xmrig | b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101

Analysis

max time kernel
137s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
Size

1.5MB
MD5

d6d0c8e77fc2fabd3d4efa4785bddbaa
SHA1

1af5c5a80453ec63ae1493be58951884bf3d9711
SHA256

b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101
SHA512

e0764dc6aa023d3684d7b2c3e1df79234ff83deef6dd66cfc184f7e3416a4c8e35629b472a0516dd394c2762239b2c3c7d815da387defae27bb70b2073101982
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbpwlKenszbWKDNEm/5O+7MMKTbce:GezaTF8FcNkNdfE0pZ9ozttwIRxj4c5k

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral2/files/0x000c000000023b15-3.dat	xmrig
behavioral2/files/0x000c000000023b74-7.dat	xmrig
behavioral2/files/0x000a000000023b78-8.dat	xmrig
behavioral2/files/0x000a000000023b79-16.dat	xmrig
behavioral2/files/0x000a000000023b7a-29.dat	xmrig
behavioral2/files/0x000a000000023b7c-42.dat	xmrig
behavioral2/files/0x000a000000023b7f-48.dat	xmrig
behavioral2/files/0x000a000000023b82-73.dat	xmrig
behavioral2/files/0x000a000000023b88-86.dat	xmrig
behavioral2/files/0x000a000000023b84-110.dat	xmrig
behavioral2/files/0x000a000000023b97-161.dat	xmrig
behavioral2/files/0x000a000000023b9a-173.dat	xmrig
behavioral2/files/0x000a000000023b99-170.dat	xmrig
behavioral2/files/0x000a000000023b98-167.dat	xmrig
behavioral2/files/0x000a000000023b93-163.dat	xmrig
behavioral2/files/0x000a000000023b96-159.dat	xmrig
behavioral2/files/0x000a000000023b95-154.dat	xmrig
behavioral2/files/0x000a000000023b94-151.dat	xmrig
behavioral2/files/0x000a000000023b92-147.dat	xmrig
behavioral2/files/0x000a000000023b91-139.dat	xmrig
behavioral2/files/0x000a000000023b8f-128.dat	xmrig
behavioral2/files/0x000a000000023b8e-121.dat	xmrig
behavioral2/files/0x000a000000023b8d-119.dat	xmrig
behavioral2/files/0x000a000000023b8c-117.dat	xmrig
behavioral2/files/0x000a000000023b8b-115.dat	xmrig
behavioral2/files/0x000a000000023b8a-113.dat	xmrig
behavioral2/files/0x000a000000023b89-111.dat	xmrig
behavioral2/files/0x000a000000023b87-105.dat	xmrig
behavioral2/files/0x000a000000023b86-103.dat	xmrig
behavioral2/files/0x000a000000023b85-101.dat	xmrig
behavioral2/files/0x000a000000023b81-65.dat	xmrig
behavioral2/files/0x000a000000023b83-64.dat	xmrig
behavioral2/files/0x000a000000023b80-54.dat	xmrig
behavioral2/files/0x000a000000023b7e-46.dat	xmrig
behavioral2/files/0x000a000000023b7d-39.dat	xmrig
behavioral2/files/0x000a000000023b7b-37.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3732	GqjpzPL.exe
4780	yfCeMcC.exe
4932	QoYImOt.exe
2760	CUNUFFV.exe
3864	HrpEUHl.exe
3004	YTmuaKV.exe
4312	dLMrWJC.exe
2052	pxvaibu.exe
4552	GFkcVjx.exe
1932	KHrwaZM.exe
2792	hFfZDCU.exe
2188	ncSMWtP.exe
3784	itntaXA.exe
4420	vRrStqQ.exe
2380	JrWIHfB.exe
724	OkuiuEJ.exe
4796	KDWIcFi.exe
5056	iPCHiqW.exe
3216	ICYdRJS.exe
1988	QTcbpYP.exe
4340	WMJbOFR.exe
3952	yMjGVkW.exe
2460	sStoVsT.exe
4400	qNLJmYw.exe
1708	UWxXMLA.exe
3500	IoJOEST.exe
1860	zLOwXKM.exe
3612	qGhiqdR.exe
3488	vXsxXPG.exe
1660	LFMjEqg.exe
2488	drujxwL.exe
3196	tVofOKm.exe
4576	XtknIWX.exe
3820	eafveCG.exe
3940	jIMKeHV.exe
1580	yKTxjzr.exe
4472	pcfNEes.exe
2924	KfoXJwA.exe
2656	BJdaoNf.exe
3700	SLtAPiC.exe
4884	HbxEWoJ.exe
4040	UFxWFTp.exe
3996	DQSHqMT.exe
4764	jiYwnvL.exe
1552	dNyoXTg.exe
3028	SenJOLK.exe
2540	JArICXG.exe
544	bjqeoVW.exe
3356	ZDPLwqK.exe
1180	PDlkKXF.exe
4656	bSlsPwf.exe
2408	OeAdMSn.exe
1824	ekcVIRc.exe
3248	NZZSRVB.exe
1560	CcjdYNQ.exe
2988	bYYUmpj.exe
396	orkPZMY.exe
1996	teynSTk.exe
2444	gtlywIJ.exe
64	SNKOWBS.exe
5116	byZmlrl.exe
3316	fMZzezQ.exe
2972	fRBzEeO.exe
4176	bxCNKuF.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qGsuCrd.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\HdFGtcJ.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\TpxGjjl.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\EKMAvkL.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\QoyGMkI.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\tNDRoXQ.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\EmKBMuN.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\IzNHlHQ.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\WztybiO.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\MGLbJMt.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\ccNDRle.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\dflJmmG.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\WwVwKec.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\dtGsOCT.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\pSONDLk.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\vYDlQXj.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\iZLRQJG.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\mcLwJPX.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\prLsjyC.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\JJswCCg.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\SJQliod.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\dLwfQQn.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\eCSyBbJ.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\suMKTze.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\AtoVTvy.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\OJqSYKK.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\WiDNEUJ.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\LCirTHC.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\YnDvJwU.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\tRmrpLO.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\NvLRwnM.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\xfFGkoA.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\bKhZGzL.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\yAzsJrp.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\NJCtmyK.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\EQsvbUD.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\QTcbpYP.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\BJdaoNf.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\iooDkmt.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\mnjxggf.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\bYldFfn.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\EnLKWRo.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\qFEVLKH.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\plNZkCx.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\jIMKeHV.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\bwizxdk.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\uPMXOtL.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\sLdPMdO.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\zjrvWZi.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\rdAHifK.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\BjwAown.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\aiiWWLX.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\sGYyWsL.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\CkAMIXk.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\GtXmzhJ.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\lUGfMYU.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\IobMCyE.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\ZRaSKMl.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\kVRPOor.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\fhpTbJK.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\ZROUKid.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\aIOxGJk.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\pxvaibu.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
File created	C:\Windows\System\wTdjaYM.exe	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe

Checks SCSI registry key(s) 3 TTPs 24 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17340	dwm.exe
Token: SeChangeNotifyPrivilege	17340	dwm.exe
Token: 33	17340	dwm.exe
Token: SeIncBasePriorityPrivilege	17340	dwm.exe
Token: SeCreateGlobalPrivilege	16888	dwm.exe
Token: SeChangeNotifyPrivilege	16888	dwm.exe
Token: 33	16888	dwm.exe
Token: SeIncBasePriorityPrivilege	16888	dwm.exe
Token: SeCreateGlobalPrivilege	15368	dwm.exe
Token: SeChangeNotifyPrivilege	15368	dwm.exe
Token: 33	15368	dwm.exe
Token: SeIncBasePriorityPrivilege	15368	dwm.exe
Token: SeCreateGlobalPrivilege	17352	dwm.exe
Token: SeChangeNotifyPrivilege	17352	dwm.exe
Token: 33	17352	dwm.exe
Token: SeIncBasePriorityPrivilege	17352	dwm.exe
Token: SeShutdownPrivilege	17352	dwm.exe
Token: SeCreatePagefilePrivilege	17352	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
17348	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 3732	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	84
PID 2044 wrote to memory of 3732	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	84
PID 2044 wrote to memory of 4780	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	85
PID 2044 wrote to memory of 4780	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	85
PID 2044 wrote to memory of 4932	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	86
PID 2044 wrote to memory of 4932	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	86
PID 2044 wrote to memory of 2760	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	87
PID 2044 wrote to memory of 2760	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	87
PID 2044 wrote to memory of 3864	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	88
PID 2044 wrote to memory of 3864	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	88
PID 2044 wrote to memory of 3004	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	89
PID 2044 wrote to memory of 3004	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	89
PID 2044 wrote to memory of 1932	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	90
PID 2044 wrote to memory of 1932	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	90
PID 2044 wrote to memory of 4312	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	91
PID 2044 wrote to memory of 4312	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	91
PID 2044 wrote to memory of 2052	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	92
PID 2044 wrote to memory of 2052	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	92
PID 2044 wrote to memory of 4552	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	93
PID 2044 wrote to memory of 4552	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	93
PID 2044 wrote to memory of 2792	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	94
PID 2044 wrote to memory of 2792	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	94
PID 2044 wrote to memory of 2188	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	95
PID 2044 wrote to memory of 2188	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	95
PID 2044 wrote to memory of 3784	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	96
PID 2044 wrote to memory of 3784	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	96
PID 2044 wrote to memory of 4420	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	97
PID 2044 wrote to memory of 4420	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	97
PID 2044 wrote to memory of 1708	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	98
PID 2044 wrote to memory of 1708	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	98
PID 2044 wrote to memory of 2380	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	99
PID 2044 wrote to memory of 2380	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	99
PID 2044 wrote to memory of 724	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	100
PID 2044 wrote to memory of 724	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	100
PID 2044 wrote to memory of 4796	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	101
PID 2044 wrote to memory of 4796	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	101
PID 2044 wrote to memory of 5056	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	102
PID 2044 wrote to memory of 5056	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	102
PID 2044 wrote to memory of 3216	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	103
PID 2044 wrote to memory of 3216	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	103
PID 2044 wrote to memory of 1988	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	104
PID 2044 wrote to memory of 1988	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	104
PID 2044 wrote to memory of 4340	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	105
PID 2044 wrote to memory of 4340	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	105
PID 2044 wrote to memory of 3952	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	106
PID 2044 wrote to memory of 3952	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	106
PID 2044 wrote to memory of 2460	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	107
PID 2044 wrote to memory of 2460	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	107
PID 2044 wrote to memory of 4400	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	108
PID 2044 wrote to memory of 4400	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	108
PID 2044 wrote to memory of 3500	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	109
PID 2044 wrote to memory of 3500	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	109
PID 2044 wrote to memory of 1860	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	110
PID 2044 wrote to memory of 1860	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	110
PID 2044 wrote to memory of 3612	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	111
PID 2044 wrote to memory of 3612	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	111
PID 2044 wrote to memory of 3488	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	112
PID 2044 wrote to memory of 3488	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	112
PID 2044 wrote to memory of 1660	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	113
PID 2044 wrote to memory of 1660	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	113
PID 2044 wrote to memory of 2488	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	114
PID 2044 wrote to memory of 2488	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	114
PID 2044 wrote to memory of 3196	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	115
PID 2044 wrote to memory of 3196	2044	b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe	115

C:\Users\Admin\AppData\Local\Temp\b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe
"C:\Users\Admin\AppData\Local\Temp\b2978e38ac54c9da8c8262dff215ca5e524576971f63753eb3b5efab5075e101.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\System\GqjpzPL.exe
  C:\Windows\System\GqjpzPL.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\yfCeMcC.exe
  C:\Windows\System\yfCeMcC.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\QoYImOt.exe
  C:\Windows\System\QoYImOt.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\CUNUFFV.exe
  C:\Windows\System\CUNUFFV.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\HrpEUHl.exe
  C:\Windows\System\HrpEUHl.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\YTmuaKV.exe
  C:\Windows\System\YTmuaKV.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\KHrwaZM.exe
  C:\Windows\System\KHrwaZM.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\dLMrWJC.exe
  C:\Windows\System\dLMrWJC.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\pxvaibu.exe
  C:\Windows\System\pxvaibu.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\GFkcVjx.exe
  C:\Windows\System\GFkcVjx.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\hFfZDCU.exe
  C:\Windows\System\hFfZDCU.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\ncSMWtP.exe
  C:\Windows\System\ncSMWtP.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\itntaXA.exe
  C:\Windows\System\itntaXA.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\vRrStqQ.exe
  C:\Windows\System\vRrStqQ.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\UWxXMLA.exe
  C:\Windows\System\UWxXMLA.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\JrWIHfB.exe
  C:\Windows\System\JrWIHfB.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\OkuiuEJ.exe
  C:\Windows\System\OkuiuEJ.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\KDWIcFi.exe
  C:\Windows\System\KDWIcFi.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\iPCHiqW.exe
  C:\Windows\System\iPCHiqW.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\ICYdRJS.exe
  C:\Windows\System\ICYdRJS.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\QTcbpYP.exe
  C:\Windows\System\QTcbpYP.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\WMJbOFR.exe
  C:\Windows\System\WMJbOFR.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\yMjGVkW.exe
  C:\Windows\System\yMjGVkW.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\sStoVsT.exe
  C:\Windows\System\sStoVsT.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\qNLJmYw.exe
  C:\Windows\System\qNLJmYw.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\IoJOEST.exe
  C:\Windows\System\IoJOEST.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\zLOwXKM.exe
  C:\Windows\System\zLOwXKM.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\qGhiqdR.exe
  C:\Windows\System\qGhiqdR.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\vXsxXPG.exe
  C:\Windows\System\vXsxXPG.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\LFMjEqg.exe
  C:\Windows\System\LFMjEqg.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\drujxwL.exe
  C:\Windows\System\drujxwL.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\tVofOKm.exe
  C:\Windows\System\tVofOKm.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\XtknIWX.exe
  C:\Windows\System\XtknIWX.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\eafveCG.exe
  C:\Windows\System\eafveCG.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\jIMKeHV.exe
  C:\Windows\System\jIMKeHV.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\yKTxjzr.exe
  C:\Windows\System\yKTxjzr.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\pcfNEes.exe
  C:\Windows\System\pcfNEes.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\KfoXJwA.exe
  C:\Windows\System\KfoXJwA.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\BJdaoNf.exe
  C:\Windows\System\BJdaoNf.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\SLtAPiC.exe
  C:\Windows\System\SLtAPiC.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\HbxEWoJ.exe
  C:\Windows\System\HbxEWoJ.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\UFxWFTp.exe
  C:\Windows\System\UFxWFTp.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\DQSHqMT.exe
  C:\Windows\System\DQSHqMT.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\jiYwnvL.exe
  C:\Windows\System\jiYwnvL.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\dNyoXTg.exe
  C:\Windows\System\dNyoXTg.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\SenJOLK.exe
  C:\Windows\System\SenJOLK.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\JArICXG.exe
  C:\Windows\System\JArICXG.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\bjqeoVW.exe
  C:\Windows\System\bjqeoVW.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\ZDPLwqK.exe
  C:\Windows\System\ZDPLwqK.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\PDlkKXF.exe
  C:\Windows\System\PDlkKXF.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\bSlsPwf.exe
  C:\Windows\System\bSlsPwf.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\OeAdMSn.exe
  C:\Windows\System\OeAdMSn.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\ekcVIRc.exe
  C:\Windows\System\ekcVIRc.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\NZZSRVB.exe
  C:\Windows\System\NZZSRVB.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\CcjdYNQ.exe
  C:\Windows\System\CcjdYNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\bYYUmpj.exe
  C:\Windows\System\bYYUmpj.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\orkPZMY.exe
  C:\Windows\System\orkPZMY.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\teynSTk.exe
  C:\Windows\System\teynSTk.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\gtlywIJ.exe
  C:\Windows\System\gtlywIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\SNKOWBS.exe
  C:\Windows\System\SNKOWBS.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\byZmlrl.exe
  C:\Windows\System\byZmlrl.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\fMZzezQ.exe
  C:\Windows\System\fMZzezQ.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\fRBzEeO.exe
  C:\Windows\System\fRBzEeO.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\bxCNKuF.exe
  C:\Windows\System\bxCNKuF.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\Etfnwvn.exe
  C:\Windows\System\Etfnwvn.exe
  2⤵
  PID:4724
- C:\Windows\System\chcnkhk.exe
  C:\Windows\System\chcnkhk.exe
  2⤵
  PID:3960
- C:\Windows\System\xRJXvSl.exe
  C:\Windows\System\xRJXvSl.exe
  2⤵
  PID:4296
- C:\Windows\System\FyzPHvd.exe
  C:\Windows\System\FyzPHvd.exe
  2⤵
  PID:3416
- C:\Windows\System\seNscxo.exe
  C:\Windows\System\seNscxo.exe
  2⤵
  PID:4924
- C:\Windows\System\kEpVOCT.exe
  C:\Windows\System\kEpVOCT.exe
  2⤵
  PID:5128
- C:\Windows\System\qaVKHNT.exe
  C:\Windows\System\qaVKHNT.exe
  2⤵
  PID:5144
- C:\Windows\System\gnsJfCH.exe
  C:\Windows\System\gnsJfCH.exe
  2⤵
  PID:5164
- C:\Windows\System\xKCuxfe.exe
  C:\Windows\System\xKCuxfe.exe
  2⤵
  PID:5180
- C:\Windows\System\CfTceBp.exe
  C:\Windows\System\CfTceBp.exe
  2⤵
  PID:5196
- C:\Windows\System\iooDkmt.exe
  C:\Windows\System\iooDkmt.exe
  2⤵
  PID:5212
- C:\Windows\System\fRnyOJz.exe
  C:\Windows\System\fRnyOJz.exe
  2⤵
  PID:5236
- C:\Windows\System\Trnkxoj.exe
  C:\Windows\System\Trnkxoj.exe
  2⤵
  PID:5252
- C:\Windows\System\FrlruyK.exe
  C:\Windows\System\FrlruyK.exe
  2⤵
  PID:5272
- C:\Windows\System\ctBBwxC.exe
  C:\Windows\System\ctBBwxC.exe
  2⤵
  PID:5488
- C:\Windows\System\LqMgmpu.exe
  C:\Windows\System\LqMgmpu.exe
  2⤵
  PID:5508
- C:\Windows\System\xIVzezn.exe
  C:\Windows\System\xIVzezn.exe
  2⤵
  PID:5528
- C:\Windows\System\guWoCpk.exe
  C:\Windows\System\guWoCpk.exe
  2⤵
  PID:5544
- C:\Windows\System\QcPHymI.exe
  C:\Windows\System\QcPHymI.exe
  2⤵
  PID:5564
- C:\Windows\System\VMfJUHl.exe
  C:\Windows\System\VMfJUHl.exe
  2⤵
  PID:5584
- C:\Windows\System\TXyyyUB.exe
  C:\Windows\System\TXyyyUB.exe
  2⤵
  PID:5616
- C:\Windows\System\PHMpdsA.exe
  C:\Windows\System\PHMpdsA.exe
  2⤵
  PID:5664
- C:\Windows\System\vCiYeso.exe
  C:\Windows\System\vCiYeso.exe
  2⤵
  PID:5680
- C:\Windows\System\XgDqQcJ.exe
  C:\Windows\System\XgDqQcJ.exe
  2⤵
  PID:5696
- C:\Windows\System\gQmSpLk.exe
  C:\Windows\System\gQmSpLk.exe
  2⤵
  PID:5712
- C:\Windows\System\kdnWoIU.exe
  C:\Windows\System\kdnWoIU.exe
  2⤵
  PID:5732
- C:\Windows\System\VxCrblK.exe
  C:\Windows\System\VxCrblK.exe
  2⤵
  PID:5748
- C:\Windows\System\syKspos.exe
  C:\Windows\System\syKspos.exe
  2⤵
  PID:5764
- C:\Windows\System\QMtXEmd.exe
  C:\Windows\System\QMtXEmd.exe
  2⤵
  PID:5784
- C:\Windows\System\eamEFsU.exe
  C:\Windows\System\eamEFsU.exe
  2⤵
  PID:5800
- C:\Windows\System\mfBsFJy.exe
  C:\Windows\System\mfBsFJy.exe
  2⤵
  PID:5816
- C:\Windows\System\GxrJSWu.exe
  C:\Windows\System\GxrJSWu.exe
  2⤵
  PID:5840
- C:\Windows\System\NhMdGMQ.exe
  C:\Windows\System\NhMdGMQ.exe
  2⤵
  PID:5856
- C:\Windows\System\ZibFgxO.exe
  C:\Windows\System\ZibFgxO.exe
  2⤵
  PID:5872
- C:\Windows\System\YjamYfQ.exe
  C:\Windows\System\YjamYfQ.exe
  2⤵
  PID:5888
- C:\Windows\System\QCZfuww.exe
  C:\Windows\System\QCZfuww.exe
  2⤵
  PID:5904
- C:\Windows\System\xLfgAVO.exe
  C:\Windows\System\xLfgAVO.exe
  2⤵
  PID:5920
- C:\Windows\System\mOMWFSP.exe
  C:\Windows\System\mOMWFSP.exe
  2⤵
  PID:5936
- C:\Windows\System\OvCXTta.exe
  C:\Windows\System\OvCXTta.exe
  2⤵
  PID:5952
- C:\Windows\System\WuieKGh.exe
  C:\Windows\System\WuieKGh.exe
  2⤵
  PID:5968
- C:\Windows\System\pmuTjQJ.exe
  C:\Windows\System\pmuTjQJ.exe
  2⤵
  PID:5984
- C:\Windows\System\jfjtFnZ.exe
  C:\Windows\System\jfjtFnZ.exe
  2⤵
  PID:948
- C:\Windows\System\HLeYvtJ.exe
  C:\Windows\System\HLeYvtJ.exe
  2⤵
  PID:3504
- C:\Windows\System\ZeDZpPu.exe
  C:\Windows\System\ZeDZpPu.exe
  2⤵
  PID:4456
- C:\Windows\System\LnDDwPt.exe
  C:\Windows\System\LnDDwPt.exe
  2⤵
  PID:1080
- C:\Windows\System\wfOoFbb.exe
  C:\Windows\System\wfOoFbb.exe
  2⤵
  PID:1120
- C:\Windows\System\xczjPnd.exe
  C:\Windows\System\xczjPnd.exe
  2⤵
  PID:3184
- C:\Windows\System\Tznpjwm.exe
  C:\Windows\System\Tznpjwm.exe
  2⤵
  PID:3588
- C:\Windows\System\cVqsAvx.exe
  C:\Windows\System\cVqsAvx.exe
  2⤵
  PID:5172
- C:\Windows\System\BFWtZaB.exe
  C:\Windows\System\BFWtZaB.exe
  2⤵
  PID:5244
- C:\Windows\System\RRbBVMD.exe
  C:\Windows\System\RRbBVMD.exe
  2⤵
  PID:5312
- C:\Windows\System\vYDlQXj.exe
  C:\Windows\System\vYDlQXj.exe
  2⤵
  PID:5284
- C:\Windows\System\sMhilGe.exe
  C:\Windows\System\sMhilGe.exe
  2⤵
  PID:5448
- C:\Windows\System\eVHpZqu.exe
  C:\Windows\System\eVHpZqu.exe
  2⤵
  PID:3916
- C:\Windows\System\lywerVZ.exe
  C:\Windows\System\lywerVZ.exe
  2⤵
  PID:4164
- C:\Windows\System\CsCqXIq.exe
  C:\Windows\System\CsCqXIq.exe
  2⤵
  PID:5504
- C:\Windows\System\wttlmbj.exe
  C:\Windows\System\wttlmbj.exe
  2⤵
  PID:5556
- C:\Windows\System\wLvuyvt.exe
  C:\Windows\System\wLvuyvt.exe
  2⤵
  PID:5676
- C:\Windows\System\xzIYvJQ.exe
  C:\Windows\System\xzIYvJQ.exe
  2⤵
  PID:5740
- C:\Windows\System\qgFmEAv.exe
  C:\Windows\System\qgFmEAv.exe
  2⤵
  PID:5796
- C:\Windows\System\IZsNnVK.exe
  C:\Windows\System\IZsNnVK.exe
  2⤵
  PID:5848
- C:\Windows\System\jowSxmI.exe
  C:\Windows\System\jowSxmI.exe
  2⤵
  PID:5880
- C:\Windows\System\IrUYUdb.exe
  C:\Windows\System\IrUYUdb.exe
  2⤵
  PID:5900
- C:\Windows\System\KGHjKjM.exe
  C:\Windows\System\KGHjKjM.exe
  2⤵
  PID:5948
- C:\Windows\System\uyHpqLG.exe
  C:\Windows\System\uyHpqLG.exe
  2⤵
  PID:6068
- C:\Windows\System\EbVWgYq.exe
  C:\Windows\System\EbVWgYq.exe
  2⤵
  PID:6124
- C:\Windows\System\unAjnVx.exe
  C:\Windows\System\unAjnVx.exe
  2⤵
  PID:1992
- C:\Windows\System\CCFSrKT.exe
  C:\Windows\System\CCFSrKT.exe
  2⤵
  PID:3068
- C:\Windows\System\XlsNLKv.exe
  C:\Windows\System\XlsNLKv.exe
  2⤵
  PID:1432
- C:\Windows\System\IgMFDAD.exe
  C:\Windows\System\IgMFDAD.exe
  2⤵
  PID:1784
- C:\Windows\System\tooEcac.exe
  C:\Windows\System\tooEcac.exe
  2⤵
  PID:4488
- C:\Windows\System\YbWIAtk.exe
  C:\Windows\System\YbWIAtk.exe
  2⤵
  PID:2416
- C:\Windows\System\pZlHgfx.exe
  C:\Windows\System\pZlHgfx.exe
  2⤵
  PID:3252
- C:\Windows\System\DRYNqzx.exe
  C:\Windows\System\DRYNqzx.exe
  2⤵
  PID:4032
- C:\Windows\System\dLwfQQn.exe
  C:\Windows\System\dLwfQQn.exe
  2⤵
  PID:4944
- C:\Windows\System\SMERCtx.exe
  C:\Windows\System\SMERCtx.exe
  2⤵
  PID:1548
- C:\Windows\System\RrBhMrT.exe
  C:\Windows\System\RrBhMrT.exe
  2⤵
  PID:2092
- C:\Windows\System\lcqcMSR.exe
  C:\Windows\System\lcqcMSR.exe
  2⤵
  PID:4384
- C:\Windows\System\LyFMBky.exe
  C:\Windows\System\LyFMBky.exe
  2⤵
  PID:4856
- C:\Windows\System\TSohNGm.exe
  C:\Windows\System\TSohNGm.exe
  2⤵
  PID:1568
- C:\Windows\System\IswgPeX.exe
  C:\Windows\System\IswgPeX.exe
  2⤵
  PID:3740
- C:\Windows\System\brxqnWS.exe
  C:\Windows\System\brxqnWS.exe
  2⤵
  PID:3604
- C:\Windows\System\viigKGb.exe
  C:\Windows\System\viigKGb.exe
  2⤵
  PID:1228
- C:\Windows\System\mcLwJPX.exe
  C:\Windows\System\mcLwJPX.exe
  2⤵
  PID:3296
- C:\Windows\System\MrlKeCX.exe
  C:\Windows\System\MrlKeCX.exe
  2⤵
  PID:456
- C:\Windows\System\KVycibe.exe
  C:\Windows\System\KVycibe.exe
  2⤵
  PID:5204
- C:\Windows\System\IPNykQs.exe
  C:\Windows\System\IPNykQs.exe
  2⤵
  PID:5424
- C:\Windows\System\zumZLSG.exe
  C:\Windows\System\zumZLSG.exe
  2⤵
  PID:968
- C:\Windows\System\eCSyBbJ.exe
  C:\Windows\System\eCSyBbJ.exe
  2⤵
  PID:5480
- C:\Windows\System\FCXgDVd.exe
  C:\Windows\System\FCXgDVd.exe
  2⤵
  PID:5772
- C:\Windows\System\MDYAODV.exe
  C:\Windows\System\MDYAODV.exe
  2⤵
  PID:3656
- C:\Windows\System\lofLurk.exe
  C:\Windows\System\lofLurk.exe
  2⤵
  PID:6012
- C:\Windows\System\FxxjREo.exe
  C:\Windows\System\FxxjREo.exe
  2⤵
  PID:4964
- C:\Windows\System\AtoVTvy.exe
  C:\Windows\System\AtoVTvy.exe
  2⤵
  PID:924
- C:\Windows\System\dvkCpqD.exe
  C:\Windows\System\dvkCpqD.exe
  2⤵
  PID:952
- C:\Windows\System\zSzBeRt.exe
  C:\Windows\System\zSzBeRt.exe
  2⤵
  PID:1728
- C:\Windows\System\aMQnovE.exe
  C:\Windows\System\aMQnovE.exe
  2⤵
  PID:2304
- C:\Windows\System\eCRVBUi.exe
  C:\Windows\System\eCRVBUi.exe
  2⤵
  PID:3576
- C:\Windows\System\zjrvWZi.exe
  C:\Windows\System\zjrvWZi.exe
  2⤵
  PID:848
- C:\Windows\System\VjXeayb.exe
  C:\Windows\System\VjXeayb.exe
  2⤵
  PID:3752
- C:\Windows\System\afJAfbF.exe
  C:\Windows\System\afJAfbF.exe
  2⤵
  PID:5208
- C:\Windows\System\RsvBYeE.exe
  C:\Windows\System\RsvBYeE.exe
  2⤵
  PID:5220
- C:\Windows\System\fdvTHfq.exe
  C:\Windows\System\fdvTHfq.exe
  2⤵
  PID:5812
- C:\Windows\System\zodrQFI.exe
  C:\Windows\System\zodrQFI.exe
  2⤵
  PID:5704
- C:\Windows\System\Wxzthlj.exe
  C:\Windows\System\Wxzthlj.exe
  2⤵
  PID:972
- C:\Windows\System\rpjJhlp.exe
  C:\Windows\System\rpjJhlp.exe
  2⤵
  PID:2236
- C:\Windows\System\MGRfqoG.exe
  C:\Windows\System\MGRfqoG.exe
  2⤵
  PID:5124
- C:\Windows\System\GhqtcIb.exe
  C:\Windows\System\GhqtcIb.exe
  2⤵
  PID:5824
- C:\Windows\System\mQqNcBH.exe
  C:\Windows\System\mQqNcBH.exe
  2⤵
  PID:5868
- C:\Windows\System\WbCulft.exe
  C:\Windows\System\WbCulft.exe
  2⤵
  PID:6172
- C:\Windows\System\HLDpAwN.exe
  C:\Windows\System\HLDpAwN.exe
  2⤵
  PID:6208
- C:\Windows\System\hzSVhzP.exe
  C:\Windows\System\hzSVhzP.exe
  2⤵
  PID:6236
- C:\Windows\System\qhBFCYG.exe
  C:\Windows\System\qhBFCYG.exe
  2⤵
  PID:6256
- C:\Windows\System\JoeUYTV.exe
  C:\Windows\System\JoeUYTV.exe
  2⤵
  PID:6280
- C:\Windows\System\NdTIyzn.exe
  C:\Windows\System\NdTIyzn.exe
  2⤵
  PID:6296
- C:\Windows\System\nySEGRl.exe
  C:\Windows\System\nySEGRl.exe
  2⤵
  PID:6312
- C:\Windows\System\nInlFNo.exe
  C:\Windows\System\nInlFNo.exe
  2⤵
  PID:6328
- C:\Windows\System\ZQZfvsx.exe
  C:\Windows\System\ZQZfvsx.exe
  2⤵
  PID:6356
- C:\Windows\System\vaZWQac.exe
  C:\Windows\System\vaZWQac.exe
  2⤵
  PID:6384
- C:\Windows\System\GtXmzhJ.exe
  C:\Windows\System\GtXmzhJ.exe
  2⤵
  PID:6404
- C:\Windows\System\nOPbEDv.exe
  C:\Windows\System\nOPbEDv.exe
  2⤵
  PID:6424
- C:\Windows\System\IZeiUFG.exe
  C:\Windows\System\IZeiUFG.exe
  2⤵
  PID:6448
- C:\Windows\System\mtFTige.exe
  C:\Windows\System\mtFTige.exe
  2⤵
  PID:6464
- C:\Windows\System\tmoqDUz.exe
  C:\Windows\System\tmoqDUz.exe
  2⤵
  PID:6492
- C:\Windows\System\uhgmtOw.exe
  C:\Windows\System\uhgmtOw.exe
  2⤵
  PID:6512
- C:\Windows\System\TigMaRR.exe
  C:\Windows\System\TigMaRR.exe
  2⤵
  PID:6532
- C:\Windows\System\rDTNtgZ.exe
  C:\Windows\System\rDTNtgZ.exe
  2⤵
  PID:6552
- C:\Windows\System\WnrRFHg.exe
  C:\Windows\System\WnrRFHg.exe
  2⤵
  PID:6572
- C:\Windows\System\fSLPdhC.exe
  C:\Windows\System\fSLPdhC.exe
  2⤵
  PID:6588
- C:\Windows\System\Rqomauc.exe
  C:\Windows\System\Rqomauc.exe
  2⤵
  PID:6616
- C:\Windows\System\NJCtmyK.exe
  C:\Windows\System\NJCtmyK.exe
  2⤵
  PID:6640
- C:\Windows\System\rhgQvGP.exe
  C:\Windows\System\rhgQvGP.exe
  2⤵
  PID:6668
- C:\Windows\System\GFZdexu.exe
  C:\Windows\System\GFZdexu.exe
  2⤵
  PID:6696
- C:\Windows\System\aLUwWtm.exe
  C:\Windows\System\aLUwWtm.exe
  2⤵
  PID:6716
- C:\Windows\System\blHaHgv.exe
  C:\Windows\System\blHaHgv.exe
  2⤵
  PID:6744
- C:\Windows\System\WVKygHS.exe
  C:\Windows\System\WVKygHS.exe
  2⤵
  PID:6776
- C:\Windows\System\kepjEIG.exe
  C:\Windows\System\kepjEIG.exe
  2⤵
  PID:6804
- C:\Windows\System\iQkURnN.exe
  C:\Windows\System\iQkURnN.exe
  2⤵
  PID:6828
- C:\Windows\System\RKBxslM.exe
  C:\Windows\System\RKBxslM.exe
  2⤵
  PID:6860
- C:\Windows\System\JORzrrF.exe
  C:\Windows\System\JORzrrF.exe
  2⤵
  PID:6892
- C:\Windows\System\RDtnZhG.exe
  C:\Windows\System\RDtnZhG.exe
  2⤵
  PID:6916
- C:\Windows\System\kbMQbyn.exe
  C:\Windows\System\kbMQbyn.exe
  2⤵
  PID:6952
- C:\Windows\System\lSdCkkw.exe
  C:\Windows\System\lSdCkkw.exe
  2⤵
  PID:6976
- C:\Windows\System\neydPCj.exe
  C:\Windows\System\neydPCj.exe
  2⤵
  PID:7008
- C:\Windows\System\BtzFdVJ.exe
  C:\Windows\System\BtzFdVJ.exe
  2⤵
  PID:7040
- C:\Windows\System\PopicHl.exe
  C:\Windows\System\PopicHl.exe
  2⤵
  PID:7068
- C:\Windows\System\bUPLRIV.exe
  C:\Windows\System\bUPLRIV.exe
  2⤵
  PID:7096
- C:\Windows\System\eHiEjPv.exe
  C:\Windows\System\eHiEjPv.exe
  2⤵
  PID:7116
- C:\Windows\System\yAzsJrp.exe
  C:\Windows\System\yAzsJrp.exe
  2⤵
  PID:7152
- C:\Windows\System\CVpVYLm.exe
  C:\Windows\System\CVpVYLm.exe
  2⤵
  PID:700
- C:\Windows\System\AKgMXtm.exe
  C:\Windows\System\AKgMXtm.exe
  2⤵
  PID:6192
- C:\Windows\System\TiwlkeP.exe
  C:\Windows\System\TiwlkeP.exe
  2⤵
  PID:6168
- C:\Windows\System\DiJSxXF.exe
  C:\Windows\System\DiJSxXF.exe
  2⤵
  PID:6244
- C:\Windows\System\ccNDRle.exe
  C:\Windows\System\ccNDRle.exe
  2⤵
  PID:6248
- C:\Windows\System\UCMqkUE.exe
  C:\Windows\System\UCMqkUE.exe
  2⤵
  PID:6456
- C:\Windows\System\tBIhsgr.exe
  C:\Windows\System\tBIhsgr.exe
  2⤵
  PID:6580
- C:\Windows\System\QIWNcgc.exe
  C:\Windows\System\QIWNcgc.exe
  2⤵
  PID:6488
- C:\Windows\System\ZnVJarz.exe
  C:\Windows\System\ZnVJarz.exe
  2⤵
  PID:6664
- C:\Windows\System\AUUXLHH.exe
  C:\Windows\System\AUUXLHH.exe
  2⤵
  PID:6548
- C:\Windows\System\KkuPZiB.exe
  C:\Windows\System\KkuPZiB.exe
  2⤵
  PID:6712
- C:\Windows\System\TxBFUjl.exe
  C:\Windows\System\TxBFUjl.exe
  2⤵
  PID:6884
- C:\Windows\System\LvBitFi.exe
  C:\Windows\System\LvBitFi.exe
  2⤵
  PID:6820
- C:\Windows\System\KQeVvVZ.exe
  C:\Windows\System\KQeVvVZ.exe
  2⤵
  PID:7064
- C:\Windows\System\hMeEXwQ.exe
  C:\Windows\System\hMeEXwQ.exe
  2⤵
  PID:7112
- C:\Windows\System\IzNHlHQ.exe
  C:\Windows\System\IzNHlHQ.exe
  2⤵
  PID:6972
- C:\Windows\System\DjTcfaz.exe
  C:\Windows\System\DjTcfaz.exe
  2⤵
  PID:4868
- C:\Windows\System\idErBxQ.exe
  C:\Windows\System\idErBxQ.exe
  2⤵
  PID:7028
- C:\Windows\System\lwKhqqo.exe
  C:\Windows\System\lwKhqqo.exe
  2⤵
  PID:7140
- C:\Windows\System\zCZvMqX.exe
  C:\Windows\System\zCZvMqX.exe
  2⤵
  PID:6500
- C:\Windows\System\QYiiUiJ.exe
  C:\Windows\System\QYiiUiJ.exe
  2⤵
  PID:6848
- C:\Windows\System\eeNcNuo.exe
  C:\Windows\System\eeNcNuo.exe
  2⤵
  PID:6436
- C:\Windows\System\mzxpkVz.exe
  C:\Windows\System\mzxpkVz.exe
  2⤵
  PID:7080
- C:\Windows\System\WLXYbSA.exe
  C:\Windows\System\WLXYbSA.exe
  2⤵
  PID:6524
- C:\Windows\System\DZOIHwu.exe
  C:\Windows\System\DZOIHwu.exe
  2⤵
  PID:7180
- C:\Windows\System\hILTbec.exe
  C:\Windows\System\hILTbec.exe
  2⤵
  PID:7212
- C:\Windows\System\EQsvbUD.exe
  C:\Windows\System\EQsvbUD.exe
  2⤵
  PID:7240
- C:\Windows\System\TQppNRR.exe
  C:\Windows\System\TQppNRR.exe
  2⤵
  PID:7268
- C:\Windows\System\KrjsafV.exe
  C:\Windows\System\KrjsafV.exe
  2⤵
  PID:7296
- C:\Windows\System\hqNUqgA.exe
  C:\Windows\System\hqNUqgA.exe
  2⤵
  PID:7320
- C:\Windows\System\KmeTgzi.exe
  C:\Windows\System\KmeTgzi.exe
  2⤵
  PID:7348
- C:\Windows\System\suMKTze.exe
  C:\Windows\System\suMKTze.exe
  2⤵
  PID:7368
- C:\Windows\System\wWkIhid.exe
  C:\Windows\System\wWkIhid.exe
  2⤵
  PID:7396
- C:\Windows\System\pwShqLZ.exe
  C:\Windows\System\pwShqLZ.exe
  2⤵
  PID:7420
- C:\Windows\System\LPuHGRd.exe
  C:\Windows\System\LPuHGRd.exe
  2⤵
  PID:7452
- C:\Windows\System\xeZFQji.exe
  C:\Windows\System\xeZFQji.exe
  2⤵
  PID:7480
- C:\Windows\System\xHTgqmP.exe
  C:\Windows\System\xHTgqmP.exe
  2⤵
  PID:7504
- C:\Windows\System\oNMUfil.exe
  C:\Windows\System\oNMUfil.exe
  2⤵
  PID:7532
- C:\Windows\System\zSnWwNM.exe
  C:\Windows\System\zSnWwNM.exe
  2⤵
  PID:7568
- C:\Windows\System\OyPNuix.exe
  C:\Windows\System\OyPNuix.exe
  2⤵
  PID:7596
- C:\Windows\System\SbAGUxM.exe
  C:\Windows\System\SbAGUxM.exe
  2⤵
  PID:7632
- C:\Windows\System\pamWbwZ.exe
  C:\Windows\System\pamWbwZ.exe
  2⤵
  PID:7664
- C:\Windows\System\vJdeYeI.exe
  C:\Windows\System\vJdeYeI.exe
  2⤵
  PID:7692
- C:\Windows\System\qVMRpjh.exe
  C:\Windows\System\qVMRpjh.exe
  2⤵
  PID:7720
- C:\Windows\System\XlqoACj.exe
  C:\Windows\System\XlqoACj.exe
  2⤵
  PID:7752
- C:\Windows\System\hoikQmy.exe
  C:\Windows\System\hoikQmy.exe
  2⤵
  PID:7780
- C:\Windows\System\nTOmtjN.exe
  C:\Windows\System\nTOmtjN.exe
  2⤵
  PID:7812
- C:\Windows\System\TpxGjjl.exe
  C:\Windows\System\TpxGjjl.exe
  2⤵
  PID:7832
- C:\Windows\System\fsTSSAq.exe
  C:\Windows\System\fsTSSAq.exe
  2⤵
  PID:7852
- C:\Windows\System\YYqELmB.exe
  C:\Windows\System\YYqELmB.exe
  2⤵
  PID:7892
- C:\Windows\System\EKMAvkL.exe
  C:\Windows\System\EKMAvkL.exe
  2⤵
  PID:7916
- C:\Windows\System\OnsqCKC.exe
  C:\Windows\System\OnsqCKC.exe
  2⤵
  PID:7944
- C:\Windows\System\FbqkIVR.exe
  C:\Windows\System\FbqkIVR.exe
  2⤵
  PID:7972
- C:\Windows\System\tStcmVq.exe
  C:\Windows\System\tStcmVq.exe
  2⤵
  PID:8000
- C:\Windows\System\mnOAGsf.exe
  C:\Windows\System\mnOAGsf.exe
  2⤵
  PID:8024
- C:\Windows\System\JQHnOZF.exe
  C:\Windows\System\JQHnOZF.exe
  2⤵
  PID:8052
- C:\Windows\System\fJCArDT.exe
  C:\Windows\System\fJCArDT.exe
  2⤵
  PID:8140
- C:\Windows\System\PpuAbEY.exe
  C:\Windows\System\PpuAbEY.exe
  2⤵
  PID:8164
- C:\Windows\System\ITKdUEo.exe
  C:\Windows\System\ITKdUEo.exe
  2⤵
  PID:6272
- C:\Windows\System\WuuJphR.exe
  C:\Windows\System\WuuJphR.exe
  2⤵
  PID:6816
- C:\Windows\System\IJcXXSX.exe
  C:\Windows\System\IJcXXSX.exe
  2⤵
  PID:7084
- C:\Windows\System\wbuYDkU.exe
  C:\Windows\System\wbuYDkU.exe
  2⤵
  PID:7200
- C:\Windows\System\kQmKCrE.exe
  C:\Windows\System\kQmKCrE.exe
  2⤵
  PID:7228
- C:\Windows\System\VyKXLan.exe
  C:\Windows\System\VyKXLan.exe
  2⤵
  PID:1028
- C:\Windows\System\wcXrTIM.exe
  C:\Windows\System\wcXrTIM.exe
  2⤵
  PID:7340
- C:\Windows\System\CofBzam.exe
  C:\Windows\System\CofBzam.exe
  2⤵
  PID:7416
- C:\Windows\System\xCwUROZ.exe
  C:\Windows\System\xCwUROZ.exe
  2⤵
  PID:7468
- C:\Windows\System\eJBtXgb.exe
  C:\Windows\System\eJBtXgb.exe
  2⤵
  PID:7392
- C:\Windows\System\UepEyjX.exe
  C:\Windows\System\UepEyjX.exe
  2⤵
  PID:7564
- C:\Windows\System\hRWWJzn.exe
  C:\Windows\System\hRWWJzn.exe
  2⤵
  PID:7744
- C:\Windows\System\hwFePNn.exe
  C:\Windows\System\hwFePNn.exe
  2⤵
  PID:7792
- C:\Windows\System\IvOgnEL.exe
  C:\Windows\System\IvOgnEL.exe
  2⤵
  PID:7828
- C:\Windows\System\ljjNuDN.exe
  C:\Windows\System\ljjNuDN.exe
  2⤵
  PID:7676
- C:\Windows\System\qJPPRmQ.exe
  C:\Windows\System\qJPPRmQ.exe
  2⤵
  PID:7936
- C:\Windows\System\CWPeqOJ.exe
  C:\Windows\System\CWPeqOJ.exe
  2⤵
  PID:7980
- C:\Windows\System\adRqVbl.exe
  C:\Windows\System\adRqVbl.exe
  2⤵
  PID:7880
- C:\Windows\System\iZLRQJG.exe
  C:\Windows\System\iZLRQJG.exe
  2⤵
  PID:8036
- C:\Windows\System\KlWJetL.exe
  C:\Windows\System\KlWJetL.exe
  2⤵
  PID:6940
- C:\Windows\System\lTwWtff.exe
  C:\Windows\System\lTwWtff.exe
  2⤵
  PID:6224
- C:\Windows\System\zMfaqPs.exe
  C:\Windows\System\zMfaqPs.exe
  2⤵
  PID:7124
- C:\Windows\System\AeCzrzZ.exe
  C:\Windows\System\AeCzrzZ.exe
  2⤵
  PID:6220
- C:\Windows\System\pPVSDjh.exe
  C:\Windows\System\pPVSDjh.exe
  2⤵
  PID:7308
- C:\Windows\System\YUNkmun.exe
  C:\Windows\System\YUNkmun.exe
  2⤵
  PID:7644
- C:\Windows\System\KNTRwou.exe
  C:\Windows\System\KNTRwou.exe
  2⤵
  PID:7704
- C:\Windows\System\qMrNFax.exe
  C:\Windows\System\qMrNFax.exe
  2⤵
  PID:7988
- C:\Windows\System\OHwSXjW.exe
  C:\Windows\System\OHwSXjW.exe
  2⤵
  PID:7032
- C:\Windows\System\tDEtxHc.exe
  C:\Windows\System\tDEtxHc.exe
  2⤵
  PID:7872
- C:\Windows\System\TevpeCx.exe
  C:\Windows\System\TevpeCx.exe
  2⤵
  PID:7560
- C:\Windows\System\TnWKStF.exe
  C:\Windows\System\TnWKStF.exe
  2⤵
  PID:8216
- C:\Windows\System\WMkwfVZ.exe
  C:\Windows\System\WMkwfVZ.exe
  2⤵
  PID:8240
- C:\Windows\System\YVHLMbM.exe
  C:\Windows\System\YVHLMbM.exe
  2⤵
  PID:8268
- C:\Windows\System\zyAptsT.exe
  C:\Windows\System\zyAptsT.exe
  2⤵
  PID:8288
- C:\Windows\System\vnDHbJy.exe
  C:\Windows\System\vnDHbJy.exe
  2⤵
  PID:8316
- C:\Windows\System\DciZSoV.exe
  C:\Windows\System\DciZSoV.exe
  2⤵
  PID:8336
- C:\Windows\System\oZqOsWJ.exe
  C:\Windows\System\oZqOsWJ.exe
  2⤵
  PID:8356
- C:\Windows\System\lkCoNEI.exe
  C:\Windows\System\lkCoNEI.exe
  2⤵
  PID:8380
- C:\Windows\System\VuHCdRM.exe
  C:\Windows\System\VuHCdRM.exe
  2⤵
  PID:8400
- C:\Windows\System\dhDoUkM.exe
  C:\Windows\System\dhDoUkM.exe
  2⤵
  PID:8424
- C:\Windows\System\CROGAsA.exe
  C:\Windows\System\CROGAsA.exe
  2⤵
  PID:8452
- C:\Windows\System\vYmqAdz.exe
  C:\Windows\System\vYmqAdz.exe
  2⤵
  PID:8492
- C:\Windows\System\jOPkCVU.exe
  C:\Windows\System\jOPkCVU.exe
  2⤵
  PID:8524
- C:\Windows\System\UQOPgXU.exe
  C:\Windows\System\UQOPgXU.exe
  2⤵
  PID:8556
- C:\Windows\System\PUrdRyU.exe
  C:\Windows\System\PUrdRyU.exe
  2⤵
  PID:8576
- C:\Windows\System\mDcpOlC.exe
  C:\Windows\System\mDcpOlC.exe
  2⤵
  PID:8600
- C:\Windows\System\onowvaa.exe
  C:\Windows\System\onowvaa.exe
  2⤵
  PID:8624
- C:\Windows\System\DUqKaFM.exe
  C:\Windows\System\DUqKaFM.exe
  2⤵
  PID:8644
- C:\Windows\System\tIoIxbw.exe
  C:\Windows\System\tIoIxbw.exe
  2⤵
  PID:8668
- C:\Windows\System\aywaeBS.exe
  C:\Windows\System\aywaeBS.exe
  2⤵
  PID:8696
- C:\Windows\System\OSFcFRp.exe
  C:\Windows\System\OSFcFRp.exe
  2⤵
  PID:8720
- C:\Windows\System\KkzBlxr.exe
  C:\Windows\System\KkzBlxr.exe
  2⤵
  PID:8748
- C:\Windows\System\WjhsIwF.exe
  C:\Windows\System\WjhsIwF.exe
  2⤵
  PID:8772
- C:\Windows\System\NGyEsLs.exe
  C:\Windows\System\NGyEsLs.exe
  2⤵
  PID:8796
- C:\Windows\System\EYfxivQ.exe
  C:\Windows\System\EYfxivQ.exe
  2⤵
  PID:8820
- C:\Windows\System\IaZNpxx.exe
  C:\Windows\System\IaZNpxx.exe
  2⤵
  PID:8844
- C:\Windows\System\Ilpxtnp.exe
  C:\Windows\System\Ilpxtnp.exe
  2⤵
  PID:8880
- C:\Windows\System\fJYGRwr.exe
  C:\Windows\System\fJYGRwr.exe
  2⤵
  PID:8912
- C:\Windows\System\iTeeFCF.exe
  C:\Windows\System\iTeeFCF.exe
  2⤵
  PID:8940
- C:\Windows\System\zrDprzg.exe
  C:\Windows\System\zrDprzg.exe
  2⤵
  PID:8964
- C:\Windows\System\vWMCaXM.exe
  C:\Windows\System\vWMCaXM.exe
  2⤵
  PID:8988
- C:\Windows\System\bdPRCIp.exe
  C:\Windows\System\bdPRCIp.exe
  2⤵
  PID:9020
- C:\Windows\System\FOUrUJp.exe
  C:\Windows\System\FOUrUJp.exe
  2⤵
  PID:9044
- C:\Windows\System\HOSpYFq.exe
  C:\Windows\System\HOSpYFq.exe
  2⤵
  PID:9076
- C:\Windows\System\zZFYtRh.exe
  C:\Windows\System\zZFYtRh.exe
  2⤵
  PID:9092
- C:\Windows\System\mhCZtCT.exe
  C:\Windows\System\mhCZtCT.exe
  2⤵
  PID:9124
- C:\Windows\System\nspeqsV.exe
  C:\Windows\System\nspeqsV.exe
  2⤵
  PID:9144
- C:\Windows\System\iLTjAAO.exe
  C:\Windows\System\iLTjAAO.exe
  2⤵
  PID:9176
- C:\Windows\System\OIZZyUE.exe
  C:\Windows\System\OIZZyUE.exe
  2⤵
  PID:9200
- C:\Windows\System\hwcMxkO.exe
  C:\Windows\System\hwcMxkO.exe
  2⤵
  PID:7932
- C:\Windows\System\JWOQLVU.exe
  C:\Windows\System\JWOQLVU.exe
  2⤵
  PID:8132
- C:\Windows\System\Uweqptk.exe
  C:\Windows\System\Uweqptk.exe
  2⤵
  PID:7912
- C:\Windows\System\QOuHNIX.exe
  C:\Windows\System\QOuHNIX.exe
  2⤵
  PID:8300
- C:\Windows\System\dflJmmG.exe
  C:\Windows\System\dflJmmG.exe
  2⤵
  PID:8352
- C:\Windows\System\UtIuWwo.exe
  C:\Windows\System\UtIuWwo.exe
  2⤵
  PID:8420
- C:\Windows\System\jNjDRde.exe
  C:\Windows\System\jNjDRde.exe
  2⤵
  PID:8376
- C:\Windows\System\PePvrCO.exe
  C:\Windows\System\PePvrCO.exe
  2⤵
  PID:8536
- C:\Windows\System\RaklAZP.exe
  C:\Windows\System\RaklAZP.exe
  2⤵
  PID:8412
- C:\Windows\System\JnFAoYS.exe
  C:\Windows\System\JnFAoYS.exe
  2⤵
  PID:8952
- C:\Windows\System\bwizxdk.exe
  C:\Windows\System\bwizxdk.exe
  2⤵
  PID:8976
- C:\Windows\System\LdSbHlt.exe
  C:\Windows\System\LdSbHlt.exe
  2⤵
  PID:9084
- C:\Windows\System\hsaXfQL.exe
  C:\Windows\System\hsaXfQL.exe
  2⤵
  PID:9164
- C:\Windows\System\tjjhSvD.exe
  C:\Windows\System\tjjhSvD.exe
  2⤵
  PID:8896
- C:\Windows\System\onlnlXG.exe
  C:\Windows\System\onlnlXG.exe
  2⤵
  PID:8932
- C:\Windows\System\jEjnVmw.exe
  C:\Windows\System\jEjnVmw.exe
  2⤵
  PID:8372
- C:\Windows\System\MdkYWYv.exe
  C:\Windows\System\MdkYWYv.exe
  2⤵
  PID:9132
- C:\Windows\System\snGBQwE.exe
  C:\Windows\System\snGBQwE.exe
  2⤵
  PID:8548
- C:\Windows\System\nwehjTI.exe
  C:\Windows\System\nwehjTI.exe
  2⤵
  PID:8572
- C:\Windows\System\gxDCOAX.exe
  C:\Windows\System\gxDCOAX.exe
  2⤵
  PID:8656
- C:\Windows\System\tPcKRve.exe
  C:\Windows\System\tPcKRve.exe
  2⤵
  PID:8792
- C:\Windows\System\NAiyORZ.exe
  C:\Windows\System\NAiyORZ.exe
  2⤵
  PID:8888
- C:\Windows\System\esRukfs.exe
  C:\Windows\System\esRukfs.exe
  2⤵
  PID:9104
- C:\Windows\System\bpgMruX.exe
  C:\Windows\System\bpgMruX.exe
  2⤵
  PID:8676
- C:\Windows\System\tGUHXoH.exe
  C:\Windows\System\tGUHXoH.exe
  2⤵
  PID:9220
- C:\Windows\System\TWSXFnm.exe
  C:\Windows\System\TWSXFnm.exe
  2⤵
  PID:9240
- C:\Windows\System\GvMRgct.exe
  C:\Windows\System\GvMRgct.exe
  2⤵
  PID:9256
- C:\Windows\System\NzIAXJR.exe
  C:\Windows\System\NzIAXJR.exe
  2⤵
  PID:9272
- C:\Windows\System\OmMtGvC.exe
  C:\Windows\System\OmMtGvC.exe
  2⤵
  PID:9296
- C:\Windows\System\WztybiO.exe
  C:\Windows\System\WztybiO.exe
  2⤵
  PID:9320
- C:\Windows\System\iKIRlXB.exe
  C:\Windows\System\iKIRlXB.exe
  2⤵
  PID:9344
- C:\Windows\System\mCtEoGm.exe
  C:\Windows\System\mCtEoGm.exe
  2⤵
  PID:9364
- C:\Windows\System\gmbIaTj.exe
  C:\Windows\System\gmbIaTj.exe
  2⤵
  PID:9384
- C:\Windows\System\apunRAx.exe
  C:\Windows\System\apunRAx.exe
  2⤵
  PID:9412
- C:\Windows\System\JFcbpDd.exe
  C:\Windows\System\JFcbpDd.exe
  2⤵
  PID:9440
- C:\Windows\System\lEtfGls.exe
  C:\Windows\System\lEtfGls.exe
  2⤵
  PID:9464
- C:\Windows\System\rdAHifK.exe
  C:\Windows\System\rdAHifK.exe
  2⤵
  PID:9488
- C:\Windows\System\jBIdSfK.exe
  C:\Windows\System\jBIdSfK.exe
  2⤵
  PID:9508
- C:\Windows\System\xZRXEin.exe
  C:\Windows\System\xZRXEin.exe
  2⤵
  PID:9572
- C:\Windows\System\zmSgkoi.exe
  C:\Windows\System\zmSgkoi.exe
  2⤵
  PID:9588
- C:\Windows\System\cpbbdNA.exe
  C:\Windows\System\cpbbdNA.exe
  2⤵
  PID:9616
- C:\Windows\System\NSIpbPN.exe
  C:\Windows\System\NSIpbPN.exe
  2⤵
  PID:9648
- C:\Windows\System\ckViDqp.exe
  C:\Windows\System\ckViDqp.exe
  2⤵
  PID:9684
- C:\Windows\System\tXyzqTU.exe
  C:\Windows\System\tXyzqTU.exe
  2⤵
  PID:9712
- C:\Windows\System\MKdaFIN.exe
  C:\Windows\System\MKdaFIN.exe
  2⤵
  PID:9736
- C:\Windows\System\nmmphXI.exe
  C:\Windows\System\nmmphXI.exe
  2⤵
  PID:9764
- C:\Windows\System\IobMCyE.exe
  C:\Windows\System\IobMCyE.exe
  2⤵
  PID:9788
- C:\Windows\System\sGHNMhg.exe
  C:\Windows\System\sGHNMhg.exe
  2⤵
  PID:9812
- C:\Windows\System\wEBxkGg.exe
  C:\Windows\System\wEBxkGg.exe
  2⤵
  PID:9848
- C:\Windows\System\TvriQeh.exe
  C:\Windows\System\TvriQeh.exe
  2⤵
  PID:9868
- C:\Windows\System\kacqnpG.exe
  C:\Windows\System\kacqnpG.exe
  2⤵
  PID:9896
- C:\Windows\System\FcfziFv.exe
  C:\Windows\System\FcfziFv.exe
  2⤵
  PID:9916
- C:\Windows\System\IvwJJDW.exe
  C:\Windows\System\IvwJJDW.exe
  2⤵
  PID:9944
- C:\Windows\System\DrLKGeZ.exe
  C:\Windows\System\DrLKGeZ.exe
  2⤵
  PID:9972
- C:\Windows\System\SxzscEe.exe
  C:\Windows\System\SxzscEe.exe
  2⤵
  PID:9992
- C:\Windows\System\LUZeXSq.exe
  C:\Windows\System\LUZeXSq.exe
  2⤵
  PID:10024
- C:\Windows\System\CvuEdeQ.exe
  C:\Windows\System\CvuEdeQ.exe
  2⤵
  PID:10048
- C:\Windows\System\ZRaSKMl.exe
  C:\Windows\System\ZRaSKMl.exe
  2⤵
  PID:10072
- C:\Windows\System\GubOJGy.exe
  C:\Windows\System\GubOJGy.exe
  2⤵
  PID:10096
- C:\Windows\System\HcdMoMC.exe
  C:\Windows\System\HcdMoMC.exe
  2⤵
  PID:10120
- C:\Windows\System\pSONDLk.exe
  C:\Windows\System\pSONDLk.exe
  2⤵
  PID:10152
- C:\Windows\System\mKsLYME.exe
  C:\Windows\System\mKsLYME.exe
  2⤵
  PID:10184
- C:\Windows\System\yDbLgWF.exe
  C:\Windows\System\yDbLgWF.exe
  2⤵
  PID:10208
- C:\Windows\System\nmFPXmK.exe
  C:\Windows\System\nmFPXmK.exe
  2⤵
  PID:10232
- C:\Windows\System\ajsTRhc.exe
  C:\Windows\System\ajsTRhc.exe
  2⤵
  PID:7336
- C:\Windows\System\lepFQDu.exe
  C:\Windows\System\lepFQDu.exe
  2⤵
  PID:9284
- C:\Windows\System\OjtDfXs.exe
  C:\Windows\System\OjtDfXs.exe
  2⤵
  PID:9036
- C:\Windows\System\QHaRkAg.exe
  C:\Windows\System\QHaRkAg.exe
  2⤵
  PID:9372
- C:\Windows\System\wTdjaYM.exe
  C:\Windows\System\wTdjaYM.exe
  2⤵
  PID:9236
- C:\Windows\System\eFcaenJ.exe
  C:\Windows\System\eFcaenJ.exe
  2⤵
  PID:9312
- C:\Windows\System\uGZmQNt.exe
  C:\Windows\System\uGZmQNt.exe
  2⤵
  PID:9316
- C:\Windows\System\BjwAown.exe
  C:\Windows\System\BjwAown.exe
  2⤵
  PID:9624
- C:\Windows\System\fiYwBJa.exe
  C:\Windows\System\fiYwBJa.exe
  2⤵
  PID:9700
- C:\Windows\System\vgYrPCk.exe
  C:\Windows\System\vgYrPCk.exe
  2⤵
  PID:9780
- C:\Windows\System\AFqPqAK.exe
  C:\Windows\System\AFqPqAK.exe
  2⤵
  PID:9820
- C:\Windows\System\lJbRomF.exe
  C:\Windows\System\lJbRomF.exe
  2⤵
  PID:9784
- C:\Windows\System\ORCYeqT.exe
  C:\Windows\System\ORCYeqT.exe
  2⤵
  PID:9680
- C:\Windows\System\mWiDEwo.exe
  C:\Windows\System\mWiDEwo.exe
  2⤵
  PID:9980
- C:\Windows\System\LWmfDHF.exe
  C:\Windows\System\LWmfDHF.exe
  2⤵
  PID:9904
- C:\Windows\System\xkeABmQ.exe
  C:\Windows\System\xkeABmQ.exe
  2⤵
  PID:10148
- C:\Windows\System\hHGXtpu.exe
  C:\Windows\System\hHGXtpu.exe
  2⤵
  PID:10216
- C:\Windows\System\PLGaHuC.exe
  C:\Windows\System\PLGaHuC.exe
  2⤵
  PID:9252
- C:\Windows\System\IMUDszx.exe
  C:\Windows\System\IMUDszx.exe
  2⤵
  PID:9268
- C:\Windows\System\BmWxRmr.exe
  C:\Windows\System\BmWxRmr.exe
  2⤵
  PID:9432
- C:\Windows\System\nIuOnWg.exe
  C:\Windows\System\nIuOnWg.exe
  2⤵
  PID:9604
- C:\Windows\System\VNPlXKC.exe
  C:\Windows\System\VNPlXKC.exe
  2⤵
  PID:9800
- C:\Windows\System\oOwfAxq.exe
  C:\Windows\System\oOwfAxq.exe
  2⤵
  PID:9472
- C:\Windows\System\NfTmfpt.exe
  C:\Windows\System\NfTmfpt.exe
  2⤵
  PID:9568
- C:\Windows\System\luUvcFB.exe
  C:\Windows\System\luUvcFB.exe
  2⤵
  PID:9856
- C:\Windows\System\ZROUKid.exe
  C:\Windows\System\ZROUKid.exe
  2⤵
  PID:9964
- C:\Windows\System\hERqzjq.exe
  C:\Windows\System\hERqzjq.exe
  2⤵
  PID:10196
- C:\Windows\System\MOcrqau.exe
  C:\Windows\System\MOcrqau.exe
  2⤵
  PID:10268
- C:\Windows\System\tNDRoXQ.exe
  C:\Windows\System\tNDRoXQ.exe
  2⤵
  PID:10296
- C:\Windows\System\bJJgDWn.exe
  C:\Windows\System\bJJgDWn.exe
  2⤵
  PID:10324
- C:\Windows\System\mEApKEG.exe
  C:\Windows\System\mEApKEG.exe
  2⤵
  PID:10348
- C:\Windows\System\OuNOqyl.exe
  C:\Windows\System\OuNOqyl.exe
  2⤵
  PID:10368
- C:\Windows\System\kVaRaFF.exe
  C:\Windows\System\kVaRaFF.exe
  2⤵
  PID:10400
- C:\Windows\System\CGFLfYN.exe
  C:\Windows\System\CGFLfYN.exe
  2⤵
  PID:10424
- C:\Windows\System\HbxGyOB.exe
  C:\Windows\System\HbxGyOB.exe
  2⤵
  PID:10452
- C:\Windows\System\aIOxGJk.exe
  C:\Windows\System\aIOxGJk.exe
  2⤵
  PID:10480
- C:\Windows\System\rZewcVD.exe
  C:\Windows\System\rZewcVD.exe
  2⤵
  PID:10504
- C:\Windows\System\vRocRYn.exe
  C:\Windows\System\vRocRYn.exe
  2⤵
  PID:10532
- C:\Windows\System\jqDZvYW.exe
  C:\Windows\System\jqDZvYW.exe
  2⤵
  PID:10556
- C:\Windows\System\LCirTHC.exe
  C:\Windows\System\LCirTHC.exe
  2⤵
  PID:10584
- C:\Windows\System\GjwCnNe.exe
  C:\Windows\System\GjwCnNe.exe
  2⤵
  PID:10620
- C:\Windows\System\BroKYFn.exe
  C:\Windows\System\BroKYFn.exe
  2⤵
  PID:10648
- C:\Windows\System\rjJuwcY.exe
  C:\Windows\System\rjJuwcY.exe
  2⤵
  PID:10676
- C:\Windows\System\xvOhtNY.exe
  C:\Windows\System\xvOhtNY.exe
  2⤵
  PID:10704
- C:\Windows\System\RleXEsS.exe
  C:\Windows\System\RleXEsS.exe
  2⤵
  PID:10732
- C:\Windows\System\IcOUEnm.exe
  C:\Windows\System\IcOUEnm.exe
  2⤵
  PID:10756
- C:\Windows\System\XldsVCJ.exe
  C:\Windows\System\XldsVCJ.exe
  2⤵
  PID:10784
- C:\Windows\System\SwSqxUY.exe
  C:\Windows\System\SwSqxUY.exe
  2⤵
  PID:10812
- C:\Windows\System\QmfHTsj.exe
  C:\Windows\System\QmfHTsj.exe
  2⤵
  PID:10844
- C:\Windows\System\ugvEEXU.exe
  C:\Windows\System\ugvEEXU.exe
  2⤵
  PID:10868
- C:\Windows\System\qFYeuRy.exe
  C:\Windows\System\qFYeuRy.exe
  2⤵
  PID:10888
- C:\Windows\System\XTgramc.exe
  C:\Windows\System\XTgramc.exe
  2⤵
  PID:10916
- C:\Windows\System\rLgPxvU.exe
  C:\Windows\System\rLgPxvU.exe
  2⤵
  PID:10940
- C:\Windows\System\iIQvhwK.exe
  C:\Windows\System\iIQvhwK.exe
  2⤵
  PID:10968
- C:\Windows\System\arJEIbg.exe
  C:\Windows\System\arJEIbg.exe
  2⤵
  PID:11008
- C:\Windows\System\KBnLEZj.exe
  C:\Windows\System\KBnLEZj.exe
  2⤵
  PID:11024
- C:\Windows\System\uWuRzeA.exe
  C:\Windows\System\uWuRzeA.exe
  2⤵
  PID:11044
- C:\Windows\System\FrhxOnb.exe
  C:\Windows\System\FrhxOnb.exe
  2⤵
  PID:11076
- C:\Windows\System\NJHaEUM.exe
  C:\Windows\System\NJHaEUM.exe
  2⤵
  PID:11096
- C:\Windows\System\kSUeObf.exe
  C:\Windows\System\kSUeObf.exe
  2⤵
  PID:11132
- C:\Windows\System\zDpkOdW.exe
  C:\Windows\System\zDpkOdW.exe
  2⤵
  PID:11164
- C:\Windows\System\bepxozL.exe
  C:\Windows\System\bepxozL.exe
  2⤵
  PID:11188
- C:\Windows\System\eMdFfCo.exe
  C:\Windows\System\eMdFfCo.exe
  2⤵
  PID:11204
- C:\Windows\System\zwpVthC.exe
  C:\Windows\System\zwpVthC.exe
  2⤵
  PID:11220
- C:\Windows\System\YCOzZca.exe
  C:\Windows\System\YCOzZca.exe
  2⤵
  PID:11248
- C:\Windows\System\pZwNGdq.exe
  C:\Windows\System\pZwNGdq.exe
  2⤵
  PID:9808
- C:\Windows\System\iZYvTvr.exe
  C:\Windows\System\iZYvTvr.exe
  2⤵
  PID:9140
- C:\Windows\System\dZokiTi.exe
  C:\Windows\System\dZokiTi.exe
  2⤵
  PID:10200
- C:\Windows\System\BGNyAzl.exe
  C:\Windows\System\BGNyAzl.exe
  2⤵
  PID:10304
- C:\Windows\System\phjAgZn.exe
  C:\Windows\System\phjAgZn.exe
  2⤵
  PID:10340
- C:\Windows\System\uDWLLpU.exe
  C:\Windows\System\uDWLLpU.exe
  2⤵
  PID:9564
- C:\Windows\System\ZaeIOzS.exe
  C:\Windows\System\ZaeIOzS.exe
  2⤵
  PID:10472
- C:\Windows\System\qPKElAi.exe
  C:\Windows\System\qPKElAi.exe
  2⤵
  PID:10544
- C:\Windows\System\dpCFOgp.exe
  C:\Windows\System\dpCFOgp.exe
  2⤵
  PID:10580
- C:\Windows\System\TGOPYoq.exe
  C:\Windows\System\TGOPYoq.exe
  2⤵
  PID:10628
- C:\Windows\System\oBqlDRN.exe
  C:\Windows\System\oBqlDRN.exe
  2⤵
  PID:10692
- C:\Windows\System\jtvcagl.exe
  C:\Windows\System\jtvcagl.exe
  2⤵
  PID:10384
- C:\Windows\System\YqrjFkQ.exe
  C:\Windows\System\YqrjFkQ.exe
  2⤵
  PID:10420
- C:\Windows\System\eNVEQGI.exe
  C:\Windows\System\eNVEQGI.exe
  2⤵
  PID:10852
- C:\Windows\System\WzhFLzq.exe
  C:\Windows\System\WzhFLzq.exe
  2⤵
  PID:10992
- C:\Windows\System\gOLcUcW.exe
  C:\Windows\System\gOLcUcW.exe
  2⤵
  PID:11064
- C:\Windows\System\xKaICgS.exe
  C:\Windows\System\xKaICgS.exe
  2⤵
  PID:10840
- C:\Windows\System\saNlmDY.exe
  C:\Windows\System\saNlmDY.exe
  2⤵
  PID:11032
- C:\Windows\System\gAwRfqf.exe
  C:\Windows\System\gAwRfqf.exe
  2⤵
  PID:9836
- C:\Windows\System\YQIPTWR.exe
  C:\Windows\System\YQIPTWR.exe
  2⤵
  PID:10000
- C:\Windows\System\GOilqVO.exe
  C:\Windows\System\GOilqVO.exe
  2⤵
  PID:10316
- C:\Windows\System\KAZTfCl.exe
  C:\Windows\System\KAZTfCl.exe
  2⤵
  PID:10600
- C:\Windows\System\NzXBXBA.exe
  C:\Windows\System\NzXBXBA.exe
  2⤵
  PID:11148
- C:\Windows\System\tTxNPRX.exe
  C:\Windows\System\tTxNPRX.exe
  2⤵
  PID:10936
- C:\Windows\System\KOqIIeP.exe
  C:\Windows\System\KOqIIeP.exe
  2⤵
  PID:10772
- C:\Windows\System\LMSvqkl.exe
  C:\Windows\System\LMSvqkl.exe
  2⤵
  PID:11272
- C:\Windows\System\TdCIsCn.exe
  C:\Windows\System\TdCIsCn.exe
  2⤵
  PID:11296
- C:\Windows\System\nPvIwrj.exe
  C:\Windows\System\nPvIwrj.exe
  2⤵
  PID:11328
- C:\Windows\System\keDjBsU.exe
  C:\Windows\System\keDjBsU.exe
  2⤵
  PID:11356
- C:\Windows\System\LUXIDkj.exe
  C:\Windows\System\LUXIDkj.exe
  2⤵
  PID:11376
- C:\Windows\System\aEZDxLe.exe
  C:\Windows\System\aEZDxLe.exe
  2⤵
  PID:11396
- C:\Windows\System\JJswCCg.exe
  C:\Windows\System\JJswCCg.exe
  2⤵
  PID:11428
- C:\Windows\System\piYbydm.exe
  C:\Windows\System\piYbydm.exe
  2⤵
  PID:11464
- C:\Windows\System\hwrgMWG.exe
  C:\Windows\System\hwrgMWG.exe
  2⤵
  PID:11500
- C:\Windows\System\UEVRikA.exe
  C:\Windows\System\UEVRikA.exe
  2⤵
  PID:11516
- C:\Windows\System\qzMcAce.exe
  C:\Windows\System\qzMcAce.exe
  2⤵
  PID:11540
- C:\Windows\System\RKlBrXJ.exe
  C:\Windows\System\RKlBrXJ.exe
  2⤵
  PID:11568
- C:\Windows\System\lTCgFUK.exe
  C:\Windows\System\lTCgFUK.exe
  2⤵
  PID:11604
- C:\Windows\System\xYNRgSI.exe
  C:\Windows\System\xYNRgSI.exe
  2⤵
  PID:11624
- C:\Windows\System\OifHVXM.exe
  C:\Windows\System\OifHVXM.exe
  2⤵
  PID:11660
- C:\Windows\System\AuhOGXn.exe
  C:\Windows\System\AuhOGXn.exe
  2⤵
  PID:11680
- C:\Windows\System\iJshrqF.exe
  C:\Windows\System\iJshrqF.exe
  2⤵
  PID:11704
- C:\Windows\System\LntYoSQ.exe
  C:\Windows\System\LntYoSQ.exe
  2⤵
  PID:11728
- C:\Windows\System\NWuLltV.exe
  C:\Windows\System\NWuLltV.exe
  2⤵
  PID:11756
- C:\Windows\System\ThUomiN.exe
  C:\Windows\System\ThUomiN.exe
  2⤵
  PID:11784
- C:\Windows\System\wKaqcMu.exe
  C:\Windows\System\wKaqcMu.exe
  2⤵
  PID:11808
- C:\Windows\System\uMFCfzz.exe
  C:\Windows\System\uMFCfzz.exe
  2⤵
  PID:11836
- C:\Windows\System\FlyCBUL.exe
  C:\Windows\System\FlyCBUL.exe
  2⤵
  PID:11856
- C:\Windows\System\AIbBYzl.exe
  C:\Windows\System\AIbBYzl.exe
  2⤵
  PID:11880
- C:\Windows\System\UTLCDGs.exe
  C:\Windows\System\UTLCDGs.exe
  2⤵
  PID:11900
- C:\Windows\System\aIWIutn.exe
  C:\Windows\System\aIWIutn.exe
  2⤵
  PID:11932
- C:\Windows\System\qmcJonY.exe
  C:\Windows\System\qmcJonY.exe
  2⤵
  PID:11960
- C:\Windows\System\ymqmMdK.exe
  C:\Windows\System\ymqmMdK.exe
  2⤵
  PID:11980
- C:\Windows\System\wahKixf.exe
  C:\Windows\System\wahKixf.exe
  2⤵
  PID:12008
- C:\Windows\System\UYZbomq.exe
  C:\Windows\System\UYZbomq.exe
  2⤵
  PID:12032
- C:\Windows\System\nFBPUVs.exe
  C:\Windows\System\nFBPUVs.exe
  2⤵
  PID:12060
- C:\Windows\System\IrnjCKs.exe
  C:\Windows\System\IrnjCKs.exe
  2⤵
  PID:12092
- C:\Windows\System\zmUvYPN.exe
  C:\Windows\System\zmUvYPN.exe
  2⤵
  PID:12128
- C:\Windows\System\GmBFIjo.exe
  C:\Windows\System\GmBFIjo.exe
  2⤵
  PID:12164
- C:\Windows\System\kVRPOor.exe
  C:\Windows\System\kVRPOor.exe
  2⤵
  PID:12192
- C:\Windows\System\VGQpMMm.exe
  C:\Windows\System\VGQpMMm.exe
  2⤵
  PID:12212
- C:\Windows\System\UuIMexv.exe
  C:\Windows\System\UuIMexv.exe
  2⤵
  PID:12236
- C:\Windows\System\yjVyFoY.exe
  C:\Windows\System\yjVyFoY.exe
  2⤵
  PID:12272
- C:\Windows\System\EmKBMuN.exe
  C:\Windows\System\EmKBMuN.exe
  2⤵
  PID:7964
- C:\Windows\System\wKzteAg.exe
  C:\Windows\System\wKzteAg.exe
  2⤵
  PID:10288
- C:\Windows\System\lBojEfX.exe
  C:\Windows\System\lBojEfX.exe
  2⤵
  PID:10808
- C:\Windows\System\gzEJLpc.exe
  C:\Windows\System\gzEJLpc.exe
  2⤵
  PID:11268
- C:\Windows\System\ZTFoGCT.exe
  C:\Windows\System\ZTFoGCT.exe
  2⤵
  PID:10668
- C:\Windows\System\aukvKWI.exe
  C:\Windows\System\aukvKWI.exe
  2⤵
  PID:11452
- C:\Windows\System\cpgREiD.exe
  C:\Windows\System\cpgREiD.exe
  2⤵
  PID:11512
- C:\Windows\System\tEIchDg.exe
  C:\Windows\System\tEIchDg.exe
  2⤵
  PID:11284
- C:\Windows\System\OJqSYKK.exe
  C:\Windows\System\OJqSYKK.exe
  2⤵
  PID:10904
- C:\Windows\System\Gocojvk.exe
  C:\Windows\System\Gocojvk.exe
  2⤵
  PID:11648
- C:\Windows\System\OVNmYpE.exe
  C:\Windows\System\OVNmYpE.exe
  2⤵
  PID:11416
- C:\Windows\System\MGLbJMt.exe
  C:\Windows\System\MGLbJMt.exe
  2⤵
  PID:11772
- C:\Windows\System\TQYvjzd.exe
  C:\Windows\System\TQYvjzd.exe
  2⤵
  PID:11280
- C:\Windows\System\LGJgMSh.exe
  C:\Windows\System\LGJgMSh.exe
  2⤵
  PID:11868
- C:\Windows\System\rFGTsMH.exe
  C:\Windows\System\rFGTsMH.exe
  2⤵
  PID:11368
- C:\Windows\System\SJQliod.exe
  C:\Windows\System\SJQliod.exe
  2⤵
  PID:12000
- C:\Windows\System\QtGyGdW.exe
  C:\Windows\System\QtGyGdW.exe
  2⤵
  PID:11740
- C:\Windows\System\PjuQvMI.exe
  C:\Windows\System\PjuQvMI.exe
  2⤵
  PID:11536
- C:\Windows\System\DTfrNYd.exe
  C:\Windows\System\DTfrNYd.exe
  2⤵
  PID:12184
- C:\Windows\System\EjcHkEv.exe
  C:\Windows\System\EjcHkEv.exe
  2⤵
  PID:11636
- C:\Windows\System\IinfXfo.exe
  C:\Windows\System\IinfXfo.exe
  2⤵
  PID:11696
- C:\Windows\System\ZUjmsET.exe
  C:\Windows\System\ZUjmsET.exe
  2⤵
  PID:10824
- C:\Windows\System\uPMXOtL.exe
  C:\Windows\System\uPMXOtL.exe
  2⤵
  PID:11804
- C:\Windows\System\FFzThSm.exe
  C:\Windows\System\FFzThSm.exe
  2⤵
  PID:10976
- C:\Windows\System\zNdAOnM.exe
  C:\Windows\System\zNdAOnM.exe
  2⤵
  PID:11796
- C:\Windows\System\vCrpUeW.exe
  C:\Windows\System\vCrpUeW.exe
  2⤵
  PID:12308
- C:\Windows\System\cPKjHhT.exe
  C:\Windows\System\cPKjHhT.exe
  2⤵
  PID:12332
- C:\Windows\System\HdFGtcJ.exe
  C:\Windows\System\HdFGtcJ.exe
  2⤵
  PID:12356
- C:\Windows\System\jDLOAwh.exe
  C:\Windows\System\jDLOAwh.exe
  2⤵
  PID:12384
- C:\Windows\System\iFMTfRh.exe
  C:\Windows\System\iFMTfRh.exe
  2⤵
  PID:12408
- C:\Windows\System\tEYAnOk.exe
  C:\Windows\System\tEYAnOk.exe
  2⤵
  PID:12436
- C:\Windows\System\JltdNUN.exe
  C:\Windows\System\JltdNUN.exe
  2⤵
  PID:12456
- C:\Windows\System\naLBARu.exe
  C:\Windows\System\naLBARu.exe
  2⤵
  PID:12616
- C:\Windows\System\ExDviud.exe
  C:\Windows\System\ExDviud.exe
  2⤵
  PID:12648
- C:\Windows\System\ycMVTSS.exe
  C:\Windows\System\ycMVTSS.exe
  2⤵
  PID:12672
- C:\Windows\System\eEnfpVw.exe
  C:\Windows\System\eEnfpVw.exe
  2⤵
  PID:12720
- C:\Windows\System\rgqYBsj.exe
  C:\Windows\System\rgqYBsj.exe
  2⤵
  PID:12744
- C:\Windows\System\sLdPMdO.exe
  C:\Windows\System\sLdPMdO.exe
  2⤵
  PID:12760
- C:\Windows\System\qGsuCrd.exe
  C:\Windows\System\qGsuCrd.exe
  2⤵
  PID:12788
- C:\Windows\System\mxtjSBt.exe
  C:\Windows\System\mxtjSBt.exe
  2⤵
  PID:12824
- C:\Windows\System\HewSRcO.exe
  C:\Windows\System\HewSRcO.exe
  2⤵
  PID:12876
- C:\Windows\System\KhpKKPd.exe
  C:\Windows\System\KhpKKPd.exe
  2⤵
  PID:12908
- C:\Windows\System\dpAUnpE.exe
  C:\Windows\System\dpAUnpE.exe
  2⤵
  PID:12932
- C:\Windows\System\WwVwKec.exe
  C:\Windows\System\WwVwKec.exe
  2⤵
  PID:12960
- C:\Windows\System\JejSPuG.exe
  C:\Windows\System\JejSPuG.exe
  2⤵
  PID:12988
- C:\Windows\System\WkTiPbQ.exe
  C:\Windows\System\WkTiPbQ.exe
  2⤵
  PID:13012
- C:\Windows\System\VokyiRX.exe
  C:\Windows\System\VokyiRX.exe
  2⤵
  PID:13040
- C:\Windows\System\aKpWCms.exe
  C:\Windows\System\aKpWCms.exe
  2⤵
  PID:13060
- C:\Windows\System\DtIDiPm.exe
  C:\Windows\System\DtIDiPm.exe
  2⤵
  PID:13092
- C:\Windows\System\dqgeBZA.exe
  C:\Windows\System\dqgeBZA.exe
  2⤵
  PID:13124
- C:\Windows\System\NvLRwnM.exe
  C:\Windows\System\NvLRwnM.exe
  2⤵
  PID:13144
- C:\Windows\System\SRjfsXJ.exe
  C:\Windows\System\SRjfsXJ.exe
  2⤵
  PID:13172
- C:\Windows\System\bbonjUt.exe
  C:\Windows\System\bbonjUt.exe
  2⤵
  PID:13196
- C:\Windows\System\noKeWVr.exe
  C:\Windows\System\noKeWVr.exe
  2⤵
  PID:13228
- C:\Windows\System\mxrWgCB.exe
  C:\Windows\System\mxrWgCB.exe
  2⤵
  PID:13256
- C:\Windows\System\teKTQfC.exe
  C:\Windows\System\teKTQfC.exe
  2⤵
  PID:13284
- C:\Windows\System\ZRaLRyc.exe
  C:\Windows\System\ZRaLRyc.exe
  2⤵
  PID:13304
- C:\Windows\System\eSuZgji.exe
  C:\Windows\System\eSuZgji.exe
  2⤵
  PID:11996
- C:\Windows\System\MyFipOw.exe
  C:\Windows\System\MyFipOw.exe
  2⤵
  PID:7740
- C:\Windows\System\heoOVvu.exe
  C:\Windows\System\heoOVvu.exe
  2⤵
  PID:12228
- C:\Windows\System\sDpmbjm.exe
  C:\Windows\System\sDpmbjm.exe
  2⤵
  PID:10860
- C:\Windows\System\kzpabRZ.exe
  C:\Windows\System\kzpabRZ.exe
  2⤵
  PID:12148
- C:\Windows\System\nAapPvD.exe
  C:\Windows\System\nAapPvD.exe
  2⤵
  PID:12292
- C:\Windows\System\tStbRsx.exe
  C:\Windows\System\tStbRsx.exe
  2⤵
  PID:11620
- C:\Windows\System\pLhcSLM.exe
  C:\Windows\System\pLhcSLM.exe
  2⤵
  PID:11420
- C:\Windows\System\FvrtDkB.exe
  C:\Windows\System\FvrtDkB.exe
  2⤵
  PID:11508
- C:\Windows\System\goMTObG.exe
  C:\Windows\System\goMTObG.exe
  2⤵
  PID:12504
- C:\Windows\System\DWOHDmn.exe
  C:\Windows\System\DWOHDmn.exe
  2⤵
  PID:12532
- C:\Windows\System\NkJdFOv.exe
  C:\Windows\System\NkJdFOv.exe
  2⤵
  PID:12420
- C:\Windows\System\PwuAPVO.exe
  C:\Windows\System\PwuAPVO.exe
  2⤵
  PID:12588
- C:\Windows\System\bYldFfn.exe
  C:\Windows\System\bYldFfn.exe
  2⤵
  PID:12612
- C:\Windows\System\kgCMmzb.exe
  C:\Windows\System\kgCMmzb.exe
  2⤵
  PID:12368
- C:\Windows\System\UrYKuSO.exe
  C:\Windows\System\UrYKuSO.exe
  2⤵
  PID:12776
- C:\Windows\System\GtvBVGR.exe
  C:\Windows\System\GtvBVGR.exe
  2⤵
  PID:12896
- C:\Windows\System\fCNxwvw.exe
  C:\Windows\System\fCNxwvw.exe
  2⤵
  PID:12692
- C:\Windows\System\JjmCLRC.exe
  C:\Windows\System\JjmCLRC.exe
  2⤵
  PID:12840
- C:\Windows\System\WVZTNmI.exe
  C:\Windows\System\WVZTNmI.exe
  2⤵
  PID:12636
- C:\Windows\System\rHCjnLm.exe
  C:\Windows\System\rHCjnLm.exe
  2⤵
  PID:12736
- C:\Windows\System\NBWbggS.exe
  C:\Windows\System\NBWbggS.exe
  2⤵
  PID:13244
- C:\Windows\System\RZPdSWT.exe
  C:\Windows\System\RZPdSWT.exe
  2⤵
  PID:13032
- C:\Windows\System\olyOqph.exe
  C:\Windows\System\olyOqph.exe
  2⤵
  PID:12020
- C:\Windows\System\TWTVVPU.exe
  C:\Windows\System\TWTVVPU.exe
  2⤵
  PID:11908
- C:\Windows\System\VTYRJOQ.exe
  C:\Windows\System\VTYRJOQ.exe
  2⤵
  PID:13276
- C:\Windows\System\ImRDINz.exe
  C:\Windows\System\ImRDINz.exe
  2⤵
  PID:12516
- C:\Windows\System\PPVqlwp.exe
  C:\Windows\System\PPVqlwp.exe
  2⤵
  PID:11060
- C:\Windows\System\EnLKWRo.exe
  C:\Windows\System\EnLKWRo.exe
  2⤵
  PID:11992
- C:\Windows\System\rDuOrXa.exe
  C:\Windows\System\rDuOrXa.exe
  2⤵
  PID:13320
- C:\Windows\System\sGfowjq.exe
  C:\Windows\System\sGfowjq.exe
  2⤵
  PID:13348
- C:\Windows\System\mnjxggf.exe
  C:\Windows\System\mnjxggf.exe
  2⤵
  PID:13380
- C:\Windows\System\zArUQKY.exe
  C:\Windows\System\zArUQKY.exe
  2⤵
  PID:13412
- C:\Windows\System\hMLSAiD.exe
  C:\Windows\System\hMLSAiD.exe
  2⤵
  PID:13444
- C:\Windows\System\VqDFOQS.exe
  C:\Windows\System\VqDFOQS.exe
  2⤵
  PID:13468
- C:\Windows\System\TGvByBt.exe
  C:\Windows\System\TGvByBt.exe
  2⤵
  PID:13492
- C:\Windows\System\msamXoy.exe
  C:\Windows\System\msamXoy.exe
  2⤵
  PID:13516
- C:\Windows\System\sITeeji.exe
  C:\Windows\System\sITeeji.exe
  2⤵
  PID:13540
- C:\Windows\System\TRxlWiD.exe
  C:\Windows\System\TRxlWiD.exe
  2⤵
  PID:13568
- C:\Windows\System\ifIbuLh.exe
  C:\Windows\System\ifIbuLh.exe
  2⤵
  PID:13592
- C:\Windows\System\dXCrDsH.exe
  C:\Windows\System\dXCrDsH.exe
  2⤵
  PID:13620
- C:\Windows\System\eCaHYbk.exe
  C:\Windows\System\eCaHYbk.exe
  2⤵
  PID:13640
- C:\Windows\System\jqmaHUg.exe
  C:\Windows\System\jqmaHUg.exe
  2⤵
  PID:13668
- C:\Windows\System\UDxsXQn.exe
  C:\Windows\System\UDxsXQn.exe
  2⤵
  PID:13708
- C:\Windows\System\INjOJiM.exe
  C:\Windows\System\INjOJiM.exe
  2⤵
  PID:13736
- C:\Windows\System\roIgihF.exe
  C:\Windows\System\roIgihF.exe
  2⤵
  PID:13756
- C:\Windows\System\PFtwhWX.exe
  C:\Windows\System\PFtwhWX.exe
  2⤵
  PID:13784
- C:\Windows\System\RyXSZwI.exe
  C:\Windows\System\RyXSZwI.exe
  2⤵
  PID:13808
- C:\Windows\System\YmKiyqd.exe
  C:\Windows\System\YmKiyqd.exe
  2⤵
  PID:13828
- C:\Windows\System\qEADsll.exe
  C:\Windows\System\qEADsll.exe
  2⤵
  PID:13860
- C:\Windows\System\yODaXkR.exe
  C:\Windows\System\yODaXkR.exe
  2⤵
  PID:13880
- C:\Windows\System\UItVqXW.exe
  C:\Windows\System\UItVqXW.exe
  2⤵
  PID:13908
- C:\Windows\System\rzdCsAT.exe
  C:\Windows\System\rzdCsAT.exe
  2⤵
  PID:13940
- C:\Windows\System\UjsfvFU.exe
  C:\Windows\System\UjsfvFU.exe
  2⤵
  PID:13120
- C:\Windows\System\sgUGPGL.exe
  C:\Windows\System\sgUGPGL.exe
  2⤵
  PID:13212
- C:\Windows\System\nlYCORy.exe
  C:\Windows\System\nlYCORy.exe
  2⤵
  PID:12772
- C:\Windows\System\tHIGwfB.exe
  C:\Windows\System\tHIGwfB.exe
  2⤵
  PID:12380
- C:\Windows\System\kavJbRj.exe
  C:\Windows\System\kavJbRj.exe
  2⤵
  PID:11800
- C:\Windows\System\HCqgOfT.exe
  C:\Windows\System\HCqgOfT.exe
  2⤵
  PID:13316
- C:\Windows\System\QjJYnSN.exe
  C:\Windows\System\QjJYnSN.exe
  2⤵
  PID:12600
- C:\Windows\System\ZTFZTfc.exe
  C:\Windows\System\ZTFZTfc.exe
  2⤵
  PID:13192
- C:\Windows\System\RlcPZxc.exe
  C:\Windows\System\RlcPZxc.exe
  2⤵
  PID:9136
- C:\Windows\System\tGoGtcF.exe
  C:\Windows\System\tGoGtcF.exe
  2⤵
  PID:12680
- C:\Windows\System\JCBNUGE.exe
  C:\Windows\System\JCBNUGE.exe
  2⤵
  PID:12812
- C:\Windows\System\cogeDoT.exe
  C:\Windows\System\cogeDoT.exe
  2⤵
  PID:12904
- C:\Windows\System\ERCuzmw.exe
  C:\Windows\System\ERCuzmw.exe
  2⤵
  PID:13616
- C:\Windows\System\FfEQpJD.exe
  C:\Windows\System\FfEQpJD.exe
  2⤵
  PID:13184
- C:\Windows\System\svlMpnv.exe
  C:\Windows\System\svlMpnv.exe
  2⤵
  PID:13952
- C:\Windows\System\YslaSLA.exe
  C:\Windows\System\YslaSLA.exe
  2⤵
  PID:13768
- C:\Windows\System\XPuTQru.exe
  C:\Windows\System\XPuTQru.exe
  2⤵
  PID:13528
- C:\Windows\System\KjmArAz.exe
  C:\Windows\System\KjmArAz.exe
  2⤵
  PID:13560
- C:\Windows\System\ywpyTmL.exe
  C:\Windows\System\ywpyTmL.exe
  2⤵
  PID:13584
- C:\Windows\System\qZKsMUM.exe
  C:\Windows\System\qZKsMUM.exe
  2⤵
  PID:13636
- C:\Windows\System\dGrqVFP.exe
  C:\Windows\System\dGrqVFP.exe
  2⤵
  PID:13716
- C:\Windows\System\syXXrJF.exe
  C:\Windows\System\syXXrJF.exe
  2⤵
  PID:13792
- C:\Windows\System\DuxDuTC.exe
  C:\Windows\System\DuxDuTC.exe
  2⤵
  PID:13856
- C:\Windows\System\liLqOXU.exe
  C:\Windows\System\liLqOXU.exe
  2⤵
  PID:14032
- C:\Windows\System\OfQXhiy.exe
  C:\Windows\System\OfQXhiy.exe
  2⤵
  PID:14164
- C:\Windows\System\qMsPbDt.exe
  C:\Windows\System\qMsPbDt.exe
  2⤵
  PID:14268
- C:\Windows\System\fhpTbJK.exe
  C:\Windows\System\fhpTbJK.exe
  2⤵
  PID:14332
- C:\Windows\System\BadbcPI.exe
  C:\Windows\System\BadbcPI.exe
  2⤵
  PID:12324
- C:\Windows\System\gCxrZVa.exe
  C:\Windows\System\gCxrZVa.exe
  2⤵
  PID:12752
- C:\Windows\System\YZEDrpG.exe
  C:\Windows\System\YZEDrpG.exe
  2⤵
  PID:13048
- C:\Windows\System\xEuuVeg.exe
  C:\Windows\System\xEuuVeg.exe
  2⤵
  PID:11112
- C:\Windows\System\lJJbVGH.exe
  C:\Windows\System\lJJbVGH.exe
  2⤵
  PID:12952
- C:\Windows\System\MePdezu.exe
  C:\Windows\System\MePdezu.exe
  2⤵
  PID:13456
- C:\Windows\System\HEuMzcn.exe
  C:\Windows\System\HEuMzcn.exe
  2⤵
  PID:13868
- C:\Windows\System\Cppnisl.exe
  C:\Windows\System\Cppnisl.exe
  2⤵
  PID:13728
- C:\Windows\System\nBHZAoi.exe
  C:\Windows\System\nBHZAoi.exe
  2⤵
  PID:13608
- C:\Windows\System\vNKGDIJ.exe
  C:\Windows\System\vNKGDIJ.exe
  2⤵
  PID:14192
- C:\Windows\System\GuBpXxk.exe
  C:\Windows\System\GuBpXxk.exe
  2⤵
  PID:14536
- C:\Windows\System\umDFQuI.exe
  C:\Windows\System\umDFQuI.exe
  2⤵
  PID:14560
- C:\Windows\System\FawTegU.exe
  C:\Windows\System\FawTegU.exe
  2⤵
  PID:14584
- C:\Windows\System\xfFGkoA.exe
  C:\Windows\System\xfFGkoA.exe
  2⤵
  PID:14600
- C:\Windows\System\eGrtUdw.exe
  C:\Windows\System\eGrtUdw.exe
  2⤵
  PID:14632
- C:\Windows\System\manHNjt.exe
  C:\Windows\System\manHNjt.exe
  2⤵
  PID:14660
- C:\Windows\System\OpQkFDk.exe
  C:\Windows\System\OpQkFDk.exe
  2⤵
  PID:14676
- C:\Windows\System\wkwBLdR.exe
  C:\Windows\System\wkwBLdR.exe
  2⤵
  PID:14692
- C:\Windows\System\YnDvJwU.exe
  C:\Windows\System\YnDvJwU.exe
  2⤵
  PID:14716
- C:\Windows\System\GXPbxnT.exe
  C:\Windows\System\GXPbxnT.exe
  2⤵
  PID:14744
- C:\Windows\System\KjSibOf.exe
  C:\Windows\System\KjSibOf.exe
  2⤵
  PID:14764
- C:\Windows\System\VRoJpXX.exe
  C:\Windows\System\VRoJpXX.exe
  2⤵
  PID:14780
- C:\Windows\System\cveOMJm.exe
  C:\Windows\System\cveOMJm.exe
  2⤵
  PID:14800
- C:\Windows\System\WcMXeoM.exe
  C:\Windows\System\WcMXeoM.exe
  2⤵
  PID:14828
- C:\Windows\System\SrWSCvT.exe
  C:\Windows\System\SrWSCvT.exe
  2⤵
  PID:14852
- C:\Windows\System\tTQsCgj.exe
  C:\Windows\System\tTQsCgj.exe
  2⤵
  PID:14868
- C:\Windows\System\UoszYPF.exe
  C:\Windows\System\UoszYPF.exe
  2⤵
  PID:14884
- C:\Windows\System\NpHDOdU.exe
  C:\Windows\System\NpHDOdU.exe
  2⤵
  PID:14908
- C:\Windows\System\hPDQgla.exe
  C:\Windows\System\hPDQgla.exe
  2⤵
  PID:14940
- C:\Windows\System\dAidFlw.exe
  C:\Windows\System\dAidFlw.exe
  2⤵
  PID:14960
- C:\Windows\System\XgxVNLQ.exe
  C:\Windows\System\XgxVNLQ.exe
  2⤵
  PID:14976
- C:\Windows\System\sDVAkCC.exe
  C:\Windows\System\sDVAkCC.exe
  2⤵
  PID:14996
- C:\Windows\System\Vpihwbr.exe
  C:\Windows\System\Vpihwbr.exe
  2⤵
  PID:15028
- C:\Windows\System\upAxmds.exe
  C:\Windows\System\upAxmds.exe
  2⤵
  PID:15048
- C:\Windows\System\jQMyDdq.exe
  C:\Windows\System\jQMyDdq.exe
  2⤵
  PID:15068
- C:\Windows\System\dtGsOCT.exe
  C:\Windows\System\dtGsOCT.exe
  2⤵
  PID:15084
- C:\Windows\System\dHBXTWy.exe
  C:\Windows\System\dHBXTWy.exe
  2⤵
  PID:15100
- C:\Windows\System\PWPGzYu.exe
  C:\Windows\System\PWPGzYu.exe
  2⤵
  PID:15116
- C:\Windows\System\icjZkDA.exe
  C:\Windows\System\icjZkDA.exe
  2⤵
  PID:15144
- C:\Windows\System\fmmOehe.exe
  C:\Windows\System\fmmOehe.exe
  2⤵
  PID:15180
- C:\Windows\System\dzACfqE.exe
  C:\Windows\System\dzACfqE.exe
  2⤵
  PID:15196
- C:\Windows\System\TIXUnYr.exe
  C:\Windows\System\TIXUnYr.exe
  2⤵
  PID:15220
- C:\Windows\System\iMHWvml.exe
  C:\Windows\System\iMHWvml.exe
  2⤵
  PID:15240
- C:\Windows\System\AKZthsj.exe
  C:\Windows\System\AKZthsj.exe
  2⤵
  PID:15268
- C:\Windows\System\sXdsDYl.exe
  C:\Windows\System\sXdsDYl.exe
  2⤵
  PID:15296
- C:\Windows\System\aiiWWLX.exe
  C:\Windows\System\aiiWWLX.exe
  2⤵
  PID:15320
- C:\Windows\System\RCfdICq.exe
  C:\Windows\System\RCfdICq.exe
  2⤵
  PID:15340
- C:\Windows\System\pbqEPVs.exe
  C:\Windows\System\pbqEPVs.exe
  2⤵
  PID:13556
- C:\Windows\System\cYnYLVe.exe
  C:\Windows\System\cYnYLVe.exe
  2⤵
  PID:12088
- C:\Windows\System\LCjRPyb.exe
  C:\Windows\System\LCjRPyb.exe
  2⤵
  PID:14344
- C:\Windows\System\WJIpbBh.exe
  C:\Windows\System\WJIpbBh.exe
  2⤵
  PID:14372
- C:\Windows\System\fmWNVvK.exe
  C:\Windows\System\fmWNVvK.exe
  2⤵
  PID:14396
- C:\Windows\System\huTKHpn.exe
  C:\Windows\System\huTKHpn.exe
  2⤵
  PID:14432
- C:\Windows\System\QnEUsKN.exe
  C:\Windows\System\QnEUsKN.exe
  2⤵
  PID:14460
- C:\Windows\System\jvmkitw.exe
  C:\Windows\System\jvmkitw.exe
  2⤵
  PID:14480
- C:\Windows\System\hOMwDwi.exe
  C:\Windows\System\hOMwDwi.exe
  2⤵
  PID:14504
- C:\Windows\System\azunzxk.exe
  C:\Windows\System\azunzxk.exe
  2⤵
  PID:14544
- C:\Windows\System\qKPlFyW.exe
  C:\Windows\System\qKPlFyW.exe
  2⤵
  PID:14008
- C:\Windows\System\OGFNBan.exe
  C:\Windows\System\OGFNBan.exe
  2⤵
  PID:14704
- C:\Windows\System\VQCQEkq.exe
  C:\Windows\System\VQCQEkq.exe
  2⤵
  PID:14552
- C:\Windows\System\tRmrpLO.exe
  C:\Windows\System\tRmrpLO.exe
  2⤵
  PID:14812
- C:\Windows\System\HnhOoTK.exe
  C:\Windows\System\HnhOoTK.exe
  2⤵
  PID:13996
- C:\Windows\System\YNieuFg.exe
  C:\Windows\System\YNieuFg.exe
  2⤵
  PID:14684
- C:\Windows\System\qFEVLKH.exe
  C:\Windows\System\qFEVLKH.exe
  2⤵
  PID:14772
- C:\Windows\System\XREQNHe.exe
  C:\Windows\System\XREQNHe.exe
  2⤵
  PID:15020
- C:\Windows\System\ARmdozb.exe
  C:\Windows\System\ARmdozb.exe
  2⤵
  PID:14656
- C:\Windows\System\TkwaHHL.exe
  C:\Windows\System\TkwaHHL.exe
  2⤵
  PID:15132
- C:\Windows\System\iXPspHf.exe
  C:\Windows\System\iXPspHf.exe
  2⤵
  PID:11484
- C:\Windows\System\PbiFKER.exe
  C:\Windows\System\PbiFKER.exe
  2⤵
  PID:3456
- C:\Windows\System\tALVAlp.exe
  C:\Windows\System\tALVAlp.exe
  2⤵
  PID:15308
- C:\Windows\System\VpawNbR.exe
  C:\Windows\System\VpawNbR.exe
  2⤵
  PID:14900
- C:\Windows\System\KafeFex.exe
  C:\Windows\System\KafeFex.exe
  2⤵
  PID:14968
- C:\Windows\System\GKcFQpi.exe
  C:\Windows\System\GKcFQpi.exe
  2⤵
  PID:14988
- C:\Windows\System\nOoyVvJ.exe
  C:\Windows\System\nOoyVvJ.exe
  2⤵
  PID:14516
- C:\Windows\System\VCsghXU.exe
  C:\Windows\System\VCsghXU.exe
  2⤵
  PID:15336
- C:\Windows\System\vAKkwMV.exe
  C:\Windows\System\vAKkwMV.exe
  2⤵
  PID:14728
- C:\Windows\System\vaQJGWh.exe
  C:\Windows\System\vaQJGWh.exe
  2⤵
  PID:14384
- C:\Windows\System\AsLvnTb.exe
  C:\Windows\System\AsLvnTb.exe
  2⤵
  PID:15208
- C:\Windows\System\TJXWhrk.exe
  C:\Windows\System\TJXWhrk.exe
  2⤵
  PID:14836
- C:\Windows\System\DRpkJNn.exe
  C:\Windows\System\DRpkJNn.exe
  2⤵
  PID:15264
- C:\Windows\System\EglbkBJ.exe
  C:\Windows\System\EglbkBJ.exe
  2⤵
  PID:15388
- C:\Windows\System\LSmQHrN.exe
  C:\Windows\System\LSmQHrN.exe
  2⤵
  PID:15424
- C:\Windows\System\sNViUNa.exe
  C:\Windows\System\sNViUNa.exe
  2⤵
  PID:15448
- C:\Windows\System\hbIsVmT.exe
  C:\Windows\System\hbIsVmT.exe
  2⤵
  PID:15468
- C:\Windows\System\QgVPWfo.exe
  C:\Windows\System\QgVPWfo.exe
  2⤵
  PID:15492
- C:\Windows\System\OfXmWNZ.exe
  C:\Windows\System\OfXmWNZ.exe
  2⤵
  PID:15520
- C:\Windows\System\QoyGMkI.exe
  C:\Windows\System\QoyGMkI.exe
  2⤵
  PID:15552
- C:\Windows\System\bKhZGzL.exe
  C:\Windows\System\bKhZGzL.exe
  2⤵
  PID:15584
- C:\Windows\System\dNFwBOV.exe
  C:\Windows\System\dNFwBOV.exe
  2⤵
  PID:15608
- C:\Windows\System\MDmQwzx.exe
  C:\Windows\System\MDmQwzx.exe
  2⤵
  PID:15628
- C:\Windows\System\WiDNEUJ.exe
  C:\Windows\System\WiDNEUJ.exe
  2⤵
  PID:15652
- C:\Windows\System\AyuuKTA.exe
  C:\Windows\System\AyuuKTA.exe
  2⤵
  PID:15668
- C:\Windows\System\LaRzzXs.exe
  C:\Windows\System\LaRzzXs.exe
  2⤵
  PID:15692
- C:\Windows\System\lUGfMYU.exe
  C:\Windows\System\lUGfMYU.exe
  2⤵
  PID:15716
- C:\Windows\System\NBuGqEu.exe
  C:\Windows\System\NBuGqEu.exe
  2⤵
  PID:15740
- C:\Windows\System\JlBveuo.exe
  C:\Windows\System\JlBveuo.exe
  2⤵
  PID:15764
- C:\Windows\System\ocvAzgU.exe
  C:\Windows\System\ocvAzgU.exe
  2⤵
  PID:15784
- C:\Windows\System\eBRThOC.exe
  C:\Windows\System\eBRThOC.exe
  2⤵
  PID:15820
- C:\Windows\System\xrnjDdq.exe
  C:\Windows\System\xrnjDdq.exe
  2⤵
  PID:15840
- C:\Windows\System\mZDHTxn.exe
  C:\Windows\System\mZDHTxn.exe
  2⤵
  PID:15864
- C:\Windows\System\kHImCgS.exe
  C:\Windows\System\kHImCgS.exe
  2⤵
  PID:15880
- C:\Windows\System\sGYyWsL.exe
  C:\Windows\System\sGYyWsL.exe
  2⤵
  PID:15904
- C:\Windows\System\PTTYzFb.exe
  C:\Windows\System\PTTYzFb.exe
  2⤵
  PID:15928
- C:\Windows\System\BDiUUgq.exe
  C:\Windows\System\BDiUUgq.exe
  2⤵
  PID:15956
- C:\Windows\System\bdxGshl.exe
  C:\Windows\System\bdxGshl.exe
  2⤵
  PID:15988
- C:\Windows\System\awTiMDu.exe
  C:\Windows\System\awTiMDu.exe
  2⤵
  PID:16008
- C:\Windows\System\lbqOfgg.exe
  C:\Windows\System\lbqOfgg.exe
  2⤵
  PID:16032
- C:\Windows\System\nDWKDDQ.exe
  C:\Windows\System\nDWKDDQ.exe
  2⤵
  PID:16052
- C:\Windows\System\xvIWDPm.exe
  C:\Windows\System\xvIWDPm.exe
  2⤵
  PID:16084
- C:\Windows\System\UzvapsF.exe
  C:\Windows\System\UzvapsF.exe
  2⤵
  PID:16108
- C:\Windows\System\PjhsrRO.exe
  C:\Windows\System\PjhsrRO.exe
  2⤵
  PID:16128
- C:\Windows\System\HRxhQnV.exe
  C:\Windows\System\HRxhQnV.exe
  2⤵
  PID:16152
- C:\Windows\System\UbqsoYX.exe
  C:\Windows\System\UbqsoYX.exe
  2⤵
  PID:16176
- C:\Windows\System\hGswLEY.exe
  C:\Windows\System\hGswLEY.exe
  2⤵
  PID:16200
- C:\Windows\System\ZvxSWEP.exe
  C:\Windows\System\ZvxSWEP.exe
  2⤵
  PID:16220
- C:\Windows\System\cbejhED.exe
  C:\Windows\System\cbejhED.exe
  2⤵
  PID:16244
- C:\Windows\System\LhqBMtK.exe
  C:\Windows\System\LhqBMtK.exe
  2⤵
  PID:16264
- C:\Windows\System\CnYmLox.exe
  C:\Windows\System\CnYmLox.exe
  2⤵
  PID:16288
- C:\Windows\System\rVHIKSH.exe
  C:\Windows\System\rVHIKSH.exe
  2⤵
  PID:16308
- C:\Windows\System\tBQxbol.exe
  C:\Windows\System\tBQxbol.exe
  2⤵
  PID:11084
- C:\Windows\System\WqluDzX.exe
  C:\Windows\System\WqluDzX.exe
  2⤵
  PID:14500
- C:\Windows\System\uxDvfVf.exe
  C:\Windows\System\uxDvfVf.exe
  2⤵
  PID:15416
- C:\Windows\System\NzSAPbe.exe
  C:\Windows\System\NzSAPbe.exe
  2⤵
  PID:15444
- C:\Windows\System\mrXoPWx.exe
  C:\Windows\System\mrXoPWx.exe
  2⤵
  PID:15288
- C:\Windows\System\CkAMIXk.exe
  C:\Windows\System\CkAMIXk.exe
  2⤵
  PID:15580
- C:\Windows\System\ZfdXqju.exe
  C:\Windows\System\ZfdXqju.exe
  2⤵
  PID:15596
- C:\Windows\System\AuohKGe.exe
  C:\Windows\System\AuohKGe.exe
  2⤵
  PID:15376
- C:\Windows\System\LQImTCD.exe
  C:\Windows\System\LQImTCD.exe
  2⤵
  PID:15408
- C:\Windows\System\QmrlSVh.exe
  C:\Windows\System\QmrlSVh.exe
  2⤵
  PID:15892
- C:\Windows\System\DuuWQzt.exe
  C:\Windows\System\DuuWQzt.exe
  2⤵
  PID:15536
- C:\Windows\System\grhCaow.exe
  C:\Windows\System\grhCaow.exe
  2⤵
  PID:16020
- C:\Windows\System\TIZvPsM.exe
  C:\Windows\System\TIZvPsM.exe
  2⤵
  PID:16064
- C:\Windows\System\fZCpbhK.exe
  C:\Windows\System\fZCpbhK.exe
  2⤵
  PID:15688
- C:\Windows\System\OSpmFZZ.exe
  C:\Windows\System\OSpmFZZ.exe
  2⤵
  PID:16208
- C:\Windows\System\dlOykfi.exe
  C:\Windows\System\dlOykfi.exe
  2⤵
  PID:15828
- C:\Windows\System\egurjCq.exe
  C:\Windows\System\egurjCq.exe
  2⤵
  PID:15860
- C:\Windows\System\oJEsOPx.exe
  C:\Windows\System\oJEsOPx.exe
  2⤵
  PID:15976
- C:\Windows\System\DtyblLi.exe
  C:\Windows\System\DtyblLi.exe
  2⤵
  PID:16344
- C:\Windows\System\NTkIDQR.exe
  C:\Windows\System\NTkIDQR.exe
  2⤵
  PID:16116
- C:\Windows\System\cVljFLQ.exe
  C:\Windows\System\cVljFLQ.exe
  2⤵
  PID:14452
- C:\Windows\System\yXpxlfD.exe
  C:\Windows\System\yXpxlfD.exe
  2⤵
  PID:16184
- C:\Windows\System\VGHiCxW.exe
  C:\Windows\System\VGHiCxW.exe
  2⤵
  PID:12560
- C:\Windows\System\rikzPbb.exe
  C:\Windows\System\rikzPbb.exe
  2⤵
  PID:15128
- C:\Windows\System\BhxdQmi.exe
  C:\Windows\System\BhxdQmi.exe
  2⤵
  PID:14392
- C:\Windows\System\tjGVHMJ.exe
  C:\Windows\System\tjGVHMJ.exe
  2⤵
  PID:15380
- C:\Windows\System\ljfzwHz.exe
  C:\Windows\System\ljfzwHz.exe
  2⤵
  PID:16388
- C:\Windows\System\drqCtyX.exe
  C:\Windows\System\drqCtyX.exe
  2⤵
  PID:16412
- C:\Windows\System\mGQZiil.exe
  C:\Windows\System\mGQZiil.exe
  2⤵
  PID:16440
- C:\Windows\System\ztmGciZ.exe
  C:\Windows\System\ztmGciZ.exe
  2⤵
  PID:16464
- C:\Windows\System\pBwNTqG.exe
  C:\Windows\System\pBwNTqG.exe
  2⤵
  PID:16500
- C:\Windows\System\PkrlIgw.exe
  C:\Windows\System\PkrlIgw.exe
  2⤵
  PID:16544
- C:\Windows\System\idhMNVz.exe
  C:\Windows\System\idhMNVz.exe
  2⤵
  PID:16572
- C:\Windows\System\UqtvaOx.exe
  C:\Windows\System\UqtvaOx.exe
  2⤵
  PID:16596
- C:\Windows\System\RlMtYxa.exe
  C:\Windows\System\RlMtYxa.exe
  2⤵
  PID:16624
- C:\Windows\System\NqlRXve.exe
  C:\Windows\System\NqlRXve.exe
  2⤵
  PID:16648
- C:\Windows\System\ipUQoxm.exe
  C:\Windows\System\ipUQoxm.exe
  2⤵
  PID:16680
- C:\Windows\System\eOGzQTa.exe
  C:\Windows\System\eOGzQTa.exe
  2⤵
  PID:16696
- C:\Windows\System\ZVIGipU.exe
  C:\Windows\System\ZVIGipU.exe
  2⤵
  PID:16716
- C:\Windows\System\HYKrFTP.exe
  C:\Windows\System\HYKrFTP.exe
  2⤵
  PID:16732
- C:\Windows\System\ivSsjuT.exe
  C:\Windows\System\ivSsjuT.exe
  2⤵
  PID:16760
- C:\Windows\System\rMUybOC.exe
  C:\Windows\System\rMUybOC.exe
  2⤵
  PID:16784
- C:\Windows\System\EMtYpcu.exe
  C:\Windows\System\EMtYpcu.exe
  2⤵
  PID:16800
- C:\Windows\System\YzAKpXT.exe
  C:\Windows\System\YzAKpXT.exe
  2⤵
  PID:16816
- C:\Windows\System\efNRpEZ.exe
  C:\Windows\System\efNRpEZ.exe
  2⤵
  PID:16836
- C:\Windows\System\IJgHgAh.exe
  C:\Windows\System\IJgHgAh.exe
  2⤵
  PID:16872
- C:\Windows\System\ybWEUYJ.exe
  C:\Windows\System\ybWEUYJ.exe
  2⤵
  PID:16900
- C:\Windows\System\HoCLbfV.exe
  C:\Windows\System\HoCLbfV.exe
  2⤵
  PID:16920
- C:\Windows\System\INxIqZD.exe
  C:\Windows\System\INxIqZD.exe
  2⤵
  PID:16948
- C:\Windows\System\IeWVCVB.exe
  C:\Windows\System\IeWVCVB.exe
  2⤵
  PID:16980
- C:\Windows\System\HTXkaPy.exe
  C:\Windows\System\HTXkaPy.exe
  2⤵
  PID:17008
- C:\Windows\System\OKAzqsW.exe
  C:\Windows\System\OKAzqsW.exe
  2⤵
  PID:17032
- C:\Windows\System\NvXCbOK.exe
  C:\Windows\System\NvXCbOK.exe
  2⤵
  PID:17064
- C:\Windows\System\uUdhhFP.exe
  C:\Windows\System\uUdhhFP.exe
  2⤵
  PID:17080

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17340

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16888

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15368

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17352

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:17348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CUNUFFV.exe

Filesize
1.5MB

MD5
bc6572130f0dbedfe9544ec0caee6ce8

SHA1
03eb3c0f0f53864c7ffde8cd78d2cc626f437aa0

SHA256
6d84b7a7559faa253d19962ca84583a868bf8de8e4331e3217d51db20057f049

SHA512
ed0714948db1e45b31163dae8a92a0080790d14e4c0c2798138295145515272e8b50749e155a43498a00e859939c94e4992b29173fc490fa07e08a677ddd1077

Download Submit
C:\Windows\System\GFkcVjx.exe

Filesize
1.5MB

MD5
940c743d2fd6d529fd2325a4a96e037f

SHA1
5a07d8120889bec4ed732eb2a4958f9466a7a960

SHA256
f4034f4ca35207027202d189b91d3f10171c7d3dc1c0900c49169393714392b4

SHA512
4c5e0d3fe776450e0d59a4662bf05426781ce4ae2f385d1a2f891055a9dd3447946fc4ff4544fce0954e8e86355dbca33b1086d462549cccd18af73ae839d057

Download Submit
C:\Windows\System\GqjpzPL.exe

Filesize
1.5MB

MD5
2aceeda196ebe830c2f8a8e90205320a

SHA1
879c624fc9156691f6936427f01a02a5e40947f1

SHA256
d107b88a611f03a3f0ef187bb626b7d7fb9405bf6e8974323124565bbde0b328

SHA512
1c472d0e1ee6a0b56c4398218763f7ff0d7a3e62613040f696bab0e27ba0d782ba10f402353cf490840b832b6e59df8d96a9fe89b30b4a6fad58946c9be3f11c

Download Submit
C:\Windows\System\HrpEUHl.exe

Filesize
1.5MB

MD5
9743207c4e533432613fc7f820e21fe7

SHA1
74d69d14adcb7af2c5c5bd1465ca734809d057c3

SHA256
cabdc6b80b55e99692ee701df7c5a39d427b66093dfc7b5b140c8e809cd42806

SHA512
cc75d17298ef8ff229fa1b5807b4a33757c4ad36450326af3dd5f6308ee96f414c152f007baabad3fdfa844fe3bbaf5eeb0d490f04816584b2a189aa7aa201b1

Download Submit
C:\Windows\System\ICYdRJS.exe

Filesize
1.5MB

MD5
289f2c914875b03f279b856ae4f582d9

SHA1
51eafecd049741c0cc0fee0dc6cd71c46dad70e6

SHA256
feabb8aedbfa33e56ff9162683971510772fbe0a8f24e7d8fea55cd7db0b5cc5

SHA512
1fff27f7f2cd64e9eef80be6def816efb888d7da3adf0ae40623c94c5daf9ff65c656c4b118264eb0134bd076752fa331e9ef06fd65602d4b78dc702cbaabaf9

Download Submit
C:\Windows\System\IoJOEST.exe

Filesize
1.5MB

MD5
09729ede64fb99116e79be87a006f1fe

SHA1
f9bc52dc35fefaf0baa8423c86bfb5bc89d346a3

SHA256
1a1c8796ff031f3399d74fb5939ed88359a30b4a07ef883aac0a4f1aceecd502

SHA512
ef6b0b1119cc2476563517a336eb682a4fe60c8b87eef1db9846743711d9cde32a18dd7e9a8f709db545a5df6eae9140e340dbc6ee984811162f93dd36accd7f

Download Submit
C:\Windows\System\JrWIHfB.exe

Filesize
1.5MB

MD5
b879d0ce9f1ec54f5061b395106e27d6

SHA1
f9a578bb610caa568f7a8216bfe4db67e7b414a1

SHA256
a56af2a26acff84f93956572aea292c3fec9e21d6c22fc8d0c7cd38545b8e234

SHA512
e430ca793d33b771c9d60b1635fa702d962ff765cf3559c034e71d8ff6c069c0ef56c2e639f4c58516fac882dac94ed5e67391e5e60394ffbb8230c0f95d80a0

Download Submit
C:\Windows\System\KDWIcFi.exe

Filesize
1.5MB

MD5
cef0d1f849ca54197c4a2ec4581f527c

SHA1
de6dffd14d94ba259514b524d809df48d1523f51

SHA256
1550c30475db699520fe5cc93472f838408962fab30739d2456902882958a37f

SHA512
5aaf4f16da2ecbd3854c35b308cdc8c5ab18bf40e4a409ebba9cd6c62a794d6667b3116ed7b81765434a2f5abd24916ed309075e99ac72fd1e94db43251a8913

Download Submit
C:\Windows\System\KHrwaZM.exe

Filesize
1.5MB

MD5
86c448677593f8a62916ec57c3d4ff30

SHA1
d19e0ead764217148a0dd3db717c37d5ee483ade

SHA256
36aaaec16cda35430c0c7b4d19a1a074a1908594e77a8b71a453a737402af26c

SHA512
36206e2e399862e862af0baae42de1491c663b580b59934b3824ff9e49a067ae6f6f707429ba7425da815cf21e9079910e954cd382b3203e2566e9a18e17e241

Download Submit
C:\Windows\System\LFMjEqg.exe

Filesize
1.5MB

MD5
49275529794a3b7f0a7887e0a2a5ad2b

SHA1
3b3ce950d134002664421d0722ec3e53d04479b2

SHA256
325e9920f5f8dff01989290c917b7bdc38aa95e84d6bd00bdeb77338838f5c1e

SHA512
4b9d0d1589aa44cfd1f80ad2dd034a6697454512a724ddc9a0b3008d47961e3497570c9c3d34196b054bc41b7566a1e3a16a269dd78eb4a9a9fc4a4336d07a4e

Download Submit
C:\Windows\System\OkuiuEJ.exe

Filesize
1.5MB

MD5
222130d9de1c6c1ab550f2273ad5a829

SHA1
04b82d2764207f01a57e2e3c2b4a00e78e3e9036

SHA256
287f4bb0b53b1475b62080e513a46cd5461648a5a6fcb704e6936e31df8f4247

SHA512
b7cb02778e05a2fd866869b5af1f14caff1ca718a1ad100b288f499448437c69d3bc86669ae43baef3d16800f9af932518a219b7bff31201700d6fdaa389577b

Download Submit
C:\Windows\System\QTcbpYP.exe

Filesize
1.5MB

MD5
0757cb2b77bfa8dce31bf247d03e67d0

SHA1
766f486511f47a66da037ddfe145ce45faa5c273

SHA256
13e2375f6c7e0fd5294ddaceb3d6f646e3ecdbc6cc2c17a4544ef0e1a81455cf

SHA512
cdaef659419083f2f235a1ff1041eb124d06c064c792fd9bb64288fcb1dc203abfe82b1c2ca418a1980f395c51f95fac5cc4cfbf60283433d8645cc56651c4f5

Download Submit
C:\Windows\System\QoYImOt.exe

Filesize
1.5MB

MD5
a004a174ef88011ef6bbfb996dd14330

SHA1
d875e2465aa2e990bf3903980f496587a7402cdb

SHA256
6754e0403a2d0f607f612f27cb12140877596ff77a6847d1677c32b85c706451

SHA512
52db7e25b1017cbd494cd78deb38c5cd9b51b8d031cd75323d229b15ee2b62fa95414a55e0352527d518d17bf327bae3d2354d2bc0a1077dcd919a7bd3c901bd

Download Submit
C:\Windows\System\UWxXMLA.exe

Filesize
1.5MB

MD5
ba20bad9ebc21be8ac176b7a616026a5

SHA1
577bcc41b031ab108a1f975aa05a020bb9b4ff90

SHA256
14dc7acbad4d1e6e2f0f96e7735fce80e5e88c5cb02be9fc699bf2cc4f6b662d

SHA512
05fc0acae055de76d897e0b0911633e82abebc48160820543e3ac7dde17d3264d5965cac7d3a2ac284415016a7f928b4826ca6fce9e8506d2385e04714a190e7

Download Submit
C:\Windows\System\WMJbOFR.exe

Filesize
1.5MB

MD5
51d0d052cf98af4abfd51f3c0e3d271d

SHA1
e714a666b9475fb1c062bd1161964d3770e85493

SHA256
bea24ca87c33907d634d1cd96d8304dd7fb84323f221075ef4f83eb821d1983b

SHA512
b532344b999a2533d6bd96b20507be66068cb879b53b7af331f3c75efb483259527ea873342e3b968654cfc1edf86bff6a7750653aa79ea31a413e217222b7df

Download Submit
C:\Windows\System\XtknIWX.exe

Filesize
1.5MB

MD5
57ba15c9f90eb53f60f54c136a25d7ca

SHA1
f855f08a1ffaf3432deac3a35907f7244b142419

SHA256
ff18568064d160b6cd3ac8153b71f197bae3206f35628471b5988bf422a4c048

SHA512
20b7b836f8f8ede6375f12c6de792c00404258dfddfbcadb0ad732de20a324d9e43ebb37707b06b9b2d37ee923373a9d2ee3c0794c42593ecee2d5bd9c49460d

Download Submit
C:\Windows\System\YTmuaKV.exe

Filesize
1.5MB

MD5
4e39d46e7b3d914b395438fb9719b567

SHA1
15f1fc7ca50cb42292e878d578a30f2b23f22ba6

SHA256
08e3ace630fe4bc7ab8bbd899dc75c2e92ba00e7f700d14e081e542638672b1d

SHA512
358876c7137e538f30e59264a6dbe87ec122a00ed4293771a911849b3147273f26bcc5e0fefeb4ad4c0bd0660dc8fa4c2a2b5e59e7d3036e0c34b934d4eb408b

Download Submit
C:\Windows\System\dLMrWJC.exe

Filesize
1.5MB

MD5
64cc90a38a722fc1f5f2ab22019b9c70

SHA1
9979ef46308683dc2b5a878186b178f0511d5008

SHA256
f2fbd365760f6f740d2c7f669c5f85e8c9b4239895e1000dcb98aac1b2556eaa

SHA512
2cd5d78e44fc854b95c3033d198e5b5c06b36156759c2f57cf6eb02ba4a0d035bd236cce9a753b209a93f120b6d4b7cf9306287b43cb4f6fa782124680258f61

Download Submit
C:\Windows\System\drujxwL.exe

Filesize
1.5MB

MD5
c7c2f36a032572b359e8c2cd1f9cba75

SHA1
9d571955ca378a7f97749539b96b87ea3873d261

SHA256
9abe15b6c540daffba1778ed7d84b008dd4fa0c7c812a4bc942749f7a1a0af92

SHA512
37ac9d239738198a4e3986cd754636a99854419772376edb9db6e216c0873e30b75348b5d9d9f6b9826ecbf809428d50940ef2b03ca3fa180b9b87f74fd44498

Download Submit
C:\Windows\System\eafveCG.exe

Filesize
1.5MB

MD5
feb519979ef43c22582890839d7a2571

SHA1
85bfae76c7d25876991bcf9d982dfebdf2998e61

SHA256
73d137e93d23ab54000d03acc881fc8d9dd0e274e9d30d900f21cf328e762818

SHA512
c78ea47c854a98ec9c7d471ba92f9972b4c17adf977f20d587c16a96f9a8876393e7e142521db3b4a5c612429ed8b38501b05cd1eba2b3e1748781718d1d9287

Download Submit
C:\Windows\System\hFfZDCU.exe

Filesize
1.5MB

MD5
e88d85b46d8e5d5b4cf235fa314e4de0

SHA1
664d718fd70abc346956f2c460056fcc8eb96a21

SHA256
d63bb00745c41dc588d8d016784de6963f926a47c9ee34642cc78ae56460348b

SHA512
b89681a78f401eccb63a6ec0108d81f40c8ae78861d85c203a905f6ef7a05adf00fe7f9e517766978ccfe870022b8593d39ef72a198809f08fd3f0b88146e449

Download Submit
C:\Windows\System\iPCHiqW.exe

Filesize
1.5MB

MD5
1aa4e61c6dd694a8b56ed1a6d52353da

SHA1
a3be62c34be9ce815e20ec4eb336ad2ed0fe3aa6

SHA256
3b17d526ff5cc5131a8814e11186385d19adc33cd4b748869bf78f4c80ecdb6e

SHA512
2a81f00cb004754978623e28cc26db9d4a39dbfc592e3262da29f87c90796b7a79c0bd2956e3494b1a3583be735edaa1ce4e596c6459cc5608b509113e07c68f

Download Submit
C:\Windows\System\itntaXA.exe

Filesize
1.5MB

MD5
09f8dea741b8cc0012a06d9fab5a639e

SHA1
3a827386d6a225a5570eaed253dbea94400ed2a5

SHA256
d8a8a495102181640d1904ee867c1d5cd2b01552e06888715b4f2384640cd788

SHA512
c7c5632bfb68a6044aa3dde9bb586cc46473e22f913986669bb093a73b233022dbb6708a2752bb26964d170117141e6ab896a4c87fcd6f200e62daeb9fca089a

Download Submit
C:\Windows\System\jIMKeHV.exe

Filesize
1.5MB

MD5
a9083ac03b6b7f98421d6a2c4969f2a4

SHA1
7a8d3cef27373afd6c68b48bbce599ae543312b6

SHA256
6b3a19536a75573f37d1160ab5ff22ee23ef03ed7bcb632199e9eadfbaff416b

SHA512
56a48a986f1bee9d2e856153d4120609c0435c4b8eac34aaa4a53826adbd15d8829c4b4408071561c898291cb46fa1c901215d77ee8a85282e8e279d0645a098

Download Submit
C:\Windows\System\ncSMWtP.exe

Filesize
1.5MB

MD5
9b115371e45a2394d236420ac84dc455

SHA1
8d5592a064f84ac1f70964af17174e3b6dab9b25

SHA256
0ec02274625bd9eb6b0b42bd02c22a473419bf4a0ee84e2597812c8103972413

SHA512
e87e3fb83298d5f5a7751db003e7b3b222a43adaf94d9c226aa16ad8ce1d6754a19a1ca1f9b4c642bb242afd38d959b0789d76f1f3c4cd6c0547d54ff3795711

Download Submit
C:\Windows\System\pxvaibu.exe

Filesize
1.5MB

MD5
a6d8d706bfbb1295006693c9579e76d8

SHA1
babf97097dac7696ec7a4ea3bd86f0bdb1f1f855

SHA256
d68c57302805a5976b7b139fdaf411671e6c39bc44161330efe2881f1b58d942

SHA512
62ab3580a5c82820d06d036febd74bacc4f6d3f54d6740e2d675c03c1e92c55a0a9096d9b76781abee792bee69ef6d6aeeb3e3ac06ae1dc416109c9c8ce3dfab

Download Submit
C:\Windows\System\qGhiqdR.exe

Filesize
1.5MB

MD5
a601fee8cdee20673fe6b6d78cbbcc14

SHA1
30fb674576d9d7f2d63f85aa44089dd7befa22dc

SHA256
4238d4bc55f4c668feb7ff1bda936b4a6e2cc085b830d3839cc51ad4a8b181ba

SHA512
16a1e18a9f8e5a79f5dc2ca71b02f2d0af020c2b384216c2f599884ad8275ceacf471870bf3acb037eaef9b92e6b7bf7f21689732895034cc38b320e3f7ee812

Download Submit
C:\Windows\System\qNLJmYw.exe

Filesize
1.5MB

MD5
6b5cfb2fb58916fa16b5ec4ea2da2779

SHA1
279949fedec27c9b60b3ddfc445e9d9a662fc4ca

SHA256
2c396b45719d3879c8dc3316a7b076f442eca1103abf0285cbbaa69f2f60c639

SHA512
302d9758521583db6facb03c3d851966c858ea23667b6502748a8e1c94e12a6344f6122f892266f12f7f3d89559e5d7d98dbb459f4b7798fdd56088eb2d354db

Download Submit
C:\Windows\System\sStoVsT.exe

Filesize
1.5MB

MD5
95bffde59722e2c125c898cd88f2d386

SHA1
1b8c55b6f7e0b475b6a5c5cbebebea960a21d194

SHA256
f00f679a8d8d5a4ba16f44ee442c9f513e84af18af2b70376a724a4cf4477bd7

SHA512
cf3a8decb69d207ccb467689c9e6fc2b8af19e27ab963575a800bc2348e1a5c704604ed4af3c33f5544e95e2a2bcfca0fb6ba77889873d8366c62a9b6a2b02fb

Download Submit
C:\Windows\System\tVofOKm.exe

Filesize
1.5MB

MD5
8359c3ae70bbac6c6fdd549c212417f6

SHA1
28e2dd83620dca2b0122e1bde64085fa39638ba7

SHA256
b2eb700bb4853fd92f0818b61c3e0df8b877013cb4246dc7f16bff25bdbd3647

SHA512
8e5391cf3b9b66879555690dbcc5051a86f63ef1c7d0ef84464982517690fb95c5e3d06768ce864239f23bd9503b07e224e0f23d1f878e77e1bedcd9dda4d5a2

Download Submit
C:\Windows\System\vRrStqQ.exe

Filesize
1.5MB

MD5
2501cfcc6745485b3c3d8b5296a3878b

SHA1
a285edb0aa9a78b966ff8b7f018b7ebe6fbcf08f

SHA256
f6ca20b533f266f2b57117fe79fd76bb54c6006fa45f0f9c5bd77cae511adafe

SHA512
ea0888ef8fcec1e1e3f0f1f4b9d591c0b35c989b4da44850d7744ee6a2b447091aad967f1fe4246a0be10e566eb1f3b58611c890365db6cb9c51611fa8387ccb

Download Submit
C:\Windows\System\vXsxXPG.exe

Filesize
1.5MB

MD5
2ecfeef61c7f24bacde71cd67f5d30e4

SHA1
781ecdc374600c60a12bcc3ace0ce551aa489842

SHA256
22c9f715b1811fe61a132deff3236de2e81b9aa46350aa666bd6bcbb5b865f75

SHA512
ad270a378cbbafdbbf259147bbcf52dfc9b3d1cb8f279847ae2bfbbcc9e61d2408a2068b2be05198cf1397e7733bdb16e0ec730445e3adf7a2b31fde6ae04026

Download Submit
C:\Windows\System\yKTxjzr.exe

Filesize
1.5MB

MD5
03a4d4483fa301df2b3af5498d970f6a

SHA1
9cc0a32419eadcc3fe5c421087c5b5e084fba12c

SHA256
4a5e18e33cf28612490c3e9a0aec5c4ca4c1b478305618e7b098a80e283caec2

SHA512
f6898923ce555a1bbb972707be6aa2f482871018918308b18bdd37efc4361fc655eec2dfb91ff5ff748bf62881f0dfe973a69fd4b714ea659d1f0b6738871758

Download Submit
C:\Windows\System\yMjGVkW.exe

Filesize
1.5MB

MD5
e9353d6cbd030771b97950f2a035f713

SHA1
ce9a5dfd581471f4fdf20aa032824f71edef9c4f

SHA256
a710ff46c56f143221588a93c3e54eaa5a1218fd49c1610a115b660a2c152d4d

SHA512
af6ee961c6097f229470f916a6767155ee1c499091a9313ffef6713a223c768ee3335785a0202e2279581c1582857a98ad8d09edcb02473e35bb91b760b10d4e

Download Submit
C:\Windows\System\yfCeMcC.exe

Filesize
1.5MB

MD5
9fa989afc77465da4dbe70fa8ef6f7d8

SHA1
d37e4c927375c85689049f8a974f71facec1fbc6

SHA256
5df6b74eba3e9577d472fa34c6928ae5c1bd9f0e646ca48a691f67a5efb0c093

SHA512
544e70a474612921b21d8f75c856049ef4cf3d66370ff74504df828a7c278d6af5e8e573af8bb0baeb8eef240a32963df7183d266bbef59f693c624f7639af53

Download Submit
C:\Windows\System\zLOwXKM.exe

Filesize
1.5MB

MD5
c5d9d672e9df5fa5f9cec7cb95545fd9

SHA1
0b7e55ee3a42f988f09c93b8b3584a6a572157f9

SHA256
1c50f66dac13d70714d262b355808dd146b5cd400880fd8c2de83c3cf711f891

SHA512
7e9098094a94ad215b605eb6ab94a1ab0fdefc36cbc852cbd581c9f77ff8be7fa43083783cee34b563f818cabfa1b76ce015e43ed7557168c6a25f36a064d67b

Download Submit
memory/2044-0-0x00000253B0790000-0x00000253B07A0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads