXEbo.exe
  C:\Windows\System\LgjXEbo.exe
  2⤵
  PID:6888
- C:\Windows\System\ktCSIgh.exe
  C:\Windows\System\ktCSIgh.exe
  2⤵
  PID:7092
- C:\Windows\System\WPwfURt.exe
  C:\Windows\System\WPwfURt.exe
  2⤵
  PID:5308
- C:\Windows\System\vuqoVAG.exe
  C:\Windows\System\vuqoVAG.exe
  2⤵
  PID:6380
- C:\Windows\System\IlJsgbz.exe
  C:\Windows\System\IlJsgbz.exe
  2⤵
  PID:6500
- C:\Windows\System\BTWYuDd.exe
  C:\Windows\System\BTWYuDd.exe
  2⤵
  PID:6248
- C:\Windows\System\AndjnDy.exe
  C:\Windows\System\AndjnDy.exe
  2⤵
  PID:6208
- C:\Windows\System\sVwLRxw.exe
  C:\Windows\System\sVwLRxw.exe
  2⤵
  PID:7184
- C:\Windows\System\LdfLszE.exe
  C:\Windows\System\LdfLszE.exe
  2⤵
  PID:7208
- C:\Windows\System\yZIPdAX.exe
  C:\Windows\System\yZIPdAX.exe
  2⤵
  PID:7228
- C:\Windows\System\wdInMyD.exe
  C:\Windows\System\wdInMyD.exe
  2⤵
  PID:7256
- C:\Windows\System\SrEJdCl.exe
  C:\Windows\System\SrEJdCl.exe
  2⤵
  PID:7272
- C:\Windows\System\aKlWjtf.exe
  C:\Windows\System\aKlWjtf.exe
  2⤵
  PID:7316
- C:\Windows\System\ASoLYxU.exe
  C:\Windows\System\ASoLYxU.exe
  2⤵
  PID:7340
- C:\Windows\System\ieBruGz.exe
  C:\Windows\System\ieBruGz.exe
  2⤵
  PID:7360
- C:\Windows\System\qJEcmJI.exe
  C:\Windows\System\qJEcmJI.exe
  2⤵
  PID:7380
- C:\Windows\System\KyfWHMO.exe
  C:\Windows\System\KyfWHMO.exe
  2⤵
  PID:7416
- C:\Windows\System\HTpKDZI.exe
  C:\Windows\System\HTpKDZI.exe
  2⤵
  PID:7436
- C:\Windows\System\bkdiMwY.exe
  C:\Windows\System\bkdiMwY.exe
  2⤵
  PID:7500
- C:\Windows\System\kCJmwTM.exe
  C:\Windows\System\kCJmwTM.exe
  2⤵
  PID:7524
- C:\Windows\System\FmPCKgw.exe
  C:\Windows\System\FmPCKgw.exe
  2⤵
  PID:7564
- C:\Windows\System\omaulNl.exe
  C:\Windows\System\omaulNl.exe
  2⤵
  PID:7604
- C:\Windows\System\UjgIxkt.exe
  C:\Windows\System\UjgIxkt.exe
  2⤵
  PID:7620
- C:\Windows\System\KCNDaBF.exe
  C:\Windows\System\KCNDaBF.exe
  2⤵
  PID:7640
- C:\Windows\System\jYJXnmY.exe
  C:\Windows\System\jYJXnmY.exe
  2⤵
  PID:7656
- C:\Windows\System\vQAbTxA.exe
  C:\Windows\System\vQAbTxA.exe
  2⤵
  PID:7684
- C:\Windows\System\BSSlhUM.exe
  C:\Windows\System\BSSlhUM.exe
  2⤵
  PID:7708
- C:\Windows\System\EALeoYg.exe
  C:\Windows\System\EALeoYg.exe
  2⤵
  PID:7724
- C:\Windows\System\CSsVRba.exe
  C:\Windows\System\CSsVRba.exe
  2⤵
  PID:7756
- C:\Windows\System\OUinqgn.exe
  C:\Windows\System\OUinqgn.exe
  2⤵
  PID:7804
- C:\Windows\System\tXqqjbd.exe
  C:\Windows\System\tXqqjbd.exe
  2⤵
  PID:7836
- C:\Windows\System\AfPimTm.exe
  C:\Windows\System\AfPimTm.exe
  2⤵
  PID:7860
- C:\Windows\System\pvoOXAj.exe
  C:\Windows\System\pvoOXAj.exe
  2⤵
  PID:7916
- C:\Windows\System\UKOrryg.exe
  C:\Windows\System\UKOrryg.exe
  2⤵
  PID:7956
- C:\Windows\System\mfWCvMl.exe
  C:\Windows\System\mfWCvMl.exe
  2⤵
  PID:7984
- C:\Windows\System\xQzVdgy.exe
  C:\Windows\System\xQzVdgy.exe
  2⤵
  PID:8004
- C:\Windows\System\SZHnWJj.exe
  C:\Windows\System\SZHnWJj.exe
  2⤵
  PID:8020
- C:\Windows\System\WCUrQQQ.exe
  C:\Windows\System\WCUrQQQ.exe
  2⤵
  PID:8056
- C:\Windows\System\YMWOaWP.exe
  C:\Windows\System\YMWOaWP.exe
  2⤵
  PID:8076
- C:\Windows\System\zhPyGKu.exe
  C:\Windows\System\zhPyGKu.exe
  2⤵
  PID:8092
- C:\Windows\System\JgFRWjr.exe
  C:\Windows\System\JgFRWjr.exe
  2⤵
  PID:8136
- C:\Windows\System\UuSCOnf.exe
  C:\Windows\System\UuSCOnf.exe
  2⤵
  PID:8156
- C:\Windows\System\qQCnToK.exe
  C:\Windows\System\qQCnToK.exe
  2⤵
  PID:8176
- C:\Windows\System\ZdRMWQR.exe
  C:\Windows\System\ZdRMWQR.exe
  2⤵
  PID:6336
- C:\Windows\System\gPhyIRL.exe
  C:\Windows\System\gPhyIRL.exe
  2⤵
  PID:7192
- C:\Windows\System\BgiBZJh.exe
  C:\Windows\System\BgiBZJh.exe
  2⤵
  PID:7224
- C:\Windows\System\uKDBFpM.exe
  C:\Windows\System\uKDBFpM.exe
  2⤵
  PID:7300
- C:\Windows\System\ajcrNSB.exe
  C:\Windows\System\ajcrNSB.exe
  2⤵
  PID:7376
- C:\Windows\System\bdGovSX.exe
  C:\Windows\System\bdGovSX.exe
  2⤵
  PID:7464
- C:\Windows\System\UNKcYXw.exe
  C:\Windows\System\UNKcYXw.exe
  2⤵
  PID:7536
- C:\Windows\System\kZvKquw.exe
  C:\Windows\System\kZvKquw.exe
  2⤵
  PID:7648
- C:\Windows\System\gNgdBtZ.exe
  C:\Windows\System\gNgdBtZ.exe
  2⤵
  PID:7692
- C:\Windows\System\FEoZRlv.exe
  C:\Windows\System\FEoZRlv.exe
  2⤵
  PID:7752
- C:\Windows\System\ZfGwwmH.exe
  C:\Windows\System\ZfGwwmH.exe
  2⤵
  PID:7856
- C:\Windows\System\HnLoopF.exe
  C:\Windows\System\HnLoopF.exe
  2⤵
  PID:7964
- C:\Windows\System\tVBOeXN.exe
  C:\Windows\System\tVBOeXN.exe
  2⤵
  PID:8016
- C:\Windows\System\vMwmCsZ.exe
  C:\Windows\System\vMwmCsZ.exe
  2⤵
  PID:8064
- C:\Windows\System\cQiOxZU.exe
  C:\Windows\System\cQiOxZU.exe
  2⤵
  PID:8036
- C:\Windows\System\yfyvqxu.exe
  C:\Windows\System\yfyvqxu.exe
  2⤵
  PID:7132
- C:\Windows\System\AWiZrwO.exe
  C:\Windows\System\AWiZrwO.exe
  2⤵
  PID:7240
- C:\Windows\System\YEsRDFf.exe
  C:\Windows\System\YEsRDFf.exe
  2⤵
  PID:7372
- C:\Windows\System\vXeSYOK.exe
  C:\Windows\System\vXeSYOK.exe
  2⤵
  PID:7408
- C:\Windows\System\LIWnjVx.exe
  C:\Windows\System\LIWnjVx.exe
  2⤵
  PID:7352
- C:\Windows\System\dFIrENs.exe
  C:\Windows\System\dFIrENs.exe
  2⤵
  PID:7716
- C:\Windows\System\wwkEDhJ.exe
  C:\Windows\System\wwkEDhJ.exe
  2⤵
  PID:7848
- C:\Windows\System\vIFuAkj.exe
  C:\Windows\System\vIFuAkj.exe
  2⤵
  PID:6820
- C:\Windows\System\dehltGp.exe
  C:\Windows\System\dehltGp.exe
  2⤵
  PID:7332
- C:\Windows\System\uvysRDI.exe
  C:\Windows\System\uvysRDI.exe
  2⤵
  PID:7600
- C:\Windows\System\TwlpIJc.exe
  C:\Windows\System\TwlpIJc.exe
  2⤵
  PID:8212
- C:\Windows\System\nFfMtGa.exe
  C:\Windows\System\nFfMtGa.exe
  2⤵
  PID:8232
- C:\Windows\System\hFMIdAj.exe
  C:\Windows\System\hFMIdAj.exe
  2⤵
  PID:8248
- C:\Windows\System\aRvtoyS.exe
  C:\Windows\System\aRvtoyS.exe
  2⤵
  PID:8264
- C:\Windows\System\LwjZEqY.exe
  C:\Windows\System\LwjZEqY.exe
  2⤵
  PID:8280
- C:\Windows\System\ltxKHgr.exe
  C:\Windows\System\ltxKHgr.exe
  2⤵
  PID:8312
- C:\Windows\System\TlJgvJL.exe
  C:\Windows\System\TlJgvJL.exe
  2⤵
  PID:8332
- C:\Windows\System\jMSHeNF.exe
  C:\Windows\System\jMSHeNF.exe
  2⤵
  PID:8400
- C:\Windows\System\KukrPEs.exe
  C:\Windows\System\KukrPEs.exe
  2⤵
  PID:8452
- C:\Windows\System\rRKiLOr.exe
  C:\Windows\System\rRKiLOr.exe
  2⤵
  PID:8480
- C:\Windows\System\fuDbOLL.exe
  C:\Windows\System\fuDbOLL.exe
  2⤵
  PID:8504
- C:\Windows\System\qgEFlnj.exe
  C:\Windows\System\qgEFlnj.exe
  2⤵
  PID:8524
- C:\Windows\System\yEQAKGc.exe
  C:\Windows\System\yEQAKGc.exe
  2⤵
  PID:8544
- C:\Windows\System\pUkhver.exe
  C:\Windows\System\pUkhver.exe
  2⤵
  PID:8564
- C:\Windows\System\tkzJZgR.exe
  C:\Windows\System\tkzJZgR.exe
  2⤵
  PID:8612
- C:\Windows\System\mDtXAUi.exe
  C:\Windows\System\mDtXAUi.exe
  2⤵
  PID:8668
- C:\Windows\System\iTmpNiN.exe
  C:\Windows\System\iTmpNiN.exe
  2⤵
  PID:8740
- C:\Windows\System\zWcklso.exe
  C:\Windows\System\zWcklso.exe
  2⤵
  PID:8792
- C:\Windows\System\PZlaVdJ.exe
  C:\Windows\System\PZlaVdJ.exe
  2⤵
  PID:8812
- C:\Windows\System\qZwvgcU.exe
  C:\Windows\System\qZwvgcU.exe
  2⤵
  PID:8852
- C:\Windows\System\RnFBHkd.exe
  C:\Windows\System\RnFBHkd.exe
  2⤵
  PID:8876
- C:\Windows\System\ikyypTa.exe
  C:\Windows\System\ikyypTa.exe
  2⤵
  PID:8908
- C:\Windows\System\QQFYZEn.exe
  C:\Windows\System\QQFYZEn.exe
  2⤵
  PID:8928
- C:\Windows\System\LLgvKFD.exe
  C:\Windows\System\LLgvKFD.exe
  2⤵
  PID:8952
- C:\Windows\System\HeeYjxi.exe
  C:\Windows\System\HeeYjxi.exe
  2⤵
  PID:8972
- C:\Windows\System\nCrFuCJ.exe
  C:\Windows\System\nCrFuCJ.exe
  2⤵
  PID:8996
- C:\Windows\System\AYrPmYJ.exe
  C:\Windows\System\AYrPmYJ.exe
  2⤵
  PID:9020
- C:\Windows\System\fgWNcZR.exe
  C:\Windows\System\fgWNcZR.exe
  2⤵
  PID:9064
- C:\Windows\System\bvNYkEJ.exe
  C:\Windows\System\bvNYkEJ.exe
  2⤵
  PID:9084
- C:\Windows\System\sAnDwCW.exe
  C:\Windows\System\sAnDwCW.exe
  2⤵
  PID:9100
- C:\Windows\System\yePcWuV.exe
  C:\Windows\System\yePcWuV.exe
  2⤵
  PID:9124
- C:\Windows\System\Ujxsuyj.exe
  C:\Windows\System\Ujxsuyj.exe
  2⤵
  PID:9148
- C:\Windows\System\navCKhl.exe
  C:\Windows\System\navCKhl.exe
  2⤵
  PID:9168
- C:\Windows\System\UyqWzzM.exe
  C:\Windows\System\UyqWzzM.exe
  2⤵
  PID:7516
- C:\Windows\System\fdMzlEN.exe
  C:\Windows\System\fdMzlEN.exe
  2⤵
  PID:7824
- C:\Windows\System\ZYAvGAU.exe
  C:\Windows\System\ZYAvGAU.exe
  2⤵
  PID:7632
- C:\Windows\System\IxbyrZv.exe
  C:\Windows\System\IxbyrZv.exe
  2⤵
  PID:7496
- C:\Windows\System\BoUuPlh.exe
  C:\Windows\System\BoUuPlh.exe
  2⤵
  PID:8000
- C:\Windows\System\PDdqqmd.exe
  C:\Windows\System\PDdqqmd.exe
  2⤵
  PID:8304
- C:\Windows\System\cuDbhtC.exe
  C:\Windows\System\cuDbhtC.exe
  2⤵
  PID:8540
- C:\Windows\System\BSvfBYg.exe
  C:\Windows\System\BSvfBYg.exe
  2⤵
  PID:8512
- C:\Windows\System\mrQxSrN.exe
  C:\Windows\System\mrQxSrN.exe
  2⤵
  PID:8444
- C:\Windows\System\FTRGQQh.exe
  C:\Windows\System\FTRGQQh.exe
  2⤵
  PID:8472
- C:\Windows\System\dEAmYeC.exe
  C:\Windows\System\dEAmYeC.exe
  2⤵
  PID:8620
- C:\Windows\System\hezzMhy.exe
  C:\Windows\System\hezzMhy.exe
  2⤵
  PID:8676
- C:\Windows\System\XGInWYz.exe
  C:\Windows\System\XGInWYz.exe
  2⤵
  PID:8760
- C:\Windows\System\UVFxFbB.exe
  C:\Windows\System\UVFxFbB.exe
  2⤵
  PID:8784
- C:\Windows\System\eoNVhZy.exe
  C:\Windows\System\eoNVhZy.exe
  2⤵
  PID:8848
- C:\Windows\System\AOjiblN.exe
  C:\Windows\System\AOjiblN.exe
  2⤵
  PID:8920
- C:\Windows\System\zZmAdlN.exe
  C:\Windows\System\zZmAdlN.exe
  2⤵
  PID:8944
- C:\Windows\System\KZnGxVl.exe
  C:\Windows\System\KZnGxVl.exe
  2⤵
  PID:9164
- C:\Windows\System\mSzWJaD.exe
  C:\Windows\System\mSzWJaD.exe
  2⤵
  PID:7200
- C:\Windows\System\ZVCPhRd.exe
  C:\Windows\System\ZVCPhRd.exe
  2⤵
  PID:7152
- C:\Windows\System\JxVyzMk.exe
  C:\Windows\System\JxVyzMk.exe
  2⤵
  PID:7996
- C:\Windows\System\IUaJScz.exe
  C:\Windows\System\IUaJScz.exe
  2⤵
  PID:8356
- C:\Windows\System\oZfjXGj.exe
  C:\Windows\System\oZfjXGj.exe
  2⤵
  PID:8536
- C:\Windows\System\CfUDnXy.exe
  C:\Windows\System\CfUDnXy.exe
  2⤵
  PID:8392
- C:\Windows\System\OlzdvRh.exe
  C:\Windows\System\OlzdvRh.exe
  2⤵
  PID:8608
- C:\Windows\System\BfAyEkm.exe
  C:\Windows\System\BfAyEkm.exe
  2⤵
  PID:8656
- C:\Windows\System\yTUkuRN.exe
  C:\Windows\System\yTUkuRN.exe
  2⤵
  PID:8716
- C:\Windows\System\wMsmziL.exe
  C:\Windows\System\wMsmziL.exe
  2⤵
  PID:9224
- C:\Windows\System\rRtifZd.exe
  C:\Windows\System\rRtifZd.exe
  2⤵
  PID:9240
- C:\Windows\System\GNxjXpS.exe
  C:\Windows\System\GNxjXpS.exe
  2⤵
  PID:9256
- C:\Windows\System\tQdCyUU.exe
  C:\Windows\System\tQdCyUU.exe
  2⤵
  PID:9272
- C:\Windows\System\KCyCoDk.exe
  C:\Windows\System\KCyCoDk.exe
  2⤵
  PID:9288
- C:\Windows\System\gEyhpXI.exe
  C:\Windows\System\gEyhpXI.exe
  2⤵
  PID:9304
- C:\Windows\System\IROxChs.exe
  C:\Windows\System\IROxChs.exe
  2⤵
  PID:9328
- C:\Windows\System\MbrloUn.exe
  C:\Windows\System\MbrloUn.exe
  2⤵
  PID:9344
- C:\Windows\System\SfAgpTD.exe
  C:\Windows\System\SfAgpTD.exe
  2⤵
  PID:9444
- C:\Windows\System\sMrknLP.exe
  C:\Windows\System\sMrknLP.exe
  2⤵
  PID:9468
- C:\Windows\System\klqKuzN.exe
  C:\Windows\System\klqKuzN.exe
  2⤵
  PID:9492
- C:\Windows\System\HIoKbnv.exe
  C:\Windows\System\HIoKbnv.exe
  2⤵
  PID:9512
- C:\Windows\System\afBcmbw.exe
  C:\Windows\System\afBcmbw.exe
  2⤵
  PID:9600
- C:\Windows\System\dAPmWdk.exe
  C:\Windows\System\dAPmWdk.exe
  2⤵
  PID:9688
- C:\Windows\System\pAaRwAq.exe
  C:\Windows\System\pAaRwAq.exe
  2⤵
  PID:9712
- C:\Windows\System\HCNNrCG.exe
  C:\Windows\System\HCNNrCG.exe
  2⤵
  PID:9788
- C:\Windows\System\ONOHivc.exe
  C:\Windows\System\ONOHivc.exe
  2⤵
  PID:9812
- C:\Windows\System\MfFQtHx.exe
  C:\Windows\System\MfFQtHx.exe
  2⤵
  PID:9828
- C:\Windows\System\qAwwruQ.exe
  C:\Windows\System\qAwwruQ.exe
  2⤵
  PID:9880
- C:\Windows\System\kABlsYy.exe
  C:\Windows\System\kABlsYy.exe
  2⤵
  PID:9928
- C:\Windows\System\kOmgbPZ.exe
  C:\Windows\System\kOmgbPZ.exe
  2⤵
  PID:9980
- C:\Windows\System\ZGeTKKZ.exe
  C:\Windows\System\ZGeTKKZ.exe
  2⤵
  PID:10016
- C:\Windows\System\rmxvfFt.exe
  C:\Windows\System\rmxvfFt.exe
  2⤵
  PID:10040
- C:\Windows\System\kpNOdTS.exe
  C:\Windows\System\kpNOdTS.exe
  2⤵
  PID:10060
- C:\Windows\System\buZoLPE.exe
  C:\Windows\System\buZoLPE.exe
  2⤵
  PID:10084
- C:\Windows\System\ZbafawQ.exe
  C:\Windows\System\ZbafawQ.exe
  2⤵
  PID:10104
- C:\Windows\System\CeHUqlr.exe
  C:\Windows\System\CeHUqlr.exe
  2⤵
  PID:10124
- C:\Windows\System\BiFuuEt.exe
  C:\Windows\System\BiFuuEt.exe
  2⤵
  PID:10172
- C:\Windows\System\BsFtjjt.exe
  C:\Windows\System\BsFtjjt.exe
  2⤵
  PID:10196
- C:\Windows\System\fQjAULh.exe
  C:\Windows\System\fQjAULh.exe
  2⤵
  PID:10216
- C:\Windows\System\kYVLDZk.exe
  C:\Windows\System\kYVLDZk.exe
  2⤵
  PID:9212
- C:\Windows\System\WnLzpIY.exe
  C:\Windows\System\WnLzpIY.exe
  2⤵
  PID:9108
- C:\Windows\System\Molaueo.exe
  C:\Windows\System\Molaueo.exe
  2⤵
  PID:8872
- C:\Windows\System\sDWDQbI.exe
  C:\Windows\System\sDWDQbI.exe
  2⤵
  PID:9188
- C:\Windows\System\pNrLKCP.exe
  C:\Windows\System\pNrLKCP.exe
  2⤵
  PID:8980
- C:\Windows\System\qaHxbKx.exe
  C:\Windows\System\qaHxbKx.exe
  2⤵
  PID:8572
- C:\Windows\System\hghJRpn.exe
  C:\Windows\System\hghJRpn.exe
  2⤵
  PID:9120
- C:\Windows\System\MGslXzi.exe
  C:\Windows\System\MGslXzi.exe
  2⤵
  PID:8012
- C:\Windows\System\RUQKjpR.exe
  C:\Windows\System\RUQKjpR.exe
  2⤵
  PID:9268
- C:\Windows\System\nlrToGM.exe
  C:\Windows\System\nlrToGM.exe
  2⤵
  PID:9396
- C:\Windows\System\qqprYZM.exe
  C:\Windows\System\qqprYZM.exe
  2⤵
  PID:9476
- C:\Windows\System\CbSCvaP.exe
  C:\Windows\System\CbSCvaP.exe
  2⤵
  PID:9644
- C:\Windows\System\wljHKre.exe
  C:\Windows\System\wljHKre.exe
  2⤵
  PID:9436
- C:\Windows\System\pWBaADx.exe
  C:\Windows\System\pWBaADx.exe
  2⤵
  PID:9680
- C:\Windows\System\KCzLlXk.exe
  C:\Windows\System\KCzLlXk.exe
  2⤵
  PID:9704
- C:\Windows\System\VWhNvQi.exe
  C:\Windows\System\VWhNvQi.exe
  2⤵
  PID:9876
- C:\Windows\System\BSxVCTy.exe
  C:\Windows\System\BSxVCTy.exe
  2⤵
  PID:9808
- C:\Windows\System\IPnEtbb.exe
  C:\Windows\System\IPnEtbb.exe
  2⤵
  PID:9972
- C:\Windows\System\RcYbuHS.exe
  C:\Windows\System\RcYbuHS.exe
  2⤵
  PID:10056
- C:\Windows\System\SQbRFBC.exe
  C:\Windows\System\SQbRFBC.exe
  2⤵
  PID:10100
- C:\Windows\System\yhSSVmR.exe
  C:\Windows\System\yhSSVmR.exe
  2⤵
  PID:7768
- C:\Windows\System\PXvBewV.exe
  C:\Windows\System\PXvBewV.exe
  2⤵
  PID:8560
- C:\Windows\System\gyIyQVb.exe
  C:\Windows\System\gyIyQVb.exe
  2⤵
  PID:8804
- C:\Windows\System\wPFueeB.exe
  C:\Windows\System\wPFueeB.exe
  2⤵
  PID:8208
- C:\Windows\System\udmipWc.exe
  C:\Windows\System\udmipWc.exe
  2⤵
  PID:9264
- C:\Windows\System\AKusTYR.exe
  C:\Windows\System\AKusTYR.exe
  2⤵
  PID:9248
- C:\Windows\System\ySUtqMq.exe
  C:\Windows\System\ySUtqMq.exe
  2⤵
  PID:9412
- C:\Windows\System\rJlGnsb.exe
  C:\Windows\System\rJlGnsb.exe
  2⤵
  PID:9136
- C:\Windows\System\ZYXXvNO.exe
  C:\Windows\System\ZYXXvNO.exe
  2⤵
  PID:9796
- C:\Windows\System\jlgWByV.exe
  C:\Windows\System\jlgWByV.exe
  2⤵
  PID:10068
- C:\Windows\System\MsXYgFt.exe
  C:\Windows\System\MsXYgFt.exe
  2⤵
  PID:10116
- C:\Windows\System\GHXUXPW.exe
  C:\Windows\System\GHXUXPW.exe
  2⤵
  PID:10212
- C:\Windows\System\LcnAJXb.exe
  C:\Windows\System\LcnAJXb.exe
  2⤵
  PID:9012
- C:\Windows\System\zUZfGOx.exe
  C:\Windows\System\zUZfGOx.exe
  2⤵
  PID:9740
- C:\Windows\System\ydcdXyc.exe
  C:\Windows\System\ydcdXyc.exe
  2⤵
  PID:9592
- C:\Windows\System\HwvRcZf.exe
  C:\Windows\System\HwvRcZf.exe
  2⤵
  PID:9744
- C:\Windows\System\SYRvViZ.exe
  C:\Windows\System\SYRvViZ.exe
  2⤵
  PID:9320
- C:\Windows\System\uNpBQnB.exe
  C:\Windows\System\uNpBQnB.exe
  2⤵
  PID:10248
- C:\Windows\System\uZUihhn.exe
  C:\Windows\System\uZUihhn.exe
  2⤵
  PID:10272
- C:\Windows\System\Hayndax.exe
  C:\Windows\System\Hayndax.exe
  2⤵
  PID:10304
- C:\Windows\System\PncYZbR.exe
  C:\Windows\System\PncYZbR.exe
  2⤵
  PID:10324
- C:\Windows\System\LjwVYGU.exe
  C:\Windows\System\LjwVYGU.exe
  2⤵
  PID:10376
- C:\Windows\System\buvYWaz.exe
  C:\Windows\System\buvYWaz.exe
  2⤵
  PID:10400
- C:\Windows\System\gtjCmDH.exe
  C:\Windows\System\gtjCmDH.exe
  2⤵
  PID:10416
- C:\Windows\System\fCihCGY.exe
  C:\Windows\System\fCihCGY.exe
  2⤵
  PID:10440
- C:\Windows\System\SAVLsiT.exe
  C:\Windows\System\SAVLsiT.exe
  2⤵
  PID:10460
- C:\Windows\System\fbUMkrc.exe
  C:\Windows\System\fbUMkrc.exe
  2⤵
  PID:10508
- C:\Windows\System\WbNPBTO.exe
  C:\Windows\System\WbNPBTO.exe
  2⤵
  PID:10528
- C:\Windows\System\TRmDFVJ.exe
  C:\Windows\System\TRmDFVJ.exe
  2⤵
  PID:10548
- C:\Windows\System\UuwNTll.exe
  C:\Windows\System\UuwNTll.exe
  2⤵
  PID:10580
- C:\Windows\System\MDznmed.exe
  C:\Windows\System\MDznmed.exe
  2⤵
  PID:10608
- C:\Windows\System\UcLeaVs.exe
  C:\Windows\System\UcLeaVs.exe
  2⤵
  PID:10632
- C:\Windows\System\qMZxRvo.exe
  C:\Windows\System\qMZxRvo.exe
  2⤵
  PID:10656
- C:\Windows\System\blMBxBk.exe
  C:\Windows\System\blMBxBk.exe
  2⤵
  PID:10684
- C:\Windows\System\GbMVnBw.exe
  C:\Windows\System\GbMVnBw.exe
  2⤵
  PID:10736
- C:\Windows\System\BrcQIWg.exe
  C:\Windows\System\BrcQIWg.exe
  2⤵
  PID:10760
- C:\Windows\System\rVmXEWs.exe
  C:\Windows\System\rVmXEWs.exe
  2⤵
  PID:10788
- C:\Windows\System\OszZMOD.exe
  C:\Windows\System\OszZMOD.exe
  2⤵
  PID:10808
- C:\Windows\System\ntxwzxI.exe
  C:\Windows\System\ntxwzxI.exe
  2⤵
  PID:10824
- C:\Windows\System\VXjEGii.exe
  C:\Windows\System\VXjEGii.exe
  2⤵
  PID:10844
- C:\Windows\System\mlpSjVU.exe
  C:\Windows\System\mlpSjVU.exe
  2⤵
  PID:10864
- C:\Windows\System\WVBBFho.exe
  C:\Windows\System\WVBBFho.exe
  2⤵
  PID:10880
- C:\Windows\System\PUKqmxP.exe
  C:\Windows\System\PUKqmxP.exe
  2⤵
  PID:10904
- C:\Windows\System\FqnJBqv.exe
  C:\Windows\System\FqnJBqv.exe
  2⤵
  PID:10936
- C:\Windows\System\FWxfOKG.exe
  C:\Windows\System\FWxfOKG.exe
  2⤵
  PID:10956
- C:\Windows\System\qhissvO.exe
  C:\Windows\System\qhissvO.exe
  2⤵
  PID:10976
- C:\Windows\System\AkFKVSl.exe
  C:\Windows\System\AkFKVSl.exe
  2⤵
  PID:11012
- C:\Windows\System\pJvObTV.exe
  C:\Windows\System\pJvObTV.exe
  2⤵
  PID:11036
- C:\Windows\System\GIHbPQX.exe
  C:\Windows\System\GIHbPQX.exe
  2⤵
  PID:11116
- C:\Windows\System\uNMSJoF.exe
  C:\Windows\System\uNMSJoF.exe
  2⤵
  PID:11136
- C:\Windows\System\zRYmOJZ.exe
  C:\Windows\System\zRYmOJZ.exe
  2⤵
  PID:11188
- C:\Windows\System\LnRaMlh.exe
  C:\Windows\System\LnRaMlh.exe
  2⤵
  PID:11208
- C:\Windows\System\ZSmNorS.exe
  C:\Windows\System\ZSmNorS.exe
  2⤵
  PID:11244
- C:\Windows\System\iVTPNsJ.exe
  C:\Windows\System\iVTPNsJ.exe
  2⤵
  PID:9116
- C:\Windows\System\vPviFLb.exe
  C:\Windows\System\vPviFLb.exe
  2⤵
  PID:10032
- C:\Windows\System\YZPMVQw.exe
  C:\Windows\System\YZPMVQw.exe
  2⤵
  PID:10316
- C:\Windows\System\HUlIeJv.exe
  C:\Windows\System\HUlIeJv.exe
  2⤵
  PID:10364
- C:\Windows\System\NeyPgAF.exe
  C:\Windows\System\NeyPgAF.exe
  2⤵
  PID:10456
- C:\Windows\System\jxgrsez.exe
  C:\Windows\System\jxgrsez.exe
  2⤵
  PID:10516
- C:\Windows\System\fhafBex.exe
  C:\Windows\System\fhafBex.exe
  2⤵
  PID:10572
- C:\Windows\System\WoSxCKi.exe
  C:\Windows\System\WoSxCKi.exe
  2⤵
  PID:10628
- C:\Windows\System\MPTIhjL.exe
  C:\Windows\System\MPTIhjL.exe
  2⤵
  PID:10676
- C:\Windows\System\FRxEJHx.exe
  C:\Windows\System\FRxEJHx.exe
  2⤵
  PID:10724
- C:\Windows\System\WBgHsac.exe
  C:\Windows\System\WBgHsac.exe
  2⤵
  PID:10784
- C:\Windows\System\fuOfWIh.exe
  C:\Windows\System\fuOfWIh.exe
  2⤵
  PID:10816
- C:\Windows\System\SukvbQq.exe
  C:\Windows\System\SukvbQq.exe
  2⤵
  PID:10900
- C:\Windows\System\hoXKIBU.exe
  C:\Windows\System\hoXKIBU.exe
  2⤵
  PID:10932
- C:\Windows\System\zKxhIJm.exe
  C:\Windows\System\zKxhIJm.exe
  2⤵
  PID:11108
- C:\Windows\System\KzymvGk.exe
  C:\Windows\System\KzymvGk.exe
  2⤵
  PID:11232
- C:\Windows\System\GMrWAbW.exe
  C:\Windows\System\GMrWAbW.exe
  2⤵
  PID:11252
- C:\Windows\System\FUdTzQF.exe
  C:\Windows\System\FUdTzQF.exe
  2⤵
  PID:10436
- C:\Windows\System\NirMObb.exe
  C:\Windows\System\NirMObb.exe
  2⤵
  PID:10428
- C:\Windows\System\xBmnFcS.exe
  C:\Windows\System\xBmnFcS.exe
  2⤵
  PID:10644
- C:\Windows\System\RAAqHYF.exe
  C:\Windows\System\RAAqHYF.exe
  2⤵
  PID:10648
- C:\Windows\System\DziQBXo.exe
  C:\Windows\System\DziQBXo.exe
  2⤵
  PID:10800
- C:\Windows\System\aFDhnPE.exe
  C:\Windows\System\aFDhnPE.exe
  2⤵
  PID:10992
- C:\Windows\System\CCcJTGX.exe
  C:\Windows\System\CCcJTGX.exe
  2⤵
  PID:11204
- C:\Windows\System\BiFCoXa.exe
  C:\Windows\System\BiFCoXa.exe
  2⤵
  PID:9500
- C:\Windows\System\rGcFwTZ.exe
  C:\Windows\System\rGcFwTZ.exe
  2⤵
  PID:10592
- C:\Windows\System\ZRukstc.exe
  C:\Windows\System\ZRukstc.exe
  2⤵
  PID:11076
- C:\Windows\System\dYgogVd.exe
  C:\Windows\System\dYgogVd.exe
  2⤵
  PID:11184
- C:\Windows\System\eyXVmgY.exe
  C:\Windows\System\eyXVmgY.exe
  2⤵
  PID:10972
- C:\Windows\System\vnYJGLH.exe
  C:\Windows\System\vnYJGLH.exe
  2⤵
  PID:11276
- C:\Windows\System\RodKCUW.exe
  C:\Windows\System\RodKCUW.exe
  2⤵
  PID:11296
- C:\Windows\System\LAVnrVR.exe
  C:\Windows\System\LAVnrVR.exe
  2⤵
  PID:11328
- C:\Windows\System\WqvceUE.exe
  C:\Windows\System\WqvceUE.exe
  2⤵
  PID:11376
- C:\Windows\System\vebVFIR.exe
  C:\Windows\System\vebVFIR.exe
  2⤵
  PID:11392
- C:\Windows\System\gYQKoKO.exe
  C:\Windows\System\gYQKoKO.exe
  2⤵
  PID:11436
- C:\Windows\System\uSRVzQJ.exe
  C:\Windows\System\uSRVzQJ.exe
  2⤵
  PID:11468
- C:\Windows\System\HliIPkA.exe
  C:\Windows\System\HliIPkA.exe
  2⤵
  PID:11496
- C:\Windows\System\lhYEMmT.exe
  C:\Windows\System\lhYEMmT.exe
  2⤵
  PID:11516
- C:\Windows\System\FiFtqmy.exe
  C:\Windows\System\FiFtqmy.exe
  2⤵
  PID:11548
- C:\Windows\System\SjdHViX.exe
  C:\Windows\System\SjdHViX.exe
  2⤵
  PID:11568
- C:\Windows\System\nURjDfH.exe
  C:\Windows\System\nURjDfH.exe
  2⤵
  PID:11612
- C:\Windows\System\YYbZPms.exe
  C:\Windows\System\YYbZPms.exe
  2⤵
  PID:11636
- C:\Windows\System\UYDnCei.exe
  C:\Windows\System\UYDnCei.exe
  2⤵
  PID:11664
- C:\Windows\System\VhBIIJe.exe
  C:\Windows\System\VhBIIJe.exe
  2⤵
  PID:11696
- C:\Windows\System\SezNrhn.exe
  C:\Windows\System\SezNrhn.exe
  2⤵
  PID:11724
- C:\Windows\System\FCoarIz.exe
  C:\Windows\System\FCoarIz.exe
  2⤵
  PID:11744
- C:\Windows\System\jrltewQ.exe
  C:\Windows\System\jrltewQ.exe
  2⤵
  PID:11764
- C:\Windows\System\YaZzUnj.exe
  C:\Windows\System\YaZzUnj.exe
  2⤵
  PID:11784
- C:\Windows\System\AlWCWxF.exe
  C:\Windows\System\AlWCWxF.exe
  2⤵
  PID:11840
- C:\Windows\System\mhsuEhy.exe
  C:\Windows\System\mhsuEhy.exe
  2⤵
  PID:11856
- C:\Windows\System\ymCxYsT.exe
  C:\Windows\System\ymCxYsT.exe
  2⤵
  PID:11880
- C:\Windows\System\tPnIpIz.exe
  C:\Windows\System\tPnIpIz.exe
  2⤵
  PID:11908
- C:\Windows\System\VRZiOEl.exe
  C:\Windows\System\VRZiOEl.exe
  2⤵
  PID:11936
- C:\Windows\System\KywKwsW.exe
  C:\Windows\System\KywKwsW.exe
  2⤵
  PID:12004
- C:\Windows\System\WQrOwPW.exe
  C:\Windows\System\WQrOwPW.exe
  2⤵
  PID:12020
- C:\Windows\System\KuvRkbJ.exe
  C:\Windows\System\KuvRkbJ.exe
  2⤵
  PID:12036
- C:\Windows\System\KIaUWGA.exe
  C:\Windows\System\KIaUWGA.exe
  2⤵
  PID:12076
- C:\Windows\System\mhtPMkI.exe
  C:\Windows\System\mhtPMkI.exe
  2⤵
  PID:12104
- C:\Windows\System\yZNnQQy.exe
  C:\Windows\System\yZNnQQy.exe
  2⤵
  PID:12128
- C:\Windows\System\iLWNUQo.exe
  C:\Windows\System\iLWNUQo.exe
  2⤵
  PID:12148
- C:\Windows\System\dwMBokH.exe
  C:\Windows\System\dwMBokH.exe
  2⤵
  PID:12172
- C:\Windows\System\uEprila.exe
  C:\Windows\System\uEprila.exe
  2⤵
  PID:12204
- C:\Windows\System\EPSbJqa.exe
  C:\Windows\System\EPSbJqa.exe
  2⤵
  PID:12220
- C:\Windows\System\Jtdjjta.exe
  C:\Windows\System\Jtdjjta.exe
  2⤵
  PID:12236
- C:\Windows\System\SylRcih.exe
  C:\Windows\System\SylRcih.exe
  2⤵
  PID:10500
- C:\Windows\System\LZcxIsA.exe
  C:\Windows\System\LZcxIsA.exe
  2⤵
  PID:11268
- C:\Windows\System\ThBKCOV.exe
  C:\Windows\System\ThBKCOV.exe
  2⤵
  PID:11348
- C:\Windows\System\kaPLPaT.exe
  C:\Windows\System\kaPLPaT.exe
  2⤵
  PID:11312
- C:\Windows\System\QrnxAjD.exe
  C:\Windows\System\QrnxAjD.exe
  2⤵
  PID:11364
- C:\Windows\System\miDuOqj.exe
  C:\Windows\System\miDuOqj.exe
  2⤵
  PID:11456
- C:\Windows\System\zFzdsLG.exe
  C:\Windows\System\zFzdsLG.exe
  2⤵
  PID:11488
- C:\Windows\System\jbKXNJX.exe
  C:\Windows\System\jbKXNJX.exe
  2⤵
  PID:11588
- C:\Windows\System\YOcwgMb.exe
  C:\Windows\System\YOcwgMb.exe
  2⤵
  PID:11604
- C:\Windows\System\TbKaIIR.exe
  C:\Windows\System\TbKaIIR.exe
  2⤵
  PID:11624
- C:\Windows\System\rrzvRAi.exe
  C:\Windows\System\rrzvRAi.exe
  2⤵
  PID:11732
- C:\Windows\System\DanmnEU.exe
  C:\Windows\System\DanmnEU.exe
  2⤵
  PID:11716
- C:\Windows\System\HxEOVfY.exe
  C:\Windows\System\HxEOVfY.exe
  2⤵
  PID:11852
- C:\Windows\System\yxncfpR.exe
  C:\Windows\System\yxncfpR.exe
  2⤵
  PID:11928
- C:\Windows\System\hEQZeWV.exe
  C:\Windows\System\hEQZeWV.exe
  2⤵
  PID:11984
- C:\Windows\System\sLTRwzX.exe
  C:\Windows\System\sLTRwzX.exe
  2⤵
  PID:12052
- C:\Windows\System\lMtkvPj.exe
  C:\Windows\System\lMtkvPj.exe
  2⤵
  PID:12168
- C:\Windows\System\jBLLEzG.exe
  C:\Windows\System\jBLLEzG.exe
  2⤵
  PID:12228
- C:\Windows\System\YynObTu.exe
  C:\Windows\System\YynObTu.exe
  2⤵
  PID:11644
- C:\Windows\System\XNeFHdE.exe
  C:\Windows\System\XNeFHdE.exe
  2⤵
  PID:11512
- C:\Windows\System\xwoMadj.exe
  C:\Windows\System\xwoMadj.exe
  2⤵
  PID:11684
- C:\Windows\System\mBUAYWO.exe
  C:\Windows\System\mBUAYWO.exe
  2⤵
  PID:11960
- C:\Windows\System\ITXnYVc.exe
  C:\Windows\System\ITXnYVc.exe
  2⤵
  PID:11948
- C:\Windows\System\NvzZtxz.exe
  C:\Windows\System\NvzZtxz.exe
  2⤵
  PID:11956
- C:\Windows\System\QjNXxbp.exe
  C:\Windows\System\QjNXxbp.exe
  2⤵
  PID:12056
- C:\Windows\System\CurLROJ.exe
  C:\Windows\System\CurLROJ.exe
  2⤵
  PID:12276
- C:\Windows\System\GwHxLuR.exe
  C:\Windows\System\GwHxLuR.exe
  2⤵
  PID:11688
- C:\Windows\System\irIODqT.exe
  C:\Windows\System\irIODqT.exe
  2⤵
  PID:11800
- C:\Windows\System\sTeiWkg.exe
  C:\Windows\System\sTeiWkg.exe
  2⤵
  PID:12088
- C:\Windows\System\MPWTZxC.exe
  C:\Windows\System\MPWTZxC.exe
  2⤵
  PID:12308
- C:\Windows\System\qzoeEwq.exe
  C:\Windows\System\qzoeEwq.exe
  2⤵
  PID:12332
- C:\Windows\System\bymkUnV.exe
  C:\Windows\System\bymkUnV.exe
  2⤵
  PID:12356
- C:\Windows\System\macqDuo.exe
  C:\Windows\System\macqDuo.exe
  2⤵
  PID:12408
- C:\Windows\System\ChizPzI.exe
  C:\Windows\System\ChizPzI.exe
  2⤵
  PID:12428
- C:\Windows\System\tJDdweZ.exe
  C:\Windows\System\tJDdweZ.exe
  2⤵
  PID:12448
- C:\Windows\System\LvJXUDb.exe
  C:\Windows\System\LvJXUDb.exe
  2⤵
  PID:12472
- C:\Windows\System\Hlvjxon.exe
  C:\Windows\System\Hlvjxon.exe
  2⤵
  PID:12496
- C:\Windows\System\YwmOqBu.exe
  C:\Windows\System\YwmOqBu.exe
  2⤵
  PID:12512
- C:\Windows\System\exGAXUk.exe
  C:\Windows\System\exGAXUk.exe
  2⤵
  PID:12532
- C:\Windows\System\mURXvfd.exe
  C:\Windows\System\mURXvfd.exe
  2⤵
  PID:12552
- C:\Windows\System\RgHtBSg.exe
  C:\Windows\System\RgHtBSg.exe
  2⤵
  PID:12592
- C:\Windows\System\wCkEYNR.exe
  C:\Windows\System\wCkEYNR.exe
  2⤵
  PID:12652
- C:\Windows\System\puoLYwI.exe
  C:\Windows\System\puoLYwI.exe
  2⤵
  PID:12672
- C:\Windows\System\uVKPkSx.exe
  C:\Windows\System\uVKPkSx.exe
  2⤵
  PID:12696
- C:\Windows\System\zEVShLM.exe
  C:\Windows\System\zEVShLM.exe
  2⤵
  PID:12716
- C:\Windows\System\ogliwiC.exe
  C:\Windows\System\ogliwiC.exe
  2⤵
  PID:12732
- C:\Windows\System\tspIVBq.exe
  C:\Windows\System\tspIVBq.exe
  2⤵
  PID:12756
- C:\Windows\System\dpBBuMq.exe
  C:\Windows\System\dpBBuMq.exe
  2⤵
  PID:12796
- C:\Windows\System\LAcTKwJ.exe
  C:\Windows\System\LAcTKwJ.exe
  2⤵
  PID:12828
- C:\Windows\System\XkXUeHO.exe
  C:\Windows\System\XkXUeHO.exe
  2⤵
  PID:12852
- C:\Windows\System\DCeAxao.exe
  C:\Windows\System\DCeAxao.exe
  2⤵
  PID:12876
- C:\Windows\System\rKsYvok.exe
  C:\Windows\System\rKsYvok.exe
  2⤵
  PID:12916
- C:\Windows\System\mVskTOX.exe
  C:\Windows\System\mVskTOX.exe
  2⤵
  PID:12936
- C:\Windows\System\GbcBkWQ.exe
  C:\Windows\System\GbcBkWQ.exe
  2⤵
  PID:12980
- C:\Windows\System\RzKsnKv.exe
  C:\Windows\System\RzKsnKv.exe
  2⤵
  PID:13004
- C:\Windows\System\AQKThcz.exe
  C:\Windows\System\AQKThcz.exe
  2⤵
  PID:13028
- C:\Windows\System\XCQUnwy.exe
  C:\Windows\System\XCQUnwy.exe
  2⤵
  PID:13056
- C:\Windows\System\HikVbRw.exe
  C:\Windows\System\HikVbRw.exe
  2⤵
  PID:13072
- C:\Windows\System\VQtMkkL.exe
  C:\Windows\System\VQtMkkL.exe
  2⤵
  PID:13096
- C:\Windows\System\tnZPOea.exe
  C:\Windows\System\tnZPOea.exe
  2⤵
  PID:13120
- C:\Windows\System\DMtNbLS.exe
  C:\Windows\System\DMtNbLS.exe
  2⤵
  PID:13168
- C:\Windows\System\FBcWApy.exe
  C:\Windows\System\FBcWApy.exe
  2⤵
  PID:13192
- C:\Windows\System\ssTOXhE.exe
  C:\Windows\System\ssTOXhE.exe
  2⤵
  PID:13228
- C:\Windows\System\tbWNZfx.exe
  C:\Windows\System\tbWNZfx.exe
  2⤵
  PID:13244
- C:\Windows\System\SeJKCgt.exe
  C:\Windows\System\SeJKCgt.exe
  2⤵
  PID:13300
- C:\Windows\System\hyZGrey.exe
  C:\Windows\System\hyZGrey.exe
  2⤵
  PID:12112
- C:\Windows\System\bkJDWEC.exe
  C:\Windows\System\bkJDWEC.exe
  2⤵
  PID:12320
- C:\Windows\System\FxsbNdI.exe
  C:\Windows\System\FxsbNdI.exe
  2⤵
  PID:12384
- C:\Windows\System\pIjQWwn.exe
  C:\Windows\System\pIjQWwn.exe
  2⤵
  PID:12524
- C:\Windows\System\YFcUuVS.exe
  C:\Windows\System\YFcUuVS.exe
  2⤵
  PID:12480
- C:\Windows\System\CsjZrJs.exe
  C:\Windows\System\CsjZrJs.exe
  2⤵
  PID:12584
- C:\Windows\System\VBeUWIf.exe
  C:\Windows\System\VBeUWIf.exe
  2⤵
  PID:12680
- C:\Windows\System\yknQpxm.exe
  C:\Windows\System\yknQpxm.exe
  2⤵
  PID:12692
- C:\Windows\System\bBKJMEu.exe
  C:\Windows\System\bBKJMEu.exe
  2⤵
  PID:12728
- C:\Windows\System\oojLYWf.exe
  C:\Windows\System\oojLYWf.exe
  2⤵
  PID:12804
- C:\Windows\System\JPmextE.exe
  C:\Windows\System\JPmextE.exe
  2⤵
  PID:12844
- C:\Windows\System\sBUaLsT.exe
  C:\Windows\System\sBUaLsT.exe
  2⤵
  PID:12948
- C:\Windows\System\LvNhUxq.exe
  C:\Windows\System\LvNhUxq.exe
  2⤵
  PID:13068
- C:\Windows\System\izKahty.exe
  C:\Windows\System\izKahty.exe
  2⤵
  PID:13092
- C:\Windows\System\pBKbzMd.exe
  C:\Windows\System\pBKbzMd.exe
  2⤵
  PID:13144
- C:\Windows\System\EWpMgyI.exe
  C:\Windows\System\EWpMgyI.exe
  2⤵
  PID:13260
- C:\Windows\System\EzrBKch.exe
  C:\Windows\System\EzrBKch.exe
  2⤵
  PID:13296
- C:\Windows\System\IIQDQPl.exe
  C:\Windows\System\IIQDQPl.exe
  2⤵
  PID:12444
- C:\Windows\System\kyZLKMg.exe
  C:\Windows\System\kyZLKMg.exe
  2⤵
  PID:12572
- C:\Windows\System\AADilrm.exe
  C:\Windows\System\AADilrm.exe
  2⤵
  PID:12628
- C:\Windows\System\KgvqBMY.exe
  C:\Windows\System\KgvqBMY.exe
  2⤵
  PID:12788
- C:\Windows\System\lSWKJae.exe
  C:\Windows\System\lSWKJae.exe
  2⤵
  PID:13188
- C:\Windows\System\prnQFQz.exe
  C:\Windows\System\prnQFQz.exe
  2⤵
  PID:13236
- C:\Windows\System\DtQcBlN.exe
  C:\Windows\System\DtQcBlN.exe
  2⤵
  PID:12724
- C:\Windows\System\RjqNTUC.exe
  C:\Windows\System\RjqNTUC.exe
  2⤵
  PID:12992
- C:\Windows\System\phGlMLh.exe
  C:\Windows\System\phGlMLh.exe
  2⤵
  PID:13052
- C:\Windows\System\ynmVHRy.exe
  C:\Windows\System\ynmVHRy.exe
  2⤵
  PID:12752
- C:\Windows\System\dZckNlW.exe
  C:\Windows\System\dZckNlW.exe
  2⤵
  PID:13324
- C:\Windows\System\GxiwrrI.exe
  C:\Windows\System\GxiwrrI.exe
  2⤵
  PID:13344
- C:\Windows\System\JiikOtf.exe
  C:\Windows\System\JiikOtf.exe
  2⤵
  PID:13376
- C:\Windows\System\MTONPpQ.exe
  C:\Windows\System\MTONPpQ.exe
  2⤵
  PID:13396
- C:\Windows\System\rNbPSgQ.exe
  C:\Windows\System\rNbPSgQ.exe
  2⤵
  PID:13416
- C:\Windows\System\bJBvvZZ.exe
  C:\Windows\System\bJBvvZZ.exe
  2⤵
  PID:13436
- C:\Windows\System\vlkkLOQ.exe
  C:\Windows\System\vlkkLOQ.exe
  2⤵
  PID:13464
- C:\Windows\System\CYgheBT.exe
  C:\Windows\System\CYgheBT.exe
  2⤵
  PID:13480
- C:\Windows\System\eeniFKj.exe
  C:\Windows\System\eeniFKj.exe
  2⤵
  PID:13500
- C:\Windows\System\rGhzYtl.exe
  C:\Windows\System\rGhzYtl.exe
  2⤵
  PID:13576
- C:\Windows\System\jJGEgov.exe
  C:\Windows\System\jJGEgov.exe
  2⤵
  PID:13604
- C:\Windows\System\SuKuLET.exe
  C:\Windows\System\SuKuLET.exe
  2⤵
  PID:13624
- C:\Windows\System\Zeftxde.exe
  C:\Windows\System\Zeftxde.exe
  2⤵
  PID:13652
- C:\Windows\System\pYsHWmQ.exe
  C:\Windows\System\pYsHWmQ.exe
  2⤵
  PID:13676
- C:\Windows\System\beHyhCd.exe
  C:\Windows\System\beHyhCd.exe
  2⤵
  PID:13692
- C:\Windows\System\ZCJvYlW.exe
  C:\Windows\System\ZCJvYlW.exe
  2⤵
  PID:13728
- C:\Windows\System\uJjRoLC.exe
  C:\Windows\System\uJjRoLC.exe
  2⤵
  PID:13756
- C:\Windows\System\orUltsw.exe
  C:\Windows\System\orUltsw.exe
  2⤵
  PID:13784
- C:\Windows\System\dJmEMfS.exe
  C:\Windows\System\dJmEMfS.exe
  2⤵
  PID:13816
- C:\Windows\System\cKnrjtg.exe
  C:\Windows\System\cKnrjtg.exe
  2⤵
  PID:13836
- C:\Windows\System\LWOflkm.exe
  C:\Windows\System\LWOflkm.exe
  2⤵
  PID:13860
- C:\Windows\System\bkuUtXj.exe
  C:\Windows\System\bkuUtXj.exe
  2⤵
  PID:13896
- C:\Windows\System\tRgiQII.exe
  C:\Windows\System\tRgiQII.exe
  2⤵
  PID:13928
- C:\Windows\System\vxNtuKP.exe
  C:\Windows\System\vxNtuKP.exe
  2⤵
  PID:13948
- C:\Windows\System\GcnnINH.exe
  C:\Windows\System\GcnnINH.exe
  2⤵
  PID:13972
- C:\Windows\System\SxmDXpB.exe
  C:\Windows\System\SxmDXpB.exe
  2⤵
  PID:14000
- C:\Windows\System\fVNITsd.exe
  C:\Windows\System\fVNITsd.exe
  2⤵
  PID:14020
- C:\Windows\System\KQrTMxY.exe
  C:\Windows\System\KQrTMxY.exe
  2⤵
  PID:14088
- C:\Windows\System\AprOCcv.exe
  C:\Windows\System\AprOCcv.exe
  2⤵
  PID:14104
- C:\Windows\System\DTzIoTG.exe
  C:\Windows\System\DTzIoTG.exe
  2⤵
  PID:14128
- C:\Windows\System\PYHwLxr.exe
  C:\Windows\System\PYHwLxr.exe
  2⤵
  PID:14156
- C:\Windows\System\GXUDoLX.exe
  C:\Windows\System\GXUDoLX.exe
  2⤵
  PID:14180
- C:\Windows\System\znolLDP.exe
  C:\Windows\System\znolLDP.exe
  2⤵
  PID:14200
- C:\Windows\System\hIkpNaH.exe
  C:\Windows\System\hIkpNaH.exe
  2⤵
  PID:14240
- C:\Windows\System\SdDaaaY.exe
  C:\Windows\System\SdDaaaY.exe
  2⤵
  PID:14268
- C:\Windows\System\XrcVmZp.exe
  C:\Windows\System\XrcVmZp.exe
  2⤵
  PID:14324
- C:\Windows\System\jgyjXrA.exe
  C:\Windows\System\jgyjXrA.exe
  2⤵
  PID:13316
- C:\Windows\System\JIlkWfd.exe
  C:\Windows\System\JIlkWfd.exe
  2⤵
  PID:13408
- C:\Windows\System\LQjLcuW.exe
  C:\Windows\System\LQjLcuW.exe
  2⤵
  PID:13388
- C:\Windows\System\vMVQPxL.exe
  C:\Windows\System\vMVQPxL.exe
  2⤵
  PID:13452
- C:\Windows\System\hwncLbE.exe
  C:\Windows\System\hwncLbE.exe
  2⤵
  PID:13448
- C:\Windows\System\oKuhgtw.exe
  C:\Windows\System\oKuhgtw.exe
  2⤵
  PID:13616
- C:\Windows\System\UoPyTeE.exe
  C:\Windows\System\UoPyTeE.exe
  2⤵
  PID:13672
- C:\Windows\System\cwJhCXi.exe
  C:\Windows\System\cwJhCXi.exe
  2⤵
  PID:13704
- C:\Windows\System\XXEWleG.exe
  C:\Windows\System\XXEWleG.exe
  2⤵
  PID:13776
- C:\Windows\System\yDpiwHV.exe
  C:\Windows\System\yDpiwHV.exe
  2⤵
  PID:13872
- C:\Windows\System\urlpesY.exe
  C:\Windows\System\urlpesY.exe
  2⤵
  PID:13916
- C:\Windows\System\eLGDQZq.exe
  C:\Windows\System\eLGDQZq.exe
  2⤵
  PID:13968
- C:\Windows\System\rkYPXnN.exe
  C:\Windows\System\rkYPXnN.exe
  2⤵
  PID:14016
- C:\Windows\System\GQFezWu.exe
  C:\Windows\System\GQFezWu.exe
  2⤵
  PID:14124
- C:\Windows\System\xiYodyA.exe
  C:\Windows\System\xiYodyA.exe
  2⤵
  PID:14164
- C:\Windows\System\YhTENFD.exe
  C:\Windows\System\YhTENFD.exe
  2⤵
  PID:14220
- C:\Windows\System\EijbBZk.exe
  C:\Windows\System\EijbBZk.exe
  2⤵
  PID:14248
- C:\Windows\System\rYkjBbp.exe
  C:\Windows\System\rYkjBbp.exe
  2⤵
  PID:14332
- C:\Windows\System\UfHuCDj.exe
  C:\Windows\System\UfHuCDj.exe
  2⤵
  PID:13568
- C:\Windows\System\YPICZih.exe
  C:\Windows\System\YPICZih.exe
  2⤵
  PID:13772
- C:\Windows\System\dzmFBAe.exe
  C:\Windows\System\dzmFBAe.exe
  2⤵
  PID:13884
- C:\Windows\System\XifICbB.exe
  C:\Windows\System\XifICbB.exe
  2⤵
  PID:13964
- C:\Windows\System\cAFOzQt.exe
  C:\Windows\System\cAFOzQt.exe
  2⤵
  PID:14148
- C:\Windows\System\WYQOwDv.exe
  C:\Windows\System\WYQOwDv.exe
  2⤵
  PID:14284
- C:\Windows\System\DaAwEeQ.exe
  C:\Windows\System\DaAwEeQ.exe
  2⤵
  PID:13536
- C:\Windows\System\qIdxWPo.exe
  C:\Windows\System\qIdxWPo.exe
  2⤵
  PID:13688
- C:\Windows\System\UknNULZ.exe
  C:\Windows\System\UknNULZ.exe
  2⤵
  PID:14064
- C:\Windows\System\FONFAzA.exe
  C:\Windows\System\FONFAzA.exe
  2⤵
  PID:13996
- C:\Windows\System\hqCwNJq.exe
  C:\Windows\System\hqCwNJq.exe
  2⤵
  PID:14352
- C:\Windows\System\IBPRnCq.exe
  C:\Windows\System\IBPRnCq.exe
  2⤵
  PID:14380
- C:\Windows\System\bMsiVFm.exe
  C:\Windows\System\bMsiVFm.exe
  2⤵
  PID:14404
- C:\Windows\System\amnFtDX.exe
  C:\Windows\System\amnFtDX.exe
  2⤵
  PID:14436
- C:\Windows\System\UeHfETP.exe
  C:\Windows\System\UeHfETP.exe
  2⤵
  PID:14468
- C:\Windows\System\HcbLuQH.exe
  C:\Windows\System\HcbLuQH.exe
  2⤵
  PID:14508
- C:\Windows\System\RmGSome.exe
  C:\Windows\System\RmGSome.exe
  2⤵
  PID:14564
- C:\Windows\System\gtalEBd.exe
  C:\Windows\System\gtalEBd.exe
  2⤵
  PID:14584
- C:\Windows\System\DLXbtaB.exe
  C:\Windows\System\DLXbtaB.exe
  2⤵
  PID:14608
- C:\Windows\System\jvOsTlv.exe
  C:\Windows\System\jvOsTlv.exe
  2⤵
  PID:14628
- C:\Windows\System\qkyaaOH.exe
  C:\Windows\System\qkyaaOH.exe
  2⤵
  PID:14644
- C:\Windows\System\nHdwjew.exe
  C:\Windows\System\nHdwjew.exe
  2⤵
  PID:14664
- C:\Windows\System\BGFhcRD.exe
  C:\Windows\System\BGFhcRD.exe
  2⤵
  PID:14692
- C:\Windows\System\yybkVVQ.exe
  C:\Windows\System\yybkVVQ.exe
  2⤵
  PID:14712
- C:\Windows\System\JvMFZHO.exe
  C:\Windows\System\JvMFZHO.exe
  2⤵
  PID:14748
- C:\Windows\System\TvhdVyE.exe
  C:\Windows\System\TvhdVyE.exe
  2⤵
  PID:14804
- C:\Windows\System\xzwtLRG.exe
  C:\Windows\System\xzwtLRG.exe
  2⤵
  PID:14832
- C:\Windows\System\ARMPYfz.exe
  C:\Windows\System\ARMPYfz.exe
  2⤵
  PID:14852
- C:\Windows\System\Duxcojn.exe
  C:\Windows\System\Duxcojn.exe
  2⤵
  PID:14876
- C:\Windows\System\CFTTOOW.exe
  C:\Windows\System\CFTTOOW.exe
  2⤵
  PID:14900

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14416

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 4368 -s 436
1⤵
PID:14972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BdcgBsQ.exe

Filesize
1.4MB

MD5
e2b159f13035ed9a57a4c97741f59e9d

SHA1
454bddbbbf3887e155badbb9d73b7d5f04014297

SHA256
a430fc06dcd2fa06b19ad674838ac77430534fc1a11fcfbbc99e97f9ef6886de

SHA512
abcc2deffec2f219869cb46a9f7839594276ed3bc3e4a4550ae0426177202696167abcf55bcd50c8a6b85bd00788c76dbc9eca2f8213a4547de9f09dcb86fa9e

Download Submit
C:\Windows\System\BpbmUez.exe

Filesize
1.4MB

MD5
c1ac5f3480db2cb241d071541fd858c4

SHA1
1178fbea6f9633a1f499b3da1f57062b4dcbeae3

SHA256
4eee4dea2363b88dbc37019c927c7b9cffe65baeb14158fefb74e039c18b0f1b

SHA512
264ce629c2b4591d6be8ab68f4df67a0d4cf3139e00cbfb45acb1d0affa1de2d9503cc11d584c2a802c65eb7c93a970e87fd546a397ee6d9ac3f90fa2ef77674

Download Submit
C:\Windows\System\DynHYSk.exe

Filesize
1.4MB

MD5
5501129a7892cd95e71394f44cb36265

SHA1
44a12f6700b3c2b8c4909ef46dfa44985a7ca548

SHA256
503830e5f64c849371c8ec24218e1901a231a50ada11e9e14ce9c89b44f0c40e

SHA512
a7ec37af8a10f752f50f58aabbbc39f24df943b1a41e9d24b90fec2ac1fa162ff4f9e2342b0240fe0d8e5f9e994c130df6af2f89075771bfebe6ff9b705534b5

Download Submit
C:\Windows\System\GczwsSV.exe

Filesize
1.4MB

MD5
758bfec42a591c5d6159b497e95ed8d1

SHA1
9a21604064aad949ac12041ab81a4e403068d42e

SHA256
70c5278bf79b7257b17636554ed4ada06628e97838e3e51fb6b6d9dfe294cb45

SHA512
915e573339d6eee07004c39f7f213ef4825b2b42e5686a361605956bf319d4507e8ae0e344dc006e4c8da1b082db48467473c7d4ccd92813f5020556d0663307

Download Submit
C:\Windows\System\GfakBZB.exe

Filesize
1.4MB

MD5
deb8c90e682f7eb340e4efe2bec28d2e

SHA1
f55a1368b052084ac76519f7a18e5b48078a712a

SHA256
096ac1325276a35ff64ae7fdd65168b95e6b0c0b6edff72a63f15948d42166b0

SHA512
2d47f8058df894d76cb463aaa74a89c8cc12be9e9d49935e603afebcd1b489deec7999f529aa358873545a1cc3dd082c12e4b7e440d34f1aff3e8dddb5e6cda0

Download Submit
C:\Windows\System\GlBIoRg.exe

Filesize
1.4MB

MD5
c2bfa925f87a8e8bb4d7183af7973bb6

SHA1
f880bb395080f4e6be0408eadb0b4e7c8d6d3385

SHA256
3753a70667fad17bb9376b6d501cf215eb6dff0fbee385b63853b0a376548469

SHA512
991a849ac3afac9fbe26271abd49658d50ab28163ef1d1a3ace1d97a63082431f9e1b77d55877e998b3e7abfa89cb52a36a6d3f99177b5e71ac1567dacffd34b

Download Submit
C:\Windows\System\HubPeLl.exe

Filesize
1.4MB

MD5
c3a278fa08d687459889cd0cbceee419

SHA1
db52d10cf16dcd15eb20e3950fd021f863f189d9

SHA256
baa4be38c6350d6e2e88ff70b995c54b369509fc7a34cb4cdb79422227e08179

SHA512
92921ba6873d3b9ebe9119e7298eca50822c1073ad0d0f98834cf9f0e051b88ebfcab25816ec372700ac06c5271b46399a3877d489558326bf475b28a7a6af7b

Download Submit
C:\Windows\System\JJvPmQZ.exe

Filesize
1.4MB

MD5
62710b2c0d5d3bc92d7a39fc5b2105b1

SHA1
c8a1781f11c29946eec21900e4e0327c394bef91

SHA256
3beefe2737a59b6d5fae877ac4341e56c35d5cc45df438b40d2a976a6d1dcda4

SHA512
496c4be8c92a6a56e28fba610a7247ff406d0f8055a12d9de4c5faefdc802b34bdabe70c3d46a49121955447c7261c58904562118ca57eff7485b53607026d8e

Download Submit
C:\Windows\System\JqHYUVm.exe

Filesize
1.4MB

MD5
b7146a209b147a8eced1335071a8d5f9

SHA1
3705ffc0ece492eea50cfa82ef2a3f280bc3ba1d

SHA256
840b17201c8ea7bc259ea0179d59b10d4c89006378a42fd40cb7d782d6e7d1cb

SHA512
315e79283f7932d10b8cd7c6a1d61a2720e94a5682212580d52e1dad47580f12425d389a0e7177ad020d6339aff739bd26979b2ebd80768ffbfe2bbdb91286d9

Download Submit
C:\Windows\System\KlHRxAA.exe

Filesize
1.4MB

MD5
87ebe1c785a5cad74032df35b44a8361

SHA1
3e42801cd869403e8aea89c5f2a93048d1c899ba

SHA256
cdc26fc105f04de6551f4b5299c773e4aaab3a453bd8e8a1bb696906fd5f1b13

SHA512
73a60c9aa47219040d8922623cac8eaa46a97f0834261efcdcab78b955a2a5f57552b278b3247eeb5ffc8984eb1c8d060f0f1c979c7925047718dc593dbd95f2

Download Submit
C:\Windows\System\Nyxksie.exe

Filesize
1.4MB

MD5
553b6186119121d9e1d364842e7b0b19

SHA1
6ea1ac43a1beedda4f8303ecafae788bf2453526

SHA256
425263dd23d50c620ebd2f74632dd564f6c3ae0121aefc897837b19387c1b788

SHA512
a3a8ce2bb703634f8d4f77edbacd61ebdb51f55a312c18864db5f6a2dec7be5db770d71ec6e8055b2c38bb0fac43eb9c8ad8b77bb5c3082b2f3af848ae120df0

Download Submit
C:\Windows\System\PjWkkky.exe

Filesize
1.4MB

MD5
c3db4eff3f238ceb13135ba70ee62de0

SHA1
fe6991410385394193df5e848ae56015ae76ca0c

SHA256
09e35a44415b4283cf3029d4c83e53c0a073a73c0caed1c01a315258bf0c4f83

SHA512
e1cccb37493016715ea11ba085512d59e2ec08d2ff20180db78453e648f59efa08fa8fafa04483b97129cefa43a2664801a8a23484a843588f90774ceaefc646

Download Submit
C:\Windows\System\RIPagaC.exe

Filesize
1.4MB

MD5
8bbb4b96329e46058da8e5819ed095b7

SHA1
de58922ee29a80a08bfea4bafdd0bbde7e63a098

SHA256
81c5f5f8aea1c1347aec715f69a0887e20dcb23f5a040eacfd8e6cc1f049f8f9

SHA512
39341d3ab30ac60214daf0345dd1b9ab3b38817aa2d946a0c6b7c51dcc61f3f409e57b88958ba5ca3f8ce655639259ed2cc0166d0c06ee1c02b44a9b278a70c5

Download Submit
C:\Windows\System\SuGiutZ.exe

Filesize
1.4MB

MD5
45235c5fc22f4ebc882729b1efe2bb18

SHA1
e4f16a8ce83ab697a262708bfa6b09aebd71a424

SHA256
3b0bc9c1ee357e4ec516fbf05c42f74897d1b0d168a83c5243800ffcc12ef92c

SHA512
ce20cb90730d6abcf35ee2b39d805d62ba06d6097566ced74a2bff59a8fd4c043f71180b834adc05a696a6189c841474911cc937f2e907a2570741abe3f3640b

Download Submit
C:\Windows\System\TaAExkA.exe

Filesize
1.4MB

MD5
f73c0645857817c940b50f081005bb86

SHA1
634b16b866c5e53a3e10c452f716014c70089c66

SHA256
f876acb867ce3ba55a1392efb54677462fc10cb3f6e3e005fb6e4733cf0f2892

SHA512
60b94f5b8c514dae373d9ab1b3194c37e9c95c0e30fcd92bb71cfe6c71fe0f060e7ef33561a7ac3c8fa3796e6177230537bf47f0340ef55db1a11559d76a9692

Download Submit
C:\Windows\System\TqBTPgF.exe

Filesize
1.4MB

MD5
48dda08cea85ac0eab4dda52ee97ec95

SHA1
74ecfbeb82c39806d0f63124871153499c5a7ee7

SHA256
98e156aeb545663da926a2e8bc5c9d6d4a7c7a27544dbbd5436a3d9a86ad168e

SHA512
b1e0fc8b19056f25ef4a5ff773628ac3bb9206cc7f0c55b0fe4fe3190ad477ce9ebae1c9502dd1155f008b90d53af0284ff11d063edfaada82488e97596938b2

Download Submit
C:\Windows\System\WFZfrNv.exe

Filesize
1.4MB

MD5
b16b07497cd8f631d3d95dd243fcc35c

SHA1
ba0e03d11469843d56604bdd2f866c817c739e0d

SHA256
fda520177a70749cda14d4ab15a9f00dc5bc7efd8b12c48b6611489aa63a256d

SHA512
cd6a1e13b169207bfc457b307f5be7f549f3c615238c9c4eb3ae332dfa56d1e8366fdde17cc05ea2d5f6cd5e5c6ccb2eabd427073eddb029e5795373fff96ed6

Download Submit
C:\Windows\System\WuiMlxy.exe

Filesize
1.4MB

MD5
1fac10100949d2bebc0e76099160aa21

SHA1
1eefdac35ddb96dda2d72190de1a92546e020d75

SHA256
e598c82e29e27744df259f60c4577719a25c462d823a473a4c3d2b596b999023

SHA512
079a2196a582aa01b395c38db43b0a346d57fc3f43b41d50acfa8e70373c3681a5637397c8b3b118cd49a75ad3baa5e322637f088cc756129c4af4ab65731a5a

Download Submit
C:\Windows\System\YyJldww.exe

Filesize
1.4MB

MD5
844a6e74be619fb42474ff5634993ead

SHA1
163d00fa343313fa755811cfef5c0f296faaa9fd

SHA256
56fa5f6fa84892d98c7ccab0eab52772d1e1d07b6cef4d2104ba1245ae2c5c97

SHA512
498ce840073bd2b34029df77836d74f5e61fdf385784e41fe89cfc4aeddf63ba48386c5e60e8e457de22f0cd455e979bb8d3f9a91926290139dc130982f23ac7

Download Submit
C:\Windows\System\cpjWJsj.exe

Filesize
1.4MB

MD5
d48a6fbe810e376a3d71a961700b4773

SHA1
86222a5745773428de831e1afa644ad4a68de5c7

SHA256
7ce6c25d30871b066837ce77bd4f85a9abf170a82f630aa9ac6d2d32f0940201

SHA512
5fe27bdf6993a292cdc26d157277c6fee32c5a22902afddda4ea27c148d6e2c23af3985a87ece72aa7525c8015010429e17c72bc802ce00966b3c6db2cef57e8

Download Submit
C:\Windows\System\eZdCDeT.exe

Filesize
1.4MB

MD5
3d7b166822da877fcd171b7b8f251cc5

SHA1
4b7136f68bb235301e9a96bc3513566c7ef0f901

SHA256
091905359f4af391f816d6f483156f18464f2b2d7b7b5249825f13faf9ef63e6

SHA512
70849dd8e51dce4a9a936a5000ca73fbcac27551b7302a0f9b4d64a8e8e6f79b4feeba0800da08256a0d6168a3558fd630e643499b39d85c961f43f377afe108

Download Submit
C:\Windows\System\ezyYQIK.exe

Filesize
1.4MB

MD5
b61b623030244d5c1b0d8762ab92e1c4

SHA1
d2cad55d49fef73e6c65c7851bea3143b24a2d09

SHA256
cc566531b02a104bcff2af7b0ab092a34c06b8433ea9acc7970aed3283e8f505

SHA512
b72e3d8114bc040ba32bd8f488c929066ee39bbd0010c7e4494bc067928ef5daf52f86f0bf986cad7289e2b223f5846ebe8a2c327d2615fc90fde3394bdf9114

Download Submit
C:\Windows\System\fWkZAld.exe

Filesize
1.4MB

MD5
4ba386e791f4c15772b195f1ce4e2a5e

SHA1
ec7d8b2e4a2557759be8c2a30ecc9bff37606dfb

SHA256
48e2e411c2dcc2359fe44bd13bda540b6b09012de92c8299135cf9c78c6e17d7

SHA512
3cf2e98f2ecb9704517c684a8fa7a4854e621da5a64a22457cb01867b6155bd6085debcd290126e313a7f82a6aa59a2585075e83c32e52cf8404564569a5c5dc

Download Submit
C:\Windows\System\kXmxKfT.exe

Filesize
1.4MB

MD5
7e72b1da1b6a1d9547db9990d88ea19f

SHA1
e28e05529c33c1891c6bcf648ebb2dc50711791e

SHA256
4a6580e5e945269d86c26910cf28c26f99825de0421aabfd77864a2e4531a4c5

SHA512
0ae35a473401af345bfb77e7084c140b72cbc53ea184c4f31bc41b998885c9e54520705e4f3c2273424b1aa038de7761b25d75159c266ce6542abb10ee6b0a19

Download Submit
C:\Windows\System\lSTXiaJ.exe

Filesize
1.4MB

MD5
d18ae133d931ac1d43ad0efa71b1e0c8

SHA1
b8800f827147eaa2a591fb4b8849e7d09e489537

SHA256
d58128e874ed169d7d6877503db60e0bfd49bafff9b9249194ac74b255528ced

SHA512
f827dd9e17c71b751e02338ea64af075446cd6e7da1bcd06c225b686b012f8cdeb4f4c4e4674c9641693421755ea21b5266dc4c663be54a536f34d3b86fa19e6

Download Submit
C:\Windows\System\lpTVgdT.exe

Filesize
1.4MB

MD5
20f4b4bed4c91df6a32564f54700c40c

SHA1
081acb5961cfa257098f1a7d7da280a06f62fd1f

SHA256
693ad2954854c1ba4624c831e75acd84fc1059475e2011e2991314c0c313940d

SHA512
8795e52c217df599928e9ee0601662c6c3256da6538d65b54d21aeadea097ebbdf699e9c895d39b21b74d51a287cef261a0b6f535c6c47f2d70b74d9a6248b47

Download Submit
C:\Windows\System\mcpLEnS.exe

Filesize
1.4MB

MD5
be8244b7dfc0f7ff5dd1dfdaa0511c62

SHA1
942a1d9ec3be9a7af84e4f72d6fbb8d23a773884

SHA256
1143b3c36cbaf2afd60106c74187cccb504712c935b3a234fb6f5fb778e59fc7

SHA512
6a8f5b16e04e7823c01e6cdddac794c925169ba2597d2ce101930bf2e2fdc9468d3f1938a7fbaccc7fd92fbdcfe1a8a0a235559cbe3a9c7938e392b3dd7cca87

Download Submit
C:\Windows\System\rPOWgQg.exe

Filesize
1.4MB

MD5
7aafa8ad411a4dce212bcb89e784cf49

SHA1
2789df7511665cbe225288391a3b16a3747d3994

SHA256
c56aeaead7474a64bbb3c78792e31fce1a8160adc5159a998862c1fb5bb82a50

SHA512
325d5e81ad574f6219ea8e4f629a97a247ffcabbd7924fc1b40c814f767537a51469abb75585f51b30acb6323e4375bcbc9a7c516f4cd4d8cd67ba36c0010313

Download Submit
C:\Windows\System\rlqtxDX.exe

Filesize
1.4MB

MD5
e7993b2cd6af76ad3564154256d565f0

SHA1
68092043e02ffa6fb18d331202cc9d8cb816d99e

SHA256
b29f2fbcda0e6a5fe582987fe2823c6c862f149e6f3298c1773dfee7501eefcb

SHA512
ee6e69b00d2159cdca45baaafd4df040f987327d6826816edf1fc9a7a18702ac31a33fbdf8c72384bdbb526f8c36c917d6818e62b15257c2ce06c8bfbbe90456

Download Submit
C:\Windows\System\sUlJHzg.exe

Filesize
1.4MB

MD5
c75f941e2a2ccb40d6e5fecc88a34155

SHA1
56790c243d7ed1bba7b54cd7d0a1027e81d04566

SHA256
add7fc7deec752c8236725c5e3c5361ae58d3896c66e5b6bb890be9cd07876c4

SHA512
772a0f330d201419fcc4f43b78d1e655dbf6ed238dbbdb90d57bb899a13333dbaf7e08ec4ca0ec44cc152160f9aed920346b0d507be651d71f5944ddf19682a2

Download Submit
C:\Windows\System\uKHRdWA.exe

Filesize
1.4MB

MD5
1e79d9fbcd863256e6f9e6223a16661c

SHA1
c29c500563132a6af334201e5d8dec98f523b4dd

SHA256
e93c00db5284e77f63e049722fba348f294101ed9854216e3f7db9df8383902d

SHA512
0b66691f1d8abb271f98834439999e989ee266f50a6b91ca7470cd128e5772b9b5534763d8c5c6df8e2127c665c650925b4b308dde2194b3b83ce58f6d520780

Download Submit
C:\Windows\System\wUVpYrc.exe

Filesize
1.4MB

MD5
6e0b6ca83132965bb153e4f4eb2aeef7

SHA1
8eb167b367e8891c4075f8d42d6ab80dd6a0adde

SHA256
4363d94b223dbc0be98eb6025522314827ab08b367a0c35f09d6d17333dd7b24

SHA512
d0673ac61822cc0656f6634b811c233a5904f999cf4fde9a32eb2a68335034e66cbdbdf8c7666dd3346c6745ee42b9cb414393ed2410d79b34f23cc9fba7bae8

Download Submit
C:\Windows\System\zeqgPSd.exe

Filesize
1.4MB

MD5
4d02422a7ac90af795869a2d3797a096

SHA1
2a861c83d90cf0cc4cc3202911fdcb1e3ea4ef5b

SHA256
cb3233eb41feb8334473d28f21e7ac9cb6671a8f22e592a2c3ad50f7a5884990

SHA512
f57148e6d49d20c480fbbfd5e5e178c0a1c281900b197d52c819fc5a0f2778f99faaac476f50c61f95bbbd14e4a8335b4cc7b5592cb5ed387c525b4955781fa9

Download Submit
memory/8-29-0x00007FF6EACC0000-0x00007FF6EB011000-memory.dmp

Filesize
3.3MB

Download
memory/8-1213-0x00007FF6EACC0000-0x00007FF6EB011000-memory.dmp

Filesize
3.3MB

Download
memory/8-2341-0x00007FF6EACC0000-0x00007FF6EB011000-memory.dmp

Filesize
3.3MB

Download
memory/220-2389-0x00007FF76ED90000-0x00007FF76F0E1000-memory.dmp

Filesize
3.3MB

Download
memory/220-394-0x00007FF76ED90000-0x00007FF76F0E1000-memory.dmp

Filesize
3.3MB

Download
memory/428-403-0x00007FF769230000-0x00007FF769581000-memory.dmp

Filesize
3.3MB

Download
memory/428-2414-0x00007FF769230000-0x00007FF769581000-memory.dmp

Filesize
3.3MB

Download
memory/840-397-0x00007FF64C120000-0x00007FF64C471000-memory.dmp

Filesize
3.3MB

Download
memory/840-2396-0x00007FF64C120000-0x00007FF64C471000-memory.dmp

Filesize
3.3MB

Download
memory/1168-686-0x00007FF673010000-0x00007FF673361000-memory.dmp

Filesize
3.3MB

Download
memory/1168-18-0x00007FF673010000-0x00007FF673361000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2337-0x00007FF673010000-0x00007FF673361000-memory.dmp

Filesize
3.3MB

Download
memory/1404-549-0x00007FF7EB220000-0x00007FF7EB571000-memory.dmp

Filesize
3.3MB

Download
memory/1404-0-0x00007FF7EB220000-0x00007FF7EB571000-memory.dmp

Filesize
3.3MB

Download
memory/1404-1-0x0000026878EE0000-0x0000026878EF0000-memory.dmp

Filesize
64KB

Download
memory/1492-2397-0x00007FF627FD0000-0x00007FF628321000-memory.dmp

Filesize
3.3MB

Download
memory/1492-396-0x00007FF627FD0000-0x00007FF628321000-memory.dmp

Filesize
3.3MB

Download
memory/1544-69-0x00007FF6E9480000-0x00007FF6E97D1000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2345-0x00007FF6E9480000-0x00007FF6E97D1000-memory.dmp

Filesize
3.3MB

Download
memory/1804-392-0x00007FF6087C0000-0x00007FF608B11000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2387-0x00007FF769A20000-0x00007FF769D71000-memory.dmp

Filesize
3.3MB

Download
memory/2004-393-0x00007FF769A20000-0x00007FF769D71000-memory.dmp

Filesize
3.3MB

Download
memory/2168-28-0x00007FF6CB920000-0x00007FF6CBC71000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2339-0x00007FF6CB920000-0x00007FF6CBC71000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1180-0x00007FF6CB920000-0x00007FF6CBC71000-memory.dmp

Filesize
3.3MB

Download
memory/2308-66-0x00007FF7EA630000-0x00007FF7EA981000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2376-0x00007FF7EA630000-0x00007FF7EA981000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1349-0x00007FF7EA630000-0x00007FF7EA981000-memory.dmp

Filesize
3.3MB

Download
memory/2376-74-0x00007FF646380000-0x00007FF6466D1000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2384-0x00007FF646380000-0x00007FF6466D1000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1626-0x00007FF646380000-0x00007FF6466D1000-memory.dmp

Filesize
3.3MB

Download
memory/2524-57-0x00007FF69D170000-0x00007FF69D4C1000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2347-0x00007FF69D170000-0x00007FF69D4C1000-memory.dmp

Filesize
3.3MB

Download
memory/2804-438-0x00007FF7E3EE0000-0x00007FF7E4231000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2382-0x00007FF7E3EE0000-0x00007FF7E4231000-memory.dmp

Filesize
3.3MB

Download
memory/2904-22-0x00007FF60C2E0000-0x00007FF60C631000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2335-0x00007FF60C2E0000-0x00007FF60C631000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1007-0x00007FF60C2E0000-0x00007FF60C631000-memory.dmp

Filesize
3.3MB

Download
memory/3064-419-0x00007FF718CA0000-0x00007FF718FF1000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2412-0x00007FF718CA0000-0x00007FF718FF1000-memory.dmp

Filesize
3.3MB

Download
memory/3308-552-0x00007FF60BF70000-0x00007FF60C2C1000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2333-0x00007FF60BF70000-0x00007FF60C2C1000-memory.dmp

Filesize
3.3MB

Download
memory/3308-9-0x00007FF60BF70000-0x00007FF60C2C1000-memory.dmp

Filesize
3.3MB

Download
memory/3492-2399-0x00007FF6D4900000-0x00007FF6D4C51000-memory.dmp

Filesize
3.3MB

Download
memory/3492-399-0x00007FF6D4900000-0x00007FF6D4C51000-memory.dmp

Filesize
3.3MB

Download
memory/3788-420-0x00007FF604690000-0x00007FF6049E1000-memory.dmp

Filesize
3.3MB

Download
memory/3788-2410-0x00007FF604690000-0x00007FF6049E1000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2393-0x00007FF6E95C0000-0x00007FF6E9911000-memory.dmp

Filesize
3.3MB

Download
memory/3884-398-0x00007FF6E95C0000-0x00007FF6E9911000-memory.dmp

Filesize
3.3MB

Download
memory/3916-400-0x00007FF629060000-0x00007FF6293B1000-memory.dmp

Filesize
3.3MB

Download
memory/3916-2401-0x00007FF629060000-0x00007FF6293B1000-memory.dmp

Filesize
3.3MB

Download
memory/4176-414-0x00007FF7C7620000-0x00007FF7C7971000-memory.dmp

Filesize
3.3MB

Download
memory/4176-2447-0x00007FF7C7620000-0x00007FF7C7971000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2403-0x00007FF70CDB0000-0x00007FF70D101000-memory.dmp

Filesize
3.3MB

Download
memory/4232-401-0x00007FF70CDB0000-0x00007FF70D101000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2405-0x00007FF7FD310000-0x00007FF7FD661000-memory.dmp

Filesize
3.3MB

Download
memory/4500-402-0x00007FF7FD310000-0x00007FF7FD661000-memory.dmp

Filesize
3.3MB

Download
memory/4516-395-0x00007FF704270000-0x00007FF7045C1000-memory.dmp

Filesize
3.3MB

Download
memory/4516-2391-0x00007FF704270000-0x00007FF7045C1000-memory.dmp

Filesize
3.3MB

Download
memory/4808-2343-0x00007FF6B4340000-0x00007FF6B4691000-memory.dmp

Filesize
3.3MB

Download
memory/4808-1348-0x00007FF6B4340000-0x00007FF6B4691000-memory.dmp

Filesize
3.3MB

Download
memory/4808-56-0x00007FF6B4340000-0x00007FF6B4691000-memory.dmp

Filesize
3.3MB

Download
memory/4848-60-0x00007FF783D60000-0x00007FF7840B1000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2378-0x00007FF783D60000-0x00007FF7840B1000-memory.dmp

Filesize
3.3MB

Download
memory/4932-429-0x00007FF76A820000-0x00007FF76AB71000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2408-0x00007FF76A820000-0x00007FF76AB71000-memory.dmp

Filesize
3.3MB

Download
memory/5012-391-0x00007FF60A780000-0x00007FF60AAD1000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2380-0x00007FF60A780000-0x00007FF60AAD1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads