xmrig | 514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 21:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
Size

1.1MB
MD5

612c6b3724b4b01d4c0106cb22595cfb
SHA1

ef91d14a909104462d29a796c3bc2f8d724c8423
SHA256

514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07
SHA512

b9686c5441dc2b4029bf05a46cee3ef959a8ce2f7a398dee5ff568c0ab6e94eea3be320baadc914c95259af226aeadd411a35219098df10ea09bda5943f1437f
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbpwlKensziXoSPVijjsoD:GezaTF8FcNkNdfE0pZ9ozttwIRRXwQ

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 34 IoCs

miner

resource	yara_rule
behavioral2/files/0x000a000000023b67-15.dat	xmrig
behavioral2/files/0x000a000000023b68-20.dat	xmrig
behavioral2/files/0x000b000000023b63-8.dat	xmrig
behavioral2/files/0x000c000000023b0a-5.dat	xmrig
behavioral2/files/0x000a000000023b69-23.dat	xmrig
behavioral2/files/0x000a000000023b6d-35.dat	xmrig
behavioral2/files/0x000a000000023b6c-34.dat	xmrig
behavioral2/files/0x000a000000023b6b-28.dat	xmrig
behavioral2/files/0x000a000000023b72-83.dat	xmrig
behavioral2/files/0x0031000000023b73-68.dat	xmrig
behavioral2/files/0x000a000000023b6e-55.dat	xmrig
behavioral2/files/0x000a000000023b6f-54.dat	xmrig
behavioral2/files/0x000a000000023b71-53.dat	xmrig
behavioral2/files/0x000a000000023b70-48.dat	xmrig
behavioral2/files/0x0031000000023b75-102.dat	xmrig
behavioral2/files/0x000a000000023b7b-122.dat	xmrig
behavioral2/files/0x000a000000023b80-134.dat	xmrig
behavioral2/files/0x000a000000023b7f-132.dat	xmrig
behavioral2/files/0x000a000000023b7e-130.dat	xmrig
behavioral2/files/0x000a000000023b7d-128.dat	xmrig
behavioral2/files/0x000a000000023b79-126.dat	xmrig
behavioral2/files/0x000a000000023b7c-124.dat	xmrig
behavioral2/files/0x000a000000023b7a-120.dat	xmrig
behavioral2/files/0x000a000000023b78-118.dat	xmrig
behavioral2/files/0x000a000000023b77-109.dat	xmrig
behavioral2/files/0x000a000000023b76-101.dat	xmrig
behavioral2/files/0x0031000000023b74-96.dat	xmrig
behavioral2/files/0x000a000000023b81-141.dat	xmrig
behavioral2/files/0x000a000000023b82-146.dat	xmrig
behavioral2/files/0x000a000000023b84-153.dat	xmrig
behavioral2/files/0x000a000000023b83-152.dat	xmrig
behavioral2/files/0x000b000000023b64-151.dat	xmrig
behavioral2/files/0x000a000000023b85-158.dat	xmrig
behavioral2/files/0x000a000000023b86-163.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4020	atvekSo.exe
400	VNAeQHf.exe
848	VaQJqdJ.exe
3756	uCmNgny.exe
1252	pJpTxQn.exe
1640	lWyCUZn.exe
2636	UpfMruh.exe
724	uRKStdy.exe
1012	msxDbwJ.exe
1868	TSBbWOs.exe
2488	EuBGqhW.exe
4208	GqGYolC.exe
1560	OwAdcEB.exe
784	zFKKNNN.exe
1844	uCIHDTo.exe
1708	BAWucfV.exe
508	zTzHRME.exe
1880	ZOdBmEB.exe
3544	HvaSFFt.exe
1800	MZXuRNU.exe
3856	UZDzDZT.exe
448	XdkVupM.exe
756	dBXMmeB.exe
1712	AufvSHd.exe
4940	dAvxZxs.exe
4944	gGKiAjl.exe
1988	WmMvdEY.exe
4412	oVNOOzB.exe
4104	dbZiPhd.exe
5092	xIQWZPT.exe
3216	GjVKSYF.exe
2676	FEneNgX.exe
2076	XIwMdig.exe
4640	hWZoAbc.exe
4512	swgOyKZ.exe
5024	nLazTZC.exe
1032	scFAekS.exe
2868	BmZLYXj.exe
4936	vbTWnHC.exe
3008	aBLFJAT.exe
1792	CzQIhLQ.exe
1848	lTyimlo.exe
1140	VVTXDVp.exe
1808	xbbccRl.exe
4596	EbDwyhW.exe
2696	OblObRN.exe
4732	KfHSpWI.exe
4864	oJCQkFD.exe
976	UYpqAyt.exe
1492	szliPpm.exe
1572	YeHWwqx.exe
3692	hOGyCFG.exe
1144	aMQwtGA.exe
4968	EXFbRHK.exe
2104	KXKGLny.exe
3508	rXAVqPZ.exe
4784	ioiEmXT.exe
4400	Kxukkfb.exe
1520	PsVAbIU.exe
3828	OnWqbWY.exe
1652	iqjUWno.exe
2864	sjZqxkt.exe
4288	WXFoEXO.exe
1568	WzFYsXD.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vUTZVyP.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\azGBYpX.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\ftfPzrw.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\mIYzsCl.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\wmFthPF.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\qAuvCbc.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\nFAIRbT.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\mNFzMDa.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\EXFbRHK.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\vQhfiDy.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\aQrFiRa.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\bVGbmew.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\yakYUHC.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\AtpLPBx.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\emGAfex.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\zTLlBwh.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\MStZiqf.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\yYMxywI.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\cfCLJka.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\BkqvWzN.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\RQLvefo.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\KcGvJGb.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\UUlFFhC.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\rXAVqPZ.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\ofcYjYz.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\vOdEdCb.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\hrogsEX.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\yMEkStd.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\WzFYsXD.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\ElNmGZU.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\VdaXghM.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\tORiAHa.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\uZWyULW.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\QHAocMN.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\XefKfAk.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\rXAzQzi.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\pjefdEs.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\ZovdCca.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\JrfrpaV.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\nuOqcjB.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\tXoWVgM.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\XdkVupM.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\CzQIhLQ.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\cJtieDR.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\DvDWZhq.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\opYbkjU.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\LoHiqLX.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\rPwcjql.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\xIQWZPT.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\wwgpBtP.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\yrFwMCp.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\yKhFYep.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\zFxaOOw.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\JbfQALJ.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\jbtmStZ.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\drNTfPz.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\RUUKxzW.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\JlDzVqZ.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\NXdQNAo.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\gueFdOO.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\IODgUAS.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\rpjrPwO.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\ShDCfWk.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
File created	C:\Windows\System\dlZjxku.exe	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe

Checks SCSI registry key(s) 3 TTPs 24 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17176	dwm.exe
Token: SeChangeNotifyPrivilege	17176	dwm.exe
Token: 33	17176	dwm.exe
Token: SeIncBasePriorityPrivilege	17176	dwm.exe
Token: SeCreateGlobalPrivilege	1232	dwm.exe
Token: SeChangeNotifyPrivilege	1232	dwm.exe
Token: 33	1232	dwm.exe
Token: SeIncBasePriorityPrivilege	1232	dwm.exe
Token: SeCreateGlobalPrivilege	16352	dwm.exe
Token: SeChangeNotifyPrivilege	16352	dwm.exe
Token: 33	16352	dwm.exe
Token: SeIncBasePriorityPrivilege	16352	dwm.exe
Token: SeCreateGlobalPrivilege	17372	dwm.exe
Token: SeChangeNotifyPrivilege	17372	dwm.exe
Token: 33	17372	dwm.exe
Token: SeIncBasePriorityPrivilege	17372	dwm.exe
Token: SeShutdownPrivilege	17372	dwm.exe
Token: SeCreatePagefilePrivilege	17372	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4020	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	85
PID 4036 wrote to memory of 4020	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	85
PID 4036 wrote to memory of 400	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	86
PID 4036 wrote to memory of 400	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	86
PID 4036 wrote to memory of 848	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	87
PID 4036 wrote to memory of 848	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	87
PID 4036 wrote to memory of 3756	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	88
PID 4036 wrote to memory of 3756	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	88
PID 4036 wrote to memory of 1252	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	89
PID 4036 wrote to memory of 1252	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	89
PID 4036 wrote to memory of 1640	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	90
PID 4036 wrote to memory of 1640	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	90
PID 4036 wrote to memory of 2636	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	91
PID 4036 wrote to memory of 2636	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	91
PID 4036 wrote to memory of 724	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	92
PID 4036 wrote to memory of 724	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	92
PID 4036 wrote to memory of 1012	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	93
PID 4036 wrote to memory of 1012	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	93
PID 4036 wrote to memory of 4208	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	94
PID 4036 wrote to memory of 4208	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	94
PID 4036 wrote to memory of 1868	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	95
PID 4036 wrote to memory of 1868	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	95
PID 4036 wrote to memory of 2488	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	96
PID 4036 wrote to memory of 2488	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	96
PID 4036 wrote to memory of 1560	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	97
PID 4036 wrote to memory of 1560	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	97
PID 4036 wrote to memory of 784	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	98
PID 4036 wrote to memory of 784	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	98
PID 4036 wrote to memory of 1844	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	99
PID 4036 wrote to memory of 1844	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	99
PID 4036 wrote to memory of 1708	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	100
PID 4036 wrote to memory of 1708	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	100
PID 4036 wrote to memory of 508	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	101
PID 4036 wrote to memory of 508	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	101
PID 4036 wrote to memory of 1880	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	102
PID 4036 wrote to memory of 1880	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	102
PID 4036 wrote to memory of 3544	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	103
PID 4036 wrote to memory of 3544	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	103
PID 4036 wrote to memory of 756	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	104
PID 4036 wrote to memory of 756	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	104
PID 4036 wrote to memory of 1800	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	105
PID 4036 wrote to memory of 1800	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	105
PID 4036 wrote to memory of 3856	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	106
PID 4036 wrote to memory of 3856	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	106
PID 4036 wrote to memory of 448	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	107
PID 4036 wrote to memory of 448	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	107
PID 4036 wrote to memory of 1712	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	108
PID 4036 wrote to memory of 1712	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	108
PID 4036 wrote to memory of 4940	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	109
PID 4036 wrote to memory of 4940	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	109
PID 4036 wrote to memory of 4944	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	110
PID 4036 wrote to memory of 4944	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	110
PID 4036 wrote to memory of 1988	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	111
PID 4036 wrote to memory of 1988	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	111
PID 4036 wrote to memory of 4412	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	112
PID 4036 wrote to memory of 4412	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	112
PID 4036 wrote to memory of 4104	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	113
PID 4036 wrote to memory of 4104	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	113
PID 4036 wrote to memory of 5092	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	114
PID 4036 wrote to memory of 5092	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	114
PID 4036 wrote to memory of 3216	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	115
PID 4036 wrote to memory of 3216	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	115
PID 4036 wrote to memory of 2676	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	116
PID 4036 wrote to memory of 2676	4036	514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe	116

C:\Users\Admin\AppData\Local\Temp\514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe
"C:\Users\Admin\AppData\Local\Temp\514c87e106a4cc57dcdc7bd34ddf6705fa34e7c3a6aebb422b47b8ab66a11f07.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\System\atvekSo.exe
  C:\Windows\System\atvekSo.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\VNAeQHf.exe
  C:\Windows\System\VNAeQHf.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\VaQJqdJ.exe
  C:\Windows\System\VaQJqdJ.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\uCmNgny.exe
  C:\Windows\System\uCmNgny.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\pJpTxQn.exe
  C:\Windows\System\pJpTxQn.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\lWyCUZn.exe
  C:\Windows\System\lWyCUZn.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\UpfMruh.exe
  C:\Windows\System\UpfMruh.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\uRKStdy.exe
  C:\Windows\System\uRKStdy.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\msxDbwJ.exe
  C:\Windows\System\msxDbwJ.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\GqGYolC.exe
  C:\Windows\System\GqGYolC.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\TSBbWOs.exe
  C:\Windows\System\TSBbWOs.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\EuBGqhW.exe
  C:\Windows\System\EuBGqhW.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\OwAdcEB.exe
  C:\Windows\System\OwAdcEB.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\zFKKNNN.exe
  C:\Windows\System\zFKKNNN.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\uCIHDTo.exe
  C:\Windows\System\uCIHDTo.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\BAWucfV.exe
  C:\Windows\System\BAWucfV.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\zTzHRME.exe
  C:\Windows\System\zTzHRME.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\ZOdBmEB.exe
  C:\Windows\System\ZOdBmEB.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\HvaSFFt.exe
  C:\Windows\System\HvaSFFt.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\dBXMmeB.exe
  C:\Windows\System\dBXMmeB.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\MZXuRNU.exe
  C:\Windows\System\MZXuRNU.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\UZDzDZT.exe
  C:\Windows\System\UZDzDZT.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\XdkVupM.exe
  C:\Windows\System\XdkVupM.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\AufvSHd.exe
  C:\Windows\System\AufvSHd.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\dAvxZxs.exe
  C:\Windows\System\dAvxZxs.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\gGKiAjl.exe
  C:\Windows\System\gGKiAjl.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\WmMvdEY.exe
  C:\Windows\System\WmMvdEY.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\oVNOOzB.exe
  C:\Windows\System\oVNOOzB.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\dbZiPhd.exe
  C:\Windows\System\dbZiPhd.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\xIQWZPT.exe
  C:\Windows\System\xIQWZPT.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\GjVKSYF.exe
  C:\Windows\System\GjVKSYF.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\FEneNgX.exe
  C:\Windows\System\FEneNgX.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\XIwMdig.exe
  C:\Windows\System\XIwMdig.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\hWZoAbc.exe
  C:\Windows\System\hWZoAbc.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\swgOyKZ.exe
  C:\Windows\System\swgOyKZ.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\nLazTZC.exe
  C:\Windows\System\nLazTZC.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\scFAekS.exe
  C:\Windows\System\scFAekS.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\BmZLYXj.exe
  C:\Windows\System\BmZLYXj.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\vbTWnHC.exe
  C:\Windows\System\vbTWnHC.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\aBLFJAT.exe
  C:\Windows\System\aBLFJAT.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\CzQIhLQ.exe
  C:\Windows\System\CzQIhLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\lTyimlo.exe
  C:\Windows\System\lTyimlo.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\VVTXDVp.exe
  C:\Windows\System\VVTXDVp.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\xbbccRl.exe
  C:\Windows\System\xbbccRl.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\EbDwyhW.exe
  C:\Windows\System\EbDwyhW.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\UYpqAyt.exe
  C:\Windows\System\UYpqAyt.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\OblObRN.exe
  C:\Windows\System\OblObRN.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\KfHSpWI.exe
  C:\Windows\System\KfHSpWI.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\oJCQkFD.exe
  C:\Windows\System\oJCQkFD.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\szliPpm.exe
  C:\Windows\System\szliPpm.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\hOGyCFG.exe
  C:\Windows\System\hOGyCFG.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\YeHWwqx.exe
  C:\Windows\System\YeHWwqx.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\aMQwtGA.exe
  C:\Windows\System\aMQwtGA.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\EXFbRHK.exe
  C:\Windows\System\EXFbRHK.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\KXKGLny.exe
  C:\Windows\System\KXKGLny.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\rXAVqPZ.exe
  C:\Windows\System\rXAVqPZ.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\ioiEmXT.exe
  C:\Windows\System\ioiEmXT.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\Kxukkfb.exe
  C:\Windows\System\Kxukkfb.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\PsVAbIU.exe
  C:\Windows\System\PsVAbIU.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\OnWqbWY.exe
  C:\Windows\System\OnWqbWY.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\iqjUWno.exe
  C:\Windows\System\iqjUWno.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\sjZqxkt.exe
  C:\Windows\System\sjZqxkt.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\WXFoEXO.exe
  C:\Windows\System\WXFoEXO.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\WzFYsXD.exe
  C:\Windows\System\WzFYsXD.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\SScuIss.exe
  C:\Windows\System\SScuIss.exe
  2⤵
  PID:4840
- C:\Windows\System\wxaAvbJ.exe
  C:\Windows\System\wxaAvbJ.exe
  2⤵
  PID:1208
- C:\Windows\System\MKiAozx.exe
  C:\Windows\System\MKiAozx.exe
  2⤵
  PID:2460
- C:\Windows\System\CrcwPQG.exe
  C:\Windows\System\CrcwPQG.exe
  2⤵
  PID:3548
- C:\Windows\System\vUTZVyP.exe
  C:\Windows\System\vUTZVyP.exe
  2⤵
  PID:1700
- C:\Windows\System\LIrkNOt.exe
  C:\Windows\System\LIrkNOt.exe
  2⤵
  PID:3656
- C:\Windows\System\znZeIIs.exe
  C:\Windows\System\znZeIIs.exe
  2⤵
  PID:4776
- C:\Windows\System\TVyIFGz.exe
  C:\Windows\System\TVyIFGz.exe
  2⤵
  PID:4808
- C:\Windows\System\cnwmONL.exe
  C:\Windows\System\cnwmONL.exe
  2⤵
  PID:2796
- C:\Windows\System\KRXOJNP.exe
  C:\Windows\System\KRXOJNP.exe
  2⤵
  PID:1972
- C:\Windows\System\UxkdMAg.exe
  C:\Windows\System\UxkdMAg.exe
  2⤵
  PID:1376
- C:\Windows\System\IlzJrSG.exe
  C:\Windows\System\IlzJrSG.exe
  2⤵
  PID:4380
- C:\Windows\System\tgJxntu.exe
  C:\Windows\System\tgJxntu.exe
  2⤵
  PID:1332
- C:\Windows\System\yDcXZYW.exe
  C:\Windows\System\yDcXZYW.exe
  2⤵
  PID:5056
- C:\Windows\System\ikPbyXE.exe
  C:\Windows\System\ikPbyXE.exe
  2⤵
  PID:4768
- C:\Windows\System\CVwBuVU.exe
  C:\Windows\System\CVwBuVU.exe
  2⤵
  PID:4888
- C:\Windows\System\dIvPfJI.exe
  C:\Windows\System\dIvPfJI.exe
  2⤵
  PID:4764
- C:\Windows\System\UUjWFhQ.exe
  C:\Windows\System\UUjWFhQ.exe
  2⤵
  PID:532
- C:\Windows\System\nMPSFmY.exe
  C:\Windows\System\nMPSFmY.exe
  2⤵
  PID:3448
- C:\Windows\System\HBHFGJX.exe
  C:\Windows\System\HBHFGJX.exe
  2⤵
  PID:4616
- C:\Windows\System\cqZaknV.exe
  C:\Windows\System\cqZaknV.exe
  2⤵
  PID:4636
- C:\Windows\System\EjQorsm.exe
  C:\Windows\System\EjQorsm.exe
  2⤵
  PID:2376
- C:\Windows\System\ipUkTAM.exe
  C:\Windows\System\ipUkTAM.exe
  2⤵
  PID:1388
- C:\Windows\System\tpsERUa.exe
  C:\Windows\System\tpsERUa.exe
  2⤵
  PID:2024
- C:\Windows\System\rfvCIKI.exe
  C:\Windows\System\rfvCIKI.exe
  2⤵
  PID:1416
- C:\Windows\System\FskbmRk.exe
  C:\Windows\System\FskbmRk.exe
  2⤵
  PID:4612
- C:\Windows\System\vUvwYFC.exe
  C:\Windows\System\vUvwYFC.exe
  2⤵
  PID:2804
- C:\Windows\System\cBbyjbv.exe
  C:\Windows\System\cBbyjbv.exe
  2⤵
  PID:2028
- C:\Windows\System\LWqhynm.exe
  C:\Windows\System\LWqhynm.exe
  2⤵
  PID:3328
- C:\Windows\System\goQUOlx.exe
  C:\Windows\System\goQUOlx.exe
  2⤵
  PID:4916
- C:\Windows\System\QFnCkiS.exe
  C:\Windows\System\QFnCkiS.exe
  2⤵
  PID:3816
- C:\Windows\System\cuNeNSy.exe
  C:\Windows\System\cuNeNSy.exe
  2⤵
  PID:2680
- C:\Windows\System\urqHxse.exe
  C:\Windows\System\urqHxse.exe
  2⤵
  PID:5128
- C:\Windows\System\uZWyULW.exe
  C:\Windows\System\uZWyULW.exe
  2⤵
  PID:5156
- C:\Windows\System\PvUUpVQ.exe
  C:\Windows\System\PvUUpVQ.exe
  2⤵
  PID:5188
- C:\Windows\System\riNlWmR.exe
  C:\Windows\System\riNlWmR.exe
  2⤵
  PID:5224
- C:\Windows\System\AQAkFMA.exe
  C:\Windows\System\AQAkFMA.exe
  2⤵
  PID:5240
- C:\Windows\System\CRIndHo.exe
  C:\Windows\System\CRIndHo.exe
  2⤵
  PID:5264
- C:\Windows\System\fmVtuit.exe
  C:\Windows\System\fmVtuit.exe
  2⤵
  PID:5300
- C:\Windows\System\gkLrOVY.exe
  C:\Windows\System\gkLrOVY.exe
  2⤵
  PID:5320
- C:\Windows\System\JCPgLKH.exe
  C:\Windows\System\JCPgLKH.exe
  2⤵
  PID:5344
- C:\Windows\System\PrIBDbT.exe
  C:\Windows\System\PrIBDbT.exe
  2⤵
  PID:5376
- C:\Windows\System\INOOchz.exe
  C:\Windows\System\INOOchz.exe
  2⤵
  PID:5408
- C:\Windows\System\rFtMAvO.exe
  C:\Windows\System\rFtMAvO.exe
  2⤵
  PID:5436
- C:\Windows\System\vuzsuJW.exe
  C:\Windows\System\vuzsuJW.exe
  2⤵
  PID:5464
- C:\Windows\System\EfPDeWy.exe
  C:\Windows\System\EfPDeWy.exe
  2⤵
  PID:5500
- C:\Windows\System\lrCMqwE.exe
  C:\Windows\System\lrCMqwE.exe
  2⤵
  PID:5528
- C:\Windows\System\dBXeuyx.exe
  C:\Windows\System\dBXeuyx.exe
  2⤵
  PID:5552
- C:\Windows\System\KQMCrhC.exe
  C:\Windows\System\KQMCrhC.exe
  2⤵
  PID:5580
- C:\Windows\System\YJyffmB.exe
  C:\Windows\System\YJyffmB.exe
  2⤵
  PID:5604
- C:\Windows\System\Bqxdvak.exe
  C:\Windows\System\Bqxdvak.exe
  2⤵
  PID:5620
- C:\Windows\System\RUUKxzW.exe
  C:\Windows\System\RUUKxzW.exe
  2⤵
  PID:5648
- C:\Windows\System\ANmGGmW.exe
  C:\Windows\System\ANmGGmW.exe
  2⤵
  PID:5680
- C:\Windows\System\EzPDRJf.exe
  C:\Windows\System\EzPDRJf.exe
  2⤵
  PID:5696
- C:\Windows\System\uzdqSuP.exe
  C:\Windows\System\uzdqSuP.exe
  2⤵
  PID:5732
- C:\Windows\System\MVDlLdb.exe
  C:\Windows\System\MVDlLdb.exe
  2⤵
  PID:5756
- C:\Windows\System\RQqCAFv.exe
  C:\Windows\System\RQqCAFv.exe
  2⤵
  PID:5796
- C:\Windows\System\cIFXinE.exe
  C:\Windows\System\cIFXinE.exe
  2⤵
  PID:5832
- C:\Windows\System\mLGPNyA.exe
  C:\Windows\System\mLGPNyA.exe
  2⤵
  PID:5868
- C:\Windows\System\UHAiPTS.exe
  C:\Windows\System\UHAiPTS.exe
  2⤵
  PID:5900
- C:\Windows\System\oQEmisV.exe
  C:\Windows\System\oQEmisV.exe
  2⤵
  PID:5924
- C:\Windows\System\ofcYjYz.exe
  C:\Windows\System\ofcYjYz.exe
  2⤵
  PID:5956
- C:\Windows\System\zbhnjUZ.exe
  C:\Windows\System\zbhnjUZ.exe
  2⤵
  PID:5984
- C:\Windows\System\bqseojs.exe
  C:\Windows\System\bqseojs.exe
  2⤵
  PID:6020
- C:\Windows\System\MjcbctN.exe
  C:\Windows\System\MjcbctN.exe
  2⤵
  PID:6040
- C:\Windows\System\ZPtZAXv.exe
  C:\Windows\System\ZPtZAXv.exe
  2⤵
  PID:6068
- C:\Windows\System\oFqyBqg.exe
  C:\Windows\System\oFqyBqg.exe
  2⤵
  PID:6092
- C:\Windows\System\GZlFTQM.exe
  C:\Windows\System\GZlFTQM.exe
  2⤵
  PID:6112
- C:\Windows\System\mVLnbgD.exe
  C:\Windows\System\mVLnbgD.exe
  2⤵
  PID:6140
- C:\Windows\System\XWvCnyN.exe
  C:\Windows\System\XWvCnyN.exe
  2⤵
  PID:2256
- C:\Windows\System\ZGrdxdF.exe
  C:\Windows\System\ZGrdxdF.exe
  2⤵
  PID:5212
- C:\Windows\System\pTBdXeX.exe
  C:\Windows\System\pTBdXeX.exe
  2⤵
  PID:5316
- C:\Windows\System\tVSnHdn.exe
  C:\Windows\System\tVSnHdn.exe
  2⤵
  PID:5372
- C:\Windows\System\veZmRVI.exe
  C:\Windows\System\veZmRVI.exe
  2⤵
  PID:5424
- C:\Windows\System\NhThxCE.exe
  C:\Windows\System\NhThxCE.exe
  2⤵
  PID:5476
- C:\Windows\System\fUQhRkl.exe
  C:\Windows\System\fUQhRkl.exe
  2⤵
  PID:5536
- C:\Windows\System\MmsgUKR.exe
  C:\Windows\System\MmsgUKR.exe
  2⤵
  PID:5612
- C:\Windows\System\gaOoCaD.exe
  C:\Windows\System\gaOoCaD.exe
  2⤵
  PID:5660
- C:\Windows\System\MvFcmwR.exe
  C:\Windows\System\MvFcmwR.exe
  2⤵
  PID:5704
- C:\Windows\System\rYhzuMq.exe
  C:\Windows\System\rYhzuMq.exe
  2⤵
  PID:5828
- C:\Windows\System\DpfkCAB.exe
  C:\Windows\System\DpfkCAB.exe
  2⤵
  PID:5884
- C:\Windows\System\IhanSiv.exe
  C:\Windows\System\IhanSiv.exe
  2⤵
  PID:5976
- C:\Windows\System\MPURzYW.exe
  C:\Windows\System\MPURzYW.exe
  2⤵
  PID:6008
- C:\Windows\System\DgWYnFP.exe
  C:\Windows\System\DgWYnFP.exe
  2⤵
  PID:6084
- C:\Windows\System\UwstkRZ.exe
  C:\Windows\System\UwstkRZ.exe
  2⤵
  PID:6132
- C:\Windows\System\MswLrqe.exe
  C:\Windows\System\MswLrqe.exe
  2⤵
  PID:5232
- C:\Windows\System\UBuQREa.exe
  C:\Windows\System\UBuQREa.exe
  2⤵
  PID:5392
- C:\Windows\System\NKGITqH.exe
  C:\Windows\System\NKGITqH.exe
  2⤵
  PID:5568
- C:\Windows\System\vfuIFBJ.exe
  C:\Windows\System\vfuIFBJ.exe
  2⤵
  PID:5664
- C:\Windows\System\iRYYnbD.exe
  C:\Windows\System\iRYYnbD.exe
  2⤵
  PID:5780
- C:\Windows\System\xwNVuBE.exe
  C:\Windows\System\xwNVuBE.exe
  2⤵
  PID:5932
- C:\Windows\System\SAJbJhC.exe
  C:\Windows\System\SAJbJhC.exe
  2⤵
  PID:968
- C:\Windows\System\VrSbyID.exe
  C:\Windows\System\VrSbyID.exe
  2⤵
  PID:388
- C:\Windows\System\RTGiKyM.exe
  C:\Windows\System\RTGiKyM.exe
  2⤵
  PID:5332
- C:\Windows\System\NQmLnXw.exe
  C:\Windows\System\NQmLnXw.exe
  2⤵
  PID:5692
- C:\Windows\System\cTdaIAU.exe
  C:\Windows\System\cTdaIAU.exe
  2⤵
  PID:6004
- C:\Windows\System\cysOBrm.exe
  C:\Windows\System\cysOBrm.exe
  2⤵
  PID:5384
- C:\Windows\System\KmgHGDT.exe
  C:\Windows\System\KmgHGDT.exe
  2⤵
  PID:5876
- C:\Windows\System\HoPpvrT.exe
  C:\Windows\System\HoPpvrT.exe
  2⤵
  PID:6180
- C:\Windows\System\qSYwShy.exe
  C:\Windows\System\qSYwShy.exe
  2⤵
  PID:6196
- C:\Windows\System\tONTrUK.exe
  C:\Windows\System\tONTrUK.exe
  2⤵
  PID:6228
- C:\Windows\System\iRyVHmC.exe
  C:\Windows\System\iRyVHmC.exe
  2⤵
  PID:6244
- C:\Windows\System\HBLoRUT.exe
  C:\Windows\System\HBLoRUT.exe
  2⤵
  PID:6356
- C:\Windows\System\uiUzNVr.exe
  C:\Windows\System\uiUzNVr.exe
  2⤵
  PID:6372
- C:\Windows\System\zFxaOOw.exe
  C:\Windows\System\zFxaOOw.exe
  2⤵
  PID:6392
- C:\Windows\System\WZnTWFC.exe
  C:\Windows\System\WZnTWFC.exe
  2⤵
  PID:6416
- C:\Windows\System\jbXpgmI.exe
  C:\Windows\System\jbXpgmI.exe
  2⤵
  PID:6432
- C:\Windows\System\XQeEAOJ.exe
  C:\Windows\System\XQeEAOJ.exe
  2⤵
  PID:6448
- C:\Windows\System\fgNGFSB.exe
  C:\Windows\System\fgNGFSB.exe
  2⤵
  PID:6468
- C:\Windows\System\jtdZFcN.exe
  C:\Windows\System\jtdZFcN.exe
  2⤵
  PID:6500
- C:\Windows\System\aMKwqsA.exe
  C:\Windows\System\aMKwqsA.exe
  2⤵
  PID:6524
- C:\Windows\System\RtkOGCx.exe
  C:\Windows\System\RtkOGCx.exe
  2⤵
  PID:6552
- C:\Windows\System\HLuCSfW.exe
  C:\Windows\System\HLuCSfW.exe
  2⤵
  PID:6576
- C:\Windows\System\kwkeVbj.exe
  C:\Windows\System\kwkeVbj.exe
  2⤵
  PID:6604
- C:\Windows\System\WAWAvMm.exe
  C:\Windows\System\WAWAvMm.exe
  2⤵
  PID:6628
- C:\Windows\System\cJwcSTV.exe
  C:\Windows\System\cJwcSTV.exe
  2⤵
  PID:6652
- C:\Windows\System\bVGbmew.exe
  C:\Windows\System\bVGbmew.exe
  2⤵
  PID:6680
- C:\Windows\System\HnpdyCu.exe
  C:\Windows\System\HnpdyCu.exe
  2⤵
  PID:6700
- C:\Windows\System\VbTTqsG.exe
  C:\Windows\System\VbTTqsG.exe
  2⤵
  PID:6724
- C:\Windows\System\dxhheqP.exe
  C:\Windows\System\dxhheqP.exe
  2⤵
  PID:6744
- C:\Windows\System\GkxULZq.exe
  C:\Windows\System\GkxULZq.exe
  2⤵
  PID:6776
- C:\Windows\System\wmFthPF.exe
  C:\Windows\System\wmFthPF.exe
  2⤵
  PID:6804
- C:\Windows\System\yYMxywI.exe
  C:\Windows\System\yYMxywI.exe
  2⤵
  PID:6820
- C:\Windows\System\DueALKf.exe
  C:\Windows\System\DueALKf.exe
  2⤵
  PID:6836
- C:\Windows\System\bwugEam.exe
  C:\Windows\System\bwugEam.exe
  2⤵
  PID:6852
- C:\Windows\System\vGHbvRP.exe
  C:\Windows\System\vGHbvRP.exe
  2⤵
  PID:6876
- C:\Windows\System\vQhfiDy.exe
  C:\Windows\System\vQhfiDy.exe
  2⤵
  PID:6904
- C:\Windows\System\NslrSgA.exe
  C:\Windows\System\NslrSgA.exe
  2⤵
  PID:6932
- C:\Windows\System\pUbBkjY.exe
  C:\Windows\System\pUbBkjY.exe
  2⤵
  PID:6956
- C:\Windows\System\areiAjU.exe
  C:\Windows\System\areiAjU.exe
  2⤵
  PID:6988
- C:\Windows\System\kdLPMlv.exe
  C:\Windows\System\kdLPMlv.exe
  2⤵
  PID:7016
- C:\Windows\System\keZnour.exe
  C:\Windows\System\keZnour.exe
  2⤵
  PID:7064
- C:\Windows\System\doUnwyn.exe
  C:\Windows\System\doUnwyn.exe
  2⤵
  PID:7084
- C:\Windows\System\yYTSNPH.exe
  C:\Windows\System\yYTSNPH.exe
  2⤵
  PID:7108
- C:\Windows\System\ltoGPUT.exe
  C:\Windows\System\ltoGPUT.exe
  2⤵
  PID:7128
- C:\Windows\System\bMshUfe.exe
  C:\Windows\System\bMshUfe.exe
  2⤵
  PID:7160
- C:\Windows\System\kAQpsSt.exe
  C:\Windows\System\kAQpsSt.exe
  2⤵
  PID:5544
- C:\Windows\System\dGxujSV.exe
  C:\Windows\System\dGxujSV.exe
  2⤵
  PID:6192
- C:\Windows\System\LQRJtkQ.exe
  C:\Windows\System\LQRJtkQ.exe
  2⤵
  PID:6284
- C:\Windows\System\ETJKvRI.exe
  C:\Windows\System\ETJKvRI.exe
  2⤵
  PID:3168
- C:\Windows\System\wfZucvl.exe
  C:\Windows\System\wfZucvl.exe
  2⤵
  PID:6380
- C:\Windows\System\sxQrzVf.exe
  C:\Windows\System\sxQrzVf.exe
  2⤵
  PID:6488
- C:\Windows\System\ESbOyUY.exe
  C:\Windows\System\ESbOyUY.exe
  2⤵
  PID:6564
- C:\Windows\System\JlDzVqZ.exe
  C:\Windows\System\JlDzVqZ.exe
  2⤵
  PID:6664
- C:\Windows\System\KSCGKdx.exe
  C:\Windows\System\KSCGKdx.exe
  2⤵
  PID:6668
- C:\Windows\System\UXkyBTN.exe
  C:\Windows\System\UXkyBTN.exe
  2⤵
  PID:6792
- C:\Windows\System\hIMqshD.exe
  C:\Windows\System\hIMqshD.exe
  2⤵
  PID:6760
- C:\Windows\System\BskERkB.exe
  C:\Windows\System\BskERkB.exe
  2⤵
  PID:6832
- C:\Windows\System\yJMfcAI.exe
  C:\Windows\System\yJMfcAI.exe
  2⤵
  PID:6928
- C:\Windows\System\FycPQyI.exe
  C:\Windows\System\FycPQyI.exe
  2⤵
  PID:1624
- C:\Windows\System\IFpyfeC.exe
  C:\Windows\System\IFpyfeC.exe
  2⤵
  PID:4872
- C:\Windows\System\rFqLALL.exe
  C:\Windows\System\rFqLALL.exe
  2⤵
  PID:6948
- C:\Windows\System\iDuLOul.exe
  C:\Windows\System\iDuLOul.exe
  2⤵
  PID:7120
- C:\Windows\System\jIZPqCN.exe
  C:\Windows\System\jIZPqCN.exe
  2⤵
  PID:6188
- C:\Windows\System\PHwUuhN.exe
  C:\Windows\System\PHwUuhN.exe
  2⤵
  PID:7144
- C:\Windows\System\nEjtQdg.exe
  C:\Windows\System\nEjtQdg.exe
  2⤵
  PID:6152
- C:\Windows\System\wSTgSyj.exe
  C:\Windows\System\wSTgSyj.exe
  2⤵
  PID:6540
- C:\Windows\System\FrNqsFF.exe
  C:\Windows\System\FrNqsFF.exe
  2⤵
  PID:6256
- C:\Windows\System\YbkGftD.exe
  C:\Windows\System\YbkGftD.exe
  2⤵
  PID:6612
- C:\Windows\System\khblSnr.exe
  C:\Windows\System\khblSnr.exe
  2⤵
  PID:6616
- C:\Windows\System\ElNmGZU.exe
  C:\Windows\System\ElNmGZU.exe
  2⤵
  PID:7004
- C:\Windows\System\wiwfAbJ.exe
  C:\Windows\System\wiwfAbJ.exe
  2⤵
  PID:6984
- C:\Windows\System\vwzWcCy.exe
  C:\Windows\System\vwzWcCy.exe
  2⤵
  PID:116
- C:\Windows\System\TSiwbuA.exe
  C:\Windows\System\TSiwbuA.exe
  2⤵
  PID:6952
- C:\Windows\System\SqDJnUj.exe
  C:\Windows\System\SqDJnUj.exe
  2⤵
  PID:7188
- C:\Windows\System\clMPhaa.exe
  C:\Windows\System\clMPhaa.exe
  2⤵
  PID:7212
- C:\Windows\System\IoIJGoK.exe
  C:\Windows\System\IoIJGoK.exe
  2⤵
  PID:7240
- C:\Windows\System\MyaHkiL.exe
  C:\Windows\System\MyaHkiL.exe
  2⤵
  PID:7272
- C:\Windows\System\PjLUxhT.exe
  C:\Windows\System\PjLUxhT.exe
  2⤵
  PID:7300
- C:\Windows\System\KNoQAEp.exe
  C:\Windows\System\KNoQAEp.exe
  2⤵
  PID:7336
- C:\Windows\System\PrxivOq.exe
  C:\Windows\System\PrxivOq.exe
  2⤵
  PID:7360
- C:\Windows\System\qXaeMkm.exe
  C:\Windows\System\qXaeMkm.exe
  2⤵
  PID:7388
- C:\Windows\System\fElMmAA.exe
  C:\Windows\System\fElMmAA.exe
  2⤵
  PID:7412
- C:\Windows\System\RkfZpAx.exe
  C:\Windows\System\RkfZpAx.exe
  2⤵
  PID:7436
- C:\Windows\System\CJyVyLa.exe
  C:\Windows\System\CJyVyLa.exe
  2⤵
  PID:7464
- C:\Windows\System\JbfQALJ.exe
  C:\Windows\System\JbfQALJ.exe
  2⤵
  PID:7492
- C:\Windows\System\eCXvyDI.exe
  C:\Windows\System\eCXvyDI.exe
  2⤵
  PID:7512
- C:\Windows\System\IKVRKQx.exe
  C:\Windows\System\IKVRKQx.exe
  2⤵
  PID:7536
- C:\Windows\System\wwgpBtP.exe
  C:\Windows\System\wwgpBtP.exe
  2⤵
  PID:7560
- C:\Windows\System\CHRuYoi.exe
  C:\Windows\System\CHRuYoi.exe
  2⤵
  PID:7588
- C:\Windows\System\jbfPNux.exe
  C:\Windows\System\jbfPNux.exe
  2⤵
  PID:7616
- C:\Windows\System\AfDfjBb.exe
  C:\Windows\System\AfDfjBb.exe
  2⤵
  PID:7644
- C:\Windows\System\SvyBDTW.exe
  C:\Windows\System\SvyBDTW.exe
  2⤵
  PID:7676
- C:\Windows\System\PjYvMEM.exe
  C:\Windows\System\PjYvMEM.exe
  2⤵
  PID:7704
- C:\Windows\System\uLocWbe.exe
  C:\Windows\System\uLocWbe.exe
  2⤵
  PID:7728
- C:\Windows\System\YaUWofV.exe
  C:\Windows\System\YaUWofV.exe
  2⤵
  PID:7756
- C:\Windows\System\CgoilHn.exe
  C:\Windows\System\CgoilHn.exe
  2⤵
  PID:7784
- C:\Windows\System\CWYrvPh.exe
  C:\Windows\System\CWYrvPh.exe
  2⤵
  PID:7808
- C:\Windows\System\CLOQphC.exe
  C:\Windows\System\CLOQphC.exe
  2⤵
  PID:7832
- C:\Windows\System\oiBYetR.exe
  C:\Windows\System\oiBYetR.exe
  2⤵
  PID:7860
- C:\Windows\System\KFZQhMk.exe
  C:\Windows\System\KFZQhMk.exe
  2⤵
  PID:7884
- C:\Windows\System\QoHXbgM.exe
  C:\Windows\System\QoHXbgM.exe
  2⤵
  PID:7916
- C:\Windows\System\NNygycg.exe
  C:\Windows\System\NNygycg.exe
  2⤵
  PID:7944
- C:\Windows\System\cJtieDR.exe
  C:\Windows\System\cJtieDR.exe
  2⤵
  PID:7972
- C:\Windows\System\EAifeHl.exe
  C:\Windows\System\EAifeHl.exe
  2⤵
  PID:8012
- C:\Windows\System\MQSJRPk.exe
  C:\Windows\System\MQSJRPk.exe
  2⤵
  PID:8040
- C:\Windows\System\xJXnfZm.exe
  C:\Windows\System\xJXnfZm.exe
  2⤵
  PID:8076
- C:\Windows\System\UuLvPWm.exe
  C:\Windows\System\UuLvPWm.exe
  2⤵
  PID:8104
- C:\Windows\System\wMZfplT.exe
  C:\Windows\System\wMZfplT.exe
  2⤵
  PID:8132
- C:\Windows\System\CPaVoHh.exe
  C:\Windows\System\CPaVoHh.exe
  2⤵
  PID:8152
- C:\Windows\System\aXekRGJ.exe
  C:\Windows\System\aXekRGJ.exe
  2⤵
  PID:6156
- C:\Windows\System\zvrxUOF.exe
  C:\Windows\System\zvrxUOF.exe
  2⤵
  PID:5148
- C:\Windows\System\pqUYvXn.exe
  C:\Windows\System\pqUYvXn.exe
  2⤵
  PID:6944
- C:\Windows\System\EapkSnu.exe
  C:\Windows\System\EapkSnu.exe
  2⤵
  PID:7256
- C:\Windows\System\NiHcPsw.exe
  C:\Windows\System\NiHcPsw.exe
  2⤵
  PID:6300
- C:\Windows\System\THBDJSw.exe
  C:\Windows\System\THBDJSw.exe
  2⤵
  PID:7200
- C:\Windows\System\vxhNTet.exe
  C:\Windows\System\vxhNTet.exe
  2⤵
  PID:7380
- C:\Windows\System\UULTrJv.exe
  C:\Windows\System\UULTrJv.exe
  2⤵
  PID:7500
- C:\Windows\System\VfBRvQK.exe
  C:\Windows\System\VfBRvQK.exe
  2⤵
  PID:7296
- C:\Windows\System\NgnwjID.exe
  C:\Windows\System\NgnwjID.exe
  2⤵
  PID:7660
- C:\Windows\System\DvVDXjF.exe
  C:\Windows\System\DvVDXjF.exe
  2⤵
  PID:7580
- C:\Windows\System\vAGVHIo.exe
  C:\Windows\System\vAGVHIo.exe
  2⤵
  PID:7636
- C:\Windows\System\YbrNWuH.exe
  C:\Windows\System\YbrNWuH.exe
  2⤵
  PID:7568
- C:\Windows\System\ygfpekz.exe
  C:\Windows\System\ygfpekz.exe
  2⤵
  PID:7668
- C:\Windows\System\jtHEVuX.exe
  C:\Windows\System\jtHEVuX.exe
  2⤵
  PID:7688
- C:\Windows\System\lqUpzJs.exe
  C:\Windows\System\lqUpzJs.exe
  2⤵
  PID:7868
- C:\Windows\System\gewjkJt.exe
  C:\Windows\System\gewjkJt.exe
  2⤵
  PID:7936
- C:\Windows\System\xcAqrkP.exe
  C:\Windows\System\xcAqrkP.exe
  2⤵
  PID:8100
- C:\Windows\System\pDULUCC.exe
  C:\Windows\System\pDULUCC.exe
  2⤵
  PID:7844
- C:\Windows\System\HIcpDwi.exe
  C:\Windows\System\HIcpDwi.exe
  2⤵
  PID:8172
- C:\Windows\System\YPOUEVL.exe
  C:\Windows\System\YPOUEVL.exe
  2⤵
  PID:8092
- C:\Windows\System\jTjkGGv.exe
  C:\Windows\System\jTjkGGv.exe
  2⤵
  PID:6768
- C:\Windows\System\OyStLNs.exe
  C:\Windows\System\OyStLNs.exe
  2⤵
  PID:7476
- C:\Windows\System\ROuqOBQ.exe
  C:\Windows\System\ROuqOBQ.exe
  2⤵
  PID:4064
- C:\Windows\System\HIOwUdT.exe
  C:\Windows\System\HIOwUdT.exe
  2⤵
  PID:7480
- C:\Windows\System\mLxSPvx.exe
  C:\Windows\System\mLxSPvx.exe
  2⤵
  PID:7772
- C:\Windows\System\IBwmHVI.exe
  C:\Windows\System\IBwmHVI.exe
  2⤵
  PID:7684
- C:\Windows\System\LFUepFw.exe
  C:\Windows\System\LFUepFw.exe
  2⤵
  PID:8072
- C:\Windows\System\YYOulJd.exe
  C:\Windows\System\YYOulJd.exe
  2⤵
  PID:8124
- C:\Windows\System\ytpXQpg.exe
  C:\Windows\System\ytpXQpg.exe
  2⤵
  PID:8200
- C:\Windows\System\BLJTiyC.exe
  C:\Windows\System\BLJTiyC.exe
  2⤵
  PID:8232
- C:\Windows\System\IbrCAry.exe
  C:\Windows\System\IbrCAry.exe
  2⤵
  PID:8264
- C:\Windows\System\vOdEdCb.exe
  C:\Windows\System\vOdEdCb.exe
  2⤵
  PID:8292
- C:\Windows\System\ivilMSb.exe
  C:\Windows\System\ivilMSb.exe
  2⤵
  PID:8324
- C:\Windows\System\QNOGsnD.exe
  C:\Windows\System\QNOGsnD.exe
  2⤵
  PID:8348
- C:\Windows\System\TOmhWzU.exe
  C:\Windows\System\TOmhWzU.exe
  2⤵
  PID:8372
- C:\Windows\System\UZitSRf.exe
  C:\Windows\System\UZitSRf.exe
  2⤵
  PID:8388
- C:\Windows\System\Frctxnz.exe
  C:\Windows\System\Frctxnz.exe
  2⤵
  PID:8412
- C:\Windows\System\IKGSMoV.exe
  C:\Windows\System\IKGSMoV.exe
  2⤵
  PID:8440
- C:\Windows\System\uUIdpbp.exe
  C:\Windows\System\uUIdpbp.exe
  2⤵
  PID:8468
- C:\Windows\System\AFoVbBM.exe
  C:\Windows\System\AFoVbBM.exe
  2⤵
  PID:8492
- C:\Windows\System\tmiTNCT.exe
  C:\Windows\System\tmiTNCT.exe
  2⤵
  PID:8512
- C:\Windows\System\GGMOyDM.exe
  C:\Windows\System\GGMOyDM.exe
  2⤵
  PID:8544
- C:\Windows\System\XBhmXkk.exe
  C:\Windows\System\XBhmXkk.exe
  2⤵
  PID:8564
- C:\Windows\System\XebSunm.exe
  C:\Windows\System\XebSunm.exe
  2⤵
  PID:8592
- C:\Windows\System\EnUzRCZ.exe
  C:\Windows\System\EnUzRCZ.exe
  2⤵
  PID:8616
- C:\Windows\System\ebHQYYc.exe
  C:\Windows\System\ebHQYYc.exe
  2⤵
  PID:8644
- C:\Windows\System\prwJkeM.exe
  C:\Windows\System\prwJkeM.exe
  2⤵
  PID:8668
- C:\Windows\System\ZDvBCwP.exe
  C:\Windows\System\ZDvBCwP.exe
  2⤵
  PID:8696
- C:\Windows\System\AgPqhMN.exe
  C:\Windows\System\AgPqhMN.exe
  2⤵
  PID:8720
- C:\Windows\System\bxpKPxi.exe
  C:\Windows\System\bxpKPxi.exe
  2⤵
  PID:8748
- C:\Windows\System\PnBjZmA.exe
  C:\Windows\System\PnBjZmA.exe
  2⤵
  PID:8776
- C:\Windows\System\mLLwoXO.exe
  C:\Windows\System\mLLwoXO.exe
  2⤵
  PID:8808
- C:\Windows\System\cOfazAg.exe
  C:\Windows\System\cOfazAg.exe
  2⤵
  PID:8832
- C:\Windows\System\fOVuugs.exe
  C:\Windows\System\fOVuugs.exe
  2⤵
  PID:8860
- C:\Windows\System\HlvGfxQ.exe
  C:\Windows\System\HlvGfxQ.exe
  2⤵
  PID:8888
- C:\Windows\System\QidcovW.exe
  C:\Windows\System\QidcovW.exe
  2⤵
  PID:8916
- C:\Windows\System\mqBBzHK.exe
  C:\Windows\System\mqBBzHK.exe
  2⤵
  PID:8944
- C:\Windows\System\idOKXKf.exe
  C:\Windows\System\idOKXKf.exe
  2⤵
  PID:8972
- C:\Windows\System\HOVNDRr.exe
  C:\Windows\System\HOVNDRr.exe
  2⤵
  PID:8996
- C:\Windows\System\hscCpzR.exe
  C:\Windows\System\hscCpzR.exe
  2⤵
  PID:9028
- C:\Windows\System\xkOJzMG.exe
  C:\Windows\System\xkOJzMG.exe
  2⤵
  PID:9060
- C:\Windows\System\aAOdNYw.exe
  C:\Windows\System\aAOdNYw.exe
  2⤵
  PID:9084
- C:\Windows\System\RUNnyUo.exe
  C:\Windows\System\RUNnyUo.exe
  2⤵
  PID:9124
- C:\Windows\System\mugcXcK.exe
  C:\Windows\System\mugcXcK.exe
  2⤵
  PID:9156
- C:\Windows\System\ROSLwHl.exe
  C:\Windows\System\ROSLwHl.exe
  2⤵
  PID:9188
- C:\Windows\System\EdBaDSZ.exe
  C:\Windows\System\EdBaDSZ.exe
  2⤵
  PID:6676
- C:\Windows\System\vFFjuYR.exe
  C:\Windows\System\vFFjuYR.exe
  2⤵
  PID:1284
- C:\Windows\System\KCLsgVb.exe
  C:\Windows\System\KCLsgVb.exe
  2⤵
  PID:7552
- C:\Windows\System\hmScUCG.exe
  C:\Windows\System\hmScUCG.exe
  2⤵
  PID:7172
- C:\Windows\System\RAvJkOX.exe
  C:\Windows\System\RAvJkOX.exe
  2⤵
  PID:8368
- C:\Windows\System\ztNKfXQ.exe
  C:\Windows\System\ztNKfXQ.exe
  2⤵
  PID:8396
- C:\Windows\System\CYIyQao.exe
  C:\Windows\System\CYIyQao.exe
  2⤵
  PID:7604
- C:\Windows\System\KTzOcJJ.exe
  C:\Windows\System\KTzOcJJ.exe
  2⤵
  PID:8244
- C:\Windows\System\FEsUWVq.exe
  C:\Windows\System\FEsUWVq.exe
  2⤵
  PID:8300
- C:\Windows\System\iQsMqrN.exe
  C:\Windows\System\iQsMqrN.exe
  2⤵
  PID:8340
- C:\Windows\System\acvNyBu.exe
  C:\Windows\System\acvNyBu.exe
  2⤵
  PID:8540
- C:\Windows\System\pjefdEs.exe
  C:\Windows\System\pjefdEs.exe
  2⤵
  PID:8484
- C:\Windows\System\QGAgJhm.exe
  C:\Windows\System\QGAgJhm.exe
  2⤵
  PID:8660
- C:\Windows\System\ImAiRLb.exe
  C:\Windows\System\ImAiRLb.exe
  2⤵
  PID:8764
- C:\Windows\System\MGTtyvU.exe
  C:\Windows\System\MGTtyvU.exe
  2⤵
  PID:8960
- C:\Windows\System\UnlfYDR.exe
  C:\Windows\System\UnlfYDR.exe
  2⤵
  PID:9044
- C:\Windows\System\EWLcKuj.exe
  C:\Windows\System\EWLcKuj.exe
  2⤵
  PID:8848
- C:\Windows\System\yxBlegr.exe
  C:\Windows\System\yxBlegr.exe
  2⤵
  PID:8928
- C:\Windows\System\UqOspjW.exe
  C:\Windows\System\UqOspjW.exe
  2⤵
  PID:9076
- C:\Windows\System\NvNWVdL.exe
  C:\Windows\System\NvNWVdL.exe
  2⤵
  PID:8052
- C:\Windows\System\mZfqTQL.exe
  C:\Windows\System\mZfqTQL.exe
  2⤵
  PID:4652
- C:\Windows\System\ixXLFsm.exe
  C:\Windows\System\ixXLFsm.exe
  2⤵
  PID:1008
- C:\Windows\System\RQLvefo.exe
  C:\Windows\System\RQLvefo.exe
  2⤵
  PID:8584
- C:\Windows\System\RicZaYy.exe
  C:\Windows\System\RicZaYy.exe
  2⤵
  PID:3032
- C:\Windows\System\FVjdhwG.exe
  C:\Windows\System\FVjdhwG.exe
  2⤵
  PID:8004
- C:\Windows\System\hlWsXad.exe
  C:\Windows\System\hlWsXad.exe
  2⤵
  PID:8560
- C:\Windows\System\Dhwvjht.exe
  C:\Windows\System\Dhwvjht.exe
  2⤵
  PID:7720
- C:\Windows\System\VdaXghM.exe
  C:\Windows\System\VdaXghM.exe
  2⤵
  PID:8556
- C:\Windows\System\waROcip.exe
  C:\Windows\System\waROcip.exe
  2⤵
  PID:8876
- C:\Windows\System\QHAocMN.exe
  C:\Windows\System\QHAocMN.exe
  2⤵
  PID:8632
- C:\Windows\System\UWqAtgt.exe
  C:\Windows\System\UWqAtgt.exe
  2⤵
  PID:8740
- C:\Windows\System\XQGoPhY.exe
  C:\Windows\System\XQGoPhY.exe
  2⤵
  PID:9240
- C:\Windows\System\tpXqgbD.exe
  C:\Windows\System\tpXqgbD.exe
  2⤵
  PID:9264
- C:\Windows\System\gxulPNE.exe
  C:\Windows\System\gxulPNE.exe
  2⤵
  PID:9300
- C:\Windows\System\aFdRcKS.exe
  C:\Windows\System\aFdRcKS.exe
  2⤵
  PID:9324
- C:\Windows\System\syEHyEO.exe
  C:\Windows\System\syEHyEO.exe
  2⤵
  PID:9348
- C:\Windows\System\FjVxlbf.exe
  C:\Windows\System\FjVxlbf.exe
  2⤵
  PID:9372
- C:\Windows\System\oiGSZMk.exe
  C:\Windows\System\oiGSZMk.exe
  2⤵
  PID:9400
- C:\Windows\System\IVwsYWR.exe
  C:\Windows\System\IVwsYWR.exe
  2⤵
  PID:9432
- C:\Windows\System\PMatDfk.exe
  C:\Windows\System\PMatDfk.exe
  2⤵
  PID:9464
- C:\Windows\System\wOmtelJ.exe
  C:\Windows\System\wOmtelJ.exe
  2⤵
  PID:9496
- C:\Windows\System\WjgjKGw.exe
  C:\Windows\System\WjgjKGw.exe
  2⤵
  PID:9520
- C:\Windows\System\MYXcinr.exe
  C:\Windows\System\MYXcinr.exe
  2⤵
  PID:9548
- C:\Windows\System\yrFwMCp.exe
  C:\Windows\System\yrFwMCp.exe
  2⤵
  PID:9572
- C:\Windows\System\VsNEJMg.exe
  C:\Windows\System\VsNEJMg.exe
  2⤵
  PID:9596
- C:\Windows\System\YCeKosP.exe
  C:\Windows\System\YCeKosP.exe
  2⤵
  PID:9624
- C:\Windows\System\jkZTnGH.exe
  C:\Windows\System\jkZTnGH.exe
  2⤵
  PID:9660
- C:\Windows\System\NcBNsRg.exe
  C:\Windows\System\NcBNsRg.exe
  2⤵
  PID:9680
- C:\Windows\System\JVIRgEo.exe
  C:\Windows\System\JVIRgEo.exe
  2⤵
  PID:9704
- C:\Windows\System\HDuEXEW.exe
  C:\Windows\System\HDuEXEW.exe
  2⤵
  PID:9736
- C:\Windows\System\rBbvCBR.exe
  C:\Windows\System\rBbvCBR.exe
  2⤵
  PID:9756
- C:\Windows\System\eWZswkV.exe
  C:\Windows\System\eWZswkV.exe
  2⤵
  PID:9788
- C:\Windows\System\jvYFjlW.exe
  C:\Windows\System\jvYFjlW.exe
  2⤵
  PID:9816
- C:\Windows\System\vFpxFar.exe
  C:\Windows\System\vFpxFar.exe
  2⤵
  PID:9848
- C:\Windows\System\ZovdCca.exe
  C:\Windows\System\ZovdCca.exe
  2⤵
  PID:9876
- C:\Windows\System\ZYrqfMS.exe
  C:\Windows\System\ZYrqfMS.exe
  2⤵
  PID:9908
- C:\Windows\System\XjsJqhJ.exe
  C:\Windows\System\XjsJqhJ.exe
  2⤵
  PID:9936
- C:\Windows\System\hkFyVxD.exe
  C:\Windows\System\hkFyVxD.exe
  2⤵
  PID:9956
- C:\Windows\System\GuqkWSI.exe
  C:\Windows\System\GuqkWSI.exe
  2⤵
  PID:9972
- C:\Windows\System\oWNgzYF.exe
  C:\Windows\System\oWNgzYF.exe
  2⤵
  PID:9992
- C:\Windows\System\azGBYpX.exe
  C:\Windows\System\azGBYpX.exe
  2⤵
  PID:10020
- C:\Windows\System\GutdfBP.exe
  C:\Windows\System\GutdfBP.exe
  2⤵
  PID:10048
- C:\Windows\System\hFpJugA.exe
  C:\Windows\System\hFpJugA.exe
  2⤵
  PID:10084
- C:\Windows\System\JkbsOvQ.exe
  C:\Windows\System\JkbsOvQ.exe
  2⤵
  PID:10112
- C:\Windows\System\Iawbigc.exe
  C:\Windows\System\Iawbigc.exe
  2⤵
  PID:10140
- C:\Windows\System\hMNkCjp.exe
  C:\Windows\System\hMNkCjp.exe
  2⤵
  PID:10160
- C:\Windows\System\AxVYDHB.exe
  C:\Windows\System\AxVYDHB.exe
  2⤵
  PID:10184
- C:\Windows\System\BNCyPkz.exe
  C:\Windows\System\BNCyPkz.exe
  2⤵
  PID:10212
- C:\Windows\System\mjwLLsH.exe
  C:\Windows\System\mjwLLsH.exe
  2⤵
  PID:10232
- C:\Windows\System\vNwZuql.exe
  C:\Windows\System\vNwZuql.exe
  2⤵
  PID:7952
- C:\Windows\System\OyOPtlo.exe
  C:\Windows\System\OyOPtlo.exe
  2⤵
  PID:8196
- C:\Windows\System\MMiPznq.exe
  C:\Windows\System\MMiPznq.exe
  2⤵
  PID:9312
- C:\Windows\System\cAkXbHO.exe
  C:\Windows\System\cAkXbHO.exe
  2⤵
  PID:8312
- C:\Windows\System\xMpjOgE.exe
  C:\Windows\System\xMpjOgE.exe
  2⤵
  PID:9444
- C:\Windows\System\dTcBKDt.exe
  C:\Windows\System\dTcBKDt.exe
  2⤵
  PID:9460
- C:\Windows\System\TZZGwOr.exe
  C:\Windows\System\TZZGwOr.exe
  2⤵
  PID:9516
- C:\Windows\System\oWRhxym.exe
  C:\Windows\System\oWRhxym.exe
  2⤵
  PID:9380
- C:\Windows\System\nzVLltH.exe
  C:\Windows\System\nzVLltH.exe
  2⤵
  PID:9564
- C:\Windows\System\PrZTZGI.exe
  C:\Windows\System\PrZTZGI.exe
  2⤵
  PID:9608
- C:\Windows\System\ohLcXen.exe
  C:\Windows\System\ohLcXen.exe
  2⤵
  PID:9672
- C:\Windows\System\kvaZuDP.exe
  C:\Windows\System\kvaZuDP.exe
  2⤵
  PID:9888
- C:\Windows\System\jlmHjqp.exe
  C:\Windows\System\jlmHjqp.exe
  2⤵
  PID:9952
- C:\Windows\System\RwMOwVu.exe
  C:\Windows\System\RwMOwVu.exe
  2⤵
  PID:9700
- C:\Windows\System\wXyZALF.exe
  C:\Windows\System\wXyZALF.exe
  2⤵
  PID:9920
- C:\Windows\System\REcsgxD.exe
  C:\Windows\System\REcsgxD.exe
  2⤵
  PID:10040
- C:\Windows\System\haWvnTL.exe
  C:\Windows\System\haWvnTL.exe
  2⤵
  PID:9924
- C:\Windows\System\efffNLL.exe
  C:\Windows\System\efffNLL.exe
  2⤵
  PID:9456
- C:\Windows\System\Mwtefce.exe
  C:\Windows\System\Mwtefce.exe
  2⤵
  PID:10044
- C:\Windows\System\kbUrZDn.exe
  C:\Windows\System\kbUrZDn.exe
  2⤵
  PID:9368
- C:\Windows\System\XBngpWI.exe
  C:\Windows\System\XBngpWI.exe
  2⤵
  PID:10136
- C:\Windows\System\uTfyLei.exe
  C:\Windows\System\uTfyLei.exe
  2⤵
  PID:7508
- C:\Windows\System\cqCVgkR.exe
  C:\Windows\System\cqCVgkR.exe
  2⤵
  PID:9696
- C:\Windows\System\CStGSQo.exe
  C:\Windows\System\CStGSQo.exe
  2⤵
  PID:9320
- C:\Windows\System\gVoZKVj.exe
  C:\Windows\System\gVoZKVj.exe
  2⤵
  PID:9180
- C:\Windows\System\JNTKqtM.exe
  C:\Windows\System\JNTKqtM.exe
  2⤵
  PID:9676
- C:\Windows\System\ZygHJXm.exe
  C:\Windows\System\ZygHJXm.exe
  2⤵
  PID:9768
- C:\Windows\System\rQikTIb.exe
  C:\Windows\System\rQikTIb.exe
  2⤵
  PID:10264
- C:\Windows\System\mxiGaBt.exe
  C:\Windows\System\mxiGaBt.exe
  2⤵
  PID:10280
- C:\Windows\System\szJkpsw.exe
  C:\Windows\System\szJkpsw.exe
  2⤵
  PID:10316
- C:\Windows\System\pxMlkrf.exe
  C:\Windows\System\pxMlkrf.exe
  2⤵
  PID:10344
- C:\Windows\System\VwQZMsJ.exe
  C:\Windows\System\VwQZMsJ.exe
  2⤵
  PID:10364
- C:\Windows\System\iGGKvxz.exe
  C:\Windows\System\iGGKvxz.exe
  2⤵
  PID:10392
- C:\Windows\System\PMUAmwE.exe
  C:\Windows\System\PMUAmwE.exe
  2⤵
  PID:10420
- C:\Windows\System\WMTFotZ.exe
  C:\Windows\System\WMTFotZ.exe
  2⤵
  PID:10464
- C:\Windows\System\AdxIETx.exe
  C:\Windows\System\AdxIETx.exe
  2⤵
  PID:10484
- C:\Windows\System\kBHsGKh.exe
  C:\Windows\System\kBHsGKh.exe
  2⤵
  PID:10508
- C:\Windows\System\ykahdAn.exe
  C:\Windows\System\ykahdAn.exe
  2⤵
  PID:10532
- C:\Windows\System\DjSqorO.exe
  C:\Windows\System\DjSqorO.exe
  2⤵
  PID:10548
- C:\Windows\System\CIyiXeR.exe
  C:\Windows\System\CIyiXeR.exe
  2⤵
  PID:10576
- C:\Windows\System\gueFdOO.exe
  C:\Windows\System\gueFdOO.exe
  2⤵
  PID:10596
- C:\Windows\System\DYTqsbg.exe
  C:\Windows\System\DYTqsbg.exe
  2⤵
  PID:10620
- C:\Windows\System\LaEELJA.exe
  C:\Windows\System\LaEELJA.exe
  2⤵
  PID:10652
- C:\Windows\System\LnhYHba.exe
  C:\Windows\System\LnhYHba.exe
  2⤵
  PID:10684
- C:\Windows\System\BTiWiXI.exe
  C:\Windows\System\BTiWiXI.exe
  2⤵
  PID:10712
- C:\Windows\System\YmMtbAg.exe
  C:\Windows\System\YmMtbAg.exe
  2⤵
  PID:10744
- C:\Windows\System\nqeESqD.exe
  C:\Windows\System\nqeESqD.exe
  2⤵
  PID:10764
- C:\Windows\System\JYnBwRF.exe
  C:\Windows\System\JYnBwRF.exe
  2⤵
  PID:10796
- C:\Windows\System\HXgOGbS.exe
  C:\Windows\System\HXgOGbS.exe
  2⤵
  PID:10816
- C:\Windows\System\UFpoZfz.exe
  C:\Windows\System\UFpoZfz.exe
  2⤵
  PID:10840
- C:\Windows\System\RtOMhwy.exe
  C:\Windows\System\RtOMhwy.exe
  2⤵
  PID:10864
- C:\Windows\System\WAMmwQi.exe
  C:\Windows\System\WAMmwQi.exe
  2⤵
  PID:10888
- C:\Windows\System\uSIAAkB.exe
  C:\Windows\System\uSIAAkB.exe
  2⤵
  PID:10916
- C:\Windows\System\opmlZNy.exe
  C:\Windows\System\opmlZNy.exe
  2⤵
  PID:10940
- C:\Windows\System\ysrhfms.exe
  C:\Windows\System\ysrhfms.exe
  2⤵
  PID:10972
- C:\Windows\System\RfmWlMQ.exe
  C:\Windows\System\RfmWlMQ.exe
  2⤵
  PID:10996
- C:\Windows\System\ysgVyCh.exe
  C:\Windows\System\ysgVyCh.exe
  2⤵
  PID:11032
- C:\Windows\System\fgBTGeU.exe
  C:\Windows\System\fgBTGeU.exe
  2⤵
  PID:11056
- C:\Windows\System\RUVMXIg.exe
  C:\Windows\System\RUVMXIg.exe
  2⤵
  PID:11080
- C:\Windows\System\omkHkHi.exe
  C:\Windows\System\omkHkHi.exe
  2⤵
  PID:11116
- C:\Windows\System\RMoxjsk.exe
  C:\Windows\System\RMoxjsk.exe
  2⤵
  PID:11140
- C:\Windows\System\OLkCeMf.exe
  C:\Windows\System\OLkCeMf.exe
  2⤵
  PID:11168
- C:\Windows\System\AomtbgE.exe
  C:\Windows\System\AomtbgE.exe
  2⤵
  PID:11192
- C:\Windows\System\VuYFRUd.exe
  C:\Windows\System\VuYFRUd.exe
  2⤵
  PID:11216
- C:\Windows\System\gfQOwFe.exe
  C:\Windows\System\gfQOwFe.exe
  2⤵
  PID:11244
- C:\Windows\System\UHYqsni.exe
  C:\Windows\System\UHYqsni.exe
  2⤵
  PID:9860
- C:\Windows\System\bLCjFQz.exe
  C:\Windows\System\bLCjFQz.exe
  2⤵
  PID:9220
- C:\Windows\System\AhvhCZq.exe
  C:\Windows\System\AhvhCZq.exe
  2⤵
  PID:10244
- C:\Windows\System\qAuvCbc.exe
  C:\Windows\System\qAuvCbc.exe
  2⤵
  PID:10124
- C:\Windows\System\lEIkomH.exe
  C:\Windows\System\lEIkomH.exe
  2⤵
  PID:10356
- C:\Windows\System\jjXLnXb.exe
  C:\Windows\System\jjXLnXb.exe
  2⤵
  PID:8852
- C:\Windows\System\rTKTxFY.exe
  C:\Windows\System\rTKTxFY.exe
  2⤵
  PID:9776
- C:\Windows\System\zzHmELy.exe
  C:\Windows\System\zzHmELy.exe
  2⤵
  PID:10384
- C:\Windows\System\cfCLJka.exe
  C:\Windows\System\cfCLJka.exe
  2⤵
  PID:10616
- C:\Windows\System\sITcEsk.exe
  C:\Windows\System\sITcEsk.exe
  2⤵
  PID:10676
- C:\Windows\System\xqkZMsH.exe
  C:\Windows\System\xqkZMsH.exe
  2⤵
  PID:10696
- C:\Windows\System\ClaaMPE.exe
  C:\Windows\System\ClaaMPE.exe
  2⤵
  PID:10740
- C:\Windows\System\XfgLacw.exe
  C:\Windows\System\XfgLacw.exe
  2⤵
  PID:10812
- C:\Windows\System\nLTqQiw.exe
  C:\Windows\System\nLTqQiw.exe
  2⤵
  PID:10880
- C:\Windows\System\rjMCmnB.exe
  C:\Windows\System\rjMCmnB.exe
  2⤵
  PID:10928
- C:\Windows\System\LRaOXFo.exe
  C:\Windows\System\LRaOXFo.exe
  2⤵
  PID:10500
- C:\Windows\System\VDbgYhb.exe
  C:\Windows\System\VDbgYhb.exe
  2⤵
  PID:11024
- C:\Windows\System\QcXruBu.exe
  C:\Windows\System\QcXruBu.exe
  2⤵
  PID:10564
- C:\Windows\System\GfPYBWo.exe
  C:\Windows\System\GfPYBWo.exe
  2⤵
  PID:11204
- C:\Windows\System\qygUNER.exe
  C:\Windows\System\qygUNER.exe
  2⤵
  PID:10752
- C:\Windows\System\WgDRtXm.exe
  C:\Windows\System\WgDRtXm.exe
  2⤵
  PID:11040
- C:\Windows\System\BGrkBVY.exe
  C:\Windows\System\BGrkBVY.exe
  2⤵
  PID:10108
- C:\Windows\System\OhNXBdO.exe
  C:\Windows\System\OhNXBdO.exe
  2⤵
  PID:10588
- C:\Windows\System\tFdVLSB.exe
  C:\Windows\System\tFdVLSB.exe
  2⤵
  PID:10472
- C:\Windows\System\wAcFERl.exe
  C:\Windows\System\wAcFERl.exe
  2⤵
  PID:11276
- C:\Windows\System\TLTotOS.exe
  C:\Windows\System\TLTotOS.exe
  2⤵
  PID:11308
- C:\Windows\System\SEbuERf.exe
  C:\Windows\System\SEbuERf.exe
  2⤵
  PID:11336
- C:\Windows\System\IwVQxwo.exe
  C:\Windows\System\IwVQxwo.exe
  2⤵
  PID:11356
- C:\Windows\System\DvDWZhq.exe
  C:\Windows\System\DvDWZhq.exe
  2⤵
  PID:11384
- C:\Windows\System\REctSLW.exe
  C:\Windows\System\REctSLW.exe
  2⤵
  PID:11412
- C:\Windows\System\spGmXce.exe
  C:\Windows\System\spGmXce.exe
  2⤵
  PID:11432
- C:\Windows\System\RBbVAuK.exe
  C:\Windows\System\RBbVAuK.exe
  2⤵
  PID:11460
- C:\Windows\System\psQtVBx.exe
  C:\Windows\System\psQtVBx.exe
  2⤵
  PID:11480
- C:\Windows\System\FCGILSC.exe
  C:\Windows\System\FCGILSC.exe
  2⤵
  PID:11508
- C:\Windows\System\gdumttJ.exe
  C:\Windows\System\gdumttJ.exe
  2⤵
  PID:11544
- C:\Windows\System\MPOXWQI.exe
  C:\Windows\System\MPOXWQI.exe
  2⤵
  PID:11564
- C:\Windows\System\ojKSihr.exe
  C:\Windows\System\ojKSihr.exe
  2⤵
  PID:11596
- C:\Windows\System\jsOpEGi.exe
  C:\Windows\System\jsOpEGi.exe
  2⤵
  PID:11628
- C:\Windows\System\ilHwGSs.exe
  C:\Windows\System\ilHwGSs.exe
  2⤵
  PID:11652
- C:\Windows\System\wBMcqwh.exe
  C:\Windows\System\wBMcqwh.exe
  2⤵
  PID:11684
- C:\Windows\System\usQOydG.exe
  C:\Windows\System\usQOydG.exe
  2⤵
  PID:11708
- C:\Windows\System\GWINzeC.exe
  C:\Windows\System\GWINzeC.exe
  2⤵
  PID:11740
- C:\Windows\System\OjfFhCo.exe
  C:\Windows\System\OjfFhCo.exe
  2⤵
  PID:11768
- C:\Windows\System\SIeyNdN.exe
  C:\Windows\System\SIeyNdN.exe
  2⤵
  PID:11796
- C:\Windows\System\SFWyaOH.exe
  C:\Windows\System\SFWyaOH.exe
  2⤵
  PID:11824
- C:\Windows\System\PaThoHb.exe
  C:\Windows\System\PaThoHb.exe
  2⤵
  PID:11844
- C:\Windows\System\SSJnrXW.exe
  C:\Windows\System\SSJnrXW.exe
  2⤵
  PID:11872
- C:\Windows\System\oIxnyXM.exe
  C:\Windows\System\oIxnyXM.exe
  2⤵
  PID:11892
- C:\Windows\System\bbnnZke.exe
  C:\Windows\System\bbnnZke.exe
  2⤵
  PID:11928
- C:\Windows\System\xcHouRV.exe
  C:\Windows\System\xcHouRV.exe
  2⤵
  PID:11952
- C:\Windows\System\pftvIvT.exe
  C:\Windows\System\pftvIvT.exe
  2⤵
  PID:12004
- C:\Windows\System\tQXwDRA.exe
  C:\Windows\System\tQXwDRA.exe
  2⤵
  PID:12024
- C:\Windows\System\iDjtTEI.exe
  C:\Windows\System\iDjtTEI.exe
  2⤵
  PID:12052
- C:\Windows\System\aHVmUmu.exe
  C:\Windows\System\aHVmUmu.exe
  2⤵
  PID:12080
- C:\Windows\System\PeyTKmu.exe
  C:\Windows\System\PeyTKmu.exe
  2⤵
  PID:12108
- C:\Windows\System\MnslIAD.exe
  C:\Windows\System\MnslIAD.exe
  2⤵
  PID:12136
- C:\Windows\System\PMijeeC.exe
  C:\Windows\System\PMijeeC.exe
  2⤵
  PID:12156
- C:\Windows\System\JlVAWpq.exe
  C:\Windows\System\JlVAWpq.exe
  2⤵
  PID:12184
- C:\Windows\System\BvdaZuj.exe
  C:\Windows\System\BvdaZuj.exe
  2⤵
  PID:12212
- C:\Windows\System\rzfkMno.exe
  C:\Windows\System\rzfkMno.exe
  2⤵
  PID:12236
- C:\Windows\System\RqlUXGc.exe
  C:\Windows\System\RqlUXGc.exe
  2⤵
  PID:12264
- C:\Windows\System\ZwSdQiM.exe
  C:\Windows\System\ZwSdQiM.exe
  2⤵
  PID:9096
- C:\Windows\System\WGdhJTg.exe
  C:\Windows\System\WGdhJTg.exe
  2⤵
  PID:9488
- C:\Windows\System\harGgAT.exe
  C:\Windows\System\harGgAT.exe
  2⤵
  PID:11180
- C:\Windows\System\BlZqPvd.exe
  C:\Windows\System\BlZqPvd.exe
  2⤵
  PID:10900
- C:\Windows\System\vpvayyX.exe
  C:\Windows\System\vpvayyX.exe
  2⤵
  PID:11104
- C:\Windows\System\oxOXYTK.exe
  C:\Windows\System\oxOXYTK.exe
  2⤵
  PID:11332
- C:\Windows\System\aQrFiRa.exe
  C:\Windows\System\aQrFiRa.exe
  2⤵
  PID:10292
- C:\Windows\System\KbESYdx.exe
  C:\Windows\System\KbESYdx.exe
  2⤵
  PID:9396
- C:\Windows\System\SGZtYJl.exe
  C:\Windows\System\SGZtYJl.exe
  2⤵
  PID:11476
- C:\Windows\System\QHDyqho.exe
  C:\Windows\System\QHDyqho.exe
  2⤵
  PID:11532
- C:\Windows\System\MMohmSY.exe
  C:\Windows\System\MMohmSY.exe
  2⤵
  PID:10608
- C:\Windows\System\kHIUBTN.exe
  C:\Windows\System\kHIUBTN.exe
  2⤵
  PID:11300
- C:\Windows\System\opYbkjU.exe
  C:\Windows\System\opYbkjU.exe
  2⤵
  PID:11748
- C:\Windows\System\SvfcdtK.exe
  C:\Windows\System\SvfcdtK.exe
  2⤵
  PID:11492
- C:\Windows\System\ReeqpmK.exe
  C:\Windows\System\ReeqpmK.exe
  2⤵
  PID:11920
- C:\Windows\System\ptlsPrn.exe
  C:\Windows\System\ptlsPrn.exe
  2⤵
  PID:11968
- C:\Windows\System\kPAvJQh.exe
  C:\Windows\System\kPAvJQh.exe
  2⤵
  PID:11368
- C:\Windows\System\LfQypYt.exe
  C:\Windows\System\LfQypYt.exe
  2⤵
  PID:11452
- C:\Windows\System\HarAuNg.exe
  C:\Windows\System\HarAuNg.exe
  2⤵
  PID:11804
- C:\Windows\System\iyeCcBF.exe
  C:\Windows\System\iyeCcBF.exe
  2⤵
  PID:11856
- C:\Windows\System\YiPWNlF.exe
  C:\Windows\System\YiPWNlF.exe
  2⤵
  PID:12092
- C:\Windows\System\SdTAaNF.exe
  C:\Windows\System\SdTAaNF.exe
  2⤵
  PID:12176
- C:\Windows\System\tSFClPD.exe
  C:\Windows\System\tSFClPD.exe
  2⤵
  PID:12244
- C:\Windows\System\LfeWCAd.exe
  C:\Windows\System\LfeWCAd.exe
  2⤵
  PID:10336
- C:\Windows\System\AXSsCsg.exe
  C:\Windows\System\AXSsCsg.exe
  2⤵
  PID:12048
- C:\Windows\System\hJUOsfR.exe
  C:\Windows\System\hJUOsfR.exe
  2⤵
  PID:11228
- C:\Windows\System\fcAdOXa.exe
  C:\Windows\System\fcAdOXa.exe
  2⤵
  PID:12148
- C:\Windows\System\ibgdLmE.exe
  C:\Windows\System\ibgdLmE.exe
  2⤵
  PID:12220
- C:\Windows\System\WqkNMVj.exe
  C:\Windows\System\WqkNMVj.exe
  2⤵
  PID:12296
- C:\Windows\System\pnCPwSa.exe
  C:\Windows\System\pnCPwSa.exe
  2⤵
  PID:12312
- C:\Windows\System\sMoPZYZ.exe
  C:\Windows\System\sMoPZYZ.exe
  2⤵
  PID:12328
- C:\Windows\System\aqfQbbX.exe
  C:\Windows\System\aqfQbbX.exe
  2⤵
  PID:12356
- C:\Windows\System\MrkihXa.exe
  C:\Windows\System\MrkihXa.exe
  2⤵
  PID:12380
- C:\Windows\System\NjQhHlY.exe
  C:\Windows\System\NjQhHlY.exe
  2⤵
  PID:12408
- C:\Windows\System\NynLTbQ.exe
  C:\Windows\System\NynLTbQ.exe
  2⤵
  PID:12424
- C:\Windows\System\hrogsEX.exe
  C:\Windows\System\hrogsEX.exe
  2⤵
  PID:12452
- C:\Windows\System\RHCrlUe.exe
  C:\Windows\System\RHCrlUe.exe
  2⤵
  PID:12476
- C:\Windows\System\UEEvYcF.exe
  C:\Windows\System\UEEvYcF.exe
  2⤵
  PID:12504
- C:\Windows\System\rOxYHwV.exe
  C:\Windows\System\rOxYHwV.exe
  2⤵
  PID:12528
- C:\Windows\System\DDLFeej.exe
  C:\Windows\System\DDLFeej.exe
  2⤵
  PID:12564
- C:\Windows\System\dpeCMUe.exe
  C:\Windows\System\dpeCMUe.exe
  2⤵
  PID:12588
- C:\Windows\System\hWfkOMd.exe
  C:\Windows\System\hWfkOMd.exe
  2⤵
  PID:12616
- C:\Windows\System\xuPLVDQ.exe
  C:\Windows\System\xuPLVDQ.exe
  2⤵
  PID:12648
- C:\Windows\System\rFhztaq.exe
  C:\Windows\System\rFhztaq.exe
  2⤵
  PID:12676
- C:\Windows\System\hRbCTnd.exe
  C:\Windows\System\hRbCTnd.exe
  2⤵
  PID:12696
- C:\Windows\System\NBreFNZ.exe
  C:\Windows\System\NBreFNZ.exe
  2⤵
  PID:12728
- C:\Windows\System\ScmmtdL.exe
  C:\Windows\System\ScmmtdL.exe
  2⤵
  PID:12756
- C:\Windows\System\lJOqAJJ.exe
  C:\Windows\System\lJOqAJJ.exe
  2⤵
  PID:12776
- C:\Windows\System\uGXsjFt.exe
  C:\Windows\System\uGXsjFt.exe
  2⤵
  PID:12808
- C:\Windows\System\ivbFxfE.exe
  C:\Windows\System\ivbFxfE.exe
  2⤵
  PID:12836
- C:\Windows\System\GWwngFb.exe
  C:\Windows\System\GWwngFb.exe
  2⤵
  PID:12864
- C:\Windows\System\nFAIRbT.exe
  C:\Windows\System\nFAIRbT.exe
  2⤵
  PID:12884
- C:\Windows\System\WpGrWaV.exe
  C:\Windows\System\WpGrWaV.exe
  2⤵
  PID:12912
- C:\Windows\System\RJQTvvT.exe
  C:\Windows\System\RJQTvvT.exe
  2⤵
  PID:12940
- C:\Windows\System\KvpMIDt.exe
  C:\Windows\System\KvpMIDt.exe
  2⤵
  PID:12968
- C:\Windows\System\NvCBHbO.exe
  C:\Windows\System\NvCBHbO.exe
  2⤵
  PID:12996
- C:\Windows\System\Bibhikh.exe
  C:\Windows\System\Bibhikh.exe
  2⤵
  PID:13016
- C:\Windows\System\nOROrdO.exe
  C:\Windows\System\nOROrdO.exe
  2⤵
  PID:13040
- C:\Windows\System\OkdEVVg.exe
  C:\Windows\System\OkdEVVg.exe
  2⤵
  PID:13064
- C:\Windows\System\KHKjTUS.exe
  C:\Windows\System\KHKjTUS.exe
  2⤵
  PID:13084
- C:\Windows\System\OdfGpGZ.exe
  C:\Windows\System\OdfGpGZ.exe
  2⤵
  PID:13104
- C:\Windows\System\bvdlcJE.exe
  C:\Windows\System\bvdlcJE.exe
  2⤵
  PID:13132
- C:\Windows\System\BbCISVR.exe
  C:\Windows\System\BbCISVR.exe
  2⤵
  PID:13156
- C:\Windows\System\VPMlKcp.exe
  C:\Windows\System\VPMlKcp.exe
  2⤵
  PID:13184
- C:\Windows\System\xbCjxCl.exe
  C:\Windows\System\xbCjxCl.exe
  2⤵
  PID:13208
- C:\Windows\System\zZgClvh.exe
  C:\Windows\System\zZgClvh.exe
  2⤵
  PID:13232
- C:\Windows\System\LoHiqLX.exe
  C:\Windows\System\LoHiqLX.exe
  2⤵
  PID:13260
- C:\Windows\System\cXTPuwm.exe
  C:\Windows\System\cXTPuwm.exe
  2⤵
  PID:13288
- C:\Windows\System\LUOwJUv.exe
  C:\Windows\System\LUOwJUv.exe
  2⤵
  PID:10204
- C:\Windows\System\JrfrpaV.exe
  C:\Windows\System\JrfrpaV.exe
  2⤵
  PID:11964
- C:\Windows\System\sUzMYkl.exe
  C:\Windows\System\sUzMYkl.exe
  2⤵
  PID:12144
- C:\Windows\System\rpjrPwO.exe
  C:\Windows\System\rpjrPwO.exe
  2⤵
  PID:9476
- C:\Windows\System\wQPkpWB.exe
  C:\Windows\System\wQPkpWB.exe
  2⤵
  PID:11380
- C:\Windows\System\UwjWoFB.exe
  C:\Windows\System\UwjWoFB.exe
  2⤵
  PID:11500
- C:\Windows\System\NAyCKQn.exe
  C:\Windows\System\NAyCKQn.exe
  2⤵
  PID:11664
- C:\Windows\System\PMYKKta.exe
  C:\Windows\System\PMYKKta.exe
  2⤵
  PID:12468
- C:\Windows\System\ShDCfWk.exe
  C:\Windows\System\ShDCfWk.exe
  2⤵
  PID:12520
- C:\Windows\System\oOInJSF.exe
  C:\Windows\System\oOInJSF.exe
  2⤵
  PID:11788
- C:\Windows\System\KLlDDDN.exe
  C:\Windows\System\KLlDDDN.exe
  2⤵
  PID:11884
- C:\Windows\System\YxYUuVp.exe
  C:\Windows\System\YxYUuVp.exe
  2⤵
  PID:12612
- C:\Windows\System\QcUCyLH.exe
  C:\Windows\System\QcUCyLH.exe
  2⤵
  PID:11736
- C:\Windows\System\yakYUHC.exe
  C:\Windows\System\yakYUHC.exe
  2⤵
  PID:11320
- C:\Windows\System\XefKfAk.exe
  C:\Windows\System\XefKfAk.exe
  2⤵
  PID:12372
- C:\Windows\System\auRBZnU.exe
  C:\Windows\System\auRBZnU.exe
  2⤵
  PID:12464
- C:\Windows\System\NOpJRWs.exe
  C:\Windows\System\NOpJRWs.exe
  2⤵
  PID:12924
- C:\Windows\System\yVcrXwN.exe
  C:\Windows\System\yVcrXwN.exe
  2⤵
  PID:12976
- C:\Windows\System\WiJpBBf.exe
  C:\Windows\System\WiJpBBf.exe
  2⤵
  PID:13032
- C:\Windows\System\QnpTCVN.exe
  C:\Windows\System\QnpTCVN.exe
  2⤵
  PID:12348
- C:\Windows\System\DvCBExC.exe
  C:\Windows\System\DvCBExC.exe
  2⤵
  PID:12832
- C:\Windows\System\eZvtwka.exe
  C:\Windows\System\eZvtwka.exe
  2⤵
  PID:13224
- C:\Windows\System\RIIjMVj.exe
  C:\Windows\System\RIIjMVj.exe
  2⤵
  PID:12908
- C:\Windows\System\ansmqRI.exe
  C:\Windows\System\ansmqRI.exe
  2⤵
  PID:11616
- C:\Windows\System\ybiRxwD.exe
  C:\Windows\System\ybiRxwD.exe
  2⤵
  PID:11704
- C:\Windows\System\BkqvWzN.exe
  C:\Windows\System\BkqvWzN.exe
  2⤵
  PID:12784
- C:\Windows\System\yceLpGf.exe
  C:\Windows\System\yceLpGf.exe
  2⤵
  PID:12684
- C:\Windows\System\mGEYcdw.exe
  C:\Windows\System\mGEYcdw.exe
  2⤵
  PID:13352
- C:\Windows\System\tfvEIgI.exe
  C:\Windows\System\tfvEIgI.exe
  2⤵
  PID:13376
- C:\Windows\System\oJCsjxU.exe
  C:\Windows\System\oJCsjxU.exe
  2⤵
  PID:13412
- C:\Windows\System\NdvolYS.exe
  C:\Windows\System\NdvolYS.exe
  2⤵
  PID:13440
- C:\Windows\System\QzbbElb.exe
  C:\Windows\System\QzbbElb.exe
  2⤵
  PID:13476
- C:\Windows\System\hVUMimW.exe
  C:\Windows\System\hVUMimW.exe
  2⤵
  PID:13496
- C:\Windows\System\ShcbqiA.exe
  C:\Windows\System\ShcbqiA.exe
  2⤵
  PID:13516
- C:\Windows\System\FAHtdrX.exe
  C:\Windows\System\FAHtdrX.exe
  2⤵
  PID:13540
- C:\Windows\System\mxDQAzK.exe
  C:\Windows\System\mxDQAzK.exe
  2⤵
  PID:13572
- C:\Windows\System\uhNPFEh.exe
  C:\Windows\System\uhNPFEh.exe
  2⤵
  PID:13588
- C:\Windows\System\iOnROsz.exe
  C:\Windows\System\iOnROsz.exe
  2⤵
  PID:13608
- C:\Windows\System\rhAkqVS.exe
  C:\Windows\System\rhAkqVS.exe
  2⤵
  PID:13632
- C:\Windows\System\nJKuERc.exe
  C:\Windows\System\nJKuERc.exe
  2⤵
  PID:13660
- C:\Windows\System\AJjChVn.exe
  C:\Windows\System\AJjChVn.exe
  2⤵
  PID:13688
- C:\Windows\System\hydCIcO.exe
  C:\Windows\System\hydCIcO.exe
  2⤵
  PID:13712
- C:\Windows\System\AlVAdTj.exe
  C:\Windows\System\AlVAdTj.exe
  2⤵
  PID:13748
- C:\Windows\System\sIgxxYL.exe
  C:\Windows\System\sIgxxYL.exe
  2⤵
  PID:13780
- C:\Windows\System\HTPXnWA.exe
  C:\Windows\System\HTPXnWA.exe
  2⤵
  PID:13812
- C:\Windows\System\QZUFRlY.exe
  C:\Windows\System\QZUFRlY.exe
  2⤵
  PID:13844
- C:\Windows\System\diQmACY.exe
  C:\Windows\System\diQmACY.exe
  2⤵
  PID:13868
- C:\Windows\System\jbtmStZ.exe
  C:\Windows\System\jbtmStZ.exe
  2⤵
  PID:13900
- C:\Windows\System\zwrVsHz.exe
  C:\Windows\System\zwrVsHz.exe
  2⤵
  PID:13932
- C:\Windows\System\ZcACFur.exe
  C:\Windows\System\ZcACFur.exe
  2⤵
  PID:13956
- C:\Windows\System\zBzSNUc.exe
  C:\Windows\System\zBzSNUc.exe
  2⤵
  PID:13976
- C:\Windows\System\MxTXqyX.exe
  C:\Windows\System\MxTXqyX.exe
  2⤵
  PID:14136
- C:\Windows\System\agMwZwu.exe
  C:\Windows\System\agMwZwu.exe
  2⤵
  PID:14200
- C:\Windows\System\uucaCPc.exe
  C:\Windows\System\uucaCPc.exe
  2⤵
  PID:14240
- C:\Windows\System\BEoecrZ.exe
  C:\Windows\System\BEoecrZ.exe
  2⤵
  PID:14272
- C:\Windows\System\gztZsBn.exe
  C:\Windows\System\gztZsBn.exe
  2⤵
  PID:14296
- C:\Windows\System\kvKQRTK.exe
  C:\Windows\System\kvKQRTK.exe
  2⤵
  PID:14332
- C:\Windows\System\lBCqeEd.exe
  C:\Windows\System\lBCqeEd.exe
  2⤵
  PID:12992
- C:\Windows\System\ZewNFcw.exe
  C:\Windows\System\ZewNFcw.exe
  2⤵
  PID:12708
- C:\Windows\System\VTYRwee.exe
  C:\Windows\System\VTYRwee.exe
  2⤵
  PID:10272
- C:\Windows\System\sbNFjMk.exe
  C:\Windows\System\sbNFjMk.exe
  2⤵
  PID:13096
- C:\Windows\System\qNkQBqw.exe
  C:\Windows\System\qNkQBqw.exe
  2⤵
  PID:12820
- C:\Windows\System\iIcVMWC.exe
  C:\Windows\System\iIcVMWC.exe
  2⤵
  PID:13396
- C:\Windows\System\LlPNykp.exe
  C:\Windows\System\LlPNykp.exe
  2⤵
  PID:13284
- C:\Windows\System\rOvpjGH.exe
  C:\Windows\System\rOvpjGH.exe
  2⤵
  PID:12608
- C:\Windows\System\SyGDIMF.exe
  C:\Windows\System\SyGDIMF.exe
  2⤵
  PID:13584
- C:\Windows\System\lpHHeFi.exe
  C:\Windows\System\lpHHeFi.exe
  2⤵
  PID:13820
- C:\Windows\System\YMDDxDz.exe
  C:\Windows\System\YMDDxDz.exe
  2⤵
  PID:13992
- C:\Windows\System\kDsQqlu.exe
  C:\Windows\System\kDsQqlu.exe
  2⤵
  PID:13732
- C:\Windows\System\ntSkziw.exe
  C:\Windows\System\ntSkziw.exe
  2⤵
  PID:13484
- C:\Windows\System\TaRnlCJ.exe
  C:\Windows\System\TaRnlCJ.exe
  2⤵
  PID:13564
- C:\Windows\System\YVdJAZs.exe
  C:\Windows\System\YVdJAZs.exe
  2⤵
  PID:12576
- C:\Windows\System\cuQfxyc.exe
  C:\Windows\System\cuQfxyc.exe
  2⤵
  PID:11760
- C:\Windows\System\mASsLjs.exe
  C:\Windows\System\mASsLjs.exe
  2⤵
  PID:13344
- C:\Windows\System\hfpdSip.exe
  C:\Windows\System\hfpdSip.exe
  2⤵
  PID:13452
- C:\Windows\System\QrNzIMj.exe
  C:\Windows\System\QrNzIMj.exe
  2⤵
  PID:14188
- C:\Windows\System\ewoiEtU.exe
  C:\Windows\System\ewoiEtU.exe
  2⤵
  PID:12900
- C:\Windows\System\EqsyQVt.exe
  C:\Windows\System\EqsyQVt.exe
  2⤵
  PID:13052
- C:\Windows\System\HPkajvc.exe
  C:\Windows\System\HPkajvc.exe
  2⤵
  PID:13724
- C:\Windows\System\lyISKkd.exe
  C:\Windows\System\lyISKkd.exe
  2⤵
  PID:14072
- C:\Windows\System\fQovJDb.exe
  C:\Windows\System\fQovJDb.exe
  2⤵
  PID:13796
- C:\Windows\System\nIkeaIV.exe
  C:\Windows\System\nIkeaIV.exe
  2⤵
  PID:13888
- C:\Windows\System\xPltSxk.exe
  C:\Windows\System\xPltSxk.exe
  2⤵
  PID:11504
- C:\Windows\System\KCnzBGk.exe
  C:\Windows\System\KCnzBGk.exe
  2⤵
  PID:14180
- C:\Windows\System\AExjvAN.exe
  C:\Windows\System\AExjvAN.exe
  2⤵
  PID:14316
- C:\Windows\System\zxyCxGM.exe
  C:\Windows\System\zxyCxGM.exe
  2⤵
  PID:14340
- C:\Windows\System\UzWRtOU.exe
  C:\Windows\System\UzWRtOU.exe
  2⤵
  PID:14368
- C:\Windows\System\dbrQBPK.exe
  C:\Windows\System\dbrQBPK.exe
  2⤵
  PID:14400
- C:\Windows\System\WuHAVMT.exe
  C:\Windows\System\WuHAVMT.exe
  2⤵
  PID:14424
- C:\Windows\System\eWMGPRo.exe
  C:\Windows\System\eWMGPRo.exe
  2⤵
  PID:14448
- C:\Windows\System\HjMxCHf.exe
  C:\Windows\System\HjMxCHf.exe
  2⤵
  PID:14468
- C:\Windows\System\nhrUvbh.exe
  C:\Windows\System\nhrUvbh.exe
  2⤵
  PID:14492
- C:\Windows\System\tWeHgzc.exe
  C:\Windows\System\tWeHgzc.exe
  2⤵
  PID:14528
- C:\Windows\System\zGHVUzd.exe
  C:\Windows\System\zGHVUzd.exe
  2⤵
  PID:14548
- C:\Windows\System\WeSkGRM.exe
  C:\Windows\System\WeSkGRM.exe
  2⤵
  PID:14580
- C:\Windows\System\NXdQNAo.exe
  C:\Windows\System\NXdQNAo.exe
  2⤵
  PID:14612
- C:\Windows\System\uGPpBIh.exe
  C:\Windows\System\uGPpBIh.exe
  2⤵
  PID:14644
- C:\Windows\System\fgKKHRz.exe
  C:\Windows\System\fgKKHRz.exe
  2⤵
  PID:14664
- C:\Windows\System\drNTfPz.exe
  C:\Windows\System\drNTfPz.exe
  2⤵
  PID:14692
- C:\Windows\System\OWAGRIZ.exe
  C:\Windows\System\OWAGRIZ.exe
  2⤵
  PID:14720
- C:\Windows\System\mysifdB.exe
  C:\Windows\System\mysifdB.exe
  2⤵
  PID:14740
- C:\Windows\System\azqrDSq.exe
  C:\Windows\System\azqrDSq.exe
  2⤵
  PID:14768
- C:\Windows\System\teuUnwP.exe
  C:\Windows\System\teuUnwP.exe
  2⤵
  PID:14784
- C:\Windows\System\OKulAyb.exe
  C:\Windows\System\OKulAyb.exe
  2⤵
  PID:14800
- C:\Windows\System\RYUNqCp.exe
  C:\Windows\System\RYUNqCp.exe
  2⤵
  PID:14824
- C:\Windows\System\CwEViYL.exe
  C:\Windows\System\CwEViYL.exe
  2⤵
  PID:14840
- C:\Windows\System\JKQTezo.exe
  C:\Windows\System\JKQTezo.exe
  2⤵
  PID:14864
- C:\Windows\System\oxDAMXI.exe
  C:\Windows\System\oxDAMXI.exe
  2⤵
  PID:14896
- C:\Windows\System\unDrHJd.exe
  C:\Windows\System\unDrHJd.exe
  2⤵
  PID:14912
- C:\Windows\System\JvGSNyy.exe
  C:\Windows\System\JvGSNyy.exe
  2⤵
  PID:14944
- C:\Windows\System\IhCgwnu.exe
  C:\Windows\System\IhCgwnu.exe
  2⤵
  PID:14972
- C:\Windows\System\xlahgop.exe
  C:\Windows\System\xlahgop.exe
  2⤵
  PID:14996
- C:\Windows\System\dlZjxku.exe
  C:\Windows\System\dlZjxku.exe
  2⤵
  PID:15028
- C:\Windows\System\CBvMpyT.exe
  C:\Windows\System\CBvMpyT.exe
  2⤵
  PID:15060
- C:\Windows\System\WkJgSbY.exe
  C:\Windows\System\WkJgSbY.exe
  2⤵
  PID:15088
- C:\Windows\System\lpFtwRr.exe
  C:\Windows\System\lpFtwRr.exe
  2⤵
  PID:15116
- C:\Windows\System\XLpxAWo.exe
  C:\Windows\System\XLpxAWo.exe
  2⤵
  PID:15132
- C:\Windows\System\oaqExyX.exe
  C:\Windows\System\oaqExyX.exe
  2⤵
  PID:15160
- C:\Windows\System\oxVTWQh.exe
  C:\Windows\System\oxVTWQh.exe
  2⤵
  PID:15180
- C:\Windows\System\gjBsCnW.exe
  C:\Windows\System\gjBsCnW.exe
  2⤵
  PID:15208
- C:\Windows\System\rUbIZNc.exe
  C:\Windows\System\rUbIZNc.exe
  2⤵
  PID:15240
- C:\Windows\System\EtsjWsW.exe
  C:\Windows\System\EtsjWsW.exe
  2⤵
  PID:15260
- C:\Windows\System\ruuvsCh.exe
  C:\Windows\System\ruuvsCh.exe
  2⤵
  PID:15276
- C:\Windows\System\ScGhFIX.exe
  C:\Windows\System\ScGhFIX.exe
  2⤵
  PID:15300
- C:\Windows\System\RqPNREg.exe
  C:\Windows\System\RqPNREg.exe
  2⤵
  PID:15328
- C:\Windows\System\ftfPzrw.exe
  C:\Windows\System\ftfPzrw.exe
  2⤵
  PID:15348
- C:\Windows\System\xGUygmC.exe
  C:\Windows\System\xGUygmC.exe
  2⤵
  PID:13024
- C:\Windows\System\rPwcjql.exe
  C:\Windows\System\rPwcjql.exe
  2⤵
  PID:14108
- C:\Windows\System\ZqRRvQa.exe
  C:\Windows\System\ZqRRvQa.exe
  2⤵
  PID:13628
- C:\Windows\System\ZEnmmvn.exe
  C:\Windows\System\ZEnmmvn.exe
  2⤵
  PID:14252
- C:\Windows\System\tGXUNxB.exe
  C:\Windows\System\tGXUNxB.exe
  2⤵
  PID:14292
- C:\Windows\System\DqJfRSk.exe
  C:\Windows\System\DqJfRSk.exe
  2⤵
  PID:14392
- C:\Windows\System\DSdVAWZ.exe
  C:\Windows\System\DSdVAWZ.exe
  2⤵
  PID:13424
- C:\Windows\System\cKWSSVl.exe
  C:\Windows\System\cKWSSVl.exe
  2⤵
  PID:14480
- C:\Windows\System\VySnXRW.exe
  C:\Windows\System\VySnXRW.exe
  2⤵
  PID:13864
- C:\Windows\System\AxRJSns.exe
  C:\Windows\System\AxRJSns.exe
  2⤵
  PID:14636
- C:\Windows\System\aGGzlNY.exe
  C:\Windows\System\aGGzlNY.exe
  2⤵
  PID:13856
- C:\Windows\System\RLiksde.exe
  C:\Windows\System\RLiksde.exe
  2⤵
  PID:14416
- C:\Windows\System\HkHtqrf.exe
  C:\Windows\System\HkHtqrf.exe
  2⤵
  PID:14456
- C:\Windows\System\InvdYHo.exe
  C:\Windows\System\InvdYHo.exe
  2⤵
  PID:12404
- C:\Windows\System\XFbDnxh.exe
  C:\Windows\System\XFbDnxh.exe
  2⤵
  PID:14092
- C:\Windows\System\syLxAMa.exe
  C:\Windows\System\syLxAMa.exe
  2⤵
  PID:14220
- C:\Windows\System\FvCWyiH.exe
  C:\Windows\System\FvCWyiH.exe
  2⤵
  PID:14712
- C:\Windows\System\vOiHgeA.exe
  C:\Windows\System\vOiHgeA.exe
  2⤵
  PID:15144
- C:\Windows\System\ekBYzkx.exe
  C:\Windows\System\ekBYzkx.exe
  2⤵
  PID:14884
- C:\Windows\System\IENUrcN.exe
  C:\Windows\System\IENUrcN.exe
  2⤵
  PID:15340
- C:\Windows\System\osQjIzb.exe
  C:\Windows\System\osQjIzb.exe
  2⤵
  PID:13708
- C:\Windows\System\kwebCPe.exe
  C:\Windows\System\kwebCPe.exe
  2⤵
  PID:14024
- C:\Windows\System\vBInCeb.exe
  C:\Windows\System\vBInCeb.exe
  2⤵
  PID:15056
- C:\Windows\System\Ftskqfo.exe
  C:\Windows\System\Ftskqfo.exe
  2⤵
  PID:15104
- C:\Windows\System\EziOYYN.exe
  C:\Windows\System\EziOYYN.exe
  2⤵
  PID:15372
- C:\Windows\System\eXusOiG.exe
  C:\Windows\System\eXusOiG.exe
  2⤵
  PID:15396
- C:\Windows\System\rXAzQzi.exe
  C:\Windows\System\rXAzQzi.exe
  2⤵
  PID:15420
- C:\Windows\System\jbntLeu.exe
  C:\Windows\System\jbntLeu.exe
  2⤵
  PID:15448
- C:\Windows\System\PniPAZJ.exe
  C:\Windows\System\PniPAZJ.exe
  2⤵
  PID:15492
- C:\Windows\System\sZgnuZN.exe
  C:\Windows\System\sZgnuZN.exe
  2⤵
  PID:15520
- C:\Windows\System\IaoXhIp.exe
  C:\Windows\System\IaoXhIp.exe
  2⤵
  PID:15544
- C:\Windows\System\zwoGhPM.exe
  C:\Windows\System\zwoGhPM.exe
  2⤵
  PID:15580
- C:\Windows\System\TRqIRPl.exe
  C:\Windows\System\TRqIRPl.exe
  2⤵
  PID:15600
- C:\Windows\System\dzPqGxf.exe
  C:\Windows\System\dzPqGxf.exe
  2⤵
  PID:15632
- C:\Windows\System\HpBNDKw.exe
  C:\Windows\System\HpBNDKw.exe
  2⤵
  PID:15656
- C:\Windows\System\SJJlCvR.exe
  C:\Windows\System\SJJlCvR.exe
  2⤵
  PID:15680
- C:\Windows\System\gpujuyl.exe
  C:\Windows\System\gpujuyl.exe
  2⤵
  PID:15704
- C:\Windows\System\KcGvJGb.exe
  C:\Windows\System\KcGvJGb.exe
  2⤵
  PID:15724
- C:\Windows\System\YbmRWxG.exe
  C:\Windows\System\YbmRWxG.exe
  2⤵
  PID:15744
- C:\Windows\System\IJRSsWQ.exe
  C:\Windows\System\IJRSsWQ.exe
  2⤵
  PID:15780
- C:\Windows\System\QdigGTJ.exe
  C:\Windows\System\QdigGTJ.exe
  2⤵
  PID:15804
- C:\Windows\System\jrKywNM.exe
  C:\Windows\System\jrKywNM.exe
  2⤵
  PID:15828
- C:\Windows\System\pxLvlPC.exe
  C:\Windows\System\pxLvlPC.exe
  2⤵
  PID:15856
- C:\Windows\System\nBZnnHH.exe
  C:\Windows\System\nBZnnHH.exe
  2⤵
  PID:15884
- C:\Windows\System\oXinoRv.exe
  C:\Windows\System\oXinoRv.exe
  2⤵
  PID:15916
- C:\Windows\System\clcJWGe.exe
  C:\Windows\System\clcJWGe.exe
  2⤵
  PID:15936
- C:\Windows\System\YgmdEiI.exe
  C:\Windows\System\YgmdEiI.exe
  2⤵
  PID:15964
- C:\Windows\System\RUXoWAh.exe
  C:\Windows\System\RUXoWAh.exe
  2⤵
  PID:16000
- C:\Windows\System\TORluVz.exe
  C:\Windows\System\TORluVz.exe
  2⤵
  PID:16016
- C:\Windows\System\mDyJKuS.exe
  C:\Windows\System\mDyJKuS.exe
  2⤵
  PID:16044
- C:\Windows\System\UkccQJk.exe
  C:\Windows\System\UkccQJk.exe
  2⤵
  PID:16064
- C:\Windows\System\gxOpwZG.exe
  C:\Windows\System\gxOpwZG.exe
  2⤵
  PID:16080
- C:\Windows\System\bjCAMZK.exe
  C:\Windows\System\bjCAMZK.exe
  2⤵
  PID:16104
- C:\Windows\System\Vvlltsc.exe
  C:\Windows\System\Vvlltsc.exe
  2⤵
  PID:16132
- C:\Windows\System\JyFDzXY.exe
  C:\Windows\System\JyFDzXY.exe
  2⤵
  PID:16152
- C:\Windows\System\MGUywMw.exe
  C:\Windows\System\MGUywMw.exe
  2⤵
  PID:16180
- C:\Windows\System\MdDcrOe.exe
  C:\Windows\System\MdDcrOe.exe
  2⤵
  PID:16196
- C:\Windows\System\XTfUpYm.exe
  C:\Windows\System\XTfUpYm.exe
  2⤵
  PID:16232
- C:\Windows\System\emGAfex.exe
  C:\Windows\System\emGAfex.exe
  2⤵
  PID:16256
- C:\Windows\System\DbpHZrm.exe
  C:\Windows\System\DbpHZrm.exe
  2⤵
  PID:16284
- C:\Windows\System\QmrmgRX.exe
  C:\Windows\System\QmrmgRX.exe
  2⤵
  PID:16308
- C:\Windows\System\EEBfVmT.exe
  C:\Windows\System\EEBfVmT.exe
  2⤵
  PID:16324
- C:\Windows\System\tORiAHa.exe
  C:\Windows\System\tORiAHa.exe
  2⤵
  PID:16356
- C:\Windows\System\HpiXAyp.exe
  C:\Windows\System\HpiXAyp.exe
  2⤵
  PID:16376
- C:\Windows\System\RysPXZl.exe
  C:\Windows\System\RysPXZl.exe
  2⤵
  PID:15232
- C:\Windows\System\vFctFjD.exe
  C:\Windows\System\vFctFjD.exe
  2⤵
  PID:14956
- C:\Windows\System\izJBamJ.exe
  C:\Windows\System\izJBamJ.exe
  2⤵
  PID:10632
- C:\Windows\System\bhVADGJ.exe
  C:\Windows\System\bhVADGJ.exe
  2⤵
  PID:12420
- C:\Windows\System\nuOqcjB.exe
  C:\Windows\System\nuOqcjB.exe
  2⤵
  PID:14908
- C:\Windows\System\uewJomI.exe
  C:\Windows\System\uewJomI.exe
  2⤵
  PID:13060
- C:\Windows\System\AtpLPBx.exe
  C:\Windows\System\AtpLPBx.exe
  2⤵
  PID:884
- C:\Windows\System\jTRyBSn.exe
  C:\Windows\System\jTRyBSn.exe
  2⤵
  PID:15364
- C:\Windows\System\IRVqbgj.exe
  C:\Windows\System\IRVqbgj.exe
  2⤵
  PID:15220
- C:\Windows\System\aOZegAC.exe
  C:\Windows\System\aOZegAC.exe
  2⤵
  PID:15248
- C:\Windows\System\WQivXoD.exe
  C:\Windows\System\WQivXoD.exe
  2⤵
  PID:15480
- C:\Windows\System\NxocEOI.exe
  C:\Windows\System\NxocEOI.exe
  2⤵
  PID:15528
- C:\Windows\System\QJmpqGj.exe
  C:\Windows\System\QJmpqGj.exe
  2⤵
  PID:15540
- C:\Windows\System\oFPiPXh.exe
  C:\Windows\System\oFPiPXh.exe
  2⤵
  PID:14596
- C:\Windows\System\LSftKrt.exe
  C:\Windows\System\LSftKrt.exe
  2⤵
  PID:11108
- C:\Windows\System\biFixtE.exe
  C:\Windows\System\biFixtE.exe
  2⤵
  PID:9204
- C:\Windows\System\LJTRXCq.exe
  C:\Windows\System\LJTRXCq.exe
  2⤵
  PID:15876
- C:\Windows\System\fGcmHXY.exe
  C:\Windows\System\fGcmHXY.exe
  2⤵
  PID:15912
- C:\Windows\System\xqTZYKj.exe
  C:\Windows\System\xqTZYKj.exe
  2⤵
  PID:15960
- C:\Windows\System\aPvYHTg.exe
  C:\Windows\System\aPvYHTg.exe
  2⤵
  PID:16032
- C:\Windows\System\pUXFKUY.exe
  C:\Windows\System\pUXFKUY.exe
  2⤵
  PID:16056
- C:\Windows\System\DjThtpw.exe
  C:\Windows\System\DjThtpw.exe
  2⤵
  PID:16140
- C:\Windows\System\pKWPiVC.exe
  C:\Windows\System\pKWPiVC.exe
  2⤵
  PID:16252
- C:\Windows\System\TdCTMCe.exe
  C:\Windows\System\TdCTMCe.exe
  2⤵
  PID:15740
- C:\Windows\System\YaHteCl.exe
  C:\Windows\System\YaHteCl.exe
  2⤵
  PID:15384
- C:\Windows\System\PvVAXYn.exe
  C:\Windows\System\PvVAXYn.exe
  2⤵
  PID:16336
- C:\Windows\System\sTIAlCZ.exe
  C:\Windows\System\sTIAlCZ.exe
  2⤵
  PID:15868
- C:\Windows\System\tXoWVgM.exe
  C:\Windows\System\tXoWVgM.exe
  2⤵
  PID:15924
- C:\Windows\System\qDjzmGE.exe
  C:\Windows\System\qDjzmGE.exe
  2⤵
  PID:15124
- C:\Windows\System\yIaRCnF.exe
  C:\Windows\System\yIaRCnF.exe
  2⤵
  PID:13948
- C:\Windows\System\JSepOAw.exe
  C:\Windows\System\JSepOAw.exe
  2⤵
  PID:16400
- C:\Windows\System\vShFgNQ.exe
  C:\Windows\System\vShFgNQ.exe
  2⤵
  PID:16428
- C:\Windows\System\xGUmLZR.exe
  C:\Windows\System\xGUmLZR.exe
  2⤵
  PID:16464
- C:\Windows\System\oXRdfgc.exe
  C:\Windows\System\oXRdfgc.exe
  2⤵
  PID:16492
- C:\Windows\System\ymcoXcL.exe
  C:\Windows\System\ymcoXcL.exe
  2⤵
  PID:16512
- C:\Windows\System\NwyeYGr.exe
  C:\Windows\System\NwyeYGr.exe
  2⤵
  PID:16544
- C:\Windows\System\ewTPGjU.exe
  C:\Windows\System\ewTPGjU.exe
  2⤵
  PID:16572
- C:\Windows\System\gNqTbrJ.exe
  C:\Windows\System\gNqTbrJ.exe
  2⤵
  PID:16604
- C:\Windows\System\lYZaJLu.exe
  C:\Windows\System\lYZaJLu.exe
  2⤵
  PID:16620
- C:\Windows\System\xWMSOBT.exe
  C:\Windows\System\xWMSOBT.exe
  2⤵
  PID:16640
- C:\Windows\System\nmwejBO.exe
  C:\Windows\System\nmwejBO.exe
  2⤵
  PID:16664
- C:\Windows\System\TAyUKqj.exe
  C:\Windows\System\TAyUKqj.exe
  2⤵
  PID:16696
- C:\Windows\System\LjYwLpL.exe
  C:\Windows\System\LjYwLpL.exe
  2⤵
  PID:16724
- C:\Windows\System\pffoFnH.exe
  C:\Windows\System\pffoFnH.exe
  2⤵
  PID:16748
- C:\Windows\System\fcpozNA.exe
  C:\Windows\System\fcpozNA.exe
  2⤵
  PID:16776
- C:\Windows\System\pePqCpy.exe
  C:\Windows\System\pePqCpy.exe
  2⤵
  PID:16816
- C:\Windows\System\FxZXVBM.exe
  C:\Windows\System\FxZXVBM.exe
  2⤵
  PID:16840
- C:\Windows\System\XWLPzoW.exe
  C:\Windows\System\XWLPzoW.exe
  2⤵
  PID:16864
- C:\Windows\System\vYuheOH.exe
  C:\Windows\System\vYuheOH.exe
  2⤵
  PID:16884
- C:\Windows\System\hJuapOh.exe
  C:\Windows\System\hJuapOh.exe
  2⤵
  PID:16916
- C:\Windows\System\vWxXGqp.exe
  C:\Windows\System\vWxXGqp.exe
  2⤵
  PID:16944
- C:\Windows\System\KrMZGJN.exe
  C:\Windows\System\KrMZGJN.exe
  2⤵
  PID:16964
- C:\Windows\System\IhjVrIO.exe
  C:\Windows\System\IhjVrIO.exe
  2⤵
  PID:16980
- C:\Windows\System\vnzxYYY.exe
  C:\Windows\System\vnzxYYY.exe
  2⤵
  PID:17012
- C:\Windows\System\DFGSQdG.exe
  C:\Windows\System\DFGSQdG.exe
  2⤵
  PID:17056
- C:\Windows\System\LmSFAYW.exe
  C:\Windows\System\LmSFAYW.exe
  2⤵
  PID:17072
- C:\Windows\System\JhoEaPs.exe
  C:\Windows\System\JhoEaPs.exe
  2⤵
  PID:16076
- C:\Windows\System\QObXBBm.exe
  C:\Windows\System\QObXBBm.exe
  2⤵
  PID:15712
- C:\Windows\System\OEFSNdo.exe
  C:\Windows\System\OEFSNdo.exe
  2⤵
  PID:16836
- C:\Windows\System\hKiTNEg.exe
  C:\Windows\System\hKiTNEg.exe
  2⤵
  PID:16936
- C:\Windows\System\PlGKnnX.exe
  C:\Windows\System\PlGKnnX.exe
  2⤵
  PID:17116
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 17116 -s 248
    3⤵
    PID:17392
- C:\Windows\System\BBWOWoY.exe
  C:\Windows\System\BBWOWoY.exe
  2⤵
  PID:4564
- C:\Windows\System\JjXRvuF.exe
  C:\Windows\System\JjXRvuF.exe
  2⤵
  PID:17348
- C:\Windows\System\AYaePQi.exe
  C:\Windows\System\AYaePQi.exe
  2⤵
  PID:17172
- C:\Windows\System\voymsju.exe
  C:\Windows\System\voymsju.exe
  2⤵
  PID:17136
- C:\Windows\System\gdUJrBW.exe
  C:\Windows\System\gdUJrBW.exe
  2⤵
  PID:17100
- C:\Windows\System\hmqruoh.exe
  C:\Windows\System\hmqruoh.exe
  2⤵
  PID:16956
- C:\Windows\System\BQTUPPc.exe
  C:\Windows\System\BQTUPPc.exe
  2⤵
  PID:15896
- C:\Windows\System\ssWErZw.exe
  C:\Windows\System\ssWErZw.exe
  2⤵
  PID:14432

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17176

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1232

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16352

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AufvSHd.exe

Filesize
1.1MB

MD5
20e50bd371408cad6c536a5f509ece50

SHA1
4e247646d20c2770855428fe8b50a176b4108a35

SHA256
f56e00bb6fb40fd4f8f2d9af06bc2330c01d0a7312c8355507dc0263653563fc

SHA512
ca1f75f2770e28ef6a00e9cf999cf1587344bead24d7afcddc3a71c38e961c5ccaabba6d433891a3bfae842d45b61bdb14d597e5dd017d14ae8279df3100acde

Download Submit
C:\Windows\System\BAWucfV.exe

Filesize
1.1MB

MD5
0271838a8b2b5688382d305874a7174c

SHA1
15e1c2e053766e605df5caa202e1fcdd72d0389e

SHA256
11f8af76bf923c810973d272d8d71bcaab986c03e43f244330ec57f115a1b48a

SHA512
76a80a10bd8941debe0e57e61ff76adc8ff18275300fbad3520c5694305a48d2ad66522af34b76406af7b1cfc6e98462adec935daf056cba6e090c060e88f201

Download Submit
C:\Windows\System\EuBGqhW.exe

Filesize
1.1MB

MD5
3cd4b734df14ee89776e1df9184fb107

SHA1
acbdf62d8591b500a0cc11fcb6febc1680943b7f

SHA256
899dc1321a266cc6c6bfb15bfc4029f53a1b559230d0fdb2f383189d33b55791

SHA512
2fe310a659d8dc5f602d3eea445f0f31a899f03010bf84da23859dfa278bafe04a67295d811bb2ba7a17d3bbb951b03e4a20406154873ab425f6b162953a0ab7

Download Submit
C:\Windows\System\FEneNgX.exe

Filesize
1.1MB

MD5
8247753f7a784849dd93a142b0c87874

SHA1
d6cb850baae9f32f124585251cf85ff731f2700f

SHA256
0bae775ab0ab3f3b1a0ceda20c5aae38c6e1200d971fff0e7c5c52f2d133a5af

SHA512
8d874dabb8eb24edd9dcd1fe5914cbbe15af4e4d0bddc6ba3df2f6baddeb6a183679d04e7adafcf6cfad8b3750db398cb659e439e57f8b16569828a49ef126f1

Download Submit
C:\Windows\System\GjVKSYF.exe

Filesize
1.1MB

MD5
4fb32a6d4af4c7a4f8b39a264eb77aee

SHA1
4604aaa31902a7a2ad469dd5917581ab46ee1bb1

SHA256
03a0478d135bd4e281a5d2f30c5e48002353e6b16e16ff5fc0c986a6ed842743

SHA512
9f145b51d9793773f00d6d7e7cffd36c7bbb2f6d9bd7a316031174f34eb0205bade26faa145a08de95e4ac51c669b2b9919257a8d95209c8e7b5520f79f461f3

Download Submit
C:\Windows\System\GqGYolC.exe

Filesize
1.1MB

MD5
a9f7138619905ee8d12bf8b4e30ec0bc

SHA1
c25ea3a9aaa826b04c29071fcc0910a88fb9c316

SHA256
fb3f7e26bbacd84f4d8748706c18ccea694b5ca8e7dd8a1666db644375435d68

SHA512
18593cebe4ea12a026cc79117000cb9dd0643bfdaddc62484f50a1160027ea37e364fd0c853e713f132f553c7ea898e23c5e6a6385b6fe18fd6efcff0ed216c4

Download Submit
C:\Windows\System\HvaSFFt.exe

Filesize
1.1MB

MD5
10ddd492b7c7e1015c2ae2fe0040de94

SHA1
e4c33736dfa0375f79292622a6a5223ee395442c

SHA256
c70a7e5b4f1f3f0d6368e61c8c89fac02f4c2bd5be04e11ca8f361f595b6bd5c

SHA512
e19dae4a05339bc36d1eae2645c16c5a983c7f1b8231d58c5471a0b5bd8b4aacac0d38c7f71d8222dc67211742c6fc757f0311bd48752ab7b002b3b8e9c97584

Download Submit
C:\Windows\System\MZXuRNU.exe

Filesize
1.1MB

MD5
dfd8b828bf1b8fab588ebf94a6c52f70

SHA1
14a81067ea9738b2c1eaecef089da11765c91d4f

SHA256
41a953b751e4abd3d9dfc1a98ecca61ca98099cea98f0ab4c67122c672f78587

SHA512
b2b835149fa0966a54226d92a8c6139f44f3a84462f312921745a44ffa8ed72a04139ff8cc08950650c2b91dc4753a4750d2e38eaf8bc6707d851d5b37096deb

Download Submit
C:\Windows\System\OwAdcEB.exe

Filesize
1.1MB

MD5
1c64c932f18dc1f383a9738dac26dc3c

SHA1
13b5a29468f80557f8937dbdb639ce932b8de5f8

SHA256
692946b0981d4f62396ee4e67cd3b387a2300b231cff2be46b48241434e651ff

SHA512
1599cadd3f3458407830cc52e3af8d8b5c902b9ae175dfa2fa2e6deb48ed3507e69877ff6bad2130a7116f47c87f3592f0a8358982ca1b7b5618f0e478d15f59

Download Submit
C:\Windows\System\TSBbWOs.exe

Filesize
1.1MB

MD5
a7897bbf1c731f410cbdad7fb9b44976

SHA1
15a13c906ee6413f73b0cd0666d5cb826441bcb4

SHA256
fae3b4d4455644857df57ad232906722254197c30e6b14c3bd13ed0fac58dd4c

SHA512
9811d17587d01cc58d956708edf42613b0c19b3ae1bb4d3c20f2c7518f236a024a1fc5dce5747c8e1368d744694dc8797262446bb43b10f35a68be0e6bc5cba8

Download Submit
C:\Windows\System\UZDzDZT.exe

Filesize
1.1MB

MD5
1f1178a5d3a0cc5e0c46a45a5b02f04c

SHA1
53e5fee075638c6b57a352f316cb5b6648a4c990

SHA256
d13cbdbc4130f8625a3faf80cdc0f65457826a1a4ad78912c147e029f6e091db

SHA512
02ffee79c911659f5a121c23df5d505f56b541c22baabb491e601ba2c6ad18ebc8f794724b1cb12e127adc84ff02b6e09a9ad221db23b26264a14629ff755821

Download Submit
C:\Windows\System\UpfMruh.exe

Filesize
1.1MB

MD5
438fb8b5737acb9744f8700241d6f668

SHA1
904f5bafd66fd5ba2f4d10391bd864edaba4b9d7

SHA256
ee46362d4c6c8b476188dedc09ade72c99657ddbf1df7e77e4907574dec0a2b0

SHA512
36d5a35df221ba753548c4ad7258aa0d170e1fe8acf350706f08fb4a35df46bb62f1302315dcb924b964c6b92b1d0a9a942b2a9c552842c21c7b50caa70f76a9

Download Submit
C:\Windows\System\VNAeQHf.exe

Filesize
1.1MB

MD5
109da9703fac877dc6f1f49fa07c36f4

SHA1
71df947021383bc5e03a9348edf02ebf5387634d

SHA256
1282150b54411a03fb205b5c269d43a4b90e3021e6725031b3df605b9caa5e96

SHA512
c54c628496e153ace688f4fbdfd172c0ac36807787161b9ceaf45db18a0915f708326c9d91b649e7d20522ab438305f070a907ce3b7155860ba4d171d782edd2

Download Submit
C:\Windows\System\VaQJqdJ.exe

Filesize
1.1MB

MD5
097fde8ce7602372fcf3cd4aaa8d0f79

SHA1
8fc153eb7f6c072ecd703ae60d72c9205bdc436d

SHA256
79dc24cba269d992217ba8dfdb4faa3efc81fa0fe80c44130f8674f96519b44b

SHA512
15c47881c35a20b277148119826c1332583a96f12da9ea5eb9729347465cdd15779b8b5a849b949f9891c3562a642d65593a02d2a6f5bc83e64ca0e99b50a975

Download Submit
C:\Windows\System\WmMvdEY.exe

Filesize
1.1MB

MD5
404fb03619fbb51f63456e5bfe450ecc

SHA1
7cb0ead13267756dee2944e79ea6281944876cf7

SHA256
6e3cc643da544227e4c9c7ee0d50f77e75c7bc44473751333b1222bb5ce76b1a

SHA512
0c55840478ba6d3c64e8132dee3bb6d46b3059654e9a74c76e74e5a6d0ccd23a49aea45334144d8b073cd3614f8aa2bf9feb35b9fbf651606d9400dac9ef12fd

Download Submit
C:\Windows\System\XIwMdig.exe

Filesize
1.1MB

MD5
6fcdb11d66bed21ba07d7f565f649f49

SHA1
06f3c9b84e6f3458c26844b34a89ce2192f530a4

SHA256
61774e385c3b5d30353984f9156b82dcf0d5f0f4df79ba8fcf37ad1e8b787eb2

SHA512
fa58f67672836575400051a2b162edc30ae860f766bc2aea8451ca291a3ac8773dc00da944f158b2a1763ae893e5f96e67dfb64f01b53cb65656f32594797d42

Download Submit
C:\Windows\System\XdkVupM.exe

Filesize
1.1MB

MD5
e377a2203496ea92b84763238b73392a

SHA1
397a5ffce4eddfe11d8a3ba8ffab8d9a3c0bd64e

SHA256
b00018c1a6d33c750955a51cf234b905b0411b1b248092c0a6cb8be712f75001

SHA512
014c1ebb5aebac735baaa212ef2e081923e472d00a4ccb94067f17b8901ed3b12a302a4d51dd41fd89b7d2d69e1bef7c2cbc97cea9330e3a035525c0bb97bca1

Download Submit
C:\Windows\System\ZOdBmEB.exe

Filesize
1.1MB

MD5
f59fc932531fba1c8ea6e08cb2e420ee

SHA1
ee1eb5b747291c1fe7d76936630983d796d0a165

SHA256
980ba281f2b73f7d33cb1676325bf249e5c48e5bcf57dd5a34acaddaa4201768

SHA512
51a0e02c4458fb1f0a52e9b0a528183b210d251582603d6482b26057d42f3ea316295bf7ff2af9012e95360a8e40a7986b8e9f2b44f7bb326365641931f522c9

Download Submit
C:\Windows\System\atvekSo.exe

Filesize
1.1MB

MD5
d601916601f2eec713ac996806bec25a

SHA1
4ab0f6ff5f95b14d44d47dcb728678885909a6e0

SHA256
74b4e63456b96ae24dec18a4e7562908bbd65641d6aba167aeee7fdfdbaf6b24

SHA512
f4ee70110f21be569e70ddf852e77e39d523dafef600db2ede0b9f9046fa671fb8446ff3946e987bf35f2da7799eaec9a482e34e8c97bd111eaf8c82f1312112

Download Submit
C:\Windows\System\dAvxZxs.exe

Filesize
1.1MB

MD5
588c16e6c14a8bac755db2e5a36284d4

SHA1
d9c3138822ec2f97c6131ca6f003df99c5d32f42

SHA256
43a75200884729be3029367db2bf35c91c64922308a5a7c6d7d33b740cec5ce7

SHA512
d829c642cbf8e4e027a205415ea14d28c01d1fdee3571feec94ae20f803e629639936518950a4c96438a16c5a2dd7c518cc98f3370e982d32022d99eacb64d8a

Download Submit
C:\Windows\System\dBXMmeB.exe

Filesize
1.1MB

MD5
a4ab6ba53ee59416d89f0c22bb841c94

SHA1
b8610f27f3ede964b239a534e99e1beea8a23dda

SHA256
1f282163307fb8bd59000742353c25e956a8920b3ee6526fbde7f0b1bbf5fbe5

SHA512
51a5131b7d4df94664d691b3877c71e719402ee5585b993a3144a3969f8b57be2b8b0653c356f1281a2dc24b147fb47de8f53c6cc88a91fc128cf2addd5bc54e

Download Submit
C:\Windows\System\dbZiPhd.exe

Filesize
1.1MB

MD5
b295608d4306cd46eb3761678a8fd4cd

SHA1
8a22b1d617011933c0dbdf9195b5562fc011c6f5

SHA256
29a6027de24bcd699285e09d416d5da66213332a6aae188eb808e29702954827

SHA512
cd8d38f45150ba59b5e14ec755c599c28b299e4e2aac7b7c593dbac0a694fee8b7d3c3e12c5e7f9b7e55456ee2e7dad59390d97d347b2dccbb0cb436877fc9c0

Download Submit
C:\Windows\System\gGKiAjl.exe

Filesize
1.1MB

MD5
43953511a486915166ff79a03e1b1d15

SHA1
0735cf287c31a732bc9cbb171be4cfc159e26e43

SHA256
5a46f51448ce63997d0e54158220b72bf37db6039b768ccdcc019027281fada5

SHA512
39e4292951b70da3055ea2b58c0c34932229da92b858bbe444bc2d4c65401102ba307b2d44756ddf233ecbae8683fd3b1a4fba236bf56b7ea1d89b718fa1313f

Download Submit
C:\Windows\System\hWZoAbc.exe

Filesize
1.1MB

MD5
bcd4e82357fe3ade64f92489b56f82a7

SHA1
90d9ffda139ab4bed538e1887d141c6a93a0bde5

SHA256
945103974d6a879740d8cd045f2e91d314f42844ef4c5d5fd2ec7d1fcaecd6a2

SHA512
c242292d352cd303b1fe32a1f57a5ab95782e4dbdc72f35c34a401bf85fb9a4473e8af47a1aa13b15136aa07023d0255c0f3fd3293ccae889c8c5d9d76809c5a

Download Submit
C:\Windows\System\lWyCUZn.exe

Filesize
1.1MB

MD5
617ad6e9e2faad99b0ef34abbd4d5490

SHA1
0309d24541a9dfa3089dc654bd644e27947159ae

SHA256
70279260f7799b182f84faf2d3d5961fab19f6b89b9b66dfc892a16ff61e8907

SHA512
7468685722d3cfd4b16e57b0187fc841b0cd94baf72112c22d60dd1d634da856b62d4c8710b738be68782e9030a7309e909752a5b35a66ec93336c58350f5fcd

Download Submit
C:\Windows\System\msxDbwJ.exe

Filesize
1.1MB

MD5
c88ca0eed1b0a9eaa235f62505ba1726

SHA1
96062953af9a8f1b77f812fbd6ce87e7dcf2a151

SHA256
23376fe22113a31b56725924a5c5334721184327500f634ccdda905f0951efaa

SHA512
bac7ce758fd6fd86d3c69b10c26d02fd862194bcdef7b830ea8b11441eee5121e3d9c5715d238591f1caee898ef7ab6e0fb5b4f8f9e97cbf5061e6a9702d871f

Download Submit
C:\Windows\System\oVNOOzB.exe

Filesize
1.1MB

MD5
50911713a5982333fedbf3192d674b59

SHA1
e6ae336050824aca0cc32fac1e02ffbb0dd55549

SHA256
4edd9076020f523ba97be8989e2a68c721603fb6e01864ec5ea419dd66467011

SHA512
8fd1ffad2e6a1377dd409ac4efda073d8480fb857a6ea80b39fe2ebfd24ef1110e6e11476e176eeef4b9ab5a4eddcbf1afbadebdf4dfa1498b2fc12ff2e8f22b

Download Submit
C:\Windows\System\pJpTxQn.exe

Filesize
1.1MB

MD5
804022bf5f957c2775647fdc095fa1a1

SHA1
ded04a0c86edecdaeb75d9ef8aea9e892c8aad49

SHA256
66f9fc3f05ea629f5f594edac79b6f14d0abff70cb0118c6ec2d3bcf91312635

SHA512
c10290291f597d89e61ed6157a6cebc523e54ac2439c0fef4b7dd0ebb2954881f9f425dd3775a406f9cbe8385637fdd3dea580b38b55abacdb15f45017aa1375

Download Submit
C:\Windows\System\uCIHDTo.exe

Filesize
1.1MB

MD5
4ed96e17b1385517f21f4c3da9f67dd8

SHA1
809ed7201be212aa962111b4687f72114bd24ff1

SHA256
d52d5340cda1c02af82d2276415bf170bc6d8ed97a839ad55690d977a1b5c7d0

SHA512
951593e5916eaee0531806142e1ce0d304e6e52a4e30059010d43daa277bb153825e6327d57d0fec7c1833e881710cb0cc4c44a462f43ec6ca0c616f1f4b962e

Download Submit
C:\Windows\System\uCmNgny.exe

Filesize
1.1MB

MD5
bbb25984eab79e6d5791546499eac937

SHA1
55b7f196e096b4c063107c3e9c2b8377aae67be8

SHA256
2282025cc1edaf595b44cb8dbd4914e73d281119840d267321ec3fce88c5b932

SHA512
efa047f1a8126f5daa2b2841b40260d72aca68eb82c837862a89c083e5d64cb244bec13baf8e1061efc55781cf2caad9cd3985fa51cba8cd88e4f9226ae7ad70

Download Submit
C:\Windows\System\uRKStdy.exe

Filesize
1.1MB

MD5
60807cdd46afc586d60812aef7f78ecc

SHA1
6413dffab3f3f045446cff4ee39ee91eb681a461

SHA256
437d78637a5c3a450df88e93ed6f6d7f3e234dbb1a1dd730c3bf4545aa34b972

SHA512
df77a9610016bc30b022bd14478fa3862fd2512980a4c2ee5d000484213b288151fed3f6d4eb304c8353853d0b1a90990580da51397f9124e7f5feface553779

Download Submit
C:\Windows\System\xIQWZPT.exe

Filesize
1.1MB

MD5
9d3f2c577ab30595da7158a19972d839

SHA1
140889811dae9c4640f6389872a3f4303cd7bb94

SHA256
56e161a47de95090fd4ed3d9f3914ce9211f0b1a705b9e2dc2833ccf285ecbce

SHA512
2c9c52b21951e9a0acd97d071e2e034b5ce9391c399475f277a2913c441c20ebdaf1f9868da8d829391fc4ba07c5db5933ab12c918510402e47de28b2c7da53a

Download Submit
C:\Windows\System\zFKKNNN.exe

Filesize
1.1MB

MD5
ab4cb2f0dcd4fdf9389616dfc3f73bc2

SHA1
d6d8b172c35337f7302f32015e3a3589489a6335

SHA256
ecfa31d880aa0fb72a7d5538f233eee296627036bd64744b9911898b9b0d8422

SHA512
90aaad096e61f8e25ada31a44d7994643d48dc261633bcf412ab6a161ed907adf1a9b633a44236355f49a60c118479da2d4f50dc2f4fccf149421d0d9b999f23

Download Submit
C:\Windows\System\zTzHRME.exe

Filesize
1.1MB

MD5
69036f382aa867b7aa031eda7b673445

SHA1
74e613fe6c7f0fec82b3d0f178bd8ddec72342a2

SHA256
67a650c85ca5b3ee9ad91647421f97c4bdde0e9ec67bd81fa6a853624dd4e81d

SHA512
ac83135381664c834913c0f90ecde5bbfdb7f668daa5136d9ab361de4b094fd39e4df273d656c166d67980e419e35a9e93f12ebc2b6356673039bb0704364473

Download Submit
memory/4036-0-0x000001DE067B0000-0x000001DE067C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads